1 /***********************************************************************\ 2 * ntsecapi.d * 3 * * 4 * Windows API header module * 5 * * 6 * Translated from MinGW Windows headers * 7 * by Stewart Gordon * 8 * * 9 * Placed into public domain * 10 \***********************************************************************/ 11 module win32.ntsecapi; 12 version(Windows): 13 14 private import 15 win32.basetyps, win32.ntdef, win32.windef, win32.winnt, win32.w32api; 16 17 // FIXME: check types and grouping of constants 18 // FIXME: check Windows version support 19 20 const KERB_WRAP_NO_ENCRYPT = 0x80000001; 21 22 const LOGON_GUEST = 0x00000001; 23 const LOGON_NOENCRYPTION = 0x00000002; 24 const LOGON_CACHED_ACCOUNT = 0x00000004; 25 const LOGON_USED_LM_PASSWORD = 0x00000008; 26 const LOGON_EXTRA_SIDS = 0x00000020; 27 const LOGON_SUBAUTH_SESSION_KEY = 0x00000040; 28 const LOGON_SERVER_TRUST_ACCOUNT = 0x00000080; 29 const LOGON_NTLMV2_ENABLED = 0x00000100; 30 const LOGON_RESOURCE_GROUPS = 0x00000200; 31 const LOGON_PROFILE_PATH_RETURNED = 0x00000400; 32 const LOGON_GRACE_LOGON = 0x01000000; 33 34 enum { 35 LSA_MODE_PASSWORD_PROTECTED = 1, 36 LSA_MODE_INDIVIDUAL_ACCOUNTS, 37 LSA_MODE_MANDATORY_ACCESS, 38 LSA_MODE_LOG_FULL 39 } 40 41 bool LSA_SUCCESS(int x) { return x >= 0; } 42 43 /* TOTHINKABOUT: These constants don't have ANSI/Unicode versioned 44 * aliases. Should we merge them anyway? 45 */ 46 const char[] MICROSOFT_KERBEROS_NAME_A = "Kerberos"; 47 const wchar[] MICROSOFT_KERBEROS_NAME_W = "Kerberos"; 48 const char[] MSV1_0_PACKAGE_NAME = "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"; 49 const wchar[] MSV1_0_PACKAGE_NAMEW = "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"; 50 51 const MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT = 32; 52 const MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT = 2048; 53 const MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = 2; 54 const MSV1_0_CRED_LM_PRESENT = 1; 55 const MSV1_0_CRED_NT_PRESENT = 2; 56 const MSV1_0_CRED_VERSION = 0; 57 const MSV1_0_DONT_TRY_GUEST_ACCOUNT = 16; 58 const MSV1_0_MAX_NTLM3_LIFE = 1800; 59 const MSV1_0_MAX_AVL_SIZE = 64000; 60 const MSV1_0_MNS_LOGON = 16777216; 61 62 const size_t 63 MSV1_0_CHALLENGE_LENGTH = 8, 64 MSV1_0_LANMAN_SESSION_KEY_LENGTH = 8, 65 MSV1_0_NTLM3_RESPONSE_LENGTH = 16, 66 MSV1_0_NTLM3_OWF_LENGTH = 16, 67 MSV1_0_NTLM3_INPUT_LENGTH = MSV1_0_NTLM3_RESPONSE.sizeof 68 - MSV1_0_NTLM3_RESPONSE_LENGTH, 69 MSV1_0_OWF_PASSWORD_LENGTH = 16, 70 MSV1_0_PACKAGE_NAMEW_LENGTH = MSV1_0_PACKAGE_NAMEW.sizeof 71 - WCHAR.sizeof; 72 73 const MSV1_0_RETURN_USER_PARAMETERS = 8; 74 const MSV1_0_RETURN_PASSWORD_EXPIRY = 64; 75 const MSV1_0_RETURN_PROFILE_PATH = 512; 76 const MSV1_0_SUBAUTHENTICATION_DLL_EX = 1048576; 77 const MSV1_0_SUBAUTHENTICATION_DLL = 0xff000000; 78 const MSV1_0_SUBAUTHENTICATION_DLL_SHIFT = 24; 79 const MSV1_0_SUBAUTHENTICATION_DLL_RAS = 2; 80 const MSV1_0_SUBAUTHENTICATION_DLL_IIS = 132; 81 const MSV1_0_SUBAUTHENTICATION_FLAGS = 0xff000000; 82 const MSV1_0_TRY_GUEST_ACCOUNT_ONLY = 256; 83 const MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY = 1024; 84 const MSV1_0_UPDATE_LOGON_STATISTICS = 4; 85 const MSV1_0_USE_CLIENT_CHALLENGE = 128; 86 const MSV1_0_USER_SESSION_KEY_LENGTH = 16; 87 88 const char[] 89 MSV1_0_SUBAUTHENTICATION_KEY 90 = `System\CurrentControlSet\Control\Lsa\MSV1_0`, 91 MSV1_0_SUBAUTHENTICATION_VALUE = "Auth"; 92 93 const ACCESS_MASK 94 POLICY_VIEW_LOCAL_INFORMATION = 0x0001, 95 POLICY_VIEW_AUDIT_INFORMATION = 0x0002, 96 POLICY_GET_PRIVATE_INFORMATION = 0x0004, 97 POLICY_TRUST_ADMIN = 0x0008, 98 POLICY_CREATE_ACCOUNT = 0x0010, 99 POLICY_CREATE_SECRET = 0x0020, 100 POLICY_CREATE_PRIVILEGE = 0x0040, 101 POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x0080, 102 POLICY_SET_AUDIT_REQUIREMENTS = 0x0100, 103 POLICY_AUDIT_LOG_ADMIN = 0x0200, 104 POLICY_SERVER_ADMIN = 0x0400, 105 POLICY_LOOKUP_NAMES = 0x0800, 106 107 POLICY_READ = STANDARD_RIGHTS_READ | 0x0006, 108 POLICY_WRITE = STANDARD_RIGHTS_WRITE | 0x07F8, 109 POLICY_EXECUTE = STANDARD_RIGHTS_EXECUTE | 0x0801, 110 POLICY_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED | 0x0FFF; 111 112 const POLICY_AUDIT_EVENT_UNCHANGED = 0; 113 const POLICY_AUDIT_EVENT_SUCCESS = 1; 114 const POLICY_AUDIT_EVENT_FAILURE = 2; 115 const POLICY_AUDIT_EVENT_NONE = 4; 116 const POLICY_AUDIT_EVENT_MASK = 7; 117 118 enum { 119 POLICY_LOCATION_LOCAL = 1, 120 POLICY_LOCATION_DS 121 } 122 123 enum : uint { 124 POLICY_MACHINE_POLICY_LOCAL = 0, 125 POLICY_MACHINE_POLICY_DEFAULTED, 126 POLICY_MACHINE_POLICY_EXPLICIT, 127 POLICY_MACHINE_POLICY_UNKNOWN = 0xFFFFFFFF 128 } 129 130 131 const POLICY_QOS_SCHANEL_REQUIRED = 0x0001; 132 const POLICY_QOS_OUTBOUND_INTEGRITY = 0x0002; 133 const POLICY_QOS_OUTBOUND_CONFIDENTIALITY = 0x0004; 134 const POLICY_QOS_INBOUND_INTEGREITY = 0x0008; 135 const POLICY_QOS_INBOUND_CONFIDENTIALITY = 0x0010; 136 const POLICY_QOS_ALLOW_LOCAL_ROOT_CERT_STORE = 0x0020; 137 const POLICY_QOS_RAS_SERVER_ALLOWED = 0x0040; 138 const POLICY_QOS_DHCP_SERVER_ALLOWD = 0x0080; 139 140 const POLICY_KERBEROS_FORWARDABLE = 1; 141 const POLICY_KERBEROS_PROXYABLE = 2; 142 const POLICY_KERBEROS_RENEWABLE = 4; 143 const POLICY_KERBEROS_POSTDATEABLE = 8; 144 145 const char[] 146 SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE = "PasswordChangeNotify", 147 SAM_INIT_NOTIFICATION_ROUTINE = "InitializeChangeNotify", 148 SAM_PASSWORD_FILTER_ROUTINE = "PasswordFilter"; 149 150 const TCHAR[] 151 SE_INTERACTIVE_LOGON_NAME = "SeInteractiveLogonRight", 152 SE_NETWORK_LOGON_NAME = "SeNetworkLogonRight", 153 SE_BATCH_LOGON_NAME = "SeBatchLogonRight", 154 SE_SERVICE_LOGON_NAME = "SeServiceLogonRight"; 155 156 enum { 157 TRUST_ATTRIBUTE_NON_TRANSITIVE = 1, 158 TRUST_ATTRIBUTE_UPLEVEL_ONLY = 2, 159 TRUST_ATTRIBUTE_TREE_PARENT = 4194304, 160 TRUST_ATTRIBUTES_VALID = -16580609 161 } 162 163 enum { 164 TRUST_AUTH_TYPE_NONE, 165 TRUST_AUTH_TYPE_NT4OWF, 166 TRUST_AUTH_TYPE_CLEAR 167 } 168 169 enum { 170 TRUST_DIRECTION_DISABLED, 171 TRUST_DIRECTION_INBOUND, 172 TRUST_DIRECTION_OUTBOUND, 173 TRUST_DIRECTION_BIDIRECTIONAL 174 } 175 176 enum { 177 TRUST_TYPE_DOWNLEVEL = 1, 178 TRUST_TYPE_UPLEVEL, 179 TRUST_TYPE_MIT, 180 TRUST_TYPE_DCE 181 } 182 183 alias UNICODE_STRING LSA_UNICODE_STRING; 184 alias UNICODE_STRING* PLSA_UNICODE_STRING; 185 alias STRING LSA_STRING; 186 alias STRING* PLSA_STRING; 187 188 enum MSV1_0_LOGON_SUBMIT_TYPE { 189 MsV1_0InteractiveLogon = 2, 190 MsV1_0Lm20Logon, 191 MsV1_0NetworkLogon, 192 MsV1_0SubAuthLogon, 193 MsV1_0WorkstationUnlockLogon = 7 194 } 195 alias MSV1_0_LOGON_SUBMIT_TYPE* PMSV1_0_LOGON_SUBMIT_TYPE; 196 197 enum MSV1_0_PROFILE_BUFFER_TYPE { 198 MsV1_0InteractiveProfile = 2, 199 MsV1_0Lm20LogonProfile, 200 MsV1_0SmartCardProfile 201 } 202 alias MSV1_0_PROFILE_BUFFER_TYPE* PMSV1_0_PROFILE_BUFFER_TYPE; 203 204 205 enum MSV1_0_AVID { 206 MsvAvEOL, 207 MsvAvNbComputerName, 208 MsvAvNbDomainName, 209 MsvAvDnsComputerName, 210 MsvAvDnsDomainName 211 } 212 213 enum MSV1_0_PROTOCOL_MESSAGE_TYPE { 214 MsV1_0Lm20ChallengeRequest = 0, 215 MsV1_0Lm20GetChallengeResponse, 216 MsV1_0EnumerateUsers, 217 MsV1_0GetUserInfo, 218 MsV1_0ReLogonUsers, 219 MsV1_0ChangePassword, 220 MsV1_0ChangeCachedPassword, 221 MsV1_0GenericPassthrough, 222 MsV1_0CacheLogon, 223 MsV1_0SubAuth, 224 MsV1_0DeriveCredential, 225 MsV1_0CacheLookup 226 } 227 alias MSV1_0_PROTOCOL_MESSAGE_TYPE* PMSV1_0_PROTOCOL_MESSAGE_TYPE; 228 229 enum POLICY_LSA_SERVER_ROLE { 230 PolicyServerRoleBackup = 2, 231 PolicyServerRolePrimary 232 } 233 alias POLICY_LSA_SERVER_ROLE* PPOLICY_LSA_SERVER_ROLE; 234 235 enum POLICY_SERVER_ENABLE_STATE { 236 PolicyServerEnabled = 2, 237 PolicyServerDisabled 238 } 239 alias POLICY_SERVER_ENABLE_STATE* PPOLICY_SERVER_ENABLE_STATE; 240 241 enum POLICY_INFORMATION_CLASS { 242 PolicyAuditLogInformation = 1, 243 PolicyAuditEventsInformation, 244 PolicyPrimaryDomainInformation, 245 PolicyPdAccountInformation, 246 PolicyAccountDomainInformation, 247 PolicyLsaServerRoleInformation, 248 PolicyReplicaSourceInformation, 249 PolicyDefaultQuotaInformation, 250 PolicyModificationInformation, 251 PolicyAuditFullSetInformation, 252 PolicyAuditFullQueryInformation, 253 PolicyDnsDomainInformation, 254 PolicyEfsInformation 255 } 256 alias POLICY_INFORMATION_CLASS* PPOLICY_INFORMATION_CLASS; 257 258 enum POLICY_AUDIT_EVENT_TYPE { 259 AuditCategorySystem, 260 AuditCategoryLogon, 261 AuditCategoryObjectAccess, 262 AuditCategoryPrivilegeUse, 263 AuditCategoryDetailedTracking, 264 AuditCategoryPolicyChange, 265 AuditCategoryAccountManagement, 266 AuditCategoryDirectoryServiceAccess, 267 AuditCategoryAccountLogon 268 } 269 alias POLICY_AUDIT_EVENT_TYPE* PPOLICY_AUDIT_EVENT_TYPE; 270 271 enum POLICY_LOCAL_INFORMATION_CLASS { 272 PolicyLocalAuditEventsInformation = 1, 273 PolicyLocalPdAccountInformation, 274 PolicyLocalAccountDomainInformation, 275 PolicyLocalLsaServerRoleInformation, 276 PolicyLocalReplicaSourceInformation, 277 PolicyLocalModificationInformation, 278 PolicyLocalAuditFullSetInformation, 279 PolicyLocalAuditFullQueryInformation, 280 PolicyLocalDnsDomainInformation, 281 PolicyLocalIPSecReferenceInformation, 282 PolicyLocalMachinePasswordInformation, 283 PolicyLocalQualityOfServiceInformation, 284 PolicyLocalPolicyLocationInformation 285 } 286 alias POLICY_LOCAL_INFORMATION_CLASS* PPOLICY_LOCAL_INFORMATION_CLASS; 287 288 enum POLICY_DOMAIN_INFORMATION_CLASS { 289 PolicyDomainIPSecReferenceInformation = 1, 290 PolicyDomainQualityOfServiceInformation, 291 PolicyDomainEfsInformation, 292 PolicyDomainPublicKeyInformation, 293 PolicyDomainPasswordPolicyInformation, 294 PolicyDomainLockoutInformation, 295 PolicyDomainKerberosTicketInformation 296 } 297 alias POLICY_DOMAIN_INFORMATION_CLASS* PPOLICY_DOMAIN_INFORMATION_CLASS; 298 299 enum SECURITY_LOGON_TYPE { 300 Interactive = 2, 301 Network, 302 Batch, 303 Service, 304 Proxy, 305 Unlock 306 } 307 alias SECURITY_LOGON_TYPE* PSECURITY_LOGON_TYPE; 308 309 enum TRUSTED_INFORMATION_CLASS { 310 TrustedDomainNameInformation = 1, 311 TrustedControllersInformation, 312 TrustedPosixOffsetInformation, 313 TrustedPasswordInformation, 314 TrustedDomainInformationBasic, 315 TrustedDomainInformationEx, 316 TrustedDomainAuthInformation, 317 TrustedDomainFullInformation 318 } 319 alias TRUSTED_INFORMATION_CLASS* PTRUSTED_INFORMATION_CLASS; 320 321 struct DOMAIN_PASSWORD_INFORMATION { 322 USHORT MinPasswordLength; 323 USHORT PasswordHistoryLength; 324 ULONG PasswordProperties; 325 LARGE_INTEGER MaxPasswordAge; 326 LARGE_INTEGER MinPasswordAge; 327 } 328 alias DOMAIN_PASSWORD_INFORMATION* PDOMAIN_PASSWORD_INFORMATION; 329 330 struct LSA_ENUMERATION_INFORMATION { 331 PSID Sid; 332 } 333 alias LSA_ENUMERATION_INFORMATION* PLSA_ENUMERATION_INFORMATION; 334 335 alias OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES; 336 alias OBJECT_ATTRIBUTES* PLSA_OBJECT_ATTRIBUTES; 337 338 struct LSA_TRUST_INFORMATION { 339 LSA_UNICODE_STRING Name; 340 PSID Sid; 341 } 342 alias LSA_TRUST_INFORMATION TRUSTED_DOMAIN_INFORMATION_BASIC; 343 alias LSA_TRUST_INFORMATION* PLSA_TRUST_INFORMATION; 344 /* in MinGW (further down the code): 345 * typedef PLSA_TRUST_INFORMATION *PTRUSTED_DOMAIN_INFORMATION_BASIC; 346 * but it doesn't look right.... 347 */ 348 alias LSA_TRUST_INFORMATION** PTRUSTED_DOMAIN_INFORMATION_BASIC; 349 350 struct LSA_REFERENCED_DOMAIN_LIST { 351 ULONG Entries; 352 PLSA_TRUST_INFORMATION Domains; 353 } 354 alias LSA_REFERENCED_DOMAIN_LIST* PLSA_REFERENCED_DOMAIN_LIST; 355 356 struct LSA_TRANSLATED_SID { 357 SID_NAME_USE Use; 358 ULONG RelativeId; 359 LONG DomainIndex; 360 } 361 alias LSA_TRANSLATED_SID* PLSA_TRANSLATED_SID; 362 363 struct LSA_TRANSLATED_NAME { 364 SID_NAME_USE Use; 365 LSA_UNICODE_STRING Name; 366 LONG DomainIndex; 367 } 368 alias LSA_TRANSLATED_NAME* PLSA_TRANSLATED_NAME; 369 370 struct MSV1_0_INTERACTIVE_LOGON { 371 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 372 UNICODE_STRING LogonDomainName; 373 UNICODE_STRING UserName; 374 UNICODE_STRING Password; 375 } 376 alias MSV1_0_INTERACTIVE_LOGON* PMSV1_0_INTERACTIVE_LOGON; 377 378 struct MSV1_0_INTERACTIVE_PROFILE { 379 MSV1_0_PROFILE_BUFFER_TYPE MessageType; 380 USHORT LogonCount; 381 USHORT BadPasswordCount; 382 LARGE_INTEGER LogonTime; 383 LARGE_INTEGER LogoffTime; 384 LARGE_INTEGER KickOffTime; 385 LARGE_INTEGER PasswordLastSet; 386 LARGE_INTEGER PasswordCanChange; 387 LARGE_INTEGER PasswordMustChange; 388 UNICODE_STRING LogonScript; 389 UNICODE_STRING HomeDirectory; 390 UNICODE_STRING FullName; 391 UNICODE_STRING ProfilePath; 392 UNICODE_STRING HomeDirectoryDrive; 393 UNICODE_STRING LogonServer; 394 ULONG UserFlags; 395 } 396 alias MSV1_0_INTERACTIVE_PROFILE* PMSV1_0_INTERACTIVE_PROFILE; 397 398 struct MSV1_0_LM20_LOGON { 399 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 400 UNICODE_STRING LogonDomainName; 401 UNICODE_STRING UserName; 402 UNICODE_STRING Workstation; 403 UCHAR[MSV1_0_CHALLENGE_LENGTH] ChallengeToClient; 404 STRING CaseSensitiveChallengeResponse; 405 STRING CaseInsensitiveChallengeResponse; 406 ULONG ParameterControl; 407 } 408 alias MSV1_0_LM20_LOGON* PMSV1_0_LM20_LOGON; 409 410 static if (_WIN32_WINNT >= 0x500) { 411 struct MSV1_0_SUBAUTH_LOGON { 412 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 413 UNICODE_STRING LogonDomainName; 414 UNICODE_STRING UserName; 415 UNICODE_STRING Workstation; 416 UCHAR[MSV1_0_CHALLENGE_LENGTH] ChallengeToClient; 417 STRING AuthenticationInfo1; 418 STRING AuthenticationInfo2; 419 ULONG ParameterControl; 420 ULONG SubAuthPackageId; 421 } 422 alias MSV1_0_SUBAUTH_LOGON* PMSV1_0_SUBAUTH_LOGON; 423 } 424 425 struct MSV1_0_LM20_LOGON_PROFILE { 426 MSV1_0_PROFILE_BUFFER_TYPE MessageType; 427 LARGE_INTEGER KickOffTime; 428 LARGE_INTEGER LogoffTime; 429 ULONG UserFlags; 430 UCHAR[MSV1_0_USER_SESSION_KEY_LENGTH] UserSessionKey; 431 UNICODE_STRING LogonDomainName; 432 UCHAR[MSV1_0_LANMAN_SESSION_KEY_LENGTH] LanmanSessionKey; 433 UNICODE_STRING LogonServer; 434 UNICODE_STRING UserParameters; 435 } 436 alias MSV1_0_LM20_LOGON_PROFILE* PMSV1_0_LM20_LOGON_PROFILE; 437 438 struct MSV1_0_SUPPLEMENTAL_CREDENTIAL { 439 ULONG Version; 440 ULONG Flags; 441 UCHAR[MSV1_0_OWF_PASSWORD_LENGTH] LmPassword; 442 UCHAR[MSV1_0_OWF_PASSWORD_LENGTH] NtPassword; 443 } 444 alias MSV1_0_SUPPLEMENTAL_CREDENTIAL* PMSV1_0_SUPPLEMENTAL_CREDENTIAL; 445 446 struct MSV1_0_NTLM3_RESPONSE { 447 UCHAR[MSV1_0_NTLM3_RESPONSE_LENGTH] Response; 448 UCHAR RespType; 449 UCHAR HiRespType; 450 USHORT Flags; 451 ULONG MsgWord; 452 ULONGLONG TimeStamp; 453 UCHAR[MSV1_0_CHALLENGE_LENGTH] ChallengeFromClient; 454 ULONG AvPairsOff; 455 UCHAR _Buffer; 456 UCHAR* Buffer() { return &_Buffer; } 457 } 458 alias MSV1_0_NTLM3_RESPONSE* PMSV1_0_NTLM3_RESPONSE; 459 460 struct MSV1_0_AV_PAIR { 461 USHORT AvId; 462 USHORT AvLen; 463 } 464 alias MSV1_0_AV_PAIR* PMSV1_0_AV_PAIR; 465 466 struct MSV1_0_CHANGEPASSWORD_REQUEST { 467 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 468 UNICODE_STRING DomainName; 469 UNICODE_STRING AccountName; 470 UNICODE_STRING OldPassword; 471 UNICODE_STRING NewPassword; 472 BOOLEAN Impersonating; 473 } 474 alias MSV1_0_CHANGEPASSWORD_REQUEST* PMSV1_0_CHANGEPASSWORD_REQUEST; 475 476 struct MSV1_0_CHANGEPASSWORD_RESPONSE { 477 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 478 BOOLEAN PasswordInfoValid; 479 DOMAIN_PASSWORD_INFORMATION DomainPasswordInfo; 480 } 481 alias MSV1_0_CHANGEPASSWORD_RESPONSE* PMSV1_0_CHANGEPASSWORD_RESPONSE; 482 483 struct MSV1_0_SUBAUTH_REQUEST { 484 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 485 ULONG SubAuthPackageId; 486 ULONG SubAuthInfoLength; 487 PUCHAR SubAuthSubmitBuffer; 488 } 489 alias MSV1_0_SUBAUTH_REQUEST* PMSV1_0_SUBAUTH_REQUEST; 490 491 struct MSV1_0_SUBAUTH_RESPONSE { 492 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 493 ULONG SubAuthInfoLength; 494 PUCHAR SubAuthReturnBuffer; 495 } 496 alias MSV1_0_SUBAUTH_RESPONSE* PMSV1_0_SUBAUTH_RESPONSE; 497 498 const MSV1_0_DERIVECRED_TYPE_SHA1 = 0; 499 500 struct MSV1_0_DERIVECRED_REQUEST { 501 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 502 LUID LogonId; 503 ULONG DeriveCredType; 504 ULONG DeriveCredInfoLength; 505 UCHAR _DeriveCredSubmitBuffer; 506 UCHAR* DeriveCredSubmitBuffer() { return &_DeriveCredSubmitBuffer; } 507 } 508 alias MSV1_0_DERIVECRED_REQUEST* PMSV1_0_DERIVECRED_REQUEST; 509 510 struct MSV1_0_DERIVECRED_RESPONSE { 511 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 512 ULONG DeriveCredInfoLength; 513 UCHAR _DeriveCredReturnBuffer; 514 UCHAR* DeriveCredReturnBuffer() { return &_DeriveCredReturnBuffer; } 515 } 516 alias MSV1_0_DERIVECRED_RESPONSE* PMSV1_0_DERIVECRED_RESPONSE; 517 518 alias uint LSA_ENUMERATION_HANDLE, LSA_OPERATIONAL_MODE, 519 POLICY_AUDIT_EVENT_OPTIONS; 520 alias uint* PLSA_ENUMERATION_HANDLE, PLSA_OPERATIONAL_MODE, 521 PPOLICY_AUDIT_EVENT_OPTIONS; 522 523 struct POLICY_PRIVILEGE_DEFINITION { 524 LSA_UNICODE_STRING Name; 525 LUID LocalValue; 526 } 527 alias POLICY_PRIVILEGE_DEFINITION* PPOLICY_PRIVILEGE_DEFINITION; 528 529 struct POLICY_AUDIT_LOG_INFO { 530 ULONG AuditLogPercentFull; 531 ULONG MaximumLogSize; 532 LARGE_INTEGER AuditRetentionPeriod; 533 BOOLEAN AuditLogFullShutdownInProgress; 534 LARGE_INTEGER TimeToShutdown; 535 ULONG NextAuditRecordId; 536 } 537 alias POLICY_AUDIT_LOG_INFO* PPOLICY_AUDIT_LOG_INFO; 538 539 struct POLICY_AUDIT_EVENTS_INFO { 540 BOOLEAN AuditingMode; 541 PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions; 542 ULONG MaximumAuditEventCount; 543 } 544 alias POLICY_AUDIT_EVENTS_INFO* PPOLICY_AUDIT_EVENTS_INFO; 545 546 struct POLICY_ACCOUNT_DOMAIN_INFO { 547 LSA_UNICODE_STRING DomainName; 548 PSID DomainSid; 549 } 550 alias POLICY_ACCOUNT_DOMAIN_INFO* PPOLICY_ACCOUNT_DOMAIN_INFO; 551 552 struct POLICY_PRIMARY_DOMAIN_INFO { 553 LSA_UNICODE_STRING Name; 554 PSID Sid; 555 } 556 alias POLICY_PRIMARY_DOMAIN_INFO* PPOLICY_PRIMARY_DOMAIN_INFO; 557 558 struct POLICY_DNS_DOMAIN_INFO { 559 LSA_UNICODE_STRING Name; 560 LSA_UNICODE_STRING DnsDomainName; 561 LSA_UNICODE_STRING DnsTreeName; 562 GUID DomainGuid; 563 PSID Sid; 564 } 565 alias POLICY_DNS_DOMAIN_INFO* PPOLICY_DNS_DOMAIN_INFO; 566 567 struct POLICY_PD_ACCOUNT_INFO { 568 LSA_UNICODE_STRING Name; 569 } 570 alias POLICY_PD_ACCOUNT_INFO* PPOLICY_PD_ACCOUNT_INFO; 571 572 struct POLICY_LSA_SERVER_ROLE_INFO { 573 POLICY_LSA_SERVER_ROLE LsaServerRole; 574 } 575 alias POLICY_LSA_SERVER_ROLE_INFO* PPOLICY_LSA_SERVER_ROLE_INFO; 576 577 struct POLICY_REPLICA_SOURCE_INFO { 578 LSA_UNICODE_STRING ReplicaSource; 579 LSA_UNICODE_STRING ReplicaAccountName; 580 } 581 alias POLICY_REPLICA_SOURCE_INFO* PPOLICY_REPLICA_SOURCE_INFO; 582 583 struct POLICY_DEFAULT_QUOTA_INFO { 584 QUOTA_LIMITS QuotaLimits; 585 } 586 alias POLICY_DEFAULT_QUOTA_INFO* PPOLICY_DEFAULT_QUOTA_INFO; 587 588 struct POLICY_MODIFICATION_INFO { 589 LARGE_INTEGER ModifiedId; 590 LARGE_INTEGER DatabaseCreationTime; 591 } 592 alias POLICY_MODIFICATION_INFO* PPOLICY_MODIFICATION_INFO; 593 594 struct POLICY_AUDIT_FULL_SET_INFO { 595 BOOLEAN ShutDownOnFull; 596 } 597 alias POLICY_AUDIT_FULL_SET_INFO* PPOLICY_AUDIT_FULL_SET_INFO; 598 599 struct POLICY_AUDIT_FULL_QUERY_INFO { 600 BOOLEAN ShutDownOnFull; 601 BOOLEAN LogIsFull; 602 } 603 alias POLICY_AUDIT_FULL_QUERY_INFO* PPOLICY_AUDIT_FULL_QUERY_INFO; 604 605 struct POLICY_EFS_INFO { 606 ULONG InfoLength; 607 PUCHAR EfsBlob; 608 } 609 alias POLICY_EFS_INFO* PPOLICY_EFS_INFO; 610 611 struct POLICY_LOCAL_IPSEC_REFERENCE_INFO { 612 LSA_UNICODE_STRING ObjectPath; 613 } 614 alias POLICY_LOCAL_IPSEC_REFERENCE_INFO* PPOLICY_LOCAL_IPSEC_REFERENCE_INFO; 615 616 struct POLICY_LOCAL_MACHINE_PASSWORD_INFO { 617 LARGE_INTEGER PasswordChangeInterval; 618 } 619 alias POLICY_LOCAL_MACHINE_PASSWORD_INFO* PPOLICY_LOCAL_MACHINE_PASSWORD_INFO; 620 621 struct POLICY_LOCAL_POLICY_LOCATION_INFO { 622 ULONG PolicyLocation; 623 } 624 alias POLICY_LOCAL_POLICY_LOCATION_INFO* PPOLICY_LOCAL_POLICY_LOCATION_INFO; 625 626 struct POLICY_LOCAL_QUALITY_OF_SERVICE_INFO{ 627 ULONG QualityOfService; 628 } 629 alias POLICY_LOCAL_QUALITY_OF_SERVICE_INFO 630 POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO; 631 alias POLICY_LOCAL_QUALITY_OF_SERVICE_INFO* 632 PPOLICY_LOCAL_QUALITY_OF_SERVICE_INFO, 633 PPOLICY_DOMAIN_QUALITY_OF_SERVICE_INFO; 634 635 struct POLICY_DOMAIN_PUBLIC_KEY_INFO { 636 ULONG InfoLength; 637 PUCHAR PublicKeyInfo; 638 } 639 alias POLICY_DOMAIN_PUBLIC_KEY_INFO* PPOLICY_DOMAIN_PUBLIC_KEY_INFO; 640 641 struct POLICY_DOMAIN_LOCKOUT_INFO { 642 LARGE_INTEGER LockoutDuration; 643 LARGE_INTEGER LockoutObservationWindow; 644 USHORT LockoutThreshold; 645 } 646 alias POLICY_DOMAIN_LOCKOUT_INFO* PPOLICY_DOMAIN_LOCKOUT_INFO; 647 648 struct POLICY_DOMAIN_PASSWORD_INFO { 649 USHORT MinPasswordLength; 650 USHORT PasswordHistoryLength; 651 ULONG PasswordProperties; 652 LARGE_INTEGER MaxPasswordAge; 653 LARGE_INTEGER MinPasswordAge; 654 } 655 alias POLICY_DOMAIN_PASSWORD_INFO* PPOLICY_DOMAIN_PASSWORD_INFO; 656 657 struct POLICY_DOMAIN_KERBEROS_TICKET_INFO { 658 ULONG AuthenticationOptions; 659 LARGE_INTEGER MinTicketAge; 660 LARGE_INTEGER MaxTicketAge; 661 LARGE_INTEGER MaxRenewAge; 662 LARGE_INTEGER ProxyLifetime; 663 LARGE_INTEGER ForceLogoff; 664 } 665 alias POLICY_DOMAIN_KERBEROS_TICKET_INFO* PPOLICY_DOMAIN_KERBEROS_TICKET_INFO; 666 667 mixin DECLARE_HANDLE!("LSA_HANDLE"); 668 alias LSA_HANDLE* PLSA_HANDLE; 669 670 struct TRUSTED_DOMAIN_NAME_INFO { 671 LSA_UNICODE_STRING Name; 672 } 673 alias TRUSTED_DOMAIN_NAME_INFO* PTRUSTED_DOMAIN_NAME_INFO; 674 675 struct TRUSTED_CONTROLLERS_INFO { 676 ULONG Entries; 677 PLSA_UNICODE_STRING Names; 678 } 679 alias TRUSTED_CONTROLLERS_INFO* PTRUSTED_CONTROLLERS_INFO; 680 681 struct TRUSTED_POSIX_OFFSET_INFO { 682 ULONG Offset; 683 } 684 alias TRUSTED_POSIX_OFFSET_INFO* PTRUSTED_POSIX_OFFSET_INFO; 685 686 struct TRUSTED_PASSWORD_INFO { 687 LSA_UNICODE_STRING Password; 688 LSA_UNICODE_STRING OldPassword; 689 } 690 alias TRUSTED_PASSWORD_INFO* PTRUSTED_PASSWORD_INFO; 691 692 struct TRUSTED_DOMAIN_INFORMATION_EX { 693 LSA_UNICODE_STRING Name; 694 LSA_UNICODE_STRING FlatName; 695 PSID Sid; 696 ULONG TrustDirection; 697 ULONG TrustType; 698 ULONG TrustAttributes; 699 } 700 alias TRUSTED_DOMAIN_INFORMATION_EX* PTRUSTED_DOMAIN_INFORMATION_EX; 701 702 struct LSA_AUTH_INFORMATION { 703 LARGE_INTEGER LastUpdateTime; 704 ULONG AuthType; 705 ULONG AuthInfoLength; 706 PUCHAR AuthInfo; 707 } 708 alias LSA_AUTH_INFORMATION* PLSA_AUTH_INFORMATION; 709 710 struct TRUSTED_DOMAIN_AUTH_INFORMATION { 711 ULONG IncomingAuthInfos; 712 PLSA_AUTH_INFORMATION IncomingAuthenticationInformation; 713 PLSA_AUTH_INFORMATION IncomingPreviousAuthenticationInformation; 714 ULONG OutgoingAuthInfos; 715 PLSA_AUTH_INFORMATION OutgoingAuthenticationInformation; 716 PLSA_AUTH_INFORMATION OutgoingPreviousAuthenticationInformation; 717 } 718 alias TRUSTED_DOMAIN_AUTH_INFORMATION* PTRUSTED_DOMAIN_AUTH_INFORMATION; 719 720 struct TRUSTED_DOMAIN_FULL_INFORMATION { 721 TRUSTED_DOMAIN_INFORMATION_EX Information; 722 TRUSTED_POSIX_OFFSET_INFO PosixOffset; 723 TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation; 724 } 725 alias TRUSTED_DOMAIN_FULL_INFORMATION* PTRUSTED_DOMAIN_FULL_INFORMATION; 726 727 extern (Windows) { 728 NTSTATUS LsaAddAccountRights(LSA_HANDLE, PSID, PLSA_UNICODE_STRING, 729 ULONG); 730 NTSTATUS LsaCallAuthenticationPackage(HANDLE, ULONG, PVOID, ULONG, 731 PVOID*, PULONG, PNTSTATUS); 732 NTSTATUS LsaClose(LSA_HANDLE); 733 NTSTATUS LsaConnectUntrusted(PHANDLE); 734 NTSTATUS LsaCreateTrustedDomainEx(LSA_HANDLE, 735 PTRUSTED_DOMAIN_INFORMATION_EX, PTRUSTED_DOMAIN_AUTH_INFORMATION, 736 ACCESS_MASK, PLSA_HANDLE); 737 NTSTATUS LsaDeleteTrustedDomain(LSA_HANDLE, PSID); 738 NTSTATUS LsaDeregisterLogonProcess(HANDLE); 739 NTSTATUS LsaEnumerateAccountRights(LSA_HANDLE, PSID, PLSA_UNICODE_STRING*, 740 PULONG); 741 NTSTATUS LsaEnumerateAccountsWithUserRight(LSA_HANDLE, 742 PLSA_UNICODE_STRING, PVOID*, PULONG); 743 NTSTATUS LsaEnumerateTrustedDomains(LSA_HANDLE, PLSA_ENUMERATION_HANDLE, 744 PVOID*, ULONG, PULONG); 745 NTSTATUS LsaEnumerateTrustedDomainsEx(LSA_HANDLE, PLSA_ENUMERATION_HANDLE, 746 TRUSTED_INFORMATION_CLASS, PVOID*, ULONG, PULONG); 747 NTSTATUS LsaFreeMemory(PVOID); 748 NTSTATUS LsaFreeReturnBuffer(PVOID); 749 NTSTATUS LsaLogonUser(HANDLE, PLSA_STRING, SECURITY_LOGON_TYPE, ULONG, 750 PVOID, ULONG, PTOKEN_GROUPS, PTOKEN_SOURCE, PVOID*, PULONG, PLUID, 751 PHANDLE, PQUOTA_LIMITS, PNTSTATUS); 752 NTSTATUS LsaLookupAuthenticationPackage(HANDLE, PLSA_STRING, PULONG); 753 NTSTATUS LsaLookupNames(LSA_HANDLE, ULONG, PLSA_UNICODE_STRING, 754 PLSA_REFERENCED_DOMAIN_LIST*, PLSA_TRANSLATED_SID*); 755 NTSTATUS LsaLookupSids(LSA_HANDLE, ULONG, PSID*, 756 PLSA_REFERENCED_DOMAIN_LIST*, PLSA_TRANSLATED_NAME*); 757 ULONG LsaNtStatusToWinError(NTSTATUS); 758 NTSTATUS LsaOpenPolicy(PLSA_UNICODE_STRING, PLSA_OBJECT_ATTRIBUTES, 759 ACCESS_MASK, PLSA_HANDLE); 760 NTSTATUS LsaQueryDomainInformationPolicy(LSA_HANDLE, 761 POLICY_DOMAIN_INFORMATION_CLASS, PVOID*); 762 NTSTATUS LsaQueryInformationPolicy(LSA_HANDLE, POLICY_INFORMATION_CLASS, 763 PVOID*); 764 NTSTATUS LsaQueryLocalInformationPolicy(LSA_HANDLE, 765 POLICY_LOCAL_INFORMATION_CLASS, PVOID*); 766 NTSTATUS LsaQueryTrustedDomainInfo(LSA_HANDLE, PSID, 767 TRUSTED_INFORMATION_CLASS, PVOID*); 768 NTSTATUS LsaQueryTrustedDomainInfoByName(LSA_HANDLE, PLSA_UNICODE_STRING, 769 TRUSTED_INFORMATION_CLASS, PVOID*); 770 NTSTATUS LsaRegisterLogonProcess(PLSA_STRING, PHANDLE, 771 PLSA_OPERATIONAL_MODE); 772 NTSTATUS LsaRemoveAccountRights(LSA_HANDLE, PSID, BOOLEAN, 773 PLSA_UNICODE_STRING, ULONG); 774 NTSTATUS LsaRetrievePrivateData(LSA_HANDLE, PLSA_UNICODE_STRING, 775 PLSA_UNICODE_STRING*); 776 NTSTATUS LsaSetDomainInformationPolicy(LSA_HANDLE, 777 POLICY_DOMAIN_INFORMATION_CLASS, PVOID); 778 NTSTATUS LsaSetInformationPolicy(LSA_HANDLE, POLICY_INFORMATION_CLASS, 779 PVOID); 780 NTSTATUS LsaSetLocalInformationPolicy(LSA_HANDLE, 781 POLICY_LOCAL_INFORMATION_CLASS, PVOID); 782 NTSTATUS LsaSetTrustedDomainInformation(LSA_HANDLE, PSID, 783 TRUSTED_INFORMATION_CLASS, PVOID); 784 NTSTATUS LsaSetTrustedDomainInfoByName(LSA_HANDLE, PLSA_UNICODE_STRING, 785 TRUSTED_INFORMATION_CLASS, PVOID); 786 NTSTATUS LsaStorePrivateData(LSA_HANDLE, PLSA_UNICODE_STRING, 787 PLSA_UNICODE_STRING); 788 } 789 790 alias NTSTATUS function(PUNICODE_STRING, ULONG, PUNICODE_STRING) 791 PSAM_PASSWORD_NOTIFICATION_ROUTINE; 792 alias BOOLEAN function() PSAM_INIT_NOTIFICATION_ROUTINE; 793 alias BOOLEAN function(PUNICODE_STRING, PUNICODE_STRING, 794 PUNICODE_STRING, BOOLEAN) PSAM_PASSWORD_FILTER_ROUTINE;