mirror of
https://git.code.sf.net/p/mingw-w64/mingw-w64
synced 2024-11-23 18:04:18 +08:00
9d937a7f4f
git-svn-id: svn+ssh://svn.code.sf.net/p/mingw-w64/code/trunk@3 4407c894-4637-0410-b4f5-ada5f102cad1
1302 lines
48 KiB
C
Executable File
1302 lines
48 KiB
C
Executable File
/**
|
|
* This file has no copyright assigned and is placed in the Public Domain.
|
|
* This file is part of the w64 mingw-runtime package.
|
|
* No warranty is given; refer to the file DISCLAIMER within this package.
|
|
*/
|
|
#ifndef _NTSECAPI_
|
|
#define _NTSECAPI_
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
#ifndef _NTDEF_
|
|
typedef LONG NTSTATUS,*PNTSTATUS;
|
|
#endif
|
|
|
|
#ifndef _NTLSA_IFS_
|
|
typedef ULONG LSA_OPERATIONAL_MODE,*PLSA_OPERATIONAL_MODE;
|
|
#endif
|
|
|
|
#define LSA_MODE_PASSWORD_PROTECTED (0x00000001L)
|
|
#define LSA_MODE_INDIVIDUAL_ACCOUNTS (0x00000002L)
|
|
#define LSA_MODE_MANDATORY_ACCESS (0x00000004L)
|
|
#define LSA_MODE_LOG_FULL (0x00000008L)
|
|
|
|
#ifndef _NTLSA_IFS_
|
|
typedef enum _SECURITY_LOGON_TYPE {
|
|
Interactive = 2,Network,Batch,Service,Proxy,Unlock,NetworkCleartext,NewCredentials,RemoteInteractive,CachedInteractive,
|
|
CachedRemoteInteractive,CachedUnlock
|
|
} SECURITY_LOGON_TYPE,*PSECURITY_LOGON_TYPE;
|
|
#endif
|
|
|
|
#ifndef _NTLSA_IFS_
|
|
|
|
#ifndef _NTLSA_AUDIT_
|
|
#define _NTLSA_AUDIT_
|
|
|
|
typedef enum _SE_ADT_PARAMETER_TYPE {
|
|
SeAdtParmTypeNone = 0,SeAdtParmTypeString,SeAdtParmTypeFileSpec,SeAdtParmTypeUlong,SeAdtParmTypeSid,SeAdtParmTypeLogonId,
|
|
SeAdtParmTypeNoLogonId,SeAdtParmTypeAccessMask,SeAdtParmTypePrivs,SeAdtParmTypeObjectTypes,SeAdtParmTypeHexUlong,SeAdtParmTypePtr,
|
|
SeAdtParmTypeTime,SeAdtParmTypeGuid,SeAdtParmTypeLuid,SeAdtParmTypeHexInt64,SeAdtParmTypeStringList,SeAdtParmTypeSidList,
|
|
SeAdtParmTypeDuration,SeAdtParmTypeUserAccountControl,SeAdtParmTypeNoUac,SeAdtParmTypeMessage,SeAdtParmTypeDateTime,SeAdtParmTypeSockAddr
|
|
} SE_ADT_PARAMETER_TYPE,*PSE_ADT_PARAMETER_TYPE;
|
|
|
|
#ifndef GUID_DEFINED
|
|
#include <guiddef.h>
|
|
#endif
|
|
|
|
#define SE_ADT_OBJECT_ONLY 0x1
|
|
|
|
typedef struct _SE_ADT_OBJECT_TYPE {
|
|
GUID ObjectType;
|
|
USHORT Flags;
|
|
USHORT Level;
|
|
ACCESS_MASK AccessMask;
|
|
} SE_ADT_OBJECT_TYPE,*PSE_ADT_OBJECT_TYPE;
|
|
|
|
typedef struct _SE_ADT_PARAMETER_ARRAY_ENTRY {
|
|
SE_ADT_PARAMETER_TYPE Type;
|
|
ULONG Length;
|
|
ULONG_PTR Data[2];
|
|
PVOID Address;
|
|
} SE_ADT_PARAMETER_ARRAY_ENTRY,*PSE_ADT_PARAMETER_ARRAY_ENTRY;
|
|
|
|
#define SE_MAX_AUDIT_PARAMETERS 32
|
|
#define SE_MAX_GENERIC_AUDIT_PARAMETERS 28
|
|
|
|
typedef struct _SE_ADT_PARAMETER_ARRAY {
|
|
ULONG CategoryId;
|
|
ULONG AuditId;
|
|
ULONG ParameterCount;
|
|
ULONG Length;
|
|
USHORT Type;
|
|
ULONG Flags;
|
|
SE_ADT_PARAMETER_ARRAY_ENTRY Parameters[SE_MAX_AUDIT_PARAMETERS ];
|
|
} SE_ADT_PARAMETER_ARRAY,*PSE_ADT_PARAMETER_ARRAY;
|
|
|
|
#define SE_ADT_PARAMETERS_SELF_RELATIVE 0x00000001
|
|
#endif
|
|
#endif
|
|
|
|
typedef enum _POLICY_AUDIT_EVENT_TYPE {
|
|
AuditCategorySystem,AuditCategoryLogon,AuditCategoryObjectAccess,AuditCategoryPrivilegeUse,AuditCategoryDetailedTracking,
|
|
AuditCategoryPolicyChange,AuditCategoryAccountManagement,AuditCategoryDirectoryServiceAccess,AuditCategoryAccountLogon
|
|
} POLICY_AUDIT_EVENT_TYPE,*PPOLICY_AUDIT_EVENT_TYPE;
|
|
|
|
#define POLICY_AUDIT_EVENT_UNCHANGED (0x00000000L)
|
|
#define POLICY_AUDIT_EVENT_SUCCESS (0x00000001L)
|
|
#define POLICY_AUDIT_EVENT_FAILURE (0x00000002L)
|
|
#define POLICY_AUDIT_EVENT_NONE (0x00000004L)
|
|
#define POLICY_AUDIT_EVENT_MASK (POLICY_AUDIT_EVENT_SUCCESS | POLICY_AUDIT_EVENT_FAILURE | POLICY_AUDIT_EVENT_UNCHANGED | POLICY_AUDIT_EVENT_NONE)
|
|
|
|
#ifdef _NTDEF_
|
|
typedef UNICODE_STRING LSA_UNICODE_STRING,*PLSA_UNICODE_STRING;
|
|
typedef STRING LSA_STRING,*PLSA_STRING;
|
|
typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES,*PLSA_OBJECT_ATTRIBUTES;
|
|
#else
|
|
|
|
#ifndef IN
|
|
#define IN
|
|
#endif
|
|
|
|
#ifndef OUT
|
|
#define OUT
|
|
#endif
|
|
|
|
#ifndef OPTIONAL
|
|
#define OPTIONAL
|
|
#endif
|
|
|
|
typedef struct _LSA_UNICODE_STRING {
|
|
USHORT Length;
|
|
USHORT MaximumLength;
|
|
PWSTR Buffer;
|
|
} LSA_UNICODE_STRING,*PLSA_UNICODE_STRING;
|
|
|
|
typedef struct _LSA_STRING {
|
|
USHORT Length;
|
|
USHORT MaximumLength;
|
|
PCHAR Buffer;
|
|
} LSA_STRING,*PLSA_STRING;
|
|
|
|
typedef struct _LSA_OBJECT_ATTRIBUTES {
|
|
ULONG Length;
|
|
HANDLE RootDirectory;
|
|
PLSA_UNICODE_STRING ObjectName;
|
|
ULONG Attributes;
|
|
PVOID SecurityDescriptor;
|
|
PVOID SecurityQualityOfService;
|
|
} LSA_OBJECT_ATTRIBUTES,*PLSA_OBJECT_ATTRIBUTES;
|
|
#endif
|
|
|
|
#define LSA_SUCCESS(Error) ((LONG)(Error) >= 0)
|
|
|
|
#ifndef _NTLSA_IFS_
|
|
NTSTATUS NTAPI LsaRegisterLogonProcess(PLSA_STRING LogonProcessName,PHANDLE LsaHandle,PLSA_OPERATIONAL_MODE SecurityMode);
|
|
NTSTATUS NTAPI LsaLogonUser(HANDLE LsaHandle,PLSA_STRING OriginName,SECURITY_LOGON_TYPE LogonType,ULONG AuthenticationPackage,PVOID AuthenticationInformation,ULONG AuthenticationInformationLength,PTOKEN_GROUPS LocalGroups,PTOKEN_SOURCE SourceContext,PVOID *ProfileBuffer,PULONG ProfileBufferLength,PLUID LogonId,PHANDLE Token,PQUOTA_LIMITS Quotas,PNTSTATUS SubStatus);
|
|
NTSTATUS NTAPI LsaLookupAuthenticationPackage(HANDLE LsaHandle,PLSA_STRING PackageName,PULONG AuthenticationPackage);
|
|
NTSTATUS NTAPI LsaFreeReturnBuffer (PVOID Buffer);
|
|
NTSTATUS NTAPI LsaCallAuthenticationPackage(HANDLE LsaHandle,ULONG AuthenticationPackage,PVOID ProtocolSubmitBuffer,ULONG SubmitBufferLength,PVOID *ProtocolReturnBuffer,PULONG ReturnBufferLength,PNTSTATUS ProtocolStatus);
|
|
NTSTATUS NTAPI LsaDeregisterLogonProcess(HANDLE LsaHandle);
|
|
NTSTATUS NTAPI LsaConnectUntrusted(PHANDLE LsaHandle);
|
|
#endif
|
|
|
|
#define POLICY_VIEW_LOCAL_INFORMATION 0x00000001L
|
|
#define POLICY_VIEW_AUDIT_INFORMATION 0x00000002L
|
|
#define POLICY_GET_PRIVATE_INFORMATION 0x00000004L
|
|
#define POLICY_TRUST_ADMIN 0x00000008L
|
|
#define POLICY_CREATE_ACCOUNT 0x00000010L
|
|
#define POLICY_CREATE_SECRET 0x00000020L
|
|
#define POLICY_CREATE_PRIVILEGE 0x00000040L
|
|
#define POLICY_SET_DEFAULT_QUOTA_LIMITS 0x00000080L
|
|
#define POLICY_SET_AUDIT_REQUIREMENTS 0x00000100L
|
|
#define POLICY_AUDIT_LOG_ADMIN 0x00000200L
|
|
#define POLICY_SERVER_ADMIN 0x00000400L
|
|
#define POLICY_LOOKUP_NAMES 0x00000800L
|
|
#define POLICY_NOTIFICATION 0x00001000L
|
|
|
|
#define POLICY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | POLICY_VIEW_LOCAL_INFORMATION | POLICY_VIEW_AUDIT_INFORMATION | POLICY_GET_PRIVATE_INFORMATION | POLICY_TRUST_ADMIN | POLICY_CREATE_ACCOUNT | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE | POLICY_SET_DEFAULT_QUOTA_LIMITS | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN | POLICY_SERVER_ADMIN | POLICY_LOOKUP_NAMES)
|
|
#define POLICY_READ (STANDARD_RIGHTS_READ | POLICY_VIEW_AUDIT_INFORMATION | POLICY_GET_PRIVATE_INFORMATION)
|
|
#define POLICY_WRITE (STANDARD_RIGHTS_WRITE | POLICY_TRUST_ADMIN | POLICY_CREATE_ACCOUNT | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE | POLICY_SET_DEFAULT_QUOTA_LIMITS | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN | POLICY_SERVER_ADMIN)
|
|
#define POLICY_EXECUTE (STANDARD_RIGHTS_EXECUTE | POLICY_VIEW_LOCAL_INFORMATION | POLICY_LOOKUP_NAMES)
|
|
|
|
typedef struct _LSA_TRUST_INFORMATION {
|
|
LSA_UNICODE_STRING Name;
|
|
PSID Sid;
|
|
} LSA_TRUST_INFORMATION,*PLSA_TRUST_INFORMATION;
|
|
|
|
typedef struct _LSA_REFERENCED_DOMAIN_LIST {
|
|
ULONG Entries;
|
|
PLSA_TRUST_INFORMATION Domains;
|
|
} LSA_REFERENCED_DOMAIN_LIST,*PLSA_REFERENCED_DOMAIN_LIST;
|
|
|
|
typedef struct _LSA_TRANSLATED_SID {
|
|
SID_NAME_USE Use;
|
|
ULONG RelativeId;
|
|
LONG DomainIndex;
|
|
} LSA_TRANSLATED_SID,*PLSA_TRANSLATED_SID;
|
|
|
|
typedef struct _LSA_TRANSLATED_SID2 {
|
|
SID_NAME_USE Use;
|
|
PSID Sid;
|
|
LONG DomainIndex;
|
|
ULONG Flags;
|
|
} LSA_TRANSLATED_SID2,*PLSA_TRANSLATED_SID2;
|
|
|
|
typedef struct _LSA_TRANSLATED_NAME {
|
|
SID_NAME_USE Use;
|
|
LSA_UNICODE_STRING Name;
|
|
LONG DomainIndex;
|
|
} LSA_TRANSLATED_NAME,*PLSA_TRANSLATED_NAME;
|
|
|
|
typedef enum _POLICY_LSA_SERVER_ROLE {
|
|
PolicyServerRoleBackup = 2,PolicyServerRolePrimary
|
|
} POLICY_LSA_SERVER_ROLE,*PPOLICY_LSA_SERVER_ROLE;
|
|
|
|
typedef ULONG POLICY_AUDIT_EVENT_OPTIONS,*PPOLICY_AUDIT_EVENT_OPTIONS;
|
|
|
|
typedef enum _POLICY_INFORMATION_CLASS {
|
|
PolicyAuditLogInformation = 1,PolicyAuditEventsInformation,PolicyPrimaryDomainInformation,PolicyPdAccountInformation,
|
|
PolicyAccountDomainInformation,PolicyLsaServerRoleInformation,PolicyReplicaSourceInformation,PolicyDefaultQuotaInformation,
|
|
PolicyModificationInformation,PolicyAuditFullSetInformation,PolicyAuditFullQueryInformation,PolicyDnsDomainInformation,
|
|
PolicyDnsDomainInformationInt
|
|
} POLICY_INFORMATION_CLASS,*PPOLICY_INFORMATION_CLASS;
|
|
|
|
typedef struct _POLICY_AUDIT_LOG_INFO {
|
|
ULONG AuditLogPercentFull;
|
|
ULONG MaximumLogSize;
|
|
LARGE_INTEGER AuditRetentionPeriod;
|
|
BOOLEAN AuditLogFullShutdownInProgress;
|
|
LARGE_INTEGER TimeToShutdown;
|
|
ULONG NextAuditRecordId;
|
|
} POLICY_AUDIT_LOG_INFO,*PPOLICY_AUDIT_LOG_INFO;
|
|
|
|
typedef struct _POLICY_AUDIT_EVENTS_INFO {
|
|
BOOLEAN AuditingMode;
|
|
PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions;
|
|
ULONG MaximumAuditEventCount;
|
|
} POLICY_AUDIT_EVENTS_INFO,*PPOLICY_AUDIT_EVENTS_INFO;
|
|
|
|
typedef struct _POLICY_ACCOUNT_DOMAIN_INFO {
|
|
LSA_UNICODE_STRING DomainName;
|
|
PSID DomainSid;
|
|
} POLICY_ACCOUNT_DOMAIN_INFO,*PPOLICY_ACCOUNT_DOMAIN_INFO;
|
|
|
|
typedef struct _POLICY_PRIMARY_DOMAIN_INFO {
|
|
LSA_UNICODE_STRING Name;
|
|
PSID Sid;
|
|
} POLICY_PRIMARY_DOMAIN_INFO,*PPOLICY_PRIMARY_DOMAIN_INFO;
|
|
|
|
typedef struct _POLICY_DNS_DOMAIN_INFO {
|
|
LSA_UNICODE_STRING Name;
|
|
LSA_UNICODE_STRING DnsDomainName;
|
|
LSA_UNICODE_STRING DnsForestName;
|
|
GUID DomainGuid;
|
|
PSID Sid;
|
|
} POLICY_DNS_DOMAIN_INFO,*PPOLICY_DNS_DOMAIN_INFO;
|
|
|
|
typedef struct _POLICY_PD_ACCOUNT_INFO {
|
|
LSA_UNICODE_STRING Name;
|
|
} POLICY_PD_ACCOUNT_INFO,*PPOLICY_PD_ACCOUNT_INFO;
|
|
|
|
typedef struct _POLICY_LSA_SERVER_ROLE_INFO {
|
|
POLICY_LSA_SERVER_ROLE LsaServerRole;
|
|
} POLICY_LSA_SERVER_ROLE_INFO,*PPOLICY_LSA_SERVER_ROLE_INFO;
|
|
|
|
typedef struct _POLICY_REPLICA_SOURCE_INFO {
|
|
LSA_UNICODE_STRING ReplicaSource;
|
|
LSA_UNICODE_STRING ReplicaAccountName;
|
|
} POLICY_REPLICA_SOURCE_INFO,*PPOLICY_REPLICA_SOURCE_INFO;
|
|
|
|
typedef struct _POLICY_DEFAULT_QUOTA_INFO {
|
|
QUOTA_LIMITS QuotaLimits;
|
|
} POLICY_DEFAULT_QUOTA_INFO,*PPOLICY_DEFAULT_QUOTA_INFO;
|
|
|
|
typedef struct _POLICY_MODIFICATION_INFO {
|
|
LARGE_INTEGER ModifiedId;
|
|
LARGE_INTEGER DatabaseCreationTime;
|
|
} POLICY_MODIFICATION_INFO,*PPOLICY_MODIFICATION_INFO;
|
|
|
|
typedef struct _POLICY_AUDIT_FULL_SET_INFO {
|
|
BOOLEAN ShutDownOnFull;
|
|
} POLICY_AUDIT_FULL_SET_INFO,*PPOLICY_AUDIT_FULL_SET_INFO;
|
|
|
|
typedef struct _POLICY_AUDIT_FULL_QUERY_INFO {
|
|
BOOLEAN ShutDownOnFull;
|
|
BOOLEAN LogIsFull;
|
|
} POLICY_AUDIT_FULL_QUERY_INFO,*PPOLICY_AUDIT_FULL_QUERY_INFO;
|
|
|
|
typedef enum _POLICY_DOMAIN_INFORMATION_CLASS {
|
|
PolicyDomainEfsInformation = 2,PolicyDomainKerberosTicketInformation
|
|
} POLICY_DOMAIN_INFORMATION_CLASS,*PPOLICY_DOMAIN_INFORMATION_CLASS;
|
|
|
|
typedef struct _POLICY_DOMAIN_EFS_INFO {
|
|
ULONG InfoLength;
|
|
PUCHAR EfsBlob;
|
|
} POLICY_DOMAIN_EFS_INFO,*PPOLICY_DOMAIN_EFS_INFO;
|
|
|
|
#define POLICY_KERBEROS_VALIDATE_CLIENT 0x00000080
|
|
|
|
typedef struct _POLICY_DOMAIN_KERBEROS_TICKET_INFO {
|
|
ULONG AuthenticationOptions;
|
|
LARGE_INTEGER MaxServiceTicketAge;
|
|
LARGE_INTEGER MaxTicketAge;
|
|
LARGE_INTEGER MaxRenewAge;
|
|
LARGE_INTEGER MaxClockSkew;
|
|
LARGE_INTEGER Reserved;
|
|
} POLICY_DOMAIN_KERBEROS_TICKET_INFO,*PPOLICY_DOMAIN_KERBEROS_TICKET_INFO;
|
|
|
|
typedef enum _POLICY_NOTIFICATION_INFORMATION_CLASS {
|
|
PolicyNotifyAuditEventsInformation = 1,PolicyNotifyAccountDomainInformation,PolicyNotifyServerRoleInformation,PolicyNotifyDnsDomainInformation,
|
|
PolicyNotifyDomainEfsInformation,PolicyNotifyDomainKerberosTicketInformation,PolicyNotifyMachineAccountPasswordInformation
|
|
} POLICY_NOTIFICATION_INFORMATION_CLASS,*PPOLICY_NOTIFICATION_INFORMATION_CLASS;
|
|
|
|
typedef PVOID LSA_HANDLE,*PLSA_HANDLE;
|
|
|
|
typedef enum _TRUSTED_INFORMATION_CLASS {
|
|
TrustedDomainNameInformation = 1,TrustedControllersInformation,TrustedPosixOffsetInformation,TrustedPasswordInformation,
|
|
TrustedDomainInformationBasic,TrustedDomainInformationEx,TrustedDomainAuthInformation,TrustedDomainFullInformation,
|
|
TrustedDomainAuthInformationInternal,TrustedDomainFullInformationInternal,TrustedDomainInformationEx2Internal,TrustedDomainFullInformation2Internal
|
|
} TRUSTED_INFORMATION_CLASS,*PTRUSTED_INFORMATION_CLASS;
|
|
|
|
typedef struct _TRUSTED_DOMAIN_NAME_INFO {
|
|
LSA_UNICODE_STRING Name;
|
|
} TRUSTED_DOMAIN_NAME_INFO,*PTRUSTED_DOMAIN_NAME_INFO;
|
|
|
|
typedef struct _TRUSTED_CONTROLLERS_INFO {
|
|
ULONG Entries;
|
|
PLSA_UNICODE_STRING Names;
|
|
} TRUSTED_CONTROLLERS_INFO,*PTRUSTED_CONTROLLERS_INFO;
|
|
|
|
typedef struct _TRUSTED_POSIX_OFFSET_INFO {
|
|
ULONG Offset;
|
|
} TRUSTED_POSIX_OFFSET_INFO,*PTRUSTED_POSIX_OFFSET_INFO;
|
|
|
|
typedef struct _TRUSTED_PASSWORD_INFO {
|
|
LSA_UNICODE_STRING Password;
|
|
LSA_UNICODE_STRING OldPassword;
|
|
} TRUSTED_PASSWORD_INFO,*PTRUSTED_PASSWORD_INFO;
|
|
|
|
typedef LSA_TRUST_INFORMATION TRUSTED_DOMAIN_INFORMATION_BASIC;
|
|
typedef PLSA_TRUST_INFORMATION PTRUSTED_DOMAIN_INFORMATION_BASIC;
|
|
|
|
#define TRUST_DIRECTION_DISABLED 0x00000000
|
|
#define TRUST_DIRECTION_INBOUND 0x00000001
|
|
#define TRUST_DIRECTION_OUTBOUND 0x00000002
|
|
#define TRUST_DIRECTION_BIDIRECTIONAL (TRUST_DIRECTION_INBOUND | TRUST_DIRECTION_OUTBOUND)
|
|
|
|
#define TRUST_TYPE_DOWNLEVEL 0x00000001
|
|
#define TRUST_TYPE_UPLEVEL 0x00000002
|
|
#define TRUST_TYPE_MIT 0x00000003
|
|
|
|
#define TRUST_ATTRIBUTE_NON_TRANSITIVE 0x00000001
|
|
#define TRUST_ATTRIBUTE_UPLEVEL_ONLY 0x00000002
|
|
#define TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0x00000004
|
|
#define TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0x00000008
|
|
#define TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0x00000010
|
|
#define TRUST_ATTRIBUTE_WITHIN_FOREST 0x00000020
|
|
#define TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0x00000040
|
|
#define TRUST_ATTRIBUTE_TRUST_USES_RC4_ENCRYPTION 0x00000080
|
|
|
|
#define TRUST_ATTRIBUTES_VALID 0xFF03FFFF
|
|
#define TRUST_ATTRIBUTES_USER 0xFF000000
|
|
|
|
typedef struct _TRUSTED_DOMAIN_INFORMATION_EX {
|
|
LSA_UNICODE_STRING Name;
|
|
LSA_UNICODE_STRING FlatName;
|
|
PSID Sid;
|
|
ULONG TrustDirection;
|
|
ULONG TrustType;
|
|
ULONG TrustAttributes;
|
|
} TRUSTED_DOMAIN_INFORMATION_EX,*PTRUSTED_DOMAIN_INFORMATION_EX;
|
|
|
|
typedef struct _TRUSTED_DOMAIN_INFORMATION_EX2 {
|
|
LSA_UNICODE_STRING Name;
|
|
LSA_UNICODE_STRING FlatName;
|
|
PSID Sid;
|
|
ULONG TrustDirection;
|
|
ULONG TrustType;
|
|
ULONG TrustAttributes;
|
|
ULONG ForestTrustLength;
|
|
PUCHAR ForestTrustInfo;
|
|
} TRUSTED_DOMAIN_INFORMATION_EX2,*PTRUSTED_DOMAIN_INFORMATION_EX2;
|
|
|
|
#define TRUST_AUTH_TYPE_NONE 0
|
|
#define TRUST_AUTH_TYPE_NT4OWF 1
|
|
#define TRUST_AUTH_TYPE_CLEAR 2
|
|
#define TRUST_AUTH_TYPE_VERSION 3
|
|
|
|
typedef struct _LSA_AUTH_INFORMATION {
|
|
LARGE_INTEGER LastUpdateTime;
|
|
ULONG AuthType;
|
|
ULONG AuthInfoLength;
|
|
PUCHAR AuthInfo;
|
|
} LSA_AUTH_INFORMATION,*PLSA_AUTH_INFORMATION;
|
|
|
|
typedef struct _TRUSTED_DOMAIN_AUTH_INFORMATION {
|
|
ULONG IncomingAuthInfos;
|
|
PLSA_AUTH_INFORMATION IncomingAuthenticationInformation;
|
|
PLSA_AUTH_INFORMATION IncomingPreviousAuthenticationInformation;
|
|
ULONG OutgoingAuthInfos;
|
|
PLSA_AUTH_INFORMATION OutgoingAuthenticationInformation;
|
|
PLSA_AUTH_INFORMATION OutgoingPreviousAuthenticationInformation;
|
|
} TRUSTED_DOMAIN_AUTH_INFORMATION,*PTRUSTED_DOMAIN_AUTH_INFORMATION;
|
|
|
|
typedef struct _TRUSTED_DOMAIN_FULL_INFORMATION {
|
|
TRUSTED_DOMAIN_INFORMATION_EX Information;
|
|
TRUSTED_POSIX_OFFSET_INFO PosixOffset;
|
|
TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation;
|
|
} TRUSTED_DOMAIN_FULL_INFORMATION,*PTRUSTED_DOMAIN_FULL_INFORMATION;
|
|
|
|
typedef struct _TRUSTED_DOMAIN_FULL_INFORMATION2 {
|
|
TRUSTED_DOMAIN_INFORMATION_EX2 Information;
|
|
TRUSTED_POSIX_OFFSET_INFO PosixOffset;
|
|
TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation;
|
|
} TRUSTED_DOMAIN_FULL_INFORMATION2,*PTRUSTED_DOMAIN_FULL_INFORMATION2;
|
|
|
|
typedef enum {
|
|
ForestTrustTopLevelName,ForestTrustTopLevelNameEx,ForestTrustDomainInfo,ForestTrustRecordTypeLast = ForestTrustDomainInfo
|
|
} LSA_FOREST_TRUST_RECORD_TYPE;
|
|
|
|
#define LSA_FTRECORD_DISABLED_REASONS (0x0000FFFFL)
|
|
|
|
#define LSA_TLN_DISABLED_NEW (0x00000001L)
|
|
#define LSA_TLN_DISABLED_ADMIN (0x00000002L)
|
|
#define LSA_TLN_DISABLED_CONFLICT (0x00000004L)
|
|
|
|
#define LSA_SID_DISABLED_ADMIN (0x00000001L)
|
|
#define LSA_SID_DISABLED_CONFLICT (0x00000002L)
|
|
#define LSA_NB_DISABLED_ADMIN (0x00000004L)
|
|
#define LSA_NB_DISABLED_CONFLICT (0x00000008L)
|
|
|
|
typedef struct _LSA_FOREST_TRUST_DOMAIN_INFO {
|
|
PSID Sid;
|
|
LSA_UNICODE_STRING DnsName;
|
|
LSA_UNICODE_STRING NetbiosName;
|
|
} LSA_FOREST_TRUST_DOMAIN_INFO,*PLSA_FOREST_TRUST_DOMAIN_INFO;
|
|
|
|
#define MAX_FOREST_TRUST_BINARY_DATA_SIZE (128*1024)
|
|
|
|
typedef struct _LSA_FOREST_TRUST_BINARY_DATA {
|
|
ULONG Length;
|
|
PUCHAR Buffer;
|
|
} LSA_FOREST_TRUST_BINARY_DATA,*PLSA_FOREST_TRUST_BINARY_DATA;
|
|
|
|
typedef struct _LSA_FOREST_TRUST_RECORD {
|
|
ULONG Flags;
|
|
LSA_FOREST_TRUST_RECORD_TYPE ForestTrustType;
|
|
LARGE_INTEGER Time;
|
|
union {
|
|
LSA_UNICODE_STRING TopLevelName;
|
|
LSA_FOREST_TRUST_DOMAIN_INFO DomainInfo;
|
|
LSA_FOREST_TRUST_BINARY_DATA Data;
|
|
} ForestTrustData;
|
|
} LSA_FOREST_TRUST_RECORD,*PLSA_FOREST_TRUST_RECORD;
|
|
|
|
#define MAX_RECORDS_IN_FOREST_TRUST_INFO 4000
|
|
|
|
typedef struct _LSA_FOREST_TRUST_INFORMATION {
|
|
ULONG RecordCount;
|
|
PLSA_FOREST_TRUST_RECORD *Entries;
|
|
} LSA_FOREST_TRUST_INFORMATION,*PLSA_FOREST_TRUST_INFORMATION;
|
|
|
|
typedef enum {
|
|
CollisionTdo,CollisionXref,CollisionOther
|
|
} LSA_FOREST_TRUST_COLLISION_RECORD_TYPE;
|
|
|
|
typedef struct _LSA_FOREST_TRUST_COLLISION_RECORD {
|
|
ULONG Index;
|
|
LSA_FOREST_TRUST_COLLISION_RECORD_TYPE Type;
|
|
ULONG Flags;
|
|
LSA_UNICODE_STRING Name;
|
|
} LSA_FOREST_TRUST_COLLISION_RECORD,*PLSA_FOREST_TRUST_COLLISION_RECORD;
|
|
|
|
typedef struct _LSA_FOREST_TRUST_COLLISION_INFORMATION {
|
|
ULONG RecordCount;
|
|
PLSA_FOREST_TRUST_COLLISION_RECORD *Entries;
|
|
} LSA_FOREST_TRUST_COLLISION_INFORMATION,*PLSA_FOREST_TRUST_COLLISION_INFORMATION;
|
|
|
|
typedef ULONG LSA_ENUMERATION_HANDLE,*PLSA_ENUMERATION_HANDLE;
|
|
|
|
typedef struct _LSA_ENUMERATION_INFORMATION {
|
|
PSID Sid;
|
|
} LSA_ENUMERATION_INFORMATION,*PLSA_ENUMERATION_INFORMATION;
|
|
|
|
NTSTATUS NTAPI LsaFreeMemory(PVOID Buffer);
|
|
NTSTATUS NTAPI LsaClose(LSA_HANDLE ObjectHandle);
|
|
|
|
typedef struct _SECURITY_LOGON_SESSION_DATA {
|
|
ULONG Size;
|
|
LUID LogonId;
|
|
LSA_UNICODE_STRING UserName;
|
|
LSA_UNICODE_STRING LogonDomain;
|
|
LSA_UNICODE_STRING AuthenticationPackage;
|
|
ULONG LogonType;
|
|
ULONG Session;
|
|
PSID Sid;
|
|
LARGE_INTEGER LogonTime;
|
|
LSA_UNICODE_STRING LogonServer;
|
|
LSA_UNICODE_STRING DnsDomainName;
|
|
LSA_UNICODE_STRING Upn;
|
|
} SECURITY_LOGON_SESSION_DATA,*PSECURITY_LOGON_SESSION_DATA;
|
|
|
|
NTSTATUS NTAPI LsaEnumerateLogonSessions(PULONG LogonSessionCount,PLUID *LogonSessionList);
|
|
NTSTATUS NTAPI LsaGetLogonSessionData(PLUID LogonId,PSECURITY_LOGON_SESSION_DATA *ppLogonSessionData);
|
|
NTSTATUS NTAPI LsaOpenPolicy(PLSA_UNICODE_STRING SystemName,PLSA_OBJECT_ATTRIBUTES ObjectAttributes,ACCESS_MASK DesiredAccess,PLSA_HANDLE PolicyHandle);
|
|
NTSTATUS NTAPI LsaQueryInformationPolicy(LSA_HANDLE PolicyHandle,POLICY_INFORMATION_CLASS InformationClass,PVOID *Buffer);
|
|
NTSTATUS NTAPI LsaSetInformationPolicy(LSA_HANDLE PolicyHandle,POLICY_INFORMATION_CLASS InformationClass,PVOID Buffer);
|
|
NTSTATUS NTAPI LsaQueryDomainInformationPolicy(LSA_HANDLE PolicyHandle,POLICY_DOMAIN_INFORMATION_CLASS InformationClass,PVOID *Buffer);
|
|
NTSTATUS NTAPI LsaSetDomainInformationPolicy(LSA_HANDLE PolicyHandle,POLICY_DOMAIN_INFORMATION_CLASS InformationClass,PVOID Buffer);
|
|
NTSTATUS NTAPI LsaRegisterPolicyChangeNotification(POLICY_NOTIFICATION_INFORMATION_CLASS InformationClass,HANDLE NotificationEventHandle);
|
|
NTSTATUS NTAPI LsaUnregisterPolicyChangeNotification(POLICY_NOTIFICATION_INFORMATION_CLASS InformationClass,HANDLE NotificationEventHandle);
|
|
NTSTATUS NTAPI LsaEnumerateTrustedDomains(LSA_HANDLE PolicyHandle,PLSA_ENUMERATION_HANDLE EnumerationContext,PVOID *Buffer,ULONG PreferedMaximumLength,PULONG CountReturned);
|
|
NTSTATUS NTAPI LsaLookupNames(LSA_HANDLE PolicyHandle,ULONG Count,PLSA_UNICODE_STRING Names,PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,PLSA_TRANSLATED_SID *Sids);
|
|
NTSTATUS NTAPI LsaLookupNames2(LSA_HANDLE PolicyHandle,ULONG Flags,ULONG Count,PLSA_UNICODE_STRING Names,PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,PLSA_TRANSLATED_SID2 *Sids);
|
|
NTSTATUS NTAPI LsaLookupSids(LSA_HANDLE PolicyHandle,ULONG Count,PSID *Sids,PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,PLSA_TRANSLATED_NAME *Names);
|
|
|
|
#define SE_INTERACTIVE_LOGON_NAME TEXT("SeInteractiveLogonRight")
|
|
#define SE_NETWORK_LOGON_NAME TEXT("SeNetworkLogonRight")
|
|
#define SE_BATCH_LOGON_NAME TEXT("SeBatchLogonRight")
|
|
#define SE_SERVICE_LOGON_NAME TEXT("SeServiceLogonRight")
|
|
#define SE_DENY_INTERACTIVE_LOGON_NAME TEXT("SeDenyInteractiveLogonRight")
|
|
#define SE_DENY_NETWORK_LOGON_NAME TEXT("SeDenyNetworkLogonRight")
|
|
#define SE_DENY_BATCH_LOGON_NAME TEXT("SeDenyBatchLogonRight")
|
|
#define SE_DENY_SERVICE_LOGON_NAME TEXT("SeDenyServiceLogonRight")
|
|
#define SE_REMOTE_INTERACTIVE_LOGON_NAME TEXT("SeRemoteInteractiveLogonRight")
|
|
#define SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME TEXT("SeDenyRemoteInteractiveLogonRight")
|
|
|
|
NTSTATUS NTAPI LsaEnumerateAccountsWithUserRight(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING UserRight,PVOID *Buffer,PULONG CountReturned);
|
|
NTSTATUS NTAPI LsaEnumerateAccountRights(LSA_HANDLE PolicyHandle,PSID AccountSid,PLSA_UNICODE_STRING *UserRights,PULONG CountOfRights);
|
|
NTSTATUS NTAPI LsaAddAccountRights(LSA_HANDLE PolicyHandle,PSID AccountSid,PLSA_UNICODE_STRING UserRights,ULONG CountOfRights);
|
|
NTSTATUS NTAPI LsaRemoveAccountRights(LSA_HANDLE PolicyHandle,PSID AccountSid,BOOLEAN AllRights,PLSA_UNICODE_STRING UserRights,ULONG CountOfRights);
|
|
NTSTATUS NTAPI LsaOpenTrustedDomainByName(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,ACCESS_MASK DesiredAccess,PLSA_HANDLE TrustedDomainHandle);
|
|
NTSTATUS NTAPI LsaQueryTrustedDomainInfo(LSA_HANDLE PolicyHandle,PSID TrustedDomainSid,TRUSTED_INFORMATION_CLASS InformationClass,PVOID *Buffer);
|
|
NTSTATUS NTAPI LsaSetTrustedDomainInformation(LSA_HANDLE PolicyHandle,PSID TrustedDomainSid,TRUSTED_INFORMATION_CLASS InformationClass,PVOID Buffer);
|
|
NTSTATUS NTAPI LsaDeleteTrustedDomain(LSA_HANDLE PolicyHandle,PSID TrustedDomainSid);
|
|
NTSTATUS NTAPI LsaQueryTrustedDomainInfoByName(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,TRUSTED_INFORMATION_CLASS InformationClass,PVOID *Buffer);
|
|
NTSTATUS NTAPI LsaSetTrustedDomainInfoByName(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,TRUSTED_INFORMATION_CLASS InformationClass,PVOID Buffer);
|
|
NTSTATUS NTAPI LsaEnumerateTrustedDomainsEx(LSA_HANDLE PolicyHandle,PLSA_ENUMERATION_HANDLE EnumerationContext,PVOID *Buffer,ULONG PreferedMaximumLength,PULONG CountReturned);
|
|
NTSTATUS NTAPI LsaCreateTrustedDomainEx(LSA_HANDLE PolicyHandle,PTRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation,PTRUSTED_DOMAIN_AUTH_INFORMATION AuthenticationInformation,ACCESS_MASK DesiredAccess,PLSA_HANDLE TrustedDomainHandle);
|
|
NTSTATUS NTAPI LsaQueryForestTrustInformation(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,PLSA_FOREST_TRUST_INFORMATION *ForestTrustInfo);
|
|
NTSTATUS NTAPI LsaSetForestTrustInformation(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,PLSA_FOREST_TRUST_INFORMATION ForestTrustInfo,BOOLEAN CheckOnly,PLSA_FOREST_TRUST_COLLISION_INFORMATION *CollisionInfo);
|
|
|
|
#ifdef TESTING_MATCHING_ROUTINE
|
|
NTSTATUS NTAPI LsaForestTrustFindMatch(LSA_HANDLE PolicyHandle,ULONG Type,PLSA_UNICODE_STRING Name,PLSA_UNICODE_STRING *Match);
|
|
#endif
|
|
|
|
NTSTATUS NTAPI LsaStorePrivateData(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING KeyName,PLSA_UNICODE_STRING PrivateData);
|
|
NTSTATUS NTAPI LsaRetrievePrivateData(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING KeyName,PLSA_UNICODE_STRING *PrivateData);
|
|
ULONG NTAPI LsaNtStatusToWinError(NTSTATUS Status);
|
|
|
|
#ifndef _NTLSA_IFS_
|
|
#define _NTLSA_IFS_
|
|
#endif
|
|
|
|
enum NEGOTIATE_MESSAGES {
|
|
NegEnumPackagePrefixes = 0,NegGetCallerName = 1,NegCallPackageMax
|
|
};
|
|
|
|
#define NEGOTIATE_MAX_PREFIX 32
|
|
|
|
typedef struct _NEGOTIATE_PACKAGE_PREFIX {
|
|
ULONG_PTR PackageId;
|
|
PVOID PackageDataA;
|
|
PVOID PackageDataW;
|
|
ULONG_PTR PrefixLen;
|
|
UCHAR Prefix[NEGOTIATE_MAX_PREFIX ];
|
|
} NEGOTIATE_PACKAGE_PREFIX,*PNEGOTIATE_PACKAGE_PREFIX;
|
|
|
|
typedef struct _NEGOTIATE_PACKAGE_PREFIXES {
|
|
ULONG MessageType;
|
|
ULONG PrefixCount;
|
|
ULONG Offset;
|
|
ULONG Pad;
|
|
} NEGOTIATE_PACKAGE_PREFIXES,*PNEGOTIATE_PACKAGE_PREFIXES;
|
|
|
|
typedef struct _NEGOTIATE_CALLER_NAME_REQUEST {
|
|
ULONG MessageType;
|
|
LUID LogonId;
|
|
} NEGOTIATE_CALLER_NAME_REQUEST,*PNEGOTIATE_CALLER_NAME_REQUEST;
|
|
|
|
typedef struct _NEGOTIATE_CALLER_NAME_RESPONSE {
|
|
ULONG MessageType;
|
|
PWSTR CallerName;
|
|
} NEGOTIATE_CALLER_NAME_RESPONSE,*PNEGOTIATE_CALLER_NAME_RESPONSE;
|
|
|
|
#ifndef _NTDEF_
|
|
typedef LSA_UNICODE_STRING UNICODE_STRING,*PUNICODE_STRING;
|
|
typedef LSA_STRING STRING,*PSTRING;
|
|
#endif
|
|
|
|
#ifndef _DOMAIN_PASSWORD_INFORMATION_DEFINED
|
|
#define _DOMAIN_PASSWORD_INFORMATION_DEFINED
|
|
typedef struct _DOMAIN_PASSWORD_INFORMATION {
|
|
USHORT MinPasswordLength;
|
|
USHORT PasswordHistoryLength;
|
|
ULONG PasswordProperties;
|
|
LARGE_INTEGER MaxPasswordAge;
|
|
LARGE_INTEGER MinPasswordAge;
|
|
} DOMAIN_PASSWORD_INFORMATION,*PDOMAIN_PASSWORD_INFORMATION;
|
|
#endif
|
|
|
|
#define DOMAIN_PASSWORD_COMPLEX 0x00000001L
|
|
#define DOMAIN_PASSWORD_NO_ANON_CHANGE 0x00000002L
|
|
#define DOMAIN_PASSWORD_NO_CLEAR_CHANGE 0x00000004L
|
|
#define DOMAIN_LOCKOUT_ADMINS 0x00000008L
|
|
#define DOMAIN_PASSWORD_STORE_CLEARTEXT 0x00000010L
|
|
#define DOMAIN_REFUSE_PASSWORD_CHANGE 0x00000020L
|
|
|
|
#ifndef _PASSWORD_NOTIFICATION_DEFINED
|
|
#define _PASSWORD_NOTIFICATION_DEFINED
|
|
typedef NTSTATUS (*PSAM_PASSWORD_NOTIFICATION_ROUTINE)(PUNICODE_STRING UserName,ULONG RelativeId,PUNICODE_STRING NewPassword);
|
|
|
|
#define SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE "PasswordChangeNotify"
|
|
|
|
typedef BOOLEAN (*PSAM_INIT_NOTIFICATION_ROUTINE)();
|
|
|
|
#define SAM_INIT_NOTIFICATION_ROUTINE "InitializeChangeNotify"
|
|
#define SAM_PASSWORD_FILTER_ROUTINE "PasswordFilter"
|
|
|
|
typedef BOOLEAN (*PSAM_PASSWORD_FILTER_ROUTINE)(PUNICODE_STRING AccountName,PUNICODE_STRING FullName,PUNICODE_STRING Password,BOOLEAN SetOperation);
|
|
#endif
|
|
|
|
#define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
|
|
#define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
|
|
#define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR)
|
|
|
|
#define MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0"
|
|
#define MSV1_0_SUBAUTHENTICATION_VALUE "Auth"
|
|
|
|
typedef enum _MSV1_0_LOGON_SUBMIT_TYPE {
|
|
MsV1_0InteractiveLogon = 2,MsV1_0Lm20Logon,MsV1_0NetworkLogon,MsV1_0SubAuthLogon,MsV1_0WorkstationUnlockLogon = 7
|
|
} MSV1_0_LOGON_SUBMIT_TYPE,*PMSV1_0_LOGON_SUBMIT_TYPE;
|
|
|
|
typedef enum _MSV1_0_PROFILE_BUFFER_TYPE {
|
|
MsV1_0InteractiveProfile = 2,MsV1_0Lm20LogonProfile,MsV1_0SmartCardProfile
|
|
} MSV1_0_PROFILE_BUFFER_TYPE,*PMSV1_0_PROFILE_BUFFER_TYPE;
|
|
|
|
typedef struct _MSV1_0_INTERACTIVE_LOGON {
|
|
MSV1_0_LOGON_SUBMIT_TYPE MessageType;
|
|
UNICODE_STRING LogonDomainName;
|
|
UNICODE_STRING UserName;
|
|
UNICODE_STRING Password;
|
|
} MSV1_0_INTERACTIVE_LOGON,*PMSV1_0_INTERACTIVE_LOGON;
|
|
|
|
typedef struct _MSV1_0_INTERACTIVE_PROFILE {
|
|
MSV1_0_PROFILE_BUFFER_TYPE MessageType;
|
|
USHORT LogonCount;
|
|
USHORT BadPasswordCount;
|
|
LARGE_INTEGER LogonTime;
|
|
LARGE_INTEGER LogoffTime;
|
|
LARGE_INTEGER KickOffTime;
|
|
LARGE_INTEGER PasswordLastSet;
|
|
LARGE_INTEGER PasswordCanChange;
|
|
LARGE_INTEGER PasswordMustChange;
|
|
UNICODE_STRING LogonScript;
|
|
UNICODE_STRING HomeDirectory;
|
|
UNICODE_STRING FullName;
|
|
UNICODE_STRING ProfilePath;
|
|
UNICODE_STRING HomeDirectoryDrive;
|
|
UNICODE_STRING LogonServer;
|
|
ULONG UserFlags;
|
|
} MSV1_0_INTERACTIVE_PROFILE,*PMSV1_0_INTERACTIVE_PROFILE;
|
|
|
|
#define MSV1_0_CHALLENGE_LENGTH 8
|
|
#define MSV1_0_USER_SESSION_KEY_LENGTH 16
|
|
#define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8
|
|
|
|
#define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x02
|
|
#define MSV1_0_UPDATE_LOGON_STATISTICS 0x04
|
|
#define MSV1_0_RETURN_USER_PARAMETERS 0x08
|
|
#define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10
|
|
#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20
|
|
#define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40
|
|
|
|
#define MSV1_0_USE_CLIENT_CHALLENGE 0x80
|
|
#define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100
|
|
#define MSV1_0_RETURN_PROFILE_PATH 0x200
|
|
#define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400
|
|
#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800
|
|
#define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000
|
|
#define MSV1_0_ALLOW_FORCE_GUEST 0x00002000
|
|
#define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0x00004000
|
|
#define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000
|
|
#define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000
|
|
#define MSV1_0_ALLOW_MSVCHAPV2 0x00010000
|
|
|
|
#define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000
|
|
#define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24
|
|
#define MSV1_0_MNS_LOGON 0x01000000
|
|
|
|
#define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2
|
|
#define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132
|
|
|
|
typedef struct _MSV1_0_LM20_LOGON {
|
|
MSV1_0_LOGON_SUBMIT_TYPE MessageType;
|
|
UNICODE_STRING LogonDomainName;
|
|
UNICODE_STRING UserName;
|
|
UNICODE_STRING Workstation;
|
|
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
|
|
STRING CaseSensitiveChallengeResponse;
|
|
STRING CaseInsensitiveChallengeResponse;
|
|
ULONG ParameterControl;
|
|
} MSV1_0_LM20_LOGON,*PMSV1_0_LM20_LOGON;
|
|
|
|
typedef struct _MSV1_0_SUBAUTH_LOGON{
|
|
MSV1_0_LOGON_SUBMIT_TYPE MessageType;
|
|
UNICODE_STRING LogonDomainName;
|
|
UNICODE_STRING UserName;
|
|
UNICODE_STRING Workstation;
|
|
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
|
|
STRING AuthenticationInfo1;
|
|
STRING AuthenticationInfo2;
|
|
ULONG ParameterControl;
|
|
ULONG SubAuthPackageId;
|
|
} MSV1_0_SUBAUTH_LOGON,*PMSV1_0_SUBAUTH_LOGON;
|
|
|
|
#define LOGON_GUEST 0x01
|
|
#define LOGON_NOENCRYPTION 0x02
|
|
#define LOGON_CACHED_ACCOUNT 0x04
|
|
#define LOGON_USED_LM_PASSWORD 0x08
|
|
#define LOGON_EXTRA_SIDS 0x20
|
|
#define LOGON_SUBAUTH_SESSION_KEY 0x40
|
|
#define LOGON_SERVER_TRUST_ACCOUNT 0x80
|
|
#define LOGON_NTLMV2_ENABLED 0x100
|
|
#define LOGON_RESOURCE_GROUPS 0x200
|
|
#define LOGON_PROFILE_PATH_RETURNED 0x400
|
|
|
|
#define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000
|
|
|
|
#define LOGON_GRACE_LOGON 0x01000000
|
|
|
|
typedef struct _MSV1_0_LM20_LOGON_PROFILE {
|
|
MSV1_0_PROFILE_BUFFER_TYPE MessageType;
|
|
LARGE_INTEGER KickOffTime;
|
|
LARGE_INTEGER LogoffTime;
|
|
ULONG UserFlags;
|
|
UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
|
|
UNICODE_STRING LogonDomainName;
|
|
UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH];
|
|
UNICODE_STRING LogonServer;
|
|
UNICODE_STRING UserParameters;
|
|
} MSV1_0_LM20_LOGON_PROFILE,*PMSV1_0_LM20_LOGON_PROFILE;
|
|
|
|
#define MSV1_0_OWF_PASSWORD_LENGTH 16
|
|
#define MSV1_0_CRED_LM_PRESENT 0x1
|
|
#define MSV1_0_CRED_NT_PRESENT 0x2
|
|
#define MSV1_0_CRED_VERSION 0
|
|
|
|
typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL {
|
|
ULONG Version;
|
|
ULONG Flags;
|
|
UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH];
|
|
UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH];
|
|
} MSV1_0_SUPPLEMENTAL_CREDENTIAL,*PMSV1_0_SUPPLEMENTAL_CREDENTIAL;
|
|
|
|
#define MSV1_0_NTLM3_RESPONSE_LENGTH 16
|
|
#define MSV1_0_NTLM3_OWF_LENGTH 16
|
|
|
|
#define MSV1_0_MAX_NTLM3_LIFE 129600
|
|
#define MSV1_0_MAX_AVL_SIZE 64000
|
|
|
|
#define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001
|
|
|
|
typedef struct _MSV1_0_NTLM3_RESPONSE {
|
|
UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH];
|
|
UCHAR RespType;
|
|
UCHAR HiRespType;
|
|
USHORT Flags;
|
|
ULONG MsgWord;
|
|
ULONGLONG TimeStamp;
|
|
UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH];
|
|
ULONG AvPairsOff;
|
|
UCHAR Buffer[1];
|
|
} MSV1_0_NTLM3_RESPONSE,*PMSV1_0_NTLM3_RESPONSE;
|
|
|
|
#define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH)
|
|
#define MSV1_0_NTLM3_MIN_NT_RESPONSE_LENGTH RTL_SIZEOF_THROUGH_FIELD(MSV1_0_NTLM3_RESPONSE,AvPairsOff)
|
|
|
|
typedef enum {
|
|
MsvAvEOL,MsvAvNbComputerName,MsvAvNbDomainName,MsvAvDnsComputerName,MsvAvDnsDomainName,MsvAvDnsTreeName,MsvAvFlags
|
|
} MSV1_0_AVID;
|
|
|
|
typedef struct _MSV1_0_AV_PAIR {
|
|
USHORT AvId;
|
|
USHORT AvLen;
|
|
|
|
} MSV1_0_AV_PAIR,*PMSV1_0_AV_PAIR;
|
|
|
|
typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE {
|
|
MsV1_0Lm20ChallengeRequest = 0,MsV1_0Lm20GetChallengeResponse,MsV1_0EnumerateUsers,MsV1_0GetUserInfo,MsV1_0ReLogonUsers,MsV1_0ChangePassword,
|
|
MsV1_0ChangeCachedPassword,MsV1_0GenericPassthrough,MsV1_0CacheLogon,MsV1_0SubAuth,MsV1_0DeriveCredential,MsV1_0CacheLookup,
|
|
MsV1_0SetProcessOption
|
|
} MSV1_0_PROTOCOL_MESSAGE_TYPE,*PMSV1_0_PROTOCOL_MESSAGE_TYPE;
|
|
|
|
typedef struct _MSV1_0_CHANGEPASSWORD_REQUEST {
|
|
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
UNICODE_STRING DomainName;
|
|
UNICODE_STRING AccountName;
|
|
UNICODE_STRING OldPassword;
|
|
UNICODE_STRING NewPassword;
|
|
BOOLEAN Impersonating;
|
|
} MSV1_0_CHANGEPASSWORD_REQUEST,*PMSV1_0_CHANGEPASSWORD_REQUEST;
|
|
|
|
typedef struct _MSV1_0_CHANGEPASSWORD_RESPONSE {
|
|
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
BOOLEAN PasswordInfoValid;
|
|
DOMAIN_PASSWORD_INFORMATION DomainPasswordInfo;
|
|
} MSV1_0_CHANGEPASSWORD_RESPONSE,*PMSV1_0_CHANGEPASSWORD_RESPONSE;
|
|
|
|
typedef struct _MSV1_0_PASSTHROUGH_REQUEST {
|
|
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
UNICODE_STRING DomainName;
|
|
UNICODE_STRING PackageName;
|
|
ULONG DataLength;
|
|
PUCHAR LogonData;
|
|
ULONG Pad;
|
|
} MSV1_0_PASSTHROUGH_REQUEST,*PMSV1_0_PASSTHROUGH_REQUEST;
|
|
|
|
typedef struct _MSV1_0_PASSTHROUGH_RESPONSE {
|
|
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
ULONG Pad;
|
|
ULONG DataLength;
|
|
PUCHAR ValidationData;
|
|
} MSV1_0_PASSTHROUGH_RESPONSE,*PMSV1_0_PASSTHROUGH_RESPONSE;
|
|
|
|
typedef struct _MSV1_0_SUBAUTH_REQUEST{
|
|
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
ULONG SubAuthPackageId;
|
|
ULONG SubAuthInfoLength;
|
|
PUCHAR SubAuthSubmitBuffer;
|
|
} MSV1_0_SUBAUTH_REQUEST,*PMSV1_0_SUBAUTH_REQUEST;
|
|
|
|
typedef struct _MSV1_0_SUBAUTH_RESPONSE{
|
|
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
ULONG SubAuthInfoLength;
|
|
PUCHAR SubAuthReturnBuffer;
|
|
} MSV1_0_SUBAUTH_RESPONSE,*PMSV1_0_SUBAUTH_RESPONSE;
|
|
|
|
#define RtlGenRandom SystemFunction036
|
|
#define RtlEncryptMemory SystemFunction040
|
|
#define RtlDecryptMemory SystemFunction041
|
|
|
|
BOOLEAN RtlGenRandom(PVOID RandomBuffer,ULONG RandomBufferLength);
|
|
|
|
#define RTL_ENCRYPT_MEMORY_SIZE 8
|
|
#define RTL_ENCRYPT_OPTION_CROSS_PROCESS 0x01
|
|
#define RTL_ENCRYPT_OPTION_SAME_LOGON 0x02
|
|
|
|
NTSTATUS RtlEncryptMemory(PVOID Memory,ULONG MemorySize,ULONG OptionFlags);
|
|
NTSTATUS RtlDecryptMemory(PVOID Memory,ULONG MemorySize,ULONG OptionFlags);
|
|
|
|
#define KERBEROS_VERSION 5
|
|
#define KERBEROS_REVISION 6
|
|
|
|
#define KERB_ETYPE_NULL 0
|
|
#define KERB_ETYPE_DES_CBC_CRC 1
|
|
#define KERB_ETYPE_DES_CBC_MD4 2
|
|
#define KERB_ETYPE_DES_CBC_MD5 3
|
|
|
|
#define KERB_ETYPE_RC4_MD4 -128
|
|
#define KERB_ETYPE_RC4_PLAIN2 -129
|
|
#define KERB_ETYPE_RC4_LM -130
|
|
#define KERB_ETYPE_RC4_SHA -131
|
|
#define KERB_ETYPE_DES_PLAIN -132
|
|
#define KERB_ETYPE_RC4_HMAC_OLD -133
|
|
#define KERB_ETYPE_RC4_PLAIN_OLD -134
|
|
#define KERB_ETYPE_RC4_HMAC_OLD_EXP -135
|
|
#define KERB_ETYPE_RC4_PLAIN_OLD_EXP -136
|
|
#define KERB_ETYPE_RC4_PLAIN -140
|
|
#define KERB_ETYPE_RC4_PLAIN_EXP -141
|
|
|
|
#define KERB_ETYPE_DSA_SHA1_CMS 9
|
|
#define KERB_ETYPE_RSA_MD5_CMS 10
|
|
#define KERB_ETYPE_RSA_SHA1_CMS 11
|
|
#define KERB_ETYPE_RC2_CBC_ENV 12
|
|
#define KERB_ETYPE_RSA_ENV 13
|
|
#define KERB_ETYPE_RSA_ES_OEAP_ENV 14
|
|
#define KERB_ETYPE_DES_EDE3_CBC_ENV 15
|
|
|
|
#define KERB_ETYPE_DSA_SIGN 8
|
|
#define KERB_ETYPE_RSA_PRIV 9
|
|
#define KERB_ETYPE_RSA_PUB 10
|
|
#define KERB_ETYPE_RSA_PUB_MD5 11
|
|
#define KERB_ETYPE_RSA_PUB_SHA1 12
|
|
#define KERB_ETYPE_PKCS7_PUB 13
|
|
|
|
#define KERB_ETYPE_DES3_CBC_MD5 5
|
|
#define KERB_ETYPE_DES3_CBC_SHA1 7
|
|
#define KERB_ETYPE_DES3_CBC_SHA1_KD 16
|
|
|
|
#define KERB_ETYPE_DES_CBC_MD5_NT 20
|
|
#define KERB_ETYPE_RC4_HMAC_NT 23
|
|
#define KERB_ETYPE_RC4_HMAC_NT_EXP 24
|
|
|
|
#define KERB_CHECKSUM_NONE 0
|
|
#define KERB_CHECKSUM_CRC32 1
|
|
#define KERB_CHECKSUM_MD4 2
|
|
#define KERB_CHECKSUM_KRB_DES_MAC 4
|
|
#define KERB_CHECKSUM_KRB_DES_MAC_K 5
|
|
#define KERB_CHECKSUM_MD5 7
|
|
#define KERB_CHECKSUM_MD5_DES 8
|
|
|
|
#define KERB_CHECKSUM_LM -130
|
|
#define KERB_CHECKSUM_SHA1 -131
|
|
#define KERB_CHECKSUM_REAL_CRC32 -132
|
|
#define KERB_CHECKSUM_DES_MAC -133
|
|
#define KERB_CHECKSUM_DES_MAC_MD5 -134
|
|
#define KERB_CHECKSUM_MD25 -135
|
|
#define KERB_CHECKSUM_RC4_MD5 -136
|
|
#define KERB_CHECKSUM_MD5_HMAC -137
|
|
#define KERB_CHECKSUM_HMAC_MD5 -138
|
|
|
|
#define AUTH_REQ_ALLOW_FORWARDABLE 0x00000001
|
|
#define AUTH_REQ_ALLOW_PROXIABLE 0x00000002
|
|
#define AUTH_REQ_ALLOW_POSTDATE 0x00000004
|
|
#define AUTH_REQ_ALLOW_RENEWABLE 0x00000008
|
|
#define AUTH_REQ_ALLOW_NOADDRESS 0x00000010
|
|
#define AUTH_REQ_ALLOW_ENC_TKT_IN_SKEY 0x00000020
|
|
#define AUTH_REQ_ALLOW_VALIDATE 0x00000040
|
|
#define AUTH_REQ_VALIDATE_CLIENT 0x00000080
|
|
#define AUTH_REQ_OK_AS_DELEGATE 0x00000100
|
|
#define AUTH_REQ_PREAUTH_REQUIRED 0x00000200
|
|
#define AUTH_REQ_TRANSITIVE_TRUST 0x00000400
|
|
#define AUTH_REQ_ALLOW_S4U_DELEGATE 0x00000800
|
|
|
|
#define AUTH_REQ_PER_USER_FLAGS (AUTH_REQ_ALLOW_FORWARDABLE | AUTH_REQ_ALLOW_PROXIABLE | AUTH_REQ_ALLOW_POSTDATE | AUTH_REQ_ALLOW_RENEWABLE | AUTH_REQ_ALLOW_VALIDATE)
|
|
|
|
#define KERB_TICKET_FLAGS_reserved 0x80000000
|
|
#define KERB_TICKET_FLAGS_forwardable 0x40000000
|
|
#define KERB_TICKET_FLAGS_forwarded 0x20000000
|
|
#define KERB_TICKET_FLAGS_proxiable 0x10000000
|
|
#define KERB_TICKET_FLAGS_proxy 0x08000000
|
|
#define KERB_TICKET_FLAGS_may_postdate 0x04000000
|
|
#define KERB_TICKET_FLAGS_postdated 0x02000000
|
|
#define KERB_TICKET_FLAGS_invalid 0x01000000
|
|
#define KERB_TICKET_FLAGS_renewable 0x00800000
|
|
#define KERB_TICKET_FLAGS_initial 0x00400000
|
|
#define KERB_TICKET_FLAGS_pre_authent 0x00200000
|
|
#define KERB_TICKET_FLAGS_hw_authent 0x00100000
|
|
#define KERB_TICKET_FLAGS_ok_as_delegate 0x00040000
|
|
#define KERB_TICKET_FLAGS_name_canonicalize 0x00010000
|
|
#define KERB_TICKET_FLAGS_reserved1 0x00000001
|
|
|
|
#define KRB_NT_UNKNOWN 0
|
|
#define KRB_NT_PRINCIPAL 1
|
|
#define KRB_NT_PRINCIPAL_AND_ID -131
|
|
#define KRB_NT_SRV_INST 2
|
|
#define KRB_NT_SRV_INST_AND_ID -132
|
|
#define KRB_NT_SRV_HST 3
|
|
#define KRB_NT_SRV_XHST 4
|
|
#define KRB_NT_UID 5
|
|
#define KRB_NT_ENTERPRISE_PRINCIPAL 10
|
|
#define KRB_NT_ENT_PRINCIPAL_AND_ID -130
|
|
#define KRB_NT_MS_PRINCIPAL -128
|
|
#define KRB_NT_MS_PRINCIPAL_AND_ID -129
|
|
|
|
#define KERB_IS_MS_PRINCIPAL(_x_) (((_x_) <= KRB_NT_MS_PRINCIPAL) || ((_x_) >= KRB_NT_ENTERPRISE_PRINCIPAL))
|
|
|
|
#ifndef MICROSOFT_KERBEROS_NAME_A
|
|
|
|
#define MICROSOFT_KERBEROS_NAME_A "Kerberos"
|
|
#define MICROSOFT_KERBEROS_NAME_W L"Kerberos"
|
|
#ifdef WIN32_CHICAGO
|
|
#define MICROSOFT_KERBEROS_NAME MICROSOFT_KERBEROS_NAME_A
|
|
#else
|
|
#define MICROSOFT_KERBEROS_NAME MICROSOFT_KERBEROS_NAME_W
|
|
#endif
|
|
#endif
|
|
|
|
#define KERB_WRAP_NO_ENCRYPT 0x80000001
|
|
|
|
typedef enum _KERB_LOGON_SUBMIT_TYPE {
|
|
KerbInteractiveLogon = 2,KerbSmartCardLogon = 6,KerbWorkstationUnlockLogon = 7,KerbSmartCardUnlockLogon = 8,KerbProxyLogon = 9,
|
|
KerbTicketLogon = 10,KerbTicketUnlockLogon = 11,KerbS4ULogon = 12
|
|
} KERB_LOGON_SUBMIT_TYPE,*PKERB_LOGON_SUBMIT_TYPE;
|
|
|
|
typedef struct _KERB_INTERACTIVE_LOGON {
|
|
KERB_LOGON_SUBMIT_TYPE MessageType;
|
|
UNICODE_STRING LogonDomainName;
|
|
UNICODE_STRING UserName;
|
|
UNICODE_STRING Password;
|
|
} KERB_INTERACTIVE_LOGON,*PKERB_INTERACTIVE_LOGON;
|
|
|
|
typedef struct _KERB_INTERACTIVE_UNLOCK_LOGON {
|
|
KERB_INTERACTIVE_LOGON Logon;
|
|
LUID LogonId;
|
|
} KERB_INTERACTIVE_UNLOCK_LOGON,*PKERB_INTERACTIVE_UNLOCK_LOGON;
|
|
|
|
typedef struct _KERB_SMART_CARD_LOGON {
|
|
KERB_LOGON_SUBMIT_TYPE MessageType;
|
|
UNICODE_STRING Pin;
|
|
ULONG CspDataLength;
|
|
PUCHAR CspData;
|
|
} KERB_SMART_CARD_LOGON,*PKERB_SMART_CARD_LOGON;
|
|
|
|
typedef struct _KERB_SMART_CARD_UNLOCK_LOGON {
|
|
KERB_SMART_CARD_LOGON Logon;
|
|
LUID LogonId;
|
|
} KERB_SMART_CARD_UNLOCK_LOGON,*PKERB_SMART_CARD_UNLOCK_LOGON;
|
|
|
|
typedef struct _KERB_TICKET_LOGON {
|
|
KERB_LOGON_SUBMIT_TYPE MessageType;
|
|
ULONG Flags;
|
|
ULONG ServiceTicketLength;
|
|
ULONG TicketGrantingTicketLength;
|
|
PUCHAR ServiceTicket;
|
|
PUCHAR TicketGrantingTicket;
|
|
} KERB_TICKET_LOGON,*PKERB_TICKET_LOGON;
|
|
|
|
#define KERB_LOGON_FLAG_ALLOW_EXPIRED_TICKET 0x1
|
|
|
|
typedef struct _KERB_TICKET_UNLOCK_LOGON {
|
|
KERB_TICKET_LOGON Logon;
|
|
LUID LogonId;
|
|
} KERB_TICKET_UNLOCK_LOGON,*PKERB_TICKET_UNLOCK_LOGON;
|
|
|
|
typedef struct _KERB_S4U_LOGON {
|
|
KERB_LOGON_SUBMIT_TYPE MessageType;
|
|
ULONG Flags;
|
|
UNICODE_STRING ClientUpn;
|
|
UNICODE_STRING ClientRealm;
|
|
} KERB_S4U_LOGON,*PKERB_S4U_LOGON;
|
|
|
|
typedef enum _KERB_PROFILE_BUFFER_TYPE {
|
|
KerbInteractiveProfile = 2,KerbSmartCardProfile = 4,KerbTicketProfile = 6
|
|
} KERB_PROFILE_BUFFER_TYPE,*PKERB_PROFILE_BUFFER_TYPE;
|
|
|
|
typedef struct _KERB_INTERACTIVE_PROFILE {
|
|
KERB_PROFILE_BUFFER_TYPE MessageType;
|
|
USHORT LogonCount;
|
|
USHORT BadPasswordCount;
|
|
LARGE_INTEGER LogonTime;
|
|
LARGE_INTEGER LogoffTime;
|
|
LARGE_INTEGER KickOffTime;
|
|
LARGE_INTEGER PasswordLastSet;
|
|
LARGE_INTEGER PasswordCanChange;
|
|
LARGE_INTEGER PasswordMustChange;
|
|
UNICODE_STRING LogonScript;
|
|
UNICODE_STRING HomeDirectory;
|
|
UNICODE_STRING FullName;
|
|
UNICODE_STRING ProfilePath;
|
|
UNICODE_STRING HomeDirectoryDrive;
|
|
UNICODE_STRING LogonServer;
|
|
ULONG UserFlags;
|
|
} KERB_INTERACTIVE_PROFILE,*PKERB_INTERACTIVE_PROFILE;
|
|
|
|
typedef struct _KERB_SMART_CARD_PROFILE {
|
|
KERB_INTERACTIVE_PROFILE Profile;
|
|
ULONG CertificateSize;
|
|
PUCHAR CertificateData;
|
|
} KERB_SMART_CARD_PROFILE,*PKERB_SMART_CARD_PROFILE;
|
|
|
|
typedef struct KERB_CRYPTO_KEY {
|
|
LONG KeyType;
|
|
ULONG Length;
|
|
PUCHAR Value;
|
|
} KERB_CRYPTO_KEY,*PKERB_CRYPTO_KEY;
|
|
|
|
typedef struct _KERB_TICKET_PROFILE {
|
|
KERB_INTERACTIVE_PROFILE Profile;
|
|
KERB_CRYPTO_KEY SessionKey;
|
|
} KERB_TICKET_PROFILE,*PKERB_TICKET_PROFILE;
|
|
|
|
typedef enum _KERB_PROTOCOL_MESSAGE_TYPE {
|
|
KerbDebugRequestMessage = 0,KerbQueryTicketCacheMessage,KerbChangeMachinePasswordMessage,KerbVerifyPacMessage,KerbRetrieveTicketMessage,
|
|
KerbUpdateAddressesMessage,KerbPurgeTicketCacheMessage,KerbChangePasswordMessage,KerbRetrieveEncodedTicketMessage,KerbDecryptDataMessage,
|
|
KerbAddBindingCacheEntryMessage,KerbSetPasswordMessage,KerbSetPasswordExMessage,KerbVerifyCredentialsMessage,KerbQueryTicketCacheExMessage,
|
|
KerbPurgeTicketCacheExMessage,KerbRefreshSmartcardCredentialsMessage,KerbAddExtraCredentialsMessage,KerbQuerySupplementalCredentialsMessage,
|
|
KerbTransferCredentialsMessage,KerbQueryTicketCacheEx2Message
|
|
} KERB_PROTOCOL_MESSAGE_TYPE,*PKERB_PROTOCOL_MESSAGE_TYPE;
|
|
|
|
typedef struct _KERB_QUERY_TKT_CACHE_REQUEST {
|
|
KERB_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
LUID LogonId;
|
|
} KERB_QUERY_TKT_CACHE_REQUEST,*PKERB_QUERY_TKT_CACHE_REQUEST;
|
|
|
|
typedef struct _KERB_TICKET_CACHE_INFO {
|
|
UNICODE_STRING ServerName;
|
|
UNICODE_STRING RealmName;
|
|
LARGE_INTEGER StartTime;
|
|
LARGE_INTEGER EndTime;
|
|
LARGE_INTEGER RenewTime;
|
|
LONG EncryptionType;
|
|
ULONG TicketFlags;
|
|
} KERB_TICKET_CACHE_INFO,*PKERB_TICKET_CACHE_INFO;
|
|
|
|
typedef struct _KERB_TICKET_CACHE_INFO_EX {
|
|
UNICODE_STRING ClientName;
|
|
UNICODE_STRING ClientRealm;
|
|
UNICODE_STRING ServerName;
|
|
UNICODE_STRING ServerRealm;
|
|
LARGE_INTEGER StartTime;
|
|
LARGE_INTEGER EndTime;
|
|
LARGE_INTEGER RenewTime;
|
|
LONG EncryptionType;
|
|
ULONG TicketFlags;
|
|
} KERB_TICKET_CACHE_INFO_EX,*PKERB_TICKET_CACHE_INFO_EX;
|
|
|
|
typedef struct _KERB_TICKET_CACHE_INFO_EX2 {
|
|
UNICODE_STRING ClientName;
|
|
UNICODE_STRING ClientRealm;
|
|
UNICODE_STRING ServerName;
|
|
UNICODE_STRING ServerRealm;
|
|
LARGE_INTEGER StartTime;
|
|
LARGE_INTEGER EndTime;
|
|
LARGE_INTEGER RenewTime;
|
|
LONG EncryptionType;
|
|
ULONG TicketFlags;
|
|
ULONG SessionKeyType;
|
|
} KERB_TICKET_CACHE_INFO_EX2,*PKERB_TICKET_CACHE_INFO_EX2;
|
|
|
|
typedef struct _KERB_QUERY_TKT_CACHE_RESPONSE {
|
|
KERB_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
ULONG CountOfTickets;
|
|
KERB_TICKET_CACHE_INFO Tickets[ANYSIZE_ARRAY];
|
|
} KERB_QUERY_TKT_CACHE_RESPONSE,*PKERB_QUERY_TKT_CACHE_RESPONSE;
|
|
|
|
typedef struct _KERB_QUERY_TKT_CACHE_EX_RESPONSE {
|
|
KERB_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
ULONG CountOfTickets;
|
|
KERB_TICKET_CACHE_INFO_EX Tickets[ANYSIZE_ARRAY];
|
|
} KERB_QUERY_TKT_CACHE_EX_RESPONSE,*PKERB_QUERY_TKT_CACHE_EX_RESPONSE;
|
|
|
|
typedef struct _KERB_QUERY_TKT_CACHE_EX2_RESPONSE {
|
|
KERB_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
ULONG CountOfTickets;
|
|
KERB_TICKET_CACHE_INFO_EX2 Tickets[ANYSIZE_ARRAY];
|
|
} KERB_QUERY_TKT_CACHE_EX2_RESPONSE,*PKERB_QUERY_TKT_CACHE_EX2_RESPONSE;
|
|
|
|
#ifndef __SECHANDLE_DEFINED__
|
|
typedef struct _SecHandle {
|
|
ULONG_PTR dwLower;
|
|
ULONG_PTR dwUpper;
|
|
} SecHandle,*PSecHandle;
|
|
|
|
#define __SECHANDLE_DEFINED__
|
|
#endif
|
|
|
|
#define KERB_USE_DEFAULT_TICKET_FLAGS 0x0
|
|
|
|
#define KERB_RETRIEVE_TICKET_DEFAULT 0x0
|
|
#define KERB_RETRIEVE_TICKET_DONT_USE_CACHE 0x1
|
|
#define KERB_RETRIEVE_TICKET_USE_CACHE_ONLY 0x2
|
|
#define KERB_RETRIEVE_TICKET_USE_CREDHANDLE 0x4
|
|
#define KERB_RETRIEVE_TICKET_AS_KERB_CRED 0x8
|
|
#define KERB_RETRIEVE_TICKET_WITH_SEC_CRED 0x10
|
|
#define KERB_RETRIEVE_TICKET_CACHE_TICKET 0x20
|
|
|
|
#define KERB_ETYPE_DEFAULT 0x0
|
|
|
|
typedef struct _KERB_AUTH_DATA {
|
|
ULONG Type;
|
|
ULONG Length;
|
|
PUCHAR Data;
|
|
} KERB_AUTH_DATA,*PKERB_AUTH_DATA;
|
|
|
|
typedef struct _KERB_NET_ADDRESS {
|
|
ULONG Family;
|
|
ULONG Length;
|
|
PCHAR Address;
|
|
} KERB_NET_ADDRESS,*PKERB_NET_ADDRESS;
|
|
|
|
typedef struct _KERB_NET_ADDRESSES {
|
|
ULONG Number;
|
|
KERB_NET_ADDRESS Addresses[ANYSIZE_ARRAY];
|
|
} KERB_NET_ADDRESSES,*PKERB_NET_ADDRESSES;
|
|
|
|
typedef struct _KERB_EXTERNAL_NAME {
|
|
SHORT NameType;
|
|
USHORT NameCount;
|
|
UNICODE_STRING Names[ANYSIZE_ARRAY];
|
|
} KERB_EXTERNAL_NAME,*PKERB_EXTERNAL_NAME;
|
|
|
|
typedef struct _KERB_EXTERNAL_TICKET {
|
|
PKERB_EXTERNAL_NAME ServiceName;
|
|
PKERB_EXTERNAL_NAME TargetName;
|
|
PKERB_EXTERNAL_NAME ClientName;
|
|
UNICODE_STRING DomainName;
|
|
UNICODE_STRING TargetDomainName;
|
|
UNICODE_STRING AltTargetDomainName;
|
|
KERB_CRYPTO_KEY SessionKey;
|
|
ULONG TicketFlags;
|
|
ULONG Flags;
|
|
LARGE_INTEGER KeyExpirationTime;
|
|
LARGE_INTEGER StartTime;
|
|
LARGE_INTEGER EndTime;
|
|
LARGE_INTEGER RenewUntil;
|
|
LARGE_INTEGER TimeSkew;
|
|
ULONG EncodedTicketSize;
|
|
PUCHAR EncodedTicket;
|
|
} KERB_EXTERNAL_TICKET,*PKERB_EXTERNAL_TICKET;
|
|
|
|
typedef struct _KERB_RETRIEVE_TKT_REQUEST {
|
|
KERB_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
LUID LogonId;
|
|
UNICODE_STRING TargetName;
|
|
ULONG TicketFlags;
|
|
ULONG CacheOptions;
|
|
LONG EncryptionType;
|
|
SecHandle CredentialsHandle;
|
|
} KERB_RETRIEVE_TKT_REQUEST,*PKERB_RETRIEVE_TKT_REQUEST;
|
|
|
|
typedef struct _KERB_RETRIEVE_TKT_RESPONSE {
|
|
KERB_EXTERNAL_TICKET Ticket;
|
|
} KERB_RETRIEVE_TKT_RESPONSE,*PKERB_RETRIEVE_TKT_RESPONSE;
|
|
|
|
typedef struct _KERB_PURGE_TKT_CACHE_REQUEST {
|
|
KERB_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
LUID LogonId;
|
|
UNICODE_STRING ServerName;
|
|
UNICODE_STRING RealmName;
|
|
} KERB_PURGE_TKT_CACHE_REQUEST,*PKERB_PURGE_TKT_CACHE_REQUEST;
|
|
|
|
#define KERB_PURGE_ALL_TICKETS 1
|
|
|
|
typedef struct _KERB_PURGE_TKT_CACHE_EX_REQUEST {
|
|
KERB_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
LUID LogonId;
|
|
ULONG Flags;
|
|
KERB_TICKET_CACHE_INFO_EX TicketTemplate;
|
|
} KERB_PURGE_TKT_CACHE_EX_REQUEST,*PKERB_PURGE_TKT_CACHE_EX_REQUEST;
|
|
|
|
typedef struct _KERB_CHANGEPASSWORD_REQUEST {
|
|
KERB_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
UNICODE_STRING DomainName;
|
|
UNICODE_STRING AccountName;
|
|
UNICODE_STRING OldPassword;
|
|
UNICODE_STRING NewPassword;
|
|
BOOLEAN Impersonating;
|
|
} KERB_CHANGEPASSWORD_REQUEST,*PKERB_CHANGEPASSWORD_REQUEST;
|
|
|
|
typedef struct _KERB_SETPASSWORD_REQUEST {
|
|
KERB_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
LUID LogonId;
|
|
SecHandle CredentialsHandle;
|
|
ULONG Flags;
|
|
UNICODE_STRING DomainName;
|
|
UNICODE_STRING AccountName;
|
|
UNICODE_STRING Password;
|
|
} KERB_SETPASSWORD_REQUEST,*PKERB_SETPASSWORD_REQUEST;
|
|
|
|
typedef struct _KERB_SETPASSWORD_EX_REQUEST {
|
|
KERB_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
LUID LogonId;
|
|
SecHandle CredentialsHandle;
|
|
ULONG Flags;
|
|
UNICODE_STRING AccountRealm;
|
|
UNICODE_STRING AccountName;
|
|
UNICODE_STRING Password;
|
|
UNICODE_STRING ClientRealm;
|
|
UNICODE_STRING ClientName;
|
|
BOOLEAN Impersonating;
|
|
UNICODE_STRING KdcAddress;
|
|
ULONG KdcAddressType;
|
|
} KERB_SETPASSWORD_EX_REQUEST,*PKERB_SETPASSWORD_EX_REQUEST;
|
|
|
|
#define DS_UNKNOWN_ADDRESS_TYPE 0
|
|
#define KERB_SETPASS_USE_LOGONID 1
|
|
#define KERB_SETPASS_USE_CREDHANDLE 2
|
|
|
|
typedef struct _KERB_DECRYPT_REQUEST {
|
|
KERB_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
LUID LogonId;
|
|
ULONG Flags;
|
|
LONG CryptoType;
|
|
LONG KeyUsage;
|
|
KERB_CRYPTO_KEY Key;
|
|
ULONG EncryptedDataSize;
|
|
ULONG InitialVectorSize;
|
|
PUCHAR InitialVector;
|
|
PUCHAR EncryptedData;
|
|
} KERB_DECRYPT_REQUEST,*PKERB_DECRYPT_REQUEST;
|
|
|
|
#define KERB_DECRYPT_FLAG_DEFAULT_KEY 0x00000001
|
|
|
|
typedef struct _KERB_DECRYPT_RESPONSE {
|
|
UCHAR DecryptedData[ANYSIZE_ARRAY];
|
|
} KERB_DECRYPT_RESPONSE,*PKERB_DECRYPT_RESPONSE;
|
|
|
|
typedef struct _KERB_ADD_BINDING_CACHE_ENTRY_REQUEST {
|
|
KERB_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
UNICODE_STRING RealmName;
|
|
UNICODE_STRING KdcAddress;
|
|
ULONG AddressType;
|
|
} KERB_ADD_BINDING_CACHE_ENTRY_REQUEST,*PKERB_ADD_BINDING_CACHE_ENTRY_REQUEST;
|
|
|
|
typedef struct _KERB_REFRESH_SCCRED_REQUEST {
|
|
KERB_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
UNICODE_STRING CredentialBlob;
|
|
LUID LogonId;
|
|
ULONG Flags;
|
|
} KERB_REFRESH_SCCRED_REQUEST,*PKERB_REFRESH_SCCRED_REQUEST;
|
|
|
|
#define KERB_REFRESH_SCCRED_RELEASE 0x0
|
|
#define KERB_REFRESH_SCCRED_GETTGT 0x1
|
|
|
|
typedef struct _KERB_ADD_CREDENTIALS_REQUEST {
|
|
KERB_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
UNICODE_STRING UserName;
|
|
UNICODE_STRING DomainName;
|
|
UNICODE_STRING Password;
|
|
LUID LogonId;
|
|
ULONG Flags;
|
|
} KERB_ADD_CREDENTIALS_REQUEST,*PKERB_ADD_CREDENTIALS_REQUEST;
|
|
|
|
#define KERB_REQUEST_ADD_CREDENTIAL 1
|
|
#define KERB_REQUEST_REPLACE_CREDENTIAL 2
|
|
#define KERB_REQUEST_REMOVE_CREDENTIAL 4
|
|
|
|
typedef struct _KERB_TRANSFER_CRED_REQUEST {
|
|
KERB_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
LUID OriginLogonId;
|
|
LUID DestinationLogonId;
|
|
ULONG Flags;
|
|
} KERB_TRANSFER_CRED_REQUEST,*PKERB_TRANSFER_CRED_REQUEST;
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
#endif
|