include/ntsecapi.h

   1 /*
   2  * Copyright (C) 1999 Juergen Schmied
   3  *
   4  * This library is free software; you can redistribute it and/or
   5  * modify it under the terms of the GNU Lesser General Public
   6  * License as published by the Free Software Foundation; either
   7  * version 2.1 of the License, or (at your option) any later version.
   8  *
   9  * This library is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  12  * Lesser General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU Lesser General Public
  15  * License along with this library; if not, write to the Free Software
  16  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  17  */
  18
  19 #ifndef __WINE_NTSECAPI_H
  20 #define __WINE_NTSECAPI_H
  21
  22 #ifndef GUID_DEFINED
  23 # include <guiddef.h>
  24 #endif
  25
  26 #ifdef __cplusplus
  27 extern "C" {
  28 #endif /* defined(__cplusplus) */
  29
  30 /* Policy access rights */
  31 #define POLICY_VIEW_LOCAL_INFORMATION           __MSABI_LONG(0x00000001)
  32 #define POLICY_VIEW_AUDIT_INFORMATION           __MSABI_LONG(0x00000002)
  33 #define POLICY_GET_PRIVATE_INFORMATION          __MSABI_LONG(0x00000004)
  34 #define POLICY_TRUST_ADMIN                      __MSABI_LONG(0x00000008)
  35 #define POLICY_CREATE_ACCOUNT                   __MSABI_LONG(0x00000010)
  36 #define POLICY_CREATE_SECRET                    __MSABI_LONG(0x00000020)
  37 #define POLICY_CREATE_PRIVILEGE                 __MSABI_LONG(0x00000040)
  38 #define POLICY_SET_DEFAULT_QUOTA_LIMITS         __MSABI_LONG(0x00000080)
  39 #define POLICY_SET_AUDIT_REQUIREMENTS           __MSABI_LONG(0x00000100)
  40 #define POLICY_AUDIT_LOG_ADMIN                  __MSABI_LONG(0x00000200)
  41 #define POLICY_SERVER_ADMIN                     __MSABI_LONG(0x00000400)
  42 #define POLICY_LOOKUP_NAMES                     __MSABI_LONG(0x00000800)
  43 #define POLICY_NOTIFICATION                     __MSABI_LONG(0x00001000)
  44
  45 #define POLICY_ALL_ACCESS                       ( \
  46     STANDARD_RIGHTS_REQUIRED | \
  47     POLICY_VIEW_LOCAL_INFORMATION | \
  48     POLICY_VIEW_AUDIT_INFORMATION | \
  49     POLICY_GET_PRIVATE_INFORMATION | \
  50     POLICY_TRUST_ADMIN | \
  51     POLICY_CREATE_ACCOUNT | \
  52     POLICY_CREATE_SECRET | \
  53     POLICY_CREATE_PRIVILEGE | \
  54     POLICY_SET_DEFAULT_QUOTA_LIMITS | \
  55     POLICY_SET_AUDIT_REQUIREMENTS | \
  56     POLICY_AUDIT_LOG_ADMIN | \
  57     POLICY_SERVER_ADMIN | \
  58     POLICY_LOOKUP_NAMES)
  59
  60
  61 #define POLICY_READ                             ( \
  62     STANDARD_RIGHTS_READ | \
  63     POLICY_VIEW_AUDIT_INFORMATION | \
  64     POLICY_GET_PRIVATE_INFORMATION)
  65
  66 #define POLICY_WRITE                            ( \
  67    STANDARD_RIGHTS_WRITE | \
  68    POLICY_TRUST_ADMIN | \
  69    POLICY_CREATE_ACCOUNT | \
  70    POLICY_CREATE_SECRET | \
  71    POLICY_CREATE_PRIVILEGE | \
  72    POLICY_SET_DEFAULT_QUOTA_LIMITS | \
  73    POLICY_SET_AUDIT_REQUIREMENTS | \
  74    POLICY_AUDIT_LOG_ADMIN | \
  75    POLICY_SERVER_ADMIN)
  76
  77 #define POLICY_EXECUTE                          ( \
  78    STANDARD_RIGHTS_EXECUTE | \
  79    POLICY_VIEW_LOCAL_INFORMATION | \
  80    POLICY_LOOKUP_NAMES)
  81
  82 #define POLICY_AUDIT_EVENT_UNCHANGED __MSABI_LONG(0x00000000)
  83 #define POLICY_AUDIT_EVENT_SUCCESS   __MSABI_LONG(0x00000001)
  84 #define POLICY_AUDIT_EVENT_FAILURE   __MSABI_LONG(0x00000002)
  85 #define POLICY_AUDIT_EVENT_NONE      __MSABI_LONG(0x00000004)
  86
  87 #define POLICY_AUDIT_EVENT_MASK (POLICY_AUDIT_EVENT_SUCCESS | \
  88                                  POLICY_AUDIT_EVENT_FAILURE | \
  89                                  POLICY_AUDIT_EVENT_NONE)
  90
  91 /* logon rights names */
  92 #define SE_BATCH_LOGON_NAME \
  93  TEXT("SeBatchLogonRight")
  94 #define SE_INTERACTIVE_LOGON_NAME \
  95  TEXT("SeInteractiveLogonRight")
  96 #define SE_NETWORK_LOGON_NAME \
  97  TEXT("SeNetworkLogonRight")
  98 #define SE_REMOTE_INTERACTIVE_LOGON_NAME \
  99  TEXT("SeRemoteInteractiveLogonRight")
 100 #define SE_SERVICE_LOGON_NAME \
 101  TEXT("SeServiceLogonRight")
 102 #define SE_DENY_BATCH_LOGON_NAME \
 103  TEXT("SeDenyBatchLogonRight")
 104 #define SE_DENY_INTERACTIVE_LOGON_NAME \
 105  TEXT("SeDenyInteractiveLogonRight")
 106 #define SE_DENY_NETWORK_LOGON_NAME \
 107  TEXT("SeDenyNetworkLogonRight")
 108 #define SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME \
 109  TEXT("SeDenyRemoteInteractiveLogonRight")
 110 #define SE_DENY_SERVICE_LOGON_NAME \
 111  TEXT("SeDenyServiceLogonRight")
 112
 113 #ifndef WINE_NTSTATUS_DECLARED
 114 #define WINE_NTSTATUS_DECLARED
 115 typedef LONG NTSTATUS;
 116 #endif
 117 #ifndef WINE_PNTSTATUS_DECLARED
 118 #define WINE_PNTSTATUS_DECLARED
 119 typedef NTSTATUS *PNTSTATUS;
 120 #endif
 121
 122 typedef enum _SECURITY_LOGON_TYPE
 123 {
 124     Interactive = 2,
 125     Network,
 126     Batch,
 127     Service,
 128     Proxy
 129 } SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE;
 130
 131 typedef enum _POLICY_AUDIT_EVENT_TYPE
 132 {
 133     AuditCategorySystem,
 134     AuditCategoryLogon,
 135     AuditCategoryObjectAccess,
 136     AuditCategoryPrivilegeUse,
 137     AuditCategoryDetailedTracking,
 138     AuditCategoryPolicyChange,
 139     AuditCategoryAccountManagement
 140 } POLICY_AUDIT_EVENT_TYPE, *PPOLICY_AUDIT_EVENT_TYPE;
 141
 142 #ifndef __STRING_DEFINED__
 143 #define __STRING_DEFINED__
 144 typedef struct _STRING {
 145   USHORT Length;
 146   USHORT MaximumLength;
 147   PCHAR Buffer;
 148 } STRING, *PSTRING;
 149 #endif
 150
 151 #ifndef __UNICODE_STRING_DEFINED__
 152 #define __UNICODE_STRING_DEFINED__
 153 typedef struct _UNICODE_STRING {
 154   USHORT Length;        /* bytes */
 155   USHORT MaximumLength; /* bytes */
 156   PWSTR  Buffer;
 157 } UNICODE_STRING, *PUNICODE_STRING;
 158 #endif
 159
 160 #ifndef __OBJECT_ATTRIBUTES_DEFINED__
 161 #define __OBJECT_ATTRIBUTES_DEFINED__
 162 typedef struct _OBJECT_ATTRIBUTES {
 163   ULONG Length;
 164   HANDLE RootDirectory;
 165   PUNICODE_STRING ObjectName;
 166   ULONG Attributes;
 167   PVOID SecurityDescriptor;       /* type SECURITY_DESCRIPTOR */
 168   PVOID SecurityQualityOfService; /* type SECURITY_QUALITY_OF_SERVICE */
 169 } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
 170 #endif
 171
 172 typedef UNICODE_STRING LSA_UNICODE_STRING, *PLSA_UNICODE_STRING;
 173 typedef STRING LSA_STRING, *PLSA_STRING;
 174 typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES;
 175
 176 typedef PVOID LSA_HANDLE, *PLSA_HANDLE;
 177 typedef ULONG LSA_ENUMERATION_HANDLE, *PLSA_ENUMERATION_HANDLE;
 178 typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE;
 179
 180 typedef enum
 181 {
 182         PolicyAuditLogInformation = 1,
 183         PolicyAuditEventsInformation,
 184         PolicyPrimaryDomainInformation,
 185         PolicyPdAccountInformation,
 186         PolicyAccountDomainInformation,
 187         PolicyLsaServerRoleInformation,
 188         PolicyReplicaSourceInformation,
 189         PolicyDefaultQuotaInformation,
 190         PolicyModificationInformation,
 191         PolicyAuditFullSetInformation,
 192         PolicyAuditFullQueryInformation,
 193         PolicyDnsDomainInformation
 194 } POLICY_INFORMATION_CLASS, *PPOLICY_INFORMATION_CLASS;
 195
 196 typedef ULONG POLICY_AUDIT_EVENT_OPTIONS, *PPOLICY_AUDIT_EVENT_OPTIONS;
 197
 198 typedef struct _POLICY_AUDIT_EVENTS_INFO
 199 {
 200         BOOLEAN AuditingMode;
 201         PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions;
 202         ULONG MaximumAuditEventCount;
 203 } POLICY_AUDIT_EVENTS_INFO, *PPOLICY_AUDIT_EVENTS_INFO;
 204
 205 typedef struct _POLICY_PRIMARY_DOMAIN_INFO
 206 {
 207     LSA_UNICODE_STRING Name;
 208     PSID Sid;
 209 } POLICY_PRIMARY_DOMAIN_INFO, *PPOLICY_PRIMARY_DOMAIN_INFO;
 210
 211 typedef struct _POLICY_ACCOUNT_DOMAIN_INFO
 212 {
 213     LSA_UNICODE_STRING DomainName;
 214     PSID DomainSid;
 215 } POLICY_ACCOUNT_DOMAIN_INFO, *PPOLICY_ACCOUNT_DOMAIN_INFO;
 216
 217 typedef struct _POLICY_DNS_DOMAIN_INFO
 218 {
 219     LSA_UNICODE_STRING Name;
 220     LSA_UNICODE_STRING DnsDomainName;
 221     LSA_UNICODE_STRING DnsForestName;
 222     GUID DomainGuid;
 223     PSID Sid;
 224 } POLICY_DNS_DOMAIN_INFO, *PPOLICY_DNS_DOMAIN_INFO;
 225
 226 typedef enum _POLICY_LSA_SERVER_ROLE
 227 {
 228     PolicyServerRoleBackup = 2,
 229     PolicyServerRolePrimary
 230 } POLICY_LSA_SERVER_ROLE, *PPOLICY_LSA_SERVER_ROLE;
 231
 232 typedef struct _POLICY_LSA_SERVER_ROLE_INFO
 233 {
 234     POLICY_LSA_SERVER_ROLE LsaServerRole;
 235 } POLICY_LSA_SERVER_ROLE_INFO, *PPOLICY_LSA_SERVER_ROLE_INFO;
 236
 237 typedef struct _POLICY_MODIFICATION_INFO
 238 {
 239     LARGE_INTEGER ModifiedId;
 240     LARGE_INTEGER DatabaseCreationTime;
 241 } POLICY_MODIFICATION_INFO, *PPOLICY_MODIFICATION_INFO;
 242
 243 typedef struct _SECURITY_LOGON_SESSION_DATA {
 244     ULONG Size;
 245     LUID LogonId;
 246     LSA_UNICODE_STRING UserName;
 247     LSA_UNICODE_STRING LogonDomain;
 248     LSA_UNICODE_STRING AuthenticationPackage;
 249     ULONG LogonType;
 250     ULONG Session;
 251     PSID Sid;
 252     LARGE_INTEGER LogonTime;
 253     LSA_UNICODE_STRING LogonServer;
 254     LSA_UNICODE_STRING DnsDomainName;
 255     LSA_UNICODE_STRING Upn;
 256 } SECURITY_LOGON_SESSION_DATA, *PSECURITY_LOGON_SESSION_DATA;
 257
 258 typedef struct
 259 {
 260     SID_NAME_USE Use;
 261     LSA_UNICODE_STRING Name;
 262     LONG DomainIndex;
 263 } LSA_TRANSLATED_NAME, *PLSA_TRANSLATED_NAME;
 264
 265 typedef struct
 266 {
 267     LSA_UNICODE_STRING Name;
 268     PSID Sid;
 269 } LSA_TRUST_INFORMATION, *PLSA_TRUST_INFORMATION;
 270
 271 typedef struct
 272 {
 273     ULONG Entries;
 274     PLSA_TRUST_INFORMATION Domains;
 275 } LSA_REFERENCED_DOMAIN_LIST, *PLSA_REFERENCED_DOMAIN_LIST;
 276
 277 typedef struct _LSA_TRANSLATED_SID
 278 {
 279     SID_NAME_USE Use;
 280     ULONG RelativeId;
 281     LONG DomainIndex;
 282 } LSA_TRANSLATED_SID, *PLSA_TRANSLATED_SID;
 283
 284 typedef struct _TRUSTED_DOMAIN_INFORMATION_EX
 285 {
 286     LSA_UNICODE_STRING Name;
 287     LSA_UNICODE_STRING FlatName;
 288     PSID Sid;
 289     ULONG TrustDirection;
 290     ULONG TrustType;
 291     ULONG TrustAttributes;
 292 } TRUSTED_DOMAIN_INFORMATION_EX, *PTRUSTED_DOMAIN_INFORMATION_EX;
 293
 294 typedef struct _LSA_AUTH_INFORMATION
 295 {
 296     LARGE_INTEGER LastUpdateTime;
 297     ULONG AuthType;
 298     ULONG AuthInfoLength;
 299     PUCHAR AuthInfo;
 300 } LSA_AUTH_INFORMATION, *PLSA_AUTH_INFORMATION;
 301
 302 typedef struct _TRUSTED_DOMAIN_AUTH_INFORMATION
 303 {
 304     ULONG IncomingAuthInfos;
 305     PLSA_AUTH_INFORMATION IncomingAuthenticationInformation;
 306     PLSA_AUTH_INFORMATION IncomingPreviousAuthenticationInformation;
 307     ULONG OutgoingAuthInfos;
 308     PLSA_AUTH_INFORMATION OutgoingAuthenticationInformation;
 309     PLSA_AUTH_INFORMATION OutgoingPreviousAuthenticationInformation;
 310 } TRUSTED_DOMAIN_AUTH_INFORMATION, *PTRUSTED_DOMAIN_AUTH_INFORMATION;
 311
 312 typedef struct _LSA_TRANSLATED_SID2
 313 {
 314     SID_NAME_USE Use;
 315     PSID Sid;
 316     LONG DomainIndex;
 317     ULONG Flags;
 318 } LSA_TRANSLATED_SID2, *PLSA_TRANSLATED_SID2;
 319
 320 typedef enum _TRUSTED_INFORMATION_CLASS
 321 {
 322     TrustedDomainNameInformation = 1,
 323     TrustedControllersInformation,
 324     TrustedPosixOffsetInformation,
 325     TrustedPasswordInformation,
 326     TrustedDomainInformationBasic,
 327     TrustedDomainInformationEx,
 328     TrustedDomainAuthInformation,
 329     TrustedDomainFullInformation
 330 } TRUSTED_INFORMATION_CLASS, *PTRUSTED_INFORMATION_CLASS;
 331
 332 typedef enum _POLICY_NOTIFICATION_INFORMATION_CLASS
 333 {
 334     PolicyNotifyAuditEventsInformation = 1,
 335     PolicyNotifyAccountDomainInformation,
 336     PolicyNotifyServerRoleInformation,
 337     PolicyNotifyDnsDomainInformation,
 338     PolicyNotifyDomainEfsInformation,
 339     PolicyNotifyDomainKerberosTicketInformation,
 340     PolicyNotifyMachineAccountPasswordInformation
 341 } POLICY_NOTIFICATION_INFORMATION_CLASS, *PPOLICY_NOTIFICATION_INFORMATION_CLASS;
 342
 343 #define RtlGenRandom                    SystemFunction036
 344 #define RtlEncryptMemory                SystemFunction040
 345 #define RtlDecryptMemory                SystemFunction041
 346
 347 BOOLEAN WINAPI RtlGenRandom(PVOID,ULONG);
 348 NTSTATUS WINAPI RtlEncryptMemory(PVOID,ULONG,ULONG);
 349 NTSTATUS WINAPI RtlDecryptMemory(PVOID,ULONG,ULONG);
 350
 351 NTSTATUS WINAPI LsaAddAccountRights(LSA_HANDLE,PSID,PLSA_UNICODE_STRING,ULONG);
 352 NTSTATUS WINAPI LsaCallAuthenticationPackage(HANDLE,ULONG,PVOID,ULONG,PVOID*,PULONG,PNTSTATUS);
 353 NTSTATUS WINAPI LsaClose(LSA_HANDLE);
 354 NTSTATUS WINAPI LsaConnectUntrusted(PHANDLE);
 355 NTSTATUS WINAPI LsaCreateTrustedDomainEx(LSA_HANDLE,PTRUSTED_DOMAIN_INFORMATION_EX,
 356                                          PTRUSTED_DOMAIN_AUTH_INFORMATION,ACCESS_MASK,PLSA_HANDLE);
 357 NTSTATUS WINAPI LsaDeleteTrustedDomain(LSA_HANDLE,PSID);
 358 NTSTATUS WINAPI LsaDeregisterLogonProcess(HANDLE);
 359 NTSTATUS WINAPI LsaEnumerateAccountRights(LSA_HANDLE,PSID,PLSA_UNICODE_STRING*,PULONG);
 360 NTSTATUS WINAPI LsaEnumerateAccountsWithUserRight(LSA_HANDLE,PLSA_UNICODE_STRING,PVOID*,PULONG);
 361 NTSTATUS WINAPI LsaEnumerateLogonSessions(PULONG,PLUID*);
 362 NTSTATUS WINAPI LsaEnumerateTrustedDomains(LSA_HANDLE,PLSA_ENUMERATION_HANDLE,PVOID*,ULONG,PULONG);
 363 NTSTATUS WINAPI LsaEnumerateTrustedDomainsEx(LSA_HANDLE,PLSA_ENUMERATION_HANDLE,PVOID*,ULONG,PULONG);
 364 NTSTATUS WINAPI LsaFreeMemory(PVOID);
 365 NTSTATUS WINAPI LsaFreeReturnBuffer(PVOID);
 366 NTSTATUS WINAPI LsaGetLogonSessionData(PLUID,PSECURITY_LOGON_SESSION_DATA*);
 367 NTSTATUS WINAPI LsaLogonUser(HANDLE,PLSA_STRING,SECURITY_LOGON_TYPE,ULONG,PVOID,ULONG,PTOKEN_GROUPS,PTOKEN_SOURCE,PVOID*,PULONG,PLUID,PHANDLE,PQUOTA_LIMITS,PNTSTATUS);
 368 NTSTATUS WINAPI LsaLookupAuthenticationPackage(HANDLE,PLSA_STRING,PULONG);
 369 NTSTATUS WINAPI LsaLookupNames(LSA_HANDLE,ULONG,PLSA_UNICODE_STRING,PLSA_REFERENCED_DOMAIN_LIST*,
 370                                PLSA_TRANSLATED_SID*);
 371 NTSTATUS WINAPI LsaLookupNames2(LSA_HANDLE,ULONG,ULONG,PLSA_UNICODE_STRING,PLSA_REFERENCED_DOMAIN_LIST*,
 372                                 PLSA_TRANSLATED_SID2*);
 373 NTSTATUS WINAPI LsaLookupSids(LSA_HANDLE,ULONG,PSID *,PLSA_REFERENCED_DOMAIN_LIST *,PLSA_TRANSLATED_NAME *);
 374 ULONG WINAPI LsaNtStatusToWinError(NTSTATUS);
 375 NTSTATUS WINAPI LsaOpenPolicy(PLSA_UNICODE_STRING,PLSA_OBJECT_ATTRIBUTES,ACCESS_MASK,PLSA_HANDLE);
 376 NTSTATUS WINAPI LsaOpenTrustedDomainByName(LSA_HANDLE,PLSA_UNICODE_STRING,ACCESS_MASK,PLSA_HANDLE);
 377 NTSTATUS WINAPI LsaQueryInformationPolicy(LSA_HANDLE,POLICY_INFORMATION_CLASS,PVOID*);
 378 NTSTATUS WINAPI LsaQueryTrustedDomainInfo(LSA_HANDLE,PSID,TRUSTED_INFORMATION_CLASS,PVOID*);
 379 NTSTATUS WINAPI LsaQueryTrustedDomainInfoByName(LSA_HANDLE,PLSA_UNICODE_STRING,TRUSTED_INFORMATION_CLASS,PVOID*);
 380 NTSTATUS WINAPI LsaRegisterLogonProcess(PLSA_STRING,PHANDLE,PLSA_OPERATIONAL_MODE);
 381 NTSTATUS WINAPI LsaRegisterPolicyChangeNotification(POLICY_NOTIFICATION_INFORMATION_CLASS,HANDLE);
 382 NTSTATUS WINAPI LsaRemoveAccountRights(LSA_HANDLE,PSID,BOOLEAN,PLSA_UNICODE_STRING,ULONG);
 383 NTSTATUS WINAPI LsaRetrievePrivateData(LSA_HANDLE,PLSA_UNICODE_STRING,PLSA_UNICODE_STRING*);
 384 NTSTATUS WINAPI LsaSetInformationPolicy(LSA_HANDLE,POLICY_INFORMATION_CLASS,PVOID);
 385 NTSTATUS WINAPI LsaSetTrustedDomainInfoByName(LSA_HANDLE,PLSA_UNICODE_STRING,TRUSTED_INFORMATION_CLASS,PVOID);
 386 NTSTATUS WINAPI LsaSetTrustedDomainInformation(LSA_HANDLE,PSID,TRUSTED_INFORMATION_CLASS,PVOID);
 387 NTSTATUS WINAPI LsaStorePrivateData(LSA_HANDLE,PLSA_UNICODE_STRING,PLSA_UNICODE_STRING);
 388 NTSTATUS WINAPI LsaUnregisterPolicyChangeNotification(POLICY_NOTIFICATION_INFORMATION_CLASS,HANDLE);
 389
 390 #ifdef __cplusplus
 391 } /* extern "C" */
 392 #endif /* defined(__cplusplus) */
 393
 394 #endif /* !defined(__WINE_NTSECAPI_H) */