1 /***********************************************************************\
2 * ntsecapi.d *
3 * *
4 * Windows API header module *
5 * *
6 * Translated from MinGW Windows headers *
7 * by Stewart Gordon *
8 * *
9 * Placed into public domain *
10 \***********************************************************************/
11 module win32.ntsecapi;
12 version(Windows):
13
14 private import
15 win32.basetyps, win32.ntdef, win32.windef, win32.winnt, win32.w32api;
16
17 // FIXME: check types and grouping of constants
18 // FIXME: check Windows version support
19
20 const KERB_WRAP_NO_ENCRYPT = 0x80000001;
21
22 const LOGON_GUEST = 0x00000001;
23 const LOGON_NOENCRYPTION = 0x00000002;
24 const LOGON_CACHED_ACCOUNT = 0x00000004;
25 const LOGON_USED_LM_PASSWORD = 0x00000008;
26 const LOGON_EXTRA_SIDS = 0x00000020;
27 const LOGON_SUBAUTH_SESSION_KEY = 0x00000040;
28 const LOGON_SERVER_TRUST_ACCOUNT = 0x00000080;
29 const LOGON_NTLMV2_ENABLED = 0x00000100;
30 const LOGON_RESOURCE_GROUPS = 0x00000200;
31 const LOGON_PROFILE_PATH_RETURNED = 0x00000400;
32 const LOGON_GRACE_LOGON = 0x01000000;
33
34 enum {
35 LSA_MODE_PASSWORD_PROTECTED = 1,
36 LSA_MODE_INDIVIDUAL_ACCOUNTS,
37 LSA_MODE_MANDATORY_ACCESS,
38 LSA_MODE_LOG_FULL
39 }
40
41 bool LSA_SUCCESS(int x) { return x >= 0; }
42
43 /* TOTHINKABOUT: These constants don't have ANSI/Unicode versioned
44 * aliases. Should we merge them anyway?
45 */
46 const char[] MICROSOFT_KERBEROS_NAME_A = "Kerberos";
47 const wchar[] MICROSOFT_KERBEROS_NAME_W = "Kerberos";
48 const char[] MSV1_0_PACKAGE_NAME = "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0";
49 const wchar[] MSV1_0_PACKAGE_NAMEW = "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0";
50
51 const MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT = 32;
52 const MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT = 2048;
53 const MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = 2;
54 const MSV1_0_CRED_LM_PRESENT = 1;
55 const MSV1_0_CRED_NT_PRESENT = 2;
56 const MSV1_0_CRED_VERSION = 0;
57 const MSV1_0_DONT_TRY_GUEST_ACCOUNT = 16;
58 const MSV1_0_MAX_NTLM3_LIFE = 1800;
59 const MSV1_0_MAX_AVL_SIZE = 64000;
60 const MSV1_0_MNS_LOGON = 16777216;
61
62 const size_t
63 MSV1_0_CHALLENGE_LENGTH = 8,
64 MSV1_0_LANMAN_SESSION_KEY_LENGTH = 8,
65 MSV1_0_NTLM3_RESPONSE_LENGTH = 16,
66 MSV1_0_NTLM3_OWF_LENGTH = 16,
67 MSV1_0_NTLM3_INPUT_LENGTH = MSV1_0_NTLM3_RESPONSE.sizeof
68 - MSV1_0_NTLM3_RESPONSE_LENGTH,
69 MSV1_0_OWF_PASSWORD_LENGTH = 16,
70 MSV1_0_PACKAGE_NAMEW_LENGTH = MSV1_0_PACKAGE_NAMEW.sizeof
71 - WCHAR.sizeof;
72
73 const MSV1_0_RETURN_USER_PARAMETERS = 8;
74 const MSV1_0_RETURN_PASSWORD_EXPIRY = 64;
75 const MSV1_0_RETURN_PROFILE_PATH = 512;
76 const MSV1_0_SUBAUTHENTICATION_DLL_EX = 1048576;
77 const MSV1_0_SUBAUTHENTICATION_DLL = 0xff000000;
78 const MSV1_0_SUBAUTHENTICATION_DLL_SHIFT = 24;
79 const MSV1_0_SUBAUTHENTICATION_DLL_RAS = 2;
80 const MSV1_0_SUBAUTHENTICATION_DLL_IIS = 132;
81 const MSV1_0_SUBAUTHENTICATION_FLAGS = 0xff000000;
82 const MSV1_0_TRY_GUEST_ACCOUNT_ONLY = 256;
83 const MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY = 1024;
84 const MSV1_0_UPDATE_LOGON_STATISTICS = 4;
85 const MSV1_0_USE_CLIENT_CHALLENGE = 128;
86 const MSV1_0_USER_SESSION_KEY_LENGTH = 16;
87
88 const char[]
89 MSV1_0_SUBAUTHENTICATION_KEY
90 = `System\CurrentControlSet\Control\Lsa\MSV1_0`,
91 MSV1_0_SUBAUTHENTICATION_VALUE = "Auth";
92
93 const ACCESS_MASK
94 POLICY_VIEW_LOCAL_INFORMATION = 0x0001,
95 POLICY_VIEW_AUDIT_INFORMATION = 0x0002,
96 POLICY_GET_PRIVATE_INFORMATION = 0x0004,
97 POLICY_TRUST_ADMIN = 0x0008,
98 POLICY_CREATE_ACCOUNT = 0x0010,
99 POLICY_CREATE_SECRET = 0x0020,
100 POLICY_CREATE_PRIVILEGE = 0x0040,
101 POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x0080,
102 POLICY_SET_AUDIT_REQUIREMENTS = 0x0100,
103 POLICY_AUDIT_LOG_ADMIN = 0x0200,
104 POLICY_SERVER_ADMIN = 0x0400,
105 POLICY_LOOKUP_NAMES = 0x0800,
106
107 POLICY_READ = STANDARD_RIGHTS_READ | 0x0006,
108 POLICY_WRITE = STANDARD_RIGHTS_WRITE | 0x07F8,
109 POLICY_EXECUTE = STANDARD_RIGHTS_EXECUTE | 0x0801,
110 POLICY_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED | 0x0FFF;
111
112 const POLICY_AUDIT_EVENT_UNCHANGED = 0;
113 const POLICY_AUDIT_EVENT_SUCCESS = 1;
114 const POLICY_AUDIT_EVENT_FAILURE = 2;
115 const POLICY_AUDIT_EVENT_NONE = 4;
116 const POLICY_AUDIT_EVENT_MASK = 7;
117
118 enum {
119 POLICY_LOCATION_LOCAL = 1,
120 POLICY_LOCATION_DS
121 }
122
123 enum : uint {
124 POLICY_MACHINE_POLICY_LOCAL = 0,
125 POLICY_MACHINE_POLICY_DEFAULTED,
126 POLICY_MACHINE_POLICY_EXPLICIT,
127 POLICY_MACHINE_POLICY_UNKNOWN = 0xFFFFFFFF
128 }
129
130
131 const POLICY_QOS_SCHANEL_REQUIRED = 0x0001;
132 const POLICY_QOS_OUTBOUND_INTEGRITY = 0x0002;
133 const POLICY_QOS_OUTBOUND_CONFIDENTIALITY = 0x0004;
134 const POLICY_QOS_INBOUND_INTEGREITY = 0x0008;
135 const POLICY_QOS_INBOUND_CONFIDENTIALITY = 0x0010;
136 const POLICY_QOS_ALLOW_LOCAL_ROOT_CERT_STORE = 0x0020;
137 const POLICY_QOS_RAS_SERVER_ALLOWED = 0x0040;
138 const POLICY_QOS_DHCP_SERVER_ALLOWD = 0x0080;
139
140 const POLICY_KERBEROS_FORWARDABLE = 1;
141 const POLICY_KERBEROS_PROXYABLE = 2;
142 const POLICY_KERBEROS_RENEWABLE = 4;
143 const POLICY_KERBEROS_POSTDATEABLE = 8;
144
145 const char[]
146 SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE = "PasswordChangeNotify",
147 SAM_INIT_NOTIFICATION_ROUTINE = "InitializeChangeNotify",
148 SAM_PASSWORD_FILTER_ROUTINE = "PasswordFilter";
149
150 const TCHAR[]
151 SE_INTERACTIVE_LOGON_NAME = "SeInteractiveLogonRight",
152 SE_NETWORK_LOGON_NAME = "SeNetworkLogonRight",
153 SE_BATCH_LOGON_NAME = "SeBatchLogonRight",
154 SE_SERVICE_LOGON_NAME = "SeServiceLogonRight";
155
156 enum {
157 TRUST_ATTRIBUTE_NON_TRANSITIVE = 1,
158 TRUST_ATTRIBUTE_UPLEVEL_ONLY = 2,
159 TRUST_ATTRIBUTE_TREE_PARENT = 4194304,
160 TRUST_ATTRIBUTES_VALID = -16580609
161 }
162
163 enum {
164 TRUST_AUTH_TYPE_NONE,
165 TRUST_AUTH_TYPE_NT4OWF,
166 TRUST_AUTH_TYPE_CLEAR
167 }
168
169 enum {
170 TRUST_DIRECTION_DISABLED,
171 TRUST_DIRECTION_INBOUND,
172 TRUST_DIRECTION_OUTBOUND,
173 TRUST_DIRECTION_BIDIRECTIONAL
174 }
175
176 enum {
177 TRUST_TYPE_DOWNLEVEL = 1,
178 TRUST_TYPE_UPLEVEL,
179 TRUST_TYPE_MIT,
180 TRUST_TYPE_DCE
181 }
182
183 alias UNICODE_STRING LSA_UNICODE_STRING;
184 alias UNICODE_STRING* PLSA_UNICODE_STRING;
185 alias STRING LSA_STRING;
186 alias STRING* PLSA_STRING;
187
188 enum MSV1_0_LOGON_SUBMIT_TYPE {
189 MsV1_0InteractiveLogon = 2,
190 MsV1_0Lm20Logon,
191 MsV1_0NetworkLogon,
192 MsV1_0SubAuthLogon,
193 MsV1_0WorkstationUnlockLogon = 7
194 }
195 alias MSV1_0_LOGON_SUBMIT_TYPE* PMSV1_0_LOGON_SUBMIT_TYPE;
196
197 enum MSV1_0_PROFILE_BUFFER_TYPE {
198 MsV1_0InteractiveProfile = 2,
199 MsV1_0Lm20LogonProfile,
200 MsV1_0SmartCardProfile
201 }
202 alias MSV1_0_PROFILE_BUFFER_TYPE* PMSV1_0_PROFILE_BUFFER_TYPE;
203
204
205 enum MSV1_0_AVID {
206 MsvAvEOL,
207 MsvAvNbComputerName,
208 MsvAvNbDomainName,
209 MsvAvDnsComputerName,
210 MsvAvDnsDomainName
211 }
212
213 enum MSV1_0_PROTOCOL_MESSAGE_TYPE {
214 MsV1_0Lm20ChallengeRequest = 0,
215 MsV1_0Lm20GetChallengeResponse,
216 MsV1_0EnumerateUsers,
217 MsV1_0GetUserInfo,
218 MsV1_0ReLogonUsers,
219 MsV1_0ChangePassword,
220 MsV1_0ChangeCachedPassword,
221 MsV1_0GenericPassthrough,
222 MsV1_0CacheLogon,
223 MsV1_0SubAuth,
224 MsV1_0DeriveCredential,
225 MsV1_0CacheLookup
226 }
227 alias MSV1_0_PROTOCOL_MESSAGE_TYPE* PMSV1_0_PROTOCOL_MESSAGE_TYPE;
228
229 enum POLICY_LSA_SERVER_ROLE {
230 PolicyServerRoleBackup = 2,
231 PolicyServerRolePrimary
232 }
233 alias POLICY_LSA_SERVER_ROLE* PPOLICY_LSA_SERVER_ROLE;
234
235 enum POLICY_SERVER_ENABLE_STATE {
236 PolicyServerEnabled = 2,
237 PolicyServerDisabled
238 }
239 alias POLICY_SERVER_ENABLE_STATE* PPOLICY_SERVER_ENABLE_STATE;
240
241 enum POLICY_INFORMATION_CLASS {
242 PolicyAuditLogInformation = 1,
243 PolicyAuditEventsInformation,
244 PolicyPrimaryDomainInformation,
245 PolicyPdAccountInformation,
246 PolicyAccountDomainInformation,
247 PolicyLsaServerRoleInformation,
248 PolicyReplicaSourceInformation,
249 PolicyDefaultQuotaInformation,
250 PolicyModificationInformation,
251 PolicyAuditFullSetInformation,
252 PolicyAuditFullQueryInformation,
253 PolicyDnsDomainInformation,
254 PolicyEfsInformation
255 }
256 alias POLICY_INFORMATION_CLASS* PPOLICY_INFORMATION_CLASS;
257
258 enum POLICY_AUDIT_EVENT_TYPE {
259 AuditCategorySystem,
260 AuditCategoryLogon,
261 AuditCategoryObjectAccess,
262 AuditCategoryPrivilegeUse,
263 AuditCategoryDetailedTracking,
264 AuditCategoryPolicyChange,
265 AuditCategoryAccountManagement,
266 AuditCategoryDirectoryServiceAccess,
267 AuditCategoryAccountLogon
268 }
269 alias POLICY_AUDIT_EVENT_TYPE* PPOLICY_AUDIT_EVENT_TYPE;
270
271 enum POLICY_LOCAL_INFORMATION_CLASS {
272 PolicyLocalAuditEventsInformation = 1,
273 PolicyLocalPdAccountInformation,
274 PolicyLocalAccountDomainInformation,
275 PolicyLocalLsaServerRoleInformation,
276 PolicyLocalReplicaSourceInformation,
277 PolicyLocalModificationInformation,
278 PolicyLocalAuditFullSetInformation,
279 PolicyLocalAuditFullQueryInformation,
280 PolicyLocalDnsDomainInformation,
281 PolicyLocalIPSecReferenceInformation,
282 PolicyLocalMachinePasswordInformation,
283 PolicyLocalQualityOfServiceInformation,
284 PolicyLocalPolicyLocationInformation
285 }
286 alias POLICY_LOCAL_INFORMATION_CLASS* PPOLICY_LOCAL_INFORMATION_CLASS;
287
288 enum POLICY_DOMAIN_INFORMATION_CLASS {
289 PolicyDomainIPSecReferenceInformation = 1,
290 PolicyDomainQualityOfServiceInformation,
291 PolicyDomainEfsInformation,
292 PolicyDomainPublicKeyInformation,
293 PolicyDomainPasswordPolicyInformation,
294 PolicyDomainLockoutInformation,
295 PolicyDomainKerberosTicketInformation
296 }
297 alias POLICY_DOMAIN_INFORMATION_CLASS* PPOLICY_DOMAIN_INFORMATION_CLASS;
298
299 enum SECURITY_LOGON_TYPE {
300 Interactive = 2,
301 Network,
302 Batch,
303 Service,
304 Proxy,
305 Unlock
306 }
307 alias SECURITY_LOGON_TYPE* PSECURITY_LOGON_TYPE;
308
309 enum TRUSTED_INFORMATION_CLASS {
310 TrustedDomainNameInformation = 1,
311 TrustedControllersInformation,
312 TrustedPosixOffsetInformation,
313 TrustedPasswordInformation,
314 TrustedDomainInformationBasic,
315 TrustedDomainInformationEx,
316 TrustedDomainAuthInformation,
317 TrustedDomainFullInformation
318 }
319 alias TRUSTED_INFORMATION_CLASS* PTRUSTED_INFORMATION_CLASS;
320
321 struct DOMAIN_PASSWORD_INFORMATION {
322 USHORT MinPasswordLength;
323 USHORT PasswordHistoryLength;
324 ULONG PasswordProperties;
325 LARGE_INTEGER MaxPasswordAge;
326 LARGE_INTEGER MinPasswordAge;
327 }
328 alias DOMAIN_PASSWORD_INFORMATION* PDOMAIN_PASSWORD_INFORMATION;
329
330 struct LSA_ENUMERATION_INFORMATION {
331 PSID Sid;
332 }
333 alias LSA_ENUMERATION_INFORMATION* PLSA_ENUMERATION_INFORMATION;
334
335 alias OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES;
336 alias OBJECT_ATTRIBUTES* PLSA_OBJECT_ATTRIBUTES;
337
338 struct LSA_TRUST_INFORMATION {
339 LSA_UNICODE_STRING Name;
340 PSID Sid;
341 }
342 alias LSA_TRUST_INFORMATION TRUSTED_DOMAIN_INFORMATION_BASIC;
343 alias LSA_TRUST_INFORMATION* PLSA_TRUST_INFORMATION;
344 /* in MinGW (further down the code):
345 * typedef PLSA_TRUST_INFORMATION *PTRUSTED_DOMAIN_INFORMATION_BASIC;
346 * but it doesn't look right....
347 */
348 alias LSA_TRUST_INFORMATION** PTRUSTED_DOMAIN_INFORMATION_BASIC;
349
350 struct LSA_REFERENCED_DOMAIN_LIST {
351 ULONG Entries;
352 PLSA_TRUST_INFORMATION Domains;
353 }
354 alias LSA_REFERENCED_DOMAIN_LIST* PLSA_REFERENCED_DOMAIN_LIST;
355
356 struct LSA_TRANSLATED_SID {
357 SID_NAME_USE Use;
358 ULONG RelativeId;
359 LONG DomainIndex;
360 }
361 alias LSA_TRANSLATED_SID* PLSA_TRANSLATED_SID;
362
363 struct LSA_TRANSLATED_NAME {
364 SID_NAME_USE Use;
365 LSA_UNICODE_STRING Name;
366 LONG DomainIndex;
367 }
368 alias LSA_TRANSLATED_NAME* PLSA_TRANSLATED_NAME;
369
370 struct MSV1_0_INTERACTIVE_LOGON {
371 MSV1_0_LOGON_SUBMIT_TYPE MessageType;
372 UNICODE_STRING LogonDomainName;
373 UNICODE_STRING UserName;
374 UNICODE_STRING Password;
375 }
376 alias MSV1_0_INTERACTIVE_LOGON* PMSV1_0_INTERACTIVE_LOGON;
377
378 struct MSV1_0_INTERACTIVE_PROFILE {
379 MSV1_0_PROFILE_BUFFER_TYPE MessageType;
380 USHORT LogonCount;
381 USHORT BadPasswordCount;
382 LARGE_INTEGER LogonTime;
383 LARGE_INTEGER LogoffTime;
384 LARGE_INTEGER KickOffTime;
385 LARGE_INTEGER PasswordLastSet;
386 LARGE_INTEGER PasswordCanChange;
387 LARGE_INTEGER PasswordMustChange;
388 UNICODE_STRING LogonScript;
389 UNICODE_STRING HomeDirectory;
390 UNICODE_STRING FullName;
391 UNICODE_STRING ProfilePath;
392 UNICODE_STRING HomeDirectoryDrive;
393 UNICODE_STRING LogonServer;
394 ULONG UserFlags;
395 }
396 alias MSV1_0_INTERACTIVE_PROFILE* PMSV1_0_INTERACTIVE_PROFILE;
397
398 struct MSV1_0_LM20_LOGON {
399 MSV1_0_LOGON_SUBMIT_TYPE MessageType;
400 UNICODE_STRING LogonDomainName;
401 UNICODE_STRING UserName;
402 UNICODE_STRING Workstation;
403 UCHAR[MSV1_0_CHALLENGE_LENGTH] ChallengeToClient;
404 STRING CaseSensitiveChallengeResponse;
405 STRING CaseInsensitiveChallengeResponse;
406 ULONG ParameterControl;
407 }
408 alias MSV1_0_LM20_LOGON* PMSV1_0_LM20_LOGON;
409
410 static if (_WIN32_WINNT >= 0x500) {
411 struct MSV1_0_SUBAUTH_LOGON {
412 MSV1_0_LOGON_SUBMIT_TYPE MessageType;
413 UNICODE_STRING LogonDomainName;
414 UNICODE_STRING UserName;
415 UNICODE_STRING Workstation;
416 UCHAR[MSV1_0_CHALLENGE_LENGTH] ChallengeToClient;
417 STRING AuthenticationInfo1;
418 STRING AuthenticationInfo2;
419 ULONG ParameterControl;
420 ULONG SubAuthPackageId;
421 }
422 alias MSV1_0_SUBAUTH_LOGON* PMSV1_0_SUBAUTH_LOGON;
423 }
424
425 struct MSV1_0_LM20_LOGON_PROFILE {
426 MSV1_0_PROFILE_BUFFER_TYPE MessageType;
427 LARGE_INTEGER KickOffTime;
428 LARGE_INTEGER LogoffTime;
429 ULONG UserFlags;
430 UCHAR[MSV1_0_USER_SESSION_KEY_LENGTH] UserSessionKey;
431 UNICODE_STRING LogonDomainName;
432 UCHAR[MSV1_0_LANMAN_SESSION_KEY_LENGTH] LanmanSessionKey;
433 UNICODE_STRING LogonServer;
434 UNICODE_STRING UserParameters;
435 }
436 alias MSV1_0_LM20_LOGON_PROFILE* PMSV1_0_LM20_LOGON_PROFILE;
437
438 struct MSV1_0_SUPPLEMENTAL_CREDENTIAL {
439 ULONG Version;
440 ULONG Flags;
441 UCHAR[MSV1_0_OWF_PASSWORD_LENGTH] LmPassword;
442 UCHAR[MSV1_0_OWF_PASSWORD_LENGTH] NtPassword;
443 }
444 alias MSV1_0_SUPPLEMENTAL_CREDENTIAL* PMSV1_0_SUPPLEMENTAL_CREDENTIAL;
445
446 struct MSV1_0_NTLM3_RESPONSE {
447 UCHAR[MSV1_0_NTLM3_RESPONSE_LENGTH] Response;
448 UCHAR RespType;
449 UCHAR HiRespType;
450 USHORT Flags;
451 ULONG MsgWord;
452 ULONGLONG TimeStamp;
453 UCHAR[MSV1_0_CHALLENGE_LENGTH] ChallengeFromClient;
454 ULONG AvPairsOff;
455 UCHAR _Buffer;
456 UCHAR* Buffer() { return &_Buffer; }
457 }
458 alias MSV1_0_NTLM3_RESPONSE* PMSV1_0_NTLM3_RESPONSE;
459
460 struct MSV1_0_AV_PAIR {
461 USHORT AvId;
462 USHORT AvLen;
463 }
464 alias MSV1_0_AV_PAIR* PMSV1_0_AV_PAIR;
465
466 struct MSV1_0_CHANGEPASSWORD_REQUEST {
467 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
468 UNICODE_STRING DomainName;
469 UNICODE_STRING AccountName;
470 UNICODE_STRING OldPassword;
471 UNICODE_STRING NewPassword;
472 BOOLEAN Impersonating;
473 }
474 alias MSV1_0_CHANGEPASSWORD_REQUEST* PMSV1_0_CHANGEPASSWORD_REQUEST;
475
476 struct MSV1_0_CHANGEPASSWORD_RESPONSE {
477 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
478 BOOLEAN PasswordInfoValid;
479 DOMAIN_PASSWORD_INFORMATION DomainPasswordInfo;
480 }
481 alias MSV1_0_CHANGEPASSWORD_RESPONSE* PMSV1_0_CHANGEPASSWORD_RESPONSE;
482
483 struct MSV1_0_SUBAUTH_REQUEST {
484 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
485 ULONG SubAuthPackageId;
486 ULONG SubAuthInfoLength;
487 PUCHAR SubAuthSubmitBuffer;
488 }
489 alias MSV1_0_SUBAUTH_REQUEST* PMSV1_0_SUBAUTH_REQUEST;
490
491 struct MSV1_0_SUBAUTH_RESPONSE {
492 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
493 ULONG SubAuthInfoLength;
494 PUCHAR SubAuthReturnBuffer;
495 }
496 alias MSV1_0_SUBAUTH_RESPONSE* PMSV1_0_SUBAUTH_RESPONSE;
497
498 const MSV1_0_DERIVECRED_TYPE_SHA1 = 0;
499
500 struct MSV1_0_DERIVECRED_REQUEST {
501 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
502 LUID LogonId;
503 ULONG DeriveCredType;
504 ULONG DeriveCredInfoLength;
505 UCHAR _DeriveCredSubmitBuffer;
506 UCHAR* DeriveCredSubmitBuffer() { return &_DeriveCredSubmitBuffer; }
507 }
508 alias MSV1_0_DERIVECRED_REQUEST* PMSV1_0_DERIVECRED_REQUEST;
509
510 struct MSV1_0_DERIVECRED_RESPONSE {
511 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
512 ULONG DeriveCredInfoLength;
513 UCHAR _DeriveCredReturnBuffer;
514 UCHAR* DeriveCredReturnBuffer() { return &_DeriveCredReturnBuffer; }
515 }
516 alias MSV1_0_DERIVECRED_RESPONSE* PMSV1_0_DERIVECRED_RESPONSE;
517
518 alias uint LSA_ENUMERATION_HANDLE, LSA_OPERATIONAL_MODE,
519 POLICY_AUDIT_EVENT_OPTIONS;
520 alias uint* PLSA_ENUMERATION_HANDLE, PLSA_OPERATIONAL_MODE,
521 PPOLICY_AUDIT_EVENT_OPTIONS;
522
523 struct POLICY_PRIVILEGE_DEFINITION {
524 LSA_UNICODE_STRING Name;
525 LUID LocalValue;
526 }
527 alias POLICY_PRIVILEGE_DEFINITION* PPOLICY_PRIVILEGE_DEFINITION;
528
529 struct POLICY_AUDIT_LOG_INFO {
530 ULONG AuditLogPercentFull;
531 ULONG MaximumLogSize;
532 LARGE_INTEGER AuditRetentionPeriod;
533 BOOLEAN AuditLogFullShutdownInProgress;
534 LARGE_INTEGER TimeToShutdown;
535 ULONG NextAuditRecordId;
536 }
537 alias POLICY_AUDIT_LOG_INFO* PPOLICY_AUDIT_LOG_INFO;
538
539 struct POLICY_AUDIT_EVENTS_INFO {
540 BOOLEAN AuditingMode;
541 PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions;
542 ULONG MaximumAuditEventCount;
543 }
544 alias POLICY_AUDIT_EVENTS_INFO* PPOLICY_AUDIT_EVENTS_INFO;
545
546 struct POLICY_ACCOUNT_DOMAIN_INFO {
547 LSA_UNICODE_STRING DomainName;
548 PSID DomainSid;
549 }
550 alias POLICY_ACCOUNT_DOMAIN_INFO* PPOLICY_ACCOUNT_DOMAIN_INFO;
551
552 struct POLICY_PRIMARY_DOMAIN_INFO {
553 LSA_UNICODE_STRING Name;
554 PSID Sid;
555 }
556 alias POLICY_PRIMARY_DOMAIN_INFO* PPOLICY_PRIMARY_DOMAIN_INFO;
557
558 struct POLICY_DNS_DOMAIN_INFO {
559 LSA_UNICODE_STRING Name;
560 LSA_UNICODE_STRING DnsDomainName;
561 LSA_UNICODE_STRING DnsTreeName;
562 GUID DomainGuid;
563 PSID Sid;
564 }
565 alias POLICY_DNS_DOMAIN_INFO* PPOLICY_DNS_DOMAIN_INFO;
566
567 struct POLICY_PD_ACCOUNT_INFO {
568 LSA_UNICODE_STRING Name;
569 }
570 alias POLICY_PD_ACCOUNT_INFO* PPOLICY_PD_ACCOUNT_INFO;
571
572 struct POLICY_LSA_SERVER_ROLE_INFO {
573 POLICY_LSA_SERVER_ROLE LsaServerRole;
574 }
575 alias POLICY_LSA_SERVER_ROLE_INFO* PPOLICY_LSA_SERVER_ROLE_INFO;
576
577 struct POLICY_REPLICA_SOURCE_INFO {
578 LSA_UNICODE_STRING ReplicaSource;
579 LSA_UNICODE_STRING ReplicaAccountName;
580 }
581 alias POLICY_REPLICA_SOURCE_INFO* PPOLICY_REPLICA_SOURCE_INFO;
582
583 struct POLICY_DEFAULT_QUOTA_INFO {
584 QUOTA_LIMITS QuotaLimits;
585 }
586 alias POLICY_DEFAULT_QUOTA_INFO* PPOLICY_DEFAULT_QUOTA_INFO;
587
588 struct POLICY_MODIFICATION_INFO {
589 LARGE_INTEGER ModifiedId;
590 LARGE_INTEGER DatabaseCreationTime;
591 }
592 alias POLICY_MODIFICATION_INFO* PPOLICY_MODIFICATION_INFO;
593
594 struct POLICY_AUDIT_FULL_SET_INFO {
595 BOOLEAN ShutDownOnFull;
596 }
597 alias POLICY_AUDIT_FULL_SET_INFO* PPOLICY_AUDIT_FULL_SET_INFO;
598
599 struct POLICY_AUDIT_FULL_QUERY_INFO {
600 BOOLEAN ShutDownOnFull;
601 BOOLEAN LogIsFull;
602 }
603 alias POLICY_AUDIT_FULL_QUERY_INFO* PPOLICY_AUDIT_FULL_QUERY_INFO;
604
605 struct POLICY_EFS_INFO {
606 ULONG InfoLength;
607 PUCHAR EfsBlob;
608 }
609 alias POLICY_EFS_INFO* PPOLICY_EFS_INFO;
610
611 struct POLICY_LOCAL_IPSEC_REFERENCE_INFO {
612 LSA_UNICODE_STRING ObjectPath;
613 }
614 alias POLICY_LOCAL_IPSEC_REFERENCE_INFO* PPOLICY_LOCAL_IPSEC_REFERENCE_INFO;
615
616 struct POLICY_LOCAL_MACHINE_PASSWORD_INFO {
617 LARGE_INTEGER PasswordChangeInterval;
618 }
619 alias POLICY_LOCAL_MACHINE_PASSWORD_INFO* PPOLICY_LOCAL_MACHINE_PASSWORD_INFO;
620
621 struct POLICY_LOCAL_POLICY_LOCATION_INFO {
622 ULONG PolicyLocation;
623 }
624 alias POLICY_LOCAL_POLICY_LOCATION_INFO* PPOLICY_LOCAL_POLICY_LOCATION_INFO;
625
626 struct POLICY_LOCAL_QUALITY_OF_SERVICE_INFO{
627 ULONG QualityOfService;
628 }
629 alias POLICY_LOCAL_QUALITY_OF_SERVICE_INFO
630 POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
631 alias POLICY_LOCAL_QUALITY_OF_SERVICE_INFO*
632 PPOLICY_LOCAL_QUALITY_OF_SERVICE_INFO,
633 PPOLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
634
635 struct POLICY_DOMAIN_PUBLIC_KEY_INFO {
636 ULONG InfoLength;
637 PUCHAR PublicKeyInfo;
638 }
639 alias POLICY_DOMAIN_PUBLIC_KEY_INFO* PPOLICY_DOMAIN_PUBLIC_KEY_INFO;
640
641 struct POLICY_DOMAIN_LOCKOUT_INFO {
642 LARGE_INTEGER LockoutDuration;
643 LARGE_INTEGER LockoutObservationWindow;
644 USHORT LockoutThreshold;
645 }
646 alias POLICY_DOMAIN_LOCKOUT_INFO* PPOLICY_DOMAIN_LOCKOUT_INFO;
647
648 struct POLICY_DOMAIN_PASSWORD_INFO {
649 USHORT MinPasswordLength;
650 USHORT PasswordHistoryLength;
651 ULONG PasswordProperties;
652 LARGE_INTEGER MaxPasswordAge;
653 LARGE_INTEGER MinPasswordAge;
654 }
655 alias POLICY_DOMAIN_PASSWORD_INFO* PPOLICY_DOMAIN_PASSWORD_INFO;
656
657 struct POLICY_DOMAIN_KERBEROS_TICKET_INFO {
658 ULONG AuthenticationOptions;
659 LARGE_INTEGER MinTicketAge;
660 LARGE_INTEGER MaxTicketAge;
661 LARGE_INTEGER MaxRenewAge;
662 LARGE_INTEGER ProxyLifetime;
663 LARGE_INTEGER ForceLogoff;
664 }
665 alias POLICY_DOMAIN_KERBEROS_TICKET_INFO* PPOLICY_DOMAIN_KERBEROS_TICKET_INFO;
666
667 mixin DECLARE_HANDLE!("LSA_HANDLE");
668 alias LSA_HANDLE* PLSA_HANDLE;
669
670 struct TRUSTED_DOMAIN_NAME_INFO {
671 LSA_UNICODE_STRING Name;
672 }
673 alias TRUSTED_DOMAIN_NAME_INFO* PTRUSTED_DOMAIN_NAME_INFO;
674
675 struct TRUSTED_CONTROLLERS_INFO {
676 ULONG Entries;
677 PLSA_UNICODE_STRING Names;
678 }
679 alias TRUSTED_CONTROLLERS_INFO* PTRUSTED_CONTROLLERS_INFO;
680
681 struct TRUSTED_POSIX_OFFSET_INFO {
682 ULONG Offset;
683 }
684 alias TRUSTED_POSIX_OFFSET_INFO* PTRUSTED_POSIX_OFFSET_INFO;
685
686 struct TRUSTED_PASSWORD_INFO {
687 LSA_UNICODE_STRING Password;
688 LSA_UNICODE_STRING OldPassword;
689 }
690 alias TRUSTED_PASSWORD_INFO* PTRUSTED_PASSWORD_INFO;
691
692 struct TRUSTED_DOMAIN_INFORMATION_EX {
693 LSA_UNICODE_STRING Name;
694 LSA_UNICODE_STRING FlatName;
695 PSID Sid;
696 ULONG TrustDirection;
697 ULONG TrustType;
698 ULONG TrustAttributes;
699 }
700 alias TRUSTED_DOMAIN_INFORMATION_EX* PTRUSTED_DOMAIN_INFORMATION_EX;
701
702 struct LSA_AUTH_INFORMATION {
703 LARGE_INTEGER LastUpdateTime;
704 ULONG AuthType;
705 ULONG AuthInfoLength;
706 PUCHAR AuthInfo;
707 }
708 alias LSA_AUTH_INFORMATION* PLSA_AUTH_INFORMATION;
709
710 struct TRUSTED_DOMAIN_AUTH_INFORMATION {
711 ULONG IncomingAuthInfos;
712 PLSA_AUTH_INFORMATION IncomingAuthenticationInformation;
713 PLSA_AUTH_INFORMATION IncomingPreviousAuthenticationInformation;
714 ULONG OutgoingAuthInfos;
715 PLSA_AUTH_INFORMATION OutgoingAuthenticationInformation;
716 PLSA_AUTH_INFORMATION OutgoingPreviousAuthenticationInformation;
717 }
718 alias TRUSTED_DOMAIN_AUTH_INFORMATION* PTRUSTED_DOMAIN_AUTH_INFORMATION;
719
720 struct TRUSTED_DOMAIN_FULL_INFORMATION {
721 TRUSTED_DOMAIN_INFORMATION_EX Information;
722 TRUSTED_POSIX_OFFSET_INFO PosixOffset;
723 TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation;
724 }
725 alias TRUSTED_DOMAIN_FULL_INFORMATION* PTRUSTED_DOMAIN_FULL_INFORMATION;
726
727 extern (Windows) {
728 NTSTATUS LsaAddAccountRights(LSA_HANDLE, PSID, PLSA_UNICODE_STRING,
729 ULONG);
730 NTSTATUS LsaCallAuthenticationPackage(HANDLE, ULONG, PVOID, ULONG,
731 PVOID*, PULONG, PNTSTATUS);
732 NTSTATUS LsaClose(LSA_HANDLE);
733 NTSTATUS LsaConnectUntrusted(PHANDLE);
734 NTSTATUS LsaCreateTrustedDomainEx(LSA_HANDLE,
735 PTRUSTED_DOMAIN_INFORMATION_EX, PTRUSTED_DOMAIN_AUTH_INFORMATION,
736 ACCESS_MASK, PLSA_HANDLE);
737 NTSTATUS LsaDeleteTrustedDomain(LSA_HANDLE, PSID);
738 NTSTATUS LsaDeregisterLogonProcess(HANDLE);
739 NTSTATUS LsaEnumerateAccountRights(LSA_HANDLE, PSID, PLSA_UNICODE_STRING*,
740 PULONG);
741 NTSTATUS LsaEnumerateAccountsWithUserRight(LSA_HANDLE,
742 PLSA_UNICODE_STRING, PVOID*, PULONG);
743 NTSTATUS LsaEnumerateTrustedDomains(LSA_HANDLE, PLSA_ENUMERATION_HANDLE,
744 PVOID*, ULONG, PULONG);
745 NTSTATUS LsaEnumerateTrustedDomainsEx(LSA_HANDLE, PLSA_ENUMERATION_HANDLE,
746 TRUSTED_INFORMATION_CLASS, PVOID*, ULONG, PULONG);
747 NTSTATUS LsaFreeMemory(PVOID);
748 NTSTATUS LsaFreeReturnBuffer(PVOID);
749 NTSTATUS LsaLogonUser(HANDLE, PLSA_STRING, SECURITY_LOGON_TYPE, ULONG,
750 PVOID, ULONG, PTOKEN_GROUPS, PTOKEN_SOURCE, PVOID*, PULONG, PLUID,
751 PHANDLE, PQUOTA_LIMITS, PNTSTATUS);
752 NTSTATUS LsaLookupAuthenticationPackage(HANDLE, PLSA_STRING, PULONG);
753 NTSTATUS LsaLookupNames(LSA_HANDLE, ULONG, PLSA_UNICODE_STRING,
754 PLSA_REFERENCED_DOMAIN_LIST*, PLSA_TRANSLATED_SID*);
755 NTSTATUS LsaLookupSids(LSA_HANDLE, ULONG, PSID*,
756 PLSA_REFERENCED_DOMAIN_LIST*, PLSA_TRANSLATED_NAME*);
757 ULONG LsaNtStatusToWinError(NTSTATUS);
758 NTSTATUS LsaOpenPolicy(PLSA_UNICODE_STRING, PLSA_OBJECT_ATTRIBUTES,
759 ACCESS_MASK, PLSA_HANDLE);
760 NTSTATUS LsaQueryDomainInformationPolicy(LSA_HANDLE,
761 POLICY_DOMAIN_INFORMATION_CLASS, PVOID*);
762 NTSTATUS LsaQueryInformationPolicy(LSA_HANDLE, POLICY_INFORMATION_CLASS,
763 PVOID*);
764 NTSTATUS LsaQueryLocalInformationPolicy(LSA_HANDLE,
765 POLICY_LOCAL_INFORMATION_CLASS, PVOID*);
766 NTSTATUS LsaQueryTrustedDomainInfo(LSA_HANDLE, PSID,
767 TRUSTED_INFORMATION_CLASS, PVOID*);
768 NTSTATUS LsaQueryTrustedDomainInfoByName(LSA_HANDLE, PLSA_UNICODE_STRING,
769 TRUSTED_INFORMATION_CLASS, PVOID*);
770 NTSTATUS LsaRegisterLogonProcess(PLSA_STRING, PHANDLE,
771 PLSA_OPERATIONAL_MODE);
772 NTSTATUS LsaRemoveAccountRights(LSA_HANDLE, PSID, BOOLEAN,
773 PLSA_UNICODE_STRING, ULONG);
774 NTSTATUS LsaRetrievePrivateData(LSA_HANDLE, PLSA_UNICODE_STRING,
775 PLSA_UNICODE_STRING*);
776 NTSTATUS LsaSetDomainInformationPolicy(LSA_HANDLE,
777 POLICY_DOMAIN_INFORMATION_CLASS, PVOID);
778 NTSTATUS LsaSetInformationPolicy(LSA_HANDLE, POLICY_INFORMATION_CLASS,
779 PVOID);
780 NTSTATUS LsaSetLocalInformationPolicy(LSA_HANDLE,
781 POLICY_LOCAL_INFORMATION_CLASS, PVOID);
782 NTSTATUS LsaSetTrustedDomainInformation(LSA_HANDLE, PSID,
783 TRUSTED_INFORMATION_CLASS, PVOID);
784 NTSTATUS LsaSetTrustedDomainInfoByName(LSA_HANDLE, PLSA_UNICODE_STRING,
785 TRUSTED_INFORMATION_CLASS, PVOID);
786 NTSTATUS LsaStorePrivateData(LSA_HANDLE, PLSA_UNICODE_STRING,
787 PLSA_UNICODE_STRING);
788 }
789
790 alias NTSTATUS function(PUNICODE_STRING, ULONG, PUNICODE_STRING)
791 PSAM_PASSWORD_NOTIFICATION_ROUTINE;
792 alias BOOLEAN function() PSAM_INIT_NOTIFICATION_ROUTINE;
793 alias BOOLEAN function(PUNICODE_STRING, PUNICODE_STRING,
794 PUNICODE_STRING, BOOLEAN) PSAM_PASSWORD_FILTER_ROUTINE;