winapi_ui_automation/um/
ntlsa.rs

1// Licensed under the Apache License, Version 2.0
2// <LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
3// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
4// All files in the project carrying such notice may not be copied, modified, or distributed
5// except according to those terms.
6use shared::basetsd::{SIZE_T, ULONG_PTR};
7use shared::guiddef::GUID;
8use shared::minwindef::{PUCHAR, PULONG, UCHAR, ULONG, USHORT};
9use shared::ntdef::{NTSTATUS, PNTSTATUS};
10use um::lsalookup::{
11    LSA_TRUST_INFORMATION, LSA_UNICODE_STRING, PLSA_OBJECT_ATTRIBUTES,
12    PLSA_REFERENCED_DOMAIN_LIST, PLSA_STRING, PLSA_TRANSLATED_NAME, PLSA_TRANSLATED_SID2,
13    PLSA_TRUST_INFORMATION, PLSA_UNICODE_STRING,
14};
15use um::ntsecapi::PLSA_HANDLE;
16use um::subauth::{PUNICODE_STRING, UNICODE_STRING};
17use um::winnt::{
18    ACCESS_MASK, ANYSIZE_ARRAY, BOOLEAN, HANDLE, LARGE_INTEGER, LONG, LUID, PBOOLEAN,
19    PCLAIMS_BLOB, PHANDLE, PLARGE_INTEGER, PLUID, PPRIVILEGE_SET, PQUOTA_LIMITS,
20    PSECURITY_DESCRIPTOR, PSHORT, PSID, PTOKEN_GROUPS, PTOKEN_PRIVILEGES, PTOKEN_SOURCE, PVOID,
21    PWSTR, QUOTA_LIMITS, SECURITY_INFORMATION, SID_NAME_USE, STANDARD_RIGHTS_EXECUTE,
22    STANDARD_RIGHTS_READ, STANDARD_RIGHTS_REQUIRED, STANDARD_RIGHTS_WRITE, TOKEN_DEFAULT_DACL,
23    TOKEN_DEVICE_CLAIMS, TOKEN_OWNER, TOKEN_PRIMARY_GROUP, TOKEN_USER, TOKEN_USER_CLAIMS,
24};
25pub type LSA_OPERATIONAL_MODE = ULONG;
26pub type PLSA_OPERATIONAL_MODE = *mut LSA_OPERATIONAL_MODE;
27pub const LSA_MODE_PASSWORD_PROTECTED: ULONG = 0x00000001;
28pub const LSA_MODE_INDIVIDUAL_ACCOUNTS: ULONG = 0x00000002;
29pub const LSA_MODE_MANDATORY_ACCESS: ULONG = 0x00000004;
30pub const LSA_MODE_LOG_FULL: ULONG = 0x00000008;
31pub const LSA_MAXIMUM_SID_COUNT: SIZE_T = 0x00000100;
32pub const LSA_MAXIMUM_ENUMERATION_LENGTH: SIZE_T = 32000;
33pub const LSA_CALL_LICENSE_SERVER: ULONG = 0x80000000;
34ENUM!{enum SECURITY_LOGON_TYPE {
35    UndefinedLogonType = 0,
36    Interactive = 2,
37    Network,
38    Batch,
39    Service,
40    Proxy,
41    Unlock,
42    NetworkCleartext,
43    NewCredentials,
44    RemoteInteractive,
45    CachedInteractive,
46    CachedRemoteInteractive,
47    CachedUnlock,
48}}
49pub type PSECURITY_LOGON_TYPE = *mut SECURITY_LOGON_TYPE;
50pub const SECURITY_ACCESS_INTERACTIVE_LOGON: ULONG = 0x00000001;
51pub const SECURITY_ACCESS_NETWORK_LOGON: ULONG = 0x00000002;
52pub const SECURITY_ACCESS_BATCH_LOGON: ULONG = 0x00000004;
53pub const SECURITY_ACCESS_SERVICE_LOGON: ULONG = 0x00000010;
54pub const SECURITY_ACCESS_PROXY_LOGON: ULONG = 0x00000020;
55pub const SECURITY_ACCESS_DENY_INTERACTIVE_LOGON: ULONG = 0x00000040;
56pub const SECURITY_ACCESS_DENY_NETWORK_LOGON: ULONG = 0x00000080;
57pub const SECURITY_ACCESS_DENY_BATCH_LOGON: ULONG = 0x00000100;
58pub const SECURITY_ACCESS_DENY_SERVICE_LOGON: ULONG = 0x00000200;
59pub const SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON: ULONG = 0x00000400;
60pub const SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON: ULONG = 0x00000800;
61ENUM!{enum SE_ADT_PARAMETER_TYPE {
62    SeAdtParmTypeNone = 0,
63    SeAdtParmTypeString,
64    SeAdtParmTypeFileSpec,
65    SeAdtParmTypeUlong,
66    SeAdtParmTypeSid,
67    SeAdtParmTypeLogonId,
68    SeAdtParmTypeNoLogonId,
69    SeAdtParmTypeAccessMask,
70    SeAdtParmTypePrivs,
71    SeAdtParmTypeObjectTypes,
72    SeAdtParmTypeHexUlong,
73    SeAdtParmTypePtr,
74    SeAdtParmTypeTime,
75    SeAdtParmTypeGuid,
76    SeAdtParmTypeLuid,
77    SeAdtParmTypeHexInt64,
78    SeAdtParmTypeStringList,
79    SeAdtParmTypeSidList,
80    SeAdtParmTypeDuration,
81    SeAdtParmTypeUserAccountControl,
82    SeAdtParmTypeNoUac,
83    SeAdtParmTypeMessage,
84    SeAdtParmTypeDateTime,
85    SeAdtParmTypeSockAddr,
86    SeAdtParmTypeSD,
87    SeAdtParmTypeLogonHours,
88    SeAdtParmTypeLogonIdNoSid,
89    SeAdtParmTypeUlongNoConv,
90    SeAdtParmTypeSockAddrNoPort,
91    SeAdtParmTypeAccessReason,
92    SeAdtParmTypeStagingReason,
93    SeAdtParmTypeResourceAttribute,
94    SeAdtParmTypeClaims,
95    SeAdtParmTypeLogonIdAsSid,
96    SeAdtParmTypeMultiSzString,
97    SeAdtParmTypeLogonIdEx,
98}}
99pub type PSE_ADT_PARAMETER_TYPE = *mut SE_ADT_PARAMETER_TYPE;
100pub const SE_ADT_OBJECT_ONLY: USHORT = 0x1;
101STRUCT!{struct SE_ADT_OBJECT_TYPE {
102    ObjectType: GUID,
103    Flags: USHORT,
104    Level: USHORT,
105    AccessMask: ACCESS_MASK,
106}}
107pub type PSE_ADT_OBJECT_TYPE = *mut SE_ADT_OBJECT_TYPE;
108STRUCT!{struct SE_ADT_PARAMETER_ARRAY_ENTRY {
109    Type: SE_ADT_PARAMETER_TYPE,
110    Length: ULONG,
111    Data: [ULONG_PTR; 2],
112    Address: PVOID,
113}}
114pub type PSE_ADT_PARAMETER_ARRAY_ENTRY = *mut SE_ADT_PARAMETER_ARRAY_ENTRY;
115STRUCT!{struct SE_ADT_ACCESS_REASON {
116    AccessMask: ACCESS_MASK,
117    AccessReasons: [ULONG; 32],
118    ObjectTypeIndex: ULONG,
119    AccessGranted: ULONG,
120    SecurityDescriptor: PSECURITY_DESCRIPTOR,
121}}
122pub type PSE_ADT_ACCESS_REASON = *mut SE_ADT_ACCESS_REASON;
123STRUCT!{struct SE_ADT_CLAIMS {
124    Length: ULONG,
125    Claims: PCLAIMS_BLOB,
126}}
127pub type PSE_ADT_CLAIMS = *mut SE_ADT_CLAIMS;
128pub const SE_MAX_AUDIT_PARAMETERS: SIZE_T = 32;
129pub const SE_MAX_GENERIC_AUDIT_PARAMETERS: SIZE_T = 28;
130STRUCT!{struct SE_ADT_PARAMETER_ARRAY {
131    CategoryId: ULONG,
132    AuditId: ULONG,
133    ParameterCount: ULONG,
134    Length: ULONG,
135    FlatSubCategoryId: USHORT,
136    Type: USHORT,
137    Flags: ULONG,
138    Parameters: [SE_ADT_PARAMETER_ARRAY_ENTRY; SE_MAX_AUDIT_PARAMETERS],
139}}
140pub type PSE_ADT_PARAMETER_ARRAY = *mut SE_ADT_PARAMETER_ARRAY;
141STRUCT!{struct SE_ADT_PARAMETER_ARRAY_EX {
142    CategoryId: ULONG,
143    AuditId: ULONG,
144    Version: ULONG,
145    ParameterCount: ULONG,
146    Length: ULONG,
147    FlatSubCategoryId: USHORT,
148    Type: USHORT,
149    Flags: ULONG,
150    Parameters: [SE_ADT_PARAMETER_ARRAY_ENTRY; SE_MAX_AUDIT_PARAMETERS],
151}}
152pub type PSE_ADT_PARAMETER_ARRAY_EX = *mut SE_ADT_PARAMETER_ARRAY_EX;
153pub const SE_ADT_PARAMETERS_SELF_RELATIVE: ULONG = 0x00000001;
154pub const SE_ADT_PARAMETERS_SEND_TO_LSA: ULONG = 0x00000002;
155pub const SE_ADT_PARAMETER_EXTENSIBLE_AUDIT: ULONG = 0x00000004;
156pub const SE_ADT_PARAMETER_GENERIC_AUDIT: ULONG = 0x00000008;
157pub const SE_ADT_PARAMETER_WRITE_SYNCHRONOUS: ULONG = 0x00000010;
158#[cfg(target_pointer_width = "32")]
159#[inline]
160pub fn LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(
161    AuditParameters: SE_ADT_PARAMETER_ARRAY,
162) -> SIZE_T {
163    664  // FIXME: sizeof::<SE_ADT_PARAMETER_ARRAY>()
164        - (20 // FIXME: sizeof::<SE_ADT_PARAMETER_ARRAY_ENTRY>()
165        * (SE_MAX_AUDIT_PARAMETERS - AuditParameters.ParameterCount as SIZE_T))
166}
167#[cfg(target_pointer_width = "64")]
168#[inline]
169pub fn LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(
170    AuditParameters: SE_ADT_PARAMETER_ARRAY,
171) -> SIZE_T {
172    1048  // FIXME: sizeof::<SE_ADT_PARAMETER_ARRAY>()
173        - (32 // FIXME: sizeof::<SE_ADT_PARAMETER_ARRAY_ENTRY>()
174        * (SE_MAX_AUDIT_PARAMETERS - AuditParameters.ParameterCount as SIZE_T))
175}
176STRUCT!{struct LSA_ADT_STRING_LIST_ENTRY {
177    Flags: ULONG,
178    String: UNICODE_STRING,
179}}
180pub type PLSA_ADT_STRING_LIST_ENTRY = *mut LSA_ADT_STRING_LIST_ENTRY;
181STRUCT!{struct LSA_ADT_STRING_LIST {
182    cStrings: ULONG,
183    String: PLSA_ADT_STRING_LIST_ENTRY,
184}}
185pub type PLSA_ADT_STRING_LIST = *mut LSA_ADT_STRING_LIST;
186STRUCT!{struct LSA_ADT_SID_LIST_ENTRY {
187    Flags: ULONG,
188    Sid: PSID,
189}}
190pub type PLSA_ADT_SID_LIST_ENTRY = *mut LSA_ADT_SID_LIST_ENTRY;
191STRUCT!{struct LSA_ADT_SID_LIST {
192    cSids: ULONG,
193    Sid: PLSA_ADT_SID_LIST_ENTRY,
194}}
195pub type PLSA_ADT_SID_LIST = *mut LSA_ADT_SID_LIST;
196pub const LSA_ADT_SECURITY_SOURCE_NAME: &'static str = "Microsoft-Windows-Security-Auditing";
197pub const LSA_ADT_LEGACY_SECURITY_SOURCE_NAME: &'static str = "Security";
198pub const SE_ADT_POLICY_AUDIT_EVENT_TYPE_EX_BEGIN: ULONG = 100;
199ENUM!{enum POLICY_AUDIT_EVENT_TYPE_EX {
200    iSystem_SecurityStateChange = SE_ADT_POLICY_AUDIT_EVENT_TYPE_EX_BEGIN,
201    iSystem_SecuritySubsystemExtension,
202    iSystem_Integrity,
203    iSystem_IPSecDriverEvents,
204    iSystem_Others,
205    iLogon_Logon,
206    iLogon_Logoff,
207    iLogon_AccountLockout,
208    iLogon_IPSecMainMode,
209    iLogon_SpecialLogon,
210    iLogon_IPSecQuickMode,
211    iLogon_IPSecUsermode,
212    iLogon_Others,
213    iLogon_NPS,
214    iLogon_Claims,
215    iLogon_Groups,
216    iObjectAccess_FileSystem,
217    iObjectAccess_Registry,
218    iObjectAccess_Kernel,
219    iObjectAccess_Sam,
220    iObjectAccess_Other,
221    iObjectAccess_CertificationAuthority,
222    iObjectAccess_ApplicationGenerated,
223    iObjectAccess_HandleBasedAudits,
224    iObjectAccess_Share,
225    iObjectAccess_FirewallPacketDrops,
226    iObjectAccess_FirewallConnection,
227    iObjectAccess_DetailedFileShare,
228    iObjectAccess_RemovableStorage,
229    iObjectAccess_CbacStaging,
230    iPrivilegeUse_Sensitive,
231    iPrivilegeUse_NonSensitive,
232    iPrivilegeUse_Others,
233    iDetailedTracking_ProcessCreation,
234    iDetailedTracking_ProcessTermination,
235    iDetailedTracking_DpapiActivity,
236    iDetailedTracking_RpcCall,
237    iDetailedTracking_PnpActivity,
238    iDetailedTracking_TokenRightAdjusted,
239    iPolicyChange_AuditPolicy,
240    iPolicyChange_AuthenticationPolicy,
241    iPolicyChange_AuthorizationPolicy,
242    iPolicyChange_MpsscvRulePolicy,
243    iPolicyChange_WfpIPSecPolicy,
244    iPolicyChange_Others,
245    iAccountManagement_UserAccount,
246    iAccountManagement_ComputerAccount,
247    iAccountManagement_SecurityGroup,
248    iAccountManagement_DistributionGroup,
249    iAccountManagement_ApplicationGroup,
250    iAccountManagement_Others,
251    iDSAccess_DSAccess,
252    iDSAccess_AdAuditChanges,
253    iDS_Replication,
254    iDS_DetailedReplication,
255    iAccountLogon_CredentialValidation,
256    iAccountLogon_Kerberos,
257    iAccountLogon_Others,
258    iAccountLogon_KerbCredentialValidation,
259    iUnknownSubCategory = 999,
260}}
261pub type PPOLICY_AUDIT_EVENT_TYPE_EX = *mut POLICY_AUDIT_EVENT_TYPE_EX;
262ENUM!{enum POLICY_AUDIT_EVENT_TYPE {
263    AuditCategorySystem = 0,
264    AuditCategoryLogon,
265    AuditCategoryObjectAccess,
266    AuditCategoryPrivilegeUse,
267    AuditCategoryDetailedTracking,
268    AuditCategoryPolicyChange,
269    AuditCategoryAccountManagement,
270    AuditCategoryDirectoryServiceAccess,
271    AuditCategoryAccountLogon,
272}}
273pub type PPOLICY_AUDIT_EVENT_TYPE = *mut POLICY_AUDIT_EVENT_TYPE;
274pub const POLICY_AUDIT_EVENT_UNCHANGED: ULONG = 0x00000000;
275pub const POLICY_AUDIT_EVENT_SUCCESS: ULONG = 0x00000001;
276pub const POLICY_AUDIT_EVENT_FAILURE: ULONG = 0x00000002;
277pub const POLICY_AUDIT_EVENT_NONE: ULONG = 0x00000004;
278pub const POLICY_AUDIT_EVENT_MASK: ULONG = POLICY_AUDIT_EVENT_SUCCESS | POLICY_AUDIT_EVENT_FAILURE
279    | POLICY_AUDIT_EVENT_UNCHANGED | POLICY_AUDIT_EVENT_NONE;
280#[inline]
281pub fn LSA_SUCCESS(Error: NTSTATUS) -> bool {
282    (Error as LONG) >= 0
283}
284extern "system" {
285    pub fn LsaRegisterLogonProcess(
286        LogonProcessName: PLSA_STRING,
287        LsaHandle: PHANDLE,
288        SecurityMode: PLSA_OPERATIONAL_MODE,
289    ) -> NTSTATUS;
290    pub fn LsaLogonUser(
291        LsaHandle: HANDLE,
292        OriginName: PLSA_STRING,
293        LogonType: SECURITY_LOGON_TYPE,
294        AuthenticationPackage: ULONG,
295        AuthenticationInformation: PVOID,
296        AuthenticationInformationLength: ULONG,
297        LocalGroups: PTOKEN_GROUPS,
298        SourceContext: PTOKEN_SOURCE,
299        ProfileBuffer: *mut PVOID,
300        ProfileBufferLength: PULONG,
301        LogonId: PLUID,
302        Token: PHANDLE,
303        Quotas: PQUOTA_LIMITS,
304        SubStatus: PNTSTATUS,
305    ) -> NTSTATUS;
306    pub fn LsaLookupAuthenticationPackage(
307        LsaHandle: HANDLE,
308        PackageName: PLSA_STRING,
309        AuthenticationPackage: PULONG,
310    ) -> NTSTATUS;
311    pub fn LsaFreeReturnBuffer(
312        Buffer: PVOID,
313    ) -> NTSTATUS;
314    pub fn LsaCallAuthenticationPackage(
315        LsaHandle: HANDLE,
316        AuthenticationPackage: ULONG,
317        ProtocolSubmitBuffer: PVOID,
318        SubmitBufferLength: ULONG,
319        ProtocolReturnBuffer: *mut PVOID,
320        ReturnBufferLength: PULONG,
321        ProtocolStatus: PNTSTATUS,
322    ) -> NTSTATUS;
323    pub fn LsaDeregisterLogonProcess(
324        LsaHandle: HANDLE,
325    ) -> NTSTATUS;
326    pub fn LsaConnectUntrusted(
327        LsaHandle: PHANDLE,
328    ) -> NTSTATUS;
329}
330extern "C" {
331    pub fn LsaInsertProtectedProcessAddress(
332        BufferAddress: PVOID,
333        BufferSize: ULONG,
334    ) -> NTSTATUS;
335    pub fn LsaRemoveProtectedProcessAddress(
336        BufferAddress: PVOID,
337        BufferSize: ULONG,
338    ) -> NTSTATUS;
339}
340FN!{stdcall PFN_LSA_CALL_AUTH_PKG(
341    LsaHandle: HANDLE,
342    AuthenticationPackage: ULONG,
343    ProtocolSubmitBuffer: PVOID,
344    SubmitBufferLength: ULONG,
345    ProtocolReturnBuffer: *mut PVOID,
346    ReturnBufferLength: PULONG,
347    ProtocolStatus: PNTSTATUS,
348) -> NTSTATUS}
349FN!{stdcall PFN_LSA_DEREGISTER_PROC(
350    LsaHandle: HANDLE,
351) -> NTSTATUS}
352FN!{stdcall PFN_LSA_FREE_BUFFER(
353    Buffer: PVOID,
354) -> NTSTATUS}
355FN!{stdcall PFN_LSA_LOGON_USER(
356    LsaHandle: HANDLE,
357    OriginName: PLSA_STRING,
358    LogonType: SECURITY_LOGON_TYPE,
359    AuthenticationPackage: ULONG,
360    AuthenticationInformation: PVOID,
361    AuthenticationInformationLength: ULONG,
362    LocalGroups: PTOKEN_GROUPS,
363    SourceContext: PTOKEN_SOURCE,
364    ProfileBuffer: *mut PVOID,
365    ProfileBufferLength: PULONG,
366    LogonId: PLUID,
367    Token: PHANDLE,
368    Quotas: PQUOTA_LIMITS,
369    SubStatus: PNTSTATUS,
370) -> NTSTATUS}
371FN!{stdcall PFN_LOOKUP_AUTH_PKG(
372    LsaHandle: HANDLE,
373    PackageName: PLSA_STRING,
374    AuthenticationPackage: PULONG,
375) -> NTSTATUS}
376FN!{stdcall PFN_LSA_REGISTER_PROC(
377    LogonProcessName: PLSA_STRING,
378    LsaHandle: PHANDLE,
379    SecurityMode: PLSA_OPERATIONAL_MODE,
380) -> NTSTATUS}
381STRUCT!{struct LSA_AUTH_CALLBACKS {
382    LsaCallAuthPkgFn: PFN_LSA_CALL_AUTH_PKG,
383    LsaDeregisterProcFn: PFN_LSA_DEREGISTER_PROC,
384    LsaFreeReturnBufferFn: PFN_LSA_FREE_BUFFER,
385    LsaLogonUserFn: PFN_LSA_LOGON_USER,
386    LsaLookupAuthPkgFn: PFN_LOOKUP_AUTH_PKG,
387    LsaRegisterProcFn: PFN_LSA_REGISTER_PROC,
388}}
389pub type PLSA_AUTH_CALLBACKS = *mut LSA_AUTH_CALLBACKS;
390pub type PCLSA_AUTH_CALLBACKS = *const LSA_AUTH_CALLBACKS;
391pub type PLSA_CLIENT_REQUEST = *mut PVOID;
392ENUM!{enum LSA_TOKEN_INFORMATION_TYPE {
393    LsaTokenInformationNull,
394    LsaTokenInformationV1,
395    LsaTokenInformationV2,
396    LsaTokenInformationV3,
397}}
398pub type PLSA_TOKEN_INFORMATION_TYPE = *mut LSA_TOKEN_INFORMATION_TYPE;
399STRUCT!{struct LSA_TOKEN_INFORMATION_NULL {
400    ExpirationTime: LARGE_INTEGER,
401    Groups: PTOKEN_GROUPS,
402}}
403pub type PLSA_TOKEN_INFORMATION_NULL = *mut LSA_TOKEN_INFORMATION_NULL;
404STRUCT!{struct LSA_TOKEN_INFORMATION_V1 {
405    ExpirationTime: LARGE_INTEGER,
406    User: TOKEN_USER,
407    Groups: PTOKEN_GROUPS,
408    PrimaryGroup: TOKEN_PRIMARY_GROUP,
409    Privileges: PTOKEN_PRIVILEGES,
410    Owner: TOKEN_OWNER,
411    DefaultDacl: TOKEN_DEFAULT_DACL,
412}}
413pub type PLSA_TOKEN_INFORMATION_V1 = *mut LSA_TOKEN_INFORMATION_V1;
414pub type LSA_TOKEN_INFORMATION_V2 = LSA_TOKEN_INFORMATION_V1;
415pub type PLSA_TOKEN_INFORMATION_V2 = *mut LSA_TOKEN_INFORMATION_V2;
416STRUCT!{struct LSA_TOKEN_INFORMATION_V3 {
417    ExpirationTime: LARGE_INTEGER,
418    User: TOKEN_USER,
419    Groups: PTOKEN_GROUPS,
420    PrimaryGroup: TOKEN_PRIMARY_GROUP,
421    Privileges: PTOKEN_PRIVILEGES,
422    Owner: TOKEN_OWNER,
423    DefaultDacl: TOKEN_DEFAULT_DACL,
424    UserClaims: TOKEN_USER_CLAIMS,
425    DeviceClaims: TOKEN_DEVICE_CLAIMS,
426    DeviceGroups: PTOKEN_GROUPS,
427}}
428pub type PLSA_TOKEN_INFORMATION_V3 = *mut LSA_TOKEN_INFORMATION_V3;
429FN!{stdcall PLSA_CREATE_LOGON_SESSION(
430    LogonId: PLUID,
431) -> NTSTATUS}
432FN!{stdcall PLSA_DELETE_LOGON_SESSION(
433    LogonId: PLUID,
434) -> NTSTATUS}
435FN!{stdcall PLSA_ADD_CREDENTIAL(
436    LogonId: PLUID,
437    AuthenticationPackage: ULONG,
438    PrimaryKeyValue: PLSA_STRING,
439    Credentials: PLSA_STRING,
440) -> NTSTATUS}
441FN!{stdcall PLSA_GET_CREDENTIALS(
442    LogonId: PLUID,
443    AuthenticationPackage: ULONG,
444    QueryContext: PULONG,
445    RetrieveAllCredentials: BOOLEAN,
446    PrimaryKeyValue: PLSA_STRING,
447    PrimaryKeyLength: PULONG,
448    Credentials: PLSA_STRING,
449) -> NTSTATUS}
450FN!{stdcall PLSA_DELETE_CREDENTIAL(
451    LogonId: PLUID,
452    AuthenticationPackage: ULONG,
453    PrimaryKeyValue: PLSA_STRING,
454) -> NTSTATUS}
455FN!{stdcall PLSA_ALLOCATE_LSA_HEAP(
456    Length: ULONG,
457) -> PVOID}
458FN!{stdcall PLSA_FREE_LSA_HEAP(
459    Base: PVOID,
460) -> ()}
461FN!{stdcall PLSA_ALLOCATE_PRIVATE_HEAP(
462    Length: SIZE_T,
463) -> PVOID}
464FN!{stdcall PLSA_FREE_PRIVATE_HEAP(
465    Base: PVOID,
466) -> ()}
467FN!{stdcall PLSA_ALLOCATE_CLIENT_BUFFER(
468    ClientRequest: PLSA_CLIENT_REQUEST,
469    LengthRequired: ULONG,
470    ClientBaseAddress: *mut PVOID,
471) -> NTSTATUS}
472FN!{stdcall PLSA_FREE_CLIENT_BUFFER(
473    ClientRequest: PLSA_CLIENT_REQUEST,
474    ClientBaseAddress: PVOID,
475) -> NTSTATUS}
476FN!{stdcall PLSA_COPY_TO_CLIENT_BUFFER(
477    ClientRequest: PLSA_CLIENT_REQUEST,
478    Length: ULONG,
479    ClientBaseAddress: PVOID,
480    BufferToCopy: PVOID,
481) -> NTSTATUS}
482FN!{stdcall PLSA_COPY_FROM_CLIENT_BUFFER(
483    ClientRequest: PLSA_CLIENT_REQUEST,
484    Length: ULONG,
485    BufferToCopy: PVOID,
486    ClientBaseAddress: PVOID,
487) -> NTSTATUS}
488STRUCT!{struct LSA_DISPATCH_TABLE {
489    CreateLogonSession: PLSA_CREATE_LOGON_SESSION,
490    DeleteLogonSession: PLSA_DELETE_LOGON_SESSION,
491    AddCredential: PLSA_ADD_CREDENTIAL,
492    GetCredentials: PLSA_GET_CREDENTIALS,
493    DeleteCredential: PLSA_DELETE_CREDENTIAL,
494    AllocateLsaHeap: PLSA_ALLOCATE_LSA_HEAP,
495    FreeLsaHeap: PLSA_FREE_LSA_HEAP,
496    AllocateClientBuffer: PLSA_ALLOCATE_CLIENT_BUFFER,
497    FreeClientBuffer: PLSA_FREE_CLIENT_BUFFER,
498    CopyToClientBuffer: PLSA_COPY_TO_CLIENT_BUFFER,
499    CopyFromClientBuffer: PLSA_COPY_FROM_CLIENT_BUFFER,
500}}
501pub type PLSA_DISPATCH_TABLE = *mut LSA_DISPATCH_TABLE;
502pub const LSA_AP_NAME_INITIALIZE_PACKAGE: &'static str = "LsaApInitializePackage";
503pub const LSA_AP_NAME_LOGON_USER: &'static str = "LsaApLogonUser";
504pub const LSA_AP_NAME_LOGON_USER_EX: &'static str = "LsaApLogonUserEx";
505pub const LSA_AP_NAME_CALL_PACKAGE: &'static str = "LsaApCallPackage";
506pub const LSA_AP_NAME_LOGON_TERMINATED: &'static str = "LsaApLogonTerminated";
507pub const LSA_AP_NAME_CALL_PACKAGE_UNTRUSTED: &'static str = "LsaApCallPackageUntrusted";
508pub const LSA_AP_NAME_CALL_PACKAGE_PASSTHROUGH: &'static str = "LsaApCallPackagePassthrough";
509FN!{stdcall PLSA_AP_INITIALIZE_PACKAGE(
510    AuthenticationPackageId: ULONG,
511    LsaDispatchTable: PLSA_DISPATCH_TABLE,
512    Database: PLSA_STRING,
513    Confidentiality: PLSA_STRING,
514    AuthenticationPackageName: *mut PLSA_STRING,
515) -> NTSTATUS}
516FN!{stdcall PLSA_AP_LOGON_USER(
517    ClientRequest: PLSA_CLIENT_REQUEST,
518    LogonType: SECURITY_LOGON_TYPE,
519    AuthenticationInformation: PVOID,
520    ClientAuthentication: PVOID,
521    AuthenticationInformationLength: ULONG,
522    ProfileBuffer: *mut PVOID,
523    ProfileBufferLength: PULONG,
524    LogonId: PLUID,
525    SubStatus: PNTSTATUS,
526    TokenInformationType: PLSA_TOKEN_INFORMATION_TYPE,
527    TokenInformation: *mut PVOID,
528    AccountName: *mut PLSA_UNICODE_STRING,
529    AuthenticatingAutority: *mut PLSA_UNICODE_STRING,
530) -> NTSTATUS}
531FN!{stdcall PLSA_AP_LOGON_USER_EX(
532    ClientRequest: PLSA_CLIENT_REQUEST,
533    LogonType: SECURITY_LOGON_TYPE,
534    AuthenticationInformation: PVOID,
535    ClientAuthentication: PVOID,
536    AuthenticationInformationLength: ULONG,
537    ProfileBuffer: *mut PVOID,
538    ProfileBufferLength: PULONG,
539    LogonId: PLUID,
540    SubStatus: PNTSTATUS,
541    TokenInformationType: PLSA_TOKEN_INFORMATION_TYPE,
542    TokenInformation: *mut PVOID,
543    AccountName: *mut PLSA_UNICODE_STRING,
544    AuthenticatingAutority: *mut PLSA_UNICODE_STRING,
545    MachineName: *mut PUNICODE_STRING,
546) -> NTSTATUS}
547FN!{stdcall PLSA_AP_CALL_PACKAGE(
548    ClientRequest: PLSA_CLIENT_REQUEST,
549    ProtocolSubmitBuffer: PVOID,
550    ClientBufferBase: PVOID,
551    SubmitBufferLength: ULONG,
552    ProtocolReturnBuffer: *mut PVOID,
553    ReturnBufferLength: PULONG,
554    ProtocolStatus: PNTSTATUS,
555) -> NTSTATUS}
556FN!{stdcall PLSA_AP_CALL_PACKAGE_PASSTHROUGH(
557    ClientRequest: PLSA_CLIENT_REQUEST,
558    ProtocolSubmitBuffer: PVOID,
559    ClientBufferBase: PVOID,
560    SubmitBufferLength: ULONG,
561    ProtocolReturnBuffer: *mut PVOID,
562    ReturnBufferLength: PULONG,
563    ProtocolStatus: PNTSTATUS,
564) -> NTSTATUS}
565FN!{stdcall PLSA_AP_LOGON_TERMINATED(
566    LogonId: PLUID,
567) -> ()}
568pub const POLICY_VIEW_LOCAL_INFORMATION: ULONG = 0x00000001;
569pub const POLICY_VIEW_AUDIT_INFORMATION: ULONG = 0x00000002;
570pub const POLICY_GET_PRIVATE_INFORMATION: ULONG = 0x00000004;
571pub const POLICY_TRUST_ADMIN: ULONG = 0x00000008;
572pub const POLICY_CREATE_ACCOUNT: ULONG = 0x00000010;
573pub const POLICY_CREATE_SECRET: ULONG = 0x00000020;
574pub const POLICY_CREATE_PRIVILEGE: ULONG = 0x00000040;
575pub const POLICY_SET_DEFAULT_QUOTA_LIMITS: ULONG = 0x00000080;
576pub const POLICY_SET_AUDIT_REQUIREMENTS: ULONG = 0x00000100;
577pub const POLICY_AUDIT_LOG_ADMIN: ULONG = 0x00000200;
578pub const POLICY_SERVER_ADMIN: ULONG = 0x00000400;
579pub const POLICY_LOOKUP_NAMES: ULONG = 0x00000800;
580pub const POLICY_NOTIFICATION: ULONG = 0x00001000;
581pub const POLICY_ALL_ACCESS: ULONG = STANDARD_RIGHTS_REQUIRED | POLICY_VIEW_LOCAL_INFORMATION
582    | POLICY_VIEW_AUDIT_INFORMATION | POLICY_GET_PRIVATE_INFORMATION | POLICY_TRUST_ADMIN
583    | POLICY_CREATE_ACCOUNT | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE
584    | POLICY_SET_DEFAULT_QUOTA_LIMITS | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN
585    | POLICY_SERVER_ADMIN | POLICY_LOOKUP_NAMES;
586pub const POLICY_READ: ULONG = STANDARD_RIGHTS_READ | POLICY_VIEW_AUDIT_INFORMATION
587    | POLICY_GET_PRIVATE_INFORMATION;
588pub const POLICY_WRITE: ULONG = STANDARD_RIGHTS_WRITE | POLICY_TRUST_ADMIN | POLICY_CREATE_ACCOUNT
589    | POLICY_CREATE_SECRET | POLICY_CREATE_PRIVILEGE | POLICY_SET_DEFAULT_QUOTA_LIMITS
590    | POLICY_SET_AUDIT_REQUIREMENTS | POLICY_AUDIT_LOG_ADMIN | POLICY_SERVER_ADMIN;
591pub const POLICY_EXECUTE: ULONG = STANDARD_RIGHTS_EXECUTE | POLICY_VIEW_LOCAL_INFORMATION
592    | POLICY_LOOKUP_NAMES;
593STRUCT!{struct LSA_TRANSLATED_SID {
594    Use: SID_NAME_USE,
595    RelativeId: ULONG,
596    DomainIndex: LONG,
597}}
598pub type PLSA_TRANSLATED_SID = *mut LSA_TRANSLATED_SID;
599pub type POLICY_SYSTEM_ACCESS_MODE = ULONG;
600pub type PPOLICY_SYSTEM_ACCESS_MODE = *mut POLICY_SYSTEM_ACCESS_MODE;
601pub const POLICY_MODE_INTERACTIVE: ULONG = SECURITY_ACCESS_INTERACTIVE_LOGON;
602pub const POLICY_MODE_NETWORK: ULONG = SECURITY_ACCESS_NETWORK_LOGON;
603pub const POLICY_MODE_BATCH: ULONG = SECURITY_ACCESS_BATCH_LOGON;
604pub const POLICY_MODE_SERVICE: ULONG = SECURITY_ACCESS_SERVICE_LOGON;
605pub const POLICY_MODE_PROXY: ULONG = SECURITY_ACCESS_PROXY_LOGON;
606pub const POLICY_MODE_DENY_INTERACTIVE: ULONG = SECURITY_ACCESS_DENY_INTERACTIVE_LOGON;
607pub const POLICY_MODE_DENY_NETWORK: ULONG = SECURITY_ACCESS_DENY_NETWORK_LOGON;
608pub const POLICY_MODE_DENY_BATCH: ULONG = SECURITY_ACCESS_DENY_BATCH_LOGON;
609pub const POLICY_MODE_DENY_SERVICE: ULONG = SECURITY_ACCESS_DENY_SERVICE_LOGON;
610pub const POLICY_MODE_REMOTE_INTERACTIVE: ULONG = SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON;
611pub const POLICY_MODE_DENY_REMOTE_INTERACTIVE: ULONG =
612    SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON;
613pub const POLICY_MODE_ALL: ULONG = POLICY_MODE_INTERACTIVE | POLICY_MODE_NETWORK
614    | POLICY_MODE_BATCH | POLICY_MODE_SERVICE | POLICY_MODE_PROXY | POLICY_MODE_DENY_INTERACTIVE
615    | POLICY_MODE_DENY_NETWORK | SECURITY_ACCESS_DENY_BATCH_LOGON
616    | SECURITY_ACCESS_DENY_SERVICE_LOGON | POLICY_MODE_REMOTE_INTERACTIVE
617    | POLICY_MODE_DENY_REMOTE_INTERACTIVE ;
618pub const POLICY_MODE_ALL_NT4: ULONG = POLICY_MODE_INTERACTIVE | POLICY_MODE_NETWORK
619    | POLICY_MODE_BATCH | POLICY_MODE_SERVICE;
620ENUM!{enum POLICY_LSA_SERVER_ROLE {
621    PolicyServerRoleBackup = 2,
622    PolicyServerRolePrimary,
623}}
624pub type PPOLICY_LSA_SERVER_ROLE = *mut POLICY_LSA_SERVER_ROLE;
625ENUM!{enum POLICY_SERVER_ENABLE_STATE {
626    PolicyServerEnabled = 2,
627    PolicyServerDisabled,
628}}
629pub type PPOLICY_SERVER_ENABLE_STATE = *mut POLICY_SERVER_ENABLE_STATE;
630pub type POLICY_AUDIT_EVENT_OPTIONS = ULONG;
631pub type PPOLICY_AUDIT_EVENT_OPTIONS = *mut POLICY_AUDIT_EVENT_OPTIONS;
632STRUCT!{struct POLICY_PRIVILEGE_DEFINITION {
633    Name: LSA_UNICODE_STRING,
634    LocalValue: LUID,
635}}
636pub type PPOLICY_PRIVILEGE_DEFINITION = *mut POLICY_PRIVILEGE_DEFINITION;
637pub const LSA_LOOKUP_ISOLATED_AS_LOCAL: ULONG = 0x80000000;
638pub const LSA_LOOKUP_DISALLOW_CONNECTED_ACCOUNT_INTERNET_SID: ULONG = 0x80000000;
639pub const LSA_LOOKUP_PREFER_INTERNET_NAMES: ULONG = 0x40000000;
640ENUM!{enum POLICY_INFORMATION_CLASS {
641    PolicyAuditLogInformation = 1,
642    PolicyAuditEventsInformation,
643    PolicyPrimaryDomainInformation,
644    PolicyPdAccountInformation,
645    PolicyAccountDomainInformation,
646    PolicyLsaServerRoleInformation,
647    PolicyReplicaSourceInformation,
648    PolicyDefaultQuotaInformation,
649    PolicyModificationInformation,
650    PolicyAuditFullSetInformation,
651    PolicyAuditFullQueryInformation,
652    PolicyDnsDomainInformation,
653    PolicyDnsDomainInformationInt,
654    PolicyLocalAccountDomainInformation,
655    PolicyLastEntry,
656}}
657pub type PPOLICY_INFORMATION_CLASS = *mut POLICY_INFORMATION_CLASS;
658STRUCT!{struct POLICY_AUDIT_LOG_INFO {
659    AuditLogPercentFull: ULONG,
660    MaximumLogSize: ULONG,
661    AuditRetentionPeriod: LARGE_INTEGER,
662    AuditLogFullShutdownInProgress: BOOLEAN,
663    TimeToShutdown: LARGE_INTEGER,
664    NextAuditRecordId: ULONG,
665}}
666pub type PPOLICY_AUDIT_LOG_INFO = *mut POLICY_AUDIT_LOG_INFO;
667STRUCT!{struct POLICY_AUDIT_EVENTS_INFO {
668    AuditingMode: BOOLEAN,
669    EventAuditingOptions: PPOLICY_AUDIT_EVENT_OPTIONS,
670    MaximumAuditEventCount: ULONG,
671}}
672pub type PPOLICY_AUDIT_EVENTS_INFO = *mut POLICY_AUDIT_EVENTS_INFO;
673STRUCT!{struct POLICY_AUDIT_SUBCATEGORIES_INFO {
674    MaximumSubCategoryCount: ULONG,
675    EventAuditingOptions: PPOLICY_AUDIT_EVENT_OPTIONS,
676}}
677pub type PPOLICY_AUDIT_SUBCATEGORIES_INFO = *mut POLICY_AUDIT_SUBCATEGORIES_INFO;
678STRUCT!{struct POLICY_AUDIT_CATEGORIES_INFO {
679    MaximumCategoryCount: ULONG,
680    SubCategoriesInfo: PPOLICY_AUDIT_SUBCATEGORIES_INFO,
681}}
682pub type PPOLICY_AUDIT_CATEGORIES_INFO = *mut POLICY_AUDIT_CATEGORIES_INFO;
683pub const PER_USER_POLICY_UNCHANGED: UCHAR = 0x00;
684pub const PER_USER_AUDIT_SUCCESS_INCLUDE: UCHAR = 0x01;
685pub const PER_USER_AUDIT_SUCCESS_EXCLUDE: UCHAR = 0x02;
686pub const PER_USER_AUDIT_FAILURE_INCLUDE: UCHAR = 0x04;
687pub const PER_USER_AUDIT_FAILURE_EXCLUDE: UCHAR = 0x08;
688pub const PER_USER_AUDIT_NONE: UCHAR = 0x10;
689pub const VALID_PER_USER_AUDIT_POLICY_FLAG: UCHAR = PER_USER_AUDIT_SUCCESS_INCLUDE
690    | PER_USER_AUDIT_SUCCESS_EXCLUDE | PER_USER_AUDIT_FAILURE_INCLUDE
691    | PER_USER_AUDIT_FAILURE_EXCLUDE | PER_USER_AUDIT_NONE;
692STRUCT!{struct POLICY_PRIMARY_DOMAIN_INFO {
693    Name: LSA_UNICODE_STRING,
694    Sid: PSID,
695}}
696pub type PPOLICY_PRIMARY_DOMAIN_INFO = *mut POLICY_PRIMARY_DOMAIN_INFO;
697STRUCT!{struct POLICY_PD_ACCOUNT_INFO {
698    Name: LSA_UNICODE_STRING,
699}}
700pub type PPOLICY_PD_ACCOUNT_INFO = *mut POLICY_PD_ACCOUNT_INFO;
701STRUCT!{struct POLICY_LSA_SERVER_ROLE_INFO {
702    LsaServerRole: POLICY_LSA_SERVER_ROLE,
703}}
704pub type PPOLICY_LSA_SERVER_ROLE_INFO = *mut POLICY_LSA_SERVER_ROLE_INFO;
705STRUCT!{struct POLICY_REPLICA_SOURCE_INFO {
706    ReplicaSource: LSA_UNICODE_STRING,
707    ReplicaAccountName: LSA_UNICODE_STRING,
708}}
709pub type PPOLICY_REPLICA_SOURCE_INFO = *mut POLICY_REPLICA_SOURCE_INFO;
710STRUCT!{struct POLICY_DEFAULT_QUOTA_INFO {
711    QuotaLimits: QUOTA_LIMITS,
712}}
713pub type PPOLICY_DEFAULT_QUOTA_INFO = *mut POLICY_DEFAULT_QUOTA_INFO;
714STRUCT!{struct POLICY_MODIFICATION_INFO {
715    ModifiedId: LARGE_INTEGER,
716    DatabaseCreationTime: LARGE_INTEGER,
717}}
718pub type PPOLICY_MODIFICATION_INFO = *mut POLICY_MODIFICATION_INFO;
719STRUCT!{struct POLICY_AUDIT_FULL_SET_INFO {
720    ShutDownOnFull: BOOLEAN,
721}}
722pub type PPOLICY_AUDIT_FULL_SET_INFO = *mut POLICY_AUDIT_FULL_SET_INFO;
723STRUCT!{struct POLICY_AUDIT_FULL_QUERY_INFO {
724    ShutDownOnFull: BOOLEAN,
725    LogIsFull: BOOLEAN,
726}}
727pub type PPOLICY_AUDIT_FULL_QUERY_INFO = *mut POLICY_AUDIT_FULL_QUERY_INFO;
728ENUM!{enum POLICY_DOMAIN_INFORMATION_CLASS {
729    PolicyDomainEfsInformation = 2,
730    PolicyDomainKerberosTicketInformation,
731}}
732pub type PPOLICY_DOMAIN_INFORMATION_CLASS = *mut POLICY_DOMAIN_INFORMATION_CLASS;
733pub const POLICY_QOS_SCHANNEL_REQUIRED: ULONG = 0x00000001;
734pub const POLICY_QOS_OUTBOUND_INTEGRITY: ULONG = 0x00000002;
735pub const POLICY_QOS_OUTBOUND_CONFIDENTIALITY: ULONG = 0x00000004;
736pub const POLICY_QOS_INBOUND_INTEGRITY: ULONG = 0x00000008;
737pub const POLICY_QOS_INBOUND_CONFIDENTIALITY: ULONG = 0x00000010;
738pub const POLICY_QOS_ALLOW_LOCAL_ROOT_CERT_STORE: ULONG = 0x00000020;
739pub const POLICY_QOS_RAS_SERVER_ALLOWED: ULONG = 0x00000040;
740pub const POLICY_QOS_DHCP_SERVER_ALLOWED: ULONG = 0x00000080;
741STRUCT!{struct POLICY_DOMAIN_EFS_INFO {
742    InfoLength: ULONG,
743    EfsBlob: PUCHAR,
744}}
745pub type PPOLICY_DOMAIN_EFS_INFO = *mut POLICY_DOMAIN_EFS_INFO;
746pub const POLICY_KERBEROS_VALIDATE_CLIENT: ULONG = 0x00000080;
747STRUCT!{struct POLICY_DOMAIN_KERBEROS_TICKET_INFO {
748    AuthenticationOptions: ULONG,
749    MaxServiceTicketAge: LARGE_INTEGER,
750    MaxTicketAge: LARGE_INTEGER,
751    MaxRenewAge: LARGE_INTEGER,
752    MaxClockSkew: LARGE_INTEGER,
753    Reserved: LARGE_INTEGER,
754}}
755pub type PPOLICY_DOMAIN_KERBEROS_TICKET_INFO = *mut POLICY_DOMAIN_KERBEROS_TICKET_INFO;
756ENUM!{enum POLICY_NOTIFICATION_INFORMATION_CLASS {
757    PolicyNotifyAuditEventsInformation = 1,
758    PolicyNotifyAccountDomainInformation,
759    PolicyNotifyServerRoleInformation,
760    PolicyNotifyDnsDomainInformation,
761    PolicyNotifyDomainEfsInformation,
762    PolicyNotifyDomainKerberosTicketInformation,
763    PolicyNotifyMachineAccountPasswordInformation,
764    PolicyNotifyGlobalSaclInformation,
765    PolicyNotifyMax,
766}}
767pub type PPOLICY_NOTIFICATION_INFORMATION_CLASS = *mut POLICY_NOTIFICATION_INFORMATION_CLASS;
768pub const ACCOUNT_VIEW: ULONG = 0x00000001;
769pub const ACCOUNT_ADJUST_PRIVILEGES: ULONG = 0x00000002;
770pub const ACCOUNT_ADJUST_QUOTAS: ULONG = 0x00000004;
771pub const ACCOUNT_ADJUST_SYSTEM_ACCESS: ULONG = 0x00000008;
772pub const ACCOUNT_ALL_ACCESS: ULONG = STANDARD_RIGHTS_REQUIRED | ACCOUNT_VIEW
773    | ACCOUNT_ADJUST_PRIVILEGES | ACCOUNT_ADJUST_QUOTAS | ACCOUNT_ADJUST_SYSTEM_ACCESS;
774pub const ACCOUNT_READ: ULONG = STANDARD_RIGHTS_READ | ACCOUNT_VIEW;
775pub const ACCOUNT_WRITE: ULONG = STANDARD_RIGHTS_WRITE | ACCOUNT_ADJUST_PRIVILEGES
776    | ACCOUNT_ADJUST_QUOTAS | ACCOUNT_ADJUST_SYSTEM_ACCESS;
777pub const ACCOUNT_EXECUTE: ULONG = STANDARD_RIGHTS_EXECUTE;
778DECLARE_HANDLE!{LSA_HANDLE, __LSA_HANDLE}
779pub const TRUSTED_QUERY_DOMAIN_NAME: ULONG = 0x00000001;
780pub const TRUSTED_QUERY_CONTROLLERS: ULONG = 0x00000002;
781pub const TRUSTED_SET_CONTROLLERS: ULONG = 0x00000004;
782pub const TRUSTED_QUERY_POSIX: ULONG = 0x00000008;
783pub const TRUSTED_SET_POSIX: ULONG = 0x00000010;
784pub const TRUSTED_SET_AUTH: ULONG = 0x00000020;
785pub const TRUSTED_QUERY_AUTH: ULONG = 0x00000040;
786pub const TRUSTED_ALL_ACCESS: ULONG = STANDARD_RIGHTS_REQUIRED | TRUSTED_QUERY_DOMAIN_NAME
787    | TRUSTED_QUERY_CONTROLLERS | TRUSTED_SET_CONTROLLERS | TRUSTED_QUERY_POSIX | TRUSTED_SET_POSIX
788    | TRUSTED_SET_AUTH | TRUSTED_QUERY_AUTH;
789pub const TRUSTED_READ: ULONG = STANDARD_RIGHTS_READ | TRUSTED_QUERY_DOMAIN_NAME;
790pub const TRUSTED_WRITE: ULONG = STANDARD_RIGHTS_WRITE | TRUSTED_SET_CONTROLLERS
791    | TRUSTED_SET_POSIX | TRUSTED_SET_AUTH;
792pub const TRUSTED_EXECUTE: ULONG = STANDARD_RIGHTS_EXECUTE | TRUSTED_QUERY_CONTROLLERS
793    | TRUSTED_QUERY_POSIX;
794ENUM!{enum TRUSTED_INFORMATION_CLASS {
795    TrustedDomainNameInformation = 1,
796    TrustedControllersInformation,
797    TrustedPosixOffsetInformation,
798    TrustedPasswordInformation,
799    TrustedDomainInformationBasic,
800    TrustedDomainInformationEx,
801    TrustedDomainAuthInformation,
802    TrustedDomainFullInformation,
803    TrustedDomainAuthInformationInternal,
804    TrustedDomainFullInformationInternal,
805    TrustedDomainInformationEx2Internal,
806    TrustedDomainFullInformation2Internal,
807    TrustedDomainSupportedEncryptionTypes,
808}}
809pub type PTRUSTED_INFORMATION_CLASS = *mut TRUSTED_INFORMATION_CLASS;
810STRUCT!{struct TRUSTED_DOMAIN_NAME_INFO {
811    Name: LSA_UNICODE_STRING,
812}}
813pub type PTRUSTED_DOMAIN_NAME_INFO = *mut TRUSTED_DOMAIN_NAME_INFO;
814STRUCT!{struct TRUSTED_CONTROLLERS_INFO {
815    Entries: ULONG,
816    Names: PLSA_UNICODE_STRING,
817}}
818pub type PTRUSTED_CONTROLLERS_INFO = *mut TRUSTED_CONTROLLERS_INFO;
819STRUCT!{struct TRUSTED_POSIX_OFFSET_INFO {
820    Offset: ULONG,
821}}
822pub type PTRUSTED_POSIX_OFFSET_INFO = *mut TRUSTED_POSIX_OFFSET_INFO;
823STRUCT!{struct TRUSTED_PASSWORD_INFO {
824    Password: LSA_UNICODE_STRING,
825    OldPassword: LSA_UNICODE_STRING,
826}}
827pub type PTRUSTED_PASSWORD_INFO = *mut TRUSTED_PASSWORD_INFO;
828pub type TRUSTED_DOMAIN_INFORMATION_BASIC = LSA_TRUST_INFORMATION;
829pub type PTRUSTED_DOMAIN_INFORMATION_BASIC = PLSA_TRUST_INFORMATION;
830// NOTE: Ignoring Win XP constants
831pub const TRUST_DIRECTION_DISABLED: ULONG = 0x00000000;
832pub const TRUST_DIRECTION_INBOUND: ULONG = 0x00000001;
833pub const TRUST_DIRECTION_OUTBOUND: ULONG = 0x00000002;
834pub const TRUST_DIRECTION_BIDIRECTIONAL: ULONG = TRUST_DIRECTION_INBOUND
835    | TRUST_DIRECTION_OUTBOUND;
836pub const TRUST_TYPE_DOWNLEVEL: ULONG = 0x00000001;
837pub const TRUST_TYPE_UPLEVEL: ULONG = 0x00000002;
838pub const TRUST_TYPE_MIT: ULONG = 0x00000003;
839pub const TRUST_ATTRIBUTE_NON_TRANSITIVE: ULONG = 0x00000001;
840pub const TRUST_ATTRIBUTE_UPLEVEL_ONLY: ULONG = 0x00000002;
841pub const TRUST_ATTRIBUTE_QUARANTINED_DOMAIN: ULONG = 0x00000004;
842pub const TRUST_ATTRIBUTE_FOREST_TRANSITIVE: ULONG = 0x00000008;
843pub const TRUST_ATTRIBUTE_CROSS_ORGANIZATION: ULONG = 0x00000010;
844pub const TRUST_ATTRIBUTE_WITHIN_FOREST: ULONG = 0x00000020;
845pub const TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL: ULONG = 0x00000040;
846pub const TRUST_ATTRIBUTE_TRUST_USES_RC4_ENCRYPTION: ULONG = 0x00000080;
847pub const TRUST_ATTRIBUTE_TRUST_USES_AES_KEYS: ULONG = 0x00000100;
848pub const TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION: ULONG = 0x00000200;
849pub const TRUST_ATTRIBUTE_PIM_TRUST: ULONG = 0x00000400;
850pub const TRUST_ATTRIBUTES_VALID: ULONG = 0xFF03FFFF;
851pub const TRUST_ATTRIBUTES_USER: ULONG = 0xFF000000;
852STRUCT!{struct TRUSTED_DOMAIN_INFORMATION_EX {
853    Name: LSA_UNICODE_STRING,
854    FlatName: LSA_UNICODE_STRING,
855    Sid: PSID,
856    TrustDirection: ULONG,
857    TrustType: ULONG,
858    TrustAttributes: ULONG,
859}}
860pub type PTRUSTED_DOMAIN_INFORMATION_EX = *mut TRUSTED_DOMAIN_INFORMATION_EX;
861STRUCT!{struct TRUSTED_DOMAIN_INFORMATION_EX2 {
862    Name: LSA_UNICODE_STRING,
863    FlatName: LSA_UNICODE_STRING,
864    Sid: PSID,
865    TrustDirection: ULONG,
866    TrustType: ULONG,
867    TrustAttributes: ULONG,
868    ForestTrustLength: ULONG,
869    ForestTrustInfo: PUCHAR,
870}}
871pub type PTRUSTED_DOMAIN_INFORMATION_EX2 = *mut TRUSTED_DOMAIN_INFORMATION_EX2;
872pub const TRUST_AUTH_TYPE_NONE: ULONG = 0;
873pub const TRUST_AUTH_TYPE_NT4OWF: ULONG = 1;
874pub const TRUST_AUTH_TYPE_CLEAR: ULONG = 2;
875pub const TRUST_AUTH_TYPE_VERSION: ULONG = 3;
876STRUCT!{struct LSA_AUTH_INFORMATION {
877    LastUpdateTime: LARGE_INTEGER,
878    AuthType: ULONG,
879    AuthInfoLength: ULONG,
880    AuthInfo: PUCHAR,
881}}
882pub type PLSA_AUTH_INFORMATION = *mut LSA_AUTH_INFORMATION;
883STRUCT!{struct TRUSTED_DOMAIN_AUTH_INFORMATION {
884    IncomingAuthInfos: ULONG,
885    IncomingAuthenticationInformation: PLSA_AUTH_INFORMATION,
886    IncomingPreviousAuthenticationInformation: PLSA_AUTH_INFORMATION,
887    OutgoingAuthInfos: ULONG,
888    OutgoingAuthenticationInformation: PLSA_AUTH_INFORMATION,
889    OutgoingPreviousAuthenticationInformation: PLSA_AUTH_INFORMATION,
890}}
891pub type PTRUSTED_DOMAIN_AUTH_INFORMATION = *mut TRUSTED_DOMAIN_AUTH_INFORMATION;
892STRUCT!{struct TRUSTED_DOMAIN_FULL_INFORMATION {
893    Information: TRUSTED_DOMAIN_INFORMATION_EX,
894    PosixOffset: TRUSTED_POSIX_OFFSET_INFO,
895    AuthInformation: TRUSTED_DOMAIN_AUTH_INFORMATION,
896}}
897pub type PTRUSTED_DOMAIN_FULL_INFORMATION = *mut TRUSTED_DOMAIN_FULL_INFORMATION;
898STRUCT!{struct TRUSTED_DOMAIN_FULL_INFORMATION2 {
899    Information: TRUSTED_DOMAIN_INFORMATION_EX2,
900    PosixOffset: TRUSTED_POSIX_OFFSET_INFO,
901    AuthInformation: TRUSTED_DOMAIN_AUTH_INFORMATION,
902}}
903pub type PTRUSTED_DOMAIN_FULL_INFORMATION2 = *mut TRUSTED_DOMAIN_FULL_INFORMATION2;
904STRUCT!{struct TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES {
905    SupportedEncryptionTypes: ULONG,
906}}
907pub type PTRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES =
908    *mut TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES;
909ENUM!{enum LSA_FOREST_TRUST_RECORD_TYPE {
910    ForestTrustTopLevelName,
911    ForestTrustTopLevelNameEx,
912    ForestTrustDomainInfo,
913    ForestTrustRecordTypeLast = ForestTrustDomainInfo,
914}}
915pub const LSA_FTRECORD_DISABLED_REASONS: ULONG = 0x0000FFFF;
916pub const LSA_TLN_DISABLED_NEW: ULONG = 0x00000001;
917pub const LSA_TLN_DISABLED_ADMIN: ULONG = 0x00000002;
918pub const LSA_TLN_DISABLED_CONFLICT: ULONG = 0x00000004;
919pub const LSA_SID_DISABLED_ADMIN: ULONG = 0x00000001;
920pub const LSA_SID_DISABLED_CONFLICT: ULONG = 0x00000002;
921pub const LSA_NB_DISABLED_ADMIN: ULONG = 0x00000004;
922pub const LSA_NB_DISABLED_CONFLICT: ULONG = 0x00000008;
923STRUCT!{struct LSA_FOREST_TRUST_DOMAIN_INFO {
924    Sid: PSID,
925    DnsName: LSA_UNICODE_STRING,
926    NetbiosName: LSA_UNICODE_STRING,
927}}
928pub type PLSA_FOREST_TRUST_DOMAIN_INFO = *mut LSA_FOREST_TRUST_DOMAIN_INFO;
929pub const MAX_FOREST_TRUST_BINARY_DATA_SIZE: SIZE_T = 128 * 1024;
930STRUCT!{struct LSA_FOREST_TRUST_BINARY_DATA {
931    Length: ULONG,
932    Buffer: PUCHAR,
933}}
934pub type PLSA_FOREST_TRUST_BINARY_DATA = *mut LSA_FOREST_TRUST_BINARY_DATA;
935UNION!{union LSA_FOREST_TRUST_RECORD_FORESTTRUSTDATA {
936    [u32; 5] [u64; 5],
937    TopLevelName TopLevelName_mut: LSA_UNICODE_STRING,
938    DomainInfo DomainInfo_mut: LSA_FOREST_TRUST_DOMAIN_INFO,
939    Data Data_mut: LSA_FOREST_TRUST_BINARY_DATA,
940}}
941STRUCT!{struct LSA_FOREST_TRUST_RECORD {
942    Flags: ULONG,
943    ForestTrustType: LSA_FOREST_TRUST_RECORD_TYPE,
944    Time: LARGE_INTEGER,
945    ForestTrustData: LSA_FOREST_TRUST_RECORD_FORESTTRUSTDATA,
946}}
947pub type PLSA_FOREST_TRUST_RECORD = *mut LSA_FOREST_TRUST_RECORD;
948pub const MAX_RECORDS_IN_FOREST_TRUST_INFO: SIZE_T = 4000;
949STRUCT!{struct LSA_FOREST_TRUST_INFORMATION {
950    RecordCount: ULONG,
951    Entries: *mut PLSA_FOREST_TRUST_RECORD,
952}}
953pub type PLSA_FOREST_TRUST_INFORMATION = LSA_FOREST_TRUST_INFORMATION;
954ENUM!{enum LSA_FOREST_TRUST_COLLISION_RECORD_TYPE {
955    CollisionTdo,
956    CollisionXref,
957    CollisionOther,
958}}
959STRUCT!{struct LSA_FOREST_TRUST_COLLISION_RECORD {
960    Index: ULONG,
961    Type: LSA_FOREST_TRUST_COLLISION_RECORD_TYPE,
962    Flags: ULONG,
963    Name: LSA_UNICODE_STRING,
964}}
965pub type PLSA_FOREST_TRUST_COLLISION_RECORD = *mut LSA_FOREST_TRUST_COLLISION_RECORD;
966STRUCT!{struct LSA_FOREST_TRUST_COLLISION_INFORMATION {
967    RecordCount: ULONG,
968    Entries: *mut PLSA_FOREST_TRUST_COLLISION_RECORD,
969}}
970pub type PLSA_FOREST_TRUST_COLLISION_INFORMATION = *mut LSA_FOREST_TRUST_COLLISION_INFORMATION;
971pub const SECRET_SET_VALUE: ULONG = 0x00000001;
972pub const SECRET_QUERY_VALUE: ULONG = 0x00000002;
973pub const SECRET_ALL_ACCESS: ULONG = STANDARD_RIGHTS_REQUIRED | SECRET_SET_VALUE
974    | SECRET_QUERY_VALUE;
975pub const SECRET_READ: ULONG = STANDARD_RIGHTS_READ | SECRET_QUERY_VALUE;
976pub const SECRET_WRITE: ULONG = STANDARD_RIGHTS_WRITE | SECRET_SET_VALUE;
977pub const SECRET_EXECUTE: ULONG = STANDARD_RIGHTS_EXECUTE;
978pub const LSA_GLOBAL_SECRET_PREFIX: &'static str = "G$";
979pub const LSA_GLOBAL_SECRET_PREFIX_LENGTH: SIZE_T = 2;
980pub const LSA_LOCAL_SECRET_PREFIX: &'static str = "L$";
981pub const LSA_LOCAL_SECRET_PREFIX_LENGTH: SIZE_T = 2;
982pub const LSA_MACHINE_SECRET_PREFIX: &'static str = "M$";
983pub const LSA_MACHINE_SECRET_PREFIX_LENGTH: SIZE_T = 2;
984pub const LSA_SECRET_MAXIMUM_COUNT: SIZE_T = 0x00001000;
985pub const LSA_SECRET_MAXIMUM_LENGTH: SIZE_T = 0x00000200;
986DECLARE_HANDLE!{LSA_ENUMERATION_HANDLE, __LSA_ENUMERATION_HANDLE}
987pub type PLSA_ENUMERATION_HANDLE = *mut LSA_ENUMERATION_HANDLE;
988STRUCT!{struct LSA_ENUMERATION_INFORMATION {
989    Sid: PSID,
990}}
991pub type PLSA_ENUMERATION_INFORMATION = *mut LSA_ENUMERATION_INFORMATION;
992extern "system" {
993    pub fn LsaFreeMemory(
994        Buffer: PVOID,
995    ) -> NTSTATUS;
996    pub fn LsaClose(
997        ObjectHandle: LSA_HANDLE,
998    ) -> NTSTATUS;
999    pub fn LsaDelete(
1000        ObjectHandle: LSA_HANDLE,
1001    ) -> NTSTATUS;
1002    pub fn LsaQuerySecurityObject(
1003        ObjectHandle: LSA_HANDLE,
1004        SecurityInformation: SECURITY_INFORMATION,
1005        SecurityDescriptor: *mut PSECURITY_DESCRIPTOR,
1006    ) -> NTSTATUS;
1007    pub fn LsaSetSecurityObject(
1008        ObjectHandle: LSA_HANDLE,
1009        SecurityInformation: SECURITY_INFORMATION,
1010        SecurityDescriptor: PSECURITY_DESCRIPTOR,
1011    ) -> NTSTATUS;
1012    pub fn LsaChangePassword(
1013        ServerName: PLSA_UNICODE_STRING,
1014        DomainName: PLSA_UNICODE_STRING,
1015        AccountName: PLSA_UNICODE_STRING,
1016        OldPassword: PLSA_UNICODE_STRING,
1017        NewPassword: PLSA_UNICODE_STRING,
1018    ) -> NTSTATUS;
1019}
1020STRUCT!{struct LSA_LAST_INTER_LOGON_INFO {
1021    LastSuccessfulLogon: LARGE_INTEGER,
1022    LastFailedLogon: LARGE_INTEGER,
1023    FailedAttemptCountSinceLastSuccessfulLogon: ULONG,
1024}}
1025pub type PLSA_LAST_INTER_LOGON_INFO = *mut LSA_LAST_INTER_LOGON_INFO;
1026STRUCT!{struct SECURITY_LOGON_SESSION_DATA {
1027    Size: ULONG,
1028    LogonId: LUID,
1029    UserName: LSA_UNICODE_STRING,
1030    LogonDomain: LSA_UNICODE_STRING,
1031    AuthenticationPackage: LSA_UNICODE_STRING,
1032    LogonType: ULONG,
1033    Session: ULONG,
1034    Sid: PSID,
1035    LogonTime: LARGE_INTEGER,
1036    LogonServer: LSA_UNICODE_STRING,
1037    DnsDomainName: LSA_UNICODE_STRING,
1038    Upn: LSA_UNICODE_STRING,
1039    UserFlags: ULONG,
1040    LastLogonInfo: LSA_LAST_INTER_LOGON_INFO,
1041    LogonScript: LSA_UNICODE_STRING,
1042    ProfilePath: LSA_UNICODE_STRING,
1043    HomeDirectory: LSA_UNICODE_STRING,
1044    HomeDirectoryDrive: LSA_UNICODE_STRING,
1045    LogoffTime: LARGE_INTEGER,
1046    KickOffTime: LARGE_INTEGER,
1047    PasswordLastSet: LARGE_INTEGER,
1048    PasswordCanChange: LARGE_INTEGER,
1049    PasswordMustChange: LARGE_INTEGER,
1050}}
1051pub type PSECURITY_LOGON_SESSION_DATA = *mut SECURITY_LOGON_SESSION_DATA;
1052extern "system" {
1053    pub fn LsaEnumerateLogonSessions(
1054        LogonSessionCount: PULONG,
1055        LogonSessionList: *mut PLUID,
1056    ) -> NTSTATUS;
1057    pub fn LsaGetLogonSessionData(
1058        LogonId: PLUID,
1059        ppLogonSessionData: *mut PSECURITY_LOGON_SESSION_DATA,
1060    ) -> NTSTATUS;
1061    pub fn LsaOpenPolicy(
1062        SystemName: PLSA_UNICODE_STRING,
1063        ObjectAttributes: PLSA_OBJECT_ATTRIBUTES,
1064        DesiredAccess: ACCESS_MASK,
1065        PolicyHandle: PLSA_HANDLE,
1066    ) -> NTSTATUS;
1067    pub fn LsaOpenPolicySce(
1068        SystemName: PLSA_UNICODE_STRING,
1069        ObjectAttributes: PLSA_OBJECT_ATTRIBUTES,
1070        DesiredAccess: ACCESS_MASK,
1071        PolicyHandle: PLSA_HANDLE,
1072    ) -> NTSTATUS;
1073}
1074pub const MAXIMUM_CAPES_PER_CAP: SIZE_T = 0x7F;
1075pub const CENTRAL_ACCESS_POLICY_OWNER_RIGHTS_PRESENT_FLAG: ULONG = 0x00000001;
1076pub const CENTRAL_ACCESS_POLICY_STAGED_OWNER_RIGHTS_PRESENT_FLAG: ULONG = 0x00000100;
1077#[inline]
1078pub fn STAGING_FLAG(Effective: ULONG) -> ULONG {
1079    (Effective & 0xF) << 8
1080}
1081pub const CENTRAL_ACCESS_POLICY_STAGED_FLAG: ULONG = 0x00010000;
1082pub const CENTRAL_ACCESS_POLICY_VALID_FLAG_MASK: ULONG =
1083    CENTRAL_ACCESS_POLICY_OWNER_RIGHTS_PRESENT_FLAG
1084    | CENTRAL_ACCESS_POLICY_STAGED_OWNER_RIGHTS_PRESENT_FLAG | CENTRAL_ACCESS_POLICY_STAGED_FLAG;
1085pub const LSASETCAPS_RELOAD_FLAG: ULONG = 0x00000001;
1086pub const LSASETCAPS_VALID_FLAG_MASK: ULONG = LSASETCAPS_RELOAD_FLAG;
1087STRUCT!{struct CENTRAL_ACCESS_POLICY_ENTRY {
1088    Name: LSA_UNICODE_STRING,
1089    Description: LSA_UNICODE_STRING,
1090    ChangeId: LSA_UNICODE_STRING,
1091    LengthAppliesTo: ULONG,
1092    AppliesTo: PUCHAR,
1093    LengthSD: ULONG,
1094    SD: PSECURITY_DESCRIPTOR,
1095    LengthStagedSD: ULONG,
1096    StagedSD: PSECURITY_DESCRIPTOR,
1097    Flags: ULONG,
1098}}
1099pub type PCENTRAL_ACCESS_POLICY_ENTRY = *mut CENTRAL_ACCESS_POLICY_ENTRY;
1100pub type PCCENTRAL_ACCESS_POLICY_ENTRY = *const CENTRAL_ACCESS_POLICY_ENTRY;
1101STRUCT!{struct CENTRAL_ACCESS_POLICY {
1102    CAPID: PSID,
1103    Name: LSA_UNICODE_STRING,
1104    Description: LSA_UNICODE_STRING,
1105    ChangeId: LSA_UNICODE_STRING,
1106    Flags: ULONG,
1107    CAPECount: ULONG,
1108    CAPEs: *mut PCENTRAL_ACCESS_POLICY_ENTRY,
1109}}
1110pub type PCENTRAL_ACCESS_POLICY = *mut CENTRAL_ACCESS_POLICY;
1111pub type PCCENTRAL_ACCESS_POLICY = *const CENTRAL_ACCESS_POLICY;
1112extern "system" {
1113    pub fn LsaSetCAPs(
1114        CAPDNs: PLSA_UNICODE_STRING,
1115        CAPDNCount: ULONG,
1116        Flags: ULONG,
1117    ) -> NTSTATUS;
1118    pub fn LsaGetAppliedCAPIDs(
1119        SystemName: PLSA_UNICODE_STRING,
1120        CAPIDs: *mut *mut PSID,
1121        CAPIDCount: PULONG,
1122    ) -> NTSTATUS;
1123    pub fn LsaQueryCAPs(
1124        CAPIDs: *mut PSID,
1125        CAPIDCount: ULONG,
1126        CAPs: *mut PCENTRAL_ACCESS_POLICY,
1127        CAPCount: PULONG,
1128    ) -> NTSTATUS;
1129    pub fn LsaQueryInformationPolicy(
1130        PolicyHandle: LSA_HANDLE,
1131        InformationClass: POLICY_INFORMATION_CLASS,
1132        Buffer: *mut PVOID,
1133    ) -> NTSTATUS;
1134    pub fn LsaSetInformationPolicy(
1135        PolicyHandle: LSA_HANDLE,
1136        InformationClass: POLICY_INFORMATION_CLASS,
1137        Buffer: PVOID,
1138    ) -> NTSTATUS;
1139    pub fn LsaQueryDomainInformationPolicy(
1140        PolicyHandle: LSA_HANDLE,
1141        InformationClass: POLICY_DOMAIN_INFORMATION_CLASS,
1142        Buffer: *mut PVOID,
1143    ) -> NTSTATUS;
1144    pub fn LsaSetDomainInformationPolicy(
1145        PolicyHandle: LSA_HANDLE,
1146        InformationClass: POLICY_DOMAIN_INFORMATION_CLASS,
1147        Buffer: PVOID,
1148    ) -> NTSTATUS;
1149    pub fn LsaRegisterPolicyChangeNotification(
1150        InformationClass: POLICY_NOTIFICATION_INFORMATION_CLASS,
1151        NotifcationEventHandle: HANDLE,
1152    ) -> NTSTATUS;
1153    pub fn LsaUnregisterPolicyChangeNotification(
1154        InformationClass: POLICY_NOTIFICATION_INFORMATION_CLASS,
1155        NotifcationEventHandle: HANDLE,
1156    ) -> NTSTATUS;
1157    pub fn LsaClearAuditLog(
1158        PolicyHandle: LSA_HANDLE,
1159    ) -> NTSTATUS;
1160    pub fn LsaCreateAccount(
1161        PolicyHandle: LSA_HANDLE,
1162        AccountSid: PSID,
1163        DesiredAccess: ACCESS_MASK,
1164        AccountHandle: PLSA_HANDLE,
1165    ) -> NTSTATUS;
1166    pub fn LsaEnumerateAccounts(
1167        PolicyHandle: LSA_HANDLE,
1168        EnumerationContext: PLSA_ENUMERATION_HANDLE,
1169        Buffer: *mut PVOID,
1170        PreferredMaximumLength: ULONG,
1171        CountReturned: PULONG,
1172    ) -> NTSTATUS;
1173    pub fn LsaCreateTrustedDomain(
1174        PolicyHandle: LSA_HANDLE,
1175        TrustedDomainInformation: PLSA_TRUST_INFORMATION,
1176        DesiredAccess: ACCESS_MASK,
1177        TrustedDomainHandle: PLSA_HANDLE,
1178    ) -> NTSTATUS;
1179    pub fn LsaEnumerateTrustedDomains(
1180        PolicyHandle: LSA_HANDLE,
1181        EnumerationContext: PLSA_ENUMERATION_HANDLE,
1182        Buffer: *mut PVOID,
1183        PreferredMaximumLength: ULONG,
1184        CountReturned: PULONG,
1185    ) -> NTSTATUS;
1186    pub fn LsaEnumeratePrivileges(
1187        PolicyHandle: LSA_HANDLE,
1188        EnumerationContext: PLSA_ENUMERATION_HANDLE,
1189        Buffer: *mut PVOID,
1190        PreferredMaximumLength: ULONG,
1191        CountReturned: PULONG,
1192    ) -> NTSTATUS;
1193    pub fn LsaLookupNames(
1194        PolicyHandle: LSA_HANDLE,
1195        Count: ULONG,
1196        Names: PLSA_UNICODE_STRING,
1197        ReferencedDomains: *mut PLSA_REFERENCED_DOMAIN_LIST,
1198        Sids: *mut PLSA_TRANSLATED_SID,
1199    ) -> NTSTATUS;
1200    pub fn LsaLookupNames2(
1201        PolicyHandle: LSA_HANDLE,
1202        Flags: ULONG,
1203        Count: ULONG,
1204        Names: PLSA_UNICODE_STRING,
1205        ReferencedDomains: *mut PLSA_REFERENCED_DOMAIN_LIST,
1206        Sids: *mut PLSA_TRANSLATED_SID2,
1207    ) -> NTSTATUS;
1208    pub fn LsaLookupSids(
1209        PolicyHandle: LSA_HANDLE,
1210        Count: ULONG,
1211        Sids: *mut PSID,
1212        ReferencedDomains: *mut PLSA_REFERENCED_DOMAIN_LIST,
1213        Names: *mut PLSA_TRANSLATED_NAME,
1214    ) -> NTSTATUS;
1215    pub fn LsaLookupSids2(
1216        PolicyHandle: LSA_HANDLE,
1217        LookupOptions: ULONG,
1218        Count: ULONG,
1219        Sids: *mut PSID,
1220        ReferencedDomains: *mut PLSA_REFERENCED_DOMAIN_LIST,
1221        Names: *mut PLSA_TRANSLATED_NAME,
1222    ) -> NTSTATUS;
1223    pub fn LsaCreateSecret(
1224        PolicyHandle: LSA_HANDLE,
1225        SecretName: PLSA_UNICODE_STRING,
1226        DesiredAccess: ACCESS_MASK,
1227        SecretHandle: PLSA_HANDLE,
1228    ) -> NTSTATUS;
1229    pub fn LsaOpenAccount(
1230        PolicyHandle: LSA_HANDLE,
1231        AccountSid: PSID,
1232        DesiredAccess: ACCESS_MASK,
1233        AccountHandle: PLSA_HANDLE,
1234    ) -> NTSTATUS;
1235    pub fn LsaEnumeratePrivilegesOfAccount(
1236        AccountHandle: LSA_HANDLE,
1237        Privileges: *mut PPRIVILEGE_SET,
1238    ) -> NTSTATUS;
1239    pub fn LsaAddPrivilegesToAccount(
1240        AccountHandle: LSA_HANDLE,
1241        Privileges: PPRIVILEGE_SET,
1242    ) -> NTSTATUS;
1243    pub fn LsaRemovePrivilegesFromAccount(
1244        AccountHandle: LSA_HANDLE,
1245        AllPrivileges: BOOLEAN,
1246        Privileges: PPRIVILEGE_SET,
1247    ) -> NTSTATUS;
1248    pub fn LsaGetQuotasForAccount(
1249        AccountHandle: LSA_HANDLE,
1250        QuotaLimits: PQUOTA_LIMITS,
1251    ) -> NTSTATUS;
1252    pub fn LsaSetQuotasForAccount(
1253        AccountHandle: LSA_HANDLE,
1254        QuotaLimits: PQUOTA_LIMITS,
1255    ) -> NTSTATUS;
1256    pub fn LsaGetSystemAccessAccount(
1257        AccountHandle: LSA_HANDLE,
1258        SystemAccess: PULONG,
1259    ) -> NTSTATUS;
1260    pub fn LsaSetSystemAccessAccount(
1261        AccountHandle: LSA_HANDLE,
1262        SystemAccess: ULONG,
1263    ) -> NTSTATUS;
1264    pub fn LsaOpenTrustedDomain(
1265        PolicyHandle: LSA_HANDLE,
1266        TrustedDomainSid: PSID,
1267        DesiredAccess: ACCESS_MASK,
1268        TrustedDomainHandle: PLSA_HANDLE,
1269    ) -> NTSTATUS;
1270    pub fn LsaQueryInfoTrustedDomain(
1271        TrustedDomainHandle: LSA_HANDLE,
1272        InformationClass: TRUSTED_INFORMATION_CLASS,
1273        Buffer: *mut PVOID,
1274    ) -> NTSTATUS;
1275    pub fn LsaSetInformationTrustedDomain(
1276        TrustedDomainHandle: LSA_HANDLE,
1277        InformationClass: TRUSTED_INFORMATION_CLASS,
1278        Buffer: PVOID,
1279    ) -> NTSTATUS;
1280    pub fn LsaOpenSecret(
1281        PolicyHandle: LSA_HANDLE,
1282        SecretName: PLSA_UNICODE_STRING,
1283        DesiredAccess: ACCESS_MASK,
1284        SecretHandle: PLSA_HANDLE,
1285    ) -> NTSTATUS;
1286    pub fn LsaSetSecret(
1287        SecretHandle: LSA_HANDLE,
1288        CurrentValue: PLSA_UNICODE_STRING,
1289        OldValue: PLSA_UNICODE_STRING,
1290    ) -> NTSTATUS;
1291    pub fn LsaQuerySecret(
1292        SecretHandle: LSA_HANDLE,
1293        CurrentValue: *mut PLSA_UNICODE_STRING,
1294        CurrentValueSetTime: PLARGE_INTEGER,
1295        OldValue: *mut PLSA_UNICODE_STRING,
1296        OldValueSetTime: PLARGE_INTEGER,
1297    ) -> NTSTATUS;
1298    pub fn LsaLookupPrivilegeValue(
1299        PolicyHandle: LSA_HANDLE,
1300        Name: PLSA_UNICODE_STRING,
1301        Value: PLUID,
1302    ) -> NTSTATUS;
1303    pub fn LsaLookupPrivilegeName(
1304        PolicyHandle: LSA_HANDLE,
1305        Value: PLUID,
1306        Name: *mut PLSA_UNICODE_STRING,
1307    ) -> NTSTATUS;
1308    pub fn LsaLookupPrivilegeDisplayName(
1309        PolicyHandle: LSA_HANDLE,
1310        Name: PLSA_UNICODE_STRING,
1311        DisplayName: *mut PLSA_UNICODE_STRING,
1312        LanguageReturned: PSHORT,
1313    ) -> NTSTATUS;
1314}
1315extern "C" {
1316    pub fn LsaGetUserName(
1317        UserName: *mut PLSA_UNICODE_STRING,
1318        DomainName: *mut PLSA_UNICODE_STRING,
1319    ) -> NTSTATUS;
1320    pub fn LsaGetRemoteUserName(
1321        SystemName: PLSA_UNICODE_STRING,
1322        UserName: *mut PLSA_UNICODE_STRING,
1323        DomainName: *mut PLSA_UNICODE_STRING,
1324    ) -> NTSTATUS;
1325}
1326pub const SE_INTERACTIVE_LOGON_NAME: &'static str = "SeInteractiveLogonRight";
1327pub const SE_NETWORK_LOGON_NAME: &'static str = "SeNetworkLogonRight";
1328pub const SE_BATCH_LOGON_NAME: &'static str = "SeBatchLogonRight";
1329pub const SE_SERVICE_LOGON_NAME: &'static str = "SeServiceLogonRight";
1330pub const SE_DENY_INTERACTIVE_LOGON_NAME: &'static str = "SeDenyInteractiveLogonRight";
1331pub const SE_DENY_NETWORK_LOGON_NAME: &'static str = "SeDenyNetworkLogonRight";
1332pub const SE_DENY_BATCH_LOGON_NAME: &'static str = "SeDenyBatchLogonRight";
1333pub const SE_DENY_SERVICE_LOGON_NAME: &'static str = "SeDenyServiceLogonRight";
1334pub const SE_REMOTE_INTERACTIVE_LOGON_NAME: &'static str = "SeRemoteInteractiveLogonRight";
1335pub const SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME: &'static str =
1336    "SeDenyRemoteInteractiveLogonRight";
1337extern "system" {
1338    pub fn LsaEnumerateAccountsWithUserRight(
1339        PolictHandle: LSA_HANDLE,
1340        UserRights: PLSA_UNICODE_STRING,
1341        EnumerationBuffer: *mut PVOID,
1342        CountReturned: PULONG,
1343    ) -> NTSTATUS;
1344    pub fn LsaEnumerateAccountRights(
1345        PolicyHandle: LSA_HANDLE,
1346        AccountSid: PSID,
1347        UserRights: *mut PLSA_UNICODE_STRING,
1348        CountOfRights: PULONG,
1349    ) -> NTSTATUS;
1350    pub fn LsaAddAccountRights(
1351        PolicyHandle: LSA_HANDLE,
1352        AccountSid: PSID,
1353        UserRights: PLSA_UNICODE_STRING,
1354        CountOfRights: ULONG,
1355    ) -> NTSTATUS;
1356    pub fn LsaRemoveAccountRights(
1357        PolicyHandle: LSA_HANDLE,
1358        AccountSid: PSID,
1359        AllRights: BOOLEAN,
1360        UserRights: PLSA_UNICODE_STRING,
1361        CountOfRights: ULONG,
1362    ) -> NTSTATUS;
1363    pub fn LsaOpenTrustedDomainByName(
1364        PolicyHandle: LSA_HANDLE,
1365        TrustedDomainName: PLSA_UNICODE_STRING,
1366        DesiredAccess: ACCESS_MASK,
1367        TrustedDomainHandle: PLSA_HANDLE,
1368    ) -> NTSTATUS;
1369    pub fn LsaQueryTrustedDomainInfo(
1370        PolicyHandle: LSA_HANDLE,
1371        TrustedDomainSid: PSID,
1372        InformationClass: TRUSTED_INFORMATION_CLASS,
1373        Buffer: *mut PVOID,
1374    ) -> NTSTATUS;
1375    pub fn LsaSetTrustedDomainInformation(
1376        PolicyHandle: LSA_HANDLE,
1377        TrustedDomainSid: PSID,
1378        InformationClass: TRUSTED_INFORMATION_CLASS,
1379        Buffer: PVOID,
1380    ) -> NTSTATUS;
1381    pub fn LsaDeleteTrustedDomain(
1382        PolicyHandle: LSA_HANDLE,
1383        TrustedDomainSid: PSID,
1384    ) -> NTSTATUS;
1385    pub fn LsaQueryTrustedDomainInfoByName(
1386        PolicyHandle: LSA_HANDLE,
1387        TrustedDomainName: PLSA_UNICODE_STRING,
1388        InformationClass: TRUSTED_INFORMATION_CLASS,
1389        Buffer: *mut PVOID,
1390    ) -> NTSTATUS;
1391    pub fn LsaSetTrustedDomainInfoByName(
1392        PolicyHandle: LSA_HANDLE,
1393        TrustedDomainName: PLSA_UNICODE_STRING,
1394        InformationClass: TRUSTED_INFORMATION_CLASS,
1395        Buffer: PVOID,
1396    ) -> NTSTATUS;
1397    pub fn LsaEnumerateTrustedDomainsEx(
1398        PolicyHandle: LSA_HANDLE,
1399        EnumerationContext: PLSA_ENUMERATION_HANDLE,
1400        Buffer: *mut PVOID,
1401        PreferredMaximumLength: ULONG,
1402        CountReturned: PULONG,
1403    ) -> NTSTATUS;
1404    pub fn LsaCreateTrustedDomainEx(
1405        PolicyHandle: LSA_HANDLE,
1406        TrustedDomainInformation: PTRUSTED_DOMAIN_INFORMATION_EX,
1407        AuthenticationInformation: PTRUSTED_DOMAIN_AUTH_INFORMATION,
1408        DesiredAccess: ACCESS_MASK,
1409        TrustedDomainHandle: PLSA_HANDLE,
1410    ) -> NTSTATUS;
1411    pub fn LsaQueryForestTrustInformation(
1412        PolicyHandle: LSA_HANDLE,
1413        TrustedDomainName: PLSA_UNICODE_STRING,
1414        ForestTrustInfo: *mut PLSA_FOREST_TRUST_INFORMATION,
1415    ) -> NTSTATUS;
1416    pub fn LsaSetForestTrustInformation(
1417        PolicyHandle: LSA_HANDLE,
1418        TrustedDomainName: PLSA_UNICODE_STRING,
1419        ForestTrustInfo: PLSA_FOREST_TRUST_INFORMATION,
1420        CheckOnly: BOOLEAN,
1421        CollisionInfo: *mut PLSA_FOREST_TRUST_COLLISION_INFORMATION,
1422    ) -> NTSTATUS;
1423    pub fn LsaForestTrustFindMatch(
1424        PolicyHandle: LSA_HANDLE,
1425        Type: ULONG,
1426        Name: PLSA_UNICODE_STRING,
1427        Match: *mut PLSA_UNICODE_STRING,
1428    ) -> NTSTATUS;
1429    pub fn LsaStorePrivateData(
1430        PolicyHandle: LSA_HANDLE,
1431        KeyName: PLSA_UNICODE_STRING,
1432        PrivateData: PLSA_UNICODE_STRING,
1433    ) -> NTSTATUS;
1434    pub fn LsaRetrievePrivateData(
1435        PolicyHandle: LSA_HANDLE,
1436        KeyName: PLSA_UNICODE_STRING,
1437        PrivateData: *mut PLSA_UNICODE_STRING,
1438    ) -> NTSTATUS;
1439    pub fn LsaNtStatusToWinError(
1440        Status: NTSTATUS,
1441    ) -> ULONG;
1442}
1443ENUM!{enum NEGOTIATE_MESSAGES {
1444    NegEnumPackagePrefixes = 0,
1445    NegGetCallerName = 1,
1446    NegTransferCredentials = 2,
1447    NegEnumPackageNames = 3,
1448    NegCallPackageMax,
1449}}
1450pub const NEGOTIATE_MAX_PREFIX: SIZE_T = 32;
1451STRUCT!{struct NEGOTIATE_PACKAGE_PREFIX {
1452    PackageId: ULONG_PTR,
1453    PackageDataA: PVOID,
1454    PackageDataW: PVOID,
1455    PrefixLen: ULONG_PTR,
1456    Prefix: [UCHAR; NEGOTIATE_MAX_PREFIX],
1457}}
1458pub type PNEGOTIATE_PACKAGE_PREFIX = *mut NEGOTIATE_PACKAGE_PREFIX;
1459STRUCT!{struct NEGOTIATE_PACKAGE_PREFIXES {
1460    MessageType: ULONG,
1461    PrefixCount: ULONG,
1462    Offset: ULONG,
1463    Pad: ULONG,
1464}}
1465pub type PNEGOTIATE_PACKAGE_PREFIXES = *mut NEGOTIATE_PACKAGE_PREFIXES;
1466STRUCT!{struct NEGOTIATE_CALLER_NAME_REQUEST {
1467    MessageType: ULONG,
1468    LogonId: LUID,
1469}}
1470pub type PNEGOTIATE_CALLER_NAME_REQUEST = *mut NEGOTIATE_CALLER_NAME_REQUEST;
1471STRUCT!{struct NEGOTIATE_CALLER_NAME_RESPONSE {
1472    Messagetype: ULONG,
1473    CallerName: PWSTR,
1474}}
1475pub type PNEGOTIATE_CALLER_NAME_RESPONSE = *mut NEGOTIATE_CALLER_NAME_RESPONSE;
1476STRUCT!{struct NEGOTIATE_PACKAGE_NAMES {
1477    NamesCount: ULONG,
1478    Names: [UNICODE_STRING; ANYSIZE_ARRAY],
1479}}
1480pub type PNEGOTIATE_PACKAGE_NAMES = *mut NEGOTIATE_PACKAGE_NAMES;
1481pub const NEGOTIATE_ALLOW_NTLM: ULONG = 0x10000000;
1482pub const NEGOTIATE_NEG_NTLM: ULONG = 0x20000000;
1483STRUCT!{struct NEGOTIATE_PACKAGE_PREFIX_WOW {
1484    PackageId: ULONG,
1485    PackageDataA: ULONG,
1486    PackageDataW: ULONG,
1487    PrefixLen: ULONG,
1488    Prefix: [UCHAR; NEGOTIATE_MAX_PREFIX],
1489}}
1490pub type PNEGOTIATE_PACKAGE_PREFIX_WOW = *mut NEGOTIATE_PACKAGE_PREFIX_WOW;
1491STRUCT!{struct NEGOTIATE_CALLER_NAME_RESPONSE_WOW {
1492    MessageType: ULONG,
1493    CallerName: ULONG,
1494}}
1495pub type PNEGOTIATE_CALLER_NAME_RESPONSE_WOW = *mut NEGOTIATE_CALLER_NAME_RESPONSE_WOW;
1496extern "system" {
1497    pub fn LsaSetPolicyReplicationHandle(
1498        PolicyHandle: PLSA_HANDLE,
1499    ) -> NTSTATUS;
1500}
1501pub const MAX_USER_RECORDS: SIZE_T = 1000;
1502STRUCT!{struct LSA_USER_REGISTRATION_INFO {
1503    Sid: LSA_UNICODE_STRING,
1504    DeviceId: LSA_UNICODE_STRING,
1505    Username: LSA_UNICODE_STRING,
1506    Thumbprint: LSA_UNICODE_STRING,
1507    RegistrationTime: LARGE_INTEGER,
1508}}
1509pub type PLSA_USER_REGISTRATION_INFO = *mut LSA_USER_REGISTRATION_INFO;
1510STRUCT!{struct LSA_REGISTRATION_INFO {
1511    RegisteredCount: ULONG,
1512    UserRegistrationInfo: *mut PLSA_USER_REGISTRATION_INFO,
1513}}
1514pub type PLSA_REGISTRATION_INFO = *mut LSA_REGISTRATION_INFO;
1515extern "system" {
1516    pub fn LsaGetDeviceRegistrationInfo(
1517        RegistrationInfo: *mut PLSA_REGISTRATION_INFO,
1518    ) -> NTSTATUS;
1519}
1520ENUM!{enum LSA_CREDENTIAL_KEY_SOURCE_TYPE {
1521    eFromPrecomputed = 1,
1522    eFromClearPassword,
1523    eFromNtOwf,
1524}}
1525pub type PLSA_CREDENTIAL_KEY_SOURCE_TYPE = *mut LSA_CREDENTIAL_KEY_SOURCE_TYPE;
1526extern "C" {
1527    pub fn SeciIsProtectedUser(
1528        ProtectedUser: PBOOLEAN,
1529    ) -> NTSTATUS;
1530}
winapi_ui_automation/um/ntlsa.rs

winapi_ui_automation/um/
ntlsa.rs
