Mercurial > games > semicongine
diff fuhtark_test/include/winapi/ntsecapi.h @ 1500:91c8c3b7cbf0
add: futhark tests for generating vulkan api
| author | sam <sam@basx.dev> |
|---|---|
| date | Wed, 26 Nov 2025 21:36:48 +0700 |
| parents | |
| children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/fuhtark_test/include/winapi/ntsecapi.h Wed Nov 26 21:36:48 2025 +0700 @@ -0,0 +1,1305 @@ +/** + * This file has no copyright assigned and is placed in the Public Domain. + * This file is part of the w64 mingw-runtime package. + * No warranty is given; refer to the file DISCLAIMER within this package. + */ +#ifndef _NTSECAPI_ +#define _NTSECAPI_ + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef _NTDEF_ + typedef LONG NTSTATUS,*PNTSTATUS; +#endif + +#ifndef _NTLSA_IFS_ + typedef ULONG LSA_OPERATIONAL_MODE,*PLSA_OPERATIONAL_MODE; +#endif + +#define LSA_MODE_PASSWORD_PROTECTED (0x00000001L) +#define LSA_MODE_INDIVIDUAL_ACCOUNTS (0x00000002L) +#define LSA_MODE_MANDATORY_ACCESS (0x00000004L) +#define LSA_MODE_LOG_FULL (0x00000008L) + +#ifndef _NTLSA_IFS_ + typedef enum _SECURITY_LOGON_TYPE { + Interactive = 2,Network,Batch,Service,Proxy,Unlock,NetworkCleartext,NewCredentials,RemoteInteractive,CachedInteractive, + CachedRemoteInteractive,CachedUnlock + } SECURITY_LOGON_TYPE,*PSECURITY_LOGON_TYPE; +#endif + +#ifndef _NTLSA_IFS_ + +#ifndef _NTLSA_AUDIT_ +#define _NTLSA_AUDIT_ + + typedef enum _SE_ADT_PARAMETER_TYPE { + SeAdtParmTypeNone = 0,SeAdtParmTypeString,SeAdtParmTypeFileSpec,SeAdtParmTypeUlong,SeAdtParmTypeSid,SeAdtParmTypeLogonId, + SeAdtParmTypeNoLogonId,SeAdtParmTypeAccessMask,SeAdtParmTypePrivs,SeAdtParmTypeObjectTypes,SeAdtParmTypeHexUlong,SeAdtParmTypePtr, + SeAdtParmTypeTime,SeAdtParmTypeGuid,SeAdtParmTypeLuid,SeAdtParmTypeHexInt64,SeAdtParmTypeStringList,SeAdtParmTypeSidList, + SeAdtParmTypeDuration,SeAdtParmTypeUserAccountControl,SeAdtParmTypeNoUac,SeAdtParmTypeMessage,SeAdtParmTypeDateTime,SeAdtParmTypeSockAddr + } SE_ADT_PARAMETER_TYPE,*PSE_ADT_PARAMETER_TYPE; + +#include <guiddef.h> + +#define SE_ADT_OBJECT_ONLY 0x1 + + typedef struct _SE_ADT_OBJECT_TYPE { + GUID ObjectType; + USHORT Flags; + USHORT Level; + ACCESS_MASK AccessMask; + } SE_ADT_OBJECT_TYPE,*PSE_ADT_OBJECT_TYPE; + + typedef struct _SE_ADT_PARAMETER_ARRAY_ENTRY { + SE_ADT_PARAMETER_TYPE Type; + ULONG Length; + ULONG_PTR Data[2]; + PVOID Address; + } SE_ADT_PARAMETER_ARRAY_ENTRY,*PSE_ADT_PARAMETER_ARRAY_ENTRY; + +#define SE_MAX_AUDIT_PARAMETERS 32 +#define SE_MAX_GENERIC_AUDIT_PARAMETERS 28 + + typedef struct _SE_ADT_PARAMETER_ARRAY { + ULONG CategoryId; + ULONG AuditId; + ULONG ParameterCount; + ULONG Length; + USHORT Type; + ULONG Flags; + SE_ADT_PARAMETER_ARRAY_ENTRY Parameters[SE_MAX_AUDIT_PARAMETERS ]; + } SE_ADT_PARAMETER_ARRAY,*PSE_ADT_PARAMETER_ARRAY; + +#define SE_ADT_PARAMETERS_SELF_RELATIVE 0x00000001 +#endif +#endif + + typedef enum _POLICY_AUDIT_EVENT_TYPE { + AuditCategorySystem,AuditCategoryLogon,AuditCategoryObjectAccess,AuditCategoryPrivilegeUse,AuditCategoryDetailedTracking, + AuditCategoryPolicyChange,AuditCategoryAccountManagement,AuditCategoryDirectoryServiceAccess,AuditCategoryAccountLogon + } POLICY_AUDIT_EVENT_TYPE,*PPOLICY_AUDIT_EVENT_TYPE; + +#define POLICY_AUDIT_EVENT_UNCHANGED (0x00000000L) +#define POLICY_AUDIT_EVENT_SUCCESS (0x00000001L) +#define POLICY_AUDIT_EVENT_FAILURE (0x00000002L) +#define POLICY_AUDIT_EVENT_NONE (0x00000004L) +#define POLICY_AUDIT_EVENT_MASK (POLICY_AUDIT_EVENT_SUCCESS | POLICY_AUDIT_EVENT_FAILURE | POLICY_AUDIT_EVENT_UNCHANGED | POLICY_AUDIT_EVENT_NONE) + +#ifdef _NTDEF_ + typedef UNICODE_STRING LSA_UNICODE_STRING,*PLSA_UNICODE_STRING; + typedef STRING LSA_STRING,*PLSA_STRING; + typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES,*PLSA_OBJECT_ATTRIBUTES; +#else + +#ifndef _NO_W32_PSEUDO_MODIFIERS +#ifndef IN +#define IN +#endif +#ifndef OUT +#define OUT +#endif +#ifndef OPTIONAL +#define OPTIONAL +#endif +#endif + + typedef struct _LSA_UNICODE_STRING { + USHORT Length; + USHORT MaximumLength; + PWSTR Buffer; + } LSA_UNICODE_STRING,*PLSA_UNICODE_STRING; + + typedef struct _LSA_STRING { + USHORT Length; + USHORT MaximumLength; + PCHAR Buffer; + } LSA_STRING,*PLSA_STRING; + + typedef struct _LSA_OBJECT_ATTRIBUTES { + ULONG Length; + HANDLE RootDirectory; + PLSA_UNICODE_STRING ObjectName; + ULONG Attributes; + PVOID SecurityDescriptor; + PVOID SecurityQualityOfService; + } LSA_OBJECT_ATTRIBUTES,*PLSA_OBJECT_ATTRIBUTES; +#endif + +#define LSA_SUCCESS(Error) ((LONG)(Error) >= 0) + +#ifndef _NTLSA_IFS_ + NTSTATUS NTAPI LsaRegisterLogonProcess(PLSA_STRING LogonProcessName,PHANDLE LsaHandle,PLSA_OPERATIONAL_MODE SecurityMode); + NTSTATUS NTAPI LsaLogonUser(HANDLE LsaHandle,PLSA_STRING OriginName,SECURITY_LOGON_TYPE LogonType,ULONG AuthenticationPackage,PVOID AuthenticationInformation,ULONG AuthenticationInformationLength,PTOKEN_GROUPS LocalGroups,PTOKEN_SOURCE SourceContext,PVOID *ProfileBuffer,PULONG ProfileBufferLength,PLUID LogonId,PHANDLE Token,PQUOTA_LIMITS Quotas,PNTSTATUS SubStatus); + NTSTATUS NTAPI LsaLookupAuthenticationPackage(HANDLE LsaHandle,PLSA_STRING PackageName,PULONG AuthenticationPackage); + NTSTATUS NTAPI LsaFreeReturnBuffer (PVOID Buffer); + NTSTATUS NTAPI LsaCallAuthenticationPackage(HANDLE LsaHandle,ULONG AuthenticationPackage,PVOID ProtocolSubmitBuffer,ULONG SubmitBufferLength,PVOID *ProtocolReturnBuffer,PULONG ReturnBufferLength,PNTSTATUS ProtocolStatus); + NTSTATUS NTAPI LsaDeregisterLogonProcess(HANDLE LsaHandle); + NTSTATUS NTAPI LsaConnectUntrusted(PHANDLE LsaHandle); +#endif + +#define POLICY_VIEW_LOCAL_INFORMATION 0x00000001L +#define POLICY_VIEW_AUDIT_INFORMATION 0x00000002L +#define POLICY_GET_PRIVATE_INFORMATION 0x00000004L +#define POLICY_TRUST_ADMIN 0x00000008L +#define POLICY_CREATE_ACCOUNT 0x00000010L +#define POLICY_CREATE_SECRET 0x00000020L +#define POLICY_CREATE_PRIVILEGE 0x00000040L +#define POLICY_SET_DEFAULT_QUOTA_LIMITS 0x00000080L +#define POLICY_SET_AUDIT_REQUIREMENTS 0x00000100L +#define POLICY_AUDIT_LOG_ADMIN 0x00000200L +#define POLICY_SERVER_ADMIN 0x00000400L +#define POLICY_LOOKUP_NAMES 0x00000800L +#define POLICY_NOTIFICATION 0x00001000L + +#define POLICY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | POLICY_VIEW_LOCAL_INFORMATION | POLICY_VIEW_AUDIT_INFORMATION | POLICY_GET_PRIVATE_INFORMATION | POLICY_TRUST_ADMIN | POLICY_CREATE_ACCOUNT | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE | POLICY_SET_DEFAULT_QUOTA_LIMITS | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN | POLICY_SERVER_ADMIN | POLICY_LOOKUP_NAMES) +#define POLICY_READ (STANDARD_RIGHTS_READ | POLICY_VIEW_AUDIT_INFORMATION | POLICY_GET_PRIVATE_INFORMATION) +#define POLICY_WRITE (STANDARD_RIGHTS_WRITE | POLICY_TRUST_ADMIN | POLICY_CREATE_ACCOUNT | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE | POLICY_SET_DEFAULT_QUOTA_LIMITS | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN | POLICY_SERVER_ADMIN) +#define POLICY_EXECUTE (STANDARD_RIGHTS_EXECUTE | POLICY_VIEW_LOCAL_INFORMATION | POLICY_LOOKUP_NAMES) + + typedef struct _LSA_TRUST_INFORMATION { + LSA_UNICODE_STRING Name; + PSID Sid; + } LSA_TRUST_INFORMATION,*PLSA_TRUST_INFORMATION; + + typedef struct _LSA_REFERENCED_DOMAIN_LIST { + ULONG Entries; + PLSA_TRUST_INFORMATION Domains; + } LSA_REFERENCED_DOMAIN_LIST,*PLSA_REFERENCED_DOMAIN_LIST; + + typedef struct _LSA_TRANSLATED_SID { + SID_NAME_USE Use; + ULONG RelativeId; + LONG DomainIndex; + } LSA_TRANSLATED_SID,*PLSA_TRANSLATED_SID; + + typedef struct _LSA_TRANSLATED_SID2 { + SID_NAME_USE Use; + PSID Sid; + LONG DomainIndex; + ULONG Flags; + } LSA_TRANSLATED_SID2,*PLSA_TRANSLATED_SID2; + + typedef struct _LSA_TRANSLATED_NAME { + SID_NAME_USE Use; + LSA_UNICODE_STRING Name; + LONG DomainIndex; + } LSA_TRANSLATED_NAME,*PLSA_TRANSLATED_NAME; + + typedef enum _POLICY_LSA_SERVER_ROLE { + PolicyServerRoleBackup = 2,PolicyServerRolePrimary + } POLICY_LSA_SERVER_ROLE,*PPOLICY_LSA_SERVER_ROLE; + + typedef ULONG POLICY_AUDIT_EVENT_OPTIONS,*PPOLICY_AUDIT_EVENT_OPTIONS; + + typedef enum _POLICY_INFORMATION_CLASS { + PolicyAuditLogInformation = 1,PolicyAuditEventsInformation,PolicyPrimaryDomainInformation,PolicyPdAccountInformation, + PolicyAccountDomainInformation,PolicyLsaServerRoleInformation,PolicyReplicaSourceInformation,PolicyDefaultQuotaInformation, + PolicyModificationInformation,PolicyAuditFullSetInformation,PolicyAuditFullQueryInformation,PolicyDnsDomainInformation, + PolicyDnsDomainInformationInt + } POLICY_INFORMATION_CLASS,*PPOLICY_INFORMATION_CLASS; + + typedef struct _POLICY_AUDIT_LOG_INFO { + ULONG AuditLogPercentFull; + ULONG MaximumLogSize; + LARGE_INTEGER AuditRetentionPeriod; + BOOLEAN AuditLogFullShutdownInProgress; + LARGE_INTEGER TimeToShutdown; + ULONG NextAuditRecordId; + } POLICY_AUDIT_LOG_INFO,*PPOLICY_AUDIT_LOG_INFO; + + typedef struct _POLICY_AUDIT_EVENTS_INFO { + BOOLEAN AuditingMode; + PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions; + ULONG MaximumAuditEventCount; + } POLICY_AUDIT_EVENTS_INFO,*PPOLICY_AUDIT_EVENTS_INFO; + + typedef struct _POLICY_ACCOUNT_DOMAIN_INFO { + LSA_UNICODE_STRING DomainName; + PSID DomainSid; + } POLICY_ACCOUNT_DOMAIN_INFO,*PPOLICY_ACCOUNT_DOMAIN_INFO; + + typedef struct _POLICY_PRIMARY_DOMAIN_INFO { + LSA_UNICODE_STRING Name; + PSID Sid; + } POLICY_PRIMARY_DOMAIN_INFO,*PPOLICY_PRIMARY_DOMAIN_INFO; + + typedef struct _POLICY_DNS_DOMAIN_INFO { + LSA_UNICODE_STRING Name; + LSA_UNICODE_STRING DnsDomainName; + LSA_UNICODE_STRING DnsForestName; + GUID DomainGuid; + PSID Sid; + } POLICY_DNS_DOMAIN_INFO,*PPOLICY_DNS_DOMAIN_INFO; + + typedef struct _POLICY_PD_ACCOUNT_INFO { + LSA_UNICODE_STRING Name; + } POLICY_PD_ACCOUNT_INFO,*PPOLICY_PD_ACCOUNT_INFO; + + typedef struct _POLICY_LSA_SERVER_ROLE_INFO { + POLICY_LSA_SERVER_ROLE LsaServerRole; + } POLICY_LSA_SERVER_ROLE_INFO,*PPOLICY_LSA_SERVER_ROLE_INFO; + + typedef struct _POLICY_REPLICA_SOURCE_INFO { + LSA_UNICODE_STRING ReplicaSource; + LSA_UNICODE_STRING ReplicaAccountName; + } POLICY_REPLICA_SOURCE_INFO,*PPOLICY_REPLICA_SOURCE_INFO; + + typedef struct _POLICY_DEFAULT_QUOTA_INFO { + QUOTA_LIMITS QuotaLimits; + } POLICY_DEFAULT_QUOTA_INFO,*PPOLICY_DEFAULT_QUOTA_INFO; + + typedef struct _POLICY_MODIFICATION_INFO { + LARGE_INTEGER ModifiedId; + LARGE_INTEGER DatabaseCreationTime; + } POLICY_MODIFICATION_INFO,*PPOLICY_MODIFICATION_INFO; + + typedef struct _POLICY_AUDIT_FULL_SET_INFO { + BOOLEAN ShutDownOnFull; + } POLICY_AUDIT_FULL_SET_INFO,*PPOLICY_AUDIT_FULL_SET_INFO; + + typedef struct _POLICY_AUDIT_FULL_QUERY_INFO { + BOOLEAN ShutDownOnFull; + BOOLEAN LogIsFull; + } POLICY_AUDIT_FULL_QUERY_INFO,*PPOLICY_AUDIT_FULL_QUERY_INFO; + + typedef enum _POLICY_DOMAIN_INFORMATION_CLASS { + PolicyDomainEfsInformation = 2,PolicyDomainKerberosTicketInformation + } POLICY_DOMAIN_INFORMATION_CLASS,*PPOLICY_DOMAIN_INFORMATION_CLASS; + + typedef struct _POLICY_DOMAIN_EFS_INFO { + ULONG InfoLength; + PUCHAR EfsBlob; + } POLICY_DOMAIN_EFS_INFO,*PPOLICY_DOMAIN_EFS_INFO; + +#define POLICY_KERBEROS_VALIDATE_CLIENT 0x00000080 + + typedef struct _POLICY_DOMAIN_KERBEROS_TICKET_INFO { + ULONG AuthenticationOptions; + LARGE_INTEGER MaxServiceTicketAge; + LARGE_INTEGER MaxTicketAge; + LARGE_INTEGER MaxRenewAge; + LARGE_INTEGER MaxClockSkew; + LARGE_INTEGER Reserved; + } POLICY_DOMAIN_KERBEROS_TICKET_INFO,*PPOLICY_DOMAIN_KERBEROS_TICKET_INFO; + + typedef enum _POLICY_NOTIFICATION_INFORMATION_CLASS { + PolicyNotifyAuditEventsInformation = 1,PolicyNotifyAccountDomainInformation,PolicyNotifyServerRoleInformation,PolicyNotifyDnsDomainInformation, + PolicyNotifyDomainEfsInformation,PolicyNotifyDomainKerberosTicketInformation,PolicyNotifyMachineAccountPasswordInformation + } POLICY_NOTIFICATION_INFORMATION_CLASS,*PPOLICY_NOTIFICATION_INFORMATION_CLASS; + + typedef PVOID LSA_HANDLE,*PLSA_HANDLE; + + typedef enum _TRUSTED_INFORMATION_CLASS { + TrustedDomainNameInformation = 1,TrustedControllersInformation,TrustedPosixOffsetInformation,TrustedPasswordInformation, + TrustedDomainInformationBasic,TrustedDomainInformationEx,TrustedDomainAuthInformation,TrustedDomainFullInformation, + TrustedDomainAuthInformationInternal,TrustedDomainFullInformationInternal,TrustedDomainInformationEx2Internal,TrustedDomainFullInformation2Internal + } TRUSTED_INFORMATION_CLASS,*PTRUSTED_INFORMATION_CLASS; + + typedef struct _TRUSTED_DOMAIN_NAME_INFO { + LSA_UNICODE_STRING Name; + } TRUSTED_DOMAIN_NAME_INFO,*PTRUSTED_DOMAIN_NAME_INFO; + + typedef struct _TRUSTED_CONTROLLERS_INFO { + ULONG Entries; + PLSA_UNICODE_STRING Names; + } TRUSTED_CONTROLLERS_INFO,*PTRUSTED_CONTROLLERS_INFO; + + typedef struct _TRUSTED_POSIX_OFFSET_INFO { + ULONG Offset; + } TRUSTED_POSIX_OFFSET_INFO,*PTRUSTED_POSIX_OFFSET_INFO; + + typedef struct _TRUSTED_PASSWORD_INFO { + LSA_UNICODE_STRING Password; + LSA_UNICODE_STRING OldPassword; + } TRUSTED_PASSWORD_INFO,*PTRUSTED_PASSWORD_INFO; + + typedef LSA_TRUST_INFORMATION TRUSTED_DOMAIN_INFORMATION_BASIC; + typedef PLSA_TRUST_INFORMATION PTRUSTED_DOMAIN_INFORMATION_BASIC; + +#define TRUST_DIRECTION_DISABLED 0x00000000 +#define TRUST_DIRECTION_INBOUND 0x00000001 +#define TRUST_DIRECTION_OUTBOUND 0x00000002 +#define TRUST_DIRECTION_BIDIRECTIONAL (TRUST_DIRECTION_INBOUND | TRUST_DIRECTION_OUTBOUND) + +#define TRUST_TYPE_DOWNLEVEL 0x00000001 +#define TRUST_TYPE_UPLEVEL 0x00000002 +#define TRUST_TYPE_MIT 0x00000003 + +#define TRUST_ATTRIBUTE_NON_TRANSITIVE 0x00000001 +#define TRUST_ATTRIBUTE_UPLEVEL_ONLY 0x00000002 +#define TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0x00000004 +#define TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0x00000008 +#define TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0x00000010 +#define TRUST_ATTRIBUTE_WITHIN_FOREST 0x00000020 +#define TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0x00000040 +#define TRUST_ATTRIBUTE_TRUST_USES_RC4_ENCRYPTION 0x00000080 + +#define TRUST_ATTRIBUTES_VALID 0xFF03FFFF +#define TRUST_ATTRIBUTES_USER 0xFF000000 + + typedef struct _TRUSTED_DOMAIN_INFORMATION_EX { + LSA_UNICODE_STRING Name; + LSA_UNICODE_STRING FlatName; + PSID Sid; + ULONG TrustDirection; + ULONG TrustType; + ULONG TrustAttributes; + } TRUSTED_DOMAIN_INFORMATION_EX,*PTRUSTED_DOMAIN_INFORMATION_EX; + + typedef struct _TRUSTED_DOMAIN_INFORMATION_EX2 { + LSA_UNICODE_STRING Name; + LSA_UNICODE_STRING FlatName; + PSID Sid; + ULONG TrustDirection; + ULONG TrustType; + ULONG TrustAttributes; + ULONG ForestTrustLength; + PUCHAR ForestTrustInfo; + } TRUSTED_DOMAIN_INFORMATION_EX2,*PTRUSTED_DOMAIN_INFORMATION_EX2; + +#define TRUST_AUTH_TYPE_NONE 0 +#define TRUST_AUTH_TYPE_NT4OWF 1 +#define TRUST_AUTH_TYPE_CLEAR 2 +#define TRUST_AUTH_TYPE_VERSION 3 + + typedef struct _LSA_AUTH_INFORMATION { + LARGE_INTEGER LastUpdateTime; + ULONG AuthType; + ULONG AuthInfoLength; + PUCHAR AuthInfo; + } LSA_AUTH_INFORMATION,*PLSA_AUTH_INFORMATION; + + typedef struct _TRUSTED_DOMAIN_AUTH_INFORMATION { + ULONG IncomingAuthInfos; + PLSA_AUTH_INFORMATION IncomingAuthenticationInformation; + PLSA_AUTH_INFORMATION IncomingPreviousAuthenticationInformation; + ULONG OutgoingAuthInfos; + PLSA_AUTH_INFORMATION OutgoingAuthenticationInformation; + PLSA_AUTH_INFORMATION OutgoingPreviousAuthenticationInformation; + } TRUSTED_DOMAIN_AUTH_INFORMATION,*PTRUSTED_DOMAIN_AUTH_INFORMATION; + + typedef struct _TRUSTED_DOMAIN_FULL_INFORMATION { + TRUSTED_DOMAIN_INFORMATION_EX Information; + TRUSTED_POSIX_OFFSET_INFO PosixOffset; + TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation; + } TRUSTED_DOMAIN_FULL_INFORMATION,*PTRUSTED_DOMAIN_FULL_INFORMATION; + + typedef struct _TRUSTED_DOMAIN_FULL_INFORMATION2 { + TRUSTED_DOMAIN_INFORMATION_EX2 Information; + TRUSTED_POSIX_OFFSET_INFO PosixOffset; + TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation; + } TRUSTED_DOMAIN_FULL_INFORMATION2,*PTRUSTED_DOMAIN_FULL_INFORMATION2; + + typedef enum { + ForestTrustTopLevelName,ForestTrustTopLevelNameEx,ForestTrustDomainInfo,ForestTrustRecordTypeLast = ForestTrustDomainInfo + } LSA_FOREST_TRUST_RECORD_TYPE; + +#define LSA_FTRECORD_DISABLED_REASONS (0x0000FFFFL) + +#define LSA_TLN_DISABLED_NEW (0x00000001L) +#define LSA_TLN_DISABLED_ADMIN (0x00000002L) +#define LSA_TLN_DISABLED_CONFLICT (0x00000004L) + +#define LSA_SID_DISABLED_ADMIN (0x00000001L) +#define LSA_SID_DISABLED_CONFLICT (0x00000002L) +#define LSA_NB_DISABLED_ADMIN (0x00000004L) +#define LSA_NB_DISABLED_CONFLICT (0x00000008L) + + typedef struct _LSA_FOREST_TRUST_DOMAIN_INFO { + PSID Sid; + LSA_UNICODE_STRING DnsName; + LSA_UNICODE_STRING NetbiosName; + } LSA_FOREST_TRUST_DOMAIN_INFO,*PLSA_FOREST_TRUST_DOMAIN_INFO; + +#define MAX_FOREST_TRUST_BINARY_DATA_SIZE (128*1024) + + typedef struct _LSA_FOREST_TRUST_BINARY_DATA { + ULONG Length; + PUCHAR Buffer; + } LSA_FOREST_TRUST_BINARY_DATA,*PLSA_FOREST_TRUST_BINARY_DATA; + + typedef struct _LSA_FOREST_TRUST_RECORD { + ULONG Flags; + LSA_FOREST_TRUST_RECORD_TYPE ForestTrustType; + LARGE_INTEGER Time; + union { + LSA_UNICODE_STRING TopLevelName; + LSA_FOREST_TRUST_DOMAIN_INFO DomainInfo; + LSA_FOREST_TRUST_BINARY_DATA Data; + } ForestTrustData; + } LSA_FOREST_TRUST_RECORD,*PLSA_FOREST_TRUST_RECORD; + +#define MAX_RECORDS_IN_FOREST_TRUST_INFO 4000 + + typedef struct _LSA_FOREST_TRUST_INFORMATION { + ULONG RecordCount; + PLSA_FOREST_TRUST_RECORD *Entries; + } LSA_FOREST_TRUST_INFORMATION,*PLSA_FOREST_TRUST_INFORMATION; + + typedef enum { + CollisionTdo,CollisionXref,CollisionOther + } LSA_FOREST_TRUST_COLLISION_RECORD_TYPE; + + typedef struct _LSA_FOREST_TRUST_COLLISION_RECORD { + ULONG Index; + LSA_FOREST_TRUST_COLLISION_RECORD_TYPE Type; + ULONG Flags; + LSA_UNICODE_STRING Name; + } LSA_FOREST_TRUST_COLLISION_RECORD,*PLSA_FOREST_TRUST_COLLISION_RECORD; + + typedef struct _LSA_FOREST_TRUST_COLLISION_INFORMATION { + ULONG RecordCount; + PLSA_FOREST_TRUST_COLLISION_RECORD *Entries; + } LSA_FOREST_TRUST_COLLISION_INFORMATION,*PLSA_FOREST_TRUST_COLLISION_INFORMATION; + + typedef ULONG LSA_ENUMERATION_HANDLE,*PLSA_ENUMERATION_HANDLE; + + typedef struct _LSA_ENUMERATION_INFORMATION { + PSID Sid; + } LSA_ENUMERATION_INFORMATION,*PLSA_ENUMERATION_INFORMATION; + + NTSTATUS NTAPI LsaFreeMemory(PVOID Buffer); + NTSTATUS NTAPI LsaClose(LSA_HANDLE ObjectHandle); + + typedef struct _SECURITY_LOGON_SESSION_DATA { + ULONG Size; + LUID LogonId; + LSA_UNICODE_STRING UserName; + LSA_UNICODE_STRING LogonDomain; + LSA_UNICODE_STRING AuthenticationPackage; + ULONG LogonType; + ULONG Session; + PSID Sid; + LARGE_INTEGER LogonTime; + LSA_UNICODE_STRING LogonServer; + LSA_UNICODE_STRING DnsDomainName; + LSA_UNICODE_STRING Upn; + } SECURITY_LOGON_SESSION_DATA,*PSECURITY_LOGON_SESSION_DATA; + + NTSTATUS NTAPI LsaEnumerateLogonSessions(PULONG LogonSessionCount,PLUID *LogonSessionList); + NTSTATUS NTAPI LsaGetLogonSessionData(PLUID LogonId,PSECURITY_LOGON_SESSION_DATA *ppLogonSessionData); + NTSTATUS NTAPI LsaOpenPolicy(PLSA_UNICODE_STRING SystemName,PLSA_OBJECT_ATTRIBUTES ObjectAttributes,ACCESS_MASK DesiredAccess,PLSA_HANDLE PolicyHandle); + NTSTATUS NTAPI LsaQueryInformationPolicy(LSA_HANDLE PolicyHandle,POLICY_INFORMATION_CLASS InformationClass,PVOID *Buffer); + NTSTATUS NTAPI LsaSetInformationPolicy(LSA_HANDLE PolicyHandle,POLICY_INFORMATION_CLASS InformationClass,PVOID Buffer); + NTSTATUS NTAPI LsaQueryDomainInformationPolicy(LSA_HANDLE PolicyHandle,POLICY_DOMAIN_INFORMATION_CLASS InformationClass,PVOID *Buffer); + NTSTATUS NTAPI LsaSetDomainInformationPolicy(LSA_HANDLE PolicyHandle,POLICY_DOMAIN_INFORMATION_CLASS InformationClass,PVOID Buffer); + NTSTATUS NTAPI LsaRegisterPolicyChangeNotification(POLICY_NOTIFICATION_INFORMATION_CLASS InformationClass,HANDLE NotificationEventHandle); + NTSTATUS NTAPI LsaUnregisterPolicyChangeNotification(POLICY_NOTIFICATION_INFORMATION_CLASS InformationClass,HANDLE NotificationEventHandle); + NTSTATUS NTAPI LsaEnumerateTrustedDomains(LSA_HANDLE PolicyHandle,PLSA_ENUMERATION_HANDLE EnumerationContext,PVOID *Buffer,ULONG PreferedMaximumLength,PULONG CountReturned); + NTSTATUS NTAPI LsaLookupNames(LSA_HANDLE PolicyHandle,ULONG Count,PLSA_UNICODE_STRING Names,PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,PLSA_TRANSLATED_SID *Sids); + NTSTATUS NTAPI LsaLookupNames2(LSA_HANDLE PolicyHandle,ULONG Flags,ULONG Count,PLSA_UNICODE_STRING Names,PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,PLSA_TRANSLATED_SID2 *Sids); + NTSTATUS NTAPI LsaLookupSids(LSA_HANDLE PolicyHandle,ULONG Count,PSID *Sids,PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,PLSA_TRANSLATED_NAME *Names); + +#define SE_INTERACTIVE_LOGON_NAME TEXT("SeInteractiveLogonRight") +#define SE_NETWORK_LOGON_NAME TEXT("SeNetworkLogonRight") +#define SE_BATCH_LOGON_NAME TEXT("SeBatchLogonRight") +#define SE_SERVICE_LOGON_NAME TEXT("SeServiceLogonRight") +#define SE_DENY_INTERACTIVE_LOGON_NAME TEXT("SeDenyInteractiveLogonRight") +#define SE_DENY_NETWORK_LOGON_NAME TEXT("SeDenyNetworkLogonRight") +#define SE_DENY_BATCH_LOGON_NAME TEXT("SeDenyBatchLogonRight") +#define SE_DENY_SERVICE_LOGON_NAME TEXT("SeDenyServiceLogonRight") +#define SE_REMOTE_INTERACTIVE_LOGON_NAME TEXT("SeRemoteInteractiveLogonRight") +#define SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME TEXT("SeDenyRemoteInteractiveLogonRight") + + NTSTATUS NTAPI LsaEnumerateAccountsWithUserRight(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING UserRight,PVOID *Buffer,PULONG CountReturned); + NTSTATUS NTAPI LsaEnumerateAccountRights(LSA_HANDLE PolicyHandle,PSID AccountSid,PLSA_UNICODE_STRING *UserRights,PULONG CountOfRights); + NTSTATUS NTAPI LsaAddAccountRights(LSA_HANDLE PolicyHandle,PSID AccountSid,PLSA_UNICODE_STRING UserRights,ULONG CountOfRights); + NTSTATUS NTAPI LsaRemoveAccountRights(LSA_HANDLE PolicyHandle,PSID AccountSid,BOOLEAN AllRights,PLSA_UNICODE_STRING UserRights,ULONG CountOfRights); + NTSTATUS NTAPI LsaOpenTrustedDomainByName(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,ACCESS_MASK DesiredAccess,PLSA_HANDLE TrustedDomainHandle); + NTSTATUS NTAPI LsaQueryTrustedDomainInfo(LSA_HANDLE PolicyHandle,PSID TrustedDomainSid,TRUSTED_INFORMATION_CLASS InformationClass,PVOID *Buffer); + NTSTATUS NTAPI LsaSetTrustedDomainInformation(LSA_HANDLE PolicyHandle,PSID TrustedDomainSid,TRUSTED_INFORMATION_CLASS InformationClass,PVOID Buffer); + NTSTATUS NTAPI LsaDeleteTrustedDomain(LSA_HANDLE PolicyHandle,PSID TrustedDomainSid); + NTSTATUS NTAPI LsaQueryTrustedDomainInfoByName(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,TRUSTED_INFORMATION_CLASS InformationClass,PVOID *Buffer); + NTSTATUS NTAPI LsaSetTrustedDomainInfoByName(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,TRUSTED_INFORMATION_CLASS InformationClass,PVOID Buffer); + NTSTATUS NTAPI LsaEnumerateTrustedDomainsEx(LSA_HANDLE PolicyHandle,PLSA_ENUMERATION_HANDLE EnumerationContext,PVOID *Buffer,ULONG PreferedMaximumLength,PULONG CountReturned); + NTSTATUS NTAPI LsaCreateTrustedDomainEx(LSA_HANDLE PolicyHandle,PTRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation,PTRUSTED_DOMAIN_AUTH_INFORMATION AuthenticationInformation,ACCESS_MASK DesiredAccess,PLSA_HANDLE TrustedDomainHandle); + NTSTATUS NTAPI LsaQueryForestTrustInformation(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,PLSA_FOREST_TRUST_INFORMATION *ForestTrustInfo); + NTSTATUS NTAPI LsaSetForestTrustInformation(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING TrustedDomainName,PLSA_FOREST_TRUST_INFORMATION ForestTrustInfo,BOOLEAN CheckOnly,PLSA_FOREST_TRUST_COLLISION_INFORMATION *CollisionInfo); + +#ifdef TESTING_MATCHING_ROUTINE + NTSTATUS NTAPI LsaForestTrustFindMatch(LSA_HANDLE PolicyHandle,ULONG Type,PLSA_UNICODE_STRING Name,PLSA_UNICODE_STRING *Match); +#endif + + NTSTATUS NTAPI LsaStorePrivateData(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING KeyName,PLSA_UNICODE_STRING PrivateData); + NTSTATUS NTAPI LsaRetrievePrivateData(LSA_HANDLE PolicyHandle,PLSA_UNICODE_STRING KeyName,PLSA_UNICODE_STRING *PrivateData); + ULONG NTAPI LsaNtStatusToWinError(NTSTATUS Status); + +#ifndef _NTLSA_IFS_ +#define _NTLSA_IFS_ +#endif + + enum NEGOTIATE_MESSAGES { + NegEnumPackagePrefixes = 0,NegGetCallerName = 1,NegCallPackageMax + }; + +#define NEGOTIATE_MAX_PREFIX 32 + + typedef struct _NEGOTIATE_PACKAGE_PREFIX { + ULONG_PTR PackageId; + PVOID PackageDataA; + PVOID PackageDataW; + ULONG_PTR PrefixLen; + UCHAR Prefix[NEGOTIATE_MAX_PREFIX ]; + } NEGOTIATE_PACKAGE_PREFIX,*PNEGOTIATE_PACKAGE_PREFIX; + + typedef struct _NEGOTIATE_PACKAGE_PREFIXES { + ULONG MessageType; + ULONG PrefixCount; + ULONG Offset; + ULONG Pad; + } NEGOTIATE_PACKAGE_PREFIXES,*PNEGOTIATE_PACKAGE_PREFIXES; + + typedef struct _NEGOTIATE_CALLER_NAME_REQUEST { + ULONG MessageType; + LUID LogonId; + } NEGOTIATE_CALLER_NAME_REQUEST,*PNEGOTIATE_CALLER_NAME_REQUEST; + + typedef struct _NEGOTIATE_CALLER_NAME_RESPONSE { + ULONG MessageType; + PWSTR CallerName; + } NEGOTIATE_CALLER_NAME_RESPONSE,*PNEGOTIATE_CALLER_NAME_RESPONSE; + +#ifndef _NTDEF_ +#ifndef __UNICODE_STRING_DEFINED +#define __UNICODE_STRING_DEFINED + typedef LSA_UNICODE_STRING UNICODE_STRING,*PUNICODE_STRING; +#endif +#ifndef __STRING_DEFINED +#define __STRING_DEFINED + typedef LSA_STRING STRING,*PSTRING; +#endif +#endif + +#ifndef _DOMAIN_PASSWORD_INFORMATION_DEFINED +#define _DOMAIN_PASSWORD_INFORMATION_DEFINED + typedef struct _DOMAIN_PASSWORD_INFORMATION { + USHORT MinPasswordLength; + USHORT PasswordHistoryLength; + ULONG PasswordProperties; + LARGE_INTEGER MaxPasswordAge; + LARGE_INTEGER MinPasswordAge; + } DOMAIN_PASSWORD_INFORMATION,*PDOMAIN_PASSWORD_INFORMATION; +#endif + +#define DOMAIN_PASSWORD_COMPLEX 0x00000001L +#define DOMAIN_PASSWORD_NO_ANON_CHANGE 0x00000002L +#define DOMAIN_PASSWORD_NO_CLEAR_CHANGE 0x00000004L +#define DOMAIN_LOCKOUT_ADMINS 0x00000008L +#define DOMAIN_PASSWORD_STORE_CLEARTEXT 0x00000010L +#define DOMAIN_REFUSE_PASSWORD_CHANGE 0x00000020L + +#ifndef _PASSWORD_NOTIFICATION_DEFINED +#define _PASSWORD_NOTIFICATION_DEFINED + typedef NTSTATUS (*PSAM_PASSWORD_NOTIFICATION_ROUTINE)(PUNICODE_STRING UserName,ULONG RelativeId,PUNICODE_STRING NewPassword); + +#define SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE "PasswordChangeNotify" + + typedef BOOLEAN (*PSAM_INIT_NOTIFICATION_ROUTINE)(); + +#define SAM_INIT_NOTIFICATION_ROUTINE "InitializeChangeNotify" +#define SAM_PASSWORD_FILTER_ROUTINE "PasswordFilter" + + typedef BOOLEAN (*PSAM_PASSWORD_FILTER_ROUTINE)(PUNICODE_STRING AccountName,PUNICODE_STRING FullName,PUNICODE_STRING Password,BOOLEAN SetOperation); +#endif + +#define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" +#define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" +#define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR) + +#define MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0" +#define MSV1_0_SUBAUTHENTICATION_VALUE "Auth" + + typedef enum _MSV1_0_LOGON_SUBMIT_TYPE { + MsV1_0InteractiveLogon = 2,MsV1_0Lm20Logon,MsV1_0NetworkLogon,MsV1_0SubAuthLogon,MsV1_0WorkstationUnlockLogon = 7 + } MSV1_0_LOGON_SUBMIT_TYPE,*PMSV1_0_LOGON_SUBMIT_TYPE; + + typedef enum _MSV1_0_PROFILE_BUFFER_TYPE { + MsV1_0InteractiveProfile = 2,MsV1_0Lm20LogonProfile,MsV1_0SmartCardProfile + } MSV1_0_PROFILE_BUFFER_TYPE,*PMSV1_0_PROFILE_BUFFER_TYPE; + + typedef struct _MSV1_0_INTERACTIVE_LOGON { + MSV1_0_LOGON_SUBMIT_TYPE MessageType; + UNICODE_STRING LogonDomainName; + UNICODE_STRING UserName; + UNICODE_STRING Password; + } MSV1_0_INTERACTIVE_LOGON,*PMSV1_0_INTERACTIVE_LOGON; + + typedef struct _MSV1_0_INTERACTIVE_PROFILE { + MSV1_0_PROFILE_BUFFER_TYPE MessageType; + USHORT LogonCount; + USHORT BadPasswordCount; + LARGE_INTEGER LogonTime; + LARGE_INTEGER LogoffTime; + LARGE_INTEGER KickOffTime; + LARGE_INTEGER PasswordLastSet; + LARGE_INTEGER PasswordCanChange; + LARGE_INTEGER PasswordMustChange; + UNICODE_STRING LogonScript; + UNICODE_STRING HomeDirectory; + UNICODE_STRING FullName; + UNICODE_STRING ProfilePath; + UNICODE_STRING HomeDirectoryDrive; + UNICODE_STRING LogonServer; + ULONG UserFlags; + } MSV1_0_INTERACTIVE_PROFILE,*PMSV1_0_INTERACTIVE_PROFILE; + +#define MSV1_0_CHALLENGE_LENGTH 8 +#define MSV1_0_USER_SESSION_KEY_LENGTH 16 +#define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8 + +#define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x02 +#define MSV1_0_UPDATE_LOGON_STATISTICS 0x04 +#define MSV1_0_RETURN_USER_PARAMETERS 0x08 +#define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10 +#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20 +#define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40 + +#define MSV1_0_USE_CLIENT_CHALLENGE 0x80 +#define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100 +#define MSV1_0_RETURN_PROFILE_PATH 0x200 +#define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400 +#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800 +#define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000 +#define MSV1_0_ALLOW_FORCE_GUEST 0x00002000 +#define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0x00004000 +#define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000 +#define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000 +#define MSV1_0_ALLOW_MSVCHAPV2 0x00010000 + +#define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000 +#define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24 +#define MSV1_0_MNS_LOGON 0x01000000 + +#define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2 +#define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132 + + typedef struct _MSV1_0_LM20_LOGON { + MSV1_0_LOGON_SUBMIT_TYPE MessageType; + UNICODE_STRING LogonDomainName; + UNICODE_STRING UserName; + UNICODE_STRING Workstation; + UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; + STRING CaseSensitiveChallengeResponse; + STRING CaseInsensitiveChallengeResponse; + ULONG ParameterControl; + } MSV1_0_LM20_LOGON,*PMSV1_0_LM20_LOGON; + + typedef struct _MSV1_0_SUBAUTH_LOGON{ + MSV1_0_LOGON_SUBMIT_TYPE MessageType; + UNICODE_STRING LogonDomainName; + UNICODE_STRING UserName; + UNICODE_STRING Workstation; + UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; + STRING AuthenticationInfo1; + STRING AuthenticationInfo2; + ULONG ParameterControl; + ULONG SubAuthPackageId; + } MSV1_0_SUBAUTH_LOGON,*PMSV1_0_SUBAUTH_LOGON; + +#define LOGON_GUEST 0x01 +#define LOGON_NOENCRYPTION 0x02 +#define LOGON_CACHED_ACCOUNT 0x04 +#define LOGON_USED_LM_PASSWORD 0x08 +#define LOGON_EXTRA_SIDS 0x20 +#define LOGON_SUBAUTH_SESSION_KEY 0x40 +#define LOGON_SERVER_TRUST_ACCOUNT 0x80 +#define LOGON_NTLMV2_ENABLED 0x100 +#define LOGON_RESOURCE_GROUPS 0x200 +#define LOGON_PROFILE_PATH_RETURNED 0x400 + +#define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000 + +#define LOGON_GRACE_LOGON 0x01000000 + + typedef struct _MSV1_0_LM20_LOGON_PROFILE { + MSV1_0_PROFILE_BUFFER_TYPE MessageType; + LARGE_INTEGER KickOffTime; + LARGE_INTEGER LogoffTime; + ULONG UserFlags; + UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]; + UNICODE_STRING LogonDomainName; + UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]; + UNICODE_STRING LogonServer; + UNICODE_STRING UserParameters; + } MSV1_0_LM20_LOGON_PROFILE,*PMSV1_0_LM20_LOGON_PROFILE; + +#define MSV1_0_OWF_PASSWORD_LENGTH 16 +#define MSV1_0_CRED_LM_PRESENT 0x1 +#define MSV1_0_CRED_NT_PRESENT 0x2 +#define MSV1_0_CRED_VERSION 0 + + typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL { + ULONG Version; + ULONG Flags; + UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH]; + UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH]; + } MSV1_0_SUPPLEMENTAL_CREDENTIAL,*PMSV1_0_SUPPLEMENTAL_CREDENTIAL; + +#define MSV1_0_NTLM3_RESPONSE_LENGTH 16 +#define MSV1_0_NTLM3_OWF_LENGTH 16 + +#define MSV1_0_MAX_NTLM3_LIFE 129600 +#define MSV1_0_MAX_AVL_SIZE 64000 + +#define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001 + + typedef struct _MSV1_0_NTLM3_RESPONSE { + UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH]; + UCHAR RespType; + UCHAR HiRespType; + USHORT Flags; + ULONG MsgWord; + ULONGLONG TimeStamp; + UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH]; + ULONG AvPairsOff; + UCHAR Buffer[1]; + } MSV1_0_NTLM3_RESPONSE,*PMSV1_0_NTLM3_RESPONSE; + +#define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH) +#define MSV1_0_NTLM3_MIN_NT_RESPONSE_LENGTH RTL_SIZEOF_THROUGH_FIELD(MSV1_0_NTLM3_RESPONSE,AvPairsOff) + + typedef enum { + MsvAvEOL,MsvAvNbComputerName,MsvAvNbDomainName,MsvAvDnsComputerName,MsvAvDnsDomainName,MsvAvDnsTreeName,MsvAvFlags + } MSV1_0_AVID; + + typedef struct _MSV1_0_AV_PAIR { + USHORT AvId; + USHORT AvLen; + + } MSV1_0_AV_PAIR,*PMSV1_0_AV_PAIR; + + typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE { + MsV1_0Lm20ChallengeRequest = 0,MsV1_0Lm20GetChallengeResponse,MsV1_0EnumerateUsers,MsV1_0GetUserInfo,MsV1_0ReLogonUsers,MsV1_0ChangePassword, + MsV1_0ChangeCachedPassword,MsV1_0GenericPassthrough,MsV1_0CacheLogon,MsV1_0SubAuth,MsV1_0DeriveCredential,MsV1_0CacheLookup, + MsV1_0SetProcessOption + } MSV1_0_PROTOCOL_MESSAGE_TYPE,*PMSV1_0_PROTOCOL_MESSAGE_TYPE; + + typedef struct _MSV1_0_CHANGEPASSWORD_REQUEST { + MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; + UNICODE_STRING DomainName; + UNICODE_STRING AccountName; + UNICODE_STRING OldPassword; + UNICODE_STRING NewPassword; + BOOLEAN Impersonating; + } MSV1_0_CHANGEPASSWORD_REQUEST,*PMSV1_0_CHANGEPASSWORD_REQUEST; + + typedef struct _MSV1_0_CHANGEPASSWORD_RESPONSE { + MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; + BOOLEAN PasswordInfoValid; + DOMAIN_PASSWORD_INFORMATION DomainPasswordInfo; + } MSV1_0_CHANGEPASSWORD_RESPONSE,*PMSV1_0_CHANGEPASSWORD_RESPONSE; + + typedef struct _MSV1_0_PASSTHROUGH_REQUEST { + MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; + UNICODE_STRING DomainName; + UNICODE_STRING PackageName; + ULONG DataLength; + PUCHAR LogonData; + ULONG Pad; + } MSV1_0_PASSTHROUGH_REQUEST,*PMSV1_0_PASSTHROUGH_REQUEST; + + typedef struct _MSV1_0_PASSTHROUGH_RESPONSE { + MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; + ULONG Pad; + ULONG DataLength; + PUCHAR ValidationData; + } MSV1_0_PASSTHROUGH_RESPONSE,*PMSV1_0_PASSTHROUGH_RESPONSE; + + typedef struct _MSV1_0_SUBAUTH_REQUEST{ + MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; + ULONG SubAuthPackageId; + ULONG SubAuthInfoLength; + PUCHAR SubAuthSubmitBuffer; + } MSV1_0_SUBAUTH_REQUEST,*PMSV1_0_SUBAUTH_REQUEST; + + typedef struct _MSV1_0_SUBAUTH_RESPONSE{ + MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; + ULONG SubAuthInfoLength; + PUCHAR SubAuthReturnBuffer; + } MSV1_0_SUBAUTH_RESPONSE,*PMSV1_0_SUBAUTH_RESPONSE; + +#define RtlGenRandom SystemFunction036 +#define RtlEncryptMemory SystemFunction040 +#define RtlDecryptMemory SystemFunction041 + + BOOLEAN RtlGenRandom(PVOID RandomBuffer,ULONG RandomBufferLength); + +#define RTL_ENCRYPT_MEMORY_SIZE 8 +#define RTL_ENCRYPT_OPTION_CROSS_PROCESS 0x01 +#define RTL_ENCRYPT_OPTION_SAME_LOGON 0x02 + + NTSTATUS RtlEncryptMemory(PVOID Memory,ULONG MemorySize,ULONG OptionFlags); + NTSTATUS RtlDecryptMemory(PVOID Memory,ULONG MemorySize,ULONG OptionFlags); + +#define KERBEROS_VERSION 5 +#define KERBEROS_REVISION 6 + +#define KERB_ETYPE_NULL 0 +#define KERB_ETYPE_DES_CBC_CRC 1 +#define KERB_ETYPE_DES_CBC_MD4 2 +#define KERB_ETYPE_DES_CBC_MD5 3 + +#define KERB_ETYPE_RC4_MD4 -128 +#define KERB_ETYPE_RC4_PLAIN2 -129 +#define KERB_ETYPE_RC4_LM -130 +#define KERB_ETYPE_RC4_SHA -131 +#define KERB_ETYPE_DES_PLAIN -132 +#define KERB_ETYPE_RC4_HMAC_OLD -133 +#define KERB_ETYPE_RC4_PLAIN_OLD -134 +#define KERB_ETYPE_RC4_HMAC_OLD_EXP -135 +#define KERB_ETYPE_RC4_PLAIN_OLD_EXP -136 +#define KERB_ETYPE_RC4_PLAIN -140 +#define KERB_ETYPE_RC4_PLAIN_EXP -141 + +#define KERB_ETYPE_DSA_SHA1_CMS 9 +#define KERB_ETYPE_RSA_MD5_CMS 10 +#define KERB_ETYPE_RSA_SHA1_CMS 11 +#define KERB_ETYPE_RC2_CBC_ENV 12 +#define KERB_ETYPE_RSA_ENV 13 +#define KERB_ETYPE_RSA_ES_OEAP_ENV 14 +#define KERB_ETYPE_DES_EDE3_CBC_ENV 15 + +#define KERB_ETYPE_DSA_SIGN 8 +#define KERB_ETYPE_RSA_PRIV 9 +#define KERB_ETYPE_RSA_PUB 10 +#define KERB_ETYPE_RSA_PUB_MD5 11 +#define KERB_ETYPE_RSA_PUB_SHA1 12 +#define KERB_ETYPE_PKCS7_PUB 13 + +#define KERB_ETYPE_DES3_CBC_MD5 5 +#define KERB_ETYPE_DES3_CBC_SHA1 7 +#define KERB_ETYPE_DES3_CBC_SHA1_KD 16 + +#define KERB_ETYPE_DES_CBC_MD5_NT 20 +#define KERB_ETYPE_RC4_HMAC_NT 23 +#define KERB_ETYPE_RC4_HMAC_NT_EXP 24 + +#define KERB_CHECKSUM_NONE 0 +#define KERB_CHECKSUM_CRC32 1 +#define KERB_CHECKSUM_MD4 2 +#define KERB_CHECKSUM_KRB_DES_MAC 4 +#define KERB_CHECKSUM_KRB_DES_MAC_K 5 +#define KERB_CHECKSUM_MD5 7 +#define KERB_CHECKSUM_MD5_DES 8 + +#define KERB_CHECKSUM_LM -130 +#define KERB_CHECKSUM_SHA1 -131 +#define KERB_CHECKSUM_REAL_CRC32 -132 +#define KERB_CHECKSUM_DES_MAC -133 +#define KERB_CHECKSUM_DES_MAC_MD5 -134 +#define KERB_CHECKSUM_MD25 -135 +#define KERB_CHECKSUM_RC4_MD5 -136 +#define KERB_CHECKSUM_MD5_HMAC -137 +#define KERB_CHECKSUM_HMAC_MD5 -138 + +#define AUTH_REQ_ALLOW_FORWARDABLE 0x00000001 +#define AUTH_REQ_ALLOW_PROXIABLE 0x00000002 +#define AUTH_REQ_ALLOW_POSTDATE 0x00000004 +#define AUTH_REQ_ALLOW_RENEWABLE 0x00000008 +#define AUTH_REQ_ALLOW_NOADDRESS 0x00000010 +#define AUTH_REQ_ALLOW_ENC_TKT_IN_SKEY 0x00000020 +#define AUTH_REQ_ALLOW_VALIDATE 0x00000040 +#define AUTH_REQ_VALIDATE_CLIENT 0x00000080 +#define AUTH_REQ_OK_AS_DELEGATE 0x00000100 +#define AUTH_REQ_PREAUTH_REQUIRED 0x00000200 +#define AUTH_REQ_TRANSITIVE_TRUST 0x00000400 +#define AUTH_REQ_ALLOW_S4U_DELEGATE 0x00000800 + +#define AUTH_REQ_PER_USER_FLAGS (AUTH_REQ_ALLOW_FORWARDABLE | AUTH_REQ_ALLOW_PROXIABLE | AUTH_REQ_ALLOW_POSTDATE | AUTH_REQ_ALLOW_RENEWABLE | AUTH_REQ_ALLOW_VALIDATE) + +#define KERB_TICKET_FLAGS_reserved 0x80000000 +#define KERB_TICKET_FLAGS_forwardable 0x40000000 +#define KERB_TICKET_FLAGS_forwarded 0x20000000 +#define KERB_TICKET_FLAGS_proxiable 0x10000000 +#define KERB_TICKET_FLAGS_proxy 0x08000000 +#define KERB_TICKET_FLAGS_may_postdate 0x04000000 +#define KERB_TICKET_FLAGS_postdated 0x02000000 +#define KERB_TICKET_FLAGS_invalid 0x01000000 +#define KERB_TICKET_FLAGS_renewable 0x00800000 +#define KERB_TICKET_FLAGS_initial 0x00400000 +#define KERB_TICKET_FLAGS_pre_authent 0x00200000 +#define KERB_TICKET_FLAGS_hw_authent 0x00100000 +#define KERB_TICKET_FLAGS_ok_as_delegate 0x00040000 +#define KERB_TICKET_FLAGS_name_canonicalize 0x00010000 +#define KERB_TICKET_FLAGS_reserved1 0x00000001 + +#define KRB_NT_UNKNOWN 0 +#define KRB_NT_PRINCIPAL 1 +#define KRB_NT_PRINCIPAL_AND_ID -131 +#define KRB_NT_SRV_INST 2 +#define KRB_NT_SRV_INST_AND_ID -132 +#define KRB_NT_SRV_HST 3 +#define KRB_NT_SRV_XHST 4 +#define KRB_NT_UID 5 +#define KRB_NT_ENTERPRISE_PRINCIPAL 10 +#define KRB_NT_ENT_PRINCIPAL_AND_ID -130 +#define KRB_NT_MS_PRINCIPAL -128 +#define KRB_NT_MS_PRINCIPAL_AND_ID -129 + +#define KERB_IS_MS_PRINCIPAL(_x_) (((_x_) <= KRB_NT_MS_PRINCIPAL) || ((_x_) >= KRB_NT_ENTERPRISE_PRINCIPAL)) + +#ifndef MICROSOFT_KERBEROS_NAME_A + +#define MICROSOFT_KERBEROS_NAME_A "Kerberos" +#define MICROSOFT_KERBEROS_NAME_W L"Kerberos" +#ifdef WIN32_CHICAGO +#define MICROSOFT_KERBEROS_NAME MICROSOFT_KERBEROS_NAME_A +#else +#define MICROSOFT_KERBEROS_NAME MICROSOFT_KERBEROS_NAME_W +#endif +#endif + +#define KERB_WRAP_NO_ENCRYPT 0x80000001 + + typedef enum _KERB_LOGON_SUBMIT_TYPE { + KerbInteractiveLogon = 2,KerbSmartCardLogon = 6,KerbWorkstationUnlockLogon = 7,KerbSmartCardUnlockLogon = 8,KerbProxyLogon = 9, + KerbTicketLogon = 10,KerbTicketUnlockLogon = 11,KerbS4ULogon = 12 + } KERB_LOGON_SUBMIT_TYPE,*PKERB_LOGON_SUBMIT_TYPE; + + typedef struct _KERB_INTERACTIVE_LOGON { + KERB_LOGON_SUBMIT_TYPE MessageType; + UNICODE_STRING LogonDomainName; + UNICODE_STRING UserName; + UNICODE_STRING Password; + } KERB_INTERACTIVE_LOGON,*PKERB_INTERACTIVE_LOGON; + + typedef struct _KERB_INTERACTIVE_UNLOCK_LOGON { + KERB_INTERACTIVE_LOGON Logon; + LUID LogonId; + } KERB_INTERACTIVE_UNLOCK_LOGON,*PKERB_INTERACTIVE_UNLOCK_LOGON; + + typedef struct _KERB_SMART_CARD_LOGON { + KERB_LOGON_SUBMIT_TYPE MessageType; + UNICODE_STRING Pin; + ULONG CspDataLength; + PUCHAR CspData; + } KERB_SMART_CARD_LOGON,*PKERB_SMART_CARD_LOGON; + + typedef struct _KERB_SMART_CARD_UNLOCK_LOGON { + KERB_SMART_CARD_LOGON Logon; + LUID LogonId; + } KERB_SMART_CARD_UNLOCK_LOGON,*PKERB_SMART_CARD_UNLOCK_LOGON; + + typedef struct _KERB_TICKET_LOGON { + KERB_LOGON_SUBMIT_TYPE MessageType; + ULONG Flags; + ULONG ServiceTicketLength; + ULONG TicketGrantingTicketLength; + PUCHAR ServiceTicket; + PUCHAR TicketGrantingTicket; + } KERB_TICKET_LOGON,*PKERB_TICKET_LOGON; + +#define KERB_LOGON_FLAG_ALLOW_EXPIRED_TICKET 0x1 + + typedef struct _KERB_TICKET_UNLOCK_LOGON { + KERB_TICKET_LOGON Logon; + LUID LogonId; + } KERB_TICKET_UNLOCK_LOGON,*PKERB_TICKET_UNLOCK_LOGON; + + typedef struct _KERB_S4U_LOGON { + KERB_LOGON_SUBMIT_TYPE MessageType; + ULONG Flags; + UNICODE_STRING ClientUpn; + UNICODE_STRING ClientRealm; + } KERB_S4U_LOGON,*PKERB_S4U_LOGON; + + typedef enum _KERB_PROFILE_BUFFER_TYPE { + KerbInteractiveProfile = 2,KerbSmartCardProfile = 4,KerbTicketProfile = 6 + } KERB_PROFILE_BUFFER_TYPE,*PKERB_PROFILE_BUFFER_TYPE; + + typedef struct _KERB_INTERACTIVE_PROFILE { + KERB_PROFILE_BUFFER_TYPE MessageType; + USHORT LogonCount; + USHORT BadPasswordCount; + LARGE_INTEGER LogonTime; + LARGE_INTEGER LogoffTime; + LARGE_INTEGER KickOffTime; + LARGE_INTEGER PasswordLastSet; + LARGE_INTEGER PasswordCanChange; + LARGE_INTEGER PasswordMustChange; + UNICODE_STRING LogonScript; + UNICODE_STRING HomeDirectory; + UNICODE_STRING FullName; + UNICODE_STRING ProfilePath; + UNICODE_STRING HomeDirectoryDrive; + UNICODE_STRING LogonServer; + ULONG UserFlags; + } KERB_INTERACTIVE_PROFILE,*PKERB_INTERACTIVE_PROFILE; + + typedef struct _KERB_SMART_CARD_PROFILE { + KERB_INTERACTIVE_PROFILE Profile; + ULONG CertificateSize; + PUCHAR CertificateData; + } KERB_SMART_CARD_PROFILE,*PKERB_SMART_CARD_PROFILE; + + typedef struct KERB_CRYPTO_KEY { + LONG KeyType; + ULONG Length; + PUCHAR Value; + } KERB_CRYPTO_KEY,*PKERB_CRYPTO_KEY; + + typedef struct _KERB_TICKET_PROFILE { + KERB_INTERACTIVE_PROFILE Profile; + KERB_CRYPTO_KEY SessionKey; + } KERB_TICKET_PROFILE,*PKERB_TICKET_PROFILE; + + typedef enum _KERB_PROTOCOL_MESSAGE_TYPE { + KerbDebugRequestMessage = 0,KerbQueryTicketCacheMessage,KerbChangeMachinePasswordMessage,KerbVerifyPacMessage,KerbRetrieveTicketMessage, + KerbUpdateAddressesMessage,KerbPurgeTicketCacheMessage,KerbChangePasswordMessage,KerbRetrieveEncodedTicketMessage,KerbDecryptDataMessage, + KerbAddBindingCacheEntryMessage,KerbSetPasswordMessage,KerbSetPasswordExMessage,KerbVerifyCredentialsMessage,KerbQueryTicketCacheExMessage, + KerbPurgeTicketCacheExMessage,KerbRefreshSmartcardCredentialsMessage,KerbAddExtraCredentialsMessage,KerbQuerySupplementalCredentialsMessage, + KerbTransferCredentialsMessage,KerbQueryTicketCacheEx2Message + } KERB_PROTOCOL_MESSAGE_TYPE,*PKERB_PROTOCOL_MESSAGE_TYPE; + + typedef struct _KERB_QUERY_TKT_CACHE_REQUEST { + KERB_PROTOCOL_MESSAGE_TYPE MessageType; + LUID LogonId; + } KERB_QUERY_TKT_CACHE_REQUEST,*PKERB_QUERY_TKT_CACHE_REQUEST; + + typedef struct _KERB_TICKET_CACHE_INFO { + UNICODE_STRING ServerName; + UNICODE_STRING RealmName; + LARGE_INTEGER StartTime; + LARGE_INTEGER EndTime; + LARGE_INTEGER RenewTime; + LONG EncryptionType; + ULONG TicketFlags; + } KERB_TICKET_CACHE_INFO,*PKERB_TICKET_CACHE_INFO; + + typedef struct _KERB_TICKET_CACHE_INFO_EX { + UNICODE_STRING ClientName; + UNICODE_STRING ClientRealm; + UNICODE_STRING ServerName; + UNICODE_STRING ServerRealm; + LARGE_INTEGER StartTime; + LARGE_INTEGER EndTime; + LARGE_INTEGER RenewTime; + LONG EncryptionType; + ULONG TicketFlags; + } KERB_TICKET_CACHE_INFO_EX,*PKERB_TICKET_CACHE_INFO_EX; + + typedef struct _KERB_TICKET_CACHE_INFO_EX2 { + UNICODE_STRING ClientName; + UNICODE_STRING ClientRealm; + UNICODE_STRING ServerName; + UNICODE_STRING ServerRealm; + LARGE_INTEGER StartTime; + LARGE_INTEGER EndTime; + LARGE_INTEGER RenewTime; + LONG EncryptionType; + ULONG TicketFlags; + ULONG SessionKeyType; + } KERB_TICKET_CACHE_INFO_EX2,*PKERB_TICKET_CACHE_INFO_EX2; + + typedef struct _KERB_QUERY_TKT_CACHE_RESPONSE { + KERB_PROTOCOL_MESSAGE_TYPE MessageType; + ULONG CountOfTickets; + KERB_TICKET_CACHE_INFO Tickets[ANYSIZE_ARRAY]; + } KERB_QUERY_TKT_CACHE_RESPONSE,*PKERB_QUERY_TKT_CACHE_RESPONSE; + + typedef struct _KERB_QUERY_TKT_CACHE_EX_RESPONSE { + KERB_PROTOCOL_MESSAGE_TYPE MessageType; + ULONG CountOfTickets; + KERB_TICKET_CACHE_INFO_EX Tickets[ANYSIZE_ARRAY]; + } KERB_QUERY_TKT_CACHE_EX_RESPONSE,*PKERB_QUERY_TKT_CACHE_EX_RESPONSE; + + typedef struct _KERB_QUERY_TKT_CACHE_EX2_RESPONSE { + KERB_PROTOCOL_MESSAGE_TYPE MessageType; + ULONG CountOfTickets; + KERB_TICKET_CACHE_INFO_EX2 Tickets[ANYSIZE_ARRAY]; + } KERB_QUERY_TKT_CACHE_EX2_RESPONSE,*PKERB_QUERY_TKT_CACHE_EX2_RESPONSE; + +#ifndef __SECHANDLE_DEFINED__ + typedef struct _SecHandle { + ULONG_PTR dwLower; + ULONG_PTR dwUpper; + } SecHandle,*PSecHandle; + +#define __SECHANDLE_DEFINED__ +#endif + +#define KERB_USE_DEFAULT_TICKET_FLAGS 0x0 + +#define KERB_RETRIEVE_TICKET_DEFAULT 0x0 +#define KERB_RETRIEVE_TICKET_DONT_USE_CACHE 0x1 +#define KERB_RETRIEVE_TICKET_USE_CACHE_ONLY 0x2 +#define KERB_RETRIEVE_TICKET_USE_CREDHANDLE 0x4 +#define KERB_RETRIEVE_TICKET_AS_KERB_CRED 0x8 +#define KERB_RETRIEVE_TICKET_WITH_SEC_CRED 0x10 +#define KERB_RETRIEVE_TICKET_CACHE_TICKET 0x20 + +#define KERB_ETYPE_DEFAULT 0x0 + + typedef struct _KERB_AUTH_DATA { + ULONG Type; + ULONG Length; + PUCHAR Data; + } KERB_AUTH_DATA,*PKERB_AUTH_DATA; + + typedef struct _KERB_NET_ADDRESS { + ULONG Family; + ULONG Length; + PCHAR Address; + } KERB_NET_ADDRESS,*PKERB_NET_ADDRESS; + + typedef struct _KERB_NET_ADDRESSES { + ULONG Number; + KERB_NET_ADDRESS Addresses[ANYSIZE_ARRAY]; + } KERB_NET_ADDRESSES,*PKERB_NET_ADDRESSES; + + typedef struct _KERB_EXTERNAL_NAME { + SHORT NameType; + USHORT NameCount; + UNICODE_STRING Names[ANYSIZE_ARRAY]; + } KERB_EXTERNAL_NAME,*PKERB_EXTERNAL_NAME; + + typedef struct _KERB_EXTERNAL_TICKET { + PKERB_EXTERNAL_NAME ServiceName; + PKERB_EXTERNAL_NAME TargetName; + PKERB_EXTERNAL_NAME ClientName; + UNICODE_STRING DomainName; + UNICODE_STRING TargetDomainName; + UNICODE_STRING AltTargetDomainName; + KERB_CRYPTO_KEY SessionKey; + ULONG TicketFlags; + ULONG Flags; + LARGE_INTEGER KeyExpirationTime; + LARGE_INTEGER StartTime; + LARGE_INTEGER EndTime; + LARGE_INTEGER RenewUntil; + LARGE_INTEGER TimeSkew; + ULONG EncodedTicketSize; + PUCHAR EncodedTicket; + } KERB_EXTERNAL_TICKET,*PKERB_EXTERNAL_TICKET; + + typedef struct _KERB_RETRIEVE_TKT_REQUEST { + KERB_PROTOCOL_MESSAGE_TYPE MessageType; + LUID LogonId; + UNICODE_STRING TargetName; + ULONG TicketFlags; + ULONG CacheOptions; + LONG EncryptionType; + SecHandle CredentialsHandle; + } KERB_RETRIEVE_TKT_REQUEST,*PKERB_RETRIEVE_TKT_REQUEST; + + typedef struct _KERB_RETRIEVE_TKT_RESPONSE { + KERB_EXTERNAL_TICKET Ticket; + } KERB_RETRIEVE_TKT_RESPONSE,*PKERB_RETRIEVE_TKT_RESPONSE; + + typedef struct _KERB_PURGE_TKT_CACHE_REQUEST { + KERB_PROTOCOL_MESSAGE_TYPE MessageType; + LUID LogonId; + UNICODE_STRING ServerName; + UNICODE_STRING RealmName; + } KERB_PURGE_TKT_CACHE_REQUEST,*PKERB_PURGE_TKT_CACHE_REQUEST; + +#define KERB_PURGE_ALL_TICKETS 1 + + typedef struct _KERB_PURGE_TKT_CACHE_EX_REQUEST { + KERB_PROTOCOL_MESSAGE_TYPE MessageType; + LUID LogonId; + ULONG Flags; + KERB_TICKET_CACHE_INFO_EX TicketTemplate; + } KERB_PURGE_TKT_CACHE_EX_REQUEST,*PKERB_PURGE_TKT_CACHE_EX_REQUEST; + + typedef struct _KERB_CHANGEPASSWORD_REQUEST { + KERB_PROTOCOL_MESSAGE_TYPE MessageType; + UNICODE_STRING DomainName; + UNICODE_STRING AccountName; + UNICODE_STRING OldPassword; + UNICODE_STRING NewPassword; + BOOLEAN Impersonating; + } KERB_CHANGEPASSWORD_REQUEST,*PKERB_CHANGEPASSWORD_REQUEST; + + typedef struct _KERB_SETPASSWORD_REQUEST { + KERB_PROTOCOL_MESSAGE_TYPE MessageType; + LUID LogonId; + SecHandle CredentialsHandle; + ULONG Flags; + UNICODE_STRING DomainName; + UNICODE_STRING AccountName; + UNICODE_STRING Password; + } KERB_SETPASSWORD_REQUEST,*PKERB_SETPASSWORD_REQUEST; + + typedef struct _KERB_SETPASSWORD_EX_REQUEST { + KERB_PROTOCOL_MESSAGE_TYPE MessageType; + LUID LogonId; + SecHandle CredentialsHandle; + ULONG Flags; + UNICODE_STRING AccountRealm; + UNICODE_STRING AccountName; + UNICODE_STRING Password; + UNICODE_STRING ClientRealm; + UNICODE_STRING ClientName; + BOOLEAN Impersonating; + UNICODE_STRING KdcAddress; + ULONG KdcAddressType; + } KERB_SETPASSWORD_EX_REQUEST,*PKERB_SETPASSWORD_EX_REQUEST; + +#define DS_UNKNOWN_ADDRESS_TYPE 0 +#define KERB_SETPASS_USE_LOGONID 1 +#define KERB_SETPASS_USE_CREDHANDLE 2 + + typedef struct _KERB_DECRYPT_REQUEST { + KERB_PROTOCOL_MESSAGE_TYPE MessageType; + LUID LogonId; + ULONG Flags; + LONG CryptoType; + LONG KeyUsage; + KERB_CRYPTO_KEY Key; + ULONG EncryptedDataSize; + ULONG InitialVectorSize; + PUCHAR InitialVector; + PUCHAR EncryptedData; + } KERB_DECRYPT_REQUEST,*PKERB_DECRYPT_REQUEST; + +#define KERB_DECRYPT_FLAG_DEFAULT_KEY 0x00000001 + + typedef struct _KERB_DECRYPT_RESPONSE { + UCHAR DecryptedData[ANYSIZE_ARRAY]; + } KERB_DECRYPT_RESPONSE,*PKERB_DECRYPT_RESPONSE; + + typedef struct _KERB_ADD_BINDING_CACHE_ENTRY_REQUEST { + KERB_PROTOCOL_MESSAGE_TYPE MessageType; + UNICODE_STRING RealmName; + UNICODE_STRING KdcAddress; + ULONG AddressType; + } KERB_ADD_BINDING_CACHE_ENTRY_REQUEST,*PKERB_ADD_BINDING_CACHE_ENTRY_REQUEST; + + typedef struct _KERB_REFRESH_SCCRED_REQUEST { + KERB_PROTOCOL_MESSAGE_TYPE MessageType; + UNICODE_STRING CredentialBlob; + LUID LogonId; + ULONG Flags; + } KERB_REFRESH_SCCRED_REQUEST,*PKERB_REFRESH_SCCRED_REQUEST; + +#define KERB_REFRESH_SCCRED_RELEASE 0x0 +#define KERB_REFRESH_SCCRED_GETTGT 0x1 + + typedef struct _KERB_ADD_CREDENTIALS_REQUEST { + KERB_PROTOCOL_MESSAGE_TYPE MessageType; + UNICODE_STRING UserName; + UNICODE_STRING DomainName; + UNICODE_STRING Password; + LUID LogonId; + ULONG Flags; + } KERB_ADD_CREDENTIALS_REQUEST,*PKERB_ADD_CREDENTIALS_REQUEST; + +#define KERB_REQUEST_ADD_CREDENTIAL 1 +#define KERB_REQUEST_REPLACE_CREDENTIAL 2 +#define KERB_REQUEST_REMOVE_CREDENTIAL 4 + + typedef struct _KERB_TRANSFER_CRED_REQUEST { + KERB_PROTOCOL_MESSAGE_TYPE MessageType; + LUID OriginLogonId; + LUID DestinationLogonId; + ULONG Flags; + } KERB_TRANSFER_CRED_REQUEST,*PKERB_TRANSFER_CRED_REQUEST; + +#ifdef __cplusplus +} +#endif +#endif