Source code of Windows XP (NT5)
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
/*++ BUILD Version: 0002 // Increment this if a change has global effects
Copyright (c) Microsoft Corporation. All rights reserved.
Module Name:
seopaque.h
Abstract:
This module contains definitions of opaque Security data structures.
These structures are available to user and kernel security routines only.
This file is not included by including "ntos.h".
Author:
Jim Kelly (Jimk) 23-Mar-1990
Revision History:
--*/
#ifndef _SEOPAQUE_
#define _SEOPAQUE_
�///////////////////////////////////////////////////////////////////////////
// //
// Private Structures //
// //
///////////////////////////////////////////////////////////////////////////
//
// Generic ACE structures, to be used for casting ACE's of known types
//
typedef struct _KNOWN_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG SidStart;} KNOWN_ACE, *PKNOWN_ACE;
typedef struct _KNOWN_OBJECT_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG Flags; // GUID ObjectType; // Optionally present
// GUID InheritedObjectType; // Optionally present
ULONG SidStart;} KNOWN_OBJECT_ACE, *PKNOWN_OBJECT_ACE;
typedef struct _KNOWN_COMPOUND_ACE { ACE_HEADER Header; ACCESS_MASK Mask; USHORT CompoundAceType; USHORT Reserved; ULONG SidStart;} KNOWN_COMPOUND_ACE, *PKNOWN_COMPOUND_ACE;
//typedef struct _KNOWN_IMPERSONATION_ACE {
// ACE_HEADER Header;
// ACCESS_MASK Mask;
// USHORT DataType;
// USHORT Argument;
// ULONG Operands;
//} KNOWN_IMPERSONATION_ACE, *PKNOWN_IMPERSONATION_ACE;
///////////////////////////////////////////////////////////////////////////
// //
// Miscellaneous support macros //
// //
///////////////////////////////////////////////////////////////////////////
//
// Given a pointer return its word aligned equivalent value
//
#define WordAlign(Ptr) ( \
(PVOID)((((ULONG_PTR)(Ptr)) + 1) & -2) \ )
//
// Given a pointer return its longword aligned equivalent value
//
#define LongAlign(Ptr) ( \
(PVOID)((((ULONG_PTR)(Ptr)) + 3) & -4) \ )
//
// Given a size return its longword aligned equivalent value
//
#define LongAlignSize(Size) (((ULONG)(Size) + 3) & -4)
//
// Given a size return its sizeof(PVOID) aligned equivalent value
//
#define PtrAlignSize(Size) \
(((ULONG)(Size) + sizeof(PVOID) - 1) & ~(sizeof(PVOID)-1))
//
// Given a pointer return its quadword aligned equivalent value
//
#define QuadAlign(Ptr) ( \
(PVOID)((((ULONG_PTR)(Ptr)) + 7) & -8) \ )
//
// This macro returns TRUE if a flag in a set of flags is on and FALSE
// otherwise
//
#define FlagOn(Flags,SingleFlag) ( \
((Flags) & (SingleFlag)) != 0 ? TRUE : FALSE \ )
//
// This macro clears a single flag in a set of flags
//
#define ClearFlag(Flags,SingleFlag) { \
(Flags) &= ~(SingleFlag); \ }
//
// Get a pointer to the first ace in an acl
//
#define FirstAce(Acl) ((PVOID)((PUCHAR)(Acl) + sizeof(ACL)))
//
// Get a pointer to the following ace
//
#define NextAce(Ace) ((PVOID)((PUCHAR)(Ace) + ((PACE_HEADER)(Ace))->AceSize))
//
// A "known" ACE is one of the types that existed before the introduction of
// compound ACEs. While the name is no longer as accurate as it used to be,
// it's convenient.
//
#define IsKnownAceType(Ace) ( \
(((PACE_HEADER)(Ace))->AceType >= ACCESS_MIN_MS_ACE_TYPE) && \ (((PACE_HEADER)(Ace))->AceType <= ACCESS_MAX_MS_V2_ACE_TYPE) \ )
//
// Test if the ACE is a valid version 3 ACE.
//
#define IsV3AceType(Ace) ( \
(((PACE_HEADER)(Ace))->AceType >= ACCESS_MIN_MS_ACE_TYPE) && \ (((PACE_HEADER)(Ace))->AceType <= ACCESS_MAX_MS_V3_ACE_TYPE) \ )
//
// Test if the ACE is a valid version 4 ACE.
//
#define IsV4AceType(Ace) ( \
(((PACE_HEADER)(Ace))->AceType >= ACCESS_MIN_MS_ACE_TYPE) && \ (((PACE_HEADER)(Ace))->AceType <= ACCESS_MAX_MS_V4_ACE_TYPE) \ )
//
// Test if the ACE is a valid ACE.
//
#define IsMSAceType(Ace) ( \
(((PACE_HEADER)(Ace))->AceType >= ACCESS_MIN_MS_ACE_TYPE) && \ (((PACE_HEADER)(Ace))->AceType <= ACCESS_MAX_MS_ACE_TYPE) \ )
//
// Determine if an ace is a standard ace
//
#define IsCompoundAceType(Ace) ( \
(((PACE_HEADER)(Ace))->AceType == ACCESS_ALLOWED_COMPOUND_ACE_TYPE))
//
// Test if the ACE is an object ACE.
//
#define IsObjectAceType(Ace) ( \
(((PACE_HEADER)(Ace))->AceType >= ACCESS_MIN_MS_OBJECT_ACE_TYPE) && \ (((PACE_HEADER)(Ace))->AceType <= ACCESS_MAX_MS_OBJECT_ACE_TYPE) \ )
//
// Update this macro as new ACL revisions are defined.
//
#define ValidAclRevision(Acl) ((Acl)->AclRevision >= MIN_ACL_REVISION && \
(Acl)->AclRevision <= MAX_ACL_REVISION )
//
// Macro to determine if an ace is to be inherited by a subdirectory
//
#define ContainerInherit(Ace) ( \
FlagOn((Ace)->AceFlags, CONTAINER_INHERIT_ACE) \ )
//
// Macro to determine if an ace is to be proprogate to a subdirectory.
// It will if it is inheritable by either a container or non-container
// and is not explicitly marked for no-propagation.
//
#define Propagate(Ace) ( \
!FlagOn((Ace)->AceFlags, NO_PROPAGATE_INHERIT_ACE) && \ (FlagOn(( Ace )->AceFlags, OBJECT_INHERIT_ACE) || \ FlagOn(( Ace )->AceFlags, CONTAINER_INHERIT_ACE) ) \ )
//
// Macro to determine if an ACE is to be inherited by a sub-object
//
#define ObjectInherit(Ace) ( \
FlagOn(( Ace )->AceFlags, OBJECT_INHERIT_ACE) \ )
//
// Macro to determine if an ACE was inherited.
//
#define AceInherited(Ace) ( \
FlagOn(( Ace )->AceFlags, INHERITED_ACE) \ )
//
// Extract the SID from a object ACE
//
#define RtlObjectAceObjectTypePresent( Ace ) \
((((PKNOWN_OBJECT_ACE)(Ace))->Flags & ACE_OBJECT_TYPE_PRESENT) != 0 )#define RtlObjectAceInheritedObjectTypePresent( Ace ) \
((((PKNOWN_OBJECT_ACE)(Ace))->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT) != 0 )
#define RtlObjectAceSid( Ace ) \
((PSID)(((PUCHAR)&(((PKNOWN_OBJECT_ACE)(Ace))->SidStart)) + \ (RtlObjectAceObjectTypePresent(Ace) ? sizeof(GUID) : 0 ) + \ (RtlObjectAceInheritedObjectTypePresent(Ace) ? sizeof(GUID) : 0 )))
#define RtlObjectAceObjectType( Ace ) \
((GUID *)(RtlObjectAceObjectTypePresent(Ace) ? \ &((PKNOWN_OBJECT_ACE)(Ace))->SidStart : \ NULL ))
#define RtlObjectAceInheritedObjectType( Ace ) \
((GUID *)(RtlObjectAceInheritedObjectTypePresent(Ace) ? \ ( RtlObjectAceObjectTypePresent(Ace) ? \ (PULONG)(((PUCHAR)(&((PKNOWN_OBJECT_ACE)(Ace))->SidStart)) + sizeof(GUID)) : \ &((PKNOWN_OBJECT_ACE)(Ace))->SidStart ) : \ NULL ))
//
// Comparison routine for two GUIDs.
//
#define RtlpIsEqualGuid(rguid1, rguid2) \
(((PLONG) rguid1)[0] == ((PLONG) rguid2)[0] && \ ((PLONG) rguid1)[1] == ((PLONG) rguid2)[1] && \ ((PLONG) rguid1)[2] == ((PLONG) rguid2)[2] && \ ((PLONG) rguid1)[3] == ((PLONG) rguid2)[3])
//
// Macros for mapping DACL/SACL specific security descriptor control bits
// to generic control bits.
//
// This mapping allows common routines to manipulate control bits generically
// and have the appropriate bits set in the security descriptor based
// on whether to ACL is a DACL or a SACL.
//
#define SEP_ACL_PRESENT SE_DACL_PRESENT
#define SEP_ACL_DEFAULTED SE_DACL_DEFAULTED
#define SEP_ACL_AUTO_INHERITED SE_DACL_AUTO_INHERITED
#define SEP_ACL_PROTECTED SE_DACL_PROTECTED
#define SEP_ACL_ALL ( \
SEP_ACL_PRESENT | \ SEP_ACL_DEFAULTED | \ SEP_ACL_AUTO_INHERITED | \ SEP_ACL_PROTECTED )
#define SeControlDaclToGeneric( _Dacl ) \
((_Dacl) & SEP_ACL_ALL )
#define SeControlGenericToDacl( _Generic ) \
((_Generic) & SEP_ACL_ALL )
#define SeControlSaclToGeneric( _Sacl ) ( \
(((_Sacl) & SE_SACL_PRESENT) ? SEP_ACL_PRESENT : 0 ) | \ (((_Sacl) & SE_SACL_DEFAULTED) ? SEP_ACL_DEFAULTED : 0 ) | \ (((_Sacl) & SE_SACL_AUTO_INHERITED) ? SEP_ACL_AUTO_INHERITED : 0 ) | \ (((_Sacl) & SE_SACL_PROTECTED) ? SEP_ACL_PROTECTED : 0 ) )
#define SeControlGenericToSacl( _Generic ) ( \
(((_Generic) & SEP_ACL_PRESENT) ? SE_SACL_PRESENT : 0 ) | \ (((_Generic) & SEP_ACL_DEFAULTED) ? SE_SACL_DEFAULTED : 0 ) | \ (((_Generic) & SEP_ACL_AUTO_INHERITED) ? SE_SACL_AUTO_INHERITED : 0 ) | \ (((_Generic) & SEP_ACL_PROTECTED) ? SE_SACL_PROTECTED : 0 ) )
#endif // _SEOPAQUE_
|
