/*++ Copyright (c) 1991 Microsoft Corporation Module Name: lsarpc.idl Abstract: Local Security Authority RPC Interface Definition File This file contains the RPC Interface Definition Language file for the LSA. This file includes all of the prototypes for the LSA functions that are callable via RPC. These functions are internal versions of API and are NOT visible to clients of the LSA. An LSA client calls the LSA API defined in file ntlsa.h. These API are wrappers which call client RPC stubs generated from this idl file by the RPC compiler. Author: Scott Birrell (ScottBi) April 23, 1991 Environment: User Mode Revision History: --*/ [ uuid(12345778-1234-ABCD-EF00-0123456789AB), version(0.0), #ifdef __midl ms_union, #endif // __midl pointer_default(unique) ] interface lsarpc { // // Import a dummy interface containing #includes for public .h files. This // trick is necessary so that midl will only generate marshalling routines // for subtypes that are relevant to the parameters specified on the RPC // interface. midl also ingores function prototypes contained therein. // import "lsaimp.idl" ; // // BUGBUG ScottBi - The parens have to be omitted from the operand // because midl grammar does not support them. // #define LSAPR_DB_AUDIT_EVENT_COUNT SeMaxAuditType + 1 // // LSA Generic Handle used to bind from client to server. // This handle is used for both LOCAL and REMOTE services. // typedef [handle] LPWSTR PLSAPR_SERVER_NAME, *PPLSAPR_SERVER_NAME; // // LSA RPC Context Handle (Internal definition of LSAPR_HANDLE) // typedef [context_handle] PVOID LSAPR_HANDLE; typedef LSAPR_HANDLE *PLSAPR_HANDLE; // // RPC definition of the SID structure. Note the use of the [size_is()] // qualifier to specify the number of elements in the variable size // imbedded SubAuthorityCount array at runtime. // // #pragma warning(disable:4200) typedef struct _LSAPR_SID { UCHAR Revision; UCHAR SubAuthorityCount; SID_IDENTIFIER_AUTHORITY IdentifierAuthority; [size_is(SubAuthorityCount)] ULONG SubAuthority[*]; } LSAPR_SID, *PLSAPR_SID, **PPLSAPR_SID; #pragma warning(default:4200) // // The following structure is used to identify an Account Object. // typedef struct _LSAPR_SID_INFORMATION { PLSAPR_SID Sid; } LSAPR_SID_INFORMATION, *PLSAPR_SID_INFORMATION; // // The following structure is used to hold an array of Sids. // typedef struct _LSAPR_SID_ENUM_BUFFER { ULONG Entries; [size_is(Entries)] PLSAPR_SID_INFORMATION SidInfo; } LSAPR_SID_ENUM_BUFFER, *PLSAPR_SID_ENUM_BUFFER; // // The following structure is used to identify an Account Object. // typedef struct _LSAPR_ACCOUNT_INFORMATION { PLSAPR_SID Sid; } LSAPR_ACCOUNT_INFORMATION, *PLSAPR_ACCOUNT_INFORMATION; // // // Account Object Enumeration Buffer // typedef struct _LSAPR_ACCOUNT_ENUM_BUFFER { ULONG EntriesRead; [size_is(EntriesRead)] PLSAPR_ACCOUNT_INFORMATION Information; } LSAPR_ACCOUNT_ENUM_BUFFER, *PLSAPR_ACCOUNT_ENUM_BUFFER; // // BUGBUG ScottBi - Someday these should be an imported interface. // // Unicode strings are counted 16-bit character strings. // The Length field and MaximumLength fields specify number of bytes, // (not wide-characters) in the string. So, this definition differs // a bit from the real unicode string type. // typedef struct _LSAPR_UNICODE_STRING { USHORT Length; USHORT MaximumLength; // BUGBUG - ScottBi - MIDL will raise an exception if Length is 0. // Wrappers passing UNICODE STRINGS must pass NULL if string is length // zero [size_is(MaximumLength/2), length_is(Length/2)] PWSTR Buffer; } LSAPR_UNICODE_STRING, *PLSAPR_UNICODE_STRING; // // ANSI counted string // typedef struct _LSAPR_STRING { USHORT Length; USHORT MaximumLength; // [size_is(MaximumLength), length_is(Length)] PCHAR Buffer; [size_is(MaximumLength)] PCHAR Buffer; } LSAPR_STRING, *PLSAPR_STRING, LSAPR_ANSI_STRING, *PLSAPR_ANSI_STRING; // // RPC definition of an ACL. This must be manually maintained to be the same // as the real ACL definition in ntseapi.h // #pragma warning(disable:4200) typedef struct _LSAPR_ACL { UCHAR AclRevision; UCHAR Sbz1; USHORT AclSize; [size_is(AclSize - 4)] UCHAR Dummy1[*]; } LSAPR_ACL, *PLSAPR_ACL; #pragma warning(default:4200) // // RPC'able security descriptor definition. // typedef struct _LSAPR_SECURITY_DESCRIPTOR { UCHAR Revision; UCHAR Sbz1; SECURITY_DESCRIPTOR_CONTROL Control; PLSAPR_SID Owner; PLSAPR_SID Group; PLSAPR_ACL Sacl; PLSAPR_ACL Dacl; } LSAPR_SECURITY_DESCRIPTOR, *PLSAPR_SECURITY_DESCRIPTOR; // // RPC'able Self-Relative Security Descriptor Definition. // typedef struct _LSAPR_SR_SECURITY_DESCRIPTOR { ULONG Length; [size_is(Length)] PUCHAR SecurityDescriptor; } LSAPR_SR_SECURITY_DESCRIPTOR, *PLSAPR_SR_SECURITY_DESCRIPTOR; typedef struct _LSAPR_LUID_AND_ATTRIBUTES { OLD_LARGE_INTEGER Luid; ULONG Attributes; } LSAPR_LUID_AND_ATTRIBUTES, * PLSAPR_LUID_AND_ATTRIBUTES; // // Privilege Set - This is defined for a privilege set of one. // If more than one privilege is needed, then this structure // will need to be allocated with more space. // // Note: don't change this structure without fixing the INITIAL_PRIVILEGE_SET // structure (defined in se.h) // #pragma warning(disable:4200) typedef struct _LSAPR_PRIVILEGE_SET { ULONG PrivilegeCount; ULONG Control; [size_is(PrivilegeCount)] LSAPR_LUID_AND_ATTRIBUTES Privilege[*]; } LSAPR_PRIVILEGE_SET, *PLSAPR_PRIVILEGE_SET, **PPLSAPR_PRIVILEGE_SET; #pragma warning(default:4200) // // The following data type is used to return information about privileges // defined on a system. // typedef struct _LSAPR_POLICY_PRIVILEGE_DEF { LSAPR_UNICODE_STRING Name; LUID LocalValue; } LSAPR_POLICY_PRIVILEGE_DEF, *PLSAPR_POLICY_PRIVILEGE_DEF; // where the members have the following usage: // // Name - Is the architected name of the privilege. This is the // primary key of the privilege and the only value that is // transportable between systems. // // Luid - is a LUID value assigned locally for efficient representation // of the privilege. Ths value is meaningful only on the system it // was assigned on and is not transportable in any way. // // // The following structure is used to hold an array of returned Privileges. // typedef struct _LSAPR_PRIVILEGE_ENUM_BUFFER { ULONG Entries; [size_is(Entries)] PLSAPR_POLICY_PRIVILEGE_DEF Privileges; } LSAPR_PRIVILEGE_ENUM_BUFFER, *PLSAPR_PRIVILEGE_ENUM_BUFFER; // // RPC'able Object Attributes structure for LSA use. Note that the // OBJECT_ATTRIBUTES structure is LSA-specific in that the RootDirectory // field is a handle of the specific type LSAPR_HANDLE. // // WARNING! This MUST be kept in sync with the corresponding structure in // ntdef.h! Structure should be moved to an imported interface when // possible. // typedef struct _LSAPR_OBJECT_ATTRIBUTES { ULONG Length; PUCHAR RootDirectory; // This field is not used PSTRING ObjectName; ULONG Attributes; PLSAPR_SECURITY_DESCRIPTOR SecurityDescriptor; PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService; } LSAPR_OBJECT_ATTRIBUTES, *PLSAPR_OBJECT_ATTRIBUTES; // // Clear value structure // typedef struct _LSAPR_CR_CLEAR_VALUE { ULONG Length; ULONG MaximumLength; [size_is(MaximumLength), length_is(Length)] PUCHAR Buffer; } LSAPR_CR_CLEAR_VALUE, *PLSAPR_CR_CLEAR_VALUE; // // Two-way encrypted value structure in Self-relative form. This // is just like a String. // typedef struct _LSAPR_CR_CIPHER_VALUE { ULONG Length; ULONG MaximumLength; [size_is(MaximumLength), length_is(Length)] PUCHAR Buffer; } LSAPR_CR_CIPHER_VALUE, *PLSAPR_CR_CIPHER_VALUE; // // LSA API Internal Function prototypes for RPC interface. Each function // takes similar (but not always identical) parameters to its corresponding // exported API. Client and server stubs are generated for the functions // specified here. The client stubs are called by the wrapper functions // in file rpcapi.c in the lsa\client directory. // // // The following data type is used to identify a domain // typedef struct _LSAPR_TRUST_INFORMATION { LSAPR_UNICODE_STRING Name; PLSAPR_SID Sid; } LSAPR_TRUST_INFORMATION, *PLSAPR_TRUST_INFORMATION; // where members have the following usage: // // Name - The name of the domain. // // Sid - A pointer to the Sid of the Domain // // // // Trusted Domain Object Enumeration Buffer // typedef struct _LSAPR_TRUSTED_ENUM_BUFFER { ULONG EntriesRead; [size_is(EntriesRead)] PLSAPR_TRUST_INFORMATION Information; } LSAPR_TRUSTED_ENUM_BUFFER, *PLSAPR_TRUSTED_ENUM_BUFFER; // // The following data type is used in name and SID lookup services to // describe the domains referenced in the lookup operation. // typedef struct _LSAPR_REFERENCED_DOMAIN_LIST { ULONG Entries; [size_is(Entries)] PLSAPR_TRUST_INFORMATION Domains; ULONG MaxEntries; } LSAPR_REFERENCED_DOMAIN_LIST, *PLSAPR_REFERENCED_DOMAIN_LIST; // where members have the following usage: // // Entries - Is a count of the number of domains described in the // Domains array. // // Domains - Is a pointer to an array of Entries LSA_TRUST_INFORMATION data // structures. // // // The following data type is used in Sid to name lookup services to // reference the list of domains referenced in the lookup operation // // BUGBUG - ScottBi - When midl supports the size_is operand in its // full form with more than one operand, this intermediate structure // can be eliminated. // typedef struct _LSAPR_TRANSLATED_SIDS { ULONG Entries; [size_is(Entries)] PLSA_TRANSLATED_SID Sids; } LSAPR_TRANSLATED_SIDS, *PLSAPR_TRANSLATED_SIDS; // // The following data type is used in SID to name lookup services to // describe the domains referenced in the lookup operation. // typedef struct _LSAPR_TRANSLATED_NAME { SID_NAME_USE Use; LSAPR_UNICODE_STRING Name; LONG DomainIndex; } LSAPR_TRANSLATED_NAME, *PLSAPR_TRANSLATED_NAME; // where the members have the following usage: // // Use - Identifies the use of the name. If this value is SidUnknown // or SidInvalid, then the remainder of the record is not set and // should be ignored. If this value is SidWellKnownGroup then the // Name field is invalid, but the DomainIndex field is not. // // Name - Contains the isolated name of the translated SID. // // DomainIndex - Is the index of an entry in a related // LSA_REFERENCED_DOMAIN_LIST data structure describing the domain // in which the account was found. // // If there is no corresponding reference domain for an entry, then // this field will contain a negative value. // // // The following data type is used in Sid to name lookup services to // reference the list of domains referenced in the lookup operation // // BUGBUG - ScottBi - When midl supports the size_is operand in its // full form with more than one operand, this intermediate structure // can be eliminated. // typedef struct _LSAPR_TRANSLATED_NAMES { ULONG Entries; [size_is(Entries)] PLSAPR_TRANSLATED_NAME Names; } LSAPR_TRANSLATED_NAMES, *PLSAPR_TRANSLATED_NAMES; // // The following structure corresponds to the PolicyAccountDomainInformation // information class. // typedef struct _LSAPR_POLICY_ACCOUNT_DOM_INFO { LSAPR_UNICODE_STRING DomainName; PLSAPR_SID DomainSid; } LSAPR_POLICY_ACCOUNT_DOM_INFO, *PLSAPR_POLICY_ACCOUNT_DOM_INFO; // where the members have the following usage: // // DomainName - Is the name of the domain // // DomainSid - Is the Sid of the domain // // // The following structure corresponds to the PolicyPrimaryDomainInformation // information class. // typedef struct _LSAPR_POLICY_PRIMARY_DOM_INFO { LSAPR_UNICODE_STRING Name; PLSAPR_SID Sid; } LSAPR_POLICY_PRIMARY_DOM_INFO, *PLSAPR_POLICY_PRIMARY_DOM_INFO; // where the members have the following usage: // // Name - Is the name of the domain // // Sid - Is the Sid of the domain // // // The following structure corresponds to the PolicyPdAccountInformation // information class. This structure may be used in Query operations // only. // typedef struct _LSAPR_POLICY_PD_ACCOUNT_INFO { LSAPR_UNICODE_STRING Name; } LSAPR_POLICY_PD_ACCOUNT_INFO, *PLSAPR_POLICY_PD_ACCOUNT_INFO; // where the members have the following usage: // // Name - Is the name of an account in the domain that should be used // for authentication and name/ID lookup requests. // // // The following structure corresponds to the PolicyReplicaSourceInformation // information class. // typedef struct _LSAPR_POLICY_REPLICA_SRCE_INFO { LSAPR_UNICODE_STRING ReplicaSource; LSAPR_UNICODE_STRING ReplicaAccountName; } LSAPR_POLICY_REPLICA_SRCE_INFO, *PLSAPR_POLICY_REPLICA_SRCE_INFO; typedef struct _LSAPR_POLICY_AUDIT_EVENTS_INFO { BOOLEAN AuditingMode; [size_is(MaximumAuditEventCount)] PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions; ULONG MaximumAuditEventCount; } LSAPR_POLICY_AUDIT_EVENTS_INFO, *PLSAPR_POLICY_AUDIT_EVENTS_INFO; // // The following data type is used to hold Policy Information // of a given class. // typedef [switch_type(POLICY_INFORMATION_CLASS)] union _LSAPR_POLICY_INFORMATION { [case(PolicyAuditLogInformation)] POLICY_AUDIT_LOG_INFO PolicyAuditLogInfo; [case(PolicyAuditEventsInformation)] LSAPR_POLICY_AUDIT_EVENTS_INFO PolicyAuditEventsInfo; [case(PolicyPrimaryDomainInformation)] LSAPR_POLICY_PRIMARY_DOM_INFO PolicyPrimaryDomainInfo; [case(PolicyAccountDomainInformation)] LSAPR_POLICY_ACCOUNT_DOM_INFO PolicyAccountDomainInfo; [case(PolicyPdAccountInformation)] LSAPR_POLICY_PD_ACCOUNT_INFO PolicyPdAccountInfo; [case(PolicyLsaServerRoleInformation)] POLICY_LSA_SERVER_ROLE_INFO PolicyServerRoleInfo; [case(PolicyReplicaSourceInformation)] LSAPR_POLICY_REPLICA_SRCE_INFO PolicyReplicaSourceInfo; [case(PolicyDefaultQuotaInformation)] POLICY_DEFAULT_QUOTA_INFO PolicyDefaultQuotaInfo; [case(PolicyModificationInformation)] POLICY_MODIFICATION_INFO PolicyModificationInfo; [case(PolicyAuditFullSetInformation)] POLICY_AUDIT_FULL_SET_INFO PolicyAuditFullSetInfo; [case(PolicyAuditFullQueryInformation)] POLICY_AUDIT_FULL_QUERY_INFO PolicyAuditFullQueryInfo; } LSAPR_POLICY_INFORMATION; typedef LSAPR_POLICY_INFORMATION *PLSAPR_POLICY_INFORMATION; // // Account object type-specific Access Types // #define LSA_ACCOUNT_VIEW 0x00000001L #define LSA_ACCOUNT_ADJUST_PRIVILEGES 0x00000002L #define LSA_ACCOUNT_ADJUST_QUOTAS 0x00000004L #define LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS 0x00000008L #define LSA_ACCOUNT_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | \ LSA_ACCOUNT_VIEW | \ LSA_ACCOUNT_ADJUST_PRIVILEGES | \ LSA_ACCOUNT_ADJUST_QUOTAS | \ LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS ) // // The following data type corresponds to the TrustedDomainNameInformation // information class. // typedef struct _LSAPR_TRUSTED_DOMAIN_NAME_INFO { LSAPR_UNICODE_STRING Name; } LSAPR_TRUSTED_DOMAIN_NAME_INFO, *PLSAPR_TRUSTED_DOMAIN_NAME_INFO; // // The following data type corresponds to the TrustedControllersInformation // information class. // typedef struct _LSAPR_TRUSTED_CONTROLLERS_INFO { ULONG Entries; [size_is(Entries)] PLSAPR_UNICODE_STRING Names; } LSAPR_TRUSTED_CONTROLLERS_INFO, *PLSAPR_TRUSTED_CONTROLLERS_INFO; // where members have the following meaning: // // Entries - Indicate how mamy entries there are in the Names array. // // Names - Pointer to an array of UNICODE_STRING structures containing the // names of domain controllers of the domain. This information may not // be accurate and should be used only as a hint. The order of this // list is considered significant and will be maintained. // // By convention, the first name in this list is assumed to be the // Primary Domain Controller of the domain. If the Primary Domain // Controller is not known, the first name should be set to the NULL // string. // // // The following data type corresponds to the TrustedPasswordInformation // information class. // typedef struct _LSAPR_TRUSTED_PASSWORD_INFO { PLSAPR_CR_CIPHER_VALUE Password; PLSAPR_CR_CIPHER_VALUE OldPassword; } LSAPR_TRUSTED_PASSWORD_INFO, *PLSAPR_TRUSTED_PASSWORD_INFO; // where members have the following meaning: // // Password - Contains new password for the trusted domain // // OldPassword - Optionally contains the old password for the trusted // domain. // // // The following data type is used to hold Trusted Domain Information // of a given class. // typedef [switch_type(TRUSTED_INFORMATION_CLASS)] union _LSAPR_TRUSTED_DOMAIN_INFO { [case(TrustedDomainNameInformation)] LSAPR_TRUSTED_DOMAIN_NAME_INFO TrustedDomainNameInfo; [case(TrustedControllersInformation)] LSAPR_TRUSTED_CONTROLLERS_INFO TrustedControllersInfo; [case(TrustedPosixOffsetInformation)] TRUSTED_POSIX_OFFSET_INFO TrustedPosixOffsetInfo; [case(TrustedPasswordInformation)] LSAPR_TRUSTED_PASSWORD_INFO TrustedPasswordInfo; } LSAPR_TRUSTED_DOMAIN_INFO; typedef LSAPR_TRUSTED_DOMAIN_INFO *PLSAPR_TRUSTED_DOMAIN_INFO; // // New types for NT3.51 - PPC release // typedef PLSAPR_UNICODE_STRING PLSAPR_UNICODE_STRING_ARRAY; typedef struct _LSAPR_USER_RIGHT_SET { ULONG Entries; [size_is(Entries)] PLSAPR_UNICODE_STRING_ARRAY UserRights; } LSAPR_USER_RIGHT_SET, *PLSAPR_USER_RIGHT_SET; //////////////////////////////////////////////////////////////////////////// // // // Local Security Policy - Miscellaneous API function prototypes // // // //////////////////////////////////////////////////////////////////////////// NTSTATUS LsarClose( [in,out] LSAPR_HANDLE *ObjectHandle ); // // This routine is being superseded by LsarDeleteObject. The reason is // that a pointer to a handle rather than a handle is essential so that // RPC on the server side can clean up. Because of the need for RPC // interface comaptibility, the new routine has been added at the end // of the interface, // NTSTATUS LsarDelete( [in] LSAPR_HANDLE ObjectHandle ); NTSTATUS LsarEnumeratePrivileges( [in] LSAPR_HANDLE PolicyHandle, [in, out] PLSA_ENUMERATION_HANDLE EnumerationContext, [out] PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer, [in] ULONG PreferedMaximumLength ); NTSTATUS LsarQuerySecurityObject( [in] LSAPR_HANDLE ObjectHandle, [in] SECURITY_INFORMATION SecurityInformation, [out] PLSAPR_SR_SECURITY_DESCRIPTOR *SecurityDescriptor ); NTSTATUS LsarSetSecurityObject( [in] LSAPR_HANDLE ObjectHandle, [in] SECURITY_INFORMATION SecurityInformation, [in] PLSAPR_SR_SECURITY_DESCRIPTOR SecurityDescriptor ); NTSTATUS LsarChangePassword( [in] PLSAPR_UNICODE_STRING ServerName, [in] PLSAPR_UNICODE_STRING DomainName, [in] PLSAPR_UNICODE_STRING AccountName, [in] PLSAPR_UNICODE_STRING OldPassword, [in] PLSAPR_UNICODE_STRING NewPassword ); /////////////////////////////////////////////////////////////////////////////// // // // Local Security Policy - Policy Object API function prototypes // // // /////////////////////////////////////////////////////////////////////////////// NTSTATUS LsarOpenPolicy( [in,unique] PLSAPR_SERVER_NAME SystemName, [in] PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes, [in] ACCESS_MASK DesiredAccess, [out] LSAPR_HANDLE *PolicyHandle ); NTSTATUS LsarQueryInformationPolicy( [in] LSAPR_HANDLE PolicyHandle, [in] POLICY_INFORMATION_CLASS InformationClass, [out, switch_is(InformationClass)] PLSAPR_POLICY_INFORMATION *PolicyInformation ); NTSTATUS LsarSetInformationPolicy( [in] LSAPR_HANDLE PolicyHandle, [in] POLICY_INFORMATION_CLASS InformationClass, [in, switch_is(InformationClass)] PLSAPR_POLICY_INFORMATION PolicyInformation ); NTSTATUS LsarClearAuditLog( [in] LSAPR_HANDLE PolicyHandle ); NTSTATUS LsarCreateAccount( [in] LSAPR_HANDLE PolicyHandle, [in] PLSAPR_SID AccountSid, [in] ACCESS_MASK DesiredAccess, [out] LSAPR_HANDLE *AccountHandle ); NTSTATUS LsarEnumerateAccounts( [in] LSAPR_HANDLE PolicyHandle, [in] [out] PLSA_ENUMERATION_HANDLE EnumerationContext, [out] PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer, [in] ULONG PreferedMaximumLength ); NTSTATUS LsarCreateTrustedDomain( [in] LSAPR_HANDLE PolicyHandle, [in] PLSAPR_TRUST_INFORMATION TrustedDomainInformation, [in] ACCESS_MASK DesiredAccess, [out] LSAPR_HANDLE *TrustedDomainHandle ); NTSTATUS LsarEnumerateTrustedDomains( [in] LSAPR_HANDLE PolicyHandle, [in] [out] PLSA_ENUMERATION_HANDLE EnumerationContext, [out] PLSAPR_TRUSTED_ENUM_BUFFER EnumerationBuffer, [in] ULONG PreferedMaximumLength ); NTSTATUS LsarLookupNames( [in] LSAPR_HANDLE PolicyHandle, [in] ULONG Count, [in, size_is(Count)] PLSAPR_UNICODE_STRING Names, [out] PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains, [in, out] PLSAPR_TRANSLATED_SIDS TranslatedSids, [in] LSAP_LOOKUP_LEVEL LookupLevel, [in, out] PULONG MappedCount ); NTSTATUS LsarLookupSids( [in] LSAPR_HANDLE PolicyHandle, [in] PLSAPR_SID_ENUM_BUFFER SidEnumBuffer, [out] PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains, [in, out] PLSAPR_TRANSLATED_NAMES TranslatedNames, [in] LSAP_LOOKUP_LEVEL LookupLevel, [in, out] PULONG MappedCount ); NTSTATUS LsarCreateSecret( [in] LSAPR_HANDLE PolicyHandle, [in] PLSAPR_UNICODE_STRING SecretName, [in] ACCESS_MASK DesiredAccess, [out] LSAPR_HANDLE *SecretHandle ); /////////////////////////////////////////////////////////////////////////////// // // // Local Security Policy - Account Object API function prototypes // // // /////////////////////////////////////////////////////////////////////////////// NTSTATUS LsarOpenAccount( [in] LSAPR_HANDLE PolicyHandle, [in] PLSAPR_SID AccountSid, [in] ACCESS_MASK DesiredAccess, [out] LSAPR_HANDLE *AccountHandle ); NTSTATUS LsarEnumeratePrivilegesAccount( [in] LSAPR_HANDLE AccountHandle, [out] PLSAPR_PRIVILEGE_SET *Privileges ); NTSTATUS LsarAddPrivilegesToAccount( [in] LSAPR_HANDLE AccountHandle, [in] PLSAPR_PRIVILEGE_SET Privileges ); NTSTATUS LsarRemovePrivilegesFromAccount( [in] LSAPR_HANDLE AccountHandle, [in] BOOLEAN AllPrivileges, [in, unique] PLSAPR_PRIVILEGE_SET Privileges ); NTSTATUS LsarGetQuotasForAccount( [in] LSAPR_HANDLE AccountHandle, [out] PQUOTA_LIMITS QuotaLimits ); NTSTATUS LsarSetQuotasForAccount( [in] LSAPR_HANDLE AccountHandle, [in] PQUOTA_LIMITS QuotaLimits ); NTSTATUS LsarGetSystemAccessAccount( [in] LSAPR_HANDLE AccountHandle, [out] PULONG SystemAccess ); NTSTATUS LsarSetSystemAccessAccount( [in] LSAPR_HANDLE AccountHandle, [in] ULONG SystemAccess ); /////////////////////////////////////////////////////////////////////////////// // // // Local Security Policy - Trusted Domain Object API function prototypes // // // /////////////////////////////////////////////////////////////////////////////// NTSTATUS LsarOpenTrustedDomain( [in] LSAPR_HANDLE PolicyHandle, [in] PLSAPR_SID TrustedDomainSid, [in] ACCESS_MASK DesiredAccess, [out] LSAPR_HANDLE *TrustedDomainHandle ); NTSTATUS LsarQueryInfoTrustedDomain( [in] LSAPR_HANDLE TrustedDomainHandle, [in] TRUSTED_INFORMATION_CLASS InformationClass, [out, switch_is(InformationClass)] PLSAPR_TRUSTED_DOMAIN_INFO *TrustedDomainInformation ); NTSTATUS LsarSetInformationTrustedDomain( [in] LSAPR_HANDLE TrustedDomainHandle, [in] TRUSTED_INFORMATION_CLASS InformationClass, [in, switch_is(InformationClass)] PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation ); /////////////////////////////////////////////////////////////////////////////// // // // Local Security Policy - Secret Object API function prototypes // // // /////////////////////////////////////////////////////////////////////////////// NTSTATUS LsarOpenSecret( [in] LSAPR_HANDLE PolicyHandle, [in] PLSAPR_UNICODE_STRING SecretName, [in] ACCESS_MASK DesiredAccess, [out] LSAPR_HANDLE *SecretHandle ); NTSTATUS LsarSetSecret( [in] LSAPR_HANDLE SecretHandle, [in, unique] PLSAPR_CR_CIPHER_VALUE EncryptedCurrentValue, [in, unique] PLSAPR_CR_CIPHER_VALUE EncryptedOldValue ); NTSTATUS LsarQuerySecret( [in] LSAPR_HANDLE SecretHandle, [in, out, unique] PLSAPR_CR_CIPHER_VALUE *EncryptedCurrentValue, [in, out, unique] PLARGE_INTEGER CurrentValueSetTime, [in, out, unique] PLSAPR_CR_CIPHER_VALUE *EncryptedOldValue, [in, out, unique] PLARGE_INTEGER OldValueSetTime ); ///////////////////////////////////////////////////////////////////////// // // // Local Security Policy - Privilege Object API Prototypes // // // ///////////////////////////////////////////////////////////////////////// NTSTATUS LsarLookupPrivilegeValue( [in] LSAPR_HANDLE PolicyHandle, [in] PLSAPR_UNICODE_STRING Name, [out] PLUID Value ); NTSTATUS LsarLookupPrivilegeName( [in] LSAPR_HANDLE PolicyHandle, [in] PLUID Value, [out] PLSAPR_UNICODE_STRING *Name ); NTSTATUS LsarLookupPrivilegeDisplayName( [in] LSAPR_HANDLE PolicyHandle, [in] PLSAPR_UNICODE_STRING Name, [in] SHORT ClientLanguage, [in] SHORT ClientSystemDefaultLanguage, [out] PLSAPR_UNICODE_STRING *DisplayName, [out] PWORD LanguageReturned ); // // Important note: // // This routine will supersede LsarDelete. The difference is that, as on // LsarClose a pointer to a handle is required rather than a handle so that // LsarDeleteObject() can inform the RPC server calling stub that the handle // has been deleted by returning NULL. // NTSTATUS LsarDeleteObject( [in,out] LSAPR_HANDLE *ObjectHandle ); // // These APIs are new for nt 3.51 (PPC release) and will be emulated when // talking to old servers. // NTSTATUS LsarEnumerateAccountsWithUserRight( [in] LSAPR_HANDLE PolicyHandle, [in,unique] PLSAPR_UNICODE_STRING UserRight, [out] PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer ); NTSTATUS LsarEnumerateAccountRights( [in] LSAPR_HANDLE PolicyHandle, [in] PLSAPR_SID AccountSid, [out] PLSAPR_USER_RIGHT_SET UserRights ); NTSTATUS LsarAddAccountRights( [in] LSAPR_HANDLE PolicyHandle, [in] PLSAPR_SID AccountSid, [in] PLSAPR_USER_RIGHT_SET UserRights ); NTSTATUS LsarRemoveAccountRights( [in] LSAPR_HANDLE PolicyHandle, [in] PLSAPR_SID AccountSid, [in] BOOLEAN AllRights, [in] PLSAPR_USER_RIGHT_SET UserRights ); NTSTATUS LsarQueryTrustedDomainInfo( [in] LSAPR_HANDLE PolicyHandle, [in] PLSAPR_SID TrustedDomainSid, [in] TRUSTED_INFORMATION_CLASS InformationClass, [out, switch_is(InformationClass)] PLSAPR_TRUSTED_DOMAIN_INFO * TrustedDomainInformation ); NTSTATUS LsarSetTrustedDomainInfo( [in] LSAPR_HANDLE PolicyHandle, [in] PLSAPR_SID TrustedDomainSid, [in] TRUSTED_INFORMATION_CLASS InformationClass, [in, switch_is(InformationClass)] PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation ); NTSTATUS LsarDeleteTrustedDomain( [in] LSAPR_HANDLE PolicyHandle, [in] PLSAPR_SID TrustedDomainSid ); NTSTATUS LsarStorePrivateData( [in] LSAPR_HANDLE PolicyHandle, [in] PLSAPR_UNICODE_STRING KeyName, [in,unique] PLSAPR_CR_CIPHER_VALUE EncryptedData ); NTSTATUS LsarRetrievePrivateData( [in] LSAPR_HANDLE PolicyHandle, [in] PLSAPR_UNICODE_STRING KeyName, [in, out] PLSAPR_CR_CIPHER_VALUE *EncryptedData ); NTSTATUS LsarOpenPolicy2( [in,unique,string] PLSAPR_SERVER_NAME SystemName, [in] PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes, [in] ACCESS_MASK DesiredAccess, [out] LSAPR_HANDLE *PolicyHandle ); NTSTATUS LsarGetUserName( [in,unique,string] PLSAPR_SERVER_NAME SystemName, [in,out] PLSAPR_UNICODE_STRING * UserName, [in,out,unique] PLSAPR_UNICODE_STRING * DomainName ); }