// Licensed under the Apache License, Version 2.0 // or the MIT license // , at your option. // All files in the project carrying such notice may not be copied, modified, or distributed // except according to those terms. //! This module defines the Local Security Authority APIs. use shared::basetsd::{ULONG64, ULONG_PTR}; use shared::guiddef::GUID; use shared::minwindef::{PUCHAR, PULONG, UCHAR, ULONG, USHORT}; use shared::ntdef::NTSTATUS; use shared::sspi::SecHandle; use um::lsalookup::{ LSA_TRUST_INFORMATION, LSA_UNICODE_STRING, PLSA_TRUST_INFORMATION, PLSA_UNICODE_STRING }; use um::subauth::{PUNICODE_STRING, STRING, UNICODE_STRING}; use um::winnt::{ ACCESS_MASK, ANYSIZE_ARRAY, BOOLEAN, HANDLE, LARGE_INTEGER, LONG, LUID, PACL, PCSTR, PCWSTR, PSECURITY_DESCRIPTOR, PSID, PSTR, PVOID, PWSTR, QUOTA_LIMITS, SECURITY_INFORMATION, SHORT, SID, SID_NAME_USE, STANDARD_RIGHTS_EXECUTE, STANDARD_RIGHTS_READ, STANDARD_RIGHTS_REQUIRED, STANDARD_RIGHTS_WRITE, ULONGLONG }; DEFINE_GUID!{Audit_System_SecurityStateChange, 0x0cce9210, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_System_SecuritySubsystemExtension, 0x0cce9211, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_System_Integrity, 0x0cce9212, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_System_IPSecDriverEvents, 0x0cce9213, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_System_Others, 0x0cce9214, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_Logon_Logon, 0x0cce9215, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_Logon_Logoff, 0x0cce9216, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_Logon_AccountLockout, 0x0cce9217, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_Logon_IPSecMainMode, 0x0cce9218, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_Logon_IPSecQuickMode, 0x0cce9219, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_Logon_IPSecUserMode, 0x0cce921a, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_Logon_SpecialLogon, 0x0cce921b, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_Logon_Others, 0x0cce921c, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_ObjectAccess_FileSystem, 0x0cce921d, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_ObjectAccess_Registry, 0x0cce921e, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_ObjectAccess_Kernel, 0x0cce921f, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_ObjectAccess_Sam, 0x0cce9220, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_ObjectAccess_CertificationServices, 0x0cce9221, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_ObjectAccess_ApplicationGenerated, 0x0cce9222, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_ObjectAccess_Handle, 0x0cce9223, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_ObjectAccess_Share, 0x0cce9224, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_ObjectAccess_FirewallPacketDrops, 0x0cce9225, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_ObjectAccess_FirewallConnection, 0x0cce9226, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_ObjectAccess_Other, 0x0cce9227, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_PrivilegeUse_Sensitive, 0x0cce9228, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_PrivilegeUse_NonSensitive, 0x0cce9229, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_PrivilegeUse_Others, 0x0cce922a, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_DetailedTracking_ProcessCreation, 0x0cce922b, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_DetailedTracking_ProcessTermination, 0x0cce922c, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_DetailedTracking_DpapiActivity, 0x0cce922d, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_DetailedTracking_RpcCall, 0x0cce922e, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_PolicyChange_AuditPolicy, 0x0cce922f, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_PolicyChange_AuthenticationPolicy, 0x0cce9230, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_PolicyChange_AuthorizationPolicy, 0x0cce9231, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_PolicyChange_MpsscvRulePolicy, 0x0cce9232, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_PolicyChange_WfpIPSecPolicy, 0x0cce9233, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_PolicyChange_Others, 0x0cce9234, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_AccountManagement_UserAccount, 0x0cce9235, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_AccountManagement_ComputerAccount, 0x0cce9236, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_AccountManagement_SecurityGroup, 0x0cce9237, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_AccountManagement_DistributionGroup, 0x0cce9238, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_AccountManagement_ApplicationGroup, 0x0cce9239, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_AccountManagement_Others, 0x0cce923a, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_DSAccess_DSAccess, 0x0cce923b, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_DsAccess_AdAuditChanges, 0x0cce923c, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_Ds_Replication, 0x0cce923d, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_Ds_DetailedReplication, 0x0cce923e, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_AccountLogon_CredentialValidation, 0x0cce923f, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_AccountLogon_Kerberos, 0x0cce9240, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_AccountLogon_Others, 0x0cce9241, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_AccountLogon_KerbCredentialValidation, 0x0cce9242, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_Logon_NPS, 0x0cce9243, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_ObjectAccess_DetailedFileShare, 0x0cce9244, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_ObjectAccess_RemovableStorage, 0x0cce9245, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_ObjectAccess_CbacStaging, 0x0cce9246, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_Logon_Claims, 0x0cce9247, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_System, 0x69979848, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_Logon, 0x69979849, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_ObjectAccess, 0x6997984a, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_PrivilegeUse, 0x6997984b, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_DetailedTracking, 0x6997984c, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_PolicyChange, 0x6997984d, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_AccountManagement, 0x6997984e, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_DirectoryServiceAccess, 0x6997984f, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} DEFINE_GUID!{Audit_AccountLogon, 0x69979850, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} ENUM!{enum POLICY_AUDIT_EVENT_TYPE { AuditCategorySystem = 0, AuditCategoryLogon, AuditCategoryObjectAccess, AuditCategoryPrivilegeUse, AuditCategoryDetailedTracking, AuditCategoryPolicyChange, AuditCategoryAccountManagement, AuditCategoryDirectoryServiceAccess, AuditCategoryAccountLogon, }} pub type PPOLICY_AUDIT_EVENT_TYPE = *mut POLICY_AUDIT_EVENT_TYPE; pub const POLICY_AUDIT_EVENT_UNCHANGED: POLICY_AUDIT_EVENT_OPTIONS = 0x00000000; pub const POLICY_AUDIT_EVENT_SUCCESS: POLICY_AUDIT_EVENT_OPTIONS = 0x00000001; pub const POLICY_AUDIT_EVENT_FAILURE: POLICY_AUDIT_EVENT_OPTIONS = 0x00000002; pub const POLICY_AUDIT_EVENT_NONE: POLICY_AUDIT_EVENT_OPTIONS = 0x00000004; pub const POLICY_AUDIT_EVENT_MASK: POLICY_AUDIT_EVENT_OPTIONS = POLICY_AUDIT_EVENT_SUCCESS | POLICY_AUDIT_EVENT_FAILURE | POLICY_AUDIT_EVENT_UNCHANGED | POLICY_AUDIT_EVENT_NONE; pub const POLICY_VIEW_LOCAL_INFORMATION: ACCESS_MASK = 0x00000001; pub const POLICY_VIEW_AUDIT_INFORMATION: ACCESS_MASK = 0x00000002; pub const POLICY_GET_PRIVATE_INFORMATION: ACCESS_MASK = 0x00000004; pub const POLICY_TRUST_ADMIN: ACCESS_MASK = 0x00000008; pub const POLICY_CREATE_ACCOUNT: ACCESS_MASK = 0x00000010; pub const POLICY_CREATE_SECRET: ACCESS_MASK = 0x00000020; pub const POLICY_CREATE_PRIVILEGE: ACCESS_MASK = 0x00000040; pub const POLICY_SET_DEFAULT_QUOTA_LIMITS: ACCESS_MASK = 0x00000080; pub const POLICY_SET_AUDIT_REQUIREMENTS: ACCESS_MASK = 0x00000100; pub const POLICY_AUDIT_LOG_ADMIN: ACCESS_MASK = 0x00000200; pub const POLICY_SERVER_ADMIN: ACCESS_MASK = 0x00000400; pub const POLICY_LOOKUP_NAMES: ACCESS_MASK = 0x00000800; pub const POLICY_NOTIFICATION: ACCESS_MASK = 0x00001000; pub const POLICY_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | POLICY_VIEW_LOCAL_INFORMATION | POLICY_VIEW_AUDIT_INFORMATION | POLICY_GET_PRIVATE_INFORMATION | POLICY_TRUST_ADMIN | POLICY_CREATE_ACCOUNT | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE | POLICY_SET_DEFAULT_QUOTA_LIMITS | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN | POLICY_SERVER_ADMIN | POLICY_LOOKUP_NAMES; pub const POLICY_READ: ACCESS_MASK = STANDARD_RIGHTS_READ | POLICY_VIEW_AUDIT_INFORMATION | POLICY_GET_PRIVATE_INFORMATION; pub const POLICY_WRITE: ACCESS_MASK = STANDARD_RIGHTS_WRITE | POLICY_TRUST_ADMIN | POLICY_CREATE_ACCOUNT | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE | POLICY_SET_DEFAULT_QUOTA_LIMITS | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN | POLICY_SERVER_ADMIN; pub const POLICY_EXECUTE: ACCESS_MASK = STANDARD_RIGHTS_EXECUTE | POLICY_VIEW_LOCAL_INFORMATION | POLICY_LOOKUP_NAMES; STRUCT!{struct LSA_TRANSLATED_SID { Use: SID_NAME_USE, RelativeId: ULONG, DomainIndex: LONG, }} pub type PLSA_TRANSLATED_SID = *mut LSA_TRANSLATED_SID; ENUM!{enum POLICY_LSA_SERVER_ROLE { PolicyServerRoleBackup = 2, PolicyServerRolePrimary, }} pub type PPOLICY_LSA_SERVER_ROLE = *mut POLICY_LSA_SERVER_ROLE; pub type POLICY_AUDIT_EVENT_OPTIONS = ULONG; pub type PPOLICY_AUDIT_EVENT_OPTIONS = *mut ULONG; ENUM!{enum POLICY_INFORMATION_CLASS { PolicyAuditLogInformation = 1, PolicyAuditEventsInformation, PolicyPrimaryDomainInformation, PolicyPdAccountInformation, PolicyAccountDomainInformation, PolicyLsaServerRoleInformation, PolicyReplicaSourceInformation, PolicyDefaultQuotaInformation, PolicyModificationInformation, PolicyAuditFullSetInformation, PolicyAuditFullQueryInformation, PolicyDnsDomainInformation, PolicyDnsDomainInformationInt, PolicyLocalAccountDomainInformation, PolicyLastEntry, }} pub type PPOLICY_INFORMATION_CLASS = *mut POLICY_INFORMATION_CLASS; STRUCT!{struct POLICY_AUDIT_LOG_INFO { AuditLogPercentFull: ULONG, MaximumLogSize: ULONG, AuditRetentionPeriod: LARGE_INTEGER, AuditLogFullShutdownInProgress: BOOLEAN, TimeToShutdown: LARGE_INTEGER, NextAuditRecordId: ULONG, }} pub type PPOLICY_AUDIT_LOG_INFO = *mut POLICY_AUDIT_LOG_INFO; STRUCT!{struct POLICY_AUDIT_EVENTS_INFO { AuditingMode: BOOLEAN, EventAuditingOptions: PPOLICY_AUDIT_EVENT_OPTIONS, MaximumAuditEventCount: ULONG, }} pub type PPOLICY_AUDIT_EVENTS_INFO = *mut POLICY_AUDIT_EVENTS_INFO; STRUCT!{struct POLICY_AUDIT_SUBCATEGORIES_INFO { MaximumSubCategoryCount: ULONG, EventAuditingOptions: PPOLICY_AUDIT_EVENT_OPTIONS, }} pub type PPOLICY_AUDIT_SUBCATEGORIES_INFO = *mut POLICY_AUDIT_SUBCATEGORIES_INFO; STRUCT!{struct POLICY_AUDIT_CATEGORIES_INFO { MaximumSubCategoryCount: ULONG, SubCategoriesInfo: PPOLICY_AUDIT_SUBCATEGORIES_INFO, }} pub type PPOLICY_AUDIT_CATEGORIES_INFO = *mut POLICY_AUDIT_CATEGORIES_INFO; pub const PER_USER_POLICY_UNCHANGED: ULONG = 0x00; pub const PER_USER_AUDIT_SUCCESS_INCLUDE: ULONG = 0x01; pub const PER_USER_AUDIT_SUCCESS_EXCLUDE: ULONG = 0x02; pub const PER_USER_AUDIT_FAILURE_INCLUDE: ULONG = 0x04; pub const PER_USER_AUDIT_FAILURE_EXCLUDE: ULONG = 0x08; pub const PER_USER_AUDIT_NONE: ULONG = 0x10; pub const VALID_PER_USER_AUDIT_POLICY_FLAG: ULONG = PER_USER_AUDIT_SUCCESS_INCLUDE | PER_USER_AUDIT_SUCCESS_EXCLUDE | PER_USER_AUDIT_FAILURE_INCLUDE | PER_USER_AUDIT_FAILURE_EXCLUDE | PER_USER_AUDIT_NONE; STRUCT!{struct POLICY_PRIMARY_DOMAIN_INFO { Name: LSA_UNICODE_STRING, Sid: PSID, }} pub type PPOLICY_PRIMARY_DOMAIN_INFO = *mut POLICY_PRIMARY_DOMAIN_INFO; STRUCT!{struct POLICY_PD_ACCOUNT_INFO { Name: LSA_UNICODE_STRING, }} pub type PPOLICY_PD_ACCOUNT_INFO = *mut POLICY_PD_ACCOUNT_INFO; STRUCT!{struct POLICY_LSA_SERVER_ROLE_INFO { LsaServerRole: POLICY_LSA_SERVER_ROLE, }} pub type PPOLICY_LSA_SERVER_ROLE_INFO = *mut POLICY_LSA_SERVER_ROLE_INFO; STRUCT!{struct POLICY_REPLICA_SOURCE_INFO { ReplicaSource: LSA_UNICODE_STRING, ReplicaAccountName: LSA_UNICODE_STRING, }} pub type PPOLICY_REPLICA_SOURCE_INFO = *mut POLICY_REPLICA_SOURCE_INFO; STRUCT!{struct POLICY_DEFAULT_QUOTA_INFO { QuotaLimits: QUOTA_LIMITS, }} pub type PPOLICY_DEFAULT_QUOTA_INFO = *mut POLICY_DEFAULT_QUOTA_INFO; STRUCT!{struct POLICY_MODIFICATION_INFO { ModifiedId: LARGE_INTEGER, DatabaseCreationTime: LARGE_INTEGER, }} pub type PPOLICY_MODIFICATION_INFO = *mut POLICY_MODIFICATION_INFO; STRUCT!{struct POLICY_AUDIT_FULL_SET_INFO { ShutDownOnFull: BOOLEAN, }} pub type PPOLICY_AUDIT_FULL_SET_INFO = *mut POLICY_AUDIT_FULL_SET_INFO; STRUCT!{struct POLICY_AUDIT_FULL_QUERY_INFO { ShutDownOnFull: BOOLEAN, LogIsFull: BOOLEAN, }} pub type PPOLICY_AUDIT_FULL_QUERY_INFO = *mut POLICY_AUDIT_FULL_QUERY_INFO; ENUM!{enum POLICY_DOMAIN_INFORMATION_CLASS { PolicyDomainEfsInformation = 2, PolicyDomainKerberosTicketInformation, }} pub type PPOLICY_DOMAIN_INFORMATION_CLASS = *mut POLICY_DOMAIN_INFORMATION_CLASS; STRUCT!{struct POLICY_DOMAIN_EFS_INFO { InfoLength: ULONG, EfsBlob: PUCHAR, }} pub type PPOLICY_DOMAIN_EFS_INFO = *mut POLICY_DOMAIN_EFS_INFO; STRUCT!{struct POLICY_DOMAIN_KERBEROS_TICKET_INFO { AuthenticationOptions: ULONG, MaxServiceTicketAge: LARGE_INTEGER, MaxTicketAge: LARGE_INTEGER, MaxRenewAge: LARGE_INTEGER, MaxClockSkew: LARGE_INTEGER, Reserved: LARGE_INTEGER, }} pub type PPOLICY_DOMAIN_KERBEROS_TICKET_INFO = *mut POLICY_DOMAIN_KERBEROS_TICKET_INFO; ENUM!{enum POLICY_NOTIFICATION_INFORMATION_CLASS { PolicyNotifyAuditEventsInformation = 1, PolicyNotifyAccountDomainInformation, PolicyNotifyServerRoleInformation, PolicyNotifyDnsDomainInformation, PolicyNotifyDomainEfsInformation, PolicyNotifyDomainKerberosTicketInformation, PolicyNotifyMachineAccountPasswordInformation, PolicyNotifyGlobalSaclInformation, PolicyNotifyMax, }} pub type PPOLICY_NOTIFICATION_INFORMATION_CLASS = *mut POLICY_NOTIFICATION_INFORMATION_CLASS; pub type LSA_HANDLE = PVOID; pub type PLSA_HANDLE = *mut PVOID; ENUM!{enum TRUSTED_INFORMATION_CLASS { TrustedDomainNameInformation = 1, TrustedControllersInformation, TrustedPosixOffsetInformation, TrustedPasswordInformation, TrustedDomainInformationBasic, TrustedDomainInformationEx, TrustedDomainAuthInformation, TrustedDomainFullInformation, TrustedDomainAuthInformationInternal, TrustedDomainFullInformationInternal, TrustedDomainInformationEx2Internal, TrustedDomainFullInformation2Internal, TrustedDomainSupportedEncryptionTypes, }} pub type PTRUSTED_INFORMATION_CLASS = *mut TRUSTED_INFORMATION_CLASS; STRUCT!{struct TRUSTED_DOMAIN_NAME_INFO { Name: LSA_UNICODE_STRING, }} pub type PTRUSTED_DOMAIN_NAME_INFO = *mut TRUSTED_DOMAIN_NAME_INFO; STRUCT!{struct TRUSTED_CONTROLLERS_INFO { Entries: ULONG, Names: PLSA_UNICODE_STRING, }} pub type PTRUSTED_CONTROLLERS_INFO = *mut TRUSTED_CONTROLLERS_INFO; STRUCT!{struct TRUSTED_POSIX_OFFSET_INFO { Offset: ULONG, }} pub type PTRUSTED_POSIX_OFFSET_INFO = *mut TRUSTED_POSIX_OFFSET_INFO; STRUCT!{struct TRUSTED_PASSWORD_INFO { Password: LSA_UNICODE_STRING, OldPassword: LSA_UNICODE_STRING, }} pub type PTRUSTED_PASSWORD_INFO = *mut TRUSTED_PASSWORD_INFO; pub type TRUSTED_DOMAIN_INFORMATION_BASIC = LSA_TRUST_INFORMATION; pub type PTRUSTED_DOMAIN_INFORMATION_BASIC = PLSA_TRUST_INFORMATION; pub const TRUST_DIRECTION_DISABLED: ULONG = 0x00000000; pub const TRUST_DIRECTION_INBOUND: ULONG = 0x00000001; pub const TRUST_DIRECTION_OUTBOUND: ULONG = 0x00000002; pub const TRUST_DIRECTION_BIDIRECTIONAL: ULONG = TRUST_DIRECTION_INBOUND | TRUST_DIRECTION_OUTBOUND; pub const TRUST_TYPE_DOWNLEVEL: ULONG = 0x00000001; pub const TRUST_TYPE_UPLEVEL: ULONG = 0x00000002; pub const TRUST_TYPE_MIT: ULONG = 0x00000003; pub const TRUST_ATTRIBUTE_NON_TRANSITIVE: ULONG = 0x00000001; pub const TRUST_ATTRIBUTE_UPLEVEL_ONLY: ULONG = 0x00000002; pub const TRUST_ATTRIBUTE_QUARANTINED_DOMAIN: ULONG = 0x00000004; pub const TRUST_ATTRIBUTE_FOREST_TRANSITIVE: ULONG = 0x00000008; pub const TRUST_ATTRIBUTE_CROSS_ORGANIZATION: ULONG = 0x00000010; pub const TRUST_ATTRIBUTE_WITHIN_FOREST: ULONG = 0x00000020; pub const TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL: ULONG = 0x00000040; pub const TRUST_ATTRIBUTE_TRUST_USES_RC4_ENCRYPTION: ULONG = 0x00000080; pub const TRUST_ATTRIBUTE_TRUST_USES_AES_KEYS: ULONG = 0x00000100; pub const TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION: ULONG = 0x00000200; pub const TRUST_ATTRIBUTES_VALID: ULONG = 0xFF03FFFF; pub const TRUST_ATTRIBUTES_USER: ULONG = 0xFF000000; STRUCT!{struct TRUSTED_DOMAIN_INFORMATION_EX { Name: LSA_UNICODE_STRING, FlatName: LSA_UNICODE_STRING, Sid: PSID, TrustDirection: ULONG, TrustType: ULONG, TrustAttributes: ULONG, }} pub type PTRUSTED_DOMAIN_INFORMATION_EX = *mut TRUSTED_DOMAIN_INFORMATION_EX; STRUCT!{struct TRUSTED_DOMAIN_INFORMATION_EX2 { Name: LSA_UNICODE_STRING, FlatName: LSA_UNICODE_STRING, Sid: PSID, TrustDirection: ULONG, TrustType: ULONG, TrustAttributes: ULONG, ForestTrustLength: ULONG, ForestTrustInfo: PUCHAR, }} pub type PTRUSTED_DOMAIN_INFORMATION_EX2 = *mut TRUSTED_DOMAIN_INFORMATION_EX2; pub const TRUST_AUTH_TYPE_NONE: ULONG = 0; pub const TRUST_AUTH_TYPE_NT4OWF: ULONG = 1; pub const TRUST_AUTH_TYPE_CLEAR: ULONG = 2; pub const TRUST_AUTH_TYPE_VERSION: ULONG = 3; STRUCT!{struct LSA_AUTH_INFORMATION { LastUpdateTime: LARGE_INTEGER, AuthType: ULONG, AuthInfoLength: ULONG, AuthInfo: PUCHAR, }} pub type PLSA_AUTH_INFORMATION = *mut LSA_AUTH_INFORMATION; STRUCT!{struct TRUSTED_DOMAIN_AUTH_INFORMATION { IncomingAuthInfos: ULONG, IncomingAuthenticationInformation: PLSA_AUTH_INFORMATION, IncomingPreviousAuthenticationInformation: PLSA_AUTH_INFORMATION, OutgoingAuthInfos: ULONG, OutgoingAuthenticationInformation: PLSA_AUTH_INFORMATION, OutgoingPreviousAuthenticationInformation: PLSA_AUTH_INFORMATION, }} pub type PTRUSTED_DOMAIN_AUTH_INFORMATION = *mut TRUSTED_DOMAIN_AUTH_INFORMATION; STRUCT!{struct TRUSTED_DOMAIN_FULL_INFORMATION { Information: TRUSTED_DOMAIN_INFORMATION_EX, PosixOffset: TRUSTED_POSIX_OFFSET_INFO, AuthInformation: TRUSTED_DOMAIN_AUTH_INFORMATION, }} pub type PTRUSTED_DOMAIN_FULL_INFORMATION = *mut TRUSTED_DOMAIN_FULL_INFORMATION; STRUCT!{struct TRUSTED_DOMAIN_FULL_INFORMATION2 { Information: TRUSTED_DOMAIN_INFORMATION_EX2, PosixOffset: TRUSTED_POSIX_OFFSET_INFO, AuthInformation: TRUSTED_DOMAIN_AUTH_INFORMATION, }} pub type PTRUSTED_DOMAIN_FULL_INFORMATION2 = *mut TRUSTED_DOMAIN_FULL_INFORMATION2; STRUCT!{struct TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES { SupportedEncryptionTypes: ULONG, }} pub type PTRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES = *mut TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES; ENUM!{enum LSA_FOREST_TRUST_RECORD_TYPE { ForestTrustTopLevelName, ForestTrustTopLevelNameEx, ForestTrustDomainInfo, ForestTrustRecordTypeLast, // = ForestTrustDomainInfo, }} pub const LSA_FTRECORD_DISABLED_REASONS: ULONG = 0x0000FFFF; pub const LSA_TLN_DISABLED_NEW: ULONG = 0x00000001; pub const LSA_TLN_DISABLED_ADMIN: ULONG = 0x00000002; pub const LSA_TLN_DISABLED_CONFLICT: ULONG = 0x00000004; pub const LSA_SID_DISABLED_ADMIN: ULONG = 0x00000001; pub const LSA_SID_DISABLED_CONFLICT: ULONG = 0x00000002; pub const LSA_NB_DISABLED_ADMIN: ULONG = 0x00000004; pub const LSA_NB_DISABLED_CONFLICT: ULONG = 0x00000008; STRUCT!{struct LSA_FOREST_TRUST_DOMAIN_INFO { Sid: PSID, DnsName: LSA_UNICODE_STRING, NetbiosName: LSA_UNICODE_STRING, }} pub type PLSA_FOREST_TRUST_DOMAIN_INFO = *mut LSA_FOREST_TRUST_DOMAIN_INFO; pub const MAX_FOREST_TRUST_BINARY_DATA_SIZE: ULONG = 128 * 1024; STRUCT!{struct LSA_FOREST_TRUST_BINARY_DATA { Length: ULONG, Buffer: PUCHAR, }} pub type PLSA_FOREST_TRUST_BINARY_DATA = *mut LSA_FOREST_TRUST_BINARY_DATA; UNION!{union LSA_FOREST_TRUST_RECORD_ForestTrustData { [usize; 5], TopLevelName TopLevelName_mut: LSA_UNICODE_STRING, DomainInfo DomainInfo_mut: LSA_FOREST_TRUST_DOMAIN_INFO, Data Data_mut: LSA_FOREST_TRUST_BINARY_DATA, }} STRUCT!{struct LSA_FOREST_TRUST_RECORD { Flags: ULONG, ForestTrustType: LSA_FOREST_TRUST_RECORD_TYPE, Time: LARGE_INTEGER, ForestTrustData: LSA_FOREST_TRUST_RECORD_ForestTrustData, }} pub type PLSA_FOREST_TRUST_RECORD = *mut LSA_FOREST_TRUST_RECORD; pub const MAX_RECORDS_IN_FOREST_TRUST_INFO: ULONG = 4000; STRUCT!{struct LSA_FOREST_TRUST_INFORMATION { RecordCount: ULONG, Entries: *mut PLSA_FOREST_TRUST_RECORD, }} pub type PLSA_FOREST_TRUST_INFORMATION = *mut LSA_FOREST_TRUST_INFORMATION; ENUM!{enum LSA_FOREST_TRUST_COLLISION_RECORD_TYPE { CollisionTdo, CollisionXref, CollisionOther, }} STRUCT!{struct LSA_FOREST_TRUST_COLLISION_RECORD { Index: ULONG, Type: LSA_FOREST_TRUST_COLLISION_RECORD_TYPE, Flags: ULONG, Name: LSA_UNICODE_STRING, }} pub type PLSA_FOREST_TRUST_COLLISION_RECORD = *mut LSA_FOREST_TRUST_COLLISION_RECORD; STRUCT!{struct LSA_FOREST_TRUST_COLLISION_INFORMATION { RecordCount: ULONG, Entries: *mut PLSA_FOREST_TRUST_COLLISION_RECORD, }} pub type PLSA_FOREST_TRUST_COLLISION_INFORMATION = *mut LSA_FOREST_TRUST_COLLISION_INFORMATION; pub type LSA_ENUMERATION_HANDLE = ULONG; pub type PLSA_ENUMERATION_HANDLE = *mut ULONG; STRUCT!{struct LSA_ENUMERATION_INFORMATION { Sid: PSID, }} pub type PLSA_ENUMERATION_INFORMATION = *mut LSA_ENUMERATION_INFORMATION; STRUCT!{struct LSA_LAST_INTER_LOGON_INFO { LastSuccessfulLogon: LARGE_INTEGER, LastFailedLogon: LARGE_INTEGER, FailedAttemptCountSinceLastSuccessfulLogon: ULONG, }} pub type PLSA_LAST_INTER_LOGON_INFO = *mut LSA_LAST_INTER_LOGON_INFO; STRUCT!{struct SECURITY_LOGON_SESSION_DATA { Size: ULONG, LogonId: LUID, UserName: LSA_UNICODE_STRING, LogonDomain: LSA_UNICODE_STRING, AuthenticationPackage: LSA_UNICODE_STRING, LogonType: ULONG, Session: ULONG, Sid: PSID, LogonTime: LARGE_INTEGER, LogonServer: LSA_UNICODE_STRING, DnsDomainName: LSA_UNICODE_STRING, Upn: LSA_UNICODE_STRING, UserFlags: ULONG, LastLogonInfo: LSA_LAST_INTER_LOGON_INFO, LogonScript: LSA_UNICODE_STRING, ProfilePath: LSA_UNICODE_STRING, HomeDirectory: LSA_UNICODE_STRING, HomeDirectoryDrive: LSA_UNICODE_STRING, LogoffTime: LARGE_INTEGER, KickOffTime: LARGE_INTEGER, PasswordLastSet: LARGE_INTEGER, PasswordCanChange: LARGE_INTEGER, PasswordMustChange: LARGE_INTEGER, }} pub type PSECURITY_LOGON_SESSION_DATA = *mut SECURITY_LOGON_SESSION_DATA; pub const CENTRAL_ACCESS_POLICY_OWNER_RIGHTS_PRESENT_FLAG: ULONG = 0x00000001; pub const CENTRAL_ACCESS_POLICY_STAGED_OWNER_RIGHTS_PRESENT_FLAG: ULONG = 0x00000100; pub const CENTRAL_ACCESS_POLICY_STAGED_FLAG: ULONG = 0x00010000; pub const CENTRAL_ACCESS_POLICY_VALID_FLAG_MASK: ULONG = CENTRAL_ACCESS_POLICY_OWNER_RIGHTS_PRESENT_FLAG | CENTRAL_ACCESS_POLICY_STAGED_OWNER_RIGHTS_PRESENT_FLAG | CENTRAL_ACCESS_POLICY_STAGED_FLAG; pub const LSASETCAPS_RELOAD_FLAG: ULONG = 0x00000001; pub const LSASETCAPS_VALID_FLAG_MASK: ULONG = LSASETCAPS_RELOAD_FLAG; STRUCT!{struct CENTRAL_ACCESS_POLICY_ENTRY { Name: LSA_UNICODE_STRING, Description: LSA_UNICODE_STRING, ChangeId: LSA_UNICODE_STRING, LengthAppliesTo: ULONG, AppliesTo: PUCHAR, LengthSD: ULONG, SD: PSECURITY_DESCRIPTOR, LengthStagedSD: ULONG, StagedSD: PSECURITY_DESCRIPTOR, Flags: ULONG, }} pub type PCENTRAL_ACCESS_POLICY_ENTRY = *mut CENTRAL_ACCESS_POLICY_ENTRY; pub type PCCENTRAL_ACCESS_POLICY_ENTRY = *const CENTRAL_ACCESS_POLICY_ENTRY; STRUCT!{struct CENTRAL_ACCESS_POLICY { CAPID: PSID, Name: LSA_UNICODE_STRING, Description: LSA_UNICODE_STRING, ChangeId: LSA_UNICODE_STRING, Flags: ULONG, CAPECount: ULONG, CAPEs: *mut PCENTRAL_ACCESS_POLICY_ENTRY, }} pub type PCENTRAL_ACCESS_POLICY = *mut CENTRAL_ACCESS_POLICY; pub type PCCENTRAL_ACCESS_POLICY = *const CENTRAL_ACCESS_POLICY; ENUM!{enum NEGOTIATE_MESSAGES { NegEnumPackagePrefixes = 0, NegGetCallerName = 1, NegTransferCredentials = 2, NegCallPackageMax, }} pub const NEGOTIATE_MAX_PREFIX: usize = 32; STRUCT!{struct NEGOTIATE_PACKAGE_PREFIX { PackageId: ULONG_PTR, PackageDataA: PVOID, PackageDataW: PVOID, PrefixLen: ULONG_PTR, Prefix: [UCHAR; NEGOTIATE_MAX_PREFIX], }} pub type PNEGOTIATE_PACKAGE_PREFIX = *mut NEGOTIATE_PACKAGE_PREFIX; STRUCT!{struct NEGOTIATE_PACKAGE_PREFIXES { MessageType: ULONG, PrefixCount: ULONG, Offset: ULONG, Pad: ULONG, }} pub type PNEGOTIATE_PACKAGE_PREFIXES = *mut NEGOTIATE_PACKAGE_PREFIXES; STRUCT!{struct NEGOTIATE_CALLER_NAME_REQUEST { MessageType: ULONG, LogonId: LUID, }} pub type PNEGOTIATE_CALLER_NAME_REQUEST = *mut NEGOTIATE_CALLER_NAME_REQUEST; STRUCT!{struct NEGOTIATE_CALLER_NAME_RESPONSE { MessageType: ULONG, CallerName: PWSTR, }} pub type PNEGOTIATE_CALLER_NAME_RESPONSE = *mut NEGOTIATE_CALLER_NAME_RESPONSE; STRUCT!{struct DOMAIN_PASSWORD_INFORMATION { MinPasswordLength: USHORT, PasswordHistoryLength: USHORT, PasswordProperties: ULONG, MaxPasswordAge: LARGE_INTEGER, MinPasswordAge: LARGE_INTEGER, }} pub type PDOMAIN_PASSWORD_INFORMATION = *mut DOMAIN_PASSWORD_INFORMATION; pub const DOMAIN_PASSWORD_COMPLEX: ULONG = 0x00000001; pub const DOMAIN_PASSWORD_NO_ANON_CHANGE: ULONG = 0x00000002; pub const DOMAIN_PASSWORD_NO_CLEAR_CHANGE: ULONG = 0x00000004; pub const DOMAIN_LOCKOUT_ADMINS: ULONG = 0x00000008; pub const DOMAIN_PASSWORD_STORE_CLEARTEXT: ULONG = 0x00000010; pub const DOMAIN_REFUSE_PASSWORD_CHANGE: ULONG = 0x00000020; pub const DOMAIN_NO_LM_OWF_CHANGE: ULONG = 0x00000040; FN!{stdcall PSAM_PASSWORD_NOTIFICATION_ROUTINE( UserName: PUNICODE_STRING, RelativeId: ULONG, NewPassword: PUNICODE_STRING, ) -> NTSTATUS} FN!{stdcall PSAM_INIT_NOTIFICATION_ROUTINE() -> BOOLEAN} FN!{stdcall PSAM_PASSWORD_FILTER_ROUTINE( AccountName: PUNICODE_STRING, FullName: PUNICODE_STRING, Password: PUNICODE_STRING, SetOperation: BOOLEAN, ) -> BOOLEAN} ENUM!{enum MSV1_0_LOGON_SUBMIT_TYPE { MsV1_0InteractiveLogon = 2, MsV1_0Lm20Logon, MsV1_0NetworkLogon, MsV1_0SubAuthLogon, MsV1_0WorkstationUnlockLogon = 7, MsV1_0S4ULogon = 12, MsV1_0VirtualLogon = 82, MsV1_0NoElevationLogon = 83, MsV1_0LuidLogon = 84, }} pub type PMSV1_0_LOGON_SUBMIT_TYPE = *mut MSV1_0_LOGON_SUBMIT_TYPE; ENUM!{enum MSV1_0_PROFILE_BUFFER_TYPE { MsV1_0InteractiveProfile = 2, MsV1_0Lm20LogonProfile, MsV1_0SmartCardProfile, }} pub type PMSV1_0_PROFILE_BUFFER_TYPE = *mut MSV1_0_PROFILE_BUFFER_TYPE; STRUCT!{struct MSV1_0_INTERACTIVE_LOGON { MessageType: MSV1_0_LOGON_SUBMIT_TYPE, LogonDomainName: UNICODE_STRING, UserName: UNICODE_STRING, Password: UNICODE_STRING, }} pub type PMSV1_0_INTERACTIVE_LOGON = *mut MSV1_0_INTERACTIVE_LOGON; STRUCT!{struct MSV1_0_INTERACTIVE_PROFILE { MessageType: MSV1_0_PROFILE_BUFFER_TYPE, LogonCount: USHORT, BadPasswordCount: USHORT, LogonTime: LARGE_INTEGER, LogoffTime: LARGE_INTEGER, KickOffTime: LARGE_INTEGER, PasswordLastSet: LARGE_INTEGER, PasswordCanChange: LARGE_INTEGER, PasswordMustChange: LARGE_INTEGER, LogonScript: UNICODE_STRING, HomeDirectory: UNICODE_STRING, FullName: UNICODE_STRING, ProfilePath: UNICODE_STRING, HomeDirectoryDrive: UNICODE_STRING, LogonServer: UNICODE_STRING, UserFlags: ULONG, }} pub type PMSV1_0_INTERACTIVE_PROFILE = *mut MSV1_0_INTERACTIVE_PROFILE; pub const MSV1_0_CHALLENGE_LENGTH: usize = 8; pub const MSV1_0_USER_SESSION_KEY_LENGTH: usize = 16; pub const MSV1_0_LANMAN_SESSION_KEY_LENGTH: usize = 8; pub const MSV1_0_CLEARTEXT_PASSWORD_ALLOWED: ULONG = 0x02; pub const MSV1_0_UPDATE_LOGON_STATISTICS: ULONG = 0x04; pub const MSV1_0_RETURN_USER_PARAMETERS: ULONG = 0x08; pub const MSV1_0_DONT_TRY_GUEST_ACCOUNT: ULONG = 0x10; pub const MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT: ULONG = 0x20; pub const MSV1_0_RETURN_PASSWORD_EXPIRY: ULONG = 0x40; pub const MSV1_0_USE_CLIENT_CHALLENGE: ULONG = 0x80; pub const MSV1_0_TRY_GUEST_ACCOUNT_ONLY: ULONG = 0x100; pub const MSV1_0_RETURN_PROFILE_PATH: ULONG = 0x200; pub const MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY: ULONG = 0x400; pub const MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT: ULONG = 0x800; pub const MSV1_0_DISABLE_PERSONAL_FALLBACK: ULONG = 0x00001000; pub const MSV1_0_ALLOW_FORCE_GUEST: ULONG = 0x00002000; pub const MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED: ULONG = 0x00004000; pub const MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY: ULONG = 0x00008000; pub const MSV1_0_SUBAUTHENTICATION_DLL_EX: ULONG = 0x00100000; pub const MSV1_0_ALLOW_MSVCHAPV2: ULONG = 0x00010000; pub const MSV1_0_S4U2SELF: ULONG = 0x00020000; pub const MSV1_0_CHECK_LOGONHOURS_FOR_S4U: ULONG = 0x00040000; pub const MSV1_0_INTERNET_DOMAIN: ULONG = 0x00080000; pub const MSV1_0_SUBAUTHENTICATION_DLL: ULONG = 0xFF000000; pub const MSV1_0_SUBAUTHENTICATION_DLL_SHIFT: ULONG = 24; pub const MSV1_0_MNS_LOGON: ULONG = 0x01000000; pub const MSV1_0_SUBAUTHENTICATION_DLL_RAS: ULONG = 2; pub const MSV1_0_SUBAUTHENTICATION_DLL_IIS: ULONG = 132; STRUCT!{struct MSV1_0_LM20_LOGON { MessageType: MSV1_0_LOGON_SUBMIT_TYPE, LogonDomainName: UNICODE_STRING, UserName: UNICODE_STRING, Workstation: UNICODE_STRING, ChallengeToClient: [UCHAR; MSV1_0_CHALLENGE_LENGTH], CaseSensitiveChallengeResponse: STRING, CaseInsensitiveChallengeResponse: STRING, ParameterControl: ULONG, }} pub type PMSV1_0_LM20_LOGON = *mut MSV1_0_LM20_LOGON; STRUCT!{struct MSV1_0_SUBAUTH_LOGON { MessageType: MSV1_0_LOGON_SUBMIT_TYPE, LogonDomainName: UNICODE_STRING, UserName: UNICODE_STRING, Workstation: UNICODE_STRING, ChallengeToClient: [UCHAR; MSV1_0_CHALLENGE_LENGTH], AuthenticationInfo1: STRING, AuthenticationInfo2: STRING, ParameterControl: ULONG, SubAuthPackageId: ULONG, }} pub type PMSV1_0_SUBAUTH_LOGON = *mut MSV1_0_SUBAUTH_LOGON; STRUCT!{struct MSV1_0_S4U_LOGON { MessageType: MSV1_0_LOGON_SUBMIT_TYPE, MSV1_0_LOGON_SUBMIT_TYPE: ULONG, UserPrincipalName: UNICODE_STRING, DomainName: UNICODE_STRING, }} pub type PMSV1_0_S4U_LOGON = *mut MSV1_0_S4U_LOGON; pub const LOGON_GUEST: ULONG = 0x01; pub const LOGON_NOENCRYPTION: ULONG = 0x02; pub const LOGON_CACHED_ACCOUNT: ULONG = 0x04; pub const LOGON_USED_LM_PASSWORD: ULONG = 0x08; pub const LOGON_EXTRA_SIDS: ULONG = 0x20; pub const LOGON_SUBAUTH_SESSION_KEY: ULONG = 0x40; pub const LOGON_SERVER_TRUST_ACCOUNT: ULONG = 0x80; pub const LOGON_NTLMV2_ENABLED: ULONG = 0x100; pub const LOGON_RESOURCE_GROUPS: ULONG = 0x200; pub const LOGON_PROFILE_PATH_RETURNED: ULONG = 0x400; pub const LOGON_NT_V2: ULONG = 0x800; pub const LOGON_LM_V2: ULONG = 0x1000; pub const LOGON_NTLM_V2: ULONG = 0x2000; pub const LOGON_OPTIMIZED: ULONG = 0x4000; pub const LOGON_WINLOGON: ULONG = 0x8000; pub const LOGON_PKINIT: ULONG = 0x10000; pub const LOGON_NO_OPTIMIZED: ULONG = 0x20000; pub const LOGON_NO_ELEVATION: ULONG = 0x40000; pub const LOGON_MANAGED_SERVICE: ULONG = 0x80000; pub const LOGON_GRACE_LOGON: ULONG = 0x01000000; STRUCT!{struct MSV1_0_LM20_LOGON_PROFILE { MessageType: MSV1_0_PROFILE_BUFFER_TYPE, KickOffTime: LARGE_INTEGER, LogoffTime: LARGE_INTEGER, UserFlags: ULONG, UserSessionKey: [UCHAR; MSV1_0_USER_SESSION_KEY_LENGTH], LogonDomainName: UNICODE_STRING, LanmanSessionKey: [UCHAR; MSV1_0_LANMAN_SESSION_KEY_LENGTH], LogonServer: UNICODE_STRING, UserParameters: UNICODE_STRING, }} pub type PMSV1_0_LM20_LOGON_PROFILE = *mut MSV1_0_LM20_LOGON_PROFILE; pub const MSV1_0_OWF_PASSWORD_LENGTH: usize = 16; STRUCT!{struct MSV1_0_SUPPLEMENTAL_CREDENTIAL { Version: ULONG, Flags: ULONG, LmPassword: [UCHAR; MSV1_0_OWF_PASSWORD_LENGTH], NtPassword: [UCHAR; MSV1_0_OWF_PASSWORD_LENGTH], }} pub type PMSV1_0_SUPPLEMENTAL_CREDENTIAL = *mut MSV1_0_SUPPLEMENTAL_CREDENTIAL; pub const MSV1_0_NTLM3_RESPONSE_LENGTH: usize = 16; pub const MSV1_0_NTLM3_OWF_LENGTH: usize = 16; STRUCT!{struct MSV1_0_NTLM3_RESPONSE { Response: [UCHAR; MSV1_0_NTLM3_RESPONSE_LENGTH], RespType: UCHAR, HiRespType: UCHAR, Flags: USHORT, MsgWord: ULONG, TimeStamp: ULONGLONG, ChallengeFromClient: [UCHAR; MSV1_0_CHALLENGE_LENGTH], AvPairsOff: ULONG, Buffer: [UCHAR; 1], }} pub type PMSV1_0_NTLM3_RESPONSE = *mut MSV1_0_NTLM3_RESPONSE; ENUM!{enum MSV1_0_AVID { MsvAvEOL, MsvAvNbComputerName, MsvAvNbDomainName, MsvAvDnsComputerName, MsvAvDnsDomainName, MsvAvDnsTreeName, MsvAvFlags, MsvAvTimestamp, MsvAvRestrictions, MsvAvTargetName, MsvAvChannelBindings, }} STRUCT!{struct MSV1_0_AV_PAIR { AvId: USHORT, AvLen: USHORT, }} pub type PMSV1_0_AV_PAIR = *mut MSV1_0_AV_PAIR; ENUM!{enum MSV1_0_PROTOCOL_MESSAGE_TYPE { MsV1_0Lm20ChallengeRequest = 0, MsV1_0Lm20GetChallengeResponse, MsV1_0EnumerateUsers, MsV1_0GetUserInfo, MsV1_0ReLogonUsers, MsV1_0ChangePassword, MsV1_0ChangeCachedPassword, MsV1_0GenericPassthrough, MsV1_0CacheLogon, MsV1_0SubAuth, MsV1_0DeriveCredential, MsV1_0CacheLookup, MsV1_0SetProcessOption, MsV1_0ConfigLocalAliases, MsV1_0ClearCachedCredentials, MsV1_0LookupToken, MsV1_0ValidateAuth, MsV1_0CacheLookupEx, MsV1_0GetCredentialKey, MsV1_0SetThreadOption, }} pub type PMSV1_0_PROTOCOL_MESSAGE_TYPE = *mut MSV1_0_PROTOCOL_MESSAGE_TYPE; STRUCT!{struct MSV1_0_CHANGEPASSWORD_REQUEST { MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE, DomainName: UNICODE_STRING, AccountName: UNICODE_STRING, OldPassword: UNICODE_STRING, NewPassword: UNICODE_STRING, Impersonating: BOOLEAN, }} pub type PMSV1_0_CHANGEPASSWORD_REQUEST = *mut MSV1_0_CHANGEPASSWORD_REQUEST; STRUCT!{struct MSV1_0_CHANGEPASSWORD_RESPONSE { MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE, PasswordInfoValid: BOOLEAN, DomainPasswordInfo: DOMAIN_PASSWORD_INFORMATION, }} pub type PMSV1_0_CHANGEPASSWORD_RESPONSE = *mut MSV1_0_CHANGEPASSWORD_RESPONSE; STRUCT!{struct MSV1_0_PASSTHROUGH_REQUEST { MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE, DomainName: UNICODE_STRING, PackageName: UNICODE_STRING, DataLength: ULONG, LogonData: PUCHAR, Pad: ULONG, }} pub type PMSV1_0_PASSTHROUGH_REQUEST = *mut MSV1_0_PASSTHROUGH_REQUEST; STRUCT!{struct MSV1_0_PASSTHROUGH_RESPONSE { MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE, Pad: ULONG, DataLength: ULONG, ValidationData: PUCHAR, }} pub type PMSV1_0_PASSTHROUGH_RESPONSE = *mut MSV1_0_PASSTHROUGH_RESPONSE; STRUCT!{struct MSV1_0_SUBAUTH_REQUEST { MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE, SubAuthPackageId: ULONG, SubAuthInfoLength: ULONG, SubAuthSubmitBuffer: PUCHAR, }} pub type PMSV1_0_SUBAUTH_REQUEST = *mut MSV1_0_SUBAUTH_REQUEST; STRUCT!{struct MSV1_0_SUBAUTH_RESPONSE { MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE, SubAuthInfoLength: ULONG, SubAuthReturnBuffer: PUCHAR, }} pub type PMSV1_0_SUBAUTH_RESPONSE = *mut MSV1_0_SUBAUTH_RESPONSE; pub use self::SystemFunction036 as RtlGenRandom; pub use self::SystemFunction040 as RtlEncryptMemory; pub use self::SystemFunction041 as RtlDecryptMemory; extern "system" { pub fn SystemFunction036( RandomBuffer: PVOID, RandomBufferLength: ULONG, ) -> BOOLEAN; } pub const RTL_ENCRYPT_MEMORY_SIZE: ULONG = 8; pub const RTL_ENCRYPT_OPTION_CROSS_PROCESS: ULONG = 0x01; pub const RTL_ENCRYPT_OPTION_SAME_LOGON: ULONG = 0x02; extern "system" { pub fn SystemFunction040( Memory: PVOID, MemorySize: ULONG, OptionFlags: ULONG, ) -> NTSTATUS; pub fn SystemFunction041( Memory: PVOID, MemorySize: ULONG, OptionFlags: ULONG, ) -> NTSTATUS; } pub const KERBEROS_VERSION: ULONG = 5; pub const KERBEROS_REVISION: ULONG = 6; pub const KERB_ETYPE_NULL: LONG = 0; pub const KERB_ETYPE_DES_CBC_CRC: LONG = 1; pub const KERB_ETYPE_DES_CBC_MD4: LONG = 2; pub const KERB_ETYPE_DES_CBC_MD5: LONG = 3; pub const KERB_ETYPE_AES128_CTS_HMAC_SHA1_96: LONG = 17; pub const KERB_ETYPE_AES256_CTS_HMAC_SHA1_96: LONG = 18; pub const KERB_ETYPE_RC4_MD4: LONG = -128; pub const KERB_ETYPE_RC4_PLAIN2: LONG = -129; pub const KERB_ETYPE_RC4_LM: LONG = -130; pub const KERB_ETYPE_RC4_SHA: LONG = -131; pub const KERB_ETYPE_DES_PLAIN: LONG = -132; pub const KERB_ETYPE_RC4_HMAC_OLD: LONG = -133; pub const KERB_ETYPE_RC4_PLAIN_OLD: LONG = -134; pub const KERB_ETYPE_RC4_HMAC_OLD_EXP: LONG = -135; pub const KERB_ETYPE_RC4_PLAIN_OLD_EXP: LONG = -136; pub const KERB_ETYPE_RC4_PLAIN: LONG = -140; pub const KERB_ETYPE_RC4_PLAIN_EXP: LONG = -141; pub const KERB_ETYPE_AES128_CTS_HMAC_SHA1_96_PLAIN: LONG = -148; pub const KERB_ETYPE_AES256_CTS_HMAC_SHA1_96_PLAIN: LONG = -149; pub const KERB_ETYPE_DSA_SHA1_CMS: LONG = 9; pub const KERB_ETYPE_RSA_MD5_CMS: LONG = 10; pub const KERB_ETYPE_RSA_SHA1_CMS: LONG = 11; pub const KERB_ETYPE_RC2_CBC_ENV: LONG = 12; pub const KERB_ETYPE_RSA_ENV: LONG = 13; pub const KERB_ETYPE_RSA_ES_OEAP_ENV: LONG = 14; pub const KERB_ETYPE_DES_EDE3_CBC_ENV: LONG = 15; pub const KERB_ETYPE_DSA_SIGN: LONG = 8; pub const KERB_ETYPE_RSA_PRIV: LONG = 9; pub const KERB_ETYPE_RSA_PUB: LONG = 10; pub const KERB_ETYPE_RSA_PUB_MD5: LONG = 11; pub const KERB_ETYPE_RSA_PUB_SHA1: LONG = 12; pub const KERB_ETYPE_PKCS7_PUB: LONG = 13; pub const KERB_ETYPE_DES3_CBC_MD5: LONG = 5; pub const KERB_ETYPE_DES3_CBC_SHA1: LONG = 7; pub const KERB_ETYPE_DES3_CBC_SHA1_KD: LONG = 16; pub const KERB_ETYPE_DES_CBC_MD5_NT: LONG = 20; pub const KERB_ETYPE_RC4_HMAC_NT: LONG = 23; pub const KERB_ETYPE_RC4_HMAC_NT_EXP: LONG = 24; pub const KERB_CHECKSUM_NONE: LONG = 0; pub const KERB_CHECKSUM_CRC32: LONG = 1; pub const KERB_CHECKSUM_MD4: LONG = 2; pub const KERB_CHECKSUM_KRB_DES_MAC: LONG = 4; pub const KERB_CHECKSUM_KRB_DES_MAC_K: LONG = 5; pub const KERB_CHECKSUM_MD5: LONG = 7; pub const KERB_CHECKSUM_MD5_DES: LONG = 8; pub const KERB_CHECKSUM_SHA1_NEW: LONG = 14; pub const KERB_CHECKSUM_HMAC_SHA1_96_AES128: LONG = 15; pub const KERB_CHECKSUM_HMAC_SHA1_96_AES256: LONG = 16; pub const KERB_CHECKSUM_LM: LONG = -130; pub const KERB_CHECKSUM_SHA1: LONG = -131; pub const KERB_CHECKSUM_REAL_CRC32: LONG = -132; pub const KERB_CHECKSUM_DES_MAC: LONG = -133; pub const KERB_CHECKSUM_DES_MAC_MD5: LONG = -134; pub const KERB_CHECKSUM_MD25: LONG = -135; pub const KERB_CHECKSUM_RC4_MD5: LONG = -136; pub const KERB_CHECKSUM_MD5_HMAC: LONG = -137; pub const KERB_CHECKSUM_HMAC_MD5: LONG = -138; pub const KERB_CHECKSUM_HMAC_SHA1_96_AES128_Ki: LONG = -150; pub const KERB_CHECKSUM_HMAC_SHA1_96_AES256_Ki: LONG = -151; pub const KERB_TICKET_FLAGS_reserved: ULONG = 0x80000000; pub const KERB_TICKET_FLAGS_forwardable: ULONG = 0x40000000; pub const KERB_TICKET_FLAGS_forwarded: ULONG = 0x20000000; pub const KERB_TICKET_FLAGS_proxiable: ULONG = 0x10000000; pub const KERB_TICKET_FLAGS_proxy: ULONG = 0x08000000; pub const KERB_TICKET_FLAGS_may_postdate: ULONG = 0x04000000; pub const KERB_TICKET_FLAGS_postdated: ULONG = 0x02000000; pub const KERB_TICKET_FLAGS_invalid: ULONG = 0x01000000; pub const KERB_TICKET_FLAGS_renewable: ULONG = 0x00800000; pub const KERB_TICKET_FLAGS_initial: ULONG = 0x00400000; pub const KERB_TICKET_FLAGS_pre_authent: ULONG = 0x00200000; pub const KERB_TICKET_FLAGS_hw_authent: ULONG = 0x00100000; pub const KERB_TICKET_FLAGS_ok_as_delegate: ULONG = 0x00040000; pub const KERB_TICKET_FLAGS_name_canonicalize: ULONG = 0x00010000; pub const KERB_TICKET_FLAGS_cname_in_pa_data: ULONG = 0x00040000; pub const KERB_TICKET_FLAGS_enc_pa_rep: ULONG = 0x00010000; pub const KERB_TICKET_FLAGS_reserved1: ULONG = 0x00000001; pub const KRB_NT_UNKNOWN: LONG = 0; pub const KRB_NT_PRINCIPAL: LONG = 1; pub const KRB_NT_PRINCIPAL_AND_ID: LONG = -131; pub const KRB_NT_SRV_INST: LONG = 2; pub const KRB_NT_SRV_INST_AND_ID: LONG = -132; pub const KRB_NT_SRV_HST: LONG = 3; pub const KRB_NT_SRV_XHST: LONG = 4; pub const KRB_NT_UID: LONG = 5; pub const KRB_NT_ENTERPRISE_PRINCIPAL: LONG = 10; pub const KRB_NT_WELLKNOWN: LONG = 11; pub const KRB_NT_ENT_PRINCIPAL_AND_ID: LONG = -130; pub const KRB_NT_MS_PRINCIPAL: LONG = -128; pub const KRB_NT_MS_PRINCIPAL_AND_ID: LONG = -129; pub const KRB_NT_MS_BRANCH_ID: LONG = -133; pub const KRB_NT_X500_PRINCIPAL: LONG = 6; pub const KERB_WRAP_NO_ENCRYPT: ULONG = 0x80000001; ENUM!{enum KERB_LOGON_SUBMIT_TYPE { KerbInteractiveLogon = 2, KerbSmartCardLogon = 6, KerbWorkstationUnlockLogon = 7, KerbSmartCardUnlockLogon = 8, KerbProxyLogon = 9, KerbTicketLogon = 10, KerbTicketUnlockLogon = 11, KerbS4ULogon = 12, KerbCertificateLogon = 13, KerbCertificateS4ULogon = 14, KerbCertificateUnlockLogon = 15, KerbNoElevationLogon = 83, KerbLuidLogon = 84, }} pub type PKERB_LOGON_SUBMIT_TYPE = *mut KERB_LOGON_SUBMIT_TYPE; STRUCT!{struct KERB_INTERACTIVE_LOGON { MessageType: KERB_LOGON_SUBMIT_TYPE, LogonDomainName: UNICODE_STRING, UserName: UNICODE_STRING, Password: UNICODE_STRING, }} pub type PKERB_INTERACTIVE_LOGON = *mut KERB_INTERACTIVE_LOGON; STRUCT!{struct KERB_INTERACTIVE_UNLOCK_LOGON { Logon: KERB_INTERACTIVE_LOGON, LogonId: LUID, }} pub type PKERB_INTERACTIVE_UNLOCK_LOGON = *mut KERB_INTERACTIVE_UNLOCK_LOGON; STRUCT!{struct KERB_SMART_CARD_LOGON { MessageType: KERB_LOGON_SUBMIT_TYPE, Pin: UNICODE_STRING, CspDataLength: ULONG, CspData: PUCHAR, }} pub type PKERB_SMART_CARD_LOGON = *mut KERB_SMART_CARD_LOGON; STRUCT!{struct KERB_SMART_CARD_UNLOCK_LOGON { Logon: KERB_SMART_CARD_LOGON, LogonId: LUID, }} pub type PKERB_SMART_CARD_UNLOCK_LOGON = *mut KERB_SMART_CARD_UNLOCK_LOGON; pub const KERB_CERTIFICATE_LOGON_FLAG_CHECK_DUPLICATES: ULONG = 0x1; pub const KERB_CERTIFICATE_LOGON_FLAG_USE_CERTIFICATE_INFO: ULONG = 0x2; STRUCT!{struct KERB_CERTIFICATE_LOGON { MessageType: KERB_LOGON_SUBMIT_TYPE, DomainName: UNICODE_STRING, UserName: UNICODE_STRING, Pin: UNICODE_STRING, Flags: ULONG, CspDataLength: ULONG, CspData: PUCHAR, }} pub type PKERB_CERTIFICATE_LOGON = *mut KERB_CERTIFICATE_LOGON; STRUCT!{struct KERB_CERTIFICATE_UNLOCK_LOGON { Logon: KERB_CERTIFICATE_LOGON, LogonId: LUID, }} pub type PKERB_CERTIFICATE_UNLOCK_LOGON = *mut KERB_CERTIFICATE_UNLOCK_LOGON; pub const KERB_CERTIFICATE_S4U_LOGON_FLAG_CHECK_DUPLICATES: ULONG = 0x1; pub const KERB_CERTIFICATE_S4U_LOGON_FLAG_CHECK_LOGONHOURS: ULONG = 0x2; pub const KERB_CERTIFICATE_S4U_LOGON_FLAG_FAIL_IF_NT_AUTH_POLICY_REQUIRED: ULONG = 0x4; pub const KERB_CERTIFICATE_S4U_LOGON_FLAG_IDENTIFY: ULONG = 0x8; STRUCT!{struct KERB_CERTIFICATE_S4U_LOGON { MessageType: KERB_LOGON_SUBMIT_TYPE, Flags: ULONG, UserPrincipalName: UNICODE_STRING, DomainName: UNICODE_STRING, CertificateLength: ULONG, Certificate: PUCHAR, }} pub type PKERB_CERTIFICATE_S4U_LOGON = *mut KERB_CERTIFICATE_S4U_LOGON; STRUCT!{struct KERB_TICKET_LOGON { MessageType: KERB_LOGON_SUBMIT_TYPE, Flags: ULONG, ServiceTicketLength: ULONG, TicketGrantingTicketLength: ULONG, ServiceTicket: PUCHAR, TicketGrantingTicket: PUCHAR, }} pub type PKERB_TICKET_LOGON = *mut KERB_TICKET_LOGON; STRUCT!{struct KERB_TICKET_UNLOCK_LOGON { Logon: KERB_TICKET_LOGON, LogonId: LUID, }} pub type PKERB_TICKET_UNLOCK_LOGON = *mut KERB_TICKET_UNLOCK_LOGON; pub const KERB_S4U_LOGON_FLAG_CHECK_LOGONHOURS: ULONG = 0x2; pub const KERB_S4U_LOGON_FLAG_IDENTIFY: ULONG = 0x8; STRUCT!{struct KERB_S4U_LOGON { MessageType: KERB_LOGON_SUBMIT_TYPE, Flags: ULONG, ClientUpn: UNICODE_STRING, ClientRealm: UNICODE_STRING, }} pub type PKERB_S4U_LOGON = *mut KERB_S4U_LOGON; ENUM!{enum KERB_PROFILE_BUFFER_TYPE { KerbInteractiveProfile = 2, KerbSmartCardProfile = 4, KerbTicketProfile = 6, }} pub type PKERB_PROFILE_BUFFER_TYPE = *mut KERB_PROFILE_BUFFER_TYPE; STRUCT!{struct KERB_INTERACTIVE_PROFILE { MessageType: KERB_PROFILE_BUFFER_TYPE, LogonCount: USHORT, BadPasswordCount: USHORT, LogonTime: LARGE_INTEGER, LogoffTime: LARGE_INTEGER, KickOffTime: LARGE_INTEGER, PasswordLastSet: LARGE_INTEGER, PasswordCanChange: LARGE_INTEGER, PasswordMustChange: LARGE_INTEGER, LogonScript: UNICODE_STRING, HomeDirectory: UNICODE_STRING, FullName: UNICODE_STRING, ProfilePath: UNICODE_STRING, HomeDirectoryDrive: UNICODE_STRING, LogonServer: UNICODE_STRING, UserFlags: ULONG, }} pub type PKERB_INTERACTIVE_PROFILE = *mut KERB_INTERACTIVE_PROFILE; STRUCT!{struct KERB_SMART_CARD_PROFILE { Profile: KERB_INTERACTIVE_PROFILE, CertificateSize: ULONG, CertificateData: PUCHAR, }} pub type PKERB_SMART_CARD_PROFILE = *mut KERB_SMART_CARD_PROFILE; STRUCT!{struct KERB_CRYPTO_KEY { KeyType: LONG, Length: ULONG, Value: PUCHAR, }} pub type PKERB_CRYPTO_KEY = *mut KERB_CRYPTO_KEY; STRUCT!{struct KERB_CRYPTO_KEY32 { KeyType: LONG, Length: ULONG, Offset: ULONG, }} pub type PKERB_CRYPTO_KEY32 = *mut KERB_CRYPTO_KEY32; STRUCT!{struct KERB_TICKET_PROFILE { Profile: KERB_INTERACTIVE_PROFILE, SessionKey: KERB_CRYPTO_KEY, }} pub type PKERB_TICKET_PROFILE = *mut KERB_TICKET_PROFILE; ENUM!{enum KERB_PROTOCOL_MESSAGE_TYPE { KerbDebugRequestMessage = 0, KerbQueryTicketCacheMessage, KerbChangeMachinePasswordMessage, KerbVerifyPacMessage, KerbRetrieveTicketMessage, KerbUpdateAddressesMessage, KerbPurgeTicketCacheMessage, KerbChangePasswordMessage, KerbRetrieveEncodedTicketMessage, KerbDecryptDataMessage, KerbAddBindingCacheEntryMessage, KerbSetPasswordMessage, KerbSetPasswordExMessage, KerbVerifyCredentialsMessage, KerbQueryTicketCacheExMessage, KerbPurgeTicketCacheExMessage, KerbRefreshSmartcardCredentialsMessage, KerbAddExtraCredentialsMessage, KerbQuerySupplementalCredentialsMessage, KerbTransferCredentialsMessage, KerbQueryTicketCacheEx2Message, KerbSubmitTicketMessage, KerbAddExtraCredentialsExMessage, KerbQueryKdcProxyCacheMessage, KerbPurgeKdcProxyCacheMessage, KerbQueryTicketCacheEx3Message, KerbCleanupMachinePkinitCredsMessage, KerbAddBindingCacheEntryExMessage, KerbQueryBindingCacheMessage, KerbPurgeBindingCacheMessage, KerbPinKdcMessage, KerbUnpinAllKdcsMessage, KerbQueryDomainExtendedPoliciesMessage, KerbQueryS4U2ProxyCacheMessage, }} pub type PKERB_PROTOCOL_MESSAGE_TYPE = *mut KERB_PROTOCOL_MESSAGE_TYPE; STRUCT!{struct KERB_QUERY_TKT_CACHE_REQUEST { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, LogonId: LUID, }} pub type PKERB_QUERY_TKT_CACHE_REQUEST = *mut KERB_QUERY_TKT_CACHE_REQUEST; STRUCT!{struct KERB_TICKET_CACHE_INFO { ServerName: UNICODE_STRING, RealmName: UNICODE_STRING, StartTime: LARGE_INTEGER, EndTime: LARGE_INTEGER, RenewTime: LARGE_INTEGER, EncryptionType: LONG, TicketFlags: ULONG, }} pub type PKERB_TICKET_CACHE_INFO = *mut KERB_TICKET_CACHE_INFO; STRUCT!{struct KERB_TICKET_CACHE_INFO_EX { ClientName: UNICODE_STRING, ClientRealm: UNICODE_STRING, ServerName: UNICODE_STRING, ServerRealm: UNICODE_STRING, StartTime: LARGE_INTEGER, EndTime: LARGE_INTEGER, RenewTime: LARGE_INTEGER, EncryptionType: LONG, TicketFlags: ULONG, }} pub type PKERB_TICKET_CACHE_INFO_EX = *mut KERB_TICKET_CACHE_INFO_EX; STRUCT!{struct KERB_TICKET_CACHE_INFO_EX2 { ClientName: UNICODE_STRING, ClientRealm: UNICODE_STRING, ServerName: UNICODE_STRING, ServerRealm: UNICODE_STRING, StartTime: LARGE_INTEGER, EndTime: LARGE_INTEGER, RenewTime: LARGE_INTEGER, EncryptionType: LONG, TicketFlags: ULONG, SessionKeyType: ULONG, BranchId: ULONG, }} pub type PKERB_TICKET_CACHE_INFO_EX2 = *mut KERB_TICKET_CACHE_INFO_EX2; STRUCT!{struct KERB_TICKET_CACHE_INFO_EX3 { ClientName: UNICODE_STRING, ClientRealm: UNICODE_STRING, ServerName: UNICODE_STRING, ServerRealm: UNICODE_STRING, StartTime: LARGE_INTEGER, EndTime: LARGE_INTEGER, RenewTime: LARGE_INTEGER, EncryptionType: LONG, TicketFlags: ULONG, SessionKeyType: ULONG, BranchId: ULONG, CacheFlags: ULONG, KdcCalled: UNICODE_STRING, }} pub type PKERB_TICKET_CACHE_INFO_EX3 = *mut KERB_TICKET_CACHE_INFO_EX3; STRUCT!{struct KERB_QUERY_TKT_CACHE_RESPONSE { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, CountOfTickets: ULONG, Tickets: [KERB_TICKET_CACHE_INFO; ANYSIZE_ARRAY], }} pub type PKERB_QUERY_TKT_CACHE_RESPONSE = *mut KERB_QUERY_TKT_CACHE_RESPONSE; STRUCT!{struct KERB_QUERY_TKT_CACHE_EX_RESPONSE { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, CountOfTickets: ULONG, Tickets: [KERB_TICKET_CACHE_INFO_EX; ANYSIZE_ARRAY], }} pub type PKERB_QUERY_TKT_CACHE_EX_RESPONSE = *mut KERB_QUERY_TKT_CACHE_EX_RESPONSE; STRUCT!{struct KERB_QUERY_TKT_CACHE_EX2_RESPONSE { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, CountOfTickets: ULONG, Tickets: [KERB_TICKET_CACHE_INFO_EX2; ANYSIZE_ARRAY], }} pub type PKERB_QUERY_TKT_CACHE_EX2_RESPONSE = *mut KERB_QUERY_TKT_CACHE_EX2_RESPONSE; STRUCT!{struct KERB_QUERY_TKT_CACHE_EX3_RESPONSE { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, CountOfTickets: ULONG, Tickets: [KERB_TICKET_CACHE_INFO_EX3; ANYSIZE_ARRAY], }} pub type PKERB_QUERY_TKT_CACHE_EX3_RESPONSE = *mut KERB_QUERY_TKT_CACHE_EX3_RESPONSE; pub const KERB_USE_DEFAULT_TICKET_FLAGS: ULONG = 0x0; pub const KERB_RETRIEVE_TICKET_DEFAULT: ULONG = 0x0; pub const KERB_RETRIEVE_TICKET_DONT_USE_CACHE: ULONG = 0x1; pub const KERB_RETRIEVE_TICKET_USE_CACHE_ONLY: ULONG = 0x2; pub const KERB_RETRIEVE_TICKET_USE_CREDHANDLE: ULONG = 0x4; pub const KERB_RETRIEVE_TICKET_AS_KERB_CRED: ULONG = 0x8; pub const KERB_RETRIEVE_TICKET_WITH_SEC_CRED: ULONG = 0x10; pub const KERB_RETRIEVE_TICKET_CACHE_TICKET: ULONG = 0x20; pub const KERB_RETRIEVE_TICKET_MAX_LIFETIME: ULONG = 0x40; STRUCT!{struct KERB_AUTH_DATA { Type: ULONG, Length: ULONG, Data: PUCHAR, }} pub type PKERB_AUTH_DATA = *mut KERB_AUTH_DATA; STRUCT!{struct KERB_NET_ADDRESS { Family: ULONG, Length: ULONG, Address: PUCHAR, }} pub type PKERB_NET_ADDRESS = *mut KERB_NET_ADDRESS; STRUCT!{struct KERB_NET_ADDRESSES { Number: ULONG, Addresses: [KERB_NET_ADDRESS; ANYSIZE_ARRAY], }} pub type PKERB_NET_ADDRESSES = *mut KERB_NET_ADDRESSES; STRUCT!{struct KERB_EXTERNAL_NAME { NameType: SHORT, NameCount: USHORT, Names: [UNICODE_STRING; ANYSIZE_ARRAY], }} pub type PKERB_EXTERNAL_NAME = *mut KERB_EXTERNAL_NAME; STRUCT!{struct KERB_EXTERNAL_TICKET { ServiceName: PKERB_EXTERNAL_NAME, TargetName: PKERB_EXTERNAL_NAME, ClientName: PKERB_EXTERNAL_NAME, DomainName: UNICODE_STRING, TargetDomainName: UNICODE_STRING, AltTargetDomainName: UNICODE_STRING, SessionKey: KERB_CRYPTO_KEY, TicketFlags: ULONG, Flags: ULONG, KeyExpirationTime: LARGE_INTEGER, StartTime: LARGE_INTEGER, EndTime: LARGE_INTEGER, RenewUntil: LARGE_INTEGER, TimeSkew: LARGE_INTEGER, EncodedTicketSize: ULONG, EncodedTicket: PUCHAR, }} pub type PKERB_EXTERNAL_TICKET = *mut KERB_EXTERNAL_TICKET; STRUCT!{struct KERB_RETRIEVE_TKT_REQUEST { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, LogonId: LUID, TargetName: UNICODE_STRING, TicketFlags: ULONG, CacheOptions: ULONG, EncryptionType: LONG, CredentialsHandle: SecHandle, }} pub type PKERB_RETRIEVE_TKT_REQUEST = *mut KERB_RETRIEVE_TKT_REQUEST; STRUCT!{struct KERB_RETRIEVE_TKT_RESPONSE { Ticket: KERB_EXTERNAL_TICKET, }} pub type PKERB_RETRIEVE_TKT_RESPONSE = *mut KERB_RETRIEVE_TKT_RESPONSE; STRUCT!{struct KERB_PURGE_TKT_CACHE_REQUEST { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, LogonId: LUID, ServerName: UNICODE_STRING, RealmName: UNICODE_STRING, }} pub type PKERB_PURGE_TKT_CACHE_REQUEST = *mut KERB_PURGE_TKT_CACHE_REQUEST; pub const KERB_PURGE_ALL_TICKETS: ULONG = 1; STRUCT!{struct KERB_PURGE_TKT_CACHE_EX_REQUEST { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, LogonId: LUID, Flags: ULONG, TicketTemplate: KERB_TICKET_CACHE_INFO_EX, }} pub type PKERB_PURGE_TKT_CACHE_EX_REQUEST = *mut KERB_PURGE_TKT_CACHE_EX_REQUEST; STRUCT!{struct KERB_SUBMIT_TKT_REQUEST { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, LogonId: LUID, Flags: ULONG, Key: KERB_CRYPTO_KEY32, KerbCredSize: ULONG, KerbCredOffset: ULONG, }} pub type PKERB_SUBMIT_TKT_REQUEST = *mut KERB_SUBMIT_TKT_REQUEST; STRUCT!{struct KERB_QUERY_KDC_PROXY_CACHE_REQUEST { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, Flags: ULONG, LogonId: LUID, }} pub type PKERB_QUERY_KDC_PROXY_CACHE_REQUEST = *mut KERB_QUERY_KDC_PROXY_CACHE_REQUEST; STRUCT!{struct KDC_PROXY_CACHE_ENTRY_DATA { SinceLastUsed: ULONG64, DomainName: UNICODE_STRING, ProxyServerName: UNICODE_STRING, ProxyServerVdir: UNICODE_STRING, ProxyServerPort: USHORT, LogonId: LUID, CredUserName: UNICODE_STRING, CredDomainName: UNICODE_STRING, GlobalCache: BOOLEAN, }} pub type PKDC_PROXY_CACHE_ENTRY_DATA = *mut KDC_PROXY_CACHE_ENTRY_DATA; STRUCT!{struct KERB_QUERY_KDC_PROXY_CACHE_RESPONSE { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, CountOfEntries: ULONG, Entries: PKDC_PROXY_CACHE_ENTRY_DATA, }} pub type PKERB_QUERY_KDC_PROXY_CACHE_RESPONSE = *mut KERB_QUERY_KDC_PROXY_CACHE_RESPONSE; STRUCT!{struct KERB_PURGE_KDC_PROXY_CACHE_REQUEST { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, Flags: ULONG, LogonId: LUID, }} pub type PKERB_PURGE_KDC_PROXY_CACHE_REQUEST = *mut KERB_PURGE_KDC_PROXY_CACHE_REQUEST; STRUCT!{struct KERB_PURGE_KDC_PROXY_CACHE_RESPONSE { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, CountOfPurged: ULONG, }} pub type PKERB_PURGE_KDC_PROXY_CACHE_RESPONSE = *mut KERB_PURGE_KDC_PROXY_CACHE_RESPONSE; pub const KERB_S4U2PROXY_CACHE_ENTRY_INFO_FLAG_NEGATIVE: ULONG = 0x1; STRUCT!{struct KERB_S4U2PROXY_CACHE_ENTRY_INFO { ServerName: UNICODE_STRING, Flags: ULONG, LastStatus: NTSTATUS, Expiry: LARGE_INTEGER, }} pub type PKERB_S4U2PROXY_CACHE_ENTRY_INFO = *mut KERB_S4U2PROXY_CACHE_ENTRY_INFO; pub const KERB_S4U2PROXY_CRED_FLAG_NEGATIVE: ULONG = 0x1; STRUCT!{struct KERB_S4U2PROXY_CRED { UserName: UNICODE_STRING, DomainName: UNICODE_STRING, Flags: ULONG, LastStatus: NTSTATUS, Expiry: LARGE_INTEGER, CountOfEntries: ULONG, Entries: PKERB_S4U2PROXY_CACHE_ENTRY_INFO, }} pub type PKERB_S4U2PROXY_CRED = *mut KERB_S4U2PROXY_CRED; STRUCT!{struct KERB_QUERY_S4U2PROXY_CACHE_REQUEST { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, Flags: ULONG, LogonId: LUID, }} pub type PKERB_QUERY_S4U2PROXY_CACHE_REQUEST = *mut KERB_QUERY_S4U2PROXY_CACHE_REQUEST; STRUCT!{struct KERB_QUERY_S4U2PROXY_CACHE_RESPONSE { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, CountOfCreds: ULONG, Creds: PKERB_S4U2PROXY_CRED, }} pub type PKERB_QUERY_S4U2PROXY_CACHE_RESPONSE = *mut KERB_QUERY_S4U2PROXY_CACHE_RESPONSE; STRUCT!{struct KERB_CHANGEPASSWORD_REQUEST { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, DomainName: UNICODE_STRING, AccountName: UNICODE_STRING, OldPassword: UNICODE_STRING, NewPassword: UNICODE_STRING, Impersonating: BOOLEAN, }} pub type PKERB_CHANGEPASSWORD_REQUEST = *mut KERB_CHANGEPASSWORD_REQUEST; STRUCT!{struct KERB_SETPASSWORD_REQUEST { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, LogonId: LUID, CredentialsHandle: SecHandle, Flags: ULONG, DomainName: UNICODE_STRING, AccountName: UNICODE_STRING, Password: UNICODE_STRING, }} pub type PKERB_SETPASSWORD_REQUEST = *mut KERB_SETPASSWORD_REQUEST; STRUCT!{struct KERB_SETPASSWORD_EX_REQUEST { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, LogonId: LUID, CredentialsHandle: SecHandle, Flags: ULONG, AccountRealm: UNICODE_STRING, AccountName: UNICODE_STRING, Password: UNICODE_STRING, ClientRealm: UNICODE_STRING, ClientName: UNICODE_STRING, Impersonating: BOOLEAN, KdcAddress: UNICODE_STRING, KdcAddressType: ULONG, }} pub type PKERB_SETPASSWORD_EX_REQUEST = *mut KERB_SETPASSWORD_EX_REQUEST; pub const DS_UNKNOWN_ADDRESS_TYPE: ULONG = 0; pub const KERB_SETPASS_USE_LOGONID: ULONG = 1; pub const KERB_SETPASS_USE_CREDHANDLE: ULONG = 2; STRUCT!{struct KERB_DECRYPT_REQUEST { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, LogonId: LUID, Flags: ULONG, CryptoType: LONG, KeyUsage: LONG, Key: KERB_CRYPTO_KEY, EncryptedDataSize: ULONG, InitialVectorSize: ULONG, InitialVector: PUCHAR, EncryptedData: PUCHAR, }} pub type PKERB_DECRYPT_REQUEST = *mut KERB_DECRYPT_REQUEST; pub const KERB_DECRYPT_FLAG_DEFAULT_KEY: ULONG = 0x00000001; STRUCT!{struct KERB_DECRYPT_RESPONSE { DecryptedData: [UCHAR; ANYSIZE_ARRAY], }} pub type PKERB_DECRYPT_RESPONSE = *mut KERB_DECRYPT_RESPONSE; STRUCT!{struct KERB_ADD_BINDING_CACHE_ENTRY_REQUEST { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, RealmName: UNICODE_STRING, KdcAddress: UNICODE_STRING, AddressType: ULONG, }} pub type PKERB_ADD_BINDING_CACHE_ENTRY_REQUEST = *mut KERB_ADD_BINDING_CACHE_ENTRY_REQUEST; STRUCT!{struct KERB_REFRESH_SCCRED_REQUEST { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, CredentialBlob: UNICODE_STRING, LogonId: LUID, Flags: ULONG, }} pub type PKERB_REFRESH_SCCRED_REQUEST = *mut KERB_REFRESH_SCCRED_REQUEST; pub const KERB_REFRESH_SCCRED_RELEASE: ULONG = 0x0; pub const KERB_REFRESH_SCCRED_GETTGT: ULONG = 0x1; STRUCT!{struct KERB_ADD_CREDENTIALS_REQUEST { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, UserName: UNICODE_STRING, DomainName: UNICODE_STRING, Password: UNICODE_STRING, LogonId: LUID, Flags: ULONG, }} pub type PKERB_ADD_CREDENTIALS_REQUEST = *mut KERB_ADD_CREDENTIALS_REQUEST; pub const KERB_REQUEST_ADD_CREDENTIAL: ULONG = 1; pub const KERB_REQUEST_REPLACE_CREDENTIAL: ULONG = 2; pub const KERB_REQUEST_REMOVE_CREDENTIAL: ULONG = 4; STRUCT!{struct KERB_ADD_CREDENTIALS_REQUEST_EX { Credentials: KERB_ADD_CREDENTIALS_REQUEST, PrincipalNameCount: ULONG, PrincipalNames: [UNICODE_STRING; ANYSIZE_ARRAY], }} pub type PKERB_ADD_CREDENTIALS_REQUEST_EX = *mut KERB_ADD_CREDENTIALS_REQUEST_EX; STRUCT!{struct KERB_TRANSFER_CRED_REQUEST { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, OriginLogonId: LUID, DestinationLogonId: LUID, Flags: ULONG, }} pub type PKERB_TRANSFER_CRED_REQUEST = *mut KERB_TRANSFER_CRED_REQUEST; pub const KERB_TRANSFER_CRED_WITH_TICKETS: ULONG = 0x1; pub const KERB_TRANSFER_CRED_CLEANUP_CREDENTIALS: ULONG = 0x2; STRUCT!{struct KERB_CLEANUP_MACHINE_PKINIT_CREDS_REQUEST { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, LogonId: LUID, }} pub type PKERB_CLEANUP_MACHINE_PKINIT_CREDS_REQUEST = *mut KERB_CLEANUP_MACHINE_PKINIT_CREDS_REQUEST; STRUCT!{struct KERB_BINDING_CACHE_ENTRY_DATA { DiscoveryTime: ULONG64, RealmName: UNICODE_STRING, KdcAddress: UNICODE_STRING, AddressType: ULONG, Flags: ULONG, DcFlags: ULONG, CacheFlags: ULONG, KdcName: UNICODE_STRING, }} pub type PKERB_BINDING_CACHE_ENTRY_DATA = *mut KERB_BINDING_CACHE_ENTRY_DATA; STRUCT!{struct KERB_QUERY_BINDING_CACHE_RESPONSE { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, CountOfEntries: ULONG, Entries: PKERB_BINDING_CACHE_ENTRY_DATA, }} pub type PKERB_QUERY_BINDING_CACHE_RESPONSE = *mut KERB_QUERY_BINDING_CACHE_RESPONSE; STRUCT!{struct KERB_ADD_BINDING_CACHE_ENTRY_EX_REQUEST { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, RealmName: UNICODE_STRING, KdcAddress: UNICODE_STRING, AddressType: ULONG, DcFlags: ULONG, }} pub type PKERB_ADD_BINDING_CACHE_ENTRY_EX_REQUEST = *mut KERB_ADD_BINDING_CACHE_ENTRY_EX_REQUEST; STRUCT!{struct KERB_QUERY_BINDING_CACHE_REQUEST { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, }} pub type PKERB_QUERY_BINDING_CACHE_REQUEST = *mut KERB_QUERY_BINDING_CACHE_REQUEST; STRUCT!{struct KERB_PURGE_BINDING_CACHE_REQUEST { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, }} pub type PKERB_PURGE_BINDING_CACHE_REQUEST = *mut KERB_PURGE_BINDING_CACHE_REQUEST; STRUCT!{struct KERB_QUERY_DOMAIN_EXTENDED_POLICIES_REQUEST { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, Flags: ULONG, DomainName: UNICODE_STRING, }} pub type PKERB_QUERY_DOMAIN_EXTENDED_POLICIES_REQUEST = *mut KERB_QUERY_DOMAIN_EXTENDED_POLICIES_REQUEST; STRUCT!{struct KERB_QUERY_DOMAIN_EXTENDED_POLICIES_RESPONSE { MessageType: KERB_PROTOCOL_MESSAGE_TYPE, Flags: ULONG, ExtendedPolicies: ULONG, DsFlags: ULONG, }} pub type PKERB_QUERY_DOMAIN_EXTENDED_POLICIES_RESPONSE = *mut KERB_QUERY_DOMAIN_EXTENDED_POLICIES_RESPONSE; ENUM!{enum KERB_CERTIFICATE_INFO_TYPE { CertHashInfo = 1, }} pub type PKERB_CERTIFICATE_INFO_TYPE = *mut KERB_CERTIFICATE_INFO_TYPE; STRUCT!{struct KERB_CERTIFICATE_HASHINFO { StoreNameLength: USHORT, HashLength: USHORT, }} pub type PKERB_CERTIFICATE_HASHINFO = *mut KERB_CERTIFICATE_HASHINFO; STRUCT!{struct KERB_CERTIFICATE_INFO { CertInfoSize: ULONG, InfoType: ULONG, }} pub type PKERB_CERTIFICATE_INFO = *mut KERB_CERTIFICATE_INFO; STRUCT!{struct POLICY_AUDIT_SID_ARRAY { UsersCount: ULONG, UserSidArray: *mut PSID, }} pub type PPOLICY_AUDIT_SID_ARRAY = *mut POLICY_AUDIT_SID_ARRAY; STRUCT!{struct AUDIT_POLICY_INFORMATION { AuditSubCategoryGuid: GUID, AuditingInformation: ULONG, AuditCategoryGuid: GUID, }} pub type PAUDIT_POLICY_INFORMATION = *mut AUDIT_POLICY_INFORMATION; pub type LPAUDIT_POLICY_INFORMATION = PAUDIT_POLICY_INFORMATION; pub type PCAUDIT_POLICY_INFORMATION = *const AUDIT_POLICY_INFORMATION; pub const AUDIT_SET_SYSTEM_POLICY: ULONG = 0x0001; pub const AUDIT_QUERY_SYSTEM_POLICY: ULONG = 0x0002; pub const AUDIT_SET_USER_POLICY: ULONG = 0x0004; pub const AUDIT_QUERY_USER_POLICY: ULONG = 0x0008; pub const AUDIT_ENUMERATE_USERS: ULONG = 0x0010; pub const AUDIT_SET_MISC_POLICY: ULONG = 0x0020; pub const AUDIT_QUERY_MISC_POLICY: ULONG = 0x0040; pub const AUDIT_GENERIC_ALL: ULONG = STANDARD_RIGHTS_REQUIRED | AUDIT_SET_SYSTEM_POLICY | AUDIT_QUERY_SYSTEM_POLICY | AUDIT_SET_USER_POLICY | AUDIT_QUERY_USER_POLICY | AUDIT_ENUMERATE_USERS | AUDIT_SET_MISC_POLICY | AUDIT_QUERY_MISC_POLICY; pub const AUDIT_GENERIC_READ: ULONG = STANDARD_RIGHTS_READ | AUDIT_QUERY_SYSTEM_POLICY | AUDIT_QUERY_USER_POLICY | AUDIT_ENUMERATE_USERS | AUDIT_QUERY_MISC_POLICY; pub const AUDIT_GENERIC_WRITE: ULONG = STANDARD_RIGHTS_WRITE | AUDIT_SET_USER_POLICY | AUDIT_SET_MISC_POLICY | AUDIT_SET_SYSTEM_POLICY; pub const AUDIT_GENERIC_EXECUTE: ULONG = STANDARD_RIGHTS_EXECUTE; extern "system" { pub fn AuditSetSystemPolicy( pAuditPolicy: PCAUDIT_POLICY_INFORMATION, PolicyCount: ULONG, ) -> BOOLEAN; pub fn AuditSetPerUserPolicy( pSid: *const SID, pAuditPolicy: PCAUDIT_POLICY_INFORMATION, PolicyCount: ULONG, ) -> BOOLEAN; pub fn AuditQuerySystemPolicy( pSubCategoryGuids: *const GUID, PolicyCount: ULONG, ppAuditPolicy: *mut PAUDIT_POLICY_INFORMATION, ) -> BOOLEAN; pub fn AuditQueryPerUserPolicy( pSid: *const SID, pSubCategoryGuids: *const GUID, PolicyCount: ULONG, ppAuditPolicy: *mut PAUDIT_POLICY_INFORMATION, ) -> BOOLEAN; pub fn AuditEnumeratePerUserPolicy( ppAuditSidArray: *mut PPOLICY_AUDIT_SID_ARRAY, ) -> BOOLEAN; pub fn AuditComputeEffectivePolicyBySid( pSid: *const SID, pSubCategoryGuids: *const GUID, dwPolicyCount: ULONG, ppAuditPolicy: *mut PAUDIT_POLICY_INFORMATION, ) -> BOOLEAN; pub fn AuditComputeEffectivePolicyByToken( hTokenHandle: HANDLE, pSubCategoryGuids: *const GUID, dwPolicyCount: ULONG, ppAuditPolicy: *mut PAUDIT_POLICY_INFORMATION, ) -> BOOLEAN; pub fn AuditEnumerateCategories( ppAuditCategoriesArray: *mut *mut GUID, pdwCountReturned: PULONG, ) -> BOOLEAN; pub fn AuditEnumerateSubCategories( pAuditCategoryGuid: *const GUID, bRetrieveAllSubCategories: BOOLEAN, ppAuditSubCategoriesArray: *mut *mut GUID, pdwCountReturned: PULONG, ) -> BOOLEAN; pub fn AuditLookupCategoryNameW( pAuditCategoryGuid: *const GUID, ppszCategoryName: *mut PWSTR, ) -> BOOLEAN; pub fn AuditLookupCategoryNameA( pAuditCategoryGuid: *const GUID, ppszCategoryName: *mut PSTR, ) -> BOOLEAN; pub fn AuditLookupSubCategoryNameW( pAuditSubCategoryGuid: *const GUID, ppszSubCategoryName: *mut PWSTR, ) -> BOOLEAN; pub fn AuditLookupSubCategoryNameA( pAuditSubCategoryGuid: *const GUID, ppszSubCategoryName: *mut PSTR, ) -> BOOLEAN; pub fn AuditLookupCategoryIdFromCategoryGuid( pAuditCategoryGuid: *const GUID, pAuditCategoryId: PPOLICY_AUDIT_EVENT_TYPE, ) -> BOOLEAN; pub fn AuditLookupCategoryGuidFromCategoryId( AuditCategoryId: POLICY_AUDIT_EVENT_TYPE, pAuditCategoryGuid: *mut GUID, ) -> BOOLEAN; pub fn AuditSetSecurity( SecurityInformation: SECURITY_INFORMATION, pSecurityDescriptor: PSECURITY_DESCRIPTOR, ) -> BOOLEAN; pub fn AuditQuerySecurity( SecurityInformation: SECURITY_INFORMATION, ppSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, ) -> BOOLEAN; pub fn AuditSetGlobalSaclW( ObjectTypeName: PCWSTR, Acl: PACL, ) -> BOOLEAN; pub fn AuditSetGlobalSaclA( ObjectTypeName: PCSTR, Acl: PACL, ) -> BOOLEAN; pub fn AuditQueryGlobalSaclW( ObjectTypeName: PCWSTR, Acl: *mut PACL, ) -> BOOLEAN; pub fn AuditQueryGlobalSaclA( ObjectTypeName: PCSTR, Acl: *mut PACL, ) -> BOOLEAN; pub fn AuditFree( Buffer: PVOID, ); } STRUCT!{struct PKU2U_CERT_BLOB { CertOffset: ULONG, CertLength: USHORT, }} pub type PPKU2U_CERT_BLOB = *mut PKU2U_CERT_BLOB; pub const PKU2U_CREDUI_CONTEXT_VERSION: ULONG64 = 0x4154414454524543; STRUCT!{struct PKU2U_CREDUI_CONTEXT { Version: ULONG64, cbHeaderLength: USHORT, cbStructureLength: ULONG, CertArrayCount: USHORT, CertArrayOffset: ULONG, }} pub type PPKU2U_CREDUI_CONTEXT = *mut PKU2U_CREDUI_CONTEXT; ENUM!{enum PKU2U_LOGON_SUBMIT_TYPE { Pku2uCertificateS4ULogon = 14, }} pub type PPKU2U_LOGON_SUBMIT_TYPE = *mut PKU2U_LOGON_SUBMIT_TYPE; STRUCT!{struct PKU2U_CERTIFICATE_S4U_LOGON { MessageType: PKU2U_LOGON_SUBMIT_TYPE, Flags: ULONG, UserPrincipalName: UNICODE_STRING, DomainName: UNICODE_STRING, CertificateLength: ULONG, Certificate: PUCHAR, }} pub type PPKU2U_CERTIFICATE_S4U_LOGON = *mut PKU2U_CERTIFICATE_S4U_LOGON;