1 // Licensed under the Apache License, Version 2.0
2 // <LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
3 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
4 // All files in the project carrying such notice may not be copied, modified, or distributed
5 // except according to those terms.
6 use shared::basetsd::{SIZE_T, ULONG_PTR};
7 use shared::guiddef::GUID;
8 use shared::minwindef::{PUCHAR, PULONG, UCHAR, ULONG, USHORT};
9 use shared::ntdef::{NTSTATUS, PNTSTATUS};
10 use um::lsalookup::{
11 LSA_TRUST_INFORMATION, LSA_UNICODE_STRING, PLSA_OBJECT_ATTRIBUTES,
12 PLSA_REFERENCED_DOMAIN_LIST, PLSA_STRING, PLSA_TRANSLATED_NAME, PLSA_TRANSLATED_SID2,
13 PLSA_TRUST_INFORMATION, PLSA_UNICODE_STRING,
14 };
15 use um::ntsecapi::PLSA_HANDLE;
16 use um::subauth::{PUNICODE_STRING, UNICODE_STRING};
17 use um::winnt::{
18 ACCESS_MASK, ANYSIZE_ARRAY, BOOLEAN, HANDLE, LARGE_INTEGER, LONG, LUID, PBOOLEAN,
19 PCLAIMS_BLOB, PHANDLE, PLARGE_INTEGER, PLUID, PPRIVILEGE_SET, PQUOTA_LIMITS,
20 PSECURITY_DESCRIPTOR, PSHORT, PSID, PTOKEN_GROUPS, PTOKEN_PRIVILEGES, PTOKEN_SOURCE, PVOID,
21 PWSTR, QUOTA_LIMITS, SECURITY_INFORMATION, SID_NAME_USE, STANDARD_RIGHTS_EXECUTE,
22 STANDARD_RIGHTS_READ, STANDARD_RIGHTS_REQUIRED, STANDARD_RIGHTS_WRITE, TOKEN_DEFAULT_DACL,
23 TOKEN_DEVICE_CLAIMS, TOKEN_OWNER, TOKEN_PRIMARY_GROUP, TOKEN_USER, TOKEN_USER_CLAIMS,
24 };
25 pub type LSA_OPERATIONAL_MODE = ULONG;
26 pub type PLSA_OPERATIONAL_MODE = *mut LSA_OPERATIONAL_MODE;
27 pub const LSA_MODE_PASSWORD_PROTECTED: ULONG = 0x00000001;
28 pub const LSA_MODE_INDIVIDUAL_ACCOUNTS: ULONG = 0x00000002;
29 pub const LSA_MODE_MANDATORY_ACCESS: ULONG = 0x00000004;
30 pub const LSA_MODE_LOG_FULL: ULONG = 0x00000008;
31 pub const LSA_MAXIMUM_SID_COUNT: SIZE_T = 0x00000100;
32 pub const LSA_MAXIMUM_ENUMERATION_LENGTH: SIZE_T = 32000;
33 pub const LSA_CALL_LICENSE_SERVER: ULONG = 0x80000000;
34 ENUM!{enum SECURITY_LOGON_TYPE {
35 UndefinedLogonType = 0,
36 Interactive = 2,
37 Network,
38 Batch,
39 Service,
40 Proxy,
41 Unlock,
42 NetworkCleartext,
43 NewCredentials,
44 RemoteInteractive,
45 CachedInteractive,
46 CachedRemoteInteractive,
47 CachedUnlock,
48 }}
49 pub type PSECURITY_LOGON_TYPE = *mut SECURITY_LOGON_TYPE;
50 pub const SECURITY_ACCESS_INTERACTIVE_LOGON: ULONG = 0x00000001;
51 pub const SECURITY_ACCESS_NETWORK_LOGON: ULONG = 0x00000002;
52 pub const SECURITY_ACCESS_BATCH_LOGON: ULONG = 0x00000004;
53 pub const SECURITY_ACCESS_SERVICE_LOGON: ULONG = 0x00000010;
54 pub const SECURITY_ACCESS_PROXY_LOGON: ULONG = 0x00000020;
55 pub const SECURITY_ACCESS_DENY_INTERACTIVE_LOGON: ULONG = 0x00000040;
56 pub const SECURITY_ACCESS_DENY_NETWORK_LOGON: ULONG = 0x00000080;
57 pub const SECURITY_ACCESS_DENY_BATCH_LOGON: ULONG = 0x00000100;
58 pub const SECURITY_ACCESS_DENY_SERVICE_LOGON: ULONG = 0x00000200;
59 pub const SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON: ULONG = 0x00000400;
60 pub const SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON: ULONG = 0x00000800;
61 ENUM!{enum SE_ADT_PARAMETER_TYPE {
62 SeAdtParmTypeNone = 0,
63 SeAdtParmTypeString,
64 SeAdtParmTypeFileSpec,
65 SeAdtParmTypeUlong,
66 SeAdtParmTypeSid,
67 SeAdtParmTypeLogonId,
68 SeAdtParmTypeNoLogonId,
69 SeAdtParmTypeAccessMask,
70 SeAdtParmTypePrivs,
71 SeAdtParmTypeObjectTypes,
72 SeAdtParmTypeHexUlong,
73 SeAdtParmTypePtr,
74 SeAdtParmTypeTime,
75 SeAdtParmTypeGuid,
76 SeAdtParmTypeLuid,
77 SeAdtParmTypeHexInt64,
78 SeAdtParmTypeStringList,
79 SeAdtParmTypeSidList,
80 SeAdtParmTypeDuration,
81 SeAdtParmTypeUserAccountControl,
82 SeAdtParmTypeNoUac,
83 SeAdtParmTypeMessage,
84 SeAdtParmTypeDateTime,
85 SeAdtParmTypeSockAddr,
86 SeAdtParmTypeSD,
87 SeAdtParmTypeLogonHours,
88 SeAdtParmTypeLogonIdNoSid,
89 SeAdtParmTypeUlongNoConv,
90 SeAdtParmTypeSockAddrNoPort,
91 SeAdtParmTypeAccessReason,
92 SeAdtParmTypeStagingReason,
93 SeAdtParmTypeResourceAttribute,
94 SeAdtParmTypeClaims,
95 SeAdtParmTypeLogonIdAsSid,
96 SeAdtParmTypeMultiSzString,
97 SeAdtParmTypeLogonIdEx,
98 }}
99 pub type PSE_ADT_PARAMETER_TYPE = *mut SE_ADT_PARAMETER_TYPE;
100 pub const SE_ADT_OBJECT_ONLY: USHORT = 0x1;
101 STRUCT!{struct SE_ADT_OBJECT_TYPE {
102 ObjectType: GUID,
103 Flags: USHORT,
104 Level: USHORT,
105 AccessMask: ACCESS_MASK,
106 }}
107 pub type PSE_ADT_OBJECT_TYPE = *mut SE_ADT_OBJECT_TYPE;
108 STRUCT!{struct SE_ADT_PARAMETER_ARRAY_ENTRY {
109 Type: SE_ADT_PARAMETER_TYPE,
110 Length: ULONG,
111 Data: [ULONG_PTR; 2],
112 Address: PVOID,
113 }}
114 pub type PSE_ADT_PARAMETER_ARRAY_ENTRY = *mut SE_ADT_PARAMETER_ARRAY_ENTRY;
115 STRUCT!{struct SE_ADT_ACCESS_REASON {
116 AccessMask: ACCESS_MASK,
117 AccessReasons: [ULONG; 32],
118 ObjectTypeIndex: ULONG,
119 AccessGranted: ULONG,
120 SecurityDescriptor: PSECURITY_DESCRIPTOR,
121 }}
122 pub type PSE_ADT_ACCESS_REASON = *mut SE_ADT_ACCESS_REASON;
123 STRUCT!{struct SE_ADT_CLAIMS {
124 Length: ULONG,
125 Claims: PCLAIMS_BLOB,
126 }}
127 pub type PSE_ADT_CLAIMS = *mut SE_ADT_CLAIMS;
128 pub const SE_MAX_AUDIT_PARAMETERS: SIZE_T = 32;
129 pub const SE_MAX_GENERIC_AUDIT_PARAMETERS: SIZE_T = 28;
130 STRUCT!{struct SE_ADT_PARAMETER_ARRAY {
131 CategoryId: ULONG,
132 AuditId: ULONG,
133 ParameterCount: ULONG,
134 Length: ULONG,
135 FlatSubCategoryId: USHORT,
136 Type: USHORT,
137 Flags: ULONG,
138 Parameters: [SE_ADT_PARAMETER_ARRAY_ENTRY; SE_MAX_AUDIT_PARAMETERS],
139 }}
140 pub type PSE_ADT_PARAMETER_ARRAY = *mut SE_ADT_PARAMETER_ARRAY;
141 STRUCT!{struct SE_ADT_PARAMETER_ARRAY_EX {
142 CategoryId: ULONG,
143 AuditId: ULONG,
144 Version: ULONG,
145 ParameterCount: ULONG,
146 Length: ULONG,
147 FlatSubCategoryId: USHORT,
148 Type: USHORT,
149 Flags: ULONG,
150 Parameters: [SE_ADT_PARAMETER_ARRAY_ENTRY; SE_MAX_AUDIT_PARAMETERS],
151 }}
152 pub type PSE_ADT_PARAMETER_ARRAY_EX = *mut SE_ADT_PARAMETER_ARRAY_EX;
153 pub const SE_ADT_PARAMETERS_SELF_RELATIVE: ULONG = 0x00000001;
154 pub const SE_ADT_PARAMETERS_SEND_TO_LSA: ULONG = 0x00000002;
155 pub const SE_ADT_PARAMETER_EXTENSIBLE_AUDIT: ULONG = 0x00000004;
156 pub const SE_ADT_PARAMETER_GENERIC_AUDIT: ULONG = 0x00000008;
157 pub const SE_ADT_PARAMETER_WRITE_SYNCHRONOUS: ULONG = 0x00000010;
158 #[cfg(target_pointer_width = "32")]
159 #[inline]
LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE( AuditParameters: SE_ADT_PARAMETER_ARRAY, ) -> SIZE_T160 pub fn LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(
161 AuditParameters: SE_ADT_PARAMETER_ARRAY,
162 ) -> SIZE_T {
163 664 // FIXME: sizeof::<SE_ADT_PARAMETER_ARRAY>()
164 - (20 // FIXME: sizeof::<SE_ADT_PARAMETER_ARRAY_ENTRY>()
165 * (SE_MAX_AUDIT_PARAMETERS - AuditParameters.ParameterCount as SIZE_T))
166 }
167 #[cfg(target_pointer_width = "64")]
168 #[inline]
LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE( AuditParameters: SE_ADT_PARAMETER_ARRAY, ) -> SIZE_T169 pub fn LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(
170 AuditParameters: SE_ADT_PARAMETER_ARRAY,
171 ) -> SIZE_T {
172 1048 // FIXME: sizeof::<SE_ADT_PARAMETER_ARRAY>()
173 - (32 // FIXME: sizeof::<SE_ADT_PARAMETER_ARRAY_ENTRY>()
174 * (SE_MAX_AUDIT_PARAMETERS - AuditParameters.ParameterCount as SIZE_T))
175 }
176 STRUCT!{struct LSA_ADT_STRING_LIST_ENTRY {
177 Flags: ULONG,
178 String: UNICODE_STRING,
179 }}
180 pub type PLSA_ADT_STRING_LIST_ENTRY = *mut LSA_ADT_STRING_LIST_ENTRY;
181 STRUCT!{struct LSA_ADT_STRING_LIST {
182 cStrings: ULONG,
183 String: PLSA_ADT_STRING_LIST_ENTRY,
184 }}
185 pub type PLSA_ADT_STRING_LIST = *mut LSA_ADT_STRING_LIST;
186 STRUCT!{struct LSA_ADT_SID_LIST_ENTRY {
187 Flags: ULONG,
188 Sid: PSID,
189 }}
190 pub type PLSA_ADT_SID_LIST_ENTRY = *mut LSA_ADT_SID_LIST_ENTRY;
191 STRUCT!{struct LSA_ADT_SID_LIST {
192 cSids: ULONG,
193 Sid: PLSA_ADT_SID_LIST_ENTRY,
194 }}
195 pub type PLSA_ADT_SID_LIST = *mut LSA_ADT_SID_LIST;
196 pub const LSA_ADT_SECURITY_SOURCE_NAME: &'static str = "Microsoft-Windows-Security-Auditing";
197 pub const LSA_ADT_LEGACY_SECURITY_SOURCE_NAME: &'static str = "Security";
198 pub const SE_ADT_POLICY_AUDIT_EVENT_TYPE_EX_BEGIN: ULONG = 100;
199 ENUM!{enum POLICY_AUDIT_EVENT_TYPE_EX {
200 iSystem_SecurityStateChange = SE_ADT_POLICY_AUDIT_EVENT_TYPE_EX_BEGIN,
201 iSystem_SecuritySubsystemExtension,
202 iSystem_Integrity,
203 iSystem_IPSecDriverEvents,
204 iSystem_Others,
205 iLogon_Logon,
206 iLogon_Logoff,
207 iLogon_AccountLockout,
208 iLogon_IPSecMainMode,
209 iLogon_SpecialLogon,
210 iLogon_IPSecQuickMode,
211 iLogon_IPSecUsermode,
212 iLogon_Others,
213 iLogon_NPS,
214 iLogon_Claims,
215 iLogon_Groups,
216 iObjectAccess_FileSystem,
217 iObjectAccess_Registry,
218 iObjectAccess_Kernel,
219 iObjectAccess_Sam,
220 iObjectAccess_Other,
221 iObjectAccess_CertificationAuthority,
222 iObjectAccess_ApplicationGenerated,
223 iObjectAccess_HandleBasedAudits,
224 iObjectAccess_Share,
225 iObjectAccess_FirewallPacketDrops,
226 iObjectAccess_FirewallConnection,
227 iObjectAccess_DetailedFileShare,
228 iObjectAccess_RemovableStorage,
229 iObjectAccess_CbacStaging,
230 iPrivilegeUse_Sensitive,
231 iPrivilegeUse_NonSensitive,
232 iPrivilegeUse_Others,
233 iDetailedTracking_ProcessCreation,
234 iDetailedTracking_ProcessTermination,
235 iDetailedTracking_DpapiActivity,
236 iDetailedTracking_RpcCall,
237 iDetailedTracking_PnpActivity,
238 iDetailedTracking_TokenRightAdjusted,
239 iPolicyChange_AuditPolicy,
240 iPolicyChange_AuthenticationPolicy,
241 iPolicyChange_AuthorizationPolicy,
242 iPolicyChange_MpsscvRulePolicy,
243 iPolicyChange_WfpIPSecPolicy,
244 iPolicyChange_Others,
245 iAccountManagement_UserAccount,
246 iAccountManagement_ComputerAccount,
247 iAccountManagement_SecurityGroup,
248 iAccountManagement_DistributionGroup,
249 iAccountManagement_ApplicationGroup,
250 iAccountManagement_Others,
251 iDSAccess_DSAccess,
252 iDSAccess_AdAuditChanges,
253 iDS_Replication,
254 iDS_DetailedReplication,
255 iAccountLogon_CredentialValidation,
256 iAccountLogon_Kerberos,
257 iAccountLogon_Others,
258 iAccountLogon_KerbCredentialValidation,
259 iUnknownSubCategory = 999,
260 }}
261 pub type PPOLICY_AUDIT_EVENT_TYPE_EX = *mut POLICY_AUDIT_EVENT_TYPE_EX;
262 ENUM!{enum POLICY_AUDIT_EVENT_TYPE {
263 AuditCategorySystem = 0,
264 AuditCategoryLogon,
265 AuditCategoryObjectAccess,
266 AuditCategoryPrivilegeUse,
267 AuditCategoryDetailedTracking,
268 AuditCategoryPolicyChange,
269 AuditCategoryAccountManagement,
270 AuditCategoryDirectoryServiceAccess,
271 AuditCategoryAccountLogon,
272 }}
273 pub type PPOLICY_AUDIT_EVENT_TYPE = *mut POLICY_AUDIT_EVENT_TYPE;
274 pub const POLICY_AUDIT_EVENT_UNCHANGED: ULONG = 0x00000000;
275 pub const POLICY_AUDIT_EVENT_SUCCESS: ULONG = 0x00000001;
276 pub const POLICY_AUDIT_EVENT_FAILURE: ULONG = 0x00000002;
277 pub const POLICY_AUDIT_EVENT_NONE: ULONG = 0x00000004;
278 pub const POLICY_AUDIT_EVENT_MASK: ULONG = POLICY_AUDIT_EVENT_SUCCESS | POLICY_AUDIT_EVENT_FAILURE
279 | POLICY_AUDIT_EVENT_UNCHANGED | POLICY_AUDIT_EVENT_NONE;
280 #[inline]
LSA_SUCCESS(Error: NTSTATUS) -> bool281 pub fn LSA_SUCCESS(Error: NTSTATUS) -> bool {
282 (Error as LONG) >= 0
283 }
284 extern "system" {
LsaRegisterLogonProcess( LogonProcessName: PLSA_STRING, LsaHandle: PHANDLE, SecurityMode: PLSA_OPERATIONAL_MODE, ) -> NTSTATUS285 pub fn LsaRegisterLogonProcess(
286 LogonProcessName: PLSA_STRING,
287 LsaHandle: PHANDLE,
288 SecurityMode: PLSA_OPERATIONAL_MODE,
289 ) -> NTSTATUS;
LsaLogonUser( LsaHandle: HANDLE, OriginName: PLSA_STRING, LogonType: SECURITY_LOGON_TYPE, AuthenticationPackage: ULONG, AuthenticationInformation: PVOID, AuthenticationInformationLength: ULONG, LocalGroups: PTOKEN_GROUPS, SourceContext: PTOKEN_SOURCE, ProfileBuffer: *mut PVOID, ProfileBufferLength: PULONG, LogonId: PLUID, Token: PHANDLE, Quotas: PQUOTA_LIMITS, SubStatus: PNTSTATUS, ) -> NTSTATUS290 pub fn LsaLogonUser(
291 LsaHandle: HANDLE,
292 OriginName: PLSA_STRING,
293 LogonType: SECURITY_LOGON_TYPE,
294 AuthenticationPackage: ULONG,
295 AuthenticationInformation: PVOID,
296 AuthenticationInformationLength: ULONG,
297 LocalGroups: PTOKEN_GROUPS,
298 SourceContext: PTOKEN_SOURCE,
299 ProfileBuffer: *mut PVOID,
300 ProfileBufferLength: PULONG,
301 LogonId: PLUID,
302 Token: PHANDLE,
303 Quotas: PQUOTA_LIMITS,
304 SubStatus: PNTSTATUS,
305 ) -> NTSTATUS;
LsaLookupAuthenticationPackage( LsaHandle: HANDLE, PackageName: PLSA_STRING, AuthenticationPackage: PULONG, ) -> NTSTATUS306 pub fn LsaLookupAuthenticationPackage(
307 LsaHandle: HANDLE,
308 PackageName: PLSA_STRING,
309 AuthenticationPackage: PULONG,
310 ) -> NTSTATUS;
LsaFreeReturnBuffer( Buffer: PVOID, ) -> NTSTATUS311 pub fn LsaFreeReturnBuffer(
312 Buffer: PVOID,
313 ) -> NTSTATUS;
LsaCallAuthenticationPackage( LsaHandle: HANDLE, AuthenticationPackage: ULONG, ProtocolSubmitBuffer: PVOID, SubmitBufferLength: ULONG, ProtocolReturnBuffer: *mut PVOID, ReturnBufferLength: PULONG, ProtocolStatus: PNTSTATUS, ) -> NTSTATUS314 pub fn LsaCallAuthenticationPackage(
315 LsaHandle: HANDLE,
316 AuthenticationPackage: ULONG,
317 ProtocolSubmitBuffer: PVOID,
318 SubmitBufferLength: ULONG,
319 ProtocolReturnBuffer: *mut PVOID,
320 ReturnBufferLength: PULONG,
321 ProtocolStatus: PNTSTATUS,
322 ) -> NTSTATUS;
LsaDeregisterLogonProcess( LsaHandle: HANDLE, ) -> NTSTATUS323 pub fn LsaDeregisterLogonProcess(
324 LsaHandle: HANDLE,
325 ) -> NTSTATUS;
LsaConnectUntrusted( LsaHandle: PHANDLE, ) -> NTSTATUS326 pub fn LsaConnectUntrusted(
327 LsaHandle: PHANDLE,
328 ) -> NTSTATUS;
329 }
330 extern "C" {
LsaInsertProtectedProcessAddress( BufferAddress: PVOID, BufferSize: ULONG, ) -> NTSTATUS331 pub fn LsaInsertProtectedProcessAddress(
332 BufferAddress: PVOID,
333 BufferSize: ULONG,
334 ) -> NTSTATUS;
LsaRemoveProtectedProcessAddress( BufferAddress: PVOID, BufferSize: ULONG, ) -> NTSTATUS335 pub fn LsaRemoveProtectedProcessAddress(
336 BufferAddress: PVOID,
337 BufferSize: ULONG,
338 ) -> NTSTATUS;
339 }
340 FN!{stdcall PFN_LSA_CALL_AUTH_PKG(
341 LsaHandle: HANDLE,
342 AuthenticationPackage: ULONG,
343 ProtocolSubmitBuffer: PVOID,
344 SubmitBufferLength: ULONG,
345 ProtocolReturnBuffer: *mut PVOID,
346 ReturnBufferLength: PULONG,
347 ProtocolStatus: PNTSTATUS,
348 ) -> NTSTATUS}
349 FN!{stdcall PFN_LSA_DEREGISTER_PROC(
350 LsaHandle: HANDLE,
351 ) -> NTSTATUS}
352 FN!{stdcall PFN_LSA_FREE_BUFFER(
353 Buffer: PVOID,
354 ) -> NTSTATUS}
355 FN!{stdcall PFN_LSA_LOGON_USER(
356 LsaHandle: HANDLE,
357 OriginName: PLSA_STRING,
358 LogonType: SECURITY_LOGON_TYPE,
359 AuthenticationPackage: ULONG,
360 AuthenticationInformation: PVOID,
361 AuthenticationInformationLength: ULONG,
362 LocalGroups: PTOKEN_GROUPS,
363 SourceContext: PTOKEN_SOURCE,
364 ProfileBuffer: *mut PVOID,
365 ProfileBufferLength: PULONG,
366 LogonId: PLUID,
367 Token: PHANDLE,
368 Quotas: PQUOTA_LIMITS,
369 SubStatus: PNTSTATUS,
370 ) -> NTSTATUS}
371 FN!{stdcall PFN_LOOKUP_AUTH_PKG(
372 LsaHandle: HANDLE,
373 PackageName: PLSA_STRING,
374 AuthenticationPackage: PULONG,
375 ) -> NTSTATUS}
376 FN!{stdcall PFN_LSA_REGISTER_PROC(
377 LogonProcessName: PLSA_STRING,
378 LsaHandle: PHANDLE,
379 SecurityMode: PLSA_OPERATIONAL_MODE,
380 ) -> NTSTATUS}
381 STRUCT!{struct LSA_AUTH_CALLBACKS {
382 LsaCallAuthPkgFn: PFN_LSA_CALL_AUTH_PKG,
383 LsaDeregisterProcFn: PFN_LSA_DEREGISTER_PROC,
384 LsaFreeReturnBufferFn: PFN_LSA_FREE_BUFFER,
385 LsaLogonUserFn: PFN_LSA_LOGON_USER,
386 LsaLookupAuthPkgFn: PFN_LOOKUP_AUTH_PKG,
387 LsaRegisterProcFn: PFN_LSA_REGISTER_PROC,
388 }}
389 pub type PLSA_AUTH_CALLBACKS = *mut LSA_AUTH_CALLBACKS;
390 pub type PCLSA_AUTH_CALLBACKS = *const LSA_AUTH_CALLBACKS;
391 pub type PLSA_CLIENT_REQUEST = *mut PVOID;
392 ENUM!{enum LSA_TOKEN_INFORMATION_TYPE {
393 LsaTokenInformationNull,
394 LsaTokenInformationV1,
395 LsaTokenInformationV2,
396 LsaTokenInformationV3,
397 }}
398 pub type PLSA_TOKEN_INFORMATION_TYPE = *mut LSA_TOKEN_INFORMATION_TYPE;
399 STRUCT!{struct LSA_TOKEN_INFORMATION_NULL {
400 ExpirationTime: LARGE_INTEGER,
401 Groups: PTOKEN_GROUPS,
402 }}
403 pub type PLSA_TOKEN_INFORMATION_NULL = *mut LSA_TOKEN_INFORMATION_NULL;
404 STRUCT!{struct LSA_TOKEN_INFORMATION_V1 {
405 ExpirationTime: LARGE_INTEGER,
406 User: TOKEN_USER,
407 Groups: PTOKEN_GROUPS,
408 PrimaryGroup: TOKEN_PRIMARY_GROUP,
409 Privileges: PTOKEN_PRIVILEGES,
410 Owner: TOKEN_OWNER,
411 DefaultDacl: TOKEN_DEFAULT_DACL,
412 }}
413 pub type PLSA_TOKEN_INFORMATION_V1 = *mut LSA_TOKEN_INFORMATION_V1;
414 pub type LSA_TOKEN_INFORMATION_V2 = LSA_TOKEN_INFORMATION_V1;
415 pub type PLSA_TOKEN_INFORMATION_V2 = *mut LSA_TOKEN_INFORMATION_V2;
416 STRUCT!{struct LSA_TOKEN_INFORMATION_V3 {
417 ExpirationTime: LARGE_INTEGER,
418 User: TOKEN_USER,
419 Groups: PTOKEN_GROUPS,
420 PrimaryGroup: TOKEN_PRIMARY_GROUP,
421 Privileges: PTOKEN_PRIVILEGES,
422 Owner: TOKEN_OWNER,
423 DefaultDacl: TOKEN_DEFAULT_DACL,
424 UserClaims: TOKEN_USER_CLAIMS,
425 DeviceClaims: TOKEN_DEVICE_CLAIMS,
426 DeviceGroups: PTOKEN_GROUPS,
427 }}
428 pub type PLSA_TOKEN_INFORMATION_V3 = *mut LSA_TOKEN_INFORMATION_V3;
429 FN!{stdcall PLSA_CREATE_LOGON_SESSION(
430 LogonId: PLUID,
431 ) -> NTSTATUS}
432 FN!{stdcall PLSA_DELETE_LOGON_SESSION(
433 LogonId: PLUID,
434 ) -> NTSTATUS}
435 FN!{stdcall PLSA_ADD_CREDENTIAL(
436 LogonId: PLUID,
437 AuthenticationPackage: ULONG,
438 PrimaryKeyValue: PLSA_STRING,
439 Credentials: PLSA_STRING,
440 ) -> NTSTATUS}
441 FN!{stdcall PLSA_GET_CREDENTIALS(
442 LogonId: PLUID,
443 AuthenticationPackage: ULONG,
444 QueryContext: PULONG,
445 RetrieveAllCredentials: BOOLEAN,
446 PrimaryKeyValue: PLSA_STRING,
447 PrimaryKeyLength: PULONG,
448 Credentials: PLSA_STRING,
449 ) -> NTSTATUS}
450 FN!{stdcall PLSA_DELETE_CREDENTIAL(
451 LogonId: PLUID,
452 AuthenticationPackage: ULONG,
453 PrimaryKeyValue: PLSA_STRING,
454 ) -> NTSTATUS}
455 FN!{stdcall PLSA_ALLOCATE_LSA_HEAP(
456 Length: ULONG,
457 ) -> PVOID}
458 FN!{stdcall PLSA_FREE_LSA_HEAP(
459 Base: PVOID,
460 ) -> ()}
461 FN!{stdcall PLSA_ALLOCATE_PRIVATE_HEAP(
462 Length: SIZE_T,
463 ) -> PVOID}
464 FN!{stdcall PLSA_FREE_PRIVATE_HEAP(
465 Base: PVOID,
466 ) -> ()}
467 FN!{stdcall PLSA_ALLOCATE_CLIENT_BUFFER(
468 ClientRequest: PLSA_CLIENT_REQUEST,
469 LengthRequired: ULONG,
470 ClientBaseAddress: *mut PVOID,
471 ) -> NTSTATUS}
472 FN!{stdcall PLSA_FREE_CLIENT_BUFFER(
473 ClientRequest: PLSA_CLIENT_REQUEST,
474 ClientBaseAddress: PVOID,
475 ) -> NTSTATUS}
476 FN!{stdcall PLSA_COPY_TO_CLIENT_BUFFER(
477 ClientRequest: PLSA_CLIENT_REQUEST,
478 Length: ULONG,
479 ClientBaseAddress: PVOID,
480 BufferToCopy: PVOID,
481 ) -> NTSTATUS}
482 FN!{stdcall PLSA_COPY_FROM_CLIENT_BUFFER(
483 ClientRequest: PLSA_CLIENT_REQUEST,
484 Length: ULONG,
485 BufferToCopy: PVOID,
486 ClientBaseAddress: PVOID,
487 ) -> NTSTATUS}
488 STRUCT!{struct LSA_DISPATCH_TABLE {
489 CreateLogonSession: PLSA_CREATE_LOGON_SESSION,
490 DeleteLogonSession: PLSA_DELETE_LOGON_SESSION,
491 AddCredential: PLSA_ADD_CREDENTIAL,
492 GetCredentials: PLSA_GET_CREDENTIALS,
493 DeleteCredential: PLSA_DELETE_CREDENTIAL,
494 AllocateLsaHeap: PLSA_ALLOCATE_LSA_HEAP,
495 FreeLsaHeap: PLSA_FREE_LSA_HEAP,
496 AllocateClientBuffer: PLSA_ALLOCATE_CLIENT_BUFFER,
497 FreeClientBuffer: PLSA_FREE_CLIENT_BUFFER,
498 CopyToClientBuffer: PLSA_COPY_TO_CLIENT_BUFFER,
499 CopyFromClientBuffer: PLSA_COPY_FROM_CLIENT_BUFFER,
500 }}
501 pub type PLSA_DISPATCH_TABLE = *mut LSA_DISPATCH_TABLE;
502 pub const LSA_AP_NAME_INITIALIZE_PACKAGE: &'static str = "LsaApInitializePackage";
503 pub const LSA_AP_NAME_LOGON_USER: &'static str = "LsaApLogonUser";
504 pub const LSA_AP_NAME_LOGON_USER_EX: &'static str = "LsaApLogonUserEx";
505 pub const LSA_AP_NAME_CALL_PACKAGE: &'static str = "LsaApCallPackage";
506 pub const LSA_AP_NAME_LOGON_TERMINATED: &'static str = "LsaApLogonTerminated";
507 pub const LSA_AP_NAME_CALL_PACKAGE_UNTRUSTED: &'static str = "LsaApCallPackageUntrusted";
508 pub const LSA_AP_NAME_CALL_PACKAGE_PASSTHROUGH: &'static str = "LsaApCallPackagePassthrough";
509 FN!{stdcall PLSA_AP_INITIALIZE_PACKAGE(
510 AuthenticationPackageId: ULONG,
511 LsaDispatchTable: PLSA_DISPATCH_TABLE,
512 Database: PLSA_STRING,
513 Confidentiality: PLSA_STRING,
514 AuthenticationPackageName: *mut PLSA_STRING,
515 ) -> NTSTATUS}
516 FN!{stdcall PLSA_AP_LOGON_USER(
517 ClientRequest: PLSA_CLIENT_REQUEST,
518 LogonType: SECURITY_LOGON_TYPE,
519 AuthenticationInformation: PVOID,
520 ClientAuthentication: PVOID,
521 AuthenticationInformationLength: ULONG,
522 ProfileBuffer: *mut PVOID,
523 ProfileBufferLength: PULONG,
524 LogonId: PLUID,
525 SubStatus: PNTSTATUS,
526 TokenInformationType: PLSA_TOKEN_INFORMATION_TYPE,
527 TokenInformation: *mut PVOID,
528 AccountName: *mut PLSA_UNICODE_STRING,
529 AuthenticatingAutority: *mut PLSA_UNICODE_STRING,
530 ) -> NTSTATUS}
531 FN!{stdcall PLSA_AP_LOGON_USER_EX(
532 ClientRequest: PLSA_CLIENT_REQUEST,
533 LogonType: SECURITY_LOGON_TYPE,
534 AuthenticationInformation: PVOID,
535 ClientAuthentication: PVOID,
536 AuthenticationInformationLength: ULONG,
537 ProfileBuffer: *mut PVOID,
538 ProfileBufferLength: PULONG,
539 LogonId: PLUID,
540 SubStatus: PNTSTATUS,
541 TokenInformationType: PLSA_TOKEN_INFORMATION_TYPE,
542 TokenInformation: *mut PVOID,
543 AccountName: *mut PLSA_UNICODE_STRING,
544 AuthenticatingAutority: *mut PLSA_UNICODE_STRING,
545 MachineName: *mut PUNICODE_STRING,
546 ) -> NTSTATUS}
547 FN!{stdcall PLSA_AP_CALL_PACKAGE(
548 ClientRequest: PLSA_CLIENT_REQUEST,
549 ProtocolSubmitBuffer: PVOID,
550 ClientBufferBase: PVOID,
551 SubmitBufferLength: ULONG,
552 ProtocolReturnBuffer: *mut PVOID,
553 ReturnBufferLength: PULONG,
554 ProtocolStatus: PNTSTATUS,
555 ) -> NTSTATUS}
556 FN!{stdcall PLSA_AP_CALL_PACKAGE_PASSTHROUGH(
557 ClientRequest: PLSA_CLIENT_REQUEST,
558 ProtocolSubmitBuffer: PVOID,
559 ClientBufferBase: PVOID,
560 SubmitBufferLength: ULONG,
561 ProtocolReturnBuffer: *mut PVOID,
562 ReturnBufferLength: PULONG,
563 ProtocolStatus: PNTSTATUS,
564 ) -> NTSTATUS}
565 FN!{stdcall PLSA_AP_LOGON_TERMINATED(
566 LogonId: PLUID,
567 ) -> ()}
568 pub const POLICY_VIEW_LOCAL_INFORMATION: ULONG = 0x00000001;
569 pub const POLICY_VIEW_AUDIT_INFORMATION: ULONG = 0x00000002;
570 pub const POLICY_GET_PRIVATE_INFORMATION: ULONG = 0x00000004;
571 pub const POLICY_TRUST_ADMIN: ULONG = 0x00000008;
572 pub const POLICY_CREATE_ACCOUNT: ULONG = 0x00000010;
573 pub const POLICY_CREATE_SECRET: ULONG = 0x00000020;
574 pub const POLICY_CREATE_PRIVILEGE: ULONG = 0x00000040;
575 pub const POLICY_SET_DEFAULT_QUOTA_LIMITS: ULONG = 0x00000080;
576 pub const POLICY_SET_AUDIT_REQUIREMENTS: ULONG = 0x00000100;
577 pub const POLICY_AUDIT_LOG_ADMIN: ULONG = 0x00000200;
578 pub const POLICY_SERVER_ADMIN: ULONG = 0x00000400;
579 pub const POLICY_LOOKUP_NAMES: ULONG = 0x00000800;
580 pub const POLICY_NOTIFICATION: ULONG = 0x00001000;
581 pub const POLICY_ALL_ACCESS: ULONG = STANDARD_RIGHTS_REQUIRED | POLICY_VIEW_LOCAL_INFORMATION
582 | POLICY_VIEW_AUDIT_INFORMATION | POLICY_GET_PRIVATE_INFORMATION | POLICY_TRUST_ADMIN
583 | POLICY_CREATE_ACCOUNT | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE
584 | POLICY_SET_DEFAULT_QUOTA_LIMITS | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN
585 | POLICY_SERVER_ADMIN | POLICY_LOOKUP_NAMES;
586 pub const POLICY_READ: ULONG = STANDARD_RIGHTS_READ | POLICY_VIEW_AUDIT_INFORMATION
587 | POLICY_GET_PRIVATE_INFORMATION;
588 pub const POLICY_WRITE: ULONG = STANDARD_RIGHTS_WRITE | POLICY_TRUST_ADMIN | POLICY_CREATE_ACCOUNT
589 | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE | POLICY_SET_DEFAULT_QUOTA_LIMITS
590 | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN | POLICY_SERVER_ADMIN;
591 pub const POLICY_EXECUTE: ULONG = STANDARD_RIGHTS_EXECUTE | POLICY_VIEW_LOCAL_INFORMATION
592 | POLICY_LOOKUP_NAMES;
593 STRUCT!{struct LSA_TRANSLATED_SID {
594 Use: SID_NAME_USE,
595 RelativeId: ULONG,
596 DomainIndex: LONG,
597 }}
598 pub type PLSA_TRANSLATED_SID = *mut LSA_TRANSLATED_SID;
599 pub type POLICY_SYSTEM_ACCESS_MODE = ULONG;
600 pub type PPOLICY_SYSTEM_ACCESS_MODE = *mut POLICY_SYSTEM_ACCESS_MODE;
601 pub const POLICY_MODE_INTERACTIVE: ULONG = SECURITY_ACCESS_INTERACTIVE_LOGON;
602 pub const POLICY_MODE_NETWORK: ULONG = SECURITY_ACCESS_NETWORK_LOGON;
603 pub const POLICY_MODE_BATCH: ULONG = SECURITY_ACCESS_BATCH_LOGON;
604 pub const POLICY_MODE_SERVICE: ULONG = SECURITY_ACCESS_SERVICE_LOGON;
605 pub const POLICY_MODE_PROXY: ULONG = SECURITY_ACCESS_PROXY_LOGON;
606 pub const POLICY_MODE_DENY_INTERACTIVE: ULONG = SECURITY_ACCESS_DENY_INTERACTIVE_LOGON;
607 pub const POLICY_MODE_DENY_NETWORK: ULONG = SECURITY_ACCESS_DENY_NETWORK_LOGON;
608 pub const POLICY_MODE_DENY_BATCH: ULONG = SECURITY_ACCESS_DENY_BATCH_LOGON;
609 pub const POLICY_MODE_DENY_SERVICE: ULONG = SECURITY_ACCESS_DENY_SERVICE_LOGON;
610 pub const POLICY_MODE_REMOTE_INTERACTIVE: ULONG = SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON;
611 pub const POLICY_MODE_DENY_REMOTE_INTERACTIVE: ULONG =
612 SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON;
613 pub const POLICY_MODE_ALL: ULONG = POLICY_MODE_INTERACTIVE | POLICY_MODE_NETWORK
614 | POLICY_MODE_BATCH | POLICY_MODE_SERVICE | POLICY_MODE_PROXY | POLICY_MODE_DENY_INTERACTIVE
615 | POLICY_MODE_DENY_NETWORK | SECURITY_ACCESS_DENY_BATCH_LOGON
616 | SECURITY_ACCESS_DENY_SERVICE_LOGON | POLICY_MODE_REMOTE_INTERACTIVE
617 | POLICY_MODE_DENY_REMOTE_INTERACTIVE ;
618 pub const POLICY_MODE_ALL_NT4: ULONG = POLICY_MODE_INTERACTIVE | POLICY_MODE_NETWORK
619 | POLICY_MODE_BATCH | POLICY_MODE_SERVICE;
620 ENUM!{enum POLICY_LSA_SERVER_ROLE {
621 PolicyServerRoleBackup = 2,
622 PolicyServerRolePrimary,
623 }}
624 pub type PPOLICY_LSA_SERVER_ROLE = *mut POLICY_LSA_SERVER_ROLE;
625 ENUM!{enum POLICY_SERVER_ENABLE_STATE {
626 PolicyServerEnabled = 2,
627 PolicyServerDisabled,
628 }}
629 pub type PPOLICY_SERVER_ENABLE_STATE = *mut POLICY_SERVER_ENABLE_STATE;
630 pub type POLICY_AUDIT_EVENT_OPTIONS = ULONG;
631 pub type PPOLICY_AUDIT_EVENT_OPTIONS = *mut POLICY_AUDIT_EVENT_OPTIONS;
632 STRUCT!{struct POLICY_PRIVILEGE_DEFINITION {
633 Name: LSA_UNICODE_STRING,
634 LocalValue: LUID,
635 }}
636 pub type PPOLICY_PRIVILEGE_DEFINITION = *mut POLICY_PRIVILEGE_DEFINITION;
637 pub const LSA_LOOKUP_ISOLATED_AS_LOCAL: ULONG = 0x80000000;
638 pub const LSA_LOOKUP_DISALLOW_CONNECTED_ACCOUNT_INTERNET_SID: ULONG = 0x80000000;
639 pub const LSA_LOOKUP_PREFER_INTERNET_NAMES: ULONG = 0x40000000;
640 ENUM!{enum POLICY_INFORMATION_CLASS {
641 PolicyAuditLogInformation = 1,
642 PolicyAuditEventsInformation,
643 PolicyPrimaryDomainInformation,
644 PolicyPdAccountInformation,
645 PolicyAccountDomainInformation,
646 PolicyLsaServerRoleInformation,
647 PolicyReplicaSourceInformation,
648 PolicyDefaultQuotaInformation,
649 PolicyModificationInformation,
650 PolicyAuditFullSetInformation,
651 PolicyAuditFullQueryInformation,
652 PolicyDnsDomainInformation,
653 PolicyDnsDomainInformationInt,
654 PolicyLocalAccountDomainInformation,
655 PolicyLastEntry,
656 }}
657 pub type PPOLICY_INFORMATION_CLASS = *mut POLICY_INFORMATION_CLASS;
658 STRUCT!{struct POLICY_AUDIT_LOG_INFO {
659 AuditLogPercentFull: ULONG,
660 MaximumLogSize: ULONG,
661 AuditRetentionPeriod: LARGE_INTEGER,
662 AuditLogFullShutdownInProgress: BOOLEAN,
663 TimeToShutdown: LARGE_INTEGER,
664 NextAuditRecordId: ULONG,
665 }}
666 pub type PPOLICY_AUDIT_LOG_INFO = *mut POLICY_AUDIT_LOG_INFO;
667 STRUCT!{struct POLICY_AUDIT_EVENTS_INFO {
668 AuditingMode: BOOLEAN,
669 EventAuditingOptions: PPOLICY_AUDIT_EVENT_OPTIONS,
670 MaximumAuditEventCount: ULONG,
671 }}
672 pub type PPOLICY_AUDIT_EVENTS_INFO = *mut POLICY_AUDIT_EVENTS_INFO;
673 STRUCT!{struct POLICY_AUDIT_SUBCATEGORIES_INFO {
674 MaximumSubCategoryCount: ULONG,
675 EventAuditingOptions: PPOLICY_AUDIT_EVENT_OPTIONS,
676 }}
677 pub type PPOLICY_AUDIT_SUBCATEGORIES_INFO = *mut POLICY_AUDIT_SUBCATEGORIES_INFO;
678 STRUCT!{struct POLICY_AUDIT_CATEGORIES_INFO {
679 MaximumCategoryCount: ULONG,
680 SubCategoriesInfo: PPOLICY_AUDIT_SUBCATEGORIES_INFO,
681 }}
682 pub type PPOLICY_AUDIT_CATEGORIES_INFO = *mut POLICY_AUDIT_CATEGORIES_INFO;
683 pub const PER_USER_POLICY_UNCHANGED: UCHAR = 0x00;
684 pub const PER_USER_AUDIT_SUCCESS_INCLUDE: UCHAR = 0x01;
685 pub const PER_USER_AUDIT_SUCCESS_EXCLUDE: UCHAR = 0x02;
686 pub const PER_USER_AUDIT_FAILURE_INCLUDE: UCHAR = 0x04;
687 pub const PER_USER_AUDIT_FAILURE_EXCLUDE: UCHAR = 0x08;
688 pub const PER_USER_AUDIT_NONE: UCHAR = 0x10;
689 pub const VALID_PER_USER_AUDIT_POLICY_FLAG: UCHAR = PER_USER_AUDIT_SUCCESS_INCLUDE
690 | PER_USER_AUDIT_SUCCESS_EXCLUDE | PER_USER_AUDIT_FAILURE_INCLUDE
691 | PER_USER_AUDIT_FAILURE_EXCLUDE | PER_USER_AUDIT_NONE;
692 STRUCT!{struct POLICY_PRIMARY_DOMAIN_INFO {
693 Name: LSA_UNICODE_STRING,
694 Sid: PSID,
695 }}
696 pub type PPOLICY_PRIMARY_DOMAIN_INFO = *mut POLICY_PRIMARY_DOMAIN_INFO;
697 STRUCT!{struct POLICY_PD_ACCOUNT_INFO {
698 Name: LSA_UNICODE_STRING,
699 }}
700 pub type PPOLICY_PD_ACCOUNT_INFO = *mut POLICY_PD_ACCOUNT_INFO;
701 STRUCT!{struct POLICY_LSA_SERVER_ROLE_INFO {
702 LsaServerRole: POLICY_LSA_SERVER_ROLE,
703 }}
704 pub type PPOLICY_LSA_SERVER_ROLE_INFO = *mut POLICY_LSA_SERVER_ROLE_INFO;
705 STRUCT!{struct POLICY_REPLICA_SOURCE_INFO {
706 ReplicaSource: LSA_UNICODE_STRING,
707 ReplicaAccountName: LSA_UNICODE_STRING,
708 }}
709 pub type PPOLICY_REPLICA_SOURCE_INFO = *mut POLICY_REPLICA_SOURCE_INFO;
710 STRUCT!{struct POLICY_DEFAULT_QUOTA_INFO {
711 QuotaLimits: QUOTA_LIMITS,
712 }}
713 pub type PPOLICY_DEFAULT_QUOTA_INFO = *mut POLICY_DEFAULT_QUOTA_INFO;
714 STRUCT!{struct POLICY_MODIFICATION_INFO {
715 ModifiedId: LARGE_INTEGER,
716 DatabaseCreationTime: LARGE_INTEGER,
717 }}
718 pub type PPOLICY_MODIFICATION_INFO = *mut POLICY_MODIFICATION_INFO;
719 STRUCT!{struct POLICY_AUDIT_FULL_SET_INFO {
720 ShutDownOnFull: BOOLEAN,
721 }}
722 pub type PPOLICY_AUDIT_FULL_SET_INFO = *mut POLICY_AUDIT_FULL_SET_INFO;
723 STRUCT!{struct POLICY_AUDIT_FULL_QUERY_INFO {
724 ShutDownOnFull: BOOLEAN,
725 LogIsFull: BOOLEAN,
726 }}
727 pub type PPOLICY_AUDIT_FULL_QUERY_INFO = *mut POLICY_AUDIT_FULL_QUERY_INFO;
728 ENUM!{enum POLICY_DOMAIN_INFORMATION_CLASS {
729 PolicyDomainEfsInformation = 2,
730 PolicyDomainKerberosTicketInformation,
731 }}
732 pub type PPOLICY_DOMAIN_INFORMATION_CLASS = *mut POLICY_DOMAIN_INFORMATION_CLASS;
733 pub const POLICY_QOS_SCHANNEL_REQUIRED: ULONG = 0x00000001;
734 pub const POLICY_QOS_OUTBOUND_INTEGRITY: ULONG = 0x00000002;
735 pub const POLICY_QOS_OUTBOUND_CONFIDENTIALITY: ULONG = 0x00000004;
736 pub const POLICY_QOS_INBOUND_INTEGRITY: ULONG = 0x00000008;
737 pub const POLICY_QOS_INBOUND_CONFIDENTIALITY: ULONG = 0x00000010;
738 pub const POLICY_QOS_ALLOW_LOCAL_ROOT_CERT_STORE: ULONG = 0x00000020;
739 pub const POLICY_QOS_RAS_SERVER_ALLOWED: ULONG = 0x00000040;
740 pub const POLICY_QOS_DHCP_SERVER_ALLOWED: ULONG = 0x00000080;
741 STRUCT!{struct POLICY_DOMAIN_EFS_INFO {
742 InfoLength: ULONG,
743 EfsBlob: PUCHAR,
744 }}
745 pub type PPOLICY_DOMAIN_EFS_INFO = *mut POLICY_DOMAIN_EFS_INFO;
746 pub const POLICY_KERBEROS_VALIDATE_CLIENT: ULONG = 0x00000080;
747 STRUCT!{struct POLICY_DOMAIN_KERBEROS_TICKET_INFO {
748 AuthenticationOptions: ULONG,
749 MaxServiceTicketAge: LARGE_INTEGER,
750 MaxTicketAge: LARGE_INTEGER,
751 MaxRenewAge: LARGE_INTEGER,
752 MaxClockSkew: LARGE_INTEGER,
753 Reserved: LARGE_INTEGER,
754 }}
755 pub type PPOLICY_DOMAIN_KERBEROS_TICKET_INFO = *mut POLICY_DOMAIN_KERBEROS_TICKET_INFO;
756 ENUM!{enum POLICY_NOTIFICATION_INFORMATION_CLASS {
757 PolicyNotifyAuditEventsInformation = 1,
758 PolicyNotifyAccountDomainInformation,
759 PolicyNotifyServerRoleInformation,
760 PolicyNotifyDnsDomainInformation,
761 PolicyNotifyDomainEfsInformation,
762 PolicyNotifyDomainKerberosTicketInformation,
763 PolicyNotifyMachineAccountPasswordInformation,
764 PolicyNotifyGlobalSaclInformation,
765 PolicyNotifyMax,
766 }}
767 pub type PPOLICY_NOTIFICATION_INFORMATION_CLASS = *mut POLICY_NOTIFICATION_INFORMATION_CLASS;
768 pub const ACCOUNT_VIEW: ULONG = 0x00000001;
769 pub const ACCOUNT_ADJUST_PRIVILEGES: ULONG = 0x00000002;
770 pub const ACCOUNT_ADJUST_QUOTAS: ULONG = 0x00000004;
771 pub const ACCOUNT_ADJUST_SYSTEM_ACCESS: ULONG = 0x00000008;
772 pub const ACCOUNT_ALL_ACCESS: ULONG = STANDARD_RIGHTS_REQUIRED | ACCOUNT_VIEW
773 | ACCOUNT_ADJUST_PRIVILEGES | ACCOUNT_ADJUST_QUOTAS | ACCOUNT_ADJUST_SYSTEM_ACCESS;
774 pub const ACCOUNT_READ: ULONG = STANDARD_RIGHTS_READ | ACCOUNT_VIEW;
775 pub const ACCOUNT_WRITE: ULONG = STANDARD_RIGHTS_WRITE | ACCOUNT_ADJUST_PRIVILEGES
776 | ACCOUNT_ADJUST_QUOTAS | ACCOUNT_ADJUST_SYSTEM_ACCESS;
777 pub const ACCOUNT_EXECUTE: ULONG = STANDARD_RIGHTS_EXECUTE;
778 DECLARE_HANDLE!{LSA_HANDLE, __LSA_HANDLE}
779 pub const TRUSTED_QUERY_DOMAIN_NAME: ULONG = 0x00000001;
780 pub const TRUSTED_QUERY_CONTROLLERS: ULONG = 0x00000002;
781 pub const TRUSTED_SET_CONTROLLERS: ULONG = 0x00000004;
782 pub const TRUSTED_QUERY_POSIX: ULONG = 0x00000008;
783 pub const TRUSTED_SET_POSIX: ULONG = 0x00000010;
784 pub const TRUSTED_SET_AUTH: ULONG = 0x00000020;
785 pub const TRUSTED_QUERY_AUTH: ULONG = 0x00000040;
786 pub const TRUSTED_ALL_ACCESS: ULONG = STANDARD_RIGHTS_REQUIRED | TRUSTED_QUERY_DOMAIN_NAME
787 | TRUSTED_QUERY_CONTROLLERS | TRUSTED_SET_CONTROLLERS | TRUSTED_QUERY_POSIX | TRUSTED_SET_POSIX
788 | TRUSTED_SET_AUTH | TRUSTED_QUERY_AUTH;
789 pub const TRUSTED_READ: ULONG = STANDARD_RIGHTS_READ | TRUSTED_QUERY_DOMAIN_NAME;
790 pub const TRUSTED_WRITE: ULONG = STANDARD_RIGHTS_WRITE | TRUSTED_SET_CONTROLLERS
791 | TRUSTED_SET_POSIX | TRUSTED_SET_AUTH;
792 pub const TRUSTED_EXECUTE: ULONG = STANDARD_RIGHTS_EXECUTE | TRUSTED_QUERY_CONTROLLERS
793 | TRUSTED_QUERY_POSIX;
794 ENUM!{enum TRUSTED_INFORMATION_CLASS {
795 TrustedDomainNameInformation = 1,
796 TrustedControllersInformation,
797 TrustedPosixOffsetInformation,
798 TrustedPasswordInformation,
799 TrustedDomainInformationBasic,
800 TrustedDomainInformationEx,
801 TrustedDomainAuthInformation,
802 TrustedDomainFullInformation,
803 TrustedDomainAuthInformationInternal,
804 TrustedDomainFullInformationInternal,
805 TrustedDomainInformationEx2Internal,
806 TrustedDomainFullInformation2Internal,
807 TrustedDomainSupportedEncryptionTypes,
808 }}
809 pub type PTRUSTED_INFORMATION_CLASS = *mut TRUSTED_INFORMATION_CLASS;
810 STRUCT!{struct TRUSTED_DOMAIN_NAME_INFO {
811 Name: LSA_UNICODE_STRING,
812 }}
813 pub type PTRUSTED_DOMAIN_NAME_INFO = *mut TRUSTED_DOMAIN_NAME_INFO;
814 STRUCT!{struct TRUSTED_CONTROLLERS_INFO {
815 Entries: ULONG,
816 Names: PLSA_UNICODE_STRING,
817 }}
818 pub type PTRUSTED_CONTROLLERS_INFO = *mut TRUSTED_CONTROLLERS_INFO;
819 STRUCT!{struct TRUSTED_POSIX_OFFSET_INFO {
820 Offset: ULONG,
821 }}
822 pub type PTRUSTED_POSIX_OFFSET_INFO = *mut TRUSTED_POSIX_OFFSET_INFO;
823 STRUCT!{struct TRUSTED_PASSWORD_INFO {
824 Password: LSA_UNICODE_STRING,
825 OldPassword: LSA_UNICODE_STRING,
826 }}
827 pub type PTRUSTED_PASSWORD_INFO = *mut TRUSTED_PASSWORD_INFO;
828 pub type TRUSTED_DOMAIN_INFORMATION_BASIC = LSA_TRUST_INFORMATION;
829 pub type PTRUSTED_DOMAIN_INFORMATION_BASIC = PLSA_TRUST_INFORMATION;
830 // NOTE: Ignoring Win XP constants
831 pub const TRUST_DIRECTION_DISABLED: ULONG = 0x00000000;
832 pub const TRUST_DIRECTION_INBOUND: ULONG = 0x00000001;
833 pub const TRUST_DIRECTION_OUTBOUND: ULONG = 0x00000002;
834 pub const TRUST_DIRECTION_BIDIRECTIONAL: ULONG = TRUST_DIRECTION_INBOUND
835 | TRUST_DIRECTION_OUTBOUND;
836 pub const TRUST_TYPE_DOWNLEVEL: ULONG = 0x00000001;
837 pub const TRUST_TYPE_UPLEVEL: ULONG = 0x00000002;
838 pub const TRUST_TYPE_MIT: ULONG = 0x00000003;
839 pub const TRUST_ATTRIBUTE_NON_TRANSITIVE: ULONG = 0x00000001;
840 pub const TRUST_ATTRIBUTE_UPLEVEL_ONLY: ULONG = 0x00000002;
841 pub const TRUST_ATTRIBUTE_QUARANTINED_DOMAIN: ULONG = 0x00000004;
842 pub const TRUST_ATTRIBUTE_FOREST_TRANSITIVE: ULONG = 0x00000008;
843 pub const TRUST_ATTRIBUTE_CROSS_ORGANIZATION: ULONG = 0x00000010;
844 pub const TRUST_ATTRIBUTE_WITHIN_FOREST: ULONG = 0x00000020;
845 pub const TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL: ULONG = 0x00000040;
846 pub const TRUST_ATTRIBUTE_TRUST_USES_RC4_ENCRYPTION: ULONG = 0x00000080;
847 pub const TRUST_ATTRIBUTE_TRUST_USES_AES_KEYS: ULONG = 0x00000100;
848 pub const TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION: ULONG = 0x00000200;
849 pub const TRUST_ATTRIBUTE_PIM_TRUST: ULONG = 0x00000400;
850 pub const TRUST_ATTRIBUTES_VALID: ULONG = 0xFF03FFFF;
851 pub const TRUST_ATTRIBUTES_USER: ULONG = 0xFF000000;
852 STRUCT!{struct TRUSTED_DOMAIN_INFORMATION_EX {
853 Name: LSA_UNICODE_STRING,
854 FlatName: LSA_UNICODE_STRING,
855 Sid: PSID,
856 TrustDirection: ULONG,
857 TrustType: ULONG,
858 TrustAttributes: ULONG,
859 }}
860 pub type PTRUSTED_DOMAIN_INFORMATION_EX = *mut TRUSTED_DOMAIN_INFORMATION_EX;
861 STRUCT!{struct TRUSTED_DOMAIN_INFORMATION_EX2 {
862 Name: LSA_UNICODE_STRING,
863 FlatName: LSA_UNICODE_STRING,
864 Sid: PSID,
865 TrustDirection: ULONG,
866 TrustType: ULONG,
867 TrustAttributes: ULONG,
868 ForestTrustLength: ULONG,
869 ForestTrustInfo: PUCHAR,
870 }}
871 pub type PTRUSTED_DOMAIN_INFORMATION_EX2 = *mut TRUSTED_DOMAIN_INFORMATION_EX2;
872 pub const TRUST_AUTH_TYPE_NONE: ULONG = 0;
873 pub const TRUST_AUTH_TYPE_NT4OWF: ULONG = 1;
874 pub const TRUST_AUTH_TYPE_CLEAR: ULONG = 2;
875 pub const TRUST_AUTH_TYPE_VERSION: ULONG = 3;
876 STRUCT!{struct LSA_AUTH_INFORMATION {
877 LastUpdateTime: LARGE_INTEGER,
878 AuthType: ULONG,
879 AuthInfoLength: ULONG,
880 AuthInfo: PUCHAR,
881 }}
882 pub type PLSA_AUTH_INFORMATION = *mut LSA_AUTH_INFORMATION;
883 STRUCT!{struct TRUSTED_DOMAIN_AUTH_INFORMATION {
884 IncomingAuthInfos: ULONG,
885 IncomingAuthenticationInformation: PLSA_AUTH_INFORMATION,
886 IncomingPreviousAuthenticationInformation: PLSA_AUTH_INFORMATION,
887 OutgoingAuthInfos: ULONG,
888 OutgoingAuthenticationInformation: PLSA_AUTH_INFORMATION,
889 OutgoingPreviousAuthenticationInformation: PLSA_AUTH_INFORMATION,
890 }}
891 pub type PTRUSTED_DOMAIN_AUTH_INFORMATION = *mut TRUSTED_DOMAIN_AUTH_INFORMATION;
892 STRUCT!{struct TRUSTED_DOMAIN_FULL_INFORMATION {
893 Information: TRUSTED_DOMAIN_INFORMATION_EX,
894 PosixOffset: TRUSTED_POSIX_OFFSET_INFO,
895 AuthInformation: TRUSTED_DOMAIN_AUTH_INFORMATION,
896 }}
897 pub type PTRUSTED_DOMAIN_FULL_INFORMATION = *mut TRUSTED_DOMAIN_FULL_INFORMATION;
898 STRUCT!{struct TRUSTED_DOMAIN_FULL_INFORMATION2 {
899 Information: TRUSTED_DOMAIN_INFORMATION_EX2,
900 PosixOffset: TRUSTED_POSIX_OFFSET_INFO,
901 AuthInformation: TRUSTED_DOMAIN_AUTH_INFORMATION,
902 }}
903 pub type PTRUSTED_DOMAIN_FULL_INFORMATION2 = *mut TRUSTED_DOMAIN_FULL_INFORMATION2;
904 STRUCT!{struct TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES {
905 SupportedEncryptionTypes: ULONG,
906 }}
907 pub type PTRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES =
908 *mut TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES;
909 ENUM!{enum LSA_FOREST_TRUST_RECORD_TYPE {
910 ForestTrustTopLevelName,
911 ForestTrustTopLevelNameEx,
912 ForestTrustDomainInfo,
913 ForestTrustRecordTypeLast = ForestTrustDomainInfo,
914 }}
915 pub const LSA_FTRECORD_DISABLED_REASONS: ULONG = 0x0000FFFF;
916 pub const LSA_TLN_DISABLED_NEW: ULONG = 0x00000001;
917 pub const LSA_TLN_DISABLED_ADMIN: ULONG = 0x00000002;
918 pub const LSA_TLN_DISABLED_CONFLICT: ULONG = 0x00000004;
919 pub const LSA_SID_DISABLED_ADMIN: ULONG = 0x00000001;
920 pub const LSA_SID_DISABLED_CONFLICT: ULONG = 0x00000002;
921 pub const LSA_NB_DISABLED_ADMIN: ULONG = 0x00000004;
922 pub const LSA_NB_DISABLED_CONFLICT: ULONG = 0x00000008;
923 STRUCT!{struct LSA_FOREST_TRUST_DOMAIN_INFO {
924 Sid: PSID,
925 DnsName: LSA_UNICODE_STRING,
926 NetbiosName: LSA_UNICODE_STRING,
927 }}
928 pub type PLSA_FOREST_TRUST_DOMAIN_INFO = *mut LSA_FOREST_TRUST_DOMAIN_INFO;
929 pub const MAX_FOREST_TRUST_BINARY_DATA_SIZE: SIZE_T = 128 * 1024;
930 STRUCT!{struct LSA_FOREST_TRUST_BINARY_DATA {
931 Length: ULONG,
932 Buffer: PUCHAR,
933 }}
934 pub type PLSA_FOREST_TRUST_BINARY_DATA = *mut LSA_FOREST_TRUST_BINARY_DATA;
935 UNION!{union LSA_FOREST_TRUST_RECORD_FORESTTRUSTDATA {
936 [u32; 5] [u64; 5],
937 TopLevelName TopLevelName_mut: LSA_UNICODE_STRING,
938 DomainInfo DomainInfo_mut: LSA_FOREST_TRUST_DOMAIN_INFO,
939 Data Data_mut: LSA_FOREST_TRUST_BINARY_DATA,
940 }}
941 STRUCT!{struct LSA_FOREST_TRUST_RECORD {
942 Flags: ULONG,
943 ForestTrustType: LSA_FOREST_TRUST_RECORD_TYPE,
944 Time: LARGE_INTEGER,
945 ForestTrustData: LSA_FOREST_TRUST_RECORD_FORESTTRUSTDATA,
946 }}
947 pub type PLSA_FOREST_TRUST_RECORD = *mut LSA_FOREST_TRUST_RECORD;
948 pub const MAX_RECORDS_IN_FOREST_TRUST_INFO: SIZE_T = 4000;
949 STRUCT!{struct LSA_FOREST_TRUST_INFORMATION {
950 RecordCount: ULONG,
951 Entries: *mut PLSA_FOREST_TRUST_RECORD,
952 }}
953 pub type PLSA_FOREST_TRUST_INFORMATION = LSA_FOREST_TRUST_INFORMATION;
954 ENUM!{enum LSA_FOREST_TRUST_COLLISION_RECORD_TYPE {
955 CollisionTdo,
956 CollisionXref,
957 CollisionOther,
958 }}
959 STRUCT!{struct LSA_FOREST_TRUST_COLLISION_RECORD {
960 Index: ULONG,
961 Type: LSA_FOREST_TRUST_COLLISION_RECORD_TYPE,
962 Flags: ULONG,
963 Name: LSA_UNICODE_STRING,
964 }}
965 pub type PLSA_FOREST_TRUST_COLLISION_RECORD = *mut LSA_FOREST_TRUST_COLLISION_RECORD;
966 STRUCT!{struct LSA_FOREST_TRUST_COLLISION_INFORMATION {
967 RecordCount: ULONG,
968 Entries: *mut PLSA_FOREST_TRUST_COLLISION_RECORD,
969 }}
970 pub type PLSA_FOREST_TRUST_COLLISION_INFORMATION = *mut LSA_FOREST_TRUST_COLLISION_INFORMATION;
971 pub const SECRET_SET_VALUE: ULONG = 0x00000001;
972 pub const SECRET_QUERY_VALUE: ULONG = 0x00000002;
973 pub const SECRET_ALL_ACCESS: ULONG = STANDARD_RIGHTS_REQUIRED | SECRET_SET_VALUE
974 | SECRET_QUERY_VALUE;
975 pub const SECRET_READ: ULONG = STANDARD_RIGHTS_READ | SECRET_QUERY_VALUE;
976 pub const SECRET_WRITE: ULONG = STANDARD_RIGHTS_WRITE | SECRET_SET_VALUE;
977 pub const SECRET_EXECUTE: ULONG = STANDARD_RIGHTS_EXECUTE;
978 pub const LSA_GLOBAL_SECRET_PREFIX: &'static str = "G$";
979 pub const LSA_GLOBAL_SECRET_PREFIX_LENGTH: SIZE_T = 2;
980 pub const LSA_LOCAL_SECRET_PREFIX: &'static str = "L$";
981 pub const LSA_LOCAL_SECRET_PREFIX_LENGTH: SIZE_T = 2;
982 pub const LSA_MACHINE_SECRET_PREFIX: &'static str = "M$";
983 pub const LSA_MACHINE_SECRET_PREFIX_LENGTH: SIZE_T = 2;
984 pub const LSA_SECRET_MAXIMUM_COUNT: SIZE_T = 0x00001000;
985 pub const LSA_SECRET_MAXIMUM_LENGTH: SIZE_T = 0x00000200;
986 DECLARE_HANDLE!{LSA_ENUMERATION_HANDLE, __LSA_ENUMERATION_HANDLE}
987 pub type PLSA_ENUMERATION_HANDLE = *mut LSA_ENUMERATION_HANDLE;
988 STRUCT!{struct LSA_ENUMERATION_INFORMATION {
989 Sid: PSID,
990 }}
991 pub type PLSA_ENUMERATION_INFORMATION = *mut LSA_ENUMERATION_INFORMATION;
992 extern "system" {
LsaFreeMemory( Buffer: PVOID, ) -> NTSTATUS993 pub fn LsaFreeMemory(
994 Buffer: PVOID,
995 ) -> NTSTATUS;
LsaClose( ObjectHandle: LSA_HANDLE, ) -> NTSTATUS996 pub fn LsaClose(
997 ObjectHandle: LSA_HANDLE,
998 ) -> NTSTATUS;
LsaDelete( ObjectHandle: LSA_HANDLE, ) -> NTSTATUS999 pub fn LsaDelete(
1000 ObjectHandle: LSA_HANDLE,
1001 ) -> NTSTATUS;
LsaQuerySecurityObject( ObjectHandle: LSA_HANDLE, SecurityInformation: SECURITY_INFORMATION, SecurityDescriptor: *mut PSECURITY_DESCRIPTOR, ) -> NTSTATUS1002 pub fn LsaQuerySecurityObject(
1003 ObjectHandle: LSA_HANDLE,
1004 SecurityInformation: SECURITY_INFORMATION,
1005 SecurityDescriptor: *mut PSECURITY_DESCRIPTOR,
1006 ) -> NTSTATUS;
LsaSetSecurityObject( ObjectHandle: LSA_HANDLE, SecurityInformation: SECURITY_INFORMATION, SecurityDescriptor: PSECURITY_DESCRIPTOR, ) -> NTSTATUS1007 pub fn LsaSetSecurityObject(
1008 ObjectHandle: LSA_HANDLE,
1009 SecurityInformation: SECURITY_INFORMATION,
1010 SecurityDescriptor: PSECURITY_DESCRIPTOR,
1011 ) -> NTSTATUS;
LsaChangePassword( ServerName: PLSA_UNICODE_STRING, DomainName: PLSA_UNICODE_STRING, AccountName: PLSA_UNICODE_STRING, OldPassword: PLSA_UNICODE_STRING, NewPassword: PLSA_UNICODE_STRING, ) -> NTSTATUS1012 pub fn LsaChangePassword(
1013 ServerName: PLSA_UNICODE_STRING,
1014 DomainName: PLSA_UNICODE_STRING,
1015 AccountName: PLSA_UNICODE_STRING,
1016 OldPassword: PLSA_UNICODE_STRING,
1017 NewPassword: PLSA_UNICODE_STRING,
1018 ) -> NTSTATUS;
1019 }
1020 STRUCT!{struct LSA_LAST_INTER_LOGON_INFO {
1021 LastSuccessfulLogon: LARGE_INTEGER,
1022 LastFailedLogon: LARGE_INTEGER,
1023 FailedAttemptCountSinceLastSuccessfulLogon: ULONG,
1024 }}
1025 pub type PLSA_LAST_INTER_LOGON_INFO = *mut LSA_LAST_INTER_LOGON_INFO;
1026 STRUCT!{struct SECURITY_LOGON_SESSION_DATA {
1027 Size: ULONG,
1028 LogonId: LUID,
1029 UserName: LSA_UNICODE_STRING,
1030 LogonDomain: LSA_UNICODE_STRING,
1031 AuthenticationPackage: LSA_UNICODE_STRING,
1032 LogonType: ULONG,
1033 Session: ULONG,
1034 Sid: PSID,
1035 LogonTime: LARGE_INTEGER,
1036 LogonServer: LSA_UNICODE_STRING,
1037 DnsDomainName: LSA_UNICODE_STRING,
1038 Upn: LSA_UNICODE_STRING,
1039 UserFlags: ULONG,
1040 LastLogonInfo: LSA_LAST_INTER_LOGON_INFO,
1041 LogonScript: LSA_UNICODE_STRING,
1042 ProfilePath: LSA_UNICODE_STRING,
1043 HomeDirectory: LSA_UNICODE_STRING,
1044 HomeDirectoryDrive: LSA_UNICODE_STRING,
1045 LogoffTime: LARGE_INTEGER,
1046 KickOffTime: LARGE_INTEGER,
1047 PasswordLastSet: LARGE_INTEGER,
1048 PasswordCanChange: LARGE_INTEGER,
1049 PasswordMustChange: LARGE_INTEGER,
1050 }}
1051 pub type PSECURITY_LOGON_SESSION_DATA = *mut SECURITY_LOGON_SESSION_DATA;
1052 extern "system" {
LsaEnumerateLogonSessions( LogonSessionCount: PULONG, LogonSessionList: *mut PLUID, ) -> NTSTATUS1053 pub fn LsaEnumerateLogonSessions(
1054 LogonSessionCount: PULONG,
1055 LogonSessionList: *mut PLUID,
1056 ) -> NTSTATUS;
LsaGetLogonSessionData( LogonId: PLUID, ppLogonSessionData: *mut PSECURITY_LOGON_SESSION_DATA, ) -> NTSTATUS1057 pub fn LsaGetLogonSessionData(
1058 LogonId: PLUID,
1059 ppLogonSessionData: *mut PSECURITY_LOGON_SESSION_DATA,
1060 ) -> NTSTATUS;
LsaOpenPolicy( SystemName: PLSA_UNICODE_STRING, ObjectAttributes: PLSA_OBJECT_ATTRIBUTES, DesiredAccess: ACCESS_MASK, PolicyHandle: PLSA_HANDLE, ) -> NTSTATUS1061 pub fn LsaOpenPolicy(
1062 SystemName: PLSA_UNICODE_STRING,
1063 ObjectAttributes: PLSA_OBJECT_ATTRIBUTES,
1064 DesiredAccess: ACCESS_MASK,
1065 PolicyHandle: PLSA_HANDLE,
1066 ) -> NTSTATUS;
LsaOpenPolicySce( SystemName: PLSA_UNICODE_STRING, ObjectAttributes: PLSA_OBJECT_ATTRIBUTES, DesiredAccess: ACCESS_MASK, PolicyHandle: PLSA_HANDLE, ) -> NTSTATUS1067 pub fn LsaOpenPolicySce(
1068 SystemName: PLSA_UNICODE_STRING,
1069 ObjectAttributes: PLSA_OBJECT_ATTRIBUTES,
1070 DesiredAccess: ACCESS_MASK,
1071 PolicyHandle: PLSA_HANDLE,
1072 ) -> NTSTATUS;
1073 }
1074 pub const MAXIMUM_CAPES_PER_CAP: SIZE_T = 0x7F;
1075 pub const CENTRAL_ACCESS_POLICY_OWNER_RIGHTS_PRESENT_FLAG: ULONG = 0x00000001;
1076 pub const CENTRAL_ACCESS_POLICY_STAGED_OWNER_RIGHTS_PRESENT_FLAG: ULONG = 0x00000100;
1077 #[inline]
STAGING_FLAG(Effective: ULONG) -> ULONG1078 pub fn STAGING_FLAG(Effective: ULONG) -> ULONG {
1079 (Effective & 0xF) << 8
1080 }
1081 pub const CENTRAL_ACCESS_POLICY_STAGED_FLAG: ULONG = 0x00010000;
1082 pub const CENTRAL_ACCESS_POLICY_VALID_FLAG_MASK: ULONG =
1083 CENTRAL_ACCESS_POLICY_OWNER_RIGHTS_PRESENT_FLAG
1084 | CENTRAL_ACCESS_POLICY_STAGED_OWNER_RIGHTS_PRESENT_FLAG | CENTRAL_ACCESS_POLICY_STAGED_FLAG;
1085 pub const LSASETCAPS_RELOAD_FLAG: ULONG = 0x00000001;
1086 pub const LSASETCAPS_VALID_FLAG_MASK: ULONG = LSASETCAPS_RELOAD_FLAG;
1087 STRUCT!{struct CENTRAL_ACCESS_POLICY_ENTRY {
1088 Name: LSA_UNICODE_STRING,
1089 Description: LSA_UNICODE_STRING,
1090 ChangeId: LSA_UNICODE_STRING,
1091 LengthAppliesTo: ULONG,
1092 AppliesTo: PUCHAR,
1093 LengthSD: ULONG,
1094 SD: PSECURITY_DESCRIPTOR,
1095 LengthStagedSD: ULONG,
1096 StagedSD: PSECURITY_DESCRIPTOR,
1097 Flags: ULONG,
1098 }}
1099 pub type PCENTRAL_ACCESS_POLICY_ENTRY = *mut CENTRAL_ACCESS_POLICY_ENTRY;
1100 pub type PCCENTRAL_ACCESS_POLICY_ENTRY = *const CENTRAL_ACCESS_POLICY_ENTRY;
1101 STRUCT!{struct CENTRAL_ACCESS_POLICY {
1102 CAPID: PSID,
1103 Name: LSA_UNICODE_STRING,
1104 Description: LSA_UNICODE_STRING,
1105 ChangeId: LSA_UNICODE_STRING,
1106 Flags: ULONG,
1107 CAPECount: ULONG,
1108 CAPEs: *mut PCENTRAL_ACCESS_POLICY_ENTRY,
1109 }}
1110 pub type PCENTRAL_ACCESS_POLICY = *mut CENTRAL_ACCESS_POLICY;
1111 pub type PCCENTRAL_ACCESS_POLICY = *const CENTRAL_ACCESS_POLICY;
1112 extern "system" {
LsaSetCAPs( CAPDNs: PLSA_UNICODE_STRING, CAPDNCount: ULONG, Flags: ULONG, ) -> NTSTATUS1113 pub fn LsaSetCAPs(
1114 CAPDNs: PLSA_UNICODE_STRING,
1115 CAPDNCount: ULONG,
1116 Flags: ULONG,
1117 ) -> NTSTATUS;
LsaGetAppliedCAPIDs( SystemName: PLSA_UNICODE_STRING, CAPIDs: *mut *mut PSID, CAPIDCount: PULONG, ) -> NTSTATUS1118 pub fn LsaGetAppliedCAPIDs(
1119 SystemName: PLSA_UNICODE_STRING,
1120 CAPIDs: *mut *mut PSID,
1121 CAPIDCount: PULONG,
1122 ) -> NTSTATUS;
LsaQueryCAPs( CAPIDs: *mut PSID, CAPIDCount: ULONG, CAPs: *mut PCENTRAL_ACCESS_POLICY, CAPCount: PULONG, ) -> NTSTATUS1123 pub fn LsaQueryCAPs(
1124 CAPIDs: *mut PSID,
1125 CAPIDCount: ULONG,
1126 CAPs: *mut PCENTRAL_ACCESS_POLICY,
1127 CAPCount: PULONG,
1128 ) -> NTSTATUS;
LsaQueryInformationPolicy( PolicyHandle: LSA_HANDLE, InformationClass: POLICY_INFORMATION_CLASS, Buffer: *mut PVOID, ) -> NTSTATUS1129 pub fn LsaQueryInformationPolicy(
1130 PolicyHandle: LSA_HANDLE,
1131 InformationClass: POLICY_INFORMATION_CLASS,
1132 Buffer: *mut PVOID,
1133 ) -> NTSTATUS;
LsaSetInformationPolicy( PolicyHandle: LSA_HANDLE, InformationClass: POLICY_INFORMATION_CLASS, Buffer: PVOID, ) -> NTSTATUS1134 pub fn LsaSetInformationPolicy(
1135 PolicyHandle: LSA_HANDLE,
1136 InformationClass: POLICY_INFORMATION_CLASS,
1137 Buffer: PVOID,
1138 ) -> NTSTATUS;
LsaQueryDomainInformationPolicy( PolicyHandle: LSA_HANDLE, InformationClass: POLICY_DOMAIN_INFORMATION_CLASS, Buffer: *mut PVOID, ) -> NTSTATUS1139 pub fn LsaQueryDomainInformationPolicy(
1140 PolicyHandle: LSA_HANDLE,
1141 InformationClass: POLICY_DOMAIN_INFORMATION_CLASS,
1142 Buffer: *mut PVOID,
1143 ) -> NTSTATUS;
LsaSetDomainInformationPolicy( PolicyHandle: LSA_HANDLE, InformationClass: POLICY_DOMAIN_INFORMATION_CLASS, Buffer: PVOID, ) -> NTSTATUS1144 pub fn LsaSetDomainInformationPolicy(
1145 PolicyHandle: LSA_HANDLE,
1146 InformationClass: POLICY_DOMAIN_INFORMATION_CLASS,
1147 Buffer: PVOID,
1148 ) -> NTSTATUS;
LsaRegisterPolicyChangeNotification( InformationClass: POLICY_NOTIFICATION_INFORMATION_CLASS, NotifcationEventHandle: HANDLE, ) -> NTSTATUS1149 pub fn LsaRegisterPolicyChangeNotification(
1150 InformationClass: POLICY_NOTIFICATION_INFORMATION_CLASS,
1151 NotifcationEventHandle: HANDLE,
1152 ) -> NTSTATUS;
LsaUnregisterPolicyChangeNotification( InformationClass: POLICY_NOTIFICATION_INFORMATION_CLASS, NotifcationEventHandle: HANDLE, ) -> NTSTATUS1153 pub fn LsaUnregisterPolicyChangeNotification(
1154 InformationClass: POLICY_NOTIFICATION_INFORMATION_CLASS,
1155 NotifcationEventHandle: HANDLE,
1156 ) -> NTSTATUS;
LsaClearAuditLog( PolicyHandle: LSA_HANDLE, ) -> NTSTATUS1157 pub fn LsaClearAuditLog(
1158 PolicyHandle: LSA_HANDLE,
1159 ) -> NTSTATUS;
LsaCreateAccount( PolicyHandle: LSA_HANDLE, AccountSid: PSID, DesiredAccess: ACCESS_MASK, AccountHandle: PLSA_HANDLE, ) -> NTSTATUS1160 pub fn LsaCreateAccount(
1161 PolicyHandle: LSA_HANDLE,
1162 AccountSid: PSID,
1163 DesiredAccess: ACCESS_MASK,
1164 AccountHandle: PLSA_HANDLE,
1165 ) -> NTSTATUS;
LsaEnumerateAccounts( PolicyHandle: LSA_HANDLE, EnumerationContext: PLSA_ENUMERATION_HANDLE, Buffer: *mut PVOID, PreferredMaximumLength: ULONG, CountReturned: PULONG, ) -> NTSTATUS1166 pub fn LsaEnumerateAccounts(
1167 PolicyHandle: LSA_HANDLE,
1168 EnumerationContext: PLSA_ENUMERATION_HANDLE,
1169 Buffer: *mut PVOID,
1170 PreferredMaximumLength: ULONG,
1171 CountReturned: PULONG,
1172 ) -> NTSTATUS;
LsaCreateTrustedDomain( PolicyHandle: LSA_HANDLE, TrustedDomainInformation: PLSA_TRUST_INFORMATION, DesiredAccess: ACCESS_MASK, TrustedDomainHandle: PLSA_HANDLE, ) -> NTSTATUS1173 pub fn LsaCreateTrustedDomain(
1174 PolicyHandle: LSA_HANDLE,
1175 TrustedDomainInformation: PLSA_TRUST_INFORMATION,
1176 DesiredAccess: ACCESS_MASK,
1177 TrustedDomainHandle: PLSA_HANDLE,
1178 ) -> NTSTATUS;
LsaEnumerateTrustedDomains( PolicyHandle: LSA_HANDLE, EnumerationContext: PLSA_ENUMERATION_HANDLE, Buffer: *mut PVOID, PreferredMaximumLength: ULONG, CountReturned: PULONG, ) -> NTSTATUS1179 pub fn LsaEnumerateTrustedDomains(
1180 PolicyHandle: LSA_HANDLE,
1181 EnumerationContext: PLSA_ENUMERATION_HANDLE,
1182 Buffer: *mut PVOID,
1183 PreferredMaximumLength: ULONG,
1184 CountReturned: PULONG,
1185 ) -> NTSTATUS;
LsaEnumeratePrivileges( PolicyHandle: LSA_HANDLE, EnumerationContext: PLSA_ENUMERATION_HANDLE, Buffer: *mut PVOID, PreferredMaximumLength: ULONG, CountReturned: PULONG, ) -> NTSTATUS1186 pub fn LsaEnumeratePrivileges(
1187 PolicyHandle: LSA_HANDLE,
1188 EnumerationContext: PLSA_ENUMERATION_HANDLE,
1189 Buffer: *mut PVOID,
1190 PreferredMaximumLength: ULONG,
1191 CountReturned: PULONG,
1192 ) -> NTSTATUS;
LsaLookupNames( PolicyHandle: LSA_HANDLE, Count: ULONG, Names: PLSA_UNICODE_STRING, ReferencedDomains: *mut PLSA_REFERENCED_DOMAIN_LIST, Sids: *mut PLSA_TRANSLATED_SID, ) -> NTSTATUS1193 pub fn LsaLookupNames(
1194 PolicyHandle: LSA_HANDLE,
1195 Count: ULONG,
1196 Names: PLSA_UNICODE_STRING,
1197 ReferencedDomains: *mut PLSA_REFERENCED_DOMAIN_LIST,
1198 Sids: *mut PLSA_TRANSLATED_SID,
1199 ) -> NTSTATUS;
LsaLookupNames2( PolicyHandle: LSA_HANDLE, Flags: ULONG, Count: ULONG, Names: PLSA_UNICODE_STRING, ReferencedDomains: *mut PLSA_REFERENCED_DOMAIN_LIST, Sids: *mut PLSA_TRANSLATED_SID2, ) -> NTSTATUS1200 pub fn LsaLookupNames2(
1201 PolicyHandle: LSA_HANDLE,
1202 Flags: ULONG,
1203 Count: ULONG,
1204 Names: PLSA_UNICODE_STRING,
1205 ReferencedDomains: *mut PLSA_REFERENCED_DOMAIN_LIST,
1206 Sids: *mut PLSA_TRANSLATED_SID2,
1207 ) -> NTSTATUS;
LsaLookupSids( PolicyHandle: LSA_HANDLE, Count: ULONG, Sids: *mut PSID, ReferencedDomains: *mut PLSA_REFERENCED_DOMAIN_LIST, Names: *mut PLSA_TRANSLATED_NAME, ) -> NTSTATUS1208 pub fn LsaLookupSids(
1209 PolicyHandle: LSA_HANDLE,
1210 Count: ULONG,
1211 Sids: *mut PSID,
1212 ReferencedDomains: *mut PLSA_REFERENCED_DOMAIN_LIST,
1213 Names: *mut PLSA_TRANSLATED_NAME,
1214 ) -> NTSTATUS;
LsaLookupSids2( PolicyHandle: LSA_HANDLE, LookupOptions: ULONG, Count: ULONG, Sids: *mut PSID, ReferencedDomains: *mut PLSA_REFERENCED_DOMAIN_LIST, Names: *mut PLSA_TRANSLATED_NAME, ) -> NTSTATUS1215 pub fn LsaLookupSids2(
1216 PolicyHandle: LSA_HANDLE,
1217 LookupOptions: ULONG,
1218 Count: ULONG,
1219 Sids: *mut PSID,
1220 ReferencedDomains: *mut PLSA_REFERENCED_DOMAIN_LIST,
1221 Names: *mut PLSA_TRANSLATED_NAME,
1222 ) -> NTSTATUS;
LsaCreateSecret( PolicyHandle: LSA_HANDLE, SecretName: PLSA_UNICODE_STRING, DesiredAccess: ACCESS_MASK, SecretHandle: PLSA_HANDLE, ) -> NTSTATUS1223 pub fn LsaCreateSecret(
1224 PolicyHandle: LSA_HANDLE,
1225 SecretName: PLSA_UNICODE_STRING,
1226 DesiredAccess: ACCESS_MASK,
1227 SecretHandle: PLSA_HANDLE,
1228 ) -> NTSTATUS;
LsaOpenAccount( PolicyHandle: LSA_HANDLE, AccountSid: PSID, DesiredAccess: ACCESS_MASK, AccountHandle: PLSA_HANDLE, ) -> NTSTATUS1229 pub fn LsaOpenAccount(
1230 PolicyHandle: LSA_HANDLE,
1231 AccountSid: PSID,
1232 DesiredAccess: ACCESS_MASK,
1233 AccountHandle: PLSA_HANDLE,
1234 ) -> NTSTATUS;
LsaEnumeratePrivilegesOfAccount( AccountHandle: LSA_HANDLE, Privileges: *mut PPRIVILEGE_SET, ) -> NTSTATUS1235 pub fn LsaEnumeratePrivilegesOfAccount(
1236 AccountHandle: LSA_HANDLE,
1237 Privileges: *mut PPRIVILEGE_SET,
1238 ) -> NTSTATUS;
LsaAddPrivilegesToAccount( AccountHandle: LSA_HANDLE, Privileges: PPRIVILEGE_SET, ) -> NTSTATUS1239 pub fn LsaAddPrivilegesToAccount(
1240 AccountHandle: LSA_HANDLE,
1241 Privileges: PPRIVILEGE_SET,
1242 ) -> NTSTATUS;
LsaRemovePrivilegesFromAccount( AccountHandle: LSA_HANDLE, AllPrivileges: BOOLEAN, Privileges: PPRIVILEGE_SET, ) -> NTSTATUS1243 pub fn LsaRemovePrivilegesFromAccount(
1244 AccountHandle: LSA_HANDLE,
1245 AllPrivileges: BOOLEAN,
1246 Privileges: PPRIVILEGE_SET,
1247 ) -> NTSTATUS;
LsaGetQuotasForAccount( AccountHandle: LSA_HANDLE, QuotaLimits: PQUOTA_LIMITS, ) -> NTSTATUS1248 pub fn LsaGetQuotasForAccount(
1249 AccountHandle: LSA_HANDLE,
1250 QuotaLimits: PQUOTA_LIMITS,
1251 ) -> NTSTATUS;
LsaSetQuotasForAccount( AccountHandle: LSA_HANDLE, QuotaLimits: PQUOTA_LIMITS, ) -> NTSTATUS1252 pub fn LsaSetQuotasForAccount(
1253 AccountHandle: LSA_HANDLE,
1254 QuotaLimits: PQUOTA_LIMITS,
1255 ) -> NTSTATUS;
LsaGetSystemAccessAccount( AccountHandle: LSA_HANDLE, SystemAccess: PULONG, ) -> NTSTATUS1256 pub fn LsaGetSystemAccessAccount(
1257 AccountHandle: LSA_HANDLE,
1258 SystemAccess: PULONG,
1259 ) -> NTSTATUS;
LsaSetSystemAccessAccount( AccountHandle: LSA_HANDLE, SystemAccess: ULONG, ) -> NTSTATUS1260 pub fn LsaSetSystemAccessAccount(
1261 AccountHandle: LSA_HANDLE,
1262 SystemAccess: ULONG,
1263 ) -> NTSTATUS;
LsaOpenTrustedDomain( PolicyHandle: LSA_HANDLE, TrustedDomainSid: PSID, DesiredAccess: ACCESS_MASK, TrustedDomainHandle: PLSA_HANDLE, ) -> NTSTATUS1264 pub fn LsaOpenTrustedDomain(
1265 PolicyHandle: LSA_HANDLE,
1266 TrustedDomainSid: PSID,
1267 DesiredAccess: ACCESS_MASK,
1268 TrustedDomainHandle: PLSA_HANDLE,
1269 ) -> NTSTATUS;
LsaQueryInfoTrustedDomain( TrustedDomainHandle: LSA_HANDLE, InformationClass: TRUSTED_INFORMATION_CLASS, Buffer: *mut PVOID, ) -> NTSTATUS1270 pub fn LsaQueryInfoTrustedDomain(
1271 TrustedDomainHandle: LSA_HANDLE,
1272 InformationClass: TRUSTED_INFORMATION_CLASS,
1273 Buffer: *mut PVOID,
1274 ) -> NTSTATUS;
LsaSetInformationTrustedDomain( TrustedDomainHandle: LSA_HANDLE, InformationClass: TRUSTED_INFORMATION_CLASS, Buffer: PVOID, ) -> NTSTATUS1275 pub fn LsaSetInformationTrustedDomain(
1276 TrustedDomainHandle: LSA_HANDLE,
1277 InformationClass: TRUSTED_INFORMATION_CLASS,
1278 Buffer: PVOID,
1279 ) -> NTSTATUS;
LsaOpenSecret( PolicyHandle: LSA_HANDLE, SecretName: PLSA_UNICODE_STRING, DesiredAccess: ACCESS_MASK, SecretHandle: PLSA_HANDLE, ) -> NTSTATUS1280 pub fn LsaOpenSecret(
1281 PolicyHandle: LSA_HANDLE,
1282 SecretName: PLSA_UNICODE_STRING,
1283 DesiredAccess: ACCESS_MASK,
1284 SecretHandle: PLSA_HANDLE,
1285 ) -> NTSTATUS;
LsaSetSecret( SecretHandle: LSA_HANDLE, CurrentValue: PLSA_UNICODE_STRING, OldValue: PLSA_UNICODE_STRING, ) -> NTSTATUS1286 pub fn LsaSetSecret(
1287 SecretHandle: LSA_HANDLE,
1288 CurrentValue: PLSA_UNICODE_STRING,
1289 OldValue: PLSA_UNICODE_STRING,
1290 ) -> NTSTATUS;
LsaQuerySecret( SecretHandle: LSA_HANDLE, CurrentValue: *mut PLSA_UNICODE_STRING, CurrentValueSetTime: PLARGE_INTEGER, OldValue: *mut PLSA_UNICODE_STRING, OldValueSetTime: PLARGE_INTEGER, ) -> NTSTATUS1291 pub fn LsaQuerySecret(
1292 SecretHandle: LSA_HANDLE,
1293 CurrentValue: *mut PLSA_UNICODE_STRING,
1294 CurrentValueSetTime: PLARGE_INTEGER,
1295 OldValue: *mut PLSA_UNICODE_STRING,
1296 OldValueSetTime: PLARGE_INTEGER,
1297 ) -> NTSTATUS;
LsaLookupPrivilegeValue( PolicyHandle: LSA_HANDLE, Name: PLSA_UNICODE_STRING, Value: PLUID, ) -> NTSTATUS1298 pub fn LsaLookupPrivilegeValue(
1299 PolicyHandle: LSA_HANDLE,
1300 Name: PLSA_UNICODE_STRING,
1301 Value: PLUID,
1302 ) -> NTSTATUS;
LsaLookupPrivilegeName( PolicyHandle: LSA_HANDLE, Value: PLUID, Name: *mut PLSA_UNICODE_STRING, ) -> NTSTATUS1303 pub fn LsaLookupPrivilegeName(
1304 PolicyHandle: LSA_HANDLE,
1305 Value: PLUID,
1306 Name: *mut PLSA_UNICODE_STRING,
1307 ) -> NTSTATUS;
LsaLookupPrivilegeDisplayName( PolicyHandle: LSA_HANDLE, Name: PLSA_UNICODE_STRING, DisplayName: *mut PLSA_UNICODE_STRING, LanguageReturned: PSHORT, ) -> NTSTATUS1308 pub fn LsaLookupPrivilegeDisplayName(
1309 PolicyHandle: LSA_HANDLE,
1310 Name: PLSA_UNICODE_STRING,
1311 DisplayName: *mut PLSA_UNICODE_STRING,
1312 LanguageReturned: PSHORT,
1313 ) -> NTSTATUS;
1314 }
1315 extern "C" {
LsaGetUserName( UserName: *mut PLSA_UNICODE_STRING, DomainName: *mut PLSA_UNICODE_STRING, ) -> NTSTATUS1316 pub fn LsaGetUserName(
1317 UserName: *mut PLSA_UNICODE_STRING,
1318 DomainName: *mut PLSA_UNICODE_STRING,
1319 ) -> NTSTATUS;
LsaGetRemoteUserName( SystemName: PLSA_UNICODE_STRING, UserName: *mut PLSA_UNICODE_STRING, DomainName: *mut PLSA_UNICODE_STRING, ) -> NTSTATUS1320 pub fn LsaGetRemoteUserName(
1321 SystemName: PLSA_UNICODE_STRING,
1322 UserName: *mut PLSA_UNICODE_STRING,
1323 DomainName: *mut PLSA_UNICODE_STRING,
1324 ) -> NTSTATUS;
1325 }
1326 pub const SE_INTERACTIVE_LOGON_NAME: &'static str = "SeInteractiveLogonRight";
1327 pub const SE_NETWORK_LOGON_NAME: &'static str = "SeNetworkLogonRight";
1328 pub const SE_BATCH_LOGON_NAME: &'static str = "SeBatchLogonRight";
1329 pub const SE_SERVICE_LOGON_NAME: &'static str = "SeServiceLogonRight";
1330 pub const SE_DENY_INTERACTIVE_LOGON_NAME: &'static str = "SeDenyInteractiveLogonRight";
1331 pub const SE_DENY_NETWORK_LOGON_NAME: &'static str = "SeDenyNetworkLogonRight";
1332 pub const SE_DENY_BATCH_LOGON_NAME: &'static str = "SeDenyBatchLogonRight";
1333 pub const SE_DENY_SERVICE_LOGON_NAME: &'static str = "SeDenyServiceLogonRight";
1334 pub const SE_REMOTE_INTERACTIVE_LOGON_NAME: &'static str = "SeRemoteInteractiveLogonRight";
1335 pub const SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME: &'static str =
1336 "SeDenyRemoteInteractiveLogonRight";
1337 extern "system" {
LsaEnumerateAccountsWithUserRight( PolictHandle: LSA_HANDLE, UserRights: PLSA_UNICODE_STRING, EnumerationBuffer: *mut PVOID, CountReturned: PULONG, ) -> NTSTATUS1338 pub fn LsaEnumerateAccountsWithUserRight(
1339 PolictHandle: LSA_HANDLE,
1340 UserRights: PLSA_UNICODE_STRING,
1341 EnumerationBuffer: *mut PVOID,
1342 CountReturned: PULONG,
1343 ) -> NTSTATUS;
LsaEnumerateAccountRights( PolicyHandle: LSA_HANDLE, AccountSid: PSID, UserRights: *mut PLSA_UNICODE_STRING, CountOfRights: PULONG, ) -> NTSTATUS1344 pub fn LsaEnumerateAccountRights(
1345 PolicyHandle: LSA_HANDLE,
1346 AccountSid: PSID,
1347 UserRights: *mut PLSA_UNICODE_STRING,
1348 CountOfRights: PULONG,
1349 ) -> NTSTATUS;
LsaAddAccountRights( PolicyHandle: LSA_HANDLE, AccountSid: PSID, UserRights: PLSA_UNICODE_STRING, CountOfRights: ULONG, ) -> NTSTATUS1350 pub fn LsaAddAccountRights(
1351 PolicyHandle: LSA_HANDLE,
1352 AccountSid: PSID,
1353 UserRights: PLSA_UNICODE_STRING,
1354 CountOfRights: ULONG,
1355 ) -> NTSTATUS;
LsaRemoveAccountRights( PolicyHandle: LSA_HANDLE, AccountSid: PSID, AllRights: BOOLEAN, UserRights: PLSA_UNICODE_STRING, CountOfRights: ULONG, ) -> NTSTATUS1356 pub fn LsaRemoveAccountRights(
1357 PolicyHandle: LSA_HANDLE,
1358 AccountSid: PSID,
1359 AllRights: BOOLEAN,
1360 UserRights: PLSA_UNICODE_STRING,
1361 CountOfRights: ULONG,
1362 ) -> NTSTATUS;
LsaOpenTrustedDomainByName( PolicyHandle: LSA_HANDLE, TrustedDomainName: PLSA_UNICODE_STRING, DesiredAccess: ACCESS_MASK, TrustedDomainHandle: PLSA_HANDLE, ) -> NTSTATUS1363 pub fn LsaOpenTrustedDomainByName(
1364 PolicyHandle: LSA_HANDLE,
1365 TrustedDomainName: PLSA_UNICODE_STRING,
1366 DesiredAccess: ACCESS_MASK,
1367 TrustedDomainHandle: PLSA_HANDLE,
1368 ) -> NTSTATUS;
LsaQueryTrustedDomainInfo( PolicyHandle: LSA_HANDLE, TrustedDomainSid: PSID, InformationClass: TRUSTED_INFORMATION_CLASS, Buffer: *mut PVOID, ) -> NTSTATUS1369 pub fn LsaQueryTrustedDomainInfo(
1370 PolicyHandle: LSA_HANDLE,
1371 TrustedDomainSid: PSID,
1372 InformationClass: TRUSTED_INFORMATION_CLASS,
1373 Buffer: *mut PVOID,
1374 ) -> NTSTATUS;
LsaSetTrustedDomainInformation( PolicyHandle: LSA_HANDLE, TrustedDomainSid: PSID, InformationClass: TRUSTED_INFORMATION_CLASS, Buffer: PVOID, ) -> NTSTATUS1375 pub fn LsaSetTrustedDomainInformation(
1376 PolicyHandle: LSA_HANDLE,
1377 TrustedDomainSid: PSID,
1378 InformationClass: TRUSTED_INFORMATION_CLASS,
1379 Buffer: PVOID,
1380 ) -> NTSTATUS;
LsaDeleteTrustedDomain( PolicyHandle: LSA_HANDLE, TrustedDomainSid: PSID, ) -> NTSTATUS1381 pub fn LsaDeleteTrustedDomain(
1382 PolicyHandle: LSA_HANDLE,
1383 TrustedDomainSid: PSID,
1384 ) -> NTSTATUS;
LsaQueryTrustedDomainInfoByName( PolicyHandle: LSA_HANDLE, TrustedDomainName: PLSA_UNICODE_STRING, InformationClass: TRUSTED_INFORMATION_CLASS, Buffer: *mut PVOID, ) -> NTSTATUS1385 pub fn LsaQueryTrustedDomainInfoByName(
1386 PolicyHandle: LSA_HANDLE,
1387 TrustedDomainName: PLSA_UNICODE_STRING,
1388 InformationClass: TRUSTED_INFORMATION_CLASS,
1389 Buffer: *mut PVOID,
1390 ) -> NTSTATUS;
LsaSetTrustedDomainInfoByName( PolicyHandle: LSA_HANDLE, TrustedDomainName: PLSA_UNICODE_STRING, InformationClass: TRUSTED_INFORMATION_CLASS, Buffer: PVOID, ) -> NTSTATUS1391 pub fn LsaSetTrustedDomainInfoByName(
1392 PolicyHandle: LSA_HANDLE,
1393 TrustedDomainName: PLSA_UNICODE_STRING,
1394 InformationClass: TRUSTED_INFORMATION_CLASS,
1395 Buffer: PVOID,
1396 ) -> NTSTATUS;
LsaEnumerateTrustedDomainsEx( PolicyHandle: LSA_HANDLE, EnumerationContext: PLSA_ENUMERATION_HANDLE, Buffer: *mut PVOID, PreferredMaximumLength: ULONG, CountReturned: PULONG, ) -> NTSTATUS1397 pub fn LsaEnumerateTrustedDomainsEx(
1398 PolicyHandle: LSA_HANDLE,
1399 EnumerationContext: PLSA_ENUMERATION_HANDLE,
1400 Buffer: *mut PVOID,
1401 PreferredMaximumLength: ULONG,
1402 CountReturned: PULONG,
1403 ) -> NTSTATUS;
LsaCreateTrustedDomainEx( PolicyHandle: LSA_HANDLE, TrustedDomainInformation: PTRUSTED_DOMAIN_INFORMATION_EX, AuthenticationInformation: PTRUSTED_DOMAIN_AUTH_INFORMATION, DesiredAccess: ACCESS_MASK, TrustedDomainHandle: PLSA_HANDLE, ) -> NTSTATUS1404 pub fn LsaCreateTrustedDomainEx(
1405 PolicyHandle: LSA_HANDLE,
1406 TrustedDomainInformation: PTRUSTED_DOMAIN_INFORMATION_EX,
1407 AuthenticationInformation: PTRUSTED_DOMAIN_AUTH_INFORMATION,
1408 DesiredAccess: ACCESS_MASK,
1409 TrustedDomainHandle: PLSA_HANDLE,
1410 ) -> NTSTATUS;
LsaQueryForestTrustInformation( PolicyHandle: LSA_HANDLE, TrustedDomainName: PLSA_UNICODE_STRING, ForestTrustInfo: *mut PLSA_FOREST_TRUST_INFORMATION, ) -> NTSTATUS1411 pub fn LsaQueryForestTrustInformation(
1412 PolicyHandle: LSA_HANDLE,
1413 TrustedDomainName: PLSA_UNICODE_STRING,
1414 ForestTrustInfo: *mut PLSA_FOREST_TRUST_INFORMATION,
1415 ) -> NTSTATUS;
LsaSetForestTrustInformation( PolicyHandle: LSA_HANDLE, TrustedDomainName: PLSA_UNICODE_STRING, ForestTrustInfo: PLSA_FOREST_TRUST_INFORMATION, CheckOnly: BOOLEAN, CollisionInfo: *mut PLSA_FOREST_TRUST_COLLISION_INFORMATION, ) -> NTSTATUS1416 pub fn LsaSetForestTrustInformation(
1417 PolicyHandle: LSA_HANDLE,
1418 TrustedDomainName: PLSA_UNICODE_STRING,
1419 ForestTrustInfo: PLSA_FOREST_TRUST_INFORMATION,
1420 CheckOnly: BOOLEAN,
1421 CollisionInfo: *mut PLSA_FOREST_TRUST_COLLISION_INFORMATION,
1422 ) -> NTSTATUS;
LsaForestTrustFindMatch( PolicyHandle: LSA_HANDLE, Type: ULONG, Name: PLSA_UNICODE_STRING, Match: *mut PLSA_UNICODE_STRING, ) -> NTSTATUS1423 pub fn LsaForestTrustFindMatch(
1424 PolicyHandle: LSA_HANDLE,
1425 Type: ULONG,
1426 Name: PLSA_UNICODE_STRING,
1427 Match: *mut PLSA_UNICODE_STRING,
1428 ) -> NTSTATUS;
LsaStorePrivateData( PolicyHandle: LSA_HANDLE, KeyName: PLSA_UNICODE_STRING, PrivateData: PLSA_UNICODE_STRING, ) -> NTSTATUS1429 pub fn LsaStorePrivateData(
1430 PolicyHandle: LSA_HANDLE,
1431 KeyName: PLSA_UNICODE_STRING,
1432 PrivateData: PLSA_UNICODE_STRING,
1433 ) -> NTSTATUS;
LsaRetrievePrivateData( PolicyHandle: LSA_HANDLE, KeyName: PLSA_UNICODE_STRING, PrivateData: *mut PLSA_UNICODE_STRING, ) -> NTSTATUS1434 pub fn LsaRetrievePrivateData(
1435 PolicyHandle: LSA_HANDLE,
1436 KeyName: PLSA_UNICODE_STRING,
1437 PrivateData: *mut PLSA_UNICODE_STRING,
1438 ) -> NTSTATUS;
LsaNtStatusToWinError( Status: NTSTATUS, ) -> ULONG1439 pub fn LsaNtStatusToWinError(
1440 Status: NTSTATUS,
1441 ) -> ULONG;
1442 }
1443 ENUM!{enum NEGOTIATE_MESSAGES {
1444 NegEnumPackagePrefixes = 0,
1445 NegGetCallerName = 1,
1446 NegTransferCredentials = 2,
1447 NegEnumPackageNames = 3,
1448 NegCallPackageMax,
1449 }}
1450 pub const NEGOTIATE_MAX_PREFIX: SIZE_T = 32;
1451 STRUCT!{struct NEGOTIATE_PACKAGE_PREFIX {
1452 PackageId: ULONG_PTR,
1453 PackageDataA: PVOID,
1454 PackageDataW: PVOID,
1455 PrefixLen: ULONG_PTR,
1456 Prefix: [UCHAR; NEGOTIATE_MAX_PREFIX],
1457 }}
1458 pub type PNEGOTIATE_PACKAGE_PREFIX = *mut NEGOTIATE_PACKAGE_PREFIX;
1459 STRUCT!{struct NEGOTIATE_PACKAGE_PREFIXES {
1460 MessageType: ULONG,
1461 PrefixCount: ULONG,
1462 Offset: ULONG,
1463 Pad: ULONG,
1464 }}
1465 pub type PNEGOTIATE_PACKAGE_PREFIXES = *mut NEGOTIATE_PACKAGE_PREFIXES;
1466 STRUCT!{struct NEGOTIATE_CALLER_NAME_REQUEST {
1467 MessageType: ULONG,
1468 LogonId: LUID,
1469 }}
1470 pub type PNEGOTIATE_CALLER_NAME_REQUEST = *mut NEGOTIATE_CALLER_NAME_REQUEST;
1471 STRUCT!{struct NEGOTIATE_CALLER_NAME_RESPONSE {
1472 Messagetype: ULONG,
1473 CallerName: PWSTR,
1474 }}
1475 pub type PNEGOTIATE_CALLER_NAME_RESPONSE = *mut NEGOTIATE_CALLER_NAME_RESPONSE;
1476 STRUCT!{struct NEGOTIATE_PACKAGE_NAMES {
1477 NamesCount: ULONG,
1478 Names: [UNICODE_STRING; ANYSIZE_ARRAY],
1479 }}
1480 pub type PNEGOTIATE_PACKAGE_NAMES = *mut NEGOTIATE_PACKAGE_NAMES;
1481 pub const NEGOTIATE_ALLOW_NTLM: ULONG = 0x10000000;
1482 pub const NEGOTIATE_NEG_NTLM: ULONG = 0x20000000;
1483 STRUCT!{struct NEGOTIATE_PACKAGE_PREFIX_WOW {
1484 PackageId: ULONG,
1485 PackageDataA: ULONG,
1486 PackageDataW: ULONG,
1487 PrefixLen: ULONG,
1488 Prefix: [UCHAR; NEGOTIATE_MAX_PREFIX],
1489 }}
1490 pub type PNEGOTIATE_PACKAGE_PREFIX_WOW = *mut NEGOTIATE_PACKAGE_PREFIX_WOW;
1491 STRUCT!{struct NEGOTIATE_CALLER_NAME_RESPONSE_WOW {
1492 MessageType: ULONG,
1493 CallerName: ULONG,
1494 }}
1495 pub type PNEGOTIATE_CALLER_NAME_RESPONSE_WOW = *mut NEGOTIATE_CALLER_NAME_RESPONSE_WOW;
1496 extern "system" {
LsaSetPolicyReplicationHandle( PolicyHandle: PLSA_HANDLE, ) -> NTSTATUS1497 pub fn LsaSetPolicyReplicationHandle(
1498 PolicyHandle: PLSA_HANDLE,
1499 ) -> NTSTATUS;
1500 }
1501 pub const MAX_USER_RECORDS: SIZE_T = 1000;
1502 STRUCT!{struct LSA_USER_REGISTRATION_INFO {
1503 Sid: LSA_UNICODE_STRING,
1504 DeviceId: LSA_UNICODE_STRING,
1505 Username: LSA_UNICODE_STRING,
1506 Thumbprint: LSA_UNICODE_STRING,
1507 RegistrationTime: LARGE_INTEGER,
1508 }}
1509 pub type PLSA_USER_REGISTRATION_INFO = *mut LSA_USER_REGISTRATION_INFO;
1510 STRUCT!{struct LSA_REGISTRATION_INFO {
1511 RegisteredCount: ULONG,
1512 UserRegistrationInfo: *mut PLSA_USER_REGISTRATION_INFO,
1513 }}
1514 pub type PLSA_REGISTRATION_INFO = *mut LSA_REGISTRATION_INFO;
1515 extern "system" {
LsaGetDeviceRegistrationInfo( RegistrationInfo: *mut PLSA_REGISTRATION_INFO, ) -> NTSTATUS1516 pub fn LsaGetDeviceRegistrationInfo(
1517 RegistrationInfo: *mut PLSA_REGISTRATION_INFO,
1518 ) -> NTSTATUS;
1519 }
1520 ENUM!{enum LSA_CREDENTIAL_KEY_SOURCE_TYPE {
1521 eFromPrecomputed = 1,
1522 eFromClearPassword,
1523 eFromNtOwf,
1524 }}
1525 pub type PLSA_CREDENTIAL_KEY_SOURCE_TYPE = *mut LSA_CREDENTIAL_KEY_SOURCE_TYPE;
1526 extern "C" {
SeciIsProtectedUser( ProtectedUser: PBOOLEAN, ) -> NTSTATUS1527 pub fn SeciIsProtectedUser(
1528 ProtectedUser: PBOOLEAN,
1529 ) -> NTSTATUS;
1530 }
1531