Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

998 lines
34 KiB

  1. //+-------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1993 - 1995.
  5. //
  6. // File: access.hxx
  7. //
  8. // Contents: common internal includes for access control API
  9. //
  10. // History: 8-94 Created DaveMont
  11. //
  12. //--------------------------------------------------------------------
  13. #ifndef __ACCESS_HXX__
  14. #define __ACCESS_HXX__
  15. extern "C"
  16. {
  17. #include <winldap.h>
  18. }
  19. #define NO_ACL_UPGRADE
  20. #define PSD_BASE_LENGTH 1024
  21. //
  22. // BUGBUG - Get these names from the DS or at least internationalize them
  23. //
  24. #define ACTRL_DS_USER "User"
  25. #define ACTRL_DS_GROUP "Group"
  26. #define ACTRL_DS_DOMAIN "Domain"
  27. #define ACTRL_DS_COMPUTER "Computer"
  28. //
  29. // This structure is used to keep track of all the changes for an
  30. // item.
  31. //
  32. typedef struct _ACTRL_SD_LIST
  33. {
  34. PWSTR pwszProperty;
  35. PSECURITY_DESCRIPTOR pSD;
  36. } ACTRL_SD_LIST, *PACTRL_SD_LIST;
  37. //
  38. // This structure is used to read the specified information from the list
  39. // of properties on the object
  40. //
  41. typedef struct _ACTRL_RIGHTS_INFO
  42. {
  43. PWSTR pwszProperty;
  44. SECURITY_INFORMATION SeInfo;
  45. } ACTRL_RIGHTS_INFO, *PACTRL_RIGHTS_INFO;
  46. //
  47. // IsContainer enumerated type, used by aclbuild.hxx (exposed here for cairole\stg)
  48. //
  49. typedef enum _IS_CONTAINER
  50. {
  51. ACCESS_TO_UNKNOWN = 0,
  52. ACCESS_TO_OBJECT,
  53. ACCESS_TO_CONTAINER
  54. } IS_CONTAINER, *PIS_CONTAINER;
  55. typedef struct _ACCESS_DS_ACCESS_INFO
  56. {
  57. ULONG cItems;
  58. ULONG iBase;
  59. } ACCESS_DS_ACCESS_INFO, *PACCESS_DS_ACCESS_INFO;
  60. //
  61. // This structure holds information on directories/registry
  62. // keys where were not propagated due to the invoker not having
  63. // list child rights
  64. //
  65. typedef struct _ACCESS_PROP_LOG_ENTRY
  66. {
  67. ULONG Protected;
  68. ULONG Error;
  69. PWSTR pwszPath;
  70. } ACCESS_PROP_LOG_ENTRY, *PACCESS_PROP_LOG_ENTRY;
  71. //
  72. // Forward reference
  73. //
  74. class CAccessList;
  75. //
  76. // These are the prototypes of the exported functions we need from
  77. // netapi32.dll and samlib.dll and winspool.drv
  78. //
  79. typedef NTSTATUS (*PSAM_CLOSE_HANDLE)( SAM_HANDLE SamHandle );
  80. typedef NTSTATUS (*PSAM_OPEN_DOMAIN)( SAM_HANDLE ServerHandle,
  81. ACCESS_MASK DesiredAccess,
  82. PSID DomainId,
  83. PSAM_HANDLE DomainHandle );
  84. typedef NTSTATUS (*PSAM_CONNECT)( PUNICODE_STRING ServerName,
  85. PSAM_HANDLE ServerHandle,
  86. ACCESS_MASK DesiredAccess,
  87. POBJECT_ATTRIBUTES ObjectAttributes );
  88. typedef NTSTATUS (*PSAM_GET_MEMBERS_IN_GROUP)( SAM_HANDLE GroupHandle,
  89. PULONG * MemberIds,
  90. PULONG * Attributes,
  91. PULONG MemberCount );
  92. typedef NTSTATUS (*PSAM_OPEN_GROUP)( SAM_HANDLE DomainHandle,
  93. ACCESS_MASK DesiredAccess,
  94. ULONG GroupId,
  95. PSAM_HANDLE GroupHandle );
  96. typedef NTSTATUS (*PSAM_GET_MEMBERS_IN_ALIAS)( SAM_HANDLE AliasHandle,
  97. PSID ** MemberIds,
  98. PULONG MemberCount );
  99. typedef NTSTATUS (*PSAM_OPEN_ALIAS)( SAM_HANDLE DomainHandle,
  100. ACCESS_MASK DesiredAccess,
  101. ULONG AliasId,
  102. PSAM_HANDLE AliasHandle );
  103. typedef NET_API_STATUS (NET_API_FUNCTION *PNET_API_BUFFER_FREE)(LPVOID Buffer);
  104. typedef NET_API_STATUS (NET_API_FUNCTION *PNET_SHARE_GET_INFO)(
  105. LPTSTR servername,
  106. LPTSTR netname,
  107. DWORD level,
  108. LPBYTE *bufptr );
  109. typedef NET_API_STATUS (NET_API_FUNCTION *PNET_SHARE_SET_INFO)(
  110. LPTSTR servername,
  111. LPTSTR netname,
  112. DWORD level,
  113. LPBYTE buf,
  114. LPDWORD parm_err );
  115. typedef NET_API_STATUS (NET_API_FUNCTION *PNET_DFS_GET_INFO)(
  116. LPWSTR DfsEntryPath,
  117. LPWSTR ServerName,
  118. LPWSTR ShareName,
  119. DWORD Level,
  120. LPBYTE* Buffer);
  121. typedef NET_API_STATUS (NET_API_FUNCTION *PINET_GET_DC_LIST)(
  122. LPTSTR ServerName OPTIONAL,
  123. LPTSTR TrustedDomainName,
  124. PULONG DCCount,
  125. PUNICODE_STRING * DCNames );
  126. typedef BOOL (WINAPI *POPEN_PRINTER)(
  127. LPWSTR pPrinterName,
  128. LPHANDLE phPrinter,
  129. LPPRINTER_DEFAULTSW pDefault );
  130. typedef BOOL (WINAPI *PCLOSE_PRINTER)(
  131. HANDLE hPrinter );
  132. typedef BOOL (WINAPI *PSET_PRINTER)(
  133. HANDLE hPrinter,
  134. DWORD Level,
  135. LPBYTE pPrinter,
  136. DWORD Command );
  137. typedef BOOL (WINAPI *PGET_PRINTER)(
  138. HANDLE hPrinter,
  139. DWORD Level,
  140. LPBYTE pPrinter,
  141. DWORD cbBuf,
  142. LPDWORD pcbNeeded );
  143. //
  144. // Define a table of exported functions from netapi32.dll and samlib.dll that
  145. // are needed by accctrl. We explicitly load these dynamic libraries when
  146. // we need them.
  147. //
  148. #define LOADED_ALL_FUNCS 0x01
  149. typedef struct _DLLFuncsTable
  150. {
  151. DWORD dwFlags;
  152. PSAM_CLOSE_HANDLE PSamCloseHandle;
  153. PSAM_OPEN_DOMAIN PSamOpenDomain;
  154. PSAM_CONNECT PSamConnect;
  155. PSAM_GET_MEMBERS_IN_GROUP PSamGetMembersInGroup;
  156. PSAM_OPEN_GROUP PSamOpenGroup;
  157. PSAM_GET_MEMBERS_IN_ALIAS PSamGetMembersInAlias;
  158. PSAM_OPEN_ALIAS PSamOpenAlias;
  159. PNET_API_BUFFER_FREE PNetApiBufferFree;
  160. PNET_SHARE_GET_INFO PNetShareGetInfo;
  161. PNET_SHARE_SET_INFO PNetShareSetInfo;
  162. PNET_DFS_GET_INFO PNetDfsGetInfo;
  163. PINET_GET_DC_LIST PI_NetGetDCList;
  164. POPEN_PRINTER POpenPrinter;
  165. PCLOSE_PRINTER PClosePrinter;
  166. PSET_PRINTER PSetPrinter;
  167. PGET_PRINTER PGetPrinter;
  168. } DLLFuncsTable;
  169. extern DLLFuncsTable DLLFuncs;
  170. //
  171. // Security open type (used to help determine permissions to use on open)
  172. //
  173. typedef enum _SECURITY_OPEN_TYPE
  174. {
  175. READ_ACCESS_RIGHTS = 0,
  176. WRITE_ACCESS_RIGHTS,
  177. MODIFY_ACCESS_RIGHTS,
  178. NO_ACCESS_RIGHTS,
  179. RESET_ACCESS_RIGHTS
  180. } SECURITY_OPEN_TYPE, *PSECURITY_OPEN_TYPE;
  181. //+---------------------------------------------------------------------------
  182. //
  183. // Function: Add2Ptr
  184. //
  185. // Synopsis: Add an unscaled increment to a ptr regardless of type.
  186. //
  187. // Arguments: [pv] -- Initial ptr.
  188. // [cb] -- Increment
  189. //
  190. // Returns: Incremented ptr.
  191. //
  192. //----------------------------------------------------------------------------
  193. inline
  194. VOID *Add2Ptr(PVOID pv, ULONG cb)
  195. {
  196. return((PBYTE) pv + cb);
  197. }
  198. //+-------------------------------------------------------------------------
  199. //
  200. // memory.cxx
  201. //
  202. // Memory allocation/free prototypes
  203. //
  204. //+-------------------------------------------------------------------------
  205. extern "C"
  206. {
  207. #define AccAlloc(size) LocalAlloc(LMEM_FIXED | LMEM_ZEROINIT, size)
  208. #define AccFree LocalFree
  209. #if 0
  210. #define AccAlloc(size) DebugAlloc(size);
  211. #ifdef AccFree
  212. #undef AccFree
  213. #endif
  214. #define AccFree(pv) DebugFree(pv);
  215. #endif
  216. }
  217. //+-------------------------------------------------------------------------
  218. // aclutil.cxx
  219. //+-------------------------------------------------------------------------
  220. DWORD LoadDLLFuncTable();
  221. ACCESS_MASK
  222. AccessMaskForAccessEntry(IN PACTRL_ACCESS_ENTRY pAE,
  223. IN SE_OBJECT_TYPE ObjType);
  224. DWORD
  225. ConvertStringToSid(IN PWSTR pwszString,
  226. OUT PSID *ppSid);
  227. DWORD GetCurrentToken( OUT HANDLE *pHandle );
  228. //
  229. // REWRITE
  230. //
  231. #if 1
  232. #include "file.h"
  233. #include "service.h"
  234. #include "printer.h"
  235. #include "registry.h"
  236. #include "lmsh.h"
  237. #include "kernel.h"
  238. #include "window.h"
  239. #include "ds.h"
  240. #include "wmiguid.h"
  241. #endif
  242. //+-------------------------------------------------------------------------
  243. // common.cxx
  244. //+-------------------------------------------------------------------------
  245. DWORD
  246. IsContainer(IN HANDLE handle,
  247. IN SE_OBJECT_TYPE SeObjectType,
  248. OUT PIS_CONTAINER IsContainer);
  249. ACCESS_MASK GetDesiredAccess(IN SECURITY_OPEN_TYPE OpenType,
  250. IN SECURITY_INFORMATION SecurityInfo);
  251. DWORD ParseName(IN LPWSTR ObjectName,
  252. OUT LPWSTR *MachineName,
  253. OUT LPWSTR *RemainingName);
  254. DWORD GetSecurityDescriptorParts( IN PISECURITY_DESCRIPTOR pSecurityDescriptor,
  255. IN SECURITY_INFORMATION SecurityInfo,
  256. OUT PSID *psidOwner,
  257. OUT PSID *psidGroup,
  258. OUT PACL *pDacl,
  259. OUT PACL *pSacl,
  260. OUT PSECURITY_DESCRIPTOR *pOutSecurityDescriptor);
  261. DWORD OpenObject( IN LPWSTR ObjectName,
  262. IN SE_OBJECT_TYPE SeObjectType,
  263. IN ACCESS_MASK AccessMask,
  264. OUT PHANDLE handle);
  265. DWORD CloseObject(IN HANDLE handle,
  266. IN SE_OBJECT_TYPE SeObjectType);
  267. DWORD
  268. AccSetSDOnObject(IN PWSTR pwszObject,
  269. IN SE_OBJECT_TYPE ObjType,
  270. IN SECURITY_INFORMATION SeInfo,
  271. IN ULONG cItems,
  272. IN PACTRL_SD_LIST pSDList);
  273. //+-------------------------------------------------------------------------
  274. //
  275. // file.cxx
  276. //
  277. // File function prototypes
  278. //
  279. //+-------------------------------------------------------------------------
  280. DWORD
  281. IsFileContainer(IN HANDLE Handle,
  282. OUT PBOOL pfIsContainer);
  283. DWORD
  284. IsFilePathLocalOrLM(IN LPWSTR pwszFile);
  285. DWORD
  286. OpenFileObject(IN LPWSTR pObjectName,
  287. IN ACCESS_MASK AccessMask,
  288. OUT PHANDLE Handle,
  289. IN BOOL fOpenRoot);
  290. #define CloseFileObject(handle) NtClose(handle);
  291. DWORD
  292. ReadFilePropertyRights(IN LPWSTR pwszFile,
  293. IN PACTRL_RIGHTS_INFO pRightsList,
  294. IN ULONG cRights,
  295. IN CAccessList& AccessList);
  296. DWORD
  297. ReadFileRights(IN HANDLE hObject,
  298. IN PACTRL_RIGHTS_INFO pRightsList,
  299. IN ULONG cRights,
  300. IN CAccessList& AccessList);
  301. DWORD
  302. GetFileParentRights(IN LPWSTR pwszFile,
  303. IN PACTRL_RIGHTS_INFO pRightsList,
  304. IN ULONG cRights,
  305. OUT PACL *ppDAcl,
  306. OUT PACL *ppSAcl,
  307. OUT PSECURITY_DESCRIPTOR *ppSD);
  308. DWORD
  309. SetFilePropertyRights(IN HANDLE hFile,
  310. IN SECURITY_INFORMATION SeInfo,
  311. IN PWSTR pwszProperty,
  312. IN PSECURITY_DESCRIPTOR pSD);
  313. DWORD
  314. SetAndPropagateFilePropertyRights(IN PWSTR pwszFile,
  315. IN PWSTR pwszProperty,
  316. IN CAccessList& RootAccList,
  317. IN PULONG pfStopFlag,
  318. IN PULONG pcProcessed,
  319. IN HANDLE hOpenObject OPTIONAL);
  320. DWORD
  321. SetAndPropagateFilePropertyRightsByHandle(IN HANDLE hObject,
  322. IN PWSTR pwszProperty,
  323. IN CAccessList& RootAccList,
  324. IN PULONG pfStopFlag,
  325. IN PULONG pcProcessed);
  326. DWORD
  327. PropagateFileRightsDeep(IN PSECURITY_DESCRIPTOR pParentSD,
  328. IN PSECURITY_DESCRIPTOR pOldParentSD,
  329. IN SECURITY_INFORMATION SeInfo,
  330. IN PWSTR pwszFile,
  331. IN PWSTR pwszProperty,
  332. IN PULONG pcProcessed,
  333. IN PULONG pfStopFlag,
  334. IN ULONG fProtectedFlag,
  335. IN HANDLE hToken,
  336. IN OUT CSList& LogList);
  337. DWORD
  338. GetLMDfsPaths(IN PWSTR pwszPath,
  339. OUT PULONG pcItems,
  340. OUT PWSTR **pppwszLocalList OPTIONAL );
  341. DWORD
  342. MakeSDSelfRelative(IN PSECURITY_DESCRIPTOR pOldSD,
  343. OUT PSECURITY_DESCRIPTOR *ppNewSD,
  344. OUT PACL *ppDAcl = NULL,
  345. OUT PACL *ppSAcl = NULL,
  346. IN BOOL fFreeOldSD = TRUE,
  347. IN BOOL fRtlAlloc = FALSE);
  348. DWORD
  349. UpdateFileSDByPath(IN PSECURITY_DESCRIPTOR pCurrentSD,
  350. IN PWSTR pwszPath,
  351. IN HANDLE hFile,
  352. IN HANDLE hProcessToken,
  353. IN SECURITY_INFORMATION SeInfo,
  354. IN BOOL fIsContainer,
  355. OUT PSECURITY_DESCRIPTOR *ppNewSD);
  356. //+-------------------------------------------------------------------------
  357. //
  358. // kernel.cxx
  359. //
  360. // Kernel function prototypes
  361. //
  362. //+-------------------------------------------------------------------------
  363. DWORD
  364. OpenKernelObject(IN LPWSTR pwszObject,
  365. IN ACCESS_MASK AccessMask,
  366. OUT PHANDLE pHandle,
  367. OUT PMARTA_KERNEL_TYPE KernelType);
  368. #define CloseKernelObject(handle) NtClose(handle);
  369. DWORD
  370. ReadKernelPropertyRights(IN LPWSTR pwszObject,
  371. IN PACTRL_RIGHTS_INFO pRightsList,
  372. IN ULONG cRights,
  373. IN CAccessList& AccessList);
  374. DWORD
  375. GetKernelParentRights(IN LPWSTR pwszObject,
  376. IN PACTRL_RIGHTS_INFO pRightsList,
  377. IN ULONG cRights,
  378. OUT PACL *ppDAcl,
  379. OUT PACL *ppSAcl,
  380. OUT PSECURITY_DESCRIPTOR *ppSD);
  381. DWORD
  382. SetKernelSecurityInfo(IN HANDLE hKernel,
  383. IN SECURITY_INFORMATION SeInfo,
  384. IN PWSTR pwszProperty,
  385. IN PSECURITY_DESCRIPTOR pSD);
  386. DWORD
  387. GetKernelSecurityInfo(IN HANDLE hObject,
  388. IN PACTRL_RIGHTS_INFO pRightsList,
  389. IN ULONG cRights,
  390. IN CAccessList& AccessList);
  391. DWORD
  392. GetKernelSecurityInfo(IN HANDLE hObject,
  393. IN SECURITY_INFORMATION SeInfo,
  394. OUT PACL *ppDAcl,
  395. OUT PACL *ppSAcl,
  396. OUT PSECURITY_DESCRIPTOR *ppSD);
  397. DWORD
  398. OpenWmiGuidObject(IN LPWSTR pwszObject,
  399. IN ACCESS_MASK AccessMask,
  400. OUT PHANDLE pHandle,
  401. OUT PMARTA_KERNEL_TYPE KernelType);
  402. #define CloseWmiGuidObject(handle) NtClose(handle);
  403. DWORD
  404. ReadWmiGuidPropertyRights(IN LPWSTR pwszObject,
  405. IN PACTRL_RIGHTS_INFO pRightsList,
  406. IN ULONG cRights,
  407. IN CAccessList& AccessList);
  408. DWORD
  409. SetWmiGuidSecurityInfo(IN HANDLE hKernel,
  410. IN SECURITY_INFORMATION SeInfo,
  411. IN PWSTR pwszProperty,
  412. IN PSECURITY_DESCRIPTOR pSD);
  413. DWORD
  414. GetWmiGuidSecurityInfo(IN HANDLE hObject,
  415. IN PACTRL_RIGHTS_INFO pRightsList,
  416. IN ULONG cRights,
  417. IN CAccessList& AccessList);
  418. DWORD
  419. GetWmiGuidSecurityInfo(IN HANDLE hObject,
  420. IN SECURITY_INFORMATION SeInfo,
  421. OUT PACL *ppDAcl,
  422. OUT PACL *ppSAcl,
  423. OUT PSECURITY_DESCRIPTOR *ppSD);
  424. //+-------------------------------------------------------------------------
  425. //
  426. // service.cxx
  427. //
  428. // Service function prototypes
  429. //
  430. //+-------------------------------------------------------------------------
  431. DWORD
  432. OpenServiceObject(IN LPWSTR pwszService,
  433. IN ACCESS_MASK AccessMask,
  434. OUT SC_HANDLE * pHandle);
  435. #define CloseServiceObject(handle) CloseServiceHandle(handle);
  436. DWORD
  437. ReadServicePropertyRights(IN LPWSTR pwszService,
  438. IN PACTRL_RIGHTS_INFO pRightsList,
  439. IN ULONG cRights,
  440. IN CAccessList& AccessList);
  441. DWORD
  442. ReadServiceRights(IN SC_HANDLE hSvc,
  443. IN PACTRL_RIGHTS_INFO pRightsList,
  444. IN ULONG cRights,
  445. IN CAccessList& AccessList);
  446. DWORD
  447. GetServiceParentRights(IN LPWSTR pwszService,
  448. IN PACTRL_RIGHTS_INFO pRightsList,
  449. IN ULONG cRights,
  450. OUT PACL *ppDAcl,
  451. OUT PACL *ppSAcl,
  452. OUT PSECURITY_DESCRIPTOR *ppSD);
  453. DWORD
  454. SetServiceSecurityInfo(IN SC_HANDLE hService,
  455. IN SECURITY_INFORMATION SeInfo,
  456. IN PWSTR pwszProperty,
  457. IN PSECURITY_DESCRIPTOR pSD);
  458. //+-------------------------------------------------------------------------
  459. //
  460. // printer.cxx
  461. //
  462. // Printer function prototypes
  463. //
  464. //+-------------------------------------------------------------------------
  465. DWORD
  466. OpenPrinterObject(IN LPWSTR pwszPrinter,
  467. IN ACCESS_MASK AccessMask,
  468. OUT PHANDLE pHandle);
  469. DWORD
  470. ClosePrinterObject(IN HANDLE hPrinter);
  471. DWORD
  472. ReadPrinterPropertyRights(IN LPWSTR pwszPrinter,
  473. IN PACTRL_RIGHTS_INFO pRightsList,
  474. IN ULONG cRights,
  475. IN CAccessList& AccessList);
  476. DWORD
  477. ReadPrinterRights(IN HANDLE hPrinter,
  478. IN PACTRL_RIGHTS_INFO pRightsList,
  479. IN ULONG cRights,
  480. IN CAccessList& AccessList);
  481. DWORD
  482. GetPrinterParentRights(IN LPWSTR pwszPrinter,
  483. IN PACTRL_RIGHTS_INFO pRightsList,
  484. IN ULONG cRights,
  485. OUT PACL *ppDAcl,
  486. OUT PACL *ppSAcl,
  487. OUT PSECURITY_DESCRIPTOR *ppSD);
  488. DWORD
  489. SetPrinterSecurityInfo(IN HANDLE hPrinter,
  490. IN SECURITY_INFORMATION SeInfo,
  491. IN PWSTR pwszProperty,
  492. IN PSECURITY_DESCRIPTOR pSD);
  493. //+-------------------------------------------------------------------------
  494. //
  495. // registry.cxx
  496. //
  497. // Registry function prototypes
  498. //
  499. //+-------------------------------------------------------------------------
  500. DWORD
  501. OpenRegistryObject(IN LPWSTR pwszRegistry,
  502. IN ACCESS_MASK AccessMask,
  503. OUT PHANDLE pHandle);
  504. DWORD
  505. ReadRegistryPropertyRights(IN LPWSTR pwszRegistry,
  506. IN PACTRL_RIGHTS_INFO pRightsList,
  507. IN ULONG cRights,
  508. IN CAccessList& AccessList);
  509. DWORD
  510. ReadRegistryRights(IN HANDLE hRegistry,
  511. IN PACTRL_RIGHTS_INFO pRightsList,
  512. IN ULONG cRights,
  513. IN CAccessList& AccessList);
  514. DWORD
  515. GetRegistryParentRights(IN LPWSTR pwszRegistry,
  516. IN SECURITY_INFORMATION SeInfo,
  517. OUT PSECURITY_DESCRIPTOR *ppSD);
  518. DWORD
  519. SetRegistrySecurityInfo(IN HANDLE hRegistry,
  520. IN SECURITY_INFORMATION SeInfo,
  521. IN PWSTR pwszProperty,
  522. IN PSECURITY_DESCRIPTOR pSD);
  523. DWORD
  524. ReadRegistrySecurityInfo(IN HANDLE hRegistry,
  525. IN SECURITY_INFORMATION SeInfo,
  526. OUT PSECURITY_DESCRIPTOR *ppSD);
  527. DWORD
  528. SetAndPropagateRegistryPropertyRights(IN PWSTR pwszRegistry,
  529. IN PWSTR pwszProperty,
  530. IN CAccessList& RootAccList,
  531. IN PULONG pfStopFlag,
  532. IN PULONG pcProcessed);
  533. DWORD
  534. SetAndPropagateRegistryPropertyRightsByHandle(IN HKEY hReg,
  535. IN CAccessList& RootAccList,
  536. IN PULONG pfStopFlag,
  537. IN PULONG pcProcessed);
  538. DWORD
  539. SetAndPropRegRights(IN HKEY hReg,
  540. IN PWSTR pwszPath,
  541. IN SECURITY_INFORMATION SeInfo,
  542. IN PSECURITY_DESCRIPTOR pParentSD,
  543. IN PSECURITY_DESCRIPTOR pSD,
  544. IN PULONG pfStopFlag,
  545. IN PULONG pcProcessed);
  546. DWORD
  547. PropagateRegRightsDeep(IN PSECURITY_DESCRIPTOR pParentSD,
  548. IN PSECURITY_DESCRIPTOR pOldParentSD,
  549. IN SECURITY_INFORMATION SeInfo,
  550. IN HKEY hParent,
  551. IN PULONG pcProcessed,
  552. IN PULONG pfStopFlag,
  553. IN ULONG fProtectedFlag,
  554. IN HANDLE hProcessToken,
  555. IN OUT CSList& LogList);
  556. DWORD
  557. UpdateRegistrySD(IN PSECURITY_DESCRIPTOR pCurrentSD,
  558. IN PSECURITY_DESCRIPTOR pParentSD,
  559. IN BOOL fIsContainer,
  560. OUT PSECURITY_DESCRIPTOR *ppNewSD);
  561. DWORD
  562. UpdateRegistrySDByPath(IN PSECURITY_DESCRIPTOR pCurrentSD,
  563. IN HANDLE hRegistry,
  564. IN PWSTR pwszPath,
  565. IN SECURITY_INFORMATION SeInfo,
  566. IN BOOL fIsContainer,
  567. OUT PSECURITY_DESCRIPTOR *ppNewSD);
  568. DWORD
  569. ConvertRegHandleToName(IN HKEY hKey,
  570. OUT PWSTR *ppwszName);
  571. //+-------------------------------------------------------------------------
  572. //
  573. // window.cxx
  574. //
  575. // Window function prototypes
  576. //
  577. //+-------------------------------------------------------------------------
  578. DWORD
  579. ReadWindowPropertyRights(IN HANDLE hWindow,
  580. IN PACTRL_RIGHTS_INFO pRightsList,
  581. IN ULONG cRights,
  582. IN CAccessList& AccessList);
  583. //+-------------------------------------------------------------------------
  584. //
  585. // lmshare.cxx
  586. //
  587. // Network share function prototypes
  588. //
  589. //+-------------------------------------------------------------------------
  590. DWORD
  591. ReadSharePropertyRights(IN LPWSTR pwszShare,
  592. IN PACTRL_RIGHTS_INFO pRightsList,
  593. IN ULONG cRights,
  594. IN CAccessList& AccessList);
  595. DWORD
  596. GetShareParentRights(IN LPWSTR pwszShare,
  597. IN PACTRL_RIGHTS_INFO pRightsList,
  598. IN ULONG cRights,
  599. OUT PACL *ppDAcl,
  600. OUT PACL *ppSAcl,
  601. OUT PSECURITY_DESCRIPTOR *ppSD);
  602. DWORD
  603. SetShareSecurityInfo(IN LPWSTR pwszShare,
  604. IN SECURITY_INFORMATION SeInfo,
  605. IN PWSTR pwszProperty,
  606. IN PSECURITY_DESCRIPTOR pSD);
  607. DWORD
  608. PingLmShare(IN LPCWSTR pwszShare);
  609. //+-------------------------------------------------------------------------
  610. //
  611. // dsobject.cxx
  612. //
  613. // DS Object function prototypes
  614. //
  615. //+-------------------------------------------------------------------------
  616. DWORD
  617. PingDSObj(IN LPCWSTR pwszDSObj);
  618. DWORD BindToDSObject(IN LPWSTR pwszServer, OPTIONAL
  619. IN LPWSTR pwszDSObj,
  620. OUT PLDAP *ppLDAP);
  621. DWORD UnBindFromDSObject(OUT PLDAP *ppLDAP);
  622. DWORD
  623. ReadDSObjPropertyRights(IN LPWSTR pwszDSObj,
  624. IN PACTRL_RIGHTS_INFO pRightsList,
  625. IN ULONG cRights,
  626. IN CAccessList& AccessList);
  627. DWORD
  628. ReadAllDSObjPropertyRights(IN LPWSTR pwszDSObj,
  629. IN PACTRL_RIGHTS_INFO pRightsList,
  630. IN ULONG cRights,
  631. IN CAccessList& AccessList);
  632. DWORD
  633. GetDSObjParentRights(IN LPWSTR pwszDSObj,
  634. IN PACTRL_RIGHTS_INFO pRightsList,
  635. IN ULONG cRights,
  636. OUT PACL *ppDAcl,
  637. OUT PACL *ppSAcl,
  638. OUT PSECURITY_DESCRIPTOR *ppSD);
  639. DWORD
  640. SetDSObjSecurityInfo(IN LPWSTR pwszDSObj,
  641. IN SECURITY_INFORMATION SeInfo,
  642. IN PWSTR pwszProperty,
  643. IN PSECURITY_DESCRIPTOR pSD,
  644. IN ULONG cSDSize,
  645. IN PULONG pfStopFlag,
  646. IN PULONG pcProcessed);
  647. DWORD
  648. ReadDSObjSecDesc(IN PLDAP pLDAP,
  649. IN PWSTR pwszObject,
  650. IN SECURITY_INFORMATION SeInfo,
  651. OUT PSECURITY_DESCRIPTOR *ppSD);
  652. DWORD
  653. Nt4NameToNt5Name(IN PWSTR pwszName,
  654. IN PWSTR pwszDomain,
  655. OUT PWSTR *ppwszNt5Name);
  656. DWORD
  657. PropagateDSRightsDeep(IN PSECURITY_DESCRIPTOR pParentSD,
  658. IN PSECURITY_DESCRIPTOR pChildSD,
  659. IN SECURITY_INFORMATION SeInfo,
  660. IN PWSTR pszDSObject,
  661. IN PLDAP pLDAP,
  662. IN PULONG pcProcessed,
  663. IN PULONG pfStopFlag);
  664. DWORD
  665. StampSD(IN PWSTR pwszObject,
  666. IN ULONG cSDSize,
  667. IN SECURITY_INFORMATION SeInfo,
  668. IN PSECURITY_DESCRIPTOR pSD,
  669. IN PLDAP pLDAP);
  670. DWORD
  671. AccDsReadSchemaInfo (IN PLDAP pLDAP,
  672. OUT PULONG pcClasses,
  673. OUT PWSTR **pppwszClasses,
  674. OUT PULONG pcAttributes,
  675. OUT PWSTR **pppwszAttributes);
  676. DWORD
  677. AccDsReadExtendedRights(IN PLDAP pLDAP,
  678. OUT PULONG pcItems,
  679. OUT PWSTR **pppwszNames,
  680. OUT PWSTR **pppwszGuid);
  681. VOID
  682. AccDsFreeExtendedRights(IN ULONG cItems,
  683. IN PWSTR *ppwszNames,
  684. IN PWSTR *ppwszGuids);
  685. DWORD
  686. DspSplitPath(IN PWSTR pwszObjectPath,
  687. OUT PWSTR *ppwszAllocatedServer,
  688. OUT PWSTR *ppwszReferencePath);
  689. DWORD
  690. DspBindAndCrackEx( IN PWSTR pwszServer,
  691. IN PWSTR pwszDSObj,
  692. IN DWORD OptionalDsGetDcFlags,
  693. IN DS_NAME_FORMAT formatDesired,
  694. OUT PDS_NAME_RESULTW *pResults );
  695. //+-------------------------------------------------------------------------
  696. //
  697. // alsup.cxx
  698. //
  699. // Miscellaneous support functions
  700. //
  701. //+-------------------------------------------------------------------------
  702. DWORD
  703. ConvertToAutoInheritSD(IN PSECURITY_DESCRIPTOR pParentSD,
  704. IN PSECURITY_DESCRIPTOR pCurrentSD,
  705. IN BOOL fIsContainer,
  706. IN PGENERIC_MAPPING pGenericMapping,
  707. OUT PSECURITY_DESCRIPTOR *ppNewSD);
  708. DWORD
  709. MakeSDAbsolute(IN PSECURITY_DESCRIPTOR pOriginalSD,
  710. IN SECURITY_INFORMATION SeInfo,
  711. OUT PSECURITY_DESCRIPTOR *ppNewSD,
  712. IN PSID pOwnerToAdd = NULL,
  713. IN PSID pGroupToAdd = NULL);
  714. BOOL
  715. EqualSecurityDescriptors(IN PSECURITY_DESCRIPTOR pSD1,
  716. IN PSECURITY_DESCRIPTOR pSD2);
  717. DWORD
  718. InsertPropagationFailureEntry(IN CSList& LogList,
  719. IN ULONG ErrorCode,
  720. IN ULONG Protected,
  721. IN PWSTR pwszPath);
  722. VOID
  723. FreePropagationFailureListEntry(IN PVOID Entry);
  724. DWORD
  725. WritePropagationFailureList(IN ULONG EventType,
  726. IN CSList& LogList,
  727. IN HANDLE hToken);
  728. //
  729. // Helper functions and macros
  730. //
  731. #define ACC_ALLOC_AND_COPY_SID(pInSid, pOutSid, err) \
  732. pOutSid = (PSID)AccAlloc(RtlLengthSid(pInSid)); \
  733. if(pOutSid == NULL) \
  734. { \
  735. err = ERROR_NOT_ENOUGH_MEMORY; \
  736. } \
  737. else \
  738. { \
  739. RtlCopySid(RtlLengthSid(pInSid), pOutSid, pInSid); \
  740. }
  741. #define ACC_ALLOC_AND_COPY_GUID(pInGuid, pOutGuid, err) \
  742. pOutGuid = (GUID *)AccAlloc(sizeof(GUID)); \
  743. if(pOutGuid == NULL) \
  744. { \
  745. err = ERROR_NOT_ENOUGH_MEMORY; \
  746. } \
  747. else \
  748. { \
  749. memcpy(pOutGuid, pInGuid, sizeof(GUID)); \
  750. }
  751. #define DACL_PROTECTED(pSD) FLAG_ON(((PISECURITY_DESCRIPTOR)pSD)->Control, SE_DACL_PROTECTED)
  752. #define SACL_PROTECTED(pSD) FLAG_ON(((PISECURITY_DESCRIPTOR)pSD)->Control, SE_SACL_PROTECTED)
  753. #if 0
  754. #define CHECK_HEAP ASSERT(RtlValidateHeap(RtlProcessHeap(),0,NULL));
  755. #else
  756. #define CHECK_HEAP
  757. #endif
  758. //+---------------------------------------------------------------------------
  759. //
  760. // Function: AccGetBufferOfSizeW
  761. //
  762. // Synopsis: This inline function will copy a string into the provided
  763. // buffer if it is big enough or allocate a buffer if it is not.
  764. // Regardless, the pointer will always point to the new copy of
  765. // the string
  766. //
  767. // Arguments: [IN pwszString] -- The string to copy
  768. // [IN pwszStack] -- The stack based buffer
  769. // [OUT ppwszPtr] -- The pointer that gets
  770. // initialized to our stack or
  771. // allocated buffer
  772. //
  773. // Returns: ERROR_SUCCESS -- Success
  774. // ERROR_NOT_ENOUGH_MEMORY -- A memory allocation failed
  775. //
  776. //----------------------------------------------------------------------------
  777. inline
  778. DWORD
  779. AccGetBufferOfSizeW(PWSTR pwszString,
  780. PWSTR pwszStack,
  781. PWSTR *ppwszPtr)
  782. {
  783. DWORD dwErr = ERROR_SUCCESS;
  784. DWORD dwSize = SIZE_PWSTR(pwszString);
  785. if(dwSize <= sizeof(pwszStack))
  786. {
  787. memcpy(pwszStack, pwszString, dwSize);
  788. *ppwszPtr = pwszStack;
  789. }
  790. else
  791. {
  792. *ppwszPtr = (PWSTR)AccAlloc(dwSize);
  793. if(*ppwszPtr == NULL)
  794. {
  795. dwErr = ERROR_NOT_ENOUGH_MEMORY;
  796. }
  797. else
  798. {
  799. memcpy(*ppwszPtr, pwszString, dwSize);
  800. }
  801. }
  802. return(dwErr);
  803. }
  804. //
  805. // This macro will free any memory allocated by AccGetBufferOfSizeW
  806. //
  807. #define AccFreeBufferOfSizeW(stack, ptr) \
  808. if(ptr != stack) \
  809. { \
  810. AccFree(ptr); \
  811. }
  812. //
  813. // This macro determines if a string is a UNC path or not
  814. //
  815. #define IS_UNC_PATH(wsz, wl) \
  816. ((wl) > 2 && (wsz)[0] == L'\\' && (wsz)[1] == L'\\')
  817. #define IS_FILE_PATH(wsz, wl) \
  818. ((wl) >= 1 && (wsz)[1] == L':')
  819. #endif // __ACCESSHXX__