/*++ BUILD Version: 0001 // Increment this if a change has global effects Copyright (c) 1992 Microsoft Corporation Module Name: lsaisrv.h Abstract: This file contains interfaces to internal routines in the Lsa Server that provide additional functionality not contained in the Lsar routines. These routines are only used by LSA clients which live in the same process as the LSA server. Author: Scott Birrell (ScottBi) April 8, 1992 Environment: User Mode - Win32 Revision History: --*/ #ifndef _LSAISRV_ #define _LSAISRV_ #ifdef __cplusplus extern "C" { #endif // // The following constants are defined for callers of the LsaIHealthCheckRoutine // // 1. LSAI_SAM_STATE_SESS_KEY is used to convey the syskey by SAM to LSA. // This is used in upgrade cases from NT4 and win2k B3 and RC1. // SAM in these cases knows the syskey // // 2. LSAI_SAM_STATE_UNROLL_SP4_ENCRYPTION is used to convey SAM's password // encryption key to LSA. This is used to unroll encryption used in NT4 SP4 // ( incorrectly ) using SAM's password encryption key // // 3. LSAI_SAM_STATE_RETRIEVE_SESS_KEY is used by SAM/DS to retrieve the // from LSA to decrypt their respective password encryption keys // // 4. LSAI_SAM_GENERATE_SESS_KEY is used by SAM to tell the LSA to generate // a new Password Encryption key in the case where we are upgrading // from a NT4 or Win2k B3 or RC1 Machine and the machine is not syskey'd // // 5. LSAI_SAM_STATE_CLEAR_SESS_KEY is used by SAM or DS to clear the syskey // after it has been used for decrypting their respective password // encryption keys. // // 6. LSAI_SAM_STATE_OLD_SESS_KEY This is used to retrieve the old syskey in // to implement error recovery during syskey change cases. // #define LSAI_SAM_STATE_SESS_KEY 0x1 #define LSAI_SAM_STATE_UNROLL_SP4_ENCRYPTION 0x2 #define LSAI_SAM_STATE_RETRIEVE_SESS_KEY 0x3 #define LSAI_SAM_STATE_CLEAR_SESS_KEY 0x4 #define LSAI_SAM_GENERATE_SESS_KEY 0x5 #define LSAI_SAM_STATE_OLD_SESS_KEY 0x6 /////////////////////////////////////////////////////////////////////////////// // // // The following prototypes are usable throughout the process that the // // LSA server resides in. // // // /////////////////////////////////////////////////////////////////////////////// NTSTATUS NTAPI LsaIHealthCheck( IN LSAPR_HANDLE DomainHandle OPTIONAL, IN ULONG StateChange, IN OUT PVOID StateChangeData, IN OUT PULONG StateChangeDataLength ); NTSTATUS NTAPI LsaIOpenPolicyTrusted( OUT PLSAPR_HANDLE PolicyHandle ); NTSTATUS NTAPI LsaIQueryInformationPolicyTrusted( IN POLICY_INFORMATION_CLASS InformationClass, OUT PLSAPR_POLICY_INFORMATION *Buffer ); NTSTATUS NTAPI LsaIGetSerialNumberPolicy( IN LSAPR_HANDLE PolicyHandle, OUT PLARGE_INTEGER ModifiedCount, OUT PLARGE_INTEGER CreationTime ); NTSTATUS NTAPI LsaISetSerialNumberPolicy( IN LSAPR_HANDLE PolicyHandle, IN PLARGE_INTEGER ModifiedCount, IN PLARGE_INTEGER CreationTime, IN BOOLEAN StartOfFullSync ); NTSTATUS NTAPI LsaIGetSerialNumberPolicy2( IN LSAPR_HANDLE PolicyHandle, OUT PLARGE_INTEGER ModifiedCount, OUT PLARGE_INTEGER ModifiedCountAtLastPromotion, OUT PLARGE_INTEGER CreationTime ); NTSTATUS NTAPI LsaISetSerialNumberPolicy2( IN LSAPR_HANDLE PolicyHandle, IN PLARGE_INTEGER ModifiedCount, IN PLARGE_INTEGER ModifiedCountAtLastPromotion OPTIONAL, IN PLARGE_INTEGER CreationTime, IN BOOLEAN StartOfFullSync ); NTSTATUS NTAPI LsaIGetPrivateData( IN LSAPR_HANDLE PolicyHandle, OUT PULONG DataLength, OUT PVOID *Data ); NTSTATUS NTAPI LsaISetPrivateData( IN LSAPR_HANDLE PolicyHandle, IN ULONG DataLength, IN PVOID Data ); NTSTATUS NTAPI LsaIEnumerateSecrets( IN LSAPR_HANDLE PolicyHandle, IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext, OUT PVOID *Buffer, IN ULONG PreferedMaximumLength, OUT PULONG CountReturned ); NTSTATUS NTAPI LsaISetTimesSecret( IN LSAPR_HANDLE SecretHandle, IN PLARGE_INTEGER CurrentValueSetTime, IN PLARGE_INTEGER OldValueSetTime ); #ifdef __LOGONMSV_H__ // This API is only of interest to users of logonmsv.h NTSTATUS NTAPI LsaIFilterSids( IN PUNICODE_STRING TrustedDomainName, IN ULONG TrustDirection, IN ULONG TrustType, IN ULONG TrustAttributes, IN PSID Sid, IN NETLOGON_VALIDATION_INFO_CLASS InfoClass, IN OUT PVOID SamInfo ); #endif typedef enum { RoutingMatchDomainSid, RoutingMatchDomainName, RoutingMatchUpn, RoutingMatchSpn, } LSA_ROUTING_MATCH_TYPE; NTSTATUS NTAPI LsaIForestTrustFindMatch( IN LSA_ROUTING_MATCH_TYPE Type, IN PVOID Data, OUT PLSA_UNICODE_STRING Match ); VOID LsaIFree_LSA_FOREST_TRUST_INFORMATION( IN PLSA_FOREST_TRUST_INFORMATION * ForestTrustInfo ); VOID LsaIFree_LSA_FOREST_TRUST_COLLISION_INFORMATION( IN PLSA_FOREST_TRUST_COLLISION_INFORMATION * CollisionInfo ); BOOLEAN NTAPI LsaISetupWasRun( ); BOOLEAN NTAPI LsaISafeMode( VOID ); BOOLEAN NTAPI LsaILookupWellKnownName( IN PUNICODE_STRING WellKnownName ); VOID NTAPI LsaIFree_LSAPR_ACCOUNT_ENUM_BUFFER ( IN PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer ); VOID NTAPI LsaIFree_LSAPR_TRANSLATED_SIDS ( IN PLSAPR_TRANSLATED_SIDS TranslatedSids ); VOID NTAPI LsaIFree_LSAPR_TRANSLATED_NAMES ( IN PLSAPR_TRANSLATED_NAMES TranslatedNames ); VOID NTAPI LsaIFree_LSAPR_POLICY_INFORMATION ( IN POLICY_INFORMATION_CLASS InformationClass, IN PLSAPR_POLICY_INFORMATION PolicyInformation ); VOID NTAPI LsaIFree_LSAPR_POLICY_DOMAIN_INFORMATION ( IN POLICY_DOMAIN_INFORMATION_CLASS DomainInformationClass, IN PLSAPR_POLICY_DOMAIN_INFORMATION PolicyDomainInformation ); VOID NTAPI LsaIFree_LSAPR_TRUSTED_DOMAIN_INFO ( IN TRUSTED_INFORMATION_CLASS InformationClass, IN PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation ); VOID NTAPI LsaIFree_LSAPR_REFERENCED_DOMAIN_LIST ( IN PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains ); VOID NTAPI LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER ( IN PLSAPR_TRUSTED_ENUM_BUFFER EnumerationBuffer ); VOID NTAPI LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER_EX ( PLSAPR_TRUSTED_ENUM_BUFFER_EX EnumerationBuffer ); VOID NTAPI LsaIFree_LSAPR_TRUST_INFORMATION ( IN PLSAPR_TRUST_INFORMATION TrustInformation ); VOID NTAPI LsaIFree_LSAP_SECRET_ENUM_BUFFER ( IN PVOID Buffer, IN ULONG Count ); VOID NTAPI LsaIFree_LSAPR_PRIVILEGE_ENUM_BUFFER ( PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer ); VOID NTAPI LsaIFree_LSAPR_SR_SECURITY_DESCRIPTOR ( IN PLSAPR_SR_SECURITY_DESCRIPTOR SecurityDescriptor ); VOID LsaIFree_LSAI_SECRET_ENUM_BUFFER ( IN PVOID Buffer, IN ULONG Count ); VOID NTAPI LsaIFree_LSAI_PRIVATE_DATA ( IN PVOID Data ); VOID NTAPI LsaIFree_LSAPR_UNICODE_STRING ( IN PLSAPR_UNICODE_STRING UnicodeName ); VOID NTAPI LsaIFree_LSAPR_UNICODE_STRING_BUFFER ( IN PLSAPR_UNICODE_STRING UnicodeName ); VOID NTAPI LsaIFree_LSAPR_PRIVILEGE_SET ( IN PLSAPR_PRIVILEGE_SET PrivilegeSet ); VOID NTAPI LsaIFree_LSAPR_CR_CIPHER_VALUE ( IN PLSAPR_CR_CIPHER_VALUE CipherValue ); NTSTATUS NTAPI LsaIAuditSamEvent( IN NTSTATUS Status, IN ULONG AuditId, IN PSID DomainSid, IN PUNICODE_STRING AdditionalInfo OPTIONAL, IN PULONG MemberRid OPTIONAL, IN PSID MemberSid OPTIONAL, IN PUNICODE_STRING AccountName OPTIONAL, IN PUNICODE_STRING DomainName, IN PULONG AccountRid OPTIONAL, IN PPRIVILEGE_SET Privileges OPTIONAL ); VOID NTAPI LsaIAuditNotifyPackageLoad( PUNICODE_STRING PackageFileName ); NTSTATUS NTAPI LsaIAuditKdcEvent( IN ULONG AuditId, IN PUNICODE_STRING ClientName, IN PUNICODE_STRING ClientDomain, IN PSID ClientSid, IN PUNICODE_STRING ServiceName, IN PSID ServiceSid, IN PULONG KdcOptions, IN PULONG KerbStatus, IN PULONG EncryptionType, IN PULONG PreAuthType, IN PBYTE ClientAddress, IN LPGUID UniqueId OPTIONAL ); NTSTATUS LsaIGetLogonGuid( IN PUNICODE_STRING pUserName, IN PUNICODE_STRING pUserDomain, IN PBYTE pBuffer, IN UINT BufferSize, OUT LPGUID pLogonGuid ); NTSTATUS LsaISetLogonGuidInLogonSession( IN PLUID LogonId, IN LPGUID LogonGuid OPTIONAL ); VOID LsaIAuditKerberosLogon( IN NTSTATUS LogonStatus, IN NTSTATUS LogonSubStatus, IN PUNICODE_STRING AccountName, IN PUNICODE_STRING AuthenticatingAuthority, IN PUNICODE_STRING WorkstationName, IN PSID UserSid, OPTIONAL IN SECURITY_LOGON_TYPE LogonType, IN PTOKEN_SOURCE TokenSource, IN PLUID LogonId, IN LPGUID LogonGuid ); NTSTATUS LsaIAuditLogonUsingExplicitCreds( IN USHORT AuditEventType, IN PSID pUser1Sid, IN PUNICODE_STRING pUser1Name, IN PUNICODE_STRING pUser1Domain, IN PLUID pUser1LogonId, IN LPGUID pUser1LogonGuid, OPTIONAL IN PUNICODE_STRING pUser2Name, IN PUNICODE_STRING pUser2Domain, IN LPGUID pUser2LogonGuid ); NTSTATUS LsaIAuditAccountLogon( IN ULONG AuditId, IN BOOLEAN Successful, IN PUNICODE_STRING Source, IN PUNICODE_STRING ClientName, IN PUNICODE_STRING MappedName, IN NTSTATUS Status OPTIONAL ); NTSTATUS NTAPI LsaIAuditDPAPIEvent( IN ULONG AuditId, IN PSID UserSid, IN PUNICODE_STRING MasterKeyID, IN PUNICODE_STRING RecoveryServer, IN PULONG Reason, IN PUNICODE_STRING RecoverykeyID, IN PULONG FailureReason ); #define LSA_AUDIT_PARAMETERS_ABSOLUTE 1 NTSTATUS NTAPI LsaIWriteAuditEvent( IN PSE_ADT_PARAMETER_ARRAY AuditParameters, IN ULONG Options ); NTSTATUS LsaIAuditPasswordAccessEvent( IN USHORT EventType, IN PCWSTR pszTargetUserName, IN PCWSTR pszTargetUserDomain ); NTSTATUS NTAPI LsaICallPackage( IN PUNICODE_STRING AuthenticationPackage, IN PVOID ProtocolSubmitBuffer, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus ); VOID NTAPI LsaIFreeReturnBuffer( IN PVOID Buffer ); // // NT5 routines for using the Ds for Lsa store // #define LSAI_FOREST_ROOT_TRUST 0x00000001 #define LSAI_FOREST_DOMAIN_GUID_PRESENT 0x00000002 // // These structures correspond to the private interface Kerberos uses // to build a tree of the domains in an organization. // typedef struct _LSAPR_TREE_TRUST_INFO { UNICODE_STRING DnsDomainName; UNICODE_STRING FlatName; GUID DomainGuid; PSID DomainSid; ULONG Flags; ULONG Children; struct _LSAPR_TREE_TRUST_INFO *ChildDomains; } LSAPR_TREE_TRUST_INFO, *PLSAPR_TREE_TRUST_INFO; typedef struct _LSAPR_FOREST_TRUST_INFO { LSAPR_TREE_TRUST_INFO RootTrust; PLSAPR_TREE_TRUST_INFO ParentDomainReference; } LSAPR_FOREST_TRUST_INFO, *PLSAPR_FOREST_TRUST_INFO; VOID LsaIFreeForestTrustInfo( IN PLSAPR_FOREST_TRUST_INFO ForestTrustInfo ); NTSTATUS NTAPI LsaIQueryForestTrustInfo( IN LSAPR_HANDLE PolicyHandle, OUT PLSAPR_FOREST_TRUST_INFO *ForestTrustInfo ); NTSTATUS NTAPI LsaISetTrustedDomainAuthInfoBlobs( IN LSAPR_HANDLE PolicyHandle, IN PLSAPR_UNICODE_STRING TrustedDomainName, IN PLSAPR_TRUSTED_DOMAIN_AUTH_BLOB IncomingBlob, IN PLSAPR_TRUSTED_DOMAIN_AUTH_BLOB OutgoingBlob); NTSTATUS NTAPI LsaIUpgradeRegistryToDs( IN BOOLEAN DeleteOnly ); NTSTATUS NTAPI LsaIGetTrustedDomainAuthInfoBlobs( IN LSAPR_HANDLE PolicyHandle, IN PLSAPR_UNICODE_STRING TrustedDomainName, OUT PLSAPR_TRUSTED_DOMAIN_AUTH_BLOB IncomingBlob, OUT PLSAPR_TRUSTED_DOMAIN_AUTH_BLOB OutgoingBlob ); NTSTATUS NTAPI LsaISetServerRoleForNextBoot( IN LSAPR_HANDLE PolicyHandle, IN POLICY_LSA_SERVER_ROLE ServerRole ); BOOLEAN NTAPI LsaIIsClassIdLsaClass( IN ULONG ClassId, OUT PULONG LsaClass ); NTSTATUS NTAPI LsaIDsNotifiedObjectChange( IN ULONG Class, IN PVOID ObjectPath, // This is a DSNAME IN SECURITY_DB_DELTA_TYPE DeltaType, IN PSID UserSid, IN LUID AuthenticationId, IN BOOLEAN fReplicatedIn, IN BOOLEAN ChangeOriginatedInLSA ); typedef NTSTATUS (NTAPI *pfLsaIDsNotifiedObjectChange )( ULONG, PVOID, SECURITY_DB_DELTA_TYPE, PSID, LUID, BOOLEAN, BOOLEAN ); // // NT5 routines for moving some SAM domain object properties to the Lsa Ds objects // #define LSAI_SAM_NONE 0x00000000 #define LSAI_SAM_TRANSACTION_ACTIVE 0x00000001 #define LSAI_SAM_ADD 0x1 #define LSAI_SAM_REMOVE 0x2 NTSTATUS NTAPI LsaISamSetDomainObjectProperties( IN DOMAIN_INFORMATION_CLASS SamInfoClass, IN PVOID Buffer, IN ULONG Options ); NTSTATUS NTAPI LsaISamSetDomainBuiltinGroupMembership( IN PSID GroupSid, IN ULONG Operation, IN ULONG Users, IN PVOID UserList, // This is a list of DSNAME pointers IN ULONG Options ); NTSTATUS NTAPI LsaISamIndicatedDsStarted( IN BOOLEAN PerformDomainRenameCheck ); // // Netlogon routines for enumerating subnets // typedef struct _LSAP_SUBNET_INFO_ENTRY { UNICODE_STRING SubnetName; UNICODE_STRING SiteName; } LSAP_SUBNET_INFO_ENTRY, *PLSAP_SUBNET_INFO_ENTRY; typedef struct _LSAP_SUBNET_INFO { ULONG SiteCount; ULONG SubnetCount; LSAP_SUBNET_INFO_ENTRY Subnets[1]; } LSAP_SUBNET_INFO, *PLSAP_SUBNET_INFO; NTSTATUS NTAPI LsaIQuerySubnetInfo( OUT PLSAP_SUBNET_INFO *SubnetInformation ); VOID NTAPI LsaIFree_LSAP_SUBNET_INFO( IN PLSAP_SUBNET_INFO SubnetInfo ); // // Netlogon routines for UPN/SPN suffixes // typedef struct _LSAP_UPN_SUFFIXES { ULONG SuffixCount; UNICODE_STRING Suffixes[1]; } LSAP_UPN_SUFFIXES, *PLSAP_UPN_SUFFIXES; NTSTATUS LsaIQueryUpnSuffixes( OUT PLSAP_UPN_SUFFIXES *UpnSuffixes ); VOID LsaIFree_LSAP_UPN_SUFFIXES( IN PLSAP_UPN_SUFFIXES UpnSuffixes ); NTSTATUS LsaIGetForestTrustInformation( OUT PLSA_FOREST_TRUST_INFORMATION *ForestTrustInfo ); NTSTATUS LsaIUpdateForestTrustInformation( IN LSAPR_HANDLE PolicyHandle, IN UNICODE_STRING * TrustedDomainName, IN PLSA_FOREST_TRUST_INFORMATION NewForestTrustInfo ); // // Netlogon routines for enumerating sites // typedef struct _LSAP_SITE_INFO_ENTRY { UNICODE_STRING SiteName; } LSAP_SITE_INFO_ENTRY, *PLSAP_SITE_INFO_ENTRY; typedef struct _LSAP_SITE_INFO { ULONG SiteCount; LSAP_SITE_INFO_ENTRY Sites[1]; } LSAP_SITE_INFO, *PLSAP_SITE_INFO; NTSTATUS NTAPI LsaIQuerySiteInfo( OUT PLSAP_SITE_INFO *SiteInformation ); VOID NTAPI LsaIFree_LSAP_SITE_INFO( IN PLSAP_SITE_INFO SubnetInfo ); // // Netlogon routines for getting the name of the site we're in. // typedef struct _LSAP_SITENAME_INFO { UNICODE_STRING SiteName; GUID DsaGuid; ULONG DsaOptions; } LSAP_SITENAME_INFO, *PLSAP_SITENAME_INFO; NTSTATUS NTAPI LsaIGetSiteName( OUT PLSAP_SITENAME_INFO *SiteNameInformation ); VOID NTAPI LsaIFree_LSAP_SITENAME_INFO( IN PLSAP_SITENAME_INFO SiteNameInfo ); BOOLEAN NTAPI LsaIIsDsPaused( VOID ); // // Lsa notification routine definitions // // // Notification callback routine prototype // typedef VOID ( NTAPI fLsaPolicyChangeNotificationCallback) ( IN POLICY_NOTIFICATION_INFORMATION_CLASS ChangedInfoClass ); typedef fLsaPolicyChangeNotificationCallback *pfLsaPolicyChangeNotificationCallback; NTSTATUS NTAPI LsaIRegisterPolicyChangeNotificationCallback( IN pfLsaPolicyChangeNotificationCallback Callback, IN POLICY_NOTIFICATION_INFORMATION_CLASS MonitorInfoClass ); NTSTATUS NTAPI LsaIUnregisterPolicyChangeNotificationCallback( IN pfLsaPolicyChangeNotificationCallback Callback, IN POLICY_NOTIFICATION_INFORMATION_CLASS MonitorInfoClass ); NTSTATUS NTAPI LsaIUnregisterAllPolicyChangeNotificationCallback( IN pfLsaPolicyChangeNotificationCallback Callback ); HANDLE NTAPI LsaIRegisterNotification( IN PTHREAD_START_ROUTINE StartFunction, IN PVOID Parameter, IN ULONG NotificationType, IN ULONG NotificationClass, IN ULONG NotificationFlags, IN ULONG IntervalMinutes, IN OPTIONAL HANDLE WaitEvent ); NTSTATUS NTAPI LsaICancelNotification( IN HANDLE NotifyHandle ); BOOLEAN NTAPI LsaIEventNotify( ULONG Class, ULONG Flags, ULONG EventSize, PVOID EventData); VOID LsaIAddTouchAddress( PVOID Address, SIZE_T Range ); VOID LsaIRemoveTouchAddress( PVOID Address ); // // This is the notification Kerberos registers to receive updates on changing trusts // typedef VOID (fLsaTrustChangeNotificationCallback) ( IN SECURITY_DB_DELTA_TYPE DeltaType ); typedef fLsaTrustChangeNotificationCallback *pfLsaTrustChangeNotificationCallback; typedef enum LSAP_REGISTER { LsaRegister = 0, LsaUnregister } LSAP_REGISTER, *PLSAP_REGISTER; NTSTATUS NTAPI LsaIKerberosRegisterTrustNotification( IN pfLsaTrustChangeNotificationCallback Callback, IN LSAP_REGISTER Register ); // // See secpkg.h : LsaGetCallInfo and SECPKG_CALL_INFO // BOOLEAN NTAPI LsaIGetCallInfo( PVOID ); BOOLEAN LsaIGetThreadHeap( VOID ); VOID LsaITossThreadHeap( VOID ); PVOID LsaIThreadAlloc( IN SIZE_T Size ); VOID LsaIThreadFree( IN PVOID Memory ); NTSTATUS LsaISetClientDnsHostName( IN PWSTR ClientName, IN PWSTR ClientDnsHostName OPTIONAL, IN POSVERSIONINFOEXW OsVersionInfo OPTIONAL, IN PWSTR OsName OPTIONAL, OUT PWSTR *OldDnsHostName OPTIONAL ); VOID LsaIManageReplicationSyncLock( IN BOOLEAN TakeLock ); NTSTATUS LsaICallPackageEx( IN PUNICODE_STRING AuthenticationPackage, IN PVOID ClientBufferBase, IN PVOID ProtocolSubmitBuffer, IN ULONG SubmitBufferLength, OUT PVOID * ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus ); NTSTATUS LsaICallPackagePassthrough( IN PUNICODE_STRING AuthenticationPackage, IN PVOID ClientBufferBase, IN PVOID ProtocolSubmitBuffer, IN ULONG SubmitBufferLength, OUT PVOID * ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus ); NTSTATUS LsaISetBootOption( IN ULONG BootOption, IN PVOID OldKey, IN ULONG OldKeyLength, IN PVOID NewKey, IN ULONG NewKeyLength ); NTSTATUS LsaIGetBootOption( OUT PULONG BootOption ); VOID LsaINotifyPasswordChanged( IN PUNICODE_STRING NetbiosDomainName OPTIONAL, IN PUNICODE_STRING UserName, IN PUNICODE_STRING DnsDomainName OPTIONAL, IN PUNICODE_STRING Upn OPTIONAL, IN PUNICODE_STRING OldPassword, IN PUNICODE_STRING NewPassword, IN BOOLEAN Impersonating ); NTSTATUS LsaINotifyChangeNotification( IN POLICY_NOTIFICATION_INFORMATION_CLASS InfoClass ); NTSTATUS LsaIGetNbAndDnsDomainNames( IN PUNICODE_STRING DomainName, OUT PUNICODE_STRING DnsDomainName, OUT PUNICODE_STRING NetbiosDomainName ); // // This flag indicates the the protected blob is a system blob, and cannot // be decrypted by the user-space. // #define CRYPTPROTECT_SYSTEM 0x20000000 // // Local Free should be used to free the returned buffer // BOOLEAN LsaICryptProtectData( IN PVOID DataIn, IN ULONG DataInLength, IN PUNICODE_STRING szDataDescr, IN PVOID OptionalEntropy, IN ULONG OptionalEntropyLength, IN PVOID Reserved, IN PVOID Reserved2, IN ULONG Flags, OUT PVOID * DataOut, OUT PULONG DataOutLength); // // Local Free should be used to free the returned buffer // BOOLEAN LsaICryptUnprotectData( IN PVOID DataIn, IN ULONG DataInLength, IN PVOID OptionalEntropy, IN ULONG OptionalEntropyLength, IN PVOID Reserved, IN PVOID Reserved2, IN ULONG Flags, OUT PUNICODE_STRING szDataDescr, OUT PVOID * DataOut, OUT PULONG DataOutLength); // // Heap allocator for the LSA process // PVOID NTAPI LsaIAllocateHeapZero( IN SIZE_T Length ); PVOID NTAPI LsaIAllocateHeap( IN SIZE_T cbMemory ); VOID NTAPI LsaIFreeHeap( IN PVOID Base ); typedef enum LSAP_NETLOGON_PARAMETER { LsaEmulateNT4, } LSAP_NETLOGON_PARAMETER; VOID NTAPI LsaINotifyNetlogonParametersChangeW( IN LSAP_NETLOGON_PARAMETER Parameter, IN DWORD dwType, IN PWSTR lpData, IN DWORD cbData ); NTSTATUS NTAPI LsaIChangeSecretCipherKey( IN PVOID NewSysKey ); #ifdef __cplusplus } #endif #endif // _LSAISRV_