Search code examples
c++winapiprivilegesmessage

Setting permissions to broadcast messages across multiple desktops

Hi,

I'm trying to send messages between applications that are located on different desktops. In order to accomplish this, I'm using BroadCastSystemMessage using BSM_ALLDESKTOPS set for LPDWORD lpdwRecipients parameter.

As the MSDN documentation says, BSM_ALLDESKTOPS - Broadcast to all desktops. Requires the SE_TCB_NAME privilege.

In order to meet this requirement I've found the following example which generates the ERROR_NOT_ALL_ASSIGNED, with the code 1300 - Not all privileges or groups referenced are assigned to the caller, in the last if statement: 

BOOL GrantPrivilege::SetPrivilege(HANDLE hToken, LPCTSTR lpszPrivilege, BOOL bEnablePrivilege)
{
    TOKEN_PRIVILEGES tp;
    LUID luid;

    if (!LookupPrivilegeValue(NULL, lpszPrivilege, &luid))
    {
        printf("LookupPrivilegeValue error: %u\n", GetLastError());
        return FALSE;
    }

    tp.PrivilegeCount = 1;
    tp.Privileges[0].Luid = luid;
    if (bEnablePrivilege)
        tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    else
        tp.Privileges[0].Attributes = 0;

    // Enable the privilege or disable all privileges.
    if (!AdjustTokenPrivileges(
        hToken,
        FALSE,
        &tp,
        sizeof(TOKEN_PRIVILEGES),
        (PTOKEN_PRIVILEGES)NULL,
        (PDWORD)NULL))
    {
        printf("AdjustTokenPrivileges error: %u\n", GetLastError());
        return FALSE;
    }

    if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)

    {
        printf("The token does not have the specified privilege. %u\n ", GetLastError());
        return FALSE;
    }

    return TRUE;
}

Maybe the error is caused by the way I'm making the call for this function: 

HANDLE hToken;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
    printf("%u", GetLastError());
GrantPrivilege gPriv;
gPriv.SetPrivilege(hToken, L"SeTcbPrivilege", true);

P.S. I've tried runing this application from an elevated prompt, but the result is the same, 1300 error code.

Solution

  • This error code means that current windows user is not allowed to use this privilege (this is why these are privileges, after all: not everyone have them). It is possible to grant a user such privilege, but I strongly advise against it. Instead, you should use some other form of inter-process communication. If you only need a signal without data, named event should be good. Otherwise, it could be a named pipe, socket, or shared memory section.