xref: /aosp_15_r20/external/lzma/CPP/Windows/SecurityUtils.h (revision f6dc9357d832569d4d1f5d24eacdb3935a1ae8e6) 
1 // Windows/SecurityUtils.h
2 
3 #ifndef ZIP7_INC_WINDOWS_SECURITY_UTILS_H
4 #define ZIP7_INC_WINDOWS_SECURITY_UTILS_H
5 
6 #include <NTSecAPI.h>
7 
8 #include "Defs.h"
9 
10 #ifndef _UNICODE
11 
12 extern "C" {
13 typedef NTSTATUS (NTAPI *Func_LsaOpenPolicy)(PLSA_UNICODE_STRING SystemName,
14     PLSA_OBJECT_ATTRIBUTES ObjectAttributes, ACCESS_MASK DesiredAccess, PLSA_HANDLE PolicyHandle);
15 typedef NTSTATUS (NTAPI *Func_LsaClose)(LSA_HANDLE ObjectHandle);
16 typedef NTSTATUS (NTAPI *Func_LsaAddAccountRights)(LSA_HANDLE PolicyHandle,
17     PSID AccountSid, PLSA_UNICODE_STRING UserRights, ULONG CountOfRights );
18 #define MY_STATUS_NOT_IMPLEMENTED  ((NTSTATUS)0xC0000002L)
19 }
20 
21 Z7_DIAGNOSTIC_IGNORE_CAST_FUNCTION
22 
23 #define POLICY_FUNC_CALL(fff, str)  \
24   if (hModule == NULL) return MY_STATUS_NOT_IMPLEMENTED; \
25   const Func_ ## fff v = Z7_GET_PROC_ADDRESS(Func_ ## fff, hModule, str); \
26   if (!v) return MY_STATUS_NOT_IMPLEMENTED; \
27   const NTSTATUS res = v
28 
29 #else
30 
31 #define POLICY_FUNC_CALL(fff, str)  \
32   const NTSTATUS res = ::fff
33 
34 #endif
35 
36 
37 namespace NWindows {
38 namespace NSecurity {
39 
40 class CAccessToken
41 {
42   HANDLE _handle;
43 public:
CAccessToken()44   CAccessToken(): _handle(NULL) {}
~CAccessToken()45   ~CAccessToken() { Close(); }
Close()46   bool Close()
47   {
48     if (_handle == NULL)
49       return true;
50     bool res = BOOLToBool(::CloseHandle(_handle));
51     if (res)
52       _handle = NULL;
53     return res;
54   }
55 
OpenProcessToken(HANDLE processHandle,DWORD desiredAccess)56   bool OpenProcessToken(HANDLE processHandle, DWORD desiredAccess)
57   {
58     Close();
59     return BOOLToBool(::OpenProcessToken(processHandle, desiredAccess, &_handle));
60   }
61 
62   /*
63   bool OpenThreadToken(HANDLE threadHandle, DWORD desiredAccess, bool openAsSelf)
64   {
65     Close();
66     return BOOLToBool(::OpenTreadToken(threadHandle, desiredAccess, BoolToBOOL(anOpenAsSelf), &_handle));
67   }
68   */
69 
AdjustPrivileges(bool disableAllPrivileges,PTOKEN_PRIVILEGES newState,DWORD bufferLength,PTOKEN_PRIVILEGES previousState,PDWORD returnLength)70   bool AdjustPrivileges(bool disableAllPrivileges, PTOKEN_PRIVILEGES newState,
71       DWORD bufferLength, PTOKEN_PRIVILEGES previousState, PDWORD returnLength)
72     { return BOOLToBool(::AdjustTokenPrivileges(_handle, BoolToBOOL(disableAllPrivileges),
73       newState, bufferLength, previousState, returnLength)); }
74 
AdjustPrivileges(bool disableAllPrivileges,PTOKEN_PRIVILEGES newState)75   bool AdjustPrivileges(bool disableAllPrivileges, PTOKEN_PRIVILEGES newState)
76     { return AdjustPrivileges(disableAllPrivileges, newState, 0, NULL, NULL); }
77 
AdjustPrivileges(PTOKEN_PRIVILEGES newState)78   bool AdjustPrivileges(PTOKEN_PRIVILEGES newState)
79     { return AdjustPrivileges(false, newState); }
80 
81 };
82 
83 
84 
85 
86 struct CPolicy
87 {
88 protected:
89   LSA_HANDLE _handle;
90   #ifndef _UNICODE
91   HMODULE hModule;
92   #endif
93 public:
LSA_HANDLECPolicy94   operator LSA_HANDLE() const { return _handle; }
CPolicyCPolicy95   CPolicy(): _handle(NULL)
96   {
97     #ifndef _UNICODE
98     hModule = GetModuleHandle(TEXT("advapi32.dll"));
99     #endif
100   }
~CPolicyCPolicy101   ~CPolicy() { Close(); }
102 
OpenCPolicy103   NTSTATUS Open(PLSA_UNICODE_STRING systemName, PLSA_OBJECT_ATTRIBUTES objectAttributes,
104       ACCESS_MASK desiredAccess)
105   {
106     Close();
107     POLICY_FUNC_CALL (LsaOpenPolicy, "LsaOpenPolicy")
108       (systemName, objectAttributes, desiredAccess, &_handle);
109     return res;
110   }
111 
CloseCPolicy112   NTSTATUS Close()
113   {
114     if (_handle == NULL)
115       return 0;
116     POLICY_FUNC_CALL (LsaClose, "LsaClose")
117       (_handle);
118     _handle = NULL;
119     return res;
120   }
121 
EnumerateAccountsWithUserRightCPolicy122   NTSTATUS EnumerateAccountsWithUserRight(PLSA_UNICODE_STRING userRights,
123       PLSA_ENUMERATION_INFORMATION *enumerationBuffer, PULONG countReturned)
124     { return LsaEnumerateAccountsWithUserRight(_handle, userRights, (void **)enumerationBuffer, countReturned); }
125 
EnumerateAccountRightsCPolicy126   NTSTATUS EnumerateAccountRights(PSID sid, PLSA_UNICODE_STRING* userRights, PULONG countOfRights)
127     { return ::LsaEnumerateAccountRights(_handle, sid, userRights, countOfRights); }
128 
LookupSidsCPolicy129   NTSTATUS LookupSids(ULONG count, PSID* sids,
130       PLSA_REFERENCED_DOMAIN_LIST* referencedDomains, PLSA_TRANSLATED_NAME* names)
131     { return LsaLookupSids(_handle, count, sids, referencedDomains, names); }
132 
AddAccountRightsCPolicy133   NTSTATUS AddAccountRights(PSID accountSid, PLSA_UNICODE_STRING userRights, ULONG countOfRights)
134   {
135     POLICY_FUNC_CALL (LsaAddAccountRights, "LsaAddAccountRights")
136       (_handle, accountSid, userRights, countOfRights);
137     return res;
138   }
AddAccountRightsCPolicy139   NTSTATUS AddAccountRights(PSID accountSid, PLSA_UNICODE_STRING userRights)
140     { return AddAccountRights(accountSid, userRights, 1); }
141 
RemoveAccountRightsCPolicy142   NTSTATUS RemoveAccountRights(PSID accountSid, bool allRights, PLSA_UNICODE_STRING userRights, ULONG countOfRights)
143     { return LsaRemoveAccountRights(_handle, accountSid, (BOOLEAN)(allRights ? TRUE : FALSE), userRights, countOfRights); }
144 };
145 
146 bool AddLockMemoryPrivilege();
147 
148 }}
149 
150 #endif
151