master
1/**
2 * This file has no copyright assigned and is placed in the Public Domain.
3 * This file is part of the mingw-w64 runtime package.
4 * No warranty is given; refer to the file DISCLAIMER.PD within this package.
5 */
6#ifndef _NTSECPKG_
7#define _NTSECPKG_
8
9#ifdef __cplusplus
10extern "C" {
11#endif
12
13 typedef PVOID *PLSA_CLIENT_REQUEST;
14
15 typedef enum _LSA_TOKEN_INFORMATION_TYPE {
16 LsaTokenInformationNull,
17 LsaTokenInformationV1,
18 LsaTokenInformationV2,
19 LsaTokenInformationV3
20 } LSA_TOKEN_INFORMATION_TYPE,*PLSA_TOKEN_INFORMATION_TYPE;
21
22 typedef struct _LSA_TOKEN_INFORMATION_NULL {
23 LARGE_INTEGER ExpirationTime;
24 PTOKEN_GROUPS Groups;
25 } LSA_TOKEN_INFORMATION_NULL,*PLSA_TOKEN_INFORMATION_NULL;
26
27 typedef struct _LSA_TOKEN_INFORMATION_V1 {
28 LARGE_INTEGER ExpirationTime;
29 TOKEN_USER User;
30 PTOKEN_GROUPS Groups;
31 TOKEN_PRIMARY_GROUP PrimaryGroup;
32 PTOKEN_PRIVILEGES Privileges;
33 TOKEN_OWNER Owner;
34 TOKEN_DEFAULT_DACL DefaultDacl;
35 } LSA_TOKEN_INFORMATION_V1,*PLSA_TOKEN_INFORMATION_V1;
36
37 typedef LSA_TOKEN_INFORMATION_V1 LSA_TOKEN_INFORMATION_V2,*PLSA_TOKEN_INFORMATION_V2;
38
39 typedef struct _LSA_TOKEN_INFORMATION_V3 {
40 LARGE_INTEGER ExpirationTime;
41 TOKEN_USER User;
42 PTOKEN_GROUPS Groups;
43 TOKEN_PRIMARY_GROUP PrimaryGroup;
44 PTOKEN_PRIVILEGES Privileges;
45 TOKEN_OWNER Owner;
46 TOKEN_DEFAULT_DACL DefaultDacl;
47 TOKEN_USER_CLAIMS UserClaims;
48 TOKEN_DEVICE_CLAIMS DeviceClaims;
49 PTOKEN_GROUPS DeviceGroups;
50 } LSA_TOKEN_INFORMATION_V3, *PLSA_TOKEN_INFORMATION_V3;
51
52 typedef NTSTATUS (NTAPI LSA_CREATE_LOGON_SESSION)(PLUID LogonId);
53 typedef NTSTATUS (NTAPI LSA_DELETE_LOGON_SESSION)(PLUID LogonId);
54 typedef NTSTATUS (NTAPI LSA_ADD_CREDENTIAL)(PLUID LogonId,ULONG AuthenticationPackage,PLSA_STRING PrimaryKeyValue,PLSA_STRING Credentials);
55 typedef NTSTATUS (NTAPI LSA_GET_CREDENTIALS)(PLUID LogonId,ULONG AuthenticationPackage,PULONG QueryContext,BOOLEAN RetrieveAllCredentials,PLSA_STRING PrimaryKeyValue,PULONG PrimaryKeyLength,PLSA_STRING Credentials);
56 typedef NTSTATUS (NTAPI LSA_DELETE_CREDENTIAL)(PLUID LogonId,ULONG AuthenticationPackage,PLSA_STRING PrimaryKeyValue);
57 typedef PVOID (NTAPI LSA_ALLOCATE_LSA_HEAP)(ULONG Length);
58 typedef VOID (NTAPI LSA_FREE_LSA_HEAP)(PVOID Base);
59 typedef PVOID (NTAPI LSA_ALLOCATE_PRIVATE_HEAP)(SIZE_T Length);
60 typedef VOID (NTAPI LSA_FREE_PRIVATE_HEAP)(PVOID Base);
61 typedef NTSTATUS (NTAPI LSA_ALLOCATE_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST ClientRequest,ULONG LengthRequired,PVOID *ClientBaseAddress);
62 typedef NTSTATUS (NTAPI LSA_FREE_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST ClientRequest,PVOID ClientBaseAddress);
63 typedef NTSTATUS (NTAPI LSA_COPY_TO_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST ClientRequest,ULONG Length,PVOID ClientBaseAddress,PVOID BufferToCopy);
64 typedef NTSTATUS (NTAPI LSA_COPY_FROM_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST ClientRequest,ULONG Length,PVOID BufferToCopy,PVOID ClientBaseAddress);
65
66 typedef LSA_CREATE_LOGON_SESSION *PLSA_CREATE_LOGON_SESSION;
67 typedef LSA_DELETE_LOGON_SESSION *PLSA_DELETE_LOGON_SESSION;
68 typedef LSA_ADD_CREDENTIAL *PLSA_ADD_CREDENTIAL;
69 typedef LSA_GET_CREDENTIALS *PLSA_GET_CREDENTIALS;
70 typedef LSA_DELETE_CREDENTIAL *PLSA_DELETE_CREDENTIAL;
71 typedef LSA_ALLOCATE_LSA_HEAP *PLSA_ALLOCATE_LSA_HEAP;
72 typedef LSA_FREE_LSA_HEAP *PLSA_FREE_LSA_HEAP;
73 typedef LSA_ALLOCATE_PRIVATE_HEAP *PLSA_ALLOCATE_PRIVATE_HEAP;
74 typedef LSA_FREE_PRIVATE_HEAP *PLSA_FREE_PRIVATE_HEAP;
75 typedef LSA_ALLOCATE_CLIENT_BUFFER *PLSA_ALLOCATE_CLIENT_BUFFER;
76 typedef LSA_FREE_CLIENT_BUFFER *PLSA_FREE_CLIENT_BUFFER;
77 typedef LSA_COPY_TO_CLIENT_BUFFER *PLSA_COPY_TO_CLIENT_BUFFER;
78 typedef LSA_COPY_FROM_CLIENT_BUFFER *PLSA_COPY_FROM_CLIENT_BUFFER;
79
80 typedef struct _LSA_DISPATCH_TABLE {
81 PLSA_CREATE_LOGON_SESSION CreateLogonSession;
82 PLSA_DELETE_LOGON_SESSION DeleteLogonSession;
83 PLSA_ADD_CREDENTIAL AddCredential;
84 PLSA_GET_CREDENTIALS GetCredentials;
85 PLSA_DELETE_CREDENTIAL DeleteCredential;
86 PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap;
87 PLSA_FREE_LSA_HEAP FreeLsaHeap;
88 PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer;
89 PLSA_FREE_CLIENT_BUFFER FreeClientBuffer;
90 PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer;
91 PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer;
92 } LSA_DISPATCH_TABLE,*PLSA_DISPATCH_TABLE;
93
94#define LSA_AP_NAME_INITIALIZE_PACKAGE "LsaApInitializePackage\0"
95#define LSA_AP_NAME_LOGON_USER "LsaApLogonUser\0"
96#define LSA_AP_NAME_LOGON_USER_EX "LsaApLogonUserEx\0"
97#define LSA_AP_NAME_CALL_PACKAGE "LsaApCallPackage\0"
98#define LSA_AP_NAME_LOGON_TERMINATED "LsaApLogonTerminated\0"
99#define LSA_AP_NAME_CALL_PACKAGE_UNTRUSTED "LsaApCallPackageUntrusted\0"
100#define LSA_AP_NAME_CALL_PACKAGE_PASSTHROUGH "LsaApCallPackagePassthrough\0"
101
102 typedef NTSTATUS (NTAPI LSA_AP_INITIALIZE_PACKAGE)(ULONG AuthenticationPackageId,PLSA_DISPATCH_TABLE LsaDispatchTable,PLSA_STRING Database,PLSA_STRING Confidentiality,PLSA_STRING *AuthenticationPackageName);
103 typedef NTSTATUS (NTAPI LSA_AP_LOGON_USER)(PLSA_CLIENT_REQUEST ClientRequest,SECURITY_LOGON_TYPE LogonType,PVOID AuthenticationInformation,PVOID ClientAuthenticationBase,ULONG AuthenticationInformationLength,PVOID *ProfileBuffer,PULONG ProfileBufferLength,PLUID LogonId,PNTSTATUS SubStatus,PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,PVOID *TokenInformation,PLSA_UNICODE_STRING *AccountName,PLSA_UNICODE_STRING *AuthenticatingAuthority);
104 typedef NTSTATUS (NTAPI LSA_AP_LOGON_USER_EX)(PLSA_CLIENT_REQUEST ClientRequest,SECURITY_LOGON_TYPE LogonType,PVOID AuthenticationInformation,PVOID ClientAuthenticationBase,ULONG AuthenticationInformationLength,PVOID *ProfileBuffer,PULONG ProfileBufferLength,PLUID LogonId,PNTSTATUS SubStatus,PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,PVOID *TokenInformation,PUNICODE_STRING *AccountName,PUNICODE_STRING *AuthenticatingAuthority,PUNICODE_STRING *MachineName);
105 typedef NTSTATUS (NTAPI LSA_AP_CALL_PACKAGE)(PLSA_CLIENT_REQUEST ClientRequest,PVOID ProtocolSubmitBuffer,PVOID ClientBufferBase,ULONG SubmitBufferLength,PVOID *ProtocolReturnBuffer,PULONG ReturnBufferLength,PNTSTATUS ProtocolStatus);
106 typedef NTSTATUS (NTAPI LSA_AP_CALL_PACKAGE_PASSTHROUGH)(PLSA_CLIENT_REQUEST ClientRequest,PVOID ProtocolSubmitBuffer,PVOID ClientBufferBase,ULONG SubmitBufferLength,PVOID *ProtocolReturnBuffer,PULONG ReturnBufferLength,PNTSTATUS ProtocolStatus);
107 typedef VOID (NTAPI LSA_AP_LOGON_TERMINATED)(PLUID LogonId);
108
109 typedef LSA_AP_CALL_PACKAGE LSA_AP_CALL_PACKAGE_UNTRUSTED;
110 typedef LSA_AP_INITIALIZE_PACKAGE *PLSA_AP_INITIALIZE_PACKAGE;
111 typedef LSA_AP_LOGON_USER *PLSA_AP_LOGON_USER;
112 typedef LSA_AP_LOGON_USER_EX *PLSA_AP_LOGON_USER_EX;
113 typedef LSA_AP_CALL_PACKAGE *PLSA_AP_CALL_PACKAGE;
114 typedef LSA_AP_CALL_PACKAGE_PASSTHROUGH *PLSA_AP_CALL_PACKAGE_PASSTHROUGH;
115 typedef LSA_AP_LOGON_TERMINATED *PLSA_AP_LOGON_TERMINATED;
116 typedef LSA_AP_CALL_PACKAGE_UNTRUSTED *PLSA_AP_CALL_PACKAGE_UNTRUSTED;
117
118#ifndef _SAM_CREDENTIAL_UPDATE_DEFINED
119#define _SAM_CREDENTIAL_UPDATE_DEFINED
120
121 typedef NTSTATUS (*PSAM_CREDENTIAL_UPDATE_NOTIFY_ROUTINE)(PUNICODE_STRING ClearPassword,PVOID OldCredentials,ULONG OldCredentialSize,ULONG UserAccountControl,PUNICODE_STRING UPN,PUNICODE_STRING UserName,PUNICODE_STRING NetbiosDomainName,PUNICODE_STRING DnsDomainName,PVOID *NewCredentials,ULONG *NewCredentialSize);
122
123#define SAM_CREDENTIAL_UPDATE_NOTIFY_ROUTINE "CredentialUpdateNotify"
124
125 typedef BOOLEAN (*PSAM_CREDENTIAL_UPDATE_REGISTER_ROUTINE)(PUNICODE_STRING CredentialName);
126
127#define SAM_CREDENTIAL_UPDATE_REGISTER_ROUTINE "CredentialUpdateRegister"
128
129 typedef VOID (*PSAM_CREDENTIAL_UPDATE_FREE_ROUTINE)(PVOID p);
130
131#define SAM_CREDENTIAL_UPDATE_FREE_ROUTINE "CredentialUpdateFree"
132
133 typedef struct {
134 PSTR Original;
135 PSTR Mapped;
136 BOOLEAN Continuable;
137 } SAM_REGISTER_MAPPING_ELEMENT, *PSAM_REGISTER_MAPPING_ELEMENT;
138
139 typedef struct {
140 ULONG Count;
141 PSAM_REGISTER_MAPPING_ELEMENT Elements;
142 } SAM_REGISTER_MAPPING_LIST, *PSAM_REGISTER_MAPPING_LIST;
143
144 typedef struct {
145 ULONG Count;
146 PSAM_REGISTER_MAPPING_LIST Lists;
147 } SAM_REGISTER_MAPPING_TABLE, *PSAM_REGISTER_MAPPING_TABLE;
148
149 typedef NTSTATUS (*PSAM_CREDENTIAL_UPDATE_REGISTER_MAPPED_ENTRYPOINTS_ROUTINE)(SAM_REGISTER_MAPPING_TABLE *Table);
150
151#define SAM_CREDENTIAL_UPDATE_REGISTER_MAPPED_ENTRYPOINTS_ROUTINE "RegisterMappedEntrypoints"
152
153#endif /* _SAM_CREDENTIAL_UPDATE_DEFINED */
154
155#ifdef SECURITY_KERNEL
156
157 typedef PVOID SEC_THREAD_START;
158 typedef PVOID SEC_ATTRS;
159#else
160 typedef LPTHREAD_START_ROUTINE SEC_THREAD_START;
161 typedef LPSECURITY_ATTRIBUTES SEC_ATTRS;
162#endif
163
164#define SecEqualLuid(L1,L2) ((((PLUID)L1)->LowPart==((PLUID)L2)->LowPart) && (((PLUID)L1)->HighPart==((PLUID)L2)->HighPart))
165#define SecIsZeroLuid(L1) ((L1->LowPart | L1->HighPart)==0)
166
167 typedef struct _SECPKG_CLIENT_INFO {
168 LUID LogonId;
169 ULONG ProcessID;
170 ULONG ThreadID;
171 BOOLEAN HasTcbPrivilege;
172 BOOLEAN Impersonating;
173 BOOLEAN Restricted;
174
175 UCHAR ClientFlags;
176 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
177
178 HANDLE ClientToken;
179
180 } SECPKG_CLIENT_INFO,*PSECPKG_CLIENT_INFO;
181
182 typedef struct _SECPKG_CLIENT_INFO_EX {
183 LUID LogonId;
184 ULONG ProcessID;
185 ULONG ThreadID;
186 BOOLEAN HasTcbPrivilege;
187 BOOLEAN Impersonating;
188 BOOLEAN Restricted;
189 UCHAR ClientFlags;
190 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
191 HANDLE ClientToken;
192 LUID IdentificationLogonId;
193 HANDLE IdentificationToken;
194 } SECPKG_CLIENT_INFO_EX, *PSECPKG_CLIENT_INFO_EX;
195
196#define SECPKG_CLIENT_PROCESS_TERMINATED 0x01
197#define SECPKG_CLIENT_THREAD_TERMINATED 0x02
198
199 typedef struct _SECPKG_CALL_INFO {
200 ULONG ProcessId;
201 ULONG ThreadId;
202 ULONG Attributes;
203 ULONG CallCount;
204 PVOID MechOid;
205 } SECPKG_CALL_INFO,*PSECPKG_CALL_INFO;
206
207#define SECPKG_CALL_KERNEL_MODE 0x00000001
208#define SECPKG_CALL_ANSI 0x00000002
209#define SECPKG_CALL_URGENT 0x00000004
210#define SECPKG_CALL_RECURSIVE 0x00000008
211#define SECPKG_CALL_IN_PROC 0x00000010
212#define SECPKG_CALL_CLEANUP 0x00000020
213#define SECPKG_CALL_WOWCLIENT 0x00000040
214#define SECPKG_CALL_THREAD_TERM 0x00000080
215#define SECPKG_CALL_PROCESS_TERM 0x00000100
216#define SECPKG_CALL_IS_TCB 0x00000200
217#define SECPKG_CALL_NETWORK_ONLY 0x00000400
218#define SECPKG_CALL_WINLOGON 0x00000800
219#define SECPKG_CALL_ASYNC_UPDATE 0x00001000
220#define SECPKG_CALL_SYSTEM_PROC 0x00002000
221#define SECPKG_CALL_NEGO 0x00004000
222#define SECPKG_CALL_NEGO_EXTENDER 0x00008000
223#define SECPKG_CALL_BUFFER_MARSHAL 0x00010000
224#define SECPKG_CALL_UNLOCK 0x00020000
225#define SECPKG_CALL_CLOUDAP_CONNECT 0x00040000
226
227#define SECPKG_CALL_WOWX86 0x00000040
228#define SECPKG_CALL_WOWA32 0x00040000
229
230 typedef struct _SECPKG_SUPPLEMENTAL_CRED {
231 UNICODE_STRING PackageName;
232 ULONG CredentialSize;
233 PUCHAR Credentials;
234 } SECPKG_SUPPLEMENTAL_CRED,*PSECPKG_SUPPLEMENTAL_CRED;
235
236 typedef struct _SECPKG_BYTE_VECTOR {
237 ULONG ByteArrayOffset;
238 USHORT ByteArrayLength;
239 } SECPKG_BYTE_VECTOR, *PSECPKG_BYTE_VECTOR;
240
241 typedef struct _SECPKG_SHORT_VECTOR {
242 ULONG ShortArrayOffset;
243 USHORT ShortArrayCount;
244 } SECPKG_SHORT_VECTOR, *PSECPKG_SHORT_VECTOR;
245
246 typedef struct _SECPKG_SUPPLIED_CREDENTIAL {
247 USHORT cbHeaderLength;
248 USHORT cbStructureLength;
249 SECPKG_SHORT_VECTOR UserName;
250 SECPKG_SHORT_VECTOR DomainName;
251 SECPKG_BYTE_VECTOR PackedCredentials;
252 ULONG CredFlags;
253 } SECPKG_SUPPLIED_CREDENTIAL, *PSECPKG_SUPPLIED_CREDENTIAL;
254
255#define SECPKG_CREDENTIAL_VERSION 201
256
257#define SECPKG_CREDENTIAL_FLAGS_CALLER_HAS_TCB 0x1
258#define SECPKG_CREDENTIAL_FLAGS_CREDMAN_CRED 0x2
259
260 typedef struct _SECPKG_CREDENTIAL {
261 ULONG64 Version;
262 USHORT cbHeaderLength;
263 ULONG cbStructureLength;
264 ULONG ClientProcess;
265 ULONG ClientThread;
266 LUID LogonId;
267 HANDLE ClientToken;
268 ULONG SessionId;
269 LUID ModifiedId;
270 ULONG fCredentials;
271 ULONG Flags;
272 SECPKG_BYTE_VECTOR PrincipalName;
273 SECPKG_BYTE_VECTOR PackageList;
274 SECPKG_BYTE_VECTOR MarshaledSuppliedCreds;
275 } SECPKG_CREDENTIAL, *PSECPKG_CREDENTIAL;
276
277 typedef ULONG_PTR LSA_SEC_HANDLE;
278 typedef LSA_SEC_HANDLE *PLSA_SEC_HANDLE;
279 typedef struct _SECPKG_SUPPLEMENTAL_CRED_ARRAY {
280 ULONG CredentialCount;
281 SECPKG_SUPPLEMENTAL_CRED Credentials[1];
282 } SECPKG_SUPPLEMENTAL_CRED_ARRAY,*PSECPKG_SUPPLEMENTAL_CRED_ARRAY;
283
284 typedef struct _SECPKG_SURROGATE_LOGON_ENTRY {
285 GUID Type;
286 PVOID Data;
287 } SECPKG_SURROGATE_LOGON_ENTRY, *PSECPKG_SURROGATE_LOGON_ENTRY;
288
289 typedef struct _SECPKG_SURROGATE_LOGON {
290 ULONG Version;
291 LUID SurrogateLogonID;
292 ULONG EntryCount;
293 PSECPKG_SURROGATE_LOGON_ENTRY Entries;
294 } SECPKG_SURROGATE_LOGON, *PSECPKG_SURROGATE_LOGON;
295
296#define SECPKG_SURROGATE_LOGON_VERSION_1 1
297
298#define SECBUFFER_UNMAPPED 0x40000000
299
300#define SECBUFFER_KERNEL_MAP 0x20000000
301
302 typedef NTSTATUS (NTAPI LSA_CALLBACK_FUNCTION)(ULONG_PTR Argument1,ULONG_PTR Argument2,PSecBuffer InputBuffer,PSecBuffer OutputBuffer);
303
304 typedef LSA_CALLBACK_FUNCTION *PLSA_CALLBACK_FUNCTION;
305
306#define PRIMARY_CRED_CLEAR_PASSWORD 0x00000001
307#define PRIMARY_CRED_OWF_PASSWORD 0x00000002
308#define PRIMARY_CRED_UPDATE 0x00000004
309#define PRIMARY_CRED_CACHED_LOGON 0x00000008
310#define PRIMARY_CRED_LOGON_NO_TCB 0x00000010
311#define PRIMARY_CRED_LOGON_LUA 0x00000020
312#define PRIMARY_CRED_INTERACTIVE_SMARTCARD_LOGON 0x00000040
313#define PRIMARY_CRED_REFRESH_NEEDED 0x00000080
314#define PRIMARY_CRED_INTERNET_USER 0x00000100
315#define PRIMARY_CRED_AUTH_ID 0x00000200
316#define PRIMARY_CRED_DO_NOT_SPLIT 0x00000400
317#define PRIMARY_CRED_PROTECTED_USER 0x00000800
318#define PRIMARY_CRED_EX 0x00001000
319#define PRIMARY_CRED_TRANSFER 0x00002000
320#define PRIMARY_CRED_RESTRICTED_TS 0x00004000
321#define PRIMARY_CRED_PACKED_CREDS 0x00008000
322#define PRIMARY_CRED_ENTERPRISE_INTERNET_USER 0x00010000
323#define PRIMARY_CRED_ENCRYPTED_CREDGUARD_PASSWORD 0x00020000
324#define PRIMARY_CRED_CACHED_INTERACTIVE_LOGON 0x00040000
325#define PRIMARY_CRED_INTERACTIVE_NGC_LOGON 0x00080000
326#define PRIMARY_CRED_INTERACTIVE_FIDO_LOGON 0x00100000
327#define PRIMARY_CRED_ARSO_LOGON 0x00200000
328#define PRIMARY_CRED_SUPPLEMENTAL 0x00400000
329
330#define PRIMARY_CRED_LOGON_PACKAGE_SHIFT 24
331#define PRIMARY_CRED_PACKAGE_MASK 0xff000000
332
333 typedef struct _SECPKG_PRIMARY_CRED {
334 LUID LogonId;
335 UNICODE_STRING DownlevelName;
336 UNICODE_STRING DomainName;
337 UNICODE_STRING Password;
338 UNICODE_STRING OldPassword;
339 PSID UserSid;
340 ULONG Flags;
341 UNICODE_STRING DnsDomainName;
342 UNICODE_STRING Upn;
343 UNICODE_STRING LogonServer;
344 UNICODE_STRING Spare1;
345 UNICODE_STRING Spare2;
346 UNICODE_STRING Spare3;
347 UNICODE_STRING Spare4;
348 } SECPKG_PRIMARY_CRED,*PSECPKG_PRIMARY_CRED;
349
350#define SECPKG_PRIMARY_CRED_EX_FLAGS_EX_DELEGATION_TOKEN 0x1
351
352 typedef struct _SECPKG_PRIMARY_CRED_EX {
353 LUID LogonId;
354 UNICODE_STRING DownlevelName;
355 UNICODE_STRING DomainName;
356 UNICODE_STRING Password;
357 UNICODE_STRING OldPassword;
358 PSID UserSid;
359 ULONG Flags;
360 UNICODE_STRING DnsDomainName;
361 UNICODE_STRING Upn;
362 UNICODE_STRING LogonServer;
363 UNICODE_STRING Spare1;
364 UNICODE_STRING Spare2;
365 UNICODE_STRING Spare3;
366 UNICODE_STRING Spare4;
367 ULONG_PTR PackageId;
368 LUID PrevLogonId;
369 ULONG FlagsEx;
370 } SECPKG_PRIMARY_CRED_EX, *PSECPKG_PRIMARY_CRED_EX;
371
372#define MAX_CRED_SIZE 1024
373
374#define SECPKG_STATE_ENCRYPTION_PERMITTED 0x01
375#define SECPKG_STATE_STRONG_ENCRYPTION_PERMITTED 0x02
376#define SECPKG_STATE_DOMAIN_CONTROLLER 0x04
377#define SECPKG_STATE_WORKSTATION 0x08
378#define SECPKG_STATE_STANDALONE 0x10
379#define SECPKG_STATE_CRED_ISOLATION_ENABLED 0x20
380#define SECPKG_STATE_RESERVED_1 0x80000000
381
382 typedef struct _SECPKG_PARAMETERS {
383 ULONG Version;
384 ULONG MachineState;
385 ULONG SetupMode;
386 PSID DomainSid;
387 UNICODE_STRING DomainName;
388 UNICODE_STRING DnsDomainName;
389 GUID DomainGuid;
390 } SECPKG_PARAMETERS,*PSECPKG_PARAMETERS;
391
392 typedef enum _SECPKG_EXTENDED_INFORMATION_CLASS {
393 SecpkgGssInfo = 1,
394 SecpkgContextThunks,
395 SecpkgMutualAuthLevel,
396 SecpkgWowClientDll,
397 SecpkgExtraOids,
398 SecpkgMaxInfo,
399 SecpkgNego2Info
400 } SECPKG_EXTENDED_INFORMATION_CLASS;
401
402 typedef struct _SECPKG_GSS_INFO {
403 ULONG EncodedIdLength;
404 UCHAR EncodedId[4];
405 } SECPKG_GSS_INFO,*PSECPKG_GSS_INFO;
406
407 typedef struct _SECPKG_CONTEXT_THUNKS {
408 ULONG InfoLevelCount;
409 ULONG Levels[1];
410 } SECPKG_CONTEXT_THUNKS,*PSECPKG_CONTEXT_THUNKS;
411
412 typedef struct _SECPKG_MUTUAL_AUTH_LEVEL {
413 ULONG MutualAuthLevel;
414 } SECPKG_MUTUAL_AUTH_LEVEL,*PSECPKG_MUTUAL_AUTH_LEVEL;
415
416 typedef struct _SECPKG_WOW_CLIENT_DLL {
417 SECURITY_STRING WowClientDllPath;
418 } SECPKG_WOW_CLIENT_DLL,*PSECPKG_WOW_CLIENT_DLL;
419
420#define SECPKG_MAX_OID_LENGTH 32
421
422 typedef struct _SECPKG_SERIALIZED_OID {
423 ULONG OidLength;
424 ULONG OidAttributes;
425 UCHAR OidValue[SECPKG_MAX_OID_LENGTH ];
426 } SECPKG_SERIALIZED_OID,*PSECPKG_SERIALIZED_OID;
427
428 typedef struct _SECPKG_EXTRA_OIDS {
429 ULONG OidCount;
430 SECPKG_SERIALIZED_OID Oids[1 ];
431 } SECPKG_EXTRA_OIDS,*PSECPKG_EXTRA_OIDS;
432
433 typedef struct _SECPKG_NEGO2_INFO {
434 UCHAR AuthScheme[16];
435 ULONG PackageFlags;
436 } SECPKG_NEGO2_INFO, *PSECPKG_NEGO2_INFO;
437
438 typedef struct _SECPKG_EXTENDED_INFORMATION {
439 SECPKG_EXTENDED_INFORMATION_CLASS Class;
440 union {
441 SECPKG_GSS_INFO GssInfo;
442 SECPKG_CONTEXT_THUNKS ContextThunks;
443 SECPKG_MUTUAL_AUTH_LEVEL MutualAuthLevel;
444 SECPKG_WOW_CLIENT_DLL WowClientDll;
445 SECPKG_EXTRA_OIDS ExtraOids;
446 SECPKG_NEGO2_INFO Nego2Info;
447 } Info;
448 } SECPKG_EXTENDED_INFORMATION,*PSECPKG_EXTENDED_INFORMATION;
449
450 typedef struct _SECPKG_TARGETINFO {
451 PSID DomainSid;
452 PCWSTR ComputerName;
453 } SECPKG_TARGETINFO, *PSECPKG_TARGETINFO;
454
455#define SECPKG_MSVAV_FLAGS_VALID 0x01
456#define SECPKG_MSVAV_TIMESTAMP_VALID 0x02
457
458 typedef struct _SECPKG_NTLM_TARGETINFO {
459 ULONG Flags;
460 LPWSTR MsvAvNbComputerName;
461 LPWSTR MsvAvNbDomainName;
462 LPWSTR MsvAvDnsComputerName;
463 LPWSTR MsvAvDnsDomainName;
464 LPWSTR MsvAvDnsTreeName;
465 ULONG MsvAvFlags;
466 FILETIME MsvAvTimestamp;
467 LPWSTR MsvAvTargetName;
468 } SECPKG_NTLM_TARGETINFO, *PSECPKG_NTLM_TARGETINFO;
469
470#define SECPKG_ATTR_SASL_CONTEXT 0x00010000
471
472 typedef struct _SecPkgContext_SaslContext {
473 PVOID SaslContext;
474 } SecPkgContext_SaslContext,*PSecPkgContext_SaslContext;
475
476#define SECPKG_ATTR_THUNK_ALL 0x00010000
477
478#ifndef SECURITY_USER_DATA_DEFINED
479#define SECURITY_USER_DATA_DEFINED
480
481 typedef struct _SECURITY_USER_DATA {
482 SECURITY_STRING UserName;
483 SECURITY_STRING LogonDomainName;
484 SECURITY_STRING LogonServer;
485 PSID pSid;
486 } SECURITY_USER_DATA,*PSECURITY_USER_DATA;
487
488 typedef SECURITY_USER_DATA SecurityUserData,*PSecurityUserData;
489
490#define UNDERSTANDS_LONG_NAMES 1
491#define NO_LONG_NAMES 2
492#endif
493
494#define SECPKG_ALL_PACKAGES ((ULONG) -2)
495
496 typedef enum _SECPKG_CALL_PACKAGE_MESSAGE_TYPE {
497 SecPkgCallPackageMinMessage = 1024,
498 SecPkgCallPackagePinDcMessage = SecPkgCallPackageMinMessage,
499 SecPkgCallPackageUnpinAllDcsMessage,
500 SecPkgCallPackageTransferCredMessage,
501 SecPkgCallPackageMaxMessage = SecPkgCallPackageTransferCredMessage
502 } SECPKG_CALL_PACKAGE_MESSAGE_TYPE, *PSECPKG_CALL_PACKAGE_MESSAGE_TYPE;
503
504 typedef struct _SECPKG_CALL_PACKAGE_PIN_DC_REQUEST {
505 ULONG MessageType;
506 ULONG Flags;
507 UNICODE_STRING DomainName;
508 UNICODE_STRING DcName;
509 ULONG DcFlags;
510 } SECPKG_CALL_PACKAGE_PIN_DC_REQUEST, *PSECPKG_CALL_PACKAGE_PIN_DC_REQUEST;
511
512 typedef struct _SECPKG_CALL_PACKAGE_UNPIN_ALL_DCS_REQUEST {
513 ULONG MessageType;
514 ULONG Flags;
515 } SECPKG_CALL_PACKAGE_UNPIN_ALL_DCS_REQUEST, *PSECPKG_CALL_PACKAGE_UNPIN_ALL_DCS_REQUEST;
516
517#define SECPKG_CALL_PACKAGE_TRANSFER_CRED_REQUEST_FLAG_OPTIMISTIC_LOGON 0x1
518#define SECPKG_CALL_PACKAGE_TRANSFER_CRED_REQUEST_FLAG_CLEANUP_CREDENTIALS 0x2
519#define SECPKG_CALL_PACKAGE_TRANSFER_CRED_REQUEST_FLAG_TO_SSO_SESSION 0x4
520
521 typedef struct _SECPKG_CALL_PACKAGE_TRANSFER_CRED_REQUEST {
522 ULONG MessageType;
523 LUID OriginLogonId;
524 LUID DestinationLogonId;
525 ULONG Flags;
526 } SECPKG_CALL_PACKAGE_TRANSFER_CRED_REQUEST, *PSECPKG_CALL_PACKAGE_TRANSFER_CRED_REQUEST;
527
528 typedef NTSTATUS (NTAPI LSA_REDIRECTED_LOGON_INIT)(HANDLE RedirectedLogonHandle, const UNICODE_STRING *PackageName, ULONG SessionId, const LUID *LogonId);
529 typedef NTSTATUS (NTAPI LSA_REDIRECTED_LOGON_CALLBACK)(HANDLE RedirectedLogonHandle, PVOID Buffer, ULONG BufferLength, PVOID *ReturnBuffer, ULONG *ReturnBufferLength);
530 typedef VOID (NTAPI LSA_REDIRECTED_LOGON_CLEANUP_CALLBACK)(HANDLE RedirectedLogonHandle);
531 typedef NTSTATUS (NTAPI LSA_REDIRECTED_LOGON_GET_LOGON_CREDS)(HANDLE RedirectedLogonHandle, PBYTE *LogonBuffer, PULONG LogonBufferLength);
532 typedef NTSTATUS (NTAPI LSA_REDIRECTED_LOGON_GET_SUPP_CREDS)(HANDLE RedirectedLogonHandle, PSECPKG_SUPPLEMENTAL_CRED_ARRAY* SupplementalCredentials);
533 typedef NTSTATUS (NTAPI LSA_REDIRECTED_LOGON_GET_SID)(HANDLE RedirectedLogonHandle, PSID *Sid);
534
535 typedef LSA_REDIRECTED_LOGON_INIT *PLSA_REDIRECTED_LOGON_INIT;
536 typedef LSA_REDIRECTED_LOGON_CALLBACK *PLSA_REDIRECTED_LOGON_CALLBACK;
537 typedef LSA_REDIRECTED_LOGON_GET_LOGON_CREDS *PLSA_REDIRECTED_LOGON_GET_LOGON_CREDS;
538 typedef LSA_REDIRECTED_LOGON_GET_SUPP_CREDS *PLSA_REDIRECTED_LOGON_GET_SUPP_CREDS;
539 typedef LSA_REDIRECTED_LOGON_CLEANUP_CALLBACK *PLSA_REDIRECTED_LOGON_CLEANUP_CALLBACK;
540 typedef LSA_REDIRECTED_LOGON_GET_SID *PLSA_REDIRECTED_LOGON_GET_SID;
541
542#define SECPKG_REDIRECTED_LOGON_GUID_INITIALIZER { 0xc2be5457, 0x82eb, 0x483e, { 0xae, 0x4e, 0x74, 0x68, 0xef, 0x14, 0xd5, 0x9 } }
543
544 typedef struct _SECPKG_REDIRECTED_LOGON_BUFFER {
545 GUID RedirectedLogonGuid;
546 HANDLE RedirectedLogonHandle;
547 PLSA_REDIRECTED_LOGON_INIT Init;
548 PLSA_REDIRECTED_LOGON_CALLBACK Callback;
549 PLSA_REDIRECTED_LOGON_CLEANUP_CALLBACK CleanupCallback;
550 PLSA_REDIRECTED_LOGON_GET_LOGON_CREDS GetLogonCreds;
551 PLSA_REDIRECTED_LOGON_GET_SUPP_CREDS GetSupplementalCreds;
552 PLSA_REDIRECTED_LOGON_GET_SID GetRedirectedLogonSid;
553 } SECPKG_REDIRECTED_LOGON_BUFFER, *PSECPKG_REDIRECTED_LOGON_BUFFER;
554
555 typedef struct _SECPKG_POST_LOGON_USER_INFO {
556 ULONG Flags;
557 LUID LogonId;
558 LUID LinkedLogonId;
559 } SECPKG_POST_LOGON_USER_INFO, *PSECPKG_POST_LOGON_USER_INFO;
560
561 typedef NTSTATUS (NTAPI LSA_IMPERSONATE_CLIENT)(VOID);
562 typedef NTSTATUS (NTAPI LSA_UNLOAD_PACKAGE)(VOID);
563 typedef NTSTATUS (NTAPI LSA_DUPLICATE_HANDLE)(HANDLE SourceHandle,PHANDLE DestionationHandle);
564 typedef NTSTATUS (NTAPI LSA_SAVE_SUPPLEMENTAL_CREDENTIALS)(PLUID LogonId,ULONG SupplementalCredSize,PVOID SupplementalCreds,BOOLEAN Synchronous);
565 typedef HANDLE (NTAPI LSA_CREATE_THREAD)(SEC_ATTRS SecurityAttributes,ULONG StackSize,SEC_THREAD_START StartFunction,PVOID ThreadParameter,ULONG CreationFlags,PULONG ThreadId);
566 typedef NTSTATUS (NTAPI LSA_GET_CLIENT_INFO)(PSECPKG_CLIENT_INFO ClientInfo);
567 typedef NTSTATUS (NTAPI LSA_GET_CLIENT_INFO_EX)(PSECPKG_CLIENT_INFO_EX ClientInfo, ULONG StructSize);
568 typedef HANDLE (NTAPI LSA_REGISTER_NOTIFICATION)(SEC_THREAD_START StartFunction,PVOID Parameter,ULONG NotificationType,ULONG NotificationClass,ULONG NotificationFlags,ULONG IntervalMinutes,HANDLE WaitEvent);
569 typedef NTSTATUS (NTAPI LSA_CANCEL_NOTIFICATION)(HANDLE NotifyHandle);
570 typedef NTSTATUS (NTAPI LSA_MAP_BUFFER)(PSecBuffer InputBuffer,PSecBuffer OutputBuffer);
571 typedef NTSTATUS (NTAPI LSA_CREATE_TOKEN)(PLUID LogonId,PTOKEN_SOURCE TokenSource,SECURITY_LOGON_TYPE LogonType,SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,LSA_TOKEN_INFORMATION_TYPE TokenInformationType,PVOID TokenInformation,PTOKEN_GROUPS TokenGroups,PUNICODE_STRING AccountName,PUNICODE_STRING AuthorityName,PUNICODE_STRING Workstation,PUNICODE_STRING ProfilePath,PHANDLE Token,PNTSTATUS SubStatus);
572
573 typedef enum _SECPKG_SESSIONINFO_TYPE {
574 SecSessionPrimaryCred
575 } SECPKG_SESSIONINFO_TYPE;
576
577 typedef NTSTATUS (NTAPI LSA_CREATE_TOKEN_EX)(PLUID LogonId,PTOKEN_SOURCE TokenSource,SECURITY_LOGON_TYPE LogonType,SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,LSA_TOKEN_INFORMATION_TYPE TokenInformationType,PVOID TokenInformation,PTOKEN_GROUPS TokenGroups,PUNICODE_STRING Workstation,PUNICODE_STRING ProfilePath,PVOID SessionInformation,SECPKG_SESSIONINFO_TYPE SessionInformationType,PHANDLE Token,PNTSTATUS SubStatus);
578 typedef VOID (NTAPI LSA_AUDIT_LOGON)(NTSTATUS Status,NTSTATUS SubStatus,PUNICODE_STRING AccountName,PUNICODE_STRING AuthenticatingAuthority,PUNICODE_STRING WorkstationName,PSID UserSid,SECURITY_LOGON_TYPE LogonType,PTOKEN_SOURCE TokenSource,PLUID LogonId);
579 typedef NTSTATUS (NTAPI LSA_CALL_PACKAGE)(PUNICODE_STRING AuthenticationPackage,PVOID ProtocolSubmitBuffer,ULONG SubmitBufferLength,PVOID *ProtocolReturnBuffer,PULONG ReturnBufferLength,PNTSTATUS ProtocolStatus);
580 typedef NTSTATUS (NTAPI LSA_CALL_PACKAGEEX)(PUNICODE_STRING AuthenticationPackage,PVOID ClientBufferBase,PVOID ProtocolSubmitBuffer,ULONG SubmitBufferLength,PVOID *ProtocolReturnBuffer,PULONG ReturnBufferLength,PNTSTATUS ProtocolStatus);
581 typedef NTSTATUS (NTAPI LSA_CALL_PACKAGE_PASSTHROUGH)(PUNICODE_STRING AuthenticationPackage,PVOID ClientBufferBase,PVOID ProtocolSubmitBuffer,ULONG SubmitBufferLength,PVOID *ProtocolReturnBuffer,PULONG ReturnBufferLength,PNTSTATUS ProtocolStatus);
582 typedef BOOLEAN (NTAPI LSA_GET_CALL_INFO)(PSECPKG_CALL_INFO Info);
583 typedef PVOID (NTAPI LSA_CREATE_SHARED_MEMORY)(ULONG MaxSize,ULONG InitialSize);
584 typedef PVOID (NTAPI LSA_ALLOCATE_SHARED_MEMORY)(PVOID SharedMem,ULONG Size);
585 typedef VOID (NTAPI LSA_FREE_SHARED_MEMORY)(PVOID SharedMem,PVOID Memory);
586 typedef BOOLEAN (NTAPI LSA_DELETE_SHARED_MEMORY)(PVOID SharedMem);
587 typedef NTSTATUS (NTAPI LSA_GET_APP_MODE_INFO)(PULONG UserFunction, PULONG_PTR Argument1, PULONG_PTR Argument2, PSecBuffer UserData, PBOOLEAN ReturnToLsa);
588 typedef NTSTATUS (NTAPI LSA_SET_APP_MODE_INFO)(ULONG UserFunction, ULONG_PTR Argument1, ULONG_PTR Argument2, PSecBuffer UserData, BOOLEAN ReturnToLsa);
589
590 typedef enum _SECPKG_NAME_TYPE {
591 SecNameSamCompatible,
592 SecNameAlternateId,
593 SecNameFlat,
594 SecNameDN,
595 SecNameSPN
596 } SECPKG_NAME_TYPE;
597
598 typedef NTSTATUS (NTAPI LSA_OPEN_SAM_USER)(PSECURITY_STRING Name,SECPKG_NAME_TYPE NameType,PSECURITY_STRING Prefix,BOOLEAN AllowGuest,ULONG Reserved,PVOID *UserHandle);
599 typedef NTSTATUS (NTAPI LSA_GET_USER_CREDENTIALS)(PVOID UserHandle,PVOID *PrimaryCreds,PULONG PrimaryCredsSize,PVOID *SupplementalCreds,PULONG SupplementalCredsSize);
600 typedef NTSTATUS (NTAPI LSA_GET_USER_AUTH_DATA)(PVOID UserHandle,PUCHAR *UserAuthData,PULONG UserAuthDataSize);
601 typedef NTSTATUS (NTAPI LSA_CLOSE_SAM_USER)(PVOID UserHandle);
602 typedef NTSTATUS (NTAPI LSA_GET_AUTH_DATA_FOR_USER)(PSECURITY_STRING Name,SECPKG_NAME_TYPE NameType,PSECURITY_STRING Prefix,PUCHAR *UserAuthData,PULONG UserAuthDataSize,PUNICODE_STRING UserFlatName);
603 typedef NTSTATUS (NTAPI LSA_CONVERT_AUTH_DATA_TO_TOKEN)(PVOID UserAuthData,ULONG UserAuthDataSize,SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,PTOKEN_SOURCE TokenSource,SECURITY_LOGON_TYPE LogonType,PUNICODE_STRING AuthorityName,PHANDLE Token,PLUID LogonId,PUNICODE_STRING AccountName,PNTSTATUS SubStatus);
604 typedef NTSTATUS (NTAPI LSA_CRACK_SINGLE_NAME)(ULONG FormatOffered,BOOLEAN PerformAtGC,PUNICODE_STRING NameInput,PUNICODE_STRING Prefix,ULONG RequestedFormat,PUNICODE_STRING CrackedName,PUNICODE_STRING DnsDomainName,PULONG SubStatus);
605 typedef NTSTATUS (NTAPI LSA_AUDIT_ACCOUNT_LOGON)(ULONG AuditId,BOOLEAN Success,PUNICODE_STRING Source,PUNICODE_STRING ClientName,PUNICODE_STRING MappedName,NTSTATUS Status);
606 typedef NTSTATUS (NTAPI LSA_CLIENT_CALLBACK)(PCHAR Callback,ULONG_PTR Argument1,ULONG_PTR Argument2,PSecBuffer Input,PSecBuffer Output);
607 typedef NTSTATUS (NTAPI LSA_REGISTER_CALLBACK)(ULONG CallbackId,PLSA_CALLBACK_FUNCTION Callback);
608 typedef NTSTATUS (NTAPI LSA_GET_EXTENDED_CALL_FLAGS)(PULONG Flags);
609
610#define NOTIFIER_FLAG_NEW_THREAD 0x00000001
611#define NOTIFIER_FLAG_ONE_SHOT 0x00000002
612#define NOTIFIER_FLAG_SECONDS 0x80000000
613
614#define NOTIFIER_TYPE_INTERVAL 1
615#define NOTIFIER_TYPE_HANDLE_WAIT 2
616#define NOTIFIER_TYPE_STATE_CHANGE 3
617#define NOTIFIER_TYPE_NOTIFY_EVENT 4
618#define NOTIFIER_TYPE_IMMEDIATE 16
619
620#define NOTIFY_CLASS_PACKAGE_CHANGE 1
621#define NOTIFY_CLASS_ROLE_CHANGE 2
622#define NOTIFY_CLASS_DOMAIN_CHANGE 3
623#define NOTIFY_CLASS_REGISTRY_CHANGE 4
624
625 typedef struct _SECPKG_EVENT_PACKAGE_CHANGE {
626 ULONG ChangeType;
627 LSA_SEC_HANDLE PackageId;
628 SECURITY_STRING PackageName;
629 } SECPKG_EVENT_PACKAGE_CHANGE,*PSECPKG_EVENT_PACKAGE_CHANGE;
630
631#define SECPKG_PACKAGE_CHANGE_LOAD 0
632#define SECPKG_PACKAGE_CHANGE_UNLOAD 1
633#define SECPKG_PACKAGE_CHANGE_SELECT 2
634
635 typedef struct _SECPKG_EVENT_ROLE_CHANGE {
636 ULONG PreviousRole;
637 ULONG NewRole;
638 } SECPKG_EVENT_ROLE_CHANGE,*PSECPKG_EVENT_ROLE_CHANGE;
639
640 typedef struct _SECPKG_PARAMETERS SECPKG_EVENT_DOMAIN_CHANGE;
641 typedef struct _SECPKG_PARAMETERS *PSECPKG_EVENT_DOMAIN_CHANGE;
642
643 typedef struct _SECPKG_EVENT_NOTIFY {
644 ULONG EventClass;
645 ULONG Reserved;
646 ULONG EventDataSize;
647 PVOID EventData;
648 PVOID PackageParameter;
649 } SECPKG_EVENT_NOTIFY,*PSECPKG_EVENT_NOTIFY;
650
651 typedef NTSTATUS (NTAPI LSA_UPDATE_PRIMARY_CREDENTIALS)(PSECPKG_PRIMARY_CRED PrimaryCredentials,PSECPKG_SUPPLEMENTAL_CRED_ARRAY Credentials);
652 typedef VOID (NTAPI LSA_PROTECT_MEMORY)(PVOID Buffer,ULONG BufferSize);
653 typedef NTSTATUS (NTAPI LSA_OPEN_TOKEN_BY_LOGON_ID)(PLUID LogonId,HANDLE *RetTokenHandle);
654 typedef NTSTATUS (NTAPI LSA_EXPAND_AUTH_DATA_FOR_DOMAIN)(PUCHAR UserAuthData,ULONG UserAuthDataSize,PVOID Reserved,PUCHAR *ExpandedAuthData,PULONG ExpandedAuthDataSize);
655
656 typedef enum _CRED_FETCH {
657 CredFetchDefault = 0,
658 CredFetchDPAPI,
659 CredFetchForced
660 } CRED_FETCH, *PCRED_FETCH;
661
662 typedef NTSTATUS (NTAPI LSA_GET_SERVICE_ACCOUNT_PASSWORD)(PUNICODE_STRING AccountName, PUNICODE_STRING DomainName, CRED_FETCH CredFetch, FILETIME *FileTimeExpiry, PUNICODE_STRING CurrentPassword, PUNICODE_STRING PreviousPassword, FILETIME *FileTimeCurrPwdValidForOutbound);
663 typedef VOID (NTAPI LSA_AUDIT_LOGON_EX)(NTSTATUS Status, NTSTATUS SubStatus, PUNICODE_STRING AccountName, PUNICODE_STRING AuthenticatingAuthority, PUNICODE_STRING WorkstationName, PSID UserSid, SECURITY_LOGON_TYPE LogonType, SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, PTOKEN_SOURCE TokenSource, PLUID LogonId);
664 typedef NTSTATUS (NTAPI LSA_CHECK_PROTECTED_USER_BY_TOKEN)(HANDLE UserToken, PBOOLEAN ProtectedUser);
665 typedef NTSTATUS (NTAPI LSA_QUERY_CLIENT_REQUEST)(PLSA_CLIENT_REQUEST ClientRequest, ULONG QueryType, PVOID *ReplyBuffer);
666
667#define LSA_QUERY_CLIENT_PRELOGON_SESSION_ID 1
668
669 typedef LSA_IMPERSONATE_CLIENT *PLSA_IMPERSONATE_CLIENT;
670 typedef LSA_UNLOAD_PACKAGE *PLSA_UNLOAD_PACKAGE;
671 typedef LSA_DUPLICATE_HANDLE *PLSA_DUPLICATE_HANDLE;
672 typedef LSA_SAVE_SUPPLEMENTAL_CREDENTIALS *PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS;
673 typedef LSA_CREATE_THREAD *PLSA_CREATE_THREAD;
674 typedef LSA_GET_CLIENT_INFO *PLSA_GET_CLIENT_INFO;
675 typedef LSA_GET_CLIENT_INFO_EX *PLSA_GET_CLIENT_INFO_EX;
676 typedef LSA_REGISTER_NOTIFICATION *PLSA_REGISTER_NOTIFICATION;
677 typedef LSA_CANCEL_NOTIFICATION *PLSA_CANCEL_NOTIFICATION;
678 typedef LSA_MAP_BUFFER *PLSA_MAP_BUFFER;
679 typedef LSA_CREATE_TOKEN *PLSA_CREATE_TOKEN;
680 typedef LSA_AUDIT_LOGON *PLSA_AUDIT_LOGON;
681 typedef LSA_CALL_PACKAGE *PLSA_CALL_PACKAGE;
682 typedef LSA_CALL_PACKAGEEX *PLSA_CALL_PACKAGEEX;
683 typedef LSA_GET_CALL_INFO *PLSA_GET_CALL_INFO;
684 typedef LSA_CREATE_SHARED_MEMORY *PLSA_CREATE_SHARED_MEMORY;
685 typedef LSA_ALLOCATE_SHARED_MEMORY *PLSA_ALLOCATE_SHARED_MEMORY;
686 typedef LSA_FREE_SHARED_MEMORY *PLSA_FREE_SHARED_MEMORY;
687 typedef LSA_DELETE_SHARED_MEMORY *PLSA_DELETE_SHARED_MEMORY;
688 typedef LSA_OPEN_SAM_USER *PLSA_OPEN_SAM_USER;
689 typedef LSA_GET_USER_CREDENTIALS *PLSA_GET_USER_CREDENTIALS;
690 typedef LSA_GET_USER_AUTH_DATA *PLSA_GET_USER_AUTH_DATA;
691 typedef LSA_CLOSE_SAM_USER *PLSA_CLOSE_SAM_USER;
692 typedef LSA_CONVERT_AUTH_DATA_TO_TOKEN *PLSA_CONVERT_AUTH_DATA_TO_TOKEN;
693 typedef LSA_CLIENT_CALLBACK *PLSA_CLIENT_CALLBACK;
694 typedef LSA_REGISTER_CALLBACK *PLSA_REGISTER_CALLBACK;
695 typedef LSA_UPDATE_PRIMARY_CREDENTIALS *PLSA_UPDATE_PRIMARY_CREDENTIALS;
696 typedef LSA_GET_AUTH_DATA_FOR_USER *PLSA_GET_AUTH_DATA_FOR_USER;
697 typedef LSA_CRACK_SINGLE_NAME *PLSA_CRACK_SINGLE_NAME;
698 typedef LSA_AUDIT_ACCOUNT_LOGON *PLSA_AUDIT_ACCOUNT_LOGON;
699 typedef LSA_CALL_PACKAGE_PASSTHROUGH *PLSA_CALL_PACKAGE_PASSTHROUGH;
700 typedef LSA_PROTECT_MEMORY *PLSA_PROTECT_MEMORY;
701 typedef LSA_OPEN_TOKEN_BY_LOGON_ID *PLSA_OPEN_TOKEN_BY_LOGON_ID;
702 typedef LSA_EXPAND_AUTH_DATA_FOR_DOMAIN *PLSA_EXPAND_AUTH_DATA_FOR_DOMAIN;
703 typedef LSA_CREATE_TOKEN_EX *PLSA_CREATE_TOKEN_EX;
704 typedef LSA_GET_EXTENDED_CALL_FLAGS *PLSA_GET_EXTENDED_CALL_FLAGS;
705 typedef LSA_GET_SERVICE_ACCOUNT_PASSWORD *PLSA_GET_SERVICE_ACCOUNT_PASSWORD;
706 typedef LSA_AUDIT_LOGON_EX *PLSA_AUDIT_LOGON_EX;
707 typedef LSA_CHECK_PROTECTED_USER_BY_TOKEN *PLSA_CHECK_PROTECTED_USER_BY_TOKEN;
708 typedef LSA_QUERY_CLIENT_REQUEST *PLSA_QUERY_CLIENT_REQUEST;
709 typedef LSA_GET_APP_MODE_INFO *PLSA_GET_APP_MODE_INFO;
710 typedef LSA_SET_APP_MODE_INFO *PLSA_SET_APP_MODE_INFO;
711
712#ifdef _WINCRED_H_
713
714#ifndef _ENCRYPTED_CREDENTIAL_DEFINED
715#define _ENCRYPTED_CREDENTIAL_DEFINED
716
717 typedef struct _ENCRYPTED_CREDENTIALW {
718 CREDENTIALW Cred;
719 ULONG ClearCredentialBlobSize;
720 } ENCRYPTED_CREDENTIALW,*PENCRYPTED_CREDENTIALW;
721#endif
722
723#define CREDP_FLAGS_IN_PROCESS 0x01
724#define CREDP_FLAGS_USE_MIDL_HEAP 0x02
725#define CREDP_FLAGS_DONT_CACHE_TI 0x04
726#define CREDP_FLAGS_CLEAR_PASSWORD 0x08
727#define CREDP_FLAGS_USER_ENCRYPTED_PASSWORD 0x10
728#define CREDP_FLAGS_TRUSTED_CALLER 0x20
729#define CREDP_FLAGS_VALIDATE_PROXY_TARGET 0x40
730
731 typedef NTSTATUS (NTAPI CredReadFn)(PLUID LogonId,ULONG CredFlags,LPWSTR TargetName,ULONG Type,ULONG Flags,PENCRYPTED_CREDENTIALW *Credential);
732 typedef NTSTATUS (NTAPI CredReadDomainCredentialsFn)(PLUID LogonId,ULONG CredFlags,PCREDENTIAL_TARGET_INFORMATIONW TargetInfo,ULONG Flags,PULONG Count,PENCRYPTED_CREDENTIALW **Credential);
733 typedef VOID (NTAPI CredFreeCredentialsFn)(ULONG Count,PENCRYPTED_CREDENTIALW *Credentials);
734 typedef NTSTATUS (NTAPI CredWriteFn)(PLUID LogonId,ULONG CredFlags,PENCRYPTED_CREDENTIALW Credential,ULONG Flags);
735 typedef NTSTATUS (NTAPI CrediUnmarshalandDecodeStringFn)(LPWSTR MarshaledString, LPBYTE *Blob, ULONG *BlobSize, BOOLEAN *IsFailureFatal);
736
737 NTSTATUS CredMarshalTargetInfo (PCREDENTIAL_TARGET_INFORMATIONW InTargetInfo,PUSHORT *Buffer,PULONG BufferSize);
738 NTSTATUS CredUnmarshalTargetInfo (PUSHORT Buffer,ULONG BufferSize,PCREDENTIAL_TARGET_INFORMATIONW *RetTargetInfo,PULONG RetActualSize);
739
740#define CRED_MARSHALED_TI_SIZE_SIZE 12
741#endif
742
743 typedef struct _SEC_WINNT_AUTH_IDENTITY32 {
744 ULONG User;
745 ULONG UserLength;
746 ULONG Domain;
747 ULONG DomainLength;
748 ULONG Password;
749 ULONG PasswordLength;
750 ULONG Flags;
751 } SEC_WINNT_AUTH_IDENTITY32,*PSEC_WINNT_AUTH_IDENTITY32;
752
753 typedef struct _SEC_WINNT_AUTH_IDENTITY_EX32 {
754 ULONG Version;
755 ULONG Length;
756 ULONG User;
757 ULONG UserLength;
758 ULONG Domain;
759 ULONG DomainLength;
760 ULONG Password;
761 ULONG PasswordLength;
762 ULONG Flags;
763 ULONG PackageList;
764 ULONG PackageListLength;
765 } SEC_WINNT_AUTH_IDENTITY_EX32,*PSEC_WINNT_AUTH_IDENTITY_EX32;
766
767 typedef struct _LSA_SECPKG_FUNCTION_TABLE {
768 PLSA_CREATE_LOGON_SESSION CreateLogonSession;
769 PLSA_DELETE_LOGON_SESSION DeleteLogonSession;
770 PLSA_ADD_CREDENTIAL AddCredential;
771 PLSA_GET_CREDENTIALS GetCredentials;
772 PLSA_DELETE_CREDENTIAL DeleteCredential;
773 PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap;
774 PLSA_FREE_LSA_HEAP FreeLsaHeap;
775 PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer;
776 PLSA_FREE_CLIENT_BUFFER FreeClientBuffer;
777 PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer;
778 PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer;
779 PLSA_IMPERSONATE_CLIENT ImpersonateClient;
780 PLSA_UNLOAD_PACKAGE UnloadPackage;
781 PLSA_DUPLICATE_HANDLE DuplicateHandle;
782 PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS SaveSupplementalCredentials;
783 PLSA_CREATE_THREAD CreateThread;
784 PLSA_GET_CLIENT_INFO GetClientInfo;
785 PLSA_REGISTER_NOTIFICATION RegisterNotification;
786 PLSA_CANCEL_NOTIFICATION CancelNotification;
787 PLSA_MAP_BUFFER MapBuffer;
788 PLSA_CREATE_TOKEN CreateToken;
789 PLSA_AUDIT_LOGON AuditLogon;
790 PLSA_CALL_PACKAGE CallPackage;
791 PLSA_FREE_LSA_HEAP FreeReturnBuffer;
792 PLSA_GET_CALL_INFO GetCallInfo;
793 PLSA_CALL_PACKAGEEX CallPackageEx;
794 PLSA_CREATE_SHARED_MEMORY CreateSharedMemory;
795 PLSA_ALLOCATE_SHARED_MEMORY AllocateSharedMemory;
796 PLSA_FREE_SHARED_MEMORY FreeSharedMemory;
797 PLSA_DELETE_SHARED_MEMORY DeleteSharedMemory;
798 PLSA_OPEN_SAM_USER OpenSamUser;
799 PLSA_GET_USER_CREDENTIALS GetUserCredentials;
800 PLSA_GET_USER_AUTH_DATA GetUserAuthData;
801 PLSA_CLOSE_SAM_USER CloseSamUser;
802 PLSA_CONVERT_AUTH_DATA_TO_TOKEN ConvertAuthDataToToken;
803 PLSA_CLIENT_CALLBACK ClientCallback;
804 PLSA_UPDATE_PRIMARY_CREDENTIALS UpdateCredentials;
805 PLSA_GET_AUTH_DATA_FOR_USER GetAuthDataForUser;
806 PLSA_CRACK_SINGLE_NAME CrackSingleName;
807 PLSA_AUDIT_ACCOUNT_LOGON AuditAccountLogon;
808 PLSA_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough;
809#ifdef _WINCRED_H_
810 CredReadFn *CrediRead;
811 CredReadDomainCredentialsFn *CrediReadDomainCredentials;
812 CredFreeCredentialsFn *CrediFreeCredentials;
813#else
814 PLSA_PROTECT_MEMORY DummyFunction1;
815 PLSA_PROTECT_MEMORY DummyFunction2;
816 PLSA_PROTECT_MEMORY DummyFunction3;
817#endif
818 PLSA_PROTECT_MEMORY LsaProtectMemory;
819 PLSA_PROTECT_MEMORY LsaUnprotectMemory;
820 PLSA_OPEN_TOKEN_BY_LOGON_ID OpenTokenByLogonId;
821 PLSA_EXPAND_AUTH_DATA_FOR_DOMAIN ExpandAuthDataForDomain;
822 PLSA_ALLOCATE_PRIVATE_HEAP AllocatePrivateHeap;
823 PLSA_FREE_PRIVATE_HEAP FreePrivateHeap;
824 PLSA_CREATE_TOKEN_EX CreateTokenEx;
825#ifdef _WINCRED_H_
826 CredWriteFn *CrediWrite;
827 CrediUnmarshalandDecodeStringFn *CrediUnmarshalandDecodeString;
828#else
829 PLSA_PROTECT_MEMORY DummyFunction4;
830 PLSA_PROTECT_MEMORY DummyFunction5;
831#endif
832 PLSA_PROTECT_MEMORY DummyFunction6;
833 PLSA_GET_EXTENDED_CALL_FLAGS GetExtendedCallFlags;
834 PLSA_DUPLICATE_HANDLE DuplicateTokenHandle;
835 PLSA_GET_SERVICE_ACCOUNT_PASSWORD GetServiceAccountPassword;
836 PLSA_PROTECT_MEMORY DummyFunction7;
837 PLSA_AUDIT_LOGON_EX AuditLogonEx;
838 PLSA_CHECK_PROTECTED_USER_BY_TOKEN CheckProtectedUserByToken;
839 PLSA_QUERY_CLIENT_REQUEST QueryClientRequest;
840 PLSA_GET_APP_MODE_INFO GetAppModeInfo;
841 PLSA_SET_APP_MODE_INFO SetAppModeInfo;
842 PLSA_GET_CLIENT_INFO_EX GetClientInfoEx;
843 } LSA_SECPKG_FUNCTION_TABLE,*PLSA_SECPKG_FUNCTION_TABLE;
844
845 typedef PVOID (NTAPI LSA_LOCATE_PKG_BY_ID)(ULONG PackgeId);
846 typedef LSA_LOCATE_PKG_BY_ID *PLSA_LOCATE_PKG_BY_ID;
847
848 typedef struct _SECPKG_DLL_FUNCTIONS {
849 PLSA_ALLOCATE_LSA_HEAP AllocateHeap;
850 PLSA_FREE_LSA_HEAP FreeHeap;
851 PLSA_REGISTER_CALLBACK RegisterCallback;
852 PLSA_LOCATE_PKG_BY_ID LocatePackageById;
853 } SECPKG_DLL_FUNCTIONS,*PSECPKG_DLL_FUNCTIONS;
854
855 typedef NTSTATUS (NTAPI SpInitializeFn)(ULONG_PTR PackageId,PSECPKG_PARAMETERS Parameters,PLSA_SECPKG_FUNCTION_TABLE FunctionTable);
856 typedef NTSTATUS (NTAPI SpShutdownFn)(VOID);
857 typedef NTSTATUS (NTAPI SpGetInfoFn)(PSecPkgInfo PackageInfo);
858 typedef NTSTATUS (NTAPI SpGetExtendedInformationFn)(SECPKG_EXTENDED_INFORMATION_CLASS Class,PSECPKG_EXTENDED_INFORMATION *ppInformation);
859 typedef NTSTATUS (NTAPI SpSetExtendedInformationFn)(SECPKG_EXTENDED_INFORMATION_CLASS Class,PSECPKG_EXTENDED_INFORMATION Info);
860 typedef NTSTATUS (LSA_AP_LOGON_USER_EX2)(PLSA_CLIENT_REQUEST ClientRequest,SECURITY_LOGON_TYPE LogonType,PVOID AuthenticationInformation,PVOID ClientAuthenticationBase,ULONG AuthenticationInformationLength,PVOID *ProfileBuffer,PULONG ProfileBufferLength,PLUID LogonId,PNTSTATUS SubStatus,PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,PVOID *TokenInformation,PUNICODE_STRING *AccountName,PUNICODE_STRING *AuthenticatingAuthority,PUNICODE_STRING *MachineName,PSECPKG_PRIMARY_CRED PrimaryCredentials,PSECPKG_SUPPLEMENTAL_CRED_ARRAY *CachedCredentials);
861
862 typedef LSA_AP_LOGON_USER_EX2 *PLSA_AP_LOGON_USER_EX2;
863
864#define LSA_AP_NAME_LOGON_USER_EX2 "LsaApLogonUserEx2\0"
865
866 typedef NTSTATUS (LSA_AP_LOGON_USER_EX3)(PLSA_CLIENT_REQUEST ClientRequest, SECURITY_LOGON_TYPE LogonType, PVOID ProtocolSubmitBuffer, PVOID ClientBufferBase, ULONG SubmitBufferSize, PSECPKG_SURROGATE_LOGON SurrogateLogon, PVOID *ProfileBuffer, PULONG ProfileBufferSize, PLUID LogonId, PNTSTATUS SubStatus, PLSA_TOKEN_INFORMATION_TYPE TokenInformationType, PVOID *TokenInformation, PUNICODE_STRING *AccountName, PUNICODE_STRING *AuthenticatingAuthority, PUNICODE_STRING *MachineName, PSECPKG_PRIMARY_CRED PrimaryCredentials, PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials);
867 typedef LSA_AP_LOGON_USER_EX3 *PLSA_AP_LOGON_USER_EX3;
868 typedef NTSTATUS (LSA_AP_PRE_LOGON_USER_SURROGATE)(PLSA_CLIENT_REQUEST ClientRequest, SECURITY_LOGON_TYPE LogonType, PVOID ProtocolSubmitBuffer, PVOID ClientBufferBase, ULONG SubmitBufferSize, PSECPKG_SURROGATE_LOGON SurrogateLogon, PNTSTATUS SubStatus);
869 typedef LSA_AP_PRE_LOGON_USER_SURROGATE *PLSA_AP_PRE_LOGON_USER_SURROGATE;
870 typedef NTSTATUS (LSA_AP_POST_LOGON_USER_SURROGATE)(PLSA_CLIENT_REQUEST ClientRequest, SECURITY_LOGON_TYPE LogonType, PVOID ProtocolSubmitBuffer, PVOID ClientBufferBase, ULONG SubmitBufferSize, PSECPKG_SURROGATE_LOGON SurrogateLogon, PVOID ProfileBuffer, ULONG ProfileBufferSize, PLUID LogonId, NTSTATUS Status, NTSTATUS SubStatus, LSA_TOKEN_INFORMATION_TYPE TokenInformationType, PVOID TokenInformation, PUNICODE_STRING AccountName, PUNICODE_STRING AuthenticatingAuthority, PUNICODE_STRING MachineName, PSECPKG_PRIMARY_CRED PrimaryCredentials, PSECPKG_SUPPLEMENTAL_CRED_ARRAY SupplementalCredentials);
871 typedef LSA_AP_POST_LOGON_USER_SURROGATE *PLSA_AP_POST_LOGON_USER_SURROGATE;
872
873 typedef NTSTATUS (NTAPI SpAcceptCredentialsFn)(SECURITY_LOGON_TYPE LogonType,PUNICODE_STRING AccountName,PSECPKG_PRIMARY_CRED PrimaryCredentials,PSECPKG_SUPPLEMENTAL_CRED SupplementalCredentials);
874
875#define SP_ACCEPT_CREDENTIALS_NAME "SpAcceptCredentials\0"
876
877 typedef NTSTATUS (NTAPI SpAcquireCredentialsHandleFn)(PUNICODE_STRING PrincipalName,ULONG CredentialUseFlags,PLUID LogonId,PVOID AuthorizationData,PVOID GetKeyFunciton,PVOID GetKeyArgument,PLSA_SEC_HANDLE CredentialHandle,PTimeStamp ExpirationTime);
878 typedef NTSTATUS (NTAPI SpFreeCredentialsHandleFn)(LSA_SEC_HANDLE CredentialHandle);
879 typedef NTSTATUS (NTAPI SpQueryCredentialsAttributesFn)(LSA_SEC_HANDLE CredentialHandle,ULONG CredentialAttribute,PVOID Buffer);
880 typedef NTSTATUS (NTAPI SpSetCredentialsAttributesFn)(LSA_SEC_HANDLE CredentialHandle,ULONG CredentialAttribute,PVOID Buffer,ULONG BufferSize);
881 typedef NTSTATUS (NTAPI SpAddCredentialsFn)(LSA_SEC_HANDLE CredentialHandle,PUNICODE_STRING PrincipalName,PUNICODE_STRING Package,ULONG CredentialUseFlags,PVOID AuthorizationData,PVOID GetKeyFunciton,PVOID GetKeyArgument,PTimeStamp ExpirationTime);
882 typedef NTSTATUS (NTAPI SpSaveCredentialsFn)(LSA_SEC_HANDLE CredentialHandle,PSecBuffer Credentials);
883 typedef NTSTATUS (NTAPI SpGetCredentialsFn)(LSA_SEC_HANDLE CredentialHandle,PSecBuffer Credentials);
884 typedef NTSTATUS (NTAPI SpDeleteCredentialsFn)(LSA_SEC_HANDLE CredentialHandle,PSecBuffer Key);
885 typedef NTSTATUS (NTAPI SpInitLsaModeContextFn)(LSA_SEC_HANDLE CredentialHandle,LSA_SEC_HANDLE ContextHandle,PUNICODE_STRING TargetName,ULONG ContextRequirements,ULONG TargetDataRep,PSecBufferDesc InputBuffers,PLSA_SEC_HANDLE NewContextHandle,PSecBufferDesc OutputBuffers,PULONG ContextAttributes,PTimeStamp ExpirationTime,PBOOLEAN MappedContext,PSecBuffer ContextData);
886 typedef NTSTATUS (NTAPI SpDeleteContextFn)(LSA_SEC_HANDLE ContextHandle);
887 typedef NTSTATUS (NTAPI SpApplyControlTokenFn)(LSA_SEC_HANDLE ContextHandle,PSecBufferDesc ControlToken);
888 typedef NTSTATUS (NTAPI SpAcceptLsaModeContextFn)(LSA_SEC_HANDLE CredentialHandle,LSA_SEC_HANDLE ContextHandle,PSecBufferDesc InputBuffer,ULONG ContextRequirements,ULONG TargetDataRep,PLSA_SEC_HANDLE NewContextHandle,PSecBufferDesc OutputBuffer,PULONG ContextAttributes,PTimeStamp ExpirationTime,PBOOLEAN MappedContext,PSecBuffer ContextData);
889 typedef NTSTATUS (NTAPI SpGetUserInfoFn)(PLUID LogonId,ULONG Flags,PSecurityUserData *UserData);
890 typedef NTSTATUS (NTAPI SpQueryContextAttributesFn)(LSA_SEC_HANDLE ContextHandle,ULONG ContextAttribute,PVOID Buffer);
891 typedef NTSTATUS (NTAPI SpSetContextAttributesFn)(LSA_SEC_HANDLE ContextHandle,ULONG ContextAttribute,PVOID Buffer,ULONG BufferSize);
892 typedef NTSTATUS (NTAPI SpChangeAccountPasswordFn)(PUNICODE_STRING pDomainName, PUNICODE_STRING pAccountName, PUNICODE_STRING pOldPassword, PUNICODE_STRING pNewPassword, BOOLEAN Impersonating, PSecBufferDesc pOutput);
893 typedef NTSTATUS (NTAPI SpQueryMetaDataFn)(LSA_SEC_HANDLE CredentialHandle, PUNICODE_STRING TargetName, ULONG ContextRequirements, PULONG MetaDataLength, PUCHAR *MetaData, PLSA_SEC_HANDLE ContextHandle);
894 typedef NTSTATUS (NTAPI SpExchangeMetaDataFn)(LSA_SEC_HANDLE CredentialHandle, PUNICODE_STRING TargetName, ULONG ContextRequirements, ULONG MetaDataLength, PUCHAR MetaData, PLSA_SEC_HANDLE ContextHandle);
895 typedef NTSTATUS (NTAPI SpGetCredUIContextFn)(LSA_SEC_HANDLE ContextHandle, GUID *CredType, PULONG FlatCredUIContextLength, PUCHAR *FlatCredUIContext);
896 typedef NTSTATUS (NTAPI SpUpdateCredentialsFn)(LSA_SEC_HANDLE ContextHandle, GUID *CredType, ULONG FlatCredUIContextLength, PUCHAR FlatCredUIContext);
897 typedef NTSTATUS (NTAPI SpValidateTargetInfoFn)(PLSA_CLIENT_REQUEST ClientRequest, PVOID ProtocolSubmitBuffer, PVOID ClientBufferBase, ULONG SubmitBufferLength, PSECPKG_TARGETINFO TargetInfo);
898 typedef NTSTATUS (NTAPI SpExtractTargetInfoFn)(PLSA_CLIENT_REQUEST ClientRequest, PVOID ProtocolSubmitBuffer, PVOID ClientBufferBase, ULONG SubmitBufferLength, PVOID *ppvTargetInfo, ULONG *pcbTargetInfo);
899 typedef NTSTATUS (NTAPI LSA_AP_POST_LOGON_USER)(PSECPKG_POST_LOGON_USER_INFO PostLogonUserInfo);
900 typedef NTSTATUS (NTAPI SpGetRemoteCredGuardLogonBufferFn)(LSA_SEC_HANDLE CredHandle, LSA_SEC_HANDLE ContextHandle, const UNICODE_STRING *TargetName, PHANDLE RedirectedLogonHandle, PLSA_REDIRECTED_LOGON_CALLBACK *Callback, PLSA_REDIRECTED_LOGON_CLEANUP_CALLBACK *CleanupCallback, PULONG LogonBufferSize, PVOID *LogonBuffer);
901 typedef NTSTATUS (NTAPI SpGetRemoteCredGuardSupplementalCredsFn)(LSA_SEC_HANDLE CredHandle, const UNICODE_STRING *TargetName, PHANDLE RedirectedLogonHandle, PLSA_REDIRECTED_LOGON_CALLBACK *Callback, PLSA_REDIRECTED_LOGON_CLEANUP_CALLBACK *CleanupCallback, PULONG SupplementalCredsSize, PVOID *SupplementalCreds);
902 typedef NTSTATUS (NTAPI SpGetTbalSupplementalCredsFn)(LUID LogonId, PULONG SupplementalCredsSize, PVOID *SupplementalCreds);
903
904 typedef struct _SECPKG_FUNCTION_TABLE {
905 PLSA_AP_INITIALIZE_PACKAGE InitializePackage;
906 PLSA_AP_LOGON_USER LogonUser;
907 PLSA_AP_CALL_PACKAGE CallPackage;
908 PLSA_AP_LOGON_TERMINATED LogonTerminated;
909 PLSA_AP_CALL_PACKAGE_UNTRUSTED CallPackageUntrusted;
910 PLSA_AP_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough;
911 PLSA_AP_LOGON_USER_EX LogonUserEx;
912 PLSA_AP_LOGON_USER_EX2 LogonUserEx2;
913 SpInitializeFn *Initialize;
914 SpShutdownFn *Shutdown;
915 SpGetInfoFn *GetInfo;
916 SpAcceptCredentialsFn *AcceptCredentials;
917 SpAcquireCredentialsHandleFn *AcquireCredentialsHandle;
918 SpQueryCredentialsAttributesFn *QueryCredentialsAttributes;
919 SpFreeCredentialsHandleFn *FreeCredentialsHandle;
920 SpSaveCredentialsFn *SaveCredentials;
921 SpGetCredentialsFn *GetCredentials;
922 SpDeleteCredentialsFn *DeleteCredentials;
923 SpInitLsaModeContextFn *InitLsaModeContext;
924 SpAcceptLsaModeContextFn *AcceptLsaModeContext;
925 SpDeleteContextFn *DeleteContext;
926 SpApplyControlTokenFn *ApplyControlToken;
927 SpGetUserInfoFn *GetUserInfo;
928 SpGetExtendedInformationFn *GetExtendedInformation;
929 SpQueryContextAttributesFn *QueryContextAttributes;
930 SpAddCredentialsFn *AddCredentials;
931 SpSetExtendedInformationFn *SetExtendedInformation;
932 SpSetContextAttributesFn *SetContextAttributes;
933 SpSetCredentialsAttributesFn *SetCredentialsAttributes;
934 SpChangeAccountPasswordFn *ChangeAccountPassword;
935 SpQueryMetaDataFn *QueryMetaData;
936 SpExchangeMetaDataFn *ExchangeMetaData;
937 SpGetCredUIContextFn *GetCredUIContext;
938 SpUpdateCredentialsFn *UpdateCredentials;
939 SpValidateTargetInfoFn *ValidateTargetInfo;
940 LSA_AP_POST_LOGON_USER *PostLogonUser;
941 SpGetRemoteCredGuardLogonBufferFn *GetRemoteCredGuardLogonBuffer;
942 SpGetRemoteCredGuardSupplementalCredsFn *GetRemoteCredGuardSupplementalCreds;
943 SpGetTbalSupplementalCredsFn *GetTbalSupplementalCreds;
944 PLSA_AP_LOGON_USER_EX3 LogonUserEx3;
945 PLSA_AP_PRE_LOGON_USER_SURROGATE PreLogonUserSurrogate;
946 PLSA_AP_POST_LOGON_USER_SURROGATE PostLogonUserSurrogate;
947 SpExtractTargetInfoFn *ExtractTargetInfo;
948 } SECPKG_FUNCTION_TABLE,*PSECPKG_FUNCTION_TABLE;
949
950 typedef NTSTATUS (NTAPI SpInstanceInitFn)(ULONG Version,PSECPKG_DLL_FUNCTIONS FunctionTable,PVOID *UserFunctions);
951 typedef NTSTATUS (NTAPI SpInitUserModeContextFn)(LSA_SEC_HANDLE ContextHandle,PSecBuffer PackedContext);
952 typedef NTSTATUS (NTAPI SpMakeSignatureFn)(LSA_SEC_HANDLE ContextHandle,ULONG QualityOfProtection,PSecBufferDesc MessageBuffers,ULONG MessageSequenceNumber);
953 typedef NTSTATUS (NTAPI SpVerifySignatureFn)(LSA_SEC_HANDLE ContextHandle,PSecBufferDesc MessageBuffers,ULONG MessageSequenceNumber,PULONG QualityOfProtection);
954 typedef NTSTATUS (NTAPI SpSealMessageFn)(LSA_SEC_HANDLE ContextHandle,ULONG QualityOfProtection,PSecBufferDesc MessageBuffers,ULONG MessageSequenceNumber);
955 typedef NTSTATUS (NTAPI SpUnsealMessageFn)(LSA_SEC_HANDLE ContextHandle,PSecBufferDesc MessageBuffers,ULONG MessageSequenceNumber,PULONG QualityOfProtection);
956 typedef NTSTATUS (NTAPI SpGetContextTokenFn)(LSA_SEC_HANDLE ContextHandle,PHANDLE ImpersonationToken);
957 typedef NTSTATUS (NTAPI SpExportSecurityContextFn)(LSA_SEC_HANDLE phContext,ULONG fFlags,PSecBuffer pPackedContext,PHANDLE pToken);
958 typedef NTSTATUS (NTAPI SpImportSecurityContextFn)(PSecBuffer pPackedContext,HANDLE Token,PLSA_SEC_HANDLE phContext);
959 typedef NTSTATUS (NTAPI SpCompleteAuthTokenFn)(LSA_SEC_HANDLE ContextHandle,PSecBufferDesc InputBuffer);
960 typedef NTSTATUS (NTAPI SpFormatCredentialsFn)(PSecBuffer Credentials,PSecBuffer FormattedCredentials);
961 typedef NTSTATUS (NTAPI SpMarshallSupplementalCredsFn)(ULONG CredentialSize,PUCHAR Credentials,PULONG MarshalledCredSize,PVOID *MarshalledCreds);
962
963#define SECPKG_UNICODE_ATTRIBUTE 0x80000000
964#define SECPKG_ANSI_ATTRIBUTE 0
965#define SECPKG_CREDENTIAL_ATTRIBUTE 0
966
967 typedef NTSTATUS (NTAPI SpMarshalAttributeDataFn)(DWORD AttributeInfo, ULONG Attribute, ULONG AttributeDataSize, PBYTE AttributeData, PULONG MarshaledAttributeDataSize, PBYTE *MarshaledAttributeData);
968
969 typedef struct _SECPKG_USER_FUNCTION_TABLE {
970 SpInstanceInitFn *InstanceInit;
971 SpInitUserModeContextFn *InitUserModeContext;
972 SpMakeSignatureFn *MakeSignature;
973 SpVerifySignatureFn *VerifySignature;
974 SpSealMessageFn *SealMessage;
975 SpUnsealMessageFn *UnsealMessage;
976 SpGetContextTokenFn *GetContextToken;
977 SpQueryContextAttributesFn *QueryContextAttributes;
978 SpCompleteAuthTokenFn *CompleteAuthToken;
979 SpDeleteContextFn *DeleteUserModeContext;
980 SpFormatCredentialsFn *FormatCredentials;
981 SpMarshallSupplementalCredsFn *MarshallSupplementalCreds;
982 SpExportSecurityContextFn *ExportContext;
983 SpImportSecurityContextFn *ImportContext;
984 SpMarshalAttributeDataFn *MarshalAttributeData;
985 } SECPKG_USER_FUNCTION_TABLE,*PSECPKG_USER_FUNCTION_TABLE;
986
987 typedef NTSTATUS (SEC_ENTRY *SpLsaModeInitializeFn)(ULONG LsaVersion,PULONG PackageVersion,PSECPKG_FUNCTION_TABLE *ppTables,PULONG pcTables);
988 typedef NTSTATUS (SEC_ENTRY *SpUserModeInitializeFn)(ULONG LsaVersion,PULONG PackageVersion,PSECPKG_USER_FUNCTION_TABLE *ppTables,PULONG pcTables);
989
990#define SECPKG_LSAMODEINIT_NAME "SpLsaModeInitialize"
991#define SECPKG_USERMODEINIT_NAME "SpUserModeInitialize"
992
993#define SECPKG_INTERFACE_VERSION 0x00010000
994#define SECPKG_INTERFACE_VERSION_2 0x00020000
995#define SECPKG_INTERFACE_VERSION_3 0x00040000
996#define SECPKG_INTERFACE_VERSION_4 0x00080000
997#define SECPKG_INTERFACE_VERSION_5 0x00100000
998#define SECPKG_INTERFACE_VERSION_6 0x00200000
999#define SECPKG_INTERFACE_VERSION_7 0x00400000
1000#define SECPKG_INTERFACE_VERSION_8 0x00800000
1001#define SECPKG_INTERFACE_VERSION_9 0x01000000
1002#define SECPKG_INTERFACE_VERSION_10 0x02000000
1003#define SECPKG_INTERFACE_VERSION_11 0x04000000
1004
1005 typedef enum _KSEC_CONTEXT_TYPE {
1006 KSecPaged,KSecNonPaged
1007 } KSEC_CONTEXT_TYPE;
1008
1009 typedef struct _KSEC_LIST_ENTRY {
1010 LIST_ENTRY List;
1011 LONG RefCount;
1012 ULONG Signature;
1013 PVOID OwningList;
1014 PVOID Reserved;
1015 } KSEC_LIST_ENTRY,*PKSEC_LIST_ENTRY;
1016
1017#define KsecInitializeListEntry(Entry,SigValue) ((PKSEC_LIST_ENTRY) Entry)->List.Flink = ((PKSEC_LIST_ENTRY) Entry)->List.Blink = NULL; ((PKSEC_LIST_ENTRY) Entry)->RefCount = 1; ((PKSEC_LIST_ENTRY) Entry)->Signature = SigValue; ((PKSEC_LIST_ENTRY) Entry)->OwningList = NULL; ((PKSEC_LIST_ENTRY) Entry)->Reserved = NULL;
1018
1019 typedef PVOID (SEC_ENTRY KSEC_CREATE_CONTEXT_LIST)(KSEC_CONTEXT_TYPE Type);
1020 typedef VOID (SEC_ENTRY KSEC_INSERT_LIST_ENTRY)(PVOID List,PKSEC_LIST_ENTRY Entry);
1021 typedef NTSTATUS (SEC_ENTRY KSEC_REFERENCE_LIST_ENTRY)(PKSEC_LIST_ENTRY Entry,ULONG Signature,BOOLEAN RemoveNoRef);
1022 typedef VOID (SEC_ENTRY KSEC_DEREFERENCE_LIST_ENTRY)(PKSEC_LIST_ENTRY Entry,BOOLEAN *Delete);
1023 typedef NTSTATUS (SEC_ENTRY KSEC_SERIALIZE_WINNT_AUTH_DATA)(PVOID pvAuthData,PULONG Size,PVOID *SerializedData);
1024 typedef NTSTATUS (SEC_ENTRY KSEC_SERIALIZE_SCHANNEL_AUTH_DATA)(PVOID pvAuthData,PULONG Size,PVOID *SerializedData);
1025
1026 KSEC_CREATE_CONTEXT_LIST KSecCreateContextList;
1027 KSEC_INSERT_LIST_ENTRY KSecInsertListEntry;
1028 KSEC_REFERENCE_LIST_ENTRY KSecReferenceListEntry;
1029 KSEC_DEREFERENCE_LIST_ENTRY KSecDereferenceListEntry;
1030 KSEC_SERIALIZE_WINNT_AUTH_DATA KSecSerializeWinntAuthData;
1031 KSEC_SERIALIZE_SCHANNEL_AUTH_DATA KSecSerializeSchannelAuthData;
1032
1033 typedef KSEC_CREATE_CONTEXT_LIST *PKSEC_CREATE_CONTEXT_LIST;
1034 typedef KSEC_INSERT_LIST_ENTRY *PKSEC_INSERT_LIST_ENTRY;
1035 typedef KSEC_REFERENCE_LIST_ENTRY *PKSEC_REFERENCE_LIST_ENTRY;
1036 typedef KSEC_DEREFERENCE_LIST_ENTRY *PKSEC_DEREFERENCE_LIST_ENTRY;
1037 typedef KSEC_SERIALIZE_WINNT_AUTH_DATA *PKSEC_SERIALIZE_WINNT_AUTH_DATA;
1038 typedef KSEC_SERIALIZE_SCHANNEL_AUTH_DATA *PKSEC_SERIALIZE_SCHANNEL_AUTH_DATA;
1039
1040 typedef PVOID (SEC_ENTRY KSEC_LOCATE_PKG_BY_ID)(ULONG PackageId);
1041 typedef KSEC_LOCATE_PKG_BY_ID *PKSEC_LOCATE_PKG_BY_ID;
1042 KSEC_LOCATE_PKG_BY_ID KSecLocatePackageById;
1043
1044 typedef struct _SECPKG_KERNEL_FUNCTIONS {
1045 PLSA_ALLOCATE_LSA_HEAP AllocateHeap;
1046 PLSA_FREE_LSA_HEAP FreeHeap;
1047 PKSEC_CREATE_CONTEXT_LIST CreateContextList;
1048 PKSEC_INSERT_LIST_ENTRY InsertListEntry;
1049 PKSEC_REFERENCE_LIST_ENTRY ReferenceListEntry;
1050 PKSEC_DEREFERENCE_LIST_ENTRY DereferenceListEntry;
1051 PKSEC_SERIALIZE_WINNT_AUTH_DATA SerializeWinntAuthData;
1052 PKSEC_SERIALIZE_SCHANNEL_AUTH_DATA SerializeSchannelAuthData;
1053 PKSEC_LOCATE_PKG_BY_ID LocatePackageById;
1054 } SECPKG_KERNEL_FUNCTIONS,*PSECPKG_KERNEL_FUNCTIONS;
1055
1056 typedef NTSTATUS (NTAPI KspInitPackageFn)(PSECPKG_KERNEL_FUNCTIONS FunctionTable);
1057 typedef NTSTATUS (NTAPI KspDeleteContextFn)(LSA_SEC_HANDLE ContextId,PLSA_SEC_HANDLE LsaContextId);
1058 typedef NTSTATUS (NTAPI KspInitContextFn)(LSA_SEC_HANDLE ContextId,PSecBuffer ContextData,PLSA_SEC_HANDLE NewContextId);
1059 typedef NTSTATUS (NTAPI KspMakeSignatureFn)(LSA_SEC_HANDLE ContextId,ULONG fQOP,PSecBufferDesc Message,ULONG MessageSeqNo);
1060 typedef NTSTATUS (NTAPI KspVerifySignatureFn)(LSA_SEC_HANDLE ContextId,PSecBufferDesc Message,ULONG MessageSeqNo,PULONG pfQOP);
1061 typedef NTSTATUS (NTAPI KspSealMessageFn)(LSA_SEC_HANDLE ContextId,ULONG fQOP,PSecBufferDesc Message,ULONG MessageSeqNo);
1062 typedef NTSTATUS (NTAPI KspUnsealMessageFn)(LSA_SEC_HANDLE ContextId,PSecBufferDesc Message,ULONG MessageSeqNo,PULONG pfQOP);
1063 typedef NTSTATUS (NTAPI KspGetTokenFn)(LSA_SEC_HANDLE ContextId,PHANDLE ImpersonationToken,PACCESS_TOKEN *RawToken);
1064 typedef NTSTATUS (NTAPI KspQueryAttributesFn)(LSA_SEC_HANDLE ContextId,ULONG Attribute,PVOID Buffer);
1065 typedef NTSTATUS (NTAPI KspCompleteTokenFn)(LSA_SEC_HANDLE ContextId,PSecBufferDesc Token);
1066 typedef NTSTATUS (NTAPI KspMapHandleFn)(LSA_SEC_HANDLE ContextId,PLSA_SEC_HANDLE LsaContextId);
1067 typedef NTSTATUS (NTAPI KspSetPagingModeFn)(BOOLEAN PagingMode);
1068 typedef NTSTATUS (NTAPI KspSerializeAuthDataFn)(PVOID pvAuthData,PULONG Size,PVOID *SerializedData);
1069
1070 typedef struct _SECPKG_KERNEL_FUNCTION_TABLE {
1071 KspInitPackageFn *Initialize;
1072 KspDeleteContextFn *DeleteContext;
1073 KspInitContextFn *InitContext;
1074 KspMapHandleFn *MapHandle;
1075 KspMakeSignatureFn *Sign;
1076 KspVerifySignatureFn *Verify;
1077 KspSealMessageFn *Seal;
1078 KspUnsealMessageFn *Unseal;
1079 KspGetTokenFn *GetToken;
1080 KspQueryAttributesFn *QueryAttributes;
1081 KspCompleteTokenFn *CompleteToken;
1082 SpExportSecurityContextFn *ExportContext;
1083 SpImportSecurityContextFn *ImportContext;
1084 KspSetPagingModeFn *SetPackagePagingMode;
1085 KspSerializeAuthDataFn *SerializeAuthData;
1086 } SECPKG_KERNEL_FUNCTION_TABLE,*PSECPKG_KERNEL_FUNCTION_TABLE;
1087
1088 SECURITY_STATUS SEC_ENTRY KSecRegisterSecurityProvider(PSECURITY_STRING ProviderName,PSECPKG_KERNEL_FUNCTION_TABLE Table);
1089
1090 SECURITY_STATUS SEC_ENTRY KSecLocatePackage(PUNICODE_STRING PackageName, PSECPKG_KERNEL_FUNCTION_TABLE *Package, PULONG_PTR PackageId);
1091
1092 extern SECPKG_KERNEL_FUNCTIONS KspKernelFunctions;
1093
1094#ifdef __cplusplus
1095}
1096#endif
1097#endif