archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/base/lsa/server/dspolicy/dbdata.c

277 lines
8.9 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1991 Microsoft Corporation
  5. Module Name:
  7. dbdata.c
  9. Abstract:
  11. Local Security Authority - Database Server Global Data
  13. Author:
  15. Scott Birrell (ScottBi) July 25, 1991
  17. Environment:
  19. User Mode
  21. Revision History:
  23. --*/
  25. #include <lsapch2.h>
  26. #include "dbp.h"
  28. OBJECT_ATTRIBUTES LsapDbObjectAttributes;
  29. STRING LsapDbNameString;
  30. LARGE_INTEGER LsapDbInitSize;
  31. LARGE_INTEGER LsapDbMaximumSizeOfSection;
  36. //
  37. // LSA Initialized Status
  38. //
  40. BOOLEAN LsapInitialized = FALSE;
  42. //
  43. // Setup Event Existed
  44. // This is necessary to distinguish a psuedo install done
  45. // during a developer's first boot after install (which does
  46. // an auto init) and the case where a real setup was run.
  47. //
  49. BOOLEAN LsapSetupWasRun = FALSE;
  51. //
  52. // Boolean indicating that the Ds is up and running
  53. //
  54. BOOLEAN LsapDsIsRunning = FALSE;
  56. //
  57. // Database initialization has been performed
  58. //
  60. BOOLEAN LsapDatabaseSetupPerformed = FALSE;
  62. //
  63. // Type of product we are running
  64. //
  66. NT_PRODUCT_TYPE LsapProductType;
  68. //
  69. // Product suites available on the current machine
  70. //
  71. WORD LsapProductSuiteMask=0;
  74. //
  75. // LSA Database State information
  76. //
  78. LSAP_DB_STATE LsapDbState;
  80. #ifdef DBG
  81. BOOL g_ScePolicyLocked = FALSE;
  82. #endif
  84. //
  85. // LsaDb object Handle used internally.
  86. // Also one for use throughout LSA.
  87. //
  89. LSAPR_HANDLE LsapDbHandle;
  90. LSAPR_HANDLE LsapPolicyHandle = NULL;
  92. //
  93. // LSA Database Encryption Key
  94. //
  96. PLSAP_CR_CIPHER_KEY LsapDbCipherKey;
  97. PLSAP_CR_CIPHER_KEY LsapDbSP4SecretCipherKey;
  98. PLSAP_CR_CIPHER_KEY LsapDbSecretCipherKeyRead;
  99. PLSAP_CR_CIPHER_KEY LsapDbSecretCipherKeyWrite;
  100. PVOID LsapDbSysKey = NULL;
  101. PVOID LsapDbOldSysKey = NULL;
  103. //
  104. // Is this a DC in the root domain?
  105. //
  107. BOOLEAN DcInRootDomain = FALSE;
  109. //
  110. // Queue of name/sid lookup activities.
  111. //
  113. LSAP_DB_LOOKUP_WORK_QUEUE LookupWorkQueue;
  116. //
  117. // LSA Database Object SubKey Unicode name string and attributes array
  118. //
  120. UNICODE_STRING LsapDbNames[DummyLastName];
  121. PLSAP_DB_DS_INFO LsapDbDsAttInfo;
  123. //
  124. // LSA Database Object Type Containing Directory Names
  125. //
  127. UNICODE_STRING LsapDbContDirs[DummyLastObject];
  129. //
  130. // Object Information Requirements. These arrays, indexed by object
  131. // type id indicated whether objects have Sids or Names.
  132. //
  133. // WARNING! - These arrays must be kept in sync with the LSAP_DB_OBJECT_TYPE_ID
  134. // enumerated type.
  135. //
  137. BOOLEAN LsapDbRequiresSidInfo[DummyLastObject] = {
  139. FALSE, // NullObject
  140. FALSE, // LsaDatabaseObject
  141. FALSE, // BuiltInAccountObject
  142. TRUE, // AccountObject
  143. FALSE // SecretObject
  144. };
  146. BOOLEAN LsapDbRequiresNameInfo[DummyLastObject] = {
  148. FALSE, // NullObject,
  149. TRUE, // LsaDatabaseObject
  150. TRUE, // BuiltInAccountObject
  151. FALSE, // AccountObject
  152. TRUE // SecretObject
  153. };
  155. //
  156. // Table of accesses required to query Policy Information. This table
  157. // is indexed by Policy Information Class
  158. //
  160. ACCESS_MASK LsapDbRequiredAccessQueryPolicy[PolicyDnsDomainInformationInt + 1] = {
  162. 0, // Information classes start at 1
  163. POLICY_VIEW_AUDIT_INFORMATION, // PolicyAuditLogInformation
  164. POLICY_VIEW_AUDIT_INFORMATION, // PolicyAuditEventsInformation
  165. POLICY_VIEW_LOCAL_INFORMATION, // PolicyPrimaryDomainInformation
  166. POLICY_GET_PRIVATE_INFORMATION, // PolicyPdAccountInformation
  167. POLICY_VIEW_LOCAL_INFORMATION, // PolicyAccountDomainInformation
  168. POLICY_VIEW_LOCAL_INFORMATION, // PolicyLsaServerRoleInformation
  169. POLICY_VIEW_LOCAL_INFORMATION, // PolicyReplicaSourceInformation
  170. POLICY_VIEW_LOCAL_INFORMATION, // PolicyDefaultQuotaInformation
  171. 0, // Not settable by non-trusted call
  172. 0, // Not applicable
  173. POLICY_VIEW_AUDIT_INFORMATION, // PolicyAuditFullQueryInformation
  174. POLICY_VIEW_LOCAL_INFORMATION, // PolicyDnsDomainInformation
  175. POLICY_VIEW_LOCAL_INFORMATION, // PolicyDnsDomainInformationInt
  176. };
  178. ACCESS_MASK LsapDbRequiredAccessQueryDomainPolicy[PolicyDomainKerberosTicketInformation + 1] = {
  180. 0, // Information classes start at 2
  181. 0, // PolicyDomainQualityOfServiceInformation (outdated)
  182. POLICY_VIEW_LOCAL_INFORMATION, // PolicyDomainEfsInformation
  183. POLICY_VIEW_LOCAL_INFORMATION // PolicyDomainKerberosTicketInformation
  184. };
  186. //
  187. // Table of accesses required to set Policy Information. This table
  188. // is indexed by Policy Information Class
  189. //
  191. ACCESS_MASK LsapDbRequiredAccessSetPolicy[PolicyDnsDomainInformationInt + 1] = {
  193. 0, // Information classes start at 1
  194. POLICY_AUDIT_LOG_ADMIN, // PolicyAuditLogInformation
  195. POLICY_SET_AUDIT_REQUIREMENTS, // PolicyAuditEventsInformation
  196. POLICY_TRUST_ADMIN, // PolicyPrimaryDomainInformation
  197. 0, // Not settable by non-trusted call
  198. POLICY_TRUST_ADMIN, // PolicyAccountDomainInformation
  199. POLICY_SERVER_ADMIN, // PolicyLsaServerRoleInformation
  200. POLICY_SERVER_ADMIN, // PolicyReplicaSourceInformation
  201. POLICY_SET_DEFAULT_QUOTA_LIMITS,// PolicyDefaultQuotaInformation
  202. 0, // Not settable by non-trusted call
  203. POLICY_AUDIT_LOG_ADMIN, // PolicyAuditFullSetInformation
  204. 0, // Not applicable
  205. POLICY_TRUST_ADMIN, // PolicyDnsDomainInformation
  206. POLICY_TRUST_ADMIN, // PolicyDnsDomainInformationInt
  207. };
  209. ACCESS_MASK LsapDbRequiredAccessSetDomainPolicy[PolicyDomainKerberosTicketInformation + 1] = {
  211. 0, // Information classes start at 2
  212. 0, // PolicyDomainQualityOfServiceInformation (outdated)
  213. POLICY_SERVER_ADMIN, // PolicyDomainEfsInformation
  214. POLICY_SERVER_ADMIN // PolicyDomainKerberosTicketInformation
  215. };
  218. //
  219. // Table of accesses required to query TrustedDomain Information. This table
  220. // is indexed by TrustedDomain Information Class
  221. //
  223. ACCESS_MASK LsapDbRequiredAccessQueryTrustedDomain[TrustedDomainFullInformation2Internal + 1] = {
  225. 0, // Information classes start at 1
  226. TRUSTED_QUERY_DOMAIN_NAME, // TrustedDomainNameInformation
  227. TRUSTED_QUERY_CONTROLLERS, // TrustedControllersInformation
  228. TRUSTED_QUERY_POSIX, // TrustedPosixOffsetInformation
  229. TRUSTED_QUERY_AUTH, // TrustedPasswordInformation
  230. TRUSTED_QUERY_DOMAIN_NAME, // TrustedDomainInformationBasic
  231. TRUSTED_QUERY_DOMAIN_NAME, // TrustedDomainInformationEx
  232. TRUSTED_QUERY_AUTH, // TrustedDomainAuthInformation
  233. TRUSTED_QUERY_DOMAIN_NAME |
  234. TRUSTED_QUERY_POSIX |
  235. TRUSTED_QUERY_AUTH, // TrustedDomainFullInformation
  236. TRUSTED_QUERY_AUTH, // TrustedDomainAuthInformationInternal
  237. TRUSTED_QUERY_DOMAIN_NAME |
  238. TRUSTED_QUERY_POSIX |
  239. TRUSTED_QUERY_AUTH, // TrustedDomainFullInformationInternal
  240. TRUSTED_QUERY_DOMAIN_NAME, // TrustedDomainInformationEx2Internal
  241. TRUSTED_QUERY_DOMAIN_NAME |
  242. TRUSTED_QUERY_POSIX |
  243. TRUSTED_QUERY_AUTH // TrustedDomainFullInformation2Internal
  244. };
  246. //
  247. // Table of accesses required to set TrustedDomain Information. This table
  248. // is indexed by TrustedDomain Information Class
  249. //
  251. ACCESS_MASK LsapDbRequiredAccessSetTrustedDomain[TrustedDomainFullInformation2Internal + 1] = {
  253. 0, // Information classes start at 1
  254. 0, // not settable (TrustedDomainNameInformation)
  255. TRUSTED_SET_CONTROLLERS, // TrustedControllersInformation
  256. TRUSTED_SET_POSIX, // TrustedPosixOffsetInformation
  257. TRUSTED_SET_AUTH, // TrustedPasswordInformation
  258. TRUSTED_SET_POSIX, // TrustedDomainInformationBasic POSIX is a bad bit, but its too late to change it
  259. TRUSTED_SET_POSIX, // TrustedDomainInformationEx POSIX is a bad bit, but its too late to change it
  260. TRUSTED_SET_AUTH, // TrustedDomainAuthInformation
  261. TRUSTED_SET_POSIX |
  262. TRUSTED_SET_AUTH, // TrustedDomainFullInformation
  263. TRUSTED_SET_AUTH, // TrustedDomainAuthInformationInternal
  264. TRUSTED_SET_POSIX |
  265. TRUSTED_SET_POSIX |
  266. TRUSTED_SET_AUTH, // TrustedDomainFullInformationInternal
  267. TRUSTED_SET_POSIX, // TrustedDomainInformationEx2Internal POSIX is a bad bit, but its too late to change it
  268. TRUSTED_SET_POSIX |
  269. TRUSTED_SET_AUTH // TrustedDomainFullInformation2Internal
  270. };
  273. //
  274. // Cached Policy Object. Only default Quota Limits is cached just now.
  275. //
  277. LSAP_DB_POLICY LsapDbPolicy = {0};