Quiet false errors, commit missing 1.29 changes

Changes for 1.29 that somehow didn't get committed.

Better checking for impersonation handle value (and quieting false errors) in Remote.cpp (v1.30)

Author: dnebeker

InteractiveSession.cpp

@@ -51,7 +51,7 @@ BOOL RunningAsLocalSystem();
 
 void CleanUpInteractiveProcess(CleanupInteractive* pCI) 
 {
-	SetTokenInformation(pCI->hUser, TokenSessionId, &pCI->origSessionID, sizeof(pCI->origSessionID));
+	//SetTokenInformation(pCI->hUser, TokenSessionId, &pCI->origSessionID, sizeof(pCI->origSessionID));
 
 	//// Allow logon SID full access to interactive window station.
 	//RemoveAceFromWindowStation(hwinsta, pSid);
@@ -74,47 +74,83 @@ void CleanUpInteractiveProcess(CleanupInteractive* pCI)
 	//hdesk = NULL;
 }
 
-BOOL PrepForInteractiveProcess(Settings& settings, CleanupInteractive* pCI, DWORD sessionID) 
+BOOL CALLBACK EnumWindowStationsProc(LPWSTR lpszWindowStation, LPARAM lParam)
 {
-	pCI->bPreped = true;
-	//settings.hUser is set as the -u user, Local System (from -s) or as the account the user originally launched PAExec with
+	Log(StrFormat(L"Seen winstation: %s", lpszWindowStation), (DWORD)0);
+	return TRUE;
+}
 
-	//figure out which session we need to go into
-	Duplicate(settings.hUser, __FILE__, __LINE__);
-	pCI->hUser = settings.hUser;
 
-	DWORD targetSessionID = sessionID;
+BOOL PrepForInteractiveProcess(Settings& settings, CleanupInteractive* pCI) 
+{
+	EnablePrivilege(SE_TCB_NAME, NULL);
+
+	pCI->bPreped = true;
+
+	//settings.hUser is already set as the -u user, Local System (from -s) or as the account the user originally launched PAExec with
 
+	//figure out which session we need to go into
 	if((DWORD)-1 == settings.sessionToInteractWith)
 	{
-		targetSessionID = GetInteractiveSessionID();
-		Log(StrFormat(L"Using SessionID %u (interactive session)", targetSessionID), false);
+		settings.sessionToInteractWith = GetInteractiveSessionID();
+		Log(StrFormat(L"Using SessionID %u (interactive session)", settings.sessionToInteractWith), false);
 	}
 	else
-		Log(StrFormat(L"Using SessionID %u from params", targetSessionID), false);
+		Log(StrFormat(L"Using SessionID %u from params", settings.sessionToInteractWith), false);
 
-	//if(FALSE == WTSQueryUserToken(targetSessionID, &settings.hUser))
-	//	Log(L"Failed to get user from session ", GetLastError());
+	if (settings.user.IsEmpty())
+	{
+		if(settings.bUseSystemAccount)
+		{
+			HANDLE hProcessToken = INVALID_HANDLE_VALUE;
+			OpenProcessToken(GetCurrentProcess(), MAXIMUM_ALLOWED, &hProcessToken);
+			DuplicateTokenToIncreaseRights(hProcessToken, __FILE__, __LINE__);
+			SetTokenInformation(hProcessToken, TokenSessionId, &settings.sessionToInteractWith, sizeof(DWORD));
+			settings.hUser = hProcessToken;
+			return TRUE;
+		}
 
-	//Duplicate(settings.hUser, __FILE__, __LINE__);
+		//no user given, but want interactive, so run as the currently logged in user
+		HANDLE hTmp = INVALID_HANDLE_VALUE;
+		if ((FALSE == WTSQueryUserToken(settings.sessionToInteractWith, &hTmp)) || (INVALID_HANDLE_VALUE == hTmp))
+			Log(StrFormat(L"WTSQueryUserToken failed for session ID %d", settings.sessionToInteractWith), GetLastError());
 
-	DWORD returnedLen = 0;
-	GetTokenInformation(settings.hUser, TokenSessionId, &pCI->origSessionID, sizeof(pCI->origSessionID), &returnedLen);
+		if (INVALID_HANDLE_VALUE != hTmp)
+		{
+			Log(L"Using user from WTSQueryUserToken", (DWORD)0);
+			settings.hUser = hTmp;
+			DuplicateTokenToIncreaseRights(settings.hUser, __FILE__, __LINE__);
+		}
+		return TRUE;
+	}
 
-	EnablePrivilege(SE_TCB_NAME, settings.hUser);
+	//This is the hard case - interactive with a specific user.  Not sure why it doesn't work better
+
+	DuplicateTokenToIncreaseRights(settings.hUser, __FILE__, __LINE__);
+	pCI->hUser = settings.hUser;
 
-	if(FALSE == SetTokenInformation(settings.hUser, TokenSessionId, &targetSessionID, sizeof(targetSessionID)))
+	//DWORD returnedLen = 0;
+	//if(FALSE == GetTokenInformation(settings.hUser, TokenSessionId, &pCI->origSessionID, sizeof(pCI->origSessionID), &returnedLen))
+	//	Log(L"GetTokenInformation failed", GetLastError());
+
+	if(false == EnablePrivilege(SE_TCB_NAME, settings.hUser))
+		Log(L"EnablePrivilege failed", GetLastError());
+
+	if(FALSE == SetTokenInformation(settings.hUser, TokenSessionId, &settings.sessionToInteractWith, sizeof(settings.sessionToInteractWith)))
 		Log(L"Failed to set interactive token", GetLastError());
 
 	return TRUE;
-////START FUNKY STUFF
+
+////START FUNKY STUFF - probably doesn't work because OpenWindowStation will get PAExec's Window Station in session 0, which is not what we want
+
 //	BOOL bResult = FALSE;
 //
 //	HDESK hdesk = NULL;
 //	HWINSTA hwinsta = NULL;
 //	PSID pSid = NULL;
 //	HWINSTA hwinstaSave = NULL;
-//
+//	USEROBJECTFLAGS uof = { 0 };
+//	DWORD needed = 0;
 //
 //	// Save a handle to the caller's current window station.
 //	if ((hwinstaSave = GetProcessWindowStation()) == NULL)
@@ -123,18 +159,28 @@ BOOL PrepForInteractiveProcess(Settings& settings, CleanupInteractive* pCI, DWOR
 //		goto Cleanup;
 //	}
 //
+//	LPCWSTR winStaToUse = L"WinSta0"; 
+//
 //	// Get a handle to the interactive window station.
 //	hwinsta = OpenWindowStation(
-//							_T("winsta0"),                   // the interactive window station 
+//							winStaToUse,            // the interactive window station 
 //							FALSE,                       // handle is not inheritable
-//							READ_CONTROL | WRITE_DAC);   // rights to read/write the DACL
+//							READ_CONTROL | WRITE_DAC | WINSTA_READATTRIBUTES);   // rights to read/write the DACL
 //
 //	if (BAD_HANDLE(hwinsta)) 
 //	{
-//		Log(L"Failed to open winsta0.", GetLastError());
+//		Log(StrFormat(L"Failed to open WinStation %s.", winStaToUse), GetLastError());
+//		EnumWindowStations(EnumWindowStationsProc, NULL);
+//
 //		goto Cleanup;
 //	}
 //
+//	//Some logging
+//	if(GetUserObjectInformation(hwinsta, UOI_FLAGS, &uof, sizeof(uof), &needed))
+//		Log(StrFormat(L"WinStation visible: %d", uof.dwFlags), (DWORD)0);
+//	else
+//		Log(L"GetUserObjectInformation failed", GetLastError());
+//
 //	// To get the correct default desktop, set the caller's 
 //	// window station to the interactive window station.
 //	if (!SetProcessWindowStation(hwinsta))
@@ -195,8 +241,8 @@ BOOL PrepForInteractiveProcess(Settings& settings, CleanupInteractive* pCI, DWOR
 //	bResult = TRUE;
 //
 //Cleanup: 
-//	if (!BAD_HANDLE(hwinstaSave))
-//		SetProcessWindowStation (hwinstaSave);
+////	if (!BAD_HANDLE(hwinstaSave))
+////		SetProcessWindowStation (hwinstaSave);
 //
 //	return bResult;
 }
@@ -1127,7 +1173,7 @@ typedef DWORD (WINAPI *WTSGetActiveConsoleSessionIdProc)(void);
 DWORD GetInteractiveSessionID()
 {
 	// Get the active session ID.
-	DWORD   SessionId = 0;
+	DWORD   SessionId = (DWORD)-1;
 	PWTS_SESSION_INFO pSessionInfo;
 	DWORD   Count = 0;
 
@@ -1136,30 +1182,34 @@ DWORD GetInteractiveSessionID()
 		for (DWORD i = 0; i < Count; i ++)
 		{
 			if (pSessionInfo [i].State == WTSActive)	//Here is
-			{
-				SessionId = pSessionInfo [i].SessionId;
-			}
+				SessionId = pSessionInfo[i].SessionId;
 		}
 		WTSFreeMemory (pSessionInfo);
 	}
 
-	if(0 == SessionId)
+	static WTSGetActiveConsoleSessionIdProc pWTSGetActiveConsoleSessionId = NULL;
+	if(NULL == pWTSGetActiveConsoleSessionId)
 	{
-		static WTSGetActiveConsoleSessionIdProc pWTSGetActiveConsoleSessionId = NULL;
-		if(NULL == pWTSGetActiveConsoleSessionId)
+		HMODULE hMod = LoadLibrary(L"Kernel32.dll"); //GLOK
+		if(NULL != hMod)
 		{
-			HMODULE hMod = LoadLibrary(L"Kernel32.dll"); //GLOK
-			if(NULL != hMod)
-			{
-				pWTSGetActiveConsoleSessionId = (WTSGetActiveConsoleSessionIdProc)GetProcAddress(hMod, "WTSGetActiveConsoleSessionId");
-			}
+			pWTSGetActiveConsoleSessionId = (WTSGetActiveConsoleSessionIdProc)GetProcAddress(hMod, "WTSGetActiveConsoleSessionId");
 		}
+	}
 
-		if(NULL != pWTSGetActiveConsoleSessionId) //not supported on Win2K
-			SessionId = pWTSGetActiveConsoleSessionId(); //we fall back on this if needed since it apparently doesn't always work
+	if(NULL != pWTSGetActiveConsoleSessionId) //not supported on Win2K
+	{
+		DWORD tmp = pWTSGetActiveConsoleSessionId(); //we fall back on this if needed since it apparently doesn't always work
+		if(0 == SessionId)
+			SessionId = tmp;
 		else
-			Log(L"WTSGetActiveConsoleSessionId not supported on this OS", false);
+		{
+			if(tmp != SessionId)
+				Log(StrFormat(L"WTSEnumerateSessions found session ID %u, but WTSGetActiveConsoleSessionId returned %u.  Using %u.", SessionId, tmp, SessionId), (DWORD)0);
+		}
 	}
+	else
+		Log(L"WTSGetActiveConsoleSessionId not supported on this OS", false);
 
 	return SessionId;
 }

PAExec.cpp

@@ -19,6 +19,10 @@
 
 ////////////////////////////////////////////////////////////////////////
 //
+//v1.30 - Feb 2, 2023
+//    Tried to make interactive work better.  Works OK if no username/password is given, and if running as the system account is wanted, but
+//    still doesn't work well when credentials are given.
+//
 //v1.29 - April 14, 2021
 //    will connect with given credentials before automatically trying file copy and service installation
 //    support redirected input from file
@@ -335,7 +339,7 @@ void PrintCopyright()
 		verInfo = NULL;
 	}
 
-	Log(StrFormat(L"\r\nPAExec %s - Execute Programs Remotely\r\nCopyright (c) 2012-2021 Power Admin LLC\r\nwww.poweradmin.com/PAExec\r\n", ver), false);
+	Log(StrFormat(L"\r\nPAExec %s - Execute Programs Remotely\r\nCopyright (c) 2012-2023 Power Admin LLC\r\nwww.poweradmin.com/PAExec\r\n", ver), false);
 }
 
 

PAExec.rc

@@ -69,12 +69,12 @@ BEGIN
         BEGIN
             VALUE "CompanyName", "Power Admin LLC"
             VALUE "FileDescription", "PAExec Application"
-            VALUE "FileVersion", "1.29.0.0"
+            VALUE "FileVersion", "1.30.0.0"
             VALUE "InternalName", "PAExec"
-            VALUE "LegalCopyright", "Copyright (c) 2012-2021 Power Admin LLC"
+            VALUE "LegalCopyright", "Copyright (c) 2012-2023 Power Admin LLC"
             VALUE "OriginalFilename", "PAExec.exe"
             VALUE "ProductName", "PAExec Application"
-            VALUE "ProductVersion", "1.29.0.0"
+            VALUE "ProductVersion", "1.30.0.0"
         END
     END
     BLOCK "VarFileInfo"

PAExec.vcxproj

@@ -14,19 +14,19 @@
     <ProjectGuid>{2FEB96F5-08E6-48A3-B306-794277650A08}</ProjectGuid>
     <RootNamespace>PAExec</RootNamespace>
     <Keyword>Win32Proj</Keyword>
-    <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v141_xp</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <UseOfMfc>false</UseOfMfc>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v141_xp</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <UseOfMfc>false</UseOfMfc>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>