|
|
/*++
Copyright (c) 1992 Microsoft Corporation
Module Name:
dblookup.h
Abstract:
LSA Database - Lookup Sid and Name Routine Private Data Definitions.
NOTE: This module should remain as portable code that is independent of the implementation of the LSA Database. As such, it is permitted to use only the exported LSA Database interfaces contained in db.h and NOT the private implementation dependent functions in dbp.h.
Author:
Scott Birrell (ScottBi) Novwember 27, 1992
Environment:
Revision History:
--*/
#include <safelock.h>
//////////////////////////////////////////////////////////////////////////
// //
// Private Datatypes and Defines //
// //
//////////////////////////////////////////////////////////////////////////
//
// This global controls what events are logged.
// Note each level assumes that previous levels are to be logged too
//
// Current only two values:
//
// 0 : (default) none
// 1 : fatal errors
//
extern DWORD LsapLookupLogLevel;
//
// This boolean indicates whether a post NT4 DC should perform
// extended lookups (eg by UPN) in a mixed domain (default is FALSE).
//
extern BOOLEAN LsapAllowExtendedDownlevelLookup;
//
// Set to 0 to disable the SID cache
//
#define USE_SID_CACHE 1
//
// Maximum number of Lookup Threads and maximum number to retain.
//
#define LSAP_DB_LOOKUP_MAX_THREAD_COUNT ((ULONG) 0x00000002)
#define LSAP_DB_LOOKUP_MAX_RET_THREAD_COUNT ((ULONG) 0x00000002)
//
// Work Item Granularity.
//
#define LSAP_DB_LOOKUP_WORK_ITEM_GRANULARITY ((ULONG) 0x0000000f)
//
// Parameters specific to a Lookup Sids call.
//
typedef struct _LSAP_DB_LOOKUP_SIDS_PARAMS {
PLSAPR_SID *Sids; PLSAPR_TRANSLATED_NAMES_EX TranslatedNames;
} LSAP_DB_LOOKUP_SIDS_PARAMS, *PLSAP_DB_LOOKUP_SIDS_PARAMS;
//
// Parameters specific to a Lookup Names call.
//
typedef struct _LSAP_DB_LOOKUP_NAMES_PARAMS {
PLSAPR_UNICODE_STRING Names; PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids;
} LSAP_DB_LOOKUP_NAMES_PARAMS, *PLSAP_DB_LOOKUP_NAMES_PARAMS;
//
// Types of Lookup Operation.
//
typedef enum {
LookupSids = 1, LookupNames
} LSAP_DB_LOOKUP_TYPE, *PLSAP_DB_LOOKUP_TYPE;
//
// Work Item states - Assignable, Assigned, Completed, Reassign
//
typedef enum {
AssignableWorkItem = 1, AssignedWorkItem, CompletedWorkItem, ReassignWorkItem, NonAssignableWorkItem
} LSAP_DB_LOOKUP_WORK_ITEM_STATE, *PLSAP_DB_LOOKUP_WORK_ITEM_STATE;
//
// Work Item Properties.
//
#define LSAP_DB_LOOKUP_WORK_ITEM_ISOL ((ULONG) 0x00000001L)
#define LSAP_DB_LOOKUP_WORK_ITEM_XFOREST ((ULONG) 0x00000002L)
//
// Lookup Work Item. Each work item specifies a domain and an array of
// Sids or Names to be looked up in that domain. This array is specified
// as an array of the Sid or Name indices relevant to the arrays specified
// as parameters to the lookup call.
//
typedef struct _LSAP_DB_LOOKUP_WORK_ITEM {
LIST_ENTRY Links; LSAP_DB_LOOKUP_WORK_ITEM_STATE State; ULONG Properties; LSAPR_TRUST_INFORMATION TrustInformation; LONG DomainIndex; ULONG UsedCount; ULONG MaximumCount; PULONG Indices;
} LSAP_DB_LOOKUP_WORK_ITEM, *PLSAP_DB_LOOKUP_WORK_ITEM;
//
// Lookup Work List State.
//
typedef enum {
InactiveWorkList = 1, ActiveWorkList, CompletedWorkList
} LSAP_DB_LOOKUP_WORK_LIST_STATE, *PLSAP_DB_LOOKUP_WORK_LIST_STATE;
//
// Work List for a Lookup Operation. These are linked together if
// concurrent lookups are permitted.
//
typedef struct _LSAP_DB_LOOKUP_WORK_LIST {
LIST_ENTRY WorkLists; PLSAP_DB_LOOKUP_WORK_ITEM AnchorWorkItem; NTSTATUS Status; LSAP_DB_LOOKUP_WORK_LIST_STATE State; LSAP_DB_LOOKUP_TYPE LookupType; LSAPR_HANDLE PolicyHandle; ULONG WorkItemCount; ULONG CompletedWorkItemCount; ULONG Count; LSAP_LOOKUP_LEVEL LookupLevel; PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains; PULONG MappedCount; PULONG CompletelyUnmappedCount; ULONG AdvisoryChildThreadCount; NTSTATUS NonFatalStatus; HANDLE LookupCompleteEvent;
union {
LSAP_DB_LOOKUP_SIDS_PARAMS LookupSidsParams; LSAP_DB_LOOKUP_NAMES_PARAMS LookupNamesParams; };
LSAP_DB_LOOKUP_WORK_ITEM DummyAnchorWorkItem;
} LSAP_DB_LOOKUP_WORK_LIST, *PLSAP_DB_LOOKUP_WORK_LIST;
//
// Lookup Operation Work Queue. The Queue is a circular doubly linked
// list of Work Lists. Each Work List corresponds to a single
// Lookup Operation (i.e. an LsarLookupSids or LsarLookupNames call).
// A Work List is a circular doubly linked list of Work Items, each
// of these being a list of Sids or Names belonging to a specific
// Trusted Domain. Work Items can be given out to different threads.
//
typedef struct _LSAP_DB_LOOKUP_WORK_QUEUE {
SAFE_CRITICAL_SECTION Lock; PLSAP_DB_LOOKUP_WORK_LIST AnchorWorkList; PLSAP_DB_LOOKUP_WORK_LIST CurrentAssignableWorkList; PLSAP_DB_LOOKUP_WORK_ITEM CurrentAssignableWorkItem; ULONG ActiveChildThreadCount; ULONG MaximumChildThreadCount; ULONG MaximumRetainedChildThreadCount; LSAP_DB_LOOKUP_WORK_LIST DummyAnchorWorkList;
} LSAP_DB_LOOKUP_WORK_QUEUE, *PLSAP_DB_LOOKUP_WORK_QUEUE;
static LSAP_DB_LOOKUP_WORK_QUEUE LookupWorkQueue;
//
// Index to table of the well known SIDs
//
// This type indexes the table of well-known Sids maintained by the LSA
//
typedef enum _LSAP_WELL_KNOWN_SID_INDEX {
LsapNullSidIndex = 0, LsapWorldSidIndex, LsapLocalSidIndex, LsapCreatorOwnerSidIndex, LsapCreatorGroupSidIndex, LsapCreatorOwnerServerSidIndex, LsapCreatorGroupServerSidIndex, LsapNtAuthoritySidIndex, LsapDialupSidIndex, LsapNetworkSidIndex, LsapBatchSidIndex, LsapInteractiveSidIndex, LsapServiceSidIndex, LsapLogonSidIndex, LsapBuiltInDomainSidIndex, LsapLocalSystemSidIndex, LsapAliasAdminsSidIndex, LsapAliasUsersSidIndex, LsapAnonymousSidIndex, LsapProxySidIndex, LsapServerSidIndex, LsapSelfSidIndex, LsapAuthenticatedUserSidIndex, LsapRestrictedSidIndex, LsapInternetDomainIndex, LsapTerminalServerSidIndex, LsapLocalServiceSidIndex, LsapNetworkServiceSidIndex, LsapRemoteInteractiveSidIndex, LsapDummyLastSidIndex
} LSAP_WELL_KNOWN_SID_INDEX, *PLSAP_WELL_KNOWN_SID_INDEX;
//
// Macro to identify SIDs the LSA should ignore for lookups (i.e., these
// lookups are always done by SAM since the alias name may change)
//
#define SID_IS_RESOLVED_BY_SAM(SidIndex) \
(((SidIndex) == LsapAliasUsersSidIndex) || ((SidIndex) == LsapAliasAdminsSidIndex))
//
// Mnemonics for Universal well known SIDs. These reference the corresponding
// entries in the Well Known Sids table.
//
#define LsapNullSid WellKnownSids[LsapNullSidIndex].Sid
#define LsapWorldSid WellKnownSids[LsapWorldSidIndex].Sid
#define LsapLocalSid WellKnownSids[LsapLocalSidIndex].Sid
#define LsapCreatorOwnerSid WellKnownSids[LsapCreatorOwnerSidIndex].Sid
#define LsapCreatorGroupSid WellKnownSids[LsapCreatorGroupSidIndex].Sid
#define LsapCreatorOwnerServerSid WellKnownSids[LsapCreatorOwnerServerSidIndex].Sid
#define LsapCreatorGroupServerSid WellKnownSids[LsapCreatorGroupServerSidIndex].Sid
//
// Sids defined by NT
//
#define LsapNtAuthoritySid WellKnownSids[LsapNtAuthoritySid].Sid
#define LsapDialupSid WellKnownSids[LsapDialupSidIndex].Sid
#define LsapNetworkSid WellKnownSids[LsapNetworkSidIndex].Sid
#define LsapBatchSid WellKnownSids[LsapBatchSidIndex].Sid
#define LsapInteractiveSid WellKnownSids[LsapInteractiveSidIndex].Sid
#define LsapServiceSid WellKnownSids[LsapServiceSidIndex].Sid
#define LsapBuiltInDomainSid WellKnownSids[LsapBuiltInDomainSidIndex].Sid
#define LsapLocalSystemSid WellKnownSids[LsapLocalSystemSidIndex].Sid
#define LsapLocalServiceSid WellKnownSids[LsapLocalServiceSidIndex].Sid
#define LsapNetworkServiceSid WellKnownSids[LsapNetworkServiceSidIndex].Sid
#define LsapRemoteInteractiveSid WellKnownSids[LsapRemoteInteractiveSidIndex].Sid
#define LsapRestrictedSid WellKnownSids[LsapRestrictedSidIndex].Sid
#define LsapInternetDomainSid WellKnownSids[LsapInternetDomainIndex].Sid
#define LsapAliasAdminsSid WellKnownSids[LsapAliasAdminsSidIndex].Sid
#define LsapAliasUsersSid WellKnownSids[LsapAliasUsersSidIndex].Sid
#define LsapAnonymousSid WellKnownSids[LsapAnonymousSidIndex].Sid
#define LsapServerSid WellKnownSids[LsapServerSidIndex].Sid
#define LsapSelfSid WellKnownSids[LsapSelfSidIndex].Sid
#define LsapAuthenticatedUserSid WellKnownSids[LsapAuthenticatedUserSidIndex].Sid
#define LsapTerminalServerSid WellKnownSids[LsapTerminalServerSidIndex].Sid
//
// Well known LUIDs
//
extern LUID LsapSystemLogonId;extern LUID LsapZeroLogonId;
//
// Well known privilege values
//
extern LUID LsapCreateTokenPrivilege;extern LUID LsapAssignPrimaryTokenPrivilege;extern LUID LsapLockMemoryPrivilege;extern LUID LsapIncreaseQuotaPrivilege;extern LUID LsapUnsolicitedInputPrivilege;extern LUID LsapTcbPrivilege;extern LUID LsapSecurityPrivilege;extern LUID LsapTakeOwnershipPrivilege;
extern SID_IDENTIFIER_AUTHORITY LsapNullSidAuthority;extern SID_IDENTIFIER_AUTHORITY LsapWorldSidAuthority;extern SID_IDENTIFIER_AUTHORITY LsapLocalSidAuthority;extern SID_IDENTIFIER_AUTHORITY LsapCreatorSidAuthority;extern SID_IDENTIFIER_AUTHORITY LsapNtAuthority;
//
// Maximum number of Subauthority levels for well known Sids
//
#define LSAP_WELL_KNOWN_MAX_SUBAUTH_LEVEL ((ULONG) 0x00000003L)
//
// Constants relating to Sid's
//
#define LSAP_MAX_SUB_AUTH_COUNT (0x00000010L)
#define LSAP_MAX_SIZE_TEXT_SUBA (0x00000009L)
#define LSAP_MAX_SIZE_TEXT_SID_HDR (0x00000020L)
#define LSAP_MAX_SIZE_TEXT_SID \
(LSAP_MAX_SIZE_TEXT_SID_HDR + \ (LSAP_MAX_SUB_AUTH_COUNT * LSAP_MAX_SIZE_TEXT_SUBA))
//
// Well Known Sid Table Entry
//
typedef struct _LSAP_WELL_KNOWN_SID_ENTRY {
PSID Sid; SID_NAME_USE Use; UNICODE_STRING Name; UNICODE_STRING DomainName;
} LSAP_WELL_KNOWN_SID_ENTRY, *PLSAP_WELL_KNOWN_SID_ENTRY;
//
// Well Known Sid Table Pointer
//
extern PLSAP_WELL_KNOWN_SID_ENTRY WellKnownSids;
NTSTATUSLsapDbLookupGetDomainInfo( OUT PPOLICY_ACCOUNT_DOMAIN_INFO *AccountDomainInfo, OUT PPOLICY_DNS_DOMAIN_INFO *DnsDomainInfo );
///////////////////////////////////////////////////////////////////////////
// //
// Lookup Sids and Names - Private Function Definitions //
// //
///////////////////////////////////////////////////////////////////////////
BOOLEANLsaIInitializeWellKnownSids( OUT PLSAP_WELL_KNOWN_SID_ENTRY *WellKnownSids );
BOOLEANLsaIInitializeWellKnownSid( OUT PLSAP_WELL_KNOWN_SID_ENTRY WellKnownSids, IN LSAP_WELL_KNOWN_SID_INDEX WellKnownSidIndex, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN OPTIONAL PULONG SubAuthorities, IN PWSTR Name, IN PWSTR Description, IN SID_NAME_USE Use );
BOOLEANLsapDbLookupIndexWellKnownSid( IN PLSAPR_SID Sid, OUT PLSAP_WELL_KNOWN_SID_INDEX WellKnownSidIndex );
BOOLEANLsapDbLookupIndexWellKnownSidName( IN PLSAPR_UNICODE_STRING Name, OUT PLSAP_WELL_KNOWN_SID_INDEX WellKnownSidIndex );
NTSTATUSLsapDbGetNameWellKnownSid( IN LSAP_WELL_KNOWN_SID_INDEX WellKnownSidIndex, OUT PLSAPR_UNICODE_STRING Name, OUT OPTIONAL PLSAPR_UNICODE_STRING DomainName );
NTSTATUSLsapDbLookupIsolatedWellKnownSids( IN ULONG Count, IN PLSAPR_SID *Sids, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_NAMES_EX TranslatedNames, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount );
NTSTATUSLsapDbLookupSidsInLocalDomains( IN ULONG Count, IN PLSAPR_SID *Sids, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_NAMES_EX TranslatedNames, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount, IN ULONG Options );
NTSTATUSLsapDbLookupSidsInLocalDomain( IN ULONG LocalDomain, IN ULONG Count, IN PLSAPR_SID *Sids, IN PLSAPR_TRUST_INFORMATION TrustInformation, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_NAMES_EX TranslatedNames, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount );
NTSTATUSLsapDbLookupSidsInPrimaryDomain( IN ULONG Count, IN PLSAPR_SID *Sids, IN PLSAPR_TRUST_INFORMATION TrustInformation, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_NAMES_EX TranslatedNames, IN LSAP_LOOKUP_LEVEL LookupLevel, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount, OUT NTSTATUS *NonFatalStatus, OUT BOOLEAN *fDownlevelSecureChannel );
NTSTATUSLsapDbLookupSidsInTrustedDomains( IN ULONG Count, IN PLSAPR_SID *Sids, IN BOOLEAN fIncludeIntraforest, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_NAMES_EX TranslatedNames, IN LSAP_LOOKUP_LEVEL LookupLevel, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount, OUT NTSTATUS *NonFatalStatus );
NTSTATUSLsapDbLookupSidsInGlobalCatalog( IN ULONG Count, IN PLSAPR_SID *Sids, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_NAMES_EX TranslatedNames, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount, IN BOOLEAN fDoSidHistory, OUT NTSTATUS *NonFatalStatus );
NTSTATUSLsapDbLookupSidsInGlobalCatalogWks( IN ULONG Count, IN PLSAPR_SID *Sids, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_NAMES_EX TranslatedNames, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount, OUT NTSTATUS *NonFatalStatus );
NTSTATUSLsapDbLookupSidsInDomainList( IN ULONG Count, IN PLSAPR_SID *Sids, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_NAMES_EX TranslatedNames, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount );
NTSTATUSLsapDbLookupTranslateUnknownSids( IN ULONG Count, IN PLSAPR_SID *Sids, IN PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_NAMES_EX TranslatedNames, IN ULONG MappedCount );
NTSTATUSLsapDbLookupTranslateUnknownSidsInDomain( IN ULONG Count, IN PLSAPR_SID *Sids, IN PLSAPR_TRUST_INFORMATION TrustInformation, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_NAMES_EX TranslatedNames, IN LSAP_LOOKUP_LEVEL LookupLevel, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount );
NTSTATUSLsapDbLookupSimpleNames( IN ULONG Count, IN ULONG LookupLevel, IN PLSAPR_UNICODE_STRING Names, IN PLSAPR_UNICODE_STRING PrefixNames, IN PLSAPR_UNICODE_STRING SuffixNames, IN PLSAPR_TRUST_INFORMATION BuiltInDomainTrustInformation, IN PLSAPR_TRUST_INFORMATION_EX AccountDomainTrustInformation, IN PLSAPR_TRUST_INFORMATION_EX PrimaryDomainTrustInformation, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount );
NTSTATUSLsapDbLookupWellKnownNames( IN ULONG Count, IN PLSAPR_UNICODE_STRING Names, IN PLSAPR_UNICODE_STRING PrefixNames, IN PLSAPR_UNICODE_STRING SuffixNames, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount );
NTSTATUSLsapDbLookupIsolatedDomainNames( IN ULONG Count, IN PLSAPR_UNICODE_STRING Names, IN PLSAPR_UNICODE_STRING PrefixNames, IN PLSAPR_UNICODE_STRING SuffixNames, IN PLSAPR_TRUST_INFORMATION BuiltInDomainTrustInformation, IN PLSAPR_TRUST_INFORMATION_EX AccountDomainTrustInformation, IN PLSAPR_TRUST_INFORMATION_EX PrimaryDomainTrustInformation, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount );
NTSTATUSLsapDbLookupIsolatedDomainName( IN ULONG NameIndex, IN PLSAPR_UNICODE_STRING IsolatedName, IN PLSAPR_TRUST_INFORMATION TrustInformation, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount );
NTSTATUSLsapDbLookupIsolatedDomainNameEx( IN ULONG NameIndex, IN PLSAPR_UNICODE_STRING IsolatedName, IN PLSAPR_TRUST_INFORMATION_EX TrustInformation, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount );
NTSTATUSLsapDbLookupNamesInLocalDomains( IN ULONG Count, IN PLSAPR_UNICODE_STRING Names, IN PLSAPR_UNICODE_STRING PrefixNames, IN PLSAPR_UNICODE_STRING SuffixNames, IN PLSAPR_TRUST_INFORMATION BuiltInDomainTrustInformation, IN PLSAPR_TRUST_INFORMATION_EX AccountDomainTrustInformation, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount, IN ULONG Options );
NTSTATUSLsapDbLookupNamesInLocalDomain( IN ULONG LocalDomain, IN ULONG Count, IN PLSAPR_UNICODE_STRING PrefixNames, IN PLSAPR_UNICODE_STRING SuffixNames, IN PLSAPR_TRUST_INFORMATION TrustInformation, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount );
NTSTATUSLsapDbLookupNamesInLocalDomainEx( IN ULONG LocalDomain, IN ULONG Count, IN PLSAPR_UNICODE_STRING PrefixNames, IN PLSAPR_UNICODE_STRING SuffixNames, IN PLSAPR_TRUST_INFORMATION_EX TrustInformationEx, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount );
NTSTATUSLsapDbLookupNamesInPrimaryDomain( IN ULONG LookupOptions, IN ULONG Count, IN PLSAPR_UNICODE_STRING Names, IN PLSAPR_UNICODE_STRING PrefixNames, IN PLSAPR_UNICODE_STRING SuffixNames, IN PLSAPR_TRUST_INFORMATION_EX TrustInformation, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, IN LSAP_LOOKUP_LEVEL LookupLevel, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount, OUT BOOLEAN *fDownlevelSecureChannel, OUT NTSTATUS *NonFatalStatus );
NTSTATUSLsapDbLookupNamesInTrustedDomains( IN ULONG LookupOptions, IN ULONG Count, IN BOOLEAN fIncludeIntraforest, IN PLSAPR_UNICODE_STRING Names, IN PLSAPR_UNICODE_STRING PrefixNames, IN PLSAPR_UNICODE_STRING SuffixNames, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, IN LSAP_LOOKUP_LEVEL LookupLevel, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount, OUT NTSTATUS *NonFatalStatus );
NTSTATUSLsapDbLookupNamesInGlobalCatalog( IN ULONG LookupOptions, IN ULONG Count, IN PLSAPR_UNICODE_STRING Names, IN PLSAPR_UNICODE_STRING PrefixNames, IN PLSAPR_UNICODE_STRING SuffixNames, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount, OUT NTSTATUS *NonFatalStatus );
NTSTATUSLsapDbLookupNamesInGlobalCatalogWks( IN ULONG LookupOptions, IN ULONG Count, IN PLSAPR_UNICODE_STRING Names, IN PLSAPR_UNICODE_STRING PrefixNames, IN PLSAPR_UNICODE_STRING SuffixNames, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount, OUT NTSTATUS *NonFatalStatus );
NTSTATUSLsapDbLookupTranslateNameDomain( IN PLSAPR_TRUST_INFORMATION TrustInformation, IN OPTIONAL PLSA_TRANSLATED_SID_EX2 TranslatedSid, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, OUT PLONG DomainIndex );
NTSTATUSLsapDbLookupTranslateUnknownNames( IN ULONG Count, IN PLSAPR_UNICODE_STRING Names, IN PLSAPR_UNICODE_STRING PrefixNames, IN PLSAPR_UNICODE_STRING SuffixNames, IN PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, IN ULONG MappedCount );
NTSTATUSLsapDbLookupTranslateUnknownNamesInDomain( IN ULONG Count, IN PLSAPR_UNICODE_STRING Names, IN PLSAPR_UNICODE_STRING PrefixNames, IN PLSAPR_UNICODE_STRING SuffixNames, IN PLSAPR_TRUST_INFORMATION_EX TrustInformationEx, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, IN LSAP_LOOKUP_LEVEL LookupLevel, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount );
NTSTATUSLsapDbLookupDispatchWorkerThreads( IN OUT PLSAP_DB_LOOKUP_WORK_LIST WorkList );
NTSTATUSLsapRtlValidateControllerTrustedDomain( IN PLSAPR_UNICODE_STRING DomainControllerName, IN PLSAPR_TRUST_INFORMATION TrustInformation, IN ACCESS_MASK DesiredAccess, IN LPWSTR ServerPrincipalName, IN PVOID ClientContext, OUT PLSA_HANDLE PolicyHandle );
NTSTATUSLsapDbLookupCreateListReferencedDomains( OUT PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains, IN ULONG InitialMaxEntries );
NTSTATUSLsapDbLookupAddListReferencedDomains( IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN PLSAPR_TRUST_INFORMATION TrustInformation, OUT PLONG DomainIndex );
BOOLEANLsapDbLookupListReferencedDomains( IN PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN PLSAPR_SID DomainSid, OUT PLONG DomainIndex );
NTSTATUSLsapDbLookupGrowListReferencedDomains( IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN ULONG MaximumEntries );
NTSTATUSLsapDbLookupMergeDisjointReferencedDomains( IN OPTIONAL PLSAPR_REFERENCED_DOMAIN_LIST FirstReferencedDomainList, IN OPTIONAL PLSAPR_REFERENCED_DOMAIN_LIST SecondReferencedDomainList, OUT PLSAPR_REFERENCED_DOMAIN_LIST *OutputReferencedDomainList, IN ULONG Options );
NTSTATUSLsapDbLookupInitialize( );
NTSTATUSLsapDbLookupInitializeWorkQueue( );
NTSTATUSLsapDbLookupInitializeWorkList( OUT PLSAP_DB_LOOKUP_WORK_LIST WorkList );
NTSTATUSLsapDbLookupInitializeWorkItem( OUT PLSAP_DB_LOOKUP_WORK_ITEM WorkItem );
NTSTATUSLsapDbLookupAcquireWorkQueueLock( );
VOID LsapDbLookupReleaseWorkQueueLock();
NTSTATUSLsapDbLookupLocalDomains( OUT PLSAPR_TRUST_INFORMATION BuiltInDomainTrustInformation, OUT PLSAPR_TRUST_INFORMATION_EX AccountDomainTrustInformation, OUT PLSAPR_TRUST_INFORMATION_EX PrimaryDomainTrustInformation );
NTSTATUSLsapDbLookupNamesBuildWorkList( IN ULONG LookupOptions, IN ULONG Count, IN BOOLEAN fIncludeIntraforest, IN PLSAPR_UNICODE_STRING Names, IN PLSAPR_UNICODE_STRING PrefixNames, IN PLSAPR_UNICODE_STRING SuffixNames, IN PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, IN LSAP_LOOKUP_LEVEL LookupLevel, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount, OUT PLSAP_DB_LOOKUP_WORK_LIST *WorkList );
NTSTATUSLsapDbLookupSidsBuildWorkList( IN ULONG Count, IN PLSAPR_SID *Sids, IN BOOLEAN fIncludeIntraforest, IN PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN PLSAPR_TRANSLATED_NAMES_EX TranslatedNames, IN LSAP_LOOKUP_LEVEL LookupLevel, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount, OUT PLSAP_DB_LOOKUP_WORK_LIST *WorkList );
NTSTATUSLsapDbLookupCreateWorkList( OUT PLSAP_DB_LOOKUP_WORK_LIST *WorkList );
NTSTATUSLsapDbLookupInsertWorkList( IN PLSAP_DB_LOOKUP_WORK_LIST WorkList );
NTSTATUSLsapDbLookupDeleteWorkList( IN PLSAP_DB_LOOKUP_WORK_LIST WorkList );
NTSTATUSLsapDbLookupSignalCompletionWorkList( IN OUT PLSAP_DB_LOOKUP_WORK_LIST WorkList );
NTSTATUSLsapDbLookupAwaitCompletionWorkList( IN OUT PLSAP_DB_LOOKUP_WORK_LIST WorkList );
NTSTATUSLsapDbAddWorkItemToWorkList( IN OUT PLSAP_DB_LOOKUP_WORK_LIST WorkList, IN PLSAP_DB_LOOKUP_WORK_ITEM WorkItem );
NTSTATUSLsapDbLookupStopProcessingWorkList( IN PLSAP_DB_LOOKUP_WORK_LIST WorkList, IN NTSTATUS TerminationStatus );
VOIDLsapDbUpdateMappedCountsWorkList( IN OUT PLSAP_DB_LOOKUP_WORK_LIST WorkList );
NTSTATUSLsapDbLookupNamesUpdateTranslatedSids( IN OUT PLSAP_DB_LOOKUP_WORK_LIST WorkList, IN OUT PLSAP_DB_LOOKUP_WORK_ITEM WorkItem, IN PLSAPR_TRANSLATED_SID_EX2 TranslatedSids, IN PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains );
NTSTATUSLsapDbLookupSidsUpdateTranslatedNames( IN OUT PLSAP_DB_LOOKUP_WORK_LIST WorkList, IN OUT PLSAP_DB_LOOKUP_WORK_ITEM WorkItem, IN PLSA_TRANSLATED_NAME_EX TranslatedNames, IN PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains );
VOIDLsapDbLookupWorkerThreadStart( );
VOIDLsapDbLookupWorkerThread( IN BOOLEAN PrimaryThread );
NTSTATUSLsapDbLookupObtainWorkItem( OUT PLSAP_DB_LOOKUP_WORK_LIST *WorkList, OUT PLSAP_DB_LOOKUP_WORK_ITEM *WorkItem );
NTSTATUSLsapDbLookupProcessWorkItem( IN OUT PLSAP_DB_LOOKUP_WORK_LIST WorkList, IN OUT PLSAP_DB_LOOKUP_WORK_ITEM WorkItem );
NTSTATUSLsapDbLookupCreateWorkItem( IN PLSAPR_TRUST_INFORMATION TrustInformation, IN LONG DomainIndex, IN ULONG MaximumEntryCount, OUT PLSAP_DB_LOOKUP_WORK_ITEM *WorkItem );
NTSTATUSLsapDbLookupAddIndicesToWorkItem( IN OUT PLSAP_DB_LOOKUP_WORK_ITEM WorkItem, IN ULONG Count, IN PULONG Indices );
NTSTATUSLsapDbLookupComputeAdvisoryChildThreadCount( IN OUT PLSAP_DB_LOOKUP_WORK_LIST WorkList );
NTSTATUSLsapDbLookupUpdateAssignableWorkItem( IN BOOLEAN MoveToNextWorkList );
NTSTATUSLsapRtlExtractDomainSid( IN PSID Sid, OUT PSID *DomainSid );
VOID LsapDbLookupReturnThreadToPool();
/*++
PSIDLsapDbWellKnownSid( IN LSAP_WELL_KNOWN_SID_INDEX WellKnownSidIndex )
Routine Description:
This macro function returns the Well Known Sid corresponding to an index into the Well Known Sid table.
Arguments:
WellKnownSidIndex - Index into the Well Known Sid information table. It is the caller's responsibility to ensure that the given index is valid.
Return Value:
--*/
#define LsapDbWellKnownSid( WellKnownSidIndex ) \
(WellKnownSids[ WellKnownSidIndex ].Sid)
PUNICODE_STRINGLsapDbWellKnownSidName( IN LSAP_WELL_KNOWN_SID_INDEX WellKnownSidIndex );
/*++
SID_NAME_USELsapDbWellKnownSidNameUse( IN LSAP_DB_WELL_KNOWN_SID_INDEX WellKnownSidIndex )
Routine Description:
This macro function returns the Sid Name Use of a Well Known Sid.
Arguments:
WellKnownSidIndex - Index into the Well Known Sid information table. It is the caller's responsibility to ensure that the given index is valid.
Return Value:
--*/
#define LsapDbWellKnownSidNameUse( WellKnownSidIndex ) \
(WellKnownSids[ WellKnownSidIndex ].Use)
VOIDLsapDbUpdateCountCompUnmappedNames( OUT PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, IN OUT PULONG CompletelyUnmappedCount );
/*++
PUNICODE_STRINGLsapDbWellKnownSidDescription( IN LSAP_WELL_KNOWN_SID_INDEX WellKnownSidIndex )
Routine Description:
This macro function returns the Unicode Description of a Well Known Sid.
Arguments:
WellKnownSidIndex - Index into the Well Known Sid information table. It is the caller's responsibility to ensure that the given index is valid.
Return Value:
--*/
#define LsapDbWellKnownSidDescription( WellKnownSidIndex ) \
(&(WellKnownSids[ WellKnownSidIndex ].DomainName))
PUNICODE_STRINGLsapDbWellKnownSidName( IN LSAP_WELL_KNOWN_SID_INDEX WellKnownSidIndex );
#define LsapDbAccessedBySidObject( ObjectTypeId ) \
(LsapDbState.DbObjectTypes[ ObjectTypeId ].AccessedBySid)
#define LsapDbAccessedByNameObject( ObjectTypeId ) \
(LsapDbState.DbObjectTypes[ ObjectTypeId ].AccessedByName)
#define LsapDbCompletelyUnmappedName(TranslatedName) \
(((TranslatedName)->DomainIndex == LSA_UNKNOWN_INDEX) && \ ((TranslatedName)->Use == SidTypeUnknown))
#define LsapDbCompletelyUnmappedSid(TranslatedSid) \
(((TranslatedSid)->DomainIndex == LSA_UNKNOWN_INDEX) && \ ((TranslatedSid)->Use == SidTypeUnknown))
NTSTATUSLsapGetDomainSidByNetbiosName( IN LPWSTR NetbiosName, OUT PSID *Sid );
NTSTATUSLsapGetDomainSidByDnsName( IN LPWSTR DnsName, OUT PSID *Sid );
NTSTATUSLsapGetDomainNameBySid( IN PSID Sid, OUT PUNICODE_STRING DomainName );
VOIDLsapConvertTrustToEx( IN OUT PLSAPR_TRUST_INFORMATION_EX TrustInformationEx, IN PLSAPR_TRUST_INFORMATION TrustInformation );
VOIDLsapConvertExTrustToOriginal( IN OUT PLSAPR_TRUST_INFORMATION TrustInformation, IN PLSAPR_TRUST_INFORMATION_EX TrustInformationEx );
NTSTATUSLsapDbOpenPolicyGc ( OUT HANDLE *LsaPolicyHandle );
BOOLEANLsapRevisionCanHandleNewErrorCodes( IN ULONG Revision );
BOOLEANLsapIsDsDomainByNetbiosName( WCHAR *NetbiosName );
BOOLEANLsapIsBuiltinDomain( IN PSID Sid );
BOOLEANLsapDbIsStatusConnectionFailure( NTSTATUS st );
NTSTATUSLsapDbLookupAccessCheck( IN LSAPR_HANDLE PolicyHandle );
NTSTATUSLsapDbLookupXForestNamesBuildWorkList( IN ULONG Count, IN PLSAPR_UNICODE_STRING Names, IN PLSAPR_UNICODE_STRING PrefixNames, IN PLSAPR_UNICODE_STRING SuffixNames, IN PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, IN LSAP_LOOKUP_LEVEL LookupLevel, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount, OUT PLSAP_DB_LOOKUP_WORK_LIST *WorkList );
NTSTATUSLsapDbLookupXForestSidsBuildWorkList( IN ULONG Count, IN PLSAPR_SID *Sids, IN PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN PLSAPR_TRANSLATED_NAMES_EX TranslatedNames, IN LSAP_LOOKUP_LEVEL LookupLevel, IN OUT PULONG MappedCount, IN OUT PULONG CompletelyUnmappedCount, OUT PLSAP_DB_LOOKUP_WORK_LIST *WorkList );
NTSTATUSLsaICLookupNamesWithCreds( IN LPWSTR ServerName, IN LPWSTR ServerPrincipalName, IN ULONG AuthnLevel, IN ULONG AuthnSvc, IN RPC_AUTH_IDENTITY_HANDLE AuthIdentity, IN ULONG AuthzSvc, IN ULONG Count, IN PUNICODE_STRING Names, OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains, OUT PLSA_TRANSLATED_SID_EX2 *Sids, IN LSAP_LOOKUP_LEVEL LookupLevel, IN OUT PULONG MappedCount );
NTSTATUSLsaICLookupSidsWithCreds( IN LPWSTR ServerName, IN LPWSTR ServerPrincipalName, IN ULONG AuthnLevel, IN ULONG AuthnSvc, IN RPC_AUTH_IDENTITY_HANDLE AuthIdentity, IN ULONG AuthzSvc, IN ULONG Count, IN PSID *Sids, OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains, OUT PLSA_TRANSLATED_NAME_EX *Names, IN LSAP_LOOKUP_LEVEL LookupLevel, IN OUT PULONG MappedCount );
NTSTATUSLsapDbLookupNameChainRequest( IN LSAPR_TRUST_INFORMATION_EX *TrustInfo, IN ULONG Count, IN PUNICODE_STRING Names, OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains, OUT PLSA_TRANSLATED_SID_EX2 *Sids, IN LSAP_LOOKUP_LEVEL LookupLevel, OUT PULONG MappedCount, OUT PULONG ServerRevision OPTIONAL );
NTSTATUSLsaDbLookupSidChainRequest( IN LSAPR_TRUST_INFORMATION_EX *TrustInfo, IN ULONG Count, IN PSID *Sids, OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains, OUT PLSA_TRANSLATED_NAME_EX *Names, IN LSAP_LOOKUP_LEVEL LookupLevel, IN OUT PULONG MappedCount, OUT PULONG ServerRevision OPTIONAL );
LPWSTRLsapDbLookupGetLevel( IN LSAP_LOOKUP_LEVEL LookupLevel );
#define LsapDbLookupReportEvent0(a, b, c, d, e) \
if (a <= LsapLookupLogLevel) {SpmpReportEvent( TRUE, b, c, 0, d, e, 0);}
#define LsapDbLookupReportEvent1(a, b, c, d, e, f) \
if (a <= LsapLookupLogLevel) {SpmpReportEvent( TRUE, b, c, 0, d, e, 1, f);}
#define LsapDbLookupReportEvent2(a, b, c, d, e, f, g) \
if (a <= LsapLookupLogLevel) {SpmpReportEvent( TRUE, b, c, 0, d, e, 2, f, g);}
#define LsapDbLookupReportEvent3(a, b, c, d, e, f, g, h) \
if (a <= LsapLookupLogLevel) {SpmpReportEvent( TRUE, b, c, 0, d, e, 3, f, g, h);}
NTSTATUSLsapLookupReallocateTranslations( IN OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains, IN ULONG Count, IN OUT PLSA_TRANSLATED_NAME_EX *Names, OPTIONAL IN OUT PLSA_TRANSLATED_SID_EX2 *Sids OPTIONAL );
//
// BOOLEAN
// LsapOutboundTrustedDomain(
// PLSAP_DB_TRUSTED_DOMAIN_LIST_ENTRY x
// );
//
// This routine returns TRUE if x is a trust to a domain
//
#define LsapOutboundTrustedDomain(x) \
( ((x)->TrustInfoEx.TrustType == TRUST_TYPE_UPLEVEL \ || (x)->TrustInfoEx.TrustType == TRUST_TYPE_DOWNLEVEL ) \ && ((x)->TrustInfoEx.Sid != NULL) \ && ((x)->TrustInfoEx.TrustDirection & TRUST_DIRECTION_OUTBOUND) \ && (((x)->TrustInfoEx.TrustAttributes & TRUST_ATTRIBUTE_FOREST_TRANSITIVE) \ == 0))
//
// BOOLEAN
// LsapOutboundTrustedForest(
// PLSAP_DB_TRUSTED_DOMAIN_LIST_ENTRY x
// );
//
// This routine returns TRUE if x is a trust to a forest
//
#define LsapOutboundTrustedForest(x) \
( ((x)->TrustInfoEx.TrustType == TRUST_TYPE_UPLEVEL) \ && ((x)->TrustInfoEx.Sid != NULL) \ && ((x)->TrustInfoEx.TrustDirection & TRUST_DIRECTION_OUTBOUND) \ && ((x)->TrustInfoEx.TrustAttributes & TRUST_ATTRIBUTE_FOREST_TRANSITIVE)) \
//
// Return values from LsapGetDomainLookupScope
//
//
// Scope is domains that we directly trust
//
#define LSAP_LOOKUP_TRUSTED_DOMAIN_DIRECT 0x00000001
//
// Scope is domains that we transitively trust
//
#define LSAP_LOOKUP_TRUSTED_DOMAIN_TRANSITIVE 0x00000002
//
// Scope is domains that we trust via forest trust
//
#define LSAP_LOOKUP_TRUSTED_FOREST 0x00000004
//
// Scope includes to lookup trusted forest domains locally
//
#define LSAP_LOOKUP_TRUSTED_FOREST_ROOT 0x00000008
//
// Allow lookups of DNS names
//
#define LSAP_LOOKUP_DNS_SUPPORT 0x00000010
ULONGLsapGetDomainLookupScope( IN LSAP_LOOKUP_LEVEL LookupLevel, IN ULONG ClientRevision );
//
// Useful combinations
//
#define LSAP_LOOKUP_RESOLVE_ISOLATED_DOMAINS \
(LSAP_LOOKUP_TRUSTED_DOMAIN_DIRECT | \ LSAP_LOOKUP_TRUSTED_DOMAIN_TRANSITIVE | \ LSAP_LOOKUP_TRUSTED_FOREST_ROOT)
NTSTATUSLsapDbLookupNamesAsDomainNames( IN ULONG Flags, IN ULONG Count, IN PLSAPR_UNICODE_STRING Names, IN PLSAPR_UNICODE_STRING PrefixNames, IN PLSAPR_UNICODE_STRING SuffixNames, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, IN OUT PULONG MappedCount );
NTSTATUSLsapDbLookupSidsAsDomainSids( IN ULONG Flags, IN ULONG Count, IN PLSAPR_SID *Sids, IN OUT PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, IN OUT PLSAPR_TRANSLATED_NAMES_EX TranslatedNames, IN OUT PULONG MappedCount );
|
