+Fri Apr 20 22:25:00 2001 Corinna Vinschen <corinna@vinschen.de>
+
+ * security.cc (set_process_privileges): Swap out.
+ * sec_helper.cc (set_process_privilege): Rename from
+ `set_process_privileges'. Takes the privilege to enable or disable
+ as parameter now.
+ * security.h: Add prototype for `set_process_privileges'.
+
2001-04-19 Egor Duda <deo@logos-m.ru>
* path.cc (path_conv::check): Always initialize member variables.
return TRUE;
}
+
+int
+set_process_privilege (const char *privilege, BOOL enable)
+{
+ HANDLE hToken = NULL;
+ LUID restore_priv;
+ TOKEN_PRIVILEGES new_priv;
+ int ret = -1;
+
+ if (!OpenProcessToken (hMainProc, TOKEN_ADJUST_PRIVILEGES, &hToken))
+ {
+ __seterrno ();
+ goto out;
+ }
+
+ if (!LookupPrivilegeValue (NULL, privilege, &restore_priv))
+ {
+ __seterrno ();
+ goto out;
+ }
+
+ new_priv.PrivilegeCount = 1;
+ new_priv.Privileges[0].Luid = restore_priv;
+ new_priv.Privileges[0].Attributes = enable ? SE_PRIVILEGE_ENABLED : 0;
+
+ if (!AdjustTokenPrivileges (hToken, FALSE, &new_priv, 0, NULL, NULL))
+ {
+ __seterrno ();
+ goto out;
+ }
+
+ ret = 0;
+
+out:
+ if (hToken)
+ CloseHandle (hToken);
+
+ syscall_printf ("%d = set_process_privilege (%s, %d)",ret, privilege, enable);
+ return ret;
+}
static BOOL first_time = TRUE;
if (first_time)
{
- set_process_privileges ();
+ set_process_privilege (SE_RESTORE_NAME);
first_time = FALSE;
}
return 0;
}
-int
-set_process_privileges ()
-{
- HANDLE hToken = NULL;
- LUID restore_priv;
- TOKEN_PRIVILEGES new_priv;
- int ret = -1;
-
- if (!OpenProcessToken (hMainProc, TOKEN_ADJUST_PRIVILEGES, &hToken))
- {
- __seterrno ();
- goto out;
- }
-
- if (!LookupPrivilegeValue (NULL, SE_RESTORE_NAME, &restore_priv))
- {
- __seterrno ();
- goto out;
- }
-
- new_priv.PrivilegeCount = 1;
- new_priv.Privileges[0].Luid = restore_priv;
- new_priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
-
- if (!AdjustTokenPrivileges (hToken, FALSE, &new_priv, 0, NULL, NULL))
- {
- __seterrno ();
- goto out;
- }
-
- ret = 0;
-
-out:
- if (hToken)
- CloseHandle (hToken);
-
- syscall_printf ("%d = set_process_privileges ()", ret);
- return ret;
-}
-
static int
get_nt_attribute (const char *file, int *attribute,
uid_t *uidret, gid_t *gidret)
* logsrv may be NULL, in this case only the local system is used for lookup.
* The buffer for ret_sid (40 Bytes) has to be allocated by the caller! */
BOOL __stdcall lookup_name (const char *, const char *, PSID);
+int set_process_privilege (const char *privilege, BOOL enable = TRUE);
extern inline int get_uid_from_sid (PSID psid) { return get_id_from_sid (psid, FALSE);}
extern inline int get_gid_from_sid (PSID psid) { return get_id_from_sid (psid, TRUE); }
OSDN Git Service
