* security.cc (set_process_privileges): Swap out.
* sec_helper.cc (set_process_privilege): Rename from
`set_process_privileges'. Takes the privilege to enable or disable
as parameter now.
* security.h: Add prototype for `set_process_privileges'.
This commit is contained in:
Corinna Vinschen
@@ -1,3 +1,11 @@
|
||||
Fri Apr 20 22:25:00 2001 Corinna Vinschen <corinna@vinschen.de>
|
||||
|
||||
* security.cc (set_process_privileges): Swap out.
|
||||
* sec_helper.cc (set_process_privilege): Rename from
|
||||
`set_process_privileges'. Takes the privilege to enable or disable
|
||||
as parameter now.
|
||||
* security.h: Add prototype for `set_process_privileges'.
|
||||
|
||||
2001-04-19 Egor Duda <deo@logos-m.ru>
|
||||
|
||||
* path.cc (path_conv::check): Always initialize member variables.
|
||||
|
||||
@@ -397,3 +397,43 @@ got_it:
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
int
|
||||
set_process_privilege (const char *privilege, BOOL enable)
|
||||
{
|
||||
HANDLE hToken = NULL;
|
||||
LUID restore_priv;
|
||||
TOKEN_PRIVILEGES new_priv;
|
||||
int ret = -1;
|
||||
|
||||
if (!OpenProcessToken (hMainProc, TOKEN_ADJUST_PRIVILEGES, &hToken))
|
||||
{
|
||||
__seterrno ();
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (!LookupPrivilegeValue (NULL, privilege, &restore_priv))
|
||||
{
|
||||
__seterrno ();
|
||||
goto out;
|
||||
}
|
||||
|
||||
new_priv.PrivilegeCount = 1;
|
||||
new_priv.Privileges[0].Luid = restore_priv;
|
||||
new_priv.Privileges[0].Attributes = enable ? SE_PRIVILEGE_ENABLED : 0;
|
||||
|
||||
if (!AdjustTokenPrivileges (hToken, FALSE, &new_priv, 0, NULL, NULL))
|
||||
{
|
||||
__seterrno ();
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
|
||||
out:
|
||||
if (hToken)
|
||||
CloseHandle (hToken);
|
||||
|
||||
syscall_printf ("%d = set_process_privilege (%s, %d)",ret, privilege, enable);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -182,7 +182,7 @@ write_sd(const char *file, PSECURITY_DESCRIPTOR sd_buf, DWORD sd_size)
|
||||
static BOOL first_time = TRUE;
|
||||
if (first_time)
|
||||
{
|
||||
set_process_privileges ();
|
||||
set_process_privilege (SE_RESTORE_NAME);
|
||||
first_time = FALSE;
|
||||
}
|
||||
|
||||
@@ -245,46 +245,6 @@ write_sd(const char *file, PSECURITY_DESCRIPTOR sd_buf, DWORD sd_size)
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
set_process_privileges ()
|
||||
{
|
||||
HANDLE hToken = NULL;
|
||||
LUID restore_priv;
|
||||
TOKEN_PRIVILEGES new_priv;
|
||||
int ret = -1;
|
||||
|
||||
if (!OpenProcessToken (hMainProc, TOKEN_ADJUST_PRIVILEGES, &hToken))
|
||||
{
|
||||
__seterrno ();
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (!LookupPrivilegeValue (NULL, SE_RESTORE_NAME, &restore_priv))
|
||||
{
|
||||
__seterrno ();
|
||||
goto out;
|
||||
}
|
||||
|
||||
new_priv.PrivilegeCount = 1;
|
||||
new_priv.Privileges[0].Luid = restore_priv;
|
||||
new_priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
|
||||
|
||||
if (!AdjustTokenPrivileges (hToken, FALSE, &new_priv, 0, NULL, NULL))
|
||||
{
|
||||
__seterrno ();
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
|
||||
out:
|
||||
if (hToken)
|
||||
CloseHandle (hToken);
|
||||
|
||||
syscall_printf ("%d = set_process_privileges ()", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int
|
||||
get_nt_attribute (const char *file, int *attribute,
|
||||
uid_t *uidret, gid_t *gidret)
|
||||
|
||||
@@ -45,6 +45,7 @@ BOOL __stdcall is_grp_member (uid_t uid, gid_t gid);
|
||||
* logsrv may be NULL, in this case only the local system is used for lookup.
|
||||
* The buffer for ret_sid (40 Bytes) has to be allocated by the caller! */
|
||||
BOOL __stdcall lookup_name (const char *, const char *, PSID);
|
||||
int set_process_privilege (const char *privilege, BOOL enable = TRUE);
|
||||
|
||||
extern inline int get_uid_from_sid (PSID psid) { return get_id_from_sid (psid, FALSE);}
|
||||
extern inline int get_gid_from_sid (PSID psid) { return get_id_from_sid (psid, TRUE); }
|
||||
|
||||
Reference in New Issue
Block a user