Windows: Only allow the local system account to speak to the redirector

[openafs.git] / src / WINNT / afsrdr / kernel / fs / AFSProcessSupport.cpp

diff --git a/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp b/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp
index 22cf280..a815724 100644 (file)
--- a/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp
+++ b/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp
@@ -941,3 +941,28 @@ try_exit:
 
     return pThreadCB;
 }
+
+BOOLEAN
+AFSIsUser( IN PSID Sid)
+{
+    SECURITY_SUBJECT_CONTEXT subjectContext;
+    PTOKEN_USER user;
+    PACCESS_TOKEN token;
+    BOOLEAN retVal = FALSE;
+
+    SeCaptureSubjectContext( &subjectContext);
+    SeLockSubjectContext( &subjectContext);
+
+    token = SeQuerySubjectContextToken( &subjectContext);
+
+    if (NT_SUCCESS (SeQueryInformationToken( token, TokenUser, (PVOID*) &user)))
+    {
+
+        retVal = RtlEqualSid( user->User.Sid, Sid);
+
+        ExFreePool( user );
+    }
+    SeUnlockSubjectContext( &subjectContext);
+    SeReleaseSubjectContext( &subjectContext);
+    return retVal;
+}