windows-server-2003/printscan/print/spooler/localspl/spoolsec.h

/*++

Copyright (c) 2001 Microsoft Corporation

Module Name:

    spoolsec.h

Abstract:

    Header file for print security

Author:

    Not known

Revision History:

    06-Apr-2001       AMaxa    CheckPrivilegePresent

--*/

#ifndef _SPOOLSEC_H_
#define _SPOOLSEC_H_

#ifdef __cplusplus
extern "C" {
#endif

// Object types
//

#define SPOOLER_OBJECT_SERVER   0
#define SPOOLER_OBJECT_PRINTER  1
#define SPOOLER_OBJECT_DOCUMENT 2
#define SPOOLER_OBJECT_COUNT    3
#define SPOOLER_OBJECT_XCV      4

/* These access bits must be different from those exposed in winspool.h,
 * so that no auditing takes place when we do an access check against them:
 */
#define SERVER_ACCESS_ADMINISTER_PRIVATE    0x00000004
#define PRINTER_ACCESS_ADMINISTER_PRIVATE   0x00000008
#define JOB_ACCESS_ADMINISTER_PRIVATE       0x00000080

enum
{
    kGuessTokenPrivileges = 1024
};

PSECURITY_DESCRIPTOR
CreateServerSecurityDescriptor(
    VOID
);

PSECURITY_DESCRIPTOR
CreatePrinterSecurityDescriptor(
    PSECURITY_DESCRIPTOR pCreatorSecurityDescriptor
);

PSECURITY_DESCRIPTOR
CreateDocumentSecurityDescriptor(
    PSECURITY_DESCRIPTOR pPrinterSecurityDescriptor
);

BOOL
SetPrinterSecurityDescriptor(
    SECURITY_INFORMATION SecurityInformation,
    PSECURITY_DESCRIPTOR pModificationDescriptor,
    PSECURITY_DESCRIPTOR *ppObjectsSecurityDescriptor
);

BOOL
DeletePrinterSecurity(
    PINIPRINTER pIniPrinter
);

BOOL
DeleteDocumentSecurity(
    PINIJOB pIniJob
);

PSECURITY_DESCRIPTOR
CreateEverybodySecurityDescriptor(
    VOID
);

BOOL
ValidateObjectAccess(
    IN      DWORD               ObjectType,
    IN      ACCESS_MASK         DesiredAccess,
    IN      LPVOID              ObjectHandle,
        OUT PACCESS_MASK        pGrantedAccess,
    IN      PINISPOOLER         pIniSpooler
    );

BOOL
ValidateObjectAccessWithToken(
    IN      HANDLE              hClientToken,
    IN      DWORD               ObjectType,
    IN      ACCESS_MASK         DesiredAccess,
    IN      LPVOID              ObjectHandle,
        OUT PACCESS_MASK        pGrantedAccess,
    IN      PINISPOOLER         pIniSpooler
    );

BOOL
AccessGranted(
    DWORD       ObjectType,
    ACCESS_MASK DesiredAccess,
    PSPOOL      pSpool
);

VOID MapGenericToSpecificAccess(
    DWORD ObjectType,
    DWORD GenericAccess,
    PDWORD pSpecificAccess
);

BOOL
GetTokenHandle(
    PHANDLE TokenHandle
);

BOOL
GetSecurityInformation(
    PSECURITY_DESCRIPTOR  pSecurityDescriptor,
    PSECURITY_INFORMATION pSecurityInformation
);

ACCESS_MASK
GetPrivilegeRequired(
    SECURITY_INFORMATION SecurityInformation
);

BOOL
BuildPartialSecurityDescriptor(
    ACCESS_MASK          AccessGranted,
    PSECURITY_DESCRIPTOR pSourceSecurityDescriptor,
    PSECURITY_DESCRIPTOR *ppPartialSecurityDescriptor,
    PDWORD               pPartialSecurityDescriptorLength
);

PSECURITY_DESCRIPTOR
CreateDriversShareSecurityDescriptor(
    VOID
);


BOOL
InitializeSecurityStructures(
    VOID
    );

DWORD
PrincipalIsRemoteGuest(
    IN  HANDLE  hToken,
    OUT BOOL   *pbRemoteGuest
    );

DWORD
CheckPrivilegePresent(
    IN     HANDLE   hToken,
    IN     PLUID    pLuid,
    IN OUT LPBOOL   pbPresent,
    IN OUT LPDWORD  pAttributes OPTIONAL
    );

BOOL
GrantJobReadPermissionToLocalSystem(
    IN OUT PSECURITY_DESCRIPTOR *ppSecurityDescriptor
    );

#ifdef __cplusplus
}
#endif

#endif