windows-nt/Source/XPSP1/NT/public/internal/ds/inc/lsaisrv.h

962 lines
21 KiB
C
Raw Normal View History

2020-09-26 03:20:57 -05:00
/*++ BUILD Version: 0001 // Increment this if a change has global effects
Copyright (c) 1992 Microsoft Corporation
Module Name:
lsaisrv.h
Abstract:
This file contains interfaces to internal routines in the Lsa
Server that provide additional functionality not contained in
the Lsar routines. These routines are only used by LSA clients which
live in the same process as the LSA server.
Author:
Scott Birrell (ScottBi) April 8, 1992
Environment:
User Mode - Win32
Revision History:
--*/
#ifndef _LSAISRV_
#define _LSAISRV_
#ifdef __cplusplus
extern "C" {
#endif
//
// The following constants are defined for callers of the LsaIHealthCheckRoutine
//
// 1. LSAI_SAM_STATE_SESS_KEY is used to convey the syskey by SAM to LSA.
// This is used in upgrade cases from NT4 and win2k B3 and RC1.
// SAM in these cases knows the syskey
//
// 2. LSAI_SAM_STATE_UNROLL_SP4_ENCRYPTION is used to convey SAM's password
// encryption key to LSA. This is used to unroll encryption used in NT4 SP4
// ( incorrectly ) using SAM's password encryption key
//
// 3. LSAI_SAM_STATE_RETRIEVE_SESS_KEY is used by SAM/DS to retrieve the
// from LSA to decrypt their respective password encryption keys
//
// 4. LSAI_SAM_GENERATE_SESS_KEY is used by SAM to tell the LSA to generate
// a new Password Encryption key in the case where we are upgrading
// from a NT4 or Win2k B3 or RC1 Machine and the machine is not syskey'd
//
// 5. LSAI_SAM_STATE_CLEAR_SESS_KEY is used by SAM or DS to clear the syskey
// after it has been used for decrypting their respective password
// encryption keys.
//
// 6. LSAI_SAM_STATE_OLD_SESS_KEY This is used to retrieve the old syskey in
// to implement error recovery during syskey change cases.
//
#define LSAI_SAM_STATE_SESS_KEY 0x1
#define LSAI_SAM_STATE_UNROLL_SP4_ENCRYPTION 0x2
#define LSAI_SAM_STATE_RETRIEVE_SESS_KEY 0x3
#define LSAI_SAM_STATE_CLEAR_SESS_KEY 0x4
#define LSAI_SAM_GENERATE_SESS_KEY 0x5
#define LSAI_SAM_STATE_OLD_SESS_KEY 0x6
///////////////////////////////////////////////////////////////////////////////
// //
// The following prototypes are usable throughout the process that the //
// LSA server resides in. //
// //
///////////////////////////////////////////////////////////////////////////////
NTSTATUS NTAPI
LsaIHealthCheck(
IN LSAPR_HANDLE DomainHandle OPTIONAL,
IN ULONG StateChange,
IN OUT PVOID StateChangeData,
IN OUT PULONG StateChangeDataLength
);
NTSTATUS NTAPI
LsaIOpenPolicyTrusted(
OUT PLSAPR_HANDLE PolicyHandle
);
NTSTATUS NTAPI
LsaIQueryInformationPolicyTrusted(
IN POLICY_INFORMATION_CLASS InformationClass,
OUT PLSAPR_POLICY_INFORMATION *Buffer
);
NTSTATUS NTAPI
LsaIGetSerialNumberPolicy(
IN LSAPR_HANDLE PolicyHandle,
OUT PLARGE_INTEGER ModifiedCount,
OUT PLARGE_INTEGER CreationTime
);
NTSTATUS NTAPI
LsaISetSerialNumberPolicy(
IN LSAPR_HANDLE PolicyHandle,
IN PLARGE_INTEGER ModifiedCount,
IN PLARGE_INTEGER CreationTime,
IN BOOLEAN StartOfFullSync
);
NTSTATUS NTAPI
LsaIGetSerialNumberPolicy2(
IN LSAPR_HANDLE PolicyHandle,
OUT PLARGE_INTEGER ModifiedCount,
OUT PLARGE_INTEGER ModifiedCountAtLastPromotion,
OUT PLARGE_INTEGER CreationTime
);
NTSTATUS NTAPI
LsaISetSerialNumberPolicy2(
IN LSAPR_HANDLE PolicyHandle,
IN PLARGE_INTEGER ModifiedCount,
IN PLARGE_INTEGER ModifiedCountAtLastPromotion OPTIONAL,
IN PLARGE_INTEGER CreationTime,
IN BOOLEAN StartOfFullSync
);
NTSTATUS NTAPI
LsaIGetPrivateData(
IN LSAPR_HANDLE PolicyHandle,
OUT PULONG DataLength,
OUT PVOID *Data
);
NTSTATUS NTAPI
LsaISetPrivateData(
IN LSAPR_HANDLE PolicyHandle,
IN ULONG DataLength,
IN PVOID Data
);
NTSTATUS NTAPI
LsaIEnumerateSecrets(
IN LSAPR_HANDLE PolicyHandle,
IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
OUT PVOID *Buffer,
IN ULONG PreferedMaximumLength,
OUT PULONG CountReturned
);
NTSTATUS NTAPI
LsaISetTimesSecret(
IN LSAPR_HANDLE SecretHandle,
IN PLARGE_INTEGER CurrentValueSetTime,
IN PLARGE_INTEGER OldValueSetTime
);
#ifdef __LOGONMSV_H__ // This API is only of interest to users of logonmsv.h
NTSTATUS NTAPI
LsaIFilterSids(
IN PUNICODE_STRING TrustedDomainName,
IN ULONG TrustDirection,
IN ULONG TrustType,
IN ULONG TrustAttributes,
IN PSID Sid,
IN NETLOGON_VALIDATION_INFO_CLASS InfoClass,
IN OUT PVOID SamInfo
);
#endif
typedef enum {
RoutingMatchDomainSid,
RoutingMatchDomainName,
RoutingMatchUpn,
RoutingMatchSpn,
} LSA_ROUTING_MATCH_TYPE;
NTSTATUS NTAPI
LsaIForestTrustFindMatch(
IN LSA_ROUTING_MATCH_TYPE Type,
IN PVOID Data,
OUT PLSA_UNICODE_STRING Match
);
VOID
LsaIFree_LSA_FOREST_TRUST_INFORMATION(
IN PLSA_FOREST_TRUST_INFORMATION * ForestTrustInfo
);
VOID
LsaIFree_LSA_FOREST_TRUST_COLLISION_INFORMATION(
IN PLSA_FOREST_TRUST_COLLISION_INFORMATION * CollisionInfo
);
BOOLEAN NTAPI
LsaISetupWasRun(
);
BOOLEAN NTAPI
LsaISafeMode(
VOID
);
BOOLEAN NTAPI
LsaILookupWellKnownName(
IN PUNICODE_STRING WellKnownName
);
VOID NTAPI
LsaIFree_LSAPR_ACCOUNT_ENUM_BUFFER (
IN PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer
);
VOID NTAPI
LsaIFree_LSAPR_TRANSLATED_SIDS (
IN PLSAPR_TRANSLATED_SIDS TranslatedSids
);
VOID NTAPI
LsaIFree_LSAPR_TRANSLATED_NAMES (
IN PLSAPR_TRANSLATED_NAMES TranslatedNames
);
VOID NTAPI
LsaIFree_LSAPR_POLICY_INFORMATION (
IN POLICY_INFORMATION_CLASS InformationClass,
IN PLSAPR_POLICY_INFORMATION PolicyInformation
);
VOID NTAPI
LsaIFree_LSAPR_POLICY_DOMAIN_INFORMATION (
IN POLICY_DOMAIN_INFORMATION_CLASS DomainInformationClass,
IN PLSAPR_POLICY_DOMAIN_INFORMATION PolicyDomainInformation
);
VOID NTAPI
LsaIFree_LSAPR_TRUSTED_DOMAIN_INFO (
IN TRUSTED_INFORMATION_CLASS InformationClass,
IN PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation
);
VOID NTAPI
LsaIFree_LSAPR_REFERENCED_DOMAIN_LIST (
IN PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains
);
VOID NTAPI
LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER (
IN PLSAPR_TRUSTED_ENUM_BUFFER EnumerationBuffer
);
VOID NTAPI
LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER_EX (
PLSAPR_TRUSTED_ENUM_BUFFER_EX EnumerationBuffer
);
VOID NTAPI
LsaIFree_LSAPR_TRUST_INFORMATION (
IN PLSAPR_TRUST_INFORMATION TrustInformation
);
VOID NTAPI
LsaIFree_LSAP_SECRET_ENUM_BUFFER (
IN PVOID Buffer,
IN ULONG Count
);
VOID NTAPI
LsaIFree_LSAPR_PRIVILEGE_ENUM_BUFFER (
PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer
);
VOID NTAPI
LsaIFree_LSAPR_SR_SECURITY_DESCRIPTOR (
IN PLSAPR_SR_SECURITY_DESCRIPTOR SecurityDescriptor
);
VOID
LsaIFree_LSAI_SECRET_ENUM_BUFFER (
IN PVOID Buffer,
IN ULONG Count
);
VOID NTAPI
LsaIFree_LSAI_PRIVATE_DATA (
IN PVOID Data
);
VOID NTAPI
LsaIFree_LSAPR_UNICODE_STRING (
IN PLSAPR_UNICODE_STRING UnicodeName
);
VOID NTAPI
LsaIFree_LSAPR_UNICODE_STRING_BUFFER (
IN PLSAPR_UNICODE_STRING UnicodeName
);
VOID NTAPI
LsaIFree_LSAPR_PRIVILEGE_SET (
IN PLSAPR_PRIVILEGE_SET PrivilegeSet
);
VOID NTAPI
LsaIFree_LSAPR_CR_CIPHER_VALUE (
IN PLSAPR_CR_CIPHER_VALUE CipherValue
);
NTSTATUS NTAPI
LsaIAuditSamEvent(
IN NTSTATUS Status,
IN ULONG AuditId,
IN PSID DomainSid,
IN PUNICODE_STRING AdditionalInfo OPTIONAL,
IN PULONG MemberRid OPTIONAL,
IN PSID MemberSid OPTIONAL,
IN PUNICODE_STRING AccountName OPTIONAL,
IN PUNICODE_STRING DomainName,
IN PULONG AccountRid OPTIONAL,
IN PPRIVILEGE_SET Privileges OPTIONAL
);
VOID NTAPI
LsaIAuditNotifyPackageLoad(
PUNICODE_STRING PackageFileName
);
NTSTATUS NTAPI
LsaIAuditKdcEvent(
IN ULONG AuditId,
IN PUNICODE_STRING ClientName,
IN PUNICODE_STRING ClientDomain,
IN PSID ClientSid,
IN PUNICODE_STRING ServiceName,
IN PSID ServiceSid,
IN PULONG KdcOptions,
IN PULONG KerbStatus,
IN PULONG EncryptionType,
IN PULONG PreAuthType,
IN PBYTE ClientAddress,
IN LPGUID UniqueId OPTIONAL
);
NTSTATUS
LsaIGetLogonGuid(
IN PUNICODE_STRING pUserName,
IN PUNICODE_STRING pUserDomain,
IN PBYTE pBuffer,
IN UINT BufferSize,
OUT LPGUID pLogonGuid
);
NTSTATUS
LsaISetLogonGuidInLogonSession(
IN PLUID LogonId,
IN LPGUID LogonGuid OPTIONAL
);
VOID
LsaIAuditKerberosLogon(
IN NTSTATUS LogonStatus,
IN NTSTATUS LogonSubStatus,
IN PUNICODE_STRING AccountName,
IN PUNICODE_STRING AuthenticatingAuthority,
IN PUNICODE_STRING WorkstationName,
IN PSID UserSid, OPTIONAL
IN SECURITY_LOGON_TYPE LogonType,
IN PTOKEN_SOURCE TokenSource,
IN PLUID LogonId,
IN LPGUID LogonGuid
);
NTSTATUS
LsaIAuditLogonUsingExplicitCreds(
IN USHORT AuditEventType,
IN PSID pUser1Sid,
IN PUNICODE_STRING pUser1Name,
IN PUNICODE_STRING pUser1Domain,
IN PLUID pUser1LogonId,
IN LPGUID pUser1LogonGuid, OPTIONAL
IN PUNICODE_STRING pUser2Name,
IN PUNICODE_STRING pUser2Domain,
IN LPGUID pUser2LogonGuid
);
NTSTATUS
LsaIAuditAccountLogon(
IN ULONG AuditId,
IN BOOLEAN Successful,
IN PUNICODE_STRING Source,
IN PUNICODE_STRING ClientName,
IN PUNICODE_STRING MappedName,
IN NTSTATUS Status OPTIONAL
);
NTSTATUS NTAPI
LsaIAuditDPAPIEvent(
IN ULONG AuditId,
IN PSID UserSid,
IN PUNICODE_STRING MasterKeyID,
IN PUNICODE_STRING RecoveryServer,
IN PULONG Reason,
IN PUNICODE_STRING RecoverykeyID,
IN PULONG FailureReason
);
#define LSA_AUDIT_PARAMETERS_ABSOLUTE 1
NTSTATUS NTAPI
LsaIWriteAuditEvent(
IN PSE_ADT_PARAMETER_ARRAY AuditParameters,
IN ULONG Options
);
NTSTATUS
LsaIAuditPasswordAccessEvent(
IN USHORT EventType,
IN PCWSTR pszTargetUserName,
IN PCWSTR pszTargetUserDomain
);
NTSTATUS NTAPI
LsaICallPackage(
IN PUNICODE_STRING AuthenticationPackage,
IN PVOID ProtocolSubmitBuffer,
IN ULONG SubmitBufferLength,
OUT PVOID *ProtocolReturnBuffer,
OUT PULONG ReturnBufferLength,
OUT PNTSTATUS ProtocolStatus
);
VOID NTAPI
LsaIFreeReturnBuffer(
IN PVOID Buffer
);
//
// NT5 routines for using the Ds for Lsa store
//
#define LSAI_FOREST_ROOT_TRUST 0x00000001
#define LSAI_FOREST_DOMAIN_GUID_PRESENT 0x00000002
//
// These structures correspond to the private interface Kerberos uses
// to build a tree of the domains in an organization.
//
typedef struct _LSAPR_TREE_TRUST_INFO {
UNICODE_STRING DnsDomainName;
UNICODE_STRING FlatName;
GUID DomainGuid;
PSID DomainSid;
ULONG Flags;
ULONG Children;
struct _LSAPR_TREE_TRUST_INFO *ChildDomains;
} LSAPR_TREE_TRUST_INFO, *PLSAPR_TREE_TRUST_INFO;
typedef struct _LSAPR_FOREST_TRUST_INFO {
LSAPR_TREE_TRUST_INFO RootTrust;
PLSAPR_TREE_TRUST_INFO ParentDomainReference;
} LSAPR_FOREST_TRUST_INFO, *PLSAPR_FOREST_TRUST_INFO;
VOID
LsaIFreeForestTrustInfo(
IN PLSAPR_FOREST_TRUST_INFO ForestTrustInfo
);
NTSTATUS
NTAPI
LsaIQueryForestTrustInfo(
IN LSAPR_HANDLE PolicyHandle,
OUT PLSAPR_FOREST_TRUST_INFO *ForestTrustInfo
);
NTSTATUS NTAPI
LsaISetTrustedDomainAuthInfoBlobs(
IN LSAPR_HANDLE PolicyHandle,
IN PLSAPR_UNICODE_STRING TrustedDomainName,
IN PLSAPR_TRUSTED_DOMAIN_AUTH_BLOB IncomingBlob,
IN PLSAPR_TRUSTED_DOMAIN_AUTH_BLOB OutgoingBlob);
NTSTATUS NTAPI
LsaIUpgradeRegistryToDs(
IN BOOLEAN DeleteOnly
);
NTSTATUS NTAPI
LsaIGetTrustedDomainAuthInfoBlobs(
IN LSAPR_HANDLE PolicyHandle,
IN PLSAPR_UNICODE_STRING TrustedDomainName,
OUT PLSAPR_TRUSTED_DOMAIN_AUTH_BLOB IncomingBlob,
OUT PLSAPR_TRUSTED_DOMAIN_AUTH_BLOB OutgoingBlob
);
NTSTATUS NTAPI
LsaISetServerRoleForNextBoot(
IN LSAPR_HANDLE PolicyHandle,
IN POLICY_LSA_SERVER_ROLE ServerRole
);
BOOLEAN NTAPI
LsaIIsClassIdLsaClass(
IN ULONG ClassId,
OUT PULONG LsaClass
);
NTSTATUS NTAPI
LsaIDsNotifiedObjectChange(
IN ULONG Class,
IN PVOID ObjectPath, // This is a DSNAME
IN SECURITY_DB_DELTA_TYPE DeltaType,
IN PSID UserSid,
IN LUID AuthenticationId,
IN BOOLEAN fReplicatedIn,
IN BOOLEAN ChangeOriginatedInLSA
);
typedef NTSTATUS (NTAPI *pfLsaIDsNotifiedObjectChange )(
ULONG, PVOID, SECURITY_DB_DELTA_TYPE, PSID, LUID, BOOLEAN, BOOLEAN );
//
// NT5 routines for moving some SAM domain object properties to the Lsa Ds objects
//
#define LSAI_SAM_NONE 0x00000000
#define LSAI_SAM_TRANSACTION_ACTIVE 0x00000001
#define LSAI_SAM_ADD 0x1
#define LSAI_SAM_REMOVE 0x2
NTSTATUS NTAPI
LsaISamSetDomainObjectProperties(
IN DOMAIN_INFORMATION_CLASS SamInfoClass,
IN PVOID Buffer,
IN ULONG Options
);
NTSTATUS NTAPI
LsaISamSetDomainBuiltinGroupMembership(
IN PSID GroupSid,
IN ULONG Operation,
IN ULONG Users,
IN PVOID UserList, // This is a list of DSNAME pointers
IN ULONG Options
);
NTSTATUS NTAPI
LsaISamIndicatedDsStarted(
IN BOOLEAN PerformDomainRenameCheck
);
//
// Netlogon routines for enumerating subnets
//
typedef struct _LSAP_SUBNET_INFO_ENTRY {
UNICODE_STRING SubnetName;
UNICODE_STRING SiteName;
} LSAP_SUBNET_INFO_ENTRY, *PLSAP_SUBNET_INFO_ENTRY;
typedef struct _LSAP_SUBNET_INFO {
ULONG SiteCount;
ULONG SubnetCount;
LSAP_SUBNET_INFO_ENTRY Subnets[1];
} LSAP_SUBNET_INFO, *PLSAP_SUBNET_INFO;
NTSTATUS NTAPI
LsaIQuerySubnetInfo(
OUT PLSAP_SUBNET_INFO *SubnetInformation
);
VOID NTAPI
LsaIFree_LSAP_SUBNET_INFO(
IN PLSAP_SUBNET_INFO SubnetInfo
);
//
// Netlogon routines for UPN/SPN suffixes
//
typedef struct _LSAP_UPN_SUFFIXES {
ULONG SuffixCount;
UNICODE_STRING Suffixes[1];
} LSAP_UPN_SUFFIXES, *PLSAP_UPN_SUFFIXES;
NTSTATUS
LsaIQueryUpnSuffixes(
OUT PLSAP_UPN_SUFFIXES *UpnSuffixes
);
VOID
LsaIFree_LSAP_UPN_SUFFIXES(
IN PLSAP_UPN_SUFFIXES UpnSuffixes
);
NTSTATUS
LsaIGetForestTrustInformation(
OUT PLSA_FOREST_TRUST_INFORMATION *ForestTrustInfo
);
NTSTATUS
LsaIUpdateForestTrustInformation(
IN LSAPR_HANDLE PolicyHandle,
IN UNICODE_STRING * TrustedDomainName,
IN PLSA_FOREST_TRUST_INFORMATION NewForestTrustInfo
);
//
// Netlogon routines for enumerating sites
//
typedef struct _LSAP_SITE_INFO_ENTRY {
UNICODE_STRING SiteName;
} LSAP_SITE_INFO_ENTRY, *PLSAP_SITE_INFO_ENTRY;
typedef struct _LSAP_SITE_INFO {
ULONG SiteCount;
LSAP_SITE_INFO_ENTRY Sites[1];
} LSAP_SITE_INFO, *PLSAP_SITE_INFO;
NTSTATUS NTAPI
LsaIQuerySiteInfo(
OUT PLSAP_SITE_INFO *SiteInformation
);
VOID NTAPI
LsaIFree_LSAP_SITE_INFO(
IN PLSAP_SITE_INFO SubnetInfo
);
//
// Netlogon routines for getting the name of the site we're in.
//
typedef struct _LSAP_SITENAME_INFO {
UNICODE_STRING SiteName;
GUID DsaGuid;
ULONG DsaOptions;
} LSAP_SITENAME_INFO, *PLSAP_SITENAME_INFO;
NTSTATUS NTAPI
LsaIGetSiteName(
OUT PLSAP_SITENAME_INFO *SiteNameInformation
);
VOID NTAPI
LsaIFree_LSAP_SITENAME_INFO(
IN PLSAP_SITENAME_INFO SiteNameInfo
);
BOOLEAN NTAPI
LsaIIsDsPaused(
VOID
);
//
// Lsa notification routine definitions
//
//
// Notification callback routine prototype
//
typedef VOID ( NTAPI fLsaPolicyChangeNotificationCallback) (
IN POLICY_NOTIFICATION_INFORMATION_CLASS ChangedInfoClass
);
typedef fLsaPolicyChangeNotificationCallback *pfLsaPolicyChangeNotificationCallback;
NTSTATUS NTAPI
LsaIRegisterPolicyChangeNotificationCallback(
IN pfLsaPolicyChangeNotificationCallback Callback,
IN POLICY_NOTIFICATION_INFORMATION_CLASS MonitorInfoClass
);
NTSTATUS NTAPI
LsaIUnregisterPolicyChangeNotificationCallback(
IN pfLsaPolicyChangeNotificationCallback Callback,
IN POLICY_NOTIFICATION_INFORMATION_CLASS MonitorInfoClass
);
NTSTATUS NTAPI
LsaIUnregisterAllPolicyChangeNotificationCallback(
IN pfLsaPolicyChangeNotificationCallback Callback
);
HANDLE NTAPI
LsaIRegisterNotification(
IN PTHREAD_START_ROUTINE StartFunction,
IN PVOID Parameter,
IN ULONG NotificationType,
IN ULONG NotificationClass,
IN ULONG NotificationFlags,
IN ULONG IntervalMinutes,
IN OPTIONAL HANDLE WaitEvent
);
NTSTATUS NTAPI
LsaICancelNotification(
IN HANDLE NotifyHandle
);
BOOLEAN
NTAPI
LsaIEventNotify(
ULONG Class,
ULONG Flags,
ULONG EventSize,
PVOID EventData);
VOID
LsaIAddTouchAddress(
PVOID Address,
SIZE_T Range
);
VOID
LsaIRemoveTouchAddress(
PVOID Address
);
//
// This is the notification Kerberos registers to receive updates on changing trusts
//
typedef VOID (fLsaTrustChangeNotificationCallback) (
IN SECURITY_DB_DELTA_TYPE DeltaType
);
typedef fLsaTrustChangeNotificationCallback *pfLsaTrustChangeNotificationCallback;
typedef enum LSAP_REGISTER {
LsaRegister = 0,
LsaUnregister
} LSAP_REGISTER, *PLSAP_REGISTER;
NTSTATUS NTAPI
LsaIKerberosRegisterTrustNotification(
IN pfLsaTrustChangeNotificationCallback Callback,
IN LSAP_REGISTER Register
);
//
// See secpkg.h : LsaGetCallInfo and SECPKG_CALL_INFO
//
BOOLEAN
NTAPI
LsaIGetCallInfo(
PVOID
);
BOOLEAN
LsaIGetThreadHeap(
VOID
);
VOID
LsaITossThreadHeap(
VOID
);
PVOID
LsaIThreadAlloc(
IN SIZE_T Size
);
VOID
LsaIThreadFree(
IN PVOID Memory
);
NTSTATUS
LsaISetClientDnsHostName(
IN PWSTR ClientName,
IN PWSTR ClientDnsHostName OPTIONAL,
IN POSVERSIONINFOEXW OsVersionInfo OPTIONAL,
IN PWSTR OsName OPTIONAL,
OUT PWSTR *OldDnsHostName OPTIONAL
);
VOID
LsaIManageReplicationSyncLock(
IN BOOLEAN TakeLock
);
NTSTATUS
LsaICallPackageEx(
IN PUNICODE_STRING AuthenticationPackage,
IN PVOID ClientBufferBase,
IN PVOID ProtocolSubmitBuffer,
IN ULONG SubmitBufferLength,
OUT PVOID * ProtocolReturnBuffer,
OUT PULONG ReturnBufferLength,
OUT PNTSTATUS ProtocolStatus
);
NTSTATUS
LsaICallPackagePassthrough(
IN PUNICODE_STRING AuthenticationPackage,
IN PVOID ClientBufferBase,
IN PVOID ProtocolSubmitBuffer,
IN ULONG SubmitBufferLength,
OUT PVOID * ProtocolReturnBuffer,
OUT PULONG ReturnBufferLength,
OUT PNTSTATUS ProtocolStatus
);
NTSTATUS
LsaISetBootOption(
IN ULONG BootOption,
IN PVOID OldKey,
IN ULONG OldKeyLength,
IN PVOID NewKey,
IN ULONG NewKeyLength
);
NTSTATUS
LsaIGetBootOption(
OUT PULONG BootOption
);
VOID
LsaINotifyPasswordChanged(
IN PUNICODE_STRING NetbiosDomainName OPTIONAL,
IN PUNICODE_STRING UserName,
IN PUNICODE_STRING DnsDomainName OPTIONAL,
IN PUNICODE_STRING Upn OPTIONAL,
IN PUNICODE_STRING OldPassword,
IN PUNICODE_STRING NewPassword,
IN BOOLEAN Impersonating
);
NTSTATUS
LsaINotifyChangeNotification(
IN POLICY_NOTIFICATION_INFORMATION_CLASS InfoClass
);
NTSTATUS
LsaIGetNbAndDnsDomainNames(
IN PUNICODE_STRING DomainName,
OUT PUNICODE_STRING DnsDomainName,
OUT PUNICODE_STRING NetbiosDomainName
);
//
// This flag indicates the the protected blob is a system blob, and cannot
// be decrypted by the user-space.
//
#define CRYPTPROTECT_SYSTEM 0x20000000
//
// Local Free should be used to free the returned buffer
//
BOOLEAN
LsaICryptProtectData(
IN PVOID DataIn,
IN ULONG DataInLength,
IN PUNICODE_STRING szDataDescr,
IN PVOID OptionalEntropy,
IN ULONG OptionalEntropyLength,
IN PVOID Reserved,
IN PVOID Reserved2,
IN ULONG Flags,
OUT PVOID * DataOut,
OUT PULONG DataOutLength);
//
// Local Free should be used to free the returned buffer
//
BOOLEAN
LsaICryptUnprotectData(
IN PVOID DataIn,
IN ULONG DataInLength,
IN PVOID OptionalEntropy,
IN ULONG OptionalEntropyLength,
IN PVOID Reserved,
IN PVOID Reserved2,
IN ULONG Flags,
OUT PUNICODE_STRING szDataDescr,
OUT PVOID * DataOut,
OUT PULONG DataOutLength);
//
// Heap allocator for the LSA process
//
PVOID
NTAPI
LsaIAllocateHeapZero(
IN SIZE_T Length
);
PVOID
NTAPI
LsaIAllocateHeap(
IN SIZE_T cbMemory
);
VOID
NTAPI
LsaIFreeHeap(
IN PVOID Base
);
typedef enum LSAP_NETLOGON_PARAMETER {
LsaEmulateNT4,
} LSAP_NETLOGON_PARAMETER;
VOID
NTAPI
LsaINotifyNetlogonParametersChangeW(
IN LSAP_NETLOGON_PARAMETER Parameter,
IN DWORD dwType,
IN PWSTR lpData,
IN DWORD cbData
);
NTSTATUS
NTAPI
LsaIChangeSecretCipherKey(
IN PVOID NewSysKey
);
#ifdef __cplusplus
}
#endif
#endif // _LSAISRV_