|
|
//+--------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1996 - 1999
//
// File: certacl.h
//
// Contents: Cert Server security defines
//
//---------------------------------------------------------------------------
#ifndef __CERTACL_H__
#define __CERTACL_H__
#include <sddl.h>
#include "clibres.h"
#include "certsd.h"
// externs
// externs
extern const GUID GUID_APPRV_REQ;extern const GUID GUID_REVOKE;extern const GUID GUID_ENROLL;extern const GUID GUID_AUTOENROLL;extern const GUID GUID_READ_DB;//defines
#define MAX_SID_LEN 256
// !!! The SD strings below need to be in sync with certadm.idl definitions
#define WSZ_CA_ACCESS_ADMIN L"0x00000001" // CA administrator
#define WSZ_CA_ACCESS_OFFICER L"0x00000002" // certificate officer
#define WSZ_CA_ACCESS_AUDITOR L"0x00000004" // auditor
#define WSZ_CA_ACCESS_OPERATOR L"0x00000008" // backup operator
#define WSZ_CA_ACCESS_MASKROLES L"0x000000ff"
#define WSZ_CA_ACCESS_READ L"0x00000100" // read only access to CA
#define WSZ_CA_ACCESS_ENROLL L"0x00000200" // enroll access to CA
#define WSZ_CA_ACCESS_MASKALL L"0x0000ffff"
// Important, keep enroll string GUID in sync with define in acl.cpp
#define WSZ_GUID_ENROLL L"0e10c968-78fb-11d2-90d4-00c04f79dc55"
#define WSZ_GUID_AUTOENROLL L"a05b8cc2-17bc-4802-a710-e7c15ab866a2"
// ca access rights define here
// note: need to keep string access and mask in sync!
// WSZ_ACTRL_CERTSRV_MANAGE = L"CCDCLCSWRPWPDTLOCRSDRCWDWO"
#define WSZ_ACTRL_CERTSRV_MANAGE SDDL_CREATE_CHILD \
SDDL_DELETE_CHILD \ SDDL_LIST_CHILDREN \ SDDL_SELF_WRITE \ SDDL_READ_PROPERTY \ SDDL_WRITE_PROPERTY \ SDDL_DELETE_TREE \ SDDL_LIST_OBJECT \ SDDL_CONTROL_ACCESS \ SDDL_STANDARD_DELETE \ SDDL_READ_CONTROL \ SDDL_WRITE_DAC \ SDDL_WRITE_OWNER#define ACTRL_CERTSRV_MANAGE (ACTRL_DS_READ_PROP | \
ACTRL_DS_WRITE_PROP | \ READ_CONTROL | \ DELETE | \ WRITE_DAC | \ WRITE_OWNER | \ ACTRL_DS_CONTROL_ACCESS | \ ACTRL_DS_CREATE_CHILD | \ ACTRL_DS_DELETE_CHILD | \ ACTRL_DS_LIST | \ ACTRL_DS_SELF | \ ACTRL_DS_DELETE_TREE | \ ACTRL_DS_LIST_OBJECT)
#define WSZ_ACTRL_CERTSRV_MANAGE_LESS_CONTROL_ACCESS \
SDDL_CREATE_CHILD \ SDDL_DELETE_CHILD \ SDDL_LIST_CHILDREN \ SDDL_SELF_WRITE \ SDDL_READ_PROPERTY \ SDDL_WRITE_PROPERTY \ SDDL_DELETE_TREE \ SDDL_LIST_OBJECT \ SDDL_STANDARD_DELETE \ SDDL_READ_CONTROL \ SDDL_WRITE_DAC \ SDDL_WRITE_OWNER
#define ACTRL_CERTSRV_MANAGE_LESS_CONTROL_ACCESS \
(ACTRL_DS_READ_PROP | \ ACTRL_DS_WRITE_PROP | \ READ_CONTROL | \ DELETE | \ WRITE_DAC | \ WRITE_OWNER | \ ACTRL_DS_CREATE_CHILD | \ ACTRL_DS_DELETE_CHILD | \ ACTRL_DS_LIST | \ ACTRL_DS_SELF | \ ACTRL_DS_DELETE_TREE | \ ACTRL_DS_LIST_OBJECT)
// WSZ_ACTRL_CERTSRV_READ = L"RPLCLORC"
#define WSZ_ACTRL_CERTSRV_READ SDDL_READ_PROPERTY \
SDDL_LIST_CHILDREN \ SDDL_LIST_OBJECT \ SDDL_READ_CONTROL#define ACTRL_CERTSRV_READ (READ_CONTROL | \
ACTRL_DS_READ_PROP | \ ACTRL_DS_LIST | \ ACTRL_DS_LIST_OBJECT)
// WSZ_ACTRL_CERTSRV_ENROLL = L"WPRPCR"
#define WSZ_ACTRL_CERTSRV_ENROLL SDDL_WRITE_PROPERTY \
SDDL_READ_PROPERTY \ SDDL_CONTROL_ACCESS#define ACTRL_CERTSRV_ENROLL (ACTRL_DS_READ_PROP | \
ACTRL_DS_WRITE_PROP | \ ACTRL_DS_CONTROL_ACCESS)
#define WSZ_ACTRL_CERTSRV_CAADMIN SDDL_CONTROL_ACCESS
#define WSZ_ACTRL_CERTSRV_OFFICER SDDL_CONTROL_ACCESS
#define WSZ_ACTRL_CERTSRV_CAREAD SDDL_CONTROL_ACCESS
#define ACTRL_CERTSRV_CAADMIN ACTRL_DS_CONTROL_ACCESS
#define ACTRL_CERTSRV_OFFICER ACTRL_DS_CONTROL_ACCESS
#define ACTRL_CERTSRV_CAREAD ACTRL_DS_CONTROL_ACCESS
// define all ca string security here in consistant format
// SDDL_OWNER L":" SDDL_ENTERPRISE_ADMINS \// SDDL_GROUP L":" SDDL_ENTERPRISE_ADMINS \// SDDL_DACL L":" SDDL_PROTECTED SDDL_AUTO_INHERITED \// L"(" SDDL_ACCESS_ALLOWED or SDDL_OBJECT_ACCESS_ALLOWED L";" \// SDDL_OBJECT_INHERIT SDDL_CONTAINER_INHERIT or list L";" \// list of AccessRights L";" \// StringGUID L";" \// L";" \// SDDL_EVERYONE or Sid L")"
// ...list of ace
#define CERTSRV_STD_ACE(access, sid) \
L"(" SDDL_ACCESS_ALLOWED L";" \ SDDL_OBJECT_INHERIT SDDL_CONTAINER_INHERIT L";" \ access L";;;" sid L")"
#define CERTSRV_INH_ACE(access, sid) \
L"(" SDDL_ACCESS_ALLOWED L";" \ SDDL_OBJECT_INHERIT SDDL_CONTAINER_INHERIT SDDL_INHERIT_ONLY L";" \ access L";;;" sid L")"
#define CERTSRV_OBJ_ACE(access, guid, sid) \
L"(" SDDL_OBJECT_ACCESS_ALLOWED L";" \ SDDL_OBJECT_INHERIT SDDL_CONTAINER_INHERIT L";" \ access L";" \ guid L";;" sid L")"
#define CERTSRV_OBJ_ACE_DENY(access, guid, sid) \
L"(" SDDL_OBJECT_ACCESS_DENIED L";" \ SDDL_OBJECT_INHERIT SDDL_CONTAINER_INHERIT L";" \ access L";" \ guid L";;" sid L")"
#define CERTSRV_STD_OG(owner, group) \
SDDL_OWNER L":" owner SDDL_GROUP L":" group \ SDDL_DACL L":" SDDL_AUTO_INHERITED
#define CERTSRV_DACL \
SDDL_DACL L":" SDDL_AUTO_INHERITED
#define CERTSRV_DACL_PROTECTED \
SDDL_DACL L":" SDDL_AUTO_INHERITED SDDL_PROTECTED
#define CERTSRV_SACL_ACE(account) \
L"(" SDDL_AUDIT L";" \ SDDL_AUDIT_SUCCESS SDDL_AUDIT_FAILURE L";" \ WSZ_CA_ACCESS_MASKALL L";;;" \ account L")"
#define CERTSRV_SACL_ON \
SDDL_SACL L": " \ CERTSRV_SACL_ACE(SDDL_EVERYONE) \ CERTSRV_SACL_ACE(SDDL_ANONYMOUS)
#define CERTSRV_SACL_OFF \
SDDL_SACL L":"
#define WSZ_CERTSRV_SID_ANONYMOUS_LOGON L"S-1-5-7"
#define WSZ_CERTSRV_SID_EVERYONE L"S-1-1-0"
// Default Standalone security
// Standalone
// Owner, local administrators
// Group, local administrators
// DACL:
// enroll - everyone
// caadmin - builtin\administrators
// officer - builtin\administrators
#define WSZ_DEFAULT_CA_STD_SECURITY \
CERTSRV_STD_OG(SDDL_BUILTIN_ADMINISTRATORS, SDDL_BUILTIN_ADMINISTRATORS) \ CERTSRV_STD_ACE(WSZ_CA_ACCESS_ADMIN, SDDL_BUILTIN_ADMINISTRATORS) \ CERTSRV_STD_ACE(WSZ_CA_ACCESS_OFFICER, SDDL_BUILTIN_ADMINISTRATORS) \ CERTSRV_STD_ACE(WSZ_CA_ACCESS_ENROLL, SDDL_EVERYONE) \ CERTSRV_SACL_ON
// Default Enterprise Security
// Owner, Enterprise Administrators
// Group, Enterprise Administrators
// DACL:
// enroll - authenticated users
// caadmin - builtin\administrators
// - domain admins
// - enterprise admins
// officer - builtin\administrators
// - domain admins
// - enterprise admins
#define WSZ_DEFAULT_CA_ENT_SECURITY \
CERTSRV_STD_OG(SDDL_BUILTIN_ADMINISTRATORS, SDDL_BUILTIN_ADMINISTRATORS) \ CERTSRV_STD_ACE(WSZ_CA_ACCESS_ADMIN, SDDL_BUILTIN_ADMINISTRATORS) \ CERTSRV_STD_ACE(WSZ_CA_ACCESS_OFFICER, SDDL_BUILTIN_ADMINISTRATORS) \ CERTSRV_STD_ACE(WSZ_CA_ACCESS_ADMIN, SDDL_DOMAIN_ADMINISTRATORS) \ CERTSRV_STD_ACE(WSZ_CA_ACCESS_OFFICER, SDDL_DOMAIN_ADMINISTRATORS) \ CERTSRV_STD_ACE(WSZ_CA_ACCESS_ADMIN, SDDL_ENTERPRISE_ADMINS) \ CERTSRV_STD_ACE(WSZ_CA_ACCESS_OFFICER, SDDL_ENTERPRISE_ADMINS) \ CERTSRV_STD_ACE(WSZ_CA_ACCESS_ENROLL, SDDL_AUTHENTICATED_USERS) \ CERTSRV_SACL_ON
// Empty CA SD
#define WSZ_EMPTY_CA_SECURITY \
CERTSRV_STD_OG(SDDL_BUILTIN_ADMINISTRATORS, SDDL_BUILTIN_ADMINISTRATORS) \ CERTSRV_SACL_ON
// DS Container
// (CDP/CA container)
// Owner: Enterprise Admins (overidden by installer)
// Group: Enterprise Admins (overidden by installer)
// DACL:
// Enterprise Admins - Full Control
// Domain Admins - Full Control
// Cert Publishers - Full Control
// Builtin Admins - Full Control
// Everyone - Read
#define WSZ_DEFAULT_CA_DS_SECURITY \
CERTSRV_DACL \ CERTSRV_STD_ACE(WSZ_ACTRL_CERTSRV_MANAGE, SDDL_ENTERPRISE_ADMINS) \ CERTSRV_STD_ACE(WSZ_ACTRL_CERTSRV_MANAGE, SDDL_DOMAIN_ADMINISTRATORS) \ CERTSRV_STD_ACE(WSZ_ACTRL_CERTSRV_MANAGE, SDDL_CERT_SERV_ADMINISTRATORS) \ CERTSRV_STD_ACE(WSZ_ACTRL_CERTSRV_MANAGE, SDDL_BUILTIN_ADMINISTRATORS) \ CERTSRV_STD_ACE(WSZ_ACTRL_CERTSRV_READ, SDDL_EVERYONE)
// NTAuthCertificates
//
// Owner: Enterprise Admins (overidden by installer)
// Group: Enterprise Admins (overidden by installer)
// DACL:
// Enterprise Admins - Full Control
// Domain Admins - Full Control
// Builtin Admins - Full Control
// Everyone - Read
#define WSZ_DEFAULT_NTAUTH_SECURITY \
CERTSRV_DACL \ CERTSRV_STD_ACE(WSZ_ACTRL_CERTSRV_MANAGE, SDDL_ENTERPRISE_ADMINS) \ CERTSRV_STD_ACE(WSZ_ACTRL_CERTSRV_MANAGE, SDDL_DOMAIN_ADMINISTRATORS) \ CERTSRV_STD_ACE(WSZ_ACTRL_CERTSRV_MANAGE, SDDL_BUILTIN_ADMINISTRATORS) \ CERTSRV_STD_ACE(WSZ_ACTRL_CERTSRV_READ, SDDL_EVERYONE)
// CDP/CA
// Owner: Enterprise Admins (overidden by installer)
// Group: Enterprise Admins (overidden by installer)
// DACL:
// Enterprise Admins - Full Control
// Domain Admins - Full Control
// Cert Publishers - Full Control
// Builtin Admins- Full Control
// Authenticated Users - Read
#define WSZ_DEFAULT_CDP_DS_SECURITY \
CERTSRV_DACL \ CERTSRV_STD_ACE(WSZ_ACTRL_CERTSRV_MANAGE, SDDL_ENTERPRISE_ADMINS) \ CERTSRV_STD_ACE(WSZ_ACTRL_CERTSRV_MANAGE, SDDL_DOMAIN_ADMINISTRATORS) \ CERTSRV_STD_ACE(WSZ_ACTRL_CERTSRV_MANAGE, L"%ws") \ CERTSRV_STD_ACE(WSZ_ACTRL_CERTSRV_MANAGE, SDDL_BUILTIN_ADMINISTRATORS) \ CERTSRV_STD_ACE(WSZ_ACTRL_CERTSRV_READ, SDDL_EVERYONE)
// Shared Folder related security
// Owner: Local Admin
// DACL:
// Local Admin - Full Control
// LocalSystem - Full Control
// Enterprise Admins - Full Control
// Everyone - Read
#define WSZ_DEFAULT_SF_SECURITY \
CERTSRV_DACL \ CERTSRV_STD_ACE(SDDL_GENERIC_ALL, SDDL_BUILTIN_ADMINISTRATORS) \ CERTSRV_STD_ACE(SDDL_GENERIC_ALL, SDDL_LOCAL_SYSTEM)
#define WSZ_DEFAULT_SF_USEDS_SECURITY \
CERTSRV_DACL \ CERTSRV_STD_ACE(SDDL_GENERIC_ALL, SDDL_BUILTIN_ADMINISTRATORS) \ CERTSRV_STD_ACE(SDDL_GENERIC_ALL, SDDL_LOCAL_SYSTEM) \ CERTSRV_STD_ACE(SDDL_GENERIC_ALL, SDDL_ENTERPRISE_ADMINS)
#define WSZ_DEFAULT_SF_EVERYONEREAD_SECURITY \
WSZ_DEFAULT_SF_SECURITY \ CERTSRV_STD_ACE(SDDL_GENERIC_READ, SDDL_EVERYONE)
#define WSZ_DEFAULT_SF_USEDS_EVERYONEREAD_SECURITY \
WSZ_DEFAULT_SF_USEDS_SECURITY \ CERTSRV_STD_ACE(SDDL_GENERIC_READ, SDDL_EVERYONE)
#define WSZ_DEFAULT_DB_DIR_SECURITY \
CERTSRV_DACL_PROTECTED \ CERTSRV_STD_ACE(SDDL_GENERIC_ALL, SDDL_BUILTIN_ADMINISTRATORS) \ CERTSRV_STD_ACE(SDDL_GENERIC_ALL, SDDL_LOCAL_SYSTEM) \ CERTSRV_STD_ACE(SDDL_GENERIC_ALL, SDDL_CREATOR_OWNER) \ CERTSRV_STD_ACE(SDDL_GENERIC_ALL, SDDL_BACKUP_OPERATORS)
#define WSZ_DEFAULT_LOG_DIR_SECURITY WSZ_DEFAULT_DB_DIR_SECURITY
// Enroll share security
// Owner: Administrators
// Group: Administrators
// DACL:
// Everyone: read access
// local admin: full access
#define WSZ_ACTRL_CERTSRV_SHARE_READ SDDL_FILE_READ \
SDDL_READ_CONTROL \ SDDL_GENERIC_READ \ SDDL_GENERIC_EXECUTE#define WSZ_ACTRL_CERTSRV_SHARE_ALL SDDL_FILE_ALL \
SDDL_CREATE_CHILD \ SDDL_STANDARD_DELETE \ SDDL_READ_CONTROL \ SDDL_WRITE_DAC \ SDDL_WRITE_OWNER \ SDDL_GENERIC_ALL#define WSZ_DEFAULT_SHARE_SECURITY \
CERTSRV_DACL \ CERTSRV_STD_ACE(WSZ_ACTRL_CERTSRV_SHARE_READ, SDDL_EVERYONE) \ CERTSRV_STD_ACE(WSZ_ACTRL_CERTSRV_SHARE_ALL, SDDL_BUILTIN_ADMINISTRATORS)
// Service string below need to be in sync with the following
// definitions from winsvc.h
//#define SERVICE_QUERY_CONFIG 0x0001
//#define SERVICE_CHANGE_CONFIG 0x0002
//#define SERVICE_QUERY_STATUS 0x0004
//#define SERVICE_ENUMERATE_DEPENDENTS 0x0008
//#define SERVICE_START 0x0010
//#define SERVICE_STOP 0x0020
//#define SERVICE_PAUSE_CONTINUE 0x0040
//#define SERVICE_INTERROGATE 0x0080
//#define SERVICE_USER_DEFINED_CONTROL 0x0100
// full access to service
// STANDARD_RIGHTS_REQUIRED
// SERVICE_QUERY_CONFIG
// SERVICE_CHANGE_CONFIG
// SERVICE_QUERY_STATUS
// SERVICE_ENUMERATE_DEPENDENTS
// SERVICE_START
// SERVICE_STOP
// SERVICE_PAUSE_CONTINUE
// SERVICE_INTERROGATE
// SERVICE_USER_DEFINED_CONTROL
#define WSZ_SERVICE_ALL_ACCESS L"0x000f01ff"
// Read-only access to service
// SERVICE_QUERY_CONFIG,
// SERVICE_QUERY_STATUS,
// SERVICE_ENUMERATE_DEPENDENTS,
// SERVICE_INTERROGATE
// SERVICE_USER_DEFINED_CONTROL
#define WSZ_SERVICE_READ L"0x0000018d"
#define WSZ_SERVICE_START_STOP L"0x00000030"
// Power user and system access
// SERVICE_QUERY_CONFIG
// SERVICE_QUERY_STATUS
// SERVICE_ENUMERATE_DEPENDENTS
// SERVICE_START
// SERVICE_STOP
// SERVICE_PAUSE_CONTINUE
// SERVICE_INTERROGATE
// SERVICE_USER_DEFINED_CONTROL
#define WSZ_SERVICE_POWER_USER L"0x000001fd"
#define CERTSRV_SERVICE_SACL_ON \
CERTSRV_DACL \ SDDL_SACL L": (" SDDL_AUDIT L";" \ SDDL_AUDIT_SUCCESS SDDL_AUDIT_FAILURE L";" \ WSZ_SERVICE_START_STOP L";;;" \ SDDL_EVERYONE L")"
#define CERTSRV_SERVICE_SACL_OFF \
SDDL_SACL L":"
// Certsrv service default security
#define WSZ_DEFAULT_SERVICE_SECURITY \
CERTSRV_DACL \ CERTSRV_STD_ACE(WSZ_SERVICE_READ, SDDL_AUTHENTICATED_USERS) \ CERTSRV_STD_ACE(WSZ_SERVICE_POWER_USER, SDDL_POWER_USERS) \ CERTSRV_STD_ACE(WSZ_SERVICE_POWER_USER, SDDL_LOCAL_SYSTEM) \ CERTSRV_STD_ACE(WSZ_SERVICE_ALL_ACCESS, SDDL_BUILTIN_ADMINISTRATORS) \ CERTSRV_STD_ACE(WSZ_SERVICE_ALL_ACCESS, SDDL_SERVER_OPERATORS)
// DS pKIEnrollmentService default security
#define WSZ_DEFAULT_DSENROLLMENT_SECURITY \
CERTSRV_DACL \ CERTSRV_STD_ACE(WSZ_ACTRL_CERTSRV_MANAGE_LESS_CONTROL_ACCESS, SDDL_ENTERPRISE_ADMINS) \ CERTSRV_STD_ACE(WSZ_ACTRL_CERTSRV_MANAGE_LESS_CONTROL_ACCESS, L"%ws") \ CERTSRV_STD_ACE(WSZ_ACTRL_CERTSRV_READ, SDDL_AUTHENTICATED_USERS)
// Key Conatiner security
// Owner: local admin
// Group: local admin
// DACL:
// Local Admin - Full Control
// LocalSystem - Full Control
#define WSZ_DEFAULT_KEYCONTAINER_SECURITY \
CERTSRV_DACL \ CERTSRV_STD_ACE(SDDL_GENERIC_ALL, SDDL_BUILTIN_ADMINISTRATORS) \ CERTSRV_STD_ACE(SDDL_GENERIC_ALL, SDDL_LOCAL_SYSTEM)
// upgrade security
// DACL:
// Local Admin - Full Control
// Everyone - read
#define WSZ_DEFAULT_UPGRADE_SECURITY \
CERTSRV_STD_ACE(SDDL_FILE_READ, SDDL_EVERYONE) \ CERTSRV_STD_ACE(SDDL_FILE_ALL, SDDL_BUILTIN_ADMINISTRATORS)
// following defines certsrv security editing access
#define GUID_CERTSRV GUID_NULL
#define ACTRL_CERTSRV_OBJ ACTRL_DS_CONTROL_ACCESS
#define CS_GEN_SIAE(access, ids) \
{&GUID_CERTSRV, (access), MAKEINTRESOURCE((ids)), \ SI_ACCESS_GENERAL}#define CS_SPE_SIAE(access, ids) \
{&GUID_CERTSRV, (access), MAKEINTRESOURCE((ids)), \ SI_ACCESS_SPECIFIC}#define OBJ_GEN_SIAE(guid, access, ids) \
{&(guid), (access), MAKEINTRESOURCE((ids)), \ SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC}#define OBJ_SPE_SIAE(guid, ids) \
{&(guid), ACTRL_CERTSRV_OBJ, MAKEINTRESOURCE((ids)), \ SI_ACCESS_SPECIFIC}#define OBJ_SPE_SIAE_OICI(guid, ids) \
{&(guid), ACTRL_CERTSRV_OBJ, MAKEINTRESOURCE((ids)), \ SI_ACCESS_SPECIFIC | OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE }
#define CERTSRV_SI_ACCESS_LIST \
CS_GEN_SIAE(CA_ACCESS_READ, IDS_ACTRL_CAREAD), \ CS_GEN_SIAE(CA_ACCESS_OFFICER, IDS_ACTRL_OFFICER), \ CS_GEN_SIAE(CA_ACCESS_ADMIN, IDS_ACTRL_CAADMIN), \ CS_GEN_SIAE(CA_ACCESS_ENROLL, IDS_ACTRL_ENROLL), \// disabled for beta1 CS_GEN_SIAE(CA_ACCESS_AUDITOR, IDS_ACTRL_AUDITOR),
// disabled for beta1 CS_GEN_SIAE(CA_ACCESS_OPERATOR, IDS_ACTRL_OPERATOR),
HRESULTmyGetSDFromTemplate( IN WCHAR const *pwszStringSD, IN OPTIONAL WCHAR const *pwszReplace, OUT PSECURITY_DESCRIPTOR *ppSD);
HRESULTCertSrvMapAndSetSecurity( OPTIONAL IN WCHAR const *pwszSanitizedName, IN WCHAR const *pwszKeyContainerName, IN BOOL fSetDsSecurity, IN SECURITY_INFORMATION si, IN PSECURITY_DESCRIPTOR pSD);
HRESULTmySetKeyContainerSecurity( IN HCRYPTPROV hProv);
HRESULT myMergeSD( IN PSECURITY_DESCRIPTOR pSDOld, IN PSECURITY_DESCRIPTOR pSDMerge, IN SECURITY_INFORMATION si, OUT PSECURITY_DESCRIPTOR *ppSDNew);
HRESULTUpdateServiceSacl(bool fTurnOnAuditing);
HRESULT SetFolderDacl(LPCWSTR pcwszFolderPath, LPCWSTR pcwszSDDL);
#endif // __CERTLIB_H__
|
