uLib
User mode C/C++ extended API library for Win32 programmers.
|
Authorization related functions (SecUtil.cpp)
See also UserMode LSA Support
Typedefs | |
typedef HANDLE | HTOKENEX |
Functions | |
bool | InitializeSecDesc (PSECURITY_DESCRIPTOR pSecDesc, PACL AccsList=NULL) |
bool | EnableProcessPrivilege (CSTR prvName, bool Enable=true) |
bool | EnableProcessPrivileges (bool Enable, CSTR prvName1,...) |
PTOKEN_PRIVILEGES | AllocPrivileges (UINT Count, OPTOUT PDWORD pSize=NULL) |
PTOKEN_PRIVILEGES | FreePrivileges (PTOKEN_PRIVILEGES pPrv) |
bool | EnablePrivilege (HANDLE hToken, CSTR Privilege, bool Enable, OPTOUT PLUID_AND_ATTRIBUTES pSave) |
bool | RestorePrivilege (HANDLE hToken, PTOKEN_PRIVILEGES pSaved) |
See EnablePrivilege(() More... | |
bool | EnablePrivileges (IN HANDLE hToken, IN bool Enable, OPTOUT PTOKEN_PRIVILEGES *ppSave,...) |
bool | RestorePrivileges (HANDLE hToken, PTOKEN_PRIVILEGES pSaved, bool Dispose) |
HTOKENEX | OpenThreadTokenEx (HANDLE hThread, ACCESS_MASK tokenAccess) |
HTOKENEX | CloseThreadTokenEx (HTOKENEX hToken) |
HANDLE | GetThreadExToken (HTOKENEX hTok) |
typedef HANDLE HTOKENEX |
Definition at line 440 of file UtilFunc.h.
bool InitializeSecDesc | ( | PSECURITY_DESCRIPTOR | pSecDesc, |
PACL | AccsList = NULL |
||
) |
Initialize a security descriptor with the given access control list.
Note: AccsList = NULL grants full access to Everyone.
Definition at line 18 of file SecUtil.cpp.
bool EnableProcessPrivilege | ( | CSTR | prvName, |
bool | Enable = true |
||
) |
Enable or disable a single privilege for the current process.
Intended for situations where you don't need to restore the original state.
For precice control you may use EnablePrivilege() or EnablePrivileges() instead.
Example:\n
See also EnableProcessPrivileges().
Definition at line 28 of file SecUtil.cpp.
bool EnableProcessPrivileges | ( | bool | Enable, |
CSTR | prvName1, | ||
... | |||
) |
Enable or disable multiple privileges for the current process.
Note: The last privilege name must be NULL.
See also EnableProcessPrivilege().
Definition at line 46 of file SecUtil.cpp.
Allocate a token privileges struct with Count LUID_AND_ATTRIBUTES.
The optional pSize, if supplied, returns the size of the block in BYTEs.
Deallocate with FreePrivileges() or mem_Free().
PTOKEN_PRIVILEGES FreePrivileges | ( | PTOKEN_PRIVILEGES | pPrv | ) |
See AllocPrivileges(). Return NULL on success.
Definition at line 94 of file SecUtil.cpp.
bool EnablePrivilege | ( | HANDLE | hToken, |
CSTR | Privilege, | ||
bool | Enable, | ||
OPTOUT PLUID_AND_ATTRIBUTES | pSave | ||
) |
EnablePrivilege tries to enable or disable a single privilege in hToken.
hToken | The token must be opened with at least the following permissions:
| |
[in] | prvName | Privilege name, e.g SE_DEBUG_NAME. |
[in] | Enable | Whether to enable or disable the privilege. |
[out] | pSave | [opt] Recieves the previous privilege state. Typical target is TOKEN_PRIVILEGES.Privileges[x]. |
Remember to call RestorePrivilege() after you're done
Note: EnablePrivilege cannot add new privileges to the access token.
See also SetAccountPrivilege(), [MSDN] AdjustTokenPrivileges().
bool RestorePrivilege | ( | HANDLE | hToken, |
PTOKEN_PRIVILEGES | pSaved | ||
) |
See EnablePrivilege(()
Definition at line 162 of file SecUtil.cpp.
bool EnablePrivileges | ( | IN HANDLE | hToken, |
IN bool | Enable, | ||
OPTOUT PTOKEN_PRIVILEGES * | ppSave, | ||
... | |||
) |
EnablePrivileges enables or disables multiple privileges in hToken.
[in] | hToken | The token must be opened with at least the following permissions:
|
[in] | Enable | Whether to enable or disable the privilege. |
[out] | ppSave | [optional] Recieves a pointer to the previous settings. If retrieved, it must be freed by FreePrivileges() or RestorePrivileges(). ppSave can be NULL if the previous privilege state is not needed. |
[in] | ... | The var-args must be privilege names for LookupPrivilegeValue, and the last argument must be NULL to terminate the var-arg list. |
Note: EnablePrivileges can not add new privileges to the access token.
See also SetAccountPrivilege().
bool RestorePrivileges | ( | HANDLE | hToken, |
PTOKEN_PRIVILEGES | pSaved, | ||
bool | Dispose | ||
) |
Restore privileges saved by EnablePrivilege() or EnablePrivileges().
If Dispose is true, FreePrivileges() will be called for pSaved, otherwise you must call it yourself when done.
Definition at line 219 of file SecUtil.cpp.
HTOKENEX OpenThreadTokenEx | ( | HANDLE | hThread, |
ACCESS_MASK | tokenAccess | ||
) |
Always obtain a thread token.
This can be used to f.ex change privileges for a single thread.
The token has the SecurityImpersonation level.
Close it with CloseThreadTokenEx().
Definition at line 252 of file SecUtil.cpp.
The function closes the handle, reverts, and returns NULL on success.
Note: If RevertToSelf() fails, CloseThreadTokenEx returns INVALID_HANDLE_VALUE.
(MSDN) In that case, the program continues in the context of the impersonated
client, which may be inappropriate, so You should terminate the process.
See OpenThreadTokenEx()
Definition at line 288 of file SecUtil.cpp.
HANDLE GetThreadExToken | ( | HTOKENEX | hTok | ) |
Get the token HANDLE from an HTOKENEX.
See OpenThreadTokenEx()
Definition at line 238 of file SecUtil.cpp.