Changeset 27491 in vbox
- Timestamp:
- Mar 18, 2010 4:52:32 PM (15 years ago)
- File:
-
- 1 edited
-
trunk/src/VBox/Runtime/r3/win/process-win.cpp (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/Runtime/r3/win/process-win.cpp
r27487 r27491 303 303 /* 304 304 * The following rights are needed in order to use 305 * LogonUserW and CreateProcessAsUserW: 306 * - SE_ASSIGNPRIMARYTOKEN_NAME 307 * - SE_INCREASE_QUOTA_NAME 308 * - SE_TCB_NAME 309 * 310 * So the local policy has to be modified to: 311 * - Act as part of the operating system 312 * - Create a token object 313 * - Log on as a batch job 305 * LogonUserW and CreateProcessAsUserW, 306 * so the local policy has to be modified to: 307 * - SE_TCB_NAME = Act as part of the operating system 308 * - SE_ASSIGNPRIMARYTOKEN_NAME = Create/replace a token object 309 * - SE_INCREASE_QUOTA_NAME 314 310 */ 315 311 fRc = LogonUserW(pwszUser, … … 333 329 &StartupInfo, 334 330 &ProcInfo); 335 if (!fRc) 331 CloseHandle(hToken); 332 } 333 334 /* If call above failed (ERROR_PRIVILEGE_NOT_HELD or else, might happen on W2K), 335 * try a newer method. */ 336 if (!fRc) 337 { 338 DWORD dwErr = GetLastError(); 339 340 /* 341 * If we don't hold enough priviledges to spawn a new 342 * process with different credentials we have to use 343 * CreateProcessWithLogonW here. 344 * 345 * Note that NT4 does *not* support this API, thus we have 346 * to load it dynamically (W2K+) to not blow up things. 347 * 348 * @todo Use fFlags to either use this feature or just fail. 349 */ 350 if (ERROR_PRIVILEGE_NOT_HELD == dwErr) 336 351 { 337 DWORD dwErr = GetLastError(); 338 339 /* 340 * If we don't hold enough priviledges to spawn a new 341 * process with different credentials we have to use 342 * CreateProcessWithLogonW here. 343 * 344 * Note that NT4 does *not* support this API, thus we have 345 * to load it dynamically (W2K+) to not blow up things. 346 * 347 * @todo Use fFlags to either use this feature or just fail. 348 */ 349 if (ERROR_PRIVILEGE_NOT_HELD == dwErr) 352 RTLDRMOD modAdvAPI32; 353 rc = RTLdrLoad("Advapi32.dll", &modAdvAPI32); 354 PCREATEPROCESSWITHLOGON pfnCreateProcessWithLogonW; 355 if (RT_SUCCESS(rc)) 350 356 { 351 RTLDRMOD modAdvAPI32; 352 rc = RTLdrLoad("Advapi32.dll", &modAdvAPI32); 353 PCREATEPROCESSWITHLOGON pfnCreateProcessWithLogonW; 357 /* This may fail on too old (NT4) platforms. */ 358 rc = RTLdrGetSymbol(modAdvAPI32, "CreateProcessWithLogonW", (void**)&pfnCreateProcessWithLogonW); 354 359 if (RT_SUCCESS(rc)) 355 360 { 356 /* This may fail on too old (NT4) platforms. */ 357 rc = RTLdrGetSymbol(modAdvAPI32, "CreateProcessWithLogonW", (void**)&pfnCreateProcessWithLogonW); 358 if (RT_SUCCESS(rc)) 359 { 360 fRc = pfnCreateProcessWithLogonW(pwszUser, 361 NULL, /* lpDomain*/ 362 pwszPassword, 363 1 /*LOGON_WITH_PROFILE*/, /* dwLogonFlags */ 364 pwszExec, 365 pwszCmdLine, 366 CREATE_UNICODE_ENVIRONMENT, /* dwCreationFlags */ 367 pwszzBlock, 368 NULL, /* pCurrentDirectory */ 369 &StartupInfo, 370 &ProcInfo); 371 } 372 RTLdrClose(modAdvAPI32); 361 fRc = pfnCreateProcessWithLogonW(pwszUser, 362 NULL, /* lpDomain*/ 363 pwszPassword, 364 1 /*LOGON_WITH_PROFILE*/, /* dwLogonFlags */ 365 pwszExec, 366 pwszCmdLine, 367 CREATE_UNICODE_ENVIRONMENT, /* dwCreationFlags */ 368 pwszzBlock, 369 NULL, /* pCurrentDirectory */ 370 &StartupInfo, 371 &ProcInfo); 373 372 } 373 RTLdrClose(modAdvAPI32); 374 374 } 375 375 } 376 CloseHandle(hToken);377 376 } 378 377 RTUtf16Free(pwszPassword);
Note:
See TracChangeset
for help on using the changeset viewer.
