archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
 
 
 
 
 
 
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/base/lsa/server/dspolicy/dbdata.c

277 lines
8.9 KiB
Raw Blame History

/*++
Copyright (c) 1991 Microsoft Corporation
Module Name:
dbdata.c
Abstract:
Local Security Authority - Database Server Global Data
Author:
Scott Birrell (ScottBi) July 25, 1991
Environment:
User Mode
Revision History:
--*/
#include <lsapch2.h>
#include "dbp.h"
OBJECT_ATTRIBUTES LsapDbObjectAttributes;
STRING LsapDbNameString;
LARGE_INTEGER LsapDbInitSize;
LARGE_INTEGER LsapDbMaximumSizeOfSection;
//
// LSA Initialized Status
//
BOOLEAN LsapInitialized = FALSE;
//
// Setup Event Existed
// This is necessary to distinguish a psuedo install done
// during a developer's first boot after install (which does
// an auto init) and the case where a real setup was run.
//
BOOLEAN LsapSetupWasRun = FALSE;
//
// Boolean indicating that the Ds is up and running
//
BOOLEAN LsapDsIsRunning = FALSE;
//
// Database initialization has been performed
//
BOOLEAN LsapDatabaseSetupPerformed = FALSE;
//
// Type of product we are running
//
NT_PRODUCT_TYPE LsapProductType;
//
// Product suites available on the current machine
//
WORD LsapProductSuiteMask=0;
//
// LSA Database State information
//
LSAP_DB_STATE LsapDbState;
#ifdef DBG
BOOL g_ScePolicyLocked = FALSE;
#endif
//
// LsaDb object Handle used internally.
// Also one for use throughout LSA.
//
LSAPR_HANDLE LsapDbHandle;
LSAPR_HANDLE LsapPolicyHandle = NULL;
//
// LSA Database Encryption Key
//
PLSAP_CR_CIPHER_KEY LsapDbCipherKey;
PLSAP_CR_CIPHER_KEY LsapDbSP4SecretCipherKey;
PLSAP_CR_CIPHER_KEY LsapDbSecretCipherKeyRead;
PLSAP_CR_CIPHER_KEY LsapDbSecretCipherKeyWrite;
PVOID LsapDbSysKey = NULL;
PVOID LsapDbOldSysKey = NULL;
//
// Is this a DC in the root domain?
//
BOOLEAN DcInRootDomain = FALSE;
//
// Queue of name/sid lookup activities.
//
LSAP_DB_LOOKUP_WORK_QUEUE LookupWorkQueue;
//
// LSA Database Object SubKey Unicode name string and attributes array
//
UNICODE_STRING LsapDbNames[DummyLastName];
PLSAP_DB_DS_INFO LsapDbDsAttInfo;
//
// LSA Database Object Type Containing Directory Names
//
UNICODE_STRING LsapDbContDirs[DummyLastObject];
//
// Object Information Requirements. These arrays, indexed by object
// type id indicated whether objects have Sids or Names.
//
// WARNING! - These arrays must be kept in sync with the LSAP_DB_OBJECT_TYPE_ID
// enumerated type.
//
BOOLEAN LsapDbRequiresSidInfo[DummyLastObject] = {
FALSE, // NullObject
FALSE, // LsaDatabaseObject
FALSE, // BuiltInAccountObject
TRUE, // AccountObject
FALSE // SecretObject
};
BOOLEAN LsapDbRequiresNameInfo[DummyLastObject] = {
FALSE, // NullObject,
TRUE, // LsaDatabaseObject
TRUE, // BuiltInAccountObject
FALSE, // AccountObject
TRUE // SecretObject
};
//
// Table of accesses required to query Policy Information. This table
// is indexed by Policy Information Class
//
ACCESS_MASK LsapDbRequiredAccessQueryPolicy[PolicyDnsDomainInformationInt + 1] = {
0, // Information classes start at 1
POLICY_VIEW_AUDIT_INFORMATION, // PolicyAuditLogInformation
POLICY_VIEW_AUDIT_INFORMATION, // PolicyAuditEventsInformation
POLICY_VIEW_LOCAL_INFORMATION, // PolicyPrimaryDomainInformation
POLICY_GET_PRIVATE_INFORMATION, // PolicyPdAccountInformation
POLICY_VIEW_LOCAL_INFORMATION, // PolicyAccountDomainInformation
POLICY_VIEW_LOCAL_INFORMATION, // PolicyLsaServerRoleInformation
POLICY_VIEW_LOCAL_INFORMATION, // PolicyReplicaSourceInformation
POLICY_VIEW_LOCAL_INFORMATION, // PolicyDefaultQuotaInformation
0, // Not settable by non-trusted call
0, // Not applicable
POLICY_VIEW_AUDIT_INFORMATION, // PolicyAuditFullQueryInformation
POLICY_VIEW_LOCAL_INFORMATION, // PolicyDnsDomainInformation
POLICY_VIEW_LOCAL_INFORMATION, // PolicyDnsDomainInformationInt
};
ACCESS_MASK LsapDbRequiredAccessQueryDomainPolicy[PolicyDomainKerberosTicketInformation + 1] = {
0, // Information classes start at 2
0, // PolicyDomainQualityOfServiceInformation (outdated)
POLICY_VIEW_LOCAL_INFORMATION, // PolicyDomainEfsInformation
POLICY_VIEW_LOCAL_INFORMATION // PolicyDomainKerberosTicketInformation
};
//
// Table of accesses required to set Policy Information. This table
// is indexed by Policy Information Class
//
ACCESS_MASK LsapDbRequiredAccessSetPolicy[PolicyDnsDomainInformationInt + 1] = {
0, // Information classes start at 1
POLICY_AUDIT_LOG_ADMIN, // PolicyAuditLogInformation
POLICY_SET_AUDIT_REQUIREMENTS, // PolicyAuditEventsInformation
POLICY_TRUST_ADMIN, // PolicyPrimaryDomainInformation
0, // Not settable by non-trusted call
POLICY_TRUST_ADMIN, // PolicyAccountDomainInformation
POLICY_SERVER_ADMIN, // PolicyLsaServerRoleInformation
POLICY_SERVER_ADMIN, // PolicyReplicaSourceInformation
POLICY_SET_DEFAULT_QUOTA_LIMITS,// PolicyDefaultQuotaInformation
0, // Not settable by non-trusted call
POLICY_AUDIT_LOG_ADMIN, // PolicyAuditFullSetInformation
0, // Not applicable
POLICY_TRUST_ADMIN, // PolicyDnsDomainInformation
POLICY_TRUST_ADMIN, // PolicyDnsDomainInformationInt
};
ACCESS_MASK LsapDbRequiredAccessSetDomainPolicy[PolicyDomainKerberosTicketInformation + 1] = {
0, // Information classes start at 2
0, // PolicyDomainQualityOfServiceInformation (outdated)
POLICY_SERVER_ADMIN, // PolicyDomainEfsInformation
POLICY_SERVER_ADMIN // PolicyDomainKerberosTicketInformation
};
//
// Table of accesses required to query TrustedDomain Information. This table
// is indexed by TrustedDomain Information Class
//
ACCESS_MASK LsapDbRequiredAccessQueryTrustedDomain[TrustedDomainFullInformation2Internal + 1] = {
0, // Information classes start at 1
TRUSTED_QUERY_DOMAIN_NAME, // TrustedDomainNameInformation
TRUSTED_QUERY_CONTROLLERS, // TrustedControllersInformation
TRUSTED_QUERY_POSIX, // TrustedPosixOffsetInformation
TRUSTED_QUERY_AUTH, // TrustedPasswordInformation
TRUSTED_QUERY_DOMAIN_NAME, // TrustedDomainInformationBasic
TRUSTED_QUERY_DOMAIN_NAME, // TrustedDomainInformationEx
TRUSTED_QUERY_AUTH, // TrustedDomainAuthInformation
TRUSTED_QUERY_DOMAIN_NAME |
TRUSTED_QUERY_POSIX |
TRUSTED_QUERY_AUTH, // TrustedDomainFullInformation
TRUSTED_QUERY_AUTH, // TrustedDomainAuthInformationInternal
TRUSTED_QUERY_DOMAIN_NAME |
TRUSTED_QUERY_POSIX |
TRUSTED_QUERY_AUTH, // TrustedDomainFullInformationInternal
TRUSTED_QUERY_DOMAIN_NAME, // TrustedDomainInformationEx2Internal
TRUSTED_QUERY_DOMAIN_NAME |
TRUSTED_QUERY_POSIX |
TRUSTED_QUERY_AUTH // TrustedDomainFullInformation2Internal
};
//
// Table of accesses required to set TrustedDomain Information. This table
// is indexed by TrustedDomain Information Class
//
ACCESS_MASK LsapDbRequiredAccessSetTrustedDomain[TrustedDomainFullInformation2Internal + 1] = {
0, // Information classes start at 1
0, // not settable (TrustedDomainNameInformation)
TRUSTED_SET_CONTROLLERS, // TrustedControllersInformation
TRUSTED_SET_POSIX, // TrustedPosixOffsetInformation
TRUSTED_SET_AUTH, // TrustedPasswordInformation
TRUSTED_SET_POSIX, // TrustedDomainInformationBasic POSIX is a bad bit, but its too late to change it
TRUSTED_SET_POSIX, // TrustedDomainInformationEx POSIX is a bad bit, but its too late to change it
TRUSTED_SET_AUTH, // TrustedDomainAuthInformation
TRUSTED_SET_POSIX |
TRUSTED_SET_AUTH, // TrustedDomainFullInformation
TRUSTED_SET_AUTH, // TrustedDomainAuthInformationInternal
TRUSTED_SET_POSIX |
TRUSTED_SET_POSIX |
TRUSTED_SET_AUTH, // TrustedDomainFullInformationInternal
TRUSTED_SET_POSIX, // TrustedDomainInformationEx2Internal POSIX is a bad bit, but its too late to change it
TRUSTED_SET_POSIX |
TRUSTED_SET_AUTH // TrustedDomainFullInformation2Internal
};
//
// Cached Policy Object. Only default Quota Limits is cached just now.
//
LSAP_DB_POLICY LsapDbPolicy = {0};