home *** CD-ROM | disk | FTP | other *** search
/ Cream of the Crop 25 / Cream of the Crop 25.iso / faq / wdj0597.zip / TOMLINSN.ZIP / SECURITY.C < prev    next >
C/C++ Source or Header  |  1997-03-04  |  6KB  |  189 lines

  1. #include <windows.h>
  2. #include <stdio.h>
  3. #include "security.h"
  4.  
  5. VOID DumpAccessToken(HANDLE AccessToken)
  6. {
  7.     PVOID Info;
  8.     ULONG size=1024, i;
  9.     Dbg("________Dumping Access Token________\n"); 
  10.  
  11.     Info = malloc(size);
  12.     if (Info == NULL) {
  13.         return;
  14.     }
  15.  
  16.     Dbg("_User SID_\n");
  17.     // requires TOKEN_QUERY access
  18.     if (GetTokenInformation(AccessToken, TokenUser,
  19.                                     Info, size, &size)) {
  20.         PTOKEN_USER User = (PTOKEN_USER)Info;
  21.         DumpSid(User->User.Sid, User->User.Attributes);
  22.     } else {
  23.         ULONG status = GetLastError();
  24.         // you would examine the error cause here!
  25.     }
  26.     Dbg("_Groups SIDs_\n");
  27.     size = 1024;       // requires TOKEN_QUERY access
  28.     if (GetTokenInformation(AccessToken, TokenGroups,
  29.                                     Info, size, &size)) {
  30.         PTOKEN_GROUPS Groups = (PTOKEN_GROUPS)Info;
  31.         for (i = 0; i < Groups->GroupCount; i++) {
  32.             DumpSid(Groups->Groups[i].Sid,
  33.                         Groups->Groups[i].Attributes);
  34.         }
  35.     }
  36.     Dbg("_Privileges_\n");
  37.     size = 1024;        // requires TOKEN_QUERY access
  38.     if (GetTokenInformation(AccessToken, TokenPrivileges,
  39.                                     Info, size, &size)) {
  40.         PTOKEN_PRIVILEGES Priv = (PTOKEN_PRIVILEGES)Info;
  41.         for (i = 0; i < Priv->PrivilegeCount; i++) {
  42.             DumpPrivilege(&Priv->Privileges[i].Luid, 
  43.                           Priv->Privileges[i].Attributes);
  44.         }
  45.     }
  46.     free(Info);
  47.  
  48. } // DumpAccessToken
  49.  
  50. VOID DumpSid(PSID Sid, DWORD Attributes)
  51. {
  52.     SID_NAME_USE Use;
  53.     char szAccount[MAX_PATH], szDomain[MAX_PATH];
  54.     ULONG size1 = MAX_PATH, size2 = MAX_PATH;
  55.  
  56.     if (LookupAccountSid(NULL, Sid, szAccount, &size1,
  57.                                 szDomain, &size2, &Use)) {        
  58.         Dbg1("   Account = %s\n", szAccount);
  59.         Dbg1("   Domain = %s\n", szDomain);
  60.  
  61.         if ((Attributes&SE_GROUP_MANDATORY) == SE_GROUP_MANDATORY) {
  62.             Dbg("   Attribute: SE_GROUP_MANDATORY\n");
  63.         }
  64.         if ((Attributes & SE_GROUP_ENABLED_BY_DEFAULT)
  65.                             == SE_GROUP_ENABLED_BY_DEFAULT) {
  66.             Dbg("   Attribute: SE_GROUP_ENABLED_BY_DEFAULT\n");
  67.         }
  68.         if ((Attributes & SE_GROUP_ENABLED) == SE_GROUP_ENABLED) {
  69.             Dbg("   Attribute: SE_GROUP_ENABLED\n");
  70.         }
  71.         if ((Attributes & SE_GROUP_OWNER) == SE_GROUP_OWNER) { 
  72.             Dbg("   Attribute: SE_GROUP_OWNER\n");
  73.         }
  74.         if ((Attributes & SE_GROUP_LOGON_ID) == SE_GROUP_LOGON_ID) {
  75.             Dbg("   Attribute: SE_GROUP_LOGON_ID\n");
  76.         }
  77.  
  78.     } else {
  79.         if (GetLastError() == ERROR_NONE_MAPPED) {
  80.             Dbg("   No mapping between account name and SID IDs\n");
  81.         } else {
  82.             Dbg("   LookupAccountSid returned an error\n");
  83.         }
  84.     }
  85.         
  86. } // DumpSid
  87.  
  88. VOID DumpPrivilege(PLUID Luid, DWORD Attribute)
  89. {
  90.     char szPrivilege[MAX_PATH];
  91.     ULONG size = MAX_PATH;
  92.     if (LookupPrivilegeName(NULL, Luid, szPrivilege, &size)) {
  93.         Dbg1("   Privilege: %s", szPrivilege);
  94.         if (Attribute == 0) {
  95.             Dbg(" (Disabled)\n");
  96.         } else if (Attribute == SE_PRIVILEGE_ENABLED_BY_DEFAULT) {
  97.             Dbg(" (Enabled by default)\n");
  98.         } else if (Attribute == SE_PRIVILEGE_ENABLED) {
  99.             Dbg(" (Enabled)\n");
  100.         } else if (Attribute == SE_PRIVILEGE_USED_FOR_ACCESS) {
  101.             Dbg(" (Used for Access)\n");
  102.         } else {
  103.             Dbg("(Undocumented)\n");
  104.         }
  105.     }
  106. } // DumpPrivilege
  107.  
  108. BOOL IsUserInGroup(LPTSTR lpGroupName)
  109. {
  110.     HANDLE token;
  111.     BOOL b, bFound = FALSE;
  112.     PSID sid = NULL;
  113.     PTOKEN_GROUPS groups;
  114.     DWORD sidSize = 0, size = 128, i;
  115.     SID_NAME_USE sidNameUse;
  116.     char szDomain[128];
  117.  
  118.     if (OpenProcessToken(GetCurrentProcess(),TOKEN_QUERY,&token)) {
  119.  
  120.         b = LookupAccountName(NULL, lpGroupName, sid, &sidSize,
  121.                               szDomain, &size, &sidNameUse);
  122.  
  123.         if (!b && GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
  124.             sid = malloc(sidSize);
  125.             if (LookupAccountName(NULL, lpGroupName, sid, &sidSize,
  126.                                   szDomain, &size, &sidNameUse)) {
  127.                 // retrieve group membership info for this user
  128.                 size = 0;
  129.                 b = GetTokenInformation(token, TokenGroups, NULL,
  130.                                         0, &size);
  131.  
  132.                 if (!b && GetLastError()
  133.                                 == ERROR_INSUFFICIENT_BUFFER) {
  134.                     groups = malloc(size);
  135.                     if (GetTokenInformation(token, TokenGroups,
  136.                                 groups, size, &size)) {
  137.                         // compare specified group with each group
  138.                         // that the current user is a member of
  139.                         for (i = 0; i < groups->GroupCount; i++) {
  140.                             if(EqualSid(groups->Groups[i].Sid,sid)){
  141.                                 bFound = TRUE;
  142.                                 break;
  143.                             }
  144.                         }
  145.                     }
  146.                     if (groups) free(groups);
  147.                 }
  148.             }
  149.             if (sid) free(sid);
  150.         }
  151.         if (token) CloseHandle(token);
  152.     }
  153.     return bFound;
  154.  
  155. } // IsUserInGroup
  156.  
  157. DWORD EnablePrivilege(PTSTR PrivilegeName, BOOL Enable)
  158. {
  159.     HANDLE token;
  160.     DWORD status;
  161.     TOKEN_PRIVILEGES privilege;
  162.     LUID luid;
  163.  
  164.     if (OpenProcessToken(GetCurrentProcess(),
  165.                          TOKEN_ADJUST_PRIVILEGES, &token)) {
  166.  
  167.         if (LookupPrivilegeValue(NULL, PrivilegeName, &luid)) {
  168.             privilege.PrivilegeCount = 1;
  169.             privilege.Privileges[0].Luid = luid;
  170.             if (Enable) {
  171.                 privilege.Privileges[0].Attributes =
  172.                                         SE_PRIVILEGE_ENABLED;
  173.             } else {
  174.                 privilege.Privileges[0].Attributes = 0;
  175.             }
  176.  
  177.             SetLastError(ERROR_SUCCESS);
  178.             AdjustTokenPrivileges(token, FALSE, &privilege,
  179.                                 0, NULL, NULL);
  180.             status = GetLastError(); 
  181.         }
  182.         CloseHandle(token);
  183.     }
  184.  
  185.     return status;
  186.  
  187. } // SetPrivilege
  188.  
  189.