doxy/a00188_source.html

 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 // Project: uLib - User mode library.
 // Module: Security utility functions (Migrated from UtilFunc.cpp)
 // Author: Copyright (c) Love Nystrom
 // License: NNOSL (BSD descendant, see NNOSL.txt in the base directory).
 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 // Note: See also UmLsa.h/cpp for more advanced functions...

 #include <uLib/Common.h>
 #include <uLib/UtilFunc.h>
 #include <uLib/Debug.h>
 #include <uLib/StrFunc.h>

 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 //  Authorization functions
 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 bool InitializeSecDesc( PSECURITY_DESCRIPTOR pSecDesc, PACL AccsList )
 {
     if (!InitializeSecurityDescriptor( pSecDesc, SECURITY_DESCRIPTOR_REVISION ))
         return false;
     //PACL AccsList = NULL; // Null DACL grants full access to Everyone
     return bool_cast( SetSecurityDescriptorDacl( pSecDesc, TRUE, AccsList, FALSE ));
 }

 // EnableProcessPrivilege/s

 bool EnableProcessPrivilege( CSTR prvName, bool Enable )
 {
     HANDLE hToken;
     DWORD rc;
     bool ok = bool_cast(
         OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken )
         );
     if (ok)
     {
         LUID_AND_ATTRIBUTES prev;
         ok = EnablePrivilege( hToken, prvName, Enable, &prev );
         rc = GetLastError();
         CloseHandle( hToken );
         if (!ok) SetLastError( rc );
     }
     return ok;
 }

 bool EnableProcessPrivileges( bool Enable, CSTR szPriv, ... )
 {
     static const UINT MAX_PRIVS = 24; // 24 privileges defined in Windows 2000
     PTOKEN_PRIVILEGES newTp = AllocPrivileges( MAX_PRIVS, NULL );

     HANDLE  hToken, hProc = GetCurrentProcess();
     DWORD   rc, attr = Enable ? SE_PRIVILEGE_ENABLED : 0;
     LUID    luid;
     va_list va;

     bool ok = bool_cast( OpenProcessToken( hProc, TOKEN_ADJUST_PRIVILEGES, &hToken ));
     if (!ok) rc = GetLastError();
     else
     {
         va_start( va, szPriv );
         while( szPriv )
         {
             if (LookupPrivilegeValue( NULL, szPriv, &luid ))
             {
                 UINT ix = newTp->PrivilegeCount;
                 newTp->Privileges[ ix ].Luid = luid;
                 newTp->Privileges[ ix ].Attributes = attr;

                 if (++newTp->PrivilegeCount == MAX_PRIVS) break;
             }
             szPriv = va_arg( va, CSTR );
         }
         ok = bool_cast( AdjustTokenPrivileges( hToken, FALSE, newTp, 0, NULL, NULL ));
         if (!ok) rc = GetLastError();
         CloseHandle( hToken );
     }

     FreePrivileges( newTp );
     if (!ok) SetLastError( rc );
     return ok;
 }

 // Token privilege allocation helpers

 PTOKEN_PRIVILEGES AllocPrivileges( UINT Count, PDWORD pSize )
 {
     DWORD Size = sizeof(TOKEN_PRIVILEGES) + (Count-1)*sizeof(LUID_AND_ATTRIBUTES);
     PTOKEN_PRIVILEGES pPrv = (PTOKEN_PRIVILEGES) mem_Alloc( Size );
     if (pSize) *pSize = Size; // Return Size even if alloc failed to NULL.
     pPrv->PrivilegeCount = Count;
     return pPrv;
 }

 PTOKEN_PRIVILEGES FreePrivileges( PTOKEN_PRIVILEGES pPrv )
 {
     return (PTOKEN_PRIVILEGES) mem_Free( pPrv );
 }

 #if 0 // EnablePrivilege: Obsoleted version..
 //bool EnablePrivilege( HANDLE hToken, CSTR prvName, bool Enable, PTOKEN_PRIVILEGES* ppPrev )
 //{
 //    TOKEN_PRIVILEGES newTp, *oldTp = NULL;
 //    DWORD cbPrev = 0, cbRcv = 0, rc;
 //    bool ok = false;
 //
 //    if (LookupPrivilegeValue( NULL, prvName, &newTp.Privileges[0].Luid ))
 //    {
 //        newTp.PrivilegeCount = 1;
 //        newTp.Privileges[0].Attributes = Enable ? SE_PRIVILEGE_ENABLED : 0;
 //
 //        if (ppPrev)
 //        {
 //            oldTp = AllocPrivileges( 1, &cbPrev );
 //            *ppPrev = oldTp; // NULL or newly allocated.
 //        }
 //        ok = bool_cast( AdjustTokenPrivileges( hToken, FALSE, &newTp, cbPrev, oldTp, &cbRcv ));
 //        rc = GetLastError();
 //        if (!ok)
 //        {
 //            TRACE( DP_DEBUG, _F("AdjustTokenPrivileges: %s\n"), SysErrorMsg( rc ));
 //            if (ppPrev) *ppPrev = FreePrivileges( *ppPrev );
 //            SetLastError( rc );
 //        }
 //    }
 //    return ok;
 //}
 #endif

 // EnablePrivilege - hToken must be opened with the following permissions:
 //
 //   TOKEN_ADJUST_PRIVILEGES (to adjust the privilege)
 //   TOKEN_QUERY             (to get the old privilege setting)
 //
 // This version uses preallocated TOKEN_PRIVILEGES array for old state..
 // E.g: TOKEN_PRIVILEGES tp = { 1, { 0,0 }};
 //      bool prvOk = EnablePrivilege( hToken, SE_LOCK_MEMORY_NAME, true, &tp.Privileges[0] );

 bool EnablePrivilege( HANDLE hToken, CSTR Privilege, bool Enable, PLUID_AND_ATTRIBUTES pSave )
 {
     TOKEN_PRIVILEGES newTp, oldTp;
     DWORD cbRcv = 0;

     BOOL ok = LookupPrivilegeValue( NULL, Privilege, &newTp.Privileges[0].Luid );
     if ( ok )
     {
         newTp.Privileges[0].Attributes = Enable ? SE_PRIVILEGE_ENABLED : 0;
         newTp.PrivilegeCount = 1;

         ok = AdjustTokenPrivileges( hToken, FALSE, &newTp, sizeof(oldTp), &oldTp, &cbRcv );
         TRACE_IF( !ok, DP_ERROR, _F("AdjustTokenPrivileges: %s\n"), SysErrorMsg() );
         if (ok && pSave)
         {
             *pSave = oldTp.Privileges[ 0 ];
         }
     }
     return bool_cast( ok );
 }

 // RestorePrivilege
 // Restore privileges from prevoius EnablePrivilege call.

 bool RestorePrivilege( HANDLE hToken, PTOKEN_PRIVILEGES pSaved )
 {
     _ASSERTE( !IsBadReadWritePtr( pSaved, sizeof(TOKEN_PRIVILEGES) ));
     _ASSERTE( pSaved->PrivilegeCount == 1 );

     BOOL ok = AdjustTokenPrivileges( hToken, FALSE, pSaved, 0, NULL, NULL );
     TRACE_IF( !ok, DP_ERROR, _F("AdjustTokenPrivileges: %s\n"), SysErrorMsg() );
     return bool_cast( ok );
 }

 // Enable multiple privileges.

 bool EnablePrivileges( HANDLE hToken, bool Enable, PTOKEN_PRIVILEGES* ppSave, ... )
 {
     static const UINT MAX_PRIVS = 24; // 24 privileges defined in Windows 2000
     PTOKEN_PRIVILEGES newTp = AllocPrivileges( MAX_PRIVS, NULL );
     PTOKEN_PRIVILEGES saveTp = NULL;

     DWORD   Attr, rc, cbRtn, cbSave = 0;
     LUID    Luid;
     CSTR    pzPrvName;
     va_list va;

     va_start( va, ppSave );
     Attr = Enable ? SE_PRIVILEGE_ENABLED : 0;

     while( (pzPrvName = va_arg( va, CSTR )) != NULL )
     {
         if (LookupPrivilegeValue( NULL, pzPrvName, &Luid ))
         {
             UINT ix = newTp->PrivilegeCount;
             newTp->Privileges[ ix ].Luid = Luid;
             newTp->Privileges[ ix ].Attributes = Attr;

             if (++newTp->PrivilegeCount == MAX_PRIVS) break;
         }
     }
     if (ppSave)
     {
         saveTp = AllocPrivileges( newTp->PrivilegeCount, &cbSave );
         *ppSave = saveTp;
     }

     bool ok = bool_cast(
         AdjustTokenPrivileges( hToken, FALSE, newTp, cbSave, saveTp, &cbRtn )
         );
     rc = GetLastError();

     if (!ok && saveTp)
     {
         *ppSave = FreePrivileges( *ppSave );
     }
     FreePrivileges( newTp );
     if (!ok) SetLastError( rc );
     return ok;
 }

 bool RestorePrivileges( HANDLE hTok, PTOKEN_PRIVILEGES pSaved, bool Dispose )
 {
     bool ok = bool_cast( AdjustTokenPrivileges( hTok, FALSE, pSaved, 0, NULL, NULL ));
     DWORD rc = ok ? 0 : GetLastError(); //DPrint( DP_ERROR,_T("[RestorePrivilege] AdjustTokenPrivileges failed: %s\n"),  SysErrorMsg() );
     if (Dispose) FreePrivileges( pSaved );
     if (!ok) SetLastError( rc );
     return ok;
 }

 //==---------------------------------------------------------------------------
 // Under consideration: Always obtain a thread (impersonation) token.
 //==---------------------------------------------------------------------------

 struct TOKENEX_ITEM // (HTOKENEX) Internal data for OpenThreadTokenEx
 {
     HANDLE  hToken;    // Thread token handle.
     bool    imperSelf; // Did we ImpersonateSelf() to get the token ?
 };

 HANDLE GetThreadExToken( HTOKENEX hToken )
 {
     TOKENEX_ITEM* ptxi = (TOKENEX_ITEM*) hToken;
     return ptxi->hToken;
 }

 #if _DEBUG
 static void _getTokenInt( HANDLE hTok, TOKEN_INFORMATION_CLASS Cls, PVOID Info, UINT Def )
 {
     DWORD cbRtn = 0; // If this is greater than TokenInformationLength, the function fails!
     if (!GetTokenInformation( hTok, Cls, Info, sizeof(UINT), &cbRtn )) *(PUINT)Info = Def;
 }
    #endif

 HTOKENEX OpenThreadTokenEx( HANDLE hThread, ACCESS_MASK tokenAccess )
 {
     TOKENEX_ITEM* pti = (TOKENEX_ITEM*) mem_Alloc( sizeof(TOKENEX_ITEM) );

     tokenAccess |= TOKEN_IMPERSONATE;
     bool openAsSelf = true; // Access check against the process security context.

     BOOL ok = OpenThreadToken( hThread, tokenAccess, openAsSelf, &pti->hToken );
     DWORD error = ok ? NO_ERROR : GetLastError();
     if (error == ERROR_NO_TOKEN || error == ERROR_CANT_OPEN_ANONYMOUS)
     {
         // This adds an impersonation token to the PEB, or changes impersonation level.

         pti->imperSelf = bool_cast( ImpersonateSelf( SecurityImpersonation ));
         if (pti->imperSelf) ok = OpenThreadToken( hThread, tokenAccess, openAsSelf, &pti->hToken );
         error = ok ? NO_ERROR : GetLastError();
     }
     TRACE_IF( !pti->hToken, DP_ERROR, _F("OpenThreadToken: %s\n"), SysErrorMsg() );
    #if _DEBUG
     if (pti->hToken)
     {
         TOKEN_TYPE typ; SECURITY_IMPERSONATION_LEVEL sil;
         _getTokenInt( pti->hToken, TokenType, &typ, 0 );
         _getTokenInt( pti->hToken, TokenImpersonationLevel, &sil, 4 );
         _ASSERTE( typ == TokenImpersonation && sil == SecurityImpersonation );
     }
    #endif

     if ( !ok )
     {
         pti = (TOKENEX_ITEM*) mem_Free( pti );
         SetLastError( error );
     }
     return (HTOKENEX) pti;
 }

 HTOKENEX CloseThreadTokenEx( HTOKENEX hToken )
 {
     TOKENEX_ITEM* pti = (TOKENEX_ITEM*) hToken;
     bool ok = true;
     if ( pti )
     {
         if (pti->imperSelf)
         {
             // RevertToSelf disposes the PEB impersonation token.
             if (!RevertToSelf()) ok = false;
         }
         CloseHandleEx( pti->hToken );
         pti = (TOKENEX_ITEM*) mem_Free( pti );
     }
     return HTOKENEX( ok ? pti : INVALID_HANDLE_VALUE );
 }

 // EOF
CloseHandleEx
HANDLE CloseHandleEx(HANDLE H)
Definition: KernelUtil.cpp:80

DWORD
unsigned long DWORD
Definition: Common.h:414

EnableProcessPrivileges
bool EnableProcessPrivileges(bool Enable, CSTR szPriv,...)
Definition: SecUtil.cpp:46

FreePrivileges
PTOKEN_PRIVILEGES FreePrivileges(PTOKEN_PRIVILEGES pPrv)
Definition: SecUtil.cpp:94

CloseThreadTokenEx
HTOKENEX CloseThreadTokenEx(HTOKENEX hToken)
Definition: SecUtil.cpp:288

StrFunc.h

CSTR
#define CSTR
Definition: Common.h:329

IsBadReadWritePtr
bool IsBadReadWritePtr(const PVOID address, UINT_PTR size)
Definition: KernelUtil.cpp:179

AllocPrivileges
PTOKEN_PRIVILEGES AllocPrivileges(UINT Count, PDWORD pSize)
Definition: SecUtil.cpp:85

mem_Alloc
void * mem_Alloc(size_t Bytes)
Definition: MemFunc.cpp:33

GetThreadExToken
HANDLE GetThreadExToken(HTOKENEX hToken)
Definition: SecUtil.cpp:238

InitializeSecDesc
bool InitializeSecDesc(PSECURITY_DESCRIPTOR pSecDesc, PACL AccsList)
Definition: SecUtil.cpp:18

EnableProcessPrivilege
bool EnableProcessPrivilege(CSTR prvName, bool Enable)
Definition: SecUtil.cpp:28

OpenThreadTokenEx
HTOKENEX OpenThreadTokenEx(HANDLE hThread, ACCESS_MASK tokenAccess)
Definition: SecUtil.cpp:252

EnablePrivilege
bool EnablePrivilege(HANDLE hToken, CSTR Privilege, bool Enable, PLUID_AND_ATTRIBUTES pSave)
Definition: SecUtil.cpp:138

TOKENEX_ITEM::imperSelf
bool imperSelf
Definition: SecUtil.cpp:235

TRACE_IF
#define TRACE_IF(cond,...)
Definition: Debug.h:227

BOOL
BOOL(WINAPI *SysImgList::Shell_GetImageLists)(HIMAGELIST *pimlLarge

mem_Free
void * mem_Free(void *pBlk)
Definition: MemFunc.cpp:124

UtilFunc.h

SysErrorMsg
CSTR SysErrorMsg(DWORD Err=0, TSTR Buf=NULL, UINT Length=0)
Definition: Debug.cpp:39

RestorePrivilege
bool RestorePrivilege(HANDLE hToken, PTOKEN_PRIVILEGES pSaved)
See EnablePrivilege(()
Definition: SecUtil.cpp:162

bool_cast
bool __forceinline bool_cast(BOOL B52)
Definition: Common.h:767

DP_ERROR
#define DP_ERROR
Definition: Debug.h:82

Debug.h
Debug and error handling support.

HTOKENEX
HANDLE HTOKENEX
Definition: UtilFunc.h:440

Common.h
Common include; Added types, small "ubiquitous" utilities, et c.

TOKENEX_ITEM
Definition: SecUtil.cpp:232

_F
#define _F(s)
Definition: Debug.h:49

RestorePrivileges
bool RestorePrivileges(HANDLE hTok, PTOKEN_PRIVILEGES pSaved, bool Dispose)
Definition: SecUtil.cpp:219

TOKENEX_ITEM::hToken
HANDLE hToken
Definition: SecUtil.cpp:234

EnablePrivileges
bool EnablePrivileges(HANDLE hToken, bool Enable, PTOKEN_PRIVILEGES *ppSave,...)
Definition: SecUtil.cpp:174

PDWORD
unsigned long * PDWORD
Definition: Common.h:414