get user's security groups

Windows specific forum
Rinzwind
Enthusiast
Enthusiast
Posts: 368
Joined: Wed Mar 11, 2009 4:06 pm
Location: NL

get user's security groups

Post by Rinzwind »

This quick hack test

Code: Select all

EnableExplicit

Global LibAuthZ
Prototype AuthzInitializeContextFromSid(Flags.l, *UserSid, *hAuthzResourceManager, *pExpirationTime, *Identifier.LUID, *DynamicGroupArgs, *phAuthzClientContext) 
Prototype AuthzInitializeResourceManager(Flags.l, *pfnDynamicAccessCheck, *pfnComputeDynamicGroups, *pfnFreeDynamicGroups,  szResourceManagerName.s, *phAuthzResourceManager)
Prototype AuthzGetInformationFromContext(hAuthzClientContext, InfoClass, BufferSize.l, *pSizeRequired, *Buffer)

LibAuthZ = OpenLibrary(#PB_Any, "AuthZ.dll")
Global AuthzInitializeContextFromSid.AuthzInitializeContextFromSid = GetFunction(LibAuthZ, "AuthzInitializeContextFromSid")
Global AuthzInitializeResourceManager.AuthzInitializeResourceManager = GetFunction(LibAuthZ, "AuthzInitializeResourceManager")
Global AuthzGetInformationFromContext.AuthzGetInformationFromContext = GetFunction(LibAuthZ, "AuthzGetInformationFromContext")

Global LibAdvAPI32
Prototype ConvertSidToStringSid(*sid, *StringSID)

LibAdvAPI32 = OpenLibrary(#PB_Any, "advapi32.dll")
Global ConvertSidToStringSid.ConvertSidToStringSid = GetFunction(LibAdvAPI32, "ConvertSidToStringSidW")

#AUTHZ_RM_FLAG_NO_AUDIT = $1

If LibAdvAPI32 = 0 Or LibAdvAPI32 = 0
  End
EndIf

Procedure Test(AccountName.s)
  Protected cbSID.l, DomainName.s, cbDomainName.l, SIDType, SID, *pSID
  
  If Not LookupAccountName_(0, @AccountName, 0, @cbSID, 0, @cbDomainName, @SIDType)
    If GetLastError_() = #ERROR_INSUFFICIENT_BUFFER
      *pSID = AllocateMemory(cbSID)
      DomainName = Space(cbDomainName)
      If LookupAccountName_(0, @AccountName, *pSID, @cbSID, @DomainName, @cbDomainName, @SIDType)
        If ConvertSidToStringSid(*pSID, @Sid)
          Debug PeekS(Sid)
          LocalFree_(Sid)
        EndIf
      EndIf
      
    EndIf
  EndIf  
  
  Protected r, i, *rm, *cc, size, luid.LUID, *tg.TOKEN_GROUPS
  r = AuthzInitializeResourceManager(#AUTHZ_RM_FLAG_NO_AUDIT, 0, 0, 0, "", @*rm)
  If r
    Debug "AuthzInitializeResourceManager"
    ;r = AuthzInitializeContextFromSid(0, *uinfo\usri4_user_sid, *rm, 0, luid, 0, @*cc)
    r = AuthzInitializeContextFromSid(0, *pSID, *rm, 0, luid, 0, @*cc)
    If r
      Debug "AuthzInitializeContextFromSid"
      r = AuthzGetInformationFromContext(*cc, 1, 0, @size, 0)
      If Not r And size > 0 And GetLastError_() = #ERROR_INSUFFICIENT_BUFFER
        Debug "AuthzGetInformationFromContext"
        *tg = AllocateMemory(size)
        r = AuthzGetInformationFromContext(*cc, 1, size, @size, *tg)
        If r
          Debug *tg\GroupCount
          End
          Debug size
          Debug "AuthzGetInformationFromContext 2"
          For i = 0 To *tg\GroupCount - 1
            If *tg <> 0
              If ConvertSidToStringSid(*tg\Groups[i]\Sid, @Sid)
                Debug PeekS(Sid)
                LocalFree_(Sid)
              EndIf
            EndIf
            
          Next          
        EndIf   
      EndIf
    EndIf  
  EndIf  
EndProcedure

Test("Administrator")

PB IDE has to be run as admin.

passes all if's but it's GroupCount is way too big, hence it crashes at printing group sids.

Any Windows API guru available to take a look?
What may or may not help:
https://github.com/bill-long/GetAuthzIn ... Program.cs
https://github.com/microsoft/Windows-cl ... AuthzSvr.c
https://docs.microsoft.com/en-us/window ... nt-context
Rinzwind
Enthusiast
Enthusiast
Posts: 368
Joined: Wed Mar 11, 2009 4:06 pm
Location: NL

Re: get user's security groups

Post by Rinzwind »

The case of a 1 that has to be a 2... ;
Post Reply