Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

217 lines
5.0 KiB

  1. /*++
  2. Copyright (c) 1992-2000 Microsoft Corporation
  3. Module Name:
  4. cannedsd.hxx
  5. Abstract:
  6. This module contains declarations for the CANNED_SECURITY
  7. class, which is a repository for the canned Security Descriptors
  8. used by the utilities.
  9. Initializing an object of this type generates the canned
  10. security descriptors used by the utilities, which can
  11. then be gotten from the object.
  12. These security descriptors are all in the self-relative
  13. format.
  14. Author:
  15. Bill McJohn (billmc) 04-March-1992
  16. --*/
  17. #if ! defined ( _CANNED_SECURITY_DEFN )
  18. #define _CANNED_SECURITY_DEFN
  19. #if defined ( _AUTOCHECK_ )
  20. #define IFSUTIL_EXPORT
  21. #elif defined ( _IFSUTIL_MEMBER_ )
  22. #define IFSUTIL_EXPORT __declspec(dllexport)
  23. #else
  24. #define IFSUTIL_EXPORT __declspec(dllimport)
  25. #endif
  26. // The IFS utilities use the following kinds of canned Security Descriptors:
  27. //
  28. // NoAccess -- No one is granted any access (empty ACL).
  29. // NoAcl -- The file has no ACL.
  30. // ReadOnly -- System and Admins can read the file.
  31. // ReadWrite -- System and Admins can read and write the file.
  32. // Edit -- System and Admins can read and write the file,
  33. // and can also change its permissions.
  34. // EditWorld -- Edit plus NoAcl
  35. //
  36. typedef enum _CANNED_SECURITY_TYPE {
  37. NoAccessCannedSd,
  38. NoAclCannedSd,
  39. ReadCannedSd,
  40. WriteCannedSd,
  41. EditCannedSd,
  42. EditWorldCannedDirSd,
  43. EditWorldCannedFileSd,
  44. NewRootSd,
  45. NoAclCannedFileSd
  46. };
  47. // These security descriptors need the SID's for System and Administrators.
  48. //
  49. //#define WELL_KNOWN_NAME_SYSTEM L"System"
  50. //#define WELL_KNOWN_NAME_ADMINS L"Administrators"
  51. #define WELL_KNOWN_NAME_SYSTEM L"SYSTEM"
  52. #define WELL_KNOWN_NAME_ADMINS L"ADMINS"
  53. DEFINE_TYPE( _CANNED_SECURITY_TYPE, CANNED_SECURITY_TYPE );
  54. class CANNED_SECURITY : public OBJECT {
  55. public:
  56. IFSUTIL_EXPORT
  57. DECLARE_CONSTRUCTOR( CANNED_SECURITY );
  58. IFSUTIL_EXPORT
  59. ~CANNED_SECURITY(
  60. );
  61. NONVIRTUAL
  62. IFSUTIL_EXPORT
  63. BOOLEAN
  64. Initialize(
  65. );
  66. NONVIRTUAL
  67. IFSUTIL_EXPORT
  68. PVOID
  69. GetCannedSecurityDescriptor(
  70. IN CANNED_SECURITY_TYPE Type,
  71. OUT PULONG SecurityDescriptorLength
  72. );
  73. private:
  74. NONVIRTUAL
  75. VOID
  76. Construct(
  77. );
  78. NONVIRTUAL
  79. VOID
  80. Destroy(
  81. );
  82. STATIC
  83. BOOLEAN
  84. QuerySystemSid(
  85. OUT PSID NewSid,
  86. IN OUT PULONG Length
  87. );
  88. STATIC
  89. BOOLEAN
  90. QueryPrincipalSelfSid(
  91. OUT PSID NewSid,
  92. IN OUT PULONG Length
  93. );
  94. STATIC
  95. BOOLEAN
  96. QueryCreatorOwnerSid(
  97. OUT PSID NewSid,
  98. IN OUT PULONG Length
  99. );
  100. STATIC
  101. BOOLEAN
  102. QueryPowerUsersSid(
  103. OUT PSID NewSid,
  104. IN OUT PULONG Length
  105. );
  106. STATIC
  107. BOOLEAN
  108. QueryUsersSid(
  109. OUT PSID NewSid,
  110. IN OUT PULONG Length
  111. );
  112. STATIC
  113. BOOLEAN
  114. QueryAdminsSid(
  115. OUT PSID NewSid,
  116. IN OUT PULONG Length
  117. );
  118. STATIC
  119. PVOID
  120. GenerateCannedSd(
  121. IN CANNED_SECURITY_TYPE SecurityType,
  122. IN ACCESS_MASK GrantedAccess,
  123. IN PSID AdminsSid,
  124. IN PSID SystemSid,
  125. IN HANDLE TokenHandle,
  126. OUT PULONG Length
  127. );
  128. STATIC
  129. BOOLEAN
  130. GenerateCannedAcl(
  131. IN PACL AclBuffer,
  132. IN ULONG BufferLength,
  133. IN ACCESS_MASK GrantedAccess,
  134. IN PSID AdminsSid,
  135. IN PSID SystemSid
  136. );
  137. STATIC
  138. BOOLEAN
  139. GenerateCannedWorldDirAcl(
  140. IN PACL AclBuffer,
  141. IN ULONG BufferLength,
  142. IN ACCESS_MASK GrantedAccess,
  143. IN PSID AdminsSid,
  144. IN PSID SystemSid
  145. );
  146. STATIC
  147. BOOLEAN
  148. GenerateCannedWorldFileAcl(
  149. IN PACL AclBuffer,
  150. IN ULONG BufferLength,
  151. IN ACCESS_MASK GrantedAccess,
  152. IN PSID AdminsSid,
  153. IN PSID SystemSid
  154. );
  155. STATIC
  156. BOOLEAN
  157. GenerateCannedNewRootAcl(
  158. IN PACL AclBuffer,
  159. IN ULONG BufferLength
  160. );
  161. ULONG _NoAccessLength, _NoAclLength, _ReadLength,
  162. _WriteLength, _EditLength,
  163. _EditWorldDirLength, _EditWorldFileLength,
  164. _NewRootSdLength, _NoAclFileLength;
  165. PVOID _NoAccessSd, _NoAclSd, _ReadSd, _WriteSd, _EditSd,
  166. _EditWorldDirSd, _EditWorldFileSd,
  167. _NewRootSd, _NoAclFileSd;
  168. };
  169. #endif