1 /**
2  * Windows API header module
3  *
4  * Translated from MinGW Windows headers
5  *
6  * Authors: Stewart Gordon
7  * License: $(LINK2 http://www.boost.org/LICENSE_1_0.txt, Boost License 1.0)
8  * Source: $(DRUNTIMESRC core/sys/windows/_ntsecapi.d)
9  */
10 module core.sys.windows.ntsecapi;
11 version (Windows):
12 pragma(lib, "advapi32");
13 
14 version (ANSI) {} else version = Unicode;
15 
16 private import
17   core.sys.windows.basetyps, core.sys.windows.ntdef, core.sys.windows.windef, core.sys.windows.winnt, core.sys.windows.w32api;
18 
19 // FIXME: check types and grouping of constants
20 // FIXME: check Windows version support
21 
22 enum KERB_WRAP_NO_ENCRYPT        = 0x80000001;
23 
24 enum LOGON_GUEST                 = 0x00000001;
25 enum LOGON_NOENCRYPTION          = 0x00000002;
26 enum LOGON_CACHED_ACCOUNT        = 0x00000004;
27 enum LOGON_USED_LM_PASSWORD      = 0x00000008;
28 enum LOGON_EXTRA_SIDS            = 0x00000020;
29 enum LOGON_SUBAUTH_SESSION_KEY   = 0x00000040;
30 enum LOGON_SERVER_TRUST_ACCOUNT  = 0x00000080;
31 enum LOGON_NTLMV2_ENABLED        = 0x00000100;
32 enum LOGON_RESOURCE_GROUPS       = 0x00000200;
33 enum LOGON_PROFILE_PATH_RETURNED = 0x00000400;
34 enum LOGON_GRACE_LOGON           = 0x01000000;
35 
36 enum {
37     LSA_MODE_PASSWORD_PROTECTED = 1,
38     LSA_MODE_INDIVIDUAL_ACCOUNTS,
39     LSA_MODE_MANDATORY_ACCESS,
40     LSA_MODE_LOG_FULL
41 }
42 
43 bool LSA_SUCCESS(int x) { return x >= 0; }
44 
45 /*  TOTHINKABOUT: These constants don't have ANSI/Unicode versioned
46  *  aliases.  Should we merge them anyway?
47  */
48 const char[]  MICROSOFT_KERBEROS_NAME_A = "Kerberos";
49 const wchar[] MICROSOFT_KERBEROS_NAME_W = "Kerberos";
50 const char[]  MSV1_0_PACKAGE_NAME  = "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0";
51 const wchar[] MSV1_0_PACKAGE_NAMEW = "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0";
52 
53 enum MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT      =       32;
54 enum MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT =     2048;
55 enum MSV1_0_CLEARTEXT_PASSWORD_ALLOWED      =        2;
56 enum MSV1_0_CRED_LM_PRESENT                 =        1;
57 enum MSV1_0_CRED_NT_PRESENT                 =        2;
58 enum MSV1_0_CRED_VERSION                    =        0;
59 enum MSV1_0_DONT_TRY_GUEST_ACCOUNT          =       16;
60 enum MSV1_0_MAX_NTLM3_LIFE                  =     1800;
61 enum MSV1_0_MAX_AVL_SIZE                    =    64000;
62 enum MSV1_0_MNS_LOGON                       = 16777216;
63 
64 enum size_t
65     MSV1_0_CHALLENGE_LENGTH          = 8,
66     MSV1_0_LANMAN_SESSION_KEY_LENGTH = 8,
67     MSV1_0_NTLM3_RESPONSE_LENGTH     = 16,
68     MSV1_0_NTLM3_OWF_LENGTH          = 16,
69     MSV1_0_NTLM3_INPUT_LENGTH        = MSV1_0_NTLM3_RESPONSE.sizeof
70                                        - MSV1_0_NTLM3_RESPONSE_LENGTH,
71     MSV1_0_OWF_PASSWORD_LENGTH       = 16,
72     MSV1_0_PACKAGE_NAMEW_LENGTH      = MSV1_0_PACKAGE_NAMEW.sizeof
73                                        - WCHAR.sizeof;
74 
75 enum MSV1_0_RETURN_USER_PARAMETERS      =          8;
76 enum MSV1_0_RETURN_PASSWORD_EXPIRY      =         64;
77 enum MSV1_0_RETURN_PROFILE_PATH         =        512;
78 enum MSV1_0_SUBAUTHENTICATION_DLL_EX    =    1048576;
79 enum MSV1_0_SUBAUTHENTICATION_DLL       = 0xff000000;
80 enum MSV1_0_SUBAUTHENTICATION_DLL_SHIFT =         24;
81 enum MSV1_0_SUBAUTHENTICATION_DLL_RAS   =          2;
82 enum MSV1_0_SUBAUTHENTICATION_DLL_IIS   =        132;
83 enum MSV1_0_SUBAUTHENTICATION_FLAGS     = 0xff000000;
84 enum MSV1_0_TRY_GUEST_ACCOUNT_ONLY      =        256;
85 enum MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY   =       1024;
86 enum MSV1_0_UPDATE_LOGON_STATISTICS     =          4;
87 enum MSV1_0_USE_CLIENT_CHALLENGE        =        128;
88 enum MSV1_0_USER_SESSION_KEY_LENGTH     =         16;
89 
90 const char[]
91     MSV1_0_SUBAUTHENTICATION_KEY
92       = `System\CurrentControlSet\Control\Lsa\MSV1_0`,
93     MSV1_0_SUBAUTHENTICATION_VALUE = "Auth";
94 
95 enum ACCESS_MASK
96     POLICY_VIEW_LOCAL_INFORMATION   = 0x0001,
97     POLICY_VIEW_AUDIT_INFORMATION   = 0x0002,
98     POLICY_GET_PRIVATE_INFORMATION  = 0x0004,
99     POLICY_TRUST_ADMIN              = 0x0008,
100     POLICY_CREATE_ACCOUNT           = 0x0010,
101     POLICY_CREATE_SECRET            = 0x0020,
102     POLICY_CREATE_PRIVILEGE         = 0x0040,
103     POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x0080,
104     POLICY_SET_AUDIT_REQUIREMENTS   = 0x0100,
105     POLICY_AUDIT_LOG_ADMIN          = 0x0200,
106     POLICY_SERVER_ADMIN             = 0x0400,
107     POLICY_LOOKUP_NAMES             = 0x0800,
108 
109     POLICY_READ                     = STANDARD_RIGHTS_READ     | 0x0006,
110     POLICY_WRITE                    = STANDARD_RIGHTS_WRITE    | 0x07F8,
111     POLICY_EXECUTE                  = STANDARD_RIGHTS_EXECUTE  | 0x0801,
112     POLICY_ALL_ACCESS               = STANDARD_RIGHTS_REQUIRED | 0x0FFF;
113 
114 enum POLICY_AUDIT_EVENT_UNCHANGED = 0;
115 enum POLICY_AUDIT_EVENT_SUCCESS   = 1;
116 enum POLICY_AUDIT_EVENT_FAILURE   = 2;
117 enum POLICY_AUDIT_EVENT_NONE      = 4;
118 enum POLICY_AUDIT_EVENT_MASK      = 7;
119 
120 enum {
121     POLICY_LOCATION_LOCAL = 1,
122     POLICY_LOCATION_DS
123 }
124 
125 enum : uint {
126     POLICY_MACHINE_POLICY_LOCAL     =          0,
127     POLICY_MACHINE_POLICY_DEFAULTED,
128     POLICY_MACHINE_POLICY_EXPLICIT,
129     POLICY_MACHINE_POLICY_UNKNOWN   = 0xFFFFFFFF
130 }
131 
132 
133 enum POLICY_QOS_SCHANEL_REQUIRED            = 0x0001;
134 enum POLICY_QOS_OUTBOUND_INTEGRITY          = 0x0002;
135 enum POLICY_QOS_OUTBOUND_CONFIDENTIALITY    = 0x0004;
136 enum POLICY_QOS_INBOUND_INTEGREITY          = 0x0008;
137 enum POLICY_QOS_INBOUND_CONFIDENTIALITY     = 0x0010;
138 enum POLICY_QOS_ALLOW_LOCAL_ROOT_CERT_STORE = 0x0020;
139 enum POLICY_QOS_RAS_SERVER_ALLOWED          = 0x0040;
140 enum POLICY_QOS_DHCP_SERVER_ALLOWD          = 0x0080;
141 
142 enum POLICY_KERBEROS_FORWARDABLE  = 1;
143 enum POLICY_KERBEROS_PROXYABLE    = 2;
144 enum POLICY_KERBEROS_RENEWABLE    = 4;
145 enum POLICY_KERBEROS_POSTDATEABLE = 8;
146 
147 const char[]
148     SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE = "PasswordChangeNotify",
149     SAM_INIT_NOTIFICATION_ROUTINE      = "InitializeChangeNotify",
150     SAM_PASSWORD_FILTER_ROUTINE        = "PasswordFilter";
151 
152 const TCHAR[]
153     SE_INTERACTIVE_LOGON_NAME          = "SeInteractiveLogonRight",
154     SE_NETWORK_LOGON_NAME              = "SeNetworkLogonRight",
155     SE_BATCH_LOGON_NAME                = "SeBatchLogonRight",
156     SE_SERVICE_LOGON_NAME              = "SeServiceLogonRight";
157 
158 enum {
159     TRUST_ATTRIBUTE_NON_TRANSITIVE =         1,
160     TRUST_ATTRIBUTE_UPLEVEL_ONLY   =         2,
161     TRUST_ATTRIBUTE_TREE_PARENT    =   4194304,
162     TRUST_ATTRIBUTES_VALID         = -16580609
163 }
164 
165 enum {
166     TRUST_AUTH_TYPE_NONE,
167     TRUST_AUTH_TYPE_NT4OWF,
168     TRUST_AUTH_TYPE_CLEAR
169 }
170 
171 enum {
172     TRUST_DIRECTION_DISABLED,
173     TRUST_DIRECTION_INBOUND,
174     TRUST_DIRECTION_OUTBOUND,
175     TRUST_DIRECTION_BIDIRECTIONAL
176 }
177 
178 enum {
179     TRUST_TYPE_DOWNLEVEL = 1,
180     TRUST_TYPE_UPLEVEL,
181     TRUST_TYPE_MIT,
182     TRUST_TYPE_DCE
183 }
184 
185 alias UNICODE_STRING LSA_UNICODE_STRING;
186 alias UNICODE_STRING* PLSA_UNICODE_STRING;
187 alias STRING LSA_STRING;
188 alias STRING* PLSA_STRING;
189 
190 enum MSV1_0_LOGON_SUBMIT_TYPE {
191     MsV1_0InteractiveLogon       = 2,
192     MsV1_0Lm20Logon,
193     MsV1_0NetworkLogon,
194     MsV1_0SubAuthLogon,
195     MsV1_0WorkstationUnlockLogon = 7
196 }
197 alias MSV1_0_LOGON_SUBMIT_TYPE* PMSV1_0_LOGON_SUBMIT_TYPE;
198 
199 enum MSV1_0_PROFILE_BUFFER_TYPE {
200     MsV1_0InteractiveProfile = 2,
201     MsV1_0Lm20LogonProfile,
202     MsV1_0SmartCardProfile
203 }
204 alias MSV1_0_PROFILE_BUFFER_TYPE* PMSV1_0_PROFILE_BUFFER_TYPE;
205 
206 
207 enum MSV1_0_AVID {
208     MsvAvEOL,
209     MsvAvNbComputerName,
210     MsvAvNbDomainName,
211     MsvAvDnsComputerName,
212     MsvAvDnsDomainName
213 }
214 
215 enum MSV1_0_PROTOCOL_MESSAGE_TYPE {
216     MsV1_0Lm20ChallengeRequest = 0,
217     MsV1_0Lm20GetChallengeResponse,
218     MsV1_0EnumerateUsers,
219     MsV1_0GetUserInfo,
220     MsV1_0ReLogonUsers,
221     MsV1_0ChangePassword,
222     MsV1_0ChangeCachedPassword,
223     MsV1_0GenericPassthrough,
224     MsV1_0CacheLogon,
225     MsV1_0SubAuth,
226     MsV1_0DeriveCredential,
227     MsV1_0CacheLookup
228 }
229 alias MSV1_0_PROTOCOL_MESSAGE_TYPE* PMSV1_0_PROTOCOL_MESSAGE_TYPE;
230 
231 enum POLICY_LSA_SERVER_ROLE {
232     PolicyServerRoleBackup = 2,
233     PolicyServerRolePrimary
234 }
235 alias POLICY_LSA_SERVER_ROLE* PPOLICY_LSA_SERVER_ROLE;
236 
237 enum POLICY_SERVER_ENABLE_STATE {
238     PolicyServerEnabled = 2,
239     PolicyServerDisabled
240 }
241 alias POLICY_SERVER_ENABLE_STATE* PPOLICY_SERVER_ENABLE_STATE;
242 
243 enum POLICY_INFORMATION_CLASS {
244     PolicyAuditLogInformation = 1,
245     PolicyAuditEventsInformation,
246     PolicyPrimaryDomainInformation,
247     PolicyPdAccountInformation,
248     PolicyAccountDomainInformation,
249     PolicyLsaServerRoleInformation,
250     PolicyReplicaSourceInformation,
251     PolicyDefaultQuotaInformation,
252     PolicyModificationInformation,
253     PolicyAuditFullSetInformation,
254     PolicyAuditFullQueryInformation,
255     PolicyDnsDomainInformation,
256     PolicyEfsInformation
257 }
258 alias POLICY_INFORMATION_CLASS* PPOLICY_INFORMATION_CLASS;
259 
260 enum POLICY_AUDIT_EVENT_TYPE {
261     AuditCategorySystem,
262     AuditCategoryLogon,
263     AuditCategoryObjectAccess,
264     AuditCategoryPrivilegeUse,
265     AuditCategoryDetailedTracking,
266     AuditCategoryPolicyChange,
267     AuditCategoryAccountManagement,
268     AuditCategoryDirectoryServiceAccess,
269     AuditCategoryAccountLogon
270 }
271 alias POLICY_AUDIT_EVENT_TYPE* PPOLICY_AUDIT_EVENT_TYPE;
272 
273 enum POLICY_LOCAL_INFORMATION_CLASS {
274     PolicyLocalAuditEventsInformation = 1,
275     PolicyLocalPdAccountInformation,
276     PolicyLocalAccountDomainInformation,
277     PolicyLocalLsaServerRoleInformation,
278     PolicyLocalReplicaSourceInformation,
279     PolicyLocalModificationInformation,
280     PolicyLocalAuditFullSetInformation,
281     PolicyLocalAuditFullQueryInformation,
282     PolicyLocalDnsDomainInformation,
283     PolicyLocalIPSecReferenceInformation,
284     PolicyLocalMachinePasswordInformation,
285     PolicyLocalQualityOfServiceInformation,
286     PolicyLocalPolicyLocationInformation
287 }
288 alias POLICY_LOCAL_INFORMATION_CLASS* PPOLICY_LOCAL_INFORMATION_CLASS;
289 
290 enum POLICY_DOMAIN_INFORMATION_CLASS {
291     PolicyDomainIPSecReferenceInformation = 1,
292     PolicyDomainQualityOfServiceInformation,
293     PolicyDomainEfsInformation,
294     PolicyDomainPublicKeyInformation,
295     PolicyDomainPasswordPolicyInformation,
296     PolicyDomainLockoutInformation,
297     PolicyDomainKerberosTicketInformation
298 }
299 alias POLICY_DOMAIN_INFORMATION_CLASS* PPOLICY_DOMAIN_INFORMATION_CLASS;
300 
301 enum SECURITY_LOGON_TYPE {
302     Interactive = 2,
303     Network,
304     Batch,
305     Service,
306     Proxy,
307     Unlock
308 }
309 alias SECURITY_LOGON_TYPE* PSECURITY_LOGON_TYPE;
310 
311 enum TRUSTED_INFORMATION_CLASS {
312     TrustedDomainNameInformation = 1,
313     TrustedControllersInformation,
314     TrustedPosixOffsetInformation,
315     TrustedPasswordInformation,
316     TrustedDomainInformationBasic,
317     TrustedDomainInformationEx,
318     TrustedDomainAuthInformation,
319     TrustedDomainFullInformation
320 }
321 alias TRUSTED_INFORMATION_CLASS* PTRUSTED_INFORMATION_CLASS;
322 
323 struct DOMAIN_PASSWORD_INFORMATION {
324     USHORT        MinPasswordLength;
325     USHORT        PasswordHistoryLength;
326     ULONG         PasswordProperties;
327     LARGE_INTEGER MaxPasswordAge;
328     LARGE_INTEGER MinPasswordAge;
329 }
330 alias DOMAIN_PASSWORD_INFORMATION* PDOMAIN_PASSWORD_INFORMATION;
331 
332 struct LSA_ENUMERATION_INFORMATION {
333     PSID Sid;
334 }
335 alias LSA_ENUMERATION_INFORMATION* PLSA_ENUMERATION_INFORMATION;
336 
337 alias OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES;
338 alias OBJECT_ATTRIBUTES* PLSA_OBJECT_ATTRIBUTES;
339 
340 struct LSA_TRUST_INFORMATION {
341     LSA_UNICODE_STRING Name;
342     PSID               Sid;
343 }
344 alias LSA_TRUST_INFORMATION TRUSTED_DOMAIN_INFORMATION_BASIC;
345 alias LSA_TRUST_INFORMATION* PLSA_TRUST_INFORMATION;
346 /*  in MinGW (further down the code):
347  *      typedef PLSA_TRUST_INFORMATION *PTRUSTED_DOMAIN_INFORMATION_BASIC;
348  *  but it doesn't look right....
349  */
350 alias LSA_TRUST_INFORMATION** PTRUSTED_DOMAIN_INFORMATION_BASIC;
351 
352 struct LSA_REFERENCED_DOMAIN_LIST {
353     ULONG                  Entries;
354     PLSA_TRUST_INFORMATION Domains;
355 }
356 alias LSA_REFERENCED_DOMAIN_LIST* PLSA_REFERENCED_DOMAIN_LIST;
357 
358 struct LSA_TRANSLATED_SID {
359     SID_NAME_USE Use;
360     ULONG        RelativeId;
361     LONG         DomainIndex;
362 }
363 alias LSA_TRANSLATED_SID* PLSA_TRANSLATED_SID;
364 
365 struct LSA_TRANSLATED_NAME {
366     SID_NAME_USE       Use;
367     LSA_UNICODE_STRING Name;
368     LONG               DomainIndex;
369 }
370 alias LSA_TRANSLATED_NAME* PLSA_TRANSLATED_NAME;
371 
372 struct MSV1_0_INTERACTIVE_LOGON {
373     MSV1_0_LOGON_SUBMIT_TYPE MessageType;
374     UNICODE_STRING           LogonDomainName;
375     UNICODE_STRING           UserName;
376     UNICODE_STRING           Password;
377 }
378 alias MSV1_0_INTERACTIVE_LOGON* PMSV1_0_INTERACTIVE_LOGON;
379 
380 struct MSV1_0_INTERACTIVE_PROFILE {
381     MSV1_0_PROFILE_BUFFER_TYPE MessageType;
382     USHORT                     LogonCount;
383     USHORT                     BadPasswordCount;
384     LARGE_INTEGER              LogonTime;
385     LARGE_INTEGER              LogoffTime;
386     LARGE_INTEGER              KickOffTime;
387     LARGE_INTEGER              PasswordLastSet;
388     LARGE_INTEGER              PasswordCanChange;
389     LARGE_INTEGER              PasswordMustChange;
390     UNICODE_STRING             LogonScript;
391     UNICODE_STRING             HomeDirectory;
392     UNICODE_STRING             FullName;
393     UNICODE_STRING             ProfilePath;
394     UNICODE_STRING             HomeDirectoryDrive;
395     UNICODE_STRING             LogonServer;
396     ULONG                      UserFlags;
397 }
398 alias MSV1_0_INTERACTIVE_PROFILE* PMSV1_0_INTERACTIVE_PROFILE;
399 
400 struct MSV1_0_LM20_LOGON {
401     MSV1_0_LOGON_SUBMIT_TYPE       MessageType;
402     UNICODE_STRING                 LogonDomainName;
403     UNICODE_STRING                 UserName;
404     UNICODE_STRING                 Workstation;
405     UCHAR[MSV1_0_CHALLENGE_LENGTH] ChallengeToClient;
406     STRING                         CaseSensitiveChallengeResponse;
407     STRING                         CaseInsensitiveChallengeResponse;
408     ULONG                          ParameterControl;
409 }
410 alias MSV1_0_LM20_LOGON* PMSV1_0_LM20_LOGON;
411 
412 //static if (_WIN32_WINNT >= 0x500) {
413     struct MSV1_0_SUBAUTH_LOGON {
414         MSV1_0_LOGON_SUBMIT_TYPE       MessageType;
415         UNICODE_STRING                 LogonDomainName;
416         UNICODE_STRING                 UserName;
417         UNICODE_STRING                 Workstation;
418         UCHAR[MSV1_0_CHALLENGE_LENGTH] ChallengeToClient;
419         STRING                         AuthenticationInfo1;
420         STRING                         AuthenticationInfo2;
421         ULONG                          ParameterControl;
422         ULONG                          SubAuthPackageId;
423     }
424     alias MSV1_0_SUBAUTH_LOGON* PMSV1_0_SUBAUTH_LOGON;
425 //}
426 
427 struct MSV1_0_LM20_LOGON_PROFILE {
428     MSV1_0_PROFILE_BUFFER_TYPE              MessageType;
429     LARGE_INTEGER                           KickOffTime;
430     LARGE_INTEGER                           LogoffTime;
431     ULONG                                   UserFlags;
432     UCHAR[MSV1_0_USER_SESSION_KEY_LENGTH]   UserSessionKey;
433     UNICODE_STRING                          LogonDomainName;
434     UCHAR[MSV1_0_LANMAN_SESSION_KEY_LENGTH] LanmanSessionKey;
435     UNICODE_STRING                          LogonServer;
436     UNICODE_STRING                          UserParameters;
437 }
438 alias MSV1_0_LM20_LOGON_PROFILE* PMSV1_0_LM20_LOGON_PROFILE;
439 
440 struct MSV1_0_SUPPLEMENTAL_CREDENTIAL {
441     ULONG Version;
442     ULONG Flags;
443     UCHAR[MSV1_0_OWF_PASSWORD_LENGTH] LmPassword;
444     UCHAR[MSV1_0_OWF_PASSWORD_LENGTH] NtPassword;
445 }
446 alias MSV1_0_SUPPLEMENTAL_CREDENTIAL* PMSV1_0_SUPPLEMENTAL_CREDENTIAL;
447 
448 struct MSV1_0_NTLM3_RESPONSE {
449     UCHAR[MSV1_0_NTLM3_RESPONSE_LENGTH] Response;
450     UCHAR     RespType;
451     UCHAR     HiRespType;
452     USHORT    Flags;
453     ULONG     MsgWord;
454     ULONGLONG TimeStamp;
455     UCHAR[MSV1_0_CHALLENGE_LENGTH]      ChallengeFromClient;
456     ULONG     AvPairsOff;
457     UCHAR     _Buffer;
458     UCHAR*    Buffer() return { return &_Buffer; }
459 }
460 alias MSV1_0_NTLM3_RESPONSE* PMSV1_0_NTLM3_RESPONSE;
461 
462 struct  MSV1_0_AV_PAIR {
463     USHORT AvId;
464     USHORT AvLen;
465 }
466 alias MSV1_0_AV_PAIR* PMSV1_0_AV_PAIR;
467 
468 struct MSV1_0_CHANGEPASSWORD_REQUEST {
469     MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
470     UNICODE_STRING DomainName;
471     UNICODE_STRING AccountName;
472     UNICODE_STRING OldPassword;
473     UNICODE_STRING NewPassword;
474     BOOLEAN        Impersonating;
475 }
476 alias MSV1_0_CHANGEPASSWORD_REQUEST* PMSV1_0_CHANGEPASSWORD_REQUEST;
477 
478 struct MSV1_0_CHANGEPASSWORD_RESPONSE {
479     MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
480     BOOLEAN                      PasswordInfoValid;
481     DOMAIN_PASSWORD_INFORMATION  DomainPasswordInfo;
482 }
483 alias MSV1_0_CHANGEPASSWORD_RESPONSE* PMSV1_0_CHANGEPASSWORD_RESPONSE;
484 
485 struct MSV1_0_SUBAUTH_REQUEST {
486     MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
487     ULONG  SubAuthPackageId;
488     ULONG  SubAuthInfoLength;
489     PUCHAR SubAuthSubmitBuffer;
490 }
491 alias MSV1_0_SUBAUTH_REQUEST* PMSV1_0_SUBAUTH_REQUEST;
492 
493 struct MSV1_0_SUBAUTH_RESPONSE {
494     MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
495     ULONG  SubAuthInfoLength;
496     PUCHAR SubAuthReturnBuffer;
497 }
498 alias MSV1_0_SUBAUTH_RESPONSE* PMSV1_0_SUBAUTH_RESPONSE;
499 
500 enum MSV1_0_DERIVECRED_TYPE_SHA1 = 0;
501 
502 struct MSV1_0_DERIVECRED_REQUEST {
503     MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
504     LUID   LogonId;
505     ULONG  DeriveCredType;
506     ULONG  DeriveCredInfoLength;
507     UCHAR  _DeriveCredSubmitBuffer;
508     UCHAR* DeriveCredSubmitBuffer() return { return &_DeriveCredSubmitBuffer; }
509 }
510 alias MSV1_0_DERIVECRED_REQUEST* PMSV1_0_DERIVECRED_REQUEST;
511 
512 struct MSV1_0_DERIVECRED_RESPONSE {
513     MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
514     ULONG  DeriveCredInfoLength;
515     UCHAR  _DeriveCredReturnBuffer;
516     UCHAR* DeriveCredReturnBuffer() return { return &_DeriveCredReturnBuffer; }
517 }
518 alias MSV1_0_DERIVECRED_RESPONSE* PMSV1_0_DERIVECRED_RESPONSE;
519 
520 alias uint LSA_ENUMERATION_HANDLE, LSA_OPERATIONAL_MODE,
521   POLICY_AUDIT_EVENT_OPTIONS;
522 alias uint* PLSA_ENUMERATION_HANDLE, PLSA_OPERATIONAL_MODE,
523   PPOLICY_AUDIT_EVENT_OPTIONS;
524 
525 struct POLICY_PRIVILEGE_DEFINITION {
526     LSA_UNICODE_STRING Name;
527     LUID LocalValue;
528 }
529 alias POLICY_PRIVILEGE_DEFINITION* PPOLICY_PRIVILEGE_DEFINITION;
530 
531 struct POLICY_AUDIT_LOG_INFO {
532     ULONG         AuditLogPercentFull;
533     ULONG         MaximumLogSize;
534     LARGE_INTEGER AuditRetentionPeriod;
535     BOOLEAN       AuditLogFullShutdownInProgress;
536     LARGE_INTEGER TimeToShutdown;
537     ULONG         NextAuditRecordId;
538 }
539 alias POLICY_AUDIT_LOG_INFO* PPOLICY_AUDIT_LOG_INFO;
540 
541 struct POLICY_AUDIT_EVENTS_INFO {
542     BOOLEAN                     AuditingMode;
543     PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions;
544     ULONG                       MaximumAuditEventCount;
545 }
546 alias POLICY_AUDIT_EVENTS_INFO* PPOLICY_AUDIT_EVENTS_INFO;
547 
548 struct POLICY_ACCOUNT_DOMAIN_INFO {
549     LSA_UNICODE_STRING DomainName;
550     PSID               DomainSid;
551 }
552 alias POLICY_ACCOUNT_DOMAIN_INFO* PPOLICY_ACCOUNT_DOMAIN_INFO;
553 
554 struct POLICY_PRIMARY_DOMAIN_INFO {
555     LSA_UNICODE_STRING Name;
556     PSID               Sid;
557 }
558 alias POLICY_PRIMARY_DOMAIN_INFO* PPOLICY_PRIMARY_DOMAIN_INFO;
559 
560 struct POLICY_DNS_DOMAIN_INFO {
561     LSA_UNICODE_STRING Name;
562     LSA_UNICODE_STRING DnsDomainName;
563     LSA_UNICODE_STRING DnsTreeName;
564     GUID               DomainGuid;
565     PSID               Sid;
566 }
567 alias POLICY_DNS_DOMAIN_INFO* PPOLICY_DNS_DOMAIN_INFO;
568 
569 struct POLICY_PD_ACCOUNT_INFO {
570     LSA_UNICODE_STRING Name;
571 }
572 alias POLICY_PD_ACCOUNT_INFO* PPOLICY_PD_ACCOUNT_INFO;
573 
574 struct POLICY_LSA_SERVER_ROLE_INFO {
575     POLICY_LSA_SERVER_ROLE LsaServerRole;
576 }
577 alias POLICY_LSA_SERVER_ROLE_INFO* PPOLICY_LSA_SERVER_ROLE_INFO;
578 
579 struct POLICY_REPLICA_SOURCE_INFO {
580     LSA_UNICODE_STRING ReplicaSource;
581     LSA_UNICODE_STRING ReplicaAccountName;
582 }
583 alias POLICY_REPLICA_SOURCE_INFO* PPOLICY_REPLICA_SOURCE_INFO;
584 
585 struct POLICY_DEFAULT_QUOTA_INFO {
586     QUOTA_LIMITS QuotaLimits;
587 }
588 alias POLICY_DEFAULT_QUOTA_INFO* PPOLICY_DEFAULT_QUOTA_INFO;
589 
590 struct POLICY_MODIFICATION_INFO {
591     LARGE_INTEGER ModifiedId;
592     LARGE_INTEGER DatabaseCreationTime;
593 }
594 alias POLICY_MODIFICATION_INFO* PPOLICY_MODIFICATION_INFO;
595 
596 struct POLICY_AUDIT_FULL_SET_INFO {
597     BOOLEAN ShutDownOnFull;
598 }
599 alias POLICY_AUDIT_FULL_SET_INFO* PPOLICY_AUDIT_FULL_SET_INFO;
600 
601 struct POLICY_AUDIT_FULL_QUERY_INFO {
602     BOOLEAN ShutDownOnFull;
603     BOOLEAN LogIsFull;
604 }
605 alias POLICY_AUDIT_FULL_QUERY_INFO* PPOLICY_AUDIT_FULL_QUERY_INFO;
606 
607 struct POLICY_EFS_INFO {
608     ULONG InfoLength;
609     PUCHAR EfsBlob;
610 }
611 alias POLICY_EFS_INFO* PPOLICY_EFS_INFO;
612 
613 struct POLICY_LOCAL_IPSEC_REFERENCE_INFO {
614     LSA_UNICODE_STRING ObjectPath;
615 }
616 alias POLICY_LOCAL_IPSEC_REFERENCE_INFO* PPOLICY_LOCAL_IPSEC_REFERENCE_INFO;
617 
618 struct POLICY_LOCAL_MACHINE_PASSWORD_INFO {
619     LARGE_INTEGER PasswordChangeInterval;
620 }
621 alias POLICY_LOCAL_MACHINE_PASSWORD_INFO* PPOLICY_LOCAL_MACHINE_PASSWORD_INFO;
622 
623 struct POLICY_LOCAL_POLICY_LOCATION_INFO {
624     ULONG PolicyLocation;
625 }
626 alias POLICY_LOCAL_POLICY_LOCATION_INFO* PPOLICY_LOCAL_POLICY_LOCATION_INFO;
627 
628 struct POLICY_LOCAL_QUALITY_OF_SERVICE_INFO{
629     ULONG QualityOfService;
630 }
631 alias POLICY_LOCAL_QUALITY_OF_SERVICE_INFO
632   POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
633 alias POLICY_LOCAL_QUALITY_OF_SERVICE_INFO*
634   PPOLICY_LOCAL_QUALITY_OF_SERVICE_INFO,
635   PPOLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
636 
637 struct POLICY_DOMAIN_PUBLIC_KEY_INFO {
638     ULONG  InfoLength;
639     PUCHAR PublicKeyInfo;
640 }
641 alias POLICY_DOMAIN_PUBLIC_KEY_INFO* PPOLICY_DOMAIN_PUBLIC_KEY_INFO;
642 
643 struct POLICY_DOMAIN_LOCKOUT_INFO {
644     LARGE_INTEGER LockoutDuration;
645     LARGE_INTEGER LockoutObservationWindow;
646     USHORT        LockoutThreshold;
647 }
648 alias POLICY_DOMAIN_LOCKOUT_INFO* PPOLICY_DOMAIN_LOCKOUT_INFO;
649 
650 struct POLICY_DOMAIN_PASSWORD_INFO {
651     USHORT        MinPasswordLength;
652     USHORT        PasswordHistoryLength;
653     ULONG         PasswordProperties;
654     LARGE_INTEGER MaxPasswordAge;
655     LARGE_INTEGER MinPasswordAge;
656 }
657 alias POLICY_DOMAIN_PASSWORD_INFO* PPOLICY_DOMAIN_PASSWORD_INFO;
658 
659 struct POLICY_DOMAIN_KERBEROS_TICKET_INFO {
660     ULONG         AuthenticationOptions;
661     LARGE_INTEGER MinTicketAge;
662     LARGE_INTEGER MaxTicketAge;
663     LARGE_INTEGER MaxRenewAge;
664     LARGE_INTEGER ProxyLifetime;
665     LARGE_INTEGER ForceLogoff;
666 }
667 alias POLICY_DOMAIN_KERBEROS_TICKET_INFO* PPOLICY_DOMAIN_KERBEROS_TICKET_INFO;
668 
669 mixin DECLARE_HANDLE!("LSA_HANDLE");
670 alias LSA_HANDLE* PLSA_HANDLE;
671 
672 struct TRUSTED_DOMAIN_NAME_INFO {
673     LSA_UNICODE_STRING Name;
674 }
675 alias TRUSTED_DOMAIN_NAME_INFO* PTRUSTED_DOMAIN_NAME_INFO;
676 
677 struct TRUSTED_CONTROLLERS_INFO {
678     ULONG               Entries;
679     PLSA_UNICODE_STRING Names;
680 }
681 alias TRUSTED_CONTROLLERS_INFO* PTRUSTED_CONTROLLERS_INFO;
682 
683 struct TRUSTED_POSIX_OFFSET_INFO {
684     ULONG Offset;
685 }
686 alias TRUSTED_POSIX_OFFSET_INFO* PTRUSTED_POSIX_OFFSET_INFO;
687 
688 struct TRUSTED_PASSWORD_INFO {
689     LSA_UNICODE_STRING Password;
690     LSA_UNICODE_STRING OldPassword;
691 }
692 alias TRUSTED_PASSWORD_INFO* PTRUSTED_PASSWORD_INFO;
693 
694 struct TRUSTED_DOMAIN_INFORMATION_EX {
695     LSA_UNICODE_STRING Name;
696     LSA_UNICODE_STRING FlatName;
697     PSID               Sid;
698     ULONG              TrustDirection;
699     ULONG              TrustType;
700     ULONG              TrustAttributes;
701 }
702 alias TRUSTED_DOMAIN_INFORMATION_EX* PTRUSTED_DOMAIN_INFORMATION_EX;
703 
704 struct LSA_AUTH_INFORMATION {
705     LARGE_INTEGER LastUpdateTime;
706     ULONG         AuthType;
707     ULONG         AuthInfoLength;
708     PUCHAR        AuthInfo;
709 }
710 alias LSA_AUTH_INFORMATION* PLSA_AUTH_INFORMATION;
711 
712 struct TRUSTED_DOMAIN_AUTH_INFORMATION {
713     ULONG                 IncomingAuthInfos;
714     PLSA_AUTH_INFORMATION IncomingAuthenticationInformation;
715     PLSA_AUTH_INFORMATION IncomingPreviousAuthenticationInformation;
716     ULONG                 OutgoingAuthInfos;
717     PLSA_AUTH_INFORMATION OutgoingAuthenticationInformation;
718     PLSA_AUTH_INFORMATION OutgoingPreviousAuthenticationInformation;
719 }
720 alias TRUSTED_DOMAIN_AUTH_INFORMATION* PTRUSTED_DOMAIN_AUTH_INFORMATION;
721 
722 struct TRUSTED_DOMAIN_FULL_INFORMATION {
723     TRUSTED_DOMAIN_INFORMATION_EX   Information;
724     TRUSTED_POSIX_OFFSET_INFO       PosixOffset;
725     TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation;
726 }
727 alias TRUSTED_DOMAIN_FULL_INFORMATION* PTRUSTED_DOMAIN_FULL_INFORMATION;
728 
729 extern (Windows) {
730     NTSTATUS LsaAddAccountRights(LSA_HANDLE, PSID, PLSA_UNICODE_STRING,
731       ULONG);
732     NTSTATUS LsaCallAuthenticationPackage(HANDLE, ULONG, PVOID, ULONG,
733       PVOID*, PULONG, PNTSTATUS);
734     NTSTATUS LsaClose(LSA_HANDLE);
735     NTSTATUS LsaConnectUntrusted(PHANDLE);
736     NTSTATUS LsaCreateTrustedDomainEx(LSA_HANDLE,
737       PTRUSTED_DOMAIN_INFORMATION_EX, PTRUSTED_DOMAIN_AUTH_INFORMATION,
738       ACCESS_MASK, PLSA_HANDLE);
739     NTSTATUS LsaDeleteTrustedDomain(LSA_HANDLE, PSID);
740     NTSTATUS LsaDeregisterLogonProcess(HANDLE);
741     NTSTATUS LsaEnumerateAccountRights(LSA_HANDLE, PSID, PLSA_UNICODE_STRING*,
742       PULONG);
743     NTSTATUS LsaEnumerateAccountsWithUserRight(LSA_HANDLE,
744       PLSA_UNICODE_STRING, PVOID*, PULONG);
745     NTSTATUS LsaEnumerateTrustedDomains(LSA_HANDLE, PLSA_ENUMERATION_HANDLE,
746       PVOID*, ULONG, PULONG);
747     NTSTATUS LsaEnumerateTrustedDomainsEx(LSA_HANDLE, PLSA_ENUMERATION_HANDLE,
748       TRUSTED_INFORMATION_CLASS, PVOID*, ULONG, PULONG);
749     NTSTATUS LsaFreeMemory(PVOID);
750     NTSTATUS LsaFreeReturnBuffer(PVOID);
751     NTSTATUS LsaLogonUser(HANDLE, PLSA_STRING, SECURITY_LOGON_TYPE, ULONG,
752       PVOID, ULONG, PTOKEN_GROUPS, PTOKEN_SOURCE, PVOID*, PULONG, PLUID,
753       PHANDLE, PQUOTA_LIMITS, PNTSTATUS);
754     NTSTATUS LsaLookupAuthenticationPackage(HANDLE, PLSA_STRING, PULONG);
755     NTSTATUS LsaLookupNames(LSA_HANDLE, ULONG, PLSA_UNICODE_STRING,
756       PLSA_REFERENCED_DOMAIN_LIST*, PLSA_TRANSLATED_SID*);
757     NTSTATUS LsaLookupSids(LSA_HANDLE, ULONG, PSID*,
758       PLSA_REFERENCED_DOMAIN_LIST*, PLSA_TRANSLATED_NAME*);
759     ULONG LsaNtStatusToWinError(NTSTATUS);
760     NTSTATUS LsaOpenPolicy(PLSA_UNICODE_STRING, PLSA_OBJECT_ATTRIBUTES,
761       ACCESS_MASK, PLSA_HANDLE);
762     NTSTATUS LsaQueryDomainInformationPolicy(LSA_HANDLE,
763       POLICY_DOMAIN_INFORMATION_CLASS, PVOID*);
764     NTSTATUS LsaQueryInformationPolicy(LSA_HANDLE, POLICY_INFORMATION_CLASS,
765       PVOID*);
766     NTSTATUS LsaQueryLocalInformationPolicy(LSA_HANDLE,
767       POLICY_LOCAL_INFORMATION_CLASS, PVOID*);
768     NTSTATUS LsaQueryTrustedDomainInfo(LSA_HANDLE, PSID,
769       TRUSTED_INFORMATION_CLASS, PVOID*);
770     NTSTATUS LsaQueryTrustedDomainInfoByName(LSA_HANDLE, PLSA_UNICODE_STRING,
771       TRUSTED_INFORMATION_CLASS, PVOID*);
772     NTSTATUS LsaRegisterLogonProcess(PLSA_STRING, PHANDLE,
773       PLSA_OPERATIONAL_MODE);
774     NTSTATUS LsaRemoveAccountRights(LSA_HANDLE, PSID, BOOLEAN,
775       PLSA_UNICODE_STRING, ULONG);
776     NTSTATUS LsaRetrievePrivateData(LSA_HANDLE, PLSA_UNICODE_STRING,
777       PLSA_UNICODE_STRING*);
778     NTSTATUS LsaSetDomainInformationPolicy(LSA_HANDLE,
779       POLICY_DOMAIN_INFORMATION_CLASS, PVOID);
780     NTSTATUS LsaSetInformationPolicy(LSA_HANDLE, POLICY_INFORMATION_CLASS,
781       PVOID);
782     NTSTATUS LsaSetLocalInformationPolicy(LSA_HANDLE,
783       POLICY_LOCAL_INFORMATION_CLASS, PVOID);
784     NTSTATUS LsaSetTrustedDomainInformation(LSA_HANDLE, PSID,
785       TRUSTED_INFORMATION_CLASS, PVOID);
786     NTSTATUS LsaSetTrustedDomainInfoByName(LSA_HANDLE, PLSA_UNICODE_STRING,
787       TRUSTED_INFORMATION_CLASS, PVOID);
788     NTSTATUS LsaStorePrivateData(LSA_HANDLE, PLSA_UNICODE_STRING,
789       PLSA_UNICODE_STRING);
790 }
791 
792 alias NTSTATUS function(PUNICODE_STRING, ULONG, PUNICODE_STRING)
793   PSAM_PASSWORD_NOTIFICATION_ROUTINE;
794 alias BOOLEAN function() PSAM_INIT_NOTIFICATION_ROUTINE;
795 alias BOOLEAN function(PUNICODE_STRING, PUNICODE_STRING,
796   PUNICODE_STRING, BOOLEAN) PSAM_PASSWORD_FILTER_ROUTINE;