3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * FILE: lib/ntdll/rtl/security.c
6 * PURPOSE: Miscellaneous securitiy related functions
7 * PROGRAMMER: Eric Kohl
12 #include <ddk/ntddk.h>
13 #include <ntdll/rtl.h>
16 #include <ntdll/ntdll.h>
19 /* FUNCTIONS ****************************************************************/
25 RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
27 OBJECT_ATTRIBUTES ObjectAttributes;
28 SECURITY_QUALITY_OF_SERVICE SecQos;
30 HANDLE ImpersonationToken;
33 Status = NtOpenProcessToken(NtCurrentProcess(),
36 if (!NT_SUCCESS(Status))
39 SecQos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
40 SecQos.ImpersonationLevel = ImpersonationLevel;
41 SecQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
42 SecQos.EffectiveOnly = FALSE;
44 ObjectAttributes.Length = sizeof(OBJECT_ATTRIBUTES);
45 ObjectAttributes.RootDirectory = 0;
46 ObjectAttributes.ObjectName = NULL;
47 ObjectAttributes.Attributes = 0;
48 ObjectAttributes.SecurityDescriptor = NULL;
49 ObjectAttributes.SecurityQualityOfService = &SecQos;
51 Status = NtDuplicateToken(ProcessToken,
57 if (!NT_SUCCESS(Status))
59 NtClose(ProcessToken);
63 Status = NtSetInformationThread(NtCurrentThread(),
64 ThreadImpersonationToken,
67 NtClose(ImpersonationToken);
68 NtClose(ProcessToken);
78 RtlAdjustPrivilege(IN ULONG Privilege,
80 IN BOOLEAN CurrentThread,
83 TOKEN_PRIVILEGES NewState;
84 TOKEN_PRIVILEGES OldState;
89 DPRINT ("RtlAdjustPrivilege() called\n");
93 Status = NtOpenThreadToken (NtCurrentThread (),
94 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
100 Status = NtOpenProcessToken (NtCurrentProcess (),
101 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
105 if (!NT_SUCCESS (Status))
107 DPRINT1 ("Retrieving token handle failed (Status %lx)\n", Status);
111 OldState.PrivilegeCount = 1;
113 NewState.PrivilegeCount = 1;
114 NewState.Privileges[0].Luid.LowPart = Privilege;
115 NewState.Privileges[0].Luid.HighPart = 0;
116 NewState.Privileges[0].Attributes = (Enable) ? SE_PRIVILEGE_ENABLED : 0;
118 Status = NtAdjustPrivilegesToken (TokenHandle,
121 sizeof(TOKEN_PRIVILEGES),
124 NtClose (TokenHandle);
125 if (Status == STATUS_NOT_ALL_ASSIGNED)
127 DPRINT1 ("Failed to assign all privileges\n");
128 return STATUS_PRIVILEGE_NOT_HELD;
130 if (!NT_SUCCESS(Status))
132 DPRINT1 ("NtAdjustPrivilegesToken() failed (Status %lx)\n", Status);
136 if (OldState.PrivilegeCount == 0)
142 *Enabled = (OldState.Privileges[0].Attributes & SE_PRIVILEGE_ENABLED);
145 DPRINT ("RtlAdjustPrivilege() done\n");
147 return STATUS_SUCCESS;