include/ntsecapi.h

   1 /**
   2  * @file ntsecapi.h
   3  * Copyright 2012, 2013 MinGW.org project
   4  *
   5  * Permission is hereby granted, free of charge, to any person obtaining a
   6  * copy of this software and associated documentation files (the "Software"),
   7  * to deal in the Software without restriction, including without limitation
   8  * the rights to use, copy, modify, merge, publish, distribute, sublicense,
   9  * and/or sell copies of the Software, and to permit persons to whom the
  10  * Software is furnished to do so, subject to the following conditions:
  11  *
  12  * The above copyright notice and this permission notice (including the next
  13  * paragraph) shall be included in all copies or substantial portions of the
  14  * Software.
  15  *
  16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  19  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
  21  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
  22  * DEALINGS IN THE SOFTWARE.
  23  */
  24 #ifndef _NTSECAPI_H
  25 #define _NTSECAPI_H
  26 #pragma GCC system_header
  27 #include <_mingw.h>
  28
  29 #ifdef __cplusplus
  30 extern "C" {
  31 #endif
  32
  33 #define KERB_WRAP_NO_ENCRYPT 0x80000001
  34 #define LOGON_GUEST 1
  35 #define LOGON_NOENCRYPTION 2
  36 #define LOGON_CACHED_ACCOUNT 4
  37 #define LOGON_USED_LM_PASSWORD 8
  38 #define LOGON_EXTRA_SIDS 32
  39 #define LOGON_SUBAUTH_SESSION_KEY 64
  40 #define LOGON_SERVER_TRUST_ACCOUNT 128
  41 #define LOGON_NTLMV2_ENABLED 256
  42 #define LOGON_RESOURCE_GROUPS 512
  43 #define LOGON_PROFILE_PATH_RETURNED 1024
  44 #define LOGON_GRACE_LOGON 16777216
  45 #define LSA_MODE_PASSWORD_PROTECTED 1
  46 #define LSA_MODE_INDIVIDUAL_ACCOUNTS 2
  47 #define LSA_MODE_MANDATORY_ACCESS 3
  48 #define LSA_MODE_LOG_FULL 4
  49 #define LSA_SUCCESS(x) ((LONG)(x)>=0)
  50 #define MICROSOFT_KERBEROS_NAME_A "Kerberos"
  51 #define MICROSOFT_KERBEROS_NAME_W L"Kerberos"
  52 #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 32
  53 #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 2048
  54 #define MSV1_0_CHALLENGE_LENGTH 8
  55 #define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 2
  56 #define MSV1_0_CRED_LM_PRESENT 1
  57 #define MSV1_0_CRED_NT_PRESENT 2
  58 #define MSV1_0_CRED_VERSION 0
  59 #define MSV1_0_DONT_TRY_GUEST_ACCOUNT 16
  60 #define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8
  61 #define MSV1_0_MAX_NTLM3_LIFE 1800
  62 #define MSV1_0_MAX_AVL_SIZE 64000
  63 #define MSV1_0_MNS_LOGON 16777216
  64 #define MSV1_0_NTLM3_RESPONSE_LENGTH 16
  65 #define MSV1_0_NTLM3_OWF_LENGTH 16
  66 #define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE)-MSV1_0_NTLM3_RESPONSE_LENGTH)
  67 #define MSV1_0_OWF_PASSWORD_LENGTH 16
  68 #define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
  69 #define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
  70 #define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW)-sizeof(WCHAR)
  71 #define MSV1_0_RETURN_USER_PARAMETERS 8
  72 #define MSV1_0_RETURN_PASSWORD_EXPIRY 64
  73 #define MSV1_0_RETURN_PROFILE_PATH 512
  74 #define MSV1_0_SUBAUTHENTICATION_DLL_EX 1048576
  75 #define MSV1_0_SUBAUTHENTICATION_DLL 0xff000000
  76 #define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24
  77 #define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2
  78 #define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132
  79 #define MSV1_0_SUBAUTHENTICATION_FLAGS 0xff000000
  80 #define MSV1_0_SUBAUTHENTICATION_KEY "System\\CurrentControlSet\\Control\\Lsa\\MSV1_0"
  81 #define MSV1_0_SUBAUTHENTICATION_VALUE "Auth"
  82 #define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 256
  83 #define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 1024
  84 #define MSV1_0_UPDATE_LOGON_STATISTICS 4
  85 #define MSV1_0_USE_CLIENT_CHALLENGE 128
  86 #define MSV1_0_USER_SESSION_KEY_LENGTH 16
  87 #define POLICY_VIEW_LOCAL_INFORMATION 1
  88 #define POLICY_VIEW_AUDIT_INFORMATION 2
  89 #define POLICY_GET_PRIVATE_INFORMATION 4
  90 #define POLICY_TRUST_ADMIN 8
  91 #define POLICY_CREATE_ACCOUNT 16
  92 #define POLICY_CREATE_SECRET 32
  93 #define POLICY_CREATE_PRIVILEGE 64
  94 #define POLICY_SET_DEFAULT_QUOTA_LIMITS 128
  95 #define POLICY_SET_AUDIT_REQUIREMENTS 256
  96 #define POLICY_AUDIT_LOG_ADMIN 512
  97 #define POLICY_SERVER_ADMIN 1024
  98 #define POLICY_LOOKUP_NAMES 2048
  99 #define POLICY_READ (STANDARD_RIGHTS_READ|6)
 100 #define POLICY_WRITE (STANDARD_RIGHTS_WRITE|2040)
 101 #define POLICY_EXECUTE (STANDARD_RIGHTS_EXECUTE|2049)
 102 #define POLICY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|4095)
 103 #define POLICY_AUDIT_EVENT_UNCHANGED 0
 104 #define POLICY_AUDIT_EVENT_SUCCESS 1
 105 #define POLICY_AUDIT_EVENT_FAILURE 2
 106 #define POLICY_AUDIT_EVENT_NONE 4
 107 #define POLICY_AUDIT_EVENT_MASK 7
 108 #define POLICY_LOCATION_LOCAL 1
 109 #define POLICY_LOCATION_DS 2
 110 #define POLICY_MACHINE_POLICY_LOCAL 0
 111 #define POLICY_MACHINE_POLICY_DEFAULTED 1
 112 #define POLICY_MACHINE_POLICY_EXPLICIT 2
 113 #define POLICY_MACHINE_POLICY_UNKNOWN 0xFFFFFFFF
 114 #define POLICY_QOS_SCHANEL_REQUIRED 1
 115 #define POLICY_QOS_OUTBOUND_INTEGRITY 2
 116 #define POLICY_QOS_OUTBOUND_CONFIDENTIALITY 4
 117 #define POLICY_QOS_INBOUND_INTEGREITY 8
 118 #define POLICY_QOS_INBOUND_CONFIDENTIALITY 16
 119 #define POLICY_QOS_ALLOW_LOCAL_ROOT_CERT_STORE 32
 120 #define POLICY_QOS_RAS_SERVER_ALLOWED 64
 121 #define POLICY_QOS_DHCP_SERVER_ALLOWD 128
 122 #define POLICY_KERBEROS_FORWARDABLE 1
 123 #define POLICY_KERBEROS_PROXYABLE 2
 124 #define POLICY_KERBEROS_RENEWABLE 4
 125 #define POLICY_KERBEROS_POSTDATEABLE 8
 126 #define SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE "PasswordChangeNotify"
 127 #define SAM_INIT_NOTIFICATION_ROUTINE "InitializeChangeNotify"
 128 #define SAM_PASSWORD_FILTER_ROUTINE "PasswordFilter"
 129 #define SE_INTERACTIVE_LOGON_NAME TEXT("SeInteractiveLogonRight")
 130 #define SE_NETWORK_LOGON_NAME TEXT("SeNetworkLogonRight")
 131 #define SE_BATCH_LOGON_NAME TEXT("SeBatchLogonRight")
 132 #define SE_SERVICE_LOGON_NAME TEXT("SeServiceLogonRight")
 133 #define TRUST_ATTRIBUTE_NON_TRANSITIVE 1
 134 #define TRUST_ATTRIBUTE_UPLEVEL_ONLY 2
 135 #define TRUST_ATTRIBUTE_TREE_PARENT 4194304
 136 #define TRUST_ATTRIBUTES_VALID  -16580609
 137 #define TRUST_AUTH_TYPE_NONE 0
 138 #define TRUST_AUTH_TYPE_NT4OWF 1
 139 #define TRUST_AUTH_TYPE_CLEAR 2
 140 #define TRUST_DIRECTION_DISABLED 0
 141 #define TRUST_DIRECTION_INBOUND 1
 142 #define TRUST_DIRECTION_OUTBOUND 2
 143 #define TRUST_DIRECTION_BIDIRECTIONAL 3
 144 #define TRUST_TYPE_DOWNLEVEL 1
 145 #define TRUST_TYPE_UPLEVEL 2
 146 #define TRUST_TYPE_MIT 3
 147 #define TRUST_TYPE_DCE 4
 148
 149 #if !defined(_NTDEF_H) && !defined(_SUBAUTH_H)
 150 typedef LONG NTSTATUS, *PNTSTATUS;
 151 typedef struct _UNICODE_STRING {
 152   USHORT Length;
 153   USHORT MaximumLength;
 154   PWSTR Buffer;
 155 } UNICODE_STRING, *PUNICODE_STRING;
 156 typedef const UNICODE_STRING* PCUNICODE_STRING;
 157 typedef struct _STRING {
 158   USHORT Length;
 159   USHORT MaximumLength;
 160   PCHAR Buffer;
 161 } STRING, *PSTRING;
 162 #endif
 163
 164 typedef UNICODE_STRING LSA_UNICODE_STRING, *PLSA_UNICODE_STRING;
 165 typedef STRING LSA_STRING, *PLSA_STRING;
 166 typedef enum _MSV1_0_LOGON_SUBMIT_TYPE {
 167   MsV1_0InteractiveLogon = 2,
 168   MsV1_0Lm20Logon,
 169   MsV1_0NetworkLogon,
 170   MsV1_0SubAuthLogon,
 171   MsV1_0WorkstationUnlockLogon = 7
 172 } MSV1_0_LOGON_SUBMIT_TYPE, *PMSV1_0_LOGON_SUBMIT_TYPE;
 173 typedef enum _MSV1_0_PROFILE_BUFFER_TYPE {
 174   MsV1_0InteractiveProfile = 2,
 175   MsV1_0Lm20LogonProfile,
 176   MsV1_0SmartCardProfile
 177 } MSV1_0_PROFILE_BUFFER_TYPE, *PMSV1_0_PROFILE_BUFFER_TYPE;
 178 typedef enum {
 179   MsvAvEOL,
 180   MsvAvNbComputerName,
 181   MsvAvNbDomainName,
 182   MsvAvDnsComputerName,
 183   MsvAvDnsDomainName
 184 } MSV1_0_AVID;
 185 typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE {
 186   MsV1_0Lm20ChallengeRequest = 0,
 187   MsV1_0Lm20GetChallengeResponse,
 188   MsV1_0EnumerateUsers,
 189   MsV1_0GetUserInfo,
 190   MsV1_0ReLogonUsers,
 191   MsV1_0ChangePassword,
 192   MsV1_0ChangeCachedPassword,
 193   MsV1_0GenericPassthrough,
 194   MsV1_0CacheLogon,
 195   MsV1_0SubAuth,
 196   MsV1_0DeriveCredential,
 197   MsV1_0CacheLookup
 198 } MSV1_0_PROTOCOL_MESSAGE_TYPE, *PMSV1_0_PROTOCOL_MESSAGE_TYPE;
 199 typedef enum _POLICY_LSA_SERVER_ROLE {
 200   PolicyServerRoleBackup = 2,
 201   PolicyServerRolePrimary
 202 } POLICY_LSA_SERVER_ROLE, *PPOLICY_LSA_SERVER_ROLE;
 203 typedef enum _POLICY_SERVER_ENABLE_STATE {
 204   PolicyServerEnabled = 2,
 205   PolicyServerDisabled
 206 } POLICY_SERVER_ENABLE_STATE, *PPOLICY_SERVER_ENABLE_STATE;
 207 typedef enum _POLICY_INFORMATION_CLASS {
 208   PolicyAuditLogInformation = 1,
 209   PolicyAuditEventsInformation,
 210   PolicyPrimaryDomainInformation,
 211   PolicyPdAccountInformation,
 212   PolicyAccountDomainInformation,
 213   PolicyLsaServerRoleInformation,
 214   PolicyReplicaSourceInformation,
 215   PolicyDefaultQuotaInformation,
 216   PolicyModificationInformation,
 217   PolicyAuditFullSetInformation,
 218   PolicyAuditFullQueryInformation,
 219   PolicyDnsDomainInformation,
 220   PolicyEfsInformation
 221 } POLICY_INFORMATION_CLASS, *PPOLICY_INFORMATION_CLASS;
 222 typedef enum _POLICY_AUDIT_EVENT_TYPE {
 223   AuditCategorySystem,
 224   AuditCategoryLogon,
 225   AuditCategoryObjectAccess,
 226   AuditCategoryPrivilegeUse,
 227   AuditCategoryDetailedTracking,
 228   AuditCategoryPolicyChange,
 229   AuditCategoryAccountManagement,
 230   AuditCategoryDirectoryServiceAccess,
 231   AuditCategoryAccountLogon
 232 } POLICY_AUDIT_EVENT_TYPE, *PPOLICY_AUDIT_EVENT_TYPE;
 233 typedef enum _POLICY_LOCAL_INFORMATION_CLASS {
 234   PolicyLocalAuditEventsInformation = 1,
 235   PolicyLocalPdAccountInformation,
 236   PolicyLocalAccountDomainInformation,
 237   PolicyLocalLsaServerRoleInformation,
 238   PolicyLocalReplicaSourceInformation,
 239   PolicyLocalModificationInformation,
 240   PolicyLocalAuditFullSetInformation,
 241   PolicyLocalAuditFullQueryInformation,
 242   PolicyLocalDnsDomainInformation,
 243   PolicyLocalIPSecReferenceInformation,
 244   PolicyLocalMachinePasswordInformation,
 245   PolicyLocalQualityOfServiceInformation,
 246   PolicyLocalPolicyLocationInformation
 247 } POLICY_LOCAL_INFORMATION_CLASS, *PPOLICY_LOCAL_INFORMATION_CLASS;
 248 typedef enum _POLICY_DOMAIN_INFORMATION_CLASS {
 249   PolicyDomainIPSecReferenceInformation = 1,
 250   PolicyDomainQualityOfServiceInformation,
 251   PolicyDomainEfsInformation,
 252   PolicyDomainPublicKeyInformation,
 253   PolicyDomainPasswordPolicyInformation,
 254   PolicyDomainLockoutInformation,
 255   PolicyDomainKerberosTicketInformation
 256 } POLICY_DOMAIN_INFORMATION_CLASS, *PPOLICY_DOMAIN_INFORMATION_CLASS;
 257 typedef enum _SECURITY_LOGON_TYPE {
 258   Interactive = 2,
 259   Network,
 260   Batch,
 261   Service,
 262   Proxy,
 263   Unlock
 264 } SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE;
 265 typedef enum _TRUSTED_INFORMATION_CLASS {
 266   TrustedDomainNameInformation = 1,
 267   TrustedControllersInformation,
 268   TrustedPosixOffsetInformation,
 269   TrustedPasswordInformation,
 270   TrustedDomainInformationBasic,
 271   TrustedDomainInformationEx,
 272   TrustedDomainAuthInformation,
 273   TrustedDomainFullInformation
 274 } TRUSTED_INFORMATION_CLASS, *PTRUSTED_INFORMATION_CLASS;
 275 typedef struct _DOMAIN_PASSWORD_INFORMATION {
 276   USHORT MinPasswordLength;
 277   USHORT PasswordHistoryLength;
 278   ULONG PasswordProperties;
 279   LARGE_INTEGER MaxPasswordAge;
 280   LARGE_INTEGER MinPasswordAge;
 281 } DOMAIN_PASSWORD_INFORMATION, *PDOMAIN_PASSWORD_INFORMATION;
 282 typedef ULONG LSA_ENUMERATION_HANDLE, *PLSA_ENUMERATION_HANDLE;
 283 typedef struct _LSA_ENUMERATION_INFORMATION {
 284   PSID Sid;
 285 } LSA_ENUMERATION_INFORMATION, *PLSA_ENUMERATION_INFORMATION;
 286 typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE;
 287
 288 #if !defined(_NTDEF_H)
 289 typedef struct _LSA_OBJECT_ATTRIBUTES {
 290   ULONG Length;
 291   HANDLE RootDirectory;
 292   PLSA_UNICODE_STRING ObjectName;
 293   ULONG Attributes;
 294   PVOID SecurityDescriptor;
 295   PVOID SecurityQualityOfService;
 296 } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
 297 #endif
 298
 299 typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES;
 300 typedef struct _LSA_TRUST_INFORMATION {
 301   LSA_UNICODE_STRING Name;
 302   PSID Sid;
 303 } LSA_TRUST_INFORMATION, *PLSA_TRUST_INFORMATION;
 304 typedef struct _LSA_REFERENCED_DOMAIN_LIST {
 305   ULONG Entries;
 306   PLSA_TRUST_INFORMATION Domains;
 307 } LSA_REFERENCED_DOMAIN_LIST, *PLSA_REFERENCED_DOMAIN_LIST;
 308 typedef struct _LSA_TRANSLATED_SID {
 309   SID_NAME_USE Use;
 310   ULONG RelativeId;
 311   LONG DomainIndex;
 312 } LSA_TRANSLATED_SID, *PLSA_TRANSLATED_SID;
 313 typedef struct _LSA_TRANSLATED_NAME {
 314   SID_NAME_USE Use;
 315   LSA_UNICODE_STRING Name;
 316   LONG DomainIndex;
 317 } LSA_TRANSLATED_NAME, *PLSA_TRANSLATED_NAME;
 318 typedef struct _MSV1_0_INTERACTIVE_LOGON {
 319   MSV1_0_LOGON_SUBMIT_TYPE MessageType;
 320   UNICODE_STRING LogonDomainName;
 321   UNICODE_STRING UserName;
 322   UNICODE_STRING Password;
 323 } MSV1_0_INTERACTIVE_LOGON, *PMSV1_0_INTERACTIVE_LOGON;
 324 typedef struct _MSV1_0_INTERACTIVE_PROFILE {
 325   MSV1_0_PROFILE_BUFFER_TYPE MessageType;
 326   USHORT LogonCount;
 327   USHORT BadPasswordCount;
 328   LARGE_INTEGER LogonTime;
 329   LARGE_INTEGER LogoffTime;
 330   LARGE_INTEGER KickOffTime;
 331   LARGE_INTEGER PasswordLastSet;
 332   LARGE_INTEGER PasswordCanChange;
 333   LARGE_INTEGER PasswordMustChange;
 334   UNICODE_STRING LogonScript;
 335   UNICODE_STRING HomeDirectory;
 336   UNICODE_STRING FullName;
 337   UNICODE_STRING ProfilePath;
 338   UNICODE_STRING HomeDirectoryDrive;
 339   UNICODE_STRING LogonServer;
 340   ULONG UserFlags;
 341 } MSV1_0_INTERACTIVE_PROFILE, *PMSV1_0_INTERACTIVE_PROFILE;
 342 typedef struct _MSV1_0_LM20_LOGON {
 343   MSV1_0_LOGON_SUBMIT_TYPE MessageType;
 344   UNICODE_STRING LogonDomainName;
 345   UNICODE_STRING UserName;
 346   UNICODE_STRING Workstation;
 347   UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
 348   STRING CaseSensitiveChallengeResponse;
 349   STRING CaseInsensitiveChallengeResponse;
 350   ULONG ParameterControl;
 351 } MSV1_0_LM20_LOGON, * PMSV1_0_LM20_LOGON;
 352 typedef struct _MSV1_0_SUBAUTH_LOGON{ /* W2K only */
 353   MSV1_0_LOGON_SUBMIT_TYPE MessageType;
 354   UNICODE_STRING LogonDomainName;
 355   UNICODE_STRING UserName;
 356   UNICODE_STRING Workstation;
 357   UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
 358   STRING AuthenticationInfo1;
 359   STRING AuthenticationInfo2;
 360   ULONG ParameterControl;
 361   ULONG SubAuthPackageId;
 362 } MSV1_0_SUBAUTH_LOGON, * PMSV1_0_SUBAUTH_LOGON;
 363 typedef struct _MSV1_0_LM20_LOGON_PROFILE {
 364   MSV1_0_PROFILE_BUFFER_TYPE MessageType;
 365   LARGE_INTEGER KickOffTime;
 366   LARGE_INTEGER LogoffTime;
 367   ULONG UserFlags;
 368   UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
 369   UNICODE_STRING LogonDomainName;
 370   UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH];
 371   UNICODE_STRING LogonServer;
 372   UNICODE_STRING UserParameters;
 373 } MSV1_0_LM20_LOGON_PROFILE, * PMSV1_0_LM20_LOGON_PROFILE;
 374 typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL {
 375   ULONG Version;
 376   ULONG Flags;
 377   UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH];
 378   UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH];
 379 } MSV1_0_SUPPLEMENTAL_CREDENTIAL, *PMSV1_0_SUPPLEMENTAL_CREDENTIAL;
 380 typedef struct _MSV1_0_NTLM3_RESPONSE {
 381   UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH];
 382   UCHAR RespType;
 383   UCHAR HiRespType;
 384   USHORT Flags;
 385   ULONG MsgWord;
 386   ULONGLONG TimeStamp;
 387   UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH];
 388   ULONG AvPairsOff;
 389   UCHAR Buffer[1];
 390 } MSV1_0_NTLM3_RESPONSE, *PMSV1_0_NTLM3_RESPONSE;
 391 typedef struct  _MSV1_0_AV_PAIR {
 392   USHORT AvId;
 393   USHORT AvLen;
 394 } MSV1_0_AV_PAIR, *PMSV1_0_AV_PAIR;
 395 typedef struct _MSV1_0_CHANGEPASSWORD_REQUEST {
 396   MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
 397   UNICODE_STRING DomainName;
 398   UNICODE_STRING AccountName;
 399   UNICODE_STRING OldPassword;
 400   UNICODE_STRING NewPassword;
 401   BOOLEAN Impersonating;
 402 } MSV1_0_CHANGEPASSWORD_REQUEST, *PMSV1_0_CHANGEPASSWORD_REQUEST;
 403 typedef struct _MSV1_0_CHANGEPASSWORD_RESPONSE {
 404   MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
 405   BOOLEAN PasswordInfoValid;
 406   DOMAIN_PASSWORD_INFORMATION DomainPasswordInfo;
 407 } MSV1_0_CHANGEPASSWORD_RESPONSE, *PMSV1_0_CHANGEPASSWORD_RESPONSE;
 408 typedef struct _MSV1_0_SUBAUTH_REQUEST{
 409   MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
 410   ULONG SubAuthPackageId;
 411   ULONG SubAuthInfoLength;
 412   PUCHAR SubAuthSubmitBuffer;
 413 } MSV1_0_SUBAUTH_REQUEST, *PMSV1_0_SUBAUTH_REQUEST;
 414 typedef struct _MSV1_0_SUBAUTH_RESPONSE{
 415   MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
 416   ULONG SubAuthInfoLength;
 417   PUCHAR SubAuthReturnBuffer;
 418 } MSV1_0_SUBAUTH_RESPONSE, *PMSV1_0_SUBAUTH_RESPONSE;
 419 #define MSV1_0_DERIVECRED_TYPE_SHA1 0
 420 typedef struct _MSV1_0_DERIVECRED_REQUEST {
 421   MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
 422   LUID LogonId;
 423   ULONG DeriveCredType;
 424   ULONG DeriveCredInfoLength;
 425   UCHAR DeriveCredSubmitBuffer[1];
 426 } MSV1_0_DERIVECRED_REQUEST, *PMSV1_0_DERIVECRED_REQUEST;
 427 typedef struct _MSV1_0_DERIVECRED_RESPONSE {
 428   MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
 429   ULONG DeriveCredInfoLength;
 430   UCHAR DeriveCredReturnBuffer[1];
 431 } MSV1_0_DERIVECRED_RESPONSE, *PMSV1_0_DERIVECRED_RESPONSE;
 432 typedef ULONG POLICY_AUDIT_EVENT_OPTIONS, *PPOLICY_AUDIT_EVENT_OPTIONS;
 433 typedef struct _POLICY_PRIVILEGE_DEFINITION {
 434   LSA_UNICODE_STRING Name;
 435   LUID LocalValue;
 436 } POLICY_PRIVILEGE_DEFINITION, *PPOLICY_PRIVILEGE_DEFINITION;
 437 typedef struct _POLICY_AUDIT_LOG_INFO {
 438   ULONG AuditLogPercentFull;
 439   ULONG MaximumLogSize;
 440   LARGE_INTEGER AuditRetentionPeriod;
 441   BOOLEAN AuditLogFullShutdownInProgress;
 442   LARGE_INTEGER TimeToShutdown;
 443   ULONG NextAuditRecordId;
 444 } POLICY_AUDIT_LOG_INFO, *PPOLICY_AUDIT_LOG_INFO;
 445 typedef struct _POLICY_AUDIT_EVENTS_INFO {
 446   BOOLEAN AuditingMode;
 447   PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions;
 448   ULONG MaximumAuditEventCount;
 449 } POLICY_AUDIT_EVENTS_INFO, *PPOLICY_AUDIT_EVENTS_INFO;
 450 typedef struct _POLICY_ACCOUNT_DOMAIN_INFO {
 451   LSA_UNICODE_STRING DomainName;
 452   PSID DomainSid;
 453 } POLICY_ACCOUNT_DOMAIN_INFO, *PPOLICY_ACCOUNT_DOMAIN_INFO;
 454 typedef struct _POLICY_PRIMARY_DOMAIN_INFO {
 455   LSA_UNICODE_STRING Name;
 456   PSID Sid;
 457 } POLICY_PRIMARY_DOMAIN_INFO, *PPOLICY_PRIMARY_DOMAIN_INFO;
 458 typedef struct _POLICY_DNS_DOMAIN_INFO {
 459   LSA_UNICODE_STRING Name;
 460   LSA_UNICODE_STRING DnsDomainName;
 461   LSA_UNICODE_STRING DnsForestName;
 462   GUID DomainGuid;
 463   PSID Sid;
 464 } POLICY_DNS_DOMAIN_INFO, *PPOLICY_DNS_DOMAIN_INFO;
 465 typedef struct _POLICY_PD_ACCOUNT_INFO {
 466   LSA_UNICODE_STRING Name;
 467 } POLICY_PD_ACCOUNT_INFO, *PPOLICY_PD_ACCOUNT_INFO;
 468 typedef struct _POLICY_LSA_SERVER_ROLE_INFO {
 469   POLICY_LSA_SERVER_ROLE LsaServerRole;
 470 } POLICY_LSA_SERVER_ROLE_INFO, *PPOLICY_LSA_SERVER_ROLE_INFO;
 471 typedef struct _POLICY_REPLICA_SOURCE_INFO {
 472   LSA_UNICODE_STRING ReplicaSource;
 473   LSA_UNICODE_STRING ReplicaAccountName;
 474 } POLICY_REPLICA_SOURCE_INFO, *PPOLICY_REPLICA_SOURCE_INFO;
 475 typedef struct _POLICY_DEFAULT_QUOTA_INFO {
 476   QUOTA_LIMITS QuotaLimits;
 477 } POLICY_DEFAULT_QUOTA_INFO, *PPOLICY_DEFAULT_QUOTA_INFO;
 478 typedef struct _POLICY_MODIFICATION_INFO {
 479   LARGE_INTEGER ModifiedId;
 480   LARGE_INTEGER DatabaseCreationTime;
 481 } POLICY_MODIFICATION_INFO, *PPOLICY_MODIFICATION_INFO;
 482 typedef struct _POLICY_AUDIT_FULL_SET_INFO {
 483   BOOLEAN ShutDownOnFull;
 484 } POLICY_AUDIT_FULL_SET_INFO, *PPOLICY_AUDIT_FULL_SET_INFO;
 485 typedef struct _POLICY_AUDIT_FULL_QUERY_INFO {
 486   BOOLEAN ShutDownOnFull;
 487   BOOLEAN LogIsFull;
 488 } POLICY_AUDIT_FULL_QUERY_INFO, *PPOLICY_AUDIT_FULL_QUERY_INFO;
 489 typedef struct _POLICY_EFS_INFO {
 490   ULONG InfoLength;
 491   PUCHAR EfsBlob;
 492 } POLICY_EFS_INFO, *PPOLICY_EFS_INFO;
 493 typedef struct _POLICY_LOCAL_IPSEC_REFERENCE_INFO {
 494   LSA_UNICODE_STRING ObjectPath;
 495 } POLICY_LOCAL_IPSEC_REFERENCE_INFO, *PPOLICY_LOCAL_IPSEC_REFERENCE_INFO;
 496 typedef struct _POLICY_LOCAL_MACHINE_PASSWORD_INFO {
 497   LARGE_INTEGER PasswordChangeInterval;
 498 } POLICY_LOCAL_MACHINE_PASSWORD_INFO, *PPOLICY_LOCAL_MACHINE_PASSWORD_INFO;
 499 typedef struct _POLICY_LOCAL_POLICY_LOCATION_INFO {
 500   ULONG PolicyLocation;
 501 } POLICY_LOCAL_POLICY_LOCATION_INFO, *PPOLICY_LOCAL_POLICY_LOCATION_INFO;
 502 typedef struct _POLICY_LOCAL_QUALITY_OF_SERVICE_INFO {
 503   ULONG QualityOfService;
 504 } POLICY_LOCAL_QUALITY_OF_SERVICE_INFO, *PPOLICY_LOCAL_QUALITY_OF_SERVICE_INFO;
 505 typedef struct _POLICY_LOCAL_QUALITY_OF_SERVICE_INFO POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
 506 typedef struct _POLICY_LOCAL_QUALITY_OF_SERVICE_INFO *PPOLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
 507 typedef struct _POLICY_DOMAIN_PUBLIC_KEY_INFO {
 508   ULONG InfoLength;
 509   PUCHAR PublicKeyInfo;
 510 } POLICY_DOMAIN_PUBLIC_KEY_INFO, *PPOLICY_DOMAIN_PUBLIC_KEY_INFO;
 511 typedef struct _POLICY_DOMAIN_LOCKOUT_INFO {
 512   LARGE_INTEGER LockoutDuration;
 513   LARGE_INTEGER LockoutObservationWindow;
 514   USHORT LockoutThreshold;
 515 } POLICY_DOMAIN_LOCKOUT_INFO, *PPOLICY_DOMAIN_LOCKOUT_INFO;
 516 typedef struct _POLICY_DOMAIN_PASSWORD_INFO {
 517   USHORT MinPasswordLength;
 518   USHORT PasswordHistoryLength;
 519   ULONG PasswordProperties;
 520   LARGE_INTEGER MaxPasswordAge;
 521   LARGE_INTEGER MinPasswordAge;
 522 } POLICY_DOMAIN_PASSWORD_INFO, *PPOLICY_DOMAIN_PASSWORD_INFO;
 523 typedef struct _POLICY_DOMAIN_KERBEROS_TICKET_INFO {
 524   ULONG AuthenticationOptions;
 525   LARGE_INTEGER MinTicketAge;
 526   LARGE_INTEGER MaxTicketAge;
 527   LARGE_INTEGER MaxRenewAge;
 528   LARGE_INTEGER ProxyLifetime;
 529   LARGE_INTEGER ForceLogoff;
 530 } POLICY_DOMAIN_KERBEROS_TICKET_INFO, *PPOLICY_DOMAIN_KERBEROS_TICKET_INFO;
 531 typedef PVOID LSA_HANDLE, *PLSA_HANDLE;
 532 typedef struct _TRUSTED_DOMAIN_NAME_INFO {
 533   LSA_UNICODE_STRING Name;
 534 } TRUSTED_DOMAIN_NAME_INFO, *PTRUSTED_DOMAIN_NAME_INFO;
 535 typedef struct _TRUSTED_CONTROLLERS_INFO {
 536   ULONG Entries;
 537   PLSA_UNICODE_STRING Names;
 538 } TRUSTED_CONTROLLERS_INFO, *PTRUSTED_CONTROLLERS_INFO;
 539 typedef struct _TRUSTED_POSIX_OFFSET_INFO {
 540   ULONG Offset;
 541 } TRUSTED_POSIX_OFFSET_INFO, *PTRUSTED_POSIX_OFFSET_INFO;
 542 typedef struct _TRUSTED_PASSWORD_INFO {
 543   LSA_UNICODE_STRING Password;
 544   LSA_UNICODE_STRING OldPassword;
 545 } TRUSTED_PASSWORD_INFO, *PTRUSTED_PASSWORD_INFO;
 546 typedef  LSA_TRUST_INFORMATION TRUSTED_DOMAIN_INFORMATION_BASIC;
 547 typedef PLSA_TRUST_INFORMATION *PTRUSTED_DOMAIN_INFORMATION_BASIC;
 548 typedef struct _TRUSTED_DOMAIN_INFORMATION_EX {
 549   LSA_UNICODE_STRING Name;
 550   LSA_UNICODE_STRING FlatName;
 551   PSID Sid;
 552   ULONG TrustDirection;
 553   ULONG TrustType;
 554   ULONG TrustAttributes;
 555 } TRUSTED_DOMAIN_INFORMATION_EX, *PTRUSTED_DOMAIN_INFORMATION_EX;
 556 typedef struct _LSA_AUTH_INFORMATION {
 557   LARGE_INTEGER LastUpdateTime;
 558   ULONG AuthType;
 559   ULONG AuthInfoLength;
 560   PUCHAR AuthInfo;
 561 } LSA_AUTH_INFORMATION, *PLSA_AUTH_INFORMATION;
 562 typedef struct _TRUSTED_DOMAIN_AUTH_INFORMATION {
 563   ULONG IncomingAuthInfos;
 564   PLSA_AUTH_INFORMATION IncomingAuthenticationInformation;
 565   PLSA_AUTH_INFORMATION IncomingPreviousAuthenticationInformation;
 566   ULONG OutgoingAuthInfos;
 567   PLSA_AUTH_INFORMATION OutgoingAuthenticationInformation;
 568   PLSA_AUTH_INFORMATION OutgoingPreviousAuthenticationInformation;
 569 } TRUSTED_DOMAIN_AUTH_INFORMATION, *PTRUSTED_DOMAIN_AUTH_INFORMATION;
 570 typedef struct _TRUSTED_DOMAIN_FULL_INFORMATION {
 571   TRUSTED_DOMAIN_INFORMATION_EX Information;
 572   TRUSTED_POSIX_OFFSET_INFO PosixOffset;
 573   TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation;
 574 } TRUSTED_DOMAIN_FULL_INFORMATION, *PTRUSTED_DOMAIN_FULL_INFORMATION;
 575 NTSTATUS NTAPI LsaAddAccountRights(LSA_HANDLE,PSID,PLSA_UNICODE_STRING,ULONG);
 576 NTSTATUS NTAPI LsaCallAuthenticationPackage(HANDLE,ULONG,PVOID,ULONG,PVOID*,
 577                             PULONG,PNTSTATUS);
 578 NTSTATUS NTAPI LsaClose(LSA_HANDLE);
 579 NTSTATUS NTAPI LsaConnectUntrusted(PHANDLE);
 580 NTSTATUS NTAPI LsaCreateTrustedDomainEx(LSA_HANDLE,
 581                             PTRUSTED_DOMAIN_INFORMATION_EX,
 582                             PTRUSTED_DOMAIN_AUTH_INFORMATION,ACCESS_MASK,
 583                             PLSA_HANDLE);
 584 NTSTATUS NTAPI LsaDeleteTrustedDomain(LSA_HANDLE,PSID);
 585 NTSTATUS NTAPI LsaDeregisterLogonProcess(HANDLE);
 586 NTSTATUS NTAPI LsaEnumerateAccountRights(LSA_HANDLE,PSID,PLSA_UNICODE_STRING*,PULONG);
 587 NTSTATUS NTAPI LsaEnumerateAccountsWithUserRight(LSA_HANDLE,PLSA_UNICODE_STRING,
 588                             PVOID*,PULONG);
 589 NTSTATUS NTAPI LsaEnumerateTrustedDomains(LSA_HANDLE,PLSA_ENUMERATION_HANDLE,
 590                             PVOID*,ULONG,PULONG);
 591 NTSTATUS NTAPI LsaEnumerateTrustedDomainsEx(LSA_HANDLE,PLSA_ENUMERATION_HANDLE,
 592                             TRUSTED_INFORMATION_CLASS,PVOID*,ULONG,PULONG);
 593 NTSTATUS NTAPI LsaFreeMemory(PVOID);
 594 NTSTATUS NTAPI LsaFreeReturnBuffer(PVOID);
 595 NTSTATUS NTAPI LsaLogonUser(HANDLE,PLSA_STRING,SECURITY_LOGON_TYPE,ULONG,PVOID,
 596                             ULONG,PTOKEN_GROUPS,PTOKEN_SOURCE,PVOID*,PULONG,
 597                             PLUID,PHANDLE,PQUOTA_LIMITS,PNTSTATUS);
 598 NTSTATUS NTAPI LsaLookupAuthenticationPackage(HANDLE,PLSA_STRING,PULONG);
 599 NTSTATUS NTAPI LsaLookupNames(LSA_HANDLE,ULONG,PLSA_UNICODE_STRING,
 600                             PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_SID*);
 601 NTSTATUS NTAPI LsaLookupSids(LSA_HANDLE,ULONG,PSID*,
 602                             PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_NAME*);
 603 ULONG NTAPI LsaNtStatusToWinError(NTSTATUS);
 604 NTSTATUS NTAPI LsaOpenPolicy(PLSA_UNICODE_STRING,PLSA_OBJECT_ATTRIBUTES,
 605                             ACCESS_MASK,PLSA_HANDLE);
 606 NTSTATUS NTAPI LsaQueryDomainInformationPolicy(LSA_HANDLE,
 607                             POLICY_DOMAIN_INFORMATION_CLASS,PVOID*);
 608 NTSTATUS NTAPI LsaQueryInformationPolicy(LSA_HANDLE,POLICY_INFORMATION_CLASS,PVOID*);
 609 NTSTATUS NTAPI LsaQueryLocalInformationPolicy(LSA_HANDLE,
 610                             POLICY_LOCAL_INFORMATION_CLASS,PVOID*);
 611 NTSTATUS NTAPI LsaQueryTrustedDomainInfo(LSA_HANDLE,PSID,
 612                             TRUSTED_INFORMATION_CLASS,PVOID*);
 613 NTSTATUS NTAPI LsaQueryTrustedDomainInfoByName(LSA_HANDLE,PLSA_UNICODE_STRING,
 614                             TRUSTED_INFORMATION_CLASS,PVOID*);
 615 NTSTATUS NTAPI LsaRegisterLogonProcess(PLSA_STRING,PHANDLE,PLSA_OPERATIONAL_MODE);
 616 NTSTATUS NTAPI LsaRemoveAccountRights(LSA_HANDLE,PSID,BOOLEAN,
 617                             PLSA_UNICODE_STRING,ULONG);
 618 NTSTATUS NTAPI LsaRetrievePrivateData(LSA_HANDLE,PLSA_UNICODE_STRING,
 619                             PLSA_UNICODE_STRING*);
 620 NTSTATUS NTAPI LsaSetDomainInformationPolicy(LSA_HANDLE,
 621                             POLICY_DOMAIN_INFORMATION_CLASS,PVOID);
 622 NTSTATUS NTAPI LsaSetInformationPolicy(LSA_HANDLE,POLICY_INFORMATION_CLASS, PVOID);
 623 NTSTATUS NTAPI LsaSetLocalInformationPolicy(LSA_HANDLE,
 624                             POLICY_LOCAL_INFORMATION_CLASS,PVOID);
 625 NTSTATUS NTAPI LsaSetTrustedDomainInformation(LSA_HANDLE,PSID,
 626                             TRUSTED_INFORMATION_CLASS,PVOID);
 627 NTSTATUS NTAPI LsaSetTrustedDomainInfoByName(LSA_HANDLE,PLSA_UNICODE_STRING,
 628                             TRUSTED_INFORMATION_CLASS,PVOID);
 629 NTSTATUS NTAPI LsaStorePrivateData(LSA_HANDLE,PLSA_UNICODE_STRING,
 630                             PLSA_UNICODE_STRING);
 631 typedef NTSTATUS (*PSAM_PASSWORD_NOTIFICATION_ROUTINE)(PUNICODE_STRING,
 632                             ULONG,PUNICODE_STRING);
 633 typedef BOOLEAN (*PSAM_INIT_NOTIFICATION_ROUTINE)(void);
 634 typedef BOOLEAN (*PSAM_PASSWORD_FILTER_ROUTINE)(PUNICODE_STRING,PUNICODE_STRING,
 635                             PUNICODE_STRING,BOOLEAN);
 636 #ifdef __cplusplus
 637 }
 638 #endif
 639
 640 #endif /* _NTSECAPI_H */