Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

371 lines
11 KiB

/**********************************************************************/
/** Microsoft Windows NT **/
/** Copyright(c) Microsoft Corp., 1992 **/
/**********************************************************************/
/*
lsaaccnt.hxx
This file contains the LSA account object.
FILE HISTORY:
Yi-HsinS 3-Mar-1992 Created
*/
#ifndef _LSAACCNT_HXX_
#define _LSAACCNT_HXX_
#include "uintlsa.hxx"
#include "lmobj.hxx"
#include "security.hxx"
/*************************************************************************
NAME: OS_LUID
SYNOPSIS: The wrapper class for the LUID
INTERFACE: OS_LUID() - Constructor
QueryLuid() - Query the LUID
SetLuid() - Set the LUID
operator==()- Compare two OS_LUID
PARENT:
USES: LUID
NOTES: Just to add the access methods
HISTORY:
Yi-HsinS 3-Mar-1992 Created
**************************************************************************/
DLL_CLASS OS_LUID
{
private:
LUID _luid;
public:
OS_LUID( LUID luid )
: _luid( luid ) {}
OS_LUID() {}
VOID SetLuid( LUID luid )
{ _luid = luid; }
LUID QueryLuid( VOID ) const
{ return _luid; }
BOOL operator==( const OS_LUID & osluid ) const ;
};
/*************************************************************************
NAME: OS_LUID_AND_ATTRIBUTES
SYNOPSIS: The wrapper class for the LUID_AND_ATTRIBUTES
INTERFACE: OS_LUID_AND_ATTRIBUTES() - Constructor
SetLuidAndAttrib() - Set the luid and attribute
QueryOsLuid() - Query the LUID
QueryAttributes() - Query the attribute
PARENT:
USES: LUID_AND_ATTRIBUTES
NOTES: Just to add the access methods
HISTORY:
Yi-HsinS 3-Mar-1992 Created
**************************************************************************/
DLL_CLASS OS_LUID_AND_ATTRIBUTES
{
private:
OS_LUID _osluid;
ULONG _ulAttributes;
public:
OS_LUID_AND_ATTRIBUTES( LUID_AND_ATTRIBUTES luidAndAttrib )
: _osluid( luidAndAttrib.Luid ),
_ulAttributes( luidAndAttrib.Attributes) {}
OS_LUID_AND_ATTRIBUTES() {}
VOID SetLuidAndAttrib( LUID_AND_ATTRIBUTES luidAndAttrib )
{ _osluid = luidAndAttrib.Luid; _ulAttributes = luidAndAttrib.Attributes; }
const OS_LUID &QueryOsLuid( VOID ) const
{ return _osluid; }
ULONG QueryAttributes( VOID ) const
{ return _ulAttributes; }
};
/*************************************************************************
NAME: OS_PRIVILEGE_SET
SYNOPSIS: The wrapper class for the PRIVILEGE_SET
INTERFACE: OS_PRIVILEGE_SET() - Constructor
~OS_PRIVILEGE_SET() - Destructor
QueryPrivSet() - Return a pointer to the PRIVILEGE_SET
SetPtr() - Set the object point to another
PRIVILEGE_SET
QueryNumberOfPrivileges() - Query the number of privileges
in this PRIVILEGE_SET
QueryPrivilege() - Return OS_LUID_AND_ATTRIBUTES of the
ith privilege
FindPrivilege() - Return the index in the PRIVILEGE_SET
for the requested LUID.
// The following two methods can only be applied to
// non owner-alloc PRIVILEGE_SET
AddPrivilege() - Add a privilege to this PRIVILEGE_SET
RemovePrivilege() - Remove a privilege from this PRIVILEGE_SET
Clear() - Clear the privilege set ( remove all
privileges from this privilege set )
PARENT: OS_OBJECT_WITH_DATA
USES: PPRIVILEGE_SET
NOTES: This class can either point to a PRIVILEGE_SET returned
by some API ( owner alloc ) or a newly created PRIVILEGE_SET
in which case we have to resize the buffer as necessary
( 'cause of AddPrivilege or DeletePrivilege ).
HISTORY:
Yi-HsinS 3-Mar-1992 Created
**************************************************************************/
DLL_CLASS OS_PRIVILEGE_SET: public OS_OBJECT_WITH_DATA
{
private:
PPRIVILEGE_SET _pPrivSet;
OS_LUID_AND_ATTRIBUTES _osluidAndAttrib;
// Maximum number of privileges that the current buffer size can hold
ULONG _ulMaxNumPrivInBuf;
BOOL IsOwnerAlloc( VOID ) const
{ return ( (VOID *) _pPrivSet) != QueryPtr(); }
// Helper method for initializing owner-alloc privilege set
VOID InitializeMemory( VOID );
public:
OS_PRIVILEGE_SET( PPRIVILEGE_SET pPrivSet = NULL );
~OS_PRIVILEGE_SET();
VOID SetPtr( PPRIVILEGE_SET pPrivSet )
{ _pPrivSet = pPrivSet; }
PPRIVILEGE_SET QueryPrivSet( VOID ) const
{ return _pPrivSet; }
ULONG QueryNumberOfPrivileges( VOID ) const
{ return _pPrivSet->PrivilegeCount; }
const OS_LUID_AND_ATTRIBUTES *QueryPrivilege( LONG i ) ;
// Return the index of the privilege
LONG FindPrivilege( LUID luid ) const;
// The following methods are only valid if the privilege set is owner alloc.
// Will assert out if AddPrivilege or RemovePrivilege is applied to
// a PRIVILEGE_SET we got back from LSA APIs ( non owner alloc) .
APIERR AddPrivilege( LUID luid,
ULONG ulAttribs = SE_PRIVILEGE_ENABLED_BY_DEFAULT );
APIERR RemovePrivilege( LUID luid );
// Remove the ith privilege from the set
APIERR RemovePrivilege( LONG i );
VOID Clear( VOID );
};
/*************************************************************************
NAME: LSA_ACCOUNT_PRIVILEGE_ENUM_ITER
SYNOPSIS: Iterator for getting all the privileges of a account in the
LSA
INTERFACE: LSA_ACCOUNT_PRIVILEGE_ENUM_ITER() - Constructor
~LSA_ACCOUNT_PRIVILEGE_ENUM_ITER() - Destructor
operator()() - Return the next OS_LUID_AND_ATTRIBUTES
PARENT: BASE
USES: OS_PRIVILEGE_SET
NOTES:
HISTORY:
Yi-HsinS 3-Mar-1992 Created
**************************************************************************/
DLL_CLASS LSA_ACCOUNT_PRIVILEGE_ENUM_ITER: public BASE
{
private:
OS_PRIVILEGE_SET *_pOsPrivSet;
LONG _iNext;
public:
LSA_ACCOUNT_PRIVILEGE_ENUM_ITER( OS_PRIVILEGE_SET * pOsPrivSet );
~LSA_ACCOUNT_PRIVILEGE_ENUM_ITER();
const OS_LUID_AND_ATTRIBUTES *operator()( VOID );
};
/*************************************************************************
NAME: LSA_ACCOUNT
SYNOPSIS: The wrapper class for the Account object in LSA
INTERFACE: LSA_ACCOUNT() - Constructor
~LSA_ACCOUNT() - Destructor
QueryHandle() - Query the account handle
QueryOsSid() - Query the OS_SID of the account
QueryName() - Query the name of the account
QueryAccess() - Query access mask used in Open or Create
QuerySystemAccess() - Query the current system access
mode of the account.
InsertSystemAccessMode() - Add a system access mode to
this account
DeleteSystemAccessMode() - Remove a system access mode from
this account
DeleteAllSystemAccessMode() - Remove all system access modes
from this account
QueryPrivilegeEnumIter - Return an iterator to get the
privileges this account has.
InsertPrivilege() - Add a privilege to this account
DeletePrivilege() - Remove a privilege from this account
// Inherit from NEW_LM_OBJ
GetInfo()
WriteInfo()
CreateNew()
WriteNew()
Write()
Delete()
PARENT: BASE
USES: LSA_POLICY, OS_SID, NLS_STR, OS_PRIVILEGE_SET
NOTES: This class inherits from NEW_LM_OBJ. All information about the
account will be available after GetInfo(). All modifications
made to an existing account will only happen on WriteInfo().
An account will only be created only after WriteNew().
HISTORY:
Yi-HsinS 3-Mar-1992 Created
**************************************************************************/
#define LSA_ACCOUNT_DEFAULT_MASK ( ACCOUNT_ALL_ACCESS | DELETE )
#define LSA_ACCOUNT_DEFAULT_FOCUS NULL
DLL_CLASS LSA_ACCOUNT: public NEW_LM_OBJ
{
private:
LSA_POLICY *_plsaPolicy; // Pointer to LSA_POLICY
LSA_HANDLE _handleAccount; // Handle of this account object
OS_SID _ossid; // SID of the account
NLS_STR _nlsName; // Name of the account
ACCESS_MASK _accessDesired; // Access mask for use in Open or Create
// the privilege set the account currently owns
OS_PRIVILEGE_SET _osPrivSetCurrent;
// the privilege set to be added to the account
OS_PRIVILEGE_SET _osPrivSetAdd;
// the privilege set to be deleted from the account
OS_PRIVILEGE_SET _osPrivSetDelete;
// current system access mode
ULONG _ulSystemAccessCurrent;
// modified system access - we have this so that we know whether
// system access mode has been modified or not. If not, we could
// avoid an API call.
ULONG _ulSystemAccessNew;
protected:
virtual APIERR I_GetInfo( VOID );
virtual APIERR I_WriteInfo( VOID );
virtual APIERR I_CreateNew( VOID );
virtual APIERR I_WriteNew( VOID );
virtual APIERR I_Delete( UINT uiForce = 0 );
virtual APIERR W_CreateNew( VOID );
VOID PrintInfo( const TCHAR *pszString );
public:
LSA_ACCOUNT( LSA_POLICY *plsaPolicy,
PSID psid,
ACCESS_MASK accessDesired = LSA_ACCOUNT_DEFAULT_MASK,
const TCHAR * pszFocus = LSA_ACCOUNT_DEFAULT_FOCUS,
PSID psidFocus = NULL );
~LSA_ACCOUNT();
LSA_HANDLE QueryHandle( VOID ) const
{ return _handleAccount; }
const OS_SID &QueryOsSid( VOID ) const
{ return _ossid; }
virtual const TCHAR *QueryName( VOID ) const
{ return _nlsName.QueryPch(); }
ACCESS_MASK QueryAccess( VOID ) const
{ return _accessDesired; }
ULONG QuerySystemAccess( VOID ) const
{ return _ulSystemAccessNew; }
APIERR QueryPrivilegeEnumIter( LSA_ACCOUNT_PRIVILEGE_ENUM_ITER **ppIter ) ;
VOID InsertSystemAccessMode( ULONG ulSystemAccess )
{ _ulSystemAccessNew |= ulSystemAccess; }
VOID DeleteSystemAccessMode( ULONG ulSystemAccess )
{ _ulSystemAccessNew &= ~ulSystemAccess; }
VOID DeleteAllSystemAccessMode( VOID )
{ _ulSystemAccessNew = 0; }
APIERR InsertPrivilege( LUID luid,
ULONG ulAttribs = 0 );
APIERR DeletePrivilege( LUID luid );
BOOL IsDefaultSettings( VOID );
};
#endif