int main( int argc, char *argv[] ) { LPTSTR User, Domain, Password, Command, lpNameBuffer = NULL; DWORD dwSize = 0; int RC = 0; if ( argc != 5 ) { usage( argv[0] ); RC = -1; } else { GetUserNameEx( NameSamCompatible, lpNameBuffer, &dwSize ); if ( GetLastError() == ERROR_MORE_DATA ) { lpNameBuffer = (LPTSTR) HeapAlloc( GetProcessHeap(), HEAP_ZERO_MEMORY, dwSize + 1 ); if ( GetUserNameEx( NameSamCompatible, lpNameBuffer, &dwSize ) ) { sprintf( buffer, "Calling User: %s\n", lpNameBuffer ); debug( buffer ); if ( lpNameBuffer != NULL ) HeapFree( GetProcessHeap(), 0, (LPVOID)lpNameBuffer ); } } User = argv[1]; Domain = argv[2]; Password = argv[3]; Command = argv[4]; sprintf( buffer, "User = %s\n", argv[1] ); debug( buffer ); sprintf( buffer, "Domain = %s\n", argv[2] ); debug( buffer ); debug( "Password supplied, not logged\n" ); sprintf( buffer, "Command = %s\n", argv[4] ); debug( buffer ); if ( !AdjustCaller() ) { RC = -1; } else { if ( !StartProcess( User, Domain, Password, Command ) ) { RC = -1; debug( "Couldn't start interactive client process!\n" ); } } } if ( log != NULL ) (void) fclose( log ); return RC; } BOOL AdjustCaller( void ) { HANDLE hToken; if ( !OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ) ) { debug( "OpenProcessToken() failed, unable to query or adjust token privs\n" ); return FALSE; } if ( !SetPrivilege( hToken, SE_TCB_NAME, TRUE ) ) { debug( "Couldn't set 'SE_TCB_NAME' privilege for this process!\n" ); return FALSE; } if ( !SetPrivilege( hToken, SE_ASSIGNPRIMARYTOKEN_NAME, TRUE ) ) { debug( "Couldn't set 'SE_ASSIGNPRIMARYTOKEN_NAME' privilege for this process!\n" ); return FALSE; } if ( !SetPrivilege( hToken, SE_RESTORE_NAME, TRUE ) ) { debug( "non-fatal: Couldn't set 'SE_RESTORE_NAME' privilege for this process! Needed for LoadUserProfile()\n" ); } if ( !SetPrivilege( hToken, SE_BACKUP_NAME, TRUE ) ) { debug( "non-fatal: Couldn't set 'SE_BACKUP_NAME' privilege for this process! Needed for LoadUserProfile()\n" ); } if ( !SetPrivilege( hToken, SE_CHANGE_NOTIFY_NAME, TRUE ) ) { debug( "non-fatal: Couldn't set 'SE_CHANGE_NOTIFY_NAME' privilege for this process!\n" ); } if ( !SetPrivilege( hToken, SE_INCREASE_QUOTA_NAME, TRUE ) ) { debug( "Couldn't set 'SE_ASSIGNPRIMARYTOKEN_NAME' privilege for this process!\n" ); return FALSE; } debug( "AdjustCaller(): privileges enabled -- YAY!\n" ); return TRUE; } BOOL SetPrivilege( HANDLE hToken, // access token handle LPCTSTR lpszPrivilege, // name of privilege to enable/disable BOOL bEnablePrivilege )// to enable or disable privilege { TOKEN_PRIVILEGES tp; LUID luid; if ( !LookupPrivilegeValue( NULL, // lookup privilege on local system lpszPrivilege, // privilege to lookup &luid ) ) { // receives LUID of privilege (void) sprintf( buffer, "Privilege: %s: LookupPrivilegeValue error: %u\n", lpszPrivilege, GetLastError( ) ); debug( buffer ); return FALSE; } tp.PrivilegeCount = 1; tp.Privileges[0].Luid = luid; if ( bEnablePrivilege ) tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; else tp.Privileges[0].Attributes = 0; // Enable the privilege or disable all privileges. if ( !AdjustTokenPrivileges( hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES) NULL, (PDWORD) NULL) ) { (void) sprintf( buffer, "Privilege: %s: AdjustTokenPrivileges error: %u\n", lpszPrivilege, GetLastError( ) ); debug( buffer ); return FALSE; } if ( GetLastError() == ERROR_NOT_ALL_ASSIGNED ) { (void) sprintf( buffer, "Privilege: %s: The token does not have the specified privilege.\n", lpszPrivilege ); debug( buffer ); return FALSE; } return TRUE; } BOOL StartProcess( LPTSTR lpszUsername, LPTSTR lpszDomain, LPTSTR lpszPassword, LPTSTR lpCommandLine ) { HANDLE hToken; PROFILE_INFORMATION profileInformation; BOOL bProfileLoaded = FALSE; if ( !LogonUser( lpszUsername, lpszDomain, lpszPassword, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &hToken ) ) { return FALSE; } ZeroMemory( &profileInformation, sizeof( profileInformation ) ); profileInformation.dwSize = sizeof( profileInformation ); profileInformation.lpUserName = lpszUsername; profileInformation.dwFlags = PI_NOUI; if ( (bProfileLoaded = LoadUserProfile( hToken, &profileInformation )) == FALSE ) { sprintf( buffer, "LoadUserProfile() failed: LastError: %u\n", GetLastError( ) ); debug( buffer ); } }