1 /***********************************************************************\ 2 * ntsecapi.d * 3 * * 4 * Windows API header module * 5 * * 6 * Translated from MinGW Windows headers * 7 * by Stewart Gordon * 8 * * 9 * Placed into public domain * 10 \***********************************************************************/ 11 module win32.ntsecapi; 12 13 private import 14 win32.basetyps, win32.ntdef, win32.windef, win32.winnt, win32.w32api; 15 16 // FIXME: check types and grouping of constants 17 // FIXME: check Windows version support 18 19 const KERB_WRAP_NO_ENCRYPT = 0x80000001; 20 21 const LOGON_GUEST = 0x00000001; 22 const LOGON_NOENCRYPTION = 0x00000002; 23 const LOGON_CACHED_ACCOUNT = 0x00000004; 24 const LOGON_USED_LM_PASSWORD = 0x00000008; 25 const LOGON_EXTRA_SIDS = 0x00000020; 26 const LOGON_SUBAUTH_SESSION_KEY = 0x00000040; 27 const LOGON_SERVER_TRUST_ACCOUNT = 0x00000080; 28 const LOGON_NTLMV2_ENABLED = 0x00000100; 29 const LOGON_RESOURCE_GROUPS = 0x00000200; 30 const LOGON_PROFILE_PATH_RETURNED = 0x00000400; 31 const LOGON_GRACE_LOGON = 0x01000000; 32 33 enum { 34 LSA_MODE_PASSWORD_PROTECTED = 1, 35 LSA_MODE_INDIVIDUAL_ACCOUNTS, 36 LSA_MODE_MANDATORY_ACCESS, 37 LSA_MODE_LOG_FULL 38 } 39 40 bool LSA_SUCCESS(int x) { return x >= 0; } 41 42 /* TOTHINKABOUT: These constants don't have ANSI/Unicode versioned 43 * aliases. Should we merge them anyway? 44 */ 45 const char[] MICROSOFT_KERBEROS_NAME_A = "Kerberos"; 46 const wchar[] MICROSOFT_KERBEROS_NAME_W = "Kerberos"; 47 const char[] MSV1_0_PACKAGE_NAME = "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"; 48 const wchar[] MSV1_0_PACKAGE_NAMEW = "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"; 49 50 const MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT = 32; 51 const MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT = 2048; 52 const MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = 2; 53 const MSV1_0_CRED_LM_PRESENT = 1; 54 const MSV1_0_CRED_NT_PRESENT = 2; 55 const MSV1_0_CRED_VERSION = 0; 56 const MSV1_0_DONT_TRY_GUEST_ACCOUNT = 16; 57 const MSV1_0_MAX_NTLM3_LIFE = 1800; 58 const MSV1_0_MAX_AVL_SIZE = 64000; 59 const MSV1_0_MNS_LOGON = 16777216; 60 61 const size_t 62 MSV1_0_CHALLENGE_LENGTH = 8, 63 MSV1_0_LANMAN_SESSION_KEY_LENGTH = 8, 64 MSV1_0_NTLM3_RESPONSE_LENGTH = 16, 65 MSV1_0_NTLM3_OWF_LENGTH = 16, 66 MSV1_0_NTLM3_INPUT_LENGTH = MSV1_0_NTLM3_RESPONSE.sizeof 67 - MSV1_0_NTLM3_RESPONSE_LENGTH, 68 MSV1_0_OWF_PASSWORD_LENGTH = 16, 69 MSV1_0_PACKAGE_NAMEW_LENGTH = MSV1_0_PACKAGE_NAMEW.sizeof 70 - WCHAR.sizeof; 71 72 const MSV1_0_RETURN_USER_PARAMETERS = 8; 73 const MSV1_0_RETURN_PASSWORD_EXPIRY = 64; 74 const MSV1_0_RETURN_PROFILE_PATH = 512; 75 const MSV1_0_SUBAUTHENTICATION_DLL_EX = 1048576; 76 const MSV1_0_SUBAUTHENTICATION_DLL = 0xff000000; 77 const MSV1_0_SUBAUTHENTICATION_DLL_SHIFT = 24; 78 const MSV1_0_SUBAUTHENTICATION_DLL_RAS = 2; 79 const MSV1_0_SUBAUTHENTICATION_DLL_IIS = 132; 80 const MSV1_0_SUBAUTHENTICATION_FLAGS = 0xff000000; 81 const MSV1_0_TRY_GUEST_ACCOUNT_ONLY = 256; 82 const MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY = 1024; 83 const MSV1_0_UPDATE_LOGON_STATISTICS = 4; 84 const MSV1_0_USE_CLIENT_CHALLENGE = 128; 85 const MSV1_0_USER_SESSION_KEY_LENGTH = 16; 86 87 const char[] 88 MSV1_0_SUBAUTHENTICATION_KEY 89 = `System\CurrentControlSet\Control\Lsa\MSV1_0`, 90 MSV1_0_SUBAUTHENTICATION_VALUE = "Auth"; 91 92 const ACCESS_MASK 93 POLICY_VIEW_LOCAL_INFORMATION = 0x0001, 94 POLICY_VIEW_AUDIT_INFORMATION = 0x0002, 95 POLICY_GET_PRIVATE_INFORMATION = 0x0004, 96 POLICY_TRUST_ADMIN = 0x0008, 97 POLICY_CREATE_ACCOUNT = 0x0010, 98 POLICY_CREATE_SECRET = 0x0020, 99 POLICY_CREATE_PRIVILEGE = 0x0040, 100 POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x0080, 101 POLICY_SET_AUDIT_REQUIREMENTS = 0x0100, 102 POLICY_AUDIT_LOG_ADMIN = 0x0200, 103 POLICY_SERVER_ADMIN = 0x0400, 104 POLICY_LOOKUP_NAMES = 0x0800, 105 106 POLICY_READ = STANDARD_RIGHTS_READ | 0x0006, 107 POLICY_WRITE = STANDARD_RIGHTS_WRITE | 0x07F8, 108 POLICY_EXECUTE = STANDARD_RIGHTS_EXECUTE | 0x0801, 109 POLICY_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED | 0x0FFF; 110 111 const POLICY_AUDIT_EVENT_UNCHANGED = 0; 112 const POLICY_AUDIT_EVENT_SUCCESS = 1; 113 const POLICY_AUDIT_EVENT_FAILURE = 2; 114 const POLICY_AUDIT_EVENT_NONE = 4; 115 const POLICY_AUDIT_EVENT_MASK = 7; 116 117 enum { 118 POLICY_LOCATION_LOCAL = 1, 119 POLICY_LOCATION_DS 120 } 121 122 enum : uint { 123 POLICY_MACHINE_POLICY_LOCAL = 0, 124 POLICY_MACHINE_POLICY_DEFAULTED, 125 POLICY_MACHINE_POLICY_EXPLICIT, 126 POLICY_MACHINE_POLICY_UNKNOWN = 0xFFFFFFFF 127 } 128 129 130 const POLICY_QOS_SCHANEL_REQUIRED = 0x0001; 131 const POLICY_QOS_OUTBOUND_INTEGRITY = 0x0002; 132 const POLICY_QOS_OUTBOUND_CONFIDENTIALITY = 0x0004; 133 const POLICY_QOS_INBOUND_INTEGREITY = 0x0008; 134 const POLICY_QOS_INBOUND_CONFIDENTIALITY = 0x0010; 135 const POLICY_QOS_ALLOW_LOCAL_ROOT_CERT_STORE = 0x0020; 136 const POLICY_QOS_RAS_SERVER_ALLOWED = 0x0040; 137 const POLICY_QOS_DHCP_SERVER_ALLOWD = 0x0080; 138 139 const POLICY_KERBEROS_FORWARDABLE = 1; 140 const POLICY_KERBEROS_PROXYABLE = 2; 141 const POLICY_KERBEROS_RENEWABLE = 4; 142 const POLICY_KERBEROS_POSTDATEABLE = 8; 143 144 const char[] 145 SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE = "PasswordChangeNotify", 146 SAM_INIT_NOTIFICATION_ROUTINE = "InitializeChangeNotify", 147 SAM_PASSWORD_FILTER_ROUTINE = "PasswordFilter"; 148 149 const TCHAR[] 150 SE_INTERACTIVE_LOGON_NAME = "SeInteractiveLogonRight", 151 SE_NETWORK_LOGON_NAME = "SeNetworkLogonRight", 152 SE_BATCH_LOGON_NAME = "SeBatchLogonRight", 153 SE_SERVICE_LOGON_NAME = "SeServiceLogonRight"; 154 155 enum { 156 TRUST_ATTRIBUTE_NON_TRANSITIVE = 1, 157 TRUST_ATTRIBUTE_UPLEVEL_ONLY = 2, 158 TRUST_ATTRIBUTE_TREE_PARENT = 4194304, 159 TRUST_ATTRIBUTES_VALID = -16580609 160 } 161 162 enum { 163 TRUST_AUTH_TYPE_NONE, 164 TRUST_AUTH_TYPE_NT4OWF, 165 TRUST_AUTH_TYPE_CLEAR 166 } 167 168 enum { 169 TRUST_DIRECTION_DISABLED, 170 TRUST_DIRECTION_INBOUND, 171 TRUST_DIRECTION_OUTBOUND, 172 TRUST_DIRECTION_BIDIRECTIONAL 173 } 174 175 enum { 176 TRUST_TYPE_DOWNLEVEL = 1, 177 TRUST_TYPE_UPLEVEL, 178 TRUST_TYPE_MIT, 179 TRUST_TYPE_DCE 180 } 181 182 alias UNICODE_STRING LSA_UNICODE_STRING; 183 alias UNICODE_STRING* PLSA_UNICODE_STRING; 184 alias STRING LSA_STRING; 185 alias STRING* PLSA_STRING; 186 187 enum MSV1_0_LOGON_SUBMIT_TYPE { 188 MsV1_0InteractiveLogon = 2, 189 MsV1_0Lm20Logon, 190 MsV1_0NetworkLogon, 191 MsV1_0SubAuthLogon, 192 MsV1_0WorkstationUnlockLogon = 7 193 } 194 alias MSV1_0_LOGON_SUBMIT_TYPE* PMSV1_0_LOGON_SUBMIT_TYPE; 195 196 enum MSV1_0_PROFILE_BUFFER_TYPE { 197 MsV1_0InteractiveProfile = 2, 198 MsV1_0Lm20LogonProfile, 199 MsV1_0SmartCardProfile 200 } 201 alias MSV1_0_PROFILE_BUFFER_TYPE* PMSV1_0_PROFILE_BUFFER_TYPE; 202 203 204 enum MSV1_0_AVID { 205 MsvAvEOL, 206 MsvAvNbComputerName, 207 MsvAvNbDomainName, 208 MsvAvDnsComputerName, 209 MsvAvDnsDomainName 210 } 211 212 enum MSV1_0_PROTOCOL_MESSAGE_TYPE { 213 MsV1_0Lm20ChallengeRequest = 0, 214 MsV1_0Lm20GetChallengeResponse, 215 MsV1_0EnumerateUsers, 216 MsV1_0GetUserInfo, 217 MsV1_0ReLogonUsers, 218 MsV1_0ChangePassword, 219 MsV1_0ChangeCachedPassword, 220 MsV1_0GenericPassthrough, 221 MsV1_0CacheLogon, 222 MsV1_0SubAuth, 223 MsV1_0DeriveCredential, 224 MsV1_0CacheLookup 225 } 226 alias MSV1_0_PROTOCOL_MESSAGE_TYPE* PMSV1_0_PROTOCOL_MESSAGE_TYPE; 227 228 enum POLICY_LSA_SERVER_ROLE { 229 PolicyServerRoleBackup = 2, 230 PolicyServerRolePrimary 231 } 232 alias POLICY_LSA_SERVER_ROLE* PPOLICY_LSA_SERVER_ROLE; 233 234 enum POLICY_SERVER_ENABLE_STATE { 235 PolicyServerEnabled = 2, 236 PolicyServerDisabled 237 } 238 alias POLICY_SERVER_ENABLE_STATE* PPOLICY_SERVER_ENABLE_STATE; 239 240 enum POLICY_INFORMATION_CLASS { 241 PolicyAuditLogInformation = 1, 242 PolicyAuditEventsInformation, 243 PolicyPrimaryDomainInformation, 244 PolicyPdAccountInformation, 245 PolicyAccountDomainInformation, 246 PolicyLsaServerRoleInformation, 247 PolicyReplicaSourceInformation, 248 PolicyDefaultQuotaInformation, 249 PolicyModificationInformation, 250 PolicyAuditFullSetInformation, 251 PolicyAuditFullQueryInformation, 252 PolicyDnsDomainInformation, 253 PolicyEfsInformation 254 } 255 alias POLICY_INFORMATION_CLASS* PPOLICY_INFORMATION_CLASS; 256 257 enum POLICY_AUDIT_EVENT_TYPE { 258 AuditCategorySystem, 259 AuditCategoryLogon, 260 AuditCategoryObjectAccess, 261 AuditCategoryPrivilegeUse, 262 AuditCategoryDetailedTracking, 263 AuditCategoryPolicyChange, 264 AuditCategoryAccountManagement, 265 AuditCategoryDirectoryServiceAccess, 266 AuditCategoryAccountLogon 267 } 268 alias POLICY_AUDIT_EVENT_TYPE* PPOLICY_AUDIT_EVENT_TYPE; 269 270 enum POLICY_LOCAL_INFORMATION_CLASS { 271 PolicyLocalAuditEventsInformation = 1, 272 PolicyLocalPdAccountInformation, 273 PolicyLocalAccountDomainInformation, 274 PolicyLocalLsaServerRoleInformation, 275 PolicyLocalReplicaSourceInformation, 276 PolicyLocalModificationInformation, 277 PolicyLocalAuditFullSetInformation, 278 PolicyLocalAuditFullQueryInformation, 279 PolicyLocalDnsDomainInformation, 280 PolicyLocalIPSecReferenceInformation, 281 PolicyLocalMachinePasswordInformation, 282 PolicyLocalQualityOfServiceInformation, 283 PolicyLocalPolicyLocationInformation 284 } 285 alias POLICY_LOCAL_INFORMATION_CLASS* PPOLICY_LOCAL_INFORMATION_CLASS; 286 287 enum POLICY_DOMAIN_INFORMATION_CLASS { 288 PolicyDomainIPSecReferenceInformation = 1, 289 PolicyDomainQualityOfServiceInformation, 290 PolicyDomainEfsInformation, 291 PolicyDomainPublicKeyInformation, 292 PolicyDomainPasswordPolicyInformation, 293 PolicyDomainLockoutInformation, 294 PolicyDomainKerberosTicketInformation 295 } 296 alias POLICY_DOMAIN_INFORMATION_CLASS* PPOLICY_DOMAIN_INFORMATION_CLASS; 297 298 enum SECURITY_LOGON_TYPE { 299 Interactive = 2, 300 Network, 301 Batch, 302 Service, 303 Proxy, 304 Unlock 305 } 306 alias SECURITY_LOGON_TYPE* PSECURITY_LOGON_TYPE; 307 308 enum TRUSTED_INFORMATION_CLASS { 309 TrustedDomainNameInformation = 1, 310 TrustedControllersInformation, 311 TrustedPosixOffsetInformation, 312 TrustedPasswordInformation, 313 TrustedDomainInformationBasic, 314 TrustedDomainInformationEx, 315 TrustedDomainAuthInformation, 316 TrustedDomainFullInformation 317 } 318 alias TRUSTED_INFORMATION_CLASS* PTRUSTED_INFORMATION_CLASS; 319 320 struct DOMAIN_PASSWORD_INFORMATION { 321 USHORT MinPasswordLength; 322 USHORT PasswordHistoryLength; 323 ULONG PasswordProperties; 324 LARGE_INTEGER MaxPasswordAge; 325 LARGE_INTEGER MinPasswordAge; 326 } 327 alias DOMAIN_PASSWORD_INFORMATION* PDOMAIN_PASSWORD_INFORMATION; 328 329 struct LSA_ENUMERATION_INFORMATION { 330 PSID Sid; 331 } 332 alias LSA_ENUMERATION_INFORMATION* PLSA_ENUMERATION_INFORMATION; 333 334 alias OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES; 335 alias OBJECT_ATTRIBUTES* PLSA_OBJECT_ATTRIBUTES; 336 337 struct LSA_TRUST_INFORMATION { 338 LSA_UNICODE_STRING Name; 339 PSID Sid; 340 } 341 alias LSA_TRUST_INFORMATION TRUSTED_DOMAIN_INFORMATION_BASIC; 342 alias LSA_TRUST_INFORMATION* PLSA_TRUST_INFORMATION; 343 /* in MinGW (further down the code): 344 * typedef PLSA_TRUST_INFORMATION *PTRUSTED_DOMAIN_INFORMATION_BASIC; 345 * but it doesn't look right.... 346 */ 347 alias LSA_TRUST_INFORMATION** PTRUSTED_DOMAIN_INFORMATION_BASIC; 348 349 struct LSA_REFERENCED_DOMAIN_LIST { 350 ULONG Entries; 351 PLSA_TRUST_INFORMATION Domains; 352 } 353 alias LSA_REFERENCED_DOMAIN_LIST* PLSA_REFERENCED_DOMAIN_LIST; 354 355 struct LSA_TRANSLATED_SID { 356 SID_NAME_USE Use; 357 ULONG RelativeId; 358 LONG DomainIndex; 359 } 360 alias LSA_TRANSLATED_SID* PLSA_TRANSLATED_SID; 361 362 struct LSA_TRANSLATED_NAME { 363 SID_NAME_USE Use; 364 LSA_UNICODE_STRING Name; 365 LONG DomainIndex; 366 } 367 alias LSA_TRANSLATED_NAME* PLSA_TRANSLATED_NAME; 368 369 struct MSV1_0_INTERACTIVE_LOGON { 370 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 371 UNICODE_STRING LogonDomainName; 372 UNICODE_STRING UserName; 373 UNICODE_STRING Password; 374 } 375 alias MSV1_0_INTERACTIVE_LOGON* PMSV1_0_INTERACTIVE_LOGON; 376 377 struct MSV1_0_INTERACTIVE_PROFILE { 378 MSV1_0_PROFILE_BUFFER_TYPE MessageType; 379 USHORT LogonCount; 380 USHORT BadPasswordCount; 381 LARGE_INTEGER LogonTime; 382 LARGE_INTEGER LogoffTime; 383 LARGE_INTEGER KickOffTime; 384 LARGE_INTEGER PasswordLastSet; 385 LARGE_INTEGER PasswordCanChange; 386 LARGE_INTEGER PasswordMustChange; 387 UNICODE_STRING LogonScript; 388 UNICODE_STRING HomeDirectory; 389 UNICODE_STRING FullName; 390 UNICODE_STRING ProfilePath; 391 UNICODE_STRING HomeDirectoryDrive; 392 UNICODE_STRING LogonServer; 393 ULONG UserFlags; 394 } 395 alias MSV1_0_INTERACTIVE_PROFILE* PMSV1_0_INTERACTIVE_PROFILE; 396 397 struct MSV1_0_LM20_LOGON { 398 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 399 UNICODE_STRING LogonDomainName; 400 UNICODE_STRING UserName; 401 UNICODE_STRING Workstation; 402 UCHAR[MSV1_0_CHALLENGE_LENGTH] ChallengeToClient; 403 STRING CaseSensitiveChallengeResponse; 404 STRING CaseInsensitiveChallengeResponse; 405 ULONG ParameterControl; 406 } 407 alias MSV1_0_LM20_LOGON* PMSV1_0_LM20_LOGON; 408 409 static if (_WIN32_WINNT_ONLY && _WIN32_WINNT >= 0x500) { 410 struct MSV1_0_SUBAUTH_LOGON { 411 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 412 UNICODE_STRING LogonDomainName; 413 UNICODE_STRING UserName; 414 UNICODE_STRING Workstation; 415 UCHAR[MSV1_0_CHALLENGE_LENGTH] ChallengeToClient; 416 STRING AuthenticationInfo1; 417 STRING AuthenticationInfo2; 418 ULONG ParameterControl; 419 ULONG SubAuthPackageId; 420 } 421 alias MSV1_0_SUBAUTH_LOGON* PMSV1_0_SUBAUTH_LOGON; 422 } 423 424 struct MSV1_0_LM20_LOGON_PROFILE { 425 MSV1_0_PROFILE_BUFFER_TYPE MessageType; 426 LARGE_INTEGER KickOffTime; 427 LARGE_INTEGER LogoffTime; 428 ULONG UserFlags; 429 UCHAR[MSV1_0_USER_SESSION_KEY_LENGTH] UserSessionKey; 430 UNICODE_STRING LogonDomainName; 431 UCHAR[MSV1_0_LANMAN_SESSION_KEY_LENGTH] LanmanSessionKey; 432 UNICODE_STRING LogonServer; 433 UNICODE_STRING UserParameters; 434 } 435 alias MSV1_0_LM20_LOGON_PROFILE* PMSV1_0_LM20_LOGON_PROFILE; 436 437 struct MSV1_0_SUPPLEMENTAL_CREDENTIAL { 438 ULONG Version; 439 ULONG Flags; 440 UCHAR[MSV1_0_OWF_PASSWORD_LENGTH] LmPassword; 441 UCHAR[MSV1_0_OWF_PASSWORD_LENGTH] NtPassword; 442 } 443 alias MSV1_0_SUPPLEMENTAL_CREDENTIAL* PMSV1_0_SUPPLEMENTAL_CREDENTIAL; 444 445 struct MSV1_0_NTLM3_RESPONSE { 446 UCHAR[MSV1_0_NTLM3_RESPONSE_LENGTH] Response; 447 UCHAR RespType; 448 UCHAR HiRespType; 449 USHORT Flags; 450 ULONG MsgWord; 451 ULONGLONG TimeStamp; 452 UCHAR[MSV1_0_CHALLENGE_LENGTH] ChallengeFromClient; 453 ULONG AvPairsOff; 454 UCHAR _Buffer; 455 UCHAR* Buffer() { return &_Buffer; } 456 } 457 alias MSV1_0_NTLM3_RESPONSE* PMSV1_0_NTLM3_RESPONSE; 458 459 struct MSV1_0_AV_PAIR { 460 USHORT AvId; 461 USHORT AvLen; 462 } 463 alias MSV1_0_AV_PAIR* PMSV1_0_AV_PAIR; 464 465 struct MSV1_0_CHANGEPASSWORD_REQUEST { 466 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 467 UNICODE_STRING DomainName; 468 UNICODE_STRING AccountName; 469 UNICODE_STRING OldPassword; 470 UNICODE_STRING NewPassword; 471 BOOLEAN Impersonating; 472 } 473 alias MSV1_0_CHANGEPASSWORD_REQUEST* PMSV1_0_CHANGEPASSWORD_REQUEST; 474 475 struct MSV1_0_CHANGEPASSWORD_RESPONSE { 476 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 477 BOOLEAN PasswordInfoValid; 478 DOMAIN_PASSWORD_INFORMATION DomainPasswordInfo; 479 } 480 alias MSV1_0_CHANGEPASSWORD_RESPONSE* PMSV1_0_CHANGEPASSWORD_RESPONSE; 481 482 struct MSV1_0_SUBAUTH_REQUEST { 483 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 484 ULONG SubAuthPackageId; 485 ULONG SubAuthInfoLength; 486 PUCHAR SubAuthSubmitBuffer; 487 } 488 alias MSV1_0_SUBAUTH_REQUEST* PMSV1_0_SUBAUTH_REQUEST; 489 490 struct MSV1_0_SUBAUTH_RESPONSE { 491 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 492 ULONG SubAuthInfoLength; 493 PUCHAR SubAuthReturnBuffer; 494 } 495 alias MSV1_0_SUBAUTH_RESPONSE* PMSV1_0_SUBAUTH_RESPONSE; 496 497 const MSV1_0_DERIVECRED_TYPE_SHA1 = 0; 498 499 struct MSV1_0_DERIVECRED_REQUEST { 500 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 501 LUID LogonId; 502 ULONG DeriveCredType; 503 ULONG DeriveCredInfoLength; 504 UCHAR _DeriveCredSubmitBuffer; 505 UCHAR* DeriveCredSubmitBuffer() { return &_DeriveCredSubmitBuffer; } 506 } 507 alias MSV1_0_DERIVECRED_REQUEST* PMSV1_0_DERIVECRED_REQUEST; 508 509 struct MSV1_0_DERIVECRED_RESPONSE { 510 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 511 ULONG DeriveCredInfoLength; 512 UCHAR _DeriveCredReturnBuffer; 513 UCHAR* DeriveCredReturnBuffer() { return &_DeriveCredReturnBuffer; } 514 } 515 alias MSV1_0_DERIVECRED_RESPONSE* PMSV1_0_DERIVECRED_RESPONSE; 516 517 alias uint LSA_ENUMERATION_HANDLE, LSA_OPERATIONAL_MODE, 518 POLICY_AUDIT_EVENT_OPTIONS; 519 alias uint* PLSA_ENUMERATION_HANDLE, PLSA_OPERATIONAL_MODE, 520 PPOLICY_AUDIT_EVENT_OPTIONS; 521 522 struct POLICY_PRIVILEGE_DEFINITION { 523 LSA_UNICODE_STRING Name; 524 LUID LocalValue; 525 } 526 alias POLICY_PRIVILEGE_DEFINITION* PPOLICY_PRIVILEGE_DEFINITION; 527 528 struct POLICY_AUDIT_LOG_INFO { 529 ULONG AuditLogPercentFull; 530 ULONG MaximumLogSize; 531 LARGE_INTEGER AuditRetentionPeriod; 532 BOOLEAN AuditLogFullShutdownInProgress; 533 LARGE_INTEGER TimeToShutdown; 534 ULONG NextAuditRecordId; 535 } 536 alias POLICY_AUDIT_LOG_INFO* PPOLICY_AUDIT_LOG_INFO; 537 538 struct POLICY_AUDIT_EVENTS_INFO { 539 BOOLEAN AuditingMode; 540 PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions; 541 ULONG MaximumAuditEventCount; 542 } 543 alias POLICY_AUDIT_EVENTS_INFO* PPOLICY_AUDIT_EVENTS_INFO; 544 545 struct POLICY_ACCOUNT_DOMAIN_INFO { 546 LSA_UNICODE_STRING DomainName; 547 PSID DomainSid; 548 } 549 alias POLICY_ACCOUNT_DOMAIN_INFO* PPOLICY_ACCOUNT_DOMAIN_INFO; 550 551 struct POLICY_PRIMARY_DOMAIN_INFO { 552 LSA_UNICODE_STRING Name; 553 PSID Sid; 554 } 555 alias POLICY_PRIMARY_DOMAIN_INFO* PPOLICY_PRIMARY_DOMAIN_INFO; 556 557 struct POLICY_DNS_DOMAIN_INFO { 558 LSA_UNICODE_STRING Name; 559 LSA_UNICODE_STRING DnsDomainName; 560 LSA_UNICODE_STRING DnsTreeName; 561 GUID DomainGuid; 562 PSID Sid; 563 } 564 alias POLICY_DNS_DOMAIN_INFO* PPOLICY_DNS_DOMAIN_INFO; 565 566 struct POLICY_PD_ACCOUNT_INFO { 567 LSA_UNICODE_STRING Name; 568 } 569 alias POLICY_PD_ACCOUNT_INFO* PPOLICY_PD_ACCOUNT_INFO; 570 571 struct POLICY_LSA_SERVER_ROLE_INFO { 572 POLICY_LSA_SERVER_ROLE LsaServerRole; 573 } 574 alias POLICY_LSA_SERVER_ROLE_INFO* PPOLICY_LSA_SERVER_ROLE_INFO; 575 576 struct POLICY_REPLICA_SOURCE_INFO { 577 LSA_UNICODE_STRING ReplicaSource; 578 LSA_UNICODE_STRING ReplicaAccountName; 579 } 580 alias POLICY_REPLICA_SOURCE_INFO* PPOLICY_REPLICA_SOURCE_INFO; 581 582 struct POLICY_DEFAULT_QUOTA_INFO { 583 QUOTA_LIMITS QuotaLimits; 584 } 585 alias POLICY_DEFAULT_QUOTA_INFO* PPOLICY_DEFAULT_QUOTA_INFO; 586 587 struct POLICY_MODIFICATION_INFO { 588 LARGE_INTEGER ModifiedId; 589 LARGE_INTEGER DatabaseCreationTime; 590 } 591 alias POLICY_MODIFICATION_INFO* PPOLICY_MODIFICATION_INFO; 592 593 struct POLICY_AUDIT_FULL_SET_INFO { 594 BOOLEAN ShutDownOnFull; 595 } 596 alias POLICY_AUDIT_FULL_SET_INFO* PPOLICY_AUDIT_FULL_SET_INFO; 597 598 struct POLICY_AUDIT_FULL_QUERY_INFO { 599 BOOLEAN ShutDownOnFull; 600 BOOLEAN LogIsFull; 601 } 602 alias POLICY_AUDIT_FULL_QUERY_INFO* PPOLICY_AUDIT_FULL_QUERY_INFO; 603 604 struct POLICY_EFS_INFO { 605 ULONG InfoLength; 606 PUCHAR EfsBlob; 607 } 608 alias POLICY_EFS_INFO* PPOLICY_EFS_INFO; 609 610 struct POLICY_LOCAL_IPSEC_REFERENCE_INFO { 611 LSA_UNICODE_STRING ObjectPath; 612 } 613 alias POLICY_LOCAL_IPSEC_REFERENCE_INFO* PPOLICY_LOCAL_IPSEC_REFERENCE_INFO; 614 615 struct POLICY_LOCAL_MACHINE_PASSWORD_INFO { 616 LARGE_INTEGER PasswordChangeInterval; 617 } 618 alias POLICY_LOCAL_MACHINE_PASSWORD_INFO* PPOLICY_LOCAL_MACHINE_PASSWORD_INFO; 619 620 struct POLICY_LOCAL_POLICY_LOCATION_INFO { 621 ULONG PolicyLocation; 622 } 623 alias POLICY_LOCAL_POLICY_LOCATION_INFO* PPOLICY_LOCAL_POLICY_LOCATION_INFO; 624 625 struct POLICY_LOCAL_QUALITY_OF_SERVICE_INFO{ 626 ULONG QualityOfService; 627 } 628 alias POLICY_LOCAL_QUALITY_OF_SERVICE_INFO 629 POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO; 630 alias POLICY_LOCAL_QUALITY_OF_SERVICE_INFO* 631 PPOLICY_LOCAL_QUALITY_OF_SERVICE_INFO, 632 PPOLICY_DOMAIN_QUALITY_OF_SERVICE_INFO; 633 634 struct POLICY_DOMAIN_PUBLIC_KEY_INFO { 635 ULONG InfoLength; 636 PUCHAR PublicKeyInfo; 637 } 638 alias POLICY_DOMAIN_PUBLIC_KEY_INFO* PPOLICY_DOMAIN_PUBLIC_KEY_INFO; 639 640 struct POLICY_DOMAIN_LOCKOUT_INFO { 641 LARGE_INTEGER LockoutDuration; 642 LARGE_INTEGER LockoutObservationWindow; 643 USHORT LockoutThreshold; 644 } 645 alias POLICY_DOMAIN_LOCKOUT_INFO* PPOLICY_DOMAIN_LOCKOUT_INFO; 646 647 struct POLICY_DOMAIN_PASSWORD_INFO { 648 USHORT MinPasswordLength; 649 USHORT PasswordHistoryLength; 650 ULONG PasswordProperties; 651 LARGE_INTEGER MaxPasswordAge; 652 LARGE_INTEGER MinPasswordAge; 653 } 654 alias POLICY_DOMAIN_PASSWORD_INFO* PPOLICY_DOMAIN_PASSWORD_INFO; 655 656 struct POLICY_DOMAIN_KERBEROS_TICKET_INFO { 657 ULONG AuthenticationOptions; 658 LARGE_INTEGER MinTicketAge; 659 LARGE_INTEGER MaxTicketAge; 660 LARGE_INTEGER MaxRenewAge; 661 LARGE_INTEGER ProxyLifetime; 662 LARGE_INTEGER ForceLogoff; 663 } 664 alias POLICY_DOMAIN_KERBEROS_TICKET_INFO* PPOLICY_DOMAIN_KERBEROS_TICKET_INFO; 665 666 alias HANDLE LSA_HANDLE; 667 alias HANDLE* PLSA_HANDLE; 668 669 struct TRUSTED_DOMAIN_NAME_INFO { 670 LSA_UNICODE_STRING Name; 671 } 672 alias TRUSTED_DOMAIN_NAME_INFO* PTRUSTED_DOMAIN_NAME_INFO; 673 674 struct TRUSTED_CONTROLLERS_INFO { 675 ULONG Entries; 676 PLSA_UNICODE_STRING Names; 677 } 678 alias TRUSTED_CONTROLLERS_INFO* PTRUSTED_CONTROLLERS_INFO; 679 680 struct TRUSTED_POSIX_OFFSET_INFO { 681 ULONG Offset; 682 } 683 alias TRUSTED_POSIX_OFFSET_INFO* PTRUSTED_POSIX_OFFSET_INFO; 684 685 struct TRUSTED_PASSWORD_INFO { 686 LSA_UNICODE_STRING Password; 687 LSA_UNICODE_STRING OldPassword; 688 } 689 alias TRUSTED_PASSWORD_INFO* PTRUSTED_PASSWORD_INFO; 690 691 struct TRUSTED_DOMAIN_INFORMATION_EX { 692 LSA_UNICODE_STRING Name; 693 LSA_UNICODE_STRING FlatName; 694 PSID Sid; 695 ULONG TrustDirection; 696 ULONG TrustType; 697 ULONG TrustAttributes; 698 } 699 alias TRUSTED_DOMAIN_INFORMATION_EX* PTRUSTED_DOMAIN_INFORMATION_EX; 700 701 struct LSA_AUTH_INFORMATION { 702 LARGE_INTEGER LastUpdateTime; 703 ULONG AuthType; 704 ULONG AuthInfoLength; 705 PUCHAR AuthInfo; 706 } 707 alias LSA_AUTH_INFORMATION* PLSA_AUTH_INFORMATION; 708 709 struct TRUSTED_DOMAIN_AUTH_INFORMATION { 710 ULONG IncomingAuthInfos; 711 PLSA_AUTH_INFORMATION IncomingAuthenticationInformation; 712 PLSA_AUTH_INFORMATION IncomingPreviousAuthenticationInformation; 713 ULONG OutgoingAuthInfos; 714 PLSA_AUTH_INFORMATION OutgoingAuthenticationInformation; 715 PLSA_AUTH_INFORMATION OutgoingPreviousAuthenticationInformation; 716 } 717 alias TRUSTED_DOMAIN_AUTH_INFORMATION* PTRUSTED_DOMAIN_AUTH_INFORMATION; 718 719 struct TRUSTED_DOMAIN_FULL_INFORMATION { 720 TRUSTED_DOMAIN_INFORMATION_EX Information; 721 TRUSTED_POSIX_OFFSET_INFO PosixOffset; 722 TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation; 723 } 724 alias TRUSTED_DOMAIN_FULL_INFORMATION* PTRUSTED_DOMAIN_FULL_INFORMATION; 725 726 extern (Windows) { 727 NTSTATUS LsaAddAccountRights(LSA_HANDLE, PSID, PLSA_UNICODE_STRING, 728 ULONG); 729 NTSTATUS LsaCallAuthenticationPackage(HANDLE, ULONG, PVOID, ULONG, 730 PVOID*, PULONG, PNTSTATUS); 731 NTSTATUS LsaClose(LSA_HANDLE); 732 NTSTATUS LsaConnectUntrusted(PHANDLE); 733 NTSTATUS LsaCreateTrustedDomainEx(LSA_HANDLE, 734 PTRUSTED_DOMAIN_INFORMATION_EX, PTRUSTED_DOMAIN_AUTH_INFORMATION, 735 ACCESS_MASK, PLSA_HANDLE); 736 NTSTATUS LsaDeleteTrustedDomain(LSA_HANDLE, PSID); 737 NTSTATUS LsaDeregisterLogonProcess(HANDLE); 738 NTSTATUS LsaEnumerateAccountRights(LSA_HANDLE, PSID, PLSA_UNICODE_STRING*, 739 PULONG); 740 NTSTATUS LsaEnumerateAccountsWithUserRight(LSA_HANDLE, 741 PLSA_UNICODE_STRING, PVOID*, PULONG); 742 NTSTATUS LsaEnumerateTrustedDomains(LSA_HANDLE, PLSA_ENUMERATION_HANDLE, 743 PVOID*, ULONG, PULONG); 744 NTSTATUS LsaEnumerateTrustedDomainsEx(LSA_HANDLE, PLSA_ENUMERATION_HANDLE, 745 TRUSTED_INFORMATION_CLASS, PVOID*, ULONG, PULONG); 746 NTSTATUS LsaFreeMemory(PVOID); 747 NTSTATUS LsaFreeReturnBuffer(PVOID); 748 NTSTATUS LsaLogonUser(HANDLE, PLSA_STRING, SECURITY_LOGON_TYPE, ULONG, 749 PVOID, ULONG, PTOKEN_GROUPS, PTOKEN_SOURCE, PVOID*, PULONG, PLUID, 750 PHANDLE, PQUOTA_LIMITS, PNTSTATUS); 751 NTSTATUS LsaLookupAuthenticationPackage(HANDLE, PLSA_STRING, PULONG); 752 NTSTATUS LsaLookupNames(LSA_HANDLE, ULONG, PLSA_UNICODE_STRING, 753 PLSA_REFERENCED_DOMAIN_LIST*, PLSA_TRANSLATED_SID*); 754 NTSTATUS LsaLookupSids(LSA_HANDLE, ULONG, PSID*, 755 PLSA_REFERENCED_DOMAIN_LIST*, PLSA_TRANSLATED_NAME*); 756 ULONG LsaNtStatusToWinError(NTSTATUS); 757 NTSTATUS LsaOpenPolicy(PLSA_UNICODE_STRING, PLSA_OBJECT_ATTRIBUTES, 758 ACCESS_MASK, PLSA_HANDLE); 759 NTSTATUS LsaQueryDomainInformationPolicy(LSA_HANDLE, 760 POLICY_DOMAIN_INFORMATION_CLASS, PVOID*); 761 NTSTATUS LsaQueryInformationPolicy(LSA_HANDLE, POLICY_INFORMATION_CLASS, 762 PVOID*); 763 NTSTATUS LsaQueryLocalInformationPolicy(LSA_HANDLE, 764 POLICY_LOCAL_INFORMATION_CLASS, PVOID*); 765 NTSTATUS LsaQueryTrustedDomainInfo(LSA_HANDLE, PSID, 766 TRUSTED_INFORMATION_CLASS, PVOID*); 767 NTSTATUS LsaQueryTrustedDomainInfoByName(LSA_HANDLE, PLSA_UNICODE_STRING, 768 TRUSTED_INFORMATION_CLASS, PVOID*); 769 NTSTATUS LsaRegisterLogonProcess(PLSA_STRING, PHANDLE, 770 PLSA_OPERATIONAL_MODE); 771 NTSTATUS LsaRemoveAccountRights(LSA_HANDLE, PSID, BOOLEAN, 772 PLSA_UNICODE_STRING, ULONG); 773 NTSTATUS LsaRetrievePrivateData(LSA_HANDLE, PLSA_UNICODE_STRING, 774 PLSA_UNICODE_STRING*); 775 NTSTATUS LsaSetDomainInformationPolicy(LSA_HANDLE, 776 POLICY_DOMAIN_INFORMATION_CLASS, PVOID); 777 NTSTATUS LsaSetInformationPolicy(LSA_HANDLE, POLICY_INFORMATION_CLASS, 778 PVOID); 779 NTSTATUS LsaSetLocalInformationPolicy(LSA_HANDLE, 780 POLICY_LOCAL_INFORMATION_CLASS, PVOID); 781 NTSTATUS LsaSetTrustedDomainInformation(LSA_HANDLE, PSID, 782 TRUSTED_INFORMATION_CLASS, PVOID); 783 NTSTATUS LsaSetTrustedDomainInfoByName(LSA_HANDLE, PLSA_UNICODE_STRING, 784 TRUSTED_INFORMATION_CLASS, PVOID); 785 NTSTATUS LsaStorePrivateData(LSA_HANDLE, PLSA_UNICODE_STRING, 786 PLSA_UNICODE_STRING); 787 } 788 789 alias NTSTATUS function(PUNICODE_STRING, ULONG, PUNICODE_STRING) 790 PSAM_PASSWORD_NOTIFICATION_ROUTINE; 791 alias BOOLEAN function() PSAM_INIT_NOTIFICATION_ROUTINE; 792 alias BOOLEAN function(PUNICODE_STRING, PUNICODE_STRING, 793 PUNICODE_STRING, BOOLEAN) PSAM_PASSWORD_FILTER_ROUTINE;