C++: LogonUser impersonation problem. User with a blank password

Question

5.00/5 (1 vote)

See more:

Hello community.
I met quite a problem during writting my software.
The software is doing delayed deletion of files and folders. Main algorythm is in win32 service which gets data and user credentials from db. For deleting an object it must impersonate itself as user that had added it in db. It's kind of security precaution for software for not allowing to delete system objects or that this user had no right to delete.
Actually everything goes good with domain users and with local users exept one little case: if user has no password.
Similar question has been asked here before but there has been no solution that made me satisfied. The solution that was proposed in similar post is to change local security policy which makes a huge hole in system's security. I think when the software changes system policies is not 'comme il faut'.
First i thought about filling ACL with user credentials and getting user's determining user rights on object and then just delete it with service itself with LocalSystem privileges, but i'm not sure that is "good style" to perform my task. So i still need to delete object under user's security context.
Looking forward to your answers.
Best regards, Alexey.

Posted 16-Jan-13 19:03pm

Alexey Loire

Add a Solution

Comments

«_Superman_» 17-Jan-13 4:03am

The lpszPassword parameter of LogonUser is optional.
So what happens if you initialize it to NULL?

Alexey Loire 17-Jan-13 11:11am

i got ERROR_ACCOUNT_RESTRICTION (1327).
I suppose that this parameter is only optional to system accounts such as LocalSystem that haven't any pwd.

Michael Haephrati 3-Mar-13 14:09pm

Did you try initializing lpszPassword as _T("") instead of NULL?

Alexey Loire 5-Mar-13 0:27am

of course i did. Not an option ><

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)