Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

165 lines
4.1 KiB

  1. /*++
  2. Copyright (c) 2000 Microsoft Corporation
  3. Module Name:
  4. mailrmp.h
  5. Abstract:
  6. Private header file for the resource manager
  7. Author:
  8. t-eugenz - August 2000
  9. Environment:
  10. User mode only.
  11. Revision History:
  12. Created - August 2000
  13. --*/
  14. #pragma once
  15. #include "pch.h"
  16. //
  17. // Statically initialize the SIDs used
  18. // We only need our own identifier authority (so as not to collide with
  19. // NT's accounts if we eventually allow the use of NT domain SIDs) and
  20. // a single relative ID (the last number) identifying the user/group,
  21. // since we are not using multiple domains. Mail domains could be added
  22. // by adding a domain GUID to the user's SIDs before the user's RID.
  23. //
  24. #define MAILRM_IDENTIFIER_AUTHORITY { 0, 0, 0, 0, 0, 42 }
  25. SID sInsecureSid = { SID_REVISION, 1, MAILRM_IDENTIFIER_AUTHORITY, 1 };
  26. SID sBobSid = { SID_REVISION, 1, MAILRM_IDENTIFIER_AUTHORITY, 2 };
  27. SID sMarthaSid= { SID_REVISION, 1, MAILRM_IDENTIFIER_AUTHORITY, 3 };
  28. SID sJoeSid = { SID_REVISION, 1, MAILRM_IDENTIFIER_AUTHORITY, 4 };
  29. SID sJaneSid = { SID_REVISION, 1, MAILRM_IDENTIFIER_AUTHORITY, 5 };
  30. SID sMailAdminsSid = { SID_REVISION, 1, MAILRM_IDENTIFIER_AUTHORITY, 6 };
  31. PSID InsecureSid = &sInsecureSid;
  32. PSID BobSid = &sBobSid;
  33. PSID MarthaSid= &sMarthaSid;
  34. PSID JoeSid = &sJoeSid;
  35. PSID JaneSid = &sJaneSid;
  36. PSID MailAdminsSid = &sMailAdminsSid;
  37. //
  38. // Principal self SID. When used in an ACE, the Authz access check replaces it
  39. // by the passed in PrincipalSelfSid parameter during the access check. In this
  40. // case, it is replaced by the owner's SID retrieved from the mailbox.
  41. //
  42. SID sPrincipalSelfSid = {
  43. SID_REVISION,
  44. 1,
  45. SECURITY_NT_AUTHORITY,
  46. SECURITY_PRINCIPAL_SELF_RID
  47. };
  48. PSID PrincipalSelfSid = &sPrincipalSelfSid;
  49. //
  50. // A callback ACE can contain additional policy data after the regular ACE
  51. // fields. This structure is appended to the end of every callback ACE used
  52. // by the mail resource manager, enabling the access check algorithm to make
  53. // policy-based access decisions, instead of the solely identity-based decisions
  54. // used in standard ACE types. If the SID in a callback ACE matches the SID
  55. // in the user's AuthZ context, verification is done whether this policy applies
  56. // (verification done by the AccessCheck callback function in the MailRM class)
  57. // Therefore, an ACE applies if and only if the ACE SID matches a SID in the
  58. // user's context AND the policy below applies
  59. //
  60. typedef struct
  61. {
  62. //
  63. // Whether this ACE should apply to sensitive mailboxes
  64. // set to MAILRM_SENSITIVE if it shoult apply, 0 if not
  65. //
  66. BYTE bIsSensitive;
  67. //
  68. // Whether the Sensitive and Time conditions should be treated
  69. // with a logical AND or OR. If AND, both conditions have to be satisfied
  70. // for the ACE to apply. If OR, one or both conditions satisfied will
  71. // result in the ACE being applied
  72. //
  73. BYTE bLogicType;
  74. //
  75. // Start hour of time range to use (in the 24-hour format) to decide
  76. // whether the ACE should apply. Valid values are from 0 to 23. The
  77. // actual time must be within the defined time range for the time condition
  78. // to apply. In other words, bStartHour <= CurrentHour < EndHour
  79. //
  80. BYTE bStartHour;
  81. //
  82. // End hour of the time range
  83. //
  84. BYTE bEndHour;
  85. } MAILRM_OPTIONAL_DATA, *PMAILRM_OPTIONAL_DATA;
  86. //
  87. // Flags used in the optional data structure for the callback ACEs
  88. //
  89. //
  90. // If the sensitive field in the optional data is set with this, and the
  91. // mailbox contains sensitive data, this condition applies
  92. //
  93. #define MAILRM_SENSITIVE 1
  94. //
  95. // Type of boolean logic to use on the time and sensitive conditions
  96. // time applies AND sensitive applies
  97. // time applies OR sensitive applies
  98. //
  99. #define MAILRM_USE_AND 0
  100. #define MAILRM_USE_OR 1
  101. //
  102. // Default starting time for the callback ACEs: 11pm
  103. //
  104. #define MAILRM_DEFAULT_START_TIME 23
  105. //
  106. // Default end time for the callback ACEs: 5am
  107. //
  108. #define MAILRM_DEFAULT_END_TIME 5
  109. //
  110. // Macro to determine whether a time falls within a given time range
  111. //
  112. #define WITHIN_TIMERANGE(HOUR, START_HOUR, END_HOUR) \
  113. ( ( (START_HOUR) > (END_HOUR) ) ^ \
  114. ( (HOUR) >= min((START_HOUR), (END_HOUR)) && \
  115. (HOUR) < max((START_HOUR), (END_HOUR))))