1 // Licensed under the Apache License, Version 2.0
2 // <LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
3 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
4 // All files in the project carrying such notice may not be copied, modified, or distributed
5 // except according to those terms.
6 use shared::basetsd::{SIZE_T, ULONG_PTR};
7 use shared::guiddef::GUID;
8 use shared::minwindef::{PUCHAR, PULONG, UCHAR, ULONG, USHORT};
9 use shared::ntdef::{NTSTATUS, PNTSTATUS};
10 use um::lsalookup::{
11 LSA_TRUST_INFORMATION, LSA_UNICODE_STRING, PLSA_OBJECT_ATTRIBUTES,
12 PLSA_REFERENCED_DOMAIN_LIST, PLSA_STRING, PLSA_TRANSLATED_NAME, PLSA_TRANSLATED_SID2,
13 PLSA_TRUST_INFORMATION, PLSA_UNICODE_STRING,
14 };
15 use um::ntsecapi::PLSA_HANDLE;
16 use um::subauth::{PUNICODE_STRING, UNICODE_STRING};
17 use um::winnt::{
18 ACCESS_MASK, ANYSIZE_ARRAY, BOOLEAN, HANDLE, LARGE_INTEGER, LONG, LUID, PBOOLEAN,
19 PCLAIMS_BLOB, PHANDLE, PLARGE_INTEGER, PLUID, PPRIVILEGE_SET, PQUOTA_LIMITS,
20 PSECURITY_DESCRIPTOR, PSHORT, PSID, PTOKEN_GROUPS, PTOKEN_PRIVILEGES, PTOKEN_SOURCE, PVOID,
21 PWSTR, QUOTA_LIMITS, SECURITY_INFORMATION, SID_NAME_USE, STANDARD_RIGHTS_EXECUTE,
22 STANDARD_RIGHTS_READ, STANDARD_RIGHTS_REQUIRED, STANDARD_RIGHTS_WRITE, TOKEN_DEFAULT_DACL,
23 TOKEN_DEVICE_CLAIMS, TOKEN_OWNER, TOKEN_PRIMARY_GROUP, TOKEN_USER, TOKEN_USER_CLAIMS,
24 };
25 pub type LSA_OPERATIONAL_MODE = ULONG;
26 pub type PLSA_OPERATIONAL_MODE = *mut LSA_OPERATIONAL_MODE;
27 pub const LSA_MODE_PASSWORD_PROTECTED: ULONG = 0x00000001;
28 pub const LSA_MODE_INDIVIDUAL_ACCOUNTS: ULONG = 0x00000002;
29 pub const LSA_MODE_MANDATORY_ACCESS: ULONG = 0x00000004;
30 pub const LSA_MODE_LOG_FULL: ULONG = 0x00000008;
31 pub const LSA_MAXIMUM_SID_COUNT: SIZE_T = 0x00000100;
32 pub const LSA_MAXIMUM_ENUMERATION_LENGTH: SIZE_T = 32000;
33 pub const LSA_CALL_LICENSE_SERVER: ULONG = 0x80000000;
34 ENUM!{enum SECURITY_LOGON_TYPE {
35 UndefinedLogonType = 0,
36 Interactive = 2,
37 Network,
38 Batch,
39 Service,
40 Proxy,
41 Unlock,
42 NetworkCleartext,
43 NewCredentials,
44 RemoteInteractive,
45 CachedInteractive,
46 CachedRemoteInteractive,
47 CachedUnlock,
48 }}
49 pub type PSECURITY_LOGON_TYPE = *mut SECURITY_LOGON_TYPE;
50 pub const SECURITY_ACCESS_INTERACTIVE_LOGON: ULONG = 0x00000001;
51 pub const SECURITY_ACCESS_NETWORK_LOGON: ULONG = 0x00000002;
52 pub const SECURITY_ACCESS_BATCH_LOGON: ULONG = 0x00000004;
53 pub const SECURITY_ACCESS_SERVICE_LOGON: ULONG = 0x00000010;
54 pub const SECURITY_ACCESS_PROXY_LOGON: ULONG = 0x00000020;
55 pub const SECURITY_ACCESS_DENY_INTERACTIVE_LOGON: ULONG = 0x00000040;
56 pub const SECURITY_ACCESS_DENY_NETWORK_LOGON: ULONG = 0x00000080;
57 pub const SECURITY_ACCESS_DENY_BATCH_LOGON: ULONG = 0x00000100;
58 pub const SECURITY_ACCESS_DENY_SERVICE_LOGON: ULONG = 0x00000200;
59 pub const SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON: ULONG = 0x00000400;
60 pub const SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON: ULONG = 0x00000800;
61 ENUM!{enum SE_ADT_PARAMETER_TYPE {
62 SeAdtParmTypeNone = 0,
63 SeAdtParmTypeString,
64 SeAdtParmTypeFileSpec,
65 SeAdtParmTypeUlong,
66 SeAdtParmTypeSid,
67 SeAdtParmTypeLogonId,
68 SeAdtParmTypeNoLogonId,
69 SeAdtParmTypeAccessMask,
70 SeAdtParmTypePrivs,
71 SeAdtParmTypeObjectTypes,
72 SeAdtParmTypeHexUlong,
73 SeAdtParmTypePtr,
ParsedInternalKeyParsedInternalKey74 SeAdtParmTypeTime,
75 SeAdtParmTypeGuid,
76 SeAdtParmTypeLuid,
77 SeAdtParmTypeHexInt64,
78 SeAdtParmTypeStringList,
79 SeAdtParmTypeSidList,
80 SeAdtParmTypeDuration,
81 SeAdtParmTypeUserAccountControl,
82 SeAdtParmTypeNoUac,
83 SeAdtParmTypeMessage,
84 SeAdtParmTypeDateTime,
85 SeAdtParmTypeSockAddr,
86 SeAdtParmTypeSD,
87 SeAdtParmTypeLogonHours,
88 SeAdtParmTypeLogonIdNoSid,
89 SeAdtParmTypeUlongNoConv,
90 SeAdtParmTypeSockAddrNoPort,
91 SeAdtParmTypeAccessReason,
92 SeAdtParmTypeStagingReason,
93 SeAdtParmTypeResourceAttribute,
94 SeAdtParmTypeClaims,
95 SeAdtParmTypeLogonIdAsSid,
96 SeAdtParmTypeMultiSzString,
97 SeAdtParmTypeLogonIdEx,
98 }}
99 pub type PSE_ADT_PARAMETER_TYPE = *mut SE_ADT_PARAMETER_TYPE;
100 pub const SE_ADT_OBJECT_ONLY: USHORT = 0x1;
101 STRUCT!{struct SE_ADT_OBJECT_TYPE {
102 ObjectType: GUID,
103 Flags: USHORT,
104 Level: USHORT,
105 AccessMask: ACCESS_MASK,
106 }}
InternalKeyComparator(const Comparator * c)107 pub type PSE_ADT_OBJECT_TYPE = *mut SE_ADT_OBJECT_TYPE;
108 STRUCT!{struct SE_ADT_PARAMETER_ARRAY_ENTRY {
109 Type: SE_ADT_PARAMETER_TYPE,
110 Length: ULONG,
111 Data: [ULONG_PTR; 2],
112 Address: PVOID,
113 }}
user_comparator()114 pub type PSE_ADT_PARAMETER_ARRAY_ENTRY = *mut SE_ADT_PARAMETER_ARRAY_ENTRY;
115 STRUCT!{struct SE_ADT_ACCESS_REASON {
116 AccessMask: ACCESS_MASK,
117 AccessReasons: [ULONG; 32],
118 ObjectTypeIndex: ULONG,
119 AccessGranted: ULONG,
120 SecurityDescriptor: PSECURITY_DESCRIPTOR,
121 }}
122 pub type PSE_ADT_ACCESS_REASON = *mut SE_ADT_ACCESS_REASON;
123 STRUCT!{struct SE_ADT_CLAIMS {
124 Length: ULONG,
InternalFilterPolicy(const FilterPolicy * p)125 Claims: PCLAIMS_BLOB,
126 }}
127 pub type PSE_ADT_CLAIMS = *mut SE_ADT_CLAIMS;
128 pub const SE_MAX_AUDIT_PARAMETERS: SIZE_T = 32;
129 pub const SE_MAX_GENERIC_AUDIT_PARAMETERS: SIZE_T = 28;
130 STRUCT!{struct SE_ADT_PARAMETER_ARRAY {
131 CategoryId: ULONG,
132 AuditId: ULONG,
133 ParameterCount: ULONG,
134 Length: ULONG,
135 FlatSubCategoryId: USHORT,
136 Type: USHORT,
137 Flags: ULONG,
138 Parameters: [SE_ADT_PARAMETER_ARRAY_ENTRY; SE_MAX_AUDIT_PARAMETERS],
InternalKey()139 }}
140 pub type PSE_ADT_PARAMETER_ARRAY = *mut SE_ADT_PARAMETER_ARRAY;
141 STRUCT!{struct SE_ADT_PARAMETER_ARRAY_EX {
142 CategoryId: ULONG,
143 AuditId: ULONG,
DecodeFrom(const Slice & s)144 Version: ULONG,
145 ParameterCount: ULONG,
146 Length: ULONG,
147 FlatSubCategoryId: USHORT,
148 Type: USHORT,
149 Flags: ULONG,
150 Parameters: [SE_ADT_PARAMETER_ARRAY_ENTRY; SE_MAX_AUDIT_PARAMETERS],
151 }}
152 pub type PSE_ADT_PARAMETER_ARRAY_EX = *mut SE_ADT_PARAMETER_ARRAY_EX;
153 pub const SE_ADT_PARAMETERS_SELF_RELATIVE: ULONG = 0x00000001;
user_key()154 pub const SE_ADT_PARAMETERS_SEND_TO_LSA: ULONG = 0x00000002;
155 pub const SE_ADT_PARAMETER_EXTENSIBLE_AUDIT: ULONG = 0x00000004;
SetFrom(const ParsedInternalKey & p)156 pub const SE_ADT_PARAMETER_GENERIC_AUDIT: ULONG = 0x00000008;
157 pub const SE_ADT_PARAMETER_WRITE_SYNCHRONOUS: ULONG = 0x00000010;
158 #[cfg(target_pointer_width = "32")]
159 #[inline]
160 pub fn LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(
Clear()161 AuditParameters: SE_ADT_PARAMETER_ARRAY,
162 ) -> SIZE_T {
163 664 // FIXME: sizeof::<SE_ADT_PARAMETER_ARRAY>()
164 - (20 // FIXME: sizeof::<SE_ADT_PARAMETER_ARRAY_ENTRY>()
165 * (SE_MAX_AUDIT_PARAMETERS - AuditParameters.ParameterCount as SIZE_T))
166 }
167 #[cfg(target_pointer_width = "64")]
168 #[inline]
169 pub fn LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(
170 AuditParameters: SE_ADT_PARAMETER_ARRAY,
ParseInternalKey(const Slice & internal_key,ParsedInternalKey * result)171 ) -> SIZE_T {
172 1048 // FIXME: sizeof::<SE_ADT_PARAMETER_ARRAY>()
173 - (32 // FIXME: sizeof::<SE_ADT_PARAMETER_ARRAY_ENTRY>()
174 * (SE_MAX_AUDIT_PARAMETERS - AuditParameters.ParameterCount as SIZE_T))
175 }
176 STRUCT!{struct LSA_ADT_STRING_LIST_ENTRY {
177 Flags: ULONG,
178 String: UNICODE_STRING,
179 }}
180 pub type PLSA_ADT_STRING_LIST_ENTRY = *mut LSA_ADT_STRING_LIST_ENTRY;
181 STRUCT!{struct LSA_ADT_STRING_LIST {
182 cStrings: ULONG,
183 String: PLSA_ADT_STRING_LIST_ENTRY,
184 }}
185 pub type PLSA_ADT_STRING_LIST = *mut LSA_ADT_STRING_LIST;
186 STRUCT!{struct LSA_ADT_SID_LIST_ENTRY {
187 Flags: ULONG,
188 Sid: PSID,
189 }}
190 pub type PLSA_ADT_SID_LIST_ENTRY = *mut LSA_ADT_SID_LIST_ENTRY;
191 STRUCT!{struct LSA_ADT_SID_LIST {
192 cSids: ULONG,
193 Sid: PLSA_ADT_SID_LIST_ENTRY,
194 }}
195 pub type PLSA_ADT_SID_LIST = *mut LSA_ADT_SID_LIST;
memtable_key()196 pub const LSA_ADT_SECURITY_SOURCE_NAME: &'static str = "Microsoft-Windows-Security-Auditing";
197 pub const LSA_ADT_LEGACY_SECURITY_SOURCE_NAME: &'static str = "Security";
198 pub const SE_ADT_POLICY_AUDIT_EVENT_TYPE_EX_BEGIN: ULONG = 100;
internal_key()199 ENUM!{enum POLICY_AUDIT_EVENT_TYPE_EX {
200 iSystem_SecurityStateChange = SE_ADT_POLICY_AUDIT_EVENT_TYPE_EX_BEGIN,
201 iSystem_SecuritySubsystemExtension,
202 iSystem_Integrity,
203 iSystem_IPSecDriverEvents,
204 iSystem_Others,
205 iLogon_Logon,
206 iLogon_Logoff,
207 iLogon_AccountLockout,
208 iLogon_IPSecMainMode,
209 iLogon_SpecialLogon,
210 iLogon_IPSecQuickMode,
211 iLogon_IPSecUsermode,
212 iLogon_Others,
213 iLogon_NPS,
214 iLogon_Claims,
215 iLogon_Groups,
216 iObjectAccess_FileSystem,
217 iObjectAccess_Registry,
218 iObjectAccess_Kernel,
219 iObjectAccess_Sam,
220 iObjectAccess_Other,
221 iObjectAccess_CertificationAuthority,
222 iObjectAccess_ApplicationGenerated,
223 iObjectAccess_HandleBasedAudits,
224 iObjectAccess_Share,
225 iObjectAccess_FirewallPacketDrops,
226 iObjectAccess_FirewallConnection,
227 iObjectAccess_DetailedFileShare,
228 iObjectAccess_RemovableStorage,
229 iObjectAccess_CbacStaging,
230 iPrivilegeUse_Sensitive,
231 iPrivilegeUse_NonSensitive,
232 iPrivilegeUse_Others,
233 iDetailedTracking_ProcessCreation,
234 iDetailedTracking_ProcessTermination,
235 iDetailedTracking_DpapiActivity,
236 iDetailedTracking_RpcCall,
237 iDetailedTracking_PnpActivity,
238 iDetailedTracking_TokenRightAdjusted,
239 iPolicyChange_AuditPolicy,
240 iPolicyChange_AuthenticationPolicy,
241 iPolicyChange_AuthorizationPolicy,
242 iPolicyChange_MpsscvRulePolicy,
243 iPolicyChange_WfpIPSecPolicy,
244 iPolicyChange_Others,
245 iAccountManagement_UserAccount,
246 iAccountManagement_ComputerAccount,
247 iAccountManagement_SecurityGroup,
248 iAccountManagement_DistributionGroup,
249 iAccountManagement_ApplicationGroup,
250 iAccountManagement_Others,
251 iDSAccess_DSAccess,
252 iDSAccess_AdAuditChanges,
253 iDS_Replication,
254 iDS_DetailedReplication,
255 iAccountLogon_CredentialValidation,
256 iAccountLogon_Kerberos,
257 iAccountLogon_Others,
258 iAccountLogon_KerbCredentialValidation,
259 iUnknownSubCategory = 999,
260 }}
261 pub type PPOLICY_AUDIT_EVENT_TYPE_EX = *mut POLICY_AUDIT_EVENT_TYPE_EX;
262 ENUM!{enum POLICY_AUDIT_EVENT_TYPE {
263 AuditCategorySystem = 0,
264 AuditCategoryLogon,
265 AuditCategoryObjectAccess,
266 AuditCategoryPrivilegeUse,
267 AuditCategoryDetailedTracking,
268 AuditCategoryPolicyChange,
269 AuditCategoryAccountManagement,
270 AuditCategoryDirectoryServiceAccess,
271 AuditCategoryAccountLogon,
272 }}
273 pub type PPOLICY_AUDIT_EVENT_TYPE = *mut POLICY_AUDIT_EVENT_TYPE;
274 pub const POLICY_AUDIT_EVENT_UNCHANGED: ULONG = 0x00000000;
275 pub const POLICY_AUDIT_EVENT_SUCCESS: ULONG = 0x00000001;
276 pub const POLICY_AUDIT_EVENT_FAILURE: ULONG = 0x00000002;
277 pub const POLICY_AUDIT_EVENT_NONE: ULONG = 0x00000004;
278 pub const POLICY_AUDIT_EVENT_MASK: ULONG = POLICY_AUDIT_EVENT_SUCCESS | POLICY_AUDIT_EVENT_FAILURE
279 | POLICY_AUDIT_EVENT_UNCHANGED | POLICY_AUDIT_EVENT_NONE;
280 #[inline]
281 pub fn LSA_SUCCESS(Error: NTSTATUS) -> bool {
282 (Error as LONG) >= 0
283 }
284 extern "system" {
285 pub fn LsaRegisterLogonProcess(
286 LogonProcessName: PLSA_STRING,
287 LsaHandle: PHANDLE,
288 SecurityMode: PLSA_OPERATIONAL_MODE,
289 ) -> NTSTATUS;
290 pub fn LsaLogonUser(
291 LsaHandle: HANDLE,
292 OriginName: PLSA_STRING,
293 LogonType: SECURITY_LOGON_TYPE,
294 AuthenticationPackage: ULONG,
295 AuthenticationInformation: PVOID,
296 AuthenticationInformationLength: ULONG,
297 LocalGroups: PTOKEN_GROUPS,
298 SourceContext: PTOKEN_SOURCE,
299 ProfileBuffer: *mut PVOID,
300 ProfileBufferLength: PULONG,
301 LogonId: PLUID,
302 Token: PHANDLE,
303 Quotas: PQUOTA_LIMITS,
304 SubStatus: PNTSTATUS,
305 ) -> NTSTATUS;
306 pub fn LsaLookupAuthenticationPackage(
307 LsaHandle: HANDLE,
308 PackageName: PLSA_STRING,
309 AuthenticationPackage: PULONG,
310 ) -> NTSTATUS;
311 pub fn LsaFreeReturnBuffer(
312 Buffer: PVOID,
313 ) -> NTSTATUS;
314 pub fn LsaCallAuthenticationPackage(
315 LsaHandle: HANDLE,
316 AuthenticationPackage: ULONG,
317 ProtocolSubmitBuffer: PVOID,
318 SubmitBufferLength: ULONG,
319 ProtocolReturnBuffer: *mut PVOID,
320 ReturnBufferLength: PULONG,
321 ProtocolStatus: PNTSTATUS,
322 ) -> NTSTATUS;
323 pub fn LsaDeregisterLogonProcess(
324 LsaHandle: HANDLE,
325 ) -> NTSTATUS;
326 pub fn LsaConnectUntrusted(
327 LsaHandle: PHANDLE,
328 ) -> NTSTATUS;
329 }
330 extern "C" {
331 pub fn LsaInsertProtectedProcessAddress(
332 BufferAddress: PVOID,
333 BufferSize: ULONG,
334 ) -> NTSTATUS;
335 pub fn LsaRemoveProtectedProcessAddress(
336 BufferAddress: PVOID,
337 BufferSize: ULONG,
338 ) -> NTSTATUS;
339 }
340 FN!{stdcall PFN_LSA_CALL_AUTH_PKG(
341 LsaHandle: HANDLE,
342 AuthenticationPackage: ULONG,
343 ProtocolSubmitBuffer: PVOID,
344 SubmitBufferLength: ULONG,
345 ProtocolReturnBuffer: *mut PVOID,
346 ReturnBufferLength: PULONG,
347 ProtocolStatus: PNTSTATUS,
348 ) -> NTSTATUS}
349 FN!{stdcall PFN_LSA_DEREGISTER_PROC(
350 LsaHandle: HANDLE,
351 ) -> NTSTATUS}
352 FN!{stdcall PFN_LSA_FREE_BUFFER(
353 Buffer: PVOID,
354 ) -> NTSTATUS}
355 FN!{stdcall PFN_LSA_LOGON_USER(
356 LsaHandle: HANDLE,
357 OriginName: PLSA_STRING,
358 LogonType: SECURITY_LOGON_TYPE,
359 AuthenticationPackage: ULONG,
360 AuthenticationInformation: PVOID,
361 AuthenticationInformationLength: ULONG,
362 LocalGroups: PTOKEN_GROUPS,
363 SourceContext: PTOKEN_SOURCE,
364 ProfileBuffer: *mut PVOID,
365 ProfileBufferLength: PULONG,
366 LogonId: PLUID,
367 Token: PHANDLE,
368 Quotas: PQUOTA_LIMITS,
369 SubStatus: PNTSTATUS,
370 ) -> NTSTATUS}
371 FN!{stdcall PFN_LOOKUP_AUTH_PKG(
372 LsaHandle: HANDLE,
373 PackageName: PLSA_STRING,
374 AuthenticationPackage: PULONG,
375 ) -> NTSTATUS}
376 FN!{stdcall PFN_LSA_REGISTER_PROC(
377 LogonProcessName: PLSA_STRING,
378 LsaHandle: PHANDLE,
379 SecurityMode: PLSA_OPERATIONAL_MODE,
380 ) -> NTSTATUS}
381 STRUCT!{struct LSA_AUTH_CALLBACKS {
382 LsaCallAuthPkgFn: PFN_LSA_CALL_AUTH_PKG,
383 LsaDeregisterProcFn: PFN_LSA_DEREGISTER_PROC,
384 LsaFreeReturnBufferFn: PFN_LSA_FREE_BUFFER,
385 LsaLogonUserFn: PFN_LSA_LOGON_USER,
386 LsaLookupAuthPkgFn: PFN_LOOKUP_AUTH_PKG,
387 LsaRegisterProcFn: PFN_LSA_REGISTER_PROC,
388 }}
389 pub type PLSA_AUTH_CALLBACKS = *mut LSA_AUTH_CALLBACKS;
390 pub type PCLSA_AUTH_CALLBACKS = *const LSA_AUTH_CALLBACKS;
391 pub type PLSA_CLIENT_REQUEST = *mut PVOID;
392 ENUM!{enum LSA_TOKEN_INFORMATION_TYPE {
393 LsaTokenInformationNull,
394 LsaTokenInformationV1,
395 LsaTokenInformationV2,
396 LsaTokenInformationV3,
397 }}
398 pub type PLSA_TOKEN_INFORMATION_TYPE = *mut LSA_TOKEN_INFORMATION_TYPE;
399 STRUCT!{struct LSA_TOKEN_INFORMATION_NULL {
400 ExpirationTime: LARGE_INTEGER,
401 Groups: PTOKEN_GROUPS,
402 }}
403 pub type PLSA_TOKEN_INFORMATION_NULL = *mut LSA_TOKEN_INFORMATION_NULL;
404 STRUCT!{struct LSA_TOKEN_INFORMATION_V1 {
405 ExpirationTime: LARGE_INTEGER,
406 User: TOKEN_USER,
407 Groups: PTOKEN_GROUPS,
408 PrimaryGroup: TOKEN_PRIMARY_GROUP,
409 Privileges: PTOKEN_PRIVILEGES,
410 Owner: TOKEN_OWNER,
411 DefaultDacl: TOKEN_DEFAULT_DACL,
412 }}
413 pub type PLSA_TOKEN_INFORMATION_V1 = *mut LSA_TOKEN_INFORMATION_V1;
414 pub type LSA_TOKEN_INFORMATION_V2 = LSA_TOKEN_INFORMATION_V1;
415 pub type PLSA_TOKEN_INFORMATION_V2 = *mut LSA_TOKEN_INFORMATION_V2;
416 STRUCT!{struct LSA_TOKEN_INFORMATION_V3 {
417 ExpirationTime: LARGE_INTEGER,
418 User: TOKEN_USER,
419 Groups: PTOKEN_GROUPS,
420 PrimaryGroup: TOKEN_PRIMARY_GROUP,
421 Privileges: PTOKEN_PRIVILEGES,
422 Owner: TOKEN_OWNER,
423 DefaultDacl: TOKEN_DEFAULT_DACL,
424 UserClaims: TOKEN_USER_CLAIMS,
425 DeviceClaims: TOKEN_DEVICE_CLAIMS,
426 DeviceGroups: PTOKEN_GROUPS,
427 }}
428 pub type PLSA_TOKEN_INFORMATION_V3 = *mut LSA_TOKEN_INFORMATION_V3;
429 FN!{stdcall PLSA_CREATE_LOGON_SESSION(
430 LogonId: PLUID,
431 ) -> NTSTATUS}
432 FN!{stdcall PLSA_DELETE_LOGON_SESSION(
433 LogonId: PLUID,
434 ) -> NTSTATUS}
435 FN!{stdcall PLSA_ADD_CREDENTIAL(
436 LogonId: PLUID,
437 AuthenticationPackage: ULONG,
438 PrimaryKeyValue: PLSA_STRING,
439 Credentials: PLSA_STRING,
440 ) -> NTSTATUS}
441 FN!{stdcall PLSA_GET_CREDENTIALS(
442 LogonId: PLUID,
443 AuthenticationPackage: ULONG,
444 QueryContext: PULONG,
445 RetrieveAllCredentials: BOOLEAN,
446 PrimaryKeyValue: PLSA_STRING,
447 PrimaryKeyLength: PULONG,
448 Credentials: PLSA_STRING,
449 ) -> NTSTATUS}
450 FN!{stdcall PLSA_DELETE_CREDENTIAL(
451 LogonId: PLUID,
452 AuthenticationPackage: ULONG,
453 PrimaryKeyValue: PLSA_STRING,
454 ) -> NTSTATUS}
455 FN!{stdcall PLSA_ALLOCATE_LSA_HEAP(
456 Length: ULONG,
457 ) -> PVOID}
458 FN!{stdcall PLSA_FREE_LSA_HEAP(
459 Base: PVOID,
460 ) -> ()}
461 FN!{stdcall PLSA_ALLOCATE_PRIVATE_HEAP(
462 Length: SIZE_T,
463 ) -> PVOID}
464 FN!{stdcall PLSA_FREE_PRIVATE_HEAP(
465 Base: PVOID,
466 ) -> ()}
467 FN!{stdcall PLSA_ALLOCATE_CLIENT_BUFFER(
468 ClientRequest: PLSA_CLIENT_REQUEST,
469 LengthRequired: ULONG,
470 ClientBaseAddress: *mut PVOID,
471 ) -> NTSTATUS}
472 FN!{stdcall PLSA_FREE_CLIENT_BUFFER(
473 ClientRequest: PLSA_CLIENT_REQUEST,
474 ClientBaseAddress: PVOID,
475 ) -> NTSTATUS}
476 FN!{stdcall PLSA_COPY_TO_CLIENT_BUFFER(
477 ClientRequest: PLSA_CLIENT_REQUEST,
478 Length: ULONG,
479 ClientBaseAddress: PVOID,
480 BufferToCopy: PVOID,
481 ) -> NTSTATUS}
482 FN!{stdcall PLSA_COPY_FROM_CLIENT_BUFFER(
483 ClientRequest: PLSA_CLIENT_REQUEST,
484 Length: ULONG,
485 BufferToCopy: PVOID,
486 ClientBaseAddress: PVOID,
487 ) -> NTSTATUS}
488 STRUCT!{struct LSA_DISPATCH_TABLE {
489 CreateLogonSession: PLSA_CREATE_LOGON_SESSION,
490 DeleteLogonSession: PLSA_DELETE_LOGON_SESSION,
491 AddCredential: PLSA_ADD_CREDENTIAL,
492 GetCredentials: PLSA_GET_CREDENTIALS,
493 DeleteCredential: PLSA_DELETE_CREDENTIAL,
494 AllocateLsaHeap: PLSA_ALLOCATE_LSA_HEAP,
495 FreeLsaHeap: PLSA_FREE_LSA_HEAP,
496 AllocateClientBuffer: PLSA_ALLOCATE_CLIENT_BUFFER,
497 FreeClientBuffer: PLSA_FREE_CLIENT_BUFFER,
498 CopyToClientBuffer: PLSA_COPY_TO_CLIENT_BUFFER,
499 CopyFromClientBuffer: PLSA_COPY_FROM_CLIENT_BUFFER,
500 }}
501 pub type PLSA_DISPATCH_TABLE = *mut LSA_DISPATCH_TABLE;
502 pub const LSA_AP_NAME_INITIALIZE_PACKAGE: &'static str = "LsaApInitializePackage";
503 pub const LSA_AP_NAME_LOGON_USER: &'static str = "LsaApLogonUser";
504 pub const LSA_AP_NAME_LOGON_USER_EX: &'static str = "LsaApLogonUserEx";
505 pub const LSA_AP_NAME_CALL_PACKAGE: &'static str = "LsaApCallPackage";
506 pub const LSA_AP_NAME_LOGON_TERMINATED: &'static str = "LsaApLogonTerminated";
507 pub const LSA_AP_NAME_CALL_PACKAGE_UNTRUSTED: &'static str = "LsaApCallPackageUntrusted";
508 pub const LSA_AP_NAME_CALL_PACKAGE_PASSTHROUGH: &'static str = "LsaApCallPackagePassthrough";
509 FN!{stdcall PLSA_AP_INITIALIZE_PACKAGE(
510 AuthenticationPackageId: ULONG,
511 LsaDispatchTable: PLSA_DISPATCH_TABLE,
512 Database: PLSA_STRING,
513 Confidentiality: PLSA_STRING,
514 AuthenticationPackageName: *mut PLSA_STRING,
515 ) -> NTSTATUS}
516 FN!{stdcall PLSA_AP_LOGON_USER(
517 ClientRequest: PLSA_CLIENT_REQUEST,
518 LogonType: SECURITY_LOGON_TYPE,
519 AuthenticationInformation: PVOID,
520 ClientAuthentication: PVOID,
521 AuthenticationInformationLength: ULONG,
522 ProfileBuffer: *mut PVOID,
523 ProfileBufferLength: PULONG,
524 LogonId: PLUID,
525 SubStatus: PNTSTATUS,
526 TokenInformationType: PLSA_TOKEN_INFORMATION_TYPE,
527 TokenInformation: *mut PVOID,
528 AccountName: *mut PLSA_UNICODE_STRING,
529 AuthenticatingAutority: *mut PLSA_UNICODE_STRING,
530 ) -> NTSTATUS}
531 FN!{stdcall PLSA_AP_LOGON_USER_EX(
532 ClientRequest: PLSA_CLIENT_REQUEST,
533 LogonType: SECURITY_LOGON_TYPE,
534 AuthenticationInformation: PVOID,
535 ClientAuthentication: PVOID,
536 AuthenticationInformationLength: ULONG,
537 ProfileBuffer: *mut PVOID,
538 ProfileBufferLength: PULONG,
539 LogonId: PLUID,
540 SubStatus: PNTSTATUS,
541 TokenInformationType: PLSA_TOKEN_INFORMATION_TYPE,
542 TokenInformation: *mut PVOID,
543 AccountName: *mut PLSA_UNICODE_STRING,
544 AuthenticatingAutority: *mut PLSA_UNICODE_STRING,
545 MachineName: *mut PUNICODE_STRING,
546 ) -> NTSTATUS}
547 FN!{stdcall PLSA_AP_CALL_PACKAGE(
548 ClientRequest: PLSA_CLIENT_REQUEST,
549 ProtocolSubmitBuffer: PVOID,
550 ClientBufferBase: PVOID,
551 SubmitBufferLength: ULONG,
552 ProtocolReturnBuffer: *mut PVOID,
553 ReturnBufferLength: PULONG,
554 ProtocolStatus: PNTSTATUS,
555 ) -> NTSTATUS}
556 FN!{stdcall PLSA_AP_CALL_PACKAGE_PASSTHROUGH(
557 ClientRequest: PLSA_CLIENT_REQUEST,
558 ProtocolSubmitBuffer: PVOID,
559 ClientBufferBase: PVOID,
560 SubmitBufferLength: ULONG,
561 ProtocolReturnBuffer: *mut PVOID,
562 ReturnBufferLength: PULONG,
563 ProtocolStatus: PNTSTATUS,
564 ) -> NTSTATUS}
565 FN!{stdcall PLSA_AP_LOGON_TERMINATED(
566 LogonId: PLUID,
567 ) -> ()}
568 pub const POLICY_VIEW_LOCAL_INFORMATION: ULONG = 0x00000001;
569 pub const POLICY_VIEW_AUDIT_INFORMATION: ULONG = 0x00000002;
570 pub const POLICY_GET_PRIVATE_INFORMATION: ULONG = 0x00000004;
571 pub const POLICY_TRUST_ADMIN: ULONG = 0x00000008;
572 pub const POLICY_CREATE_ACCOUNT: ULONG = 0x00000010;
573 pub const POLICY_CREATE_SECRET: ULONG = 0x00000020;
574 pub const POLICY_CREATE_PRIVILEGE: ULONG = 0x00000040;
575 pub const POLICY_SET_DEFAULT_QUOTA_LIMITS: ULONG = 0x00000080;
576 pub const POLICY_SET_AUDIT_REQUIREMENTS: ULONG = 0x00000100;
577 pub const POLICY_AUDIT_LOG_ADMIN: ULONG = 0x00000200;
578 pub const POLICY_SERVER_ADMIN: ULONG = 0x00000400;
579 pub const POLICY_LOOKUP_NAMES: ULONG = 0x00000800;
580 pub const POLICY_NOTIFICATION: ULONG = 0x00001000;
581 pub const POLICY_ALL_ACCESS: ULONG = STANDARD_RIGHTS_REQUIRED | POLICY_VIEW_LOCAL_INFORMATION
582 | POLICY_VIEW_AUDIT_INFORMATION | POLICY_GET_PRIVATE_INFORMATION | POLICY_TRUST_ADMIN
583 | POLICY_CREATE_ACCOUNT | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE
584 | POLICY_SET_DEFAULT_QUOTA_LIMITS | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN
585 | POLICY_SERVER_ADMIN | POLICY_LOOKUP_NAMES;
586 pub const POLICY_READ: ULONG = STANDARD_RIGHTS_READ | POLICY_VIEW_AUDIT_INFORMATION
587 | POLICY_GET_PRIVATE_INFORMATION;
588 pub const POLICY_WRITE: ULONG = STANDARD_RIGHTS_WRITE | POLICY_TRUST_ADMIN | POLICY_CREATE_ACCOUNT
589 | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE | POLICY_SET_DEFAULT_QUOTA_LIMITS
590 | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN | POLICY_SERVER_ADMIN;
591 pub const POLICY_EXECUTE: ULONG = STANDARD_RIGHTS_EXECUTE | POLICY_VIEW_LOCAL_INFORMATION
592 | POLICY_LOOKUP_NAMES;
593 STRUCT!{struct LSA_TRANSLATED_SID {
594 Use: SID_NAME_USE,
595 RelativeId: ULONG,
596 DomainIndex: LONG,
597 }}
598 pub type PLSA_TRANSLATED_SID = *mut LSA_TRANSLATED_SID;
599 pub type POLICY_SYSTEM_ACCESS_MODE = ULONG;
600 pub type PPOLICY_SYSTEM_ACCESS_MODE = *mut POLICY_SYSTEM_ACCESS_MODE;
601 pub const POLICY_MODE_INTERACTIVE: ULONG = SECURITY_ACCESS_INTERACTIVE_LOGON;
602 pub const POLICY_MODE_NETWORK: ULONG = SECURITY_ACCESS_NETWORK_LOGON;
603 pub const POLICY_MODE_BATCH: ULONG = SECURITY_ACCESS_BATCH_LOGON;
604 pub const POLICY_MODE_SERVICE: ULONG = SECURITY_ACCESS_SERVICE_LOGON;
605 pub const POLICY_MODE_PROXY: ULONG = SECURITY_ACCESS_PROXY_LOGON;
606 pub const POLICY_MODE_DENY_INTERACTIVE: ULONG = SECURITY_ACCESS_DENY_INTERACTIVE_LOGON;
607 pub const POLICY_MODE_DENY_NETWORK: ULONG = SECURITY_ACCESS_DENY_NETWORK_LOGON;
608 pub const POLICY_MODE_DENY_BATCH: ULONG = SECURITY_ACCESS_DENY_BATCH_LOGON;
609 pub const POLICY_MODE_DENY_SERVICE: ULONG = SECURITY_ACCESS_DENY_SERVICE_LOGON;
610 pub const POLICY_MODE_REMOTE_INTERACTIVE: ULONG = SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON;
611 pub const POLICY_MODE_DENY_REMOTE_INTERACTIVE: ULONG =
612 SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON;
613 pub const POLICY_MODE_ALL: ULONG = POLICY_MODE_INTERACTIVE | POLICY_MODE_NETWORK
614 | POLICY_MODE_BATCH | POLICY_MODE_SERVICE | POLICY_MODE_PROXY | POLICY_MODE_DENY_INTERACTIVE
615 | POLICY_MODE_DENY_NETWORK | SECURITY_ACCESS_DENY_BATCH_LOGON
616 | SECURITY_ACCESS_DENY_SERVICE_LOGON | POLICY_MODE_REMOTE_INTERACTIVE
617 | POLICY_MODE_DENY_REMOTE_INTERACTIVE ;
618 pub const POLICY_MODE_ALL_NT4: ULONG = POLICY_MODE_INTERACTIVE | POLICY_MODE_NETWORK
619 | POLICY_MODE_BATCH | POLICY_MODE_SERVICE;
620 ENUM!{enum POLICY_LSA_SERVER_ROLE {
621 PolicyServerRoleBackup = 2,
622 PolicyServerRolePrimary,
623 }}
624 pub type PPOLICY_LSA_SERVER_ROLE = *mut POLICY_LSA_SERVER_ROLE;
625 ENUM!{enum POLICY_SERVER_ENABLE_STATE {
626 PolicyServerEnabled = 2,
627 PolicyServerDisabled,
628 }}
629 pub type PPOLICY_SERVER_ENABLE_STATE = *mut POLICY_SERVER_ENABLE_STATE;
630 pub type POLICY_AUDIT_EVENT_OPTIONS = ULONG;
631 pub type PPOLICY_AUDIT_EVENT_OPTIONS = *mut POLICY_AUDIT_EVENT_OPTIONS;
632 STRUCT!{struct POLICY_PRIVILEGE_DEFINITION {
633 Name: LSA_UNICODE_STRING,
634 LocalValue: LUID,
635 }}
636 pub type PPOLICY_PRIVILEGE_DEFINITION = *mut POLICY_PRIVILEGE_DEFINITION;
637 pub const LSA_LOOKUP_ISOLATED_AS_LOCAL: ULONG = 0x80000000;
638 pub const LSA_LOOKUP_DISALLOW_CONNECTED_ACCOUNT_INTERNET_SID: ULONG = 0x80000000;
639 pub const LSA_LOOKUP_PREFER_INTERNET_NAMES: ULONG = 0x40000000;
640 ENUM!{enum POLICY_INFORMATION_CLASS {
641 PolicyAuditLogInformation = 1,
642 PolicyAuditEventsInformation,
643 PolicyPrimaryDomainInformation,
644 PolicyPdAccountInformation,
645 PolicyAccountDomainInformation,
646 PolicyLsaServerRoleInformation,
647 PolicyReplicaSourceInformation,
648 PolicyDefaultQuotaInformation,
649 PolicyModificationInformation,
650 PolicyAuditFullSetInformation,
651 PolicyAuditFullQueryInformation,
652 PolicyDnsDomainInformation,
653 PolicyDnsDomainInformationInt,
654 PolicyLocalAccountDomainInformation,
655 PolicyLastEntry,
656 }}
657 pub type PPOLICY_INFORMATION_CLASS = *mut POLICY_INFORMATION_CLASS;
658 STRUCT!{struct POLICY_AUDIT_LOG_INFO {
659 AuditLogPercentFull: ULONG,
660 MaximumLogSize: ULONG,
661 AuditRetentionPeriod: LARGE_INTEGER,
662 AuditLogFullShutdownInProgress: BOOLEAN,
663 TimeToShutdown: LARGE_INTEGER,
664 NextAuditRecordId: ULONG,
665 }}
666 pub type PPOLICY_AUDIT_LOG_INFO = *mut POLICY_AUDIT_LOG_INFO;
667 STRUCT!{struct POLICY_AUDIT_EVENTS_INFO {
668 AuditingMode: BOOLEAN,
669 EventAuditingOptions: PPOLICY_AUDIT_EVENT_OPTIONS,
670 MaximumAuditEventCount: ULONG,
671 }}
672 pub type PPOLICY_AUDIT_EVENTS_INFO = *mut POLICY_AUDIT_EVENTS_INFO;
673 STRUCT!{struct POLICY_AUDIT_SUBCATEGORIES_INFO {
674 MaximumSubCategoryCount: ULONG,
675 EventAuditingOptions: PPOLICY_AUDIT_EVENT_OPTIONS,
676 }}
677 pub type PPOLICY_AUDIT_SUBCATEGORIES_INFO = *mut POLICY_AUDIT_SUBCATEGORIES_INFO;
678 STRUCT!{struct POLICY_AUDIT_CATEGORIES_INFO {
679 MaximumCategoryCount: ULONG,
680 SubCategoriesInfo: PPOLICY_AUDIT_SUBCATEGORIES_INFO,
681 }}
682 pub type PPOLICY_AUDIT_CATEGORIES_INFO = *mut POLICY_AUDIT_CATEGORIES_INFO;
683 pub const PER_USER_POLICY_UNCHANGED: UCHAR = 0x00;
684 pub const PER_USER_AUDIT_SUCCESS_INCLUDE: UCHAR = 0x01;
685 pub const PER_USER_AUDIT_SUCCESS_EXCLUDE: UCHAR = 0x02;
686 pub const PER_USER_AUDIT_FAILURE_INCLUDE: UCHAR = 0x04;
687 pub const PER_USER_AUDIT_FAILURE_EXCLUDE: UCHAR = 0x08;
688 pub const PER_USER_AUDIT_NONE: UCHAR = 0x10;
689 pub const VALID_PER_USER_AUDIT_POLICY_FLAG: UCHAR = PER_USER_AUDIT_SUCCESS_INCLUDE
690 | PER_USER_AUDIT_SUCCESS_EXCLUDE | PER_USER_AUDIT_FAILURE_INCLUDE
691 | PER_USER_AUDIT_FAILURE_EXCLUDE | PER_USER_AUDIT_NONE;
692 STRUCT!{struct POLICY_PRIMARY_DOMAIN_INFO {
693 Name: LSA_UNICODE_STRING,
694 Sid: PSID,
695 }}
696 pub type PPOLICY_PRIMARY_DOMAIN_INFO = *mut POLICY_PRIMARY_DOMAIN_INFO;
697 STRUCT!{struct POLICY_PD_ACCOUNT_INFO {
698 Name: LSA_UNICODE_STRING,
699 }}
700 pub type PPOLICY_PD_ACCOUNT_INFO = *mut POLICY_PD_ACCOUNT_INFO;
701 STRUCT!{struct POLICY_LSA_SERVER_ROLE_INFO {
702 LsaServerRole: POLICY_LSA_SERVER_ROLE,
703 }}
704 pub type PPOLICY_LSA_SERVER_ROLE_INFO = *mut POLICY_LSA_SERVER_ROLE_INFO;
705 STRUCT!{struct POLICY_REPLICA_SOURCE_INFO {
706 ReplicaSource: LSA_UNICODE_STRING,
707 ReplicaAccountName: LSA_UNICODE_STRING,
708 }}
709 pub type PPOLICY_REPLICA_SOURCE_INFO = *mut POLICY_REPLICA_SOURCE_INFO;
710 STRUCT!{struct POLICY_DEFAULT_QUOTA_INFO {
711 QuotaLimits: QUOTA_LIMITS,
712 }}
713 pub type PPOLICY_DEFAULT_QUOTA_INFO = *mut POLICY_DEFAULT_QUOTA_INFO;
714 STRUCT!{struct POLICY_MODIFICATION_INFO {
715 ModifiedId: LARGE_INTEGER,
716 DatabaseCreationTime: LARGE_INTEGER,
717 }}
718 pub type PPOLICY_MODIFICATION_INFO = *mut POLICY_MODIFICATION_INFO;
719 STRUCT!{struct POLICY_AUDIT_FULL_SET_INFO {
720 ShutDownOnFull: BOOLEAN,
721 }}
722 pub type PPOLICY_AUDIT_FULL_SET_INFO = *mut POLICY_AUDIT_FULL_SET_INFO;
723 STRUCT!{struct POLICY_AUDIT_FULL_QUERY_INFO {
724 ShutDownOnFull: BOOLEAN,
725 LogIsFull: BOOLEAN,
726 }}
727 pub type PPOLICY_AUDIT_FULL_QUERY_INFO = *mut POLICY_AUDIT_FULL_QUERY_INFO;
728 ENUM!{enum POLICY_DOMAIN_INFORMATION_CLASS {
729 PolicyDomainEfsInformation = 2,
730 PolicyDomainKerberosTicketInformation,
731 }}
732 pub type PPOLICY_DOMAIN_INFORMATION_CLASS = *mut POLICY_DOMAIN_INFORMATION_CLASS;
733 pub const POLICY_QOS_SCHANNEL_REQUIRED: ULONG = 0x00000001;
734 pub const POLICY_QOS_OUTBOUND_INTEGRITY: ULONG = 0x00000002;
735 pub const POLICY_QOS_OUTBOUND_CONFIDENTIALITY: ULONG = 0x00000004;
736 pub const POLICY_QOS_INBOUND_INTEGRITY: ULONG = 0x00000008;
737 pub const POLICY_QOS_INBOUND_CONFIDENTIALITY: ULONG = 0x00000010;
738 pub const POLICY_QOS_ALLOW_LOCAL_ROOT_CERT_STORE: ULONG = 0x00000020;
739 pub const POLICY_QOS_RAS_SERVER_ALLOWED: ULONG = 0x00000040;
740 pub const POLICY_QOS_DHCP_SERVER_ALLOWED: ULONG = 0x00000080;
741 STRUCT!{struct POLICY_DOMAIN_EFS_INFO {
742 InfoLength: ULONG,
743 EfsBlob: PUCHAR,
744 }}
745 pub type PPOLICY_DOMAIN_EFS_INFO = *mut POLICY_DOMAIN_EFS_INFO;
746 pub const POLICY_KERBEROS_VALIDATE_CLIENT: ULONG = 0x00000080;
747 STRUCT!{struct POLICY_DOMAIN_KERBEROS_TICKET_INFO {
748 AuthenticationOptions: ULONG,
749 MaxServiceTicketAge: LARGE_INTEGER,
750 MaxTicketAge: LARGE_INTEGER,
751 MaxRenewAge: LARGE_INTEGER,
752 MaxClockSkew: LARGE_INTEGER,
753 Reserved: LARGE_INTEGER,
754 }}
755 pub type PPOLICY_DOMAIN_KERBEROS_TICKET_INFO = *mut POLICY_DOMAIN_KERBEROS_TICKET_INFO;
756 ENUM!{enum POLICY_NOTIFICATION_INFORMATION_CLASS {
757 PolicyNotifyAuditEventsInformation = 1,
758 PolicyNotifyAccountDomainInformation,
759 PolicyNotifyServerRoleInformation,
760 PolicyNotifyDnsDomainInformation,
761 PolicyNotifyDomainEfsInformation,
762 PolicyNotifyDomainKerberosTicketInformation,
763 PolicyNotifyMachineAccountPasswordInformation,
764 PolicyNotifyGlobalSaclInformation,
765 PolicyNotifyMax,
766 }}
767 pub type PPOLICY_NOTIFICATION_INFORMATION_CLASS = *mut POLICY_NOTIFICATION_INFORMATION_CLASS;
768 pub const ACCOUNT_VIEW: ULONG = 0x00000001;
769 pub const ACCOUNT_ADJUST_PRIVILEGES: ULONG = 0x00000002;
770 pub const ACCOUNT_ADJUST_QUOTAS: ULONG = 0x00000004;
771 pub const ACCOUNT_ADJUST_SYSTEM_ACCESS: ULONG = 0x00000008;
772 pub const ACCOUNT_ALL_ACCESS: ULONG = STANDARD_RIGHTS_REQUIRED | ACCOUNT_VIEW
773 | ACCOUNT_ADJUST_PRIVILEGES | ACCOUNT_ADJUST_QUOTAS | ACCOUNT_ADJUST_SYSTEM_ACCESS;
774 pub const ACCOUNT_READ: ULONG = STANDARD_RIGHTS_READ | ACCOUNT_VIEW;
775 pub const ACCOUNT_WRITE: ULONG = STANDARD_RIGHTS_WRITE | ACCOUNT_ADJUST_PRIVILEGES
776 | ACCOUNT_ADJUST_QUOTAS | ACCOUNT_ADJUST_SYSTEM_ACCESS;
777 pub const ACCOUNT_EXECUTE: ULONG = STANDARD_RIGHTS_EXECUTE;
778 DECLARE_HANDLE!{LSA_HANDLE, __LSA_HANDLE}
779 pub const TRUSTED_QUERY_DOMAIN_NAME: ULONG = 0x00000001;
780 pub const TRUSTED_QUERY_CONTROLLERS: ULONG = 0x00000002;
781 pub const TRUSTED_SET_CONTROLLERS: ULONG = 0x00000004;
782 pub const TRUSTED_QUERY_POSIX: ULONG = 0x00000008;
783 pub const TRUSTED_SET_POSIX: ULONG = 0x00000010;
784 pub const TRUSTED_SET_AUTH: ULONG = 0x00000020;
785 pub const TRUSTED_QUERY_AUTH: ULONG = 0x00000040;
786 pub const TRUSTED_ALL_ACCESS: ULONG = STANDARD_RIGHTS_REQUIRED | TRUSTED_QUERY_DOMAIN_NAME
787 | TRUSTED_QUERY_CONTROLLERS | TRUSTED_SET_CONTROLLERS | TRUSTED_QUERY_POSIX | TRUSTED_SET_POSIX
788 | TRUSTED_SET_AUTH | TRUSTED_QUERY_AUTH;
789 pub const TRUSTED_READ: ULONG = STANDARD_RIGHTS_READ | TRUSTED_QUERY_DOMAIN_NAME;
790 pub const TRUSTED_WRITE: ULONG = STANDARD_RIGHTS_WRITE | TRUSTED_SET_CONTROLLERS
791 | TRUSTED_SET_POSIX | TRUSTED_SET_AUTH;
792 pub const TRUSTED_EXECUTE: ULONG = STANDARD_RIGHTS_EXECUTE | TRUSTED_QUERY_CONTROLLERS
793 | TRUSTED_QUERY_POSIX;
794 ENUM!{enum TRUSTED_INFORMATION_CLASS {
795 TrustedDomainNameInformation = 1,
796 TrustedControllersInformation,
797 TrustedPosixOffsetInformation,
798 TrustedPasswordInformation,
799 TrustedDomainInformationBasic,
800 TrustedDomainInformationEx,
801 TrustedDomainAuthInformation,
802 TrustedDomainFullInformation,
803 TrustedDomainAuthInformationInternal,
804 TrustedDomainFullInformationInternal,
805 TrustedDomainInformationEx2Internal,
806 TrustedDomainFullInformation2Internal,
807 TrustedDomainSupportedEncryptionTypes,
808 }}
809 pub type PTRUSTED_INFORMATION_CLASS = *mut TRUSTED_INFORMATION_CLASS;
810 STRUCT!{struct TRUSTED_DOMAIN_NAME_INFO {
811 Name: LSA_UNICODE_STRING,
812 }}
813 pub type PTRUSTED_DOMAIN_NAME_INFO = *mut TRUSTED_DOMAIN_NAME_INFO;
814 STRUCT!{struct TRUSTED_CONTROLLERS_INFO {
815 Entries: ULONG,
816 Names: PLSA_UNICODE_STRING,
817 }}
818 pub type PTRUSTED_CONTROLLERS_INFO = *mut TRUSTED_CONTROLLERS_INFO;
819 STRUCT!{struct TRUSTED_POSIX_OFFSET_INFO {
820 Offset: ULONG,
821 }}
822 pub type PTRUSTED_POSIX_OFFSET_INFO = *mut TRUSTED_POSIX_OFFSET_INFO;
823 STRUCT!{struct TRUSTED_PASSWORD_INFO {
824 Password: LSA_UNICODE_STRING,
825 OldPassword: LSA_UNICODE_STRING,
826 }}
827 pub type PTRUSTED_PASSWORD_INFO = *mut TRUSTED_PASSWORD_INFO;
828 pub type TRUSTED_DOMAIN_INFORMATION_BASIC = LSA_TRUST_INFORMATION;
829 pub type PTRUSTED_DOMAIN_INFORMATION_BASIC = PLSA_TRUST_INFORMATION;
830 // NOTE: Ignoring Win XP constants
831 pub const TRUST_DIRECTION_DISABLED: ULONG = 0x00000000;
832 pub const TRUST_DIRECTION_INBOUND: ULONG = 0x00000001;
833 pub const TRUST_DIRECTION_OUTBOUND: ULONG = 0x00000002;
834 pub const TRUST_DIRECTION_BIDIRECTIONAL: ULONG = TRUST_DIRECTION_INBOUND
835 | TRUST_DIRECTION_OUTBOUND;
836 pub const TRUST_TYPE_DOWNLEVEL: ULONG = 0x00000001;
837 pub const TRUST_TYPE_UPLEVEL: ULONG = 0x00000002;
838 pub const TRUST_TYPE_MIT: ULONG = 0x00000003;
839 pub const TRUST_ATTRIBUTE_NON_TRANSITIVE: ULONG = 0x00000001;
840 pub const TRUST_ATTRIBUTE_UPLEVEL_ONLY: ULONG = 0x00000002;
841 pub const TRUST_ATTRIBUTE_QUARANTINED_DOMAIN: ULONG = 0x00000004;
842 pub const TRUST_ATTRIBUTE_FOREST_TRANSITIVE: ULONG = 0x00000008;
843 pub const TRUST_ATTRIBUTE_CROSS_ORGANIZATION: ULONG = 0x00000010;
844 pub const TRUST_ATTRIBUTE_WITHIN_FOREST: ULONG = 0x00000020;
845 pub const TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL: ULONG = 0x00000040;
846 pub const TRUST_ATTRIBUTE_TRUST_USES_RC4_ENCRYPTION: ULONG = 0x00000080;
847 pub const TRUST_ATTRIBUTE_TRUST_USES_AES_KEYS: ULONG = 0x00000100;
848 pub const TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION: ULONG = 0x00000200;
849 pub const TRUST_ATTRIBUTE_PIM_TRUST: ULONG = 0x00000400;
850 pub const TRUST_ATTRIBUTES_VALID: ULONG = 0xFF03FFFF;
851 pub const TRUST_ATTRIBUTES_USER: ULONG = 0xFF000000;
852 STRUCT!{struct TRUSTED_DOMAIN_INFORMATION_EX {
853 Name: LSA_UNICODE_STRING,
854 FlatName: LSA_UNICODE_STRING,
855 Sid: PSID,
856 TrustDirection: ULONG,
857 TrustType: ULONG,
858 TrustAttributes: ULONG,
859 }}
860 pub type PTRUSTED_DOMAIN_INFORMATION_EX = *mut TRUSTED_DOMAIN_INFORMATION_EX;
861 STRUCT!{struct TRUSTED_DOMAIN_INFORMATION_EX2 {
862 Name: LSA_UNICODE_STRING,
863 FlatName: LSA_UNICODE_STRING,
864 Sid: PSID,
865 TrustDirection: ULONG,
866 TrustType: ULONG,
867 TrustAttributes: ULONG,
868 ForestTrustLength: ULONG,
869 ForestTrustInfo: PUCHAR,
870 }}
871 pub type PTRUSTED_DOMAIN_INFORMATION_EX2 = *mut TRUSTED_DOMAIN_INFORMATION_EX2;
872 pub const TRUST_AUTH_TYPE_NONE: ULONG = 0;
873 pub const TRUST_AUTH_TYPE_NT4OWF: ULONG = 1;
874 pub const TRUST_AUTH_TYPE_CLEAR: ULONG = 2;
875 pub const TRUST_AUTH_TYPE_VERSION: ULONG = 3;
876 STRUCT!{struct LSA_AUTH_INFORMATION {
877 LastUpdateTime: LARGE_INTEGER,
878 AuthType: ULONG,
879 AuthInfoLength: ULONG,
880 AuthInfo: PUCHAR,
881 }}
882 pub type PLSA_AUTH_INFORMATION = *mut LSA_AUTH_INFORMATION;
883 STRUCT!{struct TRUSTED_DOMAIN_AUTH_INFORMATION {
884 IncomingAuthInfos: ULONG,
885 IncomingAuthenticationInformation: PLSA_AUTH_INFORMATION,
886 IncomingPreviousAuthenticationInformation: PLSA_AUTH_INFORMATION,
887 OutgoingAuthInfos: ULONG,
888 OutgoingAuthenticationInformation: PLSA_AUTH_INFORMATION,
889 OutgoingPreviousAuthenticationInformation: PLSA_AUTH_INFORMATION,
890 }}
891 pub type PTRUSTED_DOMAIN_AUTH_INFORMATION = *mut TRUSTED_DOMAIN_AUTH_INFORMATION;
892 STRUCT!{struct TRUSTED_DOMAIN_FULL_INFORMATION {
893 Information: TRUSTED_DOMAIN_INFORMATION_EX,
894 PosixOffset: TRUSTED_POSIX_OFFSET_INFO,
895 AuthInformation: TRUSTED_DOMAIN_AUTH_INFORMATION,
896 }}
897 pub type PTRUSTED_DOMAIN_FULL_INFORMATION = *mut TRUSTED_DOMAIN_FULL_INFORMATION;
898 STRUCT!{struct TRUSTED_DOMAIN_FULL_INFORMATION2 {
899 Information: TRUSTED_DOMAIN_INFORMATION_EX2,
900 PosixOffset: TRUSTED_POSIX_OFFSET_INFO,
901 AuthInformation: TRUSTED_DOMAIN_AUTH_INFORMATION,
902 }}
903 pub type PTRUSTED_DOMAIN_FULL_INFORMATION2 = *mut TRUSTED_DOMAIN_FULL_INFORMATION2;
904 STRUCT!{struct TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES {
905 SupportedEncryptionTypes: ULONG,
906 }}
907 pub type PTRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES =
908 *mut TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES;
909 ENUM!{enum LSA_FOREST_TRUST_RECORD_TYPE {
910 ForestTrustTopLevelName,
911 ForestTrustTopLevelNameEx,
912 ForestTrustDomainInfo,
913 ForestTrustRecordTypeLast = ForestTrustDomainInfo,
914 }}
915 pub const LSA_FTRECORD_DISABLED_REASONS: ULONG = 0x0000FFFF;
916 pub const LSA_TLN_DISABLED_NEW: ULONG = 0x00000001;
917 pub const LSA_TLN_DISABLED_ADMIN: ULONG = 0x00000002;
918 pub const LSA_TLN_DISABLED_CONFLICT: ULONG = 0x00000004;
919 pub const LSA_SID_DISABLED_ADMIN: ULONG = 0x00000001;
920 pub const LSA_SID_DISABLED_CONFLICT: ULONG = 0x00000002;
921 pub const LSA_NB_DISABLED_ADMIN: ULONG = 0x00000004;
922 pub const LSA_NB_DISABLED_CONFLICT: ULONG = 0x00000008;
923 STRUCT!{struct LSA_FOREST_TRUST_DOMAIN_INFO {
924 Sid: PSID,
925 DnsName: LSA_UNICODE_STRING,
926 NetbiosName: LSA_UNICODE_STRING,
927 }}
928 pub type PLSA_FOREST_TRUST_DOMAIN_INFO = *mut LSA_FOREST_TRUST_DOMAIN_INFO;
929 pub const MAX_FOREST_TRUST_BINARY_DATA_SIZE: SIZE_T = 128 * 1024;
930 STRUCT!{struct LSA_FOREST_TRUST_BINARY_DATA {
931 Length: ULONG,
932 Buffer: PUCHAR,
933 }}
934 pub type PLSA_FOREST_TRUST_BINARY_DATA = *mut LSA_FOREST_TRUST_BINARY_DATA;
935 UNION!{union LSA_FOREST_TRUST_RECORD_FORESTTRUSTDATA {
936 [u32; 5] [u64; 5],
937 TopLevelName TopLevelName_mut: LSA_UNICODE_STRING,
938 DomainInfo DomainInfo_mut: LSA_FOREST_TRUST_DOMAIN_INFO,
939 Data Data_mut: LSA_FOREST_TRUST_BINARY_DATA,
940 }}
941 STRUCT!{struct LSA_FOREST_TRUST_RECORD {
942 Flags: ULONG,
943 ForestTrustType: LSA_FOREST_TRUST_RECORD_TYPE,
944 Time: LARGE_INTEGER,
945 ForestTrustData: LSA_FOREST_TRUST_RECORD_FORESTTRUSTDATA,
946 }}
947 pub type PLSA_FOREST_TRUST_RECORD = *mut LSA_FOREST_TRUST_RECORD;
948 pub const MAX_RECORDS_IN_FOREST_TRUST_INFO: SIZE_T = 4000;
949 STRUCT!{struct LSA_FOREST_TRUST_INFORMATION {
950 RecordCount: ULONG,
951 Entries: *mut PLSA_FOREST_TRUST_RECORD,
952 }}
953 pub type PLSA_FOREST_TRUST_INFORMATION = LSA_FOREST_TRUST_INFORMATION;
954 ENUM!{enum LSA_FOREST_TRUST_COLLISION_RECORD_TYPE {
955 CollisionTdo,
956 CollisionXref,
957 CollisionOther,
958 }}
959 STRUCT!{struct LSA_FOREST_TRUST_COLLISION_RECORD {
960 Index: ULONG,
961 Type: LSA_FOREST_TRUST_COLLISION_RECORD_TYPE,
962 Flags: ULONG,
963 Name: LSA_UNICODE_STRING,
964 }}
965 pub type PLSA_FOREST_TRUST_COLLISION_RECORD = *mut LSA_FOREST_TRUST_COLLISION_RECORD;
966 STRUCT!{struct LSA_FOREST_TRUST_COLLISION_INFORMATION {
967 RecordCount: ULONG,
968 Entries: *mut PLSA_FOREST_TRUST_COLLISION_RECORD,
969 }}
970 pub type PLSA_FOREST_TRUST_COLLISION_INFORMATION = *mut LSA_FOREST_TRUST_COLLISION_INFORMATION;
971 pub const SECRET_SET_VALUE: ULONG = 0x00000001;
972 pub const SECRET_QUERY_VALUE: ULONG = 0x00000002;
973 pub const SECRET_ALL_ACCESS: ULONG = STANDARD_RIGHTS_REQUIRED | SECRET_SET_VALUE
974 | SECRET_QUERY_VALUE;
975 pub const SECRET_READ: ULONG = STANDARD_RIGHTS_READ | SECRET_QUERY_VALUE;
976 pub const SECRET_WRITE: ULONG = STANDARD_RIGHTS_WRITE | SECRET_SET_VALUE;
977 pub const SECRET_EXECUTE: ULONG = STANDARD_RIGHTS_EXECUTE;
978 pub const LSA_GLOBAL_SECRET_PREFIX: &'static str = "G$";
979 pub const LSA_GLOBAL_SECRET_PREFIX_LENGTH: SIZE_T = 2;
980 pub const LSA_LOCAL_SECRET_PREFIX: &'static str = "L$";
981 pub const LSA_LOCAL_SECRET_PREFIX_LENGTH: SIZE_T = 2;
982 pub const LSA_MACHINE_SECRET_PREFIX: &'static str = "M$";
983 pub const LSA_MACHINE_SECRET_PREFIX_LENGTH: SIZE_T = 2;
984 pub const LSA_SECRET_MAXIMUM_COUNT: SIZE_T = 0x00001000;
985 pub const LSA_SECRET_MAXIMUM_LENGTH: SIZE_T = 0x00000200;
986 DECLARE_HANDLE!{LSA_ENUMERATION_HANDLE, __LSA_ENUMERATION_HANDLE}
987 pub type PLSA_ENUMERATION_HANDLE = *mut LSA_ENUMERATION_HANDLE;
988 STRUCT!{struct LSA_ENUMERATION_INFORMATION {
989 Sid: PSID,
990 }}
991 pub type PLSA_ENUMERATION_INFORMATION = *mut LSA_ENUMERATION_INFORMATION;
992 extern "system" {
993 pub fn LsaFreeMemory(
994 Buffer: PVOID,
995 ) -> NTSTATUS;
996 pub fn LsaClose(
997 ObjectHandle: LSA_HANDLE,
998 ) -> NTSTATUS;
999 pub fn LsaDelete(
1000 ObjectHandle: LSA_HANDLE,
1001 ) -> NTSTATUS;
1002 pub fn LsaQuerySecurityObject(
1003 ObjectHandle: LSA_HANDLE,
1004 SecurityInformation: SECURITY_INFORMATION,
1005 SecurityDescriptor: *mut PSECURITY_DESCRIPTOR,
1006 ) -> NTSTATUS;
1007 pub fn LsaSetSecurityObject(
1008 ObjectHandle: LSA_HANDLE,
1009 SecurityInformation: SECURITY_INFORMATION,
1010 SecurityDescriptor: PSECURITY_DESCRIPTOR,
1011 ) -> NTSTATUS;
1012 pub fn LsaChangePassword(
1013 ServerName: PLSA_UNICODE_STRING,
1014 DomainName: PLSA_UNICODE_STRING,
1015 AccountName: PLSA_UNICODE_STRING,
1016 OldPassword: PLSA_UNICODE_STRING,
1017 NewPassword: PLSA_UNICODE_STRING,
1018 ) -> NTSTATUS;
1019 }
1020 STRUCT!{struct LSA_LAST_INTER_LOGON_INFO {
1021 LastSuccessfulLogon: LARGE_INTEGER,
1022 LastFailedLogon: LARGE_INTEGER,
1023 FailedAttemptCountSinceLastSuccessfulLogon: ULONG,
1024 }}
1025 pub type PLSA_LAST_INTER_LOGON_INFO = *mut LSA_LAST_INTER_LOGON_INFO;
1026 STRUCT!{struct SECURITY_LOGON_SESSION_DATA {
1027 Size: ULONG,
1028 LogonId: LUID,
1029 UserName: LSA_UNICODE_STRING,
1030 LogonDomain: LSA_UNICODE_STRING,
1031 AuthenticationPackage: LSA_UNICODE_STRING,
1032 LogonType: ULONG,
1033 Session: ULONG,
1034 Sid: PSID,
1035 LogonTime: LARGE_INTEGER,
1036 LogonServer: LSA_UNICODE_STRING,
1037 DnsDomainName: LSA_UNICODE_STRING,
1038 Upn: LSA_UNICODE_STRING,
1039 UserFlags: ULONG,
1040 LastLogonInfo: LSA_LAST_INTER_LOGON_INFO,
1041 LogonScript: LSA_UNICODE_STRING,
1042 ProfilePath: LSA_UNICODE_STRING,
1043 HomeDirectory: LSA_UNICODE_STRING,
1044 HomeDirectoryDrive: LSA_UNICODE_STRING,
1045 LogoffTime: LARGE_INTEGER,
1046 KickOffTime: LARGE_INTEGER,
1047 PasswordLastSet: LARGE_INTEGER,
1048 PasswordCanChange: LARGE_INTEGER,
1049 PasswordMustChange: LARGE_INTEGER,
1050 }}
1051 pub type PSECURITY_LOGON_SESSION_DATA = *mut SECURITY_LOGON_SESSION_DATA;
1052 extern "system" {
1053 pub fn LsaEnumerateLogonSessions(
1054 LogonSessionCount: PULONG,
1055 LogonSessionList: *mut PLUID,
1056 ) -> NTSTATUS;
1057 pub fn LsaGetLogonSessionData(
1058 LogonId: PLUID,
1059 ppLogonSessionData: *mut PSECURITY_LOGON_SESSION_DATA,
1060 ) -> NTSTATUS;
1061 pub fn LsaOpenPolicy(
1062 SystemName: PLSA_UNICODE_STRING,
1063 ObjectAttributes: PLSA_OBJECT_ATTRIBUTES,
1064 DesiredAccess: ACCESS_MASK,
1065 PolicyHandle: PLSA_HANDLE,
1066 ) -> NTSTATUS;
1067 pub fn LsaOpenPolicySce(
1068 SystemName: PLSA_UNICODE_STRING,
1069 ObjectAttributes: PLSA_OBJECT_ATTRIBUTES,
1070 DesiredAccess: ACCESS_MASK,
1071 PolicyHandle: PLSA_HANDLE,
1072 ) -> NTSTATUS;
1073 }
1074 pub const MAXIMUM_CAPES_PER_CAP: SIZE_T = 0x7F;
1075 pub const CENTRAL_ACCESS_POLICY_OWNER_RIGHTS_PRESENT_FLAG: ULONG = 0x00000001;
1076 pub const CENTRAL_ACCESS_POLICY_STAGED_OWNER_RIGHTS_PRESENT_FLAG: ULONG = 0x00000100;
1077 #[inline]
1078 pub fn STAGING_FLAG(Effective: ULONG) -> ULONG {
1079 (Effective & 0xF) << 8
1080 }
1081 pub const CENTRAL_ACCESS_POLICY_STAGED_FLAG: ULONG = 0x00010000;
1082 pub const CENTRAL_ACCESS_POLICY_VALID_FLAG_MASK: ULONG =
1083 CENTRAL_ACCESS_POLICY_OWNER_RIGHTS_PRESENT_FLAG
1084 | CENTRAL_ACCESS_POLICY_STAGED_OWNER_RIGHTS_PRESENT_FLAG | CENTRAL_ACCESS_POLICY_STAGED_FLAG;
1085 pub const LSASETCAPS_RELOAD_FLAG: ULONG = 0x00000001;
1086 pub const LSASETCAPS_VALID_FLAG_MASK: ULONG = LSASETCAPS_RELOAD_FLAG;
1087 STRUCT!{struct CENTRAL_ACCESS_POLICY_ENTRY {
1088 Name: LSA_UNICODE_STRING,
1089 Description: LSA_UNICODE_STRING,
1090 ChangeId: LSA_UNICODE_STRING,
1091 LengthAppliesTo: ULONG,
1092 AppliesTo: PUCHAR,
1093 LengthSD: ULONG,
1094 SD: PSECURITY_DESCRIPTOR,
1095 LengthStagedSD: ULONG,
1096 StagedSD: PSECURITY_DESCRIPTOR,
1097 Flags: ULONG,
1098 }}
1099 pub type PCENTRAL_ACCESS_POLICY_ENTRY = *mut CENTRAL_ACCESS_POLICY_ENTRY;
1100 pub type PCCENTRAL_ACCESS_POLICY_ENTRY = *const CENTRAL_ACCESS_POLICY_ENTRY;
1101 STRUCT!{struct CENTRAL_ACCESS_POLICY {
1102 CAPID: PSID,
1103 Name: LSA_UNICODE_STRING,
1104 Description: LSA_UNICODE_STRING,
1105 ChangeId: LSA_UNICODE_STRING,
1106 Flags: ULONG,
1107 CAPECount: ULONG,
1108 CAPEs: *mut PCENTRAL_ACCESS_POLICY_ENTRY,
1109 }}
1110 pub type PCENTRAL_ACCESS_POLICY = *mut CENTRAL_ACCESS_POLICY;
1111 pub type PCCENTRAL_ACCESS_POLICY = *const CENTRAL_ACCESS_POLICY;
1112 extern "system" {
1113 pub fn LsaSetCAPs(
1114 CAPDNs: PLSA_UNICODE_STRING,
1115 CAPDNCount: ULONG,
1116 Flags: ULONG,
1117 ) -> NTSTATUS;
1118 pub fn LsaGetAppliedCAPIDs(
1119 SystemName: PLSA_UNICODE_STRING,
1120 CAPIDs: *mut *mut PSID,
1121 CAPIDCount: PULONG,
1122 ) -> NTSTATUS;
1123 pub fn LsaQueryCAPs(
1124 CAPIDs: *mut PSID,
1125 CAPIDCount: ULONG,
1126 CAPs: *mut PCENTRAL_ACCESS_POLICY,
1127 CAPCount: PULONG,
1128 ) -> NTSTATUS;
1129 pub fn LsaQueryInformationPolicy(
1130 PolicyHandle: LSA_HANDLE,
1131 InformationClass: POLICY_INFORMATION_CLASS,
1132 Buffer: *mut PVOID,
1133 ) -> NTSTATUS;
1134 pub fn LsaSetInformationPolicy(
1135 PolicyHandle: LSA_HANDLE,
1136 InformationClass: POLICY_INFORMATION_CLASS,
1137 Buffer: PVOID,
1138 ) -> NTSTATUS;
1139 pub fn LsaQueryDomainInformationPolicy(
1140 PolicyHandle: LSA_HANDLE,
1141 InformationClass: POLICY_DOMAIN_INFORMATION_CLASS,
1142 Buffer: *mut PVOID,
1143 ) -> NTSTATUS;
1144 pub fn LsaSetDomainInformationPolicy(
1145 PolicyHandle: LSA_HANDLE,
1146 InformationClass: POLICY_DOMAIN_INFORMATION_CLASS,
1147 Buffer: PVOID,
1148 ) -> NTSTATUS;
1149 pub fn LsaRegisterPolicyChangeNotification(
1150 InformationClass: POLICY_NOTIFICATION_INFORMATION_CLASS,
1151 NotifcationEventHandle: HANDLE,
1152 ) -> NTSTATUS;
1153 pub fn LsaUnregisterPolicyChangeNotification(
1154 InformationClass: POLICY_NOTIFICATION_INFORMATION_CLASS,
1155 NotifcationEventHandle: HANDLE,
1156 ) -> NTSTATUS;
1157 pub fn LsaClearAuditLog(
1158 PolicyHandle: LSA_HANDLE,
1159 ) -> NTSTATUS;
1160 pub fn LsaCreateAccount(
1161 PolicyHandle: LSA_HANDLE,
1162 AccountSid: PSID,
1163 DesiredAccess: ACCESS_MASK,
1164 AccountHandle: PLSA_HANDLE,
1165 ) -> NTSTATUS;
1166 pub fn LsaEnumerateAccounts(
1167 PolicyHandle: LSA_HANDLE,
1168 EnumerationContext: PLSA_ENUMERATION_HANDLE,
1169 Buffer: *mut PVOID,
1170 PreferredMaximumLength: ULONG,
1171 CountReturned: PULONG,
1172 ) -> NTSTATUS;
1173 pub fn LsaCreateTrustedDomain(
1174 PolicyHandle: LSA_HANDLE,
1175 TrustedDomainInformation: PLSA_TRUST_INFORMATION,
1176 DesiredAccess: ACCESS_MASK,
1177 TrustedDomainHandle: PLSA_HANDLE,
1178 ) -> NTSTATUS;
1179 pub fn LsaEnumerateTrustedDomains(
1180 PolicyHandle: LSA_HANDLE,
1181 EnumerationContext: PLSA_ENUMERATION_HANDLE,
1182 Buffer: *mut PVOID,
1183 PreferredMaximumLength: ULONG,
1184 CountReturned: PULONG,
1185 ) -> NTSTATUS;
1186 pub fn LsaEnumeratePrivileges(
1187 PolicyHandle: LSA_HANDLE,
1188 EnumerationContext: PLSA_ENUMERATION_HANDLE,
1189 Buffer: *mut PVOID,
1190 PreferredMaximumLength: ULONG,
1191 CountReturned: PULONG,
1192 ) -> NTSTATUS;
1193 pub fn LsaLookupNames(
1194 PolicyHandle: LSA_HANDLE,
1195 Count: ULONG,
1196 Names: PLSA_UNICODE_STRING,
1197 ReferencedDomains: *mut PLSA_REFERENCED_DOMAIN_LIST,
1198 Sids: *mut PLSA_TRANSLATED_SID,
1199 ) -> NTSTATUS;
1200 pub fn LsaLookupNames2(
1201 PolicyHandle: LSA_HANDLE,
1202 Flags: ULONG,
1203 Count: ULONG,
1204 Names: PLSA_UNICODE_STRING,
1205 ReferencedDomains: *mut PLSA_REFERENCED_DOMAIN_LIST,
1206 Sids: *mut PLSA_TRANSLATED_SID2,
1207 ) -> NTSTATUS;
1208 pub fn LsaLookupSids(
1209 PolicyHandle: LSA_HANDLE,
1210 Count: ULONG,
1211 Sids: *mut PSID,
1212 ReferencedDomains: *mut PLSA_REFERENCED_DOMAIN_LIST,
1213 Names: *mut PLSA_TRANSLATED_NAME,
1214 ) -> NTSTATUS;
1215 pub fn LsaLookupSids2(
1216 PolicyHandle: LSA_HANDLE,
1217 LookupOptions: ULONG,
1218 Count: ULONG,
1219 Sids: *mut PSID,
1220 ReferencedDomains: *mut PLSA_REFERENCED_DOMAIN_LIST,
1221 Names: *mut PLSA_TRANSLATED_NAME,
1222 ) -> NTSTATUS;
1223 pub fn LsaCreateSecret(
1224 PolicyHandle: LSA_HANDLE,
1225 SecretName: PLSA_UNICODE_STRING,
1226 DesiredAccess: ACCESS_MASK,
1227 SecretHandle: PLSA_HANDLE,
1228 ) -> NTSTATUS;
1229 pub fn LsaOpenAccount(
1230 PolicyHandle: LSA_HANDLE,
1231 AccountSid: PSID,
1232 DesiredAccess: ACCESS_MASK,
1233 AccountHandle: PLSA_HANDLE,
1234 ) -> NTSTATUS;
1235 pub fn LsaEnumeratePrivilegesOfAccount(
1236 AccountHandle: LSA_HANDLE,
1237 Privileges: *mut PPRIVILEGE_SET,
1238 ) -> NTSTATUS;
1239 pub fn LsaAddPrivilegesToAccount(
1240 AccountHandle: LSA_HANDLE,
1241 Privileges: PPRIVILEGE_SET,
1242 ) -> NTSTATUS;
1243 pub fn LsaRemovePrivilegesFromAccount(
1244 AccountHandle: LSA_HANDLE,
1245 AllPrivileges: BOOLEAN,
1246 Privileges: PPRIVILEGE_SET,
1247 ) -> NTSTATUS;
1248 pub fn LsaGetQuotasForAccount(
1249 AccountHandle: LSA_HANDLE,
1250 QuotaLimits: PQUOTA_LIMITS,
1251 ) -> NTSTATUS;
1252 pub fn LsaSetQuotasForAccount(
1253 AccountHandle: LSA_HANDLE,
1254 QuotaLimits: PQUOTA_LIMITS,
1255 ) -> NTSTATUS;
1256 pub fn LsaGetSystemAccessAccount(
1257 AccountHandle: LSA_HANDLE,
1258 SystemAccess: PULONG,
1259 ) -> NTSTATUS;
1260 pub fn LsaSetSystemAccessAccount(
1261 AccountHandle: LSA_HANDLE,
1262 SystemAccess: ULONG,
1263 ) -> NTSTATUS;
1264 pub fn LsaOpenTrustedDomain(
1265 PolicyHandle: LSA_HANDLE,
1266 TrustedDomainSid: PSID,
1267 DesiredAccess: ACCESS_MASK,
1268 TrustedDomainHandle: PLSA_HANDLE,
1269 ) -> NTSTATUS;
1270 pub fn LsaQueryInfoTrustedDomain(
1271 TrustedDomainHandle: LSA_HANDLE,
1272 InformationClass: TRUSTED_INFORMATION_CLASS,
1273 Buffer: *mut PVOID,
1274 ) -> NTSTATUS;
1275 pub fn LsaSetInformationTrustedDomain(
1276 TrustedDomainHandle: LSA_HANDLE,
1277 InformationClass: TRUSTED_INFORMATION_CLASS,
1278 Buffer: PVOID,
1279 ) -> NTSTATUS;
1280 pub fn LsaOpenSecret(
1281 PolicyHandle: LSA_HANDLE,
1282 SecretName: PLSA_UNICODE_STRING,
1283 DesiredAccess: ACCESS_MASK,
1284 SecretHandle: PLSA_HANDLE,
1285 ) -> NTSTATUS;
1286 pub fn LsaSetSecret(
1287 SecretHandle: LSA_HANDLE,
1288 CurrentValue: PLSA_UNICODE_STRING,
1289 OldValue: PLSA_UNICODE_STRING,
1290 ) -> NTSTATUS;
1291 pub fn LsaQuerySecret(
1292 SecretHandle: LSA_HANDLE,
1293 CurrentValue: *mut PLSA_UNICODE_STRING,
1294 CurrentValueSetTime: PLARGE_INTEGER,
1295 OldValue: *mut PLSA_UNICODE_STRING,
1296 OldValueSetTime: PLARGE_INTEGER,
1297 ) -> NTSTATUS;
1298 pub fn LsaLookupPrivilegeValue(
1299 PolicyHandle: LSA_HANDLE,
1300 Name: PLSA_UNICODE_STRING,
1301 Value: PLUID,
1302 ) -> NTSTATUS;
1303 pub fn LsaLookupPrivilegeName(
1304 PolicyHandle: LSA_HANDLE,
1305 Value: PLUID,
1306 Name: *mut PLSA_UNICODE_STRING,
1307 ) -> NTSTATUS;
1308 pub fn LsaLookupPrivilegeDisplayName(
1309 PolicyHandle: LSA_HANDLE,
1310 Name: PLSA_UNICODE_STRING,
1311 DisplayName: *mut PLSA_UNICODE_STRING,
1312 LanguageReturned: PSHORT,
1313 ) -> NTSTATUS;
1314 }
1315 extern "C" {
1316 pub fn LsaGetUserName(
1317 UserName: *mut PLSA_UNICODE_STRING,
1318 DomainName: *mut PLSA_UNICODE_STRING,
1319 ) -> NTSTATUS;
1320 pub fn LsaGetRemoteUserName(
1321 SystemName: PLSA_UNICODE_STRING,
1322 UserName: *mut PLSA_UNICODE_STRING,
1323 DomainName: *mut PLSA_UNICODE_STRING,
1324 ) -> NTSTATUS;
1325 }
1326 pub const SE_INTERACTIVE_LOGON_NAME: &'static str = "SeInteractiveLogonRight";
1327 pub const SE_NETWORK_LOGON_NAME: &'static str = "SeNetworkLogonRight";
1328 pub const SE_BATCH_LOGON_NAME: &'static str = "SeBatchLogonRight";
1329 pub const SE_SERVICE_LOGON_NAME: &'static str = "SeServiceLogonRight";
1330 pub const SE_DENY_INTERACTIVE_LOGON_NAME: &'static str = "SeDenyInteractiveLogonRight";
1331 pub const SE_DENY_NETWORK_LOGON_NAME: &'static str = "SeDenyNetworkLogonRight";
1332 pub const SE_DENY_BATCH_LOGON_NAME: &'static str = "SeDenyBatchLogonRight";
1333 pub const SE_DENY_SERVICE_LOGON_NAME: &'static str = "SeDenyServiceLogonRight";
1334 pub const SE_REMOTE_INTERACTIVE_LOGON_NAME: &'static str = "SeRemoteInteractiveLogonRight";
1335 pub const SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME: &'static str =
1336 "SeDenyRemoteInteractiveLogonRight";
1337 extern "system" {
1338 pub fn LsaEnumerateAccountsWithUserRight(
1339 PolictHandle: LSA_HANDLE,
1340 UserRights: PLSA_UNICODE_STRING,
1341 EnumerationBuffer: *mut PVOID,
1342 CountReturned: PULONG,
1343 ) -> NTSTATUS;
1344 pub fn LsaEnumerateAccountRights(
1345 PolicyHandle: LSA_HANDLE,
1346 AccountSid: PSID,
1347 UserRights: *mut PLSA_UNICODE_STRING,
1348 CountOfRights: PULONG,
1349 ) -> NTSTATUS;
1350 pub fn LsaAddAccountRights(
1351 PolicyHandle: LSA_HANDLE,
1352 AccountSid: PSID,
1353 UserRights: PLSA_UNICODE_STRING,
1354 CountOfRights: ULONG,
1355 ) -> NTSTATUS;
1356 pub fn LsaRemoveAccountRights(
1357 PolicyHandle: LSA_HANDLE,
1358 AccountSid: PSID,
1359 AllRights: BOOLEAN,
1360 UserRights: PLSA_UNICODE_STRING,
1361 CountOfRights: ULONG,
1362 ) -> NTSTATUS;
1363 pub fn LsaOpenTrustedDomainByName(
1364 PolicyHandle: LSA_HANDLE,
1365 TrustedDomainName: PLSA_UNICODE_STRING,
1366 DesiredAccess: ACCESS_MASK,
1367 TrustedDomainHandle: PLSA_HANDLE,
1368 ) -> NTSTATUS;
1369 pub fn LsaQueryTrustedDomainInfo(
1370 PolicyHandle: LSA_HANDLE,
1371 TrustedDomainSid: PSID,
1372 InformationClass: TRUSTED_INFORMATION_CLASS,
1373 Buffer: *mut PVOID,
1374 ) -> NTSTATUS;
1375 pub fn LsaSetTrustedDomainInformation(
1376 PolicyHandle: LSA_HANDLE,
1377 TrustedDomainSid: PSID,
1378 InformationClass: TRUSTED_INFORMATION_CLASS,
1379 Buffer: PVOID,
1380 ) -> NTSTATUS;
1381 pub fn LsaDeleteTrustedDomain(
1382 PolicyHandle: LSA_HANDLE,
1383 TrustedDomainSid: PSID,
1384 ) -> NTSTATUS;
1385 pub fn LsaQueryTrustedDomainInfoByName(
1386 PolicyHandle: LSA_HANDLE,
1387 TrustedDomainName: PLSA_UNICODE_STRING,
1388 InformationClass: TRUSTED_INFORMATION_CLASS,
1389 Buffer: *mut PVOID,
1390 ) -> NTSTATUS;
1391 pub fn LsaSetTrustedDomainInfoByName(
1392 PolicyHandle: LSA_HANDLE,
1393 TrustedDomainName: PLSA_UNICODE_STRING,
1394 InformationClass: TRUSTED_INFORMATION_CLASS,
1395 Buffer: PVOID,
1396 ) -> NTSTATUS;
1397 pub fn LsaEnumerateTrustedDomainsEx(
1398 PolicyHandle: LSA_HANDLE,
1399 EnumerationContext: PLSA_ENUMERATION_HANDLE,
1400 Buffer: *mut PVOID,
1401 PreferredMaximumLength: ULONG,
1402 CountReturned: PULONG,
1403 ) -> NTSTATUS;
1404 pub fn LsaCreateTrustedDomainEx(
1405 PolicyHandle: LSA_HANDLE,
1406 TrustedDomainInformation: PTRUSTED_DOMAIN_INFORMATION_EX,
1407 AuthenticationInformation: PTRUSTED_DOMAIN_AUTH_INFORMATION,
1408 DesiredAccess: ACCESS_MASK,
1409 TrustedDomainHandle: PLSA_HANDLE,
1410 ) -> NTSTATUS;
1411 pub fn LsaQueryForestTrustInformation(
1412 PolicyHandle: LSA_HANDLE,
1413 TrustedDomainName: PLSA_UNICODE_STRING,
1414 ForestTrustInfo: *mut PLSA_FOREST_TRUST_INFORMATION,
1415 ) -> NTSTATUS;
1416 pub fn LsaSetForestTrustInformation(
1417 PolicyHandle: LSA_HANDLE,
1418 TrustedDomainName: PLSA_UNICODE_STRING,
1419 ForestTrustInfo: PLSA_FOREST_TRUST_INFORMATION,
1420 CheckOnly: BOOLEAN,
1421 CollisionInfo: *mut PLSA_FOREST_TRUST_COLLISION_INFORMATION,
1422 ) -> NTSTATUS;
1423 pub fn LsaForestTrustFindMatch(
1424 PolicyHandle: LSA_HANDLE,
1425 Type: ULONG,
1426 Name: PLSA_UNICODE_STRING,
1427 Match: *mut PLSA_UNICODE_STRING,
1428 ) -> NTSTATUS;
1429 pub fn LsaStorePrivateData(
1430 PolicyHandle: LSA_HANDLE,
1431 KeyName: PLSA_UNICODE_STRING,
1432 PrivateData: PLSA_UNICODE_STRING,
1433 ) -> NTSTATUS;
1434 pub fn LsaRetrievePrivateData(
1435 PolicyHandle: LSA_HANDLE,
1436 KeyName: PLSA_UNICODE_STRING,
1437 PrivateData: *mut PLSA_UNICODE_STRING,
1438 ) -> NTSTATUS;
1439 pub fn LsaNtStatusToWinError(
1440 Status: NTSTATUS,
1441 ) -> ULONG;
1442 }
1443 ENUM!{enum NEGOTIATE_MESSAGES {
1444 NegEnumPackagePrefixes = 0,
1445 NegGetCallerName = 1,
1446 NegTransferCredentials = 2,
1447 NegEnumPackageNames = 3,
1448 NegCallPackageMax,
1449 }}
1450 pub const NEGOTIATE_MAX_PREFIX: SIZE_T = 32;
1451 STRUCT!{struct NEGOTIATE_PACKAGE_PREFIX {
1452 PackageId: ULONG_PTR,
1453 PackageDataA: PVOID,
1454 PackageDataW: PVOID,
1455 PrefixLen: ULONG_PTR,
1456 Prefix: [UCHAR; NEGOTIATE_MAX_PREFIX],
1457 }}
1458 pub type PNEGOTIATE_PACKAGE_PREFIX = *mut NEGOTIATE_PACKAGE_PREFIX;
1459 STRUCT!{struct NEGOTIATE_PACKAGE_PREFIXES {
1460 MessageType: ULONG,
1461 PrefixCount: ULONG,
1462 Offset: ULONG,
1463 Pad: ULONG,
1464 }}
1465 pub type PNEGOTIATE_PACKAGE_PREFIXES = *mut NEGOTIATE_PACKAGE_PREFIXES;
1466 STRUCT!{struct NEGOTIATE_CALLER_NAME_REQUEST {
1467 MessageType: ULONG,
1468 LogonId: LUID,
1469 }}
1470 pub type PNEGOTIATE_CALLER_NAME_REQUEST = *mut NEGOTIATE_CALLER_NAME_REQUEST;
1471 STRUCT!{struct NEGOTIATE_CALLER_NAME_RESPONSE {
1472 Messagetype: ULONG,
1473 CallerName: PWSTR,
1474 }}
1475 pub type PNEGOTIATE_CALLER_NAME_RESPONSE = *mut NEGOTIATE_CALLER_NAME_RESPONSE;
1476 STRUCT!{struct NEGOTIATE_PACKAGE_NAMES {
1477 NamesCount: ULONG,
1478 Names: [UNICODE_STRING; ANYSIZE_ARRAY],
1479 }}
1480 pub type PNEGOTIATE_PACKAGE_NAMES = *mut NEGOTIATE_PACKAGE_NAMES;
1481 pub const NEGOTIATE_ALLOW_NTLM: ULONG = 0x10000000;
1482 pub const NEGOTIATE_NEG_NTLM: ULONG = 0x20000000;
1483 STRUCT!{struct NEGOTIATE_PACKAGE_PREFIX_WOW {
1484 PackageId: ULONG,
1485 PackageDataA: ULONG,
1486 PackageDataW: ULONG,
1487 PrefixLen: ULONG,
1488 Prefix: [UCHAR; NEGOTIATE_MAX_PREFIX],
1489 }}
1490 pub type PNEGOTIATE_PACKAGE_PREFIX_WOW = *mut NEGOTIATE_PACKAGE_PREFIX_WOW;
1491 STRUCT!{struct NEGOTIATE_CALLER_NAME_RESPONSE_WOW {
1492 MessageType: ULONG,
1493 CallerName: ULONG,
1494 }}
1495 pub type PNEGOTIATE_CALLER_NAME_RESPONSE_WOW = *mut NEGOTIATE_CALLER_NAME_RESPONSE_WOW;
1496 extern "system" {
1497 pub fn LsaSetPolicyReplicationHandle(
1498 PolicyHandle: PLSA_HANDLE,
1499 ) -> NTSTATUS;
1500 }
1501 pub const MAX_USER_RECORDS: SIZE_T = 1000;
1502 STRUCT!{struct LSA_USER_REGISTRATION_INFO {
1503 Sid: LSA_UNICODE_STRING,
1504 DeviceId: LSA_UNICODE_STRING,
1505 Username: LSA_UNICODE_STRING,
1506 Thumbprint: LSA_UNICODE_STRING,
1507 RegistrationTime: LARGE_INTEGER,
1508 }}
1509 pub type PLSA_USER_REGISTRATION_INFO = *mut LSA_USER_REGISTRATION_INFO;
1510 STRUCT!{struct LSA_REGISTRATION_INFO {
1511 RegisteredCount: ULONG,
1512 UserRegistrationInfo: *mut PLSA_USER_REGISTRATION_INFO,
1513 }}
1514 pub type PLSA_REGISTRATION_INFO = *mut LSA_REGISTRATION_INFO;
1515 extern "system" {
1516 pub fn LsaGetDeviceRegistrationInfo(
1517 RegistrationInfo: *mut PLSA_REGISTRATION_INFO,
1518 ) -> NTSTATUS;
1519 }
1520 ENUM!{enum LSA_CREDENTIAL_KEY_SOURCE_TYPE {
1521 eFromPrecomputed = 1,
1522 eFromClearPassword,
1523 eFromNtOwf,
1524 }}
1525 pub type PLSA_CREDENTIAL_KEY_SOURCE_TYPE = *mut LSA_CREDENTIAL_KEY_SOURCE_TYPE;
1526 extern "C" {
1527 pub fn SeciIsProtectedUser(
1528 ProtectedUser: PBOOLEAN,
1529 ) -> NTSTATUS;
1530 }
1531