1370b324cSopenharmony_ci// Windows/SecurityUtils.h
2370b324cSopenharmony_ci
3370b324cSopenharmony_ci#ifndef ZIP7_INC_WINDOWS_SECURITY_UTILS_H
4370b324cSopenharmony_ci#define ZIP7_INC_WINDOWS_SECURITY_UTILS_H
5370b324cSopenharmony_ci
6370b324cSopenharmony_ci#include <NTSecAPI.h>
7370b324cSopenharmony_ci
8370b324cSopenharmony_ci#include "Defs.h"
9370b324cSopenharmony_ci
10370b324cSopenharmony_ci#ifndef _UNICODE
11370b324cSopenharmony_ci
12370b324cSopenharmony_ciextern "C" {
13370b324cSopenharmony_citypedef NTSTATUS (NTAPI *Func_LsaOpenPolicy)(PLSA_UNICODE_STRING SystemName,
14370b324cSopenharmony_ci    PLSA_OBJECT_ATTRIBUTES ObjectAttributes, ACCESS_MASK DesiredAccess, PLSA_HANDLE PolicyHandle);
15370b324cSopenharmony_citypedef NTSTATUS (NTAPI *Func_LsaClose)(LSA_HANDLE ObjectHandle);
16370b324cSopenharmony_citypedef NTSTATUS (NTAPI *Func_LsaAddAccountRights)(LSA_HANDLE PolicyHandle,
17370b324cSopenharmony_ci    PSID AccountSid, PLSA_UNICODE_STRING UserRights, ULONG CountOfRights );
18370b324cSopenharmony_ci#define MY_STATUS_NOT_IMPLEMENTED  ((NTSTATUS)0xC0000002L)
19370b324cSopenharmony_ci}
20370b324cSopenharmony_ci
21370b324cSopenharmony_ci#define POLICY_FUNC_CALL(fff, str)  \
22370b324cSopenharmony_ci  if (hModule == NULL) return MY_STATUS_NOT_IMPLEMENTED; \
23370b324cSopenharmony_ci  const Func_ ## fff v = Z7_GET_PROC_ADDRESS(Func_ ## fff, hModule, str); \
24370b324cSopenharmony_ci  if (!v) return MY_STATUS_NOT_IMPLEMENTED; \
25370b324cSopenharmony_ci  const NTSTATUS res = v
26370b324cSopenharmony_ci
27370b324cSopenharmony_ci#else
28370b324cSopenharmony_ci
29370b324cSopenharmony_ci#define POLICY_FUNC_CALL(fff, str)  \
30370b324cSopenharmony_ci  const NTSTATUS res = ::fff
31370b324cSopenharmony_ci
32370b324cSopenharmony_ci#endif
33370b324cSopenharmony_ci
34370b324cSopenharmony_ci
35370b324cSopenharmony_cinamespace NWindows {
36370b324cSopenharmony_cinamespace NSecurity {
37370b324cSopenharmony_ci
38370b324cSopenharmony_ciclass CAccessToken
39370b324cSopenharmony_ci{
40370b324cSopenharmony_ci  HANDLE _handle;
41370b324cSopenharmony_cipublic:
42370b324cSopenharmony_ci  CAccessToken(): _handle(NULL) {}
43370b324cSopenharmony_ci  ~CAccessToken() { Close(); }
44370b324cSopenharmony_ci  bool Close()
45370b324cSopenharmony_ci  {
46370b324cSopenharmony_ci    if (_handle == NULL)
47370b324cSopenharmony_ci      return true;
48370b324cSopenharmony_ci    bool res = BOOLToBool(::CloseHandle(_handle));
49370b324cSopenharmony_ci    if (res)
50370b324cSopenharmony_ci      _handle = NULL;
51370b324cSopenharmony_ci    return res;
52370b324cSopenharmony_ci  }
53370b324cSopenharmony_ci
54370b324cSopenharmony_ci  bool OpenProcessToken(HANDLE processHandle, DWORD desiredAccess)
55370b324cSopenharmony_ci  {
56370b324cSopenharmony_ci    Close();
57370b324cSopenharmony_ci    return BOOLToBool(::OpenProcessToken(processHandle, desiredAccess, &_handle));
58370b324cSopenharmony_ci  }
59370b324cSopenharmony_ci
60370b324cSopenharmony_ci  /*
61370b324cSopenharmony_ci  bool OpenThreadToken(HANDLE threadHandle, DWORD desiredAccess, bool openAsSelf)
62370b324cSopenharmony_ci  {
63370b324cSopenharmony_ci    Close();
64370b324cSopenharmony_ci    return BOOLToBool(::OpenTreadToken(threadHandle, desiredAccess, BoolToBOOL(anOpenAsSelf), &_handle));
65370b324cSopenharmony_ci  }
66370b324cSopenharmony_ci  */
67370b324cSopenharmony_ci
68370b324cSopenharmony_ci  bool AdjustPrivileges(bool disableAllPrivileges, PTOKEN_PRIVILEGES newState,
69370b324cSopenharmony_ci      DWORD bufferLength, PTOKEN_PRIVILEGES previousState, PDWORD returnLength)
70370b324cSopenharmony_ci    { return BOOLToBool(::AdjustTokenPrivileges(_handle, BoolToBOOL(disableAllPrivileges),
71370b324cSopenharmony_ci      newState, bufferLength, previousState, returnLength)); }
72370b324cSopenharmony_ci
73370b324cSopenharmony_ci  bool AdjustPrivileges(bool disableAllPrivileges, PTOKEN_PRIVILEGES newState)
74370b324cSopenharmony_ci    { return AdjustPrivileges(disableAllPrivileges, newState, 0, NULL, NULL); }
75370b324cSopenharmony_ci
76370b324cSopenharmony_ci  bool AdjustPrivileges(PTOKEN_PRIVILEGES newState)
77370b324cSopenharmony_ci    { return AdjustPrivileges(false, newState); }
78370b324cSopenharmony_ci
79370b324cSopenharmony_ci};
80370b324cSopenharmony_ci
81370b324cSopenharmony_ci
82370b324cSopenharmony_ci
83370b324cSopenharmony_ci
84370b324cSopenharmony_cistruct CPolicy
85370b324cSopenharmony_ci{
86370b324cSopenharmony_ciprotected:
87370b324cSopenharmony_ci  LSA_HANDLE _handle;
88370b324cSopenharmony_ci  #ifndef _UNICODE
89370b324cSopenharmony_ci  HMODULE hModule;
90370b324cSopenharmony_ci  #endif
91370b324cSopenharmony_cipublic:
92370b324cSopenharmony_ci  operator LSA_HANDLE() const { return _handle; }
93370b324cSopenharmony_ci  CPolicy(): _handle(NULL)
94370b324cSopenharmony_ci  {
95370b324cSopenharmony_ci    #ifndef _UNICODE
96370b324cSopenharmony_ci    hModule = GetModuleHandle(TEXT("advapi32.dll"));
97370b324cSopenharmony_ci    #endif
98370b324cSopenharmony_ci  }
99370b324cSopenharmony_ci  ~CPolicy() { Close(); }
100370b324cSopenharmony_ci
101370b324cSopenharmony_ci  NTSTATUS Open(PLSA_UNICODE_STRING systemName, PLSA_OBJECT_ATTRIBUTES objectAttributes,
102370b324cSopenharmony_ci      ACCESS_MASK desiredAccess)
103370b324cSopenharmony_ci  {
104370b324cSopenharmony_ci    Close();
105370b324cSopenharmony_ci    POLICY_FUNC_CALL (LsaOpenPolicy, "LsaOpenPolicy")
106370b324cSopenharmony_ci      (systemName, objectAttributes, desiredAccess, &_handle);
107370b324cSopenharmony_ci    return res;
108370b324cSopenharmony_ci  }
109370b324cSopenharmony_ci
110370b324cSopenharmony_ci  NTSTATUS Close()
111370b324cSopenharmony_ci  {
112370b324cSopenharmony_ci    if (_handle == NULL)
113370b324cSopenharmony_ci      return 0;
114370b324cSopenharmony_ci    POLICY_FUNC_CALL (LsaClose, "LsaClose")
115370b324cSopenharmony_ci      (_handle);
116370b324cSopenharmony_ci    _handle = NULL;
117370b324cSopenharmony_ci    return res;
118370b324cSopenharmony_ci  }
119370b324cSopenharmony_ci
120370b324cSopenharmony_ci  NTSTATUS EnumerateAccountsWithUserRight(PLSA_UNICODE_STRING userRights,
121370b324cSopenharmony_ci      PLSA_ENUMERATION_INFORMATION *enumerationBuffer, PULONG countReturned)
122370b324cSopenharmony_ci    { return LsaEnumerateAccountsWithUserRight(_handle, userRights, (void **)enumerationBuffer, countReturned); }
123370b324cSopenharmony_ci
124370b324cSopenharmony_ci  NTSTATUS EnumerateAccountRights(PSID sid, PLSA_UNICODE_STRING* userRights, PULONG countOfRights)
125370b324cSopenharmony_ci    { return ::LsaEnumerateAccountRights(_handle, sid, userRights, countOfRights); }
126370b324cSopenharmony_ci
127370b324cSopenharmony_ci  NTSTATUS LookupSids(ULONG count, PSID* sids,
128370b324cSopenharmony_ci      PLSA_REFERENCED_DOMAIN_LIST* referencedDomains, PLSA_TRANSLATED_NAME* names)
129370b324cSopenharmony_ci    { return LsaLookupSids(_handle, count, sids, referencedDomains, names); }
130370b324cSopenharmony_ci
131370b324cSopenharmony_ci  NTSTATUS AddAccountRights(PSID accountSid, PLSA_UNICODE_STRING userRights, ULONG countOfRights)
132370b324cSopenharmony_ci  {
133370b324cSopenharmony_ci    POLICY_FUNC_CALL (LsaAddAccountRights, "LsaAddAccountRights")
134370b324cSopenharmony_ci      (_handle, accountSid, userRights, countOfRights);
135370b324cSopenharmony_ci    return res;
136370b324cSopenharmony_ci  }
137370b324cSopenharmony_ci  NTSTATUS AddAccountRights(PSID accountSid, PLSA_UNICODE_STRING userRights)
138370b324cSopenharmony_ci    { return AddAccountRights(accountSid, userRights, 1); }
139370b324cSopenharmony_ci
140370b324cSopenharmony_ci  NTSTATUS RemoveAccountRights(PSID accountSid, bool allRights, PLSA_UNICODE_STRING userRights, ULONG countOfRights)
141370b324cSopenharmony_ci    { return LsaRemoveAccountRights(_handle, accountSid, (BOOLEAN)(allRights ? TRUE : FALSE), userRights, countOfRights); }
142370b324cSopenharmony_ci};
143370b324cSopenharmony_ci
144370b324cSopenharmony_cibool AddLockMemoryPrivilege();
145370b324cSopenharmony_ci
146370b324cSopenharmony_ci}}
147370b324cSopenharmony_ci
148370b324cSopenharmony_ci#endif
149