You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
161 lines
4.0 KiB
161 lines
4.0 KiB
/*++
|
|
|
|
Copyright (c) 1995 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
Token.hxx
|
|
|
|
Abstract:
|
|
|
|
Wrapper for holding onto a particular user token.
|
|
|
|
Author:
|
|
|
|
Mario Goertzel [MarioGo]
|
|
|
|
Revision History:
|
|
|
|
MarioGo 12/20/1995 Bits 'n pieces
|
|
JSimmons 03/19/2001 Made CToken implement IUserToken; this is so
|
|
we can re-use the CToken cache for catalog
|
|
lookups, and have better refcounting
|
|
(ie, cleanup at logoff).
|
|
|
|
--*/
|
|
|
|
#ifndef __TOKEN_HXX
|
|
#define __TOKEN_HXX
|
|
|
|
class CToken;
|
|
|
|
extern CRITICAL_SECTION gcsTokenLock;
|
|
|
|
extern
|
|
ORSTATUS LookupOrCreateTokenForRPCClient(
|
|
IN handle_t hCaller,
|
|
IN BOOL fAllowUnsecure,
|
|
OUT CToken **ppToken,
|
|
OUT BOOL* pfUnsecure);
|
|
|
|
extern
|
|
ORSTATUS
|
|
LookupOrCreateTokenFromHandle(
|
|
IN HANDLE hClientToken,
|
|
OUT CToken **ppToken
|
|
);
|
|
|
|
class CToken : public IUserToken
|
|
{
|
|
public:
|
|
|
|
CToken(HANDLE hToken,
|
|
HANDLE hJobObject,
|
|
LUID luid,
|
|
PSID psid,
|
|
DWORD dwSize)
|
|
: _lRefs(1), // constructed with refcount=1
|
|
_lHKeyRefs(0),
|
|
_hHKCRKey(NULL),
|
|
_hImpersonationToken(hToken),
|
|
_hJobObject(hJobObject),
|
|
_luid(luid)
|
|
{
|
|
ASSERT(IsValidSid(psid));
|
|
ASSERT(dwSize == GetLengthSid(psid));
|
|
OrMemoryCopy(&_sid, psid, dwSize);
|
|
}
|
|
|
|
~CToken();
|
|
|
|
// IUnknown methods
|
|
STDMETHOD(QueryInterface)(REFIID riid, LPVOID* ppv);
|
|
STDMETHOD_(ULONG,AddRef)();
|
|
STDMETHOD_(ULONG,Release)();
|
|
|
|
// IUserToken
|
|
STDMETHOD(GetUserClassesRootKey)(HKEY* phKey);
|
|
STDMETHOD(ReleaseUserClassesRootKey)();
|
|
STDMETHOD(GetUserSid)(BYTE **ppSid, USHORT *pcbSid);
|
|
STDMETHOD(GetUserToken)(HANDLE* phToken);
|
|
|
|
void Impersonate();
|
|
void Revert();
|
|
|
|
PSID GetSid() {
|
|
return &_sid;
|
|
}
|
|
|
|
HANDLE GetToken() {
|
|
return _hImpersonationToken;
|
|
}
|
|
|
|
BOOL MatchLuid(LUID luid) {
|
|
return( luid.LowPart == _luid.LowPart
|
|
&& luid.HighPart == _luid.HighPart);
|
|
}
|
|
|
|
BOOL MatchModifiedLuid(LUID luid);
|
|
|
|
static CToken *ContainingRecord(CListElement *ple) {
|
|
return CONTAINING_RECORD(ple, CToken, _list);
|
|
}
|
|
|
|
void Insert() {
|
|
gpTokenList->Insert(&_list);
|
|
}
|
|
|
|
CListElement *Remove() {
|
|
return(gpTokenList->Remove(&_list));
|
|
}
|
|
|
|
ULONG GetSessionId();
|
|
|
|
HRESULT MatchToken(HANDLE hToken, BOOL bMatchRestricted);
|
|
|
|
HRESULT MatchToken2(CToken *pToken, BOOL bMatchRestricted);
|
|
|
|
HRESULT MatchTokenSessionID(CToken *pToken);
|
|
|
|
HRESULT MatchSessionID(LONG lSessionID)
|
|
{
|
|
return (lSessionID == (LONG) GetSessionId()) ? S_OK : S_FALSE;
|
|
}
|
|
|
|
HRESULT MatchTokenLuid(CToken* pToken);
|
|
|
|
//
|
|
// Compare the safer levels of the two tokens. Returns:
|
|
//
|
|
// S_FALSE: This token is of lesser authorization than the
|
|
// token passed in. (The trust level of the token passed in
|
|
// is higher or equal to the trust level of this token.)
|
|
// S_OK: This token is of greater or equal authorization
|
|
// than the token passed in. (The trust level of the
|
|
// token passed in is lower than the trust level of this
|
|
// token.)
|
|
// Other: An error occured comparing tokens.
|
|
//
|
|
HRESULT CompareSaferLevels(CToken *pToken);
|
|
HRESULT CompareSaferLevels(HANDLE hToken);
|
|
|
|
#if(_WIN32_WINNT >= 0x0500)
|
|
HANDLE GetJobObject() {
|
|
return _hJobObject;
|
|
}
|
|
|
|
#endif //(_WIN32_WINNT >= 0x0500)
|
|
|
|
private:
|
|
LONG _lRefs;
|
|
LONG _lHKeyRefs;
|
|
HKEY _hHKCRKey;
|
|
CListElement _list;
|
|
HANDLE _hImpersonationToken;
|
|
HANDLE _hJobObject;
|
|
LUID _luid; // Logon id
|
|
SID _sid; // Security (user) id, dynamically sized)
|
|
};
|
|
|
|
#endif
|
|
|