//+------------------------------------------------------------------- // // Microsoft Windows // Copyright (C) Microsoft Corporation, 1993-1996. // // File: aclapi.h // // Contents: public header file for acl and trusted server access control // APIs // //-------------------------------------------------------------------- #ifndef __ACCESS_CONTROL_API__ #define __ACCESS_CONTROL_API__ #include #include #ifdef __cplusplus extern "C" { #endif DWORD WINAPI SetEntriesInAclW( IN ULONG cCountOfExplicitEntries, IN PEXPLICIT_ACCESS_W pListOfExplicitEntries, IN PACL OldAcl, OUT PACL * NewAcl); DWORD WINAPI SetEntriesInAclA( IN ULONG cCountOfExplicitEntries, IN PEXPLICIT_ACCESS_A pListOfExplicitEntries, IN PACL OldAcl, OUT PACL * NewAcl); #ifdef UNICODE #define SetEntriesInAcl SetEntriesInAclW #else #define SetEntriesInAcl SetEntriesInAclA #endif DWORD WINAPI GetExplicitEntriesFromAclW( IN PACL pacl, OUT PULONG pcCountOfExplicitEntries, OUT PEXPLICIT_ACCESS_W * pListOfExplicitEntries); DWORD WINAPI GetExplicitEntriesFromAclA( IN PACL pacl, OUT PULONG pcCountOfExplicitEntries, OUT PEXPLICIT_ACCESS_A * pListOfExplicitEntries); #ifdef UNICODE #define GetExplicitEntriesFromAcl GetExplicitEntriesFromAclW #else #define GetExplicitEntriesFromAcl GetExplicitEntriesFromAclA #endif DWORD WINAPI GetEffectiveRightsFromAclW( IN PACL pacl, IN PTRUSTEE_W pTrustee, OUT PACCESS_MASK pAccessRights); DWORD WINAPI GetEffectiveRightsFromAclA( IN PACL pacl, IN PTRUSTEE_A pTrustee, OUT PACCESS_MASK pAccessRights); #ifdef UNICODE #define GetEffectiveRightsFromAcl GetEffectiveRightsFromAclW #else #define GetEffectiveRightsFromAcl GetEffectiveRightsFromAclA #endif DWORD WINAPI GetAuditedPermissionsFromAclW( IN PACL pacl, IN PTRUSTEE_W pTrustee, OUT PACCESS_MASK pSuccessfulAuditedRights, OUT PACCESS_MASK pFailedAuditRights); DWORD WINAPI GetAuditedPermissionsFromAclA( IN PACL pacl, IN PTRUSTEE_A pTrustee, OUT PACCESS_MASK pSuccessfulAuditedRights, OUT PACCESS_MASK pFailedAuditRights); #ifdef UNICODE #define GetAuditedPermissionsFromAcl GetAuditedPermissionsFromAclW #else #define GetAuditedPermissionsFromAcl GetAuditedPermissionsFromAclA #endif DWORD WINAPI GetNamedSecurityInfoW( IN LPWSTR pObjectName, IN SE_OBJECT_TYPE ObjectType, IN SECURITY_INFORMATION SecurityInfo, OUT PSID * ppsidOowner, OUT PSID * ppsidGroup, OUT PACL * ppDacl, OUT PACL * ppSacl, OUT PSECURITY_DESCRIPTOR * ppSecurityDescriptor); DWORD WINAPI GetNamedSecurityInfoA( IN LPSTR pObjectName, IN SE_OBJECT_TYPE ObjectType, IN SECURITY_INFORMATION SecurityInfo, OUT PSID * ppsidOowner, OUT PSID * ppsidGroup, OUT PACL * ppDacl, OUT PACL * ppSacl, OUT PSECURITY_DESCRIPTOR * ppSecurityDescriptor); #ifdef UNICODE #define GetNamedSecurityInfo GetNamedSecurityInfoW #else #define GetNamedSecurityInfo GetNamedSecurityInfoA #endif DWORD WINAPI GetSecurityInfo( IN HANDLE handle, IN SE_OBJECT_TYPE ObjectType, IN SECURITY_INFORMATION SecurityInfo, OUT PSID * ppsidOowner, OUT PSID * ppsidGroup, OUT PACL * ppDacl, OUT PACL * ppSacl, OUT PSECURITY_DESCRIPTOR * ppSecurityDescriptor); DWORD WINAPI SetNamedSecurityInfoW( IN LPWSTR pObjectName, IN SE_OBJECT_TYPE ObjectType, IN SECURITY_INFORMATION SecurityInfo, IN PSID psidOowner, IN PSID psidGroup, IN PACL pDacl, IN PACL pSacl); DWORD WINAPI SetNamedSecurityInfoA( IN LPSTR pObjectName, IN SE_OBJECT_TYPE ObjectType, IN SECURITY_INFORMATION SecurityInfo, IN PSID psidOowner, IN PSID psidGroup, IN PACL pDacl, IN PACL pSacl); #ifdef UNICODE #define SetNamedSecurityInfo SetNamedSecurityInfoW #else #define SetNamedSecurityInfo SetNamedSecurityInfoA #endif DWORD WINAPI SetSecurityInfo( IN HANDLE handle, IN SE_OBJECT_TYPE ObjectType, IN SECURITY_INFORMATION SecurityInfo, IN PSID psidOowner, IN PSID psidGroup, IN PACL pDacl, IN PACL pSacl); //---------------------------------------------------------------------------- // The following API are provided for trusted servers to use to // implement access control on their own objects. //---------------------------------------------------------------------------- DWORD WINAPI BuildSecurityDescriptorW( IN PTRUSTEE_W pOwner, IN PTRUSTEE_W pGroup, IN ULONG cCountOfAccessEntries, IN PEXPLICIT_ACCESS_W pListOfAccessEntries, IN ULONG cCountOfAuditEntries, IN PEXPLICIT_ACCESS_W pListOfAuditEntries, IN PSECURITY_DESCRIPTOR pOldSD, OUT PULONG pSizeNewSD, OUT PSECURITY_DESCRIPTOR * pNewSD); DWORD WINAPI BuildSecurityDescriptorA( IN PTRUSTEE_A pOwner, IN PTRUSTEE_A pGroup, IN ULONG cCountOfAccessEntries, IN PEXPLICIT_ACCESS_A pListOfAccessEntries, IN ULONG cCountOfAuditEntries, IN PEXPLICIT_ACCESS_A pListOfAuditEntries, IN PSECURITY_DESCRIPTOR pOldSD, OUT PULONG pSizeNewSD, OUT PSECURITY_DESCRIPTOR * pNewSD); #ifdef UNICODE #define BuildSecurityDescriptor BuildSecurityDescriptorW #else #define BuildSecurityDescriptor BuildSecurityDescriptorA #endif DWORD WINAPI LookupSecurityDescriptorPartsW( OUT PTRUSTEE_W * pOwner, OUT PTRUSTEE_W * pGroup, OUT PULONG cCountOfAccessEntries, OUT PEXPLICIT_ACCESS_W * pListOfAccessEntries, OUT PULONG cCountOfAuditEntries, OUT PEXPLICIT_ACCESS_W * pListOfAuditEntries, IN PSECURITY_DESCRIPTOR pSD); DWORD WINAPI LookupSecurityDescriptorPartsA( OUT PTRUSTEE_A * pOwner, OUT PTRUSTEE_A * pGroup, OUT PULONG cCountOfAccessEntries, OUT PEXPLICIT_ACCESS_A * pListOfAccessEntries, OUT PULONG cCountOfAuditEntries, OUT PEXPLICIT_ACCESS_A * pListOfAuditEntries, IN PSECURITY_DESCRIPTOR pSD); #ifdef UNICODE #define LookupSecurityDescriptorParts LookupSecurityDescriptorPartsW #else #define LookupSecurityDescriptorParts LookupSecurityDescriptorPartsA #endif DWORD WINAPI GetEffectiveRightsFromSDW( IN PSECURITY_DESCRIPTOR pSD, IN PTRUSTEE_W pTrustee, OUT PACCESS_MASK pAccessRights); DWORD WINAPI GetEffectiveRightsFromSDA( IN PSECURITY_DESCRIPTOR pSD, IN PTRUSTEE_A pTrustee, OUT PACCESS_MASK pAccessRights); #ifdef UNICODE #define GetEffectiveRightsFromSD GetEffectiveRightsFromSDW #else #define GetEffectiveRightsFromSD GetEffectiveRightsFromSDA #endif DWORD WINAPI GetAuditedPermissionsFromSDW( IN PSECURITY_DESCRIPTOR pSD, IN PTRUSTEE_W pTrustee, OUT PACCESS_MASK pSuccessfulAuditedRights, OUT PACCESS_MASK pFailedAuditRights); DWORD WINAPI GetAuditedPermissionsFromSDA( IN PSECURITY_DESCRIPTOR pSD, IN PTRUSTEE_A pTrustee, OUT PACCESS_MASK pSuccessfulAuditedRights, OUT PACCESS_MASK pFailedAuditRights); #ifdef UNICODE #define GetAuditedPermissionsFromSD GetAuditedPermissionsFromSDW #else #define GetAuditedPermissionsFromSD GetAuditedPermissionsFromSDA #endif //---------------------------------------------------------------------------- // The following helper API are provided for building // access control structures. //---------------------------------------------------------------------------- VOID WINAPI BuildExplicitAccessWithNameW( IN OUT PEXPLICIT_ACCESS_W pExplicitAccess, IN LPWSTR pTrusteeName, IN DWORD AccessPermissions, IN ACCESS_MODE AccessMode, IN DWORD Inheritance); VOID WINAPI BuildExplicitAccessWithNameA( IN OUT PEXPLICIT_ACCESS_A pExplicitAccess, IN LPSTR pTrusteeName, IN DWORD AccessPermissions, IN ACCESS_MODE AccessMode, IN DWORD Inheritance); #ifdef UNICODE #define BuildExplicitAccessWithName BuildExplicitAccessWithNameW #else #define BuildExplicitAccessWithName BuildExplicitAccessWithNameA #endif VOID WINAPI BuildImpersonateExplicitAccessWithNameW( IN OUT PEXPLICIT_ACCESS_W pExplicitAccess, IN LPWSTR pTrusteeName, IN PTRUSTEE_W pTrustee, IN DWORD AccessPermissions, IN ACCESS_MODE AccessMode, IN DWORD Inheritance); VOID WINAPI BuildImpersonateExplicitAccessWithNameA( IN OUT PEXPLICIT_ACCESS_A pExplicitAccess, IN LPSTR pTrusteeName, IN PTRUSTEE_A pTrustee, IN DWORD AccessPermissions, IN ACCESS_MODE AccessMode, IN DWORD Inheritance); #ifdef UNICODE #define BuildImpersonateExplicitAccessWithName BuildImpersonateExplicitAccessWithNameW #else #define BuildImpersonateExplicitAccessWithName BuildImpersonateExplicitAccessWithNameA #endif VOID WINAPI BuildTrusteeWithNameW( IN OUT PTRUSTEE_W pTrustee, IN LPWSTR pName); VOID WINAPI BuildTrusteeWithNameA( IN OUT PTRUSTEE_A pTrustee, IN LPSTR pName); #ifdef UNICODE #define BuildTrusteeWithName BuildTrusteeWithNameW #else #define BuildTrusteeWithName BuildTrusteeWithNameA #endif VOID WINAPI BuildImpersonateTrusteeW( IN OUT PTRUSTEE_W pTrustee, IN PTRUSTEE_W pImpersonateTrustee); VOID WINAPI BuildImpersonateTrusteeA( IN OUT PTRUSTEE_A pTrustee, IN PTRUSTEE_A pImpersonateTrustee); #ifdef UNICODE #define BuildImpersonateTrustee BuildImpersonateTrusteeW #else #define BuildImpersonateTrustee BuildImpersonateTrusteeA #endif VOID WINAPI BuildTrusteeWithSidW( IN OUT PTRUSTEE_W pTrustee, IN PSID pSid); VOID WINAPI BuildTrusteeWithSidA( IN OUT PTRUSTEE_A pTrustee, IN PSID pSid); #ifdef UNICODE #define BuildTrusteeWithSid BuildTrusteeWithSidW #else #define BuildTrusteeWithSid BuildTrusteeWithSidA #endif LPWSTR WINAPI GetTrusteeNameW( IN PTRUSTEE_W pTrustee); LPSTR WINAPI GetTrusteeNameA( IN PTRUSTEE_A pTrustee); #ifdef UNICODE #define GetTrusteeName GetTrusteeNameW #else #define GetTrusteeName GetTrusteeNameA #endif TRUSTEE_TYPE WINAPI GetTrusteeTypeW( IN PTRUSTEE_W pTrustee); TRUSTEE_TYPE WINAPI GetTrusteeTypeA( IN PTRUSTEE_A pTrustee); #ifdef UNICODE #define GetTrusteeType GetTrusteeTypeW #else #define GetTrusteeType GetTrusteeTypeA #endif TRUSTEE_FORM WINAPI GetTrusteeFormW( IN PTRUSTEE_W pTrustee); TRUSTEE_FORM WINAPI GetTrusteeFormA( IN PTRUSTEE_A pTrustee); #ifdef UNICODE #define GetTrusteeForm GetTrusteeFormW #else #define GetTrusteeForm GetTrusteeFormA #endif MULTIPLE_TRUSTEE_OPERATION WINAPI GetMultipleTrusteeOperationW( IN PTRUSTEE_W pTrustee); MULTIPLE_TRUSTEE_OPERATION WINAPI GetMultipleTrusteeOperationA( IN PTRUSTEE_A pTrustee); #ifdef UNICODE #define GetMultipleTrusteeOperation GetMultipleTrusteeOperationW #else #define GetMultipleTrusteeOperation GetMultipleTrusteeOperationA #endif PTRUSTEE_W WINAPI GetMultipleTrusteeW( IN PTRUSTEE_W pTrustee); PTRUSTEE_A WINAPI GetMultipleTrusteeA( IN PTRUSTEE_A pTrustee); #ifdef UNICODE #define GetMultipleTrustee GetMultipleTrusteeW #else #define GetMultipleTrustee GetMultipleTrusteeA #endif void WINAPI FreeStgExplicitAccessListW( IN ULONG ccount, IN PEXPLICIT_ACCESS_W pEA); void WINAPI FreeStgExplicitAccessListA( IN ULONG ccount, IN PEXPLICIT_ACCESS_A pEA); #ifdef UNICODE #define FreeStgExplicitAccessList FreeStgExplicitAccessListW #else #define FreeStgExplicitAccessList FreeStgExplicitAccessListA #endif VOID WINAPI BuildAccessRequestW( OUT PACCESS_REQUEST_W pAr, IN LPWSTR Name, IN DWORD Mask); VOID WINAPI BuildAccessRequestA( OUT PACCESS_REQUEST_A pAr, IN LPSTR Name, IN DWORD Mask); #ifdef UNICODE #define BuildAccessRequest BuildAccessRequestW #else #define BuildAccessRequest BuildAccessRequestA #endif ULONG WINAPI NTAccessMaskToProvAccessRights( IN SE_OBJECT_TYPE SeObjectType, IN BOOL fIsContainer, IN ACCESS_MASK AccessMask); ACCESS_MASK WINAPI ProvAccessRightsToNTAccessMask( IN SE_OBJECT_TYPE SeObjectType, IN ULONG AccessRights); #ifdef __cplusplus } #endif #endif // __ACCESS_CONTROL_API__