/*
 * Copyright (C) 2007 Yuval Fledel
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
 */

#ifndef _NTSECPKG_H
#define _NTSECPKG_H

#ifdef __cplusplus
extern "C" {
#endif

/* Flags for the MachineState field in SECPKG_PARAMETERS */
#define SECPKG_STATE_ENCRYPTION_PERMITTED               0x01
#define SECPKG_STATE_STRONG_ENCRYPTION_PERMITTED        0x02
#define SECPKG_STATE_DOMAIN_CONTROLLER                  0x04
#define SECPKG_STATE_WORKSTATION                        0x08
#define SECPKG_STATE_STANDALONE                         0x10

/* Version magics as passed to or returned from Sp[Lsa,Mode]ModeInitialize */
#define SECPKG_INTERFACE_VERSION                     0x10000
#define SECPKG_INTERFACE_VERSION_2                   0x20000
#define SECPKG_INTERFACE_VERSION_3                   0x40000
#define SECPKG_INTERFACE_VERSION_4                   0x80000
#define SECPKG_INTERFACE_VERSION_5                  0x100000
#define SECPKG_INTERFACE_VERSION_6                  0x200000
#define SECPKG_INTERFACE_VERSION_7                  0x400000
#define SECPKG_INTERFACE_VERSION_8                  0x800000

/* enum definitions for Secure Service Provider/Authentication Packages */
typedef enum _LSA_TOKEN_INFORMATION_TYPE {
    LsaTokenInformationNull,
    LsaTokenInformationV1
} LSA_TOKEN_INFORMATION_TYPE, *PLSA_TOKEN_INFORMATION_TYPE;

typedef enum _SECPKG_EXTENDED_INFORMATION_CLASS
{
    SecpkgGssInfo = 1,
    SecpkgContextThunks,
    SecpkgMutualAuthLevel,
    SecpkgMaxInfo
} SECPKG_EXTENDED_INFORMATION_CLASS;

typedef enum _SECPKG_NAME_TYPE {
    SecNameSamCompatible,
    SecNameAlternateId,
    SecNameFlat,
    SecNameDN
} SECPKG_NAME_TYPE;

/* struct definitions for SSP/AP */
typedef struct _SECPKG_PRIMARY_CRED {
    LUID LogonId;
    UNICODE_STRING DownlevelName;
    UNICODE_STRING DomainName;
    UNICODE_STRING Password;
    UNICODE_STRING OldPassword;
    PSID UserSid;
    ULONG Flags;
    UNICODE_STRING DnsDomainName;
    UNICODE_STRING Upn;
    UNICODE_STRING LogonServer;
    UNICODE_STRING Spare1;
    UNICODE_STRING Spare2;
    UNICODE_STRING Spare3;
    UNICODE_STRING Spare4;
} SECPKG_PRIMARY_CRED, *PSECPKG_PRIMARY_CRED;

typedef struct _SECPKG_SUPPLEMENTAL_CRED {
    UNICODE_STRING PackageName;
    ULONG CredentialSize;
    PUCHAR Credentials;
} SECPKG_SUPPLEMENTAL_CRED, *PSECPKG_SUPPLEMENTAL_CRED;

typedef struct _SECPKG_SUPPLEMENTAL_CRED_ARRAY {
    ULONG CredentialCount;
    SECPKG_SUPPLEMENTAL_CRED Credentials[1];
} SECPKG_SUPPLEMENTAL_CRED_ARRAY, *PSECPKG_SUPPLEMENTAL_CRED_ARRAY;

typedef struct _SECPKG_PARAMETERS {
    ULONG Version;
    ULONG MachineState;
    ULONG SetupMode;
    PSID DomainSid;
    UNICODE_STRING DomainName;
    UNICODE_STRING DnsDomainName;
    GUID DomainGuid;
} SECPKG_PARAMETERS, *PSECPKG_PARAMETERS,
  SECPKG_EVENT_DOMAIN_CHANGE, *PSECPKG_EVENT_DOMAIN_CHANGE;

typedef struct _SECPKG_CLIENT_INFO {
    LUID LogonId;
    ULONG ProcessID;
    ULONG ThreadID;
    BOOLEAN HasTcbPrivilege;
    BOOLEAN Impersonating;
    BOOLEAN Restricted;
} SECPKG_CLIENT_INFO,
 *PSECPKG_CLIENT_INFO;

typedef struct _SECURITY_USER_DATA {
    UNICODE_STRING UserName;
    UNICODE_STRING LogonDomainName;
    UNICODE_STRING LogonServer;
    PSID pSid;
} SECURITY_USER_DATA, *PSECURITY_USER_DATA,
  SecurityUserData, *PSecurityUserData;

typedef struct _SECPKG_GSS_INFO {
    ULONG EncodedIdLength;
    UCHAR EncodedId[4];
} SECPKG_GSS_INFO, *PSECPKG_GSS_INFO;

typedef struct _SECPKG_CONTEXT_THUNKS {
    ULONG InfoLevelCount;
    ULONG Levels[1];
} SECPKG_CONTEXT_THUNKS, *PSECPKG_CONTEXT_THUNKS;

typedef struct _SECPKG_MUTUAL_AUTH_LEVEL {
    ULONG MutualAuthLevel;
} SECPKG_MUTUAL_AUTH_LEVEL, *PSECPKG_MUTUAL_AUTH_LEVEL;

typedef struct _SECPKG_CALL_INFO {
    ULONG ProcessId;
    ULONG ThreadId;
    ULONG Attributes;
    ULONG CallCount;
} SECPKG_CALL_INFO, *PSECPKG_CALL_INFO;

typedef struct _SECPKG_EXTENDED_INFORMATION {
    SECPKG_EXTENDED_INFORMATION_CLASS Class;
    union {
        SECPKG_GSS_INFO GssInfo;
        SECPKG_CONTEXT_THUNKS ContextThunks;
        SECPKG_MUTUAL_AUTH_LEVEL MutualAuthLevel;
    } Info;
} SECPKG_EXTENDED_INFORMATION, *PSECPKG_EXTENDED_INFORMATION;

typedef struct _SECPKG_TARGETINFO {
    PSID DomainSid;
    PCWSTR ComputerName;
} SECPKG_TARGETINFO, *PSECPKG_TARGETINFO;

typedef struct _SECPKG_POST_LOGON_USER_INFO {
    ULONG Flags;
    LUID LogonId;
    LUID LinkedLogonId;
} SECPKG_POST_LOGON_USER_INFO, *PSECPKG_POST_LOGON_USER_INFO;

/* callbacks implemented by SSP/AP dlls and called by the LSA */
typedef VOID (NTAPI *PLSA_CALLBACK_FUNCTION)(ULONG_PTR, ULONG_PTR, PSecBuffer,
 PSecBuffer);

/* misc typedefs used in the below prototypes */
typedef PVOID *PLSA_CLIENT_REQUEST;
typedef ULONG_PTR LSA_SEC_HANDLE, *PLSA_SEC_HANDLE;
typedef LPTHREAD_START_ROUTINE SEC_THREAD_START;
typedef PSECURITY_ATTRIBUTES SEC_ATTRS;

/* functions used by SSP/AP obtainable by dispatch tables */
typedef NTSTATUS (NTAPI *PLSA_REGISTER_CALLBACK)(ULONG, PLSA_CALLBACK_FUNCTION);
typedef NTSTATUS (NTAPI *PLSA_CREATE_LOGON_SESSION)(PLUID);
typedef NTSTATUS (NTAPI *PLSA_DELETE_LOGON_SESSION)(PLUID);
typedef NTSTATUS (NTAPI *PLSA_ADD_CREDENTIAL)(PLUID, ULONG, PLSA_STRING,
 PLSA_STRING);
typedef NTSTATUS (NTAPI *PLSA_GET_CREDENTIALS)(PLUID, ULONG, PULONG, BOOLEAN,
 PLSA_STRING, PULONG, PLSA_STRING);
typedef NTSTATUS (NTAPI *PLSA_DELETE_CREDENTIAL)(PLUID, ULONG, PLSA_STRING);
typedef PVOID (NTAPI *PLSA_ALLOCATE_LSA_HEAP)(ULONG);
typedef VOID (NTAPI *PLSA_FREE_LSA_HEAP)(PVOID);
typedef NTSTATUS (NTAPI *PLSA_ALLOCATE_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST,
 ULONG, PVOID*);
typedef NTSTATUS (NTAPI *PLSA_FREE_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, PVOID);
typedef NTSTATUS (NTAPI *PLSA_COPY_TO_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, ULONG,
 PVOID, PVOID);
typedef NTSTATUS (NTAPI *PLSA_COPY_FROM_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST,
 ULONG, PVOID, PVOID);
typedef NTSTATUS (NTAPI *PLSA_IMPERSONATE_CLIENT)(void);
typedef NTSTATUS (NTAPI *PLSA_UNLOAD_PACKAGE)(void);
typedef NTSTATUS (NTAPI *PLSA_DUPLICATE_HANDLE)(HANDLE, PHANDLE);
typedef NTSTATUS (NTAPI *PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS)(PLUID, ULONG,
 PVOID, BOOLEAN);
typedef HANDLE (NTAPI *PLSA_CREATE_THREAD)(SEC_ATTRS, ULONG, SEC_THREAD_START,
 PVOID, ULONG, PULONG);
typedef NTSTATUS (NTAPI *PLSA_GET_CLIENT_INFO)(PSECPKG_CLIENT_INFO);
typedef HANDLE (NTAPI *PLSA_REGISTER_NOTIFICATION)(SEC_THREAD_START, PVOID,
 ULONG, ULONG, ULONG, ULONG, HANDLE);
typedef NTSTATUS (NTAPI *PLSA_CANCEL_NOTIFICATION)(HANDLE);
typedef NTSTATUS (NTAPI *PLSA_MAP_BUFFER)(PSecBuffer, PSecBuffer);
typedef NTSTATUS (NTAPI *PLSA_CREATE_TOKEN)(PLUID, PTOKEN_SOURCE,
 SECURITY_LOGON_TYPE, SECURITY_IMPERSONATION_LEVEL, LSA_TOKEN_INFORMATION_TYPE,
 PVOID, PTOKEN_GROUPS, PUNICODE_STRING, PUNICODE_STRING, PUNICODE_STRING,
 PUNICODE_STRING, PHANDLE, PNTSTATUS);
typedef VOID (NTAPI *PLSA_AUDIT_LOGON)(NTSTATUS, NTSTATUS, PUNICODE_STRING,
 PUNICODE_STRING, PUNICODE_STRING, OPTIONAL PSID, SECURITY_LOGON_TYPE,
 PTOKEN_SOURCE, PLUID);
typedef NTSTATUS (NTAPI *PLSA_CALL_PACKAGE)(PUNICODE_STRING, PVOID, ULONG,
 PVOID*, PULONG, PNTSTATUS);
typedef BOOLEAN (NTAPI *PLSA_GET_CALL_INFO)(PSECPKG_CALL_INFO);
typedef NTSTATUS (NTAPI *PLSA_CALL_PACKAGEEX)(PUNICODE_STRING, PVOID, PVOID,
 ULONG, PVOID*, PULONG, PNTSTATUS);
typedef PVOID (NTAPI *PLSA_CREATE_SHARED_MEMORY)(ULONG, ULONG);
typedef PVOID (NTAPI *PLSA_ALLOCATE_SHARED_MEMORY)(PVOID, ULONG);
typedef VOID (NTAPI *PLSA_FREE_SHARED_MEMORY)(PVOID, PVOID);
typedef BOOLEAN (NTAPI *PLSA_DELETE_SHARED_MEMORY)(PVOID);
typedef NTSTATUS (NTAPI *PLSA_OPEN_SAM_USER)(PUNICODE_STRING, SECPKG_NAME_TYPE,
 PUNICODE_STRING, BOOLEAN, ULONG, PVOID*);
typedef NTSTATUS (NTAPI *PLSA_GET_USER_CREDENTIALS)(PVOID, PVOID *, PULONG,
 PVOID *, PULONG);
typedef NTSTATUS (NTAPI *PLSA_GET_USER_AUTH_DATA)(PVOID, PUCHAR *, PULONG);
typedef NTSTATUS (NTAPI *PLSA_CLOSE_SAM_USER)(PVOID);
typedef NTSTATUS (NTAPI *PLSA_CONVERT_AUTH_DATA_TO_TOKEN)(PVOID, ULONG,
 SECURITY_IMPERSONATION_LEVEL, PTOKEN_SOURCE, SECURITY_LOGON_TYPE,
 PUNICODE_STRING, PHANDLE, PLUID, PUNICODE_STRING, PNTSTATUS);
typedef NTSTATUS (NTAPI *PLSA_CLIENT_CALLBACK)(PCHAR, ULONG_PTR, ULONG_PTR,
 PSecBuffer, PSecBuffer);
typedef NTSTATUS (NTAPI *PLSA_UPDATE_PRIMARY_CREDENTIALS)(PSECPKG_PRIMARY_CRED, PSECPKG_SUPPLEMENTAL_CRED_ARRAY);
typedef NTSTATUS (NTAPI *PLSA_GET_AUTH_DATA_FOR_USER)(PUNICODE_STRING,
 SECPKG_NAME_TYPE, PUNICODE_STRING, PUCHAR *, PULONG, PUNICODE_STRING);
typedef NTSTATUS (NTAPI *PLSA_CRACK_SINGLE_NAME)(ULONG, BOOLEAN,
 PUNICODE_STRING, PUNICODE_STRING, ULONG, PUNICODE_STRING, PUNICODE_STRING,
 PULONG);
typedef NTSTATUS (NTAPI *PLSA_AUDIT_ACCOUNT_LOGON)(ULONG, BOOLEAN,
 PUNICODE_STRING, PUNICODE_STRING, PUNICODE_STRING, NTSTATUS);
typedef NTSTATUS (NTAPI *PLSA_CALL_PACKAGE_PASSTHROUGH)(PUNICODE_STRING, PVOID,
 PVOID, ULONG, PVOID*, PULONG, PNTSTATUS);

/* Dispatch tables of functions used by SSP/AP */
typedef struct SECPKG_DLL_FUNCTIONS {
    PLSA_ALLOCATE_LSA_HEAP AllocateHeap;
    PLSA_FREE_LSA_HEAP FreeHeap;
    PLSA_REGISTER_CALLBACK RegisterCallback;
} SECPKG_DLL_FUNCTIONS,
 *PSECPKG_DLL_FUNCTIONS;

typedef struct LSA_DISPATCH_TABLE {
    PLSA_CREATE_LOGON_SESSION CreateLogonSession;
    PLSA_DELETE_LOGON_SESSION DeleteLogonSession;
    PLSA_ADD_CREDENTIAL AddCredential;
    PLSA_GET_CREDENTIALS GetCredentials;
    PLSA_DELETE_CREDENTIAL DeleteCredential;
    PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap;
    PLSA_FREE_LSA_HEAP FreeLsaHeap;
    PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer;
    PLSA_FREE_CLIENT_BUFFER FreeClientBuffer;
    PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer;
    PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer;
} LSA_DISPATCH_TABLE,
 *PLSA_DISPATCH_TABLE;

typedef struct _LSA_SECPKG_FUNCTION_TABLE {
    PLSA_CREATE_LOGON_SESSION CreateLogonSession;
    PLSA_DELETE_LOGON_SESSION DeleteLogonSession;
    PLSA_ADD_CREDENTIAL AddCredential;
    PLSA_GET_CREDENTIALS GetCredentials;
    PLSA_DELETE_CREDENTIAL DeleteCredential;
    PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap;
    PLSA_FREE_LSA_HEAP FreeLsaHeap;
    PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer;
    PLSA_FREE_CLIENT_BUFFER FreeClientBuffer;
    PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer;
    PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer;
    PLSA_IMPERSONATE_CLIENT ImpersonateClient;
    PLSA_UNLOAD_PACKAGE UnloadPackage;
    PLSA_DUPLICATE_HANDLE DuplicateHandle;
    PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS SaveSupplementalCredentials;
    PLSA_CREATE_THREAD CreateThread;
    PLSA_GET_CLIENT_INFO GetClientInfo;
    PLSA_REGISTER_NOTIFICATION RegisterNotification;
    PLSA_CANCEL_NOTIFICATION CancelNotification;
    PLSA_MAP_BUFFER MapBuffer;
    PLSA_CREATE_TOKEN CreateToken;
    PLSA_AUDIT_LOGON AuditLogon;
    PLSA_CALL_PACKAGE CallPackage;
    PLSA_FREE_LSA_HEAP FreeReturnBuffer;
    PLSA_GET_CALL_INFO GetCallInfo;
    PLSA_CALL_PACKAGEEX CallPackageEx;
    PLSA_CREATE_SHARED_MEMORY CreateSharedMemory;
    PLSA_ALLOCATE_SHARED_MEMORY AllocateSharedMemory;
    PLSA_FREE_SHARED_MEMORY FreeSharedMemory;
    PLSA_DELETE_SHARED_MEMORY DeleteSharedMemory;
    PLSA_OPEN_SAM_USER OpenSamUser;
    PLSA_GET_USER_CREDENTIALS GetUserCredentials;
    PLSA_GET_USER_AUTH_DATA GetUserAuthData;
    PLSA_CLOSE_SAM_USER CloseSamUser;
    PLSA_CONVERT_AUTH_DATA_TO_TOKEN ConvertAuthDataToToken;
    PLSA_CLIENT_CALLBACK ClientCallback;
    PLSA_UPDATE_PRIMARY_CREDENTIALS UpdateCredentials;
    PLSA_GET_AUTH_DATA_FOR_USER GetAuthDataForUser;
    PLSA_CRACK_SINGLE_NAME CrackSingleName;
    PLSA_AUDIT_ACCOUNT_LOGON AuditAccountLogon;
    PLSA_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough;
} LSA_SECPKG_FUNCTION_TABLE,
 *PLSA_SECPKG_FUNCTION_TABLE;

/* Functions for redirected credentials */
typedef NTSTATUS (NTAPI *PLSA_REDIRECTED_LOGON_INIT)(HANDLE,
 const UNICODE_STRING *, ULONG, const LUID *);
typedef NTSTATUS (NTAPI *PLSA_REDIRECTED_LOGON_CALLBACK)(HANDLE, PVOID, ULONG,
 PVOID *, ULONG *);
typedef VOID (NTAPI *PLSA_REDIRECTED_LOGON_CLEANUP_CALLBACK)(HANDLE);
typedef NTSTATUS (NTAPI *PLSA_REDIRECTED_LOGON_GET_LOGON_CREDS)(HANDLE, PBYTE *,
 PULONG);
typedef NTSTATUS (NTAPI *PLSA_REDIRECTED_LOGON_GET_SUPP_CREDS)(HANDLE,
 PSECPKG_SUPPLEMENTAL_CRED_ARRAY *);

typedef struct _SECPKG_REDIRECTED_LOGON_BUFFER {
    GUID RedirectedLogonGuid;
    HANDLE RedirectedLogonHandle;
    PLSA_REDIRECTED_LOGON_INIT Init;
    PLSA_REDIRECTED_LOGON_CALLBACK Callback;
    PLSA_REDIRECTED_LOGON_CLEANUP_CALLBACK CleanupCallback;
    PLSA_REDIRECTED_LOGON_GET_LOGON_CREDS GetLogonCreds;
    PLSA_REDIRECTED_LOGON_GET_SUPP_CREDS GetSupplementalCreds;
} SECPKG_REDIRECTED_LOGON_BUFFER,
 *PSECPKG_REDIRECTED_LOGON_BUFFER;

/* LSA-mode functions implemented by SSP/AP obtainable by a dispatch table */
typedef NTSTATUS (NTAPI *PLSA_AP_INITIALIZE_PACKAGE)(ULONG, PLSA_DISPATCH_TABLE,
 PLSA_STRING, PLSA_STRING, PLSA_STRING *);
typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER)(PLSA_CLIENT_REQUEST, SECURITY_LOGON_TYPE,
 PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID LogonId, PNTSTATUS, PLSA_TOKEN_INFORMATION_TYPE,
 PVOID *, PLSA_UNICODE_STRING *, PLSA_UNICODE_STRING *);
typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE)(PLSA_CLIENT_REQUEST, PVOID, PVOID, ULONG,
 PVOID *, PULONG, PNTSTATUS);
typedef VOID (NTAPI *PLSA_AP_LOGON_TERMINATED)(PLUID);
typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE_UNTRUSTED)(PLSA_CLIENT_REQUEST,
 PVOID, PVOID, ULONG, PVOID *, PULONG, PNTSTATUS);
typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE_PASSTHROUGH)(PLSA_CLIENT_REQUEST,
 PVOID, PVOID, ULONG, PVOID *, PULONG, PNTSTATUS);
typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER_EX)(PLSA_CLIENT_REQUEST,
 SECURITY_LOGON_TYPE, PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID, PNTSTATUS,
 PLSA_TOKEN_INFORMATION_TYPE, PVOID *, PUNICODE_STRING *, PUNICODE_STRING *,
 PUNICODE_STRING *);
typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER_EX2)(PLSA_CLIENT_REQUEST,
 SECURITY_LOGON_TYPE, PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID, PNTSTATUS,
 PLSA_TOKEN_INFORMATION_TYPE, PVOID *, PUNICODE_STRING *, PUNICODE_STRING *,
 PUNICODE_STRING *, PSECPKG_PRIMARY_CRED, PSECPKG_SUPPLEMENTAL_CRED_ARRAY *);
typedef NTSTATUS (NTAPI SpInitializeFn)(ULONG_PTR, PSECPKG_PARAMETERS,
 PLSA_SECPKG_FUNCTION_TABLE);
typedef NTSTATUS (NTAPI SpShutdownFn)(void);
typedef NTSTATUS (NTAPI SpGetInfoFn)(PSecPkgInfoW);
typedef NTSTATUS (NTAPI SpAcceptCredentialsFn)(SECURITY_LOGON_TYPE,
 PUNICODE_STRING, PSECPKG_PRIMARY_CRED, PSECPKG_SUPPLEMENTAL_CRED);
typedef NTSTATUS (NTAPI SpAcquireCredentialsHandleFn)(PUNICODE_STRING, ULONG,
 PLUID, PVOID, PVOID, PVOID, PLSA_SEC_HANDLE, PTimeStamp);
typedef NTSTATUS (NTAPI SpQueryCredentialsAttributesFn)(LSA_SEC_HANDLE, ULONG,
 PVOID);
typedef NTSTATUS (NTAPI SpFreeCredentialsHandleFn)(LSA_SEC_HANDLE);
typedef NTSTATUS (NTAPI SpSaveCredentialsFn)(LSA_SEC_HANDLE, PSecBuffer);
typedef NTSTATUS (NTAPI SpGetCredentialsFn)(LSA_SEC_HANDLE, PSecBuffer);
typedef NTSTATUS (NTAPI SpDeleteCredentialsFn)(LSA_SEC_HANDLE, PSecBuffer);
typedef NTSTATUS (NTAPI SpInitLsaModeContextFn)(LSA_SEC_HANDLE, LSA_SEC_HANDLE,
 PUNICODE_STRING, ULONG, ULONG, PSecBufferDesc, PLSA_SEC_HANDLE, PSecBufferDesc,
 PULONG, PTimeStamp, PBOOLEAN, PSecBuffer);
typedef NTSTATUS (NTAPI SpAcceptLsaModeContextFn)(LSA_SEC_HANDLE,
 LSA_SEC_HANDLE, PSecBufferDesc, ULONG, ULONG, PLSA_SEC_HANDLE, PSecBufferDesc,
 PULONG, PTimeStamp, PBOOLEAN, PSecBuffer);
typedef NTSTATUS (NTAPI SpDeleteContextFn)(LSA_SEC_HANDLE);
typedef NTSTATUS (NTAPI SpApplyControlTokenFn)(LSA_SEC_HANDLE, PSecBufferDesc);
typedef NTSTATUS (NTAPI SpGetUserInfoFn)(PLUID, ULONG, PSecurityUserData *);
typedef NTSTATUS (NTAPI SpGetExtendedInformationFn)(
 SECPKG_EXTENDED_INFORMATION_CLASS, PSECPKG_EXTENDED_INFORMATION *);
typedef NTSTATUS (NTAPI SpQueryContextAttributesFn)(LSA_SEC_HANDLE, ULONG,
 PVOID);
typedef NTSTATUS (NTAPI SpAddCredentialsFn)(LSA_SEC_HANDLE, PUNICODE_STRING,
 PUNICODE_STRING, ULONG, PVOID, PVOID, PVOID, PTimeStamp);
typedef NTSTATUS (NTAPI SpSetExtendedInformationFn)(
 SECPKG_EXTENDED_INFORMATION_CLASS, PSECPKG_EXTENDED_INFORMATION);
typedef NTSTATUS (NTAPI SpSetContextAttributesFn)(LSA_SEC_HANDLE, ULONG, PVOID,
 ULONG);
typedef NTSTATUS (NTAPI SpSetCredentialsAttributesFn)(LSA_SEC_HANDLE, ULONG,
 PVOID, ULONG);
typedef NTSTATUS (NTAPI SpChangeAccountPasswordFn)(PUNICODE_STRING,
 PUNICODE_STRING, PUNICODE_STRING, PUNICODE_STRING, BOOLEAN, PSecBufferDesc);
typedef NTSTATUS (NTAPI SpQueryMetaDataFn)(LSA_SEC_HANDLE, PUNICODE_STRING,
 ULONG, PULONG, PUCHAR *, PLSA_SEC_HANDLE);
typedef NTSTATUS (NTAPI SpExchangeMetaDataFn)(LSA_SEC_HANDLE, PUNICODE_STRING,
 ULONG, ULONG, PUCHAR, PLSA_SEC_HANDLE);
typedef NTSTATUS (NTAPI SpGetCredUIContextFn)(LSA_SEC_HANDLE, GUID *, PULONG,
 PUCHAR *);
typedef NTSTATUS (NTAPI SpUpdateCredentialsFn)(LSA_SEC_HANDLE, GUID *, ULONG,
 PUCHAR);
typedef NTSTATUS (NTAPI SpValidateTargetInfoFn)(PLSA_CLIENT_REQUEST, PVOID,
 PVOID, ULONG, PSECPKG_TARGETINFO);
typedef NTSTATUS (NTAPI LSA_AP_POST_LOGON_USER)(PSECPKG_POST_LOGON_USER_INFO);
typedef NTSTATUS (NTAPI SpGetRemoteCredGuardLogonBufferFn)(LSA_SEC_HANDLE,
 const UNICODE_STRING *, PHANDLE, PLSA_REDIRECTED_LOGON_CALLBACK *,
 PLSA_REDIRECTED_LOGON_CLEANUP_CALLBACK *, PULONG, PVOID *);
typedef NTSTATUS (NTAPI SpGetRemoteCredGuardSupplementalCredsFn)(LSA_SEC_HANDLE,
 const UNICODE_STRING *, PHANDLE, PLSA_REDIRECTED_LOGON_CALLBACK *,
 PLSA_REDIRECTED_LOGON_CLEANUP_CALLBACK *, PULONG, PVOID *);

/* User-mode functions implemented by SSP/AP obtainable by a dispatch table */
typedef NTSTATUS (NTAPI SpInstanceInitFn)(ULONG, PSECPKG_DLL_FUNCTIONS,
 PVOID *);
typedef NTSTATUS (NTAPI SpInitUserModeContextFn)(LSA_SEC_HANDLE, PSecBuffer);
typedef NTSTATUS (NTAPI SpMakeSignatureFn)(LSA_SEC_HANDLE, ULONG,
 PSecBufferDesc, ULONG);
typedef NTSTATUS (NTAPI SpVerifySignatureFn)(LSA_SEC_HANDLE, PSecBufferDesc,
 ULONG, PULONG);
typedef NTSTATUS (NTAPI SpSealMessageFn)(LSA_SEC_HANDLE, ULONG, PSecBufferDesc,
 ULONG);
typedef NTSTATUS (NTAPI SpUnsealMessageFn)(LSA_SEC_HANDLE, PSecBufferDesc,
 ULONG, PULONG);
typedef NTSTATUS (NTAPI SpGetContextTokenFn)(LSA_SEC_HANDLE, PHANDLE);
typedef NTSTATUS (NTAPI SpCompleteAuthTokenFn)(LSA_SEC_HANDLE, PSecBufferDesc);
typedef NTSTATUS (NTAPI SpFormatCredentialsFn)(PSecBuffer, PSecBuffer);
typedef NTSTATUS (NTAPI SpMarshallSupplementalCredsFn)(ULONG, PUCHAR, PULONG,
 PVOID *);
typedef NTSTATUS (NTAPI SpExportSecurityContextFn)(LSA_SEC_HANDLE, ULONG,
 PSecBuffer, PHANDLE);
typedef NTSTATUS (NTAPI SpImportSecurityContextFn)(PSecBuffer, HANDLE,
 PLSA_SEC_HANDLE);

#ifdef WINE_NO_UNICODE_MACROS
#undef SetContextAttributes
#endif

/* dispatch tables of LSA-mode functions implemented by SSP/AP */
typedef struct SECPKG_FUNCTION_TABLE {
    PLSA_AP_INITIALIZE_PACKAGE InitializePackage;
    PLSA_AP_LOGON_USER LsaLogonUser;
    PLSA_AP_CALL_PACKAGE CallPackage;
    PLSA_AP_LOGON_TERMINATED LogonTerminated;
    PLSA_AP_CALL_PACKAGE_UNTRUSTED CallPackageUntrusted;
    PLSA_AP_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough;
    PLSA_AP_LOGON_USER_EX LogonUserEx;
    PLSA_AP_LOGON_USER_EX2 LogonUserEx2;
    SpInitializeFn *Initialize;
    SpShutdownFn *Shutdown;
    SpGetInfoFn *GetInfo;
    SpAcceptCredentialsFn *AcceptCredentials;
    SpAcquireCredentialsHandleFn *SpAcquireCredentialsHandle;
    SpQueryCredentialsAttributesFn *SpQueryCredentialsAttributes;
    SpFreeCredentialsHandleFn *FreeCredentialsHandle;
    SpSaveCredentialsFn *SaveCredentials;
    SpGetCredentialsFn *GetCredentials;
    SpDeleteCredentialsFn *DeleteCredentials;
    SpInitLsaModeContextFn *InitLsaModeContext;
    SpAcceptLsaModeContextFn *AcceptLsaModeContext;
    SpDeleteContextFn *DeleteContext;
    SpApplyControlTokenFn *ApplyControlToken;
    SpGetUserInfoFn *GetUserInfo;
    SpGetExtendedInformationFn *GetExtendedInformation;
    SpQueryContextAttributesFn *SpQueryContextAttributes;
    SpAddCredentialsFn *SpAddCredentials;
    SpSetExtendedInformationFn *SetExtendedInformation;
    /* Packages with version SECPKG_INTERFACE_VERSION end here */
    SpSetContextAttributesFn *SetContextAttributes;
    /* Packages with version SECPKG_INTERFACE_VERSION_2 end here */
    SpSetCredentialsAttributesFn *SetCredentialsAttributes;
    /* Packages with version SECPKG_INTERFACE_VERSION_3 end here */
    SpChangeAccountPasswordFn *ChangeAccountPassword;
    /* Packages with version SECPKG_INTERFACE_VERSION_4 end here */
    SpQueryMetaDataFn *QueryMetaData;
    SpExchangeMetaDataFn *ExchangeMetaData;
    SpGetCredUIContextFn *GetCredUIContext;
    SpUpdateCredentialsFn *UpdateCredentials;
    /* Packages with version SECPKG_INTERFACE_VERSION_5 end here */
    SpValidateTargetInfoFn *ValidateTargetInfo;
    /* Packages with version SECPKG_INTERFACE_VERSION_6 end here */
    LSA_AP_POST_LOGON_USER* PostLogonUser;
    /* Packages with version SECPKG_INTERFACE_VERSION_7 end here */
    SpGetRemoteCredGuardLogonBufferFn* GetRemoteCredGuardLogonBuffer;
    SpGetRemoteCredGuardSupplementalCredsFn* GetRemoteCredGuardSupplementalCreds;
    /* Packages with version SECPKG_INTERFACE_VERSION_8 end here */
} SECPKG_FUNCTION_TABLE,
 *PSECPKG_FUNCTION_TABLE;

/* dispatch tables of user-mode functions implemented by SSP/AP */
typedef struct SECPKG_USER_FUNCTION_TABLE {
    SpInstanceInitFn *InstanceInit;
    SpInitUserModeContextFn *InitUserModeContext;
    SpMakeSignatureFn *MakeSignature;
    SpVerifySignatureFn *VerifySignature;
    SpSealMessageFn *SealMessage;
    SpUnsealMessageFn *UnsealMessage;
    SpGetContextTokenFn *GetContextToken;
    SpQueryContextAttributesFn *SpQueryContextAttributes;
    SpCompleteAuthTokenFn *CompleteAuthToken;
    SpDeleteContextFn *DeleteUserModeContext;
    SpFormatCredentialsFn *FormatCredentials;
    SpMarshallSupplementalCredsFn *MarshallSupplementalCreds;
    SpExportSecurityContextFn *ExportContext;
    SpImportSecurityContextFn *ImportContext;
} SECPKG_USER_FUNCTION_TABLE,
 *PSECPKG_USER_FUNCTION_TABLE;

/* LSA-mode entry point to SSP/APs */
typedef NTSTATUS (NTAPI *SpLsaModeInitializeFn)(ULONG, PULONG,
 PSECPKG_FUNCTION_TABLE *, PULONG);

/* User-mode entry point to SSP/APs */
typedef NTSTATUS (WINAPI *SpUserModeInitializeFn)(ULONG, PULONG,
 PSECPKG_USER_FUNCTION_TABLE *, PULONG);

#ifdef __cplusplus
}
#endif
#endif /* _NTSECPKG_H */