Likewise Security and Authentication Subsystem
|
Core client API. More...
Data Structures | |
struct | LSA_SECURITY_OBJECT_USER_INFO |
User object info. More... | |
struct | LSA_SECURITY_OBJECT_GROUP_INFO |
User object info. More... | |
struct | LSA_SECURITY_OBJECT |
Security object. More... | |
union | LSA_QUERY_ITEM |
Query item. More... | |
union | LSA_QUERY_LIST |
Query list. More... | |
Macros | |
#define | LSA_FIND_FLAGS_NSS |
Query with NSS semantics. More... | |
#define | LSA_FIND_FLAGS_LOCAL |
Query only for local objects. More... | |
#define | LSA_FIND_FLAGS_CACHE_ONLY |
Query only for cached objects. More... | |
Typedefs | |
typedef LW_DWORD | LSA_FIND_FLAGS |
Find flags. More... | |
typedef LW_UINT8 | LSA_QUERY_TYPE |
Query type. | |
typedef LSA_SECURITY_OBJECT * | PLSA_SECURITY_OBJECT |
Security object pointer. | |
typedef const LSA_SECURITY_OBJECT * | PCLSA_SECURITY_OBJECT |
Constant security object pointer. | |
Enumerations | |
enum | _LSA_QUERY_TYPE { LSA_QUERY_TYPE_UNDEFINED, LSA_QUERY_TYPE_BY_DN, LSA_QUERY_TYPE_BY_SID, LSA_QUERY_TYPE_BY_NT4, LSA_QUERY_TYPE_BY_UPN, LSA_QUERY_TYPE_BY_ALIAS, LSA_QUERY_TYPE_BY_UNIX_ID, LSA_QUERY_TYPE_BY_NAME } |
Query type enumeration. More... | |
enum | _LSA_OBJECT_TYPE { LSA_OBJECT_TYPE_UNDEFINED, LSA_OBJECT_TYPE_GROUP, LSA_OBJECT_TYPE_USER } |
Object type enumeration. More... | |
Functions | |
LW_DWORD | LsaOpenServer (LW_PHANDLE phConnection) |
Open connection to local lsass server. More... | |
DWORD | LsaOpenServerThreaded (PHANDLE phConnection) |
Open connection to local lsass server (thread-safe) More... | |
LW_DWORD | LsaCloseServer (LW_HANDLE hConnection) |
Closes connection to lsass server. More... | |
LW_DWORD | LsaDropServer (LW_HANDLE hConnection) |
Frees a connection to lsass server. More... | |
LW_DWORD | LsaFindObjects (LW_IN LW_HANDLE hLsa, LW_IN LW_PCSTR pszTargetProvider, LW_IN LSA_FIND_FLAGS FindFlags, LW_IN LW_OPTIONAL LSA_OBJECT_TYPE ObjectType, LW_IN LSA_QUERY_TYPE QueryType, LW_IN LW_DWORD dwCount, LW_IN LSA_QUERY_LIST QueryList, LW_OUT PLSA_SECURITY_OBJECT **pppObjects) |
Resolve security objects. More... | |
LW_DWORD | LsaOpenEnumObjects (LW_IN LW_HANDLE hLsa, LW_IN LW_PCSTR pszTargetProvider, LW_OUT LW_PHANDLE phEnum, LW_IN LSA_FIND_FLAGS FindFlags, LW_IN LSA_OBJECT_TYPE ObjectType, LW_IN LW_OPTIONAL LW_PCSTR pszDomainName) |
Begin object enumeration. More... | |
LW_DWORD | LsaEnumObjects (LW_IN LW_HANDLE hLsa, LW_IN LW_HANDLE hEnum, LW_IN LW_DWORD dwMaxObjectsCount, LW_OUT LW_PDWORD pdwObjectsCount, LW_OUT PLSA_SECURITY_OBJECT **pppObjects) |
Enumerate objects. More... | |
LW_DWORD | LsaOpenEnumMembers (LW_IN LW_HANDLE hLsa, LW_IN LW_PCSTR pszTargetProvider, LW_OUT LW_PHANDLE phEnum, LW_IN LSA_FIND_FLAGS FindFlags, LW_IN LW_PCSTR pszSid) |
Begin member enumeration. More... | |
LW_DWORD | LsaEnumMembers (LW_IN LW_HANDLE hLsa, LW_IN LW_HANDLE hEnum, LW_IN LW_DWORD dwMaxObjectsCount, LW_OUT LW_PDWORD pdwObjectsCount, LW_OUT LW_PSTR **pppszMember) |
Enumerate members. More... | |
LW_DWORD | LsaQueryMemberOf (LW_IN LW_HANDLE hLsa, LW_IN LW_PCSTR pszTargetProvider, LW_IN LSA_FIND_FLAGS FindFlags, LW_DWORD dwSidCount, LW_IN LW_PSTR *ppszSids, LW_OUT LW_PDWORD pdwGroupSidCount, LW_OUT LW_PSTR **pppszGroupSids) |
Query group membership of objects. More... | |
LW_DWORD | LsaCloseEnum (LW_IN LW_HANDLE hLsa, LW_IN LW_OUT LW_HANDLE hEnum) |
Close enumeration handle. More... | |
LW_VOID | LsaFreeSidList (LW_IN LW_DWORD dwSidCount, LW_IN LW_OUT LW_PSTR *ppszSids) |
Free SID list. More... | |
LW_VOID | LsaFreeSecurityObjectList (LW_IN LW_DWORD dwObjectCount, LW_IN LW_OUT PLSA_SECURITY_OBJECT *ppObjects) |
Free security object list. More... | |
LW_VOID | LsaFreeSecurityObject (LW_IN LW_OUT PLSA_SECURITY_OBJECT pObject) |
Free security object. More... | |
LW_DWORD | LsaQueryExpandedGroupMembers (LW_IN LW_HANDLE hLsa, LW_PCSTR pszTargetProvider, LW_IN LSA_FIND_FLAGS FindFlags, LW_IN LSA_OBJECT_TYPE ObjectType, LW_IN LW_PCSTR pszSid, LW_OUT LW_PDWORD pdwMemberCount, LW_OUT PLSA_SECURITY_OBJECT **pppMembers) |
Query expanded group membership. More... | |
LW_DWORD | LsaFindGroupAndExpandedMembers (LW_IN LW_HANDLE hLsa, LW_PCSTR pszTargetProvider, LW_IN LSA_FIND_FLAGS FindFlags, LW_IN LSA_QUERY_TYPE QueryType, LW_IN LSA_QUERY_ITEM QueryItem, LW_OUT PLSA_SECURITY_OBJECT *ppGroupObject, LW_OUT LW_PDWORD pdwMemberObjectCount, LW_OUT PLSA_SECURITY_OBJECT **pppMemberObjects) |
Find group and its expanded membership list. More... | |
#define LSA_FIND_FLAGS_NSS |
Indicates that the query is to fulfill an NSS (name service switch) request. This hint may be used to omit irrelevant results or avoid unduly expensive network operations.
#define LSA_FIND_FLAGS_LOCAL |
Indicates that only objects in local databases should be queried.
#define LSA_FIND_FLAGS_CACHE_ONLY |
Indicates that only cached objects should be queried (avoiding network operations).
typedef LW_DWORD LSA_FIND_FLAGS |
Flags that can be used to change the behavior of query processing
enum _LSA_QUERY_TYPE |
Specifies the type of key used when querying
enum _LSA_OBJECT_TYPE |
LW_DWORD LsaOpenServer | ( | LW_PHANDLE | phConnection | ) |
Creates a connection handle to the local lsass server.
[out] | phConnection | the created connection handle |
LW_ERROR_SUCCESS | success |
LW_ERROR_ERRNO_ECONNREFUSED | the connection was refused |
LW_ERROR_ERRNO_ENOENT | the lsass domain socket was not found |
DWORD LsaOpenServerThreaded | ( | PHANDLE | phConnection | ) |
Creates a connection handle to the local lsass server. The handle may safely be used by multiple threads. This function is only available when linking with lsaclientthr
[out] | phConnection | the created connection handle |
LW_ERROR_SUCCESS | success |
LW_ERROR_ERRNO_ECONNREFUSED | the connection was refused |
LW_ERROR_ERRNO_ENOENT | the lsass domain socket was not found |
LW_DWORD LsaCloseServer | ( | LW_HANDLE | hConnection | ) |
Closes a connection handle opened with LsaOpenServer() or LsaOpenServerThreaded().
[in,out] | hConnection | the connection handle to close |
LW_ERROR_SUCCESS | success |
LW_DWORD LsaDropServer | ( | LW_HANDLE | hConnection | ) |
This frees the local resources associated with a connection handle opened by LsaOpenServer(), but does not explicitly terminate the session with the server. This is important to prevent a child process from interfering with its parent after a fork().
[in,out] | hConnection | the connection handle to close |
LW_ERROR_SUCCESS | success |
LW_DWORD LsaFindObjects | ( | LW_IN LW_HANDLE | hLsa, |
LW_IN LW_PCSTR | pszTargetProvider, | ||
LW_IN LSA_FIND_FLAGS | FindFlags, | ||
LW_IN LW_OPTIONAL LSA_OBJECT_TYPE | ObjectType, | ||
LW_IN LSA_QUERY_TYPE | QueryType, | ||
LW_IN LW_DWORD | dwCount, | ||
LW_IN LSA_QUERY_LIST | QueryList, | ||
LW_OUT PLSA_SECURITY_OBJECT ** | pppObjects | ||
) |
Resolves a homogeneous list of keys to a list of security objects of equal length. The returned list should be freed with LsaFreeSecurityObjectList().
[in] | hLsa | a connection handle |
[in] | pszTargetProvider | an optional provider name. If provided, only that provider will be queried. Otherwise, all providers will be queried |
[in] | FindFlags | flags that can modify query behavior |
[in] | ObjectType | the type of object to return. If LSA_OBJECT_TYPE_UNDEFINED, any type of object matching the query will be returned. |
[in] | QueryType | the type of key to query by |
[in] | dwCount | the number of keys to search for |
[in] | QueryList | a list of keys to search for |
[out] | pppObjects | on success, set to an array of security object pointers equal in length to the query list. Each element of the array may be NULL if the key could not be found. |
LW_ERROR_SUCCESS | success |
LW_DWORD LsaOpenEnumObjects | ( | LW_IN LW_HANDLE | hLsa, |
LW_IN LW_PCSTR | pszTargetProvider, | ||
LW_OUT LW_PHANDLE | phEnum, | ||
LW_IN LSA_FIND_FLAGS | FindFlags, | ||
LW_IN LSA_OBJECT_TYPE | ObjectType, | ||
LW_IN LW_OPTIONAL LW_PCSTR | pszDomainName | ||
) |
Returns a handle that can be used to enumerate all security objects matching the query criteria. The handle should be freed with LsaCloseEnum().
[in] | hLsa | a connection handle |
[in] | pszTargetProvider | an optional provider name. If provided, only that provider will be queried. Otherwise, all providers will be queried |
[out] | phEnum | set to a handle which can be subsequently used with LsaEnumObjects() to retrieve results. |
[in] | FindFlags | flags that can modify query behavior |
[in] | ObjectType | the type of object to enumerate. If LSA_OBJECT_TYPE_UNDEFINED, all enumerable objects will be returned. |
[in] | pszDomainName | an optional domain name to further filter results |
LW_ERROR_SUCCESS | success |
LW_DWORD LsaEnumObjects | ( | LW_IN LW_HANDLE | hLsa, |
LW_IN LW_HANDLE | hEnum, | ||
LW_IN LW_DWORD | dwMaxObjectsCount, | ||
LW_OUT LW_PDWORD | pdwObjectsCount, | ||
LW_OUT PLSA_SECURITY_OBJECT ** | pppObjects | ||
) |
Returns objects from an in-progress enumeration. The returned list should be freed with LsaFreeSecurityObjectList().
[in] | hLsa | a connection handle |
[in] | hEnum | an enumeration handle from LsaOpenEnumObjects() |
[in] | dwMaxObjectsCount | the maximum number of objects to return |
[out] | pdwObjectsCount | set to the length of the returned list |
[out] | pppObjects | set to a list of returned security objects. Unlike LsaFindObjects(), entries will not be NULL. |
LW_ERROR_SUCCESS | success |
LW_DWORD LsaOpenEnumMembers | ( | LW_IN LW_HANDLE | hLsa, |
LW_IN LW_PCSTR | pszTargetProvider, | ||
LW_OUT LW_PHANDLE | phEnum, | ||
LW_IN LSA_FIND_FLAGS | FindFlags, | ||
LW_IN LW_PCSTR | pszSid | ||
) |
Returns a handle that can be used to enumerate all direct members of a group. The returned SIDs may represent users or other groups. The handle should be freed with LsaCloseEnum().
[in] | hLsa | a connection handle |
[in] | pszTargetProvider | an optional provider name. If provided, only that provider will be queried. Otherwise, all providers will be queried |
[out] | phEnum | set to a handle which can be subsequently used with LsaEnumMembers() to retrieve results. |
[in] | FindFlags | flags that can modify query behavior |
[in] | pszSid | the SID of the group to enumerate as a printed string |
LW_ERROR_SUCCESS | success |
LW_ERROR_NO_SUCH_GROUP | a group with the specified SID did not exist |
LW_DWORD LsaEnumMembers | ( | LW_IN LW_HANDLE | hLsa, |
LW_IN LW_HANDLE | hEnum, | ||
LW_IN LW_DWORD | dwMaxObjectsCount, | ||
LW_OUT LW_PDWORD | pdwObjectsCount, | ||
LW_OUT LW_PSTR ** | pppszMember | ||
) |
Returns member SIDs from an in-progress member enumeration. The returned list should be freed with LsaFreeSidList().
[in] | hLsa | a connection handle |
[in] | hEnum | an enumeration handle from LsaOpenEnumMembers() |
[in] | dwMaxObjectsCount | the maximum number of SIDs to return |
[out] | pdwObjectsCount | set to the length of the returned list |
[out] | pppszMember | set to a list of returned member SIDs in printed form |
LW_ERROR_SUCCESS | success |
LW_DWORD LsaQueryMemberOf | ( | LW_IN LW_HANDLE | hLsa, |
LW_IN LW_PCSTR | pszTargetProvider, | ||
LW_IN LSA_FIND_FLAGS | FindFlags, | ||
LW_DWORD | dwSidCount, | ||
LW_IN LW_PSTR * | ppszSids, | ||
LW_OUT LW_PDWORD | pdwGroupSidCount, | ||
LW_OUT LW_PSTR ** | pppszGroupSids | ||
) |
Given a list of object SIDs, returns a list of group SIDs of which the specified objects are direct or transitive members.
[in] | hLsa | a connection handle |
[in] | pszTargetProvider | an optional provider name. If provided, only that provider will be queried. Otherwise, all providers will be queried |
[in] | FindFlags | flags that can modify query behavior |
[in] | dwSidCount | the number of SIDs passed |
[in] | ppszSids | the list of SIDs |
[out] | pdwGroupSidCount | set to the number of group SIDs returned |
[out] | pppszGroupSids | set to an array containing group SIDs in printed form |
LW_ERROR_SUCCESS | success |
LW_DWORD LsaCloseEnum | ( | LW_IN LW_HANDLE | hLsa, |
LW_IN LW_OUT LW_HANDLE | hEnum | ||
) |
Closes any enumeration handle opened with an enumeration function.
[in] | hLsa | a connection handle |
[in,out] | hEnum | the enum handle to close |
LW_ERROR_SUCCESS | success |
LW_VOID LsaFreeSidList | ( | LW_IN LW_DWORD | dwSidCount, |
LW_IN LW_OUT LW_PSTR * | ppszSids | ||
) |
Frees a list of SID strings returned from a previous API call.
[in] | dwSidCount | the number of SIDs in the array |
[in,out] | ppszSids | the array to free |
LW_VOID LsaFreeSecurityObjectList | ( | LW_IN LW_DWORD | dwObjectCount, |
LW_IN LW_OUT PLSA_SECURITY_OBJECT * | ppObjects | ||
) |
Frees a list of security objects returned from a previous API call.
[in] | dwObjectCount | the number of objects in the array |
[in,out] | ppObjects | the array to free |
LW_VOID LsaFreeSecurityObject | ( | LW_IN LW_OUT PLSA_SECURITY_OBJECT | pObject | ) |
Frees a single security object
[in,out] | pObject | the object to free |
LW_DWORD LsaQueryExpandedGroupMembers | ( | LW_IN LW_HANDLE | hLsa, |
LW_PCSTR | pszTargetProvider, | ||
LW_IN LSA_FIND_FLAGS | FindFlags, | ||
LW_IN LSA_OBJECT_TYPE | ObjectType, | ||
LW_IN LW_PCSTR | pszSid, | ||
LW_OUT LW_PDWORD | pdwMemberCount, | ||
LW_OUT PLSA_SECURITY_OBJECT ** | pppMembers | ||
) |
Returns a list of security objects of all transitive members of a group. This is equivalent to recursive calls to LsaOpenEnumMembers()/LsaEnumMembers()/LsaCloseEnum() and LsaFindObjects(). The returned list should be freed with LsaFreeSecurityObjectList().
[in] | hLsa | a connection handle |
[in] | pszTargetProvider | an optional provider name. If provided, only that provider will be queried. Otherwise, all providers will be queried |
[in] | FindFlags | flags that can modify query behavior |
[in] | ObjectType | the type of member to return. If LSA_OBJECT_TYPE_UNDEFINED, all members are returned |
[in] | pszSid | the SID of the group to expand as a printed string |
[out] | pdwMemberCount | set to the number of returned members |
[out] | pppMembers | set to the list of returned members |
LW_ERROR_SUCCESS | success |
LW_ERROR_NO_SUCH_GROUP | a group with the specified SID did not exist |
LW_DWORD LsaFindGroupAndExpandedMembers | ( | LW_IN LW_HANDLE | hLsa, |
LW_PCSTR | pszTargetProvider, | ||
LW_IN LSA_FIND_FLAGS | FindFlags, | ||
LW_IN LSA_QUERY_TYPE | QueryType, | ||
LW_IN LSA_QUERY_ITEM | QueryItem, | ||
LW_OUT PLSA_SECURITY_OBJECT * | ppGroupObject, | ||
LW_OUT LW_PDWORD | pdwMemberObjectCount, | ||
LW_OUT PLSA_SECURITY_OBJECT ** | pppMemberObjects | ||
) |
Returns a security object for a group along with a list of its expanded members. This is equivalent to LsaFindObjects() followed by LsaQueryExpandedGroupMembers() of the resulting SID, but with reduced overhead. The returned group security object should be freed with LsaFreeSecurityObject(), and the returned member list should be freed with LsaFreeSecurityObjectList().
[in] | hLsa | a connection handle |
[in] | pszTargetProvider | an optional provider name. If provided, only that provider will be queried. Otherwise, all providers will be queried |
[in] | FindFlags | flags that can modify query behavior |
[in] | QueryType | the type of key to query by |
[in] | QueryItem | the key to query by |
[out] | ppGroupObject | set to the security object for the group |
[out] | pdwMemberObjectCount | set to the number of returned members |
[out] | pppMemberObjects | set to the list of returned members |
LW_ERROR_SUCCESS | success |
LW_ERROR_NO_SUCH_GROUP | the group was not found |