Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

217 lines
5.0 KiB

/*++
Copyright (c) 1992-2000 Microsoft Corporation
Module Name:
cannedsd.hxx
Abstract:
This module contains declarations for the CANNED_SECURITY
class, which is a repository for the canned Security Descriptors
used by the utilities.
Initializing an object of this type generates the canned
security descriptors used by the utilities, which can
then be gotten from the object.
These security descriptors are all in the self-relative
format.
Author:
Bill McJohn (billmc) 04-March-1992
--*/
#if ! defined ( _CANNED_SECURITY_DEFN )
#define _CANNED_SECURITY_DEFN
#if defined ( _AUTOCHECK_ )
#define IFSUTIL_EXPORT
#elif defined ( _IFSUTIL_MEMBER_ )
#define IFSUTIL_EXPORT __declspec(dllexport)
#else
#define IFSUTIL_EXPORT __declspec(dllimport)
#endif
// The IFS utilities use the following kinds of canned Security Descriptors:
//
// NoAccess -- No one is granted any access (empty ACL).
// NoAcl -- The file has no ACL.
// ReadOnly -- System and Admins can read the file.
// ReadWrite -- System and Admins can read and write the file.
// Edit -- System and Admins can read and write the file,
// and can also change its permissions.
// EditWorld -- Edit plus NoAcl
//
typedef enum _CANNED_SECURITY_TYPE {
NoAccessCannedSd,
NoAclCannedSd,
ReadCannedSd,
WriteCannedSd,
EditCannedSd,
EditWorldCannedDirSd,
EditWorldCannedFileSd,
NewRootSd,
NoAclCannedFileSd
};
// These security descriptors need the SID's for System and Administrators.
//
//#define WELL_KNOWN_NAME_SYSTEM L"System"
//#define WELL_KNOWN_NAME_ADMINS L"Administrators"
#define WELL_KNOWN_NAME_SYSTEM L"SYSTEM"
#define WELL_KNOWN_NAME_ADMINS L"ADMINS"
DEFINE_TYPE( _CANNED_SECURITY_TYPE, CANNED_SECURITY_TYPE );
class CANNED_SECURITY : public OBJECT {
public:
IFSUTIL_EXPORT
DECLARE_CONSTRUCTOR( CANNED_SECURITY );
IFSUTIL_EXPORT
~CANNED_SECURITY(
);
NONVIRTUAL
IFSUTIL_EXPORT
BOOLEAN
Initialize(
);
NONVIRTUAL
IFSUTIL_EXPORT
PVOID
GetCannedSecurityDescriptor(
IN CANNED_SECURITY_TYPE Type,
OUT PULONG SecurityDescriptorLength
);
private:
NONVIRTUAL
VOID
Construct(
);
NONVIRTUAL
VOID
Destroy(
);
STATIC
BOOLEAN
QuerySystemSid(
OUT PSID NewSid,
IN OUT PULONG Length
);
STATIC
BOOLEAN
QueryPrincipalSelfSid(
OUT PSID NewSid,
IN OUT PULONG Length
);
STATIC
BOOLEAN
QueryCreatorOwnerSid(
OUT PSID NewSid,
IN OUT PULONG Length
);
STATIC
BOOLEAN
QueryPowerUsersSid(
OUT PSID NewSid,
IN OUT PULONG Length
);
STATIC
BOOLEAN
QueryUsersSid(
OUT PSID NewSid,
IN OUT PULONG Length
);
STATIC
BOOLEAN
QueryAdminsSid(
OUT PSID NewSid,
IN OUT PULONG Length
);
STATIC
PVOID
GenerateCannedSd(
IN CANNED_SECURITY_TYPE SecurityType,
IN ACCESS_MASK GrantedAccess,
IN PSID AdminsSid,
IN PSID SystemSid,
IN HANDLE TokenHandle,
OUT PULONG Length
);
STATIC
BOOLEAN
GenerateCannedAcl(
IN PACL AclBuffer,
IN ULONG BufferLength,
IN ACCESS_MASK GrantedAccess,
IN PSID AdminsSid,
IN PSID SystemSid
);
STATIC
BOOLEAN
GenerateCannedWorldDirAcl(
IN PACL AclBuffer,
IN ULONG BufferLength,
IN ACCESS_MASK GrantedAccess,
IN PSID AdminsSid,
IN PSID SystemSid
);
STATIC
BOOLEAN
GenerateCannedWorldFileAcl(
IN PACL AclBuffer,
IN ULONG BufferLength,
IN ACCESS_MASK GrantedAccess,
IN PSID AdminsSid,
IN PSID SystemSid
);
STATIC
BOOLEAN
GenerateCannedNewRootAcl(
IN PACL AclBuffer,
IN ULONG BufferLength
);
ULONG _NoAccessLength, _NoAclLength, _ReadLength,
_WriteLength, _EditLength,
_EditWorldDirLength, _EditWorldFileLength,
_NewRootSdLength, _NoAclFileLength;
PVOID _NoAccessSd, _NoAclSd, _ReadSd, _WriteSd, _EditSd,
_EditWorldDirSd, _EditWorldFileSd,
_NewRootSd, _NoAclFileSd;
};
#endif