On Aug  3 20:00, Corinna Vinschen wrote:
> On Aug  3 12:53, rm...@aboutgolf.com wrote:
> > 
> > 
> > On Wednesday, August 3, 2016 10:32, "Corinna Vinschen" 
> > <corinna-cyg...@cygwin.com> said:
> > > 
> > > In the meantime I prepared my test application.  Can you please fetch
> > > the attached source and store it as, e.g., azure-check.c.  Then build
> > > and run it like this:
> > > 
> > >   $ gcc -g -o azure-check azure-check.c -lnetapi32
> > >   $ ./azure-check
> > > 
> > > Then run it and paste the complete output into your reply.
> > > 
> > > I have an idea for an extension of this testcase, but I think I have
> > > to see the output of this one first.
> > 
> > The output is as below. This was without Run As Administrator - with
> > it the Group 0 Sid changed to S-1-16-12288/High Mandatory Level, which
> > *seems* appropriate....
> It is.  Thanks for this test, the result is as horrifying as I imagined.
> Can you please try the testcase attached to this mail, too?  It should
> be built and run the same way:
>   $ gcc -g -o azure-check2 azure-check2.c -lnetapi32
>   $ ./azure-check2

Pleae use the one attached in this mail.  I noticed I forgot to print
primary group info.  It's not unimportant to see it as well.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
#include <stdio.h>
#define _WIN32_WINNT 0x0a00
#define WINVER 0x0a00
#include <windows.h>
#include <lm.h>
#include <sddl.h>

main ()
  HANDLE tok;
  PTOKEN_USER tp = (PTOKEN_USER) malloc (65536);
  DWORD ret;
  LPSTR str;
  WCHAR name[256];
  WCHAR dom[256];
  DWORD nlen, dlen;
  SID_NAME_USE type;
  NET_API_STATUS status;
  PUSER_INFO_24 ui24;

  if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &tok))
      printf ("OpenProcessToken: %u\n", GetLastError ());
      return 1;
  if (!GetTokenInformation (tok, TokenUser, tp, 65536, &ret))
      printf ("GetTokenInformation(user): %u\n", GetLastError ());
      return 1;
  ConvertSidToStringSidA (tp->User.Sid, &str);
  printf ("  Sid: %s\n", str);
  LocalFree (str);
  nlen = dlen = 256;
  if (LookupAccountSidW (NULL, tp->User.Sid, name, &nlen, 
                         dom, &dlen, &type))
    printf ("Dom\\Name: %ls\\%ls\n", dom, name);
    printf ("LookupAccountSidW: %u\n", GetLastError ());

  if (GetTokenInformation (tok, TokenPrimaryGroup, tpg, 65536, &ret))
      printf ("Primary Group:\n");
      ConvertSidToStringSidA (tpg->PrimaryGroup, &str);
      printf ("  Sid: %s\n", str);
      LocalFree (str);

      nlen = dlen = 256;
      if (LookupAccountSidW (NULL, tpg->PrimaryGroup, name, &nlen, 
                             dom, &dlen, &type))
        printf ("  Dom\\Name: %ls\\%ls\n", dom, name);
        printf ("  LookupAccountSidW: %u\n", GetLastError ());
    printf ("GetTokenInformation(primary): %u\n", GetLastError ());
  free (tpg);

  status = NetUserGetInfo (NULL, name, 24, (PBYTE *) &ui24);
  if (status != NERR_Success)
      status = NetUserGetInfo (dom, name, 24, (PBYTE *) &ui24);
      if (status != NERR_Success)
          printf ("NetUserGetInfo: %u\n", status);
          return 1;
  printf ("UserInfo:\n");
  printf ("  InternetIdentity: %d\n", ui24->usri24_internet_identity);
  printf ("  Flags: 0x%08x\n", ui24->usri24_flags);
  printf ("  ProviderName: %ls\n", ui24->usri24_internet_provider_name);
  printf ("  PrincipalName: %ls\n", ui24->usri24_internet_principal_name);
  ConvertSidToStringSidA (ui24->usri24_user_sid, &str);
  printf ("  Sid: %s\n", str);
  LocalFree (str);

  return 0;

Attachment: signature.asc
Description: PGP signature

Reply via email to