Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

505 lines
14 KiB

  1. /*++
  2. Copyright (c) 1991-92 Microsoft Corporation
  3. Module Name:
  4. Permit.h
  5. Abstract:
  6. Internal UAS constants, data structures.
  7. Author:
  8. Shanku Niyogi (W-SHANKN) 24-Oct-1991
  9. Revision History:
  10. 24-Oct-1991 w-shankn
  11. Ported from LM2.0 code, removed unnecessary stuff.
  12. 07-Feb-1992 JohnRo
  13. Made changes suggested by PC-LINT.
  14. 03-Mar-1992 JohnRo
  15. Correct handling of byte flags (UAS_REC_DELETE, etc).
  16. 11-Mar-1992 JohnRo
  17. Include <lmaccess.h> here to get UNITS_PER_WEEK.
  18. 18-Mar-1992 JohnRo
  19. Include <uascache.h> for UAS_INFO_0.
  20. --*/
  21. #ifndef _PERMIT_
  22. #define _PERMIT_
  23. #include <lmaccess.h> // UNITS_PER_WEEK.
  24. #include <uascache.h> // UAS_INFO_0.
  25. #include <packon.h> // Suppress natural alignment.
  26. //
  27. // Forward declarations for recursive structures.
  28. //
  29. typedef struct _UAS_AHDR UAS_AHDR, *LPUAS_AHDR;
  30. typedef struct _UAS_GROUP UAS_GROUP, *LPUAS_GROUP;
  31. typedef struct _UAS_GROUPREC UAS_GROUPREC, *LPUAS_GROUPREC;
  32. typedef struct _UAS_USERREC UAS_USERREC, *LPUAS_USERREC;
  33. typedef struct _UAS_USERINFO UAS_USERINFO, *LPUAS_USERINFO;
  34. typedef struct _UAS_DISKUSERHASH UAS_DISKUSERHASH, *LPUAS_DISKUSERHASH;
  35. typedef struct _UAS_PERM UAS_PERM, *LPUAS_PERM;
  36. typedef struct _UAS_ACCESSREC UAS_ACCESSREC, *LPUAS_ACCESSREC;
  37. typedef struct _UAS_ACCESS UAS_ACCESS, *LPUAS_ACCESS;
  38. typedef struct _UAS_VPERM UAS_VPERM, *LPUAS_VPERM;
  39. //
  40. // Constants.
  41. //
  42. #define UAS_MAXGROUP 256 // max number of groups allowed in UAS
  43. #define UAS_MAXACL 8192 // max number of access control list
  44. #define UAS_MAXSEG 8 // max number of segs for perm stuff
  45. #define UAS_ACCESSTBLSIZE 1027 // prime number for less collisions
  46. #define UAS_PSEGSIZE 1024*24 // Initla size of seg holding _pcb
  47. #define UAS_INITSEGSIZE 1024 // Initial size of segs holding perms
  48. #define UAS_URECSEGSIZE 1024*16 // Initial size of UAS logon cache seg
  49. #define UAS_SIZEINC 2048 // Size to grow each time
  50. #define UAS_MINUSER 3 // min number of users in database
  51. #define UAS_MINUREC 128 // cache at least 128 user records
  52. #define UAS_DEFAULT_USERS 128 // default number of records cached
  53. #define UAS_MAXCACHE_LIMIT 1000 // max user records allowed in cache
  54. #define UAS_DBIDINFO_SIZE 50 // database identifier string
  55. #define UAS_INITIALIZE_SEG 1 // manifest for DosSubSet after Alloc
  56. #define UAS_INTRUDER_DELAY 3000L // 3 sec delay to discourage intruders
  57. #define UAS_MAX_USERS 16000 // Ever, ever, ever
  58. #define UAS_DISK_BLOCK_SIZE 64 // size of block in disk pool
  59. #define UAS_FILE_GROW_INCREMENT 32 // Increment of file grow in disk blocks
  60. #define UAS_USER_HASH_ENTRIES 2048
  61. #define WORDALIGN(a) (((a)+1) & (~1))
  62. // Temporary definitions. LM20_PATHLEN in LMCONS.H is wrong, and
  63. // MAXPERMENTRIES may change(?), MAXWORKSTATIONS not in LMCONS.H
  64. #undef LM20_PATHLEN
  65. #define LM20_PATHLEN 260
  66. #define LM20_MAXPERMENTRIES 64
  67. #define MAXWORKSTATIONS 8
  68. //
  69. // Maximum sizes
  70. //
  71. #define UAS_MAX_ACL_SIZE (sizeof(UAS_ACCESREC) + LM20_PATHLEN \
  72. + sizeof(UAS_VPERM) \
  73. + (LM20_MAXPERMENTRIES - 1) * sizeof(PERM))
  74. #define UAS_MAX_USER_SIZE (sizeof(UAS_USERINFO) \
  75. + sizeof(WORD) * 8)
  76. // Force header to sector size
  77. #define UAS_GROUP_HASH_START ((sizeof(UAS_AHDR) + 511) & ~511)
  78. #define UAS_GROUP_HASH_OFFSET(i) (UAS_GROUP_HASH_START \
  79. + i * sizeof (UAS_GROUPREC))
  80. #define UAS_HASH_TBL_OFFSET UAS_GROUP_HASH_OFFSET(UAS_MAXGROUP)
  81. #define UAS_HASH_ENTRY(i) (UAS_HASH_TBL_OFFSET \
  82. + (i * sizeof (UAS_DISKUSERHASH)))
  83. #define UAS_HASH_TBL_SIZE (sizeof(UAS_DISKUSERHASH)*UAS_USER_HASH_ENTRIES)
  84. #define UAS_STRING(s,field) ((LPSTR)s + s->field)
  85. #define UAS_VPERM_PTR(acc) (LPUAS_VPERM)((acc)->resource \
  86. + ((((acc)->namelen) + 1) & ~1))
  87. //
  88. // Name Literal
  89. //
  90. #define UAS_USERNAME 0
  91. #define UAS_GROUPNAME 1
  92. #define UAS_ACCESSNAME 2
  93. //
  94. // names of the database file(s)
  95. //
  96. #define UAS_ACCOUNTS_FILE "NET.ACC"
  97. #define UAS_ACCOUNTS_PATH "C:\\LANMAN\\ACCOUNTS\\"
  98. //
  99. // special values of uid and serial number for Local calls
  100. //
  101. #define UAS_LOCAL_UID -1
  102. #define UAS_LOCAL_SERIAL 0L
  103. #define UAS_NONEXISTENT_GID -1
  104. //
  105. // audit flags
  106. //
  107. #define UAS_AUDIT_ALL 0x1
  108. #define UAS_AUDIT_OPTIONS 0xFFFE
  109. #define UAS_LMFILE_AUDIT_RESERVED 0xF006
  110. #define UAS_PBFILE_AUDIT_RESERVED 0x3
  111. //
  112. // Types of records
  113. //
  114. #define UAS_ACCESS_REC 2
  115. #define UAS_GROUP_REC 1
  116. #define UAS_USER_REC 0
  117. //
  118. // Special Groups Info
  119. //
  120. #define UAS_NUM_SPECIAL_GROUPS 4
  121. #define UAS_GROUP_ADMIN 0
  122. #define UAS_GROUP_USERS 1
  123. #define UAS_GROUP_GUEST 2
  124. #define UAS_GROUP_LOCAL 3
  125. #define UAS_GROUP_NT (DWORD)-1
  126. #define UAS_GROUP_ADMIN_WNAME L"ADMINS"
  127. #define UAS_GROUP_USERS_WNAME L"USERS"
  128. #define UAS_GROUP_GUEST_WNAME L"GUESTS"
  129. #define UAS_GROUP_LOCAL_WNAME L"LOCAL"
  130. //
  131. // Signature, text strings
  132. //
  133. #define UAS_LMSIG "MICROSOFT LANMAN 2.0"
  134. #define UAS_DBIDINFO_TEXT "LANMAN 2.0 UAS DATABASE"
  135. #define UAS_ROLE_NAME_PRIMARY "PRIMARY"
  136. #define UAS_ROLE_NAME_BACKUP "BACKUP"
  137. #define UAS_ROLE_NAME_MEMBER "MEMBER"
  138. #define UAS_ROLE_NAME_STANDALONE "STANDALONE"
  139. #define UAS_DOMAIN_LOCAL "LOCAL"
  140. #define UAS_NLS_YES_KEY 'Y'
  141. #define UAS_NLS_NO_KEY 'N'
  142. #define UAS_DEFAULT_YES "(Y/N) [Y]"
  143. #define UAS_DEFAULT_NO "(Y/N) [N]"
  144. #define UAS_DEFAULT_PASSWORD "PASSWORD"
  145. //
  146. // # of records reserved as the header (store signature) ..
  147. //
  148. // Note
  149. // record size of group record = sizeof(UAS_GROUPREC)
  150. // record size of user record = sizeof(UAS_USERREC)
  151. // record size of access record = sizeof(UAS_ACCESSREC)
  152. //
  153. #define UAS_GROUPHDR 2
  154. #define UAS_ACCESSHDR 1
  155. #define UAS_USERHDR 1
  156. //
  157. // File_Record Representation
  158. // It is in the first character of the record (name field)
  159. //
  160. #define UAS_REC_EMPTY '\0'
  161. #define UAS_REC_DELETE (BYTE)-1
  162. #define UAS_REC_USE (BYTE)1
  163. //
  164. // Status returned in UserId
  165. //
  166. #define UAS_NAME_NotFound -1
  167. #define UAS_NAME_NotCache -2
  168. //
  169. // General Purpose Macros
  170. //
  171. // BitMap macro
  172. #define UAS_MARKUSE(map, pos) ((map)[(pos) >> 3] |= (1 << ((pos) & 7 ) ))
  173. #define UAS_MARKOFF(map, pos) ((map)[(pos) >> 3] &= ~(1 << ((pos) & 7 ) ))
  174. #define UAS_ISBITON(map, id) ((map)[id >> 3] & ( 1 << ((id) & 0x7) ) )
  175. #define UAS_ISBITOFF(map, id) !UAS_ISBITON((map), (id))
  176. // Conversion from perm ptr back to the access ptr
  177. #define UAS_GETACCHDR(perm, len) (LPUAS_ACCESS) ((LPBYTE)(perm) \
  178. - WORDALIGN(len) \
  179. - sizeof(UAS_ACCESS) + 1)
  180. // Test if every user's record is cached
  181. #define UAS_ALLUSERCACHED (Ucb->usercnt < Ucb->maxuser)
  182. // Find the size of block needed to hold access record and perm entries
  183. #define UAS_ACCRECSIZE(len, cnt) WORDALIGN(sizeof(UAS_ACCESS) - 1 \
  184. + (len) + sizeof(WORD) \
  185. + (cnt)* sizeof(PERM))
  186. // The size of disk record needed to hold access record and perm entries
  187. #define UAS_DISKACCRECSIZE(len, cnt) WORDALIGN(sizeof(UAS_ACCESSREC) - 1 \
  188. + (len) + sizeof (WORD) \
  189. + (cnt) * sizeof(UAS_PERM))
  190. //
  191. // Record structures in UAS Database (NET.ACC)
  192. //
  193. //
  194. // Header block structure of NET.ACC
  195. //
  196. struct _UAS_AHDR { // typedef'ed above.
  197. BYTE signature[WORDALIGN(sizeof(UAS_LMSIG))]; // LANMAN signature
  198. WORD encryption_flag; // is database encrypted?
  199. WORD min_passwd_len; // password length modal
  200. DWORD min_passwd_age; // password age modal
  201. DWORD max_passwd_age; // password age modal
  202. DWORD force_logoff; // forced logoff modal
  203. WORD passwd_hist_len; // password history modal
  204. WORD max_bad_passwd; // max bad passwd try modal
  205. WORD role; // role under SSI
  206. UAS_INFO_0 local; // local database info
  207. UAS_INFO_0 primary; // primary database info
  208. BYTE DBIdInfo[UAS_DBIDINFO_SIZE]; // database identifier str
  209. DWORD alist_mtime; // last update to ACL's
  210. DWORD glist_mtime; // last upd to groups
  211. DWORD ulist_mtime; // last upd to users
  212. WORD num_users; // Total users in DB
  213. DWORD free_list; // Head of free list
  214. DWORD access_list; // Head of access list
  215. WORD integrity_flag; // if FALSE, UAS is corrupt
  216. };
  217. #define UAS_INTEGRITY_OFFSET (sizeof(UAS_AHDR) - sizeof(WORD))
  218. //
  219. // Structure of a group record in UAS Database
  220. //
  221. struct _UAS_GROUP { // typedef'ed above.
  222. BYTE name[LM20_GNLEN+1];
  223. DWORD serial;
  224. };
  225. struct _UAS_GROUPREC { // typedef'ed above.
  226. BYTE name[LM20_GNLEN+1];
  227. BYTE comment[LM20_MAXCOMMENTSZ+1];
  228. DWORD serial;
  229. };
  230. //
  231. // Structure of a user record in UAS Database
  232. //
  233. // fields ending in _o are offsets from the start of the structure
  234. // to ASCIIZ strings.
  235. //
  236. // WARNING: When updating this structure update the matching structure
  237. // UAS_USERINFO. You may also have to update the UAS_MAX_USER_SIZE
  238. // macro.
  239. //
  240. struct _UAS_USERREC { // typedef'ed above.
  241. UAS_USER user;
  242. BYTE name[LM20_UNLEN+1]; // user name
  243. WORD size; // total size of user entry
  244. BYTE passwd[ENCRYPTED_PWLEN]; // encrypted password
  245. DWORD last; // last time passwd changed
  246. WORD directory_o; // directory & logon script
  247. WORD comment_o; // comment
  248. WORD flags; // User flags
  249. WORD script_o; // logon script name
  250. WORD full_name_o;
  251. WORD usr_comment_o;
  252. WORD parms_o;
  253. DWORD last_logon;
  254. DWORD last_logoff;
  255. DWORD max_storage;
  256. DWORD acct_expires;
  257. WORD bad_pw_count;
  258. WORD num_logons;
  259. BYTE logonhrs[UNITS_PER_WEEK/8];
  260. WORD workstation_o;
  261. BYTE old_passwds[DEF_MAX_PWHIST * ENCRYPTED_PWLEN];
  262. WORD logon_server_o;
  263. WORD country_code;
  264. WORD code_page;
  265. };
  266. //
  267. // Decompressed user record.
  268. //
  269. struct _UAS_USERINFO { // typedef'ed above.
  270. UAS_USER user;
  271. BYTE name[LM20_UNLEN+1]; // user name
  272. BYTE passwd[ENCRYPTED_PWLEN]; // encrypted password
  273. DWORD last; // last time passwd changed
  274. BYTE directory[LM20_PATHLEN+1]; // directory & logon script
  275. BYTE comment[LM20_MAXCOMMENTSZ+1]; // comment
  276. WORD flags; // User flags
  277. BYTE script[LM20_PATHLEN+1]; // logon script name
  278. BYTE full_name[LM20_MAXCOMMENTSZ+1];
  279. BYTE usr_comment[MAXCOMMENTSZ+1];
  280. BYTE parms[MAXCOMMENTSZ+1];
  281. DWORD last_logon;
  282. DWORD last_logoff;
  283. DWORD max_storage;
  284. DWORD acct_expires;
  285. WORD bad_pw_count;
  286. WORD num_logons;
  287. BYTE logonhrs[UNITS_PER_WEEK/8];
  288. BYTE workstation[MAXWORKSTATIONS * (LM20_CNLEN+1)];
  289. BYTE old_passwds[DEF_MAX_PWHIST * ENCRYPTED_PWLEN];
  290. BYTE logon_server[LM20_UNCLEN+1];
  291. WORD country_code;
  292. WORD code_page;
  293. };
  294. #define UAS_URECSIZE UAS_MAX_USER_SIZE
  295. #define UAS_GRECSIZE sizeof(UAS_GROUPREC)
  296. typedef struct _UAS_DISK_OBJ_HDR {
  297. BYTE do_type;
  298. BYTE do_numblocks;
  299. DWORD do_next;
  300. DWORD do_prev;
  301. } UAS_DISK_OBJ_HDR, *LPUAS_DISK_OBJ_HDR;
  302. #define UAS_NEXT_OFFSET (2 * sizeof(BYTE))
  303. #define UAS_PREV_OFFSET (2 * sizeof(BYTE) + sizeof(DWORD))
  304. #define UAS_FREE_OBJECT_ID 0
  305. #define UAS_USER_OBJECT_ID 1
  306. #define UAS_ACCESS_OBJECT_ID 2
  307. typedef struct _UAS_USER_OBJECT {
  308. UAS_DISK_OBJ_HDR uo_header;
  309. UAS_USERREC uo_record;
  310. BYTE uo_data[1]; // Variable size
  311. } UAS_USER_OBJECT, *LPUAS_USER_OBJECT;
  312. //
  313. // User hash table entry in memory
  314. //
  315. typedef struct _UAS_USERHASH {
  316. DWORD uh_disk;
  317. WORD uh_cache;
  318. DWORD uh_serial;
  319. } UAS_USERHASH, *LPUAS_USERHASH;
  320. //
  321. // User hash table entry on disk
  322. //
  323. struct _UAS_DISKUSERHASH { // typedef'ed above.
  324. DWORD dh_disk;
  325. DWORD dh_serial;
  326. };
  327. //
  328. // Permission data
  329. //
  330. struct _UAS_PERM { // typedef'ed above.
  331. WORD uid; // bit 15: 0 = uid, 1 = gid
  332. DWORD serial;
  333. BYTE access;
  334. BYTE pad; // word align this puppy
  335. };
  336. //
  337. // Access Record structure in Database (NET.ACC)
  338. //
  339. struct _UAS_ACCESSREC { // typedef'ed above.
  340. WORD attr; // audit attribute
  341. WORD recsize;
  342. WORD namelen;
  343. BYTE resource[1];
  344. };
  345. //
  346. // Internal access record structure in memory
  347. //
  348. struct _UAS_ACCESS { // typedef'ed above.
  349. LPUAS_ACCESS next;
  350. DWORD position;
  351. WORD attr;
  352. WORD recsize;
  353. WORD namelen;
  354. BYTE resource[1];
  355. };
  356. //
  357. // followed by variable number of permission entry
  358. //
  359. struct _UAS_VPERM { // typedef'ed above.
  360. WORD permcnt;
  361. UAS_PERM perm[1];
  362. };
  363. // Size (in bytes) of a variable size ACL
  364. #define UAS_ACL_RECORD_SIZE(acl,namelen,permcnt) \
  365. (((sizeof(UAS_ACCESSREC) + namelen \
  366. + sizeof (UAS_VPERM) \
  367. + sizeof (UAS_PERM) * (permcnt - 1)) + 1) & ~1)
  368. typedef struct _UAS_ACCESS_OBJECT {
  369. UAS_DISK_OBJ_HDR ao_header; // Fixed length header
  370. UAS_ACCESSREC ao_record; // Variable length
  371. UAS_VPERM ao_data; // Variable length
  372. } UAS_ACCESS_OBJECT, *LPUAS_ACCESS_OBJECT;
  373. #include <packoff.h>
  374. #endif // _PERMIT_