Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

113 lines
4.4 KiB

  1. // --------------------------------------------------------------------------
  2. // Module Name: Access.h
  3. //
  4. // Copyright (c) 1999-2000, Microsoft Corporation
  5. //
  6. // This file contains a few classes that assist with ACL manipulation on
  7. // objects to which a handle has already been opened. This handle must have
  8. // (obvisouly) have WRITE_DAC access.
  9. //
  10. // History: 1999-10-05 vtan created
  11. // 2000-02-01 vtan moved from Neptune to Whistler
  12. // --------------------------------------------------------------------------
  13. #ifndef _Access_
  14. #define _Access_
  15. #include "DynamicArray.h"
  16. // --------------------------------------------------------------------------
  17. // CSecurityDescriptor
  18. //
  19. // Purpose: This class allocates and assigns a PSECURITY_DESCRIPTOR
  20. // structure with the desired access specified.
  21. //
  22. // History: 2000-10-05 vtan created
  23. // --------------------------------------------------------------------------
  24. class CSecurityDescriptor
  25. {
  26. public:
  27. typedef struct
  28. {
  29. PSID_IDENTIFIER_AUTHORITY pSIDAuthority;
  30. int iSubAuthorityCount;
  31. DWORD dwSubAuthority0,
  32. dwSubAuthority1,
  33. dwSubAuthority2,
  34. dwSubAuthority3,
  35. dwSubAuthority4,
  36. dwSubAuthority5,
  37. dwSubAuthority6,
  38. dwSubAuthority7;
  39. DWORD dwAccessMask;
  40. } ACCESS_CONTROL, *PACCESS_CONTROL;
  41. private:
  42. CSecurityDescriptor (void);
  43. ~CSecurityDescriptor (void);
  44. public:
  45. static PSECURITY_DESCRIPTOR Create (int iCount, const ACCESS_CONTROL *pAccessControl);
  46. private:
  47. static bool AddAces (PACL pACL, PSID *pSIDs, int iCount, const ACCESS_CONTROL *pAC);
  48. };
  49. // --------------------------------------------------------------------------
  50. // CAccessControlList
  51. //
  52. // Purpose: This class manages access allowed ACEs and constructs an ACL
  53. // from these ACEs. This class only deals with access allowed
  54. // ACEs.
  55. //
  56. // History: 1999-10-05 vtan created
  57. // 2000-02-01 vtan moved from Neptune to Whistler
  58. // --------------------------------------------------------------------------
  59. class CAccessControlList : private CDynamicArrayCallback
  60. {
  61. public:
  62. CAccessControlList (void);
  63. ~CAccessControlList (void);
  64. operator PACL (void);
  65. NTSTATUS Add (PSID pSID, ACCESS_MASK dwMask, UCHAR ucInheritence);
  66. NTSTATUS Remove (PSID pSID);
  67. private:
  68. virtual NTSTATUS Callback (const void *pvData, int iElementIndex);
  69. private:
  70. CDynamicPointerArray _ACEArray;
  71. ACL* _pACL;
  72. PSID _searchSID;
  73. int _iFoundIndex;
  74. };
  75. // --------------------------------------------------------------------------
  76. // CSecuredObject
  77. //
  78. // Purpose: This class manages the ACL of a secured object. SIDs can be
  79. // added or removed from the ACL of the object.
  80. //
  81. // History: 1999-10-05 vtan created
  82. // 2000-02-01 vtan moved from Neptune to Whistler
  83. // --------------------------------------------------------------------------
  84. class CSecuredObject
  85. {
  86. private:
  87. CSecuredObject (void);
  88. public:
  89. CSecuredObject (HANDLE hObject, SE_OBJECT_TYPE seObjectType);
  90. ~CSecuredObject (void);
  91. NTSTATUS Allow (PSID pSID, ACCESS_MASK dwMask, UCHAR ucInheritence) const;
  92. NTSTATUS Remove (PSID pSID) const;
  93. private:
  94. NTSTATUS GetDACL (CAccessControlList& accessControlList) const;
  95. NTSTATUS SetDACL (CAccessControlList& accessControlList) const;
  96. private:
  97. HANDLE _hObject;
  98. SE_OBJECT_TYPE _seObjectType;
  99. };
  100. #endif /* _Access_ */