Code: Select all
EnableExplicit
Global LibAuthZ
Prototype AuthzInitializeContextFromSid(Flags.l, *UserSid, *hAuthzResourceManager, *pExpirationTime, *Identifier.LUID, *DynamicGroupArgs, *phAuthzClientContext)
Prototype AuthzInitializeResourceManager(Flags.l, *pfnDynamicAccessCheck, *pfnComputeDynamicGroups, *pfnFreeDynamicGroups, szResourceManagerName.s, *phAuthzResourceManager)
Prototype AuthzGetInformationFromContext(hAuthzClientContext, InfoClass, BufferSize.l, *pSizeRequired, *Buffer)
LibAuthZ = OpenLibrary(#PB_Any, "AuthZ.dll")
Global AuthzInitializeContextFromSid.AuthzInitializeContextFromSid = GetFunction(LibAuthZ, "AuthzInitializeContextFromSid")
Global AuthzInitializeResourceManager.AuthzInitializeResourceManager = GetFunction(LibAuthZ, "AuthzInitializeResourceManager")
Global AuthzGetInformationFromContext.AuthzGetInformationFromContext = GetFunction(LibAuthZ, "AuthzGetInformationFromContext")
Global LibAdvAPI32
Prototype ConvertSidToStringSid(*sid, *StringSID)
LibAdvAPI32 = OpenLibrary(#PB_Any, "advapi32.dll")
Global ConvertSidToStringSid.ConvertSidToStringSid = GetFunction(LibAdvAPI32, "ConvertSidToStringSidW")
#AUTHZ_RM_FLAG_NO_AUDIT = $1
If LibAdvAPI32 = 0 Or LibAdvAPI32 = 0
End
EndIf
Procedure Test(AccountName.s)
Protected cbSID.l, DomainName.s, cbDomainName.l, SIDType, SID, *pSID
If Not LookupAccountName_(0, @AccountName, 0, @cbSID, 0, @cbDomainName, @SIDType)
If GetLastError_() = #ERROR_INSUFFICIENT_BUFFER
*pSID = AllocateMemory(cbSID)
DomainName = Space(cbDomainName)
If LookupAccountName_(0, @AccountName, *pSID, @cbSID, @DomainName, @cbDomainName, @SIDType)
If ConvertSidToStringSid(*pSID, @Sid)
Debug PeekS(Sid)
LocalFree_(Sid)
EndIf
EndIf
EndIf
EndIf
Protected r, i, *rm, *cc, size, luid.LUID, *tg.TOKEN_GROUPS
r = AuthzInitializeResourceManager(#AUTHZ_RM_FLAG_NO_AUDIT, 0, 0, 0, "", @*rm)
If r
Debug "AuthzInitializeResourceManager"
;r = AuthzInitializeContextFromSid(0, *uinfo\usri4_user_sid, *rm, 0, luid, 0, @*cc)
r = AuthzInitializeContextFromSid(0, *pSID, *rm, 0, luid, 0, @*cc)
If r
Debug "AuthzInitializeContextFromSid"
r = AuthzGetInformationFromContext(*cc, 1, 0, @size, 0)
If Not r And size > 0 And GetLastError_() = #ERROR_INSUFFICIENT_BUFFER
Debug "AuthzGetInformationFromContext"
*tg = AllocateMemory(size)
r = AuthzGetInformationFromContext(*cc, 1, size, @size, *tg)
If r
Debug *tg\GroupCount
End
Debug size
Debug "AuthzGetInformationFromContext 2"
For i = 0 To *tg\GroupCount - 1
If *tg <> 0
If ConvertSidToStringSid(*tg\Groups[i]\Sid, @Sid)
Debug PeekS(Sid)
LocalFree_(Sid)
EndIf
EndIf
Next
EndIf
EndIf
EndIf
EndIf
EndProcedure
Test("Administrator")
passes all if's but it's GroupCount is way too big, hence it crashes at printing group sids.
Any Windows API guru available to take a look?
What may or may not help:
https://github.com/bill-long/GetAuthzIn ... Program.cs
https://github.com/microsoft/Windows-cl ... AuthzSvr.c
https://docs.microsoft.com/en-us/window ... nt-context