Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1114 lines
29 KiB

/*++
Copyright (c) 1996 Microsoft Corporation
Module Name:
secedit.h
Abstract:
This module defines the exported data structures and function prototypes
for the security managment utility
Author:
Jin Huang (jinhuang) 28-Oct-1996
Revision History:
--*/
#ifndef _secedit_
#define _secedit_
#ifdef __cplusplus
extern "C"{
#endif
//
// definition for areas
//
#ifndef SCE_AREA_DEFINED
#define SCE_AREA_DEFINED
typedef DWORD AREA_INFORMATION;
#define AREA_SECURITY_POLICY 0x0001L
#define AREA_USER_SETTINGS 0x0002L
#define AREA_GROUP_MEMBERSHIP 0x0004L
#define AREA_PRIVILEGES 0x0008L
#define AREA_DS_OBJECTS 0x0010L
#define AREA_REGISTRY_SECURITY 0x0020L
#define AREA_FILE_SECURITY 0x0040L
#define AREA_SYSTEM_SERVICE 0x0080L
#define AREA_ATTACHMENTS 0x8000L
#define AREA_ALL 0xFFFFL
#endif
//
// Other constants
//
#define AREA_PASSWORD_POLICY 0x0100L
#define AREA_LOCKOUT_POLICY 0x0200L
#define AREA_KERBEROS_POLICY 0x0400L
#define AREA_ACCOUNT_POLICY (AREA_PASSWORD_POLICY | \
AREA_LOCKOUT_POLICY | \
AREA_KERBEROS_POLICY)
#define AREA_AUDIT_POLICY 0x0800L
#define AREA_SECURITY_OPTIONS 0x1000L
#define AREA_LOCAL_POLICY (AREA_AUDIT_POLICY |\
AREA_PRIVILEGES |\
AREA_SECURITY_OPTIONS)
#define AREA_LOG_POLICY 0x2000L
#define SCE_STATUS_CHECK 0
#define SCE_STATUS_IGNORE 1
#define SCE_STATUS_OVERWRITE 2
#define SCE_STATUS_NO_AUTO_INHERIT 4
#define SCE_STATUS_IN 0
#define SCE_STATUS_NOT_IN 1
#define SCE_STATUS_NO_ACL_SUPPORT 3
#define SCE_STATUS_GOOD 0
#define SCE_STATUS_MISMATCH 1
#define SCE_STATUS_CHILDREN_CONFIGURED 2
#define SCE_STATUS_NOT_CONFIGURED 4
#define SCE_STATUS_ERROR_NOT_AVAILABLE 5
#define SCE_STATUS_NEW_SERVICE 6
#define SCE_STATUS_NOT_ANALYZED 7
#define SCE_STATUS_PERMISSION_MISMATCH 0x40
#define SCE_STATUS_AUDIT_MISMATCH 0x80
#define SCE_SETUP_32KEY 0x2000L
#ifndef _WIN64
#define SCE_SETUP_64KEY 0x4000L
#endif // _WIN64
typedef enum _SCE_TYPE {
SCE_ENGINE_SYSTEM=300,
SCE_ENGINE_GPO,
SCE_ENGINE_SCP, // effective table
SCE_ENGINE_SAP, // analysis table
SCE_ENGINE_SCP_INTERNAL,
SCE_ENGINE_SMP_INTERNAL,
SCE_ENGINE_SMP, // local table
SCE_STRUCT_INF,
SCE_STRUCT_PROFILE,
SCE_STRUCT_USER,
SCE_STRUCT_NAME_LIST,
SCE_STRUCT_NAME_STATUS_LIST,
SCE_STRUCT_PRIVILEGE,
SCE_STRUCT_GROUP,
SCE_STRUCT_OBJECT_LIST,
SCE_STRUCT_OBJECT_CHILDREN,
SCE_STRUCT_OBJECT_SECURITY,
SCE_STRUCT_OBJECT_ARRAY,
SCE_STRUCT_ERROR_LOG_INFO,
SCE_STRUCT_SERVICES,
SCE_STRUCT_PRIVILEGE_VALUE_LIST,
SCE_ENGINE_RBK
} SCETYPE;
typedef enum _SCE_FORMAT_TYPE_ {
SCE_INF_FORMAT=1,
SCE_JET_FORMAT,
SCE_JET_ANALYSIS_REQUIRED
} SCE_FORMAT_TYPE, *PSCE_FORMAT_TYPE;
static const WCHAR szMembers[] = L"__Members";
static const WCHAR szMemberof[] = L"__Memberof";
static const WCHAR szPrivileges[] = L"__Privileges";
#define SCE_BUF_LEN 1024
#define SCE_FOREVER_VALUE (DWORD)-1
#define SCE_NO_VALUE (DWORD)-2
#define SCE_KERBEROS_OFF_VALUE (DWORD)-3
#define SCE_DELETE_VALUE (DWORD)-4
#define SCE_SNAPSHOT_VALUE (DWORD)-5
#define SCE_NOT_ANALYZED_VALUE (DWORD)-6
#define SCE_ERROR_VALUE (DWORD)-7
#ifndef _SCE_SHARED_HEADER
#define _SCE_SHARED_HEADER
typedef DWORD SCESTATUS;
#define SCESTATUS_SUCCESS 0L
#define SCESTATUS_INVALID_PARAMETER 1L
#define SCESTATUS_RECORD_NOT_FOUND 2L
#define SCESTATUS_INVALID_DATA 3L
#define SCESTATUS_OBJECT_EXIST 4L
#define SCESTATUS_BUFFER_TOO_SMALL 5L
#define SCESTATUS_PROFILE_NOT_FOUND 6L
#define SCESTATUS_BAD_FORMAT 7L
#define SCESTATUS_NOT_ENOUGH_RESOURCE 8L
#define SCESTATUS_ACCESS_DENIED 9L
#define SCESTATUS_CANT_DELETE 10L
#define SCESTATUS_PREFIX_OVERFLOW 11L
#define SCESTATUS_OTHER_ERROR 12L
#define SCESTATUS_ALREADY_RUNNING 13L
#define SCESTATUS_SERVICE_NOT_SUPPORT 14L
#define SCESTATUS_MOD_NOT_FOUND 15L
#define SCESTATUS_EXCEPTION_IN_SERVER 16L
#define SCESTATUS_NO_TEMPLATE_GIVEN 17L
#define SCESTATUS_NO_MAPPING 18L
#define SCESTATUS_TRUST_FAIL 19L
#define SCESTATUS_JET_DATABASE_ERROR 20L
#define SCESTATUS_TIMEOUT 21L
#define SCESTATUS_PENDING_IGNORE 22L
#define SCESTATUS_SPECIAL_ACCOUNT 23L
//
// defined for services
//
typedef struct _SCESVC_CONFIGURATION_LINE_ {
LPTSTR Key;
LPTSTR Value;
DWORD ValueLen; // number of bytes
} SCESVC_CONFIGURATION_LINE, *PSCESVC_CONFIGURATION_LINE;
typedef struct _SCESVC_CONFIGURATION_INFO_ {
DWORD Count;
PSCESVC_CONFIGURATION_LINE Lines;
} SCESVC_CONFIGURATION_INFO, *PSCESVC_CONFIGURATION_INFO;
typedef PVOID SCE_HANDLE;
typedef ULONG SCE_ENUMERATION_CONTEXT, *PSCE_ENUMERATION_CONTEXT;
#define SCESVC_ENUMERATION_MAX 100L
typedef enum _SCESVC_INFO_TYPE {
SceSvcConfigurationInfo,
SceSvcMergedPolicyInfo,
SceSvcAnalysisInfo,
SceSvcInternalUse // !!!do not use this type!!!
} SCESVC_INFO_TYPE;
// root path for SCE key
#define SCE_ROOT_PATH TEXT("Software\\Microsoft\\Windows NT\\CurrentVersion\\SeCEdit")
#define SCE_ROOT_SERVICE_PATH \
SCE_ROOT_PATH TEXT("\\SvcEngs")
#endif
//
// All section names defined in the SCP/SAP profiles.
//
static const WCHAR szDescription[] = L"Profile Description";
static const WCHAR szAttachments[] = L"Attachment Sections";
static const WCHAR szSystemAccess[] = L"System Access";
static const WCHAR szPrivilegeRights[] = L"Privilege Rights";
static const WCHAR szGroupMembership[] = L"Group Membership";
static const WCHAR szAccountProfiles[] = L"Account Profiles";
static const WCHAR szRegistryKeys[] = L"Registry Keys";
static const WCHAR szFileSecurity[] = L"File Security";
static const WCHAR szDSSecurity[] = L"DS Security";
static const WCHAR szAuditSystemLog[] = L"System Log";
static const WCHAR szAuditSecurityLog[] = L"Security Log";
static const WCHAR szAuditApplicationLog[] = L"Application Log";
static const WCHAR szAuditEvent[] = L"Event Audit";
static const WCHAR szUserList[] = L"User List";
static const WCHAR szServiceGeneral[] = L"Service General Setting";
static const WCHAR szKerberosPolicy[] = L"Kerberos Policy";
static const WCHAR szRegistryValues[] = L"Registry Values";
//
// A list of names (e.g., users, groups, machines, and etc)
//
typedef struct _SCE_NAME_LIST {
PWSTR Name;
struct _SCE_NAME_LIST *Next;
}SCE_NAME_LIST, *PSCE_NAME_LIST;
//
// a list of accounts with privileges held
//
typedef struct _SCE_PRIVILEGE_VALUE_LIST {
PWSTR Name;
DWORD PrivLowPart;
DWORD PrivHighPart;
struct _SCE_PRIVILEGE_VALUE_LIST *Next;
}SCE_PRIVILEGE_VALUE_LIST, *PSCE_PRIVILEGE_VALUE_LIST;
//
// structure for error info
//
typedef struct _SCE_ERROR_LOG_INFO{
PWSTR buffer;
DWORD rc;
struct _SCE_ERROR_LOG_INFO *next;
} SCE_ERROR_LOG_INFO, *PSCE_ERROR_LOG_INFO;
//
// The privileges/rights each user/group holds are saved into a INT field -
// PrivilegeRights. The first bit in this field is the first right defined
// in the SCE_Privileges array as above. The second bit is the second right
// defined in that array, and so on.
//
#define cPrivCnt 39
#define cPrivW2k 34
typedef struct _SCE_PRIVILEGE_ASSIGNMENT {
PWSTR Name;
DWORD Value;
// This value could be translated by SceLookupPrivByValue
// The reason we define another set of privilege values is
// we include both privilege and user rights into one set
// (user rights do not have priv value on NT system).
PSCE_NAME_LIST AssignedTo;
// SCE_STATUS_GOOD
// SCE_STATUS_MISMATCH
// SCE_STATUS_NOT_CONFIGURED
// SCE_DELETE_VALUE indicates that this priv is deleted from local table
DWORD Status;
struct _SCE_PRIVILEGE_ASSIGNMENT *Next;
} SCE_PRIVILEGE_ASSIGNMENT, *PSCE_PRIVILEGE_ASSIGNMENT;
//
// A list of log on hours range
//
typedef struct _SCE_LOGON_HOUR {
DWORD Start;
DWORD End;
struct _SCE_LOGON_HOUR *Next;
}SCE_LOGON_HOUR, *PSCE_LOGON_HOUR;
//
// A list of names (e.g., users, groups, machines, and etc)
// with a status (e.g., disabled )
//
typedef struct _SCE_NAME_STATUS_LIST {
PWSTR Name;
DWORD Status;
struct _SCE_NAME_STATUS_LIST *Next;
}SCE_NAME_STATUS_LIST, *PSCE_NAME_STATUS_LIST;
//
// Structure definition for service list (service dll)
//
#define SCE_STARTUP_BOOT 0x00
#define SCE_STARTUP_SYSTEM 0x01
#define SCE_STARTUP_AUTOMATIC 0x02
#define SCE_STARTUP_MANUAL 0x03
#define SCE_STARTUP_DISABLED 0x04
typedef struct _SCE_SERVICES_ {
PWSTR ServiceName;
PWSTR DisplayName;
BYTE Status;
BYTE Startup;
union {
PSECURITY_DESCRIPTOR pSecurityDescriptor;
PWSTR ServiceEngineName;
} General;
SECURITY_INFORMATION SeInfo;
struct _SCE_SERVICES_ *Next;
}SCE_SERVICES, *PSCE_SERVICES;
//
// Group memberships
//
#define SCE_GROUP_STATUS_MEMBERS_MISMATCH 0x01
#define SCE_GROUP_STATUS_MEMBEROF_MISMATCH 0x02
#define SCE_GROUP_STATUS_NC_MEMBERS 0x04
#define SCE_GROUP_STATUS_NC_MEMBEROF 0x08
#define SCE_GROUP_STATUS_NOT_ANALYZED 0x10
#define SCE_GROUP_STATUS_ERROR_ANALYZED 0x20
typedef struct _SCE_GROUP_MEMBERSHIP {
PWSTR GroupName;
PSCE_NAME_LIST pMembers;
PSCE_NAME_LIST pMemberOf;
DWORD Status;
//
// pPrivilegesHeld is for analysis only.
// The format of each entry in this list is:
// [PrivValue NULL] (directly assigned), or
// [PrivValue Name] (via group "Name")
// To configure privileges, use AREA_PRIVILEGES area
//
// This PrivValue could be translated by SceLookupPrivByValue
// The reason we define another set of privilege values is
// we include both privilege and user rights into one set
// (user rights do not have priv value on NT system).
PSCE_NAME_STATUS_LIST pPrivilegesHeld;
struct _SCE_GROUP_MEMBERSHIP *Next;
}SCE_GROUP_MEMBERSHIP, *PSCE_GROUP_MEMBERSHIP;
//
// Definition of Registry and file security
//
typedef struct _SCE_OBJECT_SECURITY {
PWSTR Name;
BYTE Status;
BOOL IsContainer;
PSECURITY_DESCRIPTOR pSecurityDescriptor;
SECURITY_INFORMATION SeInfo;
// PWSTR SDspec;
// DWORD SDsize;
}SCE_OBJECT_SECURITY, *PSCE_OBJECT_SECURITY;
//
// A list of objects (e.g., files, registry keys, and etc)
//
typedef struct _SCE_OBJECT_LIST {
PWSTR Name;
BYTE Status;
// Status could be the status (mismatched/unknown) of the object
// or, it could be a flag to ignore/check this ojbect
//
BOOL IsContainer;
DWORD Count;
// Total count of mismatched/unknown objects under this object
struct _SCE_OBJECT_LIST *Next;
}SCE_OBJECT_LIST, *PSCE_OBJECT_LIST;
typedef struct _SCE_OBJECT_ARRAY_ {
DWORD Count;
PSCE_OBJECT_SECURITY *pObjectArray;
} SCE_OBJECT_ARRAY, *PSCE_OBJECT_ARRAY;
typedef union _SCE_OBJECTS_ {
// for Jet databases
PSCE_OBJECT_LIST pOneLevel;
// for Inf files
PSCE_OBJECT_ARRAY pAllNodes;
} SCE_OBJECTS, *PSCE_OBJECTS;
typedef struct _SCE_OBJECT_CHILDREN_NODE {
PWSTR Name;
BYTE Status;
BOOL IsContainer;
DWORD Count;
} SCE_OBJECT_CHILDREN_NODE, *PSCE_OBJECT_CHILDREN_NODE;
typedef struct _SCE_OBJECT_CHILDREN {
DWORD nCount;
DWORD MaxCount;
PSCE_OBJECT_CHILDREN_NODE arrObject;
} SCE_OBJECT_CHILDREN, *PSCE_OBJECT_CHILDREN;
typedef struct _SCE_KERBEROS_TICKET_INFO_ {
DWORD MaxTicketAge; // in hours (default 10), SCE_NO_VALUE, SCE_FOREVER_VALUE, no 0
DWORD MaxRenewAge; // in days (default 7), SCE_NO_VALUE, SCE_FOREVER_VALUE, no 0
DWORD MaxServiceAge; // in minutes (default 60), SCE_NO_VALUE, 10-MaxTicketAge
DWORD MaxClockSkew; // in minutes (default 5), SCE_NO_VALUE
// options
DWORD TicketValidateClient; // 0, 1, or SCE_NO_VALUE
//
// all other options are not configurable.
//
} SCE_KERBEROS_TICKET_INFO, *PSCE_KERBEROS_TICKET_INFO;
typedef struct _SCE_REGISTRY_VALUE_INFO_ {
LPTSTR FullValueName;
LPTSTR Value;
DWORD ValueType;
DWORD Status; // match, mismatch, not analyzed, error
} SCE_REGISTRY_VALUE_INFO, *PSCE_REGISTRY_VALUE_INFO;
//
// Profile structure
//
typedef struct _SCE_PROFILE_INFO {
// Type is used to free the structure by SceFreeMemory
SCETYPE Type;
//
// Area: System access
//
DWORD MinimumPasswordAge;
DWORD MaximumPasswordAge;
DWORD MinimumPasswordLength;
DWORD PasswordComplexity;
DWORD PasswordHistorySize;
DWORD LockoutBadCount;
DWORD ResetLockoutCount;
DWORD LockoutDuration;
DWORD RequireLogonToChangePassword;
DWORD ForceLogoffWhenHourExpire;
PWSTR NewAdministratorName;
PWSTR NewGuestName;
DWORD SecureSystemPartition;
DWORD ClearTextPassword;
DWORD LSAAnonymousNameLookup;
union {
struct {
// Area : user settings (scp)
PSCE_NAME_LIST pAccountProfiles;
// Area: privileges
// Name field is the user/group name, Status field is the privilege(s)
// assigned to the user/group
union {
// PSCE_NAME_STATUS_LIST pPrivilegeAssignedTo;
PSCE_PRIVILEGE_VALUE_LIST pPrivilegeAssignedTo;
PSCE_PRIVILEGE_ASSIGNMENT pInfPrivilegeAssignedTo;
} u;
} scp;
struct {
// Area: user settings (sap)
PSCE_NAME_LIST pUserList;
// Area: privileges
PSCE_PRIVILEGE_ASSIGNMENT pPrivilegeAssignedTo;
} sap;
struct {
// Area: user settings (smp)
PSCE_NAME_LIST pUserList;
// Area: privileges
// See sap structure for pPrivilegeAssignedTo
PSCE_PRIVILEGE_ASSIGNMENT pPrivilegeAssignedTo;
} smp;
} OtherInfo;
// Area: group membership
PSCE_GROUP_MEMBERSHIP pGroupMembership;
// Area: Registry
SCE_OBJECTS pRegistryKeys;
// Area: System Services
PSCE_SERVICES pServices;
// System storage
SCE_OBJECTS pFiles;
//
// ds object
//
SCE_OBJECTS pDsObjects;
//
// kerberos policy settings
//
PSCE_KERBEROS_TICKET_INFO pKerberosInfo;
//
// System audit 0-system 1-security 2-application
//
DWORD MaximumLogSize[3];
DWORD AuditLogRetentionPeriod[3];
DWORD RetentionDays[3];
DWORD RestrictGuestAccess[3];
DWORD AuditSystemEvents;
DWORD AuditLogonEvents;
DWORD AuditObjectAccess;
DWORD AuditPrivilegeUse;
DWORD AuditPolicyChange;
DWORD AuditAccountManage;
DWORD AuditProcessTracking;
DWORD AuditDSAccess;
DWORD AuditAccountLogon;
DWORD CrashOnAuditFull;
//
// registry values
//
DWORD RegValueCount;
PSCE_REGISTRY_VALUE_INFO aRegValues;
DWORD EnableAdminAccount;
DWORD EnableGuestAccount;
}SCE_PROFILE_INFO, *PSCE_PROFILE_INFO;
//
// The definition for security user profile which is used to assign common
// user settings to a group of users/groups in the security manager.
//
typedef struct _SCE_USER_PROFILE {
SCETYPE Type;
// Type is used to free the structure by SceFreeMemory
DWORD ForcePasswordChange;
DWORD DisallowPasswordChange;
DWORD NeverExpirePassword;
DWORD AccountDisabled;
PWSTR UserProfile;
PWSTR LogonScript;
PWSTR HomeDir;
PSCE_LOGON_HOUR pLogonHours;
UNICODE_STRING pWorkstations;
PSCE_NAME_LIST pGroupsBelongsTo;
PSCE_NAME_LIST pAssignToUsers;
PSECURITY_DESCRIPTOR pHomeDirSecurity;
SECURITY_INFORMATION HomeSeInfo;
PSECURITY_DESCRIPTOR pTempDirSecurity;
SECURITY_INFORMATION TempSeInfo;
} SCE_USER_PROFILE, *PSCE_USER_PROFILE;
//
// The definition for each user's setting
//
typedef struct _SCE_USER_SETTING {
SCETYPE Type;
// Type is used to free the structure by SceFreeMemory
DWORD ForcePasswordChange;
DWORD DisallowPasswordChange;
DWORD NeverExpirePassword;
DWORD AccountDisabled;
PSCE_NAME_LIST pGroupsBelongsTo;
PWSTR UserProfile;
PSECURITY_DESCRIPTOR pProfileSecurity;
PWSTR LogonScript;
PSECURITY_DESCRIPTOR pLogonScriptSecurity;
PWSTR HomeDir;
PSECURITY_DESCRIPTOR pHomeDirSecurity;
SECURITY_INFORMATION HomeDirSeInfo;
PWSTR TempDir;
PSECURITY_DESCRIPTOR pTempDirSecurity;
SECURITY_INFORMATION TempDirSeInfo;
PSCE_LOGON_HOUR pLogonHours;
UNICODE_STRING pWorkstations;
PSCE_NAME_STATUS_LIST pPrivilegesHeld;
DWORD BadPasswordAttempt;
} SCE_USER_SETTING, *PSCE_USER_SETTING;
//
// prototypes defined in sceclnt.cpp
//
SCESTATUS
WINAPI
SceGetSecurityProfileInfo(
IN PVOID hProfile OPTIONAL,
IN SCETYPE ProfileType,
IN AREA_INFORMATION Area,
IN OUT PSCE_PROFILE_INFO *ppInfoBuffer,
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
);
SCESTATUS
WINAPI
SceGetObjectChildren(
IN PVOID hProfile,
IN SCETYPE ProfileType,
IN AREA_INFORMATION Area,
IN PWSTR ObjectPrefix,
OUT PSCE_OBJECT_CHILDREN *Buffer,
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
);
SCESTATUS
WINAPI
SceOpenProfile(
IN PCWSTR ProfileName,
IN SCE_FORMAT_TYPE ProfileFormat,
OUT PVOID *hProfile
);
SCESTATUS
WINAPI
SceCloseProfile(
IN PVOID *hProfile
);
SCESTATUS
WINAPI
SceGetScpProfileDescription(
IN PVOID hProfile,
OUT PWSTR *Description
);
SCESTATUS
WINAPI
SceGetTimeStamp(
IN PVOID hProfile,
OUT PWSTR *ConfigTimeStamp,
OUT PWSTR *AnalyzeTimeStamp
);
SCESTATUS
WINAPI
SceGetDbTime(
IN PVOID hProfile,
OUT SYSTEMTIME *ConfigTime,
OUT SYSTEMTIME *AnalyzeTime
);
SCESTATUS
WINAPI
SceGetObjectSecurity(
IN PVOID hProfile,
IN SCETYPE ProfileType,
IN AREA_INFORMATION Area,
IN PWSTR ObjectName,
OUT PSCE_OBJECT_SECURITY *ObjSecurity
);
SCESTATUS
WINAPI
SceGetAnalysisAreaSummary(
IN PVOID hProfile,
IN AREA_INFORMATION Area,
OUT PDWORD pCount
);
SCESTATUS
WINAPI
SceCopyBaseProfile(
IN PVOID hProfile,
IN SCETYPE ProfileType,
IN PWSTR InfFileName,
IN AREA_INFORMATION Area,
OUT PSCE_ERROR_LOG_INFO *pErrlog OPTIONAL
);
#define SCE_OVERWRITE_DB 0x01L
#define SCE_UPDATE_DB 0x02L
#define SCE_CALLBACK_DELTA 0x04L
#define SCE_CALLBACK_TOTAL 0x08L
#define SCE_VERBOSE_LOG 0x10L
#define SCE_DISABLE_LOG 0x20L
#define SCE_NO_CONFIG 0x40L
#define SCE_DEBUG_LOG 0x80L
typedef
BOOL(CALLBACK *PSCE_AREA_CALLBACK_ROUTINE)(
IN HANDLE CallbackHandle,
IN AREA_INFORMATION Area,
IN DWORD TotalTicks,
IN DWORD CurrentTicks
);
typedef
BOOL(CALLBACK *PSCE_BROWSE_CALLBACK_ROUTINE)(
IN LONG GpoID,
IN PWSTR KeyName OPTIONAL,
IN PWSTR GpoName OPTIONAL,
IN PWSTR Value OPTIONAL,
IN DWORD Len
);
SCESTATUS
WINAPI
SceConfigureSystem(
IN LPTSTR SystemName OPTIONAL,
IN PCWSTR InfFileName OPTIONAL,
IN PCWSTR DatabaseName,
IN PCWSTR LogFileName OPTIONAL,
IN DWORD ConfigOptions,
IN AREA_INFORMATION Area,
IN PSCE_AREA_CALLBACK_ROUTINE pCallback OPTIONAL,
IN HANDLE hCallbackWnd OPTIONAL,
OUT PDWORD pdWarning OPTIONAL
);
SCESTATUS
WINAPI
SceAnalyzeSystem(
IN LPTSTR SystemName OPTIONAL,
IN PCWSTR InfFileName OPTIONAL,
IN PCWSTR DatabaseName,
IN PCWSTR LogFileName OPTIONAL,
IN DWORD AnalyzeOptions,
IN AREA_INFORMATION Area,
IN PSCE_AREA_CALLBACK_ROUTINE pCallback OPTIONAL,
IN HANDLE hCallbackWnd OPTIONAL,
OUT PDWORD pdWarning OPTIONAL
);
SCESTATUS
WINAPI
SceGenerateRollback(
IN LPTSTR SystemName OPTIONAL,
IN PCWSTR InfFileName,
IN PCWSTR InfRollback,
IN PCWSTR LogFileName OPTIONAL,
IN DWORD Options,
IN AREA_INFORMATION Area,
OUT PDWORD pdWarning OPTIONAL
);
#define SCE_UPDATE_LOCAL_POLICY 0x1L
#define SCE_UPDATE_DIRTY_ONLY 0x2L
#define SCE_UPDATE_SYSTEM 0x4L
SCESTATUS
WINAPI
SceUpdateSecurityProfile(
IN PVOID hProfile OPTIONAL,
IN AREA_INFORMATION Area,
IN PSCE_PROFILE_INFO pInfo,
IN DWORD dwMode
);
SCESTATUS
WINAPI
SceUpdateObjectInfo(
IN PVOID hProfile,
IN AREA_INFORMATION Area,
IN PWSTR ObjectName,
IN DWORD NameLen, // number of characters
IN BYTE ConfigStatus,
IN BOOL IsContainer,
IN PSECURITY_DESCRIPTOR pSD,
IN SECURITY_INFORMATION SeInfo,
OUT PBYTE pAnalysisStatus
);
SCESTATUS
WINAPI
SceStartTransaction(
IN PVOID cxtProfile
);
SCESTATUS
WINAPI
SceCommitTransaction(
IN PVOID cxtProfile
);
SCESTATUS
WINAPI
SceRollbackTransaction(
IN PVOID cxtProfile
);
typedef enum _SCE_SERVER_TYPE_ {
SCESVR_UNKNOWN = 0,
SCESVR_DC_WITH_DS,
SCESVR_DC,
SCESVR_NT5_SERVER,
SCESVR_NT4_SERVER,
SCESVR_NT5_WKS,
SCESVR_NT4_WKS
} SCE_SERVER_TYPE, *PSCE_SERVER_TYPE;
SCESTATUS
WINAPI
SceGetServerProductType(
IN LPTSTR SystemName OPTIONAL,
OUT PSCE_SERVER_TYPE pServerType
);
SCESTATUS
WINAPI
SceLookupPrivRightName(
IN INT Priv,
OUT PWSTR Name,
OUT PINT NameLen
);
SCESTATUS
WINAPI
SceSvcUpdateInfo(
IN PVOID hProfile,
IN PCWSTR ServiceName,
IN PSCESVC_CONFIGURATION_INFO Info
);
//
// prototype defined in infget.c
//
SCESTATUS
WINAPI
SceSvcGetInformationTemplate(
IN LPCTSTR TemplateName,
IN LPCTSTR ServiceName,
IN LPCTSTR Key OPTIONAL,
OUT PSCESVC_CONFIGURATION_INFO *ServiceInfo
);
//
// prototypes defined in infwrite.c
//
SCESTATUS
WINAPI
SceWriteSecurityProfileInfo(
IN PCWSTR InfProfileName,
IN AREA_INFORMATION Area,
IN PSCE_PROFILE_INFO ppInfoBuffer,
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
);
SCESTATUS
WINAPI
SceAppendSecurityProfileInfo(
IN PCWSTR InfProfileName,
IN AREA_INFORMATION Area,
IN PSCE_PROFILE_INFO ppInfoBuffer,
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
);
SCESTATUS
WINAPI
SceSvcSetInformationTemplate(
IN LPCTSTR TemplateName,
IN LPCTSTR ServiceName,
IN BOOL bExact,
IN PSCESVC_CONFIGURATION_INFO ServiceInfo
);
//
// prototypes defined in common.cpp
//
SCESTATUS
WINAPI
SceFreeMemory(
IN PVOID smInfo,
IN DWORD Category
);
BOOL
WINAPI
SceCompareNameList(
IN PSCE_NAME_LIST pList1,
IN PSCE_NAME_LIST pList2
);
SCESTATUS
WINAPI
SceCompareSecurityDescriptors(
IN AREA_INFORMATION Area,
IN PSECURITY_DESCRIPTOR pSD1,
IN PSECURITY_DESCRIPTOR pSD2,
IN SECURITY_INFORMATION SeInfo,
OUT PBOOL IsDifferent
);
SCESTATUS
WINAPI
SceCreateDirectory(
IN PCWSTR ProfileLocation,
IN BOOL FileOrDir,
PSECURITY_DESCRIPTOR pSecurityDescriptor
);
SCESTATUS
WINAPI
SceFreeProfileMemory(
PSCE_PROFILE_INFO pProfile
);
SCESTATUS
WINAPI
SceAddToNameStatusList(
IN OUT PSCE_NAME_STATUS_LIST *pNameStatusList,
IN PWSTR Name,
IN ULONG Len,
IN DWORD Status
);
SCESTATUS
WINAPI
SceAddToNameList(
IN OUT PSCE_NAME_LIST *pNameList,
IN PWSTR Name,
IN ULONG Len
);
#define SCE_CHECK_DUP 0x01
#define SCE_INCREASE_COUNT 0x02
SCESTATUS
WINAPI
SceAddToObjectList(
IN OUT PSCE_OBJECT_LIST *pObjectList,
IN PWSTR Name,
IN ULONG Len,
IN BOOL IsContainer,
IN BYTE Status,
IN BYTE byFlags
);
DWORD
WINAPI
SceEnumerateServices(
OUT PSCE_SERVICES *pServiceList,
IN BOOL bServiceNameOnly
);
DWORD
WINAPI
SceSetupGenerateTemplate(
IN LPTSTR SystemName OPTIONAL,
IN LPTSTR JetDbName OPTIONAL,
IN BOOL bFromMergedTable,
IN LPTSTR InfTemplateName,
IN LPTSTR LogFileName OPTIONAL,
IN AREA_INFORMATION Area
);
#define SCE_REG_DISPLAY_NAME TEXT("DisplayName")
#define SCE_REG_DISPLAY_TYPE TEXT("DisplayType")
#define SCE_REG_VALUE_TYPE TEXT("ValueType")
#define SCE_REG_DISPLAY_UNIT TEXT("DisplayUnit")
#define SCE_REG_DISPLAY_CHOICES TEXT("DisplayChoices")
#define SCE_REG_DISPLAY_FLAGLIST TEXT("DisplayFlags")
#define SCE_REG_DISPLAY_ENABLE 0
#define SCE_REG_DISPLAY_NUMBER 1
#define SCE_REG_DISPLAY_STRING 2
#define SCE_REG_DISPLAY_CHOICE 3
#define SCE_REG_DISPLAY_MULTISZ 4
#define SCE_REG_DISPLAY_FLAGS 5
DWORD
WINAPI
SceRegisterRegValues(
IN LPTSTR InfFileName
);
//
// for service attachments
//
SCESTATUS
WINAPI
SceSvcQueryInfo(
IN SCE_HANDLE sceHandle,
IN SCESVC_INFO_TYPE sceType,
IN LPTSTR lpPrefix OPTIONAL,
IN BOOL bExact,
OUT PVOID *ppvInfo,
OUT PSCE_ENUMERATION_CONTEXT psceEnumHandle
);
SCESTATUS
WINAPI
SceSvcSetInfo(
IN SCE_HANDLE sceHandle,
IN SCESVC_INFO_TYPE sceType,
IN LPTSTR lpPrefix OPTIONAL,
IN BOOL bExact,
IN PVOID pvInfo
);
SCESTATUS
WINAPI
SceSvcFree(
IN PVOID pvServiceInfo
);
SCESTATUS
WINAPI
SceSvcConvertTextToSD (
IN PWSTR pwszTextSD,
OUT PSECURITY_DESCRIPTOR *ppSD,
OUT PULONG pulSDSize,
OUT PSECURITY_INFORMATION psiSeInfo
);
SCESTATUS
WINAPI
SceSvcConvertSDToText (
IN PSECURITY_DESCRIPTOR pSD,
IN SECURITY_INFORMATION siSecurityInfo,
OUT PWSTR *ppwszTextSD,
OUT PULONG pulTextSize
);
//
// check service.cpp if the following constants are changed because
// it has a buffer length dependency
//
#define SCE_ROOT_POLICY_PATH \
SCE_ROOT_PATH TEXT("\\Policies")
#define SCE_ROOT_REGVALUE_PATH \
SCE_ROOT_PATH TEXT("\\Reg Values")
// define for GPT integration
#define GPTSCE_PATH TEXT("Software\\Policies\\Microsoft\\Windows NT\\SecEdit")
#define GPTSCE_PERIOD_NAME TEXT("ConfigurePeriod")
#define GPTSCE_TEMPLATE TEXT("Microsoft\\Windows NT\\SecEdit\\GptTmpl.inf")
AREA_INFORMATION
SceGetAreas(
LPTSTR InfName
);
BOOL
SceIsSystemDatabase(
IN LPCTSTR DatabaseName
);
SCESTATUS
SceBrowseDatabaseTable(
IN PWSTR DatabaseName OPTIONAL,
IN SCETYPE ProfileType,
IN AREA_INFORMATION Area,
IN BOOL bDomainPolicyOnly,
IN PSCE_BROWSE_CALLBACK_ROUTINE pCallback OPTIONAL
);
SCESTATUS
WINAPI
SceGetDatabaseSetting(
IN PVOID hProfile,
IN SCETYPE ProfileType,
IN PWSTR SectionName,
IN PWSTR KeyName,
OUT PWSTR *Value,
OUT DWORD *pnBytes OPTIONAL
);
SCESTATUS
WINAPI
SceSetDatabaseSetting(
IN PVOID hProfile,
IN SCETYPE ProfileType,
IN PWSTR SectionName,
IN PWSTR KeyName,
IN PWSTR Value OPTIONAL,
IN DWORD nBytes
);
#ifdef __cplusplus
}
#endif
#endif