archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/admin/wmi/wbem/providers/win32provider/common/securitydescriptor.h

188 lines
6.7 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*****************************************************************************/
  3. /* Copyright (c) 1999-2001 Microsoft Corporation, All Rights Reserved /
  4. /*****************************************************************************/
  6. /*
  7. * CSecurityDescriptor.h - header file for CSecurityDescriptor class.
  8. *
  9. * Created: 12-14-1997 by Sanjeev Surati
  10. * (based on classes from Windows NT Security by Nik Okuntseff)
  11. */
  13. #if !defined __CSECURITYDESCRIPTOR_H__
  14. #define __CSECURITYDESCRIPTOR_H__
  18. #define ALL_ACCESS_WITHOUT_GENERIC 0x01FFFFFF // all possible access rights
  19. // without generic
  21. ////////////////////////////////////////////////////////////////
  22. //
  23. // Class: CSecurityDescriptor
  24. //
  25. // This class is intended to provide a wrapper for Windows NT
  26. // Security Dscriptors. The idea here is that a client class
  27. // would inherit from this class, obtain a security descriptor
  28. // from an as yet to be determined object, and pass said
  29. // descriptor into this class via InitSecurity(), at which
  30. // point we will take apart the descriptor and store the
  31. // data internally. A user may then change security as needed
  32. // then call the ApplySecurity() function which will call
  33. // a couple of virtual functions, WriteAcls() and WriteOwner()
  34. // that must be implemented by a derived class, supplying
  35. // said class with an appropriately filled out Win32 Security
  36. // Descriptor. Derived classes should also provide an
  37. // implementation for AllAccessMask() in order to provide
  38. // a mask specific to the object they are securing, that
  39. // indicates Full Control access.
  40. //
  41. ////////////////////////////////////////////////////////////////
  43. /*
  44. * Class CSecurityDescriptor is a helper class. It groups user CSid together with its access mask.
  45. */
  47. class CSecurityDescriptor
  48. {
  49. // Constructors and destructor
  50. public:
  52. CSecurityDescriptor();
  53. CSecurityDescriptor( PSECURITY_DESCRIPTOR psd );
  54. CSecurityDescriptor
  55. (
  56. CSid* a_psidOwner,
  57. bool a_fOwnerDefaulted,
  58. CSid* a_psidGroup,
  59. bool a_fGroupDefaulted,
  60. CDACL* a_pDacl,
  61. bool a_fDaclDefaulted,
  62. bool a_fDaclAutoInherited,
  63. CSACL* a_pSacl,
  64. bool a_fSaclDefaulted,
  65. bool a_fSaclAutoInherited
  66. );
  68. virtual ~CSecurityDescriptor();
  70. // public entry to specify which attributes to set.
  71. DWORD ApplySecurity( SECURITY_INFORMATION securityinfo );
  73. // Allows setting various entries
  74. DWORD SetOwner( CSid& sid );
  75. DWORD SetGroup( CSid& sid );
  76. DWORD SetControl ( PSECURITY_DESCRIPTOR_CONTROL pControl );
  78. bool AddDACLEntry( CSid& sid, DACL_Types DaclType, DWORD dwAccessMask, BYTE bACEFlags, GUID *pguidObjGuid, GUID *pguidInhObjGuid);
  79. bool AddSACLEntry( CSid& sid, SACL_Types SaclType, DWORD dwAccessMask, BYTE bACEFlags, GUID *pguidObjGuid, GUID *pguidInhObjGuid);
  81. bool RemoveDACLEntry( CSid& sid, DACL_Types DaclType, DWORD dwAccessMask, BYTE bACEFlags, GUID *pguidObjGuid, GUID *pguidInhObjGuid );
  82. bool RemoveDACLEntry( CSid& sid, DACL_Types DaclType, BYTE bACEFlags, GUID *pguidObjGuid, GUID *pguidInhObjGuid );
  83. bool RemoveDACLEntry( CSid& sid, DACL_Types DaclType, DWORD dwIndex = 0 );
  84. bool RemoveSACLEntry( CSid& sid, SACL_Types SaclType, DWORD dwAccessMask, BYTE bACEFlags, GUID *pguidObjGuid, GUID *pguidInhObjGuid );
  85. bool RemoveSACLEntry( CSid& sid, SACL_Types SaclType, BYTE bACEFlags, GUID *pguidObjGuid, GUID *pguidInhObjGuid );
  86. bool RemoveSACLEntry( CSid& sid, SACL_Types SaclType, DWORD dwIndex = 0 );
  89. // ACE Location methods
  90. bool FindACE( const CSid& sid, BYTE bACEType, DWORD dwAccessMask, BYTE bACEFlags, GUID *pguidObjGuid, GUID *pguidInhObjGuid, CAccessEntry& ace );
  91. bool FindACE( PSID psid, BYTE bACEType, BYTE bACEFlags, GUID *pguidObjGuid, GUID *pguidInhObjGuid, DWORD dwAccessMask, CAccessEntry& ace );
  93. // Empty the ACLs (creates Empty if NULL).
  94. void EmptyDACL();
  95. void EmptySACL();
  97. // Clear (NULL) the ACLs (for DACL, this means a NULL or empty Denied Access,
  98. // DACL and a single entry of "Everyone", "Full Control" for Allowed Access DACL.
  100. bool MakeDACLNull();
  101. bool MakeSACLNull();
  103. // Checks our DACL objects for a NULL DACL condition
  104. bool IsNULLDACL();
  106. // Get owner and ACLs
  107. void GetOwner( CSid& sid );
  108. void GetGroup( CSid& sid );
  109. bool GetDACL( CDACL& DACL );
  110. bool GetSACL( CSACL& SACL );
  111. void GetControl ( PSECURITY_DESCRIPTOR_CONTROL pControl );
  113. // Derived classes should override, and this is called with the appropriate values set
  114. // Derived classes MUST NOT mess with the values in pAbsoluteSD!
  115. virtual DWORD WriteOwner( PSECURITY_DESCRIPTOR pAbsoluteSD ) { return E_FAIL; }
  116. virtual DWORD WriteAcls( PSECURITY_DESCRIPTOR pAbsoluteSD , SECURITY_INFORMATION securityinfo ) { return E_FAIL; }
  118. void DumpDescriptor(LPCWSTR wstrFilename = NULL);
  119. DWORD GetSelfRelativeSD(
  120. SECURITY_INFORMATION securityinfo,
  121. PSECURITY_DESCRIPTOR psd);
  123. protected:
  125. BOOL InitSecurity( PSECURITY_DESCRIPTOR psd );
  127. private:
  128. CSid* m_pOwnerSid;
  129. CSid* m_pGroupSid;
  130. bool m_fOwnerDefaulted;
  131. bool m_fGroupDefaulted;
  132. bool m_fDACLDefaulted;
  133. bool m_fSACLDefaulted;
  134. bool m_fDaclAutoInherited;
  135. bool m_fSaclAutoInherited;
  137. // As of NT5, it is no longer sufficient to just maintain two lists for the dacls, since
  138. // we now have five, not two, types of ACEs that can go into a DACL. Double that since we
  139. // have inherited and non-inherited...
  140. //CDACL* m_pAccessAllowedDACL;
  141. //CDACL* m_pAccessDeniedDACL;
  142. CDACL* m_pDACL;
  143. CSACL* m_pSACL;
  144. SECURITY_DESCRIPTOR_CONTROL m_SecurityDescriptorControl;
  146. void Clear( void );
  147. DWORD SecureObject( PSECURITY_DESCRIPTOR pAbsoluteSD, SECURITY_INFORMATION securityinfo );
  148. BOOL InitDACL( PSECURITY_DESCRIPTOR psd );
  149. BOOL InitSACL( PSECURITY_DESCRIPTOR psd );
  150. bool InitDACL( CDACL* a_pDACL );
  151. bool InitSACL( CSACL* a_pSACL );
  153. };
  155. inline void CSecurityDescriptor::GetOwner( CSid& sid )
  156. {
  157. if ( NULL != m_pOwnerSid )
  158. {
  159. sid = *m_pOwnerSid;
  160. }
  161. }
  163. inline void CSecurityDescriptor::GetGroup( CSid& sid )
  164. {
  165. if (NULL != m_pGroupSid )
  166. {
  167. sid = *m_pGroupSid;
  168. }
  169. }
  171. inline void CSecurityDescriptor::GetControl ( PSECURITY_DESCRIPTOR_CONTROL pControl )
  172. {
  173. //pControl = &m_SecurityDescriptorControl;
  175. //changed to copy the Sec. Desc. Control properly
  176. if(pControl)
  177. {
  178. *pControl = m_SecurityDescriptorControl;
  179. }
  181. }
  183. inline DWORD CSecurityDescriptor::SetControl (PSECURITY_DESCRIPTOR_CONTROL pControl )
  184. {
  185. m_SecurityDescriptorControl = *pControl;
  186. return (ERROR_SUCCESS);
  187. }
  189. #endif // __CSecurityDescriptor_H__