diff options
Diffstat (limited to 'vendor/winapi/src/um/ntlsa.rs')
-rw-r--r-- | vendor/winapi/src/um/ntlsa.rs | 1530 |
1 files changed, 1530 insertions, 0 deletions
diff --git a/vendor/winapi/src/um/ntlsa.rs b/vendor/winapi/src/um/ntlsa.rs new file mode 100644 index 000000000..0e283b1ad --- /dev/null +++ b/vendor/winapi/src/um/ntlsa.rs @@ -0,0 +1,1530 @@ +// Licensed under the Apache License, Version 2.0 +// <LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license +// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option. +// All files in the project carrying such notice may not be copied, modified, or distributed +// except according to those terms. +use shared::basetsd::{SIZE_T, ULONG_PTR}; +use shared::guiddef::GUID; +use shared::minwindef::{PUCHAR, PULONG, UCHAR, ULONG, USHORT}; +use shared::ntdef::{NTSTATUS, PNTSTATUS}; +use um::lsalookup::{ + LSA_TRUST_INFORMATION, LSA_UNICODE_STRING, PLSA_OBJECT_ATTRIBUTES, + PLSA_REFERENCED_DOMAIN_LIST, PLSA_STRING, PLSA_TRANSLATED_NAME, PLSA_TRANSLATED_SID2, + PLSA_TRUST_INFORMATION, PLSA_UNICODE_STRING, +}; +use um::ntsecapi::PLSA_HANDLE; +use um::subauth::{PUNICODE_STRING, UNICODE_STRING}; +use um::winnt::{ + ACCESS_MASK, ANYSIZE_ARRAY, BOOLEAN, HANDLE, LARGE_INTEGER, LONG, LUID, PBOOLEAN, + PCLAIMS_BLOB, PHANDLE, PLARGE_INTEGER, PLUID, PPRIVILEGE_SET, PQUOTA_LIMITS, + PSECURITY_DESCRIPTOR, PSHORT, PSID, PTOKEN_GROUPS, PTOKEN_PRIVILEGES, PTOKEN_SOURCE, PVOID, + PWSTR, QUOTA_LIMITS, SECURITY_INFORMATION, SID_NAME_USE, STANDARD_RIGHTS_EXECUTE, + STANDARD_RIGHTS_READ, STANDARD_RIGHTS_REQUIRED, STANDARD_RIGHTS_WRITE, TOKEN_DEFAULT_DACL, + TOKEN_DEVICE_CLAIMS, TOKEN_OWNER, TOKEN_PRIMARY_GROUP, TOKEN_USER, TOKEN_USER_CLAIMS, +}; +pub type LSA_OPERATIONAL_MODE = ULONG; +pub type PLSA_OPERATIONAL_MODE = *mut LSA_OPERATIONAL_MODE; +pub const LSA_MODE_PASSWORD_PROTECTED: ULONG = 0x00000001; +pub const LSA_MODE_INDIVIDUAL_ACCOUNTS: ULONG = 0x00000002; +pub const LSA_MODE_MANDATORY_ACCESS: ULONG = 0x00000004; +pub const LSA_MODE_LOG_FULL: ULONG = 0x00000008; +pub const LSA_MAXIMUM_SID_COUNT: SIZE_T = 0x00000100; +pub const LSA_MAXIMUM_ENUMERATION_LENGTH: SIZE_T = 32000; +pub const LSA_CALL_LICENSE_SERVER: ULONG = 0x80000000; +ENUM!{enum SECURITY_LOGON_TYPE { + UndefinedLogonType = 0, + Interactive = 2, + Network, + Batch, + Service, + Proxy, + Unlock, + NetworkCleartext, + NewCredentials, + RemoteInteractive, + CachedInteractive, + CachedRemoteInteractive, + CachedUnlock, +}} +pub type PSECURITY_LOGON_TYPE = *mut SECURITY_LOGON_TYPE; +pub const SECURITY_ACCESS_INTERACTIVE_LOGON: ULONG = 0x00000001; +pub const SECURITY_ACCESS_NETWORK_LOGON: ULONG = 0x00000002; +pub const SECURITY_ACCESS_BATCH_LOGON: ULONG = 0x00000004; +pub const SECURITY_ACCESS_SERVICE_LOGON: ULONG = 0x00000010; +pub const SECURITY_ACCESS_PROXY_LOGON: ULONG = 0x00000020; +pub const SECURITY_ACCESS_DENY_INTERACTIVE_LOGON: ULONG = 0x00000040; +pub const SECURITY_ACCESS_DENY_NETWORK_LOGON: ULONG = 0x00000080; +pub const SECURITY_ACCESS_DENY_BATCH_LOGON: ULONG = 0x00000100; +pub const SECURITY_ACCESS_DENY_SERVICE_LOGON: ULONG = 0x00000200; +pub const SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON: ULONG = 0x00000400; +pub const SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON: ULONG = 0x00000800; +ENUM!{enum SE_ADT_PARAMETER_TYPE { + SeAdtParmTypeNone = 0, + SeAdtParmTypeString, + SeAdtParmTypeFileSpec, + SeAdtParmTypeUlong, + SeAdtParmTypeSid, + SeAdtParmTypeLogonId, + SeAdtParmTypeNoLogonId, + SeAdtParmTypeAccessMask, + SeAdtParmTypePrivs, + SeAdtParmTypeObjectTypes, + SeAdtParmTypeHexUlong, + SeAdtParmTypePtr, + SeAdtParmTypeTime, + SeAdtParmTypeGuid, + SeAdtParmTypeLuid, + SeAdtParmTypeHexInt64, + SeAdtParmTypeStringList, + SeAdtParmTypeSidList, + SeAdtParmTypeDuration, + SeAdtParmTypeUserAccountControl, + SeAdtParmTypeNoUac, + SeAdtParmTypeMessage, + SeAdtParmTypeDateTime, + SeAdtParmTypeSockAddr, + SeAdtParmTypeSD, + SeAdtParmTypeLogonHours, + SeAdtParmTypeLogonIdNoSid, + SeAdtParmTypeUlongNoConv, + SeAdtParmTypeSockAddrNoPort, + SeAdtParmTypeAccessReason, + SeAdtParmTypeStagingReason, + SeAdtParmTypeResourceAttribute, + SeAdtParmTypeClaims, + SeAdtParmTypeLogonIdAsSid, + SeAdtParmTypeMultiSzString, + SeAdtParmTypeLogonIdEx, +}} +pub type PSE_ADT_PARAMETER_TYPE = *mut SE_ADT_PARAMETER_TYPE; +pub const SE_ADT_OBJECT_ONLY: USHORT = 0x1; +STRUCT!{struct SE_ADT_OBJECT_TYPE { + ObjectType: GUID, + Flags: USHORT, + Level: USHORT, + AccessMask: ACCESS_MASK, +}} +pub type PSE_ADT_OBJECT_TYPE = *mut SE_ADT_OBJECT_TYPE; +STRUCT!{struct SE_ADT_PARAMETER_ARRAY_ENTRY { + Type: SE_ADT_PARAMETER_TYPE, + Length: ULONG, + Data: [ULONG_PTR; 2], + Address: PVOID, +}} +pub type PSE_ADT_PARAMETER_ARRAY_ENTRY = *mut SE_ADT_PARAMETER_ARRAY_ENTRY; +STRUCT!{struct SE_ADT_ACCESS_REASON { + AccessMask: ACCESS_MASK, + AccessReasons: [ULONG; 32], + ObjectTypeIndex: ULONG, + AccessGranted: ULONG, + SecurityDescriptor: PSECURITY_DESCRIPTOR, +}} +pub type PSE_ADT_ACCESS_REASON = *mut SE_ADT_ACCESS_REASON; +STRUCT!{struct SE_ADT_CLAIMS { + Length: ULONG, + Claims: PCLAIMS_BLOB, +}} +pub type PSE_ADT_CLAIMS = *mut SE_ADT_CLAIMS; +pub const SE_MAX_AUDIT_PARAMETERS: SIZE_T = 32; +pub const SE_MAX_GENERIC_AUDIT_PARAMETERS: SIZE_T = 28; +STRUCT!{struct SE_ADT_PARAMETER_ARRAY { + CategoryId: ULONG, + AuditId: ULONG, + ParameterCount: ULONG, + Length: ULONG, + FlatSubCategoryId: USHORT, + Type: USHORT, + Flags: ULONG, + Parameters: [SE_ADT_PARAMETER_ARRAY_ENTRY; SE_MAX_AUDIT_PARAMETERS], +}} +pub type PSE_ADT_PARAMETER_ARRAY = *mut SE_ADT_PARAMETER_ARRAY; +STRUCT!{struct SE_ADT_PARAMETER_ARRAY_EX { + CategoryId: ULONG, + AuditId: ULONG, + Version: ULONG, + ParameterCount: ULONG, + Length: ULONG, + FlatSubCategoryId: USHORT, + Type: USHORT, + Flags: ULONG, + Parameters: [SE_ADT_PARAMETER_ARRAY_ENTRY; SE_MAX_AUDIT_PARAMETERS], +}} +pub type PSE_ADT_PARAMETER_ARRAY_EX = *mut SE_ADT_PARAMETER_ARRAY_EX; +pub const SE_ADT_PARAMETERS_SELF_RELATIVE: ULONG = 0x00000001; +pub const SE_ADT_PARAMETERS_SEND_TO_LSA: ULONG = 0x00000002; +pub const SE_ADT_PARAMETER_EXTENSIBLE_AUDIT: ULONG = 0x00000004; +pub const SE_ADT_PARAMETER_GENERIC_AUDIT: ULONG = 0x00000008; +pub const SE_ADT_PARAMETER_WRITE_SYNCHRONOUS: ULONG = 0x00000010; +#[cfg(target_pointer_width = "32")] +#[inline] +pub fn LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE( + AuditParameters: SE_ADT_PARAMETER_ARRAY, +) -> SIZE_T { + 664 // FIXME: sizeof::<SE_ADT_PARAMETER_ARRAY>() + - (20 // FIXME: sizeof::<SE_ADT_PARAMETER_ARRAY_ENTRY>() + * (SE_MAX_AUDIT_PARAMETERS - AuditParameters.ParameterCount as SIZE_T)) +} +#[cfg(target_pointer_width = "64")] +#[inline] +pub fn LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE( + AuditParameters: SE_ADT_PARAMETER_ARRAY, +) -> SIZE_T { + 1048 // FIXME: sizeof::<SE_ADT_PARAMETER_ARRAY>() + - (32 // FIXME: sizeof::<SE_ADT_PARAMETER_ARRAY_ENTRY>() + * (SE_MAX_AUDIT_PARAMETERS - AuditParameters.ParameterCount as SIZE_T)) +} +STRUCT!{struct LSA_ADT_STRING_LIST_ENTRY { + Flags: ULONG, + String: UNICODE_STRING, +}} +pub type PLSA_ADT_STRING_LIST_ENTRY = *mut LSA_ADT_STRING_LIST_ENTRY; +STRUCT!{struct LSA_ADT_STRING_LIST { + cStrings: ULONG, + String: PLSA_ADT_STRING_LIST_ENTRY, +}} +pub type PLSA_ADT_STRING_LIST = *mut LSA_ADT_STRING_LIST; +STRUCT!{struct LSA_ADT_SID_LIST_ENTRY { + Flags: ULONG, + Sid: PSID, +}} +pub type PLSA_ADT_SID_LIST_ENTRY = *mut LSA_ADT_SID_LIST_ENTRY; +STRUCT!{struct LSA_ADT_SID_LIST { + cSids: ULONG, + Sid: PLSA_ADT_SID_LIST_ENTRY, +}} +pub type PLSA_ADT_SID_LIST = *mut LSA_ADT_SID_LIST; +pub const LSA_ADT_SECURITY_SOURCE_NAME: &'static str = "Microsoft-Windows-Security-Auditing"; +pub const LSA_ADT_LEGACY_SECURITY_SOURCE_NAME: &'static str = "Security"; +pub const SE_ADT_POLICY_AUDIT_EVENT_TYPE_EX_BEGIN: ULONG = 100; +ENUM!{enum POLICY_AUDIT_EVENT_TYPE_EX { + iSystem_SecurityStateChange = SE_ADT_POLICY_AUDIT_EVENT_TYPE_EX_BEGIN, + iSystem_SecuritySubsystemExtension, + iSystem_Integrity, + iSystem_IPSecDriverEvents, + iSystem_Others, + iLogon_Logon, + iLogon_Logoff, + iLogon_AccountLockout, + iLogon_IPSecMainMode, + iLogon_SpecialLogon, + iLogon_IPSecQuickMode, + iLogon_IPSecUsermode, + iLogon_Others, + iLogon_NPS, + iLogon_Claims, + iLogon_Groups, + iObjectAccess_FileSystem, + iObjectAccess_Registry, + iObjectAccess_Kernel, + iObjectAccess_Sam, + iObjectAccess_Other, + iObjectAccess_CertificationAuthority, + iObjectAccess_ApplicationGenerated, + iObjectAccess_HandleBasedAudits, + iObjectAccess_Share, + iObjectAccess_FirewallPacketDrops, + iObjectAccess_FirewallConnection, + iObjectAccess_DetailedFileShare, + iObjectAccess_RemovableStorage, + iObjectAccess_CbacStaging, + iPrivilegeUse_Sensitive, + iPrivilegeUse_NonSensitive, + iPrivilegeUse_Others, + iDetailedTracking_ProcessCreation, + iDetailedTracking_ProcessTermination, + iDetailedTracking_DpapiActivity, + iDetailedTracking_RpcCall, + iDetailedTracking_PnpActivity, + iDetailedTracking_TokenRightAdjusted, + iPolicyChange_AuditPolicy, + iPolicyChange_AuthenticationPolicy, + iPolicyChange_AuthorizationPolicy, + iPolicyChange_MpsscvRulePolicy, + iPolicyChange_WfpIPSecPolicy, + iPolicyChange_Others, + iAccountManagement_UserAccount, + iAccountManagement_ComputerAccount, + iAccountManagement_SecurityGroup, + iAccountManagement_DistributionGroup, + iAccountManagement_ApplicationGroup, + iAccountManagement_Others, + iDSAccess_DSAccess, + iDSAccess_AdAuditChanges, + iDS_Replication, + iDS_DetailedReplication, + iAccountLogon_CredentialValidation, + iAccountLogon_Kerberos, + iAccountLogon_Others, + iAccountLogon_KerbCredentialValidation, + iUnknownSubCategory = 999, +}} +pub type PPOLICY_AUDIT_EVENT_TYPE_EX = *mut POLICY_AUDIT_EVENT_TYPE_EX; +ENUM!{enum POLICY_AUDIT_EVENT_TYPE { + AuditCategorySystem = 0, + AuditCategoryLogon, + AuditCategoryObjectAccess, + AuditCategoryPrivilegeUse, + AuditCategoryDetailedTracking, + AuditCategoryPolicyChange, + AuditCategoryAccountManagement, + AuditCategoryDirectoryServiceAccess, + AuditCategoryAccountLogon, +}} +pub type PPOLICY_AUDIT_EVENT_TYPE = *mut POLICY_AUDIT_EVENT_TYPE; +pub const POLICY_AUDIT_EVENT_UNCHANGED: ULONG = 0x00000000; +pub const POLICY_AUDIT_EVENT_SUCCESS: ULONG = 0x00000001; +pub const POLICY_AUDIT_EVENT_FAILURE: ULONG = 0x00000002; +pub const POLICY_AUDIT_EVENT_NONE: ULONG = 0x00000004; +pub const POLICY_AUDIT_EVENT_MASK: ULONG = POLICY_AUDIT_EVENT_SUCCESS | POLICY_AUDIT_EVENT_FAILURE + | POLICY_AUDIT_EVENT_UNCHANGED | POLICY_AUDIT_EVENT_NONE; +#[inline] +pub fn LSA_SUCCESS(Error: NTSTATUS) -> bool { + (Error as LONG) >= 0 +} +extern "system" { + pub fn LsaRegisterLogonProcess( + LogonProcessName: PLSA_STRING, + LsaHandle: PHANDLE, + SecurityMode: PLSA_OPERATIONAL_MODE, + ) -> NTSTATUS; + pub fn LsaLogonUser( + LsaHandle: HANDLE, + OriginName: PLSA_STRING, + LogonType: SECURITY_LOGON_TYPE, + AuthenticationPackage: ULONG, + AuthenticationInformation: PVOID, + AuthenticationInformationLength: ULONG, + LocalGroups: PTOKEN_GROUPS, + SourceContext: PTOKEN_SOURCE, + ProfileBuffer: *mut PVOID, + ProfileBufferLength: PULONG, + LogonId: PLUID, + Token: PHANDLE, + Quotas: PQUOTA_LIMITS, + SubStatus: PNTSTATUS, + ) -> NTSTATUS; + pub fn LsaLookupAuthenticationPackage( + LsaHandle: HANDLE, + PackageName: PLSA_STRING, + AuthenticationPackage: PULONG, + ) -> NTSTATUS; + pub fn LsaFreeReturnBuffer( + Buffer: PVOID, + ) -> NTSTATUS; + pub fn LsaCallAuthenticationPackage( + LsaHandle: HANDLE, + AuthenticationPackage: ULONG, + ProtocolSubmitBuffer: PVOID, + SubmitBufferLength: ULONG, + ProtocolReturnBuffer: *mut PVOID, + ReturnBufferLength: PULONG, + ProtocolStatus: PNTSTATUS, + ) -> NTSTATUS; + pub fn LsaDeregisterLogonProcess( + LsaHandle: HANDLE, + ) -> NTSTATUS; + pub fn LsaConnectUntrusted( + LsaHandle: PHANDLE, + ) -> NTSTATUS; +} +extern "C" { + pub fn LsaInsertProtectedProcessAddress( + BufferAddress: PVOID, + BufferSize: ULONG, + ) -> NTSTATUS; + pub fn LsaRemoveProtectedProcessAddress( + BufferAddress: PVOID, + BufferSize: ULONG, + ) -> NTSTATUS; +} +FN!{stdcall PFN_LSA_CALL_AUTH_PKG( + LsaHandle: HANDLE, + AuthenticationPackage: ULONG, + ProtocolSubmitBuffer: PVOID, + SubmitBufferLength: ULONG, + ProtocolReturnBuffer: *mut PVOID, + ReturnBufferLength: PULONG, + ProtocolStatus: PNTSTATUS, +) -> NTSTATUS} +FN!{stdcall PFN_LSA_DEREGISTER_PROC( + LsaHandle: HANDLE, +) -> NTSTATUS} +FN!{stdcall PFN_LSA_FREE_BUFFER( + Buffer: PVOID, +) -> NTSTATUS} +FN!{stdcall PFN_LSA_LOGON_USER( + LsaHandle: HANDLE, + OriginName: PLSA_STRING, + LogonType: SECURITY_LOGON_TYPE, + AuthenticationPackage: ULONG, + AuthenticationInformation: PVOID, + AuthenticationInformationLength: ULONG, + LocalGroups: PTOKEN_GROUPS, + SourceContext: PTOKEN_SOURCE, + ProfileBuffer: *mut PVOID, + ProfileBufferLength: PULONG, + LogonId: PLUID, + Token: PHANDLE, + Quotas: PQUOTA_LIMITS, + SubStatus: PNTSTATUS, +) -> NTSTATUS} +FN!{stdcall PFN_LOOKUP_AUTH_PKG( + LsaHandle: HANDLE, + PackageName: PLSA_STRING, + AuthenticationPackage: PULONG, +) -> NTSTATUS} +FN!{stdcall PFN_LSA_REGISTER_PROC( + LogonProcessName: PLSA_STRING, + LsaHandle: PHANDLE, + SecurityMode: PLSA_OPERATIONAL_MODE, +) -> NTSTATUS} +STRUCT!{struct LSA_AUTH_CALLBACKS { + LsaCallAuthPkgFn: PFN_LSA_CALL_AUTH_PKG, + LsaDeregisterProcFn: PFN_LSA_DEREGISTER_PROC, + LsaFreeReturnBufferFn: PFN_LSA_FREE_BUFFER, + LsaLogonUserFn: PFN_LSA_LOGON_USER, + LsaLookupAuthPkgFn: PFN_LOOKUP_AUTH_PKG, + LsaRegisterProcFn: PFN_LSA_REGISTER_PROC, +}} +pub type PLSA_AUTH_CALLBACKS = *mut LSA_AUTH_CALLBACKS; +pub type PCLSA_AUTH_CALLBACKS = *const LSA_AUTH_CALLBACKS; +pub type PLSA_CLIENT_REQUEST = *mut PVOID; +ENUM!{enum LSA_TOKEN_INFORMATION_TYPE { + LsaTokenInformationNull, + LsaTokenInformationV1, + LsaTokenInformationV2, + LsaTokenInformationV3, +}} +pub type PLSA_TOKEN_INFORMATION_TYPE = *mut LSA_TOKEN_INFORMATION_TYPE; +STRUCT!{struct LSA_TOKEN_INFORMATION_NULL { + ExpirationTime: LARGE_INTEGER, + Groups: PTOKEN_GROUPS, +}} +pub type PLSA_TOKEN_INFORMATION_NULL = *mut LSA_TOKEN_INFORMATION_NULL; +STRUCT!{struct LSA_TOKEN_INFORMATION_V1 { + ExpirationTime: LARGE_INTEGER, + User: TOKEN_USER, + Groups: PTOKEN_GROUPS, + PrimaryGroup: TOKEN_PRIMARY_GROUP, + Privileges: PTOKEN_PRIVILEGES, + Owner: TOKEN_OWNER, + DefaultDacl: TOKEN_DEFAULT_DACL, +}} +pub type PLSA_TOKEN_INFORMATION_V1 = *mut LSA_TOKEN_INFORMATION_V1; +pub type LSA_TOKEN_INFORMATION_V2 = LSA_TOKEN_INFORMATION_V1; +pub type PLSA_TOKEN_INFORMATION_V2 = *mut LSA_TOKEN_INFORMATION_V2; +STRUCT!{struct LSA_TOKEN_INFORMATION_V3 { + ExpirationTime: LARGE_INTEGER, + User: TOKEN_USER, + Groups: PTOKEN_GROUPS, + PrimaryGroup: TOKEN_PRIMARY_GROUP, + Privileges: PTOKEN_PRIVILEGES, + Owner: TOKEN_OWNER, + DefaultDacl: TOKEN_DEFAULT_DACL, + UserClaims: TOKEN_USER_CLAIMS, + DeviceClaims: TOKEN_DEVICE_CLAIMS, + DeviceGroups: PTOKEN_GROUPS, +}} +pub type PLSA_TOKEN_INFORMATION_V3 = *mut LSA_TOKEN_INFORMATION_V3; +FN!{stdcall PLSA_CREATE_LOGON_SESSION( + LogonId: PLUID, +) -> NTSTATUS} +FN!{stdcall PLSA_DELETE_LOGON_SESSION( + LogonId: PLUID, +) -> NTSTATUS} +FN!{stdcall PLSA_ADD_CREDENTIAL( + LogonId: PLUID, + AuthenticationPackage: ULONG, + PrimaryKeyValue: PLSA_STRING, + Credentials: PLSA_STRING, +) -> NTSTATUS} +FN!{stdcall PLSA_GET_CREDENTIALS( + LogonId: PLUID, + AuthenticationPackage: ULONG, + QueryContext: PULONG, + RetrieveAllCredentials: BOOLEAN, + PrimaryKeyValue: PLSA_STRING, + PrimaryKeyLength: PULONG, + Credentials: PLSA_STRING, +) -> NTSTATUS} +FN!{stdcall PLSA_DELETE_CREDENTIAL( + LogonId: PLUID, + AuthenticationPackage: ULONG, + PrimaryKeyValue: PLSA_STRING, +) -> NTSTATUS} +FN!{stdcall PLSA_ALLOCATE_LSA_HEAP( + Length: ULONG, +) -> PVOID} +FN!{stdcall PLSA_FREE_LSA_HEAP( + Base: PVOID, +) -> ()} +FN!{stdcall PLSA_ALLOCATE_PRIVATE_HEAP( + Length: SIZE_T, +) -> PVOID} +FN!{stdcall PLSA_FREE_PRIVATE_HEAP( + Base: PVOID, +) -> ()} +FN!{stdcall PLSA_ALLOCATE_CLIENT_BUFFER( + ClientRequest: PLSA_CLIENT_REQUEST, + LengthRequired: ULONG, + ClientBaseAddress: *mut PVOID, +) -> NTSTATUS} +FN!{stdcall PLSA_FREE_CLIENT_BUFFER( + ClientRequest: PLSA_CLIENT_REQUEST, + ClientBaseAddress: PVOID, +) -> NTSTATUS} +FN!{stdcall PLSA_COPY_TO_CLIENT_BUFFER( + ClientRequest: PLSA_CLIENT_REQUEST, + Length: ULONG, + ClientBaseAddress: PVOID, + BufferToCopy: PVOID, +) -> NTSTATUS} +FN!{stdcall PLSA_COPY_FROM_CLIENT_BUFFER( + ClientRequest: PLSA_CLIENT_REQUEST, + Length: ULONG, + BufferToCopy: PVOID, + ClientBaseAddress: PVOID, +) -> NTSTATUS} +STRUCT!{struct LSA_DISPATCH_TABLE { + CreateLogonSession: PLSA_CREATE_LOGON_SESSION, + DeleteLogonSession: PLSA_DELETE_LOGON_SESSION, + AddCredential: PLSA_ADD_CREDENTIAL, + GetCredentials: PLSA_GET_CREDENTIALS, + DeleteCredential: PLSA_DELETE_CREDENTIAL, + AllocateLsaHeap: PLSA_ALLOCATE_LSA_HEAP, + FreeLsaHeap: PLSA_FREE_LSA_HEAP, + AllocateClientBuffer: PLSA_ALLOCATE_CLIENT_BUFFER, + FreeClientBuffer: PLSA_FREE_CLIENT_BUFFER, + CopyToClientBuffer: PLSA_COPY_TO_CLIENT_BUFFER, + CopyFromClientBuffer: PLSA_COPY_FROM_CLIENT_BUFFER, +}} +pub type PLSA_DISPATCH_TABLE = *mut LSA_DISPATCH_TABLE; +pub const LSA_AP_NAME_INITIALIZE_PACKAGE: &'static str = "LsaApInitializePackage"; +pub const LSA_AP_NAME_LOGON_USER: &'static str = "LsaApLogonUser"; +pub const LSA_AP_NAME_LOGON_USER_EX: &'static str = "LsaApLogonUserEx"; +pub const LSA_AP_NAME_CALL_PACKAGE: &'static str = "LsaApCallPackage"; +pub const LSA_AP_NAME_LOGON_TERMINATED: &'static str = "LsaApLogonTerminated"; +pub const LSA_AP_NAME_CALL_PACKAGE_UNTRUSTED: &'static str = "LsaApCallPackageUntrusted"; +pub const LSA_AP_NAME_CALL_PACKAGE_PASSTHROUGH: &'static str = "LsaApCallPackagePassthrough"; +FN!{stdcall PLSA_AP_INITIALIZE_PACKAGE( + AuthenticationPackageId: ULONG, + LsaDispatchTable: PLSA_DISPATCH_TABLE, + Database: PLSA_STRING, + Confidentiality: PLSA_STRING, + AuthenticationPackageName: *mut PLSA_STRING, +) -> NTSTATUS} +FN!{stdcall PLSA_AP_LOGON_USER( + ClientRequest: PLSA_CLIENT_REQUEST, + LogonType: SECURITY_LOGON_TYPE, + AuthenticationInformation: PVOID, + ClientAuthentication: PVOID, + AuthenticationInformationLength: ULONG, + ProfileBuffer: *mut PVOID, + ProfileBufferLength: PULONG, + LogonId: PLUID, + SubStatus: PNTSTATUS, + TokenInformationType: PLSA_TOKEN_INFORMATION_TYPE, + TokenInformation: *mut PVOID, + AccountName: *mut PLSA_UNICODE_STRING, + AuthenticatingAutority: *mut PLSA_UNICODE_STRING, +) -> NTSTATUS} +FN!{stdcall PLSA_AP_LOGON_USER_EX( + ClientRequest: PLSA_CLIENT_REQUEST, + LogonType: SECURITY_LOGON_TYPE, + AuthenticationInformation: PVOID, + ClientAuthentication: PVOID, + AuthenticationInformationLength: ULONG, + ProfileBuffer: *mut PVOID, + ProfileBufferLength: PULONG, + LogonId: PLUID, + SubStatus: PNTSTATUS, + TokenInformationType: PLSA_TOKEN_INFORMATION_TYPE, + TokenInformation: *mut PVOID, + AccountName: *mut PLSA_UNICODE_STRING, + AuthenticatingAutority: *mut PLSA_UNICODE_STRING, + MachineName: *mut PUNICODE_STRING, +) -> NTSTATUS} +FN!{stdcall PLSA_AP_CALL_PACKAGE( + ClientRequest: PLSA_CLIENT_REQUEST, + ProtocolSubmitBuffer: PVOID, + ClientBufferBase: PVOID, + SubmitBufferLength: ULONG, + ProtocolReturnBuffer: *mut PVOID, + ReturnBufferLength: PULONG, + ProtocolStatus: PNTSTATUS, +) -> NTSTATUS} +FN!{stdcall PLSA_AP_CALL_PACKAGE_PASSTHROUGH( + ClientRequest: PLSA_CLIENT_REQUEST, + ProtocolSubmitBuffer: PVOID, + ClientBufferBase: PVOID, + SubmitBufferLength: ULONG, + ProtocolReturnBuffer: *mut PVOID, + ReturnBufferLength: PULONG, + ProtocolStatus: PNTSTATUS, +) -> NTSTATUS} +FN!{stdcall PLSA_AP_LOGON_TERMINATED( + LogonId: PLUID, +) -> ()} +pub const POLICY_VIEW_LOCAL_INFORMATION: ULONG = 0x00000001; +pub const POLICY_VIEW_AUDIT_INFORMATION: ULONG = 0x00000002; +pub const POLICY_GET_PRIVATE_INFORMATION: ULONG = 0x00000004; +pub const POLICY_TRUST_ADMIN: ULONG = 0x00000008; +pub const POLICY_CREATE_ACCOUNT: ULONG = 0x00000010; +pub const POLICY_CREATE_SECRET: ULONG = 0x00000020; +pub const POLICY_CREATE_PRIVILEGE: ULONG = 0x00000040; +pub const POLICY_SET_DEFAULT_QUOTA_LIMITS: ULONG = 0x00000080; +pub const POLICY_SET_AUDIT_REQUIREMENTS: ULONG = 0x00000100; +pub const POLICY_AUDIT_LOG_ADMIN: ULONG = 0x00000200; +pub const POLICY_SERVER_ADMIN: ULONG = 0x00000400; +pub const POLICY_LOOKUP_NAMES: ULONG = 0x00000800; +pub const POLICY_NOTIFICATION: ULONG = 0x00001000; +pub const POLICY_ALL_ACCESS: ULONG = STANDARD_RIGHTS_REQUIRED | POLICY_VIEW_LOCAL_INFORMATION + | POLICY_VIEW_AUDIT_INFORMATION | POLICY_GET_PRIVATE_INFORMATION | POLICY_TRUST_ADMIN + | POLICY_CREATE_ACCOUNT | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE + | POLICY_SET_DEFAULT_QUOTA_LIMITS | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN + | POLICY_SERVER_ADMIN | POLICY_LOOKUP_NAMES; +pub const POLICY_READ: ULONG = STANDARD_RIGHTS_READ | POLICY_VIEW_AUDIT_INFORMATION + | POLICY_GET_PRIVATE_INFORMATION; +pub const POLICY_WRITE: ULONG = STANDARD_RIGHTS_WRITE | POLICY_TRUST_ADMIN | POLICY_CREATE_ACCOUNT + | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE | POLICY_SET_DEFAULT_QUOTA_LIMITS + | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN | POLICY_SERVER_ADMIN; +pub const POLICY_EXECUTE: ULONG = STANDARD_RIGHTS_EXECUTE | POLICY_VIEW_LOCAL_INFORMATION + | POLICY_LOOKUP_NAMES; +STRUCT!{struct LSA_TRANSLATED_SID { + Use: SID_NAME_USE, + RelativeId: ULONG, + DomainIndex: LONG, +}} +pub type PLSA_TRANSLATED_SID = *mut LSA_TRANSLATED_SID; +pub type POLICY_SYSTEM_ACCESS_MODE = ULONG; +pub type PPOLICY_SYSTEM_ACCESS_MODE = *mut POLICY_SYSTEM_ACCESS_MODE; +pub const POLICY_MODE_INTERACTIVE: ULONG = SECURITY_ACCESS_INTERACTIVE_LOGON; +pub const POLICY_MODE_NETWORK: ULONG = SECURITY_ACCESS_NETWORK_LOGON; +pub const POLICY_MODE_BATCH: ULONG = SECURITY_ACCESS_BATCH_LOGON; +pub const POLICY_MODE_SERVICE: ULONG = SECURITY_ACCESS_SERVICE_LOGON; +pub const POLICY_MODE_PROXY: ULONG = SECURITY_ACCESS_PROXY_LOGON; +pub const POLICY_MODE_DENY_INTERACTIVE: ULONG = SECURITY_ACCESS_DENY_INTERACTIVE_LOGON; +pub const POLICY_MODE_DENY_NETWORK: ULONG = SECURITY_ACCESS_DENY_NETWORK_LOGON; +pub const POLICY_MODE_DENY_BATCH: ULONG = SECURITY_ACCESS_DENY_BATCH_LOGON; +pub const POLICY_MODE_DENY_SERVICE: ULONG = SECURITY_ACCESS_DENY_SERVICE_LOGON; +pub const POLICY_MODE_REMOTE_INTERACTIVE: ULONG = SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON; +pub const POLICY_MODE_DENY_REMOTE_INTERACTIVE: ULONG = + SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON; +pub const POLICY_MODE_ALL: ULONG = POLICY_MODE_INTERACTIVE | POLICY_MODE_NETWORK + | POLICY_MODE_BATCH | POLICY_MODE_SERVICE | POLICY_MODE_PROXY | POLICY_MODE_DENY_INTERACTIVE + | POLICY_MODE_DENY_NETWORK | SECURITY_ACCESS_DENY_BATCH_LOGON + | SECURITY_ACCESS_DENY_SERVICE_LOGON | POLICY_MODE_REMOTE_INTERACTIVE + | POLICY_MODE_DENY_REMOTE_INTERACTIVE ; +pub const POLICY_MODE_ALL_NT4: ULONG = POLICY_MODE_INTERACTIVE | POLICY_MODE_NETWORK + | POLICY_MODE_BATCH | POLICY_MODE_SERVICE; +ENUM!{enum POLICY_LSA_SERVER_ROLE { + PolicyServerRoleBackup = 2, + PolicyServerRolePrimary, +}} +pub type PPOLICY_LSA_SERVER_ROLE = *mut POLICY_LSA_SERVER_ROLE; +ENUM!{enum POLICY_SERVER_ENABLE_STATE { + PolicyServerEnabled = 2, + PolicyServerDisabled, +}} +pub type PPOLICY_SERVER_ENABLE_STATE = *mut POLICY_SERVER_ENABLE_STATE; +pub type POLICY_AUDIT_EVENT_OPTIONS = ULONG; +pub type PPOLICY_AUDIT_EVENT_OPTIONS = *mut POLICY_AUDIT_EVENT_OPTIONS; +STRUCT!{struct POLICY_PRIVILEGE_DEFINITION { + Name: LSA_UNICODE_STRING, + LocalValue: LUID, +}} +pub type PPOLICY_PRIVILEGE_DEFINITION = *mut POLICY_PRIVILEGE_DEFINITION; +pub const LSA_LOOKUP_ISOLATED_AS_LOCAL: ULONG = 0x80000000; +pub const LSA_LOOKUP_DISALLOW_CONNECTED_ACCOUNT_INTERNET_SID: ULONG = 0x80000000; +pub const LSA_LOOKUP_PREFER_INTERNET_NAMES: ULONG = 0x40000000; +ENUM!{enum POLICY_INFORMATION_CLASS { + PolicyAuditLogInformation = 1, + PolicyAuditEventsInformation, + PolicyPrimaryDomainInformation, + PolicyPdAccountInformation, + PolicyAccountDomainInformation, + PolicyLsaServerRoleInformation, + PolicyReplicaSourceInformation, + PolicyDefaultQuotaInformation, + PolicyModificationInformation, + PolicyAuditFullSetInformation, + PolicyAuditFullQueryInformation, + PolicyDnsDomainInformation, + PolicyDnsDomainInformationInt, + PolicyLocalAccountDomainInformation, + PolicyLastEntry, +}} +pub type PPOLICY_INFORMATION_CLASS = *mut POLICY_INFORMATION_CLASS; +STRUCT!{struct POLICY_AUDIT_LOG_INFO { + AuditLogPercentFull: ULONG, + MaximumLogSize: ULONG, + AuditRetentionPeriod: LARGE_INTEGER, + AuditLogFullShutdownInProgress: BOOLEAN, + TimeToShutdown: LARGE_INTEGER, + NextAuditRecordId: ULONG, +}} +pub type PPOLICY_AUDIT_LOG_INFO = *mut POLICY_AUDIT_LOG_INFO; +STRUCT!{struct POLICY_AUDIT_EVENTS_INFO { + AuditingMode: BOOLEAN, + EventAuditingOptions: PPOLICY_AUDIT_EVENT_OPTIONS, + MaximumAuditEventCount: ULONG, +}} +pub type PPOLICY_AUDIT_EVENTS_INFO = *mut POLICY_AUDIT_EVENTS_INFO; +STRUCT!{struct POLICY_AUDIT_SUBCATEGORIES_INFO { + MaximumSubCategoryCount: ULONG, + EventAuditingOptions: PPOLICY_AUDIT_EVENT_OPTIONS, +}} +pub type PPOLICY_AUDIT_SUBCATEGORIES_INFO = *mut POLICY_AUDIT_SUBCATEGORIES_INFO; +STRUCT!{struct POLICY_AUDIT_CATEGORIES_INFO { + MaximumCategoryCount: ULONG, + SubCategoriesInfo: PPOLICY_AUDIT_SUBCATEGORIES_INFO, +}} +pub type PPOLICY_AUDIT_CATEGORIES_INFO = *mut POLICY_AUDIT_CATEGORIES_INFO; +pub const PER_USER_POLICY_UNCHANGED: UCHAR = 0x00; +pub const PER_USER_AUDIT_SUCCESS_INCLUDE: UCHAR = 0x01; +pub const PER_USER_AUDIT_SUCCESS_EXCLUDE: UCHAR = 0x02; +pub const PER_USER_AUDIT_FAILURE_INCLUDE: UCHAR = 0x04; +pub const PER_USER_AUDIT_FAILURE_EXCLUDE: UCHAR = 0x08; +pub const PER_USER_AUDIT_NONE: UCHAR = 0x10; +pub const VALID_PER_USER_AUDIT_POLICY_FLAG: UCHAR = PER_USER_AUDIT_SUCCESS_INCLUDE + | PER_USER_AUDIT_SUCCESS_EXCLUDE | PER_USER_AUDIT_FAILURE_INCLUDE + | PER_USER_AUDIT_FAILURE_EXCLUDE | PER_USER_AUDIT_NONE; +STRUCT!{struct POLICY_PRIMARY_DOMAIN_INFO { + Name: LSA_UNICODE_STRING, + Sid: PSID, +}} +pub type PPOLICY_PRIMARY_DOMAIN_INFO = *mut POLICY_PRIMARY_DOMAIN_INFO; +STRUCT!{struct POLICY_PD_ACCOUNT_INFO { + Name: LSA_UNICODE_STRING, +}} +pub type PPOLICY_PD_ACCOUNT_INFO = *mut POLICY_PD_ACCOUNT_INFO; +STRUCT!{struct POLICY_LSA_SERVER_ROLE_INFO { + LsaServerRole: POLICY_LSA_SERVER_ROLE, +}} +pub type PPOLICY_LSA_SERVER_ROLE_INFO = *mut POLICY_LSA_SERVER_ROLE_INFO; +STRUCT!{struct POLICY_REPLICA_SOURCE_INFO { + ReplicaSource: LSA_UNICODE_STRING, + ReplicaAccountName: LSA_UNICODE_STRING, +}} +pub type PPOLICY_REPLICA_SOURCE_INFO = *mut POLICY_REPLICA_SOURCE_INFO; +STRUCT!{struct POLICY_DEFAULT_QUOTA_INFO { + QuotaLimits: QUOTA_LIMITS, +}} +pub type PPOLICY_DEFAULT_QUOTA_INFO = *mut POLICY_DEFAULT_QUOTA_INFO; +STRUCT!{struct POLICY_MODIFICATION_INFO { + ModifiedId: LARGE_INTEGER, + DatabaseCreationTime: LARGE_INTEGER, +}} +pub type PPOLICY_MODIFICATION_INFO = *mut POLICY_MODIFICATION_INFO; +STRUCT!{struct POLICY_AUDIT_FULL_SET_INFO { + ShutDownOnFull: BOOLEAN, +}} +pub type PPOLICY_AUDIT_FULL_SET_INFO = *mut POLICY_AUDIT_FULL_SET_INFO; +STRUCT!{struct POLICY_AUDIT_FULL_QUERY_INFO { + ShutDownOnFull: BOOLEAN, + LogIsFull: BOOLEAN, +}} +pub type PPOLICY_AUDIT_FULL_QUERY_INFO = *mut POLICY_AUDIT_FULL_QUERY_INFO; +ENUM!{enum POLICY_DOMAIN_INFORMATION_CLASS { + PolicyDomainEfsInformation = 2, + PolicyDomainKerberosTicketInformation, +}} +pub type PPOLICY_DOMAIN_INFORMATION_CLASS = *mut POLICY_DOMAIN_INFORMATION_CLASS; +pub const POLICY_QOS_SCHANNEL_REQUIRED: ULONG = 0x00000001; +pub const POLICY_QOS_OUTBOUND_INTEGRITY: ULONG = 0x00000002; +pub const POLICY_QOS_OUTBOUND_CONFIDENTIALITY: ULONG = 0x00000004; +pub const POLICY_QOS_INBOUND_INTEGRITY: ULONG = 0x00000008; +pub const POLICY_QOS_INBOUND_CONFIDENTIALITY: ULONG = 0x00000010; +pub const POLICY_QOS_ALLOW_LOCAL_ROOT_CERT_STORE: ULONG = 0x00000020; +pub const POLICY_QOS_RAS_SERVER_ALLOWED: ULONG = 0x00000040; +pub const POLICY_QOS_DHCP_SERVER_ALLOWED: ULONG = 0x00000080; +STRUCT!{struct POLICY_DOMAIN_EFS_INFO { + InfoLength: ULONG, + EfsBlob: PUCHAR, +}} +pub type PPOLICY_DOMAIN_EFS_INFO = *mut POLICY_DOMAIN_EFS_INFO; +pub const POLICY_KERBEROS_VALIDATE_CLIENT: ULONG = 0x00000080; +STRUCT!{struct POLICY_DOMAIN_KERBEROS_TICKET_INFO { + AuthenticationOptions: ULONG, + MaxServiceTicketAge: LARGE_INTEGER, + MaxTicketAge: LARGE_INTEGER, + MaxRenewAge: LARGE_INTEGER, + MaxClockSkew: LARGE_INTEGER, + Reserved: LARGE_INTEGER, +}} +pub type PPOLICY_DOMAIN_KERBEROS_TICKET_INFO = *mut POLICY_DOMAIN_KERBEROS_TICKET_INFO; +ENUM!{enum POLICY_NOTIFICATION_INFORMATION_CLASS { + PolicyNotifyAuditEventsInformation = 1, + PolicyNotifyAccountDomainInformation, + PolicyNotifyServerRoleInformation, + PolicyNotifyDnsDomainInformation, + PolicyNotifyDomainEfsInformation, + PolicyNotifyDomainKerberosTicketInformation, + PolicyNotifyMachineAccountPasswordInformation, + PolicyNotifyGlobalSaclInformation, + PolicyNotifyMax, +}} +pub type PPOLICY_NOTIFICATION_INFORMATION_CLASS = *mut POLICY_NOTIFICATION_INFORMATION_CLASS; +pub const ACCOUNT_VIEW: ULONG = 0x00000001; +pub const ACCOUNT_ADJUST_PRIVILEGES: ULONG = 0x00000002; +pub const ACCOUNT_ADJUST_QUOTAS: ULONG = 0x00000004; +pub const ACCOUNT_ADJUST_SYSTEM_ACCESS: ULONG = 0x00000008; +pub const ACCOUNT_ALL_ACCESS: ULONG = STANDARD_RIGHTS_REQUIRED | ACCOUNT_VIEW + | ACCOUNT_ADJUST_PRIVILEGES | ACCOUNT_ADJUST_QUOTAS | ACCOUNT_ADJUST_SYSTEM_ACCESS; +pub const ACCOUNT_READ: ULONG = STANDARD_RIGHTS_READ | ACCOUNT_VIEW; +pub const ACCOUNT_WRITE: ULONG = STANDARD_RIGHTS_WRITE | ACCOUNT_ADJUST_PRIVILEGES + | ACCOUNT_ADJUST_QUOTAS | ACCOUNT_ADJUST_SYSTEM_ACCESS; +pub const ACCOUNT_EXECUTE: ULONG = STANDARD_RIGHTS_EXECUTE; +DECLARE_HANDLE!{LSA_HANDLE, __LSA_HANDLE} +pub const TRUSTED_QUERY_DOMAIN_NAME: ULONG = 0x00000001; +pub const TRUSTED_QUERY_CONTROLLERS: ULONG = 0x00000002; +pub const TRUSTED_SET_CONTROLLERS: ULONG = 0x00000004; +pub const TRUSTED_QUERY_POSIX: ULONG = 0x00000008; +pub const TRUSTED_SET_POSIX: ULONG = 0x00000010; +pub const TRUSTED_SET_AUTH: ULONG = 0x00000020; +pub const TRUSTED_QUERY_AUTH: ULONG = 0x00000040; +pub const TRUSTED_ALL_ACCESS: ULONG = STANDARD_RIGHTS_REQUIRED | TRUSTED_QUERY_DOMAIN_NAME + | TRUSTED_QUERY_CONTROLLERS | TRUSTED_SET_CONTROLLERS | TRUSTED_QUERY_POSIX | TRUSTED_SET_POSIX + | TRUSTED_SET_AUTH | TRUSTED_QUERY_AUTH; +pub const TRUSTED_READ: ULONG = STANDARD_RIGHTS_READ | TRUSTED_QUERY_DOMAIN_NAME; +pub const TRUSTED_WRITE: ULONG = STANDARD_RIGHTS_WRITE | TRUSTED_SET_CONTROLLERS + | TRUSTED_SET_POSIX | TRUSTED_SET_AUTH; +pub const TRUSTED_EXECUTE: ULONG = STANDARD_RIGHTS_EXECUTE | TRUSTED_QUERY_CONTROLLERS + | TRUSTED_QUERY_POSIX; +ENUM!{enum TRUSTED_INFORMATION_CLASS { + TrustedDomainNameInformation = 1, + TrustedControllersInformation, + TrustedPosixOffsetInformation, + TrustedPasswordInformation, + TrustedDomainInformationBasic, + TrustedDomainInformationEx, + TrustedDomainAuthInformation, + TrustedDomainFullInformation, + TrustedDomainAuthInformationInternal, + TrustedDomainFullInformationInternal, + TrustedDomainInformationEx2Internal, + TrustedDomainFullInformation2Internal, + TrustedDomainSupportedEncryptionTypes, +}} +pub type PTRUSTED_INFORMATION_CLASS = *mut TRUSTED_INFORMATION_CLASS; +STRUCT!{struct TRUSTED_DOMAIN_NAME_INFO { + Name: LSA_UNICODE_STRING, +}} +pub type PTRUSTED_DOMAIN_NAME_INFO = *mut TRUSTED_DOMAIN_NAME_INFO; +STRUCT!{struct TRUSTED_CONTROLLERS_INFO { + Entries: ULONG, + Names: PLSA_UNICODE_STRING, +}} +pub type PTRUSTED_CONTROLLERS_INFO = *mut TRUSTED_CONTROLLERS_INFO; +STRUCT!{struct TRUSTED_POSIX_OFFSET_INFO { + Offset: ULONG, +}} +pub type PTRUSTED_POSIX_OFFSET_INFO = *mut TRUSTED_POSIX_OFFSET_INFO; +STRUCT!{struct TRUSTED_PASSWORD_INFO { + Password: LSA_UNICODE_STRING, + OldPassword: LSA_UNICODE_STRING, +}} +pub type PTRUSTED_PASSWORD_INFO = *mut TRUSTED_PASSWORD_INFO; +pub type TRUSTED_DOMAIN_INFORMATION_BASIC = LSA_TRUST_INFORMATION; +pub type PTRUSTED_DOMAIN_INFORMATION_BASIC = PLSA_TRUST_INFORMATION; +// NOTE: Ignoring Win XP constants +pub const TRUST_DIRECTION_DISABLED: ULONG = 0x00000000; +pub const TRUST_DIRECTION_INBOUND: ULONG = 0x00000001; +pub const TRUST_DIRECTION_OUTBOUND: ULONG = 0x00000002; +pub const TRUST_DIRECTION_BIDIRECTIONAL: ULONG = TRUST_DIRECTION_INBOUND + | TRUST_DIRECTION_OUTBOUND; +pub const TRUST_TYPE_DOWNLEVEL: ULONG = 0x00000001; +pub const TRUST_TYPE_UPLEVEL: ULONG = 0x00000002; +pub const TRUST_TYPE_MIT: ULONG = 0x00000003; +pub const TRUST_ATTRIBUTE_NON_TRANSITIVE: ULONG = 0x00000001; +pub const TRUST_ATTRIBUTE_UPLEVEL_ONLY: ULONG = 0x00000002; +pub const TRUST_ATTRIBUTE_QUARANTINED_DOMAIN: ULONG = 0x00000004; +pub const TRUST_ATTRIBUTE_FOREST_TRANSITIVE: ULONG = 0x00000008; +pub const TRUST_ATTRIBUTE_CROSS_ORGANIZATION: ULONG = 0x00000010; +pub const TRUST_ATTRIBUTE_WITHIN_FOREST: ULONG = 0x00000020; +pub const TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL: ULONG = 0x00000040; +pub const TRUST_ATTRIBUTE_TRUST_USES_RC4_ENCRYPTION: ULONG = 0x00000080; +pub const TRUST_ATTRIBUTE_TRUST_USES_AES_KEYS: ULONG = 0x00000100; +pub const TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION: ULONG = 0x00000200; +pub const TRUST_ATTRIBUTE_PIM_TRUST: ULONG = 0x00000400; +pub const TRUST_ATTRIBUTES_VALID: ULONG = 0xFF03FFFF; +pub const TRUST_ATTRIBUTES_USER: ULONG = 0xFF000000; +STRUCT!{struct TRUSTED_DOMAIN_INFORMATION_EX { + Name: LSA_UNICODE_STRING, + FlatName: LSA_UNICODE_STRING, + Sid: PSID, + TrustDirection: ULONG, + TrustType: ULONG, + TrustAttributes: ULONG, +}} +pub type PTRUSTED_DOMAIN_INFORMATION_EX = *mut TRUSTED_DOMAIN_INFORMATION_EX; +STRUCT!{struct TRUSTED_DOMAIN_INFORMATION_EX2 { + Name: LSA_UNICODE_STRING, + FlatName: LSA_UNICODE_STRING, + Sid: PSID, + TrustDirection: ULONG, + TrustType: ULONG, + TrustAttributes: ULONG, + ForestTrustLength: ULONG, + ForestTrustInfo: PUCHAR, +}} +pub type PTRUSTED_DOMAIN_INFORMATION_EX2 = *mut TRUSTED_DOMAIN_INFORMATION_EX2; +pub const TRUST_AUTH_TYPE_NONE: ULONG = 0; +pub const TRUST_AUTH_TYPE_NT4OWF: ULONG = 1; +pub const TRUST_AUTH_TYPE_CLEAR: ULONG = 2; +pub const TRUST_AUTH_TYPE_VERSION: ULONG = 3; +STRUCT!{struct LSA_AUTH_INFORMATION { + LastUpdateTime: LARGE_INTEGER, + AuthType: ULONG, + AuthInfoLength: ULONG, + AuthInfo: PUCHAR, +}} +pub type PLSA_AUTH_INFORMATION = *mut LSA_AUTH_INFORMATION; +STRUCT!{struct TRUSTED_DOMAIN_AUTH_INFORMATION { + IncomingAuthInfos: ULONG, + IncomingAuthenticationInformation: PLSA_AUTH_INFORMATION, + IncomingPreviousAuthenticationInformation: PLSA_AUTH_INFORMATION, + OutgoingAuthInfos: ULONG, + OutgoingAuthenticationInformation: PLSA_AUTH_INFORMATION, + OutgoingPreviousAuthenticationInformation: PLSA_AUTH_INFORMATION, +}} +pub type PTRUSTED_DOMAIN_AUTH_INFORMATION = *mut TRUSTED_DOMAIN_AUTH_INFORMATION; +STRUCT!{struct TRUSTED_DOMAIN_FULL_INFORMATION { + Information: TRUSTED_DOMAIN_INFORMATION_EX, + PosixOffset: TRUSTED_POSIX_OFFSET_INFO, + AuthInformation: TRUSTED_DOMAIN_AUTH_INFORMATION, +}} +pub type PTRUSTED_DOMAIN_FULL_INFORMATION = *mut TRUSTED_DOMAIN_FULL_INFORMATION; +STRUCT!{struct TRUSTED_DOMAIN_FULL_INFORMATION2 { + Information: TRUSTED_DOMAIN_INFORMATION_EX2, + PosixOffset: TRUSTED_POSIX_OFFSET_INFO, + AuthInformation: TRUSTED_DOMAIN_AUTH_INFORMATION, +}} +pub type PTRUSTED_DOMAIN_FULL_INFORMATION2 = *mut TRUSTED_DOMAIN_FULL_INFORMATION2; +STRUCT!{struct TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES { + SupportedEncryptionTypes: ULONG, +}} +pub type PTRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES = + *mut TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES; +ENUM!{enum LSA_FOREST_TRUST_RECORD_TYPE { + ForestTrustTopLevelName, + ForestTrustTopLevelNameEx, + ForestTrustDomainInfo, + ForestTrustRecordTypeLast = ForestTrustDomainInfo, +}} +pub const LSA_FTRECORD_DISABLED_REASONS: ULONG = 0x0000FFFF; +pub const LSA_TLN_DISABLED_NEW: ULONG = 0x00000001; +pub const LSA_TLN_DISABLED_ADMIN: ULONG = 0x00000002; +pub const LSA_TLN_DISABLED_CONFLICT: ULONG = 0x00000004; +pub const LSA_SID_DISABLED_ADMIN: ULONG = 0x00000001; +pub const LSA_SID_DISABLED_CONFLICT: ULONG = 0x00000002; +pub const LSA_NB_DISABLED_ADMIN: ULONG = 0x00000004; +pub const LSA_NB_DISABLED_CONFLICT: ULONG = 0x00000008; +STRUCT!{struct LSA_FOREST_TRUST_DOMAIN_INFO { + Sid: PSID, + DnsName: LSA_UNICODE_STRING, + NetbiosName: LSA_UNICODE_STRING, +}} +pub type PLSA_FOREST_TRUST_DOMAIN_INFO = *mut LSA_FOREST_TRUST_DOMAIN_INFO; +pub const MAX_FOREST_TRUST_BINARY_DATA_SIZE: SIZE_T = 128 * 1024; +STRUCT!{struct LSA_FOREST_TRUST_BINARY_DATA { + Length: ULONG, + Buffer: PUCHAR, +}} +pub type PLSA_FOREST_TRUST_BINARY_DATA = *mut LSA_FOREST_TRUST_BINARY_DATA; +UNION!{union LSA_FOREST_TRUST_RECORD_FORESTTRUSTDATA { + [u32; 5] [u64; 5], + TopLevelName TopLevelName_mut: LSA_UNICODE_STRING, + DomainInfo DomainInfo_mut: LSA_FOREST_TRUST_DOMAIN_INFO, + Data Data_mut: LSA_FOREST_TRUST_BINARY_DATA, +}} +STRUCT!{struct LSA_FOREST_TRUST_RECORD { + Flags: ULONG, + ForestTrustType: LSA_FOREST_TRUST_RECORD_TYPE, + Time: LARGE_INTEGER, + ForestTrustData: LSA_FOREST_TRUST_RECORD_FORESTTRUSTDATA, +}} +pub type PLSA_FOREST_TRUST_RECORD = *mut LSA_FOREST_TRUST_RECORD; +pub const MAX_RECORDS_IN_FOREST_TRUST_INFO: SIZE_T = 4000; +STRUCT!{struct LSA_FOREST_TRUST_INFORMATION { + RecordCount: ULONG, + Entries: *mut PLSA_FOREST_TRUST_RECORD, +}} +pub type PLSA_FOREST_TRUST_INFORMATION = LSA_FOREST_TRUST_INFORMATION; +ENUM!{enum LSA_FOREST_TRUST_COLLISION_RECORD_TYPE { + CollisionTdo, + CollisionXref, + CollisionOther, +}} +STRUCT!{struct LSA_FOREST_TRUST_COLLISION_RECORD { + Index: ULONG, + Type: LSA_FOREST_TRUST_COLLISION_RECORD_TYPE, + Flags: ULONG, + Name: LSA_UNICODE_STRING, +}} +pub type PLSA_FOREST_TRUST_COLLISION_RECORD = *mut LSA_FOREST_TRUST_COLLISION_RECORD; +STRUCT!{struct LSA_FOREST_TRUST_COLLISION_INFORMATION { + RecordCount: ULONG, + Entries: *mut PLSA_FOREST_TRUST_COLLISION_RECORD, +}} +pub type PLSA_FOREST_TRUST_COLLISION_INFORMATION = *mut LSA_FOREST_TRUST_COLLISION_INFORMATION; +pub const SECRET_SET_VALUE: ULONG = 0x00000001; +pub const SECRET_QUERY_VALUE: ULONG = 0x00000002; +pub const SECRET_ALL_ACCESS: ULONG = STANDARD_RIGHTS_REQUIRED | SECRET_SET_VALUE + | SECRET_QUERY_VALUE; +pub const SECRET_READ: ULONG = STANDARD_RIGHTS_READ | SECRET_QUERY_VALUE; +pub const SECRET_WRITE: ULONG = STANDARD_RIGHTS_WRITE | SECRET_SET_VALUE; +pub const SECRET_EXECUTE: ULONG = STANDARD_RIGHTS_EXECUTE; +pub const LSA_GLOBAL_SECRET_PREFIX: &'static str = "G$"; +pub const LSA_GLOBAL_SECRET_PREFIX_LENGTH: SIZE_T = 2; +pub const LSA_LOCAL_SECRET_PREFIX: &'static str = "L$"; +pub const LSA_LOCAL_SECRET_PREFIX_LENGTH: SIZE_T = 2; +pub const LSA_MACHINE_SECRET_PREFIX: &'static str = "M$"; +pub const LSA_MACHINE_SECRET_PREFIX_LENGTH: SIZE_T = 2; +pub const LSA_SECRET_MAXIMUM_COUNT: SIZE_T = 0x00001000; +pub const LSA_SECRET_MAXIMUM_LENGTH: SIZE_T = 0x00000200; +DECLARE_HANDLE!{LSA_ENUMERATION_HANDLE, __LSA_ENUMERATION_HANDLE} +pub type PLSA_ENUMERATION_HANDLE = *mut LSA_ENUMERATION_HANDLE; +STRUCT!{struct LSA_ENUMERATION_INFORMATION { + Sid: PSID, +}} +pub type PLSA_ENUMERATION_INFORMATION = *mut LSA_ENUMERATION_INFORMATION; +extern "system" { + pub fn LsaFreeMemory( + Buffer: PVOID, + ) -> NTSTATUS; + pub fn LsaClose( + ObjectHandle: LSA_HANDLE, + ) -> NTSTATUS; + pub fn LsaDelete( + ObjectHandle: LSA_HANDLE, + ) -> NTSTATUS; + pub fn LsaQuerySecurityObject( + ObjectHandle: LSA_HANDLE, + SecurityInformation: SECURITY_INFORMATION, + SecurityDescriptor: *mut PSECURITY_DESCRIPTOR, + ) -> NTSTATUS; + pub fn LsaSetSecurityObject( + ObjectHandle: LSA_HANDLE, + SecurityInformation: SECURITY_INFORMATION, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + ) -> NTSTATUS; + pub fn LsaChangePassword( + ServerName: PLSA_UNICODE_STRING, + DomainName: PLSA_UNICODE_STRING, + AccountName: PLSA_UNICODE_STRING, + OldPassword: PLSA_UNICODE_STRING, + NewPassword: PLSA_UNICODE_STRING, + ) -> NTSTATUS; +} +STRUCT!{struct LSA_LAST_INTER_LOGON_INFO { + LastSuccessfulLogon: LARGE_INTEGER, + LastFailedLogon: LARGE_INTEGER, + FailedAttemptCountSinceLastSuccessfulLogon: ULONG, +}} +pub type PLSA_LAST_INTER_LOGON_INFO = *mut LSA_LAST_INTER_LOGON_INFO; +STRUCT!{struct SECURITY_LOGON_SESSION_DATA { + Size: ULONG, + LogonId: LUID, + UserName: LSA_UNICODE_STRING, + LogonDomain: LSA_UNICODE_STRING, + AuthenticationPackage: LSA_UNICODE_STRING, + LogonType: ULONG, + Session: ULONG, + Sid: PSID, + LogonTime: LARGE_INTEGER, + LogonServer: LSA_UNICODE_STRING, + DnsDomainName: LSA_UNICODE_STRING, + Upn: LSA_UNICODE_STRING, + UserFlags: ULONG, + LastLogonInfo: LSA_LAST_INTER_LOGON_INFO, + LogonScript: LSA_UNICODE_STRING, + ProfilePath: LSA_UNICODE_STRING, + HomeDirectory: LSA_UNICODE_STRING, + HomeDirectoryDrive: LSA_UNICODE_STRING, + LogoffTime: LARGE_INTEGER, + KickOffTime: LARGE_INTEGER, + PasswordLastSet: LARGE_INTEGER, + PasswordCanChange: LARGE_INTEGER, + PasswordMustChange: LARGE_INTEGER, +}} +pub type PSECURITY_LOGON_SESSION_DATA = *mut SECURITY_LOGON_SESSION_DATA; +extern "system" { + pub fn LsaEnumerateLogonSessions( + LogonSessionCount: PULONG, + LogonSessionList: *mut PLUID, + ) -> NTSTATUS; + pub fn LsaGetLogonSessionData( + LogonId: PLUID, + ppLogonSessionData: *mut PSECURITY_LOGON_SESSION_DATA, + ) -> NTSTATUS; + pub fn LsaOpenPolicy( + SystemName: PLSA_UNICODE_STRING, + ObjectAttributes: PLSA_OBJECT_ATTRIBUTES, + DesiredAccess: ACCESS_MASK, + PolicyHandle: PLSA_HANDLE, + ) -> NTSTATUS; + pub fn LsaOpenPolicySce( + SystemName: PLSA_UNICODE_STRING, + ObjectAttributes: PLSA_OBJECT_ATTRIBUTES, + DesiredAccess: ACCESS_MASK, + PolicyHandle: PLSA_HANDLE, + ) -> NTSTATUS; +} +pub const MAXIMUM_CAPES_PER_CAP: SIZE_T = 0x7F; +pub const CENTRAL_ACCESS_POLICY_OWNER_RIGHTS_PRESENT_FLAG: ULONG = 0x00000001; +pub const CENTRAL_ACCESS_POLICY_STAGED_OWNER_RIGHTS_PRESENT_FLAG: ULONG = 0x00000100; +#[inline] +pub fn STAGING_FLAG(Effective: ULONG) -> ULONG { + (Effective & 0xF) << 8 +} +pub const CENTRAL_ACCESS_POLICY_STAGED_FLAG: ULONG = 0x00010000; +pub const CENTRAL_ACCESS_POLICY_VALID_FLAG_MASK: ULONG = + CENTRAL_ACCESS_POLICY_OWNER_RIGHTS_PRESENT_FLAG + | CENTRAL_ACCESS_POLICY_STAGED_OWNER_RIGHTS_PRESENT_FLAG | CENTRAL_ACCESS_POLICY_STAGED_FLAG; +pub const LSASETCAPS_RELOAD_FLAG: ULONG = 0x00000001; +pub const LSASETCAPS_VALID_FLAG_MASK: ULONG = LSASETCAPS_RELOAD_FLAG; +STRUCT!{struct CENTRAL_ACCESS_POLICY_ENTRY { + Name: LSA_UNICODE_STRING, + Description: LSA_UNICODE_STRING, + ChangeId: LSA_UNICODE_STRING, + LengthAppliesTo: ULONG, + AppliesTo: PUCHAR, + LengthSD: ULONG, + SD: PSECURITY_DESCRIPTOR, + LengthStagedSD: ULONG, + StagedSD: PSECURITY_DESCRIPTOR, + Flags: ULONG, +}} +pub type PCENTRAL_ACCESS_POLICY_ENTRY = *mut CENTRAL_ACCESS_POLICY_ENTRY; +pub type PCCENTRAL_ACCESS_POLICY_ENTRY = *const CENTRAL_ACCESS_POLICY_ENTRY; +STRUCT!{struct CENTRAL_ACCESS_POLICY { + CAPID: PSID, + Name: LSA_UNICODE_STRING, + Description: LSA_UNICODE_STRING, + ChangeId: LSA_UNICODE_STRING, + Flags: ULONG, + CAPECount: ULONG, + CAPEs: *mut PCENTRAL_ACCESS_POLICY_ENTRY, +}} +pub type PCENTRAL_ACCESS_POLICY = *mut CENTRAL_ACCESS_POLICY; +pub type PCCENTRAL_ACCESS_POLICY = *const CENTRAL_ACCESS_POLICY; +extern "system" { + pub fn LsaSetCAPs( + CAPDNs: PLSA_UNICODE_STRING, + CAPDNCount: ULONG, + Flags: ULONG, + ) -> NTSTATUS; + pub fn LsaGetAppliedCAPIDs( + SystemName: PLSA_UNICODE_STRING, + CAPIDs: *mut *mut PSID, + CAPIDCount: PULONG, + ) -> NTSTATUS; + pub fn LsaQueryCAPs( + CAPIDs: *mut PSID, + CAPIDCount: ULONG, + CAPs: *mut PCENTRAL_ACCESS_POLICY, + CAPCount: PULONG, + ) -> NTSTATUS; + pub fn LsaQueryInformationPolicy( + PolicyHandle: LSA_HANDLE, + InformationClass: POLICY_INFORMATION_CLASS, + Buffer: *mut PVOID, + ) -> NTSTATUS; + pub fn LsaSetInformationPolicy( + PolicyHandle: LSA_HANDLE, + InformationClass: POLICY_INFORMATION_CLASS, + Buffer: PVOID, + ) -> NTSTATUS; + pub fn LsaQueryDomainInformationPolicy( + PolicyHandle: LSA_HANDLE, + InformationClass: POLICY_DOMAIN_INFORMATION_CLASS, + Buffer: *mut PVOID, + ) -> NTSTATUS; + pub fn LsaSetDomainInformationPolicy( + PolicyHandle: LSA_HANDLE, + InformationClass: POLICY_DOMAIN_INFORMATION_CLASS, + Buffer: PVOID, + ) -> NTSTATUS; + pub fn LsaRegisterPolicyChangeNotification( + InformationClass: POLICY_NOTIFICATION_INFORMATION_CLASS, + NotifcationEventHandle: HANDLE, + ) -> NTSTATUS; + pub fn LsaUnregisterPolicyChangeNotification( + InformationClass: POLICY_NOTIFICATION_INFORMATION_CLASS, + NotifcationEventHandle: HANDLE, + ) -> NTSTATUS; + pub fn LsaClearAuditLog( + PolicyHandle: LSA_HANDLE, + ) -> NTSTATUS; + pub fn LsaCreateAccount( + PolicyHandle: LSA_HANDLE, + AccountSid: PSID, + DesiredAccess: ACCESS_MASK, + AccountHandle: PLSA_HANDLE, + ) -> NTSTATUS; + pub fn LsaEnumerateAccounts( + PolicyHandle: LSA_HANDLE, + EnumerationContext: PLSA_ENUMERATION_HANDLE, + Buffer: *mut PVOID, + PreferredMaximumLength: ULONG, + CountReturned: PULONG, + ) -> NTSTATUS; + pub fn LsaCreateTrustedDomain( + PolicyHandle: LSA_HANDLE, + TrustedDomainInformation: PLSA_TRUST_INFORMATION, + DesiredAccess: ACCESS_MASK, + TrustedDomainHandle: PLSA_HANDLE, + ) -> NTSTATUS; + pub fn LsaEnumerateTrustedDomains( + PolicyHandle: LSA_HANDLE, + EnumerationContext: PLSA_ENUMERATION_HANDLE, + Buffer: *mut PVOID, + PreferredMaximumLength: ULONG, + CountReturned: PULONG, + ) -> NTSTATUS; + pub fn LsaEnumeratePrivileges( + PolicyHandle: LSA_HANDLE, + EnumerationContext: PLSA_ENUMERATION_HANDLE, + Buffer: *mut PVOID, + PreferredMaximumLength: ULONG, + CountReturned: PULONG, + ) -> NTSTATUS; + pub fn LsaLookupNames( + PolicyHandle: LSA_HANDLE, + Count: ULONG, + Names: PLSA_UNICODE_STRING, + ReferencedDomains: *mut PLSA_REFERENCED_DOMAIN_LIST, + Sids: *mut PLSA_TRANSLATED_SID, + ) -> NTSTATUS; + pub fn LsaLookupNames2( + PolicyHandle: LSA_HANDLE, + Flags: ULONG, + Count: ULONG, + Names: PLSA_UNICODE_STRING, + ReferencedDomains: *mut PLSA_REFERENCED_DOMAIN_LIST, + Sids: *mut PLSA_TRANSLATED_SID2, + ) -> NTSTATUS; + pub fn LsaLookupSids( + PolicyHandle: LSA_HANDLE, + Count: ULONG, + Sids: *mut PSID, + ReferencedDomains: *mut PLSA_REFERENCED_DOMAIN_LIST, + Names: *mut PLSA_TRANSLATED_NAME, + ) -> NTSTATUS; + pub fn LsaLookupSids2( + PolicyHandle: LSA_HANDLE, + LookupOptions: ULONG, + Count: ULONG, + Sids: *mut PSID, + ReferencedDomains: *mut PLSA_REFERENCED_DOMAIN_LIST, + Names: *mut PLSA_TRANSLATED_NAME, + ) -> NTSTATUS; + pub fn LsaCreateSecret( + PolicyHandle: LSA_HANDLE, + SecretName: PLSA_UNICODE_STRING, + DesiredAccess: ACCESS_MASK, + SecretHandle: PLSA_HANDLE, + ) -> NTSTATUS; + pub fn LsaOpenAccount( + PolicyHandle: LSA_HANDLE, + AccountSid: PSID, + DesiredAccess: ACCESS_MASK, + AccountHandle: PLSA_HANDLE, + ) -> NTSTATUS; + pub fn LsaEnumeratePrivilegesOfAccount( + AccountHandle: LSA_HANDLE, + Privileges: *mut PPRIVILEGE_SET, + ) -> NTSTATUS; + pub fn LsaAddPrivilegesToAccount( + AccountHandle: LSA_HANDLE, + Privileges: PPRIVILEGE_SET, + ) -> NTSTATUS; + pub fn LsaRemovePrivilegesFromAccount( + AccountHandle: LSA_HANDLE, + AllPrivileges: BOOLEAN, + Privileges: PPRIVILEGE_SET, + ) -> NTSTATUS; + pub fn LsaGetQuotasForAccount( + AccountHandle: LSA_HANDLE, + QuotaLimits: PQUOTA_LIMITS, + ) -> NTSTATUS; + pub fn LsaSetQuotasForAccount( + AccountHandle: LSA_HANDLE, + QuotaLimits: PQUOTA_LIMITS, + ) -> NTSTATUS; + pub fn LsaGetSystemAccessAccount( + AccountHandle: LSA_HANDLE, + SystemAccess: PULONG, + ) -> NTSTATUS; + pub fn LsaSetSystemAccessAccount( + AccountHandle: LSA_HANDLE, + SystemAccess: ULONG, + ) -> NTSTATUS; + pub fn LsaOpenTrustedDomain( + PolicyHandle: LSA_HANDLE, + TrustedDomainSid: PSID, + DesiredAccess: ACCESS_MASK, + TrustedDomainHandle: PLSA_HANDLE, + ) -> NTSTATUS; + pub fn LsaQueryInfoTrustedDomain( + TrustedDomainHandle: LSA_HANDLE, + InformationClass: TRUSTED_INFORMATION_CLASS, + Buffer: *mut PVOID, + ) -> NTSTATUS; + pub fn LsaSetInformationTrustedDomain( + TrustedDomainHandle: LSA_HANDLE, + InformationClass: TRUSTED_INFORMATION_CLASS, + Buffer: PVOID, + ) -> NTSTATUS; + pub fn LsaOpenSecret( + PolicyHandle: LSA_HANDLE, + SecretName: PLSA_UNICODE_STRING, + DesiredAccess: ACCESS_MASK, + SecretHandle: PLSA_HANDLE, + ) -> NTSTATUS; + pub fn LsaSetSecret( + SecretHandle: LSA_HANDLE, + CurrentValue: PLSA_UNICODE_STRING, + OldValue: PLSA_UNICODE_STRING, + ) -> NTSTATUS; + pub fn LsaQuerySecret( + SecretHandle: LSA_HANDLE, + CurrentValue: *mut PLSA_UNICODE_STRING, + CurrentValueSetTime: PLARGE_INTEGER, + OldValue: *mut PLSA_UNICODE_STRING, + OldValueSetTime: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn LsaLookupPrivilegeValue( + PolicyHandle: LSA_HANDLE, + Name: PLSA_UNICODE_STRING, + Value: PLUID, + ) -> NTSTATUS; + pub fn LsaLookupPrivilegeName( + PolicyHandle: LSA_HANDLE, + Value: PLUID, + Name: *mut PLSA_UNICODE_STRING, + ) -> NTSTATUS; + pub fn LsaLookupPrivilegeDisplayName( + PolicyHandle: LSA_HANDLE, + Name: PLSA_UNICODE_STRING, + DisplayName: *mut PLSA_UNICODE_STRING, + LanguageReturned: PSHORT, + ) -> NTSTATUS; +} +extern "C" { + pub fn LsaGetUserName( + UserName: *mut PLSA_UNICODE_STRING, + DomainName: *mut PLSA_UNICODE_STRING, + ) -> NTSTATUS; + pub fn LsaGetRemoteUserName( + SystemName: PLSA_UNICODE_STRING, + UserName: *mut PLSA_UNICODE_STRING, + DomainName: *mut PLSA_UNICODE_STRING, + ) -> NTSTATUS; +} +pub const SE_INTERACTIVE_LOGON_NAME: &'static str = "SeInteractiveLogonRight"; +pub const SE_NETWORK_LOGON_NAME: &'static str = "SeNetworkLogonRight"; +pub const SE_BATCH_LOGON_NAME: &'static str = "SeBatchLogonRight"; +pub const SE_SERVICE_LOGON_NAME: &'static str = "SeServiceLogonRight"; +pub const SE_DENY_INTERACTIVE_LOGON_NAME: &'static str = "SeDenyInteractiveLogonRight"; +pub const SE_DENY_NETWORK_LOGON_NAME: &'static str = "SeDenyNetworkLogonRight"; +pub const SE_DENY_BATCH_LOGON_NAME: &'static str = "SeDenyBatchLogonRight"; +pub const SE_DENY_SERVICE_LOGON_NAME: &'static str = "SeDenyServiceLogonRight"; +pub const SE_REMOTE_INTERACTIVE_LOGON_NAME: &'static str = "SeRemoteInteractiveLogonRight"; +pub const SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME: &'static str = + "SeDenyRemoteInteractiveLogonRight"; +extern "system" { + pub fn LsaEnumerateAccountsWithUserRight( + PolictHandle: LSA_HANDLE, + UserRights: PLSA_UNICODE_STRING, + EnumerationBuffer: *mut PVOID, + CountReturned: PULONG, + ) -> NTSTATUS; + pub fn LsaEnumerateAccountRights( + PolicyHandle: LSA_HANDLE, + AccountSid: PSID, + UserRights: *mut PLSA_UNICODE_STRING, + CountOfRights: PULONG, + ) -> NTSTATUS; + pub fn LsaAddAccountRights( + PolicyHandle: LSA_HANDLE, + AccountSid: PSID, + UserRights: PLSA_UNICODE_STRING, + CountOfRights: ULONG, + ) -> NTSTATUS; + pub fn LsaRemoveAccountRights( + PolicyHandle: LSA_HANDLE, + AccountSid: PSID, + AllRights: BOOLEAN, + UserRights: PLSA_UNICODE_STRING, + CountOfRights: ULONG, + ) -> NTSTATUS; + pub fn LsaOpenTrustedDomainByName( + PolicyHandle: LSA_HANDLE, + TrustedDomainName: PLSA_UNICODE_STRING, + DesiredAccess: ACCESS_MASK, + TrustedDomainHandle: PLSA_HANDLE, + ) -> NTSTATUS; + pub fn LsaQueryTrustedDomainInfo( + PolicyHandle: LSA_HANDLE, + TrustedDomainSid: PSID, + InformationClass: TRUSTED_INFORMATION_CLASS, + Buffer: *mut PVOID, + ) -> NTSTATUS; + pub fn LsaSetTrustedDomainInformation( + PolicyHandle: LSA_HANDLE, + TrustedDomainSid: PSID, + InformationClass: TRUSTED_INFORMATION_CLASS, + Buffer: PVOID, + ) -> NTSTATUS; + pub fn LsaDeleteTrustedDomain( + PolicyHandle: LSA_HANDLE, + TrustedDomainSid: PSID, + ) -> NTSTATUS; + pub fn LsaQueryTrustedDomainInfoByName( + PolicyHandle: LSA_HANDLE, + TrustedDomainName: PLSA_UNICODE_STRING, + InformationClass: TRUSTED_INFORMATION_CLASS, + Buffer: *mut PVOID, + ) -> NTSTATUS; + pub fn LsaSetTrustedDomainInfoByName( + PolicyHandle: LSA_HANDLE, + TrustedDomainName: PLSA_UNICODE_STRING, + InformationClass: TRUSTED_INFORMATION_CLASS, + Buffer: PVOID, + ) -> NTSTATUS; + pub fn LsaEnumerateTrustedDomainsEx( + PolicyHandle: LSA_HANDLE, + EnumerationContext: PLSA_ENUMERATION_HANDLE, + Buffer: *mut PVOID, + PreferredMaximumLength: ULONG, + CountReturned: PULONG, + ) -> NTSTATUS; + pub fn LsaCreateTrustedDomainEx( + PolicyHandle: LSA_HANDLE, + TrustedDomainInformation: PTRUSTED_DOMAIN_INFORMATION_EX, + AuthenticationInformation: PTRUSTED_DOMAIN_AUTH_INFORMATION, + DesiredAccess: ACCESS_MASK, + TrustedDomainHandle: PLSA_HANDLE, + ) -> NTSTATUS; + pub fn LsaQueryForestTrustInformation( + PolicyHandle: LSA_HANDLE, + TrustedDomainName: PLSA_UNICODE_STRING, + ForestTrustInfo: *mut PLSA_FOREST_TRUST_INFORMATION, + ) -> NTSTATUS; + pub fn LsaSetForestTrustInformation( + PolicyHandle: LSA_HANDLE, + TrustedDomainName: PLSA_UNICODE_STRING, + ForestTrustInfo: PLSA_FOREST_TRUST_INFORMATION, + CheckOnly: BOOLEAN, + CollisionInfo: *mut PLSA_FOREST_TRUST_COLLISION_INFORMATION, + ) -> NTSTATUS; + pub fn LsaForestTrustFindMatch( + PolicyHandle: LSA_HANDLE, + Type: ULONG, + Name: PLSA_UNICODE_STRING, + Match: *mut PLSA_UNICODE_STRING, + ) -> NTSTATUS; + pub fn LsaStorePrivateData( + PolicyHandle: LSA_HANDLE, + KeyName: PLSA_UNICODE_STRING, + PrivateData: PLSA_UNICODE_STRING, + ) -> NTSTATUS; + pub fn LsaRetrievePrivateData( + PolicyHandle: LSA_HANDLE, + KeyName: PLSA_UNICODE_STRING, + PrivateData: *mut PLSA_UNICODE_STRING, + ) -> NTSTATUS; + pub fn LsaNtStatusToWinError( + Status: NTSTATUS, + ) -> ULONG; +} +ENUM!{enum NEGOTIATE_MESSAGES { + NegEnumPackagePrefixes = 0, + NegGetCallerName = 1, + NegTransferCredentials = 2, + NegEnumPackageNames = 3, + NegCallPackageMax, +}} +pub const NEGOTIATE_MAX_PREFIX: SIZE_T = 32; +STRUCT!{struct NEGOTIATE_PACKAGE_PREFIX { + PackageId: ULONG_PTR, + PackageDataA: PVOID, + PackageDataW: PVOID, + PrefixLen: ULONG_PTR, + Prefix: [UCHAR; NEGOTIATE_MAX_PREFIX], +}} +pub type PNEGOTIATE_PACKAGE_PREFIX = *mut NEGOTIATE_PACKAGE_PREFIX; +STRUCT!{struct NEGOTIATE_PACKAGE_PREFIXES { + MessageType: ULONG, + PrefixCount: ULONG, + Offset: ULONG, + Pad: ULONG, +}} +pub type PNEGOTIATE_PACKAGE_PREFIXES = *mut NEGOTIATE_PACKAGE_PREFIXES; +STRUCT!{struct NEGOTIATE_CALLER_NAME_REQUEST { + MessageType: ULONG, + LogonId: LUID, +}} +pub type PNEGOTIATE_CALLER_NAME_REQUEST = *mut NEGOTIATE_CALLER_NAME_REQUEST; +STRUCT!{struct NEGOTIATE_CALLER_NAME_RESPONSE { + Messagetype: ULONG, + CallerName: PWSTR, +}} +pub type PNEGOTIATE_CALLER_NAME_RESPONSE = *mut NEGOTIATE_CALLER_NAME_RESPONSE; +STRUCT!{struct NEGOTIATE_PACKAGE_NAMES { + NamesCount: ULONG, + Names: [UNICODE_STRING; ANYSIZE_ARRAY], +}} +pub type PNEGOTIATE_PACKAGE_NAMES = *mut NEGOTIATE_PACKAGE_NAMES; +pub const NEGOTIATE_ALLOW_NTLM: ULONG = 0x10000000; +pub const NEGOTIATE_NEG_NTLM: ULONG = 0x20000000; +STRUCT!{struct NEGOTIATE_PACKAGE_PREFIX_WOW { + PackageId: ULONG, + PackageDataA: ULONG, + PackageDataW: ULONG, + PrefixLen: ULONG, + Prefix: [UCHAR; NEGOTIATE_MAX_PREFIX], +}} +pub type PNEGOTIATE_PACKAGE_PREFIX_WOW = *mut NEGOTIATE_PACKAGE_PREFIX_WOW; +STRUCT!{struct NEGOTIATE_CALLER_NAME_RESPONSE_WOW { + MessageType: ULONG, + CallerName: ULONG, +}} +pub type PNEGOTIATE_CALLER_NAME_RESPONSE_WOW = *mut NEGOTIATE_CALLER_NAME_RESPONSE_WOW; +extern "system" { + pub fn LsaSetPolicyReplicationHandle( + PolicyHandle: PLSA_HANDLE, + ) -> NTSTATUS; +} +pub const MAX_USER_RECORDS: SIZE_T = 1000; +STRUCT!{struct LSA_USER_REGISTRATION_INFO { + Sid: LSA_UNICODE_STRING, + DeviceId: LSA_UNICODE_STRING, + Username: LSA_UNICODE_STRING, + Thumbprint: LSA_UNICODE_STRING, + RegistrationTime: LARGE_INTEGER, +}} +pub type PLSA_USER_REGISTRATION_INFO = *mut LSA_USER_REGISTRATION_INFO; +STRUCT!{struct LSA_REGISTRATION_INFO { + RegisteredCount: ULONG, + UserRegistrationInfo: *mut PLSA_USER_REGISTRATION_INFO, +}} +pub type PLSA_REGISTRATION_INFO = *mut LSA_REGISTRATION_INFO; +extern "system" { + pub fn LsaGetDeviceRegistrationInfo( + RegistrationInfo: *mut PLSA_REGISTRATION_INFO, + ) -> NTSTATUS; +} +ENUM!{enum LSA_CREDENTIAL_KEY_SOURCE_TYPE { + eFromPrecomputed = 1, + eFromClearPassword, + eFromNtOwf, +}} +pub type PLSA_CREDENTIAL_KEY_SOURCE_TYPE = *mut LSA_CREDENTIAL_KEY_SOURCE_TYPE; +extern "C" { + pub fn SeciIsProtectedUser( + ProtectedUser: PBOOLEAN, + ) -> NTSTATUS; +} |