1 /** 2 * This file has no copyright assigned and is placed in the Public Domain. 3 * This file is part of the mingw-w64 runtime package. 4 * No warranty is given; refer to the file DISCLAIMER.PD within this package. 5 */ 6 #ifndef _NTSECAPI_ 7 #define _NTSECAPI_ 8 9 #ifdef __cplusplus 10 extern "C" { 11 #endif 12 13 #if !defined (_NTDEF_) && !defined (_NTSTATUS_PSDK) 14 #define _NTSTATUS_PSDK 15 typedef LONG NTSTATUS,*PNTSTATUS; 16 #endif 17 18 #ifndef _NTLSA_IFS_ 19 typedef ULONG LSA_OPERATIONAL_MODE,*PLSA_OPERATIONAL_MODE; 20 #endif 21 22 #define LSA_MODE_PASSWORD_PROTECTED (__MSABI_LONG(0x00000001)) 23 #define LSA_MODE_INDIVIDUAL_ACCOUNTS (__MSABI_LONG(0x00000002)) 24 #define LSA_MODE_MANDATORY_ACCESS (__MSABI_LONG(0x00000004)) 25 #define LSA_MODE_LOG_FULL (__MSABI_LONG(0x00000008)) 26 27 #ifndef _NTLSA_IFS_ 28 typedef enum _SECURITY_LOGON_TYPE { 29 Interactive = 2,Network,Batch,Service,Proxy,Unlock,NetworkCleartext,NewCredentials,RemoteInteractive,CachedInteractive, 30 CachedRemoteInteractive,CachedUnlock 31 } SECURITY_LOGON_TYPE,*PSECURITY_LOGON_TYPE; 32 #endif 33 34 #ifndef _NTLSA_IFS_ 35 36 #ifndef _NTLSA_AUDIT_ 37 #define _NTLSA_AUDIT_ 38 39 typedef enum _SE_ADT_PARAMETER_TYPE { 40 SeAdtParmTypeNone = 0,SeAdtParmTypeString,SeAdtParmTypeFileSpec,SeAdtParmTypeUlong,SeAdtParmTypeSid,SeAdtParmTypeLogonId, 41 SeAdtParmTypeNoLogonId,SeAdtParmTypeAccessMask,SeAdtParmTypePrivs,SeAdtParmTypeObjectTypes,SeAdtParmTypeHexUlong,SeAdtParmTypePtr, 42 SeAdtParmTypeTime,SeAdtParmTypeGuid,SeAdtParmTypeLuid,SeAdtParmTypeHexInt64,SeAdtParmTypeStringList,SeAdtParmTypeSidList, 43 SeAdtParmTypeDuration,SeAdtParmTypeUserAccountControl,SeAdtParmTypeNoUac,SeAdtParmTypeMessage,SeAdtParmTypeDateTime,SeAdtParmTypeSockAddr 44 } SE_ADT_PARAMETER_TYPE,*PSE_ADT_PARAMETER_TYPE; 45 46 #include <guiddef.h> 47 48 #define SE_ADT_OBJECT_ONLY 0x1 49 50 typedef struct _SE_ADT_OBJECT_TYPE { 51 GUID ObjectType; 52 USHORT Flags; 53 USHORT Level; 54 ACCESS_MASK AccessMask; 55 } SE_ADT_OBJECT_TYPE,*PSE_ADT_OBJECT_TYPE; 56 57 typedef struct _SE_ADT_PARAMETER_ARRAY_ENTRY { 58 SE_ADT_PARAMETER_TYPE Type; 59 ULONG Length; 60 ULONG_PTR Data[2]; 61 PVOID Address; 62 } SE_ADT_PARAMETER_ARRAY_ENTRY,*PSE_ADT_PARAMETER_ARRAY_ENTRY; 63 64 #define SE_MAX_AUDIT_PARAMETERS 32 65 #define SE_MAX_GENERIC_AUDIT_PARAMETERS 28 66 67 typedef struct _SE_ADT_PARAMETER_ARRAY { 68 ULONG CategoryId; 69 ULONG AuditId; 70 ULONG ParameterCount; 71 ULONG Length; 72 USHORT Type; 73 ULONG Flags; 74 SE_ADT_PARAMETER_ARRAY_ENTRY Parameters[SE_MAX_AUDIT_PARAMETERS ]; 75 } SE_ADT_PARAMETER_ARRAY,*PSE_ADT_PARAMETER_ARRAY; 76 77 #define SE_ADT_PARAMETERS_SELF_RELATIVE 0x00000001 78 #endif 79 #endif 80 81 typedef enum _POLICY_AUDIT_EVENT_TYPE { 82 AuditCategorySystem = 0,AuditCategoryLogon,AuditCategoryObjectAccess,AuditCategoryPrivilegeUse,AuditCategoryDetailedTracking, 83 AuditCategoryPolicyChange,AuditCategoryAccountManagement,AuditCategoryDirectoryServiceAccess,AuditCategoryAccountLogon 84 } POLICY_AUDIT_EVENT_TYPE,*PPOLICY_AUDIT_EVENT_TYPE; 85 86 #define POLICY_AUDIT_EVENT_UNCHANGED (__MSABI_LONG(0x00000000)) 87 #define POLICY_AUDIT_EVENT_SUCCESS (__MSABI_LONG(0x00000001)) 88 #define POLICY_AUDIT_EVENT_FAILURE (__MSABI_LONG(0x00000002)) 89 #define POLICY_AUDIT_EVENT_NONE (__MSABI_LONG(0x00000004)) 90 #define POLICY_AUDIT_EVENT_MASK (POLICY_AUDIT_EVENT_SUCCESS | POLICY_AUDIT_EVENT_FAILURE | POLICY_AUDIT_EVENT_UNCHANGED | POLICY_AUDIT_EVENT_NONE) 91 92 #ifdef _NTDEF_ 93 typedef UNICODE_STRING LSA_UNICODE_STRING,*PLSA_UNICODE_STRING; 94 typedef STRING LSA_STRING,*PLSA_STRING; 95 typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES,*PLSA_OBJECT_ATTRIBUTES; 96 #else 97 98 #ifndef _NO_W32_PSEUDO_MODIFIERS 99 #ifndef IN 100 #define IN 101 #endif 102 #ifndef OUT 103 #define OUT 104 #endif 105 #ifndef OPTIONAL 106 #define OPTIONAL 107 #endif 108 #endif 109 110 typedef struct _LSA_UNICODE_STRING { 111 USHORT Length; 112 USHORT MaximumLength; 113 PWSTR Buffer; 114 } LSA_UNICODE_STRING,*PLSA_UNICODE_STRING; 115 116 typedef struct _LSA_STRING { 117 USHORT Length; 118 USHORT MaximumLength; 119 PCHAR Buffer; 120 } LSA_STRING,*PLSA_STRING; 121 122 typedef struct _LSA_OBJECT_ATTRIBUTES { 123 ULONG Length; 124 HANDLE RootDirectory; 125 PLSA_UNICODE_STRING ObjectName; 126 ULONG Attributes; 127 PVOID SecurityDescriptor; 128 PVOID SecurityQualityOfService; 129 } LSA_OBJECT_ATTRIBUTES,*PLSA_OBJECT_ATTRIBUTES; 130 #endif 131 132 #define LSA_SUCCESS(Error) ((LONG)(Error) >= 0) 133 134 #ifndef _NTLSA_IFS_ 135 NTSTATUS NTAPI LsaRegisterLogonProcess(PLSA_STRING LogonProcessName,PHANDLE LsaHandle,PLSA_OPERATIONAL_MODE SecurityMode); 136 NTSTATUS NTAPI LsaLogonUser(HANDLE LsaHandle,PLSA_STRING OriginName,SECURITY_LOGON_TYPE LogonType,ULONG AuthenticationPackage,PVOID AuthenticationInformation,ULONG AuthenticationInformationLength,PTOKEN_GROUPS LocalGroups,PTOKEN_SOURCE SourceContext,PVOID *ProfileBuffer,PULONG ProfileBufferLength,PLUID LogonId,PHANDLE Token,PQUOTA_LIMITS Quotas,PNTSTATUS SubStatus); 137 NTSTATUS NTAPI LsaLookupAuthenticationPackage(HANDLE LsaHandle,PLSA_STRING PackageName,PULONG AuthenticationPackage); 138 NTSTATUS NTAPI LsaFreeReturnBuffer (PVOID Buffer); 139 NTSTATUS NTAPI LsaCallAuthenticationPackage(HANDLE LsaHandle,ULONG AuthenticationPackage,PVOID ProtocolSubmitBuffer,ULONG SubmitBufferLength,PVOID *ProtocolReturnBuffer,PULONG ReturnBufferLength,PNTSTATUS ProtocolStatus); 140 NTSTATUS NTAPI LsaDeregisterLogonProcess(HANDLE LsaHandle); 141 NTSTATUS NTAPI LsaConnectUntrusted(PHANDLE LsaHandle); 142 #endif 143 144 #define POLICY_VIEW_LOCAL_INFORMATION __MSABI_LONG(0x00000001) 145 #define POLICY_VIEW_AUDIT_INFORMATION __MSABI_LONG(0x00000002) 146 #define POLICY_GET_PRIVATE_INFORMATION __MSABI_LONG(0x00000004) 147 #define POLICY_TRUST_ADMIN __MSABI_LONG(0x00000008) 148 #define POLICY_CREATE_ACCOUNT __MSABI_LONG(0x00000010) 149 #define POLICY_CREATE_SECRET __MSABI_LONG(0x00000020) 150 #define POLICY_CREATE_PRIVILEGE __MSABI_LONG(0x00000040) 151 #define POLICY_SET_DEFAULT_QUOTA_LIMITS __MSABI_LONG(0x00000080) 152 #define POLICY_SET_AUDIT_REQUIREMENTS __MSABI_LONG(0x00000100) 153 #define POLICY_AUDIT_LOG_ADMIN __MSABI_LONG(0x00000200) 154 #define POLICY_SERVER_ADMIN __MSABI_LONG(0x00000400) 155 #define POLICY_LOOKUP_NAMES __MSABI_LONG(0x00000800) 156 #define POLICY_NOTIFICATION __MSABI_LONG(0x00001000) 157 158 #define POLICY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | POLICY_VIEW_LOCAL_INFORMATION | POLICY_VIEW_AUDIT_INFORMATION | POLICY_GET_PRIVATE_INFORMATION | POLICY_TRUST_ADMIN | POLICY_CREATE_ACCOUNT | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE | POLICY_SET_DEFAULT_QUOTA_LIMITS | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN | POLICY_SERVER_ADMIN | POLICY_LOOKUP_NAMES) 159 #define POLICY_READ (STANDARD_RIGHTS_READ | POLICY_VIEW_AUDIT_INFORMATION | POLICY_GET_PRIVATE_INFORMATION) 160 #define POLICY_WRITE (STANDARD_RIGHTS_WRITE | POLICY_TRUST_ADMIN | POLICY_CREATE_ACCOUNT | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE | POLICY_SET_DEFAULT_QUOTA_LIMITS | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN | POLICY_SERVER_ADMIN) 161 #define POLICY_EXECUTE (STANDARD_RIGHTS_EXECUTE | POLICY_VIEW_LOCAL_INFORMATION | POLICY_LOOKUP_NAMES) 162 163 typedef struct _LSA_TRUST_INFORMATION { 164 LSA_UNICODE_STRING Name; 165 PSID Sid; 166 } LSA_TRUST_INFORMATION,*PLSA_TRUST_INFORMATION; 167 168 typedef struct _LSA_REFERENCED_DOMAIN_LIST { 169 ULONG Entries; 170 PLSA_TRUST_INFORMATION Domains; 171 } LSA_REFERENCED_DOMAIN_LIST,*PLSA_REFERENCED_DOMAIN_LIST; 172 173 typedef struct _LSA_TRANSLATED_SID { 174 SID_NAME_USE Use; 175 ULONG RelativeId; 176 LONG DomainIndex; 177 } LSA_TRANSLATED_SID,*PLSA_TRANSLATED_SID; 178 179 typedef struct _LSA_TRANSLATED_SID2 { 180 SID_NAME_USE Use; 181 PSID Sid; 182 LONG DomainIndex; 183 ULONG Flags; 184 } LSA_TRANSLATED_SID2,*PLSA_TRANSLATED_SID2; 185 186 typedef struct _LSA_TRANSLATED_NAME { 187 SID_NAME_USE Use; 188 LSA_UNICODE_STRING Name; 189 LONG DomainIndex; 190 } LSA_TRANSLATED_NAME,*PLSA_TRANSLATED_NAME; 191 192 typedef enum _POLICY_LSA_SERVER_ROLE { 193 PolicyServerRoleBackup = 2,PolicyServerRolePrimary 194 } POLICY_LSA_SERVER_ROLE,*PPOLICY_LSA_SERVER_ROLE; 195 196 typedef ULONG POLICY_AUDIT_EVENT_OPTIONS,*PPOLICY_AUDIT_EVENT_OPTIONS; 197 198 typedef enum _POLICY_INFORMATION_CLASS { 199 PolicyAuditLogInformation = 1,PolicyAuditEventsInformation,PolicyPrimaryDomainInformation,PolicyPdAccountInformation, 200 PolicyAccountDomainInformation,PolicyLsaServerRoleInformation,PolicyReplicaSourceInformation,PolicyDefaultQuotaInformation, 201 PolicyModificationInformation,PolicyAuditFullSetInformation,PolicyAuditFullQueryInformation,PolicyDnsDomainInformation, 202 PolicyDnsDomainInformationInt 203 } POLICY_INFORMATION_CLASS,*PPOLICY_INFORMATION_CLASS; 204 205 typedef struct _POLICY_AUDIT_LOG_INFO { 206 ULONG AuditLogPercentFull; 207 ULONG MaximumLogSize; 208 LARGE_INTEGER AuditRetentionPeriod; 209 BOOLEAN AuditLogFullShutdownInProgress; 210 LARGE_INTEGER TimeToShutdown; 211 ULONG NextAuditRecordId; 212 } POLICY_AUDIT_LOG_INFO,*PPOLICY_AUDIT_LOG_INFO; 213 214 typedef struct _POLICY_AUDIT_EVENTS_INFO { 215 BOOLEAN AuditingMode; 216 PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions; 217 ULONG MaximumAuditEventCount; 218 } POLICY_AUDIT_EVENTS_INFO,*PPOLICY_AUDIT_EVENTS_INFO; 219 220 typedef struct _POLICY_ACCOUNT_DOMAIN_INFO { 221 LSA_UNICODE_STRING DomainName; 222 PSID DomainSid; 223 } POLICY_ACCOUNT_DOMAIN_INFO,*PPOLICY_ACCOUNT_DOMAIN_INFO; 224 225 typedef struct _POLICY_PRIMARY_DOMAIN_INFO { 226 LSA_UNICODE_STRING Name; 227 PSID Sid; 228 } POLICY_PRIMARY_DOMAIN_INFO,*PPOLICY_PRIMARY_DOMAIN_INFO; 229 230 typedef struct _POLICY_DNS_DOMAIN_INFO { 231 LSA_UNICODE_STRING Name; 232 LSA_UNICODE_STRING DnsDomainName; 233 LSA_UNICODE_STRING DnsForestName; 234 GUID DomainGuid; 235 PSID Sid; 236 } POLICY_DNS_DOMAIN_INFO,*PPOLICY_DNS_DOMAIN_INFO; 237 238 typedef struct _POLICY_PD_ACCOUNT_INFO { 239 LSA_UNICODE_STRING Name; 240 } POLICY_PD_ACCOUNT_INFO,*PPOLICY_PD_ACCOUNT_INFO; 241 242 typedef struct _POLICY_LSA_SERVER_ROLE_INFO { 243 POLICY_LSA_SERVER_ROLE LsaServerRole; 244 } POLICY_LSA_SERVER_ROLE_INFO,*PPOLICY_LSA_SERVER_ROLE_INFO; 245 246 typedef struct _POLICY_REPLICA_SOURCE_INFO { 247 LSA_UNICODE_STRING ReplicaSource; 248 LSA_UNICODE_STRING ReplicaAccountName; 249 } POLICY_REPLICA_SOURCE_INFO,*PPOLICY_REPLICA_SOURCE_INFO; 250 251 typedef struct _POLICY_DEFAULT_QUOTA_INFO { 252 QUOTA_LIMITS QuotaLimits; 253 } POLICY_DEFAULT_QUOTA_INFO,*PPOLICY_DEFAULT_QUOTA_INFO; 254 255 typedef struct _POLICY_MODIFICATION_INFO { 256 LARGE_INTEGER ModifiedId; 257 LARGE_INTEGER DatabaseCreationTime; 258 } POLICY_MODIFICATION_INFO,*PPOLICY_MODIFICATION_INFO; 259 260 typedef struct _POLICY_AUDIT_FULL_SET_INFO { 261 BOOLEAN ShutDownOnFull; 262 } POLICY_AUDIT_FULL_SET_INFO,*PPOLICY_AUDIT_FULL_SET_INFO; 263 264 typedef struct _POLICY_AUDIT_FULL_QUERY_INFO { 265 BOOLEAN ShutDownOnFull; 266 BOOLEAN LogIsFull; 267 } POLICY_AUDIT_FULL_QUERY_INFO,*PPOLICY_AUDIT_FULL_QUERY_INFO; 268 269 typedef enum _POLICY_DOMAIN_INFORMATION_CLASS { 270 PolicyDomainEfsInformation = 2,PolicyDomainKerberosTicketInformation 271 } POLICY_DOMAIN_INFORMATION_CLASS,*PPOLICY_DOMAIN_INFORMATION_CLASS; 272 273 typedef struct _POLICY_DOMAIN_EFS_INFO { 274 ULONG InfoLength; 275 PUCHAR EfsBlob; 276 } POLICY_DOMAIN_EFS_INFO,*PPOLICY_DOMAIN_EFS_INFO; 277 278 #define POLICY_KERBEROS_VALIDATE_CLIENT 0x00000080 279 280 typedef struct _POLICY_DOMAIN_KERBEROS_TICKET_INFO { 281 ULONG AuthenticationOptions; 282 LARGE_INTEGER MaxServiceTicketAge; 283 LARGE_INTEGER MaxTicketAge; 284 LARGE_INTEGER MaxRenewAge; 285 LARGE_INTEGER MaxClockSkew; 286 LARGE_INTEGER Reserved; 287 } POLICY_DOMAIN_KERBEROS_TICKET_INFO,*PPOLICY_DOMAIN_KERBEROS_TICKET_INFO; 288 289 typedef enum _POLICY_NOTIFICATION_INFORMATION_CLASS { 290 PolicyNotifyAuditEventsInformation = 1,PolicyNotifyAccountDomainInformation,PolicyNotifyServerRoleInformation,PolicyNotifyDnsDomainInformation, 291 PolicyNotifyDomainEfsInformation,PolicyNotifyDomainKerberosTicketInformation,PolicyNotifyMachineAccountPasswordInformation 292 } POLICY_NOTIFICATION_INFORMATION_CLASS,*PPOLICY_NOTIFICATION_INFORMATION_CLASS; 293 294 typedef PVOID LSA_HANDLE,*PLSA_HANDLE; 295 296 typedef enum _TRUSTED_INFORMATION_CLASS { 297 TrustedDomainNameInformation = 1,TrustedControllersInformation,TrustedPosixOffsetInformation,TrustedPasswordInformation, 298 TrustedDomainInformationBasic,TrustedDomainInformationEx,TrustedDomainAuthInformation,TrustedDomainFullInformation, 299 TrustedDomainAuthInformationInternal,TrustedDomainFullInformationInternal,TrustedDomainInformationEx2Internal,TrustedDomainFullInformation2Internal 300 } TRUSTED_INFORMATION_CLASS,*PTRUSTED_INFORMATION_CLASS; 301 302 typedef struct _TRUSTED_DOMAIN_NAME_INFO { 303 LSA_UNICODE_STRING Name; 304 } TRUSTED_DOMAIN_NAME_INFO,*PTRUSTED_DOMAIN_NAME_INFO; 305 306 typedef struct _TRUSTED_CONTROLLERS_INFO { 307 ULONG Entries; 308 PLSA_UNICODE_STRING Names; 309 } TRUSTED_CONTROLLERS_INFO,*PTRUSTED_CONTROLLERS_INFO; 310 311 typedef struct _TRUSTED_POSIX_OFFSET_INFO { 312 ULONG Offset; 313 } TRUSTED_POSIX_OFFSET_INFO,*PTRUSTED_POSIX_OFFSET_INFO; 314 315 typedef struct _TRUSTED_PASSWORD_INFO { 316 LSA_UNICODE_STRING Password; 317 LSA_UNICODE_STRING OldPassword; 318 } TRUSTED_PASSWORD_INFO,*PTRUSTED_PASSWORD_INFO; 319 320 typedef LSA_TRUST_INFORMATION TRUSTED_DOMAIN_INFORMATION_BASIC; 321 typedef PLSA_TRUST_INFORMATION PTRUSTED_DOMAIN_INFORMATION_BASIC; 322 323 #define TRUST_DIRECTION_DISABLED 0x00000000 324 #define TRUST_DIRECTION_INBOUND 0x00000001 325 #define TRUST_DIRECTION_OUTBOUND 0x00000002 326 #define TRUST_DIRECTION_BIDIRECTIONAL (TRUST_DIRECTION_INBOUND | TRUST_DIRECTION_OUTBOUND) 327 328 #define TRUST_TYPE_DOWNLEVEL 0x00000001 329 #define TRUST_TYPE_UPLEVEL 0x00000002 330 #define TRUST_TYPE_MIT 0x00000003 331 332 #define TRUST_ATTRIBUTE_NON_TRANSITIVE 0x00000001 333 #define TRUST_ATTRIBUTE_UPLEVEL_ONLY 0x00000002 334 #define TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0x00000004 335 #define TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0x00000008 336 #define TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0x00000010 337 #define TRUST_ATTRIBUTE_WITHIN_FOREST 0x00000020 338 #define TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0x00000040 339 #define TRUST_ATTRIBUTE_TRUST_USES_RC4_ENCRYPTION 0x00000080 340 341 #define TRUST_ATTRIBUTES_VALID 0xFF03FFFF 342 #define TRUST_ATTRIBUTES_USER 0xFF000000 343 344 typedef struct _TRUSTED_DOMAIN_INFORMATION_EX { 345 LSA_UNICODE_STRING Name; 346 LSA_UNICODE_STRING FlatName; 347 PSID Sid; 348 ULONG TrustDirection; 349 ULONG TrustType; 350 ULONG TrustAttributes; 351 } TRUSTED_DOMAIN_INFORMATION_EX,*PTRUSTED_DOMAIN_INFORMATION_EX; 352 353 typedef struct _TRUSTED_DOMAIN_INFORMATION_EX2 { 354 LSA_UNICODE_STRING Name; 355 LSA_UNICODE_STRING FlatName; 356 PSID Sid; 357 ULONG TrustDirection; 358 ULONG TrustType; 359 ULONG TrustAttributes; 360 ULONG ForestTrustLength; 361 PUCHAR ForestTrustInfo; 362 } TRUSTED_DOMAIN_INFORMATION_EX2,*PTRUSTED_DOMAIN_INFORMATION_EX2; 363 364 #define TRUST_AUTH_TYPE_NONE 0 365 #define TRUST_AUTH_TYPE_NT4OWF 1 366 #define TRUST_AUTH_TYPE_CLEAR 2 367 #define TRUST_AUTH_TYPE_VERSION 3 368 369 typedef struct _LSA_AUTH_INFORMATION { 370 LARGE_INTEGER LastUpdateTime; 371 ULONG AuthType; 372 ULONG AuthInfoLength; 373 PUCHAR AuthInfo; 374 } LSA_AUTH_INFORMATION,*PLSA_AUTH_INFORMATION; 375 376 typedef struct _TRUSTED_DOMAIN_AUTH_INFORMATION { 377 ULONG IncomingAuthInfos; 378 PLSA_AUTH_INFORMATION IncomingAuthenticationInformation; 379 PLSA_AUTH_INFORMATION IncomingPreviousAuthenticationInformation; 380 ULONG OutgoingAuthInfos; 381 PLSA_AUTH_INFORMATION OutgoingAuthenticationInformation; 382 PLSA_AUTH_INFORMATION OutgoingPreviousAuthenticationInformation; 383 } TRUSTED_DOMAIN_AUTH_INFORMATION,*PTRUSTED_DOMAIN_AUTH_INFORMATION; 384 385 typedef struct _TRUSTED_DOMAIN_FULL_INFORMATION { 386 TRUSTED_DOMAIN_INFORMATION_EX Information; 387 TRUSTED_POSIX_OFFSET_INFO PosixOffset; 388 TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation; 389 } TRUSTED_DOMAIN_FULL_INFORMATION,*PTRUSTED_DOMAIN_FULL_INFORMATION; 390 391 typedef struct _TRUSTED_DOMAIN_FULL_INFORMATION2 { 392 TRUSTED_DOMAIN_INFORMATION_EX2 Information; 393 TRUSTED_POSIX_OFFSET_INFO PosixOffset; 394 TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation; 395 } TRUSTED_DOMAIN_FULL_INFORMATION2,*PTRUSTED_DOMAIN_FULL_INFORMATION2; 396 397 typedef enum { 398 ForestTrustTopLevelName,ForestTrustTopLevelNameEx,ForestTrustDomainInfo,ForestTrustRecordTypeLast = ForestTrustDomainInfo 399 } LSA_FOREST_TRUST_RECORD_TYPE; 400 401 #define LSA_FTRECORD_DISABLED_REASONS (__MSABI_LONG(0x0000FFFF)) 402 403 #define LSA_TLN_DISABLED_NEW (__MSABI_LONG(0x00000001)) 404 #define LSA_TLN_DISABLED_ADMIN (__MSABI_LONG(0x00000002)) 405 #define LSA_TLN_DISABLED_CONFLICT (__MSABI_LONG(0x00000004)) 406 407 #define LSA_SID_DISABLED_ADMIN (__MSABI_LONG(0x00000001)) 408 #define LSA_SID_DISABLED_CONFLICT (__MSABI_LONG(0x00000002)) 409 #define LSA_NB_DISABLED_ADMIN (__MSABI_LONG(0x00000004)) 410 #define LSA_NB_DISABLED_CONFLICT (__MSABI_LONG(0x00000008)) 411 412 typedef struct _LSA_FOREST_TRUST_DOMAIN_INFO { 413 PSID Sid; 414 LSA_UNICODE_STRING DnsName; 415 LSA_UNICODE_STRING NetbiosName; 416 } LSA_FOREST_TRUST_DOMAIN_INFO,*PLSA_FOREST_TRUST_DOMAIN_INFO; 417 418 #define MAX_FOREST_TRUST_BINARY_DATA_SIZE (128*1024) 419 420 typedef struct _LSA_FOREST_TRUST_BINARY_DATA { 421 ULONG Length; 422 PUCHAR Buffer; 423 } LSA_FOREST_TRUST_BINARY_DATA,*PLSA_FOREST_TRUST_BINARY_DATA; 424 425 typedef struct _LSA_FOREST_TRUST_RECORD { 426 ULONG Flags; 427 LSA_FOREST_TRUST_RECORD_TYPE ForestTrustType; 428 LARGE_INTEGER Time; 429 union { 430 LSA_UNICODE_STRING TopLevelName; 431 LSA_FOREST_TRUST_DOMAIN_INFO DomainInfo; 432 LSA_FOREST_TRUST_BINARY_DATA Data; 433 } ForestTrustData; 434 } LSA_FOREST_TRUST_RECORD,*PLSA_FOREST_TRUST_RECORD; 435 436 #define MAX_RECORDS_IN_FOREST_TRUST_INFO 4000 437 438 typedef struct _LSA_FOREST_TRUST_INFORMATION { 439 ULONG RecordCount; 440 PLSA_FOREST_TRUST_RECORD *Entries; 441 } LSA_FOREST_TRUST_INFORMATION,*PLSA_FOREST_TRUST_INFORMATION; 442 443 typedef enum { 444 CollisionTdo,CollisionXref,CollisionOther 445 } LSA_FOREST_TRUST_COLLISION_RECORD_TYPE; 446 447 typedef struct _LSA_FOREST_TRUST_COLLISION_RECORD { 448 ULONG Index; 449 LSA_FOREST_TRUST_COLLISION_RECORD_TYPE Type; 450 ULONG Flags; 451 LSA_UNICODE_STRING Name; 452 } LSA_FOREST_TRUST_COLLISION_RECORD,*PLSA_FOREST_TRUST_COLLISION_RECORD; 453 454 typedef struct _LSA_FOREST_TRUST_COLLISION_INFORMATION { 455 ULONG RecordCount; 456 PLSA_FOREST_TRUST_COLLISION_RECORD *Entries; 457 } LSA_FOREST_TRUST_COLLISION_INFORMATION,*PLSA_FOREST_TRUST_COLLISION_INFORMATION; 458 459 typedef ULONG LSA_ENUMERATION_HANDLE,*PLSA_ENUMERATION_HANDLE; 460 461 typedef struct _LSA_ENUMERATION_INFORMATION { 462 PSID Sid; 463 } LSA_ENUMERATION_INFORMATION,*PLSA_ENUMERATION_INFORMATION; 464 465 NTSTATUS NTAPI LsaFreeMemory(PVOID Buffer); 466 NTSTATUS NTAPI LsaClose(LSA_HANDLE ObjectHandle); 467 468 #if (_WIN32_WINNT >= 0x0600) 469 typedef struct _LSA_LAST_INTER_LOGON_INFO { 470 LARGE_INTEGER LastSuccessfulLogon; 471 LARGE_INTEGER LastFailedLogon; 472 ULONG FailedAttemptCountSinceLastSuccessfulLogon; 473 } LSA_LAST_INTER_LOGON_INFO,*PLSA_LAST_INTER_LOGON_INFO; 474 #endif 475 476 typedef struct _SECURITY_LOGON_SESSION_DATA { 477 ULONG Size; 478 LUID LogonId; 479 LSA_UNICODE_STRING UserName; 480 LSA_UNICODE_STRING LogonDomain; 481 LSA_UNICODE_STRING AuthenticationPackage; 482 ULONG LogonType; 483 ULONG Session; 484 PSID Sid; 485 LARGE_INTEGER LogonTime; 486 LSA_UNICODE_STRING LogonServer; 487 LSA_UNICODE_STRING DnsDomainName; 488 LSA_UNICODE_STRING Upn; 489 #if (_WIN32_WINNT >= 0x0600) 490 ULONG UserFlags; 491 LSA_LAST_INTER_LOGON_INFO LastLogonInfo; 492 LSA_UNICODE_STRING LogonScript; 493 LSA_UNICODE_STRING ProfilePath; 494 LSA_UNICODE_STRING HomeDirectory; 495 LSA_UNICODE_STRING HomeDirectoryDrive; 496 LARGE_INTEGER LogoffTime; 497 LARGE_INTEGER KickOffTime; 498 LARGE_INTEGER PasswordLastSet; 499 LARGE_INTEGER PasswordCanChange; 500 LARGE_INTEGER PasswordMustChange; 501 #endif 502 } SECURITY_LOGON_SESSION_DATA,*PSECURITY_LOGON_SESSION_DATA; 503 504 NTSTATUS NTAPI LsaEnumerateLogonSessions(PULONG LogonSessionCount,PLUID *LogonSessionList); 505 NTSTATUS NTAPI LsaGetLogonSessionData(PLUID LogonId,PSECURITY_LOGON_SESSION_DATA *ppLogonSessionData); 506 NTSTATUS NTAPI LsaOpenPolicy(PLSA_UNICODE_STRING SystemName,PLSA_OBJECT_ATTRIBUTES ObjectAttributes,ACCESS_MASK DesiredAccess,PLSA_HANDLE PolicyHandle); 507 NTSTATUS NTAPI LsaQueryInformationPolicy(LSA_HANDLE PolicyHandle,POLICY_INFORMATION_CLASS InformationClass,PVOID *Buffer); 508 NTSTATUS NTAPI LsaSetInformationPolicy(LSA_HANDLE PolicyHandle,POLICY_INFORMATION_CLASS InformationClass,PVOID Buffer); 509 NTSTATUS NTAPI LsaQueryDomainInformationPolicy(LSA_HANDLE PolicyHandle,POLICY_DOMAIN_INFORMATION_CLASS InformationClass,PVOID *Buffer); 510 NTSTATUS NTAPI LsaSetDomainInformationPolicy(LSA_HANDLE PolicyHandle,POLICY_DOMAIN_INFORMATION_CLASS InformationClass,PVOID Buffer); 511 NTSTATUS NTAPI LsaRegisterPolicyChangeNotification(POLICY_NOTIFICATION_INFORMATION_CLASS InformationClass,HANDLE NotificationEventHandle); 512 NTSTATUS NTAPI LsaUnregisterPolicyChangeNotification(POLICY_NOTIFICATION_INFORMATION_CLASS InformationClass,HANDLE NotificationEventHandle); 513 NTSTATUS NTAPI LsaEnumerateTrustedDomains(LSA_HANDLE PolicyHandle,PLSA_ENUMERATION_HANDLE EnumerationContext,PVOID *Buffer,ULONG PreferedMaximumLength,PULONG CountReturned); 514 NTSTATUS NTAPI LsaLookupNames(LSA_HANDLE PolicyHandle,ULONG Count,PLSA_UNICODE_STRING Names,PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,PLSA_TRANSLATED_SID *Sids); 515 NTSTATUS NTAPI LsaLookupNames2(LSA_HANDLE PolicyHandle,ULONG Flags,ULONG Count,PLSA_UNICODE_STRING Names,PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,PLSA_TRANSLATED_SID2 *Sids); 516 NTSTATUS NTAPI LsaLookupSids(LSA_HANDLE PolicyHandle,ULONG Count,PSID *Sids,PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,PLSA_TRANSLATED_NAME *Names); 517 518 #define SE_INTERACTIVE_LOGON_NAME TEXT("SeInteractiveLogonRight") 519 #define SE_NETWORK_LOGON_NAME TEXT("SeNetworkLogonRight") 520 #define SE_BATCH_LOGON_NAME TEXT("SeBatchLogonRight") 521 #define SE_SERVICE_LOGON_NAME TEXT("SeServiceLogonRight") 522 #define SE_DENY_INTERACTIVE_LOGON_NAME TEXT("SeDenyInteractiveLogonRight") 523 #define SE_DENY_NETWORK_LOGON_NAME TEXT("SeDenyNetworkLogonRight") 524 #define SE_DENY_BATCH_LOGON_NAME TEXT("SeDenyBatchLogonRight") 525 #define SE_DENY_SERVICE_LOGON_NAME TEXT("SeDenyServiceLogonRight") 526 #define SE_REMOTE_INTERACTIVE_LOGON_NAME TEXT("SeRemoteInteractiveLogonRight") 527 #define SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME TEXT("SeDenyRemoteInteractiveLogonRight") 528 529 NTSTATUS NTAPI LsaEnumerateAccountsWithUserRight(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING UserRight,PVOID *Buffer,PULONG CountReturned); 530 NTSTATUS NTAPI LsaEnumerateAccountRights(LSA_HANDLE PolicyHandle,PSID AccountSid,PLSA_UNICODE_STRING *UserRights,PULONG CountOfRights); 531 NTSTATUS NTAPI LsaAddAccountRights(LSA_HANDLE PolicyHandle,PSID AccountSid,PLSA_UNICODE_STRING UserRights,ULONG CountOfRights); 532 NTSTATUS NTAPI LsaRemoveAccountRights(LSA_HANDLE PolicyHandle,PSID AccountSid,BOOLEAN AllRights,PLSA_UNICODE_STRING UserRights,ULONG CountOfRights); 533 NTSTATUS NTAPI LsaOpenTrustedDomainByName(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,ACCESS_MASK DesiredAccess,PLSA_HANDLE TrustedDomainHandle); 534 NTSTATUS NTAPI LsaQueryTrustedDomainInfo(LSA_HANDLE PolicyHandle,PSID TrustedDomainSid,TRUSTED_INFORMATION_CLASS InformationClass,PVOID *Buffer); 535 NTSTATUS NTAPI LsaSetTrustedDomainInformation(LSA_HANDLE PolicyHandle,PSID TrustedDomainSid,TRUSTED_INFORMATION_CLASS InformationClass,PVOID Buffer); 536 NTSTATUS NTAPI LsaDeleteTrustedDomain(LSA_HANDLE PolicyHandle,PSID TrustedDomainSid); 537 NTSTATUS NTAPI LsaQueryTrustedDomainInfoByName(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,TRUSTED_INFORMATION_CLASS InformationClass,PVOID *Buffer); 538 NTSTATUS NTAPI LsaSetTrustedDomainInfoByName(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,TRUSTED_INFORMATION_CLASS InformationClass,PVOID Buffer); 539 NTSTATUS NTAPI LsaEnumerateTrustedDomainsEx(LSA_HANDLE PolicyHandle,PLSA_ENUMERATION_HANDLE EnumerationContext,PVOID *Buffer,ULONG PreferedMaximumLength,PULONG CountReturned); 540 NTSTATUS NTAPI LsaCreateTrustedDomainEx(LSA_HANDLE PolicyHandle,PTRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation,PTRUSTED_DOMAIN_AUTH_INFORMATION AuthenticationInformation,ACCESS_MASK DesiredAccess,PLSA_HANDLE TrustedDomainHandle); 541 NTSTATUS NTAPI LsaQueryForestTrustInformation(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,PLSA_FOREST_TRUST_INFORMATION *ForestTrustInfo); 542 NTSTATUS NTAPI LsaSetForestTrustInformation(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,PLSA_FOREST_TRUST_INFORMATION ForestTrustInfo,BOOLEAN CheckOnly,PLSA_FOREST_TRUST_COLLISION_INFORMATION *CollisionInfo); 543 544 #ifdef TESTING_MATCHING_ROUTINE 545 NTSTATUS NTAPI LsaForestTrustFindMatch(LSA_HANDLE PolicyHandle,ULONG Type,PLSA_UNICODE_STRING Name,PLSA_UNICODE_STRING *Match); 546 #endif 547 548 NTSTATUS NTAPI LsaStorePrivateData(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING KeyName,PLSA_UNICODE_STRING PrivateData); 549 NTSTATUS NTAPI LsaRetrievePrivateData(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING KeyName,PLSA_UNICODE_STRING *PrivateData); 550 ULONG NTAPI LsaNtStatusToWinError(NTSTATUS Status); 551 552 #ifndef _NTLSA_IFS_ 553 #define _NTLSA_IFS_ 554 #endif 555 556 enum NEGOTIATE_MESSAGES { 557 NegEnumPackagePrefixes = 0,NegGetCallerName = 1,NegCallPackageMax 558 }; 559 560 #define NEGOTIATE_MAX_PREFIX 32 561 562 typedef struct _NEGOTIATE_PACKAGE_PREFIX { 563 ULONG_PTR PackageId; 564 PVOID PackageDataA; 565 PVOID PackageDataW; 566 ULONG_PTR PrefixLen; 567 UCHAR Prefix[NEGOTIATE_MAX_PREFIX ]; 568 } NEGOTIATE_PACKAGE_PREFIX,*PNEGOTIATE_PACKAGE_PREFIX; 569 570 typedef struct _NEGOTIATE_PACKAGE_PREFIXES { 571 ULONG MessageType; 572 ULONG PrefixCount; 573 ULONG Offset; 574 ULONG Pad; 575 } NEGOTIATE_PACKAGE_PREFIXES,*PNEGOTIATE_PACKAGE_PREFIXES; 576 577 typedef struct _NEGOTIATE_CALLER_NAME_REQUEST { 578 ULONG MessageType; 579 LUID LogonId; 580 } NEGOTIATE_CALLER_NAME_REQUEST,*PNEGOTIATE_CALLER_NAME_REQUEST; 581 582 typedef struct _NEGOTIATE_CALLER_NAME_RESPONSE { 583 ULONG MessageType; 584 PWSTR CallerName; 585 } NEGOTIATE_CALLER_NAME_RESPONSE,*PNEGOTIATE_CALLER_NAME_RESPONSE; 586 587 #ifndef _NTDEF_ 588 #ifndef __UNICODE_STRING_DEFINED 589 #define __UNICODE_STRING_DEFINED 590 typedef LSA_UNICODE_STRING UNICODE_STRING,*PUNICODE_STRING; 591 #endif 592 #ifndef __STRING_DEFINED 593 #define __STRING_DEFINED 594 typedef LSA_STRING STRING,*PSTRING; 595 #endif 596 #endif 597 598 #ifndef _DOMAIN_PASSWORD_INFORMATION_DEFINED 599 #define _DOMAIN_PASSWORD_INFORMATION_DEFINED 600 typedef struct _DOMAIN_PASSWORD_INFORMATION { 601 USHORT MinPasswordLength; 602 USHORT PasswordHistoryLength; 603 ULONG PasswordProperties; 604 LARGE_INTEGER MaxPasswordAge; 605 LARGE_INTEGER MinPasswordAge; 606 } DOMAIN_PASSWORD_INFORMATION,*PDOMAIN_PASSWORD_INFORMATION; 607 #endif 608 609 #define DOMAIN_PASSWORD_COMPLEX __MSABI_LONG(0x00000001) 610 #define DOMAIN_PASSWORD_NO_ANON_CHANGE __MSABI_LONG(0x00000002) 611 #define DOMAIN_PASSWORD_NO_CLEAR_CHANGE __MSABI_LONG(0x00000004) 612 #define DOMAIN_LOCKOUT_ADMINS __MSABI_LONG(0x00000008) 613 #define DOMAIN_PASSWORD_STORE_CLEARTEXT __MSABI_LONG(0x00000010) 614 #define DOMAIN_REFUSE_PASSWORD_CHANGE __MSABI_LONG(0x00000020) 615 616 #ifndef _PASSWORD_NOTIFICATION_DEFINED 617 #define _PASSWORD_NOTIFICATION_DEFINED 618 typedef NTSTATUS (*PSAM_PASSWORD_NOTIFICATION_ROUTINE)(PUNICODE_STRING UserName,ULONG RelativeId,PUNICODE_STRING NewPassword); 619 620 #define SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE "PasswordChangeNotify" 621 622 typedef BOOLEAN (*PSAM_INIT_NOTIFICATION_ROUTINE)(); 623 624 #define SAM_INIT_NOTIFICATION_ROUTINE "InitializeChangeNotify" 625 #define SAM_PASSWORD_FILTER_ROUTINE "PasswordFilter" 626 627 typedef BOOLEAN (*PSAM_PASSWORD_FILTER_ROUTINE)(PUNICODE_STRING AccountName,PUNICODE_STRING FullName,PUNICODE_STRING Password,BOOLEAN SetOperation); 628 #endif 629 630 #define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" 631 #define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" 632 #define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR) 633 634 #define MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0" 635 #define MSV1_0_SUBAUTHENTICATION_VALUE "Auth" 636 637 typedef enum _MSV1_0_LOGON_SUBMIT_TYPE { 638 MsV1_0InteractiveLogon = 2,MsV1_0Lm20Logon,MsV1_0NetworkLogon,MsV1_0SubAuthLogon,MsV1_0WorkstationUnlockLogon = 7 639 } MSV1_0_LOGON_SUBMIT_TYPE,*PMSV1_0_LOGON_SUBMIT_TYPE; 640 641 typedef enum _MSV1_0_PROFILE_BUFFER_TYPE { 642 MsV1_0InteractiveProfile = 2,MsV1_0Lm20LogonProfile,MsV1_0SmartCardProfile 643 } MSV1_0_PROFILE_BUFFER_TYPE,*PMSV1_0_PROFILE_BUFFER_TYPE; 644 645 typedef struct _MSV1_0_INTERACTIVE_LOGON { 646 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 647 UNICODE_STRING LogonDomainName; 648 UNICODE_STRING UserName; 649 UNICODE_STRING Password; 650 } MSV1_0_INTERACTIVE_LOGON,*PMSV1_0_INTERACTIVE_LOGON; 651 652 typedef struct _MSV1_0_INTERACTIVE_PROFILE { 653 MSV1_0_PROFILE_BUFFER_TYPE MessageType; 654 USHORT LogonCount; 655 USHORT BadPasswordCount; 656 LARGE_INTEGER LogonTime; 657 LARGE_INTEGER LogoffTime; 658 LARGE_INTEGER KickOffTime; 659 LARGE_INTEGER PasswordLastSet; 660 LARGE_INTEGER PasswordCanChange; 661 LARGE_INTEGER PasswordMustChange; 662 UNICODE_STRING LogonScript; 663 UNICODE_STRING HomeDirectory; 664 UNICODE_STRING FullName; 665 UNICODE_STRING ProfilePath; 666 UNICODE_STRING HomeDirectoryDrive; 667 UNICODE_STRING LogonServer; 668 ULONG UserFlags; 669 } MSV1_0_INTERACTIVE_PROFILE,*PMSV1_0_INTERACTIVE_PROFILE; 670 671 #define MSV1_0_CHALLENGE_LENGTH 8 672 #define MSV1_0_USER_SESSION_KEY_LENGTH 16 673 #define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8 674 675 #define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x02 676 #define MSV1_0_UPDATE_LOGON_STATISTICS 0x04 677 #define MSV1_0_RETURN_USER_PARAMETERS 0x08 678 #define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10 679 #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20 680 #define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40 681 682 #define MSV1_0_USE_CLIENT_CHALLENGE 0x80 683 #define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100 684 #define MSV1_0_RETURN_PROFILE_PATH 0x200 685 #define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400 686 #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800 687 #define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000 688 #define MSV1_0_ALLOW_FORCE_GUEST 0x00002000 689 #define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0x00004000 690 #define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000 691 #define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000 692 #define MSV1_0_ALLOW_MSVCHAPV2 0x00010000 693 694 #define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000 695 #define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24 696 #define MSV1_0_MNS_LOGON 0x01000000 697 698 #define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2 699 #define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132 700 701 typedef struct _MSV1_0_LM20_LOGON { 702 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 703 UNICODE_STRING LogonDomainName; 704 UNICODE_STRING UserName; 705 UNICODE_STRING Workstation; 706 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 707 STRING CaseSensitiveChallengeResponse; 708 STRING CaseInsensitiveChallengeResponse; 709 ULONG ParameterControl; 710 } MSV1_0_LM20_LOGON,*PMSV1_0_LM20_LOGON; 711 712 typedef struct _MSV1_0_SUBAUTH_LOGON{ 713 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 714 UNICODE_STRING LogonDomainName; 715 UNICODE_STRING UserName; 716 UNICODE_STRING Workstation; 717 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 718 STRING AuthenticationInfo1; 719 STRING AuthenticationInfo2; 720 ULONG ParameterControl; 721 ULONG SubAuthPackageId; 722 } MSV1_0_SUBAUTH_LOGON,*PMSV1_0_SUBAUTH_LOGON; 723 724 #define LOGON_GUEST 0x01 725 #define LOGON_NOENCRYPTION 0x02 726 #define LOGON_CACHED_ACCOUNT 0x04 727 #define LOGON_USED_LM_PASSWORD 0x08 728 #define LOGON_EXTRA_SIDS 0x20 729 #define LOGON_SUBAUTH_SESSION_KEY 0x40 730 #define LOGON_SERVER_TRUST_ACCOUNT 0x80 731 #define LOGON_NTLMV2_ENABLED 0x100 732 #define LOGON_RESOURCE_GROUPS 0x200 733 #define LOGON_PROFILE_PATH_RETURNED 0x400 734 735 #define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000 736 737 #define LOGON_GRACE_LOGON 0x01000000 738 739 typedef struct _MSV1_0_LM20_LOGON_PROFILE { 740 MSV1_0_PROFILE_BUFFER_TYPE MessageType; 741 LARGE_INTEGER KickOffTime; 742 LARGE_INTEGER LogoffTime; 743 ULONG UserFlags; 744 UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]; 745 UNICODE_STRING LogonDomainName; 746 UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]; 747 UNICODE_STRING LogonServer; 748 UNICODE_STRING UserParameters; 749 } MSV1_0_LM20_LOGON_PROFILE,*PMSV1_0_LM20_LOGON_PROFILE; 750 751 #define MSV1_0_OWF_PASSWORD_LENGTH 16 752 #define MSV1_0_CRED_LM_PRESENT 0x1 753 #define MSV1_0_CRED_NT_PRESENT 0x2 754 #define MSV1_0_CRED_VERSION 0 755 756 typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL { 757 ULONG Version; 758 ULONG Flags; 759 UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH]; 760 UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH]; 761 } MSV1_0_SUPPLEMENTAL_CREDENTIAL,*PMSV1_0_SUPPLEMENTAL_CREDENTIAL; 762 763 #define MSV1_0_NTLM3_RESPONSE_LENGTH 16 764 #define MSV1_0_NTLM3_OWF_LENGTH 16 765 766 #define MSV1_0_MAX_NTLM3_LIFE 129600 767 #define MSV1_0_MAX_AVL_SIZE 64000 768 769 #define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001 770 771 typedef struct _MSV1_0_NTLM3_RESPONSE { 772 UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH]; 773 UCHAR RespType; 774 UCHAR HiRespType; 775 USHORT Flags; 776 ULONG MsgWord; 777 ULONGLONG TimeStamp; 778 UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH]; 779 ULONG AvPairsOff; 780 UCHAR Buffer[1]; 781 } MSV1_0_NTLM3_RESPONSE,*PMSV1_0_NTLM3_RESPONSE; 782 783 #define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH) 784 #define MSV1_0_NTLM3_MIN_NT_RESPONSE_LENGTH RTL_SIZEOF_THROUGH_FIELD(MSV1_0_NTLM3_RESPONSE,AvPairsOff) 785 786 typedef enum { 787 MsvAvEOL,MsvAvNbComputerName,MsvAvNbDomainName,MsvAvDnsComputerName,MsvAvDnsDomainName,MsvAvDnsTreeName,MsvAvFlags 788 } MSV1_0_AVID; 789 790 typedef struct _MSV1_0_AV_PAIR { 791 USHORT AvId; 792 USHORT AvLen; 793 794 } MSV1_0_AV_PAIR,*PMSV1_0_AV_PAIR; 795 796 typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE { 797 MsV1_0Lm20ChallengeRequest = 0,MsV1_0Lm20GetChallengeResponse,MsV1_0EnumerateUsers,MsV1_0GetUserInfo,MsV1_0ReLogonUsers,MsV1_0ChangePassword, 798 MsV1_0ChangeCachedPassword,MsV1_0GenericPassthrough,MsV1_0CacheLogon,MsV1_0SubAuth,MsV1_0DeriveCredential,MsV1_0CacheLookup, 799 MsV1_0SetProcessOption 800 } MSV1_0_PROTOCOL_MESSAGE_TYPE,*PMSV1_0_PROTOCOL_MESSAGE_TYPE; 801 802 typedef struct _MSV1_0_CHANGEPASSWORD_REQUEST { 803 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 804 UNICODE_STRING DomainName; 805 UNICODE_STRING AccountName; 806 UNICODE_STRING OldPassword; 807 UNICODE_STRING NewPassword; 808 BOOLEAN Impersonating; 809 } MSV1_0_CHANGEPASSWORD_REQUEST,*PMSV1_0_CHANGEPASSWORD_REQUEST; 810 811 typedef struct _MSV1_0_CHANGEPASSWORD_RESPONSE { 812 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 813 BOOLEAN PasswordInfoValid; 814 DOMAIN_PASSWORD_INFORMATION DomainPasswordInfo; 815 } MSV1_0_CHANGEPASSWORD_RESPONSE,*PMSV1_0_CHANGEPASSWORD_RESPONSE; 816 817 typedef struct _MSV1_0_PASSTHROUGH_REQUEST { 818 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 819 UNICODE_STRING DomainName; 820 UNICODE_STRING PackageName; 821 ULONG DataLength; 822 PUCHAR LogonData; 823 ULONG Pad; 824 } MSV1_0_PASSTHROUGH_REQUEST,*PMSV1_0_PASSTHROUGH_REQUEST; 825 826 typedef struct _MSV1_0_PASSTHROUGH_RESPONSE { 827 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 828 ULONG Pad; 829 ULONG DataLength; 830 PUCHAR ValidationData; 831 } MSV1_0_PASSTHROUGH_RESPONSE,*PMSV1_0_PASSTHROUGH_RESPONSE; 832 833 typedef struct _MSV1_0_SUBAUTH_REQUEST{ 834 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 835 ULONG SubAuthPackageId; 836 ULONG SubAuthInfoLength; 837 PUCHAR SubAuthSubmitBuffer; 838 } MSV1_0_SUBAUTH_REQUEST,*PMSV1_0_SUBAUTH_REQUEST; 839 840 typedef struct _MSV1_0_SUBAUTH_RESPONSE{ 841 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 842 ULONG SubAuthInfoLength; 843 PUCHAR SubAuthReturnBuffer; 844 } MSV1_0_SUBAUTH_RESPONSE,*PMSV1_0_SUBAUTH_RESPONSE; 845 846 #define RtlGenRandom SystemFunction036 847 #define RtlEncryptMemory SystemFunction040 848 #define RtlDecryptMemory SystemFunction041 849 850 BOOLEAN RtlGenRandom(PVOID RandomBuffer,ULONG RandomBufferLength); 851 852 #define RTL_ENCRYPT_MEMORY_SIZE 8 853 #define RTL_ENCRYPT_OPTION_CROSS_PROCESS 0x01 854 #define RTL_ENCRYPT_OPTION_SAME_LOGON 0x02 855 856 NTSTATUS RtlEncryptMemory(PVOID Memory,ULONG MemorySize,ULONG OptionFlags); 857 NTSTATUS RtlDecryptMemory(PVOID Memory,ULONG MemorySize,ULONG OptionFlags); 858 859 #define KERBEROS_VERSION 5 860 #define KERBEROS_REVISION 6 861 862 #define KERB_ETYPE_NULL 0 863 #define KERB_ETYPE_DES_CBC_CRC 1 864 #define KERB_ETYPE_DES_CBC_MD4 2 865 #define KERB_ETYPE_DES_CBC_MD5 3 866 867 #define KERB_ETYPE_RC4_MD4 -128 868 #define KERB_ETYPE_RC4_PLAIN2 -129 869 #define KERB_ETYPE_RC4_LM -130 870 #define KERB_ETYPE_RC4_SHA -131 871 #define KERB_ETYPE_DES_PLAIN -132 872 #define KERB_ETYPE_RC4_HMAC_OLD -133 873 #define KERB_ETYPE_RC4_PLAIN_OLD -134 874 #define KERB_ETYPE_RC4_HMAC_OLD_EXP -135 875 #define KERB_ETYPE_RC4_PLAIN_OLD_EXP -136 876 #define KERB_ETYPE_RC4_PLAIN -140 877 #define KERB_ETYPE_RC4_PLAIN_EXP -141 878 879 #define KERB_ETYPE_DSA_SHA1_CMS 9 880 #define KERB_ETYPE_RSA_MD5_CMS 10 881 #define KERB_ETYPE_RSA_SHA1_CMS 11 882 #define KERB_ETYPE_RC2_CBC_ENV 12 883 #define KERB_ETYPE_RSA_ENV 13 884 #define KERB_ETYPE_RSA_ES_OEAP_ENV 14 885 #define KERB_ETYPE_DES_EDE3_CBC_ENV 15 886 887 #define KERB_ETYPE_DSA_SIGN 8 888 #define KERB_ETYPE_RSA_PRIV 9 889 #define KERB_ETYPE_RSA_PUB 10 890 #define KERB_ETYPE_RSA_PUB_MD5 11 891 #define KERB_ETYPE_RSA_PUB_SHA1 12 892 #define KERB_ETYPE_PKCS7_PUB 13 893 894 #define KERB_ETYPE_DES3_CBC_MD5 5 895 #define KERB_ETYPE_DES3_CBC_SHA1 7 896 #define KERB_ETYPE_DES3_CBC_SHA1_KD 16 897 898 #define KERB_ETYPE_DES_CBC_MD5_NT 20 899 #define KERB_ETYPE_RC4_HMAC_NT 23 900 #define KERB_ETYPE_RC4_HMAC_NT_EXP 24 901 902 #define KERB_CHECKSUM_NONE 0 903 #define KERB_CHECKSUM_CRC32 1 904 #define KERB_CHECKSUM_MD4 2 905 #define KERB_CHECKSUM_KRB_DES_MAC 4 906 #define KERB_CHECKSUM_KRB_DES_MAC_K 5 907 #define KERB_CHECKSUM_MD5 7 908 #define KERB_CHECKSUM_MD5_DES 8 909 910 #define KERB_CHECKSUM_LM -130 911 #define KERB_CHECKSUM_SHA1 -131 912 #define KERB_CHECKSUM_REAL_CRC32 -132 913 #define KERB_CHECKSUM_DES_MAC -133 914 #define KERB_CHECKSUM_DES_MAC_MD5 -134 915 #define KERB_CHECKSUM_MD25 -135 916 #define KERB_CHECKSUM_RC4_MD5 -136 917 #define KERB_CHECKSUM_MD5_HMAC -137 918 #define KERB_CHECKSUM_HMAC_MD5 -138 919 920 #define AUTH_REQ_ALLOW_FORWARDABLE 0x00000001 921 #define AUTH_REQ_ALLOW_PROXIABLE 0x00000002 922 #define AUTH_REQ_ALLOW_POSTDATE 0x00000004 923 #define AUTH_REQ_ALLOW_RENEWABLE 0x00000008 924 #define AUTH_REQ_ALLOW_NOADDRESS 0x00000010 925 #define AUTH_REQ_ALLOW_ENC_TKT_IN_SKEY 0x00000020 926 #define AUTH_REQ_ALLOW_VALIDATE 0x00000040 927 #define AUTH_REQ_VALIDATE_CLIENT 0x00000080 928 #define AUTH_REQ_OK_AS_DELEGATE 0x00000100 929 #define AUTH_REQ_PREAUTH_REQUIRED 0x00000200 930 #define AUTH_REQ_TRANSITIVE_TRUST 0x00000400 931 #define AUTH_REQ_ALLOW_S4U_DELEGATE 0x00000800 932 933 #define AUTH_REQ_PER_USER_FLAGS (AUTH_REQ_ALLOW_FORWARDABLE | AUTH_REQ_ALLOW_PROXIABLE | AUTH_REQ_ALLOW_POSTDATE | AUTH_REQ_ALLOW_RENEWABLE | AUTH_REQ_ALLOW_VALIDATE) 934 935 #define KERB_TICKET_FLAGS_reserved 0x80000000 936 #define KERB_TICKET_FLAGS_forwardable 0x40000000 937 #define KERB_TICKET_FLAGS_forwarded 0x20000000 938 #define KERB_TICKET_FLAGS_proxiable 0x10000000 939 #define KERB_TICKET_FLAGS_proxy 0x08000000 940 #define KERB_TICKET_FLAGS_may_postdate 0x04000000 941 #define KERB_TICKET_FLAGS_postdated 0x02000000 942 #define KERB_TICKET_FLAGS_invalid 0x01000000 943 #define KERB_TICKET_FLAGS_renewable 0x00800000 944 #define KERB_TICKET_FLAGS_initial 0x00400000 945 #define KERB_TICKET_FLAGS_pre_authent 0x00200000 946 #define KERB_TICKET_FLAGS_hw_authent 0x00100000 947 #define KERB_TICKET_FLAGS_ok_as_delegate 0x00040000 948 #define KERB_TICKET_FLAGS_name_canonicalize 0x00010000 949 #define KERB_TICKET_FLAGS_reserved1 0x00000001 950 951 #define KRB_NT_UNKNOWN 0 952 #define KRB_NT_PRINCIPAL 1 953 #define KRB_NT_PRINCIPAL_AND_ID -131 954 #define KRB_NT_SRV_INST 2 955 #define KRB_NT_SRV_INST_AND_ID -132 956 #define KRB_NT_SRV_HST 3 957 #define KRB_NT_SRV_XHST 4 958 #define KRB_NT_UID 5 959 #define KRB_NT_ENTERPRISE_PRINCIPAL 10 960 #define KRB_NT_ENT_PRINCIPAL_AND_ID -130 961 #define KRB_NT_MS_PRINCIPAL -128 962 #define KRB_NT_MS_PRINCIPAL_AND_ID -129 963 964 #define KERB_IS_MS_PRINCIPAL(_x_) (((_x_) <= KRB_NT_MS_PRINCIPAL) || ((_x_) >= KRB_NT_ENTERPRISE_PRINCIPAL)) 965 966 #ifndef MICROSOFT_KERBEROS_NAME_A 967 968 #define MICROSOFT_KERBEROS_NAME_A "Kerberos" 969 #define MICROSOFT_KERBEROS_NAME_W L"Kerberos" 970 #ifdef WIN32_CHICAGO 971 #define MICROSOFT_KERBEROS_NAME MICROSOFT_KERBEROS_NAME_A 972 #else 973 #define MICROSOFT_KERBEROS_NAME MICROSOFT_KERBEROS_NAME_W 974 #endif 975 #endif 976 977 #define KERB_WRAP_NO_ENCRYPT 0x80000001 978 979 typedef enum _KERB_LOGON_SUBMIT_TYPE { 980 KerbInteractiveLogon = 2,KerbSmartCardLogon = 6,KerbWorkstationUnlockLogon = 7,KerbSmartCardUnlockLogon = 8,KerbProxyLogon = 9, 981 KerbTicketLogon = 10,KerbTicketUnlockLogon = 11,KerbS4ULogon = 12 982 #if (_WIN32_WINNT >= 0x0600) 983 ,KerbCertificateLogon = 13, 984 KerbCertificateS4ULogon = 14, 985 KerbCertificateUnlockLogon = 15 986 #endif 987 } KERB_LOGON_SUBMIT_TYPE,*PKERB_LOGON_SUBMIT_TYPE; 988 989 typedef struct _KERB_INTERACTIVE_LOGON { 990 KERB_LOGON_SUBMIT_TYPE MessageType; 991 UNICODE_STRING LogonDomainName; 992 UNICODE_STRING UserName; 993 UNICODE_STRING Password; 994 } KERB_INTERACTIVE_LOGON,*PKERB_INTERACTIVE_LOGON; 995 996 typedef struct _KERB_INTERACTIVE_UNLOCK_LOGON { 997 KERB_INTERACTIVE_LOGON Logon; 998 LUID LogonId; 999 } KERB_INTERACTIVE_UNLOCK_LOGON,*PKERB_INTERACTIVE_UNLOCK_LOGON; 1000 1001 typedef struct _KERB_SMART_CARD_LOGON { 1002 KERB_LOGON_SUBMIT_TYPE MessageType; 1003 UNICODE_STRING Pin; 1004 ULONG CspDataLength; 1005 PUCHAR CspData; 1006 } KERB_SMART_CARD_LOGON,*PKERB_SMART_CARD_LOGON; 1007 1008 typedef struct _KERB_SMART_CARD_UNLOCK_LOGON { 1009 KERB_SMART_CARD_LOGON Logon; 1010 LUID LogonId; 1011 } KERB_SMART_CARD_UNLOCK_LOGON,*PKERB_SMART_CARD_UNLOCK_LOGON; 1012 1013 typedef struct _KERB_TICKET_LOGON { 1014 KERB_LOGON_SUBMIT_TYPE MessageType; 1015 ULONG Flags; 1016 ULONG ServiceTicketLength; 1017 ULONG TicketGrantingTicketLength; 1018 PUCHAR ServiceTicket; 1019 PUCHAR TicketGrantingTicket; 1020 } KERB_TICKET_LOGON,*PKERB_TICKET_LOGON; 1021 1022 #define KERB_LOGON_FLAG_ALLOW_EXPIRED_TICKET 0x1 1023 1024 typedef struct _KERB_TICKET_UNLOCK_LOGON { 1025 KERB_TICKET_LOGON Logon; 1026 LUID LogonId; 1027 } KERB_TICKET_UNLOCK_LOGON,*PKERB_TICKET_UNLOCK_LOGON; 1028 1029 typedef struct _KERB_S4U_LOGON { 1030 KERB_LOGON_SUBMIT_TYPE MessageType; 1031 ULONG Flags; 1032 UNICODE_STRING ClientUpn; 1033 UNICODE_STRING ClientRealm; 1034 } KERB_S4U_LOGON,*PKERB_S4U_LOGON; 1035 1036 typedef enum _KERB_PROFILE_BUFFER_TYPE { 1037 KerbInteractiveProfile = 2,KerbSmartCardProfile = 4,KerbTicketProfile = 6 1038 } KERB_PROFILE_BUFFER_TYPE,*PKERB_PROFILE_BUFFER_TYPE; 1039 1040 typedef struct _KERB_INTERACTIVE_PROFILE { 1041 KERB_PROFILE_BUFFER_TYPE MessageType; 1042 USHORT LogonCount; 1043 USHORT BadPasswordCount; 1044 LARGE_INTEGER LogonTime; 1045 LARGE_INTEGER LogoffTime; 1046 LARGE_INTEGER KickOffTime; 1047 LARGE_INTEGER PasswordLastSet; 1048 LARGE_INTEGER PasswordCanChange; 1049 LARGE_INTEGER PasswordMustChange; 1050 UNICODE_STRING LogonScript; 1051 UNICODE_STRING HomeDirectory; 1052 UNICODE_STRING FullName; 1053 UNICODE_STRING ProfilePath; 1054 UNICODE_STRING HomeDirectoryDrive; 1055 UNICODE_STRING LogonServer; 1056 ULONG UserFlags; 1057 } KERB_INTERACTIVE_PROFILE,*PKERB_INTERACTIVE_PROFILE; 1058 1059 typedef struct _KERB_SMART_CARD_PROFILE { 1060 KERB_INTERACTIVE_PROFILE Profile; 1061 ULONG CertificateSize; 1062 PUCHAR CertificateData; 1063 } KERB_SMART_CARD_PROFILE,*PKERB_SMART_CARD_PROFILE; 1064 1065 typedef struct KERB_CRYPTO_KEY { 1066 LONG KeyType; 1067 ULONG Length; 1068 PUCHAR Value; 1069 } KERB_CRYPTO_KEY,*PKERB_CRYPTO_KEY; 1070 1071 typedef struct _KERB_TICKET_PROFILE { 1072 KERB_INTERACTIVE_PROFILE Profile; 1073 KERB_CRYPTO_KEY SessionKey; 1074 } KERB_TICKET_PROFILE,*PKERB_TICKET_PROFILE; 1075 1076 typedef enum _KERB_PROTOCOL_MESSAGE_TYPE { 1077 KerbDebugRequestMessage = 0,KerbQueryTicketCacheMessage,KerbChangeMachinePasswordMessage,KerbVerifyPacMessage,KerbRetrieveTicketMessage, 1078 KerbUpdateAddressesMessage,KerbPurgeTicketCacheMessage,KerbChangePasswordMessage,KerbRetrieveEncodedTicketMessage,KerbDecryptDataMessage, 1079 KerbAddBindingCacheEntryMessage,KerbSetPasswordMessage,KerbSetPasswordExMessage,KerbVerifyCredentialsMessage,KerbQueryTicketCacheExMessage, 1080 KerbPurgeTicketCacheExMessage,KerbRefreshSmartcardCredentialsMessage,KerbAddExtraCredentialsMessage,KerbQuerySupplementalCredentialsMessage, 1081 KerbTransferCredentialsMessage,KerbQueryTicketCacheEx2Message 1082 } KERB_PROTOCOL_MESSAGE_TYPE,*PKERB_PROTOCOL_MESSAGE_TYPE; 1083 1084 typedef struct _KERB_QUERY_TKT_CACHE_REQUEST { 1085 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1086 LUID LogonId; 1087 } KERB_QUERY_TKT_CACHE_REQUEST,*PKERB_QUERY_TKT_CACHE_REQUEST; 1088 1089 typedef struct _KERB_TICKET_CACHE_INFO { 1090 UNICODE_STRING ServerName; 1091 UNICODE_STRING RealmName; 1092 LARGE_INTEGER StartTime; 1093 LARGE_INTEGER EndTime; 1094 LARGE_INTEGER RenewTime; 1095 LONG EncryptionType; 1096 ULONG TicketFlags; 1097 } KERB_TICKET_CACHE_INFO,*PKERB_TICKET_CACHE_INFO; 1098 1099 typedef struct _KERB_TICKET_CACHE_INFO_EX { 1100 UNICODE_STRING ClientName; 1101 UNICODE_STRING ClientRealm; 1102 UNICODE_STRING ServerName; 1103 UNICODE_STRING ServerRealm; 1104 LARGE_INTEGER StartTime; 1105 LARGE_INTEGER EndTime; 1106 LARGE_INTEGER RenewTime; 1107 LONG EncryptionType; 1108 ULONG TicketFlags; 1109 } KERB_TICKET_CACHE_INFO_EX,*PKERB_TICKET_CACHE_INFO_EX; 1110 1111 typedef struct _KERB_TICKET_CACHE_INFO_EX2 { 1112 UNICODE_STRING ClientName; 1113 UNICODE_STRING ClientRealm; 1114 UNICODE_STRING ServerName; 1115 UNICODE_STRING ServerRealm; 1116 LARGE_INTEGER StartTime; 1117 LARGE_INTEGER EndTime; 1118 LARGE_INTEGER RenewTime; 1119 LONG EncryptionType; 1120 ULONG TicketFlags; 1121 ULONG SessionKeyType; 1122 } KERB_TICKET_CACHE_INFO_EX2,*PKERB_TICKET_CACHE_INFO_EX2; 1123 1124 typedef struct _KERB_QUERY_TKT_CACHE_RESPONSE { 1125 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1126 ULONG CountOfTickets; 1127 KERB_TICKET_CACHE_INFO Tickets[ANYSIZE_ARRAY]; 1128 } KERB_QUERY_TKT_CACHE_RESPONSE,*PKERB_QUERY_TKT_CACHE_RESPONSE; 1129 1130 typedef struct _KERB_QUERY_TKT_CACHE_EX_RESPONSE { 1131 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1132 ULONG CountOfTickets; 1133 KERB_TICKET_CACHE_INFO_EX Tickets[ANYSIZE_ARRAY]; 1134 } KERB_QUERY_TKT_CACHE_EX_RESPONSE,*PKERB_QUERY_TKT_CACHE_EX_RESPONSE; 1135 1136 typedef struct _KERB_QUERY_TKT_CACHE_EX2_RESPONSE { 1137 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1138 ULONG CountOfTickets; 1139 KERB_TICKET_CACHE_INFO_EX2 Tickets[ANYSIZE_ARRAY]; 1140 } KERB_QUERY_TKT_CACHE_EX2_RESPONSE,*PKERB_QUERY_TKT_CACHE_EX2_RESPONSE; 1141 1142 #ifndef __SECHANDLE_DEFINED__ 1143 typedef struct _SecHandle { 1144 ULONG_PTR dwLower; 1145 ULONG_PTR dwUpper; 1146 } SecHandle,*PSecHandle; 1147 1148 #define __SECHANDLE_DEFINED__ 1149 #endif 1150 1151 #define KERB_USE_DEFAULT_TICKET_FLAGS 0x0 1152 1153 #define KERB_RETRIEVE_TICKET_DEFAULT 0x0 1154 #define KERB_RETRIEVE_TICKET_DONT_USE_CACHE 0x1 1155 #define KERB_RETRIEVE_TICKET_USE_CACHE_ONLY 0x2 1156 #define KERB_RETRIEVE_TICKET_USE_CREDHANDLE 0x4 1157 #define KERB_RETRIEVE_TICKET_AS_KERB_CRED 0x8 1158 #define KERB_RETRIEVE_TICKET_WITH_SEC_CRED 0x10 1159 #define KERB_RETRIEVE_TICKET_CACHE_TICKET 0x20 1160 1161 #define KERB_ETYPE_DEFAULT 0x0 1162 1163 typedef struct _KERB_AUTH_DATA { 1164 ULONG Type; 1165 ULONG Length; 1166 PUCHAR Data; 1167 } KERB_AUTH_DATA,*PKERB_AUTH_DATA; 1168 1169 typedef struct _KERB_NET_ADDRESS { 1170 ULONG Family; 1171 ULONG Length; 1172 PCHAR Address; 1173 } KERB_NET_ADDRESS,*PKERB_NET_ADDRESS; 1174 1175 typedef struct _KERB_NET_ADDRESSES { 1176 ULONG Number; 1177 KERB_NET_ADDRESS Addresses[ANYSIZE_ARRAY]; 1178 } KERB_NET_ADDRESSES,*PKERB_NET_ADDRESSES; 1179 1180 typedef struct _KERB_EXTERNAL_NAME { 1181 SHORT NameType; 1182 USHORT NameCount; 1183 UNICODE_STRING Names[ANYSIZE_ARRAY]; 1184 } KERB_EXTERNAL_NAME,*PKERB_EXTERNAL_NAME; 1185 1186 typedef struct _KERB_EXTERNAL_TICKET { 1187 PKERB_EXTERNAL_NAME ServiceName; 1188 PKERB_EXTERNAL_NAME TargetName; 1189 PKERB_EXTERNAL_NAME ClientName; 1190 UNICODE_STRING DomainName; 1191 UNICODE_STRING TargetDomainName; 1192 UNICODE_STRING AltTargetDomainName; 1193 KERB_CRYPTO_KEY SessionKey; 1194 ULONG TicketFlags; 1195 ULONG Flags; 1196 LARGE_INTEGER KeyExpirationTime; 1197 LARGE_INTEGER StartTime; 1198 LARGE_INTEGER EndTime; 1199 LARGE_INTEGER RenewUntil; 1200 LARGE_INTEGER TimeSkew; 1201 ULONG EncodedTicketSize; 1202 PUCHAR EncodedTicket; 1203 } KERB_EXTERNAL_TICKET,*PKERB_EXTERNAL_TICKET; 1204 1205 typedef struct _KERB_RETRIEVE_TKT_REQUEST { 1206 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1207 LUID LogonId; 1208 UNICODE_STRING TargetName; 1209 ULONG TicketFlags; 1210 ULONG CacheOptions; 1211 LONG EncryptionType; 1212 SecHandle CredentialsHandle; 1213 } KERB_RETRIEVE_TKT_REQUEST,*PKERB_RETRIEVE_TKT_REQUEST; 1214 1215 typedef struct _KERB_RETRIEVE_TKT_RESPONSE { 1216 KERB_EXTERNAL_TICKET Ticket; 1217 } KERB_RETRIEVE_TKT_RESPONSE,*PKERB_RETRIEVE_TKT_RESPONSE; 1218 1219 typedef struct _KERB_PURGE_TKT_CACHE_REQUEST { 1220 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1221 LUID LogonId; 1222 UNICODE_STRING ServerName; 1223 UNICODE_STRING RealmName; 1224 } KERB_PURGE_TKT_CACHE_REQUEST,*PKERB_PURGE_TKT_CACHE_REQUEST; 1225 1226 #define KERB_PURGE_ALL_TICKETS 1 1227 1228 typedef struct _KERB_PURGE_TKT_CACHE_EX_REQUEST { 1229 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1230 LUID LogonId; 1231 ULONG Flags; 1232 KERB_TICKET_CACHE_INFO_EX TicketTemplate; 1233 } KERB_PURGE_TKT_CACHE_EX_REQUEST,*PKERB_PURGE_TKT_CACHE_EX_REQUEST; 1234 1235 typedef struct _KERB_CHANGEPASSWORD_REQUEST { 1236 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1237 UNICODE_STRING DomainName; 1238 UNICODE_STRING AccountName; 1239 UNICODE_STRING OldPassword; 1240 UNICODE_STRING NewPassword; 1241 BOOLEAN Impersonating; 1242 } KERB_CHANGEPASSWORD_REQUEST,*PKERB_CHANGEPASSWORD_REQUEST; 1243 1244 typedef struct _KERB_SETPASSWORD_REQUEST { 1245 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1246 LUID LogonId; 1247 SecHandle CredentialsHandle; 1248 ULONG Flags; 1249 UNICODE_STRING DomainName; 1250 UNICODE_STRING AccountName; 1251 UNICODE_STRING Password; 1252 } KERB_SETPASSWORD_REQUEST,*PKERB_SETPASSWORD_REQUEST; 1253 1254 typedef struct _KERB_SETPASSWORD_EX_REQUEST { 1255 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1256 LUID LogonId; 1257 SecHandle CredentialsHandle; 1258 ULONG Flags; 1259 UNICODE_STRING AccountRealm; 1260 UNICODE_STRING AccountName; 1261 UNICODE_STRING Password; 1262 UNICODE_STRING ClientRealm; 1263 UNICODE_STRING ClientName; 1264 BOOLEAN Impersonating; 1265 UNICODE_STRING KdcAddress; 1266 ULONG KdcAddressType; 1267 } KERB_SETPASSWORD_EX_REQUEST,*PKERB_SETPASSWORD_EX_REQUEST; 1268 1269 #define DS_UNKNOWN_ADDRESS_TYPE 0 1270 #define KERB_SETPASS_USE_LOGONID 1 1271 #define KERB_SETPASS_USE_CREDHANDLE 2 1272 1273 typedef struct _KERB_DECRYPT_REQUEST { 1274 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1275 LUID LogonId; 1276 ULONG Flags; 1277 LONG CryptoType; 1278 LONG KeyUsage; 1279 KERB_CRYPTO_KEY Key; 1280 ULONG EncryptedDataSize; 1281 ULONG InitialVectorSize; 1282 PUCHAR InitialVector; 1283 PUCHAR EncryptedData; 1284 } KERB_DECRYPT_REQUEST,*PKERB_DECRYPT_REQUEST; 1285 1286 #define KERB_DECRYPT_FLAG_DEFAULT_KEY 0x00000001 1287 1288 typedef struct _KERB_DECRYPT_RESPONSE { 1289 UCHAR DecryptedData[ANYSIZE_ARRAY]; 1290 } KERB_DECRYPT_RESPONSE,*PKERB_DECRYPT_RESPONSE; 1291 1292 typedef struct _KERB_ADD_BINDING_CACHE_ENTRY_REQUEST { 1293 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1294 UNICODE_STRING RealmName; 1295 UNICODE_STRING KdcAddress; 1296 ULONG AddressType; 1297 } KERB_ADD_BINDING_CACHE_ENTRY_REQUEST,*PKERB_ADD_BINDING_CACHE_ENTRY_REQUEST; 1298 1299 typedef struct _KERB_REFRESH_SCCRED_REQUEST { 1300 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1301 UNICODE_STRING CredentialBlob; 1302 LUID LogonId; 1303 ULONG Flags; 1304 } KERB_REFRESH_SCCRED_REQUEST,*PKERB_REFRESH_SCCRED_REQUEST; 1305 1306 #define KERB_REFRESH_SCCRED_RELEASE 0x0 1307 #define KERB_REFRESH_SCCRED_GETTGT 0x1 1308 1309 typedef struct _KERB_ADD_CREDENTIALS_REQUEST { 1310 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1311 UNICODE_STRING UserName; 1312 UNICODE_STRING DomainName; 1313 UNICODE_STRING Password; 1314 LUID LogonId; 1315 ULONG Flags; 1316 } KERB_ADD_CREDENTIALS_REQUEST,*PKERB_ADD_CREDENTIALS_REQUEST; 1317 1318 #define KERB_REQUEST_ADD_CREDENTIAL 1 1319 #define KERB_REQUEST_REPLACE_CREDENTIAL 2 1320 #define KERB_REQUEST_REMOVE_CREDENTIAL 4 1321 1322 typedef struct _KERB_TRANSFER_CRED_REQUEST { 1323 KERB_PROTOCOL_MESSAGE_TYPE MessageType; 1324 LUID OriginLogonId; 1325 LUID DestinationLogonId; 1326 ULONG Flags; 1327 } KERB_TRANSFER_CRED_REQUEST,*PKERB_TRANSFER_CRED_REQUEST; 1328 1329 #if (_WIN32_WINNT >= 0x0600) 1330 1331 #define PER_USER_POLICY_UNCHANGED 0x00 1332 #define PER_USER_AUDIT_SUCCESS_INCLUDE 0x01 1333 #define PER_USER_AUDIT_SUCCESS_EXCLUDE 0x02 1334 #define PER_USER_AUDIT_FAILURE_INCLUDE 0x04 1335 #define PER_USER_AUDIT_FAILURE_EXCLUDE 0x08 1336 #define PER_USER_AUDIT_NONE 0x10 1337 1338 typedef struct _AUDIT_POLICY_INFORMATION { 1339 GUID AuditSubCategoryGuid; 1340 ULONG AuditingInformation; 1341 GUID AuditCategoryGuid; 1342 } AUDIT_POLICY_INFORMATION, *PAUDIT_POLICY_INFORMATION, *PCAUDIT_POLICY_INFORMATION; 1343 1344 typedef struct _POLICY_AUDIT_SID_ARRAY { 1345 ULONG UsersCount; 1346 PSID *UserSidArray; 1347 } POLICY_AUDIT_SID_ARRAY, *PPOLICY_AUDIT_SID_ARRAY; 1348 1349 typedef struct _KERB_CERTIFICATE_LOGON { 1350 KERB_LOGON_SUBMIT_TYPE MessageType; 1351 UNICODE_STRING DomainName; 1352 UNICODE_STRING UserName; 1353 UNICODE_STRING Pin; 1354 ULONG Flags; 1355 ULONG CspDataLength; 1356 PUCHAR CspData; 1357 } KERB_CERTIFICATE_LOGON, *PKERB_CERTIFICATE_LOGON; 1358 1359 typedef struct _KERB_CERTIFICATE_UNLOCK_LOGON { 1360 KERB_CERTIFICATE_LOGON Logon; 1361 LUID LogonId; 1362 } KERB_CERTIFICATE_UNLOCK_LOGON, *PKERB_CERTIFICATE_UNLOCK_LOGON; 1363 1364 typedef struct _KERB_SMARTCARD_CSP_INFO { 1365 DWORD dwCspInfoLen; 1366 DWORD MessageType; 1367 __C89_NAMELESS union { 1368 PVOID ContextInformation; 1369 ULONG64 SpaceHolderForWow64; 1370 }; 1371 DWORD flags; 1372 DWORD KeySpec; 1373 ULONG nCardNameOffset; 1374 ULONG nReaderNameOffset; 1375 ULONG nContainerNameOffset; 1376 ULONG nCSPNameOffset; 1377 TCHAR bBuffer; 1378 } KERB_SMARTCARD_CSP_INFO, *PKERB_SMARTCARD_CSP_INFO; 1379 1380 BOOLEAN WINAPI AuditComputeEffectivePolicyBySid( 1381 const PSID pSid, 1382 const GUID *pSubCategoryGuids, 1383 ULONG PolicyCount, 1384 PAUDIT_POLICY_INFORMATION *ppAuditPolicy 1385 ); 1386 1387 VOID WINAPI AuditFree( 1388 PVOID Buffer 1389 ); 1390 1391 BOOLEAN WINAPI AuditSetSystemPolicy( 1392 PCAUDIT_POLICY_INFORMATION pAuditPolicy, 1393 ULONG PolicyCount 1394 ); 1395 1396 BOOLEAN WINAPI AuditQuerySystemPolicy( 1397 const GUID *pSubCategoryGuids, 1398 ULONG PolicyCount, 1399 PAUDIT_POLICY_INFORMATION *ppAuditPolicy 1400 ); 1401 1402 BOOLEAN WINAPI AuditSetPerUserPolicy( 1403 const PSID pSid, 1404 PCAUDIT_POLICY_INFORMATION pAuditPolicy, 1405 ULONG PolicyCount 1406 ); 1407 1408 BOOLEAN WINAPI AuditQueryPerUserPolicy( 1409 const PSID pSid, 1410 const GUID *pSubCategoryGuids, 1411 ULONG PolicyCount, 1412 PAUDIT_POLICY_INFORMATION *ppAuditPolicy 1413 ); 1414 1415 BOOLEAN WINAPI AuditComputeEffectivePolicyByToken( 1416 HANDLE hTokenHandle, 1417 const GUID *pSubCategoryGuids, 1418 ULONG PolicyCount, 1419 PAUDIT_POLICY_INFORMATION *ppAuditPolicy 1420 ); 1421 1422 BOOLEAN WINAPI AuditEnumerateCategories( 1423 GUID **ppAuditCategoriesArray, 1424 PULONG pCountReturned 1425 ); 1426 1427 BOOLEAN WINAPI AuditEnumeratePerUserPolicy( 1428 PPOLICY_AUDIT_SID_ARRAY *ppAuditSidArray 1429 ); 1430 1431 BOOLEAN WINAPI AuditEnumerateSubCategories( 1432 const GUID *pAuditCategoryGuid, 1433 BOOLEAN bRetrieveAllSubCategories, 1434 GUID **ppAuditSubCategoriesArray, 1435 PULONG pCountReturned 1436 ); 1437 1438 BOOLEAN WINAPI AuditLookupCategoryGuidFromCategoryId( 1439 POLICY_AUDIT_EVENT_TYPE AuditCategoryId, 1440 GUID *pAuditCategoryGuid 1441 ); 1442 1443 BOOLEAN WINAPI AuditQuerySecurity( 1444 SECURITY_INFORMATION SecurityInformation, 1445 PSECURITY_DESCRIPTOR *ppSecurityDescriptor 1446 ); 1447 1448 #define AuditLookupSubCategoryName __MINGW_NAME_AW(AuditLookupSubCategoryName) 1449 #define AuditLookupCategoryName __MINGW_NAME_AW(AuditLookupCategoryName) 1450 1451 BOOLEAN WINAPI AuditLookupSubCategoryNameA( 1452 const GUID *pAuditSubCategoryGuid, 1453 LPSTR *ppszSubCategoryName 1454 ); 1455 1456 BOOLEAN WINAPI AuditLookupSubCategoryNameW( 1457 const GUID *pAuditSubCategoryGuid, 1458 LPWSTR *ppszSubCategoryName 1459 ); 1460 1461 BOOLEAN WINAPI AuditLookupCategoryNameA( 1462 const GUID *pAuditCategoryGuid, 1463 LPSTR *ppszCategoryName 1464 ); 1465 1466 BOOLEAN WINAPI AuditLookupCategoryNameW( 1467 const GUID *pAuditCategoryGuid, 1468 LPWSTR *ppszCategoryName 1469 ); 1470 1471 BOOLEAN WINAPI AuditLookupCategoryIdFromCategoryGuid( 1472 const GUID *pAuditCategoryGuid, 1473 PPOLICY_AUDIT_EVENT_TYPE pAuditCategoryId 1474 ); 1475 1476 BOOLEAN WINAPI AuditSetSecurity( 1477 SECURITY_INFORMATION SecurityInformation, 1478 PSECURITY_DESCRIPTOR pSecurityDescriptor 1479 ); 1480 1481 #endif /*(_WIN32_WINNT >= 0x0600)*/ 1482 1483 #ifdef __cplusplus 1484 } 1485 #endif 1486 #endif 1487