archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 744f0b4006
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '744f0b4006'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/published/inc/secedit.w

1112 lines
28 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1996 Microsoft Corporation
  5. Module Name:
  7. secedit.h
  9. Abstract:
  11. This module defines the exported data structures and function prototypes
  12. for the security managment utility
  14. Author:
  16. Jin Huang (jinhuang) 28-Oct-1996
  18. Revision History:
  20. --*/
  22. #ifndef _secedit_
  23. #define _secedit_
  25. #ifdef __cplusplus
  26. extern "C"{
  27. #endif
  29. //
  30. // definition for areas
  31. //
  32. #ifndef SCE_AREA_DEFINED
  33. #define SCE_AREA_DEFINED
  34. typedef DWORD AREA_INFORMATION;
  36. #define AREA_SECURITY_POLICY 0x0001L
  37. #define AREA_USER_SETTINGS 0x0002L
  38. #define AREA_GROUP_MEMBERSHIP 0x0004L
  39. #define AREA_PRIVILEGES 0x0008L
  40. #define AREA_DS_OBJECTS 0x0010L
  41. #define AREA_REGISTRY_SECURITY 0x0020L
  42. #define AREA_FILE_SECURITY 0x0040L
  43. #define AREA_SYSTEM_SERVICE 0x0080L
  44. #define AREA_ATTACHMENTS 0x8000L
  45. #define AREA_ALL 0xFFFFL
  47. #endif
  48. //
  49. // Other constants
  50. //
  51. #define AREA_PASSWORD_POLICY 0x0100L
  52. #define AREA_LOCKOUT_POLICY 0x0200L
  53. #define AREA_KERBEROS_POLICY 0x0400L
  54. #define AREA_ACCOUNT_POLICY (AREA_PASSWORD_POLICY | \
  55. AREA_LOCKOUT_POLICY | \
  56. AREA_KERBEROS_POLICY)
  58. #define AREA_AUDIT_POLICY 0x0800L
  59. #define AREA_SECURITY_OPTIONS 0x1000L
  60. #define AREA_LOCAL_POLICY (AREA_AUDIT_POLICY |\
  61. AREA_PRIVILEGES |\
  62. AREA_SECURITY_OPTIONS)
  64. #define AREA_LOG_POLICY 0x2000L
  67. #define SCE_STATUS_CHECK 0
  68. #define SCE_STATUS_IGNORE 1
  69. #define SCE_STATUS_OVERWRITE 2
  70. #define SCE_STATUS_NO_AUTO_INHERIT 4
  72. #define SCE_STATUS_IN 0
  73. #define SCE_STATUS_NOT_IN 1
  75. #define SCE_STATUS_NO_ACL_SUPPORT 3
  77. #define SCE_STATUS_GOOD 0
  78. #define SCE_STATUS_MISMATCH 1
  79. #define SCE_STATUS_CHILDREN_CONFIGURED 2
  80. #define SCE_STATUS_NOT_CONFIGURED 4
  81. #define SCE_STATUS_ERROR_NOT_AVAILABLE 5
  82. #define SCE_STATUS_NEW_SERVICE 6
  83. #define SCE_STATUS_NOT_ANALYZED 7
  85. #define SCE_STATUS_PERMISSION_MISMATCH 0x40
  86. #define SCE_STATUS_AUDIT_MISMATCH 0x80
  88. #ifdef _WIN64
  89. #define SCE_SETUP_32KEY 0x2000L
  90. #endif
  92. typedef enum _SCE_TYPE {
  94. SCE_ENGINE_SYSTEM=300,
  95. SCE_ENGINE_GPO,
  96. SCE_ENGINE_SCP, // effective table
  97. SCE_ENGINE_SAP, // analysis table
  98. SCE_ENGINE_SCP_INTERNAL,
  99. SCE_ENGINE_SMP_INTERNAL,
  100. SCE_ENGINE_SMP, // local table
  101. SCE_STRUCT_INF,
  102. SCE_STRUCT_PROFILE,
  103. SCE_STRUCT_USER,
  104. SCE_STRUCT_NAME_LIST,
  105. SCE_STRUCT_NAME_STATUS_LIST,
  106. SCE_STRUCT_PRIVILEGE,
  107. SCE_STRUCT_GROUP,
  108. SCE_STRUCT_OBJECT_LIST,
  109. SCE_STRUCT_OBJECT_CHILDREN,
  110. SCE_STRUCT_OBJECT_SECURITY,
  111. SCE_STRUCT_OBJECT_ARRAY,
  112. SCE_STRUCT_ERROR_LOG_INFO,
  113. SCE_STRUCT_SERVICES,
  114. SCE_STRUCT_PRIVILEGE_VALUE_LIST
  116. } SCETYPE;
  118. typedef enum _SCE_FORMAT_TYPE_ {
  120. SCE_INF_FORMAT=1,
  121. SCE_JET_FORMAT,
  122. SCE_JET_ANALYSIS_REQUIRED
  124. } SCE_FORMAT_TYPE, *PSCE_FORMAT_TYPE;
  126. static const WCHAR szMembers[] = L"__Members";
  127. static const WCHAR szMemberof[] = L"__Memberof";
  128. static const WCHAR szPrivileges[] = L"__Privileges";
  130. #define SCE_BUF_LEN 1024
  132. #define SCE_FOREVER_VALUE (DWORD)-1
  133. #define SCE_NO_VALUE (DWORD)-2
  134. #define SCE_KERBEROS_OFF_VALUE (DWORD)-3
  135. #define SCE_DELETE_VALUE (DWORD)-4
  136. #define SCE_SNAPSHOT_VALUE (DWORD)-5
  137. #define SCE_NOT_ANALYZED_VALUE (DWORD)-6
  138. #define SCE_ERROR_VALUE (DWORD)-7
  140. #ifndef _SCE_SHARED_HEADER
  141. #define _SCE_SHARED_HEADER
  143. typedef DWORD SCESTATUS;
  145. #define SCESTATUS_SUCCESS 0L
  146. #define SCESTATUS_INVALID_PARAMETER 1L
  147. #define SCESTATUS_RECORD_NOT_FOUND 2L
  148. #define SCESTATUS_INVALID_DATA 3L
  149. #define SCESTATUS_OBJECT_EXIST 4L
  150. #define SCESTATUS_BUFFER_TOO_SMALL 5L
  151. #define SCESTATUS_PROFILE_NOT_FOUND 6L
  152. #define SCESTATUS_BAD_FORMAT 7L
  153. #define SCESTATUS_NOT_ENOUGH_RESOURCE 8L
  154. #define SCESTATUS_ACCESS_DENIED 9L
  155. #define SCESTATUS_CANT_DELETE 10L
  156. #define SCESTATUS_PREFIX_OVERFLOW 11L
  157. #define SCESTATUS_OTHER_ERROR 12L
  158. #define SCESTATUS_ALREADY_RUNNING 13L
  159. #define SCESTATUS_SERVICE_NOT_SUPPORT 14L
  160. #define SCESTATUS_MOD_NOT_FOUND 15L
  161. #define SCESTATUS_EXCEPTION_IN_SERVER 16L
  162. #define SCESTATUS_NO_TEMPLATE_GIVEN 17L
  163. #define SCESTATUS_NO_MAPPING 18L
  164. #define SCESTATUS_TRUST_FAIL 19L
  165. #define SCESTATUS_JET_DATABASE_ERROR 20L
  166. #define SCESTATUS_TIMEOUT 21L
  167. #define SCESTATUS_PENDING_IGNORE 22L
  168. #define SCESTATUS_SPECIAL_ACCOUNT 23L
  170. //
  171. // defined for services
  172. //
  173. typedef struct _SCESVC_CONFIGURATION_LINE_ {
  175. LPTSTR Key;
  176. LPTSTR Value;
  177. DWORD ValueLen; // number of bytes
  179. } SCESVC_CONFIGURATION_LINE, *PSCESVC_CONFIGURATION_LINE;
  181. typedef struct _SCESVC_CONFIGURATION_INFO_ {
  183. DWORD Count;
  184. PSCESVC_CONFIGURATION_LINE Lines;
  186. } SCESVC_CONFIGURATION_INFO, *PSCESVC_CONFIGURATION_INFO;
  188. typedef PVOID SCE_HANDLE;
  189. typedef ULONG SCE_ENUMERATION_CONTEXT, *PSCE_ENUMERATION_CONTEXT;
  191. #define SCESVC_ENUMERATION_MAX 100L
  193. typedef enum _SCESVC_INFO_TYPE {
  195. SceSvcConfigurationInfo,
  196. SceSvcMergedPolicyInfo,
  197. SceSvcAnalysisInfo,
  198. SceSvcInternalUse // !!!do not use this type!!!
  200. } SCESVC_INFO_TYPE;
  202. // root path for SCE key
  203. #define SCE_ROOT_PATH TEXT("Software\\Microsoft\\Windows NT\\CurrentVersion\\SeCEdit")
  205. #define SCE_ROOT_SERVICE_PATH \
  206. SCE_ROOT_PATH TEXT("\\SvcEngs")
  207. #endif
  209. //
  210. // All section names defined in the SCP/SAP profiles.
  211. //
  213. static const WCHAR szDescription[] = L"Profile Description";
  214. static const WCHAR szAttachments[] = L"Attachment Sections";
  215. static const WCHAR szSystemAccess[] = L"System Access";
  216. static const WCHAR szPrivilegeRights[] = L"Privilege Rights";
  217. static const WCHAR szGroupMembership[] = L"Group Membership";
  218. static const WCHAR szAccountProfiles[] = L"Account Profiles";
  219. static const WCHAR szRegistryKeys[] = L"Registry Keys";
  220. static const WCHAR szFileSecurity[] = L"File Security";
  221. static const WCHAR szDSSecurity[] = L"DS Security";
  222. static const WCHAR szAuditSystemLog[] = L"System Log";
  223. static const WCHAR szAuditSecurityLog[] = L"Security Log";
  224. static const WCHAR szAuditApplicationLog[] = L"Application Log";
  225. static const WCHAR szAuditEvent[] = L"Event Audit";
  226. static const WCHAR szUserList[] = L"User List";
  227. static const WCHAR szServiceGeneral[] = L"Service General Setting";
  228. static const WCHAR szKerberosPolicy[] = L"Kerberos Policy";
  229. static const WCHAR szRegistryValues[] = L"Registry Values";
  232. //
  233. // A list of names (e.g., users, groups, machines, and etc)
  234. //
  236. typedef struct _SCE_NAME_LIST {
  237. PWSTR Name;
  238. struct _SCE_NAME_LIST *Next;
  239. }SCE_NAME_LIST, *PSCE_NAME_LIST;
  241. //
  242. // a list of accounts with privileges held
  243. //
  244. typedef struct _SCE_PRIVILEGE_VALUE_LIST {
  245. PWSTR Name;
  246. DWORD PrivLowPart;
  247. DWORD PrivHighPart;
  248. struct _SCE_PRIVILEGE_VALUE_LIST *Next;
  249. }SCE_PRIVILEGE_VALUE_LIST, *PSCE_PRIVILEGE_VALUE_LIST;
  251. //
  252. // structure for error info
  253. //
  255. typedef struct _SCE_ERROR_LOG_INFO{
  256. PWSTR buffer;
  257. DWORD rc;
  258. struct _SCE_ERROR_LOG_INFO *next;
  259. } SCE_ERROR_LOG_INFO, *PSCE_ERROR_LOG_INFO;
  261. //
  262. // The privileges/rights each user/group holds are saved into a INT field -
  263. // PrivilegeRights. The first bit in this field is the first right defined
  264. // in the SCE_Privileges array as above. The second bit is the second right
  265. // defined in that array, and so on.
  266. //
  267. #define cPrivCnt 37
  268. #define cPrivW2k 34
  270. typedef struct _SCE_PRIVILEGE_ASSIGNMENT {
  271. PWSTR Name;
  272. DWORD Value;
  273. // This value could be translated by SceLookupPrivByValue
  274. // The reason we define another set of privilege values is
  275. // we include both privilege and user rights into one set
  276. // (user rights do not have priv value on NT system).
  277. PSCE_NAME_LIST AssignedTo;
  278. // SCE_STATUS_GOOD
  279. // SCE_STATUS_MISMATCH
  280. // SCE_STATUS_NOT_CONFIGURED
  281. // SCE_DELETE_VALUE indicates that this priv is deleted from local table
  282. DWORD Status;
  283. struct _SCE_PRIVILEGE_ASSIGNMENT *Next;
  284. } SCE_PRIVILEGE_ASSIGNMENT, *PSCE_PRIVILEGE_ASSIGNMENT;
  286. //
  287. // A list of log on hours range
  288. //
  290. typedef struct _SCE_LOGON_HOUR {
  291. DWORD Start;
  292. DWORD End;
  293. struct _SCE_LOGON_HOUR *Next;
  294. }SCE_LOGON_HOUR, *PSCE_LOGON_HOUR;
  296. //
  297. // A list of names (e.g., users, groups, machines, and etc)
  298. // with a status (e.g., disabled )
  299. //
  301. typedef struct _SCE_NAME_STATUS_LIST {
  302. PWSTR Name;
  303. DWORD Status;
  304. struct _SCE_NAME_STATUS_LIST *Next;
  305. }SCE_NAME_STATUS_LIST, *PSCE_NAME_STATUS_LIST;
  307. //
  308. // Structure definition for service list (service dll)
  309. //
  312. #define SCE_STARTUP_BOOT 0x00
  313. #define SCE_STARTUP_SYSTEM 0x01
  314. #define SCE_STARTUP_AUTOMATIC 0x02
  315. #define SCE_STARTUP_MANUAL 0x03
  316. #define SCE_STARTUP_DISABLED 0x04
  318. typedef struct _SCE_SERVICES_ {
  319. PWSTR ServiceName;
  320. PWSTR DisplayName;
  322. BYTE Status;
  323. BYTE Startup;
  325. union {
  327. PSECURITY_DESCRIPTOR pSecurityDescriptor;
  328. PWSTR ServiceEngineName;
  330. } General;
  332. SECURITY_INFORMATION SeInfo;
  334. struct _SCE_SERVICES_ *Next;
  336. }SCE_SERVICES, *PSCE_SERVICES;
  338. //
  339. // Group memberships
  340. //
  342. #define SCE_GROUP_STATUS_MEMBERS_MISMATCH 0x01
  343. #define SCE_GROUP_STATUS_MEMBEROF_MISMATCH 0x02
  344. #define SCE_GROUP_STATUS_NC_MEMBERS 0x04
  345. #define SCE_GROUP_STATUS_NC_MEMBEROF 0x08
  346. #define SCE_GROUP_STATUS_NOT_ANALYZED 0x10
  347. #define SCE_GROUP_STATUS_ERROR_ANALYZED 0x20
  350. typedef struct _SCE_GROUP_MEMBERSHIP {
  351. PWSTR GroupName;
  352. PSCE_NAME_LIST pMembers;
  353. PSCE_NAME_LIST pMemberOf;
  355. DWORD Status;
  356. //
  357. // pPrivilegesHeld is for analysis only.
  358. // The format of each entry in this list is:
  359. // [PrivValue NULL] (directly assigned), or
  360. // [PrivValue Name] (via group "Name")
  361. // To configure privileges, use AREA_PRIVILEGES area
  362. //
  363. // This PrivValue could be translated by SceLookupPrivByValue
  364. // The reason we define another set of privilege values is
  365. // we include both privilege and user rights into one set
  366. // (user rights do not have priv value on NT system).
  367. PSCE_NAME_STATUS_LIST pPrivilegesHeld;
  368. struct _SCE_GROUP_MEMBERSHIP *Next;
  369. }SCE_GROUP_MEMBERSHIP, *PSCE_GROUP_MEMBERSHIP;
  371. //
  372. // Definition of Registry and file security
  373. //
  375. typedef struct _SCE_OBJECT_SECURITY {
  376. PWSTR Name;
  377. BYTE Status;
  378. BOOL IsContainer;
  379. PSECURITY_DESCRIPTOR pSecurityDescriptor;
  380. SECURITY_INFORMATION SeInfo;
  381. // PWSTR SDspec;
  382. // DWORD SDsize;
  383. }SCE_OBJECT_SECURITY, *PSCE_OBJECT_SECURITY;
  385. //
  386. // A list of objects (e.g., files, registry keys, and etc)
  387. //
  389. typedef struct _SCE_OBJECT_LIST {
  390. PWSTR Name;
  391. BYTE Status;
  392. // Status could be the status (mismatched/unknown) of the object
  393. // or, it could be a flag to ignore/check this ojbect
  394. //
  395. BOOL IsContainer;
  396. DWORD Count;
  397. // Total count of mismatched/unknown objects under this object
  398. struct _SCE_OBJECT_LIST *Next;
  399. }SCE_OBJECT_LIST, *PSCE_OBJECT_LIST;
  401. typedef struct _SCE_OBJECT_ARRAY_ {
  403. DWORD Count;
  404. PSCE_OBJECT_SECURITY *pObjectArray;
  406. } SCE_OBJECT_ARRAY, *PSCE_OBJECT_ARRAY;
  408. typedef union _SCE_OBJECTS_ {
  409. // for Jet databases
  410. PSCE_OBJECT_LIST pOneLevel;
  411. // for Inf files
  412. PSCE_OBJECT_ARRAY pAllNodes;
  413. } SCE_OBJECTS, *PSCE_OBJECTS;
  415. typedef struct _SCE_OBJECT_CHILDREN_NODE {
  417. PWSTR Name;
  418. BYTE Status;
  419. BOOL IsContainer;
  420. DWORD Count;
  422. } SCE_OBJECT_CHILDREN_NODE, *PSCE_OBJECT_CHILDREN_NODE;
  424. typedef struct _SCE_OBJECT_CHILDREN {
  426. DWORD nCount;
  427. DWORD MaxCount;
  428. PSCE_OBJECT_CHILDREN_NODE arrObject;
  430. } SCE_OBJECT_CHILDREN, *PSCE_OBJECT_CHILDREN;
  432. typedef struct _SCE_KERBEROS_TICKET_INFO_ {
  433. DWORD MaxTicketAge; // in hours (default 10), SCE_NO_VALUE, SCE_FOREVER_VALUE, no 0
  435. DWORD MaxRenewAge; // in days (default 7), SCE_NO_VALUE, SCE_FOREVER_VALUE, no 0
  437. DWORD MaxServiceAge; // in minutes (default 60), SCE_NO_VALUE, 10-MaxTicketAge
  438. DWORD MaxClockSkew; // in minutes (default 5), SCE_NO_VALUE
  440. // options
  441. DWORD TicketValidateClient; // 0, 1, or SCE_NO_VALUE
  443. //
  444. // all other options are not configurable.
  445. //
  447. } SCE_KERBEROS_TICKET_INFO, *PSCE_KERBEROS_TICKET_INFO;
  449. typedef struct _SCE_REGISTRY_VALUE_INFO_ {
  450. LPTSTR FullValueName;
  451. LPTSTR Value;
  452. DWORD ValueType;
  453. DWORD Status; // match, mismatch, not analyzed, error
  455. } SCE_REGISTRY_VALUE_INFO, *PSCE_REGISTRY_VALUE_INFO;
  457. //
  458. // Profile structure
  459. //
  460. typedef struct _SCE_PROFILE_INFO {
  462. // Type is used to free the structure by SceFreeMemory
  463. SCETYPE Type;
  464. //
  465. // Area: System access
  466. //
  467. DWORD MinimumPasswordAge;
  468. DWORD MaximumPasswordAge;
  469. DWORD MinimumPasswordLength;
  470. DWORD PasswordComplexity;
  471. DWORD PasswordHistorySize;
  472. DWORD LockoutBadCount;
  473. DWORD ResetLockoutCount;
  474. DWORD LockoutDuration;
  475. DWORD RequireLogonToChangePassword;
  476. DWORD ForceLogoffWhenHourExpire;
  477. PWSTR NewAdministratorName;
  478. PWSTR NewGuestName;
  479. DWORD SecureSystemPartition;
  480. DWORD ClearTextPassword;
  481. DWORD LSAAnonymousNameLookup;
  482. union {
  483. struct {
  484. // Area : user settings (scp)
  485. PSCE_NAME_LIST pAccountProfiles;
  486. // Area: privileges
  487. // Name field is the user/group name, Status field is the privilege(s)
  488. // assigned to the user/group
  489. union {
  490. // PSCE_NAME_STATUS_LIST pPrivilegeAssignedTo;
  491. PSCE_PRIVILEGE_VALUE_LIST pPrivilegeAssignedTo;
  492. PSCE_PRIVILEGE_ASSIGNMENT pInfPrivilegeAssignedTo;
  493. } u;
  494. } scp;
  495. struct {
  496. // Area: user settings (sap)
  497. PSCE_NAME_LIST pUserList;
  498. // Area: privileges
  499. PSCE_PRIVILEGE_ASSIGNMENT pPrivilegeAssignedTo;
  500. } sap;
  501. struct {
  502. // Area: user settings (smp)
  503. PSCE_NAME_LIST pUserList;
  504. // Area: privileges
  505. // See sap structure for pPrivilegeAssignedTo
  506. PSCE_PRIVILEGE_ASSIGNMENT pPrivilegeAssignedTo;
  507. } smp;
  508. } OtherInfo;
  510. // Area: group membership
  511. PSCE_GROUP_MEMBERSHIP pGroupMembership;
  513. // Area: Registry
  514. SCE_OBJECTS pRegistryKeys;
  516. // Area: System Services
  517. PSCE_SERVICES pServices;
  519. // System storage
  520. SCE_OBJECTS pFiles;
  521. //
  522. // ds object
  523. //
  524. SCE_OBJECTS pDsObjects;
  525. //
  526. // kerberos policy settings
  527. //
  528. PSCE_KERBEROS_TICKET_INFO pKerberosInfo;
  529. //
  530. // System audit 0-system 1-security 2-application
  531. //
  532. DWORD MaximumLogSize[3];
  533. DWORD AuditLogRetentionPeriod[3];
  534. DWORD RetentionDays[3];
  535. DWORD RestrictGuestAccess[3];
  536. DWORD AuditSystemEvents;
  537. DWORD AuditLogonEvents;
  538. DWORD AuditObjectAccess;
  539. DWORD AuditPrivilegeUse;
  540. DWORD AuditPolicyChange;
  541. DWORD AuditAccountManage;
  542. DWORD AuditProcessTracking;
  543. DWORD AuditDSAccess;
  544. DWORD AuditAccountLogon;
  545. DWORD CrashOnAuditFull;
  547. //
  548. // registry values
  549. //
  550. DWORD RegValueCount;
  551. PSCE_REGISTRY_VALUE_INFO aRegValues;
  552. DWORD EnableAdminAccount;
  553. DWORD EnableGuestAccount;
  555. }SCE_PROFILE_INFO, *PSCE_PROFILE_INFO;
  557. //
  558. // The definition for security user profile which is used to assign common
  559. // user settings to a group of users/groups in the security manager.
  560. //
  562. typedef struct _SCE_USER_PROFILE {
  563. SCETYPE Type;
  564. // Type is used to free the structure by SceFreeMemory
  565. DWORD ForcePasswordChange;
  566. DWORD DisallowPasswordChange;
  567. DWORD NeverExpirePassword;
  568. DWORD AccountDisabled;
  569. PWSTR UserProfile;
  570. PWSTR LogonScript;
  571. PWSTR HomeDir;
  572. PSCE_LOGON_HOUR pLogonHours;
  573. UNICODE_STRING pWorkstations;
  574. PSCE_NAME_LIST pGroupsBelongsTo;
  575. PSCE_NAME_LIST pAssignToUsers;
  576. PSECURITY_DESCRIPTOR pHomeDirSecurity;
  577. SECURITY_INFORMATION HomeSeInfo;
  578. PSECURITY_DESCRIPTOR pTempDirSecurity;
  579. SECURITY_INFORMATION TempSeInfo;
  580. } SCE_USER_PROFILE, *PSCE_USER_PROFILE;
  582. //
  583. // The definition for each user's setting
  584. //
  586. typedef struct _SCE_USER_SETTING {
  587. SCETYPE Type;
  588. // Type is used to free the structure by SceFreeMemory
  589. DWORD ForcePasswordChange;
  590. DWORD DisallowPasswordChange;
  591. DWORD NeverExpirePassword;
  592. DWORD AccountDisabled;
  593. PSCE_NAME_LIST pGroupsBelongsTo;
  594. PWSTR UserProfile;
  595. PSECURITY_DESCRIPTOR pProfileSecurity;
  596. PWSTR LogonScript;
  597. PSECURITY_DESCRIPTOR pLogonScriptSecurity;
  598. PWSTR HomeDir;
  599. PSECURITY_DESCRIPTOR pHomeDirSecurity;
  600. SECURITY_INFORMATION HomeDirSeInfo;
  601. PWSTR TempDir;
  602. PSECURITY_DESCRIPTOR pTempDirSecurity;
  603. SECURITY_INFORMATION TempDirSeInfo;
  604. PSCE_LOGON_HOUR pLogonHours;
  605. UNICODE_STRING pWorkstations;
  606. PSCE_NAME_STATUS_LIST pPrivilegesHeld;
  607. DWORD BadPasswordAttempt;
  608. } SCE_USER_SETTING, *PSCE_USER_SETTING;
  611. //
  612. // prototypes defined in sceclnt.cpp
  613. //
  615. SCESTATUS
  616. WINAPI
  617. SceGetSecurityProfileInfo(
  618. IN PVOID hProfile OPTIONAL,
  619. IN SCETYPE ProfileType,
  620. IN AREA_INFORMATION Area,
  621. IN OUT PSCE_PROFILE_INFO *ppInfoBuffer,
  622. OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
  623. );
  625. SCESTATUS
  626. WINAPI
  627. SceGetObjectChildren(
  628. IN PVOID hProfile,
  629. IN SCETYPE ProfileType,
  630. IN AREA_INFORMATION Area,
  631. IN PWSTR ObjectPrefix,
  632. OUT PSCE_OBJECT_CHILDREN *Buffer,
  633. OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
  634. );
  636. SCESTATUS
  637. WINAPI
  638. SceOpenProfile(
  639. IN PCWSTR ProfileName,
  640. IN SCE_FORMAT_TYPE ProfileFormat,
  641. OUT PVOID *hProfile
  642. );
  644. SCESTATUS
  645. WINAPI
  646. SceCloseProfile(
  647. IN PVOID *hProfile
  648. );
  650. SCESTATUS
  651. WINAPI
  652. SceGetScpProfileDescription(
  653. IN PVOID hProfile,
  654. OUT PWSTR *Description
  655. );
  657. SCESTATUS
  658. WINAPI
  659. SceGetTimeStamp(
  660. IN PVOID hProfile,
  661. OUT PWSTR *ConfigTimeStamp,
  662. OUT PWSTR *AnalyzeTimeStamp
  663. );
  665. SCESTATUS
  666. WINAPI
  667. SceGetDbTime(
  668. IN PVOID hProfile,
  669. OUT SYSTEMTIME *ConfigTime,
  670. OUT SYSTEMTIME *AnalyzeTime
  671. );
  673. SCESTATUS
  674. WINAPI
  675. SceGetObjectSecurity(
  676. IN PVOID hProfile,
  677. IN SCETYPE ProfileType,
  678. IN AREA_INFORMATION Area,
  679. IN PWSTR ObjectName,
  680. OUT PSCE_OBJECT_SECURITY *ObjSecurity
  681. );
  683. SCESTATUS
  684. WINAPI
  685. SceGetAnalysisAreaSummary(
  686. IN PVOID hProfile,
  687. IN AREA_INFORMATION Area,
  688. OUT PDWORD pCount
  689. );
  691. SCESTATUS
  692. WINAPI
  693. SceCopyBaseProfile(
  694. IN PVOID hProfile,
  695. IN SCETYPE ProfileType,
  696. IN PWSTR InfFileName,
  697. IN AREA_INFORMATION Area,
  698. OUT PSCE_ERROR_LOG_INFO *pErrlog OPTIONAL
  699. );
  702. #define SCE_OVERWRITE_DB 0x01L
  703. #define SCE_UPDATE_DB 0x02L
  704. #define SCE_CALLBACK_DELTA 0x04L
  705. #define SCE_CALLBACK_TOTAL 0x08L
  706. #define SCE_VERBOSE_LOG 0x10L
  707. #define SCE_DISABLE_LOG 0x20L
  708. #define SCE_NO_CONFIG 0x40L
  709. #define SCE_DEBUG_LOG 0x80L
  711. typedef
  712. BOOL(CALLBACK *PSCE_AREA_CALLBACK_ROUTINE)(
  713. IN HANDLE CallbackHandle,
  714. IN AREA_INFORMATION Area,
  715. IN DWORD TotalTicks,
  716. IN DWORD CurrentTicks
  717. );
  719. typedef
  720. BOOL(CALLBACK *PSCE_BROWSE_CALLBACK_ROUTINE)(
  721. IN LONG GpoID,
  722. IN PWSTR KeyName OPTIONAL,
  723. IN PWSTR GpoName OPTIONAL,
  724. IN PWSTR Value OPTIONAL,
  725. IN DWORD Len
  726. );
  728. SCESTATUS
  729. WINAPI
  730. SceConfigureSystem(
  731. IN LPTSTR SystemName OPTIONAL,
  732. IN PCWSTR InfFileName OPTIONAL,
  733. IN PCWSTR DatabaseName,
  734. IN PCWSTR LogFileName OPTIONAL,
  735. IN DWORD ConfigOptions,
  736. IN AREA_INFORMATION Area,
  737. IN PSCE_AREA_CALLBACK_ROUTINE pCallback OPTIONAL,
  738. IN HANDLE hCallbackWnd OPTIONAL,
  739. OUT PDWORD pdWarning OPTIONAL
  740. );
  742. SCESTATUS
  743. WINAPI
  744. SceAnalyzeSystem(
  745. IN LPTSTR SystemName OPTIONAL,
  746. IN PCWSTR InfFileName OPTIONAL,
  747. IN PCWSTR DatabaseName,
  748. IN PCWSTR LogFileName OPTIONAL,
  749. IN DWORD AnalyzeOptions,
  750. IN AREA_INFORMATION Area,
  751. IN PSCE_AREA_CALLBACK_ROUTINE pCallback OPTIONAL,
  752. IN HANDLE hCallbackWnd OPTIONAL,
  753. OUT PDWORD pdWarning OPTIONAL
  754. );
  756. SCESTATUS
  757. WINAPI
  758. SceGenerateRollback(
  759. IN LPTSTR SystemName OPTIONAL,
  760. IN PCWSTR InfFileName,
  761. IN PCWSTR InfRollback,
  762. IN PCWSTR LogFileName OPTIONAL,
  763. IN DWORD Options,
  764. IN AREA_INFORMATION Area,
  765. OUT PDWORD pdWarning OPTIONAL
  766. );
  768. #define SCE_UPDATE_LOCAL_POLICY 0x1L
  769. #define SCE_UPDATE_DIRTY_ONLY 0x2L
  770. #define SCE_UPDATE_SYSTEM 0x4L
  772. SCESTATUS
  773. WINAPI
  774. SceUpdateSecurityProfile(
  775. IN PVOID hProfile OPTIONAL,
  776. IN AREA_INFORMATION Area,
  777. IN PSCE_PROFILE_INFO pInfo,
  778. IN DWORD dwMode
  779. );
  781. SCESTATUS
  782. WINAPI
  783. SceUpdateObjectInfo(
  784. IN PVOID hProfile,
  785. IN AREA_INFORMATION Area,
  786. IN PWSTR ObjectName,
  787. IN DWORD NameLen, // number of characters
  788. IN BYTE ConfigStatus,
  789. IN BOOL IsContainer,
  790. IN PSECURITY_DESCRIPTOR pSD,
  791. IN SECURITY_INFORMATION SeInfo,
  792. OUT PBYTE pAnalysisStatus
  793. );
  795. SCESTATUS
  796. WINAPI
  797. SceStartTransaction(
  798. IN PVOID cxtProfile
  799. );
  801. SCESTATUS
  802. WINAPI
  803. SceCommitTransaction(
  804. IN PVOID cxtProfile
  805. );
  807. SCESTATUS
  808. WINAPI
  809. SceRollbackTransaction(
  810. IN PVOID cxtProfile
  811. );
  813. typedef enum _SCE_SERVER_TYPE_ {
  815. SCESVR_UNKNOWN = 0,
  816. SCESVR_DC_WITH_DS,
  817. SCESVR_DC,
  818. SCESVR_NT5_SERVER,
  819. SCESVR_NT4_SERVER,
  820. SCESVR_NT5_WKS,
  821. SCESVR_NT4_WKS
  823. } SCE_SERVER_TYPE, *PSCE_SERVER_TYPE;
  825. SCESTATUS
  826. WINAPI
  827. SceGetServerProductType(
  828. IN LPTSTR SystemName OPTIONAL,
  829. OUT PSCE_SERVER_TYPE pServerType
  830. );
  832. SCESTATUS
  833. WINAPI
  834. SceLookupPrivRightName(
  835. IN INT Priv,
  836. OUT PWSTR Name,
  837. OUT PINT NameLen
  838. );
  840. SCESTATUS
  841. WINAPI
  842. SceSvcUpdateInfo(
  843. IN PVOID hProfile,
  844. IN PCWSTR ServiceName,
  845. IN PSCESVC_CONFIGURATION_INFO Info
  846. );
  848. //
  849. // prototype defined in infget.c
  850. //
  852. SCESTATUS
  853. WINAPI
  854. SceSvcGetInformationTemplate(
  855. IN LPCTSTR TemplateName,
  856. IN LPCTSTR ServiceName,
  857. IN LPCTSTR Key OPTIONAL,
  858. OUT PSCESVC_CONFIGURATION_INFO *ServiceInfo
  859. );
  861. //
  862. // prototypes defined in infwrite.c
  863. //
  864. SCESTATUS
  865. WINAPI
  866. SceWriteSecurityProfileInfo(
  867. IN PCWSTR InfProfileName,
  868. IN AREA_INFORMATION Area,
  869. IN PSCE_PROFILE_INFO ppInfoBuffer,
  870. OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
  871. );
  873. SCESTATUS
  874. WINAPI
  875. SceAppendSecurityProfileInfo(
  876. IN PCWSTR InfProfileName,
  877. IN AREA_INFORMATION Area,
  878. IN PSCE_PROFILE_INFO ppInfoBuffer,
  879. OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
  880. );
  882. SCESTATUS
  883. WINAPI
  884. SceSvcSetInformationTemplate(
  885. IN LPCTSTR TemplateName,
  886. IN LPCTSTR ServiceName,
  887. IN BOOL bExact,
  888. IN PSCESVC_CONFIGURATION_INFO ServiceInfo
  889. );
  891. //
  892. // prototypes defined in common.cpp
  893. //
  895. SCESTATUS
  896. WINAPI
  897. SceFreeMemory(
  898. IN PVOID smInfo,
  899. IN DWORD Category
  900. );
  902. BOOL
  903. WINAPI
  904. SceCompareNameList(
  905. IN PSCE_NAME_LIST pList1,
  906. IN PSCE_NAME_LIST pList2
  907. );
  909. SCESTATUS
  910. WINAPI
  911. SceCompareSecurityDescriptors(
  912. IN AREA_INFORMATION Area,
  913. IN PSECURITY_DESCRIPTOR pSD1,
  914. IN PSECURITY_DESCRIPTOR pSD2,
  915. IN SECURITY_INFORMATION SeInfo,
  916. OUT PBOOL IsDifferent
  917. );
  919. SCESTATUS
  920. WINAPI
  921. SceCreateDirectory(
  922. IN PCWSTR ProfileLocation,
  923. IN BOOL FileOrDir,
  924. PSECURITY_DESCRIPTOR pSecurityDescriptor
  925. );
  927. SCESTATUS
  928. WINAPI
  929. SceFreeProfileMemory(
  930. PSCE_PROFILE_INFO pProfile
  931. );
  933. SCESTATUS
  934. WINAPI
  935. SceAddToNameStatusList(
  936. IN OUT PSCE_NAME_STATUS_LIST *pNameStatusList,
  937. IN PWSTR Name,
  938. IN ULONG Len,
  939. IN DWORD Status
  940. );
  942. SCESTATUS
  943. WINAPI
  944. SceAddToNameList(
  945. IN OUT PSCE_NAME_LIST *pNameList,
  946. IN PWSTR Name,
  947. IN ULONG Len
  948. );
  950. #define SCE_CHECK_DUP 0x01
  951. #define SCE_INCREASE_COUNT 0x02
  953. SCESTATUS
  954. WINAPI
  955. SceAddToObjectList(
  956. IN OUT PSCE_OBJECT_LIST *pObjectList,
  957. IN PWSTR Name,
  958. IN ULONG Len,
  959. IN BOOL IsContainer,
  960. IN BYTE Status,
  961. IN BYTE byFlags
  962. );
  964. DWORD
  965. WINAPI
  966. SceEnumerateServices(
  967. OUT PSCE_SERVICES *pServiceList,
  968. IN BOOL bServiceNameOnly
  969. );
  971. DWORD
  972. WINAPI
  973. SceSetupGenerateTemplate(
  974. IN LPTSTR SystemName OPTIONAL,
  975. IN LPTSTR JetDbName OPTIONAL,
  976. IN BOOL bFromMergedTable,
  977. IN LPTSTR InfTemplateName,
  978. IN LPTSTR LogFileName OPTIONAL,
  979. IN AREA_INFORMATION Area
  980. );
  983. #define SCE_REG_DISPLAY_NAME TEXT("DisplayName")
  984. #define SCE_REG_DISPLAY_TYPE TEXT("DisplayType")
  985. #define SCE_REG_VALUE_TYPE TEXT("ValueType")
  986. #define SCE_REG_DISPLAY_UNIT TEXT("DisplayUnit")
  987. #define SCE_REG_DISPLAY_CHOICES TEXT("DisplayChoices")
  988. #define SCE_REG_DISPLAY_FLAGLIST TEXT("DisplayFlags")
  990. #define SCE_REG_DISPLAY_ENABLE 0
  991. #define SCE_REG_DISPLAY_NUMBER 1
  992. #define SCE_REG_DISPLAY_STRING 2
  993. #define SCE_REG_DISPLAY_CHOICE 3
  994. #define SCE_REG_DISPLAY_MULTISZ 4
  995. #define SCE_REG_DISPLAY_FLAGS 5
  997. DWORD
  998. WINAPI
  999. SceRegisterRegValues(
  1000. IN LPTSTR InfFileName
  1001. );
  1003. //
  1004. // for service attachments
  1005. //
  1007. SCESTATUS
  1008. WINAPI
  1009. SceSvcQueryInfo(
  1010. IN SCE_HANDLE sceHandle,
  1011. IN SCESVC_INFO_TYPE sceType,
  1012. IN LPTSTR lpPrefix OPTIONAL,
  1013. IN BOOL bExact,
  1014. OUT PVOID *ppvInfo,
  1015. OUT PSCE_ENUMERATION_CONTEXT psceEnumHandle
  1016. );
  1018. SCESTATUS
  1019. WINAPI
  1020. SceSvcSetInfo(
  1021. IN SCE_HANDLE sceHandle,
  1022. IN SCESVC_INFO_TYPE sceType,
  1023. IN LPTSTR lpPrefix OPTIONAL,
  1024. IN BOOL bExact,
  1025. IN PVOID pvInfo
  1026. );
  1028. SCESTATUS
  1029. WINAPI
  1030. SceSvcFree(
  1031. IN PVOID pvServiceInfo
  1032. );
  1034. SCESTATUS
  1035. WINAPI
  1036. SceSvcConvertTextToSD (
  1037. IN PWSTR pwszTextSD,
  1038. OUT PSECURITY_DESCRIPTOR *ppSD,
  1039. OUT PULONG pulSDSize,
  1040. OUT PSECURITY_INFORMATION psiSeInfo
  1041. );
  1043. SCESTATUS
  1044. WINAPI
  1045. SceSvcConvertSDToText (
  1046. IN PSECURITY_DESCRIPTOR pSD,
  1047. IN SECURITY_INFORMATION siSecurityInfo,
  1048. OUT PWSTR *ppwszTextSD,
  1049. OUT PULONG pulTextSize
  1050. );
  1052. //
  1053. // check service.cpp if the following constants are changed because
  1054. // it has a buffer length dependency
  1055. //
  1056. #define SCE_ROOT_POLICY_PATH \
  1057. SCE_ROOT_PATH TEXT("\\Policies")
  1058. #define SCE_ROOT_REGVALUE_PATH \
  1059. SCE_ROOT_PATH TEXT("\\Reg Values")
  1061. // define for GPT integration
  1062. #define GPTSCE_PATH TEXT("Software\\Policies\\Microsoft\\Windows NT\\SecEdit")
  1063. #define GPTSCE_PERIOD_NAME TEXT("ConfigurePeriod")
  1064. #define GPTSCE_TEMPLATE TEXT("Microsoft\\Windows NT\\SecEdit\\GptTmpl.inf")
  1066. AREA_INFORMATION
  1067. SceGetAreas(
  1068. LPTSTR InfName
  1069. );
  1071. BOOL
  1072. SceIsSystemDatabase(
  1073. IN LPCTSTR DatabaseName
  1074. );
  1076. SCESTATUS
  1077. SceBrowseDatabaseTable(
  1078. IN PWSTR DatabaseName OPTIONAL,
  1079. IN SCETYPE ProfileType,
  1080. IN AREA_INFORMATION Area,
  1081. IN BOOL bDomainPolicyOnly,
  1082. IN PSCE_BROWSE_CALLBACK_ROUTINE pCallback OPTIONAL
  1083. );
  1085. SCESTATUS
  1086. WINAPI
  1087. SceGetDatabaseSetting(
  1088. IN PVOID hProfile,
  1089. IN SCETYPE ProfileType,
  1090. IN PWSTR SectionName,
  1091. IN PWSTR KeyName,
  1092. OUT PWSTR *Value,
  1093. OUT DWORD *pnBytes OPTIONAL
  1094. );
  1096. SCESTATUS
  1097. WINAPI
  1098. SceSetDatabaseSetting(
  1099. IN PVOID hProfile,
  1100. IN SCETYPE ProfileType,
  1101. IN PWSTR SectionName,
  1102. IN PWSTR KeyName,
  1103. IN PWSTR Value OPTIONAL,
  1104. IN DWORD nBytes
  1105. );
  1107. #ifdef __cplusplus
  1108. }
  1109. #endif
  1111. #endif