diff options
Diffstat (limited to 'vendor/winapi/src/um/ntsecapi.rs')
-rw-r--r-- | vendor/winapi/src/um/ntsecapi.rs | 1728 |
1 files changed, 1728 insertions, 0 deletions
diff --git a/vendor/winapi/src/um/ntsecapi.rs b/vendor/winapi/src/um/ntsecapi.rs new file mode 100644 index 0000000..cf30ea9 --- /dev/null +++ b/vendor/winapi/src/um/ntsecapi.rs @@ -0,0 +1,1728 @@ +// Licensed under the Apache License, Version 2.0 +// <LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license +// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option. +// All files in the project carrying such notice may not be copied, modified, or distributed +// except according to those terms. +//! This module defines the Local Security Authority APIs. +use shared::basetsd::{ULONG64, ULONG_PTR}; +use shared::guiddef::GUID; +use shared::minwindef::{PUCHAR, PULONG, UCHAR, ULONG, USHORT}; +use shared::ntdef::NTSTATUS; +use shared::sspi::SecHandle; +use um::lsalookup::{ + LSA_TRUST_INFORMATION, LSA_UNICODE_STRING, PLSA_TRUST_INFORMATION, PLSA_UNICODE_STRING +}; +use um::subauth::{PUNICODE_STRING, STRING, UNICODE_STRING}; +use um::winnt::{ + ACCESS_MASK, ANYSIZE_ARRAY, BOOLEAN, HANDLE, LARGE_INTEGER, LONG, LUID, PACL, PCSTR, PCWSTR, + PSECURITY_DESCRIPTOR, PSID, PSTR, PVOID, PWSTR, QUOTA_LIMITS, SECURITY_INFORMATION, SHORT, SID, + SID_NAME_USE, STANDARD_RIGHTS_EXECUTE, STANDARD_RIGHTS_READ, STANDARD_RIGHTS_REQUIRED, + STANDARD_RIGHTS_WRITE, ULONGLONG +}; +DEFINE_GUID!{Audit_System_SecurityStateChange, + 0x0cce9210, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_System_SecuritySubsystemExtension, + 0x0cce9211, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_System_Integrity, + 0x0cce9212, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_System_IPSecDriverEvents, + 0x0cce9213, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_System_Others, + 0x0cce9214, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_Logon_Logon, + 0x0cce9215, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_Logon_Logoff, + 0x0cce9216, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_Logon_AccountLockout, + 0x0cce9217, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_Logon_IPSecMainMode, + 0x0cce9218, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_Logon_IPSecQuickMode, + 0x0cce9219, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_Logon_IPSecUserMode, + 0x0cce921a, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_Logon_SpecialLogon, + 0x0cce921b, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_Logon_Others, + 0x0cce921c, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_ObjectAccess_FileSystem, + 0x0cce921d, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_ObjectAccess_Registry, + 0x0cce921e, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_ObjectAccess_Kernel, + 0x0cce921f, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_ObjectAccess_Sam, + 0x0cce9220, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_ObjectAccess_CertificationServices, + 0x0cce9221, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_ObjectAccess_ApplicationGenerated, + 0x0cce9222, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_ObjectAccess_Handle, + 0x0cce9223, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_ObjectAccess_Share, + 0x0cce9224, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_ObjectAccess_FirewallPacketDrops, + 0x0cce9225, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_ObjectAccess_FirewallConnection, + 0x0cce9226, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_ObjectAccess_Other, + 0x0cce9227, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_PrivilegeUse_Sensitive, + 0x0cce9228, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_PrivilegeUse_NonSensitive, + 0x0cce9229, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_PrivilegeUse_Others, + 0x0cce922a, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_DetailedTracking_ProcessCreation, + 0x0cce922b, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_DetailedTracking_ProcessTermination, + 0x0cce922c, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_DetailedTracking_DpapiActivity, + 0x0cce922d, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_DetailedTracking_RpcCall, + 0x0cce922e, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_PolicyChange_AuditPolicy, + 0x0cce922f, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_PolicyChange_AuthenticationPolicy, + 0x0cce9230, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_PolicyChange_AuthorizationPolicy, + 0x0cce9231, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_PolicyChange_MpsscvRulePolicy, + 0x0cce9232, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_PolicyChange_WfpIPSecPolicy, + 0x0cce9233, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_PolicyChange_Others, + 0x0cce9234, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_AccountManagement_UserAccount, + 0x0cce9235, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_AccountManagement_ComputerAccount, + 0x0cce9236, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_AccountManagement_SecurityGroup, + 0x0cce9237, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_AccountManagement_DistributionGroup, + 0x0cce9238, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_AccountManagement_ApplicationGroup, + 0x0cce9239, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_AccountManagement_Others, + 0x0cce923a, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_DSAccess_DSAccess, + 0x0cce923b, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_DsAccess_AdAuditChanges, + 0x0cce923c, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_Ds_Replication, + 0x0cce923d, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_Ds_DetailedReplication, + 0x0cce923e, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_AccountLogon_CredentialValidation, + 0x0cce923f, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_AccountLogon_Kerberos, + 0x0cce9240, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_AccountLogon_Others, + 0x0cce9241, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_AccountLogon_KerbCredentialValidation, + 0x0cce9242, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_Logon_NPS, + 0x0cce9243, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_ObjectAccess_DetailedFileShare, + 0x0cce9244, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_ObjectAccess_RemovableStorage, + 0x0cce9245, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_ObjectAccess_CbacStaging, + 0x0cce9246, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_Logon_Claims, + 0x0cce9247, 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_System, + 0x69979848, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_Logon, + 0x69979849, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_ObjectAccess, + 0x6997984a, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_PrivilegeUse, + 0x6997984b, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_DetailedTracking, + 0x6997984c, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_PolicyChange, + 0x6997984d, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_AccountManagement, + 0x6997984e, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_DirectoryServiceAccess, + 0x6997984f, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +DEFINE_GUID!{Audit_AccountLogon, + 0x69979850, 0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30} +ENUM!{enum POLICY_AUDIT_EVENT_TYPE { + AuditCategorySystem = 0, + AuditCategoryLogon, + AuditCategoryObjectAccess, + AuditCategoryPrivilegeUse, + AuditCategoryDetailedTracking, + AuditCategoryPolicyChange, + AuditCategoryAccountManagement, + AuditCategoryDirectoryServiceAccess, + AuditCategoryAccountLogon, +}} +pub type PPOLICY_AUDIT_EVENT_TYPE = *mut POLICY_AUDIT_EVENT_TYPE; +pub const POLICY_AUDIT_EVENT_UNCHANGED: POLICY_AUDIT_EVENT_OPTIONS = 0x00000000; +pub const POLICY_AUDIT_EVENT_SUCCESS: POLICY_AUDIT_EVENT_OPTIONS = 0x00000001; +pub const POLICY_AUDIT_EVENT_FAILURE: POLICY_AUDIT_EVENT_OPTIONS = 0x00000002; +pub const POLICY_AUDIT_EVENT_NONE: POLICY_AUDIT_EVENT_OPTIONS = 0x00000004; +pub const POLICY_AUDIT_EVENT_MASK: POLICY_AUDIT_EVENT_OPTIONS = POLICY_AUDIT_EVENT_SUCCESS + | POLICY_AUDIT_EVENT_FAILURE | POLICY_AUDIT_EVENT_UNCHANGED | POLICY_AUDIT_EVENT_NONE; +pub const POLICY_VIEW_LOCAL_INFORMATION: ACCESS_MASK = 0x00000001; +pub const POLICY_VIEW_AUDIT_INFORMATION: ACCESS_MASK = 0x00000002; +pub const POLICY_GET_PRIVATE_INFORMATION: ACCESS_MASK = 0x00000004; +pub const POLICY_TRUST_ADMIN: ACCESS_MASK = 0x00000008; +pub const POLICY_CREATE_ACCOUNT: ACCESS_MASK = 0x00000010; +pub const POLICY_CREATE_SECRET: ACCESS_MASK = 0x00000020; +pub const POLICY_CREATE_PRIVILEGE: ACCESS_MASK = 0x00000040; +pub const POLICY_SET_DEFAULT_QUOTA_LIMITS: ACCESS_MASK = 0x00000080; +pub const POLICY_SET_AUDIT_REQUIREMENTS: ACCESS_MASK = 0x00000100; +pub const POLICY_AUDIT_LOG_ADMIN: ACCESS_MASK = 0x00000200; +pub const POLICY_SERVER_ADMIN: ACCESS_MASK = 0x00000400; +pub const POLICY_LOOKUP_NAMES: ACCESS_MASK = 0x00000800; +pub const POLICY_NOTIFICATION: ACCESS_MASK = 0x00001000; +pub const POLICY_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED + | POLICY_VIEW_LOCAL_INFORMATION | POLICY_VIEW_AUDIT_INFORMATION + | POLICY_GET_PRIVATE_INFORMATION | POLICY_TRUST_ADMIN | POLICY_CREATE_ACCOUNT + | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE | POLICY_SET_DEFAULT_QUOTA_LIMITS + | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN | POLICY_SERVER_ADMIN + | POLICY_LOOKUP_NAMES; +pub const POLICY_READ: ACCESS_MASK = STANDARD_RIGHTS_READ | POLICY_VIEW_AUDIT_INFORMATION + | POLICY_GET_PRIVATE_INFORMATION; +pub const POLICY_WRITE: ACCESS_MASK = STANDARD_RIGHTS_WRITE | POLICY_TRUST_ADMIN + | POLICY_CREATE_ACCOUNT | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE + | POLICY_SET_DEFAULT_QUOTA_LIMITS | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN + | POLICY_SERVER_ADMIN; +pub const POLICY_EXECUTE: ACCESS_MASK = STANDARD_RIGHTS_EXECUTE + | POLICY_VIEW_LOCAL_INFORMATION | POLICY_LOOKUP_NAMES; +STRUCT!{struct LSA_TRANSLATED_SID { + Use: SID_NAME_USE, + RelativeId: ULONG, + DomainIndex: LONG, +}} +pub type PLSA_TRANSLATED_SID = *mut LSA_TRANSLATED_SID; +ENUM!{enum POLICY_LSA_SERVER_ROLE { + PolicyServerRoleBackup = 2, + PolicyServerRolePrimary, +}} +pub type PPOLICY_LSA_SERVER_ROLE = *mut POLICY_LSA_SERVER_ROLE; +pub type POLICY_AUDIT_EVENT_OPTIONS = ULONG; +pub type PPOLICY_AUDIT_EVENT_OPTIONS = *mut ULONG; +ENUM!{enum POLICY_INFORMATION_CLASS { + PolicyAuditLogInformation = 1, + PolicyAuditEventsInformation, + PolicyPrimaryDomainInformation, + PolicyPdAccountInformation, + PolicyAccountDomainInformation, + PolicyLsaServerRoleInformation, + PolicyReplicaSourceInformation, + PolicyDefaultQuotaInformation, + PolicyModificationInformation, + PolicyAuditFullSetInformation, + PolicyAuditFullQueryInformation, + PolicyDnsDomainInformation, + PolicyDnsDomainInformationInt, + PolicyLocalAccountDomainInformation, + PolicyLastEntry, +}} +pub type PPOLICY_INFORMATION_CLASS = *mut POLICY_INFORMATION_CLASS; +STRUCT!{struct POLICY_AUDIT_LOG_INFO { + AuditLogPercentFull: ULONG, + MaximumLogSize: ULONG, + AuditRetentionPeriod: LARGE_INTEGER, + AuditLogFullShutdownInProgress: BOOLEAN, + TimeToShutdown: LARGE_INTEGER, + NextAuditRecordId: ULONG, +}} +pub type PPOLICY_AUDIT_LOG_INFO = *mut POLICY_AUDIT_LOG_INFO; +STRUCT!{struct POLICY_AUDIT_EVENTS_INFO { + AuditingMode: BOOLEAN, + EventAuditingOptions: PPOLICY_AUDIT_EVENT_OPTIONS, + MaximumAuditEventCount: ULONG, +}} +pub type PPOLICY_AUDIT_EVENTS_INFO = *mut POLICY_AUDIT_EVENTS_INFO; +STRUCT!{struct POLICY_AUDIT_SUBCATEGORIES_INFO { + MaximumSubCategoryCount: ULONG, + EventAuditingOptions: PPOLICY_AUDIT_EVENT_OPTIONS, +}} +pub type PPOLICY_AUDIT_SUBCATEGORIES_INFO = *mut POLICY_AUDIT_SUBCATEGORIES_INFO; +STRUCT!{struct POLICY_AUDIT_CATEGORIES_INFO { + MaximumSubCategoryCount: ULONG, + SubCategoriesInfo: PPOLICY_AUDIT_SUBCATEGORIES_INFO, +}} +pub type PPOLICY_AUDIT_CATEGORIES_INFO = *mut POLICY_AUDIT_CATEGORIES_INFO; +pub const PER_USER_POLICY_UNCHANGED: ULONG = 0x00; +pub const PER_USER_AUDIT_SUCCESS_INCLUDE: ULONG = 0x01; +pub const PER_USER_AUDIT_SUCCESS_EXCLUDE: ULONG = 0x02; +pub const PER_USER_AUDIT_FAILURE_INCLUDE: ULONG = 0x04; +pub const PER_USER_AUDIT_FAILURE_EXCLUDE: ULONG = 0x08; +pub const PER_USER_AUDIT_NONE: ULONG = 0x10; +pub const VALID_PER_USER_AUDIT_POLICY_FLAG: ULONG = PER_USER_AUDIT_SUCCESS_INCLUDE + | PER_USER_AUDIT_SUCCESS_EXCLUDE | PER_USER_AUDIT_FAILURE_INCLUDE + | PER_USER_AUDIT_FAILURE_EXCLUDE | PER_USER_AUDIT_NONE; +STRUCT!{struct POLICY_PRIMARY_DOMAIN_INFO { + Name: LSA_UNICODE_STRING, + Sid: PSID, +}} +pub type PPOLICY_PRIMARY_DOMAIN_INFO = *mut POLICY_PRIMARY_DOMAIN_INFO; +STRUCT!{struct POLICY_PD_ACCOUNT_INFO { + Name: LSA_UNICODE_STRING, +}} +pub type PPOLICY_PD_ACCOUNT_INFO = *mut POLICY_PD_ACCOUNT_INFO; +STRUCT!{struct POLICY_LSA_SERVER_ROLE_INFO { + LsaServerRole: POLICY_LSA_SERVER_ROLE, +}} +pub type PPOLICY_LSA_SERVER_ROLE_INFO = *mut POLICY_LSA_SERVER_ROLE_INFO; +STRUCT!{struct POLICY_REPLICA_SOURCE_INFO { + ReplicaSource: LSA_UNICODE_STRING, + ReplicaAccountName: LSA_UNICODE_STRING, +}} +pub type PPOLICY_REPLICA_SOURCE_INFO = *mut POLICY_REPLICA_SOURCE_INFO; +STRUCT!{struct POLICY_DEFAULT_QUOTA_INFO { + QuotaLimits: QUOTA_LIMITS, +}} +pub type PPOLICY_DEFAULT_QUOTA_INFO = *mut POLICY_DEFAULT_QUOTA_INFO; +STRUCT!{struct POLICY_MODIFICATION_INFO { + ModifiedId: LARGE_INTEGER, + DatabaseCreationTime: LARGE_INTEGER, +}} +pub type PPOLICY_MODIFICATION_INFO = *mut POLICY_MODIFICATION_INFO; +STRUCT!{struct POLICY_AUDIT_FULL_SET_INFO { + ShutDownOnFull: BOOLEAN, +}} +pub type PPOLICY_AUDIT_FULL_SET_INFO = *mut POLICY_AUDIT_FULL_SET_INFO; +STRUCT!{struct POLICY_AUDIT_FULL_QUERY_INFO { + ShutDownOnFull: BOOLEAN, + LogIsFull: BOOLEAN, +}} +pub type PPOLICY_AUDIT_FULL_QUERY_INFO = *mut POLICY_AUDIT_FULL_QUERY_INFO; +ENUM!{enum POLICY_DOMAIN_INFORMATION_CLASS { + PolicyDomainEfsInformation = 2, + PolicyDomainKerberosTicketInformation, +}} +pub type PPOLICY_DOMAIN_INFORMATION_CLASS = *mut POLICY_DOMAIN_INFORMATION_CLASS; +STRUCT!{struct POLICY_DOMAIN_EFS_INFO { + InfoLength: ULONG, + EfsBlob: PUCHAR, +}} +pub type PPOLICY_DOMAIN_EFS_INFO = *mut POLICY_DOMAIN_EFS_INFO; +STRUCT!{struct POLICY_DOMAIN_KERBEROS_TICKET_INFO { + AuthenticationOptions: ULONG, + MaxServiceTicketAge: LARGE_INTEGER, + MaxTicketAge: LARGE_INTEGER, + MaxRenewAge: LARGE_INTEGER, + MaxClockSkew: LARGE_INTEGER, + Reserved: LARGE_INTEGER, +}} +pub type PPOLICY_DOMAIN_KERBEROS_TICKET_INFO = *mut POLICY_DOMAIN_KERBEROS_TICKET_INFO; +ENUM!{enum POLICY_NOTIFICATION_INFORMATION_CLASS { + PolicyNotifyAuditEventsInformation = 1, + PolicyNotifyAccountDomainInformation, + PolicyNotifyServerRoleInformation, + PolicyNotifyDnsDomainInformation, + PolicyNotifyDomainEfsInformation, + PolicyNotifyDomainKerberosTicketInformation, + PolicyNotifyMachineAccountPasswordInformation, + PolicyNotifyGlobalSaclInformation, + PolicyNotifyMax, +}} +pub type PPOLICY_NOTIFICATION_INFORMATION_CLASS = *mut POLICY_NOTIFICATION_INFORMATION_CLASS; +pub type LSA_HANDLE = PVOID; +pub type PLSA_HANDLE = *mut PVOID; +ENUM!{enum TRUSTED_INFORMATION_CLASS { + TrustedDomainNameInformation = 1, + TrustedControllersInformation, + TrustedPosixOffsetInformation, + TrustedPasswordInformation, + TrustedDomainInformationBasic, + TrustedDomainInformationEx, + TrustedDomainAuthInformation, + TrustedDomainFullInformation, + TrustedDomainAuthInformationInternal, + TrustedDomainFullInformationInternal, + TrustedDomainInformationEx2Internal, + TrustedDomainFullInformation2Internal, + TrustedDomainSupportedEncryptionTypes, +}} +pub type PTRUSTED_INFORMATION_CLASS = *mut TRUSTED_INFORMATION_CLASS; +STRUCT!{struct TRUSTED_DOMAIN_NAME_INFO { + Name: LSA_UNICODE_STRING, +}} +pub type PTRUSTED_DOMAIN_NAME_INFO = *mut TRUSTED_DOMAIN_NAME_INFO; +STRUCT!{struct TRUSTED_CONTROLLERS_INFO { + Entries: ULONG, + Names: PLSA_UNICODE_STRING, +}} +pub type PTRUSTED_CONTROLLERS_INFO = *mut TRUSTED_CONTROLLERS_INFO; +STRUCT!{struct TRUSTED_POSIX_OFFSET_INFO { + Offset: ULONG, +}} +pub type PTRUSTED_POSIX_OFFSET_INFO = *mut TRUSTED_POSIX_OFFSET_INFO; +STRUCT!{struct TRUSTED_PASSWORD_INFO { + Password: LSA_UNICODE_STRING, + OldPassword: LSA_UNICODE_STRING, +}} +pub type PTRUSTED_PASSWORD_INFO = *mut TRUSTED_PASSWORD_INFO; +pub type TRUSTED_DOMAIN_INFORMATION_BASIC = LSA_TRUST_INFORMATION; +pub type PTRUSTED_DOMAIN_INFORMATION_BASIC = PLSA_TRUST_INFORMATION; +pub const TRUST_DIRECTION_DISABLED: ULONG = 0x00000000; +pub const TRUST_DIRECTION_INBOUND: ULONG = 0x00000001; +pub const TRUST_DIRECTION_OUTBOUND: ULONG = 0x00000002; +pub const TRUST_DIRECTION_BIDIRECTIONAL: ULONG = TRUST_DIRECTION_INBOUND + | TRUST_DIRECTION_OUTBOUND; +pub const TRUST_TYPE_DOWNLEVEL: ULONG = 0x00000001; +pub const TRUST_TYPE_UPLEVEL: ULONG = 0x00000002; +pub const TRUST_TYPE_MIT: ULONG = 0x00000003; +pub const TRUST_ATTRIBUTE_NON_TRANSITIVE: ULONG = 0x00000001; +pub const TRUST_ATTRIBUTE_UPLEVEL_ONLY: ULONG = 0x00000002; +pub const TRUST_ATTRIBUTE_QUARANTINED_DOMAIN: ULONG = 0x00000004; +pub const TRUST_ATTRIBUTE_FOREST_TRANSITIVE: ULONG = 0x00000008; +pub const TRUST_ATTRIBUTE_CROSS_ORGANIZATION: ULONG = 0x00000010; +pub const TRUST_ATTRIBUTE_WITHIN_FOREST: ULONG = 0x00000020; +pub const TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL: ULONG = 0x00000040; +pub const TRUST_ATTRIBUTE_TRUST_USES_RC4_ENCRYPTION: ULONG = 0x00000080; +pub const TRUST_ATTRIBUTE_TRUST_USES_AES_KEYS: ULONG = 0x00000100; +pub const TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION: ULONG = 0x00000200; +pub const TRUST_ATTRIBUTES_VALID: ULONG = 0xFF03FFFF; +pub const TRUST_ATTRIBUTES_USER: ULONG = 0xFF000000; +STRUCT!{struct TRUSTED_DOMAIN_INFORMATION_EX { + Name: LSA_UNICODE_STRING, + FlatName: LSA_UNICODE_STRING, + Sid: PSID, + TrustDirection: ULONG, + TrustType: ULONG, + TrustAttributes: ULONG, +}} +pub type PTRUSTED_DOMAIN_INFORMATION_EX = *mut TRUSTED_DOMAIN_INFORMATION_EX; +STRUCT!{struct TRUSTED_DOMAIN_INFORMATION_EX2 { + Name: LSA_UNICODE_STRING, + FlatName: LSA_UNICODE_STRING, + Sid: PSID, + TrustDirection: ULONG, + TrustType: ULONG, + TrustAttributes: ULONG, + ForestTrustLength: ULONG, + ForestTrustInfo: PUCHAR, +}} +pub type PTRUSTED_DOMAIN_INFORMATION_EX2 = *mut TRUSTED_DOMAIN_INFORMATION_EX2; +pub const TRUST_AUTH_TYPE_NONE: ULONG = 0; +pub const TRUST_AUTH_TYPE_NT4OWF: ULONG = 1; +pub const TRUST_AUTH_TYPE_CLEAR: ULONG = 2; +pub const TRUST_AUTH_TYPE_VERSION: ULONG = 3; +STRUCT!{struct LSA_AUTH_INFORMATION { + LastUpdateTime: LARGE_INTEGER, + AuthType: ULONG, + AuthInfoLength: ULONG, + AuthInfo: PUCHAR, +}} +pub type PLSA_AUTH_INFORMATION = *mut LSA_AUTH_INFORMATION; +STRUCT!{struct TRUSTED_DOMAIN_AUTH_INFORMATION { + IncomingAuthInfos: ULONG, + IncomingAuthenticationInformation: PLSA_AUTH_INFORMATION, + IncomingPreviousAuthenticationInformation: PLSA_AUTH_INFORMATION, + OutgoingAuthInfos: ULONG, + OutgoingAuthenticationInformation: PLSA_AUTH_INFORMATION, + OutgoingPreviousAuthenticationInformation: PLSA_AUTH_INFORMATION, +}} +pub type PTRUSTED_DOMAIN_AUTH_INFORMATION = *mut TRUSTED_DOMAIN_AUTH_INFORMATION; +STRUCT!{struct TRUSTED_DOMAIN_FULL_INFORMATION { + Information: TRUSTED_DOMAIN_INFORMATION_EX, + PosixOffset: TRUSTED_POSIX_OFFSET_INFO, + AuthInformation: TRUSTED_DOMAIN_AUTH_INFORMATION, +}} +pub type PTRUSTED_DOMAIN_FULL_INFORMATION = *mut TRUSTED_DOMAIN_FULL_INFORMATION; +STRUCT!{struct TRUSTED_DOMAIN_FULL_INFORMATION2 { + Information: TRUSTED_DOMAIN_INFORMATION_EX2, + PosixOffset: TRUSTED_POSIX_OFFSET_INFO, + AuthInformation: TRUSTED_DOMAIN_AUTH_INFORMATION, +}} +pub type PTRUSTED_DOMAIN_FULL_INFORMATION2 = *mut TRUSTED_DOMAIN_FULL_INFORMATION2; +STRUCT!{struct TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES { + SupportedEncryptionTypes: ULONG, +}} +pub type PTRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES = + *mut TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES; +ENUM!{enum LSA_FOREST_TRUST_RECORD_TYPE { + ForestTrustTopLevelName, + ForestTrustTopLevelNameEx, + ForestTrustDomainInfo, + ForestTrustRecordTypeLast, // = ForestTrustDomainInfo, +}} +pub const LSA_FTRECORD_DISABLED_REASONS: ULONG = 0x0000FFFF; +pub const LSA_TLN_DISABLED_NEW: ULONG = 0x00000001; +pub const LSA_TLN_DISABLED_ADMIN: ULONG = 0x00000002; +pub const LSA_TLN_DISABLED_CONFLICT: ULONG = 0x00000004; +pub const LSA_SID_DISABLED_ADMIN: ULONG = 0x00000001; +pub const LSA_SID_DISABLED_CONFLICT: ULONG = 0x00000002; +pub const LSA_NB_DISABLED_ADMIN: ULONG = 0x00000004; +pub const LSA_NB_DISABLED_CONFLICT: ULONG = 0x00000008; +STRUCT!{struct LSA_FOREST_TRUST_DOMAIN_INFO { + Sid: PSID, + DnsName: LSA_UNICODE_STRING, + NetbiosName: LSA_UNICODE_STRING, +}} +pub type PLSA_FOREST_TRUST_DOMAIN_INFO = *mut LSA_FOREST_TRUST_DOMAIN_INFO; +pub const MAX_FOREST_TRUST_BINARY_DATA_SIZE: ULONG = 128 * 1024; +STRUCT!{struct LSA_FOREST_TRUST_BINARY_DATA { + Length: ULONG, + Buffer: PUCHAR, +}} +pub type PLSA_FOREST_TRUST_BINARY_DATA = *mut LSA_FOREST_TRUST_BINARY_DATA; +UNION!{union LSA_FOREST_TRUST_RECORD_ForestTrustData { + [usize; 5], + TopLevelName TopLevelName_mut: LSA_UNICODE_STRING, + DomainInfo DomainInfo_mut: LSA_FOREST_TRUST_DOMAIN_INFO, + Data Data_mut: LSA_FOREST_TRUST_BINARY_DATA, +}} +STRUCT!{struct LSA_FOREST_TRUST_RECORD { + Flags: ULONG, + ForestTrustType: LSA_FOREST_TRUST_RECORD_TYPE, + Time: LARGE_INTEGER, + ForestTrustData: LSA_FOREST_TRUST_RECORD_ForestTrustData, +}} +pub type PLSA_FOREST_TRUST_RECORD = *mut LSA_FOREST_TRUST_RECORD; +pub const MAX_RECORDS_IN_FOREST_TRUST_INFO: ULONG = 4000; +STRUCT!{struct LSA_FOREST_TRUST_INFORMATION { + RecordCount: ULONG, + Entries: *mut PLSA_FOREST_TRUST_RECORD, +}} +pub type PLSA_FOREST_TRUST_INFORMATION = *mut LSA_FOREST_TRUST_INFORMATION; +ENUM!{enum LSA_FOREST_TRUST_COLLISION_RECORD_TYPE { + CollisionTdo, + CollisionXref, + CollisionOther, +}} +STRUCT!{struct LSA_FOREST_TRUST_COLLISION_RECORD { + Index: ULONG, + Type: LSA_FOREST_TRUST_COLLISION_RECORD_TYPE, + Flags: ULONG, + Name: LSA_UNICODE_STRING, +}} +pub type PLSA_FOREST_TRUST_COLLISION_RECORD = *mut LSA_FOREST_TRUST_COLLISION_RECORD; +STRUCT!{struct LSA_FOREST_TRUST_COLLISION_INFORMATION { + RecordCount: ULONG, + Entries: *mut PLSA_FOREST_TRUST_COLLISION_RECORD, +}} +pub type PLSA_FOREST_TRUST_COLLISION_INFORMATION = *mut LSA_FOREST_TRUST_COLLISION_INFORMATION; +pub type LSA_ENUMERATION_HANDLE = ULONG; +pub type PLSA_ENUMERATION_HANDLE = *mut ULONG; +STRUCT!{struct LSA_ENUMERATION_INFORMATION { + Sid: PSID, +}} +pub type PLSA_ENUMERATION_INFORMATION = *mut LSA_ENUMERATION_INFORMATION; +STRUCT!{struct LSA_LAST_INTER_LOGON_INFO { + LastSuccessfulLogon: LARGE_INTEGER, + LastFailedLogon: LARGE_INTEGER, + FailedAttemptCountSinceLastSuccessfulLogon: ULONG, +}} +pub type PLSA_LAST_INTER_LOGON_INFO = *mut LSA_LAST_INTER_LOGON_INFO; +STRUCT!{struct SECURITY_LOGON_SESSION_DATA { + Size: ULONG, + LogonId: LUID, + UserName: LSA_UNICODE_STRING, + LogonDomain: LSA_UNICODE_STRING, + AuthenticationPackage: LSA_UNICODE_STRING, + LogonType: ULONG, + Session: ULONG, + Sid: PSID, + LogonTime: LARGE_INTEGER, + LogonServer: LSA_UNICODE_STRING, + DnsDomainName: LSA_UNICODE_STRING, + Upn: LSA_UNICODE_STRING, + UserFlags: ULONG, + LastLogonInfo: LSA_LAST_INTER_LOGON_INFO, + LogonScript: LSA_UNICODE_STRING, + ProfilePath: LSA_UNICODE_STRING, + HomeDirectory: LSA_UNICODE_STRING, + HomeDirectoryDrive: LSA_UNICODE_STRING, + LogoffTime: LARGE_INTEGER, + KickOffTime: LARGE_INTEGER, + PasswordLastSet: LARGE_INTEGER, + PasswordCanChange: LARGE_INTEGER, + PasswordMustChange: LARGE_INTEGER, +}} +pub type PSECURITY_LOGON_SESSION_DATA = *mut SECURITY_LOGON_SESSION_DATA; +pub const CENTRAL_ACCESS_POLICY_OWNER_RIGHTS_PRESENT_FLAG: ULONG = 0x00000001; +pub const CENTRAL_ACCESS_POLICY_STAGED_OWNER_RIGHTS_PRESENT_FLAG: ULONG = 0x00000100; +pub const CENTRAL_ACCESS_POLICY_STAGED_FLAG: ULONG = 0x00010000; +pub const CENTRAL_ACCESS_POLICY_VALID_FLAG_MASK: ULONG = + CENTRAL_ACCESS_POLICY_OWNER_RIGHTS_PRESENT_FLAG + | CENTRAL_ACCESS_POLICY_STAGED_OWNER_RIGHTS_PRESENT_FLAG + | CENTRAL_ACCESS_POLICY_STAGED_FLAG; +pub const LSASETCAPS_RELOAD_FLAG: ULONG = 0x00000001; +pub const LSASETCAPS_VALID_FLAG_MASK: ULONG = LSASETCAPS_RELOAD_FLAG; +STRUCT!{struct CENTRAL_ACCESS_POLICY_ENTRY { + Name: LSA_UNICODE_STRING, + Description: LSA_UNICODE_STRING, + ChangeId: LSA_UNICODE_STRING, + LengthAppliesTo: ULONG, + AppliesTo: PUCHAR, + LengthSD: ULONG, + SD: PSECURITY_DESCRIPTOR, + LengthStagedSD: ULONG, + StagedSD: PSECURITY_DESCRIPTOR, + Flags: ULONG, +}} +pub type PCENTRAL_ACCESS_POLICY_ENTRY = *mut CENTRAL_ACCESS_POLICY_ENTRY; +pub type PCCENTRAL_ACCESS_POLICY_ENTRY = *const CENTRAL_ACCESS_POLICY_ENTRY; +STRUCT!{struct CENTRAL_ACCESS_POLICY { + CAPID: PSID, + Name: LSA_UNICODE_STRING, + Description: LSA_UNICODE_STRING, + ChangeId: LSA_UNICODE_STRING, + Flags: ULONG, + CAPECount: ULONG, + CAPEs: *mut PCENTRAL_ACCESS_POLICY_ENTRY, +}} +pub type PCENTRAL_ACCESS_POLICY = *mut CENTRAL_ACCESS_POLICY; +pub type PCCENTRAL_ACCESS_POLICY = *const CENTRAL_ACCESS_POLICY; +ENUM!{enum NEGOTIATE_MESSAGES { + NegEnumPackagePrefixes = 0, + NegGetCallerName = 1, + NegTransferCredentials = 2, + NegCallPackageMax, +}} +pub const NEGOTIATE_MAX_PREFIX: usize = 32; +STRUCT!{struct NEGOTIATE_PACKAGE_PREFIX { + PackageId: ULONG_PTR, + PackageDataA: PVOID, + PackageDataW: PVOID, + PrefixLen: ULONG_PTR, + Prefix: [UCHAR; NEGOTIATE_MAX_PREFIX], +}} +pub type PNEGOTIATE_PACKAGE_PREFIX = *mut NEGOTIATE_PACKAGE_PREFIX; +STRUCT!{struct NEGOTIATE_PACKAGE_PREFIXES { + MessageType: ULONG, + PrefixCount: ULONG, + Offset: ULONG, + Pad: ULONG, +}} +pub type PNEGOTIATE_PACKAGE_PREFIXES = *mut NEGOTIATE_PACKAGE_PREFIXES; +STRUCT!{struct NEGOTIATE_CALLER_NAME_REQUEST { + MessageType: ULONG, + LogonId: LUID, +}} +pub type PNEGOTIATE_CALLER_NAME_REQUEST = *mut NEGOTIATE_CALLER_NAME_REQUEST; +STRUCT!{struct NEGOTIATE_CALLER_NAME_RESPONSE { + MessageType: ULONG, + CallerName: PWSTR, +}} +pub type PNEGOTIATE_CALLER_NAME_RESPONSE = *mut NEGOTIATE_CALLER_NAME_RESPONSE; +STRUCT!{struct DOMAIN_PASSWORD_INFORMATION { + MinPasswordLength: USHORT, + PasswordHistoryLength: USHORT, + PasswordProperties: ULONG, + MaxPasswordAge: LARGE_INTEGER, + MinPasswordAge: LARGE_INTEGER, +}} +pub type PDOMAIN_PASSWORD_INFORMATION = *mut DOMAIN_PASSWORD_INFORMATION; +pub const DOMAIN_PASSWORD_COMPLEX: ULONG = 0x00000001; +pub const DOMAIN_PASSWORD_NO_ANON_CHANGE: ULONG = 0x00000002; +pub const DOMAIN_PASSWORD_NO_CLEAR_CHANGE: ULONG = 0x00000004; +pub const DOMAIN_LOCKOUT_ADMINS: ULONG = 0x00000008; +pub const DOMAIN_PASSWORD_STORE_CLEARTEXT: ULONG = 0x00000010; +pub const DOMAIN_REFUSE_PASSWORD_CHANGE: ULONG = 0x00000020; +pub const DOMAIN_NO_LM_OWF_CHANGE: ULONG = 0x00000040; +FN!{stdcall PSAM_PASSWORD_NOTIFICATION_ROUTINE( + UserName: PUNICODE_STRING, + RelativeId: ULONG, + NewPassword: PUNICODE_STRING, +) -> NTSTATUS} +FN!{stdcall PSAM_INIT_NOTIFICATION_ROUTINE() -> BOOLEAN} +FN!{stdcall PSAM_PASSWORD_FILTER_ROUTINE( + AccountName: PUNICODE_STRING, + FullName: PUNICODE_STRING, + Password: PUNICODE_STRING, + SetOperation: BOOLEAN, +) -> BOOLEAN} +ENUM!{enum MSV1_0_LOGON_SUBMIT_TYPE { + MsV1_0InteractiveLogon = 2, + MsV1_0Lm20Logon, + MsV1_0NetworkLogon, + MsV1_0SubAuthLogon, + MsV1_0WorkstationUnlockLogon = 7, + MsV1_0S4ULogon = 12, + MsV1_0VirtualLogon = 82, + MsV1_0NoElevationLogon = 83, + MsV1_0LuidLogon = 84, +}} +pub type PMSV1_0_LOGON_SUBMIT_TYPE = *mut MSV1_0_LOGON_SUBMIT_TYPE; +ENUM!{enum MSV1_0_PROFILE_BUFFER_TYPE { + MsV1_0InteractiveProfile = 2, + MsV1_0Lm20LogonProfile, + MsV1_0SmartCardProfile, +}} +pub type PMSV1_0_PROFILE_BUFFER_TYPE = *mut MSV1_0_PROFILE_BUFFER_TYPE; +STRUCT!{struct MSV1_0_INTERACTIVE_LOGON { + MessageType: MSV1_0_LOGON_SUBMIT_TYPE, + LogonDomainName: UNICODE_STRING, + UserName: UNICODE_STRING, + Password: UNICODE_STRING, +}} +pub type PMSV1_0_INTERACTIVE_LOGON = *mut MSV1_0_INTERACTIVE_LOGON; +STRUCT!{struct MSV1_0_INTERACTIVE_PROFILE { + MessageType: MSV1_0_PROFILE_BUFFER_TYPE, + LogonCount: USHORT, + BadPasswordCount: USHORT, + LogonTime: LARGE_INTEGER, + LogoffTime: LARGE_INTEGER, + KickOffTime: LARGE_INTEGER, + PasswordLastSet: LARGE_INTEGER, + PasswordCanChange: LARGE_INTEGER, + PasswordMustChange: LARGE_INTEGER, + LogonScript: UNICODE_STRING, + HomeDirectory: UNICODE_STRING, + FullName: UNICODE_STRING, + ProfilePath: UNICODE_STRING, + HomeDirectoryDrive: UNICODE_STRING, + LogonServer: UNICODE_STRING, + UserFlags: ULONG, +}} +pub type PMSV1_0_INTERACTIVE_PROFILE = *mut MSV1_0_INTERACTIVE_PROFILE; +pub const MSV1_0_CHALLENGE_LENGTH: usize = 8; +pub const MSV1_0_USER_SESSION_KEY_LENGTH: usize = 16; +pub const MSV1_0_LANMAN_SESSION_KEY_LENGTH: usize = 8; +pub const MSV1_0_CLEARTEXT_PASSWORD_ALLOWED: ULONG = 0x02; +pub const MSV1_0_UPDATE_LOGON_STATISTICS: ULONG = 0x04; +pub const MSV1_0_RETURN_USER_PARAMETERS: ULONG = 0x08; +pub const MSV1_0_DONT_TRY_GUEST_ACCOUNT: ULONG = 0x10; +pub const MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT: ULONG = 0x20; +pub const MSV1_0_RETURN_PASSWORD_EXPIRY: ULONG = 0x40; +pub const MSV1_0_USE_CLIENT_CHALLENGE: ULONG = 0x80; +pub const MSV1_0_TRY_GUEST_ACCOUNT_ONLY: ULONG = 0x100; +pub const MSV1_0_RETURN_PROFILE_PATH: ULONG = 0x200; +pub const MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY: ULONG = 0x400; +pub const MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT: ULONG = 0x800; +pub const MSV1_0_DISABLE_PERSONAL_FALLBACK: ULONG = 0x00001000; +pub const MSV1_0_ALLOW_FORCE_GUEST: ULONG = 0x00002000; +pub const MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED: ULONG = 0x00004000; +pub const MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY: ULONG = 0x00008000; +pub const MSV1_0_SUBAUTHENTICATION_DLL_EX: ULONG = 0x00100000; +pub const MSV1_0_ALLOW_MSVCHAPV2: ULONG = 0x00010000; +pub const MSV1_0_S4U2SELF: ULONG = 0x00020000; +pub const MSV1_0_CHECK_LOGONHOURS_FOR_S4U: ULONG = 0x00040000; +pub const MSV1_0_INTERNET_DOMAIN: ULONG = 0x00080000; +pub const MSV1_0_SUBAUTHENTICATION_DLL: ULONG = 0xFF000000; +pub const MSV1_0_SUBAUTHENTICATION_DLL_SHIFT: ULONG = 24; +pub const MSV1_0_MNS_LOGON: ULONG = 0x01000000; +pub const MSV1_0_SUBAUTHENTICATION_DLL_RAS: ULONG = 2; +pub const MSV1_0_SUBAUTHENTICATION_DLL_IIS: ULONG = 132; +STRUCT!{struct MSV1_0_LM20_LOGON { + MessageType: MSV1_0_LOGON_SUBMIT_TYPE, + LogonDomainName: UNICODE_STRING, + UserName: UNICODE_STRING, + Workstation: UNICODE_STRING, + ChallengeToClient: [UCHAR; MSV1_0_CHALLENGE_LENGTH], + CaseSensitiveChallengeResponse: STRING, + CaseInsensitiveChallengeResponse: STRING, + ParameterControl: ULONG, +}} +pub type PMSV1_0_LM20_LOGON = *mut MSV1_0_LM20_LOGON; +STRUCT!{struct MSV1_0_SUBAUTH_LOGON { + MessageType: MSV1_0_LOGON_SUBMIT_TYPE, + LogonDomainName: UNICODE_STRING, + UserName: UNICODE_STRING, + Workstation: UNICODE_STRING, + ChallengeToClient: [UCHAR; MSV1_0_CHALLENGE_LENGTH], + AuthenticationInfo1: STRING, + AuthenticationInfo2: STRING, + ParameterControl: ULONG, + SubAuthPackageId: ULONG, +}} +pub type PMSV1_0_SUBAUTH_LOGON = *mut MSV1_0_SUBAUTH_LOGON; +STRUCT!{struct MSV1_0_S4U_LOGON { + MessageType: MSV1_0_LOGON_SUBMIT_TYPE, + MSV1_0_LOGON_SUBMIT_TYPE: ULONG, + UserPrincipalName: UNICODE_STRING, + DomainName: UNICODE_STRING, +}} +pub type PMSV1_0_S4U_LOGON = *mut MSV1_0_S4U_LOGON; +pub const LOGON_GUEST: ULONG = 0x01; +pub const LOGON_NOENCRYPTION: ULONG = 0x02; +pub const LOGON_CACHED_ACCOUNT: ULONG = 0x04; +pub const LOGON_USED_LM_PASSWORD: ULONG = 0x08; +pub const LOGON_EXTRA_SIDS: ULONG = 0x20; +pub const LOGON_SUBAUTH_SESSION_KEY: ULONG = 0x40; +pub const LOGON_SERVER_TRUST_ACCOUNT: ULONG = 0x80; +pub const LOGON_NTLMV2_ENABLED: ULONG = 0x100; +pub const LOGON_RESOURCE_GROUPS: ULONG = 0x200; +pub const LOGON_PROFILE_PATH_RETURNED: ULONG = 0x400; +pub const LOGON_NT_V2: ULONG = 0x800; +pub const LOGON_LM_V2: ULONG = 0x1000; +pub const LOGON_NTLM_V2: ULONG = 0x2000; +pub const LOGON_OPTIMIZED: ULONG = 0x4000; +pub const LOGON_WINLOGON: ULONG = 0x8000; +pub const LOGON_PKINIT: ULONG = 0x10000; +pub const LOGON_NO_OPTIMIZED: ULONG = 0x20000; +pub const LOGON_NO_ELEVATION: ULONG = 0x40000; +pub const LOGON_MANAGED_SERVICE: ULONG = 0x80000; +pub const LOGON_GRACE_LOGON: ULONG = 0x01000000; +STRUCT!{struct MSV1_0_LM20_LOGON_PROFILE { + MessageType: MSV1_0_PROFILE_BUFFER_TYPE, + KickOffTime: LARGE_INTEGER, + LogoffTime: LARGE_INTEGER, + UserFlags: ULONG, + UserSessionKey: [UCHAR; MSV1_0_USER_SESSION_KEY_LENGTH], + LogonDomainName: UNICODE_STRING, + LanmanSessionKey: [UCHAR; MSV1_0_LANMAN_SESSION_KEY_LENGTH], + LogonServer: UNICODE_STRING, + UserParameters: UNICODE_STRING, +}} +pub type PMSV1_0_LM20_LOGON_PROFILE = *mut MSV1_0_LM20_LOGON_PROFILE; +pub const MSV1_0_OWF_PASSWORD_LENGTH: usize = 16; +STRUCT!{struct MSV1_0_SUPPLEMENTAL_CREDENTIAL { + Version: ULONG, + Flags: ULONG, + LmPassword: [UCHAR; MSV1_0_OWF_PASSWORD_LENGTH], + NtPassword: [UCHAR; MSV1_0_OWF_PASSWORD_LENGTH], +}} +pub type PMSV1_0_SUPPLEMENTAL_CREDENTIAL = *mut MSV1_0_SUPPLEMENTAL_CREDENTIAL; +pub const MSV1_0_NTLM3_RESPONSE_LENGTH: usize = 16; +pub const MSV1_0_NTLM3_OWF_LENGTH: usize = 16; +STRUCT!{struct MSV1_0_NTLM3_RESPONSE { + Response: [UCHAR; MSV1_0_NTLM3_RESPONSE_LENGTH], + RespType: UCHAR, + HiRespType: UCHAR, + Flags: USHORT, + MsgWord: ULONG, + TimeStamp: ULONGLONG, + ChallengeFromClient: [UCHAR; MSV1_0_CHALLENGE_LENGTH], + AvPairsOff: ULONG, + Buffer: [UCHAR; 1], +}} +pub type PMSV1_0_NTLM3_RESPONSE = *mut MSV1_0_NTLM3_RESPONSE; +ENUM!{enum MSV1_0_AVID { + MsvAvEOL, + MsvAvNbComputerName, + MsvAvNbDomainName, + MsvAvDnsComputerName, + MsvAvDnsDomainName, + MsvAvDnsTreeName, + MsvAvFlags, + MsvAvTimestamp, + MsvAvRestrictions, + MsvAvTargetName, + MsvAvChannelBindings, +}} +STRUCT!{struct MSV1_0_AV_PAIR { + AvId: USHORT, + AvLen: USHORT, +}} +pub type PMSV1_0_AV_PAIR = *mut MSV1_0_AV_PAIR; +ENUM!{enum MSV1_0_PROTOCOL_MESSAGE_TYPE { + MsV1_0Lm20ChallengeRequest = 0, + MsV1_0Lm20GetChallengeResponse, + MsV1_0EnumerateUsers, + MsV1_0GetUserInfo, + MsV1_0ReLogonUsers, + MsV1_0ChangePassword, + MsV1_0ChangeCachedPassword, + MsV1_0GenericPassthrough, + MsV1_0CacheLogon, + MsV1_0SubAuth, + MsV1_0DeriveCredential, + MsV1_0CacheLookup, + MsV1_0SetProcessOption, + MsV1_0ConfigLocalAliases, + MsV1_0ClearCachedCredentials, + MsV1_0LookupToken, + MsV1_0ValidateAuth, + MsV1_0CacheLookupEx, + MsV1_0GetCredentialKey, + MsV1_0SetThreadOption, +}} +pub type PMSV1_0_PROTOCOL_MESSAGE_TYPE = *mut MSV1_0_PROTOCOL_MESSAGE_TYPE; +STRUCT!{struct MSV1_0_CHANGEPASSWORD_REQUEST { + MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE, + DomainName: UNICODE_STRING, + AccountName: UNICODE_STRING, + OldPassword: UNICODE_STRING, + NewPassword: UNICODE_STRING, + Impersonating: BOOLEAN, +}} +pub type PMSV1_0_CHANGEPASSWORD_REQUEST = *mut MSV1_0_CHANGEPASSWORD_REQUEST; +STRUCT!{struct MSV1_0_CHANGEPASSWORD_RESPONSE { + MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE, + PasswordInfoValid: BOOLEAN, + DomainPasswordInfo: DOMAIN_PASSWORD_INFORMATION, +}} +pub type PMSV1_0_CHANGEPASSWORD_RESPONSE = *mut MSV1_0_CHANGEPASSWORD_RESPONSE; +STRUCT!{struct MSV1_0_PASSTHROUGH_REQUEST { + MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE, + DomainName: UNICODE_STRING, + PackageName: UNICODE_STRING, + DataLength: ULONG, + LogonData: PUCHAR, + Pad: ULONG, +}} +pub type PMSV1_0_PASSTHROUGH_REQUEST = *mut MSV1_0_PASSTHROUGH_REQUEST; +STRUCT!{struct MSV1_0_PASSTHROUGH_RESPONSE { + MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE, + Pad: ULONG, + DataLength: ULONG, + ValidationData: PUCHAR, +}} +pub type PMSV1_0_PASSTHROUGH_RESPONSE = *mut MSV1_0_PASSTHROUGH_RESPONSE; +STRUCT!{struct MSV1_0_SUBAUTH_REQUEST { + MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE, + SubAuthPackageId: ULONG, + SubAuthInfoLength: ULONG, + SubAuthSubmitBuffer: PUCHAR, +}} +pub type PMSV1_0_SUBAUTH_REQUEST = *mut MSV1_0_SUBAUTH_REQUEST; +STRUCT!{struct MSV1_0_SUBAUTH_RESPONSE { + MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE, + SubAuthInfoLength: ULONG, + SubAuthReturnBuffer: PUCHAR, +}} +pub type PMSV1_0_SUBAUTH_RESPONSE = *mut MSV1_0_SUBAUTH_RESPONSE; +pub use self::SystemFunction036 as RtlGenRandom; +pub use self::SystemFunction040 as RtlEncryptMemory; +pub use self::SystemFunction041 as RtlDecryptMemory; +extern "system" { + pub fn SystemFunction036( + RandomBuffer: PVOID, + RandomBufferLength: ULONG, + ) -> BOOLEAN; +} +pub const RTL_ENCRYPT_MEMORY_SIZE: ULONG = 8; +pub const RTL_ENCRYPT_OPTION_CROSS_PROCESS: ULONG = 0x01; +pub const RTL_ENCRYPT_OPTION_SAME_LOGON: ULONG = 0x02; +extern "system" { + pub fn SystemFunction040( + Memory: PVOID, + MemorySize: ULONG, + OptionFlags: ULONG, + ) -> NTSTATUS; + pub fn SystemFunction041( + Memory: PVOID, + MemorySize: ULONG, + OptionFlags: ULONG, + ) -> NTSTATUS; +} +pub const KERBEROS_VERSION: ULONG = 5; +pub const KERBEROS_REVISION: ULONG = 6; +pub const KERB_ETYPE_NULL: LONG = 0; +pub const KERB_ETYPE_DES_CBC_CRC: LONG = 1; +pub const KERB_ETYPE_DES_CBC_MD4: LONG = 2; +pub const KERB_ETYPE_DES_CBC_MD5: LONG = 3; +pub const KERB_ETYPE_AES128_CTS_HMAC_SHA1_96: LONG = 17; +pub const KERB_ETYPE_AES256_CTS_HMAC_SHA1_96: LONG = 18; +pub const KERB_ETYPE_RC4_MD4: LONG = -128; +pub const KERB_ETYPE_RC4_PLAIN2: LONG = -129; +pub const KERB_ETYPE_RC4_LM: LONG = -130; +pub const KERB_ETYPE_RC4_SHA: LONG = -131; +pub const KERB_ETYPE_DES_PLAIN: LONG = -132; +pub const KERB_ETYPE_RC4_HMAC_OLD: LONG = -133; +pub const KERB_ETYPE_RC4_PLAIN_OLD: LONG = -134; +pub const KERB_ETYPE_RC4_HMAC_OLD_EXP: LONG = -135; +pub const KERB_ETYPE_RC4_PLAIN_OLD_EXP: LONG = -136; +pub const KERB_ETYPE_RC4_PLAIN: LONG = -140; +pub const KERB_ETYPE_RC4_PLAIN_EXP: LONG = -141; +pub const KERB_ETYPE_AES128_CTS_HMAC_SHA1_96_PLAIN: LONG = -148; +pub const KERB_ETYPE_AES256_CTS_HMAC_SHA1_96_PLAIN: LONG = -149; +pub const KERB_ETYPE_DSA_SHA1_CMS: LONG = 9; +pub const KERB_ETYPE_RSA_MD5_CMS: LONG = 10; +pub const KERB_ETYPE_RSA_SHA1_CMS: LONG = 11; +pub const KERB_ETYPE_RC2_CBC_ENV: LONG = 12; +pub const KERB_ETYPE_RSA_ENV: LONG = 13; +pub const KERB_ETYPE_RSA_ES_OEAP_ENV: LONG = 14; +pub const KERB_ETYPE_DES_EDE3_CBC_ENV: LONG = 15; +pub const KERB_ETYPE_DSA_SIGN: LONG = 8; +pub const KERB_ETYPE_RSA_PRIV: LONG = 9; +pub const KERB_ETYPE_RSA_PUB: LONG = 10; +pub const KERB_ETYPE_RSA_PUB_MD5: LONG = 11; +pub const KERB_ETYPE_RSA_PUB_SHA1: LONG = 12; +pub const KERB_ETYPE_PKCS7_PUB: LONG = 13; +pub const KERB_ETYPE_DES3_CBC_MD5: LONG = 5; +pub const KERB_ETYPE_DES3_CBC_SHA1: LONG = 7; +pub const KERB_ETYPE_DES3_CBC_SHA1_KD: LONG = 16; +pub const KERB_ETYPE_DES_CBC_MD5_NT: LONG = 20; +pub const KERB_ETYPE_RC4_HMAC_NT: LONG = 23; +pub const KERB_ETYPE_RC4_HMAC_NT_EXP: LONG = 24; +pub const KERB_CHECKSUM_NONE: LONG = 0; +pub const KERB_CHECKSUM_CRC32: LONG = 1; +pub const KERB_CHECKSUM_MD4: LONG = 2; +pub const KERB_CHECKSUM_KRB_DES_MAC: LONG = 4; +pub const KERB_CHECKSUM_KRB_DES_MAC_K: LONG = 5; +pub const KERB_CHECKSUM_MD5: LONG = 7; +pub const KERB_CHECKSUM_MD5_DES: LONG = 8; +pub const KERB_CHECKSUM_SHA1_NEW: LONG = 14; +pub const KERB_CHECKSUM_HMAC_SHA1_96_AES128: LONG = 15; +pub const KERB_CHECKSUM_HMAC_SHA1_96_AES256: LONG = 16; +pub const KERB_CHECKSUM_LM: LONG = -130; +pub const KERB_CHECKSUM_SHA1: LONG = -131; +pub const KERB_CHECKSUM_REAL_CRC32: LONG = -132; +pub const KERB_CHECKSUM_DES_MAC: LONG = -133; +pub const KERB_CHECKSUM_DES_MAC_MD5: LONG = -134; +pub const KERB_CHECKSUM_MD25: LONG = -135; +pub const KERB_CHECKSUM_RC4_MD5: LONG = -136; +pub const KERB_CHECKSUM_MD5_HMAC: LONG = -137; +pub const KERB_CHECKSUM_HMAC_MD5: LONG = -138; +pub const KERB_CHECKSUM_HMAC_SHA1_96_AES128_Ki: LONG = -150; +pub const KERB_CHECKSUM_HMAC_SHA1_96_AES256_Ki: LONG = -151; +pub const KERB_TICKET_FLAGS_reserved: ULONG = 0x80000000; +pub const KERB_TICKET_FLAGS_forwardable: ULONG = 0x40000000; +pub const KERB_TICKET_FLAGS_forwarded: ULONG = 0x20000000; +pub const KERB_TICKET_FLAGS_proxiable: ULONG = 0x10000000; +pub const KERB_TICKET_FLAGS_proxy: ULONG = 0x08000000; +pub const KERB_TICKET_FLAGS_may_postdate: ULONG = 0x04000000; +pub const KERB_TICKET_FLAGS_postdated: ULONG = 0x02000000; +pub const KERB_TICKET_FLAGS_invalid: ULONG = 0x01000000; +pub const KERB_TICKET_FLAGS_renewable: ULONG = 0x00800000; +pub const KERB_TICKET_FLAGS_initial: ULONG = 0x00400000; +pub const KERB_TICKET_FLAGS_pre_authent: ULONG = 0x00200000; +pub const KERB_TICKET_FLAGS_hw_authent: ULONG = 0x00100000; +pub const KERB_TICKET_FLAGS_ok_as_delegate: ULONG = 0x00040000; +pub const KERB_TICKET_FLAGS_name_canonicalize: ULONG = 0x00010000; +pub const KERB_TICKET_FLAGS_cname_in_pa_data: ULONG = 0x00040000; +pub const KERB_TICKET_FLAGS_enc_pa_rep: ULONG = 0x00010000; +pub const KERB_TICKET_FLAGS_reserved1: ULONG = 0x00000001; +pub const KRB_NT_UNKNOWN: LONG = 0; +pub const KRB_NT_PRINCIPAL: LONG = 1; +pub const KRB_NT_PRINCIPAL_AND_ID: LONG = -131; +pub const KRB_NT_SRV_INST: LONG = 2; +pub const KRB_NT_SRV_INST_AND_ID: LONG = -132; +pub const KRB_NT_SRV_HST: LONG = 3; +pub const KRB_NT_SRV_XHST: LONG = 4; +pub const KRB_NT_UID: LONG = 5; +pub const KRB_NT_ENTERPRISE_PRINCIPAL: LONG = 10; +pub const KRB_NT_WELLKNOWN: LONG = 11; +pub const KRB_NT_ENT_PRINCIPAL_AND_ID: LONG = -130; +pub const KRB_NT_MS_PRINCIPAL: LONG = -128; +pub const KRB_NT_MS_PRINCIPAL_AND_ID: LONG = -129; +pub const KRB_NT_MS_BRANCH_ID: LONG = -133; +pub const KRB_NT_X500_PRINCIPAL: LONG = 6; +pub const KERB_WRAP_NO_ENCRYPT: ULONG = 0x80000001; +ENUM!{enum KERB_LOGON_SUBMIT_TYPE { + KerbInteractiveLogon = 2, + KerbSmartCardLogon = 6, + KerbWorkstationUnlockLogon = 7, + KerbSmartCardUnlockLogon = 8, + KerbProxyLogon = 9, + KerbTicketLogon = 10, + KerbTicketUnlockLogon = 11, + KerbS4ULogon = 12, + KerbCertificateLogon = 13, + KerbCertificateS4ULogon = 14, + KerbCertificateUnlockLogon = 15, + KerbNoElevationLogon = 83, + KerbLuidLogon = 84, +}} +pub type PKERB_LOGON_SUBMIT_TYPE = *mut KERB_LOGON_SUBMIT_TYPE; +STRUCT!{struct KERB_INTERACTIVE_LOGON { + MessageType: KERB_LOGON_SUBMIT_TYPE, + LogonDomainName: UNICODE_STRING, + UserName: UNICODE_STRING, + Password: UNICODE_STRING, +}} +pub type PKERB_INTERACTIVE_LOGON = *mut KERB_INTERACTIVE_LOGON; +STRUCT!{struct KERB_INTERACTIVE_UNLOCK_LOGON { + Logon: KERB_INTERACTIVE_LOGON, + LogonId: LUID, +}} +pub type PKERB_INTERACTIVE_UNLOCK_LOGON = *mut KERB_INTERACTIVE_UNLOCK_LOGON; +STRUCT!{struct KERB_SMART_CARD_LOGON { + MessageType: KERB_LOGON_SUBMIT_TYPE, + Pin: UNICODE_STRING, + CspDataLength: ULONG, + CspData: PUCHAR, +}} +pub type PKERB_SMART_CARD_LOGON = *mut KERB_SMART_CARD_LOGON; +STRUCT!{struct KERB_SMART_CARD_UNLOCK_LOGON { + Logon: KERB_SMART_CARD_LOGON, + LogonId: LUID, +}} +pub type PKERB_SMART_CARD_UNLOCK_LOGON = *mut KERB_SMART_CARD_UNLOCK_LOGON; +pub const KERB_CERTIFICATE_LOGON_FLAG_CHECK_DUPLICATES: ULONG = 0x1; +pub const KERB_CERTIFICATE_LOGON_FLAG_USE_CERTIFICATE_INFO: ULONG = 0x2; +STRUCT!{struct KERB_CERTIFICATE_LOGON { + MessageType: KERB_LOGON_SUBMIT_TYPE, + DomainName: UNICODE_STRING, + UserName: UNICODE_STRING, + Pin: UNICODE_STRING, + Flags: ULONG, + CspDataLength: ULONG, + CspData: PUCHAR, +}} +pub type PKERB_CERTIFICATE_LOGON = *mut KERB_CERTIFICATE_LOGON; +STRUCT!{struct KERB_CERTIFICATE_UNLOCK_LOGON { + Logon: KERB_CERTIFICATE_LOGON, + LogonId: LUID, +}} +pub type PKERB_CERTIFICATE_UNLOCK_LOGON = *mut KERB_CERTIFICATE_UNLOCK_LOGON; +pub const KERB_CERTIFICATE_S4U_LOGON_FLAG_CHECK_DUPLICATES: ULONG = 0x1; +pub const KERB_CERTIFICATE_S4U_LOGON_FLAG_CHECK_LOGONHOURS: ULONG = 0x2; +pub const KERB_CERTIFICATE_S4U_LOGON_FLAG_FAIL_IF_NT_AUTH_POLICY_REQUIRED: ULONG = 0x4; +pub const KERB_CERTIFICATE_S4U_LOGON_FLAG_IDENTIFY: ULONG = 0x8; +STRUCT!{struct KERB_CERTIFICATE_S4U_LOGON { + MessageType: KERB_LOGON_SUBMIT_TYPE, + Flags: ULONG, + UserPrincipalName: UNICODE_STRING, + DomainName: UNICODE_STRING, + CertificateLength: ULONG, + Certificate: PUCHAR, +}} +pub type PKERB_CERTIFICATE_S4U_LOGON = *mut KERB_CERTIFICATE_S4U_LOGON; +STRUCT!{struct KERB_TICKET_LOGON { + MessageType: KERB_LOGON_SUBMIT_TYPE, + Flags: ULONG, + ServiceTicketLength: ULONG, + TicketGrantingTicketLength: ULONG, + ServiceTicket: PUCHAR, + TicketGrantingTicket: PUCHAR, +}} +pub type PKERB_TICKET_LOGON = *mut KERB_TICKET_LOGON; +STRUCT!{struct KERB_TICKET_UNLOCK_LOGON { + Logon: KERB_TICKET_LOGON, + LogonId: LUID, +}} +pub type PKERB_TICKET_UNLOCK_LOGON = *mut KERB_TICKET_UNLOCK_LOGON; +pub const KERB_S4U_LOGON_FLAG_CHECK_LOGONHOURS: ULONG = 0x2; +pub const KERB_S4U_LOGON_FLAG_IDENTIFY: ULONG = 0x8; +STRUCT!{struct KERB_S4U_LOGON { + MessageType: KERB_LOGON_SUBMIT_TYPE, + Flags: ULONG, + ClientUpn: UNICODE_STRING, + ClientRealm: UNICODE_STRING, +}} +pub type PKERB_S4U_LOGON = *mut KERB_S4U_LOGON; +ENUM!{enum KERB_PROFILE_BUFFER_TYPE { + KerbInteractiveProfile = 2, + KerbSmartCardProfile = 4, + KerbTicketProfile = 6, +}} +pub type PKERB_PROFILE_BUFFER_TYPE = *mut KERB_PROFILE_BUFFER_TYPE; +STRUCT!{struct KERB_INTERACTIVE_PROFILE { + MessageType: KERB_PROFILE_BUFFER_TYPE, + LogonCount: USHORT, + BadPasswordCount: USHORT, + LogonTime: LARGE_INTEGER, + LogoffTime: LARGE_INTEGER, + KickOffTime: LARGE_INTEGER, + PasswordLastSet: LARGE_INTEGER, + PasswordCanChange: LARGE_INTEGER, + PasswordMustChange: LARGE_INTEGER, + LogonScript: UNICODE_STRING, + HomeDirectory: UNICODE_STRING, + FullName: UNICODE_STRING, + ProfilePath: UNICODE_STRING, + HomeDirectoryDrive: UNICODE_STRING, + LogonServer: UNICODE_STRING, + UserFlags: ULONG, +}} +pub type PKERB_INTERACTIVE_PROFILE = *mut KERB_INTERACTIVE_PROFILE; +STRUCT!{struct KERB_SMART_CARD_PROFILE { + Profile: KERB_INTERACTIVE_PROFILE, + CertificateSize: ULONG, + CertificateData: PUCHAR, +}} +pub type PKERB_SMART_CARD_PROFILE = *mut KERB_SMART_CARD_PROFILE; +STRUCT!{struct KERB_CRYPTO_KEY { + KeyType: LONG, + Length: ULONG, + Value: PUCHAR, +}} +pub type PKERB_CRYPTO_KEY = *mut KERB_CRYPTO_KEY; +STRUCT!{struct KERB_CRYPTO_KEY32 { + KeyType: LONG, + Length: ULONG, + Offset: ULONG, +}} +pub type PKERB_CRYPTO_KEY32 = *mut KERB_CRYPTO_KEY32; +STRUCT!{struct KERB_TICKET_PROFILE { + Profile: KERB_INTERACTIVE_PROFILE, + SessionKey: KERB_CRYPTO_KEY, +}} +pub type PKERB_TICKET_PROFILE = *mut KERB_TICKET_PROFILE; +ENUM!{enum KERB_PROTOCOL_MESSAGE_TYPE { + KerbDebugRequestMessage = 0, + KerbQueryTicketCacheMessage, + KerbChangeMachinePasswordMessage, + KerbVerifyPacMessage, + KerbRetrieveTicketMessage, + KerbUpdateAddressesMessage, + KerbPurgeTicketCacheMessage, + KerbChangePasswordMessage, + KerbRetrieveEncodedTicketMessage, + KerbDecryptDataMessage, + KerbAddBindingCacheEntryMessage, + KerbSetPasswordMessage, + KerbSetPasswordExMessage, + KerbVerifyCredentialsMessage, + KerbQueryTicketCacheExMessage, + KerbPurgeTicketCacheExMessage, + KerbRefreshSmartcardCredentialsMessage, + KerbAddExtraCredentialsMessage, + KerbQuerySupplementalCredentialsMessage, + KerbTransferCredentialsMessage, + KerbQueryTicketCacheEx2Message, + KerbSubmitTicketMessage, + KerbAddExtraCredentialsExMessage, + KerbQueryKdcProxyCacheMessage, + KerbPurgeKdcProxyCacheMessage, + KerbQueryTicketCacheEx3Message, + KerbCleanupMachinePkinitCredsMessage, + KerbAddBindingCacheEntryExMessage, + KerbQueryBindingCacheMessage, + KerbPurgeBindingCacheMessage, + KerbPinKdcMessage, + KerbUnpinAllKdcsMessage, + KerbQueryDomainExtendedPoliciesMessage, + KerbQueryS4U2ProxyCacheMessage, +}} +pub type PKERB_PROTOCOL_MESSAGE_TYPE = *mut KERB_PROTOCOL_MESSAGE_TYPE; +STRUCT!{struct KERB_QUERY_TKT_CACHE_REQUEST { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + LogonId: LUID, +}} +pub type PKERB_QUERY_TKT_CACHE_REQUEST = *mut KERB_QUERY_TKT_CACHE_REQUEST; +STRUCT!{struct KERB_TICKET_CACHE_INFO { + ServerName: UNICODE_STRING, + RealmName: UNICODE_STRING, + StartTime: LARGE_INTEGER, + EndTime: LARGE_INTEGER, + RenewTime: LARGE_INTEGER, + EncryptionType: LONG, + TicketFlags: ULONG, +}} +pub type PKERB_TICKET_CACHE_INFO = *mut KERB_TICKET_CACHE_INFO; +STRUCT!{struct KERB_TICKET_CACHE_INFO_EX { + ClientName: UNICODE_STRING, + ClientRealm: UNICODE_STRING, + ServerName: UNICODE_STRING, + ServerRealm: UNICODE_STRING, + StartTime: LARGE_INTEGER, + EndTime: LARGE_INTEGER, + RenewTime: LARGE_INTEGER, + EncryptionType: LONG, + TicketFlags: ULONG, +}} +pub type PKERB_TICKET_CACHE_INFO_EX = *mut KERB_TICKET_CACHE_INFO_EX; +STRUCT!{struct KERB_TICKET_CACHE_INFO_EX2 { + ClientName: UNICODE_STRING, + ClientRealm: UNICODE_STRING, + ServerName: UNICODE_STRING, + ServerRealm: UNICODE_STRING, + StartTime: LARGE_INTEGER, + EndTime: LARGE_INTEGER, + RenewTime: LARGE_INTEGER, + EncryptionType: LONG, + TicketFlags: ULONG, + SessionKeyType: ULONG, + BranchId: ULONG, +}} +pub type PKERB_TICKET_CACHE_INFO_EX2 = *mut KERB_TICKET_CACHE_INFO_EX2; +STRUCT!{struct KERB_TICKET_CACHE_INFO_EX3 { + ClientName: UNICODE_STRING, + ClientRealm: UNICODE_STRING, + ServerName: UNICODE_STRING, + ServerRealm: UNICODE_STRING, + StartTime: LARGE_INTEGER, + EndTime: LARGE_INTEGER, + RenewTime: LARGE_INTEGER, + EncryptionType: LONG, + TicketFlags: ULONG, + SessionKeyType: ULONG, + BranchId: ULONG, + CacheFlags: ULONG, + KdcCalled: UNICODE_STRING, +}} +pub type PKERB_TICKET_CACHE_INFO_EX3 = *mut KERB_TICKET_CACHE_INFO_EX3; +STRUCT!{struct KERB_QUERY_TKT_CACHE_RESPONSE { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + CountOfTickets: ULONG, + Tickets: [KERB_TICKET_CACHE_INFO; ANYSIZE_ARRAY], +}} +pub type PKERB_QUERY_TKT_CACHE_RESPONSE = *mut KERB_QUERY_TKT_CACHE_RESPONSE; +STRUCT!{struct KERB_QUERY_TKT_CACHE_EX_RESPONSE { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + CountOfTickets: ULONG, + Tickets: [KERB_TICKET_CACHE_INFO_EX; ANYSIZE_ARRAY], +}} +pub type PKERB_QUERY_TKT_CACHE_EX_RESPONSE = *mut KERB_QUERY_TKT_CACHE_EX_RESPONSE; +STRUCT!{struct KERB_QUERY_TKT_CACHE_EX2_RESPONSE { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + CountOfTickets: ULONG, + Tickets: [KERB_TICKET_CACHE_INFO_EX2; ANYSIZE_ARRAY], +}} +pub type PKERB_QUERY_TKT_CACHE_EX2_RESPONSE = *mut KERB_QUERY_TKT_CACHE_EX2_RESPONSE; +STRUCT!{struct KERB_QUERY_TKT_CACHE_EX3_RESPONSE { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + CountOfTickets: ULONG, + Tickets: [KERB_TICKET_CACHE_INFO_EX3; ANYSIZE_ARRAY], +}} +pub type PKERB_QUERY_TKT_CACHE_EX3_RESPONSE = *mut KERB_QUERY_TKT_CACHE_EX3_RESPONSE; +pub const KERB_USE_DEFAULT_TICKET_FLAGS: ULONG = 0x0; +pub const KERB_RETRIEVE_TICKET_DEFAULT: ULONG = 0x0; +pub const KERB_RETRIEVE_TICKET_DONT_USE_CACHE: ULONG = 0x1; +pub const KERB_RETRIEVE_TICKET_USE_CACHE_ONLY: ULONG = 0x2; +pub const KERB_RETRIEVE_TICKET_USE_CREDHANDLE: ULONG = 0x4; +pub const KERB_RETRIEVE_TICKET_AS_KERB_CRED: ULONG = 0x8; +pub const KERB_RETRIEVE_TICKET_WITH_SEC_CRED: ULONG = 0x10; +pub const KERB_RETRIEVE_TICKET_CACHE_TICKET: ULONG = 0x20; +pub const KERB_RETRIEVE_TICKET_MAX_LIFETIME: ULONG = 0x40; +STRUCT!{struct KERB_AUTH_DATA { + Type: ULONG, + Length: ULONG, + Data: PUCHAR, +}} +pub type PKERB_AUTH_DATA = *mut KERB_AUTH_DATA; +STRUCT!{struct KERB_NET_ADDRESS { + Family: ULONG, + Length: ULONG, + Address: PUCHAR, +}} +pub type PKERB_NET_ADDRESS = *mut KERB_NET_ADDRESS; +STRUCT!{struct KERB_NET_ADDRESSES { + Number: ULONG, + Addresses: [KERB_NET_ADDRESS; ANYSIZE_ARRAY], +}} +pub type PKERB_NET_ADDRESSES = *mut KERB_NET_ADDRESSES; +STRUCT!{struct KERB_EXTERNAL_NAME { + NameType: SHORT, + NameCount: USHORT, + Names: [UNICODE_STRING; ANYSIZE_ARRAY], +}} +pub type PKERB_EXTERNAL_NAME = *mut KERB_EXTERNAL_NAME; +STRUCT!{struct KERB_EXTERNAL_TICKET { + ServiceName: PKERB_EXTERNAL_NAME, + TargetName: PKERB_EXTERNAL_NAME, + ClientName: PKERB_EXTERNAL_NAME, + DomainName: UNICODE_STRING, + TargetDomainName: UNICODE_STRING, + AltTargetDomainName: UNICODE_STRING, + SessionKey: KERB_CRYPTO_KEY, + TicketFlags: ULONG, + Flags: ULONG, + KeyExpirationTime: LARGE_INTEGER, + StartTime: LARGE_INTEGER, + EndTime: LARGE_INTEGER, + RenewUntil: LARGE_INTEGER, + TimeSkew: LARGE_INTEGER, + EncodedTicketSize: ULONG, + EncodedTicket: PUCHAR, +}} +pub type PKERB_EXTERNAL_TICKET = *mut KERB_EXTERNAL_TICKET; +STRUCT!{struct KERB_RETRIEVE_TKT_REQUEST { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + LogonId: LUID, + TargetName: UNICODE_STRING, + TicketFlags: ULONG, + CacheOptions: ULONG, + EncryptionType: LONG, + CredentialsHandle: SecHandle, +}} +pub type PKERB_RETRIEVE_TKT_REQUEST = *mut KERB_RETRIEVE_TKT_REQUEST; +STRUCT!{struct KERB_RETRIEVE_TKT_RESPONSE { + Ticket: KERB_EXTERNAL_TICKET, +}} +pub type PKERB_RETRIEVE_TKT_RESPONSE = *mut KERB_RETRIEVE_TKT_RESPONSE; +STRUCT!{struct KERB_PURGE_TKT_CACHE_REQUEST { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + LogonId: LUID, + ServerName: UNICODE_STRING, + RealmName: UNICODE_STRING, +}} +pub type PKERB_PURGE_TKT_CACHE_REQUEST = *mut KERB_PURGE_TKT_CACHE_REQUEST; +pub const KERB_PURGE_ALL_TICKETS: ULONG = 1; +STRUCT!{struct KERB_PURGE_TKT_CACHE_EX_REQUEST { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + LogonId: LUID, + Flags: ULONG, + TicketTemplate: KERB_TICKET_CACHE_INFO_EX, +}} +pub type PKERB_PURGE_TKT_CACHE_EX_REQUEST = *mut KERB_PURGE_TKT_CACHE_EX_REQUEST; +STRUCT!{struct KERB_SUBMIT_TKT_REQUEST { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + LogonId: LUID, + Flags: ULONG, + Key: KERB_CRYPTO_KEY32, + KerbCredSize: ULONG, + KerbCredOffset: ULONG, +}} +pub type PKERB_SUBMIT_TKT_REQUEST = *mut KERB_SUBMIT_TKT_REQUEST; +STRUCT!{struct KERB_QUERY_KDC_PROXY_CACHE_REQUEST { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + Flags: ULONG, + LogonId: LUID, +}} +pub type PKERB_QUERY_KDC_PROXY_CACHE_REQUEST = *mut KERB_QUERY_KDC_PROXY_CACHE_REQUEST; +STRUCT!{struct KDC_PROXY_CACHE_ENTRY_DATA { + SinceLastUsed: ULONG64, + DomainName: UNICODE_STRING, + ProxyServerName: UNICODE_STRING, + ProxyServerVdir: UNICODE_STRING, + ProxyServerPort: USHORT, + LogonId: LUID, + CredUserName: UNICODE_STRING, + CredDomainName: UNICODE_STRING, + GlobalCache: BOOLEAN, +}} +pub type PKDC_PROXY_CACHE_ENTRY_DATA = *mut KDC_PROXY_CACHE_ENTRY_DATA; +STRUCT!{struct KERB_QUERY_KDC_PROXY_CACHE_RESPONSE { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + CountOfEntries: ULONG, + Entries: PKDC_PROXY_CACHE_ENTRY_DATA, +}} +pub type PKERB_QUERY_KDC_PROXY_CACHE_RESPONSE = *mut KERB_QUERY_KDC_PROXY_CACHE_RESPONSE; +STRUCT!{struct KERB_PURGE_KDC_PROXY_CACHE_REQUEST { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + Flags: ULONG, + LogonId: LUID, +}} +pub type PKERB_PURGE_KDC_PROXY_CACHE_REQUEST = *mut KERB_PURGE_KDC_PROXY_CACHE_REQUEST; +STRUCT!{struct KERB_PURGE_KDC_PROXY_CACHE_RESPONSE { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + CountOfPurged: ULONG, +}} +pub type PKERB_PURGE_KDC_PROXY_CACHE_RESPONSE = *mut KERB_PURGE_KDC_PROXY_CACHE_RESPONSE; +pub const KERB_S4U2PROXY_CACHE_ENTRY_INFO_FLAG_NEGATIVE: ULONG = 0x1; +STRUCT!{struct KERB_S4U2PROXY_CACHE_ENTRY_INFO { + ServerName: UNICODE_STRING, + Flags: ULONG, + LastStatus: NTSTATUS, + Expiry: LARGE_INTEGER, +}} +pub type PKERB_S4U2PROXY_CACHE_ENTRY_INFO = *mut KERB_S4U2PROXY_CACHE_ENTRY_INFO; +pub const KERB_S4U2PROXY_CRED_FLAG_NEGATIVE: ULONG = 0x1; +STRUCT!{struct KERB_S4U2PROXY_CRED { + UserName: UNICODE_STRING, + DomainName: UNICODE_STRING, + Flags: ULONG, + LastStatus: NTSTATUS, + Expiry: LARGE_INTEGER, + CountOfEntries: ULONG, + Entries: PKERB_S4U2PROXY_CACHE_ENTRY_INFO, +}} +pub type PKERB_S4U2PROXY_CRED = *mut KERB_S4U2PROXY_CRED; +STRUCT!{struct KERB_QUERY_S4U2PROXY_CACHE_REQUEST { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + Flags: ULONG, + LogonId: LUID, +}} +pub type PKERB_QUERY_S4U2PROXY_CACHE_REQUEST = *mut KERB_QUERY_S4U2PROXY_CACHE_REQUEST; +STRUCT!{struct KERB_QUERY_S4U2PROXY_CACHE_RESPONSE { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + CountOfCreds: ULONG, + Creds: PKERB_S4U2PROXY_CRED, +}} +pub type PKERB_QUERY_S4U2PROXY_CACHE_RESPONSE = *mut KERB_QUERY_S4U2PROXY_CACHE_RESPONSE; +STRUCT!{struct KERB_CHANGEPASSWORD_REQUEST { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + DomainName: UNICODE_STRING, + AccountName: UNICODE_STRING, + OldPassword: UNICODE_STRING, + NewPassword: UNICODE_STRING, + Impersonating: BOOLEAN, +}} +pub type PKERB_CHANGEPASSWORD_REQUEST = *mut KERB_CHANGEPASSWORD_REQUEST; +STRUCT!{struct KERB_SETPASSWORD_REQUEST { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + LogonId: LUID, + CredentialsHandle: SecHandle, + Flags: ULONG, + DomainName: UNICODE_STRING, + AccountName: UNICODE_STRING, + Password: UNICODE_STRING, +}} +pub type PKERB_SETPASSWORD_REQUEST = *mut KERB_SETPASSWORD_REQUEST; +STRUCT!{struct KERB_SETPASSWORD_EX_REQUEST { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + LogonId: LUID, + CredentialsHandle: SecHandle, + Flags: ULONG, + AccountRealm: UNICODE_STRING, + AccountName: UNICODE_STRING, + Password: UNICODE_STRING, + ClientRealm: UNICODE_STRING, + ClientName: UNICODE_STRING, + Impersonating: BOOLEAN, + KdcAddress: UNICODE_STRING, + KdcAddressType: ULONG, +}} +pub type PKERB_SETPASSWORD_EX_REQUEST = *mut KERB_SETPASSWORD_EX_REQUEST; +pub const DS_UNKNOWN_ADDRESS_TYPE: ULONG = 0; +pub const KERB_SETPASS_USE_LOGONID: ULONG = 1; +pub const KERB_SETPASS_USE_CREDHANDLE: ULONG = 2; +STRUCT!{struct KERB_DECRYPT_REQUEST { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + LogonId: LUID, + Flags: ULONG, + CryptoType: LONG, + KeyUsage: LONG, + Key: KERB_CRYPTO_KEY, + EncryptedDataSize: ULONG, + InitialVectorSize: ULONG, + InitialVector: PUCHAR, + EncryptedData: PUCHAR, +}} +pub type PKERB_DECRYPT_REQUEST = *mut KERB_DECRYPT_REQUEST; +pub const KERB_DECRYPT_FLAG_DEFAULT_KEY: ULONG = 0x00000001; +STRUCT!{struct KERB_DECRYPT_RESPONSE { + DecryptedData: [UCHAR; ANYSIZE_ARRAY], +}} +pub type PKERB_DECRYPT_RESPONSE = *mut KERB_DECRYPT_RESPONSE; +STRUCT!{struct KERB_ADD_BINDING_CACHE_ENTRY_REQUEST { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + RealmName: UNICODE_STRING, + KdcAddress: UNICODE_STRING, + AddressType: ULONG, +}} +pub type PKERB_ADD_BINDING_CACHE_ENTRY_REQUEST = *mut KERB_ADD_BINDING_CACHE_ENTRY_REQUEST; +STRUCT!{struct KERB_REFRESH_SCCRED_REQUEST { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + CredentialBlob: UNICODE_STRING, + LogonId: LUID, + Flags: ULONG, +}} +pub type PKERB_REFRESH_SCCRED_REQUEST = *mut KERB_REFRESH_SCCRED_REQUEST; +pub const KERB_REFRESH_SCCRED_RELEASE: ULONG = 0x0; +pub const KERB_REFRESH_SCCRED_GETTGT: ULONG = 0x1; +STRUCT!{struct KERB_ADD_CREDENTIALS_REQUEST { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + UserName: UNICODE_STRING, + DomainName: UNICODE_STRING, + Password: UNICODE_STRING, + LogonId: LUID, + Flags: ULONG, +}} +pub type PKERB_ADD_CREDENTIALS_REQUEST = *mut KERB_ADD_CREDENTIALS_REQUEST; +pub const KERB_REQUEST_ADD_CREDENTIAL: ULONG = 1; +pub const KERB_REQUEST_REPLACE_CREDENTIAL: ULONG = 2; +pub const KERB_REQUEST_REMOVE_CREDENTIAL: ULONG = 4; +STRUCT!{struct KERB_ADD_CREDENTIALS_REQUEST_EX { + Credentials: KERB_ADD_CREDENTIALS_REQUEST, + PrincipalNameCount: ULONG, + PrincipalNames: [UNICODE_STRING; ANYSIZE_ARRAY], +}} +pub type PKERB_ADD_CREDENTIALS_REQUEST_EX = *mut KERB_ADD_CREDENTIALS_REQUEST_EX; +STRUCT!{struct KERB_TRANSFER_CRED_REQUEST { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + OriginLogonId: LUID, + DestinationLogonId: LUID, + Flags: ULONG, +}} +pub type PKERB_TRANSFER_CRED_REQUEST = *mut KERB_TRANSFER_CRED_REQUEST; +pub const KERB_TRANSFER_CRED_WITH_TICKETS: ULONG = 0x1; +pub const KERB_TRANSFER_CRED_CLEANUP_CREDENTIALS: ULONG = 0x2; +STRUCT!{struct KERB_CLEANUP_MACHINE_PKINIT_CREDS_REQUEST { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + LogonId: LUID, +}} +pub type PKERB_CLEANUP_MACHINE_PKINIT_CREDS_REQUEST = + *mut KERB_CLEANUP_MACHINE_PKINIT_CREDS_REQUEST; +STRUCT!{struct KERB_BINDING_CACHE_ENTRY_DATA { + DiscoveryTime: ULONG64, + RealmName: UNICODE_STRING, + KdcAddress: UNICODE_STRING, + AddressType: ULONG, + Flags: ULONG, + DcFlags: ULONG, + CacheFlags: ULONG, + KdcName: UNICODE_STRING, +}} +pub type PKERB_BINDING_CACHE_ENTRY_DATA = *mut KERB_BINDING_CACHE_ENTRY_DATA; +STRUCT!{struct KERB_QUERY_BINDING_CACHE_RESPONSE { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + CountOfEntries: ULONG, + Entries: PKERB_BINDING_CACHE_ENTRY_DATA, +}} +pub type PKERB_QUERY_BINDING_CACHE_RESPONSE = *mut KERB_QUERY_BINDING_CACHE_RESPONSE; +STRUCT!{struct KERB_ADD_BINDING_CACHE_ENTRY_EX_REQUEST { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + RealmName: UNICODE_STRING, + KdcAddress: UNICODE_STRING, + AddressType: ULONG, + DcFlags: ULONG, +}} +pub type PKERB_ADD_BINDING_CACHE_ENTRY_EX_REQUEST = *mut KERB_ADD_BINDING_CACHE_ENTRY_EX_REQUEST; +STRUCT!{struct KERB_QUERY_BINDING_CACHE_REQUEST { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, +}} +pub type PKERB_QUERY_BINDING_CACHE_REQUEST = *mut KERB_QUERY_BINDING_CACHE_REQUEST; +STRUCT!{struct KERB_PURGE_BINDING_CACHE_REQUEST { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, +}} +pub type PKERB_PURGE_BINDING_CACHE_REQUEST = *mut KERB_PURGE_BINDING_CACHE_REQUEST; +STRUCT!{struct KERB_QUERY_DOMAIN_EXTENDED_POLICIES_REQUEST { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + Flags: ULONG, + DomainName: UNICODE_STRING, +}} +pub type PKERB_QUERY_DOMAIN_EXTENDED_POLICIES_REQUEST = + *mut KERB_QUERY_DOMAIN_EXTENDED_POLICIES_REQUEST; +STRUCT!{struct KERB_QUERY_DOMAIN_EXTENDED_POLICIES_RESPONSE { + MessageType: KERB_PROTOCOL_MESSAGE_TYPE, + Flags: ULONG, + ExtendedPolicies: ULONG, + DsFlags: ULONG, +}} +pub type PKERB_QUERY_DOMAIN_EXTENDED_POLICIES_RESPONSE = + *mut KERB_QUERY_DOMAIN_EXTENDED_POLICIES_RESPONSE; +ENUM!{enum KERB_CERTIFICATE_INFO_TYPE { + CertHashInfo = 1, +}} +pub type PKERB_CERTIFICATE_INFO_TYPE = *mut KERB_CERTIFICATE_INFO_TYPE; +STRUCT!{struct KERB_CERTIFICATE_HASHINFO { + StoreNameLength: USHORT, + HashLength: USHORT, +}} +pub type PKERB_CERTIFICATE_HASHINFO = *mut KERB_CERTIFICATE_HASHINFO; +STRUCT!{struct KERB_CERTIFICATE_INFO { + CertInfoSize: ULONG, + InfoType: ULONG, +}} +pub type PKERB_CERTIFICATE_INFO = *mut KERB_CERTIFICATE_INFO; +STRUCT!{struct POLICY_AUDIT_SID_ARRAY { + UsersCount: ULONG, + UserSidArray: *mut PSID, +}} +pub type PPOLICY_AUDIT_SID_ARRAY = *mut POLICY_AUDIT_SID_ARRAY; +STRUCT!{struct AUDIT_POLICY_INFORMATION { + AuditSubCategoryGuid: GUID, + AuditingInformation: ULONG, + AuditCategoryGuid: GUID, +}} +pub type PAUDIT_POLICY_INFORMATION = *mut AUDIT_POLICY_INFORMATION; +pub type LPAUDIT_POLICY_INFORMATION = PAUDIT_POLICY_INFORMATION; +pub type PCAUDIT_POLICY_INFORMATION = *const AUDIT_POLICY_INFORMATION; +pub const AUDIT_SET_SYSTEM_POLICY: ULONG = 0x0001; +pub const AUDIT_QUERY_SYSTEM_POLICY: ULONG = 0x0002; +pub const AUDIT_SET_USER_POLICY: ULONG = 0x0004; +pub const AUDIT_QUERY_USER_POLICY: ULONG = 0x0008; +pub const AUDIT_ENUMERATE_USERS: ULONG = 0x0010; +pub const AUDIT_SET_MISC_POLICY: ULONG = 0x0020; +pub const AUDIT_QUERY_MISC_POLICY: ULONG = 0x0040; +pub const AUDIT_GENERIC_ALL: ULONG = STANDARD_RIGHTS_REQUIRED | AUDIT_SET_SYSTEM_POLICY + | AUDIT_QUERY_SYSTEM_POLICY | AUDIT_SET_USER_POLICY | AUDIT_QUERY_USER_POLICY + | AUDIT_ENUMERATE_USERS | AUDIT_SET_MISC_POLICY | AUDIT_QUERY_MISC_POLICY; +pub const AUDIT_GENERIC_READ: ULONG = STANDARD_RIGHTS_READ | AUDIT_QUERY_SYSTEM_POLICY + | AUDIT_QUERY_USER_POLICY | AUDIT_ENUMERATE_USERS | AUDIT_QUERY_MISC_POLICY; +pub const AUDIT_GENERIC_WRITE: ULONG = STANDARD_RIGHTS_WRITE | AUDIT_SET_USER_POLICY + | AUDIT_SET_MISC_POLICY | AUDIT_SET_SYSTEM_POLICY; +pub const AUDIT_GENERIC_EXECUTE: ULONG = STANDARD_RIGHTS_EXECUTE; +extern "system" { + pub fn AuditSetSystemPolicy( + pAuditPolicy: PCAUDIT_POLICY_INFORMATION, + PolicyCount: ULONG, + ) -> BOOLEAN; + pub fn AuditSetPerUserPolicy( + pSid: *const SID, + pAuditPolicy: PCAUDIT_POLICY_INFORMATION, + PolicyCount: ULONG, + ) -> BOOLEAN; + pub fn AuditQuerySystemPolicy( + pSubCategoryGuids: *const GUID, + PolicyCount: ULONG, + ppAuditPolicy: *mut PAUDIT_POLICY_INFORMATION, + ) -> BOOLEAN; + pub fn AuditQueryPerUserPolicy( + pSid: *const SID, + pSubCategoryGuids: *const GUID, + PolicyCount: ULONG, + ppAuditPolicy: *mut PAUDIT_POLICY_INFORMATION, + ) -> BOOLEAN; + pub fn AuditEnumeratePerUserPolicy( + ppAuditSidArray: *mut PPOLICY_AUDIT_SID_ARRAY, + ) -> BOOLEAN; + pub fn AuditComputeEffectivePolicyBySid( + pSid: *const SID, + pSubCategoryGuids: *const GUID, + dwPolicyCount: ULONG, + ppAuditPolicy: *mut PAUDIT_POLICY_INFORMATION, + ) -> BOOLEAN; + pub fn AuditComputeEffectivePolicyByToken( + hTokenHandle: HANDLE, + pSubCategoryGuids: *const GUID, + dwPolicyCount: ULONG, + ppAuditPolicy: *mut PAUDIT_POLICY_INFORMATION, + ) -> BOOLEAN; + pub fn AuditEnumerateCategories( + ppAuditCategoriesArray: *mut *mut GUID, + pdwCountReturned: PULONG, + ) -> BOOLEAN; + pub fn AuditEnumerateSubCategories( + pAuditCategoryGuid: *const GUID, + bRetrieveAllSubCategories: BOOLEAN, + ppAuditSubCategoriesArray: *mut *mut GUID, + pdwCountReturned: PULONG, + ) -> BOOLEAN; + pub fn AuditLookupCategoryNameW( + pAuditCategoryGuid: *const GUID, + ppszCategoryName: *mut PWSTR, + ) -> BOOLEAN; + pub fn AuditLookupCategoryNameA( + pAuditCategoryGuid: *const GUID, + ppszCategoryName: *mut PSTR, + ) -> BOOLEAN; + pub fn AuditLookupSubCategoryNameW( + pAuditSubCategoryGuid: *const GUID, + ppszSubCategoryName: *mut PWSTR, + ) -> BOOLEAN; + pub fn AuditLookupSubCategoryNameA( + pAuditSubCategoryGuid: *const GUID, + ppszSubCategoryName: *mut PSTR, + ) -> BOOLEAN; + pub fn AuditLookupCategoryIdFromCategoryGuid( + pAuditCategoryGuid: *const GUID, + pAuditCategoryId: PPOLICY_AUDIT_EVENT_TYPE, + ) -> BOOLEAN; + pub fn AuditLookupCategoryGuidFromCategoryId( + AuditCategoryId: POLICY_AUDIT_EVENT_TYPE, + pAuditCategoryGuid: *mut GUID, + ) -> BOOLEAN; + pub fn AuditSetSecurity( + SecurityInformation: SECURITY_INFORMATION, + pSecurityDescriptor: PSECURITY_DESCRIPTOR, + ) -> BOOLEAN; + pub fn AuditQuerySecurity( + SecurityInformation: SECURITY_INFORMATION, + ppSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, + ) -> BOOLEAN; + pub fn AuditSetGlobalSaclW( + ObjectTypeName: PCWSTR, + Acl: PACL, + ) -> BOOLEAN; + pub fn AuditSetGlobalSaclA( + ObjectTypeName: PCSTR, + Acl: PACL, + ) -> BOOLEAN; + pub fn AuditQueryGlobalSaclW( + ObjectTypeName: PCWSTR, + Acl: *mut PACL, + ) -> BOOLEAN; + pub fn AuditQueryGlobalSaclA( + ObjectTypeName: PCSTR, + Acl: *mut PACL, + ) -> BOOLEAN; + pub fn AuditFree( + Buffer: PVOID, + ); +} +STRUCT!{struct PKU2U_CERT_BLOB { + CertOffset: ULONG, + CertLength: USHORT, +}} +pub type PPKU2U_CERT_BLOB = *mut PKU2U_CERT_BLOB; +pub const PKU2U_CREDUI_CONTEXT_VERSION: ULONG64 = 0x4154414454524543; +STRUCT!{struct PKU2U_CREDUI_CONTEXT { + Version: ULONG64, + cbHeaderLength: USHORT, + cbStructureLength: ULONG, + CertArrayCount: USHORT, + CertArrayOffset: ULONG, +}} +pub type PPKU2U_CREDUI_CONTEXT = *mut PKU2U_CREDUI_CONTEXT; +ENUM!{enum PKU2U_LOGON_SUBMIT_TYPE { + Pku2uCertificateS4ULogon = 14, +}} +pub type PPKU2U_LOGON_SUBMIT_TYPE = *mut PKU2U_LOGON_SUBMIT_TYPE; +STRUCT!{struct PKU2U_CERTIFICATE_S4U_LOGON { + MessageType: PKU2U_LOGON_SUBMIT_TYPE, + Flags: ULONG, + UserPrincipalName: UNICODE_STRING, + DomainName: UNICODE_STRING, + CertificateLength: ULONG, + Certificate: PUCHAR, +}} +pub type PPKU2U_CERTIFICATE_S4U_LOGON = *mut PKU2U_CERTIFICATE_S4U_LOGON; |