Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

211 lines
5.2 KiB

//+-------------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (C) Microsoft Corporation, 1997 - 1999
//
// File: security.cpp
//
//--------------------------------------------------------------------------
#include "pch.h"
#pragma hdrstop
#include "security.h"
DWORD
Security_SetPrivilegeAttrib(
LPCTSTR PrivilegeName,
DWORD NewPrivilegeAttribute,
DWORD *OldPrivilegeAttribute
)
{
LUID PrivilegeValue;
TOKEN_PRIVILEGES TokenPrivileges, OldTokenPrivileges;
DWORD ReturnLength;
HANDLE TokenHandle;
//
// First, find out the LUID Value of the privilege
//
if(!LookupPrivilegeValue(NULL, PrivilegeName, &PrivilegeValue))
{
return GetLastError();
}
//
// Get the token handle
//
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &TokenHandle))
{
return GetLastError();
}
//
// Set up the privilege set we will need
//
TokenPrivileges.PrivilegeCount = 1;
TokenPrivileges.Privileges[0].Luid = PrivilegeValue;
TokenPrivileges.Privileges[0].Attributes = NewPrivilegeAttribute;
ReturnLength = sizeof(TOKEN_PRIVILEGES);
if (!AdjustTokenPrivileges(
TokenHandle,
FALSE,
&TokenPrivileges,
sizeof(TOKEN_PRIVILEGES),
&OldTokenPrivileges,
&ReturnLength
))
{
CloseHandle(TokenHandle);
return GetLastError();
}
else
{
if (NULL != OldPrivilegeAttribute)
{
*OldPrivilegeAttribute = OldTokenPrivileges.Privileges[0].Attributes;
}
CloseHandle(TokenHandle);
return ERROR_SUCCESS;
}
}
//
// Returns the SID of the currently logged on user.
// If the function succeeds, use the LocalFree API to
// free the returned SID structure.
//
HRESULT
GetCurrentUserSid(
PSID *ppsid
)
{
HRESULT hr = E_FAIL;
DWORD dwErr = 0;
//
// Get the token handle. First try the thread token then the process
// token. If these fail we return early. No sense in continuing
// on if we can't get a user token.
//
*ppsid = NULL;
CWin32Handle hToken;
if (!OpenThreadToken(GetCurrentThread(),
TOKEN_READ,
TRUE,
hToken.HandlePtr()))
{
if (ERROR_NO_TOKEN == GetLastError())
{
if (!OpenProcessToken(GetCurrentProcess(),
TOKEN_READ,
hToken.HandlePtr()))
{
dwErr = GetLastError();
return HRESULT_FROM_WIN32(dwErr);
}
}
else
{
dwErr = GetLastError();
return HRESULT_FROM_WIN32(dwErr);
}
}
//
// Find operator's SID.
//
LPBYTE pbTokenInfo = NULL;
DWORD cbTokenInfo = 0;
cbTokenInfo = 0;
if (!GetTokenInformation(hToken,
TokenUser,
NULL,
cbTokenInfo,
&cbTokenInfo))
{
dwErr = GetLastError();
if (ERROR_INSUFFICIENT_BUFFER == dwErr)
{
pbTokenInfo = new BYTE[cbTokenInfo];
if (NULL == pbTokenInfo)
hr = E_OUTOFMEMORY;
}
else
{
dwErr = GetLastError();
hr = HRESULT_FROM_WIN32(dwErr);
}
}
if (NULL != pbTokenInfo)
{
//
// Get the user token information.
//
if (!GetTokenInformation(hToken,
TokenUser,
pbTokenInfo,
cbTokenInfo,
&cbTokenInfo))
{
dwErr = GetLastError();
hr = HRESULT_FROM_WIN32(dwErr);
}
else
{
SID_AND_ATTRIBUTES *psa = (SID_AND_ATTRIBUTES *)pbTokenInfo;
int cbSid = GetLengthSid(psa->Sid);
PSID psid = (PSID)LocalAlloc(LPTR, cbSid);
if (NULL != psid)
{
CopySid(cbSid, psid, psa->Sid);
if (IsValidSid(psid))
{
//
// SID is valid. Transfer buffer to caller.
//
*ppsid = psid;
hr = NOERROR;
}
else
{
//
// SID is invalid.
//
LocalFree(psid);
hr = HRESULT_FROM_WIN32(ERROR_INVALID_SID);
}
}
else
{
hr = E_OUTOFMEMORY;
}
}
delete[] pbTokenInfo;
}
return hr;
}
//
// Determines if a given SID is that of the current user.
//
BOOL IsSidCurrentUser(PSID psid)
{
BOOL bIsCurrent = FALSE;
PSID psidUser;
if (SUCCEEDED(GetCurrentUserSid(&psidUser)))
{
bIsCurrent = EqualSid(psid, psidUser);
LocalFree(psidUser);
}
return bIsCurrent;
}