20 if (!InitializeSecurityDescriptor( pSecDesc, SECURITY_DESCRIPTOR_REVISION ))
23 return bool_cast( SetSecurityDescriptorDacl( pSecDesc, TRUE, AccsList, FALSE ));
33 OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken )
37 LUID_AND_ATTRIBUTES prev;
40 CloseHandle( hToken );
41 if (!ok) SetLastError( rc );
48 static const UINT MAX_PRIVS = 24;
51 HANDLE hToken, hProc = GetCurrentProcess();
52 DWORD rc, attr = Enable ? SE_PRIVILEGE_ENABLED : 0;
56 bool ok =
bool_cast( OpenProcessToken( hProc, TOKEN_ADJUST_PRIVILEGES, &hToken ));
57 if (!ok) rc = GetLastError();
60 va_start( va, szPriv );
63 if (LookupPrivilegeValue( NULL, szPriv, &luid ))
65 UINT ix = newTp->PrivilegeCount;
66 newTp->Privileges[ ix ].Luid = luid;
67 newTp->Privileges[ ix ].Attributes = attr;
69 if (++newTp->PrivilegeCount == MAX_PRIVS)
break;
71 szPriv = va_arg( va,
CSTR );
73 ok =
bool_cast( AdjustTokenPrivileges( hToken, FALSE, newTp, 0, NULL, NULL ));
74 if (!ok) rc = GetLastError();
75 CloseHandle( hToken );
79 if (!ok) SetLastError( rc );
87 DWORD Size =
sizeof(TOKEN_PRIVILEGES) + (Count-1)*
sizeof(LUID_AND_ATTRIBUTES);
88 PTOKEN_PRIVILEGES pPrv = (PTOKEN_PRIVILEGES)
mem_Alloc( Size );
89 if (pSize) *pSize = Size;
90 pPrv->PrivilegeCount = Count;
96 return (PTOKEN_PRIVILEGES)
mem_Free( pPrv );
99 #if 0 // EnablePrivilege: Obsoleted version.. 140 TOKEN_PRIVILEGES newTp, oldTp;
143 BOOL ok = LookupPrivilegeValue( NULL, Privilege, &newTp.Privileges[0].Luid );
146 newTp.Privileges[0].Attributes = Enable ? SE_PRIVILEGE_ENABLED : 0;
147 newTp.PrivilegeCount = 1;
149 ok = AdjustTokenPrivileges( hToken, FALSE, &newTp,
sizeof(oldTp), &oldTp, &cbRcv );
153 *pSave = oldTp.Privileges[ 0 ];
165 _ASSERTE( pSaved->PrivilegeCount == 1 );
167 BOOL ok = AdjustTokenPrivileges( hToken, FALSE, pSaved, 0, NULL, NULL );
176 static const UINT MAX_PRIVS = 24;
178 PTOKEN_PRIVILEGES saveTp = NULL;
180 DWORD Attr, rc, cbRtn, cbSave = 0;
185 va_start( va, ppSave );
186 Attr = Enable ? SE_PRIVILEGE_ENABLED : 0;
188 while( (pzPrvName = va_arg( va,
CSTR )) != NULL )
190 if (LookupPrivilegeValue( NULL, pzPrvName, &Luid ))
192 UINT ix = newTp->PrivilegeCount;
193 newTp->Privileges[ ix ].Luid = Luid;
194 newTp->Privileges[ ix ].Attributes = Attr;
196 if (++newTp->PrivilegeCount == MAX_PRIVS)
break;
206 AdjustTokenPrivileges( hToken, FALSE, newTp, cbSave, saveTp, &cbRtn )
215 if (!ok) SetLastError( rc );
221 bool ok =
bool_cast( AdjustTokenPrivileges( hTok, FALSE, pSaved, 0, NULL, NULL ));
222 DWORD rc = ok ? 0 : GetLastError();
224 if (!ok) SetLastError( rc );
245 static void _getTokenInt( HANDLE hTok, TOKEN_INFORMATION_CLASS Cls, PVOID Info, UINT Def )
248 if (!GetTokenInformation( hTok, Cls, Info,
sizeof(UINT), &cbRtn )) *(PUINT)Info = Def;
256 tokenAccess |= TOKEN_IMPERSONATE;
257 bool openAsSelf =
true;
259 BOOL ok = OpenThreadToken( hThread, tokenAccess, openAsSelf, &pti->
hToken );
260 DWORD error = ok ? NO_ERROR : GetLastError();
261 if (error == ERROR_NO_TOKEN || error == ERROR_CANT_OPEN_ANONYMOUS)
266 if (pti->
imperSelf) ok = OpenThreadToken( hThread, tokenAccess, openAsSelf, &pti->
hToken );
267 error = ok ? NO_ERROR : GetLastError();
273 TOKEN_TYPE typ; SECURITY_IMPERSONATION_LEVEL sil;
274 _getTokenInt( pti->
hToken, TokenType, &typ, 0 );
275 _getTokenInt( pti->
hToken, TokenImpersonationLevel, &sil, 4 );
276 _ASSERTE( typ == TokenImpersonation && sil == SecurityImpersonation );
283 SetLastError( error );
297 if (!RevertToSelf()) ok =
false;
302 return HTOKENEX( ok ? pti : INVALID_HANDLE_VALUE );
HANDLE CloseHandleEx(HANDLE H)
bool EnableProcessPrivileges(bool Enable, CSTR szPriv,...)
PTOKEN_PRIVILEGES FreePrivileges(PTOKEN_PRIVILEGES pPrv)
HTOKENEX CloseThreadTokenEx(HTOKENEX hToken)
bool IsBadReadWritePtr(const PVOID address, UINT_PTR size)
PTOKEN_PRIVILEGES AllocPrivileges(UINT Count, PDWORD pSize)
void * mem_Alloc(size_t Bytes)
HANDLE GetThreadExToken(HTOKENEX hToken)
bool InitializeSecDesc(PSECURITY_DESCRIPTOR pSecDesc, PACL AccsList)
bool EnableProcessPrivilege(CSTR prvName, bool Enable)
HTOKENEX OpenThreadTokenEx(HANDLE hThread, ACCESS_MASK tokenAccess)
bool EnablePrivilege(HANDLE hToken, CSTR Privilege, bool Enable, PLUID_AND_ATTRIBUTES pSave)
#define TRACE_IF(cond,...)
BOOL(WINAPI *SysImgList::Shell_GetImageLists)(HIMAGELIST *pimlLarge
void * mem_Free(void *pBlk)
CSTR SysErrorMsg(DWORD Err=0, TSTR Buf=NULL, UINT Length=0)
bool RestorePrivilege(HANDLE hToken, PTOKEN_PRIVILEGES pSaved)
See EnablePrivilege(()
bool __forceinline bool_cast(BOOL B52)
Debug and error handling support.
Common include; Added types, small "ubiquitous" utilities, et c.
bool RestorePrivileges(HANDLE hTok, PTOKEN_PRIVILEGES pSaved, bool Dispose)
bool EnablePrivileges(HANDLE hToken, bool Enable, PTOKEN_PRIVILEGES *ppSave,...)