Process Hacker
ntlsa.h
Go to the documentation of this file.
1 #ifndef _NTLSA_H
2 #define _NTLSA_H
3 
4 // This header file provides access to the complete LSA API.
5 // (The rest is provided by ntsecapi.h)
6 
7 #define _NTDEF_ // ntbasic already defines these things
8 #include <ntsecapi.h>
9 
10 // Basic
11 
12 NTSTATUS
13 NTAPI
14 LsaDelete(
15  _In_ LSA_HANDLE ObjectHandle
16  );
17 
18 NTSTATUS
19 NTAPI
20 LsaQuerySecurityObject(
21  _In_ LSA_HANDLE ObjectHandle,
22  _In_ SECURITY_INFORMATION SecurityInformation,
23  _Out_ PSECURITY_DESCRIPTOR *SecurityDescriptor
24  );
25 
26 NTSTATUS
27 NTAPI
28 LsaSetSecurityObject(
29  _In_ LSA_HANDLE ObjectHandle,
30  _In_ SECURITY_INFORMATION SecurityInformation,
31  _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
32  );
33 
34 // System access
35 
36 #define SECURITY_ACCESS_INTERACTIVE_LOGON ((ULONG)0x00000001L)
37 #define SECURITY_ACCESS_NETWORK_LOGON ((ULONG)0x00000002L)
38 #define SECURITY_ACCESS_BATCH_LOGON ((ULONG)0x00000004L)
39 #define SECURITY_ACCESS_SERVICE_LOGON ((ULONG)0x00000010L)
40 #define SECURITY_ACCESS_PROXY_LOGON ((ULONG)0x00000020L)
41 #define SECURITY_ACCESS_DENY_INTERACTIVE_LOGON ((ULONG)0x00000040L)
42 #define SECURITY_ACCESS_DENY_NETWORK_LOGON ((ULONG)0x00000080L)
43 #define SECURITY_ACCESS_DENY_BATCH_LOGON ((ULONG)0x00000100L)
44 #define SECURITY_ACCESS_DENY_SERVICE_LOGON ((ULONG)0x00000200L)
45 #define SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON ((ULONG)0x00000400L)
46 #define SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON ((ULONG)0x00000800L)
47 
48 // Policy
49 
50 typedef ULONG POLICY_SYSTEM_ACCESS_MODE, *PPOLICY_SYSTEM_ACCESS_MODE;
51 
52 #define POLICY_MODE_INTERACTIVE SECURITY_ACCESS_INTERACTIVE_LOGON
53 #define POLICY_MODE_NETWORK SECURITY_ACCESS_NETWORK_LOGON
54 #define POLICY_MODE_BATCH SECURITY_ACCESS_BATCH_LOGON
55 #define POLICY_MODE_SERVICE SECURITY_ACCESS_SERVICE_LOGON
56 #define POLICY_MODE_PROXY SECURITY_ACCESS_PROXY_LOGON
57 #define POLICY_MODE_DENY_INTERACTIVE SECURITY_ACCESS_DENY_INTERACTIVE_LOGON
58 #define POLICY_MODE_DENY_NETWORK SECURITY_ACCESS_DENY_NETWORK_LOGON
59 #define POLICY_MODE_DENY_BATCH SECURITY_ACCESS_DENY_BATCH_LOGON
60 #define POLICY_MODE_DENY_SERVICE SECURITY_ACCESS_DENY_SERVICE_LOGON
61 #define POLICY_MODE_REMOTE_INTERACTIVE SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON
62 #define POLICY_MODE_DENY_REMOTE_INTERACTIVE SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON
63 
64 #define POLICY_MODE_ALL ( \
65  POLICY_MODE_INTERACTIVE | \
66  POLICY_MODE_NETWORK | \
67  POLICY_MODE_BATCH | \
68  POLICY_MODE_SERVICE | \
69  POLICY_MODE_PROXY | \
70  POLICY_MODE_DENY_INTERACTIVE | \
71  POLICY_MODE_DENY_NETWORK | \
72  SECURITY_ACCESS_DENY_BATCH_LOGON | \
73  SECURITY_ACCESS_DENY_SERVICE_LOGON | \
74  POLICY_MODE_REMOTE_INTERACTIVE | \
75  POLICY_MODE_DENY_REMOTE_INTERACTIVE \
76  )
77 
78 typedef struct _POLICY_PRIVILEGE_DEFINITION
79 {
80  LSA_UNICODE_STRING Name;
81  LUID LocalValue;
82 } POLICY_PRIVILEGE_DEFINITION, *PPOLICY_PRIVILEGE_DEFINITION;
83 
84 NTSTATUS
85 NTAPI
86 LsaOpenPolicySce(
87  _In_opt_ PLSA_UNICODE_STRING SystemName,
88  _In_ PLSA_OBJECT_ATTRIBUTES ObjectAttributes,
89  _In_ ACCESS_MASK DesiredAccess,
90  _Out_ PLSA_HANDLE PolicyHandle
91  );
92 
93 NTSTATUS
94 NTAPI
95 LsaClearAuditLog(
96  _In_ LSA_HANDLE PolicyHandle
97  );
98 
99 NTSTATUS
100 NTAPI
101 LsaEnumeratePrivileges(
102  _In_ LSA_HANDLE PolicyHandle,
103  _Inout_ PLSA_ENUMERATION_HANDLE EnumerationContext,
104  _Out_ PVOID *Buffer, // PPOLICY_PRIVILEGE_DEFINITION *Buffer
105  _In_ ULONG PreferedMaximumLength,
106  _Out_ PULONG CountReturned
107  );
108 
109 #define LSA_LOOKUP_ISOLATED_AS_LOCAL 0x80000000
110 
111 // Account
112 
113 #define ACCOUNT_VIEW 0x00000001
114 #define ACCOUNT_ADJUST_PRIVILEGES 0x00000002
115 #define ACCOUNT_ADJUST_QUOTAS 0x00000004
116 #define ACCOUNT_ADJUST_SYSTEM_ACCESS 0x00000008
117 #define ACCOUNT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
118  ACCOUNT_VIEW | \
119  ACCOUNT_ADJUST_PRIVILEGES | \
120  ACCOUNT_ADJUST_QUOTAS | \
121  ACCOUNT_ADJUST_SYSTEM_ACCESS)
122 #define ACCOUNT_READ (STANDARD_RIGHTS_READ | ACCOUNT_VIEW)
123 #define ACCOUNT_WRITE (STANDARD_RIGHTS_WRITE | \
124  ACCOUNT_ADJUST_PRIVILEGES | \
125  ACCOUNT_ADJUST_QUOTAS | \
126  ACCOUNT_ADJUST_SYSTEM_ACCESS)
127 #define ACCOUNT_EXECUTE (STANDARD_RIGHTS_EXECUTE)
128 
129 NTSTATUS
130 NTAPI
131 LsaCreateAccount(
132  _In_ LSA_HANDLE PolicyHandle,
133  _In_ PSID AccountSid,
134  _In_ ACCESS_MASK DesiredAccess,
135  _Out_ PLSA_HANDLE AccountHandle
136  );
137 
138 NTSTATUS
139 NTAPI
140 LsaOpenAccount(
141  _In_ LSA_HANDLE PolicyHandle,
142  _In_ PSID AccountSid,
143  _In_ ACCESS_MASK DesiredAccess,
144  _Out_ PLSA_HANDLE AccountHandle
145  );
146 
147 NTSTATUS
148 NTAPI
149 LsaEnumerateAccounts(
150  _In_ LSA_HANDLE PolicyHandle,
151  _Inout_ PLSA_ENUMERATION_HANDLE EnumerationContext,
152  _Out_ PVOID *Buffer, // PSID **Buffer
153  _In_ ULONG PreferedMaximumLength,
154  _Out_ PULONG CountReturned
155  );
156 
157 NTSTATUS
158 NTAPI
159 LsaAddPrivilegesToAccount(
160  _In_ LSA_HANDLE AccountHandle,
161  _In_ PPRIVILEGE_SET Privileges
162  );
163 
164 NTSTATUS
165 NTAPI
166 LsaRemovePrivilegesFromAccount(
167  _In_ LSA_HANDLE AccountHandle,
168  _In_ BOOLEAN AllPrivileges,
169  _In_opt_ PPRIVILEGE_SET Privileges
170  );
171 
172 NTSTATUS
173 NTAPI
174 LsaEnumeratePrivilegesOfAccount(
175  _In_ LSA_HANDLE AccountHandle,
176  _Out_ PPRIVILEGE_SET *Privileges
177  );
178 
179 NTSTATUS
180 NTAPI
181 LsaGetQuotasForAccount(
182  _In_ LSA_HANDLE AccountHandle,
183  _Out_ PQUOTA_LIMITS QuotaLimits
184  );
185 
186 NTSTATUS
187 NTAPI
188 LsaSetQuotasForAccount(
189  _In_ LSA_HANDLE AccountHandle,
190  _In_ PQUOTA_LIMITS QuotaLimits
191  );
192 
193 NTSTATUS
194 NTAPI
195 LsaGetSystemAccessAccount(
196  _In_ LSA_HANDLE AccountHandle,
197  _Out_ PULONG SystemAccess
198  );
199 
200 NTSTATUS
201 NTAPI
202 LsaSetSystemAccessAccount(
203  _In_ LSA_HANDLE AccountHandle,
204  _In_ ULONG SystemAccess
205  );
206 
207 // Trusted Domain
208 
209 #define TRUSTED_QUERY_DOMAIN_NAME 0x00000001
210 #define TRUSTED_QUERY_CONTROLLERS 0x00000002
211 #define TRUSTED_SET_CONTROLLERS 0x00000004
212 #define TRUSTED_QUERY_POSIX 0x00000008
213 #define TRUSTED_SET_POSIX 0x00000010
214 #define TRUSTED_SET_AUTH 0x00000020
215 #define TRUSTED_QUERY_AUTH 0x00000040
216 #define TRUSTED_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
217  TRUSTED_QUERY_DOMAIN_NAME | \
218  TRUSTED_QUERY_CONTROLLERS | \
219  TRUSTED_SET_CONTROLLERS | \
220  TRUSTED_QUERY_POSIX | \
221  TRUSTED_SET_POSIX | \
222  TRUSTED_SET_AUTH | \
223  TRUSTED_QUERY_AUTH)
224 #define TRUSTED_READ (STANDARD_RIGHTS_READ | \
225  TRUSTED_QUERY_DOMAIN_NAME)
226 #define TRUSTED_WRITE (STANDARD_RIGHTS_WRITE | \
227  TRUSTED_SET_CONTROLLERS | \
228  TRUSTED_SET_POSIX | \
229  TRUSTED_SET_AUTH)
230 #define TRUSTED_EXECUTE (STANDARD_RIGHTS_EXECUTE | \
231  TRUSTED_QUERY_CONTROLLERS | \
232  TRUSTED_QUERY_POSIX)
233 
234 NTSTATUS
235 NTAPI
236 LsaCreateTrustedDomain(
237  _In_ LSA_HANDLE PolicyHandle,
238  _In_ PLSA_TRUST_INFORMATION TrustedDomainInformation,
239  _In_ ACCESS_MASK DesiredAccess,
240  _Out_ PLSA_HANDLE TrustedDomainHandle
241  );
242 
243 NTSTATUS
244 NTAPI
245 LsaOpenTrustedDomain(
246  _In_ LSA_HANDLE PolicyHandle,
247  _In_ PSID TrustedDomainSid,
248  _In_ ACCESS_MASK DesiredAccess,
249  _Out_ PLSA_HANDLE TrustedDomainHandle
250  );
251 
252 NTSTATUS
253 NTAPI
254 LsaQueryInfoTrustedDomain(
255  _In_ LSA_HANDLE TrustedDomainHandle,
256  _In_ TRUSTED_INFORMATION_CLASS InformationClass,
257  _Out_ PVOID *Buffer
258  );
259 
260 NTSTATUS
261 NTAPI
262 LsaSetInformationTrustedDomain(
263  _In_ LSA_HANDLE TrustedDomainHandle,
264  _In_ TRUSTED_INFORMATION_CLASS InformationClass,
265  _In_ PVOID Buffer
266  );
267 
268 // Secret
269 
270 #define SECRET_SET_VALUE 0x00000001
271 #define SECRET_QUERY_VALUE 0x00000002
272 #define SECRET_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
273  SECRET_SET_VALUE | \
274  SECRET_QUERY_VALUE)
275 #define SECRET_READ (STANDARD_RIGHTS_READ | \
276  SECRET_QUERY_VALUE)
277 #define SECRET_WRITE (STANDARD_RIGHTS_WRITE | \
278  SECRET_SET_VALUE)
279 #define SECRET_EXECUTE (STANDARD_RIGHTS_EXECUTE)
280 
281 #define LSA_GLOBAL_SECRET_PREFIX L"G$"
282 #define LSA_GLOBAL_SECRET_PREFIX_LENGTH 2
283 
284 #define LSA_LOCAL_SECRET_PREFIX L"L$"
285 #define LSA_LOCAL_SECRET_PREFIX_LENGTH 2
286 
287 #define LSA_MACHINE_SECRET_PREFIX L"M$"
288 #define LSA_MACHINE_SECRET_PREFIX_LENGTH \
289  ((sizeof(LSA_MACHINE_SECRET_PREFIX) - sizeof(WCHAR)) / sizeof(WCHAR))
290 
291 #define LSA_SECRET_MAXIMUM_COUNT 0x00001000L
292 #define LSA_SECRET_MAXIMUM_LENGTH 0x00000200L
293 
294 NTSTATUS
295 NTAPI
296 LsaCreateSecret(
297  _In_ LSA_HANDLE PolicyHandle,
298  _In_ PLSA_UNICODE_STRING SecretName,
299  _In_ ACCESS_MASK DesiredAccess,
300  _Out_ PLSA_HANDLE SecretHandle
301  );
302 
303 NTSTATUS
304 NTAPI
305 LsaOpenSecret(
306  _In_ LSA_HANDLE PolicyHandle,
307  _In_ PLSA_UNICODE_STRING SecretName,
308  _In_ ACCESS_MASK DesiredAccess,
309  _Out_ PLSA_HANDLE SecretHandle
310  );
311 
312 NTSTATUS
313 NTAPI
314 LsaSetSecret(
315  _In_ LSA_HANDLE SecretHandle,
316  _In_opt_ PLSA_UNICODE_STRING CurrentValue,
317  _In_opt_ PLSA_UNICODE_STRING OldValue
318  );
319 
320 NTSTATUS
321 NTAPI
322 LsaQuerySecret(
323  _In_ LSA_HANDLE SecretHandle,
324  _Out_opt_ PLSA_UNICODE_STRING *CurrentValue,
325  _Out_opt_ PLARGE_INTEGER CurrentValueSetTime,
326  _Out_opt_ PLSA_UNICODE_STRING *OldValue,
327  _Out_opt_ PLARGE_INTEGER OldValueSetTime
328  );
329 
330 // Privilege
331 
332 NTSTATUS
333 NTAPI
334 LsaLookupPrivilegeValue(
335  _In_ LSA_HANDLE PolicyHandle,
336  _In_ PLSA_UNICODE_STRING Name,
337  _Out_ PLUID Value
338  );
339 
340 NTSTATUS
341 NTAPI
342 LsaLookupPrivilegeName(
343  _In_ LSA_HANDLE PolicyHandle,
344  _In_ PLUID Value,
345  _Out_ PLSA_UNICODE_STRING *Name
346  );
347 
348 NTSTATUS
349 NTAPI
350 LsaLookupPrivilegeDisplayName(
351  _In_ LSA_HANDLE PolicyHandle,
352  _In_ PLSA_UNICODE_STRING Name,
353  _Out_ PLSA_UNICODE_STRING *DisplayName,
354  _Out_ PSHORT LanguageReturned
355  );
356 
357 // Misc.
358 
359 NTSTATUS
360 NTAPI
361 LsaChangePassword(
362  _In_ PLSA_UNICODE_STRING ServerName,
363  _In_ PLSA_UNICODE_STRING DomainName,
364  _In_ PLSA_UNICODE_STRING AccountName,
365  _In_ PLSA_UNICODE_STRING OldPassword,
366  _In_ PLSA_UNICODE_STRING NewPassword
367  );
368 
369 NTSTATUS
370 NTAPI
371 LsaGetUserName(
372  _Outptr_ PLSA_UNICODE_STRING *UserName,
373  _Outptr_opt_ PLSA_UNICODE_STRING *DomainName
374  );
375 
376 NTSTATUS
377 NTAPI
378 LsaGetRemoteUserName(
379  _In_opt_ PLSA_UNICODE_STRING SystemName,
380  _Outptr_ PLSA_UNICODE_STRING *UserName,
381  _Outptr_opt_ PLSA_UNICODE_STRING *DomainName
382  );
383 
384 #endif