CODEWITHSUNDEEP
c++securitymethodstoken
Matthew
Matthew

Reputation: 4607

Program using tokens and privileges

I want to create a C++ program with limited privileges. I made some research on the internet and found out that I have to create a token and then use the AdjustTokenPrivileges() method to alter its privileges.

However, I didn't quite understand how this is to be done. Can someone please provide me with an example of how to create a token and disable its privileges? Thanks :)

Upvotes: 1

Views: 492

Answers (1)

Greg Kramida
Greg Kramida

Reputation: 4224

Did you check out the example at Executing Privileged Operations Using C++ ? Seems like you just need to figure out which tokens are which after using the GetTokenInformation() function, and then disable some of them.

[EDIT] Explaining in a bit more detail.

  • The first call to GetTokenInformation() gets you the length of your token priveledge info object, in bytes.
  • Then you actually build a buffer of that size on the heap.
  • The second call retrieves the token information object and stores it in your buffer.
  • Then you re-cast your buffer to TOKEN_PRIVILEGES*, which allows you to interpret it correctly.
  • Then you loop through the Privileges member of this object and set the different attributes to allowed.

Here are specifics about the TOKEN_PRIVILEDGES structure. For each member of Priviledges array, you can look up the name of the priviledge using LookupPrivilegeName.

Here is a list of Priviledge names and descriptions.

After you know what priviledge it is (i.e. by checking the name), you can set the Attributes of the Priviledges[i] member to one of

  • SE_PRIVILEGE_ENABLED
  • SE_PRIVILEGE_ENABLED_BY_DEFAULT
  • SE_PRIVILEGE_REMOVED
  • SE_PRIVILEGE_USED_FOR_ACCESS

In your case, I recon it will be mostly the third.

Upvotes: 1

Related Questions