feisty meow concerns codebase  2.140
nt_security.h
Go to the documentation of this file.
1 #ifndef NT_SECURITY_CLASS
2 #define NT_SECURITY_CLASS
3 
4 /*****************************************************************************\
5 * *
6 * Name : nt_security *
7 * Author : Sue Richeson *
8 * Author : Chris Koeritz *
9 * *
10 * Purpose: *
11 * *
12 * Provides a Win32 oracle for security questions. *
13 * *
14 *******************************************************************************
15 * Copyright (c) 1999-$now By Author. This program is free software; you can *
16 * redistribute it and/or modify it under the terms of the GNU General Public *
17 * License as published by the Free Software Foundation; either version 2 of *
18 * the License or (at your option) any later version. This is online at: *
19 * http://www.fsf.org/copyleft/gpl.html *
20 * Please send any updates to: fred@gruntose.com *
21 \*****************************************************************************/
22 
23 #ifdef __WIN32__
24 
25 
26 
27 #include <basis/utf_conversion.h>
28 
29 
30 #include <Ntsecapi.h>
31 
32 // Forward class declarations
33 #include <basis/astring.h>
34 
35 class nt_security
36 {
37 public:
38  nt_security();
39  virtual ~nt_security();
40 
41  static bool iequalsUsername(astring name1, astring name2);
42  // Compares the two names for equality. Treats backslash (\‍) and
43  // forward slash (/} as equal. Ignores case. Treats the pipe (|) and
44  // colon (:) as equal.
45 
46  static const astring &normalizeUsername(astring &username);
47  // Makes the username all lowercase, converts any forward slash (/)
48  // characters to back slashes (\‍), and converts any pipe characters (|)
49  // to colon (:) characters.
50 
51  bool GetUserAndDomainName(astring &UserName, astring &DomainName);
52  // This function is NT-specific. It returns the user account name and
53  // domain name of the currently logged in user on the machine on which
54  // this class is executing.
55 
56  astring DomainBinding(const astring &domain);
57  // This method will constsruct a distinguished name for the domain received.
58  astring DomainUserBinding(const astring &domain, const astring &user_name);
59  // This method will construct a distinguished name based on the domain and
60  // user name received.
61 
62  DWORD SetPrivilegeOnUser(const astring &domain, const astring &user,
63  const astring &privilege, bool bEnable);
64  // Sets or disables the privilege for the user in the given domain.
65  // Can also be used to set the privilege on a group in the given domain.
66  // Returns 0 if successful. Returns Win32 error code if it fails.
67  // Domain - can be blank, in which case the local machine is assumed; can be a machine
68  // name or a network domain name (although, having privilege to change a
69  // priv in a network domain is highly unlikely and will probably result in
70  // failure, false, return of this method). Ex: "Legolas", "Buildotron"
71  // User - the account name for which to change the privilege. It can include the
72  // domain also. Example user names: "Fred", "Legolas/Bubba", "Buildotron/swbuld"
73  // Can also be a group name. Examples: "Administrators", "Legolas/Users"
74  // privilege - name of the privilege to be enable/disabled.
75  // For a list of privilges, consult winnt.h, and search for SE_ASSIGNPRIMARYTOKEN_NAME.
76  // For a list of logon rights consult ntsecapi.h, and search for SE_BATCH_LOGON_NAME.
77  // bEnable - true to enable the privilege; false to disable the privilege
78 
79  DWORD AddUserToGroup(const astring &user_name, const astring &group_name);
80  // adds the "user_name" to the local group "group_name". this only makes
81  // the change on the local machine where this is run.
82 
83 protected:
84 
85  PSID GetUserSID(const astring &user_name);
86  // Retrieves the security descriptor (SID) for "user_name".
87  // PSID is NULL if the method fails.
88 
89  DWORD OpenPolicy(const astring &serverName, DWORD DesiredAccess,
90  PLSA_HANDLE pPolicyHandle);
91  // Open the LSA policy on the given machine.
92  // Returns 0 if successful. Returns Win32 error code if it fails.
93 
94  void ClosePolicy(PLSA_HANDLE policyHandle);
95  // Close the given LSA policy handle.
96 
97  DWORD SetPrivilegeOnAccount(LSA_HANDLE PolicyHandle, // open policy handle
98  PSID AccountSid, // SID to grant privilege to
99  const astring &PrivilegeName, // privilege to grant
100  bool bEnable); // enable or disable
101  // Enable or disable the stated privilege on the given account.
102  // Returns 0 if successful. Returns Win32 error code if it fails.
103  // PolicyHandle - must already have been opened prior to calling this method.
104  // AccountSid - must already have been obtained prior to calling this method.
105  // PrivilegeName - must be a valid security privilege name (case sensitive)
106  // For a list of privilges, consult winnt.h, and search for SE_ASSIGNPRIMARYTOKEN_NAME.
107  // For a list of logon rights consult ntsecapi.h, and search for SE_BATCH_LOGON_NAME.
108  // bEnable - true to enable the privilege; false to disable the privilege
109 
110 private:
111  astring *m_sDirServiceProvider;
112 };
113 
114 #endif
115 
116 #endif
117 
Support for unicode builds.
unsigned long DWORD