CreateProcessAsUser (error 1314)

From: Jordi Gou (jgou_at_ntr.es)
Date: 07/13/04


Date: Tue, 13 Jul 2004 19:00:44 +0200

I have a problem with CreateProcessAsUser. It always returns me the error
code 1314 ("A required privilege is not held by the client").
My application needs to change the privileges to administrator privileges of
the current process. So I use ImpersonateLoggedOnUser
(this part goes well). Besides, it has to launch several commands, so I have
to use CreateProcessAsUser (because I saw that ShellExecute
or WinExec don't inherit privileges).

To create the new process I duplicate the token that use to Impersonate
converting it to primary token. Furthermore, I put the
SE_ASSIGNPRIMARYTOKEN_NAME and SE_INCREASE_QUOTA_NAME on token, because I
read that it needs, but nothing happens. The error is still here.

Does anyone can help me? What it's happening? How can I resolve it?

Here it's the code that I use:

if (!RevertToSelf()) return false;

// Get the current process token handle...
if( !OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES |
TOKEN_QUERY, &hToken ))
 return false;

if (!SetPrivilege(hToken, SE_TCB_NAME, true))
 return false;

if (LogonUser(szUsername, szDomain, szPassword, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, &hAdminUser))
 bUserAuth = true;
else
 bUserAuth = false;

if (bUserAuth)
{
 if (!ImpersonateLoggedOnUser(hAdminUser))
  MessageBox(NULL, TEXT("Inpersonate Error"), TEXT(""), MB_OK);

 /////////////////////////////////////////////////
 if (DuplicateTokenEx(hAdminUser, MAXIMUM_ALLOWED, 0, SecurityImpersonation,
TokenPrimary, &hAdminPriv) == 0)
  MessageBox(NULL, TEXT("duplicate token Error"), TEXT(""), MB_OK);

 if (!SetPrivilege(hAdminPriv, SE_ASSIGNPRIMARYTOKEN_NAME, true))
 {
  MessageBox(NULL, TEXT("SetPrivilege Error"), TEXT(""), MB_OK);
  return false;
 }

 if (!SetPrivilege(hAdminPriv, SE_INCREASE_QUOTA_NAME, true))
 {
  MessageBox(NULL, TEXT("SetPrivilege Error"), TEXT(""), MB_OK);
  return false;
 }

 TCHAR szRes[MAXSTRINGLEN];
 STARTUPINFO si;
 PROCESS_INFORMATION pi;

 ZeroMemory( &si, sizeof(si) );
 si.cb = sizeof(si);
 ZeroMemory( &pi, sizeof(pi) );

 my_strcpy(szRes, TEXT("C:\\Archivos de programa\\Inquiero Installable
ISD\\prova.exe"));

 if (!CreateProcessAsUser(hAdminPriv, NULL, szRes, NULL, NULL, TRUE,
DETACHED_PROCESS|IDLE_PRIORITY_CLASS, NULL, NULL, &si, &pi))
 {
  TCHAR szError[MAXSTRINGLEN];
  wsprintf(szError, TEXT("%d"), GetLastError());
  MessageBox(NULL, szError, TEXT(""), MB_OK);
 }
}