Home | History | Annotate | Download | only in include
      1 /**
      2  * This file has no copyright assigned and is placed in the Public Domain.
      3  * This file is part of the mingw-w64 runtime package.
      4  * No warranty is given; refer to the file DISCLAIMER.PD within this package.
      5  */
      6 #ifndef _NTSECAPI_
      7 #define _NTSECAPI_
      8 
      9 #ifdef __cplusplus
     10 extern "C" {
     11 #endif
     12 
     13 #if !defined (_NTDEF_) && !defined (_NTSTATUS_PSDK)
     14 #define _NTSTATUS_PSDK
     15   typedef LONG NTSTATUS,*PNTSTATUS;
     16 #endif
     17 
     18 #ifndef _NTLSA_IFS_
     19   typedef ULONG LSA_OPERATIONAL_MODE,*PLSA_OPERATIONAL_MODE;
     20 #endif
     21 
     22 #define LSA_MODE_PASSWORD_PROTECTED (__MSABI_LONG(0x00000001))
     23 #define LSA_MODE_INDIVIDUAL_ACCOUNTS (__MSABI_LONG(0x00000002))
     24 #define LSA_MODE_MANDATORY_ACCESS (__MSABI_LONG(0x00000004))
     25 #define LSA_MODE_LOG_FULL (__MSABI_LONG(0x00000008))
     26 
     27 #ifndef _NTLSA_IFS_
     28   typedef enum _SECURITY_LOGON_TYPE {
     29     Interactive = 2,Network,Batch,Service,Proxy,Unlock,NetworkCleartext,NewCredentials,RemoteInteractive,CachedInteractive,
     30     CachedRemoteInteractive,CachedUnlock
     31   } SECURITY_LOGON_TYPE,*PSECURITY_LOGON_TYPE;
     32 #endif
     33 
     34 #ifndef _NTLSA_IFS_
     35 
     36 #ifndef _NTLSA_AUDIT_
     37 #define _NTLSA_AUDIT_
     38 
     39   typedef enum _SE_ADT_PARAMETER_TYPE {
     40     SeAdtParmTypeNone = 0,SeAdtParmTypeString,SeAdtParmTypeFileSpec,SeAdtParmTypeUlong,SeAdtParmTypeSid,SeAdtParmTypeLogonId,
     41     SeAdtParmTypeNoLogonId,SeAdtParmTypeAccessMask,SeAdtParmTypePrivs,SeAdtParmTypeObjectTypes,SeAdtParmTypeHexUlong,SeAdtParmTypePtr,
     42     SeAdtParmTypeTime,SeAdtParmTypeGuid,SeAdtParmTypeLuid,SeAdtParmTypeHexInt64,SeAdtParmTypeStringList,SeAdtParmTypeSidList,
     43     SeAdtParmTypeDuration,SeAdtParmTypeUserAccountControl,SeAdtParmTypeNoUac,SeAdtParmTypeMessage,SeAdtParmTypeDateTime,SeAdtParmTypeSockAddr
     44   } SE_ADT_PARAMETER_TYPE,*PSE_ADT_PARAMETER_TYPE;
     45 
     46 #include <guiddef.h>
     47 
     48 #define SE_ADT_OBJECT_ONLY 0x1
     49 
     50   typedef struct _SE_ADT_OBJECT_TYPE {
     51     GUID ObjectType;
     52     USHORT Flags;
     53     USHORT Level;
     54     ACCESS_MASK AccessMask;
     55   } SE_ADT_OBJECT_TYPE,*PSE_ADT_OBJECT_TYPE;
     56 
     57   typedef struct _SE_ADT_PARAMETER_ARRAY_ENTRY {
     58     SE_ADT_PARAMETER_TYPE Type;
     59     ULONG Length;
     60     ULONG_PTR Data[2];
     61     PVOID Address;
     62   } SE_ADT_PARAMETER_ARRAY_ENTRY,*PSE_ADT_PARAMETER_ARRAY_ENTRY;
     63 
     64 #define SE_MAX_AUDIT_PARAMETERS 32
     65 #define SE_MAX_GENERIC_AUDIT_PARAMETERS 28
     66 
     67   typedef struct _SE_ADT_PARAMETER_ARRAY {
     68     ULONG CategoryId;
     69     ULONG AuditId;
     70     ULONG ParameterCount;
     71     ULONG Length;
     72     USHORT Type;
     73     ULONG Flags;
     74     SE_ADT_PARAMETER_ARRAY_ENTRY Parameters[SE_MAX_AUDIT_PARAMETERS ];
     75   } SE_ADT_PARAMETER_ARRAY,*PSE_ADT_PARAMETER_ARRAY;
     76 
     77 #define SE_ADT_PARAMETERS_SELF_RELATIVE 0x00000001
     78 #endif
     79 #endif
     80 
     81   typedef enum _POLICY_AUDIT_EVENT_TYPE {
     82     AuditCategorySystem = 0,AuditCategoryLogon,AuditCategoryObjectAccess,AuditCategoryPrivilegeUse,AuditCategoryDetailedTracking,
     83     AuditCategoryPolicyChange,AuditCategoryAccountManagement,AuditCategoryDirectoryServiceAccess,AuditCategoryAccountLogon
     84   } POLICY_AUDIT_EVENT_TYPE,*PPOLICY_AUDIT_EVENT_TYPE;
     85 
     86 #define POLICY_AUDIT_EVENT_UNCHANGED (__MSABI_LONG(0x00000000))
     87 #define POLICY_AUDIT_EVENT_SUCCESS (__MSABI_LONG(0x00000001))
     88 #define POLICY_AUDIT_EVENT_FAILURE (__MSABI_LONG(0x00000002))
     89 #define POLICY_AUDIT_EVENT_NONE (__MSABI_LONG(0x00000004))
     90 #define POLICY_AUDIT_EVENT_MASK (POLICY_AUDIT_EVENT_SUCCESS | POLICY_AUDIT_EVENT_FAILURE | POLICY_AUDIT_EVENT_UNCHANGED | POLICY_AUDIT_EVENT_NONE)
     91 
     92 #ifdef _NTDEF_
     93   typedef UNICODE_STRING LSA_UNICODE_STRING,*PLSA_UNICODE_STRING;
     94   typedef STRING LSA_STRING,*PLSA_STRING;
     95   typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES,*PLSA_OBJECT_ATTRIBUTES;
     96 #else
     97 
     98 #ifndef _NO_W32_PSEUDO_MODIFIERS
     99 #ifndef IN
    100 #define IN
    101 #endif
    102 #ifndef OUT
    103 #define OUT
    104 #endif
    105 #ifndef OPTIONAL
    106 #define OPTIONAL
    107 #endif
    108 #endif
    109 
    110   typedef struct _LSA_UNICODE_STRING {
    111     USHORT Length;
    112     USHORT MaximumLength;
    113     PWSTR Buffer;
    114   } LSA_UNICODE_STRING,*PLSA_UNICODE_STRING;
    115 
    116   typedef struct _LSA_STRING {
    117     USHORT Length;
    118     USHORT MaximumLength;
    119     PCHAR Buffer;
    120   } LSA_STRING,*PLSA_STRING;
    121 
    122   typedef struct _LSA_OBJECT_ATTRIBUTES {
    123     ULONG Length;
    124     HANDLE RootDirectory;
    125     PLSA_UNICODE_STRING ObjectName;
    126     ULONG Attributes;
    127     PVOID SecurityDescriptor;
    128     PVOID SecurityQualityOfService;
    129   } LSA_OBJECT_ATTRIBUTES,*PLSA_OBJECT_ATTRIBUTES;
    130 #endif
    131 
    132 #define LSA_SUCCESS(Error) ((LONG)(Error) >= 0)
    133 
    134 #ifndef _NTLSA_IFS_
    135   NTSTATUS NTAPI LsaRegisterLogonProcess(PLSA_STRING LogonProcessName,PHANDLE LsaHandle,PLSA_OPERATIONAL_MODE SecurityMode);
    136   NTSTATUS NTAPI LsaLogonUser(HANDLE LsaHandle,PLSA_STRING OriginName,SECURITY_LOGON_TYPE LogonType,ULONG AuthenticationPackage,PVOID AuthenticationInformation,ULONG AuthenticationInformationLength,PTOKEN_GROUPS LocalGroups,PTOKEN_SOURCE SourceContext,PVOID *ProfileBuffer,PULONG ProfileBufferLength,PLUID LogonId,PHANDLE Token,PQUOTA_LIMITS Quotas,PNTSTATUS SubStatus);
    137   NTSTATUS NTAPI LsaLookupAuthenticationPackage(HANDLE LsaHandle,PLSA_STRING PackageName,PULONG AuthenticationPackage);
    138   NTSTATUS NTAPI LsaFreeReturnBuffer (PVOID Buffer);
    139   NTSTATUS NTAPI LsaCallAuthenticationPackage(HANDLE LsaHandle,ULONG AuthenticationPackage,PVOID ProtocolSubmitBuffer,ULONG SubmitBufferLength,PVOID *ProtocolReturnBuffer,PULONG ReturnBufferLength,PNTSTATUS ProtocolStatus);
    140   NTSTATUS NTAPI LsaDeregisterLogonProcess(HANDLE LsaHandle);
    141   NTSTATUS NTAPI LsaConnectUntrusted(PHANDLE LsaHandle);
    142 #endif
    143 
    144 #define POLICY_VIEW_LOCAL_INFORMATION __MSABI_LONG(0x00000001)
    145 #define POLICY_VIEW_AUDIT_INFORMATION __MSABI_LONG(0x00000002)
    146 #define POLICY_GET_PRIVATE_INFORMATION __MSABI_LONG(0x00000004)
    147 #define POLICY_TRUST_ADMIN __MSABI_LONG(0x00000008)
    148 #define POLICY_CREATE_ACCOUNT __MSABI_LONG(0x00000010)
    149 #define POLICY_CREATE_SECRET __MSABI_LONG(0x00000020)
    150 #define POLICY_CREATE_PRIVILEGE __MSABI_LONG(0x00000040)
    151 #define POLICY_SET_DEFAULT_QUOTA_LIMITS __MSABI_LONG(0x00000080)
    152 #define POLICY_SET_AUDIT_REQUIREMENTS __MSABI_LONG(0x00000100)
    153 #define POLICY_AUDIT_LOG_ADMIN __MSABI_LONG(0x00000200)
    154 #define POLICY_SERVER_ADMIN __MSABI_LONG(0x00000400)
    155 #define POLICY_LOOKUP_NAMES __MSABI_LONG(0x00000800)
    156 #define POLICY_NOTIFICATION __MSABI_LONG(0x00001000)
    157 
    158 #define POLICY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | POLICY_VIEW_LOCAL_INFORMATION | POLICY_VIEW_AUDIT_INFORMATION | POLICY_GET_PRIVATE_INFORMATION | POLICY_TRUST_ADMIN | POLICY_CREATE_ACCOUNT | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE | POLICY_SET_DEFAULT_QUOTA_LIMITS | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN | POLICY_SERVER_ADMIN | POLICY_LOOKUP_NAMES)
    159 #define POLICY_READ (STANDARD_RIGHTS_READ | POLICY_VIEW_AUDIT_INFORMATION | POLICY_GET_PRIVATE_INFORMATION)
    160 #define POLICY_WRITE (STANDARD_RIGHTS_WRITE | POLICY_TRUST_ADMIN | POLICY_CREATE_ACCOUNT | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE | POLICY_SET_DEFAULT_QUOTA_LIMITS | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN | POLICY_SERVER_ADMIN)
    161 #define POLICY_EXECUTE (STANDARD_RIGHTS_EXECUTE | POLICY_VIEW_LOCAL_INFORMATION | POLICY_LOOKUP_NAMES)
    162 
    163   typedef struct _LSA_TRUST_INFORMATION {
    164     LSA_UNICODE_STRING Name;
    165     PSID Sid;
    166   } LSA_TRUST_INFORMATION,*PLSA_TRUST_INFORMATION;
    167 
    168   typedef struct _LSA_REFERENCED_DOMAIN_LIST {
    169     ULONG Entries;
    170     PLSA_TRUST_INFORMATION Domains;
    171   } LSA_REFERENCED_DOMAIN_LIST,*PLSA_REFERENCED_DOMAIN_LIST;
    172 
    173   typedef struct _LSA_TRANSLATED_SID {
    174     SID_NAME_USE Use;
    175     ULONG RelativeId;
    176     LONG DomainIndex;
    177   } LSA_TRANSLATED_SID,*PLSA_TRANSLATED_SID;
    178 
    179   typedef struct _LSA_TRANSLATED_SID2 {
    180     SID_NAME_USE Use;
    181     PSID Sid;
    182     LONG DomainIndex;
    183     ULONG Flags;
    184   } LSA_TRANSLATED_SID2,*PLSA_TRANSLATED_SID2;
    185 
    186   typedef struct _LSA_TRANSLATED_NAME {
    187     SID_NAME_USE Use;
    188     LSA_UNICODE_STRING Name;
    189     LONG DomainIndex;
    190   } LSA_TRANSLATED_NAME,*PLSA_TRANSLATED_NAME;
    191 
    192   typedef enum _POLICY_LSA_SERVER_ROLE {
    193     PolicyServerRoleBackup = 2,PolicyServerRolePrimary
    194   } POLICY_LSA_SERVER_ROLE,*PPOLICY_LSA_SERVER_ROLE;
    195 
    196   typedef ULONG POLICY_AUDIT_EVENT_OPTIONS,*PPOLICY_AUDIT_EVENT_OPTIONS;
    197 
    198   typedef enum _POLICY_INFORMATION_CLASS {
    199     PolicyAuditLogInformation = 1,PolicyAuditEventsInformation,PolicyPrimaryDomainInformation,PolicyPdAccountInformation,
    200     PolicyAccountDomainInformation,PolicyLsaServerRoleInformation,PolicyReplicaSourceInformation,PolicyDefaultQuotaInformation,
    201     PolicyModificationInformation,PolicyAuditFullSetInformation,PolicyAuditFullQueryInformation,PolicyDnsDomainInformation,
    202     PolicyDnsDomainInformationInt
    203   } POLICY_INFORMATION_CLASS,*PPOLICY_INFORMATION_CLASS;
    204 
    205   typedef struct _POLICY_AUDIT_LOG_INFO {
    206     ULONG AuditLogPercentFull;
    207     ULONG MaximumLogSize;
    208     LARGE_INTEGER AuditRetentionPeriod;
    209     BOOLEAN AuditLogFullShutdownInProgress;
    210     LARGE_INTEGER TimeToShutdown;
    211     ULONG NextAuditRecordId;
    212   } POLICY_AUDIT_LOG_INFO,*PPOLICY_AUDIT_LOG_INFO;
    213 
    214   typedef struct _POLICY_AUDIT_EVENTS_INFO {
    215     BOOLEAN AuditingMode;
    216     PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions;
    217     ULONG MaximumAuditEventCount;
    218   } POLICY_AUDIT_EVENTS_INFO,*PPOLICY_AUDIT_EVENTS_INFO;
    219 
    220   typedef struct _POLICY_ACCOUNT_DOMAIN_INFO {
    221     LSA_UNICODE_STRING DomainName;
    222     PSID DomainSid;
    223   } POLICY_ACCOUNT_DOMAIN_INFO,*PPOLICY_ACCOUNT_DOMAIN_INFO;
    224 
    225   typedef struct _POLICY_PRIMARY_DOMAIN_INFO {
    226     LSA_UNICODE_STRING Name;
    227     PSID Sid;
    228   } POLICY_PRIMARY_DOMAIN_INFO,*PPOLICY_PRIMARY_DOMAIN_INFO;
    229 
    230   typedef struct _POLICY_DNS_DOMAIN_INFO {
    231     LSA_UNICODE_STRING Name;
    232     LSA_UNICODE_STRING DnsDomainName;
    233     LSA_UNICODE_STRING DnsForestName;
    234     GUID DomainGuid;
    235     PSID Sid;
    236   } POLICY_DNS_DOMAIN_INFO,*PPOLICY_DNS_DOMAIN_INFO;
    237 
    238   typedef struct _POLICY_PD_ACCOUNT_INFO {
    239     LSA_UNICODE_STRING Name;
    240   } POLICY_PD_ACCOUNT_INFO,*PPOLICY_PD_ACCOUNT_INFO;
    241 
    242   typedef struct _POLICY_LSA_SERVER_ROLE_INFO {
    243     POLICY_LSA_SERVER_ROLE LsaServerRole;
    244   } POLICY_LSA_SERVER_ROLE_INFO,*PPOLICY_LSA_SERVER_ROLE_INFO;
    245 
    246   typedef struct _POLICY_REPLICA_SOURCE_INFO {
    247     LSA_UNICODE_STRING ReplicaSource;
    248     LSA_UNICODE_STRING ReplicaAccountName;
    249   } POLICY_REPLICA_SOURCE_INFO,*PPOLICY_REPLICA_SOURCE_INFO;
    250 
    251   typedef struct _POLICY_DEFAULT_QUOTA_INFO {
    252     QUOTA_LIMITS QuotaLimits;
    253   } POLICY_DEFAULT_QUOTA_INFO,*PPOLICY_DEFAULT_QUOTA_INFO;
    254 
    255   typedef struct _POLICY_MODIFICATION_INFO {
    256     LARGE_INTEGER ModifiedId;
    257     LARGE_INTEGER DatabaseCreationTime;
    258   } POLICY_MODIFICATION_INFO,*PPOLICY_MODIFICATION_INFO;
    259 
    260   typedef struct _POLICY_AUDIT_FULL_SET_INFO {
    261     BOOLEAN ShutDownOnFull;
    262   } POLICY_AUDIT_FULL_SET_INFO,*PPOLICY_AUDIT_FULL_SET_INFO;
    263 
    264   typedef struct _POLICY_AUDIT_FULL_QUERY_INFO {
    265     BOOLEAN ShutDownOnFull;
    266     BOOLEAN LogIsFull;
    267   } POLICY_AUDIT_FULL_QUERY_INFO,*PPOLICY_AUDIT_FULL_QUERY_INFO;
    268 
    269   typedef enum _POLICY_DOMAIN_INFORMATION_CLASS {
    270     PolicyDomainEfsInformation = 2,PolicyDomainKerberosTicketInformation
    271   } POLICY_DOMAIN_INFORMATION_CLASS,*PPOLICY_DOMAIN_INFORMATION_CLASS;
    272 
    273   typedef struct _POLICY_DOMAIN_EFS_INFO {
    274     ULONG InfoLength;
    275     PUCHAR EfsBlob;
    276   } POLICY_DOMAIN_EFS_INFO,*PPOLICY_DOMAIN_EFS_INFO;
    277 
    278 #define POLICY_KERBEROS_VALIDATE_CLIENT 0x00000080
    279 
    280   typedef struct _POLICY_DOMAIN_KERBEROS_TICKET_INFO {
    281     ULONG AuthenticationOptions;
    282     LARGE_INTEGER MaxServiceTicketAge;
    283     LARGE_INTEGER MaxTicketAge;
    284     LARGE_INTEGER MaxRenewAge;
    285     LARGE_INTEGER MaxClockSkew;
    286     LARGE_INTEGER Reserved;
    287   } POLICY_DOMAIN_KERBEROS_TICKET_INFO,*PPOLICY_DOMAIN_KERBEROS_TICKET_INFO;
    288 
    289   typedef enum _POLICY_NOTIFICATION_INFORMATION_CLASS {
    290     PolicyNotifyAuditEventsInformation = 1,PolicyNotifyAccountDomainInformation,PolicyNotifyServerRoleInformation,PolicyNotifyDnsDomainInformation,
    291     PolicyNotifyDomainEfsInformation,PolicyNotifyDomainKerberosTicketInformation,PolicyNotifyMachineAccountPasswordInformation
    292   } POLICY_NOTIFICATION_INFORMATION_CLASS,*PPOLICY_NOTIFICATION_INFORMATION_CLASS;
    293 
    294   typedef PVOID LSA_HANDLE,*PLSA_HANDLE;
    295 
    296   typedef enum _TRUSTED_INFORMATION_CLASS {
    297     TrustedDomainNameInformation = 1,TrustedControllersInformation,TrustedPosixOffsetInformation,TrustedPasswordInformation,
    298     TrustedDomainInformationBasic,TrustedDomainInformationEx,TrustedDomainAuthInformation,TrustedDomainFullInformation,
    299     TrustedDomainAuthInformationInternal,TrustedDomainFullInformationInternal,TrustedDomainInformationEx2Internal,TrustedDomainFullInformation2Internal
    300   } TRUSTED_INFORMATION_CLASS,*PTRUSTED_INFORMATION_CLASS;
    301 
    302   typedef struct _TRUSTED_DOMAIN_NAME_INFO {
    303     LSA_UNICODE_STRING Name;
    304   } TRUSTED_DOMAIN_NAME_INFO,*PTRUSTED_DOMAIN_NAME_INFO;
    305 
    306   typedef struct _TRUSTED_CONTROLLERS_INFO {
    307     ULONG Entries;
    308     PLSA_UNICODE_STRING Names;
    309   } TRUSTED_CONTROLLERS_INFO,*PTRUSTED_CONTROLLERS_INFO;
    310 
    311   typedef struct _TRUSTED_POSIX_OFFSET_INFO {
    312     ULONG Offset;
    313   } TRUSTED_POSIX_OFFSET_INFO,*PTRUSTED_POSIX_OFFSET_INFO;
    314 
    315   typedef struct _TRUSTED_PASSWORD_INFO {
    316     LSA_UNICODE_STRING Password;
    317     LSA_UNICODE_STRING OldPassword;
    318   } TRUSTED_PASSWORD_INFO,*PTRUSTED_PASSWORD_INFO;
    319 
    320   typedef LSA_TRUST_INFORMATION TRUSTED_DOMAIN_INFORMATION_BASIC;
    321   typedef PLSA_TRUST_INFORMATION PTRUSTED_DOMAIN_INFORMATION_BASIC;
    322 
    323 #define TRUST_DIRECTION_DISABLED 0x00000000
    324 #define TRUST_DIRECTION_INBOUND 0x00000001
    325 #define TRUST_DIRECTION_OUTBOUND 0x00000002
    326 #define TRUST_DIRECTION_BIDIRECTIONAL (TRUST_DIRECTION_INBOUND | TRUST_DIRECTION_OUTBOUND)
    327 
    328 #define TRUST_TYPE_DOWNLEVEL 0x00000001
    329 #define TRUST_TYPE_UPLEVEL 0x00000002
    330 #define TRUST_TYPE_MIT 0x00000003
    331 
    332 #define TRUST_ATTRIBUTE_NON_TRANSITIVE 0x00000001
    333 #define TRUST_ATTRIBUTE_UPLEVEL_ONLY 0x00000002
    334 #define TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0x00000004
    335 #define TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0x00000008
    336 #define TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0x00000010
    337 #define TRUST_ATTRIBUTE_WITHIN_FOREST 0x00000020
    338 #define TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0x00000040
    339 #define TRUST_ATTRIBUTE_TRUST_USES_RC4_ENCRYPTION 0x00000080
    340 
    341 #define TRUST_ATTRIBUTES_VALID 0xFF03FFFF
    342 #define TRUST_ATTRIBUTES_USER 0xFF000000
    343 
    344   typedef struct _TRUSTED_DOMAIN_INFORMATION_EX {
    345     LSA_UNICODE_STRING Name;
    346     LSA_UNICODE_STRING FlatName;
    347     PSID Sid;
    348     ULONG TrustDirection;
    349     ULONG TrustType;
    350     ULONG TrustAttributes;
    351   } TRUSTED_DOMAIN_INFORMATION_EX,*PTRUSTED_DOMAIN_INFORMATION_EX;
    352 
    353   typedef struct _TRUSTED_DOMAIN_INFORMATION_EX2 {
    354     LSA_UNICODE_STRING Name;
    355     LSA_UNICODE_STRING FlatName;
    356     PSID Sid;
    357     ULONG TrustDirection;
    358     ULONG TrustType;
    359     ULONG TrustAttributes;
    360     ULONG ForestTrustLength;
    361     PUCHAR ForestTrustInfo;
    362   } TRUSTED_DOMAIN_INFORMATION_EX2,*PTRUSTED_DOMAIN_INFORMATION_EX2;
    363 
    364 #define TRUST_AUTH_TYPE_NONE 0
    365 #define TRUST_AUTH_TYPE_NT4OWF 1
    366 #define TRUST_AUTH_TYPE_CLEAR 2
    367 #define TRUST_AUTH_TYPE_VERSION 3
    368 
    369   typedef struct _LSA_AUTH_INFORMATION {
    370     LARGE_INTEGER LastUpdateTime;
    371     ULONG AuthType;
    372     ULONG AuthInfoLength;
    373     PUCHAR AuthInfo;
    374   } LSA_AUTH_INFORMATION,*PLSA_AUTH_INFORMATION;
    375 
    376   typedef struct _TRUSTED_DOMAIN_AUTH_INFORMATION {
    377     ULONG IncomingAuthInfos;
    378     PLSA_AUTH_INFORMATION IncomingAuthenticationInformation;
    379     PLSA_AUTH_INFORMATION IncomingPreviousAuthenticationInformation;
    380     ULONG OutgoingAuthInfos;
    381     PLSA_AUTH_INFORMATION OutgoingAuthenticationInformation;
    382     PLSA_AUTH_INFORMATION OutgoingPreviousAuthenticationInformation;
    383   } TRUSTED_DOMAIN_AUTH_INFORMATION,*PTRUSTED_DOMAIN_AUTH_INFORMATION;
    384 
    385   typedef struct _TRUSTED_DOMAIN_FULL_INFORMATION {
    386     TRUSTED_DOMAIN_INFORMATION_EX Information;
    387     TRUSTED_POSIX_OFFSET_INFO PosixOffset;
    388     TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation;
    389   } TRUSTED_DOMAIN_FULL_INFORMATION,*PTRUSTED_DOMAIN_FULL_INFORMATION;
    390 
    391   typedef struct _TRUSTED_DOMAIN_FULL_INFORMATION2 {
    392     TRUSTED_DOMAIN_INFORMATION_EX2 Information;
    393     TRUSTED_POSIX_OFFSET_INFO PosixOffset;
    394     TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation;
    395   } TRUSTED_DOMAIN_FULL_INFORMATION2,*PTRUSTED_DOMAIN_FULL_INFORMATION2;
    396 
    397   typedef enum {
    398     ForestTrustTopLevelName,ForestTrustTopLevelNameEx,ForestTrustDomainInfo,ForestTrustRecordTypeLast = ForestTrustDomainInfo
    399   } LSA_FOREST_TRUST_RECORD_TYPE;
    400 
    401 #define LSA_FTRECORD_DISABLED_REASONS (__MSABI_LONG(0x0000FFFF))
    402 
    403 #define LSA_TLN_DISABLED_NEW (__MSABI_LONG(0x00000001))
    404 #define LSA_TLN_DISABLED_ADMIN (__MSABI_LONG(0x00000002))
    405 #define LSA_TLN_DISABLED_CONFLICT (__MSABI_LONG(0x00000004))
    406 
    407 #define LSA_SID_DISABLED_ADMIN (__MSABI_LONG(0x00000001))
    408 #define LSA_SID_DISABLED_CONFLICT (__MSABI_LONG(0x00000002))
    409 #define LSA_NB_DISABLED_ADMIN (__MSABI_LONG(0x00000004))
    410 #define LSA_NB_DISABLED_CONFLICT (__MSABI_LONG(0x00000008))
    411 
    412   typedef struct _LSA_FOREST_TRUST_DOMAIN_INFO {
    413     PSID Sid;
    414     LSA_UNICODE_STRING DnsName;
    415     LSA_UNICODE_STRING NetbiosName;
    416   } LSA_FOREST_TRUST_DOMAIN_INFO,*PLSA_FOREST_TRUST_DOMAIN_INFO;
    417 
    418 #define MAX_FOREST_TRUST_BINARY_DATA_SIZE (128*1024)
    419 
    420   typedef struct _LSA_FOREST_TRUST_BINARY_DATA {
    421     ULONG Length;
    422     PUCHAR Buffer;
    423   } LSA_FOREST_TRUST_BINARY_DATA,*PLSA_FOREST_TRUST_BINARY_DATA;
    424 
    425   typedef struct _LSA_FOREST_TRUST_RECORD {
    426     ULONG Flags;
    427     LSA_FOREST_TRUST_RECORD_TYPE ForestTrustType;
    428     LARGE_INTEGER Time;
    429     union {
    430       LSA_UNICODE_STRING TopLevelName;
    431       LSA_FOREST_TRUST_DOMAIN_INFO DomainInfo;
    432       LSA_FOREST_TRUST_BINARY_DATA Data;
    433     } ForestTrustData;
    434   } LSA_FOREST_TRUST_RECORD,*PLSA_FOREST_TRUST_RECORD;
    435 
    436 #define MAX_RECORDS_IN_FOREST_TRUST_INFO 4000
    437 
    438   typedef struct _LSA_FOREST_TRUST_INFORMATION {
    439     ULONG RecordCount;
    440     PLSA_FOREST_TRUST_RECORD *Entries;
    441   } LSA_FOREST_TRUST_INFORMATION,*PLSA_FOREST_TRUST_INFORMATION;
    442 
    443   typedef enum {
    444     CollisionTdo,CollisionXref,CollisionOther
    445   } LSA_FOREST_TRUST_COLLISION_RECORD_TYPE;
    446 
    447   typedef struct _LSA_FOREST_TRUST_COLLISION_RECORD {
    448     ULONG Index;
    449     LSA_FOREST_TRUST_COLLISION_RECORD_TYPE Type;
    450     ULONG Flags;
    451     LSA_UNICODE_STRING Name;
    452   } LSA_FOREST_TRUST_COLLISION_RECORD,*PLSA_FOREST_TRUST_COLLISION_RECORD;
    453 
    454   typedef struct _LSA_FOREST_TRUST_COLLISION_INFORMATION {
    455     ULONG RecordCount;
    456     PLSA_FOREST_TRUST_COLLISION_RECORD *Entries;
    457   } LSA_FOREST_TRUST_COLLISION_INFORMATION,*PLSA_FOREST_TRUST_COLLISION_INFORMATION;
    458 
    459   typedef ULONG LSA_ENUMERATION_HANDLE,*PLSA_ENUMERATION_HANDLE;
    460 
    461   typedef struct _LSA_ENUMERATION_INFORMATION {
    462     PSID Sid;
    463   } LSA_ENUMERATION_INFORMATION,*PLSA_ENUMERATION_INFORMATION;
    464 
    465   NTSTATUS NTAPI LsaFreeMemory(PVOID Buffer);
    466   NTSTATUS NTAPI LsaClose(LSA_HANDLE ObjectHandle);
    467 
    468   typedef struct _SECURITY_LOGON_SESSION_DATA {
    469     ULONG Size;
    470     LUID LogonId;
    471     LSA_UNICODE_STRING UserName;
    472     LSA_UNICODE_STRING LogonDomain;
    473     LSA_UNICODE_STRING AuthenticationPackage;
    474     ULONG LogonType;
    475     ULONG Session;
    476     PSID Sid;
    477     LARGE_INTEGER LogonTime;
    478     LSA_UNICODE_STRING LogonServer;
    479     LSA_UNICODE_STRING DnsDomainName;
    480     LSA_UNICODE_STRING Upn;
    481   } SECURITY_LOGON_SESSION_DATA,*PSECURITY_LOGON_SESSION_DATA;
    482 
    483   NTSTATUS NTAPI LsaEnumerateLogonSessions(PULONG LogonSessionCount,PLUID *LogonSessionList);
    484   NTSTATUS NTAPI LsaGetLogonSessionData(PLUID LogonId,PSECURITY_LOGON_SESSION_DATA *ppLogonSessionData);
    485   NTSTATUS NTAPI LsaOpenPolicy(PLSA_UNICODE_STRING SystemName,PLSA_OBJECT_ATTRIBUTES ObjectAttributes,ACCESS_MASK DesiredAccess,PLSA_HANDLE PolicyHandle);
    486   NTSTATUS NTAPI LsaQueryInformationPolicy(LSA_HANDLE PolicyHandle,POLICY_INFORMATION_CLASS InformationClass,PVOID *Buffer);
    487   NTSTATUS NTAPI LsaSetInformationPolicy(LSA_HANDLE PolicyHandle,POLICY_INFORMATION_CLASS InformationClass,PVOID Buffer);
    488   NTSTATUS NTAPI LsaQueryDomainInformationPolicy(LSA_HANDLE PolicyHandle,POLICY_DOMAIN_INFORMATION_CLASS InformationClass,PVOID *Buffer);
    489   NTSTATUS NTAPI LsaSetDomainInformationPolicy(LSA_HANDLE PolicyHandle,POLICY_DOMAIN_INFORMATION_CLASS InformationClass,PVOID Buffer);
    490   NTSTATUS NTAPI LsaRegisterPolicyChangeNotification(POLICY_NOTIFICATION_INFORMATION_CLASS InformationClass,HANDLE NotificationEventHandle);
    491   NTSTATUS NTAPI LsaUnregisterPolicyChangeNotification(POLICY_NOTIFICATION_INFORMATION_CLASS InformationClass,HANDLE NotificationEventHandle);
    492   NTSTATUS NTAPI LsaEnumerateTrustedDomains(LSA_HANDLE PolicyHandle,PLSA_ENUMERATION_HANDLE EnumerationContext,PVOID *Buffer,ULONG PreferedMaximumLength,PULONG CountReturned);
    493   NTSTATUS NTAPI LsaLookupNames(LSA_HANDLE PolicyHandle,ULONG Count,PLSA_UNICODE_STRING Names,PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,PLSA_TRANSLATED_SID *Sids);
    494   NTSTATUS NTAPI LsaLookupNames2(LSA_HANDLE PolicyHandle,ULONG Flags,ULONG Count,PLSA_UNICODE_STRING Names,PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,PLSA_TRANSLATED_SID2 *Sids);
    495   NTSTATUS NTAPI LsaLookupSids(LSA_HANDLE PolicyHandle,ULONG Count,PSID *Sids,PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,PLSA_TRANSLATED_NAME *Names);
    496 
    497 #define SE_INTERACTIVE_LOGON_NAME TEXT("SeInteractiveLogonRight")
    498 #define SE_NETWORK_LOGON_NAME TEXT("SeNetworkLogonRight")
    499 #define SE_BATCH_LOGON_NAME TEXT("SeBatchLogonRight")
    500 #define SE_SERVICE_LOGON_NAME TEXT("SeServiceLogonRight")
    501 #define SE_DENY_INTERACTIVE_LOGON_NAME TEXT("SeDenyInteractiveLogonRight")
    502 #define SE_DENY_NETWORK_LOGON_NAME TEXT("SeDenyNetworkLogonRight")
    503 #define SE_DENY_BATCH_LOGON_NAME TEXT("SeDenyBatchLogonRight")
    504 #define SE_DENY_SERVICE_LOGON_NAME TEXT("SeDenyServiceLogonRight")
    505 #define SE_REMOTE_INTERACTIVE_LOGON_NAME TEXT("SeRemoteInteractiveLogonRight")
    506 #define SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME TEXT("SeDenyRemoteInteractiveLogonRight")
    507 
    508   NTSTATUS NTAPI LsaEnumerateAccountsWithUserRight(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING UserRight,PVOID *Buffer,PULONG CountReturned);
    509   NTSTATUS NTAPI LsaEnumerateAccountRights(LSA_HANDLE PolicyHandle,PSID AccountSid,PLSA_UNICODE_STRING *UserRights,PULONG CountOfRights);
    510   NTSTATUS NTAPI LsaAddAccountRights(LSA_HANDLE PolicyHandle,PSID AccountSid,PLSA_UNICODE_STRING UserRights,ULONG CountOfRights);
    511   NTSTATUS NTAPI LsaRemoveAccountRights(LSA_HANDLE PolicyHandle,PSID AccountSid,BOOLEAN AllRights,PLSA_UNICODE_STRING UserRights,ULONG CountOfRights);
    512   NTSTATUS NTAPI LsaOpenTrustedDomainByName(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,ACCESS_MASK DesiredAccess,PLSA_HANDLE TrustedDomainHandle);
    513   NTSTATUS NTAPI LsaQueryTrustedDomainInfo(LSA_HANDLE PolicyHandle,PSID TrustedDomainSid,TRUSTED_INFORMATION_CLASS InformationClass,PVOID *Buffer);
    514   NTSTATUS NTAPI LsaSetTrustedDomainInformation(LSA_HANDLE PolicyHandle,PSID TrustedDomainSid,TRUSTED_INFORMATION_CLASS InformationClass,PVOID Buffer);
    515   NTSTATUS NTAPI LsaDeleteTrustedDomain(LSA_HANDLE PolicyHandle,PSID TrustedDomainSid);
    516   NTSTATUS NTAPI LsaQueryTrustedDomainInfoByName(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,TRUSTED_INFORMATION_CLASS InformationClass,PVOID *Buffer);
    517   NTSTATUS NTAPI LsaSetTrustedDomainInfoByName(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,TRUSTED_INFORMATION_CLASS InformationClass,PVOID Buffer);
    518   NTSTATUS NTAPI LsaEnumerateTrustedDomainsEx(LSA_HANDLE PolicyHandle,PLSA_ENUMERATION_HANDLE EnumerationContext,PVOID *Buffer,ULONG PreferedMaximumLength,PULONG CountReturned);
    519   NTSTATUS NTAPI LsaCreateTrustedDomainEx(LSA_HANDLE PolicyHandle,PTRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation,PTRUSTED_DOMAIN_AUTH_INFORMATION AuthenticationInformation,ACCESS_MASK DesiredAccess,PLSA_HANDLE TrustedDomainHandle);
    520   NTSTATUS NTAPI LsaQueryForestTrustInformation(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,PLSA_FOREST_TRUST_INFORMATION *ForestTrustInfo);
    521   NTSTATUS NTAPI LsaSetForestTrustInformation(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,PLSA_FOREST_TRUST_INFORMATION ForestTrustInfo,BOOLEAN CheckOnly,PLSA_FOREST_TRUST_COLLISION_INFORMATION *CollisionInfo);
    522 
    523 #ifdef TESTING_MATCHING_ROUTINE
    524   NTSTATUS NTAPI LsaForestTrustFindMatch(LSA_HANDLE PolicyHandle,ULONG Type,PLSA_UNICODE_STRING Name,PLSA_UNICODE_STRING *Match);
    525 #endif
    526 
    527   NTSTATUS NTAPI LsaStorePrivateData(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING KeyName,PLSA_UNICODE_STRING PrivateData);
    528   NTSTATUS NTAPI LsaRetrievePrivateData(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING KeyName,PLSA_UNICODE_STRING *PrivateData);
    529   ULONG NTAPI LsaNtStatusToWinError(NTSTATUS Status);
    530 
    531 #ifndef _NTLSA_IFS_
    532 #define _NTLSA_IFS_
    533 #endif
    534 
    535   enum NEGOTIATE_MESSAGES {
    536     NegEnumPackagePrefixes = 0,NegGetCallerName = 1,NegCallPackageMax
    537   };
    538 
    539 #define NEGOTIATE_MAX_PREFIX 32
    540 
    541   typedef struct _NEGOTIATE_PACKAGE_PREFIX {
    542     ULONG_PTR PackageId;
    543     PVOID PackageDataA;
    544     PVOID PackageDataW;
    545     ULONG_PTR PrefixLen;
    546     UCHAR Prefix[NEGOTIATE_MAX_PREFIX ];
    547   } NEGOTIATE_PACKAGE_PREFIX,*PNEGOTIATE_PACKAGE_PREFIX;
    548 
    549   typedef struct _NEGOTIATE_PACKAGE_PREFIXES {
    550     ULONG MessageType;
    551     ULONG PrefixCount;
    552     ULONG Offset;
    553     ULONG Pad;
    554   } NEGOTIATE_PACKAGE_PREFIXES,*PNEGOTIATE_PACKAGE_PREFIXES;
    555 
    556   typedef struct _NEGOTIATE_CALLER_NAME_REQUEST {
    557     ULONG MessageType;
    558     LUID LogonId;
    559   } NEGOTIATE_CALLER_NAME_REQUEST,*PNEGOTIATE_CALLER_NAME_REQUEST;
    560 
    561   typedef struct _NEGOTIATE_CALLER_NAME_RESPONSE {
    562     ULONG MessageType;
    563     PWSTR CallerName;
    564   } NEGOTIATE_CALLER_NAME_RESPONSE,*PNEGOTIATE_CALLER_NAME_RESPONSE;
    565 
    566 #ifndef _NTDEF_
    567 #ifndef __UNICODE_STRING_DEFINED
    568 #define __UNICODE_STRING_DEFINED
    569   typedef LSA_UNICODE_STRING UNICODE_STRING,*PUNICODE_STRING;
    570 #endif
    571 #ifndef __STRING_DEFINED
    572 #define __STRING_DEFINED
    573   typedef LSA_STRING STRING,*PSTRING;
    574 #endif
    575 #endif
    576 
    577 #ifndef _DOMAIN_PASSWORD_INFORMATION_DEFINED
    578 #define _DOMAIN_PASSWORD_INFORMATION_DEFINED
    579   typedef struct _DOMAIN_PASSWORD_INFORMATION {
    580     USHORT MinPasswordLength;
    581     USHORT PasswordHistoryLength;
    582     ULONG PasswordProperties;
    583     LARGE_INTEGER MaxPasswordAge;
    584     LARGE_INTEGER MinPasswordAge;
    585   } DOMAIN_PASSWORD_INFORMATION,*PDOMAIN_PASSWORD_INFORMATION;
    586 #endif
    587 
    588 #define DOMAIN_PASSWORD_COMPLEX __MSABI_LONG(0x00000001)
    589 #define DOMAIN_PASSWORD_NO_ANON_CHANGE __MSABI_LONG(0x00000002)
    590 #define DOMAIN_PASSWORD_NO_CLEAR_CHANGE __MSABI_LONG(0x00000004)
    591 #define DOMAIN_LOCKOUT_ADMINS __MSABI_LONG(0x00000008)
    592 #define DOMAIN_PASSWORD_STORE_CLEARTEXT __MSABI_LONG(0x00000010)
    593 #define DOMAIN_REFUSE_PASSWORD_CHANGE __MSABI_LONG(0x00000020)
    594 
    595 #ifndef _PASSWORD_NOTIFICATION_DEFINED
    596 #define _PASSWORD_NOTIFICATION_DEFINED
    597   typedef NTSTATUS (*PSAM_PASSWORD_NOTIFICATION_ROUTINE)(PUNICODE_STRING UserName,ULONG RelativeId,PUNICODE_STRING NewPassword);
    598 
    599 #define SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE "PasswordChangeNotify"
    600 
    601   typedef BOOLEAN (*PSAM_INIT_NOTIFICATION_ROUTINE)();
    602 
    603 #define SAM_INIT_NOTIFICATION_ROUTINE "InitializeChangeNotify"
    604 #define SAM_PASSWORD_FILTER_ROUTINE "PasswordFilter"
    605 
    606   typedef BOOLEAN (*PSAM_PASSWORD_FILTER_ROUTINE)(PUNICODE_STRING AccountName,PUNICODE_STRING FullName,PUNICODE_STRING Password,BOOLEAN SetOperation);
    607 #endif
    608 
    609 #define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
    610 #define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
    611 #define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR)
    612 
    613 #define MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0"
    614 #define MSV1_0_SUBAUTHENTICATION_VALUE "Auth"
    615 
    616   typedef enum _MSV1_0_LOGON_SUBMIT_TYPE {
    617     MsV1_0InteractiveLogon = 2,MsV1_0Lm20Logon,MsV1_0NetworkLogon,MsV1_0SubAuthLogon,MsV1_0WorkstationUnlockLogon = 7
    618   } MSV1_0_LOGON_SUBMIT_TYPE,*PMSV1_0_LOGON_SUBMIT_TYPE;
    619 
    620   typedef enum _MSV1_0_PROFILE_BUFFER_TYPE {
    621     MsV1_0InteractiveProfile = 2,MsV1_0Lm20LogonProfile,MsV1_0SmartCardProfile
    622   } MSV1_0_PROFILE_BUFFER_TYPE,*PMSV1_0_PROFILE_BUFFER_TYPE;
    623 
    624   typedef struct _MSV1_0_INTERACTIVE_LOGON {
    625     MSV1_0_LOGON_SUBMIT_TYPE MessageType;
    626     UNICODE_STRING LogonDomainName;
    627     UNICODE_STRING UserName;
    628     UNICODE_STRING Password;
    629   } MSV1_0_INTERACTIVE_LOGON,*PMSV1_0_INTERACTIVE_LOGON;
    630 
    631   typedef struct _MSV1_0_INTERACTIVE_PROFILE {
    632     MSV1_0_PROFILE_BUFFER_TYPE MessageType;
    633     USHORT LogonCount;
    634     USHORT BadPasswordCount;
    635     LARGE_INTEGER LogonTime;
    636     LARGE_INTEGER LogoffTime;
    637     LARGE_INTEGER KickOffTime;
    638     LARGE_INTEGER PasswordLastSet;
    639     LARGE_INTEGER PasswordCanChange;
    640     LARGE_INTEGER PasswordMustChange;
    641     UNICODE_STRING LogonScript;
    642     UNICODE_STRING HomeDirectory;
    643     UNICODE_STRING FullName;
    644     UNICODE_STRING ProfilePath;
    645     UNICODE_STRING HomeDirectoryDrive;
    646     UNICODE_STRING LogonServer;
    647     ULONG UserFlags;
    648   } MSV1_0_INTERACTIVE_PROFILE,*PMSV1_0_INTERACTIVE_PROFILE;
    649 
    650 #define MSV1_0_CHALLENGE_LENGTH 8
    651 #define MSV1_0_USER_SESSION_KEY_LENGTH 16
    652 #define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8
    653 
    654 #define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x02
    655 #define MSV1_0_UPDATE_LOGON_STATISTICS 0x04
    656 #define MSV1_0_RETURN_USER_PARAMETERS 0x08
    657 #define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10
    658 #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20
    659 #define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40
    660 
    661 #define MSV1_0_USE_CLIENT_CHALLENGE 0x80
    662 #define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100
    663 #define MSV1_0_RETURN_PROFILE_PATH 0x200
    664 #define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400
    665 #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800
    666 #define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000
    667 #define MSV1_0_ALLOW_FORCE_GUEST 0x00002000
    668 #define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0x00004000
    669 #define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000
    670 #define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000
    671 #define MSV1_0_ALLOW_MSVCHAPV2 0x00010000
    672 
    673 #define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000
    674 #define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24
    675 #define MSV1_0_MNS_LOGON 0x01000000
    676 
    677 #define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2
    678 #define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132
    679 
    680   typedef struct _MSV1_0_LM20_LOGON {
    681     MSV1_0_LOGON_SUBMIT_TYPE MessageType;
    682     UNICODE_STRING LogonDomainName;
    683     UNICODE_STRING UserName;
    684     UNICODE_STRING Workstation;
    685     UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
    686     STRING CaseSensitiveChallengeResponse;
    687     STRING CaseInsensitiveChallengeResponse;
    688     ULONG ParameterControl;
    689   } MSV1_0_LM20_LOGON,*PMSV1_0_LM20_LOGON;
    690 
    691   typedef struct _MSV1_0_SUBAUTH_LOGON{
    692     MSV1_0_LOGON_SUBMIT_TYPE MessageType;
    693     UNICODE_STRING LogonDomainName;
    694     UNICODE_STRING UserName;
    695     UNICODE_STRING Workstation;
    696     UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
    697     STRING AuthenticationInfo1;
    698     STRING AuthenticationInfo2;
    699     ULONG ParameterControl;
    700     ULONG SubAuthPackageId;
    701   } MSV1_0_SUBAUTH_LOGON,*PMSV1_0_SUBAUTH_LOGON;
    702 
    703 #define LOGON_GUEST 0x01
    704 #define LOGON_NOENCRYPTION 0x02
    705 #define LOGON_CACHED_ACCOUNT 0x04
    706 #define LOGON_USED_LM_PASSWORD 0x08
    707 #define LOGON_EXTRA_SIDS 0x20
    708 #define LOGON_SUBAUTH_SESSION_KEY 0x40
    709 #define LOGON_SERVER_TRUST_ACCOUNT 0x80
    710 #define LOGON_NTLMV2_ENABLED 0x100
    711 #define LOGON_RESOURCE_GROUPS 0x200
    712 #define LOGON_PROFILE_PATH_RETURNED 0x400
    713 
    714 #define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000
    715 
    716 #define LOGON_GRACE_LOGON 0x01000000
    717 
    718   typedef struct _MSV1_0_LM20_LOGON_PROFILE {
    719     MSV1_0_PROFILE_BUFFER_TYPE MessageType;
    720     LARGE_INTEGER KickOffTime;
    721     LARGE_INTEGER LogoffTime;
    722     ULONG UserFlags;
    723     UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
    724     UNICODE_STRING LogonDomainName;
    725     UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH];
    726     UNICODE_STRING LogonServer;
    727     UNICODE_STRING UserParameters;
    728   } MSV1_0_LM20_LOGON_PROFILE,*PMSV1_0_LM20_LOGON_PROFILE;
    729 
    730 #define MSV1_0_OWF_PASSWORD_LENGTH 16
    731 #define MSV1_0_CRED_LM_PRESENT 0x1
    732 #define MSV1_0_CRED_NT_PRESENT 0x2
    733 #define MSV1_0_CRED_VERSION 0
    734 
    735   typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL {
    736     ULONG Version;
    737     ULONG Flags;
    738     UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH];
    739     UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH];
    740   } MSV1_0_SUPPLEMENTAL_CREDENTIAL,*PMSV1_0_SUPPLEMENTAL_CREDENTIAL;
    741 
    742 #define MSV1_0_NTLM3_RESPONSE_LENGTH 16
    743 #define MSV1_0_NTLM3_OWF_LENGTH 16
    744 
    745 #define MSV1_0_MAX_NTLM3_LIFE 129600
    746 #define MSV1_0_MAX_AVL_SIZE 64000
    747 
    748 #define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001
    749 
    750   typedef struct _MSV1_0_NTLM3_RESPONSE {
    751     UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH];
    752     UCHAR RespType;
    753     UCHAR HiRespType;
    754     USHORT Flags;
    755     ULONG MsgWord;
    756     ULONGLONG TimeStamp;
    757     UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH];
    758     ULONG AvPairsOff;
    759     UCHAR Buffer[1];
    760   } MSV1_0_NTLM3_RESPONSE,*PMSV1_0_NTLM3_RESPONSE;
    761 
    762 #define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH)
    763 #define MSV1_0_NTLM3_MIN_NT_RESPONSE_LENGTH RTL_SIZEOF_THROUGH_FIELD(MSV1_0_NTLM3_RESPONSE,AvPairsOff)
    764 
    765   typedef enum {
    766     MsvAvEOL,MsvAvNbComputerName,MsvAvNbDomainName,MsvAvDnsComputerName,MsvAvDnsDomainName,MsvAvDnsTreeName,MsvAvFlags
    767   } MSV1_0_AVID;
    768 
    769   typedef struct _MSV1_0_AV_PAIR {
    770     USHORT AvId;
    771     USHORT AvLen;
    772 
    773   } MSV1_0_AV_PAIR,*PMSV1_0_AV_PAIR;
    774 
    775   typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE {
    776     MsV1_0Lm20ChallengeRequest = 0,MsV1_0Lm20GetChallengeResponse,MsV1_0EnumerateUsers,MsV1_0GetUserInfo,MsV1_0ReLogonUsers,MsV1_0ChangePassword,
    777     MsV1_0ChangeCachedPassword,MsV1_0GenericPassthrough,MsV1_0CacheLogon,MsV1_0SubAuth,MsV1_0DeriveCredential,MsV1_0CacheLookup,
    778     MsV1_0SetProcessOption
    779   } MSV1_0_PROTOCOL_MESSAGE_TYPE,*PMSV1_0_PROTOCOL_MESSAGE_TYPE;
    780 
    781   typedef struct _MSV1_0_CHANGEPASSWORD_REQUEST {
    782     MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
    783     UNICODE_STRING DomainName;
    784     UNICODE_STRING AccountName;
    785     UNICODE_STRING OldPassword;
    786     UNICODE_STRING NewPassword;
    787     BOOLEAN Impersonating;
    788   } MSV1_0_CHANGEPASSWORD_REQUEST,*PMSV1_0_CHANGEPASSWORD_REQUEST;
    789 
    790   typedef struct _MSV1_0_CHANGEPASSWORD_RESPONSE {
    791     MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
    792     BOOLEAN PasswordInfoValid;
    793     DOMAIN_PASSWORD_INFORMATION DomainPasswordInfo;
    794   } MSV1_0_CHANGEPASSWORD_RESPONSE,*PMSV1_0_CHANGEPASSWORD_RESPONSE;
    795 
    796   typedef struct _MSV1_0_PASSTHROUGH_REQUEST {
    797     MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
    798     UNICODE_STRING DomainName;
    799     UNICODE_STRING PackageName;
    800     ULONG DataLength;
    801     PUCHAR LogonData;
    802     ULONG Pad;
    803   } MSV1_0_PASSTHROUGH_REQUEST,*PMSV1_0_PASSTHROUGH_REQUEST;
    804 
    805   typedef struct _MSV1_0_PASSTHROUGH_RESPONSE {
    806     MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
    807     ULONG Pad;
    808     ULONG DataLength;
    809     PUCHAR ValidationData;
    810   } MSV1_0_PASSTHROUGH_RESPONSE,*PMSV1_0_PASSTHROUGH_RESPONSE;
    811 
    812   typedef struct _MSV1_0_SUBAUTH_REQUEST{
    813     MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
    814     ULONG SubAuthPackageId;
    815     ULONG SubAuthInfoLength;
    816     PUCHAR SubAuthSubmitBuffer;
    817   } MSV1_0_SUBAUTH_REQUEST,*PMSV1_0_SUBAUTH_REQUEST;
    818 
    819   typedef struct _MSV1_0_SUBAUTH_RESPONSE{
    820     MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
    821     ULONG SubAuthInfoLength;
    822     PUCHAR SubAuthReturnBuffer;
    823   } MSV1_0_SUBAUTH_RESPONSE,*PMSV1_0_SUBAUTH_RESPONSE;
    824 
    825 #define RtlGenRandom SystemFunction036
    826 #define RtlEncryptMemory SystemFunction040
    827 #define RtlDecryptMemory SystemFunction041
    828 
    829   BOOLEAN RtlGenRandom(PVOID RandomBuffer,ULONG RandomBufferLength);
    830 
    831 #define RTL_ENCRYPT_MEMORY_SIZE 8
    832 #define RTL_ENCRYPT_OPTION_CROSS_PROCESS 0x01
    833 #define RTL_ENCRYPT_OPTION_SAME_LOGON 0x02
    834 
    835   NTSTATUS RtlEncryptMemory(PVOID Memory,ULONG MemorySize,ULONG OptionFlags);
    836   NTSTATUS RtlDecryptMemory(PVOID Memory,ULONG MemorySize,ULONG OptionFlags);
    837 
    838 #define KERBEROS_VERSION 5
    839 #define KERBEROS_REVISION 6
    840 
    841 #define KERB_ETYPE_NULL 0
    842 #define KERB_ETYPE_DES_CBC_CRC 1
    843 #define KERB_ETYPE_DES_CBC_MD4 2
    844 #define KERB_ETYPE_DES_CBC_MD5 3
    845 
    846 #define KERB_ETYPE_RC4_MD4 -128
    847 #define KERB_ETYPE_RC4_PLAIN2 -129
    848 #define KERB_ETYPE_RC4_LM -130
    849 #define KERB_ETYPE_RC4_SHA -131
    850 #define KERB_ETYPE_DES_PLAIN -132
    851 #define KERB_ETYPE_RC4_HMAC_OLD -133
    852 #define KERB_ETYPE_RC4_PLAIN_OLD -134
    853 #define KERB_ETYPE_RC4_HMAC_OLD_EXP -135
    854 #define KERB_ETYPE_RC4_PLAIN_OLD_EXP -136
    855 #define KERB_ETYPE_RC4_PLAIN -140
    856 #define KERB_ETYPE_RC4_PLAIN_EXP -141
    857 
    858 #define KERB_ETYPE_DSA_SHA1_CMS 9
    859 #define KERB_ETYPE_RSA_MD5_CMS 10
    860 #define KERB_ETYPE_RSA_SHA1_CMS 11
    861 #define KERB_ETYPE_RC2_CBC_ENV 12
    862 #define KERB_ETYPE_RSA_ENV 13
    863 #define KERB_ETYPE_RSA_ES_OEAP_ENV 14
    864 #define KERB_ETYPE_DES_EDE3_CBC_ENV 15
    865 
    866 #define KERB_ETYPE_DSA_SIGN 8
    867 #define KERB_ETYPE_RSA_PRIV 9
    868 #define KERB_ETYPE_RSA_PUB 10
    869 #define KERB_ETYPE_RSA_PUB_MD5 11
    870 #define KERB_ETYPE_RSA_PUB_SHA1 12
    871 #define KERB_ETYPE_PKCS7_PUB 13
    872 
    873 #define KERB_ETYPE_DES3_CBC_MD5 5
    874 #define KERB_ETYPE_DES3_CBC_SHA1 7
    875 #define KERB_ETYPE_DES3_CBC_SHA1_KD 16
    876 
    877 #define KERB_ETYPE_DES_CBC_MD5_NT 20
    878 #define KERB_ETYPE_RC4_HMAC_NT 23
    879 #define KERB_ETYPE_RC4_HMAC_NT_EXP 24
    880 
    881 #define KERB_CHECKSUM_NONE 0
    882 #define KERB_CHECKSUM_CRC32 1
    883 #define KERB_CHECKSUM_MD4 2
    884 #define KERB_CHECKSUM_KRB_DES_MAC 4
    885 #define KERB_CHECKSUM_KRB_DES_MAC_K 5
    886 #define KERB_CHECKSUM_MD5 7
    887 #define KERB_CHECKSUM_MD5_DES 8
    888 
    889 #define KERB_CHECKSUM_LM -130
    890 #define KERB_CHECKSUM_SHA1 -131
    891 #define KERB_CHECKSUM_REAL_CRC32 -132
    892 #define KERB_CHECKSUM_DES_MAC -133
    893 #define KERB_CHECKSUM_DES_MAC_MD5 -134
    894 #define KERB_CHECKSUM_MD25 -135
    895 #define KERB_CHECKSUM_RC4_MD5 -136
    896 #define KERB_CHECKSUM_MD5_HMAC -137
    897 #define KERB_CHECKSUM_HMAC_MD5 -138
    898 
    899 #define AUTH_REQ_ALLOW_FORWARDABLE 0x00000001
    900 #define AUTH_REQ_ALLOW_PROXIABLE 0x00000002
    901 #define AUTH_REQ_ALLOW_POSTDATE 0x00000004
    902 #define AUTH_REQ_ALLOW_RENEWABLE 0x00000008
    903 #define AUTH_REQ_ALLOW_NOADDRESS 0x00000010
    904 #define AUTH_REQ_ALLOW_ENC_TKT_IN_SKEY 0x00000020
    905 #define AUTH_REQ_ALLOW_VALIDATE 0x00000040
    906 #define AUTH_REQ_VALIDATE_CLIENT 0x00000080
    907 #define AUTH_REQ_OK_AS_DELEGATE 0x00000100
    908 #define AUTH_REQ_PREAUTH_REQUIRED 0x00000200
    909 #define AUTH_REQ_TRANSITIVE_TRUST 0x00000400
    910 #define AUTH_REQ_ALLOW_S4U_DELEGATE 0x00000800
    911 
    912 #define AUTH_REQ_PER_USER_FLAGS (AUTH_REQ_ALLOW_FORWARDABLE | AUTH_REQ_ALLOW_PROXIABLE | AUTH_REQ_ALLOW_POSTDATE | AUTH_REQ_ALLOW_RENEWABLE | AUTH_REQ_ALLOW_VALIDATE)
    913 
    914 #define KERB_TICKET_FLAGS_reserved 0x80000000
    915 #define KERB_TICKET_FLAGS_forwardable 0x40000000
    916 #define KERB_TICKET_FLAGS_forwarded 0x20000000
    917 #define KERB_TICKET_FLAGS_proxiable 0x10000000
    918 #define KERB_TICKET_FLAGS_proxy 0x08000000
    919 #define KERB_TICKET_FLAGS_may_postdate 0x04000000
    920 #define KERB_TICKET_FLAGS_postdated 0x02000000
    921 #define KERB_TICKET_FLAGS_invalid 0x01000000
    922 #define KERB_TICKET_FLAGS_renewable 0x00800000
    923 #define KERB_TICKET_FLAGS_initial 0x00400000
    924 #define KERB_TICKET_FLAGS_pre_authent 0x00200000
    925 #define KERB_TICKET_FLAGS_hw_authent 0x00100000
    926 #define KERB_TICKET_FLAGS_ok_as_delegate 0x00040000
    927 #define KERB_TICKET_FLAGS_name_canonicalize 0x00010000
    928 #define KERB_TICKET_FLAGS_reserved1 0x00000001
    929 
    930 #define KRB_NT_UNKNOWN 0
    931 #define KRB_NT_PRINCIPAL 1
    932 #define KRB_NT_PRINCIPAL_AND_ID -131
    933 #define KRB_NT_SRV_INST 2
    934 #define KRB_NT_SRV_INST_AND_ID -132
    935 #define KRB_NT_SRV_HST 3
    936 #define KRB_NT_SRV_XHST 4
    937 #define KRB_NT_UID 5
    938 #define KRB_NT_ENTERPRISE_PRINCIPAL 10
    939 #define KRB_NT_ENT_PRINCIPAL_AND_ID -130
    940 #define KRB_NT_MS_PRINCIPAL -128
    941 #define KRB_NT_MS_PRINCIPAL_AND_ID -129
    942 
    943 #define KERB_IS_MS_PRINCIPAL(_x_) (((_x_) <= KRB_NT_MS_PRINCIPAL) || ((_x_) >= KRB_NT_ENTERPRISE_PRINCIPAL))
    944 
    945 #ifndef MICROSOFT_KERBEROS_NAME_A
    946 
    947 #define MICROSOFT_KERBEROS_NAME_A "Kerberos"
    948 #define MICROSOFT_KERBEROS_NAME_W L"Kerberos"
    949 #ifdef WIN32_CHICAGO
    950 #define MICROSOFT_KERBEROS_NAME MICROSOFT_KERBEROS_NAME_A
    951 #else
    952 #define MICROSOFT_KERBEROS_NAME MICROSOFT_KERBEROS_NAME_W
    953 #endif
    954 #endif
    955 
    956 #define KERB_WRAP_NO_ENCRYPT 0x80000001
    957 
    958   typedef enum _KERB_LOGON_SUBMIT_TYPE {
    959     KerbInteractiveLogon = 2,KerbSmartCardLogon = 6,KerbWorkstationUnlockLogon = 7,KerbSmartCardUnlockLogon = 8,KerbProxyLogon = 9,
    960     KerbTicketLogon = 10,KerbTicketUnlockLogon = 11,KerbS4ULogon = 12
    961 #if (_WIN32_WINNT >= 0x0600)
    962    ,KerbCertificateLogon         = 13,
    963     KerbCertificateS4ULogon      = 14,
    964     KerbCertificateUnlockLogon   = 15
    965 #endif
    966   } KERB_LOGON_SUBMIT_TYPE,*PKERB_LOGON_SUBMIT_TYPE;
    967 
    968   typedef struct _KERB_INTERACTIVE_LOGON {
    969     KERB_LOGON_SUBMIT_TYPE MessageType;
    970     UNICODE_STRING LogonDomainName;
    971     UNICODE_STRING UserName;
    972     UNICODE_STRING Password;
    973   } KERB_INTERACTIVE_LOGON,*PKERB_INTERACTIVE_LOGON;
    974 
    975   typedef struct _KERB_INTERACTIVE_UNLOCK_LOGON {
    976     KERB_INTERACTIVE_LOGON Logon;
    977     LUID LogonId;
    978   } KERB_INTERACTIVE_UNLOCK_LOGON,*PKERB_INTERACTIVE_UNLOCK_LOGON;
    979 
    980   typedef struct _KERB_SMART_CARD_LOGON {
    981     KERB_LOGON_SUBMIT_TYPE MessageType;
    982     UNICODE_STRING Pin;
    983     ULONG CspDataLength;
    984     PUCHAR CspData;
    985   } KERB_SMART_CARD_LOGON,*PKERB_SMART_CARD_LOGON;
    986 
    987   typedef struct _KERB_SMART_CARD_UNLOCK_LOGON {
    988     KERB_SMART_CARD_LOGON Logon;
    989     LUID LogonId;
    990   } KERB_SMART_CARD_UNLOCK_LOGON,*PKERB_SMART_CARD_UNLOCK_LOGON;
    991 
    992   typedef struct _KERB_TICKET_LOGON {
    993     KERB_LOGON_SUBMIT_TYPE MessageType;
    994     ULONG Flags;
    995     ULONG ServiceTicketLength;
    996     ULONG TicketGrantingTicketLength;
    997     PUCHAR ServiceTicket;
    998     PUCHAR TicketGrantingTicket;
    999   } KERB_TICKET_LOGON,*PKERB_TICKET_LOGON;
   1000 
   1001 #define KERB_LOGON_FLAG_ALLOW_EXPIRED_TICKET 0x1
   1002 
   1003   typedef struct _KERB_TICKET_UNLOCK_LOGON {
   1004     KERB_TICKET_LOGON Logon;
   1005     LUID LogonId;
   1006   } KERB_TICKET_UNLOCK_LOGON,*PKERB_TICKET_UNLOCK_LOGON;
   1007 
   1008   typedef struct _KERB_S4U_LOGON {
   1009     KERB_LOGON_SUBMIT_TYPE MessageType;
   1010     ULONG Flags;
   1011     UNICODE_STRING ClientUpn;
   1012     UNICODE_STRING ClientRealm;
   1013   } KERB_S4U_LOGON,*PKERB_S4U_LOGON;
   1014 
   1015   typedef enum _KERB_PROFILE_BUFFER_TYPE {
   1016     KerbInteractiveProfile = 2,KerbSmartCardProfile = 4,KerbTicketProfile = 6
   1017   } KERB_PROFILE_BUFFER_TYPE,*PKERB_PROFILE_BUFFER_TYPE;
   1018 
   1019   typedef struct _KERB_INTERACTIVE_PROFILE {
   1020     KERB_PROFILE_BUFFER_TYPE MessageType;
   1021     USHORT LogonCount;
   1022     USHORT BadPasswordCount;
   1023     LARGE_INTEGER LogonTime;
   1024     LARGE_INTEGER LogoffTime;
   1025     LARGE_INTEGER KickOffTime;
   1026     LARGE_INTEGER PasswordLastSet;
   1027     LARGE_INTEGER PasswordCanChange;
   1028     LARGE_INTEGER PasswordMustChange;
   1029     UNICODE_STRING LogonScript;
   1030     UNICODE_STRING HomeDirectory;
   1031     UNICODE_STRING FullName;
   1032     UNICODE_STRING ProfilePath;
   1033     UNICODE_STRING HomeDirectoryDrive;
   1034     UNICODE_STRING LogonServer;
   1035     ULONG UserFlags;
   1036   } KERB_INTERACTIVE_PROFILE,*PKERB_INTERACTIVE_PROFILE;
   1037 
   1038   typedef struct _KERB_SMART_CARD_PROFILE {
   1039     KERB_INTERACTIVE_PROFILE Profile;
   1040     ULONG CertificateSize;
   1041     PUCHAR CertificateData;
   1042   } KERB_SMART_CARD_PROFILE,*PKERB_SMART_CARD_PROFILE;
   1043 
   1044   typedef struct KERB_CRYPTO_KEY {
   1045     LONG KeyType;
   1046     ULONG Length;
   1047     PUCHAR Value;
   1048   } KERB_CRYPTO_KEY,*PKERB_CRYPTO_KEY;
   1049 
   1050   typedef struct _KERB_TICKET_PROFILE {
   1051     KERB_INTERACTIVE_PROFILE Profile;
   1052     KERB_CRYPTO_KEY SessionKey;
   1053   } KERB_TICKET_PROFILE,*PKERB_TICKET_PROFILE;
   1054 
   1055   typedef enum _KERB_PROTOCOL_MESSAGE_TYPE {
   1056     KerbDebugRequestMessage = 0,KerbQueryTicketCacheMessage,KerbChangeMachinePasswordMessage,KerbVerifyPacMessage,KerbRetrieveTicketMessage,
   1057     KerbUpdateAddressesMessage,KerbPurgeTicketCacheMessage,KerbChangePasswordMessage,KerbRetrieveEncodedTicketMessage,KerbDecryptDataMessage,
   1058     KerbAddBindingCacheEntryMessage,KerbSetPasswordMessage,KerbSetPasswordExMessage,KerbVerifyCredentialsMessage,KerbQueryTicketCacheExMessage,
   1059     KerbPurgeTicketCacheExMessage,KerbRefreshSmartcardCredentialsMessage,KerbAddExtraCredentialsMessage,KerbQuerySupplementalCredentialsMessage,
   1060     KerbTransferCredentialsMessage,KerbQueryTicketCacheEx2Message
   1061   } KERB_PROTOCOL_MESSAGE_TYPE,*PKERB_PROTOCOL_MESSAGE_TYPE;
   1062 
   1063   typedef struct _KERB_QUERY_TKT_CACHE_REQUEST {
   1064     KERB_PROTOCOL_MESSAGE_TYPE MessageType;
   1065     LUID LogonId;
   1066   } KERB_QUERY_TKT_CACHE_REQUEST,*PKERB_QUERY_TKT_CACHE_REQUEST;
   1067 
   1068   typedef struct _KERB_TICKET_CACHE_INFO {
   1069     UNICODE_STRING ServerName;
   1070     UNICODE_STRING RealmName;
   1071     LARGE_INTEGER StartTime;
   1072     LARGE_INTEGER EndTime;
   1073     LARGE_INTEGER RenewTime;
   1074     LONG EncryptionType;
   1075     ULONG TicketFlags;
   1076   } KERB_TICKET_CACHE_INFO,*PKERB_TICKET_CACHE_INFO;
   1077 
   1078   typedef struct _KERB_TICKET_CACHE_INFO_EX {
   1079     UNICODE_STRING ClientName;
   1080     UNICODE_STRING ClientRealm;
   1081     UNICODE_STRING ServerName;
   1082     UNICODE_STRING ServerRealm;
   1083     LARGE_INTEGER StartTime;
   1084     LARGE_INTEGER EndTime;
   1085     LARGE_INTEGER RenewTime;
   1086     LONG EncryptionType;
   1087     ULONG TicketFlags;
   1088   } KERB_TICKET_CACHE_INFO_EX,*PKERB_TICKET_CACHE_INFO_EX;
   1089 
   1090   typedef struct _KERB_TICKET_CACHE_INFO_EX2 {
   1091     UNICODE_STRING ClientName;
   1092     UNICODE_STRING ClientRealm;
   1093     UNICODE_STRING ServerName;
   1094     UNICODE_STRING ServerRealm;
   1095     LARGE_INTEGER StartTime;
   1096     LARGE_INTEGER EndTime;
   1097     LARGE_INTEGER RenewTime;
   1098     LONG EncryptionType;
   1099     ULONG TicketFlags;
   1100     ULONG SessionKeyType;
   1101   } KERB_TICKET_CACHE_INFO_EX2,*PKERB_TICKET_CACHE_INFO_EX2;
   1102 
   1103   typedef struct _KERB_QUERY_TKT_CACHE_RESPONSE {
   1104     KERB_PROTOCOL_MESSAGE_TYPE MessageType;
   1105     ULONG CountOfTickets;
   1106     KERB_TICKET_CACHE_INFO Tickets[ANYSIZE_ARRAY];
   1107   } KERB_QUERY_TKT_CACHE_RESPONSE,*PKERB_QUERY_TKT_CACHE_RESPONSE;
   1108 
   1109   typedef struct _KERB_QUERY_TKT_CACHE_EX_RESPONSE {
   1110     KERB_PROTOCOL_MESSAGE_TYPE MessageType;
   1111     ULONG CountOfTickets;
   1112     KERB_TICKET_CACHE_INFO_EX Tickets[ANYSIZE_ARRAY];
   1113   } KERB_QUERY_TKT_CACHE_EX_RESPONSE,*PKERB_QUERY_TKT_CACHE_EX_RESPONSE;
   1114 
   1115   typedef struct _KERB_QUERY_TKT_CACHE_EX2_RESPONSE {
   1116     KERB_PROTOCOL_MESSAGE_TYPE MessageType;
   1117     ULONG CountOfTickets;
   1118     KERB_TICKET_CACHE_INFO_EX2 Tickets[ANYSIZE_ARRAY];
   1119   } KERB_QUERY_TKT_CACHE_EX2_RESPONSE,*PKERB_QUERY_TKT_CACHE_EX2_RESPONSE;
   1120 
   1121 #ifndef __SECHANDLE_DEFINED__
   1122   typedef struct _SecHandle {
   1123     ULONG_PTR dwLower;
   1124     ULONG_PTR dwUpper;
   1125   } SecHandle,*PSecHandle;
   1126 
   1127 #define __SECHANDLE_DEFINED__
   1128 #endif
   1129 
   1130 #define KERB_USE_DEFAULT_TICKET_FLAGS 0x0
   1131 
   1132 #define KERB_RETRIEVE_TICKET_DEFAULT 0x0
   1133 #define KERB_RETRIEVE_TICKET_DONT_USE_CACHE 0x1
   1134 #define KERB_RETRIEVE_TICKET_USE_CACHE_ONLY 0x2
   1135 #define KERB_RETRIEVE_TICKET_USE_CREDHANDLE 0x4
   1136 #define KERB_RETRIEVE_TICKET_AS_KERB_CRED 0x8
   1137 #define KERB_RETRIEVE_TICKET_WITH_SEC_CRED 0x10
   1138 #define KERB_RETRIEVE_TICKET_CACHE_TICKET 0x20
   1139 
   1140 #define KERB_ETYPE_DEFAULT 0x0
   1141 
   1142   typedef struct _KERB_AUTH_DATA {
   1143     ULONG Type;
   1144     ULONG Length;
   1145     PUCHAR Data;
   1146   } KERB_AUTH_DATA,*PKERB_AUTH_DATA;
   1147 
   1148   typedef struct _KERB_NET_ADDRESS {
   1149     ULONG Family;
   1150     ULONG Length;
   1151     PCHAR Address;
   1152   } KERB_NET_ADDRESS,*PKERB_NET_ADDRESS;
   1153 
   1154   typedef struct _KERB_NET_ADDRESSES {
   1155     ULONG Number;
   1156     KERB_NET_ADDRESS Addresses[ANYSIZE_ARRAY];
   1157   } KERB_NET_ADDRESSES,*PKERB_NET_ADDRESSES;
   1158 
   1159   typedef struct _KERB_EXTERNAL_NAME {
   1160     SHORT NameType;
   1161     USHORT NameCount;
   1162     UNICODE_STRING Names[ANYSIZE_ARRAY];
   1163   } KERB_EXTERNAL_NAME,*PKERB_EXTERNAL_NAME;
   1164 
   1165   typedef struct _KERB_EXTERNAL_TICKET {
   1166     PKERB_EXTERNAL_NAME ServiceName;
   1167     PKERB_EXTERNAL_NAME TargetName;
   1168     PKERB_EXTERNAL_NAME ClientName;
   1169     UNICODE_STRING DomainName;
   1170     UNICODE_STRING TargetDomainName;
   1171     UNICODE_STRING AltTargetDomainName;
   1172     KERB_CRYPTO_KEY SessionKey;
   1173     ULONG TicketFlags;
   1174     ULONG Flags;
   1175     LARGE_INTEGER KeyExpirationTime;
   1176     LARGE_INTEGER StartTime;
   1177     LARGE_INTEGER EndTime;
   1178     LARGE_INTEGER RenewUntil;
   1179     LARGE_INTEGER TimeSkew;
   1180     ULONG EncodedTicketSize;
   1181     PUCHAR EncodedTicket;
   1182   } KERB_EXTERNAL_TICKET,*PKERB_EXTERNAL_TICKET;
   1183 
   1184   typedef struct _KERB_RETRIEVE_TKT_REQUEST {
   1185     KERB_PROTOCOL_MESSAGE_TYPE MessageType;
   1186     LUID LogonId;
   1187     UNICODE_STRING TargetName;
   1188     ULONG TicketFlags;
   1189     ULONG CacheOptions;
   1190     LONG EncryptionType;
   1191     SecHandle CredentialsHandle;
   1192   } KERB_RETRIEVE_TKT_REQUEST,*PKERB_RETRIEVE_TKT_REQUEST;
   1193 
   1194   typedef struct _KERB_RETRIEVE_TKT_RESPONSE {
   1195     KERB_EXTERNAL_TICKET Ticket;
   1196   } KERB_RETRIEVE_TKT_RESPONSE,*PKERB_RETRIEVE_TKT_RESPONSE;
   1197 
   1198   typedef struct _KERB_PURGE_TKT_CACHE_REQUEST {
   1199     KERB_PROTOCOL_MESSAGE_TYPE MessageType;
   1200     LUID LogonId;
   1201     UNICODE_STRING ServerName;
   1202     UNICODE_STRING RealmName;
   1203   } KERB_PURGE_TKT_CACHE_REQUEST,*PKERB_PURGE_TKT_CACHE_REQUEST;
   1204 
   1205 #define KERB_PURGE_ALL_TICKETS 1
   1206 
   1207   typedef struct _KERB_PURGE_TKT_CACHE_EX_REQUEST {
   1208     KERB_PROTOCOL_MESSAGE_TYPE MessageType;
   1209     LUID LogonId;
   1210     ULONG Flags;
   1211     KERB_TICKET_CACHE_INFO_EX TicketTemplate;
   1212   } KERB_PURGE_TKT_CACHE_EX_REQUEST,*PKERB_PURGE_TKT_CACHE_EX_REQUEST;
   1213 
   1214   typedef struct _KERB_CHANGEPASSWORD_REQUEST {
   1215     KERB_PROTOCOL_MESSAGE_TYPE MessageType;
   1216     UNICODE_STRING DomainName;
   1217     UNICODE_STRING AccountName;
   1218     UNICODE_STRING OldPassword;
   1219     UNICODE_STRING NewPassword;
   1220     BOOLEAN Impersonating;
   1221   } KERB_CHANGEPASSWORD_REQUEST,*PKERB_CHANGEPASSWORD_REQUEST;
   1222 
   1223   typedef struct _KERB_SETPASSWORD_REQUEST {
   1224     KERB_PROTOCOL_MESSAGE_TYPE MessageType;
   1225     LUID LogonId;
   1226     SecHandle CredentialsHandle;
   1227     ULONG Flags;
   1228     UNICODE_STRING DomainName;
   1229     UNICODE_STRING AccountName;
   1230     UNICODE_STRING Password;
   1231   } KERB_SETPASSWORD_REQUEST,*PKERB_SETPASSWORD_REQUEST;
   1232 
   1233   typedef struct _KERB_SETPASSWORD_EX_REQUEST {
   1234     KERB_PROTOCOL_MESSAGE_TYPE MessageType;
   1235     LUID LogonId;
   1236     SecHandle CredentialsHandle;
   1237     ULONG Flags;
   1238     UNICODE_STRING AccountRealm;
   1239     UNICODE_STRING AccountName;
   1240     UNICODE_STRING Password;
   1241     UNICODE_STRING ClientRealm;
   1242     UNICODE_STRING ClientName;
   1243     BOOLEAN Impersonating;
   1244     UNICODE_STRING KdcAddress;
   1245     ULONG KdcAddressType;
   1246   } KERB_SETPASSWORD_EX_REQUEST,*PKERB_SETPASSWORD_EX_REQUEST;
   1247 
   1248 #define DS_UNKNOWN_ADDRESS_TYPE 0
   1249 #define KERB_SETPASS_USE_LOGONID 1
   1250 #define KERB_SETPASS_USE_CREDHANDLE 2
   1251 
   1252   typedef struct _KERB_DECRYPT_REQUEST {
   1253     KERB_PROTOCOL_MESSAGE_TYPE MessageType;
   1254     LUID LogonId;
   1255     ULONG Flags;
   1256     LONG CryptoType;
   1257     LONG KeyUsage;
   1258     KERB_CRYPTO_KEY Key;
   1259     ULONG EncryptedDataSize;
   1260     ULONG InitialVectorSize;
   1261     PUCHAR InitialVector;
   1262     PUCHAR EncryptedData;
   1263   } KERB_DECRYPT_REQUEST,*PKERB_DECRYPT_REQUEST;
   1264 
   1265 #define KERB_DECRYPT_FLAG_DEFAULT_KEY 0x00000001
   1266 
   1267   typedef struct _KERB_DECRYPT_RESPONSE {
   1268     UCHAR DecryptedData[ANYSIZE_ARRAY];
   1269   } KERB_DECRYPT_RESPONSE,*PKERB_DECRYPT_RESPONSE;
   1270 
   1271   typedef struct _KERB_ADD_BINDING_CACHE_ENTRY_REQUEST {
   1272     KERB_PROTOCOL_MESSAGE_TYPE MessageType;
   1273     UNICODE_STRING RealmName;
   1274     UNICODE_STRING KdcAddress;
   1275     ULONG AddressType;
   1276   } KERB_ADD_BINDING_CACHE_ENTRY_REQUEST,*PKERB_ADD_BINDING_CACHE_ENTRY_REQUEST;
   1277 
   1278   typedef struct _KERB_REFRESH_SCCRED_REQUEST {
   1279     KERB_PROTOCOL_MESSAGE_TYPE MessageType;
   1280     UNICODE_STRING CredentialBlob;
   1281     LUID LogonId;
   1282     ULONG Flags;
   1283   } KERB_REFRESH_SCCRED_REQUEST,*PKERB_REFRESH_SCCRED_REQUEST;
   1284 
   1285 #define KERB_REFRESH_SCCRED_RELEASE 0x0
   1286 #define KERB_REFRESH_SCCRED_GETTGT 0x1
   1287 
   1288   typedef struct _KERB_ADD_CREDENTIALS_REQUEST {
   1289     KERB_PROTOCOL_MESSAGE_TYPE MessageType;
   1290     UNICODE_STRING UserName;
   1291     UNICODE_STRING DomainName;
   1292     UNICODE_STRING Password;
   1293     LUID LogonId;
   1294     ULONG Flags;
   1295   } KERB_ADD_CREDENTIALS_REQUEST,*PKERB_ADD_CREDENTIALS_REQUEST;
   1296 
   1297 #define KERB_REQUEST_ADD_CREDENTIAL 1
   1298 #define KERB_REQUEST_REPLACE_CREDENTIAL 2
   1299 #define KERB_REQUEST_REMOVE_CREDENTIAL 4
   1300 
   1301   typedef struct _KERB_TRANSFER_CRED_REQUEST {
   1302     KERB_PROTOCOL_MESSAGE_TYPE MessageType;
   1303     LUID OriginLogonId;
   1304     LUID DestinationLogonId;
   1305     ULONG Flags;
   1306   } KERB_TRANSFER_CRED_REQUEST,*PKERB_TRANSFER_CRED_REQUEST;
   1307 
   1308 #if (_WIN32_WINNT >= 0x0600)
   1309 
   1310 #define POLICY_AUDIT_EVENT_UNCHANGED 0x00000000
   1311 #define POLICY_AUDIT_EVENT_SUCCESS 0x00000001
   1312 #define POLICY_AUDIT_EVENT_FAILURE 0x00000002
   1313 #define POLICY_AUDIT_EVENT_NONE 0x00000004
   1314 #define PER_USER_POLICY_UNCHANGED 0x00
   1315 #define PER_USER_AUDIT_SUCCESS_INCLUDE 0x01
   1316 #define PER_USER_AUDIT_SUCCESS_EXCLUDE 0x02
   1317 #define PER_USER_AUDIT_FAILURE_INCLUDE 0x04
   1318 #define PER_USER_AUDIT_FAILURE_EXCLUDE 0x08
   1319 #define PER_USER_AUDIT_NONE 0x10
   1320 
   1321   typedef struct _AUDIT_POLICY_INFORMATION {
   1322     GUID  AuditSubCategoryGuid;
   1323     ULONG AuditingInformation;
   1324     GUID  AuditCategoryGuid;
   1325   } AUDIT_POLICY_INFORMATION, *PAUDIT_POLICY_INFORMATION, *PCAUDIT_POLICY_INFORMATION;
   1326 
   1327   typedef struct _POLICY_AUDIT_SID_ARRAY {
   1328     ULONG UsersCount;
   1329     PSID  *UserSidArray;
   1330   } POLICY_AUDIT_SID_ARRAY, *PPOLICY_AUDIT_SID_ARRAY;
   1331 
   1332   typedef struct _KERB_CERTIFICATE_LOGON {
   1333     KERB_LOGON_SUBMIT_TYPE MessageType;
   1334     UNICODE_STRING         DomainName;
   1335     UNICODE_STRING         UserName;
   1336     UNICODE_STRING         Pin;
   1337     ULONG                  Flags;
   1338     ULONG                  CspDataLength;
   1339     PUCHAR                 CspData;
   1340   } KERB_CERTIFICATE_LOGON, *PKERB_CERTIFICATE_LOGON;
   1341 
   1342   typedef struct _KERB_CERTIFICATE_UNLOCK_LOGON {
   1343     KERB_CERTIFICATE_LOGON Logon;
   1344     LUID                   LogonId;
   1345   } KERB_CERTIFICATE_UNLOCK_LOGON, *PKERB_CERTIFICATE_UNLOCK_LOGON;
   1346 
   1347   typedef struct _KERB_SMARTCARD_CSP_INFO {
   1348     DWORD dwCspInfoLen;
   1349     DWORD MessageType;
   1350     __C89_NAMELESS union {
   1351       PVOID   ContextInformation;
   1352       ULONG64 SpaceHolderForWow64;
   1353     };
   1354     DWORD flags;
   1355     DWORD KeySpec;
   1356     ULONG nCardNameOffset;
   1357     ULONG nReaderNameOffset;
   1358     ULONG nContainerNameOffset;
   1359     ULONG nCSPNameOffset;
   1360     TCHAR bBuffer;
   1361   } KERB_SMARTCARD_CSP_INFO, *PKERB_SMARTCARD_CSP_INFO;
   1362 
   1363   BOOLEAN WINAPI AuditComputeEffectivePolicyBySid(
   1364     const PSID pSid,
   1365     const GUID *pSubCategoryGuids,
   1366     ULONG PolicyCount,
   1367     PAUDIT_POLICY_INFORMATION *ppAuditPolicy
   1368   );
   1369 
   1370   VOID WINAPI AuditFree(
   1371     PVOID Buffer
   1372   );
   1373 
   1374   BOOLEAN WINAPI AuditSetSystemPolicy(
   1375     PCAUDIT_POLICY_INFORMATION pAuditPolicy,
   1376     ULONG PolicyCount
   1377   );
   1378 
   1379   BOOLEAN WINAPI AuditQuerySystemPolicy(
   1380     const GUID *pSubCategoryGuids,
   1381     ULONG PolicyCount,
   1382     PAUDIT_POLICY_INFORMATION *ppAuditPolicy
   1383   );
   1384 
   1385   BOOLEAN WINAPI AuditSetPerUserPolicy(
   1386     const PSID pSid,
   1387     PCAUDIT_POLICY_INFORMATION pAuditPolicy,
   1388     ULONG PolicyCount
   1389   );
   1390 
   1391   BOOLEAN WINAPI AuditQueryPerUserPolicy(
   1392     const PSID pSid,
   1393     const GUID *pSubCategoryGuids,
   1394     ULONG PolicyCount,
   1395     PAUDIT_POLICY_INFORMATION *ppAuditPolicy
   1396   );
   1397 
   1398   BOOLEAN WINAPI AuditComputeEffectivePolicyByToken(
   1399     HANDLE hTokenHandle,
   1400     const GUID *pSubCategoryGuids,
   1401     ULONG PolicyCount,
   1402     PAUDIT_POLICY_INFORMATION *ppAuditPolicy
   1403   );
   1404 
   1405   BOOLEAN WINAPI AuditEnumerateCategories(
   1406     GUID **ppAuditCategoriesArray,
   1407     PULONG pCountReturned
   1408   );
   1409 
   1410   BOOLEAN WINAPI AuditEnumeratePerUserPolicy(
   1411     PPOLICY_AUDIT_SID_ARRAY *ppAuditSidArray
   1412   );
   1413 
   1414   BOOLEAN WINAPI AuditEnumerateSubCategories(
   1415     const GUID *pAuditCategoryGuid,
   1416     BOOLEAN bRetrieveAllSubCategories,
   1417     GUID **ppAuditSubCategoriesArray,
   1418     PULONG pCountReturned
   1419   );
   1420 
   1421   BOOLEAN WINAPI AuditLookupCategoryGuidFromCategoryId(
   1422     POLICY_AUDIT_EVENT_TYPE AuditCategoryId,
   1423     GUID *pAuditCategoryGuid
   1424   );
   1425 
   1426   BOOLEAN WINAPI AuditQuerySecurity(
   1427     SECURITY_INFORMATION SecurityInformation,
   1428     PSECURITY_DESCRIPTOR *ppSecurityDescriptor
   1429   );
   1430 
   1431 #define AuditLookupSubCategoryName __MINGW_NAME_AW(AuditLookupSubCategoryName)
   1432 #define AuditLookupCategoryName __MINGW_NAME_AW(AuditLookupCategoryName)
   1433 
   1434   BOOLEAN WINAPI AuditLookupSubCategoryNameA(
   1435     const GUID *pAuditSubCategoryGuid,
   1436     LPSTR *ppszSubCategoryName
   1437   );
   1438 
   1439   BOOLEAN WINAPI AuditLookupSubCategoryNameW(
   1440     const GUID *pAuditSubCategoryGuid,
   1441     LPWSTR *ppszSubCategoryName
   1442   );
   1443 
   1444   BOOLEAN WINAPI AuditLookupCategoryNameA(
   1445     const GUID *pAuditCategoryGuid,
   1446     LPSTR *ppszCategoryName
   1447   );
   1448 
   1449   BOOLEAN WINAPI AuditLookupCategoryNameW(
   1450     const GUID *pAuditCategoryGuid,
   1451     LPWSTR *ppszCategoryName
   1452   );
   1453 
   1454   BOOLEAN WINAPI AuditLookupCategoryIdFromCategoryGuid(
   1455     const GUID *pAuditCategoryGuid,
   1456     PPOLICY_AUDIT_EVENT_TYPE pAuditCategoryId
   1457   );
   1458 
   1459   BOOLEAN WINAPI AuditSetSecurity(
   1460     SECURITY_INFORMATION SecurityInformation,
   1461     PSECURITY_DESCRIPTOR pSecurityDescriptor
   1462   );
   1463 
   1464 #endif /*(_WIN32_WINNT >= 0x0600)*/
   1465 
   1466 #ifdef __cplusplus
   1467 }
   1468 #endif
   1469 #endif
   1470