Hello,
I want to do something similar but I have problems with CreateProcessAsUser
function. It always returns me 1314 error code (A required privilege is not
held by the client).
What I really want to is give more privileges to current process. I'll
explain. I'm developing a service setup and it needs to call net start and
other things. It should be able to install the service under no
administrator users, so I use, first of all, LogonUser and
ImpersonateLoggedOnUser to convert current process to privileged process.
This part goes well and let me extract files in Program Files folder and
write on LocalMachine registry entry.
I tried to use ShellExecute to call "net start service_name" but it didn't
go well. I read that impersonate token is not inherit by new processes, so
ShellExecute took unprivileged token on its creation.
I think that the solution is CreateProcessAsUser to call "net start
service_name" but when I execute it, the result is 1314 error code (A
required privilege is not held by the client), as I said.
I'm very glad if anyone can help me.
This is the part of code that I use to do everything:
bool ActionsUserAuth(bool bControlActived)
{
bool bUserAuth = false;
TCHAR szUsername[MAXSTRINGLEN];
TCHAR szDomain[MAXSTRINGLEN];
TCHAR szPassword[MAXSTRINGLEN];
HANDLE hToken;
HANDLE hAdminUser;
//bool bExit = false;
//int iTry = 0;
ClsTokenPrivileges TokenInfo;
bExit = false;
bControlActived = true;
if (bControlActived)
{
bUserAuth = (IsCurrentUserLocalAdministrator() == TRUE);
bUserAuth = false;
if ((bUserAuth) && (bDebugMode))
Log(TEXT("ActionsUserAuth: administrator privileges"));
else
Log(TEXT("ActionsUserAuth: non administrator privileges"));
memset(szUsername, 0, sizeof(szUsername));
memset(szDomain, 0, sizeof(szDomain));
memset(szPassword, 0, sizeof(szPassword));
//while ((!bUserAuth) && (iTry < 3))
//{
if (!DlgUserAuth(szUsername, szDomain, szPassword))
{
bExit = true;
if (bDebugMode) Log(TEXT("ActionsUserAuth: User authentication dialog
failed"));
return false;
}
if (!RevertToSelf())
{
if (bDebugMode) Log(TEXT("ActionsUserAuth: Revert To Self"));
return false;
}
// Get the current process token handle...
if( !OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES |
TOKEN_QUERY, &hToken ))
return false;
if (!SetPrivilege(hToken, SE_TCB_NAME, true))
return false;
if (LogonUser(szUsername, szDomain, szPassword, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, &hAdminUser))
bUserAuth = true;
else
bUserAuth = false;
/*
if (!bUserAuth)
{
if (!bSilentMode)
{
MessageBox(NULL, Diccionary->Get(TEXT("IDS_USERAUTH_ERROR")),
Diccionary->Get(TEXT("IDS_GEN_CAPTIONERROR")), MB_OK);
}
}
else*/
if (bUserAuth)
{
if (!ImpersonateLoggedOnUser(hAdminUser))
MessageBox(NULL, TEXT("Inpersonate Error"), TEXT(""), MB_OK);
/////////////////////////////////////////////////
if (DuplicateTokenEx(hAdminUser, MAXIMUM_ALLOWED, 0, SecurityImpersonation,
TokenPrimary, &hAdminPriv) == 0)
MessageBox(NULL, TEXT("duplicate token Error"), TEXT(""), MB_OK);
if (!SetPrivilege(hAdminPriv, SE_ASSIGNPRIMARYTOKEN_NAME, true))
{
MessageBox(NULL, TEXT("SetPrivilege Error"), TEXT(""), MB_OK);
return false;
}
if (!SetPrivilege(hAdminPriv, SE_INCREASE_QUOTA_NAME, true))
{
MessageBox(NULL, TEXT("SetPrivilege Error"), TEXT(""), MB_OK);
return false;
}
TCHAR szRes[MAXSTRINGLEN];
STARTUPINFO si;
PROCESS_INFORMATION pi;
ZeroMemory( &si, sizeof(si) );
si.cb = sizeof(si);
ZeroMemory( &pi, sizeof(pi) );
//my_strcpy(szRes, TEXT("C:\\Archivos de programa\\Inquiero Installable
ISD\\prova.exe"));
my_strcpy(szRes, TEXT("\"C:\\Documents and
Settings\\prova\\Escritorio\\prova.exe\""));
TokenInfo.DisplayInformation(TEXT("C:\\token.info"));
if (!CreateProcessAsUser(hAdminPriv, NULL, szRes, NULL, NULL, TRUE,
IDLE_PRIORITY_CLASS, NULL, NULL, &si, &pi))
{
TCHAR szError[MAXSTRINGLEN];
wsprintf(szError, TEXT("%d"), GetLastError());
MessageBox(NULL, szError, TEXT(""), MB_OK);
}
/////////////////////////////////////////////////
CloseHandle(hAdminUser);
}
// iTry++;
//}
if (!bUserAuth) return false;
}
return true;
}