|
|
/*++
Copyright (c) 1991 Microsoft Corporation
Module Name:
ntrmlsa.h
Abstract:
Local Security Authority - Reference Monitor Communication Types
Author:
Scott Birrell (ScottBi) March 18, 1991
Environment:
Revision History:
--*/
#include <ntlsa.h>
#ifndef _NTRMLSA_
#define _NTRMLSA_
//
// Memory type. This defines the type of memory used for a record
// passed between the RM and LSA.
//
// SepRmLsaPortMemory - Memory allocated via RtlAllocateHeap()
// from the shared memory section associated with the
// Lsa command Port.
//
// SepRmLsaVirtualMemory - Memory allocated via ZwAllocateVirtualMemory()
//
// SepRmLsaUnreadableMemory - Memory not readable by the LSA. This
// memory must be copied to another format
// before passage over the link.
//
// SepRmLsaLPCBufferMemory - Memory contained within the LPC buffer
// itself
//
typedef enum _SEP_RM_LSA_MEMORY_TYPE {
SepRmNoMemory = 0, SepRmImmediateMemory, SepRmLsaCommandPortSharedMemory, SepRmLsaCustomSharedMemory, SepRmPagedPoolMemory, SepRmUnspecifiedMemory
} SEP_RM_LSA_MEMORY_TYPE, *PSEP_RM_LSA_MEMORY_TYPE;
//
// Reference Monitor Command Message Structure. This structure is used
// by the Local Security Authority to send commands to the Reference Monitor
// via the Reference Monitor Server Command LPC Port.
//
#define RmMinimumCommand RmAuditSetCommand
#define RmMaximumCommand RmDeleteLogonSession
//
// Keep this in sync with SEP_RM_COMMAND_WORKER in se\rmmain.c
//
typedef enum _RM_COMMAND_NUMBER {
RmDummyCommand = 0, RmAuditSetCommand, RmCreateLogonSession, RmDeleteLogonSession
} RM_COMMAND_NUMBER;
#define RM_MAXIMUM_COMMAND_PARAM_SIZE \
((ULONG) PORT_MAXIMUM_MESSAGE_LENGTH - sizeof(PORT_MESSAGE) - \ sizeof(RM_COMMAND_NUMBER))
typedef struct _RM_COMMAND_MESSAGE {
PORT_MESSAGE MessageHeader; RM_COMMAND_NUMBER CommandNumber; UCHAR CommandParams[RM_MAXIMUM_COMMAND_PARAM_SIZE];
} RM_COMMAND_MESSAGE, *PRM_COMMAND_MESSAGE;
//
// Reference Monitor Command Reply Message Structure.
//
#define RM_MAXIMUM_REPLY_BUFFER_SIZE \
((ULONG) PORT_MAXIMUM_MESSAGE_LENGTH - sizeof(PORT_MESSAGE) - \ sizeof(RM_COMMAND_NUMBER))
typedef struct _RM_REPLY_MESSAGE {
PORT_MESSAGE MessageHeader; NTSTATUS ReturnedStatus; UCHAR ReplyBuffer[RM_MAXIMUM_REPLY_BUFFER_SIZE];
} RM_REPLY_MESSAGE, *PRM_REPLY_MESSAGE;
#define RM_COMMAND_MESSAGE_HEADER_SIZE \
(sizeof(PORT_MESSAGE) + sizeof(NTSTATUS) + sizeof(RM_COMMAND_NUMBER))
//
// Local Security Authority Command Message Structure. This structure is
// used by the Reference Monitor to send commands to the Local Security
// Authority via the LSA Server Command LPC Port.
//
#define LsapMinimumCommand LsapWriteAuditMessageCommand
#define LsapMaximumCommand LsapLogonSessionDeletedCommand
typedef enum _LSA_COMMAND_NUMBER { LsapDummyCommand = 0, LsapWriteAuditMessageCommand, LsapComponentTestCommand, LsapLogonSessionDeletedCommand} LSA_COMMAND_NUMBER;
#define LSA_MAXIMUM_COMMAND_PARAM_SIZE \
((ULONG) PORT_MAXIMUM_MESSAGE_LENGTH - sizeof(PORT_MESSAGE) - \ sizeof(LSA_COMMAND_NUMBER) - sizeof(SEP_RM_LSA_MEMORY_TYPE))
typedef struct _LSA_COMMAND_MESSAGE { PORT_MESSAGE MessageHeader; LSA_COMMAND_NUMBER CommandNumber; SEP_RM_LSA_MEMORY_TYPE CommandParamsMemoryType; UCHAR CommandParams[LSA_MAXIMUM_COMMAND_PARAM_SIZE];} LSA_COMMAND_MESSAGE, *PLSA_COMMAND_MESSAGE;
//
// LSA Command Reply Message Structure.
//
#define LSA_MAXIMUM_REPLY_BUFFER_SIZE \
((ULONG) PORT_MAXIMUM_MESSAGE_LENGTH - sizeof(PORT_MESSAGE) - \ sizeof(LSA_COMMAND_NUMBER))
typedef struct _LSA_REPLY_MESSAGE { PORT_MESSAGE MessageHeader; NTSTATUS ReturnedStatus; UCHAR ReplyBuffer[LSA_MAXIMUM_REPLY_BUFFER_SIZE];} LSA_REPLY_MESSAGE, *PLSA_REPLY_MESSAGE;
//
// Command Parameter format for the special RmSendCommandToLsaCommand
//
typedef struct _RM_SEND_COMMAND_TO_LSA_PARAMS { LSA_COMMAND_NUMBER LsaCommandNumber; ULONG LsaCommandParamsLength; UCHAR LsaCommandParams[LSA_MAXIMUM_COMMAND_PARAM_SIZE];} RM_SEND_COMMAND_TO_LSA_PARAMS, *PRM_SEND_COMMAND_TO_LSA_PARAMS;
//
// Command Values for the LSA and RM Component Test Commands
//
#define LSA_CT_COMMAND_PARAM_VALUE 0x00823543
#define RM_CT_COMMAND_PARAM_VALUE 0x33554432
//
// Audit Record Pointer Field Type
//
typedef enum _SE_ADT_POINTER_FIELD_TYPE {
NullFieldType, UnicodeStringType, SidType, PrivilegeSetType, MiscFieldType
} SE_ADT_POINTER_FIELD_TYPE, *PSE_ADT_POINTER_FIELD_TYPE;
//
// Hardwired Audit Event Type counts
//
#define AuditEventMinType (AuditCategorySystem)
#define AuditEventMaxType (AuditCategoryAccountLogon)
#define POLICY_AUDIT_EVENT_TYPE_COUNT \
((ULONG) AuditEventMaxType - AuditEventMinType + 1)
#define LSARM_AUDIT_EVENT_OPTIONS_SIZE \
(((ULONG)(POLICY_AUDIT_EVENT_TYPE_COUNT) * sizeof (POLICY_AUDIT_EVENT_OPTIONS)))
//
// Self-Relative form of POLICY_AUDIT_EVENTS_INFO
//
typedef struct _LSARM_POLICY_AUDIT_EVENTS_INFO {
BOOLEAN AuditingMode; POLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions[POLICY_AUDIT_EVENT_TYPE_COUNT]; ULONG MaximumAuditEventCount;
} LSARM_POLICY_AUDIT_EVENTS_INFO, *PLSARM_POLICY_AUDIT_EVENTS_INFO;
//
// The following symbol defines the value containing whether or not we're supposed
// to crash when an audit fails. It is used in the se and lsasrv directories.
//
#define CRASH_ON_AUDIT_FAIL_VALUE L"CrashOnAuditFail"
//
// These are the possible values for the CrashOnAuditFail flag.
//
#define LSAP_CRASH_ON_AUDIT_FAIL 1
#define LSAP_ALLOW_ADIMIN_LOGONS_ONLY 2
#endif // _NTRMLSA_
|
