forum.vdsworld.com Forum Index forum.vdsworld.com
Visit VDSWORLD.com
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


"Run as" replacement using API

 
Post new topic   Reply to topic    forum.vdsworld.com Forum Index -> Advanced VDS 5 Source Code
View previous topic :: View next topic  
Author Message
CodeScript
Moderator Team


Joined: 08 Jun 2003
Posts: 1060
Location: India

PostPosted: Fri Aug 08, 2003 2:14 pm    Post subject: "Run as" replacement using API Reply with quote

Quick Info - "Run as" replacement using API.
VDS version - VDS 5.x +
Windows version - Win 2k/NT/XP
Not compatible - Win9x
Non-VDS/Non System dll - No.
API - Yes.
Tested on - Win XP.
Difficulty Rating - Beginner/Intermediate/Advanced



What is Impersonation ?
-----------------------
Impersonation is the ability of a process to take on the security attributes of another process. Typically, a server thread impersonates a client thread to act on behalf of that client to access objects or validate access to its own objects.


About this demo
----------------
This is a demo showing the use of ImpersonateLoggedOnUser API function using an example of starting and stopping windows services.

Normally you need to login from an administrator account to have access to these functions. But using this API it is possible to enter your adminiatrator ID and password and give the app administative privileges (or another user privileges depending on the privileges the account you supplied has). The system interacts with the app as if it were running from the account you supplied. All the threads started by the app also has the same privileges(I haven't tested this)

Please note that it doesnot compromise your security; since a person without the proper ID/password cannot run the privilged argument/app etc.
However you should revert the status back as shown in the example for added security.

This can be very useful for system admininstrators etc when one nneds to allow a particular functionality only without giving full privileges of that account. Also the user need not login to a different account for a particular task.

This is just a primer; There are several other related API's (DdeImpersonateClient, ImpersonateNamedPipeClient, ImpersonateSelf which give you more specific contol )
You can extend the above demo for the specific purpose you need.

I am not a NT security guru. You can chose the options that best suit you.

Any comments and suggestions welcome. Download here :

http://codescript.vdsworld.com/VDS5src/Impersonate_user.zip

Enjoy !

_________________
Regards
- CodeScript
Arrow Give your application a professional look with the VDSGUI Extension
Back to top
View user's profile Send private message Visit poster's website
Sanjuro
Contributor
Contributor


Joined: 01 May 2003
Posts: 59
Location: Norfolk-United Kingdom

PostPosted: Fri Aug 08, 2003 9:33 pm    Post subject: Reply with quote

This is really nice stuff codescript! Shocked

I can see many many uses for this, thanks for making it available Very Happy

Cheers
Sanjuro

_________________
"Apparently three out of four people make up 75 percent of the population. Smile
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    forum.vdsworld.com Forum Index -> Advanced VDS 5 Source Code All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

Twitter@vdsworld       RSS

Powered by phpBB © 2001, 2005 phpBB Group