archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
 
 
 
 
 
 
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/base/lsa/server/dspolicy/dsp.h

595 lines
17 KiB
Raw Blame History

/*++
Copyright (c) 1997 Microsoft Corporation
Module Name:
dsp.h
Abstract:
Private macros/definitions/prototypes for implementing a portion of the LSA store
in the DS
Author:
Mac McLain (MacM) Jan 17, 1997
Environment:
User Mode
Revision History:
--*/
#ifndef __DSP_H__
#define __DSP_H__
#include <filtypes.h>
#include <attids.h>
#include <dsattrs.h>
#ifndef PDSNAME
typedef DSNAME *PDSNAME;
#endif
#ifndef PATTR
typedef ATTR *PATTR;
#endif
#ifndef PGUID
typedef GUID *PGUID;
#endif
#define TENMEG 10485760
//
// Retuns the string name embedded in a DSNAME structure
//
#define LsapDsNameFromDsName(pdsname) \
((pdsname) == NULL ? NULL : (pdsname)->StringName)
//
// Returns the length of the string name embedded in a DSNAME structure
//
#define LsapDsNameLenFromDsName(pdsname) \
((pdsname) == NULL ? 0 : (pdsname)->NameLen)
//
// Returns the length of a unicode string buffer without the trailing NULL
//
#define LsapDsGetUnicodeStringLenNoNull(punicode) \
(((PWSTR)(punicode)->Buffer)[(punicode)->Length / sizeof(WCHAR) - 1] == UNICODE_NULL ? \
(punicode)->Length - sizeof(WCHAR) : \
(punicode)->Length)
#define LsapDsGetSelfRelativeUnicodeStringLenNoNull(punicode) \
(((PWSTR)((PBYTE)(punicode) + sizeof(UNICODE_STRING_SR)))[(punicode)->Length / sizeof(WCHAR) - 1] == UNICODE_NULL ? \
(punicode)->Length - sizeof(WCHAR) : \
(punicode)->Length)
#define LsapDsIsWriteDs( objhandle ) \
((((LSAP_DB_HANDLE)(objhandle))->fWriteDs && \
(((LSAP_DB_HANDLE)(objhandle))->ObjectTypeId == TrustedDomainObject || \
((LSAP_DB_HANDLE)(objhandle))->ObjectTypeId == SecretObject)) ? TRUE : FALSE )
#define LsapDsSetHandleWriteDs( objhandle ) (((LSAP_DB_HANDLE)(objhandle))->fWriteDs = TRUE)
#define LsapDsWriteDs ( LsaDsStateInfo.UseDs )
#define LSAPDS_ALLOC_AND_COPY_STRING_TO_UNICODE_ON_SUCCESS( status, dest, src, len )\
if ( NT_SUCCESS( status ) ) { \
\
(dest)->MaximumLength = (USHORT)(len) + sizeof(WCHAR); \
(dest)->Buffer = LsapAllocateLsaHeap( (dest)->MaximumLength ); \
\
if ( (dest)->Buffer == NULL ) { \
\
(status) = STATUS_INSUFFICIENT_RESOURCES; \
\
} else { \
\
(dest)->Length = (dest)->MaximumLength - sizeof( WCHAR ); \
RtlCopyMemory( (dest)->Buffer, (src), (dest)->Length ); \
((WCHAR*)((dest)->Buffer))[(len)/sizeof(WCHAR)] = L'\0'; \
} \
}
#define LSAPDS_ALLOC_AND_COPY_UNICODE_STRING_ON_SUCCESS( status, _dest_, _src_ ) \
if ( NT_SUCCESS( status ) ) { \
\
( _dest_ )->MaximumLength = ( _src_ )->MaximumLength; \
( _dest_ )->Buffer = LsapAllocateLsaHeap( (_dest_ )->MaximumLength ); \
\
if ( ( _dest_ )->Buffer == NULL ) { \
\
(status) = STATUS_INSUFFICIENT_RESOURCES; \
\
} else { \
\
RtlZeroMemory(( _dest_ )->Buffer, ( _dest_ )->MaximumLength ); \
( _dest_ )->Length = ( _src_ )->Length; \
RtlCopyMemory( ( _dest_ )->Buffer, ( _src_ )->Buffer, ( _dest_ )->Length ); \
} \
}
#define LSAPDS_ALLOC_AND_COPY_SID_ON_SUCCESS( status, dest, sid ) \
if ( NT_SUCCESS( status ) ) { \
\
(dest) = LsapAllocateLsaHeap( RtlLengthSid( sid ) ); \
if ( (dest) == NULL ) { \
\
(status) = STATUS_INSUFFICIENT_RESOURCES; \
\
} else { \
\
RtlCopyMemory( (dest), (sid), RtlLengthSid( sid ) ); \
} \
}
#define LSAPDS_COPY_GUID_ON_SUCCESS( status, dest, src ) \
if ( NT_SUCCESS( status ) ) { RtlCopyMemory((dest), (src), sizeof( GUID ) ); }
#define LsapDsReturnSuccessIfNoDs \
if ( !LsapDsWriteDs ) { \
\
return( STATUS_SUCCESS ); \
}
BOOL
SampExistsDsTransaction(
void
);
//
// Determines whether a bit is on or not
//
#define FLAG_ON(flags,bit) ((flags) & (bit))
#define LsapDsLengthAppendRdnLength( dsname, length ) \
DSNameSizeFromLen( ( LsapDsNameLenFromDsName( dsname ) + 5 + ( ( ( length ) / sizeof( WCHAR ) * 2 ) ) ) )
#define LsapDsSetDsaFlags( flag ) \
SampSetDsa( flag ); \
#define LsapDsInitializeAttrBlock( attrblock, attrs, count ) \
{ (attrblock)->attrCount = (count); \
(attrblock)->pAttr = (attrs); }
#define LSAP_DS_PARTITIONS_CONTAINER L"Partitions"
#define LSAP_DS_SYSTEM_CONTAINER L"System"
#define LSAP_DS_TRUSTED_DOMAIN L"trustedDomain"
#define LSAP_DS_SECRET L"secret"
#define LSAP_DS_SITES_CONTAINER L"CN=Sites"
#define LSAP_DS_SUBNET_CONTAINER L"CN=Subnets," LSAP_DS_SITES_CONTAINER
#define LSAP_DS_PATH_SEP L','
#define LSAP_DS_PATH_SEP_AS_STRING L","
#define LSAP_DS_CONTAINER_PREFIX L"CN="
#define LSAP_DS_SECRET_POSTFIX L" Secret"
#define LSAP_DS_SECRET_POSTFIX_LEN ((sizeof(LSAP_DS_SECRET_POSTFIX)/sizeof(WCHAR))-1)
#define LSAP_DS_TRUSTED_DOMAIN_SECRET_PREFIX L"G$$"
#define LSAP_DS_TRUSTED_DOMAIN_SECRET_PREFIX_SIZE \
(sizeof( LSAP_DS_TRUSTED_DOMAIN_SECRET_PREFIX ) - sizeof( WCHAR ) )
#define LSAP_DS_TRUSTED_DOMAIN_SECRET_PREFIX_LENGTH \
(LSAP_DS_TRUSTED_DOMAIN_SECRET_PREFIX_SIZE/sizeof(WCHAR))
#define LSAP_DS_INIT_ATTR(attr, type, cnt, vals) \
{ (attr).attrTyp = (type); \
(attr).AttrVal.valCount = (cnt); \
(attr).AttrVal.pAVal = (vals); }
//
// General flags to be used for all operations
//
#define LSAPDS_OP_NO_LOCK 0x00000001
#define LSAPDS_OP_NO_TRANS 0x00000002
//
// Flags to use for search
//
#define LSAPDS_SEARCH_ROOT 0x00008000
#define LSAPDS_SEARCH_ALL_NCS 0x00010000
#define LSAPDS_SEARCH_LEVEL 0x00020000
#define LSAPDS_SEARCH_TREE 0x00040000
#define LSAPDS_SEARCH_OR 0x00100000
#define LSAPDS_SEARCH_FLAGS 0x00168000
//
// Flags to use for Write
//
#define LSAPDS_REMOVE_ATTRIBUTE AT_CHOICE_REMOVE_ATT
#define LSAPDS_REPLACE_ATTRIBUTE AT_CHOICE_REPLACE_ATT
#define LSAPDS_WRITE_TYPES 0x00000FFF
#define LSAPDS_REPL_CHANGE_URGENTLY 0x00002000
#define LSAPDS_USE_PERMISSIVE_WRITE 0x00001000
//
// Flags to use for Read
//
#define LSAPDS_READ_NO_LOCK LSAPDS_OP_NO_LOCK
#define LSAPDS_READ_DELETED 0x00002000
#define LSAPDS_READ_RETURN_NOT_FOUND 0x10000000
//
// Flags to use for Create
//
#define LSAPDS_CREATE_TRUSTED 0x00002000
#define LSAPDS_CREATE_WITH_SD 0x00004000
NTSTATUS
LsapDsMapDsReturnToStatus (
ULONG DsStatus
);
NTSTATUS
LsapDsMapDsReturnToStatusEx (
IN COMMRES *pComRes
);
VOID
LsapDsInitializeStdCommArg (
IN COMMARG *pCommArg,
IN ULONG Flags
);
NTSTATUS
LsapAllocAndInitializeDsNameFromUnicode(
IN PLSA_UNICODE_STRING pObjectName,
OUT PDSNAME *pDsName
);
NTSTATUS
LsapDsSearchUnique(
IN ULONG Flags,
IN PDSNAME pContainer,
IN PATTR pAttrsToMatch,
IN ULONG cAttrs,
OUT PDSNAME *ppFoundName
);
NTSTATUS
LsapDsSearchNonUnique(
IN ULONG Flags,
IN PDSNAME pContainer,
IN PATTR pAttrToMatch,
IN ULONG Attrs,
OUT PDSNAME **pppFoundNames,
OUT PULONG pcNames
);
NTSTATUS
LsapDsFindUnique(
IN ULONG Flags,
IN PDSNAME NCName OPTIONAL,
IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
IN ATTRVAL *Attribute,
IN ATTRTYP AttId,
OUT PDSNAME *FoundObject
);
NTSTATUS
LsapDsCreateAndSetObject(
IN PLSA_UNICODE_STRING pObjectName,
IN ULONG Flags,
IN ULONG cItems,
IN ATTRTYP *pAttrTypeList,
IN ATTRVAL *pAttrValList
);
NTSTATUS
LsapDsCreateObjectDs(
IN PDSNAME ObjectName,
IN ULONG Flags,
IN ATTRBLOCK *AttrBlock
);
NTSTATUS
LsapDsRead (
IN PUNICODE_STRING pObject,
IN ULONG fFlags,
IN ATTRBLOCK *pAttributesToRead,
OUT ATTRBLOCK *pAttributeValues
);
NTSTATUS
LsapDsReadByDsName (
IN PDSNAME DsName,
IN ULONG fFlags,
IN ATTRBLOCK *pAttributesToRead,
OUT ATTRBLOCK *pAttributeValues
);
NTSTATUS
LsapDsRemove (
IN PDSNAME pObject
);
NTSTATUS
LsapDsWrite(
IN PUNICODE_STRING pObject,
IN ULONG Flags,
IN ATTRBLOCK *Attributes
);
NTSTATUS
LsapDsWriteByDsName(
IN PDSNAME DsName,
IN ULONG Flags,
IN ATTRBLOCK *Attributes
);
NTSTATUS
LsapDsLsaAttributeToDsAttribute(
IN PLSAP_DB_ATTRIBUTE LsaAttribute,
OUT PATTR Attr
);
NTSTATUS
LsapDsDsAttributeToLsaAttribute(
IN ATTRVAL *AttVal,
OUT PLSAP_DB_ATTRIBUTE LsaAttribute
);
NTSTATUS
LsapDsIsSecretDsTrustedDomain(
IN PUNICODE_STRING SecretName,
IN PLSAP_DB_OBJECT_INFORMATION ObjectInformation,
IN ULONG Options,
IN ACCESS_MASK DesiredAccess,
OUT PLSAPR_HANDLE TDObjHandle,
OUT BOOLEAN *IsTrustedDomainSecret
);
NTSTATUS
LsapDsIsHandleDsObjectTypeHandle(
IN LSAP_DB_HANDLE Handle,
IN LSAP_DB_OBJECT_TYPE_ID ObjectType,
OUT BOOLEAN *IsObjectHandle
);
#define LsapDsIsHandleDsHandle( handle ) \
(LsaDsStateInfo.UseDs && ((LSAP_DB_HANDLE) (handle))->PhysicalNameDs.Length != 0 )
#define LsapDsIsFunctionTableValid() LsaDsStateInfo.FunctionTableInitialized
NTSTATUS
LsapDsTrustedDomainSidToLogicalName(
IN PSID Sid,
OUT PUNICODE_STRING LogicalNameU
);
NTSTATUS
LsapDsInitAllocAsNeededEx(
IN ULONG Options,
IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
OUT PBOOLEAN Reset
);
VOID
LsapDsDeleteAllocAsNeededEx(
IN ULONG Options,
IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
IN BOOLEAN Reset
);
VOID
LsapDsDeleteAllocAsNeededEx2(
IN ULONG Options,
IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
IN BOOLEAN Reset,
IN BOOLEAN RollbackTransaction
);
NTSTATUS
LsapDsCauseTransactionToCommitOrAbort (
IN BOOLEAN Commit
);
NTSTATUS
LsapDsGetListOfSystemContainerItems(
IN ULONG ClassId,
OUT PULONG Items,
OUT PDSNAME **DsNames
);
//
// Enumeration flags defined in dbp.h
//
NTSTATUS
LsapDsEnumerateTrustedDomainsEx(
IN PLSA_ENUMERATION_HANDLE EnumerationContext,
IN TRUSTED_INFORMATION_CLASS InformationClass,
OUT PLSAPR_TRUSTED_DOMAIN_INFO *TrustedDomainInformation,
IN ULONG PreferedMaximumLength,
IN OUT PULONG CountReturned,
IN ULONG EnumerationFlags
);
NTSTATUS
LsapDsGetTrustedDomainInfoEx(
IN PDSNAME ObjectPath,
IN ULONG ReadOptions,
IN TRUSTED_INFORMATION_CLASS InformationClass,
OUT PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation,
OUT PULONG Size OPTIONAL
);
NTSTATUS
LsapDsBuildAuthInfoAttribute(
IN LSAPR_HANDLE Handle,
IN PLSAPR_TRUST_DOMAIN_AUTH_INFO_HALF NewAuthInfo,
IN PLSAPR_TRUST_DOMAIN_AUTH_INFO_HALF PreviousAuthInfo,
OUT PBYTE *Buffer,
OUT PULONG Len
);
NTSTATUS
LsapDsBuildAuthInfoFromAttribute(
IN LSAPR_HANDLE Handle,
IN PBYTE Buffer,
IN ULONG Len,
OUT PLSAPR_TRUST_DOMAIN_AUTH_INFO_HALF NewAuthInfo
);
NTSTATUS
LsapDecryptAuthDataWithSessionKey(
IN PLSAP_CR_CIPHER_KEY SessionKey,
IN PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL AuthInformationInternal,
IN PTRUSTED_DOMAIN_AUTH_INFORMATION AuthInfo
);
VOID
LsapDsFreeUnmarshaledAuthInfo(
IN ULONG Items,
IN PLSAPR_AUTH_INFORMATION AuthInfo
);
VOID
LsapDsFreeUnmarshalAuthInfoHalf(
IN PLSAPR_TRUST_DOMAIN_AUTH_INFO_HALF AuthInfo
);
NTSTATUS
LsapDsGetSecretOnTrustedDomainObject(
IN LSAP_DB_HANDLE TrustedDomainHandle,
IN OPTIONAL PLSAP_CR_CIPHER_KEY SessionKey OPTIONAL,
OUT PLSAP_CR_CIPHER_VALUE *CipherCurrent OPTIONAL,
OUT PLSAP_CR_CIPHER_VALUE *CipherOld OPTIONAL,
OUT PLARGE_INTEGER CurrentValueSetTime OPTIONAL,
OUT PLARGE_INTEGER OldValueSetTime OPTIONAL
);
NTSTATUS
LsapDsSetSecretOnTrustedDomainObject(
IN LSAP_DB_HANDLE TrustedDomainHandle,
IN ULONG AuthDataType,
IN PLSAP_CR_CLEAR_VALUE ClearCurrent,
IN PLSAP_CR_CLEAR_VALUE ClearOld,
IN PLARGE_INTEGER CurrentValueSetTime
);
NTSTATUS
LsapDsAuthDataOnTrustedDomainObject(
IN LSAP_DB_HANDLE TrustedDomainHandle,
IN BOOLEAN Incoming,
IN ULONG AuthDataType,
IN PLSAP_CR_CLEAR_VALUE ClearCurrent,
IN PLSAP_CR_CLEAR_VALUE ClearOld,
IN PLARGE_INTEGER CurrentValueSetTime
);
NTSTATUS
LsapDsEnumerateTrustedDomainsAsSecrets(
IN OUT PLSAP_DB_NAME_ENUMERATION_BUFFER DbEnumerationBuffer
);
NTSTATUS
LsapDsEnumerateSecrets(
IN OUT PLSAP_DB_NAME_ENUMERATION_BUFFER EnumerationBuffer
);
NTSTATUS
LsapDbOpenObjectDs(
IN PLSAP_DB_OBJECT_INFORMATION ObjectInformation,
IN PDSNAME DsName,
IN ACCESS_MASK DesiredAccess,
IN ULONG Options,
OUT PLSAPR_HANDLE ObjectHandle
);
NTSTATUS
LsapSceNotify(
IN SECURITY_DB_DELTA_TYPE DeltaType,
IN SECURITY_DB_OBJECT_TYPE ObjectType,
IN PSID ObjectSid OPTIONAL
);
NTSTATUS
LsapNetNotifyDelta (
IN SECURITY_DB_TYPE DbType,
IN LARGE_INTEGER SerialNumber,
IN SECURITY_DB_DELTA_TYPE DeltaType,
IN SECURITY_DB_OBJECT_TYPE ObjectType,
IN ULONG ObjectRid,
IN PSID ObjectSid,
IN PUNICODE_STRING ObjectName,
IN DWORD ReplicateImmediately,
IN PSAM_DELTA_DATA MemberId
);
NTSTATUS
LsapDsCopyDsNameLsa(
OUT PDSNAME *Dest,
IN PDSNAME Source
);
NTSTATUS
LsapDsDomainUpgradeRegistryToDs(
IN BOOLEAN DeleteOldValues
);
NTSTATUS
LsapDsSecretUpgradeRegistryToDs(
IN BOOLEAN DeleteOldValues
);
NTSTATUS
LsapDsDomainUpgradeInterdomainTrustAccountsToDs(
VOID
);
NTSTATUS
LsapDsCreateInterdomainTrustAccount(
IN LSAPR_HANDLE TrustedDomainObject
);
NTSTATUS
LsapDsDeleteInterdomainTrustAccount(
IN LSAPR_HANDLE TrustedDomainObject
);
NTSTATUS
LsapDsCreateInterdomainTrustAccountByDsName(
IN PDSNAME TrustedDomainPath,
IN PUNICODE_STRING FlatName
);
NTSTATUS
LsapDsFixupTrustedDomainObjectOnRestart(
VOID
);
VOID
LsapDsContinueTransaction(
VOID
);
NTSTATUS
LsapBuildForestTrustInfoLists(
IN LSAPR_HANDLE PolicyHandle,
IN PLIST_ENTRY TrustList
);
VOID
LsapDsForestFreeTrustBlobList(
IN PLIST_ENTRY TrustList
);
NTSTATUS
LsapDsTrustedDomainObjectNameForDomain(
IN PUNICODE_STRING TrustedDomainName,
IN BOOLEAN NameAsFlatName,
OUT PDSNAME *DsObjectName
);
BOOLEAN
LsapNullUuid(
IN const UUID *pUuid
);
#endif