📄 jwaaccctrl.pas
字号:
{******************************************************************************}
{ }
{ Access Control API interface Unit for Object Pascal }
{ }
{ Portions created by Microsoft are Copyright (C) 1995-2001 Microsoft }
{ Corporation. All Rights Reserved. }
{ }
{ The original file is: accctrl.h, released June 2000. The original Pascal }
{ code is: AccCtrl.pas, released December 2000. The initial developer of the }
{ Pascal code is Marcel van Brakel (brakelm@chello.nl). }
{ }
{ Portions created by Marcel van Brakel are Copyright (C) 1999-2001 }
{ Marcel van Brakel. All Rights Reserved. }
{ }
{ Obtained through: Joint Endeavour of Delphi Innovators (Project JEDI) }
{ }
{ You may retrieve the latest version of this file at the Project JEDI home }
{ page, located at http://delphi-jedi.org or my personal homepage located at }
{ http://members.chello.nl/m.vanbrakel2 }
{ }
{ The contents of this file are used with permission, subject to the Mozilla }
{ Public License Version 1.1 (the "License"); you may not use this file except }
{ in compliance with the License. You may obtain a copy of the License at }
{ http://www.mozilla.org/MPL/MPL-1.1.html }
{ }
{ Software distributed under the License is distributed on an "AS IS" basis, }
{ WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for }
{ the specific language governing rights and limitations under the License. }
{ }
{ Alternatively, the contents of this file may be used under the terms of the }
{ GNU Lesser General Public License (the "LGPL License"), in which case the }
{ provisions of the LGPL License are applicable instead of those above. }
{ If you wish to allow use of your version of this file only under the terms }
{ of the LGPL License and not to allow others to use your version of this file }
{ under the MPL, indicate your decision by deleting the provisions above and }
{ replace them with the notice and other provisions required by the LGPL }
{ License. If you do not delete the provisions above, a recipient may use }
{ your version of this file under either the MPL or the LGPL License. }
{ }
{ For more information about the LGPL: http://www.gnu.org/copyleft/lesser.html }
{ }
{******************************************************************************}
unit JwaAccCtrl;
{$WEAKPACKAGEUNIT}
{$HPPEMIT ''}
{$HPPEMIT '#include "aclapi.h"'}
{$HPPEMIT ''}
{$HPPEMIT 'typedef PTRUSTEE_A *PPTRUSTEE_A'}
{$HPPEMIT 'typedef PTRUSTEE_W *PPTRUSTEE_W'}
{$HPPEMIT '#ifdef UNICODE'}
{$HPPEMIT 'typedef PPTRUSTEE_W PPTRUSTEE'}
{$HPPEMIT '#else'}
{$HPPEMIT 'typedef PPTRUSTEE_A PPTRUSTEE'}
{$HPPEMIT '#endif'}
{$HPPEMIT ''}
{$I WINDEFINES.INC}
interface
uses
JwaWinNT, JwaWinType;
(* Dependencies
// winnt
PSID
//wintype
HLOCAL
DWORD
GUID
LPSTR
LPWSTR
ULONG
PVOID
HANDLE
BOOL
LONG
*)
function AccFree(hMem: HLOCAL): HLOCAL;
{$EXTERNALSYM AccFree}
//
// Definition:
// This enumerated type defines the objects supported by the get/set API within
// this document. See section 3.1, Object Types for a detailed definition of the
// supported object types, and their name formats.
//
type
_SE_OBJECT_TYPE = (
SE_UNKNOWN_OBJECT_TYPE,
SE_FILE_OBJECT,
SE_SERVICE,
SE_PRINTER,
SE_REGISTRY_KEY,
SE_LMSHARE,
SE_KERNEL_OBJECT,
SE_WINDOW_OBJECT,
SE_DS_OBJECT,
SE_DS_OBJECT_ALL,
SE_PROVIDER_DEFINED_OBJECT,
SE_WMIGUID_OBJECT,
SE_REGISTRY_WOW64_32KEY);
{$EXTERNALSYM _SE_OBJECT_TYPE}
SE_OBJECT_TYPE = _SE_OBJECT_TYPE;
{$EXTERNALSYM SE_OBJECT_TYPE}
TSeObjectType = SE_OBJECT_TYPE;
//
// Definition: TRUSTEE_TYPE
// This enumerated type specifies the type of trustee account for the trustee
// returned by the API described in this document.
// TRUSTEE_IS_UNKNOWN - The trustee is an unknown, but not necessarily invalid
// type. This field is not validated on input to the APIs
// that take Trustees.
// TRUSTEE_IS_USER The trustee account is a user account.
// TRUSTEE_IS_GROUP The trustee account is a group account.
//
_TRUSTEE_TYPE = (
TRUSTEE_IS_UNKNOWN,
TRUSTEE_IS_USER,
TRUSTEE_IS_GROUP,
TRUSTEE_IS_DOMAIN,
TRUSTEE_IS_ALIAS,
TRUSTEE_IS_WELL_KNOWN_GROUP,
TRUSTEE_IS_DELETED,
TRUSTEE_IS_INVALID,
TRUSTEE_IS_COMPUTER);
{$EXTERNALSYM _TRUSTEE_TYPE}
TRUSTEE_TYPE = _TRUSTEE_TYPE;
{$EXTERNALSYM TRUSTEE_TYPE}
TTrusteeType = TRUSTEE_TYPE;
//
// Definition: TRUSTEE_FORM
// This enumerated type specifies the form the trustee identifier is in for a
// particular trustee.
// TRUSTEE_IS_SID The trustee is identified with a SID rather than with a name.
// TRUSTEE_IS_NAME The trustee is identified with a name.
//
_TRUSTEE_FORM = (
TRUSTEE_IS_SID,
TRUSTEE_IS_NAME,
TRUSTEE_BAD_FORM,
TRUSTEE_IS_OBJECTS_AND_SID,
TRUSTEE_IS_OBJECTS_AND_NAME);
{$EXTERNALSYM _TRUSTEE_FORM}
TRUSTEE_FORM = _TRUSTEE_FORM;
{$EXTERNALSYM TRUSTEE_FORM}
TTrusteeForm = TRUSTEE_FORM;
//
// Definition: MULTIPLE_TRUSTEE_OPERATION
// If the trustee is a multiple trustee, this enumerated type specifies the type.
// TRUSTEE_IS_IMPERSONATE The trustee is an impersonate trustee and the multiple
// trustee field in the trustee points to another trustee
// that is a trustee for the server that will be doing the
// impersonation.
//
_MULTIPLE_TRUSTEE_OPERATION = (NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_IMPERSONATE);
{$EXTERNALSYM _MULTIPLE_TRUSTEE_OPERATION}
MULTIPLE_TRUSTEE_OPERATION = _MULTIPLE_TRUSTEE_OPERATION;
{$EXTERNALSYM MULTIPLE_TRUSTEE_OPERATION}
TMultipleTrusteeOperation = MULTIPLE_TRUSTEE_OPERATION;
POBJECTS_AND_SID = ^OBJECTS_AND_SID;
{$EXTERNALSYM POBJECTS_AND_SID}
_OBJECTS_AND_SID = packed record
ObjectsPresent: DWORD;
ObjectTypeGuid: GUID;
InheritedObjectTypeGuid: GUID;
pSid: PSID;
end;
{$EXTERNALSYM _OBJECTS_AND_SID}
OBJECTS_AND_SID = _OBJECTS_AND_SID;
{$EXTERNALSYM OBJECTS_AND_SID}
TObjectsAndSid = OBJECTS_AND_SID;
PObjectsAndSid = POBJECTS_AND_SID;
POBJECTS_AND_NAME_A = ^OBJECTS_AND_NAME_A;
{$EXTERNALSYM POBJECTS_AND_NAME_A}
_OBJECTS_AND_NAME_A = packed record
ObjectsPresent: DWORD;
ObjectType: SE_OBJECT_TYPE;
ObjectTypeName: LPSTR;
InheritedObjectTypeName: LPSTR;
ptstrName: LPSTR;
end;
{$EXTERNALSYM _OBJECTS_AND_NAME_A}
OBJECTS_AND_NAME_A = _OBJECTS_AND_NAME_A;
{$EXTERNALSYM OBJECTS_AND_NAME_A}
TObjectsAndNameA = OBJECTS_AND_NAME_A;
PObjectsAndNameA = POBJECTS_AND_NAME_A;
POBJECTS_AND_NAME_W = ^OBJECTS_AND_NAME_W;
{$EXTERNALSYM POBJECTS_AND_NAME_W}
_OBJECTS_AND_NAME_W = packed record
ObjectsPresent: DWORD;
ObjectType: SE_OBJECT_TYPE;
ObjectTypeName: LPWSTR;
InheritedObjectTypeName: LPWSTR;
ptstrName: LPWSTR;
end;
{$EXTERNALSYM _OBJECTS_AND_NAME_W}
OBJECTS_AND_NAME_W = _OBJECTS_AND_NAME_W;
{$EXTERNALSYM OBJECTS_AND_NAME_W}
TObjectsAndNameW = OBJECTS_AND_NAME_W;
PObjectsAndNameW = POBJECTS_AND_NAME_W;
{$IFDEF UNICODE}
OBJECTS_AND_NAME_ = OBJECTS_AND_NAME_W;
{$EXTERNALSYM OBJECTS_AND_NAME_}
POBJECTS_AND_NAME_ = POBJECTS_AND_NAME_W;
{$EXTERNALSYM POBJECTS_AND_NAME_}
TObjectsAndName = TObjectsAndNameW;
PObjectsAndName = PObjectsAndNameW;
{$ELSE}
OBJECTS_AND_NAME_ = OBJECTS_AND_NAME_A;
{$EXTERNALSYM OBJECTS_AND_NAME_}
POBJECTS_AND_NAME_ = POBJECTS_AND_NAME_A;
{$EXTERNALSYM POBJECTS_AND_NAME_}
TObjectsAndName = TObjectsAndNameA;
PObjectsAndName = PObjectsAndNameA;
{$ENDIF}
//
// Definition: TRUSTEE
// This structure is used to pass account information into and out of the system
// using the API defined in this document.
// PMultipleTrustee - if NON-NULL, points to another trustee structure, as
// defined by the multiple trustee operation field.
// MultipleTrusteeOperation - Defines the multiple trustee operation/type.
// TrusteeForm - defines if the trustee is defined by name or SID.
// TrusteeType - defines if the trustee type is unknown, a user or a group.
// PwcsName - points to the trustee name or the trustee SID.
//
PTRUSTEE_A = ^TRUSTEE_A;
{$EXTERNALSYM PTRUSTEE_A}
_TRUSTEE_A = packed record
pMultipleTrustee: PTRUSTEE_A;
MultipleTrusteeOperation: MULTIPLE_TRUSTEE_OPERATION;
TrusteeForm: TRUSTEE_FORM;
TrusteeType: TRUSTEE_TYPE;
ptstrName: LPSTR;
end;
{$EXTERNALSYM _TRUSTEE_A}
TRUSTEE_A = _TRUSTEE_A;
{$EXTERNALSYM TRUSTEE_A}
TRUSTEEA = TRUSTEE_A;
{$EXTERNALSYM PTRUSTEEA}
PPTRUSTEE_A = ^PTRUSTEE_A;
{$NODEFINE PPTRUSTEE_A}
TTrusteeA = TRUSTEE_A;
PTrusteeA = PTRUSTEE_A;
PTRUSTEE_W = ^TRUSTEE_W;
{$EXTERNALSYM PTRUSTEE_W}
_TRUSTEE_W = packed record
pMultipleTrustee: PTRUSTEE_W;
MultipleTrusteeOperation: MULTIPLE_TRUSTEE_OPERATION;
TrusteeForm: TRUSTEE_FORM;
TrusteeType: TRUSTEE_TYPE;
ptstrName: LPWSTR;
end;
{$EXTERNALSYM _TRUSTEE_W}
TRUSTEE_W = _TRUSTEE_W;
{$EXTERNALSYM TRUSTEE_W}
TRUSTEEW = TRUSTEE_W;
{$EXTERNALSYM TRUSTEEW}
PPTRUSTEE_W = ^PTRUSTEE_W;
{$NODEFINE PPTRUSTEE_W}
TTrusteeW = TRUSTEE_W;
PTrusteeW = PTRUSTEE_W;
{$IFDEF UNICODE}
TRUSTEE_ = TRUSTEE_W;
{$EXTERNALSYM TRUSTEE_}
PTRUSTEE_ = PTRUSTEE_W;
{$EXTERNALSYM PTRUSTEE_}
TRUSTEE = TRUSTEEW;
{$EXTERNALSYM TRUSTEE}
PPTRUSTEE = ^PPTRUSTEE_W;
{$NODEFINE PPTRUSTEE}
TTrustee = TTrusteeW;
PTrustee = PTrusteeW;
{$ELSE}
TRUSTEE_ = TRUSTEE_A;
{$EXTERNALSYM TRUSTEE_}
PTRUSTEE_ = PTRUSTEE_A;
{$EXTERNALSYM PTRUSTEE_}
TRUSTEE = TRUSTEEA;
{$EXTERNALSYM TRUSTEE}
PPTRUSTEE = ^PPTRUSTEE_A;
{$NODEFINE PPTRUSTEE}
TTrustee = TTrusteeA;
PTrustee = PTrusteeA;
{$ENDIF}
//
// Definition: ACCESS_MODE
// This enumerated type specifies how permissions are (requested)/to be applied
// for the trustee by the access control entry. On input this field can by any
// of the values, although it is not meaningful to mix access control and audit
// control entries. On output this field will be either SET_ACCESS, DENY_ACCESS,
// SET_AUDIT_SUCCESS, SET_AUDIT_FAILURE.
// The following descriptions define how this type effects an explicit access
// request to apply access permissions to an object.
// GRANT_ACCESS - The trustee will have at least the requested permissions upon
// successful completion of the command. (If the trustee has
// additional permissions they will not be removed).
// SET_ACCESS - The trustee will have exactly the requested permissions upon
// successful completion of the command.
// DENY_ACCESS - The trustee will be denied the specified permissions.
// REVOKE_ACCESS - Any explicit access rights the trustee has will be revoked.
// SET_AUDIT_SUCCESS - The trustee will be audited for successful opens of the
// object using the requested permissions.
// SET_AUDIT_FAILURE - The trustee will be audited for failed opens of the object
// using the requested permissions.
//
_ACCESS_MODE = (
NOT_USED_ACCESS,
GRANT_ACCESS,
SET_ACCESS,
DENY_ACCESS,
REVOKE_ACCESS,
SET_AUDIT_SUCCESS,
SET_AUDIT_FAILURE);
{$EXTERNALSYM _ACCESS_MODE}
ACCESS_MODE = _ACCESS_MODE;
{$EXTERNALSYM ACCESS_MODE}
TAccessMode = _ACCESS_MODE;
//
// Definition: Inheritance flags
// These bit masks are provided to allow simple application of inheritance in
// explicit access requests on containers.
// NO_INHERITANCE The specific access permissions will only be applied to
// the container, and will not be inherited by objects created
// within the container.
// SUB_CONTAINERS_ONLY_INHERIT The specific access permissions will be inherited
// and applied to sub containers created within the
// container, and will be applied to the container
// itself.
// SUB_OBJECTS_ONLY_INHERIT The specific access permissions will only be inherited
// by objects created within the specific container.
// The access permissions will not be applied to the
// container itself.
// SUB_CONTAINERS_AND_OBJECTS_INHERIT The specific access permissions will be
// inherited by containers created within the
// specific container, will be applied to
// objects created within the container, but
// will not be applied to the container itself.
//
const
NO_INHERITANCE = $0;
{$EXTERNALSYM NO_INHERITANCE}
SUB_OBJECTS_ONLY_INHERIT = $1;
{$EXTERNALSYM SUB_OBJECTS_ONLY_INHERIT}
SUB_CONTAINERS_ONLY_INHERIT = $2;
{$EXTERNALSYM SUB_CONTAINERS_ONLY_INHERIT}
SUB_CONTAINERS_AND_OBJECTS_INHERIT = $3;
{$EXTERNALSYM SUB_CONTAINERS_AND_OBJECTS_INHERIT}
INHERIT_NO_PROPAGATE = $4;
{$EXTERNALSYM INHERIT_NO_PROPAGATE}
INHERIT_ONLY = $8;
{$EXTERNALSYM INHERIT_ONLY}
//
// Informational bit that is returned
//
INHERITED_ACCESS_ENTRY = $10;
{$EXTERNALSYM INHERITED_ACCESS_ENTRY}
//
// Informational bit that tells where a node was inherited from. Valid only
// for NT 5 APIs
//
INHERITED_PARENT = $10000000;
{$EXTERNALSYM INHERITED_PARENT}
INHERITED_GRANDPARENT = $20000000;
{$EXTERNALSYM INHERITED_GRANDPARENT}
//
// Definition: EXPLICIT_ACCESS
// This structure is used to pass access control entry information into and out
// of the system using the API defined in this document.
// grfAccessPermissions - This contains the access permissions to assign for the
// trustee. It is in the form of an NT access mask.
// grfAccessMode - This field defines how the permissions are to be applied for
// the trustee.
// grfInheritance - For containers, this field defines how the access control
// entry is/(is requested) to be inherited on
// objects/sub-containers created within the container.
// Trustee - This field contains the definition of the trustee account the
// explicit access applies to.
//
type
PEXPLICIT_ACCESS_A = ^EXPLICIT_ACCESS_A;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -