PureBasic Forum :: View topic - get user's security groups

EnableExplicit

Global LibAuthZ
Prototype AuthzInitializeContextFromSid(Flags.l, *UserSid, *hAuthzResourceManager, *pExpirationTime, *Identifier.LUID, *DynamicGroupArgs, *phAuthzClientContext)
Prototype AuthzInitializeResourceManager(Flags.l, *pfnDynamicAccessCheck, *pfnComputeDynamicGroups, *pfnFreeDynamicGroups, szResourceManagerName.s, *phAuthzResourceManager)
Prototype AuthzGetInformationFromContext(hAuthzClientContext, InfoClass, BufferSize.l, *pSizeRequired, *Buffer)

LibAuthZ = OpenLibrary(#PB_Any, "AuthZ.dll")
Global AuthzInitializeContextFromSid.AuthzInitializeContextFromSid = GetFunction(LibAuthZ, "AuthzInitializeContextFromSid")
Global AuthzInitializeResourceManager.AuthzInitializeResourceManager = GetFunction(LibAuthZ, "AuthzInitializeResourceManager")
Global AuthzGetInformationFromContext.AuthzGetInformationFromContext = GetFunction(LibAuthZ, "AuthzGetInformationFromContext")

Global LibAdvAPI32
Prototype ConvertSidToStringSid(*sid, *StringSID)

LibAdvAPI32 = OpenLibrary(#PB_Any, "advapi32.dll")
Global ConvertSidToStringSid.ConvertSidToStringSid = GetFunction(LibAdvAPI32, "ConvertSidToStringSidW")

#AUTHZ_RM_FLAG_NO_AUDIT = $1

If LibAdvAPI32 = 0 Or LibAdvAPI32 = 0
End
EndIf

Procedure Test(AccountName.s)
Protected cbSID.l, DomainName.s, cbDomainName.l, SIDType, SID, *pSID

If Not LookupAccountName_(0, @AccountName, 0, @cbSID, 0, @cbDomainName, @SIDType)
If GetLastError_() = #ERROR_INSUFFICIENT_BUFFER
*pSID = AllocateMemory(cbSID)
DomainName = Space(cbDomainName)
If LookupAccountName_(0, @AccountName, *pSID, @cbSID, @DomainName, @cbDomainName, @SIDType)
If ConvertSidToStringSid(*pSID, @Sid)
Debug PeekS(Sid)
LocalFree_(Sid)
EndIf
EndIf

EndIf
EndIf

Protected r, i, *rm, *cc, size, luid.LUID, *tg.TOKEN_GROUPS
r = AuthzInitializeResourceManager(#AUTHZ_RM_FLAG_NO_AUDIT, 0, 0, 0, "", @*rm)
If r
Debug "AuthzInitializeResourceManager"
;r = AuthzInitializeContextFromSid(0, *uinfo\usri4_user_sid, *rm, 0, luid, 0, @*cc)
r = AuthzInitializeContextFromSid(0, *pSID, *rm, 0, luid, 0, @*cc)
If r
Debug "AuthzInitializeContextFromSid"
r = AuthzGetInformationFromContext(*cc, 1, 0, @size, 0)
If Not r And size > 0 And GetLastError_() = #ERROR_INSUFFICIENT_BUFFER
Debug "AuthzGetInformationFromContext"
*tg = AllocateMemory(size)
r = AuthzGetInformationFromContext(*cc, 1, size, @size, *tg)
If r
Debug *tg\GroupCount
End
Debug size
Debug "AuthzGetInformationFromContext 2"
For i = 0 To *tg\GroupCount - 1
If *tg <> 0
If ConvertSidToStringSid(*tg\Groups[i]\Sid, @Sid)
Debug PeekS(Sid)
LocalFree_(Sid)
EndIf
EndIf

Next
EndIf
EndIf
EndIf
EndIf
EndProcedure

Test("Administrator")

Author:	Rinzwind [ Tue May 19, 2020 2:11 pm ]
Post subject:	get user's security groups
This quick hack test Code: EnableExplicit Global LibAuthZ Prototype AuthzInitializeContextFromSid(Flags.l, UserSid, hAuthzResourceManager, pExpirationTime, Identifier.LUID, DynamicGroupArgs, phAuthzClientContext) Prototype AuthzInitializeResourceManager(Flags.l, pfnDynamicAccessCheck, pfnComputeDynamicGroups, pfnFreeDynamicGroups, szResourceManagerName.s, phAuthzResourceManager) Prototype AuthzGetInformationFromContext(hAuthzClientContext, InfoClass, BufferSize.l, pSizeRequired, Buffer) LibAuthZ = OpenLibrary(#PB_Any, "AuthZ.dll") Global AuthzInitializeContextFromSid.AuthzInitializeContextFromSid = GetFunction(LibAuthZ, "AuthzInitializeContextFromSid") Global AuthzInitializeResourceManager.AuthzInitializeResourceManager = GetFunction(LibAuthZ, "AuthzInitializeResourceManager") Global AuthzGetInformationFromContext.AuthzGetInformationFromContext = GetFunction(LibAuthZ, "AuthzGetInformationFromContext") Global LibAdvAPI32 Prototype ConvertSidToStringSid(sid, StringSID) LibAdvAPI32 = OpenLibrary(#PB_Any, "advapi32.dll") Global ConvertSidToStringSid.ConvertSidToStringSid = GetFunction(LibAdvAPI32, "ConvertSidToStringSidW") #AUTHZ_RM_FLAG_NO_AUDIT = $1 If LibAdvAPI32 = 0 Or LibAdvAPI32 = 0 End EndIf Procedure Test(AccountName.s) Protected cbSID.l, DomainName.s, cbDomainName.l, SIDType, SID, pSID If Not LookupAccountName_(0, @AccountName, 0, @cbSID, 0, @cbDomainName, @SIDType) If GetLastError_() = #ERROR_INSUFFICIENT_BUFFER pSID = AllocateMemory(cbSID) DomainName = Space(cbDomainName) If LookupAccountName_(0, @AccountName, pSID, @cbSID, @DomainName, @cbDomainName, @SIDType) If ConvertSidToStringSid(pSID, @Sid) Debug PeekS(Sid) LocalFree_(Sid) EndIf EndIf EndIf EndIf Protected r, i, rm, cc, size, luid.LUID, tg.TOKEN_GROUPS r = AuthzInitializeResourceManager(#AUTHZ_RM_FLAG_NO_AUDIT, 0, 0, 0, "", @rm) If r Debug "AuthzInitializeResourceManager" ;r = AuthzInitializeContextFromSid(0, uinfo\usri4_user_sid, rm, 0, luid, 0, @cc) r = AuthzInitializeContextFromSid(0, pSID, rm, 0, luid, 0, @cc) If r Debug "AuthzInitializeContextFromSid" r = AuthzGetInformationFromContext(cc, 1, 0, @size, 0) If Not r And size > 0 And GetLastError_() = #ERROR_INSUFFICIENT_BUFFER Debug "AuthzGetInformationFromContext" tg = AllocateMemory(size) r = AuthzGetInformationFromContext(cc, 1, size, @size, tg) If r Debug tg\GroupCount End Debug size Debug "AuthzGetInformationFromContext 2" For i = 0 To tg\GroupCount - 1 If tg <> 0 If ConvertSidToStringSid(tg\Groups[i]\Sid, @Sid) Debug PeekS(Sid) LocalFree_(Sid) EndIf EndIf Next EndIf EndIf EndIf EndIf EndProcedure Test("Administrator") PB IDE has to be run as admin. passes all if's but it's GroupCount is way too big, hence it crashes at printing group sids. Any Windows API guru available to take a look? What may or may not help: https://github.com/bill-long/GetAuthzIn ... Program.cs https://github.com/microsoft/Windows-cl ... AuthzSvr.c https://docs.microsoft.com/en-us/window ... nt-context

Author:	Rinzwind [ Thu May 21, 2020 4:00 am ]
Post subject:	Re: get user's security groups
The case of a 1 that has to be a 2... ;

PureBasic Forum https://www.purebasic.fr/english/

get user's security groups https://www.purebasic.fr/english/viewtopic.php?f=5&t=75352	Page 1 of 1

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/