1 // Copyright © 2015-2017 winapi-rs developers 2 // Licensed under the Apache License, Version 2.0 3 // <LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license 4 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option. 5 // All files in the project carrying such notice may not be copied, modified, or distributed 6 // except according to those terms. 7 //! This module defines the Local Security Authority APIs. 8 9 use shared::basetsd::{ULONG64, ULONG_PTR}; 10 use shared::guiddef::GUID; 11 use shared::minwindef::{PUCHAR, UCHAR, ULONG, USHORT}; 12 use shared::ntdef::NTSTATUS; 13 use shared::sspi::SecHandle; 14 use um::lsalookup::{ 15 LSA_TRUST_INFORMATION, LSA_UNICODE_STRING, PLSA_TRUST_INFORMATION, PLSA_UNICODE_STRING 16 }; 17 use um::subauth::{PUNICODE_STRING, STRING, UNICODE_STRING}; 18 use um::winnt::{ 19 ACCESS_MASK, ANYSIZE_ARRAY, BOOLEAN, LARGE_INTEGER, LONG, LUID, PSECURITY_DESCRIPTOR, PSID, 20 PVOID, PWSTR, QUOTA_LIMITS, SHORT, SID_NAME_USE, STANDARD_RIGHTS_EXECUTE, STANDARD_RIGHTS_READ, 21 STANDARD_RIGHTS_REQUIRED, STANDARD_RIGHTS_WRITE, ULONGLONG 22 }; 23 24 DEFINE_GUID!(Audit_System_SecurityStateChange, 25 0x0cce9210, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 26 DEFINE_GUID!(Audit_System_SecuritySubsystemExtension, 27 0x0cce9211, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 28 DEFINE_GUID!(Audit_System_Integrity, 29 0x0cce9212, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 30 DEFINE_GUID!(Audit_System_IPSecDriverEvents, 31 0x0cce9213, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 32 DEFINE_GUID!(Audit_System_Others, 33 0x0cce9214, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 34 DEFINE_GUID!(Audit_Logon_Logon, 35 0x0cce9215, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 36 DEFINE_GUID!(Audit_Logon_Logoff, 37 0x0cce9216, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 38 DEFINE_GUID!(Audit_Logon_AccountLockout, 39 0x0cce9217, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 40 DEFINE_GUID!(Audit_Logon_IPSecMainMode, 41 0x0cce9218, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 42 DEFINE_GUID!(Audit_Logon_IPSecQuickMode, 43 0x0cce9219, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 44 DEFINE_GUID!(Audit_Logon_IPSecUserMode, 45 0x0cce921a, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 46 DEFINE_GUID!(Audit_Logon_SpecialLogon, 47 0x0cce921b, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 48 DEFINE_GUID!(Audit_Logon_Others, 49 0x0cce921c, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 50 DEFINE_GUID!(Audit_ObjectAccess_FileSystem, 51 0x0cce921d, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 52 DEFINE_GUID!(Audit_ObjectAccess_Registry, 53 0x0cce921e, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 54 DEFINE_GUID!(Audit_ObjectAccess_Kernel, 55 0x0cce921f, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 56 DEFINE_GUID!(Audit_ObjectAccess_Sam, 57 0x0cce9220, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 58 DEFINE_GUID!(Audit_ObjectAccess_CertificationServices, 59 0x0cce9221, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 60 DEFINE_GUID!(Audit_ObjectAccess_ApplicationGenerated, 61 0x0cce9222, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 62 DEFINE_GUID!(Audit_ObjectAccess_Handle, 63 0x0cce9223, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 64 DEFINE_GUID!(Audit_ObjectAccess_Share, 65 0x0cce9224, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 66 DEFINE_GUID!(Audit_ObjectAccess_FirewallPacketDrops, 67 0x0cce9225, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 68 DEFINE_GUID!(Audit_ObjectAccess_FirewallConnection, 69 0x0cce9226, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 70 DEFINE_GUID!(Audit_ObjectAccess_Other, 71 0x0cce9227, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 72 DEFINE_GUID!(Audit_PrivilegeUse_Sensitive, 73 0x0cce9228, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 74 DEFINE_GUID!(Audit_PrivilegeUse_NonSensitive, 75 0x0cce9229, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 76 DEFINE_GUID!(Audit_PrivilegeUse_Others, 77 0x0cce922a, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 78 DEFINE_GUID!(Audit_DetailedTracking_ProcessCreation, 79 0x0cce922b, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 80 DEFINE_GUID!(Audit_DetailedTracking_ProcessTermination, 81 0x0cce922c, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 82 DEFINE_GUID!(Audit_DetailedTracking_DpapiActivity, 83 0x0cce922d, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 84 DEFINE_GUID!(Audit_DetailedTracking_RpcCall, 85 0x0cce922e, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 86 DEFINE_GUID!(Audit_PolicyChange_AuditPolicy, 87 0x0cce922f, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 88 DEFINE_GUID!(Audit_PolicyChange_AuthenticationPolicy, 89 0x0cce9230, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 90 DEFINE_GUID!(Audit_PolicyChange_AuthorizationPolicy, 91 0x0cce9231, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 92 DEFINE_GUID!(Audit_PolicyChange_MpsscvRulePolicy, 93 0x0cce9232, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 94 DEFINE_GUID!(Audit_PolicyChange_WfpIPSecPolicy, 95 0x0cce9233, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 96 DEFINE_GUID!(Audit_PolicyChange_Others, 97 0x0cce9234, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 98 DEFINE_GUID!(Audit_AccountManagement_UserAccount, 99 0x0cce9235, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 100 DEFINE_GUID!(Audit_AccountManagement_ComputerAccount, 101 0x0cce9236, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 102 DEFINE_GUID!(Audit_AccountManagement_SecurityGroup, 103 0x0cce9237, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 104 DEFINE_GUID!(Audit_AccountManagement_DistributionGroup, 105 0x0cce9238, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 106 DEFINE_GUID!(Audit_AccountManagement_ApplicationGroup, 107 0x0cce9239, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 108 DEFINE_GUID!(Audit_AccountManagement_Others, 109 0x0cce923a, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 110 DEFINE_GUID!(Audit_DSAccess_DSAccess, 111 0x0cce923b, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 112 DEFINE_GUID!(Audit_DsAccess_AdAuditChanges, 113 0x0cce923c, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 114 DEFINE_GUID!(Audit_Ds_Replication, 115 0x0cce923d, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 116 DEFINE_GUID!(Audit_Ds_DetailedReplication, 117 0x0cce923e, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 118 DEFINE_GUID!(Audit_AccountLogon_CredentialValidation, 119 0x0cce923f, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 120 DEFINE_GUID!(Audit_AccountLogon_Kerberos, 121 0x0cce9240, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 122 DEFINE_GUID!(Audit_AccountLogon_Others, 123 0x0cce9241, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 124 DEFINE_GUID!(Audit_AccountLogon_KerbCredentialValidation, 125 0x0cce9242, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 126 DEFINE_GUID!(Audit_Logon_NPS, 127 0x0cce9243, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 128 DEFINE_GUID!(Audit_ObjectAccess_DetailedFileShare, 129 0x0cce9244, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 130 DEFINE_GUID!(Audit_ObjectAccess_RemovableStorage, 131 0x0cce9245, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 132 DEFINE_GUID!(Audit_ObjectAccess_CbacStaging, 133 0x0cce9246, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 134 DEFINE_GUID!(Audit_Logon_Claims, 135 0x0cce9247, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 136 DEFINE_GUID!(Audit_System, 137 0x69979848, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 138 DEFINE_GUID!(Audit_Logon, 139 0x69979849, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 140 DEFINE_GUID!(Audit_ObjectAccess, 141 0x6997984a, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 142 DEFINE_GUID!(Audit_PrivilegeUse, 143 0x6997984b, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 144 DEFINE_GUID!(Audit_DetailedTracking, 145 0x6997984c, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 146 DEFINE_GUID!(Audit_PolicyChange, 147 0x6997984d, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 148 DEFINE_GUID!(Audit_AccountManagement, 149 0x6997984e, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 150 DEFINE_GUID!(Audit_DirectoryServiceAccess, 151 0x6997984f, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 152 DEFINE_GUID!(Audit_AccountLogon, 153 0x69979850, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30); 154 ENUM!{enum POLICY_AUDIT_EVENT_TYPE { 155 AuditCategorySystem = 0, 156 AuditCategoryLogon, 157 AuditCategoryObjectAccess, 158 AuditCategoryPrivilegeUse, 159 AuditCategoryDetailedTracking, 160 AuditCategoryPolicyChange, 161 AuditCategoryAccountManagement, 162 AuditCategoryDirectoryServiceAccess, 163 AuditCategoryAccountLogon, 164 }} 165 pub type PPOLICY_AUDIT_EVENT_TYPE = *mut POLICY_AUDIT_EVENT_TYPE; 166 pub const POLICY_AUDIT_EVENT_UNCHANGED: POLICY_AUDIT_EVENT_OPTIONS = 0x00000000; 167 pub const POLICY_AUDIT_EVENT_SUCCESS: POLICY_AUDIT_EVENT_OPTIONS = 0x00000001; 168 pub const POLICY_AUDIT_EVENT_FAILURE: POLICY_AUDIT_EVENT_OPTIONS = 0x00000002; 169 pub const POLICY_AUDIT_EVENT_NONE: POLICY_AUDIT_EVENT_OPTIONS = 0x00000004; 170 pub const POLICY_AUDIT_EVENT_MASK: POLICY_AUDIT_EVENT_OPTIONS = POLICY_AUDIT_EVENT_SUCCESS 171 | POLICY_AUDIT_EVENT_FAILURE | POLICY_AUDIT_EVENT_UNCHANGED | POLICY_AUDIT_EVENT_NONE; 172 pub const POLICY_VIEW_LOCAL_INFORMATION: ACCESS_MASK = 0x00000001; 173 pub const POLICY_VIEW_AUDIT_INFORMATION: ACCESS_MASK = 0x00000002; 174 pub const POLICY_GET_PRIVATE_INFORMATION: ACCESS_MASK = 0x00000004; 175 pub const POLICY_TRUST_ADMIN: ACCESS_MASK = 0x00000008; 176 pub const POLICY_CREATE_ACCOUNT: ACCESS_MASK = 0x00000010; 177 pub const POLICY_CREATE_SECRET: ACCESS_MASK = 0x00000020; 178 pub const POLICY_CREATE_PRIVILEGE: ACCESS_MASK = 0x00000040; 179 pub const POLICY_SET_DEFAULT_QUOTA_LIMITS: ACCESS_MASK = 0x00000080; 180 pub const POLICY_SET_AUDIT_REQUIREMENTS: ACCESS_MASK = 0x00000100; 181 pub const POLICY_AUDIT_LOG_ADMIN: ACCESS_MASK = 0x00000200; 182 pub const POLICY_SERVER_ADMIN: ACCESS_MASK = 0x00000400; 183 pub const POLICY_LOOKUP_NAMES: ACCESS_MASK = 0x00000800; 184 pub const POLICY_NOTIFICATION: ACCESS_MASK = 0x00001000; 185 pub const POLICY_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED 186 | POLICY_VIEW_LOCAL_INFORMATION | POLICY_VIEW_AUDIT_INFORMATION 187 | POLICY_GET_PRIVATE_INFORMATION | POLICY_TRUST_ADMIN | POLICY_CREATE_ACCOUNT 188 | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE | POLICY_SET_DEFAULT_QUOTA_LIMITS 189 | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN | POLICY_SERVER_ADMIN 190 | POLICY_LOOKUP_NAMES; 191 pub const POLICY_READ: ACCESS_MASK = STANDARD_RIGHTS_READ | POLICY_VIEW_AUDIT_INFORMATION 192 | POLICY_GET_PRIVATE_INFORMATION; 193 pub const POLICY_WRITE: ACCESS_MASK = STANDARD_RIGHTS_WRITE | POLICY_TRUST_ADMIN 194 | POLICY_CREATE_ACCOUNT | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE 195 | POLICY_SET_DEFAULT_QUOTA_LIMITS | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN 196 | POLICY_SERVER_ADMIN; 197 pub const POLICY_EXECUTE: ACCESS_MASK = STANDARD_RIGHTS_EXECUTE 198 | POLICY_VIEW_LOCAL_INFORMATION | POLICY_LOOKUP_NAMES; 199 STRUCT!{struct LSA_TRANSLATED_SID { 200 Use: SID_NAME_USE, 201 RelativeId: ULONG, 202 DomainIndex: LONG, 203 }} 204 pub type PLSA_TRANSLATED_SID = *mut LSA_TRANSLATED_SID; 205 ENUM!{enum POLICY_LSA_SERVER_ROLE { 206 PolicyServerRoleBackup = 2, 207 PolicyServerRolePrimary, 208 }} 209 pub type PPOLICY_LSA_SERVER_ROLE = *mut POLICY_LSA_SERVER_ROLE; 210 pub type POLICY_AUDIT_EVENT_OPTIONS = ULONG; 211 pub type PPOLICY_AUDIT_EVENT_OPTIONS = *mut ULONG; 212 ENUM!{enum POLICY_INFORMATION_CLASS { 213 PolicyAuditLogInformation = 1, 214 PolicyAuditEventsInformation, 215 PolicyPrimaryDomainInformation, 216 PolicyPdAccountInformation, 217 PolicyAccountDomainInformation, 218 PolicyLsaServerRoleInformation, 219 PolicyReplicaSourceInformation, 220 PolicyDefaultQuotaInformation, 221 PolicyModificationInformation, 222 PolicyAuditFullSetInformation, 223 PolicyAuditFullQueryInformation, 224 PolicyDnsDomainInformation, 225 PolicyDnsDomainInformationInt, 226 PolicyLocalAccountDomainInformation, 227 PolicyLastEntry, 228 }} 229 pub type PPOLICY_INFORMATION_CLASS = *mut POLICY_INFORMATION_CLASS; 230 STRUCT!{struct POLICY_AUDIT_LOG_INFO { 231 AuditLogPercentFull: ULONG, 232 MaximumLogSize: ULONG, 233 AuditRetentionPeriod: LARGE_INTEGER, 234 AuditLogFullShutdownInProgress: BOOLEAN, 235 TimeToShutdown: LARGE_INTEGER, 236 NextAuditRecordId: ULONG, 237 }} 238 pub type PPOLICY_AUDIT_LOG_INFO = *mut POLICY_AUDIT_LOG_INFO; 239 STRUCT!{struct POLICY_AUDIT_EVENTS_INFO { 240 AuditingMode: BOOLEAN, 241 EventAuditingOptions: PPOLICY_AUDIT_EVENT_OPTIONS, 242 MaximumAuditEventCount: ULONG, 243 }} 244 pub type PPOLICY_AUDIT_EVENTS_INFO = *mut POLICY_AUDIT_EVENTS_INFO; 245 STRUCT!{struct POLICY_AUDIT_SUBCATEGORIES_INFO { 246 MaximumSubCategoryCount: ULONG, 247 EventAuditingOptions: PPOLICY_AUDIT_EVENT_OPTIONS, 248 }} 249 pub type PPOLICY_AUDIT_SUBCATEGORIES_INFO = *mut POLICY_AUDIT_SUBCATEGORIES_INFO; 250 STRUCT!{struct POLICY_AUDIT_CATEGORIES_INFO { 251 MaximumSubCategoryCount: ULONG, 252 SubCategoriesInfo: PPOLICY_AUDIT_SUBCATEGORIES_INFO, 253 }} 254 pub type PPOLICY_AUDIT_CATEGORIES_INFO = *mut POLICY_AUDIT_CATEGORIES_INFO; 255 pub const PER_USER_POLICY_UNCHANGED: ULONG = 0x00; 256 pub const PER_USER_AUDIT_SUCCESS_INCLUDE: ULONG = 0x01; 257 pub const PER_USER_AUDIT_SUCCESS_EXCLUDE: ULONG = 0x02; 258 pub const PER_USER_AUDIT_FAILURE_INCLUDE: ULONG = 0x04; 259 pub const PER_USER_AUDIT_FAILURE_EXCLUDE: ULONG = 0x08; 260 pub const PER_USER_AUDIT_NONE: ULONG = 0x10; 261 pub const VALID_PER_USER_AUDIT_POLICY_FLAG: ULONG = PER_USER_AUDIT_SUCCESS_INCLUDE 262 | PER_USER_AUDIT_SUCCESS_EXCLUDE | PER_USER_AUDIT_FAILURE_INCLUDE 263 | PER_USER_AUDIT_FAILURE_EXCLUDE | PER_USER_AUDIT_NONE; 264 STRUCT!{struct POLICY_PRIMARY_DOMAIN_INFO { 265 Name: LSA_UNICODE_STRING, 266 Sid: PSID, 267 }} 268 pub type PPOLICY_PRIMARY_DOMAIN_INFO = *mut POLICY_PRIMARY_DOMAIN_INFO; 269 STRUCT!{struct POLICY_PD_ACCOUNT_INFO { 270 Name: LSA_UNICODE_STRING, 271 }} 272 pub type PPOLICY_PD_ACCOUNT_INFO = *mut POLICY_PD_ACCOUNT_INFO; 273 STRUCT!{struct POLICY_LSA_SERVER_ROLE_INFO { 274 LsaServerRole: POLICY_LSA_SERVER_ROLE, 275 }} 276 pub type PPOLICY_LSA_SERVER_ROLE_INFO = *mut POLICY_LSA_SERVER_ROLE_INFO; 277 STRUCT!{struct POLICY_REPLICA_SOURCE_INFO { 278 ReplicaSource: LSA_UNICODE_STRING, 279 ReplicaAccountName: LSA_UNICODE_STRING, 280 }} 281 pub type PPOLICY_REPLICA_SOURCE_INFO = *mut POLICY_REPLICA_SOURCE_INFO; 282 STRUCT!{struct POLICY_DEFAULT_QUOTA_INFO { 283 QuotaLimits: QUOTA_LIMITS, 284 }} 285 pub type PPOLICY_DEFAULT_QUOTA_INFO = *mut POLICY_DEFAULT_QUOTA_INFO; 286 STRUCT!{struct POLICY_MODIFICATION_INFO { 287 ModifiedId: LARGE_INTEGER, 288 DatabaseCreationTime: LARGE_INTEGER, 289 }} 290 pub type PPOLICY_MODIFICATION_INFO = *mut POLICY_MODIFICATION_INFO; 291 STRUCT!{struct POLICY_AUDIT_FULL_SET_INFO { 292 ShutDownOnFull: BOOLEAN, 293 }} 294 pub type PPOLICY_AUDIT_FULL_SET_INFO = *mut POLICY_AUDIT_FULL_SET_INFO; 295 STRUCT!{struct POLICY_AUDIT_FULL_QUERY_INFO { 296 ShutDownOnFull: BOOLEAN, 297 LogIsFull: BOOLEAN, 298 }} 299 pub type PPOLICY_AUDIT_FULL_QUERY_INFO = *mut POLICY_AUDIT_FULL_QUERY_INFO; 300 ENUM!{enum POLICY_DOMAIN_INFORMATION_CLASS { 301 PolicyDomainEfsInformation = 2, 302 PolicyDomainKerberosTicketInformation, 303 }} 304 pub type PPOLICY_DOMAIN_INFORMATION_CLASS = *mut POLICY_DOMAIN_INFORMATION_CLASS; 305 STRUCT!{struct POLICY_DOMAIN_EFS_INFO { 306 InfoLength: ULONG, 307 EfsBlob: PUCHAR, 308 }} 309 pub type PPOLICY_DOMAIN_EFS_INFO = *mut POLICY_DOMAIN_EFS_INFO; 310 STRUCT!{struct POLICY_DOMAIN_KERBEROS_TICKET_INFO { 311 AuthenticationOptions: ULONG, 312 MaxServiceTicketAge: LARGE_INTEGER, 313 MaxTicketAge: LARGE_INTEGER, 314 MaxRenewAge: LARGE_INTEGER, 315 MaxClockSkew: LARGE_INTEGER, 316 Reserved: LARGE_INTEGER, 317 }} 318 pub type PPOLICY_DOMAIN_KERBEROS_TICKET_INFO = *mut POLICY_DOMAIN_KERBEROS_TICKET_INFO; 319 ENUM!{enum POLICY_NOTIFICATION_INFORMATION_CLASS { 320 PolicyNotifyAuditEventsInformation = 1, 321 PolicyNotifyAccountDomainInformation, 322 PolicyNotifyServerRoleInformation, 323 PolicyNotifyDnsDomainInformation, 324 PolicyNotifyDomainEfsInformation, 325 PolicyNotifyDomainKerberosTicketInformation, 326 PolicyNotifyMachineAccountPasswordInformation, 327 PolicyNotifyGlobalSaclInformation, 328 PolicyNotifyMax, 329 }} 330 pub type PPOLICY_NOTIFICATION_INFORMATION_CLASS = *mut POLICY_NOTIFICATION_INFORMATION_CLASS; 331 pub type LSA_HANDLE = PVOID; 332 pub type PLSA_HANDLE = *mut PVOID; 333 ENUM!{enum TRUSTED_INFORMATION_CLASS { 334 TrustedDomainNameInformation = 1, 335 TrustedControllersInformation, 336 TrustedPosixOffsetInformation, 337 TrustedPasswordInformation, 338 TrustedDomainInformationBasic, 339 TrustedDomainInformationEx, 340 TrustedDomainAuthInformation, 341 TrustedDomainFullInformation, 342 TrustedDomainAuthInformationInternal, 343 TrustedDomainFullInformationInternal, 344 TrustedDomainInformationEx2Internal, 345 TrustedDomainFullInformation2Internal, 346 TrustedDomainSupportedEncryptionTypes, 347 }} 348 pub type PTRUSTED_INFORMATION_CLASS = *mut TRUSTED_INFORMATION_CLASS; 349 STRUCT!{struct TRUSTED_DOMAIN_NAME_INFO { 350 Name: LSA_UNICODE_STRING, 351 }} 352 pub type PTRUSTED_DOMAIN_NAME_INFO = *mut TRUSTED_DOMAIN_NAME_INFO; 353 STRUCT!{struct TRUSTED_CONTROLLERS_INFO { 354 Entries: ULONG, 355 Names: PLSA_UNICODE_STRING, 356 }} 357 pub type PTRUSTED_CONTROLLERS_INFO = *mut TRUSTED_CONTROLLERS_INFO; 358 STRUCT!{struct TRUSTED_POSIX_OFFSET_INFO { 359 Offset: ULONG, 360 }} 361 pub type PTRUSTED_POSIX_OFFSET_INFO = *mut TRUSTED_POSIX_OFFSET_INFO; 362 STRUCT!{struct TRUSTED_PASSWORD_INFO { 363 Password: LSA_UNICODE_STRING, 364 OldPassword: LSA_UNICODE_STRING, 365 }} 366 pub type PTRUSTED_PASSWORD_INFO = *mut TRUSTED_PASSWORD_INFO; 367 pub type TRUSTED_DOMAIN_INFORMATION_BASIC = LSA_TRUST_INFORMATION; 368 pub type PTRUSTED_DOMAIN_INFORMATION_BASIC = PLSA_TRUST_INFORMATION; 369 pub const TRUST_DIRECTION_DISABLED: ULONG = 0x00000000; 370 pub const TRUST_DIRECTION_INBOUND: ULONG = 0x00000001; 371 pub const TRUST_DIRECTION_OUTBOUND: ULONG = 0x00000002; 372 pub const TRUST_DIRECTION_BIDIRECTIONAL: ULONG = TRUST_DIRECTION_INBOUND 373 | TRUST_DIRECTION_OUTBOUND; 374 pub const TRUST_TYPE_DOWNLEVEL: ULONG = 0x00000001; 375 pub const TRUST_TYPE_UPLEVEL: ULONG = 0x00000002; 376 pub const TRUST_TYPE_MIT: ULONG = 0x00000003; 377 pub const TRUST_ATTRIBUTE_NON_TRANSITIVE: ULONG = 0x00000001; 378 pub const TRUST_ATTRIBUTE_UPLEVEL_ONLY: ULONG = 0x00000002; 379 pub const TRUST_ATTRIBUTE_QUARANTINED_DOMAIN: ULONG = 0x00000004; 380 pub const TRUST_ATTRIBUTE_FOREST_TRANSITIVE: ULONG = 0x00000008; 381 pub const TRUST_ATTRIBUTE_CROSS_ORGANIZATION: ULONG = 0x00000010; 382 pub const TRUST_ATTRIBUTE_WITHIN_FOREST: ULONG = 0x00000020; 383 pub const TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL: ULONG = 0x00000040; 384 pub const TRUST_ATTRIBUTE_TRUST_USES_RC4_ENCRYPTION: ULONG = 0x00000080; 385 pub const TRUST_ATTRIBUTE_TRUST_USES_AES_KEYS: ULONG = 0x00000100; 386 pub const TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION: ULONG = 0x00000200; 387 pub const TRUST_ATTRIBUTES_VALID: ULONG = 0xFF03FFFF; 388 pub const TRUST_ATTRIBUTES_USER: ULONG = 0xFF000000; 389 STRUCT!{struct TRUSTED_DOMAIN_INFORMATION_EX { 390 Name: LSA_UNICODE_STRING, 391 FlatName: LSA_UNICODE_STRING, 392 Sid: PSID, 393 TrustDirection: ULONG, 394 TrustType: ULONG, 395 TrustAttributes: ULONG, 396 }} 397 pub type PTRUSTED_DOMAIN_INFORMATION_EX = *mut TRUSTED_DOMAIN_INFORMATION_EX; 398 STRUCT!{struct TRUSTED_DOMAIN_INFORMATION_EX2 { 399 Name: LSA_UNICODE_STRING, 400 FlatName: LSA_UNICODE_STRING, 401 Sid: PSID, 402 TrustDirection: ULONG, 403 TrustType: ULONG, 404 TrustAttributes: ULONG, 405 ForestTrustLength: ULONG, 406 ForestTrustInfo: PUCHAR, 407 }} 408 pub type PTRUSTED_DOMAIN_INFORMATION_EX2 = *mut TRUSTED_DOMAIN_INFORMATION_EX2; 409 pub const TRUST_AUTH_TYPE_NONE: ULONG = 0; 410 pub const TRUST_AUTH_TYPE_NT4OWF: ULONG = 1; 411 pub const TRUST_AUTH_TYPE_CLEAR: ULONG = 2; 412 pub const TRUST_AUTH_TYPE_VERSION: ULONG = 3; 413 STRUCT!{struct LSA_AUTH_INFORMATION { 414 LastUpdateTime: LARGE_INTEGER, 415 AuthType: ULONG, 416 AuthInfoLength: ULONG, 417 AuthInfo: PUCHAR, 418 }} 419 pub type PLSA_AUTH_INFORMATION = *mut LSA_AUTH_INFORMATION; 420 STRUCT!{struct TRUSTED_DOMAIN_AUTH_INFORMATION { 421 IncomingAuthInfos: ULONG, 422 IncomingAuthenticationInformation: PLSA_AUTH_INFORMATION, 423 IncomingPreviousAuthenticationInformation: PLSA_AUTH_INFORMATION, 424 OutgoingAuthInfos: ULONG, 425 OutgoingAuthenticationInformation: PLSA_AUTH_INFORMATION, 426 OutgoingPreviousAuthenticationInformation: PLSA_AUTH_INFORMATION, 427 }} 428 pub type PTRUSTED_DOMAIN_AUTH_INFORMATION = *mut TRUSTED_DOMAIN_AUTH_INFORMATION; 429 STRUCT!{struct TRUSTED_DOMAIN_FULL_INFORMATION { 430 Information: TRUSTED_DOMAIN_INFORMATION_EX, 431 PosixOffset: TRUSTED_POSIX_OFFSET_INFO, 432 AuthInformation: TRUSTED_DOMAIN_AUTH_INFORMATION, 433 }} 434 pub type PTRUSTED_DOMAIN_FULL_INFORMATION = *mut TRUSTED_DOMAIN_FULL_INFORMATION; 435 STRUCT!{struct TRUSTED_DOMAIN_FULL_INFORMATION2 { 436 Information: TRUSTED_DOMAIN_INFORMATION_EX2, 437 PosixOffset: TRUSTED_POSIX_OFFSET_INFO, 438 AuthInformation: TRUSTED_DOMAIN_AUTH_INFORMATION, 439 }} 440 pub type PTRUSTED_DOMAIN_FULL_INFORMATION2 = *mut TRUSTED_DOMAIN_FULL_INFORMATION2; 441 STRUCT!{struct TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES { 442 SupportedEncryptionTypes: ULONG, 443 }} 444 pub type PTRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES = 445 *mut TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES; 446 ENUM!{enum LSA_FOREST_TRUST_RECORD_TYPE { 447 ForestTrustTopLevelName, 448 ForestTrustTopLevelNameEx, 449 ForestTrustDomainInfo, 450 ForestTrustRecordTypeLast, // = ForestTrustDomainInfo, 451 }} 452 pub const LSA_FTRECORD_DISABLED_REASONS: ULONG = 0x0000FFFF; 453 pub const LSA_TLN_DISABLED_NEW: ULONG = 0x00000001; 454 pub const LSA_TLN_DISABLED_ADMIN: ULONG = 0x00000002; 455 pub const LSA_TLN_DISABLED_CONFLICT: ULONG = 0x00000004; 456 pub const LSA_SID_DISABLED_ADMIN: ULONG = 0x00000001; 457 pub const LSA_SID_DISABLED_CONFLICT: ULONG = 0x00000002; 458 pub const LSA_NB_DISABLED_ADMIN: ULONG = 0x00000004; 459 pub const LSA_NB_DISABLED_CONFLICT: ULONG = 0x00000008; 460 STRUCT!{struct LSA_FOREST_TRUST_DOMAIN_INFO { 461 Sid: PSID, 462 DnsName: LSA_UNICODE_STRING, 463 NetbiosName: LSA_UNICODE_STRING, 464 }} 465 pub type PLSA_FOREST_TRUST_DOMAIN_INFO = *mut LSA_FOREST_TRUST_DOMAIN_INFO; 466 pub const MAX_FOREST_TRUST_BINARY_DATA_SIZE: ULONG = 128 * 1024; 467 STRUCT!{struct LSA_FOREST_TRUST_BINARY_DATA { 468 Length: ULONG, 469 Buffer: PUCHAR, 470 }} 471 pub type PLSA_FOREST_TRUST_BINARY_DATA = *mut LSA_FOREST_TRUST_BINARY_DATA; 472 UNION!{union LSA_FOREST_TRUST_RECORD_ForestTrustData { 473 [usize; 5], 474 TopLevelName TopLevelName_mut: LSA_UNICODE_STRING, 475 DomainInfo DomainInfo_mut: LSA_FOREST_TRUST_DOMAIN_INFO, 476 Data Data_mut: LSA_FOREST_TRUST_BINARY_DATA, 477 }} 478 STRUCT!{struct LSA_FOREST_TRUST_RECORD { 479 Flags: ULONG, 480 ForestTrustType: LSA_FOREST_TRUST_RECORD_TYPE, 481 Time: LARGE_INTEGER, 482 ForestTrustData: LSA_FOREST_TRUST_RECORD_ForestTrustData, 483 }} 484 pub type PLSA_FOREST_TRUST_RECORD = *mut LSA_FOREST_TRUST_RECORD; 485 pub const MAX_RECORDS_IN_FOREST_TRUST_INFO: ULONG = 4000; 486 STRUCT!{struct LSA_FOREST_TRUST_INFORMATION { 487 RecordCount: ULONG, 488 Entries: *mut PLSA_FOREST_TRUST_RECORD, 489 }} 490 pub type PLSA_FOREST_TRUST_INFORMATION = *mut LSA_FOREST_TRUST_INFORMATION; 491 ENUM!{enum LSA_FOREST_TRUST_COLLISION_RECORD_TYPE { 492 CollisionTdo, 493 CollisionXref, 494 CollisionOther, 495 }} 496 STRUCT!{struct LSA_FOREST_TRUST_COLLISION_RECORD { 497 Index: ULONG, 498 Type: LSA_FOREST_TRUST_COLLISION_RECORD_TYPE, 499 Flags: ULONG, 500 Name: LSA_UNICODE_STRING, 501 }} 502 pub type PLSA_FOREST_TRUST_COLLISION_RECORD = *mut LSA_FOREST_TRUST_COLLISION_RECORD; 503 STRUCT!{struct LSA_FOREST_TRUST_COLLISION_INFORMATION { 504 RecordCount: ULONG, 505 Entries: *mut PLSA_FOREST_TRUST_COLLISION_RECORD, 506 }} 507 pub type PLSA_FOREST_TRUST_COLLISION_INFORMATION = *mut LSA_FOREST_TRUST_COLLISION_INFORMATION; 508 pub type LSA_ENUMERATION_HANDLE = ULONG; 509 pub type PLSA_ENUMERATION_HANDLE = *mut ULONG; 510 STRUCT!{struct LSA_ENUMERATION_INFORMATION { 511 Sid: PSID, 512 }} 513 pub type PLSA_ENUMERATION_INFORMATION = *mut LSA_ENUMERATION_INFORMATION; 514 STRUCT!{struct LSA_LAST_INTER_LOGON_INFO { 515 LastSuccessfulLogon: LARGE_INTEGER, 516 LastFailedLogon: LARGE_INTEGER, 517 FailedAttemptCountSinceLastSuccessfulLogon: ULONG, 518 }} 519 pub type PLSA_LAST_INTER_LOGON_INFO = *mut LSA_LAST_INTER_LOGON_INFO; 520 STRUCT!{struct SECURITY_LOGON_SESSION_DATA { 521 Size: ULONG, 522 LogonId: LUID, 523 UserName: LSA_UNICODE_STRING, 524 LogonDomain: LSA_UNICODE_STRING, 525 AuthenticationPackage: LSA_UNICODE_STRING, 526 LogonType: ULONG, 527 Session: ULONG, 528 Sid: PSID, 529 LogonTime: LARGE_INTEGER, 530 LogonServer: LSA_UNICODE_STRING, 531 DnsDomainName: LSA_UNICODE_STRING, 532 Upn: LSA_UNICODE_STRING, 533 UserFlags: ULONG, 534 LastLogonInfo: LSA_LAST_INTER_LOGON_INFO, 535 LogonScript: LSA_UNICODE_STRING, 536 ProfilePath: LSA_UNICODE_STRING, 537 HomeDirectory: LSA_UNICODE_STRING, 538 HomeDirectoryDrive: LSA_UNICODE_STRING, 539 LogoffTime: LARGE_INTEGER, 540 KickOffTime: LARGE_INTEGER, 541 PasswordLastSet: LARGE_INTEGER, 542 PasswordCanChange: LARGE_INTEGER, 543 PasswordMustChange: LARGE_INTEGER, 544 }} 545 pub type PSECURITY_LOGON_SESSION_DATA = *mut SECURITY_LOGON_SESSION_DATA; 546 pub const CENTRAL_ACCESS_POLICY_OWNER_RIGHTS_PRESENT_FLAG: ULONG = 0x00000001; 547 pub const CENTRAL_ACCESS_POLICY_STAGED_OWNER_RIGHTS_PRESENT_FLAG: ULONG = 0x00000100; 548 pub const CENTRAL_ACCESS_POLICY_STAGED_FLAG: ULONG = 0x00010000; 549 pub const CENTRAL_ACCESS_POLICY_VALID_FLAG_MASK: ULONG = 550 CENTRAL_ACCESS_POLICY_OWNER_RIGHTS_PRESENT_FLAG 551 | CENTRAL_ACCESS_POLICY_STAGED_OWNER_RIGHTS_PRESENT_FLAG 552 | CENTRAL_ACCESS_POLICY_STAGED_FLAG; 553 pub const LSASETCAPS_RELOAD_FLAG: ULONG = 0x00000001; 554 pub const LSASETCAPS_VALID_FLAG_MASK: ULONG = LSASETCAPS_RELOAD_FLAG; 555 STRUCT!{struct CENTRAL_ACCESS_POLICY_ENTRY { 556 Name: LSA_UNICODE_STRING, 557 Description: LSA_UNICODE_STRING, 558 ChangeId: LSA_UNICODE_STRING, 559 LengthAppliesTo: ULONG, 560 AppliesTo: PUCHAR, 561 LengthSD: ULONG, 562 SD: PSECURITY_DESCRIPTOR, 563 LengthStagedSD: ULONG, 564 StagedSD: PSECURITY_DESCRIPTOR, 565 Flags: ULONG, 566 }} 567 pub type PCENTRAL_ACCESS_POLICY_ENTRY = *mut CENTRAL_ACCESS_POLICY_ENTRY; 568 pub type PCCENTRAL_ACCESS_POLICY_ENTRY = *const CENTRAL_ACCESS_POLICY_ENTRY; 569 STRUCT!{struct CENTRAL_ACCESS_POLICY { 570 CAPID: PSID, 571 Name: LSA_UNICODE_STRING, 572 Description: LSA_UNICODE_STRING, 573 ChangeId: LSA_UNICODE_STRING, 574 Flags: ULONG, 575 CAPECount: ULONG, 576 CAPEs: *mut PCENTRAL_ACCESS_POLICY_ENTRY, 577 }} 578 pub type PCENTRAL_ACCESS_POLICY = *mut CENTRAL_ACCESS_POLICY; 579 pub type PCCENTRAL_ACCESS_POLICY = *const CENTRAL_ACCESS_POLICY; 580 ENUM!{enum NEGOTIATE_MESSAGES { 581 NegEnumPackagePrefixes = 0, 582 NegGetCallerName = 1, 583 NegTransferCredentials = 2, 584 NegCallPackageMax, 585 }} 586 pub const NEGOTIATE_MAX_PREFIX: usize = 32; 587 STRUCT!{struct NEGOTIATE_PACKAGE_PREFIX { 588 PackageId: ULONG_PTR, 589 PackageDataA: PVOID, 590 PackageDataW: PVOID, 591 PrefixLen: ULONG_PTR, 592 Prefix: [UCHAR; NEGOTIATE_MAX_PREFIX], 593 }} 594 pub type PNEGOTIATE_PACKAGE_PREFIX = *mut NEGOTIATE_PACKAGE_PREFIX; 595 STRUCT!{struct NEGOTIATE_PACKAGE_PREFIXES { 596 MessageType: ULONG, 597 PrefixCount: ULONG, 598 Offset: ULONG, 599 Pad: ULONG, 600 }} 601 pub type PNEGOTIATE_PACKAGE_PREFIXES = *mut NEGOTIATE_PACKAGE_PREFIXES; 602 STRUCT!{struct NEGOTIATE_CALLER_NAME_REQUEST { 603 MessageType: ULONG, 604 LogonId: LUID, 605 }} 606 pub type PNEGOTIATE_CALLER_NAME_REQUEST = *mut NEGOTIATE_CALLER_NAME_REQUEST; 607 STRUCT!{struct NEGOTIATE_CALLER_NAME_RESPONSE { 608 MessageType: ULONG, 609 CallerName: PWSTR, 610 }} 611 pub type PNEGOTIATE_CALLER_NAME_RESPONSE = *mut NEGOTIATE_CALLER_NAME_RESPONSE; 612 STRUCT!{struct DOMAIN_PASSWORD_INFORMATION { 613 MinPasswordLength: USHORT, 614 PasswordHistoryLength: USHORT, 615 PasswordProperties: ULONG, 616 MaxPasswordAge: LARGE_INTEGER, 617 MinPasswordAge: LARGE_INTEGER, 618 }} 619 pub type PDOMAIN_PASSWORD_INFORMATION = *mut DOMAIN_PASSWORD_INFORMATION; 620 pub const DOMAIN_PASSWORD_COMPLEX: ULONG = 0x00000001; 621 pub const DOMAIN_PASSWORD_NO_ANON_CHANGE: ULONG = 0x00000002; 622 pub const DOMAIN_PASSWORD_NO_CLEAR_CHANGE: ULONG = 0x00000004; 623 pub const DOMAIN_LOCKOUT_ADMINS: ULONG = 0x00000008; 624 pub const DOMAIN_PASSWORD_STORE_CLEARTEXT: ULONG = 0x00000010; 625 pub const DOMAIN_REFUSE_PASSWORD_CHANGE: ULONG = 0x00000020; 626 pub const DOMAIN_NO_LM_OWF_CHANGE: ULONG = 0x00000040; 627 FN!{stdcall PSAM_PASSWORD_NOTIFICATION_ROUTINE( 628 UserName: PUNICODE_STRING, 629 RelativeId: ULONG, 630 NewPassword: PUNICODE_STRING, 631 ) -> NTSTATUS} 632 FN!{stdcall PSAM_INIT_NOTIFICATION_ROUTINE() -> BOOLEAN} 633 FN!{stdcall PSAM_PASSWORD_FILTER_ROUTINE( 634 AccountName: PUNICODE_STRING, 635 FullName: PUNICODE_STRING, 636 Password: PUNICODE_STRING, 637 SetOperation: BOOLEAN, 638 ) -> BOOLEAN} 639 ENUM!{enum MSV1_0_LOGON_SUBMIT_TYPE { 640 MsV1_0InteractiveLogon = 2, 641 MsV1_0Lm20Logon, 642 MsV1_0NetworkLogon, 643 MsV1_0SubAuthLogon, 644 MsV1_0WorkstationUnlockLogon = 7, 645 MsV1_0S4ULogon = 12, 646 MsV1_0VirtualLogon = 82, 647 MsV1_0NoElevationLogon = 83, 648 MsV1_0LuidLogon = 84, 649 }} 650 pub type PMSV1_0_LOGON_SUBMIT_TYPE = *mut MSV1_0_LOGON_SUBMIT_TYPE; 651 ENUM!{enum MSV1_0_PROFILE_BUFFER_TYPE { 652 MsV1_0InteractiveProfile = 2, 653 MsV1_0Lm20LogonProfile, 654 MsV1_0SmartCardProfile, 655 }} 656 pub type PMSV1_0_PROFILE_BUFFER_TYPE = *mut MSV1_0_PROFILE_BUFFER_TYPE; 657 STRUCT!{struct MSV1_0_INTERACTIVE_LOGON { 658 MessageType: MSV1_0_LOGON_SUBMIT_TYPE, 659 LogonDomainName: UNICODE_STRING, 660 UserName: UNICODE_STRING, 661 Password: UNICODE_STRING, 662 }} 663 pub type PMSV1_0_INTERACTIVE_LOGON = *mut MSV1_0_INTERACTIVE_LOGON; 664 STRUCT!{struct MSV1_0_INTERACTIVE_PROFILE { 665 MessageType: MSV1_0_PROFILE_BUFFER_TYPE, 666 LogonCount: USHORT, 667 BadPasswordCount: USHORT, 668 LogonTime: LARGE_INTEGER, 669 LogoffTime: LARGE_INTEGER, 670 KickOffTime: LARGE_INTEGER, 671 PasswordLastSet: LARGE_INTEGER, 672 PasswordCanChange: LARGE_INTEGER, 673 PasswordMustChange: LARGE_INTEGER, 674 LogonScript: UNICODE_STRING, 675 HomeDirectory: UNICODE_STRING, 676 FullName: UNICODE_STRING, 677 ProfilePath: UNICODE_STRING, 678 HomeDirectoryDrive: UNICODE_STRING, 679 LogonServer: UNICODE_STRING, 680 UserFlags: ULONG, 681 }} 682 pub type PMSV1_0_INTERACTIVE_PROFILE = *mut MSV1_0_INTERACTIVE_PROFILE; 683 pub const MSV1_0_CHALLENGE_LENGTH: usize = 8; 684 pub const MSV1_0_USER_SESSION_KEY_LENGTH: usize = 16; 685 pub const MSV1_0_LANMAN_SESSION_KEY_LENGTH: usize = 8; 686 pub const MSV1_0_CLEARTEXT_PASSWORD_ALLOWED: ULONG = 0x02; 687 pub const MSV1_0_UPDATE_LOGON_STATISTICS: ULONG = 0x04; 688 pub const MSV1_0_RETURN_USER_PARAMETERS: ULONG = 0x08; 689 pub const MSV1_0_DONT_TRY_GUEST_ACCOUNT: ULONG = 0x10; 690 pub const MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT: ULONG = 0x20; 691 pub const MSV1_0_RETURN_PASSWORD_EXPIRY: ULONG = 0x40; 692 pub const MSV1_0_USE_CLIENT_CHALLENGE: ULONG = 0x80; 693 pub const MSV1_0_TRY_GUEST_ACCOUNT_ONLY: ULONG = 0x100; 694 pub const MSV1_0_RETURN_PROFILE_PATH: ULONG = 0x200; 695 pub const MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY: ULONG = 0x400; 696 pub const MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT: ULONG = 0x800; 697 pub const MSV1_0_DISABLE_PERSONAL_FALLBACK: ULONG = 0x00001000; 698 pub const MSV1_0_ALLOW_FORCE_GUEST: ULONG = 0x00002000; 699 pub const MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED: ULONG = 0x00004000; 700 pub const MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY: ULONG = 0x00008000; 701 pub const MSV1_0_SUBAUTHENTICATION_DLL_EX: ULONG = 0x00100000; 702 pub const MSV1_0_ALLOW_MSVCHAPV2: ULONG = 0x00010000; 703 pub const MSV1_0_S4U2SELF: ULONG = 0x00020000; 704 pub const MSV1_0_CHECK_LOGONHOURS_FOR_S4U: ULONG = 0x00040000; 705 pub const MSV1_0_INTERNET_DOMAIN: ULONG = 0x00080000; 706 pub const MSV1_0_SUBAUTHENTICATION_DLL: ULONG = 0xFF000000; 707 pub const MSV1_0_SUBAUTHENTICATION_DLL_SHIFT: ULONG = 24; 708 pub const MSV1_0_MNS_LOGON: ULONG = 0x01000000; 709 pub const MSV1_0_SUBAUTHENTICATION_DLL_RAS: ULONG = 2; 710 pub const MSV1_0_SUBAUTHENTICATION_DLL_IIS: ULONG = 132; 711 STRUCT!{struct MSV1_0_LM20_LOGON { 712 MessageType: MSV1_0_LOGON_SUBMIT_TYPE, 713 LogonDomainName: UNICODE_STRING, 714 UserName: UNICODE_STRING, 715 Workstation: UNICODE_STRING, 716 ChallengeToClient: [UCHAR; MSV1_0_CHALLENGE_LENGTH], 717 CaseSensitiveChallengeResponse: STRING, 718 CaseInsensitiveChallengeResponse: STRING, 719 ParameterControl: ULONG, 720 }} 721 pub type PMSV1_0_LM20_LOGON = *mut MSV1_0_LM20_LOGON; 722 STRUCT!{struct MSV1_0_SUBAUTH_LOGON { 723 MessageType: MSV1_0_LOGON_SUBMIT_TYPE, 724 LogonDomainName: UNICODE_STRING, 725 UserName: UNICODE_STRING, 726 Workstation: UNICODE_STRING, 727 ChallengeToClient: [UCHAR; MSV1_0_CHALLENGE_LENGTH], 728 AuthenticationInfo1: STRING, 729 AuthenticationInfo2: STRING, 730 ParameterControl: ULONG, 731 SubAuthPackageId: ULONG, 732 }} 733 pub type PMSV1_0_SUBAUTH_LOGON = *mut MSV1_0_SUBAUTH_LOGON; 734 STRUCT!{struct MSV1_0_S4U_LOGON { 735 MessageType: MSV1_0_LOGON_SUBMIT_TYPE, 736 MSV1_0_LOGON_SUBMIT_TYPE: ULONG, 737 UserPrincipalName: UNICODE_STRING, 738 DomainName: UNICODE_STRING, 739 }} 740 pub type PMSV1_0_S4U_LOGON = *mut MSV1_0_S4U_LOGON; 741 pub const LOGON_GUEST: ULONG = 0x01; 742 pub const LOGON_NOENCRYPTION: ULONG = 0x02; 743 pub const LOGON_CACHED_ACCOUNT: ULONG = 0x04; 744 pub const LOGON_USED_LM_PASSWORD: ULONG = 0x08; 745 pub const LOGON_EXTRA_SIDS: ULONG = 0x20; 746 pub const LOGON_SUBAUTH_SESSION_KEY: ULONG = 0x40; 747 pub const LOGON_SERVER_TRUST_ACCOUNT: ULONG = 0x80; 748 pub const LOGON_NTLMV2_ENABLED: ULONG = 0x100; 749 pub const LOGON_RESOURCE_GROUPS: ULONG = 0x200; 750 pub const LOGON_PROFILE_PATH_RETURNED: ULONG = 0x400; 751 pub const LOGON_NT_V2: ULONG = 0x800; 752 pub const LOGON_LM_V2: ULONG = 0x1000; 753 pub const LOGON_NTLM_V2: ULONG = 0x2000; 754 pub const LOGON_OPTIMIZED: ULONG = 0x4000; 755 pub const LOGON_WINLOGON: ULONG = 0x8000; 756 pub const LOGON_PKINIT: ULONG = 0x10000; 757 pub const LOGON_NO_OPTIMIZED: ULONG = 0x20000; 758 pub const LOGON_NO_ELEVATION: ULONG = 0x40000; 759 pub const LOGON_MANAGED_SERVICE: ULONG = 0x80000; 760 pub const LOGON_GRACE_LOGON: ULONG = 0x01000000; 761 STRUCT!{struct MSV1_0_LM20_LOGON_PROFILE { 762 MessageType: MSV1_0_PROFILE_BUFFER_TYPE, 763 KickOffTime: LARGE_INTEGER, 764 LogoffTime: LARGE_INTEGER, 765 UserFlags: ULONG, 766 UserSessionKey: [UCHAR; MSV1_0_USER_SESSION_KEY_LENGTH], 767 LogonDomainName: UNICODE_STRING, 768 LanmanSessionKey: [UCHAR; MSV1_0_LANMAN_SESSION_KEY_LENGTH], 769 LogonServer: UNICODE_STRING, 770 UserParameters: UNICODE_STRING, 771 }} 772 pub type PMSV1_0_LM20_LOGON_PROFILE = *mut MSV1_0_LM20_LOGON_PROFILE; 773 pub const MSV1_0_OWF_PASSWORD_LENGTH: usize = 16; 774 STRUCT!{struct MSV1_0_SUPPLEMENTAL_CREDENTIAL { 775 Version: ULONG, 776 Flags: ULONG, 777 LmPassword: [UCHAR; MSV1_0_OWF_PASSWORD_LENGTH], 778 NtPassword: [UCHAR; MSV1_0_OWF_PASSWORD_LENGTH], 779 }} 780 pub type PMSV1_0_SUPPLEMENTAL_CREDENTIAL = *mut MSV1_0_SUPPLEMENTAL_CREDENTIAL; 781 pub const MSV1_0_NTLM3_RESPONSE_LENGTH: usize = 16; 782 pub const MSV1_0_NTLM3_OWF_LENGTH: usize = 16; 783 STRUCT!{struct MSV1_0_NTLM3_RESPONSE { 784 Response: [UCHAR; MSV1_0_NTLM3_RESPONSE_LENGTH], 785 RespType: UCHAR, 786 HiRespType: UCHAR, 787 Flags: USHORT, 788 MsgWord: ULONG, 789 TimeStamp: ULONGLONG, 790 ChallengeFromClient: [UCHAR; MSV1_0_CHALLENGE_LENGTH], 791 AvPairsOff: ULONG, 792 Buffer: [UCHAR; 1], 793 }} 794 pub type PMSV1_0_NTLM3_RESPONSE = *mut MSV1_0_NTLM3_RESPONSE; 795 ENUM!{enum MSV1_0_AVID { 796 MsvAvEOL, 797 MsvAvNbComputerName, 798 MsvAvNbDomainName, 799 MsvAvDnsComputerName, 800 MsvAvDnsDomainName, 801 MsvAvDnsTreeName, 802 MsvAvFlags, 803 MsvAvTimestamp, 804 MsvAvRestrictions, 805 MsvAvTargetName, 806 MsvAvChannelBindings, 807 }} 808 STRUCT!{struct MSV1_0_AV_PAIR { 809 AvId: USHORT, 810 AvLen: USHORT, 811 }} 812 pub type PMSV1_0_AV_PAIR = *mut MSV1_0_AV_PAIR; 813 ENUM!{enum MSV1_0_PROTOCOL_MESSAGE_TYPE { 814 MsV1_0Lm20ChallengeRequest = 0, 815 MsV1_0Lm20GetChallengeResponse, 816 MsV1_0EnumerateUsers, 817 MsV1_0GetUserInfo, 818 MsV1_0ReLogonUsers, 819 MsV1_0ChangePassword, 820 MsV1_0ChangeCachedPassword, 821 MsV1_0GenericPassthrough, 822 MsV1_0CacheLogon, 823 MsV1_0SubAuth, 824 MsV1_0DeriveCredential, 825 MsV1_0CacheLookup, 826 MsV1_0SetProcessOption, 827 MsV1_0ConfigLocalAliases, 828 MsV1_0ClearCachedCredentials, 829 MsV1_0LookupToken, 830 MsV1_0ValidateAuth, 831 MsV1_0CacheLookupEx, 832 MsV1_0GetCredentialKey, 833 MsV1_0SetThreadOption, 834 }} 835 pub type PMSV1_0_PROTOCOL_MESSAGE_TYPE = *mut MSV1_0_PROTOCOL_MESSAGE_TYPE; 836 STRUCT!{struct MSV1_0_CHANGEPASSWORD_REQUEST { 837 MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE, 838 DomainName: UNICODE_STRING, 839 AccountName: UNICODE_STRING, 840 OldPassword: UNICODE_STRING, 841 NewPassword: UNICODE_STRING, 842 Impersonating: BOOLEAN, 843 }} 844 pub type PMSV1_0_CHANGEPASSWORD_REQUEST = *mut MSV1_0_CHANGEPASSWORD_REQUEST; 845 STRUCT!{struct MSV1_0_CHANGEPASSWORD_RESPONSE { 846 MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE, 847 PasswordInfoValid: BOOLEAN, 848 DomainPasswordInfo: DOMAIN_PASSWORD_INFORMATION, 849 }} 850 pub type PMSV1_0_CHANGEPASSWORD_RESPONSE = *mut MSV1_0_CHANGEPASSWORD_RESPONSE; 851 STRUCT!{struct MSV1_0_PASSTHROUGH_REQUEST { 852 MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE, 853 DomainName: UNICODE_STRING, 854 PackageName: UNICODE_STRING, 855 DataLength: ULONG, 856 LogonData: PUCHAR, 857 Pad: ULONG, 858 }} 859 pub type PMSV1_0_PASSTHROUGH_REQUEST = *mut MSV1_0_PASSTHROUGH_REQUEST; 860 STRUCT!{struct MSV1_0_PASSTHROUGH_RESPONSE { 861 MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE, 862 Pad: ULONG, 863 DataLength: ULONG, 864 ValidationData: PUCHAR, 865 }} 866 pub type PMSV1_0_PASSTHROUGH_RESPONSE = *mut MSV1_0_PASSTHROUGH_RESPONSE; 867 STRUCT!{struct MSV1_0_SUBAUTH_REQUEST { 868 MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE, 869 SubAuthPackageId: ULONG, 870 SubAuthInfoLength: ULONG, 871 SubAuthSubmitBuffer: PUCHAR, 872 }} 873 pub type PMSV1_0_SUBAUTH_REQUEST = *mut MSV1_0_SUBAUTH_REQUEST; 874 STRUCT!{struct MSV1_0_SUBAUTH_RESPONSE { 875 MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE, 876 SubAuthInfoLength: ULONG, 877 SubAuthReturnBuffer: PUCHAR, 878 }} 879 pub type PMSV1_0_SUBAUTH_RESPONSE = *mut MSV1_0_SUBAUTH_RESPONSE; 880 pub use self::SystemFunction036 as RtlGenRandom; 881 pub use self::SystemFunction040 as RtlEncryptMemory; 882 pub use self::SystemFunction041 as RtlDecryptMemory; 883 extern "system" { SystemFunction036( RandomBuffer: PVOID, RandomBufferLength: ULONG, ) -> BOOLEAN884 pub fn SystemFunction036( 885 RandomBuffer: PVOID, 886 RandomBufferLength: ULONG, 887 ) -> BOOLEAN; 888 } 889 pub const RTL_ENCRYPT_MEMORY_SIZE: ULONG = 8; 890 pub const RTL_ENCRYPT_OPTION_CROSS_PROCESS: ULONG = 0x01; 891 pub const RTL_ENCRYPT_OPTION_SAME_LOGON: ULONG = 0x02; 892 extern "system" { SystemFunction040( Memory: PVOID, MemorySize: ULONG, OptionFlags: ULONG, ) -> NTSTATUS893 pub fn SystemFunction040( 894 Memory: PVOID, 895 MemorySize: ULONG, 896 OptionFlags: ULONG, 897 ) -> NTSTATUS; SystemFunction041( Memory: PVOID, MemorySize: ULONG, OptionFlags: ULONG, ) -> NTSTATUS898 pub fn SystemFunction041( 899 Memory: PVOID, 900 MemorySize: ULONG, 901 OptionFlags: ULONG, 902 ) -> NTSTATUS; 903 } 904 pub const KERBEROS_VERSION: ULONG = 5; 905 pub const KERBEROS_REVISION: ULONG = 6; 906 pub const KERB_ETYPE_NULL: LONG = 0; 907 pub const KERB_ETYPE_DES_CBC_CRC: LONG = 1; 908 pub const KERB_ETYPE_DES_CBC_MD4: LONG = 2; 909 pub const KERB_ETYPE_DES_CBC_MD5: LONG = 3; 910 pub const KERB_ETYPE_AES128_CTS_HMAC_SHA1_96: LONG = 17; 911 pub const KERB_ETYPE_AES256_CTS_HMAC_SHA1_96: LONG = 18; 912 pub const KERB_ETYPE_RC4_MD4: LONG = -128; 913 pub const KERB_ETYPE_RC4_PLAIN2: LONG = -129; 914 pub const KERB_ETYPE_RC4_LM: LONG = -130; 915 pub const KERB_ETYPE_RC4_SHA: LONG = -131; 916 pub const KERB_ETYPE_DES_PLAIN: LONG = -132; 917 pub const KERB_ETYPE_RC4_HMAC_OLD: LONG = -133; 918 pub const KERB_ETYPE_RC4_PLAIN_OLD: LONG = -134; 919 pub const KERB_ETYPE_RC4_HMAC_OLD_EXP: LONG = -135; 920 pub const KERB_ETYPE_RC4_PLAIN_OLD_EXP: LONG = -136; 921 pub const KERB_ETYPE_RC4_PLAIN: LONG = -140; 922 pub const KERB_ETYPE_RC4_PLAIN_EXP: LONG = -141; 923 pub const KERB_ETYPE_AES128_CTS_HMAC_SHA1_96_PLAIN: LONG = -148; 924 pub const KERB_ETYPE_AES256_CTS_HMAC_SHA1_96_PLAIN: LONG = -149; 925 pub const KERB_ETYPE_DSA_SHA1_CMS: LONG = 9; 926 pub const KERB_ETYPE_RSA_MD5_CMS: LONG = 10; 927 pub const KERB_ETYPE_RSA_SHA1_CMS: LONG = 11; 928 pub const KERB_ETYPE_RC2_CBC_ENV: LONG = 12; 929 pub const KERB_ETYPE_RSA_ENV: LONG = 13; 930 pub const KERB_ETYPE_RSA_ES_OEAP_ENV: LONG = 14; 931 pub const KERB_ETYPE_DES_EDE3_CBC_ENV: LONG = 15; 932 pub const KERB_ETYPE_DSA_SIGN: LONG = 8; 933 pub const KERB_ETYPE_RSA_PRIV: LONG = 9; 934 pub const KERB_ETYPE_RSA_PUB: LONG = 10; 935 pub const KERB_ETYPE_RSA_PUB_MD5: LONG = 11; 936 pub const KERB_ETYPE_RSA_PUB_SHA1: LONG = 12; 937 pub const KERB_ETYPE_PKCS7_PUB: LONG = 13; 938 pub const KERB_ETYPE_DES3_CBC_MD5: LONG = 5; 939 pub const KERB_ETYPE_DES3_CBC_SHA1: LONG = 7; 940 pub const KERB_ETYPE_DES3_CBC_SHA1_KD: LONG = 16; 941 pub const KERB_ETYPE_DES_CBC_MD5_NT: LONG = 20; 942 pub const KERB_ETYPE_RC4_HMAC_NT: LONG = 23; 943 pub const KERB_ETYPE_RC4_HMAC_NT_EXP: LONG = 24; 944 pub const KERB_CHECKSUM_NONE: LONG = 0; 945 pub const KERB_CHECKSUM_CRC32: LONG = 1; 946 pub const KERB_CHECKSUM_MD4: LONG = 2; 947 pub const KERB_CHECKSUM_KRB_DES_MAC: LONG = 4; 948 pub const KERB_CHECKSUM_KRB_DES_MAC_K: LONG = 5; 949 pub const KERB_CHECKSUM_MD5: LONG = 7; 950 pub const KERB_CHECKSUM_MD5_DES: LONG = 8; 951 pub const KERB_CHECKSUM_SHA1_NEW: LONG = 14; 952 pub const KERB_CHECKSUM_HMAC_SHA1_96_AES128: LONG = 15; 953 pub const KERB_CHECKSUM_HMAC_SHA1_96_AES256: LONG = 16; 954 pub const KERB_CHECKSUM_LM: LONG = -130; 955 pub const KERB_CHECKSUM_SHA1: LONG = -131; 956 pub const KERB_CHECKSUM_REAL_CRC32: LONG = -132; 957 pub const KERB_CHECKSUM_DES_MAC: LONG = -133; 958 pub const KERB_CHECKSUM_DES_MAC_MD5: LONG = -134; 959 pub const KERB_CHECKSUM_MD25: LONG = -135; 960 pub const KERB_CHECKSUM_RC4_MD5: LONG = -136; 961 pub const KERB_CHECKSUM_MD5_HMAC: LONG = -137; 962 pub const KERB_CHECKSUM_HMAC_MD5: LONG = -138; 963 pub const KERB_CHECKSUM_HMAC_SHA1_96_AES128_Ki: LONG = -150; 964 pub const KERB_CHECKSUM_HMAC_SHA1_96_AES256_Ki: LONG = -151; 965 pub const KERB_TICKET_FLAGS_reserved: ULONG = 0x80000000; 966 pub const KERB_TICKET_FLAGS_forwardable: ULONG = 0x40000000; 967 pub const KERB_TICKET_FLAGS_forwarded: ULONG = 0x20000000; 968 pub const KERB_TICKET_FLAGS_proxiable: ULONG = 0x10000000; 969 pub const KERB_TICKET_FLAGS_proxy: ULONG = 0x08000000; 970 pub const KERB_TICKET_FLAGS_may_postdate: ULONG = 0x04000000; 971 pub const KERB_TICKET_FLAGS_postdated: ULONG = 0x02000000; 972 pub const KERB_TICKET_FLAGS_invalid: ULONG = 0x01000000; 973 pub const KERB_TICKET_FLAGS_renewable: ULONG = 0x00800000; 974 pub const KERB_TICKET_FLAGS_initial: ULONG = 0x00400000; 975 pub const KERB_TICKET_FLAGS_pre_authent: ULONG = 0x00200000; 976 pub const KERB_TICKET_FLAGS_hw_authent: ULONG = 0x00100000; 977 pub const KERB_TICKET_FLAGS_ok_as_delegate: ULONG = 0x00040000; 978 pub const KERB_TICKET_FLAGS_name_canonicalize: ULONG = 0x00010000; 979 pub const KERB_TICKET_FLAGS_cname_in_pa_data: ULONG = 0x00040000; 980 pub const KERB_TICKET_FLAGS_enc_pa_rep: ULONG = 0x00010000; 981 pub const KERB_TICKET_FLAGS_reserved1: ULONG = 0x00000001; 982 pub const KRB_NT_UNKNOWN: LONG = 0; 983 pub const KRB_NT_PRINCIPAL: LONG = 1; 984 pub const KRB_NT_PRINCIPAL_AND_ID: LONG = -131; 985 pub const KRB_NT_SRV_INST: LONG = 2; 986 pub const KRB_NT_SRV_INST_AND_ID: LONG = -132; 987 pub const KRB_NT_SRV_HST: LONG = 3; 988 pub const KRB_NT_SRV_XHST: LONG = 4; 989 pub const KRB_NT_UID: LONG = 5; 990 pub const KRB_NT_ENTERPRISE_PRINCIPAL: LONG = 10; 991 pub const KRB_NT_WELLKNOWN: LONG = 11; 992 pub const KRB_NT_ENT_PRINCIPAL_AND_ID: LONG = -130; 993 pub const KRB_NT_MS_PRINCIPAL: LONG = -128; 994 pub const KRB_NT_MS_PRINCIPAL_AND_ID: LONG = -129; 995 pub const KRB_NT_MS_BRANCH_ID: LONG = -133; 996 pub const KRB_NT_X500_PRINCIPAL: LONG = 6; 997 pub const KERB_WRAP_NO_ENCRYPT: ULONG = 0x80000001; 998 ENUM!{enum KERB_LOGON_SUBMIT_TYPE { 999 KerbInteractiveLogon = 2, 1000 KerbSmartCardLogon = 6, 1001 KerbWorkstationUnlockLogon = 7, 1002 KerbSmartCardUnlockLogon = 8, 1003 KerbProxyLogon = 9, 1004 KerbTicketLogon = 10, 1005 KerbTicketUnlockLogon = 11, 1006 KerbS4ULogon = 12, 1007 KerbCertificateLogon = 13, 1008 KerbCertificateS4ULogon = 14, 1009 KerbCertificateUnlockLogon = 15, 1010 KerbNoElevationLogon = 83, 1011 KerbLuidLogon = 84, 1012 }} 1013 pub type PKERB_LOGON_SUBMIT_TYPE = *mut KERB_LOGON_SUBMIT_TYPE; 1014 STRUCT!{struct KERB_INTERACTIVE_LOGON { 1015 MessageType: KERB_LOGON_SUBMIT_TYPE, 1016 LogonDomainName: UNICODE_STRING, 1017 UserName: UNICODE_STRING, 1018 Password: UNICODE_STRING, 1019 }} 1020 pub type PKERB_INTERACTIVE_LOGON = *mut KERB_INTERACTIVE_LOGON; 1021 STRUCT!{struct KERB_INTERACTIVE_UNLOCK_LOGON { 1022 Logon: KERB_INTERACTIVE_LOGON, 1023 LogonId: LUID, 1024 }} 1025 pub type PKERB_INTERACTIVE_UNLOCK_LOGON = *mut KERB_INTERACTIVE_UNLOCK_LOGON; 1026 STRUCT!{struct KERB_SMART_CARD_LOGON { 1027 MessageType: KERB_LOGON_SUBMIT_TYPE, 1028 Pin: UNICODE_STRING, 1029 CspDataLength: ULONG, 1030 CspData: PUCHAR, 1031 }} 1032 pub type PKERB_SMART_CARD_LOGON = *mut KERB_SMART_CARD_LOGON; 1033 STRUCT!{struct KERB_SMART_CARD_UNLOCK_LOGON { 1034 Logon: KERB_SMART_CARD_LOGON, 1035 LogonId: LUID, 1036 }} 1037 pub type PKERB_SMART_CARD_UNLOCK_LOGON = *mut KERB_SMART_CARD_UNLOCK_LOGON; 1038 pub const KERB_CERTIFICATE_LOGON_FLAG_CHECK_DUPLICATES: ULONG = 0x1; 1039 pub const KERB_CERTIFICATE_LOGON_FLAG_USE_CERTIFICATE_INFO: ULONG = 0x2; 1040 STRUCT!{struct KERB_CERTIFICATE_LOGON { 1041 MessageType: KERB_LOGON_SUBMIT_TYPE, 1042 DomainName: UNICODE_STRING, 1043 UserName: UNICODE_STRING, 1044 Pin: UNICODE_STRING, 1045 Flags: ULONG, 1046 CspDataLength: ULONG, 1047 CspData: PUCHAR, 1048 }} 1049 pub type PKERB_CERTIFICATE_LOGON = *mut KERB_CERTIFICATE_LOGON; 1050 STRUCT!{struct KERB_CERTIFICATE_UNLOCK_LOGON { 1051 Logon: KERB_CERTIFICATE_LOGON, 1052 LogonId: LUID, 1053 }} 1054 pub type PKERB_CERTIFICATE_UNLOCK_LOGON = *mut KERB_CERTIFICATE_UNLOCK_LOGON; 1055 pub const KERB_CERTIFICATE_S4U_LOGON_FLAG_CHECK_DUPLICATES: ULONG = 0x1; 1056 pub const KERB_CERTIFICATE_S4U_LOGON_FLAG_CHECK_LOGONHOURS: ULONG = 0x2; 1057 pub const KERB_CERTIFICATE_S4U_LOGON_FLAG_FAIL_IF_NT_AUTH_POLICY_REQUIRED: ULONG = 0x4; 1058 pub const KERB_CERTIFICATE_S4U_LOGON_FLAG_IDENTIFY: ULONG = 0x8; 1059 STRUCT!{struct KERB_CERTIFICATE_S4U_LOGON { 1060 MessageType: KERB_LOGON_SUBMIT_TYPE, 1061 Flags: ULONG, 1062 UserPrincipalName: UNICODE_STRING, 1063 DomainName: UNICODE_STRING, 1064 CertificateLength: ULONG, 1065 Certificate: PUCHAR, 1066 }} 1067 pub type PKERB_CERTIFICATE_S4U_LOGON = *mut KERB_CERTIFICATE_S4U_LOGON; 1068 STRUCT!{struct KERB_TICKET_LOGON { 1069 MessageType: KERB_LOGON_SUBMIT_TYPE, 1070 Flags: ULONG, 1071 ServiceTicketLength: ULONG, 1072 TicketGrantingTicketLength: ULONG, 1073 ServiceTicket: PUCHAR, 1074 TicketGrantingTicket: PUCHAR, 1075 }} 1076 pub type PKERB_TICKET_LOGON = *mut KERB_TICKET_LOGON; 1077 STRUCT!{struct KERB_TICKET_UNLOCK_LOGON { 1078 Logon: KERB_TICKET_LOGON, 1079 LogonId: LUID, 1080 }} 1081 pub type PKERB_TICKET_UNLOCK_LOGON = *mut KERB_TICKET_UNLOCK_LOGON; 1082 pub const KERB_S4U_LOGON_FLAG_CHECK_LOGONHOURS: ULONG = 0x2; 1083 pub const KERB_S4U_LOGON_FLAG_IDENTIFY: ULONG = 0x8; 1084 STRUCT!{struct KERB_S4U_LOGON { 1085 MessageType: KERB_LOGON_SUBMIT_TYPE, 1086 Flags: ULONG, 1087 ClientUpn: UNICODE_STRING, 1088 ClientRealm: UNICODE_STRING, 1089 }} 1090 pub type PKERB_S4U_LOGON = *mut KERB_S4U_LOGON; 1091 ENUM!{enum KERB_PROFILE_BUFFER_TYPE { 1092 KerbInteractiveProfile = 2, 1093 KerbSmartCardProfile = 4, 1094 KerbTicketProfile = 6, 1095 }} 1096 pub type PKERB_PROFILE_BUFFER_TYPE = *mut KERB_PROFILE_BUFFER_TYPE; 1097 STRUCT!{struct KERB_INTERACTIVE_PROFILE { 1098 MessageType: KERB_PROFILE_BUFFER_TYPE, 1099 LogonCount: USHORT, 1100 BadPasswordCount: USHORT, 1101 LogonTime: LARGE_INTEGER, 1102 LogoffTime: LARGE_INTEGER, 1103 KickOffTime: LARGE_INTEGER, 1104 PasswordLastSet: LARGE_INTEGER, 1105 PasswordCanChange: LARGE_INTEGER, 1106 PasswordMustChange: LARGE_INTEGER, 1107 LogonScript: UNICODE_STRING, 1108 HomeDirectory: UNICODE_STRING, 1109 FullName: UNICODE_STRING, 1110 ProfilePath: UNICODE_STRING, 1111 HomeDirectoryDrive: UNICODE_STRING, 1112 LogonServer: UNICODE_STRING, 1113 UserFlags: ULONG, 1114 }} 1115 pub type PKERB_INTERACTIVE_PROFILE = *mut KERB_INTERACTIVE_PROFILE; 1116 STRUCT!{struct KERB_SMART_CARD_PROFILE { 1117 Profile: KERB_INTERACTIVE_PROFILE, 1118 CertificateSize: ULONG, 1119 CertificateData: PUCHAR, 1120 }} 1121 pub type PKERB_SMART_CARD_PROFILE = *mut KERB_SMART_CARD_PROFILE; 1122 STRUCT!{struct KERB_CRYPTO_KEY { 1123 KeyType: LONG, 1124 Length: ULONG, 1125 Value: PUCHAR, 1126 }} 1127 pub type PKERB_CRYPTO_KEY = *mut KERB_CRYPTO_KEY; 1128 STRUCT!{struct KERB_CRYPTO_KEY32 { 1129 KeyType: LONG, 1130 Length: ULONG, 1131 Offset: ULONG, 1132 }} 1133 pub type PKERB_CRYPTO_KEY32 = *mut KERB_CRYPTO_KEY32; 1134 STRUCT!{struct KERB_TICKET_PROFILE { 1135 Profile: KERB_INTERACTIVE_PROFILE, 1136 SessionKey: KERB_CRYPTO_KEY, 1137 }} 1138 pub type PKERB_TICKET_PROFILE = *mut KERB_TICKET_PROFILE; 1139 ENUM!{enum KERB_PROTOCOL_MESSAGE_TYPE { 1140 KerbDebugRequestMessage = 0, 1141 KerbQueryTicketCacheMessage, 1142 KerbChangeMachinePasswordMessage, 1143 KerbVerifyPacMessage, 1144 KerbRetrieveTicketMessage, 1145 KerbUpdateAddressesMessage, 1146 KerbPurgeTicketCacheMessage, 1147 KerbChangePasswordMessage, 1148 KerbRetrieveEncodedTicketMessage, 1149 KerbDecryptDataMessage, 1150 KerbAddBindingCacheEntryMessage, 1151 KerbSetPasswordMessage, 1152 KerbSetPasswordExMessage, 1153 KerbVerifyCredentialsMessage, 1154 KerbQueryTicketCacheExMessage, 1155 KerbPurgeTicketCacheExMessage, 1156 KerbRefreshSmartcardCredentialsMessage, 1157 KerbAddExtraCredentialsMessage, 1158 KerbQuerySupplementalCredentialsMessage, 1159 KerbTransferCredentialsMessage, 1160 KerbQueryTicketCacheEx2Message, 1161 KerbSubmitTicketMessage, 1162 KerbAddExtraCredentialsExMessage, 1163 KerbQueryKdcProxyCacheMessage, 1164 KerbPurgeKdcProxyCacheMessage, 1165 KerbQueryTicketCacheEx3Message, 1166 KerbCleanupMachinePkinitCredsMessage, 1167 KerbAddBindingCacheEntryExMessage, 1168 KerbQueryBindingCacheMessage, 1169 KerbPurgeBindingCacheMessage, 1170 KerbPinKdcMessage, 1171 KerbUnpinAllKdcsMessage, 1172 KerbQueryDomainExtendedPoliciesMessage, 1173 KerbQueryS4U2ProxyCacheMessage, 1174 }} 1175 pub type PKERB_PROTOCOL_MESSAGE_TYPE = *mut KERB_PROTOCOL_MESSAGE_TYPE; 1176 STRUCT!{struct KERB_QUERY_TKT_CACHE_REQUEST { 1177 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1178 LogonId: LUID, 1179 }} 1180 pub type PKERB_QUERY_TKT_CACHE_REQUEST = *mut KERB_QUERY_TKT_CACHE_REQUEST; 1181 STRUCT!{struct KERB_TICKET_CACHE_INFO { 1182 ServerName: UNICODE_STRING, 1183 RealmName: UNICODE_STRING, 1184 StartTime: LARGE_INTEGER, 1185 EndTime: LARGE_INTEGER, 1186 RenewTime: LARGE_INTEGER, 1187 EncryptionType: LONG, 1188 TicketFlags: ULONG, 1189 }} 1190 pub type PKERB_TICKET_CACHE_INFO = *mut KERB_TICKET_CACHE_INFO; 1191 STRUCT!{struct KERB_TICKET_CACHE_INFO_EX { 1192 ClientName: UNICODE_STRING, 1193 ClientRealm: UNICODE_STRING, 1194 ServerName: UNICODE_STRING, 1195 ServerRealm: UNICODE_STRING, 1196 StartTime: LARGE_INTEGER, 1197 EndTime: LARGE_INTEGER, 1198 RenewTime: LARGE_INTEGER, 1199 EncryptionType: LONG, 1200 TicketFlags: ULONG, 1201 }} 1202 pub type PKERB_TICKET_CACHE_INFO_EX = *mut KERB_TICKET_CACHE_INFO_EX; 1203 STRUCT!{struct KERB_TICKET_CACHE_INFO_EX2 { 1204 ClientName: UNICODE_STRING, 1205 ClientRealm: UNICODE_STRING, 1206 ServerName: UNICODE_STRING, 1207 ServerRealm: UNICODE_STRING, 1208 StartTime: LARGE_INTEGER, 1209 EndTime: LARGE_INTEGER, 1210 RenewTime: LARGE_INTEGER, 1211 EncryptionType: LONG, 1212 TicketFlags: ULONG, 1213 SessionKeyType: ULONG, 1214 BranchId: ULONG, 1215 }} 1216 pub type PKERB_TICKET_CACHE_INFO_EX2 = *mut KERB_TICKET_CACHE_INFO_EX2; 1217 STRUCT!{struct KERB_TICKET_CACHE_INFO_EX3 { 1218 ClientName: UNICODE_STRING, 1219 ClientRealm: UNICODE_STRING, 1220 ServerName: UNICODE_STRING, 1221 ServerRealm: UNICODE_STRING, 1222 StartTime: LARGE_INTEGER, 1223 EndTime: LARGE_INTEGER, 1224 RenewTime: LARGE_INTEGER, 1225 EncryptionType: LONG, 1226 TicketFlags: ULONG, 1227 SessionKeyType: ULONG, 1228 BranchId: ULONG, 1229 CacheFlags: ULONG, 1230 KdcCalled: UNICODE_STRING, 1231 }} 1232 pub type PKERB_TICKET_CACHE_INFO_EX3 = *mut KERB_TICKET_CACHE_INFO_EX3; 1233 STRUCT!{struct KERB_QUERY_TKT_CACHE_RESPONSE { 1234 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1235 CountOfTickets: ULONG, 1236 Tickets: [KERB_TICKET_CACHE_INFO; ANYSIZE_ARRAY], 1237 }} 1238 pub type PKERB_QUERY_TKT_CACHE_RESPONSE = *mut KERB_QUERY_TKT_CACHE_RESPONSE; 1239 STRUCT!{struct KERB_QUERY_TKT_CACHE_EX_RESPONSE { 1240 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1241 CountOfTickets: ULONG, 1242 Tickets: [KERB_TICKET_CACHE_INFO_EX; ANYSIZE_ARRAY], 1243 }} 1244 pub type PKERB_QUERY_TKT_CACHE_EX_RESPONSE = *mut KERB_QUERY_TKT_CACHE_EX_RESPONSE; 1245 STRUCT!{struct KERB_QUERY_TKT_CACHE_EX2_RESPONSE { 1246 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1247 CountOfTickets: ULONG, 1248 Tickets: [KERB_TICKET_CACHE_INFO_EX2; ANYSIZE_ARRAY], 1249 }} 1250 pub type PKERB_QUERY_TKT_CACHE_EX2_RESPONSE = *mut KERB_QUERY_TKT_CACHE_EX2_RESPONSE; 1251 STRUCT!{struct KERB_QUERY_TKT_CACHE_EX3_RESPONSE { 1252 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1253 CountOfTickets: ULONG, 1254 Tickets: [KERB_TICKET_CACHE_INFO_EX3; ANYSIZE_ARRAY], 1255 }} 1256 pub type PKERB_QUERY_TKT_CACHE_EX3_RESPONSE = *mut KERB_QUERY_TKT_CACHE_EX3_RESPONSE; 1257 pub const KERB_USE_DEFAULT_TICKET_FLAGS: ULONG = 0x0; 1258 pub const KERB_RETRIEVE_TICKET_DEFAULT: ULONG = 0x0; 1259 pub const KERB_RETRIEVE_TICKET_DONT_USE_CACHE: ULONG = 0x1; 1260 pub const KERB_RETRIEVE_TICKET_USE_CACHE_ONLY: ULONG = 0x2; 1261 pub const KERB_RETRIEVE_TICKET_USE_CREDHANDLE: ULONG = 0x4; 1262 pub const KERB_RETRIEVE_TICKET_AS_KERB_CRED: ULONG = 0x8; 1263 pub const KERB_RETRIEVE_TICKET_WITH_SEC_CRED: ULONG = 0x10; 1264 pub const KERB_RETRIEVE_TICKET_CACHE_TICKET: ULONG = 0x20; 1265 pub const KERB_RETRIEVE_TICKET_MAX_LIFETIME: ULONG = 0x40; 1266 STRUCT!{struct KERB_AUTH_DATA { 1267 Type: ULONG, 1268 Length: ULONG, 1269 Data: PUCHAR, 1270 }} 1271 pub type PKERB_AUTH_DATA = *mut KERB_AUTH_DATA; 1272 STRUCT!{struct KERB_NET_ADDRESS { 1273 Family: ULONG, 1274 Length: ULONG, 1275 Address: PUCHAR, 1276 }} 1277 pub type PKERB_NET_ADDRESS = *mut KERB_NET_ADDRESS; 1278 STRUCT!{struct KERB_NET_ADDRESSES { 1279 Number: ULONG, 1280 Addresses: [KERB_NET_ADDRESS; ANYSIZE_ARRAY], 1281 }} 1282 pub type PKERB_NET_ADDRESSES = *mut KERB_NET_ADDRESSES; 1283 STRUCT!{struct KERB_EXTERNAL_NAME { 1284 NameType: SHORT, 1285 NameCount: USHORT, 1286 Names: [UNICODE_STRING; ANYSIZE_ARRAY], 1287 }} 1288 pub type PKERB_EXTERNAL_NAME = *mut KERB_EXTERNAL_NAME; 1289 STRUCT!{struct KERB_EXTERNAL_TICKET { 1290 ServiceName: PKERB_EXTERNAL_NAME, 1291 TargetName: PKERB_EXTERNAL_NAME, 1292 ClientName: PKERB_EXTERNAL_NAME, 1293 DomainName: UNICODE_STRING, 1294 TargetDomainName: UNICODE_STRING, 1295 AltTargetDomainName: UNICODE_STRING, 1296 SessionKey: KERB_CRYPTO_KEY, 1297 TicketFlags: ULONG, 1298 Flags: ULONG, 1299 KeyExpirationTime: LARGE_INTEGER, 1300 StartTime: LARGE_INTEGER, 1301 EndTime: LARGE_INTEGER, 1302 RenewUntil: LARGE_INTEGER, 1303 TimeSkew: LARGE_INTEGER, 1304 EncodedTicketSize: ULONG, 1305 EncodedTicket: PUCHAR, 1306 }} 1307 pub type PKERB_EXTERNAL_TICKET = *mut KERB_EXTERNAL_TICKET; 1308 STRUCT!{struct KERB_RETRIEVE_TKT_REQUEST { 1309 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1310 LogonId: LUID, 1311 TargetName: UNICODE_STRING, 1312 TicketFlags: ULONG, 1313 CacheOptions: ULONG, 1314 EncryptionType: LONG, 1315 CredentialsHandle: SecHandle, 1316 }} 1317 pub type PKERB_RETRIEVE_TKT_REQUEST = *mut KERB_RETRIEVE_TKT_REQUEST; 1318 STRUCT!{struct KERB_RETRIEVE_TKT_RESPONSE { 1319 Ticket: KERB_EXTERNAL_TICKET, 1320 }} 1321 pub type PKERB_RETRIEVE_TKT_RESPONSE = *mut KERB_RETRIEVE_TKT_RESPONSE; 1322 STRUCT!{struct KERB_PURGE_TKT_CACHE_REQUEST { 1323 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1324 LogonId: LUID, 1325 ServerName: UNICODE_STRING, 1326 RealmName: UNICODE_STRING, 1327 }} 1328 pub type PKERB_PURGE_TKT_CACHE_REQUEST = *mut KERB_PURGE_TKT_CACHE_REQUEST; 1329 pub const KERB_PURGE_ALL_TICKETS: ULONG = 1; 1330 STRUCT!{struct KERB_PURGE_TKT_CACHE_EX_REQUEST { 1331 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1332 LogonId: LUID, 1333 Flags: ULONG, 1334 TicketTemplate: KERB_TICKET_CACHE_INFO_EX, 1335 }} 1336 pub type PKERB_PURGE_TKT_CACHE_EX_REQUEST = *mut KERB_PURGE_TKT_CACHE_EX_REQUEST; 1337 STRUCT!{struct KERB_SUBMIT_TKT_REQUEST { 1338 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1339 LogonId: LUID, 1340 Flags: ULONG, 1341 Key: KERB_CRYPTO_KEY32, 1342 KerbCredSize: ULONG, 1343 KerbCredOffset: ULONG, 1344 }} 1345 pub type PKERB_SUBMIT_TKT_REQUEST = *mut KERB_SUBMIT_TKT_REQUEST; 1346 STRUCT!{struct KERB_QUERY_KDC_PROXY_CACHE_REQUEST { 1347 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1348 Flags: ULONG, 1349 LogonId: LUID, 1350 }} 1351 pub type PKERB_QUERY_KDC_PROXY_CACHE_REQUEST = *mut KERB_QUERY_KDC_PROXY_CACHE_REQUEST; 1352 STRUCT!{struct KDC_PROXY_CACHE_ENTRY_DATA { 1353 SinceLastUsed: ULONG64, 1354 DomainName: UNICODE_STRING, 1355 ProxyServerName: UNICODE_STRING, 1356 ProxyServerVdir: UNICODE_STRING, 1357 ProxyServerPort: USHORT, 1358 LogonId: LUID, 1359 CredUserName: UNICODE_STRING, 1360 CredDomainName: UNICODE_STRING, 1361 GlobalCache: BOOLEAN, 1362 }} 1363 pub type PKDC_PROXY_CACHE_ENTRY_DATA = *mut KDC_PROXY_CACHE_ENTRY_DATA; 1364 STRUCT!{struct KERB_QUERY_KDC_PROXY_CACHE_RESPONSE { 1365 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1366 CountOfEntries: ULONG, 1367 Entries: PKDC_PROXY_CACHE_ENTRY_DATA, 1368 }} 1369 pub type PKERB_QUERY_KDC_PROXY_CACHE_RESPONSE = *mut KERB_QUERY_KDC_PROXY_CACHE_RESPONSE; 1370 STRUCT!{struct KERB_PURGE_KDC_PROXY_CACHE_REQUEST { 1371 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1372 Flags: ULONG, 1373 LogonId: LUID, 1374 }} 1375 pub type PKERB_PURGE_KDC_PROXY_CACHE_REQUEST = *mut KERB_PURGE_KDC_PROXY_CACHE_REQUEST; 1376 STRUCT!{struct KERB_PURGE_KDC_PROXY_CACHE_RESPONSE { 1377 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1378 CountOfPurged: ULONG, 1379 }} 1380 pub type PKERB_PURGE_KDC_PROXY_CACHE_RESPONSE = *mut KERB_PURGE_KDC_PROXY_CACHE_RESPONSE; 1381 pub const KERB_S4U2PROXY_CACHE_ENTRY_INFO_FLAG_NEGATIVE: ULONG = 0x1; 1382 STRUCT!{struct KERB_S4U2PROXY_CACHE_ENTRY_INFO { 1383 ServerName: UNICODE_STRING, 1384 Flags: ULONG, 1385 LastStatus: NTSTATUS, 1386 Expiry: LARGE_INTEGER, 1387 }} 1388 pub type PKERB_S4U2PROXY_CACHE_ENTRY_INFO = *mut KERB_S4U2PROXY_CACHE_ENTRY_INFO; 1389 pub const KERB_S4U2PROXY_CRED_FLAG_NEGATIVE: ULONG = 0x1; 1390 STRUCT!{struct KERB_S4U2PROXY_CRED { 1391 UserName: UNICODE_STRING, 1392 DomainName: UNICODE_STRING, 1393 Flags: ULONG, 1394 LastStatus: NTSTATUS, 1395 Expiry: LARGE_INTEGER, 1396 CountOfEntries: ULONG, 1397 Entries: PKERB_S4U2PROXY_CACHE_ENTRY_INFO, 1398 }} 1399 pub type PKERB_S4U2PROXY_CRED = *mut KERB_S4U2PROXY_CRED; 1400 STRUCT!{struct KERB_QUERY_S4U2PROXY_CACHE_REQUEST { 1401 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1402 Flags: ULONG, 1403 LogonId: LUID, 1404 }} 1405 pub type PKERB_QUERY_S4U2PROXY_CACHE_REQUEST = *mut KERB_QUERY_S4U2PROXY_CACHE_REQUEST; 1406 STRUCT!{struct KERB_QUERY_S4U2PROXY_CACHE_RESPONSE { 1407 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1408 CountOfCreds: ULONG, 1409 Creds: PKERB_S4U2PROXY_CRED, 1410 }} 1411 pub type PKERB_QUERY_S4U2PROXY_CACHE_RESPONSE = *mut KERB_QUERY_S4U2PROXY_CACHE_RESPONSE; 1412 STRUCT!{struct KERB_CHANGEPASSWORD_REQUEST { 1413 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1414 DomainName: UNICODE_STRING, 1415 AccountName: UNICODE_STRING, 1416 OldPassword: UNICODE_STRING, 1417 NewPassword: UNICODE_STRING, 1418 Impersonating: BOOLEAN, 1419 }} 1420 pub type PKERB_CHANGEPASSWORD_REQUEST = *mut KERB_CHANGEPASSWORD_REQUEST; 1421 STRUCT!{struct KERB_SETPASSWORD_REQUEST { 1422 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1423 LogonId: LUID, 1424 CredentialsHandle: SecHandle, 1425 Flags: ULONG, 1426 DomainName: UNICODE_STRING, 1427 AccountName: UNICODE_STRING, 1428 Password: UNICODE_STRING, 1429 }} 1430 pub type PKERB_SETPASSWORD_REQUEST = *mut KERB_SETPASSWORD_REQUEST; 1431 STRUCT!{struct KERB_SETPASSWORD_EX_REQUEST { 1432 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1433 LogonId: LUID, 1434 CredentialsHandle: SecHandle, 1435 Flags: ULONG, 1436 AccountRealm: UNICODE_STRING, 1437 AccountName: UNICODE_STRING, 1438 Password: UNICODE_STRING, 1439 ClientRealm: UNICODE_STRING, 1440 ClientName: UNICODE_STRING, 1441 Impersonating: BOOLEAN, 1442 KdcAddress: UNICODE_STRING, 1443 KdcAddressType: ULONG, 1444 }} 1445 pub type PKERB_SETPASSWORD_EX_REQUEST = *mut KERB_SETPASSWORD_EX_REQUEST; 1446 pub const DS_UNKNOWN_ADDRESS_TYPE: ULONG = 0; 1447 pub const KERB_SETPASS_USE_LOGONID: ULONG = 1; 1448 pub const KERB_SETPASS_USE_CREDHANDLE: ULONG = 2; 1449 STRUCT!{struct KERB_DECRYPT_REQUEST { 1450 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1451 LogonId: LUID, 1452 Flags: ULONG, 1453 CryptoType: LONG, 1454 KeyUsage: LONG, 1455 Key: KERB_CRYPTO_KEY, 1456 EncryptedDataSize: ULONG, 1457 InitialVectorSize: ULONG, 1458 InitialVector: PUCHAR, 1459 EncryptedData: PUCHAR, 1460 }} 1461 pub type PKERB_DECRYPT_REQUEST = *mut KERB_DECRYPT_REQUEST; 1462 pub const KERB_DECRYPT_FLAG_DEFAULT_KEY: ULONG = 0x00000001; 1463 STRUCT!{struct KERB_DECRYPT_RESPONSE { 1464 DecryptedData: [UCHAR; ANYSIZE_ARRAY], 1465 }} 1466 pub type PKERB_DECRYPT_RESPONSE = *mut KERB_DECRYPT_RESPONSE; 1467 STRUCT!{struct KERB_ADD_BINDING_CACHE_ENTRY_REQUEST { 1468 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1469 RealmName: UNICODE_STRING, 1470 KdcAddress: UNICODE_STRING, 1471 AddressType: ULONG, 1472 }} 1473 pub type PKERB_ADD_BINDING_CACHE_ENTRY_REQUEST = *mut KERB_ADD_BINDING_CACHE_ENTRY_REQUEST; 1474 STRUCT!{struct KERB_REFRESH_SCCRED_REQUEST { 1475 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1476 CredentialBlob: UNICODE_STRING, 1477 LogonId: LUID, 1478 Flags: ULONG, 1479 }} 1480 pub type PKERB_REFRESH_SCCRED_REQUEST = *mut KERB_REFRESH_SCCRED_REQUEST; 1481 pub const KERB_REFRESH_SCCRED_RELEASE: ULONG = 0x0; 1482 pub const KERB_REFRESH_SCCRED_GETTGT: ULONG = 0x1; 1483 STRUCT!{struct KERB_ADD_CREDENTIALS_REQUEST { 1484 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1485 UserName: UNICODE_STRING, 1486 DomainName: UNICODE_STRING, 1487 Password: UNICODE_STRING, 1488 LogonId: LUID, 1489 Flags: ULONG, 1490 }} 1491 pub type PKERB_ADD_CREDENTIALS_REQUEST = *mut KERB_ADD_CREDENTIALS_REQUEST; 1492 pub const KERB_REQUEST_ADD_CREDENTIAL: ULONG = 1; 1493 pub const KERB_REQUEST_REPLACE_CREDENTIAL: ULONG = 2; 1494 pub const KERB_REQUEST_REMOVE_CREDENTIAL: ULONG = 4; 1495 STRUCT!{struct KERB_ADD_CREDENTIALS_REQUEST_EX { 1496 Credentials: KERB_ADD_CREDENTIALS_REQUEST, 1497 PrincipalNameCount: ULONG, 1498 PrincipalNames: [UNICODE_STRING; ANYSIZE_ARRAY], 1499 }} 1500 pub type PKERB_ADD_CREDENTIALS_REQUEST_EX = *mut KERB_ADD_CREDENTIALS_REQUEST_EX; 1501 STRUCT!{struct KERB_TRANSFER_CRED_REQUEST { 1502 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1503 OriginLogonId: LUID, 1504 DestinationLogonId: LUID, 1505 Flags: ULONG, 1506 }} 1507 pub type PKERB_TRANSFER_CRED_REQUEST = *mut KERB_TRANSFER_CRED_REQUEST; 1508 pub const KERB_TRANSFER_CRED_WITH_TICKETS: ULONG = 0x1; 1509 pub const KERB_TRANSFER_CRED_CLEANUP_CREDENTIALS: ULONG = 0x2; 1510 STRUCT!{struct KERB_CLEANUP_MACHINE_PKINIT_CREDS_REQUEST { 1511 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1512 LogonId: LUID, 1513 }} 1514 pub type PKERB_CLEANUP_MACHINE_PKINIT_CREDS_REQUEST = 1515 *mut KERB_CLEANUP_MACHINE_PKINIT_CREDS_REQUEST; 1516 STRUCT!{struct KERB_BINDING_CACHE_ENTRY_DATA { 1517 DiscoveryTime: ULONG64, 1518 RealmName: UNICODE_STRING, 1519 KdcAddress: UNICODE_STRING, 1520 AddressType: ULONG, 1521 Flags: ULONG, 1522 DcFlags: ULONG, 1523 CacheFlags: ULONG, 1524 KdcName: UNICODE_STRING, 1525 }} 1526 pub type PKERB_BINDING_CACHE_ENTRY_DATA = *mut KERB_BINDING_CACHE_ENTRY_DATA; 1527 STRUCT!{struct KERB_QUERY_BINDING_CACHE_RESPONSE { 1528 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1529 CountOfEntries: ULONG, 1530 Entries: PKERB_BINDING_CACHE_ENTRY_DATA, 1531 }} 1532 pub type PKERB_QUERY_BINDING_CACHE_RESPONSE = *mut KERB_QUERY_BINDING_CACHE_RESPONSE; 1533 STRUCT!{struct KERB_ADD_BINDING_CACHE_ENTRY_EX_REQUEST { 1534 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1535 RealmName: UNICODE_STRING, 1536 KdcAddress: UNICODE_STRING, 1537 AddressType: ULONG, 1538 DcFlags: ULONG, 1539 }} 1540 pub type PKERB_ADD_BINDING_CACHE_ENTRY_EX_REQUEST = *mut KERB_ADD_BINDING_CACHE_ENTRY_EX_REQUEST; 1541 STRUCT!{struct KERB_QUERY_BINDING_CACHE_REQUEST { 1542 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1543 }} 1544 pub type PKERB_QUERY_BINDING_CACHE_REQUEST = *mut KERB_QUERY_BINDING_CACHE_REQUEST; 1545 STRUCT!{struct KERB_PURGE_BINDING_CACHE_REQUEST { 1546 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1547 }} 1548 pub type PKERB_PURGE_BINDING_CACHE_REQUEST = *mut KERB_PURGE_BINDING_CACHE_REQUEST; 1549 STRUCT!{struct KERB_QUERY_DOMAIN_EXTENDED_POLICIES_REQUEST { 1550 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1551 Flags: ULONG, 1552 DomainName: UNICODE_STRING, 1553 }} 1554 pub type PKERB_QUERY_DOMAIN_EXTENDED_POLICIES_REQUEST = 1555 *mut KERB_QUERY_DOMAIN_EXTENDED_POLICIES_REQUEST; 1556 STRUCT!{struct KERB_QUERY_DOMAIN_EXTENDED_POLICIES_RESPONSE { 1557 MessageType: KERB_PROTOCOL_MESSAGE_TYPE, 1558 Flags: ULONG, 1559 ExtendedPolicies: ULONG, 1560 DsFlags: ULONG, 1561 }} 1562 pub type PKERB_QUERY_DOMAIN_EXTENDED_POLICIES_RESPONSE = 1563 *mut KERB_QUERY_DOMAIN_EXTENDED_POLICIES_RESPONSE; 1564 ENUM!{enum KERB_CERTIFICATE_INFO_TYPE { 1565 CertHashInfo = 1, 1566 }} 1567 pub type PKERB_CERTIFICATE_INFO_TYPE = *mut KERB_CERTIFICATE_INFO_TYPE; 1568 STRUCT!{struct KERB_CERTIFICATE_HASHINFO { 1569 StoreNameLength: USHORT, 1570 HashLength: USHORT, 1571 }} 1572 pub type PKERB_CERTIFICATE_HASHINFO = *mut KERB_CERTIFICATE_HASHINFO; 1573 STRUCT!{struct KERB_CERTIFICATE_INFO { 1574 CertInfoSize: ULONG, 1575 InfoType: ULONG, 1576 }} 1577 pub type PKERB_CERTIFICATE_INFO = *mut KERB_CERTIFICATE_INFO; 1578 STRUCT!{struct POLICY_AUDIT_SID_ARRAY { 1579 UsersCount: ULONG, 1580 UserSidArray: *mut PSID, 1581 }} 1582 pub type PPOLICY_AUDIT_SID_ARRAY = *mut POLICY_AUDIT_SID_ARRAY; 1583 STRUCT!{struct AUDIT_POLICY_INFORMATION { 1584 AuditSubCategoryGuid: GUID, 1585 AuditingInformation: ULONG, 1586 AuditCategoryGuid: GUID, 1587 }} 1588 pub type PAUDIT_POLICY_INFORMATION = *mut AUDIT_POLICY_INFORMATION; 1589 pub type LPAUDIT_POLICY_INFORMATION = PAUDIT_POLICY_INFORMATION; 1590 pub type PCAUDIT_POLICY_INFORMATION = *const AUDIT_POLICY_INFORMATION; 1591 pub const AUDIT_SET_SYSTEM_POLICY: ULONG = 0x0001; 1592 pub const AUDIT_QUERY_SYSTEM_POLICY: ULONG = 0x0002; 1593 pub const AUDIT_SET_USER_POLICY: ULONG = 0x0004; 1594 pub const AUDIT_QUERY_USER_POLICY: ULONG = 0x0008; 1595 pub const AUDIT_ENUMERATE_USERS: ULONG = 0x0010; 1596 pub const AUDIT_SET_MISC_POLICY: ULONG = 0x0020; 1597 pub const AUDIT_QUERY_MISC_POLICY: ULONG = 0x0040; 1598 pub const AUDIT_GENERIC_ALL: ULONG = STANDARD_RIGHTS_REQUIRED | AUDIT_SET_SYSTEM_POLICY 1599 | AUDIT_QUERY_SYSTEM_POLICY | AUDIT_SET_USER_POLICY | AUDIT_QUERY_USER_POLICY 1600 | AUDIT_ENUMERATE_USERS | AUDIT_SET_MISC_POLICY | AUDIT_QUERY_MISC_POLICY; 1601 pub const AUDIT_GENERIC_READ: ULONG = STANDARD_RIGHTS_READ | AUDIT_QUERY_SYSTEM_POLICY 1602 | AUDIT_QUERY_USER_POLICY | AUDIT_ENUMERATE_USERS | AUDIT_QUERY_MISC_POLICY; 1603 pub const AUDIT_GENERIC_WRITE: ULONG = STANDARD_RIGHTS_WRITE | AUDIT_SET_USER_POLICY 1604 | AUDIT_SET_MISC_POLICY | AUDIT_SET_SYSTEM_POLICY; 1605 pub const AUDIT_GENERIC_EXECUTE: ULONG = STANDARD_RIGHTS_EXECUTE; 1606 extern "system" { 1607 // pub fn AuditSetSystemPolicy(); 1608 // pub fn AuditSetPerUserPolicy(); 1609 // pub fn AuditQuerySystemPolicy(); 1610 // pub fn AuditQueryPerUserPolicy(); 1611 // pub fn AuditEnumeratePerUserPolicy(); 1612 // pub fn AuditComputeEffectivePolicyBySid(); 1613 // pub fn AuditComputeEffectivePolicyByToken(); 1614 // pub fn AuditEnumerateCategories(); 1615 // pub fn AuditEnumerateSubCategories(); 1616 // pub fn AuditLookupCategoryNameW(); 1617 // pub fn AuditLookupCategoryNameA(); 1618 // pub fn AuditLookupSubCategoryNameW(); 1619 // pub fn AuditLookupSubCategoryNameA(); 1620 // pub fn AuditLookupCategoryIdFromCategoryGuid(); 1621 // pub fn AuditLookupCategoryGuidFromCategoryId(); 1622 // pub fn AuditSetSecurity(); 1623 // pub fn AuditQuerySecurity(); 1624 // pub fn AuditSetGlobalSaclW(); 1625 // pub fn AuditSetGlobalSaclA(); 1626 // pub fn AuditQueryGlobalSaclW(); 1627 // pub fn AuditQueryGlobalSaclA(); AuditFree( Buffer: PVOID, )1628 pub fn AuditFree( 1629 Buffer: PVOID, 1630 ); 1631 } 1632 STRUCT!{struct PKU2U_CERT_BLOB { 1633 CertOffset: ULONG, 1634 CertLength: USHORT, 1635 }} 1636 pub type PPKU2U_CERT_BLOB = *mut PKU2U_CERT_BLOB; 1637 pub const PKU2U_CREDUI_CONTEXT_VERSION: ULONG64 = 0x4154414454524543; 1638 STRUCT!{struct PKU2U_CREDUI_CONTEXT { 1639 Version: ULONG64, 1640 cbHeaderLength: USHORT, 1641 cbStructureLength: ULONG, 1642 CertArrayCount: USHORT, 1643 CertArrayOffset: ULONG, 1644 }} 1645 pub type PPKU2U_CREDUI_CONTEXT = *mut PKU2U_CREDUI_CONTEXT; 1646 ENUM!{enum PKU2U_LOGON_SUBMIT_TYPE { 1647 Pku2uCertificateS4ULogon = 14, 1648 }} 1649 pub type PPKU2U_LOGON_SUBMIT_TYPE = *mut PKU2U_LOGON_SUBMIT_TYPE; 1650 STRUCT!{struct PKU2U_CERTIFICATE_S4U_LOGON { 1651 MessageType: PKU2U_LOGON_SUBMIT_TYPE, 1652 Flags: ULONG, 1653 UserPrincipalName: UNICODE_STRING, 1654 DomainName: UNICODE_STRING, 1655 CertificateLength: ULONG, 1656 Certificate: PUCHAR, 1657 }} 1658 pub type PPKU2U_CERTIFICATE_S4U_LOGON = *mut PKU2U_CERTIFICATE_S4U_LOGON; 1659