Gray C++ Libraries  0.0.2
A set of C++ libraries for MSVC, GNU on Windows, WinCE, Linux
cSecurityAttributes.h
Go to the documentation of this file.
1 //
4 //
5 
6 #ifndef _INC_cSecurityAttributes_H
7 #define _INC_cSecurityAttributes_H
8 #ifndef NO_PRAGMA_ONCE
9 #pragma once
10 #endif
11 
12 #include "cWinHeap2.h"
13 
14 #if defined(_WIN32) && ! defined(UNDER_CE)
15 #include <accctrl.h>
16 
17 #ifdef __GNUC__
18 #define SDDL_REVISION_1 1
19 enum WELL_KNOWN_SID_TYPE
20 {
21  WinNullSid = 0,
22  WinWorldSid = 1,
23  WinLocalSid = 2,
24 };
25 #define SID_MAX_SUB_AUTHORITIES 15
26 #define SECURITY_MAX_SID_SIZE (sizeof(SID) - sizeof(DWORD) + (SID_MAX_SUB_AUTHORITIES * sizeof(DWORD)))
27 #endif
28 
29 namespace Gray
30 {
31  class GRAYCORE_LINK cSecurityId : private CWinLocalT < SID >
32  {
44 
45  typedef CWinLocalT<SID> SUPER_t;
46  public:
47  cSecurityId();
48  cSecurityId(WELL_KNOWN_SID_TYPE eWellKnownSidType);
49  ~cSecurityId();
50 
51  SID* get_SID() const
52  {
53  // like PSID and PISID // variable length?
54  return SUPER_t::get_Data();
55  }
56  operator SID*()
57  {
58  return get_SID();
59  }
60  bool isValid() const
61  {
62  if (get_Data() == nullptr)
63  return false;
64  return ::IsValidSid(get_Data());
65  }
66 
67  size_t get_Length() const
68  {
69  return ::GetLengthSid(get_SID());
70  }
71 
72  bool SetSID(SID* pSID);
73  cString GetStringSID() const;
74  bool SetStringSID(const GChar_t* pszSID);
75 
76  HRESULT SetByUserName(const GChar_t* pszUserName);
77  };
78 
79  class GRAYCORE_LINK cSecurityACL : private CWinLocalT < ACL >
80  {
86 
87  typedef CWinLocalT<ACL> SUPER_t;
88  public:
89  cSecurityACL(SID* pSidFirst = nullptr, DWORD dwAccessMask = GENERIC_ALL);
90  ~cSecurityACL();
91 
92  ACL* get_ACL() const
93  {
94  return SUPER_t::get_Data();
95  }
96  operator ACL*()
97  {
98  return get_ACL();
99  }
100  bool isValid() const
101  {
102  if (get_ACL() == nullptr)
103  return false;
104  return(::IsValidAcl(get_ACL()));
105  }
106  int get_AceCount() const
107  {
108  if (get_ACL() == nullptr)
109  return 0;
110  return get_ACL()->AceCount;
111  }
112 
113  bool AddAllowedAce(SID* pSid, DWORD dwAccessMask = GENERIC_ALL);
114  };
115 
116  class GRAYCORE_LINK cSecurityDesc : public CWinLocalT < SECURITY_DESCRIPTOR >
117  {
122 
123  public:
124  static const FILECHAR_t* k_szLowIntegrity; // L"S:(ML;;NW;;;LW)";
125 
126  public:
127  cSecurityDesc(ACL* pDacl = nullptr);
128  cSecurityDesc(const FILECHAR_t* pszSaclName);
129  ~cSecurityDesc();
130 
131  bool InitSecurityDesc(const FILECHAR_t* pszSaclName);
132  bool InitLowIntegrity();
133 
134  operator SECURITY_DESCRIPTOR*()
135  {
136  return get_Data();
137  }
138  static bool GRAYCALL IsValid(SECURITY_DESCRIPTOR* pSD) noexcept
139  {
140  if (pSD == nullptr) // null is valid.
141  return true;
142  return ::IsValidSecurityDescriptor(pSD);
143  }
144  bool isValid() const noexcept
145  {
146  return IsValid(get_Data());
147  }
148  ACL* GetSacl(BOOL* pbSaclPresent = nullptr, BOOL* pbSaclDefaulted = nullptr) const
149  {
151  ACL* pSacl = nullptr;
152  if (!::GetSecurityDescriptorSacl(get_Data(), pbSaclPresent, &pSacl, pbSaclDefaulted))
153  {
154  return nullptr;
155  }
156  return(pSacl);
157  }
158  BOOL SetSacl(ACL* pSacl, bool bSaclPresent = true, bool bSaclDefaulted = false)
159  {
160  return ::SetSecurityDescriptorSacl(get_Data(), bSaclPresent, pSacl, bSaclDefaulted);
161  }
162 #if 0
163  BOOL SetSaclRules(size_t nCount, EXPLICIT_ACCESS* pRules)
164  {
165  ACL* pSacl = nullptr;
166  LSTATUS iRet = ::SetEntriesInAcl(nCount, pRules, nullptr, &pSacl);
167  if (iRet != NO_ERROR)
168  return false;
169  return SetSacl(pSacl);
170  }
171 #endif
172 
173  ACL* GetDacl(BOOL* pbDaclPresent = nullptr, BOOL* pbDaclDefaulted = nullptr) const
174  {
176  ACL* pDacl = nullptr;
177  if (!::GetSecurityDescriptorDacl(get_Data(), pbDaclPresent, &pDacl, pbDaclDefaulted))
178  {
179  return nullptr;
180  }
181  return(pDacl);
182  }
183  BOOL SetDacl(ACL* pDacl, bool bDaclPresent = true, bool bDaclDefaulted = false)
184  {
185  return ::SetSecurityDescriptorDacl(get_Data(), bDaclPresent, pDacl, bDaclDefaulted);
186  }
187  BOOL SetOwner(PSID pOwner = nullptr, BOOL bOwnerDefaulted = true)
188  {
189  // default = clear.
190  return ::SetSecurityDescriptorOwner(get_Data(), pOwner, bOwnerDefaulted);
191  }
192 
193  bool AttachToObject(HANDLE hObject, SE_OBJECT_TYPE type = SE_KERNEL_OBJECT) const;
194  };
195 
196  class GRAYCORE_LINK cSecurityAttributes : public SECURITY_ATTRIBUTES
197  {
202 
203  public:
204  cSecurityDesc m_sd;
205 
206  protected:
207  void UpdateSecurityDescriptor();
208 
209  public:
210  cSecurityAttributes(bool bInheritHandle = false, ACL* pDacl = nullptr);
211  cSecurityAttributes(bool bInheritHandle, const FILECHAR_t* pszSaclName);
212  ~cSecurityAttributes(void);
213 
214  operator SECURITY_ATTRIBUTES*()
215  {
216  return static_cast<SECURITY_ATTRIBUTES*>(this);
217  }
218  bool isValid() const noexcept;
219 
220  UNITTEST_FRIEND(cSecurityAttributes);
221  };
222 
223  class GRAYCORE_LINK cSecurityAttribsLowIntegrity : public cSecurityAttributes
224  {
227  public:
228  cSecurityAttribsLowIntegrity(bool bInheritHandle = false)
229  : cSecurityAttributes(bInheritHandle, cSecurityDesc::k_szLowIntegrity)
230  {
231  }
232  ~cSecurityAttribsLowIntegrity()
233  {
234  }
235  };
236 
237  class GRAYCORE_LINK cSecurityAttribsWKS : public cSecurityAttributes
238  {
242  public:
243  cSecurityAttribsWKS(WELL_KNOWN_SID_TYPE eWellKnownSidType = WinLocalSid, DWORD dwAccess = GENERIC_ALL, bool bInheritHandle = true)
244  : cSecurityAttributes(bInheritHandle)
245  , m_sid(eWellKnownSidType)
246  , m_dacl(m_sid, dwAccess)
247  {
248  m_sd.SetDacl(m_dacl);
249  UpdateSecurityDescriptor();
250  }
251  ~cSecurityAttribsWKS()
252  {
253  }
254  public:
255  cSecurityId m_sid;
256  cSecurityACL m_dacl;
257  };
258 };
259 #endif // _WIN32
260 #endif // cSecurityAttributes
GRAYCORE_LINK
#define GRAYCORE_LINK
Definition: GrayCore.h:47
GRAYCALL
#define GRAYCALL
declare calling convention for static functions so everyone knows the arg passing scheme....
Definition: GrayCore.h:36
HRESULT
INT32 HRESULT
_WIN32 style error codes. INT32
Definition: SysTypes.h:465
UNITTEST_FRIEND
#define UNITTEST_FRIEND(n)
Define this in the class body to be unit tested. Allow the unit test to access private/protected stuf...
Definition: cUnitTestDecl.h:17
Gray
< The main namespace for all Core functions.
Definition: GrayCore.cpp:14
Gray::LSTATUS
LONG LSTATUS
AKA error_status_t. FACILITY_WIN32 codes returned from RegCreateKeyEx() etc. Maybe NOT GetLastError()...
Definition: HResult.h:74
Gray::FILECHAR_t
char FILECHAR_t
a UTF8 char in a file name. like TCHAR
Definition: FileName.h:22
Gray::GChar_t
char GChar_t
My version of TCHAR, _TCHAR.
Definition: StrConst.h:26
Gray::cString
cStringT< GChar_t > cString
Definition: cString.h:636