|
|
/*++ BUILD Version: 0001 // Increment this if a change has global effects
Copyright (c) 1991 Microsoft Corporation
Module Name:
db.h
Abstract:
LSA Database Exported Function Definitions, Datatypes and Defines
This module contains the LSA Database Routines that may be called by parts of the LSA outside the Database sub-component.
Author:
Scott Birrell (ScottBi) August 26, 1991
Environment:
Revision History:
--*/
#ifndef _LSA_DB_
#define _LSA_DB_
//
// Maximum Number of attributes in the various object types
//
#define LSAP_DB_ATTRS_POLICY ((ULONG) 0x00000010L)
#define LSAP_DB_ATTRS_ACCOUNT ((ULONG) 0x00000010L)
#define LSAP_DB_ATTRS_DOMAIN ((ULONG) 0x00000013L)
#define LSAP_DB_ATTRS_SECRET ((ULONG) 0x00000010L)
//
// Constants for matching options on Sid/Name lookup operations
//
#define LSAP_DB_MATCH_ON_SID ((ULONG) 0x00000001L)
#define LSAP_DB_MATCH_ON_NAME ((ULONG) 0x00000002L)
//
// Options for LsapDbLookupSidsInLocalDomains()
//
#define LSAP_DB_SEARCH_BUILT_IN_DOMAIN ((ULONG) 0x00000001L)
#define LSAP_DB_SEARCH_ACCOUNT_DOMAIN ((ULONG) 0x00000002L)
//
// Options for LsapDbMergeDisjointReferencedDomains
//
#define LSAP_DB_USE_FIRST_MERGAND_GRAPH ((ULONG) 0x00000001L)
#define LSAP_DB_USE_SECOND_MERGAND_GRAPH ((ULONG) 0x00000002L)
//
// Option for updating Policy Database
//
#define LSAP_DB_UPDATE_POLICY_DATABASE ((ULONG) 0x00000001L)
//
// Maximum number of attributes corresponding to a Policy Object
// Information Class
//
#define LSAP_DB_ATTRS_INFO_CLASS_POLICY ((ULONG) 0x00000007L)
//
// Maximum number of attributes corresponding to a Trusted Domain Object
// Information Class
//
#define LSAP_DB_ATTRS_INFO_CLASS_DOMAIN ((ULONG) 0x00000010L)
//
// Global variables
//
extern BOOLEAN LsapDbRequiresSidInfo[];extern BOOLEAN LsapDbRequiresNameInfo[];extern LSAPR_HANDLE LsapDbHandle;extern BOOLEAN LsapSetupWasRun;extern BOOLEAN LsapDatabaseSetupPerformed;extern NT_PRODUCT_TYPE LsapProductType;extern WORD LsapProductSuiteMask;extern BOOLEAN LsapDsIsRunning;extern BOOLEAN LsapDsWReplEnabled;
//
// Table of accesses required to query Policy Information. This table
// is indexed by Policy Information Class
//
extern ACCESS_MASK LsapDbRequiredAccessQueryPolicy[];extern ACCESS_MASK LsapDbRequiredAccessQueryDomainPolicy[];
//
// Table of accesses required to set Policy Information. This table
// is indexed by Policy Information Class
//
extern ACCESS_MASK LsapDbRequiredAccessSetPolicy[];extern ACCESS_MASK LsapDbRequiredAccessSetDomainPolicy[];
//
// Table of accesses required to query TrustedDomain Information. This table
// is indexed by TrustedDomain Information Class
//
extern ACCESS_MASK LsapDbRequiredAccessQueryTrustedDomain[];
//
// Table of accesses required to set TrustedDomain Information. This table
// is indexed by TrustedDomain Information Class
//
extern ACCESS_MASK LsapDbRequiredAccessSetTrustedDomain[];
//
// Maximum Handle Reference Count
//
#define LSAP_DB_MAXIMUM_REFERENCE_COUNT ((ULONG) 0x00001000L)
//
// Maximum handles per user logon id
// This was determined by taking the "interesting" access bits and generating possible
// permutations and using that. The interesting bits were determined to be:
// POLICY_VIEW_LOCAL_INFORMATION
// POLICY_VIEW_AUDIT_INFORMATION
// POLICY_TRUST_ADMIN
// POLICY_CREATE_ACCOUNT
// POLICY_CREATE_SECRET
// POLICY_LOOKUP_NAMES
// The possible combinations add up to 720 entries
#define LSAP_DB_MAXIMUM_HANDLES_PER_USER 0x000002D0
//
// Default Computer Name used for Policy Account Domain Info
//
#define LSAP_DB_DEFAULT_COMPUTER_NAME (L"MACHINENAME")
//
// Options for the LsaDbReferenceObject and LsaDbDereferenceObject
//
#define LSAP_DB_LOCK ((ULONG) 0x00000001L)
#define LSAP_DB_NO_LOCK ((ULONG) 0x00000002L)
#define LSAP_DB_OPENED_BY_ANONYMOUS ((ULONG) 0x00000004L)
#define LSAP_DB_START_TRANSACTION ((ULONG) 0x00000008L)
#define LSAP_DB_FINISH_TRANSACTION ((ULONG) 0x00000010L)
#define LSAP_DB_VALIDATE_HANDLE ((ULONG) 0x00000020L)
#define LSAP_DB_TRUSTED ((ULONG) 0x00000040L)
#define LSAP_DB_STANDALONE_REFERENCE ((ULONG) 0x00000080L)
#define LSAP_DB_DEREFERENCE_CONTR ((ULONG) 0x00000100L)
#define LSAP_DB_LOG_QUEUE_LOCK ((ULONG) 0x00001000L)
#define LSAP_DB_OMIT_REPLICATOR_NOTIFICATION ((ULONG) 0x00004000L)
#define LSAP_DB_USE_LPC_IMPERSONATE ((ULONG) 0x00008000L)
#define LSAP_DB_ADMIT_DELETED_OBJECT_HANDLES ((ULONG) 0x00010000L)
#define LSAP_DB_DS_NO_PARENT_OBJECT ((ULONG) 0x00080000L)
#define LSAP_DB_OBJECT_SCOPE_DS ((ULONG) 0x00100000L)
#define LSAP_DB_DS_TRUSTED_DOMAIN_AS_SECRET ((ULONG) 0x00400000L)
#define LSAP_DB_READ_ONLY_TRANSACTION ((ULONG) 0x01000000L)
#define LSAP_DB_DS_OP_TRANSACTION ((ULONG) 0x02000000L)
#define LSAP_DB_NO_DS_OP_TRANSACTION ((ULONG) 0x04000000L)
#define LSAP_DB_HANDLE_UPGRADE ((ULONG) 0x10000000L)
#define LSAP_DB_HANDLE_CREATED_SECRET ((ULONG) 0x20000000L)
#define LSAP_DB_SCE_POLICY_HANDLE ((ULONG) 0x40000000L)
#define LSAP_DB_STATE_MASK \
(LSAP_DB_LOCK | LSAP_DB_NO_LOCK | \ LSAP_DB_START_TRANSACTION | LSAP_DB_FINISH_TRANSACTION | \ LSAP_DB_LOG_QUEUE_LOCK | \ LSAP_DB_READ_ONLY_TRANSACTION | LSAP_DB_DS_OP_TRANSACTION | \ LSAP_DB_NO_DS_OP_TRANSACTION)
//
// Configuration Registry Root Key for Lsa Database. All Physical Object
// and Attribute Names are relative to this Key.
//
#define LSAP_DB_ROOT_REG_KEY_NAME L"\\Registry\\Machine\\Security"
//
// LSA Database Object Defines
//
#define LSAP_DB_OBJECT_OPEN FILE_OPEN
#define LSAP_DB_OBJECT_OPEN_IF FILE_OPEN_IF
#define LSAP_DB_OBJECT_CREATE FILE_CREATE
#define LSAP_DB_KEY_VALUE_MAX_LENGTH (0x00000040L)
#define LSAP_DB_LOGICAL_NAME_MAX_LENGTH (0x00000100L)
#define LSAP_DB_CREATE_OBJECT_IN_DS (0x00000200L)
#define LSAP_DB_CREATE_VALID_EXTENDED_FLAGS 0x00000600
//
// LSA Database Object SubKey Defines
//
#define LSAP_DB_SUBKEY_OPEN FILE_OPEN
#define LSAP_DB_SUBKEY_OPEN_IF FILE_OPEN_IF
#define LSAP_DB_SUBKEY_CREATE FILE_CREATE
//
// Growth Delta for Referenced Domain Lists
//
#define LSAP_DB_REF_DOMAIN_DELTA ((ULONG) 0x00000020L )
//
// Object options values for the object handles
//
#define LSAP_DB_OBJECT_SECRET_INTERNAL 0x00000001 // M$
#define LSAP_DB_OBJECT_SECRET_LOCAL 0x00000002 // L$
//
// The following data type is used in name and SID lookup services to
// describe the domains referenced in the lookup operation.
//
// WARNING! This is an internal version of LSA_REFERENCED_DOMAIN_LIST
// in ntlsa.h. It has an additional field, MaxEntries.
//
typedef struct _LSAP_DB_REFERENCED_DOMAIN_LIST {
ULONG Entries; PLSA_TRUST_INFORMATION Domains; ULONG MaxEntries;
} LSAP_DB_REFERENCED_DOMAIN_LIST, *PLSAP_DB_REFERENCED_DOMAIN_LIST;
// where members have the following usage:
//
// Entries - Is a count of the number of domains described in the
// Domains array.
//
// Domains - Is a pointer to an array of Entries LSA_TRUST_INFORMATION data
// structures.
//
// MaxEntries - Is the maximum number of entries that can be stored
// in the current array
/////////////////////////////////////////////////////////////////////////////
//
// LSA Database Object Types
//
/////////////////////////////////////////////////////////////////////////////
//
// Lsa Database Object Type
//
typedef enum _LSAP_DB_OBJECT_TYPE_ID {
NullObject = 0, PolicyObject, TrustedDomainObject, AccountObject, SecretObject, AllObject, NewTrustedDomainObject, DummyLastObject
} LSAP_DB_OBJECT_TYPE_ID, *PLSAP_DB_OBJECT_TYPE_ID;
//
// LSA Database Object Handle structure (Internal definition of LSAPR_HANDLE)
//
// Note that the Handle structure is public to clients of the Lsa Database
// exported functions, e.g server API workers) so that they can get at things
// like GrantedAccess.
//
// Access to all fields serialized by LsapDbHandleTableEx.TableLock
//
typedef struct _LSAP_DB_HANDLE {
struct _LSAP_DB_HANDLE *Next; struct _LSAP_DB_HANDLE *Previous; LIST_ENTRY UserHandleList; BOOLEAN Allocated; BOOLEAN SceHandle; // Sce Open Policy handle (opened with LsaOpenPolicySce)
BOOLEAN SceHandleChild; // Child handle of an Sce Open Policy Handle
ULONG ReferenceCount; UNICODE_STRING LogicalNameU; UNICODE_STRING PhysicalNameU; PSID Sid; HANDLE KeyHandle; LSAP_DB_OBJECT_TYPE_ID ObjectTypeId; struct _LSAP_DB_HANDLE *ContainerHandle; ACCESS_MASK DesiredAccess; ACCESS_MASK GrantedAccess; ACCESS_MASK RequestedAccess; BOOLEAN GenerateOnClose; BOOLEAN Trusted; BOOLEAN DeletedObject; BOOLEAN NetworkClient; ULONG Options; // New for the Ds
UNICODE_STRING PhysicalNameDs; BOOLEAN fWriteDs; ULONG ObjectOptions; PVOID UserEntry;#if DBG == 1
LARGE_INTEGER HandleCreateTime; LARGE_INTEGER HandleLastAccessTime;#endif
} *LSAP_DB_HANDLE, **PLSAP_DB_HANDLE;
//
// LSA Database Object Sid Enumeration Buffer
//
typedef struct _LSAP_DB_SID_ENUMERATION_BUFFER {
ULONG EntriesRead; PSID *Sids;
} LSAP_DB_SID_ENUMERATION_BUFFER, *PLSAP_DB_SID_ENUMERATION_BUFFER;
//
// LSA Database Object Name Enumeration Buffer
//
typedef struct _LSAP_DB_NAME_ENUMERATION_BUFFER {
ULONG EntriesRead; PUNICODE_STRING Names;
} LSAP_DB_NAME_ENUMERATION_BUFFER, *PLSAP_DB_NAME_ENUMERATION_BUFFER;
#define LSAP_DB_OBJECT_TYPE_COUNT 0x00000005L
//
// Default System Access assigned to Account objects
//
#define LSAP_DB_ACCOUNT_DEFAULT_SYS_ACCESS ((ULONG) 0L);
//
// LSA Database Account Object Information
//
typedef struct _LSAP_DB_ACCOUNT_INFORMATION {
QUOTA_LIMITS QuotaLimits; PRIVILEGE_SET Privileges;
} LSAP_DB_ACCOUNT_INFORMATION, *PLSAP_DB_ACCOUNT_INFORMATION;
//
// LSA Database Change Account Privilege Mode
//
typedef enum _LSAP_DB_CHANGE_PRIVILEGE_MODE {
AddPrivileges = 1, RemovePrivileges, SetPrivileges
} LSAP_DB_CHANGE_PRIVILEGE_MODE;
//
// Self-Relative Unicode String Structure.
//
//
// UNICODE_STRING_SR is used to store self-relative unicode strings in
// the database. Prior to Sundown, the UNICODE_STRING structure was used,
// overloading the "Buffer" field with a byte offset.
//
typedef struct _UNICODE_STRING_SR { USHORT Length; USHORT MaximumLength; ULONG Offset;
} UNICODE_STRING_SR, *PUNICODE_STRING_SR;
//
// LSA Database Object SubKey names in Unicode Form
//
typedef enum _LSAP_DB_NAMES {
SecDesc = 0, Privilgs, Sid, Name, AdminMod, OperMode, QuotaLim, DefQuota, PrDomain, Policy, Accounts, Domains, Secrets, CurrVal, OldVal, CupdTime, OupdTime, PolAdtLg, PolAdtEv, PolAcDmN, PolAcDmS, PolDnDDN, PolDnTrN, PolDnDmG, PolEfDat, PolPrDmN, PolPrDmS, PolPdAcN, PolRepSc, PolRepAc, PolRevision, PolMod, PolState, ActSysAc, TrDmName, TrDmTrPN, // Netbios name of trust partner
TrDmSid, TrDmAcN, TrDmCtN, TrDmPxOf, TrDmCtEn, TrDmTrTy, // Type of trust
TrDmTrDi, // Trust direction
TrDmTrLA, // Trust attributes
TrDmTrPr, // Trust partner
TrDmTrRt, // Trust root partner
TrDmSAI, // Auth inbound
TrDmSAO, // Auth outbound
TrDmForT, // Forest trust info
TrDmCrSid, // The SID of the creator
KerOpts, // Kerberos authentication options (e.g. POLICY_KERBEROS_VALIDATE_CLIENT)
KerMinT, // Kerberos: Maximum lifespan of a service (TGS) ticket
KerMaxT, // Kerberos: Maximum lifespan of a ticket-granting (TGT) ticket
KerMaxR, // Kerberos: Maximum length of time a TGT can be renewed
KerProxy, // Kerberos: Maximum allowed clock skew between client and KDC
KerLogoff, // Kerberos: unused
BhvrVers, // Behavior-Version
AuditLog, AuditLogMaxSize, AuditRecordRetentionPeriod, // Entries beyond this point don't correspond to real policy
// entries, but are pseudo entries only
PseudoSystemCritical, PolSecretEncryptionKey, XRefDnsRoot, // DNS name of cross-ref object
XRefNetbiosName, // NETBIOS name of cross-ref object
DummyLastName
} LSAP_DB_NAMES;
typedef struct _LSAP_DB_ACCOUNT_TYPE_SPECIFIC_INFO {
ULONG SystemAccess; QUOTA_LIMITS QuotaLimits; PPRIVILEGE_SET PrivilegeSet;
} LSAP_DB_ACCOUNT_TYPE_SPECIFIC_INFO, *PLSAP_DB_ACCOUNT_TYPE_SPECIFIC_INFO;
#ifdef __cplusplus
extern "C" {#endif // __cplusplus
extern UNICODE_STRING LsapDbNames[DummyLastName];extern UNICODE_STRING LsapDbObjectTypeNames[DummyLastObject];
//
// LSA Database Object Type-specific attribute names and values. If
// supplied on a call to LsapDbCreateObject, they will be stored with
// the object.
//
typedef enum _LSAP_DB_ATTRIB_TYPE {
LsapDbAttribUnknown = 0, LsapDbAttribUnicode, LsapDbAttribMultiUnicode, LsapDbAttribSid, LsapDbAttribGuid, LsapDbAttribULong, LsapDbAttribUShortAsULong, LsapDbAttribSecDesc, LsapDbAttribDsName, LsapDbAttribPByte, LsapDbAttribTime, LsapDbAttribDsNameAsUnicode, LsapDbAttribDsNameAsSid, LsapDbAttribIntervalAsULong
} LSAP_DB_ATTRIB_TYPE, *PLSAP_DB_ATTRIB_TYPE;
typedef struct _LSAP_DB_ATTRIBUTE {
PUNICODE_STRING AttributeName; PVOID AttributeValue; ULONG AttributeValueLength; BOOLEAN MemoryAllocated; BOOLEAN CanDefaultToZero; BOOLEAN PseudoAttribute; ULONG DsAttId; LSAP_DB_ATTRIB_TYPE AttribType; LSAP_DB_NAMES DbNameIndex;
} LSAP_DB_ATTRIBUTE, *PLSAP_DB_ATTRIBUTE;
typedef enum _LSAP_DB_DS_LOCATION {
LsapDsLocUnknown = 0, LsapDsLocRegistry, LsapDsLocDs, LsapDsLocDsLocalPolObj, LsapDsLocDsDomainPolObj, LsapDsLocLocalAndReg
} LSAP_DB_DS_LOCATION, *PLSAP_DB_DS_LOCATION;
typedef struct _LSAP_DB_DS_INFO {
ULONG AttributeId; LSAP_DB_ATTRIB_TYPE AttributeType; LSAP_DB_DS_LOCATION AttributeLocation;
} LSAP_DB_DS_INFO, *PLSAP_DB_DS_INFO;
//
// LSA Database Object General Information.
//
typedef struct _LSAP_DB_OBJECT_INFORMATION {
LSAP_DB_OBJECT_TYPE_ID ObjectTypeId; LSAP_DB_OBJECT_TYPE_ID ContainerTypeId; OBJECT_ATTRIBUTES ObjectAttributes; PLSAP_DB_ATTRIBUTE TypeSpecificAttributes; PSID Sid; BOOLEAN ObjectAttributeNameOnly; ULONG DesiredObjectAccess;
} LSAP_DB_OBJECT_INFORMATION, *PLSAP_DB_OBJECT_INFORMATION;
//
// New for the Ds integration
//
extern PLSAP_DB_DS_INFO LsapDbDsAttInfo;
//
// Installed, absolute minimum and absolute maximum Quota Limits.
//
extern QUOTA_LIMITS LsapDbInstalledQuotaLimits;extern QUOTA_LIMITS LsapDbAbsMinQuotaLimits;extern QUOTA_LIMITS LsapDbAbsMaxQuotaLimits;
//
// Required Ds data types
//
//
// This is the state of the machine with respect to the Ds. It will control
// some of the basic functionality of the Lsa APIs by determing who can write
// what where, etc...
//
typedef enum _LSADS_INIT_STATE {
LsapDsUnknown = 0, LsapDsNoDs, LsapDsDs, LsapDsDsMaintenance, LsapDsDsSetup
} LSADS_INIT_STATE, *PLSADS_INIT_STATE;
//
// LSA Database Exported Function Prototypes
//
// NOTE: These are callable only from the LSA
//
BOOLEANLsapDbIsServerInitialized( );
NTSTATUSLsapDbOpenPolicy( IN PLSAPR_SERVER_NAME SystemName OPTIONAL, IN OPTIONAL PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes, IN ACCESS_MASK DesiredAccess, IN ULONG Options, OUT PLSAPR_HANDLE PolicyHandle, IN BOOLEAN TrustedClient );
NTSTATUSLsapDbOpenTrustedDomain( IN LSAPR_HANDLE PolicyHandle, IN PSID TrustedDomainSid, IN ACCESS_MASK DesiredAccess, OUT PLSAPR_HANDLE TrustedDomainHandle, IN ULONG Options );
NTSTATUSLsapDbOpenTrustedDomainByName( IN LSAPR_HANDLE PolicyHandle OPTIONAL, IN PUNICODE_STRING TrustedDomainName, OUT PLSAPR_HANDLE TrustedDomainHandle, IN ULONG AccessMask, IN ULONG Options, IN BOOLEAN Trusted );
NTSTATUSLsapDbOpenObject( IN PLSAP_DB_OBJECT_INFORMATION ObjectInformation, IN ACCESS_MASK DesiredAccess, IN ULONG Options, OUT PLSAPR_HANDLE LsaHandle );
NTSTATUSLsapDbCreateObject( IN PLSAP_DB_OBJECT_INFORMATION ObjectInformation, IN ACCESS_MASK DesiredAccess, IN ULONG CreateDisposition, IN ULONG Options, IN OPTIONAL PLSAP_DB_ATTRIBUTE TypeSpecificAttributes, IN OUT ULONG *TypeSpecificAttributeCount, IN ULONG TypeSpecificAttributeAllocated, OUT PLSAPR_HANDLE LsaHandle );
NTSTATUSLsapCloseHandle( IN OUT LSAPR_HANDLE *ObjectHandle, IN NTSTATUS PreliminaryStatus );
NTSTATUSLsapDbCloseObject( IN PLSAPR_HANDLE ObjectHandle, IN ULONG Options, IN NTSTATUS PreliminaryStatus );
NTSTATUSLsapDbDeleteObject( IN LSAPR_HANDLE ObjectHandle );
NTSTATUSLsapDbReferenceObject( IN LSAPR_HANDLE ObjectHandle, IN ACCESS_MASK DesiredAccess, IN LSAP_DB_OBJECT_TYPE_ID HandleTypeId, IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId, IN ULONG Options );
NTSTATUSLsapDbDereferenceObject( IN OUT PLSAPR_HANDLE ObjectHandle, IN LSAP_DB_OBJECT_TYPE_ID HandleTypeId, IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId, IN ULONG Options, IN SECURITY_DB_DELTA_TYPE SecurityDbDeltaType, IN NTSTATUS PreliminaryStatus );
NTSTATUSLsapDbReadAttributeObject( IN LSAPR_HANDLE ObjectHandle, IN PUNICODE_STRING AttributeNameU, IN OPTIONAL PVOID AttributeValue, IN OUT PULONG AttributeValueLength );
NTSTATUSLsapDbReadAttributeObjectEx( IN LSAPR_HANDLE ObjectHandle, IN LSAP_DB_NAMES AttributeIndex, IN OPTIONAL PVOID AttributeValue, IN OUT PULONG AttributeValueLength, IN BOOLEAN CanDefaultToZero );
NTSTATUSLsapDbWriteAttributeObject( IN LSAPR_HANDLE ObjectHandle, IN PUNICODE_STRING AttributeNameU, IN PVOID AttributeValue, IN ULONG AttributeValueLength );
NTSTATUSLsapDbWriteAttributesObject( IN LSAPR_HANDLE ObjectHandle, IN PLSAP_DB_ATTRIBUTE Attributes, IN ULONG AttributeCount );
NTSTATUSLsapDbReadAttributesObject( IN LSAPR_HANDLE ObjectHandle, IN ULONG Options, IN OUT PLSAP_DB_ATTRIBUTE Attributes, IN ULONG AttributeCount );
NTSTATUSLsapDbDeleteAttributeObject( IN LSAPR_HANDLE ObjectHandle, IN PUNICODE_STRING AttributeNameU, IN BOOLEAN DeleteSecurely );
NTSTATUSLsapDbDeleteAttributesObject( IN LSAPR_HANDLE ObjectHandle, IN PLSAP_DB_ATTRIBUTE Attributes, IN ULONG AttributeCount );
NTSTATUSLsapDbOpenTransaction( IN ULONG Options );
NTSTATUSLsapDbApplyTransaction( IN LSAPR_HANDLE ObjectHandle, IN ULONG Options, IN SECURITY_DB_DELTA_TYPE SecurityDbDeltaType );
NTSTATUSLsapDbAbortTransaction( IN ULONG Options );
NTSTATUSLsapDbSidToLogicalNameObject( IN PSID Sid, OUT PUNICODE_STRING LogicalNameU );
NTSTATUSLsapDbChangePrivilegesAccount( IN LSAPR_HANDLE AccountHandle, IN LSAP_DB_CHANGE_PRIVILEGE_MODE ChangeMode, IN BOOLEAN AllPrivileges, IN OPTIONAL PPRIVILEGE_SET Privileges, IN BOOL LockSce );
NTSTATUSLsapDbEnumerateSids( IN LSAPR_HANDLE ContainerHandle, IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId, IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext, OUT PLSAP_DB_SID_ENUMERATION_BUFFER DbEnumerationBuffer, IN ULONG PreferedMaximumLength );
NTSTATUSLsapDbFindNextSid( IN LSAPR_HANDLE ContainerHandle, IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext, IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId, OUT PLSAPR_SID *NextSid );
NTSTATUSLsapDbEnumeratePrivileges( IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext, OUT PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer, IN ULONG PreferedMaximumLength );
NTSTATUSLsapDbEnumerateNames( IN LSAPR_HANDLE ContainerHandle, IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId, IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext, OUT PLSAP_DB_NAME_ENUMERATION_BUFFER DbEnumerationBuffer, IN ULONG PreferedMaximumLength );
NTSTATUSLsapDbFindNextName( IN LSAPR_HANDLE ContainerHandle, IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext, IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId, OUT PLSAPR_UNICODE_STRING Name );
VOIDLsapDbFreeEnumerationBuffer( IN PLSAP_DB_NAME_ENUMERATION_BUFFER DbEnumerationBuffer );
NTSTATUSLsapDbInitializeServer( IN ULONG Pass );
//
// These routines may someday migrate to Rtl runtime library. Their
// names have Lsap Prefixes only temporarily, so that they can be located
// easily.
//
// Options for LsapRtlAddPrivileges
#define RTL_COMBINE_PRIVILEGE_ATTRIBUTES ((ULONG) 0x00000001L)
#define RTL_SUPERSEDE_PRIVILEGE_ATTRIBUTES ((ULONG) 0x00000002L)
NTSTATUSLsapRtlAddPrivileges( IN OUT PPRIVILEGE_SET * RunningPrivileges, IN OUT PULONG MaxRunningPrivileges, IN PPRIVILEGE_SET PrivilegesToAdd, IN ULONG Options, OUT OPTIONAL BOOLEAN * Changed );
NTSTATUSLsapRtlRemovePrivileges( IN OUT PPRIVILEGE_SET ExistingPrivileges, IN PPRIVILEGE_SET PrivilegesToRemove );
PLUID_AND_ATTRIBUTESLsapRtlGetPrivilege( IN PLUID_AND_ATTRIBUTES Privilege, IN PPRIVILEGE_SET Privileges );
BOOLEANLsapRtlPrefixSid( IN PSID PrefixSid, IN PSID Sid );
ULONGLsapDbGetSizeTextSid( IN PSID Sid );
NTSTATUSLsapDbSidToTextSid( IN PSID Sid, OUT PSZ TextSid );
NTSTATUSLsapDbSidToUnicodeSid( IN PSID Sid, OUT PUNICODE_STRING SidU, IN BOOLEAN AllocateDestinationString );
NTSTATUSLsapDbInitializeWellKnownValues();
#if defined(REMOTE_BOOT)
VOIDLsapDbInitializeRemoteBootState();#endif // defined(REMOTE_BOOT)
NTSTATUSLsapDbVerifyInformationObject( IN PLSAP_DB_OBJECT_INFORMATION ObjectInformation );
/*++
BOOLEANLsapDbIsValidTypeObject( IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId )
Routine Description:
This macro function determines if a given Object Type Id is valid.
Arguments:
ObjectTypeId - Object Type Id.
Return Values:
BOOLEAN - TRUE if object type id is valid, else FALSE.
--*/
#define LsapDbIsValidTypeObject(ObjectTypeId) \
(((ObjectTypeId) > NullObject) && \ ((ObjectTypeId) < DummyLastObject))
NTSTATUSLsapDbVerifyInfoQueryPolicy( IN LSAPR_HANDLE PolicyHandle, IN POLICY_INFORMATION_CLASS InformationClass, OUT PACCESS_MASK RequiredAccess );
NTSTATUSLsapDbVerifyInfoSetPolicy( IN LSAPR_HANDLE PolicyHandle, IN POLICY_INFORMATION_CLASS InformationClass, IN PLSAPR_POLICY_INFORMATION PolicyInformation, OUT PACCESS_MASK RequiredAccess );
BOOLEANLsapDbValidInfoPolicy( IN POLICY_INFORMATION_CLASS InformationClass, IN OPTIONAL PLSAPR_POLICY_INFORMATION PolicyInformation );
NTSTATUSLsapDbVerifyInfoQueryTrustedDomain( IN TRUSTED_INFORMATION_CLASS InformationClass, IN BOOLEAN Trusted, OUT PACCESS_MASK RequiredAccess );
NTSTATUSLsapDbVerifyInfoSetTrustedDomain( IN TRUSTED_INFORMATION_CLASS InformationClass, IN PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation, IN BOOLEAN Trusted, OUT PACCESS_MASK RequiredAccess );
BOOLEANLsapDbValidInfoTrustedDomain( IN TRUSTED_INFORMATION_CLASS InformationClass, IN OPTIONAL PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation );
NTSTATUSLsapDbMakeUnicodeAttribute( IN OPTIONAL PUNICODE_STRING UnicodeValue, IN PUNICODE_STRING AttributeName, OUT PLSAP_DB_ATTRIBUTE Attribute );
VOIDLsapDbCopyUnicodeAttributeNoAlloc( OUT PUNICODE_STRING OutputString, IN PLSAP_DB_ATTRIBUTE Attribute, IN BOOLEAN SelfRelative );
NTSTATUSLsapDbCopyUnicodeAttribute( OUT PUNICODE_STRING OutputString, IN PLSAP_DB_ATTRIBUTE Attribute, IN BOOLEAN SelfRelative );
NTSTATUSLsapDbMakeSidAttribute( IN PSID Sid, IN PUNICODE_STRING AttributeName, OUT PLSAP_DB_ATTRIBUTE Attribute );
NTSTATUSLsapDbMakeGuidAttribute( IN GUID *Guid, IN PUNICODE_STRING AttributeName, OUT PLSAP_DB_ATTRIBUTE Attribute );
NTSTATUSLsapDbMakeUnicodeAttributeDs( IN OPTIONAL PUNICODE_STRING UnicodeValue, IN LSAP_DB_NAMES Name, OUT PLSAP_DB_ATTRIBUTE Attribute );
NTSTATUSLsapDbMakeSidAttributeDs( IN PSID Sid, IN IN LSAP_DB_NAMES Name, OUT PLSAP_DB_ATTRIBUTE Attribute );
NTSTATUSLsapDbMakeGuidAttributeDs( IN GUID *Guid, IN LSAP_DB_NAMES Name, OUT PLSAP_DB_ATTRIBUTE Attribute );
NTSTATUSLsapDbMakePByteAttributeDs( IN OPTIONAL PBYTE Buffer, IN ULONG BufferLength, IN LSAP_DB_ATTRIB_TYPE AttribType, IN PUNICODE_STRING AttributeName, OUT PLSAP_DB_ATTRIBUTE Attribute );
NTSTATUSLsapDbReadAttribute( IN LSAPR_HANDLE ObjectHandle, IN OUT PLSAP_DB_ATTRIBUTE Attribute );
NTSTATUSLsapDbFreeAttributes( IN ULONG Count, IN PLSAP_DB_ATTRIBUTE Attributes );
/*++
VOIDLsapDbInitializeAttribute( IN PLSAP_DB_ATTRIBUTE AttributeP, IN PUNICODE_STRING AttributeNameP, IN OPTIONAL PVOID AttributeValueP, IN ULONG AttributeValueLengthP, IN BOOLEAN MemoryAllocatedP )
Routine Description:
This macro function initialize an Lsa Database Object Attribute structure. No validation is done.
Arguments:
AttributeP - Pointer to Lsa Database Attribute structure to be initialized.
AttributeNameP - Pointer to Unicode String containing the attribute's name.
AttributeValueP - Pointer to the attribute's value. NULL may be specified.
AttributeValueLengthP - Length of the attribute's value in bytes.
MemoryAllocatedP - TRUE if memory is allocated by MIDL_user_allocate within the LSA Server code (not by RPC server stubs), else FALSE.
Return Values:
None.
--*/
#define LsapDbInitializeAttribute( \
AttributeP, \ AttributeNameP, \ AttributeValueP, \ AttributeValueLengthP, \ MemoryAllocatedP \ ) \ \{ \ (AttributeP)->AttributeName = AttributeNameP; \ (AttributeP)->AttributeValue = AttributeValueP; \ (AttributeP)->AttributeValueLength = AttributeValueLengthP; \ (AttributeP)->MemoryAllocated = MemoryAllocatedP; \ (AttributeP)->DsAttId = 0; \ (AttributeP)->AttribType = LsapDbAttribUnknown; \ (AttributeP)->CanDefaultToZero = FALSE; \ (AttributeP)->PseudoAttribute = FALSE; \}
/*++
VOIDLsapDbInitializeAttributeDs( IN PLSAP_DB_ATTRIBUTE AttributeP, IN LSAP_DB_NAMES Name, IN OPTIONAL PVOID AttributeValueP, IN ULONG AttributeValueLengthP, IN BOOLEAN MemoryAllocatedP )
Routine Description:
This macro function initialize an Lsa Database Object Attribute structure. No validation is done.
Arguments:
AttributeP - Pointer to Lsa Database Attribute structure to be initialized.
Name - Name index to create
AttributeValueP - Pointer to the attribute's value. NULL may be specified.
AttributeValueLengthP - Length of the attribute's value in bytes.
MemoryAllocatedP - TRUE if memory is allocated by MIDL_user_allocate within the LSA Server code (not by RPC server stubs), else FALSE.
Return Values:
None.
--*/#define LsapDbInitializeAttributeDs( \
AttributeP, \ Name, \ AttributeValueP, \ AttributeValueLengthP, \ MemoryAllocatedP \ ) \ \{ \ LsapDbInitializeAttribute( (AttributeP), &LsapDbNames[Name], \ AttributeValueP, AttributeValueLengthP, \ MemoryAllocatedP ); \ (AttributeP)->DsAttId = LsapDbDsAttInfo[Name].AttributeId; \ (AttributeP)->AttribType = LsapDbDsAttInfo[Name].AttributeType; \ (AttributeP)->CanDefaultToZero = FALSE; \ (AttributeP)->DbNameIndex = Name; \}
#define LsapDbAttributeCanNotExist( \
AttributeP \ ) \{ \ (AttributeP)->CanDefaultToZero = TRUE; \}
NTSTATUSLsapInitializeNotifiyList( VOID );
NTSTATUSLsapCrServerGetSessionKeySafe( IN LSAPR_HANDLE ObjectHandle, IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId, OUT PLSAP_CR_CIPHER_KEY *SessionKey );
NTSTATUSLsapDbVerifyHandle( IN LSAPR_HANDLE ObjectHandle, IN ULONG Options, IN LSAP_DB_OBJECT_TYPE_ID ExpectedObjectTypeId, IN BOOLEAN ReferenceHandle );
BOOLEANLsapDbDereferenceHandle( IN LSAPR_HANDLE ObjectHandle, IN BOOLEAN CalledInSuccessPath );
NTSTATUSLsapDbQueryAllInformationAccounts( IN LSAPR_HANDLE PolicyHandle, IN ULONG IdCount, IN PSID_AND_ATTRIBUTES Ids, OUT PLSAP_DB_ACCOUNT_TYPE_SPECIFIC_INFO AccountInfo );
NTSTATUSLsapCreateTrustedDomain2( IN LSAPR_HANDLE PolicyHandle, IN PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation, IN PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION AuthenticationInformation, IN ACCESS_MASK DesiredAccess, OUT PLSAPR_HANDLE TrustedDomainHandle );
NTSTATUSLsapDsInitializeDsStateInfo( IN LSADS_INIT_STATE DsInitState );
NTSTATUSLsapDsUnitializeDsStateInfo( );
/*++
BOOLEANLsapValidateLsaUnicodeString( IN PLSAPR_UNICODE_STRING UnicodeString );
Returns TRUE if the LSAPR_UNICODE_STRING is valid. FALSE otherwise--*/
#define LsapValidateLsaUnicodeString( _us_ ) \
(( (_us_) == NULL || \ ( \ (_us_)->MaximumLength >= ( _us_ )->Length && \ (_us_)->Length % 2 == 0 && \ (_us_)->MaximumLength % 2 == 0 && \ ((_us_)->Length == 0 || (_us_)->Buffer != NULL ) \ ) \) ? TRUE : FALSE )
/*++
BOOLEANLsapValidateLsaCipherValue( IN PLSAPR_UNICODE_STRING UnicodeString );
Returns TRUE if the LSAPR_CR_CIPHER_KEY is valid. FALSE otherwise--*/
#define LsapValidateLsaCipherValue( _us_ ) \
( \ (_us_)->MaximumLength >= ( _us_ )->Length && \ ((_us_)->Length == 0 || (_us_)->Buffer != NULL ) \ ) \? TRUE : FALSE
NTSTATUSLsapDbIsRpcClientNetworkClient( IN OUT PBOOLEAN IsNetworkClient );
BOOLEANLsapSidPresentInGroups( IN PTOKEN_GROUPS TokenGroups, IN SID * Sid );
NTSTATUSLsapDomainRenameHandlerForLogonSessions( IN PUNICODE_STRING OldNetbiosName, IN PUNICODE_STRING OldDnsName, IN PUNICODE_STRING NewNetbiosName, IN PUNICODE_STRING NewDnsName );
NTSTATUSLsapRetrieveDnsDomainNameFromHive( IN HKEY Hkey, IN OUT DWORD * Length, OUT WCHAR * Buffer );
#ifdef __cplusplus
}#endif // __cplusplus
#endif // _LSA_DB_
|
