sdk/inc/aclutil.h - wix - Git at Google

 #pragma once
 //-------------------------------------------------------------------------------------------------
 // <copyright file="aclutil.h" company="Microsoft">
 //    Copyright (c) Microsoft Corporation.  All rights reserved.
 //
 //    The use and distribution terms for this software are covered by the
 //    Common Public License 1.0 (http://opensource.org/licenses/cpl1.0.php)
 //    which can be found in the file CPL.TXT at the root of this distribution.
 //    By using this software in any fashion, you are agreeing to be bound by
 //    the terms of this license.
 //
 //    You must not remove this notice, or any other, from this software.
 // </copyright>
 //
 // <summary>
 //    Access Control List helper functions.
 // </summary>
 //-------------------------------------------------------------------------------------------------

 #include <aclapi.h>
 #include <sddl.h>

 #define ReleaseSid(x) if (x) { AclFreeSid(x); }
 #define ReleaseNullSid(x) if (x) { AclFreeSid(x); x = NULL; }

 #ifdef __cplusplus
 extern "C" {
 #endif

 // structs
 struct ACL_ACCESS
 {
     BOOL fDenyAccess;
     DWORD dwAccessMask;

     // TODO: consider using a union
     LPCWSTR pwzAccountName;   // NOTE: the last three items in this structure are ignored if this is not NULL

     SID_IDENTIFIER_AUTHORITY sia;  // used if pwzAccountName is NULL
     BYTE nSubAuthorityCount;
     DWORD nSubAuthority[8];
 };

 struct ACL_ACE
 {
     DWORD dwFlags;
     DWORD dwMask;
     PSID psid;
 };


 // functions
 HRESULT DAPI AclCheckAccess(
     __in HANDLE hToken,
     __in ACL_ACCESS* paa
     );
 HRESULT DAPI AclCheckAdministratorAccess(
     __in HANDLE hToken
     );
 HRESULT DAPI AclCheckLocalSystemAccess(
     __in HANDLE hToken
     );

 HRESULT DAPI AclGetWellKnownSid(
     __in WELL_KNOWN_SID_TYPE wkst,
     __deref_out PSID* ppsid
     );
 HRESULT DAPI AclGetAccountSid(
     __in_opt LPCWSTR wzSystem,
     __in_z LPCWSTR wzAccount,
     __deref_out PSID* ppsid
     );
 HRESULT DAPI AclGetAccountSidString(
     __in_z LPCWSTR wzSystem,
     __in_z LPCWSTR wzAccount,
     __deref_out_z LPWSTR* ppwzSid
     );

 HRESULT DAPI AclCreateDacl(
     __in_ecount(cDeny) ACL_ACE rgaaDeny[],
     __in DWORD cDeny,
     __in_ecount(cAllow) ACL_ACE rgaaAllow[],
     __in DWORD cAllow,
     __deref_out ACL** ppAcl
     );
 HRESULT DAPI AclAddToDacl(
     __in ACL* pAcl,
     __in_ecount_opt(cDeny) const ACL_ACE rgaaDeny[],
     __in DWORD cDeny,
     __in_ecount_opt(cAllow) const ACL_ACE rgaaAllow[],
     __in DWORD cAllow,
     __deref_out ACL** ppAclNew
     );
 HRESULT DAPI AclMergeDacls(
     __in const ACL* pAcl1,
     __in const ACL* pAcl2,
     __deref_out ACL** ppAclNew
     );
 HRESULT DAPI AclCreateDaclOld(
     __in_ecount(cAclAccesses) ACL_ACCESS* paa,
     __in DWORD cAclAccesses,
     __deref_out ACL** ppAcl
     );
 HRESULT DAPI AclCreateSecurityDescriptor(
     __in_ecount(cAclAccesses) ACL_ACCESS* paa,
     __in DWORD cAclAccesses,
     __deref_out SECURITY_DESCRIPTOR** ppsd
     );
 HRESULT DAPI AclCreateSecurityDescriptorFromDacl(
     __in ACL* pACL,
     __deref_out SECURITY_DESCRIPTOR** ppsd
     );
 HRESULT __cdecl AclCreateSecurityDescriptorFromString(
     __deref_out SECURITY_DESCRIPTOR** ppsd,
     __in_z __format_string LPCWSTR wzSddlFormat,
     ...
     );
 HRESULT DAPI AclDuplicateSecurityDescriptor(
     __in SECURITY_DESCRIPTOR* psd,
     __deref_out SECURITY_DESCRIPTOR** ppsd
     );
 HRESULT DAPI AclGetSecurityDescriptor(
     __in_z LPCWSTR wzObject,
     __in SE_OBJECT_TYPE sot,
     __deref_out SECURITY_DESCRIPTOR** ppsd
     );

 HRESULT DAPI AclFreeSid(
     __in PSID psid
     );
 HRESULT DAPI AclFreeDacl(
     __in ACL* pACL
     );
 HRESULT DAPI AclFreeSecurityDescriptor(
     __in SECURITY_DESCRIPTOR* psd
     );

 HRESULT DAPI AclAddAdminToSecurityDescriptor(
     __in SECURITY_DESCRIPTOR* pSecurity,
     __deref_out SECURITY_DESCRIPTOR** ppSecurityNew
     );
 #ifdef __cplusplus
 }
 #endif
	#pragma once
	//-------------------------------------------------------------------------------------------------
	// <copyright file="aclutil.h" company="Microsoft">
	// Copyright (c) Microsoft Corporation. All rights reserved.
	//
	// The use and distribution terms for this software are covered by the
	// Common Public License 1.0 (http://opensource.org/licenses/cpl1.0.php)
	// which can be found in the file CPL.TXT at the root of this distribution.
	// By using this software in any fashion, you are agreeing to be bound by
	// the terms of this license.
	//
	// You must not remove this notice, or any other, from this software.
	// </copyright>
	//
	// <summary>
	// Access Control List helper functions.
	// </summary>
	//-------------------------------------------------------------------------------------------------

	#include <aclapi.h>
	#include <sddl.h>

	#define ReleaseSid(x) if (x) { AclFreeSid(x); }
	#define ReleaseNullSid(x) if (x) { AclFreeSid(x); x = NULL; }

	#ifdef __cplusplus
	extern "C" {
	#endif

	// structs
	struct ACL_ACCESS
	{
	BOOL fDenyAccess;
	DWORD dwAccessMask;

	// TODO: consider using a union
	LPCWSTR pwzAccountName; // NOTE: the last three items in this structure are ignored if this is not NULL

	SID_IDENTIFIER_AUTHORITY sia; // used if pwzAccountName is NULL
	BYTE nSubAuthorityCount;
	DWORD nSubAuthority[8];
	};

	struct ACL_ACE
	{
	DWORD dwFlags;
	DWORD dwMask;
	PSID psid;
	};


	// functions
	HRESULT DAPI AclCheckAccess(
	__in HANDLE hToken,
	__in ACL_ACCESS* paa
	);
	HRESULT DAPI AclCheckAdministratorAccess(
	__in HANDLE hToken
	);
	HRESULT DAPI AclCheckLocalSystemAccess(
	__in HANDLE hToken
	);

	HRESULT DAPI AclGetWellKnownSid(
	__in WELL_KNOWN_SID_TYPE wkst,
	__deref_out PSID* ppsid
	);
	HRESULT DAPI AclGetAccountSid(
	__in_opt LPCWSTR wzSystem,
	__in_z LPCWSTR wzAccount,
	__deref_out PSID* ppsid
	);
	HRESULT DAPI AclGetAccountSidString(
	__in_z LPCWSTR wzSystem,
	__in_z LPCWSTR wzAccount,
	__deref_out_z LPWSTR* ppwzSid
	);

	HRESULT DAPI AclCreateDacl(
	__in_ecount(cDeny) ACL_ACE rgaaDeny[],
	__in DWORD cDeny,
	__in_ecount(cAllow) ACL_ACE rgaaAllow[],
	__in DWORD cAllow,
	__deref_out ACL** ppAcl
	);
	HRESULT DAPI AclAddToDacl(
	__in ACL* pAcl,
	__in_ecount_opt(cDeny) const ACL_ACE rgaaDeny[],
	__in DWORD cDeny,
	__in_ecount_opt(cAllow) const ACL_ACE rgaaAllow[],
	__in DWORD cAllow,
	__deref_out ACL** ppAclNew
	);
	HRESULT DAPI AclMergeDacls(
	__in const ACL* pAcl1,
	__in const ACL* pAcl2,
	__deref_out ACL** ppAclNew
	);
	HRESULT DAPI AclCreateDaclOld(
	__in_ecount(cAclAccesses) ACL_ACCESS* paa,
	__in DWORD cAclAccesses,
	__deref_out ACL** ppAcl
	);
	HRESULT DAPI AclCreateSecurityDescriptor(
	__in_ecount(cAclAccesses) ACL_ACCESS* paa,
	__in DWORD cAclAccesses,
	__deref_out SECURITY_DESCRIPTOR** ppsd
	);
	HRESULT DAPI AclCreateSecurityDescriptorFromDacl(
	__in ACL* pACL,
	__deref_out SECURITY_DESCRIPTOR** ppsd
	);
	HRESULT __cdecl AclCreateSecurityDescriptorFromString(
	__deref_out SECURITY_DESCRIPTOR** ppsd,
	__in_z __format_string LPCWSTR wzSddlFormat,
	...
	);
	HRESULT DAPI AclDuplicateSecurityDescriptor(
	__in SECURITY_DESCRIPTOR* psd,
	__deref_out SECURITY_DESCRIPTOR** ppsd
	);
	HRESULT DAPI AclGetSecurityDescriptor(
	__in_z LPCWSTR wzObject,
	__in SE_OBJECT_TYPE sot,
	__deref_out SECURITY_DESCRIPTOR** ppsd
	);

	HRESULT DAPI AclFreeSid(
	__in PSID psid
	);
	HRESULT DAPI AclFreeDacl(
	__in ACL* pACL
	);
	HRESULT DAPI AclFreeSecurityDescriptor(
	__in SECURITY_DESCRIPTOR* psd
	);

	HRESULT DAPI AclAddAdminToSecurityDescriptor(
	__in SECURITY_DESCRIPTOR* pSecurity,
	__deref_out SECURITY_DESCRIPTOR** ppSecurityNew
	);
	#ifdef __cplusplus
	}
	#endif