J
Jedei
Unregistered / Unconfirmed
GUEST, unregistred user!
哪位高人知道LogonUser函数怎么用!!!
要实现登陆WINDOWS NT,不能用
WNetAddConnection系列,稍微详细的例子!
低人务答,拒绝灌水!
要实现登陆WINDOWS NT,不能用
WNetAddConnection系列,稍微详细的例子!
低人务答,拒绝灌水!
您正在使用一款已经过时的浏览器!部分功能不能正常使用。
请尝试升级或使用 其他浏览器。
请尝试升级或使用 其他浏览器。
C
coolblue
Unregistered / Unconfirmed
GUEST, unregistred user!
在windows单元中有函数的详细说明,可以参考!
J
Jedei
Unregistered / Unconfirmed
GUEST, unregistred user!
继续,我期待的答案还没有出现!!!
J
Jedei
Unregistered / Unconfirmed
GUEST, unregistred user!
怎么还没有答案呢?
是不是富翁们嫌分太少?
好,只要有人能给出正确并且有效答案,本人必有重谢!!!
是不是富翁们嫌分太少?
好,只要有人能给出正确并且有效答案,本人必有重谢!!!
Z
zyy04
Unregistered / Unconfirmed
GUEST, unregistred user!
从MSDN中贴出来的!
LogonUser
The LogonUser function attempts to log a user on to the local computer, that is,
to the computer from which LogonUser was called. You cannot use LogonUser to
log on to a remote computer. You specify the user with a user name and domain,
and authenticate the user with a clear-text password. If the function succeeds,
you receive a handle to a token that represents the logged-on user. You can then
use this token handle to impersonate the specified user, or in most cases, to
create a process running in the context of the specified user.
BOOL LogonUser(
LPTSTR lpszUsername, // string that specifies the user name
LPTSTR lpszDomain, // string that specifies the domain or
// server
LPTSTR lpszPassword, // string that specifies the password
DWORD dwLogonType, // specifies the type of logon operation
DWORD dwLogonProvider, // specifies the logon provider
PHANDLE phToken // pointer to variable to receive token
// handle
);
Parameters
lpszUsername
Pointer to a null-terminated string that specifies the user name. This is the
name of the user account to log on to.
lpszDomain
Pointer to a null-terminated string that specifies the name of the domain or
server whose account database contains the lpszUserName account. LogonUser asks
the domain controller or server to search for and validate the account. If this
parameter is ".", LogonUser validates the account using only the local account
database. If this parameter is NULL, LogonUser first searches the local account
database and then asks trusted domains to search their account databases until
it finds the account or the search is exhausted.
lpszPassword
Pointer to a null-terminated string that specifies the clear-text password for
the user account specified by lpszUsername.
dwLogonType
Specifies the type of logon operation to perform. The following logon types are
defined: Value Meaning
LOGON32_LOGON_BATCH This logon type is intended for batch servers, where
processes may be executing on behalf of a user without their direct
intervention; or for higher performance servers that process many clear-text
authentication attempts at a time, such as mail or web servers. LogonUser does
not cache credentials for this logon type.
LOGON32_LOGON_INTERACTIVE This logon type is intended for users who will be
interactively using the machine, such as a user being logged on by a terminal
server, remote shell, or similar process. This logon type has the additional
expense of caching logon information for disconnected operation, and is
therefore inappropriate for some client/server applications, such as a mail
server.
LOGON32_LOGON_SERVICE Indicates a service-type logon. The account provided must
have the service privilege enabled.
LOGON32_LOGON_NETWORK This logon type is intended for high performance servers
to authenticate clear text passwords. LogonUser does not cache credentials for
this logon type. This is the fastest logon path, but there are two limitations.
First, the function returns an impersonation token, not a primary token. You
cannot use this token directly in the CreateProcessAsUser function. However,
you can call the DuplicateTokenEx function to convert the token to a primary
token, and then use it in CreateProcessAsUser.
Second, if you convert the token to a primary token and use it in
CreateProcessAsUser to start a process, the new process will not be able to
access other network resources, such as remote servers or printers, through the
redirector.
dwLogonProvider
Specifies the logon provider. The following logon providers are defined: Value
Meaning
LOGON32_PROVIDER_DEFAULT Use the standard logon provider for the system. This is
the recommended value for the dwLogonProvider parameter. It provides maximum
compatibility with current and future releases of Windows NT.
LOGON32_PROVIDER_WINNT40 Use the Windows NT 4.0 logon provider
LOGON32_PROVIDER_WINNT35 Use the Windows NT 3.5 logon provider.
phToken
Pointer to a HANDLE variable that receives a handle to a token that represents
the specified user.
You can use the returned handle in calls to the ImpersonateLoggedOnUser
function.
In most cases, the returned handle is a primary token that you can use in calls
to the CreateProcessAsUser function. However, if you specify the
LOGON32_LOGON_NETWORK flag, LogonUser returns an impersonation token that you
cannot use in CreateProcessAsUser unless you call DuplicateTokenEx to convert
it to a primary token.
When you no longer need this handle, close it by calling the CloseHandle
function.
Return Values
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error
information, call GetLastError.
Remarks
The process that calls LogonUser must have the SE_TCB_NAME privilege. The
privilege does not need to be enabled. The LogonUser function enables the
privilege as necessary. If the calling process does not have this privilege,
LogonUser fails and GetLastError returns ERROR_PRIVILEGE_NOT_HELD.
In some cases, the process that calls LogonUser must also have the
SE_CHANGE_NOTIFY_NAME privilege enabled; otherwise, LogonUser fails and
GetLastError returns ERROR_ACCESS_DENIED. This privilege is not required for
the local system account or accounts that are members of the administrators
group. By default, SE_CHANGE_NOTIFY_NAME is enabled for all users, but some
administrators may disable it for everyone. For more information about
privileges, see Privileges.
A user is considered logged on as long as at least one token exists. If you
call CreateProcessAsUser and then close the token, the system considers the
user as still logged on until the process (and all child processes) have ended.
If the LogonUser call is successful, the system notifies network providers that
the logon occurred by calling the provider's NPLogonNotify entry-point.
QuickInfo
Windows NT: Requires version 3.51 or later.
Windows: Unsupported.
Windows CE: Unsupported.
Header: Declared in winbase.h.
Import Library: Use advapi32.lib.
Unicode: Implemented as Unicode and ANSI versions on Windows NT.
LogonUser
The LogonUser function attempts to log a user on to the local computer, that is,
to the computer from which LogonUser was called. You cannot use LogonUser to
log on to a remote computer. You specify the user with a user name and domain,
and authenticate the user with a clear-text password. If the function succeeds,
you receive a handle to a token that represents the logged-on user. You can then
use this token handle to impersonate the specified user, or in most cases, to
create a process running in the context of the specified user.
BOOL LogonUser(
LPTSTR lpszUsername, // string that specifies the user name
LPTSTR lpszDomain, // string that specifies the domain or
// server
LPTSTR lpszPassword, // string that specifies the password
DWORD dwLogonType, // specifies the type of logon operation
DWORD dwLogonProvider, // specifies the logon provider
PHANDLE phToken // pointer to variable to receive token
// handle
);
Parameters
lpszUsername
Pointer to a null-terminated string that specifies the user name. This is the
name of the user account to log on to.
lpszDomain
Pointer to a null-terminated string that specifies the name of the domain or
server whose account database contains the lpszUserName account. LogonUser asks
the domain controller or server to search for and validate the account. If this
parameter is ".", LogonUser validates the account using only the local account
database. If this parameter is NULL, LogonUser first searches the local account
database and then asks trusted domains to search their account databases until
it finds the account or the search is exhausted.
lpszPassword
Pointer to a null-terminated string that specifies the clear-text password for
the user account specified by lpszUsername.
dwLogonType
Specifies the type of logon operation to perform. The following logon types are
defined: Value Meaning
LOGON32_LOGON_BATCH This logon type is intended for batch servers, where
processes may be executing on behalf of a user without their direct
intervention; or for higher performance servers that process many clear-text
authentication attempts at a time, such as mail or web servers. LogonUser does
not cache credentials for this logon type.
LOGON32_LOGON_INTERACTIVE This logon type is intended for users who will be
interactively using the machine, such as a user being logged on by a terminal
server, remote shell, or similar process. This logon type has the additional
expense of caching logon information for disconnected operation, and is
therefore inappropriate for some client/server applications, such as a mail
server.
LOGON32_LOGON_SERVICE Indicates a service-type logon. The account provided must
have the service privilege enabled.
LOGON32_LOGON_NETWORK This logon type is intended for high performance servers
to authenticate clear text passwords. LogonUser does not cache credentials for
this logon type. This is the fastest logon path, but there are two limitations.
First, the function returns an impersonation token, not a primary token. You
cannot use this token directly in the CreateProcessAsUser function. However,
you can call the DuplicateTokenEx function to convert the token to a primary
token, and then use it in CreateProcessAsUser.
Second, if you convert the token to a primary token and use it in
CreateProcessAsUser to start a process, the new process will not be able to
access other network resources, such as remote servers or printers, through the
redirector.
dwLogonProvider
Specifies the logon provider. The following logon providers are defined: Value
Meaning
LOGON32_PROVIDER_DEFAULT Use the standard logon provider for the system. This is
the recommended value for the dwLogonProvider parameter. It provides maximum
compatibility with current and future releases of Windows NT.
LOGON32_PROVIDER_WINNT40 Use the Windows NT 4.0 logon provider
LOGON32_PROVIDER_WINNT35 Use the Windows NT 3.5 logon provider.
phToken
Pointer to a HANDLE variable that receives a handle to a token that represents
the specified user.
You can use the returned handle in calls to the ImpersonateLoggedOnUser
function.
In most cases, the returned handle is a primary token that you can use in calls
to the CreateProcessAsUser function. However, if you specify the
LOGON32_LOGON_NETWORK flag, LogonUser returns an impersonation token that you
cannot use in CreateProcessAsUser unless you call DuplicateTokenEx to convert
it to a primary token.
When you no longer need this handle, close it by calling the CloseHandle
function.
Return Values
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error
information, call GetLastError.
Remarks
The process that calls LogonUser must have the SE_TCB_NAME privilege. The
privilege does not need to be enabled. The LogonUser function enables the
privilege as necessary. If the calling process does not have this privilege,
LogonUser fails and GetLastError returns ERROR_PRIVILEGE_NOT_HELD.
In some cases, the process that calls LogonUser must also have the
SE_CHANGE_NOTIFY_NAME privilege enabled; otherwise, LogonUser fails and
GetLastError returns ERROR_ACCESS_DENIED. This privilege is not required for
the local system account or accounts that are members of the administrators
group. By default, SE_CHANGE_NOTIFY_NAME is enabled for all users, but some
administrators may disable it for everyone. For more information about
privileges, see Privileges.
A user is considered logged on as long as at least one token exists. If you
call CreateProcessAsUser and then close the token, the system considers the
user as still logged on until the process (and all child processes) have ended.
If the LogonUser call is successful, the system notifies network providers that
the logon occurred by calling the provider's NPLogonNotify entry-point.
QuickInfo
Windows NT: Requires version 3.51 or later.
Windows: Unsupported.
Windows CE: Unsupported.
Header: Declared in winbase.h.
Import Library: Use advapi32.lib.
Unicode: Implemented as Unicode and ANSI versions on Windows NT.
J
Jedei
Unregistered / Unconfirmed
GUEST, unregistred user!
to zyy04:
怎么设SE_TCB_NAME特权呢?
如果你能回答出来,100分全都给你,
回答不出来,只能。。。
怎么设SE_TCB_NAME特权呢?
如果你能回答出来,100分全都给你,
回答不出来,只能。。。
L
lml
Unregistered / Unconfirmed
GUEST, unregistred user!
下面是一个在NT4/2000下关机权限设置的例子,我用C++ Builder,你自己改写吧,
应当不复杂。
只要把SE_SHUTDOWN_NAME换为SE_TCB_NAME应当可以了
//程序开始:
TOKEN_PRIVILEGES tkp;
HANDLE hToken;
//给hToken赋初值
OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);
//找到SE_SHUTDOWN_NAME的Luid
LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME,
&tkp.Privileges[0].Luid);
//只有一个特性要改变
tkp.PrivilegeCount = 1;
//特性将改变为有效
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
//调整特性
AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,
(PTOKEN_PRIVILEGES)NULL, 0);
//关闭电源
ExitWindowsEx(EWX_POWEROFF | EWX_FORCE, 0);
应当不复杂。
只要把SE_SHUTDOWN_NAME换为SE_TCB_NAME应当可以了
//程序开始:
TOKEN_PRIVILEGES tkp;
HANDLE hToken;
//给hToken赋初值
OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);
//找到SE_SHUTDOWN_NAME的Luid
LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME,
&tkp.Privileges[0].Luid);
//只有一个特性要改变
tkp.PrivilegeCount = 1;
//特性将改变为有效
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
//调整特性
AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,
(PTOKEN_PRIVILEGES)NULL, 0);
//关闭电源
ExitWindowsEx(EWX_POWEROFF | EWX_FORCE, 0);
J
Jedei
Unregistered / Unconfirmed
GUEST, unregistred user!
多人接受答案了。