64 lines
1.8 KiB
C++
64 lines
1.8 KiB
C++
//+--------------------------------------------------------------------------
|
|
// File: prvlg.h
|
|
// Contents: privilege manager declaration
|
|
//---------------------------------------------------------------------------
|
|
#include <ntsecapi.h>
|
|
namespace CertSrv
|
|
{
|
|
|
|
// define event
|
|
|
|
class CPrivilegeManager
|
|
{
|
|
public:
|
|
|
|
CPrivilegeManager() :
|
|
m_lsah(NULL),
|
|
m_pAddPrivilegeBackup(NULL),
|
|
m_pAddPrivilegeAudit(NULL),
|
|
m_pRemovePrivilegeBackup(NULL),
|
|
m_pRemovePrivilegeAudit(NULL) {};
|
|
|
|
~CPrivilegeManager()
|
|
{
|
|
if(m_pAddPrivilegeBackup)
|
|
LocalFree(m_pAddPrivilegeBackup);
|
|
if(m_pAddPrivilegeAudit)
|
|
LocalFree(m_pAddPrivilegeAudit);
|
|
if(m_pRemovePrivilegeBackup)
|
|
LocalFree(m_pRemovePrivilegeBackup);
|
|
if(m_pRemovePrivilegeAudit)
|
|
LocalFree(m_pRemovePrivilegeAudit);
|
|
}
|
|
|
|
HRESULT ComputePrivilegeChanges(
|
|
const PSECURITY_DESCRIPTOR pOldSD,
|
|
const PSECURITY_DESCRIPTOR pNewSD);
|
|
HRESULT UpdatePrivileges();
|
|
|
|
protected:
|
|
|
|
HRESULT OpenPolicy();
|
|
HRESULT ClosePolicy();
|
|
HRESULT AddPrivilege(const PSID pSid, DWORD dwRole);
|
|
HRESULT RemovePrivilege(const PSID pSid, DWORD dwRole);
|
|
void GetPrivilegeString(
|
|
DWORD dwRole,
|
|
PLSA_UNICODE_STRING &plsastr,
|
|
ULONG &cstr);
|
|
HRESULT InitBuffer(PACCESS_ALLOWED_ACE **buffer, DWORD cAce);
|
|
|
|
LSA_HANDLE m_lsah;
|
|
PACCESS_ALLOWED_ACE *m_pAddPrivilegeBackup;
|
|
PACCESS_ALLOWED_ACE *m_pAddPrivilegeAudit;
|
|
PACCESS_ALLOWED_ACE *m_pRemovePrivilegeBackup;
|
|
PACCESS_ALLOWED_ACE *m_pRemovePrivilegeAudit;
|
|
|
|
DWORD m_cOldAce, m_cNewAce;
|
|
|
|
static LSA_UNICODE_STRING m_lsaSecurityPrivilege[];
|
|
static LSA_UNICODE_STRING m_lsaBackupRestorePrivilege[];
|
|
|
|
}; // class CPrivilegeManager
|
|
} // namespace CertSrv
|