mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
184 lines
6.3 KiB
184 lines
6.3 KiB
//+-------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
// Copyright (C) Microsoft Corporation, 1993 - 1995.
|
|
//
|
|
// File: aclbuild.hxx
|
|
//
|
|
// Contents: Class to generate and read ACLs from and into ACCESS_ENTRYs
|
|
//
|
|
// History: 8-94 Created DaveMont
|
|
//
|
|
//--------------------------------------------------------------------
|
|
#ifndef __ACLBUILD__
|
|
#define __ACLBUILD__
|
|
|
|
#include <accctrl.h>
|
|
|
|
//
|
|
// Valid returned ACE flags
|
|
//
|
|
|
|
|
|
#define ACLBUILD_VALID_ACE_FLAGS (OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | INHERIT_ONLY_ACE)
|
|
|
|
class CAccountAccess;
|
|
class CMemberCheck;
|
|
class CIterator;
|
|
class CAclIterator;
|
|
class CAesIterator;
|
|
|
|
//
|
|
// IsContainer enumerated type, used by aclbuild.hxx (exposed here for cairole\stg)
|
|
//
|
|
|
|
typedef enum _IS_CONTAINER
|
|
{
|
|
ACCESS_TO_UNKNOWN = 0,
|
|
ACCESS_TO_OBJECT,
|
|
ACCESS_TO_CONTAINER
|
|
} IS_CONTAINER, *PIS_CONTAINER;
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
//
|
|
// mask conversions, (exposed here for cairole\stg)
|
|
//
|
|
ULONG NTAccessMaskToProvAccessRights(IN SE_OBJECT_TYPE SeObjectType,
|
|
IN BOOL fIsContainer,
|
|
IN ACCESS_MASK AccessMask);
|
|
|
|
ACCESS_MASK ProvAccessRightsToNTAccessMask(IN SE_OBJECT_TYPE SeObjectType,
|
|
IN ULONG AccessRights);
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
//============================================================================
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Class: CAcl
|
|
//
|
|
// Synopsis: Base class for ACL generation and reading, see aclbuild.cxx
|
|
// header for detailed description
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
class CAcl
|
|
{
|
|
public:
|
|
CAcl(LPWSTR system,
|
|
IS_CONTAINER fdir,
|
|
BOOL fSaveNamesAndSids,
|
|
BOOL fUsedByProviderIndependentApi);
|
|
~CAcl();
|
|
|
|
void * operator new(size_t size);
|
|
void operator delete(void * p, size_t size);
|
|
inline ULONG AclRevision();
|
|
inline ULONG Capabilities();
|
|
|
|
DWORD WINAPI SetAcl( PACL pacl);
|
|
|
|
DWORD WINAPI ClearAll();
|
|
|
|
DWORD WINAPI ClearAccessEntries();
|
|
|
|
DWORD WINAPI AddAccessEntries( ULONG ccount,
|
|
PACCESS_ENTRY pae);
|
|
|
|
DWORD WINAPI BuildAcl(PACL *pacl);
|
|
|
|
DWORD WINAPI BuildAccessEntries(PULONG csize,
|
|
PULONG ccount,
|
|
PACCESS_ENTRY *pae,
|
|
BOOL fAbsolute);
|
|
|
|
DWORD WINAPI GetEffectiveRights(PTRUSTEE ptrustee,
|
|
PACCESS_MASK accessmask);
|
|
|
|
DWORD WINAPI GetAuditedRights(PTRUSTEE ptrustee,
|
|
PACCESS_MASK successmask,
|
|
PACCESS_MASK failuremask);
|
|
protected:
|
|
|
|
DWORD WINAPI _Pass1(PULONG cSize, PULONG cCount, BOOL fBuildAcl);
|
|
|
|
DWORD WINAPI _CheckEntryList(CAccountAccess *pCAA,
|
|
CAccountAccess **plistCAA,
|
|
ULONG clistlength,
|
|
PULONG cSize,
|
|
PULONG cCount,
|
|
BOOL fBuildAcl) ;
|
|
|
|
DWORD WINAPI _UseEntry(CAccountAccess *pCAA,
|
|
PULONG cSize,
|
|
PULONG cCount,
|
|
BOOL fBuildAcl);
|
|
|
|
DWORD WINAPI _RemoveEntry(CAccountAccess *pCAA,
|
|
PULONG cSize,
|
|
PULONG cCount,
|
|
BOOL fBuildAcl);
|
|
|
|
DWORD WINAPI _MergeEntries(CAccountAccess *pnewCAA,
|
|
CAccountAccess *poldCAA,
|
|
PULONG cSize,
|
|
PULONG cCount,
|
|
BOOL fBuildAcl);
|
|
|
|
void _BuildAccessEntry(CAccountAccess *pCAA,
|
|
LPWSTR *nameptr,
|
|
PACCESS_ENTRY pAccessEntry,
|
|
BOOL fAbsolute);
|
|
|
|
void _BuildDualAuditEntries(CAccountAccess *pCAA,
|
|
LPWSTR *nameptr,
|
|
PACCESS_ENTRY pae,
|
|
DWORD *ccount,
|
|
BOOL fAbsolute);
|
|
|
|
ULONG _GetAceSize(CAccountAccess *pcaa);
|
|
DWORD WINAPI _GetAccessEntrySize(CAccountAccess *pcaa,
|
|
PULONG cAccessEntrySize);
|
|
DWORD WINAPI _AddEntry(CIterator *ci,
|
|
CAccountAccess **pcaa,
|
|
PULONG pcaaindex);
|
|
DWORD WINAPI _CheckForDuplicateEntries(CAccountAccess **pcaa,
|
|
ULONG curindex,
|
|
ULONG countold);
|
|
DWORD WINAPI _SetAceFlags(ULONG AceIndex,
|
|
PACL pacl,
|
|
CAccountAccess *pcaa);
|
|
|
|
DWORD WINAPI _ComputeEffective(CAccountAccess *pCAA,
|
|
CMemberCheck *cMC,
|
|
PACCESS_MASK AllowMask,
|
|
PACCESS_MASK DenyMask);
|
|
|
|
DWORD WINAPI _InitIterators();
|
|
|
|
BOOL _fused_by_provider_independent_api; // cluge to make provider
|
|
// independent masks work
|
|
ULONG _aclrevision;
|
|
ULONG _capabilities;
|
|
CAccountAccess **_pcaaacl; // list of acl account accesses
|
|
CAccountAccess **_pcaaaes; // list of access entry account accesses
|
|
ULONG _pcaaaclindex;
|
|
ULONG _pcaaaesindex;
|
|
LPWSTR _system;
|
|
IS_CONTAINER _fdir;
|
|
BOOL _fsave_names_and_sids;
|
|
CAclIterator *_pcacli; // acl iterator
|
|
CAesIterator *_pcaeli; // access entry iterator
|
|
};
|
|
|
|
//----------------------------------------------------------------------------
|
|
ULONG CAcl::AclRevision()
|
|
{
|
|
return(_aclrevision);
|
|
}
|
|
//----------------------------------------------------------------------------
|
|
ULONG CAcl::Capabilities()
|
|
{
|
|
return(_capabilities);
|
|
}
|
|
#endif // __ACLBUILD__
|