Using LogonUser() - Level Extreme

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

Using LogonUser()

Message

From

24/04/2000 15:33:31

Ed Rauh
Trumbull, Connecticut, United States

24/04/2000 14:42:59

Bill Caton
MAXIMUS
Lawrenceville, Georgia, United States

General information

Forum:

Visual FoxPro

Category:

Windows API functions

Title:

Re: Using LogonUser()

Miscellaneous

Thread ID:

00362854

Message ID:

00362882

Views:

>I am trying to use the LogonUser() API function on an NT Server to programmatically verify an NT userid and password. MSDN indicates that the "Act as part of the operating system" privilege is required to call this function. I have verified that the account I am logged into the NT Server under has this privelege but GetLastError() still indicates insufficient privilege (1314). I am using the code R. Strahl posted a few weeks ago. I have tried it using a local machine login (".") and with a domain login. Anyone with experience using this function can point me in the right direction?
>

It's overwhelmingly likely that while the account may be granted the privilege, you need to set the process token set using AdjustTokenPrivilege() API call. The following is cut from the MSDN docs

Enabling and Disabling Privileges
The following example shows how to enable or disable a privilege in an access token. The example calls the LookupPrivilegeValue function to get the LUID that the local system uses to identify the privilege. Then the example calls the AdjustTokenPrivileges function, which either enables or disables the privilege that depends on the value of the bEnablePrivilege parameter.

BOOL SetPrivilege(
    HANDLE hToken,          // access token handle
    LPCTSTR lpszPrivilege,  // name of privilege to enable/disable
    BOOL bEnablePrivilege   // to enable or disable privilege
    ) 
{
TOKEN_PRIVILEGES tp;
LUID luid;

if ( !LookupPrivilegeValue( 
        NULL,            // lookup privilege on local system
        lpszPrivilege,   // privilege to lookup 
        &luid ) ) {      // receives LUID of privilege
    printf("LookupPrivilegeValue error: %u\n", GetLastError() ); 
    return FALSE; 
}

tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
if (bEnablePrivilege)
    tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
else
    tp.Privileges[0].Attributes = 0;

// Enable the privilege or disable all privileges.

AdjustTokenPrivileges(
       hToken, 
       FALSE, 
       &tp, 
       sizeof(TOKEN_PRIVILEGES), 
       (PTOKEN_PRIVILEGES) NULL, 
       (PDWORD) NULL); 
 
// Call GetLastError to determine whether the function succeeded.

if (GetLastError() != ERROR_SUCCESS) { 
      printf("AdjustTokenPrivileges failed: %u\n", GetLastError() ); 
      return FALSE; 
} 

return TRUE;
}

EMail: EdR@edrauh.com
"See, the sun is going down..."
"No, the horizon is moving up!"
- Firesign Theater

NT and Win2K FAQ .. cWashington WSH/ADSI/WMI site
MS WSH site ........... WSH FAQ Site
Wrox Press .............. Win32 Scripting Journal
eSolutions Services, LLC

The Surgeon General has determined that prolonged exposure to the Windows Script Host may be addictive to laboratory mice and codemonkeys

Map

View

Click here to load this message in the networking platform