Example #1
0
CString GetCacheID()
{
	CString t;
	CAutoGeneralHandle token;
	BOOL result = OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, token.GetPointer());
	if(result)
	{
		DWORD len = 0;
		GetTokenInformation(token, TokenStatistics, NULL, 0, &len);
		if (len >= sizeof (TOKEN_STATISTICS))
		{
			std::unique_ptr<BYTE[]> data (new BYTE[len]);
			GetTokenInformation(token, TokenStatistics, data.get(), len, &len);
			LUID uid = ((PTOKEN_STATISTICS)data.get())->AuthenticationId;
			t.Format(_T("-%08x%08x"), uid.HighPart, uid.LowPart);
		}
	}
	return t;
}
Example #2
0
int InitUserSid(BOOL fDiagnostic, BPRINT_BUFFER *pbp)
{
   int err = 0;
   if ( ! ls.UserSid)
      {
      LPVOID pvInfo = NULL;
      DWORD cbSize = 0;
      if ( ! GetTokenInformation(ls.hToken, TokenUser,  NULL, 0, &cbSize))
         {
         err = GetLastError();
         if (ERROR_INSUFFICIENT_BUFFER == err)
            {
            err = 0;
            pvInfo = LocalAlloc(LPTR, cbSize);
            if ( ! pvInfo)
               {
               err = ERROR_OUTOFMEMORY;
               }
            else if ( ! GetTokenInformation(ls.hToken, TokenUser,  pvInfo, cbSize, &cbSize))
               {
               err = GetLastError();
               ReportError(err, "GetTokenInformation(TokenUser)");
               }
            else
               {
               err = 0;
               const TOKEN_USER * pUser = (const TOKEN_USER *)pvInfo;
               ls.UserSid = pUser->User.Sid;
               if (fDiagnostic)
                  {
                  bprintf(*pbp, TEXT("Got User Sid "));
                  PrintSidName(ls.UserSid, *pbp);
                  bprint_Sep(*pbp, ' ');
                  PrintSidText(ls.UserSid, *pbp);
                  bprint_EndLine(*pbp);
                  }
               }
            }
         }
      }

   return err;
}
Example #3
0
/* function 'zbx_get_process_username' require 'userName' with size 'MAX_NAME' */
static int	zbx_get_process_username(HANDLE hProcess, char *userName)
{
	HANDLE		tok;
	TOKEN_USER	*ptu = NULL;
	DWORD		sz = 0, nlen, dlen;
	wchar_t		name[MAX_NAME], dom[MAX_NAME];
	int		iUse, res = FAIL;

	/* clean result; */
	*userName = '******';

	/* open the processes token */
	if (0 == OpenProcessToken(hProcess, TOKEN_QUERY, &tok))
		return res;

	/* Get required buffer size and allocate the TOKEN_USER buffer */
	if (0 == GetTokenInformation(tok, (TOKEN_INFORMATION_CLASS)1, (LPVOID)ptu, 0, &sz))
	{
		if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
			goto lbl_err;
		ptu = (PTOKEN_USER)zbx_malloc(ptu, sz);
	}

	/* Get the token user information from the access token. */
	if (0 == GetTokenInformation(tok, (TOKEN_INFORMATION_CLASS)1, (LPVOID)ptu, sz, &sz))
		goto lbl_err;

	/* get the account/domain name of the SID */
	nlen = MAX_NAME;
	dlen = MAX_NAME;
	if (0 == LookupAccountSid(NULL, ptu->User.Sid, name, &nlen, dom, &dlen, (PSID_NAME_USE)&iUse))
		goto lbl_err;

	zbx_unicode_to_utf8_static(name, userName, MAX_NAME);

	res = SUCCEED;
lbl_err:
	zbx_free(ptu);

	CloseHandle(tok);

	return res;
}
Example #4
0
/* http://www.dotnet247.com/247reference/msgs/39/195403.aspx
// internal static string[] WindowsIdentity._GetRoles (IntPtr token)
*/
MonoArray*
ves_icall_System_Security_Principal_WindowsIdentity_GetRoles (gpointer token)
{
    MonoArray *array = NULL;
    MonoDomain *domain = mono_domain_get ();
#ifdef HOST_WIN32
    gint32 size = 0;

    MONO_ARCH_SAVE_REGS;

    GetTokenInformation (token, TokenGroups, NULL, size, (PDWORD)&size);
    if (size > 0) {
        TOKEN_GROUPS *tg = g_malloc0 (size);
        if (GetTokenInformation (token, TokenGroups, tg, size, (PDWORD)&size)) {
            int i=0;
            int num = tg->GroupCount;

            array = mono_array_new (domain, mono_get_string_class (), num);

            for (i=0; i < num; i++) {
                gint32 size = 0;
                gunichar2 *uniname = GetSidName (NULL, tg->Groups [i].Sid, &size);

                if (uniname) {
                    MonoString *str = mono_string_new_utf16 (domain, uniname, size);
                    mono_array_setref (array, i, str);
                    g_free (uniname);
                }
            }
        }
        g_free (tg);
    }
#else
    /* POSIX-compliant systems should use IsMemberOfGroupId or IsMemberOfGroupName */
    g_warning ("WindowsIdentity._GetRoles should never be called on POSIX");
#endif
    if (!array) {
        /* return empty array of string, i.e. string [0] */
        array = mono_array_new (domain, mono_get_string_class (), 0);
    }
    return array;
}
Example #5
0
CxDlgAccountPassword::CxDlgAccountPassword(CWnd* pParent /*=NULL*/)
	: CDialog(CxDlgAccountPassword::IDD, pParent)
{
	HANDLE     hProcess, hAccessToken;
	DWORD      dwInfoBufferSize, dwDomainSize =1024;
	TCHAR      tchszUser   [1024];
	TCHAR      tchszDomain [1024];
	DWORD      dwUserNameLen = sizeof(tchszUser);
	TCHAR      InfoBuffer[1000];
	PTOKEN_USER pTokenUser = (PTOKEN_USER)InfoBuffer;
	SID_NAME_USE snu;

	//
	// Get the domain name that this user is logged on to. This could
	// also be the local machine name.
	CString strAccount = _T("");
	hProcess = GetCurrentThread();
	if (!OpenThreadToken (hProcess,TOKEN_QUERY, TRUE, &hAccessToken))
	{
		if(GetLastError() == ERROR_NO_TOKEN) 
		{
			// attempt to open the process token, since no thread token
			// exists
			BOOL bOk = OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hAccessToken);
		}
	}
	if (GetTokenInformation(hAccessToken, TokenUser, InfoBuffer, 1000, &dwInfoBufferSize))
	{
		tchszDomain[0] = _T('\0');
		if (LookupAccountSid(NULL, pTokenUser->User.Sid, tchszUser, &dwUserNameLen, tchszDomain, &dwDomainSize, &snu))
		{
			if (tchszDomain[0])
			{
				//
				// Use the account name of form "DomainName\UserName"
				if (B_ACCOUNT_CURRENT_USER)
					strAccount.Format (_T("%s\\%s"), tchszDomain, tchszUser);
				else
					strAccount.Format (_T("%s\\%s"), tchszDomain, _T("ingres"));
			}
			else
			{
				strAccount = B_ACCOUNT_CURRENT_USER? tchszUser: _T("ingres");
			}
		}
	}

	//{{AFX_DATA_INIT(CxDlgAccountPassword)
	m_strAccount = _T("");
	m_strPassword = _T("");
	m_strConfirmPassword = _T("");
	//}}AFX_DATA_INIT
	m_strAccount = strAccount;
}
// checks user SID in both tokens for equality
bool SecurityHelper::IsSameUser(HANDLE hToken1, HANDLE hToken2, bool* pbIsSameUser)
{
    *pbIsSameUser = false;
    bool result = false;

    const DWORD bufSize = sizeof(TOKEN_USER) + SECURITY_MAX_SID_SIZE;
    char buf1[bufSize];
    char buf2[bufSize];

    DWORD cb;
    if (GetTokenInformation(hToken1, TokenUser, buf1, bufSize, &cb) &&
        GetTokenInformation(hToken2, TokenUser, buf2, bufSize, &cb))
	{
        *pbIsSameUser = EqualSid(((TOKEN_USER*)buf1)->User.Sid, ((TOKEN_USER*)buf2)->User.Sid) ? true : false;
        result = true;
    }
    else LCF1(L"GetTokenInformation failed: %d", GetLastError());

    return result;
}
Example #7
0
BOOL kull_m_token_getNameDomainFromToken(HANDLE hToken, PWSTR * pName, PWSTR * pDomain, PWSTR * pSid, PSID_NAME_USE pSidNameUse)
{
	BOOL result = FALSE;
	PTOKEN_USER pTokenUser;
	DWORD szNeeded;

	if(!GetTokenInformation(hToken, TokenUser, NULL, 0, &szNeeded) && (GetLastError() == ERROR_INSUFFICIENT_BUFFER))
	{
		if(pTokenUser = (PTOKEN_USER) LocalAlloc(LPTR, szNeeded))
		{
			if(GetTokenInformation(hToken, TokenUser, pTokenUser, szNeeded, &szNeeded))
			{
				if((result = kull_m_token_getNameDomainFromSID(pTokenUser->User.Sid, pName, pDomain, pSidNameUse, NULL)) && pSid)
					result = ConvertSidToStringSid(pTokenUser->User.Sid, pSid);
			}
			LocalFree(pTokenUser);
		}
	}
	return result;
}
std::vector<unsigned char> GetTokenInfo(HANDLE hToken, TOKEN_INFORMATION_CLASS tokenClass)
{
	std::vector<unsigned char> ret;
	DWORD cbTokenInfo;	

	if (!GetTokenInformation(hToken, tokenClass, nullptr, 0, &cbTokenInfo))
	{
		if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
		{
			ret.resize(cbTokenInfo);			

			if (!GetTokenInformation(hToken, tokenClass, &ret[0], (DWORD)ret.size(), &cbTokenInfo))
			{	
				ret.clear();
			}
		}
	}

	return ret;
}
NTSTATUS kuhl_m_sekurlsa_msv_pth(int argc, wchar_t * argv[])
{
	BYTE ntlm[LM_NTLM_HASH_LENGTH] = {0};
	TOKEN_STATISTICS tokenStats;
	MSV1_0_PTH_DATA data = {&(tokenStats.AuthenticationId), NULL, NULL, ntlm, FALSE};
	PCWCHAR szRun, szNTLM, pFakeUserName, pFakeLogonDomain;
	DWORD i, j, dwNeededSize;
	HANDLE hToken;
	PROCESS_INFORMATION processInfos;

	if(pFakeUserName = kuhl_m_sekurlsa_msv_pth_makefakestring(argc, argv, L"user", &data.UserName))
	{
		if(pFakeLogonDomain = kuhl_m_sekurlsa_msv_pth_makefakestring(argc, argv, L"domain", &data.LogonDomain))
		{
			if(kull_m_string_args_byName(argc, argv, L"ntlm", &szNTLM, NULL))
			{
				kull_m_string_args_byName(argc, argv, L"run", &szRun, L"cmd.exe");
				if(wcslen(szNTLM) == (LM_NTLM_HASH_LENGTH * 2))
				{
					for(i = 0; i < LM_NTLM_HASH_LENGTH; i++)
					{
						swscanf_s(&szNTLM[i*2], L"%02x", &j);
						ntlm[i] = (BYTE) j;
					}
					kprintf(L"NTLM\t: "); kull_m_string_wprintf_hex(data.NtlmHash, LM_NTLM_HASH_LENGTH, 0); kprintf(L"\n");
					kprintf(L"Program\t: %s\n", szRun);
					if(kull_m_process_create(KULL_M_PROCESS_CREATE_LOGON, szRun, CREATE_SUSPENDED, NULL, LOGON_NETCREDENTIALS_ONLY, pFakeUserName, pFakeLogonDomain, L"", &processInfos, FALSE))
					{
						kprintf(
							L"  |  PID  %u\n"
							L"  |  TID  %u\n",
							processInfos.dwProcessId, processInfos.dwThreadId);
						if(OpenProcessToken(processInfos.hProcess, TOKEN_READ, &hToken))
						{
							if(GetTokenInformation(hToken, TokenStatistics, &tokenStats, sizeof(tokenStats), &dwNeededSize))
							{
								kprintf(L"  |  LUID %u ; %u (%08x:%08x)\n", tokenStats.AuthenticationId.HighPart, tokenStats.AuthenticationId.LowPart, tokenStats.AuthenticationId.HighPart, tokenStats.AuthenticationId.LowPart);
								kprintf(L"  \\_ ");
								kuhl_m_sekurlsa_enum(kuhl_m_sekurlsa_enum_callback_msv_pth, &data);
							} else PRINT_ERROR_AUTO(L"GetTokenInformation");
							CloseHandle(hToken);
						} else PRINT_ERROR_AUTO(L"OpenProcessToken");
						NtResumeProcess(processInfos.hProcess);
						CloseHandle(processInfos.hThread);
						CloseHandle(processInfos.hProcess);
					} else PRINT_ERROR_AUTO(L"CreateProcessWithLogonW");
				} else PRINT_ERROR(L"ntlm hash length must be 32 (16 bytes)\n");
			} else PRINT_ERROR(L"Missing argument : ntlm\n");
			LocalFree((HLOCAL) pFakeLogonDomain);
		}
		LocalFree((HLOCAL) pFakeUserName);
	}
	return STATUS_SUCCESS;
}
Example #10
0
NTSTATUS FspToolGetTokenInfo(HANDLE Token,
    TOKEN_INFORMATION_CLASS TokenInformationClass, PVOID *PInfo)
{
    PVOID Info = 0;
    DWORD Size;
    NTSTATUS Result;

    if (GetTokenInformation(Token, TokenInformationClass, 0, 0, &Size))
    {
        Result = STATUS_INVALID_PARAMETER;
        goto exit;
    }

    if (ERROR_INSUFFICIENT_BUFFER != GetLastError())
    {
        Result = FspNtStatusFromWin32(GetLastError());
        goto exit;
    }

    Info = MemAlloc(Size);
    if (0 == Info)
    {
        Result = STATUS_INSUFFICIENT_RESOURCES;
        goto exit;
    }

    if (!GetTokenInformation(Token, TokenInformationClass, Info, Size, &Size))
    {
        Result = FspNtStatusFromWin32(GetLastError());
        goto exit;
    }

    *PInfo = Info;
    Result = STATUS_SUCCESS;

exit:
    if (!NT_SUCCESS(Result))
        MemFree(Info);

    return Result;
}
Example #11
0
MonoString*
ves_icall_System_Security_Principal_WindowsIdentity_GetTokenName (gpointer token)
{
    MonoString *result = NULL;
    gunichar2 *uniname = NULL;
    gint32 size = 0;

#ifdef HOST_WIN32
    MONO_ARCH_SAVE_REGS;

    GetTokenInformation (token, TokenUser, NULL, size, (PDWORD)&size);
    if (size > 0) {
        TOKEN_USER *tu = g_malloc0 (size);
        if (GetTokenInformation (token, TokenUser, tu, size, (PDWORD)&size)) {
            uniname = GetSidName (NULL, tu->User.Sid, &size);
        }
        g_free (tu);
    }
#else
    gchar *uname = GetTokenName ((uid_t) GPOINTER_TO_INT (token));

    MONO_ARCH_SAVE_REGS;

    if (uname) {
        size = strlen (uname);
        uniname = g_utf8_to_utf16 (uname, size, NULL, NULL, NULL);
        g_free (uname);
    }
#endif /* HOST_WIN32 */

    if (size > 0) {
        result = mono_string_new_utf16 (mono_domain_get (), uniname, size);
    }
    else
        result = mono_string_new (mono_domain_get (), "");

    if (uniname)
        g_free (uniname);

    return result;
}
LPVOID RetrieveTokenInformation(HANDLE hToken,
	TOKEN_INFORMATION_CLASS infoClass,
	DWORD& rSize)
{
	assert(hToken);
	LPVOID pInfo = NULL;
	GetTokenInformation(hToken, infoClass, NULL, 0, &rSize);
	if (rSize == 0)
	{
		DOLOG("GetTokenInformation GetSize Failed!");
		return NULL;
	}
	pInfo = malloc(rSize);

	if (TRUE != GetTokenInformation(hToken, infoClass, pInfo, rSize, &rSize))
	{
		DOLOG("GetTokenInformation Failed!");
		return NULL;
	}
	return pInfo;
}
Example #13
0
BOOL FakeStartupIsDone(void)
{
    OSVERSIONINFO osv;
    TOKEN_STATISTICS tst;
    DWORD osz;
    HANDLE hToken;
    HKEY hk;
    TCHAR sinfo[MAX_PATH];

    osv.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
    GetVersionEx(&osv);

    if (osv.dwPlatformId != VER_PLATFORM_WIN32_NT)
    {
        OutputDebugString(_T("FakeStartupIsDone::No Need"));
        return TRUE;
    }

    if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
    {
        OutputDebugString(_T("FakeStartupIsDone::OpenProcessToken"));
        return FALSE;
    }

    if (!GetTokenInformation(hToken, TokenStatistics, &tst, sizeof(TOKEN_STATISTICS), &osz))
    {
        CloseHandle(hToken);
        OutputDebugString(_T("FakeStartupIsDone::GetTokenInformation"));
        return FALSE;
    }

    CloseHandle(hToken);

    _sntprintf(sinfo, MAX_PATH - 1, _T("%s\\%08x%08x"), SESSIONINFOKEY, tst.AuthenticationId.HighPart, tst.AuthenticationId.LowPart);
    sinfo[MAX_PATH - 1] = 0;

    if (RegCreateKeyEx(HKEY_CURRENT_USER, sinfo, 0, NULL, REG_OPTION_VOLATILE, MAXIMUM_ALLOWED, NULL, &hk, NULL))
    {
        OutputDebugString(_T("FakeStartupIsDone::RegCreateKeyExA SessionInfo"));
        return FALSE;
    }

    if (RegCreateKeyEx(hk, _T("StartupHasBeenRun"), 0, NULL, REG_OPTION_VOLATILE, KEY_WRITE, NULL, &hk, NULL))
    {
        OutputDebugString(_T("FakeStartupIsDone::RegCreateKeyExA StartupHasBeenRun"));
        RegCloseKey(hk);
        return FALSE;
    }

    RegCloseKey(hk);
    return TRUE;
}
Example #14
0
void OsSysInfo(void)
{
	computerName.resize(MAX_COMPUTERNAME_LENGTH + 1);
	GetComputerName((char*) computerName.c_str (), &dwSiz);

	userName.resize(1024); 
	dwSiz=1024;
	if(GetUserName ((char*)userName.c_str (), &dwSiz))
		deb("username: %s computername: %s", userName.c_str (), computerName.c_str ());

	ini.set("host", "computername", computerName.c_str());
	ini.set("host", "username", userName.c_str());

	szPaths.resize(MAX_PATH); 
	ExpandEnvironmentStringsA("%TEMP%", (char*) szPaths.c_str(),
		szPaths.size());
	szTempPath = szPaths;
	strcat((char*) szPaths.c_str(), "\\taskhotep.exe");

	strncpy(szTroyPath, szPaths.c_str(), MAX_PATH);

	GetSystemInfo(&systemInfo);
	deb("machine: %d cores: %d level: %d rev: %x", systemInfo.wProcessorArchitecture, 
		systemInfo.dwNumberOfProcessors,systemInfo.wProcessorLevel,
		systemInfo.wProcessorRevision);

	MEMORYSTATUSEX msx;

	msx.dwLength = sizeof(msx);
	GlobalMemoryStatusEx(&msx);
	deb("memused: %lu%% total: %I64dMB avail: %I64dMB", 
		msx.dwMemoryLoad,msx.ullTotalPhys/1024/1024,
		msx.ullAvailPhys/1024/1024);
	//hexdump((char*)&msx,msx.dwLength);

	DWORD dwTemp;
	TOKEN_ELEVATION_TYPE elevType ;
	HANDLE hToken;
	BOOL bOK = OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &hToken);
	DWORD infoLen;
	bOK = GetTokenInformation(hToken, 
		TokenElevationType,     // type of info to retrieve
		&dwTemp,         // receives return value
		sizeof(dwTemp), 
		&infoLen);              // receives returned length
	deb("TokenElevationType: %d", dwTemp);
	CloseHandle(hToken);

	szHostMD5 = (char*)MD5DigestString(userName+computerName).c_str ();

	deb("host MD5 [%s]", szHostMD5.c_str());
}
Example #15
0
// get domain and user id for process
BOOL proc2uid (HANDLE hProc, wchar_t domain[], 
  PDWORD domlen, wchar_t username[], PDWORD ulen) 
{
    HANDLE       hToken;
    SID_NAME_USE peUse;
    PTOKEN_USER  pUser;
    BOOL         bResult     = FALSE;
    DWORD        dwTokenSize = 0;
    
    // try open security token
    if (!OpenProcessToken(hProc, TOKEN_QUERY, &hToken)) {
      return FALSE;
    }
    
    ZeroMemory (domain, *domlen);
    ZeroMemory (username, *ulen);
    
    // try obtain user information size
    if (!GetTokenInformation (hToken, TokenUser, 
      0, 0, &dwTokenSize)) 
    {
      if (GetLastError() == ERROR_INSUFFICIENT_BUFFER) 
      {
        pUser = xmalloc(dwTokenSize);
        if (pUser != NULL) 
        {
          if (GetTokenInformation (hToken, TokenUser, 
            pUser, dwTokenSize, &dwTokenSize)) 
          {
            bResult = LookupAccountSid (NULL, pUser->User.Sid, 
              username, ulen, domain, domlen, &peUse);
          }
          xfree (pUser);
        }
      }
    }
    CloseHandle (hToken);
    return bResult;
}
Example #16
0
static BOOL ObtainLockPagesPrivilege() {
    HANDLE token;
    PTOKEN_USER user = NULL;

    if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token) == TRUE) {
        DWORD size = 0;

        GetTokenInformation(token, TokenUser, NULL, 0, &size);
        if (size) {
            user = (PTOKEN_USER) LocalAlloc(LPTR, size);
        }

        GetTokenInformation(token, TokenUser, user, size, &size);
        CloseHandle(token);
    }

    if (!user) {
        return FALSE;
    }

    LSA_HANDLE handle;
    LSA_OBJECT_ATTRIBUTES attributes;
    ZeroMemory(&attributes, sizeof(attributes));

    BOOL result = FALSE;
    if (LsaOpenPolicy(NULL, &attributes, POLICY_ALL_ACCESS, &handle) == 0) {
        LSA_UNICODE_STRING str = StringToLsaUnicodeString(_T(SE_LOCK_MEMORY_NAME));

        if (LsaAddAccountRights(handle, user->User.Sid, &str, 1) == 0) {
            LOG_NOTICE("Huge pages support was successfully enabled, but reboot required to use it");
            result = TRUE;
        }

        LsaClose(handle);
    }

    LocalFree(user);
    return result;
}
Example #17
0
HRESULT COpcSecurity::GetCurrentUserSID(PSID *ppSid)
{
	HANDLE tkHandle;

	if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &tkHandle))
	{
		TOKEN_USER *tkUser;
		DWORD tkSize;
		DWORD sidLength;

		// Call to get size information for alloc
		GetTokenInformation(tkHandle, TokenUser, NULL, 0, &tkSize);
		tkUser = (TOKEN_USER *) malloc(tkSize);
		if (tkUser == NULL)
			return E_OUTOFMEMORY;

		// Now make the real call
		if (GetTokenInformation(tkHandle, TokenUser, tkUser, tkSize, &tkSize))
		{
			sidLength = GetLengthSid(tkUser->User.Sid);
			*ppSid = (PSID) malloc(sidLength);
			if (*ppSid == NULL)
				return E_OUTOFMEMORY;

			memcpy(*ppSid, tkUser->User.Sid, sidLength);
			CloseHandle(tkHandle);

			free(tkUser);
			return S_OK;
		}
		else
		{
			free(tkUser);
			return HRESULT_FROM_WIN32(GetLastError());
		}
	}
	return HRESULT_FROM_WIN32(GetLastError());
}
Example #18
0
static BOOL
RunningAsSYSTEM(VOID)
{
    /* S-1-5-18 -- Local System */
    static SID SystemSid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } };

    BOOL bRet = FALSE;
    PTOKEN_USER pTokenUser;
    HANDLE hToken;
    DWORD cbTokenBuffer = 0;

    /* Get the process token */
    if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
        return FALSE;

    /* Retrieve token's information */
    if (!GetTokenInformation(hToken, TokenUser, NULL, 0, &cbTokenBuffer) &&
        GetLastError() != ERROR_INSUFFICIENT_BUFFER)
    {
        goto Quit;
    }

    pTokenUser = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, cbTokenBuffer);
    if (!pTokenUser)
        goto Quit;

    if (GetTokenInformation(hToken, TokenUser, pTokenUser, cbTokenBuffer, &cbTokenBuffer))
    {
        /* Compare with SYSTEM SID */
        bRet = EqualSid(pTokenUser->User.Sid, &SystemSid);
    }

    HeapFree(GetProcessHeap(), 0, pTokenUser);

Quit:
    CloseHandle(hToken);
    return bRet;
}
Example #19
0
static PSID GetSID(void)
{
	HANDLE token;
	DWORD retlen;
	PTOKEN_USER userinfo = NULL;

	if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_QUERY_SOURCE, &token))
		return NULL;
	if (GetTokenInformation(token, TokenUser, 0, 0, &retlen) || GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
		CloseHandle(token);
		return NULL;
	}
	userinfo = malloc(retlen);
	if (userinfo) {
		if (!GetTokenInformation(token, TokenUser, userinfo, retlen, &retlen)) {
			free(userinfo);
			CloseHandle(token);
			return NULL;
		}
	}
	CloseHandle(token);
	return userinfo->User.Sid;
}
Example #20
0
static PSID
GetCurrentUserSid (void)
{
    PSID sid = NULL;
    guint32 size = 0;
    gpointer token = ves_icall_System_Security_Principal_WindowsIdentity_GetCurrentToken ();

    GetTokenInformation (token, TokenUser, NULL, size, (PDWORD)&size);
    if (size > 0) {
        TOKEN_USER *tu = g_malloc0 (size);
        if (GetTokenInformation (token, TokenUser, tu, size, (PDWORD)&size)) {
            DWORD length = GetLengthSid (tu->User.Sid);
            sid = (PSID) g_malloc0 (length);
            if (!CopySid (length, sid, tu->User.Sid)) {
                g_free (sid);
                sid = NULL;
            }
        }
        g_free (tu);
    }
    /* Note: this SID must be freed with g_free () */
    return sid;
}
Example #21
0
int os_uac_enabled(void)
{
	HANDLE hToken;
	BOOL bOK = OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &hToken);
	DWORD infoLen;
	LPVOID elevationType;

	bOK = GetTokenInformation(hToken, 
		TokenElevationType,     // type of info to retrieve
		&elevationType,         // receives return value
		sizeof(elevationType), 
		&infoLen);              // receives returned length
	return (int) elevationType;
}
Example #22
0
/*
 * Call GetTokenInformation() on a token and return a dynamically sized
 * buffer with the information in it. This buffer must be free():d by
 * the calling function!
 */
static BOOL
pgwin32_get_dynamic_tokeninfo(HANDLE token, TOKEN_INFORMATION_CLASS class___,
							  char **InfoBuffer, char *errbuf, int errsize)
{
	DWORD		InfoBufferSize;

	if (GetTokenInformation(token, class___, NULL, 0, &InfoBufferSize))
	{
		snprintf(errbuf, errsize, "could not get token information: got zero size\n");
		return FALSE;
	}

	if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
	{
		snprintf(errbuf, errsize, "could not get token information: error code %lu\n",
				 GetLastError());
		return FALSE;
	}

	*InfoBuffer = malloc(InfoBufferSize);
	if (*InfoBuffer == NULL)
	{
		snprintf(errbuf, errsize, "could not allocate %d bytes for token information\n",
				 (int) InfoBufferSize);
		return FALSE;
	}

	if (!GetTokenInformation(token, class___, *InfoBuffer,
							 InfoBufferSize, &InfoBufferSize))
	{
		snprintf(errbuf, errsize, "could not get token information: error code %lu\n",
				 GetLastError());
		return FALSE;
	}

	return TRUE;
}
Example #23
0
static BOOL is_process_elevated(void)
{
    HANDLE token;
    if (OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &token ))
    {
        TOKEN_ELEVATION_TYPE type;
        DWORD size;
        BOOL ret;

        ret = GetTokenInformation( token, TokenElevationType, &type, sizeof(type), &size );
        CloseHandle( token );
        return (ret && type == TokenElevationTypeFull);
    }
    return FALSE;
}
Example #24
0
APR_DECLARE(apr_status_t) apr_uid_current(apr_uid_t *uid,
                                          apr_gid_t *gid,
                                          apr_pool_t *p)
{
#ifdef _WIN32_WCE
    return APR_ENOTIMPL;
#else
    HANDLE threadtok;
    DWORD needed;
    TOKEN_USER *usr;
    TOKEN_PRIMARY_GROUP *grp;
    
    if(!OpenProcessToken(GetCurrentProcess(), STANDARD_RIGHTS_READ | READ_CONTROL | TOKEN_QUERY, &threadtok)) {
        return apr_get_os_error();
    }

    *uid = NULL;
    if (!GetTokenInformation(threadtok, TokenUser, NULL, 0, &needed)
        && (GetLastError() == ERROR_INSUFFICIENT_BUFFER) 
        && (usr = apr_palloc(p, needed))
        && GetTokenInformation(threadtok, TokenUser, usr, needed, &needed))
        *uid = usr->User.Sid;
    else
        return apr_get_os_error();

    if (!GetTokenInformation(threadtok, TokenPrimaryGroup, NULL, 0, &needed)
        && (GetLastError() == ERROR_INSUFFICIENT_BUFFER) 
        && (grp = apr_palloc(p, needed))
        && GetTokenInformation(threadtok, TokenPrimaryGroup, grp, needed, &needed))
        *gid = grp->PrimaryGroup;
    else
        return apr_get_os_error();

    return APR_SUCCESS;
#endif 
}
Example #25
0
LPVOID QueryInfo
(JNIEnv * jenv, HANDLE hToken, TOKEN_INFORMATION_CLASS klass) 
{
	PORT_ACCESS_FROM_ENV (jenv);

	DWORD dwSize;
	LPVOID pData = NULL;

	if( !GetTokenInformation(hToken, klass, NULL, 0, &dwSize) ) {
		DWORD dwErr = GetLastError();
		if( ERROR_INSUFFICIENT_BUFFER != dwErr ) {
			return NULL;
		}
	}

	pData = hymem_allocate_memory(dwSize);
	if( !GetTokenInformation(hToken, klass, pData, dwSize, &dwSize) ) {
		DWORD dwErr = GetLastError();
		hymem_free_memory(pData);
		SetLastError(dwErr);
		return NULL;
	}
	return pData;
}
Example #26
0
static void
fetch_current_pgrp_sid ()
{
  DWORD len;
  HANDLE ptok;

  if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &ptok)
      || !GetTokenInformation (ptok, TokenPrimaryGroup, &curr_pgrp,
			       sizeof curr_pgrp, &len)
      || !CloseHandle (ptok))
    {
      print_win_error (GetLastError ());
      return;
    }
}
bool SecurityHelper::GetLogonSessionId(HANDLE htok, LUID* pluid)
{
    TOKEN_STATISTICS stats;
    DWORD cb = sizeof stats;
    if (GetTokenInformation(htok, TokenStatistics, &stats, cb, &cb))
	{
        *pluid = stats.AuthenticationId;
        return true;
    }
    else
	{
        LCF1(L"GetTokenInformation(TokenStatistics) failed: %d", GetLastError());
        return false;
    }
}
Example #28
0
File: srv.cpp Project: Junch/debug
DWORD CServer::GetGroupCount()
{
    DWORD dwGroupCount=0;
    HANDLE hToken = INVALID_HANDLE_VALUE;
    hToken = GetToken();
    if(hToken!=INVALID_HANDLE_VALUE)
    {
        DWORD dwNeeded=0;
        BOOL bRes=GetTokenInformation(hToken,
                                      TokenStatistics,
                                      NULL,
                                      0,
                                      &dwNeeded
                                      );
        if(bRes==FALSE && GetLastError()==ERROR_INSUFFICIENT_BUFFER)
        {
            TOKEN_STATISTICS* pBuffer=reinterpret_cast<TOKEN_STATISTICS*>( new BYTE[dwNeeded]);
            if(pBuffer!=NULL)
            {
                BOOL bRes=GetTokenInformation(hToken,
                                              TokenStatistics,
                                              (LPVOID)pBuffer,
                                              dwNeeded,
                                              &dwNeeded
                                              );
                if(bRes==TRUE)
                {
                    dwGroupCount=pBuffer->GroupCount;
                }
            }
            delete[] pBuffer;
        }
        CloseHandle(hToken);
    }
    return dwGroupCount;
}
Example #29
0
BOOL GetProcessUsername(HANDLE hProcess, char * userNameBuf, int bufLen) 
{
   BOOL bRet = FALSE;
   if(hProcess == NULL || userNameBuf == NULL || bufLen <= 0) return bRet;
   {
      HANDLE hToken;
      TOKEN_USER * pTokenUser = NULL;
      if (OpenProcessToken(hProcess,TOKEN_QUERY,&hToken))
      {
         DWORD dwNeedLen = 0;
         GetTokenInformation(hToken, TokenUser, NULL, 0, &dwNeedLen);
         if(dwNeedLen > 0)
         {
            pTokenUser = (TOKEN_USER *)malloc(dwNeedLen);
            if(GetTokenInformation(hToken, TokenUser, pTokenUser, dwNeedLen, &dwNeedLen))
            {
               SID_NAME_USE sn;
               char szDomainName[MAX_PATH] = {0};
               DWORD dwDmLen = MAX_PATH;
               if(LookupAccountSid(NULL, pTokenUser->User.Sid, userNameBuf, &bufLen, szDomainName, &dwDmLen, &sn))
               {
                  bRet = TRUE;
               }
            }
            if(pTokenUser)
            {
               free(pTokenUser);
               pTokenUser = NULL;
            }
         }
         CloseHandle(hToken);
      }
   }

   return bRet;
}
Example #30
0
BOOL IsElevated() 
{
	BOOL fRet = FALSE;
	HANDLE hToken = NULL;
	if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken)) 
	{
		TOKEN_ELEVATION Elevation;
		DWORD cbSize = sizeof(TOKEN_ELEVATION);
		if (GetTokenInformation(hToken, TokenElevation, &Elevation, sizeof(Elevation), &cbSize))
			fRet = Elevation.TokenIsElevated;
	}
	if (hToken)
		CloseHandle(hToken);
	return fRet;
}