windows-server-2003/ds/security/azroles/azper.h

/*++

Copyright (c) 2001  Microsoft Corporation

Module Name:

    azper.h

Abstract:

    Describe the interface between a persistence provider and the persistence engine.

Author:

    Cliff Van Dyke (cliffv) 3-Dec-2001

--*/

#ifndef _AZPER_H_
#define _AZ_H_

#ifdef __cplusplus
extern "C" {
#endif


/////////////////////////////////////////////////////////////////////////////
//
// Structure definitions
//
/////////////////////////////////////////////////////////////////////////////

//
// Handle to various objects passed to/from the persistence provider
//

#if DBG // Do stronger type checking on debug builds
typedef struct {
} *AZPE_OBJECT_HANDLE;
#else //DBG
typedef PVOID AZPE_OBJECT_HANDLE;
#endif //DBG

//
// Opaque context returned by *PersistOpen
//

#if DBG // Do stronger type checking on debug builds
typedef struct {
} *AZPE_PERSIST_CONTEXT;
#else //DBG
typedef PVOID AZPE_PERSIST_CONTEXT;
#endif //DBG
typedef AZPE_PERSIST_CONTEXT *PAZPE_PERSIST_CONTEXT;

//
// Structure defining a GUID and the operation that was performed on a GUID
//

typedef struct _AZP_DELTA_ENTRY {

    // Operation that was performed
    ULONG DeltaFlags;
#define AZP_DELTA_ADD              0x0001   // Delta was an add and not a remove
#define AZP_DELTA_SID              0x0002   // Delta is for a SID and not a GUID
#define AZP_DELTA_PERSIST_PROVIDER 0x0004   // Delta was created by the persist provider and not the app

    // Guid the operation was performed on
    union {
        GUID Guid;
        PSID Sid; // AZP_DELTA_SID is set
    };

} AZP_DELTA_ENTRY, *PAZP_DELTA_ENTRY;

//
// Generic structures to hold rights for policy admins/readers or
// delegated policy users
//

typedef struct _AZP_POLICY_USER_RIGHTS {

    //
    // Mask
    //

    ULONG lUserRightsMask;

    //
    // Flags
    //

    ULONG lUserRightsFlags;

} AZP_POLICY_USER_RIGHTS, *PAZP_POLICY_USER_RIGHTS;

/////////////////////////////////////////////////////////////////////////////
//
// #define definitions
//
/////////////////////////////////////////////////////////////////////////////

//
// Registry location where the provider registers itself
//
// The Dll implementing the provider should be in a value named
//      AZ_REGISTRY_PROVIDER_KEY_NAME\\<PolicyUrlPrefix>\\AZ_REGISTRY_PROVIDER_DLL_VALUE_NAME
// where <PolicyUrlPrefix> is the characters before the : in the policy url passed to Initialize
//

#define AZ_REGISTRY_KEY_NAME L"SYSTEM\\CurrentControlSet\\Control\\LSA\\AzRoles"
#define AZ_REGISTRY_PROVIDER_KEY_NAME (AZ_REGISTRY_KEY_NAME L"\\Providers")
#define AZ_REGISTRY_PROVIDER_KEY_NAME_LEN ((sizeof(AZ_REGISTRY_PROVIDER_KEY_NAME)/sizeof(WCHAR))-1)
#define AZ_REGISTRY_PROVIDER_DLL_VALUE_NAME L"ProviderDll"

//
// Definition of dirty bits returned from AzpeDirtyBits
//
// Generic bits that apply to all objects (or to several objects)
//
// policy readers and admins for AzAuthorizationStore, AzApplication and AzScope
// objects.  Also delegated policy users applied to AzAuthorizationStore and
// AzApplication objects
#define AZ_DIRTY_NAME                               0x80000000
#define AZ_DIRTY_DESCRIPTION                        0x40000000
#define AZ_DIRTY_APPLY_STORE_SACL                   0x20000000
// Object is dirty because it has been created
#define AZ_DIRTY_CREATE                             0x10000000
#define AZ_DIRTY_DELEGATED_POLICY_USERS             0x08000000
#define AZ_DIRTY_POLICY_ADMINS                      0x04000000
#define AZ_DIRTY_POLICY_READERS                     0x02000000
#define AZ_DIRTY_APPLICATION_DATA                   0x01000000
#define AZ_DIRTY_GENERATE_AUDITS                    0x00100000

// Common attributes that apply to all objects
#define AZ_DIRTY_COMMON_ATTRS                       0xC1000000

// Object specific bits that apply to individual objects
#define AZ_DIRTY_OBJECT_SPECIFIC                    0x000FFFFF


#define AZ_DIRTY_AZSTORE_DOMAIN_TIMEOUT               0x00000100
#define AZ_DIRTY_AZSTORE_SCRIPT_ENGINE_TIMEOUT        0x00000200
#define AZ_DIRTY_AZSTORE_MAX_SCRIPT_ENGINES           0x00000400
#define AZ_DIRTY_AZSTORE_MAJOR_VERSION                0x00000800
#define AZ_DIRTY_AZSTORE_MINOR_VERSION                0x00001000
#define AZ_DIRTY_AZSTORE_ALL_SCALAR                  (0x00000700 | AZ_DIRTY_APPLICATION_DATA | AZ_DIRTY_DESCRIPTION | AZ_DIRTY_GENERATE_AUDITS | AZ_DIRTY_APPLY_STORE_SACL | AZ_DIRTY_AZSTORE_MAJOR_VERSION | AZ_DIRTY_AZSTORE_MINOR_VERSION )
#define AZ_DIRTY_AZSTORE_ALL                         (0x00000000 | AZ_DIRTY_AZSTORE_ALL_SCALAR | AZ_DIRTY_DELEGATED_POLICY_USERS | AZ_DIRTY_POLICY_ADMINS | AZ_DIRTY_POLICY_READERS | AZ_DIRTY_CREATE)

#define AZ_DIRTY_OPERATION_ID                       0x00000001
#define AZ_DIRTY_OPERATION_ALL_SCALAR              (0x00000001 | AZ_DIRTY_APPLICATION_DATA | AZ_DIRTY_NAME | AZ_DIRTY_DESCRIPTION  )
#define AZ_DIRTY_OPERATION_ALL                     (AZ_DIRTY_OPERATION_ALL_SCALAR | AZ_DIRTY_CREATE)

#define AZ_DIRTY_TASK_OPERATIONS                    0x00000001
#define AZ_DIRTY_TASK_TASKS                         0x00000002
#define AZ_DIRTY_TASK_BIZRULE                       0x00000100
#define AZ_DIRTY_TASK_BIZRULE_LANGUAGE              0x00000200
#define AZ_DIRTY_TASK_BIZRULE_IMPORTED_PATH         0x00000400
#define AZ_DIRTY_TASK_IS_ROLE_DEFINITION            0x00000800
#define AZ_DIRTY_TASK_ALL_SCALAR                   (0x00000F00 | AZ_DIRTY_APPLICATION_DATA | AZ_DIRTY_NAME | AZ_DIRTY_DESCRIPTION  )
#define AZ_DIRTY_TASK_ALL                          (0x00000003 | AZ_DIRTY_TASK_ALL_SCALAR | AZ_DIRTY_CREATE)

#define AZ_DIRTY_SCOPE_ALL_SCALAR                  (0x00000000 | AZ_DIRTY_APPLICATION_DATA | AZ_DIRTY_NAME | AZ_DIRTY_DESCRIPTION | AZ_DIRTY_APPLY_STORE_SACL )
#define AZ_DIRTY_SCOPE_ALL                         (0x00000000 | AZ_DIRTY_SCOPE_ALL_SCALAR | AZ_DIRTY_POLICY_ADMINS | AZ_DIRTY_POLICY_READERS | AZ_DIRTY_CREATE)

#define AZ_DIRTY_GROUP_APP_MEMBERS                  0x00000001
#define AZ_DIRTY_GROUP_APP_NON_MEMBERS              0x00000002
#define AZ_DIRTY_GROUP_MEMBERS                      0x00000004
#define AZ_DIRTY_GROUP_NON_MEMBERS                  0x00000008
#define AZ_DIRTY_GROUP_TYPE                         0x00000100
#define AZ_DIRTY_GROUP_LDAP_QUERY                   0x00000200
#define AZ_DIRTY_GROUP_ALL_SCALAR                  (0x00000300 | AZ_DIRTY_NAME | AZ_DIRTY_DESCRIPTION  )
#define AZ_DIRTY_GROUP_ALL                         (0x0000000F | AZ_DIRTY_GROUP_ALL_SCALAR | AZ_DIRTY_CREATE)

#define AZ_DIRTY_ROLE_APP_MEMBERS                   0x00000001
#define AZ_DIRTY_ROLE_MEMBERS                       0x00000002
#define AZ_DIRTY_ROLE_OPERATIONS                    0x00000004
#define AZ_DIRTY_ROLE_TASKS                         0x00000008
#define AZ_DIRTY_ROLE_ALL_SCALAR                   (0x00000000 | AZ_DIRTY_APPLICATION_DATA | AZ_DIRTY_NAME | AZ_DIRTY_DESCRIPTION  )
#define AZ_DIRTY_ROLE_ALL                          (0x0000000F | AZ_DIRTY_ROLE_ALL_SCALAR | AZ_DIRTY_CREATE)

#define AZ_DIRTY_APPLICATION_AUTHZ_INTERFACE_CLSID  0x00000100
#define AZ_DIRTY_APPLICATION_VERSION                0x00000200
#define AZ_DIRTY_APPLICATION_ALL_SCALAR            (0x00000300 | AZ_DIRTY_APPLICATION_DATA | AZ_DIRTY_NAME | AZ_DIRTY_DESCRIPTION | AZ_DIRTY_GENERATE_AUDITS | AZ_DIRTY_APPLY_STORE_SACL )
#define AZ_DIRTY_APPLICATION_ALL                   (0x00000000 | AZ_DIRTY_APPLICATION_ALL_SCALAR | AZ_DIRTY_DELEGATED_POLICY_USERS | AZ_DIRTY_POLICY_ADMINS | AZ_DIRTY_POLICY_READERS | AZ_DIRTY_CREATE)

//
// ObjectType as returned from AzpeObjectType
//
//
// The order of the defines below must not change since providers and azroles
//  build tables that are indexed by this number
//
#define OBJECT_TYPE_AZAUTHSTORE   0
#define OBJECT_TYPE_APPLICATION     1
#define OBJECT_TYPE_OPERATION       2
#define OBJECT_TYPE_TASK            3
#define OBJECT_TYPE_SCOPE           4
#define OBJECT_TYPE_GROUP           5
#define OBJECT_TYPE_ROLE            6
#define OBJECT_TYPE_COUNT           7   // Number of object types visible to providers

//
// Definitions of the lPersistFlags
//
// Note to developer.  Confine these flags bits to the lower order 2 bytes or change
// the AZP_FLAGS defines in genobj.h

#define AZPE_FLAGS_PERSIST_OPEN                  0x0001  // Call is from the persistence provider doing AzPersistOpen
#define AZPE_FLAGS_PERSIST_UPDATE_CACHE          0x0002  // Call is from the persistence provider doing AzPersistUpdateCache
#define AZPE_FLAGS_PERSIST_REFRESH               0x0004  // Call is from the persistence provider doing AzPersistRefresh
#define AZPE_FLAGS_PERSIST_SUBMIT                0x0008  // Call is from the persistence provider doing AzPersistSubmit
#define AZPE_FLAGS_PERSIST_UPDATE_CHILDREN_CACHE 0x0010  // Call is from the persistence provider doing AzPersistUpdateChildrenCache
#define AZPE_FLAGS_PERSIST_MASK                  0xFFFF  // Call is from the persistence provider (OR of bits above)
#define AZPE_FLAGS_PERSIST_OPEN_MASK             0x0017  // Call is from the persistence provider doing one of the update-like operations

//
// Options passed to AzpeSetObjectOptions
//

#define AZPE_OPTIONS_WRITABLE               0x01 // Current user can write this object
#define AZPE_OPTIONS_SUPPORTS_DACL          0x02 // DACL can be specified for this object
#define AZPE_OPTIONS_SUPPORTS_DELEGATION    0x04 // Delegation can be specified for this object
#define AZPE_OPTIONS_SUPPORTS_SACL          0x08 // Apply SACL can be specified for this object
#define AZPE_OPTIONS_HAS_SECURITY_PRIVILEGE 0x10 // Current user SE_SECURITY_PRIVILEGE on machine containing store
#define AZPE_OPTIONS_SUPPORTS_LAZY_LOAD     0x20 // Provider supports lazy load for children
#define AZPE_OPTIONS_CREATE_CHILDREN        0x40 // Current user can create children for the object
#define AZPE_OPTIONS_VALID_MASK             0x7F // Mask of the valid options

//
// This flag means that some updates from the store has been made.
//

#define AZPE_FLAG_CACHE_UPDATE_STORE_LEVEL 0x00000001


/////////////////////////////////////////////////////////////////////////////
//
// Procedures implemented by the providers
//
/////////////////////////////////////////////////////////////////////////////

typedef DWORD
(WINAPI * AZ_PERSIST_OPEN)(
    IN LPCWSTR PolicyUrl,
    IN AZPE_OBJECT_HANDLE hAzStore,
    IN ULONG lPersistFlags,
    IN BOOL CreatePolicy,
    OUT PAZPE_PERSIST_CONTEXT PersistContext,
    OUT LPWSTR *pwszTargetMachine
    );

typedef DWORD
(WINAPI *AZ_PERSIST_UPDATE_CACHE)(
    IN AZPE_PERSIST_CONTEXT PersistContext,
    IN ULONG lPersistFlags,
    OUT ULONG * pulUpdatedFlag
    );


typedef DWORD
(WINAPI *AZ_PERSIST_UPDATE_CHILDREN_CACHE)(
    IN AZPE_PERSIST_CONTEXT PersistContext,
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle,
    IN ULONG lPersistFlags
    );

typedef VOID
(WINAPI *AZ_PERSIST_CLOSE)(
    IN AZPE_PERSIST_CONTEXT PersistContext
    );

typedef DWORD
(WINAPI *AZ_PERSIST_SUBMIT)(
    IN AZPE_PERSIST_CONTEXT PersistContext,
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle,
    IN ULONG lPersistFlags,
    IN BOOLEAN DeleteMe
    );

typedef DWORD
(WINAPI *AZ_PERSIST_REFRESH)(
    IN AZPE_PERSIST_CONTEXT PersistContext,
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle,
    IN ULONG lPersistFlags
    );

typedef DWORD
(WINAPI *AZ_PERSIST_CHECK_PRIVILEGE)(
    IN AZPE_PERSIST_CONTEXT PersistContext,
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle
    );

//
// Structure describing a provider
//

typedef struct _AZPE_PROVIDER_INFO {

    //
    // Version of this structure
    //

    ULONG ProviderInfoVersion;
#define AZPE_PROVIDER_INFO_VERSION_1 1
#define AZPE_PROVIDER_INFO_VERSION_2 2

    //
    // Prefix of the PolicyUrl that define the provider
    //  The policy URL should be of the form <Prefix>:<ProviderSpecificUrl>
    //

    LPCWSTR PolicyUrlPrefix;

    //
    // Routines exported by the provider
    //

    AZ_PERSIST_OPEN AzPersistOpen;
    AZ_PERSIST_UPDATE_CACHE AzPersistUpdateCache;
    AZ_PERSIST_CLOSE AzPersistClose;
    AZ_PERSIST_SUBMIT AzPersistSubmit;
    AZ_PERSIST_REFRESH AzPersistRefresh;

    //
    // Following are valid for version 2 and more only
    //

    AZ_PERSIST_UPDATE_CHILDREN_CACHE AzPersistUpdateChildrenCache;

    //
    // When new fields are added to this structure,
    //  make sure you increment the version number and add a new define for
    //  the new version number.
    //

} AZPE_PROVIDER_INFO, *PAZPE_PROVIDER_INFO;


/////////////////////////////////////////////////////////////////////////////
//
// Procedures implemented by the persistence engine and called by the providers
//
/////////////////////////////////////////////////////////////////////////////

typedef DWORD
(WINAPI *AZPE_CREATE_OBJECT)(
    IN AZPE_OBJECT_HANDLE AzpeParentHandle,
    IN ULONG ChildObjectType,
    IN LPCWSTR ChildObjectNameString,
    IN GUID *ChildObjectGuid,
    IN ULONG lPersistFlags,
    OUT AZPE_OBJECT_HANDLE *AzpeChildHandle
    );

typedef VOID
(WINAPI *AZPE_OBJECT_FINISHED)(
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle,
    IN DWORD WinStatus
    );

typedef DWORD
(WINAPI *AZPE_GET_PROPERTY)(
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle,
    IN ULONG lPersistFlags,
    IN ULONG PropertyId,
    OUT PVOID *PropertyValue
    );

typedef DWORD
(WINAPI *AZPE_GET_DELTA_ARRAY)(
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle,
    IN ULONG PropertyId,
    OUT PULONG DeltaArrayCount,
    OUT PAZP_DELTA_ENTRY **DeltaArray
    );

typedef DWORD
(WINAPI *AZPE_GET_SECURITY_DESCRIPTOR_FROM_CACHE)(
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle,
    IN ULONG lPersistFlags,
    IN PAZP_POLICY_USER_RIGHTS *ppPolicyAdminRights OPTIONAL,
    IN PAZP_POLICY_USER_RIGHTS *ppPolicyReaderRights OPTIONAL,
    IN PAZP_POLICY_USER_RIGHTS *ppDelegatedPolicyUsersRights OPTIONAL,
    IN GUID *pDelegatedObjectGuid OPTIONAL,
    IN PAZP_POLICY_USER_RIGHTS pDelegatedUsersAttributeRights OPTIONAL,
    IN GUID *pAttributeGuid OPTIONAL,
    IN PAZP_POLICY_USER_RIGHTS pSaclRights OPTIONAL,
    IN PSECURITY_DESCRIPTOR OldSd OPTIONAL,
    OUT PSECURITY_DESCRIPTOR *NewSd
    );

//
// Routines to return a single field of an object
//

typedef DWORD
(WINAPI *AZPE_OBJECT_TYPE)(
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle
    );

typedef DWORD
(WINAPI *AZPE_DIRTY_BITS)(
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle
    );

typedef GUID *
(WINAPI *AZPE_PERSISTENCE_GUID)(
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle
    );

typedef BOOLEAN
(WINAPI *AZPE_IS_PARENT_WRITABLE)(
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle
    );

typedef AZPE_OBJECT_HANDLE
(WINAPI *AZPE_PARENT_OF_CHILD)(
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle
    );

typedef BOOLEAN
(WINAPI *AZPE_UPDATE_CHILDREN)(
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle
    );

typedef BOOLEAN
(WINAPI *AZPE_CAN_CREATE_CHILDREN)(
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle
    );

//
// Routines to change an object
//

typedef DWORD
(WINAPI *AZPE_SET_PROPERTY)(
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle,
    IN ULONG lPersistFlags,
    IN ULONG PropertyId,
    IN PVOID PropertyValue
    );
typedef DWORD
(WINAPI *AZPE_SET_OBJECT_OPTIONS)(
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle,
    IN ULONG lPersistFlags,
    IN ULONG ObjectOptions
    );

typedef DWORD
(WINAPI *AZPE_ADD_PROPERTY_ITEM_SID)(
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle,
    IN ULONG lPersistFlags,
    IN ULONG PropertyId,
    IN PSID Sid
    );

typedef DWORD
(WINAPI *AZPE_ADD_PROPERTY_ITEM_GUID)(
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle,
    IN ULONG lPersistFlags,
    IN ULONG PropertyId,
    IN GUID *ObjectGuid
    );

typedef DWORD
(WINAPI *AZPE_ADD_PROPERTY_ITEM_GUID_STRING)(
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle,
    IN ULONG lPersistFlags,
    IN ULONG PropertyId,
    IN WCHAR *ObjectGuidString
    );

typedef VOID
(WINAPI *AZPE_SET_PROVIDER_DATA)(
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle,
    IN PVOID ProviderData
    );

typedef PVOID
(WINAPI *AZPE_GET_PROVIDER_DATA)(
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle
    );

typedef DWORD
(WINAPI *AZPE_SET_SECURITY_DESCRIPTOR_INTO_CACHE)(
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle,
    IN PSECURITY_DESCRIPTOR pSD,
    IN ULONG lPersistFlags,
    IN PAZP_POLICY_USER_RIGHTS pAdminRights,
    IN PAZP_POLICY_USER_RIGHTS pReadersRights,
    IN PAZP_POLICY_USER_RIGHTS pDelegatedUserRights OPTIONAL,
    IN PAZP_POLICY_USER_RIGHTS pSaclRights OPTIONAL
    );

typedef PVOID
(WINAPI *AZPE_ALLOCATE_MEMORY)(
     IN SIZE_T Size
     );

typedef VOID
(WINAPI *AZPE_FREE_MEMORY)(
    IN PVOID Buffer
    );

typedef BOOL
(WINAPI *AZPE_AZSTORE_IS_BATCH_MODE)(
    IN AZPE_OBJECT_HANDLE AzpeObjectHandle
    );

typedef AZPE_OBJECT_HANDLE
(WINAPI *AZPE_GET_AUTHORIZATION_STORE)(
    IN AZPE_OBJECT_HANDLE hObject
    );

//
// Structure describing routines exported by azroles to the provider
//

typedef struct _AZPE_AZROLES_INFO {

    //
    // Version of this structure
    //

    ULONG AzrolesInfoVersion;
#define AZPE_AZROLES_INFO_VERSION_1 1
#define AZPE_AZROLES_INFO_VERSION_2 2

    //
    // Routines exported by azroles to the provider
    //

    AZPE_CREATE_OBJECT AzpeCreateObject;
    AZPE_OBJECT_FINISHED AzpeObjectFinished;
    AZPE_GET_PROPERTY AzpeGetProperty;
    AZPE_GET_DELTA_ARRAY AzpeGetDeltaArray;
    AZPE_GET_SECURITY_DESCRIPTOR_FROM_CACHE AzpeGetSecurityDescriptorFromCache;
    AZPE_OBJECT_TYPE AzpeObjectType;
    AZPE_DIRTY_BITS AzpeDirtyBits;
    AZPE_PERSISTENCE_GUID AzpePersistenceGuid;
    AZPE_PARENT_OF_CHILD AzpeParentOfChild;
    AZPE_SET_PROPERTY AzpeSetProperty;
    AZPE_SET_OBJECT_OPTIONS AzpeSetObjectOptions;
    AZPE_ADD_PROPERTY_ITEM_SID AzpeAddPropertyItemSid;
    AZPE_ADD_PROPERTY_ITEM_GUID AzpeAddPropertyItemGuid;
    AZPE_ADD_PROPERTY_ITEM_GUID_STRING AzpeAddPropertyItemGuidString;
    AZPE_SET_PROVIDER_DATA AzpeSetProviderData;
    AZPE_GET_PROVIDER_DATA AzpeGetProviderData;
    AZPE_SET_SECURITY_DESCRIPTOR_INTO_CACHE AzpeSetSecurityDescriptorIntoCache;
    AZPE_ALLOCATE_MEMORY AzpeAllocateMemory;
    AZPE_FREE_MEMORY AzpeFreeMemory;

    //
    // Following are valid for version 2 and more only
    //

    AZPE_IS_PARENT_WRITABLE AzpeIsParentWritable;
    AZPE_UPDATE_CHILDREN AzpeUpdateChildren;
    AZPE_CAN_CREATE_CHILDREN AzpeCanCreateChildren;
    AZPE_AZSTORE_IS_BATCH_MODE AzpeAzStoreIsBatchUpdateMode;
    AZPE_GET_AUTHORIZATION_STORE AzpeGetAuthorizationStore;

    //
    // When new fields are added to this structure,
    //  make sure you increment the version number and add a new define for
    //  the new version number.
    //

} AZPE_AZROLES_INFO, *PAZPE_AZROLES_INFO;

//
// The only actual routine exported by the provider
//

typedef DWORD
(WINAPI * AZ_PERSIST_PROVIDER_INITIALIZE)(
    IN PAZPE_AZROLES_INFO AzrolesInfo,
    OUT PAZPE_PROVIDER_INFO *ProviderInfo
    );

#define AZ_PERSIST_PROVIDER_INITIALIZE_NAME "AzPersistProviderInitialize"

#ifdef __cplusplus
}
#endif
#endif // _AZPER_H_