Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

133 lines
3.3 KiB

  1. //+--------------------------------------------------------------------------
  2. // File: officer.h
  3. // Contents: officer rights classes
  4. //---------------------------------------------------------------------------
  5. #include "sid.h"
  6. #include "tptrlist.h"
  7. namespace CertSrv
  8. {
  9. class CClientPermission
  10. {
  11. public:
  12. CClientPermission(BOOL fAllow, PSID pSid);
  13. ~CClientPermission() {}
  14. static BOOL IsInitialized(CClientPermission* pObj)
  15. {
  16. return NULL != pObj &&
  17. NULL != ((PSID)pObj->m_Sid);
  18. }
  19. void SetPermission(BOOL fAllow) { m_fAllow = fAllow;}
  20. BOOL GetPermission() { return m_fAllow; }
  21. LPCWSTR GetName() { return m_Sid.GetName(); }
  22. PSID GetSid() { return m_Sid.GetSid(); }
  23. friend class COfficerRights;
  24. BOOL operator==(const CClientPermission& rhs)
  25. {
  26. return EqualSid(GetSid(),
  27. (const_cast<CClientPermission&>(rhs)).GetSid());
  28. }
  29. protected:
  30. BOOL m_fAllow;
  31. CSid m_Sid;
  32. };
  33. class COfficerRights
  34. {
  35. public:
  36. COfficerRights() : m_pSid(NULL), m_List() {}
  37. ~COfficerRights() { delete m_pSid; }
  38. HRESULT Init(PACCESS_ALLOWED_CALLBACK_ACE pAce);
  39. HRESULT Add(PSID pSID, BOOL fAllow);
  40. HRESULT RemoveAt(DWORD dwIndex)
  41. {
  42. return m_List.RemoveAt(dwIndex)?S_OK:E_INVALIDARG;
  43. }
  44. HRESULT SetAt(DWORD dwIndex, BOOL fAllow)
  45. {
  46. CClientPermission *pClient = m_List.GetAt(dwIndex);
  47. if(!pClient)
  48. return E_INVALIDARG;
  49. pClient->SetPermission(fAllow);
  50. return S_OK;
  51. }
  52. CClientPermission* GetAt(DWORD dwIndex)
  53. {
  54. return m_List.GetAt(dwIndex);
  55. }
  56. DWORD Find(PSID pSid);
  57. DWORD GetCount() { return m_List.GetCount(); }
  58. LPCWSTR GetName() { return m_pSid->GetName(); };
  59. PSID GetSid() { return m_pSid->GetSid(); }
  60. friend class COfficerRightsList;
  61. protected:
  62. DWORD GetAceSize(BOOL fAllow);
  63. HRESULT AddAce(PACL pAcl, BOOL fAllow);
  64. HRESULT AddSidList(PACCESS_ALLOWED_CALLBACK_ACE pAce);
  65. void Cleanup()
  66. {
  67. if (m_pSid)
  68. {
  69. delete m_pSid;
  70. m_pSid=NULL;
  71. }
  72. m_List.Cleanup();
  73. }
  74. // following bools are used to decide if this COfficerRights has to
  75. // be represented as one or two aces (allow/deny) in the ACL
  76. CSid* m_pSid; // use pointer instead of member object because
  77. // we don't know the sid at construct time
  78. TPtrList<CClientPermission> m_List;
  79. };
  80. class COfficerRightsList
  81. {
  82. public:
  83. COfficerRightsList() : m_List(NULL), m_dwCountList(0) {}
  84. ~COfficerRightsList();
  85. HRESULT Load(PSECURITY_DESCRIPTOR pSD);
  86. HRESULT Save(PSECURITY_DESCRIPTOR &rpSD);
  87. COfficerRights* GetAt(DWORD dwIndex)
  88. {
  89. if(dwIndex>=m_dwCountList)
  90. return NULL;
  91. return m_List[dwIndex];
  92. }
  93. DWORD GetCount() { return m_dwCountList;}
  94. void Dump();
  95. void Cleanup()
  96. {
  97. if (m_List != NULL)
  98. {
  99. for(DWORD dwCount=0;dwCount<m_dwCountList;dwCount++)
  100. {
  101. if (m_List[dwCount] != NULL)
  102. delete m_List[dwCount];
  103. }
  104. LocalFree(m_List);
  105. m_List = NULL;
  106. }
  107. m_dwCountList = 0;
  108. }
  109. protected:
  110. HRESULT BuildAcl(PACL &rpAcl);
  111. COfficerRights **m_List;
  112. DWORD m_dwCountList;
  113. };
  114. }; // namespace CertSrv