Source file src/internal/syscall/windows/security_windows.go

     1  // Copyright 2016 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package windows
     6  
     7  import (
     8  	"syscall"
     9  	"unsafe"
    10  )
    11  
    12  const (
    13  	SecurityAnonymous      = 0
    14  	SecurityIdentification = 1
    15  	SecurityImpersonation  = 2
    16  	SecurityDelegation     = 3
    17  )
    18  
    19  //sys	ImpersonateSelf(impersonationlevel uint32) (err error) = advapi32.ImpersonateSelf
    20  //sys	RevertToSelf() (err error) = advapi32.RevertToSelf
    21  
    22  const (
    23  	TOKEN_ADJUST_PRIVILEGES = 0x0020
    24  	SE_PRIVILEGE_ENABLED    = 0x00000002
    25  )
    26  
    27  type LUID struct {
    28  	LowPart  uint32
    29  	HighPart int32
    30  }
    31  
    32  type LUID_AND_ATTRIBUTES struct {
    33  	Luid       LUID
    34  	Attributes uint32
    35  }
    36  
    37  type TOKEN_PRIVILEGES struct {
    38  	PrivilegeCount uint32
    39  	Privileges     [1]LUID_AND_ATTRIBUTES
    40  }
    41  
    42  //sys	OpenThreadToken(h syscall.Handle, access uint32, openasself bool, token *syscall.Token) (err error) = advapi32.OpenThreadToken
    43  //sys	LookupPrivilegeValue(systemname *uint16, name *uint16, luid *LUID) (err error) = advapi32.LookupPrivilegeValueW
    44  //sys	adjustTokenPrivileges(token syscall.Token, disableAllPrivileges bool, newstate *TOKEN_PRIVILEGES, buflen uint32, prevstate *TOKEN_PRIVILEGES, returnlen *uint32) (ret uint32, err error) [true] = advapi32.AdjustTokenPrivileges
    45  
    46  func AdjustTokenPrivileges(token syscall.Token, disableAllPrivileges bool, newstate *TOKEN_PRIVILEGES, buflen uint32, prevstate *TOKEN_PRIVILEGES, returnlen *uint32) error {
    47  	ret, err := adjustTokenPrivileges(token, disableAllPrivileges, newstate, buflen, prevstate, returnlen)
    48  	if ret == 0 {
    49  		// AdjustTokenPrivileges call failed
    50  		return err
    51  	}
    52  	// AdjustTokenPrivileges call succeeded
    53  	if err == syscall.EINVAL {
    54  		// GetLastError returned ERROR_SUCCESS
    55  		return nil
    56  	}
    57  	return err
    58  }
    59  
    60  //sys DuplicateTokenEx(hExistingToken syscall.Token, dwDesiredAccess uint32, lpTokenAttributes *syscall.SecurityAttributes, impersonationLevel uint32, tokenType TokenType, phNewToken *syscall.Token) (err error) = advapi32.DuplicateTokenEx
    61  //sys SetTokenInformation(tokenHandle syscall.Token, tokenInformationClass uint32, tokenInformation uintptr, tokenInformationLength uint32) (err error) = advapi32.SetTokenInformation
    62  
    63  type SID_AND_ATTRIBUTES struct {
    64  	Sid        *syscall.SID
    65  	Attributes uint32
    66  }
    67  
    68  type TOKEN_MANDATORY_LABEL struct {
    69  	Label SID_AND_ATTRIBUTES
    70  }
    71  
    72  func (tml *TOKEN_MANDATORY_LABEL) Size() uint32 {
    73  	return uint32(unsafe.Sizeof(TOKEN_MANDATORY_LABEL{})) + syscall.GetLengthSid(tml.Label.Sid)
    74  }
    75  
    76  const SE_GROUP_INTEGRITY = 0x00000020
    77  
    78  type TokenType uint32
    79  
    80  const (
    81  	TokenPrimary       TokenType = 1
    82  	TokenImpersonation TokenType = 2
    83  )
    84  
    85  //sys	GetProfilesDirectory(dir *uint16, dirLen *uint32) (err error) = userenv.GetProfilesDirectoryW
    86  
    87  const (
    88  	LG_INCLUDE_INDIRECT  = 0x1
    89  	MAX_PREFERRED_LENGTH = 0xFFFFFFFF
    90  )
    91  
    92  type LocalGroupUserInfo0 struct {
    93  	Name *uint16
    94  }
    95  
    96  type UserInfo4 struct {
    97  	Name            *uint16
    98  	Password        *uint16
    99  	PasswordAge     uint32
   100  	Priv            uint32
   101  	HomeDir         *uint16
   102  	Comment         *uint16
   103  	Flags           uint32
   104  	ScriptPath      *uint16
   105  	AuthFlags       uint32
   106  	FullName        *uint16
   107  	UsrComment      *uint16
   108  	Parms           *uint16
   109  	Workstations    *uint16
   110  	LastLogon       uint32
   111  	LastLogoff      uint32
   112  	AcctExpires     uint32
   113  	MaxStorage      uint32
   114  	UnitsPerWeek    uint32
   115  	LogonHours      *byte
   116  	BadPwCount      uint32
   117  	NumLogons       uint32
   118  	LogonServer     *uint16
   119  	CountryCode     uint32
   120  	CodePage        uint32
   121  	UserSid         *syscall.SID
   122  	PrimaryGroupID  uint32
   123  	Profile         *uint16
   124  	HomeDirDrive    *uint16
   125  	PasswordExpired uint32
   126  }
   127  
   128  //sys	NetUserGetLocalGroups(serverName *uint16, userName *uint16, level uint32, flags uint32, buf **byte, prefMaxLen uint32, entriesRead *uint32, totalEntries *uint32) (neterr error) = netapi32.NetUserGetLocalGroups
   129  

View as plain text