Likewise Security and Authentication Subsystem
Core client API

Core client API. More...

Data Structures

struct  LSA_SECURITY_OBJECT_USER_INFO
 User object info. More...
 
struct  LSA_SECURITY_OBJECT_GROUP_INFO
 User object info. More...
 
struct  LSA_SECURITY_OBJECT
 Security object. More...
 
union  LSA_QUERY_ITEM
 Query item. More...
 
union  LSA_QUERY_LIST
 Query list. More...
 

Macros

#define LSA_FIND_FLAGS_NSS
 Query with NSS semantics. More...
 
#define LSA_FIND_FLAGS_LOCAL
 Query only for local objects. More...
 
#define LSA_FIND_FLAGS_CACHE_ONLY
 Query only for cached objects. More...
 

Typedefs

typedef LW_DWORD LSA_FIND_FLAGS
 Find flags. More...
 
typedef LW_UINT8 LSA_QUERY_TYPE
 Query type.
 
typedef LSA_SECURITY_OBJECTPLSA_SECURITY_OBJECT
 Security object pointer.
 
typedef const LSA_SECURITY_OBJECTPCLSA_SECURITY_OBJECT
 Constant security object pointer.
 

Enumerations

enum  _LSA_QUERY_TYPE {
  LSA_QUERY_TYPE_UNDEFINED, LSA_QUERY_TYPE_BY_DN, LSA_QUERY_TYPE_BY_SID, LSA_QUERY_TYPE_BY_NT4,
  LSA_QUERY_TYPE_BY_UPN, LSA_QUERY_TYPE_BY_ALIAS, LSA_QUERY_TYPE_BY_UNIX_ID, LSA_QUERY_TYPE_BY_NAME
}
 Query type enumeration. More...
 
enum  _LSA_OBJECT_TYPE { LSA_OBJECT_TYPE_UNDEFINED, LSA_OBJECT_TYPE_GROUP, LSA_OBJECT_TYPE_USER }
 Object type enumeration. More...
 

Functions

LW_DWORD LsaOpenServer (LW_PHANDLE phConnection)
 Open connection to local lsass server. More...
 
DWORD LsaOpenServerThreaded (PHANDLE phConnection)
 Open connection to local lsass server (thread-safe) More...
 
LW_DWORD LsaCloseServer (LW_HANDLE hConnection)
 Closes connection to lsass server. More...
 
LW_DWORD LsaDropServer (LW_HANDLE hConnection)
 Frees a connection to lsass server. More...
 
LW_DWORD LsaFindObjects (LW_IN LW_HANDLE hLsa, LW_IN LW_PCSTR pszTargetProvider, LW_IN LSA_FIND_FLAGS FindFlags, LW_IN LW_OPTIONAL LSA_OBJECT_TYPE ObjectType, LW_IN LSA_QUERY_TYPE QueryType, LW_IN LW_DWORD dwCount, LW_IN LSA_QUERY_LIST QueryList, LW_OUT PLSA_SECURITY_OBJECT **pppObjects)
 Resolve security objects. More...
 
LW_DWORD LsaOpenEnumObjects (LW_IN LW_HANDLE hLsa, LW_IN LW_PCSTR pszTargetProvider, LW_OUT LW_PHANDLE phEnum, LW_IN LSA_FIND_FLAGS FindFlags, LW_IN LSA_OBJECT_TYPE ObjectType, LW_IN LW_OPTIONAL LW_PCSTR pszDomainName)
 Begin object enumeration. More...
 
LW_DWORD LsaEnumObjects (LW_IN LW_HANDLE hLsa, LW_IN LW_HANDLE hEnum, LW_IN LW_DWORD dwMaxObjectsCount, LW_OUT LW_PDWORD pdwObjectsCount, LW_OUT PLSA_SECURITY_OBJECT **pppObjects)
 Enumerate objects. More...
 
LW_DWORD LsaOpenEnumMembers (LW_IN LW_HANDLE hLsa, LW_IN LW_PCSTR pszTargetProvider, LW_OUT LW_PHANDLE phEnum, LW_IN LSA_FIND_FLAGS FindFlags, LW_IN LW_PCSTR pszSid)
 Begin member enumeration. More...
 
LW_DWORD LsaEnumMembers (LW_IN LW_HANDLE hLsa, LW_IN LW_HANDLE hEnum, LW_IN LW_DWORD dwMaxObjectsCount, LW_OUT LW_PDWORD pdwObjectsCount, LW_OUT LW_PSTR **pppszMember)
 Enumerate members. More...
 
LW_DWORD LsaQueryMemberOf (LW_IN LW_HANDLE hLsa, LW_IN LW_PCSTR pszTargetProvider, LW_IN LSA_FIND_FLAGS FindFlags, LW_DWORD dwSidCount, LW_IN LW_PSTR *ppszSids, LW_OUT LW_PDWORD pdwGroupSidCount, LW_OUT LW_PSTR **pppszGroupSids)
 Query group membership of objects. More...
 
LW_DWORD LsaCloseEnum (LW_IN LW_HANDLE hLsa, LW_IN LW_OUT LW_HANDLE hEnum)
 Close enumeration handle. More...
 
LW_VOID LsaFreeSidList (LW_IN LW_DWORD dwSidCount, LW_IN LW_OUT LW_PSTR *ppszSids)
 Free SID list. More...
 
LW_VOID LsaFreeSecurityObjectList (LW_IN LW_DWORD dwObjectCount, LW_IN LW_OUT PLSA_SECURITY_OBJECT *ppObjects)
 Free security object list. More...
 
LW_VOID LsaFreeSecurityObject (LW_IN LW_OUT PLSA_SECURITY_OBJECT pObject)
 Free security object. More...
 
LW_DWORD LsaQueryExpandedGroupMembers (LW_IN LW_HANDLE hLsa, LW_PCSTR pszTargetProvider, LW_IN LSA_FIND_FLAGS FindFlags, LW_IN LSA_OBJECT_TYPE ObjectType, LW_IN LW_PCSTR pszSid, LW_OUT LW_PDWORD pdwMemberCount, LW_OUT PLSA_SECURITY_OBJECT **pppMembers)
 Query expanded group membership. More...
 
LW_DWORD LsaFindGroupAndExpandedMembers (LW_IN LW_HANDLE hLsa, LW_PCSTR pszTargetProvider, LW_IN LSA_FIND_FLAGS FindFlags, LW_IN LSA_QUERY_TYPE QueryType, LW_IN LSA_QUERY_ITEM QueryItem, LW_OUT PLSA_SECURITY_OBJECT *ppGroupObject, LW_OUT LW_PDWORD pdwMemberObjectCount, LW_OUT PLSA_SECURITY_OBJECT **pppMemberObjects)
 Find group and its expanded membership list. More...
 

Detailed Description

Macro Definition Documentation

#define LSA_FIND_FLAGS_NSS

Indicates that the query is to fulfill an NSS (name service switch) request. This hint may be used to omit irrelevant results or avoid unduly expensive network operations.

#define LSA_FIND_FLAGS_LOCAL

Indicates that only objects in local databases should be queried.

#define LSA_FIND_FLAGS_CACHE_ONLY

Indicates that only cached objects should be queried (avoiding network operations).

Typedef Documentation

typedef LW_DWORD LSA_FIND_FLAGS

Flags that can be used to change the behavior of query processing

Enumeration Type Documentation

Specifies the type of key used when querying

Enumerator
LSA_QUERY_TYPE_UNDEFINED 

Undefined.

LSA_QUERY_TYPE_BY_DN 

Query by distinguished name.

LSA_QUERY_TYPE_BY_SID 

Query by SID.

LSA_QUERY_TYPE_BY_NT4 

Query by NT4-style name.

LSA_QUERY_TYPE_BY_UPN 

Query by User Principal Name.

LSA_QUERY_TYPE_BY_ALIAS 

Query by alias.

LSA_QUERY_TYPE_BY_UNIX_ID 

Query by uid or gid.

LSA_QUERY_TYPE_BY_NAME 

Query by generic name.

Designates the type of a security object or the desired type in a query.

Enumerator
LSA_OBJECT_TYPE_UNDEFINED 

Undefined.

LSA_OBJECT_TYPE_GROUP 

Group object.

LSA_OBJECT_TYPE_USER 

User object.

Function Documentation

LW_DWORD LsaOpenServer ( LW_PHANDLE  phConnection)

Creates a connection handle to the local lsass server.

Parameters
[out]phConnectionthe created connection handle
Return values
LW_ERROR_SUCCESSsuccess
LW_ERROR_ERRNO_ECONNREFUSEDthe connection was refused
LW_ERROR_ERRNO_ENOENTthe lsass domain socket was not found
DWORD LsaOpenServerThreaded ( PHANDLE  phConnection)

Creates a connection handle to the local lsass server. The handle may safely be used by multiple threads. This function is only available when linking with lsaclientthr

Parameters
[out]phConnectionthe created connection handle
Return values
LW_ERROR_SUCCESSsuccess
LW_ERROR_ERRNO_ECONNREFUSEDthe connection was refused
LW_ERROR_ERRNO_ENOENTthe lsass domain socket was not found
LW_DWORD LsaCloseServer ( LW_HANDLE  hConnection)

Closes a connection handle opened with LsaOpenServer() or LsaOpenServerThreaded().

Parameters
[in,out]hConnectionthe connection handle to close
Return values
LW_ERROR_SUCCESSsuccess
LW_DWORD LsaDropServer ( LW_HANDLE  hConnection)

This frees the local resources associated with a connection handle opened by LsaOpenServer(), but does not explicitly terminate the session with the server. This is important to prevent a child process from interfering with its parent after a fork().

Parameters
[in,out]hConnectionthe connection handle to close
Return values
LW_ERROR_SUCCESSsuccess
LW_DWORD LsaFindObjects ( LW_IN LW_HANDLE  hLsa,
LW_IN LW_PCSTR  pszTargetProvider,
LW_IN LSA_FIND_FLAGS  FindFlags,
LW_IN LW_OPTIONAL LSA_OBJECT_TYPE  ObjectType,
LW_IN LSA_QUERY_TYPE  QueryType,
LW_IN LW_DWORD  dwCount,
LW_IN LSA_QUERY_LIST  QueryList,
LW_OUT PLSA_SECURITY_OBJECT **  pppObjects 
)

Resolves a homogeneous list of keys to a list of security objects of equal length. The returned list should be freed with LsaFreeSecurityObjectList().

Parameters
[in]hLsaa connection handle
[in]pszTargetProvideran optional provider name. If provided, only that provider will be queried. Otherwise, all providers will be queried
[in]FindFlagsflags that can modify query behavior
[in]ObjectTypethe type of object to return. If LSA_OBJECT_TYPE_UNDEFINED, any type of object matching the query will be returned.
[in]QueryTypethe type of key to query by
[in]dwCountthe number of keys to search for
[in]QueryLista list of keys to search for
[out]pppObjectson success, set to an array of security object pointers equal in length to the query list. Each element of the array may be NULL if the key could not be found.
Return values
LW_ERROR_SUCCESSsuccess
LW_DWORD LsaOpenEnumObjects ( LW_IN LW_HANDLE  hLsa,
LW_IN LW_PCSTR  pszTargetProvider,
LW_OUT LW_PHANDLE  phEnum,
LW_IN LSA_FIND_FLAGS  FindFlags,
LW_IN LSA_OBJECT_TYPE  ObjectType,
LW_IN LW_OPTIONAL LW_PCSTR  pszDomainName 
)

Returns a handle that can be used to enumerate all security objects matching the query criteria. The handle should be freed with LsaCloseEnum().

Parameters
[in]hLsaa connection handle
[in]pszTargetProvideran optional provider name. If provided, only that provider will be queried. Otherwise, all providers will be queried
[out]phEnumset to a handle which can be subsequently used with LsaEnumObjects() to retrieve results.
[in]FindFlagsflags that can modify query behavior
[in]ObjectTypethe type of object to enumerate. If LSA_OBJECT_TYPE_UNDEFINED, all enumerable objects will be returned.
[in]pszDomainNamean optional domain name to further filter results
Return values
LW_ERROR_SUCCESSsuccess
LW_DWORD LsaEnumObjects ( LW_IN LW_HANDLE  hLsa,
LW_IN LW_HANDLE  hEnum,
LW_IN LW_DWORD  dwMaxObjectsCount,
LW_OUT LW_PDWORD  pdwObjectsCount,
LW_OUT PLSA_SECURITY_OBJECT **  pppObjects 
)

Returns objects from an in-progress enumeration. The returned list should be freed with LsaFreeSecurityObjectList().

Parameters
[in]hLsaa connection handle
[in]hEnuman enumeration handle from LsaOpenEnumObjects()
[in]dwMaxObjectsCountthe maximum number of objects to return
[out]pdwObjectsCountset to the length of the returned list
[out]pppObjectsset to a list of returned security objects. Unlike LsaFindObjects(), entries will not be NULL.
Return values
LW_ERROR_SUCCESSsuccess
LW_DWORD LsaOpenEnumMembers ( LW_IN LW_HANDLE  hLsa,
LW_IN LW_PCSTR  pszTargetProvider,
LW_OUT LW_PHANDLE  phEnum,
LW_IN LSA_FIND_FLAGS  FindFlags,
LW_IN LW_PCSTR  pszSid 
)

Returns a handle that can be used to enumerate all direct members of a group. The returned SIDs may represent users or other groups. The handle should be freed with LsaCloseEnum().

Parameters
[in]hLsaa connection handle
[in]pszTargetProvideran optional provider name. If provided, only that provider will be queried. Otherwise, all providers will be queried
[out]phEnumset to a handle which can be subsequently used with LsaEnumMembers() to retrieve results.
[in]FindFlagsflags that can modify query behavior
[in]pszSidthe SID of the group to enumerate as a printed string
Return values
LW_ERROR_SUCCESSsuccess
LW_ERROR_NO_SUCH_GROUPa group with the specified SID did not exist
LW_DWORD LsaEnumMembers ( LW_IN LW_HANDLE  hLsa,
LW_IN LW_HANDLE  hEnum,
LW_IN LW_DWORD  dwMaxObjectsCount,
LW_OUT LW_PDWORD  pdwObjectsCount,
LW_OUT LW_PSTR **  pppszMember 
)

Returns member SIDs from an in-progress member enumeration. The returned list should be freed with LsaFreeSidList().

Parameters
[in]hLsaa connection handle
[in]hEnuman enumeration handle from LsaOpenEnumMembers()
[in]dwMaxObjectsCountthe maximum number of SIDs to return
[out]pdwObjectsCountset to the length of the returned list
[out]pppszMemberset to a list of returned member SIDs in printed form
Return values
LW_ERROR_SUCCESSsuccess
LW_DWORD LsaQueryMemberOf ( LW_IN LW_HANDLE  hLsa,
LW_IN LW_PCSTR  pszTargetProvider,
LW_IN LSA_FIND_FLAGS  FindFlags,
LW_DWORD  dwSidCount,
LW_IN LW_PSTR *  ppszSids,
LW_OUT LW_PDWORD  pdwGroupSidCount,
LW_OUT LW_PSTR **  pppszGroupSids 
)

Given a list of object SIDs, returns a list of group SIDs of which the specified objects are direct or transitive members.

Parameters
[in]hLsaa connection handle
[in]pszTargetProvideran optional provider name. If provided, only that provider will be queried. Otherwise, all providers will be queried
[in]FindFlagsflags that can modify query behavior
[in]dwSidCountthe number of SIDs passed
[in]ppszSidsthe list of SIDs
[out]pdwGroupSidCountset to the number of group SIDs returned
[out]pppszGroupSidsset to an array containing group SIDs in printed form
Return values
LW_ERROR_SUCCESSsuccess
LW_DWORD LsaCloseEnum ( LW_IN LW_HANDLE  hLsa,
LW_IN LW_OUT LW_HANDLE  hEnum 
)

Closes any enumeration handle opened with an enumeration function.

Parameters
[in]hLsaa connection handle
[in,out]hEnumthe enum handle to close
Return values
LW_ERROR_SUCCESSsuccess
LW_VOID LsaFreeSidList ( LW_IN LW_DWORD  dwSidCount,
LW_IN LW_OUT LW_PSTR *  ppszSids 
)

Frees a list of SID strings returned from a previous API call.

Parameters
[in]dwSidCountthe number of SIDs in the array
[in,out]ppszSidsthe array to free
LW_VOID LsaFreeSecurityObjectList ( LW_IN LW_DWORD  dwObjectCount,
LW_IN LW_OUT PLSA_SECURITY_OBJECT ppObjects 
)

Frees a list of security objects returned from a previous API call.

Parameters
[in]dwObjectCountthe number of objects in the array
[in,out]ppObjectsthe array to free
LW_VOID LsaFreeSecurityObject ( LW_IN LW_OUT PLSA_SECURITY_OBJECT  pObject)

Frees a single security object

Parameters
[in,out]pObjectthe object to free
LW_DWORD LsaQueryExpandedGroupMembers ( LW_IN LW_HANDLE  hLsa,
LW_PCSTR  pszTargetProvider,
LW_IN LSA_FIND_FLAGS  FindFlags,
LW_IN LSA_OBJECT_TYPE  ObjectType,
LW_IN LW_PCSTR  pszSid,
LW_OUT LW_PDWORD  pdwMemberCount,
LW_OUT PLSA_SECURITY_OBJECT **  pppMembers 
)

Returns a list of security objects of all transitive members of a group. This is equivalent to recursive calls to LsaOpenEnumMembers()/LsaEnumMembers()/LsaCloseEnum() and LsaFindObjects(). The returned list should be freed with LsaFreeSecurityObjectList().

Parameters
[in]hLsaa connection handle
[in]pszTargetProvideran optional provider name. If provided, only that provider will be queried. Otherwise, all providers will be queried
[in]FindFlagsflags that can modify query behavior
[in]ObjectTypethe type of member to return. If LSA_OBJECT_TYPE_UNDEFINED, all members are returned
[in]pszSidthe SID of the group to expand as a printed string
[out]pdwMemberCountset to the number of returned members
[out]pppMembersset to the list of returned members
Return values
LW_ERROR_SUCCESSsuccess
LW_ERROR_NO_SUCH_GROUPa group with the specified SID did not exist
LW_DWORD LsaFindGroupAndExpandedMembers ( LW_IN LW_HANDLE  hLsa,
LW_PCSTR  pszTargetProvider,
LW_IN LSA_FIND_FLAGS  FindFlags,
LW_IN LSA_QUERY_TYPE  QueryType,
LW_IN LSA_QUERY_ITEM  QueryItem,
LW_OUT PLSA_SECURITY_OBJECT ppGroupObject,
LW_OUT LW_PDWORD  pdwMemberObjectCount,
LW_OUT PLSA_SECURITY_OBJECT **  pppMemberObjects 
)

Returns a security object for a group along with a list of its expanded members. This is equivalent to LsaFindObjects() followed by LsaQueryExpandedGroupMembers() of the resulting SID, but with reduced overhead. The returned group security object should be freed with LsaFreeSecurityObject(), and the returned member list should be freed with LsaFreeSecurityObjectList().

Parameters
[in]hLsaa connection handle
[in]pszTargetProvideran optional provider name. If provided, only that provider will be queried. Otherwise, all providers will be queried
[in]FindFlagsflags that can modify query behavior
[in]QueryTypethe type of key to query by
[in]QueryItemthe key to query by
[out]ppGroupObjectset to the security object for the group
[out]pdwMemberObjectCountset to the number of returned members
[out]pppMemberObjectsset to the list of returned members
Return values
LW_ERROR_SUCCESSsuccess
LW_ERROR_NO_SUCH_GROUPthe group was not found