home *** CD-ROM | disk | FTP | other *** search
- //+-------------------------------------------------------------------
- //
- // Microsoft Windows
- // Copyright (C) Microsoft Corporation, 1993-1996.
- //
- // File: accctrl.h
- //
- // Contents: common internal includes for
- //
- // History: 8-94 Created DaveMont
- //
- //--------------------------------------------------------------------
- #ifndef __ACCESS_CONTROL__
- #define __ACCESS_CONTROL__
-
- #define AccFree LocalFree
- //--------------------------------------------------------------------
- //
- // NT specific access request structure definition
- //
- //--------------------------------------------------------------------
-
- //
- // Definition: TRUSTEE_TYPE
- // This enumerated type specifies the type of trustee account for the trustee
- // returned by the API described in this document.
- // TRUSTEE_IS_UNKNOWN - The trustee is an unknown, but not necessarily invalid
- // type. This field is not validated on input to the APIs
- // that take Trustees.
- // TRUSTEE_IS_USER The trustee account is a user account.
- // TRUSTEE_IS_GROUP The trustee account is a group account.
- //
- typedef enum _TRUSTEE_TYPE
- {
- TRUSTEE_IS_UNKNOWN,
- TRUSTEE_IS_USER,
- TRUSTEE_IS_GROUP,
- } TRUSTEE_TYPE;
-
-
- //
- // Definition: TRUSTEE_FORM
- // This enumerated type specifies the form the trustee identifier is in for a
- // particular trustee.
- // TRUSTEE_IS_SID The trustee is identified with a SID rather than with a name.
- // TRUSTEE_IS_NAME The trustee is identified with a name.
- //
- typedef enum _TRUSTEE_FORM
- {
- TRUSTEE_IS_SID,
- TRUSTEE_IS_NAME,
- } TRUSTEE_FORM;
-
-
- //
- // Definition: MULTIPLE_TRUSTEE_OPERATION
- // If the trustee is a multiple trustee, this enumerated type specifies the type.
- // TRUSTEE_IS_IMPERSONATE The trustee is an impersonate trustee and the multiple
- // trustee field in the trustee points to another trustee
- // that is a trustee for the server that will be doing the
- // impersonation.
- //
- typedef enum _MULTIPLE_TRUSTEE_OPERATION
- {
- NO_MULTIPLE_TRUSTEE,
- TRUSTEE_IS_IMPERSONATE,
- } MULTIPLE_TRUSTEE_OPERATION;
-
-
- //
- // Definition: TRUSTEE
- // This structure is used to pass account information into and out of the system
- // using the API defined in this document.
- // PMultipleTrustee - if NON-NULL, points to another trustee structure, as
- // defined by the multiple trustee operation field.
- // MultipleTrusteeOperation - Defines the multiple trustee operation/type.
- // TrusteeForm - defines if the trustee is defined by name or SID.
- // TrusteeType - defines if the trustee type is unknown, a user or a group.
- // PwcsName - points to the trustee name or the trustee SID.
- //
- typedef struct _TRUSTEE_A *PTRUSTEE_A;
- typedef struct _TRUSTEE_W *PTRUSTEE_W;
-
- typedef struct _TRUSTEE_W
- {
- PTRUSTEE_W pMultipleTrustee;
- MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation;
- TRUSTEE_FORM TrusteeForm;
- TRUSTEE_TYPE TrusteeType;
- LPWSTR ptstrName;
- } TRUSTEE_W;
-
- typedef struct _TRUSTEE_A
- {
- PTRUSTEE_A pMultipleTrustee;
- MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation;
- TRUSTEE_FORM TrusteeForm;
- TRUSTEE_TYPE TrusteeType;
- LPSTR ptstrName;
- } TRUSTEE_A;
-
- #ifdef UNICODE
- #define TRUSTEE TRUSTEE_W
- #define PTRUSTEE PTRUSTEE_W
- #else
- #define TRUSTEE TRUSTEE_A
- #define PTRUSTEE PTRUSTEE_A
- #endif
-
-
- //
- // Definition: ACCESS_MODE
- // This enumerated type specifies how permissions are (requested)/to be applied
- // for the trustee by the access control entry. On input this field can by any
- // of the values, although it is not meaningful to mix access control and audit
- // control entries. On output this field will be either SET_ACCESS, DENY_ACCESS,
- // SET_AUDIT_SUCCESS, SET_AUDIT_FAILURE.
- // The following descriptions define how this type effects an explicit access
- // request to apply access permissions to an object.
- // GRANT_ACCESS - The trustee will have at least the requested permissions upon
- // successful completion of the command. (If the trustee has
- // additional permissions they will not be removed).
- // SET_ACCESS - The trustee will have exactly the requested permissions upon
- // successful completion of the command.
- // DENY_ACCESS - The trustee will be denied the specified permissions.
- // REVOKE_ACCESS - Any explicit access rights the trustee has will be revoked.
- // SET_AUDIT_SUCCESS - The trustee will be audited for successful opens of the
- // object using the requested permissions.
- // SET_AUDIT_FAILURE - The trustee will be audited for failed opens of the object
- // using the requested permissions.
- //
- typedef enum _ACCESS_MODE
- {
- NOT_USED_ACCESS = 0,
- GRANT_ACCESS,
- SET_ACCESS,
- DENY_ACCESS,
- REVOKE_ACCESS,
- SET_AUDIT_SUCCESS,
- SET_AUDIT_FAILURE
- } ACCESS_MODE;
-
- //
- // Definition: Inheritance flags
- // These bit masks are provided to allow simple application of inheritance in
- // explicit access requests on containers.
- // NO_INHERITANCE The specific access permissions will only be applied to
- // the container, and will not be inherited by objects created
- // within the container.
- // SUB_CONTAINERS_ONLY_INHERIT The specific access permissions will be inherited
- // and applied to sub containers created within the
- // container, and will be applied to the container
- // itself.
- // SUB_OBJECTS_ONLY_INHERIT The specific access permissions will only be inherited
- // by objects created within the specific container.
- // The access permissions will not be applied to the
- // container itself.
- // SUB_CONTAINERS_AND_OBJECTS_INHERIT The specific access permissions will be
- // inherited by containers created within the
- // specific container, will be applied to
- // objects created within the container, but
- // will not be applied to the container itself.
- //
- #define NO_INHERITANCE 0x0
- #define SUB_CONTAINERS_ONLY_INHERIT 0x2
- #define SUB_OBJECTS_ONLY_INHERIT 0x1
- #define SUB_CONTAINERS_AND_OBJECTS_INHERIT 0x3
-
-
- //
- // Definition:
- // This enumerated type defines the objects supported by the get/set API within
- // this document. See section 3.1, Object Types for a detailed definition of the
- // supported object types, and their name formats.
- //
- typedef enum _SE_OBJECT_TYPE
- {
- SE_UNKNOWN_OBJECT_TYPE = 0,
- SE_FILE_OBJECT,
- SE_SERVICE,
- SE_PRINTER,
- SE_REGISTRY_KEY,
- SE_LMSHARE,
- SE_KERNEL_OBJECT,
- SE_WINDOW_OBJECT
- } SE_OBJECT_TYPE;
-
-
- //
- // Definition: EXPLICIT_ACCESS
- // This structure is used to pass access control entry information into and out
- // of the system using the API defined in this document.
- // grfAccessPermissions - This contains the access permissions to assign for the
- // trustee. It is in the form of an NT access mask.
- // grfAccessMode - This field defines how the permissions are to be applied for
- // the trustee.
- // grfInheritance - For containers, this field defines how the access control
- // entry is/(is requested) to be inherited on
- // objects/sub-containers created within the container.
- // Trustee - This field contains the definition of the trustee account the
- // explicit access applies to.
- //
- typedef struct _EXPLICIT_ACCESS_W
- {
- DWORD grfAccessPermissions;
- ACCESS_MODE grfAccessMode;
- DWORD grfInheritance;
- TRUSTEE_W Trustee;
- } EXPLICIT_ACCESS_W, *PEXPLICIT_ACCESS_W;
-
- typedef struct _EXPLICIT_ACCESS_A
- {
- DWORD grfAccessPermissions;
- ACCESS_MODE grfAccessMode;
- DWORD grfInheritance;
- TRUSTEE_A Trustee;
- } EXPLICIT_ACCESS_A, *PEXPLICIT_ACCESS_A;
-
- #ifdef UNICODE
- #define EXPLICIT_ACCESS EXPLICIT_ACCESS_W
- #define PEXPLICIT_ACCESS PEXPLICIT_ACCESS_W
- #else
- #define EXPLICIT_ACCESS EXPLICIT_ACCESS_A
- #define PEXPLICIT_ACCESS PEXPLICIT_ACCESS_A
- #endif
-
-
- #endif // __ACCESS_CONTROL__
-
-
-
