New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[getpass] Implement a "strict" mode for getuser() #90789
Comments
The implementation of For the fallback on Windows, the For example, assuming that def getuser(strict=False):
"""Get the username from the environment or password database.
First try various environment variables. If strict, check only LOGNAME
on POSIX and only USERNAME on Windows. As a fallback, on POSIX get the
user name from the password database, and on Windows get the user name
from the logon session of the current process.
"""
posix = sys.platform != 'win32'
if strict:
names = ('LOGNAME',) if posix else ('USERNAME',)
else:
names = ('LOGNAME', 'USER', 'LNAME', 'USERNAME')
for name in names:
if user := os.environ.get(name):
return user
if posix:
import pwd
return pwd.getpwuid(os.getuid())[0]
import _winapi
logon_id = _winapi.GetTokenInformation(
_winapi.GetCurrentProcessToken(),
_winapi.TokenStatistics)['AuthenticationId']
return _winapi.LsaGetLogonSessionData(logon_id)['UserName'] Like WinAPI Unlike Footnotes |
Here's an example for the suggested changes to Include these headers: #include <ntsecapi.h> // LsaGetLogonSessionData
#include <subauth.h> // STATUS_SUCCESS Add these argument-clinic macros to _WINAPI_GETCURRENTPROCESSTOKEN_METHODDEF
_WINAPI_GETTOKENINFORMATION_METHODDEF
_WINAPI_LSAGETLOGONSESSIONDATA_METHODDEF Add WINAPI_CONSTANT(F_DWORD, TokenStatistics); Add the wrapped functions: /*[clinic input]
_winapi.GetCurrentProcessToken -> HANDLE
Return a handle for the access token of the current process.
[clinic start generated code]*/
static HANDLE
_winapi_GetCurrentProcessToken_impl(PyObject *module)
/*[clinic end generated code: output=cf8e8e20dd41dd6e input=73a282cf3718af9e]*/
{
return GetCurrentProcessToken();
} /*[clinic input]
_winapi.GetTokenInformation
handle: HANDLE
information_class: unsigned_long
/
Get information from an access token.
[clinic start generated code]*/
static PyObject *
_winapi_GetTokenInformation_impl(PyObject *module, HANDLE handle,
unsigned long information_class)
/*[clinic end generated code: output=caecec0a25658348 input=b277ad2414f1b03e]*/
{
if (information_class != TokenStatistics) {
return PyErr_Format(
PyExc_NotImplementedError,
"Unsupported information class: %d",
information_class);
}
DWORD returned_size;
TOKEN_STATISTICS info;
if (!GetTokenInformation(handle, information_class, &info, sizeof(info),
&returned_size)) {
return PyErr_SetFromWindowsErr(0);
}
PyObject *result = PyDict_New();
if (!result) {
return NULL;
}
PyObject *value = PyLong_FromUnsignedLongLong(
(((uint64_t)info.AuthenticationId.HighPart) << 32) +
info.AuthenticationId.LowPart);
if (!value) {
goto error;
}
if (PyDict_SetItemString(result, "AuthenticationId", value) < 0) {
Py_DECREF(value);
goto error;
}
Py_DECREF(value);
return result;
error:
Py_CLEAR(result);
return NULL;
} /*[clinic input]
_winapi.LsaGetLogonSessionData
logon_id: unsigned_long_long
/
Get data for the logon session identified by logon_id.
[clinic start generated code]*/
static PyObject *
_winapi_LsaGetLogonSessionData_impl(PyObject *module,
unsigned long long logon_id)
/*[clinic end generated code: output=680ac7725ef34527 input=01ff4216b89d01ef]*/
{
SECURITY_LOGON_SESSION_DATA *pdata;
LUID logon_luid;
logon_luid.HighPart = logon_id >> 32;
logon_luid.LowPart = logon_id & 0xFFFFFFFF;
NTSTATUS status = LsaGetLogonSessionData(&logon_luid, &pdata);
if (status != STATUS_SUCCESS) {
return PyErr_SetFromWindowsErr(LsaNtStatusToWinError(status));
}
PyObject *result = PyDict_New();
if (!result) {
goto error;
}
PyObject *value = PyUnicode_FromWideChar(pdata->UserName.Buffer,
pdata->UserName.Length / sizeof(WCHAR));
if (!value) {
goto error;
}
if (PyDict_SetItemString(result, "UserName", value) < 0) {
Py_DECREF(value);
goto error;
}
Py_DECREF(value);
LsaFreeReturnBuffer(pdata);
return result;
error:
LsaFreeReturnBuffer(pdata);
Py_CLEAR(result);
return NULL;
} |
I suggest not adding a strict mode but just improving the behavior without that conditional. |
We've dropped non-standard environment variables before, and I'm not sure it's worth it. People have definitely found a need to override what some Python library thinks their username is, and chances are the lie is more useful than the truth. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: