ntsecpkg.h (57381B) - Raw
1 /** 2 * This file has no copyright assigned and is placed in the Public Domain. 3 * This file is part of the mingw-w64 runtime package. 4 * No warranty is given; refer to the file DISCLAIMER.PD within this package. 5 */ 6 #ifndef _NTSECPKG_ 7 #define _NTSECPKG_ 8 9 #ifdef __cplusplus 10 extern "C" { 11 #endif 12 13 typedef PVOID *PLSA_CLIENT_REQUEST; 14 15 typedef enum _LSA_TOKEN_INFORMATION_TYPE { 16 LsaTokenInformationNull, 17 LsaTokenInformationV1, 18 LsaTokenInformationV2, 19 LsaTokenInformationV3 20 } LSA_TOKEN_INFORMATION_TYPE,*PLSA_TOKEN_INFORMATION_TYPE; 21 22 typedef struct _LSA_TOKEN_INFORMATION_NULL { 23 LARGE_INTEGER ExpirationTime; 24 PTOKEN_GROUPS Groups; 25 } LSA_TOKEN_INFORMATION_NULL,*PLSA_TOKEN_INFORMATION_NULL; 26 27 typedef struct _LSA_TOKEN_INFORMATION_V1 { 28 LARGE_INTEGER ExpirationTime; 29 TOKEN_USER User; 30 PTOKEN_GROUPS Groups; 31 TOKEN_PRIMARY_GROUP PrimaryGroup; 32 PTOKEN_PRIVILEGES Privileges; 33 TOKEN_OWNER Owner; 34 TOKEN_DEFAULT_DACL DefaultDacl; 35 } LSA_TOKEN_INFORMATION_V1,*PLSA_TOKEN_INFORMATION_V1; 36 37 typedef LSA_TOKEN_INFORMATION_V1 LSA_TOKEN_INFORMATION_V2,*PLSA_TOKEN_INFORMATION_V2; 38 39 typedef struct _LSA_TOKEN_INFORMATION_V3 { 40 LARGE_INTEGER ExpirationTime; 41 TOKEN_USER User; 42 PTOKEN_GROUPS Groups; 43 TOKEN_PRIMARY_GROUP PrimaryGroup; 44 PTOKEN_PRIVILEGES Privileges; 45 TOKEN_OWNER Owner; 46 TOKEN_DEFAULT_DACL DefaultDacl; 47 TOKEN_USER_CLAIMS UserClaims; 48 TOKEN_DEVICE_CLAIMS DeviceClaims; 49 PTOKEN_GROUPS DeviceGroups; 50 } LSA_TOKEN_INFORMATION_V3, *PLSA_TOKEN_INFORMATION_V3; 51 52 typedef NTSTATUS (NTAPI LSA_CREATE_LOGON_SESSION)(PLUID LogonId); 53 typedef NTSTATUS (NTAPI LSA_DELETE_LOGON_SESSION)(PLUID LogonId); 54 typedef NTSTATUS (NTAPI LSA_ADD_CREDENTIAL)(PLUID LogonId,ULONG AuthenticationPackage,PLSA_STRING PrimaryKeyValue,PLSA_STRING Credentials); 55 typedef NTSTATUS (NTAPI LSA_GET_CREDENTIALS)(PLUID LogonId,ULONG AuthenticationPackage,PULONG QueryContext,BOOLEAN RetrieveAllCredentials,PLSA_STRING PrimaryKeyValue,PULONG PrimaryKeyLength,PLSA_STRING Credentials); 56 typedef NTSTATUS (NTAPI LSA_DELETE_CREDENTIAL)(PLUID LogonId,ULONG AuthenticationPackage,PLSA_STRING PrimaryKeyValue); 57 typedef PVOID (NTAPI LSA_ALLOCATE_LSA_HEAP)(ULONG Length); 58 typedef VOID (NTAPI LSA_FREE_LSA_HEAP)(PVOID Base); 59 typedef PVOID (NTAPI LSA_ALLOCATE_PRIVATE_HEAP)(SIZE_T Length); 60 typedef VOID (NTAPI LSA_FREE_PRIVATE_HEAP)(PVOID Base); 61 typedef NTSTATUS (NTAPI LSA_ALLOCATE_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST ClientRequest,ULONG LengthRequired,PVOID *ClientBaseAddress); 62 typedef NTSTATUS (NTAPI LSA_FREE_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST ClientRequest,PVOID ClientBaseAddress); 63 typedef NTSTATUS (NTAPI LSA_COPY_TO_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST ClientRequest,ULONG Length,PVOID ClientBaseAddress,PVOID BufferToCopy); 64 typedef NTSTATUS (NTAPI LSA_COPY_FROM_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST ClientRequest,ULONG Length,PVOID BufferToCopy,PVOID ClientBaseAddress); 65 66 typedef LSA_CREATE_LOGON_SESSION *PLSA_CREATE_LOGON_SESSION; 67 typedef LSA_DELETE_LOGON_SESSION *PLSA_DELETE_LOGON_SESSION; 68 typedef LSA_ADD_CREDENTIAL *PLSA_ADD_CREDENTIAL; 69 typedef LSA_GET_CREDENTIALS *PLSA_GET_CREDENTIALS; 70 typedef LSA_DELETE_CREDENTIAL *PLSA_DELETE_CREDENTIAL; 71 typedef LSA_ALLOCATE_LSA_HEAP *PLSA_ALLOCATE_LSA_HEAP; 72 typedef LSA_FREE_LSA_HEAP *PLSA_FREE_LSA_HEAP; 73 typedef LSA_ALLOCATE_PRIVATE_HEAP *PLSA_ALLOCATE_PRIVATE_HEAP; 74 typedef LSA_FREE_PRIVATE_HEAP *PLSA_FREE_PRIVATE_HEAP; 75 typedef LSA_ALLOCATE_CLIENT_BUFFER *PLSA_ALLOCATE_CLIENT_BUFFER; 76 typedef LSA_FREE_CLIENT_BUFFER *PLSA_FREE_CLIENT_BUFFER; 77 typedef LSA_COPY_TO_CLIENT_BUFFER *PLSA_COPY_TO_CLIENT_BUFFER; 78 typedef LSA_COPY_FROM_CLIENT_BUFFER *PLSA_COPY_FROM_CLIENT_BUFFER; 79 80 typedef struct _LSA_DISPATCH_TABLE { 81 PLSA_CREATE_LOGON_SESSION CreateLogonSession; 82 PLSA_DELETE_LOGON_SESSION DeleteLogonSession; 83 PLSA_ADD_CREDENTIAL AddCredential; 84 PLSA_GET_CREDENTIALS GetCredentials; 85 PLSA_DELETE_CREDENTIAL DeleteCredential; 86 PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap; 87 PLSA_FREE_LSA_HEAP FreeLsaHeap; 88 PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer; 89 PLSA_FREE_CLIENT_BUFFER FreeClientBuffer; 90 PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer; 91 PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer; 92 } LSA_DISPATCH_TABLE,*PLSA_DISPATCH_TABLE; 93 94 #define LSA_AP_NAME_INITIALIZE_PACKAGE "LsaApInitializePackage\0" 95 #define LSA_AP_NAME_LOGON_USER "LsaApLogonUser\0" 96 #define LSA_AP_NAME_LOGON_USER_EX "LsaApLogonUserEx\0" 97 #define LSA_AP_NAME_CALL_PACKAGE "LsaApCallPackage\0" 98 #define LSA_AP_NAME_LOGON_TERMINATED "LsaApLogonTerminated\0" 99 #define LSA_AP_NAME_CALL_PACKAGE_UNTRUSTED "LsaApCallPackageUntrusted\0" 100 #define LSA_AP_NAME_CALL_PACKAGE_PASSTHROUGH "LsaApCallPackagePassthrough\0" 101 102 typedef NTSTATUS (NTAPI LSA_AP_INITIALIZE_PACKAGE)(ULONG AuthenticationPackageId,PLSA_DISPATCH_TABLE LsaDispatchTable,PLSA_STRING Database,PLSA_STRING Confidentiality,PLSA_STRING *AuthenticationPackageName); 103 typedef NTSTATUS (NTAPI LSA_AP_LOGON_USER)(PLSA_CLIENT_REQUEST ClientRequest,SECURITY_LOGON_TYPE LogonType,PVOID AuthenticationInformation,PVOID ClientAuthenticationBase,ULONG AuthenticationInformationLength,PVOID *ProfileBuffer,PULONG ProfileBufferLength,PLUID LogonId,PNTSTATUS SubStatus,PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,PVOID *TokenInformation,PLSA_UNICODE_STRING *AccountName,PLSA_UNICODE_STRING *AuthenticatingAuthority); 104 typedef NTSTATUS (NTAPI LSA_AP_LOGON_USER_EX)(PLSA_CLIENT_REQUEST ClientRequest,SECURITY_LOGON_TYPE LogonType,PVOID AuthenticationInformation,PVOID ClientAuthenticationBase,ULONG AuthenticationInformationLength,PVOID *ProfileBuffer,PULONG ProfileBufferLength,PLUID LogonId,PNTSTATUS SubStatus,PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,PVOID *TokenInformation,PUNICODE_STRING *AccountName,PUNICODE_STRING *AuthenticatingAuthority,PUNICODE_STRING *MachineName); 105 typedef NTSTATUS (NTAPI LSA_AP_CALL_PACKAGE)(PLSA_CLIENT_REQUEST ClientRequest,PVOID ProtocolSubmitBuffer,PVOID ClientBufferBase,ULONG SubmitBufferLength,PVOID *ProtocolReturnBuffer,PULONG ReturnBufferLength,PNTSTATUS ProtocolStatus); 106 typedef NTSTATUS (NTAPI LSA_AP_CALL_PACKAGE_PASSTHROUGH)(PLSA_CLIENT_REQUEST ClientRequest,PVOID ProtocolSubmitBuffer,PVOID ClientBufferBase,ULONG SubmitBufferLength,PVOID *ProtocolReturnBuffer,PULONG ReturnBufferLength,PNTSTATUS ProtocolStatus); 107 typedef VOID (NTAPI LSA_AP_LOGON_TERMINATED)(PLUID LogonId); 108 109 typedef LSA_AP_CALL_PACKAGE LSA_AP_CALL_PACKAGE_UNTRUSTED; 110 typedef LSA_AP_INITIALIZE_PACKAGE *PLSA_AP_INITIALIZE_PACKAGE; 111 typedef LSA_AP_LOGON_USER *PLSA_AP_LOGON_USER; 112 typedef LSA_AP_LOGON_USER_EX *PLSA_AP_LOGON_USER_EX; 113 typedef LSA_AP_CALL_PACKAGE *PLSA_AP_CALL_PACKAGE; 114 typedef LSA_AP_CALL_PACKAGE_PASSTHROUGH *PLSA_AP_CALL_PACKAGE_PASSTHROUGH; 115 typedef LSA_AP_LOGON_TERMINATED *PLSA_AP_LOGON_TERMINATED; 116 typedef LSA_AP_CALL_PACKAGE_UNTRUSTED *PLSA_AP_CALL_PACKAGE_UNTRUSTED; 117 118 #ifndef _SAM_CREDENTIAL_UPDATE_DEFINED 119 #define _SAM_CREDENTIAL_UPDATE_DEFINED 120 121 typedef NTSTATUS (*PSAM_CREDENTIAL_UPDATE_NOTIFY_ROUTINE)(PUNICODE_STRING ClearPassword,PVOID OldCredentials,ULONG OldCredentialSize,ULONG UserAccountControl,PUNICODE_STRING UPN,PUNICODE_STRING UserName,PUNICODE_STRING NetbiosDomainName,PUNICODE_STRING DnsDomainName,PVOID *NewCredentials,ULONG *NewCredentialSize); 122 123 #define SAM_CREDENTIAL_UPDATE_NOTIFY_ROUTINE "CredentialUpdateNotify" 124 125 typedef BOOLEAN (*PSAM_CREDENTIAL_UPDATE_REGISTER_ROUTINE)(PUNICODE_STRING CredentialName); 126 127 #define SAM_CREDENTIAL_UPDATE_REGISTER_ROUTINE "CredentialUpdateRegister" 128 129 typedef VOID (*PSAM_CREDENTIAL_UPDATE_FREE_ROUTINE)(PVOID p); 130 131 #define SAM_CREDENTIAL_UPDATE_FREE_ROUTINE "CredentialUpdateFree" 132 133 typedef struct { 134 PSTR Original; 135 PSTR Mapped; 136 BOOLEAN Continuable; 137 } SAM_REGISTER_MAPPING_ELEMENT, *PSAM_REGISTER_MAPPING_ELEMENT; 138 139 typedef struct { 140 ULONG Count; 141 PSAM_REGISTER_MAPPING_ELEMENT Elements; 142 } SAM_REGISTER_MAPPING_LIST, *PSAM_REGISTER_MAPPING_LIST; 143 144 typedef struct { 145 ULONG Count; 146 PSAM_REGISTER_MAPPING_LIST Lists; 147 } SAM_REGISTER_MAPPING_TABLE, *PSAM_REGISTER_MAPPING_TABLE; 148 149 typedef NTSTATUS (*PSAM_CREDENTIAL_UPDATE_REGISTER_MAPPED_ENTRYPOINTS_ROUTINE)(SAM_REGISTER_MAPPING_TABLE *Table); 150 151 #define SAM_CREDENTIAL_UPDATE_REGISTER_MAPPED_ENTRYPOINTS_ROUTINE "RegisterMappedEntrypoints" 152 153 #endif /* _SAM_CREDENTIAL_UPDATE_DEFINED */ 154 155 #ifdef SECURITY_KERNEL 156 157 typedef PVOID SEC_THREAD_START; 158 typedef PVOID SEC_ATTRS; 159 #else 160 typedef LPTHREAD_START_ROUTINE SEC_THREAD_START; 161 typedef LPSECURITY_ATTRIBUTES SEC_ATTRS; 162 #endif 163 164 #define SecEqualLuid(L1,L2) ((((PLUID)L1)->LowPart==((PLUID)L2)->LowPart) && (((PLUID)L1)->HighPart==((PLUID)L2)->HighPart)) 165 #define SecIsZeroLuid(L1) ((L1->LowPart | L1->HighPart)==0) 166 167 typedef struct _SECPKG_CLIENT_INFO { 168 LUID LogonId; 169 ULONG ProcessID; 170 ULONG ThreadID; 171 BOOLEAN HasTcbPrivilege; 172 BOOLEAN Impersonating; 173 BOOLEAN Restricted; 174 175 UCHAR ClientFlags; 176 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; 177 178 HANDLE ClientToken; 179 180 } SECPKG_CLIENT_INFO,*PSECPKG_CLIENT_INFO; 181 182 typedef struct _SECPKG_CLIENT_INFO_EX { 183 LUID LogonId; 184 ULONG ProcessID; 185 ULONG ThreadID; 186 BOOLEAN HasTcbPrivilege; 187 BOOLEAN Impersonating; 188 BOOLEAN Restricted; 189 UCHAR ClientFlags; 190 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; 191 HANDLE ClientToken; 192 LUID IdentificationLogonId; 193 HANDLE IdentificationToken; 194 } SECPKG_CLIENT_INFO_EX, *PSECPKG_CLIENT_INFO_EX; 195 196 #define SECPKG_CLIENT_PROCESS_TERMINATED 0x01 197 #define SECPKG_CLIENT_THREAD_TERMINATED 0x02 198 199 typedef struct _SECPKG_CALL_INFO { 200 ULONG ProcessId; 201 ULONG ThreadId; 202 ULONG Attributes; 203 ULONG CallCount; 204 PVOID MechOid; 205 } SECPKG_CALL_INFO,*PSECPKG_CALL_INFO; 206 207 #define SECPKG_CALL_KERNEL_MODE 0x00000001 208 #define SECPKG_CALL_ANSI 0x00000002 209 #define SECPKG_CALL_URGENT 0x00000004 210 #define SECPKG_CALL_RECURSIVE 0x00000008 211 #define SECPKG_CALL_IN_PROC 0x00000010 212 #define SECPKG_CALL_CLEANUP 0x00000020 213 #define SECPKG_CALL_WOWCLIENT 0x00000040 214 #define SECPKG_CALL_THREAD_TERM 0x00000080 215 #define SECPKG_CALL_PROCESS_TERM 0x00000100 216 #define SECPKG_CALL_IS_TCB 0x00000200 217 #define SECPKG_CALL_NETWORK_ONLY 0x00000400 218 #define SECPKG_CALL_WINLOGON 0x00000800 219 #define SECPKG_CALL_ASYNC_UPDATE 0x00001000 220 #define SECPKG_CALL_SYSTEM_PROC 0x00002000 221 #define SECPKG_CALL_NEGO 0x00004000 222 #define SECPKG_CALL_NEGO_EXTENDER 0x00008000 223 #define SECPKG_CALL_BUFFER_MARSHAL 0x00010000 224 #define SECPKG_CALL_UNLOCK 0x00020000 225 #define SECPKG_CALL_CLOUDAP_CONNECT 0x00040000 226 227 #define SECPKG_CALL_WOWX86 0x00000040 228 #define SECPKG_CALL_WOWA32 0x00040000 229 230 typedef struct _SECPKG_SUPPLEMENTAL_CRED { 231 UNICODE_STRING PackageName; 232 ULONG CredentialSize; 233 PUCHAR Credentials; 234 } SECPKG_SUPPLEMENTAL_CRED,*PSECPKG_SUPPLEMENTAL_CRED; 235 236 typedef struct _SECPKG_BYTE_VECTOR { 237 ULONG ByteArrayOffset; 238 USHORT ByteArrayLength; 239 } SECPKG_BYTE_VECTOR, *PSECPKG_BYTE_VECTOR; 240 241 typedef struct _SECPKG_SHORT_VECTOR { 242 ULONG ShortArrayOffset; 243 USHORT ShortArrayCount; 244 } SECPKG_SHORT_VECTOR, *PSECPKG_SHORT_VECTOR; 245 246 typedef struct _SECPKG_SUPPLIED_CREDENTIAL { 247 USHORT cbHeaderLength; 248 USHORT cbStructureLength; 249 SECPKG_SHORT_VECTOR UserName; 250 SECPKG_SHORT_VECTOR DomainName; 251 SECPKG_BYTE_VECTOR PackedCredentials; 252 ULONG CredFlags; 253 } SECPKG_SUPPLIED_CREDENTIAL, *PSECPKG_SUPPLIED_CREDENTIAL; 254 255 #define SECPKG_CREDENTIAL_VERSION 201 256 257 #define SECPKG_CREDENTIAL_FLAGS_CALLER_HAS_TCB 0x1 258 #define SECPKG_CREDENTIAL_FLAGS_CREDMAN_CRED 0x2 259 260 typedef struct _SECPKG_CREDENTIAL { 261 ULONG64 Version; 262 USHORT cbHeaderLength; 263 ULONG cbStructureLength; 264 ULONG ClientProcess; 265 ULONG ClientThread; 266 LUID LogonId; 267 HANDLE ClientToken; 268 ULONG SessionId; 269 LUID ModifiedId; 270 ULONG fCredentials; 271 ULONG Flags; 272 SECPKG_BYTE_VECTOR PrincipalName; 273 SECPKG_BYTE_VECTOR PackageList; 274 SECPKG_BYTE_VECTOR MarshaledSuppliedCreds; 275 } SECPKG_CREDENTIAL, *PSECPKG_CREDENTIAL; 276 277 typedef ULONG_PTR LSA_SEC_HANDLE; 278 typedef LSA_SEC_HANDLE *PLSA_SEC_HANDLE; 279 typedef struct _SECPKG_SUPPLEMENTAL_CRED_ARRAY { 280 ULONG CredentialCount; 281 SECPKG_SUPPLEMENTAL_CRED Credentials[1]; 282 } SECPKG_SUPPLEMENTAL_CRED_ARRAY,*PSECPKG_SUPPLEMENTAL_CRED_ARRAY; 283 284 typedef struct _SECPKG_SURROGATE_LOGON_ENTRY { 285 GUID Type; 286 PVOID Data; 287 } SECPKG_SURROGATE_LOGON_ENTRY, *PSECPKG_SURROGATE_LOGON_ENTRY; 288 289 typedef struct _SECPKG_SURROGATE_LOGON { 290 ULONG Version; 291 LUID SurrogateLogonID; 292 ULONG EntryCount; 293 PSECPKG_SURROGATE_LOGON_ENTRY Entries; 294 } SECPKG_SURROGATE_LOGON, *PSECPKG_SURROGATE_LOGON; 295 296 #define SECPKG_SURROGATE_LOGON_VERSION_1 1 297 298 #define SECBUFFER_UNMAPPED 0x40000000 299 300 #define SECBUFFER_KERNEL_MAP 0x20000000 301 302 typedef NTSTATUS (NTAPI LSA_CALLBACK_FUNCTION)(ULONG_PTR Argument1,ULONG_PTR Argument2,PSecBuffer InputBuffer,PSecBuffer OutputBuffer); 303 304 typedef LSA_CALLBACK_FUNCTION *PLSA_CALLBACK_FUNCTION; 305 306 #define PRIMARY_CRED_CLEAR_PASSWORD 0x00000001 307 #define PRIMARY_CRED_OWF_PASSWORD 0x00000002 308 #define PRIMARY_CRED_UPDATE 0x00000004 309 #define PRIMARY_CRED_CACHED_LOGON 0x00000008 310 #define PRIMARY_CRED_LOGON_NO_TCB 0x00000010 311 #define PRIMARY_CRED_LOGON_LUA 0x00000020 312 #define PRIMARY_CRED_INTERACTIVE_SMARTCARD_LOGON 0x00000040 313 #define PRIMARY_CRED_REFRESH_NEEDED 0x00000080 314 #define PRIMARY_CRED_INTERNET_USER 0x00000100 315 #define PRIMARY_CRED_AUTH_ID 0x00000200 316 #define PRIMARY_CRED_DO_NOT_SPLIT 0x00000400 317 #define PRIMARY_CRED_PROTECTED_USER 0x00000800 318 #define PRIMARY_CRED_EX 0x00001000 319 #define PRIMARY_CRED_TRANSFER 0x00002000 320 #define PRIMARY_CRED_RESTRICTED_TS 0x00004000 321 #define PRIMARY_CRED_PACKED_CREDS 0x00008000 322 #define PRIMARY_CRED_ENTERPRISE_INTERNET_USER 0x00010000 323 #define PRIMARY_CRED_ENCRYPTED_CREDGUARD_PASSWORD 0x00020000 324 #define PRIMARY_CRED_CACHED_INTERACTIVE_LOGON 0x00040000 325 #define PRIMARY_CRED_INTERACTIVE_NGC_LOGON 0x00080000 326 #define PRIMARY_CRED_INTERACTIVE_FIDO_LOGON 0x00100000 327 #define PRIMARY_CRED_ARSO_LOGON 0x00200000 328 #define PRIMARY_CRED_SUPPLEMENTAL 0x00400000 329 330 #define PRIMARY_CRED_LOGON_PACKAGE_SHIFT 24 331 #define PRIMARY_CRED_PACKAGE_MASK 0xff000000 332 333 typedef struct _SECPKG_PRIMARY_CRED { 334 LUID LogonId; 335 UNICODE_STRING DownlevelName; 336 UNICODE_STRING DomainName; 337 UNICODE_STRING Password; 338 UNICODE_STRING OldPassword; 339 PSID UserSid; 340 ULONG Flags; 341 UNICODE_STRING DnsDomainName; 342 UNICODE_STRING Upn; 343 UNICODE_STRING LogonServer; 344 UNICODE_STRING Spare1; 345 UNICODE_STRING Spare2; 346 UNICODE_STRING Spare3; 347 UNICODE_STRING Spare4; 348 } SECPKG_PRIMARY_CRED,*PSECPKG_PRIMARY_CRED; 349 350 #define SECPKG_PRIMARY_CRED_EX_FLAGS_EX_DELEGATION_TOKEN 0x1 351 352 typedef struct _SECPKG_PRIMARY_CRED_EX { 353 LUID LogonId; 354 UNICODE_STRING DownlevelName; 355 UNICODE_STRING DomainName; 356 UNICODE_STRING Password; 357 UNICODE_STRING OldPassword; 358 PSID UserSid; 359 ULONG Flags; 360 UNICODE_STRING DnsDomainName; 361 UNICODE_STRING Upn; 362 UNICODE_STRING LogonServer; 363 UNICODE_STRING Spare1; 364 UNICODE_STRING Spare2; 365 UNICODE_STRING Spare3; 366 UNICODE_STRING Spare4; 367 ULONG_PTR PackageId; 368 LUID PrevLogonId; 369 ULONG FlagsEx; 370 } SECPKG_PRIMARY_CRED_EX, *PSECPKG_PRIMARY_CRED_EX; 371 372 #define MAX_CRED_SIZE 1024 373 374 #define SECPKG_STATE_ENCRYPTION_PERMITTED 0x01 375 #define SECPKG_STATE_STRONG_ENCRYPTION_PERMITTED 0x02 376 #define SECPKG_STATE_DOMAIN_CONTROLLER 0x04 377 #define SECPKG_STATE_WORKSTATION 0x08 378 #define SECPKG_STATE_STANDALONE 0x10 379 #define SECPKG_STATE_CRED_ISOLATION_ENABLED 0x20 380 #define SECPKG_STATE_RESERVED_1 0x80000000 381 382 typedef struct _SECPKG_PARAMETERS { 383 ULONG Version; 384 ULONG MachineState; 385 ULONG SetupMode; 386 PSID DomainSid; 387 UNICODE_STRING DomainName; 388 UNICODE_STRING DnsDomainName; 389 GUID DomainGuid; 390 } SECPKG_PARAMETERS,*PSECPKG_PARAMETERS; 391 392 typedef enum _SECPKG_EXTENDED_INFORMATION_CLASS { 393 SecpkgGssInfo = 1, 394 SecpkgContextThunks, 395 SecpkgMutualAuthLevel, 396 SecpkgWowClientDll, 397 SecpkgExtraOids, 398 SecpkgMaxInfo, 399 SecpkgNego2Info 400 } SECPKG_EXTENDED_INFORMATION_CLASS; 401 402 typedef struct _SECPKG_GSS_INFO { 403 ULONG EncodedIdLength; 404 UCHAR EncodedId[4]; 405 } SECPKG_GSS_INFO,*PSECPKG_GSS_INFO; 406 407 typedef struct _SECPKG_CONTEXT_THUNKS { 408 ULONG InfoLevelCount; 409 ULONG Levels[1]; 410 } SECPKG_CONTEXT_THUNKS,*PSECPKG_CONTEXT_THUNKS; 411 412 typedef struct _SECPKG_MUTUAL_AUTH_LEVEL { 413 ULONG MutualAuthLevel; 414 } SECPKG_MUTUAL_AUTH_LEVEL,*PSECPKG_MUTUAL_AUTH_LEVEL; 415 416 typedef struct _SECPKG_WOW_CLIENT_DLL { 417 SECURITY_STRING WowClientDllPath; 418 } SECPKG_WOW_CLIENT_DLL,*PSECPKG_WOW_CLIENT_DLL; 419 420 #define SECPKG_MAX_OID_LENGTH 32 421 422 typedef struct _SECPKG_SERIALIZED_OID { 423 ULONG OidLength; 424 ULONG OidAttributes; 425 UCHAR OidValue[SECPKG_MAX_OID_LENGTH ]; 426 } SECPKG_SERIALIZED_OID,*PSECPKG_SERIALIZED_OID; 427 428 typedef struct _SECPKG_EXTRA_OIDS { 429 ULONG OidCount; 430 SECPKG_SERIALIZED_OID Oids[1 ]; 431 } SECPKG_EXTRA_OIDS,*PSECPKG_EXTRA_OIDS; 432 433 typedef struct _SECPKG_NEGO2_INFO { 434 UCHAR AuthScheme[16]; 435 ULONG PackageFlags; 436 } SECPKG_NEGO2_INFO, *PSECPKG_NEGO2_INFO; 437 438 typedef struct _SECPKG_EXTENDED_INFORMATION { 439 SECPKG_EXTENDED_INFORMATION_CLASS Class; 440 union { 441 SECPKG_GSS_INFO GssInfo; 442 SECPKG_CONTEXT_THUNKS ContextThunks; 443 SECPKG_MUTUAL_AUTH_LEVEL MutualAuthLevel; 444 SECPKG_WOW_CLIENT_DLL WowClientDll; 445 SECPKG_EXTRA_OIDS ExtraOids; 446 SECPKG_NEGO2_INFO Nego2Info; 447 } Info; 448 } SECPKG_EXTENDED_INFORMATION,*PSECPKG_EXTENDED_INFORMATION; 449 450 typedef struct _SECPKG_TARGETINFO { 451 PSID DomainSid; 452 PCWSTR ComputerName; 453 } SECPKG_TARGETINFO, *PSECPKG_TARGETINFO; 454 455 #define SECPKG_MSVAV_FLAGS_VALID 0x01 456 #define SECPKG_MSVAV_TIMESTAMP_VALID 0x02 457 458 typedef struct _SECPKG_NTLM_TARGETINFO { 459 ULONG Flags; 460 LPWSTR MsvAvNbComputerName; 461 LPWSTR MsvAvNbDomainName; 462 LPWSTR MsvAvDnsComputerName; 463 LPWSTR MsvAvDnsDomainName; 464 LPWSTR MsvAvDnsTreeName; 465 ULONG MsvAvFlags; 466 FILETIME MsvAvTimestamp; 467 LPWSTR MsvAvTargetName; 468 } SECPKG_NTLM_TARGETINFO, *PSECPKG_NTLM_TARGETINFO; 469 470 #define SECPKG_ATTR_SASL_CONTEXT 0x00010000 471 472 typedef struct _SecPkgContext_SaslContext { 473 PVOID SaslContext; 474 } SecPkgContext_SaslContext,*PSecPkgContext_SaslContext; 475 476 #define SECPKG_ATTR_THUNK_ALL 0x00010000 477 478 #ifndef SECURITY_USER_DATA_DEFINED 479 #define SECURITY_USER_DATA_DEFINED 480 481 typedef struct _SECURITY_USER_DATA { 482 SECURITY_STRING UserName; 483 SECURITY_STRING LogonDomainName; 484 SECURITY_STRING LogonServer; 485 PSID pSid; 486 } SECURITY_USER_DATA,*PSECURITY_USER_DATA; 487 488 typedef SECURITY_USER_DATA SecurityUserData,*PSecurityUserData; 489 490 #define UNDERSTANDS_LONG_NAMES 1 491 #define NO_LONG_NAMES 2 492 #endif 493 494 #define SECPKG_ALL_PACKAGES ((ULONG) -2) 495 496 typedef enum _SECPKG_CALL_PACKAGE_MESSAGE_TYPE { 497 SecPkgCallPackageMinMessage = 1024, 498 SecPkgCallPackagePinDcMessage = SecPkgCallPackageMinMessage, 499 SecPkgCallPackageUnpinAllDcsMessage, 500 SecPkgCallPackageTransferCredMessage, 501 SecPkgCallPackageMaxMessage = SecPkgCallPackageTransferCredMessage 502 } SECPKG_CALL_PACKAGE_MESSAGE_TYPE, *PSECPKG_CALL_PACKAGE_MESSAGE_TYPE; 503 504 typedef struct _SECPKG_CALL_PACKAGE_PIN_DC_REQUEST { 505 ULONG MessageType; 506 ULONG Flags; 507 UNICODE_STRING DomainName; 508 UNICODE_STRING DcName; 509 ULONG DcFlags; 510 } SECPKG_CALL_PACKAGE_PIN_DC_REQUEST, *PSECPKG_CALL_PACKAGE_PIN_DC_REQUEST; 511 512 typedef struct _SECPKG_CALL_PACKAGE_UNPIN_ALL_DCS_REQUEST { 513 ULONG MessageType; 514 ULONG Flags; 515 } SECPKG_CALL_PACKAGE_UNPIN_ALL_DCS_REQUEST, *PSECPKG_CALL_PACKAGE_UNPIN_ALL_DCS_REQUEST; 516 517 #define SECPKG_CALL_PACKAGE_TRANSFER_CRED_REQUEST_FLAG_OPTIMISTIC_LOGON 0x1 518 #define SECPKG_CALL_PACKAGE_TRANSFER_CRED_REQUEST_FLAG_CLEANUP_CREDENTIALS 0x2 519 #define SECPKG_CALL_PACKAGE_TRANSFER_CRED_REQUEST_FLAG_TO_SSO_SESSION 0x4 520 521 typedef struct _SECPKG_CALL_PACKAGE_TRANSFER_CRED_REQUEST { 522 ULONG MessageType; 523 LUID OriginLogonId; 524 LUID DestinationLogonId; 525 ULONG Flags; 526 } SECPKG_CALL_PACKAGE_TRANSFER_CRED_REQUEST, *PSECPKG_CALL_PACKAGE_TRANSFER_CRED_REQUEST; 527 528 typedef NTSTATUS (NTAPI LSA_REDIRECTED_LOGON_INIT)(HANDLE RedirectedLogonHandle, const UNICODE_STRING *PackageName, ULONG SessionId, const LUID *LogonId); 529 typedef NTSTATUS (NTAPI LSA_REDIRECTED_LOGON_CALLBACK)(HANDLE RedirectedLogonHandle, PVOID Buffer, ULONG BufferLength, PVOID *ReturnBuffer, ULONG *ReturnBufferLength); 530 typedef VOID (NTAPI LSA_REDIRECTED_LOGON_CLEANUP_CALLBACK)(HANDLE RedirectedLogonHandle); 531 typedef NTSTATUS (NTAPI LSA_REDIRECTED_LOGON_GET_LOGON_CREDS)(HANDLE RedirectedLogonHandle, PBYTE *LogonBuffer, PULONG LogonBufferLength); 532 typedef NTSTATUS (NTAPI LSA_REDIRECTED_LOGON_GET_SUPP_CREDS)(HANDLE RedirectedLogonHandle, PSECPKG_SUPPLEMENTAL_CRED_ARRAY* SupplementalCredentials); 533 typedef NTSTATUS (NTAPI LSA_REDIRECTED_LOGON_GET_SID)(HANDLE RedirectedLogonHandle, PSID *Sid); 534 535 typedef LSA_REDIRECTED_LOGON_INIT *PLSA_REDIRECTED_LOGON_INIT; 536 typedef LSA_REDIRECTED_LOGON_CALLBACK *PLSA_REDIRECTED_LOGON_CALLBACK; 537 typedef LSA_REDIRECTED_LOGON_GET_LOGON_CREDS *PLSA_REDIRECTED_LOGON_GET_LOGON_CREDS; 538 typedef LSA_REDIRECTED_LOGON_GET_SUPP_CREDS *PLSA_REDIRECTED_LOGON_GET_SUPP_CREDS; 539 typedef LSA_REDIRECTED_LOGON_CLEANUP_CALLBACK *PLSA_REDIRECTED_LOGON_CLEANUP_CALLBACK; 540 typedef LSA_REDIRECTED_LOGON_GET_SID *PLSA_REDIRECTED_LOGON_GET_SID; 541 542 #define SECPKG_REDIRECTED_LOGON_GUID_INITIALIZER { 0xc2be5457, 0x82eb, 0x483e, { 0xae, 0x4e, 0x74, 0x68, 0xef, 0x14, 0xd5, 0x9 } } 543 544 typedef struct _SECPKG_REDIRECTED_LOGON_BUFFER { 545 GUID RedirectedLogonGuid; 546 HANDLE RedirectedLogonHandle; 547 PLSA_REDIRECTED_LOGON_INIT Init; 548 PLSA_REDIRECTED_LOGON_CALLBACK Callback; 549 PLSA_REDIRECTED_LOGON_CLEANUP_CALLBACK CleanupCallback; 550 PLSA_REDIRECTED_LOGON_GET_LOGON_CREDS GetLogonCreds; 551 PLSA_REDIRECTED_LOGON_GET_SUPP_CREDS GetSupplementalCreds; 552 PLSA_REDIRECTED_LOGON_GET_SID GetRedirectedLogonSid; 553 } SECPKG_REDIRECTED_LOGON_BUFFER, *PSECPKG_REDIRECTED_LOGON_BUFFER; 554 555 typedef struct _SECPKG_POST_LOGON_USER_INFO { 556 ULONG Flags; 557 LUID LogonId; 558 LUID LinkedLogonId; 559 } SECPKG_POST_LOGON_USER_INFO, *PSECPKG_POST_LOGON_USER_INFO; 560 561 typedef NTSTATUS (NTAPI LSA_IMPERSONATE_CLIENT)(VOID); 562 typedef NTSTATUS (NTAPI LSA_UNLOAD_PACKAGE)(VOID); 563 typedef NTSTATUS (NTAPI LSA_DUPLICATE_HANDLE)(HANDLE SourceHandle,PHANDLE DestionationHandle); 564 typedef NTSTATUS (NTAPI LSA_SAVE_SUPPLEMENTAL_CREDENTIALS)(PLUID LogonId,ULONG SupplementalCredSize,PVOID SupplementalCreds,BOOLEAN Synchronous); 565 typedef HANDLE (NTAPI LSA_CREATE_THREAD)(SEC_ATTRS SecurityAttributes,ULONG StackSize,SEC_THREAD_START StartFunction,PVOID ThreadParameter,ULONG CreationFlags,PULONG ThreadId); 566 typedef NTSTATUS (NTAPI LSA_GET_CLIENT_INFO)(PSECPKG_CLIENT_INFO ClientInfo); 567 typedef NTSTATUS (NTAPI LSA_GET_CLIENT_INFO_EX)(PSECPKG_CLIENT_INFO_EX ClientInfo, ULONG StructSize); 568 typedef HANDLE (NTAPI LSA_REGISTER_NOTIFICATION)(SEC_THREAD_START StartFunction,PVOID Parameter,ULONG NotificationType,ULONG NotificationClass,ULONG NotificationFlags,ULONG IntervalMinutes,HANDLE WaitEvent); 569 typedef NTSTATUS (NTAPI LSA_CANCEL_NOTIFICATION)(HANDLE NotifyHandle); 570 typedef NTSTATUS (NTAPI LSA_MAP_BUFFER)(PSecBuffer InputBuffer,PSecBuffer OutputBuffer); 571 typedef NTSTATUS (NTAPI LSA_CREATE_TOKEN)(PLUID LogonId,PTOKEN_SOURCE TokenSource,SECURITY_LOGON_TYPE LogonType,SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,LSA_TOKEN_INFORMATION_TYPE TokenInformationType,PVOID TokenInformation,PTOKEN_GROUPS TokenGroups,PUNICODE_STRING AccountName,PUNICODE_STRING AuthorityName,PUNICODE_STRING Workstation,PUNICODE_STRING ProfilePath,PHANDLE Token,PNTSTATUS SubStatus); 572 573 typedef enum _SECPKG_SESSIONINFO_TYPE { 574 SecSessionPrimaryCred 575 } SECPKG_SESSIONINFO_TYPE; 576 577 typedef NTSTATUS (NTAPI LSA_CREATE_TOKEN_EX)(PLUID LogonId,PTOKEN_SOURCE TokenSource,SECURITY_LOGON_TYPE LogonType,SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,LSA_TOKEN_INFORMATION_TYPE TokenInformationType,PVOID TokenInformation,PTOKEN_GROUPS TokenGroups,PUNICODE_STRING Workstation,PUNICODE_STRING ProfilePath,PVOID SessionInformation,SECPKG_SESSIONINFO_TYPE SessionInformationType,PHANDLE Token,PNTSTATUS SubStatus); 578 typedef VOID (NTAPI LSA_AUDIT_LOGON)(NTSTATUS Status,NTSTATUS SubStatus,PUNICODE_STRING AccountName,PUNICODE_STRING AuthenticatingAuthority,PUNICODE_STRING WorkstationName,PSID UserSid,SECURITY_LOGON_TYPE LogonType,PTOKEN_SOURCE TokenSource,PLUID LogonId); 579 typedef NTSTATUS (NTAPI LSA_CALL_PACKAGE)(PUNICODE_STRING AuthenticationPackage,PVOID ProtocolSubmitBuffer,ULONG SubmitBufferLength,PVOID *ProtocolReturnBuffer,PULONG ReturnBufferLength,PNTSTATUS ProtocolStatus); 580 typedef NTSTATUS (NTAPI LSA_CALL_PACKAGEEX)(PUNICODE_STRING AuthenticationPackage,PVOID ClientBufferBase,PVOID ProtocolSubmitBuffer,ULONG SubmitBufferLength,PVOID *ProtocolReturnBuffer,PULONG ReturnBufferLength,PNTSTATUS ProtocolStatus); 581 typedef NTSTATUS (NTAPI LSA_CALL_PACKAGE_PASSTHROUGH)(PUNICODE_STRING AuthenticationPackage,PVOID ClientBufferBase,PVOID ProtocolSubmitBuffer,ULONG SubmitBufferLength,PVOID *ProtocolReturnBuffer,PULONG ReturnBufferLength,PNTSTATUS ProtocolStatus); 582 typedef BOOLEAN (NTAPI LSA_GET_CALL_INFO)(PSECPKG_CALL_INFO Info); 583 typedef PVOID (NTAPI LSA_CREATE_SHARED_MEMORY)(ULONG MaxSize,ULONG InitialSize); 584 typedef PVOID (NTAPI LSA_ALLOCATE_SHARED_MEMORY)(PVOID SharedMem,ULONG Size); 585 typedef VOID (NTAPI LSA_FREE_SHARED_MEMORY)(PVOID SharedMem,PVOID Memory); 586 typedef BOOLEAN (NTAPI LSA_DELETE_SHARED_MEMORY)(PVOID SharedMem); 587 typedef NTSTATUS (NTAPI LSA_GET_APP_MODE_INFO)(PULONG UserFunction, PULONG_PTR Argument1, PULONG_PTR Argument2, PSecBuffer UserData, PBOOLEAN ReturnToLsa); 588 typedef NTSTATUS (NTAPI LSA_SET_APP_MODE_INFO)(ULONG UserFunction, ULONG_PTR Argument1, ULONG_PTR Argument2, PSecBuffer UserData, BOOLEAN ReturnToLsa); 589 590 typedef enum _SECPKG_NAME_TYPE { 591 SecNameSamCompatible, 592 SecNameAlternateId, 593 SecNameFlat, 594 SecNameDN, 595 SecNameSPN 596 } SECPKG_NAME_TYPE; 597 598 typedef NTSTATUS (NTAPI LSA_OPEN_SAM_USER)(PSECURITY_STRING Name,SECPKG_NAME_TYPE NameType,PSECURITY_STRING Prefix,BOOLEAN AllowGuest,ULONG Reserved,PVOID *UserHandle); 599 typedef NTSTATUS (NTAPI LSA_GET_USER_CREDENTIALS)(PVOID UserHandle,PVOID *PrimaryCreds,PULONG PrimaryCredsSize,PVOID *SupplementalCreds,PULONG SupplementalCredsSize); 600 typedef NTSTATUS (NTAPI LSA_GET_USER_AUTH_DATA)(PVOID UserHandle,PUCHAR *UserAuthData,PULONG UserAuthDataSize); 601 typedef NTSTATUS (NTAPI LSA_CLOSE_SAM_USER)(PVOID UserHandle); 602 typedef NTSTATUS (NTAPI LSA_GET_AUTH_DATA_FOR_USER)(PSECURITY_STRING Name,SECPKG_NAME_TYPE NameType,PSECURITY_STRING Prefix,PUCHAR *UserAuthData,PULONG UserAuthDataSize,PUNICODE_STRING UserFlatName); 603 typedef NTSTATUS (NTAPI LSA_CONVERT_AUTH_DATA_TO_TOKEN)(PVOID UserAuthData,ULONG UserAuthDataSize,SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,PTOKEN_SOURCE TokenSource,SECURITY_LOGON_TYPE LogonType,PUNICODE_STRING AuthorityName,PHANDLE Token,PLUID LogonId,PUNICODE_STRING AccountName,PNTSTATUS SubStatus); 604 typedef NTSTATUS (NTAPI LSA_CRACK_SINGLE_NAME)(ULONG FormatOffered,BOOLEAN PerformAtGC,PUNICODE_STRING NameInput,PUNICODE_STRING Prefix,ULONG RequestedFormat,PUNICODE_STRING CrackedName,PUNICODE_STRING DnsDomainName,PULONG SubStatus); 605 typedef NTSTATUS (NTAPI LSA_AUDIT_ACCOUNT_LOGON)(ULONG AuditId,BOOLEAN Success,PUNICODE_STRING Source,PUNICODE_STRING ClientName,PUNICODE_STRING MappedName,NTSTATUS Status); 606 typedef NTSTATUS (NTAPI LSA_CLIENT_CALLBACK)(PCHAR Callback,ULONG_PTR Argument1,ULONG_PTR Argument2,PSecBuffer Input,PSecBuffer Output); 607 typedef NTSTATUS (NTAPI LSA_REGISTER_CALLBACK)(ULONG CallbackId,PLSA_CALLBACK_FUNCTION Callback); 608 typedef NTSTATUS (NTAPI LSA_GET_EXTENDED_CALL_FLAGS)(PULONG Flags); 609 610 #define NOTIFIER_FLAG_NEW_THREAD 0x00000001 611 #define NOTIFIER_FLAG_ONE_SHOT 0x00000002 612 #define NOTIFIER_FLAG_SECONDS 0x80000000 613 614 #define NOTIFIER_TYPE_INTERVAL 1 615 #define NOTIFIER_TYPE_HANDLE_WAIT 2 616 #define NOTIFIER_TYPE_STATE_CHANGE 3 617 #define NOTIFIER_TYPE_NOTIFY_EVENT 4 618 #define NOTIFIER_TYPE_IMMEDIATE 16 619 620 #define NOTIFY_CLASS_PACKAGE_CHANGE 1 621 #define NOTIFY_CLASS_ROLE_CHANGE 2 622 #define NOTIFY_CLASS_DOMAIN_CHANGE 3 623 #define NOTIFY_CLASS_REGISTRY_CHANGE 4 624 625 typedef struct _SECPKG_EVENT_PACKAGE_CHANGE { 626 ULONG ChangeType; 627 LSA_SEC_HANDLE PackageId; 628 SECURITY_STRING PackageName; 629 } SECPKG_EVENT_PACKAGE_CHANGE,*PSECPKG_EVENT_PACKAGE_CHANGE; 630 631 #define SECPKG_PACKAGE_CHANGE_LOAD 0 632 #define SECPKG_PACKAGE_CHANGE_UNLOAD 1 633 #define SECPKG_PACKAGE_CHANGE_SELECT 2 634 635 typedef struct _SECPKG_EVENT_ROLE_CHANGE { 636 ULONG PreviousRole; 637 ULONG NewRole; 638 } SECPKG_EVENT_ROLE_CHANGE,*PSECPKG_EVENT_ROLE_CHANGE; 639 640 typedef struct _SECPKG_PARAMETERS SECPKG_EVENT_DOMAIN_CHANGE; 641 typedef struct _SECPKG_PARAMETERS *PSECPKG_EVENT_DOMAIN_CHANGE; 642 643 typedef struct _SECPKG_EVENT_NOTIFY { 644 ULONG EventClass; 645 ULONG Reserved; 646 ULONG EventDataSize; 647 PVOID EventData; 648 PVOID PackageParameter; 649 } SECPKG_EVENT_NOTIFY,*PSECPKG_EVENT_NOTIFY; 650 651 typedef NTSTATUS (NTAPI LSA_UPDATE_PRIMARY_CREDENTIALS)(PSECPKG_PRIMARY_CRED PrimaryCredentials,PSECPKG_SUPPLEMENTAL_CRED_ARRAY Credentials); 652 typedef VOID (NTAPI LSA_PROTECT_MEMORY)(PVOID Buffer,ULONG BufferSize); 653 typedef NTSTATUS (NTAPI LSA_OPEN_TOKEN_BY_LOGON_ID)(PLUID LogonId,HANDLE *RetTokenHandle); 654 typedef NTSTATUS (NTAPI LSA_EXPAND_AUTH_DATA_FOR_DOMAIN)(PUCHAR UserAuthData,ULONG UserAuthDataSize,PVOID Reserved,PUCHAR *ExpandedAuthData,PULONG ExpandedAuthDataSize); 655 656 typedef enum _CRED_FETCH { 657 CredFetchDefault = 0, 658 CredFetchDPAPI, 659 CredFetchForced 660 } CRED_FETCH, *PCRED_FETCH; 661 662 typedef NTSTATUS (NTAPI LSA_GET_SERVICE_ACCOUNT_PASSWORD)(PUNICODE_STRING AccountName, PUNICODE_STRING DomainName, CRED_FETCH CredFetch, FILETIME *FileTimeExpiry, PUNICODE_STRING CurrentPassword, PUNICODE_STRING PreviousPassword, FILETIME *FileTimeCurrPwdValidForOutbound); 663 typedef VOID (NTAPI LSA_AUDIT_LOGON_EX)(NTSTATUS Status, NTSTATUS SubStatus, PUNICODE_STRING AccountName, PUNICODE_STRING AuthenticatingAuthority, PUNICODE_STRING WorkstationName, PSID UserSid, SECURITY_LOGON_TYPE LogonType, SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, PTOKEN_SOURCE TokenSource, PLUID LogonId); 664 typedef NTSTATUS (NTAPI LSA_CHECK_PROTECTED_USER_BY_TOKEN)(HANDLE UserToken, PBOOLEAN ProtectedUser); 665 typedef NTSTATUS (NTAPI LSA_QUERY_CLIENT_REQUEST)(PLSA_CLIENT_REQUEST ClientRequest, ULONG QueryType, PVOID *ReplyBuffer); 666 667 #define LSA_QUERY_CLIENT_PRELOGON_SESSION_ID 1 668 669 typedef LSA_IMPERSONATE_CLIENT *PLSA_IMPERSONATE_CLIENT; 670 typedef LSA_UNLOAD_PACKAGE *PLSA_UNLOAD_PACKAGE; 671 typedef LSA_DUPLICATE_HANDLE *PLSA_DUPLICATE_HANDLE; 672 typedef LSA_SAVE_SUPPLEMENTAL_CREDENTIALS *PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS; 673 typedef LSA_CREATE_THREAD *PLSA_CREATE_THREAD; 674 typedef LSA_GET_CLIENT_INFO *PLSA_GET_CLIENT_INFO; 675 typedef LSA_GET_CLIENT_INFO_EX *PLSA_GET_CLIENT_INFO_EX; 676 typedef LSA_REGISTER_NOTIFICATION *PLSA_REGISTER_NOTIFICATION; 677 typedef LSA_CANCEL_NOTIFICATION *PLSA_CANCEL_NOTIFICATION; 678 typedef LSA_MAP_BUFFER *PLSA_MAP_BUFFER; 679 typedef LSA_CREATE_TOKEN *PLSA_CREATE_TOKEN; 680 typedef LSA_AUDIT_LOGON *PLSA_AUDIT_LOGON; 681 typedef LSA_CALL_PACKAGE *PLSA_CALL_PACKAGE; 682 typedef LSA_CALL_PACKAGEEX *PLSA_CALL_PACKAGEEX; 683 typedef LSA_GET_CALL_INFO *PLSA_GET_CALL_INFO; 684 typedef LSA_CREATE_SHARED_MEMORY *PLSA_CREATE_SHARED_MEMORY; 685 typedef LSA_ALLOCATE_SHARED_MEMORY *PLSA_ALLOCATE_SHARED_MEMORY; 686 typedef LSA_FREE_SHARED_MEMORY *PLSA_FREE_SHARED_MEMORY; 687 typedef LSA_DELETE_SHARED_MEMORY *PLSA_DELETE_SHARED_MEMORY; 688 typedef LSA_OPEN_SAM_USER *PLSA_OPEN_SAM_USER; 689 typedef LSA_GET_USER_CREDENTIALS *PLSA_GET_USER_CREDENTIALS; 690 typedef LSA_GET_USER_AUTH_DATA *PLSA_GET_USER_AUTH_DATA; 691 typedef LSA_CLOSE_SAM_USER *PLSA_CLOSE_SAM_USER; 692 typedef LSA_CONVERT_AUTH_DATA_TO_TOKEN *PLSA_CONVERT_AUTH_DATA_TO_TOKEN; 693 typedef LSA_CLIENT_CALLBACK *PLSA_CLIENT_CALLBACK; 694 typedef LSA_REGISTER_CALLBACK *PLSA_REGISTER_CALLBACK; 695 typedef LSA_UPDATE_PRIMARY_CREDENTIALS *PLSA_UPDATE_PRIMARY_CREDENTIALS; 696 typedef LSA_GET_AUTH_DATA_FOR_USER *PLSA_GET_AUTH_DATA_FOR_USER; 697 typedef LSA_CRACK_SINGLE_NAME *PLSA_CRACK_SINGLE_NAME; 698 typedef LSA_AUDIT_ACCOUNT_LOGON *PLSA_AUDIT_ACCOUNT_LOGON; 699 typedef LSA_CALL_PACKAGE_PASSTHROUGH *PLSA_CALL_PACKAGE_PASSTHROUGH; 700 typedef LSA_PROTECT_MEMORY *PLSA_PROTECT_MEMORY; 701 typedef LSA_OPEN_TOKEN_BY_LOGON_ID *PLSA_OPEN_TOKEN_BY_LOGON_ID; 702 typedef LSA_EXPAND_AUTH_DATA_FOR_DOMAIN *PLSA_EXPAND_AUTH_DATA_FOR_DOMAIN; 703 typedef LSA_CREATE_TOKEN_EX *PLSA_CREATE_TOKEN_EX; 704 typedef LSA_GET_EXTENDED_CALL_FLAGS *PLSA_GET_EXTENDED_CALL_FLAGS; 705 typedef LSA_GET_SERVICE_ACCOUNT_PASSWORD *PLSA_GET_SERVICE_ACCOUNT_PASSWORD; 706 typedef LSA_AUDIT_LOGON_EX *PLSA_AUDIT_LOGON_EX; 707 typedef LSA_CHECK_PROTECTED_USER_BY_TOKEN *PLSA_CHECK_PROTECTED_USER_BY_TOKEN; 708 typedef LSA_QUERY_CLIENT_REQUEST *PLSA_QUERY_CLIENT_REQUEST; 709 typedef LSA_GET_APP_MODE_INFO *PLSA_GET_APP_MODE_INFO; 710 typedef LSA_SET_APP_MODE_INFO *PLSA_SET_APP_MODE_INFO; 711 712 #ifdef _WINCRED_H_ 713 714 #ifndef _ENCRYPTED_CREDENTIAL_DEFINED 715 #define _ENCRYPTED_CREDENTIAL_DEFINED 716 717 typedef struct _ENCRYPTED_CREDENTIALW { 718 CREDENTIALW Cred; 719 ULONG ClearCredentialBlobSize; 720 } ENCRYPTED_CREDENTIALW,*PENCRYPTED_CREDENTIALW; 721 #endif 722 723 #define CREDP_FLAGS_IN_PROCESS 0x01 724 #define CREDP_FLAGS_USE_MIDL_HEAP 0x02 725 #define CREDP_FLAGS_DONT_CACHE_TI 0x04 726 #define CREDP_FLAGS_CLEAR_PASSWORD 0x08 727 #define CREDP_FLAGS_USER_ENCRYPTED_PASSWORD 0x10 728 #define CREDP_FLAGS_TRUSTED_CALLER 0x20 729 #define CREDP_FLAGS_VALIDATE_PROXY_TARGET 0x40 730 731 typedef NTSTATUS (NTAPI CredReadFn)(PLUID LogonId,ULONG CredFlags,LPWSTR TargetName,ULONG Type,ULONG Flags,PENCRYPTED_CREDENTIALW *Credential); 732 typedef NTSTATUS (NTAPI CredReadDomainCredentialsFn)(PLUID LogonId,ULONG CredFlags,PCREDENTIAL_TARGET_INFORMATIONW TargetInfo,ULONG Flags,PULONG Count,PENCRYPTED_CREDENTIALW **Credential); 733 typedef VOID (NTAPI CredFreeCredentialsFn)(ULONG Count,PENCRYPTED_CREDENTIALW *Credentials); 734 typedef NTSTATUS (NTAPI CredWriteFn)(PLUID LogonId,ULONG CredFlags,PENCRYPTED_CREDENTIALW Credential,ULONG Flags); 735 typedef NTSTATUS (NTAPI CrediUnmarshalandDecodeStringFn)(LPWSTR MarshaledString, LPBYTE *Blob, ULONG *BlobSize, BOOLEAN *IsFailureFatal); 736 737 NTSTATUS CredMarshalTargetInfo (PCREDENTIAL_TARGET_INFORMATIONW InTargetInfo,PUSHORT *Buffer,PULONG BufferSize); 738 NTSTATUS CredUnmarshalTargetInfo (PUSHORT Buffer,ULONG BufferSize,PCREDENTIAL_TARGET_INFORMATIONW *RetTargetInfo,PULONG RetActualSize); 739 740 #define CRED_MARSHALED_TI_SIZE_SIZE 12 741 #endif 742 743 typedef struct _SEC_WINNT_AUTH_IDENTITY32 { 744 ULONG User; 745 ULONG UserLength; 746 ULONG Domain; 747 ULONG DomainLength; 748 ULONG Password; 749 ULONG PasswordLength; 750 ULONG Flags; 751 } SEC_WINNT_AUTH_IDENTITY32,*PSEC_WINNT_AUTH_IDENTITY32; 752 753 typedef struct _SEC_WINNT_AUTH_IDENTITY_EX32 { 754 ULONG Version; 755 ULONG Length; 756 ULONG User; 757 ULONG UserLength; 758 ULONG Domain; 759 ULONG DomainLength; 760 ULONG Password; 761 ULONG PasswordLength; 762 ULONG Flags; 763 ULONG PackageList; 764 ULONG PackageListLength; 765 } SEC_WINNT_AUTH_IDENTITY_EX32,*PSEC_WINNT_AUTH_IDENTITY_EX32; 766 767 typedef struct _LSA_SECPKG_FUNCTION_TABLE { 768 PLSA_CREATE_LOGON_SESSION CreateLogonSession; 769 PLSA_DELETE_LOGON_SESSION DeleteLogonSession; 770 PLSA_ADD_CREDENTIAL AddCredential; 771 PLSA_GET_CREDENTIALS GetCredentials; 772 PLSA_DELETE_CREDENTIAL DeleteCredential; 773 PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap; 774 PLSA_FREE_LSA_HEAP FreeLsaHeap; 775 PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer; 776 PLSA_FREE_CLIENT_BUFFER FreeClientBuffer; 777 PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer; 778 PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer; 779 PLSA_IMPERSONATE_CLIENT ImpersonateClient; 780 PLSA_UNLOAD_PACKAGE UnloadPackage; 781 PLSA_DUPLICATE_HANDLE DuplicateHandle; 782 PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS SaveSupplementalCredentials; 783 PLSA_CREATE_THREAD CreateThread; 784 PLSA_GET_CLIENT_INFO GetClientInfo; 785 PLSA_REGISTER_NOTIFICATION RegisterNotification; 786 PLSA_CANCEL_NOTIFICATION CancelNotification; 787 PLSA_MAP_BUFFER MapBuffer; 788 PLSA_CREATE_TOKEN CreateToken; 789 PLSA_AUDIT_LOGON AuditLogon; 790 PLSA_CALL_PACKAGE CallPackage; 791 PLSA_FREE_LSA_HEAP FreeReturnBuffer; 792 PLSA_GET_CALL_INFO GetCallInfo; 793 PLSA_CALL_PACKAGEEX CallPackageEx; 794 PLSA_CREATE_SHARED_MEMORY CreateSharedMemory; 795 PLSA_ALLOCATE_SHARED_MEMORY AllocateSharedMemory; 796 PLSA_FREE_SHARED_MEMORY FreeSharedMemory; 797 PLSA_DELETE_SHARED_MEMORY DeleteSharedMemory; 798 PLSA_OPEN_SAM_USER OpenSamUser; 799 PLSA_GET_USER_CREDENTIALS GetUserCredentials; 800 PLSA_GET_USER_AUTH_DATA GetUserAuthData; 801 PLSA_CLOSE_SAM_USER CloseSamUser; 802 PLSA_CONVERT_AUTH_DATA_TO_TOKEN ConvertAuthDataToToken; 803 PLSA_CLIENT_CALLBACK ClientCallback; 804 PLSA_UPDATE_PRIMARY_CREDENTIALS UpdateCredentials; 805 PLSA_GET_AUTH_DATA_FOR_USER GetAuthDataForUser; 806 PLSA_CRACK_SINGLE_NAME CrackSingleName; 807 PLSA_AUDIT_ACCOUNT_LOGON AuditAccountLogon; 808 PLSA_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough; 809 #ifdef _WINCRED_H_ 810 CredReadFn *CrediRead; 811 CredReadDomainCredentialsFn *CrediReadDomainCredentials; 812 CredFreeCredentialsFn *CrediFreeCredentials; 813 #else 814 PLSA_PROTECT_MEMORY DummyFunction1; 815 PLSA_PROTECT_MEMORY DummyFunction2; 816 PLSA_PROTECT_MEMORY DummyFunction3; 817 #endif 818 PLSA_PROTECT_MEMORY LsaProtectMemory; 819 PLSA_PROTECT_MEMORY LsaUnprotectMemory; 820 PLSA_OPEN_TOKEN_BY_LOGON_ID OpenTokenByLogonId; 821 PLSA_EXPAND_AUTH_DATA_FOR_DOMAIN ExpandAuthDataForDomain; 822 PLSA_ALLOCATE_PRIVATE_HEAP AllocatePrivateHeap; 823 PLSA_FREE_PRIVATE_HEAP FreePrivateHeap; 824 PLSA_CREATE_TOKEN_EX CreateTokenEx; 825 #ifdef _WINCRED_H_ 826 CredWriteFn *CrediWrite; 827 CrediUnmarshalandDecodeStringFn *CrediUnmarshalandDecodeString; 828 #else 829 PLSA_PROTECT_MEMORY DummyFunction4; 830 PLSA_PROTECT_MEMORY DummyFunction5; 831 #endif 832 PLSA_PROTECT_MEMORY DummyFunction6; 833 PLSA_GET_EXTENDED_CALL_FLAGS GetExtendedCallFlags; 834 PLSA_DUPLICATE_HANDLE DuplicateTokenHandle; 835 PLSA_GET_SERVICE_ACCOUNT_PASSWORD GetServiceAccountPassword; 836 PLSA_PROTECT_MEMORY DummyFunction7; 837 PLSA_AUDIT_LOGON_EX AuditLogonEx; 838 PLSA_CHECK_PROTECTED_USER_BY_TOKEN CheckProtectedUserByToken; 839 PLSA_QUERY_CLIENT_REQUEST QueryClientRequest; 840 PLSA_GET_APP_MODE_INFO GetAppModeInfo; 841 PLSA_SET_APP_MODE_INFO SetAppModeInfo; 842 PLSA_GET_CLIENT_INFO_EX GetClientInfoEx; 843 } LSA_SECPKG_FUNCTION_TABLE,*PLSA_SECPKG_FUNCTION_TABLE; 844 845 typedef PVOID (NTAPI LSA_LOCATE_PKG_BY_ID)(ULONG PackgeId); 846 typedef LSA_LOCATE_PKG_BY_ID *PLSA_LOCATE_PKG_BY_ID; 847 848 typedef struct _SECPKG_DLL_FUNCTIONS { 849 PLSA_ALLOCATE_LSA_HEAP AllocateHeap; 850 PLSA_FREE_LSA_HEAP FreeHeap; 851 PLSA_REGISTER_CALLBACK RegisterCallback; 852 PLSA_LOCATE_PKG_BY_ID LocatePackageById; 853 } SECPKG_DLL_FUNCTIONS,*PSECPKG_DLL_FUNCTIONS; 854 855 typedef NTSTATUS (NTAPI SpInitializeFn)(ULONG_PTR PackageId,PSECPKG_PARAMETERS Parameters,PLSA_SECPKG_FUNCTION_TABLE FunctionTable); 856 typedef NTSTATUS (NTAPI SpShutdownFn)(VOID); 857 typedef NTSTATUS (NTAPI SpGetInfoFn)(PSecPkgInfo PackageInfo); 858 typedef NTSTATUS (NTAPI SpGetExtendedInformationFn)(SECPKG_EXTENDED_INFORMATION_CLASS Class,PSECPKG_EXTENDED_INFORMATION *ppInformation); 859 typedef NTSTATUS (NTAPI SpSetExtendedInformationFn)(SECPKG_EXTENDED_INFORMATION_CLASS Class,PSECPKG_EXTENDED_INFORMATION Info); 860 typedef NTSTATUS (LSA_AP_LOGON_USER_EX2)(PLSA_CLIENT_REQUEST ClientRequest,SECURITY_LOGON_TYPE LogonType,PVOID AuthenticationInformation,PVOID ClientAuthenticationBase,ULONG AuthenticationInformationLength,PVOID *ProfileBuffer,PULONG ProfileBufferLength,PLUID LogonId,PNTSTATUS SubStatus,PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,PVOID *TokenInformation,PUNICODE_STRING *AccountName,PUNICODE_STRING *AuthenticatingAuthority,PUNICODE_STRING *MachineName,PSECPKG_PRIMARY_CRED PrimaryCredentials,PSECPKG_SUPPLEMENTAL_CRED_ARRAY *CachedCredentials); 861 862 typedef LSA_AP_LOGON_USER_EX2 *PLSA_AP_LOGON_USER_EX2; 863 864 #define LSA_AP_NAME_LOGON_USER_EX2 "LsaApLogonUserEx2\0" 865 866 typedef NTSTATUS (LSA_AP_LOGON_USER_EX3)(PLSA_CLIENT_REQUEST ClientRequest, SECURITY_LOGON_TYPE LogonType, PVOID ProtocolSubmitBuffer, PVOID ClientBufferBase, ULONG SubmitBufferSize, PSECPKG_SURROGATE_LOGON SurrogateLogon, PVOID *ProfileBuffer, PULONG ProfileBufferSize, PLUID LogonId, PNTSTATUS SubStatus, PLSA_TOKEN_INFORMATION_TYPE TokenInformationType, PVOID *TokenInformation, PUNICODE_STRING *AccountName, PUNICODE_STRING *AuthenticatingAuthority, PUNICODE_STRING *MachineName, PSECPKG_PRIMARY_CRED PrimaryCredentials, PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials); 867 typedef LSA_AP_LOGON_USER_EX3 *PLSA_AP_LOGON_USER_EX3; 868 typedef NTSTATUS (LSA_AP_PRE_LOGON_USER_SURROGATE)(PLSA_CLIENT_REQUEST ClientRequest, SECURITY_LOGON_TYPE LogonType, PVOID ProtocolSubmitBuffer, PVOID ClientBufferBase, ULONG SubmitBufferSize, PSECPKG_SURROGATE_LOGON SurrogateLogon, PNTSTATUS SubStatus); 869 typedef LSA_AP_PRE_LOGON_USER_SURROGATE *PLSA_AP_PRE_LOGON_USER_SURROGATE; 870 typedef NTSTATUS (LSA_AP_POST_LOGON_USER_SURROGATE)(PLSA_CLIENT_REQUEST ClientRequest, SECURITY_LOGON_TYPE LogonType, PVOID ProtocolSubmitBuffer, PVOID ClientBufferBase, ULONG SubmitBufferSize, PSECPKG_SURROGATE_LOGON SurrogateLogon, PVOID ProfileBuffer, ULONG ProfileBufferSize, PLUID LogonId, NTSTATUS Status, NTSTATUS SubStatus, LSA_TOKEN_INFORMATION_TYPE TokenInformationType, PVOID TokenInformation, PUNICODE_STRING AccountName, PUNICODE_STRING AuthenticatingAuthority, PUNICODE_STRING MachineName, PSECPKG_PRIMARY_CRED PrimaryCredentials, PSECPKG_SUPPLEMENTAL_CRED_ARRAY SupplementalCredentials); 871 typedef LSA_AP_POST_LOGON_USER_SURROGATE *PLSA_AP_POST_LOGON_USER_SURROGATE; 872 873 typedef NTSTATUS (NTAPI SpAcceptCredentialsFn)(SECURITY_LOGON_TYPE LogonType,PUNICODE_STRING AccountName,PSECPKG_PRIMARY_CRED PrimaryCredentials,PSECPKG_SUPPLEMENTAL_CRED SupplementalCredentials); 874 875 #define SP_ACCEPT_CREDENTIALS_NAME "SpAcceptCredentials\0" 876 877 typedef NTSTATUS (NTAPI SpAcquireCredentialsHandleFn)(PUNICODE_STRING PrincipalName,ULONG CredentialUseFlags,PLUID LogonId,PVOID AuthorizationData,PVOID GetKeyFunciton,PVOID GetKeyArgument,PLSA_SEC_HANDLE CredentialHandle,PTimeStamp ExpirationTime); 878 typedef NTSTATUS (NTAPI SpFreeCredentialsHandleFn)(LSA_SEC_HANDLE CredentialHandle); 879 typedef NTSTATUS (NTAPI SpQueryCredentialsAttributesFn)(LSA_SEC_HANDLE CredentialHandle,ULONG CredentialAttribute,PVOID Buffer); 880 typedef NTSTATUS (NTAPI SpSetCredentialsAttributesFn)(LSA_SEC_HANDLE CredentialHandle,ULONG CredentialAttribute,PVOID Buffer,ULONG BufferSize); 881 typedef NTSTATUS (NTAPI SpAddCredentialsFn)(LSA_SEC_HANDLE CredentialHandle,PUNICODE_STRING PrincipalName,PUNICODE_STRING Package,ULONG CredentialUseFlags,PVOID AuthorizationData,PVOID GetKeyFunciton,PVOID GetKeyArgument,PTimeStamp ExpirationTime); 882 typedef NTSTATUS (NTAPI SpSaveCredentialsFn)(LSA_SEC_HANDLE CredentialHandle,PSecBuffer Credentials); 883 typedef NTSTATUS (NTAPI SpGetCredentialsFn)(LSA_SEC_HANDLE CredentialHandle,PSecBuffer Credentials); 884 typedef NTSTATUS (NTAPI SpDeleteCredentialsFn)(LSA_SEC_HANDLE CredentialHandle,PSecBuffer Key); 885 typedef NTSTATUS (NTAPI SpInitLsaModeContextFn)(LSA_SEC_HANDLE CredentialHandle,LSA_SEC_HANDLE ContextHandle,PUNICODE_STRING TargetName,ULONG ContextRequirements,ULONG TargetDataRep,PSecBufferDesc InputBuffers,PLSA_SEC_HANDLE NewContextHandle,PSecBufferDesc OutputBuffers,PULONG ContextAttributes,PTimeStamp ExpirationTime,PBOOLEAN MappedContext,PSecBuffer ContextData); 886 typedef NTSTATUS (NTAPI SpDeleteContextFn)(LSA_SEC_HANDLE ContextHandle); 887 typedef NTSTATUS (NTAPI SpApplyControlTokenFn)(LSA_SEC_HANDLE ContextHandle,PSecBufferDesc ControlToken); 888 typedef NTSTATUS (NTAPI SpAcceptLsaModeContextFn)(LSA_SEC_HANDLE CredentialHandle,LSA_SEC_HANDLE ContextHandle,PSecBufferDesc InputBuffer,ULONG ContextRequirements,ULONG TargetDataRep,PLSA_SEC_HANDLE NewContextHandle,PSecBufferDesc OutputBuffer,PULONG ContextAttributes,PTimeStamp ExpirationTime,PBOOLEAN MappedContext,PSecBuffer ContextData); 889 typedef NTSTATUS (NTAPI SpGetUserInfoFn)(PLUID LogonId,ULONG Flags,PSecurityUserData *UserData); 890 typedef NTSTATUS (NTAPI SpQueryContextAttributesFn)(LSA_SEC_HANDLE ContextHandle,ULONG ContextAttribute,PVOID Buffer); 891 typedef NTSTATUS (NTAPI SpSetContextAttributesFn)(LSA_SEC_HANDLE ContextHandle,ULONG ContextAttribute,PVOID Buffer,ULONG BufferSize); 892 typedef NTSTATUS (NTAPI SpChangeAccountPasswordFn)(PUNICODE_STRING pDomainName, PUNICODE_STRING pAccountName, PUNICODE_STRING pOldPassword, PUNICODE_STRING pNewPassword, BOOLEAN Impersonating, PSecBufferDesc pOutput); 893 typedef NTSTATUS (NTAPI SpQueryMetaDataFn)(LSA_SEC_HANDLE CredentialHandle, PUNICODE_STRING TargetName, ULONG ContextRequirements, PULONG MetaDataLength, PUCHAR *MetaData, PLSA_SEC_HANDLE ContextHandle); 894 typedef NTSTATUS (NTAPI SpExchangeMetaDataFn)(LSA_SEC_HANDLE CredentialHandle, PUNICODE_STRING TargetName, ULONG ContextRequirements, ULONG MetaDataLength, PUCHAR MetaData, PLSA_SEC_HANDLE ContextHandle); 895 typedef NTSTATUS (NTAPI SpGetCredUIContextFn)(LSA_SEC_HANDLE ContextHandle, GUID *CredType, PULONG FlatCredUIContextLength, PUCHAR *FlatCredUIContext); 896 typedef NTSTATUS (NTAPI SpUpdateCredentialsFn)(LSA_SEC_HANDLE ContextHandle, GUID *CredType, ULONG FlatCredUIContextLength, PUCHAR FlatCredUIContext); 897 typedef NTSTATUS (NTAPI SpValidateTargetInfoFn)(PLSA_CLIENT_REQUEST ClientRequest, PVOID ProtocolSubmitBuffer, PVOID ClientBufferBase, ULONG SubmitBufferLength, PSECPKG_TARGETINFO TargetInfo); 898 typedef NTSTATUS (NTAPI SpExtractTargetInfoFn)(PLSA_CLIENT_REQUEST ClientRequest, PVOID ProtocolSubmitBuffer, PVOID ClientBufferBase, ULONG SubmitBufferLength, PVOID *ppvTargetInfo, ULONG *pcbTargetInfo); 899 typedef NTSTATUS (NTAPI LSA_AP_POST_LOGON_USER)(PSECPKG_POST_LOGON_USER_INFO PostLogonUserInfo); 900 typedef NTSTATUS (NTAPI SpGetRemoteCredGuardLogonBufferFn)(LSA_SEC_HANDLE CredHandle, LSA_SEC_HANDLE ContextHandle, const UNICODE_STRING *TargetName, PHANDLE RedirectedLogonHandle, PLSA_REDIRECTED_LOGON_CALLBACK *Callback, PLSA_REDIRECTED_LOGON_CLEANUP_CALLBACK *CleanupCallback, PULONG LogonBufferSize, PVOID *LogonBuffer); 901 typedef NTSTATUS (NTAPI SpGetRemoteCredGuardSupplementalCredsFn)(LSA_SEC_HANDLE CredHandle, const UNICODE_STRING *TargetName, PHANDLE RedirectedLogonHandle, PLSA_REDIRECTED_LOGON_CALLBACK *Callback, PLSA_REDIRECTED_LOGON_CLEANUP_CALLBACK *CleanupCallback, PULONG SupplementalCredsSize, PVOID *SupplementalCreds); 902 typedef NTSTATUS (NTAPI SpGetTbalSupplementalCredsFn)(LUID LogonId, PULONG SupplementalCredsSize, PVOID *SupplementalCreds); 903 904 typedef struct _SECPKG_FUNCTION_TABLE { 905 PLSA_AP_INITIALIZE_PACKAGE InitializePackage; 906 PLSA_AP_LOGON_USER LogonUser; 907 PLSA_AP_CALL_PACKAGE CallPackage; 908 PLSA_AP_LOGON_TERMINATED LogonTerminated; 909 PLSA_AP_CALL_PACKAGE_UNTRUSTED CallPackageUntrusted; 910 PLSA_AP_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough; 911 PLSA_AP_LOGON_USER_EX LogonUserEx; 912 PLSA_AP_LOGON_USER_EX2 LogonUserEx2; 913 SpInitializeFn *Initialize; 914 SpShutdownFn *Shutdown; 915 SpGetInfoFn *GetInfo; 916 SpAcceptCredentialsFn *AcceptCredentials; 917 SpAcquireCredentialsHandleFn *AcquireCredentialsHandle; 918 SpQueryCredentialsAttributesFn *QueryCredentialsAttributes; 919 SpFreeCredentialsHandleFn *FreeCredentialsHandle; 920 SpSaveCredentialsFn *SaveCredentials; 921 SpGetCredentialsFn *GetCredentials; 922 SpDeleteCredentialsFn *DeleteCredentials; 923 SpInitLsaModeContextFn *InitLsaModeContext; 924 SpAcceptLsaModeContextFn *AcceptLsaModeContext; 925 SpDeleteContextFn *DeleteContext; 926 SpApplyControlTokenFn *ApplyControlToken; 927 SpGetUserInfoFn *GetUserInfo; 928 SpGetExtendedInformationFn *GetExtendedInformation; 929 SpQueryContextAttributesFn *QueryContextAttributes; 930 SpAddCredentialsFn *AddCredentials; 931 SpSetExtendedInformationFn *SetExtendedInformation; 932 SpSetContextAttributesFn *SetContextAttributes; 933 SpSetCredentialsAttributesFn *SetCredentialsAttributes; 934 SpChangeAccountPasswordFn *ChangeAccountPassword; 935 SpQueryMetaDataFn *QueryMetaData; 936 SpExchangeMetaDataFn *ExchangeMetaData; 937 SpGetCredUIContextFn *GetCredUIContext; 938 SpUpdateCredentialsFn *UpdateCredentials; 939 SpValidateTargetInfoFn *ValidateTargetInfo; 940 LSA_AP_POST_LOGON_USER *PostLogonUser; 941 SpGetRemoteCredGuardLogonBufferFn *GetRemoteCredGuardLogonBuffer; 942 SpGetRemoteCredGuardSupplementalCredsFn *GetRemoteCredGuardSupplementalCreds; 943 SpGetTbalSupplementalCredsFn *GetTbalSupplementalCreds; 944 PLSA_AP_LOGON_USER_EX3 LogonUserEx3; 945 PLSA_AP_PRE_LOGON_USER_SURROGATE PreLogonUserSurrogate; 946 PLSA_AP_POST_LOGON_USER_SURROGATE PostLogonUserSurrogate; 947 SpExtractTargetInfoFn *ExtractTargetInfo; 948 } SECPKG_FUNCTION_TABLE,*PSECPKG_FUNCTION_TABLE; 949 950 typedef NTSTATUS (NTAPI SpInstanceInitFn)(ULONG Version,PSECPKG_DLL_FUNCTIONS FunctionTable,PVOID *UserFunctions); 951 typedef NTSTATUS (NTAPI SpInitUserModeContextFn)(LSA_SEC_HANDLE ContextHandle,PSecBuffer PackedContext); 952 typedef NTSTATUS (NTAPI SpMakeSignatureFn)(LSA_SEC_HANDLE ContextHandle,ULONG QualityOfProtection,PSecBufferDesc MessageBuffers,ULONG MessageSequenceNumber); 953 typedef NTSTATUS (NTAPI SpVerifySignatureFn)(LSA_SEC_HANDLE ContextHandle,PSecBufferDesc MessageBuffers,ULONG MessageSequenceNumber,PULONG QualityOfProtection); 954 typedef NTSTATUS (NTAPI SpSealMessageFn)(LSA_SEC_HANDLE ContextHandle,ULONG QualityOfProtection,PSecBufferDesc MessageBuffers,ULONG MessageSequenceNumber); 955 typedef NTSTATUS (NTAPI SpUnsealMessageFn)(LSA_SEC_HANDLE ContextHandle,PSecBufferDesc MessageBuffers,ULONG MessageSequenceNumber,PULONG QualityOfProtection); 956 typedef NTSTATUS (NTAPI SpGetContextTokenFn)(LSA_SEC_HANDLE ContextHandle,PHANDLE ImpersonationToken); 957 typedef NTSTATUS (NTAPI SpExportSecurityContextFn)(LSA_SEC_HANDLE phContext,ULONG fFlags,PSecBuffer pPackedContext,PHANDLE pToken); 958 typedef NTSTATUS (NTAPI SpImportSecurityContextFn)(PSecBuffer pPackedContext,HANDLE Token,PLSA_SEC_HANDLE phContext); 959 typedef NTSTATUS (NTAPI SpCompleteAuthTokenFn)(LSA_SEC_HANDLE ContextHandle,PSecBufferDesc InputBuffer); 960 typedef NTSTATUS (NTAPI SpFormatCredentialsFn)(PSecBuffer Credentials,PSecBuffer FormattedCredentials); 961 typedef NTSTATUS (NTAPI SpMarshallSupplementalCredsFn)(ULONG CredentialSize,PUCHAR Credentials,PULONG MarshalledCredSize,PVOID *MarshalledCreds); 962 963 #define SECPKG_UNICODE_ATTRIBUTE 0x80000000 964 #define SECPKG_ANSI_ATTRIBUTE 0 965 #define SECPKG_CREDENTIAL_ATTRIBUTE 0 966 967 typedef NTSTATUS (NTAPI SpMarshalAttributeDataFn)(DWORD AttributeInfo, ULONG Attribute, ULONG AttributeDataSize, PBYTE AttributeData, PULONG MarshaledAttributeDataSize, PBYTE *MarshaledAttributeData); 968 969 typedef struct _SECPKG_USER_FUNCTION_TABLE { 970 SpInstanceInitFn *InstanceInit; 971 SpInitUserModeContextFn *InitUserModeContext; 972 SpMakeSignatureFn *MakeSignature; 973 SpVerifySignatureFn *VerifySignature; 974 SpSealMessageFn *SealMessage; 975 SpUnsealMessageFn *UnsealMessage; 976 SpGetContextTokenFn *GetContextToken; 977 SpQueryContextAttributesFn *QueryContextAttributes; 978 SpCompleteAuthTokenFn *CompleteAuthToken; 979 SpDeleteContextFn *DeleteUserModeContext; 980 SpFormatCredentialsFn *FormatCredentials; 981 SpMarshallSupplementalCredsFn *MarshallSupplementalCreds; 982 SpExportSecurityContextFn *ExportContext; 983 SpImportSecurityContextFn *ImportContext; 984 SpMarshalAttributeDataFn *MarshalAttributeData; 985 } SECPKG_USER_FUNCTION_TABLE,*PSECPKG_USER_FUNCTION_TABLE; 986 987 typedef NTSTATUS (SEC_ENTRY *SpLsaModeInitializeFn)(ULONG LsaVersion,PULONG PackageVersion,PSECPKG_FUNCTION_TABLE *ppTables,PULONG pcTables); 988 typedef NTSTATUS (SEC_ENTRY *SpUserModeInitializeFn)(ULONG LsaVersion,PULONG PackageVersion,PSECPKG_USER_FUNCTION_TABLE *ppTables,PULONG pcTables); 989 990 #define SECPKG_LSAMODEINIT_NAME "SpLsaModeInitialize" 991 #define SECPKG_USERMODEINIT_NAME "SpUserModeInitialize" 992 993 #define SECPKG_INTERFACE_VERSION 0x00010000 994 #define SECPKG_INTERFACE_VERSION_2 0x00020000 995 #define SECPKG_INTERFACE_VERSION_3 0x00040000 996 #define SECPKG_INTERFACE_VERSION_4 0x00080000 997 #define SECPKG_INTERFACE_VERSION_5 0x00100000 998 #define SECPKG_INTERFACE_VERSION_6 0x00200000 999 #define SECPKG_INTERFACE_VERSION_7 0x00400000 1000 #define SECPKG_INTERFACE_VERSION_8 0x00800000 1001 #define SECPKG_INTERFACE_VERSION_9 0x01000000 1002 #define SECPKG_INTERFACE_VERSION_10 0x02000000 1003 #define SECPKG_INTERFACE_VERSION_11 0x04000000 1004 1005 typedef enum _KSEC_CONTEXT_TYPE { 1006 KSecPaged,KSecNonPaged 1007 } KSEC_CONTEXT_TYPE; 1008 1009 typedef struct _KSEC_LIST_ENTRY { 1010 LIST_ENTRY List; 1011 LONG RefCount; 1012 ULONG Signature; 1013 PVOID OwningList; 1014 PVOID Reserved; 1015 } KSEC_LIST_ENTRY,*PKSEC_LIST_ENTRY; 1016 1017 #define KsecInitializeListEntry(Entry,SigValue) ((PKSEC_LIST_ENTRY) Entry)->List.Flink = ((PKSEC_LIST_ENTRY) Entry)->List.Blink = NULL; ((PKSEC_LIST_ENTRY) Entry)->RefCount = 1; ((PKSEC_LIST_ENTRY) Entry)->Signature = SigValue; ((PKSEC_LIST_ENTRY) Entry)->OwningList = NULL; ((PKSEC_LIST_ENTRY) Entry)->Reserved = NULL; 1018 1019 typedef PVOID (SEC_ENTRY KSEC_CREATE_CONTEXT_LIST)(KSEC_CONTEXT_TYPE Type); 1020 typedef VOID (SEC_ENTRY KSEC_INSERT_LIST_ENTRY)(PVOID List,PKSEC_LIST_ENTRY Entry); 1021 typedef NTSTATUS (SEC_ENTRY KSEC_REFERENCE_LIST_ENTRY)(PKSEC_LIST_ENTRY Entry,ULONG Signature,BOOLEAN RemoveNoRef); 1022 typedef VOID (SEC_ENTRY KSEC_DEREFERENCE_LIST_ENTRY)(PKSEC_LIST_ENTRY Entry,BOOLEAN *Delete); 1023 typedef NTSTATUS (SEC_ENTRY KSEC_SERIALIZE_WINNT_AUTH_DATA)(PVOID pvAuthData,PULONG Size,PVOID *SerializedData); 1024 typedef NTSTATUS (SEC_ENTRY KSEC_SERIALIZE_SCHANNEL_AUTH_DATA)(PVOID pvAuthData,PULONG Size,PVOID *SerializedData); 1025 1026 KSEC_CREATE_CONTEXT_LIST KSecCreateContextList; 1027 KSEC_INSERT_LIST_ENTRY KSecInsertListEntry; 1028 KSEC_REFERENCE_LIST_ENTRY KSecReferenceListEntry; 1029 KSEC_DEREFERENCE_LIST_ENTRY KSecDereferenceListEntry; 1030 KSEC_SERIALIZE_WINNT_AUTH_DATA KSecSerializeWinntAuthData; 1031 KSEC_SERIALIZE_SCHANNEL_AUTH_DATA KSecSerializeSchannelAuthData; 1032 1033 typedef KSEC_CREATE_CONTEXT_LIST *PKSEC_CREATE_CONTEXT_LIST; 1034 typedef KSEC_INSERT_LIST_ENTRY *PKSEC_INSERT_LIST_ENTRY; 1035 typedef KSEC_REFERENCE_LIST_ENTRY *PKSEC_REFERENCE_LIST_ENTRY; 1036 typedef KSEC_DEREFERENCE_LIST_ENTRY *PKSEC_DEREFERENCE_LIST_ENTRY; 1037 typedef KSEC_SERIALIZE_WINNT_AUTH_DATA *PKSEC_SERIALIZE_WINNT_AUTH_DATA; 1038 typedef KSEC_SERIALIZE_SCHANNEL_AUTH_DATA *PKSEC_SERIALIZE_SCHANNEL_AUTH_DATA; 1039 1040 typedef PVOID (SEC_ENTRY KSEC_LOCATE_PKG_BY_ID)(ULONG PackageId); 1041 typedef KSEC_LOCATE_PKG_BY_ID *PKSEC_LOCATE_PKG_BY_ID; 1042 KSEC_LOCATE_PKG_BY_ID KSecLocatePackageById; 1043 1044 typedef struct _SECPKG_KERNEL_FUNCTIONS { 1045 PLSA_ALLOCATE_LSA_HEAP AllocateHeap; 1046 PLSA_FREE_LSA_HEAP FreeHeap; 1047 PKSEC_CREATE_CONTEXT_LIST CreateContextList; 1048 PKSEC_INSERT_LIST_ENTRY InsertListEntry; 1049 PKSEC_REFERENCE_LIST_ENTRY ReferenceListEntry; 1050 PKSEC_DEREFERENCE_LIST_ENTRY DereferenceListEntry; 1051 PKSEC_SERIALIZE_WINNT_AUTH_DATA SerializeWinntAuthData; 1052 PKSEC_SERIALIZE_SCHANNEL_AUTH_DATA SerializeSchannelAuthData; 1053 PKSEC_LOCATE_PKG_BY_ID LocatePackageById; 1054 } SECPKG_KERNEL_FUNCTIONS,*PSECPKG_KERNEL_FUNCTIONS; 1055 1056 typedef NTSTATUS (NTAPI KspInitPackageFn)(PSECPKG_KERNEL_FUNCTIONS FunctionTable); 1057 typedef NTSTATUS (NTAPI KspDeleteContextFn)(LSA_SEC_HANDLE ContextId,PLSA_SEC_HANDLE LsaContextId); 1058 typedef NTSTATUS (NTAPI KspInitContextFn)(LSA_SEC_HANDLE ContextId,PSecBuffer ContextData,PLSA_SEC_HANDLE NewContextId); 1059 typedef NTSTATUS (NTAPI KspMakeSignatureFn)(LSA_SEC_HANDLE ContextId,ULONG fQOP,PSecBufferDesc Message,ULONG MessageSeqNo); 1060 typedef NTSTATUS (NTAPI KspVerifySignatureFn)(LSA_SEC_HANDLE ContextId,PSecBufferDesc Message,ULONG MessageSeqNo,PULONG pfQOP); 1061 typedef NTSTATUS (NTAPI KspSealMessageFn)(LSA_SEC_HANDLE ContextId,ULONG fQOP,PSecBufferDesc Message,ULONG MessageSeqNo); 1062 typedef NTSTATUS (NTAPI KspUnsealMessageFn)(LSA_SEC_HANDLE ContextId,PSecBufferDesc Message,ULONG MessageSeqNo,PULONG pfQOP); 1063 typedef NTSTATUS (NTAPI KspGetTokenFn)(LSA_SEC_HANDLE ContextId,PHANDLE ImpersonationToken,PACCESS_TOKEN *RawToken); 1064 typedef NTSTATUS (NTAPI KspQueryAttributesFn)(LSA_SEC_HANDLE ContextId,ULONG Attribute,PVOID Buffer); 1065 typedef NTSTATUS (NTAPI KspCompleteTokenFn)(LSA_SEC_HANDLE ContextId,PSecBufferDesc Token); 1066 typedef NTSTATUS (NTAPI KspMapHandleFn)(LSA_SEC_HANDLE ContextId,PLSA_SEC_HANDLE LsaContextId); 1067 typedef NTSTATUS (NTAPI KspSetPagingModeFn)(BOOLEAN PagingMode); 1068 typedef NTSTATUS (NTAPI KspSerializeAuthDataFn)(PVOID pvAuthData,PULONG Size,PVOID *SerializedData); 1069 1070 typedef struct _SECPKG_KERNEL_FUNCTION_TABLE { 1071 KspInitPackageFn *Initialize; 1072 KspDeleteContextFn *DeleteContext; 1073 KspInitContextFn *InitContext; 1074 KspMapHandleFn *MapHandle; 1075 KspMakeSignatureFn *Sign; 1076 KspVerifySignatureFn *Verify; 1077 KspSealMessageFn *Seal; 1078 KspUnsealMessageFn *Unseal; 1079 KspGetTokenFn *GetToken; 1080 KspQueryAttributesFn *QueryAttributes; 1081 KspCompleteTokenFn *CompleteToken; 1082 SpExportSecurityContextFn *ExportContext; 1083 SpImportSecurityContextFn *ImportContext; 1084 KspSetPagingModeFn *SetPackagePagingMode; 1085 KspSerializeAuthDataFn *SerializeAuthData; 1086 } SECPKG_KERNEL_FUNCTION_TABLE,*PSECPKG_KERNEL_FUNCTION_TABLE; 1087 1088 SECURITY_STATUS SEC_ENTRY KSecRegisterSecurityProvider(PSECURITY_STRING ProviderName,PSECPKG_KERNEL_FUNCTION_TABLE Table); 1089 1090 SECURITY_STATUS SEC_ENTRY KSecLocatePackage(PUNICODE_STRING PackageName, PSECPKG_KERNEL_FUNCTION_TABLE *Package, PULONG_PTR PackageId); 1091 1092 extern SECPKG_KERNEL_FUNCTIONS KspKernelFunctions; 1093 1094 #ifdef __cplusplus 1095 } 1096 #endif 1097 #endif