- Implemented RtlAdjustPrivileges().

- Implemented NtAdjustPrivilegesToken() partially.
- Fixed declaration of LUID.

svn path=/trunk/; revision=4804
This commit is contained in:
Eric Kohl 2003-05-31 11:10:30 +00:00
parent 5f47cf8a2a
commit ba5a26559b
10 changed files with 359 additions and 192 deletions

View file

@ -1,4 +1,4 @@
/* $Id: rtl.h,v 1.38 2003/04/02 00:05:59 hyperion Exp $
/* $Id: rtl.h,v 1.39 2003/05/31 11:07:00 ekohl Exp $
*
*/
@ -518,6 +518,12 @@ RtlIsValidIndexHandle (
IN ULONG Index
);
NTSTATUS STDCALL
RtlAdjustPrivilege(IN ULONG Privilege,
IN BOOLEAN Enable,
IN BOOLEAN CurrentThread,
OUT PBOOLEAN Enabled);
NTSTATUS
STDCALL
RtlImpersonateSelf (

View file

@ -239,7 +239,11 @@ typedef enum _ACL_INFORMATION_CLASS
typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
typedef LARGE_INTEGER LUID, *PLUID;
typedef struct _LUID
{
ULONG LowPart;
LONG HighPart;
} LUID, *PLUID;
typedef struct _SECURITY_DESCRIPTOR
{
@ -255,7 +259,7 @@ typedef struct _SECURITY_DESCRIPTOR
typedef struct _LUID_AND_ATTRIBUTES
{
LUID Luid;
DWORD Attributes;
ULONG Attributes;
} LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
typedef struct _TOKEN_SOURCE

View file

@ -1,4 +1,4 @@
; $Id: ntdll.def,v 1.99 2003/05/15 11:02:03 ekohl Exp $
; $Id: ntdll.def,v 1.100 2003/05/31 11:08:08 ekohl Exp $
;
; ReactOS Operating System
;
@ -286,7 +286,7 @@ RtlAddAtomToAtomTable@12
;RtlAddAttributeActionToRXact
RtlAddAuditAccessAce@24
;RtlAddCompoundAce
;RtlAdjustPrivilege
RtlAdjustPrivilege@16
RtlAllocateAndInitializeSid@44
RtlAllocateHandle@8
RtlAllocateHeap@12

View file

@ -1,4 +1,4 @@
; $Id: ntdll.edf,v 1.88 2003/05/15 11:02:03 ekohl Exp $
; $Id: ntdll.edf,v 1.89 2003/05/31 11:08:08 ekohl Exp $
;
; ReactOS Operating System
;
@ -286,7 +286,7 @@ RtlAddAtomToAtomTable=RtlAddAtomToAtomTable@12
;RtlAddAttributeActionToRXact
RtlAddAuditAccessAce=RtlAddAuditAccessAce@24
;RtlAddCompoundAce
;RtlAdjustPrivilege
RtlAdjustPrivilege=RtlAdjustPrivilege@16
RtlAllocateAndInitializeSid=RtlAllocateAndInitializeSid@44
RtlAllocateHandle=RtlAllocateHandle@8
RtlAllocateHeap=RtlAllocateHeap@12

View file

@ -1,4 +1,4 @@
/* $Id: luid.c,v 1.5 2002/09/08 10:23:05 chorns Exp $
/* $Id: luid.c,v 1.6 2003/05/31 11:08:50 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -13,13 +13,15 @@
#include <ddk/ntddk.h>
/* FUNCTIONS *****************************************************************/
VOID STDCALL
RtlCopyLuid(PLUID LuidDest,
PLUID LuidSrc)
{
LuidDest->QuadPart = LuidSrc->QuadPart;
LuidDest->LowPart = LuidSrc->LowPart;
LuidDest->HighPart = LuidSrc->HighPart;
}
@ -43,7 +45,8 @@ BOOLEAN STDCALL
RtlEqualLuid(PLUID Luid1,
PLUID Luid2)
{
return((Luid1->QuadPart == Luid2->QuadPart) ? TRUE : FALSE);
return (Luid1->LowPart == Luid2->LowPart &&
Luid1->HighPart == Luid2->HighPart);
}
/* EOF */

View file

@ -1,4 +1,4 @@
/* $Id: security.c,v 1.7 2002/09/08 10:23:06 chorns Exp $
/* $Id: security.c,v 1.8 2003/05/31 11:08:50 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -12,6 +12,11 @@
#include <ddk/ntddk.h>
#include <ntdll/rtl.h>
#define NDEBUG
#include <ntdll/ntdll.h>
/* FUNCTIONS ****************************************************************/
NTSTATUS STDCALL
RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
@ -62,4 +67,76 @@ RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
return(Status);
}
NTSTATUS STDCALL
RtlAdjustPrivilege(IN ULONG Privilege,
IN BOOLEAN Enable,
IN BOOLEAN CurrentThread,
OUT PBOOLEAN Enabled)
{
TOKEN_PRIVILEGES NewState;
TOKEN_PRIVILEGES OldState;
ULONG ReturnLength;
HANDLE TokenHandle;
NTSTATUS Status;
DPRINT1("RtlAdjustPrivilege() called\n");
if (CurrentThread)
{
Status = NtOpenThreadToken (NtCurrentThread (),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
FALSE,
&TokenHandle);
}
else
{
Status = NtOpenProcessToken (NtCurrentProcess (),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
&TokenHandle);
}
if (!NT_SUCCESS (Status))
{
DPRINT1("Retrieving token handle failed (Status %lx)\n", Status);
return Status;
}
NewState.PrivilegeCount = 1;
NewState.Privileges[0].Luid.LowPart = Privilege;
NewState.Privileges[0].Luid.HighPart = 0;
NewState.Privileges[0].Attributes = (Enable) ? SE_PRIVILEGE_ENABLED : 0;
Status = NtAdjustPrivilegesToken (TokenHandle,
FALSE,
&NewState,
sizeof(TOKEN_PRIVILEGES),
&OldState,
&ReturnLength);
NtClose (TokenHandle);
if (Status == STATUS_NOT_ALL_ASSIGNED)
{
DPRINT1("Failed to assign all privileges\n");
return STATUS_PRIVILEGE_NOT_HELD;
}
if (!NT_SUCCESS(Status))
{
DPRINT1("NtAdjustPrivilegesToken() failed (Status %lx)\n", Status);
return Status;
}
if (OldState.PrivilegeCount == 0)
{
*Enabled = Enable;
}
else
{
*Enabled = (OldState.Privileges[0].Attributes & SE_PRIVILEGE_ENABLED);
}
DPRINT1("RtlAdjustPrivilege() done\n");
return STATUS_SUCCESS;
}
/* EOF */

View file

@ -120,7 +120,8 @@ NTSTATUS SeExchangePrimaryToken(struct _EPROCESS* Process,
PACCESS_TOKEN NewToken,
PACCESS_TOKEN* OldTokenP);
NTSTATUS SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
NTSTATUS
SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
ULONG PrivilegeCount,
KPROCESSOR_MODE PreviousMode,
PLUID_AND_ATTRIBUTES AllocatedMem,
@ -130,6 +131,11 @@ NTSTATUS SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
PLUID_AND_ATTRIBUTES* Dest,
PULONG Length);
VOID
SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
KPROCESSOR_MODE PreviousMode,
ULONG a);
#endif /* __NTOSKRNL_INCLUDE_INTERNAL_SE_H */

View file

@ -1,4 +1,4 @@
/* $Id: luid.c,v 1.6 2002/09/08 10:23:43 chorns Exp $
/* $Id: luid.c,v 1.7 2003/05/31 11:10:30 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -19,7 +19,9 @@
static KSPIN_LOCK LuidLock;
static LARGE_INTEGER LuidIncrement;
static LUID Luid;
static LARGE_INTEGER LuidValue;
#define SYSTEM_LUID 0x3E7;
/* FUNCTIONS *****************************************************************/
@ -27,25 +29,27 @@ VOID
SepInitLuid(VOID)
{
KeInitializeSpinLock(&LuidLock);
Luid.QuadPart = 999; /* SYSTEM_LUID */
LuidValue.QuadPart = SYSTEM_LUID;
LuidIncrement.QuadPart = 1;
}
NTSTATUS STDCALL
NtAllocateLocallyUniqueId(OUT LUID* LocallyUniqueId)
NtAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
{
KIRQL oldIrql;
LUID ReturnedLuid;
LARGE_INTEGER ReturnedLuid;
KIRQL Irql;
KeAcquireSpinLock(&LuidLock,
&oldIrql);
ReturnedLuid = Luid;
Luid = RtlLargeIntegerAdd(Luid,
&Irql);
ReturnedLuid = LuidValue;
LuidValue = RtlLargeIntegerAdd(LuidValue,
LuidIncrement);
KeReleaseSpinLock(&LuidLock,
oldIrql);
*LocallyUniqueId = ReturnedLuid;
Irql);
LocallyUniqueId->LowPart = ReturnedLuid.u.LowPart;
LocallyUniqueId->HighPart = ReturnedLuid.u.HighPart;
return(STATUS_SUCCESS);
}
@ -55,7 +59,8 @@ VOID STDCALL
RtlCopyLuid(IN PLUID LuidDest,
IN PLUID LuidSrc)
{
LuidDest->QuadPart = LuidSrc->QuadPart;
LuidDest->LowPart = LuidSrc->LowPart;
LuidDest->HighPart = LuidSrc->HighPart;
}
@ -63,7 +68,8 @@ BOOLEAN STDCALL
RtlEqualLuid(IN PLUID Luid1,
IN PLUID Luid2)
{
return((Luid1->QuadPart == Luid2->QuadPart) ? TRUE : FALSE);
return (Luid1->LowPart == Luid2->LowPart &&
Luid1->HighPart == Luid2->HighPart);
}
/* EOF */

View file

@ -1,4 +1,4 @@
/* $Id: priv.c,v 1.5 2002/09/08 10:23:43 chorns Exp $
/* $Id: priv.c,v 1.6 2003/05/31 11:10:30 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -47,48 +47,72 @@ LUID SeRemoteShutdownPrivilege;
/* FUNCTIONS ***************************************************************/
VOID
SepInitPrivileges(VOID)
SepInitPrivileges (VOID)
{
SeCreateTokenPrivilege.QuadPart = SE_CREATE_TOKEN_PRIVILEGE;
SeAssignPrimaryTokenPrivilege.QuadPart = SE_ASSIGNPRIMARYTOKEN_PRIVILEGE;
SeLockMemoryPrivilege.QuadPart = SE_LOCK_MEMORY_PRIVILEGE;
SeIncreaseQuotaPrivilege.QuadPart = SE_INCREASE_QUOTA_PRIVILEGE;
SeUnsolicitedInputPrivilege.QuadPart = SE_UNSOLICITED_INPUT_PRIVILEGE;
SeTcbPrivilege.QuadPart = SE_TCB_PRIVILEGE;
SeSecurityPrivilege.QuadPart = SE_SECURITY_PRIVILEGE;
SeTakeOwnershipPrivilege.QuadPart = SE_TAKE_OWNERSHIP_PRIVILEGE;
SeLoadDriverPrivilege.QuadPart = SE_LOAD_DRIVER_PRIVILEGE;
SeSystemProfilePrivilege.QuadPart = SE_SYSTEM_PROFILE_PRIVILEGE;
SeSystemtimePrivilege.QuadPart = SE_SYSTEMTIME_PRIVILEGE;
SeProfileSingleProcessPrivilege.QuadPart = SE_PROF_SINGLE_PROCESS_PRIVILEGE;
SeIncreaseBasePriorityPrivilege.QuadPart = SE_INC_BASE_PRIORITY_PRIVILEGE;
SeCreatePagefilePrivilege.QuadPart = SE_CREATE_PAGEFILE_PRIVILEGE;
SeCreatePermanentPrivilege.QuadPart = SE_CREATE_PERMANENT_PRIVILEGE;
SeBackupPrivilege.QuadPart = SE_BACKUP_PRIVILEGE;
SeRestorePrivilege.QuadPart = SE_RESTORE_PRIVILEGE;
SeShutdownPrivilege.QuadPart = SE_SHUTDOWN_PRIVILEGE;
SeDebugPrivilege.QuadPart = SE_DEBUG_PRIVILEGE;
SeAuditPrivilege.QuadPart = SE_AUDIT_PRIVILEGE;
SeSystemEnvironmentPrivilege.QuadPart = SE_SYSTEM_ENVIRONMENT_PRIVILEGE;
SeChangeNotifyPrivilege.QuadPart = SE_CHANGE_NOTIFY_PRIVILEGE;
SeRemoteShutdownPrivilege.QuadPart = SE_REMOTE_SHUTDOWN_PRIVILEGE;
SeCreateTokenPrivilege.LowPart = SE_CREATE_TOKEN_PRIVILEGE;
SeCreateTokenPrivilege.HighPart = 0;
SeAssignPrimaryTokenPrivilege.LowPart = SE_ASSIGNPRIMARYTOKEN_PRIVILEGE;
SeAssignPrimaryTokenPrivilege.HighPart = 0;
SeLockMemoryPrivilege.LowPart = SE_LOCK_MEMORY_PRIVILEGE;
SeLockMemoryPrivilege.HighPart = 0;
SeIncreaseQuotaPrivilege.LowPart = SE_INCREASE_QUOTA_PRIVILEGE;
SeIncreaseQuotaPrivilege.HighPart = 0;
SeUnsolicitedInputPrivilege.LowPart = SE_UNSOLICITED_INPUT_PRIVILEGE;
SeUnsolicitedInputPrivilege.HighPart = 0;
SeTcbPrivilege.LowPart = SE_TCB_PRIVILEGE;
SeTcbPrivilege.HighPart = 0;
SeSecurityPrivilege.LowPart = SE_SECURITY_PRIVILEGE;
SeSecurityPrivilege.HighPart = 0;
SeTakeOwnershipPrivilege.LowPart = SE_TAKE_OWNERSHIP_PRIVILEGE;
SeTakeOwnershipPrivilege.HighPart = 0;
SeLoadDriverPrivilege.LowPart = SE_LOAD_DRIVER_PRIVILEGE;
SeLoadDriverPrivilege.HighPart = 0;
SeSystemProfilePrivilege.LowPart = SE_SYSTEM_PROFILE_PRIVILEGE;
SeSystemProfilePrivilege.HighPart = 0;
SeSystemtimePrivilege.LowPart = SE_SYSTEMTIME_PRIVILEGE;
SeSystemtimePrivilege.HighPart = 0;
SeProfileSingleProcessPrivilege.LowPart = SE_PROF_SINGLE_PROCESS_PRIVILEGE;
SeProfileSingleProcessPrivilege.HighPart = 0;
SeIncreaseBasePriorityPrivilege.LowPart = SE_INC_BASE_PRIORITY_PRIVILEGE;
SeIncreaseBasePriorityPrivilege.HighPart = 0;
SeCreatePagefilePrivilege.LowPart = SE_CREATE_PAGEFILE_PRIVILEGE;
SeCreatePagefilePrivilege.HighPart = 0;
SeCreatePermanentPrivilege.LowPart = SE_CREATE_PERMANENT_PRIVILEGE;
SeCreatePermanentPrivilege.HighPart = 0;
SeBackupPrivilege.LowPart = SE_BACKUP_PRIVILEGE;
SeBackupPrivilege.HighPart = 0;
SeRestorePrivilege.LowPart = SE_RESTORE_PRIVILEGE;
SeRestorePrivilege.HighPart = 0;
SeShutdownPrivilege.LowPart = SE_SHUTDOWN_PRIVILEGE;
SeShutdownPrivilege.HighPart = 0;
SeDebugPrivilege.LowPart = SE_DEBUG_PRIVILEGE;
SeDebugPrivilege.HighPart = 0;
SeAuditPrivilege.LowPart = SE_AUDIT_PRIVILEGE;
SeAuditPrivilege.HighPart = 0;
SeSystemEnvironmentPrivilege.LowPart = SE_SYSTEM_ENVIRONMENT_PRIVILEGE;
SeSystemEnvironmentPrivilege.HighPart = 0;
SeChangeNotifyPrivilege.LowPart = SE_CHANGE_NOTIFY_PRIVILEGE;
SeChangeNotifyPrivilege.HighPart = 0;
SeRemoteShutdownPrivilege.LowPart = SE_REMOTE_SHUTDOWN_PRIVILEGE;
SeRemoteShutdownPrivilege.HighPart = 0;
}
BOOLEAN SepPrivilegeCheck(PACCESS_TOKEN Token,
BOOLEAN
SepPrivilegeCheck (PACCESS_TOKEN Token,
PLUID_AND_ATTRIBUTES Privileges,
ULONG PrivilegeCount,
ULONG PrivilegeControl,
KPROCESSOR_MODE PreviousMode)
{
ULONG i;
PLUID_AND_ATTRIBUTES Current;
ULONG i;
ULONG j;
ULONG k;
if (PreviousMode == KernelMode)
{
return(TRUE);
return TRUE;
}
j = 0;
@ -102,39 +126,37 @@ BOOLEAN SepPrivilegeCheck(PACCESS_TOKEN Token,
for (i = 0; i < Token->PrivilegeCount; i++)
{
if (!(Current[i].Attributes & SE_PRIVILEGE_ENABLED) &&
Privileges[i].Luid.u.LowPart ==
Current[i].Luid.u.LowPart &&
Privileges[i].Luid.u.HighPart ==
Current[i].Luid.u.HighPart)
Privileges[i].Luid.LowPart == Current[i].Luid.LowPart &&
Privileges[i].Luid.HighPart == Current[i].Luid.HighPart)
{
Privileges[i].Attributes =
Privileges[i].Attributes |
SE_PRIVILEGE_USED_FOR_ACCESS;
Privileges[i].Attributes |= SE_PRIVILEGE_USED_FOR_ACCESS;
j++;
break;
}
}
k--;
} while (k > 0);
}
while (k > 0);
}
if ((PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY) &&
PrivilegeCount == j)
{
return(TRUE);
return TRUE;
}
if (j > 0 &&
!(PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY))
{
return(TRUE);
return TRUE;
}
return(FALSE);
return FALSE;
}
NTSTATUS SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
NTSTATUS
SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src,
ULONG PrivilegeCount,
KPROCESSOR_MODE PreviousMode,
PLUID_AND_ATTRIBUTES AllocatedMem,
@ -181,6 +203,7 @@ NTSTATUS SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
return(STATUS_SUCCESS);
}
VOID
SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
KPROCESSOR_MODE PreviousMode,
@ -189,6 +212,7 @@ SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
ExFreePool(Privilege);
}
NTSTATUS STDCALL
NtPrivilegeCheck(IN HANDLE ClientToken,
IN PPRIVILEGE_SET RequiredPrivileges,
@ -246,6 +270,7 @@ NtPrivilegeCheck(IN HANDLE ClientToken,
return(STATUS_SUCCESS);
}
BOOLEAN STDCALL
SePrivilegeCheck(PPRIVILEGE_SET Privileges,
PSECURITY_SUBJECT_CONTEXT SubjectContext,
@ -273,6 +298,7 @@ SePrivilegeCheck(PPRIVILEGE_SET Privileges,
PreviousMode));
}
BOOLEAN STDCALL
SeSinglePrivilegeCheck(IN LUID PrivilegeValue,
IN KPROCESSOR_MODE PreviousMode)
@ -304,3 +330,4 @@ SeSinglePrivilegeCheck(IN LUID PrivilegeValue,
return(r);
}
/* EOF */

View file

@ -1,4 +1,4 @@
/* $Id: token.c,v 1.22 2002/10/25 21:48:00 chorns Exp $
/* $Id: token.c,v 1.23 2003/05/31 11:10:30 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -172,10 +172,14 @@ SepDuplicateToken(PACCESS_TOKEN Token,
AccessToken->TokenInUse = 0;
AccessToken->TokenType = TokenType;
AccessToken->ImpersonationLevel = Level;
AccessToken->AuthenticationId.QuadPart = SYSTEM_LUID;
AccessToken->AuthenticationId.LowPart = SYSTEM_LUID;
AccessToken->AuthenticationId.HighPart = 0;
AccessToken->TokenSource.SourceIdentifier.QuadPart = Token->TokenSource.SourceIdentifier.QuadPart;
memcpy(AccessToken->TokenSource.SourceName, Token->TokenSource.SourceName, sizeof(Token->TokenSource.SourceName));
AccessToken->TokenSource.SourceIdentifier.LowPart = Token->TokenSource.SourceIdentifier.LowPart;
AccessToken->TokenSource.SourceIdentifier.HighPart = Token->TokenSource.SourceIdentifier.HighPart;
memcpy(AccessToken->TokenSource.SourceName,
Token->TokenSource.SourceName,
sizeof(Token->TokenSource.SourceName));
AccessToken->ExpirationTime.QuadPart = Token->ExpirationTime.QuadPart;
AccessToken->UserAndGroupCount = Token->UserAndGroupCount;
AccessToken->DefaultOwnerIndex = Token->DefaultOwnerIndex;
@ -820,27 +824,28 @@ NtAdjustGroupsToken(IN HANDLE TokenHandle,
#if 0
NTSTATUS SepAdjustPrivileges(PACCESS_TOKEN Token, // 0x8
ULONG a, // 0xC
KPROCESSOR_MODE PreviousMode, // 0x10
ULONG PrivilegeCount, // 0x14
PLUID_AND_ATTRIBUTES Privileges, // 0x18
PTOKEN_PRIVILEGES* PreviousState, // 0x1C
PULONG b, // 0x20
PULONG c, // 0x24
PULONG d) // 0x28
NTSTATUS
SepAdjustPrivileges(PACCESS_TOKEN Token,
ULONG a,
KPROCESSOR_MODE PreviousMode,
ULONG PrivilegeCount,
PLUID_AND_ATTRIBUTES Privileges,
PTOKEN_PRIVILEGES* PreviousState,
PULONG b,
PULONG c,
PULONG d)
{
ULONG i;
*c = 0;
if (Token->PrivilegeCount > 0)
{
for (i=0; i<Token->PrivilegeCount; i++)
for (i = 0; i < Token->PrivilegeCount; i++)
{
if (PreviousMode != 0)
if (PreviousMode != KernelMode)
{
if (!(Token->Privileges[i]->Attributes &
SE_PRIVILEGE_ENABLED))
if (Token->Privileges[i]->Attributes & SE_PRIVILEGE_ENABLED == 0)
{
if (a != 0)
{
@ -850,15 +855,14 @@ NTSTATUS SepAdjustPrivileges(PACCESS_TOKEN Token, // 0x8
&Token->Privileges[i],
sizeof(LUID_AND_ATTRIBUTES));
}
Token->Privileges[i].Attributes =
Token->Privileges[i].Attributes &
(~SE_PRIVILEGE_ENABLED);
Token->Privileges[i].Attributes &= (~SE_PRIVILEGE_ENABLED);
}
}
}
}
}
if (PreviousMode != 0)
if (PreviousMode != KernelMode)
{
Token->TokenFlags = Token->TokenFlags & (~1);
}
@ -866,7 +870,6 @@ NTSTATUS SepAdjustPrivileges(PACCESS_TOKEN Token, // 0x8
{
if (PrivilegeCount <= ?)
{
}
}
if (
@ -882,37 +885,69 @@ NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
OUT PTOKEN_PRIVILEGES PreviousState,
OUT PULONG ReturnLength)
{
#if 0
PLUID_AND_ATTRIBUTES Privileges;
KPROCESSOR_MODE PreviousMode;
ULONG PrivilegeCount;
PACCESS_TOKEN Token;
ULONG Length;
PSID_AND_ATTRIBUTES Privileges;
#if 0
ULONG a;
ULONG b;
ULONG c;
#endif
NTSTATUS Status;
DPRINT1("NtAdjustPrivilegesToken() called\n");
PrivilegeCount = NewState->PrivilegeCount;
PreviousMode = KeGetPreviousMode();
SeCaptureLuidAndAttributesArray(NewState->Privileges,
&PrivilegeCount,
KeGetPreviousMode(),
PrivilegeCount,
PreviousMode,
NULL,
0,
NonPagedPool,
1,
&Privileges.
&Privileges,
&Length);
Status = ObReferenceObjectByHandle(TokenHandle,
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
SepTokenObjectType,
PreviousMode,
(PVOID*)&Token,
NULL);
if (!NT_SUCCESS(Status))
{
DPRINT1("Failed to reference token (Status %lx)\n", Status);
SeReleaseLuidAndAttributesArray(Privileges,
PreviousMode,
0);
return(Status);
}
#if 0
SepAdjustPrivileges(Token,
0,
KeGetPreviousMode(),
PreviousMode,
PrivilegeCount,
Privileges,
PreviousState,
&a,
&b,
&c);
#else
UNIMPLEMENTED;
#endif
ObDereferenceObject(Token);
SeReleaseLuidAndAttributesArray(Privileges,
PreviousMode,
0);
DPRINT1("NtAdjustPrivilegesToken() done\n");
return STATUS_SUCCESS;
}
@ -955,11 +990,13 @@ SepCreateSystemProcessToken(struct _EPROCESS* Process)
return(Status);
}
AccessToken->AuthenticationId.QuadPart = SYSTEM_LUID;
AccessToken->AuthenticationId.LowPart = SYSTEM_LUID;
AccessToken->AuthenticationId.HighPart = 0;
AccessToken->TokenType = TokenPrimary;
AccessToken->ImpersonationLevel = SecurityDelegation;
AccessToken->TokenSource.SourceIdentifier.QuadPart = 0;
AccessToken->TokenSource.SourceIdentifier.LowPart = 0;
AccessToken->TokenSource.SourceIdentifier.HighPart = 0;
memcpy(AccessToken->TokenSource.SourceName, "SeMgr\0\0\0", 8);
AccessToken->ExpirationTime.QuadPart = -1;
AccessToken->UserAndGroupCount = 4;
@ -1106,6 +1143,7 @@ SepCreateSystemProcessToken(struct _EPROCESS* Process)
return(STATUS_SUCCESS);
}
NTSTATUS STDCALL
NtCreateToken(OUT PHANDLE UnsafeTokenHandle,
IN ACCESS_MASK DesiredAccess,