Microsoft KB Archive/238604

{|
 * width="100%"|

FIX: CryptAcquireContext Cancels Impersonation of Local Administrator

 * }

Q238604

-

The information in this article applies to:


 * Microsoft Win32 Application Programming Interface (API), used with:
 * Microsoft Windows NT Server versions 4.0, 4.0 SP4
 * Microsoft Windows NT Workstation versions 4.0, 4.0 SP4

-

SYMPTOMS
An application that is running under the SYSTEM account and that is impersonating a local administrator may revert back to SYSTEM when the application calls the CryptAcquireContext function. Impersonation of non-administrators does not cause this problem.

RESOLUTION
This bug is fixed on Windows NT version 4, Service Pack 6 (SP6).

STATUS
Microsoft has confirmed this to be a bug in the Microsoft products listed at the beginning of this article.

MORE INFORMATION
This problem most likely occurs in a service that is using CryptoAPI. To avoid this behavior, it is best to re-impersonate the user after CryptAcquireContext is called. The following is a small segment of code that implements the workaround:

HANDLE hToken = 0; HCRYPTPROV hProv = 0; TCHAR szOutput[256]; BOOL fResult;

// Assume we have User Name, Domain, and Password. fResult = LogonUser(szUserName,                   szDomain,                    szPassword,                    LOGON32_LOGON_SERVICE,                    LOGON32_PROVIDER_DEFAULT,                    &hToken); if (!fResult) {  wsprintf(szOutput, "LogonUser failed with %d\n", GetLastError); OutputDebugString(szOutput); goto Finish; }

// Note: You might need to load user profile here if user is not logged on // and you plan to use the user store.

// Impersonate the User. if (!ImpersonateLoggedOnUser(hToken)) {  wsprintf(szOutput, "ImpersonateLoggedOnUser failed with %x\n", GetLastError); OutputDebugString(szOutput); goto Finish; }

fResult = CryptAcquireContext(&hProv,                             "MyTempContainer",                              MS_DEF_PROV,                              PROV_RSA_FULL,                              CRYPT_MACHINE_KEYSET|                              CRYPT_NEWKEYSET); if (!fResult) {  wsprintf(szOutput, "CryptAcquireContext failed with %x\n", GetLastError); OutputDebugString(szOutput); goto Finish; }

// At this point, if we are running under the SYSTEM account, // and impersonating a local administrator, then we have reverted // back to SYSTEM. We must re-impersonate the user.

// Impersonate the User. if (!ImpersonateLoggedOnUser(hToken)) {  wsprintf(szOutput, "ImpersonateLoggedOnUser failed with %x\n", GetLastError); OutputDebugString(szOutput); goto Finish; }

// Other code here.

Finish: if (hProv) CryptReleaseContext(hProv, 0); if (hToken) CloseHandle(hToken); Additional query words:

Keywords : kbAPI kbKernBase kbSDKPlatform kbSDKWin32 kbSecurity kbDSupport kbGrpDSKernBase

Issue type : kbbug

Technology : kbAudDeveloper kbWin32sSearch kbWin32API