Unit Security
Return to Unit Reference
Contents
[hide]Description
Ultibo Security interface unit
This unit implements the security support for Ultibo.
Constants
ANYSIZE_*
Type definitions
SID identifier authority
SID_IDENTIFIER_AUTHORITY = _SID_IDENTIFIER_AUTHORITY;
TSidIdentifierAuthority = SID_IDENTIFIER_AUTHORITY;
PSidIdentifierAuthority = PSID_IDENTIFIER_AUTHORITY;
PSID_IDENTIFIER_AUTHORITY = ^SID_IDENTIFIER_AUTHORITY;
_SID_IDENTIFIER_AUTHORITY = record
SID types
Signed types
BOOL = LongBool;
|
Unsigned types
UCHAR = Byte;
|
Pointer types
PUCHAR = ^Byte;
|
GUID types
GUID = TGUID;
|
SID name use
_SID_NAME_USE = DWORD;
|
|
SID_NAME_USE = _SID_NAME_USE;
|
|
PSID_NAME_USE = ^SID_NAME_USE;
|
|
TSidNameUse = SID_NAME_USE;
|
|
PSidNameUse = PSID_NAME_USE;
|
SID and attributes
SID_AND_ATTRIBUTES = _SID_AND_ATTRIBUTES;
TSidAndAttributes = SID_AND_ATTRIBUTES;
PSidAndAttributes = PSID_AND_ATTRIBUTES;
PSID_AND_ATTRIBUTES = ^SID_AND_ATTRIBUTES;
_SID_AND_ATTRIBUTES = record
SID and attributes array
SID_AND_ATTRIBUTES_ARRAY = array [0..ANYSIZE_ARRAY - 1] of SID_AND_ATTRIBUTES;
|
|
PSID_AND_ATTRIBUTES_ARRAY = ^SID_AND_ATTRIBUTES_ARRAY;
|
|
PSidAndAttributesArray = ^TSidAndAttributesArray;
|
|
TSidAndAttributesArray = SID_AND_ATTRIBUTES_ARRAY;
|
ACL
ACL information class
_ACL_INFORMATION_CLASS = DWORD;
|
|
ACL_INFORMATION_CLASS = _ACL_INFORMATION_CLASS;
|
|
TAclInformationClass = ACL_INFORMATION_CLASS;
|
ACL revision information
ACL_REVISION_INFORMATION = _ACL_REVISION_INFORMATION;
TAclRevisionInformation = ACL_REVISION_INFORMATION;
PAclRevisionInformation = PACL_REVISION_INFORMATION;
PACL_REVISION_INFORMATION = ^ACL_REVISION_INFORMATION;
_ACL_REVISION_INFORMATION = record
ACL size information
ACL_SIZE_INFORMATION = _ACL_SIZE_INFORMATION;
TAclSizeInformation = ACL_SIZE_INFORMATION;
PAclSizeInformation = PACL_SIZE_INFORMATION;
PACL_SIZE_INFORMATION = ^ACL_SIZE_INFORMATION;
_ACL_SIZE_INFORMATION = record
Access mask
ACCESS_MASK = DWORD;
|
|
PACCESS_MASK = ^ACCESS_MASK;
|
|
TAccessMask = ACCESS_MASK;
|
|
PAccessMask = PACCESS_MASK;
|
ACE header
ACE_HEADER = _ACE_HEADER;
TAceHeader = ACE_HEADER;
PAceHeader = PACE_HEADER;
PACE_HEADER = ^ACE_HEADER;
_ACE_HEADER = record
Access allowed
ACCESS_ALLOWED_ACE = _ACCESS_ALLOWED_ACE;
TAccessAllowedAce = ACCESS_ALLOWED_ACE;
PAccessAllowedAce = PACCESS_ALLOWED_ACE;
PACCESS_ALLOWED_ACE = ^ACCESS_ALLOWED_ACE;
_ACCESS_ALLOWED_ACE = record
Access denied
ACCESS_DENIED_ACE = _ACCESS_DENIED_ACE;
TAccessDeniedAce = ACCESS_DENIED_ACE;
PAccessDeniedAce = PACCESS_DENIED_ACE;
PACCESS_DENIED_ACE = ^ACCESS_DENIED_ACE;
_ACCESS_DENIED_ACE = record
System audit
SYSTEM_AUDIT_ACE = _SYSTEM_AUDIT_ACE;
TSystemAuditAce = SYSTEM_AUDIT_ACE;
PSystemAuditAce = PSYSTEM_AUDIT_ACE;
PSYSTEM_AUDIT_ACE = ^SYSTEM_AUDIT_ACE;
_SYSTEM_AUDIT_ACE = record
System alarm
SYSTEM_ALARM_ACE = _SYSTEM_ALARM_ACE;
TSystemAlarmAce = SYSTEM_ALARM_ACE;
PSystemAlarmAce = PSYSTEM_ALARM_ACE;
PSYSTEM_ALARM_ACE = ^SYSTEM_ALARM_ACE;
_SYSTEM_ALARM_ACE = record
Access allowed object
ACCESS_ALLOWED_OBJECT_ACE = _ACCESS_ALLOWED_OBJECT_ACE;
TAccessAllowedObjectAce = ACCESS_ALLOWED_OBJECT_ACE;
PAccessAllowedObjectAce = PACCESS_ALLOWED_OBJECT_ACE;
PACCESS_ALLOWED_OBJECT_ACE = ^ACCESS_ALLOWED_OBJECT_ACE;
_ACCESS_ALLOWED_OBJECT_ACE = record
Access denied object
ACCESS_DENIED_OBJECT_ACE = _ACCESS_DENIED_OBJECT_ACE;
TAccessDeniedObjectAce = ACCESS_DENIED_OBJECT_ACE;
PAccessDeniedObjectAce = PACCESS_DENIED_OBJECT_ACE;
PACCESS_DENIED_OBJECT_ACE = ^ACCESS_DENIED_OBJECT_ACE;
_ACCESS_DENIED_OBJECT_ACE = record
System audit object
SYSTEM_AUDIT_OBJECT_ACE = _SYSTEM_AUDIT_OBJECT_ACE;
TSystemAuditObjectAce = SYSTEM_AUDIT_OBJECT_ACE;
PSystemAuditObjectAce = PSYSTEM_AUDIT_OBJECT_ACE;
PSYSTEM_AUDIT_OBJECT_ACE = ^SYSTEM_AUDIT_OBJECT_ACE;
_SYSTEM_AUDIT_OBJECT_ACE = record
System alarm object
SYSTEM_ALARM_OBJECT_ACE = _SYSTEM_ALARM_OBJECT_ACE;
TSystemAlarmObjectAce = SYSTEM_ALARM_OBJECT_ACE;
PSystemAlarmObjectAce = PSYSTEM_ALARM_OBJECT_ACE;
PSYSTEM_ALARM_OBJECT_ACE = ^SYSTEM_ALARM_OBJECT_ACE;
_SYSTEM_ALARM_OBJECT_ACE = record
Security descriptor control
SECURITY_DESCRIPTOR_CONTROL = WORD;
|
|
PSECURITY_DESCRIPTOR_CONTROL = ^SECURITY_DESCRIPTOR_CONTROL;
|
|
TSecurityDescriptorControl = SECURITY_DESCRIPTOR_CONTROL;
|
|
PSecurityDescriptorControl = PSECURITY_DESCRIPTOR_CONTROL;
|
Security descriptor relative
SECURITY_DESCRIPTOR_RELATIVE = _SECURITY_DESCRIPTOR_RELATIVE;
TSecurityDescriptorRelative = SECURITY_DESCRIPTOR_RELATIVE;
PSecurityDescriptorRelative = PSECURITY_DESCRIPTOR_RELATIVE;
PSECURITY_DESCRIPTOR_RELATIVE = ^SECURITY_DESCRIPTOR_RELATIVE;
_SECURITY_DESCRIPTOR_RELATIVE = record
Security descriptor
SECURITY_DESCRIPTOR = _SECURITY_DESCRIPTOR;
TSecurityDescriptor = SECURITY_DESCRIPTOR;
PSecurityDescriptor = PSECURITY_DESCRIPTOR;
PPSECURITY_DESCRIPTOR = ^PSECURITY_DESCRIPTOR;
PSECURITY_DESCRIPTOR = ^SECURITY_DESCRIPTOR;
_SECURITY_DESCRIPTOR = record
Well known SID type
WELL_KNOWN_SID_TYPE = (
Well known SID
Well known ACE
TWellKnownAce = record
Well known ACL
TWellKnownAcl = record
Well known descriptor
Public variables
None defined
Function declarations
Security functions
function IsWellKnownSid(Sid: PSID; WellKnownSidType: WELL_KNOWN_SID_TYPE): BOOL;
function CreateWellKnownSid(WellKnownSidType: WELL_KNOWN_SID_TYPE; DomainSid: PSID; Sid: PSID; var cbSid: DWORD): BOOL;
function GetSidLengthRequired(nSubAuthorityCount: UCHAR): DWORD;
function AllocateAndInitializeSid(const pIdentifierAuthority: TSIDIdentifierAuthority; nSubAuthorityCount: Byte; nSubAuthority0, nSubAuthority1: DWORD; nSubAuthority2, nSubAuthority3, nSubAuthority4: DWORD; nSubAuthority5, nSubAuthority6, nSubAuthority7: DWORD; var Sid: PSID): BOOL;
function InitializeSid(Sid: PSID; const pIdentifierAuthority: TSIDIdentifierAuthority; nSubAuthorityCount: Byte): BOOL;
function GetSidIdentifierAuthority(Sid: PSID): PSIDIdentifierAuthority;
function GetSidSubAuthority(Sid: PSID; nSubAuthority: DWORD): PDWORD;
function CopySid(nDestinationSidLength: DWORD; pDestinationSid, pSourceSid: PSID): BOOL;
function ConvertSidToStringSid(Sid: PSID; var StringSid: PChar): BOOL;
function ConvertStringSidToSid(StringSid: PChar; var Sid: PSID): BOOL;
function InitializeAcl(var pAcl: TACL; nAclLength, dwAclRevision: DWORD): BOOL;
function GetAclInformation(const pAcl: TACL; pAclInformation: Pointer; nAclInformationLength: DWORD; dwAclInformationClass: TAclInformationClass): BOOL;
function SetAclInformation(var pAcl: TACL; pAclInformation: Pointer; nAclInformationLength: DWORD; dwAclInformationClass: TAclInformationClass): BOOL;
function AddAce(var pAcl: TACL; dwAceRevision, dwStartingAceIndex: DWORD; pAceList: Pointer; nAceListLength: DWORD): BOOL;
function GetAce(const pAcl: TACL; dwAceIndex: DWORD; var pAce: Pointer): BOOL;
function AddAccessAllowedAce(var pAcl: TACL; dwAceRevision: DWORD; AccessMask: DWORD; Sid: PSID): BOOL;
function AddAccessAllowedAceEx(var pAcl: TACL; dwAceRevision: DWORD; AceFlags: DWORD; AccessMask: DWORD; Sid: PSID): BOOL;
function AddAccessDeniedAce(var pAcl: TACL; dwAceRevision: DWORD; AccessMask: DWORD; Sid: PSID): BOOL;
function AddAccessDeniedAceEx(var pAcl: TACL; dwAceRevision: DWORD; AceFlags: DWORD; AccessMask: DWORD; Sid: PSID): BOOL;
function AddAuditAccessAce(var pAcl: TACL; dwAceRevision: DWORD; dwAccessMask: DWORD; Sid: PSID; bAuditSuccess, bAuditFailure: BOOL): BOOL;
function AddAuditAccessAceEx(var pAcl: TACL; dwAceRevision: DWORD; AceFlags: DWORD; dwAccessMask: DWORD; Sid: PSID; bAuditSuccess, bAuditFailure: BOOL): BOOL;
function AddAccessAllowedObjectAce(var pAcl: TACL; dwAceRevision: DWORD; AceFlags: DWORD; AccessMask: DWORD; ObjectTypeGuid, InheritedObjectTypeGuid: PGUID; Sid: PSID): BOOL;
function AddAccessDeniedObjectAce(var pAcl: TACL; dwAceRevision: DWORD; AceFlags: DWORD; AccessMask: DWORD; ObjectTypeGuid, InheritedObjectTypeGuid: PGUID; Sid: PSID): BOOL;
function AddAuditAccessObjectAce(var pAcl: TACL; dwAceRevision: DWORD; AceFlags: DWORD; AccessMask: DWORD; ObjectTypeGuid, InheritedObjectTypeGuid: PGUID; Sid: PSID; bAuditSuccess, bAuditFailure: BOOL): BOOL;
function FindFirstFreeAce(var pAcl: TACL; var pAce: Pointer): BOOL;
function InitializeSecurityDescriptor(pSecurityDescriptor: PSecurityDescriptor; dwRevision: DWORD): BOOL;
function IsValidSecurityDescriptor(pSecurityDescriptor: PSecurityDescriptor): BOOL;
function GetSecurityDescriptorLength(pSecurityDescriptor: PSecurityDescriptor): DWORD;
function GetSecurityDescriptorControl(pSecurityDescriptor: PSecurityDescriptor; var pControl: SECURITY_DESCRIPTOR_CONTROL; var lpdwRevision: DWORD): BOOL;
function SetSecurityDescriptorControl(pSecurityDescriptor: PSecurityDescriptor; ControlBitsOfInterest, ControlBitsToSet: SECURITY_DESCRIPTOR_CONTROL): BOOL;
function GetSecurityDescriptorDacl(pSecurityDescriptor: PSecurityDescriptor; var lpbDaclPresent: BOOL; var pDacl: PACL; var lpbDaclDefaulted: BOOL): BOOL;
function SetSecurityDescriptorDacl(pSecurityDescriptor: PSecurityDescriptor; bDaclPresent: BOOL; pDacl: PACL; bDaclDefaulted: BOOL): BOOL;
function GetSecurityDescriptorSacl(pSecurityDescriptor: PSecurityDescriptor; var lpbSaclPresent: BOOL; var pSacl: PACL; var lpbSaclDefaulted: BOOL): BOOL;
function SetSecurityDescriptorSacl(pSecurityDescriptor: PSecurityDescriptor; bSaclPresent: BOOL; pSacl: PACL; bSaclDefaulted: BOOL): BOOL;
function GetSecurityDescriptorOwner(pSecurityDescriptor: PSecurityDescriptor; var pOwner: PSID; var lpbOwnerDefaulted: BOOL): BOOL;
function SetSecurityDescriptorOwner(pSecurityDescriptor: PSecurityDescriptor; pOwner: PSID; bOwnerDefaulted: BOOL): BOOL;
function GetSecurityDescriptorGroup(pSecurityDescriptor: PSecurityDescriptor; var pGroup: PSID; var lpbGroupDefaulted: BOOL): BOOL;
function SetSecurityDescriptorGroup(pSecurityDescriptor: PSecurityDescriptor; pGroup: PSID; bGroupDefaulted: BOOL): BOOL;
function MakeSelfRelativeSD(pAbsoluteSecurityDescriptor: PSecurityDescriptor; pSelfRelativeSecurityDescriptor: PSecurityDescriptor; var lpdwBufferLength: DWORD): BOOL;
function MakeAbsoluteSD(pSelfRelativeSecurityDescriptor: PSecurityDescriptor; pAbsoluteSecurityDescriptor: PSecurityDescriptor; var lpdwAbsoluteSecurityDescriptorSi: DWORD; var pDacl: TACL; var lpdwDaclSize: DWORD; var pSacl: TACL; var lpdwSaclSize: DWORD; pOwner: PSID; var lpdwOwnerSize: DWORD; pPrimaryGroup: PSID; var lpdwPrimaryGroupSize: DWORD): BOOL;
function MakeAbsoluteSD2(pSelfRelativeSecurityDescriptor: PSecurityDescriptor; var lpdwBufferSize: DWORD): BOOL;
Security helper functions
function CreateDefaultSecurityDescriptor(var pCreatedSecurityDescriptor: PSecurityDescriptor; bFolder: BOOL): BOOL;
function DestroyDefaultSecurityDescriptor(pDefaultSecurityDescriptor: PSecurityDescriptor): BOOL;
function CreateInheritedSecurityDescriptorNT(pParentSecurityDescriptor: PSecurityDescriptor; var pCreatedSecurityDescriptor: PSecurityDescriptor): BOOL;
function CreateInheritedSecurityDescriptor2K(pParentSecurityDescriptor: PSecurityDescriptor; var pCreatedSecurityDescriptor: PSecurityDescriptor): BOOL;
function CreateMergedSecurityDescriptor2K(pParentSecurityDescriptor, pChildSecurityDescriptor: PSecurityDescriptor; var pCreatedSecurityDescriptor: PSecurityDescriptor): BOOL;
function DestroyInheritedSecurityDescriptor(pInheritedSecurityDescriptor: PSecurityDescriptor): BOOL;
function DestroyMergedSecurityDescriptor(pMergedSecurityDescriptor: PSecurityDescriptor): BOOL;
Return to Unit Reference
