Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

581 lines
13 KiB

/*++
Copyright (c) 1996 Microsoft Corporation
Module Name:
common.h
Abstract:
This module defines the data structures and function prototypes
shared by both SCE client and SCE server
Author:
Jin Huang (jinhuang) 23-Jan-1998
Revision History:
jinhuang (splitted from scep.h)
--*/
#ifndef _scecommon_
#define _scecommon_
typedef enum _SECURITY_DB_TYPE {
SecurityDbSam = 1,
SecurityDbLsa
} SECURITY_DB_TYPE, *PSECURITY_DB_TYPE;
#define SCE_TEMPLATE_MAX_SUPPORTED_VERSION 1
#define szLegalNoticeTextKeyName L"MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\LegalNoticeText"
#include "dsrole.h"
//
// type of system access lookup table
//
#define SCESETUP_UPDATE_DB_ONLY 0x1000L
#define SCE_SYSTEM_DB 0x0100L
#define SCE_CREATE_BUILTIN_ACCOUNTS 0x0200L
#define SCE_POLBIND_NO_AUTH 0x0400L
#define SCE_NO_ANALYZE 0x0800L
#define SCE_NO_DOMAIN_POLICY 0x2000L
#define SCE_NOCOPY_DOMAIN_POLICY 0x4000L
#define SCE_COPY_LOCAL_POLICY 0x8000L
#define SCE_POLICY_TEMPLATE 0x00010000L
#define SCE_POLICY_FIRST 0x00020000L
#define SCE_POLICY_LAST 0x00040000L
#define SCE_SYSTEM_SETTINGS 0x00080000L
#define SCE_DCPROMO_WAIT 0x00100000L
#define SCE_SERVICE_NO_REALTIME_ENFORCE 0x00200000L
#define SCE_NO_CONFIG_FILEKEY 0x00400000L
#define SCE_DC_DEMOTE 0x00800000L
#define SCE_RE_ANALYZE 0x01000000L
#define SCE_RSOP_CALLBACK 0x02000000L
#define SCE_GENERATE_ROLLBACK 0x04000000L
#define SCE_FLAG_WINDOWS_DIR 1
#define SCE_FLAG_SYSTEM_DIR 2
#define SCE_FLAG_DSDIT_DIR 3
#define SCE_FLAG_DSLOG_DIR 4
#define SCE_FLAG_SYSVOL_DIR 5
#define SCE_FLAG_BOOT_DRIVE 6
#define SCE_FLAG_PROFILES_DIR 7
#define SCE_GROUP_STATUS_DONE_IN_DS 0x80000000L
#define SCEP_ADL_HTABLE_SIZE 256
#define RELATIVE_SID_PREFIX L'#'
#define RELATIVE_SID_PREFIX_SZ L"#"
#define STRING_SID_SUBAUTH_SEPARATOR L'-'
//
// Macros to extract the SID from a object ACE
//
#define ScepObjectAceObjectTypePresent( Ace ) \
((((SCEP_PKNOWN_OBJECT_ACE)(Ace))->Flags & ACE_OBJECT_TYPE_PRESENT) != 0 )
#define ScepObjectAceInheritedObjectTypePresent( Ace ) \
((((SCEP_PKNOWN_OBJECT_ACE)(Ace))->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT) != 0 )
#define ScepObjectAceSid( Ace ) \
((PSID)(((PUCHAR)&(((SCEP_PKNOWN_OBJECT_ACE)(Ace))->SidStart)) + \
(ScepObjectAceObjectTypePresent(Ace) ? sizeof(GUID) : 0 ) + \
(ScepObjectAceInheritedObjectTypePresent(Ace) ? sizeof(GUID) : 0 )))
#define ScepObjectAceObjectType( Ace ) \
((GUID *)(ScepObjectAceObjectTypePresent(Ace) ? \
&((SCEP_PKNOWN_OBJECT_ACE)(Ace))->SidStart : \
NULL ))
#define ScepObjectAceInheritedObjectType( Ace ) \
((GUID *)(ScepObjectAceInheritedObjectTypePresent(Ace) ? \
( ScepObjectAceObjectTypePresent(Ace) ? \
(PULONG)(((PUCHAR)(&((SCEP_PKNOWN_OBJECT_ACE)(Ace))->SidStart)) + sizeof(GUID)) : \
&((SCEP_PKNOWN_OBJECT_ACE)(Ace))->SidStart ) : \
NULL ))
static GENERIC_MAPPING FileGenericMapping = {
FILE_GENERIC_READ,
FILE_GENERIC_WRITE,
FILE_GENERIC_EXECUTE,
FILE_ALL_ACCESS
};
static GENERIC_MAPPING KeyGenericMapping = {
KEY_READ,
KEY_WRITE,
KEY_EXECUTE,
KEY_ALL_ACCESS
};
#define SERVICE_GENERIC_READ (STANDARD_RIGHTS_READ |\
SERVICE_QUERY_CONFIG |\
SERVICE_QUERY_STATUS |\
SERVICE_ENUMERATE_DEPENDENTS |\
SERVICE_INTERROGATE |\
SERVICE_USER_DEFINED_CONTROL)
#define SERVICE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE |\
SERVICE_START |\
SERVICE_STOP |\
SERVICE_PAUSE_CONTINUE |\
SERVICE_INTERROGATE |\
SERVICE_USER_DEFINED_CONTROL)
#define SERVICE_GENERIC_WRITE (STANDARD_RIGHTS_WRITE |\
SERVICE_CHANGE_CONFIG )
static GENERIC_MAPPING SvcGenMap = {
SERVICE_GENERIC_READ,
SERVICE_GENERIC_WRITE,
SERVICE_GENERIC_EXECUTE,
SERVICE_ALL_ACCESS
};
typedef struct _SCE_KEY_LOOKUP {
PWSTR KeyString;
UINT Offset;
CHAR BufferType;
}SCE_KEY_LOOKUP;
typedef struct _SCE_TATTOO_KEYS_ {
PWSTR KeyName;
DWORD KeyLen;
CHAR DataType;
DWORD SaveValue;
PWSTR Value;
}SCE_TATTOO_KEYS;
typedef struct _SCEP_HANDLE_ {
PVOID hProfile;
PCWSTR ServiceName;
} SCEP_HANDLE, *PSCEP_HANDLE;
//
// ACE template on which extraction macros are based on
//
typedef struct _SCEP_KNOWN_OBJECT_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
ULONG Flags;
// GUID ObjectType; // Optionally present
// GUID InheritedObjectType; // Optionally present
ULONG SidStart;
} SCEP_KNOWN_OBJECT_ACE, *SCEP_PKNOWN_OBJECT_ACE;
typedef struct _SCEP_ADL_NODE_ {
PISID pSid;
GUID *pGuidObjectType;
GUID *pGuidInheritedObjectType;
UCHAR AceType;
DWORD dwEffectiveMask;
DWORD dw_CI_IO_Mask;
DWORD dw_OI_IO_Mask;
DWORD dw_NP_CI_IO_Mask;
struct _SCEP_ADL_NODE_ *Next;
} SCEP_ADL_NODE, *PSCEP_ADL_NODE;
#define TICKS_PRIVILEGE 15
#define TICKS_GROUPS 15
#define TICKS_SYSTEM_ACCESS 3
#define TICKS_SYSTEM_AUDITING 3
#define TICKS_KERBEROS 3
#define TICKS_REGISTRY_VALUES 4
#define TICKS_GENERAL_SERVICES 10
#define TICKS_SPECIFIC_SERVICES 5
#define TICKS_SPECIFIC_POLICIES 5
#define TICKS_SECURITY_POLICY_DS ( TICKS_SYSTEM_ACCESS + \
TICKS_SYSTEM_AUDITING + \
TICKS_REGISTRY_VALUES + \
TICKS_KERBEROS )
#define TICKS_MIGRATION_SECTION 100
#define TICKS_MIGRATION_V11 50
#define SCE_OPEN_OPTION_REQUIRE_ANALYSIS 1
#define SCE_OPEN_OPTION_TATTOO 2
#define SCE_RESET_POLICY_KEEP_LOCAL 0x1
#define SCE_RESET_POLICY_ENFORCE_ATREBOOT 0x2
#define SCE_RESET_POLICY_SYSPREP 0x4
#define SCE_RESET_POLICY_TATTOO 0x8
#define ARRAYSIZE(a) (sizeof(a)/sizeof((a)[0]))
//
// strsd.c
//
DWORD
WINAPI
ConvertTextSecurityDescriptor (
IN PWSTR pwszTextSD,
OUT PSECURITY_DESCRIPTOR *ppSD,
OUT PULONG pcSDSize,
OUT PSECURITY_INFORMATION pSeInfo
);
DWORD
WINAPI
ConvertSecurityDescriptorToText (
IN PSECURITY_DESCRIPTOR pSD,
IN SECURITY_INFORMATION SecurityInfo,
OUT PWSTR *ppwszTextSD,
OUT PULONG pcTextSize
);
//
// defined in common.cpp
//
SCESTATUS
ScepDosErrorToSceStatus(
DWORD rc
);
SCESTATUS
WINAPI
SceSvcpGetInformationTemplate(
IN HINF hInf,
IN PCWSTR ServiceName,
IN PCWSTR Key OPTIONAL,
OUT PSCESVC_CONFIGURATION_INFO *ServiceInfo
);
SCESTATUS
ScepBuildErrorLogInfo(
IN DWORD rc,
OUT PSCE_ERROR_LOG_INFO *Errlog,
IN UINT nId,
// IN PCWSTR fmt,
...
);
DWORD
ScepAddToNameList(
OUT PSCE_NAME_LIST *pNameList,
IN PWSTR Name,
IN ULONG Len
);
DWORD
ScepRegQueryIntValue(
IN HKEY hKeyRoot,
IN PWSTR SubKey,
IN PWSTR ValueName,
OUT DWORD *Value
);
DWORD
ScepRegQueryBinaryValue(
IN HKEY hKeyRoot,
IN PWSTR SubKey,
IN PWSTR ValueName,
OUT PBYTE *ppValue
);
DWORD
ScepRegSetIntValue(
IN HKEY hKeyRoot,
IN PWSTR SubKey,
IN PWSTR ValueName,
IN DWORD Value
);
DWORD
ScepRegQueryValue(
IN HKEY hKeyRoot,
IN PWSTR SubKey,
IN PCWSTR ValueName,
OUT PVOID *Value,
OUT LPDWORD pRegType,
OUT LPDWORD pdwSize OPTIONAL
);
DWORD
ScepRegSetValue(
IN HKEY hKeyRoot,
IN PWSTR SubKey,
IN PWSTR ValueName,
IN DWORD RegType,
IN BYTE *Value,
IN DWORD ValueLen
);
DWORD
ScepRegDeleteValue(
IN HKEY hKeyRoot,
IN PWSTR SubKey,
IN PWSTR ValueName
);
DWORD
ScepRemoveMultiSzItems(
IN PWSTR pszData,
IN DWORD dwDataSize,
IN PWSTR pszRemoveList,
IN DWORD dwRemoveLen,
OUT PWSTR* ppszNewData,
OUT PDWORD pdwNewDataSize
);
DWORD
ScepAddMultiSzItems(
IN PWSTR pszData,
IN DWORD dwDataSize,
IN PWSTR pszAddList,
IN DWORD dwAddLen,
OUT PWSTR* ppszNewData,
OUT PDWORD pdwNewDataSize
);
SCESTATUS
ScepCreateDirectory(
IN PCWSTR ProfileLocation,
IN BOOL FileOrDir,
PSECURITY_DESCRIPTOR pSecurityDescriptor
);
DWORD
ScepSceStatusToDosError(
IN SCESTATUS SceStatus
);
SCESTATUS
ScepChangeAclRevision(
IN PSECURITY_DESCRIPTOR pSD,
IN BYTE NewRevision
);
BOOL
ScepEqualGuid(
IN GUID *Guid1,
IN GUID *Guid2
);
SCESTATUS
ScepAddToGroupMembership(
OUT PSCE_GROUP_MEMBERSHIP *pGroupMembership,
IN PWSTR Keyname,
IN DWORD KeyLen,
IN PSCE_NAME_LIST pMembers,
IN DWORD ValueType,
IN BOOL bCheckDup,
IN BOOL bReplaceList
);
DWORD
ScepAddOneServiceToList(
IN LPWSTR lpServiceName,
IN LPWSTR lpDisplayName,
IN DWORD ServiceStatus,
IN PVOID pGeneral OPTIONAL,
IN SECURITY_INFORMATION SeInfo,
IN BOOL bSecurity,
OUT PSCE_SERVICES *pServiceList
);
DWORD
ScepIsAdminLoggedOn(
OUT PBOOL bpAdminLogon,
IN BOOL bFromServer
);
DWORD
ScepGetProfileSetting(
IN PCWSTR ValueName,
IN BOOL bAdminLogon,
OUT PWSTR *Setting
);
DWORD
ScepCompareObjectSecurity(
IN SE_OBJECT_TYPE ObjectType,
IN BOOL IsContainer,
IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
IN PSECURITY_DESCRIPTOR ProfileSD,
IN SECURITY_INFORMATION ProfileSeInfo,
OUT PBYTE IsDifferent
);
SCESTATUS
ScepAddToNameStatusList(
OUT PSCE_NAME_STATUS_LIST *pNameList,
IN PWSTR Name,
IN ULONG Len,
IN DWORD Status
);
DWORD
ScepAddToObjectList(
OUT PSCE_OBJECT_LIST *pNameList,
IN PWSTR Name,
IN ULONG Len,
IN BOOL IsContainer,
IN BYTE Status,
IN DWORD Count,
IN BYTE byFlags
);
DWORD
ScepGetNTDirectory(
IN PWSTR *ppDirectory,
IN PDWORD pDirSize,
IN DWORD Flag
);
DWORD
SceAdjustPrivilege(
IN ULONG Priv,
IN BOOL Enable,
IN HANDLE TokenToAdjust
);
DWORD
ScepGetEnvStringSize(
IN LPVOID peb
);
//!!!!!!!!!!!!!!!!!!!!!!!!!!!
// routines to handle events
//!!!!!!!!!!!!!!!!!!!!!!!!!!!
BOOL
InitializeEvents (
IN LPTSTR EventSourceName
);
int
LogEvent (
IN HINSTANCE hInstance,
IN DWORD LogLevel,
IN DWORD dwEventID,
IN UINT idMsg,
...
);
int
LogEventAndReport(
IN HINSTANCE hInstance,
IN LPTSTR LogFileName,
IN DWORD LogLevel,
IN DWORD dwEventID,
IN UINT idMsg,
...
);
BOOL ShutdownEvents (void);
SCESTATUS
ScepConvertToSDDLFormat(
IN LPTSTR pszValue,
IN DWORD Len
);
DWORD
ScepWriteVariableUnicodeLog(
IN HANDLE hFile,
IN BOOL bAddCRLF,
IN LPTSTR szFormat,
...
);
DWORD
ScepWriteSingleUnicodeLog(
IN HANDLE hFile,
IN BOOL bAddCRLF,
IN LPWSTR szMsg
);
WCHAR *
ScepWcstrr(
IN PWSTR pString,
IN const WCHAR *pSubstring
);
DWORD
ScepExpandEnvironmentVariable(
IN PWSTR oldFileName,
IN PCWSTR szEnv,
IN DWORD nFlag,
OUT PWSTR *newFileName
);
DWORD
ScepEnforcePolicyPropagation();
DWORD
ScepGetTimeStampString(
IN OUT PWSTR pvBuffer
);
DWORD
ScepAppendCreateMultiSzRegValue(
IN HKEY hKeyRoot,
IN PWSTR pszSubKey,
IN PWSTR pszValueName,
IN PWSTR pszValueValue
);
DWORD
ScepEscapeString(
IN const PWSTR pszSource,
IN const DWORD dwSourceChars,
IN const WCHAR wcEscapee,
IN const WCHAR wcEscaper,
IN OUT PWSTR pszTarget
);
BOOL
ScepIsValidFileOrDir(
IN PWSTR pszFileOrDir
);
BOOL
ScepLoadString(
IN HINSTANCE hInstance,
IN int iRCId,
OUT LPWSTR *ppcwsz);
DWORD
ScepGetDomainRoleInfo(
OUT DSROLE_MACHINE_ROLE *pMachineRole OPTIONAL,
OUT PULONG pulRoleFlags OPTIONAL,
OUT PWSTR *ppwszDomainNameFlat OPTIONAL
);
void
ScepDuplicateString(
IN LPCWSTR pcwszIn,
OUT LPWSTR *ppwszOut);
DWORD
ScepCompareExplicitAcl(
IN SE_OBJECT_TYPE ObjectType,
IN BOOL IsContainer,
IN PACL pAcl1,
IN PACL pAcl2,
OUT PBOOL pDifferent
);
DWORD
ScepGetBuiltinSid(
IN ULONG ulRid,
OUT PSID *ppSid);
#endif