|
|
//+-------------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (C) Microsoft Corporation, 1997 - 1999
//
// File: security.cpp
//
//--------------------------------------------------------------------------
#include "pch.h"
#pragma hdrstop
#include "security.h"
DWORD Security_SetPrivilegeAttrib( LPCTSTR PrivilegeName, DWORD NewPrivilegeAttribute, DWORD *OldPrivilegeAttribute ){ LUID PrivilegeValue; TOKEN_PRIVILEGES TokenPrivileges, OldTokenPrivileges; DWORD ReturnLength; HANDLE TokenHandle;
//
// First, find out the LUID Value of the privilege
//
if(!LookupPrivilegeValue(NULL, PrivilegeName, &PrivilegeValue)) { return GetLastError(); }
//
// Get the token handle
//
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &TokenHandle)) { return GetLastError(); }
//
// Set up the privilege set we will need
//
TokenPrivileges.PrivilegeCount = 1; TokenPrivileges.Privileges[0].Luid = PrivilegeValue; TokenPrivileges.Privileges[0].Attributes = NewPrivilegeAttribute;
ReturnLength = sizeof(TOKEN_PRIVILEGES); if (!AdjustTokenPrivileges( TokenHandle, FALSE, &TokenPrivileges, sizeof(TOKEN_PRIVILEGES), &OldTokenPrivileges, &ReturnLength )) { CloseHandle(TokenHandle); return GetLastError(); } else { if (NULL != OldPrivilegeAttribute) { *OldPrivilegeAttribute = OldTokenPrivileges.Privileges[0].Attributes; } CloseHandle(TokenHandle); return ERROR_SUCCESS; }}
//
// Returns the SID of the currently logged on user.
// If the function succeeds, use the LocalFree API to
// free the returned SID structure.
//
HRESULTGetCurrentUserSid( PSID *ppsid ){ HRESULT hr = E_FAIL; DWORD dwErr = 0;
//
// Get the token handle. First try the thread token then the process
// token. If these fail we return early. No sense in continuing
// on if we can't get a user token.
//
*ppsid = NULL; CWin32Handle hToken; if (!OpenThreadToken(GetCurrentThread(), TOKEN_READ, TRUE, hToken.HandlePtr())) { if (ERROR_NO_TOKEN == GetLastError()) { if (!OpenProcessToken(GetCurrentProcess(), TOKEN_READ, hToken.HandlePtr())) { dwErr = GetLastError(); return HRESULT_FROM_WIN32(dwErr); } } else { dwErr = GetLastError(); return HRESULT_FROM_WIN32(dwErr); } }
//
// Find operator's SID.
//
LPBYTE pbTokenInfo = NULL; DWORD cbTokenInfo = 0; cbTokenInfo = 0; if (!GetTokenInformation(hToken, TokenUser, NULL, cbTokenInfo, &cbTokenInfo)) { dwErr = GetLastError(); if (ERROR_INSUFFICIENT_BUFFER == dwErr) { pbTokenInfo = new BYTE[cbTokenInfo]; if (NULL == pbTokenInfo) hr = E_OUTOFMEMORY; } else { dwErr = GetLastError(); hr = HRESULT_FROM_WIN32(dwErr); } }
if (NULL != pbTokenInfo) { //
// Get the user token information.
//
if (!GetTokenInformation(hToken, TokenUser, pbTokenInfo, cbTokenInfo, &cbTokenInfo)) { dwErr = GetLastError(); hr = HRESULT_FROM_WIN32(dwErr); } else { SID_AND_ATTRIBUTES *psa = (SID_AND_ATTRIBUTES *)pbTokenInfo; int cbSid = GetLengthSid(psa->Sid); PSID psid = (PSID)LocalAlloc(LPTR, cbSid);
if (NULL != psid) { CopySid(cbSid, psid, psa->Sid); if (IsValidSid(psid)) { //
// SID is valid. Transfer buffer to caller.
//
*ppsid = psid; hr = NOERROR; } else { //
// SID is invalid.
//
LocalFree(psid); hr = HRESULT_FROM_WIN32(ERROR_INVALID_SID); } } else { hr = E_OUTOFMEMORY; } } delete[] pbTokenInfo; } return hr;}
//
// Determines if a given SID is that of the current user.
//
BOOL IsSidCurrentUser(PSID psid){ BOOL bIsCurrent = FALSE; PSID psidUser; if (SUCCEEDED(GetCurrentUserSid(&psidUser))) { bIsCurrent = EqualSid(psid, psidUser); LocalFree(psidUser); } return bIsCurrent;}
|
