using System;
using System.Linq;
using System.Runtime.InteropServices;
using Vanara.Extensions;
using Vanara.InteropServices;
using FILETIME = System.Runtime.InteropServices.ComTypes.FILETIME;
namespace Vanara.PInvoke
{
/// Functions, enumerations and structures found in ADVAPI32.DLL.
public static partial class AdvApi32
{
/// Flags that describe the password properties.
[PInvokeData("ntsecapi.h", MSDNShortId = "7dceaf70-d8de-47c0-b940-f0d6a0cca101")]
[Flags]
public enum DOMAIN_PASSWORD : uint
{
///
/// The password must have a mix of at least two of the following types of characters:
///
/// - Uppercase characters
/// - Lowercase characters
/// - Numerals
///
///
DOMAIN_PASSWORD_COMPLEX = 0x00000001,
///
/// The password cannot be changed without logging on. Otherwise, if your password has expired, you can change your password and
/// then log on.
///
DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002,
/// Forces the client to use a protocol that does not allow the domain controller to get the plaintext password.
DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004,
/// Allows the built-in administrator account to be locked out from network logons.
DOMAIN_LOCKOUT_ADMINS = 0x00000008,
/// The directory service is storing a plaintext password for all users instead of a hash function of the password.
DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010,
///
/// Removes the requirement that the machine account password be automatically changed every week.
/// This value should not be used as it can weaken security.
///
DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020,
///
DOMAIN_NO_LM_OWF_CHANGE = 0x00000040
}
/// Auditing options for an audit event type.
[PInvokeData("ntsecapi.h")]
[Flags]
public enum POLICY_AUDIT_EVENT_OPTIONS : uint
{
///
/// Do not change auditing options for the specified event type.
/// This value is valid for the AuditSetSystemPolicy and AuditQuerySystemPolicy functions.
///
POLICY_AUDIT_EVENT_UNCHANGED = 0x00000000,
///
/// Audit successful occurrences of the specified event type.
/// This value is valid for the AuditSetSystemPolicy and AuditQuerySystemPolicy functions.
///
POLICY_AUDIT_EVENT_SUCCESS = 0x00000001,
///
/// Audit failed attempts to cause the specified event type.
/// This value is valid for the AuditSetSystemPolicy and AuditQuerySystemPolicy functions.
///
POLICY_AUDIT_EVENT_FAILURE = 0x00000002,
///
/// Do not audit the specified event type.
/// This value is valid for the AuditSetSystemPolicy and AuditQuerySystemPolicy functions.
///
POLICY_AUDIT_EVENT_NONE = 0x00000004,
}
/// The POLICY_DOMAIN_INFORMATION_CLASS enumeration defines the type of policy domain information.
// https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ne-ntsecapi-_policy_domain_information_class typedef enum
// _POLICY_DOMAIN_INFORMATION_CLASS { PolicyDomainQualityOfServiceInformation, PolicyDomainEfsInformation,
// PolicyDomainKerberosTicketInformation } POLICY_DOMAIN_INFORMATION_CLASS, *PPOLICY_DOMAIN_INFORMATION_CLASS;
[PInvokeData("ntsecapi.h", MSDNShortId = "b208c479-a262-4120-824f-677ead1ef61a")]
public enum POLICY_DOMAIN_INFORMATION_CLASS
{
///
[CorrespondingType(typeof(POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO), CorrespondingAction.Set)]
PolicyDomainQualityOfServiceInformation = 1,
/// The information is for Encrypting File System.
[CorrespondingType(typeof(POLICY_DOMAIN_EFS_INFO))]
PolicyDomainEfsInformation,
/// The information is for a Kerberos ticket.
[CorrespondingType(typeof(POLICY_DOMAIN_KERBEROS_TICKET_INFO))]
PolicyDomainKerberosTicketInformation,
}
///
/// The POLICY_INFORMATION_CLASS enumeration defines values that indicate the type of information to set or query in a Policy object.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ne-ntsecapi-_policy_information_class typedef enum
// _POLICY_INFORMATION_CLASS { PolicyAuditLogInformation, PolicyAuditEventsInformation, PolicyPrimaryDomainInformation,
// PolicyPdAccountInformation, PolicyAccountDomainInformation, PolicyLsaServerRoleInformation, PolicyReplicaSourceInformation,
// PolicyDefaultQuotaInformation, PolicyModificationInformation, PolicyAuditFullSetInformation, PolicyAuditFullQueryInformation,
// PolicyDnsDomainInformation, PolicyDnsDomainInformationInt, PolicyLocalAccountDomainInformation, PolicyMachineAccountInformation,
// PolicyLastEntry } POLICY_INFORMATION_CLASS, *PPOLICY_INFORMATION_CLASS;
[PInvokeData("ntsecapi.h", MSDNShortId = "b734b5e8-1ee9-436b-b2a9-210ae79fbaf5")]
public enum POLICY_INFORMATION_CLASS
{
/// This value is obsolete.
[Obsolete]
PolicyAuditLogInformation = 1,
///
/// Query or set the auditing rules of the system. You can enable or disable auditing and specify the types of events that are
/// audited. Use the POLICY_AUDIT_EVENTS_INFO structure.
///
[CorrespondingType(typeof(POLICY_AUDIT_EVENTS_INFO))]
PolicyAuditEventsInformation,
/// This value is obsolete. Use the PolicyDnsDomainInformation value instead.
[Obsolete]
PolicyPrimaryDomainInformation,
/// This value is obsolete.
[Obsolete]
PolicyPdAccountInformation,
/// Query or set the name and SID of the account domain of the system. Use the POLICY_ACCOUNT_DOMAIN_INFO structure.
[CorrespondingType(typeof(POLICY_ACCOUNT_DOMAIN_INFO))]
PolicyAccountDomainInformation,
/// Query or set the role of an LSA server. Use the POLICY_LSA_SERVER_ROLE_INFO structure.
[CorrespondingType(typeof(POLICY_LSA_SERVER_ROLE_INFO))]
PolicyLsaServerRoleInformation,
/// This value is obsolete.
[Obsolete]
PolicyReplicaSourceInformation,
/// This value is obsolete.
[Obsolete]
PolicyDefaultQuotaInformation,
///
/// Query or set information about the creation time and last modification of the LSA database. Use the POLICY_MODIFICATION_INFO structure.
///
[CorrespondingType(typeof(POLICY_MODIFICATION_INFO))]
PolicyModificationInformation,
/// This value is obsolete.
[Obsolete]
PolicyAuditFullSetInformation,
/// This value is obsolete.
[Obsolete]
PolicyAuditFullQueryInformation,
///
/// Query or set Domain Name System (DNS) information about the account domain associated with a Policy object. Use the
/// POLICY_DNS_DOMAIN_INFO structure.
///
[CorrespondingType(typeof(POLICY_DNS_DOMAIN_INFO))]
PolicyDnsDomainInformation,
///
PolicyDnsDomainInformationInt,
///
PolicyLocalAccountDomainInformation,
///
PolicyMachineAccountInformation,
}
///
/// The POLICY_LSA_SERVER_ROLE enumeration type defines values that indicate the role of an LSA server. The
/// LsaQueryInformationPolicy and LsaSetInformationPolicy functions use this enumeration type when their InformationClass parameters
/// are set to PolicyLsaServerRoleInformation.
///
// https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/ne-ntsecapi-policy_lsa_server_role typedef enum
// _POLICY_LSA_SERVER_ROLE { PolicyServerRoleBackup, PolicyServerRolePrimary } POLICY_LSA_SERVER_ROLE, *PPOLICY_LSA_SERVER_ROLE;
[PInvokeData("ntsecapi.h", MSDNShortId = "a2bcc380-8873-436b-a0d6-e4deb23669bb")]
public enum POLICY_LSA_SERVER_ROLE
{
/// Indicates a backup LSA server.
PolicyServerRoleBackup = 2,
/// Indicates a primary LSA server, a workstation, or a standalone computer.
PolicyServerRolePrimary,
}
/// [Undocumented] Used by POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO.
[PInvokeData("ntsecapi.h")]
public enum POLICY_QOS : uint
{
///
POLICY_QOS_SCHANNEL_REQUIRED = 0x00000001,
///
POLICY_QOS_OUTBOUND_INTEGRITY = 0x00000002,
///
POLICY_QOS_OUTBOUND_CONFIDENTIALITY = 0x00000004,
///
POLICY_QOS_INBOUND_INTEGRITY = 0x00000008,
///
POLICY_QOS_INBOUND_CONFIDENTIALITY = 0x00000010,
///
POLICY_QOS_ALLOW_LOCAL_ROOT_CERT_STORE = 0x00000020,
///
POLICY_QOS_RAS_SERVER_ALLOWED = 0x00000040,
///
POLICY_QOS_DHCP_SERVER_ALLOWED = 0x00000080,
}
///
/// The POLICY_SERVER_ENABLE_STATE enumeration represents the state of the LSA server—that is, whether it is enabled or
/// disabled. Some operations may only be performed on an enabled LSA server.
///
// https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/ne-ntsecapi-policy_server_enable_state typedef enum
// _POLICY_SERVER_ENABLE_STATE { PolicyServerEnabled, PolicyServerDisabled } POLICY_SERVER_ENABLE_STATE, *PPOLICY_SERVER_ENABLE_STATE;
[PInvokeData("ntsecapi.h", MSDNShortId = "aae5875e-ca55-4571-a9a4-684280ae8aa0")]
public enum POLICY_SERVER_ENABLE_STATE
{
/// The LSA server is enabled.
PolicyServerEnabled = 2,
/// The LSA server is disabled.
PolicyServerDisabled,
}
///
/// Specifies one of the following values to indicate the type of authentication information in the AuthInfo buffer.
///
public enum TRUST_AUTH_TYPE
{
/// The format is unknown and will be ignored.
TRUST_AUTH_TYPE_NONE = 0,
///
/// The Windows NT 4.0 one-way format (OWF) of a plaintext password. Note that you cannot derive the clear password back from the
/// OWF form of the password. The system sets this information.
///
TRUST_AUTH_TYPE_NT4OWF = 1,
/// Plaintext password to use for the trust.
TRUST_AUTH_TYPE_CLEAR = 2,
/// Plaintext password version number.
TRUST_AUTH_TYPE_VERSION = 3,
}
/// Indicates the attributes of a trust relationship.
[PInvokeData("ntsecapi.h", MSDNShortId = "acf9a2b5-f301-4e6a-a515-df338658ad56")]
[Flags]
public enum TrustAttributes : uint
{
/// Disallow transitivity.
TRUST_ATTRIBUTE_NON_TRANSITIVE = 0x00000001,
/// The trust link is not valid for client operating systems earlier than Windows 2000.
TRUST_ATTRIBUTE_UPLEVEL_ONLY = 0x00000002,
/// Undocumented.
TRUST_ATTRIBUTE_TREE_PARENT = 0x00400000,
/// Undocumented.
TRUST_ATTRIBUTE_TREE_ROOT = 0x00800000,
/// Quarantine domains.
TRUST_ATTRIBUTE_FILTER_SIDS = 0x00000004,
/// The trust link may contain forest trust information.
TRUST_ATTRIBUTE_FOREST_TRANSITIVE = 0x00000008,
/// This trust is to a domain/forest that is not part of this enterprise.
TRUST_ATTRIBUTE_CROSS_ORGANIZATION = 0x00000010,
/// Trust is internal to this forest.
TRUST_ATTRIBUTE_WITHIN_FOREST = 0x00000020,
/// Trust is treated as external for trust boundary purposes.
TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL = 0x00000040,
/// Undocumented.
TRUST_ATTRIBUTE_TRUST_USES_RC4_ENCRYPTION = 0x00000080,
/// Undocumented.
TRUST_ATTRIBUTE_TRUST_USES_AES_KEYS = 0x00000100,
/// Undocumented.
TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION = 0x00000200,
/// Undocumented.
TRUST_ATTRIBUTE_PIM_TRUST = 0x00000400,
}
/// Indicates the direction of the trust.
[PInvokeData("ntsecapi.h", MSDNShortId = "acf9a2b5-f301-4e6a-a515-df338658ad56")]
public enum TrustDirection : uint
{
/// The trust relationship exists, but it has been disabled.
TRUST_DIRECTION_DISABLED = 0x00000000,
/// The trusted domain trusts the primary domain to perform operations such as name lookups and authentication.
TRUST_DIRECTION_INBOUND = 0x00000001,
/// The primary domain trusts the trusted domain to perform operations such as name lookups and authentication.
TRUST_DIRECTION_OUTBOUND = 0x00000002,
/// Both domains trust each other.
TRUST_DIRECTION_BIDIRECTIONAL = TRUST_DIRECTION_INBOUND | TRUST_DIRECTION_OUTBOUND
}
///
///
/// The TRUSTED_INFORMATION_CLASS enumeration type defines values that indicate the type of information to set or query for a
/// trusted domain.
///
///
/// Each value has an associated structure that the LsaQueryTrustedDomainInfo and LsaSetTrustedDomainInformation functions use to
/// store the information.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ne-ntsecapi-_trusted_information_class typedef enum
// _TRUSTED_INFORMATION_CLASS { TrustedDomainNameInformation , TrustedControllersInformation , TrustedPosixOffsetInformation ,
// TrustedPasswordInformation , TrustedDomainInformationBasic , TrustedDomainInformationEx , TrustedDomainAuthInformation ,
// TrustedDomainFullInformation , TrustedDomainAuthInformationInternal , TrustedDomainFullInformationInternal ,
// TrustedDomainInformationEx2Internal , TrustedDomainFullInformation2Internal , TrustedDomainSupportedEncryptionTypes }
// TRUSTED_INFORMATION_CLASS, *PTRUSTED_INFORMATION_CLASS;
[PInvokeData("ntsecapi.h", MSDNShortId = "442a0944-b498-4d9f-b338-d5aed1663d8d")]
public enum TRUSTED_INFORMATION_CLASS
{
/// Query or set the name of a trusted domain. Use the TRUSTED_DOMAIN_NAME_INFO structure.
[CorrespondingType(typeof(TRUSTED_DOMAIN_NAME_INFO))]
TrustedDomainNameInformation = 1,
/// This value is obsolete.
TrustedControllersInformation,
///
/// Query or set the value used to generate Posix user and group identifiers. Use the TRUSTED_POSIX_OFFSET_INFO structure.
///
[CorrespondingType(typeof(TRUSTED_POSIX_OFFSET_INFO))]
TrustedPosixOffsetInformation,
/// This value has been superseded by the TrustedDomainAuthInformation value.
[CorrespondingType(typeof(TRUSTED_PASSWORD_INFO))]
TrustedPasswordInformation,
/// This value is obsolete.
TrustedDomainInformationBasic,
/// Query extended information for a trusted domain. Use the TRUSTED_DOMAIN_INFORMATION_EX structure.
[CorrespondingType(typeof(TRUSTED_DOMAIN_INFORMATION_EX), CorrespondingAction.Get)]
TrustedDomainInformationEx,
/// Query authentication information for a trusted domain. Use the TRUSTED_DOMAIN_AUTH_INFORMATION structure.
[CorrespondingType(typeof(TRUSTED_DOMAIN_AUTH_INFORMATION), CorrespondingAction.Get)]
TrustedDomainAuthInformation,
///
/// Query complete information for a trusted domain. This information includes the Posix offset information, authentication
/// information, and the extended information returned for the TrustedDomainInformationEx value. Use the
/// TRUSTED_DOMAIN_FULL_INFORMATION structure.
///
[CorrespondingType(typeof(TRUSTED_DOMAIN_FULL_INFORMATION), CorrespondingAction.Get)]
TrustedDomainFullInformation,
}
/// Indicates the type of the trust relationship.
[PInvokeData("ntsecapi.h", MSDNShortId = "acf9a2b5-f301-4e6a-a515-df338658ad56")]
public enum TrustType : uint
{
/// The domain controller of the trusted domain is a computer running an operating system earlier than Windows 2000.
TRUST_TYPE_DOWNLEVEL = 0x00000001,
/// The domain controller of the Microsoft trusted domain is a computer running Windows 2000 or later.
TRUST_TYPE_UPLEVEL = 0x00000002,
/// The trusted domain is an MIT Kerberos realm.
TRUST_TYPE_MIT = 0x00000003,
/// The trusted domain is a DCE realm.
TRUST_TYPE_DCE = 0x00000004,
}
///
///
/// The DOMAIN_PASSWORD_INFORMATION structure contains information about a domain's password policy, such as the minimum
/// length for passwords and how unique passwords must be.
///
/// It is used in the MSV1_0_CHANGEPASSWORD_RESPONSE structure.
///
// https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/ns-ntsecapi-domain_password_information typedef struct
// _DOMAIN_PASSWORD_INFORMATION { USHORT MinPasswordLength; USHORT PasswordHistoryLength; ULONG PasswordProperties; #if ...
// OLD_LARGE_INTEGER MaxPasswordAge; #elif OLD_LARGE_INTEGER MaxPasswordAge; #if ... OLD_LARGE_INTEGER MinPasswordAge; #elif
// OLD_LARGE_INTEGER MinPasswordAge; #elif LARGE_INTEGER MaxPasswordAge; #else LARGE_INTEGER MaxPasswordAge; #endif #elif
// LARGE_INTEGER MinPasswordAge; #else LARGE_INTEGER MinPasswordAge; #endif } DOMAIN_PASSWORD_INFORMATION, *PDOMAIN_PASSWORD_INFORMATION;
[PInvokeData("ntsecapi.h", MSDNShortId = "7dceaf70-d8de-47c0-b940-f0d6a0cca101")]
[StructLayout(LayoutKind.Sequential)]
public struct DOMAIN_PASSWORD_INFORMATION
{
/// Specifies the minimum length, in characters, of a valid password.
public ushort MinPasswordLength;
///
/// Indicates the number of previous passwords saved in the history list. A user cannot reuse a password in the history list.
///
public ushort PasswordHistoryLength;
///
/// Flags that describe the password properties. They can be one or more of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// DOMAIN_PASSWORD_COMPLEX 0x00000001L
/// The password must have a mix of at least two of the following types of characters:
///
/// -
/// DOMAIN_PASSWORD_NO_ANON_CHANGE 0x00000002L
///
/// The password cannot be changed without logging on. Otherwise, if your password has expired, you can change your password and
/// then log on.
///
///
/// -
/// DOMAIN_PASSWORD_NO_CLEAR_CHANGE 0x00000004L
/// Forces the client to use a protocol that does not allow the domain controller to get the plaintext password.
///
/// -
/// DOMAIN_LOCKOUT_ADMINS 0x00000008L
/// Allows the built-in administrator account to be locked out from network logons.
///
/// -
/// DOMAIN_PASSWORD_STORE_CLEARTEXT 0x00000010L
/// The directory service is storing a plaintext password for all users instead of a hash function of the password.
///
/// -
/// DOMAIN_REFUSE_PASSWORD_CHANGE 0x00000020L
///
/// Removes the requirement that the machine account password be automatically changed every week. This value should not be used
/// as it can weaken security.
///
///
///
///
public uint PasswordProperties;
///
/// A 64-bit value, with delta time syntax, indicating the policy setting for the maximum time allowed before a password reset or
/// change is required.
///
public FILETIME MaxPasswordAge;
///
/// A 64-bit value, with delta time syntax, indicating the policy setting for the minimum time allowed before a password change
/// operation is allowed.
///
public FILETIME MinPasswordAge;
}
///
/// The LSA_AUTH_INFORMATION structure contains authentication information for a trusted domain.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ns-ntsecapi-_lsa_auth_information typedef struct
// _LSA_AUTH_INFORMATION { LARGE_INTEGER LastUpdateTime; ULONG AuthType; ULONG AuthInfoLength; PUCHAR AuthInfo; }
// LSA_AUTH_INFORMATION, *PLSA_AUTH_INFORMATION;
[PInvokeData("ntsecapi.h", MSDNShortId = "61c17831-4a82-4766-b5af-e97a6d467462")]
[StructLayout(LayoutKind.Sequential)]
public struct LSA_AUTH_INFORMATION
{
///
/// A LARGE_INTEGER structure that uses the Coordinated Universal Time (Greenwich Mean Time) format to indicate the time that
/// this value was set. For more information about Coordinated Universal Time, see the FILETIME structure.
///
public FILETIME LastUpdateTime;
///
/// Specifies one of the following values to indicate the type of authentication information in the AuthInfo buffer.
///
///
/// Value
/// Meaning
///
/// -
/// TRUST_AUTH_TYPE_NONE
/// The format is unknown and will be ignored.
///
/// -
/// TRUST_AUTH_TYPE_NT4OWF
///
/// The Windows NT 4.0 one-way format (OWF) of a plaintext password. Note that you cannot derive the clear password back from the
/// OWF form of the password. The system sets this information.
///
///
/// -
/// TRUST_AUTH_TYPE_CLEAR
/// Plaintext password to use for the trust.
///
/// -
/// TRUST_AUTH_TYPE_VERSION
/// Plaintext password version number.
///
///
///
public TRUST_AUTH_TYPE AuthType;
///
/// Specifies the size, in bytes, of the AuthInfo member.
///
public uint AuthInfoLength;
///
/// Pointer to an array of bytes that contains the type of authentication information indicated by the AuthType member.
///
public IntPtr AuthInfo;
}
///
/// The POLICY_ACCOUNT_DOMAIN_INFO structure is used to set and query the name and SID of the system's account domain. The
/// LsaQueryInformationPolicy and LsaSetInformationPolicy functions use this structure when their InformationClass parameters are set
/// to PolicyAccountDomainInformation.
///
// https://docs.microsoft.com/en-us/windows/win32/api/lsalookup/ns-lsalookup-policy_account_domain_info typedef struct
// _POLICY_ACCOUNT_DOMAIN_INFO { LSA_UNICODE_STRING DomainName; PSID DomainSid; } POLICY_ACCOUNT_DOMAIN_INFO, *PPOLICY_ACCOUNT_DOMAIN_INFO;
[PInvokeData("lsalookup.h", MSDNShortId = "0e38ac5f-40db-405d-9394-b6bcb7c652b5")]
[StructLayout(LayoutKind.Sequential)]
public struct POLICY_ACCOUNT_DOMAIN_INFO
{
/// An LSA_UNICODE_STRING structure that specifies the name of the account domain.
public LSA_UNICODE_STRING DomainName;
/// Pointer to the SID of the account domain.
public PSID DomainSid;
}
///
/// The POLICY_AUDIT_EVENTS_INFO structure is used to set and query the system's auditing rules. The LsaQueryInformationPolicy
/// and LsaSetInformationPolicy functions use this structure when their InformationClass parameters are set to PolicyAuditEventsInformation.
///
///
/// LSA Policy defines a mask for the valid event auditing options. The POLICY_AUDIT_EVENT_MASK mask evaluates to TRUE if it
/// is set equal to any of the preceding event auditing options.
///
// https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/ns-ntsecapi-policy_audit_events_info typedef struct
// _POLICY_AUDIT_EVENTS_INFO { BOOLEAN AuditingMode; PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions; ULONG MaximumAuditEventCount;
// } POLICY_AUDIT_EVENTS_INFO, *PPOLICY_AUDIT_EVENTS_INFO;
[PInvokeData("ntsecapi.h", MSDNShortId = "3442e5e5-78cf-4bda-ba11-0f51ee40df16")]
public struct POLICY_AUDIT_EVENTS_INFO : IVanaraMarshaler
{
///
/// Indicates whether auditing is enabled.
///
/// If this flag is TRUE, the system generates audit records according to the event auditing options specified in the
/// EventAuditingOptions member.
///
///
/// If this flag is FALSE, the system does not generate audit records. However, note that set operations update the event
/// auditing options as specified in the EventAuditingOptions member even when AuditingMode is FALSE.
///
///
public bool AuditingMode;
///
///
/// Pointer to an array of POLICY_AUDIT_EVENT_OPTIONS variables. Each element in this array specifies the auditing options for an
/// audit event type. The index of each array element corresponds to an audit event type value in the POLICY_AUDIT_EVENT_TYPE
/// enumeration type.
///
///
/// Each POLICY_AUDIT_EVENT_OPTIONS variable in the array can specify the following auditing options. You can also combine the
/// success and failure options, POLICY_AUDIT_EVENT_SUCCESS and POLICY_AUDIT_EVENT_FAILURE.
///
///
/// When LSASetInformationPolicy is called to change the audit policy, any new POLICY_AUDIT_EVENT_OPTIONS array elements are
/// added to any existing audit options. Adding a new POLICY_AUDIT_EVENT_OPTIONS element combined with the
/// POLICY_AUDIT_EVENT_NONE audit option cancels all previous audit options and begins a new set of options.
///
///
///
/// Value
/// Meaning
///
/// -
/// POLICY_AUDIT_EVENT_UNCHANGED
///
/// For set operations, specify this value to leave the current options unchanged. For read operations, this value means that no
/// audit records for this type are generated. This is the default.
///
///
/// -
/// POLICY_AUDIT_EVENT_SUCCESS
/// Generate audit records for successful events of this type.
///
/// -
/// POLICY_AUDIT_EVENT_FAILURE
/// Generate audit records for failed attempts to cause an event of this type to occur.
///
/// -
/// POLICY_AUDIT_EVENT_NONE
/// Do not generate audit records for events of this type.
///
///
///
public POLICY_AUDIT_EVENT_OPTIONS[] EventAuditingOptions;
///
/// Specifies the number of elements in the EventAuditingOptions array. For set operations, if this value is less than the
/// number of audit event types supported by the system, the system does not change the auditing options for event types with
/// indexes equal to or higher than the value specified in MaximumAuditEventCount.
///
public int MaximumAuditEventCount => EventAuditingOptions?.Length ?? 0;
SizeT IVanaraMarshaler.GetNativeSize() => IntPtr.Size * 3 + 36;
SafeAllocatedMemoryHandle IVanaraMarshaler.MarshalManagedToNative(object obj)
{
var i = (POLICY_AUDIT_EVENTS_INFO)obj;
var mem = new SafeHGlobalHandle(IntPtr.Size * 3 + 36);
mem.Write((BOOLEAN)i.AuditingMode);
mem.Write(mem.DangerousGetHandle().Offset(IntPtr.Size * 3), false, IntPtr.Size);
mem.Write(i.MaximumAuditEventCount, false, IntPtr.Size * 2);
mem.Write(i.EventAuditingOptions, false, IntPtr.Size * 3);
return mem;
}
object IVanaraMarshaler.MarshalNativeToManaged(IntPtr ptr, SizeT size)
{
using var str = new NativeMemoryStream(ptr, size);
var mode = str.Read();
str.Position = IntPtr.Size * 2;
var cnt = str.Read();
str.Position = IntPtr.Size;
return new POLICY_AUDIT_EVENTS_INFO
{
AuditingMode = mode,
EventAuditingOptions = str.Read().ToArray(cnt).ToArray()
};
}
}
///
/// The POLICY_DNS_DOMAIN_INFO structure is used to set and query Domain Name System (DNS) information about the primary
/// domain associated with a Policy object. The LsaQueryInformationPolicy and LsaSetInformationPolicy functions use this structure
/// when their InformationClass parameters are set to PolicyDnsDomainInformation.
///
///
///
/// The POLICY_DNS_DOMAIN_INFO structure is an extended version of the POLICY_PRIMARY_DOMAIN_INFO structure. Setting
/// POLICY_DNS_DOMAIN_INFO information will overwrite the corresponding values in the POLICY_PRIMARY_DOMAIN_INFO (name
/// and SID), and vice versa.
///
///
/// If the computer associated with the Policy object is not a member of a domain, all structure members except Name are
/// NULL or zero.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/lsalookup/ns-lsalookup-policy_dns_domain_info typedef struct
// _POLICY_DNS_DOMAIN_INFO { LSA_UNICODE_STRING Name; LSA_UNICODE_STRING DnsDomainName; LSA_UNICODE_STRING DnsForestName; GUID
// DomainGuid; PSID Sid; } POLICY_DNS_DOMAIN_INFO, *PPOLICY_DNS_DOMAIN_INFO;
[PInvokeData("lsalookup.h", MSDNShortId = "5b2879cf-e0dc-4844-bfe8-bf45460285f1")]
[StructLayout(LayoutKind.Sequential)]
public struct POLICY_DNS_DOMAIN_INFO
{
///
/// An LSA_UNICODE_STRING structure that specifies the name of the primary domain. This is the same as the primary domain name in
/// the POLICY_PRIMARY_DOMAIN_INFO structure.
///
public LSA_UNICODE_STRING Name;
/// An LSA_UNICODE_STRING structure that specifies the DNS name of the primary domain.
public LSA_UNICODE_STRING DnsDomainName;
///
/// An LSA_UNICODE_STRING structure that specifies the DNS forest name of the primary domain. This is the DNS name of the domain
/// at the root of the enterprise.
///
public LSA_UNICODE_STRING DnsForestName;
/// A GUID structure that contains the GUID of the primary domain.
public Guid DomainGuid;
///
/// Pointer to the SID of the primary domain. This is the same as the primary domain SID in the POLICY_PRIMARY_DOMAIN_INFO structure.
///
public PSID Sid;
}
/// [Undocumented] Used by .
[PInvokeData("ntsecapi.h")]
[StructLayout(LayoutKind.Sequential)]
public struct POLICY_DOMAIN_EFS_INFO
{
/// Length of the EFS Information blob
public uint InfoLength;
/// Efs blob data
public IntPtr EfsBlob;
}
/// [Undocumented] Used by .
[PInvokeData("ntsecapi.h")]
[StructLayout(LayoutKind.Sequential)]
public struct POLICY_DOMAIN_KERBEROS_TICKET_INFO
{
/// allowed ticket options (POLICY_KERBEROS_* flags )
public uint AuthenticationOptions;
/// Maximum lifetime for a service ticket
public FILETIME MaxServiceTicketAge;
/// Maximum lifetime for the initial ticket
public FILETIME MaxTicketAge;
/// Maximum cumulative age a renewable ticket can be with requring authentication
public FILETIME MaxRenewAge;
/// Maximum tolerance for synchronization of computer clocks
public FILETIME MaxClockSkew;
/// Reserved
public FILETIME Reserved;
}
/// [Undocumented] Used by .
[PInvokeData("ntsecapi.h")]
[StructLayout(LayoutKind.Sequential)]
public struct POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO
{
/// Determines what specific QOS actions a machine should take
public POLICY_QOS QualityOfService;
}
///
/// The POLICY_LSA_SERVER_ROLE_INFO structure is used to set and query the role of an LSA server. The
/// LsaQueryInformationPolicy and LsaSetInformationPolicy functions use this structure when their InformationClass parameters are set
/// to PolicyLsaServerRoleInformation.
///
// https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/ns-ntsecapi-policy_lsa_server_role_info typedef struct
// _POLICY_LSA_SERVER_ROLE_INFO { POLICY_LSA_SERVER_ROLE LsaServerRole; } POLICY_LSA_SERVER_ROLE_INFO, *PPOLICY_LSA_SERVER_ROLE_INFO;
[PInvokeData("ntsecapi.h", MSDNShortId = "f66abe33-d8c8-45b8-9b94-d6890d786aaa")]
[StructLayout(LayoutKind.Sequential)]
public struct POLICY_LSA_SERVER_ROLE_INFO
{
///
/// Specifies one of the values from the POLICY_LSA_SERVER_ROLE enumeration type to indicate a primary or backup LSA server.
///
public POLICY_LSA_SERVER_ROLE LsaServerRole;
}
///
/// The POLICY_MODIFICATION_INFO structure is used to query information about the creation time and last modification of the
/// LSA database. The LsaQueryInformationPolicy function uses this structure when its InformationClass parameter is set to PolicyModificationInformation.
///
// https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/ns-ntsecapi-policy_modification_info typedef struct
// _POLICY_MODIFICATION_INFO { LARGE_INTEGER ModifiedId; LARGE_INTEGER DatabaseCreationTime; } POLICY_MODIFICATION_INFO, *PPOLICY_MODIFICATION_INFO;
[PInvokeData("ntsecapi.h", MSDNShortId = "ef4d1d1d-9b1b-4d67-80b8-2b548ec31a87")]
[StructLayout(LayoutKind.Sequential)]
public struct POLICY_MODIFICATION_INFO
{
///
/// A LARGE_INTEGER structure containing a 64-bit unsigned integer that is incremented each time anything in the LSA database is
/// modified. This value is modified only on primary domain controllers.
///
public long ModifiedId;
///
/// A LARGE_INTEGER structure that indicates the date and time the LSA database was created. This is a UTC-based time that uses
/// the FILETIME format. On backup domain controllers, this value is replicated from the primary domain controller. For more
/// information about UTC-based time, see System Time.
///
public FILETIME DatabaseCreationTime;
}
///
/// The TRUSTED_DOMAIN_AUTH_INFORMATION structure is used to retrieve authentication information for a trusted domain. The
/// LsaQueryTrustedDomainInfo function uses this structure when its InformationClass parameter is set to TrustedDomainAuthInformation.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ns-ntsecapi-_trusted_domain_auth_information typedef struct
// _TRUSTED_DOMAIN_AUTH_INFORMATION { ULONG IncomingAuthInfos; PLSA_AUTH_INFORMATION IncomingAuthenticationInformation;
// PLSA_AUTH_INFORMATION IncomingPreviousAuthenticationInformation; ULONG OutgoingAuthInfos; PLSA_AUTH_INFORMATION
// OutgoingAuthenticationInformation; PLSA_AUTH_INFORMATION OutgoingPreviousAuthenticationInformation; }
// TRUSTED_DOMAIN_AUTH_INFORMATION, *PTRUSTED_DOMAIN_AUTH_INFORMATION;
[PInvokeData("ntsecapi.h", MSDNShortId = "2ec606d7-42bd-47cc-a4cd-82908774aa43")]
[StructLayout(LayoutKind.Sequential)]
public struct TRUSTED_DOMAIN_AUTH_INFORMATION
{
///
/// Specifies the number of entries in the IncomingAuthenticationInformation and
/// IncomingPreviousAuthenticationInformation arrays.
///
public uint IncomingAuthInfos;
///
/// Pointer to an array of LSA_AUTH_INFORMATION structures containing the authentication information for the incoming side of a
/// trust relationship.
///
public IntPtr IncomingAuthenticationInformation;
///
/// Pointer to an array of LSA_AUTH_INFORMATION structures containing the previous authentication information (or old password)
/// for the incoming side of a trust relationship. There must be one of these for every entry in the
/// IncomingAuthenticationInformation array.
///
public IntPtr IncomingPreviousAuthenticationInformation;
///
/// Specifies the number of entries in the OutgoingAuthenticationInformation and
/// OutgoingPreviousAuthenticationInformation arrays.
///
public uint OutgoingAuthInfos;
///
/// Pointer to an array of LSA_AUTH_INFORMATION structures containing the authentication information for the outgoing side of a
/// trust relationship.
///
public IntPtr OutgoingAuthenticationInformation;
///
/// Pointer to an array of LSA_AUTH_INFORMATION structures containing the previous authentication information (or old password)
/// for the outgoing side of a trust relationship. There must be one of these for every entry in the
/// OutgoingAuthenticationInformation array.
///
public IntPtr OutgoingPreviousAuthenticationInformation;
}
///
/// The TRUSTED_DOMAIN_FULL_INFORMATION structure is used to retrieve complete information about a trusted domain. The
/// LsaQueryTrustedDomainInfo function uses this structure when its InformationClass parameter is set to TrustedDomainFullInformation.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ns-ntsecapi-_trusted_domain_full_information typedef struct
// _TRUSTED_DOMAIN_FULL_INFORMATION { TRUSTED_DOMAIN_INFORMATION_EX Information; TRUSTED_POSIX_OFFSET_INFO PosixOffset;
// TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation; } TRUSTED_DOMAIN_FULL_INFORMATION, *PTRUSTED_DOMAIN_FULL_INFORMATION;
[PInvokeData("ntsecapi.h", MSDNShortId = "b7abfe1e-d9e6-4583-a738-c16190ffd44d")]
[StructLayout(LayoutKind.Sequential)]
public struct TRUSTED_DOMAIN_FULL_INFORMATION
{
///
/// A TRUSTED_DOMAIN_INFORMATION_EX structure containing extended information for a trusted domain.
///
public TRUSTED_DOMAIN_INFORMATION_EX Information;
///
/// A TRUSTED_POSIX_OFFSET_INFO structure containing the value used to generate Posix user and group identifiers for a trusted domain.
///
public TRUSTED_POSIX_OFFSET_INFO PosixOffset;
///
/// A TRUSTED_DOMAIN_AUTH_INFORMATION structure containing authentication information for a trusted domain.
///
public TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation;
}
///
/// The TRUSTED_DOMAIN_INFORMATION_EX structure is used to retrieve extended information about a trusted domain. The
/// LsaQueryTrustedDomainInfo function uses this structure when its InformationClass parameter is set to TrustedDomainInformationEx.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ns-ntsecapi-_trusted_domain_information_ex typedef struct
// _TRUSTED_DOMAIN_INFORMATION_EX { LSA_UNICODE_STRING Name; LSA_UNICODE_STRING FlatName; PSID Sid; ULONG TrustDirection; ULONG
// TrustType; ULONG TrustAttributes; } TRUSTED_DOMAIN_INFORMATION_EX, *PTRUSTED_DOMAIN_INFORMATION_EX;
[PInvokeData("ntsecapi.h", MSDNShortId = "acf9a2b5-f301-4e6a-a515-df338658ad56")]
[StructLayout(LayoutKind.Sequential)]
public struct TRUSTED_DOMAIN_INFORMATION_EX
{
///
/// An LSA_UNICODE_STRING structure that contains the name of the trusted domain. This is the DNS domain name. For non-Microsoft
/// trusted domains, this is the identifying name of the domain.
///
public LSA_UNICODE_STRING Name;
///
/// An LSA_UNICODE_STRING structure that contains the flat name of the trusted domain. For non-Microsoft trusted domains, this is
/// the identifying name of the domain or it is NULL.
///
public LSA_UNICODE_STRING FlatName;
///
/// Pointer to the security identifier (SID) of the trusted domain. For non-Microsoft trusted domains, this member can be NULL.
///
public PSID Sid;
///
/// A value that indicates the direction of the trust. This member can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// TRUST_DIRECTION_DISABLED
/// The trust relationship exists, but it has been disabled.
///
/// -
/// TRUST_DIRECTION_INBOUND
/// The trusted domain trusts the primary domain to perform operations such as name lookups and authentication.
///
/// -
/// TRUST_DIRECTION_OUTBOUND
/// The primary domain trusts the trusted domain to perform operations such as name lookups and authentication.
///
/// -
/// TRUST_DIRECTION_BIDIRECTIONAL
/// Both domains trust each other.
///
///
///
public TrustDirection TrustDirection;
///
/// A value that indicates the type of the trust relationship. This member can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// TRUST_TYPE_DOWNLEVEL
/// The domain controller of the trusted domain is a computer running an operating system earlier than Windows 2000.
///
/// -
/// TRUST_TYPE_UPLEVEL
/// The domain controller of the Microsoft trusted domain is a computer running Windows 2000 or later.
///
/// -
/// TRUST_TYPE_MIT
/// The trusted domain is an MIT Kerberos realm.
///
/// -
/// TRUST_TYPE_DCE
/// The trusted domain is a DCE realm.
///
/// -
/// 0x5 - 0x000FFFFF
/// Reserved for future use.
///
/// -
/// 0x00100000 to 0xFFF00000
/// Provider-specific trust levels.
///
///
///
public TrustType TrustType;
///
/// A value that indicates the attributes of a trust relationship. This member can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// TRUST_ATTRIBUTE_NON_TRANSITIVE
/// Disallow transitivity.
///
/// -
/// TRUST_ATTRIBUTE_UPLEVEL_ONLY
/// The trust link is not valid for client operating systems earlier than Windows 2000.
///
/// -
/// TRUST_ATTRIBUTE_FILTER_SIDS
/// Quarantine domains.
///
/// -
/// TRUST_ATTRIBUTE_FOREST_TRANSITIVE
/// The trust link may contain forest trust information.
///
/// -
/// TRUST_ATTRIBUTE_CROSS_ORGANIZATION
/// This trust is to a domain/forest that is not part of this enterprise.
///
/// -
/// TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
/// Trust is treated as external for trust boundary purposes.
///
/// -
/// TRUST_ATTRIBUTE_WITHIN_FOREST
/// Trust is internal to this forest.
///
///
///
public TrustAttributes TrustAttributes;
}
///
/// The TRUSTED_DOMAIN_NAME_INFO structure is used to query or set the name of a trusted domain. The LsaQueryTrustedDomainInfo
/// and LsaSetTrustedDomainInformation functions use this structure when their InformationClass parameters are set to TrustedDomainNameInformation.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ns-ntsecapi-_trusted_domain_name_info typedef struct
// _TRUSTED_DOMAIN_NAME_INFO { LSA_UNICODE_STRING Name; } TRUSTED_DOMAIN_NAME_INFO, *PTRUSTED_DOMAIN_NAME_INFO;
[PInvokeData("ntsecapi.h", MSDNShortId = "9bc1301b-1d09-4cd2-8590-e7756ee4792d")]
[StructLayout(LayoutKind.Sequential)]
public struct TRUSTED_DOMAIN_NAME_INFO
{
///
/// An LSA_UNICODE_STRING structure that contains the name of a trusted domain.
///
public LSA_UNICODE_STRING Name;
}
///
/// The TRUSTED_PASSWORD_INFO structure is used to query or set the password for a trusted domain. The
/// LsaQueryTrustedDomainInfo and LsaSetTrustedDomainInformation functions use this structure when their InformationClass parameters
/// are set to TrustedPasswordInformation.
///
///
/// When you have finished using the TRUSTED_PASSWORD_INFO structure, clear the sensitive information from memory by calling
/// the SecureZeroMemory function. For more information about protecting passwords, see Handling Passwords.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ns-ntsecapi-_trusted_password_info typedef struct
// _TRUSTED_PASSWORD_INFO { LSA_UNICODE_STRING Password; LSA_UNICODE_STRING OldPassword; } TRUSTED_PASSWORD_INFO, *PTRUSTED_PASSWORD_INFO;
[PInvokeData("ntsecapi.h", MSDNShortId = "2c3aca10-8efd-4278-8127-2d31db776c0e")]
[StructLayout(LayoutKind.Sequential)]
public struct TRUSTED_PASSWORD_INFO
{
///
/// An LSA_UNICODE_STRING structure that contains the password to use when creating an authenticated connection to the domain.
///
public LSA_UNICODE_STRING Password;
///
/// An LSA_UNICODE_STRING structure that contains the old password. On set operations, if the Buffer member of this
/// structure is NULL, the old password is set to the current password.
///
public LSA_UNICODE_STRING OldPassword;
}
///
/// The TRUSTED_POSIX_OFFSET_INFO structure is used to query or set the value used to generate Posix user and group
/// identifiers. The LsaQueryTrustedDomainInfo and LsaSetTrustedDomainInformation functions use this structure when their
/// InformationClass parameters are set to TrustedPosixOffsetInformation.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ns-ntsecapi-_trusted_posix_offset_info typedef struct
// _TRUSTED_POSIX_OFFSET_INFO { ULONG Offset; } TRUSTED_POSIX_OFFSET_INFO, *PTRUSTED_POSIX_OFFSET_INFO;
[PInvokeData("ntsecapi.h", MSDNShortId = "0686da5e-43d4-49ac-8c5d-5c56b8d12e50")]
[StructLayout(LayoutKind.Sequential)]
public struct TRUSTED_POSIX_OFFSET_INFO
{
///
/// An offset that the system uses to generate Posix user and group identifiers that correspond to a given SID. To generate a
/// Posix identifier, the system adds the RID from the SID to the Posix offset of the trusted domain identified by the SID.
///
public uint Offset;
}
}
}