windows-server-2003/base/fs/remotefs/dfs/lib/security/processsecurity.cxx

//
//  Copyright (C) 2000-2002, Microsoft Corporation
//
//  File:       Processsecurity.c
//
//  Contents:   miscellaneous dfs functions.
//
//  History:    April 16 2002,   Author: Rohanp
//
//-----------------------------------------------------------------------------

#include <nt.h>
#include <ntrtl.h>
#include <nturtl.h>
#include <ntseapi.h>
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <malloc.h>
#include <dsgetdc.h>
#include <lm.h>
#include <dfsheader.h>
#include <dfsmisc.h>
#include <shellapi.h>
#include <Aclapi.h>
#include <authz.h>
#include <lm.h>

DFSSTATUS
DfsRemoveDisabledPrivileges (void)
{
 
    DFSSTATUS Status = ERROR_SUCCESS;
    DWORD BufferSize = 0;
    BOOL ProcessOpened = FALSE;
    HANDLE   hProcessToken = INVALID_HANDLE_VALUE;
    PTOKEN_PRIVILEGES pTokenPrivs = NULL;
    DWORD i = 0;

    #define PRIVILEGE_NAME_LENGTH MAX_PATH
    WCHAR PrivilegeName[PRIVILEGE_NAME_LENGTH];
    DWORD PrivilegeNameLength = PRIVILEGE_NAME_LENGTH;

    //
    // Open the token.
    //

    ProcessOpened = OpenProcessToken(GetCurrentProcess(),
                                TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
                                &hProcessToken);

    if (Status != ERROR_SUCCESS)

    {
        Status =  GetLastError();
        goto Cleanup;
    }

    //
    // First find out the buffer size we need.
    //

    GetTokenInformation(hProcessToken,
                        TokenPrivileges,
                        NULL,
                        0,
                        &BufferSize
                        );

 
    //
    // Allocate the buffer and get the info
    //


    pTokenPrivs = (PTOKEN_PRIVILEGES) LocalAlloc(LMEM_FIXED, BufferSize);
    if(pTokenPrivs == NULL)
    {
        Status = GetLastError();
        goto Cleanup;
    }

    if(!GetTokenInformation(hProcessToken,
                            TokenPrivileges,
                            pTokenPrivs,
                            BufferSize,
                            &BufferSize)) 
    {
            Status = GetLastError();
            goto Cleanup;
    }
 
    //
    // Find all non-enabled privileges and mark them for removal
    //

 

    for(i=0; i < pTokenPrivs->PrivilegeCount; i++) 
    {
            if(!(pTokenPrivs->Privileges[i].Attributes & 

               (SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT))) 
                {
                    pTokenPrivs->Privileges[i].Attributes = SE_PRIVILEGE_REMOVED;    

                    if(!LookupPrivilegeName(NULL,
                                            &(pTokenPrivs->Privileges[i].Luid),
                                            PrivilegeName,
                                            &PrivilegeNameLength))
                    {


                    } 
                    else 
                    {

                    }
            }
    }

    //
    // Now, actually remove the privileges
    //

    if(!AdjustTokenPrivileges(hProcessToken,
                              FALSE,
                              pTokenPrivs,
                              BufferSize,
                              NULL,
                              NULL)) 
    {
            Status = GetLastError();
            goto Cleanup;
    }


Cleanup:

    if(hProcessToken != INVALID_HANDLE_VALUE)
    {
        CloseHandle (hProcessToken);
    }

    if(pTokenPrivs)
    {
        LocalFree (pTokenPrivs);
    }

    return Status;
}


DFSSTATUS
DfsEnablePrivilege(ULONG Privilege, LPCTSTR PrivName)
{
    NTSTATUS NtStatus = 0;
    DFSSTATUS Status = 0;
    BOOLEAN WasEnabled = FALSE;

    UNREFERENCED_PARAMETER(PrivName);

    NtStatus = RtlAdjustPrivilege(Privilege, TRUE, FALSE, &WasEnabled);
    if(!NT_SUCCESS(NtStatus))
    {
        Status = RtlNtStatusToDosError(NtStatus);
    }

    return Status;
}