Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

155 lines
5.7 KiB

/*---------------------------------------------------------------------------
File: SD.hpp
Comments: A generic class for managing security descriptors.
The constructor takes a security descriptor in self-relative format.
(c) Copyright 1995-1998, Mission Critical Software, Inc., All Rights Reserved
Proprietary and confidential to Mission Critical Software, Inc.
REVISION LOG ENTRY
Revision By: Christy Boles
Revised on 01-Oct-98 12:30:26
---------------------------------------------------------------------------
*/
#include <stdlib.h>
#include <malloc.h>
#define SD_DEFAULT_STRUCT_SIZE (sizeof (SECURITY_DESCRIPTOR) )
#define SD_DEFAULT_ACL_SIZE 787
#define SD_DEFAULT_SID_SIZE 30
#define SD_DEFAULT_SIZE 400
#define DACL_FULLCONTROL_MASK (FILE_GENERIC_READ | FILE_ALL_ACCESS)
#define DACL_CHANGE_MASK (FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE | DELETE)
#define DACL_READ_MASK ( FILE_GENERIC_READ | FILE_GENERIC_EXECUTE )
#define DACL_NO_MASK 0
#define SACL_READ_MASK (ACCESS_SYSTEM_SECURITY | FILE_GENERIC_READ)
#define SACL_WRITE_MASK (ACCESS_SYSTEM_SECURITY | FILE_GENERIC_WRITE)
#define SACL_EXECUTE_MASK ( SYNCHRONIZE | FILE_GENERIC_EXECUTE )
#define SACL_DELETE_MASK (DELETE)
#define SACL_CHANGEPERMS_MASK (WRITE_DAC)
#define SACL_CHANGEOWNER_MASK (WRITE_OWNER)
typedef enum { McsUnknownSD=0, McsFileSD, McsDirectorySD, McsShareSD, McsMailboxSD, McsExchangeSD, McsRegistrySD, McsPrinterSD } SecuredObjectType;
class TSecurableObject;
class TACE
{
ACCESS_ALLOWED_ACE * m_pAce;
BOOL m_bNeedToFree;
public:
TACE(BYTE type,BYTE flags,DWORD mask, PSID sid); // allocates and initializes a new ace
TACE(void * pAce) { m_pAce = (ACCESS_ALLOWED_ACE *)pAce; m_bNeedToFree = FALSE; } // manages an existing ace
~TACE() { if ( m_bNeedToFree ) free(m_pAce); }
void * GetBuffer() { return m_pAce; }
void SetBuffer(void * pAce, BOOL bNeedToFree = FALSE) { m_pAce = (ACCESS_ALLOWED_ACE *)pAce; m_bNeedToFree = bNeedToFree;}
BYTE GetType();
BYTE GetFlags();
DWORD GetMask();
PSID GetSid();
WORD GetSize();
BOOL SetType(BYTE newType);
BOOL SetFlags(BYTE newFlags);
BOOL SetMask(DWORD newMask);
BOOL SetSid(PSID sid);
BOOL IsAccessAllowedAce();
};
class TSD
{
friend class TSecurableObject;
protected:
SECURITY_DESCRIPTOR * m_absSD; // SD in absolute format
BOOL m_bOwnerChanged;
BOOL m_bGroupChanged;
BOOL m_bDACLChanged;
BOOL m_bSACLChanged;
BOOL m_bNeedToFreeSD;
BOOL m_bNeedToFreeOwner;
BOOL m_bNeedToFreeGroup;
BOOL m_bNeedToFreeDacl;
BOOL m_bNeedToFreeSacl;
SecuredObjectType m_ObjectType;
public:
TSD(SECURITY_DESCRIPTOR * pSD, SecuredObjectType objectType, BOOL bResponsibleForDelete);
TSD(TSD * pTSD);
~TSD();
BOOL operator == (TSD & otherSD);
SECURITY_DESCRIPTOR const * GetSD() const { return m_absSD; } // returns a pointer to the absolute-format SD
SECURITY_DESCRIPTOR * MakeAbsSD() const; // returns a copy of the SD in absolute format
SECURITY_DESCRIPTOR * MakeRelSD() const; // returns a copy of the SD in self-relative format
// type of secured object
SecuredObjectType GetType() const { return m_ObjectType; }
void SetType(SecuredObjectType newType) { m_ObjectType = newType;}
// Security Descriptor parts
PSID const GetOwner() const;
void SetOwner(PSID pNewOwner);
PSID const GetGroup() const;
void SetGroup(PSID const pNewGroup);
PACL const GetDacl() const;
// SetDacl will free the buffer pNewAcl.
void SetDacl(PACL pNewAcl,BOOL present = TRUE);
PACL const GetSacl() const;
// SetSacl will free the buffer pNewAcl.
void SetSacl(PACL pNewAcl, BOOL present = TRUE);
// Security Descriptor flags
BOOL IsOwnerDefaulted() const;
BOOL IsGroupDefaulted() const;
BOOL IsDaclDefaulted() const;
BOOL IsDaclPresent() const;
BOOL IsSaclDefaulted() const;
BOOL IsSaclPresent() const;
// Change tracking functions
BOOL IsOwnerChanged() const { return m_bOwnerChanged; }
BOOL IsGroupChanged() const { return m_bGroupChanged; }
BOOL IsDACLChanged() const { return m_bDACLChanged; }
BOOL IsSACLChanged() const { return m_bSACLChanged; }
BOOL IsChanged() const { return ( m_bOwnerChanged || m_bGroupChanged || m_bDACLChanged || m_bSACLChanged ); }
void MarkAllChanged(BOOL bChanged) { m_bOwnerChanged=bChanged; m_bGroupChanged=bChanged; m_bDACLChanged=bChanged; m_bSACLChanged=bChanged; }
// Functions to manage ACLs
int GetNumDaclAces() { return ACLGetNumAces(GetDacl()); }
void AddDaclAce(TACE * pAce);
void RemoveDaclAce(int ndx);
void * GetDaclAce(int ndx) { return ACLGetAce(GetDacl(),ndx); }
int GetNumSaclAces() { return ACLGetNumAces(GetSacl()); }
void AddSaclAce(TACE * pAce);
void RemoveSaclAce(int ndx);
void * GetSaclAce(int ndx) { return ACLGetAce(GetSacl(),ndx); }
BOOL IsValid() { return (m_absSD && IsValidSecurityDescriptor(m_absSD)); }
void FreeAbsSD(SECURITY_DESCRIPTOR * pSD, BOOL bAll = TRUE);
void ACLAddAce(PACL * ppAcl, TACE * pAce, int pos);
void * ACLGetAce(PACL acl, int ndx);
protected:
// Implementation - helper functions
// Comparison functions
BOOL EqualSD(TSD * otherSD);
BOOL ACLCompare(PACL acl1,BOOL present1,PACL acl2, BOOL present2);
// ACL manipulation functions
int ACLGetNumAces(PACL acl);
DWORD ACLGetFreeBytes(PACL acl);
DWORD ACLGetBytesInUse(PACL acl);
void ACLDeleteAce(PACL acl, int ndx);
SECURITY_DESCRIPTOR * MakeAbsSD(SECURITY_DESCRIPTOR * pSD) const;
};