/* Copyright (C) 2002-2005 RealVNC Ltd.  All Rights Reserved.
 * 
 * This is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 * 
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this software; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
 * USA.
 */

// CurrentUser.h

// Helper class providing the session's logged on username, if
// a user is logged on.  Also allows processes running under
// XP/2K3 etc to masquerade as the logged on user for security
// purposes

#ifndef __RFB_WIN32_CURRENT_USER_H__
#define __RFB_WIN32_CURRENT_USER_H__

#include <rfb_win32/Handle.h>
#include <rfb_win32/Security.h>

namespace rfb {

  namespace win32 {

    // CurrentUserToken
    //   CurrentUserToken is a Handle containing the security token
    //   for the currently logged-on user, or null if no user is
    //   logged on.
    //
    //   Under Windows 95/98/Me, which don't support security tokens,
    //   the token will be INVALID_HANDLE_VALUE if a user is logged on.
    //
    //   Under Windows NT/2K, it may be the case that the token is
    //   null even when a user *is* logged on, because we use some hacks
    //   to detect the user's token and sometimes they fail.  On these
    //   platforms, isSafe() will return False if the token is null.
    //
    //   Under Windows XP, etc, isSafe() will always be True, and the token
    //   will always be set to the currently logged on user's token.
    //
    //   canImpersonate() tests whether there is a user token that is safe
    //   to impersonate.
    //
    //   noUserLoggedOn() tests whether there is *definitely* no user logged on.

    struct CurrentUserToken : public Handle {
      CurrentUserToken();
      bool isSafe() const { return isSafe_; };
      bool canImpersonate() const { return h && isSafe(); }
      bool noUserLoggedOn() const { return !h && isSafe(); }
    private:
      bool isSafe_;
    };

    // ImpersonateCurrentUser
    //   Throws an exception on failure.
    //   Succeeds (trivially) if process is not running as service.
    //   Fails if CurrentUserToken is not valid.
    //   Fails if platform is NT AND cannot impersonate token.
    //   Succeeds otherwise.

    struct ImpersonateCurrentUser {
      ImpersonateCurrentUser();
      ~ImpersonateCurrentUser();
      CurrentUserToken token;
    };

    // UserName
    //   Returns the name of the user the thread is currently running as.
    //   Raises a SystemException in case of error.
    //   NB: Raises a SystemException with err == ERROR_NOT_LOGGED_ON if
    //       running under Windows 9x/95/Me and no user is logged on.

    struct UserName : public TCharArray {
      UserName();
    };

    // UserSID
    //   Returns the SID of the currently logged-on user (i.e. the session user)

    struct UserSID : public Sid {
      UserSID();
    };

  }

}

#endif