Index: /trunk/src/VBox/Runtime/Makefile.kmk =================================================================== --- /trunk/src/VBox/Runtime/Makefile.kmk (revision 27472) +++ /trunk/src/VBox/Runtime/Makefile.kmk (revision 27473) @@ -1022,5 +1022,6 @@ VBoxRT_LIBS.win = \ $(PATH_SDK_W2K3DDK_LIB)/vccomsup.lib \ - $(PATH_SDK_W2K3DDK_LIB)/wbemuuid.lib + $(PATH_SDK_W2K3DDK_LIB)/wbemuuid.lib \ + $(PATH_SDK_W2K3DDK_LIB)/Userenv.lib VBoxRT_LDFLAGS.darwin = -framework IOKit -framework CoreFoundation -install_name $(VBOX_DYLD_EXECUTABLE_PATH)/VBoxRT.dylib ifdef VBOX_USE_VCC80 Index: /trunk/src/VBox/Runtime/r3/win/process-win.cpp =================================================================== --- /trunk/src/VBox/Runtime/r3/win/process-win.cpp (revision 27472) +++ /trunk/src/VBox/Runtime/r3/win/process-win.cpp (revision 27473) @@ -35,4 +35,5 @@ #define LOG_GROUP RTLOGGROUP_PROCESS +#include #include #include @@ -47,4 +48,5 @@ #include #include +#include #include #include @@ -80,4 +82,18 @@ ProcessWow64Information = 26 } PROCESSINFOCLASS; + +typedef WINADVAPI BOOL WINAPI CREATEPROCESSWITHLOGON(LPCWSTR, + LPCWSTR, + LPCWSTR, + DWORD, + LPCWSTR, + LPWSTR, + DWORD, + LPVOID, + LPCWSTR, + LPSTARTUPINFOW, + LPPROCESS_INFORMATION); + +typedef CREATEPROCESSWITHLOGON *PCREATEPROCESSWITHLOGON; extern "C" LONG WINAPI @@ -194,4 +210,8 @@ StartupInfo.cb = sizeof(StartupInfo); StartupInfo.dwFlags = STARTF_USESTDHANDLES; + /* Use WTSEnumerateSessions() for getting a list of sessions (WTS_SESSION_INFO array), + * get wanted user with WTSQuerySessionInformation() and get session ID token with + * WTSQueryUserToken() to use with CreateProcessAsUser(). */ + StartupInfo.lpDesktop = L"Winsta0\\Default"; #if 1 /* The CRT should keep the standard handles up to date. */ StartupInfo.hStdInput = GetStdHandle(STD_INPUT_HANDLE); @@ -302,44 +322,81 @@ if (fRc) { - fRc = CreateProcessAsUserW(hToken, - pwszExec, - pwszCmdLine, - NULL, /* pProcessAttributes */ - NULL, /* pThreadAttributes */ - TRUE, /* fInheritHandles */ - CREATE_UNICODE_ENVIRONMENT, /* dwCreationFlags */ - pwszzBlock, - NULL, /* pCurrentDirectory */ - &StartupInfo, - &ProcInfo); - if (!fRc) + PROFILEINFOW profileInfo; + RT_ZERO(profileInfo); + profileInfo.dwSize = sizeof(PROFILEINFOW); + profileInfo.lpUserName = pwszUser; + fRc = LoadUserProfileW(hToken, &profileInfo); + if (fRc) { -/* CreateProcessWithLogonW is not available on NT4 ... so enabling the following code -* would blow up compatibility but is a legitim fallback if the above method isn't working. */ + fRc = CreateProcessAsUserW(hToken, + pwszExec, + pwszCmdLine, + NULL, /* pProcessAttributes */ + NULL, /* pThreadAttributes */ + TRUE, /* fInheritHandles */ + CREATE_UNICODE_ENVIRONMENT, /* dwCreationFlags */ + pwszzBlock, + NULL, /* pCurrentDirectory */ + &StartupInfo, + &ProcInfo); + if (!fRc) + { + DWORD dwErr = GetLastError(); + + /* + * If we don't hold enough priviledges to spawn a new + * process with different credentials we have to use + * CreateProcessWithLogonW here. + * + * Note that NT4 does *not* support this API, thus we have + * to load it dynamically (W2K+) to not blow up things. + * + * @todo Use fFlags to either use this feature or just fail. + */ + if (ERROR_PRIVILEGE_NOT_HELD == dwErr) + { #if 0 - DWORD dwErr = GetLastError(); - - /* - * If we don't hold enough priviledges to spawn a new - * process with different credentials we have to use - * CreateProcessWithLogonW here. - * - * @todo Use fFlags to either use this feature or just fail. - */ - if (ERROR_PRIVILEGE_NOT_HELD == dwErr) - { - fRc = CreateProcessWithLogonW(pwszUser, - NULL, /* lpDomain*/ - pwszPassword, - LOGON_WITH_PROFILE, /* dwLogonFlags */ - pwszExec, - pwszCmdLine, - CREATE_UNICODE_ENVIRONMENT, /* dwCreationFlags */ - pwszzBlock, - NULL, /* pCurrentDirectory */ - &StartupInfo, - &ProcInfo); + RTLDRMOD modAdvAPI32; + rc = RTLdrLoad("Advapi32.dll", &modAdvAPI32); + PCREATEPROCESSWITHLOGON pfnCreateProcessWithLogonW; + if (RT_SUCCESS(rc)) + { + rc = RTLdrGetSymbol(modAdvAPI32, "CreateProcessWithLogonW", (void**)&pfnCreateProcessWithLogonW); + if (RT_SUCCESS(rc)) + { +#endif + fRc = ImpersonateLoggedOnUser(hToken); + if (fRc) + { + fRc = CreateProcessW(pwszExec, + pwszCmdLine, + NULL, /* pProcessAttributes */ + NULL, /* pThreadAttributes */ + TRUE, /* fInheritHandles */ + CREATE_UNICODE_ENVIRONMENT, /* dwCreationFlags */ + pwszzBlock, + NULL, /* pCurrentDirectory */ + &StartupInfo, + &ProcInfo); + RevertToSelf(); + } +#if 0 + fRc = pfnCreateProcessWithLogonW(pwszUser, + NULL, /* lpDomain*/ + pwszPassword, + 0 /*LOGON_WITH_PROFILE*/, /* dwLogonFlags */ + pwszExec, + pwszCmdLine, + CREATE_UNICODE_ENVIRONMENT, /* dwCreationFlags */ + pwszzBlock, + NULL, /* pCurrentDirectory */ + &StartupInfo, + &ProcInfo); + } + RTLdrClose(modAdvAPI32); + } +#endif + } } -#endif } CloseHandle(hToken);