Home | History | Annotate | Download | only in include 
      1 /**
      2  * This file has no copyright assigned and is placed in the Public Domain.
      3  * This file is part of the mingw-w64 runtime package.
      4  * No warranty is given; refer to the file DISCLAIMER.PD within this package.
      5  */
      6 #ifndef _NTSECPKG_
      7 #define _NTSECPKG_
      8 
      9 #ifdef __cplusplus
     10 extern "C" {
     11 #endif
     12 
     13   typedef PVOID *PLSA_CLIENT_REQUEST;
     14 
     15   typedef enum _LSA_TOKEN_INFORMATION_TYPE {
     16     LsaTokenInformationNull,
     17     LsaTokenInformationV1,
     18     LsaTokenInformationV2
     19   } LSA_TOKEN_INFORMATION_TYPE,*PLSA_TOKEN_INFORMATION_TYPE;
     20 
     21   typedef struct _LSA_TOKEN_INFORMATION_NULL {
     22     LARGE_INTEGER ExpirationTime;
     23     PTOKEN_GROUPS Groups;
     24   } LSA_TOKEN_INFORMATION_NULL,*PLSA_TOKEN_INFORMATION_NULL;
     25 
     26   typedef struct _LSA_TOKEN_INFORMATION_V1 {
     27     LARGE_INTEGER ExpirationTime;
     28     TOKEN_USER User;
     29     PTOKEN_GROUPS Groups;
     30     TOKEN_PRIMARY_GROUP PrimaryGroup;
     31     PTOKEN_PRIVILEGES Privileges;
     32     TOKEN_OWNER Owner;
     33     TOKEN_DEFAULT_DACL DefaultDacl;
     34   } LSA_TOKEN_INFORMATION_V1,*PLSA_TOKEN_INFORMATION_V1;
     35 
     36   typedef LSA_TOKEN_INFORMATION_V1 LSA_TOKEN_INFORMATION_V2,*PLSA_TOKEN_INFORMATION_V2;
     37   typedef NTSTATUS (NTAPI LSA_CREATE_LOGON_SESSION)(PLUID LogonId);
     38   typedef NTSTATUS (NTAPI LSA_DELETE_LOGON_SESSION)(PLUID LogonId);
     39   typedef NTSTATUS (NTAPI LSA_ADD_CREDENTIAL)(PLUID LogonId,ULONG AuthenticationPackage,PLSA_STRING PrimaryKeyValue,PLSA_STRING Credentials);
     40   typedef NTSTATUS (NTAPI LSA_GET_CREDENTIALS)(PLUID LogonId,ULONG AuthenticationPackage,PULONG QueryContext,BOOLEAN RetrieveAllCredentials,PLSA_STRING PrimaryKeyValue,PULONG PrimaryKeyLength,PLSA_STRING Credentials);
     41   typedef NTSTATUS (NTAPI LSA_DELETE_CREDENTIAL)(PLUID LogonId,ULONG AuthenticationPackage,PLSA_STRING PrimaryKeyValue);
     42   typedef PVOID (NTAPI LSA_ALLOCATE_LSA_HEAP)(ULONG Length);
     43   typedef VOID (NTAPI LSA_FREE_LSA_HEAP)(PVOID Base);
     44   typedef PVOID (NTAPI LSA_ALLOCATE_PRIVATE_HEAP)(SIZE_T Length);
     45   typedef VOID (NTAPI LSA_FREE_PRIVATE_HEAP)(PVOID Base);
     46   typedef NTSTATUS (NTAPI LSA_ALLOCATE_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST ClientRequest,ULONG LengthRequired,PVOID *ClientBaseAddress);
     47   typedef NTSTATUS (NTAPI LSA_FREE_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST ClientRequest,PVOID ClientBaseAddress);
     48   typedef NTSTATUS (NTAPI LSA_COPY_TO_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST ClientRequest,ULONG Length,PVOID ClientBaseAddress,PVOID BufferToCopy);
     49   typedef NTSTATUS (NTAPI LSA_COPY_FROM_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST ClientRequest,ULONG Length,PVOID BufferToCopy,PVOID ClientBaseAddress);
     50 
     51   typedef LSA_CREATE_LOGON_SESSION *PLSA_CREATE_LOGON_SESSION;
     52   typedef LSA_DELETE_LOGON_SESSION *PLSA_DELETE_LOGON_SESSION;
     53   typedef LSA_ADD_CREDENTIAL *PLSA_ADD_CREDENTIAL;
     54   typedef LSA_GET_CREDENTIALS *PLSA_GET_CREDENTIALS;
     55   typedef LSA_DELETE_CREDENTIAL *PLSA_DELETE_CREDENTIAL;
     56   typedef LSA_ALLOCATE_LSA_HEAP *PLSA_ALLOCATE_LSA_HEAP;
     57   typedef LSA_FREE_LSA_HEAP *PLSA_FREE_LSA_HEAP;
     58   typedef LSA_ALLOCATE_PRIVATE_HEAP *PLSA_ALLOCATE_PRIVATE_HEAP;
     59   typedef LSA_FREE_PRIVATE_HEAP *PLSA_FREE_PRIVATE_HEAP;
     60   typedef LSA_ALLOCATE_CLIENT_BUFFER *PLSA_ALLOCATE_CLIENT_BUFFER;
     61   typedef LSA_FREE_CLIENT_BUFFER *PLSA_FREE_CLIENT_BUFFER;
     62   typedef LSA_COPY_TO_CLIENT_BUFFER *PLSA_COPY_TO_CLIENT_BUFFER;
     63   typedef LSA_COPY_FROM_CLIENT_BUFFER *PLSA_COPY_FROM_CLIENT_BUFFER;
     64 
     65   typedef struct _LSA_DISPATCH_TABLE {
     66     PLSA_CREATE_LOGON_SESSION CreateLogonSession;
     67     PLSA_DELETE_LOGON_SESSION DeleteLogonSession;
     68     PLSA_ADD_CREDENTIAL AddCredential;
     69     PLSA_GET_CREDENTIALS GetCredentials;
     70     PLSA_DELETE_CREDENTIAL DeleteCredential;
     71     PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap;
     72     PLSA_FREE_LSA_HEAP FreeLsaHeap;
     73     PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer;
     74     PLSA_FREE_CLIENT_BUFFER FreeClientBuffer;
     75     PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer;
     76     PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer;
     77   } LSA_DISPATCH_TABLE,*PLSA_DISPATCH_TABLE;
     78 
     79 #define LSA_AP_NAME_INITIALIZE_PACKAGE "LsaApInitializePackage\0"
     80 #define LSA_AP_NAME_LOGON_USER "LsaApLogonUser\0"
     81 #define LSA_AP_NAME_LOGON_USER_EX "LsaApLogonUserEx\0"
     82 #define LSA_AP_NAME_CALL_PACKAGE "LsaApCallPackage\0"
     83 #define LSA_AP_NAME_LOGON_TERMINATED "LsaApLogonTerminated\0"
     84 #define LSA_AP_NAME_CALL_PACKAGE_UNTRUSTED "LsaApCallPackageUntrusted\0"
     85 #define LSA_AP_NAME_CALL_PACKAGE_PASSTHROUGH "LsaApCallPackagePassthrough\0"
     86 
     87   typedef NTSTATUS (NTAPI LSA_AP_INITIALIZE_PACKAGE)(ULONG AuthenticationPackageId,PLSA_DISPATCH_TABLE LsaDispatchTable,PLSA_STRING Database,PLSA_STRING Confidentiality,PLSA_STRING *AuthenticationPackageName);
     88   typedef NTSTATUS (NTAPI LSA_AP_LOGON_USER)(PLSA_CLIENT_REQUEST ClientRequest,SECURITY_LOGON_TYPE LogonType,PVOID AuthenticationInformation,PVOID ClientAuthenticationBase,ULONG AuthenticationInformationLength,PVOID *ProfileBuffer,PULONG ProfileBufferLength,PLUID LogonId,PNTSTATUS SubStatus,PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,PVOID *TokenInformation,PLSA_UNICODE_STRING *AccountName,PLSA_UNICODE_STRING *AuthenticatingAuthority);
     89   typedef NTSTATUS (NTAPI LSA_AP_LOGON_USER_EX)(PLSA_CLIENT_REQUEST ClientRequest,SECURITY_LOGON_TYPE LogonType,PVOID AuthenticationInformation,PVOID ClientAuthenticationBase,ULONG AuthenticationInformationLength,PVOID *ProfileBuffer,PULONG ProfileBufferLength,PLUID LogonId,PNTSTATUS SubStatus,PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,PVOID *TokenInformation,PUNICODE_STRING *AccountName,PUNICODE_STRING *AuthenticatingAuthority,PUNICODE_STRING *MachineName);
     90   typedef NTSTATUS (NTAPI LSA_AP_CALL_PACKAGE)(PLSA_CLIENT_REQUEST ClientRequest,PVOID ProtocolSubmitBuffer,PVOID ClientBufferBase,ULONG SubmitBufferLength,PVOID *ProtocolReturnBuffer,PULONG ReturnBufferLength,PNTSTATUS ProtocolStatus);
     91   typedef NTSTATUS (NTAPI LSA_AP_CALL_PACKAGE_PASSTHROUGH)(PLSA_CLIENT_REQUEST ClientRequest,PVOID ProtocolSubmitBuffer,PVOID ClientBufferBase,ULONG SubmitBufferLength,PVOID *ProtocolReturnBuffer,PULONG ReturnBufferLength,PNTSTATUS ProtocolStatus);
     92   typedef VOID (NTAPI LSA_AP_LOGON_TERMINATED)(PLUID LogonId);
     93 
     94   typedef LSA_AP_CALL_PACKAGE LSA_AP_CALL_PACKAGE_UNTRUSTED;
     95   typedef LSA_AP_INITIALIZE_PACKAGE *PLSA_AP_INITIALIZE_PACKAGE;
     96   typedef LSA_AP_LOGON_USER *PLSA_AP_LOGON_USER;
     97   typedef LSA_AP_LOGON_USER_EX *PLSA_AP_LOGON_USER_EX;
     98   typedef LSA_AP_CALL_PACKAGE *PLSA_AP_CALL_PACKAGE;
     99   typedef LSA_AP_CALL_PACKAGE_PASSTHROUGH *PLSA_AP_CALL_PACKAGE_PASSTHROUGH;
    100   typedef LSA_AP_LOGON_TERMINATED *PLSA_AP_LOGON_TERMINATED;
    101   typedef LSA_AP_CALL_PACKAGE_UNTRUSTED *PLSA_AP_CALL_PACKAGE_UNTRUSTED;
    102 
    103 #ifndef _SAM_CREDENTIAL_UPDATE_DEFINED
    104 #define _SAM_CREDENTIAL_UPDATE_DEFINED
    105 
    106   typedef NTSTATUS (*PSAM_CREDENTIAL_UPDATE_NOTIFY_ROUTINE)(PUNICODE_STRING ClearPassword,PVOID OldCredentials,ULONG OldCredentialSize,ULONG UserAccountControl,PUNICODE_STRING UPN,PUNICODE_STRING UserName,PUNICODE_STRING NetbiosDomainName,PUNICODE_STRING DnsDomainName,PVOID *NewCredentials,ULONG *NewCredentialSize);
    107 
    108 #define SAM_CREDENTIAL_UPDATE_NOTIFY_ROUTINE "CredentialUpdateNotify"
    109 
    110   typedef BOOLEAN (*PSAM_CREDENTIAL_UPDATE_REGISTER_ROUTINE)(PUNICODE_STRING CredentialName);
    111 
    112 #define SAM_CREDENTIAL_UPDATE_REGISTER_ROUTINE "CredentialUpdateRegister"
    113 
    114   typedef VOID (*PSAM_CREDENTIAL_UPDATE_FREE_ROUTINE)(PVOID p);
    115 
    116 #define SAM_CREDENTIAL_UPDATE_FREE_ROUTINE "CredentialUpdateFree"
    117 #endif
    118 
    119 #ifdef SECURITY_KERNEL
    120 
    121   typedef PVOID SEC_THREAD_START;
    122   typedef PVOID SEC_ATTRS;
    123 #else
    124   typedef LPTHREAD_START_ROUTINE SEC_THREAD_START;
    125   typedef LPSECURITY_ATTRIBUTES SEC_ATTRS;
    126 #endif
    127 
    128 #define SecEqualLuid(L1,L2) ((((PLUID)L1)->LowPart==((PLUID)L2)->LowPart) && (((PLUID)L1)->HighPart==((PLUID)L2)->HighPart))
    129 #define SecIsZeroLuid(L1) ((L1->LowPart | L1->HighPart)==0)
    130 
    131   typedef struct _SECPKG_CLIENT_INFO {
    132     LUID LogonId;
    133     ULONG ProcessID;
    134     ULONG ThreadID;
    135     BOOLEAN HasTcbPrivilege;
    136     BOOLEAN Impersonating;
    137     BOOLEAN Restricted;
    138 
    139     UCHAR ClientFlags;
    140     SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
    141 
    142   } SECPKG_CLIENT_INFO,*PSECPKG_CLIENT_INFO;
    143 
    144 #define SECPKG_CLIENT_PROCESS_TERMINATED 0x01
    145 #define SECPKG_CLIENT_THREAD_TERMINATED 0x02
    146 
    147   typedef struct _SECPKG_CALL_INFO {
    148     ULONG ProcessId;
    149     ULONG ThreadId;
    150     ULONG Attributes;
    151     ULONG CallCount;
    152   } SECPKG_CALL_INFO,*PSECPKG_CALL_INFO;
    153 
    154 #define SECPKG_CALL_KERNEL_MODE 0x00000001
    155 #define SECPKG_CALL_ANSI 0x00000002
    156 #define SECPKG_CALL_URGENT 0x00000004
    157 #define SECPKG_CALL_RECURSIVE 0x00000008
    158 #define SECPKG_CALL_IN_PROC 0x00000010
    159 #define SECPKG_CALL_CLEANUP 0x00000020
    160 #define SECPKG_CALL_WOWCLIENT 0x00000040
    161 #define SECPKG_CALL_THREAD_TERM 0x00000080
    162 #define SECPKG_CALL_PROCESS_TERM 0x00000100
    163 #define SECPKG_CALL_IS_TCB 0x00000200
    164 
    165   typedef struct _SECPKG_SUPPLEMENTAL_CRED {
    166     UNICODE_STRING PackageName;
    167     ULONG CredentialSize;
    168     PUCHAR Credentials;
    169   } SECPKG_SUPPLEMENTAL_CRED,*PSECPKG_SUPPLEMENTAL_CRED;
    170 
    171   typedef ULONG_PTR LSA_SEC_HANDLE;
    172   typedef LSA_SEC_HANDLE *PLSA_SEC_HANDLE;
    173   typedef struct _SECPKG_SUPPLEMENTAL_CRED_ARRAY {
    174     ULONG CredentialCount;
    175     SECPKG_SUPPLEMENTAL_CRED Credentials[1];
    176   } SECPKG_SUPPLEMENTAL_CRED_ARRAY,*PSECPKG_SUPPLEMENTAL_CRED_ARRAY;
    177 
    178 #define SECBUFFER_UNMAPPED 0x40000000
    179 
    180 #define SECBUFFER_KERNEL_MAP 0x20000000
    181 
    182   typedef NTSTATUS (NTAPI LSA_CALLBACK_FUNCTION)(ULONG_PTR Argument1,ULONG_PTR Argument2,PSecBuffer InputBuffer,PSecBuffer OutputBuffer);
    183 
    184   typedef LSA_CALLBACK_FUNCTION *PLSA_CALLBACK_FUNCTION;
    185 
    186 #define PRIMARY_CRED_CLEAR_PASSWORD 0x1
    187 #define PRIMARY_CRED_OWF_PASSWORD 0x2
    188 #define PRIMARY_CRED_UPDATE 0x4
    189 #define PRIMARY_CRED_CACHED_LOGON 0x8
    190 #define PRIMARY_CRED_LOGON_NO_TCB 0x10
    191 
    192 #define PRIMARY_CRED_LOGON_PACKAGE_SHIFT 24
    193 #define PRIMARY_CRED_PACKAGE_MASK 0xff000000
    194 
    195   typedef struct _SECPKG_PRIMARY_CRED {
    196     LUID LogonId;
    197     UNICODE_STRING DownlevelName;
    198     UNICODE_STRING DomainName;
    199     UNICODE_STRING Password;
    200     UNICODE_STRING OldPassword;
    201     PSID UserSid;
    202     ULONG Flags;
    203     UNICODE_STRING DnsDomainName;
    204     UNICODE_STRING Upn;
    205     UNICODE_STRING LogonServer;
    206     UNICODE_STRING Spare1;
    207     UNICODE_STRING Spare2;
    208     UNICODE_STRING Spare3;
    209     UNICODE_STRING Spare4;
    210   } SECPKG_PRIMARY_CRED,*PSECPKG_PRIMARY_CRED;
    211 
    212 #define MAX_CRED_SIZE 1024
    213 
    214 #define SECPKG_STATE_ENCRYPTION_PERMITTED 0x01
    215 #define SECPKG_STATE_STRONG_ENCRYPTION_PERMITTED 0x02
    216 #define SECPKG_STATE_DOMAIN_CONTROLLER 0x04
    217 #define SECPKG_STATE_WORKSTATION 0x08
    218 #define SECPKG_STATE_STANDALONE 0x10
    219 
    220   typedef struct _SECPKG_PARAMETERS {
    221     ULONG Version;
    222     ULONG MachineState;
    223     ULONG SetupMode;
    224     PSID DomainSid;
    225     UNICODE_STRING DomainName;
    226     UNICODE_STRING DnsDomainName;
    227     GUID DomainGuid;
    228   } SECPKG_PARAMETERS,*PSECPKG_PARAMETERS;
    229 
    230   typedef enum _SECPKG_EXTENDED_INFORMATION_CLASS {
    231     SecpkgGssInfo = 1,
    232     SecpkgContextThunks,
    233     SecpkgMutualAuthLevel,
    234     SecpkgWowClientDll,
    235     SecpkgExtraOids,
    236     SecpkgMaxInfo
    237   } SECPKG_EXTENDED_INFORMATION_CLASS;
    238 
    239   typedef struct _SECPKG_GSS_INFO {
    240     ULONG EncodedIdLength;
    241     UCHAR EncodedId[4];
    242   } SECPKG_GSS_INFO,*PSECPKG_GSS_INFO;
    243 
    244   typedef struct _SECPKG_CONTEXT_THUNKS {
    245     ULONG InfoLevelCount;
    246     ULONG Levels[1];
    247   } SECPKG_CONTEXT_THUNKS,*PSECPKG_CONTEXT_THUNKS;
    248 
    249   typedef struct _SECPKG_MUTUAL_AUTH_LEVEL {
    250     ULONG MutualAuthLevel;
    251   } SECPKG_MUTUAL_AUTH_LEVEL,*PSECPKG_MUTUAL_AUTH_LEVEL;
    252 
    253   typedef struct _SECPKG_WOW_CLIENT_DLL {
    254     SECURITY_STRING WowClientDllPath;
    255   } SECPKG_WOW_CLIENT_DLL,*PSECPKG_WOW_CLIENT_DLL;
    256 
    257 #define SECPKG_MAX_OID_LENGTH 32
    258 
    259   typedef struct _SECPKG_SERIALIZED_OID {
    260     ULONG OidLength;
    261     ULONG OidAttributes;
    262     UCHAR OidValue[SECPKG_MAX_OID_LENGTH ];
    263   } SECPKG_SERIALIZED_OID,*PSECPKG_SERIALIZED_OID;
    264 
    265   typedef struct _SECPKG_EXTRA_OIDS {
    266     ULONG OidCount;
    267     SECPKG_SERIALIZED_OID Oids[1 ];
    268   } SECPKG_EXTRA_OIDS,*PSECPKG_EXTRA_OIDS;
    269 
    270   typedef struct _SECPKG_EXTENDED_INFORMATION {
    271     SECPKG_EXTENDED_INFORMATION_CLASS Class;
    272     union {
    273       SECPKG_GSS_INFO GssInfo;
    274       SECPKG_CONTEXT_THUNKS ContextThunks;
    275       SECPKG_MUTUAL_AUTH_LEVEL MutualAuthLevel;
    276       SECPKG_WOW_CLIENT_DLL WowClientDll;
    277       SECPKG_EXTRA_OIDS ExtraOids;
    278     } Info;
    279   } SECPKG_EXTENDED_INFORMATION,*PSECPKG_EXTENDED_INFORMATION;
    280 
    281 #define SECPKG_ATTR_SASL_CONTEXT 0x00010000
    282 
    283   typedef struct _SecPkgContext_SaslContext {
    284     PVOID SaslContext;
    285   } SecPkgContext_SaslContext,*PSecPkgContext_SaslContext;
    286 
    287 #define SECPKG_ATTR_THUNK_ALL 0x00010000
    288 
    289 #ifndef SECURITY_USER_DATA_DEFINED
    290 #define SECURITY_USER_DATA_DEFINED
    291 
    292   typedef struct _SECURITY_USER_DATA {
    293     SECURITY_STRING UserName;
    294     SECURITY_STRING LogonDomainName;
    295     SECURITY_STRING LogonServer;
    296     PSID pSid;
    297   } SECURITY_USER_DATA,*PSECURITY_USER_DATA;
    298 
    299   typedef SECURITY_USER_DATA SecurityUserData,*PSecurityUserData;
    300 
    301 #define UNDERSTANDS_LONG_NAMES 1
    302 #define NO_LONG_NAMES 2
    303 #endif
    304 
    305   typedef NTSTATUS (NTAPI LSA_IMPERSONATE_CLIENT)(VOID);
    306   typedef NTSTATUS (NTAPI LSA_UNLOAD_PACKAGE)(VOID);
    307   typedef NTSTATUS (NTAPI LSA_DUPLICATE_HANDLE)(HANDLE SourceHandle,PHANDLE DestionationHandle);
    308   typedef NTSTATUS (NTAPI LSA_SAVE_SUPPLEMENTAL_CREDENTIALS)(PLUID LogonId,ULONG SupplementalCredSize,PVOID SupplementalCreds,BOOLEAN Synchronous);
    309   typedef HANDLE (NTAPI LSA_CREATE_THREAD)(SEC_ATTRS SecurityAttributes,ULONG StackSize,SEC_THREAD_START StartFunction,PVOID ThreadParameter,ULONG CreationFlags,PULONG ThreadId);
    310   typedef NTSTATUS (NTAPI LSA_GET_CLIENT_INFO)(PSECPKG_CLIENT_INFO ClientInfo);
    311   typedef HANDLE (NTAPI LSA_REGISTER_NOTIFICATION)(SEC_THREAD_START StartFunction,PVOID Parameter,ULONG NotificationType,ULONG NotificationClass,ULONG NotificationFlags,ULONG IntervalMinutes,HANDLE WaitEvent);
    312   typedef NTSTATUS (NTAPI LSA_CANCEL_NOTIFICATION)(HANDLE NotifyHandle);
    313   typedef NTSTATUS (NTAPI LSA_MAP_BUFFER)(PSecBuffer InputBuffer,PSecBuffer OutputBuffer);
    314   typedef NTSTATUS (NTAPI LSA_CREATE_TOKEN)(PLUID LogonId,PTOKEN_SOURCE TokenSource,SECURITY_LOGON_TYPE LogonType,SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,LSA_TOKEN_INFORMATION_TYPE TokenInformationType,PVOID TokenInformation,PTOKEN_GROUPS TokenGroups,PUNICODE_STRING AccountName,PUNICODE_STRING AuthorityName,PUNICODE_STRING Workstation,PUNICODE_STRING ProfilePath,PHANDLE Token,PNTSTATUS SubStatus);
    315 
    316   typedef enum _SECPKG_SESSIONINFO_TYPE {
    317     SecSessionPrimaryCred
    318   } SECPKG_SESSIONINFO_TYPE;
    319 
    320   typedef NTSTATUS (NTAPI LSA_CREATE_TOKEN_EX)(PLUID LogonId,PTOKEN_SOURCE TokenSource,SECURITY_LOGON_TYPE LogonType,SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,LSA_TOKEN_INFORMATION_TYPE TokenInformationType,PVOID TokenInformation,PTOKEN_GROUPS TokenGroups,PUNICODE_STRING Workstation,PUNICODE_STRING ProfilePath,PVOID SessionInformation,SECPKG_SESSIONINFO_TYPE SessionInformationType,PHANDLE Token,PNTSTATUS SubStatus);
    321   typedef VOID (NTAPI LSA_AUDIT_LOGON)(NTSTATUS Status,NTSTATUS SubStatus,PUNICODE_STRING AccountName,PUNICODE_STRING AuthenticatingAuthority,PUNICODE_STRING WorkstationName,PSID UserSid,SECURITY_LOGON_TYPE LogonType,PTOKEN_SOURCE TokenSource,PLUID LogonId);
    322   typedef NTSTATUS (NTAPI LSA_CALL_PACKAGE)(PUNICODE_STRING AuthenticationPackage,PVOID ProtocolSubmitBuffer,ULONG SubmitBufferLength,PVOID *ProtocolReturnBuffer,PULONG ReturnBufferLength,PNTSTATUS ProtocolStatus);
    323   typedef NTSTATUS (NTAPI LSA_CALL_PACKAGEEX)(PUNICODE_STRING AuthenticationPackage,PVOID ClientBufferBase,PVOID ProtocolSubmitBuffer,ULONG SubmitBufferLength,PVOID *ProtocolReturnBuffer,PULONG ReturnBufferLength,PNTSTATUS ProtocolStatus);
    324   typedef NTSTATUS (NTAPI LSA_CALL_PACKAGE_PASSTHROUGH)(PUNICODE_STRING AuthenticationPackage,PVOID ClientBufferBase,PVOID ProtocolSubmitBuffer,ULONG SubmitBufferLength,PVOID *ProtocolReturnBuffer,PULONG ReturnBufferLength,PNTSTATUS ProtocolStatus);
    325   typedef BOOLEAN (NTAPI LSA_GET_CALL_INFO)(PSECPKG_CALL_INFO Info);
    326   typedef PVOID (NTAPI LSA_CREATE_SHARED_MEMORY)(ULONG MaxSize,ULONG InitialSize);
    327   typedef PVOID (NTAPI LSA_ALLOCATE_SHARED_MEMORY)(PVOID SharedMem,ULONG Size);
    328   typedef VOID (NTAPI LSA_FREE_SHARED_MEMORY)(PVOID SharedMem,PVOID Memory);
    329   typedef BOOLEAN (NTAPI LSA_DELETE_SHARED_MEMORY)(PVOID SharedMem);
    330 
    331   typedef enum _SECPKG_NAME_TYPE {
    332     SecNameSamCompatible,
    333     SecNameAlternateId,
    334     SecNameFlat,
    335     SecNameDN,
    336     SecNameSPN
    337   } SECPKG_NAME_TYPE;
    338 
    339   typedef NTSTATUS (NTAPI LSA_OPEN_SAM_USER)(PSECURITY_STRING Name,SECPKG_NAME_TYPE NameType,PSECURITY_STRING Prefix,BOOLEAN AllowGuest,ULONG Reserved,PVOID *UserHandle);
    340   typedef NTSTATUS (NTAPI LSA_GET_USER_CREDENTIALS)(PVOID UserHandle,PVOID *PrimaryCreds,PULONG PrimaryCredsSize,PVOID *SupplementalCreds,PULONG SupplementalCredsSize);
    341   typedef NTSTATUS (NTAPI LSA_GET_USER_AUTH_DATA)(PVOID UserHandle,PUCHAR *UserAuthData,PULONG UserAuthDataSize);
    342   typedef NTSTATUS (NTAPI LSA_CLOSE_SAM_USER)(PVOID UserHandle);
    343   typedef NTSTATUS (NTAPI LSA_GET_AUTH_DATA_FOR_USER)(PSECURITY_STRING Name,SECPKG_NAME_TYPE NameType,PSECURITY_STRING Prefix,PUCHAR *UserAuthData,PULONG UserAuthDataSize,PUNICODE_STRING UserFlatName);
    344   typedef NTSTATUS (NTAPI LSA_CONVERT_AUTH_DATA_TO_TOKEN)(PVOID UserAuthData,ULONG UserAuthDataSize,SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,PTOKEN_SOURCE TokenSource,SECURITY_LOGON_TYPE LogonType,PUNICODE_STRING AuthorityName,PHANDLE Token,PLUID LogonId,PUNICODE_STRING AccountName,PNTSTATUS SubStatus);
    345   typedef NTSTATUS (NTAPI LSA_CRACK_SINGLE_NAME)(ULONG FormatOffered,BOOLEAN PerformAtGC,PUNICODE_STRING NameInput,PUNICODE_STRING Prefix,ULONG RequestedFormat,PUNICODE_STRING CrackedName,PUNICODE_STRING DnsDomainName,PULONG SubStatus);
    346   typedef NTSTATUS (NTAPI LSA_AUDIT_ACCOUNT_LOGON)(ULONG AuditId,BOOLEAN Success,PUNICODE_STRING Source,PUNICODE_STRING ClientName,PUNICODE_STRING MappedName,NTSTATUS Status);
    347   typedef NTSTATUS (NTAPI LSA_CLIENT_CALLBACK)(PCHAR Callback,ULONG_PTR Argument1,ULONG_PTR Argument2,PSecBuffer Input,PSecBuffer Output);
    348   typedef NTSTATUS (NTAPI LSA_REGISTER_CALLBACK)(ULONG CallbackId,PLSA_CALLBACK_FUNCTION Callback);
    349 
    350 #define NOTIFIER_FLAG_NEW_THREAD 0x00000001
    351 #define NOTIFIER_FLAG_ONE_SHOT 0x00000002
    352 #define NOTIFIER_FLAG_SECONDS 0x80000000
    353 
    354 #define NOTIFIER_TYPE_INTERVAL 1
    355 #define NOTIFIER_TYPE_HANDLE_WAIT 2
    356 #define NOTIFIER_TYPE_STATE_CHANGE 3
    357 #define NOTIFIER_TYPE_NOTIFY_EVENT 4
    358 #define NOTIFIER_TYPE_IMMEDIATE 16
    359 
    360 #define NOTIFY_CLASS_PACKAGE_CHANGE 1
    361 #define NOTIFY_CLASS_ROLE_CHANGE 2
    362 #define NOTIFY_CLASS_DOMAIN_CHANGE 3
    363 #define NOTIFY_CLASS_REGISTRY_CHANGE 4
    364 
    365   typedef struct _SECPKG_EVENT_PACKAGE_CHANGE {
    366     ULONG ChangeType;
    367     LSA_SEC_HANDLE PackageId;
    368     SECURITY_STRING PackageName;
    369   } SECPKG_EVENT_PACKAGE_CHANGE,*PSECPKG_EVENT_PACKAGE_CHANGE;
    370 
    371 #define SECPKG_PACKAGE_CHANGE_LOAD 0
    372 #define SECPKG_PACKAGE_CHANGE_UNLOAD 1
    373 #define SECPKG_PACKAGE_CHANGE_SELECT 2
    374 
    375   typedef struct _SECPKG_EVENT_ROLE_CHANGE {
    376     ULONG PreviousRole;
    377     ULONG NewRole;
    378   } SECPKG_EVENT_ROLE_CHANGE,*PSECPKG_EVENT_ROLE_CHANGE;
    379 
    380   typedef struct _SECPKG_PARAMETERS SECPKG_EVENT_DOMAIN_CHANGE;
    381   typedef struct _SECPKG_PARAMETERS *PSECPKG_EVENT_DOMAIN_CHANGE;
    382 
    383   typedef struct _SECPKG_EVENT_NOTIFY {
    384     ULONG EventClass;
    385     ULONG Reserved;
    386     ULONG EventDataSize;
    387     PVOID EventData;
    388     PVOID PackageParameter;
    389   } SECPKG_EVENT_NOTIFY,*PSECPKG_EVENT_NOTIFY;
    390 
    391   typedef NTSTATUS (NTAPI LSA_UPDATE_PRIMARY_CREDENTIALS)(PSECPKG_PRIMARY_CRED PrimaryCredentials,PSECPKG_SUPPLEMENTAL_CRED_ARRAY Credentials);
    392   typedef VOID (NTAPI LSA_PROTECT_MEMORY)(PVOID Buffer,ULONG BufferSize);
    393   typedef NTSTATUS (NTAPI LSA_OPEN_TOKEN_BY_LOGON_ID)(PLUID LogonId,HANDLE *RetTokenHandle);
    394   typedef NTSTATUS (NTAPI LSA_EXPAND_AUTH_DATA_FOR_DOMAIN)(PUCHAR UserAuthData,ULONG UserAuthDataSize,PVOID Reserved,PUCHAR *ExpandedAuthData,PULONG ExpandedAuthDataSize);
    395 
    396   typedef LSA_IMPERSONATE_CLIENT *PLSA_IMPERSONATE_CLIENT;
    397   typedef LSA_UNLOAD_PACKAGE *PLSA_UNLOAD_PACKAGE;
    398   typedef LSA_DUPLICATE_HANDLE *PLSA_DUPLICATE_HANDLE;
    399   typedef LSA_SAVE_SUPPLEMENTAL_CREDENTIALS *PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS;
    400   typedef LSA_CREATE_THREAD *PLSA_CREATE_THREAD;
    401   typedef LSA_GET_CLIENT_INFO *PLSA_GET_CLIENT_INFO;
    402   typedef LSA_REGISTER_NOTIFICATION *PLSA_REGISTER_NOTIFICATION;
    403   typedef LSA_CANCEL_NOTIFICATION *PLSA_CANCEL_NOTIFICATION;
    404   typedef LSA_MAP_BUFFER *PLSA_MAP_BUFFER;
    405   typedef LSA_CREATE_TOKEN *PLSA_CREATE_TOKEN;
    406   typedef LSA_AUDIT_LOGON *PLSA_AUDIT_LOGON;
    407   typedef LSA_CALL_PACKAGE *PLSA_CALL_PACKAGE;
    408   typedef LSA_CALL_PACKAGEEX *PLSA_CALL_PACKAGEEX;
    409   typedef LSA_GET_CALL_INFO *PLSA_GET_CALL_INFO;
    410   typedef LSA_CREATE_SHARED_MEMORY *PLSA_CREATE_SHARED_MEMORY;
    411   typedef LSA_ALLOCATE_SHARED_MEMORY *PLSA_ALLOCATE_SHARED_MEMORY;
    412   typedef LSA_FREE_SHARED_MEMORY *PLSA_FREE_SHARED_MEMORY;
    413   typedef LSA_DELETE_SHARED_MEMORY *PLSA_DELETE_SHARED_MEMORY;
    414   typedef LSA_OPEN_SAM_USER *PLSA_OPEN_SAM_USER;
    415   typedef LSA_GET_USER_CREDENTIALS *PLSA_GET_USER_CREDENTIALS;
    416   typedef LSA_GET_USER_AUTH_DATA *PLSA_GET_USER_AUTH_DATA;
    417   typedef LSA_CLOSE_SAM_USER *PLSA_CLOSE_SAM_USER;
    418   typedef LSA_CONVERT_AUTH_DATA_TO_TOKEN *PLSA_CONVERT_AUTH_DATA_TO_TOKEN;
    419   typedef LSA_CLIENT_CALLBACK *PLSA_CLIENT_CALLBACK;
    420   typedef LSA_REGISTER_CALLBACK *PLSA_REGISTER_CALLBACK;
    421   typedef LSA_UPDATE_PRIMARY_CREDENTIALS *PLSA_UPDATE_PRIMARY_CREDENTIALS;
    422   typedef LSA_GET_AUTH_DATA_FOR_USER *PLSA_GET_AUTH_DATA_FOR_USER;
    423   typedef LSA_CRACK_SINGLE_NAME *PLSA_CRACK_SINGLE_NAME;
    424   typedef LSA_AUDIT_ACCOUNT_LOGON *PLSA_AUDIT_ACCOUNT_LOGON;
    425   typedef LSA_CALL_PACKAGE_PASSTHROUGH *PLSA_CALL_PACKAGE_PASSTHROUGH;
    426   typedef LSA_PROTECT_MEMORY *PLSA_PROTECT_MEMORY;
    427   typedef LSA_OPEN_TOKEN_BY_LOGON_ID *PLSA_OPEN_TOKEN_BY_LOGON_ID;
    428   typedef LSA_EXPAND_AUTH_DATA_FOR_DOMAIN *PLSA_EXPAND_AUTH_DATA_FOR_DOMAIN;
    429   typedef LSA_CREATE_TOKEN_EX *PLSA_CREATE_TOKEN_EX;
    430 
    431 #ifdef _WINCRED_H_
    432 
    433 #ifndef _ENCRYPTED_CREDENTIAL_DEFINED
    434 #define _ENCRYPTED_CREDENTIAL_DEFINED
    435 
    436   typedef struct _ENCRYPTED_CREDENTIALW {
    437     CREDENTIALW Cred;
    438     ULONG ClearCredentialBlobSize;
    439   } ENCRYPTED_CREDENTIALW,*PENCRYPTED_CREDENTIALW;
    440 #endif
    441 
    442 #define CREDP_FLAGS_IN_PROCESS 0x01
    443 #define CREDP_FLAGS_USE_MIDL_HEAP 0x02
    444 #define CREDP_FLAGS_DONT_CACHE_TI 0x04
    445 #define CREDP_FLAGS_CLEAR_PASSWORD 0x08
    446 #define CREDP_FLAGS_USER_ENCRYPTED_PASSWORD 0x10
    447 
    448   typedef NTSTATUS (NTAPI CredReadFn)(PLUID LogonId,ULONG CredFlags,LPWSTR TargetName,ULONG Type,ULONG Flags,PENCRYPTED_CREDENTIALW *Credential);
    449   typedef NTSTATUS (NTAPI CredReadDomainCredentialsFn)(PLUID LogonId,ULONG CredFlags,PCREDENTIAL_TARGET_INFORMATIONW TargetInfo,ULONG Flags,PULONG Count,PENCRYPTED_CREDENTIALW **Credential);
    450   typedef VOID (NTAPI CredFreeCredentialsFn)(ULONG Count,PENCRYPTED_CREDENTIALW *Credentials);
    451   typedef NTSTATUS (NTAPI CredWriteFn)(PLUID LogonId,ULONG CredFlags,PENCRYPTED_CREDENTIALW Credential,ULONG Flags);
    452 
    453   NTSTATUS CredMarshalTargetInfo (PCREDENTIAL_TARGET_INFORMATIONW InTargetInfo,PUSHORT *Buffer,PULONG BufferSize);
    454   NTSTATUS CredUnmarshalTargetInfo (PUSHORT Buffer,ULONG BufferSize,PCREDENTIAL_TARGET_INFORMATIONW *RetTargetInfo,PULONG RetActualSize);
    455 
    456 #define CRED_MARSHALED_TI_SIZE_SIZE 12
    457 #endif
    458 
    459   typedef struct _SEC_WINNT_AUTH_IDENTITY32 {
    460     ULONG User;
    461     ULONG UserLength;
    462     ULONG Domain;
    463     ULONG DomainLength;
    464     ULONG Password;
    465     ULONG PasswordLength;
    466     ULONG Flags;
    467   } SEC_WINNT_AUTH_IDENTITY32,*PSEC_WINNT_AUTH_IDENTITY32;
    468 
    469   typedef struct _SEC_WINNT_AUTH_IDENTITY_EX32 {
    470     ULONG Version;
    471     ULONG Length;
    472     ULONG User;
    473     ULONG UserLength;
    474     ULONG Domain;
    475     ULONG DomainLength;
    476     ULONG Password;
    477     ULONG PasswordLength;
    478     ULONG Flags;
    479     ULONG PackageList;
    480     ULONG PackageListLength;
    481   } SEC_WINNT_AUTH_IDENTITY_EX32,*PSEC_WINNT_AUTH_IDENTITY_EX32;
    482 
    483   typedef struct _LSA_SECPKG_FUNCTION_TABLE {
    484     PLSA_CREATE_LOGON_SESSION CreateLogonSession;
    485     PLSA_DELETE_LOGON_SESSION DeleteLogonSession;
    486     PLSA_ADD_CREDENTIAL AddCredential;
    487     PLSA_GET_CREDENTIALS GetCredentials;
    488     PLSA_DELETE_CREDENTIAL DeleteCredential;
    489     PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap;
    490     PLSA_FREE_LSA_HEAP FreeLsaHeap;
    491     PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer;
    492     PLSA_FREE_CLIENT_BUFFER FreeClientBuffer;
    493     PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer;
    494     PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer;
    495     PLSA_IMPERSONATE_CLIENT ImpersonateClient;
    496     PLSA_UNLOAD_PACKAGE UnloadPackage;
    497     PLSA_DUPLICATE_HANDLE DuplicateHandle;
    498     PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS SaveSupplementalCredentials;
    499     PLSA_CREATE_THREAD CreateThread;
    500     PLSA_GET_CLIENT_INFO GetClientInfo;
    501     PLSA_REGISTER_NOTIFICATION RegisterNotification;
    502     PLSA_CANCEL_NOTIFICATION CancelNotification;
    503     PLSA_MAP_BUFFER MapBuffer;
    504     PLSA_CREATE_TOKEN CreateToken;
    505     PLSA_AUDIT_LOGON AuditLogon;
    506     PLSA_CALL_PACKAGE CallPackage;
    507     PLSA_FREE_LSA_HEAP FreeReturnBuffer;
    508     PLSA_GET_CALL_INFO GetCallInfo;
    509     PLSA_CALL_PACKAGEEX CallPackageEx;
    510     PLSA_CREATE_SHARED_MEMORY CreateSharedMemory;
    511     PLSA_ALLOCATE_SHARED_MEMORY AllocateSharedMemory;
    512     PLSA_FREE_SHARED_MEMORY FreeSharedMemory;
    513     PLSA_DELETE_SHARED_MEMORY DeleteSharedMemory;
    514     PLSA_OPEN_SAM_USER OpenSamUser;
    515     PLSA_GET_USER_CREDENTIALS GetUserCredentials;
    516     PLSA_GET_USER_AUTH_DATA GetUserAuthData;
    517     PLSA_CLOSE_SAM_USER CloseSamUser;
    518     PLSA_CONVERT_AUTH_DATA_TO_TOKEN ConvertAuthDataToToken;
    519     PLSA_CLIENT_CALLBACK ClientCallback;
    520     PLSA_UPDATE_PRIMARY_CREDENTIALS UpdateCredentials;
    521     PLSA_GET_AUTH_DATA_FOR_USER GetAuthDataForUser;
    522     PLSA_CRACK_SINGLE_NAME CrackSingleName;
    523     PLSA_AUDIT_ACCOUNT_LOGON AuditAccountLogon;
    524     PLSA_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough;
    525 #ifdef _WINCRED_H_
    526     CredReadFn *CrediRead;
    527     CredReadDomainCredentialsFn *CrediReadDomainCredentials;
    528     CredFreeCredentialsFn *CrediFreeCredentials;
    529 #else
    530     PLSA_PROTECT_MEMORY DummyFunction1;
    531     PLSA_PROTECT_MEMORY DummyFunction2;
    532     PLSA_PROTECT_MEMORY DummyFunction3;
    533 #endif
    534     PLSA_PROTECT_MEMORY LsaProtectMemory;
    535     PLSA_PROTECT_MEMORY LsaUnprotectMemory;
    536     PLSA_OPEN_TOKEN_BY_LOGON_ID OpenTokenByLogonId;
    537     PLSA_EXPAND_AUTH_DATA_FOR_DOMAIN ExpandAuthDataForDomain;
    538     PLSA_ALLOCATE_PRIVATE_HEAP AllocatePrivateHeap;
    539     PLSA_FREE_PRIVATE_HEAP FreePrivateHeap;
    540     PLSA_CREATE_TOKEN_EX CreateTokenEx;
    541 #ifdef _WINCRED_H_
    542     CredWriteFn *CrediWrite;
    543 #else
    544     PLSA_PROTECT_MEMORY DummyFunction4;
    545 #endif
    546   } LSA_SECPKG_FUNCTION_TABLE,*PLSA_SECPKG_FUNCTION_TABLE;
    547 
    548   typedef struct _SECPKG_DLL_FUNCTIONS {
    549     PLSA_ALLOCATE_LSA_HEAP AllocateHeap;
    550     PLSA_FREE_LSA_HEAP FreeHeap;
    551     PLSA_REGISTER_CALLBACK RegisterCallback;
    552   } SECPKG_DLL_FUNCTIONS,*PSECPKG_DLL_FUNCTIONS;
    553 
    554   typedef NTSTATUS (NTAPI SpInitializeFn)(ULONG_PTR PackageId,PSECPKG_PARAMETERS Parameters,PLSA_SECPKG_FUNCTION_TABLE FunctionTable);
    555   typedef NTSTATUS (NTAPI SpShutdownFn)(VOID);
    556   typedef NTSTATUS (NTAPI SpGetInfoFn)(PSecPkgInfo PackageInfo);
    557   typedef NTSTATUS (NTAPI SpGetExtendedInformationFn)(SECPKG_EXTENDED_INFORMATION_CLASS Class,PSECPKG_EXTENDED_INFORMATION *ppInformation);
    558   typedef NTSTATUS (NTAPI SpSetExtendedInformationFn)(SECPKG_EXTENDED_INFORMATION_CLASS Class,PSECPKG_EXTENDED_INFORMATION Info);
    559   typedef NTSTATUS (LSA_AP_LOGON_USER_EX2)(PLSA_CLIENT_REQUEST ClientRequest,SECURITY_LOGON_TYPE LogonType,PVOID AuthenticationInformation,PVOID ClientAuthenticationBase,ULONG AuthenticationInformationLength,PVOID *ProfileBuffer,PULONG ProfileBufferLength,PLUID LogonId,PNTSTATUS SubStatus,PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,PVOID *TokenInformation,PUNICODE_STRING *AccountName,PUNICODE_STRING *AuthenticatingAuthority,PUNICODE_STRING *MachineName,PSECPKG_PRIMARY_CRED PrimaryCredentials,PSECPKG_SUPPLEMENTAL_CRED_ARRAY *CachedCredentials);
    560 
    561   typedef LSA_AP_LOGON_USER_EX2 *PLSA_AP_LOGON_USER_EX2;
    562 
    563 #define LSA_AP_NAME_LOGON_USER_EX2 "LsaApLogonUserEx2\0"
    564 
    565   typedef NTSTATUS (NTAPI SpAcceptCredentialsFn)(SECURITY_LOGON_TYPE LogonType,PUNICODE_STRING AccountName,PSECPKG_PRIMARY_CRED PrimaryCredentials,PSECPKG_SUPPLEMENTAL_CRED SupplementalCredentials);
    566 
    567 #define SP_ACCEPT_CREDENTIALS_NAME "SpAcceptCredentials\0"
    568 
    569   typedef NTSTATUS (NTAPI SpAcquireCredentialsHandleFn)(PUNICODE_STRING PrincipalName,ULONG CredentialUseFlags,PLUID LogonId,PVOID AuthorizationData,PVOID GetKeyFunciton,PVOID GetKeyArgument,PLSA_SEC_HANDLE CredentialHandle,PTimeStamp ExpirationTime);
    570   typedef NTSTATUS (NTAPI SpFreeCredentialsHandleFn)(LSA_SEC_HANDLE CredentialHandle);
    571   typedef NTSTATUS (NTAPI SpQueryCredentialsAttributesFn)(LSA_SEC_HANDLE CredentialHandle,ULONG CredentialAttribute,PVOID Buffer);
    572   typedef NTSTATUS (NTAPI SpSetCredentialsAttributesFn)(LSA_SEC_HANDLE CredentialHandle,ULONG CredentialAttribute,PVOID Buffer,ULONG BufferSize);
    573   typedef NTSTATUS (NTAPI SpAddCredentialsFn)(LSA_SEC_HANDLE CredentialHandle,PUNICODE_STRING PrincipalName,PUNICODE_STRING Package,ULONG CredentialUseFlags,PVOID AuthorizationData,PVOID GetKeyFunciton,PVOID GetKeyArgument,PTimeStamp ExpirationTime);
    574   typedef NTSTATUS (NTAPI SpSaveCredentialsFn)(LSA_SEC_HANDLE CredentialHandle,PSecBuffer Credentials);
    575   typedef NTSTATUS (NTAPI SpGetCredentialsFn)(LSA_SEC_HANDLE CredentialHandle,PSecBuffer Credentials);
    576   typedef NTSTATUS (NTAPI SpDeleteCredentialsFn)(LSA_SEC_HANDLE CredentialHandle,PSecBuffer Key);
    577   typedef NTSTATUS (NTAPI SpInitLsaModeContextFn)(LSA_SEC_HANDLE CredentialHandle,LSA_SEC_HANDLE ContextHandle,PUNICODE_STRING TargetName,ULONG ContextRequirements,ULONG TargetDataRep,PSecBufferDesc InputBuffers,PLSA_SEC_HANDLE NewContextHandle,PSecBufferDesc OutputBuffers,PULONG ContextAttributes,PTimeStamp ExpirationTime,PBOOLEAN MappedContext,PSecBuffer ContextData);
    578   typedef NTSTATUS (NTAPI SpDeleteContextFn)(LSA_SEC_HANDLE ContextHandle);
    579   typedef NTSTATUS (NTAPI SpApplyControlTokenFn)(LSA_SEC_HANDLE ContextHandle,PSecBufferDesc ControlToken);
    580   typedef NTSTATUS (NTAPI SpAcceptLsaModeContextFn)(LSA_SEC_HANDLE CredentialHandle,LSA_SEC_HANDLE ContextHandle,PSecBufferDesc InputBuffer,ULONG ContextRequirements,ULONG TargetDataRep,PLSA_SEC_HANDLE NewContextHandle,PSecBufferDesc OutputBuffer,PULONG ContextAttributes,PTimeStamp ExpirationTime,PBOOLEAN MappedContext,PSecBuffer ContextData);
    581   typedef NTSTATUS (NTAPI SpGetUserInfoFn)(PLUID LogonId,ULONG Flags,PSecurityUserData *UserData);
    582   typedef NTSTATUS (NTAPI SpQueryContextAttributesFn)(LSA_SEC_HANDLE ContextHandle,ULONG ContextAttribute,PVOID Buffer);
    583   typedef NTSTATUS (NTAPI SpSetContextAttributesFn)(LSA_SEC_HANDLE ContextHandle,ULONG ContextAttribute,PVOID Buffer,ULONG BufferSize);
    584 
    585   typedef struct _SECPKG_FUNCTION_TABLE {
    586     PLSA_AP_INITIALIZE_PACKAGE InitializePackage;
    587     PLSA_AP_LOGON_USER LogonUser;
    588     PLSA_AP_CALL_PACKAGE CallPackage;
    589     PLSA_AP_LOGON_TERMINATED LogonTerminated;
    590     PLSA_AP_CALL_PACKAGE_UNTRUSTED CallPackageUntrusted;
    591     PLSA_AP_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough;
    592     PLSA_AP_LOGON_USER_EX LogonUserEx;
    593     PLSA_AP_LOGON_USER_EX2 LogonUserEx2;
    594     SpInitializeFn *Initialize;
    595     SpShutdownFn *Shutdown;
    596     SpGetInfoFn *GetInfo;
    597     SpAcceptCredentialsFn *AcceptCredentials;
    598     SpAcquireCredentialsHandleFn *AcquireCredentialsHandle;
    599     SpQueryCredentialsAttributesFn *QueryCredentialsAttributes;
    600     SpFreeCredentialsHandleFn *FreeCredentialsHandle;
    601     SpSaveCredentialsFn *SaveCredentials;
    602     SpGetCredentialsFn *GetCredentials;
    603     SpDeleteCredentialsFn *DeleteCredentials;
    604     SpInitLsaModeContextFn *InitLsaModeContext;
    605     SpAcceptLsaModeContextFn *AcceptLsaModeContext;
    606     SpDeleteContextFn *DeleteContext;
    607     SpApplyControlTokenFn *ApplyControlToken;
    608     SpGetUserInfoFn *GetUserInfo;
    609     SpGetExtendedInformationFn *GetExtendedInformation;
    610     SpQueryContextAttributesFn *QueryContextAttributes;
    611     SpAddCredentialsFn *AddCredentials;
    612     SpSetExtendedInformationFn *SetExtendedInformation;
    613     SpSetContextAttributesFn *SetContextAttributes;
    614     SpSetCredentialsAttributesFn *SetCredentialsAttributes;
    615   } SECPKG_FUNCTION_TABLE,*PSECPKG_FUNCTION_TABLE;
    616 
    617   typedef NTSTATUS (NTAPI SpInstanceInitFn)(ULONG Version,PSECPKG_DLL_FUNCTIONS FunctionTable,PVOID *UserFunctions);
    618   typedef NTSTATUS (NTAPI SpInitUserModeContextFn)(LSA_SEC_HANDLE ContextHandle,PSecBuffer PackedContext);
    619   typedef NTSTATUS (NTAPI SpMakeSignatureFn)(LSA_SEC_HANDLE ContextHandle,ULONG QualityOfProtection,PSecBufferDesc MessageBuffers,ULONG MessageSequenceNumber);
    620   typedef NTSTATUS (NTAPI SpVerifySignatureFn)(LSA_SEC_HANDLE ContextHandle,PSecBufferDesc MessageBuffers,ULONG MessageSequenceNumber,PULONG QualityOfProtection);
    621   typedef NTSTATUS (NTAPI SpSealMessageFn)(LSA_SEC_HANDLE ContextHandle,ULONG QualityOfProtection,PSecBufferDesc MessageBuffers,ULONG MessageSequenceNumber);
    622   typedef NTSTATUS (NTAPI SpUnsealMessageFn)(LSA_SEC_HANDLE ContextHandle,PSecBufferDesc MessageBuffers,ULONG MessageSequenceNumber,PULONG QualityOfProtection);
    623   typedef NTSTATUS (NTAPI SpGetContextTokenFn)(LSA_SEC_HANDLE ContextHandle,PHANDLE ImpersonationToken);
    624   typedef NTSTATUS (NTAPI SpExportSecurityContextFn)(LSA_SEC_HANDLE phContext,ULONG fFlags,PSecBuffer pPackedContext,PHANDLE pToken);
    625   typedef NTSTATUS (NTAPI SpImportSecurityContextFn)(PSecBuffer pPackedContext,HANDLE Token,PLSA_SEC_HANDLE phContext);
    626   typedef NTSTATUS (NTAPI SpCompleteAuthTokenFn)(LSA_SEC_HANDLE ContextHandle,PSecBufferDesc InputBuffer);
    627   typedef NTSTATUS (NTAPI SpFormatCredentialsFn)(PSecBuffer Credentials,PSecBuffer FormattedCredentials);
    628   typedef NTSTATUS (NTAPI SpMarshallSupplementalCredsFn)(ULONG CredentialSize,PUCHAR Credentials,PULONG MarshalledCredSize,PVOID *MarshalledCreds);
    629 
    630   typedef struct _SECPKG_USER_FUNCTION_TABLE {
    631     SpInstanceInitFn *InstanceInit;
    632     SpInitUserModeContextFn *InitUserModeContext;
    633     SpMakeSignatureFn *MakeSignature;
    634     SpVerifySignatureFn *VerifySignature;
    635     SpSealMessageFn *SealMessage;
    636     SpUnsealMessageFn *UnsealMessage;
    637     SpGetContextTokenFn *GetContextToken;
    638     SpQueryContextAttributesFn *QueryContextAttributes;
    639     SpCompleteAuthTokenFn *CompleteAuthToken;
    640     SpDeleteContextFn *DeleteUserModeContext;
    641     SpFormatCredentialsFn *FormatCredentials;
    642     SpMarshallSupplementalCredsFn *MarshallSupplementalCreds;
    643     SpExportSecurityContextFn *ExportContext;
    644     SpImportSecurityContextFn *ImportContext;
    645   } SECPKG_USER_FUNCTION_TABLE,*PSECPKG_USER_FUNCTION_TABLE;
    646 
    647   typedef NTSTATUS (SEC_ENTRY *SpLsaModeInitializeFn)(ULONG LsaVersion,PULONG PackageVersion,PSECPKG_FUNCTION_TABLE *ppTables,PULONG pcTables);
    648   typedef NTSTATUS (SEC_ENTRY *SpUserModeInitializeFn)(ULONG LsaVersion,PULONG PackageVersion,PSECPKG_USER_FUNCTION_TABLE *ppTables,PULONG pcTables);
    649 
    650 #define SECPKG_LSAMODEINIT_NAME "SpLsaModeInitialize"
    651 #define SECPKG_USERMODEINIT_NAME "SpUserModeInitialize"
    652 
    653 #define SECPKG_INTERFACE_VERSION 0x00010000
    654 #define SECPKG_INTERFACE_VERSION_2 0x00020000
    655 #define SECPKG_INTERFACE_VERSION_3 0x00040000
    656 
    657   typedef enum _KSEC_CONTEXT_TYPE {
    658     KSecPaged,KSecNonPaged
    659   } KSEC_CONTEXT_TYPE;
    660 
    661   typedef struct _KSEC_LIST_ENTRY {
    662     LIST_ENTRY List;
    663     LONG RefCount;
    664     ULONG Signature;
    665     PVOID OwningList;
    666     PVOID Reserved;
    667   } KSEC_LIST_ENTRY,*PKSEC_LIST_ENTRY;
    668 
    669 #define KsecInitializeListEntry(Entry,SigValue) ((PKSEC_LIST_ENTRY) Entry)->List.Flink = ((PKSEC_LIST_ENTRY) Entry)->List.Blink = NULL; ((PKSEC_LIST_ENTRY) Entry)->RefCount = 1; ((PKSEC_LIST_ENTRY) Entry)->Signature = SigValue; ((PKSEC_LIST_ENTRY) Entry)->OwningList = NULL; ((PKSEC_LIST_ENTRY) Entry)->Reserved = NULL;
    670 
    671   typedef PVOID (SEC_ENTRY KSEC_CREATE_CONTEXT_LIST)(KSEC_CONTEXT_TYPE Type);
    672   typedef VOID (SEC_ENTRY KSEC_INSERT_LIST_ENTRY)(PVOID List,PKSEC_LIST_ENTRY Entry);
    673   typedef NTSTATUS (SEC_ENTRY KSEC_REFERENCE_LIST_ENTRY)(PKSEC_LIST_ENTRY Entry,ULONG Signature,BOOLEAN RemoveNoRef);
    674   typedef VOID (SEC_ENTRY KSEC_DEREFERENCE_LIST_ENTRY)(PKSEC_LIST_ENTRY Entry,BOOLEAN *Delete);
    675   typedef NTSTATUS (SEC_ENTRY KSEC_SERIALIZE_WINNT_AUTH_DATA)(PVOID pvAuthData,PULONG Size,PVOID *SerializedData);
    676   typedef NTSTATUS (SEC_ENTRY KSEC_SERIALIZE_SCHANNEL_AUTH_DATA)(PVOID pvAuthData,PULONG Size,PVOID *SerializedData);
    677 
    678   KSEC_CREATE_CONTEXT_LIST KSecCreateContextList;
    679   KSEC_INSERT_LIST_ENTRY KSecInsertListEntry;
    680   KSEC_REFERENCE_LIST_ENTRY KSecReferenceListEntry;
    681   KSEC_DEREFERENCE_LIST_ENTRY KSecDereferenceListEntry;
    682   KSEC_SERIALIZE_WINNT_AUTH_DATA KSecSerializeWinntAuthData;
    683   KSEC_SERIALIZE_SCHANNEL_AUTH_DATA KSecSerializeSchannelAuthData;
    684 
    685   typedef KSEC_CREATE_CONTEXT_LIST *PKSEC_CREATE_CONTEXT_LIST;
    686   typedef KSEC_INSERT_LIST_ENTRY *PKSEC_INSERT_LIST_ENTRY;
    687   typedef KSEC_REFERENCE_LIST_ENTRY *PKSEC_REFERENCE_LIST_ENTRY;
    688   typedef KSEC_DEREFERENCE_LIST_ENTRY *PKSEC_DEREFERENCE_LIST_ENTRY;
    689   typedef KSEC_SERIALIZE_WINNT_AUTH_DATA *PKSEC_SERIALIZE_WINNT_AUTH_DATA;
    690   typedef KSEC_SERIALIZE_SCHANNEL_AUTH_DATA *PKSEC_SERIALIZE_SCHANNEL_AUTH_DATA;
    691 
    692   typedef struct _SECPKG_KERNEL_FUNCTIONS {
    693     PLSA_ALLOCATE_LSA_HEAP AllocateHeap;
    694     PLSA_FREE_LSA_HEAP FreeHeap;
    695     PKSEC_CREATE_CONTEXT_LIST CreateContextList;
    696     PKSEC_INSERT_LIST_ENTRY InsertListEntry;
    697     PKSEC_REFERENCE_LIST_ENTRY ReferenceListEntry;
    698     PKSEC_DEREFERENCE_LIST_ENTRY DereferenceListEntry;
    699     PKSEC_SERIALIZE_WINNT_AUTH_DATA SerializeWinntAuthData;
    700     PKSEC_SERIALIZE_SCHANNEL_AUTH_DATA SerializeSchannelAuthData;
    701   } SECPKG_KERNEL_FUNCTIONS,*PSECPKG_KERNEL_FUNCTIONS;
    702 
    703   typedef NTSTATUS (NTAPI KspInitPackageFn)(PSECPKG_KERNEL_FUNCTIONS FunctionTable);
    704   typedef NTSTATUS (NTAPI KspDeleteContextFn)(LSA_SEC_HANDLE ContextId,PLSA_SEC_HANDLE LsaContextId);
    705   typedef NTSTATUS (NTAPI KspInitContextFn)(LSA_SEC_HANDLE ContextId,PSecBuffer ContextData,PLSA_SEC_HANDLE NewContextId);
    706   typedef NTSTATUS (NTAPI KspMakeSignatureFn)(LSA_SEC_HANDLE ContextId,ULONG fQOP,PSecBufferDesc Message,ULONG MessageSeqNo);
    707   typedef NTSTATUS (NTAPI KspVerifySignatureFn)(LSA_SEC_HANDLE ContextId,PSecBufferDesc Message,ULONG MessageSeqNo,PULONG pfQOP);
    708   typedef NTSTATUS (NTAPI KspSealMessageFn)(LSA_SEC_HANDLE ContextId,ULONG fQOP,PSecBufferDesc Message,ULONG MessageSeqNo);
    709   typedef NTSTATUS (NTAPI KspUnsealMessageFn)(LSA_SEC_HANDLE ContextId,PSecBufferDesc Message,ULONG MessageSeqNo,PULONG pfQOP);
    710   typedef NTSTATUS (NTAPI KspGetTokenFn)(LSA_SEC_HANDLE ContextId,PHANDLE ImpersonationToken,PACCESS_TOKEN *RawToken);
    711   typedef NTSTATUS (NTAPI KspQueryAttributesFn)(LSA_SEC_HANDLE ContextId,ULONG Attribute,PVOID Buffer);
    712   typedef NTSTATUS (NTAPI KspCompleteTokenFn)(LSA_SEC_HANDLE ContextId,PSecBufferDesc Token);
    713   typedef NTSTATUS (NTAPI KspMapHandleFn)(LSA_SEC_HANDLE ContextId,PLSA_SEC_HANDLE LsaContextId);
    714   typedef NTSTATUS (NTAPI KspSetPagingModeFn)(BOOLEAN PagingMode);
    715   typedef NTSTATUS (NTAPI KspSerializeAuthDataFn)(PVOID pvAuthData,PULONG Size,PVOID *SerializedData);
    716 
    717   typedef struct _SECPKG_KERNEL_FUNCTION_TABLE {
    718     KspInitPackageFn *Initialize;
    719     KspDeleteContextFn *DeleteContext;
    720     KspInitContextFn *InitContext;
    721     KspMapHandleFn *MapHandle;
    722     KspMakeSignatureFn *Sign;
    723     KspVerifySignatureFn *Verify;
    724     KspSealMessageFn *Seal;
    725     KspUnsealMessageFn *Unseal;
    726     KspGetTokenFn *GetToken;
    727     KspQueryAttributesFn *QueryAttributes;
    728     KspCompleteTokenFn *CompleteToken;
    729     SpExportSecurityContextFn *ExportContext;
    730     SpImportSecurityContextFn *ImportContext;
    731     KspSetPagingModeFn *SetPackagePagingMode;
    732     KspSerializeAuthDataFn *SerializeAuthData;
    733   } SECPKG_KERNEL_FUNCTION_TABLE,*PSECPKG_KERNEL_FUNCTION_TABLE;
    734 
    735   SECURITY_STATUS SEC_ENTRY KSecRegisterSecurityProvider(PSECURITY_STRING ProviderName,PSECPKG_KERNEL_FUNCTION_TABLE Table);
    736 
    737   extern SECPKG_KERNEL_FUNCTIONS KspKernelFunctions;
    738 
    739 #ifdef __cplusplus
    740 }
    741 #endif
    742 #endif
    743