archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/base/ntos/se/uipriv.c

611 lines
14 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1989 Microsoft Corporation
  5. Module Name:
  7. priv.c
  9. Abstract:
  11. This module provides a command capability to enable and disable
  12. privileges. This command is expected to be an internal cmd.exe
  13. command, but is expected to be passed parameters as if it were
  14. an external command.
  17. THIS IS A TEMPORARY COMMAND. IF IT IS DESIRED TO MAKE THIS A
  18. PERMANENT COMMAND, THEN THIS FILE NEEDS TO BE GONE THROUGH WITH
  19. A FINE-TOOTH COMB TO ROBUSTLY HANDLE ALL ERROR SITUATIONS AND TO
  20. PROVIDE APPROPRIATE ERROR MESSAGES.
  22. Author:
  24. Jim Kelly 1-Apr-1991.
  26. Revision History:
  28. --*/
  30. #include <nt.h>
  31. #include <ntrtl.h>
  33. //#include <sys\types.h>
  34. //#include <sys\stat.h>
  35. //#include <malloc.h>
  36. //#include <stdlib.h>
  37. //#include <ctype.h>
  38. #include <stdio.h>
  39. #include <string.h>
  41. //#include <tools.h>
  43. //
  44. // command qualifier flag values
  45. //
  47. BOOLEAN SwitchEnable = FALSE;
  48. BOOLEAN SwitchDisable = FALSE;
  49. BOOLEAN SwitchReset = FALSE;
  50. BOOLEAN SwitchAll = FALSE;
  52. #ifndef SHIFT
  53. #define SHIFT(c,v) {c--; v++;}
  54. #endif //SHIFT
  59. //
  60. // Function definitions...
  61. //
  64. VOID
  65. Usage ( VOID );
  67. BOOLEAN
  68. OpenAppropriateToken(
  69. OUT PHANDLE Token
  70. );
  72. VOID
  73. EnableAllPrivileges( VOID );
  75. VOID
  76. ResetAllPrivileges( VOID );
  78. VOID
  79. DisableAllPrivileges( VOID );
  81. int
  82. PrivMain (
  83. IN int c,
  84. IN PCHAR v[]
  85. );
  90. VOID
  91. Usage (
  92. VOID
  93. )
  94. /*++
  97. Routine Description:
  99. This routine prints the "Usage:" message.
  101. Arguments:
  103. None.
  105. Return Value:
  107. None.
  109. --*/
  110. {
  112. printf( "\n");
  113. printf( "\n");
  115. printf( "Usage: priv [/EDRA] {PrivilegeName}\n");
  116. printf( " /E - Enable Privilege(s)\n");
  117. printf( " /D - Disable Privilege(s)\n");
  118. printf( " /R - Reset to default setting(s)\n");
  119. printf( " /A - Apply To All Privileges\n");
  120. printf( "\n");
  122. printf( " The qualifiers /E and /D are mutually exclusive and can not\n");
  123. printf( " be used in the same command.\n");
  124. printf( " If /A is specified, then the PrivilegeName is ignored.\n");
  125. printf( "\n");
  126. printf( "\n");
  127. printf( "Examples:\n");
  128. printf( "\n");
  129. printf( " priv /ae\n");
  130. printf( " (enables all held privileges.\n");
  131. printf( "\n");
  132. printf( " priv /ad\n");
  133. printf( " disables all held privileges.\n");
  134. printf( "\n");
  135. printf( " priv /ar\n");
  136. printf( " (returns all privileges to their default setting.\n");
  137. printf( "\n");
  138. printf( " priv /e SeSetTimePrivilege\n");
  139. printf( " (enables the privileges called: SeSetTimePrivilege\n");
  140. printf( "\n");
  141. printf( "\n");
  143. return;
  144. }
  147. BOOLEAN
  148. OpenAppropriateToken(
  149. OUT PHANDLE Token
  150. )
  151. /*++
  154. Routine Description:
  156. This routine opens the appropriate TOKEN object. For an internal
  157. command, this is the current process's token. If this command is
  158. ever made external, then it will be the parent process's token.
  160. If the token can't be openned, then a messages is printed indicating
  161. a problem has been encountered.
  163. The caller is expected to close this token when no longer needed.
  166. Arguments:
  168. Token - Receives the handle value of the openned token.
  171. Return Value:
  173. TRUE - Indicates the token was successfully openned.
  175. FALSE - Indicates the token was NOT successfully openned.
  177. --*/
  179. {
  180. NTSTATUS Status, IgnoreStatus;
  181. OBJECT_ATTRIBUTES ProcessAttributes;
  182. HANDLE Process;
  183. PTEB CurrentTeb;
  185. CurrentTeb = NtCurrentTeb();
  186. InitializeObjectAttributes(&ProcessAttributes, NULL, 0, NULL, NULL);
  187. Status = NtOpenProcess(
  188. &Process, // TargetHandle
  189. PROCESS_QUERY_INFORMATION, // DesiredAccess
  190. &ProcessAttributes, // ObjectAttributes
  191. &CurrentTeb->ClientId // ClientId
  192. );
  194. if (NT_SUCCESS(Status)) {
  196. Status = NtOpenProcessToken(
  197. Process,
  198. TOKEN_ADJUST_PRIVILEGES |
  199. TOKEN_QUERY,
  200. Token
  201. );
  203. IgnoreStatus = NtClose( Process );
  205. if ( NT_SUCCESS(Status) ) {
  207. return TRUE;
  209. }
  211. }
  213. printf( "\n");
  214. printf( "\n");
  215. printf( "You are not allowed to change your own privilege settings.\n");
  216. printf( "Operation failed.\n");
  218. return FALSE;
  220. }
  224. VOID
  225. EnableAllPrivileges(
  226. VOID
  227. )
  228. /*++
  231. Routine Description:
  233. This routine enables all privileges in the token.
  235. Arguments:
  237. None.
  239. Return Value:
  241. None.
  243. --*/
  244. {
  245. NTSTATUS Status;
  246. HANDLE Token;
  247. ULONG ReturnLength, Index;
  248. PTOKEN_PRIVILEGES NewState;
  251. if ( !OpenAppropriateToken(&Token) ) {
  252. return;
  253. }
  255. //
  256. // Get the size needed to query current privilege settings...
  257. //
  259. Status = NtQueryInformationToken(
  260. Token, // TokenHandle
  261. TokenPrivileges, // TokenInformationClass
  262. NewState, // TokenInformation
  263. 0, // TokenInformationLength
  264. &ReturnLength // ReturnLength
  265. );
  266. ASSERT( Status == STATUS_BUFFER_TOO_SMALL );
  268. NewState = RtlAllocateHeap( RtlProcessHeap(), 0, ReturnLength );
  269. ASSERT( NewState != NULL );
  272. Status = NtQueryInformationToken(
  273. Token, // TokenHandle
  274. TokenPrivileges, // TokenInformationClass
  275. NewState, // TokenInformation
  276. ReturnLength, // TokenInformationLength
  277. &ReturnLength // ReturnLength
  278. );
  279. ASSERT( NT_SUCCESS(Status) || NT_INFORMATION(Status) );
  282. //
  283. // Set the state settings so that all privileges are enabled...
  284. //
  286. if (NewState->PrivilegeCount > 0) {
  287. Index = NewState->PrivilegeCount;
  289. while (Index < NewState->PrivilegeCount) {
  290. NewState->Privileges[Index].Attributes = SE_PRIVILEGE_ENABLED;
  291. Index += 1;
  292. }
  293. }
  296. //
  297. // Change the settings in the token...
  298. //
  300. Status = NtAdjustPrivilegesToken(
  301. Token, // TokenHandle
  302. FALSE, // DisableAllPrivileges
  303. NewState, // NewState (OPTIONAL)
  304. ReturnLength, // BufferLength
  305. NULL, // PreviousState (OPTIONAL)
  306. &ReturnLength // ReturnLength
  307. );
  308. ASSERT( NT_SUCCESS(Status) || NT_INFORMATION(Status) );
  312. RtlFreeHeap( RtlProcessHeap(), 0, NewState );
  313. Status = NtClose( Token );
  315. return;
  317. }
  321. VOID
  322. ResetAllPrivileges(
  323. VOID
  324. )
  325. /*++
  328. Routine Description:
  330. This routine resets all privileges in the token to their default state.
  332. Arguments:
  334. None.
  336. Return Value:
  338. None.
  340. --*/
  341. {
  342. NTSTATUS Status;
  343. HANDLE Token;
  344. ULONG ReturnLength, Index;
  345. PTOKEN_PRIVILEGES NewState;
  348. if ( !OpenAppropriateToken(&Token) ) {
  349. printf( "\n");
  350. printf( "\n");
  351. printf( "You are not allowed to change your own privilege settings.\n");
  352. printf( "Operation failed.\n");
  353. return;
  354. }
  356. //
  357. // Get the size needed to query current privilege settings...
  358. //
  360. Status = NtQueryInformationToken(
  361. Token, // TokenHandle
  362. TokenPrivileges, // TokenInformationClass
  363. NewState, // TokenInformation
  364. 0, // TokenInformationLength
  365. &ReturnLength // ReturnLength
  366. );
  367. ASSERT( STATUS_BUFFER_TOO_SMALL );
  369. NewState = RtlAllocateHeap( RtlProcessHeap(), 0, ReturnLength );
  370. ASSERT( NewState != NULL );
  373. Status = NtQueryInformationToken(
  374. Token, // TokenHandle
  375. TokenPrivileges, // TokenInformationClass
  376. NewState, // TokenInformation
  377. ReturnLength, // TokenInformationLength
  378. &ReturnLength // ReturnLength
  379. );
  380. ASSERT( NT_SUCCESS(Status) || NT_INFORMATION(Status) );
  383. //
  384. // Set the state settings so that all privileges are reset to
  385. // their default settings...
  386. //
  388. if (NewState->PrivilegeCount > 0) {
  389. Index = NewState->PrivilegeCount;
  391. while (Index < NewState->PrivilegeCount) {
  392. if (NewState->Privileges[Index].Attributes ==
  393. SE_PRIVILEGE_ENABLED_BY_DEFAULT) {
  394. NewState->Privileges[Index].Attributes = SE_PRIVILEGE_ENABLED;
  395. }
  396. else {
  397. NewState->Privileges[Index].Attributes = 0;
  398. }
  400. Index += 1;
  401. }
  402. }
  405. //
  406. // Change the settings in the token...
  407. //
  409. Status = NtAdjustPrivilegesToken(
  410. Token, // TokenHandle
  411. FALSE, // DisableAllPrivileges
  412. NewState, // NewState (OPTIONAL)
  413. ReturnLength, // BufferLength
  414. NULL, // PreviousState (OPTIONAL)
  415. &ReturnLength // ReturnLength
  416. );
  417. ASSERT( NT_SUCCESS(Status) || NT_INFORMATION(Status) );
  421. RtlFreeHeap( RtlProcessHeap(), 0, NewState );
  422. Status = NtClose( Token );
  424. return;
  426. }
  431. VOID
  432. DisableAllPrivileges(
  433. VOID
  434. )
  435. /*++
  438. Routine Description:
  440. This routine disables all privileges in the token.
  442. Arguments:
  444. None.
  446. Return Value:
  448. None.
  450. --*/
  451. {
  452. ULONG IgnoredReturnLength;
  453. HANDLE Token;
  454. NTSTATUS Status;
  456. if ( !OpenAppropriateToken(&Token) ) {
  457. printf( "\n");
  458. printf( "\n");
  459. printf( "You are not allowed to change your own privilege settings.\n");
  460. printf( "Operation failed.\n");
  461. return;
  462. }
  464. //
  465. // Disable all the privileges.
  466. //
  469. Status = NtAdjustPrivilegesToken(
  470. Token, // TokenHandle
  471. TRUE, // DisableAllPrivileges
  472. NULL, // NewState (OPTIONAL)
  473. 0, // BufferLength
  474. NULL, // PreviousState (OPTIONAL)
  475. &IgnoredReturnLength // ReturnLength
  476. );
  477. ASSERT( NT_SUCCESS(Status) || NT_INFORMATION(Status) );
  479. Status = NtClose( Token );
  480. return;
  482. }
  485. int
  486. PrivMain (
  487. IN int c,
  488. IN PCHAR v[]
  489. )
  490. /*++
  493. Routine Description:
  495. This routine is the main entry routine for the "priv" command.
  497. Arguments:
  499. TBS
  501. Return Value:
  503. TBS
  505. --*/
  506. {
  507. PCHAR p;
  508. CHAR ch;
  509. ULONG DispositionDirectives;
  512. try {
  513. DispositionDirectives = 0;
  514. SHIFT (c,v);
  515. while ((c > 0) && ((ch = *v[0]))) {
  516. p = *v;
  517. if (ch == '/') {
  518. while (*++p != '\0') {
  519. if (*p == 'E') {
  520. SwitchEnable = TRUE;
  521. DispositionDirectives += 1;
  522. }
  523. if (*p == 'D') {
  524. SwitchDisable = TRUE;
  525. DispositionDirectives += 1;
  526. }
  527. if (*p == 'R') {
  528. SwitchReset = TRUE;
  529. DispositionDirectives += 1;
  530. }
  531. else if (*p == 'A') {
  532. SwitchAll = TRUE;
  533. }
  534. else {
  535. Usage();
  536. }
  537. }
  538. SHIFT(c,v);
  539. }
  540. }
  542. //
  543. // Make sure we don't have conflicting parameters
  544. //
  545. // Rules:
  546. //
  547. // If /A isn't specified, then a privilege name must be.
  548. // Exactly one of /E, /D, and /R must be specified.
  549. //
  550. //
  553. if (!SwitchAll && (c == 0)) {
  554. printf( "\n");
  555. printf( "\n");
  556. printf( "You must provide privilege name or use the /A switch.\n");
  557. Usage();
  558. return ( 0 );
  559. }
  561. if (DispositionDirectives != 1) {
  562. printf( "\n");
  563. printf( "\n");
  564. printf( "You must provide one and only one of the following");
  565. printf( "switches: /E, /D, /R\n");
  566. Usage();
  567. return ( 0 );
  569. }
  572. //
  573. // Everything appears legitimate
  574. //
  576. if (SwitchAll) {
  578. //
  579. // /A switch specified
  580. //
  582. if (SwitchEnable) {
  583. EnableAllPrivileges();
  584. }
  585. else if (SwitchDisable) {
  586. DisableAllPrivileges();
  587. }
  588. else {
  589. ResetAllPrivileges();
  590. }
  591. }
  593. //
  594. // privilege name specified...
  595. //
  597. else {
  598. printf( "\n");
  599. printf( "I'm sorry, but due to the lack of time and interest,\n");
  600. printf( "individual privilege selection is not yet supported.\n");
  601. printf( "Please use the /A qualifier for the time being.\n");
  602. printf( "\n");
  603. }
  605. } finally {
  606. return ( 0 );
  607. }
  609. return( 0 );
  611. }