home *** CD-ROM | disk | FTP | other *** search

---

/ Cream of the Crop 25 / Cream of the Crop 25.iso / faq / wdj0597.zip / TOMLINSN.ZIP / SECURITY.C

< prev

next >

Wrap

C/C++ Source or Header  |  1997-03-04  |  6KB  |  189 lines

---

1. #include <windows.h>
2. #include <stdio.h>
3. #include "security.h"
4.  
5. VOID DumpAccessToken(HANDLE AccessToken)
6. {
7.     PVOID Info;
8.     ULONG size=1024, i;
9.     Dbg("________Dumping Access Token________\n"); 
10.  
11.     Info = malloc(size);
12.     if (Info == NULL) {
13.         return;
14.     }
15.  
16.     Dbg("_User SID_\n");
17.     // requires TOKEN_QUERY access
18.     if (GetTokenInformation(AccessToken, TokenUser,
19.                                     Info, size, &size)) {
20.         PTOKEN_USER User = (PTOKEN_USER)Info;
21.         DumpSid(User->User.Sid, User->User.Attributes);
22.     } else {
23.         ULONG status = GetLastError();
24.         // you would examine the error cause here!
25.     }
26.     Dbg("_Groups SIDs_\n");
27.     size = 1024;       // requires TOKEN_QUERY access
28.     if (GetTokenInformation(AccessToken, TokenGroups,
29.                                     Info, size, &size)) {
30.         PTOKEN_GROUPS Groups = (PTOKEN_GROUPS)Info;
31.         for (i = 0; i < Groups->GroupCount; i++) {
32.             DumpSid(Groups->Groups[i].Sid,
33.                         Groups->Groups[i].Attributes);
34.         }
35.     }
36.     Dbg("_Privileges_\n");
37.     size = 1024;        // requires TOKEN_QUERY access
38.     if (GetTokenInformation(AccessToken, TokenPrivileges,
39.                                     Info, size, &size)) {
40.         PTOKEN_PRIVILEGES Priv = (PTOKEN_PRIVILEGES)Info;
41.         for (i = 0; i < Priv->PrivilegeCount; i++) {
42.             DumpPrivilege(&Priv->Privileges[i].Luid, 
43.                           Priv->Privileges[i].Attributes);
44.         }
45.     }
46.     free(Info);
47.  
48. } // DumpAccessToken
49.  
50. VOID DumpSid(PSID Sid, DWORD Attributes)
51. {
52.     SID_NAME_USE Use;
53.     char szAccount[MAX_PATH], szDomain[MAX_PATH];
54.     ULONG size1 = MAX_PATH, size2 = MAX_PATH;
55.  
56.     if (LookupAccountSid(NULL, Sid, szAccount, &size1,
57.                                 szDomain, &size2, &Use)) {        
58.         Dbg1("   Account = %s\n", szAccount);
59.         Dbg1("   Domain = %s\n", szDomain);
60.  
61.         if ((Attributes&SE_GROUP_MANDATORY) == SE_GROUP_MANDATORY) {
62.             Dbg("   Attribute: SE_GROUP_MANDATORY\n");
63.         }
64.         if ((Attributes & SE_GROUP_ENABLED_BY_DEFAULT)
65.                             == SE_GROUP_ENABLED_BY_DEFAULT) {
66.             Dbg("   Attribute: SE_GROUP_ENABLED_BY_DEFAULT\n");
67.         }
68.         if ((Attributes & SE_GROUP_ENABLED) == SE_GROUP_ENABLED) {
69.             Dbg("   Attribute: SE_GROUP_ENABLED\n");
70.         }
71.         if ((Attributes & SE_GROUP_OWNER) == SE_GROUP_OWNER) { 
72.             Dbg("   Attribute: SE_GROUP_OWNER\n");
73.         }
74.         if ((Attributes & SE_GROUP_LOGON_ID) == SE_GROUP_LOGON_ID) {
75.             Dbg("   Attribute: SE_GROUP_LOGON_ID\n");
76.         }
77.  
78.     } else {
79.         if (GetLastError() == ERROR_NONE_MAPPED) {
80.             Dbg("   No mapping between account name and SID IDs\n");
81.         } else {
82.             Dbg("   LookupAccountSid returned an error\n");
83.         }
84.     }
85.         
86. } // DumpSid
87.  
88. VOID DumpPrivilege(PLUID Luid, DWORD Attribute)
89. {
90.     char szPrivilege[MAX_PATH];
91.     ULONG size = MAX_PATH;
92.     if (LookupPrivilegeName(NULL, Luid, szPrivilege, &size)) {
93.         Dbg1("   Privilege: %s", szPrivilege);
94.         if (Attribute == 0) {
95.             Dbg(" (Disabled)\n");
96.         } else if (Attribute == SE_PRIVILEGE_ENABLED_BY_DEFAULT) {
97.             Dbg(" (Enabled by default)\n");
98.         } else if (Attribute == SE_PRIVILEGE_ENABLED) {
99.             Dbg(" (Enabled)\n");
100.         } else if (Attribute == SE_PRIVILEGE_USED_FOR_ACCESS) {
101.             Dbg(" (Used for Access)\n");
102.         } else {
103.             Dbg("(Undocumented)\n");
104.         }
105.     }
106. } // DumpPrivilege
107.  
108. BOOL IsUserInGroup(LPTSTR lpGroupName)
109. {
110.     HANDLE token;
111.     BOOL b, bFound = FALSE;
112.     PSID sid = NULL;
113.     PTOKEN_GROUPS groups;
114.     DWORD sidSize = 0, size = 128, i;
115.     SID_NAME_USE sidNameUse;
116.     char szDomain[128];
117.  
118.     if (OpenProcessToken(GetCurrentProcess(),TOKEN_QUERY,&token)) {
119.  
120.         b = LookupAccountName(NULL, lpGroupName, sid, &sidSize,
121.                               szDomain, &size, &sidNameUse);
122.  
123.         if (!b && GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
124.             sid = malloc(sidSize);
125.             if (LookupAccountName(NULL, lpGroupName, sid, &sidSize,
126.                                   szDomain, &size, &sidNameUse)) {
127.                 // retrieve group membership info for this user
128.                 size = 0;
129.                 b = GetTokenInformation(token, TokenGroups, NULL,
130.                                         0, &size);
131.  
132.                 if (!b && GetLastError()
133.                                 == ERROR_INSUFFICIENT_BUFFER) {
134.                     groups = malloc(size);
135.                     if (GetTokenInformation(token, TokenGroups,
136.                                 groups, size, &size)) {
137.                         // compare specified group with each group
138.                         // that the current user is a member of
139.                         for (i = 0; i < groups->GroupCount; i++) {
140.                             if(EqualSid(groups->Groups[i].Sid,sid)){
141.                                 bFound = TRUE;
142.                                 break;
143.                             }
144.                         }
145.                     }
146.                     if (groups) free(groups);
147.                 }
148.             }
149.             if (sid) free(sid);
150.         }
151.         if (token) CloseHandle(token);
152.     }
153.     return bFound;
154.  
155. } // IsUserInGroup
156.  
157. DWORD EnablePrivilege(PTSTR PrivilegeName, BOOL Enable)
158. {
159.     HANDLE token;
160.     DWORD status;
161.     TOKEN_PRIVILEGES privilege;
162.     LUID luid;
163.  
164.     if (OpenProcessToken(GetCurrentProcess(),
165.                          TOKEN_ADJUST_PRIVILEGES, &token)) {
166.  
167.         if (LookupPrivilegeValue(NULL, PrivilegeName, &luid)) {
168.             privilege.PrivilegeCount = 1;
169.             privilege.Privileges[0].Luid = luid;
170.             if (Enable) {
171.                 privilege.Privileges[0].Attributes =
172.                                         SE_PRIVILEGE_ENABLED;
173.             } else {
174.                 privilege.Privileges[0].Attributes = 0;
175.             }
176.  
177.             SetLastError(ERROR_SUCCESS);
178.             AdjustTokenPrivileges(token, FALSE, &privilege,
179.                                 0, NULL, NULL);
180.             status = GetLastError(); 
181.         }
182.         CloseHandle(token);
183.     }
184.  
185.     return status;
186.  
187. } // SetPrivilege
188.  
189.