archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/services/scerpc/client/precedence.h

227 lines
12 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 2000 Microsoft Corporation
  5. Module Name:
  7. precedence.h
  9. Abstract:
  11. This file contains the prototype for the main routine to calculate precedences.
  12. This is called during planning/diagnosis.
  14. Author:
  16. Vishnu Patankar (VishnuP) 7-April-2000
  18. Environment:
  20. User Mode - Win32
  22. Revision History:
  25. --*/
  27. ///////////////////////////////////////////////////////////////////////////////
  28. // //
  29. // Includes //
  30. // //
  31. ///////////////////////////////////////////////////////////////////////////////
  33. #ifndef _precedence_
  34. #define _precedence_
  36. #include "headers.h"
  37. #include "..\hashtable.h"
  38. #include "scedllrc.h"
  39. #include "logger.h"
  41. #include <userenv.h>
  44. typedef enum _SCEP_RSOP_CLASS_TYPE_{
  45. RSOP_SecuritySettingNumeric = 0,
  46. RSOP_SecuritySettingBoolean,
  47. RSOP_SecuritySettingString,
  48. RSOP_AuditPolicy,
  49. RSOP_SecurityEventLogSettingNumeric,
  50. RSOP_SecurityEventLogSettingBoolean,
  51. RSOP_RegistryValue,
  52. RSOP_UserPrivilegeRight,
  53. RSOP_RestrictedGroup,
  54. RSOP_SystemService,
  55. RSOP_File,
  56. RSOP_RegistryKey
  57. };
  59. const static PWSTR ScepRsopSchemaClassNames [] = {
  60. L"RSOP_SecuritySettingNumeric",
  61. L"RSOP_SecuritySettingBoolean",
  62. L"RSOP_SecuritySettingString",
  63. L"RSOP_AuditPolicy",
  64. L"RSOP_SecurityEventLogSettingNumeric",
  65. L"RSOP_SecurityEventLogSettingBoolean",
  66. L"RSOP_RegistryValue",
  67. L"RSOP_UserPrivilegeRight",
  68. L"RSOP_RestrictedGroup",
  69. L"RSOP_SystemService",
  70. L"RSOP_File",
  71. L"RSOP_RegistryKey"
  72. };
  74. typedef struct _SCE_KEY_LOOKUP_PRECEDENCE {
  75. SCE_KEY_LOOKUP KeyLookup;
  76. DWORD Precedence;
  77. }SCE_KEY_LOOKUP_PRECEDENCE;
  79. #define SCEP_TYPECAST(type, bufptr, offset) (*((type *)((CHAR *)bufptr + offset)))
  80. #define NUM_KERBEROS_SUB_SETTINGS 5
  81. #define NUM_EVENTLOG_TYPES 3
  83. #define PLANNING_GPT_DIR TEXT("\\security\\templates\\policies\\planning\\")
  84. #define DIAGNOSIS_GPT_DIR TEXT("\\security\\templates\\policies\\")
  85. #define WINLOGON_LOG_PATH TEXT("\\security\\logs\\winlogon.log")
  86. #define PLANNING_LOG_PATH TEXT("\\security\\logs\\planning.log")
  87. #define DIAGNOSIS_LOG_FILE TEXT("\\security\\logs\\diagnosis.log")
  89. // matrix description
  90. // first column has keyName / settingName
  91. // second column has field offset in SCE_PROFILE_INFO - hardcoded
  92. // third column has setting types - from _SCEP_RSOP_CLASS_TYPE_
  93. // fourth column has current precedence - unused for dynamic types
  96. static SCE_KEY_LOOKUP_PRECEDENCE PrecedenceLookup[] = {
  98. //RSOP_SecuritySettingNumeric
  99. {{(PWSTR)TEXT("MinimumPasswordAge"), offsetof(struct _SCE_PROFILE_INFO, MinimumPasswordAge), RSOP_SecuritySettingNumeric}, (DWORD)0},
  100. {{(PWSTR)TEXT("MaximumPasswordAge"), offsetof(struct _SCE_PROFILE_INFO, MaximumPasswordAge), RSOP_SecuritySettingNumeric}, (DWORD)0},
  101. {{(PWSTR)TEXT("MinimumPasswordLength"), offsetof(struct _SCE_PROFILE_INFO, MinimumPasswordLength), RSOP_SecuritySettingNumeric}, (DWORD)0},
  102. {{(PWSTR)TEXT("PasswordHistorySize"), offsetof(struct _SCE_PROFILE_INFO, PasswordHistorySize), RSOP_SecuritySettingNumeric}, (DWORD)0},
  104. {{(PWSTR)TEXT("LockoutBadCount"), offsetof(struct _SCE_PROFILE_INFO, LockoutBadCount), RSOP_SecuritySettingNumeric}, (DWORD)0},
  105. {{(PWSTR)TEXT("ResetLockoutCount"), offsetof(struct _SCE_PROFILE_INFO, ResetLockoutCount), RSOP_SecuritySettingNumeric}, (DWORD)0},
  106. {{(PWSTR)TEXT("LockoutDuration"), offsetof(struct _SCE_PROFILE_INFO, LockoutDuration), RSOP_SecuritySettingNumeric}, (DWORD)0},
  109. // RSOP_SecuritySettingBoolean
  110. {{(PWSTR)TEXT("ClearTextPassword"), offsetof(struct _SCE_PROFILE_INFO, ClearTextPassword), RSOP_SecuritySettingBoolean}, (DWORD)0},
  111. {{(PWSTR)TEXT("PasswordComplexity"), offsetof(struct _SCE_PROFILE_INFO, PasswordComplexity), RSOP_SecuritySettingBoolean}, (DWORD)0},
  112. {{(PWSTR)TEXT("RequireLogonToChangePassword"), offsetof(struct _SCE_PROFILE_INFO, RequireLogonToChangePassword), RSOP_SecuritySettingBoolean}, (DWORD)0},
  113. {{(PWSTR)TEXT("ForceLogoffWhenHourExpire"), offsetof(struct _SCE_PROFILE_INFO, ForceLogoffWhenHourExpire), RSOP_SecuritySettingBoolean}, (DWORD)0},
  114. {{(PWSTR)TEXT("LSAAnonymousNameLookup"), offsetof(struct _SCE_PROFILE_INFO, LSAAnonymousNameLookup), RSOP_SecuritySettingBoolean}, (DWORD)0},
  115. {{(PWSTR)TEXT("EnableAdminAccount"), offsetof(struct _SCE_PROFILE_INFO, EnableAdminAccount), RSOP_SecuritySettingBoolean}, (DWORD)0},
  116. {{(PWSTR)TEXT("EnableGuestAccount"), offsetof(struct _SCE_PROFILE_INFO, EnableGuestAccount), RSOP_SecuritySettingBoolean}, (DWORD)0},
  118. //RSOP_SecuritySettingString
  119. {{(PWSTR)TEXT("NewAdministratorName"), offsetof(struct _SCE_PROFILE_INFO, NewAdministratorName), RSOP_SecuritySettingString}, (DWORD)0},
  120. {{(PWSTR)TEXT("NewGuestName"), offsetof(struct _SCE_PROFILE_INFO, NewGuestName), RSOP_SecuritySettingString}, (DWORD)0},
  122. // RSOP_AuditPolicy
  123. {{(PWSTR)TEXT("AuditSystemEvents"), offsetof(struct _SCE_PROFILE_INFO, AuditSystemEvents), RSOP_AuditPolicy}, (DWORD)0},
  124. {{(PWSTR)TEXT("AuditLogonEvents"), offsetof(struct _SCE_PROFILE_INFO, AuditLogonEvents), RSOP_AuditPolicy}, (DWORD)0},
  125. {{(PWSTR)TEXT("AuditObjectAccess"), offsetof(struct _SCE_PROFILE_INFO, AuditObjectAccess), RSOP_AuditPolicy}, (DWORD)0},
  126. {{(PWSTR)TEXT("AuditPrivilegeUse"), offsetof(struct _SCE_PROFILE_INFO, AuditPrivilegeUse), RSOP_AuditPolicy}, (DWORD)0},
  127. {{(PWSTR)TEXT("AuditPolicyChange"), offsetof(struct _SCE_PROFILE_INFO, AuditPolicyChange), RSOP_AuditPolicy}, (DWORD)0},
  128. {{(PWSTR)TEXT("AuditAccountManage"), offsetof(struct _SCE_PROFILE_INFO, AuditAccountManage), RSOP_AuditPolicy}, (DWORD)0},
  129. {{(PWSTR)TEXT("AuditProcessTracking"), offsetof(struct _SCE_PROFILE_INFO, AuditProcessTracking), RSOP_AuditPolicy}, (DWORD)0},
  130. {{(PWSTR)TEXT("AuditDSAccess"), offsetof(struct _SCE_PROFILE_INFO, AuditDSAccess), RSOP_AuditPolicy}, (DWORD)0},
  131. {{(PWSTR)TEXT("AuditAccountLogon"), offsetof(struct _SCE_PROFILE_INFO, AuditAccountLogon), RSOP_AuditPolicy}, (DWORD)0},
  133. // RSOP_SecurityEventLogSettingNumeric
  134. // one each for system, application, security
  135. // following eventlog entries should be contiguous in the same order to resemble contiguous memory
  136. {{(PWSTR)TEXT("MaximumLogSize"), offsetof(struct _SCE_PROFILE_INFO, MaximumLogSize), RSOP_SecurityEventLogSettingNumeric}, (DWORD)0},
  137. {{(PWSTR)TEXT("MaximumLogSize"), offsetof(struct _SCE_PROFILE_INFO, MaximumLogSize) + sizeof(DWORD), RSOP_SecurityEventLogSettingNumeric}, (DWORD)0},
  138. {{(PWSTR)TEXT("MaximumLogSize"), offsetof(struct _SCE_PROFILE_INFO, MaximumLogSize) + 2*sizeof(DWORD), RSOP_SecurityEventLogSettingNumeric}, (DWORD)0},
  139. {{(PWSTR)TEXT("AuditLogRetentionPeriod"), offsetof(struct _SCE_PROFILE_INFO, AuditLogRetentionPeriod), RSOP_SecurityEventLogSettingNumeric}, (DWORD)0},
  140. {{(PWSTR)TEXT("AuditLogRetentionPeriod"), offsetof(struct _SCE_PROFILE_INFO, AuditLogRetentionPeriod) + sizeof(DWORD),RSOP_SecurityEventLogSettingNumeric}, (DWORD)0},
  141. {{(PWSTR)TEXT("AuditLogRetentionPeriod"), offsetof(struct _SCE_PROFILE_INFO, AuditLogRetentionPeriod) + 2 * sizeof(DWORD),RSOP_SecurityEventLogSettingNumeric}, (DWORD)0},
  142. {{(PWSTR)TEXT("RetentionDays"), offsetof(struct _SCE_PROFILE_INFO, RetentionDays), RSOP_SecurityEventLogSettingNumeric}, (DWORD)0},
  143. {{(PWSTR)TEXT("RetentionDays"), offsetof(struct _SCE_PROFILE_INFO, RetentionDays) + sizeof(DWORD), RSOP_SecurityEventLogSettingNumeric}, (DWORD)0},
  144. {{(PWSTR)TEXT("RetentionDays"), offsetof(struct _SCE_PROFILE_INFO, RetentionDays) + 2 * sizeof(DWORD), RSOP_SecurityEventLogSettingNumeric}, (DWORD)0},
  146. // RSOP_SecurityEventLogSettingBoolean - one each for system, application, security
  147. {{(PWSTR)TEXT("RestrictGuestAccess"), offsetof(struct _SCE_PROFILE_INFO, RestrictGuestAccess), RSOP_SecurityEventLogSettingBoolean}, (DWORD)0},
  148. {{(PWSTR)TEXT("RestrictGuestAccess"), offsetof(struct _SCE_PROFILE_INFO, RestrictGuestAccess) + sizeof(DWORD), RSOP_SecurityEventLogSettingBoolean}, (DWORD)0},
  149. {{(PWSTR)TEXT("RestrictGuestAccess"), offsetof(struct _SCE_PROFILE_INFO, RestrictGuestAccess) + 2 * sizeof(DWORD), RSOP_SecurityEventLogSettingBoolean}, (DWORD)0},
  151. // RSOP_RegistryValue
  152. // can compute offset of aRegValues from this
  153. {{(PWSTR)TEXT("RegValueCount"), offsetof(struct _SCE_PROFILE_INFO, RegValueCount), RSOP_RegistryValue}, (DWORD)0},
  155. // RSOP_UserPrivilegeRight
  156. {{(PWSTR)TEXT("pInfPrivilegeAssignedTo"), offsetof(struct _SCE_PROFILE_INFO, OtherInfo) + sizeof(PSCE_NAME_LIST), RSOP_UserPrivilegeRight}, (DWORD)0},
  158. // RSOP_RestrictedGroup
  159. {{(PWSTR)TEXT("pGroupMembership"), offsetof(struct _SCE_PROFILE_INFO, pGroupMembership), RSOP_RestrictedGroup}, (DWORD)0},
  161. // RSOP_SystemService
  162. {{(PWSTR)TEXT("pServices"), offsetof(struct _SCE_PROFILE_INFO, pServices), RSOP_SystemService}, (DWORD)0},
  164. // RSOP_File
  165. {{(PWSTR)TEXT("pFiles"), offsetof(struct _SCE_PROFILE_INFO, pFiles), RSOP_File}, (DWORD)0},
  167. // RSOP_RegistryKey
  168. {{(PWSTR)TEXT("pRegistryKeys"), offsetof(struct _SCE_PROFILE_INFO, pRegistryKeys), RSOP_RegistryKey}, (DWORD)0},
  170. // following kerberos entries should be contiguous in the same order to resemble contiguous memory
  171. {{(PWSTR)TEXT("pKerberosInfo"), offsetof(struct _SCE_PROFILE_INFO, pKerberosInfo), RSOP_SecuritySettingNumeric}, (DWORD)0},
  173. //RSOP_SecuritySettingNumeric
  174. {{(PWSTR)TEXT("MaxTicketAge"), offsetof(struct _SCE_KERBEROS_TICKET_INFO_, MaxTicketAge), RSOP_SecuritySettingNumeric}, (DWORD)0},
  175. {{(PWSTR)TEXT("MaxRenewAge"), offsetof(struct _SCE_KERBEROS_TICKET_INFO_, MaxRenewAge), RSOP_SecuritySettingNumeric}, (DWORD)0},
  176. {{(PWSTR)TEXT("MaxServiceAge"), offsetof(struct _SCE_KERBEROS_TICKET_INFO_, MaxServiceAge), RSOP_SecuritySettingNumeric}, (DWORD)0},
  177. {{(PWSTR)TEXT("MaxClockSkew"), offsetof(struct _SCE_KERBEROS_TICKET_INFO_, MaxClockSkew), RSOP_SecuritySettingNumeric}, (DWORD)0},
  179. // RSOP_SecuritySettingBoolean
  180. {{(PWSTR)TEXT("TicketValidateClient"), offsetof(struct _SCE_KERBEROS_TICKET_INFO_, TicketValidateClient), RSOP_SecuritySettingBoolean}, (DWORD)0}
  181. };
  186. DWORD SceLogSettingsPrecedenceGPOs(
  187. IN IWbemServices *pWbemServices,
  188. IN BOOL bPlanningMode,
  189. IN PWSTR *ppwszLogFile
  190. );
  192. DWORD
  193. ScepConvertSingleSlashToDoubleSlashPath(
  194. IN wchar_t *pSettingInfo,
  195. OUT PWSTR *ppwszDoubleSlashPath
  196. );
  198. DWORD
  199. ScepClientTranslateFileDirName(
  200. IN PWSTR oldFileName,
  201. OUT PWSTR *newFileName
  202. );
  204. VOID
  205. ScepLogEventAndReport(
  206. IN HINSTANCE hInstance,
  207. IN LPTSTR LogFileName,
  208. IN DWORD LogLevel,
  209. IN DWORD dwEventID,
  210. IN UINT idMsg,
  211. IN DWORD rc,
  212. IN PWSTR pwszMsg
  213. );
  215. BOOL
  216. ScepRsopLookupBuiltinNameTable(
  217. IN PWSTR pwszGroupName
  218. );
  220. DWORD
  221. ScepCanonicalizeGroupName(
  222. IN PWSTR pwszGroupName,
  223. OUT PWSTR *ppwszCanonicalGroupName
  224. );
  227. #endif