Trying to get a users SID (Security Identifier) from it’s access token.
fails on GetTokenInformation() - Any ideas.
HANDLE hProcess = GetCurrentProcess();
HANDLE hToken = NULL
OpenProcessToken(hProcess, TOKEN_QUERY, &hToken); /* completes ok*/
PSID pSidUser = NULL;
unsigned long nSize = sizeof(SID);
GetTokenInformation(hToken, TokenOwner, pSidUser, nSize, &nSize)) /* return
false*/
???
Try to debug the call to GetTokenInformation to the kernel
(NtQueryInformationToken).
This should answer your question.
Paul
-----P?vodn? zpr?va-----
Od: xxxxx@emc.com [SMTP:xxxxx@emc.com]
Odesl?no: 20. ?ervence 2000 18:51
Komu: NT Developers Interest List
P?edm?t: [ntdev] NT SecurityTrying to get a users SID (Security Identifier) from it’s access token.
fails on GetTokenInformation() - Any ideas.HANDLE hProcess = GetCurrentProcess();
HANDLE hToken = NULLOpenProcessToken(hProcess, TOKEN_QUERY, &hToken); /* completes ok*/
PSID pSidUser = NULL;
unsigned long nSize = sizeof(SID);
GetTokenInformation(hToken, TokenOwner, pSidUser, nSize, &nSize)) /*
return
false*/???
You are currently subscribed to ntdev as: xxxxx@sodatsw.cz
To unsubscribe send a blank email to $subst(‘Email.Unsub’)
The normal approach is something like this:
dwLen = 0;
GetTokenInformation(hAccessToken, TokenOwner, pSidUser, 0, &dwLen);
if(dwLen)
pSidUser = (PTOKEN_USER)malloc(dwLen);
GetTokenInformation(hAccessToken, TokenUser, pTokenUser, dwLen, &dwLen);
Note that sizeof(SID) <> the size of a SID structure (which is variable
length).
Regards,
Paul Bunn, UltraBac.com, 425-644-6000
Microsoft MVP - WindowsNT/2000
http://www.ultrabac.com
-----Original Message-----
From: xxxxx@emc.com [mailto:xxxxx@emc.com]
Sent: Thursday, July 20, 2000 9:51 AM
To: NT Developers Interest List
Subject: [ntdev] NT Security
Trying to get a users SID (Security Identifier) from it’s access token.
fails on GetTokenInformation() - Any ideas.
HANDLE hProcess = GetCurrentProcess();
HANDLE hToken = NULL
OpenProcessToken(hProcess, TOKEN_QUERY, &hToken); /* completes ok*/
PSID pSidUser = NULL;
unsigned long nSize = sizeof(SID);
GetTokenInformation(hToken, TokenOwner, pSidUser, nSize, &nSize)) /* return
false*/
Try with TOKEN_READ instead of TOKEN_QUERY in OpenProcessToken.
Hereafter there is a piece of code I am using in a driver:
//
// We start checking THREAD TOKEN to handle impersonization if any
//
status = ZwOpenThreadToken(
NtCurrentThread(), // IN HANDLE ThreadHandle,
TOKEN_READ, // IN ACCESS_MASK DesiredAccess,
TRUE, // TRUE: Use thread context
&hToken); // OUT PHANDLE TokenHandle
if (!NT_SUCCESS(status)) {
if (status == STATUS_NO_TOKEN) {
//
// An attempt was made to reference a token that doesn’t exist.
// This is typically done by referencing the token associated
// with a thread when the thread is not impersonating a client.
// In this case we try to open PROCESS TOKEN
//
status = ZwOpenProcessToken(
NtCurrentProcess(), // IN HANDLE ProcessHandle,
TOKEN_READ, // IN ACCESS_MASK DesiredAccess,
&hToken); // OUT PHANDLE TokenHandle
}
}
//
// Back with error if token handle NOT got,
if (!NT_SUCCESS(status)) {
KdPrint(( “NtOpenThread/ProcessToken error 0x%X\n”, status));
return status;
}
KdPrint(( “Token handle 0x%X\n”, hToken));
//
// Now read the USER ACCESS TOKEN
//
status = ZwQueryInformationToken (
hToken, // IN HANDLE TokenHandle,
TokenUser, // IN TOKEN_INFORMATION_CLASS TokenInformationClass,
acTokenInfo, // OUT PVOID TokenInformation,
sizeof( acTokenInfo), // IN ULONG TokenInformationLength,
&dwInfoLen); // OUT PULONG ReturnLength
if (!NT_SUCCESS(status))
-----Original Message-----
From: xxxxx@emc.com
To: NT Developers Interest List
Date: giovedì 20 luglio 2000 18.52
Subject: [ntdev] NT Security
>
>Trying to get a users SID (Security Identifier) from it’s access token.
>fails on GetTokenInformation() - Any ideas.
>
>
>HANDLE hProcess = GetCurrentProcess();
>HANDLE hToken = NULL
>
>OpenProcessToken(hProcess, TOKEN_QUERY, &hToken); /* completes ok*/
>
>PSID pSidUser = NULL;
>
>unsigned long nSize = sizeof(SID);
>
>GetTokenInformation(hToken, TokenOwner, pSidUser, nSize, &nSize)) /* return
>false*/
>
>
>???
>
>
>—
>You are currently subscribed to ntdev as: xxxxx@tin.it
>To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>
>