archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/ds/security/tools/dsacls/dsace.h

238 lines
6.9 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. #ifndef _DSACLS_DSACE_H
  2. #define _DSACLS_DSACE_H
  4. #include <iostream>
  5. #include <algorithm>
  6. #include <functional>
  7. #include <list>
  8. using namespace std;
  10. typedef enum _DSACLS_OBJECT_TYPE_TYPE
  11. {
  12. DSACLS_SELF = 0,
  13. DSACLS_CHILD_OBJECTS,
  14. DSACLS_PROPERTY,
  15. DSACLS_EXTENDED_RIGHTS,
  16. DSACLS_VALIDATED_RIGHTS,
  17. DSACLS_UNDEFINED
  19. } DSACLS_OBJECT_TYPE_TYPE;
  21. class CAce
  22. {
  24. typedef enum _DSACLS_ACE_TYPE
  25. {
  26. ALLOW = 0,
  27. DENY,
  28. AUDIT_SUCCESS,
  29. AUDIT_FAILURE,
  30. AUDIT_ALL
  31. }DSACLS_ACE_TYPE;
  34. private:
  35. //Members Present in Ace
  36. BYTE m_AceFlags;
  37. ACCESS_MASK m_Mask;
  38. GUID m_GuidObjectType;
  39. GUID m_GuidInheritedObjectType;
  40. PSID m_pSid;
  42. //Data given by users to build an Ace
  43. ACCESS_MODE m_AccessMode;
  44. LPWSTR m_szTrusteeName;
  45. LPWSTR m_szObjectType; //LDAP display name of CHILD_OBJECT,
  46. LPWSTR m_szInheritedObjectType;
  48. //Misc Info
  49. ULONG m_Flags; // ACE_OBJECT_TYPE_PRESENT, etc.
  50. DSACLS_OBJECT_TYPE_TYPE m_ObjectTypeType;
  51. DSACLS_ACE_TYPE m_AceType;
  52. BOOL m_bErased; //This flag is used to mark the ace as deleted.
  53. //These two are used for format of display
  54. UINT m_nAllowDeny;
  55. UINT m_nAudit;
  57. protected:
  58. //Is ACE Allow or DENY
  59. DSACLS_ACE_TYPE GetAceType( PACE_HEADER pAceHeader )
  60. {
  61. if( pAceHeader->AceType == SYSTEM_AUDIT_ACE_TYPE )
  62. {
  63. if( pAceHeader->AceFlags & SUCCESSFUL_ACCESS_ACE_FLAG
  64. && pAceHeader->AceFlags & FAILED_ACCESS_ACE_FLAG )
  65. return AUDIT_ALL;
  66. else if( pAceHeader->AceFlags & SUCCESSFUL_ACCESS_ACE_FLAG )
  67. return AUDIT_SUCCESS;
  68. else if( pAceHeader->AceFlags & FAILED_ACCESS_ACE_FLAG )
  69. return AUDIT_FAILURE;
  70. else
  71. ASSERT(FALSE);
  72. }
  73. if( pAceHeader->AceType == ACCESS_ALLOWED_ACE_TYPE ||
  74. pAceHeader->AceType == ACCESS_ALLOWED_OBJECT_ACE_TYPE )
  75. return ALLOW;
  76. else
  77. return DENY;
  78. }
  79. public:
  80. BYTE GetAceFlags(){ return m_AceFlags; }
  81. ACCESS_MASK GetAccessMask(){ return m_Mask; }
  82. GUID* GetGuidObjectType();
  83. VOID SetGuidObjectType( GUID * guid ){ m_GuidObjectType = *guid; }
  84. GUID* GetGuidInheritType();
  85. VOID SetGuidInheritType( GUID *guid ){ m_GuidInheritedObjectType = *guid; }
  86. PSID GetSID(){ return m_pSid; }
  88. ACCESS_MODE GetAccessMode() { return m_AccessMode; }
  89. LPWSTR GetObjectType(){ return m_szObjectType; };
  90. VOID SetObjectType( LPWSTR pszName ) { CopyUnicodeString( &m_szObjectType, pszName ); }
  91. LPWSTR GetInheritedObjectType(){ return m_szInheritedObjectType; }
  92. VOID SetInheritedObjectType( LPWSTR pszName ) { CopyUnicodeString( &m_szInheritedObjectType, pszName ); }
  94. BOOL IsObjectTypePresent(){ return m_Flags & ACE_OBJECT_TYPE_PRESENT; }
  95. BOOL IsInheritedTypePresent(){ return m_Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT; }
  96. VOID SetObjectTypeType( DSACLS_OBJECT_TYPE_TYPE ot ){ m_ObjectTypeType = ot; }
  97. DSACLS_OBJECT_TYPE_TYPE GetObjectTypeType() { return m_ObjectTypeType; }
  99. UINT GetTrusteeLength()
  100. {
  101. if( m_szTrusteeName )
  102. return wcslen( m_szTrusteeName );
  103. else
  104. return 0;
  105. }
  108. VOID SetErased( BOOL bErase ){ m_bErased = bErase; }
  109. BOOL IsErased( ){ return m_bErased; }
  110. //Is ACE Effective on the object
  111. BOOL CAce::IsEffective(){ return !FlagOn( m_AceFlags, INHERIT_ONLY_ACE ); }
  112. //Is ACE Inherited to all child Objects
  113. BOOL CAce::IsInheritedToAll()
  114. {
  115. return ( FlagOn( m_AceFlags, CONTAINER_INHERIT_ACE ) &&
  116. !FlagOn( m_Flags, ACE_INHERITED_OBJECT_TYPE_PRESENT ) );
  117. }
  118. //Is Ace Inherited to Specific child object
  119. BOOL CAce::IsInheritedToSpecific()
  120. {
  121. return ( FlagOn( m_AceFlags, INHERIT_ONLY_ACE ) &&
  122. FlagOn( m_Flags, ACE_INHERITED_OBJECT_TYPE_PRESENT ) );
  123. }
  124. //Is Ace inherited from parent
  125. BOOL CAce::IsInheritedFromParent(){ return FlagOn( m_AceFlags, INHERITED_ACE );}
  127. VOID Display( UINT nMaxTrusteeLength );
  129. //Constructor
  130. CAce();
  131. ~CAce();
  132. DWORD Initialize( PACE_HEADER ace,
  133. UINT nAllowDeny,
  134. UINT nAudit
  135. );
  136. DWORD Initialize( LPWSTR pszTrustee,
  137. LPWSTR pszObjectId,
  138. LPWSTR pszInheritId,
  139. ACCESS_MODE AccessMode,
  140. ACCESS_MASK Access,
  141. BYTE Inheritance
  142. );
  144. };
  146. class CACE_SORT:public greater<CAce*>
  147. {
  148. bool operator()( CAce * a, CAce * b )
  149. {
  150. if( wcscmp( a->GetInheritedObjectType(),
  151. b->GetInheritedObjectType() ) > 0 )
  152. return true;
  153. else
  154. return false;
  156. }
  157. };
  159. class CAcl
  160. {
  161. public:
  162. VOID AddAce( CAce * pAce );
  163. VOID MergeAcl( CAcl * pAcl );
  164. DWORD BuildAcl( PACL * pAcl );
  166. VOID Display();
  167. DWORD Initialize( BOOL bProtected, PACL pAcl, UINT nAllowDeny, UINT nAudit);
  168. BOOL VerifyAllNames();
  169. VOID GetInfoFromCache();
  171. UINT m_nMaxTrusteeLength; //This length is maintained for formating the display
  172. ~CAcl();
  173. private:
  174. list<CAce*> listAces; //List represnting an ACL
  176. //These three used only for display purposes
  177. list<CAce *> listEffective; //List of Aces Effective directly on the object;
  178. list<CAce *> listInheritedAll; //List of Aces Inherited to all sub objects;
  179. list<CAce *> listInheritedSpecific; //List of Aces Inherited to <Inherited Object Class>
  181. BOOL bAclProtected; //Is Acl protected
  182. };
  185. /*
  186. CCache mainitains a cache of GUIDs And Display Name
  187. */
  188. typedef enum _DSACLS_SERACH_IN
  189. {
  190. BOTH = 0,
  191. SCHEMA,
  192. CONFIGURATION
  193. } DSACLS_SEARCH_IN;
  195. typedef enum _DSACLS_RESOLVE
  196. {
  197. RESOLVE_NAME = 0,
  198. RESOLVE_GUID
  199. }DSACLS_RESOLVE;
  201. typedef struct _DSACL_CACHE_ITEM
  202. {
  203. GUID Guid;
  204. LPWSTR pszName;
  205. DSACLS_OBJECT_TYPE_TYPE ObjectTypeType;
  206. DSACLS_SEARCH_IN searchIn;
  207. DSACLS_RESOLVE resolve;
  208. BOOL bResolved;
  209. }DSACL_CACHE_ITEM, * PDSACL_CACHE_ITEM;
  211. class CCache
  212. {
  213. public:
  214. DWORD AddItem( IN GUID *pGuid,
  215. IN DSACLS_SEARCH_IN s = BOTH );
  217. DWORD AddItem( IN LPWSTR pszName,
  218. IN DSACLS_SEARCH_IN s = BOTH );
  220. DWORD BuildCache();
  222. PDSACL_CACHE_ITEM LookUp( LPWSTR pszName );
  223. PDSACL_CACHE_ITEM LookUp( GUID* pGuid );
  224. ~CCache();
  227. private:
  228. list<PDSACL_CACHE_ITEM> m_listItem;
  229. list<PDSACL_CACHE_ITEM> m_listCache;
  231. //Methods
  232. DWORD SearchSchema();
  233. DWORD SearchConfiguration();
  234. };
  236. DSACLS_OBJECT_TYPE_TYPE GetObjectTypeType( INT validAccesses );
  237. DSACLS_OBJECT_TYPE_TYPE GetObjectTypeType( LPWSTR szObjectCategory );
  239. #endif