本文整理汇总了C++中OpenThreadToken函数的典型用法代码示例。如果您正苦于以下问题:C++ OpenThreadToken函数的具体用法?C++ OpenThreadToken怎么用?C++ OpenThreadToken使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了OpenThreadToken函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: UnsetSeDebug
int UnsetSeDebug()
{
HANDLE hToken;
if(! OpenThreadToken(GetCurrentThread(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
FALSE,
&hToken)
){
if(GetLastError() == ERROR_NO_TOKEN){
if(! ImpersonateSelf(SecurityImpersonation)){
//Log2File("Error setting impersonation! [UnsetSeDebug()]", L_DEBUG);
return 0;
}
if(!OpenThreadToken(GetCurrentThread(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
FALSE,
&hToken)
){
//Log2File("Error Opening Thread Token! [UnsetSeDebug()]", L_DEBUG);
return 0;
}
}
}
//now disable SeDebug
if(!SetPrivilege(hToken, SE_DEBUG_NAME, FALSE)){
//Log2File("Error unsetting SeDebug Privilege [SetPrivilege()]", L_WARN);
return 0;
}
CloseHandle(hToken);
return 1;
}示例2: s_GetThreadToken
static HANDLE s_GetThreadToken(DWORD access)
{
HANDLE token;
if ( !OpenThreadToken(GetCurrentThread(), access, FALSE, &token) ) {
DWORD res = GetLastError();
if ( res == ERROR_NO_TOKEN ) {
if ( !ImpersonateSelf(SecurityImpersonation) ) {
// Failed to obtain a token for the current thread and user
CNcbiError::SetFromWindowsError();
return INVALID_HANDLE_VALUE;
}
if ( !OpenThreadToken(GetCurrentThread(), access, FALSE, &token) ) {
// Failed to open the current threads token with the required access rights
CNcbiError::SetFromWindowsError();
token = INVALID_HANDLE_VALUE;
}
RevertToSelf();
} else {
// Failed to open the current threads token with the required access rights
CNcbiError::SetWindowsError(res);
return NULL;
}
}
return token;
}示例3: set_privilege
/**
* @brief adjust privilege
* @param
* @see
* @remarks http://support.microsoft.com/kb/131065/EN-US/
* @code
* @endcode
* @return
*/
bool set_privilege(_In_z_ const wchar_t* privilege, _In_ bool enable)
{
HANDLE token = INVALID_HANDLE_VALUE;
if (TRUE != OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, FALSE, &token) )
{
if (ERROR_NO_TOKEN == GetLastError() )
{
if ( ImpersonateSelf(SecurityImpersonation) != TRUE ) { return FALSE; }
if (TRUE != OpenThreadToken(GetCurrentThread(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,FALSE,&token) )
{
return FALSE;
}
}
else
{
return FALSE;
}
}
TOKEN_PRIVILEGES tp = { 0 };
LUID luid = {0};
DWORD cb = sizeof(TOKEN_PRIVILEGES);
bool ret = false;
do
{
if(!LookupPrivilegeValueW( NULL, privilege, &luid )) { break; }
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
if(enable)
{
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
}
else
{
tp.Privileges[0].Attributes = 0;
}
AdjustTokenPrivileges( token, FALSE, &tp, cb, NULL, NULL );
if (GetLastError() != ERROR_SUCCESS) { break; }
ret = true;
} while (false);
CloseHandle(token);
return ret;
}示例4: sizeof
/// <summary>
/// Grant current process arbitrary privilege
/// </summary>
/// <param name="name">Privilege name</param>
/// <returns>Status</returns>
NTSTATUS Process::GrantPriviledge( const std::basic_string<TCHAR>& name )
{
TOKEN_PRIVILEGES Priv, PrivOld;
DWORD cbPriv = sizeof(PrivOld);
HANDLE hToken;
if (!OpenThreadToken( GetCurrentThread(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, FALSE, &hToken ))
{
if (GetLastError() != ERROR_NO_TOKEN)
return LastNtStatus();
if (!OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken ))
return LastNtStatus();
}
Priv.PrivilegeCount = 1;
Priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
LookupPrivilegeValue( NULL, name.c_str(), &Priv.Privileges[0].Luid );
if (!AdjustTokenPrivileges( hToken, FALSE, &Priv, sizeof(Priv), &PrivOld, &cbPriv ))
{
CloseHandle( hToken );
return LastNtStatus();
}
if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
{
CloseHandle( hToken );
return LastNtStatus();
}
return STATUS_SUCCESS;
}示例5: request_sys_config_getuid
/*
* sys_getuid
* ----------
*
* Gets the user information of the user the server is executing as
*/
DWORD request_sys_config_getuid(Remote *remote, Packet *packet)
{
Packet *response = packet_create_response(packet);
DWORD res = ERROR_SUCCESS;
#ifdef _WIN32
CHAR username[512], username_only[512], domainname_only[512];
LPVOID TokenUserInfo[4096];
HANDLE token;
DWORD user_length = sizeof(username_only), domain_length = sizeof(domainname_only);
DWORD size = sizeof(username), sid_type = 0, returned_tokinfo_length;
memset(username, 0, sizeof(username));
memset(username_only, 0, sizeof(username_only));
memset(domainname_only, 0, sizeof(domainname_only));
do
{
if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &token))
{
OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token);
}
if (!GetTokenInformation(token, TokenUser, TokenUserInfo, 4096, &returned_tokinfo_length))
{
res = GetLastError();
break;
}
if (!LookupAccountSidA(NULL, ((TOKEN_USER*)TokenUserInfo)->User.Sid, username_only, &user_length, domainname_only, &domain_length, (PSID_NAME_USE)&sid_type))
{
res = GetLastError();
break;
}
// Make full name in DOMAIN\USERNAME format
_snprintf(username, 512, "%s\\%s", domainname_only, username_only);
username[511] = '\0';
packet_add_tlv_string(response, TLV_TYPE_USER_NAME, username);
} while (0);
#else
CHAR info[512];
uid_t ru, eu, su;
gid_t rg, eg, sg;
ru = eu = su = rg = eg = sg = 31337;
getresuid(&ru, &eu, &su);
getresgid(&rg, &eg, &sg);
snprintf(info, sizeof(info)-1, "uid=%d, gid=%d, euid=%d, egid=%d, suid=%d, sgid=%d", ru, rg, eu, eg, su, sg);
packet_add_tlv_string(response, TLV_TYPE_USER_NAME, info);
#endif
// Transmit the response
packet_transmit_response(res, remote, response);
return res;
}示例6: GetAnonymousToken
HANDLE GetAnonymousToken()
{
ImpersonateAnonymousToken(GetCurrentThread());
HANDLE hToken;
OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE, &hToken);
RevertToSelf();
PSECURITY_DESCRIPTOR pSD;
ULONG sd_length;
if (!ConvertStringSecurityDescriptorToSecurityDescriptor(L"D:(A;;GA;;;WD)(A;;GA;;;AN)", SDDL_REVISION_1, &pSD, &sd_length))
{
printf("Error converting SDDL: %d\n", GetLastError());
exit(1);
}
TOKEN_DEFAULT_DACL dacl;
BOOL bPresent;
BOOL bDefaulted;
PACL pDACL;
GetSecurityDescriptorDacl(pSD, &bPresent, &pDACL, &bDefaulted);
dacl.DefaultDacl = pDACL;
if (!SetTokenInformation(hToken, TokenDefaultDacl, &dacl, sizeof(dacl)))
{
printf("Error setting default DACL: %d\n", GetLastError());
exit(1);
}
return hToken;
}示例7: OpenThreadToken
bool DebugToken::Enable()
{
if (enabled || hDebugToken == NULL)
return true;
BOOL rc = OpenThreadToken(GetCurrentThread(), TOKEN_IMPERSONATE, TRUE, &hSavedToken);
if (!rc)
{
hSavedToken = NULL;
if (GetLastError()==ERROR_NO_TOKEN)
rc = ERROR_SUCCESS;
else
return false;
}
rc = SetThreadToken(NULL, hDebugToken);
if (!rc)
{
if (hSavedToken != NULL)
{
CloseHandle(hSavedToken);
hSavedToken = NULL;
}
return false;
}
enabled = true;
return true;
}示例8: ImpersonateAndCheckAccess
BOOL ImpersonateAndCheckAccess(PCtxtHandle phContext,
PSECURITY_DESCRIPTOR psdSD,
PDWORD pdwAccessGranted) {
HANDLE hToken = NULL;
// AccessCheck() variables
DWORD dwAccessDesired = MAXIMUM_ALLOWED;
PRIVILEGE_SET PrivilegeSet;
DWORD dwPrivSetSize = sizeof(PRIVILEGE_SET);
BOOL fAccessGranted = FALSE;
GENERIC_MAPPING GenericMapping = { vncGenericRead, vncGenericWrite,
vncGenericExecute, vncGenericAll };
// This only does something if we want to use generic access
// rights, like GENERIC_ALL, in our call to AccessCheck().
MapGenericMask(&dwAccessDesired, &GenericMapping);
// AccessCheck() requires an impersonation token.
if ((fn._ImpersonateSecurityContext(phContext) == SEC_E_OK)
&& OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &hToken)
&& AccessCheck(psdSD, hToken, dwAccessDesired, &GenericMapping,
&PrivilegeSet, &dwPrivSetSize, pdwAccessGranted, &fAccessGranted)) {
// Restrict access to relevant rights only
fAccessGranted = AreAnyAccessesGranted(*pdwAccessGranted, ViewOnly | Interact);
}
// End impersonation
fn._RevertSecurityContext(phContext);
// Close handles
if (hToken)
CloseHandle(hToken);
return fAccessGranted;
}示例9: _tprintf
//*****************************************************************************
//* Function Name: DumpToken
//* Description:
//*****************************************************************************
STDMETHODIMP CTestObject::DumpToken (void)
{
(void) _tprintf (_T("CTestObject::DumpToken\n"));
DumpClientBlanket ();
HRESULT l_hr = CoImpersonateClient ();
if (SUCCEEDED (l_hr)) {
HANDLE l_hToken = NULL;
if (OpenThreadToken (GetCurrentThread (), TOKEN_QUERY | TOKEN_QUERY_SOURCE, TRUE, &l_hToken))
{
::DumpToken (l_hToken, TRUE);
(void)CloseHandle (l_hToken);
l_hToken = NULL;
}
else
{
DWORD l_dwLastError = GetLastError ();
(void) _ftprintf (stderr, _T("OpenThreadToken() failed with %ld\n"), l_dwLastError);
}
}
else {
(void) _ftprintf (stderr, _T("CoImpersonateClient() failed with 0x%08lX\n"), l_hr);
}
return S_OK;
}示例10: can_create_global_maps
static int can_create_global_maps(void)
{
BOOL ok, has_priv;
LUID priv_id;
PRIVILEGE_SET privs;
HANDLE hToken;
ok = OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &hToken);
if (!ok && GetLastError() == ERROR_NO_TOKEN) {
/* no thread-specific access token, so try to get process access token
*/
ok = OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken);
}
if (ok) {
ok = LookupPrivilegeValue(NULL, SE_CREATE_GLOBAL_NAME, &priv_id);
}
if (ok) {
privs.PrivilegeCount = 1;
privs.Control = PRIVILEGE_SET_ALL_NECESSARY;
privs.Privilege[0].Luid = priv_id;
privs.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
ok = PrivilegeCheck(hToken, &privs, &has_priv);
}
if (ok && !has_priv) {
return 0;
}
else {
return 1;
}
}示例11: get_user_token
/*
* @brief Get the token information for the current thread/process.
* @param pTokenUser Buffer to receive the token data.
* @param dwBufferSize Size of the buffer that will receive the token data.
* @returns Indication of success or failure.
*/
DWORD get_user_token(LPVOID pTokenUser, DWORD dwBufferSize)
{
DWORD dwResult = 0;
DWORD dwReturnedLength = 0;
HANDLE hToken;
do
{
if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &hToken))
{
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
{
BREAK_ON_ERROR("[TOKEN] Failed to get a valid token for thread/process.");
}
}
if (!GetTokenInformation(hToken, TokenUser, pTokenUser, dwBufferSize, &dwReturnedLength))
{
BREAK_ON_ERROR("[TOKEN] Failed to get token information for thread/process.");
}
dwResult = ERROR_SUCCESS;
} while (0);
return dwResult;
}示例12: _impersonateLevel
static DWORD _impersonateLevel()
{
DWORD result = RPC_C_IMP_LEVEL_ANONYMOUS;
HANDLE thr = NULL;
BOOL status = OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &thr);
if (status)
{
SECURITY_IMPERSONATION_LEVEL level = SecurityAnonymous;
DWORD ret = 0;
status = GetTokenInformation(thr, TokenImpersonationLevel,
&level, sizeof(SECURITY_IMPERSONATION_LEVEL), &ret);
CloseHandle(thr);
if (status == FALSE)
{
result = RPC_C_IMP_LEVEL_ANONYMOUS;
}
else
{
switch (level)
{
case SecurityAnonymous:
result = RPC_C_IMP_LEVEL_ANONYMOUS;
break;
case SecurityIdentification:
result = RPC_C_IMP_LEVEL_IDENTIFY;
break;
case SecurityImpersonation:
result = RPC_C_IMP_LEVEL_IMPERSONATE;
break;
case SecurityDelegation:
result = RPC_C_IMP_LEVEL_DELEGATE;
break;
default:
result = RPC_C_IMP_LEVEL_ANONYMOUS;
break;
}
}
}
else
{
ULONG error = GetLastError();
if (error == ERROR_NO_IMPERSONATION_TOKEN || error == ERROR_NO_TOKEN)
result = RPC_C_IMP_LEVEL_DELEGATE;
else if (error == ERROR_CANT_OPEN_ANONYMOUS)
result = RPC_C_IMP_LEVEL_ANONYMOUS;
else
result = RPC_C_IMP_LEVEL_ANONYMOUS;
}
return result;
}示例13: Am_I_In_Admin_Group
BOOL uac::Am_I_In_Admin_Group(BOOL bCheckAdminMode /*= FALSE*/)
{
BOOL fAdmin;
HANDLE hThread;
TOKEN_GROUPS *ptg = NULL;
DWORD cbTokenGroups;
DWORD dwGroup;
PSID psidAdmin;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &hThread))
{
if (GetLastError() == ERROR_NO_TOKEN)
{
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY,
&hThread))
return (FALSE);
}
else
return (FALSE);
}
if (GetTokenInformation(hThread, TokenGroups, NULL, 0, &cbTokenGroups))
return (FALSE);
if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
return (FALSE);
if (!(ptg = (TOKEN_GROUPS*)_alloca(cbTokenGroups)))
return (FALSE);
if (!GetTokenInformation(hThread, TokenGroups, ptg, cbTokenGroups,
&cbTokenGroups))
return (FALSE);
if (!AllocateAndInitializeSid(&SystemSidAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, &psidAdmin))
return (FALSE);
fAdmin = FALSE;
for (dwGroup = 0; dwGroup < ptg->GroupCount; dwGroup++)
{
if (EqualSid(ptg->Groups[dwGroup].Sid, psidAdmin))
{
if (bCheckAdminMode)
{
if ((ptg->Groups[dwGroup].Attributes) & SE_GROUP_ENABLED)
{
fAdmin = TRUE;
}
}
else
{
fAdmin = TRUE;
}
break;
}
}
FreeSid(psidAdmin);
return (fAdmin);
}示例14: get_token
static int get_token(connection_context *c)
{
int res = 0;
int wres;
HANDLE token;
if (c->runas) {
credentials crd;
if (!prepare_credentials(c->runas, &crd)) {
hprintf(c->pipe, "error Incorrect runas credentials\n");
goto finish;
}
wres = LogonUser(crd.user, crd.domain, crd.password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &c->token);
if (!wres) {
hprintf(c->pipe, "error Cannot LogonUser(%s,%s,%s) %d\n", crd.user, crd.domain, crd.password, GetLastError());
goto finish;
}
res = 1;
goto finish;
} else if (c->system) {
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &token)) {
hprintf(c->pipe, "error Cannot OpenProcessToken %d\n", GetLastError());
goto finish;
}
} else {
if (!ImpersonateNamedPipeClient(c->pipe->h)) {
hprintf(c->pipe, "error Cannot ImpersonateNamedPipeClient %d\n", GetLastError());
goto finish;
}
if (!OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, FALSE, &token)) {
hprintf(c->pipe, "error Cannot OpenThreadToken %d\n", GetLastError());
goto finishRevertToSelf;
}
}
if (!DuplicateTokenEx(token, MAXIMUM_ALLOWED, 0, c->implevel, TokenPrimary, &c->token)) {
hprintf(c->pipe, "error Cannot Duplicate Token %d\n", GetLastError());
goto finishCloseToken;
}
res = 1;
finishCloseToken:
CloseHandle(token);
finishRevertToSelf:
if (!c->system) {
if (!RevertToSelf()) {
hprintf(c->pipe, "error Cannot RevertToSelf %d\n", GetLastError());
res = 0;
}
}
finish:
return res;
}示例15: enable_debug_privileges
// If the process is owned by another user, request SeDebugPrivilege to open it.
// Debug privileges are typically granted to Administrators.
static int enable_debug_privileges() {
HANDLE hToken;
if (!OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES, FALSE, &hToken)) {
if (!ImpersonateSelf(SecurityImpersonation) ||
!OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES, FALSE, &hToken)) {
return 0;
}
}
LUID luid;
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid)) {
return 0;
}
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
BOOL success = AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL);
CloseHandle(hToken);
return success ? 1 : 0;
}