1 /** 2 * Windows API header module 3 * 4 * Translated from MinGW Windows headers 5 * 6 * Authors: Stewart Gordon 7 * License: $(LINK2 http://www.boost.org/LICENSE_1_0.txt, Boost License 1.0) 8 * Source: $(DRUNTIMESRC core/sys/windows/_ntsecapi.d) 9 */ 10 module core.sys.windows.ntsecapi; 11 version (Windows): 12 pragma(lib, "advapi32"); 13 14 version (ANSI) {} else version = Unicode; 15 16 private import 17 core.sys.windows.basetyps, core.sys.windows.ntdef, core.sys.windows.windef, core.sys.windows.winnt, core.sys.windows.w32api; 18 19 // FIXME: check types and grouping of constants 20 // FIXME: check Windows version support 21 22 enum KERB_WRAP_NO_ENCRYPT = 0x80000001; 23 24 enum LOGON_GUEST = 0x00000001; 25 enum LOGON_NOENCRYPTION = 0x00000002; 26 enum LOGON_CACHED_ACCOUNT = 0x00000004; 27 enum LOGON_USED_LM_PASSWORD = 0x00000008; 28 enum LOGON_EXTRA_SIDS = 0x00000020; 29 enum LOGON_SUBAUTH_SESSION_KEY = 0x00000040; 30 enum LOGON_SERVER_TRUST_ACCOUNT = 0x00000080; 31 enum LOGON_NTLMV2_ENABLED = 0x00000100; 32 enum LOGON_RESOURCE_GROUPS = 0x00000200; 33 enum LOGON_PROFILE_PATH_RETURNED = 0x00000400; 34 enum LOGON_GRACE_LOGON = 0x01000000; 35 36 enum { 37 LSA_MODE_PASSWORD_PROTECTED = 1, 38 LSA_MODE_INDIVIDUAL_ACCOUNTS, 39 LSA_MODE_MANDATORY_ACCESS, 40 LSA_MODE_LOG_FULL 41 } 42 43 bool LSA_SUCCESS(int x) { return x >= 0; } 44 45 /* TOTHINKABOUT: These constants don't have ANSI/Unicode versioned 46 * aliases. Should we merge them anyway? 47 */ 48 const char[] MICROSOFT_KERBEROS_NAME_A = "Kerberos"; 49 const wchar[] MICROSOFT_KERBEROS_NAME_W = "Kerberos"; 50 const char[] MSV1_0_PACKAGE_NAME = "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"; 51 const wchar[] MSV1_0_PACKAGE_NAMEW = "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"; 52 53 enum MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT = 32; 54 enum MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT = 2048; 55 enum MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = 2; 56 enum MSV1_0_CRED_LM_PRESENT = 1; 57 enum MSV1_0_CRED_NT_PRESENT = 2; 58 enum MSV1_0_CRED_VERSION = 0; 59 enum MSV1_0_DONT_TRY_GUEST_ACCOUNT = 16; 60 enum MSV1_0_MAX_NTLM3_LIFE = 1800; 61 enum MSV1_0_MAX_AVL_SIZE = 64000; 62 enum MSV1_0_MNS_LOGON = 16777216; 63 64 enum size_t 65 MSV1_0_CHALLENGE_LENGTH = 8, 66 MSV1_0_LANMAN_SESSION_KEY_LENGTH = 8, 67 MSV1_0_NTLM3_RESPONSE_LENGTH = 16, 68 MSV1_0_NTLM3_OWF_LENGTH = 16, 69 MSV1_0_NTLM3_INPUT_LENGTH = MSV1_0_NTLM3_RESPONSE.sizeof 70 - MSV1_0_NTLM3_RESPONSE_LENGTH, 71 MSV1_0_OWF_PASSWORD_LENGTH = 16, 72 MSV1_0_PACKAGE_NAMEW_LENGTH = MSV1_0_PACKAGE_NAMEW.sizeof 73 - WCHAR.sizeof; 74 75 enum MSV1_0_RETURN_USER_PARAMETERS = 8; 76 enum MSV1_0_RETURN_PASSWORD_EXPIRY = 64; 77 enum MSV1_0_RETURN_PROFILE_PATH = 512; 78 enum MSV1_0_SUBAUTHENTICATION_DLL_EX = 1048576; 79 enum MSV1_0_SUBAUTHENTICATION_DLL = 0xff000000; 80 enum MSV1_0_SUBAUTHENTICATION_DLL_SHIFT = 24; 81 enum MSV1_0_SUBAUTHENTICATION_DLL_RAS = 2; 82 enum MSV1_0_SUBAUTHENTICATION_DLL_IIS = 132; 83 enum MSV1_0_SUBAUTHENTICATION_FLAGS = 0xff000000; 84 enum MSV1_0_TRY_GUEST_ACCOUNT_ONLY = 256; 85 enum MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY = 1024; 86 enum MSV1_0_UPDATE_LOGON_STATISTICS = 4; 87 enum MSV1_0_USE_CLIENT_CHALLENGE = 128; 88 enum MSV1_0_USER_SESSION_KEY_LENGTH = 16; 89 90 const char[] 91 MSV1_0_SUBAUTHENTICATION_KEY 92 = `System\CurrentControlSet\Control\Lsa\MSV1_0`, 93 MSV1_0_SUBAUTHENTICATION_VALUE = "Auth"; 94 95 enum ACCESS_MASK 96 POLICY_VIEW_LOCAL_INFORMATION = 0x0001, 97 POLICY_VIEW_AUDIT_INFORMATION = 0x0002, 98 POLICY_GET_PRIVATE_INFORMATION = 0x0004, 99 POLICY_TRUST_ADMIN = 0x0008, 100 POLICY_CREATE_ACCOUNT = 0x0010, 101 POLICY_CREATE_SECRET = 0x0020, 102 POLICY_CREATE_PRIVILEGE = 0x0040, 103 POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x0080, 104 POLICY_SET_AUDIT_REQUIREMENTS = 0x0100, 105 POLICY_AUDIT_LOG_ADMIN = 0x0200, 106 POLICY_SERVER_ADMIN = 0x0400, 107 POLICY_LOOKUP_NAMES = 0x0800, 108 109 POLICY_READ = STANDARD_RIGHTS_READ | 0x0006, 110 POLICY_WRITE = STANDARD_RIGHTS_WRITE | 0x07F8, 111 POLICY_EXECUTE = STANDARD_RIGHTS_EXECUTE | 0x0801, 112 POLICY_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED | 0x0FFF; 113 114 enum POLICY_AUDIT_EVENT_UNCHANGED = 0; 115 enum POLICY_AUDIT_EVENT_SUCCESS = 1; 116 enum POLICY_AUDIT_EVENT_FAILURE = 2; 117 enum POLICY_AUDIT_EVENT_NONE = 4; 118 enum POLICY_AUDIT_EVENT_MASK = 7; 119 120 enum { 121 POLICY_LOCATION_LOCAL = 1, 122 POLICY_LOCATION_DS 123 } 124 125 enum : uint { 126 POLICY_MACHINE_POLICY_LOCAL = 0, 127 POLICY_MACHINE_POLICY_DEFAULTED, 128 POLICY_MACHINE_POLICY_EXPLICIT, 129 POLICY_MACHINE_POLICY_UNKNOWN = 0xFFFFFFFF 130 } 131 132 133 enum POLICY_QOS_SCHANEL_REQUIRED = 0x0001; 134 enum POLICY_QOS_OUTBOUND_INTEGRITY = 0x0002; 135 enum POLICY_QOS_OUTBOUND_CONFIDENTIALITY = 0x0004; 136 enum POLICY_QOS_INBOUND_INTEGREITY = 0x0008; 137 enum POLICY_QOS_INBOUND_CONFIDENTIALITY = 0x0010; 138 enum POLICY_QOS_ALLOW_LOCAL_ROOT_CERT_STORE = 0x0020; 139 enum POLICY_QOS_RAS_SERVER_ALLOWED = 0x0040; 140 enum POLICY_QOS_DHCP_SERVER_ALLOWD = 0x0080; 141 142 enum POLICY_KERBEROS_FORWARDABLE = 1; 143 enum POLICY_KERBEROS_PROXYABLE = 2; 144 enum POLICY_KERBEROS_RENEWABLE = 4; 145 enum POLICY_KERBEROS_POSTDATEABLE = 8; 146 147 const char[] 148 SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE = "PasswordChangeNotify", 149 SAM_INIT_NOTIFICATION_ROUTINE = "InitializeChangeNotify", 150 SAM_PASSWORD_FILTER_ROUTINE = "PasswordFilter"; 151 152 const TCHAR[] 153 SE_INTERACTIVE_LOGON_NAME = "SeInteractiveLogonRight", 154 SE_NETWORK_LOGON_NAME = "SeNetworkLogonRight", 155 SE_BATCH_LOGON_NAME = "SeBatchLogonRight", 156 SE_SERVICE_LOGON_NAME = "SeServiceLogonRight"; 157 158 enum { 159 TRUST_ATTRIBUTE_NON_TRANSITIVE = 1, 160 TRUST_ATTRIBUTE_UPLEVEL_ONLY = 2, 161 TRUST_ATTRIBUTE_TREE_PARENT = 4194304, 162 TRUST_ATTRIBUTES_VALID = -16580609 163 } 164 165 enum { 166 TRUST_AUTH_TYPE_NONE, 167 TRUST_AUTH_TYPE_NT4OWF, 168 TRUST_AUTH_TYPE_CLEAR 169 } 170 171 enum { 172 TRUST_DIRECTION_DISABLED, 173 TRUST_DIRECTION_INBOUND, 174 TRUST_DIRECTION_OUTBOUND, 175 TRUST_DIRECTION_BIDIRECTIONAL 176 } 177 178 enum { 179 TRUST_TYPE_DOWNLEVEL = 1, 180 TRUST_TYPE_UPLEVEL, 181 TRUST_TYPE_MIT, 182 TRUST_TYPE_DCE 183 } 184 185 alias UNICODE_STRING LSA_UNICODE_STRING; 186 alias UNICODE_STRING* PLSA_UNICODE_STRING; 187 alias STRING LSA_STRING; 188 alias STRING* PLSA_STRING; 189 190 enum MSV1_0_LOGON_SUBMIT_TYPE { 191 MsV1_0InteractiveLogon = 2, 192 MsV1_0Lm20Logon, 193 MsV1_0NetworkLogon, 194 MsV1_0SubAuthLogon, 195 MsV1_0WorkstationUnlockLogon = 7 196 } 197 alias MSV1_0_LOGON_SUBMIT_TYPE* PMSV1_0_LOGON_SUBMIT_TYPE; 198 199 enum MSV1_0_PROFILE_BUFFER_TYPE { 200 MsV1_0InteractiveProfile = 2, 201 MsV1_0Lm20LogonProfile, 202 MsV1_0SmartCardProfile 203 } 204 alias MSV1_0_PROFILE_BUFFER_TYPE* PMSV1_0_PROFILE_BUFFER_TYPE; 205 206 207 enum MSV1_0_AVID { 208 MsvAvEOL, 209 MsvAvNbComputerName, 210 MsvAvNbDomainName, 211 MsvAvDnsComputerName, 212 MsvAvDnsDomainName 213 } 214 215 enum MSV1_0_PROTOCOL_MESSAGE_TYPE { 216 MsV1_0Lm20ChallengeRequest = 0, 217 MsV1_0Lm20GetChallengeResponse, 218 MsV1_0EnumerateUsers, 219 MsV1_0GetUserInfo, 220 MsV1_0ReLogonUsers, 221 MsV1_0ChangePassword, 222 MsV1_0ChangeCachedPassword, 223 MsV1_0GenericPassthrough, 224 MsV1_0CacheLogon, 225 MsV1_0SubAuth, 226 MsV1_0DeriveCredential, 227 MsV1_0CacheLookup 228 } 229 alias MSV1_0_PROTOCOL_MESSAGE_TYPE* PMSV1_0_PROTOCOL_MESSAGE_TYPE; 230 231 enum POLICY_LSA_SERVER_ROLE { 232 PolicyServerRoleBackup = 2, 233 PolicyServerRolePrimary 234 } 235 alias POLICY_LSA_SERVER_ROLE* PPOLICY_LSA_SERVER_ROLE; 236 237 enum POLICY_SERVER_ENABLE_STATE { 238 PolicyServerEnabled = 2, 239 PolicyServerDisabled 240 } 241 alias POLICY_SERVER_ENABLE_STATE* PPOLICY_SERVER_ENABLE_STATE; 242 243 enum POLICY_INFORMATION_CLASS { 244 PolicyAuditLogInformation = 1, 245 PolicyAuditEventsInformation, 246 PolicyPrimaryDomainInformation, 247 PolicyPdAccountInformation, 248 PolicyAccountDomainInformation, 249 PolicyLsaServerRoleInformation, 250 PolicyReplicaSourceInformation, 251 PolicyDefaultQuotaInformation, 252 PolicyModificationInformation, 253 PolicyAuditFullSetInformation, 254 PolicyAuditFullQueryInformation, 255 PolicyDnsDomainInformation, 256 PolicyEfsInformation 257 } 258 alias POLICY_INFORMATION_CLASS* PPOLICY_INFORMATION_CLASS; 259 260 enum POLICY_AUDIT_EVENT_TYPE { 261 AuditCategorySystem, 262 AuditCategoryLogon, 263 AuditCategoryObjectAccess, 264 AuditCategoryPrivilegeUse, 265 AuditCategoryDetailedTracking, 266 AuditCategoryPolicyChange, 267 AuditCategoryAccountManagement, 268 AuditCategoryDirectoryServiceAccess, 269 AuditCategoryAccountLogon 270 } 271 alias POLICY_AUDIT_EVENT_TYPE* PPOLICY_AUDIT_EVENT_TYPE; 272 273 enum POLICY_LOCAL_INFORMATION_CLASS { 274 PolicyLocalAuditEventsInformation = 1, 275 PolicyLocalPdAccountInformation, 276 PolicyLocalAccountDomainInformation, 277 PolicyLocalLsaServerRoleInformation, 278 PolicyLocalReplicaSourceInformation, 279 PolicyLocalModificationInformation, 280 PolicyLocalAuditFullSetInformation, 281 PolicyLocalAuditFullQueryInformation, 282 PolicyLocalDnsDomainInformation, 283 PolicyLocalIPSecReferenceInformation, 284 PolicyLocalMachinePasswordInformation, 285 PolicyLocalQualityOfServiceInformation, 286 PolicyLocalPolicyLocationInformation 287 } 288 alias POLICY_LOCAL_INFORMATION_CLASS* PPOLICY_LOCAL_INFORMATION_CLASS; 289 290 enum POLICY_DOMAIN_INFORMATION_CLASS { 291 PolicyDomainIPSecReferenceInformation = 1, 292 PolicyDomainQualityOfServiceInformation, 293 PolicyDomainEfsInformation, 294 PolicyDomainPublicKeyInformation, 295 PolicyDomainPasswordPolicyInformation, 296 PolicyDomainLockoutInformation, 297 PolicyDomainKerberosTicketInformation 298 } 299 alias POLICY_DOMAIN_INFORMATION_CLASS* PPOLICY_DOMAIN_INFORMATION_CLASS; 300 301 enum SECURITY_LOGON_TYPE { 302 Interactive = 2, 303 Network, 304 Batch, 305 Service, 306 Proxy, 307 Unlock 308 } 309 alias SECURITY_LOGON_TYPE* PSECURITY_LOGON_TYPE; 310 311 enum TRUSTED_INFORMATION_CLASS { 312 TrustedDomainNameInformation = 1, 313 TrustedControllersInformation, 314 TrustedPosixOffsetInformation, 315 TrustedPasswordInformation, 316 TrustedDomainInformationBasic, 317 TrustedDomainInformationEx, 318 TrustedDomainAuthInformation, 319 TrustedDomainFullInformation 320 } 321 alias TRUSTED_INFORMATION_CLASS* PTRUSTED_INFORMATION_CLASS; 322 323 struct DOMAIN_PASSWORD_INFORMATION { 324 USHORT MinPasswordLength; 325 USHORT PasswordHistoryLength; 326 ULONG PasswordProperties; 327 LARGE_INTEGER MaxPasswordAge; 328 LARGE_INTEGER MinPasswordAge; 329 } 330 alias DOMAIN_PASSWORD_INFORMATION* PDOMAIN_PASSWORD_INFORMATION; 331 332 struct LSA_ENUMERATION_INFORMATION { 333 PSID Sid; 334 } 335 alias LSA_ENUMERATION_INFORMATION* PLSA_ENUMERATION_INFORMATION; 336 337 alias OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES; 338 alias OBJECT_ATTRIBUTES* PLSA_OBJECT_ATTRIBUTES; 339 340 struct LSA_TRUST_INFORMATION { 341 LSA_UNICODE_STRING Name; 342 PSID Sid; 343 } 344 alias LSA_TRUST_INFORMATION TRUSTED_DOMAIN_INFORMATION_BASIC; 345 alias LSA_TRUST_INFORMATION* PLSA_TRUST_INFORMATION; 346 /* in MinGW (further down the code): 347 * typedef PLSA_TRUST_INFORMATION *PTRUSTED_DOMAIN_INFORMATION_BASIC; 348 * but it doesn't look right.... 349 */ 350 alias LSA_TRUST_INFORMATION** PTRUSTED_DOMAIN_INFORMATION_BASIC; 351 352 struct LSA_REFERENCED_DOMAIN_LIST { 353 ULONG Entries; 354 PLSA_TRUST_INFORMATION Domains; 355 } 356 alias LSA_REFERENCED_DOMAIN_LIST* PLSA_REFERENCED_DOMAIN_LIST; 357 358 struct LSA_TRANSLATED_SID { 359 SID_NAME_USE Use; 360 ULONG RelativeId; 361 LONG DomainIndex; 362 } 363 alias LSA_TRANSLATED_SID* PLSA_TRANSLATED_SID; 364 365 struct LSA_TRANSLATED_NAME { 366 SID_NAME_USE Use; 367 LSA_UNICODE_STRING Name; 368 LONG DomainIndex; 369 } 370 alias LSA_TRANSLATED_NAME* PLSA_TRANSLATED_NAME; 371 372 struct MSV1_0_INTERACTIVE_LOGON { 373 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 374 UNICODE_STRING LogonDomainName; 375 UNICODE_STRING UserName; 376 UNICODE_STRING Password; 377 } 378 alias MSV1_0_INTERACTIVE_LOGON* PMSV1_0_INTERACTIVE_LOGON; 379 380 struct MSV1_0_INTERACTIVE_PROFILE { 381 MSV1_0_PROFILE_BUFFER_TYPE MessageType; 382 USHORT LogonCount; 383 USHORT BadPasswordCount; 384 LARGE_INTEGER LogonTime; 385 LARGE_INTEGER LogoffTime; 386 LARGE_INTEGER KickOffTime; 387 LARGE_INTEGER PasswordLastSet; 388 LARGE_INTEGER PasswordCanChange; 389 LARGE_INTEGER PasswordMustChange; 390 UNICODE_STRING LogonScript; 391 UNICODE_STRING HomeDirectory; 392 UNICODE_STRING FullName; 393 UNICODE_STRING ProfilePath; 394 UNICODE_STRING HomeDirectoryDrive; 395 UNICODE_STRING LogonServer; 396 ULONG UserFlags; 397 } 398 alias MSV1_0_INTERACTIVE_PROFILE* PMSV1_0_INTERACTIVE_PROFILE; 399 400 struct MSV1_0_LM20_LOGON { 401 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 402 UNICODE_STRING LogonDomainName; 403 UNICODE_STRING UserName; 404 UNICODE_STRING Workstation; 405 UCHAR[MSV1_0_CHALLENGE_LENGTH] ChallengeToClient; 406 STRING CaseSensitiveChallengeResponse; 407 STRING CaseInsensitiveChallengeResponse; 408 ULONG ParameterControl; 409 } 410 alias MSV1_0_LM20_LOGON* PMSV1_0_LM20_LOGON; 411 412 //static if (_WIN32_WINNT >= 0x500) { 413 struct MSV1_0_SUBAUTH_LOGON { 414 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 415 UNICODE_STRING LogonDomainName; 416 UNICODE_STRING UserName; 417 UNICODE_STRING Workstation; 418 UCHAR[MSV1_0_CHALLENGE_LENGTH] ChallengeToClient; 419 STRING AuthenticationInfo1; 420 STRING AuthenticationInfo2; 421 ULONG ParameterControl; 422 ULONG SubAuthPackageId; 423 } 424 alias MSV1_0_SUBAUTH_LOGON* PMSV1_0_SUBAUTH_LOGON; 425 //} 426 427 struct MSV1_0_LM20_LOGON_PROFILE { 428 MSV1_0_PROFILE_BUFFER_TYPE MessageType; 429 LARGE_INTEGER KickOffTime; 430 LARGE_INTEGER LogoffTime; 431 ULONG UserFlags; 432 UCHAR[MSV1_0_USER_SESSION_KEY_LENGTH] UserSessionKey; 433 UNICODE_STRING LogonDomainName; 434 UCHAR[MSV1_0_LANMAN_SESSION_KEY_LENGTH] LanmanSessionKey; 435 UNICODE_STRING LogonServer; 436 UNICODE_STRING UserParameters; 437 } 438 alias MSV1_0_LM20_LOGON_PROFILE* PMSV1_0_LM20_LOGON_PROFILE; 439 440 struct MSV1_0_SUPPLEMENTAL_CREDENTIAL { 441 ULONG Version; 442 ULONG Flags; 443 UCHAR[MSV1_0_OWF_PASSWORD_LENGTH] LmPassword; 444 UCHAR[MSV1_0_OWF_PASSWORD_LENGTH] NtPassword; 445 } 446 alias MSV1_0_SUPPLEMENTAL_CREDENTIAL* PMSV1_0_SUPPLEMENTAL_CREDENTIAL; 447 448 struct MSV1_0_NTLM3_RESPONSE { 449 UCHAR[MSV1_0_NTLM3_RESPONSE_LENGTH] Response; 450 UCHAR RespType; 451 UCHAR HiRespType; 452 USHORT Flags; 453 ULONG MsgWord; 454 ULONGLONG TimeStamp; 455 UCHAR[MSV1_0_CHALLENGE_LENGTH] ChallengeFromClient; 456 ULONG AvPairsOff; 457 UCHAR _Buffer; 458 UCHAR* Buffer() return { return &_Buffer; } 459 } 460 alias MSV1_0_NTLM3_RESPONSE* PMSV1_0_NTLM3_RESPONSE; 461 462 struct MSV1_0_AV_PAIR { 463 USHORT AvId; 464 USHORT AvLen; 465 } 466 alias MSV1_0_AV_PAIR* PMSV1_0_AV_PAIR; 467 468 struct MSV1_0_CHANGEPASSWORD_REQUEST { 469 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 470 UNICODE_STRING DomainName; 471 UNICODE_STRING AccountName; 472 UNICODE_STRING OldPassword; 473 UNICODE_STRING NewPassword; 474 BOOLEAN Impersonating; 475 } 476 alias MSV1_0_CHANGEPASSWORD_REQUEST* PMSV1_0_CHANGEPASSWORD_REQUEST; 477 478 struct MSV1_0_CHANGEPASSWORD_RESPONSE { 479 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 480 BOOLEAN PasswordInfoValid; 481 DOMAIN_PASSWORD_INFORMATION DomainPasswordInfo; 482 } 483 alias MSV1_0_CHANGEPASSWORD_RESPONSE* PMSV1_0_CHANGEPASSWORD_RESPONSE; 484 485 struct MSV1_0_SUBAUTH_REQUEST { 486 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 487 ULONG SubAuthPackageId; 488 ULONG SubAuthInfoLength; 489 PUCHAR SubAuthSubmitBuffer; 490 } 491 alias MSV1_0_SUBAUTH_REQUEST* PMSV1_0_SUBAUTH_REQUEST; 492 493 struct MSV1_0_SUBAUTH_RESPONSE { 494 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 495 ULONG SubAuthInfoLength; 496 PUCHAR SubAuthReturnBuffer; 497 } 498 alias MSV1_0_SUBAUTH_RESPONSE* PMSV1_0_SUBAUTH_RESPONSE; 499 500 enum MSV1_0_DERIVECRED_TYPE_SHA1 = 0; 501 502 struct MSV1_0_DERIVECRED_REQUEST { 503 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 504 LUID LogonId; 505 ULONG DeriveCredType; 506 ULONG DeriveCredInfoLength; 507 UCHAR _DeriveCredSubmitBuffer; 508 UCHAR* DeriveCredSubmitBuffer() return { return &_DeriveCredSubmitBuffer; } 509 } 510 alias MSV1_0_DERIVECRED_REQUEST* PMSV1_0_DERIVECRED_REQUEST; 511 512 struct MSV1_0_DERIVECRED_RESPONSE { 513 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 514 ULONG DeriveCredInfoLength; 515 UCHAR _DeriveCredReturnBuffer; 516 UCHAR* DeriveCredReturnBuffer() return { return &_DeriveCredReturnBuffer; } 517 } 518 alias MSV1_0_DERIVECRED_RESPONSE* PMSV1_0_DERIVECRED_RESPONSE; 519 520 alias uint LSA_ENUMERATION_HANDLE, LSA_OPERATIONAL_MODE, 521 POLICY_AUDIT_EVENT_OPTIONS; 522 alias uint* PLSA_ENUMERATION_HANDLE, PLSA_OPERATIONAL_MODE, 523 PPOLICY_AUDIT_EVENT_OPTIONS; 524 525 struct POLICY_PRIVILEGE_DEFINITION { 526 LSA_UNICODE_STRING Name; 527 LUID LocalValue; 528 } 529 alias POLICY_PRIVILEGE_DEFINITION* PPOLICY_PRIVILEGE_DEFINITION; 530 531 struct POLICY_AUDIT_LOG_INFO { 532 ULONG AuditLogPercentFull; 533 ULONG MaximumLogSize; 534 LARGE_INTEGER AuditRetentionPeriod; 535 BOOLEAN AuditLogFullShutdownInProgress; 536 LARGE_INTEGER TimeToShutdown; 537 ULONG NextAuditRecordId; 538 } 539 alias POLICY_AUDIT_LOG_INFO* PPOLICY_AUDIT_LOG_INFO; 540 541 struct POLICY_AUDIT_EVENTS_INFO { 542 BOOLEAN AuditingMode; 543 PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions; 544 ULONG MaximumAuditEventCount; 545 } 546 alias POLICY_AUDIT_EVENTS_INFO* PPOLICY_AUDIT_EVENTS_INFO; 547 548 struct POLICY_ACCOUNT_DOMAIN_INFO { 549 LSA_UNICODE_STRING DomainName; 550 PSID DomainSid; 551 } 552 alias POLICY_ACCOUNT_DOMAIN_INFO* PPOLICY_ACCOUNT_DOMAIN_INFO; 553 554 struct POLICY_PRIMARY_DOMAIN_INFO { 555 LSA_UNICODE_STRING Name; 556 PSID Sid; 557 } 558 alias POLICY_PRIMARY_DOMAIN_INFO* PPOLICY_PRIMARY_DOMAIN_INFO; 559 560 struct POLICY_DNS_DOMAIN_INFO { 561 LSA_UNICODE_STRING Name; 562 LSA_UNICODE_STRING DnsDomainName; 563 LSA_UNICODE_STRING DnsTreeName; 564 GUID DomainGuid; 565 PSID Sid; 566 } 567 alias POLICY_DNS_DOMAIN_INFO* PPOLICY_DNS_DOMAIN_INFO; 568 569 struct POLICY_PD_ACCOUNT_INFO { 570 LSA_UNICODE_STRING Name; 571 } 572 alias POLICY_PD_ACCOUNT_INFO* PPOLICY_PD_ACCOUNT_INFO; 573 574 struct POLICY_LSA_SERVER_ROLE_INFO { 575 POLICY_LSA_SERVER_ROLE LsaServerRole; 576 } 577 alias POLICY_LSA_SERVER_ROLE_INFO* PPOLICY_LSA_SERVER_ROLE_INFO; 578 579 struct POLICY_REPLICA_SOURCE_INFO { 580 LSA_UNICODE_STRING ReplicaSource; 581 LSA_UNICODE_STRING ReplicaAccountName; 582 } 583 alias POLICY_REPLICA_SOURCE_INFO* PPOLICY_REPLICA_SOURCE_INFO; 584 585 struct POLICY_DEFAULT_QUOTA_INFO { 586 QUOTA_LIMITS QuotaLimits; 587 } 588 alias POLICY_DEFAULT_QUOTA_INFO* PPOLICY_DEFAULT_QUOTA_INFO; 589 590 struct POLICY_MODIFICATION_INFO { 591 LARGE_INTEGER ModifiedId; 592 LARGE_INTEGER DatabaseCreationTime; 593 } 594 alias POLICY_MODIFICATION_INFO* PPOLICY_MODIFICATION_INFO; 595 596 struct POLICY_AUDIT_FULL_SET_INFO { 597 BOOLEAN ShutDownOnFull; 598 } 599 alias POLICY_AUDIT_FULL_SET_INFO* PPOLICY_AUDIT_FULL_SET_INFO; 600 601 struct POLICY_AUDIT_FULL_QUERY_INFO { 602 BOOLEAN ShutDownOnFull; 603 BOOLEAN LogIsFull; 604 } 605 alias POLICY_AUDIT_FULL_QUERY_INFO* PPOLICY_AUDIT_FULL_QUERY_INFO; 606 607 struct POLICY_EFS_INFO { 608 ULONG InfoLength; 609 PUCHAR EfsBlob; 610 } 611 alias POLICY_EFS_INFO* PPOLICY_EFS_INFO; 612 613 struct POLICY_LOCAL_IPSEC_REFERENCE_INFO { 614 LSA_UNICODE_STRING ObjectPath; 615 } 616 alias POLICY_LOCAL_IPSEC_REFERENCE_INFO* PPOLICY_LOCAL_IPSEC_REFERENCE_INFO; 617 618 struct POLICY_LOCAL_MACHINE_PASSWORD_INFO { 619 LARGE_INTEGER PasswordChangeInterval; 620 } 621 alias POLICY_LOCAL_MACHINE_PASSWORD_INFO* PPOLICY_LOCAL_MACHINE_PASSWORD_INFO; 622 623 struct POLICY_LOCAL_POLICY_LOCATION_INFO { 624 ULONG PolicyLocation; 625 } 626 alias POLICY_LOCAL_POLICY_LOCATION_INFO* PPOLICY_LOCAL_POLICY_LOCATION_INFO; 627 628 struct POLICY_LOCAL_QUALITY_OF_SERVICE_INFO{ 629 ULONG QualityOfService; 630 } 631 alias POLICY_LOCAL_QUALITY_OF_SERVICE_INFO 632 POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO; 633 alias POLICY_LOCAL_QUALITY_OF_SERVICE_INFO* 634 PPOLICY_LOCAL_QUALITY_OF_SERVICE_INFO, 635 PPOLICY_DOMAIN_QUALITY_OF_SERVICE_INFO; 636 637 struct POLICY_DOMAIN_PUBLIC_KEY_INFO { 638 ULONG InfoLength; 639 PUCHAR PublicKeyInfo; 640 } 641 alias POLICY_DOMAIN_PUBLIC_KEY_INFO* PPOLICY_DOMAIN_PUBLIC_KEY_INFO; 642 643 struct POLICY_DOMAIN_LOCKOUT_INFO { 644 LARGE_INTEGER LockoutDuration; 645 LARGE_INTEGER LockoutObservationWindow; 646 USHORT LockoutThreshold; 647 } 648 alias POLICY_DOMAIN_LOCKOUT_INFO* PPOLICY_DOMAIN_LOCKOUT_INFO; 649 650 struct POLICY_DOMAIN_PASSWORD_INFO { 651 USHORT MinPasswordLength; 652 USHORT PasswordHistoryLength; 653 ULONG PasswordProperties; 654 LARGE_INTEGER MaxPasswordAge; 655 LARGE_INTEGER MinPasswordAge; 656 } 657 alias POLICY_DOMAIN_PASSWORD_INFO* PPOLICY_DOMAIN_PASSWORD_INFO; 658 659 struct POLICY_DOMAIN_KERBEROS_TICKET_INFO { 660 ULONG AuthenticationOptions; 661 LARGE_INTEGER MinTicketAge; 662 LARGE_INTEGER MaxTicketAge; 663 LARGE_INTEGER MaxRenewAge; 664 LARGE_INTEGER ProxyLifetime; 665 LARGE_INTEGER ForceLogoff; 666 } 667 alias POLICY_DOMAIN_KERBEROS_TICKET_INFO* PPOLICY_DOMAIN_KERBEROS_TICKET_INFO; 668 669 mixin DECLARE_HANDLE!("LSA_HANDLE"); 670 alias LSA_HANDLE* PLSA_HANDLE; 671 672 struct TRUSTED_DOMAIN_NAME_INFO { 673 LSA_UNICODE_STRING Name; 674 } 675 alias TRUSTED_DOMAIN_NAME_INFO* PTRUSTED_DOMAIN_NAME_INFO; 676 677 struct TRUSTED_CONTROLLERS_INFO { 678 ULONG Entries; 679 PLSA_UNICODE_STRING Names; 680 } 681 alias TRUSTED_CONTROLLERS_INFO* PTRUSTED_CONTROLLERS_INFO; 682 683 struct TRUSTED_POSIX_OFFSET_INFO { 684 ULONG Offset; 685 } 686 alias TRUSTED_POSIX_OFFSET_INFO* PTRUSTED_POSIX_OFFSET_INFO; 687 688 struct TRUSTED_PASSWORD_INFO { 689 LSA_UNICODE_STRING Password; 690 LSA_UNICODE_STRING OldPassword; 691 } 692 alias TRUSTED_PASSWORD_INFO* PTRUSTED_PASSWORD_INFO; 693 694 struct TRUSTED_DOMAIN_INFORMATION_EX { 695 LSA_UNICODE_STRING Name; 696 LSA_UNICODE_STRING FlatName; 697 PSID Sid; 698 ULONG TrustDirection; 699 ULONG TrustType; 700 ULONG TrustAttributes; 701 } 702 alias TRUSTED_DOMAIN_INFORMATION_EX* PTRUSTED_DOMAIN_INFORMATION_EX; 703 704 struct LSA_AUTH_INFORMATION { 705 LARGE_INTEGER LastUpdateTime; 706 ULONG AuthType; 707 ULONG AuthInfoLength; 708 PUCHAR AuthInfo; 709 } 710 alias LSA_AUTH_INFORMATION* PLSA_AUTH_INFORMATION; 711 712 struct TRUSTED_DOMAIN_AUTH_INFORMATION { 713 ULONG IncomingAuthInfos; 714 PLSA_AUTH_INFORMATION IncomingAuthenticationInformation; 715 PLSA_AUTH_INFORMATION IncomingPreviousAuthenticationInformation; 716 ULONG OutgoingAuthInfos; 717 PLSA_AUTH_INFORMATION OutgoingAuthenticationInformation; 718 PLSA_AUTH_INFORMATION OutgoingPreviousAuthenticationInformation; 719 } 720 alias TRUSTED_DOMAIN_AUTH_INFORMATION* PTRUSTED_DOMAIN_AUTH_INFORMATION; 721 722 struct TRUSTED_DOMAIN_FULL_INFORMATION { 723 TRUSTED_DOMAIN_INFORMATION_EX Information; 724 TRUSTED_POSIX_OFFSET_INFO PosixOffset; 725 TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation; 726 } 727 alias TRUSTED_DOMAIN_FULL_INFORMATION* PTRUSTED_DOMAIN_FULL_INFORMATION; 728 729 extern (Windows) { 730 NTSTATUS LsaAddAccountRights(LSA_HANDLE, PSID, PLSA_UNICODE_STRING, 731 ULONG); 732 NTSTATUS LsaCallAuthenticationPackage(HANDLE, ULONG, PVOID, ULONG, 733 PVOID*, PULONG, PNTSTATUS); 734 NTSTATUS LsaClose(LSA_HANDLE); 735 NTSTATUS LsaConnectUntrusted(PHANDLE); 736 NTSTATUS LsaCreateTrustedDomainEx(LSA_HANDLE, 737 PTRUSTED_DOMAIN_INFORMATION_EX, PTRUSTED_DOMAIN_AUTH_INFORMATION, 738 ACCESS_MASK, PLSA_HANDLE); 739 NTSTATUS LsaDeleteTrustedDomain(LSA_HANDLE, PSID); 740 NTSTATUS LsaDeregisterLogonProcess(HANDLE); 741 NTSTATUS LsaEnumerateAccountRights(LSA_HANDLE, PSID, PLSA_UNICODE_STRING*, 742 PULONG); 743 NTSTATUS LsaEnumerateAccountsWithUserRight(LSA_HANDLE, 744 PLSA_UNICODE_STRING, PVOID*, PULONG); 745 NTSTATUS LsaEnumerateTrustedDomains(LSA_HANDLE, PLSA_ENUMERATION_HANDLE, 746 PVOID*, ULONG, PULONG); 747 NTSTATUS LsaEnumerateTrustedDomainsEx(LSA_HANDLE, PLSA_ENUMERATION_HANDLE, 748 TRUSTED_INFORMATION_CLASS, PVOID*, ULONG, PULONG); 749 NTSTATUS LsaFreeMemory(PVOID); 750 NTSTATUS LsaFreeReturnBuffer(PVOID); 751 NTSTATUS LsaLogonUser(HANDLE, PLSA_STRING, SECURITY_LOGON_TYPE, ULONG, 752 PVOID, ULONG, PTOKEN_GROUPS, PTOKEN_SOURCE, PVOID*, PULONG, PLUID, 753 PHANDLE, PQUOTA_LIMITS, PNTSTATUS); 754 NTSTATUS LsaLookupAuthenticationPackage(HANDLE, PLSA_STRING, PULONG); 755 NTSTATUS LsaLookupNames(LSA_HANDLE, ULONG, PLSA_UNICODE_STRING, 756 PLSA_REFERENCED_DOMAIN_LIST*, PLSA_TRANSLATED_SID*); 757 NTSTATUS LsaLookupSids(LSA_HANDLE, ULONG, PSID*, 758 PLSA_REFERENCED_DOMAIN_LIST*, PLSA_TRANSLATED_NAME*); 759 ULONG LsaNtStatusToWinError(NTSTATUS); 760 NTSTATUS LsaOpenPolicy(PLSA_UNICODE_STRING, PLSA_OBJECT_ATTRIBUTES, 761 ACCESS_MASK, PLSA_HANDLE); 762 NTSTATUS LsaQueryDomainInformationPolicy(LSA_HANDLE, 763 POLICY_DOMAIN_INFORMATION_CLASS, PVOID*); 764 NTSTATUS LsaQueryInformationPolicy(LSA_HANDLE, POLICY_INFORMATION_CLASS, 765 PVOID*); 766 NTSTATUS LsaQueryLocalInformationPolicy(LSA_HANDLE, 767 POLICY_LOCAL_INFORMATION_CLASS, PVOID*); 768 NTSTATUS LsaQueryTrustedDomainInfo(LSA_HANDLE, PSID, 769 TRUSTED_INFORMATION_CLASS, PVOID*); 770 NTSTATUS LsaQueryTrustedDomainInfoByName(LSA_HANDLE, PLSA_UNICODE_STRING, 771 TRUSTED_INFORMATION_CLASS, PVOID*); 772 NTSTATUS LsaRegisterLogonProcess(PLSA_STRING, PHANDLE, 773 PLSA_OPERATIONAL_MODE); 774 NTSTATUS LsaRemoveAccountRights(LSA_HANDLE, PSID, BOOLEAN, 775 PLSA_UNICODE_STRING, ULONG); 776 NTSTATUS LsaRetrievePrivateData(LSA_HANDLE, PLSA_UNICODE_STRING, 777 PLSA_UNICODE_STRING*); 778 NTSTATUS LsaSetDomainInformationPolicy(LSA_HANDLE, 779 POLICY_DOMAIN_INFORMATION_CLASS, PVOID); 780 NTSTATUS LsaSetInformationPolicy(LSA_HANDLE, POLICY_INFORMATION_CLASS, 781 PVOID); 782 NTSTATUS LsaSetLocalInformationPolicy(LSA_HANDLE, 783 POLICY_LOCAL_INFORMATION_CLASS, PVOID); 784 NTSTATUS LsaSetTrustedDomainInformation(LSA_HANDLE, PSID, 785 TRUSTED_INFORMATION_CLASS, PVOID); 786 NTSTATUS LsaSetTrustedDomainInfoByName(LSA_HANDLE, PLSA_UNICODE_STRING, 787 TRUSTED_INFORMATION_CLASS, PVOID); 788 NTSTATUS LsaStorePrivateData(LSA_HANDLE, PLSA_UNICODE_STRING, 789 PLSA_UNICODE_STRING); 790 } 791 792 alias NTSTATUS function(PUNICODE_STRING, ULONG, PUNICODE_STRING) 793 PSAM_PASSWORD_NOTIFICATION_ROUTINE; 794 alias BOOLEAN function() PSAM_INIT_NOTIFICATION_ROUTINE; 795 alias BOOLEAN function(PUNICODE_STRING, PUNICODE_STRING, 796 PUNICODE_STRING, BOOLEAN) PSAM_PASSWORD_FILTER_ROUTINE;