/* * @implemented */ BOOL WINAPI DuplicateTokenEx(IN HANDLE ExistingTokenHandle, IN DWORD dwDesiredAccess, IN LPSECURITY_ATTRIBUTES lpTokenAttributes OPTIONAL, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN TOKEN_TYPE TokenType, OUT PHANDLE DuplicateTokenHandle) { OBJECT_ATTRIBUTES ObjectAttributes; NTSTATUS Status; SECURITY_QUALITY_OF_SERVICE Sqos; Sqos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE); Sqos.ImpersonationLevel = ImpersonationLevel; Sqos.ContextTrackingMode = 0; Sqos.EffectiveOnly = FALSE; if (lpTokenAttributes != NULL) { InitializeObjectAttributes(&ObjectAttributes, NULL, lpTokenAttributes->bInheritHandle ? OBJ_INHERIT : 0, NULL, lpTokenAttributes->lpSecurityDescriptor); } else { InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL); } ObjectAttributes.SecurityQualityOfService = &Sqos; Status = NtDuplicateToken(ExistingTokenHandle, dwDesiredAccess, &ObjectAttributes, FALSE, TokenType, DuplicateTokenHandle); if (!NT_SUCCESS(Status)) { SetLastError(RtlNtStatusToDosError(Status)); return FALSE; } return TRUE; }
SECURITY_STATUS SspQuerySecurityContextToken( IN PCtxtHandle ContextHandle, OUT PHANDLE TokenHandle ) /*++ Routine Description: Returns a copy of a context token. Arguments: ContextHandle - Context handle to impersonate. TokenHandle - Receives a copy of the context token. Return Value: STATUS_SUCCESS - Message handled SEC_E_INVALID_HANDLE -- Context Handle is invalid --*/ { PCheaterContext Context; OBJECT_ATTRIBUTES ObjectAttributes; NTSTATUS Status; InitializeObjectAttributes( &ObjectAttributes, NULL, 0, NULL, NULL ); // // Make sure the context handle came from NTLMSSP // if ((ContextHandle->dwLower != SEC_HANDLE_NTLMSSPS) && (ContextHandle->dwLower != SEC_HANDLE_SECURITY)) { return(SEC_E_INVALID_HANDLE); } Context = SspLocateLocalContext(ContextHandle); if (Context == NULL) { return(SEC_E_INVALID_HANDLE); } if (Context->TokenHandle == NULL) { return(SEC_E_NO_IMPERSONATION); } // // Impersonate the TokenHandle into the callers address space. // Status = NtDuplicateToken( Context->TokenHandle, 0, // copy existing access &ObjectAttributes, FALSE, // not effective only TokenImpersonation, TokenHandle ); if (!NT_SUCCESS(Status)) { return(SspNtStatusToSecStatus(Status, SEC_E_NO_IMPERSONATION)); } return SEC_E_OK; }