Category

Development Platform
Home > SourceCode/Document > Windows Develop > Windows Kernel > View Code
security.cpp
Package: shell.rar [view]
Upload User: xhy777
Upload Date: 2007-02-14
Package Size: 24088k
Code Size: 6k
Category:

Windows Kernel

Development Platform:

Visual C++

security.cpp:Code Content
  1. //+-------------------------------------------------------------------------
  2. //
  3. //  Microsoft Windows
  4. //
  5. //  Copyright (C) Microsoft Corporation, 1997 - 1999
  6. //
  7. //  File:       security.cpp
  8. //
  9. //--------------------------------------------------------------------------
  11. #include "pch.h"
  12. #pragma hdrstop
  14. #include "security.h"
  17. DWORD 
  18. Security_SetPrivilegeAttrib(
  19.     LPCTSTR PrivilegeName, 
  20.     DWORD NewPrivilegeAttribute, 
  21.     DWORD *OldPrivilegeAttribute
  22.     )
  23. {
  24.     LUID             PrivilegeValue;
  25.     TOKEN_PRIVILEGES TokenPrivileges, OldTokenPrivileges;
  26.     DWORD            ReturnLength;
  27.     HANDLE           TokenHandle;
  29.     //
  30.     // First, find out the LUID Value of the privilege
  31.     //
  32.     if(!LookupPrivilegeValue(NULL, PrivilegeName, &PrivilegeValue)) 
  33.     {
  34.         return GetLastError();
  35.     }
  37.     //
  38.     // Get the token handle
  39.     //
  40.     if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &TokenHandle)) 
  41.     {
  42.         return GetLastError();
  43.     }
  45.     //
  46.     // Set up the privilege set we will need
  47.     //
  48.     TokenPrivileges.PrivilegeCount = 1;
  49.     TokenPrivileges.Privileges[0].Luid = PrivilegeValue;
  50.     TokenPrivileges.Privileges[0].Attributes = NewPrivilegeAttribute;
  52.     ReturnLength = sizeof(TOKEN_PRIVILEGES);
  53.     if (!AdjustTokenPrivileges(
  54.                 TokenHandle,
  55.                 FALSE,
  56.                 &TokenPrivileges,
  57.                 sizeof(TOKEN_PRIVILEGES),
  58.                 &OldTokenPrivileges,
  59.                 &ReturnLength
  60.                 )) 
  61.     {
  62.         CloseHandle(TokenHandle);
  63.         return GetLastError();
  64.     }
  65.     else 
  66.     {
  67.         if (NULL != OldPrivilegeAttribute) 
  68.         {
  69.             *OldPrivilegeAttribute = OldTokenPrivileges.Privileges[0].Attributes;
  70.         }
  71.         CloseHandle(TokenHandle);
  72.         return ERROR_SUCCESS;
  73.     }
  74. }
  79. BOOL IsCurrentUserAnAdminMember(VOID)
  80. {
  81.     SID_IDENTIFIER_AUTHORITY authNT = SECURITY_NT_AUTHORITY;
  82.     NTSTATUS Status;
  83.     PSID AdminsDomainSid;
  84.     BOOL bIsAdminMember = FALSE;
  85.     //
  86.     // Create Admins domain sid.
  87.     //
  88.     Status = RtlAllocateAndInitializeSid(
  89.                &authNT,
  90.                2,
  91.                SECURITY_BUILTIN_DOMAIN_RID,
  92.                DOMAIN_ALIAS_RID_ADMINS,
  93.                0, 0, 0, 0, 0, 0,
  94.                &AdminsDomainSid
  95.                );
  98.     if (STATUS_SUCCESS == Status)
  99.     {
  100.         CheckTokenMembership(NULL, AdminsDomainSid, &bIsAdminMember);
  101.         RtlFreeSid(AdminsDomainSid);
  102.     }
  103.     return bIsAdminMember;
  104. }
  107. //
  108. // Returns the SID of the currently logged on user.
  109. // If the function succeeds, use the FreeSid API to 
  110. // free the returned SID structure.
  111. //
  112. HRESULT
  113. GetCurrentUserSid(
  114.     PSID *ppsid
  115.     )
  116. {
  117.     HRESULT hr  = NOERROR;
  118.     DWORD dwErr = 0;
  120.     //
  121.     // Get the token handle. First try the thread token then the process
  122.     // token.  If these fail we return early.  No sense in continuing
  123.     // on if we can't get a user token.
  124.     //
  125.     *ppsid = NULL;
  126.     CWin32Handle hToken;
  127.     if (!OpenThreadToken(GetCurrentThread(),
  128.                          TOKEN_READ,
  129.                          TRUE,
  130.                          hToken.HandlePtr()))
  131.     {
  132.         if (ERROR_NO_TOKEN == GetLastError())
  133.         {
  134.             if (!OpenProcessToken(GetCurrentProcess(),
  135.                                   TOKEN_READ,
  136.                                   hToken.HandlePtr()))
  137.             {
  138.                 dwErr = GetLastError();
  139.                 return HRESULT_FROM_WIN32(dwErr);
  140.             }
  141.         }
  142.         else
  143.         {
  144.             dwErr = GetLastError();
  145.             return HRESULT_FROM_WIN32(dwErr);
  146.         }
  147.     }
  149.     //
  150.     // Find operator's SID.
  151.     //
  152.     LPBYTE pbTokenInfo = NULL;
  153.     DWORD cbTokenInfo = 0;
  154.     cbTokenInfo = 0;
  155.     if (!GetTokenInformation(hToken,
  156.                              TokenUser,
  157.                              NULL,
  158.                              cbTokenInfo,
  159.                              &cbTokenInfo))
  160.     {
  161.         dwErr = GetLastError();
  162.         if (ERROR_INSUFFICIENT_BUFFER == dwErr)
  163.         {
  164.             pbTokenInfo = new BYTE[cbTokenInfo];
  165.         }
  166.         else
  167.         {
  168.             dwErr = GetLastError();
  169.             hr = HRESULT_FROM_WIN32(hr);
  170.         }
  171.     }
  173.     if (SUCCEEDED(hr))
  174.     {
  175.         //
  176.         // Get the user token information.
  177.         //
  178.         if (!GetTokenInformation(hToken,
  179.                                  TokenUser,
  180.                                  pbTokenInfo,
  181.                                  cbTokenInfo,
  182.                                  &cbTokenInfo))
  183.         {
  184.             dwErr = GetLastError();
  185.             hr = HRESULT_FROM_WIN32(dwErr);
  186.         }
  187.         else
  188.         {
  189.             SID_AND_ATTRIBUTES *psa = (SID_AND_ATTRIBUTES *)pbTokenInfo;
  190.             int cbSid = GetLengthSid(psa->Sid);
  191.             *ppsid = (PSID)new BYTE[cbSid];
  192.             if (NULL != *ppsid)
  193.             {
  194.                 CopySid(cbSid, *ppsid, psa->Sid);
  195.                 hr = NOERROR;
  196.             }
  197.             else
  198.             {
  199.                 hr = E_OUTOFMEMORY;
  200.             }
  201.         }
  202.         delete[] pbTokenInfo;
  203.     }
  204.     if (SUCCEEDED(hr) && NULL != *ppsid && !IsValidSid(*ppsid))
  205.     {
  206.         //
  207.         // We created a SID but it's invalid.
  208.         //
  209.         FreeSid(*ppsid);
  210.         *ppsid = NULL;
  211.         hr = HRESULT_FROM_WIN32(ERROR_INVALID_SID);
  212.     }
  213.     return hr;
  214. }
  217. //
  218. // Determines if a given SID is that of the current user.
  219. //
  220. BOOL IsSidCurrentUser(PSID psid)
  221. {
  222.     BOOL bIsCurrent = FALSE;
  223.     PSID psidUser;
  224.     if (SUCCEEDED(GetCurrentUserSid(&psidUser)))
  225.     {
  226.         bIsCurrent = EqualSid(psid, psidUser);
  227.         FreeSid(psidUser);
  228.     }
  229.     return bIsCurrent;
  230. }