You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1114 lines
29 KiB
1114 lines
29 KiB
/*++
|
|
|
|
Copyright (c) 1996 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
secedit.h
|
|
|
|
Abstract:
|
|
|
|
This module defines the exported data structures and function prototypes
|
|
for the security managment utility
|
|
|
|
Author:
|
|
|
|
Jin Huang (jinhuang) 28-Oct-1996
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
#ifndef _secedit_
|
|
#define _secedit_
|
|
|
|
#ifdef __cplusplus
|
|
extern "C"{
|
|
#endif
|
|
|
|
//
|
|
// definition for areas
|
|
//
|
|
#ifndef SCE_AREA_DEFINED
|
|
#define SCE_AREA_DEFINED
|
|
typedef DWORD AREA_INFORMATION;
|
|
|
|
#define AREA_SECURITY_POLICY 0x0001L
|
|
#define AREA_USER_SETTINGS 0x0002L
|
|
#define AREA_GROUP_MEMBERSHIP 0x0004L
|
|
#define AREA_PRIVILEGES 0x0008L
|
|
#define AREA_DS_OBJECTS 0x0010L
|
|
#define AREA_REGISTRY_SECURITY 0x0020L
|
|
#define AREA_FILE_SECURITY 0x0040L
|
|
#define AREA_SYSTEM_SERVICE 0x0080L
|
|
#define AREA_ATTACHMENTS 0x8000L
|
|
#define AREA_ALL 0xFFFFL
|
|
|
|
#endif
|
|
//
|
|
// Other constants
|
|
//
|
|
#define AREA_PASSWORD_POLICY 0x0100L
|
|
#define AREA_LOCKOUT_POLICY 0x0200L
|
|
#define AREA_KERBEROS_POLICY 0x0400L
|
|
#define AREA_ACCOUNT_POLICY (AREA_PASSWORD_POLICY | \
|
|
AREA_LOCKOUT_POLICY | \
|
|
AREA_KERBEROS_POLICY)
|
|
|
|
#define AREA_AUDIT_POLICY 0x0800L
|
|
#define AREA_SECURITY_OPTIONS 0x1000L
|
|
#define AREA_LOCAL_POLICY (AREA_AUDIT_POLICY |\
|
|
AREA_PRIVILEGES |\
|
|
AREA_SECURITY_OPTIONS)
|
|
|
|
#define AREA_LOG_POLICY 0x2000L
|
|
|
|
|
|
#define SCE_STATUS_CHECK 0
|
|
#define SCE_STATUS_IGNORE 1
|
|
#define SCE_STATUS_OVERWRITE 2
|
|
#define SCE_STATUS_NO_AUTO_INHERIT 4
|
|
|
|
#define SCE_STATUS_IN 0
|
|
#define SCE_STATUS_NOT_IN 1
|
|
|
|
#define SCE_STATUS_NO_ACL_SUPPORT 3
|
|
|
|
#define SCE_STATUS_GOOD 0
|
|
#define SCE_STATUS_MISMATCH 1
|
|
#define SCE_STATUS_CHILDREN_CONFIGURED 2
|
|
#define SCE_STATUS_NOT_CONFIGURED 4
|
|
#define SCE_STATUS_ERROR_NOT_AVAILABLE 5
|
|
#define SCE_STATUS_NEW_SERVICE 6
|
|
#define SCE_STATUS_NOT_ANALYZED 7
|
|
|
|
#define SCE_STATUS_PERMISSION_MISMATCH 0x40
|
|
#define SCE_STATUS_AUDIT_MISMATCH 0x80
|
|
|
|
#define SCE_SETUP_32KEY 0x2000L
|
|
#ifndef _WIN64
|
|
#define SCE_SETUP_64KEY 0x4000L
|
|
#endif // _WIN64
|
|
|
|
typedef enum _SCE_TYPE {
|
|
|
|
SCE_ENGINE_SYSTEM=300,
|
|
SCE_ENGINE_GPO,
|
|
SCE_ENGINE_SCP, // effective table
|
|
SCE_ENGINE_SAP, // analysis table
|
|
SCE_ENGINE_SCP_INTERNAL,
|
|
SCE_ENGINE_SMP_INTERNAL,
|
|
SCE_ENGINE_SMP, // local table
|
|
SCE_STRUCT_INF,
|
|
SCE_STRUCT_PROFILE,
|
|
SCE_STRUCT_USER,
|
|
SCE_STRUCT_NAME_LIST,
|
|
SCE_STRUCT_NAME_STATUS_LIST,
|
|
SCE_STRUCT_PRIVILEGE,
|
|
SCE_STRUCT_GROUP,
|
|
SCE_STRUCT_OBJECT_LIST,
|
|
SCE_STRUCT_OBJECT_CHILDREN,
|
|
SCE_STRUCT_OBJECT_SECURITY,
|
|
SCE_STRUCT_OBJECT_ARRAY,
|
|
SCE_STRUCT_ERROR_LOG_INFO,
|
|
SCE_STRUCT_SERVICES,
|
|
SCE_STRUCT_PRIVILEGE_VALUE_LIST,
|
|
SCE_ENGINE_RBK
|
|
|
|
} SCETYPE;
|
|
|
|
typedef enum _SCE_FORMAT_TYPE_ {
|
|
|
|
SCE_INF_FORMAT=1,
|
|
SCE_JET_FORMAT,
|
|
SCE_JET_ANALYSIS_REQUIRED
|
|
|
|
} SCE_FORMAT_TYPE, *PSCE_FORMAT_TYPE;
|
|
|
|
static const WCHAR szMembers[] = L"__Members";
|
|
static const WCHAR szMemberof[] = L"__Memberof";
|
|
static const WCHAR szPrivileges[] = L"__Privileges";
|
|
|
|
#define SCE_BUF_LEN 1024
|
|
|
|
#define SCE_FOREVER_VALUE (DWORD)-1
|
|
#define SCE_NO_VALUE (DWORD)-2
|
|
#define SCE_KERBEROS_OFF_VALUE (DWORD)-3
|
|
#define SCE_DELETE_VALUE (DWORD)-4
|
|
#define SCE_SNAPSHOT_VALUE (DWORD)-5
|
|
#define SCE_NOT_ANALYZED_VALUE (DWORD)-6
|
|
#define SCE_ERROR_VALUE (DWORD)-7
|
|
|
|
#ifndef _SCE_SHARED_HEADER
|
|
#define _SCE_SHARED_HEADER
|
|
|
|
typedef DWORD SCESTATUS;
|
|
|
|
#define SCESTATUS_SUCCESS 0L
|
|
#define SCESTATUS_INVALID_PARAMETER 1L
|
|
#define SCESTATUS_RECORD_NOT_FOUND 2L
|
|
#define SCESTATUS_INVALID_DATA 3L
|
|
#define SCESTATUS_OBJECT_EXIST 4L
|
|
#define SCESTATUS_BUFFER_TOO_SMALL 5L
|
|
#define SCESTATUS_PROFILE_NOT_FOUND 6L
|
|
#define SCESTATUS_BAD_FORMAT 7L
|
|
#define SCESTATUS_NOT_ENOUGH_RESOURCE 8L
|
|
#define SCESTATUS_ACCESS_DENIED 9L
|
|
#define SCESTATUS_CANT_DELETE 10L
|
|
#define SCESTATUS_PREFIX_OVERFLOW 11L
|
|
#define SCESTATUS_OTHER_ERROR 12L
|
|
#define SCESTATUS_ALREADY_RUNNING 13L
|
|
#define SCESTATUS_SERVICE_NOT_SUPPORT 14L
|
|
#define SCESTATUS_MOD_NOT_FOUND 15L
|
|
#define SCESTATUS_EXCEPTION_IN_SERVER 16L
|
|
#define SCESTATUS_NO_TEMPLATE_GIVEN 17L
|
|
#define SCESTATUS_NO_MAPPING 18L
|
|
#define SCESTATUS_TRUST_FAIL 19L
|
|
#define SCESTATUS_JET_DATABASE_ERROR 20L
|
|
#define SCESTATUS_TIMEOUT 21L
|
|
#define SCESTATUS_PENDING_IGNORE 22L
|
|
#define SCESTATUS_SPECIAL_ACCOUNT 23L
|
|
|
|
//
|
|
// defined for services
|
|
//
|
|
typedef struct _SCESVC_CONFIGURATION_LINE_ {
|
|
|
|
LPTSTR Key;
|
|
LPTSTR Value;
|
|
DWORD ValueLen; // number of bytes
|
|
|
|
} SCESVC_CONFIGURATION_LINE, *PSCESVC_CONFIGURATION_LINE;
|
|
|
|
typedef struct _SCESVC_CONFIGURATION_INFO_ {
|
|
|
|
DWORD Count;
|
|
PSCESVC_CONFIGURATION_LINE Lines;
|
|
|
|
} SCESVC_CONFIGURATION_INFO, *PSCESVC_CONFIGURATION_INFO;
|
|
|
|
typedef PVOID SCE_HANDLE;
|
|
typedef ULONG SCE_ENUMERATION_CONTEXT, *PSCE_ENUMERATION_CONTEXT;
|
|
|
|
#define SCESVC_ENUMERATION_MAX 100L
|
|
|
|
typedef enum _SCESVC_INFO_TYPE {
|
|
|
|
SceSvcConfigurationInfo,
|
|
SceSvcMergedPolicyInfo,
|
|
SceSvcAnalysisInfo,
|
|
SceSvcInternalUse // !!!do not use this type!!!
|
|
|
|
} SCESVC_INFO_TYPE;
|
|
|
|
// root path for SCE key
|
|
#define SCE_ROOT_PATH TEXT("Software\\Microsoft\\Windows NT\\CurrentVersion\\SeCEdit")
|
|
|
|
#define SCE_ROOT_SERVICE_PATH \
|
|
SCE_ROOT_PATH TEXT("\\SvcEngs")
|
|
#endif
|
|
|
|
//
|
|
// All section names defined in the SCP/SAP profiles.
|
|
//
|
|
|
|
static const WCHAR szDescription[] = L"Profile Description";
|
|
static const WCHAR szAttachments[] = L"Attachment Sections";
|
|
static const WCHAR szSystemAccess[] = L"System Access";
|
|
static const WCHAR szPrivilegeRights[] = L"Privilege Rights";
|
|
static const WCHAR szGroupMembership[] = L"Group Membership";
|
|
static const WCHAR szAccountProfiles[] = L"Account Profiles";
|
|
static const WCHAR szRegistryKeys[] = L"Registry Keys";
|
|
static const WCHAR szFileSecurity[] = L"File Security";
|
|
static const WCHAR szDSSecurity[] = L"DS Security";
|
|
static const WCHAR szAuditSystemLog[] = L"System Log";
|
|
static const WCHAR szAuditSecurityLog[] = L"Security Log";
|
|
static const WCHAR szAuditApplicationLog[] = L"Application Log";
|
|
static const WCHAR szAuditEvent[] = L"Event Audit";
|
|
static const WCHAR szUserList[] = L"User List";
|
|
static const WCHAR szServiceGeneral[] = L"Service General Setting";
|
|
static const WCHAR szKerberosPolicy[] = L"Kerberos Policy";
|
|
static const WCHAR szRegistryValues[] = L"Registry Values";
|
|
|
|
|
|
//
|
|
// A list of names (e.g., users, groups, machines, and etc)
|
|
//
|
|
|
|
typedef struct _SCE_NAME_LIST {
|
|
PWSTR Name;
|
|
struct _SCE_NAME_LIST *Next;
|
|
}SCE_NAME_LIST, *PSCE_NAME_LIST;
|
|
|
|
//
|
|
// a list of accounts with privileges held
|
|
//
|
|
typedef struct _SCE_PRIVILEGE_VALUE_LIST {
|
|
PWSTR Name;
|
|
DWORD PrivLowPart;
|
|
DWORD PrivHighPart;
|
|
struct _SCE_PRIVILEGE_VALUE_LIST *Next;
|
|
}SCE_PRIVILEGE_VALUE_LIST, *PSCE_PRIVILEGE_VALUE_LIST;
|
|
|
|
//
|
|
// structure for error info
|
|
//
|
|
|
|
typedef struct _SCE_ERROR_LOG_INFO{
|
|
PWSTR buffer;
|
|
DWORD rc;
|
|
struct _SCE_ERROR_LOG_INFO *next;
|
|
} SCE_ERROR_LOG_INFO, *PSCE_ERROR_LOG_INFO;
|
|
|
|
//
|
|
// The privileges/rights each user/group holds are saved into a INT field -
|
|
// PrivilegeRights. The first bit in this field is the first right defined
|
|
// in the SCE_Privileges array as above. The second bit is the second right
|
|
// defined in that array, and so on.
|
|
//
|
|
#define cPrivCnt 39
|
|
#define cPrivW2k 34
|
|
|
|
typedef struct _SCE_PRIVILEGE_ASSIGNMENT {
|
|
PWSTR Name;
|
|
DWORD Value;
|
|
// This value could be translated by SceLookupPrivByValue
|
|
// The reason we define another set of privilege values is
|
|
// we include both privilege and user rights into one set
|
|
// (user rights do not have priv value on NT system).
|
|
PSCE_NAME_LIST AssignedTo;
|
|
// SCE_STATUS_GOOD
|
|
// SCE_STATUS_MISMATCH
|
|
// SCE_STATUS_NOT_CONFIGURED
|
|
// SCE_DELETE_VALUE indicates that this priv is deleted from local table
|
|
DWORD Status;
|
|
struct _SCE_PRIVILEGE_ASSIGNMENT *Next;
|
|
} SCE_PRIVILEGE_ASSIGNMENT, *PSCE_PRIVILEGE_ASSIGNMENT;
|
|
|
|
//
|
|
// A list of log on hours range
|
|
//
|
|
|
|
typedef struct _SCE_LOGON_HOUR {
|
|
DWORD Start;
|
|
DWORD End;
|
|
struct _SCE_LOGON_HOUR *Next;
|
|
}SCE_LOGON_HOUR, *PSCE_LOGON_HOUR;
|
|
|
|
//
|
|
// A list of names (e.g., users, groups, machines, and etc)
|
|
// with a status (e.g., disabled )
|
|
//
|
|
|
|
typedef struct _SCE_NAME_STATUS_LIST {
|
|
PWSTR Name;
|
|
DWORD Status;
|
|
struct _SCE_NAME_STATUS_LIST *Next;
|
|
}SCE_NAME_STATUS_LIST, *PSCE_NAME_STATUS_LIST;
|
|
|
|
//
|
|
// Structure definition for service list (service dll)
|
|
//
|
|
|
|
|
|
#define SCE_STARTUP_BOOT 0x00
|
|
#define SCE_STARTUP_SYSTEM 0x01
|
|
#define SCE_STARTUP_AUTOMATIC 0x02
|
|
#define SCE_STARTUP_MANUAL 0x03
|
|
#define SCE_STARTUP_DISABLED 0x04
|
|
|
|
typedef struct _SCE_SERVICES_ {
|
|
PWSTR ServiceName;
|
|
PWSTR DisplayName;
|
|
|
|
BYTE Status;
|
|
BYTE Startup;
|
|
|
|
union {
|
|
|
|
PSECURITY_DESCRIPTOR pSecurityDescriptor;
|
|
PWSTR ServiceEngineName;
|
|
|
|
} General;
|
|
|
|
SECURITY_INFORMATION SeInfo;
|
|
|
|
struct _SCE_SERVICES_ *Next;
|
|
|
|
}SCE_SERVICES, *PSCE_SERVICES;
|
|
|
|
//
|
|
// Group memberships
|
|
//
|
|
|
|
#define SCE_GROUP_STATUS_MEMBERS_MISMATCH 0x01
|
|
#define SCE_GROUP_STATUS_MEMBEROF_MISMATCH 0x02
|
|
#define SCE_GROUP_STATUS_NC_MEMBERS 0x04
|
|
#define SCE_GROUP_STATUS_NC_MEMBEROF 0x08
|
|
#define SCE_GROUP_STATUS_NOT_ANALYZED 0x10
|
|
#define SCE_GROUP_STATUS_ERROR_ANALYZED 0x20
|
|
|
|
|
|
typedef struct _SCE_GROUP_MEMBERSHIP {
|
|
PWSTR GroupName;
|
|
PSCE_NAME_LIST pMembers;
|
|
PSCE_NAME_LIST pMemberOf;
|
|
|
|
DWORD Status;
|
|
//
|
|
// pPrivilegesHeld is for analysis only.
|
|
// The format of each entry in this list is:
|
|
// [PrivValue NULL] (directly assigned), or
|
|
// [PrivValue Name] (via group "Name")
|
|
// To configure privileges, use AREA_PRIVILEGES area
|
|
//
|
|
// This PrivValue could be translated by SceLookupPrivByValue
|
|
// The reason we define another set of privilege values is
|
|
// we include both privilege and user rights into one set
|
|
// (user rights do not have priv value on NT system).
|
|
PSCE_NAME_STATUS_LIST pPrivilegesHeld;
|
|
struct _SCE_GROUP_MEMBERSHIP *Next;
|
|
}SCE_GROUP_MEMBERSHIP, *PSCE_GROUP_MEMBERSHIP;
|
|
|
|
//
|
|
// Definition of Registry and file security
|
|
//
|
|
|
|
typedef struct _SCE_OBJECT_SECURITY {
|
|
PWSTR Name;
|
|
BYTE Status;
|
|
BOOL IsContainer;
|
|
PSECURITY_DESCRIPTOR pSecurityDescriptor;
|
|
SECURITY_INFORMATION SeInfo;
|
|
// PWSTR SDspec;
|
|
// DWORD SDsize;
|
|
}SCE_OBJECT_SECURITY, *PSCE_OBJECT_SECURITY;
|
|
|
|
//
|
|
// A list of objects (e.g., files, registry keys, and etc)
|
|
//
|
|
|
|
typedef struct _SCE_OBJECT_LIST {
|
|
PWSTR Name;
|
|
BYTE Status;
|
|
// Status could be the status (mismatched/unknown) of the object
|
|
// or, it could be a flag to ignore/check this ojbect
|
|
//
|
|
BOOL IsContainer;
|
|
DWORD Count;
|
|
// Total count of mismatched/unknown objects under this object
|
|
struct _SCE_OBJECT_LIST *Next;
|
|
}SCE_OBJECT_LIST, *PSCE_OBJECT_LIST;
|
|
|
|
typedef struct _SCE_OBJECT_ARRAY_ {
|
|
|
|
DWORD Count;
|
|
PSCE_OBJECT_SECURITY *pObjectArray;
|
|
|
|
} SCE_OBJECT_ARRAY, *PSCE_OBJECT_ARRAY;
|
|
|
|
typedef union _SCE_OBJECTS_ {
|
|
// for Jet databases
|
|
PSCE_OBJECT_LIST pOneLevel;
|
|
// for Inf files
|
|
PSCE_OBJECT_ARRAY pAllNodes;
|
|
} SCE_OBJECTS, *PSCE_OBJECTS;
|
|
|
|
typedef struct _SCE_OBJECT_CHILDREN_NODE {
|
|
|
|
PWSTR Name;
|
|
BYTE Status;
|
|
BOOL IsContainer;
|
|
DWORD Count;
|
|
|
|
} SCE_OBJECT_CHILDREN_NODE, *PSCE_OBJECT_CHILDREN_NODE;
|
|
|
|
typedef struct _SCE_OBJECT_CHILDREN {
|
|
|
|
DWORD nCount;
|
|
DWORD MaxCount;
|
|
PSCE_OBJECT_CHILDREN_NODE arrObject;
|
|
|
|
} SCE_OBJECT_CHILDREN, *PSCE_OBJECT_CHILDREN;
|
|
|
|
typedef struct _SCE_KERBEROS_TICKET_INFO_ {
|
|
DWORD MaxTicketAge; // in hours (default 10), SCE_NO_VALUE, SCE_FOREVER_VALUE, no 0
|
|
|
|
DWORD MaxRenewAge; // in days (default 7), SCE_NO_VALUE, SCE_FOREVER_VALUE, no 0
|
|
|
|
DWORD MaxServiceAge; // in minutes (default 60), SCE_NO_VALUE, 10-MaxTicketAge
|
|
DWORD MaxClockSkew; // in minutes (default 5), SCE_NO_VALUE
|
|
|
|
// options
|
|
DWORD TicketValidateClient; // 0, 1, or SCE_NO_VALUE
|
|
|
|
//
|
|
// all other options are not configurable.
|
|
//
|
|
|
|
} SCE_KERBEROS_TICKET_INFO, *PSCE_KERBEROS_TICKET_INFO;
|
|
|
|
typedef struct _SCE_REGISTRY_VALUE_INFO_ {
|
|
LPTSTR FullValueName;
|
|
LPTSTR Value;
|
|
DWORD ValueType;
|
|
DWORD Status; // match, mismatch, not analyzed, error
|
|
|
|
} SCE_REGISTRY_VALUE_INFO, *PSCE_REGISTRY_VALUE_INFO;
|
|
|
|
//
|
|
// Profile structure
|
|
//
|
|
typedef struct _SCE_PROFILE_INFO {
|
|
|
|
// Type is used to free the structure by SceFreeMemory
|
|
SCETYPE Type;
|
|
//
|
|
// Area: System access
|
|
//
|
|
DWORD MinimumPasswordAge;
|
|
DWORD MaximumPasswordAge;
|
|
DWORD MinimumPasswordLength;
|
|
DWORD PasswordComplexity;
|
|
DWORD PasswordHistorySize;
|
|
DWORD LockoutBadCount;
|
|
DWORD ResetLockoutCount;
|
|
DWORD LockoutDuration;
|
|
DWORD RequireLogonToChangePassword;
|
|
DWORD ForceLogoffWhenHourExpire;
|
|
PWSTR NewAdministratorName;
|
|
PWSTR NewGuestName;
|
|
DWORD SecureSystemPartition;
|
|
DWORD ClearTextPassword;
|
|
DWORD LSAAnonymousNameLookup;
|
|
union {
|
|
struct {
|
|
// Area : user settings (scp)
|
|
PSCE_NAME_LIST pAccountProfiles;
|
|
// Area: privileges
|
|
// Name field is the user/group name, Status field is the privilege(s)
|
|
// assigned to the user/group
|
|
union {
|
|
// PSCE_NAME_STATUS_LIST pPrivilegeAssignedTo;
|
|
PSCE_PRIVILEGE_VALUE_LIST pPrivilegeAssignedTo;
|
|
PSCE_PRIVILEGE_ASSIGNMENT pInfPrivilegeAssignedTo;
|
|
} u;
|
|
} scp;
|
|
struct {
|
|
// Area: user settings (sap)
|
|
PSCE_NAME_LIST pUserList;
|
|
// Area: privileges
|
|
PSCE_PRIVILEGE_ASSIGNMENT pPrivilegeAssignedTo;
|
|
} sap;
|
|
struct {
|
|
// Area: user settings (smp)
|
|
PSCE_NAME_LIST pUserList;
|
|
// Area: privileges
|
|
// See sap structure for pPrivilegeAssignedTo
|
|
PSCE_PRIVILEGE_ASSIGNMENT pPrivilegeAssignedTo;
|
|
} smp;
|
|
} OtherInfo;
|
|
|
|
// Area: group membership
|
|
PSCE_GROUP_MEMBERSHIP pGroupMembership;
|
|
|
|
// Area: Registry
|
|
SCE_OBJECTS pRegistryKeys;
|
|
|
|
// Area: System Services
|
|
PSCE_SERVICES pServices;
|
|
|
|
// System storage
|
|
SCE_OBJECTS pFiles;
|
|
//
|
|
// ds object
|
|
//
|
|
SCE_OBJECTS pDsObjects;
|
|
//
|
|
// kerberos policy settings
|
|
//
|
|
PSCE_KERBEROS_TICKET_INFO pKerberosInfo;
|
|
//
|
|
// System audit 0-system 1-security 2-application
|
|
//
|
|
DWORD MaximumLogSize[3];
|
|
DWORD AuditLogRetentionPeriod[3];
|
|
DWORD RetentionDays[3];
|
|
DWORD RestrictGuestAccess[3];
|
|
DWORD AuditSystemEvents;
|
|
DWORD AuditLogonEvents;
|
|
DWORD AuditObjectAccess;
|
|
DWORD AuditPrivilegeUse;
|
|
DWORD AuditPolicyChange;
|
|
DWORD AuditAccountManage;
|
|
DWORD AuditProcessTracking;
|
|
DWORD AuditDSAccess;
|
|
DWORD AuditAccountLogon;
|
|
DWORD CrashOnAuditFull;
|
|
|
|
//
|
|
// registry values
|
|
//
|
|
DWORD RegValueCount;
|
|
PSCE_REGISTRY_VALUE_INFO aRegValues;
|
|
DWORD EnableAdminAccount;
|
|
DWORD EnableGuestAccount;
|
|
|
|
}SCE_PROFILE_INFO, *PSCE_PROFILE_INFO;
|
|
|
|
//
|
|
// The definition for security user profile which is used to assign common
|
|
// user settings to a group of users/groups in the security manager.
|
|
//
|
|
|
|
typedef struct _SCE_USER_PROFILE {
|
|
SCETYPE Type;
|
|
// Type is used to free the structure by SceFreeMemory
|
|
DWORD ForcePasswordChange;
|
|
DWORD DisallowPasswordChange;
|
|
DWORD NeverExpirePassword;
|
|
DWORD AccountDisabled;
|
|
PWSTR UserProfile;
|
|
PWSTR LogonScript;
|
|
PWSTR HomeDir;
|
|
PSCE_LOGON_HOUR pLogonHours;
|
|
UNICODE_STRING pWorkstations;
|
|
PSCE_NAME_LIST pGroupsBelongsTo;
|
|
PSCE_NAME_LIST pAssignToUsers;
|
|
PSECURITY_DESCRIPTOR pHomeDirSecurity;
|
|
SECURITY_INFORMATION HomeSeInfo;
|
|
PSECURITY_DESCRIPTOR pTempDirSecurity;
|
|
SECURITY_INFORMATION TempSeInfo;
|
|
} SCE_USER_PROFILE, *PSCE_USER_PROFILE;
|
|
|
|
//
|
|
// The definition for each user's setting
|
|
//
|
|
|
|
typedef struct _SCE_USER_SETTING {
|
|
SCETYPE Type;
|
|
// Type is used to free the structure by SceFreeMemory
|
|
DWORD ForcePasswordChange;
|
|
DWORD DisallowPasswordChange;
|
|
DWORD NeverExpirePassword;
|
|
DWORD AccountDisabled;
|
|
PSCE_NAME_LIST pGroupsBelongsTo;
|
|
PWSTR UserProfile;
|
|
PSECURITY_DESCRIPTOR pProfileSecurity;
|
|
PWSTR LogonScript;
|
|
PSECURITY_DESCRIPTOR pLogonScriptSecurity;
|
|
PWSTR HomeDir;
|
|
PSECURITY_DESCRIPTOR pHomeDirSecurity;
|
|
SECURITY_INFORMATION HomeDirSeInfo;
|
|
PWSTR TempDir;
|
|
PSECURITY_DESCRIPTOR pTempDirSecurity;
|
|
SECURITY_INFORMATION TempDirSeInfo;
|
|
PSCE_LOGON_HOUR pLogonHours;
|
|
UNICODE_STRING pWorkstations;
|
|
PSCE_NAME_STATUS_LIST pPrivilegesHeld;
|
|
DWORD BadPasswordAttempt;
|
|
} SCE_USER_SETTING, *PSCE_USER_SETTING;
|
|
|
|
|
|
//
|
|
// prototypes defined in sceclnt.cpp
|
|
//
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceGetSecurityProfileInfo(
|
|
IN PVOID hProfile OPTIONAL,
|
|
IN SCETYPE ProfileType,
|
|
IN AREA_INFORMATION Area,
|
|
IN OUT PSCE_PROFILE_INFO *ppInfoBuffer,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceGetObjectChildren(
|
|
IN PVOID hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN AREA_INFORMATION Area,
|
|
IN PWSTR ObjectPrefix,
|
|
OUT PSCE_OBJECT_CHILDREN *Buffer,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceOpenProfile(
|
|
IN PCWSTR ProfileName,
|
|
IN SCE_FORMAT_TYPE ProfileFormat,
|
|
OUT PVOID *hProfile
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceCloseProfile(
|
|
IN PVOID *hProfile
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceGetScpProfileDescription(
|
|
IN PVOID hProfile,
|
|
OUT PWSTR *Description
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceGetTimeStamp(
|
|
IN PVOID hProfile,
|
|
OUT PWSTR *ConfigTimeStamp,
|
|
OUT PWSTR *AnalyzeTimeStamp
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceGetDbTime(
|
|
IN PVOID hProfile,
|
|
OUT SYSTEMTIME *ConfigTime,
|
|
OUT SYSTEMTIME *AnalyzeTime
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceGetObjectSecurity(
|
|
IN PVOID hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN AREA_INFORMATION Area,
|
|
IN PWSTR ObjectName,
|
|
OUT PSCE_OBJECT_SECURITY *ObjSecurity
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceGetAnalysisAreaSummary(
|
|
IN PVOID hProfile,
|
|
IN AREA_INFORMATION Area,
|
|
OUT PDWORD pCount
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceCopyBaseProfile(
|
|
IN PVOID hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN PWSTR InfFileName,
|
|
IN AREA_INFORMATION Area,
|
|
OUT PSCE_ERROR_LOG_INFO *pErrlog OPTIONAL
|
|
);
|
|
|
|
|
|
#define SCE_OVERWRITE_DB 0x01L
|
|
#define SCE_UPDATE_DB 0x02L
|
|
#define SCE_CALLBACK_DELTA 0x04L
|
|
#define SCE_CALLBACK_TOTAL 0x08L
|
|
#define SCE_VERBOSE_LOG 0x10L
|
|
#define SCE_DISABLE_LOG 0x20L
|
|
#define SCE_NO_CONFIG 0x40L
|
|
#define SCE_DEBUG_LOG 0x80L
|
|
|
|
typedef
|
|
BOOL(CALLBACK *PSCE_AREA_CALLBACK_ROUTINE)(
|
|
IN HANDLE CallbackHandle,
|
|
IN AREA_INFORMATION Area,
|
|
IN DWORD TotalTicks,
|
|
IN DWORD CurrentTicks
|
|
);
|
|
|
|
typedef
|
|
BOOL(CALLBACK *PSCE_BROWSE_CALLBACK_ROUTINE)(
|
|
IN LONG GpoID,
|
|
IN PWSTR KeyName OPTIONAL,
|
|
IN PWSTR GpoName OPTIONAL,
|
|
IN PWSTR Value OPTIONAL,
|
|
IN DWORD Len
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceConfigureSystem(
|
|
IN LPTSTR SystemName OPTIONAL,
|
|
IN PCWSTR InfFileName OPTIONAL,
|
|
IN PCWSTR DatabaseName,
|
|
IN PCWSTR LogFileName OPTIONAL,
|
|
IN DWORD ConfigOptions,
|
|
IN AREA_INFORMATION Area,
|
|
IN PSCE_AREA_CALLBACK_ROUTINE pCallback OPTIONAL,
|
|
IN HANDLE hCallbackWnd OPTIONAL,
|
|
OUT PDWORD pdWarning OPTIONAL
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceAnalyzeSystem(
|
|
IN LPTSTR SystemName OPTIONAL,
|
|
IN PCWSTR InfFileName OPTIONAL,
|
|
IN PCWSTR DatabaseName,
|
|
IN PCWSTR LogFileName OPTIONAL,
|
|
IN DWORD AnalyzeOptions,
|
|
IN AREA_INFORMATION Area,
|
|
IN PSCE_AREA_CALLBACK_ROUTINE pCallback OPTIONAL,
|
|
IN HANDLE hCallbackWnd OPTIONAL,
|
|
OUT PDWORD pdWarning OPTIONAL
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceGenerateRollback(
|
|
IN LPTSTR SystemName OPTIONAL,
|
|
IN PCWSTR InfFileName,
|
|
IN PCWSTR InfRollback,
|
|
IN PCWSTR LogFileName OPTIONAL,
|
|
IN DWORD Options,
|
|
IN AREA_INFORMATION Area,
|
|
OUT PDWORD pdWarning OPTIONAL
|
|
);
|
|
|
|
#define SCE_UPDATE_LOCAL_POLICY 0x1L
|
|
#define SCE_UPDATE_DIRTY_ONLY 0x2L
|
|
#define SCE_UPDATE_SYSTEM 0x4L
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceUpdateSecurityProfile(
|
|
IN PVOID hProfile OPTIONAL,
|
|
IN AREA_INFORMATION Area,
|
|
IN PSCE_PROFILE_INFO pInfo,
|
|
IN DWORD dwMode
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceUpdateObjectInfo(
|
|
IN PVOID hProfile,
|
|
IN AREA_INFORMATION Area,
|
|
IN PWSTR ObjectName,
|
|
IN DWORD NameLen, // number of characters
|
|
IN BYTE ConfigStatus,
|
|
IN BOOL IsContainer,
|
|
IN PSECURITY_DESCRIPTOR pSD,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
OUT PBYTE pAnalysisStatus
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceStartTransaction(
|
|
IN PVOID cxtProfile
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceCommitTransaction(
|
|
IN PVOID cxtProfile
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceRollbackTransaction(
|
|
IN PVOID cxtProfile
|
|
);
|
|
|
|
typedef enum _SCE_SERVER_TYPE_ {
|
|
|
|
SCESVR_UNKNOWN = 0,
|
|
SCESVR_DC_WITH_DS,
|
|
SCESVR_DC,
|
|
SCESVR_NT5_SERVER,
|
|
SCESVR_NT4_SERVER,
|
|
SCESVR_NT5_WKS,
|
|
SCESVR_NT4_WKS
|
|
|
|
} SCE_SERVER_TYPE, *PSCE_SERVER_TYPE;
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceGetServerProductType(
|
|
IN LPTSTR SystemName OPTIONAL,
|
|
OUT PSCE_SERVER_TYPE pServerType
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceLookupPrivRightName(
|
|
IN INT Priv,
|
|
OUT PWSTR Name,
|
|
OUT PINT NameLen
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceSvcUpdateInfo(
|
|
IN PVOID hProfile,
|
|
IN PCWSTR ServiceName,
|
|
IN PSCESVC_CONFIGURATION_INFO Info
|
|
);
|
|
|
|
//
|
|
// prototype defined in infget.c
|
|
//
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceSvcGetInformationTemplate(
|
|
IN LPCTSTR TemplateName,
|
|
IN LPCTSTR ServiceName,
|
|
IN LPCTSTR Key OPTIONAL,
|
|
OUT PSCESVC_CONFIGURATION_INFO *ServiceInfo
|
|
);
|
|
|
|
//
|
|
// prototypes defined in infwrite.c
|
|
//
|
|
SCESTATUS
|
|
WINAPI
|
|
SceWriteSecurityProfileInfo(
|
|
IN PCWSTR InfProfileName,
|
|
IN AREA_INFORMATION Area,
|
|
IN PSCE_PROFILE_INFO ppInfoBuffer,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceAppendSecurityProfileInfo(
|
|
IN PCWSTR InfProfileName,
|
|
IN AREA_INFORMATION Area,
|
|
IN PSCE_PROFILE_INFO ppInfoBuffer,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceSvcSetInformationTemplate(
|
|
IN LPCTSTR TemplateName,
|
|
IN LPCTSTR ServiceName,
|
|
IN BOOL bExact,
|
|
IN PSCESVC_CONFIGURATION_INFO ServiceInfo
|
|
);
|
|
|
|
//
|
|
// prototypes defined in common.cpp
|
|
//
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceFreeMemory(
|
|
IN PVOID smInfo,
|
|
IN DWORD Category
|
|
);
|
|
|
|
BOOL
|
|
WINAPI
|
|
SceCompareNameList(
|
|
IN PSCE_NAME_LIST pList1,
|
|
IN PSCE_NAME_LIST pList2
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceCompareSecurityDescriptors(
|
|
IN AREA_INFORMATION Area,
|
|
IN PSECURITY_DESCRIPTOR pSD1,
|
|
IN PSECURITY_DESCRIPTOR pSD2,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
OUT PBOOL IsDifferent
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceCreateDirectory(
|
|
IN PCWSTR ProfileLocation,
|
|
IN BOOL FileOrDir,
|
|
PSECURITY_DESCRIPTOR pSecurityDescriptor
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceFreeProfileMemory(
|
|
PSCE_PROFILE_INFO pProfile
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceAddToNameStatusList(
|
|
IN OUT PSCE_NAME_STATUS_LIST *pNameStatusList,
|
|
IN PWSTR Name,
|
|
IN ULONG Len,
|
|
IN DWORD Status
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceAddToNameList(
|
|
IN OUT PSCE_NAME_LIST *pNameList,
|
|
IN PWSTR Name,
|
|
IN ULONG Len
|
|
);
|
|
|
|
#define SCE_CHECK_DUP 0x01
|
|
#define SCE_INCREASE_COUNT 0x02
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceAddToObjectList(
|
|
IN OUT PSCE_OBJECT_LIST *pObjectList,
|
|
IN PWSTR Name,
|
|
IN ULONG Len,
|
|
IN BOOL IsContainer,
|
|
IN BYTE Status,
|
|
IN BYTE byFlags
|
|
);
|
|
|
|
DWORD
|
|
WINAPI
|
|
SceEnumerateServices(
|
|
OUT PSCE_SERVICES *pServiceList,
|
|
IN BOOL bServiceNameOnly
|
|
);
|
|
|
|
DWORD
|
|
WINAPI
|
|
SceSetupGenerateTemplate(
|
|
IN LPTSTR SystemName OPTIONAL,
|
|
IN LPTSTR JetDbName OPTIONAL,
|
|
IN BOOL bFromMergedTable,
|
|
IN LPTSTR InfTemplateName,
|
|
IN LPTSTR LogFileName OPTIONAL,
|
|
IN AREA_INFORMATION Area
|
|
);
|
|
|
|
|
|
#define SCE_REG_DISPLAY_NAME TEXT("DisplayName")
|
|
#define SCE_REG_DISPLAY_TYPE TEXT("DisplayType")
|
|
#define SCE_REG_VALUE_TYPE TEXT("ValueType")
|
|
#define SCE_REG_DISPLAY_UNIT TEXT("DisplayUnit")
|
|
#define SCE_REG_DISPLAY_CHOICES TEXT("DisplayChoices")
|
|
#define SCE_REG_DISPLAY_FLAGLIST TEXT("DisplayFlags")
|
|
|
|
#define SCE_REG_DISPLAY_ENABLE 0
|
|
#define SCE_REG_DISPLAY_NUMBER 1
|
|
#define SCE_REG_DISPLAY_STRING 2
|
|
#define SCE_REG_DISPLAY_CHOICE 3
|
|
#define SCE_REG_DISPLAY_MULTISZ 4
|
|
#define SCE_REG_DISPLAY_FLAGS 5
|
|
|
|
DWORD
|
|
WINAPI
|
|
SceRegisterRegValues(
|
|
IN LPTSTR InfFileName
|
|
);
|
|
|
|
//
|
|
// for service attachments
|
|
//
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceSvcQueryInfo(
|
|
IN SCE_HANDLE sceHandle,
|
|
IN SCESVC_INFO_TYPE sceType,
|
|
IN LPTSTR lpPrefix OPTIONAL,
|
|
IN BOOL bExact,
|
|
OUT PVOID *ppvInfo,
|
|
OUT PSCE_ENUMERATION_CONTEXT psceEnumHandle
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceSvcSetInfo(
|
|
IN SCE_HANDLE sceHandle,
|
|
IN SCESVC_INFO_TYPE sceType,
|
|
IN LPTSTR lpPrefix OPTIONAL,
|
|
IN BOOL bExact,
|
|
IN PVOID pvInfo
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceSvcFree(
|
|
IN PVOID pvServiceInfo
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceSvcConvertTextToSD (
|
|
IN PWSTR pwszTextSD,
|
|
OUT PSECURITY_DESCRIPTOR *ppSD,
|
|
OUT PULONG pulSDSize,
|
|
OUT PSECURITY_INFORMATION psiSeInfo
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceSvcConvertSDToText (
|
|
IN PSECURITY_DESCRIPTOR pSD,
|
|
IN SECURITY_INFORMATION siSecurityInfo,
|
|
OUT PWSTR *ppwszTextSD,
|
|
OUT PULONG pulTextSize
|
|
);
|
|
|
|
//
|
|
// check service.cpp if the following constants are changed because
|
|
// it has a buffer length dependency
|
|
//
|
|
#define SCE_ROOT_POLICY_PATH \
|
|
SCE_ROOT_PATH TEXT("\\Policies")
|
|
#define SCE_ROOT_REGVALUE_PATH \
|
|
SCE_ROOT_PATH TEXT("\\Reg Values")
|
|
|
|
// define for GPT integration
|
|
#define GPTSCE_PATH TEXT("Software\\Policies\\Microsoft\\Windows NT\\SecEdit")
|
|
#define GPTSCE_PERIOD_NAME TEXT("ConfigurePeriod")
|
|
#define GPTSCE_TEMPLATE TEXT("Microsoft\\Windows NT\\SecEdit\\GptTmpl.inf")
|
|
|
|
AREA_INFORMATION
|
|
SceGetAreas(
|
|
LPTSTR InfName
|
|
);
|
|
|
|
BOOL
|
|
SceIsSystemDatabase(
|
|
IN LPCTSTR DatabaseName
|
|
);
|
|
|
|
SCESTATUS
|
|
SceBrowseDatabaseTable(
|
|
IN PWSTR DatabaseName OPTIONAL,
|
|
IN SCETYPE ProfileType,
|
|
IN AREA_INFORMATION Area,
|
|
IN BOOL bDomainPolicyOnly,
|
|
IN PSCE_BROWSE_CALLBACK_ROUTINE pCallback OPTIONAL
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceGetDatabaseSetting(
|
|
IN PVOID hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN PWSTR SectionName,
|
|
IN PWSTR KeyName,
|
|
OUT PWSTR *Value,
|
|
OUT DWORD *pnBytes OPTIONAL
|
|
);
|
|
|
|
SCESTATUS
|
|
WINAPI
|
|
SceSetDatabaseSetting(
|
|
IN PVOID hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN PWSTR SectionName,
|
|
IN PWSTR KeyName,
|
|
IN PWSTR Value OPTIONAL,
|
|
IN DWORD nBytes
|
|
);
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif
|
|
|