923 lines
22 KiB
C
923 lines
22 KiB
C
/*++
|
|
|
|
Copyright (c) 1999 Microsoft Corporation
|
|
|
|
Module Name :
|
|
|
|
appsecdll.c
|
|
|
|
Abstract :
|
|
|
|
Exports a function CreateProcessNotify - this function decides whether
|
|
the new process can be created.
|
|
|
|
Revision History :
|
|
|
|
Sep 2000 - added support for Short File Names; PowerUsers not affected by AppSec - SriramSa
|
|
|
|
Author :
|
|
|
|
Sriram Sampath (SriramSa) June 1999
|
|
|
|
--*/
|
|
|
|
|
|
#include "pch.h"
|
|
#pragma hdrstop
|
|
|
|
#include "appsecdll.h"
|
|
|
|
BOOL APIENTRY
|
|
DllMain (
|
|
HANDLE hInst,
|
|
DWORD ul_reason,
|
|
LPVOID lpReserved
|
|
)
|
|
|
|
{
|
|
|
|
switch (ul_reason) {
|
|
|
|
case DLL_PROCESS_ATTACH :
|
|
|
|
// Disable Thread Lib calls - performance optimisation
|
|
|
|
DisableThreadLibraryCalls (hInst);
|
|
break ;
|
|
|
|
case DLL_PROCESS_DETACH :
|
|
|
|
break ;
|
|
|
|
} // end of switch
|
|
|
|
return 1 ;
|
|
|
|
UNREFERENCED_PARAMETER(hInst) ;
|
|
UNREFERENCED_PARAMETER(lpReserved) ;
|
|
|
|
}
|
|
|
|
/*++
|
|
|
|
Routine Description :
|
|
|
|
This routine determines if a process can be created based on whether
|
|
it is a system process and if the user is an admin or not.
|
|
|
|
Arguments :
|
|
|
|
lpApplicationName - process name
|
|
Reason - the reason this CreateProcessNotify is called
|
|
|
|
Return Value :
|
|
|
|
STATUS_SUCCESS if the process can be created ;
|
|
STATUS_ACCESS_DEINIED if the process cannot be created.
|
|
|
|
--*/
|
|
|
|
NTSTATUS
|
|
CreateProcessNotify (
|
|
LPCWSTR lpApplicationName,
|
|
ULONG Reason
|
|
)
|
|
|
|
{
|
|
|
|
INT size ;
|
|
HKEY TSkey, list_key, learn_key ;
|
|
WCHAR g_szSystemRoot[MAX_PATH] ;
|
|
WCHAR CurrentProcessName[MAX_PATH] ;
|
|
WCHAR LongApplicationName[MAX_PATH] ;
|
|
WCHAR CorrectAppName[MAX_PATH] ;
|
|
WCHAR ResolvedAppName[MAX_PATH] ;
|
|
BOOL is_taskman = FALSE , is_system = FALSE ;
|
|
BOOL check_flag = FALSE, taskman_flag = FALSE, add_status ;
|
|
BOOL IsAppSecEnabled = TRUE ;
|
|
DWORD is_enabled = 0, learn_enabled = 0, PowerUserEnabled = 0;
|
|
DWORD dw, disp, error_code, CurrentSessionId, RetValue, dwTimeOut = 1000;
|
|
|
|
HANDLE TokenHandle;
|
|
UCHAR TokenInformation[ sizeof( TOKEN_STATISTICS ) ];
|
|
ULONG ReturnLength;
|
|
LUID CurrentLUID = { 0, 0 };
|
|
LUID SystemLUID = SYSTEM_LUID;
|
|
NTSTATUS Status, QueryStatus;
|
|
|
|
BOOL IsMember, IsAnAdmin = FALSE;
|
|
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
|
|
PSID AdminSid = FALSE ;
|
|
|
|
if ( Reason != APPCERT_IMAGE_OK_TO_RUN ) {
|
|
return STATUS_SUCCESS ;
|
|
}
|
|
|
|
// First Check if the fEnabled key to see if Security is Enabled
|
|
// This is done by checking the fEnabled key in the Registry
|
|
|
|
if ( RegOpenKeyEx(
|
|
HKEY_LOCAL_MACHINE,
|
|
APPS_REGKEY,
|
|
0,
|
|
KEY_READ,
|
|
&TSkey
|
|
) != ERROR_SUCCESS ) {
|
|
|
|
return STATUS_SUCCESS ;
|
|
|
|
}
|
|
|
|
size = sizeof(DWORD) ;
|
|
|
|
if ( RegQueryValueEx(
|
|
TSkey,
|
|
FENABLED_KEY,
|
|
NULL,
|
|
NULL,
|
|
(LPBYTE) &is_enabled,
|
|
&size
|
|
) != ERROR_SUCCESS ) {
|
|
|
|
goto error_cleanup ;
|
|
|
|
}
|
|
|
|
if (is_enabled == 0) {
|
|
|
|
// Security is not Enabled
|
|
|
|
IsAppSecEnabled = FALSE ;
|
|
|
|
}
|
|
|
|
// Check if the PowerUsers key in the registry is Enabled or not
|
|
if ( RegQueryValueEx(
|
|
TSkey,
|
|
POWER_USERS_KEY,
|
|
NULL,
|
|
NULL,
|
|
(LPBYTE) &PowerUserEnabled,
|
|
&size
|
|
) != ERROR_SUCCESS ) {
|
|
|
|
PowerUserEnabled = 0;
|
|
}
|
|
|
|
//
|
|
// Check if the process which is trying to launch the new process is a system process.
|
|
// This is done by querying the Token information of the current process and
|
|
// comparing it's LUID with the LUID of a Process running under system context.
|
|
//
|
|
|
|
Status = NtOpenProcessToken(
|
|
NtCurrentProcess(),
|
|
TOKEN_QUERY,
|
|
&TokenHandle
|
|
);
|
|
|
|
if ( !NT_SUCCESS(Status) ) {
|
|
is_system = TRUE ;
|
|
}
|
|
|
|
if ( ! is_system ) {
|
|
|
|
QueryStatus = NtQueryInformationToken(
|
|
TokenHandle,
|
|
TokenStatistics,
|
|
&TokenInformation,
|
|
sizeof(TokenInformation),
|
|
&ReturnLength
|
|
);
|
|
|
|
if ( !NT_SUCCESS(QueryStatus) ) {
|
|
goto error_cleanup ;
|
|
}
|
|
|
|
|
|
NtClose(TokenHandle);
|
|
|
|
RtlCopyLuid(
|
|
&CurrentLUID,
|
|
&(((PTOKEN_STATISTICS)TokenInformation)->AuthenticationId)
|
|
);
|
|
|
|
//
|
|
// If the process is running in System context,
|
|
// we allow it to be created without further check
|
|
// The only exception to this is, we do not allow WinLogon to launch TaskManager
|
|
// unless it is in the authorized list
|
|
//
|
|
|
|
if ( RtlEqualLuid(
|
|
&CurrentLUID,
|
|
&SystemLUID
|
|
) ) {
|
|
|
|
is_system = TRUE ;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// Check if Task Manager is spawned by a System Process
|
|
|
|
if (is_system) {
|
|
|
|
GetEnvironmentVariable( L"SystemRoot", g_szSystemRoot, MAX_PATH ) ;
|
|
swprintf(CurrentProcessName, L"%s\\System32\\taskmgr.exe", g_szSystemRoot ) ;
|
|
|
|
if ( _wcsicmp( CurrentProcessName, lpApplicationName ) != 0 ) {
|
|
|
|
goto error_cleanup ;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
//
|
|
// if not a system Process check if the user is a Administrator
|
|
// This is done by comparing the SID of the current user to that of an Admin
|
|
//
|
|
|
|
if ( NT_SUCCESS(
|
|
RtlAllocateAndInitializeSid(
|
|
&SystemSidAuthority,
|
|
2,
|
|
SECURITY_BUILTIN_DOMAIN_RID,
|
|
DOMAIN_ALIAS_RID_ADMINS,
|
|
0, 0, 0, 0, 0, 0,
|
|
&AdminSid
|
|
)
|
|
) ) {
|
|
|
|
if ( CheckTokenMembership(
|
|
NULL,
|
|
AdminSid,
|
|
&IsAnAdmin
|
|
) == 0 ) {
|
|
|
|
goto error_cleanup ;
|
|
|
|
}
|
|
|
|
RtlFreeSid(AdminSid);
|
|
|
|
}
|
|
|
|
//
|
|
// If the user is an Admin, see if we are in the Tracking mode
|
|
// We are in Tracking mode if the LearnEnabled Flag in Registry contains the Current Session ID
|
|
//
|
|
|
|
if (IsAnAdmin == TRUE ) {
|
|
|
|
// Check the LearnEnabled flag to see if Tracking mode
|
|
|
|
if ( RegOpenKeyEx(
|
|
HKEY_CURRENT_USER,
|
|
LIST_REGKEY,
|
|
0,
|
|
KEY_READ,
|
|
&learn_key
|
|
) != ERROR_SUCCESS ) {
|
|
|
|
goto error_cleanup ;
|
|
|
|
}
|
|
|
|
if ( RegQueryValueEx(
|
|
learn_key,
|
|
LEARN_ENABLED_KEY,
|
|
NULL,
|
|
NULL,
|
|
(LPBYTE) &learn_enabled,
|
|
&size
|
|
) != ERROR_SUCCESS ) {
|
|
|
|
|
|
RegCloseKey(learn_key) ;
|
|
goto error_cleanup ;
|
|
|
|
}
|
|
|
|
RegCloseKey(learn_key) ;
|
|
|
|
if (learn_enabled == -1) {
|
|
|
|
// Tracking is not enabled
|
|
|
|
goto error_cleanup ;
|
|
|
|
} else {
|
|
|
|
// Tracking is enabled
|
|
// now get current session and see if it is the same as
|
|
// the one in which tracking is enabled
|
|
|
|
// Get CurrentSessionId
|
|
|
|
if ( ProcessIdToSessionId(
|
|
GetCurrentProcessId(),
|
|
&CurrentSessionId
|
|
) == 0 ) {
|
|
|
|
goto error_cleanup ;
|
|
}
|
|
|
|
if (learn_enabled != CurrentSessionId) {
|
|
|
|
// dont add to the list of tracked applications
|
|
|
|
goto error_cleanup ;
|
|
}
|
|
|
|
// Tracking phase is enabled - build the list
|
|
// add this process name to the AppList registry
|
|
|
|
// Create the Mutex for Synchronization when adding to list
|
|
|
|
g_hMutex = CreateMutex(
|
|
NULL,
|
|
FALSE,
|
|
MUTEX_NAME
|
|
) ;
|
|
|
|
if (g_hMutex == NULL) {
|
|
goto error_cleanup ;
|
|
}
|
|
|
|
// Wait to Enter the Critical Section - wait for a max of 1 minute
|
|
|
|
dw = WaitForSingleObject(g_hMutex, dwTimeOut) ;
|
|
|
|
if (dw == WAIT_OBJECT_0) {
|
|
|
|
//
|
|
// Create the Registry Key which will hold the applications tracked
|
|
// during tracking period
|
|
//
|
|
|
|
if ( RegCreateKeyEx(
|
|
HKEY_CURRENT_USER,
|
|
LIST_REGKEY,
|
|
0,
|
|
NULL,
|
|
REG_OPTION_VOLATILE,
|
|
KEY_ALL_ACCESS,
|
|
NULL,
|
|
&list_key,
|
|
&disp
|
|
) != ERROR_SUCCESS) {
|
|
|
|
ReleaseMutex(g_hMutex) ;
|
|
CloseHandle(g_hMutex) ;
|
|
goto error_cleanup ;
|
|
|
|
}
|
|
|
|
// Add this application name to the list in registry
|
|
|
|
add_status = add_to_list (
|
|
list_key,
|
|
lpApplicationName
|
|
) ;
|
|
|
|
} // Done adding to the list
|
|
|
|
ReleaseMutex(g_hMutex) ;
|
|
|
|
// Out of the Critical Section
|
|
|
|
CloseHandle(g_hMutex) ;
|
|
RegCloseKey(list_key) ;
|
|
goto error_cleanup ;
|
|
|
|
} // ending of Tracking phase
|
|
|
|
} // User is an admin
|
|
|
|
// Check if user is a PowerUser
|
|
if ((PowerUserEnabled == 1) && (IsPowerUser())) {
|
|
goto error_cleanup ;
|
|
}
|
|
|
|
// User is not an admin - also it is not a system process
|
|
|
|
// Check if AppSec is enabled - if yes check the authorized list of apps
|
|
|
|
if (IsAppSecEnabled == FALSE) {
|
|
|
|
// AppSec is not enabled - so no need to check the authorized list of apps
|
|
|
|
goto error_cleanup ;
|
|
|
|
}
|
|
|
|
// The filename may be in a short form - first convert it into the long form
|
|
|
|
RetValue = GetLongPathNameW( (LPCWSTR) lpApplicationName, LongApplicationName, MAX_PATH) ;
|
|
if (RetValue == 0) {
|
|
// error - so use the original app name, not the long one
|
|
wcscpy(CorrectAppName, lpApplicationName) ;
|
|
} else {
|
|
wcscpy(CorrectAppName, LongApplicationName) ;
|
|
}
|
|
//
|
|
// Resolve Application name - if may reside in a remote server and share
|
|
//
|
|
|
|
ResolveName(
|
|
CorrectAppName,
|
|
ResolvedAppName
|
|
);
|
|
|
|
// Read the AuthorizedApplications List and compare with current Appname
|
|
|
|
check_flag = check_list(
|
|
TSkey,
|
|
ResolvedAppName
|
|
) ;
|
|
|
|
RegCloseKey(TSkey) ;
|
|
|
|
//
|
|
// If the current AppName is not in authorized list return ACCESS_DENIED
|
|
|
|
if (check_flag == FALSE) {
|
|
|
|
return STATUS_ACCESS_DENIED ;
|
|
|
|
} else {
|
|
|
|
return STATUS_SUCCESS ;
|
|
|
|
}
|
|
|
|
//
|
|
// Error cleanup code
|
|
// Close the Registry Key where we store authorized apps and return SUCCESS
|
|
//
|
|
|
|
error_cleanup :
|
|
|
|
RegCloseKey(TSkey) ;
|
|
return STATUS_SUCCESS;
|
|
|
|
} // end of CreateProcessNotify
|
|
|
|
|
|
/*++
|
|
|
|
Routine Description :
|
|
|
|
This routine checks if a process name is in a specified list
|
|
of authorised applications in the registry.
|
|
|
|
Arguments :
|
|
|
|
hkey - The handle to the registry key which has the list of
|
|
authorised applications.
|
|
|
|
appname - name of the process
|
|
|
|
Return Value :
|
|
|
|
TRUE if process is in the list of authorised applications.
|
|
FALSE otherwise.
|
|
|
|
--*/
|
|
|
|
BOOL
|
|
check_list(
|
|
HKEY hkey,
|
|
LPWSTR appname
|
|
)
|
|
|
|
|
|
{
|
|
WCHAR c ;
|
|
INT i, j = 0 ;
|
|
DWORD error_code ;
|
|
DWORD RetValue ;
|
|
LONG value,size = 0 ;
|
|
BOOL found = FALSE ;
|
|
WCHAR *buffer_sent, *app ;
|
|
WCHAR LongAppName[MAX_PATH] ;
|
|
WCHAR AppToCompare[MAX_PATH] ;
|
|
|
|
// First find out size of buffer to allocate
|
|
// This buffer will hold the authorized list of apps
|
|
|
|
if ( RegQueryValueEx(
|
|
hkey,
|
|
AUTHORIZED_APPS_LIST_KEY,
|
|
NULL,
|
|
NULL,
|
|
(LPBYTE) NULL,
|
|
&size
|
|
) != ERROR_SUCCESS ) {
|
|
|
|
return TRUE ;
|
|
}
|
|
|
|
buffer_sent = (WCHAR *) malloc ( size * sizeof(WCHAR)) ;
|
|
|
|
if (buffer_sent == NULL) {
|
|
return TRUE ;
|
|
}
|
|
|
|
app = (WCHAR *) malloc ( size * sizeof(WCHAR)) ;
|
|
|
|
if (app == NULL) {
|
|
free(buffer_sent) ;
|
|
return TRUE ;
|
|
}
|
|
|
|
memset(buffer_sent, 0, size * sizeof(WCHAR) ) ;
|
|
memset(app, 0, size * sizeof(WCHAR) ) ;
|
|
|
|
// Get the List of Authorized applications from the Registry
|
|
|
|
if ( RegQueryValueEx(
|
|
hkey,
|
|
AUTHORIZED_APPS_LIST_KEY,
|
|
NULL,
|
|
NULL,
|
|
(LPBYTE) buffer_sent,
|
|
&size
|
|
) != ERROR_SUCCESS ) {
|
|
|
|
free(buffer_sent) ;
|
|
free(app) ;
|
|
return TRUE ;
|
|
}
|
|
|
|
// check if the process is present in the Authorized List
|
|
|
|
for(i=0 ; i <= size-1 ; i++ ) {
|
|
|
|
// check for end of list
|
|
|
|
if ( (buffer_sent[i] == L'\0') &&
|
|
(buffer_sent[i+1] == L'\0') ) {
|
|
|
|
break ;
|
|
}
|
|
|
|
while ( buffer_sent[i] != L'\0' ) {
|
|
|
|
app[j++] = buffer_sent[i++] ;
|
|
|
|
}
|
|
|
|
app[j++] = L'\0' ;
|
|
// The filename may be in a short form - first convert it into the long form
|
|
RetValue = GetLongPathNameW( (LPCWSTR) app, LongAppName, MAX_PATH) ;
|
|
if (RetValue == 0) {
|
|
// GetLongPathNameW failed for an app in the authorized list
|
|
// maybe the file in the authorized list doesn't exist anymore
|
|
wcscpy( AppToCompare, app) ;
|
|
} else {
|
|
wcscpy(AppToCompare, LongAppName) ;
|
|
}
|
|
|
|
// Compare if this app is the one that is being queried now
|
|
|
|
if ( _wcsicmp(appname, AppToCompare) == 0 ) {
|
|
|
|
// this process is present in the Authorized List
|
|
found = TRUE ;
|
|
break ;
|
|
}
|
|
|
|
j = 0 ;
|
|
|
|
} // end of for loop
|
|
|
|
free(buffer_sent) ;
|
|
free(app) ;
|
|
|
|
return(found) ;
|
|
|
|
} // end of function
|
|
|
|
|
|
/*++
|
|
|
|
Routine Description :
|
|
|
|
This routine appends a process name to a list maintained in
|
|
Registry Key - used in Tracking mode.
|
|
|
|
Arguments :
|
|
|
|
hkey - The handle to the registry key which has the list of
|
|
applications tracked.
|
|
|
|
appname - name of the process
|
|
|
|
Return Value :
|
|
|
|
TRUE if process is appended successfully.
|
|
FALSE otherwise.
|
|
|
|
--*/
|
|
|
|
BOOL
|
|
add_to_list(
|
|
HKEY hkey,
|
|
LPCWSTR appname
|
|
)
|
|
|
|
{
|
|
|
|
WCHAR c ;
|
|
INT i, j = 0 ;
|
|
UINT k ;
|
|
DWORD error_code ;
|
|
BOOL status = FALSE ;
|
|
LONG value, size = 0, new_size ;
|
|
WCHAR *buffer_got, *buffer_sent ;
|
|
|
|
// First find out size of buffer to allocate
|
|
// This buffer will hold the applications which are tracked
|
|
|
|
if ( RegQueryValueEx(
|
|
hkey,
|
|
TRACK_LIST_KEY,
|
|
NULL,
|
|
NULL,
|
|
(LPBYTE) NULL,
|
|
&size
|
|
) != ERROR_SUCCESS ) {
|
|
|
|
return (status) ;
|
|
}
|
|
|
|
buffer_got = (WCHAR *) malloc ( size * sizeof(WCHAR)) ;
|
|
if (buffer_got == NULL) {
|
|
return (status);
|
|
}
|
|
|
|
memset(buffer_got, 0, size * sizeof(WCHAR) ) ;
|
|
// Get the present list of tracked processes in buffer_got
|
|
|
|
if ( RegQueryValueEx(
|
|
hkey,
|
|
TRACK_LIST_KEY,
|
|
NULL,
|
|
NULL,
|
|
(LPBYTE) buffer_got,
|
|
&size
|
|
) != ERROR_SUCCESS ) {
|
|
|
|
free(buffer_got) ;
|
|
return (status) ;
|
|
}
|
|
|
|
// Append the present process to the track list
|
|
// Prepare buffer to hold it
|
|
// Size of new buffer will be the sum of the old buffer size
|
|
// and the size of the new application + one byte for the terminating NULL char (in bytes)
|
|
//
|
|
|
|
new_size = size + (wcslen(appname) + 1) * sizeof(WCHAR) ;
|
|
|
|
buffer_sent = (WCHAR *) malloc (new_size) ;
|
|
|
|
if (buffer_sent == NULL) {
|
|
free(buffer_got) ;
|
|
return (status);
|
|
}
|
|
|
|
memset( buffer_sent, 0, new_size ) ;
|
|
|
|
// check if this is the FIRST entry
|
|
// If so size will be 2 - corresponding to 2 NULL chars in a empty list
|
|
|
|
if ( size == 2 ) {
|
|
|
|
// this is the first entry
|
|
|
|
wcscpy(buffer_sent,appname) ;
|
|
j = wcslen(buffer_sent) ;
|
|
j++ ;
|
|
buffer_sent[j] = L'\0' ;
|
|
|
|
} else {
|
|
|
|
// size > 2 - append this process to the end of track list
|
|
|
|
for(i=0 ; i <= size-1 ; i++ ) {
|
|
|
|
if ( (buffer_got[i] == L'\0') &&
|
|
(buffer_got[i+1] == L'\0') ) {
|
|
|
|
break ;
|
|
|
|
}
|
|
|
|
buffer_sent[j++] = buffer_got[i] ;
|
|
|
|
} // end of for loop
|
|
|
|
buffer_sent[j++] = L'\0' ;
|
|
|
|
for(k=0 ; k <= wcslen(appname) - 1 ; k++) {
|
|
|
|
buffer_sent[j++] = (WCHAR) appname[k] ;
|
|
|
|
}
|
|
|
|
buffer_sent[j++] = L'\0' ;
|
|
buffer_sent[j] = L'\0' ;
|
|
|
|
} // size > 2
|
|
|
|
// write the new track list into registry
|
|
|
|
if ( RegSetValueEx(
|
|
hkey,
|
|
L"ApplicationList",
|
|
0,
|
|
REG_MULTI_SZ,
|
|
(CONST BYTE *) buffer_sent,
|
|
(j+1) * sizeof(WCHAR)
|
|
) != ERROR_SUCCESS ) {
|
|
|
|
// Free all the buffers which were allocated
|
|
|
|
free(buffer_got) ;
|
|
free(buffer_sent) ;
|
|
return (status) ;
|
|
|
|
}
|
|
|
|
status = TRUE ;
|
|
|
|
// Free the buffers allocated
|
|
|
|
free(buffer_got) ;
|
|
free(buffer_sent) ;
|
|
|
|
return(status) ;
|
|
|
|
} // end of function
|
|
|
|
|
|
/*++
|
|
|
|
Routine Description :
|
|
|
|
This Routine checks if the application resides in a local drive
|
|
or a remote network share. If it is a remote share, the UNC path
|
|
of the application is returned.
|
|
|
|
Arguments :
|
|
|
|
appname - name of the application
|
|
|
|
Return Value :
|
|
|
|
The UNC path of the appname if it resides in a remote server share.
|
|
The same appname if it resides in a local drive.
|
|
|
|
--*/
|
|
|
|
VOID
|
|
ResolveName(
|
|
LPCWSTR appname,
|
|
WCHAR *ResolvedName
|
|
)
|
|
|
|
{
|
|
|
|
UINT i ;
|
|
INT length ;
|
|
WCHAR LocalName[3] ;
|
|
WCHAR RootPathName[4] ;
|
|
WCHAR RemoteName[MAX_PATH] ;
|
|
DWORD size = MAX_PATH ;
|
|
DWORD DriveType, error_status ;
|
|
|
|
//
|
|
// ResolvedName will hold the name of the UNC path of the appname if it is in
|
|
// a remote server and share
|
|
|
|
memset(ResolvedName, 0, MAX_PATH * sizeof(WCHAR)) ;
|
|
|
|
// check if appname is a app in local drive or remote server share
|
|
|
|
// Parse the first 3 chars in appname to get the root directory of the drive
|
|
// where it resides
|
|
|
|
wcsncpy(RootPathName, appname, 3 ) ;
|
|
RootPathName[3] = L'\0';
|
|
|
|
// Find the type of the Drive where the app is
|
|
|
|
DriveType = GetDriveType(RootPathName) ;
|
|
|
|
if (DriveType == DRIVE_REMOTE) {
|
|
|
|
// Use WNetGetConnection to get the name of the remote share
|
|
|
|
// Parse the first two chars of the appname to get the local drive
|
|
// which is mapped onto the remote server and share
|
|
|
|
wcsncpy(LocalName, appname, 2 ) ;
|
|
LocalName[2] = L'\0' ;
|
|
|
|
error_status = WNetGetConnection (
|
|
LocalName,
|
|
RemoteName,
|
|
&size
|
|
) ;
|
|
|
|
if (error_status != NO_ERROR) {
|
|
|
|
wcscpy(ResolvedName,appname) ;
|
|
return ;
|
|
}
|
|
|
|
//
|
|
// Prepare ResolvedName - it will contain the Remote Server and Share name
|
|
// followed by a \ and then the appname
|
|
//
|
|
|
|
wcscpy( ResolvedName, RemoteName ) ;
|
|
|
|
length = wcslen(ResolvedName) ;
|
|
|
|
ResolvedName[length++] = L'\\' ;
|
|
|
|
for (i = 3 ; i <= wcslen(appname) ; i++ ) {
|
|
ResolvedName[length++] = appname[i] ;
|
|
}
|
|
|
|
ResolvedName[length] = L'\0' ;
|
|
|
|
return ;
|
|
|
|
|
|
} else {
|
|
|
|
// This application is in local drive and not in a remote server and share
|
|
// Just send the appname back to the calling function
|
|
|
|
wcscpy(ResolvedName,appname) ;
|
|
return ;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
/*++
|
|
|
|
Routine Description - This function checks if the present User belongs to the
|
|
group of PowerUser.
|
|
|
|
Arguments - none
|
|
|
|
Return Value - TRUE is the User belongs to the Group of PowerUser
|
|
FALSE if not.
|
|
|
|
--*/
|
|
|
|
BOOL
|
|
IsPowerUser(VOID)
|
|
{
|
|
BOOL IsMember, IsAnPower;
|
|
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
|
|
PSID PowerSid;
|
|
|
|
if (RtlAllocateAndInitializeSid(
|
|
&SystemSidAuthority,
|
|
2,
|
|
SECURITY_BUILTIN_DOMAIN_RID,
|
|
DOMAIN_ALIAS_RID_POWER_USERS,
|
|
0, 0, 0, 0, 0, 0,
|
|
&PowerSid
|
|
) != STATUS_SUCCESS) {
|
|
|
|
IsAnPower = FALSE;
|
|
} else {
|
|
|
|
if (!CheckTokenMembership(
|
|
NULL,
|
|
PowerSid,
|
|
&IsMember)) {
|
|
IsAnPower = FALSE;
|
|
} else {
|
|
IsAnPower = IsMember;
|
|
}
|
|
RtlFreeSid(PowerSid);
|
|
}
|
|
return IsAnPower;
|
|
|
|
}// end of function IsPowerUser
|
|
|
|
|
|
|