How to implement LogonUserA function?


I am creating a program where I want to use the LogonUserA function from the windows API but I am not able to find this function in the package. Any advice would be very helpful.

In addition to Jeff’s suggestion, you can also get away with not using Cgo here and instead use syscall.NewLazySystemDLL and (*syscall.LazyDLL).NewProc. I haven’t tested this; I just wrote it in the answer box here, so it might not even compile, but I think it should be close to what you’re looking for.

package main

var logonUserW = syscall.NewLazySystemDLL("advapi32.dll").NewProc("LogonUserW")

func LogonUser(username, domain, password string, logonType LogonType, logonProvider LogonProvider) (windows.Token, error) {
    pUsername := windows.UTF16PtrFromString(username)
    pDomain := windows.UTF16PtrFromString(domain)
    pPassword := windows.UTF16PtrFromString(password)
    hToken := uintptr(0)
    res, _, err := logonUserW.Call(
    if res != 0 {
        return windows.Token(hToken), nil
    return 0, err

type LogonType int32

const (
	// LOGON32_LOGON_BATCH is intended for batch servers, where
	// processes may be executing on behalf of a user without their
	// direct intervention. This type is also for higher performance
	// servers that process many plaintext authentication attempts at a
	// time, such as mail or web servers.
	LOGON32_LOGON_BATCH LogonType = 4

	// LOGON32_LOGON_INTERACTIVE is intended for users who will be
	// interactively using the computer, such as a user being logged on
	// by a terminal server, remote shell, or similar process. This
	// logon type has the additional expense of caching logon
	// information for disconnected operations; therefore, it is
	// inappropriate for some client/server applications, such as a
	// mail server.

	// LOGON32_LOGON_NETWORK is intended for high performance servers to
	// authenticate plaintext passwords. The LogonUser function does not
	// cache credentials for this logon type.

	// LOGON32_LOGON_NETWORK_CLEARTEXT preserves the name and password
	// in the authentication package, which allows the server to make
	// connections to other network servers while impersonating the
	// client. A server can accept plaintext credentials from a client,
	// call LogonUser, verify that the user can access the system across
	// the network, and still communicate with other servers.

	// LOGON32_LOGON_NEW_CREDENTIALS allows the caller to clone its
	// current token and specify new credentials for outbound
	// connections. The new logon session has the same local identifier
	// but uses different credentials for other network connections.
	// This logon type is supported only by the LOGON32_PROVIDER_WINNT50
	// logon provider.

	// LOGON32_LOGON_SERVICE indicates a service-type logon. The account
	// provided must have the service privilege enabled.

	// LOGON32_LOGON_UNLOCK GINAs are no longer supported.
	// Windows Server 2003 and Windows XP:  This logon type is for GINA
	// DLLs that log on users who will be interactively using the
	// computer. This logon type can generate a unique audit record that
	// shows when the workstation was unlocked.
	//LOGON32_LOGON_UNLOCK LogonType = 7

// Copied from MS documentation:

type LogonProvider int32

const (
	// LOGON32_PROVIDER_DEFAULT uses the standard logon provider for the
	// system. The default security provider is negotiate, unless you
	// pass NULL for the domain name and the user name is not in UPN
	// format. In this case, the default provider is NTLM.

	// LOGON32_PROVIDER_WINNT40 uses the NTLM logon provider.
	//LOGON32_PROVIDER_WINNT40 LogonProvider = 1

	// LOGON32_PROVIDER_WINNT40 uses the NTLM logon provider.
	//LOGON32_PROVIDER_WINNT40 LogonProvider = 2

	// LOGON32_PROVIDER_WINNT50 uses the negotiate logon provider.
	LOGON32_PROVIDER_WINNT50 LogonProvider = 3

EDIT: Forgot to put definitions of LogonType and LogonProvider


Cool, that looks lots easier than making Cgo work.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.