[host] service: compare SIDs directly without string conversion

Instead of converting every SID to string with ConvertSidToStringSidA
and compare it with the magical SID string for local system with strcmp,
we could instead create the local system SID and compare directly with
EqualSid.
This commit is contained in:
Quantum 2021-04-26 03:11:23 -04:00 committed by Geoffrey McRae
parent 93d97424df
commit 6a1ec9420e

View File

@ -171,6 +171,16 @@ HANDLE dupeSystemProcessToken(void)
EnumProcesses(pids, count * sizeof(DWORD), &returned); EnumProcesses(pids, count * sizeof(DWORD), &returned);
returned /= sizeof(DWORD); returned /= sizeof(DWORD);
char systemSidBuf[SECURITY_MAX_SID_SIZE];
PSID systemSid = (PSID) systemSidBuf;
DWORD cbSystemSid = sizeof systemSidBuf;
if (!CreateWellKnownSid(WinLocalSystemSid, NULL, systemSid, &cbSystemSid))
{
doLog("failed to create local system SID");
return NULL;
}
for(DWORD i = 0; i < returned; ++i) for(DWORD i = 0; i < returned; ++i)
{ {
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pids[i]); HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pids[i]);
@ -189,13 +199,8 @@ HANDLE dupeSystemProcessToken(void)
if (!GetTokenInformation(hToken, TokenUser, user, sizeof(userBuf), &tmp)) if (!GetTokenInformation(hToken, TokenUser, user, sizeof(userBuf), &tmp))
goto err_token; goto err_token;
CHAR * sid = NULL; if (EqualSid(user->User.Sid, systemSid))
if (!ConvertSidToStringSidA(user->User.Sid, &sid))
goto err_token;
if (strcmp(sid, "S-1-5-18") == 0)
{ {
LocalFree(sid);
CloseHandle(hProcess); CloseHandle(hProcess);
// duplicate the token so we can use it // duplicate the token so we can use it
@ -208,7 +213,6 @@ HANDLE dupeSystemProcessToken(void)
return hDupe; return hDupe;
} }
LocalFree(sid);
err_token: err_token:
CloseHandle(hToken); CloseHandle(hToken);
err_proc: err_proc: