windows-server-2003/admin/netui/acledit/h/ntmasks.hxx

/**********************************************************************/
/**			  Microsoft Windows NT			     **/
/**		   Copyright(c) Microsoft Corp., 1992		     **/
/**********************************************************************/

/*
    NTMasks.hxx

    This file contains the Access mask mappings for the Generic ACL Editor
    for NT FS.



    FILE HISTORY:
	Johnl	7-Jan-1992	Broke out from ntfsacl.hxx

*/

#ifndef _NTMASKS_HXX_
#define _NTMASKS_HXX_

/* The following manifests are the permission bitfields that represent
 * each string above.  Note that for the special bits we could have used
 * the permission manifest directly (i.e., FILE_READ_DATA instead of
 * FILE_PERM_SPEC_READ_DATA), however the special bits can also contain
 * multiple flags, so this protects us in case we ever decide to combine
 * some manifests.
 *
 */

/* File Special Permissions
 */
#define FILE_PERM_SPEC_READ		 GENERIC_READ
#define FILE_PERM_SPEC_WRITE		 GENERIC_WRITE
#define FILE_PERM_SPEC_EXECUTE		 GENERIC_EXECUTE
#define FILE_PERM_SPEC_ALL		 GENERIC_ALL
#define FILE_PERM_SPEC_DELETE		 DELETE
#define FILE_PERM_SPEC_CHANGE_PERM	 WRITE_DAC
#define FILE_PERM_SPEC_CHANGE_OWNER	 WRITE_OWNER

/* File General Permissions
 */
#define FILE_PERM_GEN_NO_ACCESS 	 (0)
#define FILE_PERM_GEN_READ		 (GENERIC_READ	  |\
					  GENERIC_EXECUTE)
#define FILE_PERM_GEN_MODIFY		 (GENERIC_READ	  |\
					  GENERIC_EXECUTE |\
					  GENERIC_WRITE   |\
					  DELETE )
#define FILE_PERM_GEN_ALL		 (GENERIC_ALL)


/* Directory Special Permissions
 */
#define DIR_PERM_SPEC_READ		   GENERIC_READ
#define DIR_PERM_SPEC_WRITE		   GENERIC_WRITE
#define DIR_PERM_SPEC_EXECUTE		   GENERIC_EXECUTE
#define DIR_PERM_SPEC_ALL		   GENERIC_ALL
#define DIR_PERM_SPEC_DELETE		   DELETE
#define DIR_PERM_SPEC_CHANGE_PERM	   WRITE_DAC
#define DIR_PERM_SPEC_CHANGE_OWNER	   WRITE_OWNER

/* Directory General Permissions
 */
#define DIR_PERM_GEN_NO_ACCESS		   (0)
#define DIR_PERM_GEN_LIST		   (GENERIC_READ    |\
					    GENERIC_EXECUTE)
#define DIR_PERM_GEN_READ		   (GENERIC_READ    |\
					    GENERIC_EXECUTE)
#define DIR_PERM_GEN_DEPOSIT		   (GENERIC_WRITE   |\
					    GENERIC_EXECUTE)
#define DIR_PERM_GEN_PUBLISH		   (GENERIC_READ    |\
					    GENERIC_WRITE   |\
					    GENERIC_EXECUTE)
#define DIR_PERM_GEN_MODIFY		   (GENERIC_READ    |\
					    GENERIC_WRITE   |\
					    GENERIC_EXECUTE |\
					    DELETE	   )
#define DIR_PERM_GEN_ALL		   (GENERIC_ALL)

/* New file Special Permissions
 */
#define NEWFILE_PERM_SPEC_READ		    GENERIC_READ
#define NEWFILE_PERM_SPEC_WRITE 	    GENERIC_WRITE
#define NEWFILE_PERM_SPEC_EXECUTE	    GENERIC_EXECUTE
#define NEWFILE_PERM_SPEC_ALL		    GENERIC_ALL
#define NEWFILE_PERM_SPEC_DELETE	    DELETE
#define NEWFILE_PERM_SPEC_CHANGE_PERM	    WRITE_DAC
#define NEWFILE_PERM_SPEC_CHANGE_OWNER	    WRITE_OWNER

/* New File General permissions - Note that these correspond to the Directory
 * general permissions.
 */
#define NEWFILE_PERM_GEN_NO_ACCESS	    (0)
#define NEWFILE_PERM_GEN_LIST		    (ACCESS_MASK_NEW_OBJ_NOT_SPECIFIED)
#define NEWFILE_PERM_GEN_READ		    (GENERIC_READ |\
					     GENERIC_EXECUTE)
#define NEWFILE_PERM_GEN_DEPOSIT	    (ACCESS_MASK_NEW_OBJ_NOT_SPECIFIED)
#define NEWFILE_PERM_GEN_PUBLISH	    (GENERIC_READ |\
					     GENERIC_EXECUTE)
#define NEWFILE_PERM_GEN_MODIFY 	    (GENERIC_READ    |\
					     GENERIC_WRITE   |\
					     GENERIC_EXECUTE |\
					     DELETE	    )
#define NEWFILE_PERM_GEN_ALL                (GENERIC_ALL)

//
//  Audit access masks
//
//  Note that ACCESS_SYSTEM_SECURITY is ored with both Generic Read and
//  Generic Write.  Access to the SACL is a privilege and if you have that
//  privilege, then you can both read and write the SACL.
//

#define FILE_AUDIT_READ                     (GENERIC_READ |\
                                             ACCESS_SYSTEM_SECURITY)
#define FILE_AUDIT_WRITE                    (GENERIC_WRITE |\
                                             ACCESS_SYSTEM_SECURITY)
#define FILE_AUDIT_EXECUTE		    GENERIC_EXECUTE
#define FILE_AUDIT_DELETE		    DELETE
#define FILE_AUDIT_CHANGE_PERM		    WRITE_DAC
#define FILE_AUDIT_CHANGE_OWNER 	    WRITE_OWNER

#define DIR_AUDIT_READ                      (GENERIC_READ |\
                                             ACCESS_SYSTEM_SECURITY)
#define DIR_AUDIT_WRITE                     (GENERIC_WRITE |\
                                            ACCESS_SYSTEM_SECURITY)
#define DIR_AUDIT_EXECUTE		    GENERIC_EXECUTE
#define DIR_AUDIT_DELETE		    DELETE
#define DIR_AUDIT_CHANGE_PERM		    WRITE_DAC
#define DIR_AUDIT_CHANGE_OWNER		    WRITE_OWNER


/* The valid access masks for NTFS
 */
#define NTFS_VALID_ACCESS_MASK		    (0xffffffff)

#endif //_NTMASKS_HXX_