1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
|
/*++
Copyright (c) 1991 Microsoft Corporation
Module Name:
lsarpc.idl
Abstract:
Local Security Authority RPC Interface Definition File
This file contains the RPC Interface Definition Language file for
the LSA. This file includes all of the prototypes for the LSA functions
that are callable via RPC. These functions are internal versions of API
and are NOT visible to clients of the LSA. An LSA client calls the LSA
API defined in file ntlsa.h. These API are wrappers which call client
RPC stubs generated from this idl file by the RPC compiler.
Author:
Scott Birrell (ScottBi) April 23, 1991
Environment:
User Mode
Revision History:
--*/
[
uuid(12345778-1234-ABCD-EF00-0123456789AB),
version(0.0),
#ifdef __midl
ms_union,
#endif // __midl
pointer_default(unique)
]
interface lsarpc
{
//
// Import a dummy interface containing #includes for public .h files. This
// trick is necessary so that midl will only generate marshalling routines
// for subtypes that are relevant to the parameters specified on the RPC
// interface. midl also ingores function prototypes contained therein.
//
import "lsaimp.idl" ;
//
// BUGBUG ScottBi - The parens have to be omitted from the operand
// because midl grammar does not support them.
//
#define LSAPR_DB_AUDIT_EVENT_COUNT SeMaxAuditType + 1
//
// LSA Generic Handle used to bind from client to server.
// This handle is used for both LOCAL and REMOTE services.
//
typedef [handle] LPWSTR PLSAPR_SERVER_NAME, *PPLSAPR_SERVER_NAME;
//
// LSA RPC Context Handle (Internal definition of LSAPR_HANDLE)
//
typedef [context_handle] PVOID LSAPR_HANDLE;
typedef LSAPR_HANDLE *PLSAPR_HANDLE;
//
// RPC definition of the SID structure. Note the use of the [size_is()]
// qualifier to specify the number of elements in the variable size
// imbedded SubAuthorityCount array at runtime.
//
//
#pragma warning(disable:4200)
typedef struct _LSAPR_SID {
UCHAR Revision;
UCHAR SubAuthorityCount;
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
[size_is(SubAuthorityCount)] ULONG SubAuthority[*];
} LSAPR_SID, *PLSAPR_SID, **PPLSAPR_SID;
#pragma warning(default:4200)
//
// The following structure is used to identify an Account Object.
//
typedef struct _LSAPR_SID_INFORMATION {
PLSAPR_SID Sid;
} LSAPR_SID_INFORMATION, *PLSAPR_SID_INFORMATION;
//
// The following structure is used to hold an array of Sids.
//
typedef struct _LSAPR_SID_ENUM_BUFFER {
ULONG Entries;
[size_is(Entries)] PLSAPR_SID_INFORMATION SidInfo;
} LSAPR_SID_ENUM_BUFFER, *PLSAPR_SID_ENUM_BUFFER;
//
// The following structure is used to identify an Account Object.
//
typedef struct _LSAPR_ACCOUNT_INFORMATION {
PLSAPR_SID Sid;
} LSAPR_ACCOUNT_INFORMATION, *PLSAPR_ACCOUNT_INFORMATION;
//
//
// Account Object Enumeration Buffer
//
typedef struct _LSAPR_ACCOUNT_ENUM_BUFFER {
ULONG EntriesRead;
[size_is(EntriesRead)] PLSAPR_ACCOUNT_INFORMATION Information;
} LSAPR_ACCOUNT_ENUM_BUFFER, *PLSAPR_ACCOUNT_ENUM_BUFFER;
//
// BUGBUG ScottBi - Someday these should be an imported interface.
//
// Unicode strings are counted 16-bit character strings.
// The Length field and MaximumLength fields specify number of bytes,
// (not wide-characters) in the string. So, this definition differs
// a bit from the real unicode string type.
//
typedef struct _LSAPR_UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
// BUGBUG - ScottBi - MIDL will raise an exception if Length is 0.
// Wrappers passing UNICODE STRINGS must pass NULL if string is length
// zero
[size_is(MaximumLength/2), length_is(Length/2)] PWSTR Buffer;
} LSAPR_UNICODE_STRING, *PLSAPR_UNICODE_STRING;
//
// ANSI counted string
//
typedef struct _LSAPR_STRING {
USHORT Length;
USHORT MaximumLength;
// [size_is(MaximumLength), length_is(Length)] PCHAR Buffer;
[size_is(MaximumLength)] PCHAR Buffer;
} LSAPR_STRING, *PLSAPR_STRING, LSAPR_ANSI_STRING, *PLSAPR_ANSI_STRING;
//
// RPC definition of an ACL. This must be manually maintained to be the same
// as the real ACL definition in ntseapi.h
//
#pragma warning(disable:4200)
typedef struct _LSAPR_ACL {
UCHAR AclRevision;
UCHAR Sbz1;
USHORT AclSize;
[size_is(AclSize - 4)] UCHAR Dummy1[*];
} LSAPR_ACL, *PLSAPR_ACL;
#pragma warning(default:4200)
//
// RPC'able security descriptor definition.
//
typedef struct _LSAPR_SECURITY_DESCRIPTOR {
UCHAR Revision;
UCHAR Sbz1;
SECURITY_DESCRIPTOR_CONTROL Control;
PLSAPR_SID Owner;
PLSAPR_SID Group;
PLSAPR_ACL Sacl;
PLSAPR_ACL Dacl;
} LSAPR_SECURITY_DESCRIPTOR, *PLSAPR_SECURITY_DESCRIPTOR;
//
// RPC'able Self-Relative Security Descriptor Definition.
//
typedef struct _LSAPR_SR_SECURITY_DESCRIPTOR {
ULONG Length;
[size_is(Length)] PUCHAR SecurityDescriptor;
} LSAPR_SR_SECURITY_DESCRIPTOR, *PLSAPR_SR_SECURITY_DESCRIPTOR;
typedef struct _LSAPR_LUID_AND_ATTRIBUTES {
OLD_LARGE_INTEGER Luid;
ULONG Attributes;
} LSAPR_LUID_AND_ATTRIBUTES, * PLSAPR_LUID_AND_ATTRIBUTES;
//
// Privilege Set - This is defined for a privilege set of one.
// If more than one privilege is needed, then this structure
// will need to be allocated with more space.
//
// Note: don't change this structure without fixing the INITIAL_PRIVILEGE_SET
// structure (defined in se.h)
//
#pragma warning(disable:4200)
typedef struct _LSAPR_PRIVILEGE_SET {
ULONG PrivilegeCount;
ULONG Control;
[size_is(PrivilegeCount)] LSAPR_LUID_AND_ATTRIBUTES Privilege[*];
} LSAPR_PRIVILEGE_SET, *PLSAPR_PRIVILEGE_SET, **PPLSAPR_PRIVILEGE_SET;
#pragma warning(default:4200)
//
// The following data type is used to return information about privileges
// defined on a system.
//
typedef struct _LSAPR_POLICY_PRIVILEGE_DEF {
LSAPR_UNICODE_STRING Name;
LUID LocalValue;
} LSAPR_POLICY_PRIVILEGE_DEF, *PLSAPR_POLICY_PRIVILEGE_DEF;
// where the members have the following usage:
//
// Name - Is the architected name of the privilege. This is the
// primary key of the privilege and the only value that is
// transportable between systems.
//
// Luid - is a LUID value assigned locally for efficient representation
// of the privilege. Ths value is meaningful only on the system it
// was assigned on and is not transportable in any way.
//
//
// The following structure is used to hold an array of returned Privileges.
//
typedef struct _LSAPR_PRIVILEGE_ENUM_BUFFER {
ULONG Entries;
[size_is(Entries)] PLSAPR_POLICY_PRIVILEGE_DEF Privileges;
} LSAPR_PRIVILEGE_ENUM_BUFFER, *PLSAPR_PRIVILEGE_ENUM_BUFFER;
//
// RPC'able Object Attributes structure for LSA use. Note that the
// OBJECT_ATTRIBUTES structure is LSA-specific in that the RootDirectory
// field is a handle of the specific type LSAPR_HANDLE.
//
// WARNING! This MUST be kept in sync with the corresponding structure in
// ntdef.h! Structure should be moved to an imported interface when
// possible.
//
typedef struct _LSAPR_OBJECT_ATTRIBUTES {
ULONG Length;
PUCHAR RootDirectory; // This field is not used
PSTRING ObjectName;
ULONG Attributes;
PLSAPR_SECURITY_DESCRIPTOR SecurityDescriptor;
PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
} LSAPR_OBJECT_ATTRIBUTES, *PLSAPR_OBJECT_ATTRIBUTES;
//
// Clear value structure
//
typedef struct _LSAPR_CR_CLEAR_VALUE {
ULONG Length;
ULONG MaximumLength;
[size_is(MaximumLength), length_is(Length)] PUCHAR Buffer;
} LSAPR_CR_CLEAR_VALUE, *PLSAPR_CR_CLEAR_VALUE;
//
// Two-way encrypted value structure in Self-relative form. This
// is just like a String.
//
typedef struct _LSAPR_CR_CIPHER_VALUE {
ULONG Length;
ULONG MaximumLength;
[size_is(MaximumLength), length_is(Length)] PUCHAR Buffer;
} LSAPR_CR_CIPHER_VALUE, *PLSAPR_CR_CIPHER_VALUE;
//
// LSA API Internal Function prototypes for RPC interface. Each function
// takes similar (but not always identical) parameters to its corresponding
// exported API. Client and server stubs are generated for the functions
// specified here. The client stubs are called by the wrapper functions
// in file rpcapi.c in the lsa\client directory.
//
//
// The following data type is used to identify a domain
//
typedef struct _LSAPR_TRUST_INFORMATION {
LSAPR_UNICODE_STRING Name;
PLSAPR_SID Sid;
} LSAPR_TRUST_INFORMATION, *PLSAPR_TRUST_INFORMATION;
// where members have the following usage:
//
// Name - The name of the domain.
//
// Sid - A pointer to the Sid of the Domain
//
//
//
// Trusted Domain Object Enumeration Buffer
//
typedef struct _LSAPR_TRUSTED_ENUM_BUFFER {
ULONG EntriesRead;
[size_is(EntriesRead)] PLSAPR_TRUST_INFORMATION Information;
} LSAPR_TRUSTED_ENUM_BUFFER, *PLSAPR_TRUSTED_ENUM_BUFFER;
//
// The following data type is used in name and SID lookup services to
// describe the domains referenced in the lookup operation.
//
typedef struct _LSAPR_REFERENCED_DOMAIN_LIST {
ULONG Entries;
[size_is(Entries)] PLSAPR_TRUST_INFORMATION Domains;
ULONG MaxEntries;
} LSAPR_REFERENCED_DOMAIN_LIST, *PLSAPR_REFERENCED_DOMAIN_LIST;
// where members have the following usage:
//
// Entries - Is a count of the number of domains described in the
// Domains array.
//
// Domains - Is a pointer to an array of Entries LSA_TRUST_INFORMATION data
// structures.
//
//
// The following data type is used in Sid to name lookup services to
// reference the list of domains referenced in the lookup operation
//
// BUGBUG - ScottBi - When midl supports the size_is operand in its
// full form with more than one operand, this intermediate structure
// can be eliminated.
//
typedef struct _LSAPR_TRANSLATED_SIDS {
ULONG Entries;
[size_is(Entries)] PLSA_TRANSLATED_SID Sids;
} LSAPR_TRANSLATED_SIDS, *PLSAPR_TRANSLATED_SIDS;
//
// The following data type is used in SID to name lookup services to
// describe the domains referenced in the lookup operation.
//
typedef struct _LSAPR_TRANSLATED_NAME {
SID_NAME_USE Use;
LSAPR_UNICODE_STRING Name;
LONG DomainIndex;
} LSAPR_TRANSLATED_NAME, *PLSAPR_TRANSLATED_NAME;
// where the members have the following usage:
//
// Use - Identifies the use of the name. If this value is SidUnknown
// or SidInvalid, then the remainder of the record is not set and
// should be ignored. If this value is SidWellKnownGroup then the
// Name field is invalid, but the DomainIndex field is not.
//
// Name - Contains the isolated name of the translated SID.
//
// DomainIndex - Is the index of an entry in a related
// LSA_REFERENCED_DOMAIN_LIST data structure describing the domain
// in which the account was found.
//
// If there is no corresponding reference domain for an entry, then
// this field will contain a negative value.
//
//
// The following data type is used in Sid to name lookup services to
// reference the list of domains referenced in the lookup operation
//
// BUGBUG - ScottBi - When midl supports the size_is operand in its
// full form with more than one operand, this intermediate structure
// can be eliminated.
//
typedef struct _LSAPR_TRANSLATED_NAMES {
ULONG Entries;
[size_is(Entries)] PLSAPR_TRANSLATED_NAME Names;
} LSAPR_TRANSLATED_NAMES, *PLSAPR_TRANSLATED_NAMES;
//
// The following structure corresponds to the PolicyAccountDomainInformation
// information class.
//
typedef struct _LSAPR_POLICY_ACCOUNT_DOM_INFO {
LSAPR_UNICODE_STRING DomainName;
PLSAPR_SID DomainSid;
} LSAPR_POLICY_ACCOUNT_DOM_INFO, *PLSAPR_POLICY_ACCOUNT_DOM_INFO;
// where the members have the following usage:
//
// DomainName - Is the name of the domain
//
// DomainSid - Is the Sid of the domain
//
//
// The following structure corresponds to the PolicyPrimaryDomainInformation
// information class.
//
typedef struct _LSAPR_POLICY_PRIMARY_DOM_INFO {
LSAPR_UNICODE_STRING Name;
PLSAPR_SID Sid;
} LSAPR_POLICY_PRIMARY_DOM_INFO, *PLSAPR_POLICY_PRIMARY_DOM_INFO;
// where the members have the following usage:
//
// Name - Is the name of the domain
//
// Sid - Is the Sid of the domain
//
//
// The following structure corresponds to the PolicyPdAccountInformation
// information class. This structure may be used in Query operations
// only.
//
typedef struct _LSAPR_POLICY_PD_ACCOUNT_INFO {
LSAPR_UNICODE_STRING Name;
} LSAPR_POLICY_PD_ACCOUNT_INFO, *PLSAPR_POLICY_PD_ACCOUNT_INFO;
// where the members have the following usage:
//
// Name - Is the name of an account in the domain that should be used
// for authentication and name/ID lookup requests.
//
//
// The following structure corresponds to the PolicyReplicaSourceInformation
// information class.
//
typedef struct _LSAPR_POLICY_REPLICA_SRCE_INFO {
LSAPR_UNICODE_STRING ReplicaSource;
LSAPR_UNICODE_STRING ReplicaAccountName;
} LSAPR_POLICY_REPLICA_SRCE_INFO, *PLSAPR_POLICY_REPLICA_SRCE_INFO;
typedef struct _LSAPR_POLICY_AUDIT_EVENTS_INFO {
BOOLEAN AuditingMode;
[size_is(MaximumAuditEventCount)] PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions;
ULONG MaximumAuditEventCount;
} LSAPR_POLICY_AUDIT_EVENTS_INFO, *PLSAPR_POLICY_AUDIT_EVENTS_INFO;
//
// The following data type is used to hold Policy Information
// of a given class.
//
typedef [switch_type(POLICY_INFORMATION_CLASS)] union
_LSAPR_POLICY_INFORMATION {
[case(PolicyAuditLogInformation)] POLICY_AUDIT_LOG_INFO PolicyAuditLogInfo;
[case(PolicyAuditEventsInformation)] LSAPR_POLICY_AUDIT_EVENTS_INFO PolicyAuditEventsInfo;
[case(PolicyPrimaryDomainInformation)] LSAPR_POLICY_PRIMARY_DOM_INFO PolicyPrimaryDomainInfo;
[case(PolicyAccountDomainInformation)] LSAPR_POLICY_ACCOUNT_DOM_INFO PolicyAccountDomainInfo;
[case(PolicyPdAccountInformation)] LSAPR_POLICY_PD_ACCOUNT_INFO PolicyPdAccountInfo;
[case(PolicyLsaServerRoleInformation)] POLICY_LSA_SERVER_ROLE_INFO PolicyServerRoleInfo;
[case(PolicyReplicaSourceInformation)] LSAPR_POLICY_REPLICA_SRCE_INFO PolicyReplicaSourceInfo;
[case(PolicyDefaultQuotaInformation)] POLICY_DEFAULT_QUOTA_INFO PolicyDefaultQuotaInfo;
[case(PolicyModificationInformation)] POLICY_MODIFICATION_INFO PolicyModificationInfo;
[case(PolicyAuditFullSetInformation)] POLICY_AUDIT_FULL_SET_INFO PolicyAuditFullSetInfo;
[case(PolicyAuditFullQueryInformation)] POLICY_AUDIT_FULL_QUERY_INFO PolicyAuditFullQueryInfo;
} LSAPR_POLICY_INFORMATION;
typedef LSAPR_POLICY_INFORMATION *PLSAPR_POLICY_INFORMATION;
//
// Account object type-specific Access Types
//
#define LSA_ACCOUNT_VIEW 0x00000001L
#define LSA_ACCOUNT_ADJUST_PRIVILEGES 0x00000002L
#define LSA_ACCOUNT_ADJUST_QUOTAS 0x00000004L
#define LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS 0x00000008L
#define LSA_ACCOUNT_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | \
LSA_ACCOUNT_VIEW | \
LSA_ACCOUNT_ADJUST_PRIVILEGES | \
LSA_ACCOUNT_ADJUST_QUOTAS | \
LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS )
//
// The following data type corresponds to the TrustedDomainNameInformation
// information class.
//
typedef struct _LSAPR_TRUSTED_DOMAIN_NAME_INFO {
LSAPR_UNICODE_STRING Name;
} LSAPR_TRUSTED_DOMAIN_NAME_INFO, *PLSAPR_TRUSTED_DOMAIN_NAME_INFO;
//
// The following data type corresponds to the TrustedControllersInformation
// information class.
//
typedef struct _LSAPR_TRUSTED_CONTROLLERS_INFO {
ULONG Entries;
[size_is(Entries)] PLSAPR_UNICODE_STRING Names;
} LSAPR_TRUSTED_CONTROLLERS_INFO, *PLSAPR_TRUSTED_CONTROLLERS_INFO;
// where members have the following meaning:
//
// Entries - Indicate how mamy entries there are in the Names array.
//
// Names - Pointer to an array of UNICODE_STRING structures containing the
// names of domain controllers of the domain. This information may not
// be accurate and should be used only as a hint. The order of this
// list is considered significant and will be maintained.
//
// By convention, the first name in this list is assumed to be the
// Primary Domain Controller of the domain. If the Primary Domain
// Controller is not known, the first name should be set to the NULL
// string.
//
//
// The following data type corresponds to the TrustedPasswordInformation
// information class.
//
typedef struct _LSAPR_TRUSTED_PASSWORD_INFO {
PLSAPR_CR_CIPHER_VALUE Password;
PLSAPR_CR_CIPHER_VALUE OldPassword;
} LSAPR_TRUSTED_PASSWORD_INFO, *PLSAPR_TRUSTED_PASSWORD_INFO;
// where members have the following meaning:
//
// Password - Contains new password for the trusted domain
//
// OldPassword - Optionally contains the old password for the trusted
// domain.
//
//
// The following data type is used to hold Trusted Domain Information
// of a given class.
//
typedef [switch_type(TRUSTED_INFORMATION_CLASS)] union
_LSAPR_TRUSTED_DOMAIN_INFO {
[case(TrustedDomainNameInformation)] LSAPR_TRUSTED_DOMAIN_NAME_INFO TrustedDomainNameInfo;
[case(TrustedControllersInformation)] LSAPR_TRUSTED_CONTROLLERS_INFO TrustedControllersInfo;
[case(TrustedPosixOffsetInformation)] TRUSTED_POSIX_OFFSET_INFO TrustedPosixOffsetInfo;
[case(TrustedPasswordInformation)] LSAPR_TRUSTED_PASSWORD_INFO TrustedPasswordInfo;
} LSAPR_TRUSTED_DOMAIN_INFO;
typedef LSAPR_TRUSTED_DOMAIN_INFO *PLSAPR_TRUSTED_DOMAIN_INFO;
//
// New types for NT3.51 - PPC release
//
typedef PLSAPR_UNICODE_STRING PLSAPR_UNICODE_STRING_ARRAY;
typedef struct _LSAPR_USER_RIGHT_SET {
ULONG Entries;
[size_is(Entries)] PLSAPR_UNICODE_STRING_ARRAY UserRights;
} LSAPR_USER_RIGHT_SET, *PLSAPR_USER_RIGHT_SET;
////////////////////////////////////////////////////////////////////////////
// //
// Local Security Policy - Miscellaneous API function prototypes //
// //
////////////////////////////////////////////////////////////////////////////
NTSTATUS
LsarClose(
[in,out] LSAPR_HANDLE *ObjectHandle
);
//
// This routine is being superseded by LsarDeleteObject. The reason is
// that a pointer to a handle rather than a handle is essential so that
// RPC on the server side can clean up. Because of the need for RPC
// interface comaptibility, the new routine has been added at the end
// of the interface,
//
NTSTATUS
LsarDelete(
[in] LSAPR_HANDLE ObjectHandle
);
NTSTATUS
LsarEnumeratePrivileges(
[in] LSAPR_HANDLE PolicyHandle,
[in, out] PLSA_ENUMERATION_HANDLE EnumerationContext,
[out] PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer,
[in] ULONG PreferedMaximumLength
);
NTSTATUS
LsarQuerySecurityObject(
[in] LSAPR_HANDLE ObjectHandle,
[in] SECURITY_INFORMATION SecurityInformation,
[out] PLSAPR_SR_SECURITY_DESCRIPTOR *SecurityDescriptor
);
NTSTATUS
LsarSetSecurityObject(
[in] LSAPR_HANDLE ObjectHandle,
[in] SECURITY_INFORMATION SecurityInformation,
[in] PLSAPR_SR_SECURITY_DESCRIPTOR SecurityDescriptor
);
NTSTATUS
LsarChangePassword(
[in] PLSAPR_UNICODE_STRING ServerName,
[in] PLSAPR_UNICODE_STRING DomainName,
[in] PLSAPR_UNICODE_STRING AccountName,
[in] PLSAPR_UNICODE_STRING OldPassword,
[in] PLSAPR_UNICODE_STRING NewPassword
);
///////////////////////////////////////////////////////////////////////////////
// //
// Local Security Policy - Policy Object API function prototypes //
// //
///////////////////////////////////////////////////////////////////////////////
NTSTATUS
LsarOpenPolicy(
[in,unique] PLSAPR_SERVER_NAME SystemName,
[in] PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes,
[in] ACCESS_MASK DesiredAccess,
[out] LSAPR_HANDLE *PolicyHandle
);
NTSTATUS
LsarQueryInformationPolicy(
[in] LSAPR_HANDLE PolicyHandle,
[in] POLICY_INFORMATION_CLASS InformationClass,
[out, switch_is(InformationClass)]
PLSAPR_POLICY_INFORMATION *PolicyInformation
);
NTSTATUS
LsarSetInformationPolicy(
[in] LSAPR_HANDLE PolicyHandle,
[in] POLICY_INFORMATION_CLASS InformationClass,
[in, switch_is(InformationClass)]
PLSAPR_POLICY_INFORMATION PolicyInformation
);
NTSTATUS
LsarClearAuditLog(
[in] LSAPR_HANDLE PolicyHandle
);
NTSTATUS
LsarCreateAccount(
[in] LSAPR_HANDLE PolicyHandle,
[in] PLSAPR_SID AccountSid,
[in] ACCESS_MASK DesiredAccess,
[out] LSAPR_HANDLE *AccountHandle
);
NTSTATUS
LsarEnumerateAccounts(
[in] LSAPR_HANDLE PolicyHandle,
[in] [out] PLSA_ENUMERATION_HANDLE EnumerationContext,
[out] PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer,
[in] ULONG PreferedMaximumLength
);
NTSTATUS
LsarCreateTrustedDomain(
[in] LSAPR_HANDLE PolicyHandle,
[in] PLSAPR_TRUST_INFORMATION TrustedDomainInformation,
[in] ACCESS_MASK DesiredAccess,
[out] LSAPR_HANDLE *TrustedDomainHandle
);
NTSTATUS
LsarEnumerateTrustedDomains(
[in] LSAPR_HANDLE PolicyHandle,
[in] [out] PLSA_ENUMERATION_HANDLE EnumerationContext,
[out] PLSAPR_TRUSTED_ENUM_BUFFER EnumerationBuffer,
[in] ULONG PreferedMaximumLength
);
NTSTATUS
LsarLookupNames(
[in] LSAPR_HANDLE PolicyHandle,
[in] ULONG Count,
[in, size_is(Count)] PLSAPR_UNICODE_STRING Names,
[out] PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
[in, out] PLSAPR_TRANSLATED_SIDS TranslatedSids,
[in] LSAP_LOOKUP_LEVEL LookupLevel,
[in, out] PULONG MappedCount
);
NTSTATUS
LsarLookupSids(
[in] LSAPR_HANDLE PolicyHandle,
[in] PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
[out] PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
[in, out] PLSAPR_TRANSLATED_NAMES TranslatedNames,
[in] LSAP_LOOKUP_LEVEL LookupLevel,
[in, out] PULONG MappedCount
);
NTSTATUS
LsarCreateSecret(
[in] LSAPR_HANDLE PolicyHandle,
[in] PLSAPR_UNICODE_STRING SecretName,
[in] ACCESS_MASK DesiredAccess,
[out] LSAPR_HANDLE *SecretHandle
);
///////////////////////////////////////////////////////////////////////////////
// //
// Local Security Policy - Account Object API function prototypes //
// //
///////////////////////////////////////////////////////////////////////////////
NTSTATUS
LsarOpenAccount(
[in] LSAPR_HANDLE PolicyHandle,
[in] PLSAPR_SID AccountSid,
[in] ACCESS_MASK DesiredAccess,
[out] LSAPR_HANDLE *AccountHandle
);
NTSTATUS
LsarEnumeratePrivilegesAccount(
[in] LSAPR_HANDLE AccountHandle,
[out] PLSAPR_PRIVILEGE_SET *Privileges
);
NTSTATUS
LsarAddPrivilegesToAccount(
[in] LSAPR_HANDLE AccountHandle,
[in] PLSAPR_PRIVILEGE_SET Privileges
);
NTSTATUS
LsarRemovePrivilegesFromAccount(
[in] LSAPR_HANDLE AccountHandle,
[in] BOOLEAN AllPrivileges,
[in, unique] PLSAPR_PRIVILEGE_SET Privileges
);
NTSTATUS
LsarGetQuotasForAccount(
[in] LSAPR_HANDLE AccountHandle,
[out] PQUOTA_LIMITS QuotaLimits
);
NTSTATUS
LsarSetQuotasForAccount(
[in] LSAPR_HANDLE AccountHandle,
[in] PQUOTA_LIMITS QuotaLimits
);
NTSTATUS
LsarGetSystemAccessAccount(
[in] LSAPR_HANDLE AccountHandle,
[out] PULONG SystemAccess
);
NTSTATUS
LsarSetSystemAccessAccount(
[in] LSAPR_HANDLE AccountHandle,
[in] ULONG SystemAccess
);
///////////////////////////////////////////////////////////////////////////////
// //
// Local Security Policy - Trusted Domain Object API function prototypes //
// //
///////////////////////////////////////////////////////////////////////////////
NTSTATUS
LsarOpenTrustedDomain(
[in] LSAPR_HANDLE PolicyHandle,
[in] PLSAPR_SID TrustedDomainSid,
[in] ACCESS_MASK DesiredAccess,
[out] LSAPR_HANDLE *TrustedDomainHandle
);
NTSTATUS
LsarQueryInfoTrustedDomain(
[in] LSAPR_HANDLE TrustedDomainHandle,
[in] TRUSTED_INFORMATION_CLASS InformationClass,
[out, switch_is(InformationClass)]
PLSAPR_TRUSTED_DOMAIN_INFO *TrustedDomainInformation
);
NTSTATUS
LsarSetInformationTrustedDomain(
[in] LSAPR_HANDLE TrustedDomainHandle,
[in] TRUSTED_INFORMATION_CLASS InformationClass,
[in, switch_is(InformationClass)]
PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation
);
///////////////////////////////////////////////////////////////////////////////
// //
// Local Security Policy - Secret Object API function prototypes //
// //
///////////////////////////////////////////////////////////////////////////////
NTSTATUS
LsarOpenSecret(
[in] LSAPR_HANDLE PolicyHandle,
[in] PLSAPR_UNICODE_STRING SecretName,
[in] ACCESS_MASK DesiredAccess,
[out] LSAPR_HANDLE *SecretHandle
);
NTSTATUS
LsarSetSecret(
[in] LSAPR_HANDLE SecretHandle,
[in, unique] PLSAPR_CR_CIPHER_VALUE EncryptedCurrentValue,
[in, unique] PLSAPR_CR_CIPHER_VALUE EncryptedOldValue
);
NTSTATUS
LsarQuerySecret(
[in] LSAPR_HANDLE SecretHandle,
[in, out, unique] PLSAPR_CR_CIPHER_VALUE *EncryptedCurrentValue,
[in, out, unique] PLARGE_INTEGER CurrentValueSetTime,
[in, out, unique] PLSAPR_CR_CIPHER_VALUE *EncryptedOldValue,
[in, out, unique] PLARGE_INTEGER OldValueSetTime
);
/////////////////////////////////////////////////////////////////////////
// //
// Local Security Policy - Privilege Object API Prototypes //
// //
/////////////////////////////////////////////////////////////////////////
NTSTATUS
LsarLookupPrivilegeValue(
[in] LSAPR_HANDLE PolicyHandle,
[in] PLSAPR_UNICODE_STRING Name,
[out] PLUID Value
);
NTSTATUS
LsarLookupPrivilegeName(
[in] LSAPR_HANDLE PolicyHandle,
[in] PLUID Value,
[out] PLSAPR_UNICODE_STRING *Name
);
NTSTATUS
LsarLookupPrivilegeDisplayName(
[in] LSAPR_HANDLE PolicyHandle,
[in] PLSAPR_UNICODE_STRING Name,
[in] SHORT ClientLanguage,
[in] SHORT ClientSystemDefaultLanguage,
[out] PLSAPR_UNICODE_STRING *DisplayName,
[out] PWORD LanguageReturned
);
//
// Important note:
//
// This routine will supersede LsarDelete. The difference is that, as on
// LsarClose a pointer to a handle is required rather than a handle so that
// LsarDeleteObject() can inform the RPC server calling stub that the handle
// has been deleted by returning NULL.
//
NTSTATUS
LsarDeleteObject(
[in,out] LSAPR_HANDLE *ObjectHandle
);
//
// These APIs are new for nt 3.51 (PPC release) and will be emulated when
// talking to old servers.
//
NTSTATUS
LsarEnumerateAccountsWithUserRight(
[in] LSAPR_HANDLE PolicyHandle,
[in,unique] PLSAPR_UNICODE_STRING UserRight,
[out] PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer
);
NTSTATUS
LsarEnumerateAccountRights(
[in] LSAPR_HANDLE PolicyHandle,
[in] PLSAPR_SID AccountSid,
[out] PLSAPR_USER_RIGHT_SET UserRights
);
NTSTATUS
LsarAddAccountRights(
[in] LSAPR_HANDLE PolicyHandle,
[in] PLSAPR_SID AccountSid,
[in] PLSAPR_USER_RIGHT_SET UserRights
);
NTSTATUS
LsarRemoveAccountRights(
[in] LSAPR_HANDLE PolicyHandle,
[in] PLSAPR_SID AccountSid,
[in] BOOLEAN AllRights,
[in] PLSAPR_USER_RIGHT_SET UserRights
);
NTSTATUS
LsarQueryTrustedDomainInfo(
[in] LSAPR_HANDLE PolicyHandle,
[in] PLSAPR_SID TrustedDomainSid,
[in] TRUSTED_INFORMATION_CLASS InformationClass,
[out, switch_is(InformationClass)]
PLSAPR_TRUSTED_DOMAIN_INFO * TrustedDomainInformation
);
NTSTATUS
LsarSetTrustedDomainInfo(
[in] LSAPR_HANDLE PolicyHandle,
[in] PLSAPR_SID TrustedDomainSid,
[in] TRUSTED_INFORMATION_CLASS InformationClass,
[in, switch_is(InformationClass)]
PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation
);
NTSTATUS
LsarDeleteTrustedDomain(
[in] LSAPR_HANDLE PolicyHandle,
[in] PLSAPR_SID TrustedDomainSid
);
NTSTATUS
LsarStorePrivateData(
[in] LSAPR_HANDLE PolicyHandle,
[in] PLSAPR_UNICODE_STRING KeyName,
[in,unique] PLSAPR_CR_CIPHER_VALUE EncryptedData
);
NTSTATUS
LsarRetrievePrivateData(
[in] LSAPR_HANDLE PolicyHandle,
[in] PLSAPR_UNICODE_STRING KeyName,
[in, out] PLSAPR_CR_CIPHER_VALUE *EncryptedData
);
NTSTATUS
LsarOpenPolicy2(
[in,unique,string] PLSAPR_SERVER_NAME SystemName,
[in] PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes,
[in] ACCESS_MASK DesiredAccess,
[out] LSAPR_HANDLE *PolicyHandle
);
NTSTATUS
LsarGetUserName(
[in,unique,string] PLSAPR_SERVER_NAME SystemName,
[in,out] PLSAPR_UNICODE_STRING * UserName,
[in,out,unique] PLSAPR_UNICODE_STRING * DomainName
);
}
|