Current SID

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Current SID

John Keenan
The Windows method ReportEvent is implemented in Dolphin method
AdvApiLibrary>>reportEvent: wType: wCategory: dwEventId:  lpUserSid:
wNumStrings: dwDataSize:  lpStrings: lpRawData:. This method writes an event
which can be viewed with Event Viewer (Eventvwr.exe).

I would like to supply an argument to lpUserSid: which is the Sid of whoever
owns the currently executing process. I have searched high and low through
MSDN and this seems to be a very difficult task.

Does someone know a simple means to get the current Sid?

John Keenan


Reply | Threaded
Open this post in threaded view
|

Re: Current SID

Blair McGlashan
John

You wrote in message
news:[hidden email]...
> ...
> Does someone know a simple means to get the current Sid?

The attached may do what you want, but I will freely admit that NT security
is something of which I am blissfully ignorant.

Otherwise NULL can be passed to ReportEvent in place of the SID.

Regards

Blair

------------------------------------------
| package |
package := Package name: 'Get Process SID'.
package paxVersion: 0;
 basicComment: 'UserLibrary default getProcessSID'.

package basicPackageVersion: ''.

"Add the package scripts"

"Add the class names, loose method names, global names, resource names"
package classNames
 yourself.

package methodNames
 add: #UserLibrary -> #getProcessSID;
 add: #UserLibrary -> #getProcessWindowStation;
 add: #UserLibrary ->
#getUserObjectInformation:nIndex:pvInfo:nLength:lpnLengthNeeded:;
 yourself.

package globalNames
 yourself.

package resourceNames
 yourself.

"Binary Global Names"
package binaryGlobalNames: (Set new
 yourself).
"Resource Names"
package allResourceNames: (Set new
 yourself).

"Add the prerequisite names"
package setPrerequisites: (IdentitySet new
 add: 'Dolphin';
 yourself).

package!

"Class Definitions"!

"Loose Methods"!

!UserLibrary methodsFor!

getProcessSID
 "Answer the SID for the current process."

 | len sid |
 len := DWORD new.
 UserLibrary default
  getUserObjectInformation: UserLibrary default getProcessWindowStation
  nIndex: 4 "UOI_USER_SID"
  pvInfo: nil
  nLength: 0
  lpnLengthNeeded: len.
 sid := ByteArray new: len asInteger.
 UserLibrary default
  getUserObjectInformation: UserLibrary default getProcessWindowStation
  nIndex: 4 "UOI_USER_SID"
  pvInfo: sid
  nLength: len asInteger
  lpnLengthNeeded: len.
 ^sid!

getProcessWindowStation
 "HWINSTA GetProcessWindowStation(VOID);"

 <stdcall: handle GetProcessWindowStation>
 ^self invalidCall
!

getUserObjectInformation: hObj nIndex: nIndex pvInfo: pvInfo nLength:
nLength lpnLengthNeeded: lpnLengthNeeded
 "BOOL GetUserObjectInformation( HANDLE hObj <>, // handle to object int
nIndex <>, // type of information to retrieve PVOID pvInfo <>, //
information buffer DWORD nLength <>, // size of the buffer LPDWORD
lpnLengthNeeded <> // receives required buffer size );"

 <stdcall: bool GetUserObjectInformationA handle sdword void* dword dword*>
 ^self invalidCall
! !
!UserLibrary categoriesFor: #getProcessSID!*-unclassified!public! !
!UserLibrary categoriesFor:
#getProcessWindowStation!*-primitives!*-unclassified!public! !
!UserLibrary categoriesFor:
#getUserObjectInformation:nIndex:pvInfo:nLength:lpnLengthNeeded:!*-primitive
s!*-unclassified!public! !

"End of package definition"!


"Binary Globals"!

"Resources"!


Reply | Threaded
Open this post in threaded view
|

Re: Current SID

John Keenan
Blair,

"Blair McGlashan" <[hidden email]> wrote:
> The attached may do what you want, but I will freely admit that NT
security
> is something of which I am blissfully ignorant.
>
> Otherwise NULL can be passed to ReportEvent in place of the SID.

Your example did the trick.

I was aware that NULL could be passed to ReportEvents in place of the SID.
However, when the SID is NULL the "User:" field displayed by the Event
Viewer is "N/A" (one would think ReportEvents could do better than "N/A"
when the argument is NULL). With your example I now have the "User:" field
properly populated... and what a surprise. I was expecting "Administrator",
"Guest", etc. to appear depending on how I was logged on. Instead it is
populated with "S-1-5-5-0-20714". I see several examples of this in the MSDN
and will now try to figure out what it means.

Many thanks... and congratulations on your new addition.

John Keenan