134 lines
3.3 KiB
C
134 lines
3.3 KiB
C
|
//+--------------------------------------------------------------------------
|
||
|
|
// File: officer.h
|
||
|
|
// Contents: officer rights classes
|
||
|
|
//---------------------------------------------------------------------------
|
||
|
|
#include "sid.h"
|
||
|
|
#include "tptrlist.h"
|
||
|
|
|
||
|
|
namespace CertSrv
|
||
|
|
{
|
||
|
|
|
||
|
|
class CClientPermission
|
||
|
|
{
|
||
|
|
public:
|
||
|
|
CClientPermission(BOOL fAllow, PSID pSid);
|
||
|
|
~CClientPermission() {}
|
||
|
|
|
||
|
|
static BOOL IsInitialized(CClientPermission* pObj)
|
||
|
|
{
|
||
|
|
return NULL != pObj &&
|
||
|
|
NULL != ((PSID)pObj->m_Sid);
|
||
|
|
}
|
||
|
|
void SetPermission(BOOL fAllow) { m_fAllow = fAllow;}
|
||
|
|
BOOL GetPermission() { return m_fAllow; }
|
||
|
|
LPCWSTR GetName() { return m_Sid.GetName(); }
|
||
|
|
PSID GetSid() { return m_Sid.GetSid(); }
|
||
|
|
friend class COfficerRights;
|
||
|
|
BOOL operator==(const CClientPermission& rhs)
|
||
|
|
{
|
||
|
|
return EqualSid(GetSid(),
|
||
|
|
(const_cast<CClientPermission&>(rhs)).GetSid());
|
||
|
|
}
|
||
|
|
|
||
|
|
protected:
|
||
|
|
BOOL m_fAllow;
|
||
|
|
CSid m_Sid;
|
||
|
|
};
|
||
|
|
|
||
|
|
class COfficerRights
|
||
|
|
{
|
||
|
|
public:
|
||
|
|
COfficerRights() : m_pSid(NULL), m_List() {}
|
||
|
|
~COfficerRights() { delete m_pSid; }
|
||
|
|
|
||
|
|
HRESULT Init(PACCESS_ALLOWED_CALLBACK_ACE pAce);
|
||
|
|
HRESULT Add(PSID pSID, BOOL fAllow);
|
||
|
|
HRESULT RemoveAt(DWORD dwIndex)
|
||
|
|
{
|
||
|
|
return m_List.RemoveAt(dwIndex)?S_OK:E_INVALIDARG;
|
||
|
|
}
|
||
|
|
HRESULT SetAt(DWORD dwIndex, BOOL fAllow)
|
||
|
|
{
|
||
|
|
CClientPermission *pClient = m_List.GetAt(dwIndex);
|
||
|
|
if(!pClient)
|
||
|
|
return E_INVALIDARG;
|
||
|
|
pClient->SetPermission(fAllow);
|
||
|
|
return S_OK;
|
||
|
|
}
|
||
|
|
CClientPermission* GetAt(DWORD dwIndex)
|
||
|
|
{
|
||
|
|
return m_List.GetAt(dwIndex);
|
||
|
|
}
|
||
|
|
|
||
|
|
DWORD Find(PSID pSid);
|
||
|
|
DWORD GetCount() { return m_List.GetCount(); }
|
||
|
|
LPCWSTR GetName() { return m_pSid->GetName(); };
|
||
|
|
PSID GetSid() { return m_pSid->GetSid(); }
|
||
|
|
|
||
|
|
friend class COfficerRightsList;
|
||
|
|
|
||
|
|
protected:
|
||
|
|
|
||
|
|
DWORD GetAceSize(BOOL fAllow);
|
||
|
|
HRESULT AddAce(PACL pAcl, BOOL fAllow);
|
||
|
|
HRESULT AddSidList(PACCESS_ALLOWED_CALLBACK_ACE pAce);
|
||
|
|
|
||
|
|
void Cleanup()
|
||
|
|
{
|
||
|
|
if (m_pSid)
|
||
|
|
{
|
||
|
|
delete m_pSid;
|
||
|
|
m_pSid=NULL;
|
||
|
|
}
|
||
|
|
m_List.Cleanup();
|
||
|
|
}
|
||
|
|
// following bools are used to decide if this COfficerRights has to
|
||
|
|
// be represented as one or two aces (allow/deny) in the ACL
|
||
|
|
CSid* m_pSid; // use pointer instead of member object because
|
||
|
|
// we don't know the sid at construct time
|
||
|
|
TPtrList<CClientPermission> m_List;
|
||
|
|
};
|
||
|
|
|
||
|
|
class COfficerRightsList
|
||
|
|
{
|
||
|
|
public:
|
||
|
|
COfficerRightsList() : m_List(NULL), m_dwCountList(0) {}
|
||
|
|
~COfficerRightsList();
|
||
|
|
|
||
|
|
HRESULT Load(PSECURITY_DESCRIPTOR pSD);
|
||
|
|
HRESULT Save(PSECURITY_DESCRIPTOR &rpSD);
|
||
|
|
COfficerRights* GetAt(DWORD dwIndex)
|
||
|
|
{
|
||
|
|
if(dwIndex>=m_dwCountList)
|
||
|
|
return NULL;
|
||
|
|
return m_List[dwIndex];
|
||
|
|
}
|
||
|
|
|
||
|
|
DWORD GetCount() { return m_dwCountList;}
|
||
|
|
|
||
|
|
void Dump();
|
||
|
|
void Cleanup()
|
||
|
|
{
|
||
|
|
if (m_List != NULL)
|
||
|
|
{
|
||
|
|
for(DWORD dwCount=0;dwCount<m_dwCountList;dwCount++)
|
||
|
|
{
|
||
|
|
if (m_List[dwCount] != NULL)
|
||
|
|
delete m_List[dwCount];
|
||
|
|
}
|
||
|
|
|
||
|
|
LocalFree(m_List);
|
||
|
|
m_List = NULL;
|
||
|
|
}
|
||
|
|
m_dwCountList = 0;
|
||
|
|
}
|
||
|
|
|
||
|
|
protected:
|
||
|
|
|
||
|
|
HRESULT BuildAcl(PACL &rpAcl);
|
||
|
|
COfficerRights **m_List;
|
||
|
|
DWORD m_dwCountList;
|
||
|
|
};
|
||
|
|
|
||
|
|
}; // namespace CertSrv
|