Using the LogonUser API
From: Jerry West (jw_at_comcast.net)
Date: 10/02/04
- Previous message: mr unreliable: "Aaarrrggghhh -- that ugly flicker!"
- Next in thread: Björn Holmgren: "Re: Using the LogonUser API"
- Reply: Björn Holmgren: "Re: Using the LogonUser API"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 2 Oct 2004 12:33:12 -0700
I am attempting to impersonate a user using the LogonUser and related APIs.
Whenever I call LogonUser on a Windows 2000 system the call fails with the
error: ERROR_PRIVILEGE_NOT_HELD
The MSDN indicates this is a issue specific to Win2K and is related to the
calling process having the SE_TCB_NAME privilege. I am using the
Administrator credentials when calling the LogonUser API. I am also
validating the Admin account against the local account database. Finally,
the current logged on account is the same Admin account as the credentials
being passed into LogonUser. Given these facts it seems that I shouldn't
need the SE_TCB_NAME privilege since I am already logged in as Admin and the
credentials I'm passing to LogonUser are the same.
How can I obtain this privilege?
Thanks in advance!
JW
The code I am using is:
Private Const LOGON32_LOGON_INTERACTIVE = 2
Private Const LOGON32_PROVIDER_DEFAULT = 0
Private Const PI_NOUI = 1
Private Type PROFILEINFO
dwSize As Long
dwFlags As Long
lpUserName As Long
lpProfilePath As Long
lpDefaultPath As Long
lpServerName As Long
lpPolicyPath As Long
hProfile As Long
End Type
Private Declare Function LogonUser Lib "advapi32.dll" Alias _
"LogonUserA" (ByVal lpszUsername As String, _
ByVal lpszDomain As String, ByVal lpszPassword As String, _
ByVal dwLogonType As Long, ByVal dwLogonProvider As Long, _
phToken As Long) As Long
Private Declare Function ImpersonateLoggedOnUser Lib "advapi32" ( _
ByVal hToken As Long) As Long
Private Declare Function RevertToSelf Lib "advapi32.dll" () As Long
Private Declare Function CloseHandle Lib "kernel32" ( _
ByVal hObject As Long) As Long
Private Declare Function LoadUserProfile Lib "userenv.dll" Alias _
"LoadUserProfileA" (ByVal hToken As Long, _
ByVal lpProfileInfo As Long) As Boolean
Public Function Impersonate(sUser As String, sDomain As String, _
sPwd As String, hToken As Long, _
Optional bLoadProfile As Boolean = False, _
Optional hProfile As Long) As Long
Dim UserToken As Long
Dim ProfileHandle As Long
Dim aUser() As String
Dim sUserName As String
Dim lRes As Long
lRes = LogonUser(sUser, sDomain, sPwd, LOGON32_LOGON_INTERACTIVE, _
LOGON32_PROVIDER_DEFAULT, UserToken)
If lRes <> 0 Then
If bLoadProfile Then
lRes = LoadProfile(sUser, UserToken, ProfileHandle)
Else
lRes = 0
End If
If lRes = 0 Then
lRes = ImpersonateLoggedOnUser(UserToken)
If lRes = 0 Then
CloseHandle UserToken
UserToken = 0
End If
End If
End If
If lRes = 0 Then lRes = Err.LastDllError Else lRes = 0
Impersonate = lRes
hToken = UserToken
hProfile = ProfileHandle
End Function
Public Function LoadProfile(sUserName As String, hToken As Long, _
hProfile As Long) As Long
Dim PI As PROFILEINFO
Dim lpPI As Long
PI.dwSize = Len(PI)
PI.dwFlags = PI_NOUI
PI.lpUserName = StrPtr(sUserName)
PI.lpProfilePath = 0
PI.lpDefaultPath = 0
PI.lpServerName = 0
PI.lpPolicyPath = 0
lpPI = VarPtr(PI)
If LoadUserProfile(hToken, lpPI) Then
hProfile = PI.hProfile
LoadProfile = 0
Else
LoadProfile = Err.LastDllError
End If
End Function
Public Function Revert(hToken As Long) As Long
CloseHandle hToken
If RevertToSelf <> 0 Then
Revert = 0
Else
Revert = Err.LastDllError
End If
End Function
- Previous message: mr unreliable: "Aaarrrggghhh -- that ugly flicker!"
- Next in thread: Björn Holmgren: "Re: Using the LogonUser API"
- Reply: Björn Holmgren: "Re: Using the LogonUser API"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
