1 /***********************************************************************\
2 *                              ntsecapi.d                               *
3 *                                                                       *
4 *                       Windows API header module                       *
5 *                                                                       *
6 *                 Translated from MinGW Windows headers                 *
7 *                           by Stewart Gordon                           *
8 *                                                                       *
9 *                       Placed into public domain                       *
10 \***********************************************************************/
11 module win32.ntsecapi;
12 
13 private import
14   win32.basetyps, win32.ntdef, win32.windef, win32.winnt, win32.w32api;
15 
16 // FIXME: check types and grouping of constants
17 // FIXME: check Windows version support
18 
19 const KERB_WRAP_NO_ENCRYPT        = 0x80000001;
20 
21 const LOGON_GUEST                 = 0x00000001;
22 const LOGON_NOENCRYPTION          = 0x00000002;
23 const LOGON_CACHED_ACCOUNT        = 0x00000004;
24 const LOGON_USED_LM_PASSWORD      = 0x00000008;
25 const LOGON_EXTRA_SIDS            = 0x00000020;
26 const LOGON_SUBAUTH_SESSION_KEY   = 0x00000040;
27 const LOGON_SERVER_TRUST_ACCOUNT  = 0x00000080;
28 const LOGON_NTLMV2_ENABLED        = 0x00000100;
29 const LOGON_RESOURCE_GROUPS       = 0x00000200;
30 const LOGON_PROFILE_PATH_RETURNED = 0x00000400;
31 const LOGON_GRACE_LOGON           = 0x01000000;
32 
33 enum {
34 	LSA_MODE_PASSWORD_PROTECTED = 1,
35 	LSA_MODE_INDIVIDUAL_ACCOUNTS,
36 	LSA_MODE_MANDATORY_ACCESS,
37 	LSA_MODE_LOG_FULL
38 }
39 
40 bool LSA_SUCCESS(int x) { return x >= 0; }
41 
42 /*	TOTHINKABOUT: These constants don't have ANSI/Unicode versioned
43  *	aliases.  Should we merge them anyway?
44  */
45 const char[]  MICROSOFT_KERBEROS_NAME_A = "Kerberos";
46 const wchar[] MICROSOFT_KERBEROS_NAME_W = "Kerberos";
47 const char[]  MSV1_0_PACKAGE_NAME  = "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0";
48 const wchar[] MSV1_0_PACKAGE_NAMEW = "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0";
49 
50 const MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT      =       32;
51 const MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT =     2048;
52 const MSV1_0_CLEARTEXT_PASSWORD_ALLOWED      =        2;
53 const MSV1_0_CRED_LM_PRESENT                 =        1;
54 const MSV1_0_CRED_NT_PRESENT                 =        2;
55 const MSV1_0_CRED_VERSION                    =        0;
56 const MSV1_0_DONT_TRY_GUEST_ACCOUNT          =       16;
57 const MSV1_0_MAX_NTLM3_LIFE                  =     1800;
58 const MSV1_0_MAX_AVL_SIZE                    =    64000;
59 const MSV1_0_MNS_LOGON                       = 16777216;
60 
61 const size_t
62 	MSV1_0_CHALLENGE_LENGTH          = 8,
63 	MSV1_0_LANMAN_SESSION_KEY_LENGTH = 8,
64 	MSV1_0_NTLM3_RESPONSE_LENGTH     = 16,
65 	MSV1_0_NTLM3_OWF_LENGTH          = 16,
66 	MSV1_0_NTLM3_INPUT_LENGTH        = MSV1_0_NTLM3_RESPONSE.sizeof
67 	                                   - MSV1_0_NTLM3_RESPONSE_LENGTH,
68 	MSV1_0_OWF_PASSWORD_LENGTH       = 16,
69 	MSV1_0_PACKAGE_NAMEW_LENGTH      = MSV1_0_PACKAGE_NAMEW.sizeof
70 	                                   - WCHAR.sizeof;
71 
72 const MSV1_0_RETURN_USER_PARAMETERS      =          8;
73 const MSV1_0_RETURN_PASSWORD_EXPIRY      =         64;
74 const MSV1_0_RETURN_PROFILE_PATH         =        512;
75 const MSV1_0_SUBAUTHENTICATION_DLL_EX    =    1048576;
76 const MSV1_0_SUBAUTHENTICATION_DLL       = 0xff000000;
77 const MSV1_0_SUBAUTHENTICATION_DLL_SHIFT =         24;
78 const MSV1_0_SUBAUTHENTICATION_DLL_RAS   =          2;
79 const MSV1_0_SUBAUTHENTICATION_DLL_IIS   =        132;
80 const MSV1_0_SUBAUTHENTICATION_FLAGS     = 0xff000000;
81 const MSV1_0_TRY_GUEST_ACCOUNT_ONLY      =        256;
82 const MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY   =       1024;
83 const MSV1_0_UPDATE_LOGON_STATISTICS     =          4;
84 const MSV1_0_USE_CLIENT_CHALLENGE        =        128;
85 const MSV1_0_USER_SESSION_KEY_LENGTH     =         16;
86 
87 const char[]
88 	MSV1_0_SUBAUTHENTICATION_KEY
89 	  = `System\CurrentControlSet\Control\Lsa\MSV1_0`,
90 	MSV1_0_SUBAUTHENTICATION_VALUE = "Auth";
91 
92 const ACCESS_MASK
93 	POLICY_VIEW_LOCAL_INFORMATION   = 0x0001,
94 	POLICY_VIEW_AUDIT_INFORMATION   = 0x0002,
95 	POLICY_GET_PRIVATE_INFORMATION  = 0x0004,
96 	POLICY_TRUST_ADMIN              = 0x0008,
97 	POLICY_CREATE_ACCOUNT           = 0x0010,
98 	POLICY_CREATE_SECRET            = 0x0020,
99 	POLICY_CREATE_PRIVILEGE         = 0x0040,
100 	POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x0080,
101 	POLICY_SET_AUDIT_REQUIREMENTS   = 0x0100,
102 	POLICY_AUDIT_LOG_ADMIN          = 0x0200,
103 	POLICY_SERVER_ADMIN             = 0x0400,
104 	POLICY_LOOKUP_NAMES             = 0x0800,
105 
106 	POLICY_READ                     = STANDARD_RIGHTS_READ     | 0x0006,
107 	POLICY_WRITE                    = STANDARD_RIGHTS_WRITE    | 0x07F8,
108 	POLICY_EXECUTE                  = STANDARD_RIGHTS_EXECUTE  | 0x0801,
109 	POLICY_ALL_ACCESS               = STANDARD_RIGHTS_REQUIRED | 0x0FFF;
110 
111 const POLICY_AUDIT_EVENT_UNCHANGED = 0;
112 const POLICY_AUDIT_EVENT_SUCCESS   = 1;
113 const POLICY_AUDIT_EVENT_FAILURE   = 2;
114 const POLICY_AUDIT_EVENT_NONE      = 4;
115 const POLICY_AUDIT_EVENT_MASK      = 7;
116 
117 enum {
118 	POLICY_LOCATION_LOCAL = 1,
119 	POLICY_LOCATION_DS
120 }
121 
122 enum : uint {
123 	POLICY_MACHINE_POLICY_LOCAL     =          0,
124 	POLICY_MACHINE_POLICY_DEFAULTED,
125 	POLICY_MACHINE_POLICY_EXPLICIT,
126 	POLICY_MACHINE_POLICY_UNKNOWN   = 0xFFFFFFFF
127 }
128 
129 
130 const POLICY_QOS_SCHANEL_REQUIRED            = 0x0001;
131 const POLICY_QOS_OUTBOUND_INTEGRITY          = 0x0002;
132 const POLICY_QOS_OUTBOUND_CONFIDENTIALITY    = 0x0004;
133 const POLICY_QOS_INBOUND_INTEGREITY          = 0x0008;
134 const POLICY_QOS_INBOUND_CONFIDENTIALITY     = 0x0010;
135 const POLICY_QOS_ALLOW_LOCAL_ROOT_CERT_STORE = 0x0020;
136 const POLICY_QOS_RAS_SERVER_ALLOWED          = 0x0040;
137 const POLICY_QOS_DHCP_SERVER_ALLOWD          = 0x0080;
138 
139 const POLICY_KERBEROS_FORWARDABLE  = 1;
140 const POLICY_KERBEROS_PROXYABLE    = 2;
141 const POLICY_KERBEROS_RENEWABLE    = 4;
142 const POLICY_KERBEROS_POSTDATEABLE = 8;
143 
144 const char[]
145 	SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE = "PasswordChangeNotify",
146 	SAM_INIT_NOTIFICATION_ROUTINE      = "InitializeChangeNotify",
147 	SAM_PASSWORD_FILTER_ROUTINE        = "PasswordFilter";
148 
149 const TCHAR[]
150 	SE_INTERACTIVE_LOGON_NAME          = "SeInteractiveLogonRight",
151 	SE_NETWORK_LOGON_NAME              = "SeNetworkLogonRight",
152 	SE_BATCH_LOGON_NAME                = "SeBatchLogonRight",
153 	SE_SERVICE_LOGON_NAME              = "SeServiceLogonRight";
154 
155 enum {
156 	TRUST_ATTRIBUTE_NON_TRANSITIVE =         1,
157 	TRUST_ATTRIBUTE_UPLEVEL_ONLY   =         2,
158 	TRUST_ATTRIBUTE_TREE_PARENT    =   4194304,
159 	TRUST_ATTRIBUTES_VALID         = -16580609
160 }
161 
162 enum {
163 	TRUST_AUTH_TYPE_NONE,
164 	TRUST_AUTH_TYPE_NT4OWF,
165 	TRUST_AUTH_TYPE_CLEAR
166 }
167 
168 enum {
169 	TRUST_DIRECTION_DISABLED,
170 	TRUST_DIRECTION_INBOUND,
171 	TRUST_DIRECTION_OUTBOUND,
172 	TRUST_DIRECTION_BIDIRECTIONAL
173 }
174 
175 enum {
176 	TRUST_TYPE_DOWNLEVEL = 1,
177 	TRUST_TYPE_UPLEVEL,
178 	TRUST_TYPE_MIT,
179 	TRUST_TYPE_DCE
180 }
181 
182 alias UNICODE_STRING LSA_UNICODE_STRING;
183 alias UNICODE_STRING* PLSA_UNICODE_STRING;
184 alias STRING LSA_STRING;
185 alias STRING* PLSA_STRING;
186 
187 enum MSV1_0_LOGON_SUBMIT_TYPE {
188 	MsV1_0InteractiveLogon       = 2,
189 	MsV1_0Lm20Logon,
190 	MsV1_0NetworkLogon,
191 	MsV1_0SubAuthLogon,
192 	MsV1_0WorkstationUnlockLogon = 7
193 }
194 alias MSV1_0_LOGON_SUBMIT_TYPE* PMSV1_0_LOGON_SUBMIT_TYPE;
195 
196 enum MSV1_0_PROFILE_BUFFER_TYPE {
197 	MsV1_0InteractiveProfile = 2,
198 	MsV1_0Lm20LogonProfile,
199 	MsV1_0SmartCardProfile
200 }
201 alias MSV1_0_PROFILE_BUFFER_TYPE* PMSV1_0_PROFILE_BUFFER_TYPE;
202 
203 
204 enum MSV1_0_AVID {
205 	MsvAvEOL,
206 	MsvAvNbComputerName,
207 	MsvAvNbDomainName,
208 	MsvAvDnsComputerName,
209 	MsvAvDnsDomainName
210 }
211 
212 enum MSV1_0_PROTOCOL_MESSAGE_TYPE {
213 	MsV1_0Lm20ChallengeRequest = 0,
214 	MsV1_0Lm20GetChallengeResponse,
215 	MsV1_0EnumerateUsers,
216 	MsV1_0GetUserInfo,
217 	MsV1_0ReLogonUsers,
218 	MsV1_0ChangePassword,
219 	MsV1_0ChangeCachedPassword,
220 	MsV1_0GenericPassthrough,
221 	MsV1_0CacheLogon,
222 	MsV1_0SubAuth,
223 	MsV1_0DeriveCredential,
224 	MsV1_0CacheLookup
225 }
226 alias MSV1_0_PROTOCOL_MESSAGE_TYPE* PMSV1_0_PROTOCOL_MESSAGE_TYPE;
227 
228 enum POLICY_LSA_SERVER_ROLE {
229 	PolicyServerRoleBackup = 2,
230 	PolicyServerRolePrimary
231 }
232 alias POLICY_LSA_SERVER_ROLE* PPOLICY_LSA_SERVER_ROLE;
233 
234 enum POLICY_SERVER_ENABLE_STATE {
235 	PolicyServerEnabled = 2,
236 	PolicyServerDisabled
237 }
238 alias POLICY_SERVER_ENABLE_STATE* PPOLICY_SERVER_ENABLE_STATE;
239 
240 enum POLICY_INFORMATION_CLASS {
241 	PolicyAuditLogInformation = 1,
242 	PolicyAuditEventsInformation,
243 	PolicyPrimaryDomainInformation,
244 	PolicyPdAccountInformation,
245 	PolicyAccountDomainInformation,
246 	PolicyLsaServerRoleInformation,
247 	PolicyReplicaSourceInformation,
248 	PolicyDefaultQuotaInformation,
249 	PolicyModificationInformation,
250 	PolicyAuditFullSetInformation,
251 	PolicyAuditFullQueryInformation,
252 	PolicyDnsDomainInformation,
253 	PolicyEfsInformation
254 }
255 alias POLICY_INFORMATION_CLASS* PPOLICY_INFORMATION_CLASS;
256 
257 enum POLICY_AUDIT_EVENT_TYPE {
258 	AuditCategorySystem,
259 	AuditCategoryLogon,
260 	AuditCategoryObjectAccess,
261 	AuditCategoryPrivilegeUse,
262 	AuditCategoryDetailedTracking,
263 	AuditCategoryPolicyChange,
264 	AuditCategoryAccountManagement,
265 	AuditCategoryDirectoryServiceAccess,
266 	AuditCategoryAccountLogon
267 }
268 alias POLICY_AUDIT_EVENT_TYPE* PPOLICY_AUDIT_EVENT_TYPE;
269 
270 enum POLICY_LOCAL_INFORMATION_CLASS {
271 	PolicyLocalAuditEventsInformation = 1,
272 	PolicyLocalPdAccountInformation,
273 	PolicyLocalAccountDomainInformation,
274 	PolicyLocalLsaServerRoleInformation,
275 	PolicyLocalReplicaSourceInformation,
276 	PolicyLocalModificationInformation,
277 	PolicyLocalAuditFullSetInformation,
278 	PolicyLocalAuditFullQueryInformation,
279 	PolicyLocalDnsDomainInformation,
280 	PolicyLocalIPSecReferenceInformation,
281 	PolicyLocalMachinePasswordInformation,
282 	PolicyLocalQualityOfServiceInformation,
283 	PolicyLocalPolicyLocationInformation
284 }
285 alias POLICY_LOCAL_INFORMATION_CLASS* PPOLICY_LOCAL_INFORMATION_CLASS;
286 
287 enum POLICY_DOMAIN_INFORMATION_CLASS {
288 	PolicyDomainIPSecReferenceInformation = 1,
289 	PolicyDomainQualityOfServiceInformation,
290 	PolicyDomainEfsInformation,
291 	PolicyDomainPublicKeyInformation,
292 	PolicyDomainPasswordPolicyInformation,
293 	PolicyDomainLockoutInformation,
294 	PolicyDomainKerberosTicketInformation
295 }
296 alias POLICY_DOMAIN_INFORMATION_CLASS* PPOLICY_DOMAIN_INFORMATION_CLASS;
297 
298 enum SECURITY_LOGON_TYPE {
299 	Interactive = 2,
300 	Network,
301 	Batch,
302 	Service,
303 	Proxy,
304 	Unlock
305 }
306 alias SECURITY_LOGON_TYPE* PSECURITY_LOGON_TYPE;
307 
308 enum TRUSTED_INFORMATION_CLASS {
309 	TrustedDomainNameInformation = 1,
310 	TrustedControllersInformation,
311 	TrustedPosixOffsetInformation,
312 	TrustedPasswordInformation,
313 	TrustedDomainInformationBasic,
314 	TrustedDomainInformationEx,
315 	TrustedDomainAuthInformation,
316 	TrustedDomainFullInformation
317 }
318 alias TRUSTED_INFORMATION_CLASS* PTRUSTED_INFORMATION_CLASS;
319 
320 struct DOMAIN_PASSWORD_INFORMATION {
321 	USHORT        MinPasswordLength;
322 	USHORT        PasswordHistoryLength;
323 	ULONG         PasswordProperties;
324 	LARGE_INTEGER MaxPasswordAge;
325 	LARGE_INTEGER MinPasswordAge;
326 }
327 alias DOMAIN_PASSWORD_INFORMATION* PDOMAIN_PASSWORD_INFORMATION;
328 
329 struct LSA_ENUMERATION_INFORMATION {
330 	PSID Sid;
331 }
332 alias LSA_ENUMERATION_INFORMATION* PLSA_ENUMERATION_INFORMATION;
333 
334 alias OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES;
335 alias OBJECT_ATTRIBUTES* PLSA_OBJECT_ATTRIBUTES;
336 
337 struct LSA_TRUST_INFORMATION {
338 	LSA_UNICODE_STRING Name;
339 	PSID               Sid;
340 }
341 alias LSA_TRUST_INFORMATION TRUSTED_DOMAIN_INFORMATION_BASIC;
342 alias LSA_TRUST_INFORMATION* PLSA_TRUST_INFORMATION;
343 /*	in MinGW (further down the code):
344  *		typedef PLSA_TRUST_INFORMATION *PTRUSTED_DOMAIN_INFORMATION_BASIC;
345  *	but it doesn't look right....
346  */
347 alias LSA_TRUST_INFORMATION** PTRUSTED_DOMAIN_INFORMATION_BASIC;
348 
349 struct LSA_REFERENCED_DOMAIN_LIST {
350 	ULONG                  Entries;
351 	PLSA_TRUST_INFORMATION Domains;
352 }
353 alias LSA_REFERENCED_DOMAIN_LIST* PLSA_REFERENCED_DOMAIN_LIST;
354 
355 struct LSA_TRANSLATED_SID {
356 	SID_NAME_USE Use;
357 	ULONG        RelativeId;
358 	LONG         DomainIndex;
359 }
360 alias LSA_TRANSLATED_SID* PLSA_TRANSLATED_SID;
361 
362 struct LSA_TRANSLATED_NAME {
363 	SID_NAME_USE       Use;
364 	LSA_UNICODE_STRING Name;
365 	LONG               DomainIndex;
366 }
367 alias LSA_TRANSLATED_NAME* PLSA_TRANSLATED_NAME;
368 
369 struct MSV1_0_INTERACTIVE_LOGON {
370 	MSV1_0_LOGON_SUBMIT_TYPE MessageType;
371 	UNICODE_STRING           LogonDomainName;
372 	UNICODE_STRING           UserName;
373 	UNICODE_STRING           Password;
374 }
375 alias MSV1_0_INTERACTIVE_LOGON* PMSV1_0_INTERACTIVE_LOGON;
376 
377 struct MSV1_0_INTERACTIVE_PROFILE {
378 	MSV1_0_PROFILE_BUFFER_TYPE MessageType;
379 	USHORT                     LogonCount;
380 	USHORT                     BadPasswordCount;
381 	LARGE_INTEGER              LogonTime;
382 	LARGE_INTEGER              LogoffTime;
383 	LARGE_INTEGER              KickOffTime;
384 	LARGE_INTEGER              PasswordLastSet;
385 	LARGE_INTEGER              PasswordCanChange;
386 	LARGE_INTEGER              PasswordMustChange;
387 	UNICODE_STRING             LogonScript;
388 	UNICODE_STRING             HomeDirectory;
389 	UNICODE_STRING             FullName;
390 	UNICODE_STRING             ProfilePath;
391 	UNICODE_STRING             HomeDirectoryDrive;
392 	UNICODE_STRING             LogonServer;
393 	ULONG                      UserFlags;
394 }
395 alias MSV1_0_INTERACTIVE_PROFILE* PMSV1_0_INTERACTIVE_PROFILE;
396 
397 struct MSV1_0_LM20_LOGON {
398 	MSV1_0_LOGON_SUBMIT_TYPE       MessageType;
399 	UNICODE_STRING                 LogonDomainName;
400 	UNICODE_STRING                 UserName;
401 	UNICODE_STRING                 Workstation;
402 	UCHAR[MSV1_0_CHALLENGE_LENGTH] ChallengeToClient;
403 	STRING                         CaseSensitiveChallengeResponse;
404 	STRING                         CaseInsensitiveChallengeResponse;
405 	ULONG                          ParameterControl;
406 }
407 alias MSV1_0_LM20_LOGON* PMSV1_0_LM20_LOGON;
408 
409 static if (_WIN32_WINNT_ONLY && _WIN32_WINNT >= 0x500) {
410 	struct MSV1_0_SUBAUTH_LOGON {
411 		MSV1_0_LOGON_SUBMIT_TYPE       MessageType;
412 		UNICODE_STRING                 LogonDomainName;
413 		UNICODE_STRING                 UserName;
414 		UNICODE_STRING                 Workstation;
415 		UCHAR[MSV1_0_CHALLENGE_LENGTH] ChallengeToClient;
416 		STRING                         AuthenticationInfo1;
417 		STRING                         AuthenticationInfo2;
418 		ULONG                          ParameterControl;
419 		ULONG                          SubAuthPackageId;
420 	}
421 	alias MSV1_0_SUBAUTH_LOGON* PMSV1_0_SUBAUTH_LOGON;
422 }
423 
424 struct MSV1_0_LM20_LOGON_PROFILE {
425 	MSV1_0_PROFILE_BUFFER_TYPE              MessageType;
426 	LARGE_INTEGER                           KickOffTime;
427 	LARGE_INTEGER                           LogoffTime;
428 	ULONG                                   UserFlags;
429 	UCHAR[MSV1_0_USER_SESSION_KEY_LENGTH]   UserSessionKey;
430 	UNICODE_STRING                          LogonDomainName;
431 	UCHAR[MSV1_0_LANMAN_SESSION_KEY_LENGTH] LanmanSessionKey;
432 	UNICODE_STRING                          LogonServer;
433 	UNICODE_STRING                          UserParameters;
434 }
435 alias MSV1_0_LM20_LOGON_PROFILE* PMSV1_0_LM20_LOGON_PROFILE;
436 
437 struct MSV1_0_SUPPLEMENTAL_CREDENTIAL {
438 	ULONG Version;
439 	ULONG Flags;
440 	UCHAR[MSV1_0_OWF_PASSWORD_LENGTH] LmPassword;
441 	UCHAR[MSV1_0_OWF_PASSWORD_LENGTH] NtPassword;
442 }
443 alias MSV1_0_SUPPLEMENTAL_CREDENTIAL* PMSV1_0_SUPPLEMENTAL_CREDENTIAL;
444 
445 struct MSV1_0_NTLM3_RESPONSE {
446 	UCHAR[MSV1_0_NTLM3_RESPONSE_LENGTH] Response;
447 	UCHAR     RespType;
448 	UCHAR     HiRespType;
449 	USHORT    Flags;
450 	ULONG     MsgWord;
451 	ULONGLONG TimeStamp;
452 	UCHAR[MSV1_0_CHALLENGE_LENGTH]      ChallengeFromClient;
453 	ULONG     AvPairsOff;
454 	UCHAR     _Buffer;
455 	UCHAR*    Buffer() { return &_Buffer; }
456 }
457 alias MSV1_0_NTLM3_RESPONSE* PMSV1_0_NTLM3_RESPONSE;
458 
459 struct  MSV1_0_AV_PAIR {
460 	USHORT AvId;
461 	USHORT AvLen;
462 }
463 alias MSV1_0_AV_PAIR* PMSV1_0_AV_PAIR;
464 
465 struct MSV1_0_CHANGEPASSWORD_REQUEST {
466 	MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
467 	UNICODE_STRING DomainName;
468 	UNICODE_STRING AccountName;
469 	UNICODE_STRING OldPassword;
470 	UNICODE_STRING NewPassword;
471 	BOOLEAN        Impersonating;
472 }
473 alias MSV1_0_CHANGEPASSWORD_REQUEST* PMSV1_0_CHANGEPASSWORD_REQUEST;
474 
475 struct MSV1_0_CHANGEPASSWORD_RESPONSE {
476 	MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
477 	BOOLEAN                      PasswordInfoValid;
478 	DOMAIN_PASSWORD_INFORMATION  DomainPasswordInfo;
479 }
480 alias MSV1_0_CHANGEPASSWORD_RESPONSE* PMSV1_0_CHANGEPASSWORD_RESPONSE;
481 
482 struct MSV1_0_SUBAUTH_REQUEST {
483 	MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
484 	ULONG  SubAuthPackageId;
485 	ULONG  SubAuthInfoLength;
486 	PUCHAR SubAuthSubmitBuffer;
487 }
488 alias MSV1_0_SUBAUTH_REQUEST* PMSV1_0_SUBAUTH_REQUEST;
489 
490 struct MSV1_0_SUBAUTH_RESPONSE {
491 	MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
492 	ULONG  SubAuthInfoLength;
493 	PUCHAR SubAuthReturnBuffer;
494 }
495 alias MSV1_0_SUBAUTH_RESPONSE* PMSV1_0_SUBAUTH_RESPONSE;
496 
497 const MSV1_0_DERIVECRED_TYPE_SHA1 = 0;
498 
499 struct MSV1_0_DERIVECRED_REQUEST {
500 	MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
501 	LUID   LogonId;
502 	ULONG  DeriveCredType;
503 	ULONG  DeriveCredInfoLength;
504 	UCHAR  _DeriveCredSubmitBuffer;
505 	UCHAR* DeriveCredSubmitBuffer() { return &_DeriveCredSubmitBuffer; }
506 }
507 alias MSV1_0_DERIVECRED_REQUEST* PMSV1_0_DERIVECRED_REQUEST;
508 
509 struct MSV1_0_DERIVECRED_RESPONSE {
510 	MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
511 	ULONG  DeriveCredInfoLength;
512 	UCHAR  _DeriveCredReturnBuffer;
513 	UCHAR* DeriveCredReturnBuffer() { return &_DeriveCredReturnBuffer; }
514 }
515 alias MSV1_0_DERIVECRED_RESPONSE* PMSV1_0_DERIVECRED_RESPONSE;
516 
517 alias uint LSA_ENUMERATION_HANDLE, LSA_OPERATIONAL_MODE,
518   POLICY_AUDIT_EVENT_OPTIONS;
519 alias uint* PLSA_ENUMERATION_HANDLE, PLSA_OPERATIONAL_MODE,
520   PPOLICY_AUDIT_EVENT_OPTIONS;
521 
522 struct POLICY_PRIVILEGE_DEFINITION {
523 	LSA_UNICODE_STRING Name;
524 	LUID LocalValue;
525 }
526 alias POLICY_PRIVILEGE_DEFINITION* PPOLICY_PRIVILEGE_DEFINITION;
527 
528 struct POLICY_AUDIT_LOG_INFO {
529 	ULONG         AuditLogPercentFull;
530 	ULONG         MaximumLogSize;
531 	LARGE_INTEGER AuditRetentionPeriod;
532 	BOOLEAN       AuditLogFullShutdownInProgress;
533 	LARGE_INTEGER TimeToShutdown;
534 	ULONG         NextAuditRecordId;
535 }
536 alias POLICY_AUDIT_LOG_INFO* PPOLICY_AUDIT_LOG_INFO;
537 
538 struct POLICY_AUDIT_EVENTS_INFO {
539 	BOOLEAN                     AuditingMode;
540 	PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions;
541 	ULONG                       MaximumAuditEventCount;
542 }
543 alias POLICY_AUDIT_EVENTS_INFO* PPOLICY_AUDIT_EVENTS_INFO;
544 
545 struct POLICY_ACCOUNT_DOMAIN_INFO {
546 	LSA_UNICODE_STRING DomainName;
547 	PSID               DomainSid;
548 }
549 alias POLICY_ACCOUNT_DOMAIN_INFO* PPOLICY_ACCOUNT_DOMAIN_INFO;
550 
551 struct POLICY_PRIMARY_DOMAIN_INFO {
552 	LSA_UNICODE_STRING Name;
553 	PSID               Sid;
554 }
555 alias POLICY_PRIMARY_DOMAIN_INFO* PPOLICY_PRIMARY_DOMAIN_INFO;
556 
557 struct POLICY_DNS_DOMAIN_INFO {
558 	LSA_UNICODE_STRING Name;
559 	LSA_UNICODE_STRING DnsDomainName;
560 	LSA_UNICODE_STRING DnsTreeName;
561 	GUID               DomainGuid;
562 	PSID               Sid;
563 }
564 alias POLICY_DNS_DOMAIN_INFO* PPOLICY_DNS_DOMAIN_INFO;
565 
566 struct POLICY_PD_ACCOUNT_INFO {
567 	LSA_UNICODE_STRING Name;
568 }
569 alias POLICY_PD_ACCOUNT_INFO* PPOLICY_PD_ACCOUNT_INFO;
570 
571 struct POLICY_LSA_SERVER_ROLE_INFO {
572 	POLICY_LSA_SERVER_ROLE LsaServerRole;
573 }
574 alias POLICY_LSA_SERVER_ROLE_INFO* PPOLICY_LSA_SERVER_ROLE_INFO;
575 
576 struct POLICY_REPLICA_SOURCE_INFO {
577 	LSA_UNICODE_STRING ReplicaSource;
578 	LSA_UNICODE_STRING ReplicaAccountName;
579 }
580 alias POLICY_REPLICA_SOURCE_INFO* PPOLICY_REPLICA_SOURCE_INFO;
581 
582 struct POLICY_DEFAULT_QUOTA_INFO {
583 	QUOTA_LIMITS QuotaLimits;
584 }
585 alias POLICY_DEFAULT_QUOTA_INFO* PPOLICY_DEFAULT_QUOTA_INFO;
586 
587 struct POLICY_MODIFICATION_INFO {
588 	LARGE_INTEGER ModifiedId;
589 	LARGE_INTEGER DatabaseCreationTime;
590 }
591 alias POLICY_MODIFICATION_INFO* PPOLICY_MODIFICATION_INFO;
592 
593 struct POLICY_AUDIT_FULL_SET_INFO {
594 	BOOLEAN ShutDownOnFull;
595 }
596 alias POLICY_AUDIT_FULL_SET_INFO* PPOLICY_AUDIT_FULL_SET_INFO;
597 
598 struct POLICY_AUDIT_FULL_QUERY_INFO {
599 	BOOLEAN ShutDownOnFull;
600 	BOOLEAN LogIsFull;
601 }
602 alias POLICY_AUDIT_FULL_QUERY_INFO* PPOLICY_AUDIT_FULL_QUERY_INFO;
603 
604 struct POLICY_EFS_INFO {
605 	ULONG InfoLength;
606 	PUCHAR EfsBlob;
607 }
608 alias POLICY_EFS_INFO* PPOLICY_EFS_INFO;
609 
610 struct POLICY_LOCAL_IPSEC_REFERENCE_INFO {
611 	LSA_UNICODE_STRING ObjectPath;
612 }
613 alias POLICY_LOCAL_IPSEC_REFERENCE_INFO* PPOLICY_LOCAL_IPSEC_REFERENCE_INFO;
614 
615 struct POLICY_LOCAL_MACHINE_PASSWORD_INFO {
616 	LARGE_INTEGER PasswordChangeInterval;
617 }
618 alias POLICY_LOCAL_MACHINE_PASSWORD_INFO* PPOLICY_LOCAL_MACHINE_PASSWORD_INFO;
619 
620 struct POLICY_LOCAL_POLICY_LOCATION_INFO {
621 	ULONG PolicyLocation;
622 }
623 alias POLICY_LOCAL_POLICY_LOCATION_INFO* PPOLICY_LOCAL_POLICY_LOCATION_INFO;
624 
625 struct POLICY_LOCAL_QUALITY_OF_SERVICE_INFO{
626 	ULONG QualityOfService;
627 }
628 alias POLICY_LOCAL_QUALITY_OF_SERVICE_INFO
629   POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
630 alias POLICY_LOCAL_QUALITY_OF_SERVICE_INFO*
631   PPOLICY_LOCAL_QUALITY_OF_SERVICE_INFO,
632   PPOLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
633 
634 struct POLICY_DOMAIN_PUBLIC_KEY_INFO {
635 	ULONG  InfoLength;
636 	PUCHAR PublicKeyInfo;
637 }
638 alias POLICY_DOMAIN_PUBLIC_KEY_INFO* PPOLICY_DOMAIN_PUBLIC_KEY_INFO;
639 
640 struct POLICY_DOMAIN_LOCKOUT_INFO {
641 	LARGE_INTEGER LockoutDuration;
642 	LARGE_INTEGER LockoutObservationWindow;
643 	USHORT        LockoutThreshold;
644 }
645 alias POLICY_DOMAIN_LOCKOUT_INFO* PPOLICY_DOMAIN_LOCKOUT_INFO;
646 
647 struct POLICY_DOMAIN_PASSWORD_INFO {
648 	USHORT        MinPasswordLength;
649 	USHORT        PasswordHistoryLength;
650 	ULONG         PasswordProperties;
651 	LARGE_INTEGER MaxPasswordAge;
652 	LARGE_INTEGER MinPasswordAge;
653 }
654 alias POLICY_DOMAIN_PASSWORD_INFO* PPOLICY_DOMAIN_PASSWORD_INFO;
655 
656 struct POLICY_DOMAIN_KERBEROS_TICKET_INFO {
657 	ULONG         AuthenticationOptions;
658 	LARGE_INTEGER MinTicketAge;
659 	LARGE_INTEGER MaxTicketAge;
660 	LARGE_INTEGER MaxRenewAge;
661 	LARGE_INTEGER ProxyLifetime;
662 	LARGE_INTEGER ForceLogoff;
663 }
664 alias POLICY_DOMAIN_KERBEROS_TICKET_INFO* PPOLICY_DOMAIN_KERBEROS_TICKET_INFO;
665 
666 alias HANDLE LSA_HANDLE;
667 alias HANDLE* PLSA_HANDLE;
668 
669 struct TRUSTED_DOMAIN_NAME_INFO {
670 	LSA_UNICODE_STRING Name;
671 }
672 alias TRUSTED_DOMAIN_NAME_INFO* PTRUSTED_DOMAIN_NAME_INFO;
673 
674 struct TRUSTED_CONTROLLERS_INFO {
675 	ULONG               Entries;
676 	PLSA_UNICODE_STRING Names;
677 }
678 alias TRUSTED_CONTROLLERS_INFO* PTRUSTED_CONTROLLERS_INFO;
679 
680 struct TRUSTED_POSIX_OFFSET_INFO {
681 	ULONG Offset;
682 }
683 alias TRUSTED_POSIX_OFFSET_INFO* PTRUSTED_POSIX_OFFSET_INFO;
684 
685 struct TRUSTED_PASSWORD_INFO {
686 	LSA_UNICODE_STRING Password;
687 	LSA_UNICODE_STRING OldPassword;
688 }
689 alias TRUSTED_PASSWORD_INFO* PTRUSTED_PASSWORD_INFO;
690 
691 struct TRUSTED_DOMAIN_INFORMATION_EX {
692 	LSA_UNICODE_STRING Name;
693 	LSA_UNICODE_STRING FlatName;
694 	PSID               Sid;
695 	ULONG              TrustDirection;
696 	ULONG              TrustType;
697 	ULONG              TrustAttributes;
698 }
699 alias TRUSTED_DOMAIN_INFORMATION_EX* PTRUSTED_DOMAIN_INFORMATION_EX;
700 
701 struct LSA_AUTH_INFORMATION {
702 	LARGE_INTEGER LastUpdateTime;
703 	ULONG         AuthType;
704 	ULONG         AuthInfoLength;
705 	PUCHAR        AuthInfo;
706 }
707 alias LSA_AUTH_INFORMATION* PLSA_AUTH_INFORMATION;
708 
709 struct TRUSTED_DOMAIN_AUTH_INFORMATION {
710 	ULONG                 IncomingAuthInfos;
711 	PLSA_AUTH_INFORMATION IncomingAuthenticationInformation;
712 	PLSA_AUTH_INFORMATION IncomingPreviousAuthenticationInformation;
713 	ULONG                 OutgoingAuthInfos;
714 	PLSA_AUTH_INFORMATION OutgoingAuthenticationInformation;
715 	PLSA_AUTH_INFORMATION OutgoingPreviousAuthenticationInformation;
716 }
717 alias TRUSTED_DOMAIN_AUTH_INFORMATION* PTRUSTED_DOMAIN_AUTH_INFORMATION;
718 
719 struct TRUSTED_DOMAIN_FULL_INFORMATION {
720 	TRUSTED_DOMAIN_INFORMATION_EX   Information;
721 	TRUSTED_POSIX_OFFSET_INFO       PosixOffset;
722 	TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation;
723 }
724 alias TRUSTED_DOMAIN_FULL_INFORMATION* PTRUSTED_DOMAIN_FULL_INFORMATION;
725 
726 extern (Windows) {
727 	NTSTATUS LsaAddAccountRights(LSA_HANDLE, PSID, PLSA_UNICODE_STRING,
728 	  ULONG);
729 	NTSTATUS LsaCallAuthenticationPackage(HANDLE, ULONG, PVOID, ULONG,
730 	  PVOID*, PULONG, PNTSTATUS);
731 	NTSTATUS LsaClose(LSA_HANDLE);
732 	NTSTATUS LsaConnectUntrusted(PHANDLE);
733 	NTSTATUS LsaCreateTrustedDomainEx(LSA_HANDLE,
734 	  PTRUSTED_DOMAIN_INFORMATION_EX, PTRUSTED_DOMAIN_AUTH_INFORMATION,
735 	  ACCESS_MASK, PLSA_HANDLE);
736 	NTSTATUS LsaDeleteTrustedDomain(LSA_HANDLE, PSID);
737 	NTSTATUS LsaDeregisterLogonProcess(HANDLE);
738 	NTSTATUS LsaEnumerateAccountRights(LSA_HANDLE, PSID, PLSA_UNICODE_STRING*,
739 	  PULONG);
740 	NTSTATUS LsaEnumerateAccountsWithUserRight(LSA_HANDLE,
741 	  PLSA_UNICODE_STRING, PVOID*, PULONG);
742 	NTSTATUS LsaEnumerateTrustedDomains(LSA_HANDLE, PLSA_ENUMERATION_HANDLE,
743 	  PVOID*, ULONG, PULONG);
744 	NTSTATUS LsaEnumerateTrustedDomainsEx(LSA_HANDLE, PLSA_ENUMERATION_HANDLE,
745 	  TRUSTED_INFORMATION_CLASS, PVOID*, ULONG, PULONG);
746 	NTSTATUS LsaFreeMemory(PVOID);
747 	NTSTATUS LsaFreeReturnBuffer(PVOID);
748 	NTSTATUS LsaLogonUser(HANDLE, PLSA_STRING, SECURITY_LOGON_TYPE, ULONG,
749 	  PVOID, ULONG, PTOKEN_GROUPS, PTOKEN_SOURCE, PVOID*, PULONG, PLUID,
750 	  PHANDLE, PQUOTA_LIMITS, PNTSTATUS);
751 	NTSTATUS LsaLookupAuthenticationPackage(HANDLE, PLSA_STRING, PULONG);
752 	NTSTATUS LsaLookupNames(LSA_HANDLE, ULONG, PLSA_UNICODE_STRING,
753 	  PLSA_REFERENCED_DOMAIN_LIST*, PLSA_TRANSLATED_SID*);
754 	NTSTATUS LsaLookupSids(LSA_HANDLE, ULONG, PSID*,
755 	  PLSA_REFERENCED_DOMAIN_LIST*, PLSA_TRANSLATED_NAME*);
756 	ULONG LsaNtStatusToWinError(NTSTATUS);
757 	NTSTATUS LsaOpenPolicy(PLSA_UNICODE_STRING, PLSA_OBJECT_ATTRIBUTES,
758 	  ACCESS_MASK, PLSA_HANDLE);
759 	NTSTATUS LsaQueryDomainInformationPolicy(LSA_HANDLE,
760 	  POLICY_DOMAIN_INFORMATION_CLASS, PVOID*);
761 	NTSTATUS LsaQueryInformationPolicy(LSA_HANDLE, POLICY_INFORMATION_CLASS,
762 	  PVOID*);
763 	NTSTATUS LsaQueryLocalInformationPolicy(LSA_HANDLE,
764 	  POLICY_LOCAL_INFORMATION_CLASS, PVOID*);
765 	NTSTATUS LsaQueryTrustedDomainInfo(LSA_HANDLE, PSID,
766 	  TRUSTED_INFORMATION_CLASS, PVOID*);
767 	NTSTATUS LsaQueryTrustedDomainInfoByName(LSA_HANDLE, PLSA_UNICODE_STRING,
768 	  TRUSTED_INFORMATION_CLASS, PVOID*);
769 	NTSTATUS LsaRegisterLogonProcess(PLSA_STRING, PHANDLE,
770 	  PLSA_OPERATIONAL_MODE);
771 	NTSTATUS LsaRemoveAccountRights(LSA_HANDLE, PSID, BOOLEAN,
772 	  PLSA_UNICODE_STRING, ULONG);
773 	NTSTATUS LsaRetrievePrivateData(LSA_HANDLE, PLSA_UNICODE_STRING,
774 	  PLSA_UNICODE_STRING*);
775 	NTSTATUS LsaSetDomainInformationPolicy(LSA_HANDLE,
776 	  POLICY_DOMAIN_INFORMATION_CLASS, PVOID);
777 	NTSTATUS LsaSetInformationPolicy(LSA_HANDLE, POLICY_INFORMATION_CLASS,
778 	  PVOID);
779 	NTSTATUS LsaSetLocalInformationPolicy(LSA_HANDLE,
780 	  POLICY_LOCAL_INFORMATION_CLASS, PVOID);
781 	NTSTATUS LsaSetTrustedDomainInformation(LSA_HANDLE, PSID,
782 	  TRUSTED_INFORMATION_CLASS, PVOID);
783 	NTSTATUS LsaSetTrustedDomainInfoByName(LSA_HANDLE, PLSA_UNICODE_STRING,
784 	  TRUSTED_INFORMATION_CLASS, PVOID);
785 	NTSTATUS LsaStorePrivateData(LSA_HANDLE, PLSA_UNICODE_STRING,
786 	  PLSA_UNICODE_STRING);
787 }
788 
789 alias NTSTATUS function(PUNICODE_STRING, ULONG, PUNICODE_STRING)
790   PSAM_PASSWORD_NOTIFICATION_ROUTINE;
791 alias BOOLEAN function() PSAM_INIT_NOTIFICATION_ROUTINE;
792 alias BOOLEAN function(PUNICODE_STRING, PUNICODE_STRING,
793   PUNICODE_STRING, BOOLEAN) PSAM_PASSWORD_FILTER_ROUTINE;