summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authormidipix <writeonce@midipix.org>2016-06-24 02:22:21 -0400
committermidipix <writeonce@midipix.org>2016-06-24 03:32:46 -0400
commit5f1999c6f77e9abb827d61e4e89fa42841caaa9a (patch)
treebaa85523a11f4c0a5b9f049910e931144e49b9f0
parenta3e9aaed1633e5ca5426758719486e001931eddd (diff)
downloadntapi-5f1999c6f77e9abb827d61e4e89fa42841caaa9a.tar.bz2
ntapi-5f1999c6f77e9abb827d61e4e89fa42841caaa9a.tar.xz
process tokens: added __ntapi_tt_[enable/disable]_token_privilege().
-rw-r--r--include/ntapi/nt_token.h11
-rw-r--r--include/ntapi/ntapi.h4
-rw-r--r--project/common.mk1
-rw-r--r--project/tree.mk1
-rw-r--r--src/internal/ntapi.c4
-rw-r--r--src/internal/ntapi_fnapi.h4
-rw-r--r--src/token/ntapi_tt_token_privilege.c65
7 files changed, 90 insertions, 0 deletions
diff --git a/include/ntapi/nt_token.h b/include/ntapi/nt_token.h
index a0c7c2e..dfb221e 100644
--- a/include/ntapi/nt_token.h
+++ b/include/ntapi/nt_token.h
@@ -201,4 +201,15 @@ typedef int32_t __stdcall ntapi_zw_set_information_token(
__in void * token_info,
__in size_t token_info_length);
+
+/* extension functions */
+typedef int32_t __stdcall ntapi_tt_enable_token_privilege(
+ __in void * htoken,
+ __in uint32_t privilege);
+
+
+typedef int32_t __stdcall ntapi_tt_disable_token_privilege(
+ __in void * htoken,
+ __in uint32_t privilege);
+
#endif
diff --git a/include/ntapi/ntapi.h b/include/ntapi/ntapi.h
index 054d66a..714abf0 100644
--- a/include/ntapi/ntapi.h
+++ b/include/ntapi/ntapi.h
@@ -447,6 +447,10 @@ typedef struct _ntapi_vtbl {
ntapi_tt_exec_map_image_as_data * tt_exec_map_image_as_data;
ntapi_tt_exec_unmap_image * tt_exec_unmap_image;
+ /* nt_token.h */
+ ntapi_tt_enable_token_privilege * tt_enable_token_privilege;
+ ntapi_tt_disable_token_privilege * tt_disable_token_privilege;
+
/* nt_section.h */
ntapi_tt_get_section_name * tt_get_section_name;
diff --git a/project/common.mk b/project/common.mk
index 1f5d599..45951fa 100644
--- a/project/common.mk
+++ b/project/common.mk
@@ -83,6 +83,7 @@ COMMON_SRCS = \
src/system/ntapi_tt_get_system_directory.c \
src/system/ntapi_tt_get_system_info_snapshot.c \
src/thread/ntapi_tt_create_thread.c \
+ src/token/ntapi_tt_token_privilege.c \
src/tty/ntapi_tty_client_process_register.c \
src/tty/ntapi_tty_client_session_query.c \
src/tty/ntapi_tty_client_session_set.c \
diff --git a/project/tree.mk b/project/tree.mk
index fd5144a..ce03c8d 100644
--- a/project/tree.mk
+++ b/project/tree.mk
@@ -19,6 +19,7 @@ tree.tag:
mkdir -p src/sync
mkdir -p src/system
mkdir -p src/thread
+ mkdir -p src/token
mkdir -p src/tty
mkdir -p src/unicode
mkdir -p src/vfd
diff --git a/src/internal/ntapi.c b/src/internal/ntapi.c
index 0749a97..e67bcf1 100644
--- a/src/internal/ntapi.c
+++ b/src/internal/ntapi.c
@@ -214,6 +214,10 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl)
__ntapi->tt_exec_map_image_as_data = __ntapi_tt_exec_map_image_as_data;
__ntapi->tt_exec_unmap_image = __ntapi_tt_exec_unmap_image;
+ /* nt_token.h */
+ __ntapi->tt_enable_token_privilege = __ntapi_tt_enable_token_privilege;
+ __ntapi->tt_disable_token_privilege = __ntapi_tt_disable_token_privilege;
+
/* nt_section.h */
__ntapi->tt_get_section_name = __ntapi_tt_get_section_name;
diff --git a/src/internal/ntapi_fnapi.h b/src/internal/ntapi_fnapi.h
index 396fb59..a7436c5 100644
--- a/src/internal/ntapi_fnapi.h
+++ b/src/internal/ntapi_fnapi.h
@@ -102,6 +102,10 @@ ntapi_tt_update_runtime_data __ntapi_tt_update_runtime_data;
ntapi_tt_exec_map_image_as_data __ntapi_tt_exec_map_image_as_data;
ntapi_tt_exec_unmap_image __ntapi_tt_exec_unmap_image;
+/* nt_token.h */
+ntapi_tt_enable_token_privilege __ntapi_tt_enable_token_privilege;
+ntapi_tt_disable_token_privilege __ntapi_tt_disable_token_privilege;
+
/* nt_section.h */
ntapi_tt_get_section_name __ntapi_tt_get_section_name;
diff --git a/src/token/ntapi_tt_token_privilege.c b/src/token/ntapi_tt_token_privilege.c
new file mode 100644
index 0000000..e86b31b
--- /dev/null
+++ b/src/token/ntapi_tt_token_privilege.c
@@ -0,0 +1,65 @@
+/********************************************************/
+/* ntapi: Native API core library */
+/* Copyright (C) 2013--2016 Z. Gilboa */
+/* Released under GPLv2 and GPLv3; see COPYING.NTAPI. */
+/********************************************************/
+
+#include <psxtypes/psxtypes.h>
+#include <ntapi/nt_object.h>
+#include <ntapi/nt_token.h>
+#include <ntapi/ntapi.h>
+#include "ntapi_impl.h"
+
+
+static int32_t __stdcall __set_token_privilege(
+ __in void * htoken,
+ __in uint32_t privilege,
+ __in int attribute)
+{
+ uintptr_t buffer[64];
+ nt_token_privileges * tokprivs;
+
+ /* reasonable scope */
+ if (privilege > 255)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ /* buffer */
+ __ntapi->tt_aligned_block_memset(
+ buffer,0,sizeof(buffer));
+
+ tokprivs = (nt_token_privileges *)buffer;
+
+ /* token privileges */
+ tokprivs->privilege_count = 1;
+
+ tokprivs->privileges[0].attributes = attribute;
+ tokprivs->privileges[0].luid.low = privilege;
+ tokprivs->privileges[0].luid.high = 0;
+
+ /* set */
+ return __ntapi->zw_adjust_privileges_token(
+ htoken,0,
+ tokprivs,sizeof(buffer),
+ 0,0);
+}
+
+
+int32_t __stdcall __ntapi_tt_enable_token_privilege(
+ __in void * htoken,
+ __in uint32_t privilege)
+{
+ return __set_token_privilege(
+ htoken,
+ privilege,
+ NT_SE_ENABLE_PRIVILEGE);
+}
+
+int32_t __stdcall __ntapi_tt_disable_token_privilege(
+ __in void * htoken,
+ __in uint32_t privilege)
+{
+ return __set_token_privilege(
+ htoken,
+ privilege,
+ NT_SE_DISABLE_PRIVILEGE);
+}