Windows NT 4.0 source code leak
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

564 lines
21 KiB

//+-------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1993 - 1995.
//
// File: access.hxx
//
// Contents: common internal includes for access control API
//
// History: 8-94 Created DaveMont
//
//--------------------------------------------------------------------
#ifndef __ACCESSHXX__
#define __ACCESSHXX__
#define PSD_BASE_LENGTH 1024
//
// These are the prototypes of the exported functions we need from
// netapi32.dll and samlib.dll and winspool.drv
//
typedef NTSTATUS (*PSAM_CLOSE_HANDLE)( SAM_HANDLE SamHandle );
typedef NTSTATUS (*PSAM_OPEN_DOMAIN)( SAM_HANDLE ServerHandle,
ACCESS_MASK DesiredAccess,
PSID DomainId,
PSAM_HANDLE DomainHandle );
typedef NTSTATUS (*PSAM_CONNECT)( PUNICODE_STRING ServerName,
PSAM_HANDLE ServerHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes );
typedef NTSTATUS (*PSAM_GET_MEMBERS_IN_GROUP)( SAM_HANDLE GroupHandle,
PULONG * MemberIds,
PULONG * Attributes,
PULONG MemberCount );
typedef NTSTATUS (*PSAM_OPEN_GROUP)( SAM_HANDLE DomainHandle,
ACCESS_MASK DesiredAccess,
ULONG GroupId,
PSAM_HANDLE GroupHandle );
typedef NTSTATUS (*PSAM_GET_MEMBERS_IN_ALIAS)( SAM_HANDLE AliasHandle,
PSID ** MemberIds,
PULONG MemberCount );
typedef NTSTATUS (*PSAM_OPEN_ALIAS)( SAM_HANDLE DomainHandle,
ACCESS_MASK DesiredAccess,
ULONG AliasId,
PSAM_HANDLE AliasHandle );
typedef NET_API_STATUS (NET_API_FUNCTION *PNET_API_BUFFER_FREE)(LPVOID Buffer);
typedef NET_API_STATUS (NET_API_FUNCTION *PNET_SHARE_GET_INFO)(
LPTSTR servername,
LPTSTR netname,
DWORD level,
LPBYTE *bufptr );
typedef NET_API_STATUS (NET_API_FUNCTION *PNET_SHARE_SET_INFO)(
LPTSTR servername,
LPTSTR netname,
DWORD level,
LPBYTE buf,
LPDWORD parm_err );
typedef NET_API_STATUS (NET_API_FUNCTION *PINET_GET_DC_LIST)(
LPTSTR ServerName OPTIONAL,
LPTSTR TrustedDomainName,
PULONG DCCount,
PUNICODE_STRING * DCNames );
typedef BOOL (WINAPI *POPEN_PRINTER)(
LPWSTR pPrinterName,
LPHANDLE phPrinter,
LPPRINTER_DEFAULTSW pDefault );
typedef BOOL (WINAPI *PCLOSE_PRINTER)(
HANDLE hPrinter );
typedef BOOL (WINAPI *PSET_PRINTER)(
HANDLE hPrinter,
DWORD Level,
LPBYTE pPrinter,
DWORD Command );
typedef BOOL (WINAPI *PGET_PRINTER)(
HANDLE hPrinter,
DWORD Level,
LPBYTE pPrinter,
DWORD cbBuf,
LPDWORD pcbNeeded );
//
// Define a table of exported functions from netapi32.dll and samlib.dll that
// are needed by accctrl. We explicitly load these dynamic libraries when
// we need them.
//
#define LOADED_ALL_FUNCS 0x01
typedef struct _DLLFuncsTable
{
DWORD dwFlags;
PSAM_CLOSE_HANDLE PSamCloseHandle;
PSAM_OPEN_DOMAIN PSamOpenDomain;
PSAM_CONNECT PSamConnect;
PSAM_GET_MEMBERS_IN_GROUP PSamGetMembersInGroup;
PSAM_OPEN_GROUP PSamOpenGroup;
PSAM_GET_MEMBERS_IN_ALIAS PSamGetMembersInAlias;
PSAM_OPEN_ALIAS PSamOpenAlias;
PNET_API_BUFFER_FREE PNetApiBufferFree;
PNET_SHARE_GET_INFO PNetShareGetInfo;
PNET_SHARE_SET_INFO PNetShareSetInfo;
PINET_GET_DC_LIST PI_NetGetDCList;
POPEN_PRINTER POpenPrinter;
PCLOSE_PRINTER PClosePrinter;
PSET_PRINTER PSetPrinter;
PGET_PRINTER PGetPrinter;
} DLLFuncsTable;
extern DLLFuncsTable DLLFuncs;
typedef enum _PROV_PATH_TYPE
{
PROV_UNC = 1,
PROV_DFS,
PROV_NT_RDR,
PROV_RDR,
PROV_LOCAL
} PROV_PATH_TYPE, *PPROV_PATH_TYPE;
//
// used in AccountAccess accesstype for ACEs with both audit success and
// audit failure flags set, this is not exposed to the user
//
#define SE_AUDIT_BOTH 99
//
// Security open type (used to help determine permissions to use on open)
//
typedef enum _SECURITY_OPEN_TYPE
{
READ_ACCESS_RIGHTS = 0,
WRITE_ACCESS_RIGHTS,
MODIFY_ACCESS_RIGHTS,
} SECURITY_OPEN_TYPE, *PSECURITY_OPEN_TYPE;
//
// map inheritance to ACE flags
//
#define MAPPING_OBJECT 0
#define MAPPING_SUB_CONTAINERS_ONLY 0xA
#define MAPPING_SUB_OBJECTS_ONLY 0x9
#define MAPPING_SUB_CONTAINERS_AND_OBJECTS 0xB
#define MAPPING_ALL 0x3
//
// suppliment to service access rights
//
#define SERVICE_READ (STANDARD_RIGHTS_READ | \
SERVICE_INTERROGATE | \
SERVICE_ENUMERATE_DEPENDENTS | \
SERVICE_QUERY_STATUS | \
SERVICE_QUERY_CONFIG)
#define SERVICE_WRITE (STANDARD_RIGHTS_READ | \
SERVICE_CHANGE_CONFIG)
#define SERVICE_EXECUTE (STANDARD_RIGHTS_READ | \
SERVICE_USER_DEFINED_CONTROL | \
SERVICE_PAUSE_CONTINUE | \
SERVICE_START | \
SERVICE_STOP)
//+---------------------------------------------------------------------------
// Function: Add2Ptr
//
// Synopsis: Add an unscaled increment to a ptr regardless of type.
//
// Arguments: [pv] -- Initial ptr.
// [cb] -- Increment
//
// Returns: Incremented ptr.
//
//----------------------------------------------------------------------------
inline
VOID *Add2Ptr(PVOID pv, ULONG cb)
{
return((PBYTE) pv + cb);
}
//+-------------------------------------------------------------------------
// memory.cxx
//+-------------------------------------------------------------------------
void *AccAlloc(ULONG cSize);
#define AccFree LocalFree
//+-------------------------------------------------------------------------
// helper.cxx
//+-------------------------------------------------------------------------
ULONG
TrusteeAllocationSize(IN PTRUSTEE_W pTrustee);
ULONG
TrusteeAllocationSizeWToA(IN PTRUSTEE_W pTrustee);
ULONG
TrusteeAllocationSizeAToW(IN PTRUSTEE_A pTrustee);
VOID
SpecialCopyTrustee(VOID **pStuffPtr, PTRUSTEE pToTrustee, PTRUSTEE pFromTrustee);
DWORD
CopyTrusteeAToTrusteeW( IN OUT VOID ** ppStuffPtr,
IN PTRUSTEE_A pFromTrusteeA,
OUT PTRUSTEE_W pToTrusteeW );
DWORD
CopyTrusteeWToTrusteeA( IN OUT VOID ** ppStuffPtr,
IN PTRUSTEE_W pFromTrusteeW,
OUT PTRUSTEE_A pToTrusteeA );
DWORD
ExplicitAccessAToExplicitAccessW( IN ULONG cCountAccesses,
IN PEXPLICIT_ACCESS_A paAccess,
OUT PEXPLICIT_ACCESS_W * ppwAccess );
DWORD
ExplicitAccessWToExplicitAccessA( IN ULONG cCountAccesses,
IN PEXPLICIT_ACCESS_W pwAccess,
OUT PEXPLICIT_ACCESS_A * ppaAccess );
//+-------------------------------------------------------------------------
// target.cxx
//+-------------------------------------------------------------------------
DWORD
GetAccessEntries( IN HANDLE Handle,
IN SE_OBJECT_TYPE SeObjectType,
IN LPWSTR pMachineName,
OUT PULONG pcSizeOfAccessEntries,
OUT PULONG pcCcountOfAccessEntries,
OUT PACCESS_ENTRY *pListOfAccessEntries);
DWORD
SetAccessEntries( IN HANDLE Handle,
IN SE_OBJECT_TYPE SeObjectType,
IN LPWSTR pMachineName,
IN ULONG cCcountOfAccessEntries,
IN PACCESS_ENTRY pListOfAccessEntries,
IN BOOL bReplaceAll);
DWORD
GetEffective( IN HANDLE Handle,
IN SE_OBJECT_TYPE SeObjectType,
IN LPWSTR pMachineName,
IN PTRUSTEE pTrustee,
OUT PACCESS_MASK pAccessMask);
//+-------------------------------------------------------------------------
// namebase.cxx
//+-------------------------------------------------------------------------
DWORD
GetNameAccessEntries( IN LPWSTR pObjectName,
IN SE_OBJECT_TYPE SeObjectType,
IN LPWSTR pMachineName,
OUT PULONG pcSizeOfAccessEntries,
OUT PULONG pcCcountOfAccessEntries,
OUT PACCESS_ENTRY *pListOfAccessEntries);
DWORD
SetNameAccessEntries( IN LPWSTR pObjectName,
IN SE_OBJECT_TYPE SeObjectType,
IN LPWSTR pMachineName,
IN ULONG cCcountOfAccessEntries,
IN PACCESS_ENTRY pListOfAccessEntries,
IN BOOL bReplaceAll);
DWORD
GetNameEffective( IN LPWSTR pObjectName,
IN SE_OBJECT_TYPE SeObjectType,
IN LPWSTR pMachineName,
IN PTRUSTEE pTrustee,
OUT PACCESS_MASK pAccessMask);
//+-------------------------------------------------------------------------
// aclutil.cxx
//+-------------------------------------------------------------------------
DWORD
Win32ExplicitAccessToAccessEntry(IN ULONG cCount,
IN PEXPLICIT_ACCESS pExplicitAccessList,
OUT PACCESS_ENTRY *pAccessEntryList);
DWORD
AccessEntryToWin32ExplicitAccess(IN ULONG cCountOfAccessEntries,
IN PACCESS_ENTRY pListOfAccessEntries,
OUT PEXPLICIT_ACCESS *pListOfExplicitAccesses);
HRESULT AccLookupAccountSid(OUT PSID *psid,
IN TRUSTEE *name);
HRESULT AccLookupAccountTrustee( OUT PTRUSTEE * ppTrustee,
IN PSID psid);
DWORD LoadDLLFuncTable();
//+-------------------------------------------------------------------------
// downlevel\downlvl.cxx
//+-------------------------------------------------------------------------
DWORD
LoadDownLevelProviderDll(LPWSTR Rdr);
//+-------------------------------------------------------------------------
// common.cxx
//+-------------------------------------------------------------------------
DWORD
IsContainer(IN HANDLE handle,
IN SE_OBJECT_TYPE SeObjectType,
OUT PIS_CONTAINER IsContainer);
ACCESS_MASK GetDesiredAccess(IN SECURITY_OPEN_TYPE OpenType,
IN SECURITY_INFORMATION SecurityInfo);
DWORD ParseName(IN LPWSTR ObjectName,
OUT LPWSTR *MachineName,
OUT LPWSTR *RemainingName);
DWORD GetSecurityDescriptorParts( IN PISECURITY_DESCRIPTOR pSecurityDescriptor,
IN SECURITY_INFORMATION SecurityInfo,
OUT PSID *psidOwner,
OUT PSID *psidGroup,
OUT PACL *pDacl,
OUT PACL *pSacl,
OUT PSECURITY_DESCRIPTOR *pOutSecurityDescriptor);
DWORD OpenObject( IN LPWSTR ObjectName,
IN SE_OBJECT_TYPE SeObjectType,
IN ACCESS_MASK AccessMask,
OUT PHANDLE handle);
DWORD CloseObject(IN HANDLE handle,
IN SE_OBJECT_TYPE SeObjectType);
//+-------------------------------------------------------------------------
// file.cxx
//+-------------------------------------------------------------------------
DWORD
IsFileContainer(IN HANDLE Handle,
OUT PIS_CONTAINER IsContainer);
DWORD
GetNamedFileSecurityInfo( IN LPWSTR pObjectName,
IN SECURITY_INFORMATION SecurityInfo,
OUT PSID *psidOwner,
OUT PSID *psidGroup,
OUT PACL *pDacl,
OUT PACL *pSacl,
OUT PSECURITY_DESCRIPTOR *pSecurityDescriptor);
DWORD
SetNamedFileSecurityInfo( IN LPWSTR pObjectName,
IN SECURITY_INFORMATION SecurityInfo,
IN PSECURITY_DESCRIPTOR pSecurityDescriptor);
DWORD
OpenFileObject( IN LPWSTR pObjectName,
IN ACCESS_MASK AccessMask,
OUT PHANDLE handle);
void GetFileAccessMaskFromProviderIndependentRights(IN ULONG AccessRights,
IN OUT PACCESS_MASK AccessMask);
ULONG GetFileProviderIndependentRightsFromAccessMask(IN BOOL fIsContainer,
IN ACCESS_MASK AccessMask);
//+-------------------------------------------------------------------------
// service.cxx
//+-------------------------------------------------------------------------
DWORD
GetNamedServiceSecurityInfo( IN LPWSTR pObjectName,
IN SECURITY_INFORMATION SecurityInfo,
OUT PSID *psidOwner,
OUT PSID *psidGroup,
OUT PACL *pDacl,
OUT PACL *pSacl,
OUT PSECURITY_DESCRIPTOR *pSecurityDescriptor);
DWORD
GetServiceSecurityInfo( IN HANDLE Handle,
IN SECURITY_INFORMATION SecurityInfo,
OUT PSID *psidOwner,
OUT PSID *psidGroup,
OUT PACL *pDacl,
OUT PACL *pSacl,
OUT PSECURITY_DESCRIPTOR *pSecurityDescriptor);
DWORD
SetNamedServiceSecurityInfo( IN LPWSTR pObjectName,
IN SECURITY_INFORMATION SecurityInfo,
IN PSECURITY_DESCRIPTOR pSecurityDescriptor);
DWORD
OpenServiceObject( IN LPWSTR pObjectName,
IN ACCESS_MASK AccessMask,
OUT PHANDLE Handle);
void GetServiceAccessMaskFromProviderIndependentRights(
IN ULONG AccessRights,
IN OUT PACCESS_MASK AccessMask);
ULONG GetServiceProviderIndependentRightsFromAccessMask(IN ACCESS_MASK AccessMask);
//+-------------------------------------------------------------------------
// printer.cxx
//+-------------------------------------------------------------------------
DWORD
GetNamedPrinterSecurityInfo( IN LPWSTR pObjectName,
IN SECURITY_INFORMATION SecurityInfo,
OUT PSID *psidOwner,
OUT PSID *psidGroup,
OUT PACL *pDacl,
OUT PACL *pSacl,
OUT PSECURITY_DESCRIPTOR *pSecurityDescriptor);
DWORD
GetPrinterSecurityInfo( IN HANDLE Handle,
IN SECURITY_INFORMATION SecurityInfo,
OUT PSID *psidOwner,
OUT PSID *psidGroup,
OUT PACL *pDacl,
OUT PACL *pSacl,
OUT PSECURITY_DESCRIPTOR *pSecurityDescriptor);
DWORD
SetNamedPrinterSecurityInfo( IN LPWSTR pObjectName,
IN SECURITY_INFORMATION SecurityInfo,
IN PSECURITY_DESCRIPTOR pSecurityDescriptor);
DWORD
SetPrinterSecurityInfo( IN HANDLE Handle,
IN SECURITY_INFORMATION SecurityInfo,
IN PSECURITY_DESCRIPTOR pSecurityDescriptor);
DWORD
OpenPrinterObject( IN LPWSTR pObjectName,
IN ACCESS_MASK AccessMask,
OUT PHANDLE Handle);
void GetPrinterAccessMaskFromProviderIndependentRights(
IN ULONG AccessRights,
IN OUT PACCESS_MASK AccessMask);
ULONG
GetPrinterProviderIndependentRightsFromAccessMask(IN ACCESS_MASK AccessMask);
//+-------------------------------------------------------------------------
// registry.cxx
//+-------------------------------------------------------------------------
DWORD
GetNamedRegistrySecurityInfo( IN LPWSTR pObjectName,
IN SECURITY_INFORMATION SecurityInfo,
OUT PSID *psidOwner,
OUT PSID *psidGroup,
OUT PACL *pDacl,
OUT PACL *pSacl,
OUT PSECURITY_DESCRIPTOR *pSecurityDescriptor);
DWORD
GetRegistrySecurityInfo( IN HANDLE Handle,
IN SECURITY_INFORMATION SecurityInfo,
OUT PSID *psidOwner,
OUT PSID *psidGroup,
OUT PACL *pDacl,
OUT PACL *pSacl,
OUT PSECURITY_DESCRIPTOR *pSecurityDescriptor);
DWORD
SetNamedRegistrySecurityInfo( IN LPWSTR pObjectName,
IN SECURITY_INFORMATION SecurityInfo,
IN PSECURITY_DESCRIPTOR pSecurityDescriptor);
DWORD
OpenRegistryObject( IN LPWSTR pObjectName,
IN ACCESS_MASK AccessMask,
OUT PHANDLE Handle);
void GetRegistryAccessMaskFromProviderIndependentRights(
IN ULONG AccessRights,
IN OUT PACCESS_MASK AccessMask);
ULONG
GetRegistryProviderIndependentRightsFromAccessMask(IN ACCESS_MASK AccessMask);
//+-------------------------------------------------------------------------
// window.cxx
//+-------------------------------------------------------------------------
DWORD
GetWindowSecurityInfo( IN HANDLE Handle,
IN SECURITY_INFORMATION SecurityInfo,
OUT PSID *psidOwner,
OUT PSID *psidGroup,
OUT PACL *pDacl,
OUT PACL *pSacl,
OUT PSECURITY_DESCRIPTOR *pSecurityDescriptor);
//+-------------------------------------------------------------------------
// kernel.cxx
//+-------------------------------------------------------------------------
DWORD
GetKernelSecurityInfo( IN HANDLE Handle,
IN SECURITY_INFORMATION SecurityInfo,
OUT PSID *psidOwner,
OUT PSID *psidGroup,
OUT PACL *pDacl,
OUT PACL *pSacl,
OUT PSECURITY_DESCRIPTOR *pSecurityDescriptor);
DWORD
GetNamedKernelSecurityInfo( IN LPWSTR pwstrObjectName ,
IN SECURITY_INFORMATION SecurityInfo,
OUT PSID * psidOwner,
OUT PSID * psidGroup,
OUT PACL * pDacl,
OUT PACL * pSacl,
OUT PSECURITY_DESCRIPTOR * pSecurityDescriptor);
DWORD
SetNamedKernelSecurityInfo( IN LPWSTR pwstrObjectName ,
IN SECURITY_INFORMATION SecurityInfo,
IN PSECURITY_DESCRIPTOR pSecurityDescriptor);
//+-------------------------------------------------------------------------
// lmshare.cxx
//+-------------------------------------------------------------------------
DWORD
GetNamedLmShareSecurityInfo( IN LPWSTR pObjectName,
IN SECURITY_INFORMATION SecurityInfo,
OUT PSID *psidOwner,
OUT PSID *psidGroup,
OUT PACL *pDacl,
OUT PACL *pSacl,
OUT PSECURITY_DESCRIPTOR *pSecurityDescriptor);
DWORD
SetNamedLmShareSecurityInfo( IN LPWSTR pObjectName,
IN PSECURITY_DESCRIPTOR pSecurityDescriptor);
DWORD
GetLmShareAccessEntries( LPWSTR pObjectName,
LPWSTR pMachineName,
PULONG cSizeOfAccessEntries,
PULONG cCountOfAccessEntries,
PACCESS_ENTRY *pListOfAccessEntries);
DWORD
SetLmShareAccessEntries( LPWSTR pObjectName,
LPWSTR pMachineName,
ULONG cCountOfAccessEntries,
PACCESS_ENTRY pListOfAccessEntries,
BOOL bReplaceAll);
DWORD
GetLmShareEffective( LPWSTR pObjectName,
LPWSTR pMachineName,
PTRUSTEE pTrustee,
PACCESS_MASK AccessMask);
#endif // __ACCESSHXX__