process tokens: added __ntapi_tt_[enable/disable]_token_privilege().

1 files changed, 65 insertions, 0 deletions

diff --git a/src/token/ntapi_tt_token_privilege.c b/src/token/ntapi_tt_token_privilege.c
new file mode 100644
index 0000000..e86b31b
--- /dev/null
+++ b/src/token/ntapi_tt_token_privilege.c
@@ -0,0 +1,65 @@
+/********************************************************/
+/*  ntapi: Native API core library                      */
+/*  Copyright (C) 2013--2016  Z. Gilboa                 */
+/*  Released under GPLv2 and GPLv3; see COPYING.NTAPI.  */
+/********************************************************/
+
+#include <psxtypes/psxtypes.h>
+#include <ntapi/nt_object.h>
+#include <ntapi/nt_token.h>
+#include <ntapi/ntapi.h>
+#include "ntapi_impl.h"
+
+
+static int32_t __stdcall __set_token_privilege(
+	__in	void *		htoken,
+	__in	uint32_t	privilege,
+	__in	int		attribute)
+{
+	uintptr_t		buffer[64];
+	nt_token_privileges *	tokprivs;
+
+	/* reasonable scope */
+	if (privilege > 255)
+		return NT_STATUS_INVALID_PARAMETER;
+
+	/* buffer */
+	__ntapi->tt_aligned_block_memset(
+		buffer,0,sizeof(buffer));
+
+	tokprivs = (nt_token_privileges *)buffer;
+
+	/* token privileges */
+	tokprivs->privilege_count = 1;
+
+	tokprivs->privileges[0].attributes = attribute;
+	tokprivs->privileges[0].luid.low   = privilege;
+	tokprivs->privileges[0].luid.high  = 0;
+
+	/* set */
+	return __ntapi->zw_adjust_privileges_token(
+		htoken,0,
+		tokprivs,sizeof(buffer),
+		0,0);
+}
+
+
+int32_t __stdcall __ntapi_tt_enable_token_privilege(
+	__in	void *		htoken,
+	__in	uint32_t	privilege)
+{
+	return __set_token_privilege(
+		htoken,
+		privilege,
+		NT_SE_ENABLE_PRIVILEGE);
+}
+
+int32_t __stdcall __ntapi_tt_disable_token_privilege(
+	__in	void *		htoken,
+	__in	uint32_t	privilege)
+{
+	return __set_token_privilege(
+		htoken,
+		privilege,
+		NT_SE_DISABLE_PRIVILEGE);
+}