archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/ds/security/services/scerpc/sceutil.h

320 lines
9.0 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1996 Microsoft Corporation
  5. Module Name:
  7. sceutil.h
  9. Abstract:
  11. This module defines the data structures and function prototypes
  12. shared by both SCE client and SCE server
  14. Author:
  16. Jin Huang (jinhuang) 23-Jan-1998
  18. Revision History:
  20. jinhuang (splitted from scep.h)
  21. --*/
  22. #ifndef _sceutil_
  23. #define _sceutil_
  25. #include <ntlsa.h>
  26. #include <cfgmgr32.h>
  28. #define SCEP_SAM_FILTER_POLICY_PROP_EVENT L"E_ScepSamFilterAndPolicyPropExclusion"
  30. typedef struct _SCE_USER_PRIV_LOOKUP {
  31. UINT Value;
  32. PWSTR Name;
  33. }SCE_USER_PRIV_LOOKUP;
  35. static SCE_USER_PRIV_LOOKUP SCE_Privileges[] = {
  36. {0, (PWSTR)SE_NETWORK_LOGON_NAME},
  37. // Access the computer from network
  38. {SE_TCB_PRIVILEGE, (PWSTR)SE_TCB_NAME},
  39. // Act as part of the operating System
  40. {SE_MACHINE_ACCOUNT_PRIVILEGE, (PWSTR)SE_MACHINE_ACCOUNT_NAME},
  41. // Add workstations to the domain
  42. {SE_BACKUP_PRIVILEGE, (PWSTR)SE_BACKUP_NAME},
  43. // Back up files and directories
  44. {SE_CHANGE_NOTIFY_PRIVILEGE, (PWSTR)SE_CHANGE_NOTIFY_NAME},
  45. // Bypass traverse checking
  46. {SE_SYSTEMTIME_PRIVILEGE, (PWSTR)SE_SYSTEMTIME_NAME},
  47. // Change the system time
  48. {SE_CREATE_PAGEFILE_PRIVILEGE, (PWSTR)SE_CREATE_PAGEFILE_NAME},
  49. // Create a pagefile
  50. {SE_CREATE_TOKEN_PRIVILEGE, (PWSTR)SE_CREATE_TOKEN_NAME},
  51. // Create a token object
  52. {SE_CREATE_PERMANENT_PRIVILEGE, (PWSTR)SE_CREATE_PERMANENT_NAME},
  53. // Create permanent shared objects
  54. {SE_DEBUG_PRIVILEGE, (PWSTR)SE_DEBUG_NAME},
  55. // Debug programs
  56. {SE_REMOTE_SHUTDOWN_PRIVILEGE, (PWSTR)SE_REMOTE_SHUTDOWN_NAME},
  57. // Force shutdown from a remote system
  58. {SE_AUDIT_PRIVILEGE, (PWSTR)SE_AUDIT_NAME},
  59. // Generate security audits
  60. {SE_INCREASE_QUOTA_PRIVILEGE, (PWSTR)SE_INCREASE_QUOTA_NAME},
  61. // Increase quotas
  62. {SE_INC_BASE_PRIORITY_PRIVILEGE,(PWSTR)SE_INC_BASE_PRIORITY_NAME},
  63. // Increase scheduling priority
  64. {SE_LOAD_DRIVER_PRIVILEGE, (PWSTR)SE_LOAD_DRIVER_NAME},
  65. // Load and unload device drivers
  66. {SE_LOCK_MEMORY_PRIVILEGE, (PWSTR)SE_LOCK_MEMORY_NAME},
  67. // Lock pages in memory
  68. {0, (PWSTR)SE_BATCH_LOGON_NAME},
  69. // Logon as a batch job
  70. {0, (PWSTR)SE_SERVICE_LOGON_NAME},
  71. // Logon as a service
  72. {0, (PWSTR)SE_INTERACTIVE_LOGON_NAME},
  73. // Logon locally
  74. {SE_SECURITY_PRIVILEGE, (PWSTR)SE_SECURITY_NAME},
  75. // Manage auditing and security log
  76. {SE_SYSTEM_ENVIRONMENT_PRIVILEGE, (PWSTR)SE_SYSTEM_ENVIRONMENT_NAME},
  77. // Modify firmware environment variables
  78. {SE_PROF_SINGLE_PROCESS_PRIVILEGE,(PWSTR)SE_PROF_SINGLE_PROCESS_NAME},
  79. // Profile single process
  80. {SE_SYSTEM_PROFILE_PRIVILEGE, (PWSTR)SE_SYSTEM_PROFILE_NAME},
  81. // Profile system performance
  82. {SE_ASSIGNPRIMARYTOKEN_PRIVILEGE, (PWSTR)SE_ASSIGNPRIMARYTOKEN_NAME},
  83. // Replace a process-level token
  84. {SE_RESTORE_PRIVILEGE, (PWSTR)SE_RESTORE_NAME},
  85. // Restore files and directories
  86. {SE_SHUTDOWN_PRIVILEGE, (PWSTR)SE_SHUTDOWN_NAME},
  87. // Shut down the system
  88. {SE_TAKE_OWNERSHIP_PRIVILEGE, (PWSTR)SE_TAKE_OWNERSHIP_NAME},
  89. // Take ownership of files or other objects
  90. // {SE_UNSOLICITED_INPUT_PRIVILEGE,(PWSTR)SE_UNSOLICITED_INPUT_NAME},
  91. // Unsolicited Input is obsolete and unused
  92. {0, (PWSTR)SE_DENY_NETWORK_LOGON_NAME},
  93. // Deny access the computer from network
  94. {0, (PWSTR)SE_DENY_BATCH_LOGON_NAME},
  95. // Deny Logon as a batch job
  96. {0, (PWSTR)SE_DENY_SERVICE_LOGON_NAME},
  97. // Deny Logon as a service
  98. {0, (PWSTR)SE_DENY_INTERACTIVE_LOGON_NAME},
  99. // Deny logon locally
  100. {SE_UNDOCK_PRIVILEGE, (PWSTR)SE_UNDOCK_NAME},
  101. // Undock privilege
  102. {SE_SYNC_AGENT_PRIVILEGE, (PWSTR)SE_SYNC_AGENT_NAME},
  103. // Sync agent privilege
  104. {SE_ENABLE_DELEGATION_PRIVILEGE,(PWSTR)SE_ENABLE_DELEGATION_NAME},
  105. // enable delegation privilege
  106. {SE_MANAGE_VOLUME_PRIVILEGE, (PWSTR)SE_MANAGE_VOLUME_NAME},
  107. // (NTFS) Manage volume privilege
  108. {0, (PWSTR)SE_REMOTE_INTERACTIVE_LOGON_NAME},
  109. // (TS) logon locally from a TS session
  110. {0, (PWSTR)SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME},
  111. // (TS) deny logon locally from a TS session
  112. {SE_IMPERSONATE_PRIVILEGE, (PWSTR)SE_IMPERSONATE_NAME},
  113. // Allow impersonation after authentication
  114. {SE_CREATE_GLOBAL_PRIVILEGE,(PWSTR)SE_CREATE_GLOBAL_NAME}
  115. // Create objects in session 0 (global)
  117. };
  119. typedef struct _SCE_TEMP_NODE_ {
  120. PWSTR Name;
  121. DWORD Len;
  122. BOOL bFree;
  123. } SCE_TEMP_NODE, *PSCE_TEMP_NODE;
  125. //
  126. // Bit masks encoding rsop area information
  127. //
  128. #define SCE_RSOP_PASSWORD_INFO (0x1)
  129. #define SCE_RSOP_LOCKOUT_INFO (0x1 << 1)
  130. #define SCE_RSOP_LOGOFF_INFO (0x1 << 2)
  131. #define SCE_RSOP_ADMIN_INFO (0x1 << 3)
  132. #define SCE_RSOP_GUEST_INFO (0x1 << 4)
  133. #define SCE_RSOP_GROUP_INFO (0x1 << 5)
  134. #define SCE_RSOP_PRIVILEGE_INFO (0x1 << 6)
  135. #define SCE_RSOP_FILE_SECURITY_INFO (0x1 << 7)
  136. #define SCE_RSOP_REGISTRY_SECURITY_INFO (0x1 << 8)
  137. #define SCE_RSOP_AUDIT_LOG_MAXSIZE_INFO (0x1 << 9)
  138. #define SCE_RSOP_AUDIT_LOG_RETENTION_INFO (0x1 << 10)
  139. #define SCE_RSOP_AUDIT_LOG_GUEST_INFO (0x1 << 11)
  140. #define SCE_RSOP_AUDIT_EVENT_INFO (0x1 << 12)
  141. #define SCE_RSOP_KERBEROS_INFO (0x1 << 13)
  142. #define SCE_RSOP_REGISTRY_VALUE_INFO (0x1 << 14)
  143. #define SCE_RSOP_SERVICES_INFO (0x1 << 15)
  144. #define SCE_RSOP_FILE_SECURITY_INFO_CHILD (0x1 << 16)
  145. #define SCE_RSOP_REGISTRY_SECURITY_INFO_CHILD (0x1 << 17)
  146. #define SCE_RSOP_LSA_POLICY_INFO (0x1 << 18)
  147. #define SCE_RSOP_DISABLE_ADMIN_INFO (0x1 << 19)
  148. #define SCE_RSOP_DISABLE_GUEST_INFO (0x1 << 20)
  150. BOOL
  151. ScepLookupWellKnownName(
  152. IN PWSTR Name,
  153. IN OPTIONAL LSA_HANDLE LsaPolicy,
  154. OPTIONAL OUT PWSTR *ppwszSid);
  156. INT
  157. ScepLookupPrivByName(
  158. IN PCWSTR Right
  159. );
  161. INT
  162. ScepLookupPrivByValue(
  163. IN DWORD Priv
  164. );
  166. SCESTATUS
  167. ScepGetProductType(
  168. OUT PSCE_SERVER_TYPE srvProduct
  169. );
  171. SCESTATUS
  172. ScepConvertMultiSzToDelim(
  173. IN PWSTR pValue,
  174. IN DWORD Len,
  175. IN WCHAR DelimFrom,
  176. IN WCHAR Delim
  177. );
  179. DWORD
  180. ScepAddTwoNamesToNameList(
  181. OUT PSCE_NAME_LIST *pNameList,
  182. IN BOOL bAddSeparator,
  183. IN PWSTR Name1,
  184. IN ULONG Length1,
  185. IN PWSTR Name2,
  186. IN ULONG Length2
  187. );
  189. NTSTATUS
  190. ScepDomainIdToSid(
  191. IN PSID DomainId,
  192. IN ULONG RelativeId,
  193. OUT PSID *Sid
  194. );
  196. DWORD
  197. ScepConvertSidToPrefixStringSid(
  198. IN PSID pSid,
  199. OUT PWSTR *StringSid
  200. );
  202. NTSTATUS
  203. ScepConvertSidToName(
  204. IN LSA_HANDLE LsaPolicy,
  205. IN PSID AccountSid,
  206. IN BOOL bFromDomain,
  207. OUT PWSTR *AccountName,
  208. OUT DWORD *Length OPTIONAL
  209. );
  211. NTSTATUS
  212. ScepConvertNameToSid(
  213. IN LSA_HANDLE LsaPolicy,
  214. IN PWSTR AccountName,
  215. OUT PSID *AccountSid
  216. );
  218. SCESTATUS
  219. ScepConvertNameToSidString(
  220. IN LSA_HANDLE LsaHandle,
  221. IN PWSTR Name,
  222. IN BOOL bAccountDomainOnly,
  223. OUT PWSTR *SidString,
  224. OUT DWORD *SidStrLen
  225. );
  227. SCESTATUS
  228. ScepLookupSidStringAndAddToNameList(
  229. IN LSA_HANDLE LsaHandle,
  230. IN OUT PSCE_NAME_LIST *pNameList,
  231. IN PWSTR LookupString,
  232. IN ULONG Len
  233. );
  235. SCESTATUS
  236. ScepLookupNameAndAddToSidStringList(
  237. IN LSA_HANDLE LsaHandle,
  238. IN OUT PSCE_NAME_LIST *pNameList,
  239. IN PWSTR LookupString,
  240. IN ULONG Len
  241. );
  243. NTSTATUS
  244. ScepOpenLsaPolicy(
  245. IN ACCESS_MASK access,
  246. OUT PLSA_HANDLE pPolicyHandle,
  247. IN BOOL bDoNotNotify
  248. );
  250. BOOL
  251. ScepIsSidFromAccountDomain(
  252. IN PSID pSid
  253. );
  255. BOOL
  256. SetupINFAsUCS2(
  257. IN LPCTSTR szName
  258. );
  260. WCHAR *
  261. ScepStripPrefix(
  262. IN LPTSTR pwszPath
  263. );
  265. DWORD
  266. ScepGenerateGuid(
  267. OUT PWSTR *ppwszGuid
  268. );
  270. SCESTATUS
  271. SceInfpGetPrivileges(
  272. IN HINF hInf,
  273. IN BOOL bLookupAccount,
  274. OUT PSCE_PRIVILEGE_ASSIGNMENT *pPrivileges,
  275. OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
  276. );
  278. DWORD
  279. ScepQueryAndAddService(
  280. IN SC_HANDLE hScManager,
  281. IN LPWSTR lpServiceName,
  282. IN LPWSTR lpDisplayName,
  283. OUT PSCE_SERVICES *pServiceList
  284. );
  286. NTSTATUS
  287. ScepIsSystemContext(
  288. IN HANDLE hUserToken,
  289. OUT BOOL *pbSystem
  290. );
  292. BOOL
  293. IsNT5();
  295. DWORD
  296. ScepVerifyTemplateName(
  297. IN PWSTR InfTemplateName,
  298. OUT PSCE_ERROR_LOG_INFO *pErrlog OPTIONAL
  299. );
  302. NTSTATUS
  303. ScepLsaLookupNames2(
  304. IN LSA_HANDLE PolicyHandle,
  305. IN ULONG Flags,
  306. IN PWSTR pszAccountName,
  307. OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,
  308. OUT PLSA_TRANSLATED_SID2 *Sids
  309. );
  311. NTSTATUS ScepIsMigratedAccount(
  312. IN LSA_HANDLE LsaHandle,
  313. IN PLSA_UNICODE_STRING pName,
  314. IN PLSA_UNICODE_STRING pDomain,
  315. IN PSID pSid,
  316. OUT bool *pbMigratedAccount
  317. );
  320. #endif