Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

238 lines
6.6 KiB

  1. #ifndef _DSACLS_DSACE_H
  2. #define _DSACLS_DSACE_H
  3. #include <iostream>
  4. #include <algorithm>
  5. #include <functional>
  6. #include <list>
  7. using namespace std;
  8. typedef enum _DSACLS_OBJECT_TYPE_TYPE
  9. {
  10. DSACLS_SELF = 0,
  11. DSACLS_CHILD_OBJECTS,
  12. DSACLS_PROPERTY,
  13. DSACLS_EXTENDED_RIGHTS,
  14. DSACLS_VALIDATED_RIGHTS,
  15. DSACLS_UNDEFINED
  16. } DSACLS_OBJECT_TYPE_TYPE;
  17. class CAce
  18. {
  19. typedef enum _DSACLS_ACE_TYPE
  20. {
  21. ALLOW = 0,
  22. DENY,
  23. AUDIT_SUCCESS,
  24. AUDIT_FAILURE,
  25. AUDIT_ALL
  26. }DSACLS_ACE_TYPE;
  27. private:
  28. //Members Present in Ace
  29. BYTE m_AceFlags;
  30. ACCESS_MASK m_Mask;
  31. GUID m_GuidObjectType;
  32. GUID m_GuidInheritedObjectType;
  33. PSID m_pSid;
  34. //Data given by users to build an Ace
  35. ACCESS_MODE m_AccessMode;
  36. LPWSTR m_szTrusteeName;
  37. LPWSTR m_szObjectType; //LDAP display name of CHILD_OBJECT,
  38. LPWSTR m_szInheritedObjectType;
  39. //Misc Info
  40. ULONG m_Flags; // ACE_OBJECT_TYPE_PRESENT, etc.
  41. DSACLS_OBJECT_TYPE_TYPE m_ObjectTypeType;
  42. DSACLS_ACE_TYPE m_AceType;
  43. BOOL m_bErased; //This flag is used to mark the ace as deleted.
  44. //These two are used for format of display
  45. UINT m_nAllowDeny;
  46. UINT m_nAudit;
  47. protected:
  48. //Is ACE Allow or DENY
  49. DSACLS_ACE_TYPE GetAceType( PACE_HEADER pAceHeader )
  50. {
  51. if( pAceHeader->AceType == SYSTEM_AUDIT_ACE_TYPE )
  52. {
  53. if( pAceHeader->AceFlags & SUCCESSFUL_ACCESS_ACE_FLAG
  54. && pAceHeader->AceFlags & FAILED_ACCESS_ACE_FLAG )
  55. return AUDIT_ALL;
  56. else if( pAceHeader->AceFlags & SUCCESSFUL_ACCESS_ACE_FLAG )
  57. return AUDIT_SUCCESS;
  58. else if( pAceHeader->AceFlags & FAILED_ACCESS_ACE_FLAG )
  59. return AUDIT_FAILURE;
  60. else
  61. ASSERT(FALSE);
  62. }
  63. if( pAceHeader->AceType == ACCESS_ALLOWED_ACE_TYPE ||
  64. pAceHeader->AceType == ACCESS_ALLOWED_OBJECT_ACE_TYPE )
  65. return ALLOW;
  66. else
  67. return DENY;
  68. }
  69. public:
  70. BYTE GetAceFlags(){ return m_AceFlags; }
  71. ACCESS_MASK GetAccessMask(){ return m_Mask; }
  72. GUID* GetGuidObjectType();
  73. VOID SetGuidObjectType( GUID * guid ){ m_GuidObjectType = *guid; }
  74. GUID* GetGuidInheritType();
  75. VOID SetGuidInheritType( GUID *guid ){ m_GuidInheritedObjectType = *guid; }
  76. PSID GetSID(){ return m_pSid; }
  77. ACCESS_MODE GetAccessMode() { return m_AccessMode; }
  78. LPWSTR GetObjectType(){ return m_szObjectType; };
  79. VOID SetObjectType( LPWSTR pszName ) { CopyUnicodeString( &m_szObjectType, pszName ); }
  80. LPWSTR GetInheritedObjectType(){ return m_szInheritedObjectType; }
  81. VOID SetInheritedObjectType( LPWSTR pszName ) { CopyUnicodeString( &m_szInheritedObjectType, pszName ); }
  82. BOOL IsObjectTypePresent(){ return m_Flags & ACE_OBJECT_TYPE_PRESENT; }
  83. BOOL IsInheritedTypePresent(){ return m_Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT; }
  84. VOID SetObjectTypeType( DSACLS_OBJECT_TYPE_TYPE ot ){ m_ObjectTypeType = ot; }
  85. DSACLS_OBJECT_TYPE_TYPE GetObjectTypeType() { return m_ObjectTypeType; }
  86. UINT GetTrusteeLength()
  87. {
  88. if( m_szTrusteeName )
  89. return wcslen( m_szTrusteeName );
  90. else
  91. return 0;
  92. }
  93. VOID SetErased( BOOL bErase ){ m_bErased = bErase; }
  94. BOOL IsErased( ){ return m_bErased; }
  95. //Is ACE Effective on the object
  96. BOOL CAce::IsEffective(){ return !FlagOn( m_AceFlags, INHERIT_ONLY_ACE ); }
  97. //Is ACE Inherited to all child Objects
  98. BOOL CAce::IsInheritedToAll()
  99. {
  100. return ( FlagOn( m_AceFlags, CONTAINER_INHERIT_ACE ) &&
  101. !FlagOn( m_Flags, ACE_INHERITED_OBJECT_TYPE_PRESENT ) );
  102. }
  103. //Is Ace Inherited to Specific child object
  104. BOOL CAce::IsInheritedToSpecific()
  105. {
  106. return ( FlagOn( m_AceFlags, INHERIT_ONLY_ACE ) &&
  107. FlagOn( m_Flags, ACE_INHERITED_OBJECT_TYPE_PRESENT ) );
  108. }
  109. //Is Ace inherited from parent
  110. BOOL CAce::IsInheritedFromParent(){ return FlagOn( m_AceFlags, INHERITED_ACE );}
  111. VOID Display( UINT nMaxTrusteeLength );
  112. //Constructor
  113. CAce();
  114. ~CAce();
  115. DWORD Initialize( PACE_HEADER ace,
  116. UINT nAllowDeny,
  117. UINT nAudit
  118. );
  119. DWORD Initialize( LPWSTR pszTrustee,
  120. LPWSTR pszObjectId,
  121. LPWSTR pszInheritId,
  122. ACCESS_MODE AccessMode,
  123. ACCESS_MASK Access,
  124. BYTE Inheritance
  125. );
  126. };
  127. class CACE_SORT:public greater<CAce*>
  128. {
  129. bool operator()( CAce * a, CAce * b )
  130. {
  131. if( wcscmp( a->GetInheritedObjectType(),
  132. b->GetInheritedObjectType() ) > 0 )
  133. return true;
  134. else
  135. return false;
  136. }
  137. };
  138. class CAcl
  139. {
  140. public:
  141. VOID AddAce( CAce * pAce );
  142. VOID MergeAcl( CAcl * pAcl );
  143. DWORD BuildAcl( PACL * pAcl );
  144. VOID Display();
  145. DWORD Initialize( BOOL bProtected, PACL pAcl, UINT nAllowDeny, UINT nAudit);
  146. BOOL VerifyAllNames();
  147. VOID GetInfoFromCache();
  148. UINT m_nMaxTrusteeLength; //This length is maintained for formating the display
  149. ~CAcl();
  150. private:
  151. list<CAce*> listAces; //List represnting an ACL
  152. //These three used only for display purposes
  153. list<CAce *> listEffective; //List of Aces Effective directly on the object;
  154. list<CAce *> listInheritedAll; //List of Aces Inherited to all sub objects;
  155. list<CAce *> listInheritedSpecific; //List of Aces Inherited to <Inherited Object Class>
  156. BOOL bAclProtected; //Is Acl protected
  157. };
  158. /*
  159. CCache mainitains a cache of GUIDs And Display Name
  160. */
  161. typedef enum _DSACLS_SERACH_IN
  162. {
  163. BOTH = 0,
  164. SCHEMA,
  165. CONFIGURATION
  166. } DSACLS_SEARCH_IN;
  167. typedef enum _DSACLS_RESOLVE
  168. {
  169. RESOLVE_NAME = 0,
  170. RESOLVE_GUID
  171. }DSACLS_RESOLVE;
  172. typedef struct _DSACL_CACHE_ITEM
  173. {
  174. GUID Guid;
  175. LPWSTR pszName;
  176. DSACLS_OBJECT_TYPE_TYPE ObjectTypeType;
  177. DSACLS_SEARCH_IN searchIn;
  178. DSACLS_RESOLVE resolve;
  179. BOOL bResolved;
  180. }DSACL_CACHE_ITEM, * PDSACL_CACHE_ITEM;
  181. class CCache
  182. {
  183. public:
  184. DWORD AddItem( IN GUID *pGuid,
  185. IN DSACLS_SEARCH_IN s = BOTH );
  186. DWORD AddItem( IN LPWSTR pszName,
  187. IN DSACLS_SEARCH_IN s = BOTH );
  188. DWORD BuildCache();
  189. PDSACL_CACHE_ITEM LookUp( LPWSTR pszName );
  190. PDSACL_CACHE_ITEM LookUp( GUID* pGuid );
  191. ~CCache();
  192. private:
  193. list<PDSACL_CACHE_ITEM> m_listItem;
  194. list<PDSACL_CACHE_ITEM> m_listCache;
  195. //Methods
  196. DWORD SearchSchema();
  197. DWORD SearchConfiguration();
  198. };
  199. DSACLS_OBJECT_TYPE_TYPE GetObjectTypeType( INT validAccesses );
  200. DSACLS_OBJECT_TYPE_TYPE GetObjectTypeType( LPWSTR szObjectCategory );
  201. #endif