windows-nt/Source/XPSP1/NT/ds/published/inc/ntmsv1_0.w
2020-09-26 16:20:57 +08:00

728 lines
24 KiB
OpenEdge ABL
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/*++ BUILD Version: 0001 // Increment this if a change has global effects
Copyright (c) 1989-1999 Microsoft Corporation
Module Name:
ntmsv1_0.h
Abstract:
This module contains the public data structures provided by
the MSV1_0 authentication package.
Author:
Jim Kelly (JimK) 12-April-1991
Revision History:
22-Apr-1991 (CliffV)
Added call package message types. Converted U_STRING to UNICODE_STRING.
11-Mar-1992 (DaveHart)
Added MsV1_0ChangePassword call package message type.
15-Jan-1998 (SField)
Added MsV1_0DeriveCredential call package message type.
--*/
#ifndef _NTMSV1_0_
#define _NTMSV1_0_
#if _MSC_VER > 1000
#pragma once
#endif
#include <ntlsa.h>
#include <ntsam.h>
#ifdef __cplusplus
extern "C" {
#endif
// begin_ntifs begin_ntsecapi
/////////////////////////////////////////////////////////////////////////
// //
// Name of the MSV1_0 authentication package //
// //
/////////////////////////////////////////////////////////////////////////
#define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
#define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
#define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR)
//
// Location of MSV authentication package data
//
#define MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0"
#define MSV1_0_SUBAUTHENTICATION_VALUE "Auth"
/////////////////////////////////////////////////////////////////////////
// //
// Widely used MSV1_0 data types //
// //
/////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////
// //
// LOGON Related Data Structures
//
// //
///////////////////////////////////////////////////////////////////////////////
//
// When a LsaLogonUser() call is dispatched to the MsV1_0 authentication
// package, the beginning of the AuthenticationInformation buffer is
// cast to a MSV1_0_LOGON_SUBMIT_TYPE to determine the type of logon
// being requested. Similarly, upon return, the type of profile buffer
// can be determined by typecasting it to a MSV_1_0_PROFILE_BUFFER_TYPE.
//
//
// MSV1.0 LsaLogonUser() submission message types.
//
typedef enum _MSV1_0_LOGON_SUBMIT_TYPE {
MsV1_0InteractiveLogon = 2,
MsV1_0Lm20Logon,
MsV1_0NetworkLogon,
MsV1_0SubAuthLogon,
MsV1_0WorkstationUnlockLogon = 7
} MSV1_0_LOGON_SUBMIT_TYPE, *PMSV1_0_LOGON_SUBMIT_TYPE;
//
// MSV1.0 LsaLogonUser() profile buffer types.
//
typedef enum _MSV1_0_PROFILE_BUFFER_TYPE {
MsV1_0InteractiveProfile = 2,
MsV1_0Lm20LogonProfile,
MsV1_0SmartCardProfile
} MSV1_0_PROFILE_BUFFER_TYPE, *PMSV1_0_PROFILE_BUFFER_TYPE;
//
// MsV1_0InteractiveLogon
//
// The AuthenticationInformation buffer of an LsaLogonUser() call to
// perform an interactive logon contains the following data structure:
//
typedef struct _MSV1_0_INTERACTIVE_LOGON {
MSV1_0_LOGON_SUBMIT_TYPE MessageType;
UNICODE_STRING LogonDomainName;
UNICODE_STRING UserName;
UNICODE_STRING Password;
} MSV1_0_INTERACTIVE_LOGON, *PMSV1_0_INTERACTIVE_LOGON;
//
// Where:
//
// MessageType - Contains the type of logon being requested. This
// field must be set to MsV1_0InteractiveLogon.
//
// UserName - Is a string representing the user's account name. The
// name may be up to 255 characters long. The name is treated case
// insensitive.
//
// Password - Is a string containing the user's cleartext password.
// The password may be up to 255 characters long and contain any
// UNICODE value.
//
//
//
// The ProfileBuffer returned upon a successful logon of this type
// contains the following data structure:
//
typedef struct _MSV1_0_INTERACTIVE_PROFILE {
MSV1_0_PROFILE_BUFFER_TYPE MessageType;
USHORT LogonCount;
USHORT BadPasswordCount;
LARGE_INTEGER LogonTime;
LARGE_INTEGER LogoffTime;
LARGE_INTEGER KickOffTime;
LARGE_INTEGER PasswordLastSet;
LARGE_INTEGER PasswordCanChange;
LARGE_INTEGER PasswordMustChange;
UNICODE_STRING LogonScript;
UNICODE_STRING HomeDirectory;
UNICODE_STRING FullName;
UNICODE_STRING ProfilePath;
UNICODE_STRING HomeDirectoryDrive;
UNICODE_STRING LogonServer;
ULONG UserFlags;
} MSV1_0_INTERACTIVE_PROFILE, *PMSV1_0_INTERACTIVE_PROFILE;
//
// where:
//
// MessageType - Identifies the type of profile data being returned.
// Contains the type of logon being requested. This field must
// be set to MsV1_0InteractiveProfile.
//
// LogonCount - Number of times the user is currently logged on.
//
// BadPasswordCount - Number of times a bad password was applied to
// the account since last successful logon.
//
// LogonTime - Time when user last logged on. This is an absolute
// format NT standard time value.
//
// LogoffTime - Time when user should log off. This is an absolute
// format NT standard time value.
//
// KickOffTime - Time when system should force user logoff. This is
// an absolute format NT standard time value.
//
// PasswordLastChanged - Time and date the password was last
// changed. This is an absolute format NT standard time
// value.
//
// PasswordCanChange - Time and date when the user can change the
// password. This is an absolute format NT time value. To
// prevent a password from ever changing, set this field to a
// date very far into the future.
//
// PasswordMustChange - Time and date when the user must change the
// password. If the user can never change the password, this
// field is undefined. This is an absolute format NT time
// value.
//
// LogonScript - The (relative) path to the account's logon
// script.
//
// HomeDirectory - The home directory for the user.
//
//
// MsV1_0Lm20Logon and MsV1_0NetworkLogon
//
// The AuthenticationInformation buffer of an LsaLogonUser() call to
// perform an network logon contains the following data structure:
//
// MsV1_0NetworkLogon logon differs from MsV1_0Lm20Logon in that the
// ParameterControl field exists.
//
#define MSV1_0_CHALLENGE_LENGTH 8
#define MSV1_0_USER_SESSION_KEY_LENGTH 16
#define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8
//
// Values for ParameterControl.
//
#define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x02
#define MSV1_0_UPDATE_LOGON_STATISTICS 0x04
#define MSV1_0_RETURN_USER_PARAMETERS 0x08
#define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10
#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20
#define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40
// this next flag says that CaseInsensitiveChallengeResponse
// (aka LmResponse) contains a client challenge in the first 8 bytes
#define MSV1_0_USE_CLIENT_CHALLENGE 0x80
#define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100
#define MSV1_0_RETURN_PROFILE_PATH 0x200
#define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400
#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800
#define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000
#define MSV1_0_ALLOW_FORCE_GUEST 0x00002000
#define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000
//
// The high order byte is a value indicating the SubAuthentication DLL.
// Zero indicates no SubAuthentication DLL.
//
#define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000
#define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24
#define MSV1_0_MNS_LOGON 0x01000000
//
// This is the list of subauthentication dlls used in MS
//
#define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2
#define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132
typedef struct _MSV1_0_LM20_LOGON {
MSV1_0_LOGON_SUBMIT_TYPE MessageType;
UNICODE_STRING LogonDomainName;
UNICODE_STRING UserName;
UNICODE_STRING Workstation;
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
STRING CaseSensitiveChallengeResponse;
STRING CaseInsensitiveChallengeResponse;
ULONG ParameterControl;
} MSV1_0_LM20_LOGON, * PMSV1_0_LM20_LOGON;
//
// NT 5.0 SubAuth dlls can use this struct
//
typedef struct _MSV1_0_SUBAUTH_LOGON{
MSV1_0_LOGON_SUBMIT_TYPE MessageType;
UNICODE_STRING LogonDomainName;
UNICODE_STRING UserName;
UNICODE_STRING Workstation;
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
STRING AuthenticationInfo1;
STRING AuthenticationInfo2;
ULONG ParameterControl;
ULONG SubAuthPackageId;
} MSV1_0_SUBAUTH_LOGON, * PMSV1_0_SUBAUTH_LOGON;
//
// Values for UserFlags.
//
#define LOGON_GUEST 0x01
#define LOGON_NOENCRYPTION 0x02
#define LOGON_CACHED_ACCOUNT 0x04
#define LOGON_USED_LM_PASSWORD 0x08
#define LOGON_EXTRA_SIDS 0x20
#define LOGON_SUBAUTH_SESSION_KEY 0x40
#define LOGON_SERVER_TRUST_ACCOUNT 0x80
#define LOGON_NTLMV2_ENABLED 0x100 // says DC understands NTLMv2
#define LOGON_RESOURCE_GROUPS 0x200
#define LOGON_PROFILE_PATH_RETURNED 0x400
//
// The high order byte is reserved for return by SubAuthentication DLLs.
//
#define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000
// Values returned by the MSV1_0_MNS_LOGON SubAuthentication DLL
#define LOGON_GRACE_LOGON 0x01000000
typedef struct _MSV1_0_LM20_LOGON_PROFILE {
MSV1_0_PROFILE_BUFFER_TYPE MessageType;
LARGE_INTEGER KickOffTime;
LARGE_INTEGER LogoffTime;
ULONG UserFlags;
UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
UNICODE_STRING LogonDomainName;
UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH];
UNICODE_STRING LogonServer;
UNICODE_STRING UserParameters;
} MSV1_0_LM20_LOGON_PROFILE, * PMSV1_0_LM20_LOGON_PROFILE;
//
// Supplemental credentials structure used for passing credentials into
// MSV1_0 from other packages
//
#define MSV1_0_OWF_PASSWORD_LENGTH 16
#define MSV1_0_CRED_LM_PRESENT 0x1
#define MSV1_0_CRED_NT_PRESENT 0x2
#define MSV1_0_CRED_VERSION 0
typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL {
ULONG Version;
ULONG Flags;
UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH];
UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH];
} MSV1_0_SUPPLEMENTAL_CREDENTIAL, *PMSV1_0_SUPPLEMENTAL_CREDENTIAL;
//
// NTLM3 definitions.
//
#define MSV1_0_NTLM3_RESPONSE_LENGTH 16
#define MSV1_0_NTLM3_OWF_LENGTH 16
//
// this is the longest amount of time we'll allow challenge response
// pairs to be used. Note that this also has to allow for worst case clock skew
//
#define MSV1_0_MAX_NTLM3_LIFE 129600 // 36 hours (in seconds)
#define MSV1_0_MAX_AVL_SIZE 64000
//
// MsvAvFlags bit values
//
#define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001
// this is an MSV1_0 private data structure, defining the layout of an NTLM3 response, as sent by a
// client in the NtChallengeResponse field of the NETLOGON_NETWORK_INFO structure. If can be differentiated
// from an old style NT response by its length. This is crude, but it needs to pass through servers and
// the servers' DCs that do not understand NTLM3 but that are willing to pass longer responses.
typedef struct _MSV1_0_NTLM3_RESPONSE {
UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH]; // hash of OWF of password with all the following fields
UCHAR RespType; // id number of response; current is 1
UCHAR HiRespType; // highest id number understood by client
USHORT Flags; // reserved; must be sent as zero at this version
ULONG MsgWord; // 32 bit message from client to server (for use by auth protocol)
ULONGLONG TimeStamp; // time stamp when client generated response -- NT system time, quad part
UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH];
ULONG AvPairsOff; // offset to start of AvPairs (to allow future expansion)
UCHAR Buffer[1]; // start of buffer with AV pairs (or future stuff -- so use the offset)
} MSV1_0_NTLM3_RESPONSE, *PMSV1_0_NTLM3_RESPONSE;
#define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH)
typedef enum {
MsvAvEOL, // end of list
MsvAvNbComputerName, // server's computer name -- NetBIOS
MsvAvNbDomainName, // server's domain name -- NetBIOS
MsvAvDnsComputerName, // server's computer name -- DNS
MsvAvDnsDomainName, // server's domain name -- DNS
MsvAvDnsTreeName, // server's tree name -- DNS
MsvAvFlags // server's extended flags -- DWORD mask
} MSV1_0_AVID;
typedef struct _MSV1_0_AV_PAIR {
USHORT AvId;
USHORT AvLen;
// Data is treated as byte array following structure
} MSV1_0_AV_PAIR, *PMSV1_0_AV_PAIR;
///////////////////////////////////////////////////////////////////////////////
// //
// CALL PACKAGE Related Data Structures //
// //
///////////////////////////////////////////////////////////////////////////////
//
// MSV1.0 LsaCallAuthenticationPackage() submission and response
// message types.
//
typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE {
MsV1_0Lm20ChallengeRequest = 0, // Both submission and response
MsV1_0Lm20GetChallengeResponse, // Both submission and response
MsV1_0EnumerateUsers, // Both submission and response
MsV1_0GetUserInfo, // Both submission and response
MsV1_0ReLogonUsers, // Submission only
MsV1_0ChangePassword, // Both submission and response
MsV1_0ChangeCachedPassword, // Both submission and response
MsV1_0GenericPassthrough, // Both submission and response
MsV1_0CacheLogon, // Submission only, no response
MsV1_0SubAuth, // Both submission and response
MsV1_0DeriveCredential, // Both submission and response
MsV1_0CacheLookup, // Both submission and response
MsV1_0SetProcessOption, // Submission only, no response
} MSV1_0_PROTOCOL_MESSAGE_TYPE, *PMSV1_0_PROTOCOL_MESSAGE_TYPE;
// end_ntsecapi
//
// MsV1_0Lm20ChallengeRequest submit buffer and response
//
typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
} MSV1_0_LM20_CHALLENGE_REQUEST, *PMSV1_0_LM20_CHALLENGE_REQUEST;
typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
} MSV1_0_LM20_CHALLENGE_RESPONSE, *PMSV1_0_LM20_CHALLENGE_RESPONSE;
//
// MsV1_0Lm20GetChallengeResponse submit buffer and response
//
#define USE_PRIMARY_PASSWORD 0x01
#define RETURN_PRIMARY_USERNAME 0x02
#define RETURN_PRIMARY_LOGON_DOMAINNAME 0x04
#define RETURN_NON_NT_USER_SESSION_KEY 0x08
#define GENERATE_CLIENT_CHALLENGE 0x10
#define GCR_NTLM3_PARMS 0x20
#define GCR_TARGET_INFO 0x40 // ServerName field contains target info AV pairs
#define RETURN_RESERVED_PARAMETER 0x80 // was 0x10
#define GCR_ALLOW_NTLM 0x100
#define GCR_MACHINE_CREDENTIAL 0x400
//
// version 1 of the GETCHALLENRESP structure, which was used by RAS and others.
// compiled before the additional fields added to GETCHALLENRESP_REQUEST.
// here to allow sizing operations for backwards compatibility.
//
typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
ULONG ParameterControl;
LUID LogonId;
UNICODE_STRING Password;
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
} MSV1_0_GETCHALLENRESP_REQUEST_V1, *PMSV1_0_GETCHALLENRESP_REQUEST_V1;
typedef struct _MSV1_0_GETCHALLENRESP_REQUEST {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
ULONG ParameterControl;
LUID LogonId;
UNICODE_STRING Password;
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
//
// the following 3 fields are only present if GCR_NTLM3_PARMS is set in ParameterControl
//
UNICODE_STRING UserName;
UNICODE_STRING LogonDomainName;
UNICODE_STRING ServerName; // server domain or target info AV pairs
} MSV1_0_GETCHALLENRESP_REQUEST, *PMSV1_0_GETCHALLENRESP_REQUEST;
typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
STRING CaseSensitiveChallengeResponse;
STRING CaseInsensitiveChallengeResponse;
UNICODE_STRING UserName;
UNICODE_STRING LogonDomainName;
UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH];
} MSV1_0_GETCHALLENRESP_RESPONSE, *PMSV1_0_GETCHALLENRESP_RESPONSE;
//
// MsV1_0EnumerateUsers submit buffer and response
//
typedef struct _MSV1_0_ENUMUSERS_REQUEST {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
} MSV1_0_ENUMUSERS_REQUEST, *PMSV1_0_ENUMUSERS_REQUEST;
typedef struct _MSV1_0_ENUMUSERS_RESPONSE {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
ULONG NumberOfLoggedOnUsers;
PLUID LogonIds;
PULONG EnumHandles;
} MSV1_0_ENUMUSERS_RESPONSE, *PMSV1_0_ENUMUSERS_RESPONSE;
//
// MsV1_0GetUserInfo submit buffer and response
//
typedef struct _MSV1_0_GETUSERINFO_REQUEST {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
LUID LogonId;
} MSV1_0_GETUSERINFO_REQUEST, *PMSV1_0_GETUSERINFO_REQUEST;
typedef struct _MSV1_0_GETUSERINFO_RESPONSE {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
PSID UserSid;
UNICODE_STRING UserName;
UNICODE_STRING LogonDomainName;
UNICODE_STRING LogonServer;
SECURITY_LOGON_TYPE LogonType;
} MSV1_0_GETUSERINFO_RESPONSE, *PMSV1_0_GETUSERINFO_RESPONSE;
// end_ntifs
//
// MsV1_0RelogonUsers submit buffer
//
typedef struct _MSV1_0_RELOGON_REQUEST {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
UNICODE_STRING LogonServer;
} MSV1_0_RELOGON_REQUEST, *PMSV1_0_RELOGON_REQUEST;
//
// MsV1_0ChangePassword and MsV1_0ChangeCachedPassword submit buffer
//
// MsV1_0ChangePassword changes the password on the SAM account plus
// the password cache and logon credentials if applicable.
//
// MsV1_0ChangeCachedPassword only changes the password cache and the logon
// credentials.
//
// begin_ntsecapi
typedef struct _MSV1_0_CHANGEPASSWORD_REQUEST {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
UNICODE_STRING DomainName;
UNICODE_STRING AccountName;
UNICODE_STRING OldPassword;
UNICODE_STRING NewPassword;
BOOLEAN Impersonating;
} MSV1_0_CHANGEPASSWORD_REQUEST, *PMSV1_0_CHANGEPASSWORD_REQUEST;
typedef struct _MSV1_0_CHANGEPASSWORD_RESPONSE {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
BOOLEAN PasswordInfoValid;
DOMAIN_PASSWORD_INFORMATION DomainPasswordInfo;
} MSV1_0_CHANGEPASSWORD_RESPONSE, *PMSV1_0_CHANGEPASSWORD_RESPONSE;
// end_ntsecapi
//
// MsV1_0GenericPassthrough - for remoting a CallPackage to
// a domain controller on the specified domain
//
typedef struct _MSV1_0_PASSTHROUGH_REQUEST {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
UNICODE_STRING DomainName;
UNICODE_STRING PackageName;
ULONG DataLength;
PUCHAR LogonData;
ULONG Pad ;
} MSV1_0_PASSTHROUGH_REQUEST, *PMSV1_0_PASSTHROUGH_REQUEST;
typedef struct _MSV1_0_PASSTHROUGH_RESPONSE {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
ULONG Pad;
ULONG DataLength;
PUCHAR ValidationData;
} MSV1_0_PASSTHROUGH_RESPONSE, *PMSV1_0_PASSTHROUGH_RESPONSE;
//
// MsV1_0CacheLogon submit buffer
//
// Values for RequestFlags
#define MSV1_0_CACHE_LOGON_REQUEST_MIT_LOGON 0x00000001
#define MSV1_0_CACHE_LOGON_REQUEST_INFO4 0x00000002
#define MSV1_0_CACHE_LOGON_DELETE_ENTRY 0x00000004
typedef struct _MSV1_0_CACHE_LOGON_REQUEST {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
PVOID LogonInformation;
PVOID ValidationInformation;
PVOID SupplementalCacheData;
ULONG SupplementalCacheDataLength;
ULONG RequestFlags;
} MSV1_0_CACHE_LOGON_REQUEST, *PMSV1_0_CACHE_LOGON_REQUEST;
//
// MsV1_0CacheLookup submit buffer
//
// values for CredentialType
#define MSV1_0_CACHE_LOOKUP_CREDTYPE_NONE 0
#define MSV1_0_CACHE_LOOKUP_CREDTYPE_RAW 1
#define MSV1_0_CACHE_LOOKUP_CREDTYPE_NTOWF 2
typedef struct _MSV1_0_CACHE_LOOKUP_REQUEST {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
UNICODE_STRING UserName;
UNICODE_STRING DomainName;
ULONG CredentialType;
ULONG CredentialInfoLength;
UCHAR CredentialSubmitBuffer[1]; // in-place array of length CredentialInfoLength
} MSV1_0_CACHE_LOOKUP_REQUEST, *PMSV1_0_CACHE_LOOKUP_REQUEST;
typedef struct _MSV1_0_CACHE_LOOKUP_RESPONSE {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
PVOID ValidationInformation;
PVOID SupplementalCacheData;
ULONG SupplementalCacheDataLength;
} MSV1_0_CACHE_LOOKUP_RESPONSE, *PMSV1_0_CACHE_LOOKUP_RESPONSE;
// begin_ntsecapi
//
// MsV1_0SubAuthInfo submit buffer and response - for submitting a buffer to a
// specified Subauthentication Package during an LsaCallAuthenticationPackage().
// If this Subauthentication is to be done locally, then package this message
// in LsaCallAuthenticationPackage(). If this SubAuthentication needs to be done
// on the domain controller, then call LsaCallauthenticationPackage with the
// message type being MsV1_0GenericPassThrough and the LogonData in this struct
// should be a PMSV1_0_SUBAUTH_REQUEST
//
typedef struct _MSV1_0_SUBAUTH_REQUEST{
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
ULONG SubAuthPackageId;
ULONG SubAuthInfoLength;
PUCHAR SubAuthSubmitBuffer;
} MSV1_0_SUBAUTH_REQUEST, *PMSV1_0_SUBAUTH_REQUEST;
typedef struct _MSV1_0_SUBAUTH_RESPONSE{
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
ULONG SubAuthInfoLength;
PUCHAR SubAuthReturnBuffer;
} MSV1_0_SUBAUTH_RESPONSE, *PMSV1_0_SUBAUTH_RESPONSE;
// end_ntsecapi
//
// Credential Derivation types for MsV1_0DeriveCredential Submit DeriveCredType
//
//
// Derive Credential using SHA-1 and Request buffer DeriveCredSubmitBuffer of
// length DeriveCredInfoLength mixing bytes.
// Response buffer DeriveCredReturnBuffer will contain SHA-1 hash of size
// A_SHA_DIGEST_LEN (20)
//
#define MSV1_0_DERIVECRED_TYPE_SHA1 0
#define MSV1_0_DERIVECRED_TYPE_SHA1_V2 1
//
// MsV1_0DeriveCredential submit buffer and response - for submitting a buffer
// an call to LsaCallAuthenticationPackage().
//
typedef struct _MSV1_0_DERIVECRED_REQUEST {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
LUID LogonId;
ULONG DeriveCredType;
ULONG DeriveCredInfoLength;
UCHAR DeriveCredSubmitBuffer[1]; // in-place array of length DeriveCredInfoLength
} MSV1_0_DERIVECRED_REQUEST, *PMSV1_0_DERIVECRED_REQUEST;
typedef struct _MSV1_0_DERIVECRED_RESPONSE {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
ULONG DeriveCredInfoLength;
UCHAR DeriveCredReturnBuffer[1]; // in-place array of length DeriveCredInfoLength
} MSV1_0_DERIVECRED_RESPONSE, *PMSV1_0_DERIVECRED_RESPONSE;
//
// MsV1_0SetProcessOption submit buffer - for submitting a buffer
// an call to LsaCallAuthenticationPackage().
//
#define MSV1_0_OPTION_ALLOW_BLANK_PASSWORD 0x1
#define MSV1_0_OPTION_DISABLE_ADMIN_LOCKOUT 0x2
#define MSV1_0_OPTION_DISABLE_FORCE_GUEST 0x4
typedef struct _MSV1_0_SETPROCESSOPTION_REQUEST {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
ULONG ProcessOptions;
BOOLEAN DisableOptions;
} MSV1_0_SETPROCESSOPTION_REQUEST, *PMSV1_0_SETPROCESSOPTION_REQUEST;
#ifdef __cplusplus
}
#endif
#endif //_NTMSV1_0_