Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

LogonUser

Status
Not open for further replies.
Strannik

Strannik

Programmer
Jul 4, 2002
132
0
0
UA
Did somebody use LogonUser WinAPI function ? I found declaration in the API text viewer as

LogonUser Lib "kernel32" Alias "LogonUserA" (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Long, ByVal dwLogonProvider As Long, phToken As Long) As Long

I changed lib name to advapi32.dll since it's actual dll where function should be importd but each its call always returns zero(error) and the same does GetLastError so I can't understand what's wrong ...

I use the following code:
iResult = LogonUser("user", "domain", "password", LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_WINNT50, hToken)

 
Sort by date Sort by votes
I had the same problem. It is known to work on Windows XP i believe, The machine that im working on is running Windows 2000 Prof and i couldnt get it to work. The dll should be advapi, but like your problem it always returned a 0 no matter what. I couldnt get it to work on my machine, I just eventually gave up and used something else for what i needed. Sorry i couldnt be of more help.
 
Upvote 0 Downvote
I think you don't have the privileges to logon!
You have to set the SE_TCB_NAME and SE_CHANGE_NOTIFY_NAME privileges under win2k. Under winxp these privileges are no longer required!
 
Upvote 0 Downvote
Jooky, I've carried out some investigation and that's what I've found:

GetLastError returns 0(success) but Err.LastDllError returns 1314(ERROR_PRIVILEGE_NOT_HELD) as it's stated in MSDN. So calling process really doesn't have privileges to invoke LogonUser function. The fact is that I run my program as domain member and at the same time local administrator so I can't imagine that I could not have some privileges ...
I got out of the trouble by using CreateProcessWithLogon function but if I need to acquire token handle I'll still have to resolve this problem ...
 
Upvote 0 Downvote
LauDse....
How do you set the SE_TCB_NAME and SE_CHANGE_NOTIFY_NAME privileges in Windows 2k?
 
Upvote 0 Downvote
These are the steps to do it:

1) Get the process handle with "GetCurrentProcess"
2) Open the current process with "OpenProcess"
3) Get an access token with "OpenProcessToken"
4) Now you can call "AdjustTokenPrivileges" to set the required privilegs

That's all, grmpf :)

I can't provide more help, because i never used it in VB!
If you can handle it in VB, please publish the code here ;)
I have no time to do it myself.

Good luck
LauDse

P.S.: My english isn't perfect, sorry.
 
Upvote 0 Downvote
LauDse, I've done everything you advised(except changing GetCurrentProcess->GetCurrentProcessID), but again it doesn't work ... all WinAPI calls return success but LogonUser fails with code ERROR_PRIVILEGE_NOT_HELD.Any ideas ?
Here's the code:

Private Declare Function LogonUser Lib "advapi32.dll" Alias "LogonUserW" (ByVal _
lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, _
ByVal dwLogonType As Long, ByVal dwLogonProvider As Long, phToken As Long) As Long

Private Declare Function GetCurrentProcessId Lib "kernel32" () As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess _
As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As _
Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Private Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As _
Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal _
BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long
Private Declare Function LookupPrivilegeValue Lib "advapi32.dll" Alias _
"LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, _
lpLuid As LUID) As Long

Private Type LUID
LowPart As Long
HighPart As Long
End Type

Private Type LUID_AND_ATTRIBUTES
pLuid As LUID
Attributes As Long
End Type
Private Const ANYSIZE_ARRAY = 1

Private Type TOKEN_PRIVILEGES
PrivilegeCount As Long
Privileges(ANYSIZE_ARRAY - 1) As LUID_AND_ATTRIBUTES
End Type

Private Const PROCESS_ALL_ACCESS As Long = &HF0000 Or &H100000 Or &HFFF
Private Const TOKEN_ADJUST_PRIVILEGES As Long = &H20
Private Const TOKEN_QUERY As Long = &H8
Private Const SE_PRIVILEGE_ENABLED As Long = 2
Private Const SE_TCB_NAME As String = "SeTcbPrivilege"
Private Const LOGON32_LOGON_NETWORK = 3

Function LogonUserAs
Dim wUser As String
Dim wDomain As String
Dim wPassword As String
Dim lProcessID As Long
Dim lProcessHandle As Long
Dim hToken As Long
Dim udtPrivileges As TOKEN_PRIVILEGES
Dim udtPrevPrivileges As TOKEN_PRIVILEGES
Dim lSize As Long

lProcessID = GetCurrentProcessId

lProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, 1, lProcessID)

If lProcessHandle = 0 Then
MsgBox "OpenProcess function has failed with error code=" & Err.LastDllError
Exit Sub
End If

If OpenProcessToken(lProcessHandle, TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, hToken) = 0 Then
MsgBox "OpenProcessToken function has failed with error code=" & Err.LastDllError
Exit Sub
End If
'obtain privilege value
If LookupPrivilegeValue(vbNullString, SE_TCB_NAME, udtPrivileges.Privileges(0).pLuid) = 0 Then
MsgBox "LookupPrivilegeValue function has failed with error code=" & Err.LastDllError
End If

'set needed attributes
udtPrivileges.PrivilegeCount = 1
udtPrivileges.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED
If AdjustTokenPrivileges(hToken, 0, udtPrivileges, 4, udtPrevPrivileges, lSize) = 0 Then
MsgBox "AdjustTokenPrivileges function has failed with error code=" & Err.LastDllError
Exit Sub
End If

wUser = StrConv("user" + Chr$(0), vbUnicode)
wDomain = StrConv("domain" + Chr$(0), vbUnicode)
wPassword = StrConv("password" + Chr$(0), vbUnicode)

If LogonUser(wUser, wDomain, wPassword, LOGON32_LOGON_NETWORK, _
LOGON32_PROVIDER_WINNT50, hToken) = 0 Then
MsgBox "LogonUser function has failed with error code=" & Err.LastDllError
End If

End Function

P.S. What about the following implementation in Win2k ??:)
int LogonUser(...)
{
return ERROR_PRIVILEGE_NOT_HELD;
}
 
Upvote 0 Downvote
Sorry, I din't any declaration for LOGON32_LOGON_NETWORK_CLEARTEXT. Besides, MSDN states that LogonType parameter can be one of the values, not combination. And chiefly, I've read that even local administrators haven't privilege SE_TCB_NAME, only system account ...
 
Upvote 0 Downvote
I tried it out last night as well, going along with LauDse idea. It did not work. I coming under the impression that it might not be possible to do in win 2k. If anyone has any other ideas please post.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tyreejp
  • Locked
  • Question
Impersonate User Account (LogonUser API)
Replies
0
Views
7
tyreejp
tyreejp
saadabc
  • Locked
  • Question
LogonUser failing in Impersonation
Replies
1
Views
28
saadabc
saadabc
ADoozer
  • Locked
  • Question
logonuser always fails!
Replies
1
Views
12
ADoozer
ADoozer
jasontektips
  • Locked
  • Question
Using LogonUser of ADVAPI32.dll
Replies
2
Views
45
strongm
strongm
agarwalmk
  • Locked
  • Question
LogonUser
Replies
0
Views
16
agarwalmk
agarwalmk

Part and Inventory Search

Sponsor

Back
Top