1 /* 2 * Copyright (C) 2007 Yuval Fledel 3 * 4 * This library is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU Lesser General Public 6 * License as published by the Free Software Foundation; either 7 * version 2.1 of the License, or (at your option) any later version. 8 * 9 * This library is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 * Lesser General Public License for more details. 13 * 14 * You should have received a copy of the GNU Lesser General Public 15 * License along with this library; if not, write to the Free Software 16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA 17 */ 18 19 #ifndef _NTSECPKG_H 20 #define _NTSECPKG_H 21 22 #ifdef __cplusplus 23 extern "C" { 24 #endif 25 26 /* Flags for the MachineState field in SECPKG_PARAMETERS */ 27 #define SECPKG_STATE_ENCRYPTION_PERMITTED 0x01 28 #define SECPKG_STATE_STRONG_ENCRYPTION_PERMITTED 0x02 29 #define SECPKG_STATE_DOMAIN_CONTROLLER 0x04 30 #define SECPKG_STATE_WORKSTATION 0x08 31 #define SECPKG_STATE_STANDALONE 0x10 32 33 /* Version magics as passed to or returned from Sp[Lsa,Mode]ModeInitialize */ 34 #define SECPKG_INTERFACE_VERSION 0x10000 35 #define SECPKG_INTERFACE_VERSION_2 0x20000 36 #define SECPKG_INTERFACE_VERSION_3 0x40000 37 #define SECPKG_INTERFACE_VERSION_4 0x80000 38 #define SECPKG_INTERFACE_VERSION_5 0x100000 39 #define SECPKG_INTERFACE_VERSION_6 0x200000 40 #define SECPKG_INTERFACE_VERSION_7 0x400000 41 42 /* enum definitions for Secure Service Provider/Authentication Packages */ 43 typedef enum _LSA_TOKEN_INFORMATION_TYPE { 44 LsaTokenInformationNull, 45 LsaTokenInformationV1, 46 LsaTokenInformationV2 47 } LSA_TOKEN_INFORMATION_TYPE, *PLSA_TOKEN_INFORMATION_TYPE; 48 49 typedef enum _SECPKG_EXTENDED_INFORMATION_CLASS 50 { 51 SecpkgGssInfo = 1, 52 SecpkgContextThunks, 53 SecpkgMutualAuthLevel, 54 SecpkgWowClientDll, 55 SecpkgExtraOids, 56 SecpkgMaxInfo 57 } SECPKG_EXTENDED_INFORMATION_CLASS; 58 59 typedef enum _SECPKG_NAME_TYPE { 60 SecNameSamCompatible, 61 SecNameAlternateId, 62 SecNameFlat, 63 SecNameDN 64 } SECPKG_NAME_TYPE; 65 66 /* struct definitions for SSP/AP */ 67 typedef struct _LSA_TOKEN_INFORMATION_NULL 68 { 69 LARGE_INTEGER ExpirationTime; 70 PTOKEN_GROUPS Groups; 71 } LSA_TOKEN_INFORMATION_NULL, *PLSA_TOKEN_INFORMATION_NULL; 72 73 typedef struct _LSA_TOKEN_INFORMATION_V1 74 { 75 LARGE_INTEGER ExpirationTime; 76 TOKEN_USER User; 77 PTOKEN_GROUPS Groups; 78 TOKEN_PRIMARY_GROUP PrimaryGroup; 79 PTOKEN_PRIVILEGES Privileges; 80 TOKEN_OWNER Owner; 81 TOKEN_DEFAULT_DACL DefaultDacl; 82 } LSA_TOKEN_INFORMATION_V1, *PLSA_TOKEN_INFORMATION_V1; 83 84 typedef LSA_TOKEN_INFORMATION_V1 LSA_TOKEN_INFORMATION_V2, *PLSA_TOKEN_INFORMATION_V2; 85 86 typedef struct _SECPKG_PRIMARY_CRED { 87 LUID LogonId; 88 UNICODE_STRING DownlevelName; 89 UNICODE_STRING DomainName; 90 UNICODE_STRING Password; 91 UNICODE_STRING OldPassword; 92 PSID UserSid; 93 ULONG Flags; 94 UNICODE_STRING DnsDomainName; 95 UNICODE_STRING Upn; 96 UNICODE_STRING LogonServer; 97 UNICODE_STRING Spare1; 98 UNICODE_STRING Spare2; 99 UNICODE_STRING Spare3; 100 UNICODE_STRING Spare4; 101 } SECPKG_PRIMARY_CRED, *PSECPKG_PRIMARY_CRED; 102 103 typedef struct _SECPKG_SUPPLEMENTAL_CRED { 104 UNICODE_STRING PackageName; 105 ULONG CredentialSize; 106 PUCHAR Credentials; 107 } SECPKG_SUPPLEMENTAL_CRED, *PSECPKG_SUPPLEMENTAL_CRED; 108 109 typedef struct _SECPKG_SUPPLEMENTAL_CRED_ARRAY { 110 ULONG CredentialCount; 111 SECPKG_SUPPLEMENTAL_CRED Credentials[1]; 112 } SECPKG_SUPPLEMENTAL_CRED_ARRAY, *PSECPKG_SUPPLEMENTAL_CRED_ARRAY; 113 114 typedef struct _SECPKG_PARAMETERS { 115 ULONG Version; 116 ULONG MachineState; 117 ULONG SetupMode; 118 PSID DomainSid; 119 UNICODE_STRING DomainName; 120 UNICODE_STRING DnsDomainName; 121 GUID DomainGuid; 122 } SECPKG_PARAMETERS, *PSECPKG_PARAMETERS, 123 SECPKG_EVENT_DOMAIN_CHANGE, *PSECPKG_EVENT_DOMAIN_CHANGE; 124 125 typedef struct _SECPKG_CLIENT_INFO { 126 LUID LogonId; 127 ULONG ProcessID; 128 ULONG ThreadID; 129 BOOLEAN HasTcbPrivilege; 130 BOOLEAN Impersonating; 131 BOOLEAN Restricted; 132 } SECPKG_CLIENT_INFO, 133 *PSECPKG_CLIENT_INFO; 134 135 typedef struct _SECURITY_USER_DATA { 136 SECURITY_STRING UserName; 137 SECURITY_STRING LogonDomainName; 138 SECURITY_STRING LogonServer; 139 PSID pSid; 140 } SECURITY_USER_DATA, *PSECURITY_USER_DATA, 141 SecurityUserData, *PSecurityUserData; 142 143 typedef struct _SECPKG_GSS_INFO { 144 ULONG EncodedIdLength; 145 UCHAR EncodedId[4]; 146 } SECPKG_GSS_INFO, *PSECPKG_GSS_INFO; 147 148 typedef struct _SECPKG_CONTEXT_THUNKS { 149 ULONG InfoLevelCount; 150 ULONG Levels[1]; 151 } SECPKG_CONTEXT_THUNKS, *PSECPKG_CONTEXT_THUNKS; 152 153 typedef struct _SECPKG_MUTUAL_AUTH_LEVEL { 154 ULONG MutualAuthLevel; 155 } SECPKG_MUTUAL_AUTH_LEVEL, *PSECPKG_MUTUAL_AUTH_LEVEL; 156 157 typedef struct _SECPKG_WOW_CLIENT_DLL { 158 SECURITY_STRING WowClientDllPath; 159 } SECPKG_WOW_CLIENT_DLL, *PSECPKG_WOW_CLIENT_DLL; 160 161 #define SECPKG_MAX_OID_LENGTH 32 162 typedef struct _SECPKG_SERIALIZED_OID { 163 ULONG OidLength; 164 ULONG OidAttributes; 165 UCHAR OidValue[SECPKG_MAX_OID_LENGTH]; 166 } SECPKG_SERIALIZED_OID, *PSECPKG_SERIALIZED_OID; 167 168 typedef struct _SECPKG_EXTRA_OIDS { 169 ULONG OidCount; 170 SECPKG_SERIALIZED_OID Oids[1]; 171 } SECPKG_EXTRA_OIDS, *PSECPKG_EXTRA_OIDS; 172 173 typedef struct _SECPKG_CALL_INFO { 174 ULONG ProcessId; 175 ULONG ThreadId; 176 ULONG Attributes; 177 ULONG CallCount; 178 } SECPKG_CALL_INFO, *PSECPKG_CALL_INFO; 179 180 typedef struct _SECPKG_EXTENDED_INFORMATION { 181 SECPKG_EXTENDED_INFORMATION_CLASS Class; 182 union { 183 SECPKG_GSS_INFO GssInfo; 184 SECPKG_CONTEXT_THUNKS ContextThunks; 185 SECPKG_MUTUAL_AUTH_LEVEL MutualAuthLevel; 186 SECPKG_WOW_CLIENT_DLL WowClientDll; 187 SECPKG_EXTRA_OIDS ExtraOids; 188 } Info; 189 } SECPKG_EXTENDED_INFORMATION, *PSECPKG_EXTENDED_INFORMATION; 190 191 typedef struct _SECPKG_TARGETINFO { 192 PSID DomainSid; 193 PCWSTR ComputerName; 194 } SECPKG_TARGETINFO, *PSECPKG_TARGETINFO; 195 196 typedef struct _SECPKG_POST_LOGON_USER_INFO { 197 ULONG Flags; 198 LUID LogonId; 199 LUID LinkedLogonId; 200 } SECPKG_POST_LOGON_USER_INFO, *PSECPKG_POST_LOGON_USER_INFO; 201 202 /* callbacks implemented by SSP/AP dlls and called by the LSA */ 203 typedef VOID (NTAPI *PLSA_CALLBACK_FUNCTION)(ULONG_PTR, ULONG_PTR, PSecBuffer, 204 PSecBuffer); 205 206 /* misc typedefs used in the below prototypes */ 207 typedef PVOID *PLSA_CLIENT_REQUEST; 208 typedef ULONG LSA_SEC_HANDLE, *PLSA_SEC_HANDLE; 209 typedef LPTHREAD_START_ROUTINE SEC_THREAD_START; 210 typedef PSECURITY_ATTRIBUTES SEC_ATTRS; 211 212 /* functions used by SSP/AP obtainable by dispatch tables */ 213 typedef NTSTATUS (NTAPI *PLSA_REGISTER_CALLBACK)(ULONG, PLSA_CALLBACK_FUNCTION); 214 typedef NTSTATUS (NTAPI *PLSA_CREATE_LOGON_SESSION)(PLUID); 215 typedef NTSTATUS (NTAPI *PLSA_DELETE_LOGON_SESSION)(PLUID); 216 typedef NTSTATUS (NTAPI *PLSA_ADD_CREDENTIAL)(PLUID, ULONG, PLSA_STRING, 217 PLSA_STRING); 218 typedef NTSTATUS (NTAPI *PLSA_GET_CREDENTIALS)(PLUID, ULONG, PULONG, BOOLEAN, 219 PLSA_STRING, PULONG, PLSA_STRING); 220 typedef NTSTATUS (NTAPI *PLSA_DELETE_CREDENTIAL)(PLUID, ULONG, PLSA_STRING); 221 typedef PVOID (NTAPI *PLSA_ALLOCATE_LSA_HEAP)(ULONG); 222 typedef VOID (NTAPI *PLSA_FREE_LSA_HEAP)(PVOID); 223 typedef NTSTATUS (NTAPI *PLSA_ALLOCATE_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, 224 ULONG, PVOID*); 225 typedef NTSTATUS (NTAPI *PLSA_FREE_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, PVOID); 226 typedef NTSTATUS (NTAPI *PLSA_COPY_TO_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, ULONG, 227 PVOID, PVOID); 228 typedef NTSTATUS (NTAPI *PLSA_COPY_FROM_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, 229 ULONG, PVOID, PVOID); 230 typedef NTSTATUS (NTAPI *PLSA_IMPERSONATE_CLIENT)(void); 231 typedef NTSTATUS (NTAPI *PLSA_UNLOAD_PACKAGE)(void); 232 typedef NTSTATUS (NTAPI *PLSA_DUPLICATE_HANDLE)(HANDLE, PHANDLE); 233 typedef NTSTATUS (NTAPI *PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS)(PLUID, ULONG, 234 PVOID, BOOLEAN); 235 typedef HANDLE (NTAPI *PLSA_CREATE_THREAD)(SEC_ATTRS, ULONG, SEC_THREAD_START, 236 PVOID, ULONG, PULONG); 237 typedef NTSTATUS (NTAPI *PLSA_GET_CLIENT_INFO)(PSECPKG_CLIENT_INFO); 238 typedef HANDLE (NTAPI *PLSA_REGISTER_NOTIFICATION)(SEC_THREAD_START, PVOID, 239 ULONG, ULONG, ULONG, ULONG, HANDLE); 240 typedef NTSTATUS (NTAPI *PLSA_CANCEL_NOTIFICATION)(HANDLE); 241 typedef NTSTATUS (NTAPI *PLSA_MAP_BUFFER)(PSecBuffer, PSecBuffer); 242 typedef NTSTATUS (NTAPI *PLSA_CREATE_TOKEN)(PLUID, PTOKEN_SOURCE, 243 SECURITY_LOGON_TYPE, SECURITY_IMPERSONATION_LEVEL, LSA_TOKEN_INFORMATION_TYPE, 244 PVOID, PTOKEN_GROUPS, PUNICODE_STRING, PUNICODE_STRING, PUNICODE_STRING, 245 PUNICODE_STRING, PHANDLE, PNTSTATUS); 246 typedef VOID (NTAPI *PLSA_AUDIT_LOGON)(NTSTATUS, NTSTATUS, PUNICODE_STRING, 247 PUNICODE_STRING, PUNICODE_STRING, OPTIONAL PSID, SECURITY_LOGON_TYPE, 248 PTOKEN_SOURCE, PLUID); 249 typedef NTSTATUS (NTAPI *PLSA_CALL_PACKAGE)(PUNICODE_STRING, PVOID, ULONG, 250 PVOID*, PULONG, PNTSTATUS); 251 typedef BOOLEAN (NTAPI *PLSA_GET_CALL_INFO)(PSECPKG_CALL_INFO); 252 typedef NTSTATUS (NTAPI *PLSA_CALL_PACKAGEEX)(PUNICODE_STRING, PVOID, PVOID, 253 ULONG, PVOID*, PULONG, PNTSTATUS); 254 typedef PVOID (NTAPI *PLSA_CREATE_SHARED_MEMORY)(ULONG, ULONG); 255 typedef PVOID (NTAPI *PLSA_ALLOCATE_SHARED_MEMORY)(PVOID, ULONG); 256 typedef VOID (NTAPI *PLSA_FREE_SHARED_MEMORY)(PVOID, PVOID); 257 typedef BOOLEAN (NTAPI *PLSA_DELETE_SHARED_MEMORY)(PVOID); 258 typedef NTSTATUS (NTAPI *PLSA_OPEN_SAM_USER)(PSECURITY_STRING, SECPKG_NAME_TYPE, 259 PSECURITY_STRING, BOOLEAN, ULONG, PVOID*); 260 typedef NTSTATUS (NTAPI *PLSA_GET_USER_CREDENTIALS)(PVOID, PVOID *, PULONG, 261 PVOID *, PULONG); 262 typedef NTSTATUS (NTAPI *PLSA_GET_USER_AUTH_DATA)(PVOID, PUCHAR *, PULONG); 263 typedef NTSTATUS (NTAPI *PLSA_CLOSE_SAM_USER)(PVOID); 264 typedef NTSTATUS (NTAPI *PLSA_CONVERT_AUTH_DATA_TO_TOKEN)(PVOID, ULONG, 265 SECURITY_IMPERSONATION_LEVEL, PTOKEN_SOURCE, SECURITY_LOGON_TYPE, 266 PUNICODE_STRING, PHANDLE, PLUID, PUNICODE_STRING, PNTSTATUS); 267 typedef NTSTATUS (NTAPI *PLSA_CLIENT_CALLBACK)(PCHAR, ULONG_PTR, ULONG_PTR, 268 PSecBuffer, PSecBuffer); 269 typedef NTSTATUS (NTAPI *PLSA_UPDATE_PRIMARY_CREDENTIALS)(PSECPKG_PRIMARY_CRED, PSECPKG_SUPPLEMENTAL_CRED_ARRAY); 270 typedef NTSTATUS (NTAPI *PLSA_GET_AUTH_DATA_FOR_USER)(PSECURITY_STRING, 271 SECPKG_NAME_TYPE, PSECURITY_STRING, PUCHAR *, PULONG, PUNICODE_STRING); 272 typedef NTSTATUS (NTAPI *PLSA_CRACK_SINGLE_NAME)(ULONG, BOOLEAN, 273 PUNICODE_STRING, PUNICODE_STRING, ULONG, PUNICODE_STRING, PUNICODE_STRING, 274 PULONG); 275 typedef NTSTATUS (NTAPI *PLSA_AUDIT_ACCOUNT_LOGON)(ULONG, BOOLEAN, 276 PUNICODE_STRING, PUNICODE_STRING, PUNICODE_STRING, NTSTATUS); 277 typedef NTSTATUS (NTAPI *PLSA_CALL_PACKAGE_PASSTHROUGH)(PUNICODE_STRING, PVOID, 278 PVOID, ULONG, PVOID*, PULONG, PNTSTATUS); 279 typedef VOID (NTAPI *PLSA_PROTECT_MEMORY)(PVOID, ULONG); 280 typedef NTSTATUS (NTAPI *PLSA_OPEN_TOKEN_BY_LOGON_ID)(PLUID, HANDLE *); 281 typedef NTSTATUS (NTAPI *PLSA_EXPAND_AUTH_DATA_FOR_DOMAIN)(PUCHAR, ULONG, PVOID, PUCHAR *, PULONG); 282 typedef PVOID (NTAPI *PLSA_ALLOCATE_PRIVATE_HEAP)(SIZE_T); 283 typedef VOID (NTAPI *PLSA_FREE_PRIVATE_HEAP)(PVOID); 284 285 /* Dispatch tables of functions used by SSP/AP */ 286 typedef struct _SECPKG_DLL_FUNCTIONS { 287 PLSA_ALLOCATE_LSA_HEAP AllocateHeap; 288 PLSA_FREE_LSA_HEAP FreeHeap; 289 PLSA_REGISTER_CALLBACK RegisterCallback; 290 } SECPKG_DLL_FUNCTIONS, 291 *PSECPKG_DLL_FUNCTIONS; 292 293 typedef struct _LSA_DISPATCH_TABLE { 294 PLSA_CREATE_LOGON_SESSION CreateLogonSession; 295 PLSA_DELETE_LOGON_SESSION DeleteLogonSession; 296 PLSA_ADD_CREDENTIAL AddCredential; 297 PLSA_GET_CREDENTIALS GetCredentials; 298 PLSA_DELETE_CREDENTIAL DeleteCredential; 299 PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap; 300 PLSA_FREE_LSA_HEAP FreeLsaHeap; 301 PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer; 302 PLSA_FREE_CLIENT_BUFFER FreeClientBuffer; 303 PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer; 304 PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer; 305 } LSA_DISPATCH_TABLE, 306 *PLSA_DISPATCH_TABLE; 307 308 typedef struct _LSA_SECPKG_FUNCTION_TABLE { 309 PLSA_CREATE_LOGON_SESSION CreateLogonSession; 310 PLSA_DELETE_LOGON_SESSION DeleteLogonSession; 311 PLSA_ADD_CREDENTIAL AddCredential; 312 PLSA_GET_CREDENTIALS GetCredentials; 313 PLSA_DELETE_CREDENTIAL DeleteCredential; 314 PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap; 315 PLSA_FREE_LSA_HEAP FreeLsaHeap; 316 PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer; 317 PLSA_FREE_CLIENT_BUFFER FreeClientBuffer; 318 PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer; 319 PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer; 320 PLSA_IMPERSONATE_CLIENT ImpersonateClient; 321 PLSA_UNLOAD_PACKAGE UnloadPackage; 322 PLSA_DUPLICATE_HANDLE DuplicateHandle; 323 PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS SaveSupplementalCredentials; 324 PLSA_CREATE_THREAD CreateThread; 325 PLSA_GET_CLIENT_INFO GetClientInfo; 326 PLSA_REGISTER_NOTIFICATION RegisterNotification; 327 PLSA_CANCEL_NOTIFICATION CancelNotification; 328 PLSA_MAP_BUFFER MapBuffer; 329 PLSA_CREATE_TOKEN CreateToken; 330 PLSA_AUDIT_LOGON AuditLogon; 331 PLSA_CALL_PACKAGE CallPackage; 332 PLSA_FREE_LSA_HEAP FreeReturnBuffer; 333 PLSA_GET_CALL_INFO GetCallInfo; 334 PLSA_CALL_PACKAGEEX CallPackageEx; 335 PLSA_CREATE_SHARED_MEMORY CreateSharedMemory; 336 PLSA_ALLOCATE_SHARED_MEMORY AllocateSharedMemory; 337 PLSA_FREE_SHARED_MEMORY FreeSharedMemory; 338 PLSA_DELETE_SHARED_MEMORY DeleteSharedMemory; 339 PLSA_OPEN_SAM_USER OpenSamUser; 340 PLSA_GET_USER_CREDENTIALS GetUserCredentials; 341 PLSA_GET_USER_AUTH_DATA GetUserAuthData; 342 PLSA_CLOSE_SAM_USER CloseSamUser; 343 PLSA_CONVERT_AUTH_DATA_TO_TOKEN ConvertAuthDataToToken; 344 PLSA_CLIENT_CALLBACK ClientCallback; 345 PLSA_UPDATE_PRIMARY_CREDENTIALS UpdateCredentials; 346 PLSA_GET_AUTH_DATA_FOR_USER GetAuthDataForUser; 347 PLSA_CRACK_SINGLE_NAME CrackSingleName; 348 PLSA_AUDIT_ACCOUNT_LOGON AuditAccountLogon; 349 PLSA_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough; 350 #ifdef _WINCRED_H_ 351 CredReadFn *CrediRead; 352 CredReadDomainCredentialsFn *CrediReadDomainCredentials; 353 CredFreeCredentialsFn *CrediFreeCredentials; 354 #else 355 PLSA_PROTECT_MEMORY DummyFunction1; 356 PLSA_PROTECT_MEMORY DummyFunction2; 357 PLSA_PROTECT_MEMORY DummyFunction3; 358 #endif 359 PLSA_PROTECT_MEMORY LsaProtectMemory; 360 PLSA_PROTECT_MEMORY LsaUnprotectMemory; 361 PLSA_OPEN_TOKEN_BY_LOGON_ID OpenTokenByLogonId; 362 PLSA_EXPAND_AUTH_DATA_FOR_DOMAIN ExpandAuthDataForDomain; 363 PLSA_ALLOCATE_PRIVATE_HEAP AllocatePrivateHeap; 364 PLSA_FREE_PRIVATE_HEAP FreePrivateHeap; 365 } LSA_SECPKG_FUNCTION_TABLE, 366 *PLSA_SECPKG_FUNCTION_TABLE; 367 368 /* LSA-mode functions implemented by SSP/AP obtainable by a dispatch table */ 369 typedef NTSTATUS (NTAPI *PLSA_AP_INITIALIZE_PACKAGE)(ULONG, PLSA_DISPATCH_TABLE, 370 PLSA_STRING, PLSA_STRING, PLSA_STRING *); 371 typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER)(LPWSTR, LPWSTR, LPWSTR, LPWSTR, 372 DWORD, DWORD, PHANDLE); 373 typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE)(PLSA_CLIENT_REQUEST, PVOID, PVOID, ULONG, 374 PVOID *, PULONG, PNTSTATUS); 375 typedef VOID (NTAPI *PLSA_AP_LOGON_TERMINATED)(PLUID); 376 typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE_UNTRUSTED)(PLSA_CLIENT_REQUEST, 377 PVOID, PVOID, ULONG, PVOID *, PULONG, PNTSTATUS); 378 typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE_PASSTHROUGH)(PLSA_CLIENT_REQUEST, 379 PVOID, PVOID, ULONG, PVOID *, PULONG, PNTSTATUS); 380 typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER_EX)(PLSA_CLIENT_REQUEST, 381 SECURITY_LOGON_TYPE, PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID, PNTSTATUS, 382 PLSA_TOKEN_INFORMATION_TYPE, PVOID *, PUNICODE_STRING *, PUNICODE_STRING *, 383 PUNICODE_STRING *); 384 typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER_EX2)(PLSA_CLIENT_REQUEST, 385 SECURITY_LOGON_TYPE, PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID, PNTSTATUS, 386 PLSA_TOKEN_INFORMATION_TYPE, PVOID *, PUNICODE_STRING *, PUNICODE_STRING *, 387 PUNICODE_STRING *, PSECPKG_PRIMARY_CRED, PSECPKG_SUPPLEMENTAL_CRED_ARRAY *); 388 typedef NTSTATUS (NTAPI SpInitializeFn)(ULONG_PTR, PSECPKG_PARAMETERS, 389 PLSA_SECPKG_FUNCTION_TABLE); 390 typedef NTSTATUS (NTAPI SpShutDownFn)(void); 391 typedef NTSTATUS (NTAPI SpGetInfoFn)(PSecPkgInfoW); 392 typedef NTSTATUS (NTAPI SpAcceptCredentialsFn)(SECURITY_LOGON_TYPE, 393 PUNICODE_STRING, PSECPKG_PRIMARY_CRED, PSECPKG_SUPPLEMENTAL_CRED); 394 typedef NTSTATUS (NTAPI SpAcquireCredentialsHandleFn)(PUNICODE_STRING, ULONG, 395 PLUID, PVOID, PVOID, PVOID, PLSA_SEC_HANDLE, PTimeStamp); 396 typedef NTSTATUS (NTAPI SpQueryCredentialsAttributesFn)(LSA_SEC_HANDLE, ULONG, 397 PVOID); 398 typedef NTSTATUS (NTAPI SpFreeCredentialsHandleFn)(LSA_SEC_HANDLE); 399 typedef NTSTATUS (NTAPI SpSaveCredentialsFn)(LSA_SEC_HANDLE, PSecBuffer); 400 typedef NTSTATUS (NTAPI SpGetCredentialsFn)(LSA_SEC_HANDLE, PSecBuffer); 401 typedef NTSTATUS (NTAPI SpDeleteCredentialsFn)(LSA_SEC_HANDLE, PSecBuffer); 402 typedef NTSTATUS (NTAPI SpInitLsaModeContextFn)(LSA_SEC_HANDLE, LSA_SEC_HANDLE, 403 PUNICODE_STRING, ULONG, ULONG, PSecBufferDesc, PLSA_SEC_HANDLE, PSecBufferDesc, 404 PULONG, PTimeStamp, PBOOLEAN, PSecBuffer); 405 typedef NTSTATUS (NTAPI SpAcceptLsaModeContextFn)(LSA_SEC_HANDLE, 406 LSA_SEC_HANDLE, PSecBufferDesc, ULONG, ULONG, PLSA_SEC_HANDLE, PSecBufferDesc, 407 PULONG, PTimeStamp, PBOOLEAN, PSecBuffer); 408 typedef NTSTATUS (NTAPI SpDeleteContextFn)(LSA_SEC_HANDLE); 409 typedef NTSTATUS (NTAPI SpApplyControlTokenFn)(LSA_SEC_HANDLE, PSecBufferDesc); 410 typedef NTSTATUS (NTAPI SpGetUserInfoFn)(PLUID, ULONG, PSecurityUserData *); 411 typedef NTSTATUS (NTAPI SpGetExtendedInformationFn)( 412 SECPKG_EXTENDED_INFORMATION_CLASS, PSECPKG_EXTENDED_INFORMATION *); 413 typedef NTSTATUS (NTAPI SpQueryContextAttributesFn)(LSA_SEC_HANDLE, ULONG, 414 PVOID); 415 typedef NTSTATUS (NTAPI SpAddCredentialsFn)(LSA_SEC_HANDLE, PUNICODE_STRING, 416 PUNICODE_STRING, ULONG, PVOID, PVOID, PVOID, PTimeStamp); 417 typedef NTSTATUS (NTAPI SpSetExtendedInformationFn)( 418 SECPKG_EXTENDED_INFORMATION_CLASS, PSECPKG_EXTENDED_INFORMATION); 419 typedef NTSTATUS (NTAPI SpSetContextAttributesFn)(LSA_SEC_HANDLE, ULONG, PVOID, 420 ULONG); 421 typedef NTSTATUS (NTAPI SpSetCredentialsAttributesFn)(LSA_SEC_HANDLE, ULONG, 422 PVOID, ULONG); 423 typedef NTSTATUS (NTAPI SpChangeAccountPasswordFn)(PUNICODE_STRING, 424 PUNICODE_STRING, PUNICODE_STRING, PUNICODE_STRING, BOOLEAN, PSecBufferDesc); 425 typedef NTSTATUS (NTAPI SpQueryMetaDataFn)(LSA_SEC_HANDLE, PUNICODE_STRING, 426 ULONG, PULONG, PUCHAR *, PLSA_SEC_HANDLE); 427 typedef NTSTATUS (NTAPI SpExchangeMetaDataFn)(LSA_SEC_HANDLE, PUNICODE_STRING, 428 ULONG, ULONG, PUCHAR, PLSA_SEC_HANDLE); 429 typedef NTSTATUS (NTAPI SpGetCredUIContextFn)(LSA_SEC_HANDLE, GUID *, PULONG, 430 PUCHAR *); 431 typedef NTSTATUS (NTAPI SpUpdateCredentialsFn)(LSA_SEC_HANDLE, GUID *, ULONG, 432 PUCHAR); 433 typedef NTSTATUS (NTAPI SpValidateTargetInfoFn)(PLSA_CLIENT_REQUEST, PVOID, 434 PVOID, ULONG, PSECPKG_TARGETINFO); 435 typedef NTSTATUS (NTAPI LSA_AP_POST_LOGON_USER)(PSECPKG_POST_LOGON_USER_INFO); 436 437 /* User-mode functions implemented by SSP/AP obtainable by a dispatch table */ 438 typedef NTSTATUS (NTAPI SpInstanceInitFn)(ULONG, PSECPKG_DLL_FUNCTIONS, 439 PVOID *); 440 typedef NTSTATUS (NTAPI SpInitUserModeContextFn)(LSA_SEC_HANDLE, PSecBuffer); 441 typedef NTSTATUS (NTAPI SpMakeSignatureFn)(LSA_SEC_HANDLE, ULONG, 442 PSecBufferDesc, ULONG); 443 typedef NTSTATUS (NTAPI SpVerifySignatureFn)(LSA_SEC_HANDLE, PSecBufferDesc, 444 ULONG, PULONG); 445 typedef NTSTATUS (NTAPI SpSealMessageFn)(LSA_SEC_HANDLE, ULONG, PSecBufferDesc, 446 ULONG); 447 typedef NTSTATUS (NTAPI SpUnsealMessageFn)(LSA_SEC_HANDLE, PSecBufferDesc, 448 ULONG, PULONG); 449 typedef NTSTATUS (NTAPI SpGetContextTokenFn)(LSA_SEC_HANDLE, PHANDLE); 450 typedef NTSTATUS (NTAPI SpCompleteAuthTokenFn)(LSA_SEC_HANDLE, PSecBufferDesc); 451 typedef NTSTATUS (NTAPI SpFormatCredentialsFn)(PSecBuffer, PSecBuffer); 452 typedef NTSTATUS (NTAPI SpMarshallSupplementalCredsFn)(ULONG, PUCHAR, PULONG, 453 PVOID *); 454 typedef NTSTATUS (NTAPI SpExportSecurityContextFn)(LSA_SEC_HANDLE, ULONG, 455 PSecBuffer, PHANDLE); 456 typedef NTSTATUS (NTAPI SpImportSecurityContextFn)(PSecBuffer, HANDLE, 457 PLSA_SEC_HANDLE); 458 459 #ifdef WINE_NO_UNICODE_MACROS 460 #undef SetContextAttributes 461 #endif 462 463 /* dispatch tables of LSA-mode functions implemented by SSP/AP */ 464 typedef struct _SECPKG_FUNCTION_TABLE { 465 PLSA_AP_INITIALIZE_PACKAGE InitializePackage; 466 PLSA_AP_LOGON_USER LsaLogonUser; 467 PLSA_AP_CALL_PACKAGE CallPackage; 468 PLSA_AP_LOGON_TERMINATED LogonTerminated; 469 PLSA_AP_CALL_PACKAGE_UNTRUSTED CallPackageUntrusted; 470 PLSA_AP_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough; 471 PLSA_AP_LOGON_USER_EX LogonUserEx; 472 PLSA_AP_LOGON_USER_EX2 LogonUserEx2; 473 SpInitializeFn *Initialize; 474 SpShutDownFn *Shutdown; 475 SpGetInfoFn *GetInfo; 476 SpAcceptCredentialsFn *AcceptCredentials; 477 SpAcquireCredentialsHandleFn *SpAcquireCredentialsHandle; 478 SpQueryCredentialsAttributesFn *SpQueryCredentialsAttributes; 479 SpFreeCredentialsHandleFn *FreeCredentialsHandle; 480 SpSaveCredentialsFn *SaveCredentials; 481 SpGetCredentialsFn *GetCredentials; 482 SpDeleteCredentialsFn *DeleteCredentials; 483 SpInitLsaModeContextFn *InitLsaModeContext; 484 SpAcceptLsaModeContextFn *AcceptLsaModeContext; 485 SpDeleteContextFn *DeleteContext; 486 SpApplyControlTokenFn *ApplyControlToken; 487 SpGetUserInfoFn *GetUserInfo; 488 SpGetExtendedInformationFn *GetExtendedInformation; 489 SpQueryContextAttributesFn *SpQueryContextAttributes; 490 SpAddCredentialsFn *SpAddCredentials; 491 SpSetExtendedInformationFn *SetExtendedInformation; 492 /* Packages with version SECPKG_INTERFACE_VERSION end here */ 493 SpSetContextAttributesFn *SetContextAttributes; 494 /* Packages with version SECPKG_INTERFACE_VERSION_2 end here */ 495 SpSetCredentialsAttributesFn *SetCredentialsAttributes; 496 /* Packages with version SECPKG_INTERFACE_VERSION_3 end here */ 497 SpChangeAccountPasswordFn *ChangeAccountPassword; 498 /* Packages with version SECPKG_INTERFACE_VERSION_4 end here */ 499 SpQueryMetaDataFn *QueryMetaData; 500 SpExchangeMetaDataFn *ExchangeMetaData; 501 SpGetCredUIContextFn *GetCredUIContext; 502 SpUpdateCredentialsFn *UpdateCredentials; 503 /* Packages with version SECPKG_INTERFACE_VERSION_5 end here */ 504 SpValidateTargetInfoFn *ValidateTargetInfo; 505 /* Packages with version SECPKG_INTERFACE_VERSION_6 end here */ 506 LSA_AP_POST_LOGON_USER* PostLogonUser; 507 /* Packages with version SECPKG_INTERFACE_VERSION_7 end here */ 508 } SECPKG_FUNCTION_TABLE, 509 *PSECPKG_FUNCTION_TABLE; 510 511 /* dispatch tables of user-mode functions implemented by SSP/AP */ 512 typedef struct _SECPKG_USER_FUNCTION_TABLE { 513 SpInstanceInitFn *InstanceInit; 514 SpInitUserModeContextFn *InitUserModeContext; 515 SpMakeSignatureFn *MakeSignature; 516 SpVerifySignatureFn *VerifySignature; 517 SpSealMessageFn *SealMessage; 518 SpUnsealMessageFn *UnsealMessage; 519 SpGetContextTokenFn *GetContextToken; 520 SpQueryContextAttributesFn *SpQueryContextAttributes; 521 SpCompleteAuthTokenFn *CompleteAuthToken; 522 SpDeleteContextFn *DeleteUserModeContext; 523 SpFormatCredentialsFn *FormatCredentials; 524 SpMarshallSupplementalCredsFn *MarshallSupplementalCreds; 525 SpExportSecurityContextFn *ExportContext; 526 SpImportSecurityContextFn *ImportContext; 527 } SECPKG_USER_FUNCTION_TABLE, 528 *PSECPKG_USER_FUNCTION_TABLE; 529 530 /* LSA-mode entry point to SSP/APs */ 531 typedef NTSTATUS (NTAPI *SpLsaModeInitializeFn)(ULONG, PULONG, 532 PSECPKG_FUNCTION_TABLE *, PULONG); 533 534 /* User-mode entry point to SSP/APs */ 535 typedef NTSTATUS (WINAPI *SpUserModeInitializeFn)(ULONG, PULONG, 536 PSECPKG_USER_FUNCTION_TABLE *, PULONG); 537 538 #ifdef __cplusplus 539 } 540 #endif 541 #endif /* _NTSECPKG_H */ 542