windows-nt/Source/XPSP1/NT/ds/security/services/ca/certmmc/officer.h
2020-09-26 16:20:57 +08:00

134 lines
3.3 KiB
C++

//+--------------------------------------------------------------------------
// File: officer.h
// Contents: officer rights classes
//---------------------------------------------------------------------------
#include "sid.h"
#include "tptrlist.h"
namespace CertSrv
{
class CClientPermission
{
public:
CClientPermission(BOOL fAllow, PSID pSid);
~CClientPermission() {}
static BOOL IsInitialized(CClientPermission* pObj)
{
return NULL != pObj &&
NULL != ((PSID)pObj->m_Sid);
}
void SetPermission(BOOL fAllow) { m_fAllow = fAllow;}
BOOL GetPermission() { return m_fAllow; }
LPCWSTR GetName() { return m_Sid.GetName(); }
PSID GetSid() { return m_Sid.GetSid(); }
friend class COfficerRights;
BOOL operator==(const CClientPermission& rhs)
{
return EqualSid(GetSid(),
(const_cast<CClientPermission&>(rhs)).GetSid());
}
protected:
BOOL m_fAllow;
CSid m_Sid;
};
class COfficerRights
{
public:
COfficerRights() : m_pSid(NULL), m_List() {}
~COfficerRights() { delete m_pSid; }
HRESULT Init(PACCESS_ALLOWED_CALLBACK_ACE pAce);
HRESULT Add(PSID pSID, BOOL fAllow);
HRESULT RemoveAt(DWORD dwIndex)
{
return m_List.RemoveAt(dwIndex)?S_OK:E_INVALIDARG;
}
HRESULT SetAt(DWORD dwIndex, BOOL fAllow)
{
CClientPermission *pClient = m_List.GetAt(dwIndex);
if(!pClient)
return E_INVALIDARG;
pClient->SetPermission(fAllow);
return S_OK;
}
CClientPermission* GetAt(DWORD dwIndex)
{
return m_List.GetAt(dwIndex);
}
DWORD Find(PSID pSid);
DWORD GetCount() { return m_List.GetCount(); }
LPCWSTR GetName() { return m_pSid->GetName(); };
PSID GetSid() { return m_pSid->GetSid(); }
friend class COfficerRightsList;
protected:
DWORD GetAceSize(BOOL fAllow);
HRESULT AddAce(PACL pAcl, BOOL fAllow);
HRESULT AddSidList(PACCESS_ALLOWED_CALLBACK_ACE pAce);
void Cleanup()
{
if (m_pSid)
{
delete m_pSid;
m_pSid=NULL;
}
m_List.Cleanup();
}
// following bools are used to decide if this COfficerRights has to
// be represented as one or two aces (allow/deny) in the ACL
CSid* m_pSid; // use pointer instead of member object because
// we don't know the sid at construct time
TPtrList<CClientPermission> m_List;
};
class COfficerRightsList
{
public:
COfficerRightsList() : m_List(NULL), m_dwCountList(0) {}
~COfficerRightsList();
HRESULT Load(PSECURITY_DESCRIPTOR pSD);
HRESULT Save(PSECURITY_DESCRIPTOR &rpSD);
COfficerRights* GetAt(DWORD dwIndex)
{
if(dwIndex>=m_dwCountList)
return NULL;
return m_List[dwIndex];
}
DWORD GetCount() { return m_dwCountList;}
void Dump();
void Cleanup()
{
if (m_List != NULL)
{
for(DWORD dwCount=0;dwCount<m_dwCountList;dwCount++)
{
if (m_List[dwCount] != NULL)
delete m_List[dwCount];
}
LocalFree(m_List);
m_List = NULL;
}
m_dwCountList = 0;
}
protected:
HRESULT BuildAcl(PACL &rpAcl);
COfficerRights **m_List;
DWORD m_dwCountList;
};
}; // namespace CertSrv