📄 ntsecapi.h
字号:
PSID Sid;
} LSA_ENUMERATION_INFORMATION, *PLSA_ENUMERATION_INFORMATION;
////////////////////////////////////////////////////////////////////////////
// //
// Local Security Policy - Miscellaneous API function prototypes //
// //
////////////////////////////////////////////////////////////////////////////
NTSTATUS
NTAPI
LsaFreeMemory(
IN PVOID Buffer
);
NTSTATUS
NTAPI
LsaClose(
IN LSA_HANDLE ObjectHandle
);
typedef struct _SECURITY_LOGON_SESSION_DATA {
ULONG Size ;
LUID LogonId ;
LSA_UNICODE_STRING UserName ;
LSA_UNICODE_STRING LogonDomain ;
LSA_UNICODE_STRING AuthenticationPackage ;
ULONG LogonType ;
ULONG Session ;
PSID Sid ;
LARGE_INTEGER LogonTime ;
//
// new for whistler:
//
LSA_UNICODE_STRING LogonServer ;
LSA_UNICODE_STRING DnsDomainName ;
LSA_UNICODE_STRING Upn ;
} SECURITY_LOGON_SESSION_DATA, * PSECURITY_LOGON_SESSION_DATA ;
NTSTATUS
NTAPI
LsaEnumerateLogonSessions(
OUT PULONG LogonSessionCount,
OUT PLUID * LogonSessionList
);
NTSTATUS
NTAPI
LsaGetLogonSessionData(
IN PLUID LogonId,
OUT PSECURITY_LOGON_SESSION_DATA * ppLogonSessionData
);
NTSTATUS
NTAPI
LsaOpenPolicy(
IN PLSA_UNICODE_STRING SystemName OPTIONAL,
IN PLSA_OBJECT_ATTRIBUTES ObjectAttributes,
IN ACCESS_MASK DesiredAccess,
IN OUT PLSA_HANDLE PolicyHandle
);
NTSTATUS
NTAPI
LsaQueryInformationPolicy(
IN LSA_HANDLE PolicyHandle,
IN POLICY_INFORMATION_CLASS InformationClass,
OUT PVOID *Buffer
);
NTSTATUS
NTAPI
LsaSetInformationPolicy(
IN LSA_HANDLE PolicyHandle,
IN POLICY_INFORMATION_CLASS InformationClass,
IN PVOID Buffer
);
NTSTATUS
NTAPI
LsaQueryDomainInformationPolicy(
IN LSA_HANDLE PolicyHandle,
IN POLICY_DOMAIN_INFORMATION_CLASS InformationClass,
OUT PVOID *Buffer
);
NTSTATUS
NTAPI
LsaSetDomainInformationPolicy(
IN LSA_HANDLE PolicyHandle,
IN POLICY_DOMAIN_INFORMATION_CLASS InformationClass,
IN PVOID Buffer
);
NTSTATUS
NTAPI
LsaRegisterPolicyChangeNotification(
IN POLICY_NOTIFICATION_INFORMATION_CLASS InformationClass,
IN HANDLE NotificationEventHandle
);
NTSTATUS
NTAPI
LsaUnregisterPolicyChangeNotification(
IN POLICY_NOTIFICATION_INFORMATION_CLASS InformationClass,
IN HANDLE NotificationEventHandle
);
NTSTATUS
NTAPI
LsaEnumerateTrustedDomains(
IN LSA_HANDLE PolicyHandle,
IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
OUT PVOID *Buffer,
IN ULONG PreferedMaximumLength,
OUT PULONG CountReturned
);
NTSTATUS
NTAPI
LsaLookupNames(
IN LSA_HANDLE PolicyHandle,
IN ULONG Count,
IN PLSA_UNICODE_STRING Names,
OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,
OUT PLSA_TRANSLATED_SID *Sids
);
NTSTATUS
NTAPI
LsaLookupNames2(
IN LSA_HANDLE PolicyHandle,
IN ULONG Flags, // Reserved
IN ULONG Count,
IN PLSA_UNICODE_STRING Names,
OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,
OUT PLSA_TRANSLATED_SID2 *Sids
);
NTSTATUS
NTAPI
LsaLookupSids(
IN LSA_HANDLE PolicyHandle,
IN ULONG Count,
IN PSID *Sids,
OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,
OUT PLSA_TRANSLATED_NAME *Names
);
#define SE_INTERACTIVE_LOGON_NAME TEXT("SeInteractiveLogonRight")
#define SE_NETWORK_LOGON_NAME TEXT("SeNetworkLogonRight")
#define SE_BATCH_LOGON_NAME TEXT("SeBatchLogonRight")
#define SE_SERVICE_LOGON_NAME TEXT("SeServiceLogonRight")
#define SE_DENY_INTERACTIVE_LOGON_NAME TEXT("SeDenyInteractiveLogonRight")
#define SE_DENY_NETWORK_LOGON_NAME TEXT("SeDenyNetworkLogonRight")
#define SE_DENY_BATCH_LOGON_NAME TEXT("SeDenyBatchLogonRight")
#define SE_DENY_SERVICE_LOGON_NAME TEXT("SeDenyServiceLogonRight")
#define SE_REMOTE_INTERACTIVE_LOGON_NAME TEXT("SeRemoteInteractiveLogonRight")
#define SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME TEXT("SeDenyRemoteInteractiveLogonRight")
//
// This new API returns all the accounts with a certain privilege
//
NTSTATUS
NTAPI
LsaEnumerateAccountsWithUserRight(
IN LSA_HANDLE PolicyHandle,
IN OPTIONAL PLSA_UNICODE_STRING UserRights,
OUT PVOID *EnumerationBuffer,
OUT PULONG CountReturned
);
//
// These new APIs differ by taking a SID instead of requiring the caller
// to open the account first and passing in an account handle
//
NTSTATUS
NTAPI
LsaEnumerateAccountRights(
IN LSA_HANDLE PolicyHandle,
IN PSID AccountSid,
OUT PLSA_UNICODE_STRING *UserRights,
OUT PULONG CountOfRights
);
NTSTATUS
NTAPI
LsaAddAccountRights(
IN LSA_HANDLE PolicyHandle,
IN PSID AccountSid,
IN PLSA_UNICODE_STRING UserRights,
IN ULONG CountOfRights
);
NTSTATUS
NTAPI
LsaRemoveAccountRights(
IN LSA_HANDLE PolicyHandle,
IN PSID AccountSid,
IN BOOLEAN AllRights,
IN PLSA_UNICODE_STRING UserRights,
IN ULONG CountOfRights
);
///////////////////////////////////////////////////////////////////////////////
// //
// Local Security Policy - Trusted Domain Object API function prototypes //
// //
///////////////////////////////////////////////////////////////////////////////
NTSTATUS
NTAPI
LsaOpenTrustedDomainByName(
IN LSA_HANDLE PolicyHandle,
IN PLSA_UNICODE_STRING TrustedDomainName,
IN ACCESS_MASK DesiredAccess,
OUT PLSA_HANDLE TrustedDomainHandle
);
NTSTATUS
NTAPI
LsaQueryTrustedDomainInfo(
IN LSA_HANDLE PolicyHandle,
IN PSID TrustedDomainSid,
IN TRUSTED_INFORMATION_CLASS InformationClass,
OUT PVOID *Buffer
);
NTSTATUS
NTAPI
LsaSetTrustedDomainInformation(
IN LSA_HANDLE PolicyHandle,
IN PSID TrustedDomainSid,
IN TRUSTED_INFORMATION_CLASS InformationClass,
IN PVOID Buffer
);
NTSTATUS
NTAPI
LsaDeleteTrustedDomain(
IN LSA_HANDLE PolicyHandle,
IN PSID TrustedDomainSid
);
NTSTATUS
NTAPI
LsaQueryTrustedDomainInfoByName(
IN LSA_HANDLE PolicyHandle,
IN PLSA_UNICODE_STRING TrustedDomainName,
IN TRUSTED_INFORMATION_CLASS InformationClass,
OUT PVOID *Buffer
);
NTSTATUS
NTAPI
LsaSetTrustedDomainInfoByName(
IN LSA_HANDLE PolicyHandle,
IN PLSA_UNICODE_STRING TrustedDomainName,
IN TRUSTED_INFORMATION_CLASS InformationClass,
IN PVOID Buffer
);
NTSTATUS
NTAPI
LsaEnumerateTrustedDomainsEx(
IN LSA_HANDLE PolicyHandle,
IN OUT PLSA_ENUMERATION_HANDLE EnumerationContext,
OUT PVOID *Buffer,
IN ULONG PreferedMaximumLength,
OUT PULONG CountReturned
);
NTSTATUS
NTAPI
LsaCreateTrustedDomainEx(
IN LSA_HANDLE PolicyHandle,
IN PTRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation,
IN PTRUSTED_DOMAIN_AUTH_INFORMATION AuthenticationInformation,
IN ACCESS_MASK DesiredAccess,
OUT PLSA_HANDLE TrustedDomainHandle
);
NTSTATUS
NTAPI
LsaQueryForestTrustInformation(
IN LSA_HANDLE PolicyHandle,
IN PLSA_UNICODE_STRING TrustedDomainName,
OUT PLSA_FOREST_TRUST_INFORMATION * ForestTrustInfo
);
NTSTATUS
NTAPI
LsaSetForestTrustInformation(
IN LSA_HANDLE PolicyHandle,
IN PLSA_UNICODE_STRING TrustedDomainName,
IN PLSA_FOREST_TRUST_INFORMATION ForestTrustInfo,
IN BOOLEAN CheckOnly,
OUT PLSA_FOREST_TRUST_COLLISION_INFORMATION * CollisionInfo
);
// #define TESTING_MATCHING_ROUTINE
#ifdef TESTING_MATCHING_ROUTINE
NTSTATUS
NTAPI
LsaForestTrustFindMatch(
IN LSA_HANDLE PolicyHandle,
IN ULONG Type,
IN PLSA_UNICODE_STRING Name,
OUT PLSA_UNICODE_STRING * Match
);
#endif
//
// This API sets the workstation password (equivalent of setting/getting
// the SSI_SECRET_NAME secret)
//
NTSTATUS
NTAPI
LsaStorePrivateData(
IN LSA_HANDLE PolicyHandle,
IN PLSA_UNICODE_STRING KeyName,
IN PLSA_UNICODE_STRING PrivateData
);
NTSTATUS
NTAPI
LsaRetrievePrivateData(
IN LSA_HANDLE PolicyHandle,
IN PLSA_UNICODE_STRING KeyName,
OUT PLSA_UNICODE_STRING * PrivateData
);
ULONG
NTAPI
LsaNtStatusToWinError(
NTSTATUS Status
);
//
// Define a symbol so we can tell if ntifs.h has been included.
//
// begin_ntifs
#ifndef _NTLSA_IFS_
#define _NTLSA_IFS_
#endif
// end_ntifs
//
// SPNEGO package stuff
//
enum NEGOTIATE_MESSAGES {
NegEnumPackagePrefixes = 0,
NegGetCallerName = 1,
NegCallPackageMax
} ;
#define NEGOTIATE_MAX_PREFIX 32
typedef struct _NEGOTIATE_PACKAGE_PREFIX {
ULONG_PTR PackageId ;
PVOID PackageDataA ;
PVOID PackageDataW ;
ULONG_PTR PrefixLen ;
UCHAR Prefix[ NEGOTIATE_MAX_PREFIX ];
} NEGOTIATE_PACKAGE_PREFIX, * PNEGOTIATE_PACKAGE_PREFIX ;
typedef struct _NEGOTIATE_PACKAGE_PREFIXES {
ULONG MessageType ;
ULONG PrefixCount ;
ULONG Offset ; // Offset to array of _PREFIX above
} NEGOTIATE_PACKAGE_PREFIXES, *PNEGOTIATE_PACKAGE_PREFIXES ;
typedef struct _NEGOTIATE_CALLER_NAME_REQUEST {
ULONG MessageType ;
LUID LogonId ;
} NEGOTIATE_CALLER_NAME_REQUEST, *PNEGOTIATE_CALLER_NAME_REQUEST ;
typedef struct _NEGOTIATE_CALLER_NAME_RESPONSE {
ULONG MessageType ;
PWSTR CallerName ;
} NEGOTIATE_CALLER_NAME_RESPONSE, * PNEGOTIATE_CALLER_NAME_RESPONSE ;
#define NEGOTIATE_ALLOW_NTLM 0x10000000
#define NEGOTIATE_NEG_NTLM 0x20000000
#ifndef _NTDEF_
typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING;
typedef LSA_STRING STRING, *PSTRING ;
#endif
#ifndef _DOMAIN_PASSWORD_INFORMATION_DEFINED
#define _DOMAIN_PASSWORD_INFORMATION_DEFINED
typedef struct _DOMAIN_PASSWORD_INFORMATION {
USHORT MinPasswordLength;
USHORT PasswordHistoryLength;
ULONG PasswordProperties;
#if defined(MIDL_PASS)
OLD_LARGE_INTEGER MaxPasswordAge;
OLD_LARGE_INTEGER MinPasswordAge;
#else
LARGE_INTEGER MaxPasswordAge;
LARGE_INTEGER MinPasswordAge;
#endif
} DOMAIN_PASSWORD_INFORMATION, *PDOMAIN_PASSWORD_INFORMATION;
#endif
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -