archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/base/lsa/server/dspolicy/dsp.h

595 lines
17 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1997 Microsoft Corporation
  5. Module Name:
  7. dsp.h
  9. Abstract:
  11. Private macros/definitions/prototypes for implementing a portion of the LSA store
  12. in the DS
  14. Author:
  16. Mac McLain (MacM) Jan 17, 1997
  18. Environment:
  20. User Mode
  22. Revision History:
  24. --*/
  26. #ifndef __DSP_H__
  27. #define __DSP_H__
  29. #include <filtypes.h>
  30. #include <attids.h>
  31. #include <dsattrs.h>
  33. #ifndef PDSNAME
  34. typedef DSNAME *PDSNAME;
  35. #endif
  37. #ifndef PATTR
  38. typedef ATTR *PATTR;
  39. #endif
  41. #ifndef PGUID
  42. typedef GUID *PGUID;
  43. #endif
  45. #define TENMEG 10485760
  47. //
  48. // Retuns the string name embedded in a DSNAME structure
  49. //
  50. #define LsapDsNameFromDsName(pdsname) \
  51. ((pdsname) == NULL ? NULL : (pdsname)->StringName)
  53. //
  54. // Returns the length of the string name embedded in a DSNAME structure
  55. //
  56. #define LsapDsNameLenFromDsName(pdsname) \
  57. ((pdsname) == NULL ? 0 : (pdsname)->NameLen)
  59. //
  60. // Returns the length of a unicode string buffer without the trailing NULL
  61. //
  62. #define LsapDsGetUnicodeStringLenNoNull(punicode) \
  63. (((PWSTR)(punicode)->Buffer)[(punicode)->Length / sizeof(WCHAR) - 1] == UNICODE_NULL ? \
  64. (punicode)->Length - sizeof(WCHAR) : \
  65. (punicode)->Length)
  67. #define LsapDsGetSelfRelativeUnicodeStringLenNoNull(punicode) \
  68. (((PWSTR)((PBYTE)(punicode) + sizeof(UNICODE_STRING_SR)))[(punicode)->Length / sizeof(WCHAR) - 1] == UNICODE_NULL ? \
  69. (punicode)->Length - sizeof(WCHAR) : \
  70. (punicode)->Length)
  72. #define LsapDsIsWriteDs( objhandle ) \
  73. ((((LSAP_DB_HANDLE)(objhandle))->fWriteDs && \
  74. (((LSAP_DB_HANDLE)(objhandle))->ObjectTypeId == TrustedDomainObject || \
  75. ((LSAP_DB_HANDLE)(objhandle))->ObjectTypeId == SecretObject)) ? TRUE : FALSE )
  77. #define LsapDsSetHandleWriteDs( objhandle ) (((LSAP_DB_HANDLE)(objhandle))->fWriteDs = TRUE)
  79. #define LsapDsWriteDs ( LsaDsStateInfo.UseDs )
  81. #define LSAPDS_ALLOC_AND_COPY_STRING_TO_UNICODE_ON_SUCCESS( status, dest, src, len )\
  82. if ( NT_SUCCESS( status ) ) { \
  83. \
  84. (dest)->MaximumLength = (USHORT)(len) + sizeof(WCHAR); \
  85. (dest)->Buffer = LsapAllocateLsaHeap( (dest)->MaximumLength ); \
  86. \
  87. if ( (dest)->Buffer == NULL ) { \
  88. \
  89. (status) = STATUS_INSUFFICIENT_RESOURCES; \
  90. \
  91. } else { \
  92. \
  93. (dest)->Length = (dest)->MaximumLength - sizeof( WCHAR ); \
  94. RtlCopyMemory( (dest)->Buffer, (src), (dest)->Length ); \
  95. ((WCHAR*)((dest)->Buffer))[(len)/sizeof(WCHAR)] = L'\0'; \
  96. } \
  97. }
  99. #define LSAPDS_ALLOC_AND_COPY_UNICODE_STRING_ON_SUCCESS( status, _dest_, _src_ ) \
  100. if ( NT_SUCCESS( status ) ) { \
  101. \
  102. ( _dest_ )->MaximumLength = ( _src_ )->MaximumLength; \
  103. ( _dest_ )->Buffer = LsapAllocateLsaHeap( (_dest_ )->MaximumLength ); \
  104. \
  105. if ( ( _dest_ )->Buffer == NULL ) { \
  106. \
  107. (status) = STATUS_INSUFFICIENT_RESOURCES; \
  108. \
  109. } else { \
  110. \
  111. RtlZeroMemory(( _dest_ )->Buffer, ( _dest_ )->MaximumLength ); \
  112. ( _dest_ )->Length = ( _src_ )->Length; \
  113. RtlCopyMemory( ( _dest_ )->Buffer, ( _src_ )->Buffer, ( _dest_ )->Length ); \
  114. } \
  115. }
  118. #define LSAPDS_ALLOC_AND_COPY_SID_ON_SUCCESS( status, dest, sid ) \
  119. if ( NT_SUCCESS( status ) ) { \
  120. \
  121. (dest) = LsapAllocateLsaHeap( RtlLengthSid( sid ) ); \
  122. if ( (dest) == NULL ) { \
  123. \
  124. (status) = STATUS_INSUFFICIENT_RESOURCES; \
  125. \
  126. } else { \
  127. \
  128. RtlCopyMemory( (dest), (sid), RtlLengthSid( sid ) ); \
  129. } \
  130. }
  132. #define LSAPDS_COPY_GUID_ON_SUCCESS( status, dest, src ) \
  133. if ( NT_SUCCESS( status ) ) { RtlCopyMemory((dest), (src), sizeof( GUID ) ); }
  136. #define LsapDsReturnSuccessIfNoDs \
  137. if ( !LsapDsWriteDs ) { \
  138. \
  139. return( STATUS_SUCCESS ); \
  140. }
  142. BOOL
  143. SampExistsDsTransaction(
  144. void
  145. );
  147. //
  148. // Determines whether a bit is on or not
  149. //
  150. #define FLAG_ON(flags,bit) ((flags) & (bit))
  152. #define LsapDsLengthAppendRdnLength( dsname, length ) \
  153. DSNameSizeFromLen( ( LsapDsNameLenFromDsName( dsname ) + 5 + ( ( ( length ) / sizeof( WCHAR ) * 2 ) ) ) )
  155. #define LsapDsSetDsaFlags( flag ) \
  156. SampSetDsa( flag ); \
  158. #define LsapDsInitializeAttrBlock( attrblock, attrs, count ) \
  159. { (attrblock)->attrCount = (count); \
  160. (attrblock)->pAttr = (attrs); }
  162. #define LSAP_DS_PARTITIONS_CONTAINER L"Partitions"
  163. #define LSAP_DS_SYSTEM_CONTAINER L"System"
  164. #define LSAP_DS_TRUSTED_DOMAIN L"trustedDomain"
  165. #define LSAP_DS_SECRET L"secret"
  166. #define LSAP_DS_SITES_CONTAINER L"CN=Sites"
  167. #define LSAP_DS_SUBNET_CONTAINER L"CN=Subnets," LSAP_DS_SITES_CONTAINER
  168. #define LSAP_DS_PATH_SEP L','
  169. #define LSAP_DS_PATH_SEP_AS_STRING L","
  170. #define LSAP_DS_CONTAINER_PREFIX L"CN="
  171. #define LSAP_DS_SECRET_POSTFIX L" Secret"
  172. #define LSAP_DS_SECRET_POSTFIX_LEN ((sizeof(LSAP_DS_SECRET_POSTFIX)/sizeof(WCHAR))-1)
  173. #define LSAP_DS_TRUSTED_DOMAIN_SECRET_PREFIX L"G$$"
  174. #define LSAP_DS_TRUSTED_DOMAIN_SECRET_PREFIX_SIZE \
  175. (sizeof( LSAP_DS_TRUSTED_DOMAIN_SECRET_PREFIX ) - sizeof( WCHAR ) )
  176. #define LSAP_DS_TRUSTED_DOMAIN_SECRET_PREFIX_LENGTH \
  177. (LSAP_DS_TRUSTED_DOMAIN_SECRET_PREFIX_SIZE/sizeof(WCHAR))
  179. #define LSAP_DS_INIT_ATTR(attr, type, cnt, vals) \
  180. { (attr).attrTyp = (type); \
  181. (attr).AttrVal.valCount = (cnt); \
  182. (attr).AttrVal.pAVal = (vals); }
  184. //
  185. // General flags to be used for all operations
  186. //
  187. #define LSAPDS_OP_NO_LOCK 0x00000001
  188. #define LSAPDS_OP_NO_TRANS 0x00000002
  190. //
  191. // Flags to use for search
  192. //
  193. #define LSAPDS_SEARCH_ROOT 0x00008000
  194. #define LSAPDS_SEARCH_ALL_NCS 0x00010000
  195. #define LSAPDS_SEARCH_LEVEL 0x00020000
  196. #define LSAPDS_SEARCH_TREE 0x00040000
  197. #define LSAPDS_SEARCH_OR 0x00100000
  199. #define LSAPDS_SEARCH_FLAGS 0x00168000
  201. //
  202. // Flags to use for Write
  203. //
  204. #define LSAPDS_REMOVE_ATTRIBUTE AT_CHOICE_REMOVE_ATT
  205. #define LSAPDS_REPLACE_ATTRIBUTE AT_CHOICE_REPLACE_ATT
  207. #define LSAPDS_WRITE_TYPES 0x00000FFF
  208. #define LSAPDS_REPL_CHANGE_URGENTLY 0x00002000
  209. #define LSAPDS_USE_PERMISSIVE_WRITE 0x00001000
  212. //
  213. // Flags to use for Read
  214. //
  215. #define LSAPDS_READ_NO_LOCK LSAPDS_OP_NO_LOCK
  216. #define LSAPDS_READ_DELETED 0x00002000
  217. #define LSAPDS_READ_RETURN_NOT_FOUND 0x10000000
  219. //
  220. // Flags to use for Create
  221. //
  222. #define LSAPDS_CREATE_TRUSTED 0x00002000
  223. #define LSAPDS_CREATE_WITH_SD 0x00004000
  225. NTSTATUS
  226. LsapDsMapDsReturnToStatus (
  227. ULONG DsStatus
  228. );
  230. NTSTATUS
  231. LsapDsMapDsReturnToStatusEx (
  232. IN COMMRES *pComRes
  233. );
  235. VOID
  236. LsapDsInitializeStdCommArg (
  237. IN COMMARG *pCommArg,
  238. IN ULONG Flags
  239. );
  241. NTSTATUS
  242. LsapAllocAndInitializeDsNameFromUnicode(
  243. IN PLSA_UNICODE_STRING pObjectName,
  244. OUT PDSNAME *pDsName
  245. );
  247. NTSTATUS
  248. LsapDsSearchUnique(
  249. IN ULONG Flags,
  250. IN PDSNAME pContainer,
  251. IN PATTR pAttrsToMatch,
  252. IN ULONG cAttrs,
  253. OUT PDSNAME *ppFoundName
  254. );
  256. NTSTATUS
  257. LsapDsSearchNonUnique(
  258. IN ULONG Flags,
  259. IN PDSNAME pContainer,
  260. IN PATTR pAttrToMatch,
  261. IN ULONG Attrs,
  262. OUT PDSNAME **pppFoundNames,
  263. OUT PULONG pcNames
  264. );
  266. NTSTATUS
  267. LsapDsFindUnique(
  268. IN ULONG Flags,
  269. IN PDSNAME NCName OPTIONAL,
  270. IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
  271. IN ATTRVAL *Attribute,
  272. IN ATTRTYP AttId,
  273. OUT PDSNAME *FoundObject
  274. );
  276. NTSTATUS
  277. LsapDsCreateAndSetObject(
  278. IN PLSA_UNICODE_STRING pObjectName,
  279. IN ULONG Flags,
  280. IN ULONG cItems,
  281. IN ATTRTYP *pAttrTypeList,
  282. IN ATTRVAL *pAttrValList
  283. );
  285. NTSTATUS
  286. LsapDsCreateObjectDs(
  287. IN PDSNAME ObjectName,
  288. IN ULONG Flags,
  289. IN ATTRBLOCK *AttrBlock
  290. );
  292. NTSTATUS
  293. LsapDsRead (
  294. IN PUNICODE_STRING pObject,
  295. IN ULONG fFlags,
  296. IN ATTRBLOCK *pAttributesToRead,
  297. OUT ATTRBLOCK *pAttributeValues
  298. );
  300. NTSTATUS
  301. LsapDsReadByDsName (
  302. IN PDSNAME DsName,
  303. IN ULONG fFlags,
  304. IN ATTRBLOCK *pAttributesToRead,
  305. OUT ATTRBLOCK *pAttributeValues
  306. );
  308. NTSTATUS
  309. LsapDsRemove (
  310. IN PDSNAME pObject
  311. );
  313. NTSTATUS
  314. LsapDsWrite(
  315. IN PUNICODE_STRING pObject,
  316. IN ULONG Flags,
  317. IN ATTRBLOCK *Attributes
  318. );
  320. NTSTATUS
  321. LsapDsWriteByDsName(
  322. IN PDSNAME DsName,
  323. IN ULONG Flags,
  324. IN ATTRBLOCK *Attributes
  325. );
  327. NTSTATUS
  328. LsapDsLsaAttributeToDsAttribute(
  329. IN PLSAP_DB_ATTRIBUTE LsaAttribute,
  330. OUT PATTR Attr
  331. );
  333. NTSTATUS
  334. LsapDsDsAttributeToLsaAttribute(
  335. IN ATTRVAL *AttVal,
  336. OUT PLSAP_DB_ATTRIBUTE LsaAttribute
  337. );
  339. NTSTATUS
  340. LsapDsIsSecretDsTrustedDomain(
  341. IN PUNICODE_STRING SecretName,
  342. IN PLSAP_DB_OBJECT_INFORMATION ObjectInformation,
  343. IN ULONG Options,
  344. IN ACCESS_MASK DesiredAccess,
  345. OUT PLSAPR_HANDLE TDObjHandle,
  346. OUT BOOLEAN *IsTrustedDomainSecret
  347. );
  349. NTSTATUS
  350. LsapDsIsHandleDsObjectTypeHandle(
  351. IN LSAP_DB_HANDLE Handle,
  352. IN LSAP_DB_OBJECT_TYPE_ID ObjectType,
  353. OUT BOOLEAN *IsObjectHandle
  354. );
  356. #define LsapDsIsHandleDsHandle( handle ) \
  357. (LsaDsStateInfo.UseDs && ((LSAP_DB_HANDLE) (handle))->PhysicalNameDs.Length != 0 )
  358. #define LsapDsIsFunctionTableValid() LsaDsStateInfo.FunctionTableInitialized
  360. NTSTATUS
  361. LsapDsTrustedDomainSidToLogicalName(
  362. IN PSID Sid,
  363. OUT PUNICODE_STRING LogicalNameU
  364. );
  366. NTSTATUS
  367. LsapDsInitAllocAsNeededEx(
  368. IN ULONG Options,
  369. IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
  370. OUT PBOOLEAN Reset
  371. );
  373. VOID
  374. LsapDsDeleteAllocAsNeededEx(
  375. IN ULONG Options,
  376. IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
  377. IN BOOLEAN Reset
  378. );
  380. VOID
  381. LsapDsDeleteAllocAsNeededEx2(
  382. IN ULONG Options,
  383. IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
  384. IN BOOLEAN Reset,
  385. IN BOOLEAN RollbackTransaction
  386. );
  388. NTSTATUS
  389. LsapDsCauseTransactionToCommitOrAbort (
  390. IN BOOLEAN Commit
  391. );
  393. NTSTATUS
  394. LsapDsGetListOfSystemContainerItems(
  395. IN ULONG ClassId,
  396. OUT PULONG Items,
  397. OUT PDSNAME **DsNames
  398. );
  400. //
  401. // Enumeration flags defined in dbp.h
  402. //
  403. NTSTATUS
  404. LsapDsEnumerateTrustedDomainsEx(
  405. IN PLSA_ENUMERATION_HANDLE EnumerationContext,
  406. IN TRUSTED_INFORMATION_CLASS InformationClass,
  407. OUT PLSAPR_TRUSTED_DOMAIN_INFO *TrustedDomainInformation,
  408. IN ULONG PreferedMaximumLength,
  409. IN OUT PULONG CountReturned,
  410. IN ULONG EnumerationFlags
  411. );
  413. NTSTATUS
  414. LsapDsGetTrustedDomainInfoEx(
  415. IN PDSNAME ObjectPath,
  416. IN ULONG ReadOptions,
  417. IN TRUSTED_INFORMATION_CLASS InformationClass,
  418. OUT PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation,
  419. OUT PULONG Size OPTIONAL
  420. );
  422. NTSTATUS
  423. LsapDsBuildAuthInfoAttribute(
  424. IN LSAPR_HANDLE Handle,
  425. IN PLSAPR_TRUST_DOMAIN_AUTH_INFO_HALF NewAuthInfo,
  426. IN PLSAPR_TRUST_DOMAIN_AUTH_INFO_HALF PreviousAuthInfo,
  427. OUT PBYTE *Buffer,
  428. OUT PULONG Len
  429. );
  431. NTSTATUS
  432. LsapDsBuildAuthInfoFromAttribute(
  433. IN LSAPR_HANDLE Handle,
  434. IN PBYTE Buffer,
  435. IN ULONG Len,
  436. OUT PLSAPR_TRUST_DOMAIN_AUTH_INFO_HALF NewAuthInfo
  437. );
  439. NTSTATUS
  440. LsapDecryptAuthDataWithSessionKey(
  441. IN PLSAP_CR_CIPHER_KEY SessionKey,
  442. IN PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL AuthInformationInternal,
  443. IN PTRUSTED_DOMAIN_AUTH_INFORMATION AuthInfo
  444. );
  446. VOID
  447. LsapDsFreeUnmarshaledAuthInfo(
  448. IN ULONG Items,
  449. IN PLSAPR_AUTH_INFORMATION AuthInfo
  450. );
  452. VOID
  453. LsapDsFreeUnmarshalAuthInfoHalf(
  454. IN PLSAPR_TRUST_DOMAIN_AUTH_INFO_HALF AuthInfo
  455. );
  457. NTSTATUS
  458. LsapDsGetSecretOnTrustedDomainObject(
  459. IN LSAP_DB_HANDLE TrustedDomainHandle,
  460. IN OPTIONAL PLSAP_CR_CIPHER_KEY SessionKey OPTIONAL,
  461. OUT PLSAP_CR_CIPHER_VALUE *CipherCurrent OPTIONAL,
  462. OUT PLSAP_CR_CIPHER_VALUE *CipherOld OPTIONAL,
  463. OUT PLARGE_INTEGER CurrentValueSetTime OPTIONAL,
  464. OUT PLARGE_INTEGER OldValueSetTime OPTIONAL
  465. );
  467. NTSTATUS
  468. LsapDsSetSecretOnTrustedDomainObject(
  469. IN LSAP_DB_HANDLE TrustedDomainHandle,
  470. IN ULONG AuthDataType,
  471. IN PLSAP_CR_CLEAR_VALUE ClearCurrent,
  472. IN PLSAP_CR_CLEAR_VALUE ClearOld,
  473. IN PLARGE_INTEGER CurrentValueSetTime
  474. );
  476. NTSTATUS
  477. LsapDsAuthDataOnTrustedDomainObject(
  478. IN LSAP_DB_HANDLE TrustedDomainHandle,
  479. IN BOOLEAN Incoming,
  480. IN ULONG AuthDataType,
  481. IN PLSAP_CR_CLEAR_VALUE ClearCurrent,
  482. IN PLSAP_CR_CLEAR_VALUE ClearOld,
  483. IN PLARGE_INTEGER CurrentValueSetTime
  484. );
  486. NTSTATUS
  487. LsapDsEnumerateTrustedDomainsAsSecrets(
  488. IN OUT PLSAP_DB_NAME_ENUMERATION_BUFFER DbEnumerationBuffer
  489. );
  491. NTSTATUS
  492. LsapDsEnumerateSecrets(
  493. IN OUT PLSAP_DB_NAME_ENUMERATION_BUFFER EnumerationBuffer
  494. );
  496. NTSTATUS
  497. LsapDbOpenObjectDs(
  498. IN PLSAP_DB_OBJECT_INFORMATION ObjectInformation,
  499. IN PDSNAME DsName,
  500. IN ACCESS_MASK DesiredAccess,
  501. IN ULONG Options,
  502. OUT PLSAPR_HANDLE ObjectHandle
  503. );
  505. NTSTATUS
  506. LsapSceNotify(
  507. IN SECURITY_DB_DELTA_TYPE DeltaType,
  508. IN SECURITY_DB_OBJECT_TYPE ObjectType,
  509. IN PSID ObjectSid OPTIONAL
  510. );
  512. NTSTATUS
  513. LsapNetNotifyDelta (
  514. IN SECURITY_DB_TYPE DbType,
  515. IN LARGE_INTEGER SerialNumber,
  516. IN SECURITY_DB_DELTA_TYPE DeltaType,
  517. IN SECURITY_DB_OBJECT_TYPE ObjectType,
  518. IN ULONG ObjectRid,
  519. IN PSID ObjectSid,
  520. IN PUNICODE_STRING ObjectName,
  521. IN DWORD ReplicateImmediately,
  522. IN PSAM_DELTA_DATA MemberId
  523. );
  525. NTSTATUS
  526. LsapDsCopyDsNameLsa(
  527. OUT PDSNAME *Dest,
  528. IN PDSNAME Source
  529. );
  531. NTSTATUS
  532. LsapDsDomainUpgradeRegistryToDs(
  533. IN BOOLEAN DeleteOldValues
  534. );
  536. NTSTATUS
  537. LsapDsSecretUpgradeRegistryToDs(
  538. IN BOOLEAN DeleteOldValues
  539. );
  541. NTSTATUS
  542. LsapDsDomainUpgradeInterdomainTrustAccountsToDs(
  543. VOID
  544. );
  546. NTSTATUS
  547. LsapDsCreateInterdomainTrustAccount(
  548. IN LSAPR_HANDLE TrustedDomainObject
  549. );
  551. NTSTATUS
  552. LsapDsDeleteInterdomainTrustAccount(
  553. IN LSAPR_HANDLE TrustedDomainObject
  554. );
  556. NTSTATUS
  557. LsapDsCreateInterdomainTrustAccountByDsName(
  558. IN PDSNAME TrustedDomainPath,
  559. IN PUNICODE_STRING FlatName
  560. );
  562. NTSTATUS
  563. LsapDsFixupTrustedDomainObjectOnRestart(
  564. VOID
  565. );
  567. VOID
  568. LsapDsContinueTransaction(
  569. VOID
  570. );
  572. NTSTATUS
  573. LsapBuildForestTrustInfoLists(
  574. IN LSAPR_HANDLE PolicyHandle,
  575. IN PLIST_ENTRY TrustList
  576. );
  578. VOID
  579. LsapDsForestFreeTrustBlobList(
  580. IN PLIST_ENTRY TrustList
  581. );
  583. NTSTATUS
  584. LsapDsTrustedDomainObjectNameForDomain(
  585. IN PUNICODE_STRING TrustedDomainName,
  586. IN BOOLEAN NameAsFlatName,
  587. OUT PDSNAME *DsObjectName
  588. );
  590. BOOLEAN
  591. LsapNullUuid(
  592. IN const UUID *pUuid
  593. );
  595. #endif