Initialer Commit

2025-12-06 21:14:58 -06:00 · 2016-06-25 21:15:50 +02:00
commit c3967fe27a
1199 changed files with 290375 additions and 0 deletions
--- a/CPP/Windows/SecurityUtils.cpp
+++ b/CPP/Windows/SecurityUtils.cpp
@@ -0,0 +1,181 @@
+// Windows/SecurityUtils.cpp
+
+#include "StdAfx.h"
+
+#include "../Common/MyString.h"
+
+#include "SecurityUtils.h"
+
+namespace NWindows {
+namespace NSecurity {
+
+/*
+bool MyLookupAccountSid(LPCTSTR systemName, PSID sid,
+  CSysString &accountName, CSysString &domainName, PSID_NAME_USE sidNameUse)
+{
+  DWORD accountNameSize = 0, domainNameSize = 0;
+
+  if (!::LookupAccountSid(systemName, sid,
+      accountName.GetBuf(0), &accountNameSize,
+      domainName.GetBuf(0), &domainNameSize, sidNameUse))
+  {
+    if (::GetLastError() != ERROR_INSUFFICIENT_BUFFER)
+      return false;
+  }
+  DWORD accountNameSize2 = accountNameSize, domainNameSize2 = domainNameSize;
+  bool result = BOOLToBool(::LookupAccountSid(systemName, sid,
+      accountName.GetBuf(accountNameSize), &accountNameSize2,
+      domainName.GetBuf(domainNameSize), &domainNameSize2, sidNameUse));
+  accountName.ReleaseBuf_CalcLen(accountNameSize);
+  domainName.ReleaseBuf_CalcLen(domainNameSize);
+  return result;
+}
+*/
+  
+static void SetLsaString(LPWSTR src, PLSA_UNICODE_STRING dest)
+{
+  int len = (int)wcslen(src);
+  dest->Length = (USHORT)(len * sizeof(WCHAR));
+  dest->MaximumLength = (USHORT)((len + 1) * sizeof(WCHAR));
+  dest->Buffer = src;
+}
+
+/*
+static void MyLookupSids(CPolicy &policy, PSID ps)
+{
+  LSA_REFERENCED_DOMAIN_LIST *referencedDomains = NULL;
+  LSA_TRANSLATED_NAME *names = NULL;
+  NTSTATUS nts = policy.LookupSids(1, &ps, &referencedDomains, &names);
+  int res = LsaNtStatusToWinError(nts);
+  LsaFreeMemory(referencedDomains);
+  LsaFreeMemory(names);
+}
+*/
+
+#ifndef _UNICODE
+typedef BOOL (WINAPI * LookupAccountNameWP)(
+    LPCWSTR lpSystemName,
+    LPCWSTR lpAccountName,
+    PSID Sid,
+    LPDWORD cbSid,
+    LPWSTR ReferencedDomainName,
+    LPDWORD cchReferencedDomainName,
+    PSID_NAME_USE peUse
+    );
+#endif
+
+static PSID GetSid(LPWSTR accountName)
+{
+  #ifndef _UNICODE
+  HMODULE hModule = GetModuleHandle(TEXT("Advapi32.dll"));
+  if (hModule == NULL)
+    return NULL;
+  LookupAccountNameWP lookupAccountNameW = (LookupAccountNameWP)GetProcAddress(hModule, "LookupAccountNameW");
+  if (lookupAccountNameW == NULL)
+    return NULL;
+  #endif
+
+  DWORD sidLen = 0, domainLen = 0;
+  SID_NAME_USE sidNameUse;
+  if (!
+    #ifdef _UNICODE
+    ::LookupAccountNameW
+    #else
+    lookupAccountNameW
+    #endif
+    (NULL, accountName, NULL, &sidLen, NULL, &domainLen, &sidNameUse))
+  {
+    if (::GetLastError() == ERROR_INSUFFICIENT_BUFFER)
+    {
+      PSID pSid = ::HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sidLen);
+      LPWSTR domainName = (LPWSTR)::HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, (domainLen + 1) * sizeof(WCHAR));
+      BOOL res =
+        #ifdef _UNICODE
+        ::LookupAccountNameW
+        #else
+        lookupAccountNameW
+        #endif
+        (NULL, accountName, pSid, &sidLen, domainName, &domainLen, &sidNameUse);
+      ::HeapFree(GetProcessHeap(), 0, domainName);
+      if (res)
+        return pSid;
+    }
+  }
+  return NULL;
+}
+
+#define MY__SE_LOCK_MEMORY_NAME L"SeLockMemoryPrivilege"
+
+bool AddLockMemoryPrivilege()
+{
+  CPolicy policy;
+  LSA_OBJECT_ATTRIBUTES attr;
+  attr.Length = sizeof(attr);
+  attr.RootDirectory = NULL;
+  attr.ObjectName  = NULL;
+  attr.Attributes = 0;
+  attr.SecurityDescriptor = NULL;
+  attr.SecurityQualityOfService  = NULL;
+  if (policy.Open(NULL, &attr,
+      // GENERIC_WRITE)
+      POLICY_ALL_ACCESS)
+      // STANDARD_RIGHTS_REQUIRED,
+      // GENERIC_READ | GENERIC_EXECUTE | POLICY_VIEW_LOCAL_INFORMATION | POLICY_LOOKUP_NAMES)
+      != 0)
+    return false;
+  LSA_UNICODE_STRING userRights;
+  wchar_t s[128] = MY__SE_LOCK_MEMORY_NAME;
+  SetLsaString(s, &userRights);
+  WCHAR userName[256 + 2];
+  DWORD size = 256;
+  if (!GetUserNameW(userName, &size))
+    return false;
+  PSID psid = GetSid(userName);
+  if (psid == NULL)
+    return false;
+  bool res = false;
+
+  /*
+  PLSA_UNICODE_STRING userRightsArray;
+  ULONG countOfRights;
+  NTSTATUS status = policy.EnumerateAccountRights(psid, &userRightsArray, &countOfRights);
+  if (status != 0)
+    return false;
+  bool finded = false;
+  for (ULONG i = 0; i < countOfRights; i++)
+  {
+    LSA_UNICODE_STRING &ur = userRightsArray[i];
+    if (ur.Length != s.Length() * sizeof(WCHAR))
+      continue;
+    if (wcsncmp(ur.Buffer, s, s.Length()) != 0)
+      continue;
+    finded = true;
+    res = true;
+    break;
+  }
+  if (!finded)
+  */
+  {
+    /*
+    LSA_ENUMERATION_INFORMATION *enums;
+    ULONG countReturned;
+    NTSTATUS status = policy.EnumerateAccountsWithUserRight(&userRights, &enums, &countReturned);
+    if (status == 0)
+    {
+      for (ULONG i = 0; i < countReturned; i++)
+        MyLookupSids(policy, enums[i].Sid);
+      if (enums)
+        ::LsaFreeMemory(enums);
+      res = true;
+    }
+    */
+    NTSTATUS status = policy.AddAccountRights(psid, &userRights);
+    if (status == 0)
+      res = true;
+    // ULONG res = LsaNtStatusToWinError(status);
+  }
+  HeapFree(GetProcessHeap(), 0, psid);
+  return res;
+}
+
+}}