1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
|
/*++
Copyright (c) 1993 Microsoft Corporation
Module Name:
nwrights.h
Abstract:
This module contains the prototypes for the
routines called to manipulate security descriptors.
Author:
Chuck Y. Chan (chuckc)
Revision History:
ChuckC 24th Oct 1993 Created
--*/
//
// structure used to define how a single NW Right maps to
// an NT Access mask.
//
typedef struct _NW_TO_NT_MAPPING {
ULONG NWRight ;
ULONG NTAccess ;
} NW_TO_NT_MAPPING, *PNW_TO_NT_MAPPING ;
//
// structure used to define how the Rights for a Netware object maps
// to the corresponding NT AccessMasks.
//
// first entry is the AceFlags to distinguish between ACE for the Object
// and ACE for inheritted objects
//
// the GENERIC_MAPPING structure should match that already defined for
// the NT object in question.
//
// the array of NW mappings defines the NT Access Mask for each NW Right
// the object uses. the last entry should be {0, 0}.
//
// for example, file object mappings:
//
// RIGHTS_MAPPING FileRightsMapping =
// {
// 0,
// { FILE_GENERIC_READ,
// FILE_GENERIC_WRITE,
// FILE_GENERIC_EXECUTE,
// FILE_ALL_ACCESS
// },
// { { NW_FILE_READ, GENERIC_READ }
// { NW_FILE_WRITE, GENERIC_WRITE }
// { NW_FILE_CREATE, 0 }
// { NW_FILE_DELETE, GENERIC_WRITE }
// { NW_FILE_PERM, WRITE_DAC }
// { NW_FILE_SCAN, 0 }
// { NW_FILE_MODIFY, GENERIC_WRITE }
// { NW_FILE_SUPERVISOR, GENERIC_ALL }
// { 0, 0 }
// }
// } ;
//
//
typedef struct _RIGHTS_MAPPING {
ULONG NtAceFlags ;
GENERIC_MAPPING GenericMapping ;
NW_TO_NT_MAPPING Nw2NtMapping[] ;
} RIGHTS_MAPPING, *PRIGHTS_MAPPING ;
//
// define the NW_FILE_* rights
//
#define NW_FILE_READ 0x0001
#define NW_FILE_WRITE 0x0002
#define NW_FILE_CREATE 0x0008
#define NW_FILE_DELETE 0x0010
#define NW_FILE_PERM 0x0020
#define NW_FILE_SCAN 0x0040
#define NW_FILE_MODIFY 0x0080
#define NW_FILE_SUPERVISOR 0x0100
#define NW_PRINT_USER 0x0001
#define NW_PRINT_ADMIN 0x0002
#define NW_PRINTJOB_ADMIN 0x0004
//
// #define these so they can be changed easily. these macros
// should be used to free the memory allocated by the routines in
// this module.
//
#define NW_ALLOC(x) ((LPBYTE)LocalAlloc(LPTR,x))
#define NW_FREE(p) ((void)LocalFree((HLOCAL)p))
//
// predefined mappings (defined in nwrights.c)
//
extern RIGHTS_MAPPING FileRightsMapping ;
extern RIGHTS_MAPPING DirRightsMapping ;
extern RIGHTS_MAPPING PrintRightsMapping ;
extern RIGHTS_MAPPING JobRightsMapping ;
//
// function prototypes. details of parameters can be found in nwrights.c
//
NTSTATUS
NwAddRight(
PSECURITY_DESCRIPTOR pSD,
PSID pSid,
ULONG Rights,
PRIGHTS_MAPPING pMap,
PSECURITY_DESCRIPTOR *ppNewSD
) ;
NTSTATUS
NwRemoveRight(
PSECURITY_DESCRIPTOR pSD,
PSID pSid,
ULONG Rights,
PRIGHTS_MAPPING pMap
) ;
NTSTATUS
NwCheckTrusteeRights(
PSECURITY_DESCRIPTOR pSD,
PSID pSid,
ULONG Rights,
PRIGHTS_MAPPING pMap
) ;
NTSTATUS
NwScanTrustees(
PSECURITY_DESCRIPTOR pSD,
PSID **pppSids,
ULONG **ppRights,
ULONG *pCount,
BOOL fAccessRightsOnly,
PRIGHTS_MAPPING pMapObject,
PRIGHTS_MAPPING pMapNewObject
) ;
NTSTATUS MapNwRightsToNTAccess(
ULONG NWRights,
PRIGHTS_MAPPING pMap,
ACCESS_MASK *pAccessMask
) ;
NTSTATUS MapSpecificToGeneric(
ACCESS_MASK * pAccessMask,
PGENERIC_MAPPING pGenMapping ) ;
NTSTATUS CreateNewSecurityDescriptor(
PSECURITY_DESCRIPTOR *ppNewSD,
PSECURITY_DESCRIPTOR pSD,
PACL pAcl) ;
|
