archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
4.9 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/admin/pchealth/core/include/mpc_security.h

315 lines
16 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /******************************************************************************
  3. Copyright (c) 2000 Microsoft Corporation
  5. Module Name:
  6. MPC_security.h
  8. Abstract:
  9. This file contains the declaration of various security functions/classes.
  11. Revision History:
  12. Davide Massarenti (Dmassare) 04/26/2000
  13. created
  15. ******************************************************************************/
  17. #if !defined(__INCLUDED___MPC___SECURITY_H___)
  18. #define __INCLUDED___MPC___SECURITY_H___
  20. #include <MPC_main.h>
  21. #include <MPC_utils.h>
  24. #include <Ntsecapi.h>
  26. //
  27. // From #include <Ntstatus.h> (including the file generates a lot of redefinition error with WINNT.H)
  28. //
  29. #define STATUS_SUCCESS ((NTSTATUS)0x00000000L) // ntsubauth
  30. #define STATUS_OBJECT_NAME_NOT_FOUND ((NTSTATUS)0xC0000034L)
  32. #include <Lmaccess.h>
  33. #include <Lmerr.h>
  34. #include <Sddl.h>
  36. #include <sspi.h>
  37. #include <secext.h>
  39. namespace MPC
  40. {
  41. struct SID2
  42. {
  43. SID m_main;
  44. DWORD m_SubAuthority2;
  46. operator SID&() { return m_main; }
  47. };
  49. class SecurityDescriptor
  50. {
  51. protected: // To enable other classes to extend the functionality.
  53. PSECURITY_DESCRIPTOR m_pSD;
  54. PSID m_pOwner;
  55. BOOL m_bOwnerDefaulted;
  56. PSID m_pGroup;
  57. BOOL m_bGroupDefaulted;
  58. PACL m_pDACL;
  59. BOOL m_bDaclDefaulted;
  60. PACL m_pSACL;
  61. BOOL m_bSaclDefaulted;
  63. ////////////////////////////////////////////////////////////////////////////////
  65. public:
  66. static const SID s_EveryoneSid;
  67. static const SID s_SystemSid;
  68. static const SID2 s_AdminSid;
  70. static const SID2 s_Alias_AdminsSid;
  71. static const SID2 s_Alias_PowerUsersSid;
  72. static const SID2 s_Alias_UsersSid;
  73. static const SID2 s_Alias_GuestsSid;
  76. static const SECURITY_INFORMATION s_SecInfo_ALL = OWNER_SECURITY_INFORMATION |
  77. GROUP_SECURITY_INFORMATION |
  78. DACL_SECURITY_INFORMATION |
  79. SACL_SECURITY_INFORMATION ;
  81. static const SECURITY_INFORMATION s_SecInfo_MOST = OWNER_SECURITY_INFORMATION |
  82. GROUP_SECURITY_INFORMATION |
  83. DACL_SECURITY_INFORMATION ;
  85. static const SECURITY_DESCRIPTOR_CONTROL s_sdcMask = SE_DACL_AUTO_INHERIT_REQ |
  86. SE_SACL_AUTO_INHERIT_REQ |
  87. SE_DACL_AUTO_INHERITED |
  88. SE_SACL_AUTO_INHERITED |
  89. SE_DACL_PROTECTED |
  90. SE_SACL_PROTECTED ;
  92. //
  93. // Any memory returned by this class should be release with ReleaseMemory( (void*&)<var> ).
  94. //
  95. static HRESULT AllocateMemory( /*[in/out]*/ LPVOID& ptr, /*[in]*/ size_t iLen );
  96. static void ReleaseMemory ( /*[in/out]*/ LPVOID& ptr );
  98. static void InitLsaString( /*[in/out]*/ LSA_UNICODE_STRING& lsaString, /*[in]*/ LPCWSTR szText );
  100. //
  101. // Utility functions.
  102. //
  103. static HRESULT SetPrivilege( /*[in]*/ LPCWSTR Privilege, /*[in]*/ BOOL bEnable = TRUE, /*[in]*/ HANDLE hToken = NULL );
  105. static HRESULT AddPrivilege ( /*[in]*/ LPCWSTR szPrincipal, /*[in]*/ LPCWSTR szPrivilege );
  106. static HRESULT RemovePrivilege( /*[in]*/ LPCWSTR szPrincipal, /*[in]*/ LPCWSTR szPrivilege );
  108. ////////////////////
  110. static HRESULT GetTokenSids ( /*[in]*/ HANDLE hToken, /*[out]*/ PSID *ppUserSid, /*[out]*/ PSID *ppGroupSid );
  111. static HRESULT GetProcessSids( /*[out]*/ PSID *ppUserSid, /*[out]*/ PSID *ppGroupSid = NULL );
  112. static HRESULT GetThreadSids ( /*[out]*/ PSID *ppUserSid, /*[out]*/ PSID *ppGroupSid = NULL, /*[in]*/ BOOL bOpenAsSelf = FALSE );
  114. ////////////////////
  116. static HRESULT VerifyPrincipal ( /*[in ]*/ LPCWSTR szPrincipal );
  117. static HRESULT ConvertPrincipalToSID( /*[in ]*/ LPCWSTR szPrincipal, /*[out]*/ PSID& pSid, /*[out]*/ LPCWSTR *pszDomain = NULL );
  118. static HRESULT ConvertSIDToPrincipal( /*[in]*/ PSID pSid, /*[out]*/ LPCWSTR *pszPrincipal , /*[out]*/ LPCWSTR *pszDomain = NULL );
  119. static HRESULT ConvertSIDToPrincipal( /*[in]*/ PSID pSid, /*[out]*/ MPC::wstring& strPrincipal );
  121. static HRESULT NormalizePrincipalToStringSID( /*[in]*/ LPCWSTR szPrincipal, /*[in]*/ LPCWSTR szDomain, /*[out]*/ MPC::wstring& strSID );
  123. ////////////////////
  125. static HRESULT GetAccountName ( /*[in]*/ LPCWSTR szPrincipal, /*[out]*/ MPC::wstring& strName );
  126. static HRESULT GetAccountDomain ( /*[in]*/ LPCWSTR szPrincipal, /*[out]*/ MPC::wstring& strDomain );
  127. static HRESULT GetAccountDisplayName( /*[in]*/ LPCWSTR szPrincipal, /*[out]*/ MPC::wstring& strDisplayName );
  129. ////////////////////
  131. static HRESULT CloneACL( /*[in/out]*/ PACL& pDest, /*[in]*/ PACL pSrc );
  133. static HRESULT RemovePrincipalFromACL( /*[in ]*/ PACL pACL, /*[in]*/ PSID pPrincipalSID, /*[in]*/ int pos = -1 );
  134. static HRESULT AddACEToACL ( /*[in/out]*/ PACL& pACL, /*[in]*/ PSID pPrincipalSID,
  135. /*[in ]*/ DWORD dwAceType ,
  136. /*[in ]*/ DWORD dwAceFlags ,
  137. /*[in ]*/ DWORD dwAccessMask ,
  138. /*[in ]*/ GUID* guidObjectType = NULL ,
  139. /*[in ]*/ GUID* guidInheritedObjectType = NULL );
  141. ////////////////////////////////////////////////////////////////////////////////
  143. private:
  144. static HRESULT CopyACL ( /*[in ]*/ PACL pDest, /*[in]*/ PACL pSrc );
  145. static HRESULT EnsureACLSize( /*[in/out]*/ PACL& pACL , /*[in]*/ DWORD dwExpand );
  147. ////////////////////////////////////////////////////////////////////////////////
  149. public:
  150. SecurityDescriptor();
  151. virtual ~SecurityDescriptor();
  154. void CleanUp ( );
  155. HRESULT Initialize ( );
  156. HRESULT InitializeFromProcessToken( /*[in]*/ BOOL bDefaulted = FALSE );
  157. HRESULT InitializeFromThreadToken ( /*[in]*/ BOOL bDefaulted = FALSE, /*[in]*/ BOOL bRevertToProcessToken = TRUE );
  160. HRESULT ConvertFromString( /*[in ]*/ LPCWSTR szSD );
  161. HRESULT ConvertToString ( /*[out]*/ BSTR *pbstrSD );
  163. ////////////////////
  165. HRESULT Attach ( /*[in]*/ PSECURITY_DESCRIPTOR pSelfRelativeSD );
  166. HRESULT AttachObject( /*[in]*/ HANDLE hObject , /*[in]*/ SECURITY_INFORMATION secInfo = s_SecInfo_MOST );
  168. ////////////////////
  170. HRESULT GetControl( /*[out]*/ SECURITY_DESCRIPTOR_CONTROL& sdc );
  171. HRESULT SetControl( /*[in ]*/ SECURITY_DESCRIPTOR_CONTROL sdc );
  173. HRESULT SetOwner( /*[in]*/ PSID pOwnerSid , /*[in]*/ BOOL bDefaulted = FALSE );
  174. HRESULT SetOwner( /*[in]*/ LPCWSTR szOwnerName, /*[in]*/ BOOL bDefaulted = FALSE );
  176. HRESULT SetGroup( /*[in]*/ PSID pGroupSid , /*[in]*/ BOOL bDefaulted = FALSE );
  177. HRESULT SetGroup( /*[in]*/ LPCWSTR szGroupName, /*[in]*/ BOOL bDefaulted = FALSE );
  179. ////////////////////
  181. HRESULT Remove( /*[in]*/ PSID pPrincipalSid, /*[in]*/ int pos = -1 );
  182. HRESULT Remove( /*[in]*/ LPCWSTR szPrincipal , /*[in]*/ int pos = -1 );
  184. HRESULT Add( /*[in]*/ PSID pPrincipalSid ,
  185. /*[in]*/ DWORD dwAceType ,
  186. /*[in]*/ DWORD dwAceFlags ,
  187. /*[in]*/ DWORD dwAccessMask ,
  188. /*[in]*/ GUID* guidObjectType = NULL ,
  189. /*[in]*/ GUID* guidInheritedObjectType = NULL );
  190. HRESULT Add( /*[in]*/ LPCWSTR szPrincipal ,
  191. /*[in]*/ DWORD dwAceType ,
  192. /*[in]*/ DWORD dwAceFlags ,
  193. /*[in]*/ DWORD dwAccessMask ,
  194. /*[in]*/ GUID* guidObjectType = NULL ,
  195. /*[in]*/ GUID* guidInheritedObjectType = NULL );
  198. PSECURITY_DESCRIPTOR& GetSD () { return m_pSD ; }
  199. PSID& GetOwner() { return m_pOwner; }
  200. PSID& GetGroup() { return m_pGroup; }
  201. PACL& GetDACL () { return m_pDACL ; }
  202. PACL& GetSACL () { return m_pSACL ; }
  204. ////////////////////////////////////////
  206. HRESULT GetForFile ( /*[in]*/ LPCWSTR szFilename, /*[in]*/ SECURITY_INFORMATION secInfo );
  207. HRESULT SetForFile ( /*[in]*/ LPCWSTR szFilename, /*[in]*/ SECURITY_INFORMATION secInfo );
  208. HRESULT GetForRegistry( /*[in]*/ LPCWSTR szKey , /*[in]*/ SECURITY_INFORMATION secInfo, /*[in]*/ HKEY hKeyRoot = NULL );
  209. HRESULT SetForRegistry( /*[in]*/ LPCWSTR szKey , /*[in]*/ SECURITY_INFORMATION secInfo, /*[in]*/ HKEY hKeyRoot = NULL );
  210. };
  212. ////////////////////////////////////////////////////////////////////////////////
  214. class Impersonation
  215. {
  216. HANDLE m_hToken;
  217. bool m_fImpersonating;
  219. void Release();
  221. public:
  222. Impersonation();
  223. Impersonation( /*[in]*/ const Impersonation& imp );
  224. virtual ~Impersonation();
  226. Impersonation& operator=( /*[in]*/ const Impersonation& imp );
  229. HRESULT Initialize( /*[in]*/ DWORD dwDesiredAccess = TOKEN_QUERY | TOKEN_IMPERSONATE );
  230. void Attach ( /*[in]*/ HANDLE hToken );
  231. HANDLE Detach ( );
  233. HRESULT Impersonate ();
  234. HRESULT RevertToSelf();
  236. operator HANDLE() { return m_hToken; }
  237. };
  239. ////////////////////////////////////////////////////////////////////////////////
  241. class AccessCheck
  242. {
  243. HANDLE m_hToken;
  245. void Release();
  247. public:
  248. AccessCheck();
  249. virtual ~AccessCheck();
  251. HRESULT GetTokenFromImpersonation( );
  252. void Attach ( /*[in]*/ HANDLE hToken );
  253. HANDLE Detach ( );
  255. HRESULT Verify( /*[in]*/ DWORD dwDesired, /*[out]*/ BOOL& fGranted, /*[out]*/ DWORD& dwGranted, /*[in]*/ PSECURITY_DESCRIPTOR sd );
  256. HRESULT Verify( /*[in]*/ DWORD dwDesired, /*[out]*/ BOOL& fGranted, /*[out]*/ DWORD& dwGranted, /*[in]*/ MPC::SecurityDescriptor& sd );
  257. HRESULT Verify( /*[in]*/ DWORD dwDesired, /*[out]*/ BOOL& fGranted, /*[out]*/ DWORD& dwGranted, /*[in]*/ LPCWSTR sd );
  258. };
  260. ////////////////////////////////////////////////////////////////////////////////
  262. HRESULT ChangeSD( /*[in]*/ MPC::SecurityDescriptor& sdd ,
  263. /*[in]*/ MPC::FileSystemObject& fso ,
  264. /*[in]*/ SECURITY_INFORMATION secInfo = GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION ,
  265. /*[in]*/ bool fDeep = true ,
  266. /*[in]*/ bool fApplyToDirs = true ,
  267. /*[in]*/ bool fApplyToFiles = true );
  269. HRESULT ChangeSD( /*[in]*/ MPC::SecurityDescriptor& sdd ,
  270. /*[in]*/ LPCWSTR szRoot ,
  271. /*[in]*/ SECURITY_INFORMATION secInfo = GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION ,
  272. /*[in]*/ bool fDeep = true ,
  273. /*[in]*/ bool fApplyToDirs = true ,
  274. /*[in]*/ bool fApplyToFiles = true );
  276. ////////////////////////////////////////////////////////////////////////////////
  278. static const DWORD IDENTITY_SYSTEM = 0x00000001;
  279. static const DWORD IDENTITY_ADMIN = 0x00000002;
  280. static const DWORD IDENTITY_ADMINS = 0x00000004;
  281. static const DWORD IDENTITY_POWERUSERS = 0x00000008;
  282. static const DWORD IDENTITY_USERS = 0x00000010;
  283. static const DWORD IDENTITY_GUESTS = 0x00000020;
  285. HRESULT GetCallerPrincipal ( /*[in]*/ bool fImpersonate, /*[out]*/ CComBSTR& bstrUser, /*[out]*/ DWORD *pdwAllowedIdentity = NULL );
  286. HRESULT CheckCallerAgainstPrincipal( /*[in]*/ bool fImpersonate, /*[out]*/ BSTR bstrUser, /*[in ]*/ DWORD dwAllowedIdentity = 0 );
  288. ////////////////////////////////////////////////////////////////////////////////
  290. HRESULT GetInterfaceSecurity( /*[in ]*/ IUnknown* pUnk ,
  291. /*[out]*/ DWORD *pAuthnSvc ,
  292. /*[out]*/ DWORD *pAuthzSvc ,
  293. /*[out]*/ OLECHAR* *pServerPrincName ,
  294. /*[out]*/ DWORD *pAuthnLevel ,
  295. /*[out]*/ DWORD *pImpLevel ,
  296. /*[out]*/ RPC_AUTH_IDENTITY_HANDLE *pAuthInfo ,
  297. /*[out]*/ DWORD *pCapabilities );
  300. HRESULT SetInterfaceSecurity( /*[in]*/ IUnknown* pUnk ,
  301. /*[in]*/ DWORD *pAuthnSvc ,
  302. /*[in]*/ DWORD *pAuthzSvc ,
  303. /*[in]*/ OLECHAR* pServerPrincName ,
  304. /*[in]*/ DWORD *pAuthnLevel ,
  305. /*[in]*/ DWORD *pImpLevel ,
  306. /*[in]*/ RPC_AUTH_IDENTITY_HANDLE *pAuthInfo ,
  307. /*[in]*/ DWORD *pCapabilities );
  309. HRESULT SetInterfaceSecurity_ImpLevel( /*[in]*/ IUnknown* pUnk ,
  310. /*[in]*/ DWORD ImpLevel );
  311. };
  313. ////////////////////////////////////////////////////////////////////////////////
  315. #endif // !defined(__INCLUDED___MPC___SECURITY_H___)