{******************************************************************************}
{ }
{ Access Control API interface Unit for Object Pascal }
{ }
{ Portions created by Microsoft are Copyright (C) 1995-2001 Microsoft }
{ Corporation. All Rights Reserved. }
{ }
{ The original file is: aclapi.h, released June 2000. The original Pascal }
{ code is: AclApi.pas, released December 2000. The initial developer of the }
{ Pascal code is Marcel van Brakel (brakelm att chello dott nl). }
{ }
{ Portions created by Marcel van Brakel are Copyright (C) 1999-2001 }
{ Marcel van Brakel. All Rights Reserved. }
{ }
{ Obtained through: Joint Endeavour of Delphi Innovators (Project JEDI) }
{ }
{ You may retrieve the latest version of this file at the Project JEDI }
{ APILIB home page, located at http://jedi-apilib.sourceforge.net }
{ }
{ The contents of this file are used with permission, subject to the Mozilla }
{ Public License Version 1.1 (the "License"); you may not use this file except }
{ in compliance with the License. You may obtain a copy of the License at }
{ http://www.mozilla.org/MPL/MPL-1.1.html }
{ }
{ Software distributed under the License is distributed on an "AS IS" basis, }
{ WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for }
{ the specific language governing rights and limitations under the License. }
{ }
{ Alternatively, the contents of this file may be used under the terms of the }
{ GNU Lesser General Public License (the "LGPL License"), in which case the }
{ provisions of the LGPL License are applicable instead of those above. }
{ If you wish to allow use of your version of this file only under the terms }
{ of the LGPL License and not to allow others to use your version of this file }
{ under the MPL, indicate your decision by deleting the provisions above and }
{ replace them with the notice and other provisions required by the LGPL }
{ License. If you do not delete the provisions above, a recipient may use }
{ your version of this file under either the MPL or the LGPL License. }
{ }
{ For more information about the LGPL: http://www.gnu.org/copyleft/lesser.html }
{ }
{******************************************************************************}
unit JwaAclApi;
{$WEAKPACKAGEUNIT}
{$HPPEMIT ''}
{$HPPEMIT '#include "aclapi.h"'}
{$HPPEMIT ''}
{$I jediapilib.inc}
interface
uses
JwaAccCtrl, JwaWinNT, JwaWinType;
//
// Progress Function:
// Caller of tree operation implements this Progress function, then
// passes its function pointer to tree operation.
// Tree operation invokes Progress function to provide progress and error
// information to the caller during the potentially long execution
// of the tree operation. Tree operation provides the name of the object
// last processed and the error status of the operation on that object.
// Tree operation also passes the current InvokeSetting value.
// Caller may change the InvokeSetting value, for example, from "Always"
// to "Only On Error."
//
type
FN_PROGRESS = procedure(
pObjectName: LPWSTR; // name of object just processed
Status: DWORD; // status of operation on object
var pInvokeSetting: PPROG_INVOKE_SETTING; // Never, always,
Args: PVOID; // Caller specific data
SecuritySet: BOOL // Whether security was set
); stdcall;
{$EXTERNALSYM FN_PROGRESS}
TFnProgress = FN_PROGRESS;
function SetEntriesInAclA(cCountOfExplicitEntries: ULONG;
pListOfExplicitEntries: PEXPLICIT_ACCESS_A; OldAcl: PACL;
var NewAcl: PACL): DWORD; stdcall;
{$EXTERNALSYM SetEntriesInAclA}
function SetEntriesInAclW(cCountOfExplicitEntries: ULONG;
pListOfExplicitEntries: PEXPLICIT_ACCESS_W; OldAcl: PACL;
var NewAcl: PACL): DWORD; stdcall;
{$EXTERNALSYM SetEntriesInAclW}
function SetEntriesInAcl(cCountOfExplicitEntries: ULONG;
pListOfExplicitEntries: PEXPLICIT_ACCESS; OldAcl: PACL;
var NewAcl: PACL): DWORD; stdcall;
{$EXTERNALSYM SetEntriesInAcl}
function GetExplicitEntriesFromAclA(pacl: PACL; var pcCountOfExplicitEntries: ULONG;
var pListOfExplicitEntries: PEXPLICIT_ACCESS_A): DWORD; stdcall;
{$EXTERNALSYM GetExplicitEntriesFromAclA}
function GetExplicitEntriesFromAclW(pacl: PACL; var pcCountOfExplicitEntries: ULONG;
var pListOfExplicitEntries: PEXPLICIT_ACCESS_W): DWORD; stdcall;
{$EXTERNALSYM GetExplicitEntriesFromAclW}
function GetExplicitEntriesFromAcl(pacl: PACL; var pcCountOfExplicitEntries: ULONG;
var pListOfExplicitEntries: PEXPLICIT_ACCESS): DWORD; stdcall;
{$EXTERNALSYM GetExplicitEntriesFromAcl}
function GetEffectiveRightsFromAclA(pacl: PACL; pTrustee: PTRUSTEE_A;
var pAccessRights: ACCESS_MASK): DWORD; stdcall;
{$EXTERNALSYM GetEffectiveRightsFromAclA}
function GetEffectiveRightsFromAclW(pacl: PACL; pTrustee: PTRUSTEE_W;
var pAccessRights: ACCESS_MASK): DWORD; stdcall;
{$EXTERNALSYM GetEffectiveRightsFromAclW}
function GetEffectiveRightsFromAcl(pacl: PACL; pTrustee: PTRUSTEE;
var pAccessRights: ACCESS_MASK): DWORD; stdcall;
{$EXTERNALSYM GetEffectiveRightsFromAcl}
function GetAuditedPermissionsFromAclA(pacl: PACL; pTrustee: PTRUSTEE_A;
var pSuccessfulAuditedRights, pFailedAuditRights: ACCESS_MASK): DWORD; stdcall;
{$EXTERNALSYM GetAuditedPermissionsFromAclA}
function GetAuditedPermissionsFromAclW(pacl: PACL; pTrustee: PTRUSTEE_W;
var pSuccessfulAuditedRights, pFailedAuditRights: ACCESS_MASK): DWORD; stdcall;
{$EXTERNALSYM GetAuditedPermissionsFromAclW}
function GetAuditedPermissionsFromAcl(pacl: PACL; pTrustee: PTRUSTEE;
var pSuccessfulAuditedRights, pFailedAuditRights: ACCESS_MASK): DWORD; stdcall;
{$EXTERNALSYM GetAuditedPermissionsFromAcl}
function GetNamedSecurityInfoA(pObjectName: LPSTR; ObjectType: SE_OBJECT_TYPE;
SecurityInfo: SECURITY_INFORMATION; ppsidOwner, ppsidGroup: PPSID; ppDacl,
ppSacl: PPACL; var ppSecurityDescriptor: PSECURITY_DESCRIPTOR): DWORD; stdcall;
{$EXTERNALSYM GetNamedSecurityInfoA}
function GetNamedSecurityInfoW(pObjectName: LPWSTR; ObjectType: SE_OBJECT_TYPE;
SecurityInfo: SECURITY_INFORMATION; ppsidOwner, ppsidGroup: PPSID; ppDacl,
ppSacl: PPACL; var ppSecurityDescriptor: PSECURITY_DESCRIPTOR): DWORD; stdcall;
{$EXTERNALSYM GetNamedSecurityInfoW}
function GetNamedSecurityInfo(pObjectName: LPTSTR; ObjectType: SE_OBJECT_TYPE;
SecurityInfo: SECURITY_INFORMATION; ppsidOwner, ppsidGroup: PPSID; ppDacl,
ppSacl: PPACL; var ppSecurityDescriptor: PSECURITY_DESCRIPTOR): DWORD; stdcall;
{$EXTERNALSYM GetNamedSecurityInfo}
function GetSecurityInfo(handle: HANDLE; ObjectType: SE_OBJECT_TYPE;
SecurityInfo: SECURITY_INFORMATION; ppsidOwner: PPSID; ppsidGroup: PPSID;
ppDacl, ppSacl: PPACL; var ppSecurityDescriptor: PSECURITY_DESCRIPTOR): DWORD; stdcall;
{$EXTERNALSYM GetSecurityInfo}
function SetNamedSecurityInfoA(pObjectName: LPSTR; ObjectType: SE_OBJECT_TYPE;
SecurityInfo: SECURITY_INFORMATION; psidOwner, psidGroup: PSID;
pDacl, pSacl: PACL): DWORD; stdcall;
{$EXTERNALSYM SetNamedSecurityInfoA}
function SetNamedSecurityInfoW(pObjectName: LPWSTR; ObjectType: SE_OBJECT_TYPE;
SecurityInfo: SECURITY_INFORMATION; psidOwner, psidGroup: PSID;
pDacl, pSacl: PACL): DWORD; stdcall;
{$EXTERNALSYM SetNamedSecurityInfoW}
function SetNamedSecurityInfo(pObjectName: LPTSTR; ObjectType: SE_OBJECT_TYPE;
SecurityInfo: SECURITY_INFORMATION; psidOwner, psidGroup: PSID;
pDacl, pSacl: PACL): DWORD; stdcall;
{$EXTERNALSYM SetNamedSecurityInfo}
function SetSecurityInfo(handle: HANDLE; ObjectType: SE_OBJECT_TYPE;
SecurityInfo: SECURITY_INFORMATION; psidOwner, psidGroup: PSID;
pDacl, pSacl: PACL): DWORD; stdcall;
{$EXTERNALSYM SetSecurityInfo}
function GetInheritanceSourceA(pObjectName: LPSTR; ObjectType: SE_OBJECT_TYPE;
SecurityInfo: SECURITY_INFORMATION; Container: BOOL; pObjectClassGuids: LPGUID;
GuidCount: DWORD; pAcl: PACL; pfnArray: PFN_OBJECT_MGR_FUNCTS;
pGenericMapping: PGENERIC_MAPPING; pInheritArray: PINHERITED_FROMA): DWORD; stdcall;
{$EXTERNALSYM GetInheritanceSourceA}
function GetInheritanceSourceW(pObjectName: LPWSTR; ObjectType: SE_OBJECT_TYPE;
SecurityInfo: SECURITY_INFORMATION; Container: BOOL; pObjectClassGuids: LPGUID;
GuidCount: DWORD; pAcl: PACL; pfnArray: PFN_OBJECT_MGR_FUNCTS;
pGenericMapping: PGENERIC_MAPPING; pInheritArray: PINHERITED_FROMW): DWORD; stdcall;
{$EXTERNALSYM GetInheritanceSourceW}
function GetInheritanceSource(pObjectName: LPTSTR; ObjectType: SE_OBJECT_TYPE;
SecurityInfo: SECURITY_INFORMATION; Container: BOOL; pObjectClassGuids: LPGUID;
GuidCount: DWORD; pAcl: PACL; pfnArray: PFN_OBJECT_MGR_FUNCTS;
pGenericMapping: PGENERIC_MAPPING; pInheritArray: PINHERITED_FROM): DWORD; stdcall;
{$EXTERNALSYM GetInheritanceSource}
function FreeInheritedFromArray(pInheritArray: PINHERITED_FROMW; AceCnt: USHORT;
pfnArray: PFN_OBJECT_MGR_FUNCTS): DWORD; stdcall;
{$EXTERNALSYM FreeInheritedFromArray}
function TreeResetNamedSecurityInfoA(pObjectName: LPSTR; ObjectType: SE_OBJECT_TYPE;
SecurityInfo: SECURITY_INFORMATION; pOwner, pGroup: PSID; pDacl, pSacl: PACL;
KeepExplicit: BOOL; fnProgress: FN_PROGRESS; ProgressInvokeSetting: PROG_INVOKE_SETTING;
Args: PVOID): DWORD; stdcall;
{$EXTERNALSYM TreeResetNamedSecurityInfoA}
function TreeResetNamedSecurityInfoW(pObjectName: LPWSTR; ObjectType: SE_OBJECT_TYPE;
SecurityInfo: SECURITY_INFORMATION; pOwner, pGroup: PSID; pDacl, pSacl: PACL;
KeepExplicit: BOOL; fnProgress: FN_PROGRESS; ProgressInvokeSetting: PROG_INVOKE_SETTING;
Args: PVOID): DWORD; stdcall;
{$EXTERNALSYM TreeResetNamedSecurityInfoW}
function TreeResetNamedSecurityInfo(pObjectName: LPTSTR; ObjectType: SE_OBJECT_TYPE;
SecurityInfo: SECURITY_INFORMATION; pOwner, pGroup: PSID; pDacl, pSacl: PACL;
KeepExplicit: BOOL; fnProgress: FN_PROGRESS; ProgressInvokeSetting: PROG_INVOKE_SETTING;
Args: PVOID): DWORD; stdcall;
{$EXTERNALSYM TreeResetNamedSecurityInfo}
//----------------------------------------------------------------------------
// The following API are provided for trusted servers to use to
// implement access control on their own objects.
//----------------------------------------------------------------------------
function BuildSecurityDescriptorA(pOwner: PTRUSTEE_A; pGroup: PTRUSTEE_A;
cCountOfAccessEntries: ULONG; pListOfAccessEntries: PEXPLICIT_ACCESS_A;
cCountOfAuditEntries: ULONG; pListOfAuditEntries: PEXPLICIT_ACCESS_A;
pOldSD: PSECURITY_DESCRIPTOR; var pSizeNewSD: ULONG;
var pNewSD: PSECURITY_DESCRIPTOR): DWORD; stdcall;
{$EXTERNALSYM BuildSecurityDescriptorA}
function BuildSecurityDescriptorW(pOwner: PTRUSTEE_W; pGroup: PTRUSTEE_W;
cCountOfAccessEntries: ULONG; pListOfAccessEntries: PEXPLICIT_ACCESS_W;
cCountOfAuditEntries: ULONG; pListOfAuditEntries: PEXPLICIT_ACCESS_W;
pOldSD: PSECURITY_DESCRIPTOR; var pSizeNewSD: ULONG;
var pNewSD: PSECURITY_DESCRIPTOR): DWORD; stdcall;
{$EXTERNALSYM BuildSecurityDescriptorW}
function BuildSecurityDescriptor(pOwner: PTRUSTEE; pGroup: PTRUSTEE;
cCountOfAccessEntries: ULONG; pListOfAccessEntries: PEXPLICIT_ACCESS;
cCountOfAuditEntries: ULONG; pListOfAuditEntries: PEXPLICIT_ACCESS;
pOldSD: PSECURITY_DESCRIPTOR; var pSizeNewSD: ULONG;
var pNewSD: PSECURITY_DESCRIPTOR): DWORD; stdcall;
{$EXTERNALSYM BuildSecurityDescriptor}
function LookupSecurityDescriptorPartsA(pOwner, pGroup: PPTRUSTEE_A;
cCountOfAccessEntries: PULONG; pListOfAccessEntries: PEXPLICIT_ACCESS_A;
cCountOfAuditEntries: PULONG; pListOfAuditEntries: PEXPLICIT_ACCESS_A;
var pSD: SECURITY_DESCRIPTOR): DWORD; stdcall;
{$EXTERNALSYM LookupSecurityDescriptorPartsA}
function LookupSecurityDescriptorPartsW(pOwner, pGroup: PPTRUSTEE_W;
cCountOfAccessEntries: PULONG; pListOfAccessEntries: PEXPLICIT_ACCESS_W;
cCountOfAuditEntries: PULONG; pListOfAuditEntries: PEXPLICIT_ACCESS_W;
var pSD: SECURITY_DESCRIPTOR): DWORD; stdcall;
{$EXTERNALSYM LookupSecurityDescriptorPartsW}
function LookupSecurityDescriptorParts(pOwner, pGroup: PPTRUSTEE;
cCountOfAccessEntries: PULONG; pListOfAccessEntries: PEXPLICIT_ACCESS;
cCountOfAuditEntries: PULONG; pListOfAuditEntries: PEXPLICIT_ACCESS;
var pSD: SECURITY_DESCRIPTOR): DWORD; stdcall;
{$EXTERNALSYM LookupSecurityDescriptorParts}
//----------------------------------------------------------------------------
// The following helper API are provided for building
// access control structures.
//----------------------------------------------------------------------------
procedure BuildExplicitAccessWithNameA(pExplicitAccess: PEXPLICIT_ACCESS_A;