| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * $Id: security.c 772 2010-11-03 13:51:11Z g.rodola $ | 2 * $Id: security.c 1142 2011-10-05 18:45:49Z g.rodola $ |
| 3 * |
| 4 * Copyright (c) 2009, Jay Loden, Giampaolo Rodola'. All rights reserved. |
| 5 * Use of this source code is governed by a BSD-style license that can be |
| 6 * found in the LICENSE file. |
| 3 * | 7 * |
| 4 * Security related functions for Windows platform (Set privileges such as | 8 * Security related functions for Windows platform (Set privileges such as |
| 5 * SeDebug), as well as security helper functions. | 9 * SeDebug), as well as security helper functions. |
| 6 */ | 10 */ |
| 7 | 11 |
| 8 #include <windows.h> | 12 #include <windows.h> |
| 9 #include <Python.h> | 13 #include <Python.h> |
| 10 | 14 |
| 11 /* | 15 /* |
| 12 * Convert a process handle to a process token handle. | 16 * Convert a process handle to a process token handle. |
| 13 */ | 17 */ |
| 14 HANDLE | 18 HANDLE |
| 15 token_from_handle(HANDLE hProcess) { | 19 token_from_handle(HANDLE hProcess) { |
| 16 HANDLE hToken = NULL; | 20 HANDLE hToken = NULL; |
| 17 | 21 |
| 18 if (! OpenProcessToken(hProcess, TOKEN_QUERY, &hToken) ) { | 22 if (! OpenProcessToken(hProcess, TOKEN_QUERY, &hToken) ) { |
| 19 return PyErr_SetFromWindowsErr(0); | 23 return PyErr_SetFromWindowsErr(0); |
| 20 } | 24 } |
| 21 | 25 |
| 22 return hToken; | 26 return hToken; |
| 23 } | 27 } |
| 24 | 28 |
| 25 | 29 |
| 26 /* | 30 /* |
| 27 * http://www.ddj.com/windows/184405986 | 31 * http://www.ddj.com/windows/184405986 |
| 28 * | 32 * |
| 29 * theres a way to determine whether were running under the Local System | 33 * There's a way to determine whether we're running under the Local System |
| 30 * account. However (you guessed it), we have to call more Win32 functions to | 34 * account. However (you guessed it), we have to call more Win32 functions to |
| 31 * determine this. Backing up through the code listing, we need to make another | 35 * determine this. Backing up through the code listing, we need to make another |
| 32 * call to GetTokenInformation, but instead of passing through the TOKEN_USER | 36 * call to GetTokenInformation, but instead of passing through the TOKEN_USER |
| 33 * constant, we pass through the TOKEN_PRIVILEGES constant. This value returns | 37 * constant, we pass through the TOKEN_PRIVILEGES constant. This value returns |
| 34 * an array of privileges that the account has in the environment. Iterating | 38 * an array of privileges that the account has in the environment. Iterating |
| 35 * through the array, we call the function LookupPrivilegeName looking for the | 39 * through the array, we call the function LookupPrivilegeName looking for the |
| 36 * string SeTcbPrivilege. If the function returns this string, then this | 40 * string SeTcbPrivilege. If the function returns this string, then this |
| 37 * account has Local System privileges | 41 * account has Local System privileges |
| 38 */ | 42 */ |
| 39 int HasSystemPrivilege(HANDLE hProcess) { | 43 int HasSystemPrivilege(HANDLE hProcess) { |
| (...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 164 int SetSeDebug() | 168 int SetSeDebug() |
| 165 { | 169 { |
| 166 HANDLE hToken; | 170 HANDLE hToken; |
| 167 if(! OpenThreadToken(GetCurrentThread(), | 171 if(! OpenThreadToken(GetCurrentThread(), |
| 168 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, | 172 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, |
| 169 FALSE, | 173 FALSE, |
| 170 &hToken) | 174 &hToken) |
| 171 ){ | 175 ){ |
| 172 if (GetLastError() == ERROR_NO_TOKEN){ | 176 if (GetLastError() == ERROR_NO_TOKEN){ |
| 173 if (!ImpersonateSelf(SecurityImpersonation)){ | 177 if (!ImpersonateSelf(SecurityImpersonation)){ |
| 174 //Log2File("Error setting impersonation [SetSeDebug()]", L_DEBUG
); | 178 CloseHandle(hToken); |
| 175 return 0; | 179 return 0; |
| 176 } | 180 } |
| 177 if (!OpenThreadToken(GetCurrentThread(), | 181 if (!OpenThreadToken(GetCurrentThread(), |
| 178 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, | 182 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, |
| 179 FALSE, | 183 FALSE, |
| 180 &hToken) | 184 &hToken) |
| 181 ){ | 185 ){ |
| 182 //Log2File("Error Opening Thread Token", L_DEBUG); | 186 RevertToSelf(); |
| 187 CloseHandle(hToken); |
| 183 return 0; | 188 return 0; |
| 184 } | 189 } |
| 185 } | 190 } |
| 186 } | 191 } |
| 187 | 192 |
| 188 // enable SeDebugPrivilege (open any process) | 193 // enable SeDebugPrivilege (open any process) |
| 189 if (! SetPrivilege(hToken, SE_DEBUG_NAME, TRUE)){ | 194 if (! SetPrivilege(hToken, SE_DEBUG_NAME, TRUE)){ |
| 190 //Log2File("Error setting SeDebug Privilege [SetPrivilege()]", L_WARN); | 195 RevertToSelf(); |
| 196 CloseHandle(hToken); |
| 191 return 0; | 197 return 0; |
| 192 } | 198 } |
| 193 | 199 |
| 200 RevertToSelf(); |
| 194 CloseHandle(hToken); | 201 CloseHandle(hToken); |
| 195 return 1; | 202 return 1; |
| 196 } | 203 } |
| 197 | 204 |
| 198 | 205 |
| 199 int UnsetSeDebug() | 206 int UnsetSeDebug() |
| 200 { | 207 { |
| 201 HANDLE hToken; | 208 HANDLE hToken; |
| 202 if(! OpenThreadToken(GetCurrentThread(), | 209 if(! OpenThreadToken(GetCurrentThread(), |
| 203 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, | 210 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, |
| (...skipping 20 matching lines...) Expand all Loading... |
| 224 //now disable SeDebug | 231 //now disable SeDebug |
| 225 if(!SetPrivilege(hToken, SE_DEBUG_NAME, FALSE)){ | 232 if(!SetPrivilege(hToken, SE_DEBUG_NAME, FALSE)){ |
| 226 //Log2File("Error unsetting SeDebug Privilege [SetPrivilege()]", L_WARN)
; | 233 //Log2File("Error unsetting SeDebug Privilege [SetPrivilege()]", L_WARN)
; |
| 227 return 0; | 234 return 0; |
| 228 } | 235 } |
| 229 | 236 |
| 230 CloseHandle(hToken); | 237 CloseHandle(hToken); |
| 231 return 1; | 238 return 1; |
| 232 } | 239 } |
| 233 | 240 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8159001:
Update third_party/psutil and fix the licence issue with it. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src