OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "cloud_print/service/win/local_security_policy.h" | |
6 | |
7 #include <atlsecurity.h> | |
8 #include <ntsecapi.h> | |
9 #include <windows.h> | |
10 | |
11 #include "base/logging.h" | |
12 #include "base/string_util.h" | |
13 | |
14 const wchar_t kSeServiceLogonRight[] = L"SeServiceLogonRight"; | |
15 | |
16 #ifndef STATUS_SUCCESS | |
17 #define STATUS_SUCCESS ((NTSTATUS)0x00000000L) | |
18 #endif | |
19 | |
20 namespace { | |
21 | |
22 template<class T> | |
23 class ScopedLsaFreeMemory { | |
Albert Bodenhamer
2012/08/14 20:38:18
The transition of ownership here bothers me, thoug
Vitaly Buka (NO REVIEWS)
2012/08/14 20:58:51
I am not sure what do you mean.
On 2012/08/14 20:
| |
24 public: | |
25 ScopedLsaFreeMemory() : lsa_memory_(NULL) { | |
26 } | |
27 | |
28 ~ScopedLsaFreeMemory() { | |
29 Close(); | |
30 } | |
31 | |
32 void Close() { | |
33 if (lsa_memory_) { | |
34 LsaFreeMemory(lsa_memory_); | |
35 lsa_memory_ = NULL; | |
36 } | |
37 } | |
38 | |
39 T* Get() const { | |
40 return lsa_memory_; | |
41 } | |
42 | |
43 T** Receive() { | |
44 Close(); | |
45 return &lsa_memory_; | |
46 } | |
47 | |
48 private: | |
49 T* lsa_memory_; | |
50 DISALLOW_COPY_AND_ASSIGN(ScopedLsaFreeMemory); | |
51 }; | |
52 | |
53 } // namespace | |
54 | |
55 LocalSecurityPolicy::LocalSecurityPolicy() : policy_(NULL) { | |
56 } | |
57 | |
58 LocalSecurityPolicy::~LocalSecurityPolicy() { | |
59 Close(); | |
60 } | |
61 | |
62 void LocalSecurityPolicy::Close() { | |
63 if (policy_) { | |
64 LsaClose(policy_); | |
65 policy_ = NULL; | |
66 } | |
67 } | |
68 | |
69 bool LocalSecurityPolicy::Open() { | |
70 DCHECK(!policy_); | |
71 Close(); | |
72 LSA_OBJECT_ATTRIBUTES attributes = {0}; | |
73 return STATUS_SUCCESS == | |
74 ::LsaOpenPolicy(NULL, &attributes, | |
75 POLICY_CREATE_ACCOUNT | POLICY_LOOKUP_NAMES, | |
76 &policy_); | |
77 } | |
78 | |
79 bool LocalSecurityPolicy::IsPrivilegeSet(const wchar_t* username, | |
80 const wchar_t* privilage) const { | |
81 DCHECK(policy_); | |
82 ATL::CSid user_sid; | |
83 if (!user_sid.LoadAccount(username)) { | |
84 LOG(ERROR) << "Unable to load Sid for" << username; | |
85 return false; | |
86 } | |
87 ScopedLsaFreeMemory<LSA_UNICODE_STRING> rights; | |
88 ULONG count = 0; | |
89 NTSTATUS status = ::LsaEnumerateAccountRights( | |
90 policy_, const_cast<SID*>(user_sid.GetPSID()), rights.Receive(), &count); | |
91 if (STATUS_SUCCESS != status || !rights.Get()) | |
92 return false; | |
93 for (size_t i = 0; i < count; ++i) { | |
94 if (wcscmp(privilage, rights.Get()[i].Buffer) == 0) | |
95 return true; | |
96 } | |
97 return false; | |
98 } | |
99 | |
100 bool LocalSecurityPolicy::SetPrivilege(const wchar_t* username, | |
101 const wchar_t* privilage) { | |
102 DCHECK(policy_); | |
103 ATL::CSid user_sid; | |
104 if (!user_sid.LoadAccount(username)) { | |
105 LOG(ERROR) << "Unable to load Sid for" << username; | |
106 return false; | |
107 } | |
108 LSA_UNICODE_STRING privilege_string; | |
109 string16 privilage_copy(privilage); | |
110 privilege_string.Buffer = &privilage_copy[0]; | |
111 privilege_string.Length = wcslen(privilage) * | |
112 sizeof(privilege_string.Buffer[0]); | |
113 privilege_string.MaximumLength = privilege_string.Length + | |
114 sizeof(privilege_string.Buffer[0]); | |
115 return STATUS_SUCCESS == | |
116 ::LsaAddAccountRights(policy_, const_cast<SID*>(user_sid.GetPSID()), | |
117 &privilege_string, 1); | |
118 } | |
119 | |
OLD | NEW |