1 /** 2 * This file has no copyright assigned and is placed in the Public Domain. 3 * This file is part of the mingw-w64 runtime package. 4 * No warranty is given; refer to the file DISCLAIMER.PD within this package. 5 */ 6 #ifndef _NTSECAPI_ 7 #define _NTSECAPI_ 8 9 #ifdef __cplusplus 10 extern "C" { 11 #endif 12 13 #if !defined (_NTDEF_) && !defined (_NTSTATUS_PSDK) 14 #define _NTSTATUS_PSDK 15 typedef LONG NTSTATUS,*PNTSTATUS; 16 #endif 17 18 #ifndef _NTLSA_IFS_ 19 typedef ULONG LSA_OPERATIONAL_MODE,*PLSA_OPERATIONAL_MODE; 20 #endif 21 22 #define LSA_MODE_PASSWORD_PROTECTED (__MSABI_LONG(0x00000001)) 23 #define LSA_MODE_INDIVIDUAL_ACCOUNTS (__MSABI_LONG(0x00000002)) 24 #define LSA_MODE_MANDATORY_ACCESS (__MSABI_LONG(0x00000004)) 25 #define LSA_MODE_LOG_FULL (__MSABI_LONG(0x00000008)) 26 27 #ifndef _NTLSA_IFS_ 28 typedef enum _SECURITY_LOGON_TYPE { 29 Interactive = 2,Network,Batch,Service,Proxy,Unlock,NetworkCleartext,NewCredentials,RemoteInteractive,CachedInteractive, 30 CachedRemoteInteractive,CachedUnlock 31 } SECURITY_LOGON_TYPE,*PSECURITY_LOGON_TYPE; 32 #endif 33 34 #ifndef _NTLSA_IFS_ 35 36 #ifndef _NTLSA_AUDIT_ 37 #define _NTLSA_AUDIT_ 38 39 typedef enum _SE_ADT_PARAMETER_TYPE { 40 SeAdtParmTypeNone = 0,SeAdtParmTypeString,SeAdtParmTypeFileSpec,SeAdtParmTypeUlong,SeAdtParmTypeSid,SeAdtParmTypeLogonId, 41 SeAdtParmTypeNoLogonId,SeAdtParmTypeAccessMask,SeAdtParmTypePrivs,SeAdtParmTypeObjectTypes,SeAdtParmTypeHexUlong,SeAdtParmTypePtr, 42 SeAdtParmTypeTime,SeAdtParmTypeGuid,SeAdtParmTypeLuid,SeAdtParmTypeHexInt64,SeAdtParmTypeStringList,SeAdtParmTypeSidList, 43 SeAdtParmTypeDuration,SeAdtParmTypeUserAccountControl,SeAdtParmTypeNoUac,SeAdtParmTypeMessage,SeAdtParmTypeDateTime,SeAdtParmTypeSockAddr 44 } SE_ADT_PARAMETER_TYPE,*PSE_ADT_PARAMETER_TYPE; 45 46 #include <guiddef.h> 47 48 #define SE_ADT_OBJECT_ONLY 0x1 49 50 typedef struct _SE_ADT_OBJECT_TYPE { 51 GUID ObjectType; 52 USHORT Flags; 53 USHORT Level; 54 ACCESS_MASK AccessMask; 55 } SE_ADT_OBJECT_TYPE,*PSE_ADT_OBJECT_TYPE; 56 57 typedef struct _SE_ADT_PARAMETER_ARRAY_ENTRY { 58 SE_ADT_PARAMETER_TYPE Type; 59 ULONG Length; 60 ULONG_PTR Data[2]; 61 PVOID Address; 62 } SE_ADT_PARAMETER_ARRAY_ENTRY,*PSE_ADT_PARAMETER_ARRAY_ENTRY; 63 64 #define SE_MAX_AUDIT_PARAMETERS 32 65 #define SE_MAX_GENERIC_AUDIT_PARAMETERS 28 66 67 typedef struct _SE_ADT_PARAMETER_ARRAY { 68 ULONG CategoryId; 69 ULONG AuditId; 70 ULONG ParameterCount; 71 ULONG Length; 72 USHORT Type; 73 ULONG Flags; 74 SE_ADT_PARAMETER_ARRAY_ENTRY Parameters[SE_MAX_AUDIT_PARAMETERS ]; 75 } SE_ADT_PARAMETER_ARRAY,*PSE_ADT_PARAMETER_ARRAY; 76 77 #define SE_ADT_PARAMETERS_SELF_RELATIVE 0x00000001 78 #endif 79 #endif 80 81 typedef enum _POLICY_AUDIT_EVENT_TYPE { 82 AuditCategorySystem = 0,AuditCategoryLogon,AuditCategoryObjectAccess,AuditCategoryPrivilegeUse,AuditCategoryDetailedTracking, 83 AuditCategoryPolicyChange,AuditCategoryAccountManagement,AuditCategoryDirectoryServiceAccess,AuditCategoryAccountLogon 84 } POLICY_AUDIT_EVENT_TYPE,*PPOLICY_AUDIT_EVENT_TYPE; 85 86 #define POLICY_AUDIT_EVENT_UNCHANGED (__MSABI_LONG(0x00000000)) 87 #define POLICY_AUDIT_EVENT_SUCCESS (__MSABI_LONG(0x00000001)) 88 #define POLICY_AUDIT_EVENT_FAILURE (__MSABI_LONG(0x00000002)) 89 #define POLICY_AUDIT_EVENT_NONE (__MSABI_LONG(0x00000004)) 90 #define POLICY_AUDIT_EVENT_MASK (POLICY_AUDIT_EVENT_SUCCESS | POLICY_AUDIT_EVENT_FAILURE | POLICY_AUDIT_EVENT_UNCHANGED | POLICY_AUDIT_EVENT_NONE) 91 92 #ifdef _NTDEF_ 93 typedef UNICODE_STRING LSA_UNICODE_STRING,*PLSA_UNICODE_STRING; 94 typedef STRING LSA_STRING,*PLSA_STRING; 95 typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES,*PLSA_OBJECT_ATTRIBUTES; 96 #else 97 98 #ifndef _NO_W32_PSEUDO_MODIFIERS 99 #ifndef IN 100 #define IN 101 #endif 102 #ifndef OUT 103 #define OUT 104 #endif 105 #ifndef OPTIONAL 106 #define OPTIONAL 107 #endif 108 #endif 109 110 typedef struct _LSA_UNICODE_STRING { 111 USHORT Length; 112 USHORT MaximumLength; 113 PWSTR Buffer; 114 } LSA_UNICODE_STRING,*PLSA_UNICODE_STRING; 115 116 typedef struct _LSA_STRING { 117 USHORT Length; 118 USHORT MaximumLength; 119 PCHAR Buffer; 120 } LSA_STRING,*PLSA_STRING; 121 122 typedef struct _LSA_OBJECT_ATTRIBUTES { 123 ULONG Length; 124 HANDLE RootDirectory; 125 PLSA_UNICODE_STRING ObjectName; 126 ULONG Attributes; 127 PVOID SecurityDescriptor; 128 PVOID SecurityQualityOfService; 129 } LSA_OBJECT_ATTRIBUTES,*PLSA_OBJECT_ATTRIBUTES; 130 #endif 131 132 #define LSA_SUCCESS(Error) ((LONG)(Error) >= 0) 133 134 #ifndef _NTLSA_IFS_ 135 NTSTATUS NTAPI LsaRegisterLogonProcess(PLSA_STRING LogonProcessName,PHANDLE LsaHandle,PLSA_OPERATIONAL_MODE SecurityMode); 136 NTSTATUS NTAPI LsaLogonUser(HANDLE LsaHandle,PLSA_STRING OriginName,SECURITY_LOGON_TYPE LogonType,ULONG AuthenticationPackage,PVOID AuthenticationInformation,ULONG AuthenticationInformationLength,PTOKEN_GROUPS LocalGroups,PTOKEN_SOURCE SourceContext,PVOID *ProfileBuffer,PULONG ProfileBufferLength,PLUID LogonId,PHANDLE Token,PQUOTA_LIMITS Quotas,PNTSTATUS SubStatus); 137 NTSTATUS NTAPI LsaLookupAuthenticationPackage(HANDLE LsaHandle,PLSA_STRING PackageName,PULONG AuthenticationPackage); 138 NTSTATUS NTAPI LsaFreeReturnBuffer (PVOID Buffer); 139 NTSTATUS NTAPI LsaCallAuthenticationPackage(HANDLE LsaHandle,ULONG AuthenticationPackage,PVOID ProtocolSubmitBuffer,ULONG SubmitBufferLength,PVOID *ProtocolReturnBuffer,PULONG ReturnBufferLength,PNTSTATUS ProtocolStatus); 140 NTSTATUS NTAPI LsaDeregisterLogonProcess(HANDLE LsaHandle); 141 NTSTATUS NTAPI LsaConnectUntrusted(PHANDLE LsaHandle); 142 #endif 143 144 #define POLICY_VIEW_LOCAL_INFORMATION __MSABI_LONG(0x00000001) 145 #define POLICY_VIEW_AUDIT_INFORMATION __MSABI_LONG(0x00000002) 146 #define POLICY_GET_PRIVATE_INFORMATION __MSABI_LONG(0x00000004) 147 #define POLICY_TRUST_ADMIN __MSABI_LONG(0x00000008) 148 #define POLICY_CREATE_ACCOUNT __MSABI_LONG(0x00000010) 149 #define POLICY_CREATE_SECRET __MSABI_LONG(0x00000020) 150 #define POLICY_CREATE_PRIVILEGE __MSABI_LONG(0x00000040) 151 #define POLICY_SET_DEFAULT_QUOTA_LIMITS __MSABI_LONG(0x00000080) 152 #define POLICY_SET_AUDIT_REQUIREMENTS __MSABI_LONG(0x00000100) 153 #define POLICY_AUDIT_LOG_ADMIN __MSABI_LONG(0x00000200) 154 #define POLICY_SERVER_ADMIN __MSABI_LONG(0x00000400) 155 #define POLICY_LOOKUP_NAMES __MSABI_LONG(0x00000800) 156 #define POLICY_NOTIFICATION __MSABI_LONG(0x00001000) 157 158 #define POLICY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | POLICY_VIEW_LOCAL_INFORMATION | POLICY_VIEW_AUDIT_INFORMATION | POLICY_GET_PRIVATE_INFORMATION | POLICY_TRUST_ADMIN | POLICY_CREATE_ACCOUNT | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE | POLICY_SET_DEFAULT_QUOTA_LIMITS | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN | POLICY_SERVER_ADMIN | POLICY_LOOKUP_NAMES) 159 #define POLICY_READ (STANDARD_RIGHTS_READ | POLICY_VIEW_AUDIT_INFORMATION | POLICY_GET_PRIVATE_INFORMATION) 160 #define POLICY_WRITE (STANDARD_RIGHTS_WRITE | POLICY_TRUST_ADMIN | POLICY_CREATE_ACCOUNT | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE | POLICY_SET_DEFAULT_QUOTA_LIMITS | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN | POLICY_SERVER_ADMIN) 161 #define POLICY_EXECUTE (STANDARD_RIGHTS_EXECUTE | POLICY_VIEW_LOCAL_INFORMATION | POLICY_LOOKUP_NAMES) 162 163 typedef struct _LSA_TRUST_INFORMATION { 164 LSA_UNICODE_STRING Name; 165 PSID Sid; 166 } LSA_TRUST_INFORMATION,*PLSA_TRUST_INFORMATION; 167 168 typedef struct _LSA_REFERENCED_DOMAIN_LIST { 169 ULONG Entries; 170 PLSA_TRUST_INFORMATION Domains; 171 } LSA_REFERENCED_DOMAIN_LIST,*PLSA_REFERENCED_DOMAIN_LIST; 172 173 typedef struct _LSA_TRANSLATED_SID { 174 SID_NAME_USE Use; 175 ULONG RelativeId; 176 LONG DomainIndex; 177 } LSA_TRANSLATED_SID,*PLSA_TRANSLATED_SID; 178 179 typedef struct _LSA_TRANSLATED_SID2 { 180 SID_NAME_USE Use; 181 PSID Sid; 182 LONG DomainIndex; 183 ULONG Flags; 184 } LSA_TRANSLATED_SID2,*PLSA_TRANSLATED_SID2; 185 186 typedef struct _LSA_TRANSLATED_NAME { 187 SID_NAME_USE Use; 188 LSA_UNICODE_STRING Name; 189 LONG DomainIndex; 190 } LSA_TRANSLATED_NAME,*PLSA_TRANSLATED_NAME; 191 192 typedef enum _POLICY_LSA_SERVER_ROLE { 193 PolicyServerRoleBackup = 2,PolicyServerRolePrimary 194 } POLICY_LSA_SERVER_ROLE,*PPOLICY_LSA_SERVER_ROLE; 195 196 typedef ULONG POLICY_AUDIT_EVENT_OPTIONS,*PPOLICY_AUDIT_EVENT_OPTIONS; 197 198 typedef enum _POLICY_INFORMATION_CLASS { 199 PolicyAuditLogInformation = 1,PolicyAuditEventsInformation,PolicyPrimaryDomainInformation,PolicyPdAccountInformation, 200 PolicyAccountDomainInformation,PolicyLsaServerRoleInformation,PolicyReplicaSourceInformation,PolicyDefaultQuotaInformation, 201 PolicyModificationInformation,PolicyAuditFullSetInformation,PolicyAuditFullQueryInformation,PolicyDnsDomainInformation, 202 PolicyDnsDomainInformationInt 203 } POLICY_INFORMATION_CLASS,*PPOLICY_INFORMATION_CLASS; 204 205 typedef struct _POLICY_AUDIT_LOG_INFO { 206 ULONG AuditLogPercentFull; 207 ULONG MaximumLogSize; 208 LARGE_INTEGER AuditRetentionPeriod; 209 BOOLEAN AuditLogFullShutdownInProgress; 210 LARGE_INTEGER TimeToShutdown; 211 ULONG NextAuditRecordId; 212 } POLICY_AUDIT_LOG_INFO,*PPOLICY_AUDIT_LOG_INFO; 213 214 typedef struct _POLICY_AUDIT_EVENTS_INFO { 215 BOOLEAN AuditingMode; 216 PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions; 217 ULONG MaximumAuditEventCount; 218 } POLICY_AUDIT_EVENTS_INFO,*PPOLICY_AUDIT_EVENTS_INFO; 219 220 typedef struct _POLICY_ACCOUNT_DOMAIN_INFO { 221 LSA_UNICODE_STRING DomainName; 222 PSID DomainSid; 223 } POLICY_ACCOUNT_DOMAIN_INFO,*PPOLICY_ACCOUNT_DOMAIN_INFO; 224 225 typedef struct _POLICY_PRIMARY_DOMAIN_INFO { 226 LSA_UNICODE_STRING Name; 227 PSID Sid; 228 } POLICY_PRIMARY_DOMAIN_INFO,*PPOLICY_PRIMARY_DOMAIN_INFO; 229 230 typedef struct _POLICY_DNS_DOMAIN_INFO { 231 LSA_UNICODE_STRING Name; 232 LSA_UNICODE_STRING DnsDomainName; 233 LSA_UNICODE_STRING DnsForestName; 234 GUID DomainGuid; 235 PSID Sid; 236 } POLICY_DNS_DOMAIN_INFO,*PPOLICY_DNS_DOMAIN_INFO; 237 238 typedef struct _POLICY_PD_ACCOUNT_INFO { 239 LSA_UNICODE_STRING Name; 240 } POLICY_PD_ACCOUNT_INFO,*PPOLICY_PD_ACCOUNT_INFO; 241 242 typedef struct _POLICY_LSA_SERVER_ROLE_INFO { 243 POLICY_LSA_SERVER_ROLE LsaServerRole; 244 } POLICY_LSA_SERVER_ROLE_INFO,*PPOLICY_LSA_SERVER_ROLE_INFO; 245 246 typedef struct _POLICY_REPLICA_SOURCE_INFO { 247 LSA_UNICODE_STRING ReplicaSource; 248 LSA_UNICODE_STRING ReplicaAccountName; 249 } POLICY_REPLICA_SOURCE_INFO,*PPOLICY_REPLICA_SOURCE_INFO; 250 251 typedef struct _POLICY_DEFAULT_QUOTA_INFO { 252 QUOTA_LIMITS QuotaLimits; 253 } POLICY_DEFAULT_QUOTA_INFO,*PPOLICY_DEFAULT_QUOTA_INFO; 254 255 typedef struct _POLICY_MODIFICATION_INFO { 256 LARGE_INTEGER ModifiedId; 257 LARGE_INTEGER DatabaseCreationTime; 258 } POLICY_MODIFICATION_INFO,*PPOLICY_MODIFICATION_INFO; 259 260 typedef struct _POLICY_AUDIT_FULL_SET_INFO { 261 BOOLEAN ShutDownOnFull; 262 } POLICY_AUDIT_FULL_SET_INFO,*PPOLICY_AUDIT_FULL_SET_INFO; 263 264 typedef struct _POLICY_AUDIT_FULL_QUERY_INFO { 265 BOOLEAN ShutDownOnFull; 266 BOOLEAN LogIsFull; 267 } POLICY_AUDIT_FULL_QUERY_INFO,*PPOLICY_AUDIT_FULL_QUERY_INFO; 268 269 typedef enum _POLICY_DOMAIN_INFORMATION_CLASS { 270 PolicyDomainEfsInformation = 2,PolicyDomainKerberosTicketInformation 271 } POLICY_DOMAIN_INFORMATION_CLASS,*PPOLICY_DOMAIN_INFORMATION_CLASS; 272 273 typedef struct _POLICY_DOMAIN_EFS_INFO { 274 ULONG InfoLength; 275 PUCHAR EfsBlob; 276 } POLICY_DOMAIN_EFS_INFO,*PPOLICY_DOMAIN_EFS_INFO; 277 278 #define POLICY_KERBEROS_VALIDATE_CLIENT 0x00000080 279 280 typedef struct _POLICY_DOMAIN_KERBEROS_TICKET_INFO { 281 ULONG AuthenticationOptions; 282 LARGE_INTEGER MaxServiceTicketAge; 283 LARGE_INTEGER MaxTicketAge; 284 LARGE_INTEGER MaxRenewAge; 285 LARGE_INTEGER MaxClockSkew; 286 LARGE_INTEGER Reserved; 287 } POLICY_DOMAIN_KERBEROS_TICKET_INFO,*PPOLICY_DOMAIN_KERBEROS_TICKET_INFO; 288 289 typedef enum _POLICY_NOTIFICATION_INFORMATION_CLASS { 290 PolicyNotifyAuditEventsInformation = 1,PolicyNotifyAccountDomainInformation,PolicyNotifyServerRoleInformation,PolicyNotifyDnsDomainInformation, 291 PolicyNotifyDomainEfsInformation,PolicyNotifyDomainKerberosTicketInformation,PolicyNotifyMachineAccountPasswordInformation 292 } POLICY_NOTIFICATION_INFORMATION_CLASS,*PPOLICY_NOTIFICATION_INFORMATION_CLASS; 293 294 typedef PVOID LSA_HANDLE,*PLSA_HANDLE; 295 296 typedef enum _TRUSTED_INFORMATION_CLASS { 297 TrustedDomainNameInformation = 1,TrustedControllersInformation,TrustedPosixOffsetInformation,TrustedPasswordInformation, 298 TrustedDomainInformationBasic,TrustedDomainInformationEx,TrustedDomainAuthInformation,TrustedDomainFullInformation, 299 TrustedDomainAuthInformationInternal,TrustedDomainFullInformationInternal,TrustedDomainInformationEx2Internal,TrustedDomainFullInformation2Internal 300 } TRUSTED_INFORMATION_CLASS,*PTRUSTED_INFORMATION_CLASS; 301 302 typedef struct _TRUSTED_DOMAIN_NAME_INFO { 303 LSA_UNICODE_STRING Name; 304 } TRUSTED_DOMAIN_NAME_INFO,*PTRUSTED_DOMAIN_NAME_INFO; 305 306 typedef struct _TRUSTED_CONTROLLERS_INFO { 307 ULONG Entries; 308 PLSA_UNICODE_STRING Names; 309 } TRUSTED_CONTROLLERS_INFO,*PTRUSTED_CONTROLLERS_INFO; 310 311 typedef struct _TRUSTED_POSIX_OFFSET_INFO { 312 ULONG Offset; 313 } TRUSTED_POSIX_OFFSET_INFO,*PTRUSTED_POSIX_OFFSET_INFO; 314 315 typedef struct _TRUSTED_PASSWORD_INFO { 316 LSA_UNICODE_STRING Password; 317 LSA_UNICODE_STRING OldPassword; 318 } TRUSTED_PASSWORD_INFO,*PTRUSTED_PASSWORD_INFO; 319 320 typedef LSA_TRUST_INFORMATION TRUSTED_DOMAIN_INFORMATION_BASIC; 321 typedef PLSA_TRUST_INFORMATION PTRUSTED_DOMAIN_INFORMATION_BASIC; 322 323 #define TRUST_DIRECTION_DISABLED 0x00000000 324 #define TRUST_DIRECTION_INBOUND 0x00000001 325 #define TRUST_DIRECTION_OUTBOUND 0x00000002 326 #define TRUST_DIRECTION_BIDIRECTIONAL (TRUST_DIRECTION_INBOUND | TRUST_DIRECTION_OUTBOUND) 327 328 #define TRUST_TYPE_DOWNLEVEL 0x00000001 329 #define TRUST_TYPE_UPLEVEL 0x00000002 330 #define TRUST_TYPE_MIT 0x00000003 331 332 #define TRUST_ATTRIBUTE_NON_TRANSITIVE 0x00000001 333 #define TRUST_ATTRIBUTE_UPLEVEL_ONLY 0x00000002 334 #define TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0x00000004 335 #define TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0x00000008 336 #define TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0x00000010 337 #define TRUST_ATTRIBUTE_WITHIN_FOREST 0x00000020 338 #define TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0x00000040 339 #define TRUST_ATTRIBUTE_TRUST_USES_RC4_ENCRYPTION 0x00000080 340 341 #define TRUST_ATTRIBUTES_VALID 0xFF03FFFF 342 #define TRUST_ATTRIBUTES_USER 0xFF000000 343 344 typedef struct _TRUSTED_DOMAIN_INFORMATION_EX { 345 LSA_UNICODE_STRING Name; 346 LSA_UNICODE_STRING FlatName; 347 PSID Sid; 348 ULONG TrustDirection; 349 ULONG TrustType; 350 ULONG TrustAttributes; 351 } TRUSTED_DOMAIN_INFORMATION_EX,*PTRUSTED_DOMAIN_INFORMATION_EX; 352 353 typedef struct _TRUSTED_DOMAIN_INFORMATION_EX2 { 354 LSA_UNICODE_STRING Name; 355 LSA_UNICODE_STRING FlatName; 356 PSID Sid; 357 ULONG TrustDirection; 358 ULONG TrustType; 359 ULONG TrustAttributes; 360 ULONG ForestTrustLength; 361 PUCHAR ForestTrustInfo; 362 } TRUSTED_DOMAIN_INFORMATION_EX2,*PTRUSTED_DOMAIN_INFORMATION_EX2; 363 364 #define TRUST_AUTH_TYPE_NONE 0 365 #define TRUST_AUTH_TYPE_NT4OWF 1 366 #define TRUST_AUTH_TYPE_CLEAR 2 367 #define TRUST_AUTH_TYPE_VERSION 3 368 369 typedef struct _LSA_AUTH_INFORMATION { 370 LARGE_INTEGER LastUpdateTime; 371 ULONG AuthType; 372 ULONG AuthInfoLength; 373 PUCHAR AuthInfo; 374 } LSA_AUTH_INFORMATION,*PLSA_AUTH_INFORMATION; 375 376 typedef struct _TRUSTED_DOMAIN_AUTH_INFORMATION { 377 ULONG IncomingAuthInfos; 378 PLSA_AUTH_INFORMATION IncomingAuthenticationInformation; 379 PLSA_AUTH_INFORMATION IncomingPreviousAuthenticationInformation; 380 ULONG OutgoingAuthInfos; 381 PLSA_AUTH_INFORMATION OutgoingAuthenticationInformation; 382 PLSA_AUTH_INFORMATION OutgoingPreviousAuthenticationInformation; 383 } TRUSTED_DOMAIN_AUTH_INFORMATION,*PTRUSTED_DOMAIN_AUTH_INFORMATION; 384 385 typedef struct _TRUSTED_DOMAIN_FULL_INFORMATION { 386 TRUSTED_DOMAIN_INFORMATION_EX Information; 387 TRUSTED_POSIX_OFFSET_INFO PosixOffset; 388 TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation; 389 } TRUSTED_DOMAIN_FULL_INFORMATION,*PTRUSTED_DOMAIN_FULL_INFORMATION; 390 391 typedef struct _TRUSTED_DOMAIN_FULL_INFORMATION2 { 392 TRUSTED_DOMAIN_INFORMATION_EX2 Information; 393 TRUSTED_POSIX_OFFSET_INFO PosixOffset; 394 TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation; 395 } TRUSTED_DOMAIN_FULL_INFORMATION2,*PTRUSTED_DOMAIN_FULL_INFORMATION2; 396 397 typedef enum { 398 ForestTrustTopLevelName,ForestTrustTopLevelNameEx,ForestTrustDomainInfo,ForestTrustRecordTypeLast = ForestTrustDomainInfo 399 } LSA_FOREST_TRUST_RECORD_TYPE; 400 401 #define LSA_FTRECORD_DISABLED_REASONS (__MSABI_LONG(0x0000FFFF)) 402 403 #define LSA_TLN_DISABLED_NEW (__MSABI_LONG(0x00000001)) 404 #define LSA_TLN_DISABLED_ADMIN (__MSABI_LONG(0x00000002)) 405 #define LSA_TLN_DISABLED_CONFLICT (__MSABI_LONG(0x00000004)) 406 407 #define LSA_SID_DISABLED_ADMIN (__MSABI_LONG(0x00000001)) 408 #define LSA_SID_DISABLED_CONFLICT (__MSABI_LONG(0x00000002)) 409 #define LSA_NB_DISABLED_ADMIN (__MSABI_LONG(0x00000004)) 410 #define LSA_NB_DISABLED_CONFLICT (__MSABI_LONG(0x00000008)) 411 412 typedef struct _LSA_FOREST_TRUST_DOMAIN_INFO { 413 PSID Sid; 414 LSA_UNICODE_STRING DnsName; 415 LSA_UNICODE_STRING NetbiosName; 416 } LSA_FOREST_TRUST_DOMAIN_INFO,*PLSA_FOREST_TRUST_DOMAIN_INFO; 417 418 #define MAX_FOREST_TRUST_BINARY_DATA_SIZE (128*1024) 419 420 typedef struct _LSA_FOREST_TRUST_BINARY_DATA { 421 ULONG Length; 422 PUCHAR Buffer; 423 } LSA_FOREST_TRUST_BINARY_DATA,*PLSA_FOREST_TRUST_BINARY_DATA; 424 425 typedef struct _LSA_FOREST_TRUST_RECORD { 426 ULONG Flags; 427 LSA_FOREST_TRUST_RECORD_TYPE ForestTrustType; 428 LARGE_INTEGER Time; 429 union { 430 LSA_UNICODE_STRING TopLevelName; 431 LSA_FOREST_TRUST_DOMAIN_INFO DomainInfo; 432 LSA_FOREST_TRUST_BINARY_DATA Data; 433 } ForestTrustData; 434 } LSA_FOREST_TRUST_RECORD,*PLSA_FOREST_TRUST_RECORD; 435 436 #define MAX_RECORDS_IN_FOREST_TRUST_INFO 4000 437 438 typedef struct _LSA_FOREST_TRUST_INFORMATION { 439 ULONG RecordCount; 440 PLSA_FOREST_TRUST_RECORD *Entries; 441 } LSA_FOREST_TRUST_INFORMATION,*PLSA_FOREST_TRUST_INFORMATION; 442 443 typedef enum { 444 CollisionTdo,CollisionXref,CollisionOther 445 } LSA_FOREST_TRUST_COLLISION_RECORD_TYPE; 446 447 typedef struct _LSA_FOREST_TRUST_COLLISION_RECORD { 448 ULONG Index; 449 LSA_FOREST_TRUST_COLLISION_RECORD_TYPE Type; 450 ULONG Flags; 451 LSA_UNICODE_STRING Name; 452 } LSA_FOREST_TRUST_COLLISION_RECORD,*PLSA_FOREST_TRUST_COLLISION_RECORD; 453 454 typedef struct _LSA_FOREST_TRUST_COLLISION_INFORMATION { 455 ULONG RecordCount; 456 PLSA_FOREST_TRUST_COLLISION_RECORD *Entries; 457 } LSA_FOREST_TRUST_COLLISION_INFORMATION,*PLSA_FOREST_TRUST_COLLISION_INFORMATION; 458 459 typedef ULONG LSA_ENUMERATION_HANDLE,*PLSA_ENUMERATION_HANDLE; 460 461 typedef struct _LSA_ENUMERATION_INFORMATION { 462 PSID Sid; 463 } LSA_ENUMERATION_INFORMATION,*PLSA_ENUMERATION_INFORMATION; 464 465 NTSTATUS NTAPI LsaFreeMemory(PVOID Buffer); 466 NTSTATUS NTAPI LsaClose(LSA_HANDLE ObjectHandle); 467 468 typedef struct _SECURITY_LOGON_SESSION_DATA { 469 ULONG Size; 470 LUID LogonId; 471 LSA_UNICODE_STRING UserName; 472 LSA_UNICODE_STRING LogonDomain; 473 LSA_UNICODE_STRING AuthenticationPackage; 474 ULONG LogonType; 475 ULONG Session; 476 PSID Sid; 477 LARGE_INTEGER LogonTime; 478 LSA_UNICODE_STRING LogonServer; 479 LSA_UNICODE_STRING DnsDomainName; 480 LSA_UNICODE_STRING Upn; 481 } SECURITY_LOGON_SESSION_DATA,*PSECURITY_LOGON_SESSION_DATA; 482 483 NTSTATUS NTAPI LsaEnumerateLogonSessions(PULONG LogonSessionCount,PLUID *LogonSessionList); 484 NTSTATUS NTAPI LsaGetLogonSessionData(PLUID LogonId,PSECURITY_LOGON_SESSION_DATA *ppLogonSessionData); 485 NTSTATUS NTAPI LsaOpenPolicy(PLSA_UNICODE_STRING SystemName,PLSA_OBJECT_ATTRIBUTES ObjectAttributes,ACCESS_MASK DesiredAccess,PLSA_HANDLE PolicyHandle); 486 NTSTATUS NTAPI LsaQueryInformationPolicy(LSA_HANDLE PolicyHandle,POLICY_INFORMATION_CLASS InformationClass,PVOID *Buffer); 487 NTSTATUS NTAPI LsaSetInformationPolicy(LSA_HANDLE PolicyHandle,POLICY_INFORMATION_CLASS InformationClass,PVOID Buffer); 488 NTSTATUS NTAPI LsaQueryDomainInformationPolicy(LSA_HANDLE PolicyHandle,POLICY_DOMAIN_INFORMATION_CLASS InformationClass,PVOID *Buffer); 489 NTSTATUS NTAPI LsaSetDomainInformationPolicy(LSA_HANDLE PolicyHandle,POLICY_DOMAIN_INFORMATION_CLASS InformationClass,PVOID Buffer); 490 NTSTATUS NTAPI LsaRegisterPolicyChangeNotification(POLICY_NOTIFICATION_INFORMATION_CLASS InformationClass,HANDLE NotificationEventHandle); 491 NTSTATUS NTAPI LsaUnregisterPolicyChangeNotification(POLICY_NOTIFICATION_INFORMATION_CLASS InformationClass,HANDLE NotificationEventHandle); 492 NTSTATUS NTAPI LsaEnumerateTrustedDomains(LSA_HANDLE PolicyHandle,PLSA_ENUMERATION_HANDLE EnumerationContext,PVOID *Buffer,ULONG PreferedMaximumLength,PULONG CountReturned); 493 NTSTATUS NTAPI LsaLookupNames(LSA_HANDLE PolicyHandle,ULONG Count,PLSA_UNICODE_STRING Names,PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,PLSA_TRANSLATED_SID *Sids); 494 NTSTATUS NTAPI LsaLookupNames2(LSA_HANDLE PolicyHandle,ULONG Flags,ULONG Count,PLSA_UNICODE_STRING Names,PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,PLSA_TRANSLATED_SID2 *Sids); 495 NTSTATUS NTAPI LsaLookupSids(LSA_HANDLE PolicyHandle,ULONG Count,PSID *Sids,PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,PLSA_TRANSLATED_NAME *Names); 496 497 #define SE_INTERACTIVE_LOGON_NAME TEXT("SeInteractiveLogonRight") 498 #define SE_NETWORK_LOGON_NAME TEXT("SeNetworkLogonRight") 499 #define SE_BATCH_LOGON_NAME TEXT("SeBatchLogonRight") 500 #define SE_SERVICE_LOGON_NAME TEXT("SeServiceLogonRight") 501 #define SE_DENY_INTERACTIVE_LOGON_NAME TEXT("SeDenyInteractiveLogonRight") 502 #define SE_DENY_NETWORK_LOGON_NAME TEXT("SeDenyNetworkLogonRight") 503 #define SE_DENY_BATCH_LOGON_NAME TEXT("SeDenyBatchLogonRight") 504 #define SE_DENY_SERVICE_LOGON_NAME TEXT("SeDenyServiceLogonRight") 505 #define SE_REMOTE_INTERACTIVE_LOGON_NAME TEXT("SeRemoteInteractiveLogonRight") 506 #define SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME TEXT("SeDenyRemoteInteractiveLogonRight") 507 508 NTSTATUS NTAPI LsaEnumerateAccountsWithUserRight(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING UserRight,PVOID *Buffer,PULONG CountReturned); 509 NTSTATUS NTAPI LsaEnumerateAccountRights(LSA_HANDLE PolicyHandle,PSID AccountSid,PLSA_UNICODE_STRING *UserRights,PULONG CountOfRights); 510 NTSTATUS NTAPI LsaAddAccountRights(LSA_HANDLE PolicyHandle,PSID AccountSid,PLSA_UNICODE_STRING UserRights,ULONG CountOfRights); 511 NTSTATUS NTAPI LsaRemoveAccountRights(LSA_HANDLE PolicyHandle,PSID AccountSid,BOOLEAN AllRights,PLSA_UNICODE_STRING UserRights,ULONG CountOfRights); 512 NTSTATUS NTAPI LsaOpenTrustedDomainByName(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,ACCESS_MASK DesiredAccess,PLSA_HANDLE TrustedDomainHandle); 513 NTSTATUS NTAPI LsaQueryTrustedDomainInfo(LSA_HANDLE PolicyHandle,PSID TrustedDomainSid,TRUSTED_INFORMATION_CLASS InformationClass,PVOID *Buffer); 514 NTSTATUS NTAPI LsaSetTrustedDomainInformation(LSA_HANDLE PolicyHandle,PSID TrustedDomainSid,TRUSTED_INFORMATION_CLASS InformationClass,PVOID Buffer); 515 NTSTATUS NTAPI LsaDeleteTrustedDomain(LSA_HANDLE PolicyHandle,PSID TrustedDomainSid); 516 NTSTATUS NTAPI LsaQueryTrustedDomainInfoByName(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,TRUSTED_INFORMATION_CLASS InformationClass,PVOID *Buffer); 517 NTSTATUS NTAPI LsaSetTrustedDomainInfoByName(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,TRUSTED_INFORMATION_CLASS InformationClass,PVOID Buffer); 518 NTSTATUS NTAPI LsaEnumerateTrustedDomainsEx(LSA_HANDLE PolicyHandle,PLSA_ENUMERATION_HANDLE EnumerationContext,PVOID *Buffer,ULONG PreferedMaximumLength,PULONG CountReturned); 519 NTSTATUS NTAPI LsaCreateTrustedDomainEx(LSA_HANDLE PolicyHandle,PTRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation,PTRUSTED_DOMAIN_AUTH_INFORMATION AuthenticationInformation,ACCESS_MASK DesiredAccess,PLSA_HANDLE TrustedDomainHandle); 520 NTSTATUS NTAPI LsaQueryForestTrustInformation(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,PLSA_FOREST_TRUST_INFORMATION *ForestTrustInfo); 521 NTSTATUS NTAPI LsaSetForestTrustInformation(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,PLSA_FOREST_TRUST_INFORMATION ForestTrustInfo,BOOLEAN CheckOnly,PLSA_FOREST_TRUST_COLLISION_INFORMATION *CollisionInfo); 522 523 #ifdef TESTING_MATCHING_ROUTINE 524 NTSTATUS NTAPI LsaForestTrustFindMatch(LSA_HANDLE PolicyHandle,ULONG Type,PLSA_UNICODE_STRING Name,PLSA_UNICODE_STRING *Match); 525 #endif 526 527 NTSTATUS NTAPI LsaStorePrivateData(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING KeyName,PLSA_UNICODE_STRING PrivateData); 528 NTSTATUS NTAPI LsaRetrievePrivateData(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING KeyName,PLSA_UNICODE_STRING *PrivateData); 529 ULONG NTAPI LsaNtStatusToWinError(NTSTATUS Status); 530 531 #ifndef _NTLSA_IFS_ 532 #define _NTLSA_IFS_ 533 #endif 534 535 enum NEGOTIATE_MESSAGES { 536 NegEnumPackagePrefixes = 0,NegGetCallerName = 1,NegCallPackageMax 537 }; 538 539 #define NEGOTIATE_MAX_PREFIX 32 540 541 typedef struct _NEGOTIATE_PACKAGE_PREFIX { 542 ULONG_PTR PackageId; 543 PVOID PackageDataA; 544 PVOID PackageDataW; 545 ULONG_PTR PrefixLen; 546 UCHAR Prefix[NEGOTIATE_MAX_PREFIX ]; 547 } NEGOTIATE_PACKAGE_PREFIX,*PNEGOTIATE_PACKAGE_PREFIX; 548 549 typedef struct _NEGOTIATE_PACKAGE_PREFIXES { 550 ULONG MessageType; 551 ULONG PrefixCount; 552 ULONG Offset; 553 ULONG Pad; 554 } NEGOTIATE_PACKAGE_PREFIXES,*PNEGOTIATE_PACKAGE_PREFIXES; 555 556 typedef struct _NEGOTIATE_CALLER_NAME_REQUEST { 557 ULONG MessageType; 558 LUID LogonId; 559 } NEGOTIATE_CALLER_NAME_REQUEST,*PNEGOTIATE_CALLER_NAME_REQUEST; 560 561 typedef struct _NEGOTIATE_CALLER_NAME_RESPONSE { 562 ULONG MessageType; 563 PWSTR CallerName; 564 } NEGOTIATE_CALLER_NAME_RESPONSE,*PNEGOTIATE_CALLER_NAME_RESPONSE; 565 566 #ifndef _NTDEF_ 567 #ifndef __UNICODE_STRING_DEFINED 568 #define __UNICODE_STRING_DEFINED 569 typedef LSA_UNICODE_STRING UNICODE_STRING,*PUNICODE_STRING; 570 #endif 571 #ifndef __STRING_DEFINED 572 #define __STRING_DEFINED 573 typedef LSA_STRING STRING,*PSTRING; 574 #endif 575 #endif 576 577 #ifndef _DOMAIN_PASSWORD_INFORMATION_DEFINED 578 #define _DOMAIN_PASSWORD_INFORMATION_DEFINED 579 typedef struct _DOMAIN_PASSWORD_INFORMATION { 580 USHORT MinPasswordLength; 581 USHORT PasswordHistoryLength; 582 ULONG PasswordProperties; 583 LARGE_INTEGER MaxPasswordAge; 584 LARGE_INTEGER MinPasswordAge; 585 } DOMAIN_PASSWORD_INFORMATION,*PDOMAIN_PASSWORD_INFORMATION; 586 #endif 587 588 #define DOMAIN_PASSWORD_COMPLEX __MSABI_LONG(0x00000001) 589 #define DOMAIN_PASSWORD_NO_ANON_CHANGE __MSABI_LONG(0x00000002) 590 #define DOMAIN_PASSWORD_NO_CLEAR_CHANGE __MSABI_LONG(0x00000004) 591 #define DOMAIN_LOCKOUT_ADMINS __MSABI_LONG(0x00000008) 592 #define DOMAIN_PASSWORD_STORE_CLEARTEXT __MSABI_LONG(0x00000010) 593 #define DOMAIN_REFUSE_PASSWORD_CHANGE __MSABI_LONG(0x00000020) 594 595 #ifndef _PASSWORD_NOTIFICATION_DEFINED 596 #define _PASSWORD_NOTIFICATION_DEFINED 597 typedef NTSTATUS (*PSAM_PASSWORD_NOTIFICATION_ROUTINE)(PUNICODE_STRING UserName,ULONG RelativeId,PUNICODE_STRING NewPassword); 598 599 #define SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE "PasswordChangeNotify" 600 601 typedef BOOLEAN (*PSAM_INIT_NOTIFICATION_ROUTINE)(); 602 603 #define SAM_INIT_NOTIFICATION_ROUTINE "InitializeChangeNotify" 604 #define SAM_PASSWORD_FILTER_ROUTINE "PasswordFilter" 605 606 typedef BOOLEAN (*PSAM_PASSWORD_FILTER_ROUTINE)(PUNICODE_STRING AccountName,PUNICODE_STRING FullName,PUNICODE_STRING Password,BOOLEAN SetOperation); 607 #endif 608 609 #define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" 610 #define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" 611 #define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR) 612 613 #define MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0" 614 #define MSV1_0_SUBAUTHENTICATION_VALUE "Auth" 615 616 typedef enum _MSV1_0_LOGON_SUBMIT_TYPE { 617 MsV1_0InteractiveLogon = 2,MsV1_0Lm20Logon,MsV1_0NetworkLogon,MsV1_0SubAuthLogon,MsV1_0WorkstationUnlockLogon = 7 618 } MSV1_0_LOGON_SUBMIT_TYPE,*PMSV1_0_LOGON_SUBMIT_TYPE; 619 620 typedef enum _MSV1_0_PROFILE_BUFFER_TYPE { 621 MsV1_0InteractiveProfile = 2,MsV1_0Lm20LogonProfile,MsV1_0SmartCardProfile 622 } MSV1_0_PROFILE_BUFFER_TYPE,*PMSV1_0_PROFILE_BUFFER_TYPE; 623 624 typedef struct _MSV1_0_INTERACTIVE_LOGON { 625 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 626 UNICODE_STRING LogonDomainName; 627 UNICODE_STRING UserName; 628 UNICODE_STRING Password; 629 } MSV1_0_INTERACTIVE_LOGON,*PMSV1_0_INTERACTIVE_LOGON; 630 631 typedef struct _MSV1_0_INTERACTIVE_PROFILE { 632 MSV1_0_PROFILE_BUFFER_TYPE MessageType; 633 USHORT LogonCount; 634 USHORT BadPasswordCount; 635 LARGE_INTEGER LogonTime; 636 LARGE_INTEGER LogoffTime; 637 LARGE_INTEGER KickOffTime; 638 LARGE_INTEGER PasswordLastSet; 639 LARGE_INTEGER PasswordCanChange; 640 LARGE_INTEGER PasswordMustChange; 641 UNICODE_STRING LogonScript; 642 UNICODE_STRING HomeDirectory; 643 UNICODE_STRING FullName; 644 UNICODE_STRING ProfilePath; 645 UNICODE_STRING HomeDirectoryDrive; 646 UNICODE_STRING LogonServer; 647 ULONG UserFlags; 648 } MSV1_0_INTERACTIVE_PROFILE,*PMSV1_0_INTERACTIVE_PROFILE; 649 650 #define MSV1_0_CHALLENGE_LENGTH 8 651 #define MSV1_0_USER_SESSION_KEY_LENGTH 16 652 #define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8 653 654 #define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x02 655 #define MSV1_0_UPDATE_LOGON_STATISTICS 0x04 656 #define MSV1_0_RETURN_USER_PARAMETERS 0x08 657 #define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10 658 #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20 659 #define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40 660 661 #define MSV1_0_USE_CLIENT_CHALLENGE 0x80 662 #define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100 663 #define MSV1_0_RETURN_PROFILE_PATH 0x200 664 #define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400 665 #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800 666 #define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000 667 #define MSV1_0_ALLOW_FORCE_GUEST 0x00002000 668 #define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0x00004000 669 #define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000 670 #define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000 671 #define MSV1_0_ALLOW_MSVCHAPV2 0x00010000 672 673 #define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000 674 #define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24 675 #define MSV1_0_MNS_LOGON 0x01000000 676 677 #define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2 678 #define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132 679 680 typedef struct _MSV1_0_LM20_LOGON { 681 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 682 UNICODE_STRING LogonDomainName; 683 UNICODE_STRING UserName; 684 UNICODE_STRING Workstation; 685 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 686 STRING CaseSensitiveChallengeResponse; 687 STRING CaseInsensitiveChallengeResponse; 688 ULONG ParameterControl; 689 } MSV1_0_LM20_LOGON,*PMSV1_0_LM20_LOGON; 690 691 typedef struct _MSV1_0_SUBAUTH_LOGON{ 692 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 693 UNICODE_STRING LogonDomainName; 694 UNICODE_STRING UserName; 695 UNICODE_STRING Workstation; 696 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 697 STRING AuthenticationInfo1; 698 STRING AuthenticationInfo2; 699 ULONG ParameterControl; 700 ULONG SubAuthPackageId; 701 } MSV1_0_SUBAUTH_LOGON,*PMSV1_0_SUBAUTH_LOGON; 702 703 #define LOGON_GUEST 0x01 704 #define LOGON_NOENCRYPTION 0x02 705 #define LOGON_CACHED_ACCOUNT 0x04 706 #define LOGON_USED_LM_PASSWORD 0x08 707 #define LOGON_EXTRA_SIDS 0x20 708 #define LOGON_SUBAUTH_SESSION_KEY 0x40 709 #define LOGON_SERVER_TRUST_ACCOUNT 0x80 710 #define LOGON_NTLMV2_ENABLED 0x100 711 #define LOGON_RESOURCE_GROUPS 0x200 712 #define LOGON_PROFILE_PATH_RETURNED 0x400 713 714 #define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000 715 716 #define LOGON_GRACE_LOGON 0x01000000 717 718 typedef struct _MSV1_0_LM20_LOGON_PROFILE { 719 MSV1_0_PROFILE_BUFFER_TYPE MessageType; 720 LARGE_INTEGER KickOffTime; 721 LARGE_INTEGER LogoffTime; 722 ULONG UserFlags; 723 UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]; 724 UNICODE_STRING LogonDomainName; 725 UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]; 726 UNICODE_STRING LogonServer; 727 UNICODE_STRING UserParameters; 728 } MSV1_0_LM20_LOGON_PROFILE,*PMSV1_0_LM20_LOGON_PROFILE; 729 730 #define MSV1_0_OWF_PASSWORD_LENGTH 16 731 #define MSV1_0_CRED_LM_PRESENT 0x1 732 #define MSV1_0_CRED_NT_PRESENT 0x2 733 #define MSV1_0_CRED_VERSION 0 734 735 typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL { 736 ULONG Version; 737 ULONG Flags; 738 UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH]; 739 UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH]; 740 } MSV1_0_SUPPLEMENTAL_CREDENTIAL,*PMSV1_0_SUPPLEMENTAL_CREDENTIAL; 741 742 #define MSV1_0_NTLM3_RESPONSE_LENGTH 16 743 #define MSV1_0_NTLM3_OWF_LENGTH 16 744 745 #define MSV1_0_MAX_NTLM3_LIFE 129600 746 #define MSV1_0_MAX_AVL_SIZE 64000 747 748 #define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001 749 750 typedef struct _MSV1_0_NTLM3_RESPONSE { 751 UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH]; 752 UCHAR RespType; 753 UCHAR HiRespType; 754 USHORT Flags; 755 ULONG MsgWord; 756 ULONGLONG TimeStamp; 757 UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH]; 758 ULONG AvPairsOff; 759 UCHAR Buffer[1]; 760 } MSV1_0_NTLM3_RESPONSE,*PMSV1_0_NTLM3_RESPONSE; 761 762 #define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH) 763 #define MSV1_0_NTLM3_MIN_NT_RESPONSE_LENGTH RTL_SIZEOF_THROUGH_FIELD(MSV1_0_NTLM3_RESPONSE,AvPairsOff) 764 765 typedef enum { 766 MsvAvEOL,MsvAvNbComputerName,MsvAvNbDomainName,MsvAvDnsComputerName,MsvAvDnsDomainName,MsvAvDnsTreeName,MsvAvFlags 767 } MSV1_0_AVID; 768 769 typedef struct _MSV1_0_AV_PAIR { 770 USHORT AvId; 771 USHORT AvLen; 772 773 } MSV1_0_AV_PAIR,*PMSV1_0_AV_PAIR; 774 775 typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE { 776 MsV1_0Lm20ChallengeRequest = 0,MsV1_0Lm20GetChallengeResponse,MsV1_0EnumerateUsers,MsV1_0GetUserInfo,MsV1_0ReLogonUsers,MsV1_0ChangePassword, 777 MsV1_0ChangeCachedPassword,MsV1_0GenericPassthrough,MsV1_0CacheLogon,MsV1_0SubAuth,MsV1_0DeriveCredential,MsV1_0CacheLookup, 778 MsV1_0SetProcessOption 779 } MSV1_0_PROTOCOL_MESSAGE_TYPE,*PMSV1_0_PROTOCOL_MESSAGE_TYPE; 780 781 typedef struct _MSV1_0_CHANGEPASSWORD_REQUEST { 782 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 783 UNICODE_STRING DomainName; 784 UNICODE_STRING AccountName; 785 UNICODE_STRING OldPassword; 786 UNICODE_STRING NewPassword; 787 BOOLEAN Impersonating; 788 } MSV1_0_CHANGEPASSWORD_REQUEST,*PMSV1_0_CHANGEPASSWORD_REQUEST; 789 790 typedef struct _MSV1_0_CHANGEPASSWORD_RESPONSE { 791 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 792 BOOLEAN PasswordInfoValid; 793 DOMAIN_PASSWORD_INFORMATION DomainPasswordInfo; 794 } MSV1_0_CHANGEPASSWORD_RESPONSE,*PMSV1_0_CHANGEPASSWORD_RESPONSE; 795 796 typedef struct _MSV1_0_PASSTHROUGH_REQUEST { 797 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 798 UNICODE_STRING DomainName; 799 UNICODE_STRING PackageName; 800 ULONG DataLength; 801 PUCHAR LogonData; 802 ULONG Pad; 803 } MSV1_0_PASSTHROUGH_REQUEST,*PMSV1_0_PASSTHROUGH_REQUEST; 804 805 typedef struct _MSV1_0_PASSTHROUGH_RESPONSE { 806 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 807 ULONG Pad; 808 ULONG DataLength; 809 PUCHAR ValidationData; 810 } MSV1_0_PASSTHROUGH_RESPONSE,*PMSV1_0_PASSTHROUGH_RESPONSE; 811 812 typedef struct _MSV1_0_SUBAUTH_REQUEST{ 813 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 814 ULONG SubAuthPackageId; 815 ULONG SubAuthInfoLength; 816 PUCHAR SubAuthSubmitBuffer; 817 } MSV1_0_SUBAUTH_REQUEST,*PMSV1_0_SUBAUTH_REQUEST; 818 819 typedef struct _MSV1_0_SUBAUTH_RESPONSE{ 820 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 821 ULONG SubAuthInfoLength; 822 PUCHAR SubAuthReturnBuffer; 823 } MSV1_0_SUBAUTH_RESPONSE,*PMSV1_0_SUBAUTH_RESPONSE; 824 825 #define RtlGenRandom SystemFunction036 826 #define RtlEncryptMemory SystemFunction040 827 #define RtlDecryptMemory SystemFunction041 828 829 BOOLEAN RtlGenRandom(PVOID RandomBuffer,ULONG RandomBufferLength); 830 831 #define RTL_ENCRYPT_MEMORY_SIZE 8 832 #define RTL_ENCRYPT_OPTION_CROSS_PROCESS 0x01 833 #define RTL_ENCRYPT_OPTION_SAME_LOGON 0x02 834 835 NTSTATUS RtlEncryptMemory(PVOID Memory,ULONG MemorySize,ULONG OptionFlags); 836 NTSTATUS RtlDecryptMemory(PVOID Memory,ULONG MemorySize,ULONG OptionFlags); 837 838 #define KERBEROS_VERSION 5 839 #define KERBEROS_REVISION 6 840 841 #define KERB_ETYPE_NULL 0 842 #define KERB_ETYPE_DES_CBC_CRC 1 843 #define KERB_ETYPE_DES_CBC_MD4 2 844 #define KERB_ETYPE_DES_CBC_MD5 3 845 846 #define KERB_ETYPE_RC4_MD4 -128 847 #define KERB_ETYPE_RC4_PLAIN2 -129 848 #define KERB_ETYPE_RC4_LM -130 849 #define KERB_ETYPE_RC4_SHA -131 850 #define KERB_ETYPE_DES_PLAIN -132 851 #define KERB_ETYPE_RC4_HMAC_OLD -133 852 #define KERB_ETYPE_RC4_PLAIN_OLD -134 853 #define KERB_ETYPE_RC4_HMAC_OLD_EXP -135 854 #define KERB_ETYPE_RC4_PLAIN_OLD_EXP -136 855 #define KERB_ETYPE_RC4_PLAIN -140 856 #define KERB_ETYPE_RC4_PLAIN_EXP -141 857 858 #define KERB_ETYPE_DSA_SHA1_CMS 9 859 #define KERB_ETYPE_RSA_MD5_CMS 10 860 #define KERB_ETYPE_RSA_SHA1_CMS 11 861 #define KERB_ETYPE_RC2_CBC_ENV 12 862 #define KERB_ETYPE_RSA_ENV 13 863 #define KERB_ETYPE_RSA_ES_OEAP_ENV 14 864 #define KERB_ETYPE_DES_EDE3_CBC_ENV 15 865 866 #define KERB_ETYPE_DSA_SIGN 8 867 #define KERB_ETYPE_RSA_PRIV 9 868 #define KERB_ETYPE_RSA_PUB 10 869 #define KERB_ETYPE_RSA_PUB_MD5 11 870 #define KERB_ETYPE_RSA_PUB_SHA1 12 871 #define KERB_ETYPE_PKCS7_PUB 13 872 873 #define KERB_ETYPE_DES3_CBC_MD5 5 874 #define KERB_ETYPE_DES3_CBC_SHA1 7 875 #define KERB_ETYPE_DES3_CBC_SHA1_KD 16 876 877 #define KERB_ETYPE_DES_CBC_MD5_NT 20 878 #define KERB_ETYPE_RC4_HMAC_NT 23 879 #define KERB_ETYPE_RC4_HMAC_NT_EXP 24 880 881 #define KERB_CHECKSUM_NONE 0 882 #define KERB_CHECKSUM_CRC32 1 883 #define KERB_CHECKSUM_MD4 2 884 #define KERB_CHECKSUM_KRB_DES_MAC 4 885 #define KERB_CHECKSUM_KRB_DES_MAC_K 5 886 #define KERB_CHECKSUM_MD5 7 887 #define KERB_CHECKSUM_MD5_DES 8 888 889 #define KERB_CHECKSUM_LM -130 890 #define KERB_CHECKSUM_SHA1 -131 891 #define KERB_CHECKSUM_REAL_CRC32 -132 892 #define KERB_CHECKSUM_DES_MAC -133 893 #define KERB_CHECKSUM_DES_MAC_MD5 -134 894 #define KERB_CHECKSUM_MD25 -135 895 #define KERB_CHECKSUM_RC4_MD5 -136 896 #define KERB_CHECKSUM_MD5_HMAC -137 897 #define KERB_CHECKSUM_HMAC_MD5 -138 898 899 #define AUTH_REQ_ALLOW_FORWARDABLE 0x00000001 900 #define AUTH_REQ_ALLOW_PROXIABLE 0x00000002 901 #define AUTH_REQ_ALLOW_POSTDATE 0x00000004 902 #define AUTH_REQ_ALLOW_RENEWABLE 0x00000008 903 #define AUTH_REQ_ALLOW_NOADDRESS 0x00000010 904 #define AUTH_REQ_ALLOW_ENC_TKT_IN_SKEY 0x00000020 905 #define AUTH_REQ_ALLOW_VALIDATE 0x00000040 906 #define AUTH_REQ_VALIDATE_CLIENT 0x00000080 907 #define AUTH_REQ_OK_AS_DELEGATE 0x00000100 908 #define AUTH_REQ_PREAUTH_REQUIRED 0x00000200 909 #define AUTH_REQ_TRANSITIVE_TRUST 0x00000400 910 #define AUTH_REQ_ALLOW_S4U_DELEGATE 0x00000800 911 912 #define AUTH_REQ_PER_USER_FLAGS (AUTH_REQ_ALLOW_FORWARDABLE | AUTH_REQ_ALLOW_PROXIABLE | AUTH_REQ_ALLOW_POSTDATE | AUTH_REQ_ALLOW_RENEWABLE | AUTH_REQ_ALLOW_VALIDATE) 913 914 #define KERB_TICKET_FLAGS_reserved 0x80000000 915 #define KERB_TICKET_FLAGS_forwardable 0x40000000 916 #define KERB_TICKET_FLAGS_forwarded 0x20000000 917 #define KERB_TICKET_FLAGS_proxiable 0x10000000 918 #define KERB_TICKET_FLAGS_proxy 0x08000000 919 #define KERB_TICKET_FLAGS_may_postdate 0x04000000 920 #define KERB_TICKET_FLAGS_postdated 0x02000000 921 #define KERB_TICKET_FLAGS_invalid 0x01000000 922 #define KERB_TICKET_FLAGS_renewable 0x00800000 923 #define KERB_TICKET_FLAGS_initial 0x00400000 924 #define KERB_TICKET_FLAGS_pre_authent 0x00200000 925 #define KERB_TICKET_FLAGS_hw_authent 0x00100000 926 #define KERB_TICKET_FLAGS_ok_as_delegate 0x00040000 927 #define KERB_TICKET_FLAGS_name_canonicalize 0x00010000 928 #define KERB_TICKET_FLAGS_reserved1 0x00000001 929 930 #define KRB_NT_UNKNOWN 0 931 #define KRB_NT_PRINCIPAL 1 932 #define KRB_NT_PRINCIPAL_AND_ID -131 933 #define KRB_NT_SRV_INST 2 934 #define KRB_NT_SRV_INST_AND_ID -132 935 #define KRB_NT_SRV_HST 3 936 #define KRB_NT_SRV_XHST 4 937 #define KRB_NT_UID 5 938 #define KRB_NT_ENTERPRISE_PRINCIPAL 10 939 #define KRB_NT_ENT_PRINCIPAL_AND_ID -130 940 #define KRB_NT_MS_PRINCIPAL -128 941 #define KRB_NT_MS_PRINCIPAL_AND_ID -129 942 943 #define KERB_IS_MS_PRINCIPAL(_x_) (((_x_) <= KRB_NT_MS_PRINCIPAL) || ((_x_) >= KRB_NT_ENTERPRISE_PRINCIPAL)) 944 945 #ifndef MICROSOFT_KERBEROS_NAME_A 946 947 #define MICROSOFT_KERBEROS_NAME_A "Kerberos" 948 #define MICROSOFT_KERBEROS_NAME_W L"Kerberos" 949 #ifdef WIN32_CHICAGO 950 #define MICROSOFT_KERBEROS_NAME MICROSOFT_KERBEROS_NAME_A 951 #else 952 #define MICROSOFT_KERBEROS_NAME MICROSOFT_KERBEROS_NAME_W 953 #endif 954 #endif 955 956 #define KERB_WRAP_NO_ENCRYPT 0x80000001 957 958 typedef enum _KERB_LOGON_SUBMIT_TYPE { 959 KerbInteractiveLogon = 2,KerbSmartCardLogon = 6,KerbWorkstationUnlockLogon = 7,KerbSmartCardUnlockLogon = 8,KerbProxyLogon = 9, 960 KerbTicketLogon = 10,KerbTicketUnlockLogon = 11,KerbS4ULogon = 12 961 #if (_WIN32_WINNT >= 0x0600) 962 ,KerbCertificateLogon = 13, 963 KerbCertificateS4ULogon = 14, 964 KerbCertificateUnlockLogon = 15 965 #endif 966 } KERB_LOGON_SUBMIT_TYPE,*PKERB_LOGON_SUBMIT_TYPE; 967 968 typedef struct _KERB_INTERACTIVE_LOGON { 969 KERB_LOGON_SUBMIT_TYPE MessageType; 970 UNICODE_STRING LogonDomainName; 971 UNICODE_STRING UserName; 972 UNICODE_STRING Password; 973 } KERB_INTERACTIVE_LOGON,*PKERB_INTERACTIVE_LOGON; 974 975 typedef struct _KERB_INTERACTIVE_UNLOCK_LOGON { 976 KERB_INTERACTIVE_LOGON Logon; 977 LUID LogonId; 978 } KERB_INTERACTIVE_UNLOCK_LOGON,*PKERB_INTERACTIVE_UNLOCK_LOGON; 979 980 typedef struct _KERB_SMART_CARD_LOGON { 981 KERB_LOGON_SUBMIT_TYPE MessageType; 982 UNICODE_STRING Pin; 983 ULONG CspDataLength; 984 PUCHAR CspData; 985 } KERB_SMART_CARD_LOGON,*PKERB_SMART_CARD_LOGON; 986 987 typedef struct _KERB_SMART_CARD_UNLOCK_LOGON { 988 KERB_SMART_CARD_LOGON Logon; 989 LUID LogonId; 990 } KERB_SMART_CARD_UNLOCK_LOGON,*PKERB_SMART_CARD_UNLOCK_LOGON; 991 992 typedef struct _KERB_TICKET_LOGON { 993 KERB_LOGON_SUBMIT_TYPE MessageType; 994 ULONG Flags; 995 ULONG ServiceTicketLength; 996 ULONG TicketGrantingTicketLength; 997 PUCHAR ServiceTicket; 998 PUCHAR TicketGrantingTicket; 999 } KERB_TICKET_LOGON,*PKERB_TICKET_LOGON; 1000 1001 #define KERB_LOGON_FLAG_ALLOW_EXPIRED_TICKET 0x1 1002 1003 typedef struct _KERB_TICKET_UNLOCK_LOGON { 1004 KERB_TICKET_LOGON Logon; 1005 LUID LogonId; 1006 } KERB_TICKET_UNLOCK_LOGON,*PKERB_TICKET_UNLOCK_LOGON; 1007 1008 typedef struct _KERB_S4U_LOGON { 1009 KERB_LOGON_SUBMIT_TYPE MessageType; 1010 ULONG Flags; 1011 UNICODE_STRING ClientUpn; 1012 UNICODE_STRING ClientRealm; 1013 } KERB_S4U_LOGON,*PKERB_S4U_LOGON; 1014 1015 typedef enum _KERB_PROFILE_BUFFER_TYPE { 1016 KerbInteractiveProfile = 2,KerbSmartCardProfile = 4,KerbTicketProfile = 6 1017 } KERB_PROFILE_BUFFER_TYPE,*PKERB_PROFILE_BUFFER_TYPE; 1018 1019 typedef struct _KERB_INTERACTIVE_PROFILE { 1020 KERB_PROFILE_BUFFER_TYPE MessageType; 1021 USHORT LogonCount; 1022 USHORT BadPasswordCount; 1023 LARGE_INTEGER LogonTime; 1024 LARGE_INTEGER LogoffTime; 1025 LARGE_INTEGER KickOffTime; 1026 LARGE_INTEGER PasswordLastSet; 1027 LARGE_INTEGER PasswordCanChange; 1028 LARGE_INTEGER PasswordMustChange; 1029 UNICODE_STRING LogonScript; 1030 UNICODE_STRING HomeDirectory; 1031 UNICODE_STRING FullName; 1032 UNICODE_STRING ProfilePath; 1033 UNICODE_STRING HomeDirectoryDrive; 1034 UNICODE_STRING LogonServer; 1035 ULONG UserFlags; 1036 } KERB_INTERACTIVE_PROFILE,*PKERB_INTERACTIVE_PROFILE; 1037 1038 typedef struct _KERB_SMART_CARD_PROFILE { 1039 KERB_INTERACTIVE_PROFILE Profile; 1040 ULONG CertificateSize; 1041 PUCHAR CertificateData; 1042 } KERB_SMART_CARD_PROFILE,*PKERB_SMART_CARD_PROFILE; 1043 1044 typedef struct KERB_CRYPTO_KEY { 1045 LONG KeyType; 1046 ULONG Length; 1047 PUCHAR Value; 1048 } KERB_CRYPTO_KEY,*PKERB_CRYPTO_KEY; 1049 1050 typedef struct _KERB_TICKET_PROFILE { 1051 KERB_INTERACTIVE_PROFILE Profile; 1052 KERB_CRYPTO_KEY SessionKey; 1053 } KERB_TICKET_PROFILE,*PKERB_TICKET_PROFILE; 1054 1055 typedef enum _KERB_PROTOCOL_MESSAGE_TYPE { 1056 KerbDebugRequestMessage = 0,KerbQueryTicketCacheMessage,KerbChangeMachinePasswordMessage,KerbVerifyPacMessage,KerbRetrieveTicketMessage, 1057 KerbUpdateAddressesMessage,KerbPurgeTicketCacheMessage,KerbChangePasswordMessage,KerbRetrieveEncodedTicketMessage,KerbDecryptDataMessage, 1058 KerbAddBindingCacheEntryMessage,KerbSetPasswordMessage,KerbSetPasswordExMessage,KerbVerifyCredentialsMessage,KerbQueryTicketCacheExMessage, 1059 KerbPurgeTicketCacheExMessage,KerbRefreshSmartcardCredentialsMessage,KerbAddExtraCredentialsMessage,KerbQuerySupplementalCredentialsMessage, 1060 KerbTransferCredentialsMessage,KerbQueryTicketCacheEx2Message 1061 } KERB_PROTOCOL_MESSAGE_TYPE,*PKERB_PROTOCOL_MESSAGE_TYPE; 1062 1063 typedef struct _KERB_QUERY_TKT_CACHE_REQUEST { 1064 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1065 LUID LogonId; 1066 } KERB_QUERY_TKT_CACHE_REQUEST,*PKERB_QUERY_TKT_CACHE_REQUEST; 1067 1068 typedef struct _KERB_TICKET_CACHE_INFO { 1069 UNICODE_STRING ServerName; 1070 UNICODE_STRING RealmName; 1071 LARGE_INTEGER StartTime; 1072 LARGE_INTEGER EndTime; 1073 LARGE_INTEGER RenewTime; 1074 LONG EncryptionType; 1075 ULONG TicketFlags; 1076 } KERB_TICKET_CACHE_INFO,*PKERB_TICKET_CACHE_INFO; 1077 1078 typedef struct _KERB_TICKET_CACHE_INFO_EX { 1079 UNICODE_STRING ClientName; 1080 UNICODE_STRING ClientRealm; 1081 UNICODE_STRING ServerName; 1082 UNICODE_STRING ServerRealm; 1083 LARGE_INTEGER StartTime; 1084 LARGE_INTEGER EndTime; 1085 LARGE_INTEGER RenewTime; 1086 LONG EncryptionType; 1087 ULONG TicketFlags; 1088 } KERB_TICKET_CACHE_INFO_EX,*PKERB_TICKET_CACHE_INFO_EX; 1089 1090 typedef struct _KERB_TICKET_CACHE_INFO_EX2 { 1091 UNICODE_STRING ClientName; 1092 UNICODE_STRING ClientRealm; 1093 UNICODE_STRING ServerName; 1094 UNICODE_STRING ServerRealm; 1095 LARGE_INTEGER StartTime; 1096 LARGE_INTEGER EndTime; 1097 LARGE_INTEGER RenewTime; 1098 LONG EncryptionType; 1099 ULONG TicketFlags; 1100 ULONG SessionKeyType; 1101 } KERB_TICKET_CACHE_INFO_EX2,*PKERB_TICKET_CACHE_INFO_EX2; 1102 1103 typedef struct _KERB_QUERY_TKT_CACHE_RESPONSE { 1104 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1105 ULONG CountOfTickets; 1106 KERB_TICKET_CACHE_INFO Tickets[ANYSIZE_ARRAY]; 1107 } KERB_QUERY_TKT_CACHE_RESPONSE,*PKERB_QUERY_TKT_CACHE_RESPONSE; 1108 1109 typedef struct _KERB_QUERY_TKT_CACHE_EX_RESPONSE { 1110 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1111 ULONG CountOfTickets; 1112 KERB_TICKET_CACHE_INFO_EX Tickets[ANYSIZE_ARRAY]; 1113 } KERB_QUERY_TKT_CACHE_EX_RESPONSE,*PKERB_QUERY_TKT_CACHE_EX_RESPONSE; 1114 1115 typedef struct _KERB_QUERY_TKT_CACHE_EX2_RESPONSE { 1116 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1117 ULONG CountOfTickets; 1118 KERB_TICKET_CACHE_INFO_EX2 Tickets[ANYSIZE_ARRAY]; 1119 } KERB_QUERY_TKT_CACHE_EX2_RESPONSE,*PKERB_QUERY_TKT_CACHE_EX2_RESPONSE; 1120 1121 #ifndef __SECHANDLE_DEFINED__ 1122 typedef struct _SecHandle { 1123 ULONG_PTR dwLower; 1124 ULONG_PTR dwUpper; 1125 } SecHandle,*PSecHandle; 1126 1127 #define __SECHANDLE_DEFINED__ 1128 #endif 1129 1130 #define KERB_USE_DEFAULT_TICKET_FLAGS 0x0 1131 1132 #define KERB_RETRIEVE_TICKET_DEFAULT 0x0 1133 #define KERB_RETRIEVE_TICKET_DONT_USE_CACHE 0x1 1134 #define KERB_RETRIEVE_TICKET_USE_CACHE_ONLY 0x2 1135 #define KERB_RETRIEVE_TICKET_USE_CREDHANDLE 0x4 1136 #define KERB_RETRIEVE_TICKET_AS_KERB_CRED 0x8 1137 #define KERB_RETRIEVE_TICKET_WITH_SEC_CRED 0x10 1138 #define KERB_RETRIEVE_TICKET_CACHE_TICKET 0x20 1139 1140 #define KERB_ETYPE_DEFAULT 0x0 1141 1142 typedef struct _KERB_AUTH_DATA { 1143 ULONG Type; 1144 ULONG Length; 1145 PUCHAR Data; 1146 } KERB_AUTH_DATA,*PKERB_AUTH_DATA; 1147 1148 typedef struct _KERB_NET_ADDRESS { 1149 ULONG Family; 1150 ULONG Length; 1151 PCHAR Address; 1152 } KERB_NET_ADDRESS,*PKERB_NET_ADDRESS; 1153 1154 typedef struct _KERB_NET_ADDRESSES { 1155 ULONG Number; 1156 KERB_NET_ADDRESS Addresses[ANYSIZE_ARRAY]; 1157 } KERB_NET_ADDRESSES,*PKERB_NET_ADDRESSES; 1158 1159 typedef struct _KERB_EXTERNAL_NAME { 1160 SHORT NameType; 1161 USHORT NameCount; 1162 UNICODE_STRING Names[ANYSIZE_ARRAY]; 1163 } KERB_EXTERNAL_NAME,*PKERB_EXTERNAL_NAME; 1164 1165 typedef struct _KERB_EXTERNAL_TICKET { 1166 PKERB_EXTERNAL_NAME ServiceName; 1167 PKERB_EXTERNAL_NAME TargetName; 1168 PKERB_EXTERNAL_NAME ClientName; 1169 UNICODE_STRING DomainName; 1170 UNICODE_STRING TargetDomainName; 1171 UNICODE_STRING AltTargetDomainName; 1172 KERB_CRYPTO_KEY SessionKey; 1173 ULONG TicketFlags; 1174 ULONG Flags; 1175 LARGE_INTEGER KeyExpirationTime; 1176 LARGE_INTEGER StartTime; 1177 LARGE_INTEGER EndTime; 1178 LARGE_INTEGER RenewUntil; 1179 LARGE_INTEGER TimeSkew; 1180 ULONG EncodedTicketSize; 1181 PUCHAR EncodedTicket; 1182 } KERB_EXTERNAL_TICKET,*PKERB_EXTERNAL_TICKET; 1183 1184 typedef struct _KERB_RETRIEVE_TKT_REQUEST { 1185 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1186 LUID LogonId; 1187 UNICODE_STRING TargetName; 1188 ULONG TicketFlags; 1189 ULONG CacheOptions; 1190 LONG EncryptionType; 1191 SecHandle CredentialsHandle; 1192 } KERB_RETRIEVE_TKT_REQUEST,*PKERB_RETRIEVE_TKT_REQUEST; 1193 1194 typedef struct _KERB_RETRIEVE_TKT_RESPONSE { 1195 KERB_EXTERNAL_TICKET Ticket; 1196 } KERB_RETRIEVE_TKT_RESPONSE,*PKERB_RETRIEVE_TKT_RESPONSE; 1197 1198 typedef struct _KERB_PURGE_TKT_CACHE_REQUEST { 1199 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1200 LUID LogonId; 1201 UNICODE_STRING ServerName; 1202 UNICODE_STRING RealmName; 1203 } KERB_PURGE_TKT_CACHE_REQUEST,*PKERB_PURGE_TKT_CACHE_REQUEST; 1204 1205 #define KERB_PURGE_ALL_TICKETS 1 1206 1207 typedef struct _KERB_PURGE_TKT_CACHE_EX_REQUEST { 1208 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1209 LUID LogonId; 1210 ULONG Flags; 1211 KERB_TICKET_CACHE_INFO_EX TicketTemplate; 1212 } KERB_PURGE_TKT_CACHE_EX_REQUEST,*PKERB_PURGE_TKT_CACHE_EX_REQUEST; 1213 1214 typedef struct _KERB_CHANGEPASSWORD_REQUEST { 1215 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1216 UNICODE_STRING DomainName; 1217 UNICODE_STRING AccountName; 1218 UNICODE_STRING OldPassword; 1219 UNICODE_STRING NewPassword; 1220 BOOLEAN Impersonating; 1221 } KERB_CHANGEPASSWORD_REQUEST,*PKERB_CHANGEPASSWORD_REQUEST; 1222 1223 typedef struct _KERB_SETPASSWORD_REQUEST { 1224 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1225 LUID LogonId; 1226 SecHandle CredentialsHandle; 1227 ULONG Flags; 1228 UNICODE_STRING DomainName; 1229 UNICODE_STRING AccountName; 1230 UNICODE_STRING Password; 1231 } KERB_SETPASSWORD_REQUEST,*PKERB_SETPASSWORD_REQUEST; 1232 1233 typedef struct _KERB_SETPASSWORD_EX_REQUEST { 1234 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1235 LUID LogonId; 1236 SecHandle CredentialsHandle; 1237 ULONG Flags; 1238 UNICODE_STRING AccountRealm; 1239 UNICODE_STRING AccountName; 1240 UNICODE_STRING Password; 1241 UNICODE_STRING ClientRealm; 1242 UNICODE_STRING ClientName; 1243 BOOLEAN Impersonating; 1244 UNICODE_STRING KdcAddress; 1245 ULONG KdcAddressType; 1246 } KERB_SETPASSWORD_EX_REQUEST,*PKERB_SETPASSWORD_EX_REQUEST; 1247 1248 #define DS_UNKNOWN_ADDRESS_TYPE 0 1249 #define KERB_SETPASS_USE_LOGONID 1 1250 #define KERB_SETPASS_USE_CREDHANDLE 2 1251 1252 typedef struct _KERB_DECRYPT_REQUEST { 1253 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1254 LUID LogonId; 1255 ULONG Flags; 1256 LONG CryptoType; 1257 LONG KeyUsage; 1258 KERB_CRYPTO_KEY Key; 1259 ULONG EncryptedDataSize; 1260 ULONG InitialVectorSize; 1261 PUCHAR InitialVector; 1262 PUCHAR EncryptedData; 1263 } KERB_DECRYPT_REQUEST,*PKERB_DECRYPT_REQUEST; 1264 1265 #define KERB_DECRYPT_FLAG_DEFAULT_KEY 0x00000001 1266 1267 typedef struct _KERB_DECRYPT_RESPONSE { 1268 UCHAR DecryptedData[ANYSIZE_ARRAY]; 1269 } KERB_DECRYPT_RESPONSE,*PKERB_DECRYPT_RESPONSE; 1270 1271 typedef struct _KERB_ADD_BINDING_CACHE_ENTRY_REQUEST { 1272 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1273 UNICODE_STRING RealmName; 1274 UNICODE_STRING KdcAddress; 1275 ULONG AddressType; 1276 } KERB_ADD_BINDING_CACHE_ENTRY_REQUEST,*PKERB_ADD_BINDING_CACHE_ENTRY_REQUEST; 1277 1278 typedef struct _KERB_REFRESH_SCCRED_REQUEST { 1279 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1280 UNICODE_STRING CredentialBlob; 1281 LUID LogonId; 1282 ULONG Flags; 1283 } KERB_REFRESH_SCCRED_REQUEST,*PKERB_REFRESH_SCCRED_REQUEST; 1284 1285 #define KERB_REFRESH_SCCRED_RELEASE 0x0 1286 #define KERB_REFRESH_SCCRED_GETTGT 0x1 1287 1288 typedef struct _KERB_ADD_CREDENTIALS_REQUEST { 1289 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1290 UNICODE_STRING UserName; 1291 UNICODE_STRING DomainName; 1292 UNICODE_STRING Password; 1293 LUID LogonId; 1294 ULONG Flags; 1295 } KERB_ADD_CREDENTIALS_REQUEST,*PKERB_ADD_CREDENTIALS_REQUEST; 1296 1297 #define KERB_REQUEST_ADD_CREDENTIAL 1 1298 #define KERB_REQUEST_REPLACE_CREDENTIAL 2 1299 #define KERB_REQUEST_REMOVE_CREDENTIAL 4 1300 1301 typedef struct _KERB_TRANSFER_CRED_REQUEST { 1302 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1303 LUID OriginLogonId; 1304 LUID DestinationLogonId; 1305 ULONG Flags; 1306 } KERB_TRANSFER_CRED_REQUEST,*PKERB_TRANSFER_CRED_REQUEST; 1307 1308 #if (_WIN32_WINNT >= 0x0600) 1309 1310 #define POLICY_AUDIT_EVENT_UNCHANGED 0x00000000 1311 #define POLICY_AUDIT_EVENT_SUCCESS 0x00000001 1312 #define POLICY_AUDIT_EVENT_FAILURE 0x00000002 1313 #define POLICY_AUDIT_EVENT_NONE 0x00000004 1314 #define PER_USER_POLICY_UNCHANGED 0x00 1315 #define PER_USER_AUDIT_SUCCESS_INCLUDE 0x01 1316 #define PER_USER_AUDIT_SUCCESS_EXCLUDE 0x02 1317 #define PER_USER_AUDIT_FAILURE_INCLUDE 0x04 1318 #define PER_USER_AUDIT_FAILURE_EXCLUDE 0x08 1319 #define PER_USER_AUDIT_NONE 0x10 1320 1321 typedef struct _AUDIT_POLICY_INFORMATION { 1322 GUID AuditSubCategoryGuid; 1323 ULONG AuditingInformation; 1324 GUID AuditCategoryGuid; 1325 } AUDIT_POLICY_INFORMATION, *PAUDIT_POLICY_INFORMATION, *PCAUDIT_POLICY_INFORMATION; 1326 1327 typedef struct _POLICY_AUDIT_SID_ARRAY { 1328 ULONG UsersCount; 1329 PSID *UserSidArray; 1330 } POLICY_AUDIT_SID_ARRAY, *PPOLICY_AUDIT_SID_ARRAY; 1331 1332 typedef struct _KERB_CERTIFICATE_LOGON { 1333 KERB_LOGON_SUBMIT_TYPE MessageType; 1334 UNICODE_STRING DomainName; 1335 UNICODE_STRING UserName; 1336 UNICODE_STRING Pin; 1337 ULONG Flags; 1338 ULONG CspDataLength; 1339 PUCHAR CspData; 1340 } KERB_CERTIFICATE_LOGON, *PKERB_CERTIFICATE_LOGON; 1341 1342 typedef struct _KERB_CERTIFICATE_UNLOCK_LOGON { 1343 KERB_CERTIFICATE_LOGON Logon; 1344 LUID LogonId; 1345 } KERB_CERTIFICATE_UNLOCK_LOGON, *PKERB_CERTIFICATE_UNLOCK_LOGON; 1346 1347 typedef struct _KERB_SMARTCARD_CSP_INFO { 1348 DWORD dwCspInfoLen; 1349 DWORD MessageType; 1350 __C89_NAMELESS union { 1351 PVOID ContextInformation; 1352 ULONG64 SpaceHolderForWow64; 1353 }; 1354 DWORD flags; 1355 DWORD KeySpec; 1356 ULONG nCardNameOffset; 1357 ULONG nReaderNameOffset; 1358 ULONG nContainerNameOffset; 1359 ULONG nCSPNameOffset; 1360 TCHAR bBuffer; 1361 } KERB_SMARTCARD_CSP_INFO, *PKERB_SMARTCARD_CSP_INFO; 1362 1363 BOOLEAN WINAPI AuditComputeEffectivePolicyBySid( 1364 const PSID pSid, 1365 const GUID *pSubCategoryGuids, 1366 ULONG PolicyCount, 1367 PAUDIT_POLICY_INFORMATION *ppAuditPolicy 1368 ); 1369 1370 VOID WINAPI AuditFree( 1371 PVOID Buffer 1372 ); 1373 1374 BOOLEAN WINAPI AuditSetSystemPolicy( 1375 PCAUDIT_POLICY_INFORMATION pAuditPolicy, 1376 ULONG PolicyCount 1377 ); 1378 1379 BOOLEAN WINAPI AuditQuerySystemPolicy( 1380 const GUID *pSubCategoryGuids, 1381 ULONG PolicyCount, 1382 PAUDIT_POLICY_INFORMATION *ppAuditPolicy 1383 ); 1384 1385 BOOLEAN WINAPI AuditSetPerUserPolicy( 1386 const PSID pSid, 1387 PCAUDIT_POLICY_INFORMATION pAuditPolicy, 1388 ULONG PolicyCount 1389 ); 1390 1391 BOOLEAN WINAPI AuditQueryPerUserPolicy( 1392 const PSID pSid, 1393 const GUID *pSubCategoryGuids, 1394 ULONG PolicyCount, 1395 PAUDIT_POLICY_INFORMATION *ppAuditPolicy 1396 ); 1397 1398 BOOLEAN WINAPI AuditComputeEffectivePolicyByToken( 1399 HANDLE hTokenHandle, 1400 const GUID *pSubCategoryGuids, 1401 ULONG PolicyCount, 1402 PAUDIT_POLICY_INFORMATION *ppAuditPolicy 1403 ); 1404 1405 BOOLEAN WINAPI AuditEnumerateCategories( 1406 GUID **ppAuditCategoriesArray, 1407 PULONG pCountReturned 1408 ); 1409 1410 BOOLEAN WINAPI AuditEnumeratePerUserPolicy( 1411 PPOLICY_AUDIT_SID_ARRAY *ppAuditSidArray 1412 ); 1413 1414 BOOLEAN WINAPI AuditEnumerateSubCategories( 1415 const GUID *pAuditCategoryGuid, 1416 BOOLEAN bRetrieveAllSubCategories, 1417 GUID **ppAuditSubCategoriesArray, 1418 PULONG pCountReturned 1419 ); 1420 1421 BOOLEAN WINAPI AuditLookupCategoryGuidFromCategoryId( 1422 POLICY_AUDIT_EVENT_TYPE AuditCategoryId, 1423 GUID *pAuditCategoryGuid 1424 ); 1425 1426 BOOLEAN WINAPI AuditQuerySecurity( 1427 SECURITY_INFORMATION SecurityInformation, 1428 PSECURITY_DESCRIPTOR *ppSecurityDescriptor 1429 ); 1430 1431 #define AuditLookupSubCategoryName __MINGW_NAME_AW(AuditLookupSubCategoryName) 1432 #define AuditLookupCategoryName __MINGW_NAME_AW(AuditLookupCategoryName) 1433 1434 BOOLEAN WINAPI AuditLookupSubCategoryNameA( 1435 const GUID *pAuditSubCategoryGuid, 1436 LPSTR *ppszSubCategoryName 1437 ); 1438 1439 BOOLEAN WINAPI AuditLookupSubCategoryNameW( 1440 const GUID *pAuditSubCategoryGuid, 1441 LPWSTR *ppszSubCategoryName 1442 ); 1443 1444 BOOLEAN WINAPI AuditLookupCategoryNameA( 1445 const GUID *pAuditCategoryGuid, 1446 LPSTR *ppszCategoryName 1447 ); 1448 1449 BOOLEAN WINAPI AuditLookupCategoryNameW( 1450 const GUID *pAuditCategoryGuid, 1451 LPWSTR *ppszCategoryName 1452 ); 1453 1454 BOOLEAN WINAPI AuditLookupCategoryIdFromCategoryGuid( 1455 const GUID *pAuditCategoryGuid, 1456 PPOLICY_AUDIT_EVENT_TYPE pAuditCategoryId 1457 ); 1458 1459 BOOLEAN WINAPI AuditSetSecurity( 1460 SECURITY_INFORMATION SecurityInformation, 1461 PSECURITY_DESCRIPTOR pSecurityDescriptor 1462 ); 1463 1464 #endif /*(_WIN32_WINNT >= 0x0600)*/ 1465 1466 #ifdef __cplusplus 1467 } 1468 #endif 1469 #endif 1470
