188 lines
5.4 KiB
C++
188 lines
5.4 KiB
C++
//+-------------------------------------------------------------------
|
|
//
|
|
// File: ACCACC.hxx
|
|
//
|
|
// Contents: class encapsulating NT security user ACCACC.
|
|
//
|
|
// Classes: CACCACC
|
|
//
|
|
// Functions:
|
|
//
|
|
// History: Nov-93 Created DaveMont
|
|
//
|
|
//--------------------------------------------------------------------
|
|
#ifndef __ACCACC__
|
|
#define __ACCACC__
|
|
|
|
#include "t2.hxx"
|
|
#include "account.hxx"
|
|
|
|
//+-------------------------------------------------------------------
|
|
//
|
|
// Class: CAccountAccess
|
|
//
|
|
// Purpose: encapsulation of class Account and NT access masks. This
|
|
// class interfaces with the security system to get SIDs from
|
|
// usernames and vis-versa.
|
|
//
|
|
// this class has also been supplimented to contain information
|
|
// about ACEs with the same SID in the ACL if a (edit) merge
|
|
// operation is occuring
|
|
//
|
|
//--------------------------------------------------------------------
|
|
|
|
class CAccountAccess: private CAccount
|
|
{
|
|
public:
|
|
|
|
CAccountAccess(LPWSTR Name, LPWSTR System);
|
|
|
|
ULONG Init(ULONG access, ULONG diraccess, BOOL filespecified);
|
|
|
|
inline void ReInit();
|
|
|
|
inline ULONG Sid(SID **psid);
|
|
inline BYTE AceType();
|
|
inline ACCESS_MASK AccessMask();
|
|
inline ACCESS_MASK DirAccessMask();
|
|
inline BOOL FileSpecified();
|
|
inline void ClearAccessMask();
|
|
void AddInheritance(BYTE Flags);
|
|
inline ULONG TestInheritance();
|
|
|
|
|
|
private:
|
|
|
|
ACCESS_MASK _savemask; // saved requested mask (because _mask gets cleared if
|
|
// the ace is not used).
|
|
ACCESS_MASK _mask; // requested mask
|
|
ACCESS_MASK _dirmask; // access mask for directories
|
|
BOOL _filespecified;
|
|
// set dir access without ACE for files
|
|
BYTE _acetype;
|
|
ULONG _foundinheritance; // contains the OR of all the inheritances from the original ACL
|
|
|
|
};
|
|
|
|
// this is used in conjunction with ACE inherit flags to indicate that access
|
|
// rights in an ACE apply to the container as well
|
|
#define APPLIES_TO_CONTAINER 0x4
|
|
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Member: CAccountAccess::Init, public
|
|
//
|
|
// Synopsis: initializes access mask
|
|
//
|
|
// Arguments: IN [access] - access mask
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
void CAccountAccess::ReInit()
|
|
{
|
|
_mask = _savemask;
|
|
}
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Member: CAccountAccess::Sid, public
|
|
//
|
|
// Synopsis: returns the principal for the class
|
|
//
|
|
// Arguments: OUT [psid] - address of the principal name
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
ULONG CAccountAccess::Sid(SID **psid)
|
|
{
|
|
return(GetAccountSid(psid));
|
|
}
|
|
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Member: CAccountAccess::AceType, public
|
|
//
|
|
// Synopsis: returns the acetype (denied, allowed)
|
|
//
|
|
// Arguments: none
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
BYTE CAccountAccess::AceType()
|
|
{
|
|
return(_acetype);
|
|
}
|
|
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Member: CAccountAccess::AccessMask, public
|
|
//
|
|
// Synopsis: returns the access mask
|
|
//
|
|
// Arguments: none
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
ACCESS_MASK CAccountAccess::AccessMask()
|
|
{
|
|
return(_mask);
|
|
}
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Member: CAccountAccess::DirAccessMask, public
|
|
//
|
|
// Synopsis: returns the directory access mask
|
|
//
|
|
// Arguments: none
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
ACCESS_MASK CAccountAccess::DirAccessMask()
|
|
{
|
|
return(_dirmask);
|
|
}
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Member: CAccountAccess::FileSpecified, public
|
|
//
|
|
// Synopsis: returns if only Dir ACE should be set and no file ACE
|
|
//
|
|
// Arguments: none
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
BOOL CAccountAccess::FileSpecified()
|
|
{
|
|
return(_filespecified);
|
|
}
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Member: CAccountAccess::ClearAccessMask, public
|
|
//
|
|
// Synopsis: returns the access mask
|
|
//
|
|
// Arguments: none
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
void CAccountAccess::ClearAccessMask()
|
|
{
|
|
_mask = 0;
|
|
}
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Member: CAccountAccess::TestInheritance, public
|
|
//
|
|
// Synopsis: checks that the inheritance is valid,
|
|
// that objects & containers inherit, and rights are applied to the object.
|
|
//
|
|
// Arguments: none
|
|
//
|
|
//--------------------------------------------------------------------
|
|
ULONG CAccountAccess::TestInheritance()
|
|
{
|
|
if (_foundinheritance == ( OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | APPLIES_TO_CONTAINER))
|
|
return(ERROR_SUCCESS);
|
|
else
|
|
return(ERROR_INVALID_DATA);
|
|
}
|
|
#endif // __ACCACC__
|
|
|
|
|
|
|
|
|
|
|
|
|