How to change the SID manually of an impersonation token

502 Views Asked by Frank Palmasani At 01 March 2016 at 14:58

Is it possible to manually change the SID of an a thread's impersonation token?

if (0 == ImpersonateSelf(SecurityDelegation))
{
    //FAILED
    return 1;
} 

HANDLE tokenHandle = NULL;
PTOKEN_USER pUserToken = NULL;
PSID sid;
DWORD dwRequiredLength = 0;

... 
    // some code that gets the tokenhandle, TokenUser buffer, etc.,
    // and allocates all necessary memory
    // original psid is "S-1-5-21-21515-10001"
...

if (OpenThreadToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, TRUE, &tokenHandle))
{
    // get buffer size
    if (!GetTokenInformation(tTokenHandle, TokenUser, pUserToken, 0, &dwRequiredLength))
    {
        pUserToken = (PTOKEN_USER)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwRequiredLength);
        // assume allocation works
        if (ConvertStringSidToSid(TEXT("S-1-5-21-100000-1005555", &sid))
        {
            pUserToken->User.Sid = sid;
            if (SetTokenInformation(tokenHandle, TokenUser, pUserToken, dwRequiredLength))
            {
                 // SUCCESS
            }
            HeapFree(GetProcessHeap(), 0, pUserToken);
        }
    }
}

All of my code runs correctly until SetTokenInformation(...) is reached. When trying to call SetTokenInformation() I receive an error 87, or ERROR_INVALID_PARAMETER. I'm not sure how or why I'm getting that since it seems that everything is running smoothly.

My thoughts are that maybe it just isn't possible to set a custom SID to a access token, even if it is a temporary impersonation token on behalf of a thread.

Thanks guys!

Original Q&A

How to change the SID manually of an impersonation token

There are 0 best solutions below

Related Questions in C++

Related Questions in MULTITHREADING

Related Questions in ACCESS-TOKEN

Related Questions in IMPERSONATION

Related Questions in SID

Trending Questions

Popular # Hahtags

Popular Questions