LSA_POLICY_SET_AUDIT_REQUIREMENTS = 0x00000100,
LSA_POLICY_AUDIT_LOG_ADMIN = 0x00000200,
LSA_POLICY_SERVER_ADMIN = 0x00000400,
- LSA_POLICY_LOOKUP_NAMES = 0x00000800
+ LSA_POLICY_LOOKUP_NAMES = 0x00000800,
+ LSA_POLICY_NOTIFICATION = 0x00001000
} lsa_PolicyAccessMask;
const int LSA_POLICY_ALL_ACCESS =
LSA_POLICY_VIEW_LOCAL_INFORMATION |
LSA_POLICY_LOOKUP_NAMES);
+ typedef [public,bitmap32bit] bitmap {
+ LSA_ACCOUNT_VIEW = 0x00000001,
+ LSA_ACCOUNT_ADJUST_PRIVILEGES = 0x00000002,
+ LSA_ACCOUNT_ADJUST_QUOTAS = 0x00000004,
+ LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS = 0x00000008
+ } lsa_AccountAccessMask;
+
+ const int LSA_ACCOUNT_ALL_ACCESS =
+ (STANDARD_RIGHTS_REQUIRED_ACCESS |
+ LSA_ACCOUNT_VIEW |
+ LSA_ACCOUNT_ADJUST_PRIVILEGES |
+ LSA_ACCOUNT_ADJUST_QUOTAS |
+ LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS);
+
+ const int LSA_ACCOUNT_READ =
+ (STANDARD_RIGHTS_READ_ACCESS |
+ LSA_ACCOUNT_VIEW);
+
+ const int LSA_ACCOUNT_WRITE =
+ (STANDARD_RIGHTS_READ_ACCESS |
+ LSA_ACCOUNT_ADJUST_PRIVILEGES |
+ LSA_ACCOUNT_ADJUST_QUOTAS |
+ LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS);
+
+ const int LSA_ACCOUNT_EXECUTE =
+ (STANDARD_RIGHTS_EXECUTE_ACCESS);
+
+ typedef [public,bitmap32bit] bitmap {
+ LSA_SECRET_SET_VALUE = 0x00000001,
+ LSA_SECRET_QUERY_VALUE = 0x00000002
+ } lsa_SecretAccessMask;
+
+ const int LSA_SECRET_ALL_ACCESS =
+ (LSA_SECRET_QUERY_VALUE |
+ LSA_SECRET_SET_VALUE |
+ SEC_STD_DELETE |
+ STANDARD_RIGHTS_READ_ACCESS |
+ SEC_STD_WRITE_DAC |
+ SEC_STD_WRITE_OWNER); /* 0x000F0003 */
+
+ const int LSA_SECRET_READ =
+ (LSA_SECRET_QUERY_VALUE |
+ STANDARD_RIGHTS_READ_ACCESS); /* 0x00020002 */
+
+ const int LSA_SECRET_WRITE =
+ (LSA_SECRET_SET_VALUE |
+ STANDARD_RIGHTS_READ_ACCESS); /* 0x00020001 */
+
+ const int LSA_SECRET_EXECUTE =
+ (STANDARD_RIGHTS_READ_ACCESS); /* 0x00020000 */
+
+ typedef [public,bitmap32bit] bitmap {
+ LSA_TRUSTED_QUERY_DOMAIN_NAME = 0x00000001,
+ LSA_TRUSTED_QUERY_CONTROLLERS = 0x00000002,
+ LSA_TRUSTED_SET_CONTROLLERS = 0x00000004,
+ LSA_TRUSTED_QUERY_POSIX = 0x00000008,
+ LSA_TRUSTED_SET_POSIX = 0x00000010,
+ LSA_TRUSTED_SET_AUTH = 0x00000020,
+ LSA_TRUSTED_QUERY_AUTH = 0x00000040
+ } lsa_TrustedAccessMask;
+
+ const int LSA_TRUSTED_DOMAIN_ALL_ACCESS =
+ (LSA_TRUSTED_QUERY_DOMAIN_NAME |
+ LSA_TRUSTED_QUERY_CONTROLLERS |
+ LSA_TRUSTED_SET_CONTROLLERS |
+ LSA_TRUSTED_QUERY_POSIX |
+ LSA_TRUSTED_SET_POSIX |
+ LSA_TRUSTED_SET_AUTH |
+ LSA_TRUSTED_QUERY_AUTH |
+ SEC_STD_DELETE |
+ STANDARD_RIGHTS_READ_ACCESS |
+ SEC_STD_WRITE_DAC |
+ SEC_STD_WRITE_OWNER); /* 0x000F007F */
+
+ const int LSA_TRUSTED_DOMAIN_READ =
+ (LSA_TRUSTED_QUERY_DOMAIN_NAME |
+ STANDARD_RIGHTS_READ_ACCESS); /* 0x00020001 */
+
+ const int LSA_TRUSTED_DOMAIN_WRITE =
+ (LSA_TRUSTED_SET_CONTROLLERS |
+ LSA_TRUSTED_SET_POSIX |
+ LSA_TRUSTED_SET_AUTH |
+ STANDARD_RIGHTS_READ_ACCESS); /* 0x00020034 */
+
+ const int LSA_TRUSTED_DOMAIN_EXECUTE =
+ (LSA_TRUSTED_QUERY_DOMAIN_NAME |
+ LSA_TRUSTED_QUERY_POSIX |
+ STANDARD_RIGHTS_READ_ACCESS); /* 0x0002000C */
+
+
/* notice the screwup with the system_name - thats why MS created
OpenPolicy2 */
[public] NTSTATUS lsa_OpenPolicy (
[public] NTSTATUS lsa_CreateAccount (
[in] policy_handle *handle,
[in,ref] dom_sid2 *sid,
- [in] uint32 access_mask,
+ [in] lsa_AccountAccessMask access_mask,
[out] policy_handle *acct_handle
);
} lsa_SidPtr;
typedef [public] struct {
- [range(0,1000)] uint32 num_sids;
+ [range(0,20480)] uint32 num_sids;
[size_is(num_sids)] lsa_SidPtr *sids;
} lsa_SidArray;
[public] NTSTATUS lsa_CreateTrustedDomain(
[in] policy_handle *policy_handle,
[in] lsa_DomainInfo *info,
- [in] uint32 access_mask,
+ [in] lsa_TrustedAccessMask access_mask,
[out] policy_handle *trustdom_handle
);
} lsa_TranslatedName;
typedef struct {
- [range(0,1000)] uint32 count;
+ [range(0,20480)] uint32 count;
[size_is(count)] lsa_TranslatedName *names;
} lsa_TransNameArray;
[in,ref] lsa_SidArray *sids,
[out,ref] lsa_RefDomainList **domains,
[in,out,ref] lsa_TransNameArray *names,
- [in] uint16 level,
+ [in] lsa_LookupNamesLevel level,
[in,out,ref] uint32 *count
);
[public] NTSTATUS lsa_CreateSecret(
[in] policy_handle *handle,
[in] lsa_String name,
- [in] uint32 access_mask,
+ [in] lsa_SecretAccessMask access_mask,
[out] policy_handle *sec_handle
);
NTSTATUS lsa_OpenAccount(
[in] policy_handle *handle,
[in,ref] dom_sid2 *sid,
- [in] uint32 access_mask,
+ [in] lsa_AccountAccessMask access_mask,
[out] policy_handle *acct_handle
);
/* Function: 0x17 */
NTSTATUS lsa_GetSystemAccessAccount(
[in] policy_handle *handle,
- [out,ref] uint32 *access_mask
+ [out,ref] lsa_AccountAccessMask *access_mask
);
/* Function: 0x18 */
NTSTATUS lsa_SetSystemAccessAccount(
[in] policy_handle *handle,
- [in] uint32 access_mask
+ [in] lsa_AccountAccessMask access_mask
);
/* Function: 0x19 */
NTSTATUS lsa_OpenTrustedDomain(
[in] policy_handle *handle,
[in] dom_sid2 *sid,
- [in] uint32 access_mask,
+ [in] lsa_TrustedAccessMask access_mask,
[out] policy_handle *trustdom_handle
);
LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL = 10,
LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL = 11,
LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL = 12,
- LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES = 13
+ LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES = 13
} lsa_TrustDomInfoEnum;
typedef [public,bitmap32bit] bitmap {
lsa_TrustDomainInfoInfoEx2Internal info_ex2_internal;
[case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL)]
lsa_TrustDomainInfoFullInfo2Internal full_info2_internal;
- [case(LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES)]
+ [case(LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES)]
lsa_TrustDomainInfoSupportedEncTypes enc_types;
} lsa_TrustedDomainInfo;
[public] NTSTATUS lsa_OpenSecret(
[in] policy_handle *handle,
[in] lsa_String name,
- [in] uint32 access_mask,
+ [in] lsa_SecretAccessMask access_mask,
[out] policy_handle *sec_handle
);
);
/* Function: 0x2a */
- [todo] NTSTATUS lsa_StorePrivateData();
- /* Function: 0x2b */
- [todo] NTSTATUS lsa_RetrievePrivateData();
+ NTSTATUS lsa_StorePrivateData(
+ [in] policy_handle *handle,
+ [in,ref] lsa_String *name,
+ [in,unique] lsa_DATA_BUF *val
+ );
+ /* Function: 0x2b */
+ NTSTATUS lsa_RetrievePrivateData(
+ [in] policy_handle *handle,
+ [in,ref] lsa_String *name,
+ [in,out,ref] lsa_DATA_BUF **val
+ );
/**********************/
/* Function: 0x2c */
[size_is(count)] lsa_TranslatedName2 *names;
} lsa_TransNameArray2;
+ typedef [v1_enum] enum {
+ LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES = 0x00000000,
+ LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES_LOCAL = 0x80000000
+ } lsa_LookupOptions;
+
+ typedef [v1_enum] enum {
+ LSA_CLIENT_REVISION_1 = 0x00000001,
+ LSA_CLIENT_REVISION_2 = 0x00000002
+ } lsa_ClientRevision;
+
[public] NTSTATUS lsa_LookupSids2(
[in] policy_handle *handle,
[in,ref] lsa_SidArray *sids,
[out,ref] lsa_RefDomainList **domains,
[in,out,ref] lsa_TransNameArray2 *names,
- [in] uint16 level,
+ [in] lsa_LookupNamesLevel level,
[in,out,ref] uint32 *count,
- [in] uint32 unknown1,
- [in] uint32 unknown2
+ [in] lsa_LookupOptions lookup_options,
+ [in] lsa_ClientRevision client_revision
);
/**********************/
[in,out,ref] lsa_TransSidArray2 *sids,
[in] lsa_LookupNamesLevel level,
[in,out,ref] uint32 *count,
- [in] uint32 lookup_options,
- [in] uint32 client_revision /* LSA_CLIENT_REVISION* */
+ [in] lsa_LookupOptions lookup_options,
+ [in] lsa_ClientRevision client_revision
);
/* Function 0x3b */
[in,out,ref] lsa_TransSidArray3 *sids,
[in] lsa_LookupNamesLevel level,
[in,out,ref] uint32 *count,
- [in] uint32 lookup_options,
- [in] uint32 client_revision /* LSA_CLIENT_REVISION* */
+ [in] lsa_LookupOptions lookup_options,
+ [in] lsa_ClientRevision client_revision
);
/* Function 0x45 */
[in,ref] lsa_SidArray *sids,
[out,ref] lsa_RefDomainList **domains,
[in,out,ref] lsa_TransNameArray2 *names,
- [in] uint16 level,
+ [in] lsa_LookupNamesLevel level,
[in,out,ref] uint32 *count,
- [in] uint32 unknown1,
- [in] uint32 unknown2
+ [in] lsa_LookupOptions lookup_options,
+ [in] lsa_ClientRevision client_revision
);
const int LSA_CLIENT_REVISION_NO_DNS = 0x00000001;
[in,out,ref] lsa_TransSidArray3 *sids,
[in] lsa_LookupNamesLevel level,
[in,out,ref] uint32 *count,
- [in] uint32 lookup_options,
- [in] uint32 client_revision /* LSA_CLIENT_REVISION* */
+ [in] lsa_LookupOptions lookup_options,
+ [in] lsa_ClientRevision client_revision
);
/* Function 0x4e */