uLib  User mode C/C++ extended API library for Win32 programmers.
Typedefs | Functions
Authorization Support
Utility Functions

Module Description

Authorization related functions (SecUtil.cpp)
See also UserMode LSA Support

Typedefs

typedef HANDLE HTOKENEX
 

Functions

bool InitializeSecDesc (PSECURITY_DESCRIPTOR pSecDesc, PACL AccsList=NULL)
 
bool EnableProcessPrivilege (CSTR prvName, bool Enable=true)
 
bool EnableProcessPrivileges (bool Enable, CSTR prvName1,...)
 
PTOKEN_PRIVILEGES AllocPrivileges (UINT Count, OPTOUT PDWORD pSize=NULL)
 
PTOKEN_PRIVILEGES FreePrivileges (PTOKEN_PRIVILEGES pPrv)
 
bool EnablePrivilege (HANDLE hToken, CSTR Privilege, bool Enable, OPTOUT PLUID_AND_ATTRIBUTES pSave)
 
bool RestorePrivilege (HANDLE hToken, PTOKEN_PRIVILEGES pSaved)
 See EnablePrivilege(() More...
 
bool EnablePrivileges (IN HANDLE hToken, IN bool Enable, OPTOUT PTOKEN_PRIVILEGES *ppSave,...)
 
bool RestorePrivileges (HANDLE hToken, PTOKEN_PRIVILEGES pSaved, bool Dispose)
 
HTOKENEX OpenThreadTokenEx (HANDLE hThread, ACCESS_MASK tokenAccess)
 
HTOKENEX CloseThreadTokenEx (HTOKENEX hToken)
 
HANDLE GetThreadExToken (HTOKENEX hTok)
 

Typedef Documentation

◆ HTOKENEX

typedef HANDLE HTOKENEX

Definition at line 440 of file UtilFunc.h.

Function Documentation

◆ InitializeSecDesc()

bool InitializeSecDesc ( PSECURITY_DESCRIPTOR  pSecDesc,
PACL  AccsList = NULL 
)

Initialize a security descriptor with the given access control list.
Note: AccsList = NULL grants full access to Everyone.

Definition at line 18 of file SecUtil.cpp.

◆ EnableProcessPrivilege()

bool EnableProcessPrivilege ( CSTR  prvName,
bool  Enable = true 
)

Enable or disable a single privilege for the current process.

Intended for situations where you don't need to restore the original state.
For precice control you may use EnablePrivilege() or EnablePrivileges() instead.
Example:\n

ok = EnableProcessPrivilege( SE_DEBUG_NAME, true );
ok = EnableProcessPrivileges( true, SE_BACKUP_NAME, SE_RESTORE_NAME, NULL );

See also EnableProcessPrivileges().

Definition at line 28 of file SecUtil.cpp.

◆ EnableProcessPrivileges()

bool EnableProcessPrivileges ( bool  Enable,
CSTR  prvName1,
  ... 
)

Enable or disable multiple privileges for the current process.
Note: The last privilege name must be NULL.
See also EnableProcessPrivilege().

Definition at line 46 of file SecUtil.cpp.

◆ AllocPrivileges()

PTOKEN_PRIVILEGES AllocPrivileges ( UINT  Count,
OPTOUT PDWORD  pSize = NULL 
)

Allocate a token privileges struct with Count LUID_AND_ATTRIBUTES.
The optional pSize, if supplied, returns the size of the block in BYTEs.
Deallocate with FreePrivileges() or mem_Free().

◆ FreePrivileges()

PTOKEN_PRIVILEGES FreePrivileges ( PTOKEN_PRIVILEGES  pPrv)

See AllocPrivileges(). Return NULL on success.

Definition at line 94 of file SecUtil.cpp.

◆ EnablePrivilege()

bool EnablePrivilege ( HANDLE  hToken,
CSTR  Privilege,
bool  Enable,
OPTOUT PLUID_AND_ATTRIBUTES  pSave 
)

EnablePrivilege tries to enable or disable a single privilege in hToken.

Parameters
hTokenThe token must be opened with at least the following permissions:
  • TOKEN_ADJUST_PRIVILEGES - To adjust the privilege.
  • TOKEN_QUERY (option) - To get the old privilege setting when using pSave.
[in]prvNamePrivilege name, e.g SE_DEBUG_NAME.
[in]EnableWhether to enable or disable the privilege.
[out]pSave[opt] Recieves the previous privilege state.
Typical target is TOKEN_PRIVILEGES.Privileges[x].

Remember to call RestorePrivilege() after you're done
Note: EnablePrivilege cannot add new privileges to the access token.
See also SetAccountPrivilege(), [MSDN] AdjustTokenPrivileges().

◆ RestorePrivilege()

bool RestorePrivilege ( HANDLE  hToken,
PTOKEN_PRIVILEGES  pSaved 
)

See EnablePrivilege(()

Definition at line 162 of file SecUtil.cpp.

◆ EnablePrivileges()

bool EnablePrivileges ( IN HANDLE  hToken,
IN bool  Enable,
OPTOUT PTOKEN_PRIVILEGES *  ppSave,
  ... 
)

EnablePrivileges enables or disables multiple privileges in hToken.

Parameters
[in]hTokenThe token must be opened with at least the following permissions:
  • TOKEN_ADJUST_PRIVILEGES - To adjust the privilege.
  • TOKEN_QUERY (option) - To get the old privilege setting when using ppPrev.
[in]EnableWhether to enable or disable the privilege.
[out]ppSave[optional] Recieves a pointer to the previous settings.
If retrieved, it must be freed by FreePrivileges() or RestorePrivileges().
ppSave can be NULL if the previous privilege state is not needed.
[in]...The var-args must be privilege names for LookupPrivilegeValue,
and the last argument must be NULL to terminate the var-arg list.

Note: EnablePrivileges can not add new privileges to the access token.
See also SetAccountPrivilege().

◆ RestorePrivileges()

bool RestorePrivileges ( HANDLE  hToken,
PTOKEN_PRIVILEGES  pSaved,
bool  Dispose 
)

Restore privileges saved by EnablePrivilege() or EnablePrivileges().
If Dispose is true, FreePrivileges() will be called for pSaved, otherwise you must call it yourself when done.

Definition at line 219 of file SecUtil.cpp.

◆ OpenThreadTokenEx()

HTOKENEX OpenThreadTokenEx ( HANDLE  hThread,
ACCESS_MASK  tokenAccess 
)

Always obtain a thread token.
This can be used to f.ex change privileges for a single thread.
The token has the SecurityImpersonation level.
Close it with CloseThreadTokenEx().

Definition at line 252 of file SecUtil.cpp.

◆ CloseThreadTokenEx()

HTOKENEX CloseThreadTokenEx ( HTOKENEX  hToken)

The function closes the handle, reverts, and returns NULL on success.
Note: If RevertToSelf() fails, CloseThreadTokenEx returns INVALID_HANDLE_VALUE.
(MSDN) In that case, the program continues in the context of the impersonated
client, which may be inappropriate, so You should terminate the process.
See OpenThreadTokenEx()

Definition at line 288 of file SecUtil.cpp.

◆ GetThreadExToken()

HANDLE GetThreadExToken ( HTOKENEX  hTok)

Get the token HANDLE from an HTOKENEX.
See OpenThreadTokenEx()

Definition at line 238 of file SecUtil.cpp.