I have this problem that happened once, and I still donβt know how to fix it. I have a Windows service, when the service starts, you first need to impersonate a registered user (active user) in order to load some paths and settings that are saved in the data folder of user applications. The code I use works fine every time a new user logs into Windows, unless the service received the impersonation incorrectly and impersonated a system session instead of actie. As I said, this happened only once, but I canβt say why.
Here's how I check which session is active and how the impersonation is performed:
first, when the service detects a login event, it requests an active session identifier, calling
WTSGetActiveConsoleSessionId();
Then it checks if the session is active (connected) by calling WTSQuerySessionInformation as follows:
WTS_CONNECTSTATE_CLASS wts_connect_state = WTSDisconnected; WTS_CONNECTSTATE_CLASS* ptr_wts_connect_state = NULL; DWORD bytes_returned = 0; if (::WTSQuerySessionInformation( WTS_CURRENT_SERVER_HANDLE, session_id, WTSConnectState, reinterpret_cast<LPTSTR*>(&ptr_wts_connect_state), &bytes_returned)) { ASSERT(bytes_returned == sizeof(*ptr_wts_connect_state)); wts_connect_state = *ptr_wts_connect_state; ::WTSFreeMemory(ptr_wts_connect_state); return (WTSActive == wts_connect_state); }
where session_id is the session identifier returned by WTSGetActiveConsoleSessionId ().
Then I request the user token using WTSQueryUserToken
Then, if successful, the service calls GetTokenInformation as follows:
DWORD neededSize = 0; HANDLE *realToken = new HANDLE; if(GetTokenInformation(hImpersonationToken, (::TOKEN_INFORMATION_CLASS) TokenLinkedToken, realToken, sizeof(HANDLE), &neededSize)) { CloseHandle(hImpersonationToken); hImpersonationToken = *realToken; }
where hImpersonationToken is the token obtained from GetTokenInformation
And if all of the above succeeds, it calls
DuplicateTokenEx( hImpersonationToken, 0, NULL, SecurityImpersonation, TokenPrimary, phUserToken ); CloseHandle( hImpersonationToken );
and if he succeeds, then he personifies the extracted token
ImpersonateLoggedOnUser(phUserToken);
My service writes to the log file and, according to the log, all previous calls that were successful, even after the impersonation, the service loaded the system profile, not the user.
Now this problem happened once when I restarted my machine, but I did not even play it again, and I tried for several weeks.
I'm not sure how possible it is for a system profile session to be an active session. I just want to know that I am doing something wrong, not sure if I am using the wrong information class when I request session information or something like that.
Also want to know if it can determine if the requested session is really a system session before impersonating the returned token in order to repeat the issuance again?
As I said, all the calls mentioned check their objects and return codes before proceeding to the next step, so there were no errors in the calls, since it should not continue with impersonation, but it happened: (
Would thank any help possible ... thanks.