-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathwhoani_TokenUserGroup.cpp
More file actions
248 lines (206 loc) · 6.34 KB
/
Copy pathwhoani_TokenUserGroup.cpp
File metadata and controls
248 lines (206 loc) · 6.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
#include "whoami.h"
#include "Support\\LWAnsiString\\LWAnsiString.h">
#define GFTO_ENABLE "'ENABLED SID'"
#define GFTO_OFFLINE "'INACTIVE SID'"
#define GTFO_DEFAULT_ACTIVE "'DEFAULT ENABLE'"
#define GTFO_INTEGRITY_SID "'REQUIRED SID'"
#define GTOF_INTEGRITY_SID_ACTIVE "'ACTIVE REQUIRED SID'"
#define GTFO_INTEGRITY_SID_OFFLINE "'INACTIVE REQUIRED SID'"
#define GTFO_LOGON_SID "'LOGON SID'"
#define GTFO_NOADJUST_SID "'UNADJUSTABLE SID'"
#define GTFO_GROUP_OWNER "'GROUP OWNER'"
#define GTFO_GROUP_RESOURCE "'GROUP RESOURCE'"
extern "C" {
void GroupFlagToOutput(DWORD Flag, LWAnsiString* Out)
{
{
if ((Flag && SE_GROUP_ENABLED) != 0)
{
LWAnsiString_AppendA(Out, GFTO_ENABLE);
Flag &= ~SE_GROUP_ENABLED;
if (Flag != 0) LWAnsiString_AppendA(Out, ", ");
}
else
{
LWAnsiString_AppendA(Out, GFTO_OFFLINE);
if (Flag != 0) LWAnsiString_AppendA(Out, ", ");
}
if ((Flag && SE_GROUP_ENABLED_BY_DEFAULT) != 0)
{
LWAnsiString_AppendA(Out, GTFO_DEFAULT_ACTIVE);
Flag &= ~SE_GROUP_ENABLED_BY_DEFAULT;
if (Flag != 0) LWAnsiString_AppendA(Out, ", ");
}
if ((Flag && SE_GROUP_INTEGRITY) != 0)
{
LWAnsiString_AppendA(Out, GTFO_INTEGRITY_SID);
Flag &= ~SE_GROUP_INTEGRITY;
if (Flag != 0) LWAnsiString_AppendA(Out, ", ");
}
if ((Flag && SE_GROUP_INTEGRITY_ENABLED) != 0)
{
LWAnsiString_AppendA(Out, GTOF_INTEGRITY_SID_ACTIVE);
Flag &= ~SE_GROUP_INTEGRITY_ENABLED;
if (Flag != 0) LWAnsiString_AppendA(Out, ", ");
}
else
{
LWAnsiString_AppendA(Out, GTFO_INTEGRITY_SID_OFFLINE);
if (Flag != 0) LWAnsiString_AppendA(Out, ", ");
}
if ((Flag && SE_GROUP_LOGON_ID) != 0)
{
LWAnsiString_AppendA(Out, GTFO_LOGON_SID);
Flag &= ~SE_GROUP_LOGON_ID;
if (Flag != 0) LWAnsiString_AppendA(Out, ", ");
}
if ((Flag && SE_GROUP_MANDATORY) != 0)
{
LWAnsiString_AppendA(Out, GTFO_NOADJUST_SID);
Flag &= ~SE_GROUP_MANDATORY;
if (Flag != 0) LWAnsiString_AppendA(Out, ", ");
}
if ((Flag && SE_GROUP_OWNER) != 0)
{
LWAnsiString_AppendA(Out, GTFO_GROUP_OWNER);
Flag &= ~SE_GROUP_OWNER;
if (Flag != 0) LWAnsiString_AppendA(Out, ", ");
}
if ((Flag && SE_GROUP_RESOURCE) != 0)
{
LWAnsiString_AppendA(Out, "GroupResource");
Flag &= ~SE_GROUP_RESOURCE;
//if (Flag != 0) LWAnsiString_Append(Out, ", ");
}
}
}
void helper_who_ami_usertoken_token_groups_string(int* result, const char** message_result, const char* argv[], int argc, TOKEN_GROUPS* target, LookupAccountSidA_PTR LookupSid, LWAnsiString* Output)
{
LWAnsiString* NameOfGroup = LWAnsiString_CreateString(0);
LWAnsiString_AppendA(Output, "Groups in this Token:: ");
for (int i = 0; i < target->GroupCount; i++)
{
LWAnsiString_ZeroString(NameOfGroup);
LWAnsiString_AppendNewLine(Output);
LWAnsiString_PadA(Output, '-', 20);
LWAnsiString_AppendNewLine(Output);
LWAnsiString_AppendA(Output, "Group: ");
helper_lookup_sid(LookupSid, target->Groups[i].Sid, 0, 0, 0, "Domain *", "*********", true, NameOfGroup);
LWAnsiString_PadA(Output, '*', 2);
LWAnsiString_AppendA(Output, LWAnsiString_ToCStr(NameOfGroup));
LWAnsiString_PadA(Output, '*', 2);
LWAnsiString_AppendNewLine(Output);
LWAnsiString_PadA(Output, '-', 20);
LWAnsiString_AppendNewLine(Output);
LWAnsiString_AppendA(Output, "Attrib: [");
GroupFlagToOutput(target->Groups[i].Attributes, Output);
LWAnsiString_AppendA(Output, " ]");
LWAnsiString_AppendNewLine(Output);
}
return;
}
bool WhoAmi_WriteStdout_UserGroup_common(int* result, const char** message_result, const char* argv[], int argc, LWAnsiString* Output, const char* source_from, HANDLE TargetToken)
{
HMODULE ADVAPI32 = 0;
HMODULE SECUR32 = 0;
GetTokenInfoPtr GetTokenInfoAPI = 0;
LookupAccountSidA_PTR LookupSIDAPI = 0;
LookUPPrivnameA LookUpPriv = 0;
DWORD SizeNeeded = 0;
if (result == nullptr || message_result == nullptr || Output == nullptr)
{
// because there's no meninafly way to set a return falue
return false;
}
if (!ResolveTokenDlls(&ADVAPI32, &GetTokenInfoAPI, &LookupSIDAPI, &LookUpPriv, message_result))
{
return false;
}
if (source_from != nullptr)
{
LWAnsiString_AppendA(Output, source_from);
}
HANDLE selfToken;
if ((TargetToken == 0) || (TargetToken == INVALID_HANDLE_VALUE))
{
selfToken = 0;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_QUERY_SOURCE, &selfToken))
{
if (message_result != nullptr)
{
*message_result = "Failed to open process token";
}
if (result != nullptr)
{
*result = GetLastError();
}
FreeLibrary(ADVAPI32);
FreeLibrary(SECUR32);
return false; // we're dead in the water without that
}
}
else
{
selfToken = TargetToken;
}
TokenInformationUnion data;
DWORD Size = 0;
data.TheVoid = 0;
if (!GetTokenInfoAPI(selfToken, TokenGroups, 0, 0, &Size))
{
if ((GetLastError() == ERROR_INSUFFICIENT_BUFFER) || ((GetLastError() == ERROR_MORE_DATA)))
{
data.TheVoid = HeapAlloc(GetProcessHeap(), HEAP_GENERATE_EXCEPTIONS | HEAP_ZERO_MEMORY, Size);
if (data.TheVoid == 0)
{
*result = -1;
*message_result = "Out of memory!";
FreeLibrary(ADVAPI32);
FreeLibrary(SECUR32);
return false;
}
else
{
if (!GetTokenInfoAPI(selfToken, TokenGroups, data.TheVoid, Size, &Size))
{
*result = -1;
*message_result = "Failure fetching Groups.";
FreeLibrary(ADVAPI32);
FreeLibrary(SECUR32);
return false;
}
}
}
}
if (data.TheVoid == 0)
{
*result = -1;
*message_result = "Failure fetching Groups.";
if (ADVAPI32 != 0) FreeLibrary(ADVAPI32);
if (SECUR32 != 0) FreeLibrary(SECUR32);
return false;
}
else
{
helper_who_ami_usertoken_token_groups_string(result, message_result, argv, argc, data.TokenGroups, LookupSIDAPI, Output);
}
if (data.TheVoid != 0) {
HeapFree(GetProcessHeap(), 0, data.TheVoid); data.TheVoid = 0;
}
return TRUE;
}
bool WhoAmi_WriteStdout_UserGroups(int* result, const char** message_result, const char* argv[], int argc)
{
LWAnsiString* out;
out = LWAnsiString_CreateString(0);
if (out != nullptr)
{
auto res = WhoAmi_WriteStdout_UserGroup_common(result, message_result, argv, argc, out, "Self", 0);
WriteStdout(LWAnsiString_ToCStr(out));
LWAnsiString_FreeString(out);
return TRUE;
}
else
return FALSE;
}
}