Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

876 lines
27 KiB

  1. /**********************************************************************/
  2. /** Microsoft Windows NT **/
  3. /** Copyright(c) Microsoft Corp., 1992 **/
  4. /**********************************************************************/
  5. /*
  6. * This module contains the wrappers for LSA objects.
  7. *
  8. * Two Hierarchies are presented in this file.
  9. *
  10. * The first is the LSA_MEMORY hierarchy. These are a set of classes
  11. * used to wrap the various structures returned by LSA Apis. This
  12. * allows easy access to the members of each of the array of structures
  13. * which LSA returns. Also, it automatically frees the memory
  14. * allocated by LSA when the MT_MEMORY object is destructed. Clients will
  15. * generally create the appropriate MEM object, and pass a pointer to
  16. * it into the appropriate method of the desired LSA_OBJECT class.
  17. *
  18. * BASE
  19. * |
  20. * NT_MEMORY
  21. * |
  22. * LSA_MEMORY
  23. * |
  24. * +--------+-----------------------------------------------+
  25. * | | | | |
  26. * LSA_TRANSLATED_NAME_MEM | LSA_TRUST_INFO_MEM | LSA_AUDIT_EVENT_INFO_MEM
  27. * | |
  28. * LSA_REF_DOMAIN_MEM LSA_ACCT_DOM_INFO_MEM
  29. * LSA_PRIMARY_DOM_INFO_MEM
  30. *
  31. * Second, the LSA_OBJECT hierarchy is a thin wrapper around the
  32. * LSA apis. These classes store the appropriate LSA handle, and
  33. * provide access to the SAM apis which operate on that handle.
  34. *
  35. * BASE
  36. * |
  37. * LSA_OBJECT
  38. * |
  39. * +-----------------------------------------+
  40. * | | |
  41. * LSA_POLICY LSA_SECRET LSA_TRUSTED_DOMAIN
  42. *
  43. *
  44. * History
  45. * thomaspa 03/03/92 Split from ntsam.hxx
  46. * thomaspa 03/30/92 Code review changes
  47. * DavidHov 04/10/92 Secret object, trusted
  48. * domain and other added.
  49. * Yi-HsinS 04/15/92 Add methods to retrieve info. about
  50. * auditing
  51. * Yi-HsinS 06/10/92 Removed LSA_AUDIT_FULL_SET_INFO
  52. * and added method CheckIfShutDownOnFull
  53. * and SetShutDownOnFull to LSA_POLICY
  54. */
  55. #ifndef _UINTLSA_HXX_
  56. #define _UINTLSA_HXX_
  57. #include "uiassert.hxx"
  58. #include "uintmem.hxx"
  59. // Default access masks
  60. #define DEF_LSA_POLICY_ACCESS GENERIC_EXECUTE
  61. // Forward declarations
  62. DLL_CLASS LSA_MEMORY ;
  63. DLL_CLASS LSA_TRANSLATED_NAME_MEM ;
  64. DLL_CLASS LSA_TRANSLATED_SID_MEM ;
  65. DLL_CLASS LSA_TRUST_INFO_MEM ;
  66. DLL_CLASS LSA_REF_DOMAIN_MEM ;
  67. DLL_CLASS LSA_ACCT_DOM_INFO_MEM ;
  68. DLL_CLASS LSA_PRIMARY_DOM_INFO_MEM ;
  69. DLL_CLASS LSA_AUDIT_EVENT_INFO_MEM ;
  70. DLL_CLASS LSA_OBJECT ;
  71. DLL_CLASS LSA_POLICY ;
  72. DLL_CLASS LSA_SERVER_ROLE_INFO_MEM ;
  73. /**********************************************************\
  74. NAME: LSA_MEMORY
  75. SYNOPSIS: Specialized buffer object for storing data returned
  76. from LSA APIs.
  77. INTERFACE: LSA_MEMORY(): constructor
  78. ~LSA_MEMORY(): destructor
  79. PARENT: NT_MEMORY
  80. NOTES: This class supplies the FreeBuffer() method which
  81. calls LsaFreeMemory() to free memory allocated by
  82. LSA calls. FreeBuffer() is called by ~LSA_MEMORY().
  83. HISTORY:
  84. thomaspa 03/03/92 Created
  85. DavidHov 04/10/92 Extended LSA_POLICY
  86. DavidHov 04/10/92 Extended LSA_POLICY
  87. \**********************************************************/
  88. DLL_CLASS LSA_MEMORY : public NT_MEMORY
  89. {
  90. private:
  91. BOOL _fOwnerAlloc;
  92. protected:
  93. LSA_MEMORY( BOOL fOwnerAlloc = FALSE );
  94. ~LSA_MEMORY();
  95. /*
  96. * Frees an LSA allocated buffer
  97. */
  98. inline virtual void FreeBuffer()
  99. {
  100. if ( QueryBuffer() != NULL )
  101. {
  102. REQUIRE( ::LsaFreeMemory( QueryBuffer() ) == STATUS_SUCCESS );
  103. }
  104. }
  105. public:
  106. /*
  107. * Frees the existing buffer and sets a new buffer and count of items
  108. */
  109. inline virtual void Set( VOID * pvBuffer, ULONG cItems )
  110. {
  111. if ( !_fOwnerAlloc )
  112. FreeBuffer();
  113. NT_MEMORY::Set( pvBuffer, cItems );
  114. }
  115. };
  116. /**********************************************************\
  117. NAME: LSA_TRANSLATED_NAME_MEM (lsatnm)
  118. SYNOPSIS: Wrapper for LSA_TRANSLATED_NAME
  119. INTERFACE: (public)
  120. LSA_TRANSLATED_NAME_MEM(): constructor
  121. ~LSA_TRANSLATED_NAME_MEM(): destructor
  122. QueryName(): Query name (NLS_STR *)
  123. QueryUse(); Query type of account (group/user/alias)
  124. QueryDomainIndex(): Query index into LSA_REFERENCED_DOMAIN_LIST
  125. and therefore LSA_REF_DOMAIN_MEM
  126. PARENT: LSA_MEMORY
  127. HISTORY:
  128. thomaspa 02/27/92 Created
  129. \**********************************************************/
  130. DLL_CLASS LSA_TRANSLATED_NAME_MEM : public LSA_MEMORY
  131. {
  132. private:
  133. /*
  134. * Returns the ith UNICODE_STRING name in the buffer
  135. */
  136. inline const UNICODE_STRING * QueryUnicodeName( ULONG i ) const
  137. {
  138. ASSERT( IsInRange( i ) );
  139. return &(QueryPtr()[i].Name);
  140. }
  141. /*
  142. * Returns a properly casted pointer to the buffer
  143. */
  144. inline const LSA_TRANSLATED_NAME * QueryPtr() const
  145. {
  146. return (LSA_TRANSLATED_NAME *)QueryBuffer();
  147. }
  148. public:
  149. LSA_TRANSLATED_NAME_MEM( BOOL fOwnerAlloc = FALSE );
  150. ~LSA_TRANSLATED_NAME_MEM();
  151. /*
  152. * returns the ith NLS_STR name in the buffer
  153. */
  154. inline APIERR QueryName( ULONG i, NLS_STR *pnlsName ) const
  155. {
  156. ASSERT( pnlsName != NULL );
  157. return pnlsName->MapCopyFrom( QueryUnicodeName( i )->Buffer,
  158. QueryUnicodeName( i )->Length );
  159. }
  160. /*
  161. * returns the ith SID_NAME_USE in the buffer
  162. */
  163. inline SID_NAME_USE QueryUse( ULONG i ) const
  164. {
  165. ASSERT( IsInRange( i ) );
  166. return QueryPtr()[i].Use;
  167. }
  168. /*
  169. * returns the domain index for the ith item in the buffer
  170. * This is the index into the corresponding REFERENCED_DOMAIN_LIST
  171. */
  172. inline LONG QueryDomainIndex( ULONG i ) const
  173. {
  174. ASSERT( IsInRange( i ) );
  175. return QueryPtr()[i].DomainIndex;
  176. }
  177. };
  178. /**********************************************************\
  179. NAME: LSA_TRANSLATED_SID_MEM (lsatsm)
  180. SYNOPSIS: Wrapper for LSA_TRANSLATED_SID
  181. INTERFACE: (public)
  182. LSA_TRANSLATED_SID_MEM(): constructor
  183. ~LSA_TRANSLATED_SID_MEM(): destructor
  184. QueryRID(): Query RID
  185. QueryUse(); Query type of account (group/user/alias)
  186. QueryDomainIndex(): Query index into LSA_REFERENCED_DOMAIN_LIST
  187. and therefore LSA_REF_DOMAIN_MEM
  188. PARENT: LSA_MEMORY
  189. HISTORY:
  190. thomaspa 02/27/92 Created
  191. \**********************************************************/
  192. DLL_CLASS LSA_TRANSLATED_SID_MEM : public LSA_MEMORY
  193. {
  194. private:
  195. /*
  196. * Returns a properly casted pointer to a LSA_TRANSLATED_SID
  197. */
  198. inline const LSA_TRANSLATED_SID * QueryPtr() const
  199. {
  200. return (LSA_TRANSLATED_SID *)QueryBuffer();
  201. }
  202. public:
  203. LSA_TRANSLATED_SID_MEM( BOOL fOwnerAlloc = FALSE );
  204. ~LSA_TRANSLATED_SID_MEM();
  205. /*
  206. * returns the RID for the ith entry in the buffer
  207. */
  208. inline ULONG QueryRID( ULONG i ) const
  209. {
  210. ASSERT( IsInRange( i ) );
  211. return QueryPtr()[i].RelativeId;
  212. }
  213. /*
  214. * Returns the SID_NAME_USE for the ith entry in the buffer
  215. */
  216. inline SID_NAME_USE QueryUse( ULONG i ) const
  217. {
  218. ASSERT( IsInRange( i ) );
  219. return QueryPtr()[i].Use;
  220. }
  221. /*
  222. * Returns the domain index for the ith entry in the buffer.
  223. * This is the index into the corresponding REFERENCED_DOMAIN_LIST
  224. */
  225. inline LONG QueryDomainIndex( ULONG i ) const
  226. {
  227. ASSERT( IsInRange( i ) );
  228. return QueryPtr()[i].DomainIndex;
  229. }
  230. //
  231. // Retrieves the index of the first name that we failed to lookup
  232. //
  233. // TRUE is returned if we found one, FALSE otherwise
  234. // pi - Receives first failing index if TRUE is returned
  235. //
  236. BOOL QueryFailingNameIndex( ULONG * pi ) ;
  237. };
  238. /**********************************************************\
  239. NAME: LSA_TRUST_INFO_MEM (lsatim)
  240. SYNOPSIS: Wrapper for LSA_TRUST_INFORMATION
  241. INTERFACE: LSA_TRUST_INFO_MEM(): constructor
  242. ~LSA_TRUST_INFO_MEM(): destructor
  243. QueryPSID(): Query SID
  244. QueryName(): Query the NLS_STR * name for the domain
  245. PARENT: LSA_MEMORY
  246. HISTORY:
  247. thomaspa 02/27/92 Created
  248. \**********************************************************/
  249. DLL_CLASS LSA_TRUST_INFO_MEM : public LSA_MEMORY
  250. {
  251. public:
  252. LSA_TRUST_INFO_MEM( BOOL fOwnerAlloc = FALSE );
  253. ~LSA_TRUST_INFO_MEM();
  254. /*
  255. * Returns a properly casted pointer to the buffer
  256. */
  257. inline const LSA_TRUST_INFORMATION * QueryPtr() const
  258. {
  259. return (LSA_TRUST_INFORMATION *)QueryBuffer();
  260. }
  261. /*
  262. * returns the UNICODE_STRING name for the ith entry in the buffer
  263. */
  264. inline const UNICODE_STRING * QueryUnicodeName( ULONG i ) const
  265. {
  266. ASSERT( IsInRange( i ) );
  267. return &(QueryPtr()[i].Name);
  268. }
  269. /*
  270. * returns the PSID for the ith entry in the buffer
  271. */
  272. inline PSID QueryPSID( ULONG i ) const
  273. {
  274. ASSERT( IsInRange( i ) );
  275. return QueryPtr()[i].Sid;
  276. }
  277. /*
  278. * returns the NLS_STR name for the ith entry in the buffer
  279. */
  280. inline APIERR QueryName( ULONG i, NLS_STR *pnlsName ) const
  281. {
  282. ASSERT( pnlsName != NULL );
  283. return pnlsName->MapCopyFrom( QueryUnicodeName( i )->Buffer,
  284. QueryUnicodeName( i )->Length );
  285. }
  286. };
  287. /**********************************************************\
  288. NAME: LSA_REF_DOMAIN_MEM (lsardm)
  289. SYNOPSIS: Wrapper for LSA_REFERENCED_DOMAIN_LIST
  290. INTERFACE: LSA_REF_DOMAIN_MEM(): constructor
  291. ~LSA_REF_DOMAIN_MEM(): destructor
  292. QueryPSID(): Query SID
  293. QueryName(): Query the NLS_STR * name for the domain
  294. PARENT: LSA_MEMORY
  295. HISTORY:
  296. thomaspa 02/27/92 Created
  297. \**********************************************************/
  298. DLL_CLASS LSA_REF_DOMAIN_MEM : public LSA_MEMORY
  299. {
  300. private:
  301. /*
  302. * Returns a properly casted pointer to a LSA_TRUST_INFORMATION
  303. *
  304. * NOTES: This returns a pointer to a LSA_TRUST_INFORMATION instead
  305. * of a LSA_REFERENCED_DOMAIN_LIST. This is because the
  306. * LSA_REFERENCED_DOMAIN_LIST begins with a count, followed by
  307. * count LSA_TRUST_INFORMATION structs which contain the information
  308. * we really want.
  309. */
  310. inline const LSA_TRUST_INFORMATION * QueryPtr() const
  311. {
  312. return (PLSA_TRUST_INFORMATION)
  313. (((PLSA_REFERENCED_DOMAIN_LIST)QueryBuffer())->Domains);
  314. }
  315. /*
  316. * returns the UNICODE_STRING name for the ith entry in the buffer
  317. */
  318. inline const UNICODE_STRING * QueryUnicodeName( ULONG i ) const
  319. {
  320. ASSERT( IsInRange( i ) );
  321. return &(QueryPtr()[i].Name);
  322. }
  323. public:
  324. LSA_REF_DOMAIN_MEM( BOOL fOwnerAlloc = FALSE );
  325. ~LSA_REF_DOMAIN_MEM();
  326. /*
  327. * Returns the PSID for the ith entry in the buffer
  328. */
  329. inline PSID QueryPSID( ULONG i ) const
  330. {
  331. ASSERT( IsInRange( i ) );
  332. return QueryPtr()[i].Sid;
  333. }
  334. /*
  335. * Returns the NLS_STR name for the ith entry in the buffer
  336. */
  337. inline APIERR QueryName( ULONG i, NLS_STR *pnlsName ) const
  338. {
  339. ASSERT( pnlsName != NULL );
  340. return pnlsName->MapCopyFrom( QueryUnicodeName( i )->Buffer,
  341. QueryUnicodeName( i )->Length );
  342. }
  343. };
  344. /**********************************************************\
  345. NAME: LSA_ACCT_DOM_INFO_MEM (lsaadim)
  346. SYNOPSIS: Wrapper for POLICY_ACCOUNT_DOMAIN_INFO
  347. INTERFACE: LSA_ACCT_DOM_INFO_MEM(): constructor
  348. ~LSA_ACCT_DOM_INFO_MEM(): destructor
  349. QueryPSID(): Query SID
  350. QueryName(): Query the NLS_STR * name for the domain
  351. PARENT: LSA_MEMORY
  352. NOTES: This MEM class is slightly different from the other
  353. MEM classes in that it will only contain zero or one item. Thus,
  354. the index is not needed for the accessors.
  355. HISTORY:
  356. thomaspa 02/27/92 Created
  357. \**********************************************************/
  358. DLL_CLASS LSA_ACCT_DOM_INFO_MEM : public LSA_MEMORY
  359. {
  360. public:
  361. /*
  362. * Returns a properly casted pointer the the buffer
  363. */
  364. inline const POLICY_ACCOUNT_DOMAIN_INFO * QueryPtr() const
  365. {
  366. return (POLICY_ACCOUNT_DOMAIN_INFO *)QueryBuffer();
  367. }
  368. /*
  369. * Returns the UNICODE_STRING name for the account domain
  370. */
  371. inline const UNICODE_STRING * QueryUnicodeName() const
  372. {
  373. return &QueryPtr()->DomainName;
  374. }
  375. LSA_ACCT_DOM_INFO_MEM( BOOL fOwnerAlloc = FALSE );
  376. ~LSA_ACCT_DOM_INFO_MEM();
  377. /*
  378. * Returns the PSID of the account domain
  379. */
  380. inline PSID QueryPSID() const
  381. {
  382. return QueryPtr()->DomainSid;
  383. }
  384. /*
  385. * Returns the name of the accounts domain
  386. */
  387. inline APIERR QueryName( NLS_STR *pnlsName ) const
  388. {
  389. ASSERT( pnlsName != NULL );
  390. return pnlsName->MapCopyFrom( QueryUnicodeName( )->Buffer,
  391. QueryUnicodeName( )->Length );
  392. }
  393. };
  394. /**********************************************************\
  395. NAME: LSA_PRIMARY_DOM_INFO_MEM (lsaprim)
  396. SYNOPSIS: Wrapper for POLICY_PRIMARY_DOMAIN_INFO
  397. INTERFACE: LSA_PRIMARY_DOM_INFO_MEM(): constructor
  398. ~LSA_PRIMARY_DOM_INFO_MEM(): destructor
  399. QueryPSID(): Query SID
  400. QueryName(): Query the NLS_STR * name for the domain
  401. PARENT: LSA_MEMORY
  402. NOTES: This MEM class is slightly different from the other
  403. MEM classes in that it will only contain zero or one item. Thus,
  404. the index is not needed for the accessors.
  405. HISTORY:
  406. Davidhov 4/9/92 Created
  407. \**********************************************************/
  408. DLL_CLASS LSA_PRIMARY_DOM_INFO_MEM : public LSA_MEMORY
  409. {
  410. public:
  411. /*
  412. * Returns a properly casted pointer the the buffer
  413. */
  414. inline const POLICY_PRIMARY_DOMAIN_INFO * QueryPtr() const
  415. {
  416. return (POLICY_PRIMARY_DOMAIN_INFO *)QueryBuffer();
  417. }
  418. /*
  419. * Returns the UNICODE_STRING name for the account domain
  420. */
  421. inline const UNICODE_STRING * QueryUnicodeName() const
  422. {
  423. return &QueryPtr()->Name;
  424. }
  425. LSA_PRIMARY_DOM_INFO_MEM( BOOL fOwnerAlloc = FALSE );
  426. ~LSA_PRIMARY_DOM_INFO_MEM();
  427. /*
  428. * Returns the PSID of the account domain
  429. */
  430. inline PSID QueryPSID() const
  431. {
  432. return QueryPtr()->Sid;
  433. }
  434. /*
  435. * Returns the name of the accounts domain
  436. */
  437. inline APIERR QueryName( NLS_STR *pnlsName ) const
  438. {
  439. ASSERT( pnlsName != NULL );
  440. return pnlsName->MapCopyFrom( QueryUnicodeName( )->Buffer,
  441. QueryUnicodeName( )->Length );
  442. }
  443. };
  444. /**********************************************************\
  445. NAME: LSA_SERVER_ROLE_INFO_MEM (lsasrim)
  446. SYNOPSIS: Wrapper for POLICY_LSA_SERVER_ROLE_INFO
  447. INTERFACE: LSA_SERVER_ROLE_INFO_MEM(): constructor
  448. ~LSA_SERVER_ROLE_INFO_MEM(): destructor
  449. QueryPrimary(): Return TRUE if PDC
  450. PARENT: LSA_MEMORY
  451. NOTES:
  452. HISTORY: Davidhov 5/16/92 Created
  453. \**********************************************************/
  454. DLL_CLASS LSA_SERVER_ROLE_INFO_MEM : public LSA_MEMORY
  455. {
  456. private:
  457. POLICY_LSA_SERVER_ROLE_INFO * QueryUpdatePtr () const
  458. {
  459. return (POLICY_LSA_SERVER_ROLE_INFO *) QueryBuffer() ;
  460. }
  461. public:
  462. /*
  463. * Returns a properly casted pointer the the buffer
  464. */
  465. const POLICY_LSA_SERVER_ROLE_INFO * QueryPtr () const
  466. {
  467. return (POLICY_LSA_SERVER_ROLE_INFO *) QueryBuffer();
  468. }
  469. BOOL QueryPrimary () const
  470. {
  471. return QueryPtr()->LsaServerRole == PolicyServerRolePrimary ;
  472. }
  473. VOID SetRole ( BOOL fPrimary )
  474. {
  475. QueryUpdatePtr()->LsaServerRole = fPrimary
  476. ? PolicyServerRolePrimary
  477. : PolicyServerRoleBackup ;
  478. }
  479. LSA_SERVER_ROLE_INFO_MEM ( BOOL fOwnerAlloc = FALSE,
  480. BOOL fPrimary = FALSE ) ;
  481. ~ LSA_SERVER_ROLE_INFO_MEM ();
  482. };
  483. /**********************************************************\
  484. NAME: LSA_AUDIT_EVENT_INFO_MEM ( lsaaeim )
  485. SYNOPSIS: Wrapper for POLICY_AUDIT_EVENTS_INFO
  486. INTERFACE: LSA_AUDIT_EVENT_INFO_MEM(): constructor
  487. ~LSA_AUDIT_EVENT_INFO_MEM(): destructor
  488. QueryPtr() : Query the pointer to the buffer
  489. QueryAuditEventCount(): return the number of audit event types
  490. QueryAuditOptions(): return the array of
  491. POLICY_AUDIT_EVENT_OPTIONS
  492. IsAuditingOn(): TRUE if auditing is on, FALSE otherwise
  493. SetAuditingMode(): Set the auditing mode
  494. PARENT: LSA_MEMORY
  495. NOTES: This MEM class is slightly different from the other
  496. MEM classes in that it will only contain zero or one item. Thus,
  497. the index is not needed for the accessors.
  498. HISTORY:
  499. Yi-HsinS 04/01/92 Created
  500. \**********************************************************/
  501. DLL_CLASS LSA_AUDIT_EVENT_INFO_MEM : public LSA_MEMORY
  502. {
  503. public:
  504. LSA_AUDIT_EVENT_INFO_MEM( BOOL fOwnerAlloc = FALSE );
  505. ~LSA_AUDIT_EVENT_INFO_MEM();
  506. POLICY_AUDIT_EVENTS_INFO *QueryPtr() const
  507. { return (POLICY_AUDIT_EVENTS_INFO *) QueryBuffer(); }
  508. ULONG QueryAuditEventCount( VOID ) const
  509. { return QueryPtr()->MaximumAuditEventCount; }
  510. POLICY_AUDIT_EVENT_OPTIONS *QueryAuditingOptions( VOID )
  511. { return QueryPtr()->EventAuditingOptions; }
  512. BOOL IsAuditingOn( VOID )
  513. { return QueryPtr()->AuditingMode; }
  514. VOID SetAuditingMode( BOOL fAuditingMode )
  515. { QueryPtr()->AuditingMode = (fAuditingMode != FALSE); }
  516. };
  517. /**********************************************************\
  518. NAME: LSA_OBJECT (lsaobj)
  519. SYNOPSIS: Wrapper for LSA handle-based C++ objects.
  520. INTERFACE: (protected)
  521. LSA_OBJECT(): constructor
  522. ~LSA_OBJECT(): destructor
  523. QueryHandle():
  524. SetHandle():
  525. PARENT: BASE
  526. NOTE: This class must be subclassed. It simply provides
  527. a wrapper for the LSA_HANDLE.
  528. HISTORY:
  529. thomaspa 02/20/92 Created
  530. \**********************************************************/
  531. DLL_CLASS LSA_OBJECT : public BASE
  532. {
  533. private:
  534. LSA_HANDLE _hlsa;
  535. BOOL _fHandleValid ;
  536. protected:
  537. LSA_OBJECT();
  538. ~LSA_OBJECT();
  539. /*
  540. * Sets the handle for a LSA_OBJECT. Should only be
  541. * called once for any object
  542. */
  543. inline void SetHandle( LSA_HANDLE hlsa )
  544. {
  545. ASSERT( !_fHandleValid );
  546. ASSERT( hlsa != NULL );
  547. _hlsa = hlsa;
  548. _fHandleValid = TRUE ;
  549. }
  550. inline void ResetHandle ( )
  551. {
  552. _fHandleValid = FALSE ;
  553. _hlsa = NULL ;
  554. }
  555. public:
  556. // Returns TRUE if handle is present and valid
  557. inline BOOL IsHandleValid () const
  558. { return _fHandleValid ; }
  559. // Returns the LSA_HANDLE for this object
  560. inline LSA_HANDLE QueryHandle() const
  561. {
  562. return _fHandleValid ? _hlsa : NULL ;
  563. }
  564. // Close (or delete) the handle and invalidate it.
  565. APIERR CloseHandle ( BOOL fDelete = FALSE ) ;
  566. } ;
  567. /**********************************************************\
  568. NAME: LSA_POLICY (lsapol)
  569. SYNOPSIS: Wrapper for LSA Policy apis.
  570. INTERFACE: (public)
  571. LSA_POLICY(): constructor
  572. ~LSA_POLICY(): destructor
  573. EnumerateTrustedDomains():
  574. GetAccountDomain():
  575. TranslateSidsToNames():
  576. GetAuditEventInfo():
  577. SetAuditEventInfo():
  578. CheckIfShutDownOnFull():
  579. SetShutDownOnFull():
  580. PARENT: BASE
  581. HISTORY:
  582. thomaspa 03/05/92 Created
  583. JohnL 03/08/92 Added TranslateNamesToSids
  584. \**********************************************************/
  585. enum LSPL_PROD_TYPE
  586. {
  587. LSPL_PROD_NONE,
  588. LSPL_PROD_WIN_NT,
  589. LSPL_PROD_LANMAN_NT,
  590. LSPL_PROD_MAX
  591. };
  592. DLL_CLASS LSA_POLICY : public LSA_OBJECT
  593. {
  594. private:
  595. LSPL_PROD_TYPE _lsplType ; // Cached product type
  596. static APIERR MakeNetLogonSecretName ( NLS_STR * pnlsLogonName ) ;
  597. static VOID InitObjectAttributes( POBJECT_ATTRIBUTES poa,
  598. PSECURITY_QUALITY_OF_SERVICE psqos );
  599. // Create the name of the shared secret depending upon its type
  600. static APIERR MakeSecretName ( const NLS_STR & nlsDomainName,
  601. BOOL fPrimary,
  602. NLS_STR * pnlsSecretName ) ;
  603. protected:
  604. APIERR TcharArrayToUnistrArray( const TCHAR * const * apsz,
  605. PUNICODE_STRING aUniStr,
  606. ULONG cElements ) ;
  607. void CleanupUnistrArray( PUNICODE_STRING aUniStr,
  608. ULONG cElementsAllocated ) ;
  609. APIERR DeleteAllTrustedDomains () ;
  610. public:
  611. LSA_POLICY( const TCHAR * pszServerName,
  612. ACCESS_MASK accessDesired = DEF_LSA_POLICY_ACCESS );
  613. ~LSA_POLICY();
  614. // Re/open the policy handle
  615. APIERR Open ( const TCHAR * pszServerName,
  616. ACCESS_MASK accessDesired = DEF_LSA_POLICY_ACCESS );
  617. APIERR EnumerateTrustedDomains( LSA_TRUST_INFO_MEM * plsatim,
  618. PLSA_ENUMERATION_HANDLE plsaenumh,
  619. ULONG cbRequested = sizeof(LSA_TRUST_INFORMATION) * 1000 ) ;
  620. APIERR GetAccountDomain( LSA_ACCT_DOM_INFO_MEM * plsaadim ) const ;
  621. APIERR GetPrimaryDomain( LSA_PRIMARY_DOM_INFO_MEM * plsapdim ) const ;
  622. // Set Primary and Account Domain information
  623. APIERR SetAccountDomain( const LSA_ACCT_DOM_INFO_MEM * plsaadim ) ;
  624. APIERR SetPrimaryDomain( const LSA_PRIMARY_DOM_INFO_MEM * plsapdim ) ;
  625. // Set the name and/or SID of the primary or accounts domain
  626. APIERR SetAccountDomainName ( const NLS_STR * pnlsDomainName,
  627. const PSID * ppsidDomain = NULL ) ;
  628. APIERR SetPrimaryDomainName ( const NLS_STR * pnlsDomainName,
  629. const PSID * ppsidDomain = NULL ) ;
  630. // Get/Set the server role
  631. APIERR GetServerRole ( LSA_SERVER_ROLE_INFO_MEM * plsasrim ) const ;
  632. APIERR SetServerRole ( const LSA_SERVER_ROLE_INFO_MEM * plsasrim ) ;
  633. APIERR GetAuditEventInfo( LSA_AUDIT_EVENT_INFO_MEM *plsaaeim );
  634. APIERR SetAuditEventInfo( LSA_AUDIT_EVENT_INFO_MEM *plsaaeim );
  635. APIERR CheckIfShutDownOnFull( BOOL *pfShutDownOnFull );
  636. APIERR SetShutDownOnFull( BOOL fShutDownOnFull = TRUE );
  637. APIERR TranslateSidsToNames( const PSID *ppsids,
  638. ULONG cSids,
  639. LSA_TRANSLATED_NAME_MEM *plsatnm,
  640. LSA_REF_DOMAIN_MEM *plsardm);
  641. APIERR TranslateNamesToSids( const TCHAR * const * apszAccountNames,
  642. ULONG cAccountNames,
  643. LSA_TRANSLATED_SID_MEM * plsatsidmem,
  644. LSA_REF_DOMAIN_MEM * plsardm ) ;
  645. // Verify the usability of the LSA, and optionally the name
  646. // of the primary domain. Also, if non-NULL, return primary
  647. // domain information.
  648. APIERR VerifyLsa ( LSA_PRIMARY_DOM_INFO_MEM * plsapdim,
  649. const NLS_STR * pnlsDomainName ) const ;
  650. // Return the product type of the local platform
  651. static APIERR QueryProductType ( LSPL_PROD_TYPE * lsplProd ) ;
  652. // Return other standard info
  653. APIERR QueryCurrentUser ( NLS_STR * pnlsUserName ) const ;
  654. APIERR QueryPrimaryDomainName ( NLS_STR * pnlsDomainName ) const ;
  655. APIERR QueryPrimaryBrowserGroup ( NLS_STR * pnlsBrowserGroup ) const ;
  656. // Modification routines
  657. // Change the primary browser group
  658. APIERR SetPrimaryBrowserGroup ( const NLS_STR & nlsBrowserGroup ) ;
  659. // Establish a trust relationship with an extant domain;
  660. // if the DC name is provide it executes faster.
  661. APIERR TrustDomain ( const NLS_STR & nlsDomainName,
  662. const PSID psid,
  663. const NLS_STR & nlsPassword,
  664. BOOL fAsPrimary = TRUE,
  665. const TCHAR * pszTrustedDcHint = NULL,
  666. BOOL fAsDc = FALSE ) ;
  667. // Establish a trust relationshiop with the primary domain of
  668. // the given DC.
  669. APIERR TrustDomain ( LSA_POLICY & lsapolDC,
  670. const NLS_STR & nlsPassword,
  671. BOOL fAsPrimary = TRUE,
  672. const TCHAR * pszTrustedDcHint = NULL ) ;
  673. // Destroy an existing trust relationship.
  674. APIERR DistrustDomain ( const PSID psid,
  675. const NLS_STR & nlsDomain,
  676. BOOL fAsPrimary = TRUE ) ;
  677. // Join an extant domain as a workstation or member server
  678. APIERR JoinDomain ( const NLS_STR & nlsDomainName,
  679. const NLS_STR & nlsPassword,
  680. BOOL fAsDc = FALSE,
  681. const NLS_STR * pnlsDcName = NULL,
  682. const TCHAR * pszTrustedDcHint = NULL ) ;
  683. // Leave the primary domain
  684. APIERR LeaveDomain () ;
  685. };
  686. #endif // _UINTLSA_HXX_