//+------------------------------------------------------------------- // // Microsoft Windows // Copyright (C) Microsoft Corporation, 1993-1996. // // File: accctrl.h // // Contents: common internal includes for // // History: 8-94 Created DaveMont // //-------------------------------------------------------------------- #ifndef __ACCESS_CONTROL__ #define __ACCESS_CONTROL__ #define AccFree LocalFree //-------------------------------------------------------------------- // // NT specific access request structure definition // //-------------------------------------------------------------------- // // Definition: TRUSTEE_TYPE // This enumerated type specifies the type of trustee account for the trustee // returned by the API described in this document. // TRUSTEE_IS_UNKNOWN - The trustee is an unknown, but not necessarily invalid // type. This field is not validated on input to the APIs // that take Trustees. // TRUSTEE_IS_USER The trustee account is a user account. // TRUSTEE_IS_GROUP The trustee account is a group account. // typedef enum _TRUSTEE_TYPE { TRUSTEE_IS_UNKNOWN, TRUSTEE_IS_USER, TRUSTEE_IS_GROUP, } TRUSTEE_TYPE; // // Definition: TRUSTEE_FORM // This enumerated type specifies the form the trustee identifier is in for a // particular trustee. // TRUSTEE_IS_SID The trustee is identified with a SID rather than with a name. // TRUSTEE_IS_NAME The trustee is identified with a name. // typedef enum _TRUSTEE_FORM { TRUSTEE_IS_SID, TRUSTEE_IS_NAME, } TRUSTEE_FORM; // // Definition: MULTIPLE_TRUSTEE_OPERATION // If the trustee is a multiple trustee, this enumerated type specifies the type. // TRUSTEE_IS_IMPERSONATE The trustee is an impersonate trustee and the multiple // trustee field in the trustee points to another trustee // that is a trustee for the server that will be doing the // impersonation. // typedef enum _MULTIPLE_TRUSTEE_OPERATION { NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_IMPERSONATE, } MULTIPLE_TRUSTEE_OPERATION; // // Definition: TRUSTEE // This structure is used to pass account information into and out of the system // using the API defined in this document. // PMultipleTrustee - if NON-NULL, points to another trustee structure, as // defined by the multiple trustee operation field. // MultipleTrusteeOperation - Defines the multiple trustee operation/type. // TrusteeForm - defines if the trustee is defined by name or SID. // TrusteeType - defines if the trustee type is unknown, a user or a group. // PwcsName - points to the trustee name or the trustee SID. // typedef struct _TRUSTEE_A *PTRUSTEE_A; typedef struct _TRUSTEE_W *PTRUSTEE_W; typedef struct _TRUSTEE_W { PTRUSTEE_W pMultipleTrustee; MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation; TRUSTEE_FORM TrusteeForm; TRUSTEE_TYPE TrusteeType; LPWSTR ptstrName; } TRUSTEE_W; typedef struct _TRUSTEE_A { PTRUSTEE_A pMultipleTrustee; MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation; TRUSTEE_FORM TrusteeForm; TRUSTEE_TYPE TrusteeType; LPSTR ptstrName; } TRUSTEE_A; #ifdef UNICODE #define TRUSTEE TRUSTEE_W #define PTRUSTEE PTRUSTEE_W #else #define TRUSTEE TRUSTEE_A #define PTRUSTEE PTRUSTEE_A #endif // // Definition: ACCESS_MODE // This enumerated type specifies how permissions are (requested)/to be applied // for the trustee by the access control entry. On input this field can by any // of the values, although it is not meaningful to mix access control and audit // control entries. On output this field will be either SET_ACCESS, DENY_ACCESS, // SET_AUDIT_SUCCESS, SET_AUDIT_FAILURE. // The following descriptions define how this type effects an explicit access // request to apply access permissions to an object. // GRANT_ACCESS - The trustee will have at least the requested permissions upon // successful completion of the command. (If the trustee has // additional permissions they will not be removed). // SET_ACCESS - The trustee will have exactly the requested permissions upon // successful completion of the command. // DENY_ACCESS - The trustee will be denied the specified permissions. // REVOKE_ACCESS - Any explicit access rights the trustee has will be revoked. // SET_AUDIT_SUCCESS - The trustee will be audited for successful opens of the // object using the requested permissions. // SET_AUDIT_FAILURE - The trustee will be audited for failed opens of the object // using the requested permissions. // typedef enum _ACCESS_MODE { NOT_USED_ACCESS = 0, GRANT_ACCESS, SET_ACCESS, DENY_ACCESS, REVOKE_ACCESS, SET_AUDIT_SUCCESS, SET_AUDIT_FAILURE } ACCESS_MODE; // // Definition: Inheritance flags // These bit masks are provided to allow simple application of inheritance in // explicit access requests on containers. // NO_INHERITANCE The specific access permissions will only be applied to // the container, and will not be inherited by objects created // within the container. // SUB_CONTAINERS_ONLY_INHERIT The specific access permissions will be inherited // and applied to sub containers created within the // container, and will be applied to the container // itself. // SUB_OBJECTS_ONLY_INHERIT The specific access permissions will only be inherited // by objects created within the specific container. // The access permissions will not be applied to the // container itself. // SUB_CONTAINERS_AND_OBJECTS_INHERIT The specific access permissions will be // inherited by containers created within the // specific container, will be applied to // objects created within the container, but // will not be applied to the container itself. // #define NO_INHERITANCE 0x0 #define SUB_CONTAINERS_ONLY_INHERIT 0x2 #define SUB_OBJECTS_ONLY_INHERIT 0x1 #define SUB_CONTAINERS_AND_OBJECTS_INHERIT 0x3 // // Definition: // This enumerated type defines the objects supported by the get/set API within // this document. See section 3.1, Object Types for a detailed definition of the // supported object types, and their name formats. // typedef enum _SE_OBJECT_TYPE { SE_UNKNOWN_OBJECT_TYPE = 0, SE_FILE_OBJECT, SE_SERVICE, SE_PRINTER, SE_REGISTRY_KEY, SE_LMSHARE, SE_KERNEL_OBJECT, SE_WINDOW_OBJECT } SE_OBJECT_TYPE; // // Definition: EXPLICIT_ACCESS // This structure is used to pass access control entry information into and out // of the system using the API defined in this document. // grfAccessPermissions - This contains the access permissions to assign for the // trustee. It is in the form of an NT access mask. // grfAccessMode - This field defines how the permissions are to be applied for // the trustee. // grfInheritance - For containers, this field defines how the access control // entry is/(is requested) to be inherited on // objects/sub-containers created within the container. // Trustee - This field contains the definition of the trustee account the // explicit access applies to. // typedef struct _EXPLICIT_ACCESS_W { DWORD grfAccessPermissions; ACCESS_MODE grfAccessMode; DWORD grfInheritance; TRUSTEE_W Trustee; } EXPLICIT_ACCESS_W, *PEXPLICIT_ACCESS_W; typedef struct _EXPLICIT_ACCESS_A { DWORD grfAccessPermissions; ACCESS_MODE grfAccessMode; DWORD grfInheritance; TRUSTEE_A Trustee; } EXPLICIT_ACCESS_A, *PEXPLICIT_ACCESS_A; #ifdef UNICODE #define EXPLICIT_ACCESS EXPLICIT_ACCESS_W #define PEXPLICIT_ACCESS PEXPLICIT_ACCESS_W #else #define EXPLICIT_ACCESS EXPLICIT_ACCESS_A #define PEXPLICIT_ACCESS PEXPLICIT_ACCESS_A #endif #endif // __ACCESS_CONTROL__