Main Page   Namespace List   Alphabetical List   Compound List   File List   Namespace Members   Compound Members   File Members   Related Pages  

sd.cpp

Go to the documentation of this file.
00001 // recommended includes in stdafx.h (or in the precompiled header, to be precise):
00002 // windows.h, tchar.h, string, vector, algorithm, exception, sstream, iomanip
00003 
00004 #include "stdafx.h"
00005 #define FKSEC_NO_AUTO_INCLUDES 1
00006 #include "fksec.h"
00007 #include "ex.h"
00008 #include "sid.h"
00009 #include "ace.h"
00010 #include "acl.h"
00011 #include "sd.h"
00012 
00013 using namespace fksec;
00014 
00015 
00016 
00017 sid sd::invalidSid;
00018 acl sd::invalidAcl;
00019 
00020 
00021 
00022 
00023 // --- ctors/dtor ---
00024 
00025 // construct an empty sd object
00026 sd::sd()
00027 {
00028     Init();
00029     ClearPSD();
00030 }
00031 
00032 
00033 // construct from another sd object
00034 sd::sd( const sd &s )
00035 {
00036     Init();
00037     ClearPSD();
00038     try { *this = s; }
00039     RETHROWEX( "sd::sd(const sd &): cannot copy source SD" )
00040 }
00041 
00042 
00043 // construct from a PSD
00044 sd::sd( SECURITY_DESCRIPTOR *s )
00045 {
00046     Init();
00047     ClearPSD();
00048     try { *this = s; }
00049     RETHROWEX( "sd::sd(SECURITY_DESCRIPTOR *): cannot copy source SD" )
00050 }
00051 
00052 
00053 sd::sd( SECURITY_DESCRIPTOR_RELATIVE *s )
00054 {
00055     Init();
00056     ClearPSD();
00057     try { *this = s; }
00058     RETHROWEX( "sd::sd(SECURITY_DESCRIPTOR_RELATIVE *): cannot copy source SD" )
00059 }
00060 
00061 
00062 // construct from parts
00063 sd::sd( WORD newControl, const PSID newOwner, const PSID newGroup, ACL *newDacl, ACL *newSacl )
00064 {
00065 
00066     ClearPSD();
00067     Init();
00068 
00069     try { SetControl( newControl ); }
00070     RETHROWEX( "sd::sd(components): sd::SetControl() complained" );
00071 
00072     if ( newOwner != 0 )
00073     {
00074         try { ownerSid = newOwner; }
00075         RETHROWEX( "sd::sd(components): invalid owner SID" );
00076         haveOwnerSid = true;
00077     }
00078     else
00079         haveOwnerSid = false;
00080 
00081     if ( newGroup != 0 )
00082     {
00083         try { groupSid = newGroup; }
00084         RETHROWEX( "sd::sd(components): invalid owner SID" );
00085         haveGroupSid = true;
00086     }
00087     else
00088         haveGroupSid = false;
00089 
00090     if ( newDacl != 0 )
00091     {
00092         try { dacl = newDacl; }
00093         RETHROWEX( "sd::sd(components): cannot copy DACL" );
00094         haveDacl = true;
00095         protectedDacl = ( newControl & SE_DACL_PROTECTED ) != 0;
00096     }
00097     else
00098         haveDacl = protectedDacl = false;
00099 
00100     if ( newSacl != 0 )
00101     {
00102         try { sacl = newSacl; }
00103         RETHROWEX( "sd::sd(components): cannot copy SACL" );
00104         haveSacl = true;
00105         protectedSacl = ( newControl & SE_SACL_PROTECTED ) != 0;
00106     }
00107     else
00108         haveSacl = protectedSacl = false;
00109 }
00110 
00111 
00112 // clean up
00113 sd::~sd()
00114 {
00115     ReleasePSD();
00116 }
00117 
00118 
00119 
00120 // --- assignment ---
00121 
00122 // from another sd
00123 const sd &sd::operator=( const sd &s )
00124 {
00125     if ( this != &s )
00126     {
00127         ClearPSD();
00128         try
00129         {
00130             control = s.control;
00131             revision = s.revision;
00132             haveOwnerSid = s.haveOwnerSid;
00133             ownerSid = s.ownerSid;
00134             haveGroupSid = s.haveGroupSid;
00135             groupSid = s.groupSid;
00136             haveDacl = s.haveDacl;
00137             protectedDacl = s.protectedDacl;
00138             dacl = s.dacl;
00139             haveSacl = s.haveSacl;
00140             protectedSacl = s.protectedSacl;
00141             sacl = s.sacl;
00142         }
00143         RETHROWEX( "sd::operator=(const sd &): cannot copy source SD" )
00144     }
00145 
00146     return *this;
00147 }
00148 
00149 
00150 // from PSD
00151 const sd &sd::operator=( SECURITY_DESCRIPTOR *s )
00152 {
00153     BOOL defaulted, present;
00154     PSID psid;
00155     PACL pacl;
00156     DWORD rev;
00157     WORD c;
00158 
00159     if ( ( haveAbsoluteSD && absoluteSD == s ) ||
00160         ( haveSelfRelativeSD && selfRelativeSD == s ) )
00161         return *this;
00162 
00163     ReleasePSD();
00164     Init();
00165 
00166     if ( ::GetSecurityDescriptorControl( s, &c, &rev ) )
00167     {
00168         SetControl( c );
00169         revision = rev;
00170     }
00171     else
00172         throw NEWEX32( errUnreadableSD, "sd::operator=(SECURITY_DESCRIPTOR *): cannot read control word, see ex::GetErrWin32()",
00173             GetLastError() );
00174 
00175     psid = 0;
00176     if ( ::GetSecurityDescriptorOwner( s, &psid, &defaulted ) && psid != 0 )
00177     {
00178         ownerSid = psid;
00179         haveOwnerSid = true;
00180         if ( defaulted )
00181             control |= SE_OWNER_DEFAULTED;
00182     }
00183     else
00184         haveOwnerSid = false;
00185 
00186     psid = 0;
00187     if ( ::GetSecurityDescriptorGroup( s, &psid, &defaulted ) && psid != 0 )
00188     {
00189         groupSid = psid;
00190         haveGroupSid = true;
00191         if ( defaulted )
00192             control |= SE_GROUP_DEFAULTED;
00193     }
00194     else
00195         haveGroupSid = false;
00196 
00197     pacl = 0;
00198     if ( ::GetSecurityDescriptorDacl( s, &present, &pacl, &defaulted ) )
00199     {
00200         if ( present && pacl != 0 )
00201         {
00202             try { dacl = pacl; }
00203             RETHROWEX( "sd::operator=(SECURITY_DESCRIPTOR *): cannot copy DACL" );
00204             haveDacl = true;
00205             protectedDacl = ( c & SE_DACL_PROTECTED ) != 0;
00206         }
00207         else
00208             haveDacl = protectedDacl = false;
00209     }
00210     else
00211         throw NEWEX32( errUnreadableSD, "sd::operator=(SECURITY_DESCRIPTOR *): cannot read DACL, see ex::GetErrWin32()", GetLastError() );
00212 
00213     pacl = 0;
00214     if ( ::GetSecurityDescriptorSacl( s, &present, &pacl, &defaulted ) )
00215     {
00216         if ( present && pacl != 0 )
00217         {
00218             try { sacl = pacl; }
00219             RETHROWEX( "sd::operator=(SECURITY_DESCRIPTOR *): cannot copy SACL" );
00220             haveSacl = true;
00221             protectedSacl = ( c & SE_SACL_PROTECTED ) != 0;
00222         }
00223         else
00224             haveSacl = protectedSacl = false;
00225     }
00226     else
00227         throw NEWEX32( errUnreadableSD, "sd::operator=(SECURITY_DESCRIPTOR *): cannot read SACL, see ex::GetErrWin32()", GetLastError() );
00228 
00229     return *this;
00230 }
00231 
00232 
00233 const sd &sd::operator=( SECURITY_DESCRIPTOR_RELATIVE *s )
00234 {
00235     try { *this = (SECURITY_DESCRIPTOR *) s; }
00236     RETHROWEX( "sd::operator=(SECURITY_DESCRIPTOR_RELATIVE *): cannot copy source SD" )
00237 
00238     return *this;
00239 }
00240 
00241 
00242 // --- conversions ---
00243 
00244 // return a pointer to an internally-maintained absolute SD
00245 sd::operator SECURITY_DESCRIPTOR *() const
00246 {
00247     try { MakePSD(); }
00248     RETHROWEX( "sd::operator SECURITY_DESCRIPTOR *(): sd::MakePSD() failed" )
00249     return absoluteSD;
00250 }
00251 
00252 
00253 // return a pointer to an internally-maintained self-relative SD
00254 sd::operator SECURITY_DESCRIPTOR_RELATIVE *() const
00255 {
00256     try { MakePSD(); }
00257     RETHROWEX( "sd::operator SECURITY_DESCRIPTOR_RELATIVE *(): sd::MakePSD() failed" )
00258     return (SECURITY_DESCRIPTOR_RELATIVE *) selfRelativeSD;
00259 }
00260 
00261 
00262 
00263 // --- accessors ---
00264 
00265 // get flags
00266 WORD sd::GetControl() const
00267 {
00268     WORD c = control;
00269 
00270     if ( haveDacl )
00271         c |= SE_DACL_PRESENT;
00272     else
00273         c &= ~SE_DACL_PRESENT;
00274     if ( protectedDacl )
00275         c |= SE_DACL_PROTECTED;
00276 
00277     if ( haveSacl )
00278         c |= SE_SACL_PRESENT;
00279     else
00280         c &= ~SE_SACL_PRESENT;
00281     if ( protectedSacl )
00282         c |= SE_SACL_PROTECTED;
00283 
00284     if ( haveOwnerSid )
00285         c &= ~ SE_OWNER_DEFAULTED;
00286     else
00287         c |= SE_OWNER_DEFAULTED;
00288 
00289     if ( haveGroupSid )
00290         c &= ~ SE_GROUP_DEFAULTED;
00291     else
00292         c |= SE_GROUP_DEFAULTED;
00293 
00294     if ( c & SE_DACL_AUTO_INHERITED )
00295         c |= SE_DACL_AUTO_INHERIT_REQ;
00296 
00297     if ( c & SE_SACL_AUTO_INHERITED )
00298         c |= SE_SACL_AUTO_INHERIT_REQ;
00299 
00300     return c;
00301 }
00302 
00303 
00304 DWORD sd::GetRevision() const
00305 {
00306     return revision;
00307 }
00308 
00309 
00310 // report which parts of the SD are in use
00311 SECURITY_INFORMATION sd::GetSecurityInformation() const
00312 {
00313     SECURITY_INFORMATION i = 0;
00314 
00315     if ( haveOwnerSid )
00316         i |= OWNER_SECURITY_INFORMATION;
00317     if ( haveGroupSid )
00318         i |= GROUP_SECURITY_INFORMATION;
00319     if ( haveDacl )
00320         i |= protectedDacl? PROTECTED_DACL_SECURITY_INFORMATION: DACL_SECURITY_INFORMATION;
00321     if ( haveSacl )
00322         i |= protectedSacl? PROTECTED_SACL_SECURITY_INFORMATION: SACL_SECURITY_INFORMATION;
00323 
00324     return i;
00325 }
00326 
00327 
00328 // get owner reference
00329 const sid &sd::GetOwnerSid() const
00330 {
00331     return haveOwnerSid? ownerSid: invalidSid;
00332 }
00333 
00334 
00335 sid &sd::GetOwnerSid()
00336 {
00337     ReleasePSD();
00338     return haveOwnerSid? ownerSid: invalidSid;
00339 }
00340 
00341 
00342 // get group reference
00343 const sid &sd::GetGroupSid() const
00344 {
00345     return haveGroupSid? groupSid: invalidSid;
00346 }
00347 
00348 
00349 sid &sd::GetGroupSid()
00350 {
00351     ReleasePSD();
00352     return haveGroupSid? groupSid: invalidSid;
00353 }
00354 
00355 
00356 // get DACL reference
00357 const acl &sd::GetDacl() const
00358 {
00359     return haveDacl? dacl: invalidAcl;
00360 }
00361 
00362 
00363 acl &sd::GetDacl()
00364 {
00365     ReleasePSD();
00366     return haveDacl? dacl: invalidAcl;
00367 }
00368 
00369 
00370 // get SACL ref
00371 const acl &sd::GetSacl() const
00372 {
00373     return haveSacl? sacl: invalidAcl;
00374 }
00375 
00376 
00377 acl &sd::GetSacl()
00378 {
00379     ReleasePSD();
00380     return haveSacl? sacl: invalidAcl;
00381 }
00382 
00383 
00384 // set flags -- note that some flags are not settable
00385 // and will be provided by the SD-building functions
00386 void sd::SetControl( WORD newControl )
00387 {
00388     ReleasePSD();
00389     control = newControl & ~ ( SE_DACL_PRESENT | SE_SACL_PRESENT |
00390         SE_DACL_PROTECTED | SE_SACL_PROTECTED | SE_SELF_RELATIVE );
00391 }
00392 
00393 
00394 // set/clear owner -- (PSID) 0, (TCHAR *) 0, or an invalid sid will clear
00395 void sd::ClearOwnerSid()
00396 {
00397     haveOwnerSid = false;
00398     control &= ~ SE_OWNER_DEFAULTED;
00399     ReleasePSD();
00400 }
00401 
00402 
00403 void sd::SetOwnerSid( const sid &newSid )
00404 {
00405     try { ownerSid = newSid; }
00406     RETHROWEX( "sd::SetOwnerSid(const sid &): assignment failed" )
00407     haveOwnerSid = true;
00408     control &= ~ SE_OWNER_DEFAULTED;
00409     ReleasePSD();
00410 }
00411 
00412 
00413 void sd::SetOwnerSid( const PSID psid )
00414 {
00415     if ( psid != 0 )
00416     {
00417         try { ownerSid = psid; }
00418         RETHROWEX( "sd::SetOwnerSid(const PSID): assignment failed" )
00419         haveOwnerSid = true;
00420     }
00421     else
00422         haveOwnerSid = false;
00423     control &= ~ SE_OWNER_DEFAULTED;
00424     ReleasePSD();
00425 }
00426 
00427 
00428 void sd::SetOwnerSid( const TCHAR *stringSid )
00429 {
00430     if ( stringSid != 0 )
00431     {
00432         try { ownerSid = stringSid; }
00433         RETHROWEX( "sd::SetOwnerSid(const TCHAR *): assignment failed" )
00434         haveOwnerSid = true;
00435     }
00436     else
00437         haveOwnerSid = false;
00438     control &= ~ SE_OWNER_DEFAULTED;
00439     ReleasePSD();
00440 }
00441 
00442 
00443 // set/clear group -- (PSID) 0, (TCHAR *) 0, or an invalid sid will clear
00444 void sd::ClearGroupSid()
00445 {
00446     haveGroupSid = false;
00447     control &= ~ SE_GROUP_DEFAULTED;
00448     ReleasePSD();
00449 }
00450 
00451 
00452 void sd::SetGroupSid( const sid &newSid )
00453 {
00454     try { groupSid = newSid; }
00455     RETHROWEX( "sd::SetGroupSid(const sid &): assignment failed" )
00456     haveGroupSid = true;
00457     control &= ~ SE_GROUP_DEFAULTED;
00458     ReleasePSD();
00459 }
00460 
00461 
00462 void sd::SetGroupSid( const PSID psid )
00463 {
00464     if ( psid != 0 )
00465     {
00466         try { groupSid = psid; }
00467         RETHROWEX( "sd::SetGroupSid(const PSID): assignment failed" )
00468         haveGroupSid = true;
00469     }
00470     else
00471         haveGroupSid = false;
00472     control &= ~ SE_GROUP_DEFAULTED;
00473     ReleasePSD();
00474 }
00475 
00476 
00477 void sd::SetGroupSid( const TCHAR *stringSid )
00478 {
00479     if ( stringSid != 0 )
00480     {
00481         try { groupSid = stringSid; }
00482         RETHROWEX( "sd::SetGroupSid(const TCHAR *): assignment failed" )
00483         haveGroupSid = true;
00484     }
00485     else
00486         haveGroupSid = false;
00487     control &= ~ SE_GROUP_DEFAULTED;
00488     ReleasePSD();
00489 }
00490 
00491 
00492 // set/clear DACL -- (PACL) 0 will clear
00493 // "clear" == NULL DACL, which is _not_ the same as an empty ACL
00494 void sd::ClearDacl()
00495 {
00496     haveDacl = false;
00497     control &= ~ ( SE_DACL_PRESENT | SE_DACL_DEFAULTED );
00498     ReleasePSD();
00499 }
00500 
00501 
00502 void sd::SetDacl( const acl &newAcl )
00503 {
00504     try { dacl = newAcl; }
00505     RETHROWEX( "sd::SetDacl(const acl &): assignment failed" )
00506     haveDacl = true;
00507     control |= SE_DACL_PRESENT;
00508     ReleasePSD();
00509 }
00510 
00511 
00512 void sd::SetDacl( ACL *newAcl )
00513 {
00514     if ( newAcl != 0 )
00515     {
00516         try { dacl = newAcl; }
00517         RETHROWEX( "sd::SetDacl(ACL *): assignment failed" )
00518         control |= SE_DACL_PRESENT;
00519         haveDacl = true;
00520     }
00521     else
00522     {
00523         haveDacl = false;
00524         control &= ~ ( SE_DACL_PRESENT | SE_DACL_DEFAULTED );
00525     }
00526     ReleasePSD();
00527 }
00528 
00529 
00530 bool sd::GetDaclProtection() const
00531 {
00532     return haveDacl? protectedDacl: false;
00533 }
00534 
00535 
00536 void sd::SetDaclProtection( bool newProtection )
00537 {
00538     ReleasePSD();
00539     protectedDacl = newProtection;
00540 }
00541 
00542 
00543 // set/clear SACL -- (PACL) 0 will clear
00544 // "clear" == NULL SACL, which is _not_ the same as an empty ACL
00545 void sd::ClearSacl()
00546 {
00547     haveSacl = false;
00548     control &= ~ ( SE_SACL_PRESENT | SE_SACL_DEFAULTED );
00549     ReleasePSD();
00550 }
00551 
00552 
00553 void sd::SetSacl( const acl &newAcl )
00554 {
00555     try { sacl = newAcl; }
00556     RETHROWEX( "sd::SetSacl(const acl &): assignment failed" )
00557     control |= SE_SACL_PRESENT;
00558     haveSacl = true;
00559     ReleasePSD();
00560 }
00561 
00562 
00563 void sd::SetSacl( ACL *newAcl )
00564 {
00565     if ( newAcl != 0 )
00566     {
00567         try { sacl = newAcl; }
00568         RETHROWEX( "sd::SetSacl(ACL *): assignment failed" )
00569         control |= SE_SACL_PRESENT;
00570         haveSacl = true;
00571     }
00572     else
00573     {
00574         haveSacl = false;
00575         control &= ~ ( SE_SACL_PRESENT | SE_SACL_DEFAULTED );
00576     }
00577     ReleasePSD();
00578 }
00579 
00580 
00581 bool sd::GetSaclProtection() const
00582 {
00583     return haveSacl? protectedSacl: false;
00584 }
00585 
00586 
00587 void sd::SetSaclProtection( bool newProtection )
00588 {
00589     ReleasePSD();
00590     protectedSacl = newProtection;
00591 }
00592 
00593 
00594 
00595 // --- utilities ---
00596 
00597 // inserter
00598 fkostream &fksec::operator<<( fkostream &o, const sd &s )
00599 {
00600     o << _T( "SD, control = " ) << s.GetControl() << std::endl;
00601 
00602     o << _T( "  " );
00603     o << ( s.haveOwnerSid? _T( "has" ): _T( "no" ) ) << _T( " owner, " );
00604     o << ( s.haveGroupSid? _T( "has" ): _T( "no" ) ) << _T( " group, " );
00605     o << ( s.haveDacl? _T( "has" ): _T( "no" ) ) <<
00606         ( s.protectedDacl? _T( "protected " ): _T( "" ) ) << _T( " DACL, " );
00607     o << ( s.haveSacl? _T( "has" ): _T( "no" ) ) <<
00608         ( s.protectedSacl? _T( "protected " ): _T( "" ) ) << _T( " SACL" );
00609     o << std::endl;
00610 
00611     if ( s.haveOwnerSid )
00612         o << _T( "Owner: " ) << s.ownerSid << std::endl;
00613 
00614     if ( s.haveGroupSid )
00615         o << _T( "Group: " ) << s.groupSid << std::endl;
00616 
00617     if ( s.haveDacl )
00618         o << ( s.protectedDacl? _T( "Protected " ): _T( "" ) ) << _T( "DACL: " ) << s.dacl;
00619 
00620     if ( s.haveSacl )
00621         o << ( s.protectedSacl? _T( "Protected " ): _T( "" ) ) << _T( "SACL: " ) << s.sacl;
00622 
00623     o << std::endl;
00624 
00625     return o;
00626 }
00627 
00628 
00629 // how many bytes for an NT-formatted SD?
00630 DWORD sd::GetLength() const
00631 {
00632     DWORD l;
00633 
00634     l = sizeof SECURITY_DESCRIPTOR;
00635     if ( haveOwnerSid )
00636         try { l += ownerSid.GetLength(); }
00637         RETHROWEX( "sd::GetLength(): cannot size owner SID" )
00638     if ( haveGroupSid )
00639         try { l += groupSid.GetLength(); }
00640         RETHROWEX( "sd::GetLength(): cannot size group SID" )
00641     if ( haveDacl )
00642         try { l += dacl.GetSize(); }
00643         RETHROWEX( "sd::GetLength(): cannot size DACL" )
00644     if ( haveSacl )
00645         try { l += sacl.GetSize(); }
00646         RETHROWEX( "sd::GetLength(): cannot size SACL" )
00647 
00648     return l;
00649 }
00650 
00651 
00652 // store a copy of the SD in NT format
00653 void sd::StoreSd( SECURITY_DESCRIPTOR *p, DWORD &sz, AbsOrRel sdtype /* = AbsoluteSD */ ) const
00654 {
00655     byte *next;
00656     PSID locOwner, locGroup;
00657     PACL locDacl, locSacl;
00658     DWORD l;
00659 
00660     if ( ! IsValid( false ) )
00661         throw NEWEX( errInvalidSD, "sd::StoreSd(): invalid SD" );
00662 
00663     try { l = GetLength(); }
00664     RETHROWEX( "sd::StoreSd(): cannot compute required buffer size" )
00665 
00666     if ( sz < l )
00667         throw new ex( _T( __FILE__ ), __LINE__, errBufferTooSmall,
00668             _T( "sd::StoreSd(): insufficient buffer, see ex::GetData() for required size" ), 0, l );
00669 
00670     if ( ! ::InitializeSecurityDescriptor( p, revision ) )
00671         throw NEWEX32( errInvalidSD, "sd::StoreSD(): InitializeSecurityDescriptor() failed inexplicably", GetLastError() );
00672 
00673     next = (byte *) &p[1]; // point to right after the SD header
00674     locOwner = locGroup = locDacl = locSacl = 0;
00675 
00676     if ( haveOwnerSid )
00677     {
00678         try
00679         {
00680             l = ownerSid.GetLength();
00681             locOwner = (PSID) next;
00682             ownerSid.StoreSid( locOwner, l );
00683             next += l;
00684         }
00685         RETHROWEX( "sd::StoreSd(): cannot size or store owner SID" )
00686     }
00687 
00688     if ( haveGroupSid )
00689     {
00690         try
00691         {
00692             l = groupSid.GetLength();
00693             locGroup = (PSID) next;
00694             groupSid.StoreSid( locGroup, l );
00695             next += l;
00696         }
00697         RETHROWEX( "sd::StoreSd(): cannot size or store group SID" )
00698     }
00699 
00700     if ( haveDacl )
00701     {
00702         try
00703         {
00704             l = dacl.GetSize();
00705             locDacl = (PACL) next;
00706             dacl.StoreAcl( locDacl, l );
00707             next += l;
00708         }
00709         RETHROWEX( "sd::StoreSd(): cannot size or store DACL" )
00710     }
00711 
00712     if ( haveSacl )
00713     {
00714         try
00715         {
00716             l = sacl.GetSize();
00717             locSacl = (PACL) next;
00718             sacl.StoreAcl( locSacl, l );
00719             next += l;
00720         }
00721         RETHROWEX( "sd::StoreSd(): cannot size or store SACL" )
00722     }
00723 
00724     try { p->Control |= GetControl(); }
00725     RETHROWEX( "sd::StoreSd(): sd::GetControl() failed, but why?" )
00726 
00727     if ( sdtype == AbsoluteSD )
00728     {
00729         p->Control &= ~ SE_SELF_RELATIVE;
00730         p->Owner = locOwner;
00731         p->Group = locGroup;
00732         p->Dacl = locDacl;
00733         p->Sacl = locSacl;
00734     }
00735     else
00736     {
00737         p->Control |= SE_SELF_RELATIVE;
00738         p->Owner = (PSID) ( locOwner == 0? 0: (byte *) locOwner - (byte *) p );
00739         p->Group = (PSID) ( locGroup == 0? 0: (byte *) locGroup - (byte *) p );
00740         p->Dacl = (PACL) ( locDacl == 0? 0: (byte *) locDacl - (byte *) p );
00741         p->Sacl = (PACL) ( locSacl == 0? 0: (byte *) locSacl - (byte *) p );
00742     }
00743 }
00744 
00745 
00746 // test for validity
00747 bool sd::IsValid( bool checkPSD /* = true */ ) const
00748 {
00749     // checkPSD is set to false in the IsValid() call in MakePSD()/StoreSd()
00750     // otherwise, infinite recursion ruins your day
00751     try
00752     {
00753         if ( haveOwnerSid )
00754             if ( ! ownerSid.IsValid() )
00755                 return false;
00756 
00757         if ( haveGroupSid )
00758             if ( ! groupSid.IsValid() )
00759                 return false;
00760 
00761         if ( haveDacl )
00762             if ( ! dacl.IsValid() )
00763                 return false;
00764 
00765         if ( haveSacl )
00766             if ( ! sacl.IsValid() )
00767                 return false;
00768 
00769         if ( checkPSD )
00770         {
00771             this->MakePSD();
00772             if ( ! ::IsValidSecurityDescriptor( absoluteSD ) )
00773                 return false;
00774             if ( ! ::IsValidSecurityDescriptor( selfRelativeSD ) )
00775                 return false;
00776         }
00777     }
00778     catch ( ex *e )
00779     {
00780         delete e;
00781         return false;
00782     }
00783 
00784     return true;
00785 }
00786 
00787 
00788 bool sd::IsObjectSD() const 
00789 {
00790     if ( haveDacl )
00791         if ( dacl.IsObjectACL() )
00792             return true ;
00793 
00794     if ( haveSacl )
00795         if ( dacl.IsObjectACL() )
00796             return true ;
00797 
00798     return false ;
00799 }
00800 
00801 
00802 // initialize all members of an acl object
00803 void sd::Init()
00804 {
00805     ClearPSD();
00806     control = 0;
00807     revision = SECURITY_DESCRIPTOR_REVISION;
00808     haveOwnerSid = haveGroupSid =
00809         haveDacl = protectedDacl =
00810         haveSacl = protectedSacl = false;
00811 }
00812 
00813 
00814 // initialize the cached SD stuff
00815 void sd::ClearPSD()
00816 {
00817     absoluteSD = 0;
00818     haveAbsoluteSD = false;
00819     selfRelativeSD = 0;
00820     haveSelfRelativeSD = false;
00821 }
00822 
00823 
00824 // release any cached SDs
00825 void sd::ReleasePSD()
00826 {
00827     if ( haveAbsoluteSD )
00828     {
00829         delete [] (byte *) absoluteSD;
00830         absoluteSD = 0;
00831         haveAbsoluteSD = false;
00832     }
00833     if ( haveSelfRelativeSD )
00834     {
00835         delete [] (byte *) selfRelativeSD;
00836         selfRelativeSD = 0;
00837         haveSelfRelativeSD = false;
00838     }
00839 }
00840 
00841 
00842 // prepare the cached SDs
00843 void sd::MakePSD() const
00844 {
00845     DWORD sz = (DWORD) -1;
00846 
00847     if ( ! haveAbsoluteSD )
00848     {
00849         try { sz = GetLength(); }
00850         RETHROWEX( "sd::MakePSD() absolute: cannot size SD" )
00851 
00852         absoluteSD = (SECURITY_DESCRIPTOR *) new byte[sz];
00853         if ( absoluteSD == 0 )
00854             throw NEWEX( errNoMemory, "sd::MakePSD() absolute: no memory for SD buffer" );
00855 
00856         try { StoreSd( absoluteSD, sz, AbsoluteSD ); }
00857         catch ( ex *e )
00858         {
00859             e->FKSECADDHOP( "sd::MakePSD() absolute: sd::StoreSd() failed" );
00860             delete (byte *) absoluteSD;
00861             throw;
00862         }
00863 
00864         haveAbsoluteSD = true;
00865     }
00866 
00867     if ( ! haveSelfRelativeSD )
00868     {
00869         if ( sz == (DWORD) -1 )
00870             try { sz = GetLength(); }
00871             RETHROWEX( "sd::MakePSD() self-relative: cannot size SD" )
00872 
00873         selfRelativeSD = (SECURITY_DESCRIPTOR *) new byte[sz];
00874         if ( selfRelativeSD == 0 )
00875             throw NEWEX( errNoMemory, "sd::MakePSD() self-relative: no memory for SD buffer" );
00876 
00877         try { StoreSd( selfRelativeSD, sz, SelfRelativeSD ); }
00878         catch ( ex *e )
00879         {
00880             e->FKSECADDHOP( "sd::MakePSD() self-relative: sd::StoreSd() failed" );
00881             delete (byte *) selfRelativeSD;
00882             throw;
00883         }
00884 
00885         haveSelfRelativeSD = true;
00886     }
00887 }

Generated at Mon Oct 16 06:14:07 2000 for fksec by doxygen1.2.2 written by Dimitri van Heesch, © 1997-2000