3 * Copyright 2012, 2013 MinGW.org project
5 * Permission is hereby granted, free of charge, to any person obtaining a
6 * copy of this software and associated documentation files (the "Software"),
7 * to deal in the Software without restriction, including without limitation
8 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
9 * and/or sell copies of the Software, and to permit persons to whom the
10 * Software is furnished to do so, subject to the following conditions:
12 * The above copyright notice and this permission notice (including the next
13 * paragraph) shall be included in all copies or substantial portions of the
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
22 * DEALINGS IN THE SOFTWARE.
26 #pragma GCC system_header
33 #define KERB_WRAP_NO_ENCRYPT 0x80000001
35 #define LOGON_NOENCRYPTION 2
36 #define LOGON_CACHED_ACCOUNT 4
37 #define LOGON_USED_LM_PASSWORD 8
38 #define LOGON_EXTRA_SIDS 32
39 #define LOGON_SUBAUTH_SESSION_KEY 64
40 #define LOGON_SERVER_TRUST_ACCOUNT 128
41 #define LOGON_NTLMV2_ENABLED 256
42 #define LOGON_RESOURCE_GROUPS 512
43 #define LOGON_PROFILE_PATH_RETURNED 1024
44 #define LOGON_GRACE_LOGON 16777216
45 #define LSA_MODE_PASSWORD_PROTECTED 1
46 #define LSA_MODE_INDIVIDUAL_ACCOUNTS 2
47 #define LSA_MODE_MANDATORY_ACCESS 3
48 #define LSA_MODE_LOG_FULL 4
49 #define LSA_SUCCESS(x) ((LONG)(x)>=0)
50 #define MICROSOFT_KERBEROS_NAME_A "Kerberos"
51 #define MICROSOFT_KERBEROS_NAME_W L"Kerberos"
52 #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 32
53 #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 2048
54 #define MSV1_0_CHALLENGE_LENGTH 8
55 #define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 2
56 #define MSV1_0_CRED_LM_PRESENT 1
57 #define MSV1_0_CRED_NT_PRESENT 2
58 #define MSV1_0_CRED_VERSION 0
59 #define MSV1_0_DONT_TRY_GUEST_ACCOUNT 16
60 #define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8
61 #define MSV1_0_MAX_NTLM3_LIFE 1800
62 #define MSV1_0_MAX_AVL_SIZE 64000
63 #define MSV1_0_MNS_LOGON 16777216
64 #define MSV1_0_NTLM3_RESPONSE_LENGTH 16
65 #define MSV1_0_NTLM3_OWF_LENGTH 16
66 #define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE)-MSV1_0_NTLM3_RESPONSE_LENGTH)
67 #define MSV1_0_OWF_PASSWORD_LENGTH 16
68 #define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
69 #define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
70 #define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW)-sizeof(WCHAR)
71 #define MSV1_0_RETURN_USER_PARAMETERS 8
72 #define MSV1_0_RETURN_PASSWORD_EXPIRY 64
73 #define MSV1_0_RETURN_PROFILE_PATH 512
74 #define MSV1_0_SUBAUTHENTICATION_DLL_EX 1048576
75 #define MSV1_0_SUBAUTHENTICATION_DLL 0xff000000
76 #define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24
77 #define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2
78 #define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132
79 #define MSV1_0_SUBAUTHENTICATION_FLAGS 0xff000000
80 #define MSV1_0_SUBAUTHENTICATION_KEY "System\\CurrentControlSet\\Control\\Lsa\\MSV1_0"
81 #define MSV1_0_SUBAUTHENTICATION_VALUE "Auth"
82 #define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 256
83 #define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 1024
84 #define MSV1_0_UPDATE_LOGON_STATISTICS 4
85 #define MSV1_0_USE_CLIENT_CHALLENGE 128
86 #define MSV1_0_USER_SESSION_KEY_LENGTH 16
87 #define POLICY_VIEW_LOCAL_INFORMATION 1
88 #define POLICY_VIEW_AUDIT_INFORMATION 2
89 #define POLICY_GET_PRIVATE_INFORMATION 4
90 #define POLICY_TRUST_ADMIN 8
91 #define POLICY_CREATE_ACCOUNT 16
92 #define POLICY_CREATE_SECRET 32
93 #define POLICY_CREATE_PRIVILEGE 64
94 #define POLICY_SET_DEFAULT_QUOTA_LIMITS 128
95 #define POLICY_SET_AUDIT_REQUIREMENTS 256
96 #define POLICY_AUDIT_LOG_ADMIN 512
97 #define POLICY_SERVER_ADMIN 1024
98 #define POLICY_LOOKUP_NAMES 2048
99 #define POLICY_READ (STANDARD_RIGHTS_READ|6)
100 #define POLICY_WRITE (STANDARD_RIGHTS_WRITE|2040)
101 #define POLICY_EXECUTE (STANDARD_RIGHTS_EXECUTE|2049)
102 #define POLICY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|4095)
103 #define POLICY_AUDIT_EVENT_UNCHANGED 0
104 #define POLICY_AUDIT_EVENT_SUCCESS 1
105 #define POLICY_AUDIT_EVENT_FAILURE 2
106 #define POLICY_AUDIT_EVENT_NONE 4
107 #define POLICY_AUDIT_EVENT_MASK 7
108 #define POLICY_LOCATION_LOCAL 1
109 #define POLICY_LOCATION_DS 2
110 #define POLICY_MACHINE_POLICY_LOCAL 0
111 #define POLICY_MACHINE_POLICY_DEFAULTED 1
112 #define POLICY_MACHINE_POLICY_EXPLICIT 2
113 #define POLICY_MACHINE_POLICY_UNKNOWN 0xFFFFFFFF
114 #define POLICY_QOS_SCHANEL_REQUIRED 1
115 #define POLICY_QOS_OUTBOUND_INTEGRITY 2
116 #define POLICY_QOS_OUTBOUND_CONFIDENTIALITY 4
117 #define POLICY_QOS_INBOUND_INTEGREITY 8
118 #define POLICY_QOS_INBOUND_CONFIDENTIALITY 16
119 #define POLICY_QOS_ALLOW_LOCAL_ROOT_CERT_STORE 32
120 #define POLICY_QOS_RAS_SERVER_ALLOWED 64
121 #define POLICY_QOS_DHCP_SERVER_ALLOWD 128
122 #define POLICY_KERBEROS_FORWARDABLE 1
123 #define POLICY_KERBEROS_PROXYABLE 2
124 #define POLICY_KERBEROS_RENEWABLE 4
125 #define POLICY_KERBEROS_POSTDATEABLE 8
126 #define SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE "PasswordChangeNotify"
127 #define SAM_INIT_NOTIFICATION_ROUTINE "InitializeChangeNotify"
128 #define SAM_PASSWORD_FILTER_ROUTINE "PasswordFilter"
129 #define SE_INTERACTIVE_LOGON_NAME TEXT("SeInteractiveLogonRight")
130 #define SE_NETWORK_LOGON_NAME TEXT("SeNetworkLogonRight")
131 #define SE_BATCH_LOGON_NAME TEXT("SeBatchLogonRight")
132 #define SE_SERVICE_LOGON_NAME TEXT("SeServiceLogonRight")
133 #define TRUST_ATTRIBUTE_NON_TRANSITIVE 1
134 #define TRUST_ATTRIBUTE_UPLEVEL_ONLY 2
135 #define TRUST_ATTRIBUTE_TREE_PARENT 4194304
136 #define TRUST_ATTRIBUTES_VALID -16580609
137 #define TRUST_AUTH_TYPE_NONE 0
138 #define TRUST_AUTH_TYPE_NT4OWF 1
139 #define TRUST_AUTH_TYPE_CLEAR 2
140 #define TRUST_DIRECTION_DISABLED 0
141 #define TRUST_DIRECTION_INBOUND 1
142 #define TRUST_DIRECTION_OUTBOUND 2
143 #define TRUST_DIRECTION_BIDIRECTIONAL 3
144 #define TRUST_TYPE_DOWNLEVEL 1
145 #define TRUST_TYPE_UPLEVEL 2
146 #define TRUST_TYPE_MIT 3
147 #define TRUST_TYPE_DCE 4
149 #if !defined(_NTDEF_H) && !defined(_SUBAUTH_H)
150 typedef LONG NTSTATUS, *PNTSTATUS;
151 typedef struct _UNICODE_STRING {
153 USHORT MaximumLength;
155 } UNICODE_STRING, *PUNICODE_STRING;
156 typedef const UNICODE_STRING* PCUNICODE_STRING;
157 typedef struct _STRING {
159 USHORT MaximumLength;
164 typedef UNICODE_STRING LSA_UNICODE_STRING, *PLSA_UNICODE_STRING;
165 typedef STRING LSA_STRING, *PLSA_STRING;
166 typedef enum _MSV1_0_LOGON_SUBMIT_TYPE {
167 MsV1_0InteractiveLogon = 2,
171 MsV1_0WorkstationUnlockLogon = 7
172 } MSV1_0_LOGON_SUBMIT_TYPE, *PMSV1_0_LOGON_SUBMIT_TYPE;
173 typedef enum _MSV1_0_PROFILE_BUFFER_TYPE {
174 MsV1_0InteractiveProfile = 2,
175 MsV1_0Lm20LogonProfile,
176 MsV1_0SmartCardProfile
177 } MSV1_0_PROFILE_BUFFER_TYPE, *PMSV1_0_PROFILE_BUFFER_TYPE;
182 MsvAvDnsComputerName,
185 typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE {
186 MsV1_0Lm20ChallengeRequest = 0,
187 MsV1_0Lm20GetChallengeResponse,
188 MsV1_0EnumerateUsers,
191 MsV1_0ChangePassword,
192 MsV1_0ChangeCachedPassword,
193 MsV1_0GenericPassthrough,
196 MsV1_0DeriveCredential,
198 } MSV1_0_PROTOCOL_MESSAGE_TYPE, *PMSV1_0_PROTOCOL_MESSAGE_TYPE;
199 typedef enum _POLICY_LSA_SERVER_ROLE {
200 PolicyServerRoleBackup = 2,
201 PolicyServerRolePrimary
202 } POLICY_LSA_SERVER_ROLE, *PPOLICY_LSA_SERVER_ROLE;
203 typedef enum _POLICY_SERVER_ENABLE_STATE {
204 PolicyServerEnabled = 2,
206 } POLICY_SERVER_ENABLE_STATE, *PPOLICY_SERVER_ENABLE_STATE;
207 typedef enum _POLICY_INFORMATION_CLASS {
208 PolicyAuditLogInformation = 1,
209 PolicyAuditEventsInformation,
210 PolicyPrimaryDomainInformation,
211 PolicyPdAccountInformation,
212 PolicyAccountDomainInformation,
213 PolicyLsaServerRoleInformation,
214 PolicyReplicaSourceInformation,
215 PolicyDefaultQuotaInformation,
216 PolicyModificationInformation,
217 PolicyAuditFullSetInformation,
218 PolicyAuditFullQueryInformation,
219 PolicyDnsDomainInformation,
221 } POLICY_INFORMATION_CLASS, *PPOLICY_INFORMATION_CLASS;
222 typedef enum _POLICY_AUDIT_EVENT_TYPE {
225 AuditCategoryObjectAccess,
226 AuditCategoryPrivilegeUse,
227 AuditCategoryDetailedTracking,
228 AuditCategoryPolicyChange,
229 AuditCategoryAccountManagement,
230 AuditCategoryDirectoryServiceAccess,
231 AuditCategoryAccountLogon
232 } POLICY_AUDIT_EVENT_TYPE, *PPOLICY_AUDIT_EVENT_TYPE;
233 typedef enum _POLICY_LOCAL_INFORMATION_CLASS {
234 PolicyLocalAuditEventsInformation = 1,
235 PolicyLocalPdAccountInformation,
236 PolicyLocalAccountDomainInformation,
237 PolicyLocalLsaServerRoleInformation,
238 PolicyLocalReplicaSourceInformation,
239 PolicyLocalModificationInformation,
240 PolicyLocalAuditFullSetInformation,
241 PolicyLocalAuditFullQueryInformation,
242 PolicyLocalDnsDomainInformation,
243 PolicyLocalIPSecReferenceInformation,
244 PolicyLocalMachinePasswordInformation,
245 PolicyLocalQualityOfServiceInformation,
246 PolicyLocalPolicyLocationInformation
247 } POLICY_LOCAL_INFORMATION_CLASS, *PPOLICY_LOCAL_INFORMATION_CLASS;
248 typedef enum _POLICY_DOMAIN_INFORMATION_CLASS {
249 PolicyDomainIPSecReferenceInformation = 1,
250 PolicyDomainQualityOfServiceInformation,
251 PolicyDomainEfsInformation,
252 PolicyDomainPublicKeyInformation,
253 PolicyDomainPasswordPolicyInformation,
254 PolicyDomainLockoutInformation,
255 PolicyDomainKerberosTicketInformation
256 } POLICY_DOMAIN_INFORMATION_CLASS, *PPOLICY_DOMAIN_INFORMATION_CLASS;
257 typedef enum _SECURITY_LOGON_TYPE {
264 } SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE;
265 typedef enum _TRUSTED_INFORMATION_CLASS {
266 TrustedDomainNameInformation = 1,
267 TrustedControllersInformation,
268 TrustedPosixOffsetInformation,
269 TrustedPasswordInformation,
270 TrustedDomainInformationBasic,
271 TrustedDomainInformationEx,
272 TrustedDomainAuthInformation,
273 TrustedDomainFullInformation
274 } TRUSTED_INFORMATION_CLASS, *PTRUSTED_INFORMATION_CLASS;
275 typedef struct _DOMAIN_PASSWORD_INFORMATION {
276 USHORT MinPasswordLength;
277 USHORT PasswordHistoryLength;
278 ULONG PasswordProperties;
279 LARGE_INTEGER MaxPasswordAge;
280 LARGE_INTEGER MinPasswordAge;
281 } DOMAIN_PASSWORD_INFORMATION, *PDOMAIN_PASSWORD_INFORMATION;
282 typedef ULONG LSA_ENUMERATION_HANDLE, *PLSA_ENUMERATION_HANDLE;
283 typedef struct _LSA_ENUMERATION_INFORMATION {
285 } LSA_ENUMERATION_INFORMATION, *PLSA_ENUMERATION_INFORMATION;
286 typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE;
288 #if !defined(_NTDEF_H)
289 typedef struct _LSA_OBJECT_ATTRIBUTES {
291 HANDLE RootDirectory;
292 PLSA_UNICODE_STRING ObjectName;
294 PVOID SecurityDescriptor;
295 PVOID SecurityQualityOfService;
296 } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
299 typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES;
300 typedef struct _LSA_TRUST_INFORMATION {
301 LSA_UNICODE_STRING Name;
303 } LSA_TRUST_INFORMATION, *PLSA_TRUST_INFORMATION;
304 typedef struct _LSA_REFERENCED_DOMAIN_LIST {
306 PLSA_TRUST_INFORMATION Domains;
307 } LSA_REFERENCED_DOMAIN_LIST, *PLSA_REFERENCED_DOMAIN_LIST;
308 typedef struct _LSA_TRANSLATED_SID {
312 } LSA_TRANSLATED_SID, *PLSA_TRANSLATED_SID;
313 typedef struct _LSA_TRANSLATED_NAME {
315 LSA_UNICODE_STRING Name;
317 } LSA_TRANSLATED_NAME, *PLSA_TRANSLATED_NAME;
318 typedef struct _MSV1_0_INTERACTIVE_LOGON {
319 MSV1_0_LOGON_SUBMIT_TYPE MessageType;
320 UNICODE_STRING LogonDomainName;
321 UNICODE_STRING UserName;
322 UNICODE_STRING Password;
323 } MSV1_0_INTERACTIVE_LOGON, *PMSV1_0_INTERACTIVE_LOGON;
324 typedef struct _MSV1_0_INTERACTIVE_PROFILE {
325 MSV1_0_PROFILE_BUFFER_TYPE MessageType;
327 USHORT BadPasswordCount;
328 LARGE_INTEGER LogonTime;
329 LARGE_INTEGER LogoffTime;
330 LARGE_INTEGER KickOffTime;
331 LARGE_INTEGER PasswordLastSet;
332 LARGE_INTEGER PasswordCanChange;
333 LARGE_INTEGER PasswordMustChange;
334 UNICODE_STRING LogonScript;
335 UNICODE_STRING HomeDirectory;
336 UNICODE_STRING FullName;
337 UNICODE_STRING ProfilePath;
338 UNICODE_STRING HomeDirectoryDrive;
339 UNICODE_STRING LogonServer;
341 } MSV1_0_INTERACTIVE_PROFILE, *PMSV1_0_INTERACTIVE_PROFILE;
342 typedef struct _MSV1_0_LM20_LOGON {
343 MSV1_0_LOGON_SUBMIT_TYPE MessageType;
344 UNICODE_STRING LogonDomainName;
345 UNICODE_STRING UserName;
346 UNICODE_STRING Workstation;
347 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
348 STRING CaseSensitiveChallengeResponse;
349 STRING CaseInsensitiveChallengeResponse;
350 ULONG ParameterControl;
351 } MSV1_0_LM20_LOGON, * PMSV1_0_LM20_LOGON;
352 typedef struct _MSV1_0_SUBAUTH_LOGON{ /* W2K only */
353 MSV1_0_LOGON_SUBMIT_TYPE MessageType;
354 UNICODE_STRING LogonDomainName;
355 UNICODE_STRING UserName;
356 UNICODE_STRING Workstation;
357 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
358 STRING AuthenticationInfo1;
359 STRING AuthenticationInfo2;
360 ULONG ParameterControl;
361 ULONG SubAuthPackageId;
362 } MSV1_0_SUBAUTH_LOGON, * PMSV1_0_SUBAUTH_LOGON;
363 typedef struct _MSV1_0_LM20_LOGON_PROFILE {
364 MSV1_0_PROFILE_BUFFER_TYPE MessageType;
365 LARGE_INTEGER KickOffTime;
366 LARGE_INTEGER LogoffTime;
368 UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
369 UNICODE_STRING LogonDomainName;
370 UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH];
371 UNICODE_STRING LogonServer;
372 UNICODE_STRING UserParameters;
373 } MSV1_0_LM20_LOGON_PROFILE, * PMSV1_0_LM20_LOGON_PROFILE;
374 typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL {
377 UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH];
378 UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH];
379 } MSV1_0_SUPPLEMENTAL_CREDENTIAL, *PMSV1_0_SUPPLEMENTAL_CREDENTIAL;
380 typedef struct _MSV1_0_NTLM3_RESPONSE {
381 UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH];
387 UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH];
390 } MSV1_0_NTLM3_RESPONSE, *PMSV1_0_NTLM3_RESPONSE;
391 typedef struct _MSV1_0_AV_PAIR {
394 } MSV1_0_AV_PAIR, *PMSV1_0_AV_PAIR;
395 typedef struct _MSV1_0_CHANGEPASSWORD_REQUEST {
396 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
397 UNICODE_STRING DomainName;
398 UNICODE_STRING AccountName;
399 UNICODE_STRING OldPassword;
400 UNICODE_STRING NewPassword;
401 BOOLEAN Impersonating;
402 } MSV1_0_CHANGEPASSWORD_REQUEST, *PMSV1_0_CHANGEPASSWORD_REQUEST;
403 typedef struct _MSV1_0_CHANGEPASSWORD_RESPONSE {
404 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
405 BOOLEAN PasswordInfoValid;
406 DOMAIN_PASSWORD_INFORMATION DomainPasswordInfo;
407 } MSV1_0_CHANGEPASSWORD_RESPONSE, *PMSV1_0_CHANGEPASSWORD_RESPONSE;
408 typedef struct _MSV1_0_SUBAUTH_REQUEST{
409 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
410 ULONG SubAuthPackageId;
411 ULONG SubAuthInfoLength;
412 PUCHAR SubAuthSubmitBuffer;
413 } MSV1_0_SUBAUTH_REQUEST, *PMSV1_0_SUBAUTH_REQUEST;
414 typedef struct _MSV1_0_SUBAUTH_RESPONSE{
415 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
416 ULONG SubAuthInfoLength;
417 PUCHAR SubAuthReturnBuffer;
418 } MSV1_0_SUBAUTH_RESPONSE, *PMSV1_0_SUBAUTH_RESPONSE;
419 #define MSV1_0_DERIVECRED_TYPE_SHA1 0
420 typedef struct _MSV1_0_DERIVECRED_REQUEST {
421 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
423 ULONG DeriveCredType;
424 ULONG DeriveCredInfoLength;
425 UCHAR DeriveCredSubmitBuffer[1];
426 } MSV1_0_DERIVECRED_REQUEST, *PMSV1_0_DERIVECRED_REQUEST;
427 typedef struct _MSV1_0_DERIVECRED_RESPONSE {
428 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
429 ULONG DeriveCredInfoLength;
430 UCHAR DeriveCredReturnBuffer[1];
431 } MSV1_0_DERIVECRED_RESPONSE, *PMSV1_0_DERIVECRED_RESPONSE;
432 typedef ULONG POLICY_AUDIT_EVENT_OPTIONS, *PPOLICY_AUDIT_EVENT_OPTIONS;
433 typedef struct _POLICY_PRIVILEGE_DEFINITION {
434 LSA_UNICODE_STRING Name;
436 } POLICY_PRIVILEGE_DEFINITION, *PPOLICY_PRIVILEGE_DEFINITION;
437 typedef struct _POLICY_AUDIT_LOG_INFO {
438 ULONG AuditLogPercentFull;
439 ULONG MaximumLogSize;
440 LARGE_INTEGER AuditRetentionPeriod;
441 BOOLEAN AuditLogFullShutdownInProgress;
442 LARGE_INTEGER TimeToShutdown;
443 ULONG NextAuditRecordId;
444 } POLICY_AUDIT_LOG_INFO, *PPOLICY_AUDIT_LOG_INFO;
445 typedef struct _POLICY_AUDIT_EVENTS_INFO {
446 BOOLEAN AuditingMode;
447 PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions;
448 ULONG MaximumAuditEventCount;
449 } POLICY_AUDIT_EVENTS_INFO, *PPOLICY_AUDIT_EVENTS_INFO;
450 typedef struct _POLICY_ACCOUNT_DOMAIN_INFO {
451 LSA_UNICODE_STRING DomainName;
453 } POLICY_ACCOUNT_DOMAIN_INFO, *PPOLICY_ACCOUNT_DOMAIN_INFO;
454 typedef struct _POLICY_PRIMARY_DOMAIN_INFO {
455 LSA_UNICODE_STRING Name;
457 } POLICY_PRIMARY_DOMAIN_INFO, *PPOLICY_PRIMARY_DOMAIN_INFO;
458 typedef struct _POLICY_DNS_DOMAIN_INFO {
459 LSA_UNICODE_STRING Name;
460 LSA_UNICODE_STRING DnsDomainName;
461 LSA_UNICODE_STRING DnsForestName;
464 } POLICY_DNS_DOMAIN_INFO, *PPOLICY_DNS_DOMAIN_INFO;
465 typedef struct _POLICY_PD_ACCOUNT_INFO {
466 LSA_UNICODE_STRING Name;
467 } POLICY_PD_ACCOUNT_INFO, *PPOLICY_PD_ACCOUNT_INFO;
468 typedef struct _POLICY_LSA_SERVER_ROLE_INFO {
469 POLICY_LSA_SERVER_ROLE LsaServerRole;
470 } POLICY_LSA_SERVER_ROLE_INFO, *PPOLICY_LSA_SERVER_ROLE_INFO;
471 typedef struct _POLICY_REPLICA_SOURCE_INFO {
472 LSA_UNICODE_STRING ReplicaSource;
473 LSA_UNICODE_STRING ReplicaAccountName;
474 } POLICY_REPLICA_SOURCE_INFO, *PPOLICY_REPLICA_SOURCE_INFO;
475 typedef struct _POLICY_DEFAULT_QUOTA_INFO {
476 QUOTA_LIMITS QuotaLimits;
477 } POLICY_DEFAULT_QUOTA_INFO, *PPOLICY_DEFAULT_QUOTA_INFO;
478 typedef struct _POLICY_MODIFICATION_INFO {
479 LARGE_INTEGER ModifiedId;
480 LARGE_INTEGER DatabaseCreationTime;
481 } POLICY_MODIFICATION_INFO, *PPOLICY_MODIFICATION_INFO;
482 typedef struct _POLICY_AUDIT_FULL_SET_INFO {
483 BOOLEAN ShutDownOnFull;
484 } POLICY_AUDIT_FULL_SET_INFO, *PPOLICY_AUDIT_FULL_SET_INFO;
485 typedef struct _POLICY_AUDIT_FULL_QUERY_INFO {
486 BOOLEAN ShutDownOnFull;
488 } POLICY_AUDIT_FULL_QUERY_INFO, *PPOLICY_AUDIT_FULL_QUERY_INFO;
489 typedef struct _POLICY_EFS_INFO {
492 } POLICY_EFS_INFO, *PPOLICY_EFS_INFO;
493 typedef struct _POLICY_LOCAL_IPSEC_REFERENCE_INFO {
494 LSA_UNICODE_STRING ObjectPath;
495 } POLICY_LOCAL_IPSEC_REFERENCE_INFO, *PPOLICY_LOCAL_IPSEC_REFERENCE_INFO;
496 typedef struct _POLICY_LOCAL_MACHINE_PASSWORD_INFO {
497 LARGE_INTEGER PasswordChangeInterval;
498 } POLICY_LOCAL_MACHINE_PASSWORD_INFO, *PPOLICY_LOCAL_MACHINE_PASSWORD_INFO;
499 typedef struct _POLICY_LOCAL_POLICY_LOCATION_INFO {
500 ULONG PolicyLocation;
501 } POLICY_LOCAL_POLICY_LOCATION_INFO, *PPOLICY_LOCAL_POLICY_LOCATION_INFO;
502 typedef struct _POLICY_LOCAL_QUALITY_OF_SERVICE_INFO {
503 ULONG QualityOfService;
504 } POLICY_LOCAL_QUALITY_OF_SERVICE_INFO, *PPOLICY_LOCAL_QUALITY_OF_SERVICE_INFO;
505 typedef struct _POLICY_LOCAL_QUALITY_OF_SERVICE_INFO POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
506 typedef struct _POLICY_LOCAL_QUALITY_OF_SERVICE_INFO *PPOLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
507 typedef struct _POLICY_DOMAIN_PUBLIC_KEY_INFO {
509 PUCHAR PublicKeyInfo;
510 } POLICY_DOMAIN_PUBLIC_KEY_INFO, *PPOLICY_DOMAIN_PUBLIC_KEY_INFO;
511 typedef struct _POLICY_DOMAIN_LOCKOUT_INFO {
512 LARGE_INTEGER LockoutDuration;
513 LARGE_INTEGER LockoutObservationWindow;
514 USHORT LockoutThreshold;
515 } POLICY_DOMAIN_LOCKOUT_INFO, *PPOLICY_DOMAIN_LOCKOUT_INFO;
516 typedef struct _POLICY_DOMAIN_PASSWORD_INFO {
517 USHORT MinPasswordLength;
518 USHORT PasswordHistoryLength;
519 ULONG PasswordProperties;
520 LARGE_INTEGER MaxPasswordAge;
521 LARGE_INTEGER MinPasswordAge;
522 } POLICY_DOMAIN_PASSWORD_INFO, *PPOLICY_DOMAIN_PASSWORD_INFO;
523 typedef struct _POLICY_DOMAIN_KERBEROS_TICKET_INFO {
524 ULONG AuthenticationOptions;
525 LARGE_INTEGER MinTicketAge;
526 LARGE_INTEGER MaxTicketAge;
527 LARGE_INTEGER MaxRenewAge;
528 LARGE_INTEGER ProxyLifetime;
529 LARGE_INTEGER ForceLogoff;
530 } POLICY_DOMAIN_KERBEROS_TICKET_INFO, *PPOLICY_DOMAIN_KERBEROS_TICKET_INFO;
531 typedef PVOID LSA_HANDLE, *PLSA_HANDLE;
532 typedef struct _TRUSTED_DOMAIN_NAME_INFO {
533 LSA_UNICODE_STRING Name;
534 } TRUSTED_DOMAIN_NAME_INFO, *PTRUSTED_DOMAIN_NAME_INFO;
535 typedef struct _TRUSTED_CONTROLLERS_INFO {
537 PLSA_UNICODE_STRING Names;
538 } TRUSTED_CONTROLLERS_INFO, *PTRUSTED_CONTROLLERS_INFO;
539 typedef struct _TRUSTED_POSIX_OFFSET_INFO {
541 } TRUSTED_POSIX_OFFSET_INFO, *PTRUSTED_POSIX_OFFSET_INFO;
542 typedef struct _TRUSTED_PASSWORD_INFO {
543 LSA_UNICODE_STRING Password;
544 LSA_UNICODE_STRING OldPassword;
545 } TRUSTED_PASSWORD_INFO, *PTRUSTED_PASSWORD_INFO;
546 typedef LSA_TRUST_INFORMATION TRUSTED_DOMAIN_INFORMATION_BASIC;
547 typedef PLSA_TRUST_INFORMATION *PTRUSTED_DOMAIN_INFORMATION_BASIC;
548 typedef struct _TRUSTED_DOMAIN_INFORMATION_EX {
549 LSA_UNICODE_STRING Name;
550 LSA_UNICODE_STRING FlatName;
552 ULONG TrustDirection;
554 ULONG TrustAttributes;
555 } TRUSTED_DOMAIN_INFORMATION_EX, *PTRUSTED_DOMAIN_INFORMATION_EX;
556 typedef struct _LSA_AUTH_INFORMATION {
557 LARGE_INTEGER LastUpdateTime;
559 ULONG AuthInfoLength;
561 } LSA_AUTH_INFORMATION, *PLSA_AUTH_INFORMATION;
562 typedef struct _TRUSTED_DOMAIN_AUTH_INFORMATION {
563 ULONG IncomingAuthInfos;
564 PLSA_AUTH_INFORMATION IncomingAuthenticationInformation;
565 PLSA_AUTH_INFORMATION IncomingPreviousAuthenticationInformation;
566 ULONG OutgoingAuthInfos;
567 PLSA_AUTH_INFORMATION OutgoingAuthenticationInformation;
568 PLSA_AUTH_INFORMATION OutgoingPreviousAuthenticationInformation;
569 } TRUSTED_DOMAIN_AUTH_INFORMATION, *PTRUSTED_DOMAIN_AUTH_INFORMATION;
570 typedef struct _TRUSTED_DOMAIN_FULL_INFORMATION {
571 TRUSTED_DOMAIN_INFORMATION_EX Information;
572 TRUSTED_POSIX_OFFSET_INFO PosixOffset;
573 TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation;
574 } TRUSTED_DOMAIN_FULL_INFORMATION, *PTRUSTED_DOMAIN_FULL_INFORMATION;
575 NTSTATUS NTAPI LsaAddAccountRights(LSA_HANDLE,PSID,PLSA_UNICODE_STRING,ULONG);
576 NTSTATUS NTAPI LsaCallAuthenticationPackage(HANDLE,ULONG,PVOID,ULONG,PVOID*,
578 NTSTATUS NTAPI LsaClose(LSA_HANDLE);
579 NTSTATUS NTAPI LsaConnectUntrusted(PHANDLE);
580 NTSTATUS NTAPI LsaCreateTrustedDomainEx(LSA_HANDLE,
581 PTRUSTED_DOMAIN_INFORMATION_EX,
582 PTRUSTED_DOMAIN_AUTH_INFORMATION,ACCESS_MASK,
584 NTSTATUS NTAPI LsaDeleteTrustedDomain(LSA_HANDLE,PSID);
585 NTSTATUS NTAPI LsaDeregisterLogonProcess(HANDLE);
586 NTSTATUS NTAPI LsaEnumerateAccountRights(LSA_HANDLE,PSID,PLSA_UNICODE_STRING*,PULONG);
587 NTSTATUS NTAPI LsaEnumerateAccountsWithUserRight(LSA_HANDLE,PLSA_UNICODE_STRING,
589 NTSTATUS NTAPI LsaEnumerateTrustedDomains(LSA_HANDLE,PLSA_ENUMERATION_HANDLE,
590 PVOID*,ULONG,PULONG);
591 NTSTATUS NTAPI LsaEnumerateTrustedDomainsEx(LSA_HANDLE,PLSA_ENUMERATION_HANDLE,
592 TRUSTED_INFORMATION_CLASS,PVOID*,ULONG,PULONG);
593 NTSTATUS NTAPI LsaFreeMemory(PVOID);
594 NTSTATUS NTAPI LsaFreeReturnBuffer(PVOID);
595 NTSTATUS NTAPI LsaLogonUser(HANDLE,PLSA_STRING,SECURITY_LOGON_TYPE,ULONG,PVOID,
596 ULONG,PTOKEN_GROUPS,PTOKEN_SOURCE,PVOID*,PULONG,
597 PLUID,PHANDLE,PQUOTA_LIMITS,PNTSTATUS);
598 NTSTATUS NTAPI LsaLookupAuthenticationPackage(HANDLE,PLSA_STRING,PULONG);
599 NTSTATUS NTAPI LsaLookupNames(LSA_HANDLE,ULONG,PLSA_UNICODE_STRING,
600 PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_SID*);
601 NTSTATUS NTAPI LsaLookupSids(LSA_HANDLE,ULONG,PSID*,
602 PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_NAME*);
603 ULONG NTAPI LsaNtStatusToWinError(NTSTATUS);
604 NTSTATUS NTAPI LsaOpenPolicy(PLSA_UNICODE_STRING,PLSA_OBJECT_ATTRIBUTES,
605 ACCESS_MASK,PLSA_HANDLE);
606 NTSTATUS NTAPI LsaQueryDomainInformationPolicy(LSA_HANDLE,
607 POLICY_DOMAIN_INFORMATION_CLASS,PVOID*);
608 NTSTATUS NTAPI LsaQueryInformationPolicy(LSA_HANDLE,POLICY_INFORMATION_CLASS,PVOID*);
609 NTSTATUS NTAPI LsaQueryLocalInformationPolicy(LSA_HANDLE,
610 POLICY_LOCAL_INFORMATION_CLASS,PVOID*);
611 NTSTATUS NTAPI LsaQueryTrustedDomainInfo(LSA_HANDLE,PSID,
612 TRUSTED_INFORMATION_CLASS,PVOID*);
613 NTSTATUS NTAPI LsaQueryTrustedDomainInfoByName(LSA_HANDLE,PLSA_UNICODE_STRING,
614 TRUSTED_INFORMATION_CLASS,PVOID*);
615 NTSTATUS NTAPI LsaRegisterLogonProcess(PLSA_STRING,PHANDLE,PLSA_OPERATIONAL_MODE);
616 NTSTATUS NTAPI LsaRemoveAccountRights(LSA_HANDLE,PSID,BOOLEAN,
617 PLSA_UNICODE_STRING,ULONG);
618 NTSTATUS NTAPI LsaRetrievePrivateData(LSA_HANDLE,PLSA_UNICODE_STRING,
619 PLSA_UNICODE_STRING*);
620 NTSTATUS NTAPI LsaSetDomainInformationPolicy(LSA_HANDLE,
621 POLICY_DOMAIN_INFORMATION_CLASS,PVOID);
622 NTSTATUS NTAPI LsaSetInformationPolicy(LSA_HANDLE,POLICY_INFORMATION_CLASS, PVOID);
623 NTSTATUS NTAPI LsaSetLocalInformationPolicy(LSA_HANDLE,
624 POLICY_LOCAL_INFORMATION_CLASS,PVOID);
625 NTSTATUS NTAPI LsaSetTrustedDomainInformation(LSA_HANDLE,PSID,
626 TRUSTED_INFORMATION_CLASS,PVOID);
627 NTSTATUS NTAPI LsaSetTrustedDomainInfoByName(LSA_HANDLE,PLSA_UNICODE_STRING,
628 TRUSTED_INFORMATION_CLASS,PVOID);
629 NTSTATUS NTAPI LsaStorePrivateData(LSA_HANDLE,PLSA_UNICODE_STRING,
630 PLSA_UNICODE_STRING);
631 typedef NTSTATUS (*PSAM_PASSWORD_NOTIFICATION_ROUTINE)(PUNICODE_STRING,
632 ULONG,PUNICODE_STRING);
633 typedef BOOLEAN (*PSAM_INIT_NOTIFICATION_ROUTINE)(void);
634 typedef BOOLEAN (*PSAM_PASSWORD_FILTER_ROUTINE)(PUNICODE_STRING,PUNICODE_STRING,
635 PUNICODE_STRING,BOOLEAN);
640 #endif /* _NTSECAPI_H */