Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

961 lines
21 KiB

  1. /*++ BUILD Version: 0001 // Increment this if a change has global effects
  2. Copyright (c) 1992 Microsoft Corporation
  3. Module Name:
  4. lsaisrv.h
  5. Abstract:
  6. This file contains interfaces to internal routines in the Lsa
  7. Server that provide additional functionality not contained in
  8. the Lsar routines. These routines are only used by LSA clients which
  9. live in the same process as the LSA server.
  10. Author:
  11. Scott Birrell (ScottBi) April 8, 1992
  12. Environment:
  13. User Mode - Win32
  14. Revision History:
  15. --*/
  16. #ifndef _LSAISRV_
  17. #define _LSAISRV_
  18. #ifdef __cplusplus
  19. extern "C" {
  20. #endif
  21. //
  22. // The following constants are defined for callers of the LsaIHealthCheckRoutine
  23. //
  24. // 1. LSAI_SAM_STATE_SESS_KEY is used to convey the syskey by SAM to LSA.
  25. // This is used in upgrade cases from NT4 and win2k B3 and RC1.
  26. // SAM in these cases knows the syskey
  27. //
  28. // 2. LSAI_SAM_STATE_UNROLL_SP4_ENCRYPTION is used to convey SAM's password
  29. // encryption key to LSA. This is used to unroll encryption used in NT4 SP4
  30. // ( incorrectly ) using SAM's password encryption key
  31. //
  32. // 3. LSAI_SAM_STATE_RETRIEVE_SESS_KEY is used by SAM/DS to retrieve the
  33. // from LSA to decrypt their respective password encryption keys
  34. //
  35. // 4. LSAI_SAM_GENERATE_SESS_KEY is used by SAM to tell the LSA to generate
  36. // a new Password Encryption key in the case where we are upgrading
  37. // from a NT4 or Win2k B3 or RC1 Machine and the machine is not syskey'd
  38. //
  39. // 5. LSAI_SAM_STATE_CLEAR_SESS_KEY is used by SAM or DS to clear the syskey
  40. // after it has been used for decrypting their respective password
  41. // encryption keys.
  42. //
  43. // 6. LSAI_SAM_STATE_OLD_SESS_KEY This is used to retrieve the old syskey in
  44. // to implement error recovery during syskey change cases.
  45. //
  46. #define LSAI_SAM_STATE_SESS_KEY 0x1
  47. #define LSAI_SAM_STATE_UNROLL_SP4_ENCRYPTION 0x2
  48. #define LSAI_SAM_STATE_RETRIEVE_SESS_KEY 0x3
  49. #define LSAI_SAM_STATE_CLEAR_SESS_KEY 0x4
  50. #define LSAI_SAM_GENERATE_SESS_KEY 0x5
  51. #define LSAI_SAM_STATE_OLD_SESS_KEY 0x6
  52. ///////////////////////////////////////////////////////////////////////////////
  53. // //
  54. // The following prototypes are usable throughout the process that the //
  55. // LSA server resides in. //
  56. // //
  57. ///////////////////////////////////////////////////////////////////////////////
  58. NTSTATUS NTAPI
  59. LsaIHealthCheck(
  60. IN LSAPR_HANDLE DomainHandle OPTIONAL,
  61. IN ULONG StateChange,
  62. IN OUT PVOID StateChangeData,
  63. IN OUT PULONG StateChangeDataLength
  64. );
  65. NTSTATUS NTAPI
  66. LsaIOpenPolicyTrusted(
  67. OUT PLSAPR_HANDLE PolicyHandle
  68. );
  69. NTSTATUS NTAPI
  70. LsaIQueryInformationPolicyTrusted(
  71. IN POLICY_INFORMATION_CLASS InformationClass,
  72. OUT PLSAPR_POLICY_INFORMATION *Buffer
  73. );
  74. NTSTATUS NTAPI
  75. LsaIGetSerialNumberPolicy(
  76. IN LSAPR_HANDLE PolicyHandle,
  77. OUT PLARGE_INTEGER ModifiedCount,
  78. OUT PLARGE_INTEGER CreationTime
  79. );
  80. NTSTATUS NTAPI
  81. LsaISetSerialNumberPolicy(
  82. IN LSAPR_HANDLE PolicyHandle,
  83. IN PLARGE_INTEGER ModifiedCount,
  84. IN PLARGE_INTEGER CreationTime,
  85. IN BOOLEAN StartOfFullSync
  86. );
  87. NTSTATUS NTAPI
  88. LsaIGetSerialNumberPolicy2(
  89. IN LSAPR_HANDLE PolicyHandle,
  90. OUT PLARGE_INTEGER ModifiedCount,
  91. OUT PLARGE_INTEGER ModifiedCountAtLastPromotion,
  92. OUT PLARGE_INTEGER CreationTime
  93. );
  94. NTSTATUS NTAPI
  95. LsaISetSerialNumberPolicy2(
  96. IN LSAPR_HANDLE PolicyHandle,
  97. IN PLARGE_INTEGER ModifiedCount,
  98. IN PLARGE_INTEGER ModifiedCountAtLastPromotion OPTIONAL,
  99. IN PLARGE_INTEGER CreationTime,
  100. IN BOOLEAN StartOfFullSync
  101. );
  102. NTSTATUS NTAPI
  103. LsaIGetPrivateData(
  104. IN LSAPR_HANDLE PolicyHandle,
  105. OUT PULONG DataLength,
  106. OUT PVOID *Data
  107. );
  108. NTSTATUS NTAPI
  109. LsaISetPrivateData(
  110. IN LSAPR_HANDLE PolicyHandle,
  111. IN ULONG DataLength,
  112. IN PVOID Data
  113. );
  114. NTSTATUS NTAPI
  115. LsaIEnumerateSecrets(
  116. IN LSAPR_HANDLE PolicyHandle,
  117. IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
  118. OUT PVOID *Buffer,
  119. IN ULONG PreferedMaximumLength,
  120. OUT PULONG CountReturned
  121. );
  122. NTSTATUS NTAPI
  123. LsaISetTimesSecret(
  124. IN LSAPR_HANDLE SecretHandle,
  125. IN PLARGE_INTEGER CurrentValueSetTime,
  126. IN PLARGE_INTEGER OldValueSetTime
  127. );
  128. #ifdef __LOGONMSV_H__ // This API is only of interest to users of logonmsv.h
  129. NTSTATUS NTAPI
  130. LsaIFilterSids(
  131. IN PUNICODE_STRING TrustedDomainName,
  132. IN ULONG TrustDirection,
  133. IN ULONG TrustType,
  134. IN ULONG TrustAttributes,
  135. IN PSID Sid,
  136. IN NETLOGON_VALIDATION_INFO_CLASS InfoClass,
  137. IN OUT PVOID SamInfo
  138. );
  139. #endif
  140. typedef enum {
  141. RoutingMatchDomainSid,
  142. RoutingMatchDomainName,
  143. RoutingMatchUpn,
  144. RoutingMatchSpn,
  145. } LSA_ROUTING_MATCH_TYPE;
  146. NTSTATUS NTAPI
  147. LsaIForestTrustFindMatch(
  148. IN LSA_ROUTING_MATCH_TYPE Type,
  149. IN PVOID Data,
  150. OUT PLSA_UNICODE_STRING Match
  151. );
  152. VOID
  153. LsaIFree_LSA_FOREST_TRUST_INFORMATION(
  154. IN PLSA_FOREST_TRUST_INFORMATION * ForestTrustInfo
  155. );
  156. VOID
  157. LsaIFree_LSA_FOREST_TRUST_COLLISION_INFORMATION(
  158. IN PLSA_FOREST_TRUST_COLLISION_INFORMATION * CollisionInfo
  159. );
  160. BOOLEAN NTAPI
  161. LsaISetupWasRun(
  162. );
  163. BOOLEAN NTAPI
  164. LsaISafeMode(
  165. VOID
  166. );
  167. BOOLEAN NTAPI
  168. LsaILookupWellKnownName(
  169. IN PUNICODE_STRING WellKnownName
  170. );
  171. VOID NTAPI
  172. LsaIFree_LSAPR_ACCOUNT_ENUM_BUFFER (
  173. IN PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer
  174. );
  175. VOID NTAPI
  176. LsaIFree_LSAPR_TRANSLATED_SIDS (
  177. IN PLSAPR_TRANSLATED_SIDS TranslatedSids
  178. );
  179. VOID NTAPI
  180. LsaIFree_LSAPR_TRANSLATED_NAMES (
  181. IN PLSAPR_TRANSLATED_NAMES TranslatedNames
  182. );
  183. VOID NTAPI
  184. LsaIFree_LSAPR_POLICY_INFORMATION (
  185. IN POLICY_INFORMATION_CLASS InformationClass,
  186. IN PLSAPR_POLICY_INFORMATION PolicyInformation
  187. );
  188. VOID NTAPI
  189. LsaIFree_LSAPR_POLICY_DOMAIN_INFORMATION (
  190. IN POLICY_DOMAIN_INFORMATION_CLASS DomainInformationClass,
  191. IN PLSAPR_POLICY_DOMAIN_INFORMATION PolicyDomainInformation
  192. );
  193. VOID NTAPI
  194. LsaIFree_LSAPR_TRUSTED_DOMAIN_INFO (
  195. IN TRUSTED_INFORMATION_CLASS InformationClass,
  196. IN PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation
  197. );
  198. VOID NTAPI
  199. LsaIFree_LSAPR_REFERENCED_DOMAIN_LIST (
  200. IN PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains
  201. );
  202. VOID NTAPI
  203. LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER (
  204. IN PLSAPR_TRUSTED_ENUM_BUFFER EnumerationBuffer
  205. );
  206. VOID NTAPI
  207. LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER_EX (
  208. PLSAPR_TRUSTED_ENUM_BUFFER_EX EnumerationBuffer
  209. );
  210. VOID NTAPI
  211. LsaIFree_LSAPR_TRUST_INFORMATION (
  212. IN PLSAPR_TRUST_INFORMATION TrustInformation
  213. );
  214. VOID NTAPI
  215. LsaIFree_LSAP_SECRET_ENUM_BUFFER (
  216. IN PVOID Buffer,
  217. IN ULONG Count
  218. );
  219. VOID NTAPI
  220. LsaIFree_LSAPR_PRIVILEGE_ENUM_BUFFER (
  221. PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer
  222. );
  223. VOID NTAPI
  224. LsaIFree_LSAPR_SR_SECURITY_DESCRIPTOR (
  225. IN PLSAPR_SR_SECURITY_DESCRIPTOR SecurityDescriptor
  226. );
  227. VOID
  228. LsaIFree_LSAI_SECRET_ENUM_BUFFER (
  229. IN PVOID Buffer,
  230. IN ULONG Count
  231. );
  232. VOID NTAPI
  233. LsaIFree_LSAI_PRIVATE_DATA (
  234. IN PVOID Data
  235. );
  236. VOID NTAPI
  237. LsaIFree_LSAPR_UNICODE_STRING (
  238. IN PLSAPR_UNICODE_STRING UnicodeName
  239. );
  240. VOID NTAPI
  241. LsaIFree_LSAPR_UNICODE_STRING_BUFFER (
  242. IN PLSAPR_UNICODE_STRING UnicodeName
  243. );
  244. VOID NTAPI
  245. LsaIFree_LSAPR_PRIVILEGE_SET (
  246. IN PLSAPR_PRIVILEGE_SET PrivilegeSet
  247. );
  248. VOID NTAPI
  249. LsaIFree_LSAPR_CR_CIPHER_VALUE (
  250. IN PLSAPR_CR_CIPHER_VALUE CipherValue
  251. );
  252. NTSTATUS NTAPI
  253. LsaIAuditSamEvent(
  254. IN NTSTATUS Status,
  255. IN ULONG AuditId,
  256. IN PSID DomainSid,
  257. IN PUNICODE_STRING AdditionalInfo OPTIONAL,
  258. IN PULONG MemberRid OPTIONAL,
  259. IN PSID MemberSid OPTIONAL,
  260. IN PUNICODE_STRING AccountName OPTIONAL,
  261. IN PUNICODE_STRING DomainName,
  262. IN PULONG AccountRid OPTIONAL,
  263. IN PPRIVILEGE_SET Privileges OPTIONAL
  264. );
  265. VOID NTAPI
  266. LsaIAuditNotifyPackageLoad(
  267. PUNICODE_STRING PackageFileName
  268. );
  269. NTSTATUS NTAPI
  270. LsaIAuditKdcEvent(
  271. IN ULONG AuditId,
  272. IN PUNICODE_STRING ClientName,
  273. IN PUNICODE_STRING ClientDomain,
  274. IN PSID ClientSid,
  275. IN PUNICODE_STRING ServiceName,
  276. IN PSID ServiceSid,
  277. IN PULONG KdcOptions,
  278. IN PULONG KerbStatus,
  279. IN PULONG EncryptionType,
  280. IN PULONG PreAuthType,
  281. IN PBYTE ClientAddress,
  282. IN LPGUID UniqueId OPTIONAL
  283. );
  284. NTSTATUS
  285. LsaIGetLogonGuid(
  286. IN PUNICODE_STRING pUserName,
  287. IN PUNICODE_STRING pUserDomain,
  288. IN PBYTE pBuffer,
  289. IN UINT BufferSize,
  290. OUT LPGUID pLogonGuid
  291. );
  292. NTSTATUS
  293. LsaISetLogonGuidInLogonSession(
  294. IN PLUID LogonId,
  295. IN LPGUID LogonGuid OPTIONAL
  296. );
  297. VOID
  298. LsaIAuditKerberosLogon(
  299. IN NTSTATUS LogonStatus,
  300. IN NTSTATUS LogonSubStatus,
  301. IN PUNICODE_STRING AccountName,
  302. IN PUNICODE_STRING AuthenticatingAuthority,
  303. IN PUNICODE_STRING WorkstationName,
  304. IN PSID UserSid, OPTIONAL
  305. IN SECURITY_LOGON_TYPE LogonType,
  306. IN PTOKEN_SOURCE TokenSource,
  307. IN PLUID LogonId,
  308. IN LPGUID LogonGuid
  309. );
  310. NTSTATUS
  311. LsaIAuditLogonUsingExplicitCreds(
  312. IN USHORT AuditEventType,
  313. IN PSID pUser1Sid,
  314. IN PUNICODE_STRING pUser1Name,
  315. IN PUNICODE_STRING pUser1Domain,
  316. IN PLUID pUser1LogonId,
  317. IN LPGUID pUser1LogonGuid, OPTIONAL
  318. IN PUNICODE_STRING pUser2Name,
  319. IN PUNICODE_STRING pUser2Domain,
  320. IN LPGUID pUser2LogonGuid
  321. );
  322. NTSTATUS
  323. LsaIAuditAccountLogon(
  324. IN ULONG AuditId,
  325. IN BOOLEAN Successful,
  326. IN PUNICODE_STRING Source,
  327. IN PUNICODE_STRING ClientName,
  328. IN PUNICODE_STRING MappedName,
  329. IN NTSTATUS Status OPTIONAL
  330. );
  331. NTSTATUS NTAPI
  332. LsaIAuditDPAPIEvent(
  333. IN ULONG AuditId,
  334. IN PSID UserSid,
  335. IN PUNICODE_STRING MasterKeyID,
  336. IN PUNICODE_STRING RecoveryServer,
  337. IN PULONG Reason,
  338. IN PUNICODE_STRING RecoverykeyID,
  339. IN PULONG FailureReason
  340. );
  341. #define LSA_AUDIT_PARAMETERS_ABSOLUTE 1
  342. NTSTATUS NTAPI
  343. LsaIWriteAuditEvent(
  344. IN PSE_ADT_PARAMETER_ARRAY AuditParameters,
  345. IN ULONG Options
  346. );
  347. NTSTATUS
  348. LsaIAuditPasswordAccessEvent(
  349. IN USHORT EventType,
  350. IN PCWSTR pszTargetUserName,
  351. IN PCWSTR pszTargetUserDomain
  352. );
  353. NTSTATUS NTAPI
  354. LsaICallPackage(
  355. IN PUNICODE_STRING AuthenticationPackage,
  356. IN PVOID ProtocolSubmitBuffer,
  357. IN ULONG SubmitBufferLength,
  358. OUT PVOID *ProtocolReturnBuffer,
  359. OUT PULONG ReturnBufferLength,
  360. OUT PNTSTATUS ProtocolStatus
  361. );
  362. VOID NTAPI
  363. LsaIFreeReturnBuffer(
  364. IN PVOID Buffer
  365. );
  366. //
  367. // NT5 routines for using the Ds for Lsa store
  368. //
  369. #define LSAI_FOREST_ROOT_TRUST 0x00000001
  370. #define LSAI_FOREST_DOMAIN_GUID_PRESENT 0x00000002
  371. //
  372. // These structures correspond to the private interface Kerberos uses
  373. // to build a tree of the domains in an organization.
  374. //
  375. typedef struct _LSAPR_TREE_TRUST_INFO {
  376. UNICODE_STRING DnsDomainName;
  377. UNICODE_STRING FlatName;
  378. GUID DomainGuid;
  379. PSID DomainSid;
  380. ULONG Flags;
  381. ULONG Children;
  382. struct _LSAPR_TREE_TRUST_INFO *ChildDomains;
  383. } LSAPR_TREE_TRUST_INFO, *PLSAPR_TREE_TRUST_INFO;
  384. typedef struct _LSAPR_FOREST_TRUST_INFO {
  385. LSAPR_TREE_TRUST_INFO RootTrust;
  386. PLSAPR_TREE_TRUST_INFO ParentDomainReference;
  387. } LSAPR_FOREST_TRUST_INFO, *PLSAPR_FOREST_TRUST_INFO;
  388. VOID
  389. LsaIFreeForestTrustInfo(
  390. IN PLSAPR_FOREST_TRUST_INFO ForestTrustInfo
  391. );
  392. NTSTATUS
  393. NTAPI
  394. LsaIQueryForestTrustInfo(
  395. IN LSAPR_HANDLE PolicyHandle,
  396. OUT PLSAPR_FOREST_TRUST_INFO *ForestTrustInfo
  397. );
  398. NTSTATUS NTAPI
  399. LsaISetTrustedDomainAuthInfoBlobs(
  400. IN LSAPR_HANDLE PolicyHandle,
  401. IN PLSAPR_UNICODE_STRING TrustedDomainName,
  402. IN PLSAPR_TRUSTED_DOMAIN_AUTH_BLOB IncomingBlob,
  403. IN PLSAPR_TRUSTED_DOMAIN_AUTH_BLOB OutgoingBlob);
  404. NTSTATUS NTAPI
  405. LsaIUpgradeRegistryToDs(
  406. IN BOOLEAN DeleteOnly
  407. );
  408. NTSTATUS NTAPI
  409. LsaIGetTrustedDomainAuthInfoBlobs(
  410. IN LSAPR_HANDLE PolicyHandle,
  411. IN PLSAPR_UNICODE_STRING TrustedDomainName,
  412. OUT PLSAPR_TRUSTED_DOMAIN_AUTH_BLOB IncomingBlob,
  413. OUT PLSAPR_TRUSTED_DOMAIN_AUTH_BLOB OutgoingBlob
  414. );
  415. NTSTATUS NTAPI
  416. LsaISetServerRoleForNextBoot(
  417. IN LSAPR_HANDLE PolicyHandle,
  418. IN POLICY_LSA_SERVER_ROLE ServerRole
  419. );
  420. BOOLEAN NTAPI
  421. LsaIIsClassIdLsaClass(
  422. IN ULONG ClassId,
  423. OUT PULONG LsaClass
  424. );
  425. NTSTATUS NTAPI
  426. LsaIDsNotifiedObjectChange(
  427. IN ULONG Class,
  428. IN PVOID ObjectPath, // This is a DSNAME
  429. IN SECURITY_DB_DELTA_TYPE DeltaType,
  430. IN PSID UserSid,
  431. IN LUID AuthenticationId,
  432. IN BOOLEAN fReplicatedIn,
  433. IN BOOLEAN ChangeOriginatedInLSA
  434. );
  435. typedef NTSTATUS (NTAPI *pfLsaIDsNotifiedObjectChange )(
  436. ULONG, PVOID, SECURITY_DB_DELTA_TYPE, PSID, LUID, BOOLEAN, BOOLEAN );
  437. //
  438. // NT5 routines for moving some SAM domain object properties to the Lsa Ds objects
  439. //
  440. #define LSAI_SAM_NONE 0x00000000
  441. #define LSAI_SAM_TRANSACTION_ACTIVE 0x00000001
  442. #define LSAI_SAM_ADD 0x1
  443. #define LSAI_SAM_REMOVE 0x2
  444. NTSTATUS NTAPI
  445. LsaISamSetDomainObjectProperties(
  446. IN DOMAIN_INFORMATION_CLASS SamInfoClass,
  447. IN PVOID Buffer,
  448. IN ULONG Options
  449. );
  450. NTSTATUS NTAPI
  451. LsaISamSetDomainBuiltinGroupMembership(
  452. IN PSID GroupSid,
  453. IN ULONG Operation,
  454. IN ULONG Users,
  455. IN PVOID UserList, // This is a list of DSNAME pointers
  456. IN ULONG Options
  457. );
  458. NTSTATUS NTAPI
  459. LsaISamIndicatedDsStarted(
  460. IN BOOLEAN PerformDomainRenameCheck
  461. );
  462. //
  463. // Netlogon routines for enumerating subnets
  464. //
  465. typedef struct _LSAP_SUBNET_INFO_ENTRY {
  466. UNICODE_STRING SubnetName;
  467. UNICODE_STRING SiteName;
  468. } LSAP_SUBNET_INFO_ENTRY, *PLSAP_SUBNET_INFO_ENTRY;
  469. typedef struct _LSAP_SUBNET_INFO {
  470. ULONG SiteCount;
  471. ULONG SubnetCount;
  472. LSAP_SUBNET_INFO_ENTRY Subnets[1];
  473. } LSAP_SUBNET_INFO, *PLSAP_SUBNET_INFO;
  474. NTSTATUS NTAPI
  475. LsaIQuerySubnetInfo(
  476. OUT PLSAP_SUBNET_INFO *SubnetInformation
  477. );
  478. VOID NTAPI
  479. LsaIFree_LSAP_SUBNET_INFO(
  480. IN PLSAP_SUBNET_INFO SubnetInfo
  481. );
  482. //
  483. // Netlogon routines for UPN/SPN suffixes
  484. //
  485. typedef struct _LSAP_UPN_SUFFIXES {
  486. ULONG SuffixCount;
  487. UNICODE_STRING Suffixes[1];
  488. } LSAP_UPN_SUFFIXES, *PLSAP_UPN_SUFFIXES;
  489. NTSTATUS
  490. LsaIQueryUpnSuffixes(
  491. OUT PLSAP_UPN_SUFFIXES *UpnSuffixes
  492. );
  493. VOID
  494. LsaIFree_LSAP_UPN_SUFFIXES(
  495. IN PLSAP_UPN_SUFFIXES UpnSuffixes
  496. );
  497. NTSTATUS
  498. LsaIGetForestTrustInformation(
  499. OUT PLSA_FOREST_TRUST_INFORMATION *ForestTrustInfo
  500. );
  501. NTSTATUS
  502. LsaIUpdateForestTrustInformation(
  503. IN LSAPR_HANDLE PolicyHandle,
  504. IN UNICODE_STRING * TrustedDomainName,
  505. IN PLSA_FOREST_TRUST_INFORMATION NewForestTrustInfo
  506. );
  507. //
  508. // Netlogon routines for enumerating sites
  509. //
  510. typedef struct _LSAP_SITE_INFO_ENTRY {
  511. UNICODE_STRING SiteName;
  512. } LSAP_SITE_INFO_ENTRY, *PLSAP_SITE_INFO_ENTRY;
  513. typedef struct _LSAP_SITE_INFO {
  514. ULONG SiteCount;
  515. LSAP_SITE_INFO_ENTRY Sites[1];
  516. } LSAP_SITE_INFO, *PLSAP_SITE_INFO;
  517. NTSTATUS NTAPI
  518. LsaIQuerySiteInfo(
  519. OUT PLSAP_SITE_INFO *SiteInformation
  520. );
  521. VOID NTAPI
  522. LsaIFree_LSAP_SITE_INFO(
  523. IN PLSAP_SITE_INFO SubnetInfo
  524. );
  525. //
  526. // Netlogon routines for getting the name of the site we're in.
  527. //
  528. typedef struct _LSAP_SITENAME_INFO {
  529. UNICODE_STRING SiteName;
  530. GUID DsaGuid;
  531. ULONG DsaOptions;
  532. } LSAP_SITENAME_INFO, *PLSAP_SITENAME_INFO;
  533. NTSTATUS NTAPI
  534. LsaIGetSiteName(
  535. OUT PLSAP_SITENAME_INFO *SiteNameInformation
  536. );
  537. VOID NTAPI
  538. LsaIFree_LSAP_SITENAME_INFO(
  539. IN PLSAP_SITENAME_INFO SiteNameInfo
  540. );
  541. BOOLEAN NTAPI
  542. LsaIIsDsPaused(
  543. VOID
  544. );
  545. //
  546. // Lsa notification routine definitions
  547. //
  548. //
  549. // Notification callback routine prototype
  550. //
  551. typedef VOID ( NTAPI fLsaPolicyChangeNotificationCallback) (
  552. IN POLICY_NOTIFICATION_INFORMATION_CLASS ChangedInfoClass
  553. );
  554. typedef fLsaPolicyChangeNotificationCallback *pfLsaPolicyChangeNotificationCallback;
  555. NTSTATUS NTAPI
  556. LsaIRegisterPolicyChangeNotificationCallback(
  557. IN pfLsaPolicyChangeNotificationCallback Callback,
  558. IN POLICY_NOTIFICATION_INFORMATION_CLASS MonitorInfoClass
  559. );
  560. NTSTATUS NTAPI
  561. LsaIUnregisterPolicyChangeNotificationCallback(
  562. IN pfLsaPolicyChangeNotificationCallback Callback,
  563. IN POLICY_NOTIFICATION_INFORMATION_CLASS MonitorInfoClass
  564. );
  565. NTSTATUS NTAPI
  566. LsaIUnregisterAllPolicyChangeNotificationCallback(
  567. IN pfLsaPolicyChangeNotificationCallback Callback
  568. );
  569. HANDLE NTAPI
  570. LsaIRegisterNotification(
  571. IN PTHREAD_START_ROUTINE StartFunction,
  572. IN PVOID Parameter,
  573. IN ULONG NotificationType,
  574. IN ULONG NotificationClass,
  575. IN ULONG NotificationFlags,
  576. IN ULONG IntervalMinutes,
  577. IN OPTIONAL HANDLE WaitEvent
  578. );
  579. NTSTATUS NTAPI
  580. LsaICancelNotification(
  581. IN HANDLE NotifyHandle
  582. );
  583. BOOLEAN
  584. NTAPI
  585. LsaIEventNotify(
  586. ULONG Class,
  587. ULONG Flags,
  588. ULONG EventSize,
  589. PVOID EventData);
  590. VOID
  591. LsaIAddTouchAddress(
  592. PVOID Address,
  593. SIZE_T Range
  594. );
  595. VOID
  596. LsaIRemoveTouchAddress(
  597. PVOID Address
  598. );
  599. //
  600. // This is the notification Kerberos registers to receive updates on changing trusts
  601. //
  602. typedef VOID (fLsaTrustChangeNotificationCallback) (
  603. IN SECURITY_DB_DELTA_TYPE DeltaType
  604. );
  605. typedef fLsaTrustChangeNotificationCallback *pfLsaTrustChangeNotificationCallback;
  606. typedef enum LSAP_REGISTER {
  607. LsaRegister = 0,
  608. LsaUnregister
  609. } LSAP_REGISTER, *PLSAP_REGISTER;
  610. NTSTATUS NTAPI
  611. LsaIKerberosRegisterTrustNotification(
  612. IN pfLsaTrustChangeNotificationCallback Callback,
  613. IN LSAP_REGISTER Register
  614. );
  615. //
  616. // See secpkg.h : LsaGetCallInfo and SECPKG_CALL_INFO
  617. //
  618. BOOLEAN
  619. NTAPI
  620. LsaIGetCallInfo(
  621. PVOID
  622. );
  623. BOOLEAN
  624. LsaIGetThreadHeap(
  625. VOID
  626. );
  627. VOID
  628. LsaITossThreadHeap(
  629. VOID
  630. );
  631. PVOID
  632. LsaIThreadAlloc(
  633. IN SIZE_T Size
  634. );
  635. VOID
  636. LsaIThreadFree(
  637. IN PVOID Memory
  638. );
  639. NTSTATUS
  640. LsaISetClientDnsHostName(
  641. IN PWSTR ClientName,
  642. IN PWSTR ClientDnsHostName OPTIONAL,
  643. IN POSVERSIONINFOEXW OsVersionInfo OPTIONAL,
  644. IN PWSTR OsName OPTIONAL,
  645. OUT PWSTR *OldDnsHostName OPTIONAL
  646. );
  647. VOID
  648. LsaIManageReplicationSyncLock(
  649. IN BOOLEAN TakeLock
  650. );
  651. NTSTATUS
  652. LsaICallPackageEx(
  653. IN PUNICODE_STRING AuthenticationPackage,
  654. IN PVOID ClientBufferBase,
  655. IN PVOID ProtocolSubmitBuffer,
  656. IN ULONG SubmitBufferLength,
  657. OUT PVOID * ProtocolReturnBuffer,
  658. OUT PULONG ReturnBufferLength,
  659. OUT PNTSTATUS ProtocolStatus
  660. );
  661. NTSTATUS
  662. LsaICallPackagePassthrough(
  663. IN PUNICODE_STRING AuthenticationPackage,
  664. IN PVOID ClientBufferBase,
  665. IN PVOID ProtocolSubmitBuffer,
  666. IN ULONG SubmitBufferLength,
  667. OUT PVOID * ProtocolReturnBuffer,
  668. OUT PULONG ReturnBufferLength,
  669. OUT PNTSTATUS ProtocolStatus
  670. );
  671. NTSTATUS
  672. LsaISetBootOption(
  673. IN ULONG BootOption,
  674. IN PVOID OldKey,
  675. IN ULONG OldKeyLength,
  676. IN PVOID NewKey,
  677. IN ULONG NewKeyLength
  678. );
  679. NTSTATUS
  680. LsaIGetBootOption(
  681. OUT PULONG BootOption
  682. );
  683. VOID
  684. LsaINotifyPasswordChanged(
  685. IN PUNICODE_STRING NetbiosDomainName OPTIONAL,
  686. IN PUNICODE_STRING UserName,
  687. IN PUNICODE_STRING DnsDomainName OPTIONAL,
  688. IN PUNICODE_STRING Upn OPTIONAL,
  689. IN PUNICODE_STRING OldPassword,
  690. IN PUNICODE_STRING NewPassword,
  691. IN BOOLEAN Impersonating
  692. );
  693. NTSTATUS
  694. LsaINotifyChangeNotification(
  695. IN POLICY_NOTIFICATION_INFORMATION_CLASS InfoClass
  696. );
  697. NTSTATUS
  698. LsaIGetNbAndDnsDomainNames(
  699. IN PUNICODE_STRING DomainName,
  700. OUT PUNICODE_STRING DnsDomainName,
  701. OUT PUNICODE_STRING NetbiosDomainName
  702. );
  703. //
  704. // This flag indicates the the protected blob is a system blob, and cannot
  705. // be decrypted by the user-space.
  706. //
  707. #define CRYPTPROTECT_SYSTEM 0x20000000
  708. //
  709. // Local Free should be used to free the returned buffer
  710. //
  711. BOOLEAN
  712. LsaICryptProtectData(
  713. IN PVOID DataIn,
  714. IN ULONG DataInLength,
  715. IN PUNICODE_STRING szDataDescr,
  716. IN PVOID OptionalEntropy,
  717. IN ULONG OptionalEntropyLength,
  718. IN PVOID Reserved,
  719. IN PVOID Reserved2,
  720. IN ULONG Flags,
  721. OUT PVOID * DataOut,
  722. OUT PULONG DataOutLength);
  723. //
  724. // Local Free should be used to free the returned buffer
  725. //
  726. BOOLEAN
  727. LsaICryptUnprotectData(
  728. IN PVOID DataIn,
  729. IN ULONG DataInLength,
  730. IN PVOID OptionalEntropy,
  731. IN ULONG OptionalEntropyLength,
  732. IN PVOID Reserved,
  733. IN PVOID Reserved2,
  734. IN ULONG Flags,
  735. OUT PUNICODE_STRING szDataDescr,
  736. OUT PVOID * DataOut,
  737. OUT PULONG DataOutLength);
  738. //
  739. // Heap allocator for the LSA process
  740. //
  741. PVOID
  742. NTAPI
  743. LsaIAllocateHeapZero(
  744. IN SIZE_T Length
  745. );
  746. PVOID
  747. NTAPI
  748. LsaIAllocateHeap(
  749. IN SIZE_T cbMemory
  750. );
  751. VOID
  752. NTAPI
  753. LsaIFreeHeap(
  754. IN PVOID Base
  755. );
  756. typedef enum LSAP_NETLOGON_PARAMETER {
  757. LsaEmulateNT4,
  758. } LSAP_NETLOGON_PARAMETER;
  759. VOID
  760. NTAPI
  761. LsaINotifyNetlogonParametersChangeW(
  762. IN LSAP_NETLOGON_PARAMETER Parameter,
  763. IN DWORD dwType,
  764. IN PWSTR lpData,
  765. IN DWORD cbData
  766. );
  767. NTSTATUS
  768. NTAPI
  769. LsaIChangeSecretCipherKey(
  770. IN PVOID NewSysKey
  771. );
  772. #ifdef __cplusplus
  773. }
  774. #endif
  775. #endif // _LSAISRV_