1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
|
//+-------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1993-1996.
//
// File: aclapi.h
//
// Contents: public header file for acl and trusted server access control
// APIs
//
//--------------------------------------------------------------------
#ifndef __ACCESS_CONTROL_API__
#define __ACCESS_CONTROL_API__
#include <windows.h>
#include <accctrl.h>
#ifdef __cplusplus
extern "C" {
#endif
DWORD
WINAPI
SetEntriesInAclW( IN ULONG cCountOfExplicitEntries,
IN PEXPLICIT_ACCESS_W pListOfExplicitEntries,
IN PACL OldAcl,
OUT PACL * NewAcl);
DWORD
WINAPI
SetEntriesInAclA( IN ULONG cCountOfExplicitEntries,
IN PEXPLICIT_ACCESS_A pListOfExplicitEntries,
IN PACL OldAcl,
OUT PACL * NewAcl);
#ifdef UNICODE
#define SetEntriesInAcl SetEntriesInAclW
#else
#define SetEntriesInAcl SetEntriesInAclA
#endif
DWORD
WINAPI
GetExplicitEntriesFromAclW( IN PACL pacl,
OUT PULONG pcCountOfExplicitEntries,
OUT PEXPLICIT_ACCESS_W * pListOfExplicitEntries);
DWORD
WINAPI
GetExplicitEntriesFromAclA( IN PACL pacl,
OUT PULONG pcCountOfExplicitEntries,
OUT PEXPLICIT_ACCESS_A * pListOfExplicitEntries);
#ifdef UNICODE
#define GetExplicitEntriesFromAcl GetExplicitEntriesFromAclW
#else
#define GetExplicitEntriesFromAcl GetExplicitEntriesFromAclA
#endif
DWORD
WINAPI
GetEffectiveRightsFromAclW( IN PACL pacl,
IN PTRUSTEE_W pTrustee,
OUT PACCESS_MASK pAccessRights);
DWORD
WINAPI
GetEffectiveRightsFromAclA( IN PACL pacl,
IN PTRUSTEE_A pTrustee,
OUT PACCESS_MASK pAccessRights);
#ifdef UNICODE
#define GetEffectiveRightsFromAcl GetEffectiveRightsFromAclW
#else
#define GetEffectiveRightsFromAcl GetEffectiveRightsFromAclA
#endif
DWORD
WINAPI
GetAuditedPermissionsFromAclW( IN PACL pacl,
IN PTRUSTEE_W pTrustee,
OUT PACCESS_MASK pSuccessfulAuditedRights,
OUT PACCESS_MASK pFailedAuditRights);
DWORD
WINAPI
GetAuditedPermissionsFromAclA( IN PACL pacl,
IN PTRUSTEE_A pTrustee,
OUT PACCESS_MASK pSuccessfulAuditedRights,
OUT PACCESS_MASK pFailedAuditRights);
#ifdef UNICODE
#define GetAuditedPermissionsFromAcl GetAuditedPermissionsFromAclW
#else
#define GetAuditedPermissionsFromAcl GetAuditedPermissionsFromAclA
#endif
DWORD
WINAPI
GetNamedSecurityInfoW( IN LPWSTR pObjectName,
IN SE_OBJECT_TYPE ObjectType,
IN SECURITY_INFORMATION SecurityInfo,
OUT PSID * ppsidOowner,
OUT PSID * ppsidGroup,
OUT PACL * ppDacl,
OUT PACL * ppSacl,
OUT PSECURITY_DESCRIPTOR * ppSecurityDescriptor);
DWORD
WINAPI
GetNamedSecurityInfoA( IN LPSTR pObjectName,
IN SE_OBJECT_TYPE ObjectType,
IN SECURITY_INFORMATION SecurityInfo,
OUT PSID * ppsidOowner,
OUT PSID * ppsidGroup,
OUT PACL * ppDacl,
OUT PACL * ppSacl,
OUT PSECURITY_DESCRIPTOR * ppSecurityDescriptor);
#ifdef UNICODE
#define GetNamedSecurityInfo GetNamedSecurityInfoW
#else
#define GetNamedSecurityInfo GetNamedSecurityInfoA
#endif
DWORD
WINAPI
GetSecurityInfo( IN HANDLE handle,
IN SE_OBJECT_TYPE ObjectType,
IN SECURITY_INFORMATION SecurityInfo,
OUT PSID * ppsidOowner,
OUT PSID * ppsidGroup,
OUT PACL * ppDacl,
OUT PACL * ppSacl,
OUT PSECURITY_DESCRIPTOR * ppSecurityDescriptor);
DWORD
WINAPI
SetNamedSecurityInfoW( IN LPWSTR pObjectName,
IN SE_OBJECT_TYPE ObjectType,
IN SECURITY_INFORMATION SecurityInfo,
IN PSID psidOowner,
IN PSID psidGroup,
IN PACL pDacl,
IN PACL pSacl);
DWORD
WINAPI
SetNamedSecurityInfoA( IN LPSTR pObjectName,
IN SE_OBJECT_TYPE ObjectType,
IN SECURITY_INFORMATION SecurityInfo,
IN PSID psidOowner,
IN PSID psidGroup,
IN PACL pDacl,
IN PACL pSacl);
#ifdef UNICODE
#define SetNamedSecurityInfo SetNamedSecurityInfoW
#else
#define SetNamedSecurityInfo SetNamedSecurityInfoA
#endif
DWORD
WINAPI
SetSecurityInfo( IN HANDLE handle,
IN SE_OBJECT_TYPE ObjectType,
IN SECURITY_INFORMATION SecurityInfo,
IN PSID psidOowner,
IN PSID psidGroup,
IN PACL pDacl,
IN PACL pSacl);
//----------------------------------------------------------------------------
// The following API are provided for trusted servers to use to
// implement access control on their own objects.
//----------------------------------------------------------------------------
DWORD
WINAPI
BuildSecurityDescriptorW( IN PTRUSTEE_W pOwner,
IN PTRUSTEE_W pGroup,
IN ULONG cCountOfAccessEntries,
IN PEXPLICIT_ACCESS_W pListOfAccessEntries,
IN ULONG cCountOfAuditEntries,
IN PEXPLICIT_ACCESS_W pListOfAuditEntries,
IN PSECURITY_DESCRIPTOR pOldSD,
OUT PULONG pSizeNewSD,
OUT PSECURITY_DESCRIPTOR * pNewSD);
DWORD
WINAPI
BuildSecurityDescriptorA( IN PTRUSTEE_A pOwner,
IN PTRUSTEE_A pGroup,
IN ULONG cCountOfAccessEntries,
IN PEXPLICIT_ACCESS_A pListOfAccessEntries,
IN ULONG cCountOfAuditEntries,
IN PEXPLICIT_ACCESS_A pListOfAuditEntries,
IN PSECURITY_DESCRIPTOR pOldSD,
OUT PULONG pSizeNewSD,
OUT PSECURITY_DESCRIPTOR * pNewSD);
#ifdef UNICODE
#define BuildSecurityDescriptor BuildSecurityDescriptorW
#else
#define BuildSecurityDescriptor BuildSecurityDescriptorA
#endif
DWORD
WINAPI
LookupSecurityDescriptorPartsW( OUT PTRUSTEE_W * pOwner,
OUT PTRUSTEE_W * pGroup,
OUT PULONG cCountOfAccessEntries,
OUT PEXPLICIT_ACCESS_W * pListOfAccessEntries,
OUT PULONG cCountOfAuditEntries,
OUT PEXPLICIT_ACCESS_W * pListOfAuditEntries,
IN PSECURITY_DESCRIPTOR pSD);
DWORD
WINAPI
LookupSecurityDescriptorPartsA( OUT PTRUSTEE_A * pOwner,
OUT PTRUSTEE_A * pGroup,
OUT PULONG cCountOfAccessEntries,
OUT PEXPLICIT_ACCESS_A * pListOfAccessEntries,
OUT PULONG cCountOfAuditEntries,
OUT PEXPLICIT_ACCESS_A * pListOfAuditEntries,
IN PSECURITY_DESCRIPTOR pSD);
#ifdef UNICODE
#define LookupSecurityDescriptorParts LookupSecurityDescriptorPartsW
#else
#define LookupSecurityDescriptorParts LookupSecurityDescriptorPartsA
#endif
DWORD
WINAPI
GetEffectiveRightsFromSDW( IN PSECURITY_DESCRIPTOR pSD,
IN PTRUSTEE_W pTrustee,
OUT PACCESS_MASK pAccessRights);
DWORD
WINAPI
GetEffectiveRightsFromSDA( IN PSECURITY_DESCRIPTOR pSD,
IN PTRUSTEE_A pTrustee,
OUT PACCESS_MASK pAccessRights);
#ifdef UNICODE
#define GetEffectiveRightsFromSD GetEffectiveRightsFromSDW
#else
#define GetEffectiveRightsFromSD GetEffectiveRightsFromSDA
#endif
DWORD
WINAPI
GetAuditedPermissionsFromSDW( IN PSECURITY_DESCRIPTOR pSD,
IN PTRUSTEE_W pTrustee,
OUT PACCESS_MASK pSuccessfulAuditedRights,
OUT PACCESS_MASK pFailedAuditRights);
DWORD
WINAPI
GetAuditedPermissionsFromSDA( IN PSECURITY_DESCRIPTOR pSD,
IN PTRUSTEE_A pTrustee,
OUT PACCESS_MASK pSuccessfulAuditedRights,
OUT PACCESS_MASK pFailedAuditRights);
#ifdef UNICODE
#define GetAuditedPermissionsFromSD GetAuditedPermissionsFromSDW
#else
#define GetAuditedPermissionsFromSD GetAuditedPermissionsFromSDA
#endif
//----------------------------------------------------------------------------
// The following helper API are provided for building
// access control structures.
//----------------------------------------------------------------------------
VOID
WINAPI
BuildExplicitAccessWithNameW( IN OUT PEXPLICIT_ACCESS_W pExplicitAccess,
IN LPWSTR pTrusteeName,
IN DWORD AccessPermissions,
IN ACCESS_MODE AccessMode,
IN DWORD Inheritance);
VOID
WINAPI
BuildExplicitAccessWithNameA( IN OUT PEXPLICIT_ACCESS_A pExplicitAccess,
IN LPSTR pTrusteeName,
IN DWORD AccessPermissions,
IN ACCESS_MODE AccessMode,
IN DWORD Inheritance);
#ifdef UNICODE
#define BuildExplicitAccessWithName BuildExplicitAccessWithNameW
#else
#define BuildExplicitAccessWithName BuildExplicitAccessWithNameA
#endif
VOID
WINAPI
BuildImpersonateExplicitAccessWithNameW(
IN OUT PEXPLICIT_ACCESS_W pExplicitAccess,
IN LPWSTR pTrusteeName,
IN PTRUSTEE_W pTrustee,
IN DWORD AccessPermissions,
IN ACCESS_MODE AccessMode,
IN DWORD Inheritance);
VOID
WINAPI
BuildImpersonateExplicitAccessWithNameA(
IN OUT PEXPLICIT_ACCESS_A pExplicitAccess,
IN LPSTR pTrusteeName,
IN PTRUSTEE_A pTrustee,
IN DWORD AccessPermissions,
IN ACCESS_MODE AccessMode,
IN DWORD Inheritance);
#ifdef UNICODE
#define BuildImpersonateExplicitAccessWithName BuildImpersonateExplicitAccessWithNameW
#else
#define BuildImpersonateExplicitAccessWithName BuildImpersonateExplicitAccessWithNameA
#endif
VOID
WINAPI
BuildTrusteeWithNameW( IN OUT PTRUSTEE_W pTrustee,
IN LPWSTR pName);
VOID
WINAPI
BuildTrusteeWithNameA( IN OUT PTRUSTEE_A pTrustee,
IN LPSTR pName);
#ifdef UNICODE
#define BuildTrusteeWithName BuildTrusteeWithNameW
#else
#define BuildTrusteeWithName BuildTrusteeWithNameA
#endif
VOID
WINAPI
BuildImpersonateTrusteeW( IN OUT PTRUSTEE_W pTrustee,
IN PTRUSTEE_W pImpersonateTrustee);
VOID
WINAPI
BuildImpersonateTrusteeA( IN OUT PTRUSTEE_A pTrustee,
IN PTRUSTEE_A pImpersonateTrustee);
#ifdef UNICODE
#define BuildImpersonateTrustee BuildImpersonateTrusteeW
#else
#define BuildImpersonateTrustee BuildImpersonateTrusteeA
#endif
VOID
WINAPI
BuildTrusteeWithSidW( IN OUT PTRUSTEE_W pTrustee,
IN PSID pSid);
VOID
WINAPI
BuildTrusteeWithSidA( IN OUT PTRUSTEE_A pTrustee,
IN PSID pSid);
#ifdef UNICODE
#define BuildTrusteeWithSid BuildTrusteeWithSidW
#else
#define BuildTrusteeWithSid BuildTrusteeWithSidA
#endif
LPWSTR
WINAPI
GetTrusteeNameW( IN PTRUSTEE_W pTrustee);
LPSTR
WINAPI
GetTrusteeNameA( IN PTRUSTEE_A pTrustee);
#ifdef UNICODE
#define GetTrusteeName GetTrusteeNameW
#else
#define GetTrusteeName GetTrusteeNameA
#endif
TRUSTEE_TYPE
WINAPI
GetTrusteeTypeW( IN PTRUSTEE_W pTrustee);
TRUSTEE_TYPE
WINAPI
GetTrusteeTypeA( IN PTRUSTEE_A pTrustee);
#ifdef UNICODE
#define GetTrusteeType GetTrusteeTypeW
#else
#define GetTrusteeType GetTrusteeTypeA
#endif
TRUSTEE_FORM
WINAPI
GetTrusteeFormW( IN PTRUSTEE_W pTrustee);
TRUSTEE_FORM
WINAPI
GetTrusteeFormA( IN PTRUSTEE_A pTrustee);
#ifdef UNICODE
#define GetTrusteeForm GetTrusteeFormW
#else
#define GetTrusteeForm GetTrusteeFormA
#endif
MULTIPLE_TRUSTEE_OPERATION
WINAPI
GetMultipleTrusteeOperationW( IN PTRUSTEE_W pTrustee);
MULTIPLE_TRUSTEE_OPERATION
WINAPI
GetMultipleTrusteeOperationA( IN PTRUSTEE_A pTrustee);
#ifdef UNICODE
#define GetMultipleTrusteeOperation GetMultipleTrusteeOperationW
#else
#define GetMultipleTrusteeOperation GetMultipleTrusteeOperationA
#endif
PTRUSTEE_W
WINAPI
GetMultipleTrusteeW( IN PTRUSTEE_W pTrustee);
PTRUSTEE_A
WINAPI
GetMultipleTrusteeA( IN PTRUSTEE_A pTrustee);
#ifdef UNICODE
#define GetMultipleTrustee GetMultipleTrusteeW
#else
#define GetMultipleTrustee GetMultipleTrusteeA
#endif
void
WINAPI
FreeStgExplicitAccessListW( IN ULONG ccount,
IN PEXPLICIT_ACCESS_W pEA);
void
WINAPI
FreeStgExplicitAccessListA( IN ULONG ccount,
IN PEXPLICIT_ACCESS_A pEA);
#ifdef UNICODE
#define FreeStgExplicitAccessList FreeStgExplicitAccessListW
#else
#define FreeStgExplicitAccessList FreeStgExplicitAccessListA
#endif
VOID
WINAPI
BuildAccessRequestW( OUT PACCESS_REQUEST_W pAr,
IN LPWSTR Name,
IN DWORD Mask);
VOID
WINAPI
BuildAccessRequestA( OUT PACCESS_REQUEST_A pAr,
IN LPSTR Name,
IN DWORD Mask);
#ifdef UNICODE
#define BuildAccessRequest BuildAccessRequestW
#else
#define BuildAccessRequest BuildAccessRequestA
#endif
ULONG
WINAPI
NTAccessMaskToProvAccessRights( IN SE_OBJECT_TYPE SeObjectType,
IN BOOL fIsContainer,
IN ACCESS_MASK AccessMask);
ACCESS_MASK
WINAPI
ProvAccessRightsToNTAccessMask( IN SE_OBJECT_TYPE SeObjectType,
IN ULONG AccessRights);
#ifdef __cplusplus
}
#endif
#endif // __ACCESS_CONTROL_API__
|