ReactOS  0.4.14-dev-376-gaedba84
tokentest.c File Reference
#include <windows.h>
#include <stdlib.h>
#include <ndk/ntndk.h>
#include <ddk/ntddk.h>
#include <stdio.h>
Include dependency graph for tokentest.c:

Go to the source code of this file.

Classes

struct  _SID_2
 

Macros

#define UNICODE
 
#define _UNICODE
 
#define ANONYMOUSUNIONS
 
#define NTOS_MODE_USER
 
#define INCLUDE_THE_DDK_HEADERS
 
#define ROS_ACE_HEADER   ACE_HEADER
 
#define ROS_ACE   ACE
 
#define INITIAL_PRIV_ENABLED   SE_PRIVILEGE_ENABLED_BY_DEFAULT|SE_PRIVILEGE_ENABLED
 
#define INITIAL_PRIV_DISABLED   0
 

Typedefs

typedef struct _SID_2 SID_2
 

Functions

void PrintSid (SID_AND_ATTRIBUTES *pSid, TOKEN_OWNER *pOwner, TOKEN_PRIMARY_GROUP *pPrimary)
 
void DisplayTokenSids (TOKEN_USER *pUser, TOKEN_GROUPS *pGroups, TOKEN_OWNER *pOwner, TOKEN_PRIMARY_GROUP *pPrimary)
 
void DisplayTokenPrivileges (TOKEN_PRIVILEGES *pPriv)
 
void DisplayDacl (PACL pAcl)
 
PVOID GetFromToken (HANDLE hToken, TOKEN_INFORMATION_CLASS tic)
 
void DisplayToken (HANDLE hTokenSource)
 
BOOL EnablePrivilege (LPWSTR wszName)
 
NTSTATUS CreateInitialSystemToken (HANDLE *phSystemToken)
 
int main (int argc, char *argv[])
 

Variables

LUID_AND_ATTRIBUTES InitialPrivilegeSet []
 

Macro Definition Documentation

◆ _UNICODE

#define _UNICODE

Definition at line 2 of file tokentest.c.

◆ ANONYMOUSUNIONS

#define ANONYMOUSUNIONS

Definition at line 4 of file tokentest.c.

◆ INCLUDE_THE_DDK_HEADERS

#define INCLUDE_THE_DDK_HEADERS

Definition at line 12 of file tokentest.c.

◆ INITIAL_PRIV_DISABLED

#define INITIAL_PRIV_DISABLED   0

Definition at line 118 of file tokentest.c.

◆ INITIAL_PRIV_ENABLED

Definition at line 117 of file tokentest.c.

◆ NTOS_MODE_USER

#define NTOS_MODE_USER

Definition at line 8 of file tokentest.c.

◆ ROS_ACE

#define ROS_ACE   ACE

Definition at line 16 of file tokentest.c.

◆ ROS_ACE_HEADER

#define ROS_ACE_HEADER   ACE_HEADER

Definition at line 15 of file tokentest.c.

◆ UNICODE

Definition at line 1 of file tokentest.c.

Typedef Documentation

◆ SID_2

typedef struct _SID_2 SID_2

Function Documentation

◆ CreateInitialSystemToken()

NTSTATUS CreateInitialSystemToken ( HANDLE phSystemToken)

Definition at line 342 of file tokentest.c.

343 {
344  static SID sidSystem = { 1, 1, {SECURITY_NT_AUTHORITY}, {SECURITY_LOCAL_SYSTEM_RID} };
345  static SID sidEveryone = { 1, 1, {SECURITY_WORLD_SID_AUTHORITY}, {SECURITY_WORLD_RID} };
346  static SID sidAuthenticatedUser = { 1, 1, {SECURITY_NT_AUTHORITY}, {SECURITY_AUTHENTICATED_USER_RID} };
347  static SID_2 sidAdministrators = { 1, 2, {SECURITY_NT_AUTHORITY}, {SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS} };
348  static const int nGroupCount = 3;
349 
351  ULONG uSize;
352  DWORD i;
353 
354  TOKEN_USER tkUser;
355  TOKEN_OWNER tkDefaultOwner;
356  TOKEN_PRIMARY_GROUP tkPrimaryGroup;
357 
358  TOKEN_GROUPS* ptkGroups = 0;
359  TOKEN_PRIVILEGES* ptkPrivileges = 0;
360  TOKEN_DEFAULT_DACL tkDefaultDacl = { 0 };
361 
362  LARGE_INTEGER tkExpiration;
363 
364  LUID authId = SYSTEM_LUID;
365 
367  {
368  { '*', '*', 'A', 'N', 'O', 'N', '*', '*' },
369  {0, 0}
370  };
371 
373  {
374  sizeof(sqos),
377  FALSE
378  };
379 
380  OBJECT_ATTRIBUTES oa =
381  {
382  sizeof(oa),
383  0,
384  0,
385  0,
386  0,
387  &sqos
388  };
389 
390  tkExpiration.QuadPart = -1;
391  status = ZwAllocateLocallyUniqueId(&source.SourceIdentifier);
392  if ( status != 0 )
393  return status;
394 
395  tkUser.User.Sid = &sidSystem;
396  tkUser.User.Attributes = 0;
397 
398  // Under WinXP (the only MS OS I've tested) ZwCreateToken()
399  // squawks if we use sidAdministrators here -- though running
400  // a progrem under AT and using the DisplayToken() function
401  // shows that the system token does default ownership to
402  // Administrator.
403 
404  // For now, default ownership to system, since that works
405  tkDefaultOwner.Owner = &sidSystem;
406  tkPrimaryGroup.PrimaryGroup = &sidSystem;
407 
408  uSize = sizeof(TOKEN_GROUPS) - sizeof(ptkGroups->Groups);
409  uSize += sizeof(SID_AND_ATTRIBUTES) * nGroupCount;
410 
411  ptkGroups = (TOKEN_GROUPS*) malloc(uSize);
412  ptkGroups->GroupCount = nGroupCount;
413 
414  ptkGroups->Groups[0].Sid = (SID*) &sidAdministrators;
415  ptkGroups->Groups[0].Attributes = SE_GROUP_ENABLED;
416 
417  ptkGroups->Groups[1].Sid = &sidEveryone;
419 
420  ptkGroups->Groups[2].Sid = &sidAuthenticatedUser;
422 
423  uSize = sizeof(TOKEN_PRIVILEGES) - sizeof(ptkPrivileges->Privileges);
424  uSize += sizeof(LUID_AND_ATTRIBUTES) * sizeof(InitialPrivilegeSet) / sizeof(InitialPrivilegeSet[0]);
425  ptkPrivileges = (TOKEN_PRIVILEGES*) malloc(uSize);
426  ptkPrivileges->PrivilegeCount = sizeof(InitialPrivilegeSet) / sizeof(InitialPrivilegeSet[0]);
427  for (i = 0; i < ptkPrivileges->PrivilegeCount; i++)
428  {
432  }
433 
434  // Calculate the length needed for the ACL
435  uSize = sizeof(ACL);
436  uSize += sizeof(ACE) + sizeof(sidSystem);
437  uSize += sizeof(ACE) + sizeof(sidAdministrators);
438  uSize = (uSize & (~3)) + 8;
439  tkDefaultDacl.DefaultDacl = (PACL) malloc(uSize);
440 
441  status = RtlCreateAcl(tkDefaultDacl.DefaultDacl, uSize, ACL_REVISION);
442  if ( ! NT_SUCCESS(status) )
443  printf("RtlCreateAcl() failed: 0x%08x\n", status);
444 
445  status = RtlAddAccessAllowedAce(tkDefaultDacl.DefaultDacl, ACL_REVISION, GENERIC_ALL, &sidSystem);
446  if ( ! NT_SUCCESS(status) )
447  printf("RtlAddAccessAllowedAce() failed: 0x%08x\n", status);
448 
450  if ( ! NT_SUCCESS(status) )
451  printf("RtlAddAccessAllowedAce() failed: 0x%08x\n", status);
452 
453  printf("Parameters being passed into ZwCreateToken:\n\n");
454  DisplayTokenSids(&tkUser, ptkGroups, &tkDefaultOwner, &tkPrimaryGroup);
455  DisplayDacl(tkDefaultDacl.DefaultDacl);
456 
457  printf("Calling ZwCreateToken()...\n");
458  status = ZwCreateToken(phSystemToken,
460  &oa,
461  TokenPrimary,
462  &authId,
463  &tkExpiration,
464  &tkUser,
465  ptkGroups,
466  ptkPrivileges,
467  &tkDefaultOwner,
468  &tkPrimaryGroup,
469  &tkDefaultDacl,
470  &source);
471 
472  // Cleanup
473  free(ptkGroups);
474  free(ptkPrivileges);
475  free(tkDefaultDacl.DefaultDacl);
476 
477  return status;
478 }
#define SECURITY_AUTHENTICATED_USER_RID
Definition: setypes.h:540
#define GENERIC_ALL
Definition: nt_native.h:92
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:546
struct _ACE ACE
#define free
Definition: debug_ros.c:5
LONG NTSTATUS
Definition: precomp.h:26
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
$ULONG PrivilegeCount
Definition: setypes.h:969
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
struct _TOKEN_PRIVILEGES TOKEN_PRIVILEGES
struct _ACL ACL
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
PSID Owner
Definition: setypes.h:974
NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId(_Out_ LUID *LocallyUniqueId)
void DisplayTokenSids(TOKEN_USER *pUser, TOKEN_GROUPS *pGroups, TOKEN_OWNER *pOwner, TOKEN_PRIMARY_GROUP *pPrimary)
Definition: tokentest.c:189
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:526
struct _ACL * PACL
Definition: security.c:104
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define SE_GROUP_ENABLED
Definition: setypes.h:92
#define SECURITY_WORLD_SID_AUTHORITY
Definition: setypes.h:499
DWORD LowPart
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
unsigned long DWORD
Definition: ntddk_ex.h:95
#define TOKEN_ALL_ACCESS
Definition: setypes.h:892
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
#define SECURITY_WORLD_RID
Definition: setypes.h:513
#define READ_CONTROL
Definition: nt_native.h:58
LONG HighPart
LUID_AND_ATTRIBUTES InitialPrivilegeSet[]
Definition: tokentest.c:119
#define GENERIC_READ
Definition: compat.h:124
#define SYSTEM_LUID
Definition: setypes.h:672
struct _TOKEN_GROUPS TOKEN_GROUPS
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
Definition: setypes.h:964
#define SECURITY_STATIC_TRACKING
Definition: setypes.h:104
void DisplayDacl(PACL pAcl)
Definition: tokentest.c:231
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
Definition: setypes.h:970
#define ACL_REVISION
Definition: setypes.h:39
$ULONG GroupCount
Definition: setypes.h:960
unsigned int ULONG
Definition: retypes.h:1
SID_AND_ATTRIBUTES User
Definition: setypes.h:956
#define malloc
Definition: debug_ros.c:4
#define GENERIC_EXECUTE
Definition: nt_native.h:91
static SERVICE_STATUS status
Definition: service.c:31
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:624
NTSYSAPI NTSTATUS NTAPI ZwCreateToken(_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
LONGLONG QuadPart
Definition: typedefs.h:112
#define printf
Definition: config.h:203
Definition: ps.c:97

Referenced by main().

◆ DisplayDacl()

void DisplayDacl ( PACL  pAcl)

Definition at line 231 of file tokentest.c.

232 {
233  DWORD i;
235 
236  if ( ! pAcl )
237  {
238  printf("\nNo Default Dacl.\n");
239  return;
240  }
241 
242  printf("\nDacl:\n");
243  for (i = 0; i < pAcl->AceCount; i++)
244  {
245  UNICODE_STRING scSid;
246  ROS_ACE* pAce;
247  LPWSTR wszType = 0;
248  PSID pSid;
249 
250  status = RtlGetAce(pAcl, i, (ROS_ACE**) &pAce);
251  if ( ! NT_SUCCESS(status) )
252  {
253  printf("RtlGetAce(): status = 0x%08x\n", status);
254  break;
255  }
256 
257  pSid = (PSID) (pAce + 1);
258  if ( pAce->Header.AceType == ACCESS_ALLOWED_ACE_TYPE )
259  wszType = L"allow";
260  if ( pAce->Header.AceType == ACCESS_DENIED_ACE_TYPE )
261  wszType = L"deny ";
262 
264  if ( ! NT_SUCCESS(status) )
265  {
266  printf("RtlConvertSidToUnicodeString(): status = 0x%08x\n", status);
267  break;
268  }
269 
270  printf("%d.) %S %wZ 0x%08x\n", i, wszType, &scSid, pAce->AccessMask);
271  LocalFree(scSid.Buffer);
272  }
273 }
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
NTSYSAPI NTSTATUS NTAPI RtlGetAce(PACL Acl, ULONG AceIndex, PVOID *Ace)
USHORT AceCount
Definition: ms-dtyp.idl:297
#define ROS_ACE
Definition: tokentest.c:16
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
unsigned long DWORD
Definition: ntddk_ex.h:95
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:685
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:686
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
struct _SID * PSID
Definition: eventlog.c:35
static const WCHAR L[]
Definition: oid.c:1250
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
static PSID pSid
Definition: security.c:74
WCHAR * LPWSTR
Definition: xmlstorage.h:184
static SERVICE_STATUS status
Definition: service.c:31
#define printf
Definition: config.h:203
Definition: ps.c:97

Referenced by CreateInitialSystemToken(), and DisplayToken().

◆ DisplayToken()

void DisplayToken ( HANDLE  hTokenSource)

Definition at line 300 of file tokentest.c.

301 {
302  TOKEN_USER* pTokenUser = (PTOKEN_USER) GetFromToken(hTokenSource, TokenUser);
303  TOKEN_GROUPS* pTokenGroups = (PTOKEN_GROUPS) GetFromToken(hTokenSource, TokenGroups);
304  TOKEN_OWNER* pTokenOwner = (PTOKEN_OWNER) GetFromToken(hTokenSource, TokenOwner);
305  TOKEN_PRIMARY_GROUP* pTokenPrimaryGroup = (PTOKEN_PRIMARY_GROUP) GetFromToken(hTokenSource, TokenPrimaryGroup);
306  TOKEN_PRIVILEGES* pTokenPrivileges = (PTOKEN_PRIVILEGES) GetFromToken(hTokenSource, TokenPrivileges);
307  TOKEN_DEFAULT_DACL* pTokenDefaultDacl = (PTOKEN_DEFAULT_DACL) GetFromToken(hTokenSource, TokenDefaultDacl);
308 
309  DisplayTokenSids(pTokenUser, pTokenGroups, pTokenOwner, pTokenPrimaryGroup);
310  // DisplayTokenPrivileges(pTokenPrivileges);
311  DisplayDacl(pTokenDefaultDacl->DefaultDacl);
312 
313  free(pTokenUser);
314  free(pTokenGroups);
315  free(pTokenOwner);
316  free(pTokenPrimaryGroup);
317  free(pTokenPrivileges);
318  free(pTokenDefaultDacl);
319 }
struct _TOKEN_PRIMARY_GROUP * PTOKEN_PRIMARY_GROUP
#define free
Definition: debug_ros.c:5
struct _TOKEN_DEFAULT_DACL * PTOKEN_DEFAULT_DACL
struct _TOKEN_GROUPS * PTOKEN_GROUPS
void DisplayTokenSids(TOKEN_USER *pUser, TOKEN_GROUPS *pGroups, TOKEN_OWNER *pOwner, TOKEN_PRIMARY_GROUP *pPrimary)
Definition: tokentest.c:189
PVOID GetFromToken(HANDLE hToken, TOKEN_INFORMATION_CLASS tic)
Definition: tokentest.c:277
struct _TOKEN_OWNER * PTOKEN_OWNER
struct _TOKEN_PRIVILEGES * PTOKEN_PRIVILEGES
void DisplayDacl(PACL pAcl)
Definition: tokentest.c:231
struct _TOKEN_USER * PTOKEN_USER

Referenced by main().

◆ DisplayTokenPrivileges()

void DisplayTokenPrivileges ( TOKEN_PRIVILEGES pPriv)

Definition at line 205 of file tokentest.c.

206 {
207  WCHAR buffer[256];
208  DWORD i;
209 
210  printf("\nprivileges:\n");
211  for (i = 0; i < pPriv->PrivilegeCount; i++)
212  {
213  DWORD cbName = sizeof(buffer) / sizeof(buffer[0]);
214  LookupPrivilegeName(0, &pPriv->Privileges[i].Luid, buffer, &cbName);
215 
216  printf("%S{0x%08x, 0x%08x} [", buffer, pPriv->Privileges[i].Luid.HighPart, pPriv->Privileges[i].Luid.LowPart);
217 
219  printf("enabled,");
221  printf("default,");
223  printf("used");
224 
225  printf("]\n");
226  }
227 }
$ULONG PrivilegeCount
Definition: setypes.h:969
GLuint buffer
Definition: glext.h:5915
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define SE_PRIVILEGE_USED_FOR_ACCESS
Definition: setypes.h:65
#define SE_PRIVILEGE_ENABLED_BY_DEFAULT
Definition: setypes.h:62
__wchar_t WCHAR
Definition: xmlstorage.h:180
DWORD LowPart
unsigned long DWORD
Definition: ntddk_ex.h:95
#define LookupPrivilegeName
Definition: winbase.h:3693
LONG HighPart
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
Definition: setypes.h:970
#define printf
Definition: config.h:203

◆ DisplayTokenSids()

void DisplayTokenSids ( TOKEN_USER pUser,
TOKEN_GROUPS pGroups,
TOKEN_OWNER pOwner,
TOKEN_PRIMARY_GROUP pPrimary 
)

Definition at line 189 of file tokentest.c.

193 {
194  DWORD i;
195 
196  printf("\nSids:\n");
197  PrintSid(&pUser->User, pOwner, pPrimary);
198  printf("\nGroups:\n");
199  for (i = 0; i < pGroups->GroupCount; i++)
200  PrintSid(&pGroups->Groups[i], pOwner, pPrimary);
201 }
void PrintSid(SID_AND_ATTRIBUTES *pSid, TOKEN_OWNER *pOwner, TOKEN_PRIMARY_GROUP *pPrimary)
Definition: tokentest.c:155
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
unsigned long DWORD
Definition: ntddk_ex.h:95
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
Definition: setypes.h:964
$ULONG GroupCount
Definition: setypes.h:960
SID_AND_ATTRIBUTES User
Definition: setypes.h:956
#define printf
Definition: config.h:203

Referenced by CreateInitialSystemToken(), and DisplayToken().

◆ EnablePrivilege()

BOOL EnablePrivilege ( LPWSTR  wszName)

Definition at line 323 of file tokentest.c.

324 {
325  HANDLE hToken;
326  TOKEN_PRIVILEGES priv = {1, {{{0, 0}, SE_PRIVILEGE_ENABLED}}};
327  BOOL bResult;
328 
329  LookupPrivilegeValue(0, wszName, &priv.Privileges[0].Luid);
330 
332 
333  AdjustTokenPrivileges(hToken, FALSE, &priv, sizeof priv, 0, 0);
334  bResult = GetLastError() == ERROR_SUCCESS;
335 
336  CloseHandle(hToken);
337  return bResult;
338 }
#define CloseHandle
Definition: compat.h:406
#define ERROR_SUCCESS
Definition: deptool.c:10
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
#define LookupPrivilegeValue
Definition: winbase.h:3694
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
unsigned int BOOL
Definition: ntddk_ex.h:94
HANDLE WINAPI GetCurrentProcess(VOID)
Definition: proc.c:1138
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
Definition: security.c:376
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:296
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
Definition: setypes.h:970
#define TOKEN_ADJUST_PRIVILEGES
Definition: setypes.h:876

Referenced by main().

◆ GetFromToken()

PVOID GetFromToken ( HANDLE  hToken,
TOKEN_INFORMATION_CLASS  tic 
)

Definition at line 277 of file tokentest.c.

278 {
279  BOOL bResult;
280  DWORD n;
281  PBYTE p = 0;
282 
283  bResult = GetTokenInformation(hToken, tic, 0, 0, &n);
284  if ( ! bResult && GetLastError() != ERROR_INSUFFICIENT_BUFFER)
285  return 0;
286 
287  p = (PBYTE) malloc(n);
288  if ( ! GetTokenInformation(hToken, tic, p, n, &n) )
289  {
290  printf("GetFromToken() failed for TOKEN_INFORMATION_CLASS(%d): %d\n", tic, GetLastError());
291  free(p);
292  return 0;
293  }
294 
295  return p;
296 }
#define free
Definition: debug_ros.c:5
GLdouble n
Definition: glext.h:7729
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
unsigned int BOOL
Definition: ntddk_ex.h:94
unsigned long DWORD
Definition: ntddk_ex.h:95
BOOL WINAPI GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
Definition: security.c:413
#define malloc
Definition: debug_ros.c:4
GLfloat GLfloat p
Definition: glext.h:8902
BYTE * PBYTE
Definition: pedump.c:66
#define printf
Definition: config.h:203
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10

Referenced by DisplayToken().

◆ main()

int main ( int argc  ,
char argv[] 
)

hosttype.c Copyright (C) 2002 by Brian Palmer brian.nosp@m.p@sg.nosp@m.inet..nosp@m.com

Definition at line 482 of file tokentest.c.

483 {
485  HANDLE hSystemToken;
486  CHAR buffer[512];
487  HANDLE hOurToken;
488 
489  printf("Current process Token:\n");
490 
492  if ( NT_SUCCESS(Status) )
493  {
494  DisplayToken(hOurToken);
495  CloseHandle(hOurToken);
496  }
497  else
498  {
499  printf("ZwOpenProcessToken() failed: 0x%08x\n", Status);
500  }
501 
502 //#define ENABLE_PRIVILEGE
503 #ifdef ENABLE_PRIVILEGE
505 #endif
506 
507  // Now do the other one
508  Status = CreateInitialSystemToken(&hSystemToken);
509  if ( NT_SUCCESS(Status) )
510  {
511  printf("System Token: 0x%08x\n", hSystemToken);
512  DisplayToken(hSystemToken);
513  CloseHandle(hSystemToken);
514  }
515  else
516  {
517  printf("CreateInitialSystemToken() return: 0x%08x\n", Status);
518  }
519 
520  printf("press return");
521  gets(buffer);
522 
523  return 0;
524 }
#define CloseHandle
Definition: compat.h:406
_CRTIMP char *__cdecl gets(char *_Buffer)
Definition: file.c:3643
char CHAR
Definition: xmlstorage.h:175
LONG NTSTATUS
Definition: precomp.h:26
GLuint buffer
Definition: glext.h:5915
NTSTATUS CreateInitialSystemToken(HANDLE *phSystemToken)
Definition: tokentest.c:342
void DisplayToken(HANDLE hTokenSource)
Definition: tokentest.c:300
#define TOKEN_QUERY
Definition: setypes.h:874
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
HANDLE WINAPI GetCurrentProcess(VOID)
Definition: proc.c:1138
#define TOKEN_QUERY_SOURCE
Definition: setypes.h:875
Status
Definition: gdiplustypes.h:24
BOOL EnablePrivilege(LPWSTR wszName)
Definition: tokentest.c:323
NTSYSAPI NTSTATUS NTAPI ZwOpenProcessToken(_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
#define SE_CREATE_TOKEN_NAME
Definition: winnt_old.h:365
#define printf
Definition: config.h:203

◆ PrintSid()

void PrintSid ( SID_AND_ATTRIBUTES pSid,
TOKEN_OWNER pOwner,
TOKEN_PRIMARY_GROUP pPrimary 
)

Definition at line 155 of file tokentest.c.

156 {
157  UNICODE_STRING scSid;
158 
159  RtlConvertSidToUnicodeString(&scSid, pSid->Sid, TRUE);
160  printf("%wZ [", &scSid);
161  LocalFree(scSid.Buffer);
162 
163  if ( EqualSid(pSid->Sid, pOwner->Owner) )
164  printf("owner,");
165 
166  if ( EqualSid(pSid->Sid, pPrimary->PrimaryGroup) )
167  printf("primary,");
168 
169  if ( pSid->Attributes & SE_GROUP_ENABLED )
170  {
171  if ( pSid->Attributes & SE_GROUP_ENABLED_BY_DEFAULT )
172  printf("enabled-default,");
173  else
174  printf("enabled,");
175  }
176 
177  if ( pSid->Attributes & SE_GROUP_LOGON_ID )
178  printf("logon,");
179 
180 
181  if ( pSid->Attributes & SE_GROUP_MANDATORY )
182  printf("mandatory,");
183 
184  printf("]\n");
185 }
#define TRUE
Definition: types.h:120
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:708
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
PSID Owner
Definition: setypes.h:974
#define SE_GROUP_ENABLED
Definition: setypes.h:92
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
#define SE_GROUP_LOGON_ID
Definition: setypes.h:98
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
static PSID pSid
Definition: security.c:74
#define printf
Definition: config.h:203

Referenced by DisplayTokenSids().

Variable Documentation

◆ InitialPrivilegeSet

LUID_AND_ATTRIBUTES InitialPrivilegeSet[]
Initial value:
=
{
{ { 0x00000007, 0x00000000 }, INITIAL_PRIV_ENABLED },
{ { 0x00000002, 0x00000000 }, INITIAL_PRIV_DISABLED },
{ { 0x00000009, 0x00000000 }, INITIAL_PRIV_DISABLED },
{ { 0x0000000f, 0x00000000 }, INITIAL_PRIV_ENABLED },
{ { 0x00000004, 0x00000000 }, INITIAL_PRIV_ENABLED },
{ { 0x00000003, 0x00000000 }, INITIAL_PRIV_DISABLED },
{ { 0x00000005, 0x00000000 }, INITIAL_PRIV_DISABLED },
{ { 0x0000000e, 0x00000000 }, INITIAL_PRIV_ENABLED },
{ { 0x00000010, 0x00000000 }, INITIAL_PRIV_ENABLED },
{ { 0x00000014, 0x00000000 }, INITIAL_PRIV_ENABLED },
{ { 0x00000015, 0x00000000 }, INITIAL_PRIV_ENABLED },
{ { 0x00000008, 0x00000000 }, INITIAL_PRIV_DISABLED },
{ { 0x00000016, 0x00000000 }, INITIAL_PRIV_DISABLED },
{ { 0x00000017, 0x00000000 }, INITIAL_PRIV_ENABLED },
{ { 0x00000011, 0x00000000 }, INITIAL_PRIV_DISABLED },
{ { 0x00000012, 0x00000000 }, INITIAL_PRIV_DISABLED },
{ { 0x00000013, 0x00000000 }, INITIAL_PRIV_DISABLED },
{ { 0x0000000a, 0x00000000 }, INITIAL_PRIV_DISABLED },
{ { 0x0000000d, 0x00000000 }, INITIAL_PRIV_ENABLED },
{ { 0x0000000c, 0x00000000 }, INITIAL_PRIV_DISABLED },
{ { 0x00000019, 0x00000000 }, INITIAL_PRIV_DISABLED },
{ { 0x0000001c, 0x00000000 }, INITIAL_PRIV_DISABLED },
}
#define INITIAL_PRIV_ENABLED
Definition: tokentest.c:117
#define INITIAL_PRIV_DISABLED
Definition: tokentest.c:118

Definition at line 119 of file tokentest.c.

Referenced by CreateInitialSystemToken().