468,513 Members | 1,799 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,513 developers. It's quick & easy.

Logonuser and ImpersonateLoggedOnUser

3
after calls to
logonuser()
impersonateloggedouuser()
the call to openprocess() fails with Access is denied.
what i need to do to get the access right back to call OpenProcess success.
Oct 6 '06 #1
2 13262
eliang
3
after calls to
logonuser()
impersonateloggedouuser()
the call to openprocess() fails with Access is denied.
what i need to do to get the access right back to call OpenProcess success.
the following is the code i did with the output.

Expand|Select|Wrap|Line Numbers
  1.  #include <windows.h> 
  2. #include <stdio.h>
  3. #include <Userenv.h>
  4.  
  5. check_open_proceess( char* comment )
  6.     {
  7.     DWORD pid;
  8.     HANDLE phandle;
  9.  
  10.     pid = GetCurrentProcessId();
  11.     phandle = OpenProcess( PROCESS_QUERY_INFORMATION, TRUE, pid );
  12.     if( phandle )
  13.         CloseHandle(phandle);
  14.     else
  15.         {
  16.         LPVOID    lpMsgBuf;
  17.         DWORD errorid = GetLastError();
  18.  
  19.         FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
  20.             NULL,
  21.             errorid,
  22.             MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
  23.             (LPTSTR) &lpMsgBuf,
  24.             0,
  25.             NULL );
  26.  
  27.         printf("Error check_open_proceess at %s.\n%s", comment, lpMsgBuf);
  28.         LocalFree( lpMsgBuf );
  29.         }
  30.     printf( "pid %ld: %s\n\n", pid, comment );
  31.  
  32.     }
  33.  
  34. void main( int argc, char* argv[] )
  35. {
  36. HANDLE hUserToken = 0;
  37.  
  38. check_open_proceess( "program start" );
  39.  
  40. if (LogonUser( 
  41.     "user1",
  42.     ".",
  43.     "password1",
  44.     LOGON32_LOGON_INTERACTIVE,
  45.     LOGON32_PROVIDER_DEFAULT,
  46.     &hUserToken) == 0)
  47.     {
  48.     LPVOID    lpMsgBuf;
  49.     DWORD errorid = GetLastError();
  50.  
  51.     FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
  52.         NULL,
  53.         errorid,
  54.         MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
  55.         (LPTSTR) &lpMsgBuf,
  56.         0,
  57.         NULL );
  58.  
  59.     printf("Error logging on as RADS.\n%s", lpMsgBuf);
  60.     Sleep(2000);
  61.  
  62.     LocalFree( lpMsgBuf );
  63.     }
  64. check_open_proceess( "after LogonUser" );
  65.  
  66. if (!ImpersonateLoggedOnUser(hUserToken))
  67.     {
  68.     LPVOID    lpMsgBuf;
  69.     DWORD errorid = GetLastError();
  70.  
  71.     FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
  72.         NULL,
  73.         errorid,
  74.         MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
  75.         (LPTSTR) &lpMsgBuf,
  76.         0,
  77.         NULL );
  78.  
  79.     printf("Error impersonating RADS 2.\n%s", lpMsgBuf);
  80.     Sleep(2000);
  81.     }
  82.  
  83. check_open_proceess( "after ImpersonateLoggedOnUser" );
  84. }
  85.  
C:\dev\learning\testrun\debug>testrun
pid 4888: program start

pid 4888: after LogonUser

Error check_open_proceess at after ImpersonateLoggedOnUser.
Access is denied.
pid 4888: after ImpersonateLoggedOnUser
Oct 6 '06 #2
eliang
3
after play with the user right, i got pass the openprocess call, but fail at openprocesstoken call.
any help will be appreciated

the following is my code with output.

#include <windows.h>
#include <stdio.h>
#include <Userenv.h>

check_open_proceess( char* comment );
HANDLE get_access_token( );
BOOL set_priv( HANDLE hAccessHandle, BOOL bEnabled );

void main( int argc, char* argv[] )
{
HANDLE hUserToken = 0;
HANDLE hAccessToken = 0;
PROFILEINFO UserProfile;

check_open_proceess( "program start" );

hAccessToken = get_access_token();

set_priv( hAccessToken, TRUE );

if (LogonUser(
"USER1",
".",
"PASSWORD1",
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
&hUserToken) == 0)
{
LPVOID lpMsgBuf;
DWORD errorid = GetLastError();

FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
NULL,
errorid,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
(LPTSTR) &lpMsgBuf,
0,
NULL );

printf("Error logging on as USER1.\n%s", lpMsgBuf);
Sleep(2000);

LocalFree( lpMsgBuf );
}
check_open_proceess( "after LogonUser" );


UserProfile.dwSize = sizeof(PROFILEINFO);
UserProfile.dwFlags = PI_NOUI;
UserProfile.lpUserName = "USER1";
UserProfile.lpProfilePath = NULL;
UserProfile.lpDefaultPath = NULL;
UserProfile.lpServerName = NULL;
UserProfile.lpPolicyPath = NULL;
UserProfile.hProfile = 0;

if ( !LoadUserProfile( hUserToken, &UserProfile) )
{
LPVOID lpMsgBuf;
DWORD errorid = GetLastError();

FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
NULL,
errorid,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
(LPTSTR) &lpMsgBuf,
0,
NULL );

printf("Error load user profile.\n%s", lpMsgBuf);
Sleep(2000);
}

check_open_proceess( "after LoadUserProfile" );

set_priv( hUserToken, TRUE );

if (!ImpersonateLoggedOnUser(hUserToken))
{
LPVOID lpMsgBuf;
DWORD errorid = GetLastError();

FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
NULL,
errorid,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
(LPTSTR) &lpMsgBuf,
0,
NULL );

printf("Error impersonating USER1 2.\n%s", lpMsgBuf);
Sleep(2000);
}

check_open_proceess( "after ImpersonateLoggedOnUser" );

}



check_open_proceess( char* comment )
{
DWORD pid=0;
HANDLE hProcessHandle=0;
HANDLE hTokenHandle=0;

printf( "entered check_open_proceess.\n" );

pid = GetCurrentProcessId();
hProcessHandle = OpenProcess( PROCESS_QUERY_INFORMATION, TRUE, pid );
if( hProcessHandle )
{
OpenProcessToken( hProcessHandle, TOKEN_QUERY, &hTokenHandle);
if( hTokenHandle )
{
printf( "OpenProcessToken success.\n" );
CloseHandle( hTokenHandle );
}
else
{
LPVOID lpMsgBuf;
DWORD errorid = GetLastError();

FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
NULL,
errorid,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
(LPTSTR) &lpMsgBuf,
0,
NULL );

printf("Error check_open_proceess at OpenProcessToken.\n%s", lpMsgBuf);
LocalFree( lpMsgBuf );
}

CloseHandle(hProcessHandle);
}
else
{
LPVOID lpMsgBuf;
DWORD errorid = GetLastError();

FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
NULL,
errorid,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
(LPTSTR) &lpMsgBuf,
0,
NULL );

printf("Error check_open_proceess at OpenProcess.\n%s", lpMsgBuf);
LocalFree( lpMsgBuf );
}

printf( "leaving check_open_proceess: %s.\n\n", comment );
}



BOOL set_priv( HANDLE hAccessHandle, BOOL bEnabled )
{
unsigned i;
BOOL bSuccess;
DWORD cbTokenPrivileges = 0;
DWORD cbReturn = 0;
LPVOID lp_token_privileges;
PTOKEN_PRIVILEGES ptPrivileges;
LPVOID lp_token_default_dacl;
PTOKEN_DEFAULT_DACL pTokenDefaultDacl;
DWORD cbTokenDefaultDacl = 0;

HANDLE hAccessToken=0;
HANDLE hProcessHandle=0;

if( hAccessHandle )
{
hAccessToken = hAccessHandle;
}
else
{
// get the current process access token
hProcessHandle = OpenProcess( PROCESS_ALL_ACCESS | PROCESS_CREATE_PROCESS |
PROCESS_CREATE_THREAD | PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION,
TRUE, GetCurrentProcessId() );

if ( !hProcessHandle )
{
LPVOID lpMsgBuf;
DWORD errorid = GetLastError();

FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
NULL,
errorid,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
(LPTSTR) &lpMsgBuf,
0,
NULL );

printf("Error OpenProcess \n%s.", lpMsgBuf);
}

bSuccess = OpenProcessToken( hProcessHandle, TOKEN_ALL_ACCESS |TOKEN_ADJUST_PRIVILEGES | TOKEN_WRITE, &hAccessToken );
}

// get the TOKEN_PRIVILEGES structure from the access token, which contains
// the all the privileges the caller has.
bSuccess = GetTokenInformation(
hAccessToken,
TokenPrivileges,
NULL,
cbTokenPrivileges,
&cbReturn
);

cbTokenPrivileges = cbReturn;
lp_token_privileges = malloc (cbTokenPrivileges);
ptPrivileges = (PTOKEN_PRIVILEGES) lp_token_privileges;

bSuccess = GetTokenInformation(
hAccessToken,
TokenPrivileges,
ptPrivileges,
cbTokenPrivileges,
&cbReturn
);

if( bSuccess )
printf("privileges count %d\n", ptPrivileges->PrivilegeCount );
else
printf("failed to get TokenPrivileges\n" );

// Iterate through all the privileges and enable them all
for( i = 0; i<ptPrivileges->PrivilegeCount; i++)
{
if( bEnabled )
{
ptPrivileges->Privileges[i].Attributes = SE_PRIVILEGE_ENABLED;
}
else
{
ptPrivileges->Privileges[i].Attributes = SE_PRIVILEGE_REMOVED;
}
}

bSuccess = AdjustTokenPrivileges(
hAccessToken,
FALSE,
ptPrivileges,
0,
NULL,
NULL
);

free( lp_token_privileges );

if( bSuccess )
printf("AdjustTokenPrivileges success.\n" );
else
printf("AdjustTokenPrivileges failed.\n" );

return bSuccess;
}

HANDLE get_access_token( )
{
HANDLE hProcessHandle;
HANDLE hAccessToken;

hProcessHandle = OpenProcess( PROCESS_ALL_ACCESS | PROCESS_CREATE_PROCESS |
PROCESS_CREATE_THREAD | PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION,
TRUE, GetCurrentProcessId() );

if ( !hProcessHandle )
{
LPVOID lpMsgBuf;
DWORD errorid = GetLastError();

FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
NULL,
errorid,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
(LPTSTR) &lpMsgBuf,
0,
NULL );

printf("Error OpenProcess \n%s.", lpMsgBuf);
}

OpenProcessToken( hProcessHandle, TOKEN_ALL_ACCESS |TOKEN_ADJUST_PRIVILEGES | TOKEN_WRITE, &hAccessToken );

CloseHandle( hProcessHandle );

return hAccessToken;
}


with the output

C:\dev\learning\testrun\debug>testrun
entered check_open_proceess.
OpenProcessToken success.
leaving check_open_proceess: program start.

privileges count 24
AdjustTokenPrivileges success.
entered check_open_proceess.
OpenProcessToken success.
leaving check_open_proceess: after LogonUser.

entered check_open_proceess.
OpenProcessToken success.
leaving check_open_proceess: after LoadUserProfile.

privileges count 24
AdjustTokenPrivileges success.
entered check_open_proceess.
Error check_open_proceess at OpenProcessToken.
Access is denied.
leaving check_open_proceess: after ImpersonateLoggedOnUser.
Oct 10 '06 #3

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

1 post views Thread by Nimi | last post: by
3 posts views Thread by Dan | last post: by
2 posts views Thread by BLiTZWiNG | last post: by
7 posts views Thread by Jason | last post: by
9 posts views Thread by schaf | last post: by
1 post views Thread by Sajid | last post: by
reply views Thread by NPC403 | last post: by
1 post views Thread by fmendoza | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.