0

EDITED FOR CLARITY:

We are using 3rd party software that is supposed to invoke a Python script (that I must create). This script sends values such as sender-ip=10.10.10.10 and the script is supposed to return the userId

This 3rd party software claims if we create a credential file, it will run that Python script using the elevated credentials.

So far, this 3rd party software has IGNORED the credentials file, hence the Python script runs with regular user credentials and does not give the desired output.

When I manually run the Python script using command prompt with elevated credentials, then it works.

I am under pressure to get the 3rd party software and the Python script to "play nice", so I must hardcode the elevated credentials in the script even though I was warned this is not good programming practice.

AND, I must be able to invoke the script by executing

C:\> python myscript.py sender-ip=10.10.10.10

Below is the code

import sys, subprocess, socket, string
import wmi, win32api, win32con

for args in [item.strip('sender-ip=') for item in sys.argv[1:]]:

    userIP = args
    userloggedon = ""

    # subprocess
    ping = subprocess.Popen(
        ["ping", "-n", "1", userIP],
        stdout = subprocess.PIPE,
        stderr = subprocess.PIPE
    )

    # can we ping the user's IP address?
    out, error = ping.communicate()

    # if we cannot ping user's IP address then userID is the error message, and exit
    if out.find("Reply from") == -1:
        errorMessage = "HOST unreachable."
        print 'errorMsg={}'.format(errorMessage)
        sys.exit()

    # if we cannot access wmi of user's IP address then userID is the error message, and exit
    try:
        c = wmi.WMI(userIP)
    except: 
        errorMessage= "WMI unreachable"
        print 'errorMsg={}'.format(errorMessage)
        sys.exit()

    # perform system lookup of IP address
    user_list = []
    for us in c.Win32_LogonSession():
        try:
            for user in us.references("Win32_LoggedOnUser"):
                user_logins = user.Antecedent.Domain + "\\" + user.Antecedent.Name
                user_list.append(user_logins)

        except:
            pass

    userloggedon = user_list[0] 
    print 'userId={}'.format(userloggedon)
Glowie
  • 2,271
  • 21
  • 60
  • 104
  • If I'm understanding you correctly, you want this to be locked down via system credentials. As far as I know, you can't do that within the script itself (without being rather ridiculous with your program flow) – wnnmaw May 14 '14 at 13:16
  • @wnnmaw ---- what do you mean by "ridiculous with your program flow" – Glowie May 14 '14 at 13:28
  • ***PLEASE DON'T DO THIS***, but you could launch the program, have it check to see if its permissions are up to snuff, if not, change them, and relaunch itself. But again, THIS IS A TERRIBLE IDEA AND WILL MAKE YOUR CODE AWFUL (also probably very buggy) – wnnmaw May 14 '14 at 13:34
  • @wnnmaw ---- I don't want to do this .... Unfortunately this code is interoperating with 3rd party software that cannot read elevated credentials as they claim to .... and I'm under pressure to have both components playing nicely at the earliest ...... – Glowie May 14 '14 at 13:36
  • If you can give a little more information about what you want (by editing your post), maybe someone can figure out a way around – wnnmaw May 14 '14 at 13:37
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/52761/discussion-between-glowie-and-wnnmaw) – Glowie May 15 '14 at 13:15
  • 1
    Consider checking out [this question](http://stackoverflow.com/questions/1861836/checking-file-permissions-in-linux-with-python) – wnnmaw May 15 '14 at 14:37

0 Answers0