1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
// Windows/SecurityUtils.h
#ifndef __WINDOWS_SECURITY_UTILS_H
#define __WINDOWS_SECURITY_UTILS_H
#include <NTSecAPI.h>
#include "Defs.h"
namespace NWindows {
namespace NSecurity {
class CAccessToken
{
HANDLE _handle;
public:
CAccessToken(): _handle(NULL) {};
~CAccessToken() { Close(); }
bool Close()
{
if (_handle == NULL)
return true;
bool res = BOOLToBool(::CloseHandle(_handle));
if (res)
_handle = NULL;
return res;
}
bool OpenProcessToken(HANDLE processHandle, DWORD desiredAccess)
{
Close();
return BOOLToBool(::OpenProcessToken(processHandle, desiredAccess, &_handle));
}
/*
bool OpenThreadToken(HANDLE threadHandle, DWORD desiredAccess, bool openAsSelf)
{
Close();
return BOOLToBool(::OpenTreadToken(threadHandle, desiredAccess, BoolToBOOL(anOpenAsSelf), &_handle));
}
*/
bool AdjustPrivileges(bool disableAllPrivileges, PTOKEN_PRIVILEGES newState,
DWORD bufferLength, PTOKEN_PRIVILEGES previousState, PDWORD returnLength)
{ return BOOLToBool(::AdjustTokenPrivileges(_handle, BoolToBOOL(disableAllPrivileges),
newState, bufferLength, previousState, returnLength)); }
bool AdjustPrivileges(bool disableAllPrivileges, PTOKEN_PRIVILEGES newState)
{ return AdjustPrivileges(disableAllPrivileges, newState, 0, NULL, NULL); }
bool AdjustPrivileges(PTOKEN_PRIVILEGES newState)
{ return AdjustPrivileges(false, newState); }
};
#ifndef _UNICODE
typedef NTSTATUS (NTAPI *LsaOpenPolicyP)(PLSA_UNICODE_STRING SystemName,
PLSA_OBJECT_ATTRIBUTES ObjectAttributes, ACCESS_MASK DesiredAccess, PLSA_HANDLE PolicyHandle);
typedef NTSTATUS (NTAPI *LsaCloseP)(LSA_HANDLE ObjectHandle);
typedef NTSTATUS (NTAPI *LsaAddAccountRightsP)(LSA_HANDLE PolicyHandle,
PSID AccountSid, PLSA_UNICODE_STRING UserRights, ULONG CountOfRights );
#define MY_STATUS_NOT_IMPLEMENTED ((NTSTATUS)0xC0000002L)
#endif
struct CPolicy
{
protected:
LSA_HANDLE _handle;
#ifndef _UNICODE
HMODULE hModule;
#endif
public:
operator LSA_HANDLE() const { return _handle; }
CPolicy(): _handle(NULL)
{
#ifndef _UNICODE
hModule = GetModuleHandle(TEXT("Advapi32.dll"));
#endif
};
~CPolicy() { Close(); }
NTSTATUS Open(PLSA_UNICODE_STRING systemName, PLSA_OBJECT_ATTRIBUTES objectAttributes,
ACCESS_MASK desiredAccess)
{
#ifndef _UNICODE
if (hModule == NULL)
return MY_STATUS_NOT_IMPLEMENTED;
LsaOpenPolicyP lsaOpenPolicy = (LsaOpenPolicyP)GetProcAddress(hModule, "LsaOpenPolicy");
if (lsaOpenPolicy == NULL)
return MY_STATUS_NOT_IMPLEMENTED;
#endif
Close();
return
#ifdef _UNICODE
::LsaOpenPolicy
#else
lsaOpenPolicy
#endif
(systemName, objectAttributes, desiredAccess, &_handle);
}
NTSTATUS Close()
{
if (_handle == NULL)
return 0;
#ifndef _UNICODE
if (hModule == NULL)
return MY_STATUS_NOT_IMPLEMENTED;
LsaCloseP lsaClose = (LsaCloseP)GetProcAddress(hModule, "LsaClose");
if (lsaClose == NULL)
return MY_STATUS_NOT_IMPLEMENTED;
#endif
NTSTATUS res =
#ifdef _UNICODE
::LsaClose
#else
lsaClose
#endif
(_handle);
_handle = NULL;
return res;
}
NTSTATUS EnumerateAccountsWithUserRight(PLSA_UNICODE_STRING userRights,
PLSA_ENUMERATION_INFORMATION *enumerationBuffer, PULONG countReturned)
{ return LsaEnumerateAccountsWithUserRight(_handle, userRights, (void **)enumerationBuffer, countReturned); }
NTSTATUS EnumerateAccountRights(PSID sid, PLSA_UNICODE_STRING* userRights, PULONG countOfRights)
{ return ::LsaEnumerateAccountRights(_handle, sid, userRights, countOfRights); }
NTSTATUS LookupSids(ULONG count, PSID* sids,
PLSA_REFERENCED_DOMAIN_LIST* referencedDomains, PLSA_TRANSLATED_NAME* names)
{ return LsaLookupSids(_handle, count, sids, referencedDomains, names); }
NTSTATUS AddAccountRights(PSID accountSid, PLSA_UNICODE_STRING userRights, ULONG countOfRights)
{
#ifndef _UNICODE
if (hModule == NULL)
return MY_STATUS_NOT_IMPLEMENTED;
LsaAddAccountRightsP lsaAddAccountRights = (LsaAddAccountRightsP)GetProcAddress(hModule, "LsaAddAccountRights");
if (lsaAddAccountRights == NULL)
return MY_STATUS_NOT_IMPLEMENTED;
#endif
return
#ifdef _UNICODE
::LsaAddAccountRights
#else
lsaAddAccountRights
#endif
(_handle, accountSid, userRights, countOfRights);
}
NTSTATUS AddAccountRights(PSID accountSid, PLSA_UNICODE_STRING userRights)
{ return AddAccountRights(accountSid, userRights, 1); }
NTSTATUS RemoveAccountRights(PSID accountSid, bool allRights, PLSA_UNICODE_STRING userRights, ULONG countOfRights)
{ return LsaRemoveAccountRights(_handle, accountSid, (BOOLEAN)(allRights ? TRUE : FALSE), userRights, countOfRights); }
};
bool AddLockMemoryPrivilege();
}}
#endif
|