1 /**
2 * Windows API header module
3 *
4 * Translated from MinGW Windows headers
5 *
6 * Authors: Stewart Gordon
7 * License: $(LINK2 http://www.boost.org/LICENSE_1_0.txt, Boost License 1.0)
8 * Source: $(DRUNTIMESRC core/sys/windows/_ntsecapi.d)
9 */
10 module core.sys.windows.ntsecapi;
11 version (Windows):
12 @system:
13 pragma(lib, "advapi32");
14
version(ANSI)15 version (ANSI) {} else version = Unicode;
16
17 private import
18 core.sys.windows.basetyps, core.sys.windows.ntdef, core.sys.windows.windef, core.sys.windows.winnt, core.sys.windows.w32api;
19
20 // FIXME: check types and grouping of constants
21 // FIXME: check Windows version support
22
23 enum KERB_WRAP_NO_ENCRYPT = 0x80000001;
24
25 enum LOGON_GUEST = 0x00000001;
26 enum LOGON_NOENCRYPTION = 0x00000002;
27 enum LOGON_CACHED_ACCOUNT = 0x00000004;
28 enum LOGON_USED_LM_PASSWORD = 0x00000008;
29 enum LOGON_EXTRA_SIDS = 0x00000020;
30 enum LOGON_SUBAUTH_SESSION_KEY = 0x00000040;
31 enum LOGON_SERVER_TRUST_ACCOUNT = 0x00000080;
32 enum LOGON_NTLMV2_ENABLED = 0x00000100;
33 enum LOGON_RESOURCE_GROUPS = 0x00000200;
34 enum LOGON_PROFILE_PATH_RETURNED = 0x00000400;
35 enum LOGON_GRACE_LOGON = 0x01000000;
36
37 enum {
38 LSA_MODE_PASSWORD_PROTECTED = 1,
39 LSA_MODE_INDIVIDUAL_ACCOUNTS,
40 LSA_MODE_MANDATORY_ACCESS,
41 LSA_MODE_LOG_FULL
42 }
43
LSA_SUCCESS(int x)44 bool LSA_SUCCESS(int x) { return x >= 0; }
45
46 /* TOTHINKABOUT: These constants don't have ANSI/Unicode versioned
47 * aliases. Should we merge them anyway?
48 */
49 const char[] MICROSOFT_KERBEROS_NAME_A = "Kerberos";
50 const wchar[] MICROSOFT_KERBEROS_NAME_W = "Kerberos";
51 const char[] MSV1_0_PACKAGE_NAME = "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0";
52 const wchar[] MSV1_0_PACKAGE_NAMEW = "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0";
53
54 enum MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT = 32;
55 enum MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT = 2048;
56 enum MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = 2;
57 enum MSV1_0_CRED_LM_PRESENT = 1;
58 enum MSV1_0_CRED_NT_PRESENT = 2;
59 enum MSV1_0_CRED_VERSION = 0;
60 enum MSV1_0_DONT_TRY_GUEST_ACCOUNT = 16;
61 enum MSV1_0_MAX_NTLM3_LIFE = 1800;
62 enum MSV1_0_MAX_AVL_SIZE = 64000;
63 enum MSV1_0_MNS_LOGON = 16777216;
64
65 enum size_t
66 MSV1_0_CHALLENGE_LENGTH = 8,
67 MSV1_0_LANMAN_SESSION_KEY_LENGTH = 8,
68 MSV1_0_NTLM3_RESPONSE_LENGTH = 16,
69 MSV1_0_NTLM3_OWF_LENGTH = 16,
70 MSV1_0_NTLM3_INPUT_LENGTH = MSV1_0_NTLM3_RESPONSE.sizeof
71 - MSV1_0_NTLM3_RESPONSE_LENGTH,
72 MSV1_0_OWF_PASSWORD_LENGTH = 16,
73 MSV1_0_PACKAGE_NAMEW_LENGTH = MSV1_0_PACKAGE_NAMEW.sizeof
74 - WCHAR.sizeof;
75
76 enum MSV1_0_RETURN_USER_PARAMETERS = 8;
77 enum MSV1_0_RETURN_PASSWORD_EXPIRY = 64;
78 enum MSV1_0_RETURN_PROFILE_PATH = 512;
79 enum MSV1_0_SUBAUTHENTICATION_DLL_EX = 1048576;
80 enum MSV1_0_SUBAUTHENTICATION_DLL = 0xff000000;
81 enum MSV1_0_SUBAUTHENTICATION_DLL_SHIFT = 24;
82 enum MSV1_0_SUBAUTHENTICATION_DLL_RAS = 2;
83 enum MSV1_0_SUBAUTHENTICATION_DLL_IIS = 132;
84 enum MSV1_0_SUBAUTHENTICATION_FLAGS = 0xff000000;
85 enum MSV1_0_TRY_GUEST_ACCOUNT_ONLY = 256;
86 enum MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY = 1024;
87 enum MSV1_0_UPDATE_LOGON_STATISTICS = 4;
88 enum MSV1_0_USE_CLIENT_CHALLENGE = 128;
89 enum MSV1_0_USER_SESSION_KEY_LENGTH = 16;
90
91 const char[]
92 MSV1_0_SUBAUTHENTICATION_KEY
93 = `System\CurrentControlSet\Control\Lsa\MSV1_0`,
94 MSV1_0_SUBAUTHENTICATION_VALUE = "Auth";
95
96 enum ACCESS_MASK
97 POLICY_VIEW_LOCAL_INFORMATION = 0x0001,
98 POLICY_VIEW_AUDIT_INFORMATION = 0x0002,
99 POLICY_GET_PRIVATE_INFORMATION = 0x0004,
100 POLICY_TRUST_ADMIN = 0x0008,
101 POLICY_CREATE_ACCOUNT = 0x0010,
102 POLICY_CREATE_SECRET = 0x0020,
103 POLICY_CREATE_PRIVILEGE = 0x0040,
104 POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x0080,
105 POLICY_SET_AUDIT_REQUIREMENTS = 0x0100,
106 POLICY_AUDIT_LOG_ADMIN = 0x0200,
107 POLICY_SERVER_ADMIN = 0x0400,
108 POLICY_LOOKUP_NAMES = 0x0800,
109
110 POLICY_READ = STANDARD_RIGHTS_READ | 0x0006,
111 POLICY_WRITE = STANDARD_RIGHTS_WRITE | 0x07F8,
112 POLICY_EXECUTE = STANDARD_RIGHTS_EXECUTE | 0x0801,
113 POLICY_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED | 0x0FFF;
114
115 enum POLICY_AUDIT_EVENT_UNCHANGED = 0;
116 enum POLICY_AUDIT_EVENT_SUCCESS = 1;
117 enum POLICY_AUDIT_EVENT_FAILURE = 2;
118 enum POLICY_AUDIT_EVENT_NONE = 4;
119 enum POLICY_AUDIT_EVENT_MASK = 7;
120
121 enum {
122 POLICY_LOCATION_LOCAL = 1,
123 POLICY_LOCATION_DS
124 }
125
126 enum : uint {
127 POLICY_MACHINE_POLICY_LOCAL = 0,
128 POLICY_MACHINE_POLICY_DEFAULTED,
129 POLICY_MACHINE_POLICY_EXPLICIT,
130 POLICY_MACHINE_POLICY_UNKNOWN = 0xFFFFFFFF
131 }
132
133
134 enum POLICY_QOS_SCHANEL_REQUIRED = 0x0001;
135 enum POLICY_QOS_OUTBOUND_INTEGRITY = 0x0002;
136 enum POLICY_QOS_OUTBOUND_CONFIDENTIALITY = 0x0004;
137 enum POLICY_QOS_INBOUND_INTEGREITY = 0x0008;
138 enum POLICY_QOS_INBOUND_CONFIDENTIALITY = 0x0010;
139 enum POLICY_QOS_ALLOW_LOCAL_ROOT_CERT_STORE = 0x0020;
140 enum POLICY_QOS_RAS_SERVER_ALLOWED = 0x0040;
141 enum POLICY_QOS_DHCP_SERVER_ALLOWD = 0x0080;
142
143 enum POLICY_KERBEROS_FORWARDABLE = 1;
144 enum POLICY_KERBEROS_PROXYABLE = 2;
145 enum POLICY_KERBEROS_RENEWABLE = 4;
146 enum POLICY_KERBEROS_POSTDATEABLE = 8;
147
148 const char[]
149 SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE = "PasswordChangeNotify",
150 SAM_INIT_NOTIFICATION_ROUTINE = "InitializeChangeNotify",
151 SAM_PASSWORD_FILTER_ROUTINE = "PasswordFilter";
152
153 const TCHAR[]
154 SE_INTERACTIVE_LOGON_NAME = "SeInteractiveLogonRight",
155 SE_NETWORK_LOGON_NAME = "SeNetworkLogonRight",
156 SE_BATCH_LOGON_NAME = "SeBatchLogonRight",
157 SE_SERVICE_LOGON_NAME = "SeServiceLogonRight";
158
159 enum {
160 TRUST_ATTRIBUTE_NON_TRANSITIVE = 1,
161 TRUST_ATTRIBUTE_UPLEVEL_ONLY = 2,
162 TRUST_ATTRIBUTE_TREE_PARENT = 4194304,
163 TRUST_ATTRIBUTES_VALID = -16580609
164 }
165
166 enum {
167 TRUST_AUTH_TYPE_NONE,
168 TRUST_AUTH_TYPE_NT4OWF,
169 TRUST_AUTH_TYPE_CLEAR
170 }
171
172 enum {
173 TRUST_DIRECTION_DISABLED,
174 TRUST_DIRECTION_INBOUND,
175 TRUST_DIRECTION_OUTBOUND,
176 TRUST_DIRECTION_BIDIRECTIONAL
177 }
178
179 enum {
180 TRUST_TYPE_DOWNLEVEL = 1,
181 TRUST_TYPE_UPLEVEL,
182 TRUST_TYPE_MIT,
183 TRUST_TYPE_DCE
184 }
185
186 alias UNICODE_STRING LSA_UNICODE_STRING;
187 alias UNICODE_STRING* PLSA_UNICODE_STRING;
188 alias STRING LSA_STRING;
189 alias STRING* PLSA_STRING;
190
191 enum MSV1_0_LOGON_SUBMIT_TYPE {
192 MsV1_0InteractiveLogon = 2,
193 MsV1_0Lm20Logon,
194 MsV1_0NetworkLogon,
195 MsV1_0SubAuthLogon,
196 MsV1_0WorkstationUnlockLogon = 7
197 }
198 alias MSV1_0_LOGON_SUBMIT_TYPE* PMSV1_0_LOGON_SUBMIT_TYPE;
199
200 enum MSV1_0_PROFILE_BUFFER_TYPE {
201 MsV1_0InteractiveProfile = 2,
202 MsV1_0Lm20LogonProfile,
203 MsV1_0SmartCardProfile
204 }
205 alias MSV1_0_PROFILE_BUFFER_TYPE* PMSV1_0_PROFILE_BUFFER_TYPE;
206
207
208 enum MSV1_0_AVID {
209 MsvAvEOL,
210 MsvAvNbComputerName,
211 MsvAvNbDomainName,
212 MsvAvDnsComputerName,
213 MsvAvDnsDomainName
214 }
215
216 enum MSV1_0_PROTOCOL_MESSAGE_TYPE {
217 MsV1_0Lm20ChallengeRequest = 0,
218 MsV1_0Lm20GetChallengeResponse,
219 MsV1_0EnumerateUsers,
220 MsV1_0GetUserInfo,
221 MsV1_0ReLogonUsers,
222 MsV1_0ChangePassword,
223 MsV1_0ChangeCachedPassword,
224 MsV1_0GenericPassthrough,
225 MsV1_0CacheLogon,
226 MsV1_0SubAuth,
227 MsV1_0DeriveCredential,
228 MsV1_0CacheLookup
229 }
230 alias MSV1_0_PROTOCOL_MESSAGE_TYPE* PMSV1_0_PROTOCOL_MESSAGE_TYPE;
231
232 enum POLICY_LSA_SERVER_ROLE {
233 PolicyServerRoleBackup = 2,
234 PolicyServerRolePrimary
235 }
236 alias POLICY_LSA_SERVER_ROLE* PPOLICY_LSA_SERVER_ROLE;
237
238 enum POLICY_SERVER_ENABLE_STATE {
239 PolicyServerEnabled = 2,
240 PolicyServerDisabled
241 }
242 alias POLICY_SERVER_ENABLE_STATE* PPOLICY_SERVER_ENABLE_STATE;
243
244 enum POLICY_INFORMATION_CLASS {
245 PolicyAuditLogInformation = 1,
246 PolicyAuditEventsInformation,
247 PolicyPrimaryDomainInformation,
248 PolicyPdAccountInformation,
249 PolicyAccountDomainInformation,
250 PolicyLsaServerRoleInformation,
251 PolicyReplicaSourceInformation,
252 PolicyDefaultQuotaInformation,
253 PolicyModificationInformation,
254 PolicyAuditFullSetInformation,
255 PolicyAuditFullQueryInformation,
256 PolicyDnsDomainInformation,
257 PolicyEfsInformation
258 }
259 alias POLICY_INFORMATION_CLASS* PPOLICY_INFORMATION_CLASS;
260
261 enum POLICY_AUDIT_EVENT_TYPE {
262 AuditCategorySystem,
263 AuditCategoryLogon,
264 AuditCategoryObjectAccess,
265 AuditCategoryPrivilegeUse,
266 AuditCategoryDetailedTracking,
267 AuditCategoryPolicyChange,
268 AuditCategoryAccountManagement,
269 AuditCategoryDirectoryServiceAccess,
270 AuditCategoryAccountLogon
271 }
272 alias POLICY_AUDIT_EVENT_TYPE* PPOLICY_AUDIT_EVENT_TYPE;
273
274 enum POLICY_LOCAL_INFORMATION_CLASS {
275 PolicyLocalAuditEventsInformation = 1,
276 PolicyLocalPdAccountInformation,
277 PolicyLocalAccountDomainInformation,
278 PolicyLocalLsaServerRoleInformation,
279 PolicyLocalReplicaSourceInformation,
280 PolicyLocalModificationInformation,
281 PolicyLocalAuditFullSetInformation,
282 PolicyLocalAuditFullQueryInformation,
283 PolicyLocalDnsDomainInformation,
284 PolicyLocalIPSecReferenceInformation,
285 PolicyLocalMachinePasswordInformation,
286 PolicyLocalQualityOfServiceInformation,
287 PolicyLocalPolicyLocationInformation
288 }
289 alias POLICY_LOCAL_INFORMATION_CLASS* PPOLICY_LOCAL_INFORMATION_CLASS;
290
291 enum POLICY_DOMAIN_INFORMATION_CLASS {
292 PolicyDomainIPSecReferenceInformation = 1,
293 PolicyDomainQualityOfServiceInformation,
294 PolicyDomainEfsInformation,
295 PolicyDomainPublicKeyInformation,
296 PolicyDomainPasswordPolicyInformation,
297 PolicyDomainLockoutInformation,
298 PolicyDomainKerberosTicketInformation
299 }
300 alias POLICY_DOMAIN_INFORMATION_CLASS* PPOLICY_DOMAIN_INFORMATION_CLASS;
301
302 enum SECURITY_LOGON_TYPE {
303 Interactive = 2,
304 Network,
305 Batch,
306 Service,
307 Proxy,
308 Unlock
309 }
310 alias SECURITY_LOGON_TYPE* PSECURITY_LOGON_TYPE;
311
312 enum TRUSTED_INFORMATION_CLASS {
313 TrustedDomainNameInformation = 1,
314 TrustedControllersInformation,
315 TrustedPosixOffsetInformation,
316 TrustedPasswordInformation,
317 TrustedDomainInformationBasic,
318 TrustedDomainInformationEx,
319 TrustedDomainAuthInformation,
320 TrustedDomainFullInformation
321 }
322 alias TRUSTED_INFORMATION_CLASS* PTRUSTED_INFORMATION_CLASS;
323
324 struct DOMAIN_PASSWORD_INFORMATION {
325 USHORT MinPasswordLength;
326 USHORT PasswordHistoryLength;
327 ULONG PasswordProperties;
328 LARGE_INTEGER MaxPasswordAge;
329 LARGE_INTEGER MinPasswordAge;
330 }
331 alias DOMAIN_PASSWORD_INFORMATION* PDOMAIN_PASSWORD_INFORMATION;
332
333 struct LSA_ENUMERATION_INFORMATION {
334 PSID Sid;
335 }
336 alias LSA_ENUMERATION_INFORMATION* PLSA_ENUMERATION_INFORMATION;
337
338 alias OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES;
339 alias OBJECT_ATTRIBUTES* PLSA_OBJECT_ATTRIBUTES;
340
341 struct LSA_TRUST_INFORMATION {
342 LSA_UNICODE_STRING Name;
343 PSID Sid;
344 }
345 alias LSA_TRUST_INFORMATION TRUSTED_DOMAIN_INFORMATION_BASIC;
346 alias LSA_TRUST_INFORMATION* PLSA_TRUST_INFORMATION;
347 /* in MinGW (further down the code):
348 * typedef PLSA_TRUST_INFORMATION *PTRUSTED_DOMAIN_INFORMATION_BASIC;
349 * but it doesn't look right....
350 */
351 alias LSA_TRUST_INFORMATION** PTRUSTED_DOMAIN_INFORMATION_BASIC;
352
353 struct LSA_REFERENCED_DOMAIN_LIST {
354 ULONG Entries;
355 PLSA_TRUST_INFORMATION Domains;
356 }
357 alias LSA_REFERENCED_DOMAIN_LIST* PLSA_REFERENCED_DOMAIN_LIST;
358
359 struct LSA_TRANSLATED_SID {
360 SID_NAME_USE Use;
361 ULONG RelativeId;
362 LONG DomainIndex;
363 }
364 alias LSA_TRANSLATED_SID* PLSA_TRANSLATED_SID;
365
366 struct LSA_TRANSLATED_NAME {
367 SID_NAME_USE Use;
368 LSA_UNICODE_STRING Name;
369 LONG DomainIndex;
370 }
371 alias LSA_TRANSLATED_NAME* PLSA_TRANSLATED_NAME;
372
373 struct MSV1_0_INTERACTIVE_LOGON {
374 MSV1_0_LOGON_SUBMIT_TYPE MessageType;
375 UNICODE_STRING LogonDomainName;
376 UNICODE_STRING UserName;
377 UNICODE_STRING Password;
378 }
379 alias MSV1_0_INTERACTIVE_LOGON* PMSV1_0_INTERACTIVE_LOGON;
380
381 struct MSV1_0_INTERACTIVE_PROFILE {
382 MSV1_0_PROFILE_BUFFER_TYPE MessageType;
383 USHORT LogonCount;
384 USHORT BadPasswordCount;
385 LARGE_INTEGER LogonTime;
386 LARGE_INTEGER LogoffTime;
387 LARGE_INTEGER KickOffTime;
388 LARGE_INTEGER PasswordLastSet;
389 LARGE_INTEGER PasswordCanChange;
390 LARGE_INTEGER PasswordMustChange;
391 UNICODE_STRING LogonScript;
392 UNICODE_STRING HomeDirectory;
393 UNICODE_STRING FullName;
394 UNICODE_STRING ProfilePath;
395 UNICODE_STRING HomeDirectoryDrive;
396 UNICODE_STRING LogonServer;
397 ULONG UserFlags;
398 }
399 alias MSV1_0_INTERACTIVE_PROFILE* PMSV1_0_INTERACTIVE_PROFILE;
400
401 struct MSV1_0_LM20_LOGON {
402 MSV1_0_LOGON_SUBMIT_TYPE MessageType;
403 UNICODE_STRING LogonDomainName;
404 UNICODE_STRING UserName;
405 UNICODE_STRING Workstation;
406 UCHAR[MSV1_0_CHALLENGE_LENGTH] ChallengeToClient;
407 STRING CaseSensitiveChallengeResponse;
408 STRING CaseInsensitiveChallengeResponse;
409 ULONG ParameterControl;
410 }
411 alias MSV1_0_LM20_LOGON* PMSV1_0_LM20_LOGON;
412
413 //static if (_WIN32_WINNT >= 0x500) {
414 struct MSV1_0_SUBAUTH_LOGON {
415 MSV1_0_LOGON_SUBMIT_TYPE MessageType;
416 UNICODE_STRING LogonDomainName;
417 UNICODE_STRING UserName;
418 UNICODE_STRING Workstation;
419 UCHAR[MSV1_0_CHALLENGE_LENGTH] ChallengeToClient;
420 STRING AuthenticationInfo1;
421 STRING AuthenticationInfo2;
422 ULONG ParameterControl;
423 ULONG SubAuthPackageId;
424 }
425 alias MSV1_0_SUBAUTH_LOGON* PMSV1_0_SUBAUTH_LOGON;
426 //}
427
428 struct MSV1_0_LM20_LOGON_PROFILE {
429 MSV1_0_PROFILE_BUFFER_TYPE MessageType;
430 LARGE_INTEGER KickOffTime;
431 LARGE_INTEGER LogoffTime;
432 ULONG UserFlags;
433 UCHAR[MSV1_0_USER_SESSION_KEY_LENGTH] UserSessionKey;
434 UNICODE_STRING LogonDomainName;
435 UCHAR[MSV1_0_LANMAN_SESSION_KEY_LENGTH] LanmanSessionKey;
436 UNICODE_STRING LogonServer;
437 UNICODE_STRING UserParameters;
438 }
439 alias MSV1_0_LM20_LOGON_PROFILE* PMSV1_0_LM20_LOGON_PROFILE;
440
441 struct MSV1_0_SUPPLEMENTAL_CREDENTIAL {
442 ULONG Version;
443 ULONG Flags;
444 UCHAR[MSV1_0_OWF_PASSWORD_LENGTH] LmPassword;
445 UCHAR[MSV1_0_OWF_PASSWORD_LENGTH] NtPassword;
446 }
447 alias MSV1_0_SUPPLEMENTAL_CREDENTIAL* PMSV1_0_SUPPLEMENTAL_CREDENTIAL;
448
449 struct MSV1_0_NTLM3_RESPONSE {
450 UCHAR[MSV1_0_NTLM3_RESPONSE_LENGTH] Response;
451 UCHAR RespType;
452 UCHAR HiRespType;
453 USHORT Flags;
454 ULONG MsgWord;
455 ULONGLONG TimeStamp;
456 UCHAR[MSV1_0_CHALLENGE_LENGTH] ChallengeFromClient;
457 ULONG AvPairsOff;
458 UCHAR _Buffer;
459 UCHAR* Buffer() return { return &_Buffer; }
460 }
461 alias MSV1_0_NTLM3_RESPONSE* PMSV1_0_NTLM3_RESPONSE;
462
463 struct MSV1_0_AV_PAIR {
464 USHORT AvId;
465 USHORT AvLen;
466 }
467 alias MSV1_0_AV_PAIR* PMSV1_0_AV_PAIR;
468
469 struct MSV1_0_CHANGEPASSWORD_REQUEST {
470 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
471 UNICODE_STRING DomainName;
472 UNICODE_STRING AccountName;
473 UNICODE_STRING OldPassword;
474 UNICODE_STRING NewPassword;
475 BOOLEAN Impersonating;
476 }
477 alias MSV1_0_CHANGEPASSWORD_REQUEST* PMSV1_0_CHANGEPASSWORD_REQUEST;
478
479 struct MSV1_0_CHANGEPASSWORD_RESPONSE {
480 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
481 BOOLEAN PasswordInfoValid;
482 DOMAIN_PASSWORD_INFORMATION DomainPasswordInfo;
483 }
484 alias MSV1_0_CHANGEPASSWORD_RESPONSE* PMSV1_0_CHANGEPASSWORD_RESPONSE;
485
486 struct MSV1_0_SUBAUTH_REQUEST {
487 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
488 ULONG SubAuthPackageId;
489 ULONG SubAuthInfoLength;
490 PUCHAR SubAuthSubmitBuffer;
491 }
492 alias MSV1_0_SUBAUTH_REQUEST* PMSV1_0_SUBAUTH_REQUEST;
493
494 struct MSV1_0_SUBAUTH_RESPONSE {
495 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
496 ULONG SubAuthInfoLength;
497 PUCHAR SubAuthReturnBuffer;
498 }
499 alias MSV1_0_SUBAUTH_RESPONSE* PMSV1_0_SUBAUTH_RESPONSE;
500
501 enum MSV1_0_DERIVECRED_TYPE_SHA1 = 0;
502
503 struct MSV1_0_DERIVECRED_REQUEST {
504 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
505 LUID LogonId;
506 ULONG DeriveCredType;
507 ULONG DeriveCredInfoLength;
508 UCHAR _DeriveCredSubmitBuffer;
509 UCHAR* DeriveCredSubmitBuffer() return { return &_DeriveCredSubmitBuffer; }
510 }
511 alias MSV1_0_DERIVECRED_REQUEST* PMSV1_0_DERIVECRED_REQUEST;
512
513 struct MSV1_0_DERIVECRED_RESPONSE {
514 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
515 ULONG DeriveCredInfoLength;
516 UCHAR _DeriveCredReturnBuffer;
517 UCHAR* DeriveCredReturnBuffer() return { return &_DeriveCredReturnBuffer; }
518 }
519 alias MSV1_0_DERIVECRED_RESPONSE* PMSV1_0_DERIVECRED_RESPONSE;
520
521 alias uint LSA_ENUMERATION_HANDLE, LSA_OPERATIONAL_MODE,
522 POLICY_AUDIT_EVENT_OPTIONS;
523 alias uint* PLSA_ENUMERATION_HANDLE, PLSA_OPERATIONAL_MODE,
524 PPOLICY_AUDIT_EVENT_OPTIONS;
525
526 struct POLICY_PRIVILEGE_DEFINITION {
527 LSA_UNICODE_STRING Name;
528 LUID LocalValue;
529 }
530 alias POLICY_PRIVILEGE_DEFINITION* PPOLICY_PRIVILEGE_DEFINITION;
531
532 struct POLICY_AUDIT_LOG_INFO {
533 ULONG AuditLogPercentFull;
534 ULONG MaximumLogSize;
535 LARGE_INTEGER AuditRetentionPeriod;
536 BOOLEAN AuditLogFullShutdownInProgress;
537 LARGE_INTEGER TimeToShutdown;
538 ULONG NextAuditRecordId;
539 }
540 alias POLICY_AUDIT_LOG_INFO* PPOLICY_AUDIT_LOG_INFO;
541
542 struct POLICY_AUDIT_EVENTS_INFO {
543 BOOLEAN AuditingMode;
544 PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions;
545 ULONG MaximumAuditEventCount;
546 }
547 alias POLICY_AUDIT_EVENTS_INFO* PPOLICY_AUDIT_EVENTS_INFO;
548
549 struct POLICY_ACCOUNT_DOMAIN_INFO {
550 LSA_UNICODE_STRING DomainName;
551 PSID DomainSid;
552 }
553 alias POLICY_ACCOUNT_DOMAIN_INFO* PPOLICY_ACCOUNT_DOMAIN_INFO;
554
555 struct POLICY_PRIMARY_DOMAIN_INFO {
556 LSA_UNICODE_STRING Name;
557 PSID Sid;
558 }
559 alias POLICY_PRIMARY_DOMAIN_INFO* PPOLICY_PRIMARY_DOMAIN_INFO;
560
561 struct POLICY_DNS_DOMAIN_INFO {
562 LSA_UNICODE_STRING Name;
563 LSA_UNICODE_STRING DnsDomainName;
564 LSA_UNICODE_STRING DnsTreeName;
565 GUID DomainGuid;
566 PSID Sid;
567 }
568 alias POLICY_DNS_DOMAIN_INFO* PPOLICY_DNS_DOMAIN_INFO;
569
570 struct POLICY_PD_ACCOUNT_INFO {
571 LSA_UNICODE_STRING Name;
572 }
573 alias POLICY_PD_ACCOUNT_INFO* PPOLICY_PD_ACCOUNT_INFO;
574
575 struct POLICY_LSA_SERVER_ROLE_INFO {
576 POLICY_LSA_SERVER_ROLE LsaServerRole;
577 }
578 alias POLICY_LSA_SERVER_ROLE_INFO* PPOLICY_LSA_SERVER_ROLE_INFO;
579
580 struct POLICY_REPLICA_SOURCE_INFO {
581 LSA_UNICODE_STRING ReplicaSource;
582 LSA_UNICODE_STRING ReplicaAccountName;
583 }
584 alias POLICY_REPLICA_SOURCE_INFO* PPOLICY_REPLICA_SOURCE_INFO;
585
586 struct POLICY_DEFAULT_QUOTA_INFO {
587 QUOTA_LIMITS QuotaLimits;
588 }
589 alias POLICY_DEFAULT_QUOTA_INFO* PPOLICY_DEFAULT_QUOTA_INFO;
590
591 struct POLICY_MODIFICATION_INFO {
592 LARGE_INTEGER ModifiedId;
593 LARGE_INTEGER DatabaseCreationTime;
594 }
595 alias POLICY_MODIFICATION_INFO* PPOLICY_MODIFICATION_INFO;
596
597 struct POLICY_AUDIT_FULL_SET_INFO {
598 BOOLEAN ShutDownOnFull;
599 }
600 alias POLICY_AUDIT_FULL_SET_INFO* PPOLICY_AUDIT_FULL_SET_INFO;
601
602 struct POLICY_AUDIT_FULL_QUERY_INFO {
603 BOOLEAN ShutDownOnFull;
604 BOOLEAN LogIsFull;
605 }
606 alias POLICY_AUDIT_FULL_QUERY_INFO* PPOLICY_AUDIT_FULL_QUERY_INFO;
607
608 struct POLICY_EFS_INFO {
609 ULONG InfoLength;
610 PUCHAR EfsBlob;
611 }
612 alias POLICY_EFS_INFO* PPOLICY_EFS_INFO;
613
614 struct POLICY_LOCAL_IPSEC_REFERENCE_INFO {
615 LSA_UNICODE_STRING ObjectPath;
616 }
617 alias POLICY_LOCAL_IPSEC_REFERENCE_INFO* PPOLICY_LOCAL_IPSEC_REFERENCE_INFO;
618
619 struct POLICY_LOCAL_MACHINE_PASSWORD_INFO {
620 LARGE_INTEGER PasswordChangeInterval;
621 }
622 alias POLICY_LOCAL_MACHINE_PASSWORD_INFO* PPOLICY_LOCAL_MACHINE_PASSWORD_INFO;
623
624 struct POLICY_LOCAL_POLICY_LOCATION_INFO {
625 ULONG PolicyLocation;
626 }
627 alias POLICY_LOCAL_POLICY_LOCATION_INFO* PPOLICY_LOCAL_POLICY_LOCATION_INFO;
628
629 struct POLICY_LOCAL_QUALITY_OF_SERVICE_INFO{
630 ULONG QualityOfService;
631 }
632 alias POLICY_LOCAL_QUALITY_OF_SERVICE_INFO
633 POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
634 alias POLICY_LOCAL_QUALITY_OF_SERVICE_INFO*
635 PPOLICY_LOCAL_QUALITY_OF_SERVICE_INFO,
636 PPOLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
637
638 struct POLICY_DOMAIN_PUBLIC_KEY_INFO {
639 ULONG InfoLength;
640 PUCHAR PublicKeyInfo;
641 }
642 alias POLICY_DOMAIN_PUBLIC_KEY_INFO* PPOLICY_DOMAIN_PUBLIC_KEY_INFO;
643
644 struct POLICY_DOMAIN_LOCKOUT_INFO {
645 LARGE_INTEGER LockoutDuration;
646 LARGE_INTEGER LockoutObservationWindow;
647 USHORT LockoutThreshold;
648 }
649 alias POLICY_DOMAIN_LOCKOUT_INFO* PPOLICY_DOMAIN_LOCKOUT_INFO;
650
651 struct POLICY_DOMAIN_PASSWORD_INFO {
652 USHORT MinPasswordLength;
653 USHORT PasswordHistoryLength;
654 ULONG PasswordProperties;
655 LARGE_INTEGER MaxPasswordAge;
656 LARGE_INTEGER MinPasswordAge;
657 }
658 alias POLICY_DOMAIN_PASSWORD_INFO* PPOLICY_DOMAIN_PASSWORD_INFO;
659
660 struct POLICY_DOMAIN_KERBEROS_TICKET_INFO {
661 ULONG AuthenticationOptions;
662 LARGE_INTEGER MinTicketAge;
663 LARGE_INTEGER MaxTicketAge;
664 LARGE_INTEGER MaxRenewAge;
665 LARGE_INTEGER ProxyLifetime;
666 LARGE_INTEGER ForceLogoff;
667 }
668 alias POLICY_DOMAIN_KERBEROS_TICKET_INFO* PPOLICY_DOMAIN_KERBEROS_TICKET_INFO;
669
670 mixin DECLARE_HANDLE!("LSA_HANDLE");
671 alias LSA_HANDLE* PLSA_HANDLE;
672
673 struct TRUSTED_DOMAIN_NAME_INFO {
674 LSA_UNICODE_STRING Name;
675 }
676 alias TRUSTED_DOMAIN_NAME_INFO* PTRUSTED_DOMAIN_NAME_INFO;
677
678 struct TRUSTED_CONTROLLERS_INFO {
679 ULONG Entries;
680 PLSA_UNICODE_STRING Names;
681 }
682 alias TRUSTED_CONTROLLERS_INFO* PTRUSTED_CONTROLLERS_INFO;
683
684 struct TRUSTED_POSIX_OFFSET_INFO {
685 ULONG Offset;
686 }
687 alias TRUSTED_POSIX_OFFSET_INFO* PTRUSTED_POSIX_OFFSET_INFO;
688
689 struct TRUSTED_PASSWORD_INFO {
690 LSA_UNICODE_STRING Password;
691 LSA_UNICODE_STRING OldPassword;
692 }
693 alias TRUSTED_PASSWORD_INFO* PTRUSTED_PASSWORD_INFO;
694
695 struct TRUSTED_DOMAIN_INFORMATION_EX {
696 LSA_UNICODE_STRING Name;
697 LSA_UNICODE_STRING FlatName;
698 PSID Sid;
699 ULONG TrustDirection;
700 ULONG TrustType;
701 ULONG TrustAttributes;
702 }
703 alias TRUSTED_DOMAIN_INFORMATION_EX* PTRUSTED_DOMAIN_INFORMATION_EX;
704
705 struct LSA_AUTH_INFORMATION {
706 LARGE_INTEGER LastUpdateTime;
707 ULONG AuthType;
708 ULONG AuthInfoLength;
709 PUCHAR AuthInfo;
710 }
711 alias LSA_AUTH_INFORMATION* PLSA_AUTH_INFORMATION;
712
713 struct TRUSTED_DOMAIN_AUTH_INFORMATION {
714 ULONG IncomingAuthInfos;
715 PLSA_AUTH_INFORMATION IncomingAuthenticationInformation;
716 PLSA_AUTH_INFORMATION IncomingPreviousAuthenticationInformation;
717 ULONG OutgoingAuthInfos;
718 PLSA_AUTH_INFORMATION OutgoingAuthenticationInformation;
719 PLSA_AUTH_INFORMATION OutgoingPreviousAuthenticationInformation;
720 }
721 alias TRUSTED_DOMAIN_AUTH_INFORMATION* PTRUSTED_DOMAIN_AUTH_INFORMATION;
722
723 struct TRUSTED_DOMAIN_FULL_INFORMATION {
724 TRUSTED_DOMAIN_INFORMATION_EX Information;
725 TRUSTED_POSIX_OFFSET_INFO PosixOffset;
726 TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation;
727 }
728 alias TRUSTED_DOMAIN_FULL_INFORMATION* PTRUSTED_DOMAIN_FULL_INFORMATION;
729
730 extern (Windows) {
731 NTSTATUS LsaAddAccountRights(LSA_HANDLE, PSID, PLSA_UNICODE_STRING,
732 ULONG);
733 NTSTATUS LsaCallAuthenticationPackage(HANDLE, ULONG, PVOID, ULONG,
734 PVOID*, PULONG, PNTSTATUS);
735 NTSTATUS LsaClose(LSA_HANDLE);
736 NTSTATUS LsaConnectUntrusted(PHANDLE);
737 NTSTATUS LsaCreateTrustedDomainEx(LSA_HANDLE,
738 PTRUSTED_DOMAIN_INFORMATION_EX, PTRUSTED_DOMAIN_AUTH_INFORMATION,
739 ACCESS_MASK, PLSA_HANDLE);
740 NTSTATUS LsaDeleteTrustedDomain(LSA_HANDLE, PSID);
741 NTSTATUS LsaDeregisterLogonProcess(HANDLE);
742 NTSTATUS LsaEnumerateAccountRights(LSA_HANDLE, PSID, PLSA_UNICODE_STRING*,
743 PULONG);
744 NTSTATUS LsaEnumerateAccountsWithUserRight(LSA_HANDLE,
745 PLSA_UNICODE_STRING, PVOID*, PULONG);
746 NTSTATUS LsaEnumerateTrustedDomains(LSA_HANDLE, PLSA_ENUMERATION_HANDLE,
747 PVOID*, ULONG, PULONG);
748 NTSTATUS LsaEnumerateTrustedDomainsEx(LSA_HANDLE, PLSA_ENUMERATION_HANDLE,
749 TRUSTED_INFORMATION_CLASS, PVOID*, ULONG, PULONG);
750 NTSTATUS LsaFreeMemory(PVOID);
751 NTSTATUS LsaFreeReturnBuffer(PVOID);
752 NTSTATUS LsaLogonUser(HANDLE, PLSA_STRING, SECURITY_LOGON_TYPE, ULONG,
753 PVOID, ULONG, PTOKEN_GROUPS, PTOKEN_SOURCE, PVOID*, PULONG, PLUID,
754 PHANDLE, PQUOTA_LIMITS, PNTSTATUS);
755 NTSTATUS LsaLookupAuthenticationPackage(HANDLE, PLSA_STRING, PULONG);
756 NTSTATUS LsaLookupNames(LSA_HANDLE, ULONG, PLSA_UNICODE_STRING,
757 PLSA_REFERENCED_DOMAIN_LIST*, PLSA_TRANSLATED_SID*);
758 NTSTATUS LsaLookupSids(LSA_HANDLE, ULONG, PSID*,
759 PLSA_REFERENCED_DOMAIN_LIST*, PLSA_TRANSLATED_NAME*);
760 ULONG LsaNtStatusToWinError(NTSTATUS);
761 NTSTATUS LsaOpenPolicy(PLSA_UNICODE_STRING, PLSA_OBJECT_ATTRIBUTES,
762 ACCESS_MASK, PLSA_HANDLE);
763 NTSTATUS LsaQueryDomainInformationPolicy(LSA_HANDLE,
764 POLICY_DOMAIN_INFORMATION_CLASS, PVOID*);
765 NTSTATUS LsaQueryInformationPolicy(LSA_HANDLE, POLICY_INFORMATION_CLASS,
766 PVOID*);
767 NTSTATUS LsaQueryLocalInformationPolicy(LSA_HANDLE,
768 POLICY_LOCAL_INFORMATION_CLASS, PVOID*);
769 NTSTATUS LsaQueryTrustedDomainInfo(LSA_HANDLE, PSID,
770 TRUSTED_INFORMATION_CLASS, PVOID*);
771 NTSTATUS LsaQueryTrustedDomainInfoByName(LSA_HANDLE, PLSA_UNICODE_STRING,
772 TRUSTED_INFORMATION_CLASS, PVOID*);
773 NTSTATUS LsaRegisterLogonProcess(PLSA_STRING, PHANDLE,
774 PLSA_OPERATIONAL_MODE);
775 NTSTATUS LsaRemoveAccountRights(LSA_HANDLE, PSID, BOOLEAN,
776 PLSA_UNICODE_STRING, ULONG);
777 NTSTATUS LsaRetrievePrivateData(LSA_HANDLE, PLSA_UNICODE_STRING,
778 PLSA_UNICODE_STRING*);
779 NTSTATUS LsaSetDomainInformationPolicy(LSA_HANDLE,
780 POLICY_DOMAIN_INFORMATION_CLASS, PVOID);
781 NTSTATUS LsaSetInformationPolicy(LSA_HANDLE, POLICY_INFORMATION_CLASS,
782 PVOID);
783 NTSTATUS LsaSetLocalInformationPolicy(LSA_HANDLE,
784 POLICY_LOCAL_INFORMATION_CLASS, PVOID);
785 NTSTATUS LsaSetTrustedDomainInformation(LSA_HANDLE, PSID,
786 TRUSTED_INFORMATION_CLASS, PVOID);
787 NTSTATUS LsaSetTrustedDomainInfoByName(LSA_HANDLE, PLSA_UNICODE_STRING,
788 TRUSTED_INFORMATION_CLASS, PVOID);
789 NTSTATUS LsaStorePrivateData(LSA_HANDLE, PLSA_UNICODE_STRING,
790 PLSA_UNICODE_STRING);
791 }
792
793 alias NTSTATUS function(PUNICODE_STRING, ULONG, PUNICODE_STRING)
794 PSAM_PASSWORD_NOTIFICATION_ROUTINE;
795 alias BOOLEAN function() PSAM_INIT_NOTIFICATION_ROUTINE;
796 alias BOOLEAN function(PUNICODE_STRING, PUNICODE_STRING,
797 PUNICODE_STRING, BOOLEAN) PSAM_PASSWORD_FILTER_ROUTINE;
798