CPrivateObjectSecurityDesc Class
The latest version of this topic can be found at CPrivateObjectSecurityDesc Class.
This class represents a private object security descriptor object.
Syntax
class CPrivateObjectSecurityDesc : public CSecurityDesc
Members
Public Constructors
| Name | Description |
|---|---|
| CPrivateObjectSecurityDesc::CPrivateObjectSecurityDesc | The constructor. |
| CPrivateObjectSecurityDesc::~CPrivateObjectSecurityDesc | The destructor. |
Public Methods
| Name | Description |
|---|---|
| CPrivateObjectSecurityDesc::ConvertToAutoInherit | Call this method to convert a security descriptor and its access-control lists (ACLs) to a format that supports automatic propagation of inheritable access-control entries (ACEs). |
| CPrivateObjectSecurityDesc::Create | Call this method to allocate and initialize a self-relative security descriptor for the private object created by the calling resource manager. |
| CPrivateObjectSecurityDesc::Get | Call this method to retrieve information from a private object's security descriptor. |
| CPrivateObjectSecurityDesc::Set | Call this method to modify a private object's security descriptor. |
Operators
| operator = | Assignment operator. |
Remarks
This class, derived from CSecurityDesc, provides methods for creating and managing the security descriptor of a private object.
For an introduction to the access control model in Windows, see Access Control in the Windows SDK.
Inheritance Hierarchy
CPrivateObjectSecurityDesc
Requirements
Header: atlsecurity.h
CPrivateObjectSecurityDesc::ConvertToAutoInherit
Call this method to convert a security descriptor and its access-control lists (ACLs) to a format that supports automatic propagation of inheritable access-control entries (ACEs).
bool ConvertToAutoInherit(
const CSecurityDesc* pParent,
GUID* ObjectType,
bool bIsDirectoryObject,
PGENERIC_MAPPING GenericMapping) throw();
Parameters
pParent
Pointer to a CSecurityDesc object referencing the parent container of the object. If there is no parent container, this parameter is NULL.
ObjectType
Pointer to a GUID structure that identifies the type of object associated with the current object. Set ObjectType to NULL if the object does not have a GUID.
bIsDirectoryObject
Specifies whether the new object can contain other objects. A value of true indicates that the new object is a container. A value of false indicates that the new object is not a container.
GenericMapping
Pointer to a GENERIC_MAPPING structure that specifies the mapping from each generic right to specific rights for the object.
Return Value
Returns true on success, false on failure.
Remarks
This method attempts to determine whether the ACEs in the discretionary access-control list (DACL) and system access-control list (SACL) of the current security descriptor were inherited from the parent security descriptor. It calls the ConvertToAutoInheritPrivateObjectSecurity function.
CPrivateObjectSecurityDesc::CPrivateObjectSecurityDesc
The constructor.
CPrivateObjectSecurityDesc() throw();
Remarks
Initializes the CPrivateObjectSecurityDesc object.
CPrivateObjectSecurityDesc::~CPrivateObjectSecurityDesc
The destructor.
~CPrivateObjectSecurityDesc() throw();
Remarks
The destructor frees all allocated resources and deletes the private object's security descriptor.
CPrivateObjectSecurityDesc::Create
Call this method to allocate and initialize a self-relative security descriptor for the private object created by the calling resource manager.
bool Create(
const CSecurityDesc* pParent,
const CSecurityDesc* pCreator,
bool bIsDirectoryObject,
const CAccessToken& Token,
PGENERIC_MAPPING GenericMapping) throw();
bool Create(
const CSecurityDesc* pParent,
const CSecurityDesc* pCreator,
GUID* ObjectType,
bool bIsContainerObject,
ULONG AutoInheritFlags,
const CAccessToken& Token,
PGENERIC_MAPPING GenericMapping) throw();
Parameters
pParent
Pointer to a CSecurityDesc object referencing the parent directory in which a new object is being created. Set to NULL if there is no parent directory.
pCreator
Pointer to a security descriptor provided by the creator of the object. If the object's creator does not explicitly pass security information for the new object, set this parameter to NULL.
bIsDirectoryObject
Specifies whether the new object can contain other objects. A value of true indicates that the new object is a container. A value of false indicates that the new object is not a container.
Token
Reference to the CAccessToken object for the client process on whose behalf the object is being created.
GenericMapping
Pointer to a GENERIC_MAPPING structure that specifies the mapping from each generic right to specific rights for the object.
ObjectType
Pointer to a GUID structure that identifies the type of object associated with the current object. Set ObjectType to NULL if the object does not have a GUID.
bIsContainerObject
Specifies whether the new object can contain other objects. A value of true indicates that the new object is a container. A value of false indicates that the new object is not a container.
AutoInheritFlags
A set of bit flags that control how access-control entries (ACEs) are inherited from pParent. See CreatePrivateObjectSecurityEx for more details.
Return Value
Returns true on success, false on failure.
Remarks
This method calls CreatePrivateObjectSercurity or CreatePrivateObjectSecurityEx.
The second method, which permits specifying the object type GUID of the new object or controlling how ACEs are inherited, is only available on systems running Windows 2000 and later.
Note
A self-relative security descriptor is a security descriptor that stores all of its security information in a contiguous block of memory.
CPrivateObjectSecurityDesc::Get
Call this method to retrieve information from a private object's security descriptor.
bool Get(
SECURITY_INFORMATION si,
CSecurityDesc* pResult) const throw();
Parameters
si
A set of bit flags that indicate the parts of the security descriptor to retrieve. This value can be a combination of the SECURITY_INFORMATION bit flags.
pResult
Pointer to a CSecurityDesc object that receives a copy of the requested information from the specified security descriptor.
Return Value
Returns true on success, false on failure.
Remarks
The security descriptor is a structure and associated data that contains the security information for a securable object.
CPrivateObjectSecurityDesc::operator =
Assignment operator.
CPrivateObjectSecurityDesc& operator= (const CPrivateObjectSecurityDesc& rhs) throw(...);
Parameters
rhs
The CPrivateObjectSecurityDesc object to assign to the current object.
Return Value
Returns the updated CPrivateObjectSecurityDesc object.
CPrivateObjectSecurityDesc::Set
Call this method to modify a private object's security descriptor.
bool Set(
SECURITY_INFORMATION si,
const CSecurityDesc& Modification,
PGENERIC_MAPPING GenericMapping,
const CAccessToken& Token) throw();
bool Set(
SECURITY_INFORMATION si,
const CSecurityDesc& Modification,
ULONG AutoInheritFlags,
PGENERIC_MAPPING GenericMapping,
const CAccessToken& Token) throw();
Parameters
si
A set of bit flags that indicate the parts of the security descriptor to set. This value can be a combination of the SECURITY_INFORMATION bit flags.
Modification
Pointer to a CSecurityDesc object. The parts of this security descriptor indicated by the si parameter are applied to the object's security descriptor.
GenericMapping
Pointer to a GENERIC_MAPPING structure that specifies the mapping from each generic right to specific rights for the object.
Token
Reference to the CAccessToken object for the client process on whose behalf the object is being created.
AutoInheritFlags
A set of bit flags that control how access-control entries (ACEs) are inherited from pParent. See CreatePrivateObjectSecurityEx for more details.
Return Value
Returns true on success, false on failure.
Remarks
The second method, which permits specifying the object type GUID of the object or controlling how ACEs are inherited, is only available on systems running Windows 2000 and later.
See Also
SECURITY_DESCRIPTOR
Class Overview
Security Global Functions
CSecurityDesc Class