archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/shell/osshell/security/common/priv.cpp

153 lines
5.0 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+-------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (C) Microsoft Corporation, 1997 - 1999
  6. //
  7. // File: priv.cpp
  8. //
  9. // Provides support for enabling/disabling privileges
  10. //
  11. //--------------------------------------------------------------------------
  13. #include "pch.h"
  16. /*******************************************************************
  18. NAME: EnablePrivileges
  20. SYNOPSIS: Enables the given privileges in the current token
  22. ENTRY: pdwPrivileges - list of privileges to enable
  24. RETURNS: On success, the previous thread handle (if present) or NULL
  25. On failure, INVALID_HANDLE_VALUE
  27. NOTES: The returned handle should be passed to ReleasePrivileges
  28. to ensure proper cleanup. Otherwise, if not NULL or
  29. INVALID_HANDLE_VALUE it should be closed with CloseHandle.
  31. HISTORY:
  32. JeffreyS 08-Oct-1996 Created
  34. ********************************************************************/
  35. HANDLE EnablePrivileges(PDWORD pdwPrivileges, ULONG cPrivileges)
  36. {
  37. BOOL fResult;
  38. HANDLE hToken;
  39. HANDLE hOriginalThreadToken;
  40. PTOKEN_PRIVILEGES ptp;
  41. ULONG nBufferSize;
  43. if (!pdwPrivileges || !cPrivileges)
  44. return INVALID_HANDLE_VALUE;
  46. // Note that TOKEN_PRIVILEGES includes a single LUID_AND_ATTRIBUTES
  47. nBufferSize = sizeof(TOKEN_PRIVILEGES) + (cPrivileges - 1)*sizeof(LUID_AND_ATTRIBUTES);
  48. ptp = (PTOKEN_PRIVILEGES)LocalAlloc(LPTR, nBufferSize);
  49. if (!ptp)
  50. return INVALID_HANDLE_VALUE;
  52. //
  53. // Initialize the Privileges Structure
  54. //
  55. ptp->PrivilegeCount = cPrivileges;
  56. for (ULONG i = 0; i < cPrivileges; i++)
  57. {
  58. //ptp->Privileges[i].Luid = RtlConvertUlongToLuid(*pdwPrivileges++);
  59. ptp->Privileges[i].Luid.LowPart = *pdwPrivileges++;
  60. ptp->Privileges[i].Luid.HighPart = 0;
  61. ptp->Privileges[i].Attributes = SE_PRIVILEGE_ENABLED;
  62. }
  64. //
  65. // Open the Token
  66. //
  67. hToken = hOriginalThreadToken = INVALID_HANDLE_VALUE;
  68. fResult = OpenThreadToken(GetCurrentThread(), TOKEN_DUPLICATE, FALSE, &hToken);
  69. if (fResult)
  70. hOriginalThreadToken = hToken; // Remember the thread token
  71. else
  72. fResult = OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE, &hToken);
  74. if (fResult)
  75. {
  76. HANDLE hNewToken;
  78. //
  79. // Duplicate that Token
  80. //
  81. fResult = DuplicateTokenEx(hToken,
  82. TOKEN_IMPERSONATE | TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
  83. NULL, // PSECURITY_ATTRIBUTES
  84. SecurityImpersonation, // SECURITY_IMPERSONATION_LEVEL
  85. TokenImpersonation, // TokenType
  86. &hNewToken); // Duplicate token
  87. if (fResult)
  88. {
  89. //
  90. // Add new privileges
  91. //
  92. fResult = AdjustTokenPrivileges(hNewToken, // TokenHandle
  93. FALSE, // DisableAllPrivileges
  94. ptp, // NewState
  95. 0, // BufferLength
  96. NULL, // PreviousState
  97. NULL); // ReturnLength
  98. if (fResult)
  99. {
  100. //
  101. // Begin impersonating with the new token
  102. //
  103. fResult = SetThreadToken(NULL, hNewToken);
  104. }
  106. CloseHandle(hNewToken);
  107. }
  108. }
  110. // If something failed, don't return a token
  111. if (!fResult)
  112. hOriginalThreadToken = INVALID_HANDLE_VALUE;
  114. // Close the original token if we aren't returning it
  115. if (hOriginalThreadToken == INVALID_HANDLE_VALUE && hToken != INVALID_HANDLE_VALUE)
  116. CloseHandle(hToken);
  118. // If we succeeded, but there was no original thread token,
  119. // return NULL to indicate we need to do SetThreadToken(NULL, NULL)
  120. // to release privs.
  121. if (fResult && hOriginalThreadToken == INVALID_HANDLE_VALUE)
  122. hOriginalThreadToken = NULL;
  124. LocalFree(ptp);
  126. return hOriginalThreadToken;
  127. }
  130. /*******************************************************************
  132. NAME: ReleasePrivileges
  134. SYNOPSIS: Resets privileges to the state prior to the corresponding
  135. EnablePrivileges call.
  137. ENTRY: hToken - result of call to EnablePrivileges
  139. RETURNS: nothing
  141. HISTORY:
  142. JeffreyS 08-Oct-1996 Created
  144. ********************************************************************/
  145. void ReleasePrivileges(HANDLE hToken)
  146. {
  147. if (INVALID_HANDLE_VALUE != hToken)
  148. {
  149. SetThreadToken(NULL, hToken);
  150. if (hToken)
  151. CloseHandle(hToken);
  152. }
  153. }