Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

MS Logon as current user

Any features you would like to see in UltraVNC? Propose it here
Post Reply
yesod

MS Logon as current user

Post by yesod »

I'd like to be able to logon as current user if the currently logged user is a member of the specified group in ms logon panel.
(no user/pass prompt)
Marscha
Former moderator
Former moderator
Posts: 464
Joined: 2004-05-14 06:48

Post by Marscha »

I agree that this would be a great feature since it is the usage scenario I expect in most cases.
Unfortunately I think that this would require to change the VNC (authentication) protocol.
Besides that I have no idea how to implement this because Windows does not cache username and password from the Windows logon.
yesod

Post by yesod »

You can get the currently logged user name with this function (in Delphi)

function GetMyNetUserName: string;
var
localName : array[0..255] of char;
userName : array[0..255] of char;
rc : Integer;
len : cardinal;
begin
FillChar(localname,sizeof(localName), #00 );
FillChar(userName, sizeof(userName), #00);
len := 255-1;
rc := WNetGetUser(localName,userName,len);
if ( rc <> 0 ) then
result := ''
else
result := strpas(userName);
end;


After that you can validate the username on active directory like you seem to do already
Marscha
Former moderator
Former moderator
Posts: 464
Joined: 2004-05-14 06:48

Post by Marscha »

ok, username is no problem (you can even find it in the environment as USERNAME), but the password...
AFAIK the password is never ever stored somewhere, only something like a hash.
Maybe there is some way to authenticate with these stored credentials, but I don't know of it.
Guest

Post by Guest »

Maybe you don't need the password for a domain user where the server and remote are in the same domain? You know that the user is already validated in the domain. Is it enough just to check that the domain user is a member of one of the access groups specified on the VNC sever?

This wouldn't work for local accounts or different domains, but would cover the most common admin situation. Does this make sense, or am I overlooking something?
prandal
20
20
Posts: 36
Joined: 2004-06-08 15:24

Post by prandal »

You could peek at Mozilla's Bug 231529 which seeks to do the same thing :-)
User avatar
Rudi De Vos
Admin & Developer
Admin & Developer
Posts: 6863
Joined: 2004-04-23 10:21
Contact:

Post by Rudi De Vos »

Impersonation a user wil only work running as service
Running as application, you have a permission problem.
9.X/NT/W2K/XP handle the security different.
Possible, seperate code is needed for each OS.

Also, the server should pass the user name to the viewer.
"protocol change"
Without knowing the logged user, you don't have a clue for the password.

A simple thing can get a huge program :)
Post Reply