How get current user token ?

[ragi]

How get current user token without knowledge about a password. I need it
in CreateProcessAsUser function.

[James Brown]

look in the SDK documentation for:

GetCurrentProcess
OpenProcessToken

James

--
www.catch22.net
Free win32 software, sourcecode and tutorials

"ragi" <ra...@agora.pl> wrote in message news:dh0o4f$siv$1...@inews.gazeta.pl...

[Stefan Vetsch]

hi ragi

ragi wrote:
> How get current user token without knowledge about a password. I need it
> in CreateProcessAsUser function.

have a look at the OpenProcessToken [1] api.

regards
stefan

[1]
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/openprocesstoken.asp

[ragi]

I can't do that. I wrote that I need use it in CreateProcessAsUser
function. I don't have process handle yet and my current process is
service (SYSTEM is his owner).

1. Start my service.
2. Waiting on user login.
3. I have only user name and I need run other process in user context.
4. Here I need somehow get token current user.
5. I invoke CreateProcessAsUser (here I use token).

[ragi]

I can't do that. I wrote that I need use it in CreateProcessAsUser
function. I don't have process handle yet and my current process is
service (SYSTEM is his owner).

1. Start my service.
2. Waiting on user login.
3. I have only user name and I need run other process in user context.

4. Here I need somehow get token of current user.

5. I invoke CreateProcessAsUser (here I use token).

[Stefan Vetsch]

hi ragi

how are you waiting for the user-login? are you using the winlogon
notification packages? if this is the case you should receive the
current user token in a WLX_NOTIFICATION_INFO structure.

otherwise you have to write a daemon that runs in the user's context.
this daemon receives commands from the service to execute.

msdn about winlogon notification packages:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/security/winlogon_notification_packages.asp

hope that helps
stefan

[ragi]

Now I'm checking if process winlogon.exe is active.

[James Brown]

ok....I didn't quite understand what you were asking.

to solve your problem, look at the following sourcecode
from my website:

http://www.catch22.net/source/files/CreateToken.c

It allows you to create a primary access token based just on username -
copied from the code by Gary Nebbett which was posted some time ago.
It won't work under Win2K3...

You could also try enumerating all processes searching for any process
that happens to be running as your "target" user....
EnumProcesses
OpenProcess
OpenProcessToken
GetTokenInformation (specifying TokenUser) to get the user's SID from
process token
create a SID based on username that you require

then check that the two SIDs match with EqualSid API

If they match, then you have the correct token (obtained with
OpenProcessToken)
and you can use this in CreateProcessAsUser. This will only work if there is
a user
logged on / already running a process under his/her credentials.

Other than that, you must do as Stefan suggests.

James

--
www.catch22.net
Free win32 software, sourcecode and tutorials

"ragi" <ra...@agora.pl> wrote in message news:dh0til$r5q$2...@inews.gazeta.pl...

[ragi]

Receiving the current user token in a WLX_NOTIFICATION_INFO structure
sounds good. But if I understood I should create dll which will get
events from winlogon. And this dll should be added to registry
(somwhere) earlier...

I'd like to do that in service without any complication. Can I get such
events in my service directly ?

[ragi]

First, I can't do sth what won't working in the future.
Second way need knowledge about one process which is in user context.
Unfotunately I don't know any process which is runnning always after
user login and with his rights.

Second thread is about getting events from winlogon process. But to do
that I need too much unnecessery work to do (extra dll, changes in
registry for winlogon, etc.)

I need simplier solve of this problem.

[Sten Westerback (MVP SDK)]

"Stefan Vetsch" <stve...@freesurf.ch> wrote in message
news:dh0vk5$mr5$1...@news.hispeed.ch...

He could also get access to it the proper way... by impersonation
via for instance a Named Pipe from a client that start when user
logs on.

- Sten

[James Brown]

The user's shell will always be running...i.e. explorer.exe

James

--
www.catch22.net
Free win32 software, sourcecode and tutorials

"ragi" <ra...@agora.pl> wrote in message news:dh14ji$2cn$1...@inews.gazeta.pl...

[Tim Kannel]

In article <dh144v$6g$1...@inews.gazeta.pl>, ra...@agora.pl says...

> I'd like to do that in service without any complication. Can I get such
> events in my service directly ?

There are several ways to find out about session/login changes from within
a service:

1) SERVICE_CONTROL_SESSIONCHANGE notifications sent to the service handler
registered with RegisterServiceCtrlHandlerEx

2) console signals (SetConsoleCtrlHandler). Logoff notications only
though, so not helpful for this situation.

3) Terminal services API (functions that start with "WTS").
In particular, there's the WTSRegisterSessionNotification() function.

Note that, for a service running under the Local System account, the
WTSQueryUserToken() function can be used to get a user token.

Keep in mind though that there may be multiple user sessions,
so there is not necessarily a single "current user".
WTSGetActiveConsoleSessionId() can be used to get the session id
for the user that is logged in locally (for whichever session is
currently active in the case of the Fast User Switching functionality).

--
Tim Kannel

TCAP - Captures console I/O to a file (DOS,Win9x)
http://www.simtel.net/pub/pd/11141.shtml