You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
190 lines
3.7 KiB
190 lines
3.7 KiB
/*
|
|
|
|
// Copyright (c) 2000-2002 Microsoft Corporation, All Rights Reserved
|
|
*
|
|
* Created: 4/21/2000, Kevin Hughes
|
|
*/
|
|
|
|
|
|
#pragma once
|
|
|
|
class CSidAndAttribute
|
|
{
|
|
public:
|
|
CSidAndAttribute() {}
|
|
CSidAndAttribute(
|
|
CSid& csidIn,
|
|
DWORD dwAttribIn)
|
|
{
|
|
m_sid = csidIn;
|
|
m_dwAttributes = dwAttribIn;
|
|
}
|
|
|
|
virtual ~CSidAndAttribute() {}
|
|
CSid m_sid;
|
|
DWORD m_dwAttributes;
|
|
};
|
|
|
|
|
|
class Privilege
|
|
{
|
|
public:
|
|
|
|
Privilege() : dwAttributes(0) {}
|
|
virtual ~Privilege() {}
|
|
Privilege(
|
|
CHString& strIn,
|
|
DWORD attribsIn)
|
|
: dwAttributes(attribsIn)
|
|
{
|
|
chstrName = strIn;
|
|
}
|
|
|
|
CHString chstrName;
|
|
DWORD dwAttributes;
|
|
};
|
|
|
|
|
|
typedef std::vector<CSidAndAttribute> SANDATTRIBUTE_VECTOR;
|
|
typedef std::vector<Privilege> PRIVILEGE_VECTOR;
|
|
|
|
//
|
|
// forwarding
|
|
//
|
|
class CSecurityDescriptor;
|
|
|
|
class CToken
|
|
{
|
|
public:
|
|
CToken();
|
|
CToken(const CToken& rTok);
|
|
virtual ~CToken();
|
|
|
|
void CleanToken () ;
|
|
|
|
BOOL Duplicate (
|
|
const CToken& rTok,
|
|
BOOL bReInit = TRUE,
|
|
DWORD dwDesiredAccess = TOKEN_IMPERSONATE | TOKEN_DUPLICATE | TOKEN_QUERY,
|
|
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel = SecurityImpersonation,
|
|
TOKEN_TYPE type = TokenImpersonation
|
|
|
|
) ;
|
|
|
|
BOOL GetTokenType ( TOKEN_TYPE& type ) const;
|
|
BOOL IsValidToken ()
|
|
{
|
|
return m_fIsValid ;
|
|
}
|
|
|
|
long GetPrivCount() const;
|
|
long GetGroupCount() const;
|
|
|
|
bool GetPrivilege(
|
|
Privilege* privOut,
|
|
long lPos) const;
|
|
|
|
bool GetGroup(
|
|
CSid* sidOut,
|
|
long lPos) const;
|
|
|
|
// Deletes a member from the access token's
|
|
// member list, and applies the change.
|
|
bool DeleteGroup(
|
|
CSid& sidToDelete);
|
|
|
|
// Adds a member to the specified group to
|
|
// the list of token groups.
|
|
bool AddGroup(
|
|
CSid& sidToAdd,
|
|
DWORD dwAttributes);
|
|
|
|
CToken& operator=(const CToken& rv);
|
|
|
|
HANDLE GetTokenHandle() const;
|
|
|
|
bool GetTokenOwner(
|
|
CSid* sidOwner) const;
|
|
|
|
// NOTE: hands back internal descriptor.
|
|
bool GetDefaultSD(
|
|
CSecurityDescriptor** ppsdDefault);
|
|
|
|
DWORD SetDefaultSD(
|
|
CSecurityDescriptor& SourceSD);
|
|
|
|
DWORD EnablePrivilege(
|
|
CHString& strPrivilegeName);
|
|
|
|
DWORD DisablePrivilege(
|
|
CHString& chstrPrivilegeName);
|
|
|
|
void Dump(WCHAR* pszFileName);
|
|
|
|
|
|
protected:
|
|
|
|
DWORD ReinitializeAll();
|
|
HANDLE m_hToken;
|
|
DWORD m_dwLastError;
|
|
bool m_fIsValid;
|
|
|
|
private:
|
|
|
|
|
|
DWORD ReinitializeOwnerSid();
|
|
DWORD ReinitializeDefaultSD();
|
|
DWORD RebuildGroupList();
|
|
DWORD RebuildPrivilegeList();
|
|
DWORD GTI(
|
|
TOKEN_INFORMATION_CLASS TokenInformationClass,
|
|
PVOID* ppvBuff);
|
|
bool ApplyTokenGroups();
|
|
|
|
|
|
CSid m_sidTokenOwner;
|
|
CSecurityDescriptor* m_psdDefault; // Default security info
|
|
SANDATTRIBUTE_VECTOR m_vecGroupsAndAttributes; // List of groups and their attributes
|
|
PRIVILEGE_VECTOR m_vecPrivileges; // List of privileges
|
|
|
|
protected:
|
|
|
|
bool m_fClose;
|
|
|
|
};
|
|
|
|
|
|
|
|
class CProcessToken : public CToken
|
|
{
|
|
public:
|
|
CProcessToken (
|
|
HANDLE hProcess = INVALID_HANDLE_VALUE,
|
|
bool fGetHandleOnly = true,
|
|
DWORD dwDesiredAccess = MAXIMUM_ALLOWED
|
|
);
|
|
|
|
virtual ~CProcessToken() {}
|
|
|
|
private:
|
|
|
|
};
|
|
|
|
|
|
class CThreadToken : public CToken
|
|
{
|
|
public:
|
|
//CThreadToken();
|
|
|
|
CThreadToken (
|
|
HANDLE hThread = INVALID_HANDLE_VALUE,
|
|
bool fGetHandleOnly = true,
|
|
bool fAccessCheckProcess = false,
|
|
DWORD dwDesiredAccess = MAXIMUM_ALLOWED
|
|
);
|
|
|
|
virtual ~CThreadToken() {}
|
|
|
|
private:
|
|
|
|
};
|