{ TODO -cTest : Check for Win9x }
procedure CreateProcAsUserEx(
const UserDomain, UserName, Password, CommandLine:
string;
const Environment: PChar);
const
// default values for window stations and desktops
CreateProcDEFWINSTATION = '
WinSta0';
CreateProcDEFDESKTOP = '
Default';
// CreateProcDOMUSERSEP = '\';
var
ConsoleTitle:
string;
Help:
string;
WinStaName:
string;
DesktopName:
string;
hUserToken: THandle;
hWindowStation: HWINSTA;
hDesktop: HDESK;
StartUpInfo: TStartUpInfo;
ProcInfo: TProcessInformation;
begin
// Step 1: check for the correct OS version
CheckOSVersion;
// Step 2: logon as the specified user
hUserToken := 0;
if not LogonUser(PChar(UserName), PChar(UserDomain), PChar(Password),
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, hUserToken)
then
begin
case GetLastError
of
ERROR_PRIVILEGE_NOT_HELD:
raise EJclCreateProcessError.CreateResFmt(@RsCreateProcPrivilegeMissing,
[GetPrivilegeDisplayName(SE_TCB_NAME), SE_TCB_NAME]);
ERROR_LOGON_FAILURE:
raise EJclCreateProcessError.CreateRes(@RsCreateProcLogonUserError);
ERROR_ACCESS_DENIED:
raise EJclCreateProcessError.CreateRes(@RsCreateProcAccessDenied);
else
raise EJclCreateProcessError.CreateRes(@RsCreateProcLogonFailed);
end;
end;
// Step 3: give the new user access to the current WindowStation and Desktop
hWindowStation:= GetProcessWindowStation;
WinStaName := GetUserObjectName(hWindowStation);
if WinStaName = '
'
then
WinStaName := CreateProcDEFWINSTATION;
if not SetUserObjectFullAccess(hWindowStation)
then
begin
CloseHandle(hUserToken);
raise EJclCreateProcessError.CreateResFmt(@RsCreateProcSetStationSecurityError, [WinStaName]);
end;
hDesktop := GetThreadDesktop(GetCurrentThreadId);
DesktopName := GetUserObjectName(hDesktop);
if DesktopName = '
'
then
DesktopName := CreateProcDEFDESKTOP;
if not SetUserObjectFullAccess(hDesktop)
then
begin
CloseHandle(hUserToken);
raise EJclCreateProcessError.CreateResFmt(@RsCreateProcSetDesktopSecurityError, [DesktopName]);
end;
// Step 4: set the startup info for the new process
ConsoleTitle := UserDomain + UserName;
ResetMemory(StartUpInfo, SizeOf(StartUpInfo));
with StartUpInfo
do
begin
cb:= SizeOf(StartUpInfo);
lpTitle:= PChar(ConsoleTitle);
Help := WinStaName + '
\' + DeskTopName;
lpDesktop:= PChar(Help);
end;
// Step 5: create the child process
if not CreateProcessAsUser(hUserToken,
nil, PChar(CommandLine),
nil,
nil,
False, CREATE_NEW_CONSOLE
or CREATE_NEW_PROCESS_GROUP, Environment,
nil,
{$IFDEF FPC}
@StartUpInfo, @ProcInfo)
then
{$ELSE ~FPC}
StartUpInfo, ProcInfo)
then
{$ENDIF ~FPC}
begin
case GetLastError
of
ERROR_PRIVILEGE_NOT_HELD:
raise EJclCreateProcessError.CreateResFmt(@RsCreateProcPrivilegesMissing,
[GetPrivilegeDisplayName(SE_ASSIGNPRIMARYTOKEN_NAME), SE_ASSIGNPRIMARYTOKEN_NAME,
GetPrivilegeDisplayName(SE_INCREASE_QUOTA_NAME), SE_INCREASE_QUOTA_NAME]);
ERROR_FILE_NOT_FOUND:
raise EJclCreateProcessError.CreateResFmt(@RsCreateProcCommandNotFound, [CommandLine]);
else
raise EJclCreateProcessError.CreateRes(@RsCreateProcFailed);
end;
end;
// clean up
CloseWindowStation(hWindowStation);
CloseDesktop(hDesktop);
CloseHandle(hUserToken);
// if this code should be called although there has
// been an exception during invocation of CreateProcessAsUser,
// it will quite surely fail. you should make sure this doesn't happen.
// (it shouldn't happen due to the use of exceptions in the above lines)
CloseHandle(ProcInfo.hThread);
CloseHandle(ProcInfo.hProcess);
end;