1 files changed, 233 insertions, 0 deletions

diff --git a/private/inc/ntrmlsa.h b/private/inc/ntrmlsa.h
new file mode 100644
index 000000000..0e11c2771
--- /dev/null
+++ b/private/inc/ntrmlsa.h
@@ -0,0 +1,233 @@
+
+/*++
+
+Copyright (c) 1991  Microsoft Corporation
+
+Module Name:
+
+    ntrmlsa.h
+
+Abstract:
+
+    Local Security Authority - Reference Monitor Communication Types
+
+Author:
+
+    Scott Birrell       (ScottBi)       March 18, 1991
+
+Environment:
+
+Revision History:
+
+--*/
+
+
+#include <ntlsa.h>
+
+#ifndef _NTRMLSA_
+#define _NTRMLSA_
+
+
+//
+// Memory type.  This defines the type of memory used for a record
+// passed between the RM and LSA.
+//
+// SepRmLsaPortMemory - Memory allocated via RtlAllocateHeap()
+//     from the shared memory section associated with the
+//     Lsa command Port.
+//
+// SepRmLsaVirtualMemory - Memory allocated via ZwAllocateVirtualMemory()
+//
+// SepRmLsaUnreadableMemory - Memory not readable by the LSA.  This
+//                            memory must be copied to another format
+//                            before passage over the link.
+//
+// SepRmLsaLPCBufferMemory - Memory contained within the LPC buffer
+// itself
+//
+
+
+
+typedef enum _SEP_RM_LSA_MEMORY_TYPE {
+
+    SepRmNoMemory = 0,
+    SepRmImmediateMemory,
+    SepRmLsaCommandPortSharedMemory,
+    SepRmLsaCustomSharedMemory,
+    SepRmPagedPoolMemory,
+    SepRmUnspecifiedMemory
+
+} SEP_RM_LSA_MEMORY_TYPE, *PSEP_RM_LSA_MEMORY_TYPE;
+
+//
+// Reference Monitor Command Message Structure.  This structure is used
+// by the Local Security Authority to send commands to the Reference Monitor
+// via the Reference Monitor Server Command LPC Port.
+//
+
+#define RmMinimumCommand RmAuditSetCommand
+#define RmMaximumCommand RmDeleteLogonSession
+
+//
+// Keep this in sync with SEP_RM_COMMAND_WORKER in se\rmmain.c
+//
+
+typedef enum _RM_COMMAND_NUMBER {
+
+    RmDummyCommand = 0,
+    RmAuditSetCommand,
+    RmSendCommandToLsaCommand,
+    RmComponentTestCommand,
+    RmCreateLogonSession,
+    RmDeleteLogonSession
+
+} RM_COMMAND_NUMBER;
+
+#define RM_MAXIMUM_COMMAND_PARAM_SIZE                                \
+    ((ULONG) PORT_MAXIMUM_MESSAGE_LENGTH - sizeof(PORT_MESSAGE) -      \
+    sizeof(RM_COMMAND_NUMBER))
+
+typedef struct _RM_COMMAND_MESSAGE {
+
+    PORT_MESSAGE MessageHeader;
+    RM_COMMAND_NUMBER CommandNumber;
+    UCHAR CommandParams[RM_MAXIMUM_COMMAND_PARAM_SIZE];
+
+} RM_COMMAND_MESSAGE, *PRM_COMMAND_MESSAGE;
+
+//
+// Reference Monitor Command Reply Message Structure.
+//
+
+#define RM_MAXIMUM_REPLY_BUFFER_SIZE                                 \
+    ((ULONG) PORT_MAXIMUM_MESSAGE_LENGTH - sizeof(PORT_MESSAGE) -      \
+    sizeof(RM_COMMAND_NUMBER))
+
+
+typedef struct _RM_REPLY_MESSAGE {
+
+    PORT_MESSAGE MessageHeader;
+    NTSTATUS ReturnedStatus;
+    UCHAR ReplyBuffer[RM_MAXIMUM_REPLY_BUFFER_SIZE];
+
+} RM_REPLY_MESSAGE, *PRM_REPLY_MESSAGE;
+
+#define RM_COMMAND_MESSAGE_HEADER_SIZE                  \
+    (sizeof(PORT_MESSAGE) + sizeof(NTSTATUS) + sizeof(RM_COMMAND_NUMBER))
+
+//
+// Local Security Authority Command Message Structure.  This structure is
+// used by the Reference Monitor to send commands to the Local Security
+// Authority via the LSA Server Command LPC Port.
+//
+
+#define LsapMinimumCommand LsapWriteAuditMessageCommand
+#define LsapMaximumCommand LsapLogonSessionDeletedCommand
+
+typedef enum _LSA_COMMAND_NUMBER {
+    LsapDummyCommand = 0,
+    LsapWriteAuditMessageCommand,
+    LsapComponentTestCommand,
+    LsapLogonSessionDeletedCommand
+} LSA_COMMAND_NUMBER;
+
+#define LSA_MAXIMUM_COMMAND_PARAM_SIZE                                \
+    ((ULONG) PORT_MAXIMUM_MESSAGE_LENGTH - sizeof(PORT_MESSAGE) -     \
+    sizeof(LSA_COMMAND_NUMBER) - sizeof(SEP_RM_LSA_MEMORY_TYPE))
+
+typedef struct _LSA_COMMAND_MESSAGE {
+    PORT_MESSAGE MessageHeader;
+    LSA_COMMAND_NUMBER CommandNumber;
+    SEP_RM_LSA_MEMORY_TYPE CommandParamsMemoryType;
+    UCHAR CommandParams[LSA_MAXIMUM_COMMAND_PARAM_SIZE];
+} LSA_COMMAND_MESSAGE, *PLSA_COMMAND_MESSAGE;
+
+//
+// LSA Command Reply Message Structure.
+//
+
+#define LSA_MAXIMUM_REPLY_BUFFER_SIZE                                 \
+    ((ULONG) PORT_MAXIMUM_MESSAGE_LENGTH - sizeof(PORT_MESSAGE) -      \
+    sizeof(LSA_COMMAND_NUMBER))
+
+typedef struct _LSA_REPLY_MESSAGE {
+    PORT_MESSAGE MessageHeader;
+    NTSTATUS ReturnedStatus;
+    UCHAR ReplyBuffer[LSA_MAXIMUM_REPLY_BUFFER_SIZE];
+} LSA_REPLY_MESSAGE, *PLSA_REPLY_MESSAGE;
+
+//
+// Command Parameter format for the special RmSendCommandToLsaCommand
+//
+
+typedef struct _RM_SEND_COMMAND_TO_LSA_PARAMS {
+    LSA_COMMAND_NUMBER LsaCommandNumber;
+    ULONG LsaCommandParamsLength;
+    UCHAR LsaCommandParams[LSA_MAXIMUM_COMMAND_PARAM_SIZE];
+} RM_SEND_COMMAND_TO_LSA_PARAMS, *PRM_SEND_COMMAND_TO_LSA_PARAMS;
+
+//
+// Command Values for the LSA and RM Component Test Commands
+//
+
+#define LSA_CT_COMMAND_PARAM_VALUE 0x00823543
+#define RM_CT_COMMAND_PARAM_VALUE 0x33554432
+
+
+//
+// Audit Record Pointer Field Type
+//
+
+typedef enum _SE_ADT_POINTER_FIELD_TYPE {
+
+    NullFieldType,
+    UnicodeStringType,
+    SidType,
+    PrivilegeSetType,
+    MiscFieldType
+
+} SE_ADT_POINTER_FIELD_TYPE, *PSE_ADT_POINTER_FIELD_TYPE;
+
+
+//
+// Hardwired Audit Event Type counts
+//
+
+#define AuditEventMinType   (AuditCategorySystem)
+#define AuditEventMaxType   (AuditCategoryAccountManagement)
+
+#define POLICY_AUDIT_EVENT_TYPE_COUNT                                 \
+    ((ULONG) AuditEventMaxType - AuditEventMinType + 1)
+
+#define LSARM_AUDIT_EVENT_OPTIONS_SIZE                                    \
+    (((ULONG)(POLICY_AUDIT_EVENT_TYPE_COUNT) * sizeof (POLICY_AUDIT_EVENT_OPTIONS)))
+
+//
+// Self-Relative form of POLICY_AUDIT_EVENTS_INFO
+//
+
+typedef struct _LSARM_POLICY_AUDIT_EVENTS_INFO {
+
+    BOOLEAN AuditingMode;
+    POLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions[POLICY_AUDIT_EVENT_TYPE_COUNT];
+    ULONG MaximumAuditEventCount;
+
+} LSARM_POLICY_AUDIT_EVENTS_INFO, *PLSARM_POLICY_AUDIT_EVENTS_INFO;
+
+//
+// The following symbol defines the value containing whether or not we're supposed
+// to crash when an audit fails.  It is used in the se and lsasrv directories.
+//
+
+#define CRASH_ON_AUDIT_FAIL_VALUE   L"CrashOnAuditFail"
+
+//
+// These are the possible values for the CrashOnAuditFail flag.
+//
+
+#define LSAP_CRASH_ON_AUDIT_FAIL 1
+#define LSAP_ALLOW_ADIMIN_LOGONS_ONLY 2
+
+
+
+#endif // _NTRMLSA_