apollo51
8th March 2004 11:49 UTC
Logon to a domain with NSIS to gain admin rights
I need to install Flash on many domain computers that are logged on as Restricted User.
I want a NSIS installer to sign on as Domain Admin and install Flash.
My code below does not work :(
!define LOGON32_PROVIDER_DEFAULT 0
!define LOGON32_PROVIDER_WINNT35 1
!define LOGON32_LOGON_INTERACTIVE 2
!define LOGON32_LOGON_NETWORK 3
!define LOGON32_LOGON_BATCH 4
!define LOGON32_LOGON_SERVICE 5
!define LogonUser "advapi32::LogonUserA(t, t, t, i, i, i) i"
!define ImpersonateLoggedOnUser "advapi32::ImpersonateLoggedOnUser(i) i"
!define RevertToSelf "advapi32::RevertToSelf() i"
SetPluginUnload alwaysoff
System::Call '${RevertToSelf} .r0'
System::Call '${LogonUser} ('myusername','mydomain','mypassword',${LOGON32_LOGON_INTERACTIVE},${LOGON32_PROVIDER_DEFAULT},r2) .r0'
System::Call '${ImpersonateLoggedOnUser} (r2) .r0'
messagebox mb_ok $0
$0 returns zero, I think it does not work :igor:
deguix
8th March 2004 22:18 UTC
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero.
So it's not working, I'll get a look on it when I go offline.
deguix
9th March 2004 01:36 UTC
Oh right, now I don't know really, I changed the result type of every API here to "Long" and the results were all non-zero, but I don't know if it's working, probably because of the last parameter "*l" from "LogonUser", it gives 0:
!define USERNAME ""
>!define DOMAIN ""
>!define PASSWORD ""
>!define LOGON32_LOGON_INTERACTIVE 2
>!define LOGON32_LOGON_NETWORK 3
>!define LOGON32_LOGON_BATCH 4
>!define LOGON32_LOGON_SERVICE 5
>!define LOGON32_LOGON_UNLOCK 7
>!define LOGON32_LOGON_NETWORK_CLEARTEXT 8
>!define LOGON32_LOGON_NEW_CREDENTIALS 9
>!define LOGON32_PROVIDER_DEFAULT 0
>!define LOGON32_PROVIDER_WINNT35 1
>!define LOGON32_PROVIDER_WINNT40 2
>!define LOGON32_PROVIDER_WINNT50 3
>!define LogonUser "advapi32::LogonUserA(t, t, t, i, i, *l) l"
>!define ImpersonateLoggedOnUser "advapi32::ImpersonateLoggedOnUser(l)l"
>!define RevertToSelf "advapi32::RevertToSelf() l"
>SetPluginUnload alwaysoff
System::Call "${LogonUser}('${USERNAME}', '${DOMAIN}', '${PASSWORD}', \\
${LOGON32_LOGON_INTERACTIVE}, ${LOGON32_PROVIDER_DEFAULT}, .r2) .r0"
>System::Call '${ImpersonateLoggedOnUser}(r2) .r0'
>System::Call '${RevertToSelf}.r0'
apollo51
9th March 2004 08:17 UTC
It retuns a value not 0.. I'm going to test it now... thanks!!
apollo51
9th March 2004 12:15 UTC
It works fine, I modified the code a bit (I think the only difference with my first code is the pointer * :p )
!define USERNAME ""
!define DOMAIN ""
!define PASSWORD ""
!define LOGON32_LOGON_INTERACTIVE 2
!define LOGON32_LOGON_NETWORK 3
!define LOGON32_LOGON_BATCH 4
!define LOGON32_LOGON_SERVICE 5
!define LOGON32_LOGON_UNLOCK 7
!define LOGON32_LOGON_NETWORK_CLEARTEXT 8
!define LOGON32_LOGON_NEW_CREDENTIALS 9
!define LOGON32_PROVIDER_DEFAULT 0
!define LOGON32_PROVIDER_WINNT35 1
!define LOGON32_PROVIDER_WINNT40 2
!define LOGON32_PROVIDER_WINNT50 3
!define LogonUser "advapi32::LogonUserA(t, t, t, i, i, *i) i"
!define ImpersonateLoggedOnUser "advapi32::ImpersonateLoggedOnUser(i)i"
!define RevertToSelf "advapi32::RevertToSelf() i"
Section
SetPluginUnload alwaysoff
System::Call '${RevertToSelf}.r0'
System::Call "${LogonUser}('${USERNAME}', '${DOMAIN}', '${PASSWORD}', ${LOGON32_LOGON_INTERACTIVE}, ${LOGON32_PROVIDER_DEFAULT}, .r2) .r0"
System::Call '${ImpersonateLoggedOnUser}(r2) .r0'
;Put the code that needs admin rights here
;Log off again
System::Call '${RevertToSelf}.r0'
SectionEnd
deguix
9th March 2004 12:27 UTC
phToken
[out] Pointer to a handle variable that receives a handle to a token that represents the specified user.
See the
ph, it is "pointer to a handle",and that means "*i".
apollo51
9th March 2004 12:44 UTC
Originally posted by deguix
See the ph, it is "pointer to a handle",and that means "*i".
I get it, thanks for helping me out! It installs without entering any password or using RUNAS.EXE ;)