mirror of
https://github.com/holub/mame
synced 2025-06-05 20:33:45 +03:00
149 lines
4.2 KiB
C++
149 lines
4.2 KiB
C++
// Windows/SecurityUtils.h
|
|
|
|
#ifndef __WINDOWS_SECURITY_UTILS_H
|
|
#define __WINDOWS_SECURITY_UTILS_H
|
|
|
|
#include <NTSecAPI.h>
|
|
|
|
#include "Defs.h"
|
|
|
|
#ifndef _UNICODE
|
|
|
|
extern "C" {
|
|
typedef NTSTATUS (NTAPI *Func_LsaOpenPolicy)(PLSA_UNICODE_STRING SystemName,
|
|
PLSA_OBJECT_ATTRIBUTES ObjectAttributes, ACCESS_MASK DesiredAccess, PLSA_HANDLE PolicyHandle);
|
|
typedef NTSTATUS (NTAPI *Func_LsaClose)(LSA_HANDLE ObjectHandle);
|
|
typedef NTSTATUS (NTAPI *Func_LsaAddAccountRights)(LSA_HANDLE PolicyHandle,
|
|
PSID AccountSid, PLSA_UNICODE_STRING UserRights, ULONG CountOfRights );
|
|
#define MY_STATUS_NOT_IMPLEMENTED ((NTSTATUS)0xC0000002L)
|
|
}
|
|
|
|
#define POLICY_FUNC_CALL(fff, str) \
|
|
if (hModule == NULL) return MY_STATUS_NOT_IMPLEMENTED; \
|
|
Func_ ## fff v = (Func_ ## fff) (void(*)()) GetProcAddress(hModule, str); \
|
|
if (!v) return MY_STATUS_NOT_IMPLEMENTED; \
|
|
const NTSTATUS res = v
|
|
|
|
#else
|
|
|
|
#define POLICY_FUNC_CALL(fff, str) \
|
|
const NTSTATUS res = ::fff
|
|
|
|
#endif
|
|
|
|
|
|
namespace NWindows {
|
|
namespace NSecurity {
|
|
|
|
class CAccessToken
|
|
{
|
|
HANDLE _handle;
|
|
public:
|
|
CAccessToken(): _handle(NULL) {};
|
|
~CAccessToken() { Close(); }
|
|
bool Close()
|
|
{
|
|
if (_handle == NULL)
|
|
return true;
|
|
bool res = BOOLToBool(::CloseHandle(_handle));
|
|
if (res)
|
|
_handle = NULL;
|
|
return res;
|
|
}
|
|
|
|
bool OpenProcessToken(HANDLE processHandle, DWORD desiredAccess)
|
|
{
|
|
Close();
|
|
return BOOLToBool(::OpenProcessToken(processHandle, desiredAccess, &_handle));
|
|
}
|
|
|
|
/*
|
|
bool OpenThreadToken(HANDLE threadHandle, DWORD desiredAccess, bool openAsSelf)
|
|
{
|
|
Close();
|
|
return BOOLToBool(::OpenTreadToken(threadHandle, desiredAccess, BoolToBOOL(anOpenAsSelf), &_handle));
|
|
}
|
|
*/
|
|
|
|
bool AdjustPrivileges(bool disableAllPrivileges, PTOKEN_PRIVILEGES newState,
|
|
DWORD bufferLength, PTOKEN_PRIVILEGES previousState, PDWORD returnLength)
|
|
{ return BOOLToBool(::AdjustTokenPrivileges(_handle, BoolToBOOL(disableAllPrivileges),
|
|
newState, bufferLength, previousState, returnLength)); }
|
|
|
|
bool AdjustPrivileges(bool disableAllPrivileges, PTOKEN_PRIVILEGES newState)
|
|
{ return AdjustPrivileges(disableAllPrivileges, newState, 0, NULL, NULL); }
|
|
|
|
bool AdjustPrivileges(PTOKEN_PRIVILEGES newState)
|
|
{ return AdjustPrivileges(false, newState); }
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct CPolicy
|
|
{
|
|
protected:
|
|
LSA_HANDLE _handle;
|
|
#ifndef _UNICODE
|
|
HMODULE hModule;
|
|
#endif
|
|
public:
|
|
operator LSA_HANDLE() const { return _handle; }
|
|
CPolicy(): _handle(NULL)
|
|
{
|
|
#ifndef _UNICODE
|
|
hModule = GetModuleHandle(TEXT("Advapi32.dll"));
|
|
#endif
|
|
};
|
|
~CPolicy() { Close(); }
|
|
|
|
NTSTATUS Open(PLSA_UNICODE_STRING systemName, PLSA_OBJECT_ATTRIBUTES objectAttributes,
|
|
ACCESS_MASK desiredAccess)
|
|
{
|
|
Close();
|
|
POLICY_FUNC_CALL (LsaOpenPolicy, "LsaOpenPolicy")
|
|
(systemName, objectAttributes, desiredAccess, &_handle);
|
|
return res;
|
|
}
|
|
|
|
NTSTATUS Close()
|
|
{
|
|
if (_handle == NULL)
|
|
return 0;
|
|
POLICY_FUNC_CALL (LsaClose, "LsaClose")
|
|
(_handle);
|
|
_handle = NULL;
|
|
return res;
|
|
}
|
|
|
|
NTSTATUS EnumerateAccountsWithUserRight(PLSA_UNICODE_STRING userRights,
|
|
PLSA_ENUMERATION_INFORMATION *enumerationBuffer, PULONG countReturned)
|
|
{ return LsaEnumerateAccountsWithUserRight(_handle, userRights, (void **)enumerationBuffer, countReturned); }
|
|
|
|
NTSTATUS EnumerateAccountRights(PSID sid, PLSA_UNICODE_STRING* userRights, PULONG countOfRights)
|
|
{ return ::LsaEnumerateAccountRights(_handle, sid, userRights, countOfRights); }
|
|
|
|
NTSTATUS LookupSids(ULONG count, PSID* sids,
|
|
PLSA_REFERENCED_DOMAIN_LIST* referencedDomains, PLSA_TRANSLATED_NAME* names)
|
|
{ return LsaLookupSids(_handle, count, sids, referencedDomains, names); }
|
|
|
|
NTSTATUS AddAccountRights(PSID accountSid, PLSA_UNICODE_STRING userRights, ULONG countOfRights)
|
|
{
|
|
POLICY_FUNC_CALL (LsaAddAccountRights, "LsaAddAccountRights")
|
|
(_handle, accountSid, userRights, countOfRights);
|
|
return res;
|
|
}
|
|
NTSTATUS AddAccountRights(PSID accountSid, PLSA_UNICODE_STRING userRights)
|
|
{ return AddAccountRights(accountSid, userRights, 1); }
|
|
|
|
NTSTATUS RemoveAccountRights(PSID accountSid, bool allRights, PLSA_UNICODE_STRING userRights, ULONG countOfRights)
|
|
{ return LsaRemoveAccountRights(_handle, accountSid, (BOOLEAN)(allRights ? TRUE : FALSE), userRights, countOfRights); }
|
|
};
|
|
|
|
bool AddLockMemoryPrivilege();
|
|
|
|
}}
|
|
|
|
#endif
|