valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 01:55:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
29933213df
osquery-1/osquery/process/windows/process_ops.h
Stefano Bonicatti 65aa1cfa3f Fix several integer conversions in process_ops 
Fix UsersTest.test_sanity on Windows.

uid and gid were returned as int (while they normally are unsigned int)
and converted to signed integers in the table row.
This is wrong because beyond uid and gid not being ints,
they are taken from the RID part of the SID which in some cases,
like for a Service SID, it can have a value higher than then maximum
value of an int, so in the end the number shown in table is negative.

Now they are returned as uint32_t and converted as BIGINTs for the table
that uses them.

Fix other functions return values and conversions depending on the meaning of
the value.
On Windows stick to its specific types where possible.

Convert CRLF to LF on some of the files modified.
2019-07-09 12:59:45 +02:00

47 lines
1.0 KiB
C++
Raw Blame History

/**
* Copyright (c) 2014-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed in accordance with the terms specified in
* the LICENSE file found in the root directory of this source tree.
*/
#pragma once
#include <osquery/utils/system/system.h>
// clang-format off
#include <LM.h>
// clang-format on
#include <vector>
#include <osquery/system.h>
#include <osquery/logger.h>
#include <osquery/process/process.h>
namespace osquery {
/**
* @brief Windows helper function used by to convert a binary SID struct into a
* string.
*
* @returns string representation of the binary SID struct.
*/
std::string psidToString(PSID sid);
/**
* @brief Windows helper function to lookup a SID from a username
*
* @returns a unique_ptr to a PSID
*/
std::unique_ptr<BYTE[]> getSidFromUsername(std::wstring accountName);
/**
* @brief Get the relative identifier (RID) from a security identifier (SID).
*
* @returns the RID represented as an unsigned long integer.
*/
DWORD getRidFromSid(PSID sidPtr);
} // namespace osquery
Reference in New Issue View Git Blame Copy Permalink