Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

LogonUser() not authenticating user for invalid domain when computer is not on a domain

I'm having some problems with the LogonUser() API function in C++. The computer I'm testing this on is not on a domain. The account I'm testing with exists on the computer, but when i supply an invalid domain, it authenticates the login.

This does not seem right to me.

HANDLE token;

if (!LogonUser("LocalUser", "InvalidDomain", "Password",
                LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &token))
{
    unsigned long error = GetLastError();
}

Is this the right behavior?

like image 697
williamtroup Avatar asked Jan 30 '14 08:01

williamtroup


1 Answers

I believe that workgroup members don't support domain logons so the domain parameter is ignored. This explains what you are seeing.

You can confirm this. Try to authenticate using a real domain user (ensuring there isn't a local account with the same name). The logon should fail.

There is an exception. If you use the LOGON32_LOGON_NEW_CREDENTIALS flag (which amends the existing logon rather than creating a new one) then a domain logon will always succeed because it isn't authenticated until you attempt to access a remote resource.

like image 131
arx Avatar answered Oct 28 '22 16:10

arx