-
March 1st, 2007, 09:39 AM
#1
AdjustTokenPrivileges ERROR_NOT_ALL_ASSIGNED
To make a long story short, a webservice I'm expanding needs to run a c++ dll which tries to execute OpenProcess() but get an Error_Access_Denied. Have since increased aspnet_wp (the process running the webservice) privileges (debugging) but no go. Then read an article in microsoft Win32 QA that states I need to explicitly ask for the SeDebugPrivilege which I'm trying to do in the below code;
After running AdjustTokenPrivileges() GetLastError() return 1300 or ERROR_NOT_ALL_ASSIGNED. MSDN gives the following reason for such a return "The token does not have one or more of the privileges specified in the NewState parameter". Im sort of lost on how to debug this further, appreicate any input.
Code:
bool SetDebugPrivilege()
{
bool bResult = false;
HANDLE hToken=NULL;;
TOKEN_PRIVILEGES tp;
if (OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES, FALSE, &hToken))
{
tp.PrivilegeCount = 1;
if (LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid))
{
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
int iRes = AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL);
if (::GetLastError == ERROR_SUCCESS)
{
bResult = true;
}
}
int iError = ::GetLastError();
CloseHandle(hToken);
}
return bResult;
}
Before post, make an effort yourself, try googling or search here.
When posting, give a proper description of your problem, include code* and error messages.
*All code should include code tags
-
March 1st, 2007, 11:15 AM
#2
Re: AdjustTokenPrivileges ERROR_NOT_ALL_ASSIGNED
I think the process for which u are calling AdjustTokenPrivileges does not have the specified privilege in its token
U can fir call GetTokenInformation to first get the privileges ur process token have then u can call AdjustTokenPrivileges to enable or disable the existing privileges
-
March 1st, 2007, 12:48 PM
#3
Re: AdjustTokenPrivileges ERROR_NOT_ALL_ASSIGNED
Cheers for the reply mate.
Will give your suggestion a try tomorrow.
Before post, make an effort yourself, try googling or search here.
When posting, give a proper description of your problem, include code* and error messages.
*All code should include code tags
-
March 2nd, 2007, 05:35 AM
#4
Re: AdjustTokenPrivileges ERROR_NOT_ALL_ASSIGNED
Ran this code today and it show me three privileges; SeChangeNotifyPrivilege, SeShutdownPrivileges and SeUndockPrivilege all set to with attribute 3 which I believe is default enabled. However I dont find SeDefultPrivilege in the list.
Code:
HANDLE hToken;
OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS /*TOKEN_ADJUST_PRIVILEGES*/, FALSE, &hToken)
DWORD lenght;
TOKEN_PRIVILEGES* ptkp=NULL;
GetTokenInformation(hToken,TokenPrivileges,ptkp,0,&lenght);
char name[256];
ptkp = (TOKEN_PRIVILEGES*) new char[lenght];
if(GetTokenInformation(hToken,TokenPrivileges,ptkp,lenght,&lenght)!=0)
{
for(int i=0;i < ptkp->PrivilegeCount;i++)
{
lenght=256;
LookupPrivilegeName(NULL,&(ptkp->Privileges[i].Luid),name,&lenght);
DWORD dwAttri = ptkp->Privileges[i].Attributes;
}
}
In the above code I use
Code:
OpenThreadToken(...)
which returns me 3 privileges (it seems). By viewing aspnet_wp.exe (using Process Explorer ) which is the ASPNET web server running this code, it has more then 20 different privileges that are disabled or default enabled.
Could the problem be that a thread doesnt have the same privileges as the process its running form? When trying to use
Code:
OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&hToken)
it fails and returns Error_Access_Denied using GetLastError(); Even using only TOKEN_QUERY access token I get access denied error message.
Any ideas on where I'm going wrong?
Sorry for rambling on about this, its just that I quite confussed atm. Appreciate any input.
Last edited by laasunde; March 2nd, 2007 at 05:42 AM.
Before post, make an effort yourself, try googling or search here.
When posting, give a proper description of your problem, include code* and error messages.
*All code should include code tags
-
April 6th, 2018, 11:42 AM
#5
Re: AdjustTokenPrivileges ERROR_NOT_ALL_ASSIGNED
I was able to add that privilege. This link tells you how to do it using gpedit.msc
https://docs.microsoft.com/en-us/sql...option-windows
Later versions of Windows (8, 10, etc) don't always have gpedit.msc, this video tutorial tells you how to install it using a workaround:
https://www.youtube.com/watch?v=lFBghoA8VTc
After that AdjustTokenPrivileges() is able to enable SE_LOCK_MEMORY_NAME (that privilege exists in the token).
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|