rknh_20


Iam running VFP 9 with SP1 under windows 2k. In order to protect my database/table files on a network I have created a single user who has access to the folder where the files are contained. This is the only user with access to the folder. When an individual on the network runs the application the application logs on as that user and has access to the database files...the code goes like this....

#define LOGON32_PROVIDER_DEFAULT 0
#define LOGON32_PROVIDER_WINNT50 3
#define LOGON32_PROVIDER_WINNT40 2
#define LOGON32_PROVIDER_WINNT35 1
#define LOGON32_LOGON_INTERACTIVE 2
#define LOGON32_LOGON_NETWORK 3
#define LOGON32_LOGON_BATCH 4
#define LOGON32_LOGON_SERVICE 5
#define LOGON32_LOGON_UNLOCK 7
DECLARE integer LogonUser IN AdvApi32.DLL;
string szUsername,;
string lpszDomain,;
string lpszPassword,;
integer dwLogonType,;
integer dwLogonProvider,;
integer @phToken
DECLARE integer ImpersonateLoggedOnUser IN AdvApi32.DLL integer hToken
DECLARE integer RevertToSelf IN AdvApi32.DLL
public nToken
nToken = 0
lu=LogonUser("vuser","domain","password",LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, @nToken)
ip=ImpersonateLoggedOnUser(nToken)
This all works well and gives the desired result...the files are accessable to the application only and when done the application issues '=REVERTTOSELF()'. The problem comes in after I issue the Impersonateloggedinuser call I can no longer get the GETFIL() function to work in VFP. The easiest way to reproduce this is to run the above code in a prg and execute GETFIL() from the command window. This fails for me, as it does in my larger application.
Any help is appreciated
Roy



Re: impersonateloggedonuser and Getfil()

dni


I ran you code on my machine and it is working perfect with getfil() - (XP, vfp 9 SP1, logged in 2000 domain, administrator rights), so I think is a user security issue, nothing wrong with vfp.





Re: impersonateloggedonuser and Getfil()

rknh_20

Thanks for the input. The code worked well for me when I added , as the last line, =getfil(). However, when I run the prg without the =getfil() as the last line and let the prg end and then issue =getfil() from the command line and it does not work. I tried to reissue 'impersonateanotheruser' (a second time) and that did allow it to work. This is not a good work-around from my app point of view. So given this data, do you still think it is a security issue (as I said the logonuser and impersonateloggedonuser both seem to work well....)

Appreciate your help






Re: impersonateloggedonuser and Getfil()

dni

Yes. You may try to run the software with a user with administrator rights. If is working you may cut some "rights" testing if program is working. I ran it with a power user and still working. What kind of users are logonuser and impersonateloggedonuser




Re: impersonateloggedonuser and Getfil()

rknh_20

Logon and impersonateloggedonuser have my rights...just plain user but I have addedthe following user rights to myself... 'Act as part of the operating system', 'Bypass Traverse Checking' and 'Replace a Process Level Token'. From what I have read in MS docs these are the required rights needed to call these dll functions. I will start checking out some od the other rights as well. thanks



Re: impersonateloggedonuser and Getfil()

dni

I think you need to be at least power user to modify and design in vfp.




Re: impersonateloggedonuser and Getfil()

rknh_20

I tried it with full Admin Access and still does not seem to work properly. I am beginning to suspect a W2K problem.



Re: impersonateloggedonuser and Getfil()

dni

May be this will help: Your code is working fine in my configuration:

W2K server (domain - admin)

XP - SP2 , VFP - SP1, ADMIN USER ACCOUNT, Tried also with power user account.