windows-server-2003/inetsrv/iis/setup/osrc/acl.hxx


								#include "Aclapi.h"

								#include <buffer.hxx>


								// class: CSecurityDescriptor

								//

								// Class to create and modify a Security Descriptor

								//

								class CSecurityDescriptor

								{

								private:

								  BOOL m_bSDValid : 1;                  // Is the SD Valid?

								  BOOL m_bDAclIsInheritted : 1;         // Is the DACL inheritted (was it taken from an inheritted dacl?)

								  PACL m_pDAcl;                         // Our DAcl

								  PSID m_pOwner;

								  PSID m_pGroup;

								  SECURITY_DESCRIPTOR m_SD;             // Our Security Descriptor

								  SECURITY_ATTRIBUTES m_SA;             // Our Security Attributes for the SD


								  BOOL SetDAcl( PACL pAcl );

								  BOOL SetOwner( PSID pSid );

								  BOOL SetGroup( PSID pSid );

								  PACL GetCurrentDAcl();

								  BOOL InitializeSD();

								  PSID CreateWellKnowSid( DWORD dwId );

								//  PSID CreateSidFromName( LPTSTR szTrustee );

								  BOOL DuplicateACL( PACL pSourceAcl, PACL *pNewlyCreateAcl );

								  BOOL UpdateDACLwithNewACE( TRUSTEE_FORM TrusteeForm, LPTSTR szTrusteeName,

								                             DWORD dwAccess, ACCESS_MODE dwAccessMode, DWORD dwInheitance);

								  BOOL IsInherittedAcl( PACL pSourceAcl );

								public:

								  CSecurityDescriptor();

								  ~CSecurityDescriptor();


								  // Add/Remove Functions for DAcl's

								  BOOL AddAccessAcebyName( LPTSTR szName, DWORD dwAccess, BOOL bAllow = TRUE , BOOL bInherit = FALSE );

								  BOOL AddAccessAcebyWellKnownID( DWORD dwID, DWORD dwAccess, BOOL bAllow = TRUE , BOOL bInherit = FALSE );

								  BOOL AddAccessAcebyStringSid( LPTSTR szStringSid, DWORD dwAccess, BOOL bAllow = TRUE , BOOL bInherit = FALSE );

								  BOOL RemoveAccessAcebyName( LPTSTR szName ,BOOL bInherit = FALSE );

								  BOOL ResetSD();


								  // Set Owner/Group Info

								  BOOL SetOwnerbyWellKnownID( DWORD dwID );

								  BOOL SetGroupbyWellKnownID( DWORD dwID );


								  // Set/Retrieve Security Infomation

								  BOOL SetSecurityInfoOnHandle( HANDLE hHandle, SE_OBJECT_TYPE ObjectType, BOOL bAllowInheritance = FALSE );

								  BOOL SetSecurityInfoOnFile( LPTSTR szFile, BOOL bAllowInheritance );

								  BOOL SetSecurityInfoOnFiles( LPTSTR szFile, BOOL bAllowInheritance );

								  BOOL GetSecurityInfoOnHandle( HANDLE hHandle, SE_OBJECT_TYPE ObjectType );

								  BOOL GetSecurityInfoOnFile( LPTSTR szFile );

								  BOOL DuplicateSD( PSECURITY_DESCRIPTOR pSD );


								  // Query Pointers to SD and SA

								  PSECURITY_DESCRIPTOR QuerySD();

								  PSECURITY_ATTRIBUTES QuerySA();

								  BOOL                 CreateSelfRelativeSD( BUFFER *pBuff, LPDWORD pdwSize );

								  BOOL                 QueryEffectiveRightsForTrustee( DWORD dwTrustee,

								                                                       PACCESS_MASK pAccessMask );


								  static BOOL DoesFileSystemSupportACLs( LPTSTR szPath, LPBOOL pbSupportAcls );


								  // Some shortcut calls

								  BOOL CreateAdminDAcl( BOOL bInheritable = FALSE );


								  // Constants to be used

								  static enum USERANDGROUSIDS {

								    GROUP_ADMINISTRATORS = 0,

								    GROUP_USERS,

								    USER_LOCALSYSTEM,

								    USER_LOCALSERVICE,

								    USER_NETWORKSERVICE,

								    USER_EVERYONE,

								  };


								  static const ACCESS_FULL          = FILE_ALL_ACCESS;

								  static const ACCESS_WRITEONLY     = ACTRL_FILE_WRITE |         // File Specific: Write

								                                      ACTRL_FILE_APPEND |        // File Specific: Append

								                                      ACTRL_FILE_WRITE_PROP |    // File Specific: Write File Properties

								                                      ACTRL_FILE_WRITE_ATTRIB;   // File Specific: Write Attributes

								  static const ACCESS_FILE_DELETE   = DELETE;                    // Standard: Delete

								  static const ACCESS_DIR_DELETE    = ACCESS_FILE_DELETE |

								                                      ACTRL_DIR_DELETE_CHILD;    // Dir specific: Delete Child

								  static const ACCESS_READONLY      = SYNCHRONIZE |              // Standard: Synchronize

								                                      STANDARD_RIGHTS_READ |     // Standard: Read

								                                      ACTRL_FILE_READ |          // File Specific: Read File

								                                      ACTRL_FILE_READ_PROP |     // File Specific: Read Properties

								                                      ACTRL_FILE_READ_ATTRIB;    // File Specific: Read Attributes

								  static const ACCESS_READ_EXECUTE  = ACCESS_READONLY |          // Read from above

								                                      STANDARD_RIGHTS_EXECUTE |  // Standard: Execute

								                                      ACTRL_FILE_EXECUTE;        // File Specific: Execute File */

								};


								BOOL CreateDirectoryWithSA( LPTSTR szPath, CSecurityDescriptor &pSD, BOOL bAllowInheritance );