Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

184 lines
6.3 KiB

  1. //+-------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1993 - 1995.
  5. //
  6. // File: aclbuild.hxx
  7. //
  8. // Contents: Class to generate and read ACLs from and into ACCESS_ENTRYs
  9. //
  10. // History: 8-94 Created DaveMont
  11. //
  12. //--------------------------------------------------------------------
  13. #ifndef __ACLBUILD__
  14. #define __ACLBUILD__
  15. #include <accctrl.h>
  16. //
  17. // Valid returned ACE flags
  18. //
  19. #define ACLBUILD_VALID_ACE_FLAGS (OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | INHERIT_ONLY_ACE)
  20. class CAccountAccess;
  21. class CMemberCheck;
  22. class CIterator;
  23. class CAclIterator;
  24. class CAesIterator;
  25. //
  26. // IsContainer enumerated type, used by aclbuild.hxx (exposed here for cairole\stg)
  27. //
  28. typedef enum _IS_CONTAINER
  29. {
  30. ACCESS_TO_UNKNOWN = 0,
  31. ACCESS_TO_OBJECT,
  32. ACCESS_TO_CONTAINER
  33. } IS_CONTAINER, *PIS_CONTAINER;
  34. #ifdef __cplusplus
  35. extern "C" {
  36. #endif
  37. //
  38. // mask conversions, (exposed here for cairole\stg)
  39. //
  40. ULONG NTAccessMaskToProvAccessRights(IN SE_OBJECT_TYPE SeObjectType,
  41. IN BOOL fIsContainer,
  42. IN ACCESS_MASK AccessMask);
  43. ACCESS_MASK ProvAccessRightsToNTAccessMask(IN SE_OBJECT_TYPE SeObjectType,
  44. IN ULONG AccessRights);
  45. #ifdef __cplusplus
  46. }
  47. #endif
  48. //============================================================================
  49. //+---------------------------------------------------------------------------
  50. //
  51. // Class: CAcl
  52. //
  53. // Synopsis: Base class for ACL generation and reading, see aclbuild.cxx
  54. // header for detailed description
  55. //
  56. //----------------------------------------------------------------------------
  57. class CAcl
  58. {
  59. public:
  60. CAcl(LPWSTR system,
  61. IS_CONTAINER fdir,
  62. BOOL fSaveNamesAndSids,
  63. BOOL fUsedByProviderIndependentApi);
  64. ~CAcl();
  65. void * operator new(size_t size);
  66. void operator delete(void * p, size_t size);
  67. inline ULONG AclRevision();
  68. inline ULONG Capabilities();
  69. DWORD WINAPI SetAcl( PACL pacl);
  70. DWORD WINAPI ClearAll();
  71. DWORD WINAPI ClearAccessEntries();
  72. DWORD WINAPI AddAccessEntries( ULONG ccount,
  73. PACCESS_ENTRY pae);
  74. DWORD WINAPI BuildAcl(PACL *pacl);
  75. DWORD WINAPI BuildAccessEntries(PULONG csize,
  76. PULONG ccount,
  77. PACCESS_ENTRY *pae,
  78. BOOL fAbsolute);
  79. DWORD WINAPI GetEffectiveRights(PTRUSTEE ptrustee,
  80. PACCESS_MASK accessmask);
  81. DWORD WINAPI GetAuditedRights(PTRUSTEE ptrustee,
  82. PACCESS_MASK successmask,
  83. PACCESS_MASK failuremask);
  84. protected:
  85. DWORD WINAPI _Pass1(PULONG cSize, PULONG cCount, BOOL fBuildAcl);
  86. DWORD WINAPI _CheckEntryList(CAccountAccess *pCAA,
  87. CAccountAccess **plistCAA,
  88. ULONG clistlength,
  89. PULONG cSize,
  90. PULONG cCount,
  91. BOOL fBuildAcl) ;
  92. DWORD WINAPI _UseEntry(CAccountAccess *pCAA,
  93. PULONG cSize,
  94. PULONG cCount,
  95. BOOL fBuildAcl);
  96. DWORD WINAPI _RemoveEntry(CAccountAccess *pCAA,
  97. PULONG cSize,
  98. PULONG cCount,
  99. BOOL fBuildAcl);
  100. DWORD WINAPI _MergeEntries(CAccountAccess *pnewCAA,
  101. CAccountAccess *poldCAA,
  102. PULONG cSize,
  103. PULONG cCount,
  104. BOOL fBuildAcl);
  105. void _BuildAccessEntry(CAccountAccess *pCAA,
  106. LPWSTR *nameptr,
  107. PACCESS_ENTRY pAccessEntry,
  108. BOOL fAbsolute);
  109. void _BuildDualAuditEntries(CAccountAccess *pCAA,
  110. LPWSTR *nameptr,
  111. PACCESS_ENTRY pae,
  112. DWORD *ccount,
  113. BOOL fAbsolute);
  114. ULONG _GetAceSize(CAccountAccess *pcaa);
  115. DWORD WINAPI _GetAccessEntrySize(CAccountAccess *pcaa,
  116. PULONG cAccessEntrySize);
  117. DWORD WINAPI _AddEntry(CIterator *ci,
  118. CAccountAccess **pcaa,
  119. PULONG pcaaindex);
  120. DWORD WINAPI _CheckForDuplicateEntries(CAccountAccess **pcaa,
  121. ULONG curindex,
  122. ULONG countold);
  123. DWORD WINAPI _SetAceFlags(ULONG AceIndex,
  124. PACL pacl,
  125. CAccountAccess *pcaa);
  126. DWORD WINAPI _ComputeEffective(CAccountAccess *pCAA,
  127. CMemberCheck *cMC,
  128. PACCESS_MASK AllowMask,
  129. PACCESS_MASK DenyMask);
  130. DWORD WINAPI _InitIterators();
  131. BOOL _fused_by_provider_independent_api; // cluge to make provider
  132. // independent masks work
  133. ULONG _aclrevision;
  134. ULONG _capabilities;
  135. CAccountAccess **_pcaaacl; // list of acl account accesses
  136. CAccountAccess **_pcaaaes; // list of access entry account accesses
  137. ULONG _pcaaaclindex;
  138. ULONG _pcaaaesindex;
  139. LPWSTR _system;
  140. IS_CONTAINER _fdir;
  141. BOOL _fsave_names_and_sids;
  142. CAclIterator *_pcacli; // acl iterator
  143. CAesIterator *_pcaeli; // access entry iterator
  144. };
  145. //----------------------------------------------------------------------------
  146. ULONG CAcl::AclRevision()
  147. {
  148. return(_aclrevision);
  149. }
  150. //----------------------------------------------------------------------------
  151. ULONG CAcl::Capabilities()
  152. {
  153. return(_capabilities);
  154. }
  155. #endif // __ACLBUILD__