|
|
//+---------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1999.
//
// File: ADUtils.h
//
// Contents: Classes CWString, CACLDiagComModule, ACE_SAMNAME, helper methods
//
//
//----------------------------------------------------------------------------
#ifndef __ACLDIAG_ADUTILS_H
#define __ACLDIAG_ADUTILS_H
#include "stdafx.h"
#include "ADSIObj.h"
///////////////////////////////////////////////////////////////////////
// wstring helper methods
HRESULT wstringFromGUID (wstring& str, REFGUID guid); bool LoadFromResource(wstring& str, UINT uID); bool FormatMessage(wstring& str, UINT nFormatID, ...); bool FormatMessage(wstring& str, LPCTSTR lpszFormat, ...);
#include <util.h>
void StripQuotes (wstring& str); wstring GetSystemMessage (DWORD dwErr); HRESULT SetSecurityInfoMask(LPUNKNOWN punk, SECURITY_INFORMATION si); HANDLE EnablePrivileges(PDWORD pdwPrivileges, ULONG cPrivileges); void ReleasePrivileges(HANDLE hToken);
static const GUID NULLGUID = { 0x00000000, 0x0000, 0x0000, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } };
#define IsObjectAceType(Ace) ( \
(((PACE_HEADER)(Ace))->AceType >= ACCESS_MIN_MS_OBJECT_ACE_TYPE) && \ (((PACE_HEADER)(Ace))->AceType <= ACCESS_MAX_MS_OBJECT_ACE_TYPE) \ )
#define THROW(e) throw e
#define ACLDIAG_CONFIG_NAMING_CONTEXT L"configurationNamingContext"
#define ACLDIAG_ROOTDSE L"RootDSE"
class PSID_FQDN { public: PSID_FQDN (PSID psid, const wstring& strFQDN, const wstring& strDownLevelName, SID_NAME_USE sne) : m_PSID (psid), m_strFQDN (strFQDN), m_strDownLevelName (strDownLevelName), m_sne (sne) { } PSID m_PSID; wstring m_strFQDN; wstring m_strDownLevelName; SID_NAME_USE m_sne; };
///////////////////////////////////////////////////////////////////////////////
// Important note: m_pAllowedAce is used to refer to the Header and Mask fields.
// This allows most operations because the fields are always in the same place for
// all the structs below. For anything else, one of the other members of the
// union must be used, depending on the m_AceType.
class ACE_SAMNAME { public: ACE_SAMNAME () : m_AceType (0), m_pAllowedAce (0) { }
void DebugOut () const; bool IsInherited () const; BOOL operator==(const ACE_SAMNAME& rAceSAMName) const; BOOL IsEquivalent (ACE_SAMNAME& rAceSAMName, ACCESS_MASK accessMask); BYTE m_AceType; union { PACCESS_ALLOWED_ACE m_pAllowedAce; PACCESS_ALLOWED_OBJECT_ACE m_pAllowedObjectAce; PACCESS_DENIED_ACE m_pDeniedAce; PACCESS_DENIED_OBJECT_ACE m_pDeniedObjectAce; PSYSTEM_AUDIT_ACE m_pSystemAuditAce; PSYSTEM_AUDIT_OBJECT_ACE m_pSystemAuditObjectAce; }; wstring m_SAMAccountName; wstring m_strObjectGUID; wstring m_strInheritedObjectGUID; };
typedef list<ACE_SAMNAME*> ACE_SAMNAME_LIST;
typedef list<PSID_FQDN*> PSID_FQDN_LIST;
class SAMNAME_SD { public: SAMNAME_SD (const wstring& upn, PSECURITY_DESCRIPTOR pSecurityDescriptor) { m_upn = upn; m_pSecurityDescriptor = pSecurityDescriptor; } virtual ~SAMNAME_SD () { if ( m_pSecurityDescriptor ) ::LocalFree (m_pSecurityDescriptor); } wstring m_upn; PSECURITY_DESCRIPTOR m_pSecurityDescriptor; ACE_SAMNAME_LIST m_DACLList; ACE_SAMNAME_LIST m_SACLList; };
typedef enum { GUID_TYPE_UNKNOWN = -1, GUID_TYPE_CLASS = 0, GUID_TYPE_ATTRIBUTE, GUID_TYPE_CONTROL } GUID_TYPE;
class CACLDiagComModule : public CComModule { public: CACLDiagComModule();
virtual ~CACLDiagComModule ();
HRESULT Init ();
void SetObjectDN (const wstring& objectDN) { // strip quotes, if present
m_strObjectDN = objectDN; StripQuotes (m_strObjectDN); }
wstring GetObjectDN () const { return m_strObjectDN;}
bool DoSchema () const { return m_bDoSchema;} void SetDoSchema () { m_bDoSchema = true;}
bool CheckDelegation () const { return m_bDoCheckDelegation;} void SetCheckDelegation () { m_bDoCheckDelegation = true;} void TurnOffFixDelegation() { m_bDoFixDelegation = false;} bool FixDelegation () const { return m_bDoFixDelegation;} void SetFixDelegation () { m_bDoFixDelegation = true;}
bool DoGetEffective () const { return m_bDoGetEffective;} void SetDoGetEffective (const wstring& strUserGroupDN) { // strip quotes, if present
m_strUserGroupDN = strUserGroupDN; StripQuotes (m_strUserGroupDN); m_bDoGetEffective = true; } wstring GetEffectiveRightsPrincipal() const { return m_strUserGroupDN;}
void SetTabDelimitedOutput () { m_bTabDelimitedOutput = true;} bool DoTabDelimitedOutput () const { return m_bTabDelimitedOutput;}
void SetSkipDescription () { m_bSkipDescription = true;} bool SkipDescription () const { return m_bSkipDescription;}
HRESULT GetClassFromGUID (REFGUID rGuid, wstring& strClassName, GUID_TYPE* pGuidType = 0);
static HRESULT IsUserAdministrator (BOOL & bIsAdministrator); static bool IsWindowsNT();
void SetDoLog(const wstring &strPath) { m_bLogErrors = true; m_strLogPath = strPath; } bool DoLog () const { return m_bLogErrors;} wstring GetLogPath () const { return m_strLogPath;};
public: // SD of m_strObjectDN
PSECURITY_DESCRIPTOR m_pSecurityDescriptor; PSID_FQDN_LIST m_PSIDList; // SIDs of interest: the owner, the SACL, the DACL
// DACL and SACL of m_strObjectDN
ACE_SAMNAME_LIST m_DACLList; ACE_SAMNAME_LIST m_SACLList;
// SDs and DACLs for all the parents of m_strObjectDN
list<SAMNAME_SD*> m_listOfParentSDs;
// List of all known classes and properties, with their GUIDs
CGrowableArr<CSchemaClassInfo> m_classInfoArray; CGrowableArr<CSchemaClassInfo> m_attrInfoArray;
CACLAdsiObject m_adsiObject;
private: bool m_bSkipDescription; wstring m_strLogPath; HANDLE m_hPrivToken; wstring m_strObjectDN; wstring m_strUserGroupDN; bool m_bDoSchema; bool m_bDoCheckDelegation; bool m_bDoGetEffective; bool m_bDoFixDelegation; bool m_bTabDelimitedOutput; bool m_bLogErrors; };
extern CACLDiagComModule _Module;
VOID LocalFreeStringW(LPWSTR* ppString); HRESULT GetNameFromSid (PSID pSid, wstring& strPrincipalName, wstring* pstrFQDN, SID_NAME_USE& sne);
int MyWprintf( const wchar_t *format, ... );
#endif __ACLDIAG_ADUTILS_H
|