Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

436 lines
8.1 KiB

  1. /*++
  2. Copyright (c) 1996 Microsoft Corporation
  3. Module Name:
  4. scep.h
  5. Abstract:
  6. This module defines the data structures and function prototypes
  7. for the security managment utility
  8. Author:
  9. Jin Huang (jinhuang) 28-Oct-1996
  10. Revision History:
  11. --*/
  12. #ifndef _scep_
  13. #define _scep_
  14. #include "splay.h"
  15. #ifdef __cplusplus
  16. extern "C" {
  17. #endif
  18. //
  19. // system variables
  20. //
  21. #define SCE_RENAME_ADMIN 1
  22. #define SCE_RENAME_GUEST 2
  23. #define SCE_DISABLE_ADMIN 3
  24. #define SCE_DISABLE_GUEST 4
  25. #define SCE_CASE_DONT_CARE 0
  26. #define SCE_CASE_REQUIRED 1
  27. #define SCE_CASE_PREFERED 2
  28. typedef struct _LOCAL_ROOT {
  29. TCHAR drive[5];
  30. BOOL boot;
  31. BOOL aclSupport;
  32. } LOCAL_ROOT;
  33. typedef enum _SCE_ATTACHMENT_TYPE_ {
  34. SCE_ATTACHMENT_SERVICE,
  35. SCE_ATTACHMENT_POLICY
  36. } SCE_ATTACHMENT_TYPE;
  37. typedef enum _SECURITY_OPEN_TYPE
  38. {
  39. READ_ACCESS_RIGHTS = 0,
  40. WRITE_ACCESS_RIGHTS,
  41. MODIFY_ACCESS_RIGHTS,
  42. } SECURITY_OPEN_TYPE, *PSECURITY_OPEN_TYPE;
  43. //
  44. // data structures used for secmgr
  45. //
  46. typedef struct _SCE_OBJECT_TREE {
  47. PWSTR Name;
  48. PWSTR ObjectFullName;
  49. BOOL IsContainer;
  50. BYTE Status;
  51. SECURITY_INFORMATION SeInfo;
  52. PSECURITY_DESCRIPTOR pSecurityDescriptor;
  53. PSECURITY_DESCRIPTOR pApplySecurityDescriptor;
  54. PWSTR *aChildNames;
  55. DWORD dwSize_aChildNames;
  56. struct _SCE_OBJECT_CHILD_LIST *ChildList;
  57. struct _SCE_OBJECT_TREE *Parent;
  58. }SCE_OBJECT_TREE, *PSCE_OBJECT_TREE;
  59. typedef struct _SCE_OBJECT_CHILD_LIST {
  60. PSCE_OBJECT_TREE Node;
  61. struct _SCE_OBJECT_CHILD_LIST *Next;
  62. } SCE_OBJECT_CHILD_LIST, *PSCE_OBJECT_CHILD_LIST;
  63. typedef enum _SCE_SUBOBJECT_TYPE {
  64. SCE_ALL_CHILDREN,
  65. SCE_IMMEDIATE_CHILDREN
  66. } SCE_SUBOBJECT_TYPE;
  67. //
  68. // prototypes defined in misc.c
  69. //
  70. NTSTATUS
  71. ScepOpenSamDomain(
  72. IN ACCESS_MASK ServerAccess,
  73. IN ACCESS_MASK DomainAccess,
  74. OUT PSAM_HANDLE pServerHandle,
  75. OUT PSAM_HANDLE pDomainHanele,
  76. OUT PSID *DomainSid,
  77. OUT PSAM_HANDLE pBuiltinDomainHandle OPTIONAL,
  78. OUT PSID *BuiltinDomainSid OPTIONAL
  79. );
  80. NTSTATUS
  81. ScepLookupNamesInDomain(
  82. IN SAM_HANDLE DomainHandle,
  83. IN PSCE_NAME_LIST NameList,
  84. OUT PUNICODE_STRING *Names,
  85. OUT PULONG *RIDs,
  86. OUT PSID_NAME_USE *Use,
  87. OUT PULONG CountOfName
  88. );
  89. NTSTATUS
  90. ScepGetLsaDomainInfo(
  91. PPOLICY_ACCOUNT_DOMAIN_INFO *PolicyAccountDomainInfo,
  92. PPOLICY_PRIMARY_DOMAIN_INFO *PolicyPrimaryDomainInfo
  93. );
  94. DWORD
  95. ScepGetTempDirectory(
  96. IN PWSTR HomeDir,
  97. OUT PWSTR TempDirectory
  98. );
  99. VOID
  100. ScepConvertLogonHours(
  101. IN PSCE_LOGON_HOUR pLogonHours,
  102. OUT PUCHAR LogonHourBitMask
  103. );
  104. DWORD
  105. ScepConvertToSceLogonHour(
  106. IN PUCHAR LogonHourBitMask,
  107. OUT PSCE_LOGON_HOUR *pLogonHours
  108. );
  109. NTSTATUS
  110. ScepGetGroupsForAccount(
  111. IN SAM_HANDLE DomainHandle,
  112. IN SAM_HANDLE BuiltinDomainHandle,
  113. IN SAM_HANDLE UserHandle,
  114. IN PSID AccountSid,
  115. OUT PSCE_NAME_LIST *GroupList
  116. );
  117. ACCESS_MASK
  118. ScepGetDesiredAccess(
  119. IN SECURITY_OPEN_TYPE OpenType,
  120. IN SECURITY_INFORMATION SecurityInfo
  121. );
  122. #define SCE_ACCOUNT_SID 0x1
  123. #define SCE_ACCOUNT_SID_STRING 0x2
  124. SCESTATUS
  125. ScepGetProfileOneArea(
  126. IN PSCECONTEXT hProfile,
  127. IN SCETYPE ProfileType,
  128. IN AREA_INFORMATION Area,
  129. IN DWORD dwAccountFormat,
  130. OUT PSCE_PROFILE_INFO *ppInfoBuffer
  131. );
  132. SCESTATUS
  133. ScepGetOneSection(
  134. IN PSCECONTEXT hProfile,
  135. IN AREA_INFORMATION Area,
  136. IN PWSTR Name,
  137. IN SCETYPE ProfileType,
  138. OUT PVOID *ppInfo
  139. );
  140. NTSTATUS
  141. ScepGetUserAccessAddress(
  142. IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
  143. IN PSID AccountSid,
  144. OUT PACCESS_MASK *pUserAccess,
  145. OUT PACCESS_MASK *pEveryone
  146. );
  147. BOOL
  148. ScepLastBackSlash(
  149. IN PWSTR Name
  150. );
  151. DWORD
  152. ScepGetUsersHomeDirectory(
  153. IN UNICODE_STRING AssignedHomeDir,
  154. IN PWSTR UserProfileName,
  155. OUT PWSTR *UserHomeDir
  156. );
  157. DWORD
  158. ScepGetUsersTempDirectory(
  159. IN PWSTR UserProfileName,
  160. OUT PWSTR *UserTempDir
  161. );
  162. DWORD
  163. ScepGetUsersProfileName(
  164. IN UNICODE_STRING AssignedProfile,
  165. IN PSID AccountSid,
  166. IN BOOL bDefault,
  167. OUT PWSTR *UserProfilePath
  168. );
  169. SCESTATUS
  170. ScepGetRegKeyCase(
  171. IN PWSTR ObjName,
  172. IN DWORD BufOffset,
  173. IN DWORD BufLen
  174. );
  175. SCESTATUS
  176. ScepGetFileCase(
  177. IN PWSTR ObjName,
  178. IN DWORD BufOffset,
  179. IN DWORD BufLen
  180. );
  181. SCESTATUS
  182. ScepGetGroupCase(
  183. IN OUT PWSTR GroupName,
  184. IN DWORD Length
  185. );
  186. //
  187. // prototypes defined in pfget.c
  188. //
  189. SCESTATUS
  190. ScepGetUserSection(
  191. IN PSCECONTEXT hProfile,
  192. IN SCETYPE ProfileType,
  193. IN PWSTR Name,
  194. OUT PVOID *ppInfo,
  195. OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
  196. );
  197. SCESTATUS
  198. ScepWriteObjectSecurity(
  199. IN PSCECONTEXT hProfile,
  200. IN SCETYPE ProfileType,
  201. IN AREA_INFORMATION Area,
  202. IN PSCE_OBJECT_SECURITY ObjSecurity
  203. );
  204. //
  205. // function defined in inftojet.c
  206. //
  207. SCESTATUS
  208. SceJetConvertInfToJet(
  209. IN PCWSTR InfFile,
  210. IN LPSTR JetDbName,
  211. IN SCEJET_CREATE_TYPE Flags,
  212. IN DWORD Options,
  213. IN AREA_INFORMATION Area
  214. );
  215. SCESTATUS
  216. ScepDeleteInfoForAreas(
  217. IN PSCECONTEXT hProfile,
  218. IN SCETYPE tblType,
  219. IN AREA_INFORMATION Area
  220. );
  221. //
  222. // analyze.cpp
  223. //
  224. DWORD
  225. ScepCompareAndAddObject(
  226. IN PWSTR ObjectFullName,
  227. IN SE_OBJECT_TYPE ObjectType,
  228. IN BOOL IsContainer,
  229. IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
  230. IN PSECURITY_DESCRIPTOR ProfileSD,
  231. IN SECURITY_INFORMATION ProfileSeInfo,
  232. IN BOOL AddObject,
  233. OUT PBYTE IsDifferent OPTIONAL
  234. );
  235. DWORD
  236. ScepGetNamedSecurityInfo(
  237. IN PWSTR ObjectFullName,
  238. IN SE_OBJECT_TYPE ObjectType,
  239. IN SECURITY_INFORMATION ProfileSeInfo,
  240. OUT PSECURITY_DESCRIPTOR *ppSecurityDescriptor
  241. );
  242. DWORD
  243. ScepSaveDsStatusToSection(
  244. IN PWSTR ObjectName,
  245. IN BOOL IsContainer,
  246. IN BYTE Flag,
  247. IN PWSTR Value,
  248. IN DWORD ValueLen
  249. );
  250. SCESTATUS
  251. ScepSaveMemberMembershipList(
  252. IN LSA_HANDLE LsaPolicy,
  253. IN PCWSTR szSuffix,
  254. IN PWSTR GroupName,
  255. IN DWORD GroupLen,
  256. IN PSCE_NAME_LIST pList,
  257. IN INT Status
  258. );
  259. SCESTATUS
  260. ScepRaiseErrorString(
  261. IN PSCESECTION hSectionIn OPTIONAL,
  262. IN PWSTR KeyName,
  263. IN PCWSTR szSuffix OPTIONAL
  264. );
  265. // DsObject.cpp
  266. SCESTATUS
  267. ScepConfigureDsSecurity(
  268. IN PSCE_OBJECT_TREE pObject
  269. );
  270. DWORD
  271. ScepAnalyzeDsSecurity(
  272. IN PSCE_OBJECT_TREE pObject
  273. );
  274. SCESTATUS
  275. ScepEnumerateDsObjectRoots(
  276. IN PLDAP pLdap OPTIONAL,
  277. OUT PSCE_OBJECT_LIST *pRoots
  278. );
  279. DWORD
  280. ScepConvertJetNameToLdapCase(
  281. IN PWSTR JetName,
  282. IN BOOL bLastComponent,
  283. IN BYTE bCase,
  284. OUT PWSTR *LdapName
  285. );
  286. SCESTATUS
  287. ScepLdapOpen(
  288. OUT PLDAP *pLdap OPTIONAL
  289. );
  290. SCESTATUS
  291. ScepLdapClose(
  292. IN OUT PLDAP *pLdap OPTIONAL
  293. );
  294. SCESTATUS
  295. ScepDsObjectExist(
  296. IN PWSTR ObjectName
  297. );
  298. SCESTATUS
  299. ScepEnumerateDsOneLevel(
  300. IN PWSTR ObjectName,
  301. OUT PSCE_NAME_LIST *pNameList
  302. );
  303. // dsgroups.cpp
  304. SCESTATUS
  305. ScepConfigDsGroups(
  306. IN PSCE_GROUP_MEMBERSHIP pGroupMembership,
  307. IN DWORD ConfigOptions
  308. );
  309. SCESTATUS
  310. ScepAnalyzeDsGroups(
  311. IN PSCE_GROUP_MEMBERSHIP pGroupMembership
  312. );
  313. //
  314. // editsave.cpp
  315. //
  316. BYTE
  317. ScepGetObjectAnalysisStatus(
  318. IN PSCESECTION hSection,
  319. IN PWSTR KeyName,
  320. IN BOOL bLookForParent
  321. );
  322. //
  323. // config.cpp
  324. //
  325. #define SCE_BUILD_IGNORE_UNKNOWN 0x1
  326. #define SCE_BUILD_ACCOUNT_SID 0x2
  327. #define SCE_BUILD_ENUMERATE_PRIV 0x4
  328. #define SCE_BUILD_ACCOUNT_SID_STRING 0x8
  329. NTSTATUS
  330. ScepBuildAccountsToRemove(
  331. IN LSA_HANDLE PolicyHandle,
  332. IN DWORD PrivLowMask,
  333. IN DWORD PrivHighMask,
  334. IN DWORD dwBuildRule,
  335. IN PSCE_PRIVILEGE_VALUE_LIST pTemplateList OPTIONAL,
  336. IN DWORD Options OPTIONAL,
  337. IN OUT PSCEP_SPLAY_TREE pIgnoreAccounts OPTIONAL,
  338. OUT PSCE_PRIVILEGE_VALUE_LIST *pRemoveList
  339. );
  340. SCESTATUS
  341. ScepEnumAttachmentSections(
  342. IN PSCECONTEXT cxtProfile,
  343. OUT PSCE_NAME_LIST *ppList
  344. );
  345. SCESTATUS
  346. ScepConvertFreeTextAccountToSid(
  347. IN OUT LSA_HANDLE *pPolicyHandle,
  348. IN PWSTR mszAccounts,
  349. IN ULONG dwLen,
  350. OUT PWSTR *pmszNewAccounts,
  351. OUT DWORD *pNewLen
  352. );
  353. #ifdef __cplusplus
  354. }
  355. #endif
  356. #endif