Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

117 lines
3.3 KiB

  1. /*++
  2. Copyright (C) Microsoft Corporation, 1996 - 1999
  3. Module Name:
  4. NTacls
  5. Abstract:
  6. This header file describes the classes used in managing ACLs within Calais.
  7. Author:
  8. Doug Barlow (dbarlow) 1/24/1997
  9. Environment:
  10. Windows NT, Win32, C++ w/ Exceptions
  11. Notes:
  12. ?Notes?
  13. --*/
  14. #ifndef _NTACLS_H_
  15. #define _NTACLS_H_
  16. #ifdef __cplusplus
  17. #include <wtypes.h>
  18. #include <Malloc.h>
  19. /////////////////////////////////////////////////////////////////////////////
  20. // CSecurityDescriptor
  21. class CSecurityDescriptor
  22. {
  23. public:
  24. typedef struct {
  25. SID_IDENTIFIER_AUTHORITY sid;
  26. DWORD dwRidCount; // Actual number of RIDs following
  27. DWORD rgRids[2];
  28. } SecurityId;
  29. static const SecurityId
  30. SID_Null,
  31. SID_World,
  32. SID_Local,
  33. SID_Owner,
  34. SID_Group,
  35. SID_Admins,
  36. SID_DialUp,
  37. SID_Network,
  38. SID_Batch,
  39. SID_Interactive,
  40. SID_Service,
  41. SID_System,
  42. SID_SysDomain;
  43. CSecurityDescriptor();
  44. ~CSecurityDescriptor();
  45. public:
  46. PSECURITY_DESCRIPTOR m_pSD;
  47. PSID m_pOwner;
  48. PSID m_pGroup;
  49. PACL m_pDACL;
  50. PACL m_pSACL;
  51. SECURITY_ATTRIBUTES m_saAttrs;
  52. BOOL m_fInheritance;
  53. public:
  54. HRESULT Attach(PSECURITY_DESCRIPTOR pSelfRelativeSD);
  55. HRESULT AttachObject(HANDLE hObject);
  56. HRESULT Initialize();
  57. HRESULT InitializeFromProcessToken(BOOL bDefaulted = FALSE);
  58. HRESULT InitializeFromThreadToken(BOOL bDefaulted = FALSE, BOOL bRevertToProcessToken = TRUE);
  59. HRESULT SetOwner(PSID pOwnerSid, BOOL bDefaulted = FALSE);
  60. HRESULT SetGroup(PSID pGroupSid, BOOL bDefaulted = FALSE);
  61. HRESULT Allow(const SecurityId *psidPrincipal, DWORD dwAccessMask);
  62. HRESULT Allow(LPCTSTR pszPrincipal, DWORD dwAccessMask);
  63. HRESULT Deny(const SecurityId *psidPrincipal, DWORD dwAccessMask);
  64. HRESULT Deny(LPCTSTR pszPrincipal, DWORD dwAccessMask);
  65. HRESULT Revoke(LPCTSTR pszPrincipal);
  66. void SetInheritance (BOOL fInheritance) {m_fInheritance = fInheritance;};
  67. // utility functions
  68. // Any PSID you get from these functions should be free()ed
  69. static HRESULT SetPrivilege(LPCTSTR Privilege, BOOL bEnable = TRUE, HANDLE hToken = NULL);
  70. static HRESULT GetTokenSids(HANDLE hToken, PSID* ppUserSid, PSID* ppGroupSid);
  71. static HRESULT GetProcessSids(PSID* ppUserSid, PSID* ppGroupSid = NULL);
  72. static HRESULT GetThreadSids(PSID* ppUserSid, PSID* ppGroupSid = NULL, BOOL bOpenAsSelf = FALSE);
  73. static HRESULT CopyACL(PACL pDest, PACL pSrc);
  74. static HRESULT GetCurrentUserSID(PSID *ppSid);
  75. static HRESULT GetPrincipalSID(LPCTSTR pszPrincipal, PSID *ppSid);
  76. static HRESULT AddAccessAllowedACEToACL(PACL *Acl, const SecurityId *psidPrincipal, DWORD dwAccessMask);
  77. static HRESULT AddAccessAllowedACEToACL(PACL *Acl, LPCTSTR pszPrincipal, DWORD dwAccessMask);
  78. static HRESULT AddAccessDeniedACEToACL(PACL *Acl, const SecurityId *psidPrincipal, DWORD dwAccessMask);
  79. static HRESULT AddAccessDeniedACEToACL(PACL *Acl, LPCTSTR pszPrincipal, DWORD dwAccessMask);
  80. static HRESULT RemovePrincipalFromACL(PACL Acl, LPCTSTR pszPrincipal);
  81. operator PSECURITY_DESCRIPTOR()
  82. {
  83. return m_pSD;
  84. }
  85. operator LPSECURITY_ATTRIBUTES();
  86. };
  87. #endif // __cplusplus
  88. #endif // _NTACLS_H_