|
|
|
date: Tue, 19 Aug 2008 06:07:10 -0700 (PDT),
group: microsoft.public.platformsdk.security
back
LogonUser failed with ERROR_PRIVILEGE_NOT_HELD in winnt machines
Hi,
I have been trying to create a process with different user credentials
in Windows NT machine using LogonUser and CreateProcessAsUser Win32
API function calls.
While calling the function LogonUser, it fails with the error
ERROR_PRIVILEGE_NOT_HELD 1314 or A required privilege is not held by
the client.
I have set the following privileges
SeTcbPrivilege
SeTakeOwnershipPrivilege
SeChangeNotifyPrivilege
SeIncreaseQuotaPrivilege
SeAssignPrimaryTokenPrivilege
SeCreateTokenPrivilege
to the calling process
I have given the code snippet here
DWORD dwSize;
HANDLE hToken;
LPVOID lpvEnv;
PROCESS_INFORMATION pi = {0};
STARTUPINFO si = {0};
WCHAR szUserProfile[1024] = L"";
RunAs runAs;
ZeroMemory(&pi, sizeof(pi));
ZeroMemory(&si, sizeof(si));
si.cb = sizeof(STARTUPINFO);
//CAccessToken cAccessToken;
//cAccessToken.EnablePrivilege(
this->LogMessage("Started opening the process token.");
// Getting the token of the current process
if( OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES |
TOKEN_QUERY, &hToken) )
{
LUID_AND_ATTRIBUTES la, la1, la2;
LUID_AND_ATTRIBUTES la3, la4, la5;
this->LogMessage("OpenProcessToken Succeded");
ZeroMemory(&la, sizeof(la));
ZeroMemory(&la1, sizeof(la1));
ZeroMemory(&la2, sizeof(la2));
ZeroMemory(&la3, sizeof(la3));
ZeroMemory(&la4, sizeof(la4));
ZeroMemory(&la5, sizeof(la5));
// Looking up the Act as operating system privilege for the current
process
if( LookupPrivilegeValue(NULL, L"SeTakeOwnershipPrivilege",
&la.Luid) )
{
this->LogMessage("LookupPrivilegeValue SeTakeOwnershipPrivilege
Succeded");
la.Attributes = SE_PRIVILEGE_ENABLED;
}
else
{
string errorMsg = DisplayError(L"LookupPrivilegeValue
SeTakeOwnershipPrivilege Failed");
CloseHandle(hToken);
this->LogMessage(errorMsg);
return false;
}
if( LookupPrivilegeValue(NULL, L"SeTcbPrivilege", &la1.Luid) )
{
this->LogMessage("LookupPrivilegeValue SeTcbPrivilege Succeded");
la1.Attributes = SE_PRIVILEGE_ENABLED;
}
else
{
string errorMsg = DisplayError(L"LookupPrivilegeValue
SeTcbPrivilege Failed");
CloseHandle(hToken);
this->LogMessage(errorMsg);
return false;
}
if( LookupPrivilegeValue(NULL, L"SeChangeNotifyPrivilege",
&la2.Luid) )
{
this->LogMessage("LookupPrivilegeValue SeChangeNotifyPrivilege
Succeded");
la2.Attributes = SE_PRIVILEGE_ENABLED;
}
else
{
string errorMsg = DisplayError(L"LookupPrivilegeValue
SeChangeNotifyPrivilege Failed");
CloseHandle(hToken);
this->LogMessage(errorMsg);
return false;
}
if( LookupPrivilegeValue(NULL, L"SeIncreaseQuotaPrivilege",
&la3.Luid) )
{
this->LogMessage("LookupPrivilegeValue SeIncreaseQuotaPrivilege
Succeded");
la3.Attributes = SE_PRIVILEGE_ENABLED;
}
else
{
string errorMsg = DisplayError(L"LookupPrivilegeValue
SeIncreaseQuotaPrivilege Failed");
CloseHandle(hToken);
this->LogMessage(errorMsg);
return false;
}
if( LookupPrivilegeValue(NULL, L"SeAssignPrimaryTokenPrivilege",
&la4.Luid) )
{
this->LogMessage("LookupPrivilegeValue
SeAssignPrimaryTokenPrivilege Succeded");
la4.Attributes = SE_PRIVILEGE_ENABLED;
}
else
{
string errorMsg = DisplayError(L"LookupPrivilegeValue
SeAssignPrimaryTokenPrivilege Failed");
CloseHandle(hToken);
this->LogMessage(errorMsg);
return false;
}
if( LookupPrivilegeValue(NULL, L"SeCreateTokenPrivilege",
&la5.Luid) )
{
this->LogMessage("LookupPrivilegeValue SeCreateTokenPrivilege
Succeded");
la5.Attributes = SE_PRIVILEGE_ENABLED;
}
else
{
string errorMsg = DisplayError(L"LookupPrivilegeValue
SeCreateTokenPrivilege Failed");
CloseHandle(hToken);
this->LogMessage(errorMsg);
return false;
}
DWORD privilegeSize = 1;
TOKEN_PRIVILEGES tp, tp1, tp2, tp3, tp4, tp5;
tp.PrivilegeCount = privilegeSize;
tp.Privileges[0].Attributes = la.Attributes;
tp.Privileges[0].Luid = la.Luid;
if(!AdjustTokenPrivileges(hToken, FALSE, &tp,
sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES)NULL, NULL))
{
string errorMsg = DisplayError(L"AdjustTokenPrivileges SE_TCB_NAME
Failed");
this->LogMessage(errorMsg);
CloseHandle(hToken);
return false;
}
tp1.PrivilegeCount = privilegeSize;
tp1.Privileges[0].Attributes = la1.Attributes;
tp1.Privileges[0].Luid = la1.Luid;
if(!AdjustTokenPrivileges(hToken, FALSE, &tp1,
sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES)NULL, NULL))
{
string errorMsg = DisplayError(L"AdjustTokenPrivileges SE_TCB_NAME
Failed");
this->LogMessage(errorMsg);
CloseHandle(hToken);
return false;
}
tp2.PrivilegeCount = privilegeSize;
tp2.Privileges[0].Attributes = la2.Attributes;
tp2.Privileges[0].Luid = la2.Luid;
if(!AdjustTokenPrivileges(hToken, FALSE, &tp2,
sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES)NULL, NULL))
{
string errorMsg = DisplayError(L"AdjustTokenPrivileges SE_TCB_NAME
Failed");
this->LogMessage(errorMsg);
CloseHandle(hToken);
return false;
}
tp3.PrivilegeCount = privilegeSize;
tp3.Privileges[0].Attributes = la3.Attributes;
tp3.Privileges[0].Luid = la3.Luid;
if(!AdjustTokenPrivileges(hToken, FALSE, &tp3,
sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES)NULL, NULL))
{
string errorMsg = DisplayError(L"AdjustTokenPrivileges SE_TCB_NAME
Failed");
this->LogMessage(errorMsg);
CloseHandle(hToken);
return false;
}
tp4.PrivilegeCount = privilegeSize;
tp4.Privileges[0].Attributes = la4.Attributes;
tp4.Privileges[0].Luid = la4.Luid;
if(!AdjustTokenPrivileges(hToken, FALSE, &tp4,
sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES)NULL, NULL))
{
string errorMsg = DisplayError(L"AdjustTokenPrivileges SE_TCB_NAME
Failed");
this->LogMessage(errorMsg);
CloseHandle(hToken);
return false;
}
tp5.PrivilegeCount = privilegeSize;
tp5.Privileges[0].Attributes = la5.Attributes;
tp5.Privileges[0].Luid = la5.Luid;
//Adjusting the privileges for the current process
if(!AdjustTokenPrivileges(hToken, FALSE, &tp5,
sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES)NULL, NULL))
{
string errorMsg = DisplayError(L"AdjustTokenPrivileges SE_TCB_NAME
Failed");
this->LogMessage(errorMsg);
CloseHandle(hToken);
return false;
}
}
else
{
string errorMsg = DisplayError(L"OpenProcessToken Failed");
this->LogMessage(errorMsg);
CloseHandle(hToken);
return false;
}
if( !LogonUser(wUserName, wDomainName, wpassword,
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &hToken) )
{
string errorMsg = DisplayError(L"LogonUser Failed");
this->LogMessage(errorMsg);
CloseHandle(hToken);
return false;
}
Now this logonuser fails with the error 1314.
Any suggestions........
Thanks
date: Tue, 19 Aug 2008 06:07:10 -0700 (PDT)
author: tsgd84
Re: LogonUser failed with ERROR_PRIVILEGE_NOT_HELD in winnt machines
Try "Act as Part of Operating System" privilege.
CAC
On Aug 19, 2:07 pm, tsgd84 wrote:
> Hi,
>
> I have been trying to create a process with different user credentials
> in Windows NT machine using LogonUser and CreateProcessAsUser Win32
> API function calls.
> While calling the function LogonUser, it fails with the error
> ERROR_PRIVILEGE_NOT_HELD 1314 or A required privilege is not held by
> the client.
>
> I have set the following privileges
>
> SeTcbPrivilege
> SeTakeOwnershipPrivilege
> SeChangeNotifyPrivilege
> SeIncreaseQuotaPrivilege
> SeAssignPrimaryTokenPrivilege
> SeCreateTokenPrivilege
>
> to the calling process
>
> I have given the code snippet here
>
> DWORD dwSize;
> HANDLE hToken;
> LPVOID lpvEnv;
> PROCESS_INFORMATION pi = {0};
> STARTUPINFO si = {0};
> WCHAR szUserProfile[1024] = L"";
>
> RunAs runAs;
>
> ZeroMemory(&pi, sizeof(pi));
> ZeroMemory(&si, sizeof(si));
> si.cb = sizeof(STARTUPINFO);
>
> //CAccessToken cAccessToken;
> //cAccessToken.EnablePrivilege(
> this->LogMessage("Started opening the process token.");
>
> // Getting the token of the current process
> if( OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES |
> TOKEN_QUERY, &hToken) )
> {
> LUID_AND_ATTRIBUTES la, la1, la2;
> LUID_AND_ATTRIBUTES la3, la4, la5;
>
> this->LogMessage("OpenProcessToken Succeded");
>
> ZeroMemory(&la, sizeof(la));
> ZeroMemory(&la1, sizeof(la1));
> ZeroMemory(&la2, sizeof(la2));
> ZeroMemory(&la3, sizeof(la3));
> ZeroMemory(&la4, sizeof(la4));
> ZeroMemory(&la5, sizeof(la5));
>
> // Looking up the Act as operating system privilege for the current
> process
> if( LookupPrivilegeValue(NULL, L"SeTakeOwnershipPrivilege",
> &la.Luid) )
> {
> this->LogMessage("LookupPrivilegeValue SeTakeOwnershipPrivilege
> Succeded");
> la.Attributes = SE_PRIVILEGE_ENABLED;
> }
> else
> {
> string errorMsg = DisplayError(L"LookupPrivilegeValue
> SeTakeOwnershipPrivilege Failed");
> CloseHandle(hToken);
> this->LogMessage(errorMsg> return false;
> }
> if( LookupPrivilegeValue(NULL, L"SeTcbPrivilege", &la1.Luid) )
> {
> this->LogMessage("LookupPrivilegeValue SeTcbPrivilege Succeded");
> la1.Attributes = SE_PRIVILEGE_ENABLED;
> }
> else
> {
> string errorMsg = DisplayError(L"LookupPrivilegeValue
> SeTcbPrivilege Failed");
> CloseHandle(hToken);
> this->LogMessage(errorMsg> return false;
> }
> if( LookupPrivilegeValue(NULL, L"SeChangeNotifyPrivilege",
> &la2.Luid) )
> {
> this->LogMessage("LookupPrivilegeValue SeChangeNotifyPrivilege
> Succeded");
> la2.Attributes = SE_PRIVILEGE_ENABLED;
> }
> else
> {
> string errorMsg = DisplayError(L"LookupPrivilegeValue
> SeChangeNotifyPrivilege Failed");
> CloseHandle(hToken);
> this->LogMessage(errorMsg> return false;
> }
>
> if( LookupPrivilegeValue(NULL, L"SeIncreaseQuotaPrivilege",
> &la3.Luid) )
> {
> this->LogMessage("LookupPrivilegeValue SeIncreaseQuotaPrivilege
> Succeded");
> la3.Attributes = SE_PRIVILEGE_ENABLED;
> }
> else
> {
> string errorMsg = DisplayError(L"LookupPrivilegeValue
> SeIncreaseQuotaPrivilege Failed");
> CloseHandle(hToken);
> this->LogMessage(errorMsg> return false;
> }
> if( LookupPrivilegeValue(NULL, L"SeAssignPrimaryTokenPrivilege",
> &la4.Luid) )
> {
> this->LogMessage("LookupPrivilegeValue
> SeAssignPrimaryTokenPrivilege Succeded");
> la4.Attributes = SE_PRIVILEGE_ENABLED;
> }
> else
> {
> string errorMsg = DisplayError(L"LookupPrivilegeValue
> SeAssignPrimaryTokenPrivilege Failed");
> CloseHandle(hToken);
> this->LogMessage(errorMsg> return false;
> }
>
> if( LookupPrivilegeValue(NULL, L"SeCreateTokenPrivilege",
> &la5.Luid) )
> {
> this->LogMessage("LookupPrivilegeValue SeCreateTokenPrivilege
> Succeded");
> la5.Attributes = SE_PRIVILEGE_ENABLED;
> }
> else
> {
> string errorMsg = DisplayError(L"LookupPrivilegeValue
> SeCreateTokenPrivilege Failed");
> CloseHandle(hToken);
> this->LogMessage(errorMsg> return false;
> }
>
> DWORD privilegeSize = 1;
> TOKEN_PRIVILEGES tp, tp1, tp2, tp3, tp4, tp5;
>
> tp.PrivilegeCount = privilegeSize;
> tp.Privileges[0].Attributes = la.Attributes;
> tp.Privileges[0].Luid = la.Luid;
> if(!AdjustTokenPrivileges(hToken, FALSE, &tp,
> sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES)NULL, NULL))
> {
> string errorMsg = DisplayError(L"AdjustTokenPrivileges SE_TCB_NAME
> Failed");
> this->LogMessage(errorMsg> CloseHandle(hToken);
> return false;
> }
>
> tp1.PrivilegeCount = privilegeSize;
> tp1.Privileges[0].Attributes = la1.Attributes;
> tp1.Privileges[0].Luid = la1.Luid;
> if(!AdjustTokenPrivileges(hToken, FALSE, &tp1,
> sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES)NULL, NULL))
> {
> string errorMsg = DisplayError(L"AdjustTokenPrivileges SE_TCB_NAME
> Failed");
> this->LogMessage(errorMsg> CloseHandle(hToken);
> return false;
> }
>
> tp2.PrivilegeCount = privilegeSize;
> tp2.Privileges[0].Attributes = la2.Attributes;
> tp2.Privileges[0].Luid = la2.Luid;
> if(!AdjustTokenPrivileges(hToken, FALSE, &tp2,
> sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES)NULL, NULL))
> {
> string errorMsg = DisplayError(L"AdjustTokenPrivileges SE_TCB_NAME
> Failed");
> this->LogMessage(errorMsg> CloseHandle(hToken);
> return false;
> }
> tp3.PrivilegeCount = privilegeSize;
> tp3.Privileges[0].Attributes = la3.Attributes;
> tp3.Privileges[0].Luid = la3.Luid;
> if(!AdjustTokenPrivileges(hToken, FALSE, &tp3,
> sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES)NULL, NULL))
> {
> string errorMsg = DisplayError(L"AdjustTokenPrivileges SE_TCB_NAME
> Failed");
> this->LogMessage(errorMsg> CloseHandle(hToken);
> return false;
> }
> tp4.PrivilegeCount = privilegeSize;
> tp4.Privileges[0].Attributes = la4.Attributes;
> tp4.Privileges[0].Luid = la4.Luid;
> if(!AdjustTokenPrivileges(hToken, FALSE, &tp4,
> sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES)NULL, NULL))
> {
> string errorMsg = DisplayError(L"AdjustTokenPrivileges SE_TCB_NAME
> Failed");
> this->LogMessage(errorMsg> CloseHandle(hToken);
> return false;
> }
> tp5.PrivilegeCount = privilegeSize;
> tp5.Privileges[0].Attributes = la5.Attributes;
> tp5.Privileges[0].Luid = la5.Luid;
>
> //Adjusting the privileges for the current process
> if(!AdjustTokenPrivileges(hToken, FALSE, &tp5,
> sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES)NULL, NULL))
> {
> string errorMsg = DisplayError(L"AdjustTokenPrivileges SE_TCB_NAME
> Failed");
> this->LogMessage(errorMsg> CloseHandle(hToken);
> return false;
> }
> }
> else
> {
> string errorMsg = DisplayError(L"OpenProcessToken Failed");
> this->LogMessage(errorMsg);
> CloseHandle(hToken);
> return false;
> }
>
> if( !LogonUser(wUserName, wDomainName, wpassword,
> LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &hToken) )
> {
> string errorMsg = DisplayError(L"LogonUser Failed");
> this->LogMessage(errorMsg);
> CloseHandle(hToken);
> return false;
> }
>
> Now this logonuser fails with the error 1314.
>
> Any suggestions........
>
> Thanks
date: Sat, 30 Aug 2008 02:33:04 -0700 (PDT)
author: unknown
|
|
