-
Notifications
You must be signed in to change notification settings - Fork 316
/
AccCtrl.h
executable file
·812 lines (717 loc) · 27.3 KB
/
AccCtrl.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
/*+-------------------------------------------------------------------
Microsoft Windows
Copyright (C) Microsoft Corporation, 1993-1998.
File: accctrl.h
Contents: common includes for new style Win32 Access Control
APIs
--------------------------------------------------------------------*/
#ifndef __ACCESS_CONTROL__
#define __ACCESS_CONTROL__
#ifndef __midl
#include <wtypes.h>
#endif
#include <winapifamily.h>
#if (_MSC_VER >= 800)
#if (_MSC_VER >= 1200)
#pragma warning(push)
#pragma warning(disable:4820) /* padding added after data member */
#endif
#pragma warning(disable:4001) /* nonstandard extension : single line comment */
#endif
#ifdef __cplusplus
extern "C" {
#endif
#pragma region Application Family or OneCore Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP | WINAPI_PARTITION_SYSTEM)
#define AccFree LocalFree
//
// Definition:
// This enumerated type defines the objects supported by the get/set API within
// this document. See section 3.1, Object Types for a detailed definition of the
// supported object types, and their name formats.
//
typedef enum _SE_OBJECT_TYPE
{
SE_UNKNOWN_OBJECT_TYPE = 0,
SE_FILE_OBJECT,
SE_SERVICE,
SE_PRINTER,
SE_REGISTRY_KEY,
SE_LMSHARE,
SE_KERNEL_OBJECT,
SE_WINDOW_OBJECT,
SE_DS_OBJECT,
SE_DS_OBJECT_ALL,
SE_PROVIDER_DEFINED_OBJECT,
SE_WMIGUID_OBJECT,
SE_REGISTRY_WOW64_32KEY,
SE_REGISTRY_WOW64_64KEY,
} SE_OBJECT_TYPE;
//
// Definition: TRUSTEE_TYPE
// This enumerated type specifies the type of trustee account for the trustee
// returned by the API described in this document.
// TRUSTEE_IS_UNKNOWN - The trustee is an unknown, but not necessarily invalid
// type. This field is not validated on input to the APIs
// that take Trustees.
// TRUSTEE_IS_USER The trustee account is a user account.
// TRUSTEE_IS_GROUP The trustee account is a group account.
//
typedef enum _TRUSTEE_TYPE
{
TRUSTEE_IS_UNKNOWN,
TRUSTEE_IS_USER,
TRUSTEE_IS_GROUP,
TRUSTEE_IS_DOMAIN,
TRUSTEE_IS_ALIAS,
TRUSTEE_IS_WELL_KNOWN_GROUP,
TRUSTEE_IS_DELETED,
TRUSTEE_IS_INVALID,
TRUSTEE_IS_COMPUTER
} TRUSTEE_TYPE;
//
// Definition: TRUSTEE_FORM
// This enumerated type specifies the form the trustee identifier is in for a
// particular trustee.
// TRUSTEE_IS_SID The trustee is identified with a SID rather than with a name.
// TRUSTEE_IS_NAME The trustee is identified with a name.
//
typedef enum _TRUSTEE_FORM
{
TRUSTEE_IS_SID,
TRUSTEE_IS_NAME,
TRUSTEE_BAD_FORM,
TRUSTEE_IS_OBJECTS_AND_SID,
TRUSTEE_IS_OBJECTS_AND_NAME
} TRUSTEE_FORM;
//
// Definition: MULTIPLE_TRUSTEE_OPERATION
// If the trustee is a multiple trustee, this enumerated type specifies the type.
// TRUSTEE_IS_IMPERSONATE The trustee is an impersonate trustee and the multiple
// trustee field in the trustee points to another trustee
// that is a trustee for the server that will be doing the
// impersonation.
//
typedef enum _MULTIPLE_TRUSTEE_OPERATION
{
NO_MULTIPLE_TRUSTEE,
TRUSTEE_IS_IMPERSONATE,
} MULTIPLE_TRUSTEE_OPERATION;
typedef struct _OBJECTS_AND_SID
{
DWORD ObjectsPresent;
GUID ObjectTypeGuid;
GUID InheritedObjectTypeGuid;
SID * pSid;
} OBJECTS_AND_SID, *POBJECTS_AND_SID;
typedef struct _OBJECTS_AND_NAME_A
{
DWORD ObjectsPresent;
SE_OBJECT_TYPE ObjectType;
LPSTR ObjectTypeName;
LPSTR InheritedObjectTypeName;
LPSTR ptstrName;
} OBJECTS_AND_NAME_A, *POBJECTS_AND_NAME_A;
typedef struct _OBJECTS_AND_NAME_W
{
DWORD ObjectsPresent;
SE_OBJECT_TYPE ObjectType;
LPWSTR ObjectTypeName;
LPWSTR InheritedObjectTypeName;
LPWSTR ptstrName;
} OBJECTS_AND_NAME_W, *POBJECTS_AND_NAME_W;
#ifdef UNICODE
typedef OBJECTS_AND_NAME_W OBJECTS_AND_NAME_;
typedef POBJECTS_AND_NAME_W POBJECTS_AND_NAME_;
#else
typedef OBJECTS_AND_NAME_A OBJECTS_AND_NAME_;
typedef POBJECTS_AND_NAME_A POBJECTS_AND_NAME_;
#endif // UNICODE
//
// Definition: TRUSTEE
// This structure is used to pass account information into and out of the system
// using the API defined in this document.
// PMultipleTrustee - if NON-NULL, points to another trustee structure, as
// defined by the multiple trustee operation field.
// MultipleTrusteeOperation - Defines the multiple trustee operation/type.
// TrusteeForm - defines if the trustee is defined by name or SID.
// TrusteeType - defines if the trustee type is unknown, a user or a group.
// PwcsName - points to the trustee name or the trustee SID.
//
typedef struct _TRUSTEE_A
{
struct _TRUSTEE_A *pMultipleTrustee;
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation;
TRUSTEE_FORM TrusteeForm;
TRUSTEE_TYPE TrusteeType;
#ifdef __midl
[switch_is(TrusteeForm)]
union
{
[case(TRUSTEE_IS_NAME)]
LPSTR ptstrName;
[case(TRUSTEE_IS_SID)]
SID *pSid;
[case(TRUSTEE_IS_OBJECTS_AND_SID)]
OBJECTS_AND_SID *pObjectsAndSid;
[case(TRUSTEE_IS_OBJECTS_AND_NAME)]
OBJECTS_AND_NAME_A *pObjectsAndName;
};
#else
LPSTR ptstrName;
#endif
} TRUSTEE_A, *PTRUSTEE_A, TRUSTEEA, *PTRUSTEEA;
typedef struct _TRUSTEE_W
{
struct _TRUSTEE_W *pMultipleTrustee;
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation;
TRUSTEE_FORM TrusteeForm;
TRUSTEE_TYPE TrusteeType;
#ifdef __midl
[switch_is(TrusteeForm)]
union
{
[case(TRUSTEE_IS_NAME)]
LPWSTR ptstrName;
[case(TRUSTEE_IS_SID)]
SID *pSid;
[case(TRUSTEE_IS_OBJECTS_AND_SID)]
OBJECTS_AND_SID *pObjectsAndSid;
[case(TRUSTEE_IS_OBJECTS_AND_NAME)]
OBJECTS_AND_NAME_W *pObjectsAndName;
};
#else
LPWSTR ptstrName;
#endif
} TRUSTEE_W, *PTRUSTEE_W, TRUSTEEW, *PTRUSTEEW;
#ifdef UNICODE
typedef TRUSTEE_W TRUSTEE_;
typedef PTRUSTEE_W PTRUSTEE_;
typedef TRUSTEEW TRUSTEE;
typedef PTRUSTEEW PTRUSTEE;
#else
typedef TRUSTEE_A TRUSTEE_;
typedef PTRUSTEE_A PTRUSTEE_;
typedef TRUSTEEA TRUSTEE;
typedef PTRUSTEEA PTRUSTEE;
#endif // UNICODE
//
// Definition: ACCESS_MODE
// This enumerated type specifies how permissions are (requested)/to be applied
// for the trustee by the access control entry. On input this field can by any
// of the values, although it is not meaningful to mix access control and audit
// control entries. On output this field will be either SET_ACCESS, DENY_ACCESS,
// SET_AUDIT_SUCCESS, SET_AUDIT_FAILURE.
// The following descriptions define how this type effects an explicit access
// request to apply access permissions to an object.
// GRANT_ACCESS - The trustee will have at least the requested permissions upon
// successful completion of the command. (If the trustee has
// additional permissions they will not be removed).
// SET_ACCESS - The trustee will have exactly the requested permissions upon
// successful completion of the command.
// DENY_ACCESS - The trustee will be denied the specified permissions.
// REVOKE_ACCESS - Any explicit access rights the trustee has will be revoked.
// SET_AUDIT_SUCCESS - The trustee will be audited for successful opens of the
// object using the requested permissions.
// SET_AUDIT_FAILURE - The trustee will be audited for failed opens of the object
// using the requested permissions.
//
typedef enum _ACCESS_MODE
{
NOT_USED_ACCESS = 0,
GRANT_ACCESS,
SET_ACCESS,
DENY_ACCESS,
REVOKE_ACCESS,
SET_AUDIT_SUCCESS,
SET_AUDIT_FAILURE
} ACCESS_MODE;
//
// Definition: Inheritance flags
// These bit masks are provided to allow simple application of inheritance in
// explicit access requests on containers.
// NO_INHERITANCE The specific access permissions will only be applied to
// the container, and will not be inherited by objects created
// within the container.
// SUB_CONTAINERS_ONLY_INHERIT The specific access permissions will be inherited
// and applied to sub containers created within the
// container, and will be applied to the container
// itself.
// SUB_OBJECTS_ONLY_INHERIT The specific access permissions will only be inherited
// by objects created within the specific container.
// The access permissions will not be applied to the
// container itself.
// SUB_CONTAINERS_AND_OBJECTS_INHERIT The specific access permissions will be
// inherited by containers created within the
// specific container, will be applied to
// objects created within the container, but
// will not be applied to the container itself.
//
#define NO_INHERITANCE 0x0
#define SUB_OBJECTS_ONLY_INHERIT 0x1
#define SUB_CONTAINERS_ONLY_INHERIT 0x2
#define SUB_CONTAINERS_AND_OBJECTS_INHERIT 0x3
#define INHERIT_NO_PROPAGATE 0x4
#define INHERIT_ONLY 0x8
//
// Informational bit that is returned
//
#define INHERITED_ACCESS_ENTRY 0x10
//
// Informational bit that tells where a node was inherited from. Valid only
// for NT 5 APIs
//
#define INHERITED_PARENT 0x10000000
#define INHERITED_GRANDPARENT 0x20000000
//
// Definition: EXPLICIT_ACCESS
// This structure is used to pass access control entry information into and out
// of the system using the API defined in this document.
// grfAccessPermissions - This contains the access permissions to assign for the
// trustee. It is in the form of an NT access mask.
// grfAccessMode - This field defines how the permissions are to be applied for
// the trustee.
// grfInheritance - For containers, this field defines how the access control
// entry is/(is requested) to be inherited on
// objects/sub-containers created within the container.
// Trustee - This field contains the definition of the trustee account the
// explicit access applies to.
//
typedef struct _EXPLICIT_ACCESS_A
{
DWORD grfAccessPermissions;
ACCESS_MODE grfAccessMode;
DWORD grfInheritance;
TRUSTEE_A Trustee;
} EXPLICIT_ACCESS_A, *PEXPLICIT_ACCESS_A, EXPLICIT_ACCESSA, *PEXPLICIT_ACCESSA;
typedef struct _EXPLICIT_ACCESS_W
{
DWORD grfAccessPermissions;
ACCESS_MODE grfAccessMode;
DWORD grfInheritance;
TRUSTEE_W Trustee;
} EXPLICIT_ACCESS_W, *PEXPLICIT_ACCESS_W, EXPLICIT_ACCESSW, *PEXPLICIT_ACCESSW;
#ifdef UNICODE
typedef EXPLICIT_ACCESS_W EXPLICIT_ACCESS_;
typedef PEXPLICIT_ACCESS_W PEXPLICIT_ACCESS_;
typedef EXPLICIT_ACCESSW EXPLICIT_ACCESS;
typedef PEXPLICIT_ACCESSW PEXPLICIT_ACCESS;
#else
typedef EXPLICIT_ACCESS_A EXPLICIT_ACCESS_;
typedef PEXPLICIT_ACCESS_A PEXPLICIT_ACCESS_;
typedef EXPLICIT_ACCESSA EXPLICIT_ACCESS;
typedef PEXPLICIT_ACCESSA PEXPLICIT_ACCESS;
#endif // UNICODE
//----------------------------------------------------------------------------
//
// NT5 APIs
//
//----------------------------------------------------------------------------
//
// Default provider
//
#define ACCCTRL_DEFAULT_PROVIDERA "Windows NT Access Provider"
#define ACCCTRL_DEFAULT_PROVIDERW L"Windows NT Access Provider"
#ifdef UNICODE
#define ACCCTRL_DEFAULT_PROVIDER ACCCTRL_DEFAULT_PROVIDERW
#else
#define ACCCTRL_DEFAULT_PROVIDER ACCCTRL_DEFAULT_PROVIDERA
#endif
//
/// Access rights
//
typedef ULONG ACCESS_RIGHTS, *PACCESS_RIGHTS;
//
// Inheritance flags
//
typedef ULONG INHERIT_FLAGS, *PINHERIT_FLAGS;
//
// Access / Audit structures
//
typedef struct _ACTRL_ACCESS_ENTRYA
{
TRUSTEE_A Trustee;
ULONG fAccessFlags;
ACCESS_RIGHTS Access;
ACCESS_RIGHTS ProvSpecificAccess;
INHERIT_FLAGS Inheritance;
LPSTR lpInheritProperty;
} ACTRL_ACCESS_ENTRYA, *PACTRL_ACCESS_ENTRYA;
//
// Access / Audit structures
//
typedef struct _ACTRL_ACCESS_ENTRYW
{
TRUSTEE_W Trustee;
ULONG fAccessFlags;
ACCESS_RIGHTS Access;
ACCESS_RIGHTS ProvSpecificAccess;
INHERIT_FLAGS Inheritance;
LPWSTR lpInheritProperty;
} ACTRL_ACCESS_ENTRYW, *PACTRL_ACCESS_ENTRYW;
#ifdef UNICODE
typedef ACTRL_ACCESS_ENTRYW ACTRL_ACCESS_ENTRY;
typedef PACTRL_ACCESS_ENTRYW PACTRL_ACCESS_ENTRY;
#else
typedef ACTRL_ACCESS_ENTRYA ACTRL_ACCESS_ENTRY;
typedef PACTRL_ACCESS_ENTRYA PACTRL_ACCESS_ENTRY;
#endif // UNICODE
typedef struct _ACTRL_ACCESS_ENTRY_LISTA
{
ULONG cEntries;
#ifdef __midl
[size_is(cEntries)]
#endif
ACTRL_ACCESS_ENTRYA *pAccessList;
} ACTRL_ACCESS_ENTRY_LISTA, *PACTRL_ACCESS_ENTRY_LISTA;
typedef struct _ACTRL_ACCESS_ENTRY_LISTW
{
ULONG cEntries;
#ifdef __midl
[size_is(cEntries)]
#endif
ACTRL_ACCESS_ENTRYW *pAccessList;
} ACTRL_ACCESS_ENTRY_LISTW, *PACTRL_ACCESS_ENTRY_LISTW;
#ifdef UNICODE
typedef ACTRL_ACCESS_ENTRY_LISTW ACTRL_ACCESS_ENTRY_LIST;
typedef PACTRL_ACCESS_ENTRY_LISTW PACTRL_ACCESS_ENTRY_LIST;
#else
typedef ACTRL_ACCESS_ENTRY_LISTA ACTRL_ACCESS_ENTRY_LIST;
typedef PACTRL_ACCESS_ENTRY_LISTA PACTRL_ACCESS_ENTRY_LIST;
#endif // UNICODE
typedef struct _ACTRL_PROPERTY_ENTRYA
{
LPSTR lpProperty;
PACTRL_ACCESS_ENTRY_LISTA pAccessEntryList;
ULONG fListFlags;
} ACTRL_PROPERTY_ENTRYA, *PACTRL_PROPERTY_ENTRYA;
typedef struct _ACTRL_PROPERTY_ENTRYW
{
LPWSTR lpProperty;
PACTRL_ACCESS_ENTRY_LISTW pAccessEntryList;
ULONG fListFlags;
} ACTRL_PROPERTY_ENTRYW, *PACTRL_PROPERTY_ENTRYW;
#ifdef UNICODE
typedef ACTRL_PROPERTY_ENTRYW ACTRL_PROPERTY_ENTRY;
typedef PACTRL_PROPERTY_ENTRYW PACTRL_PROPERTY_ENTRY;
#else
typedef ACTRL_PROPERTY_ENTRYA ACTRL_PROPERTY_ENTRY;
typedef PACTRL_PROPERTY_ENTRYA PACTRL_PROPERTY_ENTRY;
#endif // UNICODE
typedef struct _ACTRL_ALISTA
{
ULONG cEntries;
#ifdef __midl
[size_is(cEntries)]
#endif
PACTRL_PROPERTY_ENTRYA pPropertyAccessList;
} ACTRL_ACCESSA, *PACTRL_ACCESSA, ACTRL_AUDITA, *PACTRL_AUDITA;
typedef struct _ACTRL_ALISTW
{
ULONG cEntries;
#ifdef __midl
[size_is(cEntries)]
#endif
PACTRL_PROPERTY_ENTRYW pPropertyAccessList;
} ACTRL_ACCESSW, *PACTRL_ACCESSW, ACTRL_AUDITW, *PACTRL_AUDITW;
#ifdef UNICODE
typedef ACTRL_ACCESSW ACTRL_ACCESS;
typedef PACTRL_ACCESSW PACTRL_ACCESS;
typedef ACTRL_AUDITW ACTRL_AUDIT;
typedef PACTRL_AUDITW PACTRL_AUDIT;
#else
typedef ACTRL_ACCESSA ACTRL_ACCESS;
typedef PACTRL_ACCESSA PACTRL_ACCESS;
typedef ACTRL_AUDITA ACTRL_AUDIT;
typedef PACTRL_AUDITA PACTRL_AUDIT;
#endif // UNICODE
//
// TRUSTEE_ACCESS flags
//
#define TRUSTEE_ACCESS_ALLOWED 0x00000001L
#define TRUSTEE_ACCESS_READ 0x00000002L
#define TRUSTEE_ACCESS_WRITE 0x00000004L
#define TRUSTEE_ACCESS_EXPLICIT 0x00000001L
#define TRUSTEE_ACCESS_READ_WRITE (TRUSTEE_ACCESS_READ | \
TRUSTEE_ACCESS_WRITE)
#define TRUSTEE_ACCESS_ALL 0xFFFFFFFFL
typedef struct _TRUSTEE_ACCESSA
{
LPSTR lpProperty;
ACCESS_RIGHTS Access;
ULONG fAccessFlags;
ULONG fReturnedAccess;
} TRUSTEE_ACCESSA, *PTRUSTEE_ACCESSA;
typedef struct _TRUSTEE_ACCESSW
{
LPWSTR lpProperty;
ACCESS_RIGHTS Access;
ULONG fAccessFlags;
ULONG fReturnedAccess;
} TRUSTEE_ACCESSW, *PTRUSTEE_ACCESSW;
#ifdef UNICODE
typedef TRUSTEE_ACCESSW TRUSTEE_ACCESS;
typedef PTRUSTEE_ACCESSW PTRUSTEE_ACCESS;
#else
typedef TRUSTEE_ACCESSA TRUSTEE_ACCESS;
typedef PTRUSTEE_ACCESSA PTRUSTEE_ACCESS;
#endif // UNICODE
//
// Generic permission values
//
#define ACTRL_RESERVED 0x00000000
#define ACTRL_PERM_1 0x00000001
#define ACTRL_PERM_2 0x00000002
#define ACTRL_PERM_3 0x00000004
#define ACTRL_PERM_4 0x00000008
#define ACTRL_PERM_5 0x00000010
#define ACTRL_PERM_6 0x00000020
#define ACTRL_PERM_7 0x00000040
#define ACTRL_PERM_8 0x00000080
#define ACTRL_PERM_9 0x00000100
#define ACTRL_PERM_10 0x00000200
#define ACTRL_PERM_11 0x00000400
#define ACTRL_PERM_12 0x00000800
#define ACTRL_PERM_13 0x00001000
#define ACTRL_PERM_14 0x00002000
#define ACTRL_PERM_15 0x00004000
#define ACTRL_PERM_16 0x00008000
#define ACTRL_PERM_17 0x00010000
#define ACTRL_PERM_18 0x00020000
#define ACTRL_PERM_19 0x00040000
#define ACTRL_PERM_20 0x00080000
//
// Access permissions
//
#define ACTRL_ACCESS_ALLOWED 0x00000001
#define ACTRL_ACCESS_DENIED 0x00000002
#define ACTRL_AUDIT_SUCCESS 0x00000004
#define ACTRL_AUDIT_FAILURE 0x00000008
//
// Property list flags
//
#define ACTRL_ACCESS_PROTECTED 0x00000001
//
// Standard and object rights
//
#define ACTRL_SYSTEM_ACCESS 0x04000000
#define ACTRL_DELETE 0x08000000
#define ACTRL_READ_CONTROL 0x10000000
#define ACTRL_CHANGE_ACCESS 0x20000000
#define ACTRL_CHANGE_OWNER 0x40000000
#define ACTRL_SYNCHRONIZE 0x80000000
#define ACTRL_STD_RIGHTS_ALL 0xf8000000
#define ACTRL_STD_RIGHT_REQUIRED ( ACTRL_STD_RIGHTS_ALL & ~ACTRL_SYNCHRONIZE )
#ifndef _DS_CONTROL_BITS_DEFINED_
#define _DS_CONTROL_BITS_DEFINED_
#define ACTRL_DS_OPEN ACTRL_RESERVED
#define ACTRL_DS_CREATE_CHILD ACTRL_PERM_1
#define ACTRL_DS_DELETE_CHILD ACTRL_PERM_2
#define ACTRL_DS_LIST ACTRL_PERM_3
#define ACTRL_DS_SELF ACTRL_PERM_4
#define ACTRL_DS_READ_PROP ACTRL_PERM_5
#define ACTRL_DS_WRITE_PROP ACTRL_PERM_6
#define ACTRL_DS_DELETE_TREE ACTRL_PERM_7
#define ACTRL_DS_LIST_OBJECT ACTRL_PERM_8
#define ACTRL_DS_CONTROL_ACCESS ACTRL_PERM_9
#endif
#define ACTRL_FILE_READ ACTRL_PERM_1
#define ACTRL_FILE_WRITE ACTRL_PERM_2
#define ACTRL_FILE_APPEND ACTRL_PERM_3
#define ACTRL_FILE_READ_PROP ACTRL_PERM_4
#define ACTRL_FILE_WRITE_PROP ACTRL_PERM_5
#define ACTRL_FILE_EXECUTE ACTRL_PERM_6
#define ACTRL_FILE_READ_ATTRIB ACTRL_PERM_8
#define ACTRL_FILE_WRITE_ATTRIB ACTRL_PERM_9
#define ACTRL_FILE_CREATE_PIPE ACTRL_PERM_10
#define ACTRL_DIR_LIST ACTRL_PERM_1
#define ACTRL_DIR_CREATE_OBJECT ACTRL_PERM_2
#define ACTRL_DIR_CREATE_CHILD ACTRL_PERM_3
#define ACTRL_DIR_DELETE_CHILD ACTRL_PERM_7
#define ACTRL_DIR_TRAVERSE ACTRL_PERM_6
#define ACTRL_KERNEL_TERMINATE ACTRL_PERM_1
#define ACTRL_KERNEL_THREAD ACTRL_PERM_2
#define ACTRL_KERNEL_VM ACTRL_PERM_3
#define ACTRL_KERNEL_VM_READ ACTRL_PERM_4
#define ACTRL_KERNEL_VM_WRITE ACTRL_PERM_5
#define ACTRL_KERNEL_DUP_HANDLE ACTRL_PERM_6
#define ACTRL_KERNEL_PROCESS ACTRL_PERM_7
#define ACTRL_KERNEL_SET_INFO ACTRL_PERM_8
#define ACTRL_KERNEL_GET_INFO ACTRL_PERM_9
#define ACTRL_KERNEL_CONTROL ACTRL_PERM_10
#define ACTRL_KERNEL_ALERT ACTRL_PERM_11
#define ACTRL_KERNEL_GET_CONTEXT ACTRL_PERM_12
#define ACTRL_KERNEL_SET_CONTEXT ACTRL_PERM_13
#define ACTRL_KERNEL_TOKEN ACTRL_PERM_14
#define ACTRL_KERNEL_IMPERSONATE ACTRL_PERM_15
#define ACTRL_KERNEL_DIMPERSONATE ACTRL_PERM_16
#define ACTRL_PRINT_SADMIN ACTRL_PERM_1
#define ACTRL_PRINT_SLIST ACTRL_PERM_2
#define ACTRL_PRINT_PADMIN ACTRL_PERM_3
#define ACTRL_PRINT_PUSE ACTRL_PERM_4
#define ACTRL_PRINT_JADMIN ACTRL_PERM_5
#define ACTRL_SVC_GET_INFO ACTRL_PERM_1
#define ACTRL_SVC_SET_INFO ACTRL_PERM_2
#define ACTRL_SVC_STATUS ACTRL_PERM_3
#define ACTRL_SVC_LIST ACTRL_PERM_4
#define ACTRL_SVC_START ACTRL_PERM_5
#define ACTRL_SVC_STOP ACTRL_PERM_6
#define ACTRL_SVC_PAUSE ACTRL_PERM_7
#define ACTRL_SVC_INTERROGATE ACTRL_PERM_8
#define ACTRL_SVC_UCONTROL ACTRL_PERM_9
#define ACTRL_REG_QUERY ACTRL_PERM_1
#define ACTRL_REG_SET ACTRL_PERM_2
#define ACTRL_REG_CREATE_CHILD ACTRL_PERM_3
#define ACTRL_REG_LIST ACTRL_PERM_4
#define ACTRL_REG_NOTIFY ACTRL_PERM_5
#define ACTRL_REG_LINK ACTRL_PERM_6
#define ACTRL_WIN_CLIPBRD ACTRL_PERM_1
#define ACTRL_WIN_GLOBAL_ATOMS ACTRL_PERM_2
#define ACTRL_WIN_CREATE ACTRL_PERM_3
#define ACTRL_WIN_LIST_DESK ACTRL_PERM_4
#define ACTRL_WIN_LIST ACTRL_PERM_5
#define ACTRL_WIN_READ_ATTRIBS ACTRL_PERM_6
#define ACTRL_WIN_WRITE_ATTRIBS ACTRL_PERM_7
#define ACTRL_WIN_SCREEN ACTRL_PERM_8
#define ACTRL_WIN_EXIT ACTRL_PERM_9
#pragma warning (push)
#pragma warning (disable: 4201)
typedef struct _ACTRL_OVERLAPPED
{
union {
PVOID Provider;
ULONG Reserved1;
} DUMMYUNIONNAME;
ULONG Reserved2;
HANDLE hEvent;
} ACTRL_OVERLAPPED, *PACTRL_OVERLAPPED;
#pragma warning(pop)
typedef struct _ACTRL_ACCESS_INFOA
{
ULONG fAccessPermission;
LPSTR lpAccessPermissionName;
} ACTRL_ACCESS_INFOA, *PACTRL_ACCESS_INFOA;
typedef struct _ACTRL_ACCESS_INFOW
{
ULONG fAccessPermission;
LPWSTR lpAccessPermissionName;
} ACTRL_ACCESS_INFOW, *PACTRL_ACCESS_INFOW;
#ifdef UNICODE
typedef ACTRL_ACCESS_INFOW ACTRL_ACCESS_INFO;
typedef PACTRL_ACCESS_INFOW PACTRL_ACCESS_INFO;
#else
typedef ACTRL_ACCESS_INFOA ACTRL_ACCESS_INFO;
typedef PACTRL_ACCESS_INFOA PACTRL_ACCESS_INFO;
#endif // UNICODE
typedef struct _ACTRL_CONTROL_INFOA
{
LPSTR lpControlId;
LPSTR lpControlName;
} ACTRL_CONTROL_INFOA, *PACTRL_CONTROL_INFOA;
typedef struct _ACTRL_CONTROL_INFOW
{
LPWSTR lpControlId;
LPWSTR lpControlName;
} ACTRL_CONTROL_INFOW, *PACTRL_CONTROL_INFOW;
#ifdef UNICODE
typedef ACTRL_CONTROL_INFOW ACTRL_CONTROL_INFO;
typedef PACTRL_CONTROL_INFOW PACTRL_CONTROL_INFO;
#else
typedef ACTRL_CONTROL_INFOA ACTRL_CONTROL_INFO;
typedef PACTRL_CONTROL_INFOA PACTRL_CONTROL_INFO;
#endif // UNICODE
#define ACTRL_ACCESS_NO_OPTIONS 0x00000000
#define ACTRL_ACCESS_SUPPORTS_OBJECT_ENTRIES 0x00000001
#if (NTDDI_VERSION >= NTDDI_VISTA)
#define TREE_SEC_INFO_SET 0x00000001
#define TREE_SEC_INFO_RESET 0x00000002
#define TREE_SEC_INFO_RESET_KEEP_EXPLICIT 0x00000003
#endif // (NTDDI_VERSION >= NTDDI_VISTA)
typedef enum _PROGRESS_INVOKE_SETTING {
ProgressInvokeNever = 1, // Never invoke the progress function
ProgressInvokeEveryObject, // Invoke for each object
ProgressInvokeOnError, // Invoke only for each error case
ProgressCancelOperation, // Stop propagation and return
ProgressRetryOperation, // Retry operation on subtree
#if (NTDDI_VERSION >= NTDDI_VISTA)
ProgressInvokePrePostError, // Invoke Pre, Post, Error
#endif // (NTDDI_VERSION >= NTDDI_VISTA)
} PROG_INVOKE_SETTING, *PPROG_INVOKE_SETTING;
//
// Progress Function:
// Caller of tree operation implements this Progress function, then
// passes its function pointer to tree operation.
// Tree operation invokes Progress function to provide progress and error
// information to the caller during the potentially long execution
// of the tree operation. Tree operation provides the name of the object
// last processed and the error status of the operation on that object.
// Tree operation also passes the current InvokeSetting value.
// Caller may change the InvokeSetting value, for example, from "Always"
// to "Only On Error."
//
/*
typedef VOID (*FN_PROGRESS) (
IN LPWSTR pObjectName, // name of object just processed
IN DWORD Status, // status of operation on object
IN OUT PPROG_INVOKE_SETTING pInvokeSetting, // Never, always,
IN PVOID Args, // Caller specific data
IN BOOL SecuritySet // Whether security was set
);
*/
//
// New Object Type function pointers. TBD.
// To support additional object resource managers generically, the
// resource manager must provide it's own functions for operations
// like:
// GetAncestorAcl(IN ObjName, IN GenerationGap, IN DaclOrSacl?, ...)
// GetAncestorName(...)
// FreeNameStructure(...)
//
typedef struct _FN_OBJECT_MGR_FUNCTIONS
{
ULONG Placeholder;
} FN_OBJECT_MGR_FUNCTS, *PFN_OBJECT_MGR_FUNCTS;
//
// Name of ancestor and number of generations between
// ancestor and inheriting object.
//
// GenerationGap:
// Name of ancestor from which ACE was inherited.
// NULL for explicit ACE.
//
// AncestorName:
// Number of levels (or generations) between the object and the ancestor.
// Parent, gap=1.
// Grandparent, gap=2.
// Set to 0 for explicit ACE on object.
//
typedef struct _INHERITED_FROMA
{
LONG GenerationGap;
LPSTR AncestorName;
} INHERITED_FROMA, *PINHERITED_FROMA;
typedef struct _INHERITED_FROMW
{
LONG GenerationGap;
LPWSTR AncestorName;
} INHERITED_FROMW, *PINHERITED_FROMW;
#ifdef UNICODE
typedef INHERITED_FROMW INHERITED_FROM;
typedef PINHERITED_FROMW PINHERITED_FROM;
#else
typedef INHERITED_FROMA INHERITED_FROM;
typedef PINHERITED_FROMA PINHERITED_FROM;
#endif // UNICODE
#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP | WINAPI_PARTITION_SYSTEM) */
#pragma endregion
#ifdef __cplusplus
}
#endif
#if (_MSC_VER >= 800)
#if (_MSC_VER >= 1200)
#pragma warning(pop)
#else
#pragma warning(default:4001)
#endif
#endif
#endif /* __ACCESS_CONTROL__ */