/*++ Copyright (c) 1996 Microsoft Corporation Module Name: scep.h Abstract: This module defines the data structures and function prototypes for the security managment utility Author: Jin Huang (jinhuang) 28-Oct-1996 Revision History: --*/ #ifndef _scep_ #define _scep_ #include "splay.h" #ifdef __cplusplus extern "C" { #endif // // system variables // #define SCE_RENAME_ADMIN 1 #define SCE_RENAME_GUEST 2 #define SCE_DISABLE_ADMIN 3 #define SCE_DISABLE_GUEST 4 #define SCE_CASE_DONT_CARE 0 #define SCE_CASE_REQUIRED 1 #define SCE_CASE_PREFERED 2 typedef struct _LOCAL_ROOT { TCHAR drive[5]; BOOL boot; BOOL aclSupport; } LOCAL_ROOT; typedef enum _SCE_ATTACHMENT_TYPE_ { SCE_ATTACHMENT_SERVICE, SCE_ATTACHMENT_POLICY } SCE_ATTACHMENT_TYPE; typedef enum _SECURITY_OPEN_TYPE { READ_ACCESS_RIGHTS = 0, WRITE_ACCESS_RIGHTS, MODIFY_ACCESS_RIGHTS, } SECURITY_OPEN_TYPE, *PSECURITY_OPEN_TYPE; // // data structures used for secmgr // typedef struct _SCE_OBJECT_TREE { PWSTR Name; PWSTR ObjectFullName; BOOL IsContainer; BYTE Status; SECURITY_INFORMATION SeInfo; PSECURITY_DESCRIPTOR pSecurityDescriptor; PSECURITY_DESCRIPTOR pApplySecurityDescriptor; PWSTR *aChildNames; DWORD dwSize_aChildNames; struct _SCE_OBJECT_CHILD_LIST *ChildList; struct _SCE_OBJECT_TREE *Parent; }SCE_OBJECT_TREE, *PSCE_OBJECT_TREE; typedef struct _SCE_OBJECT_CHILD_LIST { PSCE_OBJECT_TREE Node; struct _SCE_OBJECT_CHILD_LIST *Next; } SCE_OBJECT_CHILD_LIST, *PSCE_OBJECT_CHILD_LIST; typedef enum _SCE_SUBOBJECT_TYPE { SCE_ALL_CHILDREN, SCE_IMMEDIATE_CHILDREN } SCE_SUBOBJECT_TYPE; // // prototypes defined in misc.c // NTSTATUS ScepOpenSamDomain( IN ACCESS_MASK ServerAccess, IN ACCESS_MASK DomainAccess, OUT PSAM_HANDLE pServerHandle, OUT PSAM_HANDLE pDomainHanele, OUT PSID *DomainSid, OUT PSAM_HANDLE pBuiltinDomainHandle OPTIONAL, OUT PSID *BuiltinDomainSid OPTIONAL ); NTSTATUS ScepLookupNamesInDomain( IN SAM_HANDLE DomainHandle, IN PSCE_NAME_LIST NameList, OUT PUNICODE_STRING *Names, OUT PULONG *RIDs, OUT PSID_NAME_USE *Use, OUT PULONG CountOfName ); NTSTATUS ScepGetLsaDomainInfo( PPOLICY_ACCOUNT_DOMAIN_INFO *PolicyAccountDomainInfo, PPOLICY_PRIMARY_DOMAIN_INFO *PolicyPrimaryDomainInfo ); DWORD ScepGetTempDirectory( IN PWSTR HomeDir, OUT PWSTR TempDirectory ); VOID ScepConvertLogonHours( IN PSCE_LOGON_HOUR pLogonHours, OUT PUCHAR LogonHourBitMask ); DWORD ScepConvertToSceLogonHour( IN PUCHAR LogonHourBitMask, OUT PSCE_LOGON_HOUR *pLogonHours ); NTSTATUS ScepGetGroupsForAccount( IN SAM_HANDLE DomainHandle, IN SAM_HANDLE BuiltinDomainHandle, IN SAM_HANDLE UserHandle, IN PSID AccountSid, OUT PSCE_NAME_LIST *GroupList ); ACCESS_MASK ScepGetDesiredAccess( IN SECURITY_OPEN_TYPE OpenType, IN SECURITY_INFORMATION SecurityInfo ); #define SCE_ACCOUNT_SID 0x1 #define SCE_ACCOUNT_SID_STRING 0x2 SCESTATUS ScepGetProfileOneArea( IN PSCECONTEXT hProfile, IN SCETYPE ProfileType, IN AREA_INFORMATION Area, IN DWORD dwAccountFormat, OUT PSCE_PROFILE_INFO *ppInfoBuffer ); SCESTATUS ScepGetOneSection( IN PSCECONTEXT hProfile, IN AREA_INFORMATION Area, IN PWSTR Name, IN SCETYPE ProfileType, OUT PVOID *ppInfo ); NTSTATUS ScepGetUserAccessAddress( IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID AccountSid, OUT PACCESS_MASK *pUserAccess, OUT PACCESS_MASK *pEveryone ); BOOL ScepLastBackSlash( IN PWSTR Name ); DWORD ScepGetUsersHomeDirectory( IN UNICODE_STRING AssignedHomeDir, IN PWSTR UserProfileName, OUT PWSTR *UserHomeDir ); DWORD ScepGetUsersTempDirectory( IN PWSTR UserProfileName, OUT PWSTR *UserTempDir ); DWORD ScepGetUsersProfileName( IN UNICODE_STRING AssignedProfile, IN PSID AccountSid, IN BOOL bDefault, OUT PWSTR *UserProfilePath ); SCESTATUS ScepGetRegKeyCase( IN PWSTR ObjName, IN DWORD BufOffset, IN DWORD BufLen ); SCESTATUS ScepGetFileCase( IN PWSTR ObjName, IN DWORD BufOffset, IN DWORD BufLen ); SCESTATUS ScepGetGroupCase( IN OUT PWSTR GroupName, IN DWORD Length ); // // prototypes defined in pfget.c // SCESTATUS ScepGetUserSection( IN PSCECONTEXT hProfile, IN SCETYPE ProfileType, IN PWSTR Name, OUT PVOID *ppInfo, OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL ); SCESTATUS ScepWriteObjectSecurity( IN PSCECONTEXT hProfile, IN SCETYPE ProfileType, IN AREA_INFORMATION Area, IN PSCE_OBJECT_SECURITY ObjSecurity ); // // function defined in inftojet.c // SCESTATUS SceJetConvertInfToJet( IN PCWSTR InfFile, IN LPSTR JetDbName, IN SCEJET_CREATE_TYPE Flags, IN DWORD Options, IN AREA_INFORMATION Area ); SCESTATUS ScepDeleteInfoForAreas( IN PSCECONTEXT hProfile, IN SCETYPE tblType, IN AREA_INFORMATION Area ); // // analyze.cpp // DWORD ScepCompareAndAddObject( IN PWSTR ObjectFullName, IN SE_OBJECT_TYPE ObjectType, IN BOOL IsContainer, IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSECURITY_DESCRIPTOR ProfileSD, IN SECURITY_INFORMATION ProfileSeInfo, IN BOOL AddObject, OUT PBYTE IsDifferent OPTIONAL ); DWORD ScepGetNamedSecurityInfo( IN PWSTR ObjectFullName, IN SE_OBJECT_TYPE ObjectType, IN SECURITY_INFORMATION ProfileSeInfo, OUT PSECURITY_DESCRIPTOR *ppSecurityDescriptor ); DWORD ScepSaveDsStatusToSection( IN PWSTR ObjectName, IN BOOL IsContainer, IN BYTE Flag, IN PWSTR Value, IN DWORD ValueLen ); SCESTATUS ScepSaveMemberMembershipList( IN LSA_HANDLE LsaPolicy, IN PCWSTR szSuffix, IN PWSTR GroupName, IN DWORD GroupLen, IN PSCE_NAME_LIST pList, IN INT Status ); SCESTATUS ScepRaiseErrorString( IN PSCESECTION hSectionIn OPTIONAL, IN PWSTR KeyName, IN PCWSTR szSuffix OPTIONAL ); // DsObject.cpp SCESTATUS ScepConfigureDsSecurity( IN PSCE_OBJECT_TREE pObject ); DWORD ScepAnalyzeDsSecurity( IN PSCE_OBJECT_TREE pObject ); SCESTATUS ScepEnumerateDsObjectRoots( IN PLDAP pLdap OPTIONAL, OUT PSCE_OBJECT_LIST *pRoots ); DWORD ScepConvertJetNameToLdapCase( IN PWSTR JetName, IN BOOL bLastComponent, IN BYTE bCase, OUT PWSTR *LdapName ); SCESTATUS ScepLdapOpen( OUT PLDAP *pLdap OPTIONAL ); SCESTATUS ScepLdapClose( IN OUT PLDAP *pLdap OPTIONAL ); SCESTATUS ScepDsObjectExist( IN PWSTR ObjectName ); SCESTATUS ScepEnumerateDsOneLevel( IN PWSTR ObjectName, OUT PSCE_NAME_LIST *pNameList ); // dsgroups.cpp SCESTATUS ScepConfigDsGroups( IN PSCE_GROUP_MEMBERSHIP pGroupMembership, IN DWORD ConfigOptions ); SCESTATUS ScepAnalyzeDsGroups( IN PSCE_GROUP_MEMBERSHIP pGroupMembership ); // // editsave.cpp // BYTE ScepGetObjectAnalysisStatus( IN PSCESECTION hSection, IN PWSTR KeyName, IN BOOL bLookForParent ); // // config.cpp // #define SCE_BUILD_IGNORE_UNKNOWN 0x1 #define SCE_BUILD_ACCOUNT_SID 0x2 #define SCE_BUILD_ENUMERATE_PRIV 0x4 #define SCE_BUILD_ACCOUNT_SID_STRING 0x8 NTSTATUS ScepBuildAccountsToRemove( IN LSA_HANDLE PolicyHandle, IN DWORD PrivLowMask, IN DWORD PrivHighMask, IN DWORD dwBuildRule, IN PSCE_PRIVILEGE_VALUE_LIST pTemplateList OPTIONAL, IN DWORD Options OPTIONAL, IN OUT PSCEP_SPLAY_TREE pIgnoreAccounts OPTIONAL, OUT PSCE_PRIVILEGE_VALUE_LIST *pRemoveList ); SCESTATUS ScepEnumAttachmentSections( IN PSCECONTEXT cxtProfile, OUT PSCE_NAME_LIST *ppList ); SCESTATUS ScepConvertFreeTextAccountToSid( IN OUT LSA_HANDLE *pPolicyHandle, IN PWSTR mszAccounts, IN ULONG dwLen, OUT PWSTR *pmszNewAccounts, OUT DWORD *pNewLen ); SCESTATUS ScepConvertRelativeSidAccountToSid( IN OUT LSA_HANDLE *pPolicyHandle, IN PWSTR mszAccounts, IN ULONG dwLen, OUT PWSTR *pmszNewAccounts, OUT DWORD *pNewLen ); #ifdef __cplusplus } #endif #endif