/*
* @brief Get the SID of the current process/thread.
* @param pRemote Pointer to the \c Remote instance.
* @param pRequest Pointer to the \c Request packet.
* @returns Indication of success or failure.
*/
DWORD request_sys_config_getsid(Remote* pRemote, Packet* pRequest)
{
DWORD dwResult;
BYTE tokenUserInfo[4096];
LPSTR pSid = NULL;
Packet *pResponse = packet_create_response(pRequest);
do
{
dwResult = get_user_token(tokenUserInfo, sizeof(tokenUserInfo));
if (dwResult != ERROR_SUCCESS)
{
break;
}
if (!ConvertSidToStringSidA(((TOKEN_USER*)tokenUserInfo)->User.Sid, &pSid))
{
BREAK_ON_ERROR("[GETSID] Unable to convert current SID to string");
}
} while (0);
if (pSid != NULL)
{
packet_add_tlv_string(pResponse, TLV_TYPE_SID, pSid);
LocalFree(pSid);
}
packet_transmit_response(dwResult, pRemote, pResponse);
return dwResult;
}
void kull_m_string_displaySID(IN PSID pSid)
{
LPSTR stringSid;
if(ConvertSidToStringSidA(pSid, &stringSid))
{
dprintf("%s", stringSid);
LocalFree(stringSid);
}
}
DWORD Process::parseRID(PSID psd){
LPSTR sid;
DWORD rid = 0;
ConvertSidToStringSidA(psd,&sid);//Превращаем структуру в строку
std::string ssid(sid);//Теперь char строку превращаем в нормальную string чтобы были методы stoi substr и прочие
unsigned found = ssid.find_last_of("-");
rid = std::stoi(ssid.substr(found+1));
LocalFree(sid);
return rid;
}
/*
* Retrieve the SID of the current user. The returned PSID must be freed by the caller using LocalFree()
*/
static PSID GetSid(void) {
TOKEN_USER* tu = NULL;
DWORD len;
HANDLE token;
PSID ret = NULL;
char* psid_string = NULL;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token)) {
dprintf("OpenProcessToken failed: %s", WindowsErrorString());
return NULL;
}
if (!GetTokenInformation(token, TokenUser, tu, 0, &len)) {
if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
dprintf("GetTokenInformation (pre) failed: %s", WindowsErrorString());
return NULL;
}
tu = (TOKEN_USER*)calloc(1, len);
}
if (tu == NULL) {
return NULL;
}
if (GetTokenInformation(token, TokenUser, tu, len, &len)) {
/*
* now of course, the interesting thing is that if you return tu->User.Sid
* but free tu, the PSID pointer becomes invalid after a while.
* The workaround? Convert to string then back to PSID
*/
if (!ConvertSidToStringSidA(tu->User.Sid, &psid_string)) {
dprintf("unable to convert SID to string: %s", WindowsErrorString());
ret = NULL;
} else {
if (!ConvertStringSidToSidA(psid_string, &ret)) {
dprintf("unable to convert string back to SID: %s", WindowsErrorString());
ret = NULL;
}
// MUST use LocalFree()
LocalFree(psid_string);
}
} else {
ret = NULL;
dprintf("GetTokenInformation (real) failed: %s", WindowsErrorString());
}
free(tu);
return ret;
}
BOOL GetUserUniqueHash(PBYTE pUserHash, ULONG uHashSize)
{
HANDLE hToken=0;
PTOKEN_USER pTokenOwner=NULL;
DWORD dwLen=0;
LPSTR pStringSid;
BOOL bRetVal = FALSE;
if (!pUserHash)
return FALSE;
memset(pUserHash, 0, uHashSize);
if (uHashSize < SHA_DIGEST_LENGTH)
return FALSE;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY| TOKEN_QUERY_SOURCE, &hToken))
{
GetTokenInformation(hToken, TokenUser, pTokenOwner, 0, &dwLen);
if (dwLen)
pTokenOwner = (PTOKEN_USER)malloc(dwLen);
if (pTokenOwner)
{
memset(pTokenOwner, 0, dwLen);
if (GetTokenInformation(hToken, TokenUser, pTokenOwner, dwLen, &dwLen) &&
ConvertSidToStringSidA(pTokenOwner->User.Sid, &pStringSid))
{
SHA1Context sha;
SHA1Reset(&sha);
SHA1Input(&sha, (PBYTE)pStringSid, (DWORD)(strlen(pStringSid)));
if (SHA1Result(&sha))
{
for (int i=0; i<5; i++)
sha.Message_Digest[i] = dynamicWinsock->fpntohl(sha.Message_Digest[i]);
memcpy(pUserHash, sha.Message_Digest, SHA_DIGEST_LENGTH);
bRetVal = TRUE;
}
LocalFree(pStringSid);
}
free(pTokenOwner);
}
CloseHandle(hToken);
}
return bRetVal;
}
static void test_lsa(void)
{
NTSTATUS status;
LSA_HANDLE handle;
LSA_OBJECT_ATTRIBUTES object_attributes;
ZeroMemory(&object_attributes, sizeof(object_attributes));
object_attributes.Length = sizeof(object_attributes);
status = LsaOpenPolicy( NULL, &object_attributes, POLICY_ALL_ACCESS, &handle);
ok(status == STATUS_SUCCESS || status == STATUS_ACCESS_DENIED,
"LsaOpenPolicy(POLICY_ALL_ACCESS) returned 0x%08x\n", status);
/* try a more restricted access mask if necessary */
if (status == STATUS_ACCESS_DENIED) {
trace("LsaOpenPolicy(POLICY_ALL_ACCESS) failed, trying POLICY_VIEW_LOCAL_INFORMATION|POLICY_LOOKUP_NAMES\n");
status = LsaOpenPolicy( NULL, &object_attributes, POLICY_VIEW_LOCAL_INFORMATION|POLICY_LOOKUP_NAMES, &handle);
ok(status == STATUS_SUCCESS, "LsaOpenPolicy(POLICY_VIEW_LOCAL_INFORMATION|POLICY_LOOKUP_NAMES) returned 0x%08x\n", status);
}
if (status == STATUS_SUCCESS) {
PPOLICY_AUDIT_EVENTS_INFO audit_events_info;
PPOLICY_PRIMARY_DOMAIN_INFO primary_domain_info;
PPOLICY_ACCOUNT_DOMAIN_INFO account_domain_info;
PPOLICY_DNS_DOMAIN_INFO dns_domain_info;
HANDLE token;
BOOL ret;
status = LsaQueryInformationPolicy(handle, PolicyAuditEventsInformation, (void **)&audit_events_info);
if (status == STATUS_ACCESS_DENIED)
skip("Not enough rights to retrieve PolicyAuditEventsInformation\n");
else
ok(status == STATUS_SUCCESS, "LsaQueryInformationPolicy(PolicyAuditEventsInformation) failed, returned 0x%08x\n", status);
if (status == STATUS_SUCCESS)
LsaFreeMemory(audit_events_info);
status = LsaQueryInformationPolicy(handle, PolicyPrimaryDomainInformation, (void **)&primary_domain_info);
ok(status == STATUS_SUCCESS, "LsaQueryInformationPolicy(PolicyPrimaryDomainInformation) failed, returned 0x%08x\n", status);
if (status == STATUS_SUCCESS) {
if (primary_domain_info->Sid) {
LPSTR strsid;
if (ConvertSidToStringSidA(primary_domain_info->Sid, &strsid))
{
if (primary_domain_info->Name.Buffer) {
LPSTR name = NULL;
UINT len;
len = WideCharToMultiByte( CP_ACP, 0, primary_domain_info->Name.Buffer, -1, NULL, 0, NULL, NULL );
name = LocalAlloc( 0, len );
WideCharToMultiByte( CP_ACP, 0, primary_domain_info->Name.Buffer, -1, name, len, NULL, NULL );
trace(" name: %s sid: %s\n", name, strsid);
LocalFree( name );
} else
trace(" name: NULL sid: %s\n", strsid);
LocalFree( strsid );
}
else
trace("invalid sid\n");
}
else
trace("Running on a standalone system.\n");
LsaFreeMemory(primary_domain_info);
}
status = LsaQueryInformationPolicy(handle, PolicyAccountDomainInformation, (void **)&account_domain_info);
ok(status == STATUS_SUCCESS, "LsaQueryInformationPolicy(PolicyAccountDomainInformation) failed, returned 0x%08x\n", status);
if (status == STATUS_SUCCESS)
LsaFreeMemory(account_domain_info);
/* This isn't supported in NT4 */
status = LsaQueryInformationPolicy(handle, PolicyDnsDomainInformation, (void **)&dns_domain_info);
ok(status == STATUS_SUCCESS || status == STATUS_INVALID_PARAMETER,
"LsaQueryInformationPolicy(PolicyDnsDomainInformation) failed, returned 0x%08x\n", status);
if (status == STATUS_SUCCESS) {
if (dns_domain_info->Sid || !IsEqualGUID(&dns_domain_info->DomainGuid, &GUID_NULL)) {
LPSTR strsid = NULL;
LPSTR name = NULL;
LPSTR domain = NULL;
LPSTR forest = NULL;
LPSTR guidstr = NULL;
WCHAR guidstrW[64];
UINT len;
guidstrW[0] = '\0';
ConvertSidToStringSidA(dns_domain_info->Sid, &strsid);
StringFromGUID2(&dns_domain_info->DomainGuid, guidstrW, ARRAY_SIZE(guidstrW));
len = WideCharToMultiByte( CP_ACP, 0, guidstrW, -1, NULL, 0, NULL, NULL );
guidstr = LocalAlloc( 0, len );
WideCharToMultiByte( CP_ACP, 0, guidstrW, -1, guidstr, len, NULL, NULL );
if (dns_domain_info->Name.Buffer) {
len = WideCharToMultiByte( CP_ACP, 0, dns_domain_info->Name.Buffer, -1, NULL, 0, NULL, NULL );
name = LocalAlloc( 0, len );
WideCharToMultiByte( CP_ACP, 0, dns_domain_info->Name.Buffer, -1, name, len, NULL, NULL );
}
if (dns_domain_info->DnsDomainName.Buffer) {
len = WideCharToMultiByte( CP_ACP, 0, dns_domain_info->DnsDomainName.Buffer, -1, NULL, 0, NULL, NULL );
domain = LocalAlloc( 0, len );
WideCharToMultiByte( CP_ACP, 0, dns_domain_info->DnsDomainName.Buffer, -1, domain, len, NULL, NULL );
}
if (dns_domain_info->DnsForestName.Buffer) {
len = WideCharToMultiByte( CP_ACP, 0, dns_domain_info->DnsForestName.Buffer, -1, NULL, 0, NULL, NULL );
forest = LocalAlloc( 0, len );
WideCharToMultiByte( CP_ACP, 0, dns_domain_info->DnsForestName.Buffer, -1, forest, len, NULL, NULL );
}
trace(" name: %s domain: %s forest: %s guid: %s sid: %s\n",
name ? name : "NULL", domain ? domain : "NULL",
forest ? forest : "NULL", guidstr, strsid ? strsid : "NULL");
LocalFree( name );
LocalFree( forest );
LocalFree( domain );
LocalFree( guidstr );
LocalFree( strsid );
}
else
trace("Running on a standalone system.\n");
LsaFreeMemory(dns_domain_info);
}
/* We need a valid SID to pass to LsaEnumerateAccountRights */
ret = OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &token );
ok(ret, "Unable to obtain process token, error %u\n", GetLastError( ));
if (ret) {
char buffer[64];
DWORD len;
TOKEN_USER *token_user = (TOKEN_USER *) buffer;
ret = GetTokenInformation( token, TokenUser, (LPVOID) token_user, sizeof(buffer), &len );
ok(ret || GetLastError( ) == ERROR_INSUFFICIENT_BUFFER, "Unable to obtain token information, error %u\n", GetLastError( ));
if (! ret && GetLastError( ) == ERROR_INSUFFICIENT_BUFFER) {
trace("Resizing buffer to %u.\n", len);
token_user = LocalAlloc( 0, len );
if (token_user != NULL)
ret = GetTokenInformation( token, TokenUser, (LPVOID) token_user, len, &len );
}
if (ret) {
PLSA_UNICODE_STRING rights;
ULONG rights_count;
rights = (PLSA_UNICODE_STRING) 0xdeadbeaf;
rights_count = 0xcafecafe;
status = LsaEnumerateAccountRights(handle, token_user->User.Sid, &rights, &rights_count);
ok(status == STATUS_SUCCESS || status == STATUS_OBJECT_NAME_NOT_FOUND, "Unexpected status 0x%x\n", status);
if (status == STATUS_SUCCESS)
LsaFreeMemory( rights );
else
ok(rights == NULL && rights_count == 0, "Expected rights and rights_count to be set to 0 on failure\n");
}
if (token_user != NULL && token_user != (TOKEN_USER *) buffer)
LocalFree( token_user );
CloseHandle( token );
}
status = LsaClose(handle);
ok(status == STATUS_SUCCESS, "LsaClose() failed, returned 0x%08x\n", status);
}
}
int main(void)
{
int i;
char user_name[250];
DWORD user_num = 250;
char computer_name[250];
DWORD computer_num = 250;
if (!GetComputerName( computer_name, &computer_num))
printf("%08x\n", GetLastError());
else
printf("Computer: %s\n", computer_name);
if (!GetUserName( user_name, &user_num))
printf("%08x\n", GetLastError());
else
printf("User: %s\n", user_name);
HANDLE h_me = GetCurrentProcess();
HANDLE h_token;
/* Use GetKernelObjectSecurity ?*/
OpenProcessToken( h_me, TOKEN_READ, &h_token);
TOKEN_USER * ptok_usr = (TOKEN_USER *) malloc( MAXSIZE );
DWORD ret;
if (!GetTokenInformation (h_token, TokenUser, ptok_usr, MAXSIZE, &ret))
{
print_error();
return;
}
char * stringsid;
if (!ConvertSidToStringSidA( ptok_usr->User.Sid, &stringsid))
{
print_error();
return;
}
printf("Sid: %s\n",stringsid);
LocalFree(stringsid);
fflush(stdout);
getchar();
TOKEN_GROUPS *ptg;
// token groups
ptg = (TOKEN_GROUPS *) malloc( MAXSIZE );
if ( ! GetTokenInformation( h_token, TokenGroups, ptg, MAXSIZE, &ret ) )
{
print_error();
return;
}
else
{
if ( ptg->GroupCount == 0 )
printf( "Token groups: (none)\n" );
else
{
printf( "Token groups:\n" );
for ( i = 0; i < ptg->GroupCount; ++ i )
{
char * strsid;
if (!ConvertSidToStringSidA( ptg->Groups[i].Sid, &strsid))
{
print_error();
return;
}
printf("Group Sid: %40s",strsid);
LocalFree(stringsid);
char name[MAXSIZE];
char domain[MAXSIZE];
DWORD i_name=MAXSIZE, i_domain=MAXSIZE;
SID_NAME_USE snu;
if(!LookupAccountSidA(NULL, ptg->Groups[i].Sid, name, &i_name,
domain, &i_domain, &snu))
{
print_error();
}
else
{
printf("\t %s\\%s\n", domain, name);
}
}
}
}
fflush(stdout);
getchar();
UCHAR privbuf[1000];
PTOKEN_PRIVILEGES ptgPrivileges = (PTOKEN_PRIVILEGES) privbuf;
DWORD privilegeNameSize;
DWORD displayNameSize;
char privilegeName[500];
char displayName[500];
DWORD langId;
if (!GetTokenInformation (h_token, TokenPrivileges, privbuf, sizeof(privbuf), &ret))
{
print_error();
return;
}
printf( "Account privileges: \n\n" );
for( i = 0; i < ptgPrivileges->PrivilegeCount; i ++ )
{
privilegeNameSize = sizeof privilegeName;
displayNameSize = sizeof displayName;
LookupPrivilegeName( NULL, &ptgPrivileges->Privileges[i].Luid,
privilegeName, &privilegeNameSize );
LookupPrivilegeDisplayName( NULL, privilegeName,
displayName, &displayNameSize, &langId );
printf( "%40s (%s)\n", displayName, privilegeName );
}
fflush(stdout);
getchar();
return 0;
}