uLib  User mode C/C++ extended API library for Win32 programmers.
Classes | Namespaces | Macros | Typedefs | Functions
UmLsa.h File Reference
#include <uLib/Common.h>
#include <uLib/ListFunc.h>
#include <uLib/UtilFunc.h>
#include <IADS.h>
#include <ADSHlp.h>

Go to the source code of this file.

Classes

struct  uLib::GroupEntry
 
class  uLib::GroupList
 
struct  PPOLICY_PRIVILEGE_DEFINITION
 

Namespaces

 uLib
 

Macros

#define NT_SUCCESS(rc)   ((rc) >= STATUS_SUCCESS)
 
#define NT_ERROR(Status)   (((ULONG)(Status) >> 30) == 3)
 
#define ACCOUNT_VIEW   0x00000001L
 
#define ACCOUNT_ADJUST_PRIVILEGES   0x00000002L
 
#define ACCOUNT_ADJUST_QUOTAS   0x00000004L
 
#define ACCOUNT_ADJUST_SYSTEM_ACCESS   0x00000008L
 
#define ACCOUNT_EXECUTE   (STANDARD_RIGHTS_EXECUTE)
 
#define ACCOUNT_READ   (STANDARD_RIGHTS_READ | ACCOUNT_VIEW)
 
#define ACCOUNT_WRITE
 
#define ACCOUNT_ALL_ACCESS
 
#define SECRET_SET_VALUE   0x00000001L
 
#define SECRET_QUERY_VALUE   0x00000002L
 
#define SECRET_ALL_ACCESS   (STANDARD_RIGHTS_REQUIRED | SECRET_SET_VALUE | SECRET_QUERY_VALUE)
 
#define SECRET_READ   (STANDARD_RIGHTS_READ | SECRET_QUERY_VALUE)
 
#define SECRET_WRITE   (STANDARD_RIGHTS_WRITE | SECRET_SET_VALUE)
 
#define SECRET_EXECUTE   (STANDARD_RIGHTS_EXECUTE)
 
#define LSA_GLOBAL_SECRET_PREFIX   L"G$"
 Global secret object prefix. More...
 
#define LSA_GLOBAL_SECRET_PREFIX_LENGTH   2
 
#define LSA_LOCAL_SECRET_PREFIX   L"L$"
 Local secret object prefix. More...
 
#define LSA_LOCAL_SECRET_PREFIX_LENGTH   2
 
#define LSA_MACHINE_SECRET_PREFIX   L"M$"
 Machine secret object prefix. More...
 
#define LSA_MACHINE_SECRET_PREFIX_LENGTH   2
 
#define LSA_SECRET_MAXIMUM_COUNT   0x00001000L
 
#define LSA_SECRET_MAXIMUM_LENGTH   0x00000200L
 
#define SECURITY_ACCESS_INTERACTIVE_LOGON   ((ULONG) 0x00000001L)
 
#define SECURITY_ACCESS_NETWORK_LOGON   ((ULONG) 0x00000002L)
 
#define SECURITY_ACCESS_BATCH_LOGON   ((ULONG) 0x00000004L)
 
#define SECURITY_ACCESS_SERVICE_LOGON   ((ULONG) 0x00000010L)
 
#define SECURITY_ACCESS_PROXY_LOGON   ((ULONG) 0x00000020L)
 
#define SECURITY_ACCESS_DENY_INTERACTIVE_LOGON   ((ULONG) 0x00000040L)
 
#define SECURITY_ACCESS_DENY_NETWORK_LOGON   ((ULONG) 0x00000080L)
 
#define SECURITY_ACCESS_DENY_BATCH_LOGON   ((ULONG) 0x00000100L)
 
#define SECURITY_ACCESS_DENY_SERVICE_LOGON   ((ULONG) 0x00000200L)
 
#define SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON   ((ULONG) 0x00000400L)
 
#define SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON   ((ULONG) 0x00000800L)
 
#define POLICY_MODE_INTERACTIVE   SECURITY_ACCESS_INTERACTIVE_LOGON
 
#define POLICY_MODE_NETWORK   SECURITY_ACCESS_NETWORK_LOGON
 
#define POLICY_MODE_BATCH   SECURITY_ACCESS_BATCH_LOGON
 
#define POLICY_MODE_SERVICE   SECURITY_ACCESS_SERVICE_LOGON
 
#define POLICY_MODE_PROXY   SECURITY_ACCESS_PROXY_LOGON
 
#define POLICY_MODE_DENY_INTERACTIVE   SECURITY_ACCESS_DENY_INTERACTIVE_LOGON
 
#define POLICY_MODE_DENY_NETWORK   SECURITY_ACCESS_DENY_NETWORK_LOGON
 
#define POLICY_MODE_DENY_BATCH   SECURITY_ACCESS_DENY_BATCH_LOGON
 
#define POLICY_MODE_DENY_SERVICE   SECURITY_ACCESS_DENY_SERVICE_LOGON
 
#define POLICY_MODE_REMOTE_INTERACTIVE   SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON
 
#define POLICY_MODE_DENY_REMOTE_INTERACTIVE   SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON
 
#define POLICY_MODE_ALL
 
#define POLICY_MODE_ALL_NT4
 
#define LSA_LOOKUP_ISOLATED_AS_LOCAL   0x80000000L
 

Typedefs

typedef HANDLE HPRIVILEGE
 
typedef struct GroupEntry uLib::GroupEntry
 
typedef GroupEntry * uLib::PGroupEntry
 
typedef GroupList * uLib::PGroupList
 
typedef ULONG POLICY_SYSTEM_ACCESS_MODE
 
typedef ULONG * PPOLICY_SYSTEM_ACCESS_MODE
 

Functions

bool InitLsaFunc ()
 
bool OpenLsaPolicy (CSTR Machine, ACCESS_MASK Access, PLSA_HANDLE phPolicy)
 
LSA_HANDLE LsaCloseEx (LSA_HANDLE hLsa)
 
PSID GetAdminGroupSid ()
 
bool GetAccountSid (CSTR Machine, CSTR Account, PSID *ppSid)
 
PSID FreeAccountSid (PSID pSid)
 
PSID GetCurrentUserSid ()
 
bool GetLogonSid (HANDLE hToken, PSID *ppSid)
 
PSID FreeLogonSid (PSID pSid)
 
PACL GetObjectAcl (HANDLE hObj, SECURITY_INFORMATION Type, size_t cbExtra, PSECURITY_DESCRIPTOR *ppSecDesc OPTOUT=NULL, PDWORD cbSecDesc OPTOUT=NULL)
 
PACL FreeObjectAcl (PACL pAcl)
 
PSECURITY_DESCRIPTOR FreeObjectSecDesc (PSECURITY_DESCRIPTOR pSecDesc)
 
PISECURITY_DESCRIPTOR_RELATIVE GetObjectSecDesc (HANDLE hObj, SECURITY_INFORMATION Type, PDWORD cbDesc)
 
PISECURITY_DESCRIPTOR AllocAbsoluteSecDesc (size_t cbDesc=0)
 
PISECURITY_DESCRIPTOR MakeAbsoluteSecDesc (PSID Owner, PSID Group, PACL Sacl, PACL Dacl, SECURITY_DESCRIPTOR_CONTROL Control)
 
bool GetAccountSystemAccess (LSA_HANDLE hPolicy, PSID AccountSid, ACCESS_MASK *Access)
 
bool SetAccountSystemAccess (LSA_HANDLE hPolicy, PSID AccountSid, ACCESS_MASK AccsType, bool Add)
 
bool AccountHasPrivilege (LSA_HANDLE hPolicy, PSID AccountSid, CSTR Privilege)
 
bool SetAccountPrivilege (LSA_HANDLE hPolicy, PSID AccountSid, CSTR Privilege, bool Add)
 
HPRIVILEGE SetThreadPrivilegeEx (CSTR Privilege)
 
HPRIVILEGE SetThreadPrivilegesEx (UINT NrPriv, CSTR *Privileges)
 
HPRIVILEGE RestoreThreadPrivilege (HPRIVILEGE hPriv)
 
HANDLE GetPrivilegeToken (HPRIVILEGE hPriv)
 
_LSAFN_EXTERN NTSTATUS _LsaOpenAccount (IN LSA_HANDLE PolicyHandle, IN PSID AccountSid, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE AccountHandle)
 
_LSAFN_EXTERN NTSTATUS _LsaCreateAccount (IN LSA_HANDLE PolicyHandle, IN PSID AccountSid, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE AccountHandle)
 
_LSAFN_EXTERN NTSTATUS _LsaEnumerateAccounts (IN LSA_HANDLE PolicyHandle, INOUT PLSA_ENUMERATION_HANDLE EnumerationContext, OUT PVOID *Buffer, IN ULONG PreferedMaximumLength, OUT PULONG CountReturned)
 
_LSAFN_EXTERN NTSTATUS _LsaGetSystemAccessAccount (IN LSA_HANDLE AccountHandle, OUT PULONG SystemAccess)
 
_LSAFN_EXTERN NTSTATUS _LsaSetSystemAccessAccount (IN LSA_HANDLE AccountHandle, IN ULONG SystemAccess)
 
_LSAFN_EXTERN NTSTATUS _LsaEnumeratePrivilegesOfAccount (IN LSA_HANDLE AccountHandle, OUT PPRIVILEGE_SET *Privileges)
 
_LSAFN_EXTERN NTSTATUS _LsaAddPrivilegesToAccount (IN LSA_HANDLE AccountHandle, IN PPRIVILEGE_SET Privileges)
 
_LSAFN_EXTERN NTSTATUS _LsaRemovePrivilegesFromAccount (IN LSA_HANDLE AccountHandle, IN BOOLEAN AllPrivileges, OPTIN PPRIVILEGE_SET Privileges)
 
_LSAFN_EXTERN NTSTATUS _LsaGetQuotasForAccount (IN LSA_HANDLE AccountHandle, OUT PQUOTA_LIMITS QuotaLimits)
 
_LSAFN_EXTERN NTSTATUS _LsaSetQuotasForAccount (IN LSA_HANDLE AccountHandle, IN PQUOTA_LIMITS QuotaLimits)
 
_LSAFN_EXTERN NTSTATUS _LsaLookupPrivilegeValue (IN LSA_HANDLE PolicyHandle, IN PLSA_UNICODE_STRING Name, OUT PLUID Value)
 
_LSAFN_EXTERN NTSTATUS _LsaEnumeratePrivileges (IN LSA_HANDLE PolicyHandle, INOUT PLSA_ENUMERATION_HANDLE EnumerationContext, OUT PVOID *Buffer, IN ULONG PreferedMaximumLength, OUT PULONG CountReturned)
 
_LSAFN_EXTERN NTSTATUS _LsaDelete (IN LSA_HANDLE ObjectHandle)
 
_LSAFN_EXTERN NTSTATUS _LsaQuerySecurityObject (IN LSA_HANDLE ObjectHandle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
 
_LSAFN_EXTERN NTSTATUS _LsaSetSecurityObject (IN LSA_HANDLE ObjectHandle, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor)
 
_LSAFN_EXTERN NTSTATUS _LsaClearAuditLog (IN LSA_HANDLE PolicyHandle)
 
_LSAFN_EXTERN NTSTATUS _LsaOpenTrustedDomain (IN LSA_HANDLE PolicyHandle, IN PSID TrustedDomainSid, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE TrustedDomainHandle)
 
_LSAFN_EXTERN NTSTATUS _LsaCreateTrustedDomain (IN LSA_HANDLE PolicyHandle, IN PLSA_TRUST_INFORMATION TrustedDomainInformation, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE TrustedDomainHandle)
 
_LSAFN_EXTERN NTSTATUS _LsaQueryInfoTrustedDomain (IN LSA_HANDLE TrustedDomainHandle, IN TRUSTED_INFORMATION_CLASS InformationClass, OUT PVOID *Buffer)
 
_LSAFN_EXTERN NTSTATUS _LsaSetInformationTrustedDomain (IN LSA_HANDLE TrustedDomainHandle, IN TRUSTED_INFORMATION_CLASS InformationClass, IN PVOID Buffer)
 
_LSAFN_EXTERN NTSTATUS _LsaOpenSecret (IN LSA_HANDLE PolicyHandle, IN PLSA_UNICODE_STRING SecretName, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE SecretHandle)
 
_LSAFN_EXTERN NTSTATUS _LsaCreateSecret (IN LSA_HANDLE PolicyHandle, IN PLSA_UNICODE_STRING SecretName, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE SecretHandle)
 
_LSAFN_EXTERN NTSTATUS _LsaSetSecret (IN LSA_HANDLE SecretHandle, OPTIN PLSA_UNICODE_STRING CurrentValue, OPTIN PLSA_UNICODE_STRING OldValue)
 
_LSAFN_EXTERN NTSTATUS _LsaQuerySecret (IN LSA_HANDLE SecretHandle, OPTOUT OPTIONAL PLSA_UNICODE_STRING *CurrentValue, OPTOUT PLARGE_INTEGER CurrentValueSetTime, OPTOUT PLSA_UNICODE_STRING *OldValue, OPTOUT PLARGE_INTEGER OldValueSetTime)
 
_LSAFN_EXTERN NTSTATUS _LsaLookupPrivilegeName (IN LSA_HANDLE PolicyHandle, IN PLUID Value, OUT PLSA_UNICODE_STRING *Name)
 
_LSAFN_EXTERN NTSTATUS _LsaLookupPrivilegeDisplayName (IN LSA_HANDLE PolicyHandle, IN PLSA_UNICODE_STRING Name, OUT PLSA_UNICODE_STRING *DisplayName, OUT PSHORT LanguageReturned)
 
_LSAFN_EXTERN NTSTATUS _LsaGetUserName (OUT PLSA_UNICODE_STRING *UserName, OPTOUT PLSA_UNICODE_STRING *DomainName)
 
_LSAFN_EXTERN NTSTATUS _LsaGetRemoteUserName (OPTIN PLSA_UNICODE_STRING SystemName, OUT PLSA_UNICODE_STRING *UserName, OPTOUT PLSA_UNICODE_STRING *DomainName)