1384 lines
34 KiB
C
1384 lines
34 KiB
C
|
/*++ BUILD Version: 0001 // Increment this if a change has global effects
|
||
|
|
||
|
Copyright (c) 1991 Microsoft Corporation
|
||
|
|
||
|
Module Name:
|
||
|
|
||
|
db.h
|
||
|
|
||
|
Abstract:
|
||
|
|
||
|
LSA Database Exported Function Definitions, Datatypes and Defines
|
||
|
|
||
|
This module contains the LSA Database Routines that may be called
|
||
|
by parts of the LSA outside the Database sub-component.
|
||
|
|
||
|
Author:
|
||
|
|
||
|
Scott Birrell (ScottBi) August 26, 1991
|
||
|
|
||
|
Environment:
|
||
|
|
||
|
Revision History:
|
||
|
|
||
|
--*/
|
||
|
|
||
|
#ifndef _LSA_DB_
|
||
|
#define _LSA_DB_
|
||
|
|
||
|
//
|
||
|
// Maximum Number of attributes in the various object types
|
||
|
//
|
||
|
|
||
|
#define LSAP_DB_ATTRS_POLICY ((ULONG) 0x00000010L)
|
||
|
#define LSAP_DB_ATTRS_ACCOUNT ((ULONG) 0x00000010L)
|
||
|
#define LSAP_DB_ATTRS_DOMAIN ((ULONG) 0x00000012L)
|
||
|
#define LSAP_DB_ATTRS_SECRET ((ULONG) 0x00000010L)
|
||
|
|
||
|
//
|
||
|
// Constants for matching options on Sid/Name lookup operations
|
||
|
//
|
||
|
|
||
|
#define LSAP_DB_MATCH_ON_SID ((ULONG) 0x00000001L)
|
||
|
#define LSAP_DB_MATCH_ON_NAME ((ULONG) 0x00000002L)
|
||
|
|
||
|
//
|
||
|
// Options for LsapDbLookupSidsInLocalDomains()
|
||
|
//
|
||
|
|
||
|
#define LSAP_DB_SEARCH_BUILT_IN_DOMAIN ((ULONG) 0x00000001L)
|
||
|
#define LSAP_DB_SEARCH_ACCOUNT_DOMAIN ((ULONG) 0x00000002L)
|
||
|
|
||
|
//
|
||
|
// Options for LsapDbMergeDisjointReferencedDomains
|
||
|
//
|
||
|
|
||
|
#define LSAP_DB_USE_FIRST_MERGAND_GRAPH ((ULONG) 0x00000001L)
|
||
|
#define LSAP_DB_USE_SECOND_MERGAND_GRAPH ((ULONG) 0x00000002L)
|
||
|
|
||
|
//
|
||
|
// Option for updating Policy Database
|
||
|
//
|
||
|
|
||
|
#define LSAP_DB_UPDATE_POLICY_DATABASE ((ULONG) 0x00000001L)
|
||
|
//
|
||
|
// Option for updating Policy Database
|
||
|
//
|
||
|
|
||
|
#define LSAP_DB_UPDATE_POLICY_DATABASE ((ULONG) 0x00000001L)
|
||
|
//
|
||
|
// Maximum number of attributes corresponding to a Policy Object
|
||
|
// Information Class
|
||
|
//
|
||
|
|
||
|
#define LSAP_DB_ATTRS_INFO_CLASS_POLICY ((ULONG) 0x00000007L)
|
||
|
|
||
|
//
|
||
|
// Maximum number of attributes corresponding to a Trusted Domain Object
|
||
|
// Information Class
|
||
|
//
|
||
|
|
||
|
#define LSAP_DB_ATTRS_INFO_CLASS_DOMAIN ((ULONG) 0x00000010L)
|
||
|
|
||
|
//
|
||
|
// Global variables
|
||
|
//
|
||
|
|
||
|
extern BOOLEAN LsapDbRequiresSidInfo[];
|
||
|
extern BOOLEAN LsapDbRequiresNameInfo[];
|
||
|
extern LSAPR_HANDLE LsapDbHandle;
|
||
|
extern BOOLEAN LsapSetupWasRun;
|
||
|
extern BOOLEAN LsapDatabaseSetupPerformed;
|
||
|
extern NT_PRODUCT_TYPE LsapProductType;
|
||
|
extern WORD LsapProductSuiteMask;
|
||
|
extern BOOLEAN LsapDsIsRunning;
|
||
|
extern BOOLEAN LsapDsWReplEnabled;
|
||
|
|
||
|
|
||
|
//
|
||
|
// Table of accesses required to query Policy Information. This table
|
||
|
// is indexed by Policy Information Class
|
||
|
//
|
||
|
|
||
|
extern ACCESS_MASK LsapDbRequiredAccessQueryPolicy[];
|
||
|
extern ACCESS_MASK LsapDbRequiredAccessQueryDomainPolicy[];
|
||
|
|
||
|
//
|
||
|
// Table of accesses required to set Policy Information. This table
|
||
|
// is indexed by Policy Information Class
|
||
|
//
|
||
|
|
||
|
extern ACCESS_MASK LsapDbRequiredAccessSetPolicy[];
|
||
|
extern ACCESS_MASK LsapDbRequiredAccessSetDomainPolicy[];
|
||
|
|
||
|
//
|
||
|
// Table of accesses required to query TrustedDomain Information. This table
|
||
|
// is indexed by TrustedDomain Information Class
|
||
|
//
|
||
|
|
||
|
extern ACCESS_MASK LsapDbRequiredAccessQueryTrustedDomain[];
|
||
|
|
||
|
//
|
||
|
// Table of accesses required to set TrustedDomain Information. This table
|
||
|
// is indexed by TrustedDomain Information Class
|
||
|
//
|
||
|
|
||
|
extern ACCESS_MASK LsapDbRequiredAccessSetTrustedDomain[];
|
||
|
|
||
|
//
|
||
|
// Maximum Handle Reference Count
|
||
|
//
|
||
|
|
||
|
#define LSAP_DB_MAXIMUM_REFERENCE_COUNT ((ULONG) 0x00001000L)
|
||
|
|
||
|
//
|
||
|
// Maximum handles per user logon id
|
||
|
// This was determined by taking the "interesting" access bits and generating possible
|
||
|
// permutations and using that. The interesting bits were determined to be:
|
||
|
// POLICY_VIEW_LOCAL_INFORMATION
|
||
|
// POLICY_VIEW_AUDIT_INFORMATION
|
||
|
// POLICY_TRUST_ADMIN
|
||
|
// POLICY_CREATE_ACCOUNT
|
||
|
// POLICY_CREATE_SECRET
|
||
|
// POLICY_LOOKUP_NAMES
|
||
|
// The possible combinations add up to 720 entries
|
||
|
#define LSAP_DB_MAXIMUM_HANDLES_PER_USER 0x000002D0
|
||
|
|
||
|
//
|
||
|
// Default Computer Name used for Policy Account Domain Info
|
||
|
//
|
||
|
|
||
|
#define LSAP_DB_DEFAULT_COMPUTER_NAME (L"MACHINENAME")
|
||
|
|
||
|
//
|
||
|
// Options for the LsaDbReferenceObject and LsaDbDereferenceObject
|
||
|
//
|
||
|
|
||
|
#define LSAP_DB_LOCK ((ULONG) 0x00000001L)
|
||
|
#define LSAP_DB_NO_LOCK ((ULONG) 0x00000004L)
|
||
|
#define LSAP_DB_START_TRANSACTION ((ULONG) 0x00000008L)
|
||
|
#define LSAP_DB_FINISH_TRANSACTION ((ULONG) 0x00000010L)
|
||
|
#define LSAP_DB_VALIDATE_HANDLE ((ULONG) 0x00000020L)
|
||
|
#define LSAP_DB_TRUSTED ((ULONG) 0x00000040L)
|
||
|
#define LSAP_DB_STANDALONE_REFERENCE ((ULONG) 0x00000080L)
|
||
|
#define LSAP_DB_DEREFERENCE_CONTR ((ULONG) 0x00000100L)
|
||
|
#define LSAP_DB_LOG_QUEUE_LOCK ((ULONG) 0x00001000L)
|
||
|
#define LSAP_DB_OMIT_REPLICATOR_NOTIFICATION ((ULONG) 0x00004000L)
|
||
|
#define LSAP_DB_USE_LPC_IMPERSONATE ((ULONG) 0x00008000L)
|
||
|
#define LSAP_DB_ADMIT_DELETED_OBJECT_HANDLES ((ULONG) 0x00010000L)
|
||
|
#define LSAP_DB_DS_NO_PARENT_OBJECT ((ULONG) 0x00080000L)
|
||
|
#define LSAP_DB_OBJECT_SCOPE_DS ((ULONG) 0x00100000L)
|
||
|
#define LSAP_DB_DS_TRUSTED_DOMAIN_AS_SECRET ((ULONG) 0x00400000L)
|
||
|
#define LSAP_DB_READ_ONLY_TRANSACTION ((ULONG) 0x01000000L)
|
||
|
#define LSAP_DB_DS_OP_TRANSACTION ((ULONG) 0x02000000L)
|
||
|
#define LSAP_DB_NO_DS_OP_TRANSACTION ((ULONG) 0x04000000L)
|
||
|
#define LSAP_DB_HANDLE_UPGRADE ((ULONG) 0x10000000L)
|
||
|
#define LSAP_DB_HANDLE_CREATED_SECRET ((ULONG) 0x20000000L)
|
||
|
#define LSAP_DB_SCE_POLICY_HANDLE ((ULONG) 0x40000000L)
|
||
|
|
||
|
#define LSAP_DB_STATE_MASK \
|
||
|
(LSAP_DB_LOCK | LSAP_DB_NO_LOCK | \
|
||
|
LSAP_DB_START_TRANSACTION | LSAP_DB_FINISH_TRANSACTION | \
|
||
|
LSAP_DB_LOG_QUEUE_LOCK | \
|
||
|
LSAP_DB_READ_ONLY_TRANSACTION | LSAP_DB_DS_OP_TRANSACTION | \
|
||
|
LSAP_DB_NO_DS_OP_TRANSACTION)
|
||
|
|
||
|
|
||
|
//
|
||
|
// Configuration Registry Root Key for Lsa Database. All Physical Object
|
||
|
// and Attribute Names are relative to this Key.
|
||
|
//
|
||
|
|
||
|
#define LSAP_DB_ROOT_REG_KEY_NAME L"\\Registry\\Machine\\Security"
|
||
|
|
||
|
//
|
||
|
// LSA Database Object Defines
|
||
|
//
|
||
|
|
||
|
#define LSAP_DB_OBJECT_OPEN FILE_OPEN
|
||
|
#define LSAP_DB_OBJECT_OPEN_IF FILE_OPEN_IF
|
||
|
#define LSAP_DB_OBJECT_CREATE FILE_CREATE
|
||
|
#define LSAP_DB_KEY_VALUE_MAX_LENGTH (0x00000040L)
|
||
|
#define LSAP_DB_LOGICAL_NAME_MAX_LENGTH (0x00000100L)
|
||
|
#define LSAP_DB_CREATE_OBJECT_IN_DS (0x00000200L)
|
||
|
|
||
|
#define LSAP_DB_CREATE_VALID_EXTENDED_FLAGS 0x00000600
|
||
|
|
||
|
//
|
||
|
// LSA Database Object SubKey Defines
|
||
|
//
|
||
|
|
||
|
#define LSAP_DB_SUBKEY_OPEN FILE_OPEN
|
||
|
#define LSAP_DB_SUBKEY_OPEN_IF FILE_OPEN_IF
|
||
|
#define LSAP_DB_SUBKEY_CREATE FILE_CREATE
|
||
|
|
||
|
|
||
|
//
|
||
|
// Growth Delta for Referenced Domain Lists
|
||
|
//
|
||
|
|
||
|
#define LSAP_DB_REF_DOMAIN_DELTA ((ULONG) 0x00000020L )
|
||
|
|
||
|
//
|
||
|
// Object options values for the object handles
|
||
|
//
|
||
|
#define LSAP_DB_OBJECT_SECRET_INTERNAL 0x00000001 // M$
|
||
|
#define LSAP_DB_OBJECT_SECRET_LOCAL 0x00000002 // L$
|
||
|
|
||
|
|
||
|
//
|
||
|
// The following data type is used in name and SID lookup services to
|
||
|
// describe the domains referenced in the lookup operation.
|
||
|
//
|
||
|
// WARNING! This is an internal version of LSA_REFERENCED_DOMAIN_LIST
|
||
|
// in ntlsa.h. It has an additional field, MaxEntries.
|
||
|
//
|
||
|
|
||
|
typedef struct _LSAP_DB_REFERENCED_DOMAIN_LIST {
|
||
|
|
||
|
ULONG Entries;
|
||
|
PLSA_TRUST_INFORMATION Domains;
|
||
|
ULONG MaxEntries;
|
||
|
|
||
|
} LSAP_DB_REFERENCED_DOMAIN_LIST, *PLSAP_DB_REFERENCED_DOMAIN_LIST;
|
||
|
|
||
|
// where members have the following usage:
|
||
|
//
|
||
|
// Entries - Is a count of the number of domains described in the
|
||
|
// Domains array.
|
||
|
//
|
||
|
// Domains - Is a pointer to an array of Entries LSA_TRUST_INFORMATION data
|
||
|
// structures.
|
||
|
//
|
||
|
// MaxEntries - Is the maximum number of entries that can be stored
|
||
|
// in the current array
|
||
|
|
||
|
|
||
|
/////////////////////////////////////////////////////////////////////////////
|
||
|
//
|
||
|
// LSA Database Object Types
|
||
|
//
|
||
|
/////////////////////////////////////////////////////////////////////////////
|
||
|
|
||
|
//
|
||
|
// Lsa Database Object Type
|
||
|
//
|
||
|
|
||
|
typedef enum _LSAP_DB_OBJECT_TYPE_ID {
|
||
|
|
||
|
NullObject = 0,
|
||
|
PolicyObject,
|
||
|
TrustedDomainObject,
|
||
|
AccountObject,
|
||
|
SecretObject,
|
||
|
AllObject,
|
||
|
NewTrustedDomainObject,
|
||
|
DummyLastObject
|
||
|
|
||
|
} LSAP_DB_OBJECT_TYPE_ID, *PLSAP_DB_OBJECT_TYPE_ID;
|
||
|
|
||
|
//
|
||
|
// LSA Database Object Handle structure (Internal definition of LSAPR_HANDLE)
|
||
|
//
|
||
|
// Note that the Handle structure is public to clients of the Lsa Database
|
||
|
// exported functions, e.g server API workers) so that they can get at things
|
||
|
// like GrantedAccess.
|
||
|
//
|
||
|
// Access to all fields serialized by LsapDbHandleTableEx.TableLock
|
||
|
//
|
||
|
|
||
|
typedef struct _LSAP_DB_HANDLE {
|
||
|
|
||
|
struct _LSAP_DB_HANDLE *Next;
|
||
|
struct _LSAP_DB_HANDLE *Previous;
|
||
|
LIST_ENTRY UserHandleList;
|
||
|
BOOLEAN Allocated;
|
||
|
BOOLEAN SceHandle; // Sce Open Policy handle (opened with LsaOpenPolicySce)
|
||
|
BOOLEAN SceHandleChild; // Child handle of an Sce Open Policy Handle
|
||
|
ULONG ReferenceCount;
|
||
|
UNICODE_STRING LogicalNameU;
|
||
|
UNICODE_STRING PhysicalNameU;
|
||
|
PSID Sid;
|
||
|
HANDLE KeyHandle;
|
||
|
LSAP_DB_OBJECT_TYPE_ID ObjectTypeId;
|
||
|
struct _LSAP_DB_HANDLE *ContainerHandle;
|
||
|
ACCESS_MASK DesiredAccess;
|
||
|
ACCESS_MASK GrantedAccess;
|
||
|
ACCESS_MASK RequestedAccess;
|
||
|
BOOLEAN GenerateOnClose;
|
||
|
BOOLEAN Trusted;
|
||
|
BOOLEAN DeletedObject;
|
||
|
BOOLEAN NetworkClient;
|
||
|
ULONG Options;
|
||
|
// New for the Ds
|
||
|
UNICODE_STRING PhysicalNameDs;
|
||
|
BOOLEAN fWriteDs;
|
||
|
ULONG ObjectOptions;
|
||
|
PVOID UserEntry;
|
||
|
#if DBG == 1
|
||
|
LARGE_INTEGER HandleCreateTime;
|
||
|
LARGE_INTEGER HandleLastAccessTime;
|
||
|
#endif
|
||
|
|
||
|
} *LSAP_DB_HANDLE, **PLSAP_DB_HANDLE;
|
||
|
|
||
|
//
|
||
|
// LSA Database Object Sid Enumeration Buffer
|
||
|
//
|
||
|
|
||
|
typedef struct _LSAP_DB_SID_ENUMERATION_BUFFER {
|
||
|
|
||
|
ULONG EntriesRead;
|
||
|
PSID *Sids;
|
||
|
|
||
|
} LSAP_DB_SID_ENUMERATION_BUFFER, *PLSAP_DB_SID_ENUMERATION_BUFFER;
|
||
|
|
||
|
//
|
||
|
// LSA Database Object Name Enumeration Buffer
|
||
|
//
|
||
|
|
||
|
typedef struct _LSAP_DB_NAME_ENUMERATION_BUFFER {
|
||
|
|
||
|
ULONG EntriesRead;
|
||
|
PUNICODE_STRING Names;
|
||
|
|
||
|
} LSAP_DB_NAME_ENUMERATION_BUFFER, *PLSAP_DB_NAME_ENUMERATION_BUFFER;
|
||
|
|
||
|
#define LSAP_DB_OBJECT_TYPE_COUNT 0x00000005L
|
||
|
|
||
|
//
|
||
|
// Default System Access assigned to Account objects
|
||
|
//
|
||
|
|
||
|
#define LSAP_DB_ACCOUNT_DEFAULT_SYS_ACCESS ((ULONG) 0L);
|
||
|
|
||
|
//
|
||
|
// LSA Database Account Object Information
|
||
|
//
|
||
|
|
||
|
typedef struct _LSAP_DB_ACCOUNT_INFORMATION {
|
||
|
|
||
|
QUOTA_LIMITS QuotaLimits;
|
||
|
PRIVILEGE_SET Privileges;
|
||
|
|
||
|
} LSAP_DB_ACCOUNT_INFORMATION, *PLSAP_DB_ACCOUNT_INFORMATION;
|
||
|
|
||
|
//
|
||
|
// LSA Database Change Account Privilege Mode
|
||
|
//
|
||
|
|
||
|
typedef enum _LSAP_DB_CHANGE_PRIVILEGE_MODE {
|
||
|
AddPrivileges = 1,
|
||
|
RemovePrivileges,
|
||
|
SetPrivileges
|
||
|
|
||
|
} LSAP_DB_CHANGE_PRIVILEGE_MODE;
|
||
|
|
||
|
//
|
||
|
// Self-Relative Unicode String Structure.
|
||
|
//
|
||
|
//
|
||
|
// UNICODE_STRING_SR is used to store self-relative unicode strings in
|
||
|
// the database. Prior to Sundown, the UNICODE_STRING structure was used,
|
||
|
// overloading the "Buffer" field with a byte offset.
|
||
|
//
|
||
|
|
||
|
typedef struct _UNICODE_STRING_SR {
|
||
|
USHORT Length;
|
||
|
USHORT MaximumLength;
|
||
|
ULONG Offset;
|
||
|
|
||
|
} UNICODE_STRING_SR, *PUNICODE_STRING_SR;
|
||
|
|
||
|
typedef struct _LSAP_DB_MULTI_UNICODE_STRING {
|
||
|
|
||
|
ULONG Entries;
|
||
|
UNICODE_STRING_SR UnicodeStrings[1];
|
||
|
|
||
|
} LSAP_DB_MULTI_UNICODE_STRING, *PLSAP_DB_MULTI_UNICODE_STRING;
|
||
|
|
||
|
//
|
||
|
// LSA Database Object SubKey names in Unicode Form
|
||
|
//
|
||
|
|
||
|
typedef enum _LSAP_DB_NAMES {
|
||
|
|
||
|
SecDesc = 0,
|
||
|
Privilgs,
|
||
|
Sid,
|
||
|
Name,
|
||
|
AdminMod,
|
||
|
OperMode,
|
||
|
QuotaLim,
|
||
|
DefQuota,
|
||
|
QuAbsMin,
|
||
|
QuAbsMax,
|
||
|
AdtLog,
|
||
|
AdtEvent,
|
||
|
PrDomain,
|
||
|
EnPasswd,
|
||
|
Policy,
|
||
|
Accounts,
|
||
|
Domains,
|
||
|
Secrets,
|
||
|
CurrVal,
|
||
|
OldVal,
|
||
|
CupdTime,
|
||
|
OupdTime,
|
||
|
WkstaMgr,
|
||
|
PolAdtLg,
|
||
|
PolAdtEv,
|
||
|
PolAcDmN,
|
||
|
PolAcDmS,
|
||
|
PolDnDDN,
|
||
|
PolDnTrN,
|
||
|
PolDnDmG,
|
||
|
PolEfDat,
|
||
|
PolPrDmN,
|
||
|
PolPrDmS,
|
||
|
PolPdAcN,
|
||
|
PolRepSc,
|
||
|
PolRepAc,
|
||
|
PolRevision,
|
||
|
PolDefQu,
|
||
|
PolMod,
|
||
|
PolAdtFL,
|
||
|
PolState,
|
||
|
PolNxPxF,
|
||
|
ActSysAc,
|
||
|
TrDmName,
|
||
|
TrDmTrPN, // Netbios name of trust partner
|
||
|
TrDmSid,
|
||
|
TrDmAcN,
|
||
|
TrDmCtN,
|
||
|
TrDmPxOf,
|
||
|
TrDmCtEn,
|
||
|
TrDmTrTy, // Type of trust
|
||
|
TrDmTrDi, // Trust direction
|
||
|
TrDmTrLA, // Trust attributes
|
||
|
TrDmTrPr, // Trust partner
|
||
|
TrDmTrRt, // Trust root partner
|
||
|
TrDmSAI, // Auth inbound
|
||
|
TrDmSAO, // Auth outbound
|
||
|
TrDmForT, // Forest trust info
|
||
|
AcMaPCF, // Machine account password change frequency
|
||
|
PolIPSec, // IPSec object reference
|
||
|
PolDIPSec, // Domain wide IPSec object reference
|
||
|
PolLoc, // Policy location,
|
||
|
PolPubK, // Public key policy
|
||
|
KerOpts, // Kerberos authentication options
|
||
|
KerMinT, // Kerberos Minimum ticket age
|
||
|
KerMaxT, // Kerberos maximum ticket age
|
||
|
KerMaxR, // Kerberos maximum renewal age
|
||
|
KerProxy, // Kerberos proxy lifetime
|
||
|
KerLogoff, // Kerberos force logoff duration
|
||
|
DmLDur, // Lockout duration
|
||
|
DmLObWin, // Lockout observation window
|
||
|
DmLThrs, // Lockout threshold
|
||
|
DmPMinL, // Minimum password length
|
||
|
DmPHisL, // Password history length
|
||
|
DmPProp, // Password properties
|
||
|
DmPMinA, // Minimum password age
|
||
|
DmPMaxA, // Maximum password age
|
||
|
BhvrVers, // Behavior-Version
|
||
|
AuditLog,
|
||
|
AuditLogMaxSize,
|
||
|
AuditRecordRetentionPeriod, // Entries beyond this point don't correspond to real policy
|
||
|
// entries, but are pseudo entries only
|
||
|
PseudoSystemCritical,
|
||
|
PolSecretEncryptionKey,
|
||
|
XRefDnsRoot, // DNS name of cross-ref object
|
||
|
XRefNetbiosName, // NETBIOS name of cross-ref object
|
||
|
DummyLastName
|
||
|
|
||
|
} LSAP_DB_NAMES;
|
||
|
|
||
|
typedef struct _LSAP_DB_ACCOUNT_TYPE_SPECIFIC_INFO {
|
||
|
|
||
|
ULONG SystemAccess;
|
||
|
QUOTA_LIMITS QuotaLimits;
|
||
|
PPRIVILEGE_SET PrivilegeSet;
|
||
|
|
||
|
} LSAP_DB_ACCOUNT_TYPE_SPECIFIC_INFO, *PLSAP_DB_ACCOUNT_TYPE_SPECIFIC_INFO;
|
||
|
|
||
|
#ifdef __cplusplus
|
||
|
extern "C" {
|
||
|
#endif // __cplusplus
|
||
|
|
||
|
extern UNICODE_STRING LsapDbNames[DummyLastName];
|
||
|
extern UNICODE_STRING LsapDbObjectTypeNames[DummyLastObject];
|
||
|
|
||
|
//
|
||
|
// LSA Database Object Type-specific attribute names and values. If
|
||
|
// supplied on a call to LsapDbCreateObject, they will be stored with
|
||
|
// the object.
|
||
|
//
|
||
|
|
||
|
typedef enum _LSAP_DB_ATTRIB_TYPE {
|
||
|
|
||
|
LsapDbAttribUnknown = 0,
|
||
|
LsapDbAttribUnicode,
|
||
|
LsapDbAttribMultiUnicode,
|
||
|
LsapDbAttribSid,
|
||
|
LsapDbAttribGuid,
|
||
|
LsapDbAttribULong,
|
||
|
LsapDbAttribUShortAsULong,
|
||
|
LsapDbAttribSecDesc,
|
||
|
LsapDbAttribDsName,
|
||
|
LsapDbAttribPByte,
|
||
|
LsapDbAttribTime,
|
||
|
LsapDbAttribDsNameAsUnicode,
|
||
|
LsapDbAttribDsNameAsSid,
|
||
|
LsapDbAttribIntervalAsULong
|
||
|
|
||
|
} LSAP_DB_ATTRIB_TYPE, *PLSAP_DB_ATTRIB_TYPE;
|
||
|
|
||
|
|
||
|
typedef struct _LSAP_DB_ATTRIBUTE {
|
||
|
|
||
|
PUNICODE_STRING AttributeName;
|
||
|
PVOID AttributeValue;
|
||
|
ULONG AttributeValueLength;
|
||
|
BOOLEAN MemoryAllocated;
|
||
|
BOOLEAN CanDefaultToZero;
|
||
|
BOOLEAN PseudoAttribute;
|
||
|
ULONG DsAttId;
|
||
|
LSAP_DB_ATTRIB_TYPE AttribType;
|
||
|
LSAP_DB_NAMES DbNameIndex;
|
||
|
|
||
|
} LSAP_DB_ATTRIBUTE, *PLSAP_DB_ATTRIBUTE;
|
||
|
|
||
|
typedef enum _LSAP_DB_DS_LOCATION {
|
||
|
|
||
|
LsapDsLocUnknown = 0,
|
||
|
LsapDsLocRegistry,
|
||
|
LsapDsLocDs,
|
||
|
LsapDsLocDsLocalPolObj,
|
||
|
LsapDsLocDsDomainPolObj,
|
||
|
LsapDsLocLocalAndReg
|
||
|
} LSAP_DB_DS_LOCATION, *PLSAP_DB_DS_LOCATION;
|
||
|
|
||
|
typedef struct _LSAP_DB_DS_INFO {
|
||
|
|
||
|
ULONG AttributeId;
|
||
|
LSAP_DB_ATTRIB_TYPE AttributeType;
|
||
|
LSAP_DB_DS_LOCATION AttributeLocation;
|
||
|
|
||
|
} LSAP_DB_DS_INFO, *PLSAP_DB_DS_INFO;
|
||
|
|
||
|
//
|
||
|
// LSA Database Object General Information.
|
||
|
//
|
||
|
|
||
|
typedef struct _LSAP_DB_OBJECT_INFORMATION {
|
||
|
|
||
|
LSAP_DB_OBJECT_TYPE_ID ObjectTypeId;
|
||
|
LSAP_DB_OBJECT_TYPE_ID ContainerTypeId;
|
||
|
OBJECT_ATTRIBUTES ObjectAttributes;
|
||
|
PLSAP_DB_ATTRIBUTE TypeSpecificAttributes;
|
||
|
PSID Sid;
|
||
|
BOOLEAN ObjectAttributeNameOnly;
|
||
|
ULONG DesiredObjectAccess;
|
||
|
|
||
|
} LSAP_DB_OBJECT_INFORMATION, *PLSAP_DB_OBJECT_INFORMATION;
|
||
|
|
||
|
//
|
||
|
// New for the Ds integration
|
||
|
//
|
||
|
extern PLSAP_DB_DS_INFO LsapDbDsAttInfo;
|
||
|
|
||
|
//
|
||
|
// Installed, absolute minimum and absolute maximum Quota Limits.
|
||
|
//
|
||
|
|
||
|
extern QUOTA_LIMITS LsapDbInstalledQuotaLimits;
|
||
|
extern QUOTA_LIMITS LsapDbAbsMinQuotaLimits;
|
||
|
extern QUOTA_LIMITS LsapDbAbsMaxQuotaLimits;
|
||
|
|
||
|
//
|
||
|
// Required Ds data types
|
||
|
//
|
||
|
//
|
||
|
// This is the state of the machine with respect to the Ds. It will control
|
||
|
// some of the basic functionality of the Lsa APIs by determing who can write
|
||
|
// what where, etc...
|
||
|
//
|
||
|
typedef enum _LSADS_INIT_STATE {
|
||
|
|
||
|
LsapDsUnknown = 0,
|
||
|
LsapDsNoDs,
|
||
|
LsapDsDs,
|
||
|
LsapDsDsMaintenance,
|
||
|
LsapDsDsSetup
|
||
|
|
||
|
} LSADS_INIT_STATE, *PLSADS_INIT_STATE;
|
||
|
|
||
|
|
||
|
//
|
||
|
// LSA Database Exported Function Prototypes
|
||
|
//
|
||
|
// NOTE: These are callable only from the LSA
|
||
|
//
|
||
|
|
||
|
BOOLEAN
|
||
|
LsapDbIsServerInitialized(
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbOpenPolicy(
|
||
|
IN PLSAPR_SERVER_NAME SystemName OPTIONAL,
|
||
|
IN OPTIONAL PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes,
|
||
|
IN ACCESS_MASK DesiredAccess,
|
||
|
IN ULONG Options,
|
||
|
OUT PLSAPR_HANDLE PolicyHandle,
|
||
|
IN BOOLEAN TrustedClient
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbOpenTrustedDomain(
|
||
|
IN LSAPR_HANDLE PolicyHandle,
|
||
|
IN PSID TrustedDomainSid,
|
||
|
IN ACCESS_MASK DesiredAccess,
|
||
|
OUT PLSAPR_HANDLE TrustedDomainHandle,
|
||
|
IN ULONG Options
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbOpenTrustedDomainByName(
|
||
|
IN LSAPR_HANDLE PolicyHandle OPTIONAL,
|
||
|
IN PUNICODE_STRING TrustedDomainName,
|
||
|
OUT PLSAPR_HANDLE TrustedDomainHandle,
|
||
|
IN ULONG AccessMask,
|
||
|
IN ULONG Options,
|
||
|
IN BOOLEAN Trusted
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbOpenObject(
|
||
|
IN PLSAP_DB_OBJECT_INFORMATION ObjectInformation,
|
||
|
IN ACCESS_MASK DesiredAccess,
|
||
|
IN ULONG Options,
|
||
|
OUT PLSAPR_HANDLE LsaHandle
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbCreateObject(
|
||
|
IN PLSAP_DB_OBJECT_INFORMATION ObjectInformation,
|
||
|
IN ACCESS_MASK DesiredAccess,
|
||
|
IN ULONG CreateDisposition,
|
||
|
IN ULONG Options,
|
||
|
IN OPTIONAL PLSAP_DB_ATTRIBUTE TypeSpecificAttributes,
|
||
|
IN ULONG TypeSpecificAttributeCount,
|
||
|
OUT PLSAPR_HANDLE LsaHandle
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapCloseHandle(
|
||
|
IN OUT LSAPR_HANDLE *ObjectHandle,
|
||
|
IN NTSTATUS PreliminaryStatus
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbCloseObject(
|
||
|
IN PLSAPR_HANDLE ObjectHandle,
|
||
|
IN ULONG Options,
|
||
|
IN NTSTATUS PreliminaryStatus
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbDeleteObject(
|
||
|
IN LSAPR_HANDLE ObjectHandle
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbReferenceObject(
|
||
|
IN LSAPR_HANDLE ObjectHandle,
|
||
|
IN ACCESS_MASK DesiredAccess,
|
||
|
IN LSAP_DB_OBJECT_TYPE_ID HandleTypeId,
|
||
|
IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
|
||
|
IN ULONG Options
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbDereferenceObject(
|
||
|
IN OUT PLSAPR_HANDLE ObjectHandle,
|
||
|
IN LSAP_DB_OBJECT_TYPE_ID HandleTypeId,
|
||
|
IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
|
||
|
IN ULONG Options,
|
||
|
IN SECURITY_DB_DELTA_TYPE SecurityDbDeltaType,
|
||
|
IN NTSTATUS PreliminaryStatus
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbReadAttributeObject(
|
||
|
IN LSAPR_HANDLE ObjectHandle,
|
||
|
IN PUNICODE_STRING AttributeNameU,
|
||
|
IN OPTIONAL PVOID AttributeValue,
|
||
|
IN OUT PULONG AttributeValueLength
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbReadAttributeObjectEx(
|
||
|
IN LSAPR_HANDLE ObjectHandle,
|
||
|
IN LSAP_DB_NAMES AttributeIndex,
|
||
|
IN OPTIONAL PVOID AttributeValue,
|
||
|
IN OUT PULONG AttributeValueLength,
|
||
|
IN BOOLEAN CanDefaultToZero
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbWriteAttributeObject(
|
||
|
IN LSAPR_HANDLE ObjectHandle,
|
||
|
IN PUNICODE_STRING AttributeNameU,
|
||
|
IN PVOID AttributeValue,
|
||
|
IN ULONG AttributeValueLength
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbWriteAttributeObjectEx(
|
||
|
IN LSAPR_HANDLE ObjectHandle,
|
||
|
IN LSAP_DB_NAMES AttributeIndex,
|
||
|
IN PVOID AttributeValue,
|
||
|
IN ULONG AttributeValueLength
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbWriteAttributesObject(
|
||
|
IN LSAPR_HANDLE ObjectHandle,
|
||
|
IN PLSAP_DB_ATTRIBUTE Attributes,
|
||
|
IN ULONG AttributeCount
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbReadAttributesObject(
|
||
|
IN LSAPR_HANDLE ObjectHandle,
|
||
|
IN ULONG Options,
|
||
|
IN OUT PLSAP_DB_ATTRIBUTE Attributes,
|
||
|
IN ULONG AttributeCount
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbDeleteAttributeObject(
|
||
|
IN LSAPR_HANDLE ObjectHandle,
|
||
|
IN PUNICODE_STRING AttributeNameU,
|
||
|
IN BOOLEAN DeleteSecurely
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbDeleteAttributesObject(
|
||
|
IN LSAPR_HANDLE ObjectHandle,
|
||
|
IN PLSAP_DB_ATTRIBUTE Attributes,
|
||
|
IN ULONG AttributeCount
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbQueryInformationAccounts(
|
||
|
IN LSAPR_HANDLE PolicyHandle,
|
||
|
IN ULONG IdCount,
|
||
|
IN PSID_AND_ATTRIBUTES Ids,
|
||
|
OUT PULONG PrivilegeCount,
|
||
|
OUT PLUID_AND_ATTRIBUTES *Privileges,
|
||
|
OUT PQUOTA_LIMITS QuotaLimits,
|
||
|
OUT PULONG SystemAccess
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbOpenTransaction(
|
||
|
IN ULONG Options
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbApplyTransaction(
|
||
|
IN LSAPR_HANDLE ObjectHandle,
|
||
|
IN ULONG Options,
|
||
|
IN SECURITY_DB_DELTA_TYPE SecurityDbDeltaType
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbAbortTransaction(
|
||
|
IN ULONG Options
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbSidToLogicalNameObject(
|
||
|
IN PSID Sid,
|
||
|
OUT PUNICODE_STRING LogicalNameU
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbMakeTemporaryObject(
|
||
|
IN LSAPR_HANDLE ObjectHandle
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbChangePrivilegesAccount(
|
||
|
IN LSAPR_HANDLE AccountHandle,
|
||
|
IN LSAP_DB_CHANGE_PRIVILEGE_MODE ChangeMode,
|
||
|
IN BOOLEAN AllPrivileges,
|
||
|
IN OPTIONAL PPRIVILEGE_SET Privileges,
|
||
|
IN BOOL LockSce
|
||
|
);
|
||
|
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbEnumerateSids(
|
||
|
IN LSAPR_HANDLE ContainerHandle,
|
||
|
IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
|
||
|
IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
|
||
|
OUT PLSAP_DB_SID_ENUMERATION_BUFFER DbEnumerationBuffer,
|
||
|
IN ULONG PreferedMaximumLength
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbFindNextSid(
|
||
|
IN LSAPR_HANDLE ContainerHandle,
|
||
|
IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
|
||
|
IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
|
||
|
OUT PLSAPR_SID *NextSid
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbEnumeratePrivileges(
|
||
|
IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
|
||
|
OUT PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer,
|
||
|
IN ULONG PreferedMaximumLength
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbEnumerateNames(
|
||
|
IN LSAPR_HANDLE ContainerHandle,
|
||
|
IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
|
||
|
IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
|
||
|
OUT PLSAP_DB_NAME_ENUMERATION_BUFFER DbEnumerationBuffer,
|
||
|
IN ULONG PreferedMaximumLength
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbFindNextName(
|
||
|
IN LSAPR_HANDLE ContainerHandle,
|
||
|
IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
|
||
|
IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
|
||
|
OUT PLSAPR_UNICODE_STRING Name
|
||
|
);
|
||
|
|
||
|
VOID
|
||
|
LsapDbFreeEnumerationBuffer(
|
||
|
IN PLSAP_DB_NAME_ENUMERATION_BUFFER DbEnumerationBuffer
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbInitializeServer(
|
||
|
IN ULONG Pass
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbInstallRegistry(
|
||
|
);
|
||
|
|
||
|
//
|
||
|
// These routines may someday migrate to Rtl runtime library. Their
|
||
|
// names have Lsap Prefixes only temporarily, so that they can be located
|
||
|
// easily.
|
||
|
//
|
||
|
|
||
|
// Options for LsapRtlAddPrivileges
|
||
|
|
||
|
#define RTL_COMBINE_PRIVILEGE_ATTRIBUTES ((ULONG) 0x00000001L)
|
||
|
#define RTL_SUPERSEDE_PRIVILEGE_ATTRIBUTES ((ULONG) 0x00000002L)
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapRtlAddPrivileges(
|
||
|
IN OUT PPRIVILEGE_SET * RunningPrivileges,
|
||
|
IN OUT PULONG MaxRunningPrivileges,
|
||
|
IN PPRIVILEGE_SET PrivilegesToAdd,
|
||
|
IN ULONG Options,
|
||
|
OUT OPTIONAL BOOLEAN * Changed
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapRtlRemovePrivileges(
|
||
|
IN OUT PPRIVILEGE_SET ExistingPrivileges,
|
||
|
IN PPRIVILEGE_SET PrivilegesToRemove
|
||
|
);
|
||
|
|
||
|
PLUID_AND_ATTRIBUTES
|
||
|
LsapRtlGetPrivilege(
|
||
|
IN PLUID_AND_ATTRIBUTES Privilege,
|
||
|
IN PPRIVILEGE_SET Privileges
|
||
|
);
|
||
|
|
||
|
BOOLEAN
|
||
|
LsapRtlPrefixSid(
|
||
|
IN PSID PrefixSid,
|
||
|
IN PSID Sid
|
||
|
);
|
||
|
|
||
|
ULONG
|
||
|
LsapDbGetSizeTextSid(
|
||
|
IN PSID Sid
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbSidToTextSid(
|
||
|
IN PSID Sid,
|
||
|
OUT PSZ TextSid
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbSidToUnicodeSid(
|
||
|
IN PSID Sid,
|
||
|
OUT PUNICODE_STRING SidU,
|
||
|
IN BOOLEAN AllocateDestinationString
|
||
|
);
|
||
|
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbInitializeWellKnownValues();
|
||
|
|
||
|
#if defined(REMOTE_BOOT)
|
||
|
VOID
|
||
|
LsapDbInitializeRemoteBootState();
|
||
|
#endif // defined(REMOTE_BOOT)
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbVerifyInformationObject(
|
||
|
IN PLSAP_DB_OBJECT_INFORMATION ObjectInformation
|
||
|
);
|
||
|
|
||
|
/*++
|
||
|
|
||
|
BOOLEAN
|
||
|
LsapDbIsValidTypeObject(
|
||
|
IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId
|
||
|
)
|
||
|
|
||
|
Routine Description:
|
||
|
|
||
|
This macro function determines if a given Object Type Id is valid.
|
||
|
|
||
|
Arguments:
|
||
|
|
||
|
ObjectTypeId - Object Type Id.
|
||
|
|
||
|
Return Values:
|
||
|
|
||
|
BOOLEAN - TRUE if object type id is valid, else FALSE.
|
||
|
|
||
|
--*/
|
||
|
|
||
|
#define LsapDbIsValidTypeObject(ObjectTypeId) \
|
||
|
(((ObjectTypeId) > NullObject) && \
|
||
|
((ObjectTypeId) < DummyLastObject))
|
||
|
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbGetRequiredAccessQueryPolicy(
|
||
|
IN POLICY_INFORMATION_CLASS InformationClass,
|
||
|
OUT PACCESS_MASK RequiredAccess
|
||
|
);
|
||
|
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbVerifyInfoQueryPolicy(
|
||
|
IN LSAPR_HANDLE PolicyHandle,
|
||
|
IN POLICY_INFORMATION_CLASS InformationClass,
|
||
|
OUT PACCESS_MASK RequiredAccess
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbVerifyInfoSetPolicy(
|
||
|
IN LSAPR_HANDLE PolicyHandle,
|
||
|
IN POLICY_INFORMATION_CLASS InformationClass,
|
||
|
IN PLSAPR_POLICY_INFORMATION PolicyInformation,
|
||
|
OUT PACCESS_MASK RequiredAccess
|
||
|
);
|
||
|
|
||
|
BOOLEAN
|
||
|
LsapDbValidInfoPolicy(
|
||
|
IN POLICY_INFORMATION_CLASS InformationClass,
|
||
|
IN OPTIONAL PLSAPR_POLICY_INFORMATION PolicyInformation
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbVerifyInfoQueryTrustedDomain(
|
||
|
IN TRUSTED_INFORMATION_CLASS InformationClass,
|
||
|
IN BOOLEAN Trusted,
|
||
|
OUT PACCESS_MASK RequiredAccess
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbVerifyInfoSetTrustedDomain(
|
||
|
IN TRUSTED_INFORMATION_CLASS InformationClass,
|
||
|
IN PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation,
|
||
|
IN BOOLEAN Trusted,
|
||
|
OUT PACCESS_MASK RequiredAccess
|
||
|
);
|
||
|
|
||
|
BOOLEAN
|
||
|
LsapDbValidInfoTrustedDomain(
|
||
|
IN TRUSTED_INFORMATION_CLASS InformationClass,
|
||
|
IN OPTIONAL PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbMakeUnicodeAttribute(
|
||
|
IN OPTIONAL PUNICODE_STRING UnicodeValue,
|
||
|
IN PUNICODE_STRING AttributeName,
|
||
|
OUT PLSAP_DB_ATTRIBUTE Attribute
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbMakeMultiUnicodeAttribute(
|
||
|
OUT PLSAP_DB_ATTRIBUTE Attribute,
|
||
|
IN PUNICODE_STRING AttributeName,
|
||
|
IN PUNICODE_STRING UnicodeNames,
|
||
|
IN ULONG Entries
|
||
|
);
|
||
|
|
||
|
VOID
|
||
|
LsapDbCopyUnicodeAttributeNoAlloc(
|
||
|
OUT PUNICODE_STRING OutputString,
|
||
|
IN PLSAP_DB_ATTRIBUTE Attribute,
|
||
|
IN BOOLEAN SelfRelative
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbCopyUnicodeAttribute(
|
||
|
OUT PUNICODE_STRING OutputString,
|
||
|
IN PLSAP_DB_ATTRIBUTE Attribute,
|
||
|
IN BOOLEAN SelfRelative
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbMakeSidAttribute(
|
||
|
IN PSID Sid,
|
||
|
IN PUNICODE_STRING AttributeName,
|
||
|
OUT PLSAP_DB_ATTRIBUTE Attribute
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbMakeGuidAttribute(
|
||
|
IN GUID *Guid,
|
||
|
IN PUNICODE_STRING AttributeName,
|
||
|
OUT PLSAP_DB_ATTRIBUTE Attribute
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbMakeBlobAttribute(
|
||
|
IN ULONG BlobLength,
|
||
|
IN PBYTE pBlob,
|
||
|
IN PUNICODE_STRING AttributeName,
|
||
|
OUT PLSAP_DB_ATTRIBUTE Attribute
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbMakeUnicodeAttributeDs(
|
||
|
IN OPTIONAL PUNICODE_STRING UnicodeValue,
|
||
|
IN LSAP_DB_NAMES Name,
|
||
|
OUT PLSAP_DB_ATTRIBUTE Attribute
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbMakeMultiUnicodeAttributeDs(
|
||
|
OUT PLSAP_DB_ATTRIBUTE Attribute,
|
||
|
IN LSAP_DB_NAMES Name,
|
||
|
IN PUNICODE_STRING UnicodeNames,
|
||
|
IN ULONG Entries
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbMakeSidAttributeDs(
|
||
|
IN PSID Sid,
|
||
|
IN IN LSAP_DB_NAMES Name,
|
||
|
OUT PLSAP_DB_ATTRIBUTE Attribute
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbMakeGuidAttributeDs(
|
||
|
IN GUID *Guid,
|
||
|
IN LSAP_DB_NAMES Name,
|
||
|
OUT PLSAP_DB_ATTRIBUTE Attribute
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbMakeBlobAttributeDs(
|
||
|
IN ULONG BlobLength,
|
||
|
IN PBYTE pBlob,
|
||
|
IN LSAP_DB_NAMES Name,
|
||
|
OUT PLSAP_DB_ATTRIBUTE Attribute
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbMakePByteAttributeDs(
|
||
|
IN OPTIONAL PBYTE Buffer,
|
||
|
IN ULONG BufferLength,
|
||
|
IN LSAP_DB_ATTRIB_TYPE AttribType,
|
||
|
IN PUNICODE_STRING AttributeName,
|
||
|
OUT PLSAP_DB_ATTRIBUTE Attribute
|
||
|
);
|
||
|
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbReadAttribute(
|
||
|
IN LSAPR_HANDLE ObjectHandle,
|
||
|
IN OUT PLSAP_DB_ATTRIBUTE Attribute
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbFreeAttributes(
|
||
|
IN ULONG Count,
|
||
|
IN PLSAP_DB_ATTRIBUTE Attributes
|
||
|
);
|
||
|
|
||
|
/*++
|
||
|
|
||
|
VOID
|
||
|
LsapDbInitializeAttribute(
|
||
|
IN PLSAP_DB_ATTRIBUTE AttributeP,
|
||
|
IN PUNICODE_STRING AttributeNameP,
|
||
|
IN OPTIONAL PVOID AttributeValueP,
|
||
|
IN ULONG AttributeValueLengthP,
|
||
|
IN BOOLEAN MemoryAllocatedP
|
||
|
)
|
||
|
|
||
|
Routine Description:
|
||
|
|
||
|
This macro function initialize an Lsa Database Object Attribute
|
||
|
structure. No validation is done.
|
||
|
|
||
|
Arguments:
|
||
|
|
||
|
AttributeP - Pointer to Lsa Database Attribute structure to be
|
||
|
initialized.
|
||
|
|
||
|
AttributeNameP - Pointer to Unicode String containing the attribute's
|
||
|
name.
|
||
|
|
||
|
AttributeValueP - Pointer to the attribute's value. NULL may be
|
||
|
specified.
|
||
|
|
||
|
AttributeValueLengthP - Length of the attribute's value in bytes.
|
||
|
|
||
|
MemoryAllocatedP - TRUE if memory is allocated by MIDL_user_allocate
|
||
|
within the LSA Server code (not by RPC server stubs), else FALSE.
|
||
|
|
||
|
Return Values:
|
||
|
|
||
|
None.
|
||
|
|
||
|
--*/
|
||
|
|
||
|
#define LsapDbInitializeAttribute( \
|
||
|
AttributeP, \
|
||
|
AttributeNameP, \
|
||
|
AttributeValueP, \
|
||
|
AttributeValueLengthP, \
|
||
|
MemoryAllocatedP \
|
||
|
) \
|
||
|
\
|
||
|
{ \
|
||
|
(AttributeP)->AttributeName = AttributeNameP; \
|
||
|
(AttributeP)->AttributeValue = AttributeValueP; \
|
||
|
(AttributeP)->AttributeValueLength = AttributeValueLengthP; \
|
||
|
(AttributeP)->MemoryAllocated = MemoryAllocatedP; \
|
||
|
(AttributeP)->DsAttId = 0; \
|
||
|
(AttributeP)->AttribType = LsapDbAttribUnknown; \
|
||
|
(AttributeP)->CanDefaultToZero = FALSE; \
|
||
|
(AttributeP)->PseudoAttribute = FALSE; \
|
||
|
}
|
||
|
|
||
|
/*++
|
||
|
|
||
|
VOID
|
||
|
LsapDbInitializeAttributeDs(
|
||
|
IN PLSAP_DB_ATTRIBUTE AttributeP,
|
||
|
IN LSAP_DB_NAMES Name,
|
||
|
IN OPTIONAL PVOID AttributeValueP,
|
||
|
IN ULONG AttributeValueLengthP,
|
||
|
IN BOOLEAN MemoryAllocatedP
|
||
|
)
|
||
|
|
||
|
Routine Description:
|
||
|
|
||
|
This macro function initialize an Lsa Database Object Attribute
|
||
|
structure. No validation is done.
|
||
|
|
||
|
Arguments:
|
||
|
|
||
|
AttributeP - Pointer to Lsa Database Attribute structure to be
|
||
|
initialized.
|
||
|
|
||
|
Name - Name index to create
|
||
|
|
||
|
AttributeValueP - Pointer to the attribute's value. NULL may be
|
||
|
specified.
|
||
|
|
||
|
AttributeValueLengthP - Length of the attribute's value in bytes.
|
||
|
|
||
|
MemoryAllocatedP - TRUE if memory is allocated by MIDL_user_allocate
|
||
|
within the LSA Server code (not by RPC server stubs), else FALSE.
|
||
|
|
||
|
Return Values:
|
||
|
|
||
|
None.
|
||
|
|
||
|
--*/
|
||
|
#define LsapDbInitializeAttributeDs( \
|
||
|
AttributeP, \
|
||
|
Name, \
|
||
|
AttributeValueP, \
|
||
|
AttributeValueLengthP, \
|
||
|
MemoryAllocatedP \
|
||
|
) \
|
||
|
\
|
||
|
{ \
|
||
|
LsapDbInitializeAttribute( (AttributeP), &LsapDbNames[Name], \
|
||
|
AttributeValueP, AttributeValueLengthP, \
|
||
|
MemoryAllocatedP ); \
|
||
|
(AttributeP)->DsAttId = LsapDbDsAttInfo[Name].AttributeId; \
|
||
|
(AttributeP)->AttribType = LsapDbDsAttInfo[Name].AttributeType; \
|
||
|
(AttributeP)->CanDefaultToZero = FALSE; \
|
||
|
(AttributeP)->DbNameIndex = Name; \
|
||
|
}
|
||
|
|
||
|
#define LsapDbAttributeCanNotExist( \
|
||
|
AttributeP \
|
||
|
) \
|
||
|
{ \
|
||
|
(AttributeP)->CanDefaultToZero = TRUE; \
|
||
|
}
|
||
|
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbGetPrivilegesAndQuotas(
|
||
|
IN LSAPR_HANDLE PolicyHandle,
|
||
|
IN SECURITY_LOGON_TYPE LogonType,
|
||
|
IN ULONG IdCount,
|
||
|
IN PSID_AND_ATTRIBUTES Ids,
|
||
|
OUT PULONG PrivilegeCount,
|
||
|
OUT PLUID_AND_ATTRIBUTES *Privileges,
|
||
|
OUT PQUOTA_LIMITS QuotaLimits
|
||
|
);
|
||
|
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapInitializeNotifiyList(
|
||
|
VOID
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapCrServerGetSessionKeySafe(
|
||
|
IN LSAPR_HANDLE ObjectHandle,
|
||
|
IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
|
||
|
OUT PLSAP_CR_CIPHER_KEY *SessionKey
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbVerifyHandle(
|
||
|
IN LSAPR_HANDLE ObjectHandle,
|
||
|
IN ULONG Options,
|
||
|
IN LSAP_DB_OBJECT_TYPE_ID ExpectedObjectTypeId,
|
||
|
IN BOOLEAN ReferenceHandle
|
||
|
);
|
||
|
|
||
|
BOOLEAN
|
||
|
LsapDbDereferenceHandle(
|
||
|
IN LSAPR_HANDLE ObjectHandle
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbQueryAllInformationAccounts(
|
||
|
IN LSAPR_HANDLE PolicyHandle,
|
||
|
IN ULONG IdCount,
|
||
|
IN PSID_AND_ATTRIBUTES Ids,
|
||
|
OUT PLSAP_DB_ACCOUNT_TYPE_SPECIFIC_INFO AccountInfo
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapCreateTrustedDomain2(
|
||
|
IN LSAPR_HANDLE PolicyHandle,
|
||
|
IN PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation,
|
||
|
IN PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION AuthenticationInformation,
|
||
|
IN ACCESS_MASK DesiredAccess,
|
||
|
OUT PLSAPR_HANDLE TrustedDomainHandle
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDsInitializeDsStateInfo(
|
||
|
IN LSADS_INIT_STATE DsInitState
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDsUnitializeDsStateInfo(
|
||
|
);
|
||
|
|
||
|
/*++
|
||
|
|
||
|
BOOLEAN
|
||
|
LsapValidateLsaUnicodeString(
|
||
|
IN PLSAPR_UNICODE_STRING UnicodeString
|
||
|
);
|
||
|
|
||
|
Returns TRUE if the LSAPR_UNICODE_STRING is valid. FALSE otherwise
|
||
|
--*/
|
||
|
|
||
|
#define LsapValidateLsaUnicodeString( _us_ ) \
|
||
|
(( (_us_) == NULL || \
|
||
|
( \
|
||
|
(_us_)->MaximumLength >= ( _us_ )->Length && \
|
||
|
(_us_)->Length % 2 == 0 && \
|
||
|
(_us_)->MaximumLength % 2 == 0 && \
|
||
|
((_us_)->Length == 0 || (_us_)->Buffer != NULL ) \
|
||
|
) \
|
||
|
) ? TRUE : FALSE )
|
||
|
|
||
|
/*++
|
||
|
|
||
|
BOOLEAN
|
||
|
LsapValidateLsaCipherValue(
|
||
|
IN PLSAPR_UNICODE_STRING UnicodeString
|
||
|
);
|
||
|
|
||
|
Returns TRUE if the LSAPR_CR_CIPHER_KEY is valid. FALSE otherwise
|
||
|
--*/
|
||
|
|
||
|
#define LsapValidateLsaCipherValue( _us_ ) \
|
||
|
( \
|
||
|
(_us_)->MaximumLength >= ( _us_ )->Length && \
|
||
|
((_us_)->Length == 0 || (_us_)->Buffer != NULL ) \
|
||
|
) \
|
||
|
? TRUE : FALSE
|
||
|
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDbIsImpersonatedClientNetworkClient(
|
||
|
IN OUT PBOOLEAN IsNetworkClient
|
||
|
);
|
||
|
|
||
|
BOOLEAN
|
||
|
LsapSidPresentInGroups(
|
||
|
IN PTOKEN_GROUPS TokenGroups,
|
||
|
IN SID * Sid
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapDomainRenameHandlerForLogonSessions(
|
||
|
IN PUNICODE_STRING OldNetbiosName,
|
||
|
IN PUNICODE_STRING OldDnsName,
|
||
|
IN PUNICODE_STRING NewNetbiosName,
|
||
|
IN PUNICODE_STRING NewDnsName
|
||
|
);
|
||
|
|
||
|
NTSTATUS
|
||
|
LsapRetrieveDnsDomainNameFromHive(
|
||
|
IN HKEY Hkey,
|
||
|
IN OUT DWORD * Length,
|
||
|
OUT WCHAR * Buffer
|
||
|
);
|
||
|
|
||
|
#ifdef __cplusplus
|
||
|
}
|
||
|
#endif // __cplusplus
|
||
|
|
||
|
#endif // _LSA_DB_
|