diff --git a/src/internal/syscall/windows/exec_windows_test.go b/src/internal/syscall/windows/exec_windows_test.go index b1edb4d6af5550b6a86690e8cfa538e8325477f6..94fd95b2bc5fbcde38bee31d25066ecabd5b8d5a 100644 --- a/src/internal/syscall/windows/exec_windows_test.go +++ b/src/internal/syscall/windows/exec_windows_test.go @@ -40,7 +40,7 @@ func TestRunAtLowIntegrity(t *testing.T) { if err != nil { t.Fatal(err) } - defer syscall.CloseHandle(token) + defer token.Close() cmd.SysProcAttr = &syscall.SysProcAttr{ Token: token, @@ -105,9 +105,8 @@ func tokenGetInfo(t syscall.Token, class uint32, initSize int) (unsafe.Pointer, } } -func getIntegrityLevelToken(wns string) (syscall.Handle, error) { - var token syscall.Handle - var procToken syscall.Token +func getIntegrityLevelToken(wns string) (syscall.Token, error) { + var procToken, token syscall.Token proc, err := syscall.GetCurrentProcess() if err != nil { @@ -135,7 +134,7 @@ func getIntegrityLevelToken(wns string) (syscall.Handle, error) { tml.Label.Attributes = windows.SE_GROUP_INTEGRITY tml.Label.Sid = sid - err = windows.DuplicateTokenEx(syscall.Handle(procToken), 0, nil, windows.SecurityImpersonation, + err = windows.DuplicateTokenEx(procToken, 0, nil, windows.SecurityImpersonation, windows.TokenPrimary, &token) if err != nil { return 0, err @@ -146,7 +145,7 @@ func getIntegrityLevelToken(wns string) (syscall.Handle, error) { uintptr(unsafe.Pointer(tml)), tml.Size()) if err != nil { - syscall.CloseHandle(token) + token.Close() return 0, err } return token, nil diff --git a/src/internal/syscall/windows/security_windows.go b/src/internal/syscall/windows/security_windows.go index 2e34ea72e104d3ecaf380462756136421769f115..14ea425c05b3c6566bbd2d95639f05960adca536 100644 --- a/src/internal/syscall/windows/security_windows.go +++ b/src/internal/syscall/windows/security_windows.go @@ -57,8 +57,8 @@ func AdjustTokenPrivileges(token syscall.Token, disableAllPrivileges bool, newst return err } -//sys DuplicateTokenEx(hExistingToken syscall.Handle, dwDesiredAccess uint32, lpTokenAttributes *syscall.SecurityAttributes, impersonationLevel uint32, tokenType TokenType, phNewToken *syscall.Handle) (err error) = advapi32.DuplicateTokenEx -//sys SetTokenInformation(tokenHandle syscall.Handle, tokenInformationClass uint32, tokenInformation uintptr, tokenInformationLength uint32) (err error) = advapi32.SetTokenInformation +//sys DuplicateTokenEx(hExistingToken syscall.Token, dwDesiredAccess uint32, lpTokenAttributes *syscall.SecurityAttributes, impersonationLevel uint32, tokenType TokenType, phNewToken *syscall.Token) (err error) = advapi32.DuplicateTokenEx +//sys SetTokenInformation(tokenHandle syscall.Token, tokenInformationClass uint32, tokenInformation uintptr, tokenInformationLength uint32) (err error) = advapi32.SetTokenInformation type SID_AND_ATTRIBUTES struct { Sid *syscall.SID diff --git a/src/internal/syscall/windows/zsyscall_windows.go b/src/internal/syscall/windows/zsyscall_windows.go index d745fe11a5a1eb955a297477c904718cf97e23cc..bdca80c60d3b44564c9e4ec1ea5e923ed0bdbf5f 100644 --- a/src/internal/syscall/windows/zsyscall_windows.go +++ b/src/internal/syscall/windows/zsyscall_windows.go @@ -263,7 +263,7 @@ func adjustTokenPrivileges(token syscall.Token, disableAllPrivileges bool, newst return } -func DuplicateTokenEx(hExistingToken syscall.Handle, dwDesiredAccess uint32, lpTokenAttributes *syscall.SecurityAttributes, impersonationLevel uint32, tokenType TokenType, phNewToken *syscall.Handle) (err error) { +func DuplicateTokenEx(hExistingToken syscall.Token, dwDesiredAccess uint32, lpTokenAttributes *syscall.SecurityAttributes, impersonationLevel uint32, tokenType TokenType, phNewToken *syscall.Token) (err error) { r1, _, e1 := syscall.Syscall6(procDuplicateTokenEx.Addr(), 6, uintptr(hExistingToken), uintptr(dwDesiredAccess), uintptr(unsafe.Pointer(lpTokenAttributes)), uintptr(impersonationLevel), uintptr(tokenType), uintptr(unsafe.Pointer(phNewToken))) if r1 == 0 { if e1 != 0 { @@ -275,7 +275,7 @@ func DuplicateTokenEx(hExistingToken syscall.Handle, dwDesiredAccess uint32, lpT return } -func SetTokenInformation(tokenHandle syscall.Handle, tokenInformationClass uint32, tokenInformation uintptr, tokenInformationLength uint32) (err error) { +func SetTokenInformation(tokenHandle syscall.Token, tokenInformationClass uint32, tokenInformation uintptr, tokenInformationLength uint32) (err error) { r1, _, e1 := syscall.Syscall6(procSetTokenInformation.Addr(), 4, uintptr(tokenHandle), uintptr(tokenInformationClass), uintptr(tokenInformation), uintptr(tokenInformationLength), 0, 0) if r1 == 0 { if e1 != 0 { diff --git a/src/syscall/exec_windows.go b/src/syscall/exec_windows.go index d5b4a013efe8cfe0235b5ea8c217e074eb4fed1f..91b0e84857d5b8c5c41d22945104fbf5c62d6459 100644 --- a/src/syscall/exec_windows.go +++ b/src/syscall/exec_windows.go @@ -222,7 +222,7 @@ type SysProcAttr struct { HideWindow bool CmdLine string // used if non-empty, else the windows command line is built by escaping the arguments passed to StartProcess CreationFlags uint32 - Token Handle // if set, runs new process in the security context represented by the token + Token Token // if set, runs new process in the security context represented by the token } var zeroProcAttr ProcAttr diff --git a/src/syscall/syscall_windows.go b/src/syscall/syscall_windows.go index 84d5528e20c10ef1fb41a52394ca6f9015101f8f..21d5ecfcb35fdd62793d5ba2d53876651a26419b 100644 --- a/src/syscall/syscall_windows.go +++ b/src/syscall/syscall_windows.go @@ -169,7 +169,7 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys CancelIo(s Handle) (err error) //sys CancelIoEx(s Handle, o *Overlapped) (err error) //sys CreateProcess(appName *uint16, commandLine *uint16, procSecurity *SecurityAttributes, threadSecurity *SecurityAttributes, inheritHandles bool, creationFlags uint32, env *uint16, currentDir *uint16, startupInfo *StartupInfo, outProcInfo *ProcessInformation) (err error) = CreateProcessW -//sys CreateProcessAsUser(token Handle, appName *uint16, commandLine *uint16, procSecurity *SecurityAttributes, threadSecurity *SecurityAttributes, inheritHandles bool, creationFlags uint32, env *uint16, currentDir *uint16, startupInfo *StartupInfo, outProcInfo *ProcessInformation) (err error) = advapi32.CreateProcessAsUserW +//sys CreateProcessAsUser(token Token, appName *uint16, commandLine *uint16, procSecurity *SecurityAttributes, threadSecurity *SecurityAttributes, inheritHandles bool, creationFlags uint32, env *uint16, currentDir *uint16, startupInfo *StartupInfo, outProcInfo *ProcessInformation) (err error) = advapi32.CreateProcessAsUserW //sys OpenProcess(da uint32, inheritHandle bool, pid uint32) (handle Handle, err error) //sys TerminateProcess(handle Handle, exitcode uint32) (err error) //sys GetExitCodeProcess(handle Handle, exitcode *uint32) (err error) diff --git a/src/syscall/zsyscall_windows.go b/src/syscall/zsyscall_windows.go index 2c13b68cb2413cf093dc743bd241b8ca16910b5d..1626c305fc4b89a17aadb4536503cf65cfb168c6 100644 --- a/src/syscall/zsyscall_windows.go +++ b/src/syscall/zsyscall_windows.go @@ -617,7 +617,7 @@ func CreateProcess(appName *uint16, commandLine *uint16, procSecurity *SecurityA return } -func CreateProcessAsUser(token Handle, appName *uint16, commandLine *uint16, procSecurity *SecurityAttributes, threadSecurity *SecurityAttributes, inheritHandles bool, creationFlags uint32, env *uint16, currentDir *uint16, startupInfo *StartupInfo, outProcInfo *ProcessInformation) (err error) { +func CreateProcessAsUser(token Token, appName *uint16, commandLine *uint16, procSecurity *SecurityAttributes, threadSecurity *SecurityAttributes, inheritHandles bool, creationFlags uint32, env *uint16, currentDir *uint16, startupInfo *StartupInfo, outProcInfo *ProcessInformation) (err error) { var _p0 uint32 if inheritHandles { _p0 = 1