231 lines
8.3 KiB
C
231 lines
8.3 KiB
C
//+-------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
// Copyright (C) Microsoft Corporation, 1993-1996.
|
|
//
|
|
// File: accctrl.h
|
|
//
|
|
// Contents: common internal includes for
|
|
//
|
|
// History: 8-94 Created DaveMont
|
|
//
|
|
//--------------------------------------------------------------------
|
|
#ifndef __ACCESS_CONTROL__
|
|
#define __ACCESS_CONTROL__
|
|
|
|
#define AccFree LocalFree
|
|
//--------------------------------------------------------------------
|
|
//
|
|
// NT specific access request structure definition
|
|
//
|
|
//--------------------------------------------------------------------
|
|
|
|
//
|
|
// Definition: TRUSTEE_TYPE
|
|
// This enumerated type specifies the type of trustee account for the trustee
|
|
// returned by the API described in this document.
|
|
// TRUSTEE_IS_UNKNOWN - The trustee is an unknown, but not necessarily invalid
|
|
// type. This field is not validated on input to the APIs
|
|
// that take Trustees.
|
|
// TRUSTEE_IS_USER The trustee account is a user account.
|
|
// TRUSTEE_IS_GROUP The trustee account is a group account.
|
|
//
|
|
typedef enum _TRUSTEE_TYPE
|
|
{
|
|
TRUSTEE_IS_UNKNOWN,
|
|
TRUSTEE_IS_USER,
|
|
TRUSTEE_IS_GROUP,
|
|
} TRUSTEE_TYPE;
|
|
|
|
|
|
//
|
|
// Definition: TRUSTEE_FORM
|
|
// This enumerated type specifies the form the trustee identifier is in for a
|
|
// particular trustee.
|
|
// TRUSTEE_IS_SID The trustee is identified with a SID rather than with a name.
|
|
// TRUSTEE_IS_NAME The trustee is identified with a name.
|
|
//
|
|
typedef enum _TRUSTEE_FORM
|
|
{
|
|
TRUSTEE_IS_SID,
|
|
TRUSTEE_IS_NAME,
|
|
} TRUSTEE_FORM;
|
|
|
|
|
|
//
|
|
// Definition: MULTIPLE_TRUSTEE_OPERATION
|
|
// If the trustee is a multiple trustee, this enumerated type specifies the type.
|
|
// TRUSTEE_IS_IMPERSONATE The trustee is an impersonate trustee and the multiple
|
|
// trustee field in the trustee points to another trustee
|
|
// that is a trustee for the server that will be doing the
|
|
// impersonation.
|
|
//
|
|
typedef enum _MULTIPLE_TRUSTEE_OPERATION
|
|
{
|
|
NO_MULTIPLE_TRUSTEE,
|
|
TRUSTEE_IS_IMPERSONATE,
|
|
} MULTIPLE_TRUSTEE_OPERATION;
|
|
|
|
|
|
//
|
|
// Definition: TRUSTEE
|
|
// This structure is used to pass account information into and out of the system
|
|
// using the API defined in this document.
|
|
// PMultipleTrustee - if NON-NULL, points to another trustee structure, as
|
|
// defined by the multiple trustee operation field.
|
|
// MultipleTrusteeOperation - Defines the multiple trustee operation/type.
|
|
// TrusteeForm - defines if the trustee is defined by name or SID.
|
|
// TrusteeType - defines if the trustee type is unknown, a user or a group.
|
|
// PwcsName - points to the trustee name or the trustee SID.
|
|
//
|
|
typedef struct _TRUSTEE_A *PTRUSTEE_A;
|
|
typedef struct _TRUSTEE_W *PTRUSTEE_W;
|
|
|
|
typedef struct _TRUSTEE_W
|
|
{
|
|
PTRUSTEE_W pMultipleTrustee;
|
|
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation;
|
|
TRUSTEE_FORM TrusteeForm;
|
|
TRUSTEE_TYPE TrusteeType;
|
|
LPWSTR ptstrName;
|
|
} TRUSTEE_W;
|
|
|
|
typedef struct _TRUSTEE_A
|
|
{
|
|
PTRUSTEE_A pMultipleTrustee;
|
|
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation;
|
|
TRUSTEE_FORM TrusteeForm;
|
|
TRUSTEE_TYPE TrusteeType;
|
|
LPSTR ptstrName;
|
|
} TRUSTEE_A;
|
|
|
|
#ifdef UNICODE
|
|
#define TRUSTEE TRUSTEE_W
|
|
#define PTRUSTEE PTRUSTEE_W
|
|
#else
|
|
#define TRUSTEE TRUSTEE_A
|
|
#define PTRUSTEE PTRUSTEE_A
|
|
#endif
|
|
|
|
|
|
//
|
|
// Definition: ACCESS_MODE
|
|
// This enumerated type specifies how permissions are (requested)/to be applied
|
|
// for the trustee by the access control entry. On input this field can by any
|
|
// of the values, although it is not meaningful to mix access control and audit
|
|
// control entries. On output this field will be either SET_ACCESS, DENY_ACCESS,
|
|
// SET_AUDIT_SUCCESS, SET_AUDIT_FAILURE.
|
|
// The following descriptions define how this type effects an explicit access
|
|
// request to apply access permissions to an object.
|
|
// GRANT_ACCESS - The trustee will have at least the requested permissions upon
|
|
// successful completion of the command. (If the trustee has
|
|
// additional permissions they will not be removed).
|
|
// SET_ACCESS - The trustee will have exactly the requested permissions upon
|
|
// successful completion of the command.
|
|
// DENY_ACCESS - The trustee will be denied the specified permissions.
|
|
// REVOKE_ACCESS - Any explicit access rights the trustee has will be revoked.
|
|
// SET_AUDIT_SUCCESS - The trustee will be audited for successful opens of the
|
|
// object using the requested permissions.
|
|
// SET_AUDIT_FAILURE - The trustee will be audited for failed opens of the object
|
|
// using the requested permissions.
|
|
//
|
|
typedef enum _ACCESS_MODE
|
|
{
|
|
NOT_USED_ACCESS = 0,
|
|
GRANT_ACCESS,
|
|
SET_ACCESS,
|
|
DENY_ACCESS,
|
|
REVOKE_ACCESS,
|
|
SET_AUDIT_SUCCESS,
|
|
SET_AUDIT_FAILURE
|
|
} ACCESS_MODE;
|
|
|
|
//
|
|
// Definition: Inheritance flags
|
|
// These bit masks are provided to allow simple application of inheritance in
|
|
// explicit access requests on containers.
|
|
// NO_INHERITANCE The specific access permissions will only be applied to
|
|
// the container, and will not be inherited by objects created
|
|
// within the container.
|
|
// SUB_CONTAINERS_ONLY_INHERIT The specific access permissions will be inherited
|
|
// and applied to sub containers created within the
|
|
// container, and will be applied to the container
|
|
// itself.
|
|
// SUB_OBJECTS_ONLY_INHERIT The specific access permissions will only be inherited
|
|
// by objects created within the specific container.
|
|
// The access permissions will not be applied to the
|
|
// container itself.
|
|
// SUB_CONTAINERS_AND_OBJECTS_INHERIT The specific access permissions will be
|
|
// inherited by containers created within the
|
|
// specific container, will be applied to
|
|
// objects created within the container, but
|
|
// will not be applied to the container itself.
|
|
//
|
|
#define NO_INHERITANCE 0x0
|
|
#define SUB_CONTAINERS_ONLY_INHERIT 0x2
|
|
#define SUB_OBJECTS_ONLY_INHERIT 0x1
|
|
#define SUB_CONTAINERS_AND_OBJECTS_INHERIT 0x3
|
|
|
|
|
|
//
|
|
// Definition:
|
|
// This enumerated type defines the objects supported by the get/set API within
|
|
// this document. See section 3.1, Object Types for a detailed definition of the
|
|
// supported object types, and their name formats.
|
|
//
|
|
typedef enum _SE_OBJECT_TYPE
|
|
{
|
|
SE_UNKNOWN_OBJECT_TYPE = 0,
|
|
SE_FILE_OBJECT,
|
|
SE_SERVICE,
|
|
SE_PRINTER,
|
|
SE_REGISTRY_KEY,
|
|
SE_LMSHARE,
|
|
SE_KERNEL_OBJECT,
|
|
SE_WINDOW_OBJECT
|
|
} SE_OBJECT_TYPE;
|
|
|
|
|
|
//
|
|
// Definition: EXPLICIT_ACCESS
|
|
// This structure is used to pass access control entry information into and out
|
|
// of the system using the API defined in this document.
|
|
// grfAccessPermissions - This contains the access permissions to assign for the
|
|
// trustee. It is in the form of an NT access mask.
|
|
// grfAccessMode - This field defines how the permissions are to be applied for
|
|
// the trustee.
|
|
// grfInheritance - For containers, this field defines how the access control
|
|
// entry is/(is requested) to be inherited on
|
|
// objects/sub-containers created within the container.
|
|
// Trustee - This field contains the definition of the trustee account the
|
|
// explicit access applies to.
|
|
//
|
|
typedef struct _EXPLICIT_ACCESS_W
|
|
{
|
|
DWORD grfAccessPermissions;
|
|
ACCESS_MODE grfAccessMode;
|
|
DWORD grfInheritance;
|
|
TRUSTEE_W Trustee;
|
|
} EXPLICIT_ACCESS_W, *PEXPLICIT_ACCESS_W;
|
|
|
|
typedef struct _EXPLICIT_ACCESS_A
|
|
{
|
|
DWORD grfAccessPermissions;
|
|
ACCESS_MODE grfAccessMode;
|
|
DWORD grfInheritance;
|
|
TRUSTEE_A Trustee;
|
|
} EXPLICIT_ACCESS_A, *PEXPLICIT_ACCESS_A;
|
|
|
|
#ifdef UNICODE
|
|
#define EXPLICIT_ACCESS EXPLICIT_ACCESS_W
|
|
#define PEXPLICIT_ACCESS PEXPLICIT_ACCESS_W
|
|
#else
|
|
#define EXPLICIT_ACCESS EXPLICIT_ACCESS_A
|
|
#define PEXPLICIT_ACCESS PEXPLICIT_ACCESS_A
|
|
#endif
|
|
|
|
|
|
#endif // __ACCESS_CONTROL__
|
|
|
|
|