问题
I want to create a C++ program with limited privileges. I made some research on the internet and found out that I have to create a token and then use the AdjustTokenPrivileges() method to alter its privileges.
However, I didn't quite understand how this is to be done. Can someone please provide me with an example of how to create a token and disable its privileges? Thanks :)
回答1:
Did you check out the example at Executing Privileged Operations Using C++ ? Seems like you just need to figure out which tokens are which after using the GetTokenInformation() function, and then disable some of them.
[EDIT] Explaining in a bit more detail.
- The first call to GetTokenInformation() gets you the length of your token priveledge info object, in bytes.
- Then you actually build a buffer of that size on the heap.
- The second call retrieves the token information object and stores it in your buffer.
- Then you re-cast your buffer to TOKEN_PRIVILEGES*, which allows you to interpret it correctly.
- Then you loop through the Privileges member of this object and set the different attributes to allowed.
Here are specifics about the TOKEN_PRIVILEDGES structure. For each member of Priviledges array, you can look up the name of the priviledge using LookupPrivilegeName.
Here is a list of Priviledge names and descriptions.
After you know what priviledge it is (i.e. by checking the name), you can set the Attributes of the Priviledges[i] member to one of
- SE_PRIVILEGE_ENABLED
- SE_PRIVILEGE_ENABLED_BY_DEFAULT
- SE_PRIVILEGE_REMOVED
- SE_PRIVILEGE_USED_FOR_ACCESS
In your case, I recon it will be mostly the third.
来源:https://stackoverflow.com/questions/13291292/program-using-tokens-and-privileges