home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Softwarová Záchrana 3
/
Softwarova-zachrana-3.bin
/
pserv.cpl
/
pserv-2.4.exe
/
source
/
CNTMachineAccount.cpp
< prev
next >
Wrap
C/C++ Source or Header
|
2005-01-05
|
5KB
|
253 lines
#include "stdafx.h"
#include "CNTMachineAccount.h"
#include <accctrl.h>
#include <aclapi.h>
#define SD_SIZE (65536 + SECURITY_DESCRIPTOR_MIN_LENGTH)
PNtMachineAccount theMachineAccount;
BOOL PNtMachineAccount::RevertToSelf()
{
return ::RevertToSelf();
} // RevertToSelf()
PNtMachineAccount::PNtMachineAccount()
{
m_hToken = 0;
m_hProcess = 0;
} // PNtMachineAccount()
PNtMachineAccount::~PNtMachineAccount()
{
} // ~PNtMachineAccount()
BOOL PAdjustTokenPrivileges( LPCTSTR lpszPrivileges )
{
// Retrieve a handle of the access token
HANDLE hToken;
if( !OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ) )
{
return FALSE;
}
// Enable the SE_DEBUG_NAME privilege
LUID DebugValue;
if( !LookupPrivilegeValue( NULL, lpszPrivileges, &DebugValue ) )
{
return FALSE;
}
TOKEN_PRIVILEGES tkp;
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = DebugValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges( hToken, FALSE, &tkp, sizeof(tkp), 0, 0 );
// The return value of AdjustTokenPrivileges can't be tested
HRESULT hResult = GetLastError();
if( hResult != ERROR_SUCCESS )
{
SetLastError( hResult );
return FALSE;
}
return TRUE;
} // PAdjustTokenPrivileges()
DWORD PNtMachineAccount::DetermineSystemPID()
{
if( !PAdjustTokenPrivileges(SE_DEBUG_NAME) )
{
return FALSE;
}
OSVERSIONINFO ovi;
ovi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx( &ovi );
if( ovi.dwMajorVersion <= 4 )
{
return 2;
}
else
{
return 8;
}
} // DetermineSystemPID()
BOOL PNtMachineAccount::ModifySecurity(HANDLE hProc, DWORD dwAccess)
{
UCHAR ucSDbuf[SD_SIZE];
PSECURITY_DESCRIPTOR pSD=(PSECURITY_DESCRIPTOR)ucSDbuf;
DWORD dwSDLengthNeeded;
PACL pAcl;
PACL pNewAcl;
EXPLICIT_ACCESS explicitaccess;
BOOL fDaclPresent,fDaclDefaulted;
DWORD dwResult;
UCHAR ucAbsSDbuf[SD_SIZE];
PSECURITY_DESCRIPTOR pAbsSD=(PSECURITY_DESCRIPTOR)ucAbsSDbuf;
DWORD dwSDLength;
#define ACL_SIZE 2048
#define SID_SIZE 1024
PACL pacl,psacl;
DWORD dwAclSize=ACL_SIZE, dwSaclSize=ACL_SIZE;
PSID pSidOwner,pSidPrimary;
DWORD dwSidOwnLen=SID_SIZE,dwSidPrimLen=SID_SIZE;
if(!GetKernelObjectSecurity(
hProc,
DACL_SECURITY_INFORMATION,
pSD,
SD_SIZE,
&dwSDLengthNeeded))
{
return FALSE;
}
if(!GetSecurityDescriptorDacl(
pSD,
&fDaclPresent,
&pAcl,
&fDaclDefaulted))
{
return FALSE;
}
BuildExplicitAccessWithName(
&explicitaccess,
_T("administrators"),
dwAccess,
GRANT_ACCESS,
0 );
if( dwResult = SetEntriesInAcl(
1,
&explicitaccess,
pAcl,
&pNewAcl ) )
{
SetLastError(dwResult);
return FALSE;
}
pacl = (ACL*)malloc(ACL_SIZE);
psacl = (ACL*)malloc(ACL_SIZE);
pSidOwner = malloc(SID_SIZE);
pSidPrimary = malloc(SID_SIZE);
dwSDLength = SD_SIZE;
if(!MakeAbsoluteSD(
pSD,
pAbsSD,
&dwSDLength,
pacl, &dwAclSize,
psacl, &dwSaclSize,
pSidOwner, &dwSidOwnLen,
pSidPrimary, &dwSidPrimLen))
{
return FALSE;
}
if(!SetSecurityDescriptorDacl(
pAbsSD,
fDaclPresent,
pNewAcl,
fDaclDefaulted))
{
return FALSE;
}
if(!SetKernelObjectSecurity(
hProc,
DACL_SECURITY_INFORMATION,
pAbsSD))
{
return FALSE;
}
return (TRUE);
}
BOOL PNtMachineAccount::Refresh()
{
if( !m_hToken )
{
//
// PID 2 is always(?) associated with the
// "system" process which has the context we
// are after - local system
//
DWORD dwSystemPID = DetermineSystemPID();
if(!(m_hProcess = OpenProcess(
PROCESS_ALL_ACCESS,
FALSE,
dwSystemPID)))
{
return FALSE;
}
//
// Open the process token with this access
// so that we can modify the DACL and add
// TOKEN_DUPLICATE & TOKEN_ASSIGN_PRIMARY
// rights for this user
//
if( !OpenProcessToken(
m_hProcess,
READ_CONTROL|WRITE_DAC,
&m_hToken) )
{
return FALSE;
}
if(!ModifySecurity(
m_hToken,
TOKEN_DUPLICATE|TOKEN_ASSIGN_PRIMARY|TOKEN_QUERY))
{
return FALSE;
}
CloseHandle(m_hToken);
//
// Close that handle and get a new one with the right
// privilege level
//
if( !OpenProcessToken(
m_hProcess,
TOKEN_QUERY|TOKEN_DUPLICATE|TOKEN_ASSIGN_PRIMARY,
&m_hToken) )
{
return FALSE;
}
}
if( m_hToken == 0 )
return FALSE;
return TRUE;
}
BOOL PNtMachineAccount::Impersonate()
{
if( Refresh() )
{
return ImpersonateLoggedOnUser( m_hToken );
}
return FALSE;
}