Sonic..
2008-09-08 09:49:27 UTC
Hello,
I am trying to access a network file and edit that file using
impersonation from an local service.
i use the pid of explorer.exe and obtains it's handle to pass to
OpenProcessToken.
Then i use the token obtained, to pass to ImpersonateLoggedOnUser().
Once impersonated i use CreateFile to open an existting network file.
The call fails with error Logon Failure: unknown username or
password.
This is happening only in Vista. In 2000, XP and 2003 the code is
working fine.
Below is the code that i've used. Please tell me why is the above
happening in Vista
DWORD ImpersonateClientX()
{
HANDLE hClient = NULL;
HANDLE hToken = NULL;
LUID LookupUID;
DWORD dwRet = 0;
BOOL bReturn;
DWORD dwProcId = GetExplorerProcessId();
hClient = OpenProcess(PROCESS_ALL_ACCESS, TRUE, dwProcId);
if (hClient == NULL || hClient == INVALID_HANDLE_VALUE)
{
dwRet = GetLastError();
goto Exit;
}
//if (!OpenProcessToken(hClient, TOKEN_ALL_ACCESS, &hToken))
if (!OpenProcessToken(hClient,
TOKEN_ALL_ACCESS,
&hToken))
{
dwRet = GetLastError();
goto Exit;
}
// Look If The Process Has The "SeLoadDriverPrivilege" Privilege
bReturn = LookupPrivilegeValue(NULL, "SeTcbPrivilege", &LookupUID);
if (bReturn == FALSE)
{
dwRet = GetLastError();
goto Exit;
}
LUID_AND_ATTRIBUTES NewPrivileges;
TOKEN_PRIVILEGES TokPrivileges;
NewPrivileges.Attributes = SE_PRIVILEGE_ENABLED;
NewPrivileges.Luid = LookupUID;
TokPrivileges.PrivilegeCount = 1;
TokPrivileges.Privileges[0] = NewPrivileges;
// Set The Process Token The Privileges We Require
bReturn = AdjustTokenPrivileges(hToken,
FALSE,
&TokPrivileges,
0,
NULL,
NULL);
if (bReturn == FALSE)
{
dwRet = GetLastError();
goto Exit;
}
if (!ImpersonateLoggedOnUser(hToken))
{
dwRet = GetLastError();
}
HANDLE fileHandle = CreateFile(szFileName, GENERIC_READ |
GENERIC_WRITE,
FILE_SHARE_READ|FILE_SHARE_WRITE, NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL, 0);
Exit:
if (hClient)
{
CloseHandle(hClient);
hClient = NULL;
}
if (hToken)
{
CloseHandle(hToken);
hToken = NULL;
}
return dwRet;
}
I am trying to access a network file and edit that file using
impersonation from an local service.
i use the pid of explorer.exe and obtains it's handle to pass to
OpenProcessToken.
Then i use the token obtained, to pass to ImpersonateLoggedOnUser().
Once impersonated i use CreateFile to open an existting network file.
The call fails with error Logon Failure: unknown username or
password.
This is happening only in Vista. In 2000, XP and 2003 the code is
working fine.
Below is the code that i've used. Please tell me why is the above
happening in Vista
DWORD ImpersonateClientX()
{
HANDLE hClient = NULL;
HANDLE hToken = NULL;
LUID LookupUID;
DWORD dwRet = 0;
BOOL bReturn;
DWORD dwProcId = GetExplorerProcessId();
hClient = OpenProcess(PROCESS_ALL_ACCESS, TRUE, dwProcId);
if (hClient == NULL || hClient == INVALID_HANDLE_VALUE)
{
dwRet = GetLastError();
goto Exit;
}
//if (!OpenProcessToken(hClient, TOKEN_ALL_ACCESS, &hToken))
if (!OpenProcessToken(hClient,
TOKEN_ALL_ACCESS,
&hToken))
{
dwRet = GetLastError();
goto Exit;
}
// Look If The Process Has The "SeLoadDriverPrivilege" Privilege
bReturn = LookupPrivilegeValue(NULL, "SeTcbPrivilege", &LookupUID);
if (bReturn == FALSE)
{
dwRet = GetLastError();
goto Exit;
}
LUID_AND_ATTRIBUTES NewPrivileges;
TOKEN_PRIVILEGES TokPrivileges;
NewPrivileges.Attributes = SE_PRIVILEGE_ENABLED;
NewPrivileges.Luid = LookupUID;
TokPrivileges.PrivilegeCount = 1;
TokPrivileges.Privileges[0] = NewPrivileges;
// Set The Process Token The Privileges We Require
bReturn = AdjustTokenPrivileges(hToken,
FALSE,
&TokPrivileges,
0,
NULL,
NULL);
if (bReturn == FALSE)
{
dwRet = GetLastError();
goto Exit;
}
if (!ImpersonateLoggedOnUser(hToken))
{
dwRet = GetLastError();
}
HANDLE fileHandle = CreateFile(szFileName, GENERIC_READ |
GENERIC_WRITE,
FILE_SHARE_READ|FILE_SHARE_WRITE, NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL, 0);
Exit:
if (hClient)
{
CloseHandle(hClient);
hClient = NULL;
}
if (hToken)
{
CloseHandle(hToken);
hToken = NULL;
}
return dwRet;
}