Home | History | Annotate | Download | only in windows
      1 // Copyright 2016 The Go Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style
      3 // license that can be found in the LICENSE file.
      4 
      5 package windows
      6 
      7 import (
      8 	"syscall"
      9 	"unsafe"
     10 )
     11 
     12 const (
     13 	SecurityAnonymous      = 0
     14 	SecurityIdentification = 1
     15 	SecurityImpersonation  = 2
     16 	SecurityDelegation     = 3
     17 )
     18 
     19 //sys	ImpersonateSelf(impersonationlevel uint32) (err error) = advapi32.ImpersonateSelf
     20 //sys	RevertToSelf() (err error) = advapi32.RevertToSelf
     21 
     22 const (
     23 	TOKEN_ADJUST_PRIVILEGES = 0x0020
     24 	SE_PRIVILEGE_ENABLED    = 0x00000002
     25 )
     26 
     27 type LUID struct {
     28 	LowPart  uint32
     29 	HighPart int32
     30 }
     31 
     32 type LUID_AND_ATTRIBUTES struct {
     33 	Luid       LUID
     34 	Attributes uint32
     35 }
     36 
     37 type TOKEN_PRIVILEGES struct {
     38 	PrivilegeCount uint32
     39 	Privileges     [1]LUID_AND_ATTRIBUTES
     40 }
     41 
     42 //sys	OpenThreadToken(h syscall.Handle, access uint32, openasself bool, token *syscall.Token) (err error) = advapi32.OpenThreadToken
     43 //sys	LookupPrivilegeValue(systemname *uint16, name *uint16, luid *LUID) (err error) = advapi32.LookupPrivilegeValueW
     44 //sys	adjustTokenPrivileges(token syscall.Token, disableAllPrivileges bool, newstate *TOKEN_PRIVILEGES, buflen uint32, prevstate *TOKEN_PRIVILEGES, returnlen *uint32) (ret uint32, err error) [true] = advapi32.AdjustTokenPrivileges
     45 
     46 func AdjustTokenPrivileges(token syscall.Token, disableAllPrivileges bool, newstate *TOKEN_PRIVILEGES, buflen uint32, prevstate *TOKEN_PRIVILEGES, returnlen *uint32) error {
     47 	ret, err := adjustTokenPrivileges(token, disableAllPrivileges, newstate, buflen, prevstate, returnlen)
     48 	if ret == 0 {
     49 		// AdjustTokenPrivileges call failed
     50 		return err
     51 	}
     52 	// AdjustTokenPrivileges call succeeded
     53 	if err == syscall.EINVAL {
     54 		// GetLastError returned ERROR_SUCCESS
     55 		return nil
     56 	}
     57 	return err
     58 }
     59 
     60 //sys DuplicateTokenEx(hExistingToken syscall.Token, dwDesiredAccess uint32, lpTokenAttributes *syscall.SecurityAttributes, impersonationLevel uint32, tokenType TokenType, phNewToken *syscall.Token) (err error) = advapi32.DuplicateTokenEx
     61 //sys SetTokenInformation(tokenHandle syscall.Token, tokenInformationClass uint32, tokenInformation uintptr, tokenInformationLength uint32) (err error) = advapi32.SetTokenInformation
     62 
     63 type SID_AND_ATTRIBUTES struct {
     64 	Sid        *syscall.SID
     65 	Attributes uint32
     66 }
     67 
     68 type TOKEN_MANDATORY_LABEL struct {
     69 	Label SID_AND_ATTRIBUTES
     70 }
     71 
     72 func (tml *TOKEN_MANDATORY_LABEL) Size() uint32 {
     73 	return uint32(unsafe.Sizeof(TOKEN_MANDATORY_LABEL{})) + syscall.GetLengthSid(tml.Label.Sid)
     74 }
     75 
     76 const SE_GROUP_INTEGRITY = 0x00000020
     77 
     78 type TokenType uint32
     79 
     80 const (
     81 	TokenPrimary       TokenType = 1
     82 	TokenImpersonation TokenType = 2
     83 )
     84