archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/base/lsa/server/db.h

1383 lines
34 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++ BUILD Version: 0001 // Increment this if a change has global effects
  3. Copyright (c) 1991 Microsoft Corporation
  5. Module Name:
  7. db.h
  9. Abstract:
  11. LSA Database Exported Function Definitions, Datatypes and Defines
  13. This module contains the LSA Database Routines that may be called
  14. by parts of the LSA outside the Database sub-component.
  16. Author:
  18. Scott Birrell (ScottBi) August 26, 1991
  20. Environment:
  22. Revision History:
  24. --*/
  26. #ifndef _LSA_DB_
  27. #define _LSA_DB_
  29. //
  30. // Maximum Number of attributes in the various object types
  31. //
  33. #define LSAP_DB_ATTRS_POLICY ((ULONG) 0x00000010L)
  34. #define LSAP_DB_ATTRS_ACCOUNT ((ULONG) 0x00000010L)
  35. #define LSAP_DB_ATTRS_DOMAIN ((ULONG) 0x00000012L)
  36. #define LSAP_DB_ATTRS_SECRET ((ULONG) 0x00000010L)
  38. //
  39. // Constants for matching options on Sid/Name lookup operations
  40. //
  42. #define LSAP_DB_MATCH_ON_SID ((ULONG) 0x00000001L)
  43. #define LSAP_DB_MATCH_ON_NAME ((ULONG) 0x00000002L)
  45. //
  46. // Options for LsapDbLookupSidsInLocalDomains()
  47. //
  49. #define LSAP_DB_SEARCH_BUILT_IN_DOMAIN ((ULONG) 0x00000001L)
  50. #define LSAP_DB_SEARCH_ACCOUNT_DOMAIN ((ULONG) 0x00000002L)
  52. //
  53. // Options for LsapDbMergeDisjointReferencedDomains
  54. //
  56. #define LSAP_DB_USE_FIRST_MERGAND_GRAPH ((ULONG) 0x00000001L)
  57. #define LSAP_DB_USE_SECOND_MERGAND_GRAPH ((ULONG) 0x00000002L)
  59. //
  60. // Option for updating Policy Database
  61. //
  63. #define LSAP_DB_UPDATE_POLICY_DATABASE ((ULONG) 0x00000001L)
  64. //
  65. // Option for updating Policy Database
  66. //
  68. #define LSAP_DB_UPDATE_POLICY_DATABASE ((ULONG) 0x00000001L)
  69. //
  70. // Maximum number of attributes corresponding to a Policy Object
  71. // Information Class
  72. //
  74. #define LSAP_DB_ATTRS_INFO_CLASS_POLICY ((ULONG) 0x00000007L)
  76. //
  77. // Maximum number of attributes corresponding to a Trusted Domain Object
  78. // Information Class
  79. //
  81. #define LSAP_DB_ATTRS_INFO_CLASS_DOMAIN ((ULONG) 0x00000010L)
  83. //
  84. // Global variables
  85. //
  87. extern BOOLEAN LsapDbRequiresSidInfo[];
  88. extern BOOLEAN LsapDbRequiresNameInfo[];
  89. extern LSAPR_HANDLE LsapDbHandle;
  90. extern BOOLEAN LsapSetupWasRun;
  91. extern BOOLEAN LsapDatabaseSetupPerformed;
  92. extern NT_PRODUCT_TYPE LsapProductType;
  93. extern WORD LsapProductSuiteMask;
  94. extern BOOLEAN LsapDsIsRunning;
  95. extern BOOLEAN LsapDsWReplEnabled;
  98. //
  99. // Table of accesses required to query Policy Information. This table
  100. // is indexed by Policy Information Class
  101. //
  103. extern ACCESS_MASK LsapDbRequiredAccessQueryPolicy[];
  104. extern ACCESS_MASK LsapDbRequiredAccessQueryDomainPolicy[];
  106. //
  107. // Table of accesses required to set Policy Information. This table
  108. // is indexed by Policy Information Class
  109. //
  111. extern ACCESS_MASK LsapDbRequiredAccessSetPolicy[];
  112. extern ACCESS_MASK LsapDbRequiredAccessSetDomainPolicy[];
  114. //
  115. // Table of accesses required to query TrustedDomain Information. This table
  116. // is indexed by TrustedDomain Information Class
  117. //
  119. extern ACCESS_MASK LsapDbRequiredAccessQueryTrustedDomain[];
  121. //
  122. // Table of accesses required to set TrustedDomain Information. This table
  123. // is indexed by TrustedDomain Information Class
  124. //
  126. extern ACCESS_MASK LsapDbRequiredAccessSetTrustedDomain[];
  128. //
  129. // Maximum Handle Reference Count
  130. //
  132. #define LSAP_DB_MAXIMUM_REFERENCE_COUNT ((ULONG) 0x00001000L)
  134. //
  135. // Maximum handles per user logon id
  136. // This was determined by taking the "interesting" access bits and generating possible
  137. // permutations and using that. The interesting bits were determined to be:
  138. // POLICY_VIEW_LOCAL_INFORMATION
  139. // POLICY_VIEW_AUDIT_INFORMATION
  140. // POLICY_TRUST_ADMIN
  141. // POLICY_CREATE_ACCOUNT
  142. // POLICY_CREATE_SECRET
  143. // POLICY_LOOKUP_NAMES
  144. // The possible combinations add up to 720 entries
  145. #define LSAP_DB_MAXIMUM_HANDLES_PER_USER 0x000002D0
  147. //
  148. // Default Computer Name used for Policy Account Domain Info
  149. //
  151. #define LSAP_DB_DEFAULT_COMPUTER_NAME (L"MACHINENAME")
  153. //
  154. // Options for the LsaDbReferenceObject and LsaDbDereferenceObject
  155. //
  157. #define LSAP_DB_LOCK ((ULONG) 0x00000001L)
  158. #define LSAP_DB_NO_LOCK ((ULONG) 0x00000004L)
  159. #define LSAP_DB_START_TRANSACTION ((ULONG) 0x00000008L)
  160. #define LSAP_DB_FINISH_TRANSACTION ((ULONG) 0x00000010L)
  161. #define LSAP_DB_VALIDATE_HANDLE ((ULONG) 0x00000020L)
  162. #define LSAP_DB_TRUSTED ((ULONG) 0x00000040L)
  163. #define LSAP_DB_STANDALONE_REFERENCE ((ULONG) 0x00000080L)
  164. #define LSAP_DB_DEREFERENCE_CONTR ((ULONG) 0x00000100L)
  165. #define LSAP_DB_LOG_QUEUE_LOCK ((ULONG) 0x00001000L)
  166. #define LSAP_DB_OMIT_REPLICATOR_NOTIFICATION ((ULONG) 0x00004000L)
  167. #define LSAP_DB_USE_LPC_IMPERSONATE ((ULONG) 0x00008000L)
  168. #define LSAP_DB_ADMIT_DELETED_OBJECT_HANDLES ((ULONG) 0x00010000L)
  169. #define LSAP_DB_DS_NO_PARENT_OBJECT ((ULONG) 0x00080000L)
  170. #define LSAP_DB_OBJECT_SCOPE_DS ((ULONG) 0x00100000L)
  171. #define LSAP_DB_DS_TRUSTED_DOMAIN_AS_SECRET ((ULONG) 0x00400000L)
  172. #define LSAP_DB_READ_ONLY_TRANSACTION ((ULONG) 0x01000000L)
  173. #define LSAP_DB_DS_OP_TRANSACTION ((ULONG) 0x02000000L)
  174. #define LSAP_DB_NO_DS_OP_TRANSACTION ((ULONG) 0x04000000L)
  175. #define LSAP_DB_HANDLE_UPGRADE ((ULONG) 0x10000000L)
  176. #define LSAP_DB_HANDLE_CREATED_SECRET ((ULONG) 0x20000000L)
  177. #define LSAP_DB_SCE_POLICY_HANDLE ((ULONG) 0x40000000L)
  179. #define LSAP_DB_STATE_MASK \
  180. (LSAP_DB_LOCK | LSAP_DB_NO_LOCK | \
  181. LSAP_DB_START_TRANSACTION | LSAP_DB_FINISH_TRANSACTION | \
  182. LSAP_DB_LOG_QUEUE_LOCK | \
  183. LSAP_DB_READ_ONLY_TRANSACTION | LSAP_DB_DS_OP_TRANSACTION | \
  184. LSAP_DB_NO_DS_OP_TRANSACTION)
  187. //
  188. // Configuration Registry Root Key for Lsa Database. All Physical Object
  189. // and Attribute Names are relative to this Key.
  190. //
  192. #define LSAP_DB_ROOT_REG_KEY_NAME L"\\Registry\\Machine\\Security"
  194. //
  195. // LSA Database Object Defines
  196. //
  198. #define LSAP_DB_OBJECT_OPEN FILE_OPEN
  199. #define LSAP_DB_OBJECT_OPEN_IF FILE_OPEN_IF
  200. #define LSAP_DB_OBJECT_CREATE FILE_CREATE
  201. #define LSAP_DB_KEY_VALUE_MAX_LENGTH (0x00000040L)
  202. #define LSAP_DB_LOGICAL_NAME_MAX_LENGTH (0x00000100L)
  203. #define LSAP_DB_CREATE_OBJECT_IN_DS (0x00000200L)
  205. #define LSAP_DB_CREATE_VALID_EXTENDED_FLAGS 0x00000600
  207. //
  208. // LSA Database Object SubKey Defines
  209. //
  211. #define LSAP_DB_SUBKEY_OPEN FILE_OPEN
  212. #define LSAP_DB_SUBKEY_OPEN_IF FILE_OPEN_IF
  213. #define LSAP_DB_SUBKEY_CREATE FILE_CREATE
  216. //
  217. // Growth Delta for Referenced Domain Lists
  218. //
  220. #define LSAP_DB_REF_DOMAIN_DELTA ((ULONG) 0x00000020L )
  222. //
  223. // Object options values for the object handles
  224. //
  225. #define LSAP_DB_OBJECT_SECRET_INTERNAL 0x00000001 // M$
  226. #define LSAP_DB_OBJECT_SECRET_LOCAL 0x00000002 // L$
  229. //
  230. // The following data type is used in name and SID lookup services to
  231. // describe the domains referenced in the lookup operation.
  232. //
  233. // WARNING! This is an internal version of LSA_REFERENCED_DOMAIN_LIST
  234. // in ntlsa.h. It has an additional field, MaxEntries.
  235. //
  237. typedef struct _LSAP_DB_REFERENCED_DOMAIN_LIST {
  239. ULONG Entries;
  240. PLSA_TRUST_INFORMATION Domains;
  241. ULONG MaxEntries;
  243. } LSAP_DB_REFERENCED_DOMAIN_LIST, *PLSAP_DB_REFERENCED_DOMAIN_LIST;
  245. // where members have the following usage:
  246. //
  247. // Entries - Is a count of the number of domains described in the
  248. // Domains array.
  249. //
  250. // Domains - Is a pointer to an array of Entries LSA_TRUST_INFORMATION data
  251. // structures.
  252. //
  253. // MaxEntries - Is the maximum number of entries that can be stored
  254. // in the current array
  257. /////////////////////////////////////////////////////////////////////////////
  258. //
  259. // LSA Database Object Types
  260. //
  261. /////////////////////////////////////////////////////////////////////////////
  263. //
  264. // Lsa Database Object Type
  265. //
  267. typedef enum _LSAP_DB_OBJECT_TYPE_ID {
  269. NullObject = 0,
  270. PolicyObject,
  271. TrustedDomainObject,
  272. AccountObject,
  273. SecretObject,
  274. AllObject,
  275. NewTrustedDomainObject,
  276. DummyLastObject
  278. } LSAP_DB_OBJECT_TYPE_ID, *PLSAP_DB_OBJECT_TYPE_ID;
  280. //
  281. // LSA Database Object Handle structure (Internal definition of LSAPR_HANDLE)
  282. //
  283. // Note that the Handle structure is public to clients of the Lsa Database
  284. // exported functions, e.g server API workers) so that they can get at things
  285. // like GrantedAccess.
  286. //
  287. // Access to all fields serialized by LsapDbHandleTableEx.TableLock
  288. //
  290. typedef struct _LSAP_DB_HANDLE {
  292. struct _LSAP_DB_HANDLE *Next;
  293. struct _LSAP_DB_HANDLE *Previous;
  294. LIST_ENTRY UserHandleList;
  295. BOOLEAN Allocated;
  296. BOOLEAN SceHandle; // Sce Open Policy handle (opened with LsaOpenPolicySce)
  297. BOOLEAN SceHandleChild; // Child handle of an Sce Open Policy Handle
  298. ULONG ReferenceCount;
  299. UNICODE_STRING LogicalNameU;
  300. UNICODE_STRING PhysicalNameU;
  301. PSID Sid;
  302. HANDLE KeyHandle;
  303. LSAP_DB_OBJECT_TYPE_ID ObjectTypeId;
  304. struct _LSAP_DB_HANDLE *ContainerHandle;
  305. ACCESS_MASK DesiredAccess;
  306. ACCESS_MASK GrantedAccess;
  307. ACCESS_MASK RequestedAccess;
  308. BOOLEAN GenerateOnClose;
  309. BOOLEAN Trusted;
  310. BOOLEAN DeletedObject;
  311. BOOLEAN NetworkClient;
  312. ULONG Options;
  313. // New for the Ds
  314. UNICODE_STRING PhysicalNameDs;
  315. BOOLEAN fWriteDs;
  316. ULONG ObjectOptions;
  317. PVOID UserEntry;
  318. #if DBG == 1
  319. LARGE_INTEGER HandleCreateTime;
  320. LARGE_INTEGER HandleLastAccessTime;
  321. #endif
  323. } *LSAP_DB_HANDLE, **PLSAP_DB_HANDLE;
  325. //
  326. // LSA Database Object Sid Enumeration Buffer
  327. //
  329. typedef struct _LSAP_DB_SID_ENUMERATION_BUFFER {
  331. ULONG EntriesRead;
  332. PSID *Sids;
  334. } LSAP_DB_SID_ENUMERATION_BUFFER, *PLSAP_DB_SID_ENUMERATION_BUFFER;
  336. //
  337. // LSA Database Object Name Enumeration Buffer
  338. //
  340. typedef struct _LSAP_DB_NAME_ENUMERATION_BUFFER {
  342. ULONG EntriesRead;
  343. PUNICODE_STRING Names;
  345. } LSAP_DB_NAME_ENUMERATION_BUFFER, *PLSAP_DB_NAME_ENUMERATION_BUFFER;
  347. #define LSAP_DB_OBJECT_TYPE_COUNT 0x00000005L
  349. //
  350. // Default System Access assigned to Account objects
  351. //
  353. #define LSAP_DB_ACCOUNT_DEFAULT_SYS_ACCESS ((ULONG) 0L);
  355. //
  356. // LSA Database Account Object Information
  357. //
  359. typedef struct _LSAP_DB_ACCOUNT_INFORMATION {
  361. QUOTA_LIMITS QuotaLimits;
  362. PRIVILEGE_SET Privileges;
  364. } LSAP_DB_ACCOUNT_INFORMATION, *PLSAP_DB_ACCOUNT_INFORMATION;
  366. //
  367. // LSA Database Change Account Privilege Mode
  368. //
  370. typedef enum _LSAP_DB_CHANGE_PRIVILEGE_MODE {
  371. AddPrivileges = 1,
  372. RemovePrivileges,
  373. SetPrivileges
  375. } LSAP_DB_CHANGE_PRIVILEGE_MODE;
  377. //
  378. // Self-Relative Unicode String Structure.
  379. //
  380. //
  381. // UNICODE_STRING_SR is used to store self-relative unicode strings in
  382. // the database. Prior to Sundown, the UNICODE_STRING structure was used,
  383. // overloading the "Buffer" field with a byte offset.
  384. //
  386. typedef struct _UNICODE_STRING_SR {
  387. USHORT Length;
  388. USHORT MaximumLength;
  389. ULONG Offset;
  391. } UNICODE_STRING_SR, *PUNICODE_STRING_SR;
  393. typedef struct _LSAP_DB_MULTI_UNICODE_STRING {
  395. ULONG Entries;
  396. UNICODE_STRING_SR UnicodeStrings[1];
  398. } LSAP_DB_MULTI_UNICODE_STRING, *PLSAP_DB_MULTI_UNICODE_STRING;
  400. //
  401. // LSA Database Object SubKey names in Unicode Form
  402. //
  404. typedef enum _LSAP_DB_NAMES {
  406. SecDesc = 0,
  407. Privilgs,
  408. Sid,
  409. Name,
  410. AdminMod,
  411. OperMode,
  412. QuotaLim,
  413. DefQuota,
  414. QuAbsMin,
  415. QuAbsMax,
  416. AdtLog,
  417. AdtEvent,
  418. PrDomain,
  419. EnPasswd,
  420. Policy,
  421. Accounts,
  422. Domains,
  423. Secrets,
  424. CurrVal,
  425. OldVal,
  426. CupdTime,
  427. OupdTime,
  428. WkstaMgr,
  429. PolAdtLg,
  430. PolAdtEv,
  431. PolAcDmN,
  432. PolAcDmS,
  433. PolDnDDN,
  434. PolDnTrN,
  435. PolDnDmG,
  436. PolEfDat,
  437. PolPrDmN,
  438. PolPrDmS,
  439. PolPdAcN,
  440. PolRepSc,
  441. PolRepAc,
  442. PolRevision,
  443. PolDefQu,
  444. PolMod,
  445. PolAdtFL,
  446. PolState,
  447. PolNxPxF,
  448. ActSysAc,
  449. TrDmName,
  450. TrDmTrPN, // Netbios name of trust partner
  451. TrDmSid,
  452. TrDmAcN,
  453. TrDmCtN,
  454. TrDmPxOf,
  455. TrDmCtEn,
  456. TrDmTrTy, // Type of trust
  457. TrDmTrDi, // Trust direction
  458. TrDmTrLA, // Trust attributes
  459. TrDmTrPr, // Trust partner
  460. TrDmTrRt, // Trust root partner
  461. TrDmSAI, // Auth inbound
  462. TrDmSAO, // Auth outbound
  463. TrDmForT, // Forest trust info
  464. AcMaPCF, // Machine account password change frequency
  465. PolIPSec, // IPSec object reference
  466. PolDIPSec, // Domain wide IPSec object reference
  467. PolLoc, // Policy location,
  468. PolPubK, // Public key policy
  469. KerOpts, // Kerberos authentication options
  470. KerMinT, // Kerberos Minimum ticket age
  471. KerMaxT, // Kerberos maximum ticket age
  472. KerMaxR, // Kerberos maximum renewal age
  473. KerProxy, // Kerberos proxy lifetime
  474. KerLogoff, // Kerberos force logoff duration
  475. DmLDur, // Lockout duration
  476. DmLObWin, // Lockout observation window
  477. DmLThrs, // Lockout threshold
  478. DmPMinL, // Minimum password length
  479. DmPHisL, // Password history length
  480. DmPProp, // Password properties
  481. DmPMinA, // Minimum password age
  482. DmPMaxA, // Maximum password age
  483. BhvrVers, // Behavior-Version
  484. AuditLog,
  485. AuditLogMaxSize,
  486. AuditRecordRetentionPeriod, // Entries beyond this point don't correspond to real policy
  487. // entries, but are pseudo entries only
  488. PseudoSystemCritical,
  489. PolSecretEncryptionKey,
  490. XRefDnsRoot, // DNS name of cross-ref object
  491. XRefNetbiosName, // NETBIOS name of cross-ref object
  492. DummyLastName
  494. } LSAP_DB_NAMES;
  496. typedef struct _LSAP_DB_ACCOUNT_TYPE_SPECIFIC_INFO {
  498. ULONG SystemAccess;
  499. QUOTA_LIMITS QuotaLimits;
  500. PPRIVILEGE_SET PrivilegeSet;
  502. } LSAP_DB_ACCOUNT_TYPE_SPECIFIC_INFO, *PLSAP_DB_ACCOUNT_TYPE_SPECIFIC_INFO;
  504. #ifdef __cplusplus
  505. extern "C" {
  506. #endif // __cplusplus
  508. extern UNICODE_STRING LsapDbNames[DummyLastName];
  509. extern UNICODE_STRING LsapDbObjectTypeNames[DummyLastObject];
  511. //
  512. // LSA Database Object Type-specific attribute names and values. If
  513. // supplied on a call to LsapDbCreateObject, they will be stored with
  514. // the object.
  515. //
  517. typedef enum _LSAP_DB_ATTRIB_TYPE {
  519. LsapDbAttribUnknown = 0,
  520. LsapDbAttribUnicode,
  521. LsapDbAttribMultiUnicode,
  522. LsapDbAttribSid,
  523. LsapDbAttribGuid,
  524. LsapDbAttribULong,
  525. LsapDbAttribUShortAsULong,
  526. LsapDbAttribSecDesc,
  527. LsapDbAttribDsName,
  528. LsapDbAttribPByte,
  529. LsapDbAttribTime,
  530. LsapDbAttribDsNameAsUnicode,
  531. LsapDbAttribDsNameAsSid,
  532. LsapDbAttribIntervalAsULong
  534. } LSAP_DB_ATTRIB_TYPE, *PLSAP_DB_ATTRIB_TYPE;
  537. typedef struct _LSAP_DB_ATTRIBUTE {
  539. PUNICODE_STRING AttributeName;
  540. PVOID AttributeValue;
  541. ULONG AttributeValueLength;
  542. BOOLEAN MemoryAllocated;
  543. BOOLEAN CanDefaultToZero;
  544. BOOLEAN PseudoAttribute;
  545. ULONG DsAttId;
  546. LSAP_DB_ATTRIB_TYPE AttribType;
  547. LSAP_DB_NAMES DbNameIndex;
  549. } LSAP_DB_ATTRIBUTE, *PLSAP_DB_ATTRIBUTE;
  551. typedef enum _LSAP_DB_DS_LOCATION {
  553. LsapDsLocUnknown = 0,
  554. LsapDsLocRegistry,
  555. LsapDsLocDs,
  556. LsapDsLocDsLocalPolObj,
  557. LsapDsLocDsDomainPolObj,
  558. LsapDsLocLocalAndReg
  559. } LSAP_DB_DS_LOCATION, *PLSAP_DB_DS_LOCATION;
  561. typedef struct _LSAP_DB_DS_INFO {
  563. ULONG AttributeId;
  564. LSAP_DB_ATTRIB_TYPE AttributeType;
  565. LSAP_DB_DS_LOCATION AttributeLocation;
  567. } LSAP_DB_DS_INFO, *PLSAP_DB_DS_INFO;
  569. //
  570. // LSA Database Object General Information.
  571. //
  573. typedef struct _LSAP_DB_OBJECT_INFORMATION {
  575. LSAP_DB_OBJECT_TYPE_ID ObjectTypeId;
  576. LSAP_DB_OBJECT_TYPE_ID ContainerTypeId;
  577. OBJECT_ATTRIBUTES ObjectAttributes;
  578. PLSAP_DB_ATTRIBUTE TypeSpecificAttributes;
  579. PSID Sid;
  580. BOOLEAN ObjectAttributeNameOnly;
  581. ULONG DesiredObjectAccess;
  583. } LSAP_DB_OBJECT_INFORMATION, *PLSAP_DB_OBJECT_INFORMATION;
  585. //
  586. // New for the Ds integration
  587. //
  588. extern PLSAP_DB_DS_INFO LsapDbDsAttInfo;
  590. //
  591. // Installed, absolute minimum and absolute maximum Quota Limits.
  592. //
  594. extern QUOTA_LIMITS LsapDbInstalledQuotaLimits;
  595. extern QUOTA_LIMITS LsapDbAbsMinQuotaLimits;
  596. extern QUOTA_LIMITS LsapDbAbsMaxQuotaLimits;
  598. //
  599. // Required Ds data types
  600. //
  601. //
  602. // This is the state of the machine with respect to the Ds. It will control
  603. // some of the basic functionality of the Lsa APIs by determing who can write
  604. // what where, etc...
  605. //
  606. typedef enum _LSADS_INIT_STATE {
  608. LsapDsUnknown = 0,
  609. LsapDsNoDs,
  610. LsapDsDs,
  611. LsapDsDsMaintenance,
  612. LsapDsDsSetup
  614. } LSADS_INIT_STATE, *PLSADS_INIT_STATE;
  617. //
  618. // LSA Database Exported Function Prototypes
  619. //
  620. // NOTE: These are callable only from the LSA
  621. //
  623. BOOLEAN
  624. LsapDbIsServerInitialized(
  625. );
  627. NTSTATUS
  628. LsapDbOpenPolicy(
  629. IN PLSAPR_SERVER_NAME SystemName OPTIONAL,
  630. IN OPTIONAL PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes,
  631. IN ACCESS_MASK DesiredAccess,
  632. IN ULONG Options,
  633. OUT PLSAPR_HANDLE PolicyHandle,
  634. IN BOOLEAN TrustedClient
  635. );
  637. NTSTATUS
  638. LsapDbOpenTrustedDomain(
  639. IN LSAPR_HANDLE PolicyHandle,
  640. IN PSID TrustedDomainSid,
  641. IN ACCESS_MASK DesiredAccess,
  642. OUT PLSAPR_HANDLE TrustedDomainHandle,
  643. IN ULONG Options
  644. );
  646. NTSTATUS
  647. LsapDbOpenTrustedDomainByName(
  648. IN LSAPR_HANDLE PolicyHandle OPTIONAL,
  649. IN PUNICODE_STRING TrustedDomainName,
  650. OUT PLSAPR_HANDLE TrustedDomainHandle,
  651. IN ULONG AccessMask,
  652. IN ULONG Options,
  653. IN BOOLEAN Trusted
  654. );
  656. NTSTATUS
  657. LsapDbOpenObject(
  658. IN PLSAP_DB_OBJECT_INFORMATION ObjectInformation,
  659. IN ACCESS_MASK DesiredAccess,
  660. IN ULONG Options,
  661. OUT PLSAPR_HANDLE LsaHandle
  662. );
  664. NTSTATUS
  665. LsapDbCreateObject(
  666. IN PLSAP_DB_OBJECT_INFORMATION ObjectInformation,
  667. IN ACCESS_MASK DesiredAccess,
  668. IN ULONG CreateDisposition,
  669. IN ULONG Options,
  670. IN OPTIONAL PLSAP_DB_ATTRIBUTE TypeSpecificAttributes,
  671. IN ULONG TypeSpecificAttributeCount,
  672. OUT PLSAPR_HANDLE LsaHandle
  673. );
  675. NTSTATUS
  676. LsapCloseHandle(
  677. IN OUT LSAPR_HANDLE *ObjectHandle,
  678. IN NTSTATUS PreliminaryStatus
  679. );
  681. NTSTATUS
  682. LsapDbCloseObject(
  683. IN PLSAPR_HANDLE ObjectHandle,
  684. IN ULONG Options,
  685. IN NTSTATUS PreliminaryStatus
  686. );
  688. NTSTATUS
  689. LsapDbDeleteObject(
  690. IN LSAPR_HANDLE ObjectHandle
  691. );
  693. NTSTATUS
  694. LsapDbReferenceObject(
  695. IN LSAPR_HANDLE ObjectHandle,
  696. IN ACCESS_MASK DesiredAccess,
  697. IN LSAP_DB_OBJECT_TYPE_ID HandleTypeId,
  698. IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
  699. IN ULONG Options
  700. );
  702. NTSTATUS
  703. LsapDbDereferenceObject(
  704. IN OUT PLSAPR_HANDLE ObjectHandle,
  705. IN LSAP_DB_OBJECT_TYPE_ID HandleTypeId,
  706. IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
  707. IN ULONG Options,
  708. IN SECURITY_DB_DELTA_TYPE SecurityDbDeltaType,
  709. IN NTSTATUS PreliminaryStatus
  710. );
  712. NTSTATUS
  713. LsapDbReadAttributeObject(
  714. IN LSAPR_HANDLE ObjectHandle,
  715. IN PUNICODE_STRING AttributeNameU,
  716. IN OPTIONAL PVOID AttributeValue,
  717. IN OUT PULONG AttributeValueLength
  718. );
  720. NTSTATUS
  721. LsapDbReadAttributeObjectEx(
  722. IN LSAPR_HANDLE ObjectHandle,
  723. IN LSAP_DB_NAMES AttributeIndex,
  724. IN OPTIONAL PVOID AttributeValue,
  725. IN OUT PULONG AttributeValueLength,
  726. IN BOOLEAN CanDefaultToZero
  727. );
  729. NTSTATUS
  730. LsapDbWriteAttributeObject(
  731. IN LSAPR_HANDLE ObjectHandle,
  732. IN PUNICODE_STRING AttributeNameU,
  733. IN PVOID AttributeValue,
  734. IN ULONG AttributeValueLength
  735. );
  737. NTSTATUS
  738. LsapDbWriteAttributeObjectEx(
  739. IN LSAPR_HANDLE ObjectHandle,
  740. IN LSAP_DB_NAMES AttributeIndex,
  741. IN PVOID AttributeValue,
  742. IN ULONG AttributeValueLength
  743. );
  745. NTSTATUS
  746. LsapDbWriteAttributesObject(
  747. IN LSAPR_HANDLE ObjectHandle,
  748. IN PLSAP_DB_ATTRIBUTE Attributes,
  749. IN ULONG AttributeCount
  750. );
  752. NTSTATUS
  753. LsapDbReadAttributesObject(
  754. IN LSAPR_HANDLE ObjectHandle,
  755. IN ULONG Options,
  756. IN OUT PLSAP_DB_ATTRIBUTE Attributes,
  757. IN ULONG AttributeCount
  758. );
  760. NTSTATUS
  761. LsapDbDeleteAttributeObject(
  762. IN LSAPR_HANDLE ObjectHandle,
  763. IN PUNICODE_STRING AttributeNameU,
  764. IN BOOLEAN DeleteSecurely
  765. );
  767. NTSTATUS
  768. LsapDbDeleteAttributesObject(
  769. IN LSAPR_HANDLE ObjectHandle,
  770. IN PLSAP_DB_ATTRIBUTE Attributes,
  771. IN ULONG AttributeCount
  772. );
  774. NTSTATUS
  775. LsapDbQueryInformationAccounts(
  776. IN LSAPR_HANDLE PolicyHandle,
  777. IN ULONG IdCount,
  778. IN PSID_AND_ATTRIBUTES Ids,
  779. OUT PULONG PrivilegeCount,
  780. OUT PLUID_AND_ATTRIBUTES *Privileges,
  781. OUT PQUOTA_LIMITS QuotaLimits,
  782. OUT PULONG SystemAccess
  783. );
  785. NTSTATUS
  786. LsapDbOpenTransaction(
  787. IN ULONG Options
  788. );
  790. NTSTATUS
  791. LsapDbApplyTransaction(
  792. IN LSAPR_HANDLE ObjectHandle,
  793. IN ULONG Options,
  794. IN SECURITY_DB_DELTA_TYPE SecurityDbDeltaType
  795. );
  797. NTSTATUS
  798. LsapDbAbortTransaction(
  799. IN ULONG Options
  800. );
  802. NTSTATUS
  803. LsapDbSidToLogicalNameObject(
  804. IN PSID Sid,
  805. OUT PUNICODE_STRING LogicalNameU
  806. );
  808. NTSTATUS
  809. LsapDbMakeTemporaryObject(
  810. IN LSAPR_HANDLE ObjectHandle
  811. );
  813. NTSTATUS
  814. LsapDbChangePrivilegesAccount(
  815. IN LSAPR_HANDLE AccountHandle,
  816. IN LSAP_DB_CHANGE_PRIVILEGE_MODE ChangeMode,
  817. IN BOOLEAN AllPrivileges,
  818. IN OPTIONAL PPRIVILEGE_SET Privileges,
  819. IN BOOL LockSce
  820. );
  823. NTSTATUS
  824. LsapDbEnumerateSids(
  825. IN LSAPR_HANDLE ContainerHandle,
  826. IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
  827. IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
  828. OUT PLSAP_DB_SID_ENUMERATION_BUFFER DbEnumerationBuffer,
  829. IN ULONG PreferedMaximumLength
  830. );
  832. NTSTATUS
  833. LsapDbFindNextSid(
  834. IN LSAPR_HANDLE ContainerHandle,
  835. IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
  836. IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
  837. OUT PLSAPR_SID *NextSid
  838. );
  840. NTSTATUS
  841. LsapDbEnumeratePrivileges(
  842. IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
  843. OUT PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer,
  844. IN ULONG PreferedMaximumLength
  845. );
  847. NTSTATUS
  848. LsapDbEnumerateNames(
  849. IN LSAPR_HANDLE ContainerHandle,
  850. IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
  851. IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
  852. OUT PLSAP_DB_NAME_ENUMERATION_BUFFER DbEnumerationBuffer,
  853. IN ULONG PreferedMaximumLength
  854. );
  856. NTSTATUS
  857. LsapDbFindNextName(
  858. IN LSAPR_HANDLE ContainerHandle,
  859. IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
  860. IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
  861. OUT PLSAPR_UNICODE_STRING Name
  862. );
  864. VOID
  865. LsapDbFreeEnumerationBuffer(
  866. IN PLSAP_DB_NAME_ENUMERATION_BUFFER DbEnumerationBuffer
  867. );
  869. NTSTATUS
  870. LsapDbInitializeServer(
  871. IN ULONG Pass
  872. );
  874. NTSTATUS
  875. LsapDbInstallRegistry(
  876. );
  878. //
  879. // These routines may someday migrate to Rtl runtime library. Their
  880. // names have Lsap Prefixes only temporarily, so that they can be located
  881. // easily.
  882. //
  884. // Options for LsapRtlAddPrivileges
  886. #define RTL_COMBINE_PRIVILEGE_ATTRIBUTES ((ULONG) 0x00000001L)
  887. #define RTL_SUPERSEDE_PRIVILEGE_ATTRIBUTES ((ULONG) 0x00000002L)
  889. NTSTATUS
  890. LsapRtlAddPrivileges(
  891. IN OUT PPRIVILEGE_SET * RunningPrivileges,
  892. IN OUT PULONG MaxRunningPrivileges,
  893. IN PPRIVILEGE_SET PrivilegesToAdd,
  894. IN ULONG Options,
  895. OUT OPTIONAL BOOLEAN * Changed
  896. );
  898. NTSTATUS
  899. LsapRtlRemovePrivileges(
  900. IN OUT PPRIVILEGE_SET ExistingPrivileges,
  901. IN PPRIVILEGE_SET PrivilegesToRemove
  902. );
  904. PLUID_AND_ATTRIBUTES
  905. LsapRtlGetPrivilege(
  906. IN PLUID_AND_ATTRIBUTES Privilege,
  907. IN PPRIVILEGE_SET Privileges
  908. );
  910. BOOLEAN
  911. LsapRtlPrefixSid(
  912. IN PSID PrefixSid,
  913. IN PSID Sid
  914. );
  916. ULONG
  917. LsapDbGetSizeTextSid(
  918. IN PSID Sid
  919. );
  921. NTSTATUS
  922. LsapDbSidToTextSid(
  923. IN PSID Sid,
  924. OUT PSZ TextSid
  925. );
  927. NTSTATUS
  928. LsapDbSidToUnicodeSid(
  929. IN PSID Sid,
  930. OUT PUNICODE_STRING SidU,
  931. IN BOOLEAN AllocateDestinationString
  932. );
  935. NTSTATUS
  936. LsapDbInitializeWellKnownValues();
  938. #if defined(REMOTE_BOOT)
  939. VOID
  940. LsapDbInitializeRemoteBootState();
  941. #endif // defined(REMOTE_BOOT)
  943. NTSTATUS
  944. LsapDbVerifyInformationObject(
  945. IN PLSAP_DB_OBJECT_INFORMATION ObjectInformation
  946. );
  948. /*++
  950. BOOLEAN
  951. LsapDbIsValidTypeObject(
  952. IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId
  953. )
  955. Routine Description:
  957. This macro function determines if a given Object Type Id is valid.
  959. Arguments:
  961. ObjectTypeId - Object Type Id.
  963. Return Values:
  965. BOOLEAN - TRUE if object type id is valid, else FALSE.
  967. --*/
  969. #define LsapDbIsValidTypeObject(ObjectTypeId) \
  970. (((ObjectTypeId) > NullObject) && \
  971. ((ObjectTypeId) < DummyLastObject))
  974. NTSTATUS
  975. LsapDbGetRequiredAccessQueryPolicy(
  976. IN POLICY_INFORMATION_CLASS InformationClass,
  977. OUT PACCESS_MASK RequiredAccess
  978. );
  981. NTSTATUS
  982. LsapDbVerifyInfoQueryPolicy(
  983. IN LSAPR_HANDLE PolicyHandle,
  984. IN POLICY_INFORMATION_CLASS InformationClass,
  985. OUT PACCESS_MASK RequiredAccess
  986. );
  988. NTSTATUS
  989. LsapDbVerifyInfoSetPolicy(
  990. IN LSAPR_HANDLE PolicyHandle,
  991. IN POLICY_INFORMATION_CLASS InformationClass,
  992. IN PLSAPR_POLICY_INFORMATION PolicyInformation,
  993. OUT PACCESS_MASK RequiredAccess
  994. );
  996. BOOLEAN
  997. LsapDbValidInfoPolicy(
  998. IN POLICY_INFORMATION_CLASS InformationClass,
  999. IN OPTIONAL PLSAPR_POLICY_INFORMATION PolicyInformation
  1000. );
  1002. NTSTATUS
  1003. LsapDbVerifyInfoQueryTrustedDomain(
  1004. IN TRUSTED_INFORMATION_CLASS InformationClass,
  1005. IN BOOLEAN Trusted,
  1006. OUT PACCESS_MASK RequiredAccess
  1007. );
  1009. NTSTATUS
  1010. LsapDbVerifyInfoSetTrustedDomain(
  1011. IN TRUSTED_INFORMATION_CLASS InformationClass,
  1012. IN PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation,
  1013. IN BOOLEAN Trusted,
  1014. OUT PACCESS_MASK RequiredAccess
  1015. );
  1017. BOOLEAN
  1018. LsapDbValidInfoTrustedDomain(
  1019. IN TRUSTED_INFORMATION_CLASS InformationClass,
  1020. IN OPTIONAL PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation
  1021. );
  1023. NTSTATUS
  1024. LsapDbMakeUnicodeAttribute(
  1025. IN OPTIONAL PUNICODE_STRING UnicodeValue,
  1026. IN PUNICODE_STRING AttributeName,
  1027. OUT PLSAP_DB_ATTRIBUTE Attribute
  1028. );
  1030. NTSTATUS
  1031. LsapDbMakeMultiUnicodeAttribute(
  1032. OUT PLSAP_DB_ATTRIBUTE Attribute,
  1033. IN PUNICODE_STRING AttributeName,
  1034. IN PUNICODE_STRING UnicodeNames,
  1035. IN ULONG Entries
  1036. );
  1038. VOID
  1039. LsapDbCopyUnicodeAttributeNoAlloc(
  1040. OUT PUNICODE_STRING OutputString,
  1041. IN PLSAP_DB_ATTRIBUTE Attribute,
  1042. IN BOOLEAN SelfRelative
  1043. );
  1045. NTSTATUS
  1046. LsapDbCopyUnicodeAttribute(
  1047. OUT PUNICODE_STRING OutputString,
  1048. IN PLSAP_DB_ATTRIBUTE Attribute,
  1049. IN BOOLEAN SelfRelative
  1050. );
  1052. NTSTATUS
  1053. LsapDbMakeSidAttribute(
  1054. IN PSID Sid,
  1055. IN PUNICODE_STRING AttributeName,
  1056. OUT PLSAP_DB_ATTRIBUTE Attribute
  1057. );
  1059. NTSTATUS
  1060. LsapDbMakeGuidAttribute(
  1061. IN GUID *Guid,
  1062. IN PUNICODE_STRING AttributeName,
  1063. OUT PLSAP_DB_ATTRIBUTE Attribute
  1064. );
  1066. NTSTATUS
  1067. LsapDbMakeBlobAttribute(
  1068. IN ULONG BlobLength,
  1069. IN PBYTE pBlob,
  1070. IN PUNICODE_STRING AttributeName,
  1071. OUT PLSAP_DB_ATTRIBUTE Attribute
  1072. );
  1074. NTSTATUS
  1075. LsapDbMakeUnicodeAttributeDs(
  1076. IN OPTIONAL PUNICODE_STRING UnicodeValue,
  1077. IN LSAP_DB_NAMES Name,
  1078. OUT PLSAP_DB_ATTRIBUTE Attribute
  1079. );
  1081. NTSTATUS
  1082. LsapDbMakeMultiUnicodeAttributeDs(
  1083. OUT PLSAP_DB_ATTRIBUTE Attribute,
  1084. IN LSAP_DB_NAMES Name,
  1085. IN PUNICODE_STRING UnicodeNames,
  1086. IN ULONG Entries
  1087. );
  1089. NTSTATUS
  1090. LsapDbMakeSidAttributeDs(
  1091. IN PSID Sid,
  1092. IN IN LSAP_DB_NAMES Name,
  1093. OUT PLSAP_DB_ATTRIBUTE Attribute
  1094. );
  1096. NTSTATUS
  1097. LsapDbMakeGuidAttributeDs(
  1098. IN GUID *Guid,
  1099. IN LSAP_DB_NAMES Name,
  1100. OUT PLSAP_DB_ATTRIBUTE Attribute
  1101. );
  1103. NTSTATUS
  1104. LsapDbMakeBlobAttributeDs(
  1105. IN ULONG BlobLength,
  1106. IN PBYTE pBlob,
  1107. IN LSAP_DB_NAMES Name,
  1108. OUT PLSAP_DB_ATTRIBUTE Attribute
  1109. );
  1111. NTSTATUS
  1112. LsapDbMakePByteAttributeDs(
  1113. IN OPTIONAL PBYTE Buffer,
  1114. IN ULONG BufferLength,
  1115. IN LSAP_DB_ATTRIB_TYPE AttribType,
  1116. IN PUNICODE_STRING AttributeName,
  1117. OUT PLSAP_DB_ATTRIBUTE Attribute
  1118. );
  1121. NTSTATUS
  1122. LsapDbReadAttribute(
  1123. IN LSAPR_HANDLE ObjectHandle,
  1124. IN OUT PLSAP_DB_ATTRIBUTE Attribute
  1125. );
  1127. NTSTATUS
  1128. LsapDbFreeAttributes(
  1129. IN ULONG Count,
  1130. IN PLSAP_DB_ATTRIBUTE Attributes
  1131. );
  1133. /*++
  1135. VOID
  1136. LsapDbInitializeAttribute(
  1137. IN PLSAP_DB_ATTRIBUTE AttributeP,
  1138. IN PUNICODE_STRING AttributeNameP,
  1139. IN OPTIONAL PVOID AttributeValueP,
  1140. IN ULONG AttributeValueLengthP,
  1141. IN BOOLEAN MemoryAllocatedP
  1142. )
  1144. Routine Description:
  1146. This macro function initialize an Lsa Database Object Attribute
  1147. structure. No validation is done.
  1149. Arguments:
  1151. AttributeP - Pointer to Lsa Database Attribute structure to be
  1152. initialized.
  1154. AttributeNameP - Pointer to Unicode String containing the attribute's
  1155. name.
  1157. AttributeValueP - Pointer to the attribute's value. NULL may be
  1158. specified.
  1160. AttributeValueLengthP - Length of the attribute's value in bytes.
  1162. MemoryAllocatedP - TRUE if memory is allocated by MIDL_user_allocate
  1163. within the LSA Server code (not by RPC server stubs), else FALSE.
  1165. Return Values:
  1167. None.
  1169. --*/
  1171. #define LsapDbInitializeAttribute( \
  1172. AttributeP, \
  1173. AttributeNameP, \
  1174. AttributeValueP, \
  1175. AttributeValueLengthP, \
  1176. MemoryAllocatedP \
  1177. ) \
  1178. \
  1179. { \
  1180. (AttributeP)->AttributeName = AttributeNameP; \
  1181. (AttributeP)->AttributeValue = AttributeValueP; \
  1182. (AttributeP)->AttributeValueLength = AttributeValueLengthP; \
  1183. (AttributeP)->MemoryAllocated = MemoryAllocatedP; \
  1184. (AttributeP)->DsAttId = 0; \
  1185. (AttributeP)->AttribType = LsapDbAttribUnknown; \
  1186. (AttributeP)->CanDefaultToZero = FALSE; \
  1187. (AttributeP)->PseudoAttribute = FALSE; \
  1188. }
  1190. /*++
  1192. VOID
  1193. LsapDbInitializeAttributeDs(
  1194. IN PLSAP_DB_ATTRIBUTE AttributeP,
  1195. IN LSAP_DB_NAMES Name,
  1196. IN OPTIONAL PVOID AttributeValueP,
  1197. IN ULONG AttributeValueLengthP,
  1198. IN BOOLEAN MemoryAllocatedP
  1199. )
  1201. Routine Description:
  1203. This macro function initialize an Lsa Database Object Attribute
  1204. structure. No validation is done.
  1206. Arguments:
  1208. AttributeP - Pointer to Lsa Database Attribute structure to be
  1209. initialized.
  1211. Name - Name index to create
  1213. AttributeValueP - Pointer to the attribute's value. NULL may be
  1214. specified.
  1216. AttributeValueLengthP - Length of the attribute's value in bytes.
  1218. MemoryAllocatedP - TRUE if memory is allocated by MIDL_user_allocate
  1219. within the LSA Server code (not by RPC server stubs), else FALSE.
  1221. Return Values:
  1223. None.
  1225. --*/
  1226. #define LsapDbInitializeAttributeDs( \
  1227. AttributeP, \
  1228. Name, \
  1229. AttributeValueP, \
  1230. AttributeValueLengthP, \
  1231. MemoryAllocatedP \
  1232. ) \
  1233. \
  1234. { \
  1235. LsapDbInitializeAttribute( (AttributeP), &LsapDbNames[Name], \
  1236. AttributeValueP, AttributeValueLengthP, \
  1237. MemoryAllocatedP ); \
  1238. (AttributeP)->DsAttId = LsapDbDsAttInfo[Name].AttributeId; \
  1239. (AttributeP)->AttribType = LsapDbDsAttInfo[Name].AttributeType; \
  1240. (AttributeP)->CanDefaultToZero = FALSE; \
  1241. (AttributeP)->DbNameIndex = Name; \
  1242. }
  1244. #define LsapDbAttributeCanNotExist( \
  1245. AttributeP \
  1246. ) \
  1247. { \
  1248. (AttributeP)->CanDefaultToZero = TRUE; \
  1249. }
  1252. NTSTATUS
  1253. LsapDbGetPrivilegesAndQuotas(
  1254. IN LSAPR_HANDLE PolicyHandle,
  1255. IN SECURITY_LOGON_TYPE LogonType,
  1256. IN ULONG IdCount,
  1257. IN PSID_AND_ATTRIBUTES Ids,
  1258. OUT PULONG PrivilegeCount,
  1259. OUT PLUID_AND_ATTRIBUTES *Privileges,
  1260. OUT PQUOTA_LIMITS QuotaLimits
  1261. );
  1264. NTSTATUS
  1265. LsapInitializeNotifiyList(
  1266. VOID
  1267. );
  1269. NTSTATUS
  1270. LsapCrServerGetSessionKeySafe(
  1271. IN LSAPR_HANDLE ObjectHandle,
  1272. IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
  1273. OUT PLSAP_CR_CIPHER_KEY *SessionKey
  1274. );
  1276. NTSTATUS
  1277. LsapDbVerifyHandle(
  1278. IN LSAPR_HANDLE ObjectHandle,
  1279. IN ULONG Options,
  1280. IN LSAP_DB_OBJECT_TYPE_ID ExpectedObjectTypeId,
  1281. IN BOOLEAN ReferenceHandle
  1282. );
  1284. BOOLEAN
  1285. LsapDbDereferenceHandle(
  1286. IN LSAPR_HANDLE ObjectHandle
  1287. );
  1289. NTSTATUS
  1290. LsapDbQueryAllInformationAccounts(
  1291. IN LSAPR_HANDLE PolicyHandle,
  1292. IN ULONG IdCount,
  1293. IN PSID_AND_ATTRIBUTES Ids,
  1294. OUT PLSAP_DB_ACCOUNT_TYPE_SPECIFIC_INFO AccountInfo
  1295. );
  1297. NTSTATUS
  1298. LsapCreateTrustedDomain2(
  1299. IN LSAPR_HANDLE PolicyHandle,
  1300. IN PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation,
  1301. IN PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION AuthenticationInformation,
  1302. IN ACCESS_MASK DesiredAccess,
  1303. OUT PLSAPR_HANDLE TrustedDomainHandle
  1304. );
  1306. NTSTATUS
  1307. LsapDsInitializeDsStateInfo(
  1308. IN LSADS_INIT_STATE DsInitState
  1309. );
  1311. NTSTATUS
  1312. LsapDsUnitializeDsStateInfo(
  1313. );
  1315. /*++
  1317. BOOLEAN
  1318. LsapValidateLsaUnicodeString(
  1319. IN PLSAPR_UNICODE_STRING UnicodeString
  1320. );
  1322. Returns TRUE if the LSAPR_UNICODE_STRING is valid. FALSE otherwise
  1323. --*/
  1325. #define LsapValidateLsaUnicodeString( _us_ ) \
  1326. (( (_us_) == NULL || \
  1327. ( \
  1328. (_us_)->MaximumLength >= ( _us_ )->Length && \
  1329. (_us_)->Length % 2 == 0 && \
  1330. (_us_)->MaximumLength % 2 == 0 && \
  1331. ((_us_)->Length == 0 || (_us_)->Buffer != NULL ) \
  1332. ) \
  1333. ) ? TRUE : FALSE )
  1335. /*++
  1337. BOOLEAN
  1338. LsapValidateLsaCipherValue(
  1339. IN PLSAPR_UNICODE_STRING UnicodeString
  1340. );
  1342. Returns TRUE if the LSAPR_CR_CIPHER_KEY is valid. FALSE otherwise
  1343. --*/
  1345. #define LsapValidateLsaCipherValue( _us_ ) \
  1346. ( \
  1347. (_us_)->MaximumLength >= ( _us_ )->Length && \
  1348. ((_us_)->Length == 0 || (_us_)->Buffer != NULL ) \
  1349. ) \
  1350. ? TRUE : FALSE
  1353. NTSTATUS
  1354. LsapDbIsImpersonatedClientNetworkClient(
  1355. IN OUT PBOOLEAN IsNetworkClient
  1356. );
  1358. BOOLEAN
  1359. LsapSidPresentInGroups(
  1360. IN PTOKEN_GROUPS TokenGroups,
  1361. IN SID * Sid
  1362. );
  1364. NTSTATUS
  1365. LsapDomainRenameHandlerForLogonSessions(
  1366. IN PUNICODE_STRING OldNetbiosName,
  1367. IN PUNICODE_STRING OldDnsName,
  1368. IN PUNICODE_STRING NewNetbiosName,
  1369. IN PUNICODE_STRING NewDnsName
  1370. );
  1372. NTSTATUS
  1373. LsapRetrieveDnsDomainNameFromHive(
  1374. IN HKEY Hkey,
  1375. IN OUT DWORD * Length,
  1376. OUT WCHAR * Buffer
  1377. );
  1379. #ifdef __cplusplus
  1380. }
  1381. #endif // __cplusplus
  1383. #endif // _LSA_DB_