From 4cc354816b66eb3b9e3a865ddade44ed9c86b951 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=A9=20van=20Geldorp?= <ge@gse.nl>
Date: Sun, 6 Feb 2005 22:16:05 +0000
Subject: [PATCH] =?UTF-8?q?Herv=C3=A9=20Poussineau=20<poussine@freesurf.fr?=
 =?UTF-8?q?>=20(Partial)=20implementation=20of=20CheckTokenMembership()?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

svn path=/trunk/; revision=13453
---
 reactos/lib/advapi32/token/token.c | 83 +++++++++++++++++++++++++++---
 1 file changed, 76 insertions(+), 7 deletions(-)

diff --git a/reactos/lib/advapi32/token/token.c b/reactos/lib/advapi32/token/token.c
index 94d68c0fa45..3b42ec8d0d1 100644
--- a/reactos/lib/advapi32/token/token.c
+++ b/reactos/lib/advapi32/token/token.c
@@ -313,16 +313,85 @@ DuplicateToken (HANDLE ExistingTokenHandle,
 
 
 /*
- * @unimplemented
+ * @implemented
  */
 BOOL STDCALL
-CheckTokenMembership(HANDLE Token, PSID SidToCheck, PBOOL IsMember)
+CheckTokenMembership (HANDLE ExistingTokenHandle,
+                      PSID SidToCheck,
+                      PBOOL IsMember)
 {
-  DPRINT1("CheckTokenMembership not implemented\n");
-
-  SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
-
-  return FALSE;
+  HANDLE AccessToken;
+  BOOL ReleaseToken = FALSE;
+  BOOL Result = FALSE;
+  DWORD dwSize;
+  DWORD i;
+  PTOKEN_GROUPS lpGroups = NULL;
+  TOKEN_TYPE TokenInformation;
+ 
+  if (IsMember == NULL)
+  {
+    SetLastError(ERROR_INVALID_PARAMETER);
+    return FALSE;
+  }
+ 
+  if (ExistingTokenHandle == NULL)
+  {
+    /* Get impersonation token of the calling thread */
+    if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &ExistingTokenHandle))
+      return FALSE;
+ 
+    if (!DuplicateToken(ExistingTokenHandle, SecurityAnonymous, &AccessToken))
+    {
+      CloseHandle(ExistingTokenHandle);
+      goto ByeBye;
+    }
+    CloseHandle(ExistingTokenHandle);
+    ReleaseToken = TRUE; 
+  }
+  else
+  {
+    if (!GetTokenInformation(ExistingTokenHandle, TokenType, &TokenInformation, sizeof(TokenInformation), &dwSize))
+      goto ByeBye;
+    if (TokenInformation != TokenImpersonation)
+    {
+      /* Duplicate token to have a impersonation token */
+      if (!DuplicateToken(ExistingTokenHandle, SecurityAnonymous, &AccessToken))
+        return FALSE;
+      ReleaseToken = TRUE;
+    }
+    else
+      AccessToken = ExistingTokenHandle;
+  }
+ 
+  *IsMember = FALSE;
+  /* Search in groups of the token */
+  if (!GetTokenInformation(AccessToken, TokenGroups, NULL, 0, &dwSize))
+    goto ByeBye;
+  lpGroups = (PTOKEN_GROUPS)HeapAlloc(GetProcessHeap(), 0, dwSize);
+  if (!lpGroups)
+    goto ByeBye;
+  if (!GetTokenInformation(AccessToken, TokenGroups, lpGroups, dwSize, &dwSize))
+    goto ByeBye;
+  for (i = 0; i < lpGroups->GroupCount; i++)
+  {
+    if (EqualSid(SidToCheck, &lpGroups->Groups[i].Sid))
+    {
+      Result = TRUE;
+      *IsMember = TRUE;
+      goto ByeBye;
+    }
+  }
+  /* FIXME: Search in users of the token? */
+  DPRINT1("CheckTokenMembership() partially implemented!\n");
+  Result = TRUE;
+ 
+ByeBye:
+  if (lpGroups != NULL)
+    HeapFree(GetProcessHeap(), 0, lpGroups);
+  if (ReleaseToken)
+    CloseHandle(AccessToken);
+ 
+  return Result;
 }
 
 /* EOF */