| Robert Shearman | d2ea92d | 2005-04-22 21:17:15 +0000 | [diff] [blame] | 1 | /* |
| 2 | * Security Management |
| 3 | * |
| 4 | * Copyright (C) 2005 Robert Shearman |
| 5 | * |
| 6 | * This library is free software; you can redistribute it and/or |
| 7 | * modify it under the terms of the GNU Lesser General Public |
| 8 | * License as published by the Free Software Foundation; either |
| 9 | * version 2.1 of the License, or (at your option) any later version. |
| 10 | * |
| 11 | * This library is distributed in the hope that it will be useful, |
| 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 14 | * Lesser General Public License for more details. |
| 15 | * |
| 16 | * You should have received a copy of the GNU Lesser General Public |
| 17 | * License along with this library; if not, write to the Free Software |
| Jonathan Ernst | 360a3f9 | 2006-05-18 14:49:52 +0200 | [diff] [blame] | 18 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA |
| Robert Shearman | d2ea92d | 2005-04-22 21:17:15 +0000 | [diff] [blame] | 19 | */ |
| 20 | |
| 21 | extern const LUID SeIncreaseQuotaPrivilege; |
| 22 | extern const LUID SeSecurityPrivilege; |
| 23 | extern const LUID SeTakeOwnershipPrivilege; |
| 24 | extern const LUID SeLoadDriverPrivilege; |
| 25 | extern const LUID SeSystemProfilePrivilege; |
| 26 | extern const LUID SeSystemtimePrivilege; |
| 27 | extern const LUID SeProfileSingleProcessPrivilege; |
| 28 | extern const LUID SeIncreaseBasePriorityPrivilege; |
| 29 | extern const LUID SeCreatePagefilePrivilege; |
| 30 | extern const LUID SeBackupPrivilege; |
| 31 | extern const LUID SeRestorePrivilege; |
| 32 | extern const LUID SeShutdownPrivilege; |
| 33 | extern const LUID SeDebugPrivilege; |
| 34 | extern const LUID SeSystemEnvironmentPrivilege; |
| 35 | extern const LUID SeChangeNotifyPrivilege; |
| 36 | extern const LUID SeRemoteShutdownPrivilege; |
| 37 | extern const LUID SeUndockPrivilege; |
| 38 | extern const LUID SeManageVolumePrivilege; |
| 39 | extern const LUID SeImpersonatePrivilege; |
| 40 | extern const LUID SeCreateGlobalPrivilege; |
| 41 | |
| Robert Shearman | 91eaea5 | 2005-07-18 13:22:55 +0000 | [diff] [blame] | 42 | extern const PSID security_interactive_sid; |
| 43 | |
| Robert Shearman | d2ea92d | 2005-04-22 21:17:15 +0000 | [diff] [blame] | 44 | extern struct token *token_create_admin(void); |
| 45 | extern int token_check_privileges( struct token *token, int all_required, |
| 46 | const LUID_AND_ATTRIBUTES *reqprivs, |
| 47 | unsigned int count, LUID_AND_ATTRIBUTES *usedprivs); |
| Robert Shearman | fbf0ea9 | 2005-07-13 19:31:27 +0000 | [diff] [blame] | 48 | extern const ACL *token_get_default_dacl( struct token *token ); |
| Robert Shearman | 4bba216 | 2005-06-20 13:18:38 +0000 | [diff] [blame] | 49 | extern void security_set_thread_token( struct thread *thread, obj_handle_t handle ); |
| Robert Shearman | d2ea92d | 2005-04-22 21:17:15 +0000 | [diff] [blame] | 50 | |
| 51 | static inline int thread_single_check_privilege( struct thread *thread, const LUID *priv) |
| 52 | { |
| 53 | struct token *token = thread_get_impersonation_token( thread ); |
| 54 | const LUID_AND_ATTRIBUTES privs = { *priv, 0 }; |
| 55 | |
| 56 | if (!token) return FALSE; |
| 57 | |
| 58 | return token_check_privileges( token, TRUE, &privs, 1, NULL ); |
| 59 | } |
