archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/ds/security/services/scerpc/client/precedence.h

229 lines
13 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 2000 Microsoft Corporation
  5. Module Name:
  7. precedence.h
  9. Abstract:
  11. This file contains the prototype for the main routine to calculate precedences.
  12. This is called during planning/diagnosis.
  14. Author:
  16. Vishnu Patankar (VishnuP) 7-April-2000
  18. Environment:
  20. User Mode - Win32
  22. Revision History:
  25. --*/
  27. ///////////////////////////////////////////////////////////////////////////////
  28. // //
  29. // Includes //
  30. // //
  31. ///////////////////////////////////////////////////////////////////////////////
  33. #ifndef _precedence_
  34. #define _precedence_
  36. #include "headers.h"
  37. #include "..\hashtable.h"
  38. #include "scedllrc.h"
  39. #include "logger.h"
  41. #include <userenv.h>
  43. extern DSROLE_MACHINE_ROLE gMachineRole;
  45. typedef enum _SCEP_RSOP_CLASS_TYPE_{
  46. RSOP_SecuritySettingNumeric = 0,
  47. RSOP_SecuritySettingBoolean,
  48. RSOP_SecuritySettingString,
  49. RSOP_AuditPolicy,
  50. RSOP_SecurityEventLogSettingNumeric,
  51. RSOP_SecurityEventLogSettingBoolean,
  52. RSOP_RegistryValue,
  53. RSOP_UserPrivilegeRight,
  54. RSOP_RestrictedGroup,
  55. RSOP_SystemService,
  56. RSOP_File,
  57. RSOP_RegistryKey
  58. };
  60. const static PWSTR ScepRsopSchemaClassNames [] = {
  61. L"RSOP_SecuritySettingNumeric",
  62. L"RSOP_SecuritySettingBoolean",
  63. L"RSOP_SecuritySettingString",
  64. L"RSOP_AuditPolicy",
  65. L"RSOP_SecurityEventLogSettingNumeric",
  66. L"RSOP_SecurityEventLogSettingBoolean",
  67. L"RSOP_RegistryValue",
  68. L"RSOP_UserPrivilegeRight",
  69. L"RSOP_RestrictedGroup",
  70. L"RSOP_SystemService",
  71. L"RSOP_File",
  72. L"RSOP_RegistryKey"
  73. };
  75. typedef struct _SCE_KEY_LOOKUP_PRECEDENCE {
  76. SCE_KEY_LOOKUP KeyLookup;
  77. DWORD Precedence;
  78. BOOL bSystemAccessPolicy;
  79. }SCE_KEY_LOOKUP_PRECEDENCE;
  81. #define SCEP_TYPECAST(type, bufptr, offset) (*((type *)((CHAR *)bufptr + offset)))
  82. #define NUM_KERBEROS_SUB_SETTINGS 5
  83. #define NUM_EVENTLOG_TYPES 3
  85. #define PLANNING_GPT_DIR TEXT("\\security\\templates\\policies\\planning\\")
  86. #define DIAGNOSIS_GPT_DIR TEXT("\\security\\templates\\policies\\")
  87. #define WINLOGON_LOG_PATH TEXT("\\security\\logs\\winlogon.log")
  88. #define PLANNING_LOG_PATH TEXT("\\security\\logs\\planning.log")
  89. #define DIAGNOSIS_LOG_FILE TEXT("\\security\\logs\\diagnosis.log")
  91. // matrix description
  92. // first column has keyName / settingName
  93. // second column has field offset in SCE_PROFILE_INFO - hardcoded
  94. // third column has setting types - from _SCEP_RSOP_CLASS_TYPE_
  95. // fourth column has current precedence - unused for dynamic types
  98. static SCE_KEY_LOOKUP_PRECEDENCE PrecedenceLookup[] = {
  100. //RSOP_SecuritySettingNumeric
  101. {{(PWSTR)TEXT("MinimumPasswordAge"), offsetof(struct _SCE_PROFILE_INFO, MinimumPasswordAge), RSOP_SecuritySettingNumeric}, (DWORD)0, TRUE},
  102. {{(PWSTR)TEXT("MaximumPasswordAge"), offsetof(struct _SCE_PROFILE_INFO, MaximumPasswordAge), RSOP_SecuritySettingNumeric}, (DWORD)0, TRUE},
  103. {{(PWSTR)TEXT("MinimumPasswordLength"), offsetof(struct _SCE_PROFILE_INFO, MinimumPasswordLength), RSOP_SecuritySettingNumeric}, (DWORD)0, TRUE},
  104. {{(PWSTR)TEXT("PasswordHistorySize"), offsetof(struct _SCE_PROFILE_INFO, PasswordHistorySize), RSOP_SecuritySettingNumeric}, (DWORD)0, TRUE},
  106. {{(PWSTR)TEXT("LockoutBadCount"), offsetof(struct _SCE_PROFILE_INFO, LockoutBadCount), RSOP_SecuritySettingNumeric}, (DWORD)0, TRUE},
  107. {{(PWSTR)TEXT("ResetLockoutCount"), offsetof(struct _SCE_PROFILE_INFO, ResetLockoutCount), RSOP_SecuritySettingNumeric}, (DWORD)0, TRUE},
  108. {{(PWSTR)TEXT("LockoutDuration"), offsetof(struct _SCE_PROFILE_INFO, LockoutDuration), RSOP_SecuritySettingNumeric}, (DWORD)0, TRUE},
  111. // RSOP_SecuritySettingBoolean
  112. {{(PWSTR)TEXT("ClearTextPassword"), offsetof(struct _SCE_PROFILE_INFO, ClearTextPassword), RSOP_SecuritySettingBoolean}, (DWORD)0, TRUE},
  113. {{(PWSTR)TEXT("PasswordComplexity"), offsetof(struct _SCE_PROFILE_INFO, PasswordComplexity), RSOP_SecuritySettingBoolean}, (DWORD)0, TRUE},
  114. {{(PWSTR)TEXT("RequireLogonToChangePassword"), offsetof(struct _SCE_PROFILE_INFO, RequireLogonToChangePassword), RSOP_SecuritySettingBoolean}, (DWORD)0, TRUE},
  115. {{(PWSTR)TEXT("ForceLogoffWhenHourExpire"), offsetof(struct _SCE_PROFILE_INFO, ForceLogoffWhenHourExpire), RSOP_SecuritySettingBoolean}, (DWORD)0, TRUE},
  116. {{(PWSTR)TEXT("LSAAnonymousNameLookup"), offsetof(struct _SCE_PROFILE_INFO, LSAAnonymousNameLookup), RSOP_SecuritySettingBoolean}, (DWORD)0, FALSE},
  117. {{(PWSTR)TEXT("EnableAdminAccount"), offsetof(struct _SCE_PROFILE_INFO, EnableAdminAccount), RSOP_SecuritySettingBoolean}, (DWORD)0, TRUE},
  118. {{(PWSTR)TEXT("EnableGuestAccount"), offsetof(struct _SCE_PROFILE_INFO, EnableGuestAccount), RSOP_SecuritySettingBoolean}, (DWORD)0, TRUE},
  120. //RSOP_SecuritySettingString
  121. {{(PWSTR)TEXT("NewAdministratorName"), offsetof(struct _SCE_PROFILE_INFO, NewAdministratorName), RSOP_SecuritySettingString}, (DWORD)0, TRUE},
  122. {{(PWSTR)TEXT("NewGuestName"), offsetof(struct _SCE_PROFILE_INFO, NewGuestName), RSOP_SecuritySettingString}, (DWORD)0, TRUE},
  124. // RSOP_AuditPolicy
  125. {{(PWSTR)TEXT("AuditSystemEvents"), offsetof(struct _SCE_PROFILE_INFO, AuditSystemEvents), RSOP_AuditPolicy}, (DWORD)0, FALSE},
  126. {{(PWSTR)TEXT("AuditLogonEvents"), offsetof(struct _SCE_PROFILE_INFO, AuditLogonEvents), RSOP_AuditPolicy}, (DWORD)0, FALSE},
  127. {{(PWSTR)TEXT("AuditObjectAccess"), offsetof(struct _SCE_PROFILE_INFO, AuditObjectAccess), RSOP_AuditPolicy}, (DWORD)0, FALSE},
  128. {{(PWSTR)TEXT("AuditPrivilegeUse"), offsetof(struct _SCE_PROFILE_INFO, AuditPrivilegeUse), RSOP_AuditPolicy}, (DWORD)0, FALSE},
  129. {{(PWSTR)TEXT("AuditPolicyChange"), offsetof(struct _SCE_PROFILE_INFO, AuditPolicyChange), RSOP_AuditPolicy}, (DWORD)0, FALSE},
  130. {{(PWSTR)TEXT("AuditAccountManage"), offsetof(struct _SCE_PROFILE_INFO, AuditAccountManage), RSOP_AuditPolicy}, (DWORD)0, FALSE},
  131. {{(PWSTR)TEXT("AuditProcessTracking"), offsetof(struct _SCE_PROFILE_INFO, AuditProcessTracking), RSOP_AuditPolicy}, (DWORD)0, FALSE},
  132. {{(PWSTR)TEXT("AuditDSAccess"), offsetof(struct _SCE_PROFILE_INFO, AuditDSAccess), RSOP_AuditPolicy}, (DWORD)0, FALSE},
  133. {{(PWSTR)TEXT("AuditAccountLogon"), offsetof(struct _SCE_PROFILE_INFO, AuditAccountLogon), RSOP_AuditPolicy}, (DWORD)0, FALSE},
  135. // RSOP_SecurityEventLogSettingNumeric
  136. // one each for system, application, security
  137. // following eventlog entries should be contiguous in the same order to resemble contiguous memory
  138. {{(PWSTR)TEXT("MaximumLogSize"), offsetof(struct _SCE_PROFILE_INFO, MaximumLogSize), RSOP_SecurityEventLogSettingNumeric}, (DWORD)0, FALSE},
  139. {{(PWSTR)TEXT("MaximumLogSize"), offsetof(struct _SCE_PROFILE_INFO, MaximumLogSize) + sizeof(DWORD), RSOP_SecurityEventLogSettingNumeric}, (DWORD)0, FALSE},
  140. {{(PWSTR)TEXT("MaximumLogSize"), offsetof(struct _SCE_PROFILE_INFO, MaximumLogSize) + 2*sizeof(DWORD), RSOP_SecurityEventLogSettingNumeric}, (DWORD)0, FALSE},
  141. {{(PWSTR)TEXT("AuditLogRetentionPeriod"), offsetof(struct _SCE_PROFILE_INFO, AuditLogRetentionPeriod), RSOP_SecurityEventLogSettingNumeric}, (DWORD)0, FALSE},
  142. {{(PWSTR)TEXT("AuditLogRetentionPeriod"), offsetof(struct _SCE_PROFILE_INFO, AuditLogRetentionPeriod) + sizeof(DWORD),RSOP_SecurityEventLogSettingNumeric}, (DWORD)0, FALSE},
  143. {{(PWSTR)TEXT("AuditLogRetentionPeriod"), offsetof(struct _SCE_PROFILE_INFO, AuditLogRetentionPeriod) + 2 * sizeof(DWORD),RSOP_SecurityEventLogSettingNumeric}, (DWORD)0, FALSE},
  144. {{(PWSTR)TEXT("RetentionDays"), offsetof(struct _SCE_PROFILE_INFO, RetentionDays), RSOP_SecurityEventLogSettingNumeric}, (DWORD)0, FALSE},
  145. {{(PWSTR)TEXT("RetentionDays"), offsetof(struct _SCE_PROFILE_INFO, RetentionDays) + sizeof(DWORD), RSOP_SecurityEventLogSettingNumeric}, (DWORD)0, FALSE},
  146. {{(PWSTR)TEXT("RetentionDays"), offsetof(struct _SCE_PROFILE_INFO, RetentionDays) + 2 * sizeof(DWORD), RSOP_SecurityEventLogSettingNumeric}, (DWORD)0, FALSE},
  148. // RSOP_SecurityEventLogSettingBoolean - one each for system, application, security
  149. {{(PWSTR)TEXT("RestrictGuestAccess"), offsetof(struct _SCE_PROFILE_INFO, RestrictGuestAccess), RSOP_SecurityEventLogSettingBoolean}, (DWORD)0, FALSE},
  150. {{(PWSTR)TEXT("RestrictGuestAccess"), offsetof(struct _SCE_PROFILE_INFO, RestrictGuestAccess) + sizeof(DWORD), RSOP_SecurityEventLogSettingBoolean}, (DWORD)0, FALSE},
  151. {{(PWSTR)TEXT("RestrictGuestAccess"), offsetof(struct _SCE_PROFILE_INFO, RestrictGuestAccess) + 2 * sizeof(DWORD), RSOP_SecurityEventLogSettingBoolean}, (DWORD)0, FALSE},
  153. // RSOP_RegistryValue
  154. // can compute offset of aRegValues from this
  155. {{(PWSTR)TEXT("RegValueCount"), offsetof(struct _SCE_PROFILE_INFO, RegValueCount), RSOP_RegistryValue}, (DWORD)0, FALSE},
  157. // RSOP_UserPrivilegeRight
  158. {{(PWSTR)TEXT("pInfPrivilegeAssignedTo"), offsetof(struct _SCE_PROFILE_INFO, OtherInfo) + sizeof(PSCE_NAME_LIST), RSOP_UserPrivilegeRight}, (DWORD)0, FALSE},
  160. // RSOP_RestrictedGroup
  161. {{(PWSTR)TEXT("pGroupMembership"), offsetof(struct _SCE_PROFILE_INFO, pGroupMembership), RSOP_RestrictedGroup}, (DWORD)0, FALSE},
  163. // RSOP_SystemService
  164. {{(PWSTR)TEXT("pServices"), offsetof(struct _SCE_PROFILE_INFO, pServices), RSOP_SystemService}, (DWORD)0, FALSE},
  166. // RSOP_File
  167. {{(PWSTR)TEXT("pFiles"), offsetof(struct _SCE_PROFILE_INFO, pFiles), RSOP_File}, (DWORD)0, FALSE},
  169. // RSOP_RegistryKey
  170. {{(PWSTR)TEXT("pRegistryKeys"), offsetof(struct _SCE_PROFILE_INFO, pRegistryKeys), RSOP_RegistryKey}, (DWORD)0, FALSE},
  172. // following kerberos entries should be contiguous in the same order to resemble contiguous memory
  173. {{(PWSTR)TEXT("pKerberosInfo"), offsetof(struct _SCE_PROFILE_INFO, pKerberosInfo), RSOP_SecuritySettingNumeric}, (DWORD)0, FALSE},
  175. //RSOP_SecuritySettingNumeric
  176. {{(PWSTR)TEXT("MaxTicketAge"), offsetof(struct _SCE_KERBEROS_TICKET_INFO_, MaxTicketAge), RSOP_SecuritySettingNumeric}, (DWORD)0, FALSE},
  177. {{(PWSTR)TEXT("MaxRenewAge"), offsetof(struct _SCE_KERBEROS_TICKET_INFO_, MaxRenewAge), RSOP_SecuritySettingNumeric}, (DWORD)0, FALSE},
  178. {{(PWSTR)TEXT("MaxServiceAge"), offsetof(struct _SCE_KERBEROS_TICKET_INFO_, MaxServiceAge), RSOP_SecuritySettingNumeric}, (DWORD)0, FALSE},
  179. {{(PWSTR)TEXT("MaxClockSkew"), offsetof(struct _SCE_KERBEROS_TICKET_INFO_, MaxClockSkew), RSOP_SecuritySettingNumeric}, (DWORD)0, FALSE},
  181. // RSOP_SecuritySettingBoolean
  182. {{(PWSTR)TEXT("TicketValidateClient"), offsetof(struct _SCE_KERBEROS_TICKET_INFO_, TicketValidateClient), RSOP_SecuritySettingBoolean}, (DWORD)0, FALSE},
  183. };
  188. DWORD SceLogSettingsPrecedenceGPOs(
  189. IN IWbemServices *pWbemServices,
  190. IN BOOL bPlanningMode,
  191. IN PWSTR *ppwszLogFile
  192. );
  194. DWORD
  195. ScepConvertSingleSlashToDoubleSlashPath(
  196. IN wchar_t *pSettingInfo,
  197. OUT PWSTR *ppwszDoubleSlashPath
  198. );
  200. DWORD
  201. ScepClientTranslateFileDirName(
  202. IN PWSTR oldFileName,
  203. OUT PWSTR *newFileName
  204. );
  206. VOID
  207. ScepLogEventAndReport(
  208. IN HINSTANCE hInstance,
  209. IN LPTSTR LogFileName,
  210. IN DWORD LogLevel,
  211. IN DWORD dwEventID,
  212. IN UINT idMsg,
  213. IN DWORD rc,
  214. IN PWSTR pwszMsg
  215. );
  217. BOOL
  218. ScepRsopLookupBuiltinNameTable(
  219. IN PWSTR pwszGroupName
  220. );
  222. DWORD
  223. ScepCanonicalizeGroupName(
  224. IN PWSTR pwszGroupName,
  225. OUT PWSTR *ppwszCanonicalGroupName
  226. );
  229. #endif