8 #ifndef __UsermodeLsa_h_incl__ 9 #define __UsermodeLsa_h_incl__ 29 #define NT_SUCCESS(rc) ((rc) >= STATUS_SUCCESS) 33 #define NT_ERROR(Status) (((ULONG)(Status) >> 30) == 3) 131 SECURITY_INFORMATION Type,
size_t cbExtra,
132 PSECURITY_DESCRIPTOR* ppSecDesc
OPTOUT DEF_(NULL),
160 PISECURITY_DESCRIPTOR_RELATIVE
189 PSID Owner, PSID Group, PACL Sacl, PACL Dacl, SECURITY_DESCRIPTOR_CONTROL Control
203 LSA_HANDLE hPolicy, PSID AccountSid, ACCESS_MASK* Access
222 LSA_HANDLE hPolicy, PSID AccountSid, ACCESS_MASK AccsType,
bool Add
250 LSA_HANDLE hPolicy, PSID AccountSid,
CSTR Privilege,
bool Add
325 #ifndef __GNUC__ // MinGW(64) doesn't have ADSiid. 365 static bool __stdcall _find_Sid(
PLIST_ENTRY Entry, PVOID Ctx );
367 #ifdef __DOXYGEN__ // doxygen kludge.. 387 UINT GetFromADS(
CSTR Machine );
391 static bool __stdcall _del_Entry(
PLIST_ENTRY Entry, PVOID Ctx );
398 #endif//ndef __GNUC__ 399 #endif//def __cplusplus 409 #define LSAFUNC(Name) NTSTATUS (NTAPI *_##Name) 413 #define INIT_LSAFUNC(Name) \ 414 (FARPROC&)_##Name = GetProcAddress( hMod, #Name ); \ 415 TRACE_IF( !_##Name, DP_WARNING, _F("API missing: %s\n"), #Name ); \ 416 anyPtr |= (LONG_PTR)_##Name 421 #if _INIT_FP_ // INTERNAL 423 #define _LSAFN_EXTERN 426 #define _LSAFN_EXTERN extern 438 _LSAFN_EXTERN LSAFUNC( LsaOpenAccount )(
439 IN LSA_HANDLE PolicyHandle,
441 IN ACCESS_MASK DesiredAccess,
442 OUT PLSA_HANDLE AccountHandle
445 _LSAFN_EXTERN LSAFUNC( LsaCreateAccount )(
446 IN LSA_HANDLE PolicyHandle,
448 IN ACCESS_MASK DesiredAccess,
449 OUT PLSA_HANDLE AccountHandle
466 _LSAFN_EXTERN LSAFUNC( LsaEnumerateAccounts )(
467 IN LSA_HANDLE PolicyHandle,
468 INOUT PLSA_ENUMERATION_HANDLE EnumerationContext,
470 IN ULONG PreferedMaximumLength,
471 OUT PULONG CountReturned
474 _LSAFN_EXTERN LSAFUNC( LsaGetSystemAccessAccount )(
475 IN LSA_HANDLE AccountHandle,
476 OUT PULONG SystemAccess
479 _LSAFN_EXTERN LSAFUNC( LsaSetSystemAccessAccount )(
480 IN LSA_HANDLE AccountHandle,
481 IN ULONG SystemAccess
484 _LSAFN_EXTERN LSAFUNC( LsaEnumeratePrivilegesOfAccount )(
485 IN LSA_HANDLE AccountHandle,
486 OUT PPRIVILEGE_SET *Privileges
489 _LSAFN_EXTERN LSAFUNC( LsaAddPrivilegesToAccount )(
490 IN LSA_HANDLE AccountHandle,
491 IN PPRIVILEGE_SET Privileges
494 _LSAFN_EXTERN LSAFUNC( LsaRemovePrivilegesFromAccount )(
495 IN LSA_HANDLE AccountHandle,
496 IN BOOLEAN AllPrivileges,
497 OPTIN PPRIVILEGE_SET Privileges
500 _LSAFN_EXTERN LSAFUNC( LsaGetQuotasForAccount )(
501 IN LSA_HANDLE AccountHandle,
502 OUT PQUOTA_LIMITS QuotaLimits
505 _LSAFN_EXTERN LSAFUNC( LsaSetQuotasForAccount )(
506 IN LSA_HANDLE AccountHandle,
507 IN PQUOTA_LIMITS QuotaLimits
516 #define ACCOUNT_VIEW 0x00000001L 517 #define ACCOUNT_ADJUST_PRIVILEGES 0x00000002L 518 #define ACCOUNT_ADJUST_QUOTAS 0x00000004L 519 #define ACCOUNT_ADJUST_SYSTEM_ACCESS 0x00000008L 521 #define ACCOUNT_EXECUTE (STANDARD_RIGHTS_EXECUTE) 522 #define ACCOUNT_READ (STANDARD_RIGHTS_READ | ACCOUNT_VIEW) 524 #define ACCOUNT_WRITE \ 525 ( STANDARD_RIGHTS_WRITE | ACCOUNT_ADJUST_PRIVILEGES \ 526 | ACCOUNT_ADJUST_QUOTAS | ACCOUNT_ADJUST_SYSTEM_ACCESS) 528 #define ACCOUNT_ALL_ACCESS \ 529 ( STANDARD_RIGHTS_REQUIRED | ACCOUNT_VIEW \ 530 | ACCOUNT_ADJUST_PRIVILEGES | ACCOUNT_ADJUST_QUOTAS \ 531 | ACCOUNT_ADJUST_SYSTEM_ACCESS) 533 #endif//ndef ACCOUNT_VIEW 543 _LSAFN_EXTERN LSAFUNC( LsaLookupPrivilegeValue )(
544 IN LSA_HANDLE PolicyHandle,
545 IN PLSA_UNICODE_STRING Name,
549 _LSAFN_EXTERN LSAFUNC( LsaEnumeratePrivileges )(
550 IN LSA_HANDLE PolicyHandle,
551 INOUT PLSA_ENUMERATION_HANDLE EnumerationContext,
553 IN ULONG PreferedMaximumLength,
554 OUT PULONG CountReturned
557 _LSAFN_EXTERN LSAFUNC( LsaDelete )(
558 IN LSA_HANDLE ObjectHandle
561 _LSAFN_EXTERN LSAFUNC( LsaQuerySecurityObject )(
562 IN LSA_HANDLE ObjectHandle,
563 IN SECURITY_INFORMATION SecurityInformation,
564 OUT PSECURITY_DESCRIPTOR *SecurityDescriptor
567 _LSAFN_EXTERN LSAFUNC( LsaSetSecurityObject )(
568 IN LSA_HANDLE ObjectHandle,
569 IN SECURITY_INFORMATION SecurityInformation,
570 IN PSECURITY_DESCRIPTOR SecurityDescriptor
582 _LSAFN_EXTERN LSAFUNC( LsaClearAuditLog )(
583 IN LSA_HANDLE PolicyHandle
593 _LSAFN_EXTERN LSAFUNC( LsaOpenTrustedDomain )(
594 IN LSA_HANDLE PolicyHandle,
595 IN PSID TrustedDomainSid,
596 IN ACCESS_MASK DesiredAccess,
597 OUT PLSA_HANDLE TrustedDomainHandle
600 _LSAFN_EXTERN LSAFUNC( LsaCreateTrustedDomain )(
601 IN LSA_HANDLE PolicyHandle,
602 IN PLSA_TRUST_INFORMATION TrustedDomainInformation,
603 IN ACCESS_MASK DesiredAccess,
604 OUT PLSA_HANDLE TrustedDomainHandle
607 _LSAFN_EXTERN LSAFUNC( LsaQueryInfoTrustedDomain )(
608 IN LSA_HANDLE TrustedDomainHandle,
609 IN TRUSTED_INFORMATION_CLASS InformationClass,
613 _LSAFN_EXTERN LSAFUNC( LsaSetInformationTrustedDomain )(
614 IN LSA_HANDLE TrustedDomainHandle,
615 IN TRUSTED_INFORMATION_CLASS InformationClass,
626 _LSAFN_EXTERN LSAFUNC( LsaOpenSecret )(
627 IN LSA_HANDLE PolicyHandle,
628 IN PLSA_UNICODE_STRING SecretName,
629 IN ACCESS_MASK DesiredAccess,
630 OUT PLSA_HANDLE SecretHandle
633 _LSAFN_EXTERN LSAFUNC( LsaCreateSecret )(
634 IN LSA_HANDLE PolicyHandle,
635 IN PLSA_UNICODE_STRING SecretName,
636 IN ACCESS_MASK DesiredAccess,
637 OUT PLSA_HANDLE SecretHandle
640 _LSAFN_EXTERN LSAFUNC( LsaSetSecret )(
641 IN LSA_HANDLE SecretHandle,
642 OPTIN PLSA_UNICODE_STRING CurrentValue,
643 OPTIN PLSA_UNICODE_STRING OldValue
646 _LSAFN_EXTERN LSAFUNC( LsaQuerySecret )(
647 IN LSA_HANDLE SecretHandle,
648 OPTOUT OPTIONAL PLSA_UNICODE_STRING *CurrentValue,
649 OPTOUT PLARGE_INTEGER CurrentValueSetTime,
650 OPTOUT PLSA_UNICODE_STRING *OldValue,
651 OPTOUT PLARGE_INTEGER OldValueSetTime
658 #ifndef SECRET_SET_VALUE 660 #define SECRET_SET_VALUE 0x00000001L 661 #define SECRET_QUERY_VALUE 0x00000002L 663 #define SECRET_ALL_ACCESS \ 664 (STANDARD_RIGHTS_REQUIRED | SECRET_SET_VALUE | SECRET_QUERY_VALUE) 666 #define SECRET_READ (STANDARD_RIGHTS_READ | SECRET_QUERY_VALUE) 667 #define SECRET_WRITE (STANDARD_RIGHTS_WRITE | SECRET_SET_VALUE) 668 #define SECRET_EXECUTE (STANDARD_RIGHTS_EXECUTE) 672 #define LSA_GLOBAL_SECRET_PREFIX L"G$" 673 #define LSA_GLOBAL_SECRET_PREFIX_LENGTH 2 677 #define LSA_LOCAL_SECRET_PREFIX L"L$" 678 #define LSA_LOCAL_SECRET_PREFIX_LENGTH 2 682 #define LSA_MACHINE_SECRET_PREFIX L"M$" 683 #define LSA_MACHINE_SECRET_PREFIX_LENGTH 2 686 #define LSA_SECRET_MAXIMUM_COUNT 0x00001000L 687 #define LSA_SECRET_MAXIMUM_LENGTH 0x00000200L 689 #endif//ndef SECRET_SET_VALUE 699 _LSAFN_EXTERN LSAFUNC( LsaLookupPrivilegeName )(
700 IN LSA_HANDLE PolicyHandle,
702 OUT PLSA_UNICODE_STRING *Name
705 _LSAFN_EXTERN LSAFUNC( LsaLookupPrivilegeDisplayName )(
706 IN LSA_HANDLE PolicyHandle,
707 IN PLSA_UNICODE_STRING Name,
708 OUT PLSA_UNICODE_STRING *DisplayName,
709 OUT PSHORT LanguageReturned
719 _LSAFN_EXTERN LSAFUNC( LsaGetUserName )(
720 OUT PLSA_UNICODE_STRING * UserName,
721 OPTOUT PLSA_UNICODE_STRING * DomainName
724 _LSAFN_EXTERN LSAFUNC( LsaGetRemoteUserName)(
725 OPTIN PLSA_UNICODE_STRING SystemName,
726 OUT PLSA_UNICODE_STRING * UserName,
727 OPTOUT PLSA_UNICODE_STRING * DomainName
740 #ifndef SECURITY_ACCESS_INTERACTIVE_LOGON 742 #define SECURITY_ACCESS_INTERACTIVE_LOGON ((ULONG) 0x00000001L) 743 #define SECURITY_ACCESS_NETWORK_LOGON ((ULONG) 0x00000002L) 744 #define SECURITY_ACCESS_BATCH_LOGON ((ULONG) 0x00000004L) 745 #define SECURITY_ACCESS_SERVICE_LOGON ((ULONG) 0x00000010L) 746 #define SECURITY_ACCESS_PROXY_LOGON ((ULONG) 0x00000020L) 748 #define SECURITY_ACCESS_DENY_INTERACTIVE_LOGON ((ULONG) 0x00000040L) 749 #define SECURITY_ACCESS_DENY_NETWORK_LOGON ((ULONG) 0x00000080L) 750 #define SECURITY_ACCESS_DENY_BATCH_LOGON ((ULONG) 0x00000100L) 751 #define SECURITY_ACCESS_DENY_SERVICE_LOGON ((ULONG) 0x00000200L) 752 #define SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON ((ULONG) 0x00000400L) 753 #define SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON ((ULONG) 0x00000800L) 755 #endif//ndef SECURITY_ACCESS_INTERACTIVE_LOGON 780 #ifndef POLICY_MODE_INTERACTIVE 782 #define POLICY_MODE_INTERACTIVE SECURITY_ACCESS_INTERACTIVE_LOGON 783 #define POLICY_MODE_NETWORK SECURITY_ACCESS_NETWORK_LOGON 784 #define POLICY_MODE_BATCH SECURITY_ACCESS_BATCH_LOGON 785 #define POLICY_MODE_SERVICE SECURITY_ACCESS_SERVICE_LOGON 786 #define POLICY_MODE_PROXY SECURITY_ACCESS_PROXY_LOGON 787 #define POLICY_MODE_DENY_INTERACTIVE SECURITY_ACCESS_DENY_INTERACTIVE_LOGON 788 #define POLICY_MODE_DENY_NETWORK SECURITY_ACCESS_DENY_NETWORK_LOGON 789 #define POLICY_MODE_DENY_BATCH SECURITY_ACCESS_DENY_BATCH_LOGON 790 #define POLICY_MODE_DENY_SERVICE SECURITY_ACCESS_DENY_SERVICE_LOGON 791 #define POLICY_MODE_REMOTE_INTERACTIVE SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON 792 #define POLICY_MODE_DENY_REMOTE_INTERACTIVE SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON 794 #define POLICY_MODE_ALL \ 795 ( POLICY_MODE_INTERACTIVE | POLICY_MODE_NETWORK \ 796 | POLICY_MODE_BATCH | POLICY_MODE_SERVICE | POLICY_MODE_PROXY \ 797 | POLICY_MODE_DENY_INTERACTIVE | POLICY_MODE_DENY_NETWORK \ 798 | SECURITY_ACCESS_DENY_BATCH_LOGON | SECURITY_ACCESS_DENY_SERVICE_LOGON \ 799 | POLICY_MODE_REMOTE_INTERACTIVE | POLICY_MODE_DENY_REMOTE_INTERACTIVE ) 801 #define POLICY_MODE_ALL_NT4 \ 802 ( POLICY_MODE_INTERACTIVE | POLICY_MODE_NETWORK \ 803 | POLICY_MODE_BATCH | POLICY_MODE_SERVICE | POLICY_MODE_PROXY ) 809 typedef struct _POLICY_PRIVILEGE_DEFINITION
816 #endif//ndef POLICY_MODE_INTERACTIVE 822 #define LSA_LOOKUP_ISOLATED_AS_LOCAL 0x80000000L 827 #endif//ndef __UsermodeLsa_h_incl__
bool GetAccountSystemAccess(LSA_HANDLE hPolicy, PSID AccountSid, ACCESS_MASK *Access)
bool SetAccountSystemAccess(LSA_HANDLE hPolicy, PSID AccountSid, ACCESS_MASK AccsType, bool Add)
bool AccountHasPrivilege(LSA_HANDLE hPolicy, PSID AccountSid, CSTR Privilege)
ULONG POLICY_SYSTEM_ACCESS_MODE
struct GroupEntry GroupEntry
HPRIVILEGE SetThreadPrivilegesEx(UINT NrPriv, CSTR *Privileges)
HPRIVILEGE SetThreadPrivilegeEx(CSTR Privilege)
ULONG * PPOLICY_SYSTEM_ACCESS_MODE
PSID FreeAccountSid(PSID pSid)
PACL GetObjectAcl(HANDLE hObj, SECURITY_INFORMATION Type, size_t cbExtra, PSECURITY_DESCRIPTOR *ppSecDesc OPTOUT=NULL, PDWORD cbSecDesc OPTOUT=NULL)
#define END_NAMESPACE(name)
struct _LIST_ENTRY * PLIST_ENTRY
HANDLE GetPrivilegeToken(HPRIVILEGE hPriv)
PACL FreeObjectAcl(PACL pAcl)
bool SetAccountPrivilege(LSA_HANDLE hPolicy, PSID AccountSid, CSTR Privilege, bool Add)
bool GetAccountSid(CSTR Machine, CSTR Account, PSID *ppSid)
LSA_HANDLE LsaCloseEx(LSA_HANDLE hLsa)
PSECURITY_DESCRIPTOR FreeObjectSecDesc(PSECURITY_DESCRIPTOR pSecDesc)
#define BEGIN_NAMESPACE(name)
PSID FreeLogonSid(PSID pSid)
Common include; Added types, small "ubiquitous" utilities, et c.
bool OpenLsaPolicy(CSTR Machine, ACCESS_MASK Access, PLSA_HANDLE phPolicy)
bool GetLogonSid(HANDLE hToken, PSID *ppSid)
HPRIVILEGE RestoreThreadPrivilege(HPRIVILEGE hPriv)
PISECURITY_DESCRIPTOR MakeAbsoluteSecDesc(PSID Owner, PSID Group, PACL Sacl, PACL Dacl, SECURITY_DESCRIPTOR_CONTROL Control)
PISECURITY_DESCRIPTOR AllocAbsoluteSecDesc(size_t cbDesc=0)
PISECURITY_DESCRIPTOR_RELATIVE GetObjectSecDesc(HANDLE hObj, SECURITY_INFORMATION Type, PDWORD cbDesc)