/*++ BUILD Version: 0000 Increment this if a change has global effects Copyright (c) Microsoft Corporation. All rights reserved. Module Name: ntsecapi.h Abstract: This module defines the Local Security Authority APIs. Revision History: --*/ // // All the subcategories are named as // #ifdef DEFINE_GUID /* 0cce9210-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_System_SecurityStateChange_defined) DEFINE_GUID( Audit_System_SecurityStateChange, 0x0cce9210, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_System_SecurityStateChange_defined #endif #endif /* 0cce9211-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_System_SecuritySubsystemExtension_defined) DEFINE_GUID( Audit_System_SecuritySubsystemExtension, 0x0cce9211, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_System_SecuritySubsystemExtension_defined #endif #endif /* 0cce9212-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_System_Integrity_defined) DEFINE_GUID( Audit_System_Integrity, 0x0cce9212, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_System_Integrity_defined #endif #endif /* 0cce9213-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_System_IPSecDriverEvents_defined) DEFINE_GUID( Audit_System_IPSecDriverEvents, 0x0cce9213, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_System_IPSecDriverEvents_defined #endif #endif /* 0cce9214-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_System_Others_defined) DEFINE_GUID( Audit_System_Others, 0x0cce9214, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_System_Others_defined #endif #endif /* 0cce9215-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_Logon_Logon_defined) DEFINE_GUID( Audit_Logon_Logon, 0x0cce9215, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_Logon_Logon_defined #endif #endif /* 0cce9216-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_Logon_Logoff_defined) DEFINE_GUID( Audit_Logon_Logoff, 0x0cce9216, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_Logon_Logoff_defined #endif #endif /* 0cce9217-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_Logon_AccountLockout_defined) DEFINE_GUID( Audit_Logon_AccountLockout, 0x0cce9217, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_Logon_AccountLockout_defined #endif #endif /* 0cce9218-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_Logon_IPSecMainMode_defined) DEFINE_GUID( Audit_Logon_IPSecMainMode, 0x0cce9218, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_Logon_IPSecMainMode_defined #endif #endif /* 0cce9219-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_Logon_IPSecQuickMode_defined) DEFINE_GUID( Audit_Logon_IPSecQuickMode, 0x0cce9219, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_Logon_IPSecQuickMode_defined #endif #endif /* 0cce921a-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_Logon_IPSecUserMode_defined) DEFINE_GUID( Audit_Logon_IPSecUserMode, 0x0cce921a, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_Logon_IPSecUserMode_defined #endif #endif /* 0cce921b-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_Logon_SpecialLogon_defined) DEFINE_GUID( Audit_Logon_SpecialLogon, 0x0cce921b, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_Logon_SpecialLogon_defined #endif #endif /* 0cce921c-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_Logon_Others_defined) DEFINE_GUID( Audit_Logon_Others, 0x0cce921c, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_Logon_Others_defined #endif #endif /* 0cce921d-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_ObjectAccess_FileSystem_defined) DEFINE_GUID( Audit_ObjectAccess_FileSystem, 0x0cce921d, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_ObjectAccess_FileSystem_defined #endif #endif /* 0cce921e-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_ObjectAccess_Registry_defined) DEFINE_GUID( Audit_ObjectAccess_Registry, 0x0cce921e, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_ObjectAccess_Registry_defined #endif #endif /* 0cce921f-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_ObjectAccess_Kernel_defined) DEFINE_GUID( Audit_ObjectAccess_Kernel, 0x0cce921f, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_ObjectAccess_Kernel_defined #endif #endif /* 0cce9220-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_ObjectAccess_Sam_defined) DEFINE_GUID( Audit_ObjectAccess_Sam, 0x0cce9220, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_ObjectAccess_Sam_defined #endif #endif /* 0cce9221-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_ObjectAccess_CertificationServices_defined) DEFINE_GUID( Audit_ObjectAccess_CertificationServices, 0x0cce9221, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_ObjectAccess_CertificationServices_defined #endif #endif /* 0cce9222-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_ObjectAccess_ApplicationGenerated_defined) DEFINE_GUID( Audit_ObjectAccess_ApplicationGenerated, 0x0cce9222, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_ObjectAccess_ApplicationGenerated_defined #endif #endif /* The Audit_ObjectAccess_Handle sub-category behaves different from the other sub-categories. For handle based audits to be generated (Open handle AuditId: 0x1230, Close handle AuditId: 0x1232), the corresponding object sub-category AND Audit_ObjectAccess_Handle must be enabled. For eg, to generate handle based audits for Reg keys, both Audit_ObjectAccess_Registry and Audit_ObjectAccess_Handle must be enabled */ /* 0cce9223-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_ObjectAccess_Handle_defined) DEFINE_GUID( Audit_ObjectAccess_Handle, 0x0cce9223, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_ObjectAccess_Handle_defined #endif #endif /* 0cce9224-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_ObjectAccess_Share_defined) DEFINE_GUID( Audit_ObjectAccess_Share, 0x0cce9224, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_ObjectAccess_Share_defined #endif #endif /* 0cce9225-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_ObjectAccess_FirewallPacketDrops_defined) DEFINE_GUID( Audit_ObjectAccess_FirewallPacketDrops, 0x0cce9225, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_ObjectAccess_FirewallPacketDrops_defined #endif #endif /* 0cce9226-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_ObjectAccess_FirewallConnection_defined) DEFINE_GUID( Audit_ObjectAccess_FirewallConnection, 0x0cce9226, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_ObjectAccess_FirewallConnection_defined #endif #endif /* 0cce9227-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_ObjectAccess_Other_defined) DEFINE_GUID( Audit_ObjectAccess_Other, 0x0cce9227, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_ObjectAccess_Other_defined #endif #endif /* 0cce9228-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_PrivilegeUse_Sensitive_defined) DEFINE_GUID( Audit_PrivilegeUse_Sensitive, 0x0cce9228, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_PrivilegeUse_Sensitive_defined #endif #endif /* 0cce9229-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_PrivilegeUse_NonSensitive_defined) DEFINE_GUID( Audit_PrivilegeUse_NonSensitive, 0x0cce9229, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_PrivilegeUse_NonSensitive_defined #endif #endif /* 0cce922a-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_PrivilegeUse_Others_defined) DEFINE_GUID( Audit_PrivilegeUse_Others, 0x0cce922a, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_PrivilegeUse_Others_defined #endif #endif /* 0cce922b-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_DetailedTracking_ProcessCreation_defined) DEFINE_GUID( Audit_DetailedTracking_ProcessCreation, 0x0cce922b, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_DetailedTracking_ProcessCreation_defined #endif #endif /* 0cce922c-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_DetailedTracking_ProcessTermination_defined) DEFINE_GUID( Audit_DetailedTracking_ProcessTermination, 0x0cce922c, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_DetailedTracking_ProcessTermination_defined #endif #endif /* 0cce922d-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_DetailedTracking_DpapiActivity_defined) DEFINE_GUID( Audit_DetailedTracking_DpapiActivity, 0x0cce922d, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_DetailedTracking_DpapiActivity_defined #endif #endif /* 0cce922e-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_DetailedTracking_RpcCall_defined) DEFINE_GUID( Audit_DetailedTracking_RpcCall, 0x0cce922e, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_DetailedTracking_RpcCall_defined #endif #endif /* 0cce922f-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_PolicyChange_AuditPolicy_defined) DEFINE_GUID( Audit_PolicyChange_AuditPolicy, 0x0cce922f, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_PolicyChange_AuditPolicy_defined #endif #endif /* 0cce9230-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_PolicyChange_AuthenticationPolicy_defined) DEFINE_GUID( Audit_PolicyChange_AuthenticationPolicy, 0x0cce9230, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_PolicyChange_AuthenticationPolicy_defined #endif #endif /* 0cce9231-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_PolicyChange_AuthorizationPolicy_defined) DEFINE_GUID( Audit_PolicyChange_AuthorizationPolicy, 0x0cce9231, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_PolicyChange_AuthorizationPolicy_defined #endif #endif /* 0cce9232-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_PolicyChange_MpsscvRulePolicy_defined) DEFINE_GUID( Audit_PolicyChange_MpsscvRulePolicy, 0x0cce9232, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_PolicyChange_MpsscvRulePolicy_defined #endif #endif /* 0cce9233-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_PolicyChange_WfpIPSecPolicy_defined) DEFINE_GUID( Audit_PolicyChange_WfpIPSecPolicy, 0x0cce9233, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_PolicyChange_WfpIPSecPolicy_defined #endif #endif /* 0cce9234-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_PolicyChange_Others_defined) DEFINE_GUID( Audit_PolicyChange_Others, 0x0cce9234, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_PolicyChange_Others_defined #endif #endif /* 0cce9235-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_AccountManagement_UserAccount_defined) DEFINE_GUID( Audit_AccountManagement_UserAccount, 0x0cce9235, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_AccountManagement_UserAccount_defined #endif #endif /* 0cce9236-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_AccountManagement_ComputerAccount_defined) DEFINE_GUID( Audit_AccountManagement_ComputerAccount, 0x0cce9236, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_AccountManagement_ComputerAccount_defined #endif #endif /* 0cce9237-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_AccountManagement_SecurityGroup_defined) DEFINE_GUID( Audit_AccountManagement_SecurityGroup, 0x0cce9237, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_AccountManagement_SecurityGroup_defined #endif #endif /* 0cce9238-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_AccountManagement_DistributionGroup_defined) DEFINE_GUID( Audit_AccountManagement_DistributionGroup, 0x0cce9238, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_AccountManagement_DistributionGroup_defined #endif #endif /* 0cce9239-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_AccountManagement_ApplicationGroup_defined) DEFINE_GUID( Audit_AccountManagement_ApplicationGroup, 0x0cce9239, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_AccountManagement_ApplicationGroup_defined #endif #endif /* 0cce923a-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_AccountManagement_Others_defined) DEFINE_GUID( Audit_AccountManagement_Others, 0x0cce923a, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_AccountManagement_Others_defined #endif #endif /* 0cce923b-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_DSAccess_DSAccess_defined) DEFINE_GUID( Audit_DSAccess_DSAccess, 0x0cce923b, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_DSAccess_DSAccess_defined #endif #endif /* 0cce923c-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_DsAccess_AdAuditChanges_defined) DEFINE_GUID( Audit_DsAccess_AdAuditChanges, 0x0cce923c, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_DsAccess_AdAuditChanges_defined #endif #endif /* 0cce923d-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_Ds_Replication_defined) DEFINE_GUID( Audit_Ds_Replication, 0x0cce923d, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_Ds_Replication_defined #endif #endif /* 0cce923e-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_Ds_DetailedReplication_defined) DEFINE_GUID( Audit_Ds_DetailedReplication, 0x0cce923e, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_Ds_DetailedReplication_defined #endif #endif /* 0cce923f-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_AccountLogon_CredentialValidation_defined) DEFINE_GUID( Audit_AccountLogon_CredentialValidation, 0x0cce923f, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_AccountLogon_CredentialValidation_defined #endif #endif /* 0cce9240-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_AccountLogon_Kerberos_defined) DEFINE_GUID( Audit_AccountLogon_Kerberos, 0x0cce9240, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_AccountLogon_Kerberos_defined #endif #endif /* 0cce9241-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_AccountLogon_Others_defined) DEFINE_GUID( Audit_AccountLogon_Others, 0x0cce9241, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_AccountLogon_Others_defined #endif #endif /* 0cce9242-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_AccountLogon_KerbCredentialValidation_defined) DEFINE_GUID( Audit_AccountLogon_KerbCredentialValidation, 0x0cce9242, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_AccountLogon_KerbCredentialValidation_defined #endif #endif /* 0cce9243-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_Logon_NPS_defined) DEFINE_GUID( Audit_Logon_NPS, 0x0cce9243, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_Logon_NPS_defined #endif #endif /* 0cce9244-69ae-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_ObjectAccess_DetailedFileShare_defined) DEFINE_GUID( Audit_ObjectAccess_DetailedFileShare, 0x0cce9244, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_ObjectAccess_DetailedFileShare_defined #endif #endif #endif // DEFINE_GUID // // All categories are named as // #ifdef DEFINE_GUID /* 69979848-797a-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_System_defined) DEFINE_GUID( Audit_System, 0x69979848, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_System_defined #endif #endif /* 69979849-797a-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_Logon_defined) DEFINE_GUID( Audit_Logon, 0x69979849, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_Logon_defined #endif #endif /* 6997984a-797a-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_ObjectAccess_defined) DEFINE_GUID( Audit_ObjectAccess, 0x6997984a, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_ObjectAccess_defined #endif #endif /* 6997984b-797a-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_PrivilegeUse_defined) DEFINE_GUID( Audit_PrivilegeUse, 0x6997984b, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_PrivilegeUse_defined #endif #endif /* 6997984c-797a-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_DetailedTracking_defined) DEFINE_GUID( Audit_DetailedTracking, 0x6997984c, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_DetailedTracking_defined #endif #endif /* 6997984d-797a-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_PolicyChange_defined) DEFINE_GUID( Audit_PolicyChange, 0x6997984d, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_PolicyChange_defined #endif #endif /* 6997984e-797a-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_AccountManagement_defined) DEFINE_GUID( Audit_AccountManagement, 0x6997984e, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_AccountManagement_defined #endif #endif /* 6997984f-797a-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_DirectoryServiceAccess_defined) DEFINE_GUID( Audit_DirectoryServiceAccess, 0x6997984f, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_DirectoryServiceAccess_defined #endif #endif /* 69979850-797a-11d9-bed3-505054503030 */ #if !defined(INITGUID) || !defined(Audit_AccountLogon_defined) DEFINE_GUID( Audit_AccountLogon, 0x69979850, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 ); #ifdef INITGUID #define Audit_AccountLogon_defined #endif #endif #endif // DEFINE_GUID #ifndef _NTSECAPI_ #define _NTSECAPI_ #ifdef __cplusplus extern "C" { #endif #ifndef _NTDEF_ typedef LONG NTSTATUS, *PNTSTATUS; #endif #include #ifndef _NTLSA_IFS_ // begin_ntifs // // Security operation mode of the system is held in a control // longword. // typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE; // end_ntifs #endif // _NTLSA_IFS_ // // The flags in the security operational mode are defined // as: // // PasswordProtected - Some level of authentication (such as // a password) must be provided by users before they are // allowed to use the system. Once set, this value will // not be cleared without re-booting the system. // // IndividualAccounts - Each user must identify an account to // logon to. This flag is only meaningful if the // PasswordProtected flag is also set. If this flag is // not set and the PasswordProtected flag is set, then all // users may logon to the same account. Once set, this value // will not be cleared without re-booting the system. // // MandatoryAccess - Indicates the system is running in a mandatory // access control mode (e.g., B-level as defined by the U.S.A's // Department of Defense's "Orange Book"). This is not utilized // in the current release of NT. This flag is only meaningful // if both the PasswordProtected and IndividualAccounts flags are // set. Once set, this value will not be cleared without // re-booting the system. // // LogFull - Indicates the system has been brought up in a mode in // which if must perform security auditing, but its audit log // is full. This may (should) restrict the operations that // can occur until the audit log is made not-full again. THIS // VALUE MAY BE CLEARED WHILE THE SYSTEM IS RUNNING (I.E., WITHOUT // REBOOTING). // // If the PasswordProtected flag is not set, then the system is running // without security, and user interface should be adjusted appropriately. // #define LSA_MODE_PASSWORD_PROTECTED (0x00000001L) #define LSA_MODE_INDIVIDUAL_ACCOUNTS (0x00000002L) #define LSA_MODE_MANDATORY_ACCESS (0x00000004L) #define LSA_MODE_LOG_FULL (0x00000008L) #ifndef _NTLSA_IFS_ // begin_ntifs // // Used by a logon process to indicate what type of logon is being // requested. // typedef enum _SECURITY_LOGON_TYPE { UndefinedLogonType = 0, // This is used to specify an undefied logon type Interactive = 2, // Interactively logged on (locally or remotely) Network, // Accessing system via network Batch, // Started via a batch queue Service, // Service started by service controller Proxy, // Proxy logon Unlock, // Unlock workstation NetworkCleartext, // Network logon with cleartext credentials NewCredentials, // Clone caller, new default credentials //The types below only exist in Windows XP and greater #if (_WIN32_WINNT >= 0x0501) RemoteInteractive, // Remote, yet interactive. Terminal server CachedInteractive, // Try cached credentials without hitting the net. // The types below only exist in Windows Server 2003 and greater #endif #if (_WIN32_WINNT >= 0x0502) CachedRemoteInteractive, // Same as RemoteInteractive, this is used internally for auditing purpose CachedUnlock // Cached Unlock workstation #endif } SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE; // end_ntifs #endif // _NTLSA_IFS_ #ifndef _NTLSA_IFS_ // begin_ntifs // // All of this stuff (between the Ifndef _NTLSA_AUDIT_ and its endif) were not // present in NTIFS prior to Windows Server 2003 SP1. All of the definitions however // exist down to windows 2000 (except for the few exceptions noted in the code). // #ifndef _NTLSA_AUDIT_ #define _NTLSA_AUDIT_ ///////////////////////////////////////////////////////////////////////// // // // Data types related to Auditing // // // ///////////////////////////////////////////////////////////////////////// // // The following enumerated type is used between the reference monitor and // LSA in the generation of audit messages. It is used to indicate the // type of data being passed as a parameter from the reference monitor // to LSA. LSA is responsible for transforming the specified data type // into a set of unicode strings that are added to the event record in // the audit log. // typedef enum _SE_ADT_PARAMETER_TYPE { SeAdtParmTypeNone = 0, //Produces 1 parameter //Received value: // // None. // //Results in: // // a unicode string containing "-". // //Note: This is typically used to // indicate that a parameter value // was not available. // SeAdtParmTypeString, //Produces 1 parameter. //Received Value: // // Unicode String (variable length) // //Results in: // // No transformation. The string // entered into the event record as // received. // // The Address value of the audit info // should be a pointer to a UNICODE_STRING // structure. SeAdtParmTypeFileSpec, //Produces 1 parameter. //Received value: // // Unicode string containing a file or // directory name. // //Results in: // // Unicode string with the prefix of the // file's path replaced by a drive letter // if possible. // SeAdtParmTypeUlong, //Produces 1 parameter //Received value: // // Ulong // //Results in: // // Unicode string representation of // unsigned integer value. SeAdtParmTypeSid, //Produces 1 parameter. //Received value: // // SID (variable length) // //Results in: // // String representation of SID // SeAdtParmTypeLogonId, //Produces 4 parameters. //Received Value: // // LUID (fixed length) // //Results in: // // param 1: Sid string // param 2: Username string // param 3: domain name string // param 4: Logon ID (Luid) string SeAdtParmTypeNoLogonId, //Produces 3 parameters. //Received value: // // None. // //Results in: // // param 1: "-" // param 2: "-" // param 3: "-" // param 4: "-" // //Note: // // This type is used when a logon ID // is needed, but one is not available // to pass. For example, if an // impersonation logon ID is expected // but the subject is not impersonating // anyone. // SeAdtParmTypeAccessMask, //Produces 1 parameter with formatting. //Received value: // // ACCESS_MASK followed by // a Unicode string. The unicode // string contains the name of the // type of object the access mask // applies to. The event's source // further qualifies the object type. // //Results in: // // formatted unicode string built to // take advantage of the specified // source's parameter message file. // //Note: // // An access mask containing three // access types for a Widget object // type (defined by the Foozle source) // might end up looking like: // // %%1062\n\t\t%1066\n\t\t%%601 // // The %%numbers are signals to the // event viewer to perform parameter // substitution before display. // SeAdtParmTypePrivs, //Produces 1 parameter with formatting. //Received value: // //Results in: // // formatted unicode string similar to // that for access types. Each priv // will be formatted to be displayed // on its own line. E.g., // // %%642\n\t\t%%651\n\t\t%%655 // SeAdtParmTypeObjectTypes, //Produces 10 parameters with formatting. //Received value: // // Produces a list a stringized GUIDS along // with information similar to that for // an access mask. SeAdtParmTypeHexUlong, //Produces 1 parameter //Received value: // // Ulong // //Results in: // // Unicode string representation of // unsigned integer value in hexadecimal. // In W2k this value did not exist, it was ParmTypeLUID SeAdtParmTypePtr, //Produces 1 parameter //Received value: // // pointer // //Results in: // // Unicode string representation of // unsigned integer value in hexadecimal. // // Everything below exists only in Windows XP and greater // SeAdtParmTypeTime, //Produces 2 parameters //Received value: // // LARGE_INTEGER // //Results in: // // Unicode string representation of // date and time. // SeAdtParmTypeGuid, //Produces 1 parameter //Received value: // // GUID pointer // //Results in: // // Unicode string representation of GUID // {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} // // // Everything below exists only in Windows Server 2003 and Greater // SeAdtParmTypeLuid, // //Produces 1 parameter //Received value: // // LUID // //Results in: // // Hex LUID // SeAdtParmTypeHexInt64, //Produces 1 parameter //Received value: // // 64 bit integer // //Results in: // // Unicode string representation of // unsigned integer value in hexadecimal. SeAdtParmTypeStringList, //Produces 1 parameter //Received value: // // ptr to LSAP_ADT_STRING_LIST // //Results in: // // Unicode string representation of // concatenation of the strings in the list SeAdtParmTypeSidList, //Produces 1 parameter //Received value: // // ptr to LSAP_ADT_SID_LIST // //Results in: // // Unicode string representation of // concatenation of the SIDs in the list SeAdtParmTypeDuration, //Produces 1 parameters //Received value: // // LARGE_INTEGER // //Results in: // // Unicode string representation of // a duration. SeAdtParmTypeUserAccountControl,//Produces 3 parameters //Received value: // // old and new UserAccountControl values // //Results in: // // Unicode string representations of // the flags in UserAccountControl. // 1 - old value in hex // 2 - new value in hex // 3 - difference as strings SeAdtParmTypeNoUac, //Produces 3 parameters //Received value: // // none // //Results in: // // Three dashes ('-') as unicode strings. SeAdtParmTypeMessage, //Produces 1 Parameter //Received value: // // ULONG (MessageNo from msobjs.mc) // //Results in: // // Unicode string representation of // %%MessageNo which the event viewer // will replace with the message string // from msobjs.mc SeAdtParmTypeDateTime, //Produces 1 Parameter //Received value: // // LARGE_INTEGER // //Results in: // // Unicode string representation of // date and time (in _one_ string). SeAdtParmTypeSockAddr, // Produces 2 parameters // // Received value: // // pointer to SOCKADDR_IN/SOCKADDR_IN6 // structure // // Results in: // // param 1: IP address string // param 2: Port number string // // // Everything below this exists only in Windows Server 2008 and greater // SeAdtParmTypeSD, // Produces 1 parameters // // Received value: // // pointer to SECURITY_DESCRIPTOR // structure // // Results in: // // SDDL string representation of SD // SeAdtParmTypeLogonHours, // Produces 1 parameters // // Received value: // // pointer to LOGON_HOURS // structure // // Results in: // // String representation of allowed logon hours // SeAdtParmTypeLogonIdNoSid, //Produces 3 parameters. //Received Value: // // LUID (fixed length) // //Results in: // // param 1: Username string // param 2: domain name string // param 3: Logon ID (Luid) string SeAdtParmTypeUlongNoConv, // Produces 1 parameter. // Received Value: // Ulong // //Results in: // Not converted to string // SeAdtParmTypeSockAddrNoPort, // Produces 1 parameter // // Received value: // // pointer to SOCKADDR_IN/SOCKADDR_IN6 // structure // // Results in: // // param 1: IPv4/IPv6 address string // // // Everything below this exists only in Windows Server 2008 and greater // SeAdtParmTypeAccessReason // Produces 1 parameters // // Received value: // // pointer to SECURITY_DESCRIPTOR // structure followed by the reason code. // The reason code could be the index // of the ACE in the SD or privilege ID or // other reason codes. // // Results in: // // String representation of the access reason. // } SE_ADT_PARAMETER_TYPE, *PSE_ADT_PARAMETER_TYPE; #ifndef GUID_DEFINED #include #endif /* GUID_DEFINED */ typedef struct _SE_ADT_OBJECT_TYPE { GUID ObjectType; USHORT Flags; #define SE_ADT_OBJECT_ONLY 0x1 USHORT Level; ACCESS_MASK AccessMask; } SE_ADT_OBJECT_TYPE, *PSE_ADT_OBJECT_TYPE; typedef struct _SE_ADT_PARAMETER_ARRAY_ENTRY { SE_ADT_PARAMETER_TYPE Type; ULONG Length; ULONG_PTR Data[2]; PVOID Address; } SE_ADT_PARAMETER_ARRAY_ENTRY, *PSE_ADT_PARAMETER_ARRAY_ENTRY; typedef struct _SE_ADT_ACCESS_REASON{ ACCESS_MASK AccessMask; ULONG AccessReasons[32]; ULONG ObjectTypeIndex; ULONG AccessGranted; PSECURITY_DESCRIPTOR SecurityDescriptor; // multple SDs may be stored here in self-relative way. } SE_ADT_ACCESS_REASON, *PSE_ADT_ACCESS_REASON; // // Structure that will be passed between the Reference Monitor and LSA // to transmit auditing information. // #define SE_MAX_AUDIT_PARAMETERS 32 #define SE_MAX_GENERIC_AUDIT_PARAMETERS 28 typedef struct _SE_ADT_PARAMETER_ARRAY { ULONG CategoryId; ULONG AuditId; ULONG ParameterCount; ULONG Length; USHORT FlatSubCategoryId; USHORT Type; ULONG Flags; SE_ADT_PARAMETER_ARRAY_ENTRY Parameters[ SE_MAX_AUDIT_PARAMETERS ]; } SE_ADT_PARAMETER_ARRAY, *PSE_ADT_PARAMETER_ARRAY; #define SE_ADT_PARAMETERS_SELF_RELATIVE 0x00000001 #define SE_ADT_PARAMETERS_SEND_TO_LSA 0x00000002 #define SE_ADT_PARAMETER_EXTENSIBLE_AUDIT 0x00000004 #define SE_ADT_PARAMETER_GENERIC_AUDIT 0x00000008 #define SE_ADT_PARAMETER_WRITE_SYNCHRONOUS 0x00000010 // // This macro only existed in Windows Server 2008 and after // #define LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(AuditParameters) \ ( sizeof(SE_ADT_PARAMETER_ARRAY) - \ sizeof(SE_ADT_PARAMETER_ARRAY_ENTRY) * \ (SE_MAX_AUDIT_PARAMETERS - AuditParameters->ParameterCount) ) #endif // _NTLSA_AUDIT_ // end_ntifs #endif // _NTLSA_IFS_ // // Audit Event Categories // // The following are the built-in types or Categories of audit event. // WARNING! This structure is subject to expansion. The user should not // compute the number of elements of this type directly, but instead // should obtain the count of elements by calling LsaQueryInformationPolicy() // for the PolicyAuditEventsInformation class and extracting the count from // the MaximumAuditEventCount field of the returned structure. // typedef enum _POLICY_AUDIT_EVENT_TYPE { AuditCategorySystem = 0, AuditCategoryLogon, AuditCategoryObjectAccess, AuditCategoryPrivilegeUse, AuditCategoryDetailedTracking, AuditCategoryPolicyChange, AuditCategoryAccountManagement, AuditCategoryDirectoryServiceAccess, AuditCategoryAccountLogon } POLICY_AUDIT_EVENT_TYPE, *PPOLICY_AUDIT_EVENT_TYPE; // // The following defines describe the auditing options for each // event type // // Leave options specified for this event unchanged #define POLICY_AUDIT_EVENT_UNCHANGED (0x00000000L) // Audit successful occurrences of events of this type #define POLICY_AUDIT_EVENT_SUCCESS (0x00000001L) // Audit failed attempts to cause an event of this type to occur #define POLICY_AUDIT_EVENT_FAILURE (0x00000002L) #define POLICY_AUDIT_EVENT_NONE (0x00000004L) // Mask of valid event auditing options #define POLICY_AUDIT_EVENT_MASK \ (POLICY_AUDIT_EVENT_SUCCESS | \ POLICY_AUDIT_EVENT_FAILURE | \ POLICY_AUDIT_EVENT_UNCHANGED | \ POLICY_AUDIT_EVENT_NONE) #ifndef _NTDEF_ #ifndef IN #define IN #endif #ifndef OUT #define OUT #endif #ifndef OPTIONAL #define OPTIONAL #endif #endif // _NTDEF_ // // Macro for determining whether an API succeeded. // #define LSA_SUCCESS(Error) ((LONG)(Error) >= 0) #ifndef _NTLSA_IFS_ // begin_ntifs __drv_sameIRQL __drv_maxIRQL(PASSIVE_LEVEL) NTSTATUS NTAPI LsaRegisterLogonProcess ( __in PLSA_STRING LogonProcessName, __out PHANDLE LsaHandle, __out PLSA_OPERATIONAL_MODE SecurityMode ); // // The function below did not exist in NTIFS before windows XP // However, the function has always been there, so it is okay to use // even on w2k // __drv_sameIRQL __drv_maxIRQL(PASSIVE_LEVEL) NTSTATUS NTAPI LsaLogonUser ( __in HANDLE LsaHandle, __in PLSA_STRING OriginName, __in SECURITY_LOGON_TYPE LogonType, __in ULONG AuthenticationPackage, __in_bcount(AuthenticationInformationLength) PVOID AuthenticationInformation, __in ULONG AuthenticationInformationLength, __in_opt PTOKEN_GROUPS LocalGroups, __in PTOKEN_SOURCE SourceContext, __out PVOID *ProfileBuffer, __out PULONG ProfileBufferLength, __out PLUID LogonId, __out PHANDLE Token, __out PQUOTA_LIMITS Quotas, __out PNTSTATUS SubStatus ); // end_ntifs __drv_sameIRQL __drv_maxIRQL(PASSIVE_LEVEL) NTSTATUS NTAPI LsaLookupAuthenticationPackage ( __in HANDLE LsaHandle, __in PLSA_STRING PackageName, __out PULONG AuthenticationPackage ); // begin_ntifs __drv_sameIRQL NTSTATUS NTAPI LsaFreeReturnBuffer ( __in PVOID Buffer ); // end_ntifs __drv_sameIRQL __drv_maxIRQL(PASSIVE_LEVEL) NTSTATUS NTAPI LsaCallAuthenticationPackage ( __in HANDLE LsaHandle, __in ULONG AuthenticationPackage, __in_bcount(SubmitBufferLength) PVOID ProtocolSubmitBuffer, __in ULONG SubmitBufferLength, __out_opt PVOID *ProtocolReturnBuffer, __out_opt PULONG ReturnBufferLength, __out_opt PNTSTATUS ProtocolStatus ); __drv_sameIRQL __drv_maxIRQL(PASSIVE_LEVEL) NTSTATUS NTAPI LsaDeregisterLogonProcess ( __in HANDLE LsaHandle ); __drv_sameIRQL __drv_maxIRQL(PASSIVE_LEVEL) NTSTATUS NTAPI LsaConnectUntrusted ( __out PHANDLE LsaHandle ); #endif // _NTLSA_IFS_ //////////////////////////////////////////////////////////////////////////// // // // Local Security Policy Administration API datatypes and defines // // // //////////////////////////////////////////////////////////////////////////// // // Access types for the Policy object // #define POLICY_VIEW_LOCAL_INFORMATION 0x00000001L #define POLICY_VIEW_AUDIT_INFORMATION 0x00000002L #define POLICY_GET_PRIVATE_INFORMATION 0x00000004L #define POLICY_TRUST_ADMIN 0x00000008L #define POLICY_CREATE_ACCOUNT 0x00000010L #define POLICY_CREATE_SECRET 0x00000020L #define POLICY_CREATE_PRIVILEGE 0x00000040L #define POLICY_SET_DEFAULT_QUOTA_LIMITS 0x00000080L #define POLICY_SET_AUDIT_REQUIREMENTS 0x00000100L #define POLICY_AUDIT_LOG_ADMIN 0x00000200L #define POLICY_SERVER_ADMIN 0x00000400L #define POLICY_LOOKUP_NAMES 0x00000800L #define POLICY_NOTIFICATION 0x00001000L #define POLICY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\ POLICY_VIEW_LOCAL_INFORMATION |\ POLICY_VIEW_AUDIT_INFORMATION |\ POLICY_GET_PRIVATE_INFORMATION |\ POLICY_TRUST_ADMIN |\ POLICY_CREATE_ACCOUNT |\ POLICY_CREATE_SECRET |\ POLICY_CREATE_PRIVILEGE |\ POLICY_SET_DEFAULT_QUOTA_LIMITS |\ POLICY_SET_AUDIT_REQUIREMENTS |\ POLICY_AUDIT_LOG_ADMIN |\ POLICY_SERVER_ADMIN |\ POLICY_LOOKUP_NAMES) #define POLICY_READ (STANDARD_RIGHTS_READ |\ POLICY_VIEW_AUDIT_INFORMATION |\ POLICY_GET_PRIVATE_INFORMATION) #define POLICY_WRITE (STANDARD_RIGHTS_WRITE |\ POLICY_TRUST_ADMIN |\ POLICY_CREATE_ACCOUNT |\ POLICY_CREATE_SECRET |\ POLICY_CREATE_PRIVILEGE |\ POLICY_SET_DEFAULT_QUOTA_LIMITS |\ POLICY_SET_AUDIT_REQUIREMENTS |\ POLICY_AUDIT_LOG_ADMIN |\ POLICY_SERVER_ADMIN) #define POLICY_EXECUTE (STANDARD_RIGHTS_EXECUTE |\ POLICY_VIEW_LOCAL_INFORMATION |\ POLICY_LOOKUP_NAMES) // // Legacy policy object specific data types. // // The following data type is used in name to SID lookup services to describe // the domains referenced in the lookup operation. // typedef struct _LSA_TRANSLATED_SID { SID_NAME_USE Use; ULONG RelativeId; LONG DomainIndex; } LSA_TRANSLATED_SID, *PLSA_TRANSLATED_SID; // where members have the following usage: // // Use - identifies the use of the SID. If this value is SidUnknown or // SidInvalid, then the remainder of the record is not set and // should be ignored. // // RelativeId - Contains the relative ID of the translated SID. The // remainder of the SID (the prefix) is obtained using the // DomainIndex field. // // DomainIndex - Is the index of an entry in a related // LSA_REFERENCED_DOMAIN_LIST data structure describing the // domain in which the account was found. // // If there is no corresponding reference domain for an entry, then // this field will contain a negative value. // // // The following data type is used to represent the role of the LSA // server (primary or backup). // typedef enum _POLICY_LSA_SERVER_ROLE { PolicyServerRoleBackup = 2, PolicyServerRolePrimary } POLICY_LSA_SERVER_ROLE, *PPOLICY_LSA_SERVER_ROLE; #if (_WIN32_WINNT < 0x0502) // // The following data type is used to represent the state of the LSA // server (enabled or disabled). Some operations may only be performed on // an enabled LSA server. // typedef enum _POLICY_SERVER_ENABLE_STATE { PolicyServerEnabled = 2, PolicyServerDisabled } POLICY_SERVER_ENABLE_STATE, *PPOLICY_SERVER_ENABLE_STATE; #endif // // The following data type is used to specify the auditing options for // an Audit Event Type. // typedef ULONG POLICY_AUDIT_EVENT_OPTIONS, *PPOLICY_AUDIT_EVENT_OPTIONS; // where the following flags can be set: // // POLICY_AUDIT_EVENT_UNCHANGED - Leave existing auditing options // unchanged for events of this type. This flag is only used for // set operations. If this flag is set, then all other flags // are ignored. // // POLICY_AUDIT_EVENT_NONE - Cancel all auditing options for events // of this type. If this flag is set, the success/failure flags // are ignored. // // POLICY_AUDIT_EVENT_SUCCESS - When auditing is enabled, audit all // successful occurrences of events of the given type. // // POLICY_AUDIT_EVENT_FAILURE - When auditing is enabled, audit all // unsuccessful occurrences of events of the given type. // // // The following data type defines the classes of Policy Information // that may be queried/set. // typedef enum _POLICY_INFORMATION_CLASS { PolicyAuditLogInformation = 1, PolicyAuditEventsInformation, PolicyPrimaryDomainInformation, PolicyPdAccountInformation, PolicyAccountDomainInformation, PolicyLsaServerRoleInformation, PolicyReplicaSourceInformation, PolicyDefaultQuotaInformation, PolicyModificationInformation, PolicyAuditFullSetInformation, PolicyAuditFullQueryInformation, PolicyDnsDomainInformation, PolicyDnsDomainInformationInt, PolicyLocalAccountDomainInformation, PolicyLastEntry } POLICY_INFORMATION_CLASS, *PPOLICY_INFORMATION_CLASS; // // The following data type corresponds to the PolicyAuditLogInformation // information class. It is used to represent information relating to // the Audit Log. // // This structure may be used in both query and set operations. However, // when used in set operations, some fields are ignored. // typedef struct _POLICY_AUDIT_LOG_INFO { ULONG AuditLogPercentFull; ULONG MaximumLogSize; LARGE_INTEGER AuditRetentionPeriod; BOOLEAN AuditLogFullShutdownInProgress; LARGE_INTEGER TimeToShutdown; ULONG NextAuditRecordId; } POLICY_AUDIT_LOG_INFO, *PPOLICY_AUDIT_LOG_INFO; // where the members have the following usage: // // AuditLogPercentFull - Indicates the percentage of the Audit Log // currently being used. // // MaximumLogSize - Specifies the maximum size of the Audit Log in // kilobytes. // // AuditRetentionPeriod - Indicates the length of time that Audit // Records are to be retained. Audit Records are discardable // if their timestamp predates the current time minus the // retention period. // // AuditLogFullShutdownInProgress - Indicates whether or not a system // shutdown is being initiated due to the security Audit Log becoming // full. This condition will only occur if the system is configured // to shutdown when the log becomes full. // // TRUE indicates that a shutdown is in progress // FALSE indicates that a shutdown is not in progress. // // Once a shutdown has been initiated, this flag will be set to // TRUE. If an administrator is able to currect the situation // before the shutdown becomes irreversible, then this flag will // be reset to false. // // This field is ignored for set operations. // // TimeToShutdown - If the AuditLogFullShutdownInProgress flag is set, // then this field contains the time left before the shutdown // becomes irreversible. // // This field is ignored for set operations. // // // The following data type corresponds to the PolicyAuditEventsInformation // information class. It is used to represent information relating to // the audit requirements. // typedef struct _POLICY_AUDIT_EVENTS_INFO { BOOLEAN AuditingMode; PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions; ULONG MaximumAuditEventCount; } POLICY_AUDIT_EVENTS_INFO, *PPOLICY_AUDIT_EVENTS_INFO; // where the members have the following usage: // // AuditingMode - A Boolean variable specifying the Auditing Mode value. // This value is interpreted as follows: // // TRUE - Auditing is to be enabled (set operations) or is enabled // (query operations). Audit Records will be generated according // to the Event Auditing Options in effect (see the // EventAuditingOptions field. // // FALSE - Auditing is to be disabled (set operations) or is // disabled (query operations). No Audit Records will be // generated. Note that for set operations the Event Auditing // Options in effect will still be updated as specified by the // EventAuditingOptions field whether Auditing is enabled or // disabled. // // EventAuditingOptions - Pointer to an array of Auditing Options // indexed by Audit Event Type. // // MaximumAuditEventCount - Specifiesa count of the number of Audit // Event Types specified by the EventAuditingOptions parameter. If // this count is less than the number of Audit Event Types supported // by the system, the Auditing Options for Event Types with IDs // higher than (MaximumAuditEventCount + 1) are left unchanged. // // // The following data type is used to represent information relating to // the audit requirements. // typedef struct _POLICY_AUDIT_SUBCATEGORIES_INFO { ULONG MaximumSubCategoryCount; PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions; } POLICY_AUDIT_SUBCATEGORIES_INFO, *PPOLICY_AUDIT_SUBCATEGORIES_INFO; typedef struct _POLICY_AUDIT_CATEGORIES_INFO { ULONG MaximumCategoryCount; PPOLICY_AUDIT_SUBCATEGORIES_INFO SubCategoriesInfo; } POLICY_AUDIT_CATEGORIES_INFO, *PPOLICY_AUDIT_CATEGORIES_INFO; // // Valid bits for Per user policy mask. // #define PER_USER_POLICY_UNCHANGED (0x00) #define PER_USER_AUDIT_SUCCESS_INCLUDE (0x01) #define PER_USER_AUDIT_SUCCESS_EXCLUDE (0x02) #define PER_USER_AUDIT_FAILURE_INCLUDE (0x04) #define PER_USER_AUDIT_FAILURE_EXCLUDE (0x08) #define PER_USER_AUDIT_NONE (0x10) #define VALID_PER_USER_AUDIT_POLICY_FLAG (PER_USER_AUDIT_SUCCESS_INCLUDE | \ PER_USER_AUDIT_SUCCESS_EXCLUDE | \ PER_USER_AUDIT_FAILURE_INCLUDE | \ PER_USER_AUDIT_FAILURE_EXCLUDE | \ PER_USER_AUDIT_NONE) // // The following structure corresponds to the PolicyPrimaryDomainInformation // information class. // typedef struct _POLICY_PRIMARY_DOMAIN_INFO { LSA_UNICODE_STRING Name; PSID Sid; } POLICY_PRIMARY_DOMAIN_INFO, *PPOLICY_PRIMARY_DOMAIN_INFO; // where the members have the following usage: // // Name - Is the name of the domain // // Sid - Is the Sid of the domain // // // The following structure corresponds to the PolicyPdAccountInformation // information class. This structure may be used in Query operations // only. // typedef struct _POLICY_PD_ACCOUNT_INFO { LSA_UNICODE_STRING Name; } POLICY_PD_ACCOUNT_INFO, *PPOLICY_PD_ACCOUNT_INFO; // where the members have the following usage: // // Name - Is the name of an account in the domain that should be used // for authentication and name/ID lookup requests. // // // The following structure corresponds to the PolicyLsaServerRoleInformation // information class. // typedef struct _POLICY_LSA_SERVER_ROLE_INFO { POLICY_LSA_SERVER_ROLE LsaServerRole; } POLICY_LSA_SERVER_ROLE_INFO, *PPOLICY_LSA_SERVER_ROLE_INFO; // where the fields have the following usage: // // TBS // // // The following structure corresponds to the PolicyReplicaSourceInformation // information class. // typedef struct _POLICY_REPLICA_SOURCE_INFO { LSA_UNICODE_STRING ReplicaSource; LSA_UNICODE_STRING ReplicaAccountName; } POLICY_REPLICA_SOURCE_INFO, *PPOLICY_REPLICA_SOURCE_INFO; // // The following structure corresponds to the PolicyDefaultQuotaInformation // information class. // typedef struct _POLICY_DEFAULT_QUOTA_INFO { QUOTA_LIMITS QuotaLimits; } POLICY_DEFAULT_QUOTA_INFO, *PPOLICY_DEFAULT_QUOTA_INFO; // // The following structure corresponds to the PolicyModificationInformation // information class. // typedef struct _POLICY_MODIFICATION_INFO { LARGE_INTEGER ModifiedId; LARGE_INTEGER DatabaseCreationTime; } POLICY_MODIFICATION_INFO, *PPOLICY_MODIFICATION_INFO; // where the members have the following usage: // // ModifiedId - Is a 64-bit unsigned integer that is incremented each // time anything in the LSA database is modified. This value is // only modified on Primary Domain Controllers. // // DatabaseCreationTime - Is the date/time that the LSA Database was // created. On Backup Domain Controllers, this value is replicated // from the Primary Domain Controller. // // // The following structure type corresponds to the PolicyAuditFullSetInformation // Information Class. // typedef struct _POLICY_AUDIT_FULL_SET_INFO { BOOLEAN ShutDownOnFull; } POLICY_AUDIT_FULL_SET_INFO, *PPOLICY_AUDIT_FULL_SET_INFO; // // The following structure type corresponds to the PolicyAuditFullQueryInformation // Information Class. // typedef struct _POLICY_AUDIT_FULL_QUERY_INFO { BOOLEAN ShutDownOnFull; BOOLEAN LogIsFull; } POLICY_AUDIT_FULL_QUERY_INFO, *PPOLICY_AUDIT_FULL_QUERY_INFO; // // The following data type defines the classes of Policy Information // that may be queried/set that has domain wide effect. // typedef enum _POLICY_DOMAIN_INFORMATION_CLASS { #if (_WIN32_WINNT <= 0x0500) PolicyDomainQualityOfServiceInformation = 1, #endif PolicyDomainEfsInformation = 2, PolicyDomainKerberosTicketInformation } POLICY_DOMAIN_INFORMATION_CLASS, *PPOLICY_DOMAIN_INFORMATION_CLASS; #if (_WIN32_WINNT < 0x0502) // // QualityOfService information. Corresponds to PolicyDomainQualityOfServiceInformation // #define POLICY_QOS_SCHANNEL_REQUIRED 0x00000001 #define POLICY_QOS_OUTBOUND_INTEGRITY 0x00000002 #define POLICY_QOS_OUTBOUND_CONFIDENTIALITY 0x00000004 #define POLICY_QOS_INBOUND_INTEGRITY 0x00000008 #define POLICY_QOS_INBOUND_CONFIDENTIALITY 0x00000010 #define POLICY_QOS_ALLOW_LOCAL_ROOT_CERT_STORE 0x00000020 #define POLICY_QOS_RAS_SERVER_ALLOWED 0x00000040 #define POLICY_QOS_DHCP_SERVER_ALLOWED 0x00000080 // // Bits 0x00000100 through 0xFFFFFFFF are reserved for future use. // #endif #if (_WIN32_WINNT == 0x0500) typedef struct _POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO { ULONG QualityOfService; } POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO, *PPOLICY_DOMAIN_QUALITY_OF_SERVICE_INFO; // // where the members have the following usage: // // QualityOfService - Determines what specific QOS actions a machine should take // #endif // // The following structure corresponds to the PolicyEfsInformation // information class // typedef struct _POLICY_DOMAIN_EFS_INFO { ULONG InfoLength; PUCHAR EfsBlob; } POLICY_DOMAIN_EFS_INFO, *PPOLICY_DOMAIN_EFS_INFO; // // where the members have the following usage: // // InfoLength - Length of the EFS Information blob // // EfsBlob - Efs blob data // // // The following structure corresponds to the PolicyDomainKerberosTicketInformation // information class // #define POLICY_KERBEROS_VALIDATE_CLIENT 0x00000080 typedef struct _POLICY_DOMAIN_KERBEROS_TICKET_INFO { ULONG AuthenticationOptions; LARGE_INTEGER MaxServiceTicketAge; LARGE_INTEGER MaxTicketAge; LARGE_INTEGER MaxRenewAge; LARGE_INTEGER MaxClockSkew; LARGE_INTEGER Reserved; } POLICY_DOMAIN_KERBEROS_TICKET_INFO, *PPOLICY_DOMAIN_KERBEROS_TICKET_INFO; // // where the members have the following usage // // AuthenticationOptions -- allowed ticket options (POLICY_KERBEROS_* flags ) // // MaxServiceTicketAge -- Maximum lifetime for a service ticket // // MaxTicketAge -- Maximum lifetime for the initial ticket // // MaxRenewAge -- Maximum cumulative age a renewable ticket can be with // requring authentication // // MaxClockSkew -- Maximum tolerance for synchronization of computer clocks // // Reserved -- Reserved // // The following data type defines the classes of Policy Information / Policy Domain Information // that may be used to request notification // typedef enum _POLICY_NOTIFICATION_INFORMATION_CLASS { PolicyNotifyAuditEventsInformation = 1, PolicyNotifyAccountDomainInformation, PolicyNotifyServerRoleInformation, PolicyNotifyDnsDomainInformation, PolicyNotifyDomainEfsInformation, PolicyNotifyDomainKerberosTicketInformation, PolicyNotifyMachineAccountPasswordInformation, PolicyNotifyGlobalSaclInformation, PolicyNotifyMax // must always be the last entry } POLICY_NOTIFICATION_INFORMATION_CLASS, *PPOLICY_NOTIFICATION_INFORMATION_CLASS; // // LSA RPC Context Handle (Opaque form). Note that a Context Handle is // always a pointer type unlike regular handles. // typedef PVOID LSA_HANDLE, *PLSA_HANDLE; // // Trusted Domain Object specific data types // // // This data type defines the following information classes that may be // queried or set. // typedef enum _TRUSTED_INFORMATION_CLASS { TrustedDomainNameInformation = 1, TrustedControllersInformation, TrustedPosixOffsetInformation, TrustedPasswordInformation, TrustedDomainInformationBasic, TrustedDomainInformationEx, TrustedDomainAuthInformation, TrustedDomainFullInformation, TrustedDomainAuthInformationInternal, TrustedDomainFullInformationInternal, TrustedDomainInformationEx2Internal, TrustedDomainFullInformation2Internal, TrustedDomainSupportedEncryptionTypes, } TRUSTED_INFORMATION_CLASS, *PTRUSTED_INFORMATION_CLASS; // // The following data type corresponds to the TrustedDomainNameInformation // information class. // typedef struct _TRUSTED_DOMAIN_NAME_INFO { LSA_UNICODE_STRING Name; } TRUSTED_DOMAIN_NAME_INFO, *PTRUSTED_DOMAIN_NAME_INFO; // where members have the following meaning: // // Name - The name of the Trusted Domain. // // // The following data type corresponds to the TrustedControllersInformation // information class. // typedef struct _TRUSTED_CONTROLLERS_INFO { ULONG Entries; PLSA_UNICODE_STRING Names; } TRUSTED_CONTROLLERS_INFO, *PTRUSTED_CONTROLLERS_INFO; // where members have the following meaning: // // Entries - Indicate how mamy entries there are in the Names array. // // Names - Pointer to an array of LSA_UNICODE_STRING structures containing the // names of domain controllers of the domain. This information may not // be accurate and should be used only as a hint. The order of this // list is considered significant and will be maintained. // // By convention, the first name in this list is assumed to be the // Primary Domain Controller of the domain. If the Primary Domain // Controller is not known, the first name should be set to the NULL // string. // // // The following data type corresponds to the TrustedPosixOffsetInformation // information class. // typedef struct _TRUSTED_POSIX_OFFSET_INFO { ULONG Offset; } TRUSTED_POSIX_OFFSET_INFO, *PTRUSTED_POSIX_OFFSET_INFO; // where members have the following meaning: // // Offset - Is an offset to use for the generation of Posix user and group // IDs from SIDs. The Posix ID corresponding to any particular SID is // generated by adding the RID of that SID to the Offset of the SID's // corresponding TrustedDomain object. // // // The following data type corresponds to the TrustedPasswordInformation // information class. // typedef struct _TRUSTED_PASSWORD_INFO { LSA_UNICODE_STRING Password; LSA_UNICODE_STRING OldPassword; } TRUSTED_PASSWORD_INFO, *PTRUSTED_PASSWORD_INFO; typedef LSA_TRUST_INFORMATION TRUSTED_DOMAIN_INFORMATION_BASIC; typedef PLSA_TRUST_INFORMATION PTRUSTED_DOMAIN_INFORMATION_BASIC; // // Direction of the trust // #define TRUST_DIRECTION_DISABLED 0x00000000 #define TRUST_DIRECTION_INBOUND 0x00000001 #define TRUST_DIRECTION_OUTBOUND 0x00000002 #define TRUST_DIRECTION_BIDIRECTIONAL (TRUST_DIRECTION_INBOUND | TRUST_DIRECTION_OUTBOUND) #define TRUST_TYPE_DOWNLEVEL 0x00000001 // NT4 and before #define TRUST_TYPE_UPLEVEL 0x00000002 // NT5 #define TRUST_TYPE_MIT 0x00000003 // Trust with a MIT Kerberos realm #if (_WIN32_WINNT < 0x0502) #define TRUST_TYPE_DCE 0x00000004 // Trust with a DCE realm #endif // Levels 0x5 - 0x000FFFFF reserved for future use // Provider specific trust levels are from 0x00100000 to 0xFFF00000 #define TRUST_ATTRIBUTE_NON_TRANSITIVE 0x00000001 // Disallow transitivity #define TRUST_ATTRIBUTE_UPLEVEL_ONLY 0x00000002 // Trust link only valid for uplevel client #if (_WIN32_WINNT == 0x0500) #define TRUST_ATTRIBUTE_TREE_PARENT 0x00400000 // Denotes that we are setting the trust // to our parent in the org tree... #define TRUST_ATTRIBUTE_TREE_ROOT 0x00800000 // Denotes that we are setting the trust // to another tree root in a forest... // Trust attributes 0x00000004 through 0x004FFFFF reserved for future use // Trust attributes 0x00F00000 through 0x00400000 are reserved for internal use // Trust attributes 0x01000000 through 0xFF000000 are reserved for user // defined values #define TRUST_ATTRIBUTES_VALID 0xFF02FFFF #endif #if (_WIN32_WINNT < 0x0502) #define TRUST_ATTRIBUTE_FILTER_SIDS 0x00000004 // Used to quarantine domains #else #define TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0x00000004 // Used to quarantine domains #endif #if (_WIN32_WINNT >= 0x0501) #define TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0x00000008 // This link may contain forest trust information #if (_WIN32_WINNT >= 0x0502) #define TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0x00000010 // This trust is to a domain/forest which is not part of this enterprise #define TRUST_ATTRIBUTE_WITHIN_FOREST 0x00000020 // Trust is internal to this forest #define TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0x00000040 // Trust is to be treated as external for trust boundary purposes #if (_WIN32_WINNT >= 0x0600) #define TRUST_ATTRIBUTE_TRUST_USES_RC4_ENCRYPTION 0x00000080 // MIT trust with RC4 #define TRUST_ATTRIBUTE_TRUST_USES_AES_KEYS 0x00000100 // Use AES keys to encrypte KRB TGTs #endif // Trust attributes 0x00000040 through 0x00200000 are reserved for future use #else // Trust attributes 0x00000010 through 0x00200000 are reserved for future use #endif // Trust attributes 0x00400000 through 0x00800000 were used previously (up to W2K) and should not be re-used // Trust attributes 0x01000000 through 0x80000000 are reserved for user #define TRUST_ATTRIBUTES_VALID 0xFF03FFFF #endif #define TRUST_ATTRIBUTES_USER 0xFF000000 typedef struct _TRUSTED_DOMAIN_INFORMATION_EX { LSA_UNICODE_STRING Name; LSA_UNICODE_STRING FlatName; PSID Sid; ULONG TrustDirection; ULONG TrustType; ULONG TrustAttributes; } TRUSTED_DOMAIN_INFORMATION_EX, *PTRUSTED_DOMAIN_INFORMATION_EX; typedef struct _TRUSTED_DOMAIN_INFORMATION_EX2 { LSA_UNICODE_STRING Name; LSA_UNICODE_STRING FlatName; PSID Sid; ULONG TrustDirection; ULONG TrustType; ULONG TrustAttributes; ULONG ForestTrustLength; #ifdef MIDL_PASS [size_is( ForestTrustLength )] #endif PUCHAR ForestTrustInfo; } TRUSTED_DOMAIN_INFORMATION_EX2, *PTRUSTED_DOMAIN_INFORMATION_EX2; // // Type of authentication information // #define TRUST_AUTH_TYPE_NONE 0 // Ignore this entry #define TRUST_AUTH_TYPE_NT4OWF 1 // NT4 OWF password #define TRUST_AUTH_TYPE_CLEAR 2 // Cleartext password #define TRUST_AUTH_TYPE_VERSION 3 // Cleartext password version number typedef struct _LSA_AUTH_INFORMATION { LARGE_INTEGER LastUpdateTime; ULONG AuthType; ULONG AuthInfoLength; PUCHAR AuthInfo; } LSA_AUTH_INFORMATION, *PLSA_AUTH_INFORMATION; typedef struct _TRUSTED_DOMAIN_AUTH_INFORMATION { ULONG IncomingAuthInfos; PLSA_AUTH_INFORMATION IncomingAuthenticationInformation; PLSA_AUTH_INFORMATION IncomingPreviousAuthenticationInformation; ULONG OutgoingAuthInfos; PLSA_AUTH_INFORMATION OutgoingAuthenticationInformation; PLSA_AUTH_INFORMATION OutgoingPreviousAuthenticationInformation; } TRUSTED_DOMAIN_AUTH_INFORMATION, *PTRUSTED_DOMAIN_AUTH_INFORMATION; typedef struct _TRUSTED_DOMAIN_FULL_INFORMATION { TRUSTED_DOMAIN_INFORMATION_EX Information; TRUSTED_POSIX_OFFSET_INFO PosixOffset; TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation; } TRUSTED_DOMAIN_FULL_INFORMATION, *PTRUSTED_DOMAIN_FULL_INFORMATION; typedef struct _TRUSTED_DOMAIN_FULL_INFORMATION2 { TRUSTED_DOMAIN_INFORMATION_EX2 Information; TRUSTED_POSIX_OFFSET_INFO PosixOffset; TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation; } TRUSTED_DOMAIN_FULL_INFORMATION2, *PTRUSTED_DOMAIN_FULL_INFORMATION2; typedef struct _TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES { ULONG SupportedEncryptionTypes; } TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES, *PTRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES; typedef enum { ForestTrustTopLevelName, ForestTrustTopLevelNameEx, ForestTrustDomainInfo, ForestTrustRecordTypeLast = ForestTrustDomainInfo } LSA_FOREST_TRUST_RECORD_TYPE; #if (_WIN32_WINNT < 0x0502) #define LSA_FOREST_TRUST_RECORD_TYPE_UNRECOGNIZED 0x80000000 #endif // // Bottom 16 bits of the flags are reserved for disablement reasons // #define LSA_FTRECORD_DISABLED_REASONS ( 0x0000FFFFL ) // // Reasons for a top-level name forest trust record to be disabled // #define LSA_TLN_DISABLED_NEW ( 0x00000001L ) #define LSA_TLN_DISABLED_ADMIN ( 0x00000002L ) #define LSA_TLN_DISABLED_CONFLICT ( 0x00000004L ) // // Reasons for a domain information forest trust record to be disabled // #define LSA_SID_DISABLED_ADMIN ( 0x00000001L ) #define LSA_SID_DISABLED_CONFLICT ( 0x00000002L ) #define LSA_NB_DISABLED_ADMIN ( 0x00000004L ) #define LSA_NB_DISABLED_CONFLICT ( 0x00000008L ) typedef struct _LSA_FOREST_TRUST_DOMAIN_INFO { #ifdef MIDL_PASS PISID Sid; #else PSID Sid; #endif LSA_UNICODE_STRING DnsName; LSA_UNICODE_STRING NetbiosName; } LSA_FOREST_TRUST_DOMAIN_INFO, *PLSA_FOREST_TRUST_DOMAIN_INFO; #if (_WIN32_WINNT >= 0x0502) // // To prevent huge data to be passed in, we should put a limit on LSA_FOREST_TRUST_BINARY_DATA. // 128K is large enough that can't be reached in the near future, and small enough not to // cause memory problems. #define MAX_FOREST_TRUST_BINARY_DATA_SIZE ( 128 * 1024 ) #endif typedef struct _LSA_FOREST_TRUST_BINARY_DATA { #ifdef MIDL_PASS [range(0, MAX_FOREST_TRUST_BINARY_DATA_SIZE)] ULONG Length; [size_is( Length )] PUCHAR Buffer; #else ULONG Length; PUCHAR Buffer; #endif } LSA_FOREST_TRUST_BINARY_DATA, *PLSA_FOREST_TRUST_BINARY_DATA; typedef struct _LSA_FOREST_TRUST_RECORD { ULONG Flags; LSA_FOREST_TRUST_RECORD_TYPE ForestTrustType; // type of record LARGE_INTEGER Time; #ifdef MIDL_PASS [switch_type( LSA_FOREST_TRUST_RECORD_TYPE ), switch_is( ForestTrustType )] #endif union { // actual data #ifdef MIDL_PASS [case( ForestTrustTopLevelName, ForestTrustTopLevelNameEx )] LSA_UNICODE_STRING TopLevelName; [case( ForestTrustDomainInfo )] LSA_FOREST_TRUST_DOMAIN_INFO DomainInfo; [default] LSA_FOREST_TRUST_BINARY_DATA Data; #else LSA_UNICODE_STRING TopLevelName; LSA_FOREST_TRUST_DOMAIN_INFO DomainInfo; LSA_FOREST_TRUST_BINARY_DATA Data; // used for unrecognized types #endif } ForestTrustData; } LSA_FOREST_TRUST_RECORD, *PLSA_FOREST_TRUST_RECORD; #if (_WIN32_WINNT >= 0x0502) // // To prevent forest trust blobs of large size, number of records must be // smaller than MAX_RECORDS_IN_FOREST_TRUST_INFO // #define MAX_RECORDS_IN_FOREST_TRUST_INFO 4000 #endif typedef struct _LSA_FOREST_TRUST_INFORMATION { #ifdef MIDL_PASS [range(0, MAX_RECORDS_IN_FOREST_TRUST_INFO)] ULONG RecordCount; [size_is( RecordCount )] PLSA_FOREST_TRUST_RECORD * Entries; #else ULONG RecordCount; PLSA_FOREST_TRUST_RECORD * Entries; #endif } LSA_FOREST_TRUST_INFORMATION, *PLSA_FOREST_TRUST_INFORMATION; typedef enum { CollisionTdo, CollisionXref, CollisionOther } LSA_FOREST_TRUST_COLLISION_RECORD_TYPE; typedef struct _LSA_FOREST_TRUST_COLLISION_RECORD { ULONG Index; LSA_FOREST_TRUST_COLLISION_RECORD_TYPE Type; ULONG Flags; LSA_UNICODE_STRING Name; } LSA_FOREST_TRUST_COLLISION_RECORD, *PLSA_FOREST_TRUST_COLLISION_RECORD; typedef struct _LSA_FOREST_TRUST_COLLISION_INFORMATION { ULONG RecordCount; #ifdef MIDL_PASS [size_is( RecordCount )] #endif PLSA_FOREST_TRUST_COLLISION_RECORD * Entries; } LSA_FOREST_TRUST_COLLISION_INFORMATION, *PLSA_FOREST_TRUST_COLLISION_INFORMATION; // // LSA Enumeration Context // typedef ULONG LSA_ENUMERATION_HANDLE, *PLSA_ENUMERATION_HANDLE; // // LSA Enumeration Information // typedef struct _LSA_ENUMERATION_INFORMATION { PSID Sid; } LSA_ENUMERATION_INFORMATION, *PLSA_ENUMERATION_INFORMATION; //////////////////////////////////////////////////////////////////////////// // // // Local Security Policy - Miscellaneous API function prototypes // // // //////////////////////////////////////////////////////////////////////////// NTSTATUS NTAPI LsaFreeMemory( __in_opt PVOID Buffer ); NTSTATUS NTAPI LsaClose( __in LSA_HANDLE ObjectHandle ); #if (_WIN32_WINNT >= 0x0600) typedef struct _LSA_LAST_INTER_LOGON_INFO { LARGE_INTEGER LastSuccessfulLogon; LARGE_INTEGER LastFailedLogon; ULONG FailedAttemptCountSinceLastSuccessfulLogon; } LSA_LAST_INTER_LOGON_INFO, *PLSA_LAST_INTER_LOGON_INFO; #endif #if (_WIN32_WINNT >= 0x0501) typedef struct _SECURITY_LOGON_SESSION_DATA { ULONG Size; LUID LogonId; LSA_UNICODE_STRING UserName; LSA_UNICODE_STRING LogonDomain; LSA_UNICODE_STRING AuthenticationPackage; ULONG LogonType; ULONG Session; PSID Sid; LARGE_INTEGER LogonTime; // // new for whistler: // LSA_UNICODE_STRING LogonServer; LSA_UNICODE_STRING DnsDomainName; LSA_UNICODE_STRING Upn; #if (_WIN32_WINNT >= 0x0600) // // new for LH // ULONG UserFlags; LSA_LAST_INTER_LOGON_INFO LastLogonInfo; LSA_UNICODE_STRING LogonScript; LSA_UNICODE_STRING ProfilePath; LSA_UNICODE_STRING HomeDirectory; LSA_UNICODE_STRING HomeDirectoryDrive; LARGE_INTEGER LogoffTime; LARGE_INTEGER KickOffTime; LARGE_INTEGER PasswordLastSet; LARGE_INTEGER PasswordCanChange; LARGE_INTEGER PasswordMustChange; #endif } SECURITY_LOGON_SESSION_DATA, * PSECURITY_LOGON_SESSION_DATA; NTSTATUS NTAPI LsaEnumerateLogonSessions( __out PULONG LogonSessionCount, __out PLUID * LogonSessionList ); NTSTATUS NTAPI LsaGetLogonSessionData( __in PLUID LogonId, __out PSECURITY_LOGON_SESSION_DATA * ppLogonSessionData ); #endif NTSTATUS NTAPI LsaOpenPolicy( __in_opt PLSA_UNICODE_STRING SystemName, __in PLSA_OBJECT_ATTRIBUTES ObjectAttributes, __in ACCESS_MASK DesiredAccess, __out PLSA_HANDLE PolicyHandle ); NTSTATUS NTAPI LsaQueryInformationPolicy( __in LSA_HANDLE PolicyHandle, __in POLICY_INFORMATION_CLASS InformationClass, __out PVOID *Buffer ); NTSTATUS NTAPI LsaSetInformationPolicy( __in LSA_HANDLE PolicyHandle, __in POLICY_INFORMATION_CLASS InformationClass, __in PVOID Buffer ); NTSTATUS NTAPI LsaQueryDomainInformationPolicy( __in LSA_HANDLE PolicyHandle, __in POLICY_DOMAIN_INFORMATION_CLASS InformationClass, __out PVOID *Buffer ); NTSTATUS NTAPI LsaSetDomainInformationPolicy( __in LSA_HANDLE PolicyHandle, __in POLICY_DOMAIN_INFORMATION_CLASS InformationClass, __in_opt PVOID Buffer ); NTSTATUS NTAPI LsaRegisterPolicyChangeNotification( __in POLICY_NOTIFICATION_INFORMATION_CLASS InformationClass, __in HANDLE NotificationEventHandle ); NTSTATUS NTAPI LsaUnregisterPolicyChangeNotification( __in POLICY_NOTIFICATION_INFORMATION_CLASS InformationClass, __in HANDLE NotificationEventHandle ); NTSTATUS NTAPI LsaEnumerateTrustedDomains( __in LSA_HANDLE PolicyHandle, __inout PLSA_ENUMERATION_HANDLE EnumerationContext, __out PVOID *Buffer, __in ULONG PreferedMaximumLength, __out PULONG CountReturned ); NTSTATUS NTAPI LsaLookupNames( __in LSA_HANDLE PolicyHandle, __in ULONG Count, __in PLSA_UNICODE_STRING Names, __out PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains, __out PLSA_TRANSLATED_SID *Sids ); #if (_WIN32_WINNT >= 0x0501) NTSTATUS NTAPI LsaLookupNames2( __in LSA_HANDLE PolicyHandle, __in ULONG Flags, // Reserved __in ULONG Count, __in PLSA_UNICODE_STRING Names, __out PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains, __out PLSA_TRANSLATED_SID2 *Sids ); #endif NTSTATUS NTAPI LsaLookupSids( __in LSA_HANDLE PolicyHandle, __in ULONG Count, __in PSID *Sids, __out PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains, __out PLSA_TRANSLATED_NAME *Names ); #define SE_INTERACTIVE_LOGON_NAME TEXT("SeInteractiveLogonRight") #define SE_NETWORK_LOGON_NAME TEXT("SeNetworkLogonRight") #define SE_BATCH_LOGON_NAME TEXT("SeBatchLogonRight") #define SE_SERVICE_LOGON_NAME TEXT("SeServiceLogonRight") #define SE_DENY_INTERACTIVE_LOGON_NAME TEXT("SeDenyInteractiveLogonRight") #define SE_DENY_NETWORK_LOGON_NAME TEXT("SeDenyNetworkLogonRight") #define SE_DENY_BATCH_LOGON_NAME TEXT("SeDenyBatchLogonRight") #define SE_DENY_SERVICE_LOGON_NAME TEXT("SeDenyServiceLogonRight") #if (_WIN32_WINNT >= 0x0501) #define SE_REMOTE_INTERACTIVE_LOGON_NAME TEXT("SeRemoteInteractiveLogonRight") #define SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME TEXT("SeDenyRemoteInteractiveLogonRight") #endif // // This new API returns all the accounts with a certain privilege // NTSTATUS NTAPI LsaEnumerateAccountsWithUserRight( __in LSA_HANDLE PolicyHandle, __in_opt PLSA_UNICODE_STRING UserRight, __out PVOID *Buffer, __out PULONG CountReturned ); // // These new APIs differ by taking a SID instead of requiring the caller // to open the account first and passing in an account handle // NTSTATUS NTAPI LsaEnumerateAccountRights( __in LSA_HANDLE PolicyHandle, __in PSID AccountSid, __deref_out_ecount(*CountOfRights) PLSA_UNICODE_STRING *UserRights, __out PULONG CountOfRights ); NTSTATUS NTAPI LsaAddAccountRights( __in LSA_HANDLE PolicyHandle, __in PSID AccountSid, __in_ecount(CountOfRights) PLSA_UNICODE_STRING UserRights, __in ULONG CountOfRights ); NTSTATUS NTAPI LsaRemoveAccountRights( __in LSA_HANDLE PolicyHandle, __in PSID AccountSid, __in BOOLEAN AllRights, __in_ecount_opt(CountOfRights) PLSA_UNICODE_STRING UserRights, __in ULONG CountOfRights ); /////////////////////////////////////////////////////////////////////////////// // // // Local Security Policy - Trusted Domain Object API function prototypes // // // /////////////////////////////////////////////////////////////////////////////// NTSTATUS NTAPI LsaOpenTrustedDomainByName( __in LSA_HANDLE PolicyHandle, __in PLSA_UNICODE_STRING TrustedDomainName, __in ACCESS_MASK DesiredAccess, __out PLSA_HANDLE TrustedDomainHandle ); NTSTATUS NTAPI LsaQueryTrustedDomainInfo( __in LSA_HANDLE PolicyHandle, __in PSID TrustedDomainSid, __in TRUSTED_INFORMATION_CLASS InformationClass, __out PVOID *Buffer ); NTSTATUS NTAPI LsaSetTrustedDomainInformation( __in LSA_HANDLE PolicyHandle, __in PSID TrustedDomainSid, __in TRUSTED_INFORMATION_CLASS InformationClass, __in PVOID Buffer ); NTSTATUS NTAPI LsaDeleteTrustedDomain( __in LSA_HANDLE PolicyHandle, __in PSID TrustedDomainSid ); NTSTATUS NTAPI LsaQueryTrustedDomainInfoByName( __in LSA_HANDLE PolicyHandle, __in PLSA_UNICODE_STRING TrustedDomainName, __in TRUSTED_INFORMATION_CLASS InformationClass, __out PVOID *Buffer ); NTSTATUS NTAPI LsaSetTrustedDomainInfoByName( __in LSA_HANDLE PolicyHandle, __in PLSA_UNICODE_STRING TrustedDomainName, __in TRUSTED_INFORMATION_CLASS InformationClass, __in PVOID Buffer ); NTSTATUS NTAPI LsaEnumerateTrustedDomainsEx( __in LSA_HANDLE PolicyHandle, __inout PLSA_ENUMERATION_HANDLE EnumerationContext, __out PVOID *Buffer, __in ULONG PreferedMaximumLength, __out PULONG CountReturned ); NTSTATUS NTAPI LsaCreateTrustedDomainEx( __in LSA_HANDLE PolicyHandle, __in PTRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation, __in PTRUSTED_DOMAIN_AUTH_INFORMATION AuthenticationInformation, __in ACCESS_MASK DesiredAccess, __out PLSA_HANDLE TrustedDomainHandle ); #if (_WIN32_WINNT >= 0x0501) NTSTATUS NTAPI LsaQueryForestTrustInformation( __in LSA_HANDLE PolicyHandle, __in PLSA_UNICODE_STRING TrustedDomainName, __out PLSA_FOREST_TRUST_INFORMATION * ForestTrustInfo ); NTSTATUS NTAPI LsaSetForestTrustInformation( __in LSA_HANDLE PolicyHandle, __in PLSA_UNICODE_STRING TrustedDomainName, __in PLSA_FOREST_TRUST_INFORMATION ForestTrustInfo, __in BOOLEAN CheckOnly, __out PLSA_FOREST_TRUST_COLLISION_INFORMATION * CollisionInfo ); // #define TESTING_MATCHING_ROUTINE #ifdef TESTING_MATCHING_ROUTINE NTSTATUS NTAPI LsaForestTrustFindMatch( __in LSA_HANDLE PolicyHandle, __in ULONG Type, __in PLSA_UNICODE_STRING Name, __out PLSA_UNICODE_STRING * Match ); #endif #endif // // This API sets the workstation password (equivalent of setting/getting // the SSI_SECRET_NAME secret) // NTSTATUS NTAPI LsaStorePrivateData( __in LSA_HANDLE PolicyHandle, __in PLSA_UNICODE_STRING KeyName, __in_opt PLSA_UNICODE_STRING PrivateData ); NTSTATUS NTAPI LsaRetrievePrivateData( __in LSA_HANDLE PolicyHandle, __in PLSA_UNICODE_STRING KeyName, __out PLSA_UNICODE_STRING * PrivateData ); ULONG NTAPI LsaNtStatusToWinError( __in NTSTATUS Status ); // // Define a symbol so we can tell if ntifs.h has been included. // // begin_ntifs #ifndef _NTLSA_IFS_ #define _NTLSA_IFS_ #endif // end_ntifs // // SPNEGO package stuff // enum NEGOTIATE_MESSAGES { NegEnumPackagePrefixes = 0, NegGetCallerName = 1, NegCallPackageMax }; #define NEGOTIATE_MAX_PREFIX 32 typedef struct _NEGOTIATE_PACKAGE_PREFIX { ULONG_PTR PackageId; PVOID PackageDataA; PVOID PackageDataW; ULONG_PTR PrefixLen; UCHAR Prefix[ NEGOTIATE_MAX_PREFIX ]; } NEGOTIATE_PACKAGE_PREFIX, * PNEGOTIATE_PACKAGE_PREFIX; typedef struct _NEGOTIATE_PACKAGE_PREFIXES { ULONG MessageType; ULONG PrefixCount; ULONG Offset; // Offset to array of _PREFIX above #if(_WIN32_WINNT >= 0x0502) ULONG Pad; // Align structure for 64-bit #endif } NEGOTIATE_PACKAGE_PREFIXES, *PNEGOTIATE_PACKAGE_PREFIXES; typedef struct _NEGOTIATE_CALLER_NAME_REQUEST { ULONG MessageType; LUID LogonId; } NEGOTIATE_CALLER_NAME_REQUEST, *PNEGOTIATE_CALLER_NAME_REQUEST; typedef struct _NEGOTIATE_CALLER_NAME_RESPONSE { ULONG MessageType; PWSTR CallerName; } NEGOTIATE_CALLER_NAME_RESPONSE, * PNEGOTIATE_CALLER_NAME_RESPONSE; #ifndef _NTDEF_ typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING; typedef LSA_STRING STRING, *PSTRING ; #endif #ifndef _DOMAIN_PASSWORD_INFORMATION_DEFINED #define _DOMAIN_PASSWORD_INFORMATION_DEFINED typedef struct _DOMAIN_PASSWORD_INFORMATION { USHORT MinPasswordLength; USHORT PasswordHistoryLength; ULONG PasswordProperties; #if defined(MIDL_PASS) OLD_LARGE_INTEGER MaxPasswordAge; OLD_LARGE_INTEGER MinPasswordAge; #else LARGE_INTEGER MaxPasswordAge; LARGE_INTEGER MinPasswordAge; #endif } DOMAIN_PASSWORD_INFORMATION, *PDOMAIN_PASSWORD_INFORMATION; #endif #if (_WIN32_WINNT >= 0x0501) // // PasswordProperties flags // #define DOMAIN_PASSWORD_COMPLEX 0x00000001L #define DOMAIN_PASSWORD_NO_ANON_CHANGE 0x00000002L #define DOMAIN_PASSWORD_NO_CLEAR_CHANGE 0x00000004L #define DOMAIN_LOCKOUT_ADMINS 0x00000008L #define DOMAIN_PASSWORD_STORE_CLEARTEXT 0x00000010L #define DOMAIN_REFUSE_PASSWORD_CHANGE 0x00000020L #if(_WIN32_WINNT >= 0x0502) #define DOMAIN_NO_LM_OWF_CHANGE 0x00000040L #endif #endif #ifndef _PASSWORD_NOTIFICATION_DEFINED #define _PASSWORD_NOTIFICATION_DEFINED typedef NTSTATUS (*PSAM_PASSWORD_NOTIFICATION_ROUTINE) ( PUNICODE_STRING UserName, ULONG RelativeId, PUNICODE_STRING NewPassword ); #define SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE "PasswordChangeNotify" typedef BOOLEAN (*PSAM_INIT_NOTIFICATION_ROUTINE) ( ); #define SAM_INIT_NOTIFICATION_ROUTINE "InitializeChangeNotify" #define SAM_PASSWORD_FILTER_ROUTINE "PasswordFilter" typedef BOOLEAN (*PSAM_PASSWORD_FILTER_ROUTINE) ( __in PUNICODE_STRING AccountName, __in PUNICODE_STRING FullName, __in PUNICODE_STRING Password, __in BOOLEAN SetOperation ); #endif // _PASSWORD_NOTIFICATION_DEFINED ///////////////////////////////////////////////////////////////////////// // // // Name of the MSV1_0 authentication package // // // ///////////////////////////////////////////////////////////////////////// #define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" #define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" #define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR) // // Location of MSV authentication package data // #define MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0" #define MSV1_0_SUBAUTHENTICATION_VALUE "Auth" ///////////////////////////////////////////////////////////////////////// // // // Widely used MSV1_0 data types // // // ///////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////// // // // LOGON Related Data Structures // // // /////////////////////////////////////////////////////////////////////////////// // // When a LsaLogonUser() call is dispatched to the MsV1_0 authentication // package, the beginning of the AuthenticationInformation buffer is // cast to a MSV1_0_LOGON_SUBMIT_TYPE to determine the type of logon // being requested. Similarly, upon return, the type of profile buffer // can be determined by typecasting it to a MSV_1_0_PROFILE_BUFFER_TYPE. // // // MSV1.0 LsaLogonUser() submission message types. // typedef enum _MSV1_0_LOGON_SUBMIT_TYPE { MsV1_0InteractiveLogon = 2, MsV1_0Lm20Logon, MsV1_0NetworkLogon, MsV1_0SubAuthLogon, MsV1_0WorkstationUnlockLogon = 7, // defined in Windows Server 2008 and up MsV1_0S4ULogon = 12, MsV1_0VirtualLogon = 82 } MSV1_0_LOGON_SUBMIT_TYPE, *PMSV1_0_LOGON_SUBMIT_TYPE; // // MSV1.0 LsaLogonUser() profile buffer types. // typedef enum _MSV1_0_PROFILE_BUFFER_TYPE { MsV1_0InteractiveProfile = 2, MsV1_0Lm20LogonProfile, MsV1_0SmartCardProfile } MSV1_0_PROFILE_BUFFER_TYPE, *PMSV1_0_PROFILE_BUFFER_TYPE; // // MsV1_0InteractiveLogon // // The AuthenticationInformation buffer of an LsaLogonUser() call to // perform an interactive logon contains the following data structure: // typedef struct _MSV1_0_INTERACTIVE_LOGON { MSV1_0_LOGON_SUBMIT_TYPE MessageType; UNICODE_STRING LogonDomainName; UNICODE_STRING UserName; UNICODE_STRING Password; } MSV1_0_INTERACTIVE_LOGON, *PMSV1_0_INTERACTIVE_LOGON; // // Where: // // MessageType - Contains the type of logon being requested. This // field must be set to MsV1_0InteractiveLogon. // // UserName - Is a string representing the user's account name. The // name may be up to 255 characters long. The name is treated case // insensitive. // // Password - Is a string containing the user's cleartext password. // The password may be up to 255 characters long and contain any // UNICODE value. // // // // The ProfileBuffer returned upon a successful logon of this type // contains the following data structure: // typedef struct _MSV1_0_INTERACTIVE_PROFILE { MSV1_0_PROFILE_BUFFER_TYPE MessageType; USHORT LogonCount; USHORT BadPasswordCount; LARGE_INTEGER LogonTime; LARGE_INTEGER LogoffTime; LARGE_INTEGER KickOffTime; LARGE_INTEGER PasswordLastSet; LARGE_INTEGER PasswordCanChange; LARGE_INTEGER PasswordMustChange; UNICODE_STRING LogonScript; UNICODE_STRING HomeDirectory; UNICODE_STRING FullName; UNICODE_STRING ProfilePath; UNICODE_STRING HomeDirectoryDrive; UNICODE_STRING LogonServer; ULONG UserFlags; } MSV1_0_INTERACTIVE_PROFILE, *PMSV1_0_INTERACTIVE_PROFILE; // // where: // // MessageType - Identifies the type of profile data being returned. // Contains the type of logon being requested. This field must // be set to MsV1_0InteractiveProfile. // // LogonCount - Number of times the user is currently logged on. // // BadPasswordCount - Number of times a bad password was applied to // the account since last successful logon. // // LogonTime - Time when user last logged on. This is an absolute // format NT standard time value. // // LogoffTime - Time when user should log off. This is an absolute // format NT standard time value. // // KickOffTime - Time when system should force user logoff. This is // an absolute format NT standard time value. // // PasswordLastChanged - Time and date the password was last // changed. This is an absolute format NT standard time // value. // // PasswordCanChange - Time and date when the user can change the // password. This is an absolute format NT time value. To // prevent a password from ever changing, set this field to a // date very far into the future. // // PasswordMustChange - Time and date when the user must change the // password. If the user can never change the password, this // field is undefined. This is an absolute format NT time // value. // // LogonScript - The (relative) path to the account's logon // script. // // HomeDirectory - The home directory for the user. // // // MsV1_0Lm20Logon and MsV1_0NetworkLogon // // The AuthenticationInformation buffer of an LsaLogonUser() call to // perform an network logon contains the following data structure: // // MsV1_0NetworkLogon logon differs from MsV1_0Lm20Logon in that the // ParameterControl field exists. // #define MSV1_0_CHALLENGE_LENGTH 8 #define MSV1_0_USER_SESSION_KEY_LENGTH 16 #define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8 // // Values for ParameterControl. // #define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x02 #define MSV1_0_UPDATE_LOGON_STATISTICS 0x04 #define MSV1_0_RETURN_USER_PARAMETERS 0x08 #define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10 #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20 #define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40 // this next flag says that CaseInsensitiveChallengeResponse // (aka LmResponse) contains a client challenge in the first 8 bytes #define MSV1_0_USE_CLIENT_CHALLENGE 0x80 #define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100 #define MSV1_0_RETURN_PROFILE_PATH 0x200 #define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400 #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800 //#if (_WIN32_WINNT >= 0x0501) -- Disabled until IIS fixes their target version. #define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000 #define MSV1_0_ALLOW_FORCE_GUEST 0x00002000 //#endif #if (_WIN32_WINNT >= 0x0502) #define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0x00004000 // Start // Doesnt exist in Windows XP but does exist in Windows 2000 Security Rollup and up #define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000 #endif #define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000 // Defined in Windows Server 2003 SP1 and above #define MSV1_0_ALLOW_MSVCHAPV2 0x00010000 #if (_WIN32_WINNT >= 0x0600) //Defined in Windows Server 2008 and up #define MSV1_0_S4U2SELF 0x00020000 // no password is needed #define MSV1_0_CHECK_LOGONHOURS_FOR_S4U 0x00040000 // check logon hours for S4U logon #endif // // The high order byte is a value indicating the SubAuthentication DLL. // Zero indicates no SubAuthentication DLL. // #define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000 #define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24 #define MSV1_0_MNS_LOGON 0x01000000 // // This is the list of subauthentication dlls used in MS // #define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2 #define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132 typedef struct _MSV1_0_LM20_LOGON { MSV1_0_LOGON_SUBMIT_TYPE MessageType; UNICODE_STRING LogonDomainName; UNICODE_STRING UserName; UNICODE_STRING Workstation; UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; STRING CaseSensitiveChallengeResponse; STRING CaseInsensitiveChallengeResponse; ULONG ParameterControl; } MSV1_0_LM20_LOGON, * PMSV1_0_LM20_LOGON; // // NT 5.0 SubAuth dlls can use this struct // typedef struct _MSV1_0_SUBAUTH_LOGON{ MSV1_0_LOGON_SUBMIT_TYPE MessageType; UNICODE_STRING LogonDomainName; UNICODE_STRING UserName; UNICODE_STRING Workstation; UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; STRING AuthenticationInfo1; STRING AuthenticationInfo2; ULONG ParameterControl; ULONG SubAuthPackageId; } MSV1_0_SUBAUTH_LOGON, * PMSV1_0_SUBAUTH_LOGON; #if (_WIN32_WINNT >= 0x0600) // // s4u2self logon // // Defined in Windows Server 2008 and above // // request to enforce logon hours policy // #define MSV1_0_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2 typedef struct _MSV1_0_S4U_LOGON { MSV1_0_LOGON_SUBMIT_TYPE MessageType; ULONG Flags; UNICODE_STRING UserPrincipalName; // username or username@domain UNICODE_STRING DomainName; // Optional: if missing, using the local machine } MSV1_0_S4U_LOGON, *PMSV1_0_S4U_LOGON; #endif // // Values for UserFlags. // #define LOGON_GUEST 0x01 #define LOGON_NOENCRYPTION 0x02 #define LOGON_CACHED_ACCOUNT 0x04 #define LOGON_USED_LM_PASSWORD 0x08 #define LOGON_EXTRA_SIDS 0x20 #define LOGON_SUBAUTH_SESSION_KEY 0x40 #define LOGON_SERVER_TRUST_ACCOUNT 0x80 #define LOGON_NTLMV2_ENABLED 0x100 // says DC understands NTLMv2 #define LOGON_RESOURCE_GROUPS 0x200 #define LOGON_PROFILE_PATH_RETURNED 0x400 // Defined in Windows Server 2008 and above #define LOGON_NT_V2 0x800 // NT response was used for validation #define LOGON_LM_V2 0x1000 // LM response was used for validation #define LOGON_NTLM_V2 0x2000 // LM response was used to authenticate but NT response was used to derive the session key #if (_WIN32_WINNT >= 0x0600) #define LOGON_OPTIMIZED 0x4000 // this is an optimized logon #define LOGON_WINLOGON 0x8000 // the logon session was created for winlogon #define LOGON_PKINIT 0x10000 // Kerberos PKINIT extension was used to authenticate the user #define LOGON_NO_OPTIMIZED 0x20000 // optimized logon has been disabled for this account #endif // // The high order byte is reserved for return by SubAuthentication DLLs. // #define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000 // Values returned by the MSV1_0_MNS_LOGON SubAuthentication DLL #define LOGON_GRACE_LOGON 0x01000000 typedef struct _MSV1_0_LM20_LOGON_PROFILE { MSV1_0_PROFILE_BUFFER_TYPE MessageType; LARGE_INTEGER KickOffTime; LARGE_INTEGER LogoffTime; ULONG UserFlags; UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]; UNICODE_STRING LogonDomainName; UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]; UNICODE_STRING LogonServer; UNICODE_STRING UserParameters; } MSV1_0_LM20_LOGON_PROFILE, * PMSV1_0_LM20_LOGON_PROFILE; // // Supplemental credentials structure used for passing credentials into // MSV1_0 from other packages // #define MSV1_0_OWF_PASSWORD_LENGTH 16 #define MSV1_0_CRED_LM_PRESENT 0x1 #define MSV1_0_CRED_NT_PRESENT 0x2 #define MSV1_0_CRED_VERSION 0 typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL { ULONG Version; ULONG Flags; UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH]; UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH]; } MSV1_0_SUPPLEMENTAL_CREDENTIAL, *PMSV1_0_SUPPLEMENTAL_CREDENTIAL; // // NTLM3 definitions. // #define MSV1_0_NTLM3_RESPONSE_LENGTH 16 #define MSV1_0_NTLM3_OWF_LENGTH 16 // // this is the longest amount of time we'll allow challenge response // pairs to be used. Note that this also has to allow for worst case clock skew // #if (_WIN32_WINNT == 0x0500) #define MSV1_0_MAX_NTLM3_LIFE 1800 // 30 minutes (in seconds) #else #define MSV1_0_MAX_NTLM3_LIFE 129600 // 36 hours (in seconds) #endif #define MSV1_0_MAX_AVL_SIZE 64000 #if (_WIN32_WINNT >= 0x0501) // // MsvAvFlags bit values // // Exists only after Windows 2000 // #define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001 #if (_WIN32_WINNT >= 0x0600) #define MSV1_0_AV_FLAG_MIC_HANDSHAKE_MESSAGES 0x00000002 // the client supports // hand-shake messages integrity #endif #endif // this is an MSV1_0 private data structure, defining the layout of an NTLM3 response, as sent by a // client in the NtChallengeResponse field of the NETLOGON_NETWORK_INFO structure. If can be differentiated // from an old style NT response by its length. This is crude, but it needs to pass through servers and // the servers' DCs that do not understand NTLM3 but that are willing to pass longer responses. typedef struct _MSV1_0_NTLM3_RESPONSE { UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH]; // hash of OWF of password with all the following fields UCHAR RespType; // id number of response; current is 1 UCHAR HiRespType; // highest id number understood by client USHORT Flags; // reserved; must be sent as zero at this version ULONG MsgWord; // 32 bit message from client to server (for use by auth protocol) ULONGLONG TimeStamp; // time stamp when client generated response -- NT system time, quad part UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH]; ULONG AvPairsOff; // offset to start of AvPairs (to allow future expansion) UCHAR Buffer[1]; // start of buffer with AV pairs (or future stuff -- so use the offset) } MSV1_0_NTLM3_RESPONSE, *PMSV1_0_NTLM3_RESPONSE; #define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH) #if(_WIN32_WINNT >= 0x0502) #define MSV1_0_NTLM3_MIN_NT_RESPONSE_LENGTH RTL_SIZEOF_THROUGH_FIELD(MSV1_0_NTLM3_RESPONSE, AvPairsOff) #endif typedef enum { MsvAvEOL, // end of list MsvAvNbComputerName, // server's computer name -- NetBIOS MsvAvNbDomainName, // server's domain name -- NetBIOS MsvAvDnsComputerName, // server's computer name -- DNS MsvAvDnsDomainName, // server's domain name -- DNS #if (_WIN32_WINNT >= 0x0501) MsvAvDnsTreeName, // server's tree name -- DNS MsvAvFlags, // server's extended flags -- DWORD mask #if (_WIN32_WINNT >= 0x0600) MsvAvTimestamp, // contains the server's local time in FILETIME, // (64 bit 100 ns ticks since 1602 // (UTC)) in little endian byte order MsvAvRestrictions, // token restrictions MsvAvTargetName, MsvAvChannelBindings, #endif #endif } MSV1_0_AVID; typedef struct _MSV1_0_AV_PAIR { USHORT AvId; USHORT AvLen; // Data is treated as byte array following structure } MSV1_0_AV_PAIR, *PMSV1_0_AV_PAIR; /////////////////////////////////////////////////////////////////////////////// // // // CALL PACKAGE Related Data Structures // // // /////////////////////////////////////////////////////////////////////////////// // // MSV1.0 LsaCallAuthenticationPackage() submission and response // message types. // typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE { MsV1_0Lm20ChallengeRequest = 0, // Both submission and response MsV1_0Lm20GetChallengeResponse, // Both submission and response MsV1_0EnumerateUsers, // Both submission and response MsV1_0GetUserInfo, // Both submission and response MsV1_0ReLogonUsers, // Submission only MsV1_0ChangePassword, // Both submission and response MsV1_0ChangeCachedPassword, // Both submission and response MsV1_0GenericPassthrough, // Both submission and response MsV1_0CacheLogon, // Submission only, no response MsV1_0SubAuth, // Both submission and response MsV1_0DeriveCredential, // Both submission and response MsV1_0CacheLookup, // Both submission and response #if (_WIN32_WINNT >= 0x0501) MsV1_0SetProcessOption, // Submission only, no response #endif #if (_WIN32_WINNT >= 0x0600) MsV1_0ConfigLocalAliases, MsV1_0ClearCachedCredentials, #endif } MSV1_0_PROTOCOL_MESSAGE_TYPE, *PMSV1_0_PROTOCOL_MESSAGE_TYPE; typedef struct _MSV1_0_CHANGEPASSWORD_REQUEST { MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; UNICODE_STRING DomainName; UNICODE_STRING AccountName; UNICODE_STRING OldPassword; UNICODE_STRING NewPassword; BOOLEAN Impersonating; } MSV1_0_CHANGEPASSWORD_REQUEST, *PMSV1_0_CHANGEPASSWORD_REQUEST; typedef struct _MSV1_0_CHANGEPASSWORD_RESPONSE { MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; BOOLEAN PasswordInfoValid; DOMAIN_PASSWORD_INFORMATION DomainPasswordInfo; } MSV1_0_CHANGEPASSWORD_RESPONSE, *PMSV1_0_CHANGEPASSWORD_RESPONSE; #if(_WIN32_WINNT >= 0x0502) // // MsV1_0GenericPassthrough - for remoting a CallPackage to // a domain controller on the specified domain // typedef struct _MSV1_0_PASSTHROUGH_REQUEST { MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; UNICODE_STRING DomainName; UNICODE_STRING PackageName; ULONG DataLength; PUCHAR LogonData; ULONG Pad ; } MSV1_0_PASSTHROUGH_REQUEST, *PMSV1_0_PASSTHROUGH_REQUEST; typedef struct _MSV1_0_PASSTHROUGH_RESPONSE { MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; ULONG Pad; ULONG DataLength; PUCHAR ValidationData; } MSV1_0_PASSTHROUGH_RESPONSE, *PMSV1_0_PASSTHROUGH_RESPONSE; #endif // // MsV1_0SubAuthInfo submit buffer and response - for submitting a buffer to a // specified Subauthentication Package during an LsaCallAuthenticationPackage(). // If this Subauthentication is to be done locally, then package this message // in LsaCallAuthenticationPackage(). If this SubAuthentication needs to be done // on the domain controller, then call LsaCallauthenticationPackage with the // message type being MsV1_0GenericPassThrough and the LogonData in this struct // should be a PMSV1_0_SUBAUTH_REQUEST // typedef struct _MSV1_0_SUBAUTH_REQUEST{ MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; ULONG SubAuthPackageId; ULONG SubAuthInfoLength; PUCHAR SubAuthSubmitBuffer; } MSV1_0_SUBAUTH_REQUEST, *PMSV1_0_SUBAUTH_REQUEST; typedef struct _MSV1_0_SUBAUTH_RESPONSE{ MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; ULONG SubAuthInfoLength; PUCHAR SubAuthReturnBuffer; } MSV1_0_SUBAUTH_RESPONSE, *PMSV1_0_SUBAUTH_RESPONSE; #if(_WIN32_WINNT >= 0x0501) #define RtlGenRandom SystemFunction036 #endif #if(_WIN32_WINNT >= 0x0500) #define RtlEncryptMemory SystemFunction040 #define RtlDecryptMemory SystemFunction041 #endif #if(_WIN32_WINNT >= 0x0501) BOOLEAN RtlGenRandom( __out_bcount(RandomBufferLength) PVOID RandomBuffer, __in ULONG RandomBufferLength ); #endif /* * #if(_WIN32_WINNT >= 0x0500) -- Disabled until WinHTTP fixes their target version. */ // // The buffer passed into RtlEncryptMemory and RtlDecryptMemory // must be a multiple of this length. // #define RTL_ENCRYPT_MEMORY_SIZE 8 // // Allow Encrypt/Decrypt across process boundaries. // eg: encrypted buffer passed across LPC to another process which calls RtlDecryptMemory. // #define RTL_ENCRYPT_OPTION_CROSS_PROCESS 0x01 // // Allow Encrypt/Decrypt across callers with same LogonId. // eg: encrypted buffer passed across LPC to another process which calls RtlDecryptMemory whilst impersonating. // #define RTL_ENCRYPT_OPTION_SAME_LOGON 0x02 NTSTATUS RtlEncryptMemory( __inout_bcount(MemorySize) PVOID Memory, __in ULONG MemorySize, __in ULONG OptionFlags ); NTSTATUS RtlDecryptMemory( __inout_bcount(MemorySize) PVOID Memory, __in ULONG MemorySize, __in ULONG OptionFlags ); //#endif // Revision of the Kerberos Protocol. MS uses Version 5, Revision 6 #define KERBEROS_VERSION 5 #define KERBEROS_REVISION 6 // Encryption Types: // These encryption types are supported by the default MS KERBSUPP DLL // as crypto systems. Values over 127 are local values, and may be changed // without notice. #define KERB_ETYPE_NULL 0 #define KERB_ETYPE_DES_CBC_CRC 1 #define KERB_ETYPE_DES_CBC_MD4 2 #define KERB_ETYPE_DES_CBC_MD5 3 #define KERB_ETYPE_AES128_CTS_HMAC_SHA1_96 17 #define KERB_ETYPE_AES256_CTS_HMAC_SHA1_96 18 #define KERB_ETYPE_RC4_MD4 -128 // FFFFFF80 #define KERB_ETYPE_RC4_PLAIN2 -129 #define KERB_ETYPE_RC4_LM -130 #define KERB_ETYPE_RC4_SHA -131 #define KERB_ETYPE_DES_PLAIN -132 #define KERB_ETYPE_RC4_HMAC_OLD -133 // FFFFFF7B #define KERB_ETYPE_RC4_PLAIN_OLD -134 #define KERB_ETYPE_RC4_HMAC_OLD_EXP -135 #define KERB_ETYPE_RC4_PLAIN_OLD_EXP -136 #define KERB_ETYPE_RC4_PLAIN -140 #define KERB_ETYPE_RC4_PLAIN_EXP -141 // // used internally by userapi.cxx // #define KERB_ETYPE_AES128_CTS_HMAC_SHA1_96_PLAIN -148 #define KERB_ETYPE_AES256_CTS_HMAC_SHA1_96_PLAIN -149 // // Pkinit encryption types // #define KERB_ETYPE_DSA_SHA1_CMS 9 #define KERB_ETYPE_RSA_MD5_CMS 10 #define KERB_ETYPE_RSA_SHA1_CMS 11 #define KERB_ETYPE_RC2_CBC_ENV 12 #define KERB_ETYPE_RSA_ENV 13 #define KERB_ETYPE_RSA_ES_OEAP_ENV 14 #define KERB_ETYPE_DES_EDE3_CBC_ENV 15 // // Deprecated // #define KERB_ETYPE_DSA_SIGN 8 #define KERB_ETYPE_RSA_PRIV 9 #define KERB_ETYPE_RSA_PUB 10 #define KERB_ETYPE_RSA_PUB_MD5 11 #define KERB_ETYPE_RSA_PUB_SHA1 12 #define KERB_ETYPE_PKCS7_PUB 13 #if(_WIN32_WINNT >= 0x0502) // // Unsupported but defined types // #define KERB_ETYPE_DES3_CBC_MD5 5 #define KERB_ETYPE_DES3_CBC_SHA1 7 #define KERB_ETYPE_DES3_CBC_SHA1_KD 16 #endif // // In use types // #define KERB_ETYPE_DES_CBC_MD5_NT 20 #define KERB_ETYPE_RC4_HMAC_NT 23 #define KERB_ETYPE_RC4_HMAC_NT_EXP 24 // Checksum algorithms. // These algorithms are keyed internally for our use. #define KERB_CHECKSUM_NONE 0 #define KERB_CHECKSUM_CRC32 1 #define KERB_CHECKSUM_MD4 2 #define KERB_CHECKSUM_KRB_DES_MAC 4 #if (_WIN32_WINNT >= 0x0501) #define KERB_CHECKSUM_KRB_DES_MAC_K 5 #endif #define KERB_CHECKSUM_MD5 7 #define KERB_CHECKSUM_MD5_DES 8 #define KERB_CHECKSUM_SHA1_NEW 14 // defined in RFC3961 #define KERB_CHECKSUM_HMAC_SHA1_96_AES128 15 #define KERB_CHECKSUM_HMAC_SHA1_96_AES256 16 #define KERB_CHECKSUM_LM -130 #define KERB_CHECKSUM_SHA1 -131 #define KERB_CHECKSUM_REAL_CRC32 -132 #define KERB_CHECKSUM_DES_MAC -133 #define KERB_CHECKSUM_DES_MAC_MD5 -134 #define KERB_CHECKSUM_MD25 -135 #define KERB_CHECKSUM_RC4_MD5 -136 #define KERB_CHECKSUM_MD5_HMAC -137 // used by netlogon #define KERB_CHECKSUM_HMAC_MD5 -138 // used by Kerberos // // used internally by userapi.cxx // #define KERB_CHECKSUM_HMAC_SHA1_96_AES128_Ki -150 #define KERB_CHECKSUM_HMAC_SHA1_96_AES256_Ki -151 #define AUTH_REQ_ALLOW_FORWARDABLE 0x00000001 #define AUTH_REQ_ALLOW_PROXIABLE 0x00000002 #define AUTH_REQ_ALLOW_POSTDATE 0x00000004 #define AUTH_REQ_ALLOW_RENEWABLE 0x00000008 #define AUTH_REQ_ALLOW_NOADDRESS 0x00000010 #define AUTH_REQ_ALLOW_ENC_TKT_IN_SKEY 0x00000020 #define AUTH_REQ_ALLOW_VALIDATE 0x00000040 #define AUTH_REQ_VALIDATE_CLIENT 0x00000080 #define AUTH_REQ_OK_AS_DELEGATE 0x00000100 #define AUTH_REQ_PREAUTH_REQUIRED 0x00000200 #define AUTH_REQ_TRANSITIVE_TRUST 0x00000400 #if(_WIN32_WINNT >= 0x0502) #define AUTH_REQ_ALLOW_S4U_DELEGATE 0x00000800 #endif #define AUTH_REQ_PER_USER_FLAGS (AUTH_REQ_ALLOW_FORWARDABLE | \ AUTH_REQ_ALLOW_PROXIABLE | \ AUTH_REQ_ALLOW_POSTDATE | \ AUTH_REQ_ALLOW_RENEWABLE | \ AUTH_REQ_ALLOW_VALIDATE ) // // Ticket Flags: // #define KERB_TICKET_FLAGS_reserved 0x80000000 #define KERB_TICKET_FLAGS_forwardable 0x40000000 #define KERB_TICKET_FLAGS_forwarded 0x20000000 #define KERB_TICKET_FLAGS_proxiable 0x10000000 #define KERB_TICKET_FLAGS_proxy 0x08000000 #define KERB_TICKET_FLAGS_may_postdate 0x04000000 #define KERB_TICKET_FLAGS_postdated 0x02000000 #define KERB_TICKET_FLAGS_invalid 0x01000000 #define KERB_TICKET_FLAGS_renewable 0x00800000 #define KERB_TICKET_FLAGS_initial 0x00400000 #define KERB_TICKET_FLAGS_pre_authent 0x00200000 #define KERB_TICKET_FLAGS_hw_authent 0x00100000 #define KERB_TICKET_FLAGS_ok_as_delegate 0x00040000 #define KERB_TICKET_FLAGS_name_canonicalize 0x00010000 #if (_WIN32_WINNT == 0x0501) #define KERB_TICKET_FLAGS_cname_in_pa_data 0x00040000 #endif #define KERB_TICKET_FLAGS_reserved1 0x00000001 #if (_WIN32_WINNT >= 0x0501) // // Name types // #define KRB_NT_UNKNOWN 0 // Name type not known #define KRB_NT_PRINCIPAL 1 // Just the name of the principal as in DCE, or for users #define KRB_NT_PRINCIPAL_AND_ID -131 // Name of the principal and its SID. #define KRB_NT_SRV_INST 2 // Service and other unique instance (krbtgt) #define KRB_NT_SRV_INST_AND_ID -132 // SPN and SID #define KRB_NT_SRV_HST 3 // Service with host name as instance (telnet, rcommands) #define KRB_NT_SRV_XHST 4 // Service with host as remaining components #define KRB_NT_UID 5 // Unique ID #define KRB_NT_ENTERPRISE_PRINCIPAL 10 // UPN **ONLY** #define KRB_NT_ENT_PRINCIPAL_AND_ID -130 // UPN and SID // // MS extensions, negative according to the RFC // #define KRB_NT_MS_PRINCIPAL -128 // NT4 style name #define KRB_NT_MS_PRINCIPAL_AND_ID -129 // nt4 style name with sid #define KRB_NT_MS_BRANCH_ID -133 // Branch ID #define KERB_IS_MS_PRINCIPAL(_x_) (((_x_) <= KRB_NT_MS_PRINCIPAL) || ((_x_) >= KRB_NT_ENTERPRISE_PRINCIPAL)) #endif #if (_WIN32_WINNT >= 0x0600) #define KRB_NT_X500_PRINCIPAL 6 // Encoded X.500 Distingished name [RFC 2253] #endif #ifndef MICROSOFT_KERBEROS_NAME_A #define MICROSOFT_KERBEROS_NAME_A "Kerberos" #define MICROSOFT_KERBEROS_NAME_W L"Kerberos" #ifdef WIN32_CHICAGO #define MICROSOFT_KERBEROS_NAME MICROSOFT_KERBEROS_NAME_A #else #define MICROSOFT_KERBEROS_NAME MICROSOFT_KERBEROS_NAME_W #endif // WIN32_CHICAGO #endif // MICROSOFT_KERBEROS_NAME_A ///////////////////////////////////////////////////////////////////////// // // Quality of protection parameters for MakeSignature / EncryptMessage // ///////////////////////////////////////////////////////////////////////// // // This flag indicates to EncryptMessage that the message is not to actually // be encrypted, but a header/trailer are to be produced. // #define KERB_WRAP_NO_ENCRYPT 0x80000001 ///////////////////////////////////////////////////////////////////////// // // LsaLogonUser parameters // ///////////////////////////////////////////////////////////////////////// typedef enum _KERB_LOGON_SUBMIT_TYPE { KerbInteractiveLogon = 2, KerbSmartCardLogon = 6, KerbWorkstationUnlockLogon = 7, KerbSmartCardUnlockLogon = 8, KerbProxyLogon = 9, KerbTicketLogon = 10, KerbTicketUnlockLogon = 11, //#if (_WIN32_WINNT >= 0x0501) -- Disabled until IIS fixes their target version. KerbS4ULogon = 12, //#endif #if (_WIN32_WINNT >= 0x0600) KerbCertificateLogon = 13, KerbCertificateS4ULogon = 14, KerbCertificateUnlockLogon = 15, #endif } KERB_LOGON_SUBMIT_TYPE, *PKERB_LOGON_SUBMIT_TYPE; typedef struct _KERB_INTERACTIVE_LOGON { KERB_LOGON_SUBMIT_TYPE MessageType; UNICODE_STRING LogonDomainName; UNICODE_STRING UserName; UNICODE_STRING Password; } KERB_INTERACTIVE_LOGON, *PKERB_INTERACTIVE_LOGON; typedef struct _KERB_INTERACTIVE_UNLOCK_LOGON { KERB_INTERACTIVE_LOGON Logon; LUID LogonId; } KERB_INTERACTIVE_UNLOCK_LOGON, *PKERB_INTERACTIVE_UNLOCK_LOGON; typedef struct _KERB_SMART_CARD_LOGON { KERB_LOGON_SUBMIT_TYPE MessageType; UNICODE_STRING Pin; ULONG CspDataLength; PUCHAR CspData; } KERB_SMART_CARD_LOGON, *PKERB_SMART_CARD_LOGON; typedef struct _KERB_SMART_CARD_UNLOCK_LOGON { KERB_SMART_CARD_LOGON Logon; LUID LogonId; } KERB_SMART_CARD_UNLOCK_LOGON, *PKERB_SMART_CARD_UNLOCK_LOGON; #if (_WIN32_WINNT >= 0x0600) // // let the KDC detect account mapping conflicts for the same certificate. // #define KERB_CERTIFICATE_LOGON_FLAG_CHECK_DUPLICATES 0x1 typedef struct _KERB_CERTIFICATE_LOGON { KERB_LOGON_SUBMIT_TYPE MessageType; // KerbCertificateLogon UNICODE_STRING DomainName; // OPTIONAL, if supplied, used to locate the account forest UNICODE_STRING UserName; // OPTIONAL, if supplied, used to locate the account UNICODE_STRING Pin; ULONG Flags; // additional flags ULONG CspDataLength; PUCHAR CspData; // contains the smartcard CSP data } KERB_CERTIFICATE_LOGON, *PKERB_CERTIFICATE_LOGON; typedef struct _KERB_CERTIFICATE_UNLOCK_LOGON { KERB_CERTIFICATE_LOGON Logon; LUID LogonId; } KERB_CERTIFICATE_UNLOCK_LOGON, *PKERB_CERTIFICATE_UNLOCK_LOGON; // // let the KDC detect account mapping conflicts for the same certificate. // #define KERB_CERTIFICATE_S4U_LOGON_FLAG_CHECK_DUPLICATES 0x1 #define KERB_CERTIFICATE_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2 #define KERB_CERTIFICATE_S4U_LOGON_FLAG_FAIL_IF_NT_AUTH_POLICY_REQUIRED 0x4 typedef struct _KERB_CERTIFICATE_S4U_LOGON { KERB_LOGON_SUBMIT_TYPE MessageType; ULONG Flags; UNICODE_STRING UserPrincipalName; // OPTIONAL, certificate mapping hints: username or username@domain UNICODE_STRING DomainName; // used to locate the forest // OPTIONAL, certificate mapping hints: if missing, using the local machine's domain ULONG CertificateLength; // for the client certificate PUCHAR Certificate; // for the client certificate, BER encoded } KERB_CERTIFICATE_S4U_LOGON, *PKERB_CERTIFICATE_S4U_LOGON; #endif // // Structure used for a ticket-only logon // typedef struct _KERB_TICKET_LOGON { KERB_LOGON_SUBMIT_TYPE MessageType; ULONG Flags; ULONG ServiceTicketLength; ULONG TicketGrantingTicketLength; PUCHAR ServiceTicket; // REQUIRED: Service ticket "host" PUCHAR TicketGrantingTicket; // OPTIONAL: User's encdoded in a KERB_CRED message, encrypted with session key from service ticket } KERB_TICKET_LOGON, *PKERB_TICKET_LOGON; // // Flags for the ticket logon flags field // #define KERB_LOGON_FLAG_ALLOW_EXPIRED_TICKET 0x1 typedef struct _KERB_TICKET_UNLOCK_LOGON { KERB_TICKET_LOGON Logon; LUID LogonId; } KERB_TICKET_UNLOCK_LOGON, *PKERB_TICKET_UNLOCK_LOGON; //#if (_WIN32_WINNT >= 0x0501) -- Disabled until IIS fixes their target version. // // Used for S4U Client requests // // #if (_WIN32_WINNT >= 0x0600) // // request to enforce logon hours policy // #define KERB_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2 #endif typedef struct _KERB_S4U_LOGON { KERB_LOGON_SUBMIT_TYPE MessageType; ULONG Flags; UNICODE_STRING ClientUpn; // REQUIRED: UPN for client UNICODE_STRING ClientRealm; // Optional: Client Realm, if known } KERB_S4U_LOGON, *PKERB_S4U_LOGON; //#endif // // Use the same profile structure as MSV1_0 // typedef enum _KERB_PROFILE_BUFFER_TYPE { KerbInteractiveProfile = 2, KerbSmartCardProfile = 4, KerbTicketProfile = 6 } KERB_PROFILE_BUFFER_TYPE, *PKERB_PROFILE_BUFFER_TYPE; typedef struct _KERB_INTERACTIVE_PROFILE { KERB_PROFILE_BUFFER_TYPE MessageType; USHORT LogonCount; USHORT BadPasswordCount; LARGE_INTEGER LogonTime; LARGE_INTEGER LogoffTime; LARGE_INTEGER KickOffTime; LARGE_INTEGER PasswordLastSet; LARGE_INTEGER PasswordCanChange; LARGE_INTEGER PasswordMustChange; UNICODE_STRING LogonScript; UNICODE_STRING HomeDirectory; UNICODE_STRING FullName; UNICODE_STRING ProfilePath; UNICODE_STRING HomeDirectoryDrive; UNICODE_STRING LogonServer; ULONG UserFlags; } KERB_INTERACTIVE_PROFILE, *PKERB_INTERACTIVE_PROFILE; // // For smart card, we return a smart card profile, which is an interactive // profile plus a certificate // typedef struct _KERB_SMART_CARD_PROFILE { KERB_INTERACTIVE_PROFILE Profile; ULONG CertificateSize; PUCHAR CertificateData; } KERB_SMART_CARD_PROFILE, *PKERB_SMART_CARD_PROFILE; // // For a ticket logon profile, we return the session key from the ticket // typedef struct KERB_CRYPTO_KEY { LONG KeyType; ULONG Length; PUCHAR Value; } KERB_CRYPTO_KEY, *PKERB_CRYPTO_KEY; typedef struct KERB_CRYPTO_KEY32 { LONG KeyType; ULONG Length; ULONG Offset; } KERB_CRYPTO_KEY32, *PKERB_CRYPTO_KEY32; typedef struct _KERB_TICKET_PROFILE { KERB_INTERACTIVE_PROFILE Profile; KERB_CRYPTO_KEY SessionKey; } KERB_TICKET_PROFILE, *PKERB_TICKET_PROFILE; typedef enum _KERB_PROTOCOL_MESSAGE_TYPE { KerbDebugRequestMessage = 0, KerbQueryTicketCacheMessage, KerbChangeMachinePasswordMessage, KerbVerifyPacMessage, KerbRetrieveTicketMessage, KerbUpdateAddressesMessage, KerbPurgeTicketCacheMessage, KerbChangePasswordMessage, KerbRetrieveEncodedTicketMessage, KerbDecryptDataMessage, KerbAddBindingCacheEntryMessage, KerbSetPasswordMessage, KerbSetPasswordExMessage, #if (_WIN32_WINNT == 0x0500) KerbAddExtraCredentialsMessage = 17 #endif #if (_WIN32_WINNT >= 0x0501) KerbVerifyCredentialsMessage, KerbQueryTicketCacheExMessage, KerbPurgeTicketCacheExMessage, #endif #if (_WIN32_WINNT >= 0x0502) KerbRefreshSmartcardCredentialsMessage, KerbAddExtraCredentialsMessage, KerbQuerySupplementalCredentialsMessage, #endif #if (_WIN32_WINNT >= 0x0600) KerbTransferCredentialsMessage, KerbQueryTicketCacheEx2Message, KerbSubmitTicketMessage, KerbAddExtraCredentialsExMessage, #endif } KERB_PROTOCOL_MESSAGE_TYPE, *PKERB_PROTOCOL_MESSAGE_TYPE; // // Used both for retrieving tickets and for querying ticket cache // typedef struct _KERB_QUERY_TKT_CACHE_REQUEST { KERB_PROTOCOL_MESSAGE_TYPE MessageType; LUID LogonId; } KERB_QUERY_TKT_CACHE_REQUEST, *PKERB_QUERY_TKT_CACHE_REQUEST; typedef struct _KERB_TICKET_CACHE_INFO { UNICODE_STRING ServerName; UNICODE_STRING RealmName; LARGE_INTEGER StartTime; LARGE_INTEGER EndTime; LARGE_INTEGER RenewTime; LONG EncryptionType; ULONG TicketFlags; } KERB_TICKET_CACHE_INFO, *PKERB_TICKET_CACHE_INFO; #if (_WIN32_WINNT >= 0x0501) typedef struct _KERB_TICKET_CACHE_INFO_EX { UNICODE_STRING ClientName; UNICODE_STRING ClientRealm; UNICODE_STRING ServerName; UNICODE_STRING ServerRealm; LARGE_INTEGER StartTime; LARGE_INTEGER EndTime; LARGE_INTEGER RenewTime; LONG EncryptionType; ULONG TicketFlags; } KERB_TICKET_CACHE_INFO_EX, *PKERB_TICKET_CACHE_INFO_EX; #endif typedef struct _KERB_TICKET_CACHE_INFO_EX2 { UNICODE_STRING ClientName; UNICODE_STRING ClientRealm; UNICODE_STRING ServerName; UNICODE_STRING ServerRealm; LARGE_INTEGER StartTime; LARGE_INTEGER EndTime; LARGE_INTEGER RenewTime; LONG EncryptionType; ULONG TicketFlags; // // the following are new in KERB_TICKET_CACHE_INFO_EX2 // ULONG SessionKeyType; ULONG BranchId; } KERB_TICKET_CACHE_INFO_EX2, *PKERB_TICKET_CACHE_INFO_EX2; typedef struct _KERB_QUERY_TKT_CACHE_RESPONSE { KERB_PROTOCOL_MESSAGE_TYPE MessageType; ULONG CountOfTickets; KERB_TICKET_CACHE_INFO Tickets[ANYSIZE_ARRAY]; } KERB_QUERY_TKT_CACHE_RESPONSE, *PKERB_QUERY_TKT_CACHE_RESPONSE; #if (_WIN32_WINNT >= 0x0502) typedef struct _KERB_QUERY_TKT_CACHE_EX_RESPONSE { KERB_PROTOCOL_MESSAGE_TYPE MessageType; ULONG CountOfTickets; KERB_TICKET_CACHE_INFO_EX Tickets[ANYSIZE_ARRAY]; } KERB_QUERY_TKT_CACHE_EX_RESPONSE, *PKERB_QUERY_TKT_CACHE_EX_RESPONSE; #endif typedef struct _KERB_QUERY_TKT_CACHE_EX2_RESPONSE { KERB_PROTOCOL_MESSAGE_TYPE MessageType; ULONG CountOfTickets; KERB_TICKET_CACHE_INFO_EX2 Tickets[ANYSIZE_ARRAY]; } KERB_QUERY_TKT_CACHE_EX2_RESPONSE, *PKERB_QUERY_TKT_CACHE_EX2_RESPONSE; // // Types for retrieving encoded ticket from the cache // #ifndef __SECHANDLE_DEFINED__ typedef struct _SecHandle { ULONG_PTR dwLower ; ULONG_PTR dwUpper ; } SecHandle, * PSecHandle ; #define __SECHANDLE_DEFINED__ #endif // __SECHANDLE_DEFINED__ #if (_WIN32_WINNT >= 0x0501) // Ticket Flags #define KERB_USE_DEFAULT_TICKET_FLAGS 0x0 // CacheOptions #define KERB_RETRIEVE_TICKET_DEFAULT 0x0 #endif #define KERB_RETRIEVE_TICKET_DONT_USE_CACHE 0x1 #define KERB_RETRIEVE_TICKET_USE_CACHE_ONLY 0x2 #define KERB_RETRIEVE_TICKET_USE_CREDHANDLE 0x4 #if (_WIN32_WINNT >= 0x0501) #define KERB_RETRIEVE_TICKET_AS_KERB_CRED 0x8 #define KERB_RETRIEVE_TICKET_WITH_SEC_CRED 0x10 #endif #if (_WIN32_WINNT >= 0x0600) #define KERB_RETRIEVE_TICKET_CACHE_TICKET 0x20 #endif #if (_WIN32_WINNT >= 0x0601) #define KERB_RETRIEVE_TICKET_MAX_LIFETIME 0x40 #endif #if (_WIN32_WINNT >= 0x0501) // Encryption Type options #define KERB_ETYPE_DEFAULT 0x0 // don't specify etype in tkt req. typedef struct _KERB_AUTH_DATA { ULONG Type; ULONG Length; PUCHAR Data; } KERB_AUTH_DATA, *PKERB_AUTH_DATA; typedef struct _KERB_NET_ADDRESS { ULONG Family; ULONG Length; PCHAR Address; } KERB_NET_ADDRESS, *PKERB_NET_ADDRESS; typedef struct _KERB_NET_ADDRESSES { ULONG Number; KERB_NET_ADDRESS Addresses[ANYSIZE_ARRAY]; } KERB_NET_ADDRESSES, *PKERB_NET_ADDRESSES; #endif // // Types for the information about a ticket // typedef struct _KERB_EXTERNAL_NAME { SHORT NameType; USHORT NameCount; UNICODE_STRING Names[ANYSIZE_ARRAY]; } KERB_EXTERNAL_NAME, *PKERB_EXTERNAL_NAME; typedef struct _KERB_EXTERNAL_TICKET { PKERB_EXTERNAL_NAME ServiceName; PKERB_EXTERNAL_NAME TargetName; PKERB_EXTERNAL_NAME ClientName; UNICODE_STRING DomainName; UNICODE_STRING TargetDomainName; UNICODE_STRING AltTargetDomainName; // contains ClientDomainName KERB_CRYPTO_KEY SessionKey; ULONG TicketFlags; ULONG Flags; LARGE_INTEGER KeyExpirationTime; LARGE_INTEGER StartTime; LARGE_INTEGER EndTime; LARGE_INTEGER RenewUntil; LARGE_INTEGER TimeSkew; ULONG EncodedTicketSize; PUCHAR EncodedTicket; } KERB_EXTERNAL_TICKET, *PKERB_EXTERNAL_TICKET; typedef struct _KERB_RETRIEVE_TKT_REQUEST { KERB_PROTOCOL_MESSAGE_TYPE MessageType; LUID LogonId; UNICODE_STRING TargetName; ULONG TicketFlags; ULONG CacheOptions; LONG EncryptionType; SecHandle CredentialsHandle; } KERB_RETRIEVE_TKT_REQUEST, *PKERB_RETRIEVE_TKT_REQUEST; typedef struct _KERB_RETRIEVE_TKT_RESPONSE { KERB_EXTERNAL_TICKET Ticket; } KERB_RETRIEVE_TKT_RESPONSE, *PKERB_RETRIEVE_TKT_RESPONSE; // // Used to purge entries from the ticket cache // typedef struct _KERB_PURGE_TKT_CACHE_REQUEST { KERB_PROTOCOL_MESSAGE_TYPE MessageType; LUID LogonId; UNICODE_STRING ServerName; UNICODE_STRING RealmName; } KERB_PURGE_TKT_CACHE_REQUEST, *PKERB_PURGE_TKT_CACHE_REQUEST; #if (_WIN32_WINNT >= 0x0501) // // Flags for purge requests // #define KERB_PURGE_ALL_TICKETS 1 typedef struct _KERB_PURGE_TKT_CACHE_EX_REQUEST { KERB_PROTOCOL_MESSAGE_TYPE MessageType; LUID LogonId; ULONG Flags; KERB_TICKET_CACHE_INFO_EX TicketTemplate; } KERB_PURGE_TKT_CACHE_EX_REQUEST, *PKERB_PURGE_TKT_CACHE_EX_REQUEST; #endif typedef struct _KERB_SUBMIT_TKT_REQUEST { KERB_PROTOCOL_MESSAGE_TYPE MessageType; LUID LogonId; ULONG Flags; KERB_CRYPTO_KEY32 Key; // key to decrypt KERB_CRED ULONG KerbCredSize; ULONG KerbCredOffset; } KERB_SUBMIT_TKT_REQUEST, *PKERB_SUBMIT_TKT_REQUEST; // // KerbChangePassword // // KerbChangePassword changes the password on the KDC account plus // the password cache and logon credentials if applicable. // // typedef struct _KERB_CHANGEPASSWORD_REQUEST { KERB_PROTOCOL_MESSAGE_TYPE MessageType; UNICODE_STRING DomainName; UNICODE_STRING AccountName; UNICODE_STRING OldPassword; UNICODE_STRING NewPassword; BOOLEAN Impersonating; } KERB_CHANGEPASSWORD_REQUEST, *PKERB_CHANGEPASSWORD_REQUEST; // // KerbSetPassword // // KerbSetPassword changes the password on the KDC account plus // the password cache and logon credentials if applicable. // // typedef struct _KERB_SETPASSWORD_REQUEST { KERB_PROTOCOL_MESSAGE_TYPE MessageType; LUID LogonId; SecHandle CredentialsHandle; ULONG Flags; UNICODE_STRING DomainName; UNICODE_STRING AccountName; UNICODE_STRING Password; } KERB_SETPASSWORD_REQUEST, *PKERB_SETPASSWORD_REQUEST; typedef struct _KERB_SETPASSWORD_EX_REQUEST { KERB_PROTOCOL_MESSAGE_TYPE MessageType; LUID LogonId; SecHandle CredentialsHandle; ULONG Flags; UNICODE_STRING AccountRealm; UNICODE_STRING AccountName; UNICODE_STRING Password; UNICODE_STRING ClientRealm; UNICODE_STRING ClientName; BOOLEAN Impersonating; UNICODE_STRING KdcAddress; ULONG KdcAddressType; } KERB_SETPASSWORD_EX_REQUEST, *PKERB_SETPASSWORD_EX_REQUEST; #define DS_UNKNOWN_ADDRESS_TYPE 0 // anything *but* IP #define KERB_SETPASS_USE_LOGONID 1 #define KERB_SETPASS_USE_CREDHANDLE 2 typedef struct _KERB_DECRYPT_REQUEST { KERB_PROTOCOL_MESSAGE_TYPE MessageType; LUID LogonId; ULONG Flags; LONG CryptoType; LONG KeyUsage; KERB_CRYPTO_KEY Key; // optional ULONG EncryptedDataSize; ULONG InitialVectorSize; PUCHAR InitialVector; PUCHAR EncryptedData; } KERB_DECRYPT_REQUEST, *PKERB_DECRYPT_REQUEST; // // If set, use the primary key from the current logon session of the one provided in the LogonId field. // Otherwise, use the Key in the KERB_DECRYPT_MESSAGE. #define KERB_DECRYPT_FLAG_DEFAULT_KEY 0x00000001 typedef struct _KERB_DECRYPT_RESPONSE { UCHAR DecryptedData[ANYSIZE_ARRAY]; } KERB_DECRYPT_RESPONSE, *PKERB_DECRYPT_RESPONSE; // // Request structure for adding a binding cache entry. TCB privilege // is required for this operation. // typedef struct _KERB_ADD_BINDING_CACHE_ENTRY_REQUEST { KERB_PROTOCOL_MESSAGE_TYPE MessageType; UNICODE_STRING RealmName; UNICODE_STRING KdcAddress; ULONG AddressType; //dsgetdc.h DS_NETBIOS_ADDRESS||DS_INET_ADDRESS } KERB_ADD_BINDING_CACHE_ENTRY_REQUEST, *PKERB_ADD_BINDING_CACHE_ENTRY_REQUEST; #if (_WIN32_WINNT >= 0x0502) // // Request structure for reacquiring smartcard credentials for a // given LUID. // Requires TCB. // typedef struct _KERB_REFRESH_SCCRED_REQUEST { KERB_PROTOCOL_MESSAGE_TYPE MessageType; UNICODE_STRING CredentialBlob; // optional LUID LogonId; ULONG Flags; } KERB_REFRESH_SCCRED_REQUEST, *PKERB_REFRESH_SCCRED_REQUEST; // // Flags for KERB_REFRESH_SCCRED_REQUEST // // KERB_REFRESH_SCCRED_RELEASE // Release the smartcard handle for LUID // // KERB_REFRESH_SCCRED_GETTGT // Use the certificate hash in the blob to get a TGT for the logon // session. // #define KERB_REFRESH_SCCRED_RELEASE 0x0 #define KERB_REFRESH_SCCRED_GETTGT 0x1 #endif #if (_WIN32_WINNT != 0x0501) // // Request structure for adding extra Server credentials to a given // logon session. Only applicable during AcceptSecurityContext, and // requires TCB to alter "other" creds // typedef struct _KERB_ADD_CREDENTIALS_REQUEST { KERB_PROTOCOL_MESSAGE_TYPE MessageType; UNICODE_STRING UserName; UNICODE_STRING DomainName; UNICODE_STRING Password; LUID LogonId; // optional ULONG Flags; } KERB_ADD_CREDENTIALS_REQUEST, *PKERB_ADD_CREDENTIALS_REQUEST; #define KERB_REQUEST_ADD_CREDENTIAL 1 #define KERB_REQUEST_REPLACE_CREDENTIAL 2 #define KERB_REQUEST_REMOVE_CREDENTIAL 4 #endif #if (_WIN32_WINNT >= 0x0600) typedef struct _KERB_ADD_CREDENTIALS_REQUEST_EX { KERB_ADD_CREDENTIALS_REQUEST Credentials; // // new for Ex // ULONG PrincipalNameCount; UNICODE_STRING PrincipalNames[ANYSIZE_ARRAY]; } KERB_ADD_CREDENTIALS_REQUEST_EX, *PKERB_ADD_CREDENTIALS_REQUEST_EX; #endif // // Request structure for transferring credentials between 2 luids. // Requires TCB. // typedef struct _KERB_TRANSFER_CRED_REQUEST { KERB_PROTOCOL_MESSAGE_TYPE MessageType; LUID OriginLogonId; LUID DestinationLogonId; ULONG Flags; } KERB_TRANSFER_CRED_REQUEST, *PKERB_TRANSFER_CRED_REQUEST; #define KERB_TRANSFER_CRED_WITH_TICKETS 0x1 typedef struct _POLICY_AUDIT_SID_ARRAY { ULONG UsersCount; #ifdef MIDL_PASS [size_is(UsersCount)] PAUDIT_SID_RPC* UserSidArray; #else PSID* UserSidArray; #endif } POLICY_AUDIT_SID_ARRAY, *PPOLICY_AUDIT_SID_ARRAY; typedef struct _AUDIT_POLICY_INFORMATION { GUID AuditSubCategoryGuid; ULONG AuditingInformation; GUID AuditCategoryGuid; } AUDIT_POLICY_INFORMATION, *PAUDIT_POLICY_INFORMATION; typedef const PAUDIT_POLICY_INFORMATION PCAUDIT_POLICY_INFORMATION, LPCAUDIT_POLICY_INFORMATION; #define AUDIT_SET_SYSTEM_POLICY (0x0001) #define AUDIT_QUERY_SYSTEM_POLICY (0x0002) #define AUDIT_SET_USER_POLICY (0x0004) #define AUDIT_QUERY_USER_POLICY (0x0008) #define AUDIT_ENUMERATE_USERS (0x0010) #define AUDIT_SET_MISC_POLICY (0x0020) #define AUDIT_QUERY_MISC_POLICY (0x0040) #define AUDIT_GENERIC_ALL (STANDARD_RIGHTS_REQUIRED |\ AUDIT_SET_SYSTEM_POLICY |\ AUDIT_QUERY_SYSTEM_POLICY |\ AUDIT_SET_USER_POLICY |\ AUDIT_QUERY_USER_POLICY |\ AUDIT_ENUMERATE_USERS |\ AUDIT_SET_MISC_POLICY |\ AUDIT_QUERY_MISC_POLICY) #define AUDIT_GENERIC_READ (STANDARD_RIGHTS_READ |\ AUDIT_QUERY_SYSTEM_POLICY |\ AUDIT_QUERY_USER_POLICY |\ AUDIT_ENUMERATE_USERS |\ AUDIT_QUERY_MISC_POLICY) #define AUDIT_GENERIC_WRITE (STANDARD_RIGHTS_WRITE |\ AUDIT_SET_USER_POLICY |\ AUDIT_SET_MISC_POLICY |\ AUDIT_SET_SYSTEM_POLICY) #define AUDIT_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE) BOOLEAN NTAPI AuditSetSystemPolicy( __in_ecount(dwPolicyCount) PCAUDIT_POLICY_INFORMATION pAuditPolicy, __in ULONG dwPolicyCount ); BOOLEAN NTAPI AuditSetPerUserPolicy( __in const PSID pSid, __in_ecount(dwPolicyCount) PCAUDIT_POLICY_INFORMATION pAuditPolicy, __in ULONG dwPolicyCount ); __checkReturn BOOLEAN NTAPI AuditQuerySystemPolicy( __in_ecount(dwPolicyCount) const GUID* pSubCategoryGuids, __in ULONG dwPolicyCount, __deref_out_ecount(dwPolicyCount) __drv_when(return != 0, __drv_allocatesMem(Mem)) PAUDIT_POLICY_INFORMATION* ppAuditPolicy ); __checkReturn BOOLEAN NTAPI AuditQueryPerUserPolicy( __in const PSID pSid, __in_ecount(dwPolicyCount) const GUID* pSubCategoryGuids, __in ULONG dwPolicyCount, __deref_out_ecount(dwPolicyCount) __drv_when(return != 0, __drv_allocatesMem(Mem)) PAUDIT_POLICY_INFORMATION* ppAuditPolicy ); __checkReturn BOOLEAN NTAPI AuditEnumeratePerUserPolicy( __out __drv_when(return != 0, __drv_allocatesMem(Mem)) PPOLICY_AUDIT_SID_ARRAY* ppAuditSidArray ); __checkReturn BOOLEAN NTAPI AuditComputeEffectivePolicyBySid( __in const PSID pSid, __in_ecount(dwPolicyCount) const GUID* pSubCategoryGuids, __in ULONG dwPolicyCount, __deref_out_ecount(dwPolicyCount) __drv_when(return != 0, __drv_allocatesMem(Mem)) PAUDIT_POLICY_INFORMATION* ppAuditPolicy ); __checkReturn BOOLEAN NTAPI AuditComputeEffectivePolicyByToken( __in HANDLE hTokenHandle, __in_ecount(dwPolicyCount) const GUID* pSubCategoryGuids, __in ULONG dwPolicyCount, __deref_out_ecount(dwPolicyCount) __drv_when(return != 0, __drv_allocatesMem(Mem)) PAUDIT_POLICY_INFORMATION* ppAuditPolicy ); __checkReturn BOOLEAN NTAPI AuditEnumerateCategories( __deref_out_ecount(*pdwCountReturned) __drv_when(return != 0, __drv_allocatesMem(Mem)) GUID** ppAuditCategoriesArray, __out PULONG pdwCountReturned ); __checkReturn BOOLEAN NTAPI AuditEnumerateSubCategories( __in_opt const GUID* pAuditCategoryGuid, __in BOOLEAN bRetrieveAllSubCategories, __deref_out_ecount(*pdwCountReturned) __drv_when(return != 0, __drv_allocatesMem(Mem)) GUID** ppAuditSubCategoriesArray, __out PULONG pdwCountReturned ); __checkReturn BOOLEAN NTAPI AuditLookupCategoryNameW( __in const GUID* pAuditCategoryGuid, __deref_out __drv_when(return != 0, __drv_allocatesMem(Mem)) PWSTR* ppszCategoryName ); __checkReturn BOOLEAN NTAPI AuditLookupCategoryNameA( __in const GUID* pAuditCategoryGuid, __deref_out __drv_when(return != 0, __drv_allocatesMem(Mem)) PSTR* ppszCategoryName ); #ifdef UNICODE #define AuditLookupCategoryName AuditLookupCategoryNameW #else #define AuditLookupCategoryName AuditLookupCategoryNameA #endif __checkReturn BOOLEAN NTAPI AuditLookupSubCategoryNameW( __in const GUID* pAuditSubCategoryGuid, __deref_out __drv_when(return != 0, __drv_allocatesMem(Mem)) PWSTR* ppszSubCategoryName ); __checkReturn BOOLEAN NTAPI AuditLookupSubCategoryNameA( __in const GUID* pAuditSubCategoryGuid, __deref_out __drv_when(return != 0, __drv_allocatesMem(Mem)) PSTR* ppszSubCategoryName ); #ifdef UNICODE #define AuditLookupSubCategoryName AuditLookupSubCategoryNameW #else #define AuditLookupSubCategoryName AuditLookupSubCategoryNameA #endif BOOLEAN NTAPI AuditLookupCategoryIdFromCategoryGuid( __in const GUID* pAuditCategoryGuid, __out PPOLICY_AUDIT_EVENT_TYPE pAuditCategoryId ); BOOLEAN NTAPI AuditLookupCategoryGuidFromCategoryId( __in POLICY_AUDIT_EVENT_TYPE AuditCategoryId, __out GUID* pAuditCategoryGuid ); BOOLEAN NTAPI AuditSetSecurity( __in SECURITY_INFORMATION SecurityInformation, __in PSECURITY_DESCRIPTOR pSecurityDescriptor ); __checkReturn BOOLEAN NTAPI AuditQuerySecurity( __in SECURITY_INFORMATION SecurityInformation, __deref_out __drv_when(return != 0, __drv_allocatesMem(Mem)) PSECURITY_DESCRIPTOR *ppSecurityDescriptor ); BOOLEAN NTAPI AuditSetGlobalSaclW( __in PCWSTR ObjectTypeName, __in_opt PACL Acl ); BOOLEAN NTAPI AuditSetGlobalSaclA( __in PCSTR ObjectTypeName, __in_opt PACL Acl ); #ifdef UNICODE #define AuditSetGlobalSacl AuditSetGlobalSaclW #else #define AuditSetGlobalSacl AuditSetGlobalSaclA #endif __checkReturn BOOLEAN NTAPI AuditQueryGlobalSaclW( __in PCWSTR ObjectTypeName, __out __drv_when(return != 0, __drv_allocatesMem(Mem)) PACL *Acl ); __checkReturn BOOLEAN NTAPI AuditQueryGlobalSaclA( __in PCSTR ObjectTypeName, __out __drv_when(return != 0, __drv_allocatesMem(Mem)) PACL *Acl ); #ifdef UNICODE #define AuditQueryGlobalSacl AuditQueryGlobalSaclW #else #define AuditQueryGlobalSacl AuditQueryGlobalSaclA #endif VOID NTAPI AuditFree( __in __drv_freesMem(Mem) __post __notvalid PVOID Buffer ); #if (_WIN32_WINNT >= 0x0601) // // Pku2u package name // #define PKU2U_PACKAGE_NAME_A "pku2u" #define PKU2U_PACKAGE_NAME L"pku2u" #define PKU2U_PACKAGE_NAME_W PKU2U_PACKAGE_NAME #endif // _WIN32_WINNT #if (_WIN32_WINNT >= 0x0601) // the following structure contains the ASN.1 encoded X.509 certificate typedef struct _PKU2U_CERT_BLOB { ULONG CertOffset; // each element is a byte USHORT CertLength; // } PKU2U_CERT_BLOB, *PPKU2U_CERT_BLOB; #define PKU2U_CREDUI_CONTEXT_VERSION 0x4154414454524543i64 // "CERTDATA" typedef struct _PKU2U_CREDUI_CONTEXT { ULONG64 Version; USHORT cbHeaderLength; ULONG cbStructureLength; USHORT CertArrayCount; // followed by an array of PKU2U_CERT_BLOB ULONG CertArrayOffset; // offset to the array } PKU2U_CREDUI_CONTEXT, *PPKU2U_CREDUI_CONTEXT; ///////////////////////////////////////////////////////////////////////// // // LsaLogonUser parameters // ///////////////////////////////////////////////////////////////////////// typedef enum _PKU2U_LOGON_SUBMIT_TYPE { Pku2uCertificateS4ULogon = 14, } PKU2U_LOGON_SUBMIT_TYPE, *PPKU2U_LOGON_SUBMIT_TYPE; typedef struct _PKU2U_CERTIFICATE_S4U_LOGON { PKU2U_LOGON_SUBMIT_TYPE MessageType; ULONG Flags; UNICODE_STRING UserPrincipalName; __reserved UNICODE_STRING DomainName; ULONG CertificateLength; // for the client certificate __field_bcount(CertificateLength) PUCHAR Certificate; // for the client certificate, BER encoded } PKU2U_CERTIFICATE_S4U_LOGON, *PPKU2U_CERTIFICATE_S4U_LOGON; #endif // _WIN32_WINNT #ifdef __cplusplus } #endif #endif /* _NTSECAPI_ */