winsup/cygwin/advapi32.cc

   1 /* advapi32.cc: Win32 replacement functions.
   2
   3 This file is part of Cygwin.
   4
   5 This software is a copyrighted work licensed under the terms of the
   6 Cygwin license.  Please consult the file "CYGWIN_LICENSE" for
   7 details. */
   8
   9 #include "winsup.h"
  10 #include <winioctl.h>
  11 #include "shared_info.h"
  12 #include "ntdll.h"
  13
  14 #define DEFAULT_NTSTATUS_TO_BOOL_RETURN \
  15   if (!NT_SUCCESS (status)) \
  16     SetLastError (RtlNtStatusToDosError (status)); \
  17   return NT_SUCCESS (status);
  18
  19 /* This file should only contain non-trivial implementations of advapi32
  20    functions, or advapi32 functions for which the ntdll.dll equivalent
  21    is not easy to understand.  In all other case, use the ntdll.dll
  22    equivalent. */
  23
  24 BOOL
  25 RevertToSelf ()
  26 {
  27   HANDLE tok = NULL;
  28   NTSTATUS status = NtSetInformationThread (NtCurrentThread (),
  29                                             ThreadImpersonationToken,
  30                                             &tok, sizeof tok);
  31   DEFAULT_NTSTATUS_TO_BOOL_RETURN
  32 }
  33
  34 BOOL
  35 DuplicateTokenEx (HANDLE tok, DWORD access, LPSECURITY_ATTRIBUTES sec_attr,
  36                   SECURITY_IMPERSONATION_LEVEL level, TOKEN_TYPE type,
  37                   PHANDLE new_tok)
  38 {
  39   SECURITY_QUALITY_OF_SERVICE sqos =
  40     { sizeof sqos, level, SECURITY_STATIC_TRACKING, FALSE };
  41   OBJECT_ATTRIBUTES attr =
  42     { sizeof attr, NULL, NULL,
  43       (sec_attr && sec_attr->bInheritHandle) ? OBJ_INHERIT : 0U,
  44       sec_attr ? sec_attr->lpSecurityDescriptor : NULL, &sqos };
  45   NTSTATUS status = NtDuplicateToken (tok, access, &attr, FALSE, type, new_tok);
  46   DEFAULT_NTSTATUS_TO_BOOL_RETURN
  47 }
  48
  49 BOOL
  50 ImpersonateLoggedOnUser (HANDLE tok)
  51 {
  52   NTSTATUS status;
  53   HANDLE ptok = NULL;
  54   TOKEN_TYPE type;
  55   ULONG size;
  56
  57   status = NtQueryInformationToken (tok, TokenType, &type, sizeof type, &size);
  58   if (!NT_SUCCESS (status))
  59     {
  60       SetLastError (RtlNtStatusToDosError (status));
  61       return FALSE;
  62     }
  63   if (type == TokenPrimary)
  64     {
  65       /* If its a primary token it must be converted to an impersonated
  66          token. */
  67       SECURITY_QUALITY_OF_SERVICE sqos =
  68         { sizeof sqos, SecurityImpersonation, SECURITY_DYNAMIC_TRACKING, FALSE};
  69       OBJECT_ATTRIBUTES attr =
  70         { sizeof attr, NULL, NULL, 0, NULL, &sqos };
  71
  72       /* The required rights for the impersonation token according to MSDN. */
  73       status = NtDuplicateToken (tok, TOKEN_QUERY | TOKEN_IMPERSONATE,
  74                                  &attr, FALSE, TokenImpersonation, &ptok);
  75       if (!NT_SUCCESS (status))
  76         {
  77           SetLastError (RtlNtStatusToDosError (status));
  78           return FALSE;
  79         }
  80       tok = ptok;
  81     }
  82   status = NtSetInformationThread (NtCurrentThread (), ThreadImpersonationToken,
  83                                    &tok, sizeof tok);
  84   if (ptok)
  85     NtClose (ptok);
  86   DEFAULT_NTSTATUS_TO_BOOL_RETURN
  87 }
  88
  89 BOOL
  90 ImpersonateNamedPipeClient (HANDLE pipe)
  91 {
  92   IO_STATUS_BLOCK io;
  93   NTSTATUS status = NtFsControlFile (pipe, NULL, NULL, NULL, &io,
  94                                      FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0);
  95   DEFAULT_NTSTATUS_TO_BOOL_RETURN
  96 }