Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

164 lines
4.7 KiB

  1. /*++
  2. Copyright (C) 1998-2001 Microsoft Corporation
  3. Module Name:
  4. CALLSEC.H
  5. Abstract:
  6. IWbemCallSecurity, IServerSecurity implementation for
  7. provider impersonation.
  8. History:
  9. raymcc 29-Jul-98 First draft.
  10. --*/
  11. #ifndef _CALLSEC_H_
  12. #define _CALLSEC_H_
  13. #include "parmdefs.h"
  14. // {2ECF39D0-2B26-11d2-AEC8-00C04FB68820}
  15. DEFINE_GUID(IID_IWbemCallSecurity,
  16. 0x2ecf39d0, 0x2b26, 0x11d2, 0xae, 0xc8, 0x0, 0xc0, 0x4f, 0xb6, 0x88, 0x20);
  17. class IWbemCallSecurity : public IServerSecurity
  18. {
  19. public:
  20. virtual HRESULT GetPotentialImpersonation() = 0;
  21. // Tells what the impersonation level would be if
  22. // this object were applied to a thread.
  23. virtual HRESULT GetActiveImpersonation() = 0;
  24. // Tells the true level of impersonation in the
  25. // executing thread.
  26. virtual HRESULT CloneThreadContext(BOOL bInternallyIssued) = 0;
  27. // Called to clone the execution context of the calling thread.
  28. virtual DWORD GetAuthenticationId(LUID& rluid) = 0;
  29. virtual HANDLE GetToken() = 0;
  30. };
  31. //
  32. // Adjust Token Privileges if LocalSystem and if not alredy enabled
  33. //
  34. /////////////////////////////////
  35. void POLARITY AdjustPrivIfLocalSystem(HANDLE hPrimary);
  36. //***************************************************************************
  37. //
  38. // CWbemCallSecurity
  39. //
  40. // This object is used to supply client impersonation to providers.
  41. //
  42. //***************************************************************************
  43. class POLARITY CWbemCallSecurity : public IWbemCallSecurity
  44. {
  45. #ifdef WMI_PRIVATE_DBG
  46. DWORD m_currentThreadID;
  47. DWORD m_lastRevert;
  48. #endif
  49. LONG m_lRef; // COM ref count
  50. HANDLE m_hThreadToken; // Client token for impersonation
  51. DWORD m_dwPotentialImpLevel; // Potential RPC_C_IMP_LEVEL_ or 0
  52. DWORD m_dwActiveImpLevel; // Active RPC_C_IMP_LEVEL_ or 0
  53. // IServerSecurity::QueryBlanket values
  54. DWORD m_dwAuthnSvc; // Authentication service
  55. DWORD m_dwAuthzSvc; // Authorization service
  56. DWORD m_dwAuthnLevel; // Authentication level
  57. LPWSTR m_pServerPrincNam; //
  58. LPWSTR m_pIdentity; // User identity
  59. CWbemCallSecurity(const CWbemCallSecurity &);
  60. CWbemCallSecurity & operator =(const CWbemCallSecurity &);
  61. CWbemCallSecurity();
  62. ~CWbemCallSecurity();
  63. HRESULT CloneThreadToken();
  64. public:
  65. static IWbemCallSecurity * CreateInst();
  66. const wchar_t *GetCallerIdentity() { return m_pIdentity; }
  67. virtual DWORD GetAuthenticationId(LUID& rluid);
  68. virtual HANDLE GetToken();
  69. // IUnknown.
  70. // =========
  71. virtual ULONG STDMETHODCALLTYPE AddRef();
  72. virtual ULONG STDMETHODCALLTYPE Release();
  73. virtual HRESULT STDMETHODCALLTYPE QueryInterface(REFIID riid, void** ppv);
  74. // IServerSecurity.
  75. // ================
  76. virtual HRESULT STDMETHODCALLTYPE QueryBlanket(
  77. /* [out] */ DWORD __RPC_FAR *pAuthnSvc,
  78. /* [out] */ DWORD __RPC_FAR *pAuthzSvc,
  79. /* [out] */ OLECHAR __RPC_FAR *__RPC_FAR *pServerPrincName,
  80. /* [out] */ DWORD __RPC_FAR *pAuthnLevel,
  81. /* [out] */ DWORD __RPC_FAR *pImpLevel,
  82. /* [out] */ void __RPC_FAR *__RPC_FAR *pPrivs,
  83. /* [out] */ DWORD __RPC_FAR *pCapabilities
  84. );
  85. virtual HRESULT STDMETHODCALLTYPE ImpersonateClient( void);
  86. virtual HRESULT STDMETHODCALLTYPE RevertToSelf( void);
  87. virtual BOOL STDMETHODCALLTYPE IsImpersonating( void);
  88. // IWbemCallSecurity methods.
  89. // ============================
  90. virtual HRESULT GetPotentialImpersonation();
  91. // Tells what the impersonation level would be if
  92. // this object were applied to a thread.
  93. virtual HRESULT GetActiveImpersonation();
  94. // Tells the true level of impersonation in the
  95. // executing thread.
  96. virtual HRESULT CloneThreadContext(BOOL bInternallyIssued);
  97. // Called to clone the execution context of the calling thread.
  98. static RELEASE_ME CWbemCallSecurity* MakeInternalCopyOfThread();
  99. };
  100. POLARITY HRESULT RetrieveSidFromToken(HANDLE hToken, CNtSid & sid);
  101. POLARITY HRESULT RetrieveSidFromCall(CNtSid & sid);
  102. class POLARITY CIdentitySecurity
  103. {
  104. private:
  105. CNtSid m_sidUser;
  106. CNtSid m_sidSystem;
  107. HRESULT GetSidFromThreadOrProcess(CNtSid & UserSid);
  108. HRESULT RetrieveSidFromCall(CNtSid & UserSid);
  109. public:
  110. CIdentitySecurity();
  111. ~CIdentitySecurity();
  112. BOOL AccessCheck();
  113. };
  114. #endif