[
uuid (52c0e9e2-c0c0-11cf-aeec-00aa0044fb89),
version(1.0),
pointer_default(unique)
]
interface AccCntrlPickle
{

import "unknwn.idl";
#pragma midl_echo("#ifndef UNICODE")
#pragma midl_echo("#define UNICODE")
#pragma midl_echo("#else")
#pragma midl_echo("#define UNICODE_IS_DEFINED")
#pragma midl_echo("#endif")
#pragma midl_echo("#ifndef __ACCESS_CONTROL__")
#pragma midl_echo("#define __ACCESS_CONTROL__")
#include "accctrl.h";
#pragma midl_echo("#endif")
#pragma midl_echo("#ifndef UNICODE_IS_DEFINED")
#pragma midl_echo("#undef UNICODE")
#pragma midl_echo("#endif")

// Since the midl compiler doesn't like the syntax in ntseapi.h, I have to
// redefine the following two structures using slighlty different names.
// Type casting may be needed in the source code assign the SID to the pSID
// field in the STREAM_ACE structure.
typedef struct tagSSID_IDENTIFIER_AUTHORITY{
    UCHAR Value[6];
} SSID_IDENTIFIER_AUTHORITY;


typedef struct tagSTREAM_SID
{
    UCHAR                               Revision;
    UCHAR                               SubAuthorityCount;
    SSID_IDENTIFIER_AUTHORITY           IdentifierAuthority;
    [size_is(SubAuthorityCount)]ULONG   SubAuthority[*];
}STREAM_SID, *PSTREAM_SID;

// The following structure describes what an ACE should look like
// in persistent form. Notice that the following structure doesn't
// contain all the fields in the EXPLICIT_ACCESS structure defined in
// sdk\inc\accctrl.h. Right now, the amount of information maintained inside
// this structure is kept at a minimal, should additional fields be required
// in the future, converters can be created to transform different versions
// stream ACEs based on the version code in the header.
typedef struct tagSTREAM_ACE
{
  DWORD             grfAccessPermissions;
  ACCESS_MODE       grfAccessMode;
  TRUSTEE_TYPE      TrusteeType;
  TRUSTEE_FORM      TrusteeForm;
  LPWSTR            pTrusteeName;
  PSTREAM_SID       pSID;
} STREAM_ACE;


// The STREAM_ACL structure describes the persistent form of the ACL.
// The current version of the structure can only support the DENY_ACCESS mode
// ACEs and the GRANT_ACCESS mode ACEs. SET_ACCESS mode ACEs can supported
// by adding ulNumOfSetEntries field to the structure.
typedef struct tagSTREAM_ACL
{
    ULONG   ulNumOfDenyEntries;
    ULONG   ulNumOfGrantEntries;
    [ size_is(ulNumOfDenyEntries + ulNumOfGrantEntries)]
            STREAM_ACE *pACL;
} STREAM_ACL;

// The STREAM_HEADER structure is placed before the encoded STREAM_ACL structure
// when the client invokes the IPersistStream::Save method of the CImpAccessControl
// class. This structure contains the encoded size of the STREAM_ACL structure so that
// the IPersistStream method knowns how many bytes to read from the stream when
// the ACL is reloaded. The STREAM_HEADER structure also contains the
// version code of the STREAM_ACL which allows cnoverters to be made if either the
// STREAM_ACL or STREAM_ACE structure is expanded in the future.
typedef struct tagSTREAM_HEADER
{
    ULONG   ulStreamVersion;
    ULONG   ulPickledSize;
} STREAM_HEADER;


} // AccCntrlPickle