Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

win32security.AdjustTokenPrivileges

186 views
Skip to first unread message

Patrick Blanchette

unread,
Dec 5, 2000, 3:00:00 AM12/5/00
to
I,
I'd like to reboot a windows NT station using a Python script. It is
supposed to be possible using the Python extensions for Windows. I try
the following code but an exception is thrown after the call to
AdjustTokenPrivileges:
-----------------------------------------------
hProcess = GetCurrentProcess()
processToken = OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES |
TOKEN_QUERY)
procPrivValue = LookupPrivilegeValue (None, SE_SHUTDOWN_NAME)
AdjustTokenPrivileges (processToken, 0, (provValue, SE_PRIVILEGE_ENABLED) )
ExitWindowsEx(EWX_REBOOT | EWX_FORCE, 0)
-->
Traceback (innermost last):
File "<interactive input>", line 1, in ?
TypeError: A TOKEN_PRIVILEGES object must be a tuple of (LARGE_INTEGER, int)
-----------------------------------------------

How should I use the AdjustTokenPrivileges function?

thank


Patrick Blanchette

unread,
Dec 5, 2000, 3:00:00 AM12/5/00
to

thanks


Carlo Bertuccini

unread,
Dec 5, 2000, 3:00:00 AM12/5/00
to
Hi Patrick,

> hProcess = GetCurrentProcess()
> processToken = OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES |
> TOKEN_QUERY)

There is something strange in your code ... this is the declaration of
OpenProcessToken:

BOOL OpenProcessToken(
HANDLE ProcessHandle, // handle to process
DWORD DesiredAccess, // desired access to process
PHANDLE TokenHandle // pointer to handle of open access token
);

The "ProcessToken" is not the Token Handle, but a boolean value: the result
of the function.
The AdjustTokenPrivileges needs the real Token Handle in order to set the
new privileges.

Regards,
--
- Carlo -
c.b...@libero.it

Jonathan Gilligan

unread,
Dec 5, 2000, 3:00:00 AM12/5/00
to
In your code, there are two things: First, you have a
typo---"provValue" where you mean "procPrivValue" and second (I don't
know if it makes a difference) you have

AdjustTokenPrivileges (processToken, 0, (provValue,
SE_PRIVILEGE_ENABLED) )

where I have the equivalent of

AdjustTokenPrivileges (processToken, 0, [(provValue,
SE_PRIVILEGE_ENABLED) ])

(i.e., you pass a tuple for parameter 3, where I pass a list
containing a single tuple).

Here is some code I use that successfully reboots a remote computer:

import win32net, win32netcon, win32security, ntsecuritycon, win32api
import pythoncom
import sys, time

privilegeShutdown = ntsecuritycon.SE_REMOTE_SHUTDOWN_NAME
# fill in the name of the server you want to reboot (it can be remote)
ServerName = "\\\\TargetServer"

debug = 1

def trace(msg):
if debug:
print msg


#
# The code below is largely stolen from Mark Hammond's
# "Programming Win32 with Python," (O'Reilly, 2000).
# If you don't have this book, you should buy it!
#
# This blatant advertisement placed here by Jonathan Gilligan
#
def AdjustPrivilege(priv, enable = 1):
# get the process token
flags = ntsecuritycon.TOKEN_ADJUST_PRIVILEGES |
ntsecuritycon.TOKEN_QUERY
htoken =
win32security.OpenProcessToken(win32api.GetCurrentProcess(), flags)
# Get the id fof the system shutdown privilege
id = win32security.LookupPrivilegeValue(None, priv)
#
#
if enable:
trace(("Enabling privilege %s" % priv))
try:
newPrivileges = [(id, ntsecuritycon.SE_PRIVILEGE_ENABLED)]
except pythoncom.com_error, (hr, msg, exc, arg):
trace("Failed with code %d: %s. " % (hr, msg))
if (exc == None):
trace("There is no extended error information")
else:
wcode, source, text, helpFile, helpId, scode = exc
trace("The source of the error is %s, the message is
\"%s\", More info can be found in %s (id-%d)"
% (source, text, helpFile,helpId))
except win32net.error:
trace("Failed: '%s' = %s" % (sys.exc_info()[:2]))
except:
trace("Failed.")
else:
trace("Succeeded.")
else:
trace("Disabling privilege %s" % priv)
try:
newPrivileges = [(id, 0)]
except pythoncom.com_error, (hr, msg, exc, arg):
trace("Failed with code %d: %s. " % (hr, msg))
if (exc == None):
trace("There is no extended error information")
else:
wcode, source, text, helpFile, helpId, scode = exc
trace("The source of the error is %s, the message is
\"%s\", More info can be found in %s (id-%d)"
% (source, text, helpFile,helpId))
except win32net.error:
trace("Failed: '%s' = %s" % (sys.exc_info()[:2]))
except:
trace("Failed.")
else:
trace("Succeeded.")
win32security.AdjustTokenPrivileges(htoken, 0, newPrivileges)

def RebootServer(message = "Server Rebooting", timeout = 120, bForce =
0, bReboot = 1):
trace("Preparing to reboot server")
AdjustPrivilege(privilegeShutdown)
try:
win32api.InitiateSystemShutdown(ServerName, message, timeout,
bForce, bReboot)
except pythoncom.com_error, (hr, msg, exc, arg):
trace("Failed with code %d: %s. " % (hr, msg))
if (exc == None):
trace("There is no extended error information")
else:
wcode, source, text, helpFile, helpId, scode = exc
trace("The source of the error is %s, the message is
\"%s\", More info can be found in %s (id-%d)"
% (source, text, helpFile,helpId))
except win32net.error:
trace("Failed: '%s' = %s" % (sys.exc_info()[:2]))
except:
trace("Failed.")
else:
trace("Succeeded.")
AdjustPrivilege(privilegeShutdown, 0)

def AbortReboot():
AdjustPrivilege(privilegeShutdown)
trace("Aborting reboot on %s" % ServerName)
try:
win32api.AbortSystemShutdown(ServerName)
except pythoncom.com_error, (hr, msg, exc, arg):
trace("Failed with code %d: %s. " % (hr, msg))
if (exc == None):
trace("There is no extended error information")
else:
wcode, source, text, helpFile, helpId, scode = exc
trace("The source of the error is %s, the message is
\"%s\", More info can be found in %s (id-%d)"
% (source, text, helpFile,helpId))
except win32net.error:
trace("Failed: '%s' = %s" % (sys.exc_info()[:2]))
except:
trace("Failed.")
else:
trace("Succeeded.")
AdjustPrivilege(privilegeShutdown, 0)

#
# Set the timeout to whatever timeout you want to give the user on the
target
# workstation to shut down his work before you reboot.
#
tmout = 120
message = "Preparing to reboot server. You have %d seconds to finish
your work before the reboot."
RebootServer(message, timeout=tmout)

"Patrick Blanchette" <pblan...@pixelsystems.com> wrote in message
news:3A2D3521...@pixelsystems.com...


> I,
> I'd like to reboot a windows NT station using a Python script.
It is
> supposed to be possible using the Python extensions for Windows. I
try
> the following code but an exception is thrown after the call to
> AdjustTokenPrivileges:
> -----------------------------------------------

> hProcess = GetCurrentProcess()
> processToken = OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES |
> TOKEN_QUERY)

Patrick Blanchette

unread,
Dec 5, 2000, 3:00:00 AM12/5/00
to
In fact, the declaration of OpenProcessToken in the Python extensions for Windows is :
int = OpenProcessToken( processHandle, desiredAccess ).
I suppose the integer returns is the token handle.

Regards

Carlo Bertuccini wrote:
Hi Patrick,

hProcess = GetCurrentProcess()
processToken = OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES |
TOKEN_QUERY)

Mark Hammond

unread,
Dec 5, 2000, 3:00:00 AM12/5/00
to
Patrick Blanchette wrote:

> procPrivValue = LookupPrivilegeValue (None, SE_SHUTDOWN_NAME)
> AdjustTokenPrivileges (processToken, 0, (provValue, SE_PRIVILEGE_ENABLED) )
> ExitWindowsEx(EWX_REBOOT | EWX_FORCE, 0)
> -->
> Traceback (innermost last):
> File "<interactive input>", line 1, in ?
> TypeError: A TOKEN_PRIVILEGES object must be a tuple of (LARGE_INTEGER,
> int)

The error message is telling you the problem, but not very well :-)

The function expects a list of tuples. So, for example, you code should
work with:

AdjustTokenPrivileges (processToken, 0, [(provValue,SE_PRIVILEGE_ENABLED)] )

I actually provide this exact example in Programming Python on Win32.

Mark.


0 new messages