Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

113 lines
4.4 KiB

// --------------------------------------------------------------------------
// Module Name: Access.h
//
// Copyright (c) 1999-2000, Microsoft Corporation
//
// This file contains a few classes that assist with ACL manipulation on
// objects to which a handle has already been opened. This handle must have
// (obvisouly) have WRITE_DAC access.
//
// History: 1999-10-05 vtan created
// 2000-02-01 vtan moved from Neptune to Whistler
// --------------------------------------------------------------------------
#ifndef _Access_
#define _Access_
#include "DynamicArray.h"
// --------------------------------------------------------------------------
// CSecurityDescriptor
//
// Purpose: This class allocates and assigns a PSECURITY_DESCRIPTOR
// structure with the desired access specified.
//
// History: 2000-10-05 vtan created
// --------------------------------------------------------------------------
class CSecurityDescriptor
{
public:
typedef struct
{
PSID_IDENTIFIER_AUTHORITY pSIDAuthority;
int iSubAuthorityCount;
DWORD dwSubAuthority0,
dwSubAuthority1,
dwSubAuthority2,
dwSubAuthority3,
dwSubAuthority4,
dwSubAuthority5,
dwSubAuthority6,
dwSubAuthority7;
DWORD dwAccessMask;
} ACCESS_CONTROL, *PACCESS_CONTROL;
private:
CSecurityDescriptor (void);
~CSecurityDescriptor (void);
public:
static PSECURITY_DESCRIPTOR Create (int iCount, const ACCESS_CONTROL *pAccessControl);
private:
static bool AddAces (PACL pACL, PSID *pSIDs, int iCount, const ACCESS_CONTROL *pAC);
};
// --------------------------------------------------------------------------
// CAccessControlList
//
// Purpose: This class manages access allowed ACEs and constructs an ACL
// from these ACEs. This class only deals with access allowed
// ACEs.
//
// History: 1999-10-05 vtan created
// 2000-02-01 vtan moved from Neptune to Whistler
// --------------------------------------------------------------------------
class CAccessControlList : private CDynamicArrayCallback
{
public:
CAccessControlList (void);
~CAccessControlList (void);
operator PACL (void);
NTSTATUS Add (PSID pSID, ACCESS_MASK dwMask, UCHAR ucInheritence);
NTSTATUS Remove (PSID pSID);
private:
virtual NTSTATUS Callback (const void *pvData, int iElementIndex);
private:
CDynamicPointerArray _ACEArray;
ACL* _pACL;
PSID _searchSID;
int _iFoundIndex;
};
// --------------------------------------------------------------------------
// CSecuredObject
//
// Purpose: This class manages the ACL of a secured object. SIDs can be
// added or removed from the ACL of the object.
//
// History: 1999-10-05 vtan created
// 2000-02-01 vtan moved from Neptune to Whistler
// --------------------------------------------------------------------------
class CSecuredObject
{
private:
CSecuredObject (void);
public:
CSecuredObject (HANDLE hObject, SE_OBJECT_TYPE seObjectType);
~CSecuredObject (void);
NTSTATUS Allow (PSID pSID, ACCESS_MASK dwMask, UCHAR ucInheritence) const;
NTSTATUS Remove (PSID pSID) const;
private:
NTSTATUS GetDACL (CAccessControlList& accessControlList) const;
NTSTATUS SetDACL (CAccessControlList& accessControlList) const;
private:
HANDLE _hObject;
SE_OBJECT_TYPE _seObjectType;
};
#endif /* _Access_ */