Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

logonuser always fails!

Status
Not open for further replies.
ADoozer

ADoozer

Programmer
Dec 15, 2002
3,487
0
0
AU
this is a continuation of thread222-548282

below is a copy of the code i am using (from the above thread)

the problem is that logonuser always fails(on command1_click)... no matter what i do!!

can anybody help, i am logged on as administrator and am trying to log "ralph" onto the machine that is calling the logonuser API (i think that makes sense), i have tried being logged on as ralph and trying to impersonate admin and a few other dummi users but to no avail as well!! more info upon request!

Code: 
Option Explicit
'Private Declare Function PrivilegeCheck Lib "advapi32.dll" (ByVal ClientToken As Long, RequiredPrivileges As PRIVILEGE_SET, ByVal pfResult As Long) As Long
Private Const SE_TCB_NAME = "SeTcbPrivilege"
Private Const SE_PRIVILEGE_ENABLED = &H2
Private Const TOKEN_ADJUST_PRIVILEGES = &H20
Private Const TOKEN_QUERY = &H8

Private Const ANYSIZE_ARRAY = 1

Private Declare Function GetCurrentProcess Lib "kernel32" () As Long
Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Private Declare Function LookupPrivilegeValue Lib "advapi32.dll" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLuid As LARGE_INTEGER) As Long
Private Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long

Private Type LARGE_INTEGER
    lowpart As Long
    highpart As Long
End Type

Private Type Luid
    lowpart As Long
    highpart As Long
End Type

Private Type LUID_AND_ATTRIBUTES
    pLuid As LARGE_INTEGER
    Attributes As Long
End Type

Private Type TOKEN_PRIVILEGES
    PrivilegeCount As Long
    Privileges(ANYSIZE_ARRAY) As LUID_AND_ATTRIBUTES
End Type


Private Declare Function LogonUser Lib "advapi32" Alias "LogonUserA" (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Long, ByVal dwLogonProvider As Long, phToken As Long) As Long
Private Declare Function ImpersonateLoggedOnUser Lib "advapi32" (ByVal hToken As Long) As Long
Private Const LOGON32_LOGON_NETWORK = 3
Private Const LOGON32_LOGON_INTERACTIVE = 2

Private Const LOGON32_PROVIDER_DEFAULT = 0


Private Declare Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, lpSource As Any, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, Arguments As Long) As Long
Private Const FORMAT_MESSAGE_FROM_SYSTEM As Long = &H1000


Private Sub Command1_Click()
    MsgBox "Impersonation successful: " & MakeMeImpersonate("ralph", "ralph")
End Sub

' Attempts to make the current thread (i.e the VB program) impersonate Username, using a given Password
' The relevant Domain can also be named. If omitted, account will be verifiedagainst the local account
' database rather than that of a domain
' Function returns non-zero (TRUE) if impersonation is successful, FALSE if not
Private Function MakeMeImpersonate(Username As String, Password As String, Optional Domain As String = ".") As Boolean
    Dim result As Long
    Dim hToken As Long

    If LogonUser(Username, Domain, Password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, hToken) Then
        result = ImpersonateLoggedOnUser(hToken)
        If Not result Then Err.Raise Err.LastDllError, "MakeMeImpersonate", "ImpersonateLoggedOnUser: " & ApiErrorText(Err.LastDllError)
    Else
        Err.Raise Err.LastDllError, "MakeMeImpersonate", "Logon User: " & ApiErrorText(Err.LastDllError)
    End If
    MakeMeImpersonate = result
End Function

Private Function AdjustAccessToken() As Long
    Dim hProc As Long
    Dim OldTokenStuff As TOKEN_PRIVILEGES
    Dim OldTokenStuffLen As Long
    Dim NewTokenStuff As TOKEN_PRIVILEGES
    Dim NewTokenStuffLen As Long
    Dim pSize As Long
    Dim result As Long

    If OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, hProc) Then
        If LookupPrivilegeValue(vbNullString, SE_TCB_NAME, OldTokenStuff.Privileges(0).pLuid) Then

            NewTokenStuff = OldTokenStuff
            NewTokenStuff.PrivilegeCount = 1
            NewTokenStuff.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED
            NewTokenStuffLen = Len(NewTokenStuff)
            pSize = Len(NewTokenStuff)
        
            result = AdjustTokenPrivileges(hProc, False, NewTokenStuff, NewTokenStuffLen, OldTokenStuff, OldTokenStuffLen)
        End If
    End If
    If Not result Then Err.Raise Err.LastDllError, "LogonUser", "AdjustToken: " & ApiErrorText(Err.LastDllError)
End Function

Private Sub Command2_Click()
    AdjustAccessToken
End Sub


Private Function ApiErrorText(ByVal ErrNum As Long) As String
      Dim msg As String
      Dim nRet As Long

      msg = Space$(1024)
      nRet = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, ByVal 0&, ErrNum, 0&, msg, Len(msg), ByVal 0&)
      If nRet Then
         ApiErrorText = Left$(msg, nRet)
      Else
         ApiErrorText = "Error (" & ErrNum & ") not defined."
      End If
   End Function

PS i am a little concerned about the following section from MSDN:-

The process that calls LogonUser must have the SE_TCB_NAME privilege. The privilege does not need to be enabled. The LogonUser function enables the privilege as necessary. If the calling process does not have this privilege, LogonUser fails and GetLastError returns ERROR_PRIVILEGE_NOT_HELD.

In some cases, the process that calls LogonUser must also have the SE_CHANGE_NOTIFY_NAME privilege enabled; otherwise, LogonUser fails and GetLastError returns ERROR_ACCESS_DENIED. This privilege is not required for the local system account or accounts that are members of the administrators group. By default, SE_CHANGE_NOTIFY_NAME is enabled for all users, but some administrators may disable it for everyone. For more information about privileges, see Privileges.

thnx for any help in advance!!

If somethings hard to do, its not worth doing - Homer Simpson
------------------------------------------------------------------------
A General Guide To Excel in VB FAQ222-3383
The Great Date Debate Thread222-368305
File Formats Galore @ or
 
Sort by date Sort by votes
continued in thread711-649056

If somethings hard to do, its not worth doing - Homer Simpson
------------------------------------------------------------------------
come on... get involved!
To get the best response to a question, please check out FAQ222-2244 first
A General Guide To Excel in VB FAQ222-3383
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2009luca
  • Locked
  • Question
ALWAYS on SCHTASKS ....
Replies
1
Views
26
strongm
strongm
peekay
  • Locked
  • Question
ODBC connnection call fails
Replies
12
Views
69
peekay
peekay
PPettit
  • Locked
  • Question
How to make extension form always open in same display as VS?
Replies
2
Views
19
PPettit
PPettit
dedo8816
  • Locked
  • Question
One printer is always default even when its not??
Replies
2
Views
20
dedo8816
dedo8816
AnotherJob
  • Locked
  • Question
Net.Mail fails when sending outside local network.
Replies
0
Views
9
AnotherJob
AnotherJob

Part and Inventory Search

Sponsor

Back
Top