Link to home
Start Free TrialLog in
Avatar of aquila98
aquila98

asked on

How to login as another user within a .exe file ???

Hello,

Here is my problem:
I need to ship a .exe file that will allow my users across
the network to access special directories with files...
I'd like to access to be specified in a database but this
means that all users have rights to list the content
of the directories, and then for each file I'll check
to see if they can see it, open it etc. from the database...

My idea is to put the files in a network folder protected
with NT user rights. And no one could open the files in
that directory... Except if you use my application which
would "become" an authorized user, then the content would
be visible (according to user rights kept in the database)...

But for this to work, I need to be able to switch logon
user context within a .exe file and so far I failed
miserably, so this is why I turn to you, experts ;-)

I downloaded the exemple from msdn that was using
StartInteractiveClientProcess and I tried to fiddle
with it and get it to actually change user login info
but it does not work. I use it to execute a simple
.exe files that list the content of the protected network
directory. A "normal user" can't list anything, but the
software is supposed to login as a "domain admin" so if
it handles the switch correctly the .exe should be able to
list the content without any problem. That way I'll know
it works! And of course it does not!!!

The call that fail when it is ececuted by a "normal user"
is: GetLogonSID

What rights should the user have for this call to succeed?
Do you have ANY ideas as to what is wrong with the code?
Is there a better way to do this???
I would just need a simple function like:
bool BecomeUser(UserName, DomainName, Password, Command);
or better yet
bool BecomeUser(userName, DomainName, Password);
and the rest of the code would get executed with the
rights of that user!!!

Is this possible with NT 4 sp6a ??????

Thanks for any hints



Here is the full code from msdn, I include it just for
reference, it is rather long...
#define DESKTOP_ALL (DESKTOP_READOBJECTS | DESKTOP_CREATEWINDOW | \
DESKTOP_CREATEMENU | DESKTOP_HOOKCONTROL | \
DESKTOP_JOURNALRECORD | DESKTOP_JOURNALPLAYBACK | \
DESKTOP_ENUMERATE | DESKTOP_WRITEOBJECTS | \
DESKTOP_SWITCHDESKTOP | STANDARD_RIGHTS_REQUIRED)

#define WINSTA_ALL (WINSTA_ENUMDESKTOPS | WINSTA_READATTRIBUTES | \
WINSTA_ACCESSCLIPBOARD | WINSTA_CREATEDESKTOP | \
WINSTA_WRITEATTRIBUTES | WINSTA_ACCESSGLOBALATOMS | \
WINSTA_EXITWINDOWS | WINSTA_ENUMERATE | \
WINSTA_READSCREEN | \
STANDARD_RIGHTS_REQUIRED)

#define GENERIC_ACCESS (GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL)

BOOL AddAceToWindowStation(HWINSTA hwinsta, PSID psid)
{
   ACCESS_ALLOWED_ACE   *pace;
   ACL_SIZE_INFORMATION aclSizeInfo;
   BOOL                 bDaclExist;
   BOOL                 bDaclPresent;
   BOOL                 bSuccess = FALSE;
   DWORD                dwNewAclSize;
   DWORD                dwSidSize = 0;
   DWORD                dwSdSizeNeeded;
   PACL                 pacl;
   PACL                 pNewAcl;
   PSECURITY_DESCRIPTOR psd = NULL;
   PSECURITY_DESCRIPTOR psdNew = NULL;
   PVOID                pTempAce;
   SECURITY_INFORMATION si = DACL_SECURITY_INFORMATION;
   unsigned int         i;

   __try
   {
      // Obtain the DACL for the window station.

      if (!GetUserObjectSecurity(
             hwinsta,
             &si,
             psd,
             dwSidSize,
             &dwSdSizeNeeded)
      )
      if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
      {
         psd = (PSECURITY_DESCRIPTOR)HeapAlloc(
               GetProcessHeap(),
               HEAP_ZERO_MEMORY,
               dwSdSizeNeeded);

         if (psd == NULL)
              {
                  LPVOID lpMsgBuf= NULL;

                  FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                          NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                          (LPTSTR) &lpMsgBuf,      0,      NULL);
                  ReportError("AddAceToWindowStation(HeapAlloc psd) returns :");
                  ReportError((char*)lpMsgBuf);
                  LocalFree( lpMsgBuf );
                   __leave;
              }

         psdNew = (PSECURITY_DESCRIPTOR)HeapAlloc(
               GetProcessHeap(),
               HEAP_ZERO_MEMORY,
               dwSdSizeNeeded);

         if (psdNew == NULL)
              {
                  LPVOID lpMsgBuf= NULL;

                  FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                          NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                          (LPTSTR) &lpMsgBuf,      0,      NULL);
                  ReportError("AddAceToWindowStation(HeapAlloc psdNew) returns :");
                  ReportError((char*)lpMsgBuf);
                  LocalFree( lpMsgBuf );
                   __leave;
              }

         dwSidSize = dwSdSizeNeeded;

         if (!GetUserObjectSecurity(
               hwinsta,
               &si,
               psd,
               dwSidSize,
               &dwSdSizeNeeded)
         )
              {
                  LPVOID lpMsgBuf= NULL;

                  FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                          NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                          (LPTSTR) &lpMsgBuf,      0,      NULL);
                  ReportError("AddAceToWindowStation(GetUserObjectSecurity) returns :");
                  ReportError((char*)lpMsgBuf);
                  LocalFree( lpMsgBuf );
                   __leave;
              }
      }
      else
        {
            LPVOID lpMsgBuf= NULL;

            FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                    NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                    (LPTSTR) &lpMsgBuf,      0,      NULL);
            ReportError("AddAceToWindowStation(GetUserObjectSecurity) returns :");
            ReportError((char*)lpMsgBuf);
            LocalFree( lpMsgBuf );
             __leave;
        }

      // Create a new DACL.

      if (!InitializeSecurityDescriptor(
            psdNew,
            SECURITY_DESCRIPTOR_REVISION)
      )
        {
            LPVOID lpMsgBuf= NULL;

            FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                    NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                    (LPTSTR) &lpMsgBuf,      0,      NULL);
            ReportError("AddAceToWindowStation(InitializeSecurityDescriptor) returns :");
            ReportError((char*)lpMsgBuf);
            LocalFree( lpMsgBuf );
             __leave;
        }

      // Get the DACL from the security descriptor.

      if (!GetSecurityDescriptorDacl(
            psd,
            &bDaclPresent,
            &pacl,
            &bDaclExist)
      )
        {
            LPVOID lpMsgBuf= NULL;

            FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                    NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                    (LPTSTR) &lpMsgBuf,      0,      NULL);
            ReportError("AddAceToWindowStation(GetSecurityDescriptorDacl) returns :");
            ReportError((char*)lpMsgBuf);
            LocalFree( lpMsgBuf );
             __leave;
        }

      // Initialize the ACL.

      ZeroMemory(&aclSizeInfo, sizeof(ACL_SIZE_INFORMATION));
      aclSizeInfo.AclBytesInUse = sizeof(ACL);

      // Call only if the DACL is not NULL.

      if (pacl != NULL)
      {
         // get the file ACL size info
         if (!GetAclInformation(
               pacl,
               (LPVOID)&aclSizeInfo,
               sizeof(ACL_SIZE_INFORMATION),
               AclSizeInformation)
         )
              {
                  LPVOID lpMsgBuf= NULL;

                  FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                          NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                          (LPTSTR) &lpMsgBuf,      0,      NULL);
                  ReportError("AddAceToWindowStation(GetAclInformation) returns :");
                  ReportError((char*)lpMsgBuf);
                  LocalFree( lpMsgBuf );
                   __leave;
              }
      }

      // Compute the size of the new ACL.

      dwNewAclSize = aclSizeInfo.AclBytesInUse + (2*sizeof(ACCESS_ALLOWED_ACE)) +
(2*GetLengthSid(psid)) - (2*sizeof(DWORD));

      // Allocate memory for the new ACL.

      pNewAcl = (PACL)HeapAlloc(
            GetProcessHeap(),
            HEAP_ZERO_MEMORY,
            dwNewAclSize);

      if (pNewAcl == NULL)
              {
                  LPVOID lpMsgBuf= NULL;

                  FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                          NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                          (LPTSTR) &lpMsgBuf,      0,      NULL);
                  ReportError("AddAceToWindowStation(HeapAlloc pNewAcl) returns :");
                  ReportError((char*)lpMsgBuf);
                  LocalFree( lpMsgBuf );
                   __leave;
              }
      // Initialize the new DACL.

      if (!InitializeAcl(pNewAcl, dwNewAclSize, ACL_REVISION))
              {
                  LPVOID lpMsgBuf= NULL;

                  FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                          NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                          (LPTSTR) &lpMsgBuf,      0,      NULL);
                  ReportError("AddAceToWindowStation(InitializeAcl pNewAcl) returns :");
                  ReportError((char*)lpMsgBuf);
                  LocalFree( lpMsgBuf );
                   __leave;
              }

      // If DACL is present, copy it to a new DACL.

      if (bDaclPresent)
      {
         // Copy the ACEs to the new ACL.
         if (aclSizeInfo.AceCount)
         {
            for (i=0; i < aclSizeInfo.AceCount; i++)
            {
               // Get an ACE.
               if (!GetAce(pacl, i, &pTempAce))
                          {
                              LPVOID lpMsgBuf= NULL;

                              FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                                      NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                                      (LPTSTR) &lpMsgBuf,      0,      NULL);
                              ReportError("AddAceToWindowStation(GetAce) returns :");
                              ReportError((char*)lpMsgBuf);
                              LocalFree( lpMsgBuf );
                               __leave;
                          }
               // Add the ACE to the new ACL.
               if (!AddAce(
                     pNewAcl,
                     ACL_REVISION,
                     MAXDWORD,
                     pTempAce,
                    ((PACE_HEADER)pTempAce)->AceSize)
               )
                          {
                              LPVOID lpMsgBuf= NULL;

                              FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                                      NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                                      (LPTSTR) &lpMsgBuf,      0,      NULL);
                              ReportError("AddAceToWindowStation(AddAce) returns :");
                              ReportError((char*)lpMsgBuf);
                              LocalFree( lpMsgBuf );
                               __leave;
                          }
            }
         }
      }

      // Add the first ACE to the window station.

      pace = (ACCESS_ALLOWED_ACE *)HeapAlloc(
            GetProcessHeap(),
            HEAP_ZERO_MEMORY,
            sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(psid) -
                  sizeof(DWORD));

      if (pace == NULL)
        {
            LPVOID lpMsgBuf= NULL;

            FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                    NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                    (LPTSTR) &lpMsgBuf,      0,      NULL);
            ReportError("AddAceToWindowStation(HeapAlloc pace) returns :");
            ReportError((char*)lpMsgBuf);
            LocalFree( lpMsgBuf );
             __leave;
        }

      pace->Header.AceType  = ACCESS_ALLOWED_ACE_TYPE;
      pace->Header.AceFlags = CONTAINER_INHERIT_ACE |
                   INHERIT_ONLY_ACE | OBJECT_INHERIT_ACE;
      pace->Header.AceSize  = sizeof(ACCESS_ALLOWED_ACE) +
                   GetLengthSid(psid) - sizeof(DWORD);
      pace->Mask            = GENERIC_ACCESS;

      if (!CopySid(GetLengthSid(psid), &pace->SidStart, psid))
        {
            LPVOID lpMsgBuf= NULL;

            FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                    NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                    (LPTSTR) &lpMsgBuf,      0,      NULL);
            ReportError("AddAceToWindowStation(CopySid) returns :");
            ReportError((char*)lpMsgBuf);
            LocalFree( lpMsgBuf );
             __leave;
        }

      if (!AddAce(
            pNewAcl,
            ACL_REVISION,
            MAXDWORD,
            (LPVOID)pace,
            pace->Header.AceSize)
      )
        {
            LPVOID lpMsgBuf= NULL;

            FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                    NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                    (LPTSTR) &lpMsgBuf,      0,      NULL);
            ReportError("AddAceToWindowStation(AddAce pNewAcl) returns :");
            ReportError((char*)lpMsgBuf);
            LocalFree( lpMsgBuf );
             __leave;
        }
      // Add the second ACE to the window station.

      pace->Header.AceFlags = NO_PROPAGATE_INHERIT_ACE;
      pace->Mask            = WINSTA_ALL;

      if (!AddAce(
            pNewAcl,
            ACL_REVISION,
            MAXDWORD,
            (LPVOID)pace,
            pace->Header.AceSize)
      )
        {
            LPVOID lpMsgBuf= NULL;

            FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                    NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                    (LPTSTR) &lpMsgBuf,      0,      NULL);
            ReportError("AddAceToWindowStation(AddAce pNewAcl2) returns :");
            ReportError((char*)lpMsgBuf);
            LocalFree( lpMsgBuf );
             __leave;
        }

      // Set a new DACL for the security descriptor.

      if (!SetSecurityDescriptorDacl(
            psdNew,
            TRUE,
            pNewAcl,
            FALSE)
      )
        {
            LPVOID lpMsgBuf= NULL;

            FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                    NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                    (LPTSTR) &lpMsgBuf,      0,      NULL);
            ReportError("AddAceToWindowStation(SetSecurityDescriptorDacl) returns :");
            ReportError((char*)lpMsgBuf);
            LocalFree( lpMsgBuf );
             __leave;
        }

      // Set the new security descriptor for the window station.

      if (!SetUserObjectSecurity(hwinsta, &si, psdNew))
        {
            LPVOID lpMsgBuf= NULL;

            FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                    NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                    (LPTSTR) &lpMsgBuf,      0,      NULL);
            ReportError("AddAceToWindowStation(SetUserObjectSecurity) returns :");
            ReportError((char*)lpMsgBuf);
            LocalFree( lpMsgBuf );
             __leave;
        }
      // Indicate success.

      bSuccess = TRUE;
   }
   __finally
   {
      // Free the allocated buffers.

      if (pace != NULL)
         HeapFree(GetProcessHeap(), 0, (LPVOID)pace);

      if (pNewAcl != NULL)
         HeapFree(GetProcessHeap(), 0, (LPVOID)pNewAcl);

      if (psd != NULL)
         HeapFree(GetProcessHeap(), 0, (LPVOID)psd);

      if (psdNew != NULL)
         HeapFree(GetProcessHeap(), 0, (LPVOID)psdNew);
   }

   return bSuccess;

}

BOOL AddAceToDesktop(HDESK hdesk, PSID psid)
{
   ACL_SIZE_INFORMATION aclSizeInfo;
   BOOL                 bDaclExist;
   BOOL                 bDaclPresent;
   BOOL                 bSuccess = FALSE;
   DWORD                dwNewAclSize;
   DWORD                dwSidSize = 0;
   DWORD                dwSdSizeNeeded;
   PACL                 pacl;
   PACL                 pNewAcl;
   PSECURITY_DESCRIPTOR psd = NULL;
   PSECURITY_DESCRIPTOR psdNew = NULL;
   PVOID                pTempAce;
   SECURITY_INFORMATION si = DACL_SECURITY_INFORMATION;
   unsigned int         i;

   __try
   {
      // Obtain the security descriptor for the desktop object.

      if (!GetUserObjectSecurity(
            hdesk,
            &si,
            psd,
            dwSidSize,
            &dwSdSizeNeeded))
      {
         if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
         {
            psd = (PSECURITY_DESCRIPTOR)HeapAlloc(
                  GetProcessHeap(),
                  HEAP_ZERO_MEMORY,
                  dwSdSizeNeeded );

            if (psd == NULL)
                    {
                        LPVOID lpMsgBuf= NULL;

                        FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                                NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                                (LPTSTR) &lpMsgBuf,      0,      NULL);
                        ReportError("AddAceToDesktop(HeapAlloc) returns :");
                        ReportError((char*)lpMsgBuf);
                        LocalFree( lpMsgBuf );
                         __leave;
                    }

            psdNew = (PSECURITY_DESCRIPTOR)HeapAlloc(
                  GetProcessHeap(),
                  HEAP_ZERO_MEMORY,
                  dwSdSizeNeeded);

            if (psdNew == NULL)
                    {
                        LPVOID lpMsgBuf= NULL;

                        FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                                NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                                (LPTSTR) &lpMsgBuf,      0,      NULL);
                        ReportError("AddAceToDesktop(HeapAlloc psdNew) returns :");
                        ReportError((char*)lpMsgBuf);
                        LocalFree( lpMsgBuf );
                         __leave;
                    }

            dwSidSize = dwSdSizeNeeded;

            if (!GetUserObjectSecurity(
                  hdesk,
                  &si,
                  psd,
                  dwSidSize,
                  &dwSdSizeNeeded)
            )
                    {
                        LPVOID lpMsgBuf= NULL;

                        FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                                NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                                (LPTSTR) &lpMsgBuf,      0,      NULL);
                        ReportError("AddAceToDesktop(GetUserObjectSecurity) returns :");
                        ReportError((char*)lpMsgBuf);
                        LocalFree( lpMsgBuf );
                         __leave;
                    }
         }
         else
              {
                  LPVOID lpMsgBuf= NULL;

                  FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                          NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                          (LPTSTR) &lpMsgBuf,      0,      NULL);
                  ReportError("AddAceToDesktop(GetUserObjectSecurity) returns :");
                  ReportError((char*)lpMsgBuf);
                  LocalFree( lpMsgBuf );
                   __leave;
              }
      }

      // Create a new security descriptor.

      if (!InitializeSecurityDescriptor(
            psdNew,
            SECURITY_DESCRIPTOR_REVISION)
      )
        {
            LPVOID lpMsgBuf= NULL;

            FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                    NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                    (LPTSTR) &lpMsgBuf,      0,      NULL);
            ReportError("AddAceToDesktop(InitializeSecurityDescriptor) returns :");
            ReportError((char*)lpMsgBuf);
            LocalFree( lpMsgBuf );
             __leave;
        }

      // Obtain the DACL from the security descriptor.

      if (!GetSecurityDescriptorDacl(
            psd,
            &bDaclPresent,
            &pacl,
            &bDaclExist)
      )
        {
            LPVOID lpMsgBuf= NULL;

            FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                    NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                    (LPTSTR) &lpMsgBuf,      0,      NULL);
            ReportError("AddAceToDesktop(GetSecurityDescriptorDacl) returns :");
            ReportError((char*)lpMsgBuf);
            LocalFree( lpMsgBuf );
             __leave;
        }

      // Initialize.

      ZeroMemory(&aclSizeInfo, sizeof(ACL_SIZE_INFORMATION));
      aclSizeInfo.AclBytesInUse = sizeof(ACL);

      // Call only if NULL DACL.

      if (pacl != NULL)
      {
         // Determine the size of the ACL information.

         if (!GetAclInformation(
               pacl,
               (LPVOID)&aclSizeInfo,
               sizeof(ACL_SIZE_INFORMATION),
               AclSizeInformation)
         )
              {
                  LPVOID lpMsgBuf= NULL;

                  FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                          NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                          (LPTSTR) &lpMsgBuf,      0,      NULL);
                  ReportError("AddAceToDesktop(GetAclInformation) returns :");
                  ReportError((char*)lpMsgBuf);
                  LocalFree( lpMsgBuf );
                   __leave;
              }
      }

      // Compute the size of the new ACL.

      dwNewAclSize = aclSizeInfo.AclBytesInUse +
            sizeof(ACCESS_ALLOWED_ACE) +
            GetLengthSid(psid) - sizeof(DWORD);

      // Allocate buffer for the new ACL.

      pNewAcl = (PACL)HeapAlloc(
            GetProcessHeap(),
            HEAP_ZERO_MEMORY,
            dwNewAclSize);

      if (pNewAcl == NULL)
              {
                  LPVOID lpMsgBuf= NULL;

                  FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                          NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                          (LPTSTR) &lpMsgBuf,      0,      NULL);
                  ReportError("AddAceToDesktop(HeapAlloc1) returns :");
                  ReportError((char*)lpMsgBuf);
                  LocalFree( lpMsgBuf );
                   __leave;
              }
      // Initialize the new ACL.

      if (!InitializeAcl(pNewAcl, dwNewAclSize, ACL_REVISION))
              {
                  LPVOID lpMsgBuf= NULL;

                  FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                          NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                          (LPTSTR) &lpMsgBuf,      0,      NULL);
                  ReportError("AddAceToDesktop(InitializeAcl1) returns :");
                  ReportError((char*)lpMsgBuf);
                  LocalFree( lpMsgBuf );
                   __leave;
              }
      // If DACL is present, copy it to a new DACL.

      if (bDaclPresent)
      {
         // Copy the ACEs to the new ACL.
         if (aclSizeInfo.AceCount)
         {
            for (i=0; i < aclSizeInfo.AceCount; i++)
            {
               // Get an ACE.
               if (!GetAce(pacl, i, &pTempAce))
                          {
                              LPVOID lpMsgBuf= NULL;

                              FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                                      NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                                      (LPTSTR) &lpMsgBuf,      0,      NULL);
                              ReportError("AddAceToDesktop(GetAce) returns :");
                              ReportError((char*)lpMsgBuf);
                              LocalFree( lpMsgBuf );
                               __leave;
                          }
               // Add the ACE to the new ACL.
               if (!AddAce(
                  pNewAcl,
                  ACL_REVISION,
                  MAXDWORD,
                  pTempAce,
                  ((PACE_HEADER)pTempAce)->AceSize)
               )
                          {
                              LPVOID lpMsgBuf= NULL;

                              FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                                      NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                                      (LPTSTR) &lpMsgBuf,      0,      NULL);
                              ReportError("AddAceToDesktop(AddAce) returns :");
                              ReportError((char*)lpMsgBuf);
                              LocalFree( lpMsgBuf );
                               __leave;
                          }
            }
         }
      }

      // Add ACE to the DACL.

      if (!AddAccessAllowedAce(
            pNewAcl,
            ACL_REVISION,
            DESKTOP_ALL,
            psid)
      )
        {
            LPVOID lpMsgBuf= NULL;

            FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                    NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                    (LPTSTR) &lpMsgBuf,      0,      NULL);
            ReportError("AddAceToDesktop(AddAccessAllowedAce) returns :");
            ReportError((char*)lpMsgBuf);
            LocalFree( lpMsgBuf );
             __leave;
        }
      // Set new DACL to the new security descriptor.

      if (!SetSecurityDescriptorDacl(
            psdNew,
            TRUE,
            pNewAcl,
            FALSE)
      )
        {
            LPVOID lpMsgBuf= NULL;

            FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                    NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                    (LPTSTR) &lpMsgBuf,      0,      NULL);
            ReportError("AddAceToDesktop(SetSecurityDescriptorDacl) returns :");
            ReportError((char*)lpMsgBuf);
            LocalFree( lpMsgBuf );
             __leave;
        }
      // Set the new security descriptor for the desktop object.

      if (!SetUserObjectSecurity(hdesk, &si, psdNew))
        {
            LPVOID lpMsgBuf= NULL;

            FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                    NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                    (LPTSTR) &lpMsgBuf,      0,      NULL);
            ReportError("AddAceToDesktop(SetUserObjectSecurity) returns :");
            ReportError((char*)lpMsgBuf);
            LocalFree( lpMsgBuf );
             __leave;
        }

      // Indicate success.

      bSuccess = TRUE;
   }
   __finally
   {
      // Free buffers.

      if (pNewAcl != NULL)
         HeapFree(GetProcessHeap(), 0, (LPVOID)pNewAcl);

      if (psd != NULL)
         HeapFree(GetProcessHeap(), 0, (LPVOID)psd);

      if (psdNew != NULL)
         HeapFree(GetProcessHeap(), 0, (LPVOID)psdNew);
   }

   return bSuccess;
}

BOOL GetLogonSID (HANDLE hToken, PSID *ppsid)
{
   BOOL bSuccess = FALSE;
   DWORD dwIndex;
   DWORD dwLength = 0;
   PTOKEN_GROUPS ptg = NULL;

// Verify the parameter passed in isn't NULL.
    if (NULL == ppsid)
        goto Cleanup;

// Get required buffer size and allocate the TOKEN_GROUPS buffer.

   if (!GetTokenInformation(
         hToken,         // handle to the access token
         TokenGroups,    // get information about the token's groups
         (LPVOID) ptg,   // pointer to TOKEN_GROUPS buffer
         0,              // size of buffer
         &dwLength       // receives required buffer size
      ))
   {
      if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
         goto Cleanup;

      ptg = (PTOKEN_GROUPS)HeapAlloc(GetProcessHeap(),
         HEAP_ZERO_MEMORY, dwLength);

      if (ptg == NULL)
         goto Cleanup;
   }

// Get the token group information from the access token.

   if (!GetTokenInformation(
         hToken,         // handle to the access token
         TokenGroups,    // get information about the token's groups
         (LPVOID) ptg,   // pointer to TOKEN_GROUPS buffer
         dwLength,       // size of buffer
         &dwLength       // receives required buffer size
         ))
   {
      goto Cleanup;
   }

// Loop through the groups to find the logon SID.

   for (dwIndex = 0; dwIndex < ptg->GroupCount; dwIndex++)
      if ((ptg->Groups[dwIndex].Attributes & SE_GROUP_LOGON_ID)
             ==  SE_GROUP_LOGON_ID)
      {
      // Found the logon SID; make a copy of it.

         dwLength = GetLengthSid(ptg->Groups[dwIndex].Sid);
         *ppsid = (PSID) HeapAlloc(GetProcessHeap(),
                     HEAP_ZERO_MEMORY, dwLength);
         if (*ppsid == NULL)
             goto Cleanup;
         if (!CopySid(dwLength, *ppsid, ptg->Groups[dwIndex].Sid))
         {
             HeapFree(GetProcessHeap(), 0, (LPVOID)*ppsid);
             goto Cleanup;
         }
         break;
      }

   bSuccess = TRUE;

Cleanup:

// Free the buffer for the token groups.
   if (bSuccess != TRUE)
        {
            LPVOID lpMsgBuf= NULL;

            FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                    NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                    (LPTSTR) &lpMsgBuf,      0,      NULL);
            ReportError("GetLogonSID returns :");
            ReportError((char*)lpMsgBuf);
            LocalFree( lpMsgBuf );
        }
   if (ptg != NULL)
      HeapFree(GetProcessHeap(), 0, (LPVOID)ptg);

   return bSuccess;
}

VOID FreeLogonSID (PSID *ppsid)
{
    HeapFree(GetProcessHeap(), 0, (LPVOID)*ppsid);
}


BOOL StartInteractiveClientProcess (
    LPTSTR lpszUsername,    // client to log on
    LPTSTR lpszDomain,      // domain of client's account
    LPTSTR lpszPassword,    // client's password
    LPTSTR lpCommandLine    // command line to execute
)
{
   HANDLE      hToken;
   HDESK       hdesk = NULL;
   HWINSTA     hwinsta = NULL, hwinstaSave = NULL;
   PROCESS_INFORMATION pi;
   PSID pSid = NULL;
   STARTUPINFO si;
   BOOL bResult = FALSE;

// Log the client on to the local computer.

   if (!LogonUser(
           lpszUsername,
           lpszDomain,
           lpszPassword,
           LOGON32_LOGON_INTERACTIVE,
           LOGON32_PROVIDER_DEFAULT,
           &hToken) )
   {
      goto Cleanup;
   }

// Save a handle to the caller's current window station.

   if ( (hwinstaSave = GetProcessWindowStation() ) == NULL)
      goto Cleanup;

// Get a handle to the interactive window station.

   hwinsta = OpenWindowStation(
       "winsta0",                   // the interactive window station
       FALSE,                       // handle is not inheritable
       READ_CONTROL | WRITE_DAC);   // rights to read/write the DACL

   if (hwinsta == NULL)
      goto Cleanup;

// To get the correct default desktop, set the caller's
// window station to the interactive window station.

   if (!SetProcessWindowStation(hwinsta))
      goto Cleanup;

// Get a handle to the interactive desktop.

   hdesk = OpenDesktop(
      "default",     // the interactive window station
      0,             // no interaction with other desktop processes
      FALSE,         // handle is not inheritable
      READ_CONTROL | // request the rights to read and write the DACL
      WRITE_DAC |
      DESKTOP_WRITEOBJECTS |
      DESKTOP_READOBJECTS);

// Restore the caller's window station.

   if (!SetProcessWindowStation(hwinstaSave))
      goto Cleanup;

   if (hdesk == NULL)
      goto Cleanup;

// Get the SID for the client's logon session.

   if (!GetLogonSID(hToken, &pSid))
      goto Cleanup;

// Allow logon SID full access to interactive window station.

   if (! AddAceToWindowStation(hwinsta, pSid) )
      goto Cleanup;

// Allow logon SID full access to interactive desktop.

   if (! AddAceToDesktop(hdesk, pSid) )
      goto Cleanup;

// Impersonate client to ensure access to executable file.

   if (! ImpersonateLoggedOnUser(hToken) )
      goto Cleanup;

// Initialize the STARTUPINFO structure.
// Specify that the process runs in the interactive desktop.

   ZeroMemory(&si, sizeof(STARTUPINFO));
   si.cb= sizeof(STARTUPINFO);
   si.lpDesktop = TEXT("winsta0\\default");

// Launch the process in the client's logon session.

   bResult = CreateProcessAsUser(
      hToken,            // client's access token
      NULL,              // file to execute
      lpCommandLine,     // command line
      NULL,              // pointer to process SECURITY_ATTRIBUTES
      NULL,              // pointer to thread SECURITY_ATTRIBUTES
      FALSE,             // handles are not inheritable
      NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE,   // creation flags
      NULL,              // pointer to new environment block
      NULL,              // name of current directory
      &si,               // pointer to STARTUPINFO structure
      &pi                // receives information about new process
   );

// End impersonation of client.

   RevertToSelf();

   if (bResult && pi.hProcess != INVALID_HANDLE_VALUE)
   {
      WaitForSingleObject(pi.hProcess, INFINITE);
      CloseHandle(pi.hProcess);
   }

   if (pi.hThread != INVALID_HANDLE_VALUE)
      CloseHandle(pi.hThread);  

Cleanup:

   if (bResult != TRUE)
        {
            LPVOID lpMsgBuf= NULL;

            FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                                    NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                                    (LPTSTR) &lpMsgBuf,      0,      NULL);
            ReportError("GetLogonSID returns :");
            ReportError((char*)lpMsgBuf);
            LocalFree( lpMsgBuf );
        }
   
   if (hwinstaSave != NULL)
      SetProcessWindowStation (hwinstaSave);

// Free the buffer for the logon SID.

   if (pSid)
      FreeLogonSID(&pSid);

// Close the handles to the interactive window station and desktop.

   if (hwinsta)
      CloseWindowStation(hwinsta);

   if (hdesk)
      CloseDesktop(hdesk);

// Close the handle to the client's access token.

   if (hToken != INVALID_HANDLE_VALUE)
      CloseHandle(hToken);  

   return bResult;
}

Avatar of jkr
jkr
Flag of Germany image
Are you starting this application from a service? If not, this sample is overkill. It would be way easier to connect to the network folder using "WNetAddConnection2()".
Avatar of aquila98
aquila98

ASKER

No, it's NOT a service. It's a regular .exe, MDI
application.

What is this WNetAddConnection2 function? I have listed to
plus a network disk not to perform user defined function
as an another user...

idealy I would want my initinstance function to issue a call
such as BecomeUser("MyDomain/God", "AllMighty") and then in
the exitInstance a call to: RevertToSelf()... Anything in
between would be executed using the privilege of user "God"
and NOT those of the user actually logged on that computer!

Would WNetAddConnection2 do this???
ASKER CERTIFIED SOLUTION
Avatar of jkr
jkr
Flag of Germany image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of aquila98
aquila98

ASKER

And just what is the privilege in usermgr.exe that
correspond to this SE_TCB_NAME ?

I don't want the users on the network to have TOO much
rights and I would hate to give them a right that they
require soly for the purpose of being able to run my
application which WHILE IT IS RUNNING, is running as
under a domain admin account....

So simple in unix! Why can't windows be like that ;-)
Avatar of jkr
jkr
Flag of Germany image
It is "Act as part of the operating system". You can also set that by code.
Avatar of aquila98
aquila98

ASKER

Setting this within the .exe would be best...
Because I could revoke that right in exitinstance() ;-)

Do you have a bit of code somewhere on the net?
A link or a sample maybe?
Avatar of jkr
jkr
Flag of Germany image
You cannot add user privileges when you are not an administrator. Even worse, in order for the privilege to be activated, you have to log out and back in when you are setting ot for the current account. I actually would create a special group, grant this privilege to the group and add all users that need to use your program to that group.
Avatar of aquila98
aquila98

ASKER

ok I create this group and gave it the act part of the os
right...

Now, if I use the sample of code from msdn (above) it should
actually work? Ecept the function GetLogonSID always fails
with the useless message "privilège manquant" (missing privilege). Which one???

Does anyone have a bit of code that actually works???

Avatar of jkr
jkr
Flag of Germany image
Have you tried the "snippet" that I posted? This should be way easier to use...
Avatar of aquila98
aquila98

ASKER

I tried it and I still get the "forbiden" when I try to list
the content of a directory...

I logon in NT under a "regular" domain account.
I start the .exe in which use the logon code to become a
network domain admin, and then in the exe I try to get the
list of files in a network directory which the regular users
can't get access to, but the admin can... And it does NOT
work because I get the forbiden message :(

Any suggestions?

ps.. and YES, the "regular" user I am using has the "act
as part of os" privilege...

????
Avatar of aquila98
aquila98

ASKER

Strange, I can't get past this "access denied" message!
I tried to do the opposite... Using my account (which is
a domain admin) I tried to logon as a "regular" user and
it too failed... I got to access all the files I wanted
so I did NOT loose my admin privilege!

Anyone has any hints? Isn't there a surefire way to logon
within a .exe file ????
Avatar of DanRollins
DanRollins
Flag of United States of America image
>>I tried it and I still get the "forbiden" when I try to list the content of a directory...

The LogonUser() and ImpersonateLoggedOnUser() have worked perfectly when I've needed them. (as jkr says, it's just a few lines of code rather than the monster you posted above... give it a try -- you can slap together a 30-line program as proof-of-concept.)

Now, what "forbidden" error are you talking about and exactly when does that error occur?

-- Dan
Avatar of aquila98
aquila98

ASKER

I tried the bit of code :
HTOKEN hToken;

LogonUser ( "TheDomain\\TheBigOne", NULL, "SecretPassword", LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &hToken);

ImpersonateLoggedOnUser ( hToken);

// do stuff

RevertToSelf ();

The // do stuff... It's a call to a function that list all the
files and directories in a network folder ONLY a domain admin
has access to.

The user I impersonate IS a domain admin and thus should be
able to retreive the list of files (ls -l) but when I tried
I det the error message (assess denied, or forbiden. The actual text of the message is in french).

And I tried the opposite... When I am logged on as a domain
admin, and I impersonate a "regular" user I am still able to
get the list of files, and I should not be able to do so IF
I had actually switched identities...

Or does the impersonate NOT change the identity on the
NETWORK????

Avatar of DanRollins
DanRollins
Flag of United States of America image
>>It's a call to a function that list all the files and directories in a network folder ...

>>I det the error message (assess denied, or forbiden. The...

Perhaps the problen is in this other routine.  To rule out that possibility, I suggest that in your proof-of-concept testing, you simply attempt to open one of these forbidden files and read it.  

-- Dan
Avatar of DanRollins
DanRollins
Flag of United States of America image
To be more clear: User the CreateFile() API and examine the return error codes.  -- Dan
Avatar of aquila98
aquila98

ASKER

very discouraging!

I put error check after all api... this is the code:
     HANDLE hToken;
     CString sLogin("");
     CString sPwd("");
     LPVOID lpMsgBuf= NULL;
     FILE* in= NULL;
     CString tmp("");
     char buf[200];

     m_Login.GetWindowText(sLogin);
     m_Password.GetWindowText(sPwd);
     if (!LogonUser ( (char*)(LPCTSTR)sLogin, NULL, (char*)(LPCTSTR)sPwd, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &hToken))
     {
          FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                              NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                              (LPTSTR) &lpMsgBuf,     0,     NULL);
          tmp.Format("%s %s error: %s\n", sLogin, sPwd, lpMsgBuf);
          MessageBox(tmp, "Logon error", MB_OK|MB_ICONERROR);
          LocalFree( lpMsgBuf );
          return;
     }

     if (!ImpersonateLoggedOnUser ( hToken))
     {
          FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                              NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                              (LPTSTR) &lpMsgBuf,     0,     NULL);
          tmp.Format("%s %s error: %s\n", sLogin, sPwd, lpMsgBuf);
          MessageBox(tmp, "Impresonate error", MB_OK|MB_ICONERROR);
          LocalFree( lpMsgBuf );
          return;
     }

     in= fopen("\\\\Server1\\UserAdmin\\Documents\\Draftver.txt", "r");
     if (in)
     {
          tmp= "";
          while(fgets(buf, 199, in))
          {
               tmp += buf;
               tmp += "\n";
          }
          fclose(in);
                Beep(100,100);
     }
     else
     {
          FormatMessage(  FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
                              NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
                              (LPTSTR) &lpMsgBuf,     0,     NULL);
          tmp.Format("%s %s error: %s\n", sLogin, sPwd, lpMsgBuf);
          MessageBox(tmp, "I/O error", MB_OK|MB_ICONERROR);
          LocalFree( lpMsgBuf );
     }

     RevertToSelf ();

To get the Beep one would have had to get the admin
privilege that goes with the account.

No matter if I log on in NT under an Domain admin and
try to impersonate a regular user, of log on as a regular
user and try to impersonate an admin... I get an error
in LogOn stating that I am missing a privilege!

So I am back to square one! Which privilege is that?
I have granted all the privilere (user rights) I can
see with the advance checked and still it complains
about a missing privilege! How can I grant more privilege?
The two user I am using have them all!!!

It's ridiculus! It will be simpler to build a NT service
running under the admin account and implement a rpc server
to send the files to the user who has the rights than to
use this API and logon to the admin accoun within the .exe
file! Talk about a usefull API!

Any hints before I scrap this principle and move to the
rpc server within a nt service solution?
Avatar of jkr
jkr
Flag of Germany image
>>No matter if I log on in NT under an Domain admin

Did you add SE_TCB_NAME for the domain admin account also? Even admins aren't granted this privilege automatically.
Avatar of aquila98
aquila98

ASKER

Yes, they both have this "act os part of os" privilege!

:(
Avatar of jkr
jkr
Flag of Germany image
Have you tried to also set SE_CHANGE_NOTIFY_NAME?
Avatar of aquila98
aquila98

ASKER

And this one corresponds to which user rights in
usermgr.exe ???

Avatar of jkr
jkr
Flag of Germany image
"Bypass Traverse Checking" :o)
Avatar of aquila98
aquila98

ASKER

Yep! they both had that rights too!

Is there a way to list ALL the rights in a .exe file?
That way I could post it here...

Like

CStringList* lBefore= GetTokeyRights();
Logonuser(...);
CStringList* lAfter= GetTokeyRights();

????
Avatar of aquila98
aquila98

ASKER

And how do I get the GENERIC_MAPPING  and the PSECURITY_DESCRIPTOR for my current .exe ???

Avatar of DanRollins
DanRollins
Flag of United States of America image
One possible way would be to use functions and stuff like that.  When I open that link, the screen divides into two panes.  On the left is a navigation area.  It shows a sort of tree layout and if you navigate around a bit, there is all kinds of sample code there.  Worth a try!
-- Dan
Avatar of aquila98
aquila98

ASKER

Yes.. than looks like the moster I posted above...

How come this is so complicated in Windows when it's so simple
in Unix!!!

I had until tomorrow to find a solution and I think I'll go
for the rpc server within a NT service. At least I know this
will works... it's add a couple of weeks more developemnt time

No wonder Windows is so unsecure! With all that complexity ;-)

Thanks for your eforts...
Avatar of DanRollins
DanRollins
Flag of United States of America image
>>I get an error in LogOn stating that I am missing a privilege!

Which Win32 API function is named "LogOn" ? And what error code does it return?

When I simulate the scenario that you have described, the operation works perfectly.  

-- Dan
Avatar of aquila98
aquila98

ASKER

The simplest thing I tried, is a proof by negation senario :)

Being logged as a full domain admin with "act as part of os"
And "tree check bypass" ... I do this in my .exe:

1) I log as a regular user WITHOUT access rights (ACL)
to my admin directory on the server, thus:
   if (!LogonUser ( (char*)(LPCTSTR)sLogin, "domainname", (char*)(LPCTSTR)sPwd, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &hToken))
    There IS NO errors, so I assume I lost my privilege or
ACL and I sould NOT be able to access my file...

2) if (!ImpersonateLoggedOnUser ( hToken))
    Again, no ERROR... did it worked ????

3)  FILE* in= fopen("\\\\Server\\AdminUser\\Documents\\doc1.txt", "r");

   NO! It did not since I can still access my files and
read the content... which i SHOULD NOT be able to do if
I were correctly logged as a regular user...

So this issues no error messages... but it does NOT work.

When I do the reverse, and log as a admin while being
logged as a regular user, I get the error: access denied
on the file...
Avatar of jkr
jkr
Flag of Germany image
Just checked some of my "older" services and saw that I also assigned "SeAssignPrimaryTokenPrivilege" - maybe that was the one missing...
Avatar of aquila98
aquila98

ASKER

Is this the same as create token privilege???
I ganted all privileges to my regular user and it was still
unable to get to the file!

If you have no objections, I'll delete this question.
I have created a prototype NT service/rpc server and it works
fine. I'll be able to bypass all together this privilege
stuff!

Thanks for your input anyway.
Avatar of jkr
jkr
Flag of Germany image
>>Is this the same as create token privilege???

No, it is "Replace a process level token"
Avatar of jkr
jkr
Flag of Germany image
BTW, I'd appreciate if you'd give it one last try - I know that it _has_ to work :o)
Avatar of aquila98
aquila98

ASKER

:(
That's not it either... Stull get the privilege not held error
on LogonUser when I am not admin!
Avatar of DanRollins
DanRollins
Flag of United States of America image
I don't suppose you are testing this in the debugger, are you?  I think that could skew the results.  
-- Dan
Avatar of jkr
jkr
Flag of Germany image
Ok, these are all the privileges I had set

     SetServiceRight     (     awcDomUsrName,     NULL,     L"SeServiceLogonRight",     FALSE);
     SetServiceRight     (     awcDomUsrName,     NULL,     L"SeTcbPrivilege",     FALSE);
     SetServiceRight     (     awcDomUsrName,     NULL,     L"SeAssignPrimaryTokenPrivilege",     FALSE);
     SetServiceRight     (     awcDomUsrName,     NULL,     L"SeIncreaseQuotaPrivilege",     FALSE);

(the 1st one is not applicable for your situation)
Avatar of griessh
griessh
Flag of United States of America image
Dear aquila98

This question didn't show any activity for more than 21 days. I will ask Community Support to close it unless you finalize it yourself within 7 days.
You can always request to keep this question open. But remember, experts can only help if you provide feedback to their comments.
Unless there is objection or further activity,  I will suggest to split between

    "jkr & DanRollins"

comment(s) as an answer.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
========
Werner
Avatar of Mindphaser
Mindphaser
Force accepted

** Mindphaser - Community Support Moderator **

Dan, there is a separate question with points for your help in https://www.experts-exchange.com/questions/20440876/Points-for-DanRollins.html.