Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

258 lines
9.6 KiB

  1. //+--------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (c) Microsoft Corporation. All rights reserved.
  5. //
  6. // File: aclui.h
  7. //
  8. // Contents: Definitions and prototypes for the ACLUI.DLL
  9. //
  10. //---------------------------------------------------------------------------
  11. #ifndef _ACLUI_H_
  12. #define _ACLUI_H_
  13. #if _MSC_VER > 1000
  14. #pragma once
  15. #endif
  16. #include <objbase.h>
  17. #include <commctrl.h> // for HPROPSHEETPAGE
  18. #include <accctrl.h> // for SE_OBJECT_TYPE
  19. #if !defined(_ACLUI_)
  20. #define ACLUIAPI DECLSPEC_IMPORT WINAPI
  21. #else
  22. #define ACLUIAPI WINAPI
  23. #endif
  24. #ifdef __cplusplus
  25. extern "C" {
  26. #endif /* __cplusplus */
  27. //
  28. // ISecurityInformation interface
  29. //
  30. // Methods:
  31. //
  32. // GetObjectInformation - Allows UI to determine type of object being
  33. // edited. Also allows determining if object is a container.
  34. //
  35. // GetSecurity - Allows retrieving of ACLs from the original object
  36. // NOTE: ACLUI will LocalFree the security descriptor
  37. // returned by GetSecurity.
  38. // SetSecurity - Allows setting of the ACLs on the original object
  39. //
  40. // GetAccessRights - For retrieving the list of rights allowed
  41. // on this object.
  42. //
  43. // MapGeneric - For mapping generic rights to standard & specific rights
  44. //
  45. // GetInheritTypes - For retrieving the list of possible sub-object types
  46. // for a container.
  47. //
  48. // PropertySheetCallback - A method which is called back during the various
  49. // security UI property pages so that specialized work can be
  50. // done. Similar to PropSheetPageProc. If uMsg == PSPCB_CREATE,
  51. // then any error return value other than E_NOTIMPL will abort
  52. // the creation of that page. The type of page being created or
  53. // destroyed is indicated by the uPage parameter.
  54. //
  55. typedef struct _SI_OBJECT_INFO
  56. {
  57. DWORD dwFlags;
  58. HINSTANCE hInstance; // resources (e.g. strings) reside here
  59. LPWSTR pszServerName; // must be present
  60. LPWSTR pszObjectName; // must be present
  61. LPWSTR pszPageTitle; // only valid if SI_PAGE_TITLE is set
  62. GUID guidObjectType; // only valid if SI_OBJECT_GUID is set
  63. } SI_OBJECT_INFO, *PSI_OBJECT_INFO;
  64. // SI_OBJECT_INFO flags
  65. #define SI_EDIT_PERMS 0x00000000L // always implied
  66. #define SI_EDIT_OWNER 0x00000001L
  67. #define SI_EDIT_AUDITS 0x00000002L
  68. #define SI_CONTAINER 0x00000004L
  69. #define SI_READONLY 0x00000008L
  70. #define SI_ADVANCED 0x00000010L
  71. #define SI_RESET 0x00000020L //equals to SI_RESET_DACL|SI_RESET_SACL|SI_RESET_OWNER
  72. #define SI_OWNER_READONLY 0x00000040L
  73. #define SI_EDIT_PROPERTIES 0x00000080L
  74. #define SI_OWNER_RECURSE 0x00000100L
  75. #define SI_NO_ACL_PROTECT 0x00000200L
  76. #define SI_NO_TREE_APPLY 0x00000400L
  77. #define SI_PAGE_TITLE 0x00000800L
  78. #define SI_SERVER_IS_DC 0x00001000L
  79. #define SI_RESET_DACL_TREE 0x00004000L
  80. #define SI_RESET_SACL_TREE 0x00008000L
  81. #define SI_OBJECT_GUID 0x00010000L
  82. #define SI_EDIT_EFFECTIVE 0x00020000L
  83. #define SI_RESET_DACL 0x00040000L
  84. #define SI_RESET_SACL 0x00080000L
  85. #define SI_RESET_OWNER 0x00100000L
  86. #define SI_NO_ADDITIONAL_PERMISSION 0x00200000L
  87. #define SI_MAY_WRITE 0x10000000L //not sure if user can write permission
  88. #define SI_EDIT_ALL (SI_EDIT_PERMS | SI_EDIT_OWNER | SI_EDIT_AUDITS)
  89. typedef struct _SI_ACCESS
  90. {
  91. const GUID *pguid;
  92. ACCESS_MASK mask;
  93. LPCWSTR pszName; // may be resource ID
  94. DWORD dwFlags;
  95. } SI_ACCESS, *PSI_ACCESS;
  96. // SI_ACCESS flags
  97. #define SI_ACCESS_SPECIFIC 0x00010000L
  98. #define SI_ACCESS_GENERAL 0x00020000L
  99. #define SI_ACCESS_CONTAINER 0x00040000L // general access, container-only
  100. #define SI_ACCESS_PROPERTY 0x00080000L
  101. // ACE inheritance flags (CONTAINER_INHERIT_ACE, etc.) may also be set.
  102. // They will be used as the inheritance when an access is turned on.
  103. typedef struct _SI_INHERIT_TYPE
  104. {
  105. const GUID *pguid;
  106. ULONG dwFlags;
  107. LPCWSTR pszName; // may be resource ID
  108. } SI_INHERIT_TYPE, *PSI_INHERIT_TYPE;
  109. // SI_INHERIT_TYPE flags are a combination of INHERIT_ONLY_ACE,
  110. // CONTAINER_INHERIT_ACE, and OBJECT_INHERIT_ACE.
  111. typedef enum _SI_PAGE_TYPE
  112. {
  113. SI_PAGE_PERM=0,
  114. SI_PAGE_ADVPERM,
  115. SI_PAGE_AUDIT,
  116. SI_PAGE_OWNER,
  117. SI_PAGE_EFFECTIVE,
  118. } SI_PAGE_TYPE;
  119. // Message to PropertySheetPageCallback (in addition to
  120. // PSPCB_CREATE and PSPCB_RELEASE)
  121. #define PSPCB_SI_INITDIALOG (WM_USER + 1)
  122. #undef INTERFACE
  123. #define INTERFACE ISecurityInformation
  124. DECLARE_INTERFACE_(ISecurityInformation, IUnknown)
  125. {
  126. // *** IUnknown methods ***
  127. STDMETHOD(QueryInterface) (THIS_ REFIID riid, LPVOID * ppvObj) PURE;
  128. STDMETHOD_(ULONG,AddRef) (THIS) PURE;
  129. STDMETHOD_(ULONG,Release) (THIS) PURE;
  130. // *** ISecurityInformation methods ***
  131. STDMETHOD(GetObjectInformation) (THIS_ PSI_OBJECT_INFO pObjectInfo ) PURE;
  132. STDMETHOD(GetSecurity) (THIS_ SECURITY_INFORMATION RequestedInformation,
  133. PSECURITY_DESCRIPTOR *ppSecurityDescriptor,
  134. BOOL fDefault ) PURE;
  135. STDMETHOD(SetSecurity) (THIS_ SECURITY_INFORMATION SecurityInformation,
  136. PSECURITY_DESCRIPTOR pSecurityDescriptor ) PURE;
  137. STDMETHOD(GetAccessRights) (THIS_ const GUID* pguidObjectType,
  138. DWORD dwFlags, // SI_EDIT_AUDITS, SI_EDIT_PROPERTIES
  139. PSI_ACCESS *ppAccess,
  140. ULONG *pcAccesses,
  141. ULONG *piDefaultAccess ) PURE;
  142. STDMETHOD(MapGeneric) (THIS_ const GUID *pguidObjectType,
  143. UCHAR *pAceFlags,
  144. ACCESS_MASK *pMask) PURE;
  145. STDMETHOD(GetInheritTypes) (THIS_ PSI_INHERIT_TYPE *ppInheritTypes,
  146. ULONG *pcInheritTypes ) PURE;
  147. STDMETHOD(PropertySheetPageCallback)(THIS_ HWND hwnd, UINT uMsg, SI_PAGE_TYPE uPage ) PURE;
  148. };
  149. typedef ISecurityInformation *LPSECURITYINFO;
  150. #undef INTERFACE
  151. #define INTERFACE ISecurityInformation2
  152. DECLARE_INTERFACE_(ISecurityInformation2, IUnknown)
  153. {
  154. // *** IUnknown methods ***
  155. STDMETHOD(QueryInterface) (THIS_ REFIID riid, LPVOID * ppvObj) PURE;
  156. STDMETHOD_(ULONG,AddRef) (THIS) PURE;
  157. STDMETHOD_(ULONG,Release) (THIS) PURE;
  158. // *** ISecurityInformation2 methods ***
  159. STDMETHOD_(BOOL,IsDaclCanonical) (THIS_ IN PACL pDacl) PURE;
  160. STDMETHOD(LookupSids) (THIS_ IN ULONG cSids, IN PSID *rgpSids, OUT LPDATAOBJECT *ppdo) PURE;
  161. };
  162. typedef ISecurityInformation2 *LPSECURITYINFO2;
  163. // HGLOBAL containing SID_INFO_LIST returned by ISecurityInformation2::LookupSids
  164. #define CFSTR_ACLUI_SID_INFO_LIST TEXT("CFSTR_ACLUI_SID_INFO_LIST")
  165. // Data structures corresponding to CFSTR_ACLUI_SID_INFO_LIST
  166. typedef struct _SID_INFO
  167. {
  168. PSID pSid;
  169. PWSTR pwzCommonName;
  170. PWSTR pwzClass; // Used for selecting icon, e.g. "User" or "Group"
  171. PWSTR pwzUPN; // Optional, may be NULL
  172. } SID_INFO, *PSID_INFO;
  173. typedef struct _SID_INFO_LIST
  174. {
  175. ULONG cItems;
  176. SID_INFO aSidInfo[ANYSIZE_ARRAY];
  177. } SID_INFO_LIST, *PSID_INFO_LIST;
  178. #undef INTERFACE
  179. #define INTERFACE IEffectivePermission
  180. DECLARE_INTERFACE_(IEffectivePermission, IUnknown)
  181. {
  182. // *** IUnknown methods ***
  183. STDMETHOD(QueryInterface) (THIS_ REFIID riid, LPVOID * ppvObj) PURE;
  184. STDMETHOD_(ULONG,AddRef) (THIS) PURE;
  185. STDMETHOD_(ULONG,Release) (THIS) PURE;
  186. // *** ISecurityInformation methods ***
  187. STDMETHOD(GetEffectivePermission) ( THIS_ const GUID* pguidObjectType,
  188. PSID pUserSid,
  189. LPCWSTR pszServerName,
  190. PSECURITY_DESCRIPTOR pSD,
  191. POBJECT_TYPE_LIST *ppObjectTypeList,
  192. ULONG *pcObjectTypeListLength,
  193. PACCESS_MASK *ppGrantedAccessList,
  194. ULONG *pcGrantedAccessListLength) PURE;
  195. };
  196. typedef IEffectivePermission *LPEFFECTIVEPERMISSION;
  197. #undef INTERFACE
  198. #define INTERFACE ISecurityObjectTypeInfo
  199. DECLARE_INTERFACE_(ISecurityObjectTypeInfo, IUnknown)
  200. {
  201. // *** IUnknown methods ***
  202. STDMETHOD(QueryInterface) (THIS_ REFIID riid, LPVOID * ppvObj) PURE;
  203. STDMETHOD_(ULONG,AddRef) (THIS) PURE;
  204. STDMETHOD_(ULONG,Release) (THIS) PURE;
  205. // *** ISecurityInformation methods ***
  206. STDMETHOD(GetInheritSource)(SECURITY_INFORMATION si,
  207. PACL pACL,
  208. PINHERITED_FROM *ppInheritArray) PURE;
  209. };
  210. typedef ISecurityObjectTypeInfo *LPSecurityObjectTypeInfo;
  211. // {965FC360-16FF-11d0-91CB-00AA00BBB723}
  212. EXTERN_GUID(IID_ISecurityInformation, 0x965fc360, 0x16ff, 0x11d0, 0x91, 0xcb, 0x0, 0xaa, 0x0, 0xbb, 0xb7, 0x23);
  213. // {c3ccfdb4-6f88-11d2-a3ce-00c04fb1782a}
  214. EXTERN_GUID(IID_ISecurityInformation2, 0xc3ccfdb4, 0x6f88, 0x11d2, 0xa3, 0xce, 0x0, 0xc0, 0x4f, 0xb1, 0x78, 0x2a);
  215. // {3853DC76-9F35-407c-88A1-D19344365FBC}
  216. EXTERN_GUID(IID_IEffectivePermission, 0x3853dc76, 0x9f35, 0x407c, 0x88, 0xa1, 0xd1, 0x93, 0x44, 0x36, 0x5f, 0xbc);
  217. // {FC3066EB-79EF-444b-9111-D18A75EBF2FA}
  218. EXTERN_GUID(IID_ISecurityObjectTypeInfo, 0xfc3066eb, 0x79ef, 0x444b, 0x91, 0x11, 0xd1, 0x8a, 0x75, 0xeb, 0xf2, 0xfa);
  219. HPROPSHEETPAGE ACLUIAPI CreateSecurityPage( LPSECURITYINFO psi );
  220. BOOL ACLUIAPI EditSecurity( HWND hwndOwner, LPSECURITYINFO psi );
  221. #ifdef __cplusplus
  222. }
  223. #endif /* __cplusplus */
  224. #endif /* _ACLUI_H_ */