diff options
author | midipix <writeonce@midipix.org> | 2018-03-27 01:53:14 +0000 |
---|---|---|
committer | midipix <writeonce@midipix.org> | 2018-03-29 21:56:28 -0400 |
commit | 0a84879cdc3be1bbe3e09dd9fd883a4832e9443e (patch) | |
tree | 890b50007ab3c483666d922c6edad95d17c619b5 /src/internal | |
parent | 227c1560530dc822180e71690795d4a97d2d7310 (diff) | |
download | ntapi-0a84879cdc3be1bbe3e09dd9fd883a4832e9443e.tar.bz2 ntapi-0a84879cdc3be1bbe3e09dd9fd883a4832e9443e.tar.xz |
internals: when running as a local/domain user, cache the domain's admin sid.
Diffstat (limited to 'src/internal')
-rw-r--r-- | src/internal/ntapi.c | 24 | ||||
-rw-r--r-- | src/internal/ntapi_impl.h | 5 |
2 files changed, 24 insertions, 5 deletions
diff --git a/src/internal/ntapi.c b/src/internal/ntapi.c index f0b4431..aaf1b33 100644 --- a/src/internal/ntapi.c +++ b/src/internal/ntapi.c @@ -94,6 +94,8 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl) void * hntdll; size_t block_size; size_t buf[64]; + unsigned char * value; + uint16_t sacnt; nt_oa oa; nt_cid cid; ntapi_zw_allocate_virtual_memory * pfn_zw_allocate_virtual_memory; @@ -482,7 +484,7 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl) internals->htoken, NT_SE_CREATE_SYMBOLIC_LINK_PRIVILEGE); - /* sid */ + /* user */ if ((status = __ntapi->zw_query_information_token( internals->htoken, NT_TOKEN_USER, @@ -490,12 +492,28 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl) &block_size))) return status; - internals->sid = (nt_sid *)&internals->sid_buffer; + internals->user = (nt_sid *)&internals->sid_buffer[0]; + internals->admin = (nt_sid *)&internals->sid_buffer[1]; __ntapi->tt_sid_copy( - internals->sid, + internals->user, ((nt_sid_and_attributes *)buf)->sid); + /* admin */ + value = internals->user->identifier_authority.value; + sacnt = internals->user->sub_authority_count; + + if ((value[0] == 0) && (value[1] == 0) + && (value[2] == 0) && (value[3] == 0) + && (value[4] == 0) && (value[5] == 5) + && internals->user->sub_authority[0] == 21) { + __ntapi->tt_sid_copy( + internals->admin, + internals->user); + + internals->admin->sub_authority[sacnt - 1] = 500; + } + /* done */ *pvtbl = &___ntapi_shadow; at_locked_inc(&__ntapi_init_idx); diff --git a/src/internal/ntapi_impl.h b/src/internal/ntapi_impl.h index 6021a48..d020386 100644 --- a/src/internal/ntapi_impl.h +++ b/src/internal/ntapi_impl.h @@ -82,8 +82,9 @@ typedef struct __attr_ptr_size_aligned__ _ntapi_internals { nt_port_name * subsystem; nt_security_descriptor seq_desc; nt_security_quality_of_service seq_qos; - nt_sid_any sid_buffer; - nt_sid * sid; + nt_sid_any sid_buffer[2]; + nt_sid * user; + nt_sid * admin; void * hprocess; void * htoken; void * hport_tty_session; |