HANDLE hLogonToken;
HANDLE hAdminToken; LogonUser(_T("Administrator"),
_T("domain111"),
_T("111"),
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
&hLogonToken ); DuplicateTokenEx( hLogonToken,
TOKEN_ALL_ACCESS,
NULL,
SecurityIdentification,
TokenPrimary,
&hAdminToken );
ImpersonateLoggedOnUser(hAdminToken);
========================================================
LogonUser调用不成功
HANDLE hAdminToken; LogonUser(_T("Administrator"),
_T("domain111"),
_T("111"),
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
&hLogonToken ); DuplicateTokenEx( hLogonToken,
TOKEN_ALL_ACCESS,
NULL,
SecurityIdentification,
TokenPrimary,
&hAdminToken );
ImpersonateLoggedOnUser(hAdminToken);
========================================================
LogonUser调用不成功
执行LogonUser后看是不是0x00000522 客户没有所需的特权
先
A required privilege is not held by the client.
这需要一个特权SE_INTERACTIVE_LOGON_NAME
一般进程是没有这个特权的
将LOGON32_LOGON_INTERACTIVE换成LOGON32_LOGON_NETWORK
升到SE_INTERACTIVE_LOGON_NAME就可以了。。
怎么升?
{
TOKEN_PRIVILEGES tpPrev;
TOKEN_PRIVILEGES tpNew;
LUID luid;
HANDLE hProcToken;
DWORD cbPrev; if (!OpenProcessToken (GetCurrentProcess (),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
&hProcToken))
{
print_msg (TEXT ("OpenProcessToken"));
return FALSE;
}; if (!LookupPrivilegeValue (NULL, privilege, &luid))
{
print_msg (TEXT ("LookupPrivilegeValue"));
return FALSE;
}; tpNew.PrivilegeCount = 1;
tpNew.Privileges [0].Luid = luid;
tpNew.Privileges [0].Attributes = 0; if (!AdjustTokenPrivileges (hProcToken, FALSE,
&tpNew, sizeof (TOKEN_PRIVILEGES),
&tpPrev, &cbPrev))
{
print_msg (TEXT ("AdjustTokenPrivileges"));
return FALSE;
};
tpPrev.PrivilegeCount = 1;
tpPrev.Privileges[0].Luid = luid; if(bEnable)
tpPrev.Privileges[0].Attributes |= (SE_PRIVILEGE_ENABLED);
else
tpPrev.Privileges[0].Attributes ^= (SE_PRIVILEGE_ENABLED & tpPrev.Privileges[0].Attributes); if (!AdjustTokenPrivileges (hProcToken, FALSE,
&tpPrev, cbPrev, NULL, NULL))
{
print_msg (TEXT ("AdjustTokenPrivileges"));
return FALSE;
} CloseHandle (hProcToken);
return TRUE;
};