Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

226 lines
6.8 KiB

  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1999.
  5. //
  6. // File: ADUtils.h
  7. //
  8. // Contents: Classes CWString, CACLDiagComModule, ACE_SAMNAME, helper methods
  9. //
  10. //
  11. //----------------------------------------------------------------------------
  12. #ifndef __ACLDIAG_ADUTILS_H
  13. #define __ACLDIAG_ADUTILS_H
  14. #include "stdafx.h"
  15. #include "ADSIObj.h"
  16. ///////////////////////////////////////////////////////////////////////
  17. // wstring helper methods
  18. HRESULT wstringFromGUID (wstring& str, REFGUID guid);
  19. bool LoadFromResource(wstring& str, UINT uID);
  20. bool FormatMessage(wstring& str, UINT nFormatID, ...);
  21. bool FormatMessage(wstring& str, LPCTSTR lpszFormat, ...);
  22. #include <util.h>
  23. void StripQuotes (wstring& str);
  24. wstring GetSystemMessage (DWORD dwErr);
  25. HRESULT SetSecurityInfoMask(LPUNKNOWN punk, SECURITY_INFORMATION si);
  26. HANDLE EnablePrivileges(PDWORD pdwPrivileges, ULONG cPrivileges);
  27. void ReleasePrivileges(HANDLE hToken);
  28. static const GUID NULLGUID =
  29. { 0x00000000, 0x0000, 0x0000, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } };
  30. #define IsObjectAceType(Ace) ( \
  31. (((PACE_HEADER)(Ace))->AceType >= ACCESS_MIN_MS_OBJECT_ACE_TYPE) && \
  32. (((PACE_HEADER)(Ace))->AceType <= ACCESS_MAX_MS_OBJECT_ACE_TYPE) \
  33. )
  34. #define THROW(e) throw e
  35. #define ACLDIAG_CONFIG_NAMING_CONTEXT L"configurationNamingContext"
  36. #define ACLDIAG_ROOTDSE L"RootDSE"
  37. class PSID_FQDN
  38. {
  39. public:
  40. PSID_FQDN (PSID psid, const wstring& strFQDN, const wstring& strDownLevelName, SID_NAME_USE sne) :
  41. m_PSID (psid),
  42. m_strFQDN (strFQDN),
  43. m_strDownLevelName (strDownLevelName),
  44. m_sne (sne)
  45. {
  46. }
  47. PSID m_PSID;
  48. wstring m_strFQDN;
  49. wstring m_strDownLevelName;
  50. SID_NAME_USE m_sne;
  51. };
  52. ///////////////////////////////////////////////////////////////////////////////
  53. // Important note: m_pAllowedAce is used to refer to the Header and Mask fields.
  54. // This allows most operations because the fields are always in the same place for
  55. // all the structs below. For anything else, one of the other members of the
  56. // union must be used, depending on the m_AceType.
  57. class ACE_SAMNAME
  58. {
  59. public:
  60. ACE_SAMNAME () :
  61. m_AceType (0),
  62. m_pAllowedAce (0)
  63. {
  64. }
  65. void DebugOut () const;
  66. bool IsInherited () const;
  67. BOOL operator==(const ACE_SAMNAME& rAceSAMName) const;
  68. BOOL IsEquivalent (ACE_SAMNAME& rAceSAMName, ACCESS_MASK accessMask);
  69. BYTE m_AceType;
  70. union {
  71. PACCESS_ALLOWED_ACE m_pAllowedAce;
  72. PACCESS_ALLOWED_OBJECT_ACE m_pAllowedObjectAce;
  73. PACCESS_DENIED_ACE m_pDeniedAce;
  74. PACCESS_DENIED_OBJECT_ACE m_pDeniedObjectAce;
  75. PSYSTEM_AUDIT_ACE m_pSystemAuditAce;
  76. PSYSTEM_AUDIT_OBJECT_ACE m_pSystemAuditObjectAce;
  77. };
  78. wstring m_SAMAccountName;
  79. wstring m_strObjectGUID;
  80. wstring m_strInheritedObjectGUID;
  81. };
  82. typedef list<ACE_SAMNAME*> ACE_SAMNAME_LIST;
  83. typedef list<PSID_FQDN*> PSID_FQDN_LIST;
  84. class SAMNAME_SD {
  85. public:
  86. SAMNAME_SD (const wstring& upn, PSECURITY_DESCRIPTOR pSecurityDescriptor)
  87. {
  88. m_upn = upn;
  89. m_pSecurityDescriptor = pSecurityDescriptor;
  90. }
  91. virtual ~SAMNAME_SD ()
  92. {
  93. if ( m_pSecurityDescriptor )
  94. ::LocalFree (m_pSecurityDescriptor);
  95. }
  96. wstring m_upn;
  97. PSECURITY_DESCRIPTOR m_pSecurityDescriptor;
  98. ACE_SAMNAME_LIST m_DACLList;
  99. ACE_SAMNAME_LIST m_SACLList;
  100. };
  101. typedef enum {
  102. GUID_TYPE_UNKNOWN = -1,
  103. GUID_TYPE_CLASS = 0,
  104. GUID_TYPE_ATTRIBUTE,
  105. GUID_TYPE_CONTROL
  106. } GUID_TYPE;
  107. class CACLDiagComModule : public CComModule
  108. {
  109. public:
  110. CACLDiagComModule();
  111. virtual ~CACLDiagComModule ();
  112. HRESULT Init ();
  113. void SetObjectDN (const wstring& objectDN)
  114. {
  115. // strip quotes, if present
  116. m_strObjectDN = objectDN;
  117. StripQuotes (m_strObjectDN);
  118. }
  119. wstring GetObjectDN () const { return m_strObjectDN;}
  120. bool DoSchema () const { return m_bDoSchema;}
  121. void SetDoSchema () { m_bDoSchema = true;}
  122. bool CheckDelegation () const { return m_bDoCheckDelegation;}
  123. void SetCheckDelegation () { m_bDoCheckDelegation = true;}
  124. void TurnOffFixDelegation() { m_bDoFixDelegation = false;}
  125. bool FixDelegation () const { return m_bDoFixDelegation;}
  126. void SetFixDelegation () { m_bDoFixDelegation = true;}
  127. bool DoGetEffective () const { return m_bDoGetEffective;}
  128. void SetDoGetEffective (const wstring& strUserGroupDN)
  129. {
  130. // strip quotes, if present
  131. m_strUserGroupDN = strUserGroupDN;
  132. StripQuotes (m_strUserGroupDN);
  133. m_bDoGetEffective = true;
  134. }
  135. wstring GetEffectiveRightsPrincipal() const { return m_strUserGroupDN;}
  136. void SetTabDelimitedOutput () { m_bTabDelimitedOutput = true;}
  137. bool DoTabDelimitedOutput () const { return m_bTabDelimitedOutput;}
  138. void SetSkipDescription () { m_bSkipDescription = true;}
  139. bool SkipDescription () const { return m_bSkipDescription;}
  140. HRESULT GetClassFromGUID (REFGUID rGuid, wstring& strClassName, GUID_TYPE* pGuidType = 0);
  141. static HRESULT IsUserAdministrator (BOOL & bIsAdministrator);
  142. static bool IsWindowsNT();
  143. void SetDoLog(const wstring &strPath)
  144. {
  145. m_bLogErrors = true;
  146. m_strLogPath = strPath;
  147. }
  148. bool DoLog () const { return m_bLogErrors;}
  149. wstring GetLogPath () const { return m_strLogPath;};
  150. public:
  151. // SD of m_strObjectDN
  152. PSECURITY_DESCRIPTOR m_pSecurityDescriptor;
  153. PSID_FQDN_LIST m_PSIDList; // SIDs of interest: the owner, the SACL, the DACL
  154. // DACL and SACL of m_strObjectDN
  155. ACE_SAMNAME_LIST m_DACLList;
  156. ACE_SAMNAME_LIST m_SACLList;
  157. // SDs and DACLs for all the parents of m_strObjectDN
  158. list<SAMNAME_SD*> m_listOfParentSDs;
  159. // List of all known classes and properties, with their GUIDs
  160. CGrowableArr<CSchemaClassInfo> m_classInfoArray;
  161. CGrowableArr<CSchemaClassInfo> m_attrInfoArray;
  162. CACLAdsiObject m_adsiObject;
  163. private:
  164. bool m_bSkipDescription;
  165. wstring m_strLogPath;
  166. HANDLE m_hPrivToken;
  167. wstring m_strObjectDN;
  168. wstring m_strUserGroupDN;
  169. bool m_bDoSchema;
  170. bool m_bDoCheckDelegation;
  171. bool m_bDoGetEffective;
  172. bool m_bDoFixDelegation;
  173. bool m_bTabDelimitedOutput;
  174. bool m_bLogErrors;
  175. };
  176. extern CACLDiagComModule _Module;
  177. VOID LocalFreeStringW(LPWSTR* ppString);
  178. HRESULT GetNameFromSid (PSID pSid, wstring& strPrincipalName, wstring* pstrFQDN, SID_NAME_USE& sne);
  179. int MyWprintf( const wchar_t *format, ... );
  180. #endif __ACLDIAG_ADUTILS_H