Bewerken

Delen via


CPrivateObjectSecurityDesc Class

This class represents a private object security descriptor object.

Syntax

class CPrivateObjectSecurityDesc : public CSecurityDesc

Members

Public Constructors

Name Description
CPrivateObjectSecurityDesc::CPrivateObjectSecurityDesc The constructor.
CPrivateObjectSecurityDesc::~CPrivateObjectSecurityDesc The destructor.

Public Methods

Name Description
CPrivateObjectSecurityDesc::ConvertToAutoInherit Call this method to convert a security descriptor and its access-control lists (ACLs) to a format that supports automatic propagation of inheritable access-control entries (ACEs).
CPrivateObjectSecurityDesc::Create Call this method to allocate and initialize a self-relative security descriptor for the private object created by the calling resource manager.
CPrivateObjectSecurityDesc::Get Call this method to retrieve information from a private object's security descriptor.
CPrivateObjectSecurityDesc::Set Call this method to modify a private object's security descriptor.

Operators

Operator Description
operator = Assignment operator.

Remarks

This class, derived from CSecurityDesc, provides methods for creating and managing the security descriptor of a private object.

For an introduction to the access control model in Windows, see Access Control in the Windows SDK.

Inheritance Hierarchy

CSecurityDesc

CPrivateObjectSecurityDesc

Requirements

Header: atlsecurity.h

CPrivateObjectSecurityDesc::ConvertToAutoInherit

Call this method to convert a security descriptor and its access-control lists (ACLs) to a format that supports automatic propagation of inheritable access-control entries (ACEs).

bool ConvertToAutoInherit(
    const CSecurityDesc* pParent,
    GUID* ObjectType,
    bool bIsDirectoryObject,
    PGENERIC_MAPPING GenericMapping) throw();

Parameters

pParent
Pointer to a CSecurityDesc object referencing the parent container of the object. If there is no parent container, this parameter is NULL.

ObjectType
Pointer to a GUID structure that identifies the type of object associated with the current object. Set ObjectType to NULL if the object does not have a GUID.

bIsDirectoryObject
Specifies whether the new object can contain other objects. A value of true indicates that the new object is a container. A value of false indicates that the new object is not a container.

GenericMapping
Pointer to a GENERIC_MAPPING structure that specifies the mapping from each generic right to specific rights for the object.

Return Value

Returns true on success, false on failure.

Remarks

This method attempts to determine whether the ACEs in the discretionary access-control list (DACL) and system access-control list (SACL) of the current security descriptor were inherited from the parent security descriptor. It calls the ConvertToAutoInheritPrivateObjectSecurity function.

CPrivateObjectSecurityDesc::CPrivateObjectSecurityDesc

The constructor.

CPrivateObjectSecurityDesc() throw();

Remarks

Initializes the CPrivateObjectSecurityDesc object.

CPrivateObjectSecurityDesc::~CPrivateObjectSecurityDesc

The destructor.

~CPrivateObjectSecurityDesc() throw();

Remarks

The destructor frees all allocated resources and deletes the private object's security descriptor.

CPrivateObjectSecurityDesc::Create

Call this method to allocate and initialize a self-relative security descriptor for the private object created by the calling resource manager.

bool Create(
    const CSecurityDesc* pParent,
    const CSecurityDesc* pCreator,
    bool bIsDirectoryObject,
    const CAccessToken& Token,
    PGENERIC_MAPPING GenericMapping) throw();

bool Create(
    const CSecurityDesc* pParent,
    const CSecurityDesc* pCreator,
    GUID* ObjectType,
    bool bIsContainerObject,
    ULONG AutoInheritFlags,
    const CAccessToken& Token,
    PGENERIC_MAPPING GenericMapping) throw();

Parameters

pParent
Pointer to a CSecurityDesc object referencing the parent directory in which a new object is being created. Set to NULL if there is no parent directory.

pCreator
Pointer to a security descriptor provided by the creator of the object. If the object's creator does not explicitly pass security information for the new object, set this parameter to NULL.

bIsDirectoryObject
Specifies whether the new object can contain other objects. A value of true indicates that the new object is a container. A value of false indicates that the new object is not a container.

Token
Reference to the CAccessToken object for the client process on whose behalf the object is being created.

GenericMapping
Pointer to a GENERIC_MAPPING structure that specifies the mapping from each generic right to specific rights for the object.

ObjectType
Pointer to a GUID structure that identifies the type of object associated with the current object. Set ObjectType to NULL if the object does not have a GUID.

bIsContainerObject
Specifies whether the new object can contain other objects. A value of true indicates that the new object is a container. A value of false indicates that the new object is not a container.

AutoInheritFlags
A set of bit flags that control how access-control entries (ACEs) are inherited from pParent. See CreatePrivateObjectSecurityEx for more details.

Return Value

Returns true on success, false on failure.

Remarks

This method calls CreatePrivateObjectSercurity or CreatePrivateObjectSecurityEx.

The second method permits specifying the object type GUID of the new object or controlling how ACEs are inherited.

Note

A self-relative security descriptor is a security descriptor that stores all of its security information in a contiguous block of memory.

CPrivateObjectSecurityDesc::Get

Call this method to retrieve information from a private object's security descriptor.

bool Get(
    SECURITY_INFORMATION si,
    CSecurityDesc* pResult) const throw();

Parameters

si
A set of bit flags that indicate the parts of the security descriptor to retrieve. This value can be a combination of the SECURITY_INFORMATION bit flags.

pResult
Pointer to a CSecurityDesc object that receives a copy of the requested information from the specified security descriptor.

Return Value

Returns true on success, false on failure.

Remarks

The security descriptor is a structure and associated data that contains the security information for a securable object.

CPrivateObjectSecurityDesc::operator =

Assignment operator.

CPrivateObjectSecurityDesc& operator= (const CPrivateObjectSecurityDesc& rhs) throw(...);

Parameters

rhs
The CPrivateObjectSecurityDesc object to assign to the current object.

Return Value

Returns the updated CPrivateObjectSecurityDesc object.

CPrivateObjectSecurityDesc::Set

Call this method to modify a private object's security descriptor.

bool Set(
    SECURITY_INFORMATION si,
    const CSecurityDesc& Modification,
    PGENERIC_MAPPING GenericMapping,
    const CAccessToken& Token) throw();

bool Set(
    SECURITY_INFORMATION si,
    const CSecurityDesc& Modification,
    ULONG AutoInheritFlags,
    PGENERIC_MAPPING GenericMapping,
    const CAccessToken& Token) throw();

Parameters

si
A set of bit flags that indicate the parts of the security descriptor to set. This value can be a combination of the SECURITY_INFORMATION bit flags.

Modification
Pointer to a CSecurityDesc object. The parts of this security descriptor indicated by the si parameter are applied to the object's security descriptor.

GenericMapping
Pointer to a GENERIC_MAPPING structure that specifies the mapping from each generic right to specific rights for the object.

Token
Reference to the CAccessToken object for the client process on whose behalf the object is being created.

AutoInheritFlags
A set of bit flags that control how access-control entries (ACEs) are inherited from pParent. See CreatePrivateObjectSecurityEx for more details.

Return Value

Returns true on success, false on failure.

Remarks

The second method permits specifying the object type GUID of the object or controlling how ACEs are inherited.

See also

SECURITY_DESCRIPTOR
Class Overview
Security Global Functions
CSecurityDesc Class