mirror of https://github.com/lianthony/NT4.0
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
870 lines
22 KiB
870 lines
22 KiB
/*++
|
|
|
|
Copyright (c) 1991 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
dbp.h
|
|
|
|
Abstract:
|
|
|
|
LSA Database Private Functions, Datatypes and Defines
|
|
|
|
Author:
|
|
|
|
Scott Birrell (ScottBi) May 29, 1991
|
|
|
|
Environment:
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
#ifndef _LSADBP_
|
|
#define _LSADBP_
|
|
|
|
|
|
|
|
//
|
|
// LSA revisions
|
|
//
|
|
// NT 1.0 ==> 1.0
|
|
// NT 1.0A ==> 1.1
|
|
//
|
|
|
|
#define LSAP_DB_REVISION_1_0 0x00010000
|
|
#define LSAP_DB_REVISION_1_1 0x00010001
|
|
#define LSAP_DB_REVISION LSAP_DB_REVISION_1_1
|
|
|
|
|
|
//
|
|
// Uncomment the define LSA_SAM_ACCOUNTS_DOMAIN_TEST to enable the
|
|
// code needed for the ctsamdb test program. Recompile dbsamtst.c,
|
|
// dbpolicy.c. rebuild lsasrv.dll and nmake UMTYPE=console UMTEST=ctsamdb.
|
|
//
|
|
// #define LSA_SAM_ACCOUNTS_DOMAIN_TEST
|
|
//
|
|
|
|
//
|
|
// Prefered Maximum Length of data used for internal enumerations.
|
|
//
|
|
|
|
#define LSAP_DB_ENUM_DOMAIN_LENGTH ((ULONG) 0x00000100L)
|
|
|
|
//
|
|
// Write operations are not allowed on Backup controllers (except
|
|
// for trusted clients).
|
|
//
|
|
|
|
#define LSAP_POLICY_WRITE_OPS (DELETE |\
|
|
WRITE_OWNER |\
|
|
WRITE_DAC |\
|
|
POLICY_TRUST_ADMIN |\
|
|
POLICY_CREATE_ACCOUNT |\
|
|
POLICY_CREATE_SECRET |\
|
|
POLICY_CREATE_PRIVILEGE |\
|
|
POLICY_SET_DEFAULT_QUOTA_LIMITS |\
|
|
POLICY_SET_AUDIT_REQUIREMENTS |\
|
|
POLICY_AUDIT_LOG_ADMIN |\
|
|
POLICY_SERVER_ADMIN)
|
|
|
|
#define LSAP_ACCOUNT_WRITE_OPS (DELETE |\
|
|
WRITE_OWNER |\
|
|
WRITE_DAC |\
|
|
ACCOUNT_ADJUST_PRIVILEGES |\
|
|
ACCOUNT_ADJUST_QUOTAS |\
|
|
ACCOUNT_ADJUST_SYSTEM_ACCESS)
|
|
|
|
#define LSAP_TRUSTED_WRITE_OPS (DELETE |\
|
|
WRITE_OWNER |\
|
|
WRITE_DAC |\
|
|
TRUSTED_SET_CONTROLLERS |\
|
|
TRUSTED_SET_POSIX)
|
|
|
|
#define LSAP_SECRET_WRITE_OPS (DELETE |\
|
|
WRITE_OWNER |\
|
|
WRITE_DAC |\
|
|
SECRET_SET_VALUE)
|
|
|
|
//
|
|
// Maximum number of attributes an object can have
|
|
//
|
|
|
|
#define LSAP_DB_MAX_ATTRIBUTES (0x00000020)
|
|
|
|
//
|
|
// LSA Absolute Minimum and Maximum Quota Limit values
|
|
//
|
|
// These values represent the endpoints of the range of permitted values
|
|
// which a quota limit may be set via the LsaSetQuotaLimitsForLsa() API
|
|
//
|
|
// FIX, FIX - get real values from Loup
|
|
//
|
|
|
|
|
|
#define LSAP_DB_WINNT_PAGED_POOL (0x02000000L)
|
|
#define LSAP_DB_WINNT_NON_PAGED_POOL (0x00100000L)
|
|
#define LSAP_DB_WINNT_MIN_WORKING_SET (0x00010000L)
|
|
#define LSAP_DB_WINNT_MAX_WORKING_SET (0x0f000000L)
|
|
#define LSAP_DB_WINNT_PAGEFILE (0x0f000000L)
|
|
|
|
#define LSAP_DB_LANMANNT_PAGED_POOL (0x02000000L)
|
|
#define LSAP_DB_LANMANNT_NON_PAGED_POOL (0x00100000L)
|
|
#define LSAP_DB_LANMANNT_MIN_WORKING_SET (0x00010000L)
|
|
#define LSAP_DB_LANMANNT_MAX_WORKING_SET (0x0f000000L)
|
|
#define LSAP_DB_LANMANNT_PAGEFILE (0x0f000000L)
|
|
|
|
#define LSAP_DB_ABS_MIN_PAGED_POOL (0x00010000L)
|
|
#define LSAP_DB_ABS_MIN_NON_PAGED_POOL (0x00010000L)
|
|
#define LSAP_DB_ABS_MIN_MIN_WORKING_SET (0x00000001L)
|
|
#define LSAP_DB_ABS_MIN_MAX_WORKING_SET (0x00001000L)
|
|
#define LSAP_DB_ABS_MIN_PAGEFILE (0x00001000L)
|
|
|
|
#define LSAP_DB_ABS_MAX_PAGED_POOL (0xffffffffL)
|
|
#define LSAP_DB_ABS_MAX_NON_PAGED_POOL (0xffffffffL)
|
|
#define LSAP_DB_ABS_MAX_MIN_WORKING_SET (0xffffffffL)
|
|
#define LSAP_DB_ABS_MAX_MAX_WORKING_SET (0xffffffffL)
|
|
#define LSAP_DB_ABS_MAX_PAGEFILE (0xffffffffL)
|
|
|
|
//
|
|
// NOTES on Logical and Physical Names
|
|
//
|
|
// LogicalName - Unicode String containing the Logical Name of the object.
|
|
// The Logical Name of an object is the name by which it is known
|
|
// to the outside world, e.g, SCOTTBI might be a typical name for
|
|
// a user account object
|
|
// PhysicalName - Unicode String containing the Physical name of the object.
|
|
// This is a name internal to the Lsa Database and is dependent on the
|
|
// implementation. For the current implementation of the LSA Database
|
|
// as a subtree of keys within the Configuration Registry, the
|
|
// PhysicalName is the name of the Registry Key for the object relative
|
|
// to the container object, e.g, ACCOUNTS\SCOTTBI is the Physical Name
|
|
// for the user account object with Logical Name SCOTTBI.
|
|
//
|
|
|
|
//
|
|
// LSA Database Object Containing Directories
|
|
//
|
|
|
|
UNICODE_STRING LsapDbContDirs[DummyLastObject];
|
|
|
|
|
|
typedef enum _LSAP_DB_CACHE_STATE {
|
|
|
|
LsapDbCacheNotSupported = 1,
|
|
LsapDbCacheInvalid,
|
|
LsapDbCacheBuilding,
|
|
LsapDbCacheValid
|
|
|
|
} LSAP_DB_CACHE_STATE, *PLSAP_DB_CACHE_STATE;
|
|
|
|
//
|
|
// LSA Database Object Type Structure
|
|
//
|
|
|
|
typedef struct _LSAP_DB_OBJECT_TYPE {
|
|
|
|
GENERIC_MAPPING GenericMapping;
|
|
ULONG ObjectCount;
|
|
NTSTATUS ObjectCountError;
|
|
ULONG MaximumObjectCount;
|
|
ACCESS_MASK WriteOperations;
|
|
ACCESS_MASK AliasAdminsAccess;
|
|
ACCESS_MASK WorldAccess;
|
|
ACCESS_MASK InvalidMappedAccess;
|
|
PSID InitialOwnerSid;
|
|
BOOLEAN ObjectCountLimited;
|
|
BOOLEAN AccessedBySid;
|
|
BOOLEAN AccessedByName;
|
|
LSAP_DB_CACHE_STATE CacheState;
|
|
PVOID ObjectCache;
|
|
|
|
} LSAP_DB_OBJECT_TYPE, *PLSAP_DB_OBJECT_TYPE;
|
|
|
|
//
|
|
// LSA Database Object Name types
|
|
//
|
|
|
|
typedef enum _LSAP_DB_OBJECT_NAME_TYPE {
|
|
|
|
LsapDbObjectPhysicalName = 1,
|
|
LsapDbObjectLogicalName
|
|
|
|
} LSAP_DB_OBJECT_NAME_TYPE, *PLSAP_DB_OBJECT_NAME_TYPE;
|
|
|
|
#define LsapDbMakeCacheUnsupported( ObjectTypeId ) \
|
|
\
|
|
{ \
|
|
LsapDbState.DbObjectTypes[ ObjectTypeId ].CacheState = LsapDbCacheInvalid; \
|
|
}
|
|
|
|
#define LsapDbMakeCacheInvalid( ObjectTypeId ) \
|
|
\
|
|
{ \
|
|
LsapDbState.DbObjectTypes[ ObjectTypeId ].CacheState = LsapDbCacheInvalid; \
|
|
}
|
|
|
|
#define LsapDbMakeCacheBuilding( ObjectTypeId ) \
|
|
\
|
|
{ \
|
|
LsapDbState.DbObjectTypes[ ObjectTypeId ].CacheState = LsapDbCacheBuilding; \
|
|
}
|
|
|
|
|
|
#define LsapDbMakeCacheValid( ObjectTypeId ) \
|
|
\
|
|
{ \
|
|
LsapDbState.DbObjectTypes[ ObjectTypeId ].CacheState = LsapDbCacheValid; \
|
|
}
|
|
|
|
#define LsapDbIsCacheValid( ObjectTypeId ) \
|
|
(LsapDbState.DbObjectTypes[ ObjectTypeId ].CacheState == LsapDbCacheValid)
|
|
|
|
#define LsapDbIsCacheSupported( ObjectTypeId ) \
|
|
(LsapDbState.DbObjectTypes[ ObjectTypeId ].CacheState != LsapDbCacheNotSupported)
|
|
|
|
#define LsapDbIsCacheBuilding( ObjectTypeId ) \
|
|
(LsapDbState.DbObjectTypes[ ObjectTypeId ].CacheState == LsapDbCacheBuilding)
|
|
|
|
//
|
|
// LSA Database Local State Information. This structure contains various
|
|
// global variables containing dynamic state information.
|
|
//
|
|
|
|
typedef struct _LSAP_DB_STATE {
|
|
|
|
POLICY_MODIFICATION_INFO PolicyModificationInfo;
|
|
LARGE_INTEGER ModifiedIdAtLastPromotion;
|
|
HANDLE DbRootRegKeyHandle; // Lsa Database Root Dir Reg Key Handle
|
|
PSID PrimaryDomainSid;
|
|
ULONG SecretObjectCount;
|
|
ULONG OpenHandleCount;
|
|
POLICY_LSA_SERVER_ROLE_INFO PolicyLsaServerRoleInfo;
|
|
BOOLEAN DbServerInitialized;
|
|
BOOLEAN TransactionOpen;
|
|
BOOLEAN ReplicatorNotificationEnabled;
|
|
|
|
LSAP_DB_OBJECT_TYPE DbObjectTypes[LSAP_DB_OBJECT_TYPE_COUNT];
|
|
|
|
RTL_CRITICAL_SECTION DbLock;
|
|
PRTL_RXACT_CONTEXT RXactContext;
|
|
|
|
} LSAP_DB_STATE, *PLSAP_DB_STATE;
|
|
|
|
extern LSAP_DB_STATE LsapDbState;
|
|
|
|
//
|
|
// LSA Database Private Data. This Data is eligible for replication,
|
|
// unlike the Local State Information above which is meaningful on
|
|
// the local machine only.
|
|
//
|
|
|
|
typedef struct _LSAP_DB_POLICY_PRIVATE_DATA {
|
|
|
|
ULONG NoneDefinedYet;
|
|
|
|
} LSAP_DB_POLICY_PRIVATE_DATA, *PLSAP_DB_POLICY_PRIVATE_DATA;
|
|
|
|
PLSAP_CR_CIPHER_KEY LsapDbCipherKey;
|
|
|
|
|
|
//
|
|
// Object Enumeration Element Structure
|
|
//
|
|
|
|
typedef struct _LSAP_DB_ENUMERATION_ELEMENT {
|
|
|
|
struct _LSAP_DB_ENUMERATION_ELEMENT *Next;
|
|
LSAP_DB_OBJECT_INFORMATION ObjectInformation;
|
|
PSID Sid;
|
|
UNICODE_STRING Name;
|
|
|
|
} LSAP_DB_ENUMERATION_ELEMENT, *PLSAP_DB_ENUMERATION_ELEMENT;
|
|
|
|
//
|
|
// Handle Table Entry
|
|
//
|
|
|
|
typedef struct _LSAP_DB_HANDLE_ENTRY {
|
|
|
|
BOOLEAN Allocated;
|
|
HANDLE KeyHandle;
|
|
ACCESS_MASK GrantedAccess;
|
|
|
|
} LSAP_DB_HANDLE_ENTRY, *PLSAP_DB_HANDLE_ENTRY;
|
|
|
|
//
|
|
// Handle Table Handle Block
|
|
//
|
|
|
|
#define LSAP_DB_MAX_HANDLES_PER_BLOCK 0x00000040L
|
|
|
|
typedef struct _LSAP_DB_HANDLE_BLOCK {
|
|
|
|
struct _LSAP_DB_HANDLE_BLOCK *NextBlock;
|
|
ULONG FreeCount;
|
|
LSAP_DB_HANDLE_ENTRY Handles[LSAP_DB_MAX_HANDLES_PER_BLOCK];
|
|
|
|
} LSAP_DB_HANDLE_BLOCK, *PLSAP_DB_HANDLE_BLOCK;
|
|
|
|
//
|
|
// Handle Table Header Block
|
|
//
|
|
// One of these structures exists for each Handle Table
|
|
//
|
|
|
|
typedef struct _LSAP_DB_HANDLE_TABLE {
|
|
|
|
BOOLEAN Lock;
|
|
PLSAP_DB_HANDLE_BLOCK FirstBlock;
|
|
PLSAP_DB_HANDLE_BLOCK LastBlock;
|
|
|
|
} LSAP_DB_HANDLE_TABLE, *PLSAP_DB_HANDLE_TABLE;
|
|
|
|
//
|
|
// Trusted Domain List. This list caches the Trust Information for
|
|
// all Trusted Domains in the Policy Database, and enables lookup
|
|
// operations to locate Trusted Domains by Sid or Name without recourse
|
|
// to the Trusted Domain objects themselves.
|
|
//
|
|
|
|
typedef struct _LSAP_DB_TRUSTED_DOMAIN_LIST_SECTION {
|
|
|
|
LIST_ENTRY Links;
|
|
ULONG UsedCount;
|
|
ULONG MaximumCount;
|
|
PLSAPR_TRUST_INFORMATION Domains;
|
|
|
|
} LSAP_DB_TRUSTED_DOMAIN_LIST_SECTION, *PLSAP_DB_TRUSTED_DOMAIN_LIST_SECTION;
|
|
|
|
typedef struct _LSAP_DB_TRUSTED_DOMAIN_LIST {
|
|
|
|
BOOLEAN Valid;
|
|
PLSAP_DB_TRUSTED_DOMAIN_LIST_SECTION AnchorListSection;
|
|
LSAP_DB_TRUSTED_DOMAIN_LIST_SECTION DummyAnchorListSection;
|
|
RTL_RESOURCE Resource;
|
|
|
|
} LSAP_DB_TRUSTED_DOMAIN_LIST, *PLSAP_DB_TRUSTED_DOMAIN_LIST;
|
|
|
|
//
|
|
// Account List. This list caches the Account Information for
|
|
// all Account Objects in the Policy database, and enables accounts
|
|
// to queried by Sid without recourse to teh Account objects themselves.
|
|
//
|
|
|
|
typedef struct _LSAP_DB_ACCOUNT {
|
|
|
|
LIST_ENTRY Links;
|
|
PLSAPR_SID Sid;
|
|
LSAP_DB_ACCOUNT_TYPE_SPECIFIC_INFO Info;
|
|
|
|
} LSAP_DB_ACCOUNT, *PLSAP_DB_ACCOUNT;
|
|
|
|
typedef struct _LSAP_DB_ACCOUNT_LIST {
|
|
|
|
LIST_ENTRY Links;
|
|
ULONG AccountCount;
|
|
|
|
} LSAP_DB_ACCOUNT_LIST, *PLSAP_DB_ACCOUNT_LIST;
|
|
|
|
//
|
|
// Cached information for the Policy Object.
|
|
//
|
|
|
|
typedef struct _LSAP_DB_POLICY_ENTRY {
|
|
|
|
ULONG AttributeLength;
|
|
PLSAPR_POLICY_INFORMATION Attribute;
|
|
|
|
} LSAP_DB_POLICY_ENTRY, *PLSAP_DB_POLICY_ENTRY;
|
|
|
|
//
|
|
// Cached policy Object - Initially only Quota Limits is cached.
|
|
//
|
|
|
|
typedef struct _LSAP_DB_POLICY {
|
|
|
|
LSAP_DB_POLICY_ENTRY Info[ PolicyAuditFullQueryInformation + 1];
|
|
|
|
} LSAP_DB_POLICY, *PLSAP_DB_POLICY;
|
|
|
|
extern LSAP_DB_POLICY LsapDbPolicy;
|
|
|
|
NTSTATUS
|
|
LsapDbQueryInformationPolicy(
|
|
IN LSAPR_HANDLE PolicyHandle,
|
|
IN POLICY_INFORMATION_CLASS InformationClass,
|
|
IN OUT PLSAPR_POLICY_INFORMATION *Buffer
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbSlowQueryInformationPolicy(
|
|
IN LSAPR_HANDLE PolicyHandle,
|
|
IN POLICY_INFORMATION_CLASS InformationClass,
|
|
IN OUT PLSAPR_POLICY_INFORMATION *Buffer
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbBuildPolicyCache(
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbBuildAccountCache(
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbBuildTrustedDomainCache(
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbBuildSecretCache(
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbRebuildCache(
|
|
IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbCreateAccount(
|
|
IN PLSAPR_SID AccountSid,
|
|
OUT OPTIONAL PLSAP_DB_ACCOUNT *Account
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbDeleteAccount(
|
|
IN PLSAPR_SID AccountSid
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbEnumerateTrustedDomains(
|
|
IN LSAPR_HANDLE PolicyHandle,
|
|
IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
|
|
OUT PLSAPR_TRUSTED_ENUM_BUFFER EnumerationBuffer,
|
|
IN ULONG PreferedMaximumLength
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbSlowEnumerateTrustedDomains(
|
|
IN LSAPR_HANDLE PolicyHandle,
|
|
IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
|
|
OUT PLSAPR_TRUSTED_ENUM_BUFFER EnumerationBuffer,
|
|
IN ULONG PreferedMaximumLength
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbEnumerateTrustedDomainList(
|
|
IN OPTIONAL PLSAP_DB_TRUSTED_DOMAIN_LIST TrustedDomainList,
|
|
IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
|
|
OUT PLSAPR_TRUSTED_ENUM_BUFFER EnumerationBuffer,
|
|
IN ULONG PreferedMaximumLength
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbBuildTrustedDomainList(
|
|
IN OPTIONAL LSA_HANDLE PolicyHandle,
|
|
OUT OPTIONAL PLSAP_DB_TRUSTED_DOMAIN_LIST TrustedDomainList
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbDestroyTrustedDomainList(
|
|
IN PLSAP_DB_TRUSTED_DOMAIN_LIST TrustedDomainList
|
|
);
|
|
|
|
|
|
NTSTATUS
|
|
LsapDbLookupSidTrustedDomainList(
|
|
IN OPTIONAL PLSAP_DB_TRUSTED_DOMAIN_LIST TrustedDomainList,
|
|
IN PLSAPR_SID DomainSid,
|
|
OUT PLSAPR_TRUST_INFORMATION *TrustInformation
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbLookupNameTrustedDomainList(
|
|
IN OPTIONAL PLSAP_DB_TRUSTED_DOMAIN_LIST TrustedDomainList,
|
|
IN PLSAPR_UNICODE_STRING DomainName,
|
|
OUT PLSAPR_TRUST_INFORMATION *TrustInformation
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbLookupEntryTrustedDomainList(
|
|
IN OPTIONAL PLSAP_DB_TRUSTED_DOMAIN_LIST TrustedDomainList,
|
|
IN PLSAPR_TRUST_INFORMATION TrustInformation,
|
|
OUT PLSAP_DB_TRUSTED_DOMAIN_LIST_SECTION *TrustedDomainListSection,
|
|
OUT PULONG SectionIndex
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbTraverseTrustedDomainList(
|
|
IN OPTIONAL PLSAP_DB_TRUSTED_DOMAIN_LIST TrustedDomainList,
|
|
IN OUT PLSAP_DB_TRUSTED_DOMAIN_LIST_SECTION *TrustedDomainListSection,
|
|
IN OUT PULONG SectionIndex,
|
|
OUT OPTIONAL PLSAPR_TRUST_INFORMATION *TrustInformation
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbLocateEntryNumberTrustedDomainList(
|
|
IN OPTIONAL PLSAP_DB_TRUSTED_DOMAIN_LIST TrustedDomainList,
|
|
IN ULONG EntryNumber,
|
|
OUT PLSAP_DB_TRUSTED_DOMAIN_LIST_SECTION *TrustedDomainListSection,
|
|
OUT PULONG SectionIndex,
|
|
OUT OPTIONAL PLSAPR_TRUST_INFORMATION *TrustInformation
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbEnumerateTrustedDomainList(
|
|
IN OPTIONAL PLSAP_DB_TRUSTED_DOMAIN_LIST TrustedDomainList,
|
|
IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
|
|
OUT PLSAPR_TRUSTED_ENUM_BUFFER EnumerationBuffer,
|
|
IN ULONG PreferedMaximumLength
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbInsertTrustedDomainList(
|
|
IN ULONG Count,
|
|
IN PLSAPR_TRUST_INFORMATION Domains
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbDeleteTrustedDomainList(
|
|
IN OPTIONAL PLSAP_DB_TRUSTED_DOMAIN_LIST TrustedDomainList,
|
|
IN PLSAPR_TRUST_INFORMATION TrustInformation
|
|
);
|
|
|
|
BOOLEAN
|
|
LsapDbIsValidTrustedDomainList(
|
|
IN OPTIONAL PLSAP_DB_TRUSTED_DOMAIN_LIST TrustedDomainList
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbAcquireReadLockTrustedDomainList(
|
|
IN OPTIONAL PLSAP_DB_TRUSTED_DOMAIN_LIST TrustedDomainList
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbAcquireWriteLockTrustedDomainList(
|
|
IN OPTIONAL PLSAP_DB_TRUSTED_DOMAIN_LIST TrustedDomainList
|
|
);
|
|
|
|
VOID
|
|
LsapDbReleaseReadLockTrustedDomainList(
|
|
IN OPTIONAL PLSAP_DB_TRUSTED_DOMAIN_LIST TrustedDomainList
|
|
);
|
|
|
|
VOID
|
|
LsapDbReleaseWriteLockTrustedDomainList(
|
|
IN OPTIONAL PLSAP_DB_TRUSTED_DOMAIN_LIST TrustedDomainList
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbOpenPolicyTrustedDomain(
|
|
IN PLSAPR_TRUST_INFORMATION TrustInformation,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
OUT PLSA_HANDLE ControllerPolicyHandle
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbInitializeHandleTable(
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbInitializeWellKnownPrivs(
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbInitializeCipherKey(
|
|
);
|
|
|
|
LSAPR_HANDLE
|
|
LsapDbCreateHandle(
|
|
IN PLSAP_DB_OBJECT_INFORMATION ObjectInformation,
|
|
IN ULONG Options
|
|
);
|
|
|
|
BOOLEAN LsapDbLookupHandle(
|
|
IN LSAPR_HANDLE ObjectHandle
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbCloseHandle(
|
|
IN LSAPR_HANDLE ObjectHandle
|
|
);
|
|
|
|
VOID
|
|
LsapDbFreeHandle(
|
|
IN LSAPR_HANDLE ObjectHandle
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbReferencesHandle(
|
|
IN LSAPR_HANDLE ObjectHandle,
|
|
OUT PULONG ReferenceCount
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbMarkDeletedObjectHandles(
|
|
IN LSAPR_HANDLE ObjectHandle,
|
|
IN BOOLEAN MarkSelf
|
|
);
|
|
|
|
/*++
|
|
|
|
BOOLEAN
|
|
LsapDbTrustedHandle(
|
|
IN LSAPR_HANDLE ObjectHandle
|
|
)
|
|
|
|
Routine Description:
|
|
|
|
This macro function checks if a given handle is Trusted and returns
|
|
the result.
|
|
|
|
Arguments:
|
|
|
|
ObjectHandle - Valid handle. It is the caller's responsibility
|
|
to verify that the given handle is valid.
|
|
|
|
Return Value:
|
|
|
|
BOOLEAN - TRUE if handle is Trusted, else FALSE.
|
|
|
|
--*/
|
|
|
|
#define LsapDbIsTrustedHandle(ObjectHandle) \
|
|
(((LSAP_DB_HANDLE) ObjectHandle)->Trusted)
|
|
|
|
#define LsapDbSidFromHandle(ObjectHandle) \
|
|
((PLSAPR_SID)(((LSAP_DB_HANDLE)(ObjectHandle))->Sid))
|
|
|
|
#define LsapDbObjectTypeIdFromHandle(ObjectHandle) \
|
|
(((LSAP_DB_HANDLE)(ObjectHandle))->ObjectTypeId)
|
|
|
|
#define LsapDbRegKeyFromHandle(ObjectHandle) \
|
|
(((LSAP_DB_HANDLE)(ObjectHandle))->KeyHandle)
|
|
|
|
#define LsapDbContainerFromHandle(ObjectHandle) \
|
|
(((LSAP_DB_HANDLE) ObjectHandle)->ContainerHandle)
|
|
|
|
NTSTATUS
|
|
LsapDbRequestAccessObject(
|
|
IN OUT LSAPR_HANDLE ObjectHandle,
|
|
IN PLSAP_DB_OBJECT_INFORMATION ObjectInformation,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN ULONG Options
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbRequestAccessNewObject(
|
|
IN OUT LSAPR_HANDLE ObjectHandle,
|
|
IN PLSAP_DB_OBJECT_INFORMATION ObjectInformation,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN ULONG Options
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbInitializeObjectTypes();
|
|
|
|
NTSTATUS
|
|
LsapDbInitializeUnicodeNames();
|
|
|
|
NTSTATUS
|
|
LsapDbInitializeObjectLinkList();
|
|
|
|
NTSTATUS
|
|
LsapDbInitializeContainingDirs();
|
|
|
|
NTSTATUS
|
|
LsapDbInitializeDefaultQuotaLimits();
|
|
|
|
NTSTATUS
|
|
LsapDbInitializeReplication();
|
|
|
|
NTSTATUS
|
|
LsapDbInitializeObjectTypes();
|
|
|
|
NTSTATUS
|
|
LsapDbInitializePrivilegeObject();
|
|
|
|
NTSTATUS
|
|
LsapDbInitializeLock();
|
|
|
|
NTSTATUS
|
|
LsapDbOpenRootRegistryKey();
|
|
|
|
NTSTATUS
|
|
LsapDbInstallLsaDatabase(
|
|
IN ULONG Pass
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbInstallPolicyObject(
|
|
IN ULONG Pass
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbInstallAccountObjects(
|
|
VOID
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbNotifyChangeObject(
|
|
IN LSAPR_HANDLE ObjectHandle,
|
|
IN SECURITY_DB_DELTA_TYPE SecurityDbDeltaType
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbLogicalToPhysicalNameU(
|
|
IN PLSAP_DB_OBJECT_INFORMATION ObjectInformation,
|
|
OUT PUNICODE_STRING PhysicalNameU
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbLogicalToPhysicalSubKey(
|
|
IN LSAPR_HANDLE ObjectHandle,
|
|
OUT PUNICODE_STRING PhysicalSubKeyNameU,
|
|
IN PUNICODE_STRING LogicalSubKeyNameU
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbJoinSubPaths(
|
|
IN PUNICODE_STRING MajorSubPath,
|
|
IN PUNICODE_STRING MinorSubPath,
|
|
OUT PUNICODE_STRING JoinedPath
|
|
);
|
|
|
|
VOID
|
|
LsapDbFreePhysicalSubKeyObject(
|
|
IN PUNICODE_STRING PhysicalSubKeyNameU
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbGetNamesObject(
|
|
IN PLSAP_DB_OBJECT_INFORMATION ObjectInformation,
|
|
OUT OPTIONAL PUNICODE_STRING LogicalNameU,
|
|
OUT OPTIONAL PUNICODE_STRING PhysicalNameU
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbCheckCountObject(
|
|
IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId
|
|
);
|
|
|
|
#define LsapDbIncrementCountObject(ObjectTypeId) \
|
|
{ \
|
|
LsapDbState.DbObjectTypes[ObjectTypeId].ObjectCount++; \
|
|
}
|
|
|
|
#define LsapDbDecrementCountObject(ObjectTypeId) \
|
|
{ \
|
|
LsapDbState.DbObjectTypes[ObjectTypeId].ObjectCount--; \
|
|
}
|
|
|
|
NTSTATUS
|
|
LsapDbCreateSDAttributeObject(
|
|
IN LSAPR_HANDLE ObjectHandle,
|
|
IN PLSAP_DB_OBJECT_INFORMATION ObjectInformation
|
|
);
|
|
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This macro function determines if a given Object Type Id requires
|
|
a Sid to be specified in ObjectInformation describing it.
|
|
|
|
Arguments:
|
|
|
|
ObjectTypeId - Object Type Id which must be valid.
|
|
|
|
Return Values:
|
|
|
|
BOOLEAN - TRUE if objects of the given type require a Sid, else FALSE.
|
|
|
|
#define LsapDbRequiresSidObject(ObjectTypeId) \
|
|
(LsapDbRequiresSidInfo[ObjectTypeId])
|
|
--*/
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This macro function determines if a given Object Type Id requires
|
|
a name to be specified in ObjectInformation describing it.
|
|
|
|
Arguments:
|
|
|
|
ObjectTypeId - Object Type Id which must be valid.
|
|
|
|
Return Values:
|
|
|
|
BOOLEAN - TRUE if objects of the given type require a name, else FALSE.
|
|
|
|
#define LsapDbRequiresNameObject(ObjectTypeId) \
|
|
(LsapDbRequiresNameInfo[ObjectTypeId])
|
|
--*/
|
|
|
|
NTSTATUS
|
|
LsapDbSetSidNameValue(
|
|
IN ULONG SidIndex,
|
|
IN PANSI_STRING AnsiName,
|
|
IN PANSI_STRING AnsiDomainName,
|
|
OUT PUNICODE_STRING Name,
|
|
OUT OPTIONAL PUNICODE_STRING DomainName
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbQueryValueSecret(
|
|
IN LSAPR_HANDLE SecretHandle,
|
|
IN PUNICODE_STRING ValueName,
|
|
IN OPTIONAL PLSAP_CR_CIPHER_KEY SessionKey,
|
|
OUT PLSAP_CR_CIPHER_VALUE *CipherValue
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbGetScopeSecret(
|
|
IN PLSAPR_UNICODE_STRING SecretName,
|
|
OUT PBOOLEAN GlobalSecret
|
|
);
|
|
|
|
VOID
|
|
LsapDbResetStatesError(
|
|
IN LSAPR_HANDLE ObjectHandle,
|
|
IN NTSTATUS PreliminaryStatus,
|
|
IN ULONG DesiredStatesReset,
|
|
IN SECURITY_DB_DELTA_TYPE SecurityDbDeltaType,
|
|
IN ULONG StatesResetAttempted
|
|
);
|
|
|
|
VOID
|
|
LsapDbMakeInvalidInformationPolicy(
|
|
IN ULONG InformationClass
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbObjectNameFromHandle(
|
|
IN LSAPR_HANDLE ObjectHandle,
|
|
IN BOOLEAN MakeCopy,
|
|
IN LSAP_DB_OBJECT_NAME_TYPE ObjectNameType,
|
|
OUT PLSAPR_UNICODE_STRING ObjectName
|
|
);
|
|
|
|
NTSTATUS
|
|
LsapDbPhysicalNameFromHandle(
|
|
IN LSAPR_HANDLE ObjectHandle,
|
|
IN BOOLEAN MakeCopy,
|
|
OUT PLSAPR_UNICODE_STRING ObjectName
|
|
);
|
|
|
|
VOID
|
|
LsapDbMarkTrustedHandle(
|
|
IN OUT LSAPR_HANDLE ObjectHandle
|
|
);
|
|
|
|
VOID
|
|
LsapDbDecrementReferenceCountHandle(
|
|
IN OUT LSAPR_HANDLE ObjectHandle
|
|
);
|
|
|
|
#endif //_LSADBP_
|
|
|