1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
/* Copyright (C) 2002-2005 RealVNC Ltd. All Rights Reserved.
*
* This is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this software; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
*/
// CurrentUser.h
// Helper class providing the session's logged on username, if
// a user is logged on. Also allows processes running under
// XP/2K3 etc to masquerade as the logged on user for security
// purposes
#ifndef __RFB_WIN32_CURRENT_USER_H__
#define __RFB_WIN32_CURRENT_USER_H__
#include <rfb_win32/Handle.h>
#include <rfb_win32/Security.h>
namespace rfb {
namespace win32 {
// CurrentUserToken
// CurrentUserToken is a Handle containing the security token
// for the currently logged-on user, or null if no user is
// logged on.
//
// Under Windows 95/98/Me, which don't support security tokens,
// the token will be INVALID_HANDLE_VALUE if a user is logged on.
//
// Under Windows NT/2K, it may be the case that the token is
// null even when a user *is* logged on, because we use some hacks
// to detect the user's token and sometimes they fail. On these
// platforms, isSafe() will return False if the token is null.
//
// Under Windows XP, etc, isSafe() will always be True, and the token
// will always be set to the currently logged on user's token.
//
// canImpersonate() tests whether there is a user token that is safe
// to impersonate.
//
// noUserLoggedOn() tests whether there is *definitely* no user logged on.
struct CurrentUserToken : public Handle {
CurrentUserToken();
bool isSafe() const { return isSafe_; };
bool canImpersonate() const { return h && isSafe(); }
bool noUserLoggedOn() const { return !h && isSafe(); }
private:
bool isSafe_;
};
// ImpersonateCurrentUser
// Throws an exception on failure.
// Succeeds (trivially) if process is not running as service.
// Fails if CurrentUserToken is not valid.
// Fails if platform is NT AND cannot impersonate token.
// Succeeds otherwise.
struct ImpersonateCurrentUser {
ImpersonateCurrentUser();
~ImpersonateCurrentUser();
CurrentUserToken token;
};
// UserName
// Returns the name of the user the thread is currently running as.
// Raises a SystemException in case of error.
// NB: Raises a SystemException with err == ERROR_NOT_LOGGED_ON if
// running under Windows 9x/95/Me and no user is logged on.
struct UserName : public TCharArray {
UserName();
};
// UserSID
// Returns the SID of the currently logged-on user (i.e. the session user)
struct UserSID : public Sid {
UserSID();
};
}
}
#endif
|
