archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 1b390dddff
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b390dddff'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/services/scerpc/sceutil.h

359 lines
10 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1996 Microsoft Corporation
  5. Module Name:
  7. sceutil.h
  9. Abstract:
  11. This module defines the data structures and function prototypes
  12. shared by both SCE client and SCE server
  14. Author:
  16. Jin Huang (jinhuang) 23-Jan-1998
  18. Revision History:
  20. jinhuang (splitted from scep.h)
  21. --*/
  22. #ifndef _sceutil_
  23. #define _sceutil_
  25. #include <ntlsa.h>
  26. #include <cfgmgr32.h>
  28. typedef struct _SCE_USER_PRIV_LOOKUP {
  29. UINT Value;
  30. PWSTR Name;
  31. }SCE_USER_PRIV_LOOKUP;
  33. static SCE_USER_PRIV_LOOKUP SCE_Privileges[] = {
  34. {0, (PWSTR)SE_NETWORK_LOGON_NAME},
  35. // Access the computer from network
  36. {SE_TCB_PRIVILEGE, (PWSTR)SE_TCB_NAME},
  37. // Act as part of the operating System
  38. {SE_MACHINE_ACCOUNT_PRIVILEGE, (PWSTR)SE_MACHINE_ACCOUNT_NAME},
  39. // Add workstations to the domain
  40. {SE_BACKUP_PRIVILEGE, (PWSTR)SE_BACKUP_NAME},
  41. // Back up files and directories
  42. {SE_CHANGE_NOTIFY_PRIVILEGE, (PWSTR)SE_CHANGE_NOTIFY_NAME},
  43. // Bypass traverse checking
  44. {SE_SYSTEMTIME_PRIVILEGE, (PWSTR)SE_SYSTEMTIME_NAME},
  45. // Change the system time
  46. {SE_CREATE_PAGEFILE_PRIVILEGE, (PWSTR)SE_CREATE_PAGEFILE_NAME},
  47. // Create a pagefile
  48. {SE_CREATE_TOKEN_PRIVILEGE, (PWSTR)SE_CREATE_TOKEN_NAME},
  49. // Create a token object
  50. {SE_CREATE_PERMANENT_PRIVILEGE, (PWSTR)SE_CREATE_PERMANENT_NAME},
  51. // Create permanent shared objects
  52. {SE_DEBUG_PRIVILEGE, (PWSTR)SE_DEBUG_NAME},
  53. // Debug programs
  54. {SE_REMOTE_SHUTDOWN_PRIVILEGE, (PWSTR)SE_REMOTE_SHUTDOWN_NAME},
  55. // Force shutdown from a remote system
  56. {SE_AUDIT_PRIVILEGE, (PWSTR)SE_AUDIT_NAME},
  57. // Generate security audits
  58. {SE_INCREASE_QUOTA_PRIVILEGE, (PWSTR)SE_INCREASE_QUOTA_NAME},
  59. // Increase quotas
  60. {SE_INC_BASE_PRIORITY_PRIVILEGE,(PWSTR)SE_INC_BASE_PRIORITY_NAME},
  61. // Increase scheduling priority
  62. {SE_LOAD_DRIVER_PRIVILEGE, (PWSTR)SE_LOAD_DRIVER_NAME},
  63. // Load and unload device drivers
  64. {SE_LOCK_MEMORY_PRIVILEGE, (PWSTR)SE_LOCK_MEMORY_NAME},
  65. // Lock pages in memory
  66. {0, (PWSTR)SE_BATCH_LOGON_NAME},
  67. // Logon as a batch job
  68. {0, (PWSTR)SE_SERVICE_LOGON_NAME},
  69. // Logon as a service
  70. {0, (PWSTR)SE_INTERACTIVE_LOGON_NAME},
  71. // Logon locally
  72. {SE_SECURITY_PRIVILEGE, (PWSTR)SE_SECURITY_NAME},
  73. // Manage auditing and security log
  74. {SE_SYSTEM_ENVIRONMENT_PRIVILEGE, (PWSTR)SE_SYSTEM_ENVIRONMENT_NAME},
  75. // Modify firmware environment variables
  76. {SE_PROF_SINGLE_PROCESS_PRIVILEGE,(PWSTR)SE_PROF_SINGLE_PROCESS_NAME},
  77. // Profile single process
  78. {SE_SYSTEM_PROFILE_PRIVILEGE, (PWSTR)SE_SYSTEM_PROFILE_NAME},
  79. // Profile system performance
  80. {SE_ASSIGNPRIMARYTOKEN_PRIVILEGE, (PWSTR)SE_ASSIGNPRIMARYTOKEN_NAME},
  81. // Replace a process-level token
  82. {SE_RESTORE_PRIVILEGE, (PWSTR)SE_RESTORE_NAME},
  83. // Restore files and directories
  84. {SE_SHUTDOWN_PRIVILEGE, (PWSTR)SE_SHUTDOWN_NAME},
  85. // Shut down the system
  86. {SE_TAKE_OWNERSHIP_PRIVILEGE, (PWSTR)SE_TAKE_OWNERSHIP_NAME},
  87. // Take ownership of files or other objects
  88. // {SE_UNSOLICITED_INPUT_PRIVILEGE,(PWSTR)SE_UNSOLICITED_INPUT_NAME},
  89. // Unsolicited Input is obsolete and unused
  90. {0, (PWSTR)SE_DENY_NETWORK_LOGON_NAME},
  91. // Deny access the computer from network
  92. {0, (PWSTR)SE_DENY_BATCH_LOGON_NAME},
  93. // Deny Logon as a batch job
  94. {0, (PWSTR)SE_DENY_SERVICE_LOGON_NAME},
  95. // Deny Logon as a service
  96. {0, (PWSTR)SE_DENY_INTERACTIVE_LOGON_NAME},
  97. // Deny logon locally
  98. {SE_UNDOCK_PRIVILEGE, (PWSTR)SE_UNDOCK_NAME},
  99. // Undock privilege
  100. {SE_SYNC_AGENT_PRIVILEGE, (PWSTR)SE_SYNC_AGENT_NAME},
  101. // Sync agent privilege
  102. {SE_ENABLE_DELEGATION_PRIVILEGE,(PWSTR)SE_ENABLE_DELEGATION_NAME},
  103. // enable delegation privilege
  104. {SE_MANAGE_VOLUME_PRIVILEGE, (PWSTR)SE_MANAGE_VOLUME_NAME},
  105. // (NTFS) Manage volume privilege
  106. {0, (PWSTR)SE_REMOTE_INTERACTIVE_LOGON_NAME},
  107. // (TS) logon locally from a TS session
  108. {0, (PWSTR)SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME}
  109. // (TS) deny logon locally from a TS session
  110. };
  112. typedef struct _SCE_TEMP_NODE_ {
  113. PWSTR Name;
  114. DWORD Len;
  115. BOOL bFree;
  116. } SCE_TEMP_NODE, *PSCE_TEMP_NODE;
  118. //
  119. // This structure is used to find well known name locally for performance.
  120. //
  121. typedef struct _WELL_KNOWN_NAME_LOOKUP {
  122. PWSTR StrSid;
  123. WCHAR Name[36];
  124. } WELL_KNOWN_NAME_LOOKUP, *PWELL_KNOWN_NAME_LOOKUP;
  126. #define TABLE_SIZE 33
  128. static WELL_KNOWN_NAME_LOOKUP NameTable[] = {
  129. //Universal well-known
  130. { L"S-1-1-0", L'\0' }, //Everyone
  131. //{ L"S-1-2-0", L'\0' }, //Local
  132. { L"S-1-3-0", L'\0' }, //Creator Owner
  133. { L"S-1-3-1", L'\0' }, //Creator Group
  134. { L"S-1-3-2", L'\0' }, //Creator Owner Server
  135. { L"S-1-3-3", L'\0' }, //Creator Group Server
  137. //NT well-known
  138. //{ L"S-1-5", L'\0' }, //NT Pseudo Domain
  139. { L"S-1-5-1", L'\0' }, //Dialup
  140. { L"S-1-5-2", L'\0' }, //Network
  141. { L"S-1-5-3", L'\0' }, //Batch
  142. { L"S-1-5-4", L'\0' }, //Interactive
  143. { L"S-1-5-6", L'\0' }, //Service
  144. { L"S-1-5-7", L'\0' }, //Anonymous Logon
  145. { L"S-1-5-8", L'\0' }, //Proxy
  146. { L"S-1-5-9", L'\0' }, //Enterprise Domain Controllers
  147. { L"S-1-5-10", L'\0' }, //Self
  148. { L"S-1-5-11", L'\0' }, //Authenticated Users
  149. { L"S-1-5-12", L'\0' }, //Restricted
  150. { L"S-1-5-13", L'\0' }, //Terminal Server User
  151. { L"S-1-5-18", L'\0' }, //Local system
  152. { L"S-1-5-19", L'\0' }, //Local Service
  153. { L"S-1-5-20", L'\0' }, //Network Service
  155. //Builtin
  156. { L"S-1-5-32-544", L'\0' }, //Administrtors
  157. { L"S-1-5-32-545", L'\0' }, //Users
  158. { L"S-1-5-32-546", L'\0' }, //Guests
  159. { L"S-1-5-32-547", L'\0' }, //Power Users
  160. { L"S-1-5-32-548", L'\0' }, //Account Operators
  161. { L"S-1-5-32-549", L'\0' }, //Server Operators
  162. { L"S-1-5-32-550", L'\0' }, //Print Operators
  163. { L"S-1-5-32-551", L'\0' }, //Backup Operators
  164. { L"S-1-5-32-552", L'\0' }, //Replicator
  165. { L"S-1-5-32-553", L'\0' }, //Ras Servers
  166. { L"S-1-5-32-554", L'\0' }, //PREW2KCOMPACCESS
  167. { L"S-1-5-32-555", L'\0' }, //Remote desktop users
  168. { L"S-1-5-32-556", L'\0' } // network configuraiton operators
  169. };
  171. //
  172. // Bit masks encoding rsop area information
  173. //
  174. #define SCE_RSOP_PASSWORD_INFO (0x1)
  175. #define SCE_RSOP_LOCKOUT_INFO (0x1 << 1)
  176. #define SCE_RSOP_LOGOFF_INFO (0x1 << 2)
  177. #define SCE_RSOP_ADMIN_INFO (0x1 << 3)
  178. #define SCE_RSOP_GUEST_INFO (0x1 << 4)
  179. #define SCE_RSOP_GROUP_INFO (0x1 << 5)
  180. #define SCE_RSOP_PRIVILEGE_INFO (0x1 << 6)
  181. #define SCE_RSOP_FILE_SECURITY_INFO (0x1 << 7)
  182. #define SCE_RSOP_REGISTRY_SECURITY_INFO (0x1 << 8)
  183. #define SCE_RSOP_AUDIT_LOG_MAXSIZE_INFO (0x1 << 9)
  184. #define SCE_RSOP_AUDIT_LOG_RETENTION_INFO (0x1 << 10)
  185. #define SCE_RSOP_AUDIT_LOG_GUEST_INFO (0x1 << 11)
  186. #define SCE_RSOP_AUDIT_EVENT_INFO (0x1 << 12)
  187. #define SCE_RSOP_KERBEROS_INFO (0x1 << 13)
  188. #define SCE_RSOP_REGISTRY_VALUE_INFO (0x1 << 14)
  189. #define SCE_RSOP_SERVICES_INFO (0x1 << 15)
  190. #define SCE_RSOP_FILE_SECURITY_INFO_CHILD (0x1 << 16)
  191. #define SCE_RSOP_REGISTRY_SECURITY_INFO_CHILD (0x1 << 17)
  192. #define SCE_RSOP_LSA_POLICY_INFO (0x1 << 18)
  193. #define SCE_RSOP_DISABLE_ADMIN_INFO (0x1 << 19)
  194. #define SCE_RSOP_DISABLE_GUEST_INFO (0x1 << 20)
  196. BOOL
  197. ScepInitNameTable();
  199. BOOL
  200. ScepLookupNameTable(
  201. IN PWSTR Name,
  202. OUT PWSTR *StrSid
  203. );
  205. INT
  206. ScepLookupPrivByName(
  207. IN PCWSTR Right
  208. );
  210. INT
  211. ScepLookupPrivByValue(
  212. IN DWORD Priv
  213. );
  215. SCESTATUS
  216. ScepGetProductType(
  217. OUT PSCE_SERVER_TYPE srvProduct
  218. );
  220. SCESTATUS
  221. ScepConvertMultiSzToDelim(
  222. IN PWSTR pValue,
  223. IN DWORD Len,
  224. IN WCHAR DelimFrom,
  225. IN WCHAR Delim
  226. );
  228. DWORD
  229. ScepAddTwoNamesToNameList(
  230. OUT PSCE_NAME_LIST *pNameList,
  231. IN BOOL bAddSeparator,
  232. IN PWSTR Name1,
  233. IN ULONG Length1,
  234. IN PWSTR Name2,
  235. IN ULONG Length2
  236. );
  238. NTSTATUS
  239. ScepDomainIdToSid(
  240. IN PSID DomainId,
  241. IN ULONG RelativeId,
  242. OUT PSID *Sid
  243. );
  245. DWORD
  246. ScepConvertSidToPrefixStringSid(
  247. IN PSID pSid,
  248. OUT PWSTR *StringSid
  249. );
  251. NTSTATUS
  252. ScepConvertSidToName(
  253. IN LSA_HANDLE LsaPolicy,
  254. IN PSID AccountSid,
  255. IN BOOL bFromDomain,
  256. OUT PWSTR *AccountName,
  257. OUT DWORD *Length OPTIONAL
  258. );
  260. NTSTATUS
  261. ScepConvertNameToSid(
  262. IN LSA_HANDLE LsaPolicy,
  263. IN PWSTR AccountName,
  264. OUT PSID *AccountSid
  265. );
  267. SCESTATUS
  268. ScepConvertNameToSidString(
  269. IN LSA_HANDLE LsaHandle,
  270. IN PWSTR Name,
  271. IN BOOL bAccountDomainOnly,
  272. OUT PWSTR *SidString,
  273. OUT DWORD *SidStrLen
  274. );
  276. SCESTATUS
  277. ScepLookupSidStringAndAddToNameList(
  278. IN LSA_HANDLE LsaHandle,
  279. IN OUT PSCE_NAME_LIST *pNameList,
  280. IN PWSTR LookupString,
  281. IN ULONG Len
  282. );
  284. SCESTATUS
  285. ScepLookupNameAndAddToSidStringList(
  286. IN LSA_HANDLE LsaHandle,
  287. IN OUT PSCE_NAME_LIST *pNameList,
  288. IN PWSTR LookupString,
  289. IN ULONG Len
  290. );
  292. NTSTATUS
  293. ScepOpenLsaPolicy(
  294. IN ACCESS_MASK access,
  295. OUT PLSA_HANDLE pPolicyHandle,
  296. IN BOOL bDoNotNotify
  297. );
  299. BOOL
  300. ScepIsSidFromAccountDomain(
  301. IN PSID pSid
  302. );
  304. BOOL
  305. SetupINFAsUCS2(
  306. IN LPCTSTR szName
  307. );
  309. WCHAR *
  310. ScepStripPrefix(
  311. IN LPTSTR pwszPath
  312. );
  314. DWORD
  315. ScepGenerateGuid(
  316. OUT PWSTR *ppwszGuid
  317. );
  319. SCESTATUS
  320. SceInfpGetPrivileges(
  321. IN HINF hInf,
  322. IN BOOL bLookupAccount,
  323. OUT PSCE_PRIVILEGE_ASSIGNMENT *pPrivileges,
  324. OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
  325. );
  327. DWORD
  328. ScepQueryAndAddService(
  329. IN SC_HANDLE hScManager,
  330. IN LPWSTR lpServiceName,
  331. IN LPWSTR lpDisplayName,
  332. OUT PSCE_SERVICES *pServiceList
  333. );
  335. NTSTATUS
  336. ScepIsSystemContext(
  337. IN HANDLE hUserToken,
  338. OUT BOOL *pbSystem
  339. );
  341. BOOL
  342. IsNT5();
  344. DWORD
  345. ScepVerifyTemplateName(
  346. IN PWSTR InfTemplateName,
  347. OUT PSCE_ERROR_LOG_INFO *pErrlog OPTIONAL
  348. );
  350. NTSTATUS
  351. ScepLsaLookupNames2(
  352. IN LSA_HANDLE PolicyHandle,
  353. IN ULONG Flags,
  354. IN PWSTR pszAccountName,
  355. OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,
  356. OUT PLSA_TRANSLATED_SID2 *Sids
  357. );
  359. #endif