archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/base/ntsetup/winnt32/dll/security.c

243 lines
4.8 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. #include "precomp.h"
  2. #pragma hdrstop
  5. BOOL
  6. IsUserAdmin(
  7. VOID
  8. )
  10. /*++
  12. Routine Description:
  14. This routine returns TRUE if the caller's process is a
  15. member of the Administrators local group.
  17. Caller is NOT expected to be impersonating anyone and IS
  18. expected to be able to open their own process and process
  19. token.
  21. Arguments:
  23. None.
  25. Return Value:
  27. TRUE - Caller has Administrators local group.
  29. FALSE - Caller does not have Administrators local group.
  31. --*/
  33. {
  34. HANDLE Token;
  35. DWORD BytesRequired;
  36. PTOKEN_GROUPS Groups;
  37. BOOL b;
  38. DWORD i;
  39. SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
  40. PSID AdministratorsGroup;
  42. //
  43. // On non-NT platforms the user is administrator.
  44. //
  45. if(!ISNT()) {
  46. return(TRUE);
  47. }
  49. //
  50. // Open the process token.
  51. //
  52. if(!OpenProcessToken(GetCurrentProcess(),TOKEN_QUERY,&Token)) {
  53. return(FALSE);
  54. }
  56. b = FALSE;
  57. Groups = NULL;
  59. //
  60. // Get group information.
  61. //
  62. if(!GetTokenInformation(Token,TokenGroups,NULL,0,&BytesRequired)
  63. && (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
  64. && (Groups = (PTOKEN_GROUPS)LocalAlloc(LPTR,BytesRequired))
  65. && GetTokenInformation(Token,TokenGroups,Groups,BytesRequired,&BytesRequired)) {
  67. b = AllocateAndInitializeSid(
  68. &NtAuthority,
  69. 2,
  70. SECURITY_BUILTIN_DOMAIN_RID,
  71. DOMAIN_ALIAS_RID_ADMINS,
  72. 0, 0, 0, 0, 0, 0,
  73. &AdministratorsGroup
  74. );
  76. if(b) {
  78. //
  79. // See if the user has the administrator group.
  80. //
  81. b = FALSE;
  82. for(i=0; i<Groups->GroupCount; i++) {
  83. if(EqualSid(Groups->Groups[i].Sid,AdministratorsGroup)) {
  84. b = TRUE;
  85. break;
  86. }
  87. }
  89. FreeSid(AdministratorsGroup);
  90. }
  91. }
  93. //
  94. // Clean up and return.
  95. //
  97. if(Groups) {
  98. LocalFree((HLOCAL)Groups);
  99. }
  101. CloseHandle(Token);
  103. return(b);
  104. }
  108. BOOL
  109. DoesUserHavePrivilege(
  110. PTSTR PrivilegeName
  111. )
  113. /*++
  115. Routine Description:
  117. This routine returns TRUE if the caller's process has
  118. the specified privilege. The privilege does not have
  119. to be currently enabled. This routine is used to indicate
  120. whether the caller has the potential to enable the privilege.
  122. Caller is NOT expected to be impersonating anyone and IS
  123. expected to be able to open their own process and process
  124. token.
  126. Arguments:
  128. Privilege - the name form of privilege ID (such as
  129. SE_SECURITY_NAME).
  131. Return Value:
  133. TRUE - Caller has the specified privilege.
  135. FALSE - Caller does not have the specified privilege.
  137. --*/
  139. {
  140. HANDLE Token;
  141. ULONG BytesRequired;
  142. PTOKEN_PRIVILEGES Privileges;
  143. BOOL b;
  144. DWORD i;
  145. LUID Luid;
  147. //
  148. // On non-NT platforms the user has all privileges
  149. //
  150. if(!ISNT()) {
  151. return(TRUE);
  152. }
  154. //
  155. // Open the process token.
  156. //
  157. if(!OpenProcessToken(GetCurrentProcess(),TOKEN_QUERY,&Token)) {
  158. return(FALSE);
  159. }
  161. b = FALSE;
  162. Privileges = NULL;
  164. //
  165. // Get privilege information.
  166. //
  167. if(!GetTokenInformation(Token,TokenPrivileges,NULL,0,&BytesRequired)
  168. && (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
  169. && (Privileges = (PTOKEN_PRIVILEGES)LocalAlloc(LPTR,BytesRequired))
  170. && GetTokenInformation(Token,TokenPrivileges,Privileges,BytesRequired,&BytesRequired)
  171. && LookupPrivilegeValue(NULL,PrivilegeName,&Luid)) {
  173. //
  174. // See if we have the requested privilege
  175. //
  176. for(i=0; i<Privileges->PrivilegeCount; i++) {
  178. if(!memcmp(&Luid,&Privileges->Privileges[i].Luid,sizeof(LUID))) {
  180. b = TRUE;
  181. break;
  182. }
  183. }
  184. }
  186. //
  187. // Clean up and return.
  188. //
  190. if(Privileges) {
  191. LocalFree((HLOCAL)Privileges);
  192. }
  194. CloseHandle(Token);
  196. return(b);
  197. }
  200. BOOL
  201. EnablePrivilege(
  202. IN PTSTR PrivilegeName,
  203. IN BOOL Enable
  204. )
  205. {
  206. HANDLE Token;
  207. BOOL b;
  208. TOKEN_PRIVILEGES NewPrivileges;
  209. LUID Luid;
  211. //
  212. // On non-NT platforms the user already has all privileges
  213. //
  214. if(!ISNT()) {
  215. return(TRUE);
  216. }
  218. if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&Token)) {
  219. return(FALSE);
  220. }
  222. if(!LookupPrivilegeValue(NULL,PrivilegeName,&Luid)) {
  223. CloseHandle(Token);
  224. return(FALSE);
  225. }
  227. NewPrivileges.PrivilegeCount = 1;
  228. NewPrivileges.Privileges[0].Luid = Luid;
  229. NewPrivileges.Privileges[0].Attributes = Enable ? SE_PRIVILEGE_ENABLED : 0;
  231. b = AdjustTokenPrivileges(
  232. Token,
  233. FALSE,
  234. &NewPrivileges,
  235. 0,
  236. NULL,
  237. NULL
  238. );
  240. CloseHandle(Token);
  242. return(b);
  243. }