/*++ Copyright (c) 1998 Microsoft Corporation Module Name: scerpc.idl Abstract: Security Configuration Editor (SCE ) Engine RPC Interface Definition File This file contains the RPC Interface Definition Language file for the SCE Engine. This file includes all of the prototypes for the SCE functions that are callable via RPC. These functions are internal versions of API and are NOT visible to clients of the SCE Engine. An SCE Engine client calls the SCE engine API defined in file secedit.h/scesvc.h/scesetup.h. These API are wrappers which call client RPC stubs generated from this idl file by the RPC compiler. /////////////////////////////////////////////////////////////////////////// // Please note: // // structure definitions in private\inc\secedit.h, scesetup.h and // public\sdk\inc\scesvc.h must be in ssync with this IDL defition. // /////////////////////////////////////////////////////////////////////////// Author: Jin Huang (JinHuang) Jan 26, 1998 Environment: User Mode Revision History: --*/ [ uuid(93149ca2-973b-11d1-8c39-00c04fb984f9), version(0.0), #ifdef __midl ms_union, #endif // __midl pointer_default(unique), ] interface scerpc { // // Import a dummy interface containing #includes for public .h files. This // trick is necessary so that midl will only generate marshalling routines // for subtypes that are relevant to the parameters specified on the RPC // interface. midl also ingores function prototypes contained therein. // import "sceimp.idl" ; // // The parens have to be omitted from the operand // because midl grammar does not support them. // // // SCE RPC Context Handle // typedef [context_handle] PVOID SCEPR_CONTEXT; typedef SCEPR_CONTEXT *PSCEPR_CONTEXT; typedef DWORD SCEPR_STATUS; typedef DWORD AREAPR; // // RPC'able Self-Relative Security Descriptor Definition. // typedef struct _SCEPR_SR_SECURITY_DESCRIPTOR { ULONG Length; [size_is(Length)] UCHAR *SecurityDescriptor; } SCEPR_SR_SECURITY_DESCRIPTOR, *PSCEPR_SR_SECURITY_DESCRIPTOR; typedef enum _SCEPR_SERVER_TYPE_ { SCEPR_UNKNOWN = 0, SCEPR_DC_WITH_DS, SCEPR_DC, SCEPR_NT5_SERVER, SCEPR_NT4_SERVER, SCEPR_NT5_WKS, SCEPR_NT4_WKS } SCEPR_SERVER_TYPE, *PSCEPR_SERVER_TYPE; // // service info type (scesvc) // typedef enum _SCEPR_SVCINFO_TYPE { SceprConfigurationInfo, SceprMergedPolicyInfo, SceprAnalysisInfo, SceprInternalUse } SCEPR_SVCINFO_TYPE; // // SVC enumeration type // typedef ULONG SCEPR_ENUM_CONTEXT, *PSCEPR_ENUM_CONTEXT; // // SVC info structure // typedef struct _SCEPR_SVCINFO_LINE { [string] wchar_t *Key; [size_is(ValueLen)] byte *Value; DWORD ValueLen; } SCEPR_SVCINFO_LINE, *PSCEPR_SVCINFO_LINE; typedef struct _SCEPR_SVCINFO { DWORD Count; [size_is(Count)] SCEPR_SVCINFO_LINE *Lines; } SCEPR_SVCINFO, *PSCEPR_SVCINFO; typedef struct _SCEPR_VALUEINFO { DWORD ValueLen; [size_is(ValueLen)] byte *Value; } SCEPR_VALUEINFO, *PSCEPR_VALUEINFO; // // secedit definitions // typedef enum _SCEPR_TYPE { SCEPR_SYSTEM = 300, SCEPR_GPO, SCEPR_SCP, SCEPR_SAP, SCEPR_SCP_I, // internal type SCEPR_SMP_I, // internal type SCEPR_SMP, SCEPR_INF } SCEPR_TYPE; // // link list is marshlled automatically by RPCRT // typedef struct _SCEPR_ERROR_LOG_INFO { [string,unique] wchar_t *buffer; DWORD rc; struct _SCEPR_ERROR_LOG_INFO *next; } SCEPR_ERROR_LOG_INFO, *PSCEPR_ERROR_LOG_INFO; typedef struct _SCEPR_NAME_LIST { [string] wchar_t *Name; struct _SCEPR_NAME_LIST *Next; } SCEPR_NAME_LIST, *PSCEPR_NAME_LIST; typedef struct _SCEPR_NAME_STATUS_LIST { [string] wchar_t *Name; DWORD Status; struct _SCEPR_NAME_STATUS_LIST *Next; } SCEPR_NAME_STATUS_LIST, *PSCEPR_NAME_STATUS_LIST; // // privilege assignment // typedef struct _SCEPR_PRIV_ASSIGN { [string] wchar_t *Name; DWORD Value; SCEPR_NAME_LIST *AssignedTo; DWORD Status; struct _SCEPR_PRIV_ASSIGN *Next; } SCEPR_PRIV_ASSIGN, *PSCEPR_PRIV_ASSIGN; // // structures within the union // /* typedef struct _SCEPR_UNION_STRUCT_SCP { SCEPR_NAME_LIST *pAccountProfiles; SCEPR_NAME_STATUS_LIST *pPrivilegeAssignedTo; } SCEPR_UNION_STRUCT_SCP; */ typedef struct _SCEPR_UNION_STRUCT_SMP { SCEPR_NAME_LIST *pUserList; SCEPR_PRIV_ASSIGN *pPrivilegeAssignedTo; } SCEPR_UNION_STRUCT_SMP; // // union of otherinfo (scp/smp/sap) // // [case(SCEPR_SCP_I,SCEPR_SMP_I)] SCEPR_UNION_STRUCT_SCP scp; typedef [switch_type(SCEPR_TYPE)] union _SCEPR_UNION_OTHERINFO { [case(SCEPR_SCP,SCEPR_SMP,SCEPR_SYSTEM)] SCEPR_UNION_STRUCT_SMP smp; [case(SCEPR_SAP)] SCEPR_UNION_STRUCT_SMP sap; } SCEPR_UNION_OTHERINFO; // // group membership structure // typedef struct _SCEPR_GROUPS { [string] wchar_t *GroupName; SCEPR_NAME_LIST *pMembers; SCEPR_NAME_LIST *pMemberOf; DWORD Status; SCEPR_NAME_STATUS_LIST *pPrivilegesHeld; struct _SCEPR_GROUPS *Next; } SCEPR_GROUPS, *PSCEPR_GROUPS; // // services structure // typedef struct _SCEPR_SERVICES { [string] wchar_t *ServiceName; [string] wchar_t *DisplayName; BYTE Status; BYTE Startup; [unique] SCEPR_SR_SECURITY_DESCRIPTOR *pSecurityDescriptor; SECURITY_INFORMATION SeInfo; struct _SCEPR_SERVICES *Next; } SCEPR_SERVICES, *PSCEPR_SERVICES; // // object list structure // typedef struct _SCEPR_OBJECT_LIST { [string] wchar_t *Name; BYTE Status; BOOL IsContainer; DWORD Count; struct _SCEPR_OBJECT_LIST *Next; } SCEPR_OBJECT_LIST, *PSCEPR_OBJECT_LIST; typedef struct _SCEPR_OBJECT_LIST_NODE { [string] wchar_t *Name; BYTE Status; BOOL IsContainer; DWORD Count; } SCEPR_OBJECT_LIST_NODE, *PSCEPR_OBJECT_LIST_NODE; typedef struct _SCEPR_OBJECT_CHILDREN { DWORD nCount; DWORD MaxCount; [size_is(nCount)] PSCEPR_OBJECT_LIST_NODE arrObject[*]; } SCEPR_OBJECT_CHILDREN, *PSCEPR_OBJECT_CHILDREN; // // kerberos structure // typedef struct _SCEPR_KERBEROS { DWORD MaxTicketAge; DWORD MaxRenewAge; DWORD MaxServiceAge; DWORD MaxClockSkew; DWORD TicketValidateClient; } SCEPR_KERBEROS, *PSCEPR_KERBEROS; // // registry values // typedef struct _SCEPR_REGISTRY_VALUES { [string] wchar_t *FullValueName; [string,unique] wchar_t *Value; DWORD ValueType; DWORD Status; // match, mismatch, not analyzed, error } SCEPR_REGISTRY_VALUES, *PSCEPR_REGISTRY_VALUES; // // profile info structure // typedef struct _SCEPR_PROFILE_INFO { SCEPR_TYPE Type; DWORD MinimumPasswordAge; DWORD MaximumPasswordAge; DWORD MinimumPasswordLength; DWORD PasswordComplexity; DWORD PasswordHistorySize; DWORD LockoutBadCount; DWORD ResetLockoutCount; DWORD LockoutDuration; DWORD RequireLogonToChangePassword; DWORD ForceLogoffWhenHourExpire; [string] wchar_t *NewAdministratorName; [string] wchar_t *NewGuestName; DWORD SecureSystemPartition; DWORD ClearTextPassword; DWORD LSAAnonymousNameLookup; // // union type // [switch_is(Type)] SCEPR_UNION_OTHERINFO OtherInfo; SCEPR_GROUPS *pGroupMembership; // // objects // SCEPR_OBJECT_LIST *pRegistryKeys; SCEPR_SERVICES *pServices; SCEPR_OBJECT_LIST *pFiles; SCEPR_OBJECT_LIST *pDsObjects; // kerberos info SCEPR_KERBEROS *pKerberosInfo; DWORD MaximumLogSize[3]; DWORD AuditLogRetentionPeriod[3]; DWORD RetentionDays[3]; DWORD RestrictGuestAccess[3]; DWORD AuditSystemEvents; DWORD AuditLogonEvents; DWORD AuditObjectAccess; DWORD AuditPrivilegeUse; DWORD AuditPolicyChange; DWORD AuditAccountManage; DWORD AuditProcessTracking; DWORD AuditDSSAccess; DWORD AuditAccountLogon; DWORD CrashOnAuditFull; DWORD RegValueCount; [size_is(RegValueCount)] SCEPR_REGISTRY_VALUES *aRegValues; DWORD EnableAdminAccount; DWORD EnableGuestAccount; } SCEPR_PROFILE_INFO, *PSCEPR_PROFILE_INFO; // // object security structure // typedef struct _SCEPR_OBJECT_SECURITY { [string] wchar_t *Name; BYTE Status; BOOL IsContainer; [unique] SCEPR_SR_SECURITY_DESCRIPTOR *pSecurityDescriptor; SECURITY_INFORMATION SeInfo; } SCEPR_OBJECT_SECURITY, *PSCEPR_OBJECT_SECURITY; // // SVC prototypes // SCEPR_STATUS SceSvcRpcQueryInfo( [in] SCEPR_CONTEXT Context, [in] SCEPR_SVCINFO_TYPE SceSvcType, [in,string] wchar_t *ServiceName, [in,string,unique] wchar_t *Prefix, [in] BOOL bExact, [out] SCEPR_SVCINFO **ppvInfo, [in,out] SCEPR_ENUM_CONTEXT *psceEnumHandle ); SCEPR_STATUS SceSvcRpcSetInfo( [in] SCEPR_CONTEXT Context, [in] SCEPR_SVCINFO_TYPE SceSvcType, [in,string] wchar_t *ServiceName, [in,string,unique] wchar_t *Prefix, [in] BOOL bExact, [in] SCEPR_SVCINFO *pvInfo ); // // scesetup prototypes // DWORD SceRpcSetupUpdateObject( [in] SCEPR_CONTEXT Context, [in,string] wchar_t *ObjectFullName, [in] DWORD ObjectType, [in] UINT nFlag, [in,string] wchar_t *SDText ); DWORD SceRpcSetupMoveFile( [in] SCEPR_CONTEXT Context, [in,string] wchar_t *OldName, [in,string,unique] wchar_t *NewName, [in,string,unique] wchar_t *SDText ); DWORD SceRpcGenerateTemplate( [in] handle_t binding_h, [in,string,unique] wchar_t *JetDbName, [in,string,unique] wchar_t *LogFileName, [out] SCEPR_CONTEXT *pContext ); // // configure system // SCEPR_STATUS SceRpcConfigureSystem( [in] handle_t binding_h, [in,string,unique] wchar_t *InfFileName, [in,string,unique] wchar_t *DatabaseName, [in,string,unique] wchar_t *LogFileName, [in] DWORD ConfigOptions, [in] AREAPR Area, [in] DWORD pebSize, [in,size_is(pebSize),unique] UCHAR *pebClient, [out] DWORD *pdWarning ); // // secedit prototypes // SCEPR_STATUS SceRpcGetDatabaseInfo( [in] SCEPR_CONTEXT Context, [in] SCEPR_TYPE ProfileType, [in] AREAPR Area, [out] SCEPR_PROFILE_INFO **ppInfoBuffer, [out] SCEPR_ERROR_LOG_INFO **Errlog ); SCEPR_STATUS SceRpcGetObjectChildren( [in] SCEPR_CONTEXT Context, [in] SCEPR_TYPE ProfileType, [in] AREAPR Area, [in,string] wchar_t *ObjectPrefix, [out] SCEPR_OBJECT_CHILDREN **Buffer, [out] SCEPR_ERROR_LOG_INFO **Errlog ); SCEPR_STATUS SceRpcOpenDatabase( [in] handle_t binding_h, [in,string] wchar_t *DatabaseName, [in] DWORD OpenOption, [out] SCEPR_CONTEXT *pContext ); SCEPR_STATUS SceRpcCloseDatabase( [in,out] SCEPR_CONTEXT *Context ); SCEPR_STATUS SceRpcGetDatabaseDescription( [in] SCEPR_CONTEXT Context, [out,string] wchar_t **Description ); SCEPR_STATUS SceRpcGetDBTimeStamp( [in] SCEPR_CONTEXT Context, [out] PLARGE_INTEGER ptsConfig, [out] PLARGE_INTEGER ptsAnalysis ); SCEPR_STATUS SceRpcGetObjectSecurity( [in] SCEPR_CONTEXT Context, [in] SCEPR_TYPE DbProfileType, [in] AREAPR Area, [in,string] wchar_t *ObjectName, [out] SCEPR_OBJECT_SECURITY **ObjSecurity ); SCEPR_STATUS SceRpcGetAnalysisSummary( [in] SCEPR_CONTEXT Context, [in] AREAPR Area, [out] DWORD *pCount ); SCEPR_STATUS SceRpcAnalyzeSystem( [in] handle_t binding_h, [in,string,unique] wchar_t *InfFileName, [in,string,unique] wchar_t *DatabaseName, [in,string,unique] wchar_t *LogFileName, [in] AREAPR Area, [in] DWORD AnalyzeOptions, [in] DWORD pebSize, [in,size_is(pebSize),unique] UCHAR *pebClient, [out] DWORD *pdWarning ); SCEPR_STATUS SceRpcUpdateDatabaseInfo( [in] SCEPR_CONTEXT Context, [in] SCEPR_TYPE ProfileType, [in] AREAPR Area, [in] SCEPR_PROFILE_INFO *pInfo, [in] DWORD dwMode ); SCEPR_STATUS SceRpcUpdateObjectInfo( [in] SCEPR_CONTEXT Context, [in] AREAPR Area, [in,string] wchar_t *ObjectName, [in] DWORD NameLen, [in] BYTE ConfigStatus, [in] BOOL IsContainer, [in,unique] SCEPR_SR_SECURITY_DESCRIPTOR *pSD, [in] SECURITY_INFORMATION SeInfo, [out, size_is(1)] BYTE *pAnalysisStatus ); SCEPR_STATUS SceRpcStartTransaction( [in] SCEPR_CONTEXT Context ); SCEPR_STATUS SceRpcCommitTransaction( [in] SCEPR_CONTEXT Context ); SCEPR_STATUS SceRpcRollbackTransaction( [in] SCEPR_CONTEXT Context ); // // get product type of the server (DS DC, NT4 DC, wks) // SCEPR_STATUS SceRpcGetServerProductType( [in] handle_t binding_h, [out] SCEPR_SERVER_TYPE *srvProduct ); SCEPR_STATUS SceSvcRpcUpdateInfo( [in] SCEPR_CONTEXT Context, [in,string] wchar_t *ServiceName, [in] SCEPR_SVCINFO *Info ); SCEPR_STATUS SceRpcCopyObjects( [in] SCEPR_CONTEXT Context, [in] SCEPR_TYPE ProfileType, [in,string] wchar_t *InfFileName, [in] AREAPR Area, [out] SCEPR_ERROR_LOG_INFO **pErrlog ); SCEPR_STATUS SceRpcSetupResetLocalPolicy( [in] SCEPR_CONTEXT Context, [in] AREAPR Area, [in,string,unique] wchar_t *OneSectionName, [in] DWORD PolicyOptions ); // // the filter interface - policy change notification // typedef struct _SCEPR_SID { UCHAR Revision; UCHAR SubAuthorityCount; SID_IDENTIFIER_AUTHORITY IdentifierAuthority; [size_is(SubAuthorityCount)] ULONG SubAuthority[*]; } SCEPR_SID, *PSCEPR_SID, **PPSCEPR_SID; DWORD SceRpcNotifySaveChangesInGP( [in] handle_t binding_h, [in] DWORD DbType, [in] DWORD DeltaType, [in] DWORD ObjectType, [in,unique] SCEPR_SID *ObjectSid, [in] DWORD ExplicitLowRight, [in] DWORD ExplicitHighRight ); DWORD SceRpcControlNotificationQProcess( [in] handle_t binding_h, [in] DWORD Flag ); // // register the client callback // [callback] SCEPR_STATUS SceClientCallback( [in] DWORD ncbTicks, [in] DWORD ncbTotalTicks, [in] AREAPR cbArea, [in,string,unique] wchar_t *szcbName ); [callback] SCEPR_STATUS SceClientBrowseCallback( [in] LONG GpoID, [in,string,unique] wchar_t *KeyName, [in,string,unique] wchar_t *GpoName, [in,unique] SCEPR_SR_SECURITY_DESCRIPTOR *Value ); SCEPR_STATUS SceRpcBrowseDatabaseTable( [in] handle_t binding_h, [in,string,unique] wchar_t *DatabaseName, [in] SCEPR_TYPE ProfileType, [in] AREAPR Area, [in] BOOL bDomainPolicyOnly ); [callback] SCEPR_STATUS SceClientCallbackRsopLog( [in] AREAPR cbArea, [in] DWORD ncbErrorStatus, [in,string,unique] wchar_t *pSettingInfo, [in] DWORD dwPrivLow, [in] DWORD dwPrivHigh ); // // set/get info to/from system directly // SCEPR_STATUS SceRpcGetSystemSecurityFromHandle( [in] SCEPR_CONTEXT Context, [in] AREAPR Area, [in] DWORD Options, [out] SCEPR_PROFILE_INFO **ppInfoBuffer, [out] SCEPR_ERROR_LOG_INFO **Errlog ); SCEPR_STATUS SceRpcGetSystemSecurity( [in] handle_t binding_h, [in] AREAPR Area, [in] DWORD Options, [out] SCEPR_PROFILE_INFO **ppInfoBuffer, [out] SCEPR_ERROR_LOG_INFO **Errlog ); SCEPR_STATUS SceRpcSetSystemSecurityFromHandle( [in] SCEPR_CONTEXT Context, [in] AREAPR Area, [in] DWORD Options, [in] SCEPR_PROFILE_INFO *pInfoBuffer, [out] SCEPR_ERROR_LOG_INFO **Errlog ); SCEPR_STATUS SceRpcSetSystemSecurity( [in] handle_t binding_h, [in] AREAPR Area, [in] DWORD Options, [in] SCEPR_PROFILE_INFO *pInfoBuffer, [out] SCEPR_ERROR_LOG_INFO **Errlog ); // // allow get/set/delete a single key // SCEPR_STATUS SceRpcSetDatabaseSetting( [in] SCEPR_CONTEXT Context, [in] SCEPR_TYPE ProfileType, [in,string] wchar_t *SectionName, [in,string] wchar_t *KeyName, [in,unique] PSCEPR_VALUEINFO pValueInfo ); SCEPR_STATUS SceRpcGetDatabaseSetting( [in] SCEPR_CONTEXT Context, [in] SCEPR_TYPE ProfileType, [in,string] wchar_t *SectionName, [in,string] wchar_t *KeyName, [out] PSCEPR_VALUEINFO *pValueInfo ); DWORD SceRpcConfigureConvertedFileSecurityImmediately( [in] handle_t binding_h, [in,string] wchar_t *pszDriveName ); //////////////////////////////////////////////////////////////////////////// // // // END RPC INTERFACE // // // //////////////////////////////////////////////////////////////////////////// }