diff options
| author | midipix <writeonce@midipix.org> | 2018-03-27 01:53:14 +0000 |
|---|---|---|
| committer | midipix <writeonce@midipix.org> | 2018-03-29 21:56:28 -0400 |
| commit | 0a84879cdc3be1bbe3e09dd9fd883a4832e9443e (patch) | |
| tree | 890b50007ab3c483666d922c6edad95d17c619b5 | |
| parent | 227c1560530dc822180e71690795d4a97d2d7310 (diff) | |
| download | ntapi-0a84879cdc3be1bbe3e09dd9fd883a4832e9443e.tar.bz2 ntapi-0a84879cdc3be1bbe3e09dd9fd883a4832e9443e.tar.xz | |
internals: when running as a local/domain user, cache the domain's admin sid.
| -rw-r--r-- | src/acl/ntapi_acl_helper.c | 2 | ||||
| -rw-r--r-- | src/internal/ntapi.c | 24 | ||||
| -rw-r--r-- | src/internal/ntapi_impl.h | 5 | ||||
| -rw-r--r-- | src/object/ntapi_tt_keyed_object_directory.c | 2 |
4 files changed, 26 insertions, 7 deletions
diff --git a/src/acl/ntapi_acl_helper.c b/src/acl/ntapi_acl_helper.c index 72444fe..c495dc5 100644 --- a/src/acl/ntapi_acl_helper.c +++ b/src/acl/ntapi_acl_helper.c @@ -65,7 +65,7 @@ void __stdcall __ntapi_acl_init_common_descriptor( sd->sd.offset_sacl = 0; /* owner, group, other: default sid's */ - owner = owner ? owner : __ntapi_internals()->sid; + owner = owner ? owner : __ntapi_internals()->user; group = group ? group : owner; other = other ? other : &sid_auth_users; diff --git a/src/internal/ntapi.c b/src/internal/ntapi.c index f0b4431..aaf1b33 100644 --- a/src/internal/ntapi.c +++ b/src/internal/ntapi.c @@ -94,6 +94,8 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl) void * hntdll; size_t block_size; size_t buf[64]; + unsigned char * value; + uint16_t sacnt; nt_oa oa; nt_cid cid; ntapi_zw_allocate_virtual_memory * pfn_zw_allocate_virtual_memory; @@ -482,7 +484,7 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl) internals->htoken, NT_SE_CREATE_SYMBOLIC_LINK_PRIVILEGE); - /* sid */ + /* user */ if ((status = __ntapi->zw_query_information_token( internals->htoken, NT_TOKEN_USER, @@ -490,12 +492,28 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl) &block_size))) return status; - internals->sid = (nt_sid *)&internals->sid_buffer; + internals->user = (nt_sid *)&internals->sid_buffer[0]; + internals->admin = (nt_sid *)&internals->sid_buffer[1]; __ntapi->tt_sid_copy( - internals->sid, + internals->user, ((nt_sid_and_attributes *)buf)->sid); + /* admin */ + value = internals->user->identifier_authority.value; + sacnt = internals->user->sub_authority_count; + + if ((value[0] == 0) && (value[1] == 0) + && (value[2] == 0) && (value[3] == 0) + && (value[4] == 0) && (value[5] == 5) + && internals->user->sub_authority[0] == 21) { + __ntapi->tt_sid_copy( + internals->admin, + internals->user); + + internals->admin->sub_authority[sacnt - 1] = 500; + } + /* done */ *pvtbl = &___ntapi_shadow; at_locked_inc(&__ntapi_init_idx); diff --git a/src/internal/ntapi_impl.h b/src/internal/ntapi_impl.h index 6021a48..d020386 100644 --- a/src/internal/ntapi_impl.h +++ b/src/internal/ntapi_impl.h @@ -82,8 +82,9 @@ typedef struct __attr_ptr_size_aligned__ _ntapi_internals { nt_port_name * subsystem; nt_security_descriptor seq_desc; nt_security_quality_of_service seq_qos; - nt_sid_any sid_buffer; - nt_sid * sid; + nt_sid_any sid_buffer[2]; + nt_sid * user; + nt_sid * admin; void * hprocess; void * htoken; void * hport_tty_session; diff --git a/src/object/ntapi_tt_keyed_object_directory.c b/src/object/ntapi_tt_keyed_object_directory.c index c34d8ec..b79f3b6 100644 --- a/src/object/ntapi_tt_keyed_object_directory.c +++ b/src/object/ntapi_tt_keyed_object_directory.c @@ -74,7 +74,7 @@ static void __ipc_sd_init(nt_sd_common_buffer * sd, int fdir) /* owner sid */ __ntapi->tt_sid_copy( (nt_sid *)&sd->owner, - __ntapi_internals()->sid); + __ntapi_internals()->user); /* ace's for LOCAL_SYSTEM, AUTHENTICATED_USERS, and process token user */ |