You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
876 lines
27 KiB
876 lines
27 KiB
/**********************************************************************/
|
|
/** Microsoft Windows NT **/
|
|
/** Copyright(c) Microsoft Corp., 1992 **/
|
|
/**********************************************************************/
|
|
|
|
/*
|
|
* This module contains the wrappers for LSA objects.
|
|
*
|
|
* Two Hierarchies are presented in this file.
|
|
*
|
|
* The first is the LSA_MEMORY hierarchy. These are a set of classes
|
|
* used to wrap the various structures returned by LSA Apis. This
|
|
* allows easy access to the members of each of the array of structures
|
|
* which LSA returns. Also, it automatically frees the memory
|
|
* allocated by LSA when the MT_MEMORY object is destructed. Clients will
|
|
* generally create the appropriate MEM object, and pass a pointer to
|
|
* it into the appropriate method of the desired LSA_OBJECT class.
|
|
*
|
|
* BASE
|
|
* |
|
|
* NT_MEMORY
|
|
* |
|
|
* LSA_MEMORY
|
|
* |
|
|
* +--------+-----------------------------------------------+
|
|
* | | | | |
|
|
* LSA_TRANSLATED_NAME_MEM | LSA_TRUST_INFO_MEM | LSA_AUDIT_EVENT_INFO_MEM
|
|
* | |
|
|
* LSA_REF_DOMAIN_MEM LSA_ACCT_DOM_INFO_MEM
|
|
* LSA_PRIMARY_DOM_INFO_MEM
|
|
*
|
|
* Second, the LSA_OBJECT hierarchy is a thin wrapper around the
|
|
* LSA apis. These classes store the appropriate LSA handle, and
|
|
* provide access to the SAM apis which operate on that handle.
|
|
*
|
|
* BASE
|
|
* |
|
|
* LSA_OBJECT
|
|
* |
|
|
* +-----------------------------------------+
|
|
* | | |
|
|
* LSA_POLICY LSA_SECRET LSA_TRUSTED_DOMAIN
|
|
*
|
|
*
|
|
* History
|
|
* thomaspa 03/03/92 Split from ntsam.hxx
|
|
* thomaspa 03/30/92 Code review changes
|
|
* DavidHov 04/10/92 Secret object, trusted
|
|
* domain and other added.
|
|
* Yi-HsinS 04/15/92 Add methods to retrieve info. about
|
|
* auditing
|
|
* Yi-HsinS 06/10/92 Removed LSA_AUDIT_FULL_SET_INFO
|
|
* and added method CheckIfShutDownOnFull
|
|
* and SetShutDownOnFull to LSA_POLICY
|
|
*/
|
|
|
|
#ifndef _UINTLSA_HXX_
|
|
#define _UINTLSA_HXX_
|
|
|
|
#include "uiassert.hxx"
|
|
#include "uintmem.hxx"
|
|
|
|
|
|
// Default access masks
|
|
#define DEF_LSA_POLICY_ACCESS GENERIC_EXECUTE
|
|
|
|
// Forward declarations
|
|
DLL_CLASS LSA_MEMORY ;
|
|
DLL_CLASS LSA_TRANSLATED_NAME_MEM ;
|
|
DLL_CLASS LSA_TRANSLATED_SID_MEM ;
|
|
DLL_CLASS LSA_TRUST_INFO_MEM ;
|
|
DLL_CLASS LSA_REF_DOMAIN_MEM ;
|
|
DLL_CLASS LSA_ACCT_DOM_INFO_MEM ;
|
|
DLL_CLASS LSA_PRIMARY_DOM_INFO_MEM ;
|
|
DLL_CLASS LSA_AUDIT_EVENT_INFO_MEM ;
|
|
DLL_CLASS LSA_OBJECT ;
|
|
DLL_CLASS LSA_POLICY ;
|
|
DLL_CLASS LSA_SERVER_ROLE_INFO_MEM ;
|
|
|
|
/**********************************************************\
|
|
|
|
NAME: LSA_MEMORY
|
|
|
|
SYNOPSIS: Specialized buffer object for storing data returned
|
|
from LSA APIs.
|
|
|
|
INTERFACE: LSA_MEMORY(): constructor
|
|
~LSA_MEMORY(): destructor
|
|
|
|
PARENT: NT_MEMORY
|
|
|
|
NOTES: This class supplies the FreeBuffer() method which
|
|
calls LsaFreeMemory() to free memory allocated by
|
|
LSA calls. FreeBuffer() is called by ~LSA_MEMORY().
|
|
|
|
HISTORY:
|
|
thomaspa 03/03/92 Created
|
|
DavidHov 04/10/92 Extended LSA_POLICY
|
|
DavidHov 04/10/92 Extended LSA_POLICY
|
|
|
|
\**********************************************************/
|
|
|
|
DLL_CLASS LSA_MEMORY : public NT_MEMORY
|
|
{
|
|
private:
|
|
BOOL _fOwnerAlloc;
|
|
|
|
protected:
|
|
LSA_MEMORY( BOOL fOwnerAlloc = FALSE );
|
|
~LSA_MEMORY();
|
|
|
|
/*
|
|
* Frees an LSA allocated buffer
|
|
*/
|
|
inline virtual void FreeBuffer()
|
|
{
|
|
if ( QueryBuffer() != NULL )
|
|
{
|
|
REQUIRE( ::LsaFreeMemory( QueryBuffer() ) == STATUS_SUCCESS );
|
|
}
|
|
}
|
|
public:
|
|
/*
|
|
* Frees the existing buffer and sets a new buffer and count of items
|
|
*/
|
|
inline virtual void Set( VOID * pvBuffer, ULONG cItems )
|
|
{
|
|
if ( !_fOwnerAlloc )
|
|
FreeBuffer();
|
|
NT_MEMORY::Set( pvBuffer, cItems );
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
/**********************************************************\
|
|
|
|
NAME: LSA_TRANSLATED_NAME_MEM (lsatnm)
|
|
|
|
SYNOPSIS: Wrapper for LSA_TRANSLATED_NAME
|
|
|
|
INTERFACE: (public)
|
|
LSA_TRANSLATED_NAME_MEM(): constructor
|
|
~LSA_TRANSLATED_NAME_MEM(): destructor
|
|
QueryName(): Query name (NLS_STR *)
|
|
QueryUse(); Query type of account (group/user/alias)
|
|
QueryDomainIndex(): Query index into LSA_REFERENCED_DOMAIN_LIST
|
|
and therefore LSA_REF_DOMAIN_MEM
|
|
|
|
|
|
PARENT: LSA_MEMORY
|
|
|
|
HISTORY:
|
|
thomaspa 02/27/92 Created
|
|
|
|
\**********************************************************/
|
|
DLL_CLASS LSA_TRANSLATED_NAME_MEM : public LSA_MEMORY
|
|
{
|
|
|
|
private:
|
|
/*
|
|
* Returns the ith UNICODE_STRING name in the buffer
|
|
*/
|
|
inline const UNICODE_STRING * QueryUnicodeName( ULONG i ) const
|
|
{
|
|
ASSERT( IsInRange( i ) );
|
|
return &(QueryPtr()[i].Name);
|
|
}
|
|
|
|
/*
|
|
* Returns a properly casted pointer to the buffer
|
|
*/
|
|
inline const LSA_TRANSLATED_NAME * QueryPtr() const
|
|
{
|
|
return (LSA_TRANSLATED_NAME *)QueryBuffer();
|
|
}
|
|
|
|
public:
|
|
LSA_TRANSLATED_NAME_MEM( BOOL fOwnerAlloc = FALSE );
|
|
~LSA_TRANSLATED_NAME_MEM();
|
|
|
|
/*
|
|
* returns the ith NLS_STR name in the buffer
|
|
*/
|
|
inline APIERR QueryName( ULONG i, NLS_STR *pnlsName ) const
|
|
{
|
|
ASSERT( pnlsName != NULL );
|
|
return pnlsName->MapCopyFrom( QueryUnicodeName( i )->Buffer,
|
|
QueryUnicodeName( i )->Length );
|
|
}
|
|
|
|
/*
|
|
* returns the ith SID_NAME_USE in the buffer
|
|
*/
|
|
inline SID_NAME_USE QueryUse( ULONG i ) const
|
|
{
|
|
ASSERT( IsInRange( i ) );
|
|
return QueryPtr()[i].Use;
|
|
}
|
|
|
|
/*
|
|
* returns the domain index for the ith item in the buffer
|
|
* This is the index into the corresponding REFERENCED_DOMAIN_LIST
|
|
*/
|
|
inline LONG QueryDomainIndex( ULONG i ) const
|
|
{
|
|
ASSERT( IsInRange( i ) );
|
|
return QueryPtr()[i].DomainIndex;
|
|
}
|
|
};
|
|
|
|
|
|
|
|
/**********************************************************\
|
|
|
|
NAME: LSA_TRANSLATED_SID_MEM (lsatsm)
|
|
|
|
SYNOPSIS: Wrapper for LSA_TRANSLATED_SID
|
|
|
|
INTERFACE: (public)
|
|
LSA_TRANSLATED_SID_MEM(): constructor
|
|
~LSA_TRANSLATED_SID_MEM(): destructor
|
|
QueryRID(): Query RID
|
|
QueryUse(); Query type of account (group/user/alias)
|
|
QueryDomainIndex(): Query index into LSA_REFERENCED_DOMAIN_LIST
|
|
and therefore LSA_REF_DOMAIN_MEM
|
|
|
|
|
|
PARENT: LSA_MEMORY
|
|
|
|
HISTORY:
|
|
thomaspa 02/27/92 Created
|
|
|
|
\**********************************************************/
|
|
DLL_CLASS LSA_TRANSLATED_SID_MEM : public LSA_MEMORY
|
|
{
|
|
|
|
private:
|
|
/*
|
|
* Returns a properly casted pointer to a LSA_TRANSLATED_SID
|
|
*/
|
|
inline const LSA_TRANSLATED_SID * QueryPtr() const
|
|
{
|
|
return (LSA_TRANSLATED_SID *)QueryBuffer();
|
|
}
|
|
|
|
public:
|
|
LSA_TRANSLATED_SID_MEM( BOOL fOwnerAlloc = FALSE );
|
|
~LSA_TRANSLATED_SID_MEM();
|
|
|
|
/*
|
|
* returns the RID for the ith entry in the buffer
|
|
*/
|
|
inline ULONG QueryRID( ULONG i ) const
|
|
{
|
|
ASSERT( IsInRange( i ) );
|
|
return QueryPtr()[i].RelativeId;
|
|
}
|
|
|
|
/*
|
|
* Returns the SID_NAME_USE for the ith entry in the buffer
|
|
*/
|
|
inline SID_NAME_USE QueryUse( ULONG i ) const
|
|
{
|
|
ASSERT( IsInRange( i ) );
|
|
return QueryPtr()[i].Use;
|
|
}
|
|
|
|
/*
|
|
* Returns the domain index for the ith entry in the buffer.
|
|
* This is the index into the corresponding REFERENCED_DOMAIN_LIST
|
|
*/
|
|
inline LONG QueryDomainIndex( ULONG i ) const
|
|
{
|
|
ASSERT( IsInRange( i ) );
|
|
return QueryPtr()[i].DomainIndex;
|
|
}
|
|
|
|
//
|
|
// Retrieves the index of the first name that we failed to lookup
|
|
//
|
|
// TRUE is returned if we found one, FALSE otherwise
|
|
// pi - Receives first failing index if TRUE is returned
|
|
//
|
|
BOOL QueryFailingNameIndex( ULONG * pi ) ;
|
|
};
|
|
|
|
/**********************************************************\
|
|
|
|
NAME: LSA_TRUST_INFO_MEM (lsatim)
|
|
|
|
SYNOPSIS: Wrapper for LSA_TRUST_INFORMATION
|
|
|
|
INTERFACE: LSA_TRUST_INFO_MEM(): constructor
|
|
~LSA_TRUST_INFO_MEM(): destructor
|
|
QueryPSID(): Query SID
|
|
QueryName(): Query the NLS_STR * name for the domain
|
|
|
|
|
|
PARENT: LSA_MEMORY
|
|
|
|
HISTORY:
|
|
thomaspa 02/27/92 Created
|
|
|
|
\**********************************************************/
|
|
DLL_CLASS LSA_TRUST_INFO_MEM : public LSA_MEMORY
|
|
{
|
|
public:
|
|
LSA_TRUST_INFO_MEM( BOOL fOwnerAlloc = FALSE );
|
|
~LSA_TRUST_INFO_MEM();
|
|
|
|
/*
|
|
* Returns a properly casted pointer to the buffer
|
|
*/
|
|
inline const LSA_TRUST_INFORMATION * QueryPtr() const
|
|
{
|
|
return (LSA_TRUST_INFORMATION *)QueryBuffer();
|
|
}
|
|
|
|
/*
|
|
* returns the UNICODE_STRING name for the ith entry in the buffer
|
|
*/
|
|
inline const UNICODE_STRING * QueryUnicodeName( ULONG i ) const
|
|
{
|
|
ASSERT( IsInRange( i ) );
|
|
return &(QueryPtr()[i].Name);
|
|
}
|
|
|
|
/*
|
|
* returns the PSID for the ith entry in the buffer
|
|
*/
|
|
inline PSID QueryPSID( ULONG i ) const
|
|
{
|
|
ASSERT( IsInRange( i ) );
|
|
return QueryPtr()[i].Sid;
|
|
}
|
|
|
|
/*
|
|
* returns the NLS_STR name for the ith entry in the buffer
|
|
*/
|
|
inline APIERR QueryName( ULONG i, NLS_STR *pnlsName ) const
|
|
{
|
|
ASSERT( pnlsName != NULL );
|
|
return pnlsName->MapCopyFrom( QueryUnicodeName( i )->Buffer,
|
|
QueryUnicodeName( i )->Length );
|
|
}
|
|
};
|
|
|
|
|
|
|
|
/**********************************************************\
|
|
|
|
NAME: LSA_REF_DOMAIN_MEM (lsardm)
|
|
|
|
SYNOPSIS: Wrapper for LSA_REFERENCED_DOMAIN_LIST
|
|
|
|
INTERFACE: LSA_REF_DOMAIN_MEM(): constructor
|
|
~LSA_REF_DOMAIN_MEM(): destructor
|
|
QueryPSID(): Query SID
|
|
QueryName(): Query the NLS_STR * name for the domain
|
|
|
|
|
|
|
|
PARENT: LSA_MEMORY
|
|
|
|
HISTORY:
|
|
thomaspa 02/27/92 Created
|
|
|
|
\**********************************************************/
|
|
DLL_CLASS LSA_REF_DOMAIN_MEM : public LSA_MEMORY
|
|
{
|
|
private:
|
|
/*
|
|
* Returns a properly casted pointer to a LSA_TRUST_INFORMATION
|
|
*
|
|
* NOTES: This returns a pointer to a LSA_TRUST_INFORMATION instead
|
|
* of a LSA_REFERENCED_DOMAIN_LIST. This is because the
|
|
* LSA_REFERENCED_DOMAIN_LIST begins with a count, followed by
|
|
* count LSA_TRUST_INFORMATION structs which contain the information
|
|
* we really want.
|
|
*/
|
|
inline const LSA_TRUST_INFORMATION * QueryPtr() const
|
|
{
|
|
return (PLSA_TRUST_INFORMATION)
|
|
(((PLSA_REFERENCED_DOMAIN_LIST)QueryBuffer())->Domains);
|
|
}
|
|
|
|
/*
|
|
* returns the UNICODE_STRING name for the ith entry in the buffer
|
|
*/
|
|
inline const UNICODE_STRING * QueryUnicodeName( ULONG i ) const
|
|
{
|
|
ASSERT( IsInRange( i ) );
|
|
return &(QueryPtr()[i].Name);
|
|
}
|
|
|
|
public:
|
|
LSA_REF_DOMAIN_MEM( BOOL fOwnerAlloc = FALSE );
|
|
~LSA_REF_DOMAIN_MEM();
|
|
|
|
/*
|
|
* Returns the PSID for the ith entry in the buffer
|
|
*/
|
|
inline PSID QueryPSID( ULONG i ) const
|
|
{
|
|
ASSERT( IsInRange( i ) );
|
|
return QueryPtr()[i].Sid;
|
|
}
|
|
|
|
/*
|
|
* Returns the NLS_STR name for the ith entry in the buffer
|
|
*/
|
|
inline APIERR QueryName( ULONG i, NLS_STR *pnlsName ) const
|
|
{
|
|
ASSERT( pnlsName != NULL );
|
|
return pnlsName->MapCopyFrom( QueryUnicodeName( i )->Buffer,
|
|
QueryUnicodeName( i )->Length );
|
|
}
|
|
};
|
|
|
|
|
|
|
|
|
|
/**********************************************************\
|
|
|
|
NAME: LSA_ACCT_DOM_INFO_MEM (lsaadim)
|
|
|
|
SYNOPSIS: Wrapper for POLICY_ACCOUNT_DOMAIN_INFO
|
|
|
|
INTERFACE: LSA_ACCT_DOM_INFO_MEM(): constructor
|
|
~LSA_ACCT_DOM_INFO_MEM(): destructor
|
|
QueryPSID(): Query SID
|
|
QueryName(): Query the NLS_STR * name for the domain
|
|
|
|
|
|
PARENT: LSA_MEMORY
|
|
|
|
NOTES: This MEM class is slightly different from the other
|
|
MEM classes in that it will only contain zero or one item. Thus,
|
|
the index is not needed for the accessors.
|
|
|
|
HISTORY:
|
|
thomaspa 02/27/92 Created
|
|
|
|
\**********************************************************/
|
|
DLL_CLASS LSA_ACCT_DOM_INFO_MEM : public LSA_MEMORY
|
|
{
|
|
public:
|
|
/*
|
|
* Returns a properly casted pointer the the buffer
|
|
*/
|
|
inline const POLICY_ACCOUNT_DOMAIN_INFO * QueryPtr() const
|
|
{
|
|
return (POLICY_ACCOUNT_DOMAIN_INFO *)QueryBuffer();
|
|
}
|
|
|
|
/*
|
|
* Returns the UNICODE_STRING name for the account domain
|
|
*/
|
|
inline const UNICODE_STRING * QueryUnicodeName() const
|
|
{
|
|
return &QueryPtr()->DomainName;
|
|
}
|
|
|
|
LSA_ACCT_DOM_INFO_MEM( BOOL fOwnerAlloc = FALSE );
|
|
~LSA_ACCT_DOM_INFO_MEM();
|
|
|
|
/*
|
|
* Returns the PSID of the account domain
|
|
*/
|
|
inline PSID QueryPSID() const
|
|
{
|
|
return QueryPtr()->DomainSid;
|
|
}
|
|
|
|
/*
|
|
* Returns the name of the accounts domain
|
|
*/
|
|
inline APIERR QueryName( NLS_STR *pnlsName ) const
|
|
{
|
|
ASSERT( pnlsName != NULL );
|
|
return pnlsName->MapCopyFrom( QueryUnicodeName( )->Buffer,
|
|
QueryUnicodeName( )->Length );
|
|
}
|
|
};
|
|
|
|
|
|
/**********************************************************\
|
|
|
|
NAME: LSA_PRIMARY_DOM_INFO_MEM (lsaprim)
|
|
|
|
SYNOPSIS: Wrapper for POLICY_PRIMARY_DOMAIN_INFO
|
|
|
|
INTERFACE: LSA_PRIMARY_DOM_INFO_MEM(): constructor
|
|
~LSA_PRIMARY_DOM_INFO_MEM(): destructor
|
|
QueryPSID(): Query SID
|
|
QueryName(): Query the NLS_STR * name for the domain
|
|
|
|
PARENT: LSA_MEMORY
|
|
|
|
NOTES: This MEM class is slightly different from the other
|
|
MEM classes in that it will only contain zero or one item. Thus,
|
|
the index is not needed for the accessors.
|
|
|
|
HISTORY:
|
|
Davidhov 4/9/92 Created
|
|
|
|
\**********************************************************/
|
|
DLL_CLASS LSA_PRIMARY_DOM_INFO_MEM : public LSA_MEMORY
|
|
{
|
|
public:
|
|
/*
|
|
* Returns a properly casted pointer the the buffer
|
|
*/
|
|
inline const POLICY_PRIMARY_DOMAIN_INFO * QueryPtr() const
|
|
{
|
|
return (POLICY_PRIMARY_DOMAIN_INFO *)QueryBuffer();
|
|
}
|
|
|
|
/*
|
|
* Returns the UNICODE_STRING name for the account domain
|
|
*/
|
|
inline const UNICODE_STRING * QueryUnicodeName() const
|
|
{
|
|
return &QueryPtr()->Name;
|
|
}
|
|
|
|
LSA_PRIMARY_DOM_INFO_MEM( BOOL fOwnerAlloc = FALSE );
|
|
~LSA_PRIMARY_DOM_INFO_MEM();
|
|
|
|
/*
|
|
* Returns the PSID of the account domain
|
|
*/
|
|
inline PSID QueryPSID() const
|
|
{
|
|
return QueryPtr()->Sid;
|
|
}
|
|
|
|
/*
|
|
* Returns the name of the accounts domain
|
|
*/
|
|
inline APIERR QueryName( NLS_STR *pnlsName ) const
|
|
{
|
|
ASSERT( pnlsName != NULL );
|
|
return pnlsName->MapCopyFrom( QueryUnicodeName( )->Buffer,
|
|
QueryUnicodeName( )->Length );
|
|
}
|
|
};
|
|
|
|
/**********************************************************\
|
|
|
|
NAME: LSA_SERVER_ROLE_INFO_MEM (lsasrim)
|
|
|
|
SYNOPSIS: Wrapper for POLICY_LSA_SERVER_ROLE_INFO
|
|
|
|
INTERFACE: LSA_SERVER_ROLE_INFO_MEM(): constructor
|
|
~LSA_SERVER_ROLE_INFO_MEM(): destructor
|
|
|
|
QueryPrimary(): Return TRUE if PDC
|
|
|
|
|
|
PARENT: LSA_MEMORY
|
|
|
|
NOTES:
|
|
|
|
HISTORY: Davidhov 5/16/92 Created
|
|
|
|
\**********************************************************/
|
|
DLL_CLASS LSA_SERVER_ROLE_INFO_MEM : public LSA_MEMORY
|
|
{
|
|
private:
|
|
POLICY_LSA_SERVER_ROLE_INFO * QueryUpdatePtr () const
|
|
{
|
|
return (POLICY_LSA_SERVER_ROLE_INFO *) QueryBuffer() ;
|
|
}
|
|
|
|
public:
|
|
/*
|
|
* Returns a properly casted pointer the the buffer
|
|
*/
|
|
const POLICY_LSA_SERVER_ROLE_INFO * QueryPtr () const
|
|
{
|
|
return (POLICY_LSA_SERVER_ROLE_INFO *) QueryBuffer();
|
|
}
|
|
|
|
BOOL QueryPrimary () const
|
|
{
|
|
return QueryPtr()->LsaServerRole == PolicyServerRolePrimary ;
|
|
}
|
|
|
|
VOID SetRole ( BOOL fPrimary )
|
|
{
|
|
QueryUpdatePtr()->LsaServerRole = fPrimary
|
|
? PolicyServerRolePrimary
|
|
: PolicyServerRoleBackup ;
|
|
}
|
|
|
|
LSA_SERVER_ROLE_INFO_MEM ( BOOL fOwnerAlloc = FALSE,
|
|
BOOL fPrimary = FALSE ) ;
|
|
|
|
~ LSA_SERVER_ROLE_INFO_MEM ();
|
|
};
|
|
|
|
|
|
/**********************************************************\
|
|
|
|
NAME: LSA_AUDIT_EVENT_INFO_MEM ( lsaaeim )
|
|
|
|
SYNOPSIS: Wrapper for POLICY_AUDIT_EVENTS_INFO
|
|
|
|
INTERFACE: LSA_AUDIT_EVENT_INFO_MEM(): constructor
|
|
~LSA_AUDIT_EVENT_INFO_MEM(): destructor
|
|
QueryPtr() : Query the pointer to the buffer
|
|
QueryAuditEventCount(): return the number of audit event types
|
|
QueryAuditOptions(): return the array of
|
|
POLICY_AUDIT_EVENT_OPTIONS
|
|
IsAuditingOn(): TRUE if auditing is on, FALSE otherwise
|
|
SetAuditingMode(): Set the auditing mode
|
|
|
|
PARENT: LSA_MEMORY
|
|
|
|
NOTES: This MEM class is slightly different from the other
|
|
MEM classes in that it will only contain zero or one item. Thus,
|
|
the index is not needed for the accessors.
|
|
|
|
HISTORY:
|
|
Yi-HsinS 04/01/92 Created
|
|
|
|
\**********************************************************/
|
|
|
|
DLL_CLASS LSA_AUDIT_EVENT_INFO_MEM : public LSA_MEMORY
|
|
{
|
|
public:
|
|
LSA_AUDIT_EVENT_INFO_MEM( BOOL fOwnerAlloc = FALSE );
|
|
~LSA_AUDIT_EVENT_INFO_MEM();
|
|
|
|
POLICY_AUDIT_EVENTS_INFO *QueryPtr() const
|
|
{ return (POLICY_AUDIT_EVENTS_INFO *) QueryBuffer(); }
|
|
|
|
ULONG QueryAuditEventCount( VOID ) const
|
|
{ return QueryPtr()->MaximumAuditEventCount; }
|
|
|
|
POLICY_AUDIT_EVENT_OPTIONS *QueryAuditingOptions( VOID )
|
|
{ return QueryPtr()->EventAuditingOptions; }
|
|
|
|
BOOL IsAuditingOn( VOID )
|
|
{ return QueryPtr()->AuditingMode; }
|
|
|
|
VOID SetAuditingMode( BOOL fAuditingMode )
|
|
{ QueryPtr()->AuditingMode = (fAuditingMode != FALSE); }
|
|
|
|
};
|
|
|
|
|
|
/**********************************************************\
|
|
|
|
NAME: LSA_OBJECT (lsaobj)
|
|
|
|
SYNOPSIS: Wrapper for LSA handle-based C++ objects.
|
|
|
|
INTERFACE: (protected)
|
|
LSA_OBJECT(): constructor
|
|
~LSA_OBJECT(): destructor
|
|
QueryHandle():
|
|
SetHandle():
|
|
|
|
PARENT: BASE
|
|
|
|
NOTE: This class must be subclassed. It simply provides
|
|
a wrapper for the LSA_HANDLE.
|
|
|
|
HISTORY:
|
|
thomaspa 02/20/92 Created
|
|
|
|
\**********************************************************/
|
|
DLL_CLASS LSA_OBJECT : public BASE
|
|
{
|
|
|
|
private:
|
|
LSA_HANDLE _hlsa;
|
|
BOOL _fHandleValid ;
|
|
|
|
protected:
|
|
LSA_OBJECT();
|
|
~LSA_OBJECT();
|
|
|
|
/*
|
|
* Sets the handle for a LSA_OBJECT. Should only be
|
|
* called once for any object
|
|
*/
|
|
inline void SetHandle( LSA_HANDLE hlsa )
|
|
{
|
|
ASSERT( !_fHandleValid );
|
|
ASSERT( hlsa != NULL );
|
|
_hlsa = hlsa;
|
|
_fHandleValid = TRUE ;
|
|
}
|
|
inline void ResetHandle ( )
|
|
{
|
|
_fHandleValid = FALSE ;
|
|
_hlsa = NULL ;
|
|
}
|
|
public:
|
|
|
|
// Returns TRUE if handle is present and valid
|
|
inline BOOL IsHandleValid () const
|
|
{ return _fHandleValid ; }
|
|
|
|
// Returns the LSA_HANDLE for this object
|
|
inline LSA_HANDLE QueryHandle() const
|
|
{
|
|
return _fHandleValid ? _hlsa : NULL ;
|
|
}
|
|
|
|
// Close (or delete) the handle and invalidate it.
|
|
APIERR CloseHandle ( BOOL fDelete = FALSE ) ;
|
|
} ;
|
|
|
|
|
|
|
|
/**********************************************************\
|
|
|
|
NAME: LSA_POLICY (lsapol)
|
|
|
|
SYNOPSIS: Wrapper for LSA Policy apis.
|
|
|
|
INTERFACE: (public)
|
|
LSA_POLICY(): constructor
|
|
~LSA_POLICY(): destructor
|
|
EnumerateTrustedDomains():
|
|
GetAccountDomain():
|
|
TranslateSidsToNames():
|
|
GetAuditEventInfo():
|
|
SetAuditEventInfo():
|
|
CheckIfShutDownOnFull():
|
|
SetShutDownOnFull():
|
|
|
|
PARENT: BASE
|
|
|
|
HISTORY:
|
|
thomaspa 03/05/92 Created
|
|
JohnL 03/08/92 Added TranslateNamesToSids
|
|
|
|
\**********************************************************/
|
|
enum LSPL_PROD_TYPE
|
|
{
|
|
LSPL_PROD_NONE,
|
|
LSPL_PROD_WIN_NT,
|
|
LSPL_PROD_LANMAN_NT,
|
|
LSPL_PROD_MAX
|
|
};
|
|
|
|
DLL_CLASS LSA_POLICY : public LSA_OBJECT
|
|
{
|
|
|
|
private:
|
|
LSPL_PROD_TYPE _lsplType ; // Cached product type
|
|
|
|
static APIERR MakeNetLogonSecretName ( NLS_STR * pnlsLogonName ) ;
|
|
static VOID InitObjectAttributes( POBJECT_ATTRIBUTES poa,
|
|
PSECURITY_QUALITY_OF_SERVICE psqos );
|
|
|
|
// Create the name of the shared secret depending upon its type
|
|
static APIERR MakeSecretName ( const NLS_STR & nlsDomainName,
|
|
BOOL fPrimary,
|
|
NLS_STR * pnlsSecretName ) ;
|
|
|
|
|
|
protected:
|
|
APIERR TcharArrayToUnistrArray( const TCHAR * const * apsz,
|
|
PUNICODE_STRING aUniStr,
|
|
ULONG cElements ) ;
|
|
void CleanupUnistrArray( PUNICODE_STRING aUniStr,
|
|
ULONG cElementsAllocated ) ;
|
|
|
|
APIERR DeleteAllTrustedDomains () ;
|
|
|
|
public:
|
|
LSA_POLICY( const TCHAR * pszServerName,
|
|
ACCESS_MASK accessDesired = DEF_LSA_POLICY_ACCESS );
|
|
~LSA_POLICY();
|
|
|
|
// Re/open the policy handle
|
|
APIERR Open ( const TCHAR * pszServerName,
|
|
ACCESS_MASK accessDesired = DEF_LSA_POLICY_ACCESS );
|
|
|
|
APIERR EnumerateTrustedDomains( LSA_TRUST_INFO_MEM * plsatim,
|
|
PLSA_ENUMERATION_HANDLE plsaenumh,
|
|
ULONG cbRequested = sizeof(LSA_TRUST_INFORMATION) * 1000 ) ;
|
|
|
|
APIERR GetAccountDomain( LSA_ACCT_DOM_INFO_MEM * plsaadim ) const ;
|
|
APIERR GetPrimaryDomain( LSA_PRIMARY_DOM_INFO_MEM * plsapdim ) const ;
|
|
|
|
// Set Primary and Account Domain information
|
|
APIERR SetAccountDomain( const LSA_ACCT_DOM_INFO_MEM * plsaadim ) ;
|
|
APIERR SetPrimaryDomain( const LSA_PRIMARY_DOM_INFO_MEM * plsapdim ) ;
|
|
|
|
// Set the name and/or SID of the primary or accounts domain
|
|
APIERR SetAccountDomainName ( const NLS_STR * pnlsDomainName,
|
|
const PSID * ppsidDomain = NULL ) ;
|
|
APIERR SetPrimaryDomainName ( const NLS_STR * pnlsDomainName,
|
|
const PSID * ppsidDomain = NULL ) ;
|
|
|
|
// Get/Set the server role
|
|
APIERR GetServerRole ( LSA_SERVER_ROLE_INFO_MEM * plsasrim ) const ;
|
|
APIERR SetServerRole ( const LSA_SERVER_ROLE_INFO_MEM * plsasrim ) ;
|
|
|
|
APIERR GetAuditEventInfo( LSA_AUDIT_EVENT_INFO_MEM *plsaaeim );
|
|
APIERR SetAuditEventInfo( LSA_AUDIT_EVENT_INFO_MEM *plsaaeim );
|
|
|
|
APIERR CheckIfShutDownOnFull( BOOL *pfShutDownOnFull );
|
|
APIERR SetShutDownOnFull( BOOL fShutDownOnFull = TRUE );
|
|
|
|
APIERR TranslateSidsToNames( const PSID *ppsids,
|
|
ULONG cSids,
|
|
LSA_TRANSLATED_NAME_MEM *plsatnm,
|
|
LSA_REF_DOMAIN_MEM *plsardm);
|
|
|
|
APIERR TranslateNamesToSids( const TCHAR * const * apszAccountNames,
|
|
ULONG cAccountNames,
|
|
LSA_TRANSLATED_SID_MEM * plsatsidmem,
|
|
LSA_REF_DOMAIN_MEM * plsardm ) ;
|
|
|
|
// Verify the usability of the LSA, and optionally the name
|
|
// of the primary domain. Also, if non-NULL, return primary
|
|
// domain information.
|
|
APIERR VerifyLsa ( LSA_PRIMARY_DOM_INFO_MEM * plsapdim,
|
|
const NLS_STR * pnlsDomainName ) const ;
|
|
|
|
// Return the product type of the local platform
|
|
static APIERR QueryProductType ( LSPL_PROD_TYPE * lsplProd ) ;
|
|
|
|
// Return other standard info
|
|
APIERR QueryCurrentUser ( NLS_STR * pnlsUserName ) const ;
|
|
APIERR QueryPrimaryDomainName ( NLS_STR * pnlsDomainName ) const ;
|
|
APIERR QueryPrimaryBrowserGroup ( NLS_STR * pnlsBrowserGroup ) const ;
|
|
|
|
// Modification routines
|
|
|
|
// Change the primary browser group
|
|
APIERR SetPrimaryBrowserGroup ( const NLS_STR & nlsBrowserGroup ) ;
|
|
|
|
// Establish a trust relationship with an extant domain;
|
|
// if the DC name is provide it executes faster.
|
|
APIERR TrustDomain ( const NLS_STR & nlsDomainName,
|
|
const PSID psid,
|
|
const NLS_STR & nlsPassword,
|
|
BOOL fAsPrimary = TRUE,
|
|
const TCHAR * pszTrustedDcHint = NULL,
|
|
BOOL fAsDc = FALSE ) ;
|
|
|
|
// Establish a trust relationshiop with the primary domain of
|
|
// the given DC.
|
|
APIERR TrustDomain ( LSA_POLICY & lsapolDC,
|
|
const NLS_STR & nlsPassword,
|
|
BOOL fAsPrimary = TRUE,
|
|
const TCHAR * pszTrustedDcHint = NULL ) ;
|
|
|
|
// Destroy an existing trust relationship.
|
|
APIERR DistrustDomain ( const PSID psid,
|
|
const NLS_STR & nlsDomain,
|
|
BOOL fAsPrimary = TRUE ) ;
|
|
|
|
// Join an extant domain as a workstation or member server
|
|
APIERR JoinDomain ( const NLS_STR & nlsDomainName,
|
|
const NLS_STR & nlsPassword,
|
|
BOOL fAsDc = FALSE,
|
|
const NLS_STR * pnlsDcName = NULL,
|
|
const TCHAR * pszTrustedDcHint = NULL ) ;
|
|
|
|
// Leave the primary domain
|
|
APIERR LeaveDomain () ;
|
|
};
|
|
|
|
#endif // _UINTLSA_HXX_
|