From 69905917cf2c46fa0093df7323e5326450d1246b Mon Sep 17 00:00:00 2001 From: Egor Tensin Date: Fri, 14 Oct 2016 00:00:22 +0300 Subject: move code from headers to .cpp files --- src/error.cpp | 37 ++++++++++++ src/error.hpp | 23 ++------ src/handle.hpp | 2 +- src/main.cpp | 5 ++ src/os.cpp | 24 ++++++++ src/os.hpp | 16 +----- src/process.cpp | 64 +++++++++++++++++++++ src/process.hpp | 47 ++-------------- src/resource.cpp | 37 ++++++++++++ src/resource.hpp | 25 +-------- src/sid.cpp | 73 ++++++++++++++++++++++++ src/sid.hpp | 56 ++----------------- src/string.hpp | 14 ++--- src/token.cpp | 167 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ src/token.hpp | 152 +++----------------------------------------------- 15 files changed, 442 insertions(+), 300 deletions(-) create mode 100644 src/error.cpp create mode 100644 src/os.cpp create mode 100644 src/process.cpp create mode 100644 src/resource.cpp create mode 100644 src/sid.cpp create mode 100644 src/token.cpp (limited to 'src') diff --git a/src/error.cpp b/src/error.cpp new file mode 100644 index 0000000..e0b4648 --- /dev/null +++ b/src/error.cpp @@ -0,0 +1,37 @@ +// Copyright (c) 2016 Egor Tensin +// This file is part of the "Privilege check" project. +// For details, see https://github.com/egor-tensin/privilege-check. +// Distributed under the MIT License. + +#pragma once + +#include "error.hpp" + +#include + +#include +#include + +namespace error +{ + Error make(const char* function_name) + { + const auto ec = GetLastError(); + return {static_cast(ec), std::system_category(), function_name}; + } + + void raise(const char* function_name) + { + throw make(function_name); + } + + void report(const std::exception& e) + { + MessageBoxA(NULL, e.what(), NULL, MB_OK); + } + + int get_code(const Error& e) + { + return e.code().value(); + } +} diff --git a/src/error.hpp b/src/error.hpp index 0eeb147..b8ba468 100644 --- a/src/error.hpp +++ b/src/error.hpp @@ -5,8 +5,6 @@ #pragma once -#include - #include #include @@ -14,24 +12,11 @@ typedef std::system_error Error; namespace error { - Error make(const char* function_name) - { - const auto ec = GetLastError(); - return {static_cast(ec), std::system_category(), function_name}; - } + Error make(const char* function_name); - inline void raise(const char* function_name) - { - throw make(function_name); - } + void raise(const char* function_name); - void report(const std::exception& e) - { - MessageBoxA(NULL, e.what(), NULL, MB_OK); - } + void report(const std::exception&); - int get_code(const Error& e) - { - return e.code().value(); - } + int get_code(const Error&); } diff --git a/src/handle.hpp b/src/handle.hpp index 80b6a06..62670de 100644 --- a/src/handle.hpp +++ b/src/handle.hpp @@ -62,7 +62,7 @@ private: namespace std { - void swap(Handle& a, Handle& b) noexcept + inline void swap(Handle& a, Handle& b) noexcept { a.swap(b); } diff --git a/src/main.cpp b/src/main.cpp index 5e59ff0..d13325c 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -20,6 +20,9 @@ #pragma comment(linker, "/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'\"") +namespace +{ + HWND get_dialog_item(HWND wnd, int id) { const auto lbl = GetDlgItem(wnd, id); @@ -218,6 +221,8 @@ INT_PTR CALLBACK dialog_main( } } +} + int APIENTRY wWinMain( HINSTANCE instance, HINSTANCE, diff --git a/src/os.cpp b/src/os.cpp new file mode 100644 index 0000000..13fd766 --- /dev/null +++ b/src/os.cpp @@ -0,0 +1,24 @@ +// Copyright (c) 2016 Egor Tensin +// This file is part of the "Privilege check" project. +// For details, see https://github.com/egor-tensin/privilege-check. +// Distributed under the MIT License. + +#include "error.hpp" +#include "os.hpp" + +#include + +namespace os +{ + OSVERSIONINFOW get_version_info() + { + OSVERSIONINFOW info; + ZeroMemory(&info, sizeof(info)); + info.dwOSVersionInfoSize = sizeof(info); + + if (!GetVersionExW(&info)) + error::raise("GetVersionExW"); + + return info; + } +} diff --git a/src/os.hpp b/src/os.hpp index 7aeaf54..c9a89a1 100644 --- a/src/os.hpp +++ b/src/os.hpp @@ -11,24 +11,14 @@ namespace os { - OSVERSIONINFOW get_version_info() - { - OSVERSIONINFOW info; - ZeroMemory(&info, sizeof(info)); - info.dwOSVersionInfoSize = sizeof(info); - - if (!GetVersionExW(&info)) - error::raise("GetVersionExW"); - - return info; - } + OSVERSIONINFOW get_version_info(); - bool is_vista_or_later(const OSVERSIONINFOW& info) + inline bool is_vista_or_later(const OSVERSIONINFOW& info) { return info.dwMajorVersion >= 6; } - bool is_vista_or_later() + inline bool is_vista_or_later() { return is_vista_or_later(get_version_info()); } diff --git a/src/process.cpp b/src/process.cpp new file mode 100644 index 0000000..94765bc --- /dev/null +++ b/src/process.cpp @@ -0,0 +1,64 @@ +// Copyright (c) 2016 Egor Tensin +// This file is part of the "Privilege check" project. +// For details, see https://github.com/egor-tensin/privilege-check. +// Distributed under the MIT License. + +#include "cmd_line.hpp" +#include "error.hpp" +#include "process.hpp" + +#include +#include + +#include +#include + +namespace process +{ + std::wstring get_executable_path() + { + static constexpr DWORD max_path = MAX_PATH; + + std::array buf; + + const auto ret = GetModuleFileNameW(NULL, buf.data(), max_path); + + if (GetLastError() != ERROR_SUCCESS) + error::raise("GetModuleFileNameW"); + + return buf.data(); + } + + void runas( + const CommandLine& cmd_line, + HWND hwnd, + int nShow) + { + static constexpr auto sep = L' '; + + const auto exe_path = cmd_line.has_argv0() + ? cmd_line.get_argv0() + : get_executable_path(); + + SHELLEXECUTEINFOW info; + ZeroMemory(&info, sizeof(info)); + info.cbSize = sizeof(info); + info.lpVerb = L"runas"; + info.lpFile = exe_path.c_str(); + const auto args = cmd_line.join_args(); + if (!args.empty()) + info.lpParameters = args.c_str(); + info.hwnd = hwnd; + info.nShow = nShow; + + if (!ShellExecuteExW(&info)) + error::raise("ShellExecuteExW"); + } + + void runas_self( + HWND hwnd, + int nShow) + { + runas(CommandLine::query(), hwnd, nShow); + } +} diff --git a/src/process.hpp b/src/process.hpp index 6439d38..c422aac 100644 --- a/src/process.hpp +++ b/src/process.hpp @@ -6,31 +6,16 @@ #pragma once #include "cmd_line.hpp" -#include "error.hpp" #include -#include -#include #include namespace process { - std::wstring get_executable_path() - { - static constexpr DWORD max_path = MAX_PATH; - - std::array buf; - - const auto ret = GetModuleFileNameW(NULL, buf.data(), max_path); - - if (GetLastError() != ERROR_SUCCESS) - error::raise("GetModuleFileNameW"); + std::wstring get_executable_path(); - return buf.data(); - } - - std::wstring get_command_line() + inline std::wstring get_command_line() { return GetCommandLine(); } @@ -38,33 +23,9 @@ namespace process void runas( const CommandLine& cmd_line, HWND hwnd = NULL, - int nShow = SW_NORMAL) - { - static constexpr auto sep = L' '; - - const auto exe_path = cmd_line.has_argv0() - ? cmd_line.get_argv0() - : get_executable_path(); - - SHELLEXECUTEINFOW info; - ZeroMemory(&info, sizeof(info)); - info.cbSize = sizeof(info); - info.lpVerb = L"runas"; - info.lpFile = exe_path.c_str(); - const auto args = cmd_line.join_args(); - if (!args.empty()) - info.lpParameters = args.c_str(); - info.hwnd = hwnd; - info.nShow = nShow; - - if (!ShellExecuteExW(&info)) - error::raise("ShellExecuteExW"); - } + int nShow = SW_NORMAL); void runas_self( HWND hwnd = NULL, - int nShow = SW_NORMAL) - { - runas(CommandLine::query(), hwnd, nShow); - } + int nShow = SW_NORMAL); } diff --git a/src/resource.cpp b/src/resource.cpp new file mode 100644 index 0000000..e8ac300 --- /dev/null +++ b/src/resource.cpp @@ -0,0 +1,37 @@ +// Copyright (c) 2016 Egor Tensin +// This file is part of the "Privilege check" project. +// For details, see https://github.com/egor-tensin/privilege-check. +// Distributed under the MIT License. + +#include "error.hpp" +#include "resource.hpp" + +#include + +#include + +#include + +namespace resource +{ + HMODULE load_exe_module() + { + const auto module = GetModuleHandle(NULL); + if (module == NULL) + error::raise("GetModuleHandle"); + return module; + } + + std::wstring load_string(unsigned int id) + { + wchar_t* s = nullptr; + + const auto ret = LoadStringW( + load_exe_module(), id, reinterpret_cast(&s), 0); + + if (ret <= 0) + error::raise("LoadStringW"); + + return {s, static_cast(ret)}; + } +} diff --git a/src/resource.hpp b/src/resource.hpp index 24fc2db..0e3186c 100644 --- a/src/resource.hpp +++ b/src/resource.hpp @@ -5,32 +5,13 @@ #pragma once -#include "error.hpp" - -#include +#include #include namespace resource { - HMODULE load_exe_module() - { - const auto module = GetModuleHandle(NULL); - if (module == NULL) - error::raise("GetModuleHandle"); - return module; - } - - std::wstring load_string(unsigned int id) - { - wchar_t* s = nullptr; - - const auto ret = LoadStringW( - load_exe_module(), id, reinterpret_cast(&s), 0); - - if (ret <= 0) - error::raise("LoadStringW"); + HMODULE load_exe_module(); - return {s, static_cast(ret)}; - } + std::wstring load_string(unsigned int id); } diff --git a/src/sid.cpp b/src/sid.cpp new file mode 100644 index 0000000..4a86704 --- /dev/null +++ b/src/sid.cpp @@ -0,0 +1,73 @@ +// Copyright (c) 2016 Egor Tensin +// This file is part of the "Privilege check" project. +// For details, see https://github.com/egor-tensin/privilege-check. +// Distributed under the MIT License. + +#pragma once + +#include "error.hpp" +#include "sid.hpp" + +#include +#include + +#include +#include + +namespace sid +{ + SidBuffer well_known(WELL_KNOWN_SID_TYPE type) + { + SidBuffer buffer; + DWORD cb = static_cast(buffer.size()); + + if (!CreateWellKnownSid(type, NULL, buffer.data(), &cb)) + error::raise("CreateWellKnownSid"); + + return buffer; + } + + SidBuffer builtin_administrators() + { + /* + void* sid = nullptr; + SID_IDENTIFIER_AUTHORITY authority = SECURITY_NT_AUTHORITY; + + if (!AllocateAndInitializeSid( + &authority, + 2, + SECURITY_BUILTIN_DOMAIN_RID, + DOMAIN_ALIAS_RID_ADMINS, + 0, 0, 0, 0, 0, 0, + &sid)) + { + error::raise("AllocateAndInitializeSid"); + } + + return std::unique_ptr{sid}; + */ + + return well_known(WinBuiltinAdministratorsSid); + } + + namespace + { + struct LocalDelete + { + void operator()(wchar_t* s) const + { + LocalFree(s); + } + }; + } + + std::wstring to_string(const SidBuffer& sid) + { + wchar_t* s = nullptr; + + if (!ConvertSidToStringSidW(const_cast(sid.data()), &s)) + error::raise("ConvertSidToStringSidW"); + + return std::unique_ptr{s}.get(); + } +} diff --git a/src/sid.hpp b/src/sid.hpp index cf905a4..c84b725 100644 --- a/src/sid.hpp +++ b/src/sid.hpp @@ -5,69 +5,21 @@ #pragma once -#include "error.hpp" - #include #include #include -#include #include constexpr DWORD max_sid_size = SECURITY_MAX_SID_SIZE; + typedef std::array SidBuffer; namespace sid { - SidBuffer well_known(WELL_KNOWN_SID_TYPE type) - { - SidBuffer buffer; - DWORD cb = static_cast(buffer.size()); - - if (!CreateWellKnownSid(type, NULL, buffer.data(), &cb)) - error::raise("CreateWellKnownSid"); - - return buffer; - } - - SidBuffer builtin_administrators() - { - /* - void* sid = nullptr; - SID_IDENTIFIER_AUTHORITY authority = SECURITY_NT_AUTHORITY; - - if (!AllocateAndInitializeSid( - &authority, - 2, - SECURITY_BUILTIN_DOMAIN_RID, - DOMAIN_ALIAS_RID_ADMINS, - 0, 0, 0, 0, 0, 0, - &sid)) - { - error::raise("AllocateAndInitializeSid"); - } - - return std::unique_ptr{sid}; - */ - - return well_known(WinBuiltinAdministratorsSid); - } - - struct DeleteSidString - { - void operator()(wchar_t* s) const - { - LocalFree(s); - } - }; - - std::wstring to_string(const SidBuffer& sid) - { - wchar_t* s = nullptr; + SidBuffer well_known(WELL_KNOWN_SID_TYPE type); - if (!ConvertSidToStringSidW(const_cast(sid.data()), &s)) - error::raise("ConvertSidToStringSidW"); + SidBuffer builtin_administrators(); - return std::unique_ptr{s}.get(); - } + std::wstring to_string(const SidBuffer&); } diff --git a/src/string.hpp b/src/string.hpp index 3841b8c..52ed518 100644 --- a/src/string.hpp +++ b/src/string.hpp @@ -18,7 +18,7 @@ namespace string { template - inline void ltrim(std::basic_string& s) + void ltrim(std::basic_string& s) { s.erase(s.begin(), std::find_if(s.begin(), s.end(), [] (const Char& c) { @@ -27,7 +27,7 @@ namespace string } template - inline void rtrim(std::basic_string& s) + void rtrim(std::basic_string& s) { s.erase(std::find_if(s.rbegin(), s.rend(), [] (const Char& c) { @@ -36,14 +36,14 @@ namespace string } template - inline void trim(std::basic_string& s) + void trim(std::basic_string& s) { ltrim(s); rtrim(s); } template - inline std::basic_string join( + std::basic_string join( const Sep& sep, InputIterator beg, InputIterator end) @@ -63,7 +63,7 @@ namespace string } template - inline std::basic_string join( + std::basic_string join( const Sep& sep, const std::vector>& args) { @@ -112,7 +112,7 @@ namespace string }; template - inline void replace( + void replace( std::basic_string& s, const What& what, const By& by) @@ -136,7 +136,7 @@ namespace string } template - inline void prefix_with( + void prefix_with( std::basic_string& s, const What& what, const Char& by) diff --git a/src/token.cpp b/src/token.cpp new file mode 100644 index 0000000..ca08e03 --- /dev/null +++ b/src/token.cpp @@ -0,0 +1,167 @@ +// Copyright (c) 2016 Egor Tensin +// This file is part of the "Privilege check" project. +// For details, see https://github.com/egor-tensin/privilege-check. +// Distributed under the MIT License. + +#include "error.hpp" +#include "handle.hpp" +#include "os.hpp" +#include "sid.hpp" + +#include + +#include +#include +#include +#include + +namespace token +{ + Handle open_for_process( + const Handle& process, + DWORD permissions) + { + HANDLE raw; + + if (!OpenProcessToken(process, permissions, &raw)) + error::raise("OpenProcessToken"); + + return Handle{raw}; + } + + Handle open_for_current_process( + DWORD permissions) + { + return open_for_process(Handle{GetCurrentProcess()}, permissions); + } + + bool get_linked(Handle& token) + { + if (!os::is_vista_or_later()) + return false; + + auto type = TokenElevationTypeDefault; + DWORD cb = 0; + + if (!GetTokenInformation(token, TokenElevationType, &type, sizeof(type), &cb)) + error::raise("GetTokenInformation"); + + if (type != TokenElevationTypeLimited) + return false; + + HANDLE raw; + + if (!GetTokenInformation(token, TokenLinkedToken, &raw, sizeof(raw), &cb)) + error::raise("GetTokenInformation"); + + token = Handle{raw}; + return true; + } + + Handle get_for_identification(const Handle& token) + { + HANDLE raw; + + if (!DuplicateToken(token, SecurityIdentification, &raw)) + error::raise("DuplicateToken"); + + return Handle{raw}; + } + + // + // FUNCTION: query_integrity_level() + // + // RETURN VALUE: Returns the integrity level of the current process. It is + // usually one of these values: + // + // SECURITY_MANDATORY_UNTRUSTED_RID (SID: S-1-16-0x0) + // Means untrusted level. It is used by processes started by the + // Anonymous group. Blocks most write access. + // + // SECURITY_MANDATORY_LOW_RID (SID: S-1-16-0x1000) + // Means low integrity level. It is used by Protected Mode Internet + // Explorer. Blocks write acess to most objects (such as files and + // registry keys) on the system. + // + // SECURITY_MANDATORY_MEDIUM_RID (SID: S-1-16-0x2000) + // Means medium integrity level. It is used by normal applications + // being launched while UAC is enabled. + // + // SECURITY_MANDATORY_HIGH_RID (SID: S-1-16-0x3000) + // Means high integrity level. It is used by administrative applications + // launched through elevation when UAC is enabled, or normal + // applications if UAC is disabled and the user is an administrator. + // + // SECURITY_MANDATORY_SYSTEM_RID (SID: S-1-16-0x4000) + // Means system integrity level. It is used by services and other + // system-level applications (such as Wininit, Winlogon, Smss, etc.) + // + DWORD query_integrity_level(const Handle& token) + { + DWORD cb = 0; + + if (!GetTokenInformation(token, TokenIntegrityLevel, NULL, 0, &cb)) + { + switch (GetLastError()) + { + case ERROR_INSUFFICIENT_BUFFER: + break; + default: + error::raise("GetTokenInformation"); + } + } + + std::vector buf(cb); + const auto token_level = reinterpret_cast(buf.data()); + + if (!GetTokenInformation(token, TokenIntegrityLevel, token_level, cb, &cb)) + error::raise("GetTokenInformation"); + + // Integrity Level SIDs are in the form of S-1-16-0xXXXX. (e.g. + // S-1-16-0x1000 stands for low integrity level SID). There is one and + // only one subauthority. + return *GetSidSubAuthority(token_level->Label.Sid, 0); + } + + std::wstring integrity_level_to_string(DWORD level) + { + static const std::unordered_map names = + { + {SECURITY_MANDATORY_UNTRUSTED_RID, L"Untrusted"}, + {SECURITY_MANDATORY_LOW_RID, L"Low"}, + {SECURITY_MANDATORY_MEDIUM_RID, L"Medium"}, + {SECURITY_MANDATORY_HIGH_RID, L"High"}, + {SECURITY_MANDATORY_SYSTEM_RID, L"System"}, + }; + + static constexpr auto unknown_name = L"Unknown"; + + const auto it = names.find(level); + + if (it == names.cend()) + return unknown_name; + + return it->second; + } + + bool check_belongs(const Handle& token, const SidBuffer& sid) + { + BOOL b = FALSE; + + if (!CheckTokenMembership(token, const_cast(sid.data()), &b)) + error::raise("CheckTokenMembership"); + + return b != FALSE; + } + + bool query_elevation(const Handle& token) + { + TOKEN_ELEVATION elevation; + DWORD cb = 0; + + if (!GetTokenInformation(token, TokenElevation, &elevation, sizeof(elevation), &cb)) + error::raise("GetTokenInformation"); + + return elevation.TokenIsElevated != 0; + } +} diff --git a/src/token.hpp b/src/token.hpp index 042cd2b..509a15c 100644 --- a/src/token.hpp +++ b/src/token.hpp @@ -5,17 +5,12 @@ #pragma once -#include "error.hpp" #include "handle.hpp" -#include "os.hpp" #include "sid.hpp" #include #include -#include -#include -#include namespace token { @@ -29,153 +24,24 @@ namespace token constexpr DWORD default_permissions = permissions::query(); // Current thread's primary impersonation token. - Handle dumb() { return Handle{NULL}; } + inline Handle dumb() { return Handle{NULL}; } Handle open_for_process( const Handle& process, - DWORD permissions = default_permissions) - { - HANDLE raw; - - if (!OpenProcessToken(process, permissions, &raw)) - error::raise("OpenProcessToken"); - - return Handle{raw}; - } + DWORD permissions = default_permissions); Handle open_for_current_process( - DWORD permissions = default_permissions) - { - return open_for_process(Handle{GetCurrentProcess()}, permissions); - } - - bool get_linked(Handle& token) - { - if (!os::is_vista_or_later()) - return false; - - auto type = TokenElevationTypeDefault; - DWORD cb = 0; - - if (!GetTokenInformation(token, TokenElevationType, &type, sizeof(type), &cb)) - error::raise("GetTokenInformation"); - - if (type != TokenElevationTypeLimited) - return false; - - HANDLE raw; - - if (!GetTokenInformation(token, TokenLinkedToken, &raw, sizeof(raw), &cb)) - error::raise("GetTokenInformation"); - - token = Handle{raw}; - return true; - } - - Handle get_for_identification(const Handle& token) - { - HANDLE raw; + DWORD permissions = default_permissions); - if (!DuplicateToken(token, SecurityIdentification, &raw)) - error::raise("DuplicateToken"); + bool get_linked(Handle& token); - return Handle{raw}; - } + Handle get_for_identification(const Handle& token); - // - // FUNCTION: query_integrity_level() - // - // RETURN VALUE: Returns the integrity level of the current process. It is - // usually one of these values: - // - // SECURITY_MANDATORY_UNTRUSTED_RID (SID: S-1-16-0x0) - // Means untrusted level. It is used by processes started by the - // Anonymous group. Blocks most write access. - // - // SECURITY_MANDATORY_LOW_RID (SID: S-1-16-0x1000) - // Means low integrity level. It is used by Protected Mode Internet - // Explorer. Blocks write acess to most objects (such as files and - // registry keys) on the system. - // - // SECURITY_MANDATORY_MEDIUM_RID (SID: S-1-16-0x2000) - // Means medium integrity level. It is used by normal applications - // being launched while UAC is enabled. - // - // SECURITY_MANDATORY_HIGH_RID (SID: S-1-16-0x3000) - // Means high integrity level. It is used by administrative applications - // launched through elevation when UAC is enabled, or normal - // applications if UAC is disabled and the user is an administrator. - // - // SECURITY_MANDATORY_SYSTEM_RID (SID: S-1-16-0x4000) - // Means system integrity level. It is used by services and other - // system-level applications (such as Wininit, Winlogon, Smss, etc.) - // - DWORD query_integrity_level(const Handle& token) - { - DWORD cb = 0; - - if (!GetTokenInformation(token, TokenIntegrityLevel, NULL, 0, &cb)) - { - switch (GetLastError()) - { - case ERROR_INSUFFICIENT_BUFFER: - break; - default: - error::raise("GetTokenInformation"); - } - } - - std::vector buf(cb); - const auto token_level = reinterpret_cast(buf.data()); - - if (!GetTokenInformation(token, TokenIntegrityLevel, token_level, cb, &cb)) - error::raise("GetTokenInformation"); - - // Integrity Level SIDs are in the form of S-1-16-0xXXXX. (e.g. - // S-1-16-0x1000 stands for low integrity level SID). There is one and - // only one subauthority. - return *GetSidSubAuthority(token_level->Label.Sid, 0); - } - - std::wstring integrity_level_to_string(DWORD level) - { - static const std::unordered_map names = - { - {SECURITY_MANDATORY_UNTRUSTED_RID, L"Untrusted"}, - {SECURITY_MANDATORY_LOW_RID, L"Low"}, - {SECURITY_MANDATORY_MEDIUM_RID, L"Medium"}, - {SECURITY_MANDATORY_HIGH_RID, L"High"}, - {SECURITY_MANDATORY_SYSTEM_RID, L"System"}, - }; + DWORD query_integrity_level(const Handle& token); - static constexpr auto unknown_name = L"Unknown"; + std::wstring integrity_level_to_string(DWORD); - const auto it = names.find(level); + bool check_belongs(const Handle& token, const SidBuffer& sid); - if (it == names.cend()) - return unknown_name; - - return it->second; - } - - bool check_belongs(const Handle& token, const SidBuffer& sid) - { - BOOL b = FALSE; - - if (!CheckTokenMembership(token, const_cast(sid.data()), &b)) - error::raise("CheckTokenMembership"); - - return b != FALSE; - } - - bool query_elevation(const Handle& token) - { - TOKEN_ELEVATION elevation; - DWORD cb = 0; - - if (!GetTokenInformation(token, TokenElevation, &elevation, sizeof(elevation), &cb)) - error::raise("GetTokenInformation"); - - return elevation.TokenIsElevated != 0; - } + bool query_elevation(const Handle& token); } -- cgit v1.2.3