|
|
/////////////////////////////////////////////////////////////////////////////
//
// Copyright (c) 1998-2002 Microsoft Corporation
//
// Module Name:
// AclBase.h
//
// Description:
// Implementation of the ISecurityInformation interface. This interface
// is the new common security UI in NT 5.0.
//
// Implementation File:
// AclBase.cpp
//
// Author:
// Galen Barbee (galenb) February 6, 1998
// From \nt\private\admin\snapin\filemgmt\permpage.h
// by JonN
//
// Revision History:
//
// Notes:
//
/////////////////////////////////////////////////////////////////////////////
#ifndef _ACLBASE_H
#define _ACLBASE_H
/////////////////////////////////////////////////////////////////////////////
// Include Files
/////////////////////////////////////////////////////////////////////////////
#ifndef _ACLUI_H_
#include <aclui.h> // for ISecurityInformation
#endif // _ACLUI_H_
#include "CluAdmEx.h"
#include <ObjSel.h>
//
// Stuff used for initializing the Object Picker below
//
#define DSOP_FILTER_COMMON1 ( DSOP_FILTER_INCLUDE_ADVANCED_VIEW \
| DSOP_FILTER_USERS \ | DSOP_FILTER_UNIVERSAL_GROUPS_SE \ | DSOP_FILTER_GLOBAL_GROUPS_SE \ | DSOP_FILTER_COMPUTERS \ )#define DSOP_FILTER_COMMON2 ( DSOP_FILTER_COMMON1 \
| DSOP_FILTER_WELL_KNOWN_PRINCIPALS \ | DSOP_FILTER_DOMAIN_LOCAL_GROUPS_SE \ )#define DSOP_FILTER_COMMON3 ( DSOP_FILTER_COMMON2 \
| DSOP_FILTER_BUILTIN_GROUPS \ )#define DSOP_FILTER_DL_COMMON1 ( DSOP_DOWNLEVEL_FILTER_USERS \
| DSOP_DOWNLEVEL_FILTER_GLOBAL_GROUPS \ )#define DSOP_FILTER_DL_COMMON2 ( DSOP_FILTER_DL_COMMON1 \
| DSOP_DOWNLEVEL_FILTER_ALL_WELLKNOWN_SIDS \ )#define DSOP_FILTER_DL_COMMON3 ( DSOP_FILTER_DL_COMMON2 \
| DSOP_DOWNLEVEL_FILTER_LOCAL_GROUPS \ )
//
// Documentation of the DSOP_SCOPE_INIT_INFO struct so you can see how the macros below
// fill it in...
//
/*
{ // DSOP_SCOPE_INIT_INFO
cbSize, flType, flScope, { // DSOP_FILTER_FLAGS
{ // DSOP_UPLEVEL_FILTER_FLAGS
flBothModes, flMixedModeOnly, flNativeModeOnly }, flDownlevel }, pwzDcName, pwzADsPath, hr // OUT
}*/
#define DECLARE_SCOPE(t,f,b,m,n,d) \
{ sizeof(DSOP_SCOPE_INIT_INFO), (t), (f|DSOP_SCOPE_FLAG_DEFAULT_FILTER_GROUPS|DSOP_SCOPE_FLAG_DEFAULT_FILTER_USERS), { { (b), (m), (n) }, (d) }, NULL, NULL, S_OK }
//
// The domain to which the target computer is joined.
// Make 2 scopes, one for uplevel domains, the other for downlevel.
//
#define JOINED_DOMAIN_SCOPE(f) \
DECLARE_SCOPE(DSOP_SCOPE_TYPE_UPLEVEL_JOINED_DOMAIN,(f),0,(DSOP_FILTER_COMMON2 & ~(DSOP_FILTER_UNIVERSAL_GROUPS_SE|DSOP_FILTER_DOMAIN_LOCAL_GROUPS_SE)),DSOP_FILTER_COMMON2,0), \DECLARE_SCOPE(DSOP_SCOPE_TYPE_DOWNLEVEL_JOINED_DOMAIN,(f),0,0,0,DSOP_FILTER_DL_COMMON2)
//
// The domain for which the target computer is a Domain Controller.
// Make 2 scopes, one for uplevel domains, the other for downlevel.
//
#define JOINED_DOMAIN_SCOPE_DC(f) \
DECLARE_SCOPE(DSOP_SCOPE_TYPE_UPLEVEL_JOINED_DOMAIN,(f),0,(DSOP_FILTER_COMMON3 & ~DSOP_FILTER_UNIVERSAL_GROUPS_SE),DSOP_FILTER_COMMON3,0), \DECLARE_SCOPE(DSOP_SCOPE_TYPE_DOWNLEVEL_JOINED_DOMAIN,(f),0,0,0,DSOP_FILTER_DL_COMMON3)
//
// Target computer scope. Computer scopes are always treated as
// downlevel (i.e., they use the WinNT provider).
//
#define TARGET_COMPUTER_SCOPE(f)\
DECLARE_SCOPE(DSOP_SCOPE_TYPE_TARGET_COMPUTER,(f),0,0,0,DSOP_FILTER_DL_COMMON3)
//
// The Global Catalog
//
#define GLOBAL_CATALOG_SCOPE(f) \
DECLARE_SCOPE(DSOP_SCOPE_TYPE_GLOBAL_CATALOG,(f),DSOP_FILTER_COMMON1|DSOP_FILTER_WELL_KNOWN_PRINCIPALS,0,0,0)
//
// The domains in the same forest (enterprise) as the domain to which
// the target machine is joined. Note these can only be DS-aware
//
#define ENTERPRISE_SCOPE(f) \
DECLARE_SCOPE(DSOP_SCOPE_TYPE_ENTERPRISE_DOMAIN,(f),DSOP_FILTER_COMMON1,0,0,0)
//
// Domains external to the enterprise but trusted directly by the
// domain to which the target machine is joined.
//
#define EXTERNAL_SCOPE(f) \
DECLARE_SCOPE(DSOP_SCOPE_TYPE_EXTERNAL_UPLEVEL_DOMAIN|DSOP_SCOPE_TYPE_EXTERNAL_DOWNLEVEL_DOMAIN,\ (f),DSOP_FILTER_COMMON1,0,0,DSOP_DOWNLEVEL_FILTER_USERS|DSOP_DOWNLEVEL_FILTER_GLOBAL_GROUPS)
//
// Workgroup scope. Only valid if the target computer is not joined
// to a domain.
//
#define WORKGROUP_SCOPE(f) \
DECLARE_SCOPE(DSOP_SCOPE_TYPE_WORKGROUP,(f),0,0,0, DSOP_FILTER_DL_COMMON1|DSOP_DOWNLEVEL_FILTER_LOCAL_GROUPS )
//
// Array of Default Scopes
//
static const DSOP_SCOPE_INIT_INFO g_aDefaultScopes[] ={ JOINED_DOMAIN_SCOPE(DSOP_SCOPE_FLAG_STARTING_SCOPE), TARGET_COMPUTER_SCOPE(0), GLOBAL_CATALOG_SCOPE(0), ENTERPRISE_SCOPE(0), EXTERNAL_SCOPE(0),};
//
// Same as above, but without the Target Computer. Used when the target is a Domain Controller.
//
//
// KB: 21-MAY-2002 GalenB
//
// This array of scopes is not currently being used since these scopes are only interestng for a mixed mode
// domain where all of the member nodes of the cluster are domain controllers or backup domain controllers.
// This is the only configuration where domain local groups can be used in a cluster SD when the default
// scopes above will not allow the user to pick them.
//
/*
static const DSOP_SCOPE_INIT_INFO g_aDCScopes[] ={ JOINED_DOMAIN_SCOPE_DC(DSOP_SCOPE_FLAG_STARTING_SCOPE), GLOBAL_CATALOG_SCOPE(0), ENTERPRISE_SCOPE(0), EXTERNAL_SCOPE(0),};*//////////////////////////////////////////////////////////////////////////////
// Forward Class Declarations
/////////////////////////////////////////////////////////////////////////////
class CSecurityInformation;
/////////////////////////////////////////////////////////////////////////////
// External Class Declarations
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
// CSecurityInformation security wrapper
/////////////////////////////////////////////////////////////////////////////
class CSecurityInformation : public ISecurityInformation, public CComObjectRoot, public IDsObjectPicker{ DECLARE_NOT_AGGREGATABLE(CSecurityInformation) BEGIN_COM_MAP(CSecurityInformation) COM_INTERFACE_ENTRY(ISecurityInformation) COM_INTERFACE_ENTRY(IDsObjectPicker) END_COM_MAP()#ifndef END_COM_MAP_ADDREF
// *** IUnknown methods ***
STDMETHOD_(ULONG, AddRef)( void ) { return InternalAddRef();
}
STDMETHOD_(ULONG, Release)( void ) { ULONG l = InternalRelease();
if (l == 0) { delete this; }
return l;
}#endif
// *** ISecurityInformation methods ***
STDMETHOD(GetObjectInformation)( PSI_OBJECT_INFO pObjectInfo );
STDMETHOD(GetSecurity)( SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR * ppSecurityDescriptor, BOOL fDefault ) = 0;
STDMETHOD(SetSecurity)( SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor );
STDMETHOD(GetAccessRights)( const GUID * pguidObjectType, DWORD dwFlags, PSI_ACCESS * ppAccess, ULONG * pcAccesses, ULONG * piDefaultAccess );
STDMETHOD(MapGeneric)( const GUID * pguidObjectType, UCHAR * pAceFlags, ACCESS_MASK * pMask );
STDMETHOD(GetInheritTypes)( PSI_INHERIT_TYPE * ppInheritTypes, ULONG * pcInheritTypes );
STDMETHOD(PropertySheetPageCallback)( HWND hwnd, UINT uMsg, SI_PAGE_TYPE uPage );
// IDsObjectPicker
STDMETHODIMP Initialize( PDSOP_INIT_INFO pInitInfo );
STDMETHODIMP InvokeDialog( HWND hwndParent, IDataObject ** ppdoSelection );
protected: CSecurityInformation( void ); ~CSecurityInformation( void );
HRESULT HrLocalAccountsInSD( IN PSECURITY_DESCRIPTOR pSD, OUT PBOOL pFound );
PGENERIC_MAPPING m_pShareMap; PSI_ACCESS m_psiAccess; int m_nDefAccess; int m_nAccessElems; DWORD m_dwFlags; CString m_strServer; CString m_strNode; int m_nLocalSIDErrorMessageID; IDsObjectPicker * m_pObjectPicker; LONG m_cRef;
};
#endif //_ACLBASE_H
|
