00001
00002
00003
00004 #include "stdafx.h"
00005 #define FKSEC_NO_AUTO_INCLUDES 1
00006 #include "fksec.h"
00007 #include "ex.h"
00008 #include "sid.h"
00009 #include "ace.h"
00010 #include "acl.h"
00011 #include "sd.h"
00012
00013 using namespace fksec;
00014
00015
00016
00017 sid sd::invalidSid;
00018 acl sd::invalidAcl;
00019
00020
00021
00022
00023
00024
00025
00026 sd::sd()
00027 {
00028 Init();
00029 ClearPSD();
00030 }
00031
00032
00033
00034 sd::sd( const sd &s )
00035 {
00036 Init();
00037 ClearPSD();
00038 try { *this = s; }
00039 RETHROWEX( "sd::sd(const sd &): cannot copy source SD" )
00040 }
00041
00042
00043
00044 sd::sd( SECURITY_DESCRIPTOR *s )
00045 {
00046 Init();
00047 ClearPSD();
00048 try { *this = s; }
00049 RETHROWEX( "sd::sd(SECURITY_DESCRIPTOR *): cannot copy source SD" )
00050 }
00051
00052
00053 sd::sd( SECURITY_DESCRIPTOR_RELATIVE *s )
00054 {
00055 Init();
00056 ClearPSD();
00057 try { *this = s; }
00058 RETHROWEX( "sd::sd(SECURITY_DESCRIPTOR_RELATIVE *): cannot copy source SD" )
00059 }
00060
00061
00062
00063 sd::sd( WORD newControl, const PSID newOwner, const PSID newGroup, ACL *newDacl, ACL *newSacl )
00064 {
00065
00066 ClearPSD();
00067 Init();
00068
00069 try { SetControl( newControl ); }
00070 RETHROWEX( "sd::sd(components): sd::SetControl() complained" );
00071
00072 if ( newOwner != 0 )
00073 {
00074 try { ownerSid = newOwner; }
00075 RETHROWEX( "sd::sd(components): invalid owner SID" );
00076 haveOwnerSid = true;
00077 }
00078 else
00079 haveOwnerSid = false;
00080
00081 if ( newGroup != 0 )
00082 {
00083 try { groupSid = newGroup; }
00084 RETHROWEX( "sd::sd(components): invalid owner SID" );
00085 haveGroupSid = true;
00086 }
00087 else
00088 haveGroupSid = false;
00089
00090 if ( newDacl != 0 )
00091 {
00092 try { dacl = newDacl; }
00093 RETHROWEX( "sd::sd(components): cannot copy DACL" );
00094 haveDacl = true;
00095 protectedDacl = ( newControl & SE_DACL_PROTECTED ) != 0;
00096 }
00097 else
00098 haveDacl = protectedDacl = false;
00099
00100 if ( newSacl != 0 )
00101 {
00102 try { sacl = newSacl; }
00103 RETHROWEX( "sd::sd(components): cannot copy SACL" );
00104 haveSacl = true;
00105 protectedSacl = ( newControl & SE_SACL_PROTECTED ) != 0;
00106 }
00107 else
00108 haveSacl = protectedSacl = false;
00109 }
00110
00111
00112
00113 sd::~sd()
00114 {
00115 ReleasePSD();
00116 }
00117
00118
00119
00120
00121
00122
00123 const sd &sd::operator=( const sd &s )
00124 {
00125 if ( this != &s )
00126 {
00127 ClearPSD();
00128 try
00129 {
00130 control = s.control;
00131 revision = s.revision;
00132 haveOwnerSid = s.haveOwnerSid;
00133 ownerSid = s.ownerSid;
00134 haveGroupSid = s.haveGroupSid;
00135 groupSid = s.groupSid;
00136 haveDacl = s.haveDacl;
00137 protectedDacl = s.protectedDacl;
00138 dacl = s.dacl;
00139 haveSacl = s.haveSacl;
00140 protectedSacl = s.protectedSacl;
00141 sacl = s.sacl;
00142 }
00143 RETHROWEX( "sd::operator=(const sd &): cannot copy source SD" )
00144 }
00145
00146 return *this;
00147 }
00148
00149
00150
00151 const sd &sd::operator=( SECURITY_DESCRIPTOR *s )
00152 {
00153 BOOL defaulted, present;
00154 PSID psid;
00155 PACL pacl;
00156 DWORD rev;
00157 WORD c;
00158
00159 if ( ( haveAbsoluteSD && absoluteSD == s ) ||
00160 ( haveSelfRelativeSD && selfRelativeSD == s ) )
00161 return *this;
00162
00163 ReleasePSD();
00164 Init();
00165
00166 if ( ::GetSecurityDescriptorControl( s, &c, &rev ) )
00167 {
00168 SetControl( c );
00169 revision = rev;
00170 }
00171 else
00172 throw NEWEX32( errUnreadableSD, "sd::operator=(SECURITY_DESCRIPTOR *): cannot read control word, see ex::GetErrWin32()",
00173 GetLastError() );
00174
00175 psid = 0;
00176 if ( ::GetSecurityDescriptorOwner( s, &psid, &defaulted ) && psid != 0 )
00177 {
00178 ownerSid = psid;
00179 haveOwnerSid = true;
00180 if ( defaulted )
00181 control |= SE_OWNER_DEFAULTED;
00182 }
00183 else
00184 haveOwnerSid = false;
00185
00186 psid = 0;
00187 if ( ::GetSecurityDescriptorGroup( s, &psid, &defaulted ) && psid != 0 )
00188 {
00189 groupSid = psid;
00190 haveGroupSid = true;
00191 if ( defaulted )
00192 control |= SE_GROUP_DEFAULTED;
00193 }
00194 else
00195 haveGroupSid = false;
00196
00197 pacl = 0;
00198 if ( ::GetSecurityDescriptorDacl( s, &present, &pacl, &defaulted ) )
00199 {
00200 if ( present && pacl != 0 )
00201 {
00202 try { dacl = pacl; }
00203 RETHROWEX( "sd::operator=(SECURITY_DESCRIPTOR *): cannot copy DACL" );
00204 haveDacl = true;
00205 protectedDacl = ( c & SE_DACL_PROTECTED ) != 0;
00206 }
00207 else
00208 haveDacl = protectedDacl = false;
00209 }
00210 else
00211 throw NEWEX32( errUnreadableSD, "sd::operator=(SECURITY_DESCRIPTOR *): cannot read DACL, see ex::GetErrWin32()", GetLastError() );
00212
00213 pacl = 0;
00214 if ( ::GetSecurityDescriptorSacl( s, &present, &pacl, &defaulted ) )
00215 {
00216 if ( present && pacl != 0 )
00217 {
00218 try { sacl = pacl; }
00219 RETHROWEX( "sd::operator=(SECURITY_DESCRIPTOR *): cannot copy SACL" );
00220 haveSacl = true;
00221 protectedSacl = ( c & SE_SACL_PROTECTED ) != 0;
00222 }
00223 else
00224 haveSacl = protectedSacl = false;
00225 }
00226 else
00227 throw NEWEX32( errUnreadableSD, "sd::operator=(SECURITY_DESCRIPTOR *): cannot read SACL, see ex::GetErrWin32()", GetLastError() );
00228
00229 return *this;
00230 }
00231
00232
00233 const sd &sd::operator=( SECURITY_DESCRIPTOR_RELATIVE *s )
00234 {
00235 try { *this = (SECURITY_DESCRIPTOR *) s; }
00236 RETHROWEX( "sd::operator=(SECURITY_DESCRIPTOR_RELATIVE *): cannot copy source SD" )
00237
00238 return *this;
00239 }
00240
00241
00242
00243
00244
00245 sd::operator SECURITY_DESCRIPTOR *() const
00246 {
00247 try { MakePSD(); }
00248 RETHROWEX( "sd::operator SECURITY_DESCRIPTOR *(): sd::MakePSD() failed" )
00249 return absoluteSD;
00250 }
00251
00252
00253
00254 sd::operator SECURITY_DESCRIPTOR_RELATIVE *() const
00255 {
00256 try { MakePSD(); }
00257 RETHROWEX( "sd::operator SECURITY_DESCRIPTOR_RELATIVE *(): sd::MakePSD() failed" )
00258 return (SECURITY_DESCRIPTOR_RELATIVE *) selfRelativeSD;
00259 }
00260
00261
00262
00263
00264
00265
00266 WORD sd::GetControl() const
00267 {
00268 WORD c = control;
00269
00270 if ( haveDacl )
00271 c |= SE_DACL_PRESENT;
00272 else
00273 c &= ~SE_DACL_PRESENT;
00274 if ( protectedDacl )
00275 c |= SE_DACL_PROTECTED;
00276
00277 if ( haveSacl )
00278 c |= SE_SACL_PRESENT;
00279 else
00280 c &= ~SE_SACL_PRESENT;
00281 if ( protectedSacl )
00282 c |= SE_SACL_PROTECTED;
00283
00284 if ( haveOwnerSid )
00285 c &= ~ SE_OWNER_DEFAULTED;
00286 else
00287 c |= SE_OWNER_DEFAULTED;
00288
00289 if ( haveGroupSid )
00290 c &= ~ SE_GROUP_DEFAULTED;
00291 else
00292 c |= SE_GROUP_DEFAULTED;
00293
00294 if ( c & SE_DACL_AUTO_INHERITED )
00295 c |= SE_DACL_AUTO_INHERIT_REQ;
00296
00297 if ( c & SE_SACL_AUTO_INHERITED )
00298 c |= SE_SACL_AUTO_INHERIT_REQ;
00299
00300 return c;
00301 }
00302
00303
00304 DWORD sd::GetRevision() const
00305 {
00306 return revision;
00307 }
00308
00309
00310
00311 SECURITY_INFORMATION sd::GetSecurityInformation() const
00312 {
00313 SECURITY_INFORMATION i = 0;
00314
00315 if ( haveOwnerSid )
00316 i |= OWNER_SECURITY_INFORMATION;
00317 if ( haveGroupSid )
00318 i |= GROUP_SECURITY_INFORMATION;
00319 if ( haveDacl )
00320 i |= protectedDacl? PROTECTED_DACL_SECURITY_INFORMATION: DACL_SECURITY_INFORMATION;
00321 if ( haveSacl )
00322 i |= protectedSacl? PROTECTED_SACL_SECURITY_INFORMATION: SACL_SECURITY_INFORMATION;
00323
00324 return i;
00325 }
00326
00327
00328
00329 const sid &sd::GetOwnerSid() const
00330 {
00331 return haveOwnerSid? ownerSid: invalidSid;
00332 }
00333
00334
00335 sid &sd::GetOwnerSid()
00336 {
00337 ReleasePSD();
00338 return haveOwnerSid? ownerSid: invalidSid;
00339 }
00340
00341
00342
00343 const sid &sd::GetGroupSid() const
00344 {
00345 return haveGroupSid? groupSid: invalidSid;
00346 }
00347
00348
00349 sid &sd::GetGroupSid()
00350 {
00351 ReleasePSD();
00352 return haveGroupSid? groupSid: invalidSid;
00353 }
00354
00355
00356
00357 const acl &sd::GetDacl() const
00358 {
00359 return haveDacl? dacl: invalidAcl;
00360 }
00361
00362
00363 acl &sd::GetDacl()
00364 {
00365 ReleasePSD();
00366 return haveDacl? dacl: invalidAcl;
00367 }
00368
00369
00370
00371 const acl &sd::GetSacl() const
00372 {
00373 return haveSacl? sacl: invalidAcl;
00374 }
00375
00376
00377 acl &sd::GetSacl()
00378 {
00379 ReleasePSD();
00380 return haveSacl? sacl: invalidAcl;
00381 }
00382
00383
00384
00385
00386 void sd::SetControl( WORD newControl )
00387 {
00388 ReleasePSD();
00389 control = newControl & ~ ( SE_DACL_PRESENT | SE_SACL_PRESENT |
00390 SE_DACL_PROTECTED | SE_SACL_PROTECTED | SE_SELF_RELATIVE );
00391 }
00392
00393
00394
00395 void sd::ClearOwnerSid()
00396 {
00397 haveOwnerSid = false;
00398 control &= ~ SE_OWNER_DEFAULTED;
00399 ReleasePSD();
00400 }
00401
00402
00403 void sd::SetOwnerSid( const sid &newSid )
00404 {
00405 try { ownerSid = newSid; }
00406 RETHROWEX( "sd::SetOwnerSid(const sid &): assignment failed" )
00407 haveOwnerSid = true;
00408 control &= ~ SE_OWNER_DEFAULTED;
00409 ReleasePSD();
00410 }
00411
00412
00413 void sd::SetOwnerSid( const PSID psid )
00414 {
00415 if ( psid != 0 )
00416 {
00417 try { ownerSid = psid; }
00418 RETHROWEX( "sd::SetOwnerSid(const PSID): assignment failed" )
00419 haveOwnerSid = true;
00420 }
00421 else
00422 haveOwnerSid = false;
00423 control &= ~ SE_OWNER_DEFAULTED;
00424 ReleasePSD();
00425 }
00426
00427
00428 void sd::SetOwnerSid( const TCHAR *stringSid )
00429 {
00430 if ( stringSid != 0 )
00431 {
00432 try { ownerSid = stringSid; }
00433 RETHROWEX( "sd::SetOwnerSid(const TCHAR *): assignment failed" )
00434 haveOwnerSid = true;
00435 }
00436 else
00437 haveOwnerSid = false;
00438 control &= ~ SE_OWNER_DEFAULTED;
00439 ReleasePSD();
00440 }
00441
00442
00443
00444 void sd::ClearGroupSid()
00445 {
00446 haveGroupSid = false;
00447 control &= ~ SE_GROUP_DEFAULTED;
00448 ReleasePSD();
00449 }
00450
00451
00452 void sd::SetGroupSid( const sid &newSid )
00453 {
00454 try { groupSid = newSid; }
00455 RETHROWEX( "sd::SetGroupSid(const sid &): assignment failed" )
00456 haveGroupSid = true;
00457 control &= ~ SE_GROUP_DEFAULTED;
00458 ReleasePSD();
00459 }
00460
00461
00462 void sd::SetGroupSid( const PSID psid )
00463 {
00464 if ( psid != 0 )
00465 {
00466 try { groupSid = psid; }
00467 RETHROWEX( "sd::SetGroupSid(const PSID): assignment failed" )
00468 haveGroupSid = true;
00469 }
00470 else
00471 haveGroupSid = false;
00472 control &= ~ SE_GROUP_DEFAULTED;
00473 ReleasePSD();
00474 }
00475
00476
00477 void sd::SetGroupSid( const TCHAR *stringSid )
00478 {
00479 if ( stringSid != 0 )
00480 {
00481 try { groupSid = stringSid; }
00482 RETHROWEX( "sd::SetGroupSid(const TCHAR *): assignment failed" )
00483 haveGroupSid = true;
00484 }
00485 else
00486 haveGroupSid = false;
00487 control &= ~ SE_GROUP_DEFAULTED;
00488 ReleasePSD();
00489 }
00490
00491
00492
00493
00494 void sd::ClearDacl()
00495 {
00496 haveDacl = false;
00497 control &= ~ ( SE_DACL_PRESENT | SE_DACL_DEFAULTED );
00498 ReleasePSD();
00499 }
00500
00501
00502 void sd::SetDacl( const acl &newAcl )
00503 {
00504 try { dacl = newAcl; }
00505 RETHROWEX( "sd::SetDacl(const acl &): assignment failed" )
00506 haveDacl = true;
00507 control |= SE_DACL_PRESENT;
00508 ReleasePSD();
00509 }
00510
00511
00512 void sd::SetDacl( ACL *newAcl )
00513 {
00514 if ( newAcl != 0 )
00515 {
00516 try { dacl = newAcl; }
00517 RETHROWEX( "sd::SetDacl(ACL *): assignment failed" )
00518 control |= SE_DACL_PRESENT;
00519 haveDacl = true;
00520 }
00521 else
00522 {
00523 haveDacl = false;
00524 control &= ~ ( SE_DACL_PRESENT | SE_DACL_DEFAULTED );
00525 }
00526 ReleasePSD();
00527 }
00528
00529
00530 bool sd::GetDaclProtection() const
00531 {
00532 return haveDacl? protectedDacl: false;
00533 }
00534
00535
00536 void sd::SetDaclProtection( bool newProtection )
00537 {
00538 ReleasePSD();
00539 protectedDacl = newProtection;
00540 }
00541
00542
00543
00544
00545 void sd::ClearSacl()
00546 {
00547 haveSacl = false;
00548 control &= ~ ( SE_SACL_PRESENT | SE_SACL_DEFAULTED );
00549 ReleasePSD();
00550 }
00551
00552
00553 void sd::SetSacl( const acl &newAcl )
00554 {
00555 try { sacl = newAcl; }
00556 RETHROWEX( "sd::SetSacl(const acl &): assignment failed" )
00557 control |= SE_SACL_PRESENT;
00558 haveSacl = true;
00559 ReleasePSD();
00560 }
00561
00562
00563 void sd::SetSacl( ACL *newAcl )
00564 {
00565 if ( newAcl != 0 )
00566 {
00567 try { sacl = newAcl; }
00568 RETHROWEX( "sd::SetSacl(ACL *): assignment failed" )
00569 control |= SE_SACL_PRESENT;
00570 haveSacl = true;
00571 }
00572 else
00573 {
00574 haveSacl = false;
00575 control &= ~ ( SE_SACL_PRESENT | SE_SACL_DEFAULTED );
00576 }
00577 ReleasePSD();
00578 }
00579
00580
00581 bool sd::GetSaclProtection() const
00582 {
00583 return haveSacl? protectedSacl: false;
00584 }
00585
00586
00587 void sd::SetSaclProtection( bool newProtection )
00588 {
00589 ReleasePSD();
00590 protectedSacl = newProtection;
00591 }
00592
00593
00594
00595
00596
00597
00598 fkostream &fksec::operator<<( fkostream &o, const sd &s )
00599 {
00600 o << _T( "SD, control = " ) << s.GetControl() << std::endl;
00601
00602 o << _T( " " );
00603 o << ( s.haveOwnerSid? _T( "has" ): _T( "no" ) ) << _T( " owner, " );
00604 o << ( s.haveGroupSid? _T( "has" ): _T( "no" ) ) << _T( " group, " );
00605 o << ( s.haveDacl? _T( "has" ): _T( "no" ) ) <<
00606 ( s.protectedDacl? _T( "protected " ): _T( "" ) ) << _T( " DACL, " );
00607 o << ( s.haveSacl? _T( "has" ): _T( "no" ) ) <<
00608 ( s.protectedSacl? _T( "protected " ): _T( "" ) ) << _T( " SACL" );
00609 o << std::endl;
00610
00611 if ( s.haveOwnerSid )
00612 o << _T( "Owner: " ) << s.ownerSid << std::endl;
00613
00614 if ( s.haveGroupSid )
00615 o << _T( "Group: " ) << s.groupSid << std::endl;
00616
00617 if ( s.haveDacl )
00618 o << ( s.protectedDacl? _T( "Protected " ): _T( "" ) ) << _T( "DACL: " ) << s.dacl;
00619
00620 if ( s.haveSacl )
00621 o << ( s.protectedSacl? _T( "Protected " ): _T( "" ) ) << _T( "SACL: " ) << s.sacl;
00622
00623 o << std::endl;
00624
00625 return o;
00626 }
00627
00628
00629
00630 DWORD sd::GetLength() const
00631 {
00632 DWORD l;
00633
00634 l = sizeof SECURITY_DESCRIPTOR;
00635 if ( haveOwnerSid )
00636 try { l += ownerSid.GetLength(); }
00637 RETHROWEX( "sd::GetLength(): cannot size owner SID" )
00638 if ( haveGroupSid )
00639 try { l += groupSid.GetLength(); }
00640 RETHROWEX( "sd::GetLength(): cannot size group SID" )
00641 if ( haveDacl )
00642 try { l += dacl.GetSize(); }
00643 RETHROWEX( "sd::GetLength(): cannot size DACL" )
00644 if ( haveSacl )
00645 try { l += sacl.GetSize(); }
00646 RETHROWEX( "sd::GetLength(): cannot size SACL" )
00647
00648 return l;
00649 }
00650
00651
00652
00653 void sd::StoreSd( SECURITY_DESCRIPTOR *p, DWORD &sz, AbsOrRel sdtype ) const
00654 {
00655 byte *next;
00656 PSID locOwner, locGroup;
00657 PACL locDacl, locSacl;
00658 DWORD l;
00659
00660 if ( ! IsValid( false ) )
00661 throw NEWEX( errInvalidSD, "sd::StoreSd(): invalid SD" );
00662
00663 try { l = GetLength(); }
00664 RETHROWEX( "sd::StoreSd(): cannot compute required buffer size" )
00665
00666 if ( sz < l )
00667 throw new ex( _T( __FILE__ ), __LINE__, errBufferTooSmall,
00668 _T( "sd::StoreSd(): insufficient buffer, see ex::GetData() for required size" ), 0, l );
00669
00670 if ( ! ::InitializeSecurityDescriptor( p, revision ) )
00671 throw NEWEX32( errInvalidSD, "sd::StoreSD(): InitializeSecurityDescriptor() failed inexplicably", GetLastError() );
00672
00673 next = (byte *) &p[1];
00674 locOwner = locGroup = locDacl = locSacl = 0;
00675
00676 if ( haveOwnerSid )
00677 {
00678 try
00679 {
00680 l = ownerSid.GetLength();
00681 locOwner = (PSID) next;
00682 ownerSid.StoreSid( locOwner, l );
00683 next += l;
00684 }
00685 RETHROWEX( "sd::StoreSd(): cannot size or store owner SID" )
00686 }
00687
00688 if ( haveGroupSid )
00689 {
00690 try
00691 {
00692 l = groupSid.GetLength();
00693 locGroup = (PSID) next;
00694 groupSid.StoreSid( locGroup, l );
00695 next += l;
00696 }
00697 RETHROWEX( "sd::StoreSd(): cannot size or store group SID" )
00698 }
00699
00700 if ( haveDacl )
00701 {
00702 try
00703 {
00704 l = dacl.GetSize();
00705 locDacl = (PACL) next;
00706 dacl.StoreAcl( locDacl, l );
00707 next += l;
00708 }
00709 RETHROWEX( "sd::StoreSd(): cannot size or store DACL" )
00710 }
00711
00712 if ( haveSacl )
00713 {
00714 try
00715 {
00716 l = sacl.GetSize();
00717 locSacl = (PACL) next;
00718 sacl.StoreAcl( locSacl, l );
00719 next += l;
00720 }
00721 RETHROWEX( "sd::StoreSd(): cannot size or store SACL" )
00722 }
00723
00724 try { p->Control |= GetControl(); }
00725 RETHROWEX( "sd::StoreSd(): sd::GetControl() failed, but why?" )
00726
00727 if ( sdtype == AbsoluteSD )
00728 {
00729 p->Control &= ~ SE_SELF_RELATIVE;
00730 p->Owner = locOwner;
00731 p->Group = locGroup;
00732 p->Dacl = locDacl;
00733 p->Sacl = locSacl;
00734 }
00735 else
00736 {
00737 p->Control |= SE_SELF_RELATIVE;
00738 p->Owner = (PSID) ( locOwner == 0? 0: (byte *) locOwner - (byte *) p );
00739 p->Group = (PSID) ( locGroup == 0? 0: (byte *) locGroup - (byte *) p );
00740 p->Dacl = (PACL) ( locDacl == 0? 0: (byte *) locDacl - (byte *) p );
00741 p->Sacl = (PACL) ( locSacl == 0? 0: (byte *) locSacl - (byte *) p );
00742 }
00743 }
00744
00745
00746
00747 bool sd::IsValid( bool checkPSD ) const
00748 {
00749
00750
00751 try
00752 {
00753 if ( haveOwnerSid )
00754 if ( ! ownerSid.IsValid() )
00755 return false;
00756
00757 if ( haveGroupSid )
00758 if ( ! groupSid.IsValid() )
00759 return false;
00760
00761 if ( haveDacl )
00762 if ( ! dacl.IsValid() )
00763 return false;
00764
00765 if ( haveSacl )
00766 if ( ! sacl.IsValid() )
00767 return false;
00768
00769 if ( checkPSD )
00770 {
00771 this->MakePSD();
00772 if ( ! ::IsValidSecurityDescriptor( absoluteSD ) )
00773 return false;
00774 if ( ! ::IsValidSecurityDescriptor( selfRelativeSD ) )
00775 return false;
00776 }
00777 }
00778 catch ( ex *e )
00779 {
00780 delete e;
00781 return false;
00782 }
00783
00784 return true;
00785 }
00786
00787
00788 bool sd::IsObjectSD() const
00789 {
00790 if ( haveDacl )
00791 if ( dacl.IsObjectACL() )
00792 return true ;
00793
00794 if ( haveSacl )
00795 if ( dacl.IsObjectACL() )
00796 return true ;
00797
00798 return false ;
00799 }
00800
00801
00802
00803 void sd::Init()
00804 {
00805 ClearPSD();
00806 control = 0;
00807 revision = SECURITY_DESCRIPTOR_REVISION;
00808 haveOwnerSid = haveGroupSid =
00809 haveDacl = protectedDacl =
00810 haveSacl = protectedSacl = false;
00811 }
00812
00813
00814
00815 void sd::ClearPSD()
00816 {
00817 absoluteSD = 0;
00818 haveAbsoluteSD = false;
00819 selfRelativeSD = 0;
00820 haveSelfRelativeSD = false;
00821 }
00822
00823
00824
00825 void sd::ReleasePSD()
00826 {
00827 if ( haveAbsoluteSD )
00828 {
00829 delete [] (byte *) absoluteSD;
00830 absoluteSD = 0;
00831 haveAbsoluteSD = false;
00832 }
00833 if ( haveSelfRelativeSD )
00834 {
00835 delete [] (byte *) selfRelativeSD;
00836 selfRelativeSD = 0;
00837 haveSelfRelativeSD = false;
00838 }
00839 }
00840
00841
00842
00843 void sd::MakePSD() const
00844 {
00845 DWORD sz = (DWORD) -1;
00846
00847 if ( ! haveAbsoluteSD )
00848 {
00849 try { sz = GetLength(); }
00850 RETHROWEX( "sd::MakePSD() absolute: cannot size SD" )
00851
00852 absoluteSD = (SECURITY_DESCRIPTOR *) new byte[sz];
00853 if ( absoluteSD == 0 )
00854 throw NEWEX( errNoMemory, "sd::MakePSD() absolute: no memory for SD buffer" );
00855
00856 try { StoreSd( absoluteSD, sz, AbsoluteSD ); }
00857 catch ( ex *e )
00858 {
00859 e->FKSECADDHOP( "sd::MakePSD() absolute: sd::StoreSd() failed" );
00860 delete (byte *) absoluteSD;
00861 throw;
00862 }
00863
00864 haveAbsoluteSD = true;
00865 }
00866
00867 if ( ! haveSelfRelativeSD )
00868 {
00869 if ( sz == (DWORD) -1 )
00870 try { sz = GetLength(); }
00871 RETHROWEX( "sd::MakePSD() self-relative: cannot size SD" )
00872
00873 selfRelativeSD = (SECURITY_DESCRIPTOR *) new byte[sz];
00874 if ( selfRelativeSD == 0 )
00875 throw NEWEX( errNoMemory, "sd::MakePSD() self-relative: no memory for SD buffer" );
00876
00877 try { StoreSd( selfRelativeSD, sz, SelfRelativeSD ); }
00878 catch ( ex *e )
00879 {
00880 e->FKSECADDHOP( "sd::MakePSD() self-relative: sd::StoreSd() failed" );
00881 delete (byte *) selfRelativeSD;
00882 throw;
00883 }
00884
00885 haveSelfRelativeSD = true;
00886 }
00887 }
