Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

157 lines
4.3 KiB

//+-------------------------------------------------------------------
//
// Copyright (C) 1995, Microsoft Corporation.
//
// File: ACCACC.hxx
//
// Contents: class encapsulating NT security user ACCACC.
//
// Classes: CACCACC
//
// Functions:
//
// History: Nov-93 Created DaveMont
//
//--------------------------------------------------------------------
#ifndef __ACCACC__
#define __ACCACC__
#include <t2.hxx>
#include <account.hxx>
//+-------------------------------------------------------------------
//
// Class: CAccountAccess
//
// Purpose: encapsulation of class Account and NT access masks. This
// class interfaces with the security system to get SIDs from
// usernames and vis-versa.
//
// this class has also been supplimented to contain information
// about ACEs with the same SID in the ACL if a (edit) merge
// operation is occuring
//
//--------------------------------------------------------------------
class CAccountAccess: private CAccount
{
public:
CAccountAccess(WCHAR *Name, WCHAR *System);
ULONG Init(ULONG access);
inline void ReInit();
inline ULONG Sid(SID **psid);
inline BYTE AceType();
inline ACCESS_MASK AccessMask();
inline void ClearAccessMask();
void AddInheritance(BYTE Flags);
inline ULONG TestInheritance();
private:
ACCESS_MASK _savemask; // saved requested mask (because _mask gets cleared if
// the ace is not used).
ACCESS_MASK _mask; // requested mask
BYTE _acetype;
ULONG _foundinheritance; // contains the OR of all the inheritances from the original ACL
};
// this is used in conjunction with ACE inherit flags to indicate that access
// rights in an ACE apply to the container as well
#define APPLIES_TO_CONTAINER 0x4
//+---------------------------------------------------------------------------
//
// Member: CAccountAccess::Init, public
//
// Synopsis: initializes access mask
//
// Arguments: IN [access] - access mask
//
//----------------------------------------------------------------------------
void CAccountAccess::ReInit()
{
_mask = _savemask;
}
//+---------------------------------------------------------------------------
//
// Member: CAccountAccess::Sid, public
//
// Synopsis: returns the principal for the class
//
// Arguments: OUT [psid] - address of the principal name
//
//----------------------------------------------------------------------------
ULONG CAccountAccess::Sid(SID **psid)
{
return(GetAccountSid(psid));
}
//+---------------------------------------------------------------------------
//
// Member: CAccountAccess::AceType, public
//
// Synopsis: returns the acetype (denied, allowed)
//
// Arguments: none
//
//----------------------------------------------------------------------------
BYTE CAccountAccess::AceType()
{
return(_acetype);
}
//+---------------------------------------------------------------------------
//
// Member: CAccountAccess::AccessMask, public
//
// Synopsis: returns the access mask
//
// Arguments: none
//
//----------------------------------------------------------------------------
ACCESS_MASK CAccountAccess::AccessMask()
{
return(_mask);
}
//+---------------------------------------------------------------------------
//
// Member: CAccountAccess::ClearAccessMask, public
//
// Synopsis: returns the access mask
//
// Arguments: none
//
//----------------------------------------------------------------------------
void CAccountAccess::ClearAccessMask()
{
_mask = 0;
}
//+---------------------------------------------------------------------------
//
// Member: CAccountAccess::TestInheritance, public
//
// Synopsis: checks that the inheritance is valid,
// that objects & containers inherit, and rights are applied to the object.
//
// Arguments: none
//
//--------------------------------------------------------------------
ULONG CAccountAccess::TestInheritance()
{
if (_foundinheritance == ( OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | APPLIES_TO_CONTAINER))
return(ERROR_SUCCESS);
else
return(ERROR_INVALID_DATA);
}
#endif // __ACCACC__