mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1776 lines
50 KiB
1776 lines
50 KiB
/*++
|
|
|
|
Copyright (c) 1991 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
lsarpc.idl
|
|
|
|
Abstract:
|
|
|
|
Local Security Authority RPC Interface Definition File
|
|
|
|
This file contains the RPC Interface Definition Language file for
|
|
the LSA. This file includes all of the prototypes for the LSA functions
|
|
that are callable via RPC. These functions are internal versions of API
|
|
and are NOT visible to clients of the LSA. An LSA client calls the LSA
|
|
API defined in file ntlsa.h. These API are wrappers which call client
|
|
RPC stubs generated from this idl file by the RPC compiler.
|
|
|
|
Author:
|
|
|
|
Scott Birrell (ScottBi) April 23, 1991
|
|
|
|
Environment:
|
|
|
|
User Mode
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
[
|
|
uuid(12345778-1234-ABCD-EF00-0123456789AB),
|
|
version(0.0),
|
|
#ifdef __midl
|
|
ms_union,
|
|
#endif // __midl
|
|
pointer_default(unique)
|
|
]
|
|
|
|
interface lsarpc
|
|
|
|
{
|
|
|
|
//
|
|
// Import a dummy interface containing #includes for public .h files. This
|
|
// trick is necessary so that midl will only generate marshalling routines
|
|
// for subtypes that are relevant to the parameters specified on the RPC
|
|
// interface. midl also ignores function prototypes contained therein.
|
|
//
|
|
|
|
import "lsaimp.idl" ;
|
|
|
|
|
|
cpp_quote("#define LSA_LOOKUP_REVISION_1 0x1")
|
|
cpp_quote("#define LSA_LOOKUP_REVISION_2 0x2")
|
|
cpp_quote("#define LSA_LOOKUP_REVISION_LATEST LSA_LOOKUP_REVISION_2")
|
|
|
|
|
|
//
|
|
// Lsa Client version identifiers -- don't use see above
|
|
//
|
|
cpp_quote("#define LSA_CLIENT_PRE_NT5 0x1")
|
|
cpp_quote("#define LSA_CLIENT_NT5 0x2")
|
|
cpp_quote("#define LSA_CLIENT_LATEST 0x2")
|
|
|
|
//
|
|
// BUGBUG ScottBi - The parens have to be omitted from the operand
|
|
// because midl grammar does not support them.
|
|
//
|
|
|
|
#define LSAPR_DB_AUDIT_EVENT_COUNT SeMaxAuditType + 1
|
|
|
|
//
|
|
// LSA Generic Handle used to bind from client to server.
|
|
// This handle is used for both LOCAL and REMOTE services.
|
|
//
|
|
|
|
typedef [handle] LPWSTR PLSAPR_SERVER_NAME, *PPLSAPR_SERVER_NAME;
|
|
|
|
//
|
|
// LSA RPC Context Handle (Internal definition of LSAPR_HANDLE)
|
|
//
|
|
|
|
typedef [context_handle] PVOID LSAPR_HANDLE;
|
|
|
|
typedef LSAPR_HANDLE *PLSAPR_HANDLE;
|
|
|
|
//
|
|
// RPC definition of the SID structure. Note the use of the [size_is()]
|
|
// qualifier to specify the number of elements in the variable size
|
|
// imbedded SubAuthorityCount array at runtime.
|
|
//
|
|
//
|
|
|
|
#pragma warning(disable:4200)
|
|
|
|
typedef struct _LSAPR_SID {
|
|
UCHAR Revision;
|
|
UCHAR SubAuthorityCount;
|
|
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
|
|
[size_is(SubAuthorityCount)] ULONG SubAuthority[*];
|
|
} LSAPR_SID, *PLSAPR_SID, **PPLSAPR_SID;
|
|
|
|
#pragma warning(default:4200)
|
|
|
|
//
|
|
// The following structure is used to identify an Account Object.
|
|
//
|
|
|
|
typedef struct _LSAPR_SID_INFORMATION {
|
|
|
|
PLSAPR_SID Sid;
|
|
|
|
} LSAPR_SID_INFORMATION, *PLSAPR_SID_INFORMATION;
|
|
|
|
//
|
|
// The following structure is used to hold an array of Sids.
|
|
//
|
|
|
|
typedef struct _LSAPR_SID_ENUM_BUFFER {
|
|
|
|
ULONG Entries;
|
|
[size_is(Entries)] PLSAPR_SID_INFORMATION SidInfo;
|
|
|
|
} LSAPR_SID_ENUM_BUFFER, *PLSAPR_SID_ENUM_BUFFER;
|
|
|
|
//
|
|
// The following structure is used to identify an Account Object.
|
|
//
|
|
|
|
typedef struct _LSAPR_ACCOUNT_INFORMATION {
|
|
|
|
PLSAPR_SID Sid;
|
|
|
|
} LSAPR_ACCOUNT_INFORMATION, *PLSAPR_ACCOUNT_INFORMATION;
|
|
|
|
//
|
|
//
|
|
// Account Object Enumeration Buffer
|
|
//
|
|
|
|
typedef struct _LSAPR_ACCOUNT_ENUM_BUFFER {
|
|
|
|
ULONG EntriesRead;
|
|
[size_is(EntriesRead)] PLSAPR_ACCOUNT_INFORMATION Information;
|
|
|
|
} LSAPR_ACCOUNT_ENUM_BUFFER, *PLSAPR_ACCOUNT_ENUM_BUFFER;
|
|
|
|
//
|
|
// BUGBUG ScottBi - Someday these should be an imported interface.
|
|
//
|
|
// Unicode strings are counted 16-bit character strings.
|
|
// The Length field and MaximumLength fields specify number of bytes,
|
|
// (not wide-characters) in the string. So, this definition differs
|
|
// a bit from the real unicode string type.
|
|
//
|
|
|
|
|
|
typedef struct _LSAPR_UNICODE_STRING {
|
|
|
|
USHORT Length;
|
|
USHORT MaximumLength;
|
|
|
|
// BUGBUG - ScottBi - MIDL will raise an exception if Length is 0.
|
|
// Wrappers passing UNICODE STRINGS must pass NULL if string is length
|
|
// zero
|
|
|
|
[size_is(MaximumLength/2), length_is(Length/2)] PWSTR Buffer;
|
|
|
|
} LSAPR_UNICODE_STRING, *PLSAPR_UNICODE_STRING;
|
|
|
|
|
|
//
|
|
// ANSI counted string
|
|
//
|
|
|
|
typedef struct _LSAPR_STRING {
|
|
USHORT Length;
|
|
USHORT MaximumLength;
|
|
// [size_is(MaximumLength), length_is(Length)] PCHAR Buffer;
|
|
[size_is(MaximumLength)] PCHAR Buffer;
|
|
} LSAPR_STRING, *PLSAPR_STRING, LSAPR_ANSI_STRING, *PLSAPR_ANSI_STRING;
|
|
|
|
//
|
|
// RPC definition of an ACL. This must be manually maintained to be the same
|
|
// as the real ACL definition in ntseapi.h
|
|
//
|
|
|
|
#pragma warning(disable:4200)
|
|
|
|
typedef struct _LSAPR_ACL {
|
|
UCHAR AclRevision;
|
|
UCHAR Sbz1;
|
|
USHORT AclSize;
|
|
[size_is(AclSize - 4)] UCHAR Dummy1[*];
|
|
} LSAPR_ACL, *PLSAPR_ACL;
|
|
|
|
#pragma warning(default:4200)
|
|
|
|
//
|
|
// RPC'able security descriptor definition.
|
|
//
|
|
|
|
typedef struct _LSAPR_SECURITY_DESCRIPTOR {
|
|
|
|
UCHAR Revision;
|
|
UCHAR Sbz1;
|
|
SECURITY_DESCRIPTOR_CONTROL Control;
|
|
PLSAPR_SID Owner;
|
|
PLSAPR_SID Group;
|
|
PLSAPR_ACL Sacl;
|
|
PLSAPR_ACL Dacl;
|
|
|
|
} LSAPR_SECURITY_DESCRIPTOR, *PLSAPR_SECURITY_DESCRIPTOR;
|
|
|
|
//
|
|
// RPC'able Self-Relative Security Descriptor Definition.
|
|
//
|
|
|
|
typedef struct _LSAPR_SR_SECURITY_DESCRIPTOR {
|
|
|
|
ULONG Length;
|
|
[size_is(Length)] PUCHAR SecurityDescriptor;
|
|
|
|
} LSAPR_SR_SECURITY_DESCRIPTOR, *PLSAPR_SR_SECURITY_DESCRIPTOR;
|
|
|
|
typedef struct _LSAPR_LUID_AND_ATTRIBUTES {
|
|
OLD_LARGE_INTEGER Luid;
|
|
ULONG Attributes;
|
|
} LSAPR_LUID_AND_ATTRIBUTES, * PLSAPR_LUID_AND_ATTRIBUTES;
|
|
|
|
//
|
|
// Privilege Set - This is defined for a privilege set of one.
|
|
// If more than one privilege is needed, then this structure
|
|
// will need to be allocated with more space.
|
|
//
|
|
// Note: don't change this structure without fixing the INITIAL_PRIVILEGE_SET
|
|
// structure (defined in se.h)
|
|
//
|
|
|
|
#pragma warning(disable:4200)
|
|
|
|
typedef struct _LSAPR_PRIVILEGE_SET {
|
|
|
|
ULONG PrivilegeCount;
|
|
ULONG Control;
|
|
[size_is(PrivilegeCount)] LSAPR_LUID_AND_ATTRIBUTES Privilege[*];
|
|
|
|
} LSAPR_PRIVILEGE_SET, *PLSAPR_PRIVILEGE_SET, **PPLSAPR_PRIVILEGE_SET;
|
|
|
|
#pragma warning(default:4200)
|
|
|
|
|
|
//
|
|
// The following data type is used to return information about privileges
|
|
// defined on a system.
|
|
//
|
|
|
|
typedef struct _LSAPR_POLICY_PRIVILEGE_DEF {
|
|
|
|
LSAPR_UNICODE_STRING Name;
|
|
LUID LocalValue;
|
|
|
|
} LSAPR_POLICY_PRIVILEGE_DEF, *PLSAPR_POLICY_PRIVILEGE_DEF;
|
|
|
|
// where the members have the following usage:
|
|
//
|
|
// Name - Is the architected name of the privilege. This is the
|
|
// primary key of the privilege and the only value that is
|
|
// transportable between systems.
|
|
//
|
|
// Luid - is a LUID value assigned locally for efficient representation
|
|
// of the privilege. Ths value is meaningful only on the system it
|
|
// was assigned on and is not transportable in any way.
|
|
//
|
|
|
|
//
|
|
// The following structure is used to hold an array of returned Privileges.
|
|
//
|
|
|
|
typedef struct _LSAPR_PRIVILEGE_ENUM_BUFFER {
|
|
|
|
ULONG Entries;
|
|
[size_is(Entries)] PLSAPR_POLICY_PRIVILEGE_DEF Privileges;
|
|
|
|
} LSAPR_PRIVILEGE_ENUM_BUFFER, *PLSAPR_PRIVILEGE_ENUM_BUFFER;
|
|
|
|
//
|
|
// RPC'able Object Attributes structure for LSA use. Note that the
|
|
// OBJECT_ATTRIBUTES structure is LSA-specific in that the RootDirectory
|
|
// field is a handle of the specific type LSAPR_HANDLE.
|
|
//
|
|
// WARNING! This MUST be kept in sync with the corresponding structure in
|
|
// ntdef.h! Structure should be moved to an imported interface when
|
|
// possible.
|
|
//
|
|
|
|
typedef struct _LSAPR_OBJECT_ATTRIBUTES {
|
|
|
|
ULONG Length;
|
|
PUCHAR RootDirectory; // This field is not used
|
|
PSTRING ObjectName;
|
|
ULONG Attributes;
|
|
PLSAPR_SECURITY_DESCRIPTOR SecurityDescriptor;
|
|
PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
|
|
|
|
} LSAPR_OBJECT_ATTRIBUTES, *PLSAPR_OBJECT_ATTRIBUTES;
|
|
|
|
//
|
|
// Clear value structure
|
|
//
|
|
|
|
typedef struct _LSAPR_CR_CLEAR_VALUE {
|
|
|
|
ULONG Length;
|
|
ULONG MaximumLength;
|
|
[size_is(MaximumLength), length_is(Length)] PUCHAR Buffer;
|
|
|
|
} LSAPR_CR_CLEAR_VALUE, *PLSAPR_CR_CLEAR_VALUE;
|
|
|
|
//
|
|
// Two-way encrypted value structure in Self-relative form. This
|
|
// is just like a String.
|
|
//
|
|
|
|
typedef struct _LSAPR_CR_CIPHER_VALUE {
|
|
|
|
ULONG Length;
|
|
ULONG MaximumLength;
|
|
[size_is(MaximumLength), length_is(Length)] PUCHAR Buffer;
|
|
|
|
} LSAPR_CR_CIPHER_VALUE, *PLSAPR_CR_CIPHER_VALUE;
|
|
|
|
//
|
|
// LSA API Internal Function prototypes for RPC interface. Each function
|
|
// takes similar (but not always identical) parameters to its corresponding
|
|
// exported API. Client and server stubs are generated for the functions
|
|
// specified here. The client stubs are called by the wrapper functions
|
|
// in file rpcapi.c in the lsa\client directory.
|
|
//
|
|
|
|
//
|
|
// The following data type is used to identify a domain
|
|
//
|
|
|
|
typedef struct _LSAPR_TRUST_INFORMATION {
|
|
|
|
LSAPR_UNICODE_STRING Name;
|
|
PLSAPR_SID Sid;
|
|
|
|
} LSAPR_TRUST_INFORMATION, *PLSAPR_TRUST_INFORMATION;
|
|
|
|
// where members have the following usage:
|
|
//
|
|
// Name - The name of the domain.
|
|
//
|
|
// Sid - A pointer to the Sid of the Domain
|
|
//
|
|
|
|
//
|
|
// The following data type is used to fully identify a domain
|
|
// Only used internally
|
|
//
|
|
|
|
typedef struct _LSAPR_TRUST_INFORMATION_EX {
|
|
|
|
LSAPR_UNICODE_STRING DomainName;
|
|
LSAPR_UNICODE_STRING FlatName;
|
|
PLSAPR_SID Sid;
|
|
BOOLEAN DomainNamesDiffer;
|
|
ULONG TrustAttributes;
|
|
|
|
} LSAPR_TRUST_INFORMATION_EX, *PLSAPR_TRUST_INFORMATION_EX;
|
|
|
|
// where members have the following usage:
|
|
//
|
|
// DomainName - The name of the domain. Most likely the Dns domain name,
|
|
// if DNS is active
|
|
//
|
|
// FlatName - Flat (NetBIOS) domain name
|
|
//
|
|
// Sid - A pointer to the Sid of the Domain
|
|
//
|
|
|
|
//
|
|
//
|
|
// Trusted Domain Object Enumeration Buffer
|
|
//
|
|
|
|
typedef struct _LSAPR_TRUSTED_ENUM_BUFFER {
|
|
|
|
ULONG EntriesRead;
|
|
[size_is(EntriesRead)] PLSAPR_TRUST_INFORMATION Information;
|
|
|
|
} LSAPR_TRUSTED_ENUM_BUFFER, *PLSAPR_TRUSTED_ENUM_BUFFER;
|
|
|
|
|
|
|
|
|
|
//
|
|
// The following data type is used in name and SID lookup services to
|
|
// describe the domains referenced in the lookup operation.
|
|
//
|
|
|
|
typedef struct _LSAPR_REFERENCED_DOMAIN_LIST {
|
|
|
|
ULONG Entries;
|
|
[size_is(Entries)] PLSAPR_TRUST_INFORMATION Domains;
|
|
ULONG MaxEntries;
|
|
|
|
} LSAPR_REFERENCED_DOMAIN_LIST, *PLSAPR_REFERENCED_DOMAIN_LIST;
|
|
|
|
// where members have the following usage:
|
|
//
|
|
// Entries - Is a count of the number of domains described in the
|
|
// Domains array.
|
|
//
|
|
// Domains - Is a pointer to an array of Entries LSA_TRUST_INFORMATION data
|
|
// structures.
|
|
//
|
|
|
|
|
|
//
|
|
// This returned flag indicates that the SID was resolved by SID history
|
|
//
|
|
cpp_quote("#define LSA_LOOKUP_SID_FOUND_BY_HISTORY 0x00000001")
|
|
|
|
//
|
|
// This returned flag indicates that the SID was not resolved but belongs
|
|
// to an external trusted forest
|
|
//
|
|
cpp_quote("#define LSA_LOOKUP_SID_XFOREST_REF 0x00000002")
|
|
|
|
typedef struct _LSAPR_TRANSLATED_SID_EX {
|
|
|
|
SID_NAME_USE Use;
|
|
ULONG RelativeId;
|
|
LONG DomainIndex;
|
|
ULONG Flags;
|
|
|
|
} LSAPR_TRANSLATED_SID_EX, *PLSAPR_TRANSLATED_SID_EX;
|
|
|
|
typedef struct _LSAPR_TRANSLATED_SID_EX2 {
|
|
|
|
SID_NAME_USE Use;
|
|
PLSAPR_SID Sid;
|
|
// ULONG RelativeId;
|
|
LONG DomainIndex;
|
|
ULONG Flags;
|
|
|
|
} LSAPR_TRANSLATED_SID_EX2, *PLSAPR_TRANSLATED_SID_EX2;
|
|
|
|
//
|
|
// The following data type is used in Sid to name lookup services to
|
|
// reference the list of domains referenced in the lookup operation
|
|
//
|
|
// BUGBUG - ScottBi - When midl supports the size_is operand in its
|
|
// full form with more than one operand, this intermediate structure
|
|
// can be eliminated.
|
|
//
|
|
|
|
typedef struct _LSAPR_TRANSLATED_SIDS {
|
|
|
|
ULONG Entries;
|
|
[size_is(Entries)] PLSA_TRANSLATED_SID Sids;
|
|
|
|
} LSAPR_TRANSLATED_SIDS, *PLSAPR_TRANSLATED_SIDS;
|
|
|
|
typedef struct _LSAPR_TRANSLATED_SIDS_EX {
|
|
|
|
ULONG Entries;
|
|
[size_is(Entries)] PLSAPR_TRANSLATED_SID_EX Sids;
|
|
|
|
} LSAPR_TRANSLATED_SIDS_EX, *PLSAPR_TRANSLATED_SIDS_EX;
|
|
|
|
typedef struct _LSAPR_TRANSLATED_SIDS_EX2 {
|
|
|
|
ULONG Entries;
|
|
[size_is(Entries)] PLSAPR_TRANSLATED_SID_EX2 Sids;
|
|
|
|
} LSAPR_TRANSLATED_SIDS_EX2, *PLSAPR_TRANSLATED_SIDS_EX2;
|
|
|
|
//
|
|
// The following data type is used in SID to name lookup services to
|
|
// describe the domains referenced in the lookup operation.
|
|
//
|
|
|
|
typedef struct _LSAPR_TRANSLATED_NAME {
|
|
|
|
SID_NAME_USE Use;
|
|
LSAPR_UNICODE_STRING Name;
|
|
LONG DomainIndex;
|
|
|
|
} LSAPR_TRANSLATED_NAME, *PLSAPR_TRANSLATED_NAME;
|
|
|
|
//
|
|
// This returned flag indicates that the name passed is not a SAM account name
|
|
// (that is, it is someother format).
|
|
//
|
|
cpp_quote("#define LSA_LOOKUP_NAME_NOT_SAM_ACCOUNT_NAME 0x00000001")
|
|
|
|
//
|
|
// This returned flag indicates that the name passed in was not resolved
|
|
// but does belong to a trusted forest.
|
|
//
|
|
cpp_quote("#define LSA_LOOKUP_NAME_XFOREST_REF 0x00000002")
|
|
|
|
|
|
typedef struct _LSAPR_TRANSLATED_NAME_EX {
|
|
|
|
SID_NAME_USE Use;
|
|
LSAPR_UNICODE_STRING Name;
|
|
LONG DomainIndex;
|
|
ULONG Flags;
|
|
|
|
} LSAPR_TRANSLATED_NAME_EX, *PLSAPR_TRANSLATED_NAME_EX;
|
|
|
|
|
|
// where the members have the following usage:
|
|
//
|
|
// Use - Identifies the use of the name. If this value is SidUnknown
|
|
// or SidInvalid, then the remainder of the record is not set and
|
|
// should be ignored. If this value is SidWellKnownGroup then the
|
|
// Name field is invalid, but the DomainIndex field is not.
|
|
//
|
|
// Name - Contains the isolated name of the translated SID.
|
|
//
|
|
// DomainIndex - Is the index of an entry in a related
|
|
// LSA_REFERENCED_DOMAIN_LIST data structure describing the domain
|
|
// in which the account was found.
|
|
//
|
|
// If there is no corresponding reference domain for an entry, then
|
|
// this field will contain a negative value.
|
|
//
|
|
//
|
|
// The following data type is used in Sid to name lookup services to
|
|
// reference the list of domains referenced in the lookup operation
|
|
//
|
|
// BUGBUG - ScottBi - When midl supports the size_is operand in its
|
|
// full form with more than one operand, this intermediate structure
|
|
// can be eliminated.
|
|
//
|
|
|
|
typedef struct _LSAPR_TRANSLATED_NAMES {
|
|
|
|
ULONG Entries;
|
|
[size_is(Entries)] PLSAPR_TRANSLATED_NAME Names;
|
|
|
|
} LSAPR_TRANSLATED_NAMES, *PLSAPR_TRANSLATED_NAMES;
|
|
|
|
typedef struct _LSAPR_TRANSLATED_NAMES_EX {
|
|
|
|
ULONG Entries;
|
|
[size_is(Entries)] PLSAPR_TRANSLATED_NAME_EX Names;
|
|
|
|
} LSAPR_TRANSLATED_NAMES_EX, *PLSAPR_TRANSLATED_NAMES_EX;
|
|
|
|
//
|
|
// The following structure corresponds to the PolicyAccountDomainInformation
|
|
// information class.
|
|
//
|
|
|
|
typedef struct _LSAPR_POLICY_ACCOUNT_DOM_INFO {
|
|
|
|
LSAPR_UNICODE_STRING DomainName;
|
|
PLSAPR_SID DomainSid;
|
|
|
|
} LSAPR_POLICY_ACCOUNT_DOM_INFO, *PLSAPR_POLICY_ACCOUNT_DOM_INFO;
|
|
|
|
// where the members have the following usage:
|
|
//
|
|
// DomainName - Is the name of the domain
|
|
//
|
|
// DomainSid - Is the Sid of the domain
|
|
//
|
|
|
|
|
|
//
|
|
// The following structure corresponds to the PolicyPrimaryDomainInformation
|
|
// information class.
|
|
//
|
|
|
|
typedef struct _LSAPR_POLICY_PRIMARY_DOM_INFO {
|
|
|
|
LSAPR_UNICODE_STRING Name;
|
|
PLSAPR_SID Sid;
|
|
|
|
} LSAPR_POLICY_PRIMARY_DOM_INFO, *PLSAPR_POLICY_PRIMARY_DOM_INFO;
|
|
|
|
// where the members have the following usage:
|
|
//
|
|
// Name - Is the name of the domain
|
|
//
|
|
// Sid - Is the Sid of the domain
|
|
//
|
|
|
|
//
|
|
// The following structure corresponds to the PolicyDnsDomainInformation
|
|
// information class
|
|
//
|
|
|
|
typedef struct _LSAPR_POLICY_DNS_DOMAIN_INFO {
|
|
|
|
LSAPR_UNICODE_STRING Name;
|
|
LSAPR_UNICODE_STRING DnsDomainName;
|
|
LSAPR_UNICODE_STRING DnsForestName;
|
|
GUID DomainGuid;
|
|
PLSAPR_SID Sid;
|
|
|
|
} LSAPR_POLICY_DNS_DOMAIN_INFO, *PLSAPR_POLICY_DNS_DOMAIN_INFO;
|
|
|
|
// where the members have the following usage:
|
|
//
|
|
// Name - Is the name of the Domain
|
|
//
|
|
// DnsDomainName - Is the DNS name of the domain
|
|
//
|
|
// DnsForestName - Is the DNS forest name of the domain
|
|
//
|
|
// DomainGuid - Is the GUID of the domain
|
|
//
|
|
// Sid - Is the Sid of the domain
|
|
|
|
|
|
|
|
|
|
//
|
|
// The following structure corresponds to the PolicyPdAccountInformation
|
|
// information class. This structure may be used in Query operations
|
|
// only.
|
|
//
|
|
|
|
typedef struct _LSAPR_POLICY_PD_ACCOUNT_INFO {
|
|
|
|
LSAPR_UNICODE_STRING Name;
|
|
|
|
} LSAPR_POLICY_PD_ACCOUNT_INFO, *PLSAPR_POLICY_PD_ACCOUNT_INFO;
|
|
|
|
// where the members have the following usage:
|
|
//
|
|
// Name - Is the name of an account in the domain that should be used
|
|
// for authentication and name/ID lookup requests.
|
|
//
|
|
|
|
|
|
//
|
|
// The following structure corresponds to the PolicyReplicaSourceInformation
|
|
// information class.
|
|
//
|
|
|
|
typedef struct _LSAPR_POLICY_REPLICA_SRCE_INFO {
|
|
|
|
LSAPR_UNICODE_STRING ReplicaSource;
|
|
LSAPR_UNICODE_STRING ReplicaAccountName;
|
|
|
|
} LSAPR_POLICY_REPLICA_SRCE_INFO, *PLSAPR_POLICY_REPLICA_SRCE_INFO;
|
|
|
|
|
|
typedef struct _LSAPR_POLICY_AUDIT_EVENTS_INFO {
|
|
|
|
BOOLEAN AuditingMode;
|
|
[size_is(MaximumAuditEventCount)] PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions;
|
|
ULONG MaximumAuditEventCount;
|
|
|
|
} LSAPR_POLICY_AUDIT_EVENTS_INFO, *PLSAPR_POLICY_AUDIT_EVENTS_INFO;
|
|
|
|
//
|
|
// The following data type is used to hold Policy Information
|
|
// of a given class.
|
|
//
|
|
|
|
typedef [switch_type(POLICY_INFORMATION_CLASS)] union
|
|
|
|
_LSAPR_POLICY_INFORMATION {
|
|
|
|
[case(PolicyAuditLogInformation)] POLICY_AUDIT_LOG_INFO PolicyAuditLogInfo;
|
|
[case(PolicyAuditEventsInformation)] LSAPR_POLICY_AUDIT_EVENTS_INFO PolicyAuditEventsInfo;
|
|
[case(PolicyPrimaryDomainInformation)] LSAPR_POLICY_PRIMARY_DOM_INFO PolicyPrimaryDomainInfo;
|
|
[case(PolicyAccountDomainInformation)] LSAPR_POLICY_ACCOUNT_DOM_INFO PolicyAccountDomainInfo;
|
|
[case(PolicyPdAccountInformation)] LSAPR_POLICY_PD_ACCOUNT_INFO PolicyPdAccountInfo;
|
|
[case(PolicyLsaServerRoleInformation)] POLICY_LSA_SERVER_ROLE_INFO PolicyServerRoleInfo;
|
|
[case(PolicyReplicaSourceInformation)] LSAPR_POLICY_REPLICA_SRCE_INFO PolicyReplicaSourceInfo;
|
|
[case(PolicyDefaultQuotaInformation)] POLICY_DEFAULT_QUOTA_INFO PolicyDefaultQuotaInfo;
|
|
[case(PolicyModificationInformation)] POLICY_MODIFICATION_INFO PolicyModificationInfo;
|
|
[case(PolicyAuditFullSetInformation)] POLICY_AUDIT_FULL_SET_INFO PolicyAuditFullSetInfo;
|
|
[case(PolicyAuditFullQueryInformation)] POLICY_AUDIT_FULL_QUERY_INFO PolicyAuditFullQueryInfo;
|
|
[case(PolicyDnsDomainInformation)] LSAPR_POLICY_DNS_DOMAIN_INFO PolicyDnsDomainInfo;
|
|
[case(PolicyDnsDomainInformationInt)] LSAPR_POLICY_DNS_DOMAIN_INFO PolicyDnsDomainInfoInt;
|
|
|
|
} LSAPR_POLICY_INFORMATION;
|
|
|
|
typedef LSAPR_POLICY_INFORMATION *PLSAPR_POLICY_INFORMATION;
|
|
|
|
//***********************************************************************************************
|
|
//
|
|
// NT5 level policy information.
|
|
//
|
|
|
|
//
|
|
// The following structure corresponds to the PolicyDomainEfsInformation
|
|
// information class
|
|
//
|
|
|
|
typedef struct _LSAPR_POLICY_DOMAIN_EFS_INFO {
|
|
|
|
ULONG InfoLength;
|
|
[size_is(InfoLength)] PUCHAR EfsBlob;
|
|
|
|
} LSAPR_POLICY_DOMAIN_EFS_INFO, *PLSAPR_POLICY_DOMAIN_EFS_INFO;
|
|
|
|
// where the members have the following usage:
|
|
//
|
|
// InfoLength - Length of the EFS Information blob
|
|
//
|
|
// EfsBlob - Efs blob data
|
|
//
|
|
|
|
typedef [switch_type(POLICY_DOMAIN_INFORMATION_CLASS)] union
|
|
|
|
_LSAPR_POLICY_DOMAIN_INFORMATION {
|
|
|
|
[case(PolicyDomainEfsInformation)] LSAPR_POLICY_DOMAIN_EFS_INFO PolicyDomainEfsInfo;
|
|
[case(PolicyDomainKerberosTicketInformation)] POLICY_DOMAIN_KERBEROS_TICKET_INFO PolicyDomainKerbTicketInfo;
|
|
|
|
} LSAPR_POLICY_DOMAIN_INFORMATION;
|
|
|
|
typedef LSAPR_POLICY_DOMAIN_INFORMATION *PLSAPR_POLICY_DOMAIN_INFORMATION;
|
|
|
|
|
|
//
|
|
// Account object type-specific Access Types
|
|
//
|
|
|
|
#define LSA_ACCOUNT_VIEW 0x00000001L
|
|
#define LSA_ACCOUNT_ADJUST_PRIVILEGES 0x00000002L
|
|
#define LSA_ACCOUNT_ADJUST_QUOTAS 0x00000004L
|
|
#define LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS 0x00000008L
|
|
|
|
#define LSA_ACCOUNT_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | \
|
|
LSA_ACCOUNT_VIEW | \
|
|
LSA_ACCOUNT_ADJUST_PRIVILEGES | \
|
|
LSA_ACCOUNT_ADJUST_QUOTAS | \
|
|
LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS )
|
|
|
|
//
|
|
// The following data type corresponds to the TrustedDomainNameInformation
|
|
// information class.
|
|
//
|
|
|
|
typedef struct _LSAPR_TRUSTED_DOMAIN_NAME_INFO {
|
|
|
|
LSAPR_UNICODE_STRING Name;
|
|
|
|
} LSAPR_TRUSTED_DOMAIN_NAME_INFO, *PLSAPR_TRUSTED_DOMAIN_NAME_INFO;
|
|
|
|
//
|
|
// The following data type corresponds to the TrustedControllersInformation
|
|
// information class.
|
|
//
|
|
|
|
typedef struct _LSAPR_TRUSTED_CONTROLLERS_INFO {
|
|
|
|
ULONG Entries;
|
|
[size_is(Entries)] PLSAPR_UNICODE_STRING Names;
|
|
|
|
} LSAPR_TRUSTED_CONTROLLERS_INFO, *PLSAPR_TRUSTED_CONTROLLERS_INFO;
|
|
|
|
|
|
|
|
// where members have the following meaning:
|
|
//
|
|
// Entries - Indicate how mamy entries there are in the Names array.
|
|
//
|
|
// Names - Pointer to an array of UNICODE_STRING structures containing the
|
|
// names of domain controllers of the domain. This information may not
|
|
// be accurate and should be used only as a hint. The order of this
|
|
// list is considered significant and will be maintained.
|
|
//
|
|
// By convention, the first name in this list is assumed to be the
|
|
// Primary Domain Controller of the domain. If the Primary Domain
|
|
// Controller is not known, the first name should be set to the NULL
|
|
// string.
|
|
//
|
|
|
|
|
|
//
|
|
// The following data type corresponds to the TrustedPasswordInformation
|
|
// information class.
|
|
//
|
|
|
|
typedef struct _LSAPR_TRUSTED_PASSWORD_INFO {
|
|
|
|
PLSAPR_CR_CIPHER_VALUE Password;
|
|
PLSAPR_CR_CIPHER_VALUE OldPassword;
|
|
|
|
} LSAPR_TRUSTED_PASSWORD_INFO, *PLSAPR_TRUSTED_PASSWORD_INFO;
|
|
|
|
// where members have the following meaning:
|
|
//
|
|
// Password - Contains new password for the trusted domain
|
|
//
|
|
// OldPassword - Optionally contains the old password for the trusted
|
|
// domain.
|
|
//
|
|
|
|
typedef struct _LSAPR_TRUSTED_DOMAIN_INFORMATION_EX {
|
|
|
|
LSAPR_UNICODE_STRING Name;
|
|
LSAPR_UNICODE_STRING FlatName;
|
|
PLSAPR_SID Sid;
|
|
ULONG TrustDirection;
|
|
ULONG TrustType;
|
|
ULONG TrustAttributes;
|
|
|
|
} LSAPR_TRUSTED_DOMAIN_INFORMATION_EX, *PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX;
|
|
|
|
//
|
|
// Type of authentication information
|
|
//
|
|
#define TRUST_AUTH_TYPE_NONE 0 // Ignore this entry
|
|
#define TRUST_AUTH_TYPE_SECRET 1 // This is the equivalent to secret data
|
|
#define TRUST_AUTY_TYPE_CLEAR 2 // Cleartext password
|
|
|
|
typedef struct _LSAPR_AUTH_INFORMATION {
|
|
|
|
LARGE_INTEGER LastUpdateTime;
|
|
ULONG AuthType;
|
|
ULONG AuthInfoLength;
|
|
[size_is(AuthInfoLength)] PUCHAR AuthInfo;
|
|
} LSAPR_AUTH_INFORMATION, *PLSAPR_AUTH_INFORMATION;
|
|
|
|
typedef struct _LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION {
|
|
|
|
ULONG IncomingAuthInfos;
|
|
PLSAPR_AUTH_INFORMATION IncomingAuthenticationInformation;
|
|
PLSAPR_AUTH_INFORMATION IncomingPreviousAuthenticationInformation;
|
|
ULONG OutgoingAuthInfos;
|
|
PLSAPR_AUTH_INFORMATION OutgoingAuthenticationInformation;
|
|
PLSAPR_AUTH_INFORMATION OutgoingPreviousAuthenticationInformation;
|
|
|
|
} LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION, *PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION;
|
|
|
|
typedef struct _LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION {
|
|
|
|
LSAPR_TRUSTED_DOMAIN_INFORMATION_EX Information;
|
|
TRUSTED_POSIX_OFFSET_INFO PosixOffset;
|
|
LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation;
|
|
|
|
} LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION, *PLSAPR_TRUSTED_DOMAIN_FULL_INFORMATION;
|
|
|
|
|
|
typedef LSAPR_TRUST_INFORMATION LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC;
|
|
|
|
typedef PLSAPR_TRUST_INFORMATION PLSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC;
|
|
|
|
//
|
|
// This structure indicates the auth data as read from a Ds object as a blob. It is
|
|
// INTERNAL ONLY. The resultant blob is still encrypted
|
|
//
|
|
typedef struct _LSAPR_TRUSTED_DOMAIN_AUTH_BLOB {
|
|
|
|
ULONG AuthSize;
|
|
[size_is( AuthSize )] PUCHAR AuthBlob;
|
|
|
|
} LSAPR_TRUSTED_DOMAIN_AUTH_BLOB, *PLSAPR_TRUSTED_DOMAIN_AUTH_BLOB;
|
|
|
|
//
|
|
// This structure represent the LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION structure on
|
|
// the wire.
|
|
//
|
|
typedef struct _LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL {
|
|
LSAPR_TRUSTED_DOMAIN_AUTH_BLOB AuthBlob;
|
|
} LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL, *PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL;
|
|
|
|
//
|
|
// This structure represent the LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION structure on
|
|
// the wire.
|
|
//
|
|
typedef struct _LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL {
|
|
LSAPR_TRUSTED_DOMAIN_INFORMATION_EX Information;
|
|
TRUSTED_POSIX_OFFSET_INFO PosixOffset;
|
|
LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL AuthInformation;
|
|
|
|
} LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL, *PLSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL;
|
|
|
|
typedef struct _LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2 {
|
|
|
|
LSAPR_UNICODE_STRING Name;
|
|
LSAPR_UNICODE_STRING FlatName;
|
|
PLSAPR_SID Sid;
|
|
ULONG TrustDirection;
|
|
ULONG TrustType;
|
|
ULONG TrustAttributes;
|
|
ULONG ForestTrustLength;
|
|
[size_is(ForestTrustLength)] PUCHAR ForestTrustInfo;
|
|
|
|
} LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2, *PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX2;
|
|
|
|
typedef struct _LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2 {
|
|
|
|
LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2 Information;
|
|
TRUSTED_POSIX_OFFSET_INFO PosixOffset;
|
|
LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation;
|
|
|
|
} LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2, *PLSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2;
|
|
|
|
//
|
|
// The following data type is used to hold Trusted Domain Information
|
|
// of a given class.
|
|
//
|
|
|
|
typedef [switch_type(TRUSTED_INFORMATION_CLASS)] union
|
|
|
|
_LSAPR_TRUSTED_DOMAIN_INFO {
|
|
|
|
[case(TrustedDomainNameInformation)] LSAPR_TRUSTED_DOMAIN_NAME_INFO TrustedDomainNameInfo;
|
|
[case(TrustedControllersInformation)] LSAPR_TRUSTED_CONTROLLERS_INFO TrustedControllersInfo;
|
|
[case(TrustedPosixOffsetInformation)] TRUSTED_POSIX_OFFSET_INFO TrustedPosixOffsetInfo;
|
|
[case(TrustedPasswordInformation)] LSAPR_TRUSTED_PASSWORD_INFO TrustedPasswordInfo;
|
|
[case(TrustedDomainInformationBasic)] LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC TrustedDomainInfoBasic;
|
|
[case(TrustedDomainInformationEx)] LSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInfoEx;
|
|
[case(TrustedDomainAuthInformation)] LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION TrustedAuthInfo;
|
|
[case(TrustedDomainFullInformation)] LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION TrustedFullInfo;
|
|
[case(TrustedDomainAuthInformationInternal)] LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL TrustedAuthInfoInternal;
|
|
[case(TrustedDomainFullInformationInternal)] LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL TrustedFullInfoInternal;
|
|
[case(TrustedDomainInformationEx2Internal)] LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2 TrustedDomainInfoEx2;
|
|
[case(TrustedDomainFullInformation2Internal)] LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2 TrustedFullInfo2;
|
|
|
|
} LSAPR_TRUSTED_DOMAIN_INFO;
|
|
|
|
typedef LSAPR_TRUSTED_DOMAIN_INFO *PLSAPR_TRUSTED_DOMAIN_INFO;
|
|
|
|
//
|
|
// New types for NT3.51 - PPC release
|
|
//
|
|
|
|
|
|
typedef PLSAPR_UNICODE_STRING PLSAPR_UNICODE_STRING_ARRAY;
|
|
|
|
typedef struct _LSAPR_USER_RIGHT_SET {
|
|
ULONG Entries;
|
|
[size_is(Entries)] PLSAPR_UNICODE_STRING_ARRAY UserRights;
|
|
} LSAPR_USER_RIGHT_SET, *PLSAPR_USER_RIGHT_SET;
|
|
|
|
|
|
typedef struct _LSAPR_TRUSTED_ENUM_BUFFER_EX {
|
|
|
|
ULONG EntriesRead;
|
|
[size_is(EntriesRead)] PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX EnumerationBuffer;
|
|
|
|
} LSAPR_TRUSTED_ENUM_BUFFER_EX, *PLSAPR_TRUSTED_ENUM_BUFFER_EX;
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
// //
|
|
// BEGIN INTERNAL TEST ROUTINES ONLY - These are used for testing the //
|
|
// LsaI* APIs. DO NOT EXPORT. They can be moved around at will //
|
|
// //
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
typedef struct _LSAPR_TEST_INTERNAL_PARAMETER_BLOB {
|
|
|
|
ULONG Size;
|
|
[size_is( Size )]PUCHAR Argument;
|
|
|
|
} LSAPR_TEST_INTERNAL_PARAMETER_BLOB, *PLSAPR_TEST_INTERNAL_PARAMETER_BLOB;
|
|
|
|
typedef struct _LSAPR_TEST_INTERNAL_ARG_LIST {
|
|
|
|
ULONG Items;
|
|
[size_is( Items )] PLSAPR_TEST_INTERNAL_PARAMETER_BLOB Arg;
|
|
|
|
} LSAPR_TEST_INTERNAL_ARG_LIST, *PLSAPR_TEST_INTERNAL_ARG_LIST;
|
|
|
|
//
|
|
// Internally tested routines
|
|
//
|
|
typedef enum _LSAPR_TEST_INTERNAL_ROUTINES {
|
|
|
|
LsaTest_IEnumerateSecrets,
|
|
LsaTest_IQueryDomainOrgInfo,
|
|
LsaTest_ISetTrustedDomainAuthBlobs,
|
|
LsaTest_IUpgradeRegistryToDs,
|
|
LsaTest_ISamSetDomainObjectProperties,
|
|
LsaTest_ISamSetDomainBuiltinGroupMembership,
|
|
LsaTest_ISamSetInterdomainTrustPassword,
|
|
LsaTest_IRegisterPolicyChangeNotificationCallback,
|
|
LsaTest_IUnregisterPolicyChangeNotificationCallback,
|
|
LsaTest_IUnregisterAllPolicyChangeNotificationCallback,
|
|
LsaTest_IStartTransaction,
|
|
LsaTest_IApplyTransaction,
|
|
LsaTest_ITrustDomFixup,
|
|
LsaTest_ISetServerRoleForBoot,
|
|
LsaTest_IQueryForestTrustInfo,
|
|
LsaTest_IBreak,
|
|
LsaTest_IQueryTrustedDomainAuthBlobs,
|
|
LsaTest_IQueryNt4Owf
|
|
|
|
} LSAPR_TEST_INTERNAL_ROUTINES;
|
|
////////////////////////////////////////////////////////////////////////////
|
|
// //
|
|
// END INTERNAL TEST ROUTINES ONLY //
|
|
// //
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
// //
|
|
// Local Security Policy - Miscellaneous API function prototypes //
|
|
// //
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
NTSTATUS
|
|
LsarClose(
|
|
[in,out] LSAPR_HANDLE *ObjectHandle
|
|
);
|
|
|
|
//
|
|
// This routine is being superseded by LsarDeleteObject. The reason is
|
|
// that a pointer to a handle rather than a handle is essential so that
|
|
// RPC on the server side can clean up. Because of the need for RPC
|
|
// interface comaptibility, the new routine has been added at the end
|
|
// of the interface,
|
|
//
|
|
|
|
NTSTATUS
|
|
LsarDelete(
|
|
[in] LSAPR_HANDLE ObjectHandle
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarEnumeratePrivileges(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in, out] PLSA_ENUMERATION_HANDLE EnumerationContext,
|
|
[out] PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer,
|
|
[in] ULONG PreferedMaximumLength
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarQuerySecurityObject(
|
|
[in] LSAPR_HANDLE ObjectHandle,
|
|
[in] SECURITY_INFORMATION SecurityInformation,
|
|
[out] PLSAPR_SR_SECURITY_DESCRIPTOR *SecurityDescriptor
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarSetSecurityObject(
|
|
[in] LSAPR_HANDLE ObjectHandle,
|
|
[in] SECURITY_INFORMATION SecurityInformation,
|
|
[in] PLSAPR_SR_SECURITY_DESCRIPTOR SecurityDescriptor
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarChangePassword(
|
|
[in] PLSAPR_UNICODE_STRING ServerName,
|
|
[in] PLSAPR_UNICODE_STRING DomainName,
|
|
[in] PLSAPR_UNICODE_STRING AccountName,
|
|
[in] PLSAPR_UNICODE_STRING OldPassword,
|
|
[in] PLSAPR_UNICODE_STRING NewPassword
|
|
);
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
// //
|
|
// Local Security Policy - Policy Object API function prototypes //
|
|
// //
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
NTSTATUS
|
|
LsarOpenPolicy(
|
|
[in,unique] PLSAPR_SERVER_NAME SystemName,
|
|
[in] PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes,
|
|
[in] ACCESS_MASK DesiredAccess,
|
|
[out] LSAPR_HANDLE *PolicyHandle
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarQueryInformationPolicy(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] POLICY_INFORMATION_CLASS InformationClass,
|
|
[out, switch_is(InformationClass)]
|
|
PLSAPR_POLICY_INFORMATION *PolicyInformation
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarSetInformationPolicy(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] POLICY_INFORMATION_CLASS InformationClass,
|
|
[in, switch_is(InformationClass)]
|
|
PLSAPR_POLICY_INFORMATION PolicyInformation
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarClearAuditLog(
|
|
[in] LSAPR_HANDLE PolicyHandle
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarCreateAccount(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSAPR_SID AccountSid,
|
|
[in] ACCESS_MASK DesiredAccess,
|
|
[out] LSAPR_HANDLE *AccountHandle
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarEnumerateAccounts(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] [out] PLSA_ENUMERATION_HANDLE EnumerationContext,
|
|
[out] PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer,
|
|
[in] ULONG PreferedMaximumLength
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarCreateTrustedDomain(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSAPR_TRUST_INFORMATION TrustedDomainInformation,
|
|
[in] ACCESS_MASK DesiredAccess,
|
|
[out] LSAPR_HANDLE *TrustedDomainHandle
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarEnumerateTrustedDomains(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] [out] PLSA_ENUMERATION_HANDLE EnumerationContext,
|
|
[out] PLSAPR_TRUSTED_ENUM_BUFFER EnumerationBuffer,
|
|
[in] ULONG PreferedMaximumLength
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarLookupNames(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] ULONG Count,
|
|
[in, size_is(Count)] PLSAPR_UNICODE_STRING Names,
|
|
[out] PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
|
|
[in, out] PLSAPR_TRANSLATED_SIDS TranslatedSids,
|
|
[in] LSAP_LOOKUP_LEVEL LookupLevel,
|
|
[in, out] PULONG MappedCount
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarLookupSids(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
|
|
[out] PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
|
|
[in, out] PLSAPR_TRANSLATED_NAMES TranslatedNames,
|
|
[in] LSAP_LOOKUP_LEVEL LookupLevel,
|
|
[in, out] PULONG MappedCount
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarCreateSecret(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSAPR_UNICODE_STRING SecretName,
|
|
[in] ACCESS_MASK DesiredAccess,
|
|
[out] LSAPR_HANDLE *SecretHandle
|
|
);
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
// //
|
|
// Local Security Policy - Account Object API function prototypes //
|
|
// //
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
NTSTATUS
|
|
LsarOpenAccount(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSAPR_SID AccountSid,
|
|
[in] ACCESS_MASK DesiredAccess,
|
|
[out] LSAPR_HANDLE *AccountHandle
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarEnumeratePrivilegesAccount(
|
|
[in] LSAPR_HANDLE AccountHandle,
|
|
[out] PLSAPR_PRIVILEGE_SET *Privileges
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarAddPrivilegesToAccount(
|
|
[in] LSAPR_HANDLE AccountHandle,
|
|
[in] PLSAPR_PRIVILEGE_SET Privileges
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarRemovePrivilegesFromAccount(
|
|
[in] LSAPR_HANDLE AccountHandle,
|
|
[in] BOOLEAN AllPrivileges,
|
|
[in, unique] PLSAPR_PRIVILEGE_SET Privileges
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarGetQuotasForAccount(
|
|
[in] LSAPR_HANDLE AccountHandle,
|
|
[out] PQUOTA_LIMITS QuotaLimits
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarSetQuotasForAccount(
|
|
[in] LSAPR_HANDLE AccountHandle,
|
|
[in] PQUOTA_LIMITS QuotaLimits
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarGetSystemAccessAccount(
|
|
[in] LSAPR_HANDLE AccountHandle,
|
|
[out] PULONG SystemAccess
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarSetSystemAccessAccount(
|
|
[in] LSAPR_HANDLE AccountHandle,
|
|
[in] ULONG SystemAccess
|
|
);
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
// //
|
|
// Local Security Policy - Trusted Domain Object API function prototypes //
|
|
// //
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
NTSTATUS
|
|
LsarOpenTrustedDomain(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSAPR_SID TrustedDomainSid,
|
|
[in] ACCESS_MASK DesiredAccess,
|
|
[out] LSAPR_HANDLE *TrustedDomainHandle
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarQueryInfoTrustedDomain(
|
|
[in] LSAPR_HANDLE TrustedDomainHandle,
|
|
[in] TRUSTED_INFORMATION_CLASS InformationClass,
|
|
[out, switch_is(InformationClass)]
|
|
PLSAPR_TRUSTED_DOMAIN_INFO *TrustedDomainInformation
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarSetInformationTrustedDomain(
|
|
[in] LSAPR_HANDLE TrustedDomainHandle,
|
|
[in] TRUSTED_INFORMATION_CLASS InformationClass,
|
|
[in, switch_is(InformationClass)]
|
|
PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation
|
|
);
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
// //
|
|
// Local Security Policy - Secret Object API function prototypes //
|
|
// //
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
NTSTATUS
|
|
LsarOpenSecret(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSAPR_UNICODE_STRING SecretName,
|
|
[in] ACCESS_MASK DesiredAccess,
|
|
[out] LSAPR_HANDLE *SecretHandle
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarSetSecret(
|
|
[in] LSAPR_HANDLE SecretHandle,
|
|
[in, unique] PLSAPR_CR_CIPHER_VALUE EncryptedCurrentValue,
|
|
[in, unique] PLSAPR_CR_CIPHER_VALUE EncryptedOldValue
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarQuerySecret(
|
|
[in] LSAPR_HANDLE SecretHandle,
|
|
[in, out, unique] PLSAPR_CR_CIPHER_VALUE *EncryptedCurrentValue,
|
|
[in, out, unique] PLARGE_INTEGER CurrentValueSetTime,
|
|
[in, out, unique] PLSAPR_CR_CIPHER_VALUE *EncryptedOldValue,
|
|
[in, out, unique] PLARGE_INTEGER OldValueSetTime
|
|
);
|
|
|
|
|
|
/////////////////////////////////////////////////////////////////////////
|
|
// //
|
|
// Local Security Policy - Privilege Object API Prototypes //
|
|
// //
|
|
/////////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
|
|
NTSTATUS
|
|
LsarLookupPrivilegeValue(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSAPR_UNICODE_STRING Name,
|
|
[out] PLUID Value
|
|
);
|
|
|
|
|
|
NTSTATUS
|
|
LsarLookupPrivilegeName(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLUID Value,
|
|
[out] PLSAPR_UNICODE_STRING *Name
|
|
);
|
|
|
|
|
|
NTSTATUS
|
|
LsarLookupPrivilegeDisplayName(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSAPR_UNICODE_STRING Name,
|
|
[in] SHORT ClientLanguage,
|
|
[in] SHORT ClientSystemDefaultLanguage,
|
|
[out] PLSAPR_UNICODE_STRING *DisplayName,
|
|
[out] PWORD LanguageReturned
|
|
);
|
|
|
|
//
|
|
// Important note:
|
|
//
|
|
// This routine will supersede LsarDelete. The difference is that, as on
|
|
// LsarClose a pointer to a handle is required rather than a handle so that
|
|
// LsarDeleteObject() can inform the RPC server calling stub that the handle
|
|
// has been deleted by returning NULL.
|
|
//
|
|
|
|
NTSTATUS
|
|
LsarDeleteObject(
|
|
[in,out] LSAPR_HANDLE *ObjectHandle
|
|
);
|
|
|
|
|
|
//
|
|
// These APIs are new for nt 3.51 (PPC release) and will be emulated when
|
|
// talking to old servers.
|
|
//
|
|
|
|
NTSTATUS
|
|
LsarEnumerateAccountsWithUserRight(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in,unique] PLSAPR_UNICODE_STRING UserRight,
|
|
[out] PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarEnumerateAccountRights(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSAPR_SID AccountSid,
|
|
[out] PLSAPR_USER_RIGHT_SET UserRights
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarAddAccountRights(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSAPR_SID AccountSid,
|
|
[in] PLSAPR_USER_RIGHT_SET UserRights
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarRemoveAccountRights(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSAPR_SID AccountSid,
|
|
[in] BOOLEAN AllRights,
|
|
[in] PLSAPR_USER_RIGHT_SET UserRights
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarQueryTrustedDomainInfo(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSAPR_SID TrustedDomainSid,
|
|
[in] TRUSTED_INFORMATION_CLASS InformationClass,
|
|
[out, switch_is(InformationClass)]
|
|
PLSAPR_TRUSTED_DOMAIN_INFO * TrustedDomainInformation
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarSetTrustedDomainInfo(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSAPR_SID TrustedDomainSid,
|
|
[in] TRUSTED_INFORMATION_CLASS InformationClass,
|
|
[in, switch_is(InformationClass)]
|
|
PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarDeleteTrustedDomain(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSAPR_SID TrustedDomainSid
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarStorePrivateData(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSAPR_UNICODE_STRING KeyName,
|
|
[in,unique] PLSAPR_CR_CIPHER_VALUE EncryptedData
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarRetrievePrivateData(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSAPR_UNICODE_STRING KeyName,
|
|
[in, out] PLSAPR_CR_CIPHER_VALUE *EncryptedData
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarOpenPolicy2(
|
|
[in,unique,string] PLSAPR_SERVER_NAME SystemName,
|
|
[in] PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes,
|
|
[in] ACCESS_MASK DesiredAccess,
|
|
[out] LSAPR_HANDLE *PolicyHandle
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarGetUserName(
|
|
[in,unique,string] PLSAPR_SERVER_NAME SystemName,
|
|
[in,out] PLSAPR_UNICODE_STRING * UserName,
|
|
[in,out,unique] PLSAPR_UNICODE_STRING * DomainName
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarQueryInformationPolicy2(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] POLICY_INFORMATION_CLASS InformationClass,
|
|
[out, switch_is(InformationClass)]
|
|
PLSAPR_POLICY_INFORMATION *PolicyInformation
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarSetInformationPolicy2(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] POLICY_INFORMATION_CLASS InformationClass,
|
|
[in, switch_is(InformationClass)]
|
|
PLSAPR_POLICY_INFORMATION PolicyInformation
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarQueryTrustedDomainInfoByName(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSAPR_UNICODE_STRING TrustedDomainName,
|
|
[in] TRUSTED_INFORMATION_CLASS InformationClass,
|
|
[out, switch_is(InformationClass)]
|
|
PLSAPR_TRUSTED_DOMAIN_INFO *TrustedDomainInformation
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarSetTrustedDomainInfoByName(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSAPR_UNICODE_STRING TrustedDomainName,
|
|
[in] TRUSTED_INFORMATION_CLASS InformationClass,
|
|
[in, switch_is(InformationClass)]
|
|
PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarEnumerateTrustedDomainsEx(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in, out] PLSA_ENUMERATION_HANDLE EnumerationContext,
|
|
[out] PLSAPR_TRUSTED_ENUM_BUFFER_EX EnumerationBuffer,
|
|
[in] ULONG PreferedMaximumLength
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarCreateTrustedDomainEx(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation,
|
|
[in] PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION AuthenticationInformation,
|
|
[in] ACCESS_MASK DesiredAccess,
|
|
[out] LSAPR_HANDLE *TrustedDomainHandle
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarSetPolicyReplicationHandle(
|
|
[in, out] PLSAPR_HANDLE PolicyHandle
|
|
);
|
|
|
|
|
|
NTSTATUS
|
|
LsarQueryDomainInformationPolicy(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] POLICY_DOMAIN_INFORMATION_CLASS InformationClass,
|
|
[out, switch_is(InformationClass)]
|
|
PLSAPR_POLICY_DOMAIN_INFORMATION *PolicyDomainInformation
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarSetDomainInformationPolicy(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] POLICY_DOMAIN_INFORMATION_CLASS InformationClass,
|
|
[in, unique, switch_is(InformationClass)]
|
|
PLSAPR_POLICY_DOMAIN_INFORMATION PolicyDomainInformation
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarOpenTrustedDomainByName(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSAPR_UNICODE_STRING TrustedDomainName,
|
|
[in] ACCESS_MASK DesiredAccess,
|
|
[out] LSAPR_HANDLE *TrustedDomainHandle
|
|
);
|
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
// //
|
|
// BEGIN INTERNAL TEST ROUTINES ONLY - These are used for testing the //
|
|
// LsaI* APIs. DO NOT EXPORT. They can be moved around at will //
|
|
// //
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
NTSTATUS
|
|
LsaITestCall(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] LSAPR_TEST_INTERNAL_ROUTINES Call,
|
|
[in] PLSAPR_TEST_INTERNAL_ARG_LIST InputArgs,
|
|
[out] PLSAPR_TEST_INTERNAL_ARG_LIST *OuputArgs
|
|
);
|
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
// //
|
|
// END INTERNAL TEST ROUTINES ONLY //
|
|
// //
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
NTSTATUS
|
|
LsarLookupSids2(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
|
|
[out] PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
|
|
[in, out] PLSAPR_TRANSLATED_NAMES_EX TranslatedNames,
|
|
[in] LSAP_LOOKUP_LEVEL LookupLevel,
|
|
[in, out] PULONG MappedCount,
|
|
[in] ULONG LookupOptions,
|
|
[in] ULONG ClientRevision
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarLookupNames2(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] ULONG Count,
|
|
[in, size_is(Count)] PLSAPR_UNICODE_STRING Names,
|
|
[out] PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
|
|
[in, out] PLSAPR_TRANSLATED_SIDS_EX TranslatedSids,
|
|
[in] LSAP_LOOKUP_LEVEL LookupLevel,
|
|
[in, out] PULONG MappedCount,
|
|
[in] ULONG LookupOptions,
|
|
[in] ULONG ClientRevision
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarCreateTrustedDomainEx2(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation,
|
|
[in] PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL AuthenticationInformation,
|
|
[in] ACCESS_MASK DesiredAccess,
|
|
[out] LSAPR_HANDLE *TrustedDomainHandle
|
|
);
|
|
|
|
//
|
|
// Credential Management API
|
|
//
|
|
|
|
NTSTATUS
|
|
CredrWrite(
|
|
[in,unique,string] PLSAPR_SERVER_NAME ServerName,
|
|
[in] PENCRYPTED_CREDENTIALW Credential,
|
|
[in] ULONG Flags
|
|
);
|
|
|
|
NTSTATUS
|
|
CredrRead(
|
|
[in,unique,string] PLSAPR_SERVER_NAME ServerName,
|
|
[in, string] wchar_t * TargetName,
|
|
[in] ULONG Type,
|
|
[in] ULONG Flags,
|
|
[out] PENCRYPTED_CREDENTIALW *Credential
|
|
);
|
|
|
|
typedef PENCRYPTED_CREDENTIALW *PPENCRYPTED_CREDENTIALW;
|
|
|
|
typedef struct _CREDENTIAL_ARRAY {
|
|
ULONG CredentialCount;
|
|
[unique, size_is(CredentialCount)] PPENCRYPTED_CREDENTIALW Credentials;
|
|
} CREDENTIAL_ARRAY, *PCREDENTIAL_ARRAY;
|
|
|
|
NTSTATUS
|
|
CredrEnumerate(
|
|
[in,unique,string] PLSAPR_SERVER_NAME ServerName,
|
|
[in, unique, string] wchar_t * Filter,
|
|
[in] ULONG Flags,
|
|
[out] PCREDENTIAL_ARRAY CredentialArray
|
|
);
|
|
|
|
NTSTATUS
|
|
CredrWriteDomainCredentials(
|
|
[in,unique,string] PLSAPR_SERVER_NAME ServerName,
|
|
[in] PCREDENTIAL_TARGET_INFORMATIONW TargetInfo,
|
|
[in] PENCRYPTED_CREDENTIALW Credential,
|
|
[in] ULONG Flags
|
|
);
|
|
|
|
NTSTATUS
|
|
CredrReadDomainCredentials(
|
|
[in,unique,string] PLSAPR_SERVER_NAME ServerName,
|
|
[in] PCREDENTIAL_TARGET_INFORMATIONW TargetInfo,
|
|
[in] ULONG Flags,
|
|
[out] PCREDENTIAL_ARRAY CredentialArray
|
|
);
|
|
|
|
NTSTATUS
|
|
CredrDelete(
|
|
[in,unique,string] PLSAPR_SERVER_NAME ServerName,
|
|
[in, string] wchar_t * TargetName,
|
|
[in] ULONG Type,
|
|
[in] ULONG Flags
|
|
);
|
|
|
|
NTSTATUS
|
|
CredrGetTargetInfo(
|
|
[in,unique,string] PLSAPR_SERVER_NAME ServerName,
|
|
[in, string] wchar_t * TargetName,
|
|
[in] ULONG Flags,
|
|
[out] PCREDENTIAL_TARGET_INFORMATIONW *TargetInfo
|
|
);
|
|
|
|
NTSTATUS
|
|
CredrProfileLoaded(
|
|
[in,unique,string] PLSAPR_SERVER_NAME ServerName
|
|
);
|
|
|
|
//
|
|
// New lookup API to support returning SIDs
|
|
//
|
|
NTSTATUS
|
|
LsarLookupNames3(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] ULONG Count,
|
|
[in, size_is(Count)] PLSAPR_UNICODE_STRING Names,
|
|
[out] PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
|
|
[in, out] PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids,
|
|
[in] LSAP_LOOKUP_LEVEL LookupLevel,
|
|
[in, out] PULONG MappedCount,
|
|
[in] ULONG LookupOptions,
|
|
[in] ULONG ClientRevision
|
|
);
|
|
|
|
NTSTATUS
|
|
CredrGetSessionTypes(
|
|
[in,unique,string] PLSAPR_SERVER_NAME ServerName,
|
|
[in] ULONG MaximumPersistCount,
|
|
[out,size_is(MaximumPersistCount)] ULONG *MaximumPersist
|
|
);
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Generic Auditing Support
|
|
//
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
NTSTATUS
|
|
LsarRegisterAuditEvent(
|
|
[in] PAUTHZ_AUDIT_EVENT_TYPE_OLD pAuditEventType,
|
|
[out] AUDIT_HANDLE* phAuditContext
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarGenAuditEvent(
|
|
[in] AUDIT_HANDLE hAuditContext,
|
|
[in] DWORD Flags,
|
|
[in] AUDIT_PARAMS* pAuditParams
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarUnregisterAuditEvent(
|
|
[in,out] AUDIT_HANDLE* phAuditContext
|
|
);
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// End of Generic Auditing Support
|
|
//
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Forest trust support
|
|
//
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
NTSTATUS
|
|
LsarQueryForestTrustInformation(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSA_UNICODE_STRING TrustedDomainName,
|
|
[in] LSA_FOREST_TRUST_RECORD_TYPE HighestRecordType,
|
|
[out] PLSA_FOREST_TRUST_INFORMATION * ForestTrustInfo
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarSetForestTrustInformation(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] PLSA_UNICODE_STRING TrustedDomainName,
|
|
[in] LSA_FOREST_TRUST_RECORD_TYPE HighestRecordType,
|
|
[in] PLSA_FOREST_TRUST_INFORMATION ForestTrustInfo,
|
|
[in] BOOLEAN CheckOnly,
|
|
[out] PLSA_FOREST_TRUST_COLLISION_INFORMATION * CollisionInfo
|
|
);
|
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// End of forest trust support
|
|
//
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
NTSTATUS
|
|
CredrRename(
|
|
[in,unique,string] PLSAPR_SERVER_NAME ServerName,
|
|
[in, string] wchar_t * OldTargetName,
|
|
[in, string] wchar_t * NewTargetName,
|
|
[in] ULONG Type,
|
|
[in] ULONG Flags
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarLookupSids3(
|
|
[in] handle_t RpcHandle,
|
|
[in] PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
|
|
[out] PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
|
|
[in, out] PLSAPR_TRANSLATED_NAMES_EX TranslatedNames,
|
|
[in] LSAP_LOOKUP_LEVEL LookupLevel,
|
|
[in, out] PULONG MappedCount,
|
|
[in] ULONG LookupOptions,
|
|
[in] ULONG ClientRevision
|
|
);
|
|
|
|
NTSTATUS
|
|
LsarLookupNames4(
|
|
[in] handle_t RpcHandle,
|
|
[in] ULONG Count,
|
|
[in, size_is(Count)] PLSAPR_UNICODE_STRING Names,
|
|
[out] PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
|
|
[in, out] PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids,
|
|
[in] LSAP_LOOKUP_LEVEL LookupLevel,
|
|
[in, out] PULONG MappedCount,
|
|
[in] ULONG LookupOptions,
|
|
[in] ULONG ClientRevision
|
|
);
|
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// LSA/SCE synchronization support
|
|
//
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
NTSTATUS
|
|
LsarOpenPolicySce(
|
|
[in,unique] PLSAPR_SERVER_NAME SystemName,
|
|
[in] PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes,
|
|
[in] ACCESS_MASK DesiredAccess,
|
|
[out] LSAPR_HANDLE *PolicyHandle
|
|
);
|
|
|
|
//
|
|
// Insert new RPC interfaces before this line,
|
|
// so LsarForestTrustFindMatch can be re-enabled
|
|
// in private builds at later times
|
|
//
|
|
|
|
// #define TESTING_MATCHING_ROUTINE
|
|
|
|
#ifdef TESTING_MATCHING_ROUTINE
|
|
|
|
NTSTATUS
|
|
LsarForestTrustFindMatch(
|
|
[in] LSAPR_HANDLE PolicyHandle,
|
|
[in] ULONG Type,
|
|
[in] PLSA_UNICODE_STRING Name,
|
|
[out] PLSA_UNICODE_STRING *Match
|
|
);
|
|
|
|
#endif
|
|
|
|
}
|