I would like to do exactly this : https://learn.microsoft.com/en-us/previ ... 8(v=vs.85)
I tried to convert this C++ code in Purebasic but my knowledge is insufficient to make it work.
Could someone help me ?
Thank you for your time.
EDIT : I fixed some errors. The last error is coming from the CreateProcessAsUser_ (1314 : A required privilege is not held by the client)
Here is what I did :
Code: Select all
Procedure Hiword(a.l)
ProcedureReturn (a>>16 & $ffff)
EndProcedure
Procedure LOWORD(a.l)
ProcedureReturn (a & $ffff)
EndProcedure
Procedure WriteToLog(entry.s)
Debug entry
; Protected hFile.l
; hFile = OpenFile(#PB_Any, "", #PB_File_SharedRead | #PB_File_SharedWrite)
; If hFile = #Null
; ProcedureReturn #False
; EndIf
; FileSeek(hFile, Lof(hFile))
; WriteStringN(hFile, entry)
; CloseFile(hFile)
; ProcedureReturn #True
EndProcedure
; https://github.com/poweradminllc/PAExec/blob/master/InteractiveSession.cpp
; https://www.installsetupconfig.com/win32programming/windowstationsdesktops13_5.html
; https://learn.microsoft.com/en-us/previous-versions/aa379608(v=vs.85)
Declare AddAceToWindowStation(hwinsta, *psid)
Declare AddAceToDesktop(hdesk, psid)
; Declare RemoveAceFromWindowStation(hwinsta, psid)
; Declare RemoveAceFromDesktop(hdesk, psid)
Declare GetLogonSID(hToken, *ppsid)
Declare FreeLogonSID(*ppsid)
Procedure AccessWinStation(hToken)
Protected hdesk = #Null
Protected hwinsta = #Null
Protected pSid = #Null
Protected hwinstaSave = #Null
Protected err
hwinstaSave = GetProcessWindowStation_()
; Save a handle To the caller's current window station.
If hwinstaSave = #Null
err = GetLastError_()
WriteToLog("Failed to get GetProcessWindowStation : " + err)
Goto Cleanup_AccessWinStation
EndIf
; Get a handle To the interactive window station.
hwinsta = OpenWindowStation_(@"winsta0", #False, #READ_CONTROL | #WRITE_DAC)
If hwinsta = #Null
err = GetLastError_()
WriteToLog("Failed to open winsta0 : " + err)
Goto Cleanup_AccessWinStation
EndIf
Debug "1"
; To get the correct Default desktop, set the caller's window station To the interactive window station.
If Not SetProcessWindowStation_(hwinsta)
err = GetLastError_()
WriteToLog("Failed to SetProcessWindowStation : " + err)
Goto Cleanup_AccessWinStation
EndIf
; Get a handle To the interactive desktop.
hdesk = OpenDesktop_(@"default", 0, #False, #READ_CONTROL | #WRITE_DAC | #DESKTOP_WRITEOBJECTS | #DESKTOP_READOBJECTS)
err = GetLastError_()
; Restore the caller's window station.
If Not SetProcessWindowStation_(hwinstaSave)
Goto Cleanup_AccessWinStation
EndIf
If hdesk = #Null
WriteToLog("Failed to get Default desktop : " + err)
Goto Cleanup_AccessWinStation
EndIf
Debug "2"
; Get the SID For the client's logon session.
If Not GetLogonSID(hToken, @pSid)
WriteToLog("Failed to get login SID")
Goto Cleanup_AccessWinStation
EndIf
Debug "3"
; Allow logon SID full access To interactive window station.
If Not AddAceToWindowStation(hwinsta, @pSid)
err = GetLastError_()
WriteToLog("Failed to add ACE to WinStation : " + err)
CloseWindowStation_(hwinsta)
hwinsta = #Null; so it's not removed and cleaned up later
Goto Cleanup_AccessWinStation
EndIf
Debug "4"
; Allow logon SID full access To interactive desktop.
If Not AddAceToDesktop(hdesk, @pSid)
err = GetLastError_()
WriteToLog("Failed to add ACE to Desktop : " + err)
CloseDesktop_(hdesk)
hdesk = #Null
Goto Cleanup_AccessWinStation
EndIf
Debug "5"
Protected si.STARTUPINFO
ZeroMemory_(@si, SizeOf(STARTUPINFO))
si\cb = SizeOf(STARTUPINFO)
si\lpDesktop = @"WinSta0\Default"
Protected pi.PROCESS_INFORMATION
ZeroMemory_(@pi, SizeOf(PROCESS_INFORMATION))
#CREATE_UNICODE_ENVIRONMENT = $400
Protected dwCreationFlags = #CREATE_SUSPENDED | #CREATE_NEW_CONSOLE | #CREATE_UNICODE_ENVIRONMENT
ImpersonateLoggedOnUser_(hToken)
Protected lpCommandLine = #Null
If CreateProcessAsUser_(hToken, #Null, @"c:\windows\system32\notepad.exe", #Null, #Null, #False, dwCreationFlags, #Null, #Null, @si, @pi)
ResumeThread_(pi\hThread)
CloseHandle_(pi\hThread)
Else
error = GetLastError_()
WriteToLog("CreateProcessAsUser_ : " + error)
EndIf
RevertToSelf_()
Cleanup_AccessWinStation:
If hwinstaSave : SetProcessWindowStation_(hwinstaSave) : EndIf
; Free the buffer for the logon SID
If pSid : FreeLogonSID(@pSid) : EndIf
; Close the handles to the interactive window station and desktop.
If hwinsta : CloseWindowStation_(hwinsta) : EndIf
If hdesk : CloseDesktop_(hdesk) : EndIf
; Close the handle To the client's access token.
If hToken <> #INVALID_HANDLE_VALUE : CloseHandle_(hToken) : EndIf
EndProcedure
Procedure FreeLogonSID(*ppsid)
HeapFree_(GetProcessHeap_(), 0, *ppsid)
EndProcedure
Procedure GetLogonSID(hToken, *ppsid)
Structure TOKEN_USER
User.SID_AND_ATTRIBUTES
EndStructure
Protected bSuccess = #False
Protected dwIndex
Protected dwLength = 0
Protected ptg.TOKEN_GROUPS
Protected *pTU.TOKEN_USER
Protected err
; Verify the parameter passed in is Not NULL.
If *ppsid = #Null
Goto Cleanup_GetLogonSID
EndIf
SetLastError_(0)
If GetTokenInformation_(hToken, #TokenUser, 0, 0, @dwLength) = #False And GetLastError_() = #ERROR_INSUFFICIENT_BUFFER And dwLength
*pTU = AllocateMemory(dwLength)
If *pTU
If GetTokenInformation_(hToken, #TokenUser, *pTU, dwLength, @dwLength)
If Not CopySid_(dwLength, *ppsid, *pTU\User\Sid)
HeapFree_(GetProcessHeap_(), 0, *ppsid)
Goto Cleanup_GetLogonSID
EndIf
Debug "2.1"
bSuccess = #True
Goto Cleanup_GetLogonSID
Else
err = GetLastError_()
WriteToLog("Failed to get login token information 2: " + err)
Goto Cleanup_GetLogonSID
EndIf
FreeMemory(*pTU)
EndIf
Else
err = GetLastError_()
WriteToLog("Failed to get login token information 1: " + err)
Goto Cleanup_GetLogonSID
EndIf
Debug "2.2"
; fall through And make alternate attempt
; Get required buffer size And allocate the TOKEN_GROUPS buffer.
If Not GetTokenInformation_(hToken, #TokenGroups, ptg, 0, @dwLength)
If GetLastError_() <> #ERROR_INSUFFICIENT_BUFFER
err = GetLastError_()
WriteToLog("Failed to get login token information[2] : " + err)
Goto Cleanup_GetLogonSID
EndIf
; ptg = HeapAlloc_(GetProcessHeap_(), #HEAP_ZERO_MEMORY, dwLength)
; If ptg = #Null
; Goto Cleanup_GetLogonSID
; EndIf
EndIf
Debug "2.3"
; Get the token group information from the access token.
If Not GetTokenInformation_(hToken, #TokenGroups, ptg, dwLength, @dwLength)
Goto Cleanup_GetLogonSID
EndIf
; Loop through the groups To find the logon SID.
For dwIndex = 0 To ptg\GroupCount - 1
If ptg\Groups[dwIndex]\Attributes & #SE_GROUP_LOGON_ID = #SE_GROUP_LOGON_ID
; Found the logon SID; make a copy of it.
dwLength = GetLengthSid_(ptg\Groups[dwIndex]\Sid)
*ppsid = HeapAlloc_(GetProcessHeap_(), #HEAP_ZERO_MEMORY, dwLength)
If *ppsid = #Null
Goto Cleanup_GetLogonSID
EndIf
If Not CopySid_(dwLength, *ppsid, ptg\Groups[dwIndex]\Sid)
HeapFree_(GetProcessHeap_(), 0, *ppsid)
Goto Cleanup_GetLogonSID
EndIf
bSuccess = #True
Break
EndIf
Next
Cleanup_GetLogonSID:
If ptg <> #Null : HeapFree_(GetProcessHeap_(), 0, ptg) : EndIf
; ptg = #Null
; If pTU <> #Null : HeapFree_(GetProcessHeap_(), 0, *pTU) : EndIf
FreeMemory(*pTU)
; pTU = #Null
ProcedureReturn bSuccess
EndProcedure
Procedure AddAceToWindowStation(hwinsta, psid)
; Protected *pace = #Null
Protected aclSizeInfo.ACL_SIZE_INFORMATION
Protected bDaclExist
Protected bDaclPresent
Protected bSuccess = #False
Protected dwNewAclSize
Protected dwSidSize = 0
Protected dwSdSizeNeeded
Protected pacl
Protected pNewAcl = #Null
Protected psd = #Null
Protected psdNew = #Null
Protected pTempAce
Protected *aceHeader.ACE_HEADER
#DACL_SECURITY_INFORMATION = 4
Protected si = #DACL_SECURITY_INFORMATION
Protected i
; Obtain the DACL For the window station.
If Not GetUserObjectSecurity_(hwinsta, @si, psd, dwSidSize, @dwSdSizeNeeded)
If GetLastError_() = #ERROR_INSUFFICIENT_BUFFER
psd = HeapAlloc_(GetProcessHeap_(), #HEAP_ZERO_MEMORY, dwSdSizeNeeded)
If psd = #Null : ProcedureReturn 0 : EndIf
psdNew = HeapAlloc_(GetProcessHeap_(), #HEAP_ZERO_MEMORY, dwSdSizeNeeded)
If psdNew = #Null : ProcedureReturn 0 : EndIf
dwSidSize = dwSdSizeNeeded
If Not GetUserObjectSecurity_(hwinsta, @si, psd, dwSidSize, @dwSdSizeNeeded)
ProcedureReturn 0
EndIf
Else
ProcedureReturn 0
EndIf
EndIf
Debug "3.1"
; Create a new DACL.
If Not InitializeSecurityDescriptor_(psdNew, #SECURITY_DESCRIPTOR_REVISION)
ProcedureReturn 0
EndIf
; Get the DACL from the security descriptor.
If Not GetSecurityDescriptorDacl_(psd, @bDaclPresent, @pacl, @bDaclExist)
ProcedureReturn 0
EndIf
Debug "3.2"
; Initialize the ACL.
ZeroMemory_(@aclSizeInfo, SizeOf(ACL_SIZE_INFORMATION))
aclSizeInfo\AclBytesInUse = SizeOf(ACL) ; ACL ???
; Call only If the DACL is Not NULL.
If pacl <> #Null
; get the file ACL size info
If Not GetAclInformation_(pacl, @aclSizeInfo, SizeOf(ACL_SIZE_INFORMATION), #AclSizeInformation)
ProcedureReturn 0
EndIf
EndIf
Debug "3.3"
; Compute the size of the new ACL.
dwNewAclSize = aclSizeInfo\AclBytesInUse + (2 * SizeOf(ACCESS_ALLOWED_ACE)) + (2 * GetLengthSid_(psid)) - (2 * SizeOf(LONG))
; Allocate memory For the new ACL.
pNewAcl = HeapAlloc_(GetProcessHeap_(), #HEAP_ZERO_MEMORY, dwNewAclSize)
If pNewAcl = #Null : ProcedureReturn 0 : EndIf
;Initialize the new DACL.
If Not InitializeAcl_(pNewAcl, dwNewAclSize, #ACL_REVISION)
ProcedureReturn 0
EndIf
; If DACL is present, copy it To a new DACL.
If bDaclPresent
; Copy the ACEs To the new ACL.
If aclSizeInfo\AceCount
For i = 0 To aclSizeInfo\AceCount - 1
; Get an ACE.
If Not GetAce_(pacl, i, @pTempAce)
ProcedureReturn 0
EndIf
*aceHeader = pTempAce
; Add the ACE To the new ACL.
If Not AddAce_(pNewAcl, #ACL_REVISION, #MAXDWORD, pTempAce, *aceHeader\AceSize) ; ?????
ProcedureReturn 0
EndIf
Next
EndIf
EndIf
Debug "3.4"
;Add the first ACE To the window station.
Protected *pace.ACCESS_ALLOWED_ACE ;= AllocateStructure(ACCESS_ALLOWED_ACE)
*pace = HeapAlloc_(GetProcessHeap_(), #HEAP_ZERO_MEMORY, SizeOf(ACCESS_ALLOWED_ACE) + GetLengthSid_(psid) - SizeOf(LONG)) ; ?????
If *pace = #Null
ProcedureReturn 0
EndIf
#GENERIC_ACCESS = #GENERIC_READ | #GENERIC_WRITE | #GENERIC_EXECUTE | #GENERIC_ALL
#WINSTA_ALL = #WINSTA_ENUMDESKTOPS | #WINSTA_READATTRIBUTES | #WINSTA_ACCESSCLIPBOARD | #WINSTA_CREATEDESKTOP | #WINSTA_WRITEATTRIBUTES | #WINSTA_ACCESSGLOBALATOMS | #WINSTA_EXITWINDOWS | #WINSTA_ENUMERATE | #WINSTA_READSCREEN | #STANDARD_RIGHTS_REQUIRED
*pace\Header\AceType = #ACCESS_ALLOWED_ACE_TYPE
*pace\Header\AceFlags = #CONTAINER_INHERIT_ACE | #INHERIT_ONLY_ACE | #OBJECT_INHERIT_ACE
*pace\Header\AceSize = LOWORD(SizeOf(ACCESS_ALLOWED_ACE) + GetLengthSid_(psid) - SizeOf(LONG))
*pace\Mask = #GENERIC_ACCESS
If Not CopySid_(GetLengthSid_(psid), @*pace\SidStart, psid) ; ????????????
ProcedureReturn 0
EndIf
Debug "3.5"
If Not AddAce_(pNewAcl, #ACL_REVISION, #MAXDWORD, *pace, *pace\Header\AceSize) ; ?????
ProcedureReturn 0
EndIf
Debug "3.6"
; Add the second ACE To the window station.
*pace\Header\AceFlags = #NO_PROPAGATE_INHERIT_ACE
*pace\Mask = #WINSTA_ALL
If Not AddAce_(pNewAcl, #ACL_REVISION, #MAXDWORD, *pace, *pace\Header\AceSize) ; ????
ProcedureReturn 0
EndIf
Debug "3.7"
;Set a new DACL For the security descriptor.
If Not SetSecurityDescriptorDacl_(psdNew, #True, pNewAcl, #False)
ProcedureReturn 0
EndIf
Debug "3.8"
; Set the new security descriptor For the window station.
If Not SetUserObjectSecurity_(hwinsta, @si, psdNew)
ProcedureReturn 0
EndIf
; Indicate success.
bSuccess = #True
Debug "3.9"
; Free the allocated buffers.
If *pace <> #Null : HeapFree_(GetProcessHeap_(), 0, *pace) : EndIf
If pNewAcl <> #Null : HeapFree_(GetProcessHeap_(), 0, pNewAcl) : EndIf
If psd <> #Null : HeapFree_(GetProcessHeap_(), 0, psd) : EndIf
If psdNew <> #Null : HeapFree_(GetProcessHeap_(), 0, psdNew) : EndIf
ProcedureReturn bSuccess
EndProcedure
Procedure AddAceToDesktop(hdesk, psid)
Protected aclSizeInfo.ACL_SIZE_INFORMATION
Protected bDaclExist
Protected bDaclPresent
Protected bSuccess = #False
Protected dwNewAclSize
Protected dwSidSize = 0
Protected dwSdSizeNeeded
Protected pacl
Protected pNewAcl = #Null
Protected psd = #Null
Protected psdNew = #Null
Protected pTempAce;.ACE_HEADER
Protected *aceHeader.ACE_HEADER
#DACL_SECURITY_INFORMATION = 4
Protected si = #DACL_SECURITY_INFORMATION
Protected i
; Obtain the security descriptor for the desktop object.
If Not GetUserObjectSecurity_(hdesk, @si, psd, dwSidSize, @dwSdSizeNeeded)
If GetLastError_() = #ERROR_INSUFFICIENT_BUFFER
psd = HeapAlloc_(GetProcessHeap_(), #HEAP_ZERO_MEMORY, dwSdSizeNeeded)
If psd = #Null : ProcedureReturn 0 : EndIf
psdNew = HeapAlloc_(GetProcessHeap_(), #HEAP_ZERO_MEMORY, dwSdSizeNeeded)
If psdNew = #Null : ProcedureReturn 0 : EndIf
dwSidSize = dwSdSizeNeeded
If Not GetUserObjectSecurity_(hdesk, @si, psd, dwSidSize, @dwSdSizeNeeded)
ProcedureReturn 0
EndIf
Else
ProcedureReturn 0
EndIf
EndIf
Debug "4.1"
; Create a new security descriptor
If Not InitializeSecurityDescriptor_(psdNew, #SECURITY_DESCRIPTOR_REVISION)
ProcedureReturn 0
EndIf
Debug "4.2"
; Obtain the DACL from the security descriptor.
If Not GetSecurityDescriptorDacl_(psd, @bDaclPresent, @pacl, @bDaclExist)
ProcedureReturn 0
EndIf
Debug "4.3"
; Initialize the ACL.
ZeroMemory_(@aclSizeInfo, SizeOf(ACL_SIZE_INFORMATION))
aclSizeInfo\AclBytesInUse = SizeOf(ACL)
; Call only If the DACL is Not NULL.
If pacl <> #Null
; get the file ACL size info
If Not GetAclInformation_(pacl, @aclSizeInfo, SizeOf(ACL_SIZE_INFORMATION), #AclSizeInformation)
ProcedureReturn 0
EndIf
EndIf
Debug "4.4"
; Compute the size of the new ACL.
dwNewAclSize = aclSizeInfo\AclBytesInUse + SizeOf(ACCESS_ALLOWED_ACE) + GetLengthSid_(psid) - SizeOf(LONG)
; Allocate memory For the new ACL.
pNewAcl = HeapAlloc_(GetProcessHeap_(), #HEAP_ZERO_MEMORY, dwNewAclSize)
If pNewAcl = #Null : ProcedureReturn 0 : EndIf
;Initialize the new DACL.
If Not InitializeAcl_(pNewAcl, dwNewAclSize, #ACL_REVISION)
ProcedureReturn 0
EndIf
Debug "4.5"
; If DACL is present, copy it To a new DACL.
If bDaclPresent
; Copy the ACEs To the new ACL.
If aclSizeInfo\AceCount
For i = 0 To aclSizeInfo\AceCount - 1
; Get an ACE.
If Not GetAce_(pacl, i, @pTempAce)
ProcedureReturn 0
EndIf
*aceHeader = pTempAce
; Add the ACE To the new ACL.
If Not AddAce_(pNewAcl, #ACL_REVISION, #MAXDWORD, pTempAce, *aceHeader\AceSize) ; ?????
ProcedureReturn 0
EndIf
Next
EndIf
EndIf
Debug "4.6"
#DESKTOP_ALL = #DESKTOP_READOBJECTS | #DESKTOP_CREATEWINDOW | #DESKTOP_CREATEMENU | #DESKTOP_HOOKCONTROL | #DESKTOP_JOURNALRECORD | #DESKTOP_JOURNALPLAYBACK | #DESKTOP_ENUMERATE | #DESKTOP_WRITEOBJECTS | #DESKTOP_SWITCHDESKTOP | #STANDARD_RIGHTS_REQUIRED
; Add ACE To the DACL.
If Not AddAccessAllowedAce_(pNewAcl, #ACL_REVISION, #DESKTOP_ALL, psid)
ProcedureReturn 0
EndIf
Debug "4.7"
; Set new DACL To the new security descriptor.
If Not SetSecurityDescriptorDacl_(psdNew, #True, pNewAcl, #False)
ProcedureReturn 0
EndIf
Debug "4.8"
; Set the new security descriptor For the desktop object.
If Not SetUserObjectSecurity_(hdesk, @si, psdNew)
ProcedureReturn 0
EndIf
Debug "4.9"
; Indicate success.
bSuccess = #True
; Free the allocated buffers.
If pNewAcl <> #Null : HeapFree_(GetProcessHeap_(), 0, pNewAcl) : EndIf
If psd <> #Null : HeapFree_(GetProcessHeap_(), 0, psd) : EndIf
If psdNew <> #Null : HeapFree_(GetProcessHeap_(), 0, psdNew) : EndIf
ProcedureReturn bSuccess
EndProcedure
; Procedure RemoveAceFromWindowStation(hwinsta, psid)
;
; Protected aclSizeInfo.ACL_SIZE_INFORMATION
; Protected bDaclExist
; Protected bDaclPresent
; Protected bSuccess = #False
; Protected dwNewAclSize
; Protected dwSidSize = 0
; Protected dwSdSizeNeeded
; Protected pacl
; Protected pNewAcl = #Null
; Protected psd = #Null
; Protected psdNew = #Null
; Protected pTempAce.ACCESS_ALLOWED_ACE
; #DACL_SECURITY_INFORMATION = 4
; Protected si = #DACL_SECURITY_INFORMATION
; Protected i
;
; ; Obtain the DACL For the window station.
; If Not GetUserObjectSecurity_(hwinsta, @si, psd, dwSidSize, @dwSdSizeNeeded)
;
; If GetLastError_() = #ERROR_INSUFFICIENT_BUFFER
;
; psd = HeapAlloc_(GetProcessHeap_(), #HEAP_ZERO_MEMORY, dwSdSizeNeeded)
; If psd = #Null : ProcedureReturn 0 : EndIf
;
; psdNew = HeapAlloc_(GetProcessHeap_(), #HEAP_ZERO_MEMORY, dwSdSizeNeeded)
; If psdNew = #Null : ProcedureReturn 0 : EndIf
;
; dwSidSize = dwSdSizeNeeded
; If Not GetUserObjectSecurity_(hwinsta, @si, psd, dwSidSize, @dwSdSizeNeeded)
; ProcedureReturn 0
; EndIf
;
; Else
; ProcedureReturn 0
; EndIf
;
; EndIf
;
; ; Create a new DACL.
; If Not InitializeSecurityDescriptor_(psdNew, #SECURITY_DESCRIPTOR_REVISION)
; ProcedureReturn 0
; EndIf
;
; ; Get the DACL from the security descriptor.
; If Not GetSecurityDescriptorDacl_(psd, @bDaclPresent, @pacl, @bDaclExist)
; ProcedureReturn 0
; EndIf
;
; ; Initialize the ACL.
; ZeroMemory_(@aclSizeInfo, SizeOf(ACL_SIZE_INFORMATION))
; aclSizeInfo\AclBytesInUse = SizeOf(ACL) ; ACL ???
;
; ; Call only If the DACL is Not NULL.
; If pacl <> #Null
; ; get the file ACL size info
; If Not GetAclInformation_(pacl, @aclSizeInfo, SizeOf(ACL_SIZE_INFORMATION), #AclSizeInformation)
; ProcedureReturn 0
; EndIf
; EndIf
;
; ; Compute the size of the new ACL.
; dwNewAclSize = aclSizeInfo\AclBytesInUse + (2 * SizeOf(ACCESS_ALLOWED_ACE)) + (2 * GetLengthSid_(psid)) - (2 * SizeOf(LONG))
;
; ; Allocate memory For the new ACL.
; pNewAcl = HeapAlloc_(GetProcessHeap_(), #HEAP_ZERO_MEMORY, dwNewAclSize)
; If pNewAcl = #Null : ProcedureReturn 0 : EndIf
;
; ; Initialize the new DACL.
; If Not InitializeAcl_(pNewAcl, dwNewAclSize, #ACL_REVISION)
; ProcedureReturn 0
; EndIf
;
; ; If DACL is present, copy it To a new DACL.
; If bDaclPresent
; ; Copy the ACEs To the new ACL.
; If aclSizeInfo\AceCount
; For i = 0 To aclSizeInfo\AceCount - 1
; ; Get an ACE.
; If Not GetAce_(pacl, i, @pTempAce)
; ProcedureReturn 0
; EndIf
;
; If Not EqualSid_(psid, @pTempAce\SidStart)
; ; Add the ACE To the new ACL.
; If Not AddAce_(pNewAcl, #ACL_REVISION, #MAXDWORD, pTempAce, pTempAce\Header\AceSize) ; ?????
; ProcedureReturn 0
; EndIf
; EndIf
; Next
; EndIf
; EndIf
;
; If pacl <> #Null : HeapFree_(GetProcessHeap_(), 0, pacl) : EndIf
;
; ;Set a new DACL For the security descriptor.
; If Not SetSecurityDescriptorDacl_(psdNew, #True, pNewAcl, #False)
; ProcedureReturn 0
; EndIf
;
; ; Set the new security descriptor For the window station.
; If Not SetUserObjectSecurity_(hwinsta, @si, psdNew)
; ProcedureReturn 0
; EndIf
;
; ; Indicate success.
; bSuccess = #True
;
;
; ; Free the allocated buffers.
; If pace <> #Null : HeapFree_(GetProcessHeap_(), 0, pace) : EndIf
; If pNewAcl <> #Null : HeapFree_(GetProcessHeap_(), 0, pNewAcl) : EndIf
; If psd <> #Null : HeapFree_(GetProcessHeap_(), 0, psd) : EndIf
; If psdNew <> #Null : HeapFree_(GetProcessHeap_(), 0, psdNew) : EndIf
;
; ProcedureReturn bSuccess
;
; EndProcedure
;
;
; Procedure RemoveAceFromDesktop(hdesk, psid)
;
; Protected aclSizeInfo.ACL_SIZE_INFORMATION
; Protected bDaclExist
; Protected bDaclPresent
; Protected bSuccess = #False
; Protected dwNewAclSize
; Protected dwSidSize = 0
; Protected dwSdSizeNeeded
; Protected pacl
; Protected pNewAcl = #Null
; Protected psd = #Null
; Protected psdNew = #Null
; Protected pTempAce.ACCESS_ALLOWED_ACE
; #DACL_SECURITY_INFORMATION = 4
; Protected si = #DACL_SECURITY_INFORMATION
; Protected i
;
;
; ; Obtain the DACL For the window station.
; If Not GetUserObjectSecurity_(hdesk, @si, psd, dwSidSize, @dwSdSizeNeeded)
;
; If GetLastError_() = #ERROR_INSUFFICIENT_BUFFER
;
; psd = HeapAlloc_(GetProcessHeap_(), #HEAP_ZERO_MEMORY, dwSdSizeNeeded)
; If psd = #Null : ProcedureReturn 0 : EndIf
;
; psdNew = HeapAlloc_(GetProcessHeap_(), #HEAP_ZERO_MEMORY, dwSdSizeNeeded)
; If psdNew = #Null : ProcedureReturn 0 : EndIf
;
; dwSidSize = dwSdSizeNeeded
; If Not GetUserObjectSecurity_(hdesk, @si, psd, dwSidSize, @dwSdSizeNeeded)
; ProcedureReturn 0
; EndIf
;
; Else
; ProcedureReturn 0
; EndIf
;
; EndIf
;
; ; Create a new DACL.
; If Not InitializeSecurityDescriptor_(psdNew, #SECURITY_DESCRIPTOR_REVISION)
; ProcedureReturn 0
; EndIf
;
; ; Get the DACL from the security descriptor.
; If Not GetSecurityDescriptorDacl_(psd, @bDaclPresent, @pacl, @bDaclExist)
; ProcedureReturn 0
; EndIf
;
; ; Initialize the ACL.
; ZeroMemory_(@aclSizeInfo, SizeOf(ACL_SIZE_INFORMATION))
; aclSizeInfo\AclBytesInUse = SizeOf(ACL) ; ACL ???
;
; ; Call only If the DACL is Not NULL.
; If pacl <> #Null
; ; get the file ACL size info
; If Not GetAclInformation_(pacl, @aclSizeInfo, SizeOf(ACL_SIZE_INFORMATION), #AclSizeInformation)
; ProcedureReturn 0
; EndIf
; EndIf
;
; ; Compute the size of the new ACL.
; dwNewAclSize = aclSizeInfo\AclBytesInUse + SizeOf(ACCESS_ALLOWED_ACE) + GetLengthSid_(psid) - SizeOf(LONG)
;
; ; Allocate memory For the new ACL.
; pNewAcl = HeapAlloc_(GetProcessHeap_(), #HEAP_ZERO_MEMORY, dwNewAclSize)
; If pNewAcl = #Null : ProcedureReturn 0 : EndIf
;
; ;Initialize the new DACL.
; If Not InitializeAcl_(pNewAcl, dwNewAclSize, #ACL_REVISION)
; ProcedureReturn 0
; EndIf
;
; ; If DACL is present, copy it To a new DACL.
; If bDaclPresent
; ; Copy the ACEs To the new ACL.
; If aclSizeInfo\AceCount
; For i = 0 To aclSizeInfo\AceCount - 1
; ; Get an ACE.
; If Not GetAce_(pacl, i, @pTempAce) ; ?????
; ProcedureReturn 0
; EndIf
;
; If Not EqualSid_(psid, @pTempAce\SidStart)
; ; Add the ACE To the new ACL.
; If Not AddAce_(pNewAcl, #ACL_REVISION, #MAXDWORD, pTempAce, pTempAce\Header\AceSize) ; ?????
; ProcedureReturn 0
; EndIf
; EndIf
; Next
; EndIf
; EndIf
;
; ; Set new DACL To the new security descriptor.
; If Not SetSecurityDescriptorDacl_(psdNew, #True, pNewAcl, #False)
; ProcedureReturn 0
; EndIf
;
; ; Set the new security descriptor For the desktop object.
; If Not SetUserObjectSecurity_(hdesk, @si, psdNew)
; ProcedureReturn 0
; EndIf
;
; ; Indicate success.
; bSuccess = #True
;
;
; ; Free the allocated buffers.
; If pAcl <> #Null : HeapFree_(GetProcessHeap_(), 0, pAcl) : EndIf
; If pNewAcl <> #Null : HeapFree_(GetProcessHeap_(), 0, pNewAcl) : EndIf
; If psd <> #Null : HeapFree_(GetProcessHeap_(), 0, psd) : EndIf
; If psdNew <> #Null : HeapFree_(GetProcessHeap_(), 0, psdNew) : EndIf
;
; ProcedureReturn bSuccess
;
; EndProcedure
;
;
;___________________________________________________________________________________________________________________________________________
#TokenPrimary = 1
If Not LogonUser_(@"user", @".", @"pass", #LOGON32_LOGON_INTERACTIVE, #LOGON32_PROVIDER_DEFAULT, @hToken)
WriteToLog("erreur LogonUser_")
End
EndIf
AccessWinStation(hToken)