ReactOS  0.4.12-dev-375-g61fed54
tokentest.c
Go to the documentation of this file.
1 #define UNICODE
2 #define _UNICODE
3 
4 #define ANONYMOUSUNIONS
5 #include <windows.h>
6 #include <stdlib.h>
7 
8 #define NTOS_MODE_USER
9 #include <ndk/ntndk.h>
10 
11 
12 #define INCLUDE_THE_DDK_HEADERS
13 #ifdef INCLUDE_THE_DDK_HEADERS
14 #include <ddk/ntddk.h>
15 #define ROS_ACE_HEADER ACE_HEADER
16 #define ROS_ACE ACE
17 
18 #else
19 typedef LONG NTSTATUS, *PNTSTATUS;
20 
21 typedef struct _UNICODE_STRING
22 {
23  USHORT Length;
25  PWSTR Buffer;
27 
28 typedef struct _OBJECT_ATTRIBUTES {
29  ULONG Length;
33  PVOID SecurityDescriptor; // Points to type SECURITY_DESCRIPTOR
34  PVOID SecurityQualityOfService; // Points to type SECURITY_QUALITY_OF_SERVICE
37 
38 typedef struct _ROS_ACE_HEADER
39 {
40  CHAR AceType;
41  CHAR AceFlags;
42  USHORT AceSize;
43 } ROS_ACE_HEADER, *PROS_ACE_HEADER;
44 
45 typedef struct
46 {
49 } ROS_ACE, *PROS_ACE;
50 
53 NTAPI
56  IN PSID Sid,
57  IN BOOLEAN AllocateString
58  );
59 
62 NTAPI
64  PACL Acl,
65  ULONG AclSize,
67 
70 NTAPI
72  PACL Acl,
75  PSID Sid
76  );
77 
80 NTAPI
81 RtlGetAce (
82  PACL Acl,
84  PROS_ACE *Ace
85  );
86 
89 NTAPI
91  OUT PLUID Luid
92  );
93 
96 NTAPI
102  IN PLUID AuthenticationId,
103  IN PLARGE_INTEGER ExpirationTime,
111  );
112 #define NT_SUCCESS(StatCode) ((NTSTATUS)(StatCode) >= 0)
113 #endif
114 
115 #include <stdio.h>
116 
117 #define INITIAL_PRIV_ENABLED SE_PRIVILEGE_ENABLED_BY_DEFAULT|SE_PRIVILEGE_ENABLED
118 #define INITIAL_PRIV_DISABLED 0
120 {
121  { { 0x00000007, 0x00000000 }, INITIAL_PRIV_ENABLED }, // SeTcbPrivilege
122  { { 0x00000002, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeCreateTokenPrivilege
123  { { 0x00000009, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeTakeOwnershipPrivilege
124  { { 0x0000000f, 0x00000000 }, INITIAL_PRIV_ENABLED }, // SeCreatePagefilePrivilege
125  { { 0x00000004, 0x00000000 }, INITIAL_PRIV_ENABLED }, // SeLockMemoryPrivilege
126  { { 0x00000003, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeAssignPrimaryTokenPrivilege
127  { { 0x00000005, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeIncreaseQuotaPrivilege
128  { { 0x0000000e, 0x00000000 }, INITIAL_PRIV_ENABLED }, // SeIncreaseBasePriorityPrivilege
129  { { 0x00000010, 0x00000000 }, INITIAL_PRIV_ENABLED }, // SeCreatePermanentPrivilege
130  { { 0x00000014, 0x00000000 }, INITIAL_PRIV_ENABLED }, // SeDebugPrivilege
131  { { 0x00000015, 0x00000000 }, INITIAL_PRIV_ENABLED }, // SeAuditPrivilege
132  { { 0x00000008, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeSecurityPrivilege
133  { { 0x00000016, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeSystemEnvironmentPrivilege
134  { { 0x00000017, 0x00000000 }, INITIAL_PRIV_ENABLED }, // SeChangeNotifyPrivilege
135  { { 0x00000011, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeBackupPrivilege
136  { { 0x00000012, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeRestorePrivilege
137  { { 0x00000013, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeShutdownPrivilege
138  { { 0x0000000a, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeLoadDriverPrivilege
139  { { 0x0000000d, 0x00000000 }, INITIAL_PRIV_ENABLED }, // SeProfileSingleProcessPrivilege
140  { { 0x0000000c, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeSystemtimePrivilege
141  { { 0x00000019, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeUndockPrivilege
142  { { 0x0000001c, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeManageVolumePrivilege
143 };
144 
145 typedef struct _SID_2
146 {
151 } SID_2;
152 
153 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
154 void
156 {
157  UNICODE_STRING scSid;
158 
159  RtlConvertSidToUnicodeString(&scSid, pSid->Sid, TRUE);
160  printf("%wZ [", &scSid);
161  LocalFree(scSid.Buffer);
162 
163  if ( EqualSid(pSid->Sid, pOwner->Owner) )
164  printf("owner,");
165 
166  if ( EqualSid(pSid->Sid, pPrimary->PrimaryGroup) )
167  printf("primary,");
168 
169  if ( pSid->Attributes & SE_GROUP_ENABLED )
170  {
171  if ( pSid->Attributes & SE_GROUP_ENABLED_BY_DEFAULT )
172  printf("enabled-default,");
173  else
174  printf("enabled,");
175  }
176 
177  if ( pSid->Attributes & SE_GROUP_LOGON_ID )
178  printf("logon,");
179 
180 
181  if ( pSid->Attributes & SE_GROUP_MANDATORY )
182  printf("mandatory,");
183 
184  printf("]\n");
185 }
186 
187 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
188 void
190  TOKEN_GROUPS* pGroups,
191  TOKEN_OWNER* pOwner,
192  TOKEN_PRIMARY_GROUP* pPrimary)
193 {
194  DWORD i;
195 
196  printf("\nSids:\n");
197  PrintSid(&pUser->User, pOwner, pPrimary);
198  printf("\nGroups:\n");
199  for (i = 0; i < pGroups->GroupCount; i++)
200  PrintSid(&pGroups->Groups[i], pOwner, pPrimary);
201 }
202 
203 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
204 void
206 {
207  WCHAR buffer[256];
208  DWORD i;
209 
210  printf("\nprivileges:\n");
211  for (i = 0; i < pPriv->PrivilegeCount; i++)
212  {
213  DWORD cbName = sizeof(buffer) / sizeof(buffer[0]);
214  LookupPrivilegeName(0, &pPriv->Privileges[i].Luid, buffer, &cbName);
215 
216  printf("%S{0x%08x, 0x%08x} [", buffer, pPriv->Privileges[i].Luid.HighPart, pPriv->Privileges[i].Luid.LowPart);
217 
219  printf("enabled,");
221  printf("default,");
223  printf("used");
224 
225  printf("]\n");
226  }
227 }
228 
229 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
230 void
232 {
233  DWORD i;
235 
236  if ( ! pAcl )
237  {
238  printf("\nNo Default Dacl.\n");
239  return;
240  }
241 
242  printf("\nDacl:\n");
243  for (i = 0; i < pAcl->AceCount; i++)
244  {
245  UNICODE_STRING scSid;
246  ROS_ACE* pAce;
247  LPWSTR wszType = 0;
248  PSID pSid;
249 
250  status = RtlGetAce(pAcl, i, (ROS_ACE**) &pAce);
251  if ( ! NT_SUCCESS(status) )
252  {
253  printf("RtlGetAce(): status = 0x%08x\n", status);
254  break;
255  }
256 
257  pSid = (PSID) (pAce + 1);
258  if ( pAce->Header.AceType == ACCESS_ALLOWED_ACE_TYPE )
259  wszType = L"allow";
260  if ( pAce->Header.AceType == ACCESS_DENIED_ACE_TYPE )
261  wszType = L"deny ";
262 
264  if ( ! NT_SUCCESS(status) )
265  {
266  printf("RtlConvertSidToUnicodeString(): status = 0x%08x\n", status);
267  break;
268  }
269 
270  printf("%d.) %S %wZ 0x%08x\n", i, wszType, &scSid, pAce->AccessMask);
271  LocalFree(scSid.Buffer);
272  }
273 }
274 
275 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
276 PVOID
278 {
279  BOOL bResult;
280  DWORD n;
281  PBYTE p = 0;
282 
283  bResult = GetTokenInformation(hToken, tic, 0, 0, &n);
284  if ( ! bResult && GetLastError() != ERROR_INSUFFICIENT_BUFFER)
285  return 0;
286 
287  p = (PBYTE) malloc(n);
288  if ( ! GetTokenInformation(hToken, tic, p, n, &n) )
289  {
290  printf("GetFromToken() failed for TOKEN_INFORMATION_CLASS(%d): %d\n", tic, GetLastError());
291  free(p);
292  return 0;
293  }
294 
295  return p;
296 }
297 
298 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
299 void
300 DisplayToken(HANDLE hTokenSource)
301 {
302  TOKEN_USER* pTokenUser = (PTOKEN_USER) GetFromToken(hTokenSource, TokenUser);
303  TOKEN_GROUPS* pTokenGroups = (PTOKEN_GROUPS) GetFromToken(hTokenSource, TokenGroups);
304  TOKEN_OWNER* pTokenOwner = (PTOKEN_OWNER) GetFromToken(hTokenSource, TokenOwner);
305  TOKEN_PRIMARY_GROUP* pTokenPrimaryGroup = (PTOKEN_PRIMARY_GROUP) GetFromToken(hTokenSource, TokenPrimaryGroup);
306  TOKEN_PRIVILEGES* pTokenPrivileges = (PTOKEN_PRIVILEGES) GetFromToken(hTokenSource, TokenPrivileges);
307  TOKEN_DEFAULT_DACL* pTokenDefaultDacl = (PTOKEN_DEFAULT_DACL) GetFromToken(hTokenSource, TokenDefaultDacl);
308 
309  DisplayTokenSids(pTokenUser, pTokenGroups, pTokenOwner, pTokenPrimaryGroup);
310  // DisplayTokenPrivileges(pTokenPrivileges);
311  DisplayDacl(pTokenDefaultDacl->DefaultDacl);
312 
313  free(pTokenUser);
314  free(pTokenGroups);
315  free(pTokenOwner);
316  free(pTokenPrimaryGroup);
317  free(pTokenPrivileges);
318  free(pTokenDefaultDacl);
319 }
320 
321 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
322 BOOL
324 {
325  HANDLE hToken;
326  TOKEN_PRIVILEGES priv = {1, {{{0, 0}, SE_PRIVILEGE_ENABLED}}};
327  BOOL bResult;
328 
329  LookupPrivilegeValue(0, wszName, &priv.Privileges[0].Luid);
330 
332 
333  AdjustTokenPrivileges(hToken, FALSE, &priv, sizeof priv, 0, 0);
334  bResult = GetLastError() == ERROR_SUCCESS;
335 
336  CloseHandle(hToken);
337  return bResult;
338 }
339 
340 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
341 NTSTATUS
343 {
344  static SID sidSystem = { 1, 1, {SECURITY_NT_AUTHORITY}, {SECURITY_LOCAL_SYSTEM_RID} };
345  static SID sidEveryone = { 1, 1, {SECURITY_WORLD_SID_AUTHORITY}, {SECURITY_WORLD_RID} };
346  static SID sidAuthenticatedUser = { 1, 1, {SECURITY_NT_AUTHORITY}, {SECURITY_AUTHENTICATED_USER_RID} };
347  static SID_2 sidAdministrators = { 1, 2, {SECURITY_NT_AUTHORITY}, {SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS} };
348  static const int nGroupCount = 3;
349 
351  ULONG uSize;
352  DWORD i;
353 
354  TOKEN_USER tkUser;
355  TOKEN_OWNER tkDefaultOwner;
356  TOKEN_PRIMARY_GROUP tkPrimaryGroup;
357 
358  TOKEN_GROUPS* ptkGroups = 0;
359  TOKEN_PRIVILEGES* ptkPrivileges = 0;
360  TOKEN_DEFAULT_DACL tkDefaultDacl = { 0 };
361 
362  LARGE_INTEGER tkExpiration;
363 
364  LUID authId = SYSTEM_LUID;
365 
367  {
368  { '*', '*', 'A', 'N', 'O', 'N', '*', '*' },
369  {0, 0}
370  };
371 
373  {
374  sizeof(sqos),
377  FALSE
378  };
379 
380  OBJECT_ATTRIBUTES oa =
381  {
382  sizeof(oa),
383  0,
384  0,
385  0,
386  0,
387  &sqos
388  };
389 
390  tkExpiration.QuadPart = -1;
391  status = ZwAllocateLocallyUniqueId(&source.SourceIdentifier);
392  if ( status != 0 )
393  return status;
394 
395  tkUser.User.Sid = &sidSystem;
396  tkUser.User.Attributes = 0;
397 
398  // Under WinXP (the only MS OS I've tested) ZwCreateToken()
399  // squawks if we use sidAdministrators here -- though running
400  // a progrem under AT and using the DisplayToken() function
401  // shows that the system token does default ownership to
402  // Administrator.
403 
404  // For now, default ownership to system, since that works
405  tkDefaultOwner.Owner = &sidSystem;
406  tkPrimaryGroup.PrimaryGroup = &sidSystem;
407 
408  uSize = sizeof(TOKEN_GROUPS) - sizeof(ptkGroups->Groups);
409  uSize += sizeof(SID_AND_ATTRIBUTES) * nGroupCount;
410 
411  ptkGroups = (TOKEN_GROUPS*) malloc(uSize);
412  ptkGroups->GroupCount = nGroupCount;
413 
414  ptkGroups->Groups[0].Sid = (SID*) &sidAdministrators;
415  ptkGroups->Groups[0].Attributes = SE_GROUP_ENABLED;
416 
417  ptkGroups->Groups[1].Sid = &sidEveryone;
419 
420  ptkGroups->Groups[2].Sid = &sidAuthenticatedUser;
422 
423  uSize = sizeof(TOKEN_PRIVILEGES) - sizeof(ptkPrivileges->Privileges);
424  uSize += sizeof(LUID_AND_ATTRIBUTES) * sizeof(InitialPrivilegeSet) / sizeof(InitialPrivilegeSet[0]);
425  ptkPrivileges = (TOKEN_PRIVILEGES*) malloc(uSize);
426  ptkPrivileges->PrivilegeCount = sizeof(InitialPrivilegeSet) / sizeof(InitialPrivilegeSet[0]);
427  for (i = 0; i < ptkPrivileges->PrivilegeCount; i++)
428  {
432  }
433 
434  // Calculate the length needed for the ACL
435  uSize = sizeof(ACL);
436  uSize += sizeof(ACE) + sizeof(sidSystem);
437  uSize += sizeof(ACE) + sizeof(sidAdministrators);
438  uSize = (uSize & (~3)) + 8;
439  tkDefaultDacl.DefaultDacl = (PACL) malloc(uSize);
440 
441  status = RtlCreateAcl(tkDefaultDacl.DefaultDacl, uSize, ACL_REVISION);
442  if ( ! NT_SUCCESS(status) )
443  printf("RtlCreateAcl() failed: 0x%08x\n", status);
444 
445  status = RtlAddAccessAllowedAce(tkDefaultDacl.DefaultDacl, ACL_REVISION, GENERIC_ALL, &sidSystem);
446  if ( ! NT_SUCCESS(status) )
447  printf("RtlAddAccessAllowedAce() failed: 0x%08x\n", status);
448 
450  if ( ! NT_SUCCESS(status) )
451  printf("RtlAddAccessAllowedAce() failed: 0x%08x\n", status);
452 
453  printf("Parameters being passed into ZwCreateToken:\n\n");
454  DisplayTokenSids(&tkUser, ptkGroups, &tkDefaultOwner, &tkPrimaryGroup);
455  DisplayDacl(tkDefaultDacl.DefaultDacl);
456 
457  printf("Calling ZwCreateToken()...\n");
458  status = ZwCreateToken(phSystemToken,
460  &oa,
461  TokenPrimary,
462  &authId,
463  &tkExpiration,
464  &tkUser,
465  ptkGroups,
466  ptkPrivileges,
467  &tkDefaultOwner,
468  &tkPrimaryGroup,
469  &tkDefaultDacl,
470  &source);
471 
472  // Cleanup
473  free(ptkGroups);
474  free(ptkPrivileges);
475  free(tkDefaultDacl.DefaultDacl);
476 
477  return status;
478 }
479 
480 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
481 int
482 main(int argc, char* argv[])
483 {
485  HANDLE hSystemToken;
486  CHAR buffer[512];
487  HANDLE hOurToken;
488 
489  printf("Current process Token:\n");
490 
492  if ( NT_SUCCESS(Status) )
493  {
494  DisplayToken(hOurToken);
495  CloseHandle(hOurToken);
496  }
497  else
498  {
499  printf("ZwOpenProcessToken() failed: 0x%08x\n", Status);
500  }
501 
502 //#define ENABLE_PRIVILEGE
503 #ifdef ENABLE_PRIVILEGE
505 #endif
506 
507  // Now do the other one
508  Status = CreateInitialSystemToken(&hSystemToken);
509  if ( NT_SUCCESS(Status) )
510  {
511  printf("System Token: 0x%08x\n", hSystemToken);
512  DisplayToken(hSystemToken);
513  CloseHandle(hSystemToken);
514  }
515  else
516  {
517  printf("CreateInitialSystemToken() return: 0x%08x\n", Status);
518  }
519 
520  printf("press return");
521  gets(buffer);
522 
523  return 0;
524 }
* PNTSTATUS
Definition: strlen.c:14
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
static int argc
Definition: ServiceArgs.c:12
#define IN
Definition: typedefs.h:38
#define SECURITY_AUTHENTICATED_USER_RID
Definition: setypes.h:540
#define GENERIC_ALL
Definition: nt_native.h:92
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:546
#define TRUE
Definition: types.h:120
#define CloseHandle
Definition: compat.h:398
#define ERROR_SUCCESS
Definition: deptool.c:10
struct _OBJECT_ATTRIBUTES * POBJECT_ATTRIBUTES
Definition: file.c:85
USHORT MaximumLength
Definition: env_spec_w32.h:370
struct _TOKEN_PRIMARY_GROUP * PTOKEN_PRIMARY_GROUP
_CRTIMP char *__cdecl gets(char *_Buffer)
Definition: file.c:3643
__wchar_t WCHAR
Definition: xmlstorage.h:180
uint16_t * PWSTR
Definition: typedefs.h:54
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:708
struct _ACE ACE
char CHAR
Definition: xmlstorage.h:175
#define free
Definition: debug_ros.c:5
LONG NTSTATUS
Definition: precomp.h:26
UCHAR SubAuthorityCount
Definition: tokentest.c:148
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
$ULONG PrivilegeCount
Definition: setypes.h:969
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
GLuint buffer
Definition: glext.h:5915
NTSYSAPI NTSTATUS NTAPI RtlGetAce(PACL Acl, ULONG AceIndex, PVOID *Ace)
static WCHAR String[]
Definition: stringtable.c:55
void PrintSid(SID_AND_ATTRIBUTES *pSid, TOKEN_OWNER *pOwner, TOKEN_PRIMARY_GROUP *pPrimary)
Definition: tokentest.c:155
#define argv
Definition: mplay32.c:18
#define NTSYSAPI
Definition: ntoskrnl.h:14
#define LookupPrivilegeValue
Definition: winbase.h:3684
USHORT AceCount
Definition: ms-dtyp.idl:297
_In_ ULONG Revision
Definition: rtlfuncs.h:1104
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
#define ROS_ACE
Definition: tokentest.c:16
GLuint n
Definition: s_context.h:57
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
GLenum GLclampf GLint i
Definition: glfuncs.h:14
struct _TOKEN_DEFAULT_DACL * PTOKEN_DEFAULT_DACL
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
Definition: Header.h:8
long LONG
Definition: pedump.c:60
#define INITIAL_PRIV_ENABLED
Definition: tokentest.c:117
Definition: card.h:12
unsigned char BOOLEAN
struct _TOKEN_PRIVILEGES TOKEN_PRIVILEGES
NTSTATUS CreateInitialSystemToken(HANDLE *phSystemToken)
Definition: tokentest.c:342
struct _ACL ACL
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
PSID Owner
Definition: setypes.h:974
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId(_Out_ LUID *LocallyUniqueId)
struct _TOKEN_GROUPS * PTOKEN_GROUPS
#define SE_PRIVILEGE_USED_FOR_ACCESS
Definition: setypes.h:65
void DisplayTokenSids(TOKEN_USER *pUser, TOKEN_GROUPS *pGroups, TOKEN_OWNER *pOwner, TOKEN_PRIMARY_GROUP *pPrimary)
Definition: tokentest.c:189
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:526
struct _OBJECT_ATTRIBUTES OBJECT_ATTRIBUTES
UCHAR Revision
Definition: tokentest.c:147
struct _ACL * PACL
Definition: security.c:104
PVOID GetFromToken(HANDLE hToken, TOKEN_INFORMATION_CLASS tic)
Definition: tokentest.c:277
#define SE_PRIVILEGE_ENABLED_BY_DEFAULT
Definition: setypes.h:62
void DisplayToken(HANDLE hTokenSource)
Definition: tokentest.c:300
SID_IDENTIFIER_AUTHORITY IdentifierAuthority
Definition: tokentest.c:149
unsigned int BOOL
Definition: ntddk_ex.h:94
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
#define TOKEN_QUERY
Definition: setypes.h:874
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
#define SE_GROUP_ENABLED
Definition: setypes.h:92
#define SECURITY_WORLD_SID_AUTHORITY
Definition: setypes.h:499
DWORD LowPart
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
HANDLE WINAPI GetCurrentProcess(VOID)
Definition: proc.c:1168
_In_ ACCESS_MASK AccessMask
Definition: exfuncs.h:186
unsigned long DWORD
Definition: ntddk_ex.h:95
#define TOKEN_ALL_ACCESS
Definition: setypes.h:892
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:685
#define TOKEN_QUERY_SOURCE
Definition: setypes.h:875
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
void DisplayTokenPrivileges(TOKEN_PRIVILEGES *pPriv)
Definition: tokentest.c:205
enum _TOKEN_INFORMATION_CLASS TOKEN_INFORMATION_CLASS
#define SECURITY_WORLD_RID
Definition: setypes.h:513
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:686
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
#define LookupPrivilegeName
Definition: winbase.h:3683
struct _SID * PSID
Definition: eventlog.c:35
#define READ_CONTROL
Definition: nt_native.h:58
ULONG SubAuthority[2]
Definition: tokentest.c:150
struct _SID_2 SID_2
unsigned char UCHAR
Definition: xmlstorage.h:181
struct _TOKEN_OWNER * PTOKEN_OWNER
struct _TOKEN_PRIVILEGES * PTOKEN_PRIVILEGES
static const WCHAR L[]
Definition: oid.c:1087
LONG HighPart
#define NTSTATUS
Definition: precomp.h:20
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:414
_In_ ULONG _In_ ULONG AclRevision
Definition: rtlfuncs.h:1844
LUID_AND_ATTRIBUTES InitialPrivilegeSet[]
Definition: tokentest.c:119
#define GENERIC_READ
Definition: compat.h:124
_In_ ULONG AceIndex
Definition: rtlfuncs.h:1864
enum _TOKEN_TYPE TOKEN_TYPE
#define SYSTEM_LUID
Definition: setypes.h:672
struct _TOKEN_GROUPS TOKEN_GROUPS
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
Definition: security.c:376
Status
Definition: gdiplustypes.h:24
#define SE_GROUP_LOGON_ID
Definition: setypes.h:98
static const ACEFLAG AceType[]
Definition: security.c:2259
#define ROS_ACE_HEADER
Definition: tokentest.c:15
PVOID SecurityDescriptor
Definition: umtypes.h:187
BOOL EnablePrivilege(LPWSTR wszName)
Definition: tokentest.c:323
unsigned short USHORT
Definition: pedump.c:61
NTSYSAPI NTSTATUS NTAPI ZwOpenProcessToken(_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
Definition: setypes.h:964
#define SECURITY_STATIC_TRACKING
Definition: setypes.h:104
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:296
static PSID pSid
Definition: security.c:74
#define SE_CREATE_TOKEN_NAME
Definition: winnt_old.h:365
UNICODE_STRING * PUNICODE_STRING
Definition: env_spec_w32.h:373
void DisplayDacl(PACL pAcl)
Definition: tokentest.c:231
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
Definition: setypes.h:970
struct _UNICODE_STRING UNICODE_STRING
#define ACL_REVISION
Definition: setypes.h:39
PVOID SecurityQualityOfService
Definition: umtypes.h:188
$ULONG GroupCount
Definition: setypes.h:960
#define OUT
Definition: typedefs.h:39
#define INITIAL_PRIV_DISABLED
Definition: tokentest.c:118
PUNICODE_STRING ObjectName
Definition: umtypes.h:185
HANDLE RootDirectory
Definition: umtypes.h:184
unsigned int ULONG
Definition: retypes.h:1
BOOL WINAPI GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
Definition: security.c:413
struct _TOKEN_USER * PTOKEN_USER
SID_AND_ATTRIBUTES User
Definition: setypes.h:956
#define malloc
Definition: debug_ros.c:4
GLfloat GLfloat p
Definition: glext.h:8902
WCHAR * LPWSTR
Definition: xmlstorage.h:184
#define GENERIC_EXECUTE
Definition: nt_native.h:91
#define TOKEN_ADJUST_PRIVILEGES
Definition: setypes.h:876
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:624
static SERVICE_STATUS status
Definition: service.c:31
BYTE * PBYTE
Definition: pedump.c:66
NTSYSAPI NTSTATUS NTAPI ZwCreateToken(_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
ULONG ACCESS_MASK
Definition: nt_native.h:40
static const ACEFLAG AceFlags[]
Definition: security.c:2300
LONGLONG QuadPart
Definition: typedefs.h:112
int main(int argc, char *argv[])
Definition: tokentest.c:482
#define printf
Definition: config.h:203
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10
Definition: ps.c:97