 |
chsvlib
chsv helper source code
|
|
|
chsvlib
chsv helper source code
|
|
A namespace containing mechanisms simplifying working with Windows security APIs, such as security descriptors, access control lists, tokens, etc. More...
Classes | |
| struct | token_information_type_id |
| Determines a type of a representation of token information as specified by a value of the standard Windows TOKEN_INFORMATION_CLASS enumeration. More... | |
| struct | ace_type_id |
| A structure describing access-control type information defined by an access-control type identifier. More... | |
| struct | ace_type |
| A structure describing access-control type information. More... | |
| struct | ACE_INFO |
| A structure template defining either granting or denying access control entry for the discretionary access control list in a high-level way: by a principal name and by corresponding access control mask. More... | |
Typedefs | |
| typedef Chusov::Win32::Memory::AutoHandle< decltype(&CloseHandle), CloseHandle, Chusov::Win32::Memory::null_handle_value_t > | AutoToken |
| An alias for the type of smart Windows token handles. | |
| typedef std::unique_ptr< typename std::remove_pointer< PSID >::type, Chusov::Memory::raw_delete_t< typename std::remove_pointer< PSID >::type > > | AutoSID |
| An alias for a type of smart pointers to security identifiers described by the Windows SID type. | |
| typedef std::unique_ptr< typename std::remove_pointer< PACL >::type, Chusov::Memory::raw_delete_t< typename std::remove_pointer< PACL >::type > > | AutoACL |
| An alias for a type of smart PACL pointers to Windows access-control lists, such as a discretionary access-control lists, storing all the data in contiguous blocks of memory. | |
| typedef std::unique_ptr< typename std::remove_pointer< PSECURITY_DESCRIPTOR >::type, Chusov::Memory::raw_delete_t< typename std::remove_pointer< PSECURITY_DESCRIPTOR >::type > > | AutoSecurityDescriptor |
| An alias for the type of smart pointers to Windows security descriptors. | |
| template<TOKEN_INFORMATION_CLASS TokenInformationClass> | |
| using | token_information_type_id_t = typename token_information_type_id< TokenInformationClass >::type |
| An alias for the 'type' field of the token_information_type_id class. | |
| template<TOKEN_INFORMATION_CLASS TokenInformationClass> | |
| using | AutoTokenInformation = std::unique_ptr< token_information_type_id_t< TokenInformationClass >, Chusov::Memory::raw_delete_t< token_information_type_id_t< TokenInformationClass > >> |
| An alias for the type of smart pointers to Windows API structures used to hold information about a security token. A particular type of the token information, as well as the returned data type, are determined based on a value of the template parameter of the Windows TOKEN_INFORMATION_CLASS type. More... | |
| template<BYTE ACE_TYPE_ID> | |
| using | ace_type_id_t = typename ace_type_id< ACE_TYPE_ID >::type |
A type alias for the type member of the ace_type_id class template. More... | |
| template<BYTE ACE_TYPE_ID> | |
| using | AutoACE = std::unique_ptr< ace_type_id_t< ACE_TYPE_ID >, Chusov::Memory::raw_delete_t< ace_type_id_t< ACE_TYPE_ID > >> |
| A type alias for unique pointers to memory containing standard representation of an access control entry. The memory is supposed to be allocated using the standard ::operator new operator and thus will be freed using the ::operator delete. More... | |
| typedef AutoACE< ACCESS_ALLOWED_ACE_TYPE > | AutoAccessAllowedACE |
| An alias of a unique pointer to a native representation of access-allowed control entry. This is an alias of the AutoACE template instantiation. | |
| typedef AutoACE< ACCESS_DENIED_ACE_TYPE > | AutoAccessDeniedACE |
| An alias of a unique pointer to a native representation of access-denied control entry. This is an alias of the AutoACE template instantiation. | |
| template<class ACE_TYPE > | |
| using | ace_type_t = typename ace_type< ACE_TYPE >::type |
A type alias for the type member of the ace_type class template. More... | |
| typedef ACE_INFO< ACCESS_ALLOWED_ACE_TYPE > | ACCESS_ALLOWED_ACE_INFO |
| A type alias for a high-level representation of an access allowing ACE. See ACE_INFO for the details. | |
| typedef ACE_INFO< ACCESS_DENIED_ACE_TYPE > | ACCESS_DENIED_ACE_INFO |
| A type alias for high-level representation of an access denying ACE. See ACE_INFO for the details. | |
Enumerations | |
| enum class | sid_authority_t { SecurityNullSidAuthority , SecurityWorldSidAuthority , SecurityLocalSidAuthority , SecurityCreatorSidAuthority , SecurityNonUniqueAuthority , SecurityNTAuthority , SecurityResourceManagerAuthority } |
| Defines integral constants that correspond to predefined values of the SID_IDENTIFIER_AUTHORITY values. Since that constants predefined by Microsoft as C definitions over brace-initialization of the structure, current enumeration has been introduced in order to support template parametrization and passing the values as function parameters. More... | |
Functions | |
| AutoSID | GetSidByPrincipalName (LPCWSTR pszPrincipalName) |
| Returns a smart AutoSID pointer to a security identifier of a principal, specified by its name. More... | |
| AutoSID | GetSidByPrincipalName (LPCWSTR pszPrincipalName, std::nothrow_t) noexcept |
| Returns a smart AutoSID pointer to a security identifier of a principal, specified by its name. In case of an error this overloading version of the function returns a default-constructed smart pointer and sets a corresponding chsvlib error code rather than throwing an exception. More... | |
| bool | IsPrincipalNameValid (LPCWSTR pszPrincipalName) |
| template<class traits_t = std::char_traits<wchar_t>, class alloc_t = std::allocator<wchar_t>> | |
| std::basic_string< wchar_t, traits_t, alloc_t > | GetNameByPrincipalSid (PSID pPrincipalSid) |
| Returns a string describing domain and user names which correspond to the specified security identifier. More... | |
| bool | IsPrincipalSidValid (PSID pPrincipalSid) |
| Checks if the specified security identifier valid. More... | |
| AutoToken | GetCurrentImpersonationToken () |
| Returns a handle to an impersonation token of the calling thread. If the thread does not have one, the returned token is an impersonation token, retrieved from a primary token of the current process. More... | |
| std::unique_ptr< void, Chusov::Memory::raw_delete_t< void > > | GetTokenInformation (HANDLE hToken, TOKEN_INFORMATION_CLASS TokenInformationClass) |
| Allocates and fills a buffer with requested token information. More... | |
| template<TOKEN_INFORMATION_CLASS TokenInformationClass> | |
| AutoTokenInformation< TokenInformationClass > | GetTokenInformation (HANDLE hToken) |
| Returns a managed pointer to the specified token information. . More... | |
| AutoSID | GetTokenUser (HANDLE hToken) |
| Returns a Windows security identifier of a principal, described by the specified token. More... | |
| template<class traits_t = std::char_traits<wchar_t>, class alloc_t = std::allocator<wchar_t>> | |
| std::basic_string< wchar_t, traits_t, alloc_t > | GetTokenUserName (HANDLE hToken) |
| Returns a name of a principal described by the specified token. More... | |
| std::vector< AutoSID > | GetTokenGroups (HANDLE hToken) |
| Returns a vector of managed pointers to security identifiers of groups which a principal described by the specified access token belongs to. More... | |
| template<class traits_t = std::char_traits<wchar_t>, class string_alloc_t = std::allocator<wchar_t>, class vector_alloc_t = typename std::allocator_traits<string_alloc_t>:: template rebind_alloc<std::basic_string<wchar_t, traits_t, string_alloc_t>>::other> | |
| std::vector< std::basic_string< wchar_t, traits_t, string_alloc_t >, vector_alloc_t > | GetTokenGroupsNames (HANDLE hToken) |
| Returns a vector of names of groups, the specified token belongs to. More... | |
| DWORD | GetTokenGroupCount (HANDLE hToken) |
| Returns a number of groups in the specified access token. More... | |
| AutoSID | GetTokenGroup (HANDLE hToken, DWORD iGroupIndex) |
| Returns a security identifier of the group, specified by an index in the specified token. More... | |
| template<class traits_t = std::char_traits<wchar_t>, class alloc_t = std::allocator<wchar_t>> | |
| std::basic_string< wchar_t, traits_t, alloc_t > | GetTokenGroupName (HANDLE hToken, DWORD iGroupIndex) |
| Returns a name of a group at a specified index within records of groups the specified token belongs to. More... | |
| template<BYTE ACE_TYPE_ID> | |
| AutoACE< ACE_TYPE_ID > | CreateACE (PSID pSid, DWORD dwAccessMask) |
| Creates an access control entry to be used in an access control list. . More... | |
| template<BYTE ACE_TYPE_ID> | |
| AutoACE< ACE_TYPE_ID > | CreateACE (const ACE_INFO< ACE_TYPE_ID > &ace_info) |
| Creates an access control entry (ACE) to be used in a discretionary access control list, by a high-level definition of the ACE. . More... | |
| AutoAccessAllowedACE | CreateAccessAllowedACE (PSID pSid, DWORD dwAccessMask) |
| A wrap over the CreateACE<ACCESS_ALLOWED_ACE_TYPE>(PSID pSid, DWORD dwAccessMask) template specialization, that creates an access-allowed ACE by the given principal specified as a native security identifier and a corresponding combination (bit mask) of Windows API access control values. . More... | |
| AutoAccessDeniedACE | CreateAccessDeniedACE (PSID pSid, DWORD dwAccessMask) |
| A wrap over the CreateACE<ACCESS_ALLOWED_ACE_TYPE>(PSID pSid, DWORD dwAccessMask) template specialization, that creates an access-denied ACE by the given principal specified as a native security identifier and a corresponding combination (bit mask) of Windows API access control values. . More... | |
| AutoAccessAllowedACE | CreateAccessAllowedACE (const ACCESS_ALLOWED_ACE_INFO &ace_info) |
| A wrap over the CreateACE(const ACE_INFO<ACCESS_ALLOWED_ACE_TYPE>&) function creating an access access-allowed control entry (ACE) to be used in a discretionary access control list, from a high-level definition of the ACE. . More... | |
| AutoAccessDeniedACE | CreateAccessDeniedACE (const ACCESS_DENIED_ACE_INFO &ace_info) |
| A wrap over the CreateACE(const ACE_INFO<ACCESS_ALLOWED_ACE_TYPE>&) function creating an access access-denied control entry (ACE) to be used in a discretionary access control list, from a high-level definition of the ACE. . More... | |
| template<class AllowedInputIterator , class DeniedInputIterator > | |
| AutoACL | CreateDACL (AllowedInputIterator itAccessAllowedACEsBegin, AllowedInputIterator itAccessAllowedACEsEnd, DeniedInputIterator itAccessDeniedACEsBegin, DeniedInputIterator itAccessDeniedACEsEnd, DWORD dwAclRevision=ACL_REVISION) |
| Creates a discretionary access control list (DACL) from two sequences of access-allowed and access-denied access control entries. Each sequence is given as a range with inclusive start position and exclusive ending one. More... | |
| template<class allowed_ace_container_t , class denied_ace_container_t > | |
| AutoACL | CreateDACL (const allowed_ace_container_t &refAccessAllowedACEs, const denied_ace_container_t &refAccessDeniedACEs, DWORD dwAclRevision=ACL_REVISION) |
| Creates a discretionary access control list (DACL) from two sequences of access-allowed and access-denied access control entries represented as C++ containers. More... | |
| AutoACL | CreateDACL (std::initializer_list< ACCESS_ALLOWED_ACE_INFO > lstAllowed, std::initializer_list< ACCESS_DENIED_ACE_INFO > lstDenied, DWORD dwAclRevision=ACL_REVISION) |
| Allocates and returns a managed pointer to a discretionary access control list (DACL), created from access control entries (ACEs), passed to the function within initializer list parameters. Each ACE is specified only by a string of a principal name, possibly with a corresponding domain name, and by a respective access control mask, as defined by the ACE_INFO class template. If both ACE storages are empty, the function returns a "prohibit anyone from anything" empty DACL. . More... | |
| AutoSecurityDescriptor | CreateSecurityDescriptor (PSID pOwner, PSID pGroup, PACL pDacl) |
| Allocates and initializes a self-relative security descriptor with the specified owner and group, identified by security identifiers (SID), and with a discretionary access control list (DACL). Each of these elements of the created security descriptor are optional. More... | |
| template<class AllowedInputIterator , class DeniedInputIterator > | |
| AutoSecurityDescriptor | CreateSecurityDescriptor (LPCWSTR pszOwnerName, LPCWSTR pszGroupName, AllowedInputIterator itAllowedBegin, AllowedInputIterator itAllowedEnd, DeniedInputIterator itDeniedBegin, DeniedInputIterator itDeniedEnd) |
| Allocates and constructs a self-relative security descriptor from its three components: an owner, a group and a discretionary access control list (DACL). The owner and the group are specified by respective principal names with optional domain names, which the principals belong to. The DACL is passed to the function as half-intervals, specified by two pairs of input iterators within two containers of ACCESS_ALLOWED_ACE_INFO objects and of ACCESS_DENIED_ACE_INFO objects, that respectively specify access-allowed and access-denied access control entries (ACE) to be included into the created security descriptor. More... | |
| template<class allowed_ace_container_t , class denied_ace_container_t > | |
| AutoSecurityDescriptor | CreateSecurityDescriptor (LPCWSTR pszOwnerName, LPCWSTR pszGroupName, const allowed_ace_container_t &refAccessAllowedACEs, const denied_ace_container_t &refAccessDeniedACEs) |
| Allocates and constructs a self-relative security descriptor from its three components: an owner, a group and a discretionary access control list (DACL). The owner and the group are specified by respective principal names with optional domain names, which the principals belong to. The DACL is passed to the function as a pair of sets of access-allowed and access-denied access control entries (ACEs) within two corresponding containers of ACCESS_ALLOWED_ACE_INFO objects and of ACCESS_DENIED_ACE_INFO objects. More... | |
| AutoSecurityDescriptor | CreateSecurityDescriptor (LPCWSTR pszOwnerName, LPCWSTR pszGroupName, std::initializer_list< ACCESS_ALLOWED_ACE_INFO > lstAccessAllowedACEs, std::initializer_list< ACCESS_DENIED_ACE_INFO > lstAccessDeniedACEs) |
| Allocates and constructs a self-relative security descriptor from its three components: an owner name, a group name and a discretionary access control list (DACL) represented as two initializer lists of access-allowed and access-denied access control entries (ACEs). The owner and the group are specified by respective principal names with optional domain names, which the principals belong to. The access-allowed and access-denied ACEs are specified in the ACCESS_ALLOWED_ACE_INFO and of ACCESS_DENIED_ACE_INFO formats respectively. More... | |
| AutoSecurityDescriptor | GetFileSecurityDescriptor (HANDLE hFile, DWORD dwSecurityInformation) |
| Returns a self-relative security descriptor of a file specified by a handle. More... | |
| AutoSecurityDescriptor | GetFileSecurityDescriptor (LPCWSTR lpszFileName, DWORD dwSecurityInformation) |
| Returns a self-relative security descriptor of a file specified by its name. More... | |
| BOOL | CheckFileAccessBySecurityDescriptor (PSECURITY_DESCRIPTOR pFileSD, DWORD dwAccessMask) |
| Checks if a specified security descriptor of a file allows a specified access. More... | |
| BOOL | CheckFileAccess (HANDLE hFile, DWORD dwAccessMask) |
| Checks if a current user's access to a file handle is allowed by security attributes of the handle. More... | |
| BOOL | CheckFileAccess (LPCWSTR lpszFileName, DWORD dwAccessMask) |
| Checks if a current user's access to a file, which is specified by its name, is allowed by security attributes of the file. More... | |
| AutoSID | GetWellKnownSid (sid_authority_t authority_id, DWORD dwSubAuthority0, DWORD dwSubAuthority1, DWORD dwSubAuthority2, DWORD dwSubAuthority3, DWORD dwSubAuthority4, DWORD dwSubAuthority5, DWORD dwSubAuthority6, DWORD dwSubAuthority7) |
| A wrapper over the Windows API AllocateAndInitializeSid function used to create well-known security identifiers. More... | |
| AutoSID | GetWellKnownSid (sid_authority_t authority_id, DWORD dwSubAuthority0, DWORD dwSubAuthority1, DWORD dwSubAuthority2, DWORD dwSubAuthority3, DWORD dwSubAuthority4, DWORD dwSubAuthority5, DWORD dwSubAuthority6) |
| A wrapper over the Windows API AllocateAndInitializeSid function used to create well-known security identifiers. More... | |
| AutoSID | GetWellKnownSid (sid_authority_t authority_id, DWORD dwSubAuthority0, DWORD dwSubAuthority1, DWORD dwSubAuthority2, DWORD dwSubAuthority3, DWORD dwSubAuthority4, DWORD dwSubAuthority5) |
| A wrapper over the Windows API AllocateAndInitializeSid function used to create well-known security identifiers. More... | |
| AutoSID | GetWellKnownSid (sid_authority_t authority_id, DWORD dwSubAuthority0, DWORD dwSubAuthority1, DWORD dwSubAuthority2, DWORD dwSubAuthority3, DWORD dwSubAuthority4) |
| A wrapper over the Windows API AllocateAndInitializeSid function used to create well-known security identifiers. More... | |
| AutoSID | GetWellKnownSid (sid_authority_t authority_id, DWORD dwSubAuthority0, DWORD dwSubAuthority1, DWORD dwSubAuthority2, DWORD dwSubAuthority3) |
| A wrapper over the Windows API AllocateAndInitializeSid function used to create well-known security identifiers. More... | |
| AutoSID | GetWellKnownSid (sid_authority_t authority_id, DWORD dwSubAuthority0, DWORD dwSubAuthority1, DWORD dwSubAuthority2) |
| A wrapper over the Windows API AllocateAndInitializeSid function used to create well-known security identifiers. More... | |
| AutoSID | GetWellKnownSid (sid_authority_t authority_id, DWORD dwSubAuthority0, DWORD dwSubAuthority1) |
| A wrapper over the Windows API AllocateAndInitializeSid function used to create well-known security identifiers. More... | |
| AutoSID | GetWellKnownSid (sid_authority_t authority_id, DWORD dwSubAuthority0) |
| A wrapper over the Windows API AllocateAndInitializeSid function used to create well-known security identifiers. More... | |
| AutoSID | GetWellKnownSid (WELL_KNOWN_SID_TYPE type, PSID pDomainSid=NULL) |
| Creates a well-known Windows security-identifier, possibly with a relation to the specified domain, and with respect to the values of the WELL_KNOWN_SID_TYPE enumeration. More... | |
A namespace containing mechanisms simplifying working with Windows security APIs, such as security descriptors, access control lists, tokens, etc.
1.9.1