|
|
/*++
Copyright (c) 1996 Microsoft Corporation
Module Name:
common.h
Abstract:
This module defines the data structures and function prototypes shared by both SCE client and SCE server
Author:
Jin Huang (jinhuang) 23-Jan-1998
Revision History:
jinhuang (splitted from scep.h)--*/#ifndef _scecommon_
#define _scecommon_
typedef enum _SECURITY_DB_TYPE { SecurityDbSam = 1, SecurityDbLsa} SECURITY_DB_TYPE, *PSECURITY_DB_TYPE;
#define SCE_TEMPLATE_MAX_SUPPORTED_VERSION 1
#define szLegalNoticeTextKeyName L"MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\LegalNoticeText"
#include "dsrole.h"
//
// type of system access lookup table
//
#define SCESETUP_UPDATE_DB_ONLY 0x1000L
#define SCE_SYSTEM_DB 0x0100L
#define SCE_CREATE_BUILTIN_ACCOUNTS 0x0200L
#define SCE_POLBIND_NO_AUTH 0x0400L
#define SCE_NO_ANALYZE 0x0800L
#define SCE_NO_DOMAIN_POLICY 0x2000L
#define SCE_NOCOPY_DOMAIN_POLICY 0x4000L
#define SCE_COPY_LOCAL_POLICY 0x8000L
#define SCE_POLICY_TEMPLATE 0x00010000L
#define SCE_POLICY_FIRST 0x00020000L
#define SCE_POLICY_LAST 0x00040000L
#define SCE_SYSTEM_SETTINGS 0x00080000L
#define SCE_DCPROMO_WAIT 0x00100000L
#define SCE_SERVICE_NO_REALTIME_ENFORCE 0x00200000L
#define SCE_NO_CONFIG_FILEKEY 0x00400000L
#define SCE_DC_DEMOTE 0x00800000L
#define SCE_RE_ANALYZE 0x01000000L
#define SCE_RSOP_CALLBACK 0x02000000L
#define SCE_GENERATE_ROLLBACK 0x04000000L
#define SCE_FLAG_WINDOWS_DIR 1
#define SCE_FLAG_SYSTEM_DIR 2
#define SCE_FLAG_DSDIT_DIR 3
#define SCE_FLAG_DSLOG_DIR 4
#define SCE_FLAG_SYSVOL_DIR 5
#define SCE_FLAG_BOOT_DRIVE 6
#define SCE_FLAG_PROFILES_DIR 7
#define SCE_GROUP_STATUS_DONE_IN_DS 0x80000000L
#define SCEP_ADL_HTABLE_SIZE 256
#define RELATIVE_SID_PREFIX L'#'
#define RELATIVE_SID_PREFIX_SZ L"#"
#define STRING_SID_SUBAUTH_SEPARATOR L'-'
//
// Macros to extract the SID from a object ACE
//
#define ScepObjectAceObjectTypePresent( Ace ) \
((((SCEP_PKNOWN_OBJECT_ACE)(Ace))->Flags & ACE_OBJECT_TYPE_PRESENT) != 0 )#define ScepObjectAceInheritedObjectTypePresent( Ace ) \
((((SCEP_PKNOWN_OBJECT_ACE)(Ace))->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT) != 0 )
#define ScepObjectAceSid( Ace ) \
((PSID)(((PUCHAR)&(((SCEP_PKNOWN_OBJECT_ACE)(Ace))->SidStart)) + \ (ScepObjectAceObjectTypePresent(Ace) ? sizeof(GUID) : 0 ) + \ (ScepObjectAceInheritedObjectTypePresent(Ace) ? sizeof(GUID) : 0 )))
#define ScepObjectAceObjectType( Ace ) \
((GUID *)(ScepObjectAceObjectTypePresent(Ace) ? \ &((SCEP_PKNOWN_OBJECT_ACE)(Ace))->SidStart : \ NULL ))
#define ScepObjectAceInheritedObjectType( Ace ) \
((GUID *)(ScepObjectAceInheritedObjectTypePresent(Ace) ? \ ( ScepObjectAceObjectTypePresent(Ace) ? \ (PULONG)(((PUCHAR)(&((SCEP_PKNOWN_OBJECT_ACE)(Ace))->SidStart)) + sizeof(GUID)) : \ &((SCEP_PKNOWN_OBJECT_ACE)(Ace))->SidStart ) : \ NULL ))
static GENERIC_MAPPING FileGenericMapping = { FILE_GENERIC_READ, FILE_GENERIC_WRITE, FILE_GENERIC_EXECUTE, FILE_ALL_ACCESS };
static GENERIC_MAPPING KeyGenericMapping = { KEY_READ, KEY_WRITE, KEY_EXECUTE, KEY_ALL_ACCESS };
#define SERVICE_GENERIC_READ (STANDARD_RIGHTS_READ |\
SERVICE_QUERY_CONFIG |\ SERVICE_QUERY_STATUS |\ SERVICE_ENUMERATE_DEPENDENTS |\ SERVICE_INTERROGATE |\ SERVICE_USER_DEFINED_CONTROL)
#define SERVICE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE |\
SERVICE_START |\ SERVICE_STOP |\ SERVICE_PAUSE_CONTINUE |\ SERVICE_INTERROGATE |\ SERVICE_USER_DEFINED_CONTROL)
#define SERVICE_GENERIC_WRITE (STANDARD_RIGHTS_WRITE |\
SERVICE_CHANGE_CONFIG )
static GENERIC_MAPPING SvcGenMap = { SERVICE_GENERIC_READ, SERVICE_GENERIC_WRITE, SERVICE_GENERIC_EXECUTE, SERVICE_ALL_ACCESS };
typedef struct _SCE_KEY_LOOKUP { PWSTR KeyString; UINT Offset; CHAR BufferType;}SCE_KEY_LOOKUP;
typedef struct _SCE_TATTOO_KEYS_ { PWSTR KeyName; DWORD KeyLen; CHAR DataType; DWORD SaveValue; PWSTR Value;}SCE_TATTOO_KEYS;
typedef struct _SCEP_HANDLE_ {
PVOID hProfile; PCWSTR ServiceName;
} SCEP_HANDLE, *PSCEP_HANDLE;
//
// ACE template on which extraction macros are based on
//
typedef struct _SCEP_KNOWN_OBJECT_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG Flags; // GUID ObjectType; // Optionally present
// GUID InheritedObjectType; // Optionally present
ULONG SidStart;} SCEP_KNOWN_OBJECT_ACE, *SCEP_PKNOWN_OBJECT_ACE;
typedef struct _SCEP_ADL_NODE_ {
PISID pSid; GUID *pGuidObjectType; GUID *pGuidInheritedObjectType; UCHAR AceType; DWORD dwEffectiveMask; DWORD dw_CI_IO_Mask; DWORD dw_OI_IO_Mask; DWORD dw_NP_CI_IO_Mask; struct _SCEP_ADL_NODE_ *Next;
} SCEP_ADL_NODE, *PSCEP_ADL_NODE;
#define TICKS_PRIVILEGE 15
#define TICKS_GROUPS 15
#define TICKS_SYSTEM_ACCESS 3
#define TICKS_SYSTEM_AUDITING 3
#define TICKS_KERBEROS 3
#define TICKS_REGISTRY_VALUES 4
#define TICKS_GENERAL_SERVICES 10
#define TICKS_SPECIFIC_SERVICES 5
#define TICKS_SPECIFIC_POLICIES 5
#define TICKS_SECURITY_POLICY_DS ( TICKS_SYSTEM_ACCESS + \
TICKS_SYSTEM_AUDITING + \ TICKS_REGISTRY_VALUES + \ TICKS_KERBEROS )
#define TICKS_MIGRATION_SECTION 100
#define TICKS_MIGRATION_V11 50
#define SCE_OPEN_OPTION_REQUIRE_ANALYSIS 1
#define SCE_OPEN_OPTION_TATTOO 2
#define SCE_RESET_POLICY_KEEP_LOCAL 0x1
#define SCE_RESET_POLICY_ENFORCE_ATREBOOT 0x2
#define SCE_RESET_POLICY_SYSPREP 0x4
#define SCE_RESET_POLICY_TATTOO 0x8
#define ARRAYSIZE(a) (sizeof(a)/sizeof((a)[0]))
//
// strsd.c
//
DWORDWINAPIConvertTextSecurityDescriptor ( IN PWSTR pwszTextSD, OUT PSECURITY_DESCRIPTOR *ppSD, OUT PULONG pcSDSize, OUT PSECURITY_INFORMATION pSeInfo );
DWORDWINAPIConvertSecurityDescriptorToText ( IN PSECURITY_DESCRIPTOR pSD, IN SECURITY_INFORMATION SecurityInfo, OUT PWSTR *ppwszTextSD, OUT PULONG pcTextSize );
//
// defined in common.cpp
//
SCESTATUSScepDosErrorToSceStatus( DWORD rc );
SCESTATUSWINAPISceSvcpGetInformationTemplate( IN HINF hInf, IN PCWSTR ServiceName, IN PCWSTR Key OPTIONAL, OUT PSCESVC_CONFIGURATION_INFO *ServiceInfo );
SCESTATUSScepBuildErrorLogInfo( IN DWORD rc, OUT PSCE_ERROR_LOG_INFO *Errlog, IN UINT nId,// IN PCWSTR fmt,
... );
DWORDScepAddToNameList( OUT PSCE_NAME_LIST *pNameList, IN PWSTR Name, IN ULONG Len );
DWORDScepRegQueryIntValue( IN HKEY hKeyRoot, IN PWSTR SubKey, IN PWSTR ValueName, OUT DWORD *Value );
DWORDScepRegQueryBinaryValue( IN HKEY hKeyRoot, IN PWSTR SubKey, IN PWSTR ValueName, OUT PBYTE *ppValue );
DWORDScepRegSetIntValue( IN HKEY hKeyRoot, IN PWSTR SubKey, IN PWSTR ValueName, IN DWORD Value );
DWORDScepRegQueryValue( IN HKEY hKeyRoot, IN PWSTR SubKey, IN PCWSTR ValueName, OUT PVOID *Value, OUT LPDWORD pRegType, OUT LPDWORD pdwSize OPTIONAL );
DWORDScepRegSetValue( IN HKEY hKeyRoot, IN PWSTR SubKey, IN PWSTR ValueName, IN DWORD RegType, IN BYTE *Value, IN DWORD ValueLen );
DWORDScepRegDeleteValue( IN HKEY hKeyRoot, IN PWSTR SubKey, IN PWSTR ValueName );
DWORDScepRemoveMultiSzItems( IN PWSTR pszData, IN DWORD dwDataSize, IN PWSTR pszRemoveList, IN DWORD dwRemoveLen, OUT PWSTR* ppszNewData, OUT PDWORD pdwNewDataSize );
DWORDScepAddMultiSzItems( IN PWSTR pszData, IN DWORD dwDataSize, IN PWSTR pszAddList, IN DWORD dwAddLen, OUT PWSTR* ppszNewData, OUT PDWORD pdwNewDataSize );
SCESTATUSScepCreateDirectory( IN PCWSTR ProfileLocation, IN BOOL FileOrDir, PSECURITY_DESCRIPTOR pSecurityDescriptor );
DWORDScepSceStatusToDosError( IN SCESTATUS SceStatus );
SCESTATUSScepChangeAclRevision( IN PSECURITY_DESCRIPTOR pSD, IN BYTE NewRevision );
BOOLScepEqualGuid( IN GUID *Guid1, IN GUID *Guid2 );
SCESTATUSScepAddToGroupMembership( OUT PSCE_GROUP_MEMBERSHIP *pGroupMembership, IN PWSTR Keyname, IN DWORD KeyLen, IN PSCE_NAME_LIST pMembers, IN DWORD ValueType, IN BOOL bCheckDup, IN BOOL bReplaceList );
DWORDScepAddOneServiceToList( IN LPWSTR lpServiceName, IN LPWSTR lpDisplayName, IN DWORD ServiceStatus, IN PVOID pGeneral OPTIONAL, IN SECURITY_INFORMATION SeInfo, IN BOOL bSecurity, OUT PSCE_SERVICES *pServiceList );
DWORDScepIsAdminLoggedOn( OUT PBOOL bpAdminLogon, IN BOOL bFromServer );
DWORDScepGetProfileSetting( IN PCWSTR ValueName, IN BOOL bAdminLogon, OUT PWSTR *Setting );
DWORDScepCompareObjectSecurity( IN SE_OBJECT_TYPE ObjectType, IN BOOL IsContainer, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSECURITY_DESCRIPTOR ProfileSD, IN SECURITY_INFORMATION ProfileSeInfo, OUT PBYTE IsDifferent );
SCESTATUSScepAddToNameStatusList( OUT PSCE_NAME_STATUS_LIST *pNameList, IN PWSTR Name, IN ULONG Len, IN DWORD Status );
DWORDScepAddToObjectList( OUT PSCE_OBJECT_LIST *pNameList, IN PWSTR Name, IN ULONG Len, IN BOOL IsContainer, IN BYTE Status, IN DWORD Count, IN BYTE byFlags );
DWORDScepGetNTDirectory( IN PWSTR *ppDirectory, IN PDWORD pDirSize, IN DWORD Flag );
DWORDSceAdjustPrivilege( IN ULONG Priv, IN BOOL Enable, IN HANDLE TokenToAdjust );
DWORDScepGetEnvStringSize( IN LPVOID peb );
//!!!!!!!!!!!!!!!!!!!!!!!!!!!
// routines to handle events
//!!!!!!!!!!!!!!!!!!!!!!!!!!!
BOOLInitializeEvents ( IN LPTSTR EventSourceName );
intLogEvent ( IN HINSTANCE hInstance, IN DWORD LogLevel, IN DWORD dwEventID, IN UINT idMsg, ... );
intLogEventAndReport( IN HINSTANCE hInstance, IN LPTSTR LogFileName, IN DWORD LogLevel, IN DWORD dwEventID, IN UINT idMsg, ... );
BOOL ShutdownEvents (void);
SCESTATUSScepConvertToSDDLFormat( IN LPTSTR pszValue, IN DWORD Len );
DWORDScepWriteVariableUnicodeLog( IN HANDLE hFile, IN BOOL bAddCRLF, IN LPTSTR szFormat, ... );
DWORDScepWriteSingleUnicodeLog( IN HANDLE hFile, IN BOOL bAddCRLF, IN LPWSTR szMsg );
WCHAR *ScepWcstrr( IN PWSTR pString, IN const WCHAR *pSubstring );
DWORDScepExpandEnvironmentVariable( IN PWSTR oldFileName, IN PCWSTR szEnv, IN DWORD nFlag, OUT PWSTR *newFileName );
DWORDScepEnforcePolicyPropagation();
DWORDScepGetTimeStampString( IN OUT PWSTR pvBuffer );
DWORDScepAppendCreateMultiSzRegValue( IN HKEY hKeyRoot, IN PWSTR pszSubKey, IN PWSTR pszValueName, IN PWSTR pszValueValue );
DWORDScepEscapeString( IN const PWSTR pszSource, IN const DWORD dwSourceChars, IN const WCHAR wcEscapee, IN const WCHAR wcEscaper, IN OUT PWSTR pszTarget );
BOOLScepIsValidFileOrDir( IN PWSTR pszFileOrDir );
BOOLScepLoadString( IN HINSTANCE hInstance, IN int iRCId, OUT LPWSTR *ppcwsz);
DWORDScepGetDomainRoleInfo( OUT DSROLE_MACHINE_ROLE *pMachineRole OPTIONAL, OUT PULONG pulRoleFlags OPTIONAL, OUT PWSTR *ppwszDomainNameFlat OPTIONAL );
voidScepDuplicateString( IN LPCWSTR pcwszIn, OUT LPWSTR *ppwszOut);
DWORDScepCompareExplicitAcl( IN SE_OBJECT_TYPE ObjectType, IN BOOL IsContainer, IN PACL pAcl1, IN PACL pAcl2, OUT PBOOL pDifferent );
DWORD ScepGetBuiltinSid( IN ULONG ulRid, OUT PSID *ppSid);
#endif
|
