Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

777 lines
26 KiB

  1. //+-------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1993-1998.
  5. //
  6. // File: accctrl.h
  7. //
  8. // Contents: common includes for new style Win32 Access Control
  9. // APIs
  10. //
  11. //
  12. //--------------------------------------------------------------------
  13. #ifndef __ACCESS_CONTROL__
  14. #define __ACCESS_CONTROL__
  15. #ifndef __midl
  16. #include <wtypes.h>
  17. #endif
  18. #ifdef __cplusplus
  19. extern "C" {
  20. #endif
  21. #define AccFree LocalFree
  22. //
  23. // Definition:
  24. // This enumerated type defines the objects supported by the get/set API within
  25. // this document. See section 3.1, Object Types for a detailed definition of the
  26. // supported object types, and their name formats.
  27. //
  28. typedef enum _SE_OBJECT_TYPE
  29. {
  30. SE_UNKNOWN_OBJECT_TYPE = 0,
  31. SE_FILE_OBJECT,
  32. SE_SERVICE,
  33. SE_PRINTER,
  34. SE_REGISTRY_KEY,
  35. SE_LMSHARE,
  36. SE_KERNEL_OBJECT,
  37. SE_WINDOW_OBJECT,
  38. SE_DS_OBJECT,
  39. SE_DS_OBJECT_ALL,
  40. SE_PROVIDER_DEFINED_OBJECT,
  41. SE_WMIGUID_OBJECT,
  42. SE_REGISTRY_WOW64_32KEY
  43. } SE_OBJECT_TYPE;
  44. //
  45. // Definition: TRUSTEE_TYPE
  46. // This enumerated type specifies the type of trustee account for the trustee
  47. // returned by the API described in this document.
  48. // TRUSTEE_IS_UNKNOWN - The trustee is an unknown, but not necessarily invalid
  49. // type. This field is not validated on input to the APIs
  50. // that take Trustees.
  51. // TRUSTEE_IS_USER The trustee account is a user account.
  52. // TRUSTEE_IS_GROUP The trustee account is a group account.
  53. //
  54. typedef enum _TRUSTEE_TYPE
  55. {
  56. TRUSTEE_IS_UNKNOWN,
  57. TRUSTEE_IS_USER,
  58. TRUSTEE_IS_GROUP,
  59. TRUSTEE_IS_DOMAIN,
  60. TRUSTEE_IS_ALIAS,
  61. TRUSTEE_IS_WELL_KNOWN_GROUP,
  62. TRUSTEE_IS_DELETED,
  63. TRUSTEE_IS_INVALID,
  64. TRUSTEE_IS_COMPUTER
  65. } TRUSTEE_TYPE;
  66. //
  67. // Definition: TRUSTEE_FORM
  68. // This enumerated type specifies the form the trustee identifier is in for a
  69. // particular trustee.
  70. // TRUSTEE_IS_SID The trustee is identified with a SID rather than with a name.
  71. // TRUSTEE_IS_NAME The trustee is identified with a name.
  72. //
  73. typedef enum _TRUSTEE_FORM
  74. {
  75. TRUSTEE_IS_SID,
  76. TRUSTEE_IS_NAME,
  77. TRUSTEE_BAD_FORM,
  78. TRUSTEE_IS_OBJECTS_AND_SID,
  79. TRUSTEE_IS_OBJECTS_AND_NAME
  80. } TRUSTEE_FORM;
  81. //
  82. // Definition: MULTIPLE_TRUSTEE_OPERATION
  83. // If the trustee is a multiple trustee, this enumerated type specifies the type.
  84. // TRUSTEE_IS_IMPERSONATE The trustee is an impersonate trustee and the multiple
  85. // trustee field in the trustee points to another trustee
  86. // that is a trustee for the server that will be doing the
  87. // impersonation.
  88. //
  89. typedef enum _MULTIPLE_TRUSTEE_OPERATION
  90. {
  91. NO_MULTIPLE_TRUSTEE,
  92. TRUSTEE_IS_IMPERSONATE,
  93. } MULTIPLE_TRUSTEE_OPERATION;
  94. typedef struct _OBJECTS_AND_SID
  95. {
  96. DWORD ObjectsPresent;
  97. GUID ObjectTypeGuid;
  98. GUID InheritedObjectTypeGuid;
  99. SID * pSid;
  100. } OBJECTS_AND_SID, *POBJECTS_AND_SID;
  101. typedef struct _OBJECTS_AND_NAME_A
  102. {
  103. DWORD ObjectsPresent;
  104. SE_OBJECT_TYPE ObjectType;
  105. LPSTR ObjectTypeName;
  106. LPSTR InheritedObjectTypeName;
  107. LPSTR ptstrName;
  108. } OBJECTS_AND_NAME_A, *POBJECTS_AND_NAME_A;
  109. typedef struct _OBJECTS_AND_NAME_W
  110. {
  111. DWORD ObjectsPresent;
  112. SE_OBJECT_TYPE ObjectType;
  113. LPWSTR ObjectTypeName;
  114. LPWSTR InheritedObjectTypeName;
  115. LPWSTR ptstrName;
  116. } OBJECTS_AND_NAME_W, *POBJECTS_AND_NAME_W;
  117. #ifdef UNICODE
  118. typedef OBJECTS_AND_NAME_W OBJECTS_AND_NAME_;
  119. typedef POBJECTS_AND_NAME_W POBJECTS_AND_NAME_;
  120. #else
  121. typedef OBJECTS_AND_NAME_A OBJECTS_AND_NAME_;
  122. typedef POBJECTS_AND_NAME_A POBJECTS_AND_NAME_;
  123. #endif // UNICODE
  124. //
  125. // Definition: TRUSTEE
  126. // This structure is used to pass account information into and out of the system
  127. // using the API defined in this document.
  128. // PMultipleTrustee - if NON-NULL, points to another trustee structure, as
  129. // defined by the multiple trustee operation field.
  130. // MultipleTrusteeOperation - Defines the multiple trustee operation/type.
  131. // TrusteeForm - defines if the trustee is defined by name or SID.
  132. // TrusteeType - defines if the trustee type is unknown, a user or a group.
  133. // PwcsName - points to the trustee name or the trustee SID.
  134. //
  135. typedef struct _TRUSTEE_A
  136. {
  137. struct _TRUSTEE_A *pMultipleTrustee;
  138. MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation;
  139. TRUSTEE_FORM TrusteeForm;
  140. TRUSTEE_TYPE TrusteeType;
  141. #ifdef __midl
  142. [switch_is(TrusteeForm)]
  143. union
  144. {
  145. [case(TRUSTEE_IS_NAME)]
  146. LPSTR ptstrName;
  147. [case(TRUSTEE_IS_SID)]
  148. SID *pSid;
  149. [case(TRUSTEE_IS_OBJECTS_AND_SID)]
  150. OBJECTS_AND_SID *pObjectsAndSid;
  151. [case(TRUSTEE_IS_OBJECTS_AND_NAME)]
  152. OBJECTS_AND_NAME_A *pObjectsAndName;
  153. };
  154. #else
  155. LPSTR ptstrName;
  156. #endif
  157. } TRUSTEE_A, *PTRUSTEE_A, TRUSTEEA, *PTRUSTEEA;
  158. typedef struct _TRUSTEE_W
  159. {
  160. struct _TRUSTEE_W *pMultipleTrustee;
  161. MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation;
  162. TRUSTEE_FORM TrusteeForm;
  163. TRUSTEE_TYPE TrusteeType;
  164. #ifdef __midl
  165. [switch_is(TrusteeForm)]
  166. union
  167. {
  168. [case(TRUSTEE_IS_NAME)]
  169. LPWSTR ptstrName;
  170. [case(TRUSTEE_IS_SID)]
  171. SID *pSid;
  172. [case(TRUSTEE_IS_OBJECTS_AND_SID)]
  173. OBJECTS_AND_SID *pObjectsAndSid;
  174. [case(TRUSTEE_IS_OBJECTS_AND_NAME)]
  175. OBJECTS_AND_NAME_W *pObjectsAndName;
  176. };
  177. #else
  178. LPWSTR ptstrName;
  179. #endif
  180. } TRUSTEE_W, *PTRUSTEE_W, TRUSTEEW, *PTRUSTEEW;
  181. #ifdef UNICODE
  182. typedef TRUSTEE_W TRUSTEE_;
  183. typedef PTRUSTEE_W PTRUSTEE_;
  184. typedef TRUSTEEW TRUSTEE;
  185. typedef PTRUSTEEW PTRUSTEE;
  186. #else
  187. typedef TRUSTEE_A TRUSTEE_;
  188. typedef PTRUSTEE_A PTRUSTEE_;
  189. typedef TRUSTEEA TRUSTEE;
  190. typedef PTRUSTEEA PTRUSTEE;
  191. #endif // UNICODE
  192. //
  193. // Definition: ACCESS_MODE
  194. // This enumerated type specifies how permissions are (requested)/to be applied
  195. // for the trustee by the access control entry. On input this field can by any
  196. // of the values, although it is not meaningful to mix access control and audit
  197. // control entries. On output this field will be either SET_ACCESS, DENY_ACCESS,
  198. // SET_AUDIT_SUCCESS, SET_AUDIT_FAILURE.
  199. // The following descriptions define how this type effects an explicit access
  200. // request to apply access permissions to an object.
  201. // GRANT_ACCESS - The trustee will have at least the requested permissions upon
  202. // successful completion of the command. (If the trustee has
  203. // additional permissions they will not be removed).
  204. // SET_ACCESS - The trustee will have exactly the requested permissions upon
  205. // successful completion of the command.
  206. // DENY_ACCESS - The trustee will be denied the specified permissions.
  207. // REVOKE_ACCESS - Any explicit access rights the trustee has will be revoked.
  208. // SET_AUDIT_SUCCESS - The trustee will be audited for successful opens of the
  209. // object using the requested permissions.
  210. // SET_AUDIT_FAILURE - The trustee will be audited for failed opens of the object
  211. // using the requested permissions.
  212. //
  213. typedef enum _ACCESS_MODE
  214. {
  215. NOT_USED_ACCESS = 0,
  216. GRANT_ACCESS,
  217. SET_ACCESS,
  218. DENY_ACCESS,
  219. REVOKE_ACCESS,
  220. SET_AUDIT_SUCCESS,
  221. SET_AUDIT_FAILURE
  222. } ACCESS_MODE;
  223. //
  224. // Definition: Inheritance flags
  225. // These bit masks are provided to allow simple application of inheritance in
  226. // explicit access requests on containers.
  227. // NO_INHERITANCE The specific access permissions will only be applied to
  228. // the container, and will not be inherited by objects created
  229. // within the container.
  230. // SUB_CONTAINERS_ONLY_INHERIT The specific access permissions will be inherited
  231. // and applied to sub containers created within the
  232. // container, and will be applied to the container
  233. // itself.
  234. // SUB_OBJECTS_ONLY_INHERIT The specific access permissions will only be inherited
  235. // by objects created within the specific container.
  236. // The access permissions will not be applied to the
  237. // container itself.
  238. // SUB_CONTAINERS_AND_OBJECTS_INHERIT The specific access permissions will be
  239. // inherited by containers created within the
  240. // specific container, will be applied to
  241. // objects created within the container, but
  242. // will not be applied to the container itself.
  243. //
  244. #define NO_INHERITANCE 0x0
  245. #define SUB_OBJECTS_ONLY_INHERIT 0x1
  246. #define SUB_CONTAINERS_ONLY_INHERIT 0x2
  247. #define SUB_CONTAINERS_AND_OBJECTS_INHERIT 0x3
  248. #define INHERIT_NO_PROPAGATE 0x4
  249. #define INHERIT_ONLY 0x8
  250. //
  251. // Informational bit that is returned
  252. //
  253. #define INHERITED_ACCESS_ENTRY 0x10
  254. //
  255. // Informational bit that tells where a node was inherited from. Valid only
  256. // for NT 5 APIs
  257. //
  258. #define INHERITED_PARENT 0x10000000
  259. #define INHERITED_GRANDPARENT 0x20000000
  260. //
  261. // Definition: EXPLICIT_ACCESS
  262. // This structure is used to pass access control entry information into and out
  263. // of the system using the API defined in this document.
  264. // grfAccessPermissions - This contains the access permissions to assign for the
  265. // trustee. It is in the form of an NT access mask.
  266. // grfAccessMode - This field defines how the permissions are to be applied for
  267. // the trustee.
  268. // grfInheritance - For containers, this field defines how the access control
  269. // entry is/(is requested) to be inherited on
  270. // objects/sub-containers created within the container.
  271. // Trustee - This field contains the definition of the trustee account the
  272. // explicit access applies to.
  273. //
  274. typedef struct _EXPLICIT_ACCESS_A
  275. {
  276. DWORD grfAccessPermissions;
  277. ACCESS_MODE grfAccessMode;
  278. DWORD grfInheritance;
  279. TRUSTEE_A Trustee;
  280. } EXPLICIT_ACCESS_A, *PEXPLICIT_ACCESS_A, EXPLICIT_ACCESSA, *PEXPLICIT_ACCESSA;
  281. typedef struct _EXPLICIT_ACCESS_W
  282. {
  283. DWORD grfAccessPermissions;
  284. ACCESS_MODE grfAccessMode;
  285. DWORD grfInheritance;
  286. TRUSTEE_W Trustee;
  287. } EXPLICIT_ACCESS_W, *PEXPLICIT_ACCESS_W, EXPLICIT_ACCESSW, *PEXPLICIT_ACCESSW;
  288. #ifdef UNICODE
  289. typedef EXPLICIT_ACCESS_W EXPLICIT_ACCESS_;
  290. typedef PEXPLICIT_ACCESS_W PEXPLICIT_ACCESS_;
  291. typedef EXPLICIT_ACCESSW EXPLICIT_ACCESS;
  292. typedef PEXPLICIT_ACCESSW PEXPLICIT_ACCESS;
  293. #else
  294. typedef EXPLICIT_ACCESS_A EXPLICIT_ACCESS_;
  295. typedef PEXPLICIT_ACCESS_A PEXPLICIT_ACCESS_;
  296. typedef EXPLICIT_ACCESSA EXPLICIT_ACCESS;
  297. typedef PEXPLICIT_ACCESSA PEXPLICIT_ACCESS;
  298. #endif // UNICODE
  299. //----------------------------------------------------------------------------
  300. //
  301. // NT5 APIs
  302. //
  303. //----------------------------------------------------------------------------
  304. //
  305. // Default provider
  306. //
  307. #define ACCCTRL_DEFAULT_PROVIDERA "Windows NT Access Provider"
  308. #define ACCCTRL_DEFAULT_PROVIDERW L"Windows NT Access Provider"
  309. #ifdef UNICODE
  310. #define ACCCTRL_DEFAULT_PROVIDER ACCCTRL_DEFAULT_PROVIDERW
  311. #else
  312. #define ACCCTRL_DEFAULT_PROVIDER ACCCTRL_DEFAULT_PROVIDERA
  313. #endif
  314. //
  315. /// Access rights
  316. //
  317. typedef ULONG ACCESS_RIGHTS, *PACCESS_RIGHTS;
  318. //
  319. // Inheritance flags
  320. //
  321. typedef ULONG INHERIT_FLAGS, *PINHERIT_FLAGS;
  322. //
  323. // Access / Audit structures
  324. //
  325. typedef struct _ACTRL_ACCESS_ENTRYA
  326. {
  327. TRUSTEE_A Trustee;
  328. ULONG fAccessFlags;
  329. ACCESS_RIGHTS Access;
  330. ACCESS_RIGHTS ProvSpecificAccess;
  331. INHERIT_FLAGS Inheritance;
  332. LPSTR lpInheritProperty;
  333. } ACTRL_ACCESS_ENTRYA, *PACTRL_ACCESS_ENTRYA;
  334. //
  335. // Access / Audit structures
  336. //
  337. typedef struct _ACTRL_ACCESS_ENTRYW
  338. {
  339. TRUSTEE_W Trustee;
  340. ULONG fAccessFlags;
  341. ACCESS_RIGHTS Access;
  342. ACCESS_RIGHTS ProvSpecificAccess;
  343. INHERIT_FLAGS Inheritance;
  344. LPWSTR lpInheritProperty;
  345. } ACTRL_ACCESS_ENTRYW, *PACTRL_ACCESS_ENTRYW;
  346. #ifdef UNICODE
  347. typedef ACTRL_ACCESS_ENTRYW ACTRL_ACCESS_ENTRY;
  348. typedef PACTRL_ACCESS_ENTRYW PACTRL_ACCESS_ENTRY;
  349. #else
  350. typedef ACTRL_ACCESS_ENTRYA ACTRL_ACCESS_ENTRY;
  351. typedef PACTRL_ACCESS_ENTRYA PACTRL_ACCESS_ENTRY;
  352. #endif // UNICODE
  353. typedef struct _ACTRL_ACCESS_ENTRY_LISTA
  354. {
  355. ULONG cEntries;
  356. #ifdef __midl
  357. [size_is(cEntries)]
  358. #endif
  359. ACTRL_ACCESS_ENTRYA *pAccessList;
  360. } ACTRL_ACCESS_ENTRY_LISTA, *PACTRL_ACCESS_ENTRY_LISTA;
  361. typedef struct _ACTRL_ACCESS_ENTRY_LISTW
  362. {
  363. ULONG cEntries;
  364. #ifdef __midl
  365. [size_is(cEntries)]
  366. #endif
  367. ACTRL_ACCESS_ENTRYW *pAccessList;
  368. } ACTRL_ACCESS_ENTRY_LISTW, *PACTRL_ACCESS_ENTRY_LISTW;
  369. #ifdef UNICODE
  370. typedef ACTRL_ACCESS_ENTRY_LISTW ACTRL_ACCESS_ENTRY_LIST;
  371. typedef PACTRL_ACCESS_ENTRY_LISTW PACTRL_ACCESS_ENTRY_LIST;
  372. #else
  373. typedef ACTRL_ACCESS_ENTRY_LISTA ACTRL_ACCESS_ENTRY_LIST;
  374. typedef PACTRL_ACCESS_ENTRY_LISTA PACTRL_ACCESS_ENTRY_LIST;
  375. #endif // UNICODE
  376. typedef struct _ACTRL_PROPERTY_ENTRYA
  377. {
  378. LPSTR lpProperty;
  379. PACTRL_ACCESS_ENTRY_LISTA pAccessEntryList;
  380. ULONG fListFlags;
  381. } ACTRL_PROPERTY_ENTRYA, *PACTRL_PROPERTY_ENTRYA;
  382. typedef struct _ACTRL_PROPERTY_ENTRYW
  383. {
  384. LPWSTR lpProperty;
  385. PACTRL_ACCESS_ENTRY_LISTW pAccessEntryList;
  386. ULONG fListFlags;
  387. } ACTRL_PROPERTY_ENTRYW, *PACTRL_PROPERTY_ENTRYW;
  388. #ifdef UNICODE
  389. typedef ACTRL_PROPERTY_ENTRYW ACTRL_PROPERTY_ENTRY;
  390. typedef PACTRL_PROPERTY_ENTRYW PACTRL_PROPERTY_ENTRY;
  391. #else
  392. typedef ACTRL_PROPERTY_ENTRYA ACTRL_PROPERTY_ENTRY;
  393. typedef PACTRL_PROPERTY_ENTRYA PACTRL_PROPERTY_ENTRY;
  394. #endif // UNICODE
  395. typedef struct _ACTRL_ALISTA
  396. {
  397. ULONG cEntries;
  398. #ifdef __midl
  399. [size_is(cEntries)]
  400. #endif
  401. PACTRL_PROPERTY_ENTRYA pPropertyAccessList;
  402. } ACTRL_ACCESSA, *PACTRL_ACCESSA, ACTRL_AUDITA, *PACTRL_AUDITA;
  403. typedef struct _ACTRL_ALISTW
  404. {
  405. ULONG cEntries;
  406. #ifdef __midl
  407. [size_is(cEntries)]
  408. #endif
  409. PACTRL_PROPERTY_ENTRYW pPropertyAccessList;
  410. } ACTRL_ACCESSW, *PACTRL_ACCESSW, ACTRL_AUDITW, *PACTRL_AUDITW;
  411. #ifdef UNICODE
  412. typedef ACTRL_ACCESSW ACTRL_ACCESS;
  413. typedef PACTRL_ACCESSW PACTRL_ACCESS;
  414. typedef ACTRL_AUDITW ACTRL_AUDIT;
  415. typedef PACTRL_AUDITW PACTRL_AUDIT;
  416. #else
  417. typedef ACTRL_ACCESSA ACTRL_ACCESS;
  418. typedef PACTRL_ACCESSA PACTRL_ACCESS;
  419. typedef ACTRL_AUDITA ACTRL_AUDIT;
  420. typedef PACTRL_AUDITA PACTRL_AUDIT;
  421. #endif // UNICODE
  422. //
  423. // TRUSTEE_ACCESS flags
  424. //
  425. #define TRUSTEE_ACCESS_ALLOWED 0x00000001L
  426. #define TRUSTEE_ACCESS_READ 0x00000002L
  427. #define TRUSTEE_ACCESS_WRITE 0x00000004L
  428. #define TRUSTEE_ACCESS_EXPLICIT 0x00000001L
  429. #define TRUSTEE_ACCESS_READ_WRITE (TRUSTEE_ACCESS_READ | \
  430. TRUSTEE_ACCESS_WRITE)
  431. #define TRUSTEE_ACCESS_ALL 0xFFFFFFFFL
  432. typedef struct _TRUSTEE_ACCESSA
  433. {
  434. LPSTR lpProperty;
  435. ACCESS_RIGHTS Access;
  436. ULONG fAccessFlags;
  437. ULONG fReturnedAccess;
  438. } TRUSTEE_ACCESSA, *PTRUSTEE_ACCESSA;
  439. typedef struct _TRUSTEE_ACCESSW
  440. {
  441. LPWSTR lpProperty;
  442. ACCESS_RIGHTS Access;
  443. ULONG fAccessFlags;
  444. ULONG fReturnedAccess;
  445. } TRUSTEE_ACCESSW, *PTRUSTEE_ACCESSW;
  446. #ifdef UNICODE
  447. typedef TRUSTEE_ACCESSW TRUSTEE_ACCESS;
  448. typedef PTRUSTEE_ACCESSW PTRUSTEE_ACCESS;
  449. #else
  450. typedef TRUSTEE_ACCESSA TRUSTEE_ACCESS;
  451. typedef PTRUSTEE_ACCESSA PTRUSTEE_ACCESS;
  452. #endif // UNICODE
  453. //
  454. // Generic permission values
  455. //
  456. #define ACTRL_RESERVED 0x00000000
  457. #define ACTRL_PERM_1 0x00000001
  458. #define ACTRL_PERM_2 0x00000002
  459. #define ACTRL_PERM_3 0x00000004
  460. #define ACTRL_PERM_4 0x00000008
  461. #define ACTRL_PERM_5 0x00000010
  462. #define ACTRL_PERM_6 0x00000020
  463. #define ACTRL_PERM_7 0x00000040
  464. #define ACTRL_PERM_8 0x00000080
  465. #define ACTRL_PERM_9 0x00000100
  466. #define ACTRL_PERM_10 0x00000200
  467. #define ACTRL_PERM_11 0x00000400
  468. #define ACTRL_PERM_12 0x00000800
  469. #define ACTRL_PERM_13 0x00001000
  470. #define ACTRL_PERM_14 0x00002000
  471. #define ACTRL_PERM_15 0x00004000
  472. #define ACTRL_PERM_16 0x00008000
  473. #define ACTRL_PERM_17 0x00010000
  474. #define ACTRL_PERM_18 0x00020000
  475. #define ACTRL_PERM_19 0x00040000
  476. #define ACTRL_PERM_20 0x00080000
  477. //
  478. // Access permissions
  479. //
  480. #define ACTRL_ACCESS_ALLOWED 0x00000001
  481. #define ACTRL_ACCESS_DENIED 0x00000002
  482. #define ACTRL_AUDIT_SUCCESS 0x00000004
  483. #define ACTRL_AUDIT_FAILURE 0x00000008
  484. //
  485. // Property list flags
  486. //
  487. #define ACTRL_ACCESS_PROTECTED 0x00000001
  488. //
  489. // Standard and object rights
  490. //
  491. #define ACTRL_SYSTEM_ACCESS 0x04000000
  492. #define ACTRL_DELETE 0x08000000
  493. #define ACTRL_READ_CONTROL 0x10000000
  494. #define ACTRL_CHANGE_ACCESS 0x20000000
  495. #define ACTRL_CHANGE_OWNER 0x40000000
  496. #define ACTRL_SYNCHRONIZE 0x80000000
  497. #define ACTRL_STD_RIGHTS_ALL 0xf8000000
  498. #define ACTRL_STD_RIGHT_REQUIRED ( ACTRL_STD_RIGHTS_ALL & ~ACTRL_SYNCHRONIZE )
  499. #ifndef _DS_CONTROL_BITS_DEFINED_
  500. #define _DS_CONTROL_BITS_DEFINED_
  501. #define ACTRL_DS_OPEN ACTRL_RESERVED
  502. #define ACTRL_DS_CREATE_CHILD ACTRL_PERM_1
  503. #define ACTRL_DS_DELETE_CHILD ACTRL_PERM_2
  504. #define ACTRL_DS_LIST ACTRL_PERM_3
  505. #define ACTRL_DS_SELF ACTRL_PERM_4
  506. #define ACTRL_DS_READ_PROP ACTRL_PERM_5
  507. #define ACTRL_DS_WRITE_PROP ACTRL_PERM_6
  508. #define ACTRL_DS_DELETE_TREE ACTRL_PERM_7
  509. #define ACTRL_DS_LIST_OBJECT ACTRL_PERM_8
  510. #define ACTRL_DS_CONTROL_ACCESS ACTRL_PERM_9
  511. #endif
  512. #define ACTRL_FILE_READ ACTRL_PERM_1
  513. #define ACTRL_FILE_WRITE ACTRL_PERM_2
  514. #define ACTRL_FILE_APPEND ACTRL_PERM_3
  515. #define ACTRL_FILE_READ_PROP ACTRL_PERM_4
  516. #define ACTRL_FILE_WRITE_PROP ACTRL_PERM_5
  517. #define ACTRL_FILE_EXECUTE ACTRL_PERM_6
  518. #define ACTRL_FILE_READ_ATTRIB ACTRL_PERM_8
  519. #define ACTRL_FILE_WRITE_ATTRIB ACTRL_PERM_9
  520. #define ACTRL_FILE_CREATE_PIPE ACTRL_PERM_10
  521. #define ACTRL_DIR_LIST ACTRL_PERM_1
  522. #define ACTRL_DIR_CREATE_OBJECT ACTRL_PERM_2
  523. #define ACTRL_DIR_CREATE_CHILD ACTRL_PERM_3
  524. #define ACTRL_DIR_DELETE_CHILD ACTRL_PERM_7
  525. #define ACTRL_DIR_TRAVERSE ACTRL_PERM_6
  526. #define ACTRL_KERNEL_TERMINATE ACTRL_PERM_1
  527. #define ACTRL_KERNEL_THREAD ACTRL_PERM_2
  528. #define ACTRL_KERNEL_VM ACTRL_PERM_3
  529. #define ACTRL_KERNEL_VM_READ ACTRL_PERM_4
  530. #define ACTRL_KERNEL_VM_WRITE ACTRL_PERM_5
  531. #define ACTRL_KERNEL_DUP_HANDLE ACTRL_PERM_6
  532. #define ACTRL_KERNEL_PROCESS ACTRL_PERM_7
  533. #define ACTRL_KERNEL_SET_INFO ACTRL_PERM_8
  534. #define ACTRL_KERNEL_GET_INFO ACTRL_PERM_9
  535. #define ACTRL_KERNEL_CONTROL ACTRL_PERM_10
  536. #define ACTRL_KERNEL_ALERT ACTRL_PERM_11
  537. #define ACTRL_KERNEL_GET_CONTEXT ACTRL_PERM_12
  538. #define ACTRL_KERNEL_SET_CONTEXT ACTRL_PERM_13
  539. #define ACTRL_KERNEL_TOKEN ACTRL_PERM_14
  540. #define ACTRL_KERNEL_IMPERSONATE ACTRL_PERM_15
  541. #define ACTRL_KERNEL_DIMPERSONATE ACTRL_PERM_16
  542. #define ACTRL_PRINT_SADMIN ACTRL_PERM_1
  543. #define ACTRL_PRINT_SLIST ACTRL_PERM_2
  544. #define ACTRL_PRINT_PADMIN ACTRL_PERM_3
  545. #define ACTRL_PRINT_PUSE ACTRL_PERM_4
  546. #define ACTRL_PRINT_JADMIN ACTRL_PERM_5
  547. #define ACTRL_SVC_GET_INFO ACTRL_PERM_1
  548. #define ACTRL_SVC_SET_INFO ACTRL_PERM_2
  549. #define ACTRL_SVC_STATUS ACTRL_PERM_3
  550. #define ACTRL_SVC_LIST ACTRL_PERM_4
  551. #define ACTRL_SVC_START ACTRL_PERM_5
  552. #define ACTRL_SVC_STOP ACTRL_PERM_6
  553. #define ACTRL_SVC_PAUSE ACTRL_PERM_7
  554. #define ACTRL_SVC_INTERROGATE ACTRL_PERM_8
  555. #define ACTRL_SVC_UCONTROL ACTRL_PERM_9
  556. #define ACTRL_REG_QUERY ACTRL_PERM_1
  557. #define ACTRL_REG_SET ACTRL_PERM_2
  558. #define ACTRL_REG_CREATE_CHILD ACTRL_PERM_3
  559. #define ACTRL_REG_LIST ACTRL_PERM_4
  560. #define ACTRL_REG_NOTIFY ACTRL_PERM_5
  561. #define ACTRL_REG_LINK ACTRL_PERM_6
  562. #define ACTRL_WIN_CLIPBRD ACTRL_PERM_1
  563. #define ACTRL_WIN_GLOBAL_ATOMS ACTRL_PERM_2
  564. #define ACTRL_WIN_CREATE ACTRL_PERM_3
  565. #define ACTRL_WIN_LIST_DESK ACTRL_PERM_4
  566. #define ACTRL_WIN_LIST ACTRL_PERM_5
  567. #define ACTRL_WIN_READ_ATTRIBS ACTRL_PERM_6
  568. #define ACTRL_WIN_WRITE_ATTRIBS ACTRL_PERM_7
  569. #define ACTRL_WIN_SCREEN ACTRL_PERM_8
  570. #define ACTRL_WIN_EXIT ACTRL_PERM_9
  571. #pragma warning (push)
  572. #pragma warning (disable: 4201)
  573. typedef struct _ACTRL_OVERLAPPED
  574. {
  575. union {
  576. PVOID Provider;
  577. ULONG Reserved1;
  578. };
  579. ULONG Reserved2;
  580. HANDLE hEvent;
  581. } ACTRL_OVERLAPPED, *PACTRL_OVERLAPPED;
  582. #pragma warning(pop)
  583. typedef struct _ACTRL_ACCESS_INFOA
  584. {
  585. ULONG fAccessPermission;
  586. LPSTR lpAccessPermissionName;
  587. } ACTRL_ACCESS_INFOA, *PACTRL_ACCESS_INFOA;
  588. typedef struct _ACTRL_ACCESS_INFOW
  589. {
  590. ULONG fAccessPermission;
  591. LPWSTR lpAccessPermissionName;
  592. } ACTRL_ACCESS_INFOW, *PACTRL_ACCESS_INFOW;
  593. #ifdef UNICODE
  594. typedef ACTRL_ACCESS_INFOW ACTRL_ACCESS_INFO;
  595. typedef PACTRL_ACCESS_INFOW PACTRL_ACCESS_INFO;
  596. #else
  597. typedef ACTRL_ACCESS_INFOA ACTRL_ACCESS_INFO;
  598. typedef PACTRL_ACCESS_INFOA PACTRL_ACCESS_INFO;
  599. #endif // UNICODE
  600. typedef struct _ACTRL_CONTROL_INFOA
  601. {
  602. LPSTR lpControlId;
  603. LPSTR lpControlName;
  604. } ACTRL_CONTROL_INFOA, *PACTRL_CONTROL_INFOA;
  605. typedef struct _ACTRL_CONTROL_INFOW
  606. {
  607. LPWSTR lpControlId;
  608. LPWSTR lpControlName;
  609. } ACTRL_CONTROL_INFOW, *PACTRL_CONTROL_INFOW;
  610. #ifdef UNICODE
  611. typedef ACTRL_CONTROL_INFOW ACTRL_CONTROL_INFO;
  612. typedef PACTRL_CONTROL_INFOW PACTRL_CONTROL_INFO;
  613. #else
  614. typedef ACTRL_CONTROL_INFOA ACTRL_CONTROL_INFO;
  615. typedef PACTRL_CONTROL_INFOA PACTRL_CONTROL_INFO;
  616. #endif // UNICODE
  617. #define ACTRL_ACCESS_NO_OPTIONS 0x00000000
  618. #define ACTRL_ACCESS_SUPPORTS_OBJECT_ENTRIES 0x00000001
  619. typedef enum _PROGRESS_INVOKE_SETTING {
  620. ProgressInvokeNever = 1, // Never invoke the progress function
  621. ProgressInvokeEveryObject, // Invoke for each object
  622. ProgressInvokeOnError, // Invoke only for each error case
  623. ProgressCancelOperation, // Stop propagation and return
  624. ProgressRetryOperation // Retry operation on subtree
  625. } PROG_INVOKE_SETTING, *PPROG_INVOKE_SETTING;
  626. //
  627. // Progress Function:
  628. // Caller of tree operation implements this Progress function, then
  629. // passes its function pointer to tree operation.
  630. // Tree operation invokes Progress function to provide progress and error
  631. // information to the caller during the potentially long execution
  632. // of the tree operation. Tree operation provides the name of the object
  633. // last processed and the error status of the operation on that object.
  634. // Tree operation also passes the current InvokeSetting value.
  635. // Caller may change the InvokeSetting value, for example, from "Always"
  636. // to "Only On Error."
  637. //
  638. /*
  639. typedef VOID (*FN_PROGRESS) (
  640. IN LPWSTR pObjectName, // name of object just processed
  641. IN DWORD Status, // status of operation on object
  642. IN OUT PPROG_INVOKE_SETTING pInvokeSetting, // Never, always,
  643. IN PVOID Args, // Caller specific data
  644. IN BOOL SecuritySet // Whether security was set
  645. );
  646. */
  647. //
  648. // New Object Type function pointers. TBD.
  649. // To support additional object resource managers generically, the
  650. // resource manager must provide it's own functions for operations
  651. // like:
  652. // GetAncestorAcl(IN ObjName, IN GenerationGap, IN DaclOrSacl?, ...)
  653. // GetAncestorName(...)
  654. // FreeNameStructure(...)
  655. //
  656. typedef struct _FN_OBJECT_MGR_FUNCTIONS
  657. {
  658. ULONG Placeholder;
  659. } FN_OBJECT_MGR_FUNCTS, *PFN_OBJECT_MGR_FUNCTS;
  660. //
  661. // Name of ancestor and number of generations between
  662. // ancestor and inheriting object.
  663. //
  664. // GenerationGap:
  665. // Name of ancestor from which ACE was inherited.
  666. // NULL for explicit ACE.
  667. //
  668. // AncestorName:
  669. // Number of levels (or generations) between the object and the ancestor.
  670. // Parent, gap=1.
  671. // Grandparent, gap=2.
  672. // Set to 0 for explicit ACE on object.
  673. //
  674. typedef struct _INHERITED_FROMA
  675. {
  676. LONG GenerationGap;
  677. LPSTR AncestorName;
  678. } INHERITED_FROMA, *PINHERITED_FROMA;
  679. typedef struct _INHERITED_FROMW
  680. {
  681. LONG GenerationGap;
  682. LPWSTR AncestorName;
  683. } INHERITED_FROMW, *PINHERITED_FROMW;
  684. #ifdef UNICODE
  685. typedef INHERITED_FROMW INHERITED_FROM;
  686. typedef PINHERITED_FROMW PINHERITED_FROM;
  687. #else
  688. typedef INHERITED_FROMA INHERITED_FROM;
  689. typedef PINHERITED_FROMA PINHERITED_FROM;
  690. #endif // UNICODE
  691. #ifdef __cplusplus
  692. }
  693. #endif
  694. #endif // __ACCESS_CONTROL__