Skip to content

Commit

Permalink
fix: change windows logon type from NETWORK to INTERACTIVE
Browse files Browse the repository at this point in the history
Problem:

Some applications have security controls that restrict what a network
logon user can do, but do not have such restrictions for interactive
logons.

Solution:

Change the win32 logon kind from NETWORK to INTERACTIVE. NETWORK was
oridinally chosen as it was believed that it was required for the logon
to have access to network shares, but INTERACTIVE grants the same
access so this should be a safe change.

Signed-off-by: Daniel Neilson <53624638+ddneilson@users.noreply.github.com>
  • Loading branch information
ddneilson committed Mar 21, 2024
1 parent 0d8e3de commit a261507
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion src/deadline_worker_agent/installer/win_installer.py
Original file line number Diff line number Diff line change
Expand Up @@ -200,7 +200,7 @@ def ensure_user_profile_exists(username: str, password: str):
# https://timgolden.me.uk/pywin32-docs/win32security__LogonUser_meth.html
logon_token = win32security.LogonUser(
Username=username,
LogonType=win32security.LOGON32_LOGON_NETWORK_CLEARTEXT,
LogonType=win32security.LOGON32_LOGON_INTERACTIVE,
LogonProvider=win32security.LOGON32_PROVIDER_DEFAULT,
Password=password,
Domain=None,
Expand Down
4 changes: 2 additions & 2 deletions src/deadline_worker_agent/windows/win_credentials_resolver.py
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
from pywintypes import HANDLE as PyHANDLE
from win32security import (
LogonUser,
LOGON32_LOGON_NETWORK_CLEARTEXT,
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
)
from win32profile import LoadUserProfile, PI_NOUI, UnloadUserProfile
Expand Down Expand Up @@ -214,7 +214,7 @@ def get_windows_session_user(self, user: str, passwordArn: str) -> WindowsSessio
# https://timgolden.me.uk/pywin32-docs/win32profile__LoadUserProfile_meth.html
logon_token = LogonUser(
Username=user,
LogonType=LOGON32_LOGON_NETWORK_CLEARTEXT,
LogonType=LOGON32_LOGON_INTERACTIVE,
LogonProvider=LOGON32_PROVIDER_DEFAULT,
Password=password,
Domain=None,
Expand Down
2 changes: 1 addition & 1 deletion test/unit/install/test_windows_installer.py
Original file line number Diff line number Diff line change
Expand Up @@ -238,7 +238,7 @@ def test_loads_user_profile(
# THEN
mock_LogonUser.assert_called_once_with(
Username=username,
LogonType=win32security.LOGON32_LOGON_NETWORK_CLEARTEXT,
LogonType=win32security.LOGON32_LOGON_INTERACTIVE,
LogonProvider=win32security.LOGON32_PROVIDER_DEFAULT,
Password=password,
Domain=None,
Expand Down

0 comments on commit a261507

Please sign in to comment.