xref: /netbsd-src/external/gpl3/gcc/dist/libphobos/libdruntime/core/sys/windows/ntsecapi.d (revision 0a3071956a3a9fdebdbf7f338cf2d439b45fc728)
1 /**
2  * Windows API header module
3  *
4  * Translated from MinGW Windows headers
5  *
6  * Authors: Stewart Gordon
7  * License: $(LINK2 http://www.boost.org/LICENSE_1_0.txt, Boost License 1.0)
8  * Source: $(DRUNTIMESRC core/sys/windows/_ntsecapi.d)
9  */
10 module core.sys.windows.ntsecapi;
11 version (Windows):
12 @system:
13 pragma(lib, "advapi32");
14 
version(ANSI)15 version (ANSI) {} else version = Unicode;
16 
17 private import
18   core.sys.windows.basetyps, core.sys.windows.ntdef, core.sys.windows.windef, core.sys.windows.winnt, core.sys.windows.w32api;
19 
20 // FIXME: check types and grouping of constants
21 // FIXME: check Windows version support
22 
23 enum KERB_WRAP_NO_ENCRYPT        = 0x80000001;
24 
25 enum LOGON_GUEST                 = 0x00000001;
26 enum LOGON_NOENCRYPTION          = 0x00000002;
27 enum LOGON_CACHED_ACCOUNT        = 0x00000004;
28 enum LOGON_USED_LM_PASSWORD      = 0x00000008;
29 enum LOGON_EXTRA_SIDS            = 0x00000020;
30 enum LOGON_SUBAUTH_SESSION_KEY   = 0x00000040;
31 enum LOGON_SERVER_TRUST_ACCOUNT  = 0x00000080;
32 enum LOGON_NTLMV2_ENABLED        = 0x00000100;
33 enum LOGON_RESOURCE_GROUPS       = 0x00000200;
34 enum LOGON_PROFILE_PATH_RETURNED = 0x00000400;
35 enum LOGON_GRACE_LOGON           = 0x01000000;
36 
37 enum {
38     LSA_MODE_PASSWORD_PROTECTED = 1,
39     LSA_MODE_INDIVIDUAL_ACCOUNTS,
40     LSA_MODE_MANDATORY_ACCESS,
41     LSA_MODE_LOG_FULL
42 }
43 
LSA_SUCCESS(int x)44 bool LSA_SUCCESS(int x) { return x >= 0; }
45 
46 /*  TOTHINKABOUT: These constants don't have ANSI/Unicode versioned
47  *  aliases.  Should we merge them anyway?
48  */
49 const char[]  MICROSOFT_KERBEROS_NAME_A = "Kerberos";
50 const wchar[] MICROSOFT_KERBEROS_NAME_W = "Kerberos";
51 const char[]  MSV1_0_PACKAGE_NAME  = "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0";
52 const wchar[] MSV1_0_PACKAGE_NAMEW = "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0";
53 
54 enum MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT      =       32;
55 enum MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT =     2048;
56 enum MSV1_0_CLEARTEXT_PASSWORD_ALLOWED      =        2;
57 enum MSV1_0_CRED_LM_PRESENT                 =        1;
58 enum MSV1_0_CRED_NT_PRESENT                 =        2;
59 enum MSV1_0_CRED_VERSION                    =        0;
60 enum MSV1_0_DONT_TRY_GUEST_ACCOUNT          =       16;
61 enum MSV1_0_MAX_NTLM3_LIFE                  =     1800;
62 enum MSV1_0_MAX_AVL_SIZE                    =    64000;
63 enum MSV1_0_MNS_LOGON                       = 16777216;
64 
65 enum size_t
66     MSV1_0_CHALLENGE_LENGTH          = 8,
67     MSV1_0_LANMAN_SESSION_KEY_LENGTH = 8,
68     MSV1_0_NTLM3_RESPONSE_LENGTH     = 16,
69     MSV1_0_NTLM3_OWF_LENGTH          = 16,
70     MSV1_0_NTLM3_INPUT_LENGTH        = MSV1_0_NTLM3_RESPONSE.sizeof
71                                        - MSV1_0_NTLM3_RESPONSE_LENGTH,
72     MSV1_0_OWF_PASSWORD_LENGTH       = 16,
73     MSV1_0_PACKAGE_NAMEW_LENGTH      = MSV1_0_PACKAGE_NAMEW.sizeof
74                                        - WCHAR.sizeof;
75 
76 enum MSV1_0_RETURN_USER_PARAMETERS      =          8;
77 enum MSV1_0_RETURN_PASSWORD_EXPIRY      =         64;
78 enum MSV1_0_RETURN_PROFILE_PATH         =        512;
79 enum MSV1_0_SUBAUTHENTICATION_DLL_EX    =    1048576;
80 enum MSV1_0_SUBAUTHENTICATION_DLL       = 0xff000000;
81 enum MSV1_0_SUBAUTHENTICATION_DLL_SHIFT =         24;
82 enum MSV1_0_SUBAUTHENTICATION_DLL_RAS   =          2;
83 enum MSV1_0_SUBAUTHENTICATION_DLL_IIS   =        132;
84 enum MSV1_0_SUBAUTHENTICATION_FLAGS     = 0xff000000;
85 enum MSV1_0_TRY_GUEST_ACCOUNT_ONLY      =        256;
86 enum MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY   =       1024;
87 enum MSV1_0_UPDATE_LOGON_STATISTICS     =          4;
88 enum MSV1_0_USE_CLIENT_CHALLENGE        =        128;
89 enum MSV1_0_USER_SESSION_KEY_LENGTH     =         16;
90 
91 const char[]
92     MSV1_0_SUBAUTHENTICATION_KEY
93       = `System\CurrentControlSet\Control\Lsa\MSV1_0`,
94     MSV1_0_SUBAUTHENTICATION_VALUE = "Auth";
95 
96 enum ACCESS_MASK
97     POLICY_VIEW_LOCAL_INFORMATION   = 0x0001,
98     POLICY_VIEW_AUDIT_INFORMATION   = 0x0002,
99     POLICY_GET_PRIVATE_INFORMATION  = 0x0004,
100     POLICY_TRUST_ADMIN              = 0x0008,
101     POLICY_CREATE_ACCOUNT           = 0x0010,
102     POLICY_CREATE_SECRET            = 0x0020,
103     POLICY_CREATE_PRIVILEGE         = 0x0040,
104     POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x0080,
105     POLICY_SET_AUDIT_REQUIREMENTS   = 0x0100,
106     POLICY_AUDIT_LOG_ADMIN          = 0x0200,
107     POLICY_SERVER_ADMIN             = 0x0400,
108     POLICY_LOOKUP_NAMES             = 0x0800,
109 
110     POLICY_READ                     = STANDARD_RIGHTS_READ     | 0x0006,
111     POLICY_WRITE                    = STANDARD_RIGHTS_WRITE    | 0x07F8,
112     POLICY_EXECUTE                  = STANDARD_RIGHTS_EXECUTE  | 0x0801,
113     POLICY_ALL_ACCESS               = STANDARD_RIGHTS_REQUIRED | 0x0FFF;
114 
115 enum POLICY_AUDIT_EVENT_UNCHANGED = 0;
116 enum POLICY_AUDIT_EVENT_SUCCESS   = 1;
117 enum POLICY_AUDIT_EVENT_FAILURE   = 2;
118 enum POLICY_AUDIT_EVENT_NONE      = 4;
119 enum POLICY_AUDIT_EVENT_MASK      = 7;
120 
121 enum {
122     POLICY_LOCATION_LOCAL = 1,
123     POLICY_LOCATION_DS
124 }
125 
126 enum : uint {
127     POLICY_MACHINE_POLICY_LOCAL     =          0,
128     POLICY_MACHINE_POLICY_DEFAULTED,
129     POLICY_MACHINE_POLICY_EXPLICIT,
130     POLICY_MACHINE_POLICY_UNKNOWN   = 0xFFFFFFFF
131 }
132 
133 
134 enum POLICY_QOS_SCHANEL_REQUIRED            = 0x0001;
135 enum POLICY_QOS_OUTBOUND_INTEGRITY          = 0x0002;
136 enum POLICY_QOS_OUTBOUND_CONFIDENTIALITY    = 0x0004;
137 enum POLICY_QOS_INBOUND_INTEGREITY          = 0x0008;
138 enum POLICY_QOS_INBOUND_CONFIDENTIALITY     = 0x0010;
139 enum POLICY_QOS_ALLOW_LOCAL_ROOT_CERT_STORE = 0x0020;
140 enum POLICY_QOS_RAS_SERVER_ALLOWED          = 0x0040;
141 enum POLICY_QOS_DHCP_SERVER_ALLOWD          = 0x0080;
142 
143 enum POLICY_KERBEROS_FORWARDABLE  = 1;
144 enum POLICY_KERBEROS_PROXYABLE    = 2;
145 enum POLICY_KERBEROS_RENEWABLE    = 4;
146 enum POLICY_KERBEROS_POSTDATEABLE = 8;
147 
148 const char[]
149     SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE = "PasswordChangeNotify",
150     SAM_INIT_NOTIFICATION_ROUTINE      = "InitializeChangeNotify",
151     SAM_PASSWORD_FILTER_ROUTINE        = "PasswordFilter";
152 
153 const TCHAR[]
154     SE_INTERACTIVE_LOGON_NAME          = "SeInteractiveLogonRight",
155     SE_NETWORK_LOGON_NAME              = "SeNetworkLogonRight",
156     SE_BATCH_LOGON_NAME                = "SeBatchLogonRight",
157     SE_SERVICE_LOGON_NAME              = "SeServiceLogonRight";
158 
159 enum {
160     TRUST_ATTRIBUTE_NON_TRANSITIVE =         1,
161     TRUST_ATTRIBUTE_UPLEVEL_ONLY   =         2,
162     TRUST_ATTRIBUTE_TREE_PARENT    =   4194304,
163     TRUST_ATTRIBUTES_VALID         = -16580609
164 }
165 
166 enum {
167     TRUST_AUTH_TYPE_NONE,
168     TRUST_AUTH_TYPE_NT4OWF,
169     TRUST_AUTH_TYPE_CLEAR
170 }
171 
172 enum {
173     TRUST_DIRECTION_DISABLED,
174     TRUST_DIRECTION_INBOUND,
175     TRUST_DIRECTION_OUTBOUND,
176     TRUST_DIRECTION_BIDIRECTIONAL
177 }
178 
179 enum {
180     TRUST_TYPE_DOWNLEVEL = 1,
181     TRUST_TYPE_UPLEVEL,
182     TRUST_TYPE_MIT,
183     TRUST_TYPE_DCE
184 }
185 
186 alias UNICODE_STRING LSA_UNICODE_STRING;
187 alias UNICODE_STRING* PLSA_UNICODE_STRING;
188 alias STRING LSA_STRING;
189 alias STRING* PLSA_STRING;
190 
191 enum MSV1_0_LOGON_SUBMIT_TYPE {
192     MsV1_0InteractiveLogon       = 2,
193     MsV1_0Lm20Logon,
194     MsV1_0NetworkLogon,
195     MsV1_0SubAuthLogon,
196     MsV1_0WorkstationUnlockLogon = 7
197 }
198 alias MSV1_0_LOGON_SUBMIT_TYPE* PMSV1_0_LOGON_SUBMIT_TYPE;
199 
200 enum MSV1_0_PROFILE_BUFFER_TYPE {
201     MsV1_0InteractiveProfile = 2,
202     MsV1_0Lm20LogonProfile,
203     MsV1_0SmartCardProfile
204 }
205 alias MSV1_0_PROFILE_BUFFER_TYPE* PMSV1_0_PROFILE_BUFFER_TYPE;
206 
207 
208 enum MSV1_0_AVID {
209     MsvAvEOL,
210     MsvAvNbComputerName,
211     MsvAvNbDomainName,
212     MsvAvDnsComputerName,
213     MsvAvDnsDomainName
214 }
215 
216 enum MSV1_0_PROTOCOL_MESSAGE_TYPE {
217     MsV1_0Lm20ChallengeRequest = 0,
218     MsV1_0Lm20GetChallengeResponse,
219     MsV1_0EnumerateUsers,
220     MsV1_0GetUserInfo,
221     MsV1_0ReLogonUsers,
222     MsV1_0ChangePassword,
223     MsV1_0ChangeCachedPassword,
224     MsV1_0GenericPassthrough,
225     MsV1_0CacheLogon,
226     MsV1_0SubAuth,
227     MsV1_0DeriveCredential,
228     MsV1_0CacheLookup
229 }
230 alias MSV1_0_PROTOCOL_MESSAGE_TYPE* PMSV1_0_PROTOCOL_MESSAGE_TYPE;
231 
232 enum POLICY_LSA_SERVER_ROLE {
233     PolicyServerRoleBackup = 2,
234     PolicyServerRolePrimary
235 }
236 alias POLICY_LSA_SERVER_ROLE* PPOLICY_LSA_SERVER_ROLE;
237 
238 enum POLICY_SERVER_ENABLE_STATE {
239     PolicyServerEnabled = 2,
240     PolicyServerDisabled
241 }
242 alias POLICY_SERVER_ENABLE_STATE* PPOLICY_SERVER_ENABLE_STATE;
243 
244 enum POLICY_INFORMATION_CLASS {
245     PolicyAuditLogInformation = 1,
246     PolicyAuditEventsInformation,
247     PolicyPrimaryDomainInformation,
248     PolicyPdAccountInformation,
249     PolicyAccountDomainInformation,
250     PolicyLsaServerRoleInformation,
251     PolicyReplicaSourceInformation,
252     PolicyDefaultQuotaInformation,
253     PolicyModificationInformation,
254     PolicyAuditFullSetInformation,
255     PolicyAuditFullQueryInformation,
256     PolicyDnsDomainInformation,
257     PolicyEfsInformation
258 }
259 alias POLICY_INFORMATION_CLASS* PPOLICY_INFORMATION_CLASS;
260 
261 enum POLICY_AUDIT_EVENT_TYPE {
262     AuditCategorySystem,
263     AuditCategoryLogon,
264     AuditCategoryObjectAccess,
265     AuditCategoryPrivilegeUse,
266     AuditCategoryDetailedTracking,
267     AuditCategoryPolicyChange,
268     AuditCategoryAccountManagement,
269     AuditCategoryDirectoryServiceAccess,
270     AuditCategoryAccountLogon
271 }
272 alias POLICY_AUDIT_EVENT_TYPE* PPOLICY_AUDIT_EVENT_TYPE;
273 
274 enum POLICY_LOCAL_INFORMATION_CLASS {
275     PolicyLocalAuditEventsInformation = 1,
276     PolicyLocalPdAccountInformation,
277     PolicyLocalAccountDomainInformation,
278     PolicyLocalLsaServerRoleInformation,
279     PolicyLocalReplicaSourceInformation,
280     PolicyLocalModificationInformation,
281     PolicyLocalAuditFullSetInformation,
282     PolicyLocalAuditFullQueryInformation,
283     PolicyLocalDnsDomainInformation,
284     PolicyLocalIPSecReferenceInformation,
285     PolicyLocalMachinePasswordInformation,
286     PolicyLocalQualityOfServiceInformation,
287     PolicyLocalPolicyLocationInformation
288 }
289 alias POLICY_LOCAL_INFORMATION_CLASS* PPOLICY_LOCAL_INFORMATION_CLASS;
290 
291 enum POLICY_DOMAIN_INFORMATION_CLASS {
292     PolicyDomainIPSecReferenceInformation = 1,
293     PolicyDomainQualityOfServiceInformation,
294     PolicyDomainEfsInformation,
295     PolicyDomainPublicKeyInformation,
296     PolicyDomainPasswordPolicyInformation,
297     PolicyDomainLockoutInformation,
298     PolicyDomainKerberosTicketInformation
299 }
300 alias POLICY_DOMAIN_INFORMATION_CLASS* PPOLICY_DOMAIN_INFORMATION_CLASS;
301 
302 enum SECURITY_LOGON_TYPE {
303     Interactive = 2,
304     Network,
305     Batch,
306     Service,
307     Proxy,
308     Unlock
309 }
310 alias SECURITY_LOGON_TYPE* PSECURITY_LOGON_TYPE;
311 
312 enum TRUSTED_INFORMATION_CLASS {
313     TrustedDomainNameInformation = 1,
314     TrustedControllersInformation,
315     TrustedPosixOffsetInformation,
316     TrustedPasswordInformation,
317     TrustedDomainInformationBasic,
318     TrustedDomainInformationEx,
319     TrustedDomainAuthInformation,
320     TrustedDomainFullInformation
321 }
322 alias TRUSTED_INFORMATION_CLASS* PTRUSTED_INFORMATION_CLASS;
323 
324 struct DOMAIN_PASSWORD_INFORMATION {
325     USHORT        MinPasswordLength;
326     USHORT        PasswordHistoryLength;
327     ULONG         PasswordProperties;
328     LARGE_INTEGER MaxPasswordAge;
329     LARGE_INTEGER MinPasswordAge;
330 }
331 alias DOMAIN_PASSWORD_INFORMATION* PDOMAIN_PASSWORD_INFORMATION;
332 
333 struct LSA_ENUMERATION_INFORMATION {
334     PSID Sid;
335 }
336 alias LSA_ENUMERATION_INFORMATION* PLSA_ENUMERATION_INFORMATION;
337 
338 alias OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES;
339 alias OBJECT_ATTRIBUTES* PLSA_OBJECT_ATTRIBUTES;
340 
341 struct LSA_TRUST_INFORMATION {
342     LSA_UNICODE_STRING Name;
343     PSID               Sid;
344 }
345 alias LSA_TRUST_INFORMATION TRUSTED_DOMAIN_INFORMATION_BASIC;
346 alias LSA_TRUST_INFORMATION* PLSA_TRUST_INFORMATION;
347 /*  in MinGW (further down the code):
348  *      typedef PLSA_TRUST_INFORMATION *PTRUSTED_DOMAIN_INFORMATION_BASIC;
349  *  but it doesn't look right....
350  */
351 alias LSA_TRUST_INFORMATION** PTRUSTED_DOMAIN_INFORMATION_BASIC;
352 
353 struct LSA_REFERENCED_DOMAIN_LIST {
354     ULONG                  Entries;
355     PLSA_TRUST_INFORMATION Domains;
356 }
357 alias LSA_REFERENCED_DOMAIN_LIST* PLSA_REFERENCED_DOMAIN_LIST;
358 
359 struct LSA_TRANSLATED_SID {
360     SID_NAME_USE Use;
361     ULONG        RelativeId;
362     LONG         DomainIndex;
363 }
364 alias LSA_TRANSLATED_SID* PLSA_TRANSLATED_SID;
365 
366 struct LSA_TRANSLATED_NAME {
367     SID_NAME_USE       Use;
368     LSA_UNICODE_STRING Name;
369     LONG               DomainIndex;
370 }
371 alias LSA_TRANSLATED_NAME* PLSA_TRANSLATED_NAME;
372 
373 struct MSV1_0_INTERACTIVE_LOGON {
374     MSV1_0_LOGON_SUBMIT_TYPE MessageType;
375     UNICODE_STRING           LogonDomainName;
376     UNICODE_STRING           UserName;
377     UNICODE_STRING           Password;
378 }
379 alias MSV1_0_INTERACTIVE_LOGON* PMSV1_0_INTERACTIVE_LOGON;
380 
381 struct MSV1_0_INTERACTIVE_PROFILE {
382     MSV1_0_PROFILE_BUFFER_TYPE MessageType;
383     USHORT                     LogonCount;
384     USHORT                     BadPasswordCount;
385     LARGE_INTEGER              LogonTime;
386     LARGE_INTEGER              LogoffTime;
387     LARGE_INTEGER              KickOffTime;
388     LARGE_INTEGER              PasswordLastSet;
389     LARGE_INTEGER              PasswordCanChange;
390     LARGE_INTEGER              PasswordMustChange;
391     UNICODE_STRING             LogonScript;
392     UNICODE_STRING             HomeDirectory;
393     UNICODE_STRING             FullName;
394     UNICODE_STRING             ProfilePath;
395     UNICODE_STRING             HomeDirectoryDrive;
396     UNICODE_STRING             LogonServer;
397     ULONG                      UserFlags;
398 }
399 alias MSV1_0_INTERACTIVE_PROFILE* PMSV1_0_INTERACTIVE_PROFILE;
400 
401 struct MSV1_0_LM20_LOGON {
402     MSV1_0_LOGON_SUBMIT_TYPE       MessageType;
403     UNICODE_STRING                 LogonDomainName;
404     UNICODE_STRING                 UserName;
405     UNICODE_STRING                 Workstation;
406     UCHAR[MSV1_0_CHALLENGE_LENGTH] ChallengeToClient;
407     STRING                         CaseSensitiveChallengeResponse;
408     STRING                         CaseInsensitiveChallengeResponse;
409     ULONG                          ParameterControl;
410 }
411 alias MSV1_0_LM20_LOGON* PMSV1_0_LM20_LOGON;
412 
413 //static if (_WIN32_WINNT >= 0x500) {
414     struct MSV1_0_SUBAUTH_LOGON {
415         MSV1_0_LOGON_SUBMIT_TYPE       MessageType;
416         UNICODE_STRING                 LogonDomainName;
417         UNICODE_STRING                 UserName;
418         UNICODE_STRING                 Workstation;
419         UCHAR[MSV1_0_CHALLENGE_LENGTH] ChallengeToClient;
420         STRING                         AuthenticationInfo1;
421         STRING                         AuthenticationInfo2;
422         ULONG                          ParameterControl;
423         ULONG                          SubAuthPackageId;
424     }
425     alias MSV1_0_SUBAUTH_LOGON* PMSV1_0_SUBAUTH_LOGON;
426 //}
427 
428 struct MSV1_0_LM20_LOGON_PROFILE {
429     MSV1_0_PROFILE_BUFFER_TYPE              MessageType;
430     LARGE_INTEGER                           KickOffTime;
431     LARGE_INTEGER                           LogoffTime;
432     ULONG                                   UserFlags;
433     UCHAR[MSV1_0_USER_SESSION_KEY_LENGTH]   UserSessionKey;
434     UNICODE_STRING                          LogonDomainName;
435     UCHAR[MSV1_0_LANMAN_SESSION_KEY_LENGTH] LanmanSessionKey;
436     UNICODE_STRING                          LogonServer;
437     UNICODE_STRING                          UserParameters;
438 }
439 alias MSV1_0_LM20_LOGON_PROFILE* PMSV1_0_LM20_LOGON_PROFILE;
440 
441 struct MSV1_0_SUPPLEMENTAL_CREDENTIAL {
442     ULONG Version;
443     ULONG Flags;
444     UCHAR[MSV1_0_OWF_PASSWORD_LENGTH] LmPassword;
445     UCHAR[MSV1_0_OWF_PASSWORD_LENGTH] NtPassword;
446 }
447 alias MSV1_0_SUPPLEMENTAL_CREDENTIAL* PMSV1_0_SUPPLEMENTAL_CREDENTIAL;
448 
449 struct MSV1_0_NTLM3_RESPONSE {
450     UCHAR[MSV1_0_NTLM3_RESPONSE_LENGTH] Response;
451     UCHAR     RespType;
452     UCHAR     HiRespType;
453     USHORT    Flags;
454     ULONG     MsgWord;
455     ULONGLONG TimeStamp;
456     UCHAR[MSV1_0_CHALLENGE_LENGTH]      ChallengeFromClient;
457     ULONG     AvPairsOff;
458     UCHAR     _Buffer;
459     UCHAR*    Buffer() return { return &_Buffer; }
460 }
461 alias MSV1_0_NTLM3_RESPONSE* PMSV1_0_NTLM3_RESPONSE;
462 
463 struct  MSV1_0_AV_PAIR {
464     USHORT AvId;
465     USHORT AvLen;
466 }
467 alias MSV1_0_AV_PAIR* PMSV1_0_AV_PAIR;
468 
469 struct MSV1_0_CHANGEPASSWORD_REQUEST {
470     MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
471     UNICODE_STRING DomainName;
472     UNICODE_STRING AccountName;
473     UNICODE_STRING OldPassword;
474     UNICODE_STRING NewPassword;
475     BOOLEAN        Impersonating;
476 }
477 alias MSV1_0_CHANGEPASSWORD_REQUEST* PMSV1_0_CHANGEPASSWORD_REQUEST;
478 
479 struct MSV1_0_CHANGEPASSWORD_RESPONSE {
480     MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
481     BOOLEAN                      PasswordInfoValid;
482     DOMAIN_PASSWORD_INFORMATION  DomainPasswordInfo;
483 }
484 alias MSV1_0_CHANGEPASSWORD_RESPONSE* PMSV1_0_CHANGEPASSWORD_RESPONSE;
485 
486 struct MSV1_0_SUBAUTH_REQUEST {
487     MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
488     ULONG  SubAuthPackageId;
489     ULONG  SubAuthInfoLength;
490     PUCHAR SubAuthSubmitBuffer;
491 }
492 alias MSV1_0_SUBAUTH_REQUEST* PMSV1_0_SUBAUTH_REQUEST;
493 
494 struct MSV1_0_SUBAUTH_RESPONSE {
495     MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
496     ULONG  SubAuthInfoLength;
497     PUCHAR SubAuthReturnBuffer;
498 }
499 alias MSV1_0_SUBAUTH_RESPONSE* PMSV1_0_SUBAUTH_RESPONSE;
500 
501 enum MSV1_0_DERIVECRED_TYPE_SHA1 = 0;
502 
503 struct MSV1_0_DERIVECRED_REQUEST {
504     MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
505     LUID   LogonId;
506     ULONG  DeriveCredType;
507     ULONG  DeriveCredInfoLength;
508     UCHAR  _DeriveCredSubmitBuffer;
509     UCHAR* DeriveCredSubmitBuffer() return { return &_DeriveCredSubmitBuffer; }
510 }
511 alias MSV1_0_DERIVECRED_REQUEST* PMSV1_0_DERIVECRED_REQUEST;
512 
513 struct MSV1_0_DERIVECRED_RESPONSE {
514     MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
515     ULONG  DeriveCredInfoLength;
516     UCHAR  _DeriveCredReturnBuffer;
517     UCHAR* DeriveCredReturnBuffer() return { return &_DeriveCredReturnBuffer; }
518 }
519 alias MSV1_0_DERIVECRED_RESPONSE* PMSV1_0_DERIVECRED_RESPONSE;
520 
521 alias uint LSA_ENUMERATION_HANDLE, LSA_OPERATIONAL_MODE,
522   POLICY_AUDIT_EVENT_OPTIONS;
523 alias uint* PLSA_ENUMERATION_HANDLE, PLSA_OPERATIONAL_MODE,
524   PPOLICY_AUDIT_EVENT_OPTIONS;
525 
526 struct POLICY_PRIVILEGE_DEFINITION {
527     LSA_UNICODE_STRING Name;
528     LUID LocalValue;
529 }
530 alias POLICY_PRIVILEGE_DEFINITION* PPOLICY_PRIVILEGE_DEFINITION;
531 
532 struct POLICY_AUDIT_LOG_INFO {
533     ULONG         AuditLogPercentFull;
534     ULONG         MaximumLogSize;
535     LARGE_INTEGER AuditRetentionPeriod;
536     BOOLEAN       AuditLogFullShutdownInProgress;
537     LARGE_INTEGER TimeToShutdown;
538     ULONG         NextAuditRecordId;
539 }
540 alias POLICY_AUDIT_LOG_INFO* PPOLICY_AUDIT_LOG_INFO;
541 
542 struct POLICY_AUDIT_EVENTS_INFO {
543     BOOLEAN                     AuditingMode;
544     PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions;
545     ULONG                       MaximumAuditEventCount;
546 }
547 alias POLICY_AUDIT_EVENTS_INFO* PPOLICY_AUDIT_EVENTS_INFO;
548 
549 struct POLICY_ACCOUNT_DOMAIN_INFO {
550     LSA_UNICODE_STRING DomainName;
551     PSID               DomainSid;
552 }
553 alias POLICY_ACCOUNT_DOMAIN_INFO* PPOLICY_ACCOUNT_DOMAIN_INFO;
554 
555 struct POLICY_PRIMARY_DOMAIN_INFO {
556     LSA_UNICODE_STRING Name;
557     PSID               Sid;
558 }
559 alias POLICY_PRIMARY_DOMAIN_INFO* PPOLICY_PRIMARY_DOMAIN_INFO;
560 
561 struct POLICY_DNS_DOMAIN_INFO {
562     LSA_UNICODE_STRING Name;
563     LSA_UNICODE_STRING DnsDomainName;
564     LSA_UNICODE_STRING DnsTreeName;
565     GUID               DomainGuid;
566     PSID               Sid;
567 }
568 alias POLICY_DNS_DOMAIN_INFO* PPOLICY_DNS_DOMAIN_INFO;
569 
570 struct POLICY_PD_ACCOUNT_INFO {
571     LSA_UNICODE_STRING Name;
572 }
573 alias POLICY_PD_ACCOUNT_INFO* PPOLICY_PD_ACCOUNT_INFO;
574 
575 struct POLICY_LSA_SERVER_ROLE_INFO {
576     POLICY_LSA_SERVER_ROLE LsaServerRole;
577 }
578 alias POLICY_LSA_SERVER_ROLE_INFO* PPOLICY_LSA_SERVER_ROLE_INFO;
579 
580 struct POLICY_REPLICA_SOURCE_INFO {
581     LSA_UNICODE_STRING ReplicaSource;
582     LSA_UNICODE_STRING ReplicaAccountName;
583 }
584 alias POLICY_REPLICA_SOURCE_INFO* PPOLICY_REPLICA_SOURCE_INFO;
585 
586 struct POLICY_DEFAULT_QUOTA_INFO {
587     QUOTA_LIMITS QuotaLimits;
588 }
589 alias POLICY_DEFAULT_QUOTA_INFO* PPOLICY_DEFAULT_QUOTA_INFO;
590 
591 struct POLICY_MODIFICATION_INFO {
592     LARGE_INTEGER ModifiedId;
593     LARGE_INTEGER DatabaseCreationTime;
594 }
595 alias POLICY_MODIFICATION_INFO* PPOLICY_MODIFICATION_INFO;
596 
597 struct POLICY_AUDIT_FULL_SET_INFO {
598     BOOLEAN ShutDownOnFull;
599 }
600 alias POLICY_AUDIT_FULL_SET_INFO* PPOLICY_AUDIT_FULL_SET_INFO;
601 
602 struct POLICY_AUDIT_FULL_QUERY_INFO {
603     BOOLEAN ShutDownOnFull;
604     BOOLEAN LogIsFull;
605 }
606 alias POLICY_AUDIT_FULL_QUERY_INFO* PPOLICY_AUDIT_FULL_QUERY_INFO;
607 
608 struct POLICY_EFS_INFO {
609     ULONG InfoLength;
610     PUCHAR EfsBlob;
611 }
612 alias POLICY_EFS_INFO* PPOLICY_EFS_INFO;
613 
614 struct POLICY_LOCAL_IPSEC_REFERENCE_INFO {
615     LSA_UNICODE_STRING ObjectPath;
616 }
617 alias POLICY_LOCAL_IPSEC_REFERENCE_INFO* PPOLICY_LOCAL_IPSEC_REFERENCE_INFO;
618 
619 struct POLICY_LOCAL_MACHINE_PASSWORD_INFO {
620     LARGE_INTEGER PasswordChangeInterval;
621 }
622 alias POLICY_LOCAL_MACHINE_PASSWORD_INFO* PPOLICY_LOCAL_MACHINE_PASSWORD_INFO;
623 
624 struct POLICY_LOCAL_POLICY_LOCATION_INFO {
625     ULONG PolicyLocation;
626 }
627 alias POLICY_LOCAL_POLICY_LOCATION_INFO* PPOLICY_LOCAL_POLICY_LOCATION_INFO;
628 
629 struct POLICY_LOCAL_QUALITY_OF_SERVICE_INFO{
630     ULONG QualityOfService;
631 }
632 alias POLICY_LOCAL_QUALITY_OF_SERVICE_INFO
633   POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
634 alias POLICY_LOCAL_QUALITY_OF_SERVICE_INFO*
635   PPOLICY_LOCAL_QUALITY_OF_SERVICE_INFO,
636   PPOLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
637 
638 struct POLICY_DOMAIN_PUBLIC_KEY_INFO {
639     ULONG  InfoLength;
640     PUCHAR PublicKeyInfo;
641 }
642 alias POLICY_DOMAIN_PUBLIC_KEY_INFO* PPOLICY_DOMAIN_PUBLIC_KEY_INFO;
643 
644 struct POLICY_DOMAIN_LOCKOUT_INFO {
645     LARGE_INTEGER LockoutDuration;
646     LARGE_INTEGER LockoutObservationWindow;
647     USHORT        LockoutThreshold;
648 }
649 alias POLICY_DOMAIN_LOCKOUT_INFO* PPOLICY_DOMAIN_LOCKOUT_INFO;
650 
651 struct POLICY_DOMAIN_PASSWORD_INFO {
652     USHORT        MinPasswordLength;
653     USHORT        PasswordHistoryLength;
654     ULONG         PasswordProperties;
655     LARGE_INTEGER MaxPasswordAge;
656     LARGE_INTEGER MinPasswordAge;
657 }
658 alias POLICY_DOMAIN_PASSWORD_INFO* PPOLICY_DOMAIN_PASSWORD_INFO;
659 
660 struct POLICY_DOMAIN_KERBEROS_TICKET_INFO {
661     ULONG         AuthenticationOptions;
662     LARGE_INTEGER MinTicketAge;
663     LARGE_INTEGER MaxTicketAge;
664     LARGE_INTEGER MaxRenewAge;
665     LARGE_INTEGER ProxyLifetime;
666     LARGE_INTEGER ForceLogoff;
667 }
668 alias POLICY_DOMAIN_KERBEROS_TICKET_INFO* PPOLICY_DOMAIN_KERBEROS_TICKET_INFO;
669 
670 mixin DECLARE_HANDLE!("LSA_HANDLE");
671 alias LSA_HANDLE* PLSA_HANDLE;
672 
673 struct TRUSTED_DOMAIN_NAME_INFO {
674     LSA_UNICODE_STRING Name;
675 }
676 alias TRUSTED_DOMAIN_NAME_INFO* PTRUSTED_DOMAIN_NAME_INFO;
677 
678 struct TRUSTED_CONTROLLERS_INFO {
679     ULONG               Entries;
680     PLSA_UNICODE_STRING Names;
681 }
682 alias TRUSTED_CONTROLLERS_INFO* PTRUSTED_CONTROLLERS_INFO;
683 
684 struct TRUSTED_POSIX_OFFSET_INFO {
685     ULONG Offset;
686 }
687 alias TRUSTED_POSIX_OFFSET_INFO* PTRUSTED_POSIX_OFFSET_INFO;
688 
689 struct TRUSTED_PASSWORD_INFO {
690     LSA_UNICODE_STRING Password;
691     LSA_UNICODE_STRING OldPassword;
692 }
693 alias TRUSTED_PASSWORD_INFO* PTRUSTED_PASSWORD_INFO;
694 
695 struct TRUSTED_DOMAIN_INFORMATION_EX {
696     LSA_UNICODE_STRING Name;
697     LSA_UNICODE_STRING FlatName;
698     PSID               Sid;
699     ULONG              TrustDirection;
700     ULONG              TrustType;
701     ULONG              TrustAttributes;
702 }
703 alias TRUSTED_DOMAIN_INFORMATION_EX* PTRUSTED_DOMAIN_INFORMATION_EX;
704 
705 struct LSA_AUTH_INFORMATION {
706     LARGE_INTEGER LastUpdateTime;
707     ULONG         AuthType;
708     ULONG         AuthInfoLength;
709     PUCHAR        AuthInfo;
710 }
711 alias LSA_AUTH_INFORMATION* PLSA_AUTH_INFORMATION;
712 
713 struct TRUSTED_DOMAIN_AUTH_INFORMATION {
714     ULONG                 IncomingAuthInfos;
715     PLSA_AUTH_INFORMATION IncomingAuthenticationInformation;
716     PLSA_AUTH_INFORMATION IncomingPreviousAuthenticationInformation;
717     ULONG                 OutgoingAuthInfos;
718     PLSA_AUTH_INFORMATION OutgoingAuthenticationInformation;
719     PLSA_AUTH_INFORMATION OutgoingPreviousAuthenticationInformation;
720 }
721 alias TRUSTED_DOMAIN_AUTH_INFORMATION* PTRUSTED_DOMAIN_AUTH_INFORMATION;
722 
723 struct TRUSTED_DOMAIN_FULL_INFORMATION {
724     TRUSTED_DOMAIN_INFORMATION_EX   Information;
725     TRUSTED_POSIX_OFFSET_INFO       PosixOffset;
726     TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation;
727 }
728 alias TRUSTED_DOMAIN_FULL_INFORMATION* PTRUSTED_DOMAIN_FULL_INFORMATION;
729 
730 extern (Windows) {
731     NTSTATUS LsaAddAccountRights(LSA_HANDLE, PSID, PLSA_UNICODE_STRING,
732       ULONG);
733     NTSTATUS LsaCallAuthenticationPackage(HANDLE, ULONG, PVOID, ULONG,
734       PVOID*, PULONG, PNTSTATUS);
735     NTSTATUS LsaClose(LSA_HANDLE);
736     NTSTATUS LsaConnectUntrusted(PHANDLE);
737     NTSTATUS LsaCreateTrustedDomainEx(LSA_HANDLE,
738       PTRUSTED_DOMAIN_INFORMATION_EX, PTRUSTED_DOMAIN_AUTH_INFORMATION,
739       ACCESS_MASK, PLSA_HANDLE);
740     NTSTATUS LsaDeleteTrustedDomain(LSA_HANDLE, PSID);
741     NTSTATUS LsaDeregisterLogonProcess(HANDLE);
742     NTSTATUS LsaEnumerateAccountRights(LSA_HANDLE, PSID, PLSA_UNICODE_STRING*,
743       PULONG);
744     NTSTATUS LsaEnumerateAccountsWithUserRight(LSA_HANDLE,
745       PLSA_UNICODE_STRING, PVOID*, PULONG);
746     NTSTATUS LsaEnumerateTrustedDomains(LSA_HANDLE, PLSA_ENUMERATION_HANDLE,
747       PVOID*, ULONG, PULONG);
748     NTSTATUS LsaEnumerateTrustedDomainsEx(LSA_HANDLE, PLSA_ENUMERATION_HANDLE,
749       TRUSTED_INFORMATION_CLASS, PVOID*, ULONG, PULONG);
750     NTSTATUS LsaFreeMemory(PVOID);
751     NTSTATUS LsaFreeReturnBuffer(PVOID);
752     NTSTATUS LsaLogonUser(HANDLE, PLSA_STRING, SECURITY_LOGON_TYPE, ULONG,
753       PVOID, ULONG, PTOKEN_GROUPS, PTOKEN_SOURCE, PVOID*, PULONG, PLUID,
754       PHANDLE, PQUOTA_LIMITS, PNTSTATUS);
755     NTSTATUS LsaLookupAuthenticationPackage(HANDLE, PLSA_STRING, PULONG);
756     NTSTATUS LsaLookupNames(LSA_HANDLE, ULONG, PLSA_UNICODE_STRING,
757       PLSA_REFERENCED_DOMAIN_LIST*, PLSA_TRANSLATED_SID*);
758     NTSTATUS LsaLookupSids(LSA_HANDLE, ULONG, PSID*,
759       PLSA_REFERENCED_DOMAIN_LIST*, PLSA_TRANSLATED_NAME*);
760     ULONG LsaNtStatusToWinError(NTSTATUS);
761     NTSTATUS LsaOpenPolicy(PLSA_UNICODE_STRING, PLSA_OBJECT_ATTRIBUTES,
762       ACCESS_MASK, PLSA_HANDLE);
763     NTSTATUS LsaQueryDomainInformationPolicy(LSA_HANDLE,
764       POLICY_DOMAIN_INFORMATION_CLASS, PVOID*);
765     NTSTATUS LsaQueryInformationPolicy(LSA_HANDLE, POLICY_INFORMATION_CLASS,
766       PVOID*);
767     NTSTATUS LsaQueryLocalInformationPolicy(LSA_HANDLE,
768       POLICY_LOCAL_INFORMATION_CLASS, PVOID*);
769     NTSTATUS LsaQueryTrustedDomainInfo(LSA_HANDLE, PSID,
770       TRUSTED_INFORMATION_CLASS, PVOID*);
771     NTSTATUS LsaQueryTrustedDomainInfoByName(LSA_HANDLE, PLSA_UNICODE_STRING,
772       TRUSTED_INFORMATION_CLASS, PVOID*);
773     NTSTATUS LsaRegisterLogonProcess(PLSA_STRING, PHANDLE,
774       PLSA_OPERATIONAL_MODE);
775     NTSTATUS LsaRemoveAccountRights(LSA_HANDLE, PSID, BOOLEAN,
776       PLSA_UNICODE_STRING, ULONG);
777     NTSTATUS LsaRetrievePrivateData(LSA_HANDLE, PLSA_UNICODE_STRING,
778       PLSA_UNICODE_STRING*);
779     NTSTATUS LsaSetDomainInformationPolicy(LSA_HANDLE,
780       POLICY_DOMAIN_INFORMATION_CLASS, PVOID);
781     NTSTATUS LsaSetInformationPolicy(LSA_HANDLE, POLICY_INFORMATION_CLASS,
782       PVOID);
783     NTSTATUS LsaSetLocalInformationPolicy(LSA_HANDLE,
784       POLICY_LOCAL_INFORMATION_CLASS, PVOID);
785     NTSTATUS LsaSetTrustedDomainInformation(LSA_HANDLE, PSID,
786       TRUSTED_INFORMATION_CLASS, PVOID);
787     NTSTATUS LsaSetTrustedDomainInfoByName(LSA_HANDLE, PLSA_UNICODE_STRING,
788       TRUSTED_INFORMATION_CLASS, PVOID);
789     NTSTATUS LsaStorePrivateData(LSA_HANDLE, PLSA_UNICODE_STRING,
790       PLSA_UNICODE_STRING);
791 }
792 
793 alias NTSTATUS function(PUNICODE_STRING, ULONG, PUNICODE_STRING)
794   PSAM_PASSWORD_NOTIFICATION_ROUTINE;
795 alias BOOLEAN function() PSAM_INIT_NOTIFICATION_ROUTINE;
796 alias BOOLEAN function(PUNICODE_STRING, PUNICODE_STRING,
797   PUNICODE_STRING, BOOLEAN) PSAM_PASSWORD_FILTER_ROUTINE;
798