Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

LogonUser returns true for a wrong password

bool bRet=LogonUser(strUserName, L"", strPassword, LOGON32_LOGON_TYPE_NEW_CREDENTIALS, LOGON32_PROVIDER_WINNT50, &phToken)     

bRet always returns true even if I enter a wrong password when there is no domain. Is there any work around like if I enter a valid password it returns true and false for a wrong password when there is no domain.

like image 241
Deepak Avatar asked Jan 07 '23 16:01

Deepak


1 Answers

I assume that by LOGON32_LOGON_TYPE_NEW_CREDENTIALS you actually mean LOGON32_LOGON_NEW_CREDENTIALS. In which case the behaviour is exactly as would be expected. The documentation for that flag says:

This logon type allows the caller to clone its current token and specify new credentials for outbound connections. The new logon session has the same local identifier but uses different credentials for other network connections.

For local connections, the token that is returned is a clone of the current token. The credentials that you provided are only used for outbound connections. When you attempt such connections, the credentials will be checked at that point and you can expect failure then.

like image 164
David Heffernan Avatar answered Jan 13 '23 12:01

David Heffernan