1 /** 2 * @file ntsecapi.h 3 * Copyright 2012, 2013 MinGW.org project 4 * 5 * Permission is hereby granted, free of charge, to any person obtaining a 6 * copy of this software and associated documentation files (the "Software"), 7 * to deal in the Software without restriction, including without limitation 8 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 9 * and/or sell copies of the Software, and to permit persons to whom the 10 * Software is furnished to do so, subject to the following conditions: 11 * 12 * The above copyright notice and this permission notice (including the next 13 * paragraph) shall be included in all copies or substantial portions of the 14 * Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 22 * DEALINGS IN THE SOFTWARE. 23 */ 24 #ifndef _NTSECAPI_H 25 #define _NTSECAPI_H 26 #pragma GCC system_header 27 #include <_mingw.h> 28 29 #ifdef __cplusplus 30 extern "C" { 31 #endif 32 33 #define KERB_WRAP_NO_ENCRYPT 0x80000001 34 #define LOGON_GUEST 1 35 #define LOGON_NOENCRYPTION 2 36 #define LOGON_CACHED_ACCOUNT 4 37 #define LOGON_USED_LM_PASSWORD 8 38 #define LOGON_EXTRA_SIDS 32 39 #define LOGON_SUBAUTH_SESSION_KEY 64 40 #define LOGON_SERVER_TRUST_ACCOUNT 128 41 #define LOGON_NTLMV2_ENABLED 256 42 #define LOGON_RESOURCE_GROUPS 512 43 #define LOGON_PROFILE_PATH_RETURNED 1024 44 #define LOGON_GRACE_LOGON 16777216 45 #define LSA_MODE_PASSWORD_PROTECTED 1 46 #define LSA_MODE_INDIVIDUAL_ACCOUNTS 2 47 #define LSA_MODE_MANDATORY_ACCESS 3 48 #define LSA_MODE_LOG_FULL 4 49 #define LSA_SUCCESS(x) ((LONG)(x)>=0) 50 #define MICROSOFT_KERBEROS_NAME_A "Kerberos" 51 #define MICROSOFT_KERBEROS_NAME_W L"Kerberos" 52 #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 32 53 #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 2048 54 #define MSV1_0_CHALLENGE_LENGTH 8 55 #define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 2 56 #define MSV1_0_CRED_LM_PRESENT 1 57 #define MSV1_0_CRED_NT_PRESENT 2 58 #define MSV1_0_CRED_VERSION 0 59 #define MSV1_0_DONT_TRY_GUEST_ACCOUNT 16 60 #define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8 61 #define MSV1_0_MAX_NTLM3_LIFE 1800 62 #define MSV1_0_MAX_AVL_SIZE 64000 63 #define MSV1_0_MNS_LOGON 16777216 64 #define MSV1_0_NTLM3_RESPONSE_LENGTH 16 65 #define MSV1_0_NTLM3_OWF_LENGTH 16 66 #define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE)-MSV1_0_NTLM3_RESPONSE_LENGTH) 67 #define MSV1_0_OWF_PASSWORD_LENGTH 16 68 #define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" 69 #define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" 70 #define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW)-sizeof(WCHAR) 71 #define MSV1_0_RETURN_USER_PARAMETERS 8 72 #define MSV1_0_RETURN_PASSWORD_EXPIRY 64 73 #define MSV1_0_RETURN_PROFILE_PATH 512 74 #define MSV1_0_SUBAUTHENTICATION_DLL_EX 1048576 75 #define MSV1_0_SUBAUTHENTICATION_DLL 0xff000000 76 #define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24 77 #define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2 78 #define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132 79 #define MSV1_0_SUBAUTHENTICATION_FLAGS 0xff000000 80 #define MSV1_0_SUBAUTHENTICATION_KEY "System\\CurrentControlSet\\Control\\Lsa\\MSV1_0" 81 #define MSV1_0_SUBAUTHENTICATION_VALUE "Auth" 82 #define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 256 83 #define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 1024 84 #define MSV1_0_UPDATE_LOGON_STATISTICS 4 85 #define MSV1_0_USE_CLIENT_CHALLENGE 128 86 #define MSV1_0_USER_SESSION_KEY_LENGTH 16 87 #define POLICY_VIEW_LOCAL_INFORMATION 1 88 #define POLICY_VIEW_AUDIT_INFORMATION 2 89 #define POLICY_GET_PRIVATE_INFORMATION 4 90 #define POLICY_TRUST_ADMIN 8 91 #define POLICY_CREATE_ACCOUNT 16 92 #define POLICY_CREATE_SECRET 32 93 #define POLICY_CREATE_PRIVILEGE 64 94 #define POLICY_SET_DEFAULT_QUOTA_LIMITS 128 95 #define POLICY_SET_AUDIT_REQUIREMENTS 256 96 #define POLICY_AUDIT_LOG_ADMIN 512 97 #define POLICY_SERVER_ADMIN 1024 98 #define POLICY_LOOKUP_NAMES 2048 99 #define POLICY_READ (STANDARD_RIGHTS_READ|6) 100 #define POLICY_WRITE (STANDARD_RIGHTS_WRITE|2040) 101 #define POLICY_EXECUTE (STANDARD_RIGHTS_EXECUTE|2049) 102 #define POLICY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|4095) 103 #define POLICY_AUDIT_EVENT_UNCHANGED 0 104 #define POLICY_AUDIT_EVENT_SUCCESS 1 105 #define POLICY_AUDIT_EVENT_FAILURE 2 106 #define POLICY_AUDIT_EVENT_NONE 4 107 #define POLICY_AUDIT_EVENT_MASK 7 108 #define POLICY_LOCATION_LOCAL 1 109 #define POLICY_LOCATION_DS 2 110 #define POLICY_MACHINE_POLICY_LOCAL 0 111 #define POLICY_MACHINE_POLICY_DEFAULTED 1 112 #define POLICY_MACHINE_POLICY_EXPLICIT 2 113 #define POLICY_MACHINE_POLICY_UNKNOWN 0xFFFFFFFF 114 #define POLICY_QOS_SCHANEL_REQUIRED 1 115 #define POLICY_QOS_OUTBOUND_INTEGRITY 2 116 #define POLICY_QOS_OUTBOUND_CONFIDENTIALITY 4 117 #define POLICY_QOS_INBOUND_INTEGREITY 8 118 #define POLICY_QOS_INBOUND_CONFIDENTIALITY 16 119 #define POLICY_QOS_ALLOW_LOCAL_ROOT_CERT_STORE 32 120 #define POLICY_QOS_RAS_SERVER_ALLOWED 64 121 #define POLICY_QOS_DHCP_SERVER_ALLOWD 128 122 #define POLICY_KERBEROS_FORWARDABLE 1 123 #define POLICY_KERBEROS_PROXYABLE 2 124 #define POLICY_KERBEROS_RENEWABLE 4 125 #define POLICY_KERBEROS_POSTDATEABLE 8 126 #define SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE "PasswordChangeNotify" 127 #define SAM_INIT_NOTIFICATION_ROUTINE "InitializeChangeNotify" 128 #define SAM_PASSWORD_FILTER_ROUTINE "PasswordFilter" 129 #define SE_INTERACTIVE_LOGON_NAME TEXT("SeInteractiveLogonRight") 130 #define SE_NETWORK_LOGON_NAME TEXT("SeNetworkLogonRight") 131 #define SE_BATCH_LOGON_NAME TEXT("SeBatchLogonRight") 132 #define SE_SERVICE_LOGON_NAME TEXT("SeServiceLogonRight") 133 #define TRUST_ATTRIBUTE_NON_TRANSITIVE 1 134 #define TRUST_ATTRIBUTE_UPLEVEL_ONLY 2 135 #define TRUST_ATTRIBUTE_TREE_PARENT 4194304 136 #define TRUST_ATTRIBUTES_VALID -16580609 137 #define TRUST_AUTH_TYPE_NONE 0 138 #define TRUST_AUTH_TYPE_NT4OWF 1 139 #define TRUST_AUTH_TYPE_CLEAR 2 140 #define TRUST_DIRECTION_DISABLED 0 141 #define TRUST_DIRECTION_INBOUND 1 142 #define TRUST_DIRECTION_OUTBOUND 2 143 #define TRUST_DIRECTION_BIDIRECTIONAL 3 144 #define TRUST_TYPE_DOWNLEVEL 1 145 #define TRUST_TYPE_UPLEVEL 2 146 #define TRUST_TYPE_MIT 3 147 #define TRUST_TYPE_DCE 4 148 149 #if !defined(_NTDEF_H) && !defined(_SUBAUTH_H) 150 typedef LONG NTSTATUS, *PNTSTATUS; 151 typedef struct _UNICODE_STRING { 152 USHORT Length; 153 USHORT MaximumLength; 154 PWSTR Buffer; 155 } UNICODE_STRING, *PUNICODE_STRING; 156 typedef const UNICODE_STRING* PCUNICODE_STRING; 157 typedef struct _STRING { 158 USHORT Length; 159 USHORT MaximumLength; 160 PCHAR Buffer; 161 } STRING, *PSTRING; 162 #endif 163 164 typedef UNICODE_STRING LSA_UNICODE_STRING, *PLSA_UNICODE_STRING; 165 typedef STRING LSA_STRING, *PLSA_STRING; 166 typedef enum _MSV1_0_LOGON_SUBMIT_TYPE { 167 MsV1_0InteractiveLogon = 2, 168 MsV1_0Lm20Logon, 169 MsV1_0NetworkLogon, 170 MsV1_0SubAuthLogon, 171 MsV1_0WorkstationUnlockLogon = 7 172 } MSV1_0_LOGON_SUBMIT_TYPE, *PMSV1_0_LOGON_SUBMIT_TYPE; 173 typedef enum _MSV1_0_PROFILE_BUFFER_TYPE { 174 MsV1_0InteractiveProfile = 2, 175 MsV1_0Lm20LogonProfile, 176 MsV1_0SmartCardProfile 177 } MSV1_0_PROFILE_BUFFER_TYPE, *PMSV1_0_PROFILE_BUFFER_TYPE; 178 typedef enum { 179 MsvAvEOL, 180 MsvAvNbComputerName, 181 MsvAvNbDomainName, 182 MsvAvDnsComputerName, 183 MsvAvDnsDomainName 184 } MSV1_0_AVID; 185 typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE { 186 MsV1_0Lm20ChallengeRequest = 0, 187 MsV1_0Lm20GetChallengeResponse, 188 MsV1_0EnumerateUsers, 189 MsV1_0GetUserInfo, 190 MsV1_0ReLogonUsers, 191 MsV1_0ChangePassword, 192 MsV1_0ChangeCachedPassword, 193 MsV1_0GenericPassthrough, 194 MsV1_0CacheLogon, 195 MsV1_0SubAuth, 196 MsV1_0DeriveCredential, 197 MsV1_0CacheLookup 198 } MSV1_0_PROTOCOL_MESSAGE_TYPE, *PMSV1_0_PROTOCOL_MESSAGE_TYPE; 199 typedef enum _POLICY_LSA_SERVER_ROLE { 200 PolicyServerRoleBackup = 2, 201 PolicyServerRolePrimary 202 } POLICY_LSA_SERVER_ROLE, *PPOLICY_LSA_SERVER_ROLE; 203 typedef enum _POLICY_SERVER_ENABLE_STATE { 204 PolicyServerEnabled = 2, 205 PolicyServerDisabled 206 } POLICY_SERVER_ENABLE_STATE, *PPOLICY_SERVER_ENABLE_STATE; 207 typedef enum _POLICY_INFORMATION_CLASS { 208 PolicyAuditLogInformation = 1, 209 PolicyAuditEventsInformation, 210 PolicyPrimaryDomainInformation, 211 PolicyPdAccountInformation, 212 PolicyAccountDomainInformation, 213 PolicyLsaServerRoleInformation, 214 PolicyReplicaSourceInformation, 215 PolicyDefaultQuotaInformation, 216 PolicyModificationInformation, 217 PolicyAuditFullSetInformation, 218 PolicyAuditFullQueryInformation, 219 PolicyDnsDomainInformation, 220 PolicyEfsInformation 221 } POLICY_INFORMATION_CLASS, *PPOLICY_INFORMATION_CLASS; 222 typedef enum _POLICY_AUDIT_EVENT_TYPE { 223 AuditCategorySystem, 224 AuditCategoryLogon, 225 AuditCategoryObjectAccess, 226 AuditCategoryPrivilegeUse, 227 AuditCategoryDetailedTracking, 228 AuditCategoryPolicyChange, 229 AuditCategoryAccountManagement, 230 AuditCategoryDirectoryServiceAccess, 231 AuditCategoryAccountLogon 232 } POLICY_AUDIT_EVENT_TYPE, *PPOLICY_AUDIT_EVENT_TYPE; 233 typedef enum _POLICY_LOCAL_INFORMATION_CLASS { 234 PolicyLocalAuditEventsInformation = 1, 235 PolicyLocalPdAccountInformation, 236 PolicyLocalAccountDomainInformation, 237 PolicyLocalLsaServerRoleInformation, 238 PolicyLocalReplicaSourceInformation, 239 PolicyLocalModificationInformation, 240 PolicyLocalAuditFullSetInformation, 241 PolicyLocalAuditFullQueryInformation, 242 PolicyLocalDnsDomainInformation, 243 PolicyLocalIPSecReferenceInformation, 244 PolicyLocalMachinePasswordInformation, 245 PolicyLocalQualityOfServiceInformation, 246 PolicyLocalPolicyLocationInformation 247 } POLICY_LOCAL_INFORMATION_CLASS, *PPOLICY_LOCAL_INFORMATION_CLASS; 248 typedef enum _POLICY_DOMAIN_INFORMATION_CLASS { 249 PolicyDomainIPSecReferenceInformation = 1, 250 PolicyDomainQualityOfServiceInformation, 251 PolicyDomainEfsInformation, 252 PolicyDomainPublicKeyInformation, 253 PolicyDomainPasswordPolicyInformation, 254 PolicyDomainLockoutInformation, 255 PolicyDomainKerberosTicketInformation 256 } POLICY_DOMAIN_INFORMATION_CLASS, *PPOLICY_DOMAIN_INFORMATION_CLASS; 257 typedef enum _SECURITY_LOGON_TYPE { 258 Interactive = 2, 259 Network, 260 Batch, 261 Service, 262 Proxy, 263 Unlock 264 } SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE; 265 typedef enum _TRUSTED_INFORMATION_CLASS { 266 TrustedDomainNameInformation = 1, 267 TrustedControllersInformation, 268 TrustedPosixOffsetInformation, 269 TrustedPasswordInformation, 270 TrustedDomainInformationBasic, 271 TrustedDomainInformationEx, 272 TrustedDomainAuthInformation, 273 TrustedDomainFullInformation 274 } TRUSTED_INFORMATION_CLASS, *PTRUSTED_INFORMATION_CLASS; 275 typedef struct _DOMAIN_PASSWORD_INFORMATION { 276 USHORT MinPasswordLength; 277 USHORT PasswordHistoryLength; 278 ULONG PasswordProperties; 279 LARGE_INTEGER MaxPasswordAge; 280 LARGE_INTEGER MinPasswordAge; 281 } DOMAIN_PASSWORD_INFORMATION, *PDOMAIN_PASSWORD_INFORMATION; 282 typedef ULONG LSA_ENUMERATION_HANDLE, *PLSA_ENUMERATION_HANDLE; 283 typedef struct _LSA_ENUMERATION_INFORMATION { 284 PSID Sid; 285 } LSA_ENUMERATION_INFORMATION, *PLSA_ENUMERATION_INFORMATION; 286 typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE; 287 288 #if !defined(_NTDEF_H) 289 typedef struct _LSA_OBJECT_ATTRIBUTES { 290 ULONG Length; 291 HANDLE RootDirectory; 292 PLSA_UNICODE_STRING ObjectName; 293 ULONG Attributes; 294 PVOID SecurityDescriptor; 295 PVOID SecurityQualityOfService; 296 } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES; 297 #endif 298 299 typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES; 300 typedef struct _LSA_TRUST_INFORMATION { 301 LSA_UNICODE_STRING Name; 302 PSID Sid; 303 } LSA_TRUST_INFORMATION, *PLSA_TRUST_INFORMATION; 304 typedef struct _LSA_REFERENCED_DOMAIN_LIST { 305 ULONG Entries; 306 PLSA_TRUST_INFORMATION Domains; 307 } LSA_REFERENCED_DOMAIN_LIST, *PLSA_REFERENCED_DOMAIN_LIST; 308 typedef struct _LSA_TRANSLATED_SID { 309 SID_NAME_USE Use; 310 ULONG RelativeId; 311 LONG DomainIndex; 312 } LSA_TRANSLATED_SID, *PLSA_TRANSLATED_SID; 313 typedef struct _LSA_TRANSLATED_NAME { 314 SID_NAME_USE Use; 315 LSA_UNICODE_STRING Name; 316 LONG DomainIndex; 317 } LSA_TRANSLATED_NAME, *PLSA_TRANSLATED_NAME; 318 typedef struct _MSV1_0_INTERACTIVE_LOGON { 319 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 320 UNICODE_STRING LogonDomainName; 321 UNICODE_STRING UserName; 322 UNICODE_STRING Password; 323 } MSV1_0_INTERACTIVE_LOGON, *PMSV1_0_INTERACTIVE_LOGON; 324 typedef struct _MSV1_0_INTERACTIVE_PROFILE { 325 MSV1_0_PROFILE_BUFFER_TYPE MessageType; 326 USHORT LogonCount; 327 USHORT BadPasswordCount; 328 LARGE_INTEGER LogonTime; 329 LARGE_INTEGER LogoffTime; 330 LARGE_INTEGER KickOffTime; 331 LARGE_INTEGER PasswordLastSet; 332 LARGE_INTEGER PasswordCanChange; 333 LARGE_INTEGER PasswordMustChange; 334 UNICODE_STRING LogonScript; 335 UNICODE_STRING HomeDirectory; 336 UNICODE_STRING FullName; 337 UNICODE_STRING ProfilePath; 338 UNICODE_STRING HomeDirectoryDrive; 339 UNICODE_STRING LogonServer; 340 ULONG UserFlags; 341 } MSV1_0_INTERACTIVE_PROFILE, *PMSV1_0_INTERACTIVE_PROFILE; 342 typedef struct _MSV1_0_LM20_LOGON { 343 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 344 UNICODE_STRING LogonDomainName; 345 UNICODE_STRING UserName; 346 UNICODE_STRING Workstation; 347 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 348 STRING CaseSensitiveChallengeResponse; 349 STRING CaseInsensitiveChallengeResponse; 350 ULONG ParameterControl; 351 } MSV1_0_LM20_LOGON, * PMSV1_0_LM20_LOGON; 352 typedef struct _MSV1_0_SUBAUTH_LOGON{ /* W2K only */ 353 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 354 UNICODE_STRING LogonDomainName; 355 UNICODE_STRING UserName; 356 UNICODE_STRING Workstation; 357 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 358 STRING AuthenticationInfo1; 359 STRING AuthenticationInfo2; 360 ULONG ParameterControl; 361 ULONG SubAuthPackageId; 362 } MSV1_0_SUBAUTH_LOGON, * PMSV1_0_SUBAUTH_LOGON; 363 typedef struct _MSV1_0_LM20_LOGON_PROFILE { 364 MSV1_0_PROFILE_BUFFER_TYPE MessageType; 365 LARGE_INTEGER KickOffTime; 366 LARGE_INTEGER LogoffTime; 367 ULONG UserFlags; 368 UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]; 369 UNICODE_STRING LogonDomainName; 370 UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]; 371 UNICODE_STRING LogonServer; 372 UNICODE_STRING UserParameters; 373 } MSV1_0_LM20_LOGON_PROFILE, * PMSV1_0_LM20_LOGON_PROFILE; 374 typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL { 375 ULONG Version; 376 ULONG Flags; 377 UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH]; 378 UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH]; 379 } MSV1_0_SUPPLEMENTAL_CREDENTIAL, *PMSV1_0_SUPPLEMENTAL_CREDENTIAL; 380 typedef struct _MSV1_0_NTLM3_RESPONSE { 381 UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH]; 382 UCHAR RespType; 383 UCHAR HiRespType; 384 USHORT Flags; 385 ULONG MsgWord; 386 ULONGLONG TimeStamp; 387 UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH]; 388 ULONG AvPairsOff; 389 UCHAR Buffer[1]; 390 } MSV1_0_NTLM3_RESPONSE, *PMSV1_0_NTLM3_RESPONSE; 391 typedef struct _MSV1_0_AV_PAIR { 392 USHORT AvId; 393 USHORT AvLen; 394 } MSV1_0_AV_PAIR, *PMSV1_0_AV_PAIR; 395 typedef struct _MSV1_0_CHANGEPASSWORD_REQUEST { 396 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 397 UNICODE_STRING DomainName; 398 UNICODE_STRING AccountName; 399 UNICODE_STRING OldPassword; 400 UNICODE_STRING NewPassword; 401 BOOLEAN Impersonating; 402 } MSV1_0_CHANGEPASSWORD_REQUEST, *PMSV1_0_CHANGEPASSWORD_REQUEST; 403 typedef struct _MSV1_0_CHANGEPASSWORD_RESPONSE { 404 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 405 BOOLEAN PasswordInfoValid; 406 DOMAIN_PASSWORD_INFORMATION DomainPasswordInfo; 407 } MSV1_0_CHANGEPASSWORD_RESPONSE, *PMSV1_0_CHANGEPASSWORD_RESPONSE; 408 typedef struct _MSV1_0_SUBAUTH_REQUEST{ 409 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 410 ULONG SubAuthPackageId; 411 ULONG SubAuthInfoLength; 412 PUCHAR SubAuthSubmitBuffer; 413 } MSV1_0_SUBAUTH_REQUEST, *PMSV1_0_SUBAUTH_REQUEST; 414 typedef struct _MSV1_0_SUBAUTH_RESPONSE{ 415 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 416 ULONG SubAuthInfoLength; 417 PUCHAR SubAuthReturnBuffer; 418 } MSV1_0_SUBAUTH_RESPONSE, *PMSV1_0_SUBAUTH_RESPONSE; 419 #define MSV1_0_DERIVECRED_TYPE_SHA1 0 420 typedef struct _MSV1_0_DERIVECRED_REQUEST { 421 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 422 LUID LogonId; 423 ULONG DeriveCredType; 424 ULONG DeriveCredInfoLength; 425 UCHAR DeriveCredSubmitBuffer[1]; 426 } MSV1_0_DERIVECRED_REQUEST, *PMSV1_0_DERIVECRED_REQUEST; 427 typedef struct _MSV1_0_DERIVECRED_RESPONSE { 428 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 429 ULONG DeriveCredInfoLength; 430 UCHAR DeriveCredReturnBuffer[1]; 431 } MSV1_0_DERIVECRED_RESPONSE, *PMSV1_0_DERIVECRED_RESPONSE; 432 typedef ULONG POLICY_AUDIT_EVENT_OPTIONS, *PPOLICY_AUDIT_EVENT_OPTIONS; 433 typedef struct _POLICY_PRIVILEGE_DEFINITION { 434 LSA_UNICODE_STRING Name; 435 LUID LocalValue; 436 } POLICY_PRIVILEGE_DEFINITION, *PPOLICY_PRIVILEGE_DEFINITION; 437 typedef struct _POLICY_AUDIT_LOG_INFO { 438 ULONG AuditLogPercentFull; 439 ULONG MaximumLogSize; 440 LARGE_INTEGER AuditRetentionPeriod; 441 BOOLEAN AuditLogFullShutdownInProgress; 442 LARGE_INTEGER TimeToShutdown; 443 ULONG NextAuditRecordId; 444 } POLICY_AUDIT_LOG_INFO, *PPOLICY_AUDIT_LOG_INFO; 445 typedef struct _POLICY_AUDIT_EVENTS_INFO { 446 BOOLEAN AuditingMode; 447 PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions; 448 ULONG MaximumAuditEventCount; 449 } POLICY_AUDIT_EVENTS_INFO, *PPOLICY_AUDIT_EVENTS_INFO; 450 typedef struct _POLICY_ACCOUNT_DOMAIN_INFO { 451 LSA_UNICODE_STRING DomainName; 452 PSID DomainSid; 453 } POLICY_ACCOUNT_DOMAIN_INFO, *PPOLICY_ACCOUNT_DOMAIN_INFO; 454 typedef struct _POLICY_PRIMARY_DOMAIN_INFO { 455 LSA_UNICODE_STRING Name; 456 PSID Sid; 457 } POLICY_PRIMARY_DOMAIN_INFO, *PPOLICY_PRIMARY_DOMAIN_INFO; 458 typedef struct _POLICY_DNS_DOMAIN_INFO { 459 LSA_UNICODE_STRING Name; 460 LSA_UNICODE_STRING DnsDomainName; 461 LSA_UNICODE_STRING DnsForestName; 462 GUID DomainGuid; 463 PSID Sid; 464 } POLICY_DNS_DOMAIN_INFO, *PPOLICY_DNS_DOMAIN_INFO; 465 typedef struct _POLICY_PD_ACCOUNT_INFO { 466 LSA_UNICODE_STRING Name; 467 } POLICY_PD_ACCOUNT_INFO, *PPOLICY_PD_ACCOUNT_INFO; 468 typedef struct _POLICY_LSA_SERVER_ROLE_INFO { 469 POLICY_LSA_SERVER_ROLE LsaServerRole; 470 } POLICY_LSA_SERVER_ROLE_INFO, *PPOLICY_LSA_SERVER_ROLE_INFO; 471 typedef struct _POLICY_REPLICA_SOURCE_INFO { 472 LSA_UNICODE_STRING ReplicaSource; 473 LSA_UNICODE_STRING ReplicaAccountName; 474 } POLICY_REPLICA_SOURCE_INFO, *PPOLICY_REPLICA_SOURCE_INFO; 475 typedef struct _POLICY_DEFAULT_QUOTA_INFO { 476 QUOTA_LIMITS QuotaLimits; 477 } POLICY_DEFAULT_QUOTA_INFO, *PPOLICY_DEFAULT_QUOTA_INFO; 478 typedef struct _POLICY_MODIFICATION_INFO { 479 LARGE_INTEGER ModifiedId; 480 LARGE_INTEGER DatabaseCreationTime; 481 } POLICY_MODIFICATION_INFO, *PPOLICY_MODIFICATION_INFO; 482 typedef struct _POLICY_AUDIT_FULL_SET_INFO { 483 BOOLEAN ShutDownOnFull; 484 } POLICY_AUDIT_FULL_SET_INFO, *PPOLICY_AUDIT_FULL_SET_INFO; 485 typedef struct _POLICY_AUDIT_FULL_QUERY_INFO { 486 BOOLEAN ShutDownOnFull; 487 BOOLEAN LogIsFull; 488 } POLICY_AUDIT_FULL_QUERY_INFO, *PPOLICY_AUDIT_FULL_QUERY_INFO; 489 typedef struct _POLICY_EFS_INFO { 490 ULONG InfoLength; 491 PUCHAR EfsBlob; 492 } POLICY_EFS_INFO, *PPOLICY_EFS_INFO; 493 typedef struct _POLICY_LOCAL_IPSEC_REFERENCE_INFO { 494 LSA_UNICODE_STRING ObjectPath; 495 } POLICY_LOCAL_IPSEC_REFERENCE_INFO, *PPOLICY_LOCAL_IPSEC_REFERENCE_INFO; 496 typedef struct _POLICY_LOCAL_MACHINE_PASSWORD_INFO { 497 LARGE_INTEGER PasswordChangeInterval; 498 } POLICY_LOCAL_MACHINE_PASSWORD_INFO, *PPOLICY_LOCAL_MACHINE_PASSWORD_INFO; 499 typedef struct _POLICY_LOCAL_POLICY_LOCATION_INFO { 500 ULONG PolicyLocation; 501 } POLICY_LOCAL_POLICY_LOCATION_INFO, *PPOLICY_LOCAL_POLICY_LOCATION_INFO; 502 typedef struct _POLICY_LOCAL_QUALITY_OF_SERVICE_INFO { 503 ULONG QualityOfService; 504 } POLICY_LOCAL_QUALITY_OF_SERVICE_INFO, *PPOLICY_LOCAL_QUALITY_OF_SERVICE_INFO; 505 typedef struct _POLICY_LOCAL_QUALITY_OF_SERVICE_INFO POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO; 506 typedef struct _POLICY_LOCAL_QUALITY_OF_SERVICE_INFO *PPOLICY_DOMAIN_QUALITY_OF_SERVICE_INFO; 507 typedef struct _POLICY_DOMAIN_PUBLIC_KEY_INFO { 508 ULONG InfoLength; 509 PUCHAR PublicKeyInfo; 510 } POLICY_DOMAIN_PUBLIC_KEY_INFO, *PPOLICY_DOMAIN_PUBLIC_KEY_INFO; 511 typedef struct _POLICY_DOMAIN_LOCKOUT_INFO { 512 LARGE_INTEGER LockoutDuration; 513 LARGE_INTEGER LockoutObservationWindow; 514 USHORT LockoutThreshold; 515 } POLICY_DOMAIN_LOCKOUT_INFO, *PPOLICY_DOMAIN_LOCKOUT_INFO; 516 typedef struct _POLICY_DOMAIN_PASSWORD_INFO { 517 USHORT MinPasswordLength; 518 USHORT PasswordHistoryLength; 519 ULONG PasswordProperties; 520 LARGE_INTEGER MaxPasswordAge; 521 LARGE_INTEGER MinPasswordAge; 522 } POLICY_DOMAIN_PASSWORD_INFO, *PPOLICY_DOMAIN_PASSWORD_INFO; 523 typedef struct _POLICY_DOMAIN_KERBEROS_TICKET_INFO { 524 ULONG AuthenticationOptions; 525 LARGE_INTEGER MinTicketAge; 526 LARGE_INTEGER MaxTicketAge; 527 LARGE_INTEGER MaxRenewAge; 528 LARGE_INTEGER ProxyLifetime; 529 LARGE_INTEGER ForceLogoff; 530 } POLICY_DOMAIN_KERBEROS_TICKET_INFO, *PPOLICY_DOMAIN_KERBEROS_TICKET_INFO; 531 typedef PVOID LSA_HANDLE, *PLSA_HANDLE; 532 typedef struct _TRUSTED_DOMAIN_NAME_INFO { 533 LSA_UNICODE_STRING Name; 534 } TRUSTED_DOMAIN_NAME_INFO, *PTRUSTED_DOMAIN_NAME_INFO; 535 typedef struct _TRUSTED_CONTROLLERS_INFO { 536 ULONG Entries; 537 PLSA_UNICODE_STRING Names; 538 } TRUSTED_CONTROLLERS_INFO, *PTRUSTED_CONTROLLERS_INFO; 539 typedef struct _TRUSTED_POSIX_OFFSET_INFO { 540 ULONG Offset; 541 } TRUSTED_POSIX_OFFSET_INFO, *PTRUSTED_POSIX_OFFSET_INFO; 542 typedef struct _TRUSTED_PASSWORD_INFO { 543 LSA_UNICODE_STRING Password; 544 LSA_UNICODE_STRING OldPassword; 545 } TRUSTED_PASSWORD_INFO, *PTRUSTED_PASSWORD_INFO; 546 typedef LSA_TRUST_INFORMATION TRUSTED_DOMAIN_INFORMATION_BASIC; 547 typedef PLSA_TRUST_INFORMATION *PTRUSTED_DOMAIN_INFORMATION_BASIC; 548 typedef struct _TRUSTED_DOMAIN_INFORMATION_EX { 549 LSA_UNICODE_STRING Name; 550 LSA_UNICODE_STRING FlatName; 551 PSID Sid; 552 ULONG TrustDirection; 553 ULONG TrustType; 554 ULONG TrustAttributes; 555 } TRUSTED_DOMAIN_INFORMATION_EX, *PTRUSTED_DOMAIN_INFORMATION_EX; 556 typedef struct _LSA_AUTH_INFORMATION { 557 LARGE_INTEGER LastUpdateTime; 558 ULONG AuthType; 559 ULONG AuthInfoLength; 560 PUCHAR AuthInfo; 561 } LSA_AUTH_INFORMATION, *PLSA_AUTH_INFORMATION; 562 typedef struct _TRUSTED_DOMAIN_AUTH_INFORMATION { 563 ULONG IncomingAuthInfos; 564 PLSA_AUTH_INFORMATION IncomingAuthenticationInformation; 565 PLSA_AUTH_INFORMATION IncomingPreviousAuthenticationInformation; 566 ULONG OutgoingAuthInfos; 567 PLSA_AUTH_INFORMATION OutgoingAuthenticationInformation; 568 PLSA_AUTH_INFORMATION OutgoingPreviousAuthenticationInformation; 569 } TRUSTED_DOMAIN_AUTH_INFORMATION, *PTRUSTED_DOMAIN_AUTH_INFORMATION; 570 typedef struct _TRUSTED_DOMAIN_FULL_INFORMATION { 571 TRUSTED_DOMAIN_INFORMATION_EX Information; 572 TRUSTED_POSIX_OFFSET_INFO PosixOffset; 573 TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation; 574 } TRUSTED_DOMAIN_FULL_INFORMATION, *PTRUSTED_DOMAIN_FULL_INFORMATION; 575 NTSTATUS NTAPI LsaAddAccountRights(LSA_HANDLE,PSID,PLSA_UNICODE_STRING,ULONG); 576 NTSTATUS NTAPI LsaCallAuthenticationPackage(HANDLE,ULONG,PVOID,ULONG,PVOID*, 577 PULONG,PNTSTATUS); 578 NTSTATUS NTAPI LsaClose(LSA_HANDLE); 579 NTSTATUS NTAPI LsaConnectUntrusted(PHANDLE); 580 NTSTATUS NTAPI LsaCreateTrustedDomainEx(LSA_HANDLE, 581 PTRUSTED_DOMAIN_INFORMATION_EX, 582 PTRUSTED_DOMAIN_AUTH_INFORMATION,ACCESS_MASK, 583 PLSA_HANDLE); 584 NTSTATUS NTAPI LsaDeleteTrustedDomain(LSA_HANDLE,PSID); 585 NTSTATUS NTAPI LsaDeregisterLogonProcess(HANDLE); 586 NTSTATUS NTAPI LsaEnumerateAccountRights(LSA_HANDLE,PSID,PLSA_UNICODE_STRING*,PULONG); 587 NTSTATUS NTAPI LsaEnumerateAccountsWithUserRight(LSA_HANDLE,PLSA_UNICODE_STRING, 588 PVOID*,PULONG); 589 NTSTATUS NTAPI LsaEnumerateTrustedDomains(LSA_HANDLE,PLSA_ENUMERATION_HANDLE, 590 PVOID*,ULONG,PULONG); 591 NTSTATUS NTAPI LsaEnumerateTrustedDomainsEx(LSA_HANDLE,PLSA_ENUMERATION_HANDLE, 592 TRUSTED_INFORMATION_CLASS,PVOID*,ULONG,PULONG); 593 NTSTATUS NTAPI LsaFreeMemory(PVOID); 594 NTSTATUS NTAPI LsaFreeReturnBuffer(PVOID); 595 NTSTATUS NTAPI LsaLogonUser(HANDLE,PLSA_STRING,SECURITY_LOGON_TYPE,ULONG,PVOID, 596 ULONG,PTOKEN_GROUPS,PTOKEN_SOURCE,PVOID*,PULONG, 597 PLUID,PHANDLE,PQUOTA_LIMITS,PNTSTATUS); 598 NTSTATUS NTAPI LsaLookupAuthenticationPackage(HANDLE,PLSA_STRING,PULONG); 599 NTSTATUS NTAPI LsaLookupNames(LSA_HANDLE,ULONG,PLSA_UNICODE_STRING, 600 PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_SID*); 601 NTSTATUS NTAPI LsaLookupSids(LSA_HANDLE,ULONG,PSID*, 602 PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_NAME*); 603 ULONG NTAPI LsaNtStatusToWinError(NTSTATUS); 604 NTSTATUS NTAPI LsaOpenPolicy(PLSA_UNICODE_STRING,PLSA_OBJECT_ATTRIBUTES, 605 ACCESS_MASK,PLSA_HANDLE); 606 NTSTATUS NTAPI LsaQueryDomainInformationPolicy(LSA_HANDLE, 607 POLICY_DOMAIN_INFORMATION_CLASS,PVOID*); 608 NTSTATUS NTAPI LsaQueryInformationPolicy(LSA_HANDLE,POLICY_INFORMATION_CLASS,PVOID*); 609 NTSTATUS NTAPI LsaQueryLocalInformationPolicy(LSA_HANDLE, 610 POLICY_LOCAL_INFORMATION_CLASS,PVOID*); 611 NTSTATUS NTAPI LsaQueryTrustedDomainInfo(LSA_HANDLE,PSID, 612 TRUSTED_INFORMATION_CLASS,PVOID*); 613 NTSTATUS NTAPI LsaQueryTrustedDomainInfoByName(LSA_HANDLE,PLSA_UNICODE_STRING, 614 TRUSTED_INFORMATION_CLASS,PVOID*); 615 NTSTATUS NTAPI LsaRegisterLogonProcess(PLSA_STRING,PHANDLE,PLSA_OPERATIONAL_MODE); 616 NTSTATUS NTAPI LsaRemoveAccountRights(LSA_HANDLE,PSID,BOOLEAN, 617 PLSA_UNICODE_STRING,ULONG); 618 NTSTATUS NTAPI LsaRetrievePrivateData(LSA_HANDLE,PLSA_UNICODE_STRING, 619 PLSA_UNICODE_STRING*); 620 NTSTATUS NTAPI LsaSetDomainInformationPolicy(LSA_HANDLE, 621 POLICY_DOMAIN_INFORMATION_CLASS,PVOID); 622 NTSTATUS NTAPI LsaSetInformationPolicy(LSA_HANDLE,POLICY_INFORMATION_CLASS, PVOID); 623 NTSTATUS NTAPI LsaSetLocalInformationPolicy(LSA_HANDLE, 624 POLICY_LOCAL_INFORMATION_CLASS,PVOID); 625 NTSTATUS NTAPI LsaSetTrustedDomainInformation(LSA_HANDLE,PSID, 626 TRUSTED_INFORMATION_CLASS,PVOID); 627 NTSTATUS NTAPI LsaSetTrustedDomainInfoByName(LSA_HANDLE,PLSA_UNICODE_STRING, 628 TRUSTED_INFORMATION_CLASS,PVOID); 629 NTSTATUS NTAPI LsaStorePrivateData(LSA_HANDLE,PLSA_UNICODE_STRING, 630 PLSA_UNICODE_STRING); 631 typedef NTSTATUS (*PSAM_PASSWORD_NOTIFICATION_ROUTINE)(PUNICODE_STRING, 632 ULONG,PUNICODE_STRING); 633 typedef BOOLEAN (*PSAM_INIT_NOTIFICATION_ROUTINE)(void); 634 typedef BOOLEAN (*PSAM_PASSWORD_FILTER_ROUTINE)(PUNICODE_STRING,PUNICODE_STRING, 635 PUNICODE_STRING,BOOLEAN); 636 #ifdef __cplusplus 637 } 638 #endif 639 640 #endif /* _NTSECAPI_H */ 641