Click here to Skip to main content
15,892,927 members
Search within:


Articles / Programming Languages / C
 

The Windows Access Control Model: Part 2

Rate me:
Please Sign up or sign in to vote.
4.80/5 (28 votes)
27 Jun 2005CPOL43 min read 245.2K   7.2K   113  
This second part of the Access Control series will program with the basic Access Control structures.
 

class SaferRaiiWrapper {
public:
	explicit SaferRaiiWrapper(const DWORD dwScopeIdIn = SAFER_LEVELID_NORMALUSER, const HANDLE hTokenIn = NULL)
		: hToken(hTokenIn), LevelHandle(NULL), dwScopeId(dwScopeIdIn)
	{/* throws std::logic_error on failure */
		if(!::SaferCreateLevel(SAFER_SCOPEID_USER, this->dwScopeId, SAFER_LEVEL_OPEN, &LevelHandle, NULL))
		{/* The API will translate NULL into our process token */
			throw std::logic_error("Could not create software restriction policy");
		}

		if(!::SaferComputeTokenFromLevel(this->get_LevelHandle(), NULL, &hToken, NULL, NULL))
		{
			throw std::logic_error("Error occurred creating restricted policy");
		}
	} ;

	virtual PROCESS_INFORMATION CreateProcessAsUser(const std::basic_string<TCHAR> &lpCommandLine,
		STARTUPINFO *lpStartupInfoIn = NULL, DWORD dwCreationFlags = CREATE_NEW_CONSOLE,
		const std::basic_string<TCHAR> &lpApplicationName = _T(""),
		const std::basic_string<TCHAR> &lpCurrentDirectory = _T(""),
		LPVOID lpEnvironment = NULL, BOOL bInheritHandles = FALSE,
		SECURITY_ATTRIBUTES *lpProcessAttributes = NULL, SECURITY_ATTRIBUTES *lpThreadAttributes = NULL)
	{
		STARTUPINFO StartupInfoAlt = {0};
		LPSTARTUPINFO lpStartupInfoActual = (lpStartupInfoIn != NULL) ? lpStartupInfoIn : &StartupInfoAlt;
		PROCESS_INFORMATION Result = {0};

		/* The child class may want to edit the startup params, so let them have that opportunity. */
		std::basic_string<TCHAR> sCmdLine = lpCommandLine;
		std::basic_string<TCHAR> sAppName = lpApplicationName;
		std::basic_string<TCHAR> sCurDir = lpCurrentDirectory;

		TCHAR *lpCmdLineWritable = new TCHAR[sCmdLine.capacity() + 1];
		/* The command line needs to be writable. So make a writable one. */
		try {
			sCmdLine.copy(lpCmdLineWritable, sCmdLine.size());
			lpCmdLineWritable[sCmdLine.size()] = _T('\0');

			lpStartupInfoActual->cb = sizeof(STARTUPINFO);
			lpStartupInfoActual->lpDesktop = NULL;
			DoRunAs(this->hToken, (sAppName.empty() ? NULL : sAppName.c_str()),
				lpCmdLineWritable, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags,
				lpEnvironment, (sCurDir.empty() ? NULL : sCurDir.c_str()), lpStartupInfoActual, &Result);
		} catch (...) {/* finally */
			delete [] lpCmdLineWritable; lpCmdLineWritable = NULL;
			throw;
		}
		delete [] lpCmdLineWritable; lpCmdLineWritable = NULL;

		return Result;
	} ;



	HANDLE get_hToken(void) const
	{
		return hToken;
	} ;

	virtual ~SaferRaiiWrapper()
	{
		if(this->hToken != NULL || this->hToken != INVALID_HANDLE_VALUE)
			::CloseHandle(this->hToken);
		if(LevelHandle != NULL)
			::SaferCloseLevel(this->LevelHandle);
	} ;

	virtual SaferRaiiWrapper &operator=(const SaferRaiiWrapper &OldClass)
	{
		if(this == &OldClass) return *this;
		this->hToken = OldClass.get_hToken();
		/* We need our own safer handle */
		if(!::SaferCreateLevel(SAFER_SCOPEID_USER, this->dwScopeId, SAFER_LEVEL_OPEN, &LevelHandle, NULL))
		{
			throw std::logic_error("Could not create software restriction policy");
		}

		if(!::SaferComputeTokenFromLevel(this->get_LevelHandle(), NULL, &hToken, NULL, NULL))
		{
			throw std::logic_error("Error occurred creating restricted policy");
		}
		return *this;
	} ;

protected:

	virtual bool DoRunAs(HANDLE hTokenIn, LPCTSTR lpApplicationName,
		LPTSTR lpCommandLine, SECURITY_ATTRIBUTES *lpProcessAttributes, SECURITY_ATTRIBUTES *lpThreadAttributes,
		BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCTSTR lpCurrentDirectory, 
		STARTUPINFO *lpStartupInfoIn, PROCESS_INFORMATION *ProcessInformation)
	{
		/* For inheritors: This is your chance to stop any process creation from occurring. */
		::CreateProcessAsUser(hTokenIn, lpApplicationName,
			lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags,
			lpEnvironment, lpCurrentDirectory, lpStartupInfoIn, ProcessInformation);

		::CloseHandle(ProcessInformation->hProcess); ProcessInformation->hProcess = NULL;
		::CloseHandle(ProcessInformation->hThread); ProcessInformation->hThread = NULL;
		return true;
	} ;


	const SAFER_LEVEL_HANDLE &get_LevelHandle(void) const
	{
		return LevelHandle;
	} ;
	void set_LevelHandle(const SAFER_LEVEL_HANDLE &LevelHandleIn)
	{
		this->LevelHandle = LevelHandleIn;
	} ;

	void set_hToken(const HANDLE hToken)
	{
		this->hToken = hToken;
	} ;
private:
	HANDLE hToken;
	SAFER_LEVEL_HANDLE LevelHandle;
	const DWORD dwScopeId;
} ;

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
oshah
Web Developer
United States United States
Mr. Shah is a reclusive C++/C# developer lurking somewhere in the depths of the city of London. He learnt physics at Kings' College London and obtained a Master in Science there. Having earned an MCAD, he teeters on the brink of transitioning from C++ to C#, unsure of which language to jump to. Fortunately, he also knows how to use .NET interop to merge code between the two languages (which means he won't have to make the choice anytime soon).

His interests (apart from programming) are walking, football (the real one!), philosophy, history, retro-gaming, strategy gaming, and any good game in general.

He maintains a website / blog / FAQ / junk at shexec32.serveftp.net, where he places the best answers he's written to the questions you've asked. If you can find him, maybe you can hire Mr. Shah to help you with anything C++[/CLI]/C#/.NET related Smile | :) .

Comments and Discussions

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 24 Apr 2005

Article Copyright 2005 by oshah
Everything else Copyright © CodeProject, 1999-2024

Web03 2.8:2024-04-02:1