OLD | NEW |
1 /* | 1 /* |
2 * $Id: security.c 772 2010-11-03 13:51:11Z g.rodola $ | 2 * $Id: security.c 1142 2011-10-05 18:45:49Z g.rodola $ |
| 3 * |
| 4 * Copyright (c) 2009, Jay Loden, Giampaolo Rodola'. All rights reserved. |
| 5 * Use of this source code is governed by a BSD-style license that can be |
| 6 * found in the LICENSE file. |
3 * | 7 * |
4 * Security related functions for Windows platform (Set privileges such as | 8 * Security related functions for Windows platform (Set privileges such as |
5 * SeDebug), as well as security helper functions. | 9 * SeDebug), as well as security helper functions. |
6 */ | 10 */ |
7 | 11 |
8 #include <windows.h> | 12 #include <windows.h> |
9 #include <Python.h> | 13 #include <Python.h> |
10 | 14 |
11 /* | 15 /* |
12 * Convert a process handle to a process token handle. | 16 * Convert a process handle to a process token handle. |
13 */ | 17 */ |
14 HANDLE | 18 HANDLE |
15 token_from_handle(HANDLE hProcess) { | 19 token_from_handle(HANDLE hProcess) { |
16 HANDLE hToken = NULL; | 20 HANDLE hToken = NULL; |
17 | 21 |
18 if (! OpenProcessToken(hProcess, TOKEN_QUERY, &hToken) ) { | 22 if (! OpenProcessToken(hProcess, TOKEN_QUERY, &hToken) ) { |
19 return PyErr_SetFromWindowsErr(0); | 23 return PyErr_SetFromWindowsErr(0); |
20 } | 24 } |
21 | 25 |
22 return hToken; | 26 return hToken; |
23 } | 27 } |
24 | 28 |
25 | 29 |
26 /* | 30 /* |
27 * http://www.ddj.com/windows/184405986 | 31 * http://www.ddj.com/windows/184405986 |
28 * | 32 * |
29 * theres a way to determine whether were running under the Local System | 33 * There's a way to determine whether we're running under the Local System |
30 * account. However (you guessed it), we have to call more Win32 functions to | 34 * account. However (you guessed it), we have to call more Win32 functions to |
31 * determine this. Backing up through the code listing, we need to make another | 35 * determine this. Backing up through the code listing, we need to make another |
32 * call to GetTokenInformation, but instead of passing through the TOKEN_USER | 36 * call to GetTokenInformation, but instead of passing through the TOKEN_USER |
33 * constant, we pass through the TOKEN_PRIVILEGES constant. This value returns | 37 * constant, we pass through the TOKEN_PRIVILEGES constant. This value returns |
34 * an array of privileges that the account has in the environment. Iterating | 38 * an array of privileges that the account has in the environment. Iterating |
35 * through the array, we call the function LookupPrivilegeName looking for the | 39 * through the array, we call the function LookupPrivilegeName looking for the |
36 * string SeTcbPrivilege. If the function returns this string, then this | 40 * string SeTcbPrivilege. If the function returns this string, then this |
37 * account has Local System privileges | 41 * account has Local System privileges |
38 */ | 42 */ |
39 int HasSystemPrivilege(HANDLE hProcess) { | 43 int HasSystemPrivilege(HANDLE hProcess) { |
(...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
164 int SetSeDebug() | 168 int SetSeDebug() |
165 { | 169 { |
166 HANDLE hToken; | 170 HANDLE hToken; |
167 if(! OpenThreadToken(GetCurrentThread(), | 171 if(! OpenThreadToken(GetCurrentThread(), |
168 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, | 172 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, |
169 FALSE, | 173 FALSE, |
170 &hToken) | 174 &hToken) |
171 ){ | 175 ){ |
172 if (GetLastError() == ERROR_NO_TOKEN){ | 176 if (GetLastError() == ERROR_NO_TOKEN){ |
173 if (!ImpersonateSelf(SecurityImpersonation)){ | 177 if (!ImpersonateSelf(SecurityImpersonation)){ |
174 //Log2File("Error setting impersonation [SetSeDebug()]", L_DEBUG
); | 178 CloseHandle(hToken); |
175 return 0; | 179 return 0; |
176 } | 180 } |
177 if (!OpenThreadToken(GetCurrentThread(), | 181 if (!OpenThreadToken(GetCurrentThread(), |
178 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, | 182 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, |
179 FALSE, | 183 FALSE, |
180 &hToken) | 184 &hToken) |
181 ){ | 185 ){ |
182 //Log2File("Error Opening Thread Token", L_DEBUG); | 186 RevertToSelf(); |
| 187 CloseHandle(hToken); |
183 return 0; | 188 return 0; |
184 } | 189 } |
185 } | 190 } |
186 } | 191 } |
187 | 192 |
188 // enable SeDebugPrivilege (open any process) | 193 // enable SeDebugPrivilege (open any process) |
189 if (! SetPrivilege(hToken, SE_DEBUG_NAME, TRUE)){ | 194 if (! SetPrivilege(hToken, SE_DEBUG_NAME, TRUE)){ |
190 //Log2File("Error setting SeDebug Privilege [SetPrivilege()]", L_WARN); | 195 RevertToSelf(); |
| 196 CloseHandle(hToken); |
191 return 0; | 197 return 0; |
192 } | 198 } |
193 | 199 |
| 200 RevertToSelf(); |
194 CloseHandle(hToken); | 201 CloseHandle(hToken); |
195 return 1; | 202 return 1; |
196 } | 203 } |
197 | 204 |
198 | 205 |
199 int UnsetSeDebug() | 206 int UnsetSeDebug() |
200 { | 207 { |
201 HANDLE hToken; | 208 HANDLE hToken; |
202 if(! OpenThreadToken(GetCurrentThread(), | 209 if(! OpenThreadToken(GetCurrentThread(), |
203 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, | 210 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, |
(...skipping 20 matching lines...) Expand all Loading... |
224 //now disable SeDebug | 231 //now disable SeDebug |
225 if(!SetPrivilege(hToken, SE_DEBUG_NAME, FALSE)){ | 232 if(!SetPrivilege(hToken, SE_DEBUG_NAME, FALSE)){ |
226 //Log2File("Error unsetting SeDebug Privilege [SetPrivilege()]", L_WARN)
; | 233 //Log2File("Error unsetting SeDebug Privilege [SetPrivilege()]", L_WARN)
; |
227 return 0; | 234 return 0; |
228 } | 235 } |
229 | 236 |
230 CloseHandle(hToken); | 237 CloseHandle(hToken); |
231 return 1; | 238 return 1; |
232 } | 239 } |
233 | 240 |
OLD | NEW |