|
|
//////////////////////////////////////////////////////////////////////
// CNTFS.h: interface for the CNTFS class.
//
// Wraps calls and logic for modifying the DACL and SACL on
// NTFS files and folders.
//
// Copyright 2003 - Kevin Hilscher (kevin@lanmagic.net)
//
//////////////////////////////////////////////////////////////////////
#if !defined(AFX_CNTFS_H__263EA1DF_0F7C_4506_AC9C_1CE0262F70DF__INCLUDED_)
#define AFX_CNTFS_H__263EA1DF_0F7C_4506_AC9C_1CE0262F70DF__INCLUDED_
#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000
#include "Accctrl.h"
// ACL Type Enum
typedef enum{
INVALID_ACL = 0, // Invalid
DACL, // Discretionary ACL
SACL, // System ACL
NUM_OF_ACL_ITEMS // Num of items in enum
} aclType;
class CNTFS
{
public:
CNTFS();
virtual ~CNTFS();
///////////////////////////////////////////////////////////////////
// DeleteDACL
//
// Purpose:
// Deletes the DACL of a file or folder.
//
// Parameters:
// I_objPath (In) - Full path to file or folder.
//
// I_removeInheritance (In) - Do you wish to also remove DACL
// inheritance? Default is TRUE.
//
// Return:
// ERROR_SUCCESS or standard Win32 error code.
///////////////////////////////////////////////////////////////////
int DeleteDACL(CString & I_objPath, BOOL I_removeInheritance);
///////////////////////////////////////////////////////////////////
// DeleteSACL
//
// Purpose:
// Deletes the SACL of a file or folder.
//
// Parameters:
// I_objPath (In) - Full path to file or folder.
//
// I_removeInheritance (In) - Do you wish to also remove SACL
// inheritance? Default is TRUE.
//
// Return:
// ERROR_SUCCESS or standard Win32 error code.
///////////////////////////////////////////////////////////////////
int DeleteSACL(CString & I_objPath, BOOL I_removeInheritance);
///////////////////////////////////////////////////////////////////
// RemoveInheritance
//
// Purpose:
// Remove the DACL or SACL inheritance attribute on a file,
// folder or registry key.
//
// Parameters:
// I_objPath (In) - Full path to file or folder.
//
// I_aclType (In) - Must be either DACL or SACL.
//
// Return:
// ERROR_SUCCESS or standard Win32 error code.
///////////////////////////////////////////////////////////////////
int RemoveInheritance(CString & I_objPath, aclType I_aclType);
///////////////////////////////////////////////////////////////////
// TakeOwnership
//
// Purpose:
// Take ownership of a file or folder. New owner can be a user
// or group, but must have take ownership permission.
//
// Parameters:
// I_objPath (In) - Full path to file or folder.
//
// I_newOwner (In) - New owner name (can be a user or group). If
// domain/computer prefix is omitted, API will attempt to resolve
// name. (eg. W2KPC001\jsmith) or (eg. jsmith)
//
// Return:
// ERROR_SUCCESS or standard Win32 error code.
///////////////////////////////////////////////////////////////////
int TakeOwnership(CString & I_objPath, CString & I_newOwner);
///////////////////////////////////////////////////////////////////
// AddACEToDACL
//
// Purpose:
// Appends an ACE to an existing file, folder, or registry DACL.
//
// Parameters:
// I_objPath (In) - Full path to file or folder.
//
// I_securityPrincipal (In) - User or group name. If
// domain/computer prefix is omitted, API will attempt to resolve
// name. (eg. W2KPC001\jsmith) or (eg. jsmith)
//
// I_objPermission (In) - Access mask (eg. FILE_ALL_ACCESS). Can
// be OR'd (eg. FILE_READ_DATA | FILE_WRITE_DATA). See WinNT.h for
// complete listing of access masks.
//
// Return:
// ERROR_SUCCESS or standard Win32 error code.
///////////////////////////////////////////////////////////////////
int AddACEToDACL(CString & I_objPath,
CString & I_securityPrincipal,
DWORD I_objPermission);
///////////////////////////////////////////////////////////////////
// AddACEToSACL
//
// Purpose:
// Appends an ACE to an existing file, folder, or registry SACL.
//
// Parameters:
// I_objPath (In) - If file or folder, full path to file or folder.
// If registry key object in the local registry, full path without
// "HKEY_" prefix. For example, "CLASSES_ROOT\somepath".
//
// I_securityPrincipal (In) - User or group name. If
// domain/computer prefix is omitted, API will attempt to resolve
// name. (eg. W2KPC001\jsmith) or (eg. jsmith).
//
// I_objPermission (In) - Access mask (eg. FILE_GENERIC_READ). Can
// be OR'd (eg. FILE_GENERIC_READ | FILE_GENERIC_WRITE).
// See WinNT.h for complete listing of access masks.
//
// I_auditSuccess (In) - TRUE or FALSE
//
// I_auditFailure (In) - TRUE or FALSE
//
// Return:
// ERROR_SUCCESS or standard Win32 error code.
///////////////////////////////////////////////////////////////////
int AddACEToSACL(CString & I_objPath,
CString & I_securityPrincipal,
DWORD I_objPermission,
BOOL I_auditSuccess,
BOOL I_auditFailure);
private:
// Resolve a user or group name to a SID.
int ResolveSID(CString & I_securityPrincipal, PSID O_pSID, BOOL O_isUser);
// Adjust token to include SE_SECURITY_NAME privilege
int AdjustToken();
// Determines if object is file, folder, or registry location
SE_OBJECT_TYPE DetermineObjectTypeFromPath(CString & I_objPath);
};
#endif // !defined(AFX_CNTFS_H__263EA1DF_0F7C_4506_AC9C_1CE0262F70DF__INCLUDED_)
|
By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.
If a file you wish to view isn't highlighted, and is a text file (not binary), please
let us know and we'll add colourisation support for it.
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.
Submit an article or tip