Microsoft/NT4
Microsoft/NT4
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
ce47f986d8
NT4/private/lsa/server/db.h
Microsoft ce47f986d8 First commit
2020-09-30 17:12:29 +02:00

984 lines
23 KiB
C
Raw Blame History

/*++ BUILD Version: 0001 // Increment this if a change has global effects
Copyright (c) 1991 Microsoft Corporation
Module Name:
db.h
Abstract:
LSA Database Exported Function Definitions, Datatypes and Defines
This module contains the LSA Database Routines that may be called
by parts of the LSA outside the Database sub-component.
Author:
Scott Birrell (ScottBi) August 26, 1991
Environment:
Revision History:
--*/
#ifndef _LSA_DB_
#define _LSA_DB_
//
// Maximum Number of attributes in the various object types
//
#define LSAP_DB_ATTRS_POLICY ((ULONG) 0x00000010L)
#define LSAP_DB_ATTRS_ACCOUNT ((ULONG) 0x00000010L)
#define LSAP_DB_ATTRS_DOMAIN ((ULONG) 0x00000010L)
#define LSAP_DB_ATTRS_SECRET ((ULONG) 0x00000010L)
//
// Constants for matching options on Sid/Name lookup operations
//
#define LSAP_DB_MATCH_ON_SID ((ULONG) 0x00000001L)
#define LSAP_DB_MATCH_ON_NAME ((ULONG) 0x00000002L)
//
// Options for LsapDbLookupSidsInLocalDomains()
//
#define LSAP_DB_SEARCH_BUILT_IN_DOMAIN ((ULONG) 0x00000001L)
#define LSAP_DB_SEARCH_ACCOUNT_DOMAIN ((ULONG) 0x00000002L)
//
// Options for LsapDbMergeDisjointReferencedDomains
//
#define LSAP_DB_USE_FIRST_MERGAND_GRAPH ((ULONG) 0x00000001L)
#define LSAP_DB_USE_SECOND_MERGAND_GRAPH ((ULONG) 0x00000002L)
//
// Option for updating Policy Database
//
#define LSAP_DB_UPDATE_POLICY_DATABASE ((ULONG) 0x00000001L)
//
// Option for updating Policy Database
//
#define LSAP_DB_UPDATE_POLICY_DATABASE ((ULONG) 0x00000001L)
//
// Maximum number of attributes corresponding to a Policy Object
// Information Class
//
#define LSAP_DB_ATTRS_INFO_CLASS_POLICY ((ULONG) 0x00000005L)
//
// Maximum number of attributes corresponding to a Trusted Domain Object
// Information Class
//
#define LSAP_DB_ATTRS_INFO_CLASS_DOMAIN ((ULONG) 0x00000002L)
//
// Global variables
//
extern BOOLEAN LsapDbRequiresSidInfo[];
extern BOOLEAN LsapDbRequiresNameInfo[];
extern LSAPR_HANDLE LsapDbHandle;
extern BOOLEAN LsapSetupWasRun;
extern BOOLEAN LsapDatabaseSetupPerformed;
extern NT_PRODUCT_TYPE LsapProductType;
//
// Table of accesses required to query Policy Information. This table
// is indexed by Policy Information Class
//
extern ACCESS_MASK LsapDbRequiredAccessQueryPolicy[];
//
// Table of accesses required to set Policy Information. This table
// is indexed by Policy Information Class
//
extern ACCESS_MASK LsapDbRequiredAccessSetPolicy[];
//
// Table of accesses required to query TrustedDomain Information. This table
// is indexed by TrustedDomain Information Class
//
extern ACCESS_MASK LsapDbRequiredAccessQueryTrustedDomain[];
//
// Table of accesses required to set TrustedDomain Information. This table
// is indexed by TrustedDomain Information Class
//
extern ACCESS_MASK LsapDbRequiredAccessSetTrustedDomain[];
//
// Maximum Handle Reference Count
//
#define LSAP_DB_MAXIMUM_REFERENCE_COUNT ((ULONG) 0x00001000L)
//
// Default Computer Name used for Policy Account Domain Info
//
#define LSAP_DB_DEFAULT_COMPUTER_NAME (L"MACHINENAME")
//
// Options for the LsaDbReferenceObject and LsaDbDereferenceObject
//
#define LSAP_DB_ACQUIRE_LOCK ((ULONG) 0x00000001L)
#define LSAP_DB_RELEASE_LOCK ((ULONG) 0x00000002L)
#define LSAP_DB_NO_LOCK ((ULONG) 0x00000004L)
#define LSAP_DB_START_TRANSACTION ((ULONG) 0x00000008L)
#define LSAP_DB_FINISH_TRANSACTION ((ULONG) 0x00000010L)
#define LSAP_DB_VALIDATE_HANDLE ((ULONG) 0x00000020L)
#define LSAP_DB_TRUSTED ((ULONG) 0x00000040L)
#define LSAP_DB_NOT_TRUSTED ((ULONG) 0x00000080L)
#define LSAP_DB_DEREFERENCE_CONTR ((ULONG) 0x00000100L)
#define LSAP_DB_ENABLE_NON_TRUSTED_ACCESS ((ULONG) 0x00000200L)
#define LSAP_DB_DISABLE_NON_TRUSTED_ACCESS ((ULONG) 0x00000400L)
#define LSAP_DB_OMIT_BACKUP_CONTROLLER_CHECK ((ULONG) 0x00000800L)
#define LSAP_DB_ACQUIRE_LOG_QUEUE_LOCK ((ULONG) 0x00001000L)
#define LSAP_DB_RELEASE_LOG_QUEUE_LOCK ((ULONG) 0x00002000L)
#define LSAP_DB_OMIT_REPLICATOR_NOTIFICATION ((ULONG) 0x00004000L)
#define LSAP_DB_FREE_HANDLE ((ULONG) 0x00008000L)
#define LSAP_DB_ADMIT_DELETED_OBJECT_HANDLES ((ULONG) 0x00010000L)
#define LSAP_DB_REBUILD_CACHE ((ULONG) 0x00020000L)
#define LSAP_DB_PROMOTION_INCREMENT ((ULONG) 0x00040000L)
#define LSAP_DB_STATE_MASK \
(LSAP_DB_ACQUIRE_LOCK | LSAP_DB_RELEASE_LOCK | LSAP_DB_NO_LOCK | \
LSAP_DB_START_TRANSACTION | LSAP_DB_FINISH_TRANSACTION | \
LSAP_DB_ACQUIRE_LOG_QUEUE_LOCK | LSAP_DB_RELEASE_LOG_QUEUE_LOCK)
//
// Configuration Registry Root Key for Lsa Database. All Physical Object
// and Attribute Names are relative to this Key.
//
#define LSAP_DB_ROOT_REG_KEY_NAME L"\\Registry\\Machine\\Security"
//
// LSA Database Object Defines
//
#define LSAP_DB_OBJECT_OPEN FILE_OPEN
#define LSAP_DB_OBJECT_OPEN_IF FILE_OPEN_IF
#define LSAP_DB_OBJECT_CREATE FILE_CREATE
#define LSAP_DB_KEY_VALUE_MAX_LENGTH (0x00000040L)
#define LSAP_DB_LOGICAL_NAME_MAX_LENGTH (0x00000100L)
//
// LSA Database Object SubKey Defines
//
#define LSAP_DB_SUBKEY_OPEN FILE_OPEN
#define LSAP_DB_SUBKEY_OPEN_IF FILE_OPEN_IF
#define LSAP_DB_SUBKEY_CREATE FILE_CREATE
//
// Growth Delta for Referenced Domain Lists
//
#define LSAP_DB_REF_DOMAIN_DELTA ((ULONG) 0x00000020L )
//
// The following data type is used in name and SID lookup services to
// describe the domains referenced in the lookup operation.
//
// WARNING! This is an internal version of LSA_REFERENCED_DOMAIN_LIST
// in ntlsa.h. It has an additional field, MaxEntries.
//
typedef struct _LSAP_DB_REFERENCED_DOMAIN_LIST {
ULONG Entries;
PLSA_TRUST_INFORMATION Domains;
ULONG MaxEntries;
} LSAP_DB_REFERENCED_DOMAIN_LIST, *PLSAP_DB_REFERENCED_DOMAIN_LIST;
// where members have the following usage:
//
// Entries - Is a count of the number of domains described in the
// Domains array.
//
// Domains - Is a pointer to an array of Entries LSA_TRUST_INFORMATION data
// structures.
//
// MaxEntries - Is the maximum number of entries that can be stored
// in the current array
/////////////////////////////////////////////////////////////////////////////
//
// LSA Database Object Types
//
/////////////////////////////////////////////////////////////////////////////
//
// Lsa Database Object Type
//
typedef enum _LSAP_DB_OBJECT_TYPE_ID {
NullObject = 0,
PolicyObject,
TrustedDomainObject,
AccountObject,
SecretObject,
DummyLastObject
} LSAP_DB_OBJECT_TYPE_ID, *PLSAP_DB_OBJECT_TYPE_ID;
//
// LSA Database Object Handle structure (Internal definition of LSAPR_HANDLE)
//
// Note that the Handle structure is public to clients of the Lsa Database
// exported functions, e.g server API workers) so that they can get at things
// like GrantedAccess.
//
typedef struct _LSAP_DB_HANDLE {
struct _LSAP_DB_HANDLE *Next;
struct _LSAP_DB_HANDLE *Previous;
BOOLEAN Allocated;
ULONG ReferenceCount;
UNICODE_STRING LogicalNameU;
UNICODE_STRING PhysicalNameU;
PSID Sid;
HANDLE KeyHandle;
LSAP_DB_OBJECT_TYPE_ID ObjectTypeId;
struct _LSAP_DB_HANDLE *ContainerHandle;
ACCESS_MASK DesiredAccess;
ACCESS_MASK GrantedAccess;
BOOLEAN GenerateOnClose;
BOOLEAN Trusted;
BOOLEAN DeletedObject;
ULONG Options;
} *LSAP_DB_HANDLE, **PLSAP_DB_HANDLE;
//
// LSA Database Object Sid Enumeration Buffer
//
typedef struct _LSAP_DB_SID_ENUMERATION_BUFFER {
ULONG EntriesRead;
PSID *Sids;
} LSAP_DB_SID_ENUMERATION_BUFFER, *PLSAP_DB_SID_ENUMERATION_BUFFER;
//
// LSA Database Object Name Enumeration Buffer
//
typedef struct _LSAP_DB_NAME_ENUMERATION_BUFFER {
ULONG EntriesRead;
PUNICODE_STRING Names;
} LSAP_DB_NAME_ENUMERATION_BUFFER, *PLSAP_DB_NAME_ENUMERATION_BUFFER;
#define LSAP_DB_OBJECT_TYPE_COUNT 0x00000005L
//
// LSA Database Object Type-specific attribute names and values. If
// supplied on a call to LsapDbCreateObject, they will be stored with
// the object.
//
typedef struct _LSAP_DB_ATTRIBUTE {
PUNICODE_STRING AttributeName;
PVOID AttributeValue;
ULONG AttributeValueLength;
BOOLEAN MemoryAllocated;
} LSAP_DB_ATTRIBUTE, *PLSAP_DB_ATTRIBUTE;
//
// LSA Database Object General Information.
//
typedef struct _LSAP_DB_OBJECT_INFORMATION {
LSAP_DB_OBJECT_TYPE_ID ObjectTypeId;
LSAP_DB_OBJECT_TYPE_ID ContainerTypeId;
OBJECT_ATTRIBUTES ObjectAttributes;
PLSAP_DB_ATTRIBUTE TypeSpecificAttributes;
PSID Sid;
} LSAP_DB_OBJECT_INFORMATION, *PLSAP_DB_OBJECT_INFORMATION;
//
// Default System Access assigned to Account objects
//
#define LSAP_DB_ACCOUNT_DEFAULT_SYS_ACCESS ((ULONG) 0L);
//
// LSA Database Account Object Information
//
typedef struct _LSAP_DB_ACCOUNT_INFORMATION {
QUOTA_LIMITS QuotaLimits;
PRIVILEGE_SET Privileges;
} LSAP_DB_ACCOUNT_INFORMATION, *PLSAP_DB_ACCOUNT_INFORMATION;
//
// LSA Database Change Account Privilege Mode
//
typedef enum _LSAP_DB_CHANGE_PRIVILEGE_MODE {
AddPrivileges = 1,
RemovePrivileges
} LSAP_DB_CHANGE_PRIVILEGE_MODE;
//
// Self-Relative Unicode String Structure.
//
typedef struct _LSAP_DB_MULTI_UNICODE_STRING {
ULONG Entries;
UNICODE_STRING UnicodeStrings[1];
} LSAP_DB_MULTI_UNICODE_STRING, *PLSAP_DB_MULTI_UNICODE_STRING;
//
// LSA Database Object SubKey names in Unicode Form
//
typedef enum _LSAP_DB_NAMES {
SecDesc = 0,
Privilgs,
Sid,
Name,
AdminMod,
OperMode,
QuotaLim,
DefQuota,
QuAbsMin,
QuAbsMax,
AdtLog,
AdtEvent,
PrDomain,
EnPasswd,
Policy,
Accounts,
Domains,
Secrets,
CurrVal,
OldVal,
CupdTime,
OupdTime,
WkstaMgr,
PolAdtLg,
PolAdtEv,
PolAcDmN,
PolAcDmS,
PolPrDmN,
PolPrDmS,
PolPdAcN,
PolSrvRo,
PolRepSc,
PolRepAc,
PolRevision,
PolDefQu,
PolMod,
PolPromot,
PolAdtFL,
PolState,
PolNxPxF,
ActSysAc,
TrDmName,
TrDmSid,
TrDmAcN,
TrDmCtN,
TrDmPxOf,
TrDmCtEn,
AuditLog,
AuditLogMaxSize,
AuditRecordRetentionPeriod,
DummyLastName
} LSAP_DB_NAMES;
typedef struct _LSAP_DB_ACCOUNT_TYPE_SPECIFIC_INFO {
ULONG SystemAccess;
QUOTA_LIMITS QuotaLimits;
PPRIVILEGE_SET PrivilegeSet;
} LSAP_DB_ACCOUNT_TYPE_SPECIFIC_INFO, *PLSAP_DB_ACCOUNT_TYPE_SPECIFIC_INFO;
UNICODE_STRING LsapDbNames[DummyLastName];
UNICODE_STRING LsapDbObjectTypeNames[DummyLastObject];
//
// Installed, absolute minimum and absolute maximum Quota Limits.
//
QUOTA_LIMITS LsapDbInstalledQuotaLimits;
QUOTA_LIMITS LsapDbAbsMinQuotaLimits;
QUOTA_LIMITS LsapDbAbsMaxQuotaLimits;
//
// LSA Database Exported Function Prototypes
//
// NOTE: These are callable only from the LSA
//
BOOLEAN
LsapDbIsServerInitialized(
);
NTSTATUS
LsapDbOpenPolicy(
IN PLSAPR_SERVER_NAME SystemName OPTIONAL,
IN OPTIONAL PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes,
IN ACCESS_MASK DesiredAccess,
OUT PLSAPR_HANDLE PolicyHandle,
IN BOOLEAN TrustedClient
);
NTSTATUS
LsapDbOpenTrustedDomain(
IN LSAPR_HANDLE PolicyHandle,
IN PSID TrustedDomainSid,
IN ACCESS_MASK DesiredAccess,
OUT PLSAPR_HANDLE TrustedDomainHandle,
IN ULONG Options
);
NTSTATUS
LsapDbOpenObject(
IN PLSAP_DB_OBJECT_INFORMATION ObjectInformation,
IN ACCESS_MASK DesiredAccess,
IN ULONG Options,
OUT PLSAPR_HANDLE LsaHandle
);
NTSTATUS
LsapDbCreateObject(
IN PLSAP_DB_OBJECT_INFORMATION ObjectInformation,
IN ACCESS_MASK DesiredAccess,
IN ULONG CreateDisposition,
IN ULONG Options,
IN OPTIONAL PLSAP_DB_ATTRIBUTE TypeSpecificAttributes,
IN ULONG TypeSpecificAttributeCount,
OUT PLSAPR_HANDLE LsaHandle
);
NTSTATUS
LsapDbCloseObject(
IN PLSAPR_HANDLE ObjectHandle,
IN ULONG Options
);
NTSTATUS
LsapDbDeleteObject(
IN LSAPR_HANDLE ObjectHandle
);
NTSTATUS
LsapDbReferenceObject(
IN LSAPR_HANDLE ObjectHandle,
IN ACCESS_MASK DesiredAccess,
IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
IN ULONG Options
);
NTSTATUS
LsapDbDereferenceObject(
IN OUT PLSAPR_HANDLE ObjectHandle,
IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
IN ULONG Options,
IN SECURITY_DB_DELTA_TYPE SecurityDbDeltaType,
IN NTSTATUS PreliminaryStatus
);
NTSTATUS
LsapDbReadAttributeObject(
IN LSAPR_HANDLE ObjectHandle,
IN PUNICODE_STRING AttributeNameU,
IN OPTIONAL PVOID AttributeValue,
IN OUT PULONG AttributeValueLength
);
NTSTATUS
LsapDbWriteAttributeObject(
IN LSAPR_HANDLE ObjectHandle,
IN PUNICODE_STRING AttributeNameU,
IN PVOID AttributeValue,
IN ULONG AttributeValueLength
);
NTSTATUS
LsapDbWriteAttributesObject(
IN LSAPR_HANDLE ObjectHandle,
IN PLSAP_DB_ATTRIBUTE Attributes,
IN ULONG AttributeCount
);
NTSTATUS
LsapDbReadAttributesObject(
IN LSAPR_HANDLE ObjectHandle,
IN OUT PLSAP_DB_ATTRIBUTE Attributes,
IN ULONG AttributeCount
);
NTSTATUS
LsapDbDeleteAttributeObject(
IN LSAPR_HANDLE ObjectHandle,
IN PUNICODE_STRING AttributeNameU
);
NTSTATUS
LsapDbReferencesObject(
IN LSAPR_HANDLE ObjectHandle,
OUT PULONG ReferenceCount
);
NTSTATUS
LsapDbQueryInformationAccounts(
IN LSAPR_HANDLE PolicyHandle,
IN ULONG IdCount,
IN PSID_AND_ATTRIBUTES Ids,
OUT PULONG PrivilegeCount,
OUT PLUID_AND_ATTRIBUTES *Privileges,
OUT PQUOTA_LIMITS QuotaLimits,
OUT PULONG SystemAccess
);
NTSTATUS
LsapDbEnableNonTrustedAccess(
);
NTSTATUS
LsapDbDisableNonTrustedAccess(
);
NTSTATUS
LsapDbOpenTransaction(
);
NTSTATUS
LsapDbApplyTransaction(
IN LSAPR_HANDLE ObjectHandle,
IN ULONG Options,
IN SECURITY_DB_DELTA_TYPE SecurityDbDeltaType
);
NTSTATUS
LsapDbAbortTransaction(
);
BOOLEAN
LsapDbOpenedTransaction(
);
NTSTATUS
LsapDbSidToLogicalNameObject(
IN PSID Sid,
OUT PUNICODE_STRING LogicalNameU
);
NTSTATUS
LsapDbMakeTemporaryObject(
IN LSAPR_HANDLE ObjectHandle
);
NTSTATUS
LsapDbChangePrivilegesAccount(
IN LSAPR_HANDLE AccountHandle,
IN LSAP_DB_CHANGE_PRIVILEGE_MODE ChangeMode,
IN BOOLEAN AllPrivileges,
IN OPTIONAL PPRIVILEGE_SET Privileges
);
NTSTATUS
LsapDbEnumerateSids(
IN LSAPR_HANDLE ContainerHandle,
IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
OUT PLSAP_DB_SID_ENUMERATION_BUFFER DbEnumerationBuffer,
IN ULONG PreferedMaximumLength
);
NTSTATUS
LsapDbFindNextSid(
IN LSAPR_HANDLE ContainerHandle,
IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
OUT PLSAPR_SID *NextSid
);
NTSTATUS
LsapDbEnumeratePrivileges(
IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
OUT PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer,
IN ULONG PreferedMaximumLength
);
NTSTATUS
LsapDbEnumerateNames(
IN LSAPR_HANDLE ContainerHandle,
IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
OUT PLSAP_DB_NAME_ENUMERATION_BUFFER DbEnumerationBuffer,
IN ULONG PreferedMaximumLength
);
NTSTATUS
LsapDbFindNextName(
IN LSAPR_HANDLE ContainerHandle,
IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId,
OUT PLSAPR_UNICODE_STRING Name
);
NTSTATUS
LsapDbAcquireLock(
);
VOID
LsapDbReleaseLock(
);
BOOLEAN LsapDbIsLocked();
NTSTATUS
LsapDbSetStates(
IN ULONG DesiredStates
);
NTSTATUS
LsapDbResetStates(
IN LSAPR_HANDLE ObjectHandle,
IN ULONG Options,
IN SECURITY_DB_DELTA_TYPE SecurityDbDeltaType,
IN NTSTATUS PreliminaryStatus
);
NTSTATUS
LsapDbInitializeServer(
IN ULONG Pass
);
NTSTATUS
LsapDbInstallRegistry(
);
//
// These routines may someday migrate to Rtl runtime library. Their
// names have Lsap Prefixes only temporarily, so that they can be located
// easily.
//
// Options for LsapRtlAddPrivileges
#define RTL_COMBINE_PRIVILEGE_ATTRIBUTES ((ULONG) 0x00000001L)
#define RTL_SUPERSEDE_PRIVILEGE_ATTRIBUTES ((ULONG) 0x00000002L)
NTSTATUS
LsapRtlAddPrivileges(
IN PPRIVILEGE_SET ExistingPrivileges,
IN PPRIVILEGE_SET PrivilegesToAdd,
IN OPTIONAL PPRIVILEGE_SET UpdatedPrivileges,
IN PULONG UpdatedPrivilegesSize,
IN ULONG Options
);
NTSTATUS
LsapRtlRemovePrivileges(
IN PPRIVILEGE_SET ExistingPrivileges,
IN PPRIVILEGE_SET PrivilegesToRemove,
IN OPTIONAL PPRIVILEGE_SET UpdatedPrivileges,
IN PULONG UpdatedPrivilegesSize
);
PLUID_AND_ATTRIBUTES
LsapRtlGetPrivilege(
IN PLUID_AND_ATTRIBUTES Privilege,
IN PPRIVILEGE_SET Privileges
);
NTSTATUS
LsapRtlCopyUnicodeString(
IN PUNICODE_STRING DestinationString,
IN PUNICODE_STRING SourceString,
IN BOOLEAN AllocateDestinationString
);
BOOLEAN
LsapRtlPrefixSid(
IN PSID PrefixSid,
IN PSID Sid
);
ULONG
LsapDbGetSizeTextSid(
IN PSID Sid
);
NTSTATUS
LsapDbSidToTextSid(
IN PSID Sid,
OUT PSZ TextSid
);
NTSTATUS
LsapDbSidToUnicodeSid(
IN PSID Sid,
OUT PUNICODE_STRING SidU,
IN BOOLEAN AllocateDestinationString
);
NTSTATUS
LsapDbInitializeWellKnownValues();
NTSTATUS
LsapDbVerifyInformationObject(
IN PLSAP_DB_OBJECT_INFORMATION ObjectInformation
);
/*++
BOOLEAN
LsapDbIsValidTypeObject(
IN LSAP_DB_OBJECT_TYPE_ID ObjectTypeId
)
Routine Description:
This macro function determines if a given Object Type Id is valid.
Arguments:
ObjectTypeId - Object Type Id.
Return Values:
BOOLEAN - TRUE if object type id is valid, else FALSE.
--*/
#define LsapDbIsValidTypeObject(ObjectTypeId) \
(((ObjectTypeId) > NullObject) && \
((ObjectTypeId) < DummyLastObject))
NTSTATUS
LsapDbGetRequiredAccessQueryPolicy(
IN POLICY_INFORMATION_CLASS InformationClass,
OUT PACCESS_MASK RequiredAccess
);
NTSTATUS
LsapDbVerifyInfoQueryPolicy(
IN LSAPR_HANDLE PolicyHandle,
IN POLICY_INFORMATION_CLASS InformationClass,
OUT PACCESS_MASK RequiredAccess
);
NTSTATUS
LsapDbVerifyInfoSetPolicy(
IN LSAPR_HANDLE PolicyHandle,
IN POLICY_INFORMATION_CLASS InformationClass,
IN PLSAPR_POLICY_INFORMATION PolicyInformation,
OUT PACCESS_MASK RequiredAccess
);
BOOLEAN
LsapDbValidInfoPolicy(
IN POLICY_INFORMATION_CLASS InformationClass,
IN OPTIONAL PLSAPR_POLICY_INFORMATION PolicyInformation
);
NTSTATUS
LsapDbVerifyInfoQueryTrustedDomain(
IN TRUSTED_INFORMATION_CLASS InformationClass,
IN BOOLEAN Trusted,
OUT PACCESS_MASK RequiredAccess
);
NTSTATUS
LsapDbVerifyInfoSetTrustedDomain(
IN TRUSTED_INFORMATION_CLASS InformationClass,
IN PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation,
IN BOOLEAN Trusted,
OUT PACCESS_MASK RequiredAccess
);
BOOLEAN
LsapDbValidInfoTrustedDomain(
IN TRUSTED_INFORMATION_CLASS InformationClass,
IN OPTIONAL PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation
);
NTSTATUS
LsapDbMakeUnicodeAttribute(
IN OPTIONAL PUNICODE_STRING UnicodeValue,
IN PUNICODE_STRING AttributeName,
OUT PLSAP_DB_ATTRIBUTE Attribute
);
NTSTATUS
LsapDbMakeMultiUnicodeAttribute(
OUT PLSAP_DB_ATTRIBUTE Attribute,
IN PUNICODE_STRING AttributeName,
IN PUNICODE_STRING UnicodeNames,
IN ULONG Entries
);
NTSTATUS
LsapDbCopyUnicodeAttribute(
OUT PUNICODE_STRING OutputString,
IN PLSAP_DB_ATTRIBUTE Attribute,
IN BOOLEAN SelfRelative
);
NTSTATUS
LsapDbCopyMultiUnicodeAttribute(
IN PLSAP_DB_ATTRIBUTE Attribute,
OUT PULONG Entries,
OUT PUNICODE_STRING *OutputString
);
NTSTATUS
LsapDbMakeSidAttribute(
IN PSID Sid,
IN PUNICODE_STRING AttributeName,
OUT PLSAP_DB_ATTRIBUTE Attribute
);
NTSTATUS
LsapDbReadAttribute(
IN LSAPR_HANDLE ObjectHandle,
IN OUT PLSAP_DB_ATTRIBUTE Attribute
);
NTSTATUS
LsapDbFreeAttributes(
IN ULONG Count,
IN PLSAP_DB_ATTRIBUTE Attributes
);
/*++
VOID
LsapDbInitializeAttribute(
IN PLSAP_DB_ATTRIBUTE AttributeP,
IN PUNICODE_STRING AttributeNameP,
IN OPTIONAL PVOID AttributeValueP,
IN ULONG AttributeValueLengthP,
IN BOOLEAN MemoryAllocatedP
)
Routine Description:
This macro function initialize an Lsa Database Object Attribute
structure. No validation is done.
Arguments:
AttributeP - Pointer to Lsa Database Attribute structure to be
initialized.
AttributeNameP - Pointer to Unicode String containing the attribute's
name.
AttributeValueP - Pointer to the attribute's value. NULL may be
specified.
AttributeValueLengthP - Length of the attribute's value in bytes.
MemoryAllocatedP - TRUE if memory is allocated by MIDL_user_allocate
within the LSA Server code (not by RPC server stubs), else FALSE.
Return Values:
None.
--*/
#define LsapDbInitializeAttribute( \
AttributeP, \
AttributeNameP, \
AttributeValueP, \
AttributeValueLengthP, \
MemoryAllocatedP \
) \
\
{ \
(AttributeP)->AttributeName = AttributeNameP; \
(AttributeP)->AttributeValue = AttributeValueP; \
(AttributeP)->AttributeValueLength = (ULONG) (AttributeValueLengthP); \
(AttributeP)->MemoryAllocated = MemoryAllocatedP; \
}
NTSTATUS
LsapDbGetPrivilegesAndQuotas(
IN LSAPR_HANDLE PolicyHandle,
IN SECURITY_LOGON_TYPE LogonType,
IN ULONG IdCount,
IN PSID_AND_ATTRIBUTES Ids,
OUT PULONG PrivilegeCount,
OUT PLUID_AND_ATTRIBUTES *Privileges,
OUT PQUOTA_LIMITS QuotaLimits
);
NTSTATUS
LsapDbNotifyRoleChangePolicy(
IN POLICY_LSA_SERVER_ROLE NewRole
);
VOID
LsapDbEnableReplicatorNotification();
VOID
LsapDbDisableReplicatorNotification();
NTSTATUS
LsapDbVerifyHandle(
IN LSAPR_HANDLE ObjectHandle,
IN ULONG Options,
IN LSAP_DB_OBJECT_TYPE_ID ExpectedObjectTypeId
);
NTSTATUS
LsapDbQueryAllInformationAccounts(
IN LSAPR_HANDLE PolicyHandle,
IN ULONG IdCount,
IN PSID_AND_ATTRIBUTES Ids,
OUT PLSAP_DB_ACCOUNT_TYPE_SPECIFIC_INFO AccountInfo
);
#endif // _LSA_DB_
Reference in New Issue View Git Blame Copy Permalink