Microsoft KB Archive/245683

{|
 * width="100%"|

FIX: LogonUserW Fails If lpszDomain Is NULL

 * }

Q245683

-

The information in this article applies to:


 * Microsoft Win32 Application Programming Interface (API), used with:
 * the operating system: Microsoft Windows NT 4.0

-

SYMPTOMS
When you are performing a logon operation by using the LogonUser API, it is sometimes desirable to pass NULL for the name of the domain or server whose account database should be accessed. In this case, the system first attempts to validate the specified user account by using the computer's local account database. If the user does not exist in the local database, an attempt is then made to validate the user by searching the account databases of the computer's trusted domains until a match is found.

The ANSI version of this API, LogonUserA, works as expected. However on Windows NT 4.0, the Unicode version, LogonUserW, causes an access violation within NTDLL.dll if the lpszDomain parameter is passed as NULL.

CAUSE
When NULL is passed for the domain name, LogonUserW makes the incorrect assumption that the domain was passed as part of an initialized UNICODE_STRING structure. An attempt is made to access other members of this structure, which results in an access violation.

RESOLUTION
The easiest way to work around this problem is to explicitly call LogonUserA, expressing the user name and password as ANSI strings.

It is also possible to work around this problem by coercing the NULL value for the domain name into a UNICODE_STRING structure and passing it to LogonUserW. The following sample code demonstrates how to do this.

NOTE: The following approach should only be used on Windows NT 4.0. Furthermore, it should only be used when it is necessary to call LogonUserW with NULL for the domain name. If an actual string is to be passed for the domain name, there is no need to put it into a UNICODE_STRING structure.

#define UNICODE
 * 1) define _UNICODE


 * 1) include 
 * 2) include 
 * 3) include 
 * 4) include 


 * 1) define USERNAME L"Tristan"
 * 2) define PASSWORD L"Password"

void wmain {

WCHAR szDomain[1] = {NULL}; WCHAR szUser[UNLEN+1]; WCHAR szPw[PWLEN+1]; HANDLE hToken;

UNICODE_STRING Domain;

Domain.Buffer = (PWSTR) &szDomain; Domain.Length = 0; Domain.MaximumLength = 2;

wcsncpy(szUser, USERNAME, UNLEN); wcsncpy(szPw, PASSWORD, PWLEN);

if (!LogonUserW(szUser, Domain.Buffer, szPw, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &hToken)) { wprintf(L"LogonUser failed with error %d\n", GetLastError); return; }

CloseHandle(hToken); }

STATUS
Microsoft has confirmed this to be a bug in Windows NT 4.0.

This bug was corrected in Windows 2000.

Additional query words:

Keywords : kbAccCtrl kbAPI kbKernBase kbSDKWin32 kbSecurity kbDSupport kbGrpDSKernBase

Issue type : kbbug

Technology : kbAudDeveloper kbWin32sSearch kbWin32API