uLib  User mode C/C++ extended API library for Win32 programmers.
UmLsa.h
Go to the documentation of this file.
1 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2 // Project: uLib - User mode library.
3 // Module: User mode LSA based functions and helpful security subroutines.
4 // Author: Copyright (c) Love Nystrom
5 // License: NNOSL (BSD descendant, see NNOSL.txt in the base directory).
6 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7 
8 #ifndef __UsermodeLsa_h_incl__
9 #define __UsermodeLsa_h_incl__
10 
11 #include <uLib/Common.h>
12 
13 //==---------------------------------------------------------------------------
25 //==---------------------------------------------------------------------------
27 
28 #ifndef NT_SUCCESS
29  #define NT_SUCCESS(rc) ((rc) >= STATUS_SUCCESS)
30 #endif
31 
32 #ifndef NT_ERROR
33  #define NT_ERROR(Status) (((ULONG)(Status) >> 30) == 3)
34 #endif
35 
36 BEGIN_EXTERN_C
37 
38 //==---------------------------------------------------------------------------
42 //==---------------------------------------------------------------------------
43 
44 bool InitLsaFunc();
45 
46 //==---------------------------------------------------------------------------
54 //==---------------------------------------------------------------------------
55 
56 bool OpenLsaPolicy( CSTR Machine, ACCESS_MASK Access, PLSA_HANDLE phPolicy );
57 
58 //==---------------------------------------------------------------------------
63 //==---------------------------------------------------------------------------
64 
65 LSA_HANDLE LsaCloseEx( LSA_HANDLE hLsa );
66 
67 //=============================================================================
70 //=============================================================================
72 //==---------------------------------------------------------------------------
75 //==---------------------------------------------------------------------------
76 
77 PSID GetAdminGroupSid();
78 
79 //==---------------------------------------------------------------------------
87 //==---------------------------------------------------------------------------
88 
89 bool GetAccountSid( CSTR Machine, CSTR Account, PSID* ppSid );
90 PSID FreeAccountSid( PSID pSid );
91 
94 
95 PSID GetCurrentUserSid(); // Uses GetAccountSid..
96 
97 //==---------------------------------------------------------------------------
104 //==---------------------------------------------------------------------------
105 
106 bool GetLogonSid( HANDLE hToken, PSID *ppSid );
107 PSID FreeLogonSid( PSID pSid );
108 
109 //==---------------------------------------------------------------------------
127 //==---------------------------------------------------------------------------
128 
129 PACL GetObjectAcl(
130  HANDLE hObj,
131  SECURITY_INFORMATION Type, size_t cbExtra,
132  PSECURITY_DESCRIPTOR* ppSecDesc OPTOUT DEF_(NULL),
133  PDWORD cbSecDesc OPTOUT DEF_(NULL)
134  );
135 PACL FreeObjectAcl( PACL pAcl );
136 
137 //==---------------------------------------------------------------------------
145 //==---------------------------------------------------------------------------
146 
147 PSECURITY_DESCRIPTOR FreeObjectSecDesc( PSECURITY_DESCRIPTOR pSecDesc );
148 
149 //==---------------------------------------------------------------------------
158 //==---------------------------------------------------------------------------
159 
160 PISECURITY_DESCRIPTOR_RELATIVE
161  GetObjectSecDesc( HANDLE hObj, SECURITY_INFORMATION Type, PDWORD cbDesc );
162 
163 //==---------------------------------------------------------------------------
170 //==---------------------------------------------------------------------------
171 
172 PISECURITY_DESCRIPTOR AllocAbsoluteSecDesc( size_t cbDesc DEF_(0) );
173 
174 //==---------------------------------------------------------------------------
186 //==---------------------------------------------------------------------------
187 
188 PISECURITY_DESCRIPTOR MakeAbsoluteSecDesc(
189  PSID Owner, PSID Group, PACL Sacl, PACL Dacl, SECURITY_DESCRIPTOR_CONTROL Control
190  );
191 
192 //==---------------------------------------------------------------------------
200 //==---------------------------------------------------------------------------
201 
202 bool GetAccountSystemAccess(
203  LSA_HANDLE hPolicy, PSID AccountSid, ACCESS_MASK* Access
204  );
205 
206 //==---------------------------------------------------------------------------
219 //==---------------------------------------------------------------------------
220 
221 bool SetAccountSystemAccess(
222  LSA_HANDLE hPolicy, PSID AccountSid, ACCESS_MASK AccsType, bool Add
223  );
224 
225 //==---------------------------------------------------------------------------
233 //==---------------------------------------------------------------------------
234 
235 bool AccountHasPrivilege( LSA_HANDLE hPolicy, PSID AccountSid, CSTR Privilege );
236 
237 //==---------------------------------------------------------------------------
247 //==---------------------------------------------------------------------------
248 
249 bool SetAccountPrivilege(
250  LSA_HANDLE hPolicy, PSID AccountSid, CSTR Privilege, bool Add
251  );
252 
253 //==---------------------------------------------------------------------------
254 // Under consideration: SetThreadPrivilegeEx
255 //==---------------------------------------------------------------------------
256 
259 
260 DECLARE_HANDLE( HPRIVILEGE ); // Opaque control block..
261 
308 
309 HPRIVILEGE SetThreadPrivilegeEx( CSTR Privilege );
310 HPRIVILEGE SetThreadPrivilegesEx( UINT NrPriv, CSTR* Privileges );
311 
315 
316 HPRIVILEGE RestoreThreadPrivilege( HPRIVILEGE hPriv );
317 
319 
320 HANDLE GetPrivilegeToken( HPRIVILEGE hPriv );
321 
323 END_EXTERN_C
324 #ifdef __cplusplus
325 #ifndef __GNUC__ // MinGW(64) doesn't have ADSiid.
326 
327 #include <uLib/ListFunc.h>
328 #include <uLib/UtilFunc.h>
329 #include <IADS.h> // Link with: ActiveDS.lib and ADSiid.lib
330 #include <ADSHlp.h>
331 
332 BEGIN_NAMESPACE( uLib )
333 
334 //== GroupList ================================================================
335 
336 
345 //==---------------------------------------------------------------------------
347 //==---------------------------------------------------------------------------
348 
349 struct GroupEntry : LIST_ENTRY
350 {
351  CSTR Name;
352  PSID Sid;
353  SID_NAME_USE sidUse;
354  CSTR Domain;
355 
356  GroupEntry( CSTR name );
357  #ifndef _UNICODE
358  GroupEntry( WSTR name );
359  #endif
360  ~GroupEntry();
361 
364 
365  static bool __stdcall _find_Sid( PLIST_ENTRY Entry, PVOID Ctx );
366 };
367 #ifdef __DOXYGEN__ // doxygen kludge..
368 typedef struct GroupEntry GroupEntry;
369 #endif
370 typedef GroupEntry* PGroupEntry;
371 
372 //==---------------------------------------------------------------------------
374 //==---------------------------------------------------------------------------
375 
376 class GroupList : public DLinkList {
377 public:
378  CSTR Machine;
379 
380  GroupList();
381  ~GroupList();
382  void Clear();
383 
386 
387  UINT GetFromADS( CSTR Machine );
388 
389 protected:
391  static bool __stdcall _del_Entry( PLIST_ENTRY Entry, PVOID Ctx );
393 };
394 typedef GroupList* PGroupList;
395 
397 END_NAMESPACE( uLib )
398 #endif//ndef __GNUC__
399 #endif//def __cplusplus
400 
401 //=============================================================================
402 // And finally the LSA function pointers..
403 //=============================================================================
404 // Use declaration macro so the naming scheme can be easily changed.
405 // An underscore disambiguate these from AdvApi32/Secur32 publics such as LsaClose.
406 //=============================================================================
408 
409 #define LSAFUNC(Name) NTSTATUS (NTAPI *_##Name)
410 
411 // INIT_LSAFUNC is used in UmLsa.cpp, but keep it here for proximity reasons.
412 
413 #define INIT_LSAFUNC(Name) \
414  (FARPROC&)_##Name = GetProcAddress( hMod, #Name ); \
415  TRACE_IF( !_##Name, DP_WARNING, _F("API missing: %s\n"), #Name ); \
416  anyPtr |= (LONG_PTR)_##Name
417 
418 // Use an _INIT_FP_ construct, so we can have a single set of fnptr declarations.
419 // The normal case that uLib user's program sees will have them 'extern'.
420 
421 #if _INIT_FP_ // INTERNAL
422  #define _FP_ = NULL
423  #define _LSAFN_EXTERN
424 #else
425  #define _FP_
426  #define _LSAFN_EXTERN extern
427 #endif
428 
430 //=============================================================================
431 // Local Security Policy - Dynalinked function pointers.
432 //=============================================================================
435 //==---------------------------------------------------------------------------
437 
438 _LSAFN_EXTERN LSAFUNC( LsaOpenAccount )(
439  IN LSA_HANDLE PolicyHandle,
440  IN PSID AccountSid,
441  IN ACCESS_MASK DesiredAccess,
442  OUT PLSA_HANDLE AccountHandle
443  )_FP_;
444 
445 _LSAFN_EXTERN LSAFUNC( LsaCreateAccount )(
446  IN LSA_HANDLE PolicyHandle,
447  IN PSID AccountSid,
448  IN ACCESS_MASK DesiredAccess,
449  OUT PLSA_HANDLE AccountHandle
450  )_FP_;
451 
465 
466 _LSAFN_EXTERN LSAFUNC( LsaEnumerateAccounts )(
467  IN LSA_HANDLE PolicyHandle,
468  INOUT PLSA_ENUMERATION_HANDLE EnumerationContext,
469  OUT PVOID *Buffer, // PLSA_ENUMERATION_INFORMATION
470  IN ULONG PreferedMaximumLength,
471  OUT PULONG CountReturned
472  )_FP_;
473 
474 _LSAFN_EXTERN LSAFUNC( LsaGetSystemAccessAccount )(
475  IN LSA_HANDLE AccountHandle,
476  OUT PULONG SystemAccess
477  )_FP_;
478 
479 _LSAFN_EXTERN LSAFUNC( LsaSetSystemAccessAccount )(
480  IN LSA_HANDLE AccountHandle,
481  IN ULONG SystemAccess
482  )_FP_;
483 
484 _LSAFN_EXTERN LSAFUNC( LsaEnumeratePrivilegesOfAccount )(
485  IN LSA_HANDLE AccountHandle,
486  OUT PPRIVILEGE_SET *Privileges
487  )_FP_;
488 
489 _LSAFN_EXTERN LSAFUNC( LsaAddPrivilegesToAccount )(
490  IN LSA_HANDLE AccountHandle,
491  IN PPRIVILEGE_SET Privileges
492  )_FP_;
493 
494 _LSAFN_EXTERN LSAFUNC( LsaRemovePrivilegesFromAccount )(
495  IN LSA_HANDLE AccountHandle,
496  IN BOOLEAN AllPrivileges,
497  OPTIN PPRIVILEGE_SET Privileges
498  )_FP_;
499 
500 _LSAFN_EXTERN LSAFUNC( LsaGetQuotasForAccount )(
501  IN LSA_HANDLE AccountHandle,
502  OUT PQUOTA_LIMITS QuotaLimits
503  )_FP_;
504 
505 _LSAFN_EXTERN LSAFUNC( LsaSetQuotasForAccount )(
506  IN LSA_HANDLE AccountHandle,
507  IN PQUOTA_LIMITS QuotaLimits
508  )_FP_;
509 
513 
514 #ifndef ACCOUNT_VIEW
515 
516  #define ACCOUNT_VIEW 0x00000001L
517  #define ACCOUNT_ADJUST_PRIVILEGES 0x00000002L
518  #define ACCOUNT_ADJUST_QUOTAS 0x00000004L
519  #define ACCOUNT_ADJUST_SYSTEM_ACCESS 0x00000008L
520 
521  #define ACCOUNT_EXECUTE (STANDARD_RIGHTS_EXECUTE)
522  #define ACCOUNT_READ (STANDARD_RIGHTS_READ | ACCOUNT_VIEW)
523 
524  #define ACCOUNT_WRITE \
525  ( STANDARD_RIGHTS_WRITE | ACCOUNT_ADJUST_PRIVILEGES \
526  | ACCOUNT_ADJUST_QUOTAS | ACCOUNT_ADJUST_SYSTEM_ACCESS)
527 
528  #define ACCOUNT_ALL_ACCESS \
529  ( STANDARD_RIGHTS_REQUIRED | ACCOUNT_VIEW \
530  | ACCOUNT_ADJUST_PRIVILEGES | ACCOUNT_ADJUST_QUOTAS \
531  | ACCOUNT_ADJUST_SYSTEM_ACCESS)
532 
533 #endif//ndef ACCOUNT_VIEW
534 
537 //==---------------------------------------------------------------------------
540 //==---------------------------------------------------------------------------
542 
543 _LSAFN_EXTERN LSAFUNC( LsaLookupPrivilegeValue )(
544  IN LSA_HANDLE PolicyHandle,
545  IN PLSA_UNICODE_STRING Name,
546  OUT PLUID Value
547  )_FP_;
548 
549 _LSAFN_EXTERN LSAFUNC( LsaEnumeratePrivileges )(
550  IN LSA_HANDLE PolicyHandle,
551  INOUT PLSA_ENUMERATION_HANDLE EnumerationContext, // Not a handle
552  OUT PVOID* Buffer,
553  IN ULONG PreferedMaximumLength,
554  OUT PULONG CountReturned
555  )_FP_;
556 
557 _LSAFN_EXTERN LSAFUNC( LsaDelete )(
558  IN LSA_HANDLE ObjectHandle
559  )_FP_;
560 
561 _LSAFN_EXTERN LSAFUNC( LsaQuerySecurityObject )(
562  IN LSA_HANDLE ObjectHandle,
563  IN SECURITY_INFORMATION SecurityInformation,
564  OUT PSECURITY_DESCRIPTOR *SecurityDescriptor
565  )_FP_;
566 
567 _LSAFN_EXTERN LSAFUNC( LsaSetSecurityObject )(
568  IN LSA_HANDLE ObjectHandle,
569  IN SECURITY_INFORMATION SecurityInformation,
570  IN PSECURITY_DESCRIPTOR SecurityDescriptor
571  )_FP_;
572 
573 // R.I.P: LsaChangePassword is gone. I assume some asshole managed to exploit it :/
574 //_LSAFN_EXTERN LSAFUNC( LsaChangePassword )(
575 // IN PLSA_UNICODE_STRING ServerName,
576 // IN PLSA_UNICODE_STRING DomainName,
577 // IN PLSA_UNICODE_STRING AccountName,
578 // IN PLSA_UNICODE_STRING OldPassword,
579 // IN PLSA_UNICODE_STRING NewPassword
580 // );
581 
582 _LSAFN_EXTERN LSAFUNC( LsaClearAuditLog )(
583  IN LSA_HANDLE PolicyHandle
584  )_FP_;
585 
587 //==---------------------------------------------------------------------------
590 //==---------------------------------------------------------------------------
592 
593 _LSAFN_EXTERN LSAFUNC( LsaOpenTrustedDomain )(
594  IN LSA_HANDLE PolicyHandle,
595  IN PSID TrustedDomainSid,
596  IN ACCESS_MASK DesiredAccess,
597  OUT PLSA_HANDLE TrustedDomainHandle
598  )_FP_;
599 
600 _LSAFN_EXTERN LSAFUNC( LsaCreateTrustedDomain )(
601  IN LSA_HANDLE PolicyHandle,
602  IN PLSA_TRUST_INFORMATION TrustedDomainInformation,
603  IN ACCESS_MASK DesiredAccess,
604  OUT PLSA_HANDLE TrustedDomainHandle
605  )_FP_;
606 
607 _LSAFN_EXTERN LSAFUNC( LsaQueryInfoTrustedDomain )(
608  IN LSA_HANDLE TrustedDomainHandle,
609  IN TRUSTED_INFORMATION_CLASS InformationClass,
610  OUT PVOID *Buffer
611  )_FP_;
612 
613 _LSAFN_EXTERN LSAFUNC( LsaSetInformationTrustedDomain )(
614  IN LSA_HANDLE TrustedDomainHandle,
615  IN TRUSTED_INFORMATION_CLASS InformationClass,
616  IN PVOID Buffer
617  )_FP_;
618 
620 //==---------------------------------------------------------------------------
623 //==---------------------------------------------------------------------------
625 
626 _LSAFN_EXTERN LSAFUNC( LsaOpenSecret )(
627  IN LSA_HANDLE PolicyHandle,
628  IN PLSA_UNICODE_STRING SecretName,
629  IN ACCESS_MASK DesiredAccess,
630  OUT PLSA_HANDLE SecretHandle
631  )_FP_;
632 
633 _LSAFN_EXTERN LSAFUNC( LsaCreateSecret )(
634  IN LSA_HANDLE PolicyHandle,
635  IN PLSA_UNICODE_STRING SecretName,
636  IN ACCESS_MASK DesiredAccess,
637  OUT PLSA_HANDLE SecretHandle
638  )_FP_;
639 
640 _LSAFN_EXTERN LSAFUNC( LsaSetSecret )(
641  IN LSA_HANDLE SecretHandle,
642  OPTIN PLSA_UNICODE_STRING CurrentValue,
643  OPTIN PLSA_UNICODE_STRING OldValue
644  )_FP_;
645 
646 _LSAFN_EXTERN LSAFUNC( LsaQuerySecret )(
647  IN LSA_HANDLE SecretHandle,
648  OPTOUT OPTIONAL PLSA_UNICODE_STRING *CurrentValue,
649  OPTOUT PLARGE_INTEGER CurrentValueSetTime,
650  OPTOUT PLSA_UNICODE_STRING *OldValue,
651  OPTOUT PLARGE_INTEGER OldValueSetTime
652  )_FP_;
653 
657 
658 #ifndef SECRET_SET_VALUE
659 
660  #define SECRET_SET_VALUE 0x00000001L
661  #define SECRET_QUERY_VALUE 0x00000002L
662 
663  #define SECRET_ALL_ACCESS \
664  (STANDARD_RIGHTS_REQUIRED | SECRET_SET_VALUE | SECRET_QUERY_VALUE)
665 
666  #define SECRET_READ (STANDARD_RIGHTS_READ | SECRET_QUERY_VALUE)
667  #define SECRET_WRITE (STANDARD_RIGHTS_WRITE | SECRET_SET_VALUE)
668  #define SECRET_EXECUTE (STANDARD_RIGHTS_EXECUTE)
669 
671 
672  #define LSA_GLOBAL_SECRET_PREFIX L"G$"
673  #define LSA_GLOBAL_SECRET_PREFIX_LENGTH 2
674 
676 
677  #define LSA_LOCAL_SECRET_PREFIX L"L$"
678  #define LSA_LOCAL_SECRET_PREFIX_LENGTH 2
679 
681 
682  #define LSA_MACHINE_SECRET_PREFIX L"M$"
683  #define LSA_MACHINE_SECRET_PREFIX_LENGTH 2
684  // ((sizeof(LSA_MACHINE_SECRET_PREFIX) - sizeof(WCHAR)) / sizeof(WCHAR)) //<<< I.e: 2
685 
686  #define LSA_SECRET_MAXIMUM_COUNT 0x00001000L
687  #define LSA_SECRET_MAXIMUM_LENGTH 0x00000200L
688 
689 #endif//ndef SECRET_SET_VALUE
690 
693 //==---------------------------------------------------------------------------
696 //==---------------------------------------------------------------------------
698 
699 _LSAFN_EXTERN LSAFUNC( LsaLookupPrivilegeName )(
700  IN LSA_HANDLE PolicyHandle,
701  IN PLUID Value,
702  OUT PLSA_UNICODE_STRING *Name
703  )_FP_;
704 
705 _LSAFN_EXTERN LSAFUNC( LsaLookupPrivilegeDisplayName )(
706  IN LSA_HANDLE PolicyHandle,
707  IN PLSA_UNICODE_STRING Name,
708  OUT PLSA_UNICODE_STRING *DisplayName,
709  OUT PSHORT LanguageReturned
710  )_FP_;
711 
713 //==---------------------------------------------------------------------------
716 //==---------------------------------------------------------------------------
718 
719 _LSAFN_EXTERN LSAFUNC( LsaGetUserName )(
720  OUT PLSA_UNICODE_STRING * UserName, //__deref_out
721  OPTOUT PLSA_UNICODE_STRING * DomainName //__deref_opt_out
722  )_FP_;
723 
724 _LSAFN_EXTERN LSAFUNC( LsaGetRemoteUserName)(
725  OPTIN PLSA_UNICODE_STRING SystemName,
726  OUT PLSA_UNICODE_STRING * UserName, //__deref_out
727  OPTOUT PLSA_UNICODE_STRING * DomainName //__deref_opt_out
728  )_FP_;
729 
730 #undef LSAFUNC
731 #undef _FP_
732 
734 //==---------------------------------------------------------------------------
737 //==---------------------------------------------------------------------------
739 
740 #ifndef SECURITY_ACCESS_INTERACTIVE_LOGON
741 
742  #define SECURITY_ACCESS_INTERACTIVE_LOGON ((ULONG) 0x00000001L)
743  #define SECURITY_ACCESS_NETWORK_LOGON ((ULONG) 0x00000002L)
744  #define SECURITY_ACCESS_BATCH_LOGON ((ULONG) 0x00000004L)
745  #define SECURITY_ACCESS_SERVICE_LOGON ((ULONG) 0x00000010L)
746  #define SECURITY_ACCESS_PROXY_LOGON ((ULONG) 0x00000020L)
747 
748  #define SECURITY_ACCESS_DENY_INTERACTIVE_LOGON ((ULONG) 0x00000040L)
749  #define SECURITY_ACCESS_DENY_NETWORK_LOGON ((ULONG) 0x00000080L)
750  #define SECURITY_ACCESS_DENY_BATCH_LOGON ((ULONG) 0x00000100L)
751  #define SECURITY_ACCESS_DENY_SERVICE_LOGON ((ULONG) 0x00000200L)
752  #define SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON ((ULONG) 0x00000400L)
753  #define SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON ((ULONG) 0x00000800L)
754 
755 #endif//ndef SECURITY_ACCESS_INTERACTIVE_LOGON
756 
758 //==---------------------------------------------------------------------------
777 //==---------------------------------------------------------------------------
779 
780 #ifndef POLICY_MODE_INTERACTIVE
781 
782  #define POLICY_MODE_INTERACTIVE SECURITY_ACCESS_INTERACTIVE_LOGON
783  #define POLICY_MODE_NETWORK SECURITY_ACCESS_NETWORK_LOGON
784  #define POLICY_MODE_BATCH SECURITY_ACCESS_BATCH_LOGON
785  #define POLICY_MODE_SERVICE SECURITY_ACCESS_SERVICE_LOGON
786  #define POLICY_MODE_PROXY SECURITY_ACCESS_PROXY_LOGON
787  #define POLICY_MODE_DENY_INTERACTIVE SECURITY_ACCESS_DENY_INTERACTIVE_LOGON
788  #define POLICY_MODE_DENY_NETWORK SECURITY_ACCESS_DENY_NETWORK_LOGON
789  #define POLICY_MODE_DENY_BATCH SECURITY_ACCESS_DENY_BATCH_LOGON
790  #define POLICY_MODE_DENY_SERVICE SECURITY_ACCESS_DENY_SERVICE_LOGON
791  #define POLICY_MODE_REMOTE_INTERACTIVE SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON
792  #define POLICY_MODE_DENY_REMOTE_INTERACTIVE SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON
793 
794  #define POLICY_MODE_ALL \
795  ( POLICY_MODE_INTERACTIVE | POLICY_MODE_NETWORK \
796  | POLICY_MODE_BATCH | POLICY_MODE_SERVICE | POLICY_MODE_PROXY \
797  | POLICY_MODE_DENY_INTERACTIVE | POLICY_MODE_DENY_NETWORK \
798  | SECURITY_ACCESS_DENY_BATCH_LOGON | SECURITY_ACCESS_DENY_SERVICE_LOGON \
799  | POLICY_MODE_REMOTE_INTERACTIVE | POLICY_MODE_DENY_REMOTE_INTERACTIVE )
800 
801  #define POLICY_MODE_ALL_NT4 \
802  ( POLICY_MODE_INTERACTIVE | POLICY_MODE_NETWORK \
803  | POLICY_MODE_BATCH | POLICY_MODE_SERVICE | POLICY_MODE_PROXY )
804 
805  typedef ULONG POLICY_SYSTEM_ACCESS_MODE, *PPOLICY_SYSTEM_ACCESS_MODE;
806 
808 
809  typedef struct _POLICY_PRIVILEGE_DEFINITION
810  {
811  LSA_UNICODE_STRING Name;
812  LUID LocalValue;
813  }
814  POLICY_PRIVILEGE_DEFINITION, *PPOLICY_PRIVILEGE_DEFINITION;
815 
816 #endif//ndef POLICY_MODE_INTERACTIVE
817 
821 
822 #define LSA_LOOKUP_ISOLATED_AS_LOCAL 0x80000000L
823 
825 //==---------------------------------------------------------------------------
827 #endif//ndef __UsermodeLsa_h_incl__
828 // EOF
uLib::GroupEntry::sidUse
SID_NAME_USE sidUse
Definition: UmLsa.h:353
POLICY_PRIVILEGE_DEFINITION::Name
LSA_UNICODE_STRING Name
Definition: UmLsa.h:811
GetAccountSystemAccess
bool GetAccountSystemAccess(LSA_HANDLE hPolicy, PSID AccountSid, ACCESS_MASK *Access)
Definition: UmLsa.cpp:507
SetAccountSystemAccess
bool SetAccountSystemAccess(LSA_HANDLE hPolicy, PSID AccountSid, ACCESS_MASK AccsType, bool Add)
Definition: UmLsa.cpp:470
AccountHasPrivilege
bool AccountHasPrivilege(LSA_HANDLE hPolicy, PSID AccountSid, CSTR Privilege)
Definition: UmLsa.cpp:594
CSTR
#define CSTR
Definition: Common.h:329
POLICY_SYSTEM_ACCESS_MODE
ULONG POLICY_SYSTEM_ACCESS_MODE
Definition: UmLsa.h:805
GetAdminGroupSid
PSID GetAdminGroupSid()
Definition: UmLsa.cpp:169
uLib::GroupEntry
struct GroupEntry GroupEntry
Definition: UmLsa.h:368
SetThreadPrivilegesEx
HPRIVILEGE SetThreadPrivilegesEx(UINT NrPriv, CSTR *Privileges)
WSTR
wchar_t * WSTR
Definition: Common.h:366
SetThreadPrivilegeEx
HPRIVILEGE SetThreadPrivilegeEx(CSTR Privilege)
Definition: UmLsa.cpp:803
PPOLICY_SYSTEM_ACCESS_MODE
ULONG * PPOLICY_SYSTEM_ACCESS_MODE
Definition: UmLsa.h:805
FreeAccountSid
PSID FreeAccountSid(PSID pSid)
Definition: UmLsa.cpp:236
GetObjectAcl
PACL GetObjectAcl(HANDLE hObj, SECURITY_INFORMATION Type, size_t cbExtra, PSECURITY_DESCRIPTOR *ppSecDesc OPTOUT=NULL, PDWORD cbSecDesc OPTOUT=NULL)
END_NAMESPACE
#define END_NAMESPACE(name)
Definition: Common.h:225
OPTOUT
#define OPTOUT
Definition: Common.h:264
PLIST_ENTRY
struct _LIST_ENTRY * PLIST_ENTRY
GetPrivilegeToken
HANDLE GetPrivilegeToken(HPRIVILEGE hPriv)
Definition: UmLsa.cpp:797
InitLsaFunc
bool InitLsaFunc()
Definition: UmLsa.cpp:19
FreeObjectAcl
PACL FreeObjectAcl(PACL pAcl)
Definition: UmLsa.cpp:463
SetAccountPrivilege
bool SetAccountPrivilege(LSA_HANDLE hPolicy, PSID AccountSid, CSTR Privilege, bool Add)
Definition: UmLsa.cpp:528
uLib
Definition: DynArray.h:18
uLib::PGroupEntry
GroupEntry * PGroupEntry
Definition: UmLsa.h:370
GetAccountSid
bool GetAccountSid(CSTR Machine, CSTR Account, PSID *ppSid)
Definition: UmLsa.cpp:197
LsaCloseEx
LSA_HANDLE LsaCloseEx(LSA_HANDLE hLsa)
Definition: UmLsa.cpp:155
HPRIVILEGE
HANDLE HPRIVILEGE
Definition: UmLsa.h:260
FreeObjectSecDesc
PSECURITY_DESCRIPTOR FreeObjectSecDesc(PSECURITY_DESCRIPTOR pSecDesc)
Definition: UmLsa.cpp:381
BEGIN_NAMESPACE
#define BEGIN_NAMESPACE(name)
Definition: Common.h:224
DEF_
#define DEF_(x)
Definition: Common.h:240
FreeLogonSid
PSID FreeLogonSid(PSID pSid)
Definition: UmLsa.cpp:293
Common.h
Common include; Added types, small "ubiquitous" utilities, et c.
END_EXTERN_C
#define END_EXTERN_C
Definition: Common.h:221
uLib::GroupList::Machine
CSTR Machine
Definition: UmLsa.h:378
BEGIN_EXTERN_C
#define BEGIN_EXTERN_C
Definition: Common.h:220
OpenLsaPolicy
bool OpenLsaPolicy(CSTR Machine, ACCESS_MASK Access, PLSA_HANDLE phPolicy)
Definition: UmLsa.cpp:132
GetLogonSid
bool GetLogonSid(HANDLE hToken, PSID *ppSid)
Definition: UmLsa.cpp:261
RestoreThreadPrivilege
HPRIVILEGE RestoreThreadPrivilege(HPRIVILEGE hPriv)
Definition: UmLsa.cpp:849
MakeAbsoluteSecDesc
PISECURITY_DESCRIPTOR MakeAbsoluteSecDesc(PSID Owner, PSID Group, PACL Sacl, PACL Dacl, SECURITY_DESCRIPTOR_CONTROL Control)
Definition: UmLsa.cpp:338
uLib::PGroupList
GroupList * PGroupList
Definition: UmLsa.h:394
AllocAbsoluteSecDesc
PISECURITY_DESCRIPTOR AllocAbsoluteSecDesc(size_t cbDesc=0)
Definition: UmLsa.cpp:326
GetCurrentUserSid
PSID GetCurrentUserSid()
Definition: UmLsa.cpp:241
GetObjectSecDesc
PISECURITY_DESCRIPTOR_RELATIVE GetObjectSecDesc(HANDLE hObj, SECURITY_INFORMATION Type, PDWORD cbDesc)
Definition: UmLsa.cpp:357
OPTIN
#define OPTIN
Definition: Common.h:263
PDWORD
unsigned long * PDWORD
Definition: Common.h:414
INOUT
#define INOUT
Definition: Common.h:262