archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/admin/burnslib/inc/autotokenprivileges.hpp

100 lines
2.3 KiB
Raw Permalink Normal View History

commiting as it is
5 years ago
  1. // Copyright (C) 2002 Microsoft Corporation
  2. //
  3. // AutoTokenPrivileges class - for enabling and automatically restoring
  4. // process token privileges
  5. //
  6. // 29 April 2002 sburns
  10. #ifndef AUTOTOKENPRIVILEGES_HPP_INCLUDED
  11. #define AUTOTOKENPRIVILEGES_HPP_INCLUDED
  15. // class AutoTokenPrivileges is a convenient way to scope a process token
  16. // privilege elevation to just the piece of code that requires the elevation,
  17. // and restore it again when the scope exits.
  18. //
  19. // It is generally a good idea to only enable the privileges that are
  20. // absolutely required, and only for as long as they are required. See
  21. // Howard, Michael. Writing Secure Code. Ch. 5. Microsoft Press. ISBN
  22. // 0-7356-1588-8
  23. //
  24. // Example:
  25. //
  26. // { // open scope
  27. // // enable the SE_RESTORE_NAME priv, required to set owers in an sd.
  28. //
  29. // AutoTokenPrivileges autoPrivs(SE_RESTORE_NAME);
  30. // hr = autoPrivs.Enable();
  31. // if (SUCCEEDED(hr))
  32. // {
  33. // // make the calls that require the priv.
  34. // }
  35. // } // close scope -- the old state of the enabled privs will be restored
  39. class
  40. AutoTokenPrivileges
  41. {
  42. public:
  46. // Create a new instance that will enable the named privilege in the
  47. // process token when Enable is called, and restore the prior state of the
  48. // privilege when either Restore is called, or the instance is destroyed.
  49. //
  50. // privName - an SE_ privilege name string, like SE_SHUTDOWN_NAME.
  52. explicit
  53. AutoTokenPrivileges(const String& privName);
  57. // CODEWORK: another ctor that takes a vector of priv names
  60. // Restores the privileges to their state prior to calling Enable, unless
  61. // Restore has been called, in which case the privileges are untouched.
  63. ~AutoTokenPrivileges();
  67. // Enable the privileges that were identified in the ctor. May return
  68. // Win32ToHresult(ERROR_NOT_ALL_ASSIGNED)
  70. HRESULT
  71. Enable();
  75. // Restore the privileges that were enabled to their prior state.
  77. HRESULT
  78. Restore();
  82. private:
  84. HRESULT
  85. InternalRestore();
  88. StringList privNames;
  90. // cached data:
  92. mutable HANDLE processToken;
  93. mutable TOKEN_PRIVILEGES* newPrivs;
  94. mutable TOKEN_PRIVILEGES* oldPrivs;
  95. };
  99. #endif // AUTOTOKENPRIVILEGES_HPP_INCLUDED