Getting the Logon SID in C++

logon security identifier (SID) identifies the logon session associated with an access token. A typical use of a logon SID is in an ACE that allows access for the duration of a client's logon session. For example, a Windows service can use the LogonUser function to start a new logon session. The LogonUser function returns an access token from which the service can extract the logon SID. The service can then use the SID in an ACE that allows the client's logon session to access the interactive window station and desktop.

The following example gets the logon SID from an access token. It uses the GetTokenInformation function to fill a TOKEN_GROUPS buffer with an array of the group SIDs from an access token. This array includes the logon SID, which is identified by the SE_GROUP_LOGON_ID attribute. The example function allocates a buffer for the logon SID; it is the caller's responsibility to free the buffer.

 BOOL GetLogonSID (HANDLE hToken, PSID  * ppsid) 
 {
   BOOL bSuccess  =  FALSE;
   DWORD dwIndex;
   DWORD dwLength  =   0 ;
   PTOKEN_GROUPS ptg  =  NULL;

 //  Verify the parameter passed in is not NULL. 
      if  (NULL  ==  ppsid)
         goto  Cleanup;

 //  Get required buffer size and allocate the TOKEN_GROUPS buffer. 
 
    if  ( ! GetTokenInformation(
         hToken,          //  handle to the access token 
          TokenGroups,     //  get information about the token's groups  
          (LPVOID) ptg,    //  pointer to TOKEN_GROUPS buffer 
           0 ,               //  size of buffer 
           & dwLength        //  receives required buffer size 
       )) 
    {
       if  (GetLastError()  !=  ERROR_INSUFFICIENT_BUFFER) 
          goto  Cleanup;

      ptg  =  (PTOKEN_GROUPS)HeapAlloc(GetProcessHeap(),
         HEAP_ZERO_MEMORY, dwLength);

       if  (ptg  ==  NULL)
          goto  Cleanup;
   } 
 
 //  Get the token group information from the access token. 
 
    if  ( ! GetTokenInformation(
         hToken,          //  handle to the access token 
          TokenGroups,     //  get information about the token's groups  
          (LPVOID) ptg,    //  pointer to TOKEN_GROUPS buffer 
          dwLength,        //  size of buffer 
           & dwLength        //  receives required buffer size 
          )) 
    {
       goto  Cleanup;
   } 
 
 //  Loop through the groups to find the logon SID. 
 
    for  (dwIndex  =   0 ; dwIndex  <  ptg -> GroupCount; dwIndex ++ ) 
       if  ((ptg -> Groups[dwIndex].Attributes  &  SE_GROUP_LOGON_ID)
              ==   SE_GROUP_LOGON_ID) 
       {
       //  Found the logon SID; make a copy of it. 
 
         dwLength  =  GetLengthSid(ptg -> Groups[dwIndex].Sid);
          * ppsid  =  (PSID) HeapAlloc(GetProcessHeap(),
                     HEAP_ZERO_MEMORY, dwLength);
          if  ( * ppsid  ==  NULL)
              goto  Cleanup;
          if  ( ! CopySid(dwLength,  * ppsid, ptg -> Groups[dwIndex].Sid)) 
          {
             HeapFree(GetProcessHeap(),  0 , (LPVOID) * ppsid);
              goto  Cleanup;
         } 
          break ;
      } 
 
   bSuccess  =  TRUE;

Cleanup: 

 //  Free the buffer for the token groups. 
 
    if  (ptg  !=  NULL)
      HeapFree(GetProcessHeap(),  0 , (LPVOID)ptg);

    return  bSuccess;

The following function frees the buffer allocated by the GetLogonSID example function.

VOID FreeLogonSID (PSID *ppsid) 
{
    HeapFree(GetProcessHeap(), 0, (LPVOID)*ppsid);
}

时间: 2024-10-26 01:00:49

Getting the Logon SID in C++的相关文章

Starting an Interactive Client Process in C++

The following example uses the LogonUser function to start a new logon session for a client. The example gets the logon SID from the client's access token, and uses it to add access control entries (ACEs) to the discretionary access control list (DAC

Using Trigger after logon on database limit IP&amp;USER access your Oracle database

最近有个项目需要限制某些数据库用户的访问来源IP,在PG中比较好实现,但是ORACLE没有比较简便的操作.如果不管用户的话,仅仅限制来源IP对监听的访问是比较容易实现的,通过配置数据库服务器的sqlnet.ora文件或者修改数据库服务器的IPTABLES等手段实现.sqlnet.ora范例:tcp.validnode_checking=yestcp.invited_nodes=(172.16.33.11,172.16.34.89) iptables范例:[root@kefu ~]# cat /e

Oracle - ORA-12505, TNS:listener does not currently know of SID given in connect descriptor 解决

java.sql.SQLException: Listener refused the connection with the following error: ORA-12505, TNS:listener does not currently know of SID given in connect descriptor The Connection descriptor used by the client was: 192.168.149.128:1521:orcl at oracle.

ORA-01017: invalid username/password; logon denied

SQL> select * from dual@mult2; select * from dual@mult2                    * ERROR at line 1: ORA-01017: invalid username/password; logon denied ORA-02063: preceding line from MULT2 出现上面的错误 说明: 1 你的listener.ora tnsnames.ora 配置好了netca --->test 也OK 2

Windows Logon Type的含义是什么?

我只是把主要的内容整理了一下备查. Logon type 2 Interactive  本地交互登录.最常见的登录方式. Logon type 3 Network 网络登录 - 最常见的是访问网络共享文件夹或打印机.IIS的认证也是Type 3 Logon type 4 Batch 计划任务 Logon Type 5 Service 服务 某些服务是用一个域帐号来运行的,出现Failure常见的情况是管理员更改了域帐号密码,但是忘记重设Service中的帐号密码. Logon Type 7 Un

解决SID相同的客户端在WSUS服务器只能显示一台的故障

起因:sysprep时应该是选择了重新生成sid,但在硬盘对拷过程中,换盘重启时不慎使镜像系统启动过了,所以使得部分客户端SID相同了. (注:这里有误,应该是SusClientID相同造成的,所以后面的解决方法是删掉并且重新激活生成SusClientID.事实上,sysprep修改的是computer SID,就本人的案例来看,2台计算机的SID的确是不同,但是SusClientID相同. 查看计算机SID的方法,可以去微软网站下载Sysinternal的PsGetSID工具:http://t

Oracle数据库修改实例名SID的方法步骤

  有时候我们需要修改Oracle数据库的实例名SID,下面是在Centos 6.5下修改ORACLE10.2的实例名的实例教程,感兴趣学习的朋友可以看下. 修改Oracle实例名 系统环境:CentOS 6.5 ORACLE版本:10.2 1.检查原来的数据库实例名 $ echo $ORACLE_SID orcl $ sqlplus / as sysdba > select instance from v$thread; INSTANCE ---------------------------

Win7如何查看系统安全标识符SID

  查看SID的方法 1.点击"开始"-"运行",输入cmd,打开命令提示符窗口; 2.在命令提示符窗口输入whoami /user,回车; 3.SID下方的字符就是本系统的SID安全表示符了!

Windows系统sid修改方法

  一.Sid的含义 Sid全称为security identity,即网络安全标示.它用来唯一标示计算机账户.用户组和用户账户这些信息.他由计算机名.当前时间.当前用户态线程的CPU耗费时间的总和三个参数决定以保证它的唯一性.许多系统软件使用此标示来唯一识别一个用户. 二.查看本机sid 1)cmd进入命令行,输入who am i /all.即可查看当前登录用户的sid信息 2)Regedit进入注册表,进入HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows