ReactOS 0.4.15-dev-8131-g4988de4
tokentest.c
Go to the documentation of this file.
1#define UNICODE
2#define _UNICODE
3
4#define ANONYMOUSUNIONS
5#include <windows.h>
6#include <stdlib.h>
7
8#define NTOS_MODE_USER
9#include <ndk/ntndk.h>
10
11
12#define INCLUDE_THE_DDK_HEADERS
13#ifdef INCLUDE_THE_DDK_HEADERS
14#include <ddk/ntddk.h>
15#define ROS_ACE_HEADER ACE_HEADER
16#define ROS_ACE ACE
17
18#else
19typedef LONG NTSTATUS, *PNTSTATUS;
20
21typedef struct _UNICODE_STRING
22{
27
28typedef struct _OBJECT_ATTRIBUTES {
33 PVOID SecurityDescriptor; // Points to type SECURITY_DESCRIPTOR
34 PVOID SecurityQualityOfService; // Points to type SECURITY_QUALITY_OF_SERVICE
37
38typedef struct _ROS_ACE_HEADER
39{
42 USHORT AceSize;
43} ROS_ACE_HEADER, *PROS_ACE_HEADER;
44
45typedef struct
46{
49} ROS_ACE, *PROS_ACE;
50
56 IN PSID Sid,
57 IN BOOLEAN AllocateString
58 );
59
64 PACL Acl,
65 ULONG AclSize,
67
72 PACL Acl,
75 PSID Sid
76 );
77
82 PACL Acl,
84 PROS_ACE *Ace
85 );
86
91 OUT PLUID Luid
92 );
93
102 IN PLUID AuthenticationId,
103 IN PLARGE_INTEGER ExpirationTime,
111 );
112#define NT_SUCCESS(StatCode) ((NTSTATUS)(StatCode) >= 0)
113#endif
114
115#include <stdio.h>
116
117#define INITIAL_PRIV_ENABLED SE_PRIVILEGE_ENABLED_BY_DEFAULT|SE_PRIVILEGE_ENABLED
118#define INITIAL_PRIV_DISABLED 0
120{
121 { { 0x00000007, 0x00000000 }, INITIAL_PRIV_ENABLED }, // SeTcbPrivilege
122 { { 0x00000002, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeCreateTokenPrivilege
123 { { 0x00000009, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeTakeOwnershipPrivilege
124 { { 0x0000000f, 0x00000000 }, INITIAL_PRIV_ENABLED }, // SeCreatePagefilePrivilege
125 { { 0x00000004, 0x00000000 }, INITIAL_PRIV_ENABLED }, // SeLockMemoryPrivilege
126 { { 0x00000003, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeAssignPrimaryTokenPrivilege
127 { { 0x00000005, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeIncreaseQuotaPrivilege
128 { { 0x0000000e, 0x00000000 }, INITIAL_PRIV_ENABLED }, // SeIncreaseBasePriorityPrivilege
129 { { 0x00000010, 0x00000000 }, INITIAL_PRIV_ENABLED }, // SeCreatePermanentPrivilege
130 { { 0x00000014, 0x00000000 }, INITIAL_PRIV_ENABLED }, // SeDebugPrivilege
131 { { 0x00000015, 0x00000000 }, INITIAL_PRIV_ENABLED }, // SeAuditPrivilege
132 { { 0x00000008, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeSecurityPrivilege
133 { { 0x00000016, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeSystemEnvironmentPrivilege
134 { { 0x00000017, 0x00000000 }, INITIAL_PRIV_ENABLED }, // SeChangeNotifyPrivilege
135 { { 0x00000011, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeBackupPrivilege
136 { { 0x00000012, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeRestorePrivilege
137 { { 0x00000013, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeShutdownPrivilege
138 { { 0x0000000a, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeLoadDriverPrivilege
139 { { 0x0000000d, 0x00000000 }, INITIAL_PRIV_ENABLED }, // SeProfileSingleProcessPrivilege
140 { { 0x0000000c, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeSystemtimePrivilege
141 { { 0x00000019, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeUndockPrivilege
142 { { 0x0000001c, 0x00000000 }, INITIAL_PRIV_DISABLED }, // SeManageVolumePrivilege
143};
144
145typedef struct _SID_2
146{
152
153//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
154void
156{
157 UNICODE_STRING scSid;
158
160 printf("%wZ [", &scSid);
161 LocalFree(scSid.Buffer);
162
163 if ( EqualSid(pSid->Sid, pOwner->Owner) )
164 printf("owner,");
165
166 if ( EqualSid(pSid->Sid, pPrimary->PrimaryGroup) )
167 printf("primary,");
168
169 if ( pSid->Attributes & SE_GROUP_ENABLED )
170 {
171 if ( pSid->Attributes & SE_GROUP_ENABLED_BY_DEFAULT )
172 printf("enabled-default,");
173 else
174 printf("enabled,");
175 }
176
177 if ( pSid->Attributes & SE_GROUP_LOGON_ID )
178 printf("logon,");
179
180
181 if ( pSid->Attributes & SE_GROUP_MANDATORY )
182 printf("mandatory,");
183
184 printf("]\n");
185}
186
187//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
188void
190 TOKEN_GROUPS* pGroups,
191 TOKEN_OWNER* pOwner,
192 TOKEN_PRIMARY_GROUP* pPrimary)
193{
194 DWORD i;
195
196 printf("\nSids:\n");
197 PrintSid(&pUser->User, pOwner, pPrimary);
198 printf("\nGroups:\n");
199 for (i = 0; i < pGroups->GroupCount; i++)
200 PrintSid(&pGroups->Groups[i], pOwner, pPrimary);
201}
202
203//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
204void
206{
207 WCHAR buffer[256];
208 DWORD i;
209
210 printf("\nprivileges:\n");
211 for (i = 0; i < pPriv->PrivilegeCount; i++)
212 {
213 DWORD cbName = sizeof(buffer) / sizeof(buffer[0]);
214 LookupPrivilegeName(0, &pPriv->Privileges[i].Luid, buffer, &cbName);
215
216 printf("%S{0x%08x, 0x%08x} [", buffer, pPriv->Privileges[i].Luid.HighPart, pPriv->Privileges[i].Luid.LowPart);
217
219 printf("enabled,");
221 printf("default,");
223 printf("used");
224
225 printf("]\n");
226 }
227}
228
229//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
230void
232{
233 DWORD i;
235
236 if ( ! pAcl )
237 {
238 printf("\nNo Default Dacl.\n");
239 return;
240 }
241
242 printf("\nDacl:\n");
243 for (i = 0; i < pAcl->AceCount; i++)
244 {
245 UNICODE_STRING scSid;
246 ROS_ACE* pAce;
247 LPWSTR wszType = 0;
248 PSID pSid;
249
250 status = RtlGetAce(pAcl, i, (ROS_ACE**) &pAce);
251 if ( ! NT_SUCCESS(status) )
252 {
253 printf("RtlGetAce(): status = 0x%08x\n", status);
254 break;
255 }
256
257 pSid = (PSID) (pAce + 1);
258 if ( pAce->Header.AceType == ACCESS_ALLOWED_ACE_TYPE )
259 wszType = L"allow";
260 if ( pAce->Header.AceType == ACCESS_DENIED_ACE_TYPE )
261 wszType = L"deny ";
262
264 if ( ! NT_SUCCESS(status) )
265 {
266 printf("RtlConvertSidToUnicodeString(): status = 0x%08x\n", status);
267 break;
268 }
269
270 printf("%d.) %S %wZ 0x%08x\n", i, wszType, &scSid, pAce->AccessMask);
271 LocalFree(scSid.Buffer);
272 }
273}
274
275//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
276PVOID
278{
279 BOOL bResult;
280 DWORD n;
281 PBYTE p = 0;
282
283 bResult = GetTokenInformation(hToken, tic, 0, 0, &n);
284 if ( ! bResult && GetLastError() != ERROR_INSUFFICIENT_BUFFER)
285 return 0;
286
287 p = (PBYTE) malloc(n);
288 if ( ! GetTokenInformation(hToken, tic, p, n, &n) )
289 {
290 printf("GetFromToken() failed for TOKEN_INFORMATION_CLASS(%d): %d\n", tic, GetLastError());
291 free(p);
292 return 0;
293 }
294
295 return p;
296}
297
298//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
299void
300DisplayToken(HANDLE hTokenSource)
301{
302 TOKEN_USER* pTokenUser = (PTOKEN_USER) GetFromToken(hTokenSource, TokenUser);
303 TOKEN_GROUPS* pTokenGroups = (PTOKEN_GROUPS) GetFromToken(hTokenSource, TokenGroups);
304 TOKEN_OWNER* pTokenOwner = (PTOKEN_OWNER) GetFromToken(hTokenSource, TokenOwner);
305 TOKEN_PRIMARY_GROUP* pTokenPrimaryGroup = (PTOKEN_PRIMARY_GROUP) GetFromToken(hTokenSource, TokenPrimaryGroup);
306 TOKEN_PRIVILEGES* pTokenPrivileges = (PTOKEN_PRIVILEGES) GetFromToken(hTokenSource, TokenPrivileges);
307 TOKEN_DEFAULT_DACL* pTokenDefaultDacl = (PTOKEN_DEFAULT_DACL) GetFromToken(hTokenSource, TokenDefaultDacl);
308
309 DisplayTokenSids(pTokenUser, pTokenGroups, pTokenOwner, pTokenPrimaryGroup);
310 // DisplayTokenPrivileges(pTokenPrivileges);
311 DisplayDacl(pTokenDefaultDacl->DefaultDacl);
312
313 free(pTokenUser);
314 free(pTokenGroups);
315 free(pTokenOwner);
316 free(pTokenPrimaryGroup);
317 free(pTokenPrivileges);
318 free(pTokenDefaultDacl);
319}
320
321//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
322BOOL
324{
325 HANDLE hToken;
326 TOKEN_PRIVILEGES priv = {1, {{{0, 0}, SE_PRIVILEGE_ENABLED}}};
327 BOOL bResult;
328
329 LookupPrivilegeValue(0, wszName, &priv.Privileges[0].Luid);
330
332
333 AdjustTokenPrivileges(hToken, FALSE, &priv, sizeof priv, 0, 0);
334 bResult = GetLastError() == ERROR_SUCCESS;
335
336 CloseHandle(hToken);
337 return bResult;
338}
339
340//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
343{
344 static SID sidSystem = { 1, 1, {SECURITY_NT_AUTHORITY}, {SECURITY_LOCAL_SYSTEM_RID} };
345 static SID sidEveryone = { 1, 1, {SECURITY_WORLD_SID_AUTHORITY}, {SECURITY_WORLD_RID} };
346 static SID sidAuthenticatedUser = { 1, 1, {SECURITY_NT_AUTHORITY}, {SECURITY_AUTHENTICATED_USER_RID} };
347 static SID_2 sidAdministrators = { 1, 2, {SECURITY_NT_AUTHORITY}, {SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS} };
348 static const int nGroupCount = 3;
349
351 ULONG uSize;
352 DWORD i;
353
354 TOKEN_USER tkUser;
355 TOKEN_OWNER tkDefaultOwner;
356 TOKEN_PRIMARY_GROUP tkPrimaryGroup;
357
358 TOKEN_GROUPS* ptkGroups = 0;
359 TOKEN_PRIVILEGES* ptkPrivileges = 0;
360 TOKEN_DEFAULT_DACL tkDefaultDacl = { 0 };
361
362 LARGE_INTEGER tkExpiration;
363
364 LUID authId = SYSTEM_LUID;
365
367 {
368 { '*', '*', 'A', 'N', 'O', 'N', '*', '*' },
369 {0, 0}
370 };
371
373 {
374 sizeof(sqos),
377 FALSE
378 };
379
381 {
382 sizeof(oa),
383 0,
384 0,
385 0,
386 0,
387 &sqos
388 };
389
390 tkExpiration.QuadPart = -1;
391 status = ZwAllocateLocallyUniqueId(&source.SourceIdentifier);
392 if ( status != 0 )
393 return status;
394
395 tkUser.User.Sid = &sidSystem;
396 tkUser.User.Attributes = 0;
397
398 // Under WinXP (the only MS OS I've tested) ZwCreateToken()
399 // squawks if we use sidAdministrators here -- though running
400 // a progrem under AT and using the DisplayToken() function
401 // shows that the system token does default ownership to
402 // Administrator.
403
404 // For now, default ownership to system, since that works
405 tkDefaultOwner.Owner = &sidSystem;
406 tkPrimaryGroup.PrimaryGroup = &sidSystem;
407
408 uSize = sizeof(TOKEN_GROUPS) - sizeof(ptkGroups->Groups);
409 uSize += sizeof(SID_AND_ATTRIBUTES) * nGroupCount;
410
411 ptkGroups = (TOKEN_GROUPS*) malloc(uSize);
412 ptkGroups->GroupCount = nGroupCount;
413
414 ptkGroups->Groups[0].Sid = (SID*) &sidAdministrators;
415 ptkGroups->Groups[0].Attributes = SE_GROUP_ENABLED;
416
417 ptkGroups->Groups[1].Sid = &sidEveryone;
419
420 ptkGroups->Groups[2].Sid = &sidAuthenticatedUser;
422
423 uSize = sizeof(TOKEN_PRIVILEGES) - sizeof(ptkPrivileges->Privileges);
424 uSize += sizeof(LUID_AND_ATTRIBUTES) * sizeof(InitialPrivilegeSet) / sizeof(InitialPrivilegeSet[0]);
425 ptkPrivileges = (TOKEN_PRIVILEGES*) malloc(uSize);
426 ptkPrivileges->PrivilegeCount = sizeof(InitialPrivilegeSet) / sizeof(InitialPrivilegeSet[0]);
427 for (i = 0; i < ptkPrivileges->PrivilegeCount; i++)
428 {
432 }
433
434 // Calculate the length needed for the ACL
435 uSize = sizeof(ACL);
436 uSize += sizeof(ACE) + sizeof(sidSystem);
437 uSize += sizeof(ACE) + sizeof(sidAdministrators);
438 uSize = (uSize & (~3)) + 8;
439 tkDefaultDacl.DefaultDacl = (PACL) malloc(uSize);
440
441 status = RtlCreateAcl(tkDefaultDacl.DefaultDacl, uSize, ACL_REVISION);
442 if ( ! NT_SUCCESS(status) )
443 printf("RtlCreateAcl() failed: 0x%08x\n", status);
444
446 if ( ! NT_SUCCESS(status) )
447 printf("RtlAddAccessAllowedAce() failed: 0x%08x\n", status);
448
450 if ( ! NT_SUCCESS(status) )
451 printf("RtlAddAccessAllowedAce() failed: 0x%08x\n", status);
452
453 printf("Parameters being passed into ZwCreateToken:\n\n");
454 DisplayTokenSids(&tkUser, ptkGroups, &tkDefaultOwner, &tkPrimaryGroup);
455 DisplayDacl(tkDefaultDacl.DefaultDacl);
456
457 printf("Calling ZwCreateToken()...\n");
458 status = ZwCreateToken(phSystemToken,
460 &oa,
462 &authId,
463 &tkExpiration,
464 &tkUser,
465 ptkGroups,
466 ptkPrivileges,
467 &tkDefaultOwner,
468 &tkPrimaryGroup,
469 &tkDefaultDacl,
470 &source);
471
472 // Cleanup
473 free(ptkGroups);
474 free(ptkPrivileges);
475 free(tkDefaultDacl.DefaultDacl);
476
477 return status;
478}
479
480//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
481int
482main(int argc, char* argv[])
483{
485 HANDLE hSystemToken;
486 CHAR buffer[512];
487 HANDLE hOurToken;
488
489 printf("Current process Token:\n");
490
492 if ( NT_SUCCESS(Status) )
493 {
494 DisplayToken(hOurToken);
495 CloseHandle(hOurToken);
496 }
497 else
498 {
499 printf("ZwOpenProcessToken() failed: 0x%08x\n", Status);
500 }
501
502//#define ENABLE_PRIVILEGE
503#ifdef ENABLE_PRIVILEGE
505#endif
506
507 // Now do the other one
508 Status = CreateInitialSystemToken(&hSystemToken);
509 if ( NT_SUCCESS(Status) )
510 {
511 printf("System Token: 0x%08x\n", hSystemToken);
512 DisplayToken(hSystemToken);
513 CloseHandle(hSystemToken);
514 }
515 else
516 {
517 printf("CreateInitialSystemToken() return: 0x%08x\n", Status);
518 }
519
520 printf("press return");
521 gets(buffer);
522
523 return 0;
524}
unsigned char BOOLEAN
static int argc
Definition: ServiceArgs.c:12
TOKEN_TYPE
Definition: asmpp.cpp:29
LONG NTSTATUS
Definition: precomp.h:26
#define NTSYSAPI
Definition: ntoskrnl.h:12
@ Ace
Definition: card.h:12
Definition: Header.h:9
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10
#define free
Definition: debug_ros.c:5
#define malloc
Definition: debug_ros.c:4
#define ERROR_SUCCESS
Definition: deptool.c:10
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define NTSTATUS
Definition: precomp.h:21
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
Definition: security.c:374
BOOL WINAPI GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
Definition: security.c:411
static const ACEFLAG AceFlags[]
Definition: security.c:2624
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:294
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:829
static const ACEFLAG AceType[]
Definition: security.c:2583
#define CloseHandle
Definition: compat.h:739
#define GetCurrentProcess()
Definition: compat.h:759
#define GENERIC_READ
Definition: compat.h:135
int main()
Definition: test.c:6
UNICODE_STRING * PUNICODE_STRING
Definition: env_spec_w32.h:373
struct _UNICODE_STRING UNICODE_STRING
unsigned int BOOL
Definition: ntddk_ex.h:94
unsigned long DWORD
Definition: ntddk_ex.h:95
#define printf
Definition: freeldr.h:97
Status
Definition: gdiplustypes.h:25
GLdouble n
Definition: glext.h:7729
GLuint buffer
Definition: glext.h:5915
GLfloat GLfloat p
Definition: glext.h:8902
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1594
_CRTIMP char *__cdecl gets(char *_Buffer)
Definition: file.c:3645
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
@ SecurityAnonymous
Definition: lsa.idl:55
@ TokenPrimary
Definition: imports.h:273
* PNTSTATUS
Definition: strlen.c:14
static PSID pSid
Definition: security.c:74
#define argv
Definition: mplay32.c:18
struct _SID * PSID
Definition: eventlog.c:35
struct _ACL ACL
struct _ACL * PACL
Definition: security.c:105
_In_ ACCESS_MASK AccessMask
Definition: exfuncs.h:186
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:726
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
NTSYSAPI NTSTATUS NTAPI RtlGetAce(PACL Acl, ULONG AceIndex, PVOID *Ace)
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1133
_In_ ULONG Revision
Definition: rtlfuncs.h:1130
struct _ACE ACE
NTSYSAPI NTSTATUS NTAPI ZwCreateToken(_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:411
NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId(_Out_ LUID *LocallyUniqueId)
#define SE_GROUP_LOGON_ID
Definition: setypes.h:98
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
#define SE_GROUP_ENABLED
Definition: setypes.h:92
ULONG ACCESS_MASK
Definition: nt_native.h:40
#define GENERIC_ALL
Definition: nt_native.h:92
#define READ_CONTROL
Definition: nt_native.h:58
#define GENERIC_EXECUTE
Definition: nt_native.h:91
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:455
#define L(x)
Definition: ntvdm.h:50
BYTE * PBYTE
Definition: pedump.c:66
long LONG
Definition: pedump.c:60
unsigned short USHORT
Definition: pedump.c:61
USHORT AceCount
Definition: ms-dtyp.idl:297
LONG HighPart
DWORD LowPart
HANDLE RootDirectory
Definition: umtypes.h:184
PVOID SecurityQualityOfService
Definition: umtypes.h:188
PUNICODE_STRING ObjectName
Definition: umtypes.h:185
PVOID SecurityDescriptor
Definition: umtypes.h:187
ULONG SubAuthority[2]
Definition: tokentest.c:150
SID_IDENTIFIER_AUTHORITY IdentifierAuthority
Definition: tokentest.c:149
UCHAR SubAuthorityCount
Definition: tokentest.c:148
UCHAR Revision
Definition: tokentest.c:147
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
Definition: setypes.h:1018
$ULONG GroupCount
Definition: setypes.h:1014
PSID Owner
Definition: setypes.h:1028
$ULONG PrivilegeCount
Definition: setypes.h:1023
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
Definition: setypes.h:1024
SID_AND_ATTRIBUTES User
Definition: setypes.h:1010
USHORT MaximumLength
Definition: env_spec_w32.h:370
Definition: ps.c:97
NTSTATUS CreateInitialSystemToken(HANDLE *phSystemToken)
Definition: tokentest.c:342
void DisplayTokenPrivileges(TOKEN_PRIVILEGES *pPriv)
Definition: tokentest.c:205
void DisplayDacl(PACL pAcl)
Definition: tokentest.c:231
void PrintSid(SID_AND_ATTRIBUTES *pSid, TOKEN_OWNER *pOwner, TOKEN_PRIMARY_GROUP *pPrimary)
Definition: tokentest.c:155
BOOL EnablePrivilege(LPWSTR wszName)
Definition: tokentest.c:323
struct _SID_2 SID_2
#define INITIAL_PRIV_ENABLED
Definition: tokentest.c:117
#define INITIAL_PRIV_DISABLED
Definition: tokentest.c:118
PVOID GetFromToken(HANDLE hToken, TOKEN_INFORMATION_CLASS tic)
Definition: tokentest.c:277
void DisplayTokenSids(TOKEN_USER *pUser, TOKEN_GROUPS *pGroups, TOKEN_OWNER *pOwner, TOKEN_PRIMARY_GROUP *pPrimary)
Definition: tokentest.c:189
LUID_AND_ATTRIBUTES InitialPrivilegeSet[]
Definition: tokentest.c:119
#define ROS_ACE_HEADER
Definition: tokentest.c:15
void DisplayToken(HANDLE hTokenSource)
Definition: tokentest.c:300
#define ROS_ACE
Definition: tokentest.c:16
uint16_t * PWSTR
Definition: typedefs.h:56
#define NTAPI
Definition: typedefs.h:36
#define IN
Definition: typedefs.h:39
uint32_t ULONG
Definition: typedefs.h:59
#define OUT
Definition: typedefs.h:40
struct _OBJECT_ATTRIBUTES * POBJECT_ATTRIBUTES
Definition: file.c:85
struct _OBJECT_ATTRIBUTES OBJECT_ATTRIBUTES
LONGLONG QuadPart
Definition: typedefs.h:114
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
_Must_inspect_result_ _In_ WDFDEVICE _In_ WDFSTRING String
Definition: wdfdevice.h:2433
#define LookupPrivilegeName
Definition: winbase.h:3869
#define LookupPrivilegeValue
Definition: winbase.h:3870
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
#define SE_CREATE_TOKEN_NAME
Definition: winnt_old.h:366
_In_ ULONG _In_ ULONG AclRevision
Definition: rtlfuncs.h:1843
_In_ ULONG AceIndex
Definition: rtlfuncs.h:1862
#define TOKEN_QUERY_SOURCE
Definition: setypes.h:929
struct _TOKEN_GROUPS * PTOKEN_GROUPS
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:581
struct _TOKEN_PRIMARY_GROUP * PTOKEN_PRIMARY_GROUP
struct _TOKEN_DEFAULT_DACL * PTOKEN_DEFAULT_DACL
#define SECURITY_WORLD_SID_AUTHORITY
Definition: setypes.h:527
#define TOKEN_ADJUST_PRIVILEGES
Definition: setypes.h:930
struct _TOKEN_PRIVILEGES TOKEN_PRIVILEGES
struct _TOKEN_USER * PTOKEN_USER
#define SECURITY_WORLD_RID
Definition: setypes.h:541
#define SECURITY_STATIC_TRACKING
Definition: setypes.h:104
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:717
#define TOKEN_QUERY
Definition: setypes.h:928
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:574
#define SECURITY_AUTHENTICATED_USER_RID
Definition: setypes.h:568
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
#define SE_PRIVILEGE_USED_FOR_ACCESS
Definition: setypes.h:65
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:554
@ TokenDefaultDacl
Definition: setypes.h:971
@ TokenSource
Definition: setypes.h:972
@ TokenGroups
Definition: setypes.h:967
@ TokenPrivileges
Definition: setypes.h:968
@ TokenUser
Definition: setypes.h:966
@ TokenPrimaryGroup
Definition: setypes.h:970
@ TokenOwner
Definition: setypes.h:969
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:718
struct _TOKEN_PRIVILEGES * PTOKEN_PRIVILEGES
#define SYSTEM_LUID
Definition: setypes.h:700
enum _TOKEN_INFORMATION_CLASS TOKEN_INFORMATION_CLASS
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
#define ACL_REVISION
Definition: setypes.h:39
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:652
#define SE_PRIVILEGE_ENABLED_BY_DEFAULT
Definition: setypes.h:62
struct _TOKEN_GROUPS TOKEN_GROUPS
#define TOKEN_ALL_ACCESS
Definition: setypes.h:946
struct _TOKEN_OWNER * PTOKEN_OWNER
unsigned char UCHAR
Definition: xmlstorage.h:181
__wchar_t WCHAR
Definition: xmlstorage.h:180
WCHAR * LPWSTR
Definition: xmlstorage.h:184
char CHAR
Definition: xmlstorage.h:175
NTSYSAPI NTSTATUS NTAPI ZwOpenProcessToken(_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)