archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/admin/wmi/wbem/providers/win32provider/common/tokenprivilege.cpp

199 lines
5.0 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*****************************************************************************/
  3. /* Copyright (c) 1999-2001 Microsoft Corporation, All Rights Reserved /
  4. /*****************************************************************************/
  6. /*
  7. * CTokenPrivilege.cpp - implementation file for CTokenPrivilege class.
  8. *
  9. * Created: 12-14-1997 by Sanjeev Surati
  10. * (based on classes from Windows NT Security by Nik Okuntseff)
  11. */
  13. #include "precomp.h"
  14. #include "TokenPrivilege.h"
  16. ///////////////////////////////////////////////////////////////////
  17. //
  18. // Function: CTokenPrivilege::CTokenPrivilege
  19. //
  20. // Class constructor.
  21. //
  22. // Inputs:
  23. // LPCTSTR pszPrivilegeName - The name of the privilege
  24. // this instance will be responsible for.
  25. // HANDLE hAccessToken - User supplied access token.
  26. //
  27. // Outputs:
  28. // None.
  29. //
  30. // Returns:
  31. // None.
  32. //
  33. // Comments:
  34. //
  35. // If the user does NOT supply an access token, we try to open
  36. // a thread token, and if that fails, then the process token.
  37. //
  38. ///////////////////////////////////////////////////////////////////
  40. CTokenPrivilege::CTokenPrivilege( LPCTSTR pszPrivilegeName, HANDLE hAccessToken /*=INVALID_HANDLE_VALUE*/, LPCTSTR pszSystemName /*=NULL*/ )
  41. : m_strPrivilegeName( pszPrivilegeName ),
  42. m_strSystemName( pszSystemName ),
  43. m_hAccessToken( NULL ),
  44. m_fClearToken( FALSE )
  45. {
  47. // If we weren't passed in a valid handle, open the current process token, acknowledging
  48. // that if we do so, we must also clear the token if we opened it.
  50. DWORD dwError = ERROR_SUCCESS;
  52. if ( INVALID_HANDLE_VALUE == hAccessToken )
  53. {
  54. // First try to get a thread token. If this fails because there is no token,
  55. // then grab the process token.
  57. if ( OpenThreadToken( GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, FALSE, &m_hAccessToken ) )
  58. {
  59. m_fClearToken = TRUE;
  60. }
  61. else
  62. {
  63. if ( ( dwError = ::GetLastError() ) == ERROR_NO_TOKEN )
  64. {
  65. if ( OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &m_hAccessToken ) )
  66. {
  67. m_fClearToken = TRUE;
  68. }
  69. }
  70. }
  71. }
  72. else
  73. {
  74. m_hAccessToken = hAccessToken;
  75. }
  77. // Now, get the LUID for the privilege from the local system
  78. ZeroMemory( &m_luid, sizeof(m_luid) );
  80. {
  81. LookupPrivilegeValue( pszSystemName, pszPrivilegeName, &m_luid );
  82. }
  83. }
  85. ///////////////////////////////////////////////////////////////////
  86. //
  87. // Function: CTokenPrivilege::~CTokenPrivilege
  88. //
  89. // Class destructor.
  90. //
  91. // Inputs:
  92. // None.
  93. //
  94. // Outputs:
  95. // None.
  96. //
  97. // Returns:
  98. // None.
  99. //
  100. // Comments:
  101. //
  102. // Cleans up our token only if we Opened it ourselves.
  103. //
  104. ///////////////////////////////////////////////////////////////////
  106. CTokenPrivilege::~CTokenPrivilege( void )
  107. {
  108. if ( m_fClearToken )
  109. {
  110. CloseHandle( m_hAccessToken );
  111. }
  112. }
  114. ///////////////////////////////////////////////////////////////////
  115. //
  116. // Function: CTokenPrivilege::GetPrivilegeDisplayName
  117. //
  118. // Returns a Human readable name for the the token privilege the
  119. // class is handling.
  120. //
  121. // Inputs:
  122. // None.
  123. //
  124. // Outputs:
  125. // CHString& strDisplayName - Display name.
  126. // LPDWORD pdwLanguageId - Language Id of the
  127. // display name.
  128. //
  129. // Returns:
  130. // DWORD ERROR_SUCCESS if successful.
  131. //
  132. // Comments:
  133. //
  134. ///////////////////////////////////////////////////////////////////
  136. DWORD CTokenPrivilege::GetPrivilegeDisplayName( CHString& strDisplayName, LPDWORD pdwLanguageId )
  137. {
  138. DWORD dwError = ERROR_SUCCESS;
  139. DWORD dwDisplayNameSize = 0;
  141. // First, find out how big the buffer in strDisplayName needs to be
  142. LookupPrivilegeDisplayNameW( ( m_strSystemName.IsEmpty() ? NULL : (LPCWSTR) m_strSystemName ),
  143. m_strPrivilegeName,
  144. NULL,
  145. &dwDisplayNameSize,
  146. pdwLanguageId );
  148. {
  149. if ( !LookupPrivilegeDisplayNameW( ( m_strSystemName.IsEmpty() ? NULL : (LPCWSTR) m_strSystemName ),
  150. m_strPrivilegeName,
  151. strDisplayName.GetBuffer( dwDisplayNameSize + 1 ),
  152. &dwDisplayNameSize,
  153. pdwLanguageId ) )
  154. {
  155. dwError = ::GetLastError();
  156. }
  157. }
  159. strDisplayName.ReleaseBuffer();
  161. return dwError;
  162. }
  164. ///////////////////////////////////////////////////////////////////
  165. //
  166. // Function: CTokenPrivilege::Enable
  167. //
  168. // Attempts to enable/disable the privilege we are managing, in
  169. // our token data member.
  170. //
  171. // Inputs:
  172. // BOOL fEnable - Enable/Disable flag.
  173. //
  174. // Outputs:
  175. // None.
  176. //
  177. // Returns:
  178. // DWORD ERROR_SUCCESS if successful.
  179. //
  180. // Comments:
  181. //
  182. ///////////////////////////////////////////////////////////////////
  184. DWORD CTokenPrivilege::Enable( bool fEnable/*=TRUE*/ )
  185. {
  186. DWORD dwError = ERROR_SUCCESS;
  187. TOKEN_PRIVILEGES tokenPrivileges;
  189. tokenPrivileges.PrivilegeCount = 1;
  190. tokenPrivileges.Privileges[0].Luid = m_luid;
  191. tokenPrivileges.Privileges[0].Attributes = ( fEnable ? SE_PRIVILEGE_ENABLED : 0 );
  193. {
  194. AdjustTokenPrivileges(m_hAccessToken, FALSE, &tokenPrivileges, 0, NULL, NULL);
  195. dwError = ::GetLastError();
  196. }
  198. return dwError;
  199. }