mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
217 lines
5.0 KiB
217 lines
5.0 KiB
/*++
|
|
|
|
Copyright (c) 1992-2000 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
cannedsd.hxx
|
|
|
|
Abstract:
|
|
|
|
This module contains declarations for the CANNED_SECURITY
|
|
class, which is a repository for the canned Security Descriptors
|
|
used by the utilities.
|
|
|
|
Initializing an object of this type generates the canned
|
|
security descriptors used by the utilities, which can
|
|
then be gotten from the object.
|
|
|
|
These security descriptors are all in the self-relative
|
|
format.
|
|
|
|
Author:
|
|
|
|
Bill McJohn (billmc) 04-March-1992
|
|
|
|
--*/
|
|
|
|
#if ! defined ( _CANNED_SECURITY_DEFN )
|
|
|
|
#define _CANNED_SECURITY_DEFN
|
|
|
|
|
|
#if defined ( _AUTOCHECK_ )
|
|
#define IFSUTIL_EXPORT
|
|
#elif defined ( _IFSUTIL_MEMBER_ )
|
|
#define IFSUTIL_EXPORT __declspec(dllexport)
|
|
#else
|
|
#define IFSUTIL_EXPORT __declspec(dllimport)
|
|
#endif
|
|
|
|
|
|
|
|
// The IFS utilities use the following kinds of canned Security Descriptors:
|
|
//
|
|
// NoAccess -- No one is granted any access (empty ACL).
|
|
// NoAcl -- The file has no ACL.
|
|
// ReadOnly -- System and Admins can read the file.
|
|
// ReadWrite -- System and Admins can read and write the file.
|
|
// Edit -- System and Admins can read and write the file,
|
|
// and can also change its permissions.
|
|
// EditWorld -- Edit plus NoAcl
|
|
//
|
|
typedef enum _CANNED_SECURITY_TYPE {
|
|
|
|
NoAccessCannedSd,
|
|
NoAclCannedSd,
|
|
ReadCannedSd,
|
|
WriteCannedSd,
|
|
EditCannedSd,
|
|
EditWorldCannedDirSd,
|
|
EditWorldCannedFileSd,
|
|
NewRootSd,
|
|
NoAclCannedFileSd
|
|
};
|
|
|
|
// These security descriptors need the SID's for System and Administrators.
|
|
//
|
|
|
|
//#define WELL_KNOWN_NAME_SYSTEM L"System"
|
|
//#define WELL_KNOWN_NAME_ADMINS L"Administrators"
|
|
|
|
#define WELL_KNOWN_NAME_SYSTEM L"SYSTEM"
|
|
#define WELL_KNOWN_NAME_ADMINS L"ADMINS"
|
|
|
|
|
|
|
|
DEFINE_TYPE( _CANNED_SECURITY_TYPE, CANNED_SECURITY_TYPE );
|
|
|
|
|
|
class CANNED_SECURITY : public OBJECT {
|
|
|
|
public:
|
|
|
|
IFSUTIL_EXPORT
|
|
DECLARE_CONSTRUCTOR( CANNED_SECURITY );
|
|
|
|
IFSUTIL_EXPORT
|
|
~CANNED_SECURITY(
|
|
);
|
|
|
|
NONVIRTUAL
|
|
IFSUTIL_EXPORT
|
|
BOOLEAN
|
|
Initialize(
|
|
);
|
|
|
|
NONVIRTUAL
|
|
IFSUTIL_EXPORT
|
|
PVOID
|
|
GetCannedSecurityDescriptor(
|
|
IN CANNED_SECURITY_TYPE Type,
|
|
OUT PULONG SecurityDescriptorLength
|
|
);
|
|
|
|
private:
|
|
|
|
NONVIRTUAL
|
|
VOID
|
|
Construct(
|
|
);
|
|
|
|
NONVIRTUAL
|
|
VOID
|
|
Destroy(
|
|
);
|
|
|
|
STATIC
|
|
BOOLEAN
|
|
QuerySystemSid(
|
|
OUT PSID NewSid,
|
|
IN OUT PULONG Length
|
|
);
|
|
|
|
STATIC
|
|
BOOLEAN
|
|
QueryPrincipalSelfSid(
|
|
OUT PSID NewSid,
|
|
IN OUT PULONG Length
|
|
);
|
|
|
|
STATIC
|
|
BOOLEAN
|
|
QueryCreatorOwnerSid(
|
|
OUT PSID NewSid,
|
|
IN OUT PULONG Length
|
|
);
|
|
|
|
STATIC
|
|
BOOLEAN
|
|
QueryPowerUsersSid(
|
|
OUT PSID NewSid,
|
|
IN OUT PULONG Length
|
|
);
|
|
|
|
STATIC
|
|
BOOLEAN
|
|
QueryUsersSid(
|
|
OUT PSID NewSid,
|
|
IN OUT PULONG Length
|
|
);
|
|
|
|
STATIC
|
|
BOOLEAN
|
|
QueryAdminsSid(
|
|
OUT PSID NewSid,
|
|
IN OUT PULONG Length
|
|
);
|
|
|
|
STATIC
|
|
PVOID
|
|
GenerateCannedSd(
|
|
IN CANNED_SECURITY_TYPE SecurityType,
|
|
IN ACCESS_MASK GrantedAccess,
|
|
IN PSID AdminsSid,
|
|
IN PSID SystemSid,
|
|
IN HANDLE TokenHandle,
|
|
OUT PULONG Length
|
|
);
|
|
|
|
STATIC
|
|
BOOLEAN
|
|
GenerateCannedAcl(
|
|
IN PACL AclBuffer,
|
|
IN ULONG BufferLength,
|
|
IN ACCESS_MASK GrantedAccess,
|
|
IN PSID AdminsSid,
|
|
IN PSID SystemSid
|
|
);
|
|
|
|
STATIC
|
|
BOOLEAN
|
|
GenerateCannedWorldDirAcl(
|
|
IN PACL AclBuffer,
|
|
IN ULONG BufferLength,
|
|
IN ACCESS_MASK GrantedAccess,
|
|
IN PSID AdminsSid,
|
|
IN PSID SystemSid
|
|
);
|
|
|
|
STATIC
|
|
BOOLEAN
|
|
GenerateCannedWorldFileAcl(
|
|
IN PACL AclBuffer,
|
|
IN ULONG BufferLength,
|
|
IN ACCESS_MASK GrantedAccess,
|
|
IN PSID AdminsSid,
|
|
IN PSID SystemSid
|
|
);
|
|
|
|
STATIC
|
|
BOOLEAN
|
|
GenerateCannedNewRootAcl(
|
|
IN PACL AclBuffer,
|
|
IN ULONG BufferLength
|
|
);
|
|
|
|
ULONG _NoAccessLength, _NoAclLength, _ReadLength,
|
|
_WriteLength, _EditLength,
|
|
_EditWorldDirLength, _EditWorldFileLength,
|
|
_NewRootSdLength, _NoAclFileLength;
|
|
PVOID _NoAccessSd, _NoAclSd, _ReadSd, _WriteSd, _EditSd,
|
|
_EditWorldDirSd, _EditWorldFileSd,
|
|
_NewRootSd, _NoAclFileSd;
|
|
};
|
|
|
|
|
|
#endif
|