Main Page   Namespace List   Alphabetical List   Compound List   File List   Namespace Members   Compound Members   File Members   Related Pages  

sd.h

Go to the documentation of this file.
00001 // sd.h: DO NOT include this file. #include fksec.h instead!
00002 
00003 
00004 
00005 #if ! defined( AFX_SD_H__C2404C08_2791_41F1_A45E_A62EF7364105__INCLUDED_ )
00006 #define AFX_SD_H__C2404C08_2791_41F1_A45E_A62EF7364105__INCLUDED_
00007 #pragma once
00008 
00009 
00010 
00011 namespace fksec {
00012 
00013     class sd
00014     {
00015     public:
00016         // SD types
00017         enum AbsOrRel { AbsoluteSD, SelfRelativeSD };
00018 
00019         // --- ctors/dtor ---
00020         // construct an empty sd object
00021         sd();
00022         // construct from another sd object
00023         sd( const sd &s );
00024         // construct from a PSD
00025         sd( SECURITY_DESCRIPTOR *s );
00026         sd( SECURITY_DESCRIPTOR_RELATIVE *s );
00027         // construct from parts
00028         sd( WORD newControl, const PSID newOwner, const PSID newGroup, ACL *newDacl, ACL *newSacl );
00029         // clean up
00030         virtual ~sd();
00031 
00032         // --- assignment ---
00033         // from another sd
00034         const sd &operator=( const sd &s );
00035         // from PSD
00036         const sd &operator=( SECURITY_DESCRIPTOR *s );
00037         const sd &operator=( SECURITY_DESCRIPTOR_RELATIVE *s );
00038 
00039         // --- conversions ---
00040         // with heavy heart I note that the NT guys have yet to hear of
00041         // const input arguments. This regrettably compels me to return
00042         // a non-const pointer, while visions of callers mucking around
00043         // with my internals gnaw at my viscera.
00044         // return a pointer to an internally-maintained absolute SD
00045         operator SECURITY_DESCRIPTOR *() const;
00046         // return a pointer to an internally-maintained self-relative SD
00047         operator SECURITY_DESCRIPTOR_RELATIVE *() const;
00048 
00049         // --- accessors ---
00050         // get flags
00051         WORD GetControl() const;
00053         DWORD GetRevision() const;
00054         // report which parts of the SD are in use
00055         SECURITY_INFORMATION GetSecurityInformation() const;
00056         // get owner reference
00057         const sid &GetOwnerSid() const;
00058         sid &GetOwnerSid();
00059         // get group reference
00060         const sid &GetGroupSid() const;
00061         sid &GetGroupSid();
00062         // get DACL reference
00063         const acl &GetDacl() const;
00064         acl &GetDacl();
00065         // get SACL ref
00066         const acl &GetSacl() const;
00067         acl &GetSacl();
00068         // set flags -- note that some flags are not settable
00069         // and will be provided by the SD-building functions
00070         void SetControl( WORD newControl );
00071         // set/clear owner -- (PSID) 0, (TCHAR *) 0, or an invalid sid will clear
00072         void ClearOwnerSid();
00073         void SetOwnerSid( const sid &newSid );
00074         void SetOwnerSid( const PSID psid );
00075         void SetOwnerSid( const TCHAR *stringSid );
00076         // set/clear group -- (PSID) 0, (TCHAR *) 0, or an invalid sid will clear
00077         void ClearGroupSid();
00078         void SetGroupSid( const sid &newSid );
00079         void SetGroupSid( const PSID psid );
00080         void SetGroupSid( const TCHAR *stringSid );
00081         // set/clear DACL -- (PACL) 0 will clear
00082         // "clear" == NULL DACL, which is _not_ the same as an empty ACL
00083         void ClearDacl();
00084         void SetDacl( const acl &newAcl );
00085         void SetDacl( ACL *newAcl );
00086         bool GetDaclProtection() const;
00087         void SetDaclProtection( bool newProtection );
00088         // set/clear SACL -- (PACL) 0 will clear
00089         // "clear" == NULL SACL, which is _not_ the same as an empty ACL
00090         void ClearSacl();
00091         void SetSacl( const acl &newAcl );
00092         void SetSacl( ACL *newAcl );
00093         bool GetSaclProtection() const;
00094         void SetSaclProtection( bool newProtection );
00095 
00096         // --- utilities ---
00097         // inserter
00098         friend fkostream &operator<<( fkostream &o, const sd &s );
00099         // how many bytes for an NT-formatted SD?
00100         DWORD GetLength() const;
00101         // store a copy of the SD in NT format
00102         void StoreSd( SECURITY_DESCRIPTOR *p, DWORD &sz, AbsOrRel sdtype = AbsoluteSD ) const;
00103         // test for validity
00104         bool IsValid( bool checkPSD = true ) const;
00105         // are the ACL's object ACL's ?
00106         bool IsObjectSD() const ;
00107 
00108     private:
00109         // initialize all members of an acl object
00110         void Init();
00111         // initialize the cached SD stuff
00112         void ClearPSD();
00113         // release any cached SDs
00114         void ReleasePSD();
00115         // prepare the cached SDs
00116         void MakePSD() const;
00117 
00118         // SD components
00119         WORD control;
00120         DWORD revision;
00121         bool haveOwnerSid; // is the ownerSid meaningful?
00122         fksec::sid ownerSid;
00123         bool haveGroupSid; // is the groupSid meaningful?
00124         fksec::sid groupSid;
00125         bool haveDacl;
00126         bool protectedDacl; // is the DACL protected against inheritance?
00127         fksec::acl dacl;
00128         bool haveSacl;
00129         bool protectedSacl; // is the SACL protected against inheritance?
00130         fksec::acl sacl;
00131 
00132         // stuff for implicit conversion to abs or self-rel SD
00133         mutable bool haveAbsoluteSD;
00134         mutable SECURITY_DESCRIPTOR *absoluteSD;
00135         mutable bool haveSelfRelativeSD;
00136         mutable SECURITY_DESCRIPTOR *selfRelativeSD;
00137 
00138         // one of these is returned when Get()ting comething that is absent
00139         static fksec::sid invalidSid;
00140         static fksec::acl invalidAcl;
00141     };
00142 
00143     // inserter
00144     fkostream &operator<<( fkostream &o, const sd &s );
00145 
00146 } // namespace fksec
00147 
00148 #endif // ! defined( AFX_SD_H__C2404C08_2791_41F1_A45E_A62EF7364105__INCLUDED_ )

Generated at Mon Oct 16 06:14:07 2000 for fksec by doxygen1.2.2 written by Dimitri van Heesch, © 1997-2000