windows-server-2003/ds/security/base/lsa/inc/spmlpc.h

//+-----------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (c) Microsoft Corporation 1991 - 1992
//
// File:        SPMLPC.H
//
// Contents:    Defines for the LPC to the SPMgr
//
//
// History:     2 Mar 94    MikeSw  Created
//
//------------------------------------------------------------------------

#ifndef __SPMLPC_H__
#define __SPMLPC_H__

//
// Pickup the LSA lpc messages for compatiblity
//
#pragma warning(disable:4200)

#include <efsstruc.h>
#include <aup.h>


#define SPM_PORTNAME    L"\\LsaAuthenticationPort"
#define SPM_EVENTNAME   L"\\SECURITY\\LSA_AUTHENTICATION_INITIALIZED"


#define SPM_AUTH_PKG_FLAG   0x00001000

//
// Buffers that will fit into the message are placed in there and the
// their pointers will be replaced with this value.  Since all buffers and
// strings are sent with their lengths, to unpack the data move pull out the
// buffers in the order they are listed in the API message.
//
// Since all buffers must be passed from VM, any address above 0x80000000
// will not be confused for an address
//

#define SEC_PACKED_BUFFER_VALUE (IntToPtr(0xFFFFFFFF))

//
// Max secbuffers allowed in a SecBufferDesc
//

#define MAX_SECBUFFERS 10

//
// This bit gets set in the SecurityMode word, indicating that the DLL
// is running in the LSA process.  The DLL will turn around and get the
// direct dispatch routine, and avoid the whole LPC issue
//

#define LSA_MODE_SAME_PROCESS                0x00010000

//
// This flag is added to the version information in a SecBufferDesc to
// indicate that the memory is already mapped to the LSA.
//

#define LSA_MEMORY_KERNEL_MAP               0x80000000
#define LSA_SECBUFFER_VERSION_MASK          0x0000FFFF



//
// Conditional type definition for Wow64 environment.  The LPC messages
// are kept "native" size, so pointers are full size.  The WOW environment
// will do the thunking.  LPC messages are defined with types that are
// always the correct size using these "aliases".
//

#ifdef BUILD_WOW64

#pragma message("Building for WOW64")

#define ALIGN_WOW64         __declspec(align(8))

#define GET_WOW64_PTR(_Wow64Ptr_)  PtrToUlong(_Wow64Ptr_)

#define POINTER_FORMAT  "%I64X"

#if 0
typedef WCHAR * __ptr64 PWSTR_LPC ;
typedef VOID * __ptr64 PVOID_LPC ;
#else
typedef ULONGLONG PWSTR_LPC ;
typedef ULONGLONG PVOID_LPC ;
typedef ULONGLONG PSID_LPC ;
#endif

typedef struct _SECURITY_STRING_WOW64 {
    USHORT      Length ;
    USHORT      MaximumLength ;
    PWSTR_LPC   Buffer ;
} SECURITY_STRING_WOW64, * PSECURITY_STRING_WOW64 ;

typedef struct _SEC_HANDLE_WOW64 {
    PVOID_LPC dwLower ;
    PVOID_LPC dwUpper ;
} SEC_HANDLE_WOW64, * PSEC_HANDLE_WOW64 ;

typedef struct _SEC_BUFFER_WOW64 {
    unsigned long   cbBuffer ;
    unsigned long   BufferType ;
    PVOID_LPC  pvBuffer ;
} SEC_BUFFER_WOW64, * PSEC_BUFFER_WOW64 ;

typedef struct _SEC_BUFFER_DESC_WOW64 {
    unsigned long   ulVersion ;
    unsigned long   cBuffers ;
    PVOID_LPC  pBuffers ;
} SEC_BUFFER_DESC_WOW64, * PSEC_BUFFER_DESC_WOW64 ;

typedef struct _SECPKG_INFO_WOW64 {
    ULONG        fCapabilities;
    USHORT       wVersion;
    USHORT       wRPCID;
    ULONG        cbMaxToken;
    PWSTR_LPC    Name;
    PWSTR_LPC    Comment;
}
SECPKG_INFO_WOW64, * PSECPKG_INFO_WOW64;

typedef struct _SECPKGCONTEXT_NEGOTIATIONINFOWOW64
{
    PVOID_LPC           pPackageInfo64;
    ULONG               NegotiationState;
}
SECPKGCONTEXT_NEGOTIATIONINFOWOW64, *PSECPKGCONTEXT_NEGOTIATIONINFOWOW64;

typedef struct _SECURITY_USER_DATA_WOW64 {
    SECURITY_STRING_WOW64 UserName;
    SECURITY_STRING_WOW64 LogonDomainName;
    SECURITY_STRING_WOW64 LogonServer;
    PSID_LPC              pSid;
}
SECURITY_USER_DATA_WOW64, * PSECURITY_USER_DATA_WOW64;

typedef SECURITY_STRING_WOW64   SECURITY_STRING_LPC ;
typedef SEC_HANDLE_WOW64    SEC_HANDLE_LPC ;
typedef SEC_BUFFER_DESC_WOW64   SEC_BUFFER_DESC_LPC ;
typedef SEC_BUFFER_WOW64        SEC_BUFFER_LPC ;
typedef PVOID_LPC               LSA_SEC_HANDLE_LPC ;

#define SecpSecurityStringToLpc( L, S ) \
            (L)->Length = (S)->Length ;     \
            (L)->MaximumLength = (S)->MaximumLength ; \
            (L)->Buffer = (PWSTR_LPC) GET_WOW64_PTR(((S)->Buffer)) ;

#define SecpLpcStringToSecurityString( S, L ) \
            (S)->Length = (L)->Length ; \
            (S)->MaximumLength = (L)->MaximumLength ; \
            (S)->Buffer = (PWSTR) ( (L)->Buffer ); \

#define SecpSecBufferToLpc( L, S )\
            (L)->cbBuffer = (S)->cbBuffer ; \
            (L)->BufferType = (S)->BufferType ; \
            (L)->pvBuffer = (PVOID_LPC) GET_WOW64_PTR((S)->pvBuffer) ;

#define SecpLpcBufferToSecBuffer( S, L ) \
            (S)->cbBuffer = (L)->cbBuffer ; \
            (S)->BufferType = (L)->BufferType ; \
            (S)->pvBuffer = (PVOID) (L)->pvBuffer ;

#define SecpSecBufferDescToLpc( L, S )\
            (L)->ulVersion = (S)->ulVersion ; \
            (L)->cBuffers = (S)->cBuffers ; \
            (L)->pBuffers = (PVOID_LPC) GET_WOW64_PTR((S)->pBuffers) ;

#define SecpLpcBufferDescToSecBufferDesc( S, L ) \
            (S)->ulVersion = (L)->ulVersion ; \
            (S)->cBuffers = (L)->cBuffers ; \
            (S)->pBuffers = (PSecBuffer) (L)->pBuffers ;

#define SecpSecPkgInfoToLpc( L, S ) \
            (L)->fCapabilities = (S)->fCapabilities ; \
            (L)->wVersion = (S)->wVersion ; \
            (L)->wRPCID = (S)->wRPCID ; \
            (L)->cbMaxToken = (S)->cbMaxToken ; \
            (L)->Name = (PWSTR_LPC) (S)->Name ; \
            (L)->Comment = (PWSTR_LPC) GET_WOW64_PTR((S)->Comment) ;

#define SecpLpcPkgInfoToSecPkgInfo( S, L ) \
            (S)->fCapabilities = (L)->fCapabilities ; \
            (S)->wVersion = (L)->wVersion ; \
            (S)->wRPCID = (L)->wRPCID ; \
            (S)->cbMaxToken = (L)->cbMaxToken ; \
            (S)->Name = (SEC_WCHAR *) (L)->Name ; \
            (S)->Comment = (SEC_WCHAR *) (L)->Comment ;

#else

#define ALIGN_WOW64

#define POINTER_FORMAT  "%p"

typedef SECURITY_STRING     SECURITY_STRING_LPC ;
typedef PVOID               PVOID_LPC ;
typedef SecHandle           SEC_HANDLE_LPC ;
typedef SecBufferDesc       SEC_BUFFER_DESC_LPC ;
typedef SecBuffer           SEC_BUFFER_LPC ;
typedef PWSTR               PWSTR_LPC ;
typedef LSA_SEC_HANDLE      LSA_SEC_HANDLE_LPC ;

#define SecpSecurityStringToLpc( L, S ) \
                *(L) = *(S) ;

#define SecpLpcStringToSecurityString( S, L ) \
                *(S) = *(L) ;

#define SecpSecBufferToLpc( L, S ) \
                *(L) = *(S) ;

#define SecpLpcBufferToSecBuffer( S, L ) \
                *(S) = *(L) ;

#define SecpSecBufferDescToLpc( L, S ) \
                *(L) = *(S) ;

#define SecpLpcBufferDescToSecBufferDesc( S, L ) \
                *(S) = *(L) ;
#endif

typedef SEC_HANDLE_LPC  CRED_HANDLE_LPC, * PCRED_HANDLE_LPC ;
typedef SEC_HANDLE_LPC  CONTEXT_HANDLE_LPC, * PCONTEXT_HANDLE_LPC ;
typedef SEC_HANDLE_LPC * PSEC_HANDLE_LPC ;
typedef SEC_BUFFER_LPC  * PSEC_BUFFER_LPC ;


//
// Connection specific data types
//


//
// The following are message structures for internal routines, such as
// synchronization and state messages
//
#define PACKAGEINFO_THUNKS  16

typedef struct _SEC_PACKAGE_BINDING_INFO_LPC {
    SECURITY_STRING_LPC PackageName;
    SECURITY_STRING_LPC Comment;
    SECURITY_STRING_LPC ModuleName;
    ULONG               PackageIndex;
    ULONG               fCapabilities;
    ULONG               Flags;
    ULONG               RpcId;
    ULONG               Version;
    ULONG               TokenSize;
    ULONG               ContextThunksCount ;
    ULONG               ContextThunks[ PACKAGEINFO_THUNKS ] ;
} SEC_PACKAGE_BINDING_INFO_LPC, * PSEC_PACKAGE_BINDING_INFO_LPC ;

#ifdef BUILD_WOW64

typedef struct _SEC_PACKAGE_BINDING_INFO {
    SECURITY_STRING     PackageName;
    SECURITY_STRING     Comment;
    SECURITY_STRING     ModuleName;
    ULONG               PackageIndex;
    ULONG               fCapabilities;
    ULONG               Flags;
    ULONG               RpcId;
    ULONG               Version;
    ULONG               TokenSize;
    ULONG               ContextThunksCount ;
    ULONG               ContextThunks[ PACKAGEINFO_THUNKS ] ;
} SEC_PACKAGE_BINDING_INFO, * PSEC_PACKAGE_BINDING_INFO ;

#else

typedef SEC_PACKAGE_BINDING_INFO_LPC SEC_PACKAGE_BINDING_INFO ;
typedef SEC_PACKAGE_BINDING_INFO_LPC * PSEC_PACKAGE_BINDING_INFO ;

#endif

#define PACKAGEINFO_BUILTIN 0x00000001
#define PACKAGEINFO_AUTHPKG 0x00000002
#define PACKAGEINFO_SIGNED  0x00000004


typedef struct _SPMGetBindingAPI {
    LSA_SEC_HANDLE_LPC ulPackageId;
    SEC_PACKAGE_BINDING_INFO_LPC BindingInfo;
} SPMGetBindingAPI;


//
// Internal SetSession API.
// not supported in Wow64
//

typedef struct _SPMSetSession {
    ULONG               Request;
    ULONG_PTR           Argument ;
    ULONG_PTR           Response;
    PVOID               ResponsePtr;
    PVOID               Extra ;
} SPMSetSessionAPI;

#define SETSESSION_GET_STATUS       0x00000001
#define SETSESSION_ADD_WORKQUEUE    0x00000002
#define SETSESSION_REMOVE_WORKQUEUE 0x00000003
#define SETSESSION_GET_DISPATCH     0x00000004


typedef struct _SPMFindPackageAPI {
    SECURITY_STRING_LPC ssPackageName;
    LSA_SEC_HANDLE_LPC  ulPackageId;
} SPMFindPackageAPI;


// The following are message structures.  Not surprisingly, they look a
// lot like the API signatures.  Keep that in mind.



// EnumeratePackages API

typedef struct _SPMEnumPackagesAPI {
    ULONG       cPackages;          // OUT
    PSecPkgInfo pPackages;          // OUT
} SPMEnumPackagesAPI;


//
// Credential APIs
//


// AcquireCredentialsHandle API

typedef struct _SPMAcquireCredsAPI {
    SECURITY_STRING_LPC ssPrincipal;       // IN
    SECURITY_STRING_LPC ssSecPackage;      // IN
    ULONG               fCredentialUse;     // IN
    LUID                LogonID;            // IN
    PVOID_LPC           pvAuthData;         // IN
    PVOID_LPC           pvGetKeyFn;         // IN
    PVOID_LPC           ulGetKeyArgument;   // IN
    CRED_HANDLE_LPC     hCredential;        // OUT
    TimeStamp           tsExpiry;           // OUT
    SEC_BUFFER_LPC      AuthData ;          // IN
} SPMAcquireCredsAPI;


// EstablishCredentials API
// not supported in Wow64

typedef struct _SPMEstablishCredsAPI {
    SECURITY_STRING Name;           // IN
    SECURITY_STRING Package;        // IN
    ULONG           cbKey;          // IN
    PUCHAR          pbKey;          // IN
    CredHandle      hCredentials;   // OUT
    TimeStamp       tsExpiry;       // OUT
} SPMEstablishCredsAPI;

// FreeCredentialsHandle API

typedef struct _SPMFreeCredHandleAPI {
    CRED_HANDLE_LPC hCredential;
} SPMFreeCredHandleAPI;


//
// Context APIs
//

// InitializeSecurityContext API

typedef struct _SPMInitSecContextAPI {
    CRED_HANDLE_LPC     hCredential;    // IN
    CONTEXT_HANDLE_LPC  hContext;       // IN
    SECURITY_STRING_LPC ssTarget;       // IN
    ULONG               fContextReq;    // IN
    ULONG               dwReserved1;    // IN
    ULONG               TargetDataRep;  // IN
    SEC_BUFFER_DESC_LPC sbdInput;       // IN
    ULONG               dwReserved2;    // IN
    CONTEXT_HANDLE_LPC  hNewContext;    // OUT
    SEC_BUFFER_DESC_LPC sbdOutput;      // IN OUT
    ULONG               fContextAttr;   // OUT
    TimeStamp           tsExpiry;       // OUT
    BOOLEAN             MappedContext;  // OUT
    SEC_BUFFER_LPC      ContextData;    // OUT
    SEC_BUFFER_LPC      sbData[0];      // IN
} SPMInitContextAPI;



// AcceptSecurityContext API

typedef struct _SPMAcceptContextAPI {
    CRED_HANDLE_LPC     hCredential;    // IN
    CONTEXT_HANDLE_LPC  hContext;       // IN
    SEC_BUFFER_DESC_LPC sbdInput;       // IN
    ULONG               fContextReq;    // IN
    ULONG               TargetDataRep;  // IN
    CHAR                IpAddress[LSAP_ADDRESS_LENGTH]; // IN
    CONTEXT_HANDLE_LPC  hNewContext;    // OUT
    SEC_BUFFER_DESC_LPC sbdOutput;      // IN OUT
    ULONG               fContextAttr;   // OUT
    TimeStamp           tsExpiry;       // OUT
    BOOLEAN             MappedContext;  // OUT
    SEC_BUFFER_LPC      ContextData;    // OUT
    SEC_BUFFER_LPC      sbData[0];      // IN OUT
} SPMAcceptContextAPI;

//
// ApplyControlToken API
//

typedef struct _SPMApplyTokenAPI {
    CONTEXT_HANDLE_LPC  hContext ;
    SEC_BUFFER_DESC_LPC sbdInput ;
    SEC_BUFFER_LPC      sbInputBuffer[ MAX_SECBUFFERS ];
} SPMApplyTokenAPI;

// DeleteContext API

typedef struct _SPMDeleteContextAPI {
    CONTEXT_HANDLE_LPC  hContext;           // IN - Context to delete
} SPMDeleteContextAPI;



//
// Miscelanneous, extension APIs
//


// QueryPackage API

typedef struct _SPMQueryPackageAPI {
    SECURITY_STRING_LPC ssPackageName;
    PSecPkgInfo         pPackageInfo;
} SPMQueryPackageAPI;



// GetSecurityUserInfo
// not supported in Wow64

typedef struct _SPMGetUserInfoAPI {
    LUID                LogonId;        // IN
    ULONG               fFlags;         // IN
    PSecurityUserData   pUserInfo;      // OUT
} SPMGetUserInfoAPI;


//
// Credentials APIs.  Not used.
//

typedef struct _SPMGetCredsAPI {
    CredHandle      hCredentials;       // IN
    SecBuffer       Credentials;        // OUT
} SPMGetCredsAPI;

typedef struct _SPMSaveCredsAPI {
    CredHandle      hCredentials;       // IN
    SecBuffer       Credentials;        // IN
} SPMSaveCredsAPI;

typedef struct _SPMQueryCredAttributesAPI {
    CRED_HANDLE_LPC hCredentials;
    ULONG           ulAttribute;
    PVOID_LPC       pBuffer;
    ULONG           Allocs ;
    PVOID_LPC       Buffers[MAX_BUFFERS_IN_CALL];
} SPMQueryCredAttributesAPI;


typedef struct _SPMAddPackageAPI {
    SECURITY_STRING_LPC Package;
    ULONG               OptionsFlags;
} SPMAddPackageAPI ;

typedef struct _SPMDeletePackageAPI {
    SECURITY_STRING_LPC Package;
} SPMDeletePackageAPI ;

typedef struct _SPMQueryContextAttrAPI {
    CONTEXT_HANDLE_LPC hContext ;
    ULONG              ulAttribute ;
    PVOID_LPC          pBuffer ;
    ULONG              Allocs ;
    PVOID_LPC          Buffers[MAX_BUFFERS_IN_CALL];
} SPMQueryContextAttrAPI ;

typedef struct _SPMSetContextAttrAPI {
    CONTEXT_HANDLE_LPC hContext ;
    ULONG              ulAttribute ;
    PVOID_LPC          pBuffer ;
    ULONG              cbBuffer;
} SPMSetContextAttrAPI ;


//
// Kernel mode EFS API.  None of these are Wow64
//

typedef struct _SPMEfsGenerateKeyAPI {
    PVOID           EfsStream;
    PVOID           DirectoryEfsStream;
    ULONG           DirectoryEfsStreamLength;
    PVOID           Fek;
    ULONG           BufferLength;
    PVOID           BufferBase;
} SPMEfsGenerateKeyAPI;

typedef struct _SPMEfsGenerateDirEfsAPI {
    PVOID       DirectoryEfsStream;
    ULONG       DirectoryEfsStreamLength;
    PVOID       EfsStream;
    PVOID       BufferBase;
    ULONG       BufferLength;
} SPMEfsGenerateDirEfsAPI;

typedef struct _SPMEfsDecryptFekAPI {
    PVOID       Fek;
    PVOID       EfsStream;
    ULONG       EfsStreamLength;
    ULONG       OpenType;
    PVOID       NewEfs;
    PVOID       BufferBase;
    ULONG       BufferLength;
} SPMEfsDecryptFekAPI;

typedef struct  _SPMEfsGenerateSessionKeyAPI {
    PVOID       InitDataExg;
} SPMEfsGenerateSessionKeyAPI;



//
// Usermode policy change notifications
//
//
// Note: Instead of a HANDLE structure use a ULONG64 for EventHandle member
//  to guarantee that passed value will be 64 bits. If not, in Wow64 the passed
//  handle will be 32 bits, while the server side expects it to be 64 bits.
//  Therefore always extend the handle to a 64 bit variable.
//
typedef struct _SPMLsaPolicyChangeNotifyAPI {
    ULONG Options;
    BOOLEAN Register;
    ULONG64 EventHandle;
    POLICY_NOTIFICATION_INFORMATION_CLASS NotifyInfoClass;
} SPMLsaPolicyChangeNotifyAPI;


typedef struct _SPMCallbackAPI {
    ULONG           Type;
    PVOID_LPC       CallbackFunction;
    PVOID_LPC       Argument1;
    PVOID_LPC       Argument2;
    SEC_BUFFER_LPC  Input ;
    SEC_BUFFER_LPC  Output ;
} SPMCallbackAPI ;

#define SPM_CALLBACK_INTERNAL   0x00000001  // Handled by the security DLL
#define SPM_CALLBACK_GETKEY     0x00000002  // Getkey function being called
#define SPM_CALLBACK_PACKAGE    0x00000003  // Package function
#define SPM_CALLBACK_EXPORT     0x00000004  // Ptr to string

//
// Fast name lookup
//

typedef struct _SPMGetUserNameXAPI {
    ULONG               Options ;
    SECURITY_STRING_LPC Name;
} SPMGetUserNameXAPI ;

#define SPM_NAME_OPTION_MASK        0xFFFF0000

#define SPM_NAME_OPTION_NT4_ONLY    0x00010000  // GetUserNameX only, not Ex
#define SPM_NAME_OPTION_FLUSH       0x00020000

//
// AddCredential API.
//

typedef struct _SPMAddCredential {
    CRED_HANDLE_LPC     hCredentials ;
    SECURITY_STRING_LPC ssPrincipal;       // IN
    SECURITY_STRING_LPC ssSecPackage;      // IN
    ULONG               fCredentialUse;     // IN
    LUID                LogonID;            // IN
    PVOID_LPC           pvAuthData;         // IN
    PVOID_LPC           pvGetKeyFn;         // IN
    PVOID_LPC           ulGetKeyArgument;   // IN
    TimeStamp           tsExpiry;           // OUT
} SPMAddCredentialAPI ;

typedef struct _SPMEnumLogonSession {
    PVOID_LPC       LogonSessionList ;      // OUT
    ULONG           LogonSessionCount ;     // OUT
} SPMEnumLogonSessionAPI ;

typedef struct _SPMGetLogonSessionData {
    LUID        LogonId ;                       // IN
    PVOID_LPC   LogonSessionInfo ;              // OUT
} SPMGetLogonSessionDataAPI ;

//
// Internal codes:
//

#define SPM_CALLBACK_ADDRESS_CHECK  1       // Setting up shared buffer
#define SPM_CALLBACK_SHUTDOWN       2       // Inproc shutdown notification


//
// SID translation APIs (for kmode callers, primarily)
//

typedef struct _SPMLookupAccountSidX {
    PVOID_LPC           Sid;        // IN
    SECURITY_STRING_LPC Name ;      // OUT
    SECURITY_STRING_LPC Domain ;    // OUT
    SID_NAME_USE NameUse ;          // OUT
} SPMLookupAccountSidXAPI ;

typedef struct _SPMLookupAccountNameX {
    SECURITY_STRING_LPC Name ;      // IN
    SECURITY_STRING_LPC Domain ;    // OUT
    PVOID_LPC           Sid ;       // OUT
    SID_NAME_USE        NameUse ;   // OUT
} SPMLookupAccountNameXAPI ;

typedef struct _SPMLookupWellKnownSid {
    WELL_KNOWN_SID_TYPE SidType ;
    PVOID_LPC           Sid ;
} SPMLookupWellKnownSidAPI ;


// this is the wrapper for all messages.

typedef union {
    SPMGetBindingAPI            GetBinding;
    SPMSetSessionAPI            SetSession;
    SPMFindPackageAPI           FindPackage;
    SPMEnumPackagesAPI          EnumPackages;
    SPMAcquireCredsAPI          AcquireCreds;
    SPMEstablishCredsAPI        EstablishCreds;
    SPMFreeCredHandleAPI        FreeCredHandle;
    SPMInitContextAPI           InitContext;
    SPMAcceptContextAPI         AcceptContext;
    SPMApplyTokenAPI            ApplyToken;
    SPMDeleteContextAPI         DeleteContext;
    SPMQueryPackageAPI          QueryPackage;
    SPMGetUserInfoAPI           GetUserInfo;
    SPMGetCredsAPI              GetCreds;
    SPMSaveCredsAPI             SaveCreds;
    SPMQueryCredAttributesAPI   QueryCredAttributes;
    SPMAddPackageAPI            AddPackage;
    SPMDeletePackageAPI         DeletePackage ;
    SPMEfsGenerateKeyAPI        EfsGenerateKey;
    SPMEfsGenerateDirEfsAPI     EfsGenerateDirEfs;
    SPMEfsDecryptFekAPI         EfsDecryptFek;
    SPMEfsGenerateSessionKeyAPI EfsGenerateSessionKey;
    SPMQueryContextAttrAPI      QueryContextAttr ;
    SPMCallbackAPI              Callback ;
    SPMLsaPolicyChangeNotifyAPI LsaPolicyChangeNotify;
    SPMGetUserNameXAPI          GetUserNameX ;
    SPMAddCredentialAPI         AddCredential ;
    SPMEnumLogonSessionAPI      EnumLogonSession ;
    SPMGetLogonSessionDataAPI   GetLogonSessionData ;
    SPMSetContextAttrAPI        SetContextAttr ;
    SPMLookupAccountSidXAPI     LookupAccountSidX ;
    SPMLookupAccountNameXAPI    LookupAccountNameX ;
    SPMLookupWellKnownSidAPI    LookupWellKnownSid ;
} SPM_API;

//
// This extends the range of LSA functions with the SPM functions
//

typedef enum _SPM_API_NUMBER {
    SPMAPI_GetBinding = (LsapAuMaxApiNumber + 1),
    SPMAPI_SetSession,
    SPMAPI_FindPackage,
    SPMAPI_EnumPackages,
    SPMAPI_AcquireCreds,
    SPMAPI_EstablishCreds,
    SPMAPI_FreeCredHandle,
    SPMAPI_InitContext,
    SPMAPI_AcceptContext,
    SPMAPI_ApplyToken,
    SPMAPI_DeleteContext,
    SPMAPI_QueryPackage,
    SPMAPI_GetUserInfo,
    SPMAPI_GetCreds,
    SPMAPI_SaveCreds,
    SPMAPI_QueryCredAttributes,
    SPMAPI_AddPackage,
    SPMAPI_DeletePackage,
    SPMAPI_EfsGenerateKey,
    SPMAPI_EfsGenerateDirEfs,
    SPMAPI_EfsDecryptFek,
    SPMAPI_EfsGenerateSessionKey,
    SPMAPI_Callback,
    SPMAPI_QueryContextAttr,
    SPMAPI_LsaPolicyChangeNotify,
    SPMAPI_GetUserNameX,
    SPMAPI_AddCredential,
    SPMAPI_EnumLogonSession,
    SPMAPI_GetLogonSessionData,
    SPMAPI_SetContextAttr,
    SPMAPI_LookupAccountNameX,
    SPMAPI_LookupAccountSidX,
    SPMAPI_LookupWellKnownSid,
    SPMAPI_MaxApiNumber
} SPM_API_NUMBER, *PSPM_API_NUMBER;

//
// These are the valid flags to set in the fAPI field
//

#define SPMAPI_FLAG_ERROR_RET   0x0001  // Indicates an error return
#define SPMAPI_FLAG_MEMORY      0x0002  // Memory was allocated in client
#define SPMAPI_FLAG_PREPACK     0x0004  // Data packed in bData field
#define SPMAPI_FLAG_GETSTATE    0x0008  // driver should call GetState

#define SPMAPI_FLAG_ANSI_CALL   0x0010  // Called via ANSI stub
#define SPMAPI_FLAG_HANDLE_CHG  0x0020  // A handle was changed
#define SPMAPI_FLAG_CALLBACK    0x0040  // Callback to calling process
#define SPMAPI_FLAG_ALLOCS      0x0080  // VM Allocs were placed in prepack
#define SPMAPI_FLAG_EXEC_NOW    0x0100  // Execute in LPC thread
#define SPMAPI_FLAG_WIN32_ERROR 0x0200  // Status is a win32 error
#define SPMAPI_FLAG_KMAP_MEM    0x0400  // Call contains buffers in the kmap

//
// This structure contains all the information needed for SPM api's
//

typedef struct _SPMLPCAPI {
    USHORT          fAPI ;
    USHORT          VMOffset ;
    PVOID_LPC       ContextPointer ;
    SPM_API         API;
} SPMLPCAPI, * PSPMLPCAPI;

//
// This union contains all the info for LSA api's
//

typedef union {
    LSAP_LOOKUP_PACKAGE_ARGS LookupPackage;
    LSAP_LOGON_USER_ARGS LogonUser;
    LSAP_CALL_PACKAGE_ARGS CallPackage;
} LSA_API;


//
// This union contains both SPM and LSA api's
//

typedef union _SPM_LSA_ARGUMENTS {
    LSA_API LsaArguments;
    SPMLPCAPI SpmArguments;
} SPM_LSA_ARGUMENTS, *PSPM_LSA_ARGUMENTS;

//
// For performance, some APIs will attempt to pack small parameters in the
// message being sent to the SPM, rather than have the SPM read it out of
// their memory.  So, this value defines how much data can be stuck in the
// message.
//
// Two items are defined here.  One, CBAPIHDR, is the size of everything
// in the message except the packed data.  The other, CBPREPACK, is the
// left over space.  I subtract 4 at the end to avoid potential boundary
// problems with an LPC message.
//

#define CBAPIHDR    (sizeof(PORT_MESSAGE) + sizeof(ULONG) + sizeof(HRESULT) + \
                    sizeof(SPM_LSA_ARGUMENTS))

#define CBPREPACK   (PORT_MAXIMUM_MESSAGE_LENGTH - CBAPIHDR - sizeof( PVOID_LPC ))

#define NUM_SECBUFFERS  ( CBPREPACK / sizeof(SecBuffer) )

//
// This structure is sent over during an API call rather than a connect
// message
//

typedef struct _SPM_API_MESSAGE {
    SPM_API_NUMBER      dwAPI;
    HRESULT             scRet;
    SPM_LSA_ARGUMENTS   Args;
    UCHAR               bData[CBPREPACK];
} SPM_API_MESSAGE, *PSPM_API_MESSAGE;

#define SecBaseMessageSize( Api ) \
    ( sizeof( SPM_API_NUMBER ) + sizeof( HRESULT ) + \
      ( sizeof( SPM_LSA_ARGUMENTS ) - sizeof( SPM_API ) + \
      sizeof( SPM##Api##API ) ) )


//
// This is the actual message sent over LPC - it contains both the
// connection request information and the api message
//


typedef struct _SPM_LPC_MESSAGE {
    PORT_MESSAGE    pmMessage;
    union {
        LSAP_AU_REGISTER_CONNECT_INFO ConnectionRequest;
        SPM_API_MESSAGE ApiMessage;
    };
} SPM_LPC_MESSAGE, *PSPM_LPC_MESSAGE;


//
// Macros to help prepare LPC messages
//

#ifdef SECURITY_USERMODE
#define PREPARE_MESSAGE_EX( Message, Api, Flags, Context ) \
    RtlZeroMemory( &(Message), sizeof( SPM_LSA_ARGUMENTS ) + sizeof( PORT_MESSAGE )  ); \
    (Message).pmMessage.u1.s1.DataLength =  \
            ( sizeof( SPM_API_NUMBER ) + sizeof( HRESULT ) + \
              ( sizeof( SPM_LSA_ARGUMENTS ) - sizeof( SPM_API ) + \
                sizeof( SPM##Api##API ) ) ); \
    (Message).pmMessage.u1.s1.TotalLength = (Message).pmMessage.u1.s1.DataLength + \
               sizeof( PORT_MESSAGE ); \
    (Message).pmMessage.u2.ZeroInit = 0L; \
    (Message).ApiMessage.scRet = 0L; \
    (Message).ApiMessage.dwAPI = SPMAPI_##Api ; \
    (Message).ApiMessage.Args.SpmArguments.fAPI = (USHORT)(Flags); \
    (Message).ApiMessage.Args.SpmArguments.ContextPointer = (Context);
#else
#define PREPARE_MESSAGE_EX( Message, Api, Flags, Context ) \
    RtlZeroMemory( &(Message), sizeof( SPM_LSA_ARGUMENTS ) + sizeof( PORT_MESSAGE )  ); \
    (Message).pmMessage.u1.s1.DataLength =  \
            ( sizeof( SPM_API_NUMBER ) + sizeof( HRESULT ) + \
              ( sizeof( SPM_LSA_ARGUMENTS ) - sizeof( SPM_API ) + \
                sizeof( SPM##Api##API ) ) );  \
    (Message).pmMessage.u1.s1.TotalLength = (Message).pmMessage.u1.s1.DataLength + \
               sizeof( PORT_MESSAGE ); \
    (Message).pmMessage.u2.ZeroInit = 0L; \
    (Message).ApiMessage.scRet = 0L; \
    (Message).ApiMessage.dwAPI = SPMAPI_##Api ; \
    (Message).ApiMessage.Args.SpmArguments.fAPI = (USHORT)(Flags); \
    (Message).ApiMessage.Args.SpmArguments.ContextPointer = (Context); \
    (Message).pmMessage.u2.s2.Type |= LPC_KERNELMODE_MESSAGE;
#endif

#define PREPARE_MESSAGE(Message, Api) PREPARE_MESSAGE_EX(Message, Api, 0, 0 )

#define LPC_MESSAGE_ARGS( Message, Api )\
    ( & (Message).ApiMessage.Args.SpmArguments.API.Api )

#define LPC_MESSAGE_ARGSP( Message, Api )\
    ( & (Message)->ApiMessage.Args.SpmArguments.API.Api )

#define DECLARE_ARGS( ArgPointer, Message, Api )\
    SPM##Api##API * ArgPointer = & (Message).ApiMessage.Args.SpmArguments.API.Api

#define DECLARE_ARGSP( ArgPointer, Message, Api)\
    SPM##Api##API * ArgPointer = & (Message)->ApiMessage.Args.SpmArguments.API.Api

#define PREPACK_START   FIELD_OFFSET( SPM_LPC_MESSAGE, ApiMessage.bData )

#define LPC_DATA_LENGTH( Length )\
            (USHORT) ((PREPACK_START) + (Length) - sizeof( PORT_MESSAGE ) )

#define LPC_TOTAL_LENGTH( Length )\
            (USHORT) ((PREPACK_START) + (Length))

BOOLEAN
FORCEINLINE
SecLpcIsPointerInMessage(
    PSPM_LPC_MESSAGE Message,
    PVOID_LPC Pointer
    )
{
    ULONG_PTR P ;
    ULONG_PTR B ;

    P = (ULONG_PTR) Pointer ;

    B = (ULONG_PTR) ((ULONG_PTR) Message->ApiMessage.bData) - (ULONG_PTR) Message ;

    return ( ( P >= B ) && (P < B + CBPREPACK ) );

}

PVOID_LPC
FORCEINLINE
SecLpcFixupPointer(
    PSPM_LPC_MESSAGE Message,
    PVOID_LPC Pointer
    )
{
    return (PVOID_LPC) ((PUCHAR) Message + (ULONG_PTR) Pointer );
}
//
// Prototype for the direct dispatch function:
//

typedef NTSTATUS (SEC_ENTRY LSA_DISPATCH_FN)(
    PSPM_LPC_MESSAGE );

typedef LSA_DISPATCH_FN * PLSA_DISPATCH_FN;


//
// structs used to manage memory shared between the LSA and KSEC driver
//

#define LSA_MAX_KMAP_SIZE   65535


//
// This structure describes a chunk of pool that has been copied into
// a kmap buffer.  The original pool address and the location in the
// kmap are here, as is the size of the chunk.  On IA64, this ends up
// with a wasted 32bit padding area
//
typedef struct _KSEC_LSA_POOL_MAP {
    PVOID_LPC   Pool ;                  // Region of pool
    USHORT      Offset ;                // Offset into kmap
    USHORT      Size ;                  // size of chunk
} KSEC_LSA_POOL_MAP, PKSEC_LSA_POOL_MAP ;

#define KSEC_LSA_MAX_MAPS   4

typedef struct _KSEC_LSA_MEMORY_HEADER {
    ULONG   Size ;          // Size of the reserved region
    ULONG   Commit ;        // Size of the committed space
    ULONG   Consumed ;      // Amount consumed
    USHORT  Preserve ;      // Size of the area to keep for ksec
    USHORT  MapCount ;      // number of entries in array
    KSEC_LSA_POOL_MAP   PoolMap[ KSEC_LSA_MAX_MAPS ];
} KSEC_LSA_MEMORY_HEADER, * PKSEC_LSA_MEMORY_HEADER ;

//
// This buffer type is used to indicate the header in the
// message from the driver to the LSA.  It is ignored if
// the call did not originate from kernel mode
//

#define SECBUFFER_KMAP_HEADER   0x00008001

#pragma warning(default:4200)

#endif // __SPMLPC_H__