21 static CCSTR ModName = _T(
"ADVAPI32");
26 HMODULE hMod = GetModuleHandle( ModName );
27 if (!hMod) hMod = LoadLibrary( ModName );
34 INIT_LSAFUNC( LsaOpenAccount );
35 INIT_LSAFUNC( LsaCreateAccount );
36 INIT_LSAFUNC( LsaEnumerateAccounts );
37 INIT_LSAFUNC( LsaGetSystemAccessAccount );
38 INIT_LSAFUNC( LsaSetSystemAccessAccount );
39 INIT_LSAFUNC( LsaEnumeratePrivilegesOfAccount );
40 INIT_LSAFUNC( LsaAddPrivilegesToAccount );
41 INIT_LSAFUNC( LsaRemovePrivilegesFromAccount );
42 INIT_LSAFUNC( LsaGetQuotasForAccount );
43 INIT_LSAFUNC( LsaSetQuotasForAccount );
45 INIT_LSAFUNC( LsaLookupPrivilegeValue );
46 INIT_LSAFUNC( LsaEnumeratePrivileges );
47 INIT_LSAFUNC( LsaDelete );
48 INIT_LSAFUNC( LsaQuerySecurityObject );
49 INIT_LSAFUNC( LsaSetSecurityObject );
51 INIT_LSAFUNC( LsaClearAuditLog );
53 INIT_LSAFUNC( LsaOpenTrustedDomain );
54 INIT_LSAFUNC( LsaCreateTrustedDomain );
55 INIT_LSAFUNC( LsaQueryInfoTrustedDomain );
56 INIT_LSAFUNC( LsaSetInformationTrustedDomain );
58 INIT_LSAFUNC( LsaOpenSecret );
59 INIT_LSAFUNC( LsaCreateSecret );
60 INIT_LSAFUNC( LsaSetSecret );
61 INIT_LSAFUNC( LsaQuerySecret );
63 INIT_LSAFUNC( LsaLookupPrivilegeName );
64 INIT_LSAFUNC( LsaLookupPrivilegeDisplayName );
66 INIT_LSAFUNC( LsaGetUserName );
67 INIT_LSAFUNC( LsaGetRemoteUserName );
100 if (!anyPtr) SetLastError( ERROR_MOD_NOT_FOUND );
101 else SetLastError( ERROR_PROC_NOT_FOUND );
115 static NTSTATUS __OpenOrCreateAccount(
116 LSA_HANDLE hPolicy, PSID AcctSid, ACCESS_MASK Accs, PLSA_HANDLE phAccount
121 NTSTATUS Status =
_LsaOpenAccount( hPolicy, AcctSid, Accs, phAccount );
122 if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
134 LSA_OBJECT_ATTRIBUTES ObjAttr;
135 PUNICODE_STRING puSys;
140 if (!Machine) puSys = NULL;
141 else puSys = uName = Machine;
145 ZeroMemory( &ObjAttr,
sizeof(ObjAttr) );
146 NTSTATUS rc = LsaOpenPolicy( puSys, &ObjAttr, Access, phPolicy );
149 if (!ok) SetLastError( LsaNtStatusToWinError( rc ));
159 NTSTATUS rc = LsaClose( hLsa );
161 else SetLastError( LsaNtStatusToWinError( rc ));
171 PSID adminGrp = NULL;
173 SID_IDENTIFIER_AUTHORITY Authority = SECURITY_NT_AUTHORITY;
175 if (!AllocateAndInitializeSid(
176 &Authority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,
177 0, 0, 0, 0, 0, 0, &adminGrp
182 WELL_KNOWN_SID_TYPE wkSid = WinBuiltinAdministratorsSid;
184 if (!CreateWellKnownSid( wkSid, NULL, NULL, &cbSid )
185 && (GetLastError() == ERROR_INSUFFICIENT_BUFFER))
188 if (adminGrp && !CreateWellKnownSid( wkSid, NULL, adminGrp, &cbSid ))
200 DWORD cbSid, ccDomain, err;
203 if (!ppSid) SetLastError( ERROR_INVALID_PARAMETER );
206 cbSid = ccDomain = 0;
207 LookupAccountName( Machine, Account, NULL, &cbSid, NULL, &ccDomain, &peUse );
208 if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
211 if (!*ppSid) err = ERROR_OUTOFMEMORY;
214 TCHAR szDomain[ 128 ];
217 _ASSERTE(
dimof(szDomain) >= ccDomain );
218 ccDomain =
dimof(szDomain);
221 Machine, Account, *ppSid, &cbSid, szDomain, &ccDomain, &peUse
223 if (!ok) err = GetLastError();
246 TCHAR szLocalUser[ MAX_COMPUTERNAME_LENGTH + UNLEN + 1 ];
247 DWORD ccMachine = MAX_COMPUTERNAME_LENGTH + 1;
248 DWORD ccUser = UNLEN + 1;
250 GetComputerName( szLocalUser, &ccMachine );
251 szLocalUser[ ccMachine ] =
BSLASH;
252 GetUserName( &szLocalUser[ ccMachine+1 ], &ccUser );
255 if (!
GetAccountSid( NULL, szLocalUser, &userSid )) userSid = NULL;
265 PTOKEN_GROUPS ptGrp = NULL;
268 GetTokenInformation( hToken, TokenGroups, NULL, 0, &cbGrp );
269 if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
271 ptGrp = (PTOKEN_GROUPS)
mem_Alloc( cbGrp );
272 ok = (ptGrp != NULL);
273 if (ok) ok = GetTokenInformation(
274 hToken, TokenGroups, (PVOID) ptGrp, cbGrp, &cbGrp
278 for( ix=0; ix < ptGrp->GroupCount; ++ix )
280 if (
BITS_SET( SE_GROUP_LOGON_ID, ptGrp->Groups[ix].Attributes ))
282 DWORD cbSid = GetLengthSid( ptGrp->Groups[ix].Sid );
284 CopySid( cbSid, *ppSid, ptGrp->Groups[ix].Sid );
288 ptGrp = (PTOKEN_GROUPS)
mem_Free( ptGrp );
328 if (!cbDesc) cbDesc =
sizeof(SECURITY_DESCRIPTOR);
329 PISECURITY_DESCRIPTOR pAbsSec = (PISECURITY_DESCRIPTOR)
mem_Alloc( cbDesc );
332 if (!InitializeSecurityDescriptor( pAbsSec, SECURITY_DESCRIPTOR_REVISION ))
333 pAbsSec = (PISECURITY_DESCRIPTOR)
mem_Free( pAbsSec );
339 PSID Owner, PSID Group, PACL Sacl, PACL Dacl,
340 SECURITY_DESCRIPTOR_CONTROL Control
346 if (Control) SetSecurityDescriptorControl( pSec, Control, Control );
347 if (Owner) SetSecurityDescriptorOwner( pSec, Owner,
false );
348 if (Group) SetSecurityDescriptorGroup( pSec, Group,
false );
349 if (Dacl) SetSecurityDescriptorDacl( pSec,
true, Dacl,
false );
350 if (Sacl) SetSecurityDescriptorSacl( pSec,
true, Sacl,
false );
358 HANDLE hObj, SECURITY_INFORMATION Type,
PDWORD cbDesc
361 PISECURITY_DESCRIPTOR_RELATIVE pSec = NULL;
364 if (!GetUserObjectSecurity( hObj, &Type, NULL, 0, &cbData )
365 && (GetLastError() == ERROR_INSUFFICIENT_BUFFER))
367 pSec = (PISECURITY_DESCRIPTOR_RELATIVE)
mem_Alloc( cbData );
370 pSec->Revision = SECURITY_DESCRIPTOR_REVISION;
372 if (!GetUserObjectSecurity( hObj, &Type, pSec, cbData, &cbData ))
373 pSec = (PISECURITY_DESCRIPTOR_RELATIVE)
mem_Free( pSec );
375 if (pSec && cbDesc) *cbDesc = cbData;
383 PISECURITY_DESCRIPTOR piSec = (PISECURITY_DESCRIPTOR) pSecDesc;
388 if (
BITS_SET( SE_SELF_RELATIVE, piSec->Control ))
390 pSecDesc = (PSECURITY_DESCRIPTOR)
mem_Free( pSecDesc );
392 else SetLastError( ERROR_INVALID_PARAMETER );
401 SECURITY_INFORMATION Type,
size_t cbExtra,
402 PSECURITY_DESCRIPTOR* ppSecDesc,
PDWORD cbSecDesc
406 PISECURITY_DESCRIPTOR_RELATIVE pDsc = NULL;
407 DWORD ix, cbData = 0;
412 if (ppSecDesc) *ppSecDesc = pDsc;
413 if (cbSecDesc) *cbSecDesc = cbData;
415 BOOL haveAcl, defAcl;
417 BOOL (WINAPI *getAcl)(
418 PSECURITY_DESCRIPTOR pSD, LPBOOL pExist, PACL* pAcl, LPBOOL pDef
422 case DACL_SECURITY_INFORMATION: getAcl = GetSecurityDescriptorDacl;
break;
423 case SACL_SECURITY_INFORMATION: getAcl = GetSecurityDescriptorSacl;
break;
424 default: getAcl = NULL;
426 if (getAcl && getAcl( pDsc, &haveAcl, &pSrcAcl, &defAcl ) && haveAcl)
428 ACL_SIZE_INFORMATION aclInfo = { 0,0,0 };
429 aclInfo.AclBytesInUse =
sizeof(ACL);
430 cbData =
sizeof(ACL_SIZE_INFORMATION);
432 if (GetAclInformation( pSrcAcl, &aclInfo, cbData, AclSizeInformation ))
434 cbData = aclInfo.AclBytesInUse + aclInfo.AclBytesFree;
435 cbData += (
DWORD) cbExtra;
439 static const DWORD aclRev = ACL_REVISION;
440 static const DWORD atEnd = MAXDWORD;
442 if (!InitializeAcl( pAcl, cbData, aclRev ))
444 else if (aclInfo.AceCount)
446 for( ix = 0; ix < aclInfo.AceCount; ix++ )
449 if (GetAce( pSrcAcl, ix, (
void**)&pAce ))
450 if (!AddAce( pAcl, aclRev, atEnd, pAce, pAce->AceSize ))
458 if (!ppSecDesc) pDsc = (PISECURITY_DESCRIPTOR_RELATIVE)
mem_Free( pDsc );
471 LSA_HANDLE hPolicy, PSID AcctSid, ACCESS_MASK AccsType,
bool Add
483 Status = __OpenOrCreateAccount( hPolicy,
495 if (Add) Access |= AccsType;
else Access &= ~AccsType;
498 LsaClose( hAccount );
502 if (!ok) SetLastError( LsaNtStatusToWinError( Status ));
508 LSA_HANDLE hPolicy, PSID AcctSid, ACCESS_MASK* Access
518 LsaClose( hAccount );
522 if (!ok) SetLastError( LsaNtStatusToWinError( Status ));
529 LSA_HANDLE hPolicy, PSID AcctSid,
CSTR Privilege,
bool Add
538 UString uPrivilege( Privilege );
544 Status = __OpenOrCreateAccount(
551 ps.Privilege[0].Attributes = 0;
552 ps.PrivilegeCount = 1;
560 LsaClose( hAccount );
565 if (!ok) SetLastError( LsaNtStatusToWinError( Status ));
572 PUNICODE_STRING puRights;
573 NTSTATUS Status = LsaEnumerateAccountRights( hPolicy, AcctSid, &puRights, &nRights );
577 Status = STATUS_PRIVILEGE_NOT_HELD;
578 for( ix=0; ix < nRights; ++ix )
580 uRight = puRights[ix];
581 if (0 == wcscmp( (PCWSTR)uRight, Privilege ))
583 Status = STATUS_SUCCESS;
587 LsaFreeMemory( puRights );
590 if (!ok) SetLastError( LsaNtStatusToWinError( Status ));
601 UString uPrivilege( Privilege );
606 else SetLastError( LsaNtStatusToWinError( Status ));
685 #define HPRIVILEGE_VER 2 686 #if (HPRIVILEGE_VER == 1) 696 PTOKEN_PRIVILEGES ptPriv;
709 LSA_HANDLE hPolicy = NULL;
720 ACCESS_MASK tokenAcc = TOKEN_QUERY| TOKEN_ADJUST_PRIVILEGES;
721 HANDLE hThread = GetCurrentThread();
722 HANDLE hToken = NULL;
724 BOOL ok = OpenThreadToken( hThread, tokenAcc,
true, &hToken );
725 DWORD err = ok ? 0 : GetLastError();
726 if (err == ERROR_NO_TOKEN || err == ERROR_CANT_OPEN_ANONYMOUS)
729 ppi->imperSelf =
bool_cast( ImpersonateSelf( SecurityImpersonation ));
730 if (ppi->imperSelf) ok = OpenThreadToken( hThread, tokenAcc,
true, &hToken );
731 err = ok ? 0 : GetLastError();
736 CloseHandle( hToken );
753 ACCESS_MASK tokenAcc = TOKEN_QUERY| TOKEN_ADJUST_PRIVILEGES;
754 HANDLE hThread = GetCurrentThread();
755 HANDLE hToken = NULL;
756 if (OpenThreadToken( hThread, tokenAcc,
true, &hToken ))
759 CloseHandle( hToken );
762 if (ppi->imperSelf) RevertToSelf();
765 LSA_HANDLE hPolicy = NULL;
780 #elif (HPRIVILEGE_VER == 2) 782 #pragma pack( push, 1 ) 829 ACCESS_MASK tokenAcc = TOKEN_QUERY| TOKEN_ADJUST_PRIVILEGES;
830 HANDLE hThread = GetCurrentThread();
835 ppi->
oldPrv.PrivilegeCount = 1;
838 hToken, Privilege,
true, &ppi->
oldPrv.Privileges[0]
876 #elif (HPRIVILEGE_VER == 3) // PENDING 880 LUID_AND_ATTRIBUTES oldPrv;
883 #define TPF_HELD 0x01000000 // Privilege already held by caller's account. 884 #define TPF_ADDED 0x02000000 // Privilege successfully added to caller's account. 885 #define TPF_ENABLED 0x04000000 // Privilege successfully enabled. 886 #define TPF_MASK 0x07000000 919 ppi->nrPriv = NrPriv;
920 for( UINT ix = 0; ix < NrPriv; ++ix )
925 LookupPrivilegeValue( NULL, Privileges[ix], &ppi->Priv[ix].
oldPrv.Luid );
987 #ifndef __GNUC__ // MinGW(64) doesn't have ADSiid. 996 #define SID_NAME_NONE SID_NAME_USE(0) 1012 if (!WideCharToMultiByte( CP_ACP, 0, name,-1, sBuf,
dimof(sBuf), NULL, NULL ))
1038 ok = LookupAccountName( Machine, pItem->
Name, NULL, &cbSid, NULL, &ccDom, &
sidUse );
1039 if (!ok && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1044 pItem->
Domain =
new TCHAR[ ccDom+2 ];
1045 if (!pItem->
Domain) ccDom = 0;
1047 ok = LookupAccountName( Machine,
1051 if (!ok) ok = (GetLastError() == ERROR_INSUFFICIENT_BUFFER);
1052 if (!ok || !IsValidSid( pItem->
Sid ))
1079 bool __stdcall GroupList::_del_Entry(
PLIST_ENTRY Entry, PVOID Ctx )
1087 IADsContainer* pCont;
1089 IEnumVARIANT* pEnum;
1093 WCHAR wzPath[ MAX_PATH ];
1099 #define _OK_ SUCCEEDED // Unhide the forest from behind the trees ;) 1109 VariantInit( &vDisp );
1114 swprintf_s( wzPath,
dimof(wzPath), L
"WinNT://%s,computer", (PCWSTR)uMachine );
1116 hr = ADsGetObject( wzPath, IID_IADsContainer, (
void**)&pCont );
1119 if (
_OK_( pCont->get__NewEnum( &pUnk )))
1121 hr = pUnk->QueryInterface( IID_IEnumVARIANT, (
void**)&pEnum );
1127 while(
_OK_( pEnum->Next( 1, &vDisp, &nEnum )) && (nEnum > 0))
1129 pDisp = V_DISPATCH( &vDisp );
1134 hr = pDisp->QueryInterface( IID_IADsGroup, (
void**)&pGrp );
1138 if (
_OK_( pGrp->get_Name( &bstr )))
1141 SysFreeString( bstr );
1143 hr = pGrp->Release();
1145 VariantInit( &vDisp );
1161 #endif//ndef __GNUC__ 1162 #endif//def __cplusplus
_LSAFN_EXTERN NTSTATUS _LsaGetSystemAccessAccount(IN LSA_HANDLE AccountHandle, OUT PULONG SystemAccess)
bool GetAccountSystemAccess(LSA_HANDLE hPolicy, PSID AcctSid, ACCESS_MASK *Access)
PTOKEN_PRIVILEGES FreePrivileges(PTOKEN_PRIVILEGES pPrv)
bool SetAccountSystemAccess(LSA_HANDLE hPolicy, PSID AcctSid, ACCESS_MASK AccsType, bool Add)
_LSAFN_EXTERN NTSTATUS _LsaQuerySecurityObject(IN LSA_HANDLE ObjectHandle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
HTOKENEX CloseThreadTokenEx(HTOKENEX hToken)
bool AccountHasPrivilege(LSA_HANDLE hPolicy, PSID AcctSid, CSTR Privilege)
CSTR mem_FreeStr(CSTR Dup)
_LSAFN_EXTERN NTSTATUS _LsaSetSecret(IN LSA_HANDLE SecretHandle, OPTIN PLSA_UNICODE_STRING CurrentValue, OPTIN PLSA_UNICODE_STRING OldValue)
bool ULSA_AccountHasPrivilege(LSA_HANDLE hPolicy, PSID AcctSid, WCSTR Privilege)
_LSAFN_EXTERN NTSTATUS _LsaQuerySecret(IN LSA_HANDLE SecretHandle, OPTOUT OPTIONAL PLSA_UNICODE_STRING *CurrentValue, OPTOUT PLARGE_INTEGER CurrentValueSetTime, OPTOUT PLSA_UNICODE_STRING *OldValue, OPTOUT PLARGE_INTEGER OldValueSetTime)
_LSAFN_EXTERN NTSTATUS _LsaSetSecurityObject(IN LSA_HANDLE ObjectHandle, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor)
struct GroupEntry GroupEntry
_LSAFN_EXTERN NTSTATUS _LsaOpenAccount(IN LSA_HANDLE PolicyHandle, IN PSID AccountSid, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE AccountHandle)
HPRIVILEGE SetThreadPrivilegesEx(UINT NrPriv, CSTR *Privileges)
bool UserHasPrivilege(LSA_HANDLE hPolicy, PSID userSid, CSTR Privilege)
_LSAFN_EXTERN NTSTATUS _LsaRemovePrivilegesFromAccount(IN LSA_HANDLE AccountHandle, IN BOOLEAN AllPrivileges, OPTIN PPRIVILEGE_SET Privileges)
void * mem_Alloc(size_t Bytes)
HANDLE GetThreadExToken(HTOKENEX hTok)
HPRIVILEGE SetThreadPrivilegeEx(CSTR Privilege)
PSID FreeAccountSid(PSID Sid)
bool ForEach(PDListFunc Action, void *UserData=NULL)
_LSAFN_EXTERN NTSTATUS _LsaQueryInfoTrustedDomain(IN LSA_HANDLE TrustedDomainHandle, IN TRUSTED_INFORMATION_CLASS InformationClass, OUT PVOID *Buffer)
bool InitShellFunc(bool useOle=false, DWORD coFlag=COINIT_APARTMENTTHREADED)
#define END_NAMESPACE(name)
UINT GetFromADS(CSTR Machine)
void __cdecl DPrint(int Level, CSTR Fmt,...)
_LSAFN_EXTERN NTSTATUS _LsaCreateAccount(IN LSA_HANDLE PolicyHandle, IN PSID AccountSid, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE AccountHandle)
_LSAFN_EXTERN NTSTATUS _LsaEnumeratePrivilegesOfAccount(IN LSA_HANDLE AccountHandle, OUT PPRIVILEGE_SET *Privileges)
struct _LIST_ENTRY * PLIST_ENTRY
bool EnablePrivilege(HANDLE hToken, CSTR Privilege, bool Enable, OPTOUT PLUID_AND_ATTRIBUTES pSave)
HANDLE GetPrivilegeToken(HPRIVILEGE hPriv)
bool ShellFuncInitialized()
HTOKENEX OpenThreadTokenEx(HANDLE hThread, ACCESS_MASK tokenAccess)
static bool __stdcall _find_Sid(PLIST_ENTRY Entry, PVOID Ctx)
PACL FreeObjectAcl(PACL pDacl)
_LSAFN_EXTERN NTSTATUS _LsaGetRemoteUserName(OPTIN PLSA_UNICODE_STRING SystemName, OUT PLSA_UNICODE_STRING *UserName, OPTOUT PLSA_UNICODE_STRING *DomainName)
BOOL(WINAPI *SysImgList::Shell_GetImageLists)(HIMAGELIST *pimlLarge
bool SetAccountPrivilege(LSA_HANDLE hPolicy, PSID AcctSid, CSTR Privilege, bool Add)
PLIST_ENTRY Append(PLIST_ENTRY Entry)
void * mem_Free(void *pBlk)
_LSAFN_EXTERN NTSTATUS _LsaLookupPrivilegeName(IN LSA_HANDLE PolicyHandle, IN PLUID Value, OUT PLSA_UNICODE_STRING *Name)
_LSAFN_EXTERN NTSTATUS _LsaLookupPrivilegeValue(IN LSA_HANDLE PolicyHandle, IN PLSA_UNICODE_STRING Name, OUT PLUID Value)
_LSAFN_EXTERN NTSTATUS _LsaEnumerateAccounts(IN LSA_HANDLE PolicyHandle, INOUT PLSA_ENUMERATION_HANDLE EnumerationContext, OUT PVOID *Buffer, IN ULONG PreferedMaximumLength, OUT PULONG CountReturned)
_LSAFN_EXTERN NTSTATUS _LsaSetQuotasForAccount(IN LSA_HANDLE AccountHandle, IN PQUOTA_LIMITS QuotaLimits)
_LSAFN_EXTERN NTSTATUS _LsaOpenTrustedDomain(IN LSA_HANDLE PolicyHandle, IN PSID TrustedDomainSid, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE TrustedDomainHandle)
CSTR SysErrorMsg(DWORD Err=0, TSTR Buf=NULL, UINT Length=0)
bool GetAccountSid(CSTR Machine, CSTR Account, PSID *ppSid)
_LSAFN_EXTERN NTSTATUS _LsaGetUserName(OUT PLSA_UNICODE_STRING *UserName, OPTOUT PLSA_UNICODE_STRING *DomainName)
_LSAFN_EXTERN NTSTATUS _LsaCreateTrustedDomain(IN LSA_HANDLE PolicyHandle, IN PLSA_TRUST_INFORMATION TrustedDomainInformation, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE TrustedDomainHandle)
#define ACCOUNT_ADJUST_SYSTEM_ACCESS
bool RestorePrivilege(HANDLE hToken, PTOKEN_PRIVILEGES pSaved)
See EnablePrivilege(()
bool __forceinline bool_cast(BOOL B52)
#define BITS_SET(bits, x)
void RemoveAll(PDListFunc ItemAction, void *UserData=NULL)
Debug and error handling support.
LSA_HANDLE LsaCloseEx(LSA_HANDLE hLsa)
PACL GetObjectAcl(HANDLE hObj, SECURITY_INFORMATION Type, size_t cbExtra, PSECURITY_DESCRIPTOR *ppSecDesc, PDWORD cbSecDesc)
_LSAFN_EXTERN NTSTATUS _LsaClearAuditLog(IN LSA_HANDLE PolicyHandle)
_LSAFN_EXTERN NTSTATUS _LsaEnumeratePrivileges(IN LSA_HANDLE PolicyHandle, INOUT PLSA_ENUMERATION_HANDLE EnumerationContext, OUT PVOID *Buffer, IN ULONG PreferedMaximumLength, OUT PULONG CountReturned)
PSECURITY_DESCRIPTOR FreeObjectSecDesc(PSECURITY_DESCRIPTOR pSecDesc)
_LSAFN_EXTERN NTSTATUS _LsaLookupPrivilegeDisplayName(IN LSA_HANDLE PolicyHandle, IN PLSA_UNICODE_STRING Name, OUT PLSA_UNICODE_STRING *DisplayName, OUT PSHORT LanguageReturned)
#define BEGIN_NAMESPACE(name)
_LSAFN_EXTERN NTSTATUS _LsaOpenSecret(IN LSA_HANDLE PolicyHandle, IN PLSA_UNICODE_STRING SecretName, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE SecretHandle)
PSID FreeLogonSid(PSID Sid)
_LSAFN_EXTERN NTSTATUS _LsaSetInformationTrustedDomain(IN LSA_HANDLE TrustedDomainHandle, IN TRUSTED_INFORMATION_CLASS InformationClass, IN PVOID Buffer)
#define InitializeListEntry(E)
_LSAFN_EXTERN NTSTATUS _LsaDelete(IN LSA_HANDLE ObjectHandle)
_LSAFN_EXTERN NTSTATUS _LsaSetSystemAccessAccount(IN LSA_HANDLE AccountHandle, IN ULONG SystemAccess)
bool OpenLsaPolicy(CSTR Machine, ACCESS_MASK Access, PLSA_HANDLE phPolicy)
_LSAFN_EXTERN NTSTATUS _LsaCreateSecret(IN LSA_HANDLE PolicyHandle, IN PLSA_UNICODE_STRING SecretName, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE SecretHandle)
bool GetLogonSid(HANDLE hToken, PSID *ppSid)
bool RestorePrivileges(HANDLE hToken, PTOKEN_PRIVILEGES pSaved, bool Dispose)
#define NT_SUCCESS(Status)
#define ACCOUNT_ADJUST_PRIVILEGES
HPRIVILEGE RestoreThreadPrivilege(HPRIVILEGE hPrv)
PISECURITY_DESCRIPTOR MakeAbsoluteSecDesc(PSID Owner, PSID Group, PACL Sacl, PACL Dacl, SECURITY_DESCRIPTOR_CONTROL Control)
_LSAFN_EXTERN NTSTATUS _LsaGetQuotasForAccount(IN LSA_HANDLE AccountHandle, OUT PQUOTA_LIMITS QuotaLimits)
PISECURITY_DESCRIPTOR AllocAbsoluteSecDesc(size_t cbDesc)
_LSAFN_EXTERN NTSTATUS _LsaAddPrivilegesToAccount(IN LSA_HANDLE AccountHandle, IN PPRIVILEGE_SET Privileges)
PISECURITY_DESCRIPTOR_RELATIVE GetObjectSecDesc(HANDLE hObj, SECURITY_INFORMATION Type, PDWORD cbDesc)