summaryrefslogtreecommitdiffstats
path: root/public/sdk/inc/ntsecapi.h
diff options
context:
space:
mode:
Diffstat (limited to 'public/sdk/inc/ntsecapi.h')
-rw-r--r--public/sdk/inc/ntsecapi.h1148
1 files changed, 1148 insertions, 0 deletions
diff --git a/public/sdk/inc/ntsecapi.h b/public/sdk/inc/ntsecapi.h
new file mode 100644
index 000000000..be6341b57
--- /dev/null
+++ b/public/sdk/inc/ntsecapi.h
@@ -0,0 +1,1148 @@
+/*++ BUILD Version: 0006 Increment this if a change has global effects
+
+Copyright (c) 1990-1996 Microsoft Corporation
+
+Module Name:
+
+ ntsecapi.h
+
+Abstract:
+
+ This module defines the Local Security Authority APIs.
+
+Revision History:
+
+--*/
+
+#ifndef _NTSECAPI_
+#define _NTSECAPI_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef _NTDEF_
+typedef LONG NTSTATUS, *PNTSTATUS;
+#endif
+
+#ifndef _NTLSA_IFS_
+// begin_ntifs
+
+
+//
+// Security operation mode of the system is held in a control
+// longword.
+//
+
+typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE;
+
+// end_ntifs
+#endif // _NTLSA_IFS_
+
+//
+// The flags in the security operational mode are defined
+// as:
+//
+// PasswordProtected - Some level of authentication (such as
+// a password) must be provided by users before they are
+// allowed to use the system. Once set, this value will
+// not be cleared without re-booting the system.
+//
+// IndividualAccounts - Each user must identify an account to
+// logon to. This flag is only meaningful if the
+// PasswordProtected flag is also set. If this flag is
+// not set and the PasswordProtected flag is set, then all
+// users may logon to the same account. Once set, this value
+// will not be cleared without re-booting the system.
+//
+// MandatoryAccess - Indicates the system is running in a mandatory
+// access control mode (e.g., B-level as defined by the U.S.A's
+// Department of Defense's "Orange Book"). This is not utilized
+// in the current release of NT. This flag is only meaningful
+// if both the PasswordProtected and IndividualAccounts flags are
+// set. Once set, this value will not be cleared without
+// re-booting the system.
+//
+// LogFull - Indicates the system has been brought up in a mode in
+// which if must perform security auditing, but its audit log
+// is full. This may (should) restrict the operations that
+// can occur until the audit log is made not-full again. THIS
+// VALUE MAY BE CLEARED WHILE THE SYSTEM IS RUNNING (I.E., WITHOUT
+// REBOOTING).
+//
+// If the PasswordProtected flag is not set, then the system is running
+// without security, and user interface should be adjusted appropriately.
+//
+
+#define LSA_MODE_PASSWORD_PROTECTED (0x00000001L)
+#define LSA_MODE_INDIVIDUAL_ACCOUNTS (0x00000002L)
+#define LSA_MODE_MANDATORY_ACCESS (0x00000004L)
+#define LSA_MODE_LOG_FULL (0x00000008L)
+
+#ifndef _NTLSA_IFS_
+// begin_ntifs
+//
+// Used by a logon process to indicate what type of logon is being
+// requested.
+// NOTE: Proxy logon type is not currently supported in NT 3.x
+//
+
+typedef enum _SECURITY_LOGON_TYPE {
+ Interactive = 2, // Interactively logged on (locally or remotely)
+ Network, // Accessing system via network
+ Batch, // Started via a batch queue
+ Service, // Service started by service controller
+ Proxy, // Proxy logon
+ Unlock // Unlock workstation
+} SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE;
+
+// end_ntifs
+#endif // _NTLSA_IFS_
+
+
+//
+// Audit Event Categories
+//
+// The following are the built-in types or Categories of audit event.
+// WARNING! This structure is subject to expansion. The user should not
+// compute the number of elements of this type directly, but instead
+// should obtain the count of elements by calling LsaQueryInformationPolicy()
+// for the PolicyAuditEventsInformation class and extracting the count from
+// the MaximumAuditEventCount field of the returned structure.
+//
+
+typedef enum _POLICY_AUDIT_EVENT_TYPE {
+
+ AuditCategorySystem,
+ AuditCategoryLogon,
+ AuditCategoryObjectAccess,
+ AuditCategoryPrivilegeUse,
+ AuditCategoryDetailedTracking,
+ AuditCategoryPolicyChange,
+ AuditCategoryAccountManagement
+
+} POLICY_AUDIT_EVENT_TYPE, *PPOLICY_AUDIT_EVENT_TYPE;
+
+
+//
+// The following defines describe the auditing options for each
+// event type
+//
+
+// Leave options specified for this event unchanged
+
+#define POLICY_AUDIT_EVENT_UNCHANGED (0x00000000L)
+
+// Audit successful occurrences of events of this type
+
+#define POLICY_AUDIT_EVENT_SUCCESS (0x00000001L)
+
+// Audit failed attempts to cause an event of this type to occur
+
+#define POLICY_AUDIT_EVENT_FAILURE (0x00000002L)
+
+#define POLICY_AUDIT_EVENT_NONE (0x00000004L)
+
+// Mask of valid event auditing options
+
+#define POLICY_AUDIT_EVENT_MASK \
+ (POLICY_AUDIT_EVENT_SUCCESS | \
+ POLICY_AUDIT_EVENT_FAILURE | \
+ POLICY_AUDIT_EVENT_UNCHANGED | \
+ POLICY_AUDIT_EVENT_NONE)
+
+
+#ifdef _NTDEF_
+// begin_ntifs
+typedef UNICODE_STRING LSA_UNICODE_STRING, *PLSA_UNICODE_STRING;
+typedef STRING LSA_STRING, *PLSA_STRING;
+typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES;
+// end_ntifs
+#else // _NTDEF_
+
+#ifndef IN
+#define IN
+#endif
+
+#ifndef OUT
+#define OUT
+#endif
+
+#ifndef OPTIONAL
+#define OPTIONAL
+#endif
+
+
+typedef struct _LSA_UNICODE_STRING {
+ USHORT Length;
+ USHORT MaximumLength;
+ PWSTR Buffer;
+} LSA_UNICODE_STRING, *PLSA_UNICODE_STRING;
+
+typedef struct _LSA_STRING {
+ USHORT Length;
+ USHORT MaximumLength;
+ PCHAR Buffer;
+} LSA_STRING, *PLSA_STRING;
+
+typedef struct _LSA_OBJECT_ATTRIBUTES {
+ ULONG Length;
+ HANDLE RootDirectory;
+ PLSA_UNICODE_STRING ObjectName;
+ ULONG Attributes;
+ PVOID SecurityDescriptor; // Points to type SECURITY_DESCRIPTOR
+ PVOID SecurityQualityOfService; // Points to type SECURITY_QUALITY_OF_SERVICE
+} LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES;
+
+
+
+#endif // _NTDEF_
+
+//
+// Macro for determining whether an API succeeded.
+//
+
+#define LSA_SUCCESS(Error) ((LONG)(Error) >= 0)
+
+#ifndef _NTLSA_IFS_
+// begin_ntifs
+
+NTSTATUS
+NTAPI
+LsaRegisterLogonProcess (
+ IN PLSA_STRING LogonProcessName,
+ OUT PHANDLE LsaHandle,
+ OUT PLSA_OPERATIONAL_MODE SecurityMode
+ );
+
+// end_ntifs
+// begin_ntsrv
+
+NTSTATUS
+NTAPI
+LsaLogonUser (
+ IN HANDLE LsaHandle,
+ IN PLSA_STRING OriginName,
+ IN SECURITY_LOGON_TYPE LogonType,
+ IN ULONG AuthenticationPackage,
+ IN PVOID AuthenticationInformation,
+ IN ULONG AuthenticationInformationLength,
+ IN PTOKEN_GROUPS LocalGroups OPTIONAL,
+ IN PTOKEN_SOURCE SourceContext,
+ OUT PVOID *ProfileBuffer,
+ OUT PULONG ProfileBufferLength,
+ OUT PLUID LogonId,
+ OUT PHANDLE Token,
+ OUT PQUOTA_LIMITS Quotas,
+ OUT PNTSTATUS SubStatus
+ );
+
+
+// end_ntsrv
+// begin_ntifs
+
+NTSTATUS
+NTAPI
+LsaLookupAuthenticationPackage (
+ IN HANDLE LsaHandle,
+ IN PLSA_STRING PackageName,
+ OUT PULONG AuthenticationPackage
+ );
+
+NTSTATUS
+NTAPI
+LsaFreeReturnBuffer (
+ IN PVOID Buffer
+ );
+
+NTSTATUS
+NTAPI
+LsaCallAuthenticationPackage (
+ IN HANDLE LsaHandle,
+ IN ULONG AuthenticationPackage,
+ IN PVOID ProtocolSubmitBuffer,
+ IN ULONG SubmitBufferLength,
+ OUT PVOID *ProtocolReturnBuffer,
+ OUT PULONG ReturnBufferLength,
+ OUT PNTSTATUS ProtocolStatus
+ );
+
+
+NTSTATUS
+NTAPI
+LsaDeregisterLogonProcess (
+ IN HANDLE LsaHandle
+ );
+
+NTSTATUS
+NTAPI
+LsaConnectUntrusted (
+ OUT PHANDLE LsaHandle
+ );
+
+
+// end_ntifs
+#endif // _NTLSA_IFS_
+
+////////////////////////////////////////////////////////////////////////////
+// //
+// Local Security Policy Administration API datatypes and defines //
+// //
+////////////////////////////////////////////////////////////////////////////
+
+//
+// Access types for the Policy object
+//
+
+#define POLICY_VIEW_LOCAL_INFORMATION 0x00000001L
+#define POLICY_VIEW_AUDIT_INFORMATION 0x00000002L
+#define POLICY_GET_PRIVATE_INFORMATION 0x00000004L
+#define POLICY_TRUST_ADMIN 0x00000008L
+#define POLICY_CREATE_ACCOUNT 0x00000010L
+#define POLICY_CREATE_SECRET 0x00000020L
+#define POLICY_CREATE_PRIVILEGE 0x00000040L
+#define POLICY_SET_DEFAULT_QUOTA_LIMITS 0x00000080L
+#define POLICY_SET_AUDIT_REQUIREMENTS 0x00000100L
+#define POLICY_AUDIT_LOG_ADMIN 0x00000200L
+#define POLICY_SERVER_ADMIN 0x00000400L
+#define POLICY_LOOKUP_NAMES 0x00000800L
+
+#define POLICY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
+ POLICY_VIEW_LOCAL_INFORMATION |\
+ POLICY_VIEW_AUDIT_INFORMATION |\
+ POLICY_GET_PRIVATE_INFORMATION |\
+ POLICY_TRUST_ADMIN |\
+ POLICY_CREATE_ACCOUNT |\
+ POLICY_CREATE_SECRET |\
+ POLICY_CREATE_PRIVILEGE |\
+ POLICY_SET_DEFAULT_QUOTA_LIMITS |\
+ POLICY_SET_AUDIT_REQUIREMENTS |\
+ POLICY_AUDIT_LOG_ADMIN |\
+ POLICY_SERVER_ADMIN |\
+ POLICY_LOOKUP_NAMES )
+
+
+#define POLICY_READ (STANDARD_RIGHTS_READ |\
+ POLICY_VIEW_AUDIT_INFORMATION |\
+ POLICY_GET_PRIVATE_INFORMATION)
+
+#define POLICY_WRITE (STANDARD_RIGHTS_WRITE |\
+ POLICY_TRUST_ADMIN |\
+ POLICY_CREATE_ACCOUNT |\
+ POLICY_CREATE_SECRET |\
+ POLICY_CREATE_PRIVILEGE |\
+ POLICY_SET_DEFAULT_QUOTA_LIMITS |\
+ POLICY_SET_AUDIT_REQUIREMENTS |\
+ POLICY_AUDIT_LOG_ADMIN |\
+ POLICY_SERVER_ADMIN)
+
+#define POLICY_EXECUTE (STANDARD_RIGHTS_EXECUTE |\
+ POLICY_VIEW_LOCAL_INFORMATION |\
+ POLICY_LOOKUP_NAMES )
+
+
+//
+// Policy object specific data types.
+//
+
+//
+// The following data type is used to identify a domain
+//
+
+typedef struct _LSA_TRUST_INFORMATION {
+
+ LSA_UNICODE_STRING Name;
+ PSID Sid;
+
+} LSA_TRUST_INFORMATION, *PLSA_TRUST_INFORMATION;
+
+// where members have the following usage:
+//
+// Name - The name of the domain.
+//
+// Sid - A pointer to the Sid of the Domain
+//
+
+//
+// The following data type is used in name and SID lookup services to
+// describe the domains referenced in the lookup operation.
+//
+
+typedef struct _LSA_REFERENCED_DOMAIN_LIST {
+
+ ULONG Entries;
+ PLSA_TRUST_INFORMATION Domains;
+
+} LSA_REFERENCED_DOMAIN_LIST, *PLSA_REFERENCED_DOMAIN_LIST;
+
+// where members have the following usage:
+//
+// Entries - Is a count of the number of domains described in the
+// Domains array.
+//
+// Domains - Is a pointer to an array of Entries LSA_TRUST_INFORMATION data
+// structures.
+//
+
+
+//
+// The following data type is used in name to SID lookup services to describe
+// the domains referenced in the lookup operation.
+//
+
+typedef struct _LSA_TRANSLATED_SID {
+
+ SID_NAME_USE Use;
+ ULONG RelativeId;
+ LONG DomainIndex;
+
+} LSA_TRANSLATED_SID, *PLSA_TRANSLATED_SID;
+
+// where members have the following usage:
+//
+// Use - identifies the use of the SID. If this value is SidUnknown or
+// SidInvalid, then the remainder of the record is not set and
+// should be ignored.
+//
+// RelativeId - Contains the relative ID of the translated SID. The
+// remainder of the SID (the prefix) is obtained using the
+// DomainIndex field.
+//
+// DomainIndex - Is the index of an entry in a related
+// LSA_REFERENCED_DOMAIN_LIST data structure describing the
+// domain in which the account was found.
+//
+// If there is no corresponding reference domain for an entry, then
+// this field will contain a negative value.
+//
+
+
+//
+// The following data type is used in SID to name lookup services to
+// describe the domains referenced in the lookup operation.
+//
+
+typedef struct _LSA_TRANSLATED_NAME {
+
+ SID_NAME_USE Use;
+ LSA_UNICODE_STRING Name;
+ LONG DomainIndex;
+
+} LSA_TRANSLATED_NAME, *PLSA_TRANSLATED_NAME;
+
+// where the members have the following usage:
+//
+// Use - Identifies the use of the name. If this value is SidUnknown
+// or SidInvalid, then the remainder of the record is not set and
+// should be ignored. If this value is SidWellKnownGroup then the
+// Name field is invalid, but the DomainIndex field is not.
+//
+// Name - Contains the isolated name of the translated SID.
+//
+// DomainIndex - Is the index of an entry in a related
+// LSA_REFERENCED_DOMAIN_LIST data structure describing the domain
+// in which the account was found.
+//
+// If there is no corresponding reference domain for an entry, then
+// this field will contain a negative value.
+//
+
+
+//
+// The following data type is used to represent the role of the LSA
+// server (primary or backup).
+//
+
+typedef enum _POLICY_LSA_SERVER_ROLE {
+
+ PolicyServerRoleBackup = 2,
+ PolicyServerRolePrimary
+
+} POLICY_LSA_SERVER_ROLE, *PPOLICY_LSA_SERVER_ROLE;
+
+
+//
+// The following data type is used to represent the state of the LSA
+// server (enabled or disabled). Some operations may only be performed on
+// an enabled LSA server.
+//
+
+typedef enum _POLICY_SERVER_ENABLE_STATE {
+
+ PolicyServerEnabled = 2,
+ PolicyServerDisabled
+
+} POLICY_SERVER_ENABLE_STATE, *PPOLICY_SERVER_ENABLE_STATE;
+
+
+//
+// The following data type is used to specify the auditing options for
+// an Audit Event Type.
+//
+
+typedef ULONG POLICY_AUDIT_EVENT_OPTIONS, *PPOLICY_AUDIT_EVENT_OPTIONS;
+
+// where the following flags can be set:
+//
+// POLICY_AUDIT_EVENT_UNCHANGED - Leave existing auditing options
+// unchanged for events of this type. This flag is only used for
+// set operations. If this flag is set, then all other flags
+// are ignored.
+//
+// POLICY_AUDIT_EVENT_NONE - Cancel all auditing options for events
+// of this type. If this flag is set, the success/failure flags
+// are ignored.
+//
+// POLICY_AUDIT_EVENT_SUCCESS - When auditing is enabled, audit all
+// successful occurrences of events of the given type.
+//
+// POLICY_AUDIT_EVENT_FAILURE - When auditing is enabled, audit all
+// unsuccessful occurrences of events of the given type.
+//
+
+
+
+//
+// The following data type is used to return information about privileges
+// defined on a system.
+//
+
+typedef struct _POLICY_PRIVILEGE_DEFINITION {
+
+ LSA_UNICODE_STRING Name;
+ LUID LocalValue;
+
+} POLICY_PRIVILEGE_DEFINITION, *PPOLICY_PRIVILEGE_DEFINITION;
+
+// where the members have the following usage:
+//
+// Name - Is the architected name of the privilege. This is the
+// primary key of the privilege and the only value that is
+// transportable between systems.
+//
+// Luid - is a LUID value assigned locally for efficient representation
+// of the privilege. Ths value is meaningful only on the system it
+// was assigned on and is not transportable in any way.
+//
+
+
+//
+// The following data type defines the classes of Policy Information
+// that may be queried/set.
+//
+
+typedef enum _POLICY_INFORMATION_CLASS {
+
+ PolicyAuditLogInformation = 1,
+ PolicyAuditEventsInformation,
+ PolicyPrimaryDomainInformation,
+ PolicyPdAccountInformation,
+ PolicyAccountDomainInformation,
+ PolicyLsaServerRoleInformation,
+ PolicyReplicaSourceInformation,
+ PolicyDefaultQuotaInformation,
+ PolicyModificationInformation,
+ PolicyAuditFullSetInformation,
+ PolicyAuditFullQueryInformation
+
+} POLICY_INFORMATION_CLASS, *PPOLICY_INFORMATION_CLASS;
+
+
+//
+// The following data type corresponds to the PolicyAuditLogInformation
+// information class. It is used to represent information relating to
+// the Audit Log.
+//
+// This structure may be used in both query and set operations. However,
+// when used in set operations, some fields are ignored.
+//
+
+typedef struct _POLICY_AUDIT_LOG_INFO {
+
+ ULONG AuditLogPercentFull;
+ ULONG MaximumLogSize;
+ LARGE_INTEGER AuditRetentionPeriod;
+ BOOLEAN AuditLogFullShutdownInProgress;
+ LARGE_INTEGER TimeToShutdown;
+ ULONG NextAuditRecordId;
+
+} POLICY_AUDIT_LOG_INFO, *PPOLICY_AUDIT_LOG_INFO;
+
+// where the members have the following usage:
+//
+// AuditLogPercentFull - Indicates the percentage of the Audit Log
+// currently being used.
+//
+// MaximumLogSize - Specifies the maximum size of the Audit Log in
+// kilobytes.
+//
+// AuditRetentionPeriod - Indicates the length of time that Audit
+// Records are to be retained. Audit Records are discardable
+// if their timestamp predates the current time minus the
+// retention period.
+//
+// AuditLogFullShutdownInProgress - Indicates whether or not a system
+// shutdown is being initiated due to the security Audit Log becoming
+// full. This condition will only occur if the system is configured
+// to shutdown when the log becomes full.
+//
+// TRUE indicates that a shutdown is in progress
+// FALSE indicates that a shutdown is not in progress.
+//
+// Once a shutdown has been initiated, this flag will be set to
+// TRUE. If an administrator is able to currect the situation
+// before the shutdown becomes irreversible, then this flag will
+// be reset to false.
+//
+// This field is ignored for set operations.
+//
+// TimeToShutdown - If the AuditLogFullShutdownInProgress flag is set,
+// then this field contains the time left before the shutdown
+// becomes irreversible.
+//
+// This field is ignored for set operations.
+//
+
+
+//
+// The following data type corresponds to the PolicyAuditEventsInformation
+// information class. It is used to represent information relating to
+// the audit requirements.
+//
+
+typedef struct _POLICY_AUDIT_EVENTS_INFO {
+
+ BOOLEAN AuditingMode;
+ PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions;
+ ULONG MaximumAuditEventCount;
+
+} POLICY_AUDIT_EVENTS_INFO, *PPOLICY_AUDIT_EVENTS_INFO;
+
+// where the members have the following usage:
+//
+// AuditingMode - A Boolean variable specifying the Auditing Mode value.
+// This value is interpreted as follows:
+//
+// TRUE - Auditing is to be enabled (set operations) or is enabled
+// (query operations). Audit Records will be generated according
+// to the Event Auditing Options in effect (see the
+// EventAuditingOptions field.
+//
+// FALSE - Auditing is to be disabled (set operations) or is
+// disabled (query operations). No Audit Records will be
+// generated. Note that for set operations the Event Auditing
+// Options in effect will still be updated as specified by the
+// EventAuditingOptions field whether Auditing is enabled or
+// disabled.
+//
+// EventAuditingOptions - Pointer to an array of Auditing Options
+// indexed by Audit Event Type.
+//
+// MaximumAuditEventCount - Specifiesa count of the number of Audit
+// Event Types specified by the EventAuditingOptions parameter. If
+// this count is less than the number of Audit Event Types supported
+// by the system, the Auditing Options for Event Types with IDs
+// higher than (MaximumAuditEventCount + 1) are left unchanged.
+//
+
+
+//
+// The following structure corresponds to the PolicyAccountDomainInformation
+// information class.
+//
+
+typedef struct _POLICY_ACCOUNT_DOMAIN_INFO {
+
+ LSA_UNICODE_STRING DomainName;
+ PSID DomainSid;
+
+} POLICY_ACCOUNT_DOMAIN_INFO, *PPOLICY_ACCOUNT_DOMAIN_INFO;
+
+// where the members have the following usage:
+//
+// DomainName - Is the name of the domain
+//
+// DomainSid - Is the Sid of the domain
+//
+
+
+//
+// The following structure corresponds to the PolicyPrimaryDomainInformation
+// information class.
+//
+
+typedef struct _POLICY_PRIMARY_DOMAIN_INFO {
+
+ LSA_UNICODE_STRING Name;
+ PSID Sid;
+
+} POLICY_PRIMARY_DOMAIN_INFO, *PPOLICY_PRIMARY_DOMAIN_INFO;
+
+// where the members have the following usage:
+//
+// Name - Is the name of the domain
+//
+// Sid - Is the Sid of the domain
+//
+
+
+//
+// The following structure corresponds to the PolicyPdAccountInformation
+// information class. This structure may be used in Query operations
+// only.
+//
+
+typedef struct _POLICY_PD_ACCOUNT_INFO {
+
+ LSA_UNICODE_STRING Name;
+
+} POLICY_PD_ACCOUNT_INFO, *PPOLICY_PD_ACCOUNT_INFO;
+
+// where the members have the following usage:
+//
+// Name - Is the name of an account in the domain that should be used
+// for authentication and name/ID lookup requests.
+//
+
+
+//
+// The following structure corresponds to the PolicyLsaServerRoleInformation
+// information class.
+//
+
+typedef struct _POLICY_LSA_SERVER_ROLE_INFO {
+
+ POLICY_LSA_SERVER_ROLE LsaServerRole;
+
+} POLICY_LSA_SERVER_ROLE_INFO, *PPOLICY_LSA_SERVER_ROLE_INFO;
+
+// where the fields have the following usage:
+//
+// TBS
+//
+
+
+//
+// The following structure corresponds to the PolicyReplicaSourceInformation
+// information class.
+//
+
+typedef struct _POLICY_REPLICA_SOURCE_INFO {
+
+ LSA_UNICODE_STRING ReplicaSource;
+ LSA_UNICODE_STRING ReplicaAccountName;
+
+} POLICY_REPLICA_SOURCE_INFO, *PPOLICY_REPLICA_SOURCE_INFO;
+
+
+//
+// The following structure corresponds to the PolicyDefaultQuotaInformation
+// information class.
+//
+
+typedef struct _POLICY_DEFAULT_QUOTA_INFO {
+
+ QUOTA_LIMITS QuotaLimits;
+
+} POLICY_DEFAULT_QUOTA_INFO, *PPOLICY_DEFAULT_QUOTA_INFO;
+
+
+//
+// The following structure corresponds to the PolicyModificationInformation
+// information class.
+//
+
+typedef struct _POLICY_MODIFICATION_INFO {
+
+ LARGE_INTEGER ModifiedId;
+ LARGE_INTEGER DatabaseCreationTime;
+
+} POLICY_MODIFICATION_INFO, *PPOLICY_MODIFICATION_INFO;
+
+// where the members have the following usage:
+//
+// ModifiedId - Is a 64-bit unsigned integer that is incremented each
+// time anything in the LSA database is modified. This value is
+// only modified on Primary Domain Controllers.
+//
+// DatabaseCreationTime - Is the date/time that the LSA Database was
+// created. On Backup Domain Controllers, this value is replicated
+// from the Primary Domain Controller.
+//
+
+//
+// The following structure type corresponds to the PolicyAuditFullSetInformation
+// Information Class.
+//
+
+typedef struct _POLICY_AUDIT_FULL_SET_INFO {
+
+ BOOLEAN ShutDownOnFull;
+
+} POLICY_AUDIT_FULL_SET_INFO, *PPOLICY_AUDIT_FULL_SET_INFO;
+
+//
+// The following structure type corresponds to the PolicyAuditFullQueryInformation
+// Information Class.
+//
+
+typedef struct _POLICY_AUDIT_FULL_QUERY_INFO {
+
+ BOOLEAN ShutDownOnFull;
+ BOOLEAN LogIsFull;
+
+} POLICY_AUDIT_FULL_QUERY_INFO, *PPOLICY_AUDIT_FULL_QUERY_INFO;
+
+
+//
+// LSA RPC Context Handle (Opaque form). Note that a Context Handle is
+// always a pointer type unlike regular handles.
+//
+
+typedef PVOID LSA_HANDLE, *PLSA_HANDLE;
+
+
+//
+// Trusted Domain Object specific data types
+//
+
+//
+// This data type defines the following information classes that may be
+// queried or set.
+//
+
+typedef enum _TRUSTED_INFORMATION_CLASS {
+
+ TrustedDomainNameInformation = 1,
+ TrustedControllersInformation,
+ TrustedPosixOffsetInformation,
+ TrustedPasswordInformation
+
+} TRUSTED_INFORMATION_CLASS, *PTRUSTED_INFORMATION_CLASS;
+
+//
+// The following data type corresponds to the TrustedDomainNameInformation
+// information class.
+//
+
+typedef struct _TRUSTED_DOMAIN_NAME_INFO {
+
+ LSA_UNICODE_STRING Name;
+
+} TRUSTED_DOMAIN_NAME_INFO, *PTRUSTED_DOMAIN_NAME_INFO;
+
+// where members have the following meaning:
+//
+// Name - The name of the Trusted Domain.
+//
+
+//
+// The following data type corresponds to the TrustedControllersInformation
+// information class.
+//
+
+typedef struct _TRUSTED_CONTROLLERS_INFO {
+
+ ULONG Entries;
+ PLSA_UNICODE_STRING Names;
+
+} TRUSTED_CONTROLLERS_INFO, *PTRUSTED_CONTROLLERS_INFO;
+
+// where members have the following meaning:
+//
+// Entries - Indicate how mamy entries there are in the Names array.
+//
+// Names - Pointer to an array of LSA_UNICODE_STRING structures containing the
+// names of domain controllers of the domain. This information may not
+// be accurate and should be used only as a hint. The order of this
+// list is considered significant and will be maintained.
+//
+// By convention, the first name in this list is assumed to be the
+// Primary Domain Controller of the domain. If the Primary Domain
+// Controller is not known, the first name should be set to the NULL
+// string.
+//
+
+
+//
+// The following data type corresponds to the TrustedPosixOffsetInformation
+// information class.
+//
+
+typedef struct _TRUSTED_POSIX_OFFSET_INFO {
+
+ ULONG Offset;
+
+} TRUSTED_POSIX_OFFSET_INFO, *PTRUSTED_POSIX_OFFSET_INFO;
+
+// where members have the following meaning:
+//
+// Offset - Is an offset to use for the generation of Posix user and group
+// IDs from SIDs. The Posix ID corresponding to any particular SID is
+// generated by adding the RID of that SID to the Offset of the SID's
+// corresponding TrustedDomain object.
+//
+
+//
+// The following data type corresponds to the TrustedPasswordInformation
+// information class.
+//
+
+typedef struct _TRUSTED_PASSWORD_INFO {
+ LSA_UNICODE_STRING Password;
+ LSA_UNICODE_STRING OldPassword;
+} TRUSTED_PASSWORD_INFO, *PTRUSTED_PASSWORD_INFO;
+
+
+
+
+//
+// LSA Enumeration Context
+//
+
+typedef ULONG LSA_ENUMERATION_HANDLE, *PLSA_ENUMERATION_HANDLE;
+
+//
+// LSA Enumeration Information
+//
+
+typedef struct _LSA_ENUMERATION_INFORMATION {
+
+ PSID Sid;
+
+} LSA_ENUMERATION_INFORMATION, *PLSA_ENUMERATION_INFORMATION;
+
+
+////////////////////////////////////////////////////////////////////////////
+// //
+// Local Security Policy - Miscellaneous API function prototypes //
+// //
+////////////////////////////////////////////////////////////////////////////
+
+
+NTSTATUS
+NTAPI
+LsaFreeMemory(
+ IN PVOID Buffer
+ );
+
+NTSTATUS
+NTAPI
+LsaClose(
+ IN LSA_HANDLE ObjectHandle
+ );
+
+NTSTATUS
+NTAPI
+LsaOpenPolicy(
+ IN PLSA_UNICODE_STRING SystemName OPTIONAL,
+ IN PLSA_OBJECT_ATTRIBUTES ObjectAttributes,
+ IN ACCESS_MASK DesiredAccess,
+ IN OUT PLSA_HANDLE PolicyHandle
+ );
+
+NTSTATUS
+NTAPI
+LsaQueryInformationPolicy(
+ IN LSA_HANDLE PolicyHandle,
+ IN POLICY_INFORMATION_CLASS InformationClass,
+ OUT PVOID *Buffer
+ );
+
+NTSTATUS
+NTAPI
+LsaSetInformationPolicy(
+ IN LSA_HANDLE PolicyHandle,
+ IN POLICY_INFORMATION_CLASS InformationClass,
+ IN PVOID Buffer
+ );
+
+
+NTSTATUS
+NTAPI
+LsaEnumerateTrustedDomains(
+ IN LSA_HANDLE PolicyHandle,
+ IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
+ OUT PVOID *Buffer,
+ IN ULONG PreferedMaximumLength,
+ OUT PULONG CountReturned
+ );
+
+
+NTSTATUS
+NTAPI
+LsaLookupNames(
+ IN LSA_HANDLE PolicyHandle,
+ IN ULONG Count,
+ IN PLSA_UNICODE_STRING Names,
+ OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,
+ OUT PLSA_TRANSLATED_SID *Sids
+ );
+
+NTSTATUS
+NTAPI
+LsaLookupSids(
+ IN LSA_HANDLE PolicyHandle,
+ IN ULONG Count,
+ IN PSID *Sids,
+ OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,
+ OUT PLSA_TRANSLATED_NAME *Names
+ );
+
+
+
+#define SE_INTERACTIVE_LOGON_NAME TEXT("SeInteractiveLogonRight")
+#define SE_NETWORK_LOGON_NAME TEXT("SeNetworkLogonRight")
+#define SE_BATCH_LOGON_NAME TEXT("SeBatchLogonRight")
+#define SE_SERVICE_LOGON_NAME TEXT("SeServiceLogonRight")
+
+//
+// This new API returns all the accounts with a certain privilege
+//
+
+NTSTATUS
+NTAPI
+LsaEnumerateAccountsWithUserRight(
+ IN LSA_HANDLE PolicyHandle,
+ IN OPTIONAL PLSA_UNICODE_STRING UserRights,
+ OUT PVOID *EnumerationBuffer,
+ OUT PULONG CountReturned
+ );
+
+//
+// These new APIs differ by taking a SID instead of requiring the caller
+// to open the account first and passing in an account handle
+//
+
+NTSTATUS
+NTAPI
+LsaEnumerateAccountRights(
+ IN LSA_HANDLE PolicyHandle,
+ IN PSID AccountSid,
+ OUT PLSA_UNICODE_STRING *UserRights,
+ OUT PULONG CountOfRights
+ );
+
+NTSTATUS
+NTAPI
+LsaAddAccountRights(
+ IN LSA_HANDLE PolicyHandle,
+ IN PSID AccountSid,
+ IN PLSA_UNICODE_STRING UserRights,
+ IN ULONG CountOfRights
+ );
+
+NTSTATUS
+NTAPI
+LsaRemoveAccountRights(
+ IN LSA_HANDLE PolicyHandle,
+ IN PSID AccountSid,
+ IN BOOLEAN AllRights,
+ IN PLSA_UNICODE_STRING UserRights,
+ IN ULONG CountOfRights
+ );
+
+
+///////////////////////////////////////////////////////////////////////////////
+// //
+// Local Security Policy - Trusted Domain Object API function prototypes //
+// //
+///////////////////////////////////////////////////////////////////////////////
+
+NTSTATUS
+NTAPI
+LsaQueryTrustedDomainInfo(
+ IN LSA_HANDLE PolicyHandle,
+ IN PSID TrustedDomainSid,
+ IN TRUSTED_INFORMATION_CLASS InformationClass,
+ OUT PVOID *Buffer
+ );
+
+NTSTATUS
+NTAPI
+LsaSetTrustedDomainInformation(
+ IN LSA_HANDLE PolicyHandle,
+ IN PSID TrustedDomainSid,
+ IN TRUSTED_INFORMATION_CLASS InformationClass,
+ IN PVOID Buffer
+ );
+
+NTSTATUS
+NTAPI
+LsaDeleteTrustedDomain(
+ IN LSA_HANDLE PolicyHandle,
+ IN PSID TrustedDomainSid
+ );
+
+//
+// This API sets the workstation password (equivalent of setting/getting
+// the SSI_SECRET_NAME secret)
+//
+
+NTSTATUS
+NTAPI
+LsaStorePrivateData(
+ IN LSA_HANDLE PolicyHandle,
+ IN PLSA_UNICODE_STRING KeyName,
+ IN PLSA_UNICODE_STRING PrivateData
+ );
+
+NTSTATUS
+NTAPI
+LsaRetrievePrivateData(
+ IN LSA_HANDLE PolicyHandle,
+ IN PLSA_UNICODE_STRING KeyName,
+ OUT PLSA_UNICODE_STRING * PrivateData
+ );
+
+
+ULONG
+NTAPI
+LsaNtStatusToWinError(
+ NTSTATUS Status
+ );
+
+//
+// Define a symbol so we can tell if ntifs.h has been included.
+//
+
+// begin_ntifs
+#ifndef _NTLSA_IFS_
+#define _NTLSA_IFS_
+#endif
+// end_ntifs
+
+#ifndef _NTDEF_
+typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING;
+#endif
+
+typedef NTSTATUS (*PSAM_PASSWORD_NOTIFICATION_ROUTINE) (
+ PUNICODE_STRING UserName,
+ ULONG RelativeId,
+ PUNICODE_STRING NewPassword
+);
+
+#define SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE "PasswordChangeNotify"
+
+typedef BOOLEAN (*PSAM_INIT_NOTIFICATION_ROUTINE) (
+);
+
+#define SAM_INIT_NOTIFICATION_ROUTINE "InitializeChangeNotify"
+
+
+#define SAM_PASSWORD_FILTER_ROUTINE "PasswordFilter"
+
+typedef BOOLEAN (*PSAM_PASSWORD_FILTER_ROUTINE) (
+ IN PUNICODE_STRING AccountName,
+ IN PUNICODE_STRING FullName,
+ IN PUNICODE_STRING Password,
+ IN BOOLEAN SetOperation
+ );
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _NTSECAPI_ */
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-13 02:43:08 +0100