Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

357 lines
12 KiB

  1. /*++
  2. Copyright (c) 1997-1998 Microsoft Corporation
  3. Module Name:
  4. sddl.w
  5. Abstract:
  6. This module defines the support and conversions routines necessary for SDDL.
  7. Revision History:
  8. --*/
  9. #ifndef __SDDL_H__
  10. #define __SDDL_H__
  11. #ifdef __cplusplus
  12. extern "C" {
  13. #endif
  14. //
  15. // SDDL Version information
  16. //
  17. #define SDDL_REVISION_1 1
  18. #define SDDL_REVISION SDDL_REVISION_1
  19. //
  20. // SDDL Component tags
  21. //
  22. #define SDDL_OWNER TEXT("O") // Owner tag
  23. #define SDDL_GROUP TEXT("G") // Group tag
  24. #define SDDL_DACL TEXT("D") // DACL tag
  25. #define SDDL_SACL TEXT("S") // SACL tag
  26. //
  27. // SDDL Security descriptor controls
  28. //
  29. #define SDDL_PROTECTED TEXT("P") // DACL or SACL Protected
  30. #define SDDL_AUTO_INHERIT_REQ TEXT("AR") // Auto inherit request
  31. #define SDDL_AUTO_INHERITED TEXT("AI") // DACL/SACL are auto inherited
  32. //
  33. // SDDL Ace types
  34. //
  35. #define SDDL_ACCESS_ALLOWED TEXT("A") // Access allowed
  36. #define SDDL_ACCESS_DENIED TEXT("D") // Access denied
  37. #define SDDL_OBJECT_ACCESS_ALLOWED TEXT("OA") // Object access allowed
  38. #define SDDL_OBJECT_ACCESS_DENIED TEXT("OD") // Object access denied
  39. #define SDDL_AUDIT TEXT("AU") // Audit
  40. #define SDDL_ALARM TEXT("AL") // Alarm
  41. #define SDDL_OBJECT_AUDIT TEXT("OU") // Object audit
  42. #define SDDL_OBJECT_ALARM TEXT("OL") // Object alarm
  43. //
  44. // SDDL Ace flags
  45. //
  46. #define SDDL_CONTAINER_INHERIT TEXT("CI") // Container inherit
  47. #define SDDL_OBJECT_INHERIT TEXT("OI") // Object inherit
  48. #define SDDL_NO_PROPAGATE TEXT("NP") // Inherit no propagate
  49. #define SDDL_INHERIT_ONLY TEXT("IO") // Inherit only
  50. #define SDDL_INHERITED TEXT("ID") // Inherited
  51. #define SDDL_AUDIT_SUCCESS TEXT("SA") // Audit success
  52. #define SDDL_AUDIT_FAILURE TEXT("FA") // Audit failure
  53. //
  54. // SDDL Rights
  55. //
  56. #define SDDL_READ_PROPERTY TEXT("RP")
  57. #define SDDL_WRITE_PROPERTY TEXT("WP")
  58. #define SDDL_CREATE_CHILD TEXT("CC")
  59. #define SDDL_DELETE_CHILD TEXT("DC")
  60. #define SDDL_LIST_CHILDREN TEXT("LC")
  61. #define SDDL_SELF_WRITE TEXT("SW")
  62. #define SDDL_LIST_OBJECT TEXT("LO")
  63. #define SDDL_DELETE_TREE TEXT("DT")
  64. #define SDDL_CONTROL_ACCESS TEXT("CR")
  65. #define SDDL_READ_CONTROL TEXT("RC")
  66. #define SDDL_WRITE_DAC TEXT("WD")
  67. #define SDDL_WRITE_OWNER TEXT("WO")
  68. #define SDDL_STANDARD_DELETE TEXT("SD")
  69. #define SDDL_GENERIC_ALL TEXT("GA")
  70. #define SDDL_GENERIC_READ TEXT("GR")
  71. #define SDDL_GENERIC_WRITE TEXT("GW")
  72. #define SDDL_GENERIC_EXECUTE TEXT("GX")
  73. #define SDDL_FILE_ALL TEXT("FA")
  74. #define SDDL_FILE_READ TEXT("FR")
  75. #define SDDL_FILE_WRITE TEXT("FW")
  76. #define SDDL_FILE_EXECUTE TEXT("FX")
  77. #define SDDL_KEY_ALL TEXT("KA")
  78. #define SDDL_KEY_READ TEXT("KR")
  79. #define SDDL_KEY_WRITE TEXT("KW")
  80. #define SDDL_KEY_EXECUTE TEXT("KX")
  81. //
  82. // SDDL User alias max size
  83. // - currently, upto two supported eg. "DA"
  84. // - modify this if more WCHARs need to be there in future e.g. "DAX"
  85. //
  86. #define SDDL_ALIAS_SIZE 2
  87. //
  88. // SDDL User aliases
  89. //
  90. #define SDDL_DOMAIN_ADMINISTRATORS TEXT("DA") // Domain admins
  91. #define SDDL_DOMAIN_GUESTS TEXT("DG") // Domain guests
  92. #define SDDL_DOMAIN_USERS TEXT("DU") // Domain users
  93. #define SDDL_ENTERPRISE_DOMAIN_CONTROLLERS TEXT("ED") // Enterprise domain controllers
  94. #define SDDL_DOMAIN_DOMAIN_CONTROLLERS TEXT("DD") // Domain domain controllers
  95. #define SDDL_DOMAIN_COMPUTERS TEXT("DC") // Domain computers
  96. #define SDDL_BUILTIN_ADMINISTRATORS TEXT("BA") // Builtin (local ) administrators
  97. #define SDDL_BUILTIN_GUESTS TEXT("BG") // Builtin (local ) guests
  98. #define SDDL_BUILTIN_USERS TEXT("BU") // Builtin (local ) users
  99. #define SDDL_LOCAL_ADMIN TEXT("LA") // Local administrator account
  100. #define SDDL_LOCAL_GUEST TEXT("LG") // Local group account
  101. #define SDDL_ACCOUNT_OPERATORS TEXT("AO") // Account operators
  102. #define SDDL_BACKUP_OPERATORS TEXT("BO") // Backup operators
  103. #define SDDL_PRINTER_OPERATORS TEXT("PO") // Printer operators
  104. #define SDDL_SERVER_OPERATORS TEXT("SO") // Server operators
  105. #define SDDL_AUTHENTICATED_USERS TEXT("AU") // Authenticated users
  106. #define SDDL_PERSONAL_SELF TEXT("PS") // Personal self
  107. #define SDDL_CREATOR_OWNER TEXT("CO") // Creator owner
  108. #define SDDL_CREATOR_GROUP TEXT("CG") // Creator group
  109. #define SDDL_LOCAL_SYSTEM TEXT("SY") // Local system
  110. #define SDDL_POWER_USERS TEXT("PU") // Power users
  111. #define SDDL_EVERYONE TEXT("WD") // Everyone ( World )
  112. #define SDDL_REPLICATOR TEXT("RE") // Replicator
  113. #define SDDL_INTERACTIVE TEXT("IU") // Interactive logon user
  114. #define SDDL_NETWORK TEXT("NU") // Nework logon user
  115. #define SDDL_SERVICE TEXT("SU") // Service logon user
  116. #define SDDL_RESTRICTED_CODE TEXT("RC") // Restricted code
  117. #define SDDL_ANONYMOUS TEXT("AN") // Anonymous Logon
  118. #define SDDL_SCHEMA_ADMINISTRATORS TEXT("SA") // Schema Administrators
  119. #define SDDL_CERT_SERV_ADMINISTRATORS TEXT("CA") // Certificate Server Administrators
  120. #define SDDL_RAS_SERVERS TEXT("RS") // RAS servers group
  121. #define SDDL_ENTERPRISE_ADMINS TEXT("EA") // Enterprise administrators
  122. #define SDDL_GROUP_POLICY_ADMINS TEXT("PA") // Group Policy administrators
  123. #define SDDL_ALIAS_PREW2KCOMPACC TEXT("RU") // alias to allow previous windows 2000
  124. #define SDDL_LOCAL_SERVICE TEXT("LS") // Local service account (for services)
  125. #define SDDL_NETWORK_SERVICE TEXT("NS") // Network service account (for services)
  126. #define SDDL_REMOTE_DESKTOP TEXT("RD") // Remote desktop users (for terminal server)
  127. #define SDDL_NETWORK_CONFIGURATION_OPS TEXT("NO") // Network configuration operators ( to manage configuration of networking features)
  128. #define SDDL_PERFMON_USERS TEXT("MU") // Performance Monitor Users
  129. #define SDDL_PERFLOG_USERS TEXT("LU") // Performance Log Users
  130. //
  131. // SDDL Seperators - character version
  132. //
  133. #define SDDL_SEPERATORC TEXT(';')
  134. #define SDDL_DELIMINATORC TEXT(':')
  135. #define SDDL_ACE_BEGINC TEXT('(')
  136. #define SDDL_ACE_ENDC TEXT(')')
  137. //
  138. // SDDL Seperators - string version
  139. //
  140. #define SDDL_SEPERATOR TEXT(";")
  141. #define SDDL_DELIMINATOR TEXT(":")
  142. #define SDDL_ACE_BEGIN TEXT("(")
  143. #define SDDL_ACE_END TEXT(")")
  144. #if !defined(_NTDDK_)
  145. #if(_WIN32_WINNT >= 0x0500)
  146. WINADVAPI
  147. BOOL
  148. WINAPI
  149. ConvertSidToStringSid%(
  150. IN PSID Sid,
  151. OUT LPTSTR% *StringSid
  152. );
  153. WINADVAPI
  154. BOOL
  155. WINAPI
  156. ConvertStringSidToSid%(
  157. IN LPCTSTR% StringSid,
  158. OUT PSID *Sid
  159. );
  160. WINADVAPI
  161. BOOL
  162. WINAPI
  163. ConvertStringSecurityDescriptorToSecurityDescriptor%(
  164. IN LPCTSTR% StringSecurityDescriptor,
  165. IN DWORD StringSDRevision,
  166. OUT PSECURITY_DESCRIPTOR *SecurityDescriptor,
  167. OUT PULONG SecurityDescriptorSize OPTIONAL
  168. );
  169. WINADVAPI
  170. BOOL
  171. WINAPI
  172. ConvertSecurityDescriptorToStringSecurityDescriptor%(
  173. IN PSECURITY_DESCRIPTOR SecurityDescriptor,
  174. IN DWORD RequestedStringSDRevision,
  175. IN SECURITY_INFORMATION SecurityInformation,
  176. OUT LPTSTR% *StringSecurityDescriptor OPTIONAL,
  177. OUT PULONG StringSecurityDescriptorLen OPTIONAL
  178. );
  179. #endif /* _WIN32_WINNT >= 0x0500 */
  180. #endif /* !defined(_NTDDK_) */
  181. ;begin_internal
  182. /*++
  183. Copyright (c) 1997-1998 Microsoft Corporation
  184. Module Name:
  185. sddlp.h
  186. Abstract:
  187. This module defines private headers for SDDL conversions routines
  188. Revision History:
  189. --*/
  190. #include <sddl.h>
  191. #ifndef __SDDLP_H__
  192. #define __SDDLP_H__
  193. #ifdef __cplusplus
  194. extern "C" {
  195. #endif
  196. #if(_WIN32_WINNT >= 0x0500)
  197. WINADVAPI
  198. BOOL
  199. WINAPI
  200. ConvertStringSDToSDRootDomainA(
  201. IN PSID RootDomainSid OPTIONAL,
  202. IN LPCSTR StringSecurityDescriptor,
  203. IN DWORD StringSDRevision,
  204. OUT PSECURITY_DESCRIPTOR *SecurityDescriptor,
  205. OUT PULONG SecurityDescriptorSize OPTIONAL
  206. );
  207. WINADVAPI
  208. BOOL
  209. WINAPI
  210. ConvertStringSDToSDRootDomainW(
  211. IN PSID RootDomainSid OPTIONAL,
  212. IN LPCWSTR StringSecurityDescriptor,
  213. IN DWORD StringSDRevision,
  214. OUT PSECURITY_DESCRIPTOR *SecurityDescriptor,
  215. OUT PULONG SecurityDescriptorSize OPTIONAL
  216. );
  217. #ifdef UNICODE
  218. #define ConvertStringSDToSDRootDomain ConvertStringSDToSDRootDomainW
  219. #else
  220. #define ConvertStringSDToSDRootDomain ConvertStringSDToSDRootDomainA
  221. #endif // !UNICODE
  222. WINADVAPI
  223. BOOL
  224. WINAPI
  225. ConvertSDToStringSDRootDomainA(
  226. IN PSID RootDomainSid OPTIONAL,
  227. IN PSECURITY_DESCRIPTOR SecurityDescriptor,
  228. IN DWORD RequestedStringSDRevision,
  229. IN SECURITY_INFORMATION SecurityInformation,
  230. OUT LPSTR *StringSecurityDescriptor OPTIONAL,
  231. OUT PULONG StringSecurityDescriptorLen OPTIONAL
  232. );
  233. WINADVAPI
  234. BOOL
  235. WINAPI
  236. ConvertSDToStringSDRootDomainW(
  237. IN PSID RootDomainSid OPTIONAL,
  238. IN PSECURITY_DESCRIPTOR SecurityDescriptor,
  239. IN DWORD RequestedStringSDRevision,
  240. IN SECURITY_INFORMATION SecurityInformation,
  241. OUT LPWSTR *StringSecurityDescriptor OPTIONAL,
  242. OUT PULONG StringSecurityDescriptorLen OPTIONAL
  243. );
  244. #ifdef UNICODE
  245. #define ConvertSDToStringSDRootDomain ConvertSDToStringSDRootDomainW
  246. #else
  247. #define ConvertSDToStringSDRootDomain ConvertSDToStringSDRootDomainA
  248. #endif // !UNICODE
  249. WINADVAPI
  250. BOOL
  251. WINAPI
  252. ConvertStringSDToSDDomainA(
  253. IN PSID DomainSid,
  254. IN PSID RootDomainSid OPTIONAL,
  255. IN LPCSTR StringSecurityDescriptor,
  256. IN DWORD StringSDRevision,
  257. OUT PSECURITY_DESCRIPTOR *SecurityDescriptor,
  258. OUT PULONG SecurityDescriptorSize OPTIONAL
  259. );
  260. WINADVAPI
  261. BOOL
  262. WINAPI
  263. ConvertStringSDToSDDomainW(
  264. IN PSID DomainSid,
  265. IN PSID RootDomainSid OPTIONAL,
  266. IN LPCWSTR StringSecurityDescriptor,
  267. IN DWORD StringSDRevision,
  268. OUT PSECURITY_DESCRIPTOR *SecurityDescriptor,
  269. OUT PULONG SecurityDescriptorSize OPTIONAL
  270. );
  271. NTSTATUS
  272. SddlpAnsiStringToUnicodeString(
  273. OUT PUNICODE_STRING DestinationString,
  274. IN PANSI_STRING SourceString
  275. );
  276. #ifdef UNICODE
  277. #define ConvertStringSDToSDDomain ConvertStringSDToSDDomainW
  278. #else
  279. #define ConvertStringSDToSDDomain ConvertStringSDToSDDomainA
  280. #endif // !UNICODE
  281. #endif /* _WIN32_WINNT >= 0x0500 */
  282. ;end_internal
  283. ;begin_both
  284. #ifdef __cplusplus
  285. }
  286. #endif
  287. ;end_both
  288. ;begin_internal
  289. #endif // endif __SDDLP_H__
  290. ;end_internal
  291. #endif // endif __SDDL_H__