archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/windows/appcompat/shims/lib/secutils.cpp

262 lines
5.4 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 2001 Microsoft Corporation
  5. Module Name:
  7. secutils.cpp
  9. Abstract:
  10. The utility functions for the shims.
  12. History:
  14. 02/09/2001 maonis Created
  15. 08/14/2001 robkenny Moved code inside the ShimLib namespace.
  17. --*/
  19. #include "secutils.h"
  20. #include "StrSafe.h"
  22. namespace ShimLib
  23. {
  24. /*++
  26. Function Description:
  28. Determine if the log on user is a member of the group.
  30. Arguments:
  32. IN dwGroup - specify the alias of the group.
  33. OUT pfIsMember - TRUE if it's a member, FALSE if not.
  35. Return Value:
  37. TRUE - we successfully determined if it's a member.
  38. FALSE otherwise.
  40. DevNote:
  42. We are assuming the calling thread is not impersonating.
  44. History:
  46. 02/12/2001 maonis Created
  48. --*/
  50. BOOL
  51. SearchGroupForSID(
  52. DWORD dwGroup,
  53. BOOL* pfIsMember
  54. )
  55. {
  56. PSID pSID = NULL;
  57. SID_IDENTIFIER_AUTHORITY SIDAuth = SECURITY_NT_AUTHORITY;
  58. BOOL fRes = TRUE;
  60. if (!AllocateAndInitializeSid(
  61. &SIDAuth,
  62. 2,
  63. SECURITY_BUILTIN_DOMAIN_RID,
  64. dwGroup,
  65. 0,
  66. 0,
  67. 0,
  68. 0,
  69. 0,
  70. 0,
  71. &pSID))
  72. {
  73. DPF("SecurityUtils", eDbgLevelError, "[SearchGroupForSID] AllocateAndInitializeSid failed %d", GetLastError());
  74. return FALSE;
  75. }
  77. if (!CheckTokenMembership(NULL, pSID, pfIsMember))
  78. {
  79. DPF("SecurityUtils", eDbgLevelError, "[SearchGroupForSID] CheckTokenMembership failed: %d", GetLastError());
  80. fRes = FALSE;
  81. }
  83. FreeSid(pSID);
  85. return fRes;
  86. }
  88. /*++
  90. Function Description:
  92. Determine if we should shim this app or not.
  94. If the user is
  95. 1) a member of the Users and
  96. 2) not a member of the Administrators group and
  97. 3) not a member of the Power Users group and
  98. 3) not a member of the Guest group
  100. we'll apply the shim.
  102. Arguments:
  104. None.
  106. Return Value:
  108. TRUE - we should apply the shim.
  109. FALSE otherwise.
  111. History:
  113. 02/12/2001 maonis Created
  115. --*/
  117. BOOL
  118. ShouldApplyShim()
  119. {
  120. BOOL fIsUser, fIsAdmin, fIsPowerUser, fIsGuest;
  122. if (!SearchGroupForSID(DOMAIN_ALIAS_RID_USERS, &fIsUser) ||
  123. !SearchGroupForSID(DOMAIN_ALIAS_RID_ADMINS, &fIsAdmin) ||
  124. !SearchGroupForSID(DOMAIN_ALIAS_RID_POWER_USERS, &fIsPowerUser) ||
  125. !SearchGroupForSID(DOMAIN_ALIAS_RID_GUESTS, &fIsGuest))
  126. {
  127. //
  128. // Don't do anything if we are not sure.
  129. //
  130. return FALSE;
  131. }
  133. return (fIsUser && !fIsPowerUser && !fIsAdmin && !fIsGuest);
  134. }
  137. // The GENERIC_MAPPING from generic file access rights to specific and standard
  138. // access types.
  139. static GENERIC_MAPPING s_gmFile =
  140. {
  141. FILE_GENERIC_READ,
  142. FILE_GENERIC_WRITE,
  143. FILE_GENERIC_EXECUTE,
  144. FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE
  145. };
  147. /*++
  149. Function Description:
  151. Given the creation dispositon and the desired access when calling
  152. CreateFile, we determine if the caller is requesting write access.
  154. This is specific for files.
  156. Arguments:
  158. IN pszObject - name of the file or directory.
  159. OUT pam - points to the access mask of the user to this object.
  161. Return Value:
  163. TRUE - successfully got the access mask.
  164. FALSE otherwise.
  166. DevNote:
  168. UNDONE - This might not be a complete list...can add as we debug more apps.
  170. History:
  172. 02/12/2001 maonis Created
  174. --*/
  176. BOOL
  177. RequestWriteAccess(
  178. IN DWORD dwCreationDisposition,
  179. IN DWORD dwDesiredAccess
  180. )
  181. {
  182. MapGenericMask(&dwDesiredAccess, &s_gmFile);
  184. if ((dwCreationDisposition != OPEN_EXISTING) ||
  185. (dwDesiredAccess & DELETE) ||
  186. // Generally, app would not specify FILE_WRITE_DATA directly, and if
  187. // it specifies GENERIC_WRITE, it will get mapped to FILE_WRITE_DATA
  188. // OR other things so checking FILE_WRITE_DATA is sufficient.
  189. (dwDesiredAccess & FILE_WRITE_DATA))
  190. {
  191. return TRUE;
  192. }
  194. return FALSE;
  195. }
  197. /*++
  199. Function Description:
  201. Add or remove the SE_PRIVILEGE_ENABLED from the current process.
  204. Arguments:
  206. IN pwszPrivilege Name of the priv. to modify.
  207. IN fEnable Add or remove SE_PRIVILEGE_ENABLED
  209. Return Value:
  211. TRUE - if SE_PRIVILEGE_ENABLED was successfully added or removed.
  212. FALSE otherwise.
  214. 04/03/2001 maonis Created
  216. --*/
  218. BOOL
  219. AdjustPrivilege(
  220. LPCWSTR pwszPrivilege,
  221. BOOL fEnable
  222. )
  223. {
  224. HANDLE hToken;
  225. TOKEN_PRIVILEGES tp;
  226. BOOL fRes = FALSE;
  228. // Obtain the process token.
  229. if (OpenProcessToken(
  230. GetCurrentProcess(),
  231. TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
  232. &hToken))
  233. {
  234. // Get the LUID.
  235. if (LookupPrivilegeValueW(NULL, pwszPrivilege, &tp.Privileges[0].Luid))
  236. {
  237. tp.PrivilegeCount = 1;
  239. tp.Privileges[0].Attributes = (fEnable ? SE_PRIVILEGE_ENABLED : 0);
  241. // Enable or disable the privilege.
  242. if (AdjustTokenPrivileges(
  243. hToken,
  244. FALSE,
  245. &tp,
  246. 0,
  247. (PTOKEN_PRIVILEGES)NULL,
  248. 0))
  249. {
  250. fRes = TRUE;
  251. }
  252. }
  254. CloseHandle(hToken);
  255. }
  257. return fRes;
  258. }
  262. }; // end of namespace ShimLib