s4:kdc: Add resource SID compression

[samba.git] / librpc / idl / netlogon.idl
diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl

index cf4da7adfa9475702f9b4c2411fd1ce16fb3ebe9..c6231c41aee45dd9ddb6c65fcc30dedfb59f0a2c 100644 (file)
--- a/librpc/idl/netlogon.idl
+++ b/librpc/idl/netlogon.idl
@@ -4,25 +4,38 @@
    who contributed!
  */
  
-import "misc.idl", "lsa.idl", "samr.idl", "security.idl", "nbt.idl";
+import "misc.idl", "lsa.idl", "samr.idl", "security.idl";
  
  #include "idl_types.h"
  
  cpp_quote("#define netr_DeltaEnum8Bit netr_DeltaEnum")
  cpp_quote("#define netr_SamDatabaseID8Bit netr_SamDatabaseID")
  
+cpp_quote("#define ENC_CRC32 KERB_ENCTYPE_DES_CBC_CRC")
+cpp_quote("#define ENC_RSA_MD5 KERB_ENCTYPE_DES_CBC_MD5")
+cpp_quote("#define ENC_RC4_HMAC_MD5 KERB_ENCTYPE_RC4_HMAC_MD5")
+cpp_quote("#define ENC_HMAC_SHA1_96_AES128 KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96")
+cpp_quote("#define ENC_HMAC_SHA1_96_AES256 KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96")
+cpp_quote("#define ENC_HMAC_SHA1_96_AES256_SK KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96_SK")
+cpp_quote("#define ENC_FAST_SUPPORTED KERB_ENCTYPE_FAST_SUPPORTED")
+cpp_quote("#define ENC_COMPOUND_IDENTITY_SUPPORTED KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED")
+cpp_quote("#define ENC_CLAIMS_SUPPORTED KERB_ENCTYPE_CLAIMS_SUPPORTED")
+cpp_quote("#define ENC_RESOURCE_SID_COMPRESSION_DISABLED KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED")
+cpp_quote("#define NETLOGON_SERVER_PIPE_STATE_MAGIC 0x4f555358")
+
  [
    uuid("12345678-1234-abcd-ef00-01234567cffb"),
    version(1.0),
    endpoint("ncacn_np:[\\pipe\\netlogon]","ncacn_ip_tcp:","ncalrpc:"),
    helper("../librpc/ndr/ndr_netlogon.h"),
+  ms_union,
    pointer_default(unique)
  ]
  
  interface netlogon
  {
         typedef bitmap samr_AcctFlags samr_AcctFlags;
-       typedef bitmap samr_GroupAttrs samr_GroupAttrs;
+       typedef bitmap security_GroupAttrs security_GroupAttrs;
         typedef enum netr_DeltaEnum8Bit netr_DeltaEnum8Bit;
         typedef enum netr_SamDatabaseID8Bit netr_SamDatabaseID8Bit;
  
@@ -50,8 +63,8 @@ interface netlogon
  
         WERROR netr_LogonUasLogon(
                 [in,unique] [string,charset(UTF16)] uint16 *server_name,
-               [in]   [string,charset(UTF16)] uint16 account_name[],
-               [in]   [string,charset(UTF16)] uint16 workstation[],
+               [in]   [string,charset(UTF16)] uint16 *account_name,
+               [in]   [string,charset(UTF16)] uint16 *workstation,
                 [out,ref]  netr_UasInfo **info
                 );
  
@@ -66,8 +79,8 @@ interface netlogon
  
         WERROR netr_LogonUasLogoff(
                 [in,unique] [string,charset(UTF16)] uint16 *server_name,
-               [in] [string,charset(UTF16)] uint16 account_name[],
-               [in] [string,charset(UTF16)] uint16 workstation[],
+               [in] [string,charset(UTF16)] uint16 *account_name,
+               [in] [string,charset(UTF16)] uint16 *workstation,
                 [out,ref] netr_UasLogoffInfo *info
                 );
  
@@ -108,16 +121,53 @@ interface netlogon
                 MSV1_0_CLEARTEXT_PASSWORD_ALLOWED       = 0x00000002,
                 MSV1_0_UPDATE_LOGON_STATISTICS          = 0x00000004,
                 MSV1_0_RETURN_USER_PARAMETERS           = 0x00000008,
+               MSV1_0_DONT_TRY_GUEST_ACCOUNT           = 0x00000010,
                 MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT       = 0x00000020,
+               MSV1_0_RETURN_PASSWORD_EXPIRY           = 0x00000040,
+               MSV1_0_USE_CLIENT_CHALLENGE             = 0x00000080,
+               MSV1_0_TRY_GUEST_ACCOUNT_ONLY           = 0x00000100,
                 MSV1_0_RETURN_PROFILE_PATH              = 0x00000200,
-               MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT  = 0x00000800
+               MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY        = 0x00000400,
+               MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT  = 0x00000800,
+               MSV1_0_DISABLE_PERSONAL_FALLBACK        = 0x00001000,
+               MSV1_0_ALLOW_FORCE_GUEST                = 0x00002000,
+               MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED      = 0x00004000,
+               MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY      = 0x00008000,
+               MSV1_0_ALLOW_MSVCHAPV2                  = 0x00010000,
+               MSV1_0_S4U2SELF                         = 0x00020000,
+               MSV1_0_CHECK_LOGONHOURS_FOR_S4U         = 0x00040000,
+               MSV1_0_SUBAUTHENTICATION_DLL_EX         = 0x00100000
         } netr_LogonParameterControl;
  
+       /* Summary of the of the Query and Response from Microsoft on
+        * the usage of logon_id in netr_IdendityInfo
+        *
+        * [REG:119013019612095] [MS-NRPC]: NETLOGON_LOGON_IDENTITY_INFO: Does
+        * the Reserved field have LogonId meaning?
+        *
+        * Questions:
+        *   In NetrLogonSamLogonEx does the Reserved field
+        *   (of NETLOGON_LOGON_IDENTITY_INFO) have LogonId meaning?
+        *
+        *   What is a valid LogonID, and does have any audit usage?
+        *
+        *   Samba is sending a constant "deadbeef" in hex and would like to
+        *   understand any usage of this field.
+        *
+        * Response:
+        *   The NRPC spec is accurate in defining the field as Reserved, and
+        *   without protocol significance. In the header file in our source
+        *   code, it is defined as LogonId and commented as such, but it’s
+        *   effectively not used. This is probably why the API structure has
+        *   that field name. It may have been intended as such but it’s not
+        *    used.
+        *
+        * Samba now sends a random value in this field.
+        */
         typedef struct {
                 lsa_String  domain_name;
                 netr_LogonParameterControl parameter_control; /* see MSV1_0_* */
-               uint32      logon_id_low;
-               uint32      logon_id_high;
+               udlong logon_id;
                 lsa_String  account_name;
                 lsa_String  workstation;
         } netr_IdentityInfo;
@@ -148,7 +198,7 @@ interface netlogon
                 [size_is(length)] uint8 *data;
         } netr_GenericInfo;
  
-       typedef enum {
+       typedef [public] enum {
                 NetlogonInteractiveInformation = 1,
                 NetlogonNetworkInformation = 2,
                 NetlogonServiceInformation = 3,
@@ -166,6 +216,7 @@ interface netlogon
                 [case(NetlogonInteractiveTransitiveInformation)] netr_PasswordInfo *password;
                 [case(NetlogonNetworkTransitiveInformation)]     netr_NetworkInfo  *network;
                 [case(NetlogonServiceTransitiveInformation)]     netr_PasswordInfo *password;
+               [default];
         } netr_LogonLevel;
  
         typedef [public,flag(NDR_PAHEX)] struct {
@@ -192,9 +243,9 @@ interface netlogon
         } netr_UserFlags;
  
         typedef struct {
-               NTTIME last_logon;
-               NTTIME last_logoff;
-               NTTIME acct_expiry;
+               NTTIME logon_time;
+               NTTIME logoff_time;
+               NTTIME kickoff_time;
                 NTTIME last_password_change;
                 NTTIME allow_password_change;
                 NTTIME force_password_change;
@@ -210,22 +261,26 @@ interface netlogon
                 uint32 primary_gid;
                 samr_RidWithAttributeArray groups;
                 netr_UserFlags user_flags;
-               netr_UserSessionKey key;
+               [flag(NDR_SECRET)] netr_UserSessionKey key;
                 lsa_StringLarge logon_server;
-               lsa_StringLarge domain;
+               lsa_StringLarge logon_domain;
                 dom_sid2 *domain_sid;
-               netr_LMSessionKey LMSessKey;
+               [flag(NDR_SECRET)] netr_LMSessionKey LMSessKey;
                 samr_AcctFlags acct_flags;
-               uint32 unknown[7];
+               uint32 sub_auth_status;
+               NTTIME last_successful_logon;
+               NTTIME last_failed_logon;
+               uint32 failed_logon_count;
+               uint32 reserved;
         } netr_SamBaseInfo;
  
         typedef struct {
                 netr_SamBaseInfo base;
         } netr_SamInfo2;
  
-       typedef struct {
+       typedef [public] struct {
                 dom_sid2 *sid;
-               samr_GroupAttrs attributes;
+               security_GroupAttrs attributes;
         } netr_SidAttr;
  
         typedef [public] struct {
@@ -238,8 +293,16 @@ interface netlogon
                 netr_SamBaseInfo base;
                 uint32 sidcount;
                 [size_is(sidcount)] netr_SidAttr *sids;
-               lsa_String forest;
-               lsa_String principle;
+               /*
+                * On ndr_push:
+                * Should pointer values be allocated
+                * of sids[*].sid before the following ones?
+                *
+                * That's at least the case for
+                * PAC_LOGON_INFO.
+                */
+               lsa_String dns_domainname;
+               lsa_String principal_name;
                 uint32 unknown4[20];
         } netr_SamInfo6;
  
@@ -278,27 +341,33 @@ interface netlogon
                 [case(4)] netr_PacInfo  *pac;
                 [case(NetlogonValidationGenericInfo2)] netr_GenericInfo2  *generic;
                 [case(NetlogonValidationSamInfo4)] netr_SamInfo6 *sam6;
+               [default];
         } netr_Validation;
  
         typedef [public, flag(NDR_PAHEX)] struct {
                 uint8 data[8];
         } netr_Credential;
  
+       typedef [public] struct {
+               netr_Credential client_challenge;
+               netr_Credential server_challenge;
+       } netlogon_server_pipe_state;
+
         typedef [public] struct {
                 netr_Credential cred;
                 time_t timestamp;
         } netr_Authenticator;
  
-       NTSTATUS netr_LogonSamLogon(
-               [in,unique] [string,charset(UTF16)] uint16         *server_name,
-               [in,unique] [string,charset(UTF16)] uint16         *computer_name,
-               [in,unique] netr_Authenticator                     *credential,
-               [in,out,unique] netr_Authenticator                 *return_authenticator,
-               [in]  netr_LogonInfoClass                           logon_level,
-               [in,ref]  [switch_is(logon_level)] netr_LogonLevel *logon,
-               [in]  uint16                                        validation_level,
+       [public] NTSTATUS netr_LogonSamLogon(
+               [in,unique] [string,charset(UTF16)] uint16 *server_name,
+               [in,unique] [string,charset(UTF16)] uint16 *computer_name,
+               [in,unique] netr_Authenticator *credential,
+               [in,out,unique] netr_Authenticator *return_authenticator,
+               [in] netr_LogonInfoClass logon_level,
+               [in,ref] [switch_is(logon_level)] netr_LogonLevel *logon,
+               [in] uint16 validation_level,
                 [out,ref] [switch_is(validation_level)] netr_Validation *validation,
-               [out,ref] uint8                                    *authoritative
+               [out,ref] uint8 *authoritative
                 );
  
  
@@ -321,7 +390,7 @@ interface netlogon
  
         [public] NTSTATUS netr_ServerReqChallenge(
                 [in,unique,string,charset(UTF16)] uint16 *server_name,
-               [in,string,charset(UTF16)] uint16 computer_name[],
+               [in,string,charset(UTF16)] uint16 *computer_name,
                 [in,ref] netr_Credential *credentials,
                 [out,ref] netr_Credential *return_credentials
                 );
@@ -334,9 +403,9 @@ interface netlogon
  
         NTSTATUS netr_ServerAuthenticate(
                 [in,unique,string,charset(UTF16)] uint16 *server_name,
-               [in,string,charset(UTF16)] uint16 account_name[],
-               [in]                       netr_SchannelType secure_channel_type,
-               [in,string,charset(UTF16)] uint16 computer_name[],
+               [in,string,charset(UTF16)] uint16 *account_name,
+               [in] netr_SchannelType secure_channel_type,
+               [in,string,charset(UTF16)] uint16 *computer_name,
                 [in,ref] netr_Credential *credentials,
                 [out,ref] netr_Credential *return_credentials
                 );
@@ -347,9 +416,9 @@ interface netlogon
  
         NTSTATUS netr_ServerPasswordSet(
                 [in,unique] [string,charset(UTF16)] uint16 *server_name,
-               [in]  [string,charset(UTF16)] uint16 account_name[],
+               [in]  [string,charset(UTF16)] uint16 *account_name,
                 [in]  netr_SchannelType secure_channel_type,
-               [in]  [string,charset(UTF16)] uint16 computer_name[],
+               [in]  [string,charset(UTF16)] uint16 *computer_name,
                 [in,ref]  netr_Authenticator *credential,
                 [out,ref] netr_Authenticator *return_authenticator,
                 [in,ref] samr_Password *new_password
@@ -588,10 +657,6 @@ interface netlogon
                 uint32 unknown8;
         } netr_DELTA_TRUSTED_DOMAIN;
  
-       typedef struct {
-               uint16 unknown;
-       } netr_DELTA_DELETE_TRUST;
-
         typedef struct {
                 uint32 privilege_entries;
                 uint32 privilege_control;
@@ -611,14 +676,6 @@ interface netlogon
                 uint32 unknown8;
         } netr_DELTA_ACCOUNT;
  
-       typedef struct {
-               uint16 unknown;
-       } netr_DELTA_DELETE_ACCOUNT;
-
-       typedef struct {
-               uint16 unknown;
-       } netr_DELTA_DELETE_SECRET;
-
         typedef struct {
                 uint32 len;
                 uint32 maxlen;
@@ -681,15 +738,16 @@ interface netlogon
                 [case(NETR_DELTA_RENAME_ALIAS)]    netr_DELTA_RENAME          *rename_alias;
                 [case(NETR_DELTA_ALIAS_MEMBER)]    netr_DELTA_ALIAS_MEMBER    *alias_member;
                 [case(NETR_DELTA_POLICY)]          netr_DELTA_POLICY          *policy;
-               [case(NETR_DELTA_TRUSTED_DOMAIN)]  netr_DELTA_TRUSTED_DOMAIN   *trusted_domain;
-               [case(NETR_DELTA_DELETE_TRUST)]    netr_DELTA_DELETE_TRUST     delete_trust;
+               [case(NETR_DELTA_TRUSTED_DOMAIN)]  netr_DELTA_TRUSTED_DOMAIN  *trusted_domain;
+               [case(NETR_DELTA_DELETE_TRUST)]    ; /* sid only */
                 [case(NETR_DELTA_ACCOUNT)]         netr_DELTA_ACCOUNT         *account;
-               [case(NETR_DELTA_DELETE_ACCOUNT)]  netr_DELTA_DELETE_ACCOUNT   delete_account;
+               [case(NETR_DELTA_DELETE_ACCOUNT)]  ; /* sid only */
                 [case(NETR_DELTA_SECRET)]          netr_DELTA_SECRET          *secret;
-               [case(NETR_DELTA_DELETE_SECRET)]   netr_DELTA_DELETE_SECRET    delete_secret;
+               [case(NETR_DELTA_DELETE_SECRET)]   ; /* name only */
                 [case(NETR_DELTA_DELETE_GROUP2)]   netr_DELTA_DELETE_USER     *delete_group;
                 [case(NETR_DELTA_DELETE_USER2)]    netr_DELTA_DELETE_USER     *delete_user;
                 [case(NETR_DELTA_MODIFY_COUNT)]    udlong                     *modified_count;
+               [default];
         } netr_DELTA_UNION;
  
         typedef [switch_type(netr_DeltaEnum)] union {
@@ -715,6 +773,7 @@ interface netlogon
                 [case(NETR_DELTA_DELETE_GROUP2)]   uint32 rid;
                 [case(NETR_DELTA_DELETE_USER2)]    uint32 rid;
                 [case(NETR_DELTA_MODIFY_COUNT)]    ;
+               [default];
         } netr_DELTA_ID_UNION;
  
         typedef struct {
@@ -728,10 +787,9 @@ interface netlogon
                 [size_is(num_deltas)] netr_DELTA_ENUM *delta_enum;
         } netr_DELTA_ENUM_ARRAY;
  
-
         NTSTATUS netr_DatabaseDeltas(
-               [in]      [string,charset(UTF16)] uint16 logon_server[],
-               [in]      [string,charset(UTF16)] uint16 computername[],
+               [in]      [string,charset(UTF16)] uint16 *logon_server,
+               [in]      [string,charset(UTF16)] uint16 *computername,
                 [in,ref]  netr_Authenticator *credential,
                 [in,out,ref]  netr_Authenticator *return_authenticator,
                 [in]      netr_SamDatabaseID database_id,
@@ -745,8 +803,8 @@ interface netlogon
         /* Function 0x08 */
  
         NTSTATUS netr_DatabaseSync(
-               [in]     [string,charset(UTF16)] uint16 logon_server[],
-               [in]     [string,charset(UTF16)] uint16 computername[],
+               [in]     [string,charset(UTF16)] uint16 *logon_server,
+               [in]     [string,charset(UTF16)] uint16 *computername,
                 [in,ref] netr_Authenticator *credential,
                 [in,out,ref] netr_Authenticator *return_authenticator,
                 [in]     netr_SamDatabaseID database_id,
@@ -773,7 +831,7 @@ interface netlogon
  
         NTSTATUS netr_AccountDeltas(
                 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
-               [in]     [string,charset(UTF16)] uint16 computername[],
+               [in]     [string,charset(UTF16)] uint16 *computername,
                 [in]     netr_Authenticator credential,
                 [in,out,ref] netr_Authenticator *return_authenticator,
                 [in]     netr_UAS_INFO_0 uas,
@@ -792,7 +850,7 @@ interface netlogon
  
         NTSTATUS netr_AccountSync(
                 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
-               [in]      [string,charset(UTF16)] uint16 computername[],
+               [in]      [string,charset(UTF16)] uint16 *computername,
                 [in]      netr_Authenticator credential,
                 [in,out,ref]  netr_Authenticator *return_authenticator,
                 [in]      uint32 reference,
@@ -810,7 +868,7 @@ interface netlogon
         /* Function 0x0B */
  
         WERROR netr_GetDcName(
-               [in]  [string,charset(UTF16)] uint16 logon_server[],
+               [in]  [string,charset(UTF16)] uint16 *logon_server,
                 [in,unique] [string,charset(UTF16)] uint16 *domainname,
                 [out,ref] [string,charset(UTF16)] uint16 **dcname
                 );
@@ -819,21 +877,26 @@ interface netlogon
         /* Function 0x0C */
  
         typedef [bitmap32bit] bitmap {
-               NETLOGON_CTRL_REPL_NEEDED       = 0x0001,
-               NETLOGON_CTRL_REPL_IN_PROGRESS  = 0x0002,
-               NETLOGON_CTRL_REPL_FULL_SYNC    = 0x0004
+               NETLOGON_REPLICATION_NEEDED             = 0x00000001,
+               NETLOGON_REPLICATION_IN_PROGRESS        = 0x00000002,
+               NETLOGON_FULL_SYNC_REPLICATION          = 0x00000004,
+               NETLOGON_REDO_NEEDED                    = 0x00000008,
+               NETLOGON_HAS_IP                         = 0x00000010,
+               NETLOGON_HAS_TIMESERV                   = 0x00000020,
+               NETLOGON_DNS_UPDATE_FAILURE             = 0x00000040,
+               NETLOGON_VERIFY_STATUS_RETURNED         = 0x00000080
         } netr_InfoFlags;
  
         typedef struct {
                 netr_InfoFlags flags;
-               uint32 pdc_connection_status;
+               WERROR pdc_connection_status;
         } netr_NETLOGON_INFO_1;
  
         typedef struct {
                 netr_InfoFlags flags;
-               uint32 pdc_connection_status;
+               WERROR pdc_connection_status;
                 [string,charset(UTF16)] uint16 *trusted_dc_name;
-               uint32 tc_connection_status;
+               WERROR tc_connection_status;
         } netr_NETLOGON_INFO_2;
  
         typedef struct {
@@ -846,26 +909,44 @@ interface netlogon
                 uint32 unknown5;
         } netr_NETLOGON_INFO_3;
  
-       typedef union {
+       typedef struct {
+               [string,charset(UTF16)] uint16 *trusted_dc_name;
+               [string,charset(UTF16)] uint16 *trusted_domain_name;
+       } netr_NETLOGON_INFO_4;
+
+       typedef [public] union {
                 [case(1)]  netr_NETLOGON_INFO_1 *info1;
                 [case(2)]  netr_NETLOGON_INFO_2 *info2;
                 [case(3)]  netr_NETLOGON_INFO_3 *info3;
+               [case(4)]  netr_NETLOGON_INFO_4 *info4;
+               [default] ;
         } netr_CONTROL_QUERY_INFORMATION;
  
         /* function_code values */
-       typedef [v1_enum] enum {
-               NETLOGON_CONTROL_SYNC             = 2,
-               NETLOGON_CONTROL_REDISCOVER       = 5,
-               NETLOGON_CONTROL_TC_QUERY         = 6,
-               NETLOGON_CONTROL_TRANSPORT_NOTIFY = 7,
-               NETLOGON_CONTROL_SET_DBFLAG       = 65534
+       typedef [v1_enum,public] enum {
+               NETLOGON_CONTROL_QUERY                  = 0x00000001,
+               NETLOGON_CONTROL_REPLICATE              = 0x00000002,
+               NETLOGON_CONTROL_SYNCHRONIZE            = 0x00000003,
+               NETLOGON_CONTROL_PDC_REPLICATE          = 0x00000004,
+               NETLOGON_CONTROL_REDISCOVER             = 0x00000005,
+               NETLOGON_CONTROL_TC_QUERY               = 0x00000006,
+               NETLOGON_CONTROL_TRANSPORT_NOTIFY       = 0x00000007,
+               NETLOGON_CONTROL_FIND_USER              = 0x00000008,
+               NETLOGON_CONTROL_CHANGE_PASSWORD        = 0x00000009,
+               NETLOGON_CONTROL_TC_VERIFY              = 0x0000000A,
+               NETLOGON_CONTROL_FORCE_DNS_REG          = 0x0000000B,
+               NETLOGON_CONTROL_QUERY_DNS_REG          = 0x0000000C,
+               NETLOGON_CONTROL_BACKUP_CHANGE_LOG      = 0x0000FFFC,
+               NETLOGON_CONTROL_TRUNCATE_LOG           = 0x0000FFFD,
+               NETLOGON_CONTROL_SET_DBFLAG             = 0x0000FFFE,
+               NETLOGON_CONTROL_BREAKPOINT             = 0x0000FFFF
         } netr_LogonControlCode;
  
         WERROR netr_LogonControl(
                 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
                 [in]   netr_LogonControlCode function_code,
                 [in]   uint32 level,
-               [out,ref,switch_is(level)]  netr_CONTROL_QUERY_INFORMATION *info
+               [out,ref,switch_is(level)] netr_CONTROL_QUERY_INFORMATION *query
                 );
  
  
@@ -882,11 +963,15 @@ interface netlogon
         /*****************/
         /* Function 0x0E */
  
-       typedef union {
+       typedef [public,switch_type(netr_LogonControlCode)] union {
                 [case(NETLOGON_CONTROL_REDISCOVER)]        [string,charset(UTF16)] uint16 *domain;
                 [case(NETLOGON_CONTROL_TC_QUERY)]          [string,charset(UTF16)] uint16 *domain;
                 [case(NETLOGON_CONTROL_TRANSPORT_NOTIFY)]  [string,charset(UTF16)] uint16 *domain;
+               [case(NETLOGON_CONTROL_CHANGE_PASSWORD)]   [string,charset(UTF16)] uint16 *domain;
+               [case(NETLOGON_CONTROL_TC_VERIFY)]         [string,charset(UTF16)] uint16 *domain;
+               [case(NETLOGON_CONTROL_FIND_USER)]         [string,charset(UTF16)] uint16 *user;
                 [case(NETLOGON_CONTROL_SET_DBFLAG)]        uint32 debug_level;
+               [default] ;
         } netr_CONTROL_DATA_INFORMATION;
  
         WERROR netr_LogonControl2(
@@ -905,7 +990,7 @@ interface netlogon
         /*****************/
         /* Function 0x0F */
  
-       typedef [bitmap32bit] bitmap {
+       typedef [public,bitmap32bit] bitmap {
                 NETLOGON_NEG_ACCOUNT_LOCKOUT            = 0x00000001,
                 NETLOGON_NEG_PERSISTENT_SAMREPL         = 0x00000002,
                 NETLOGON_NEG_ARCFOUR                    = 0x00000004,
@@ -920,7 +1005,7 @@ interface netlogon
                 NETLOGON_NEG_CONCURRENT_RPC             = 0x00000800,
                 NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL      = 0x00001000,
                 NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL = 0x00002000,
-               NETLOGON_NEG_128BIT                     = 0x00004000, /* STRONG_KEYS */
+               NETLOGON_NEG_STRONG_KEYS                = 0x00004000,
                 NETLOGON_NEG_TRANSITIVE_TRUSTS          = 0x00008000,
                 NETLOGON_NEG_DNS_DOMAIN_TRUSTS          = 0x00010000,
                 NETLOGON_NEG_PASSWORD_SET2              = 0x00020000,
@@ -928,15 +1013,20 @@ interface netlogon
                 NETLOGON_NEG_CROSS_FOREST_TRUSTS        = 0x00080000,
                 NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION   = 0x00100000,
                 NETLOGON_NEG_RODC_PASSTHROUGH           = 0x00200000,
+               NETLOGON_NEG_SUPPORTS_AES_SHA2          = 0x00400000,
+               NETLOGON_NEG_SUPPORTS_AES               = 0x01000000,
                 NETLOGON_NEG_AUTHENTICATED_RPC_LSASS    = 0x20000000,
-               NETLOGON_NEG_SCHANNEL                   = 0x40000000 /* AUTHENTICATED_RPC */
+               NETLOGON_NEG_AUTHENTICATED_RPC          = 0x40000000
         } netr_NegotiateFlags;
  
+       const uint32 NETLOGON_NEG_128BIT = NETLOGON_NEG_STRONG_KEYS;
+       const uint32 NETLOGON_NEG_SCHANNEL = NETLOGON_NEG_AUTHENTICATED_RPC;
+
         NTSTATUS netr_ServerAuthenticate2(
                 [in,unique]  [string,charset(UTF16)] uint16 *server_name,
-               [in]         [string,charset(UTF16)] uint16 account_name[],
+               [in]         [string,charset(UTF16)] uint16 *account_name,
                 [in]         netr_SchannelType secure_channel_type,
-               [in]         [string,charset(UTF16)] uint16 computer_name[],
+               [in]         [string,charset(UTF16)] uint16 *computer_name,
                 [in,ref]     netr_Credential *credentials,
                 [out,ref]    netr_Credential *return_credentials,
                 [in,out,ref] netr_NegotiateFlags *negotiate_flags
@@ -946,13 +1036,25 @@ interface netlogon
         /*****************/
         /* Function 0x10 */
  
+       typedef enum {
+               SYNCSTATE_NORMAL_STATE             = 0,
+               SYNCSTATE_DOMAIN_STATE             = 1,
+               SYNCSTATE_GROUP_STATE              = 2,
+               SYNCSTATE_UAS_BUILT_IN_GROUP_STATE = 3,
+               SYNCSTATE_USER_STATE               = 4,
+               SYNCSTATE_GROUP_MEMBER_STATE       = 5,
+               SYNCSTATE_ALIAS_STATE              = 6,
+               SYNCSTATE_ALIAS_MEMBER_STATE       = 7,
+               SYNCSTATE_SAM_DONE_STATE           = 8
+       } SyncStateEnum;
+
         NTSTATUS netr_DatabaseSync2(
-               [in]     [string,charset(UTF16)] uint16 logon_server[],
-               [in]     [string,charset(UTF16)] uint16 computername[],
+               [in]     [string,charset(UTF16)] uint16 *logon_server,
+               [in]     [string,charset(UTF16)] uint16 *computername,
                 [in,ref] netr_Authenticator *credential,
                 [in,out,ref] netr_Authenticator *return_authenticator,
                 [in]     netr_SamDatabaseID database_id,
-               [in]     uint16 restart_state,
+               [in]     SyncStateEnum restart_state,
                 [in,out,ref] uint32 *sync_context,
                 [out,ref]    netr_DELTA_ENUM_ARRAY **delta_enum_array,
                 [in]     uint32 preferredmaximumlength
@@ -989,12 +1091,19 @@ interface netlogon
         } netr_ChangeLogEntry;
  
         NTSTATUS netr_DatabaseRedo(
-               [in]     [string,charset(UTF16)] uint16 logon_server[],
-               [in]     [string,charset(UTF16)] uint16 computername[],
+               [in]     [string,charset(UTF16)] uint16 *logon_server,
+               [in]     [string,charset(UTF16)] uint16 *computername,
                 [in]     netr_Authenticator *credential,
                 [in,out,ref] netr_Authenticator *return_authenticator,
-               [in]     [subcontext(4),subcontext_size(change_log_entry_size)] netr_ChangeLogEntry change_log_entry,
-               [in]     [value(ndr_size_netr_ChangeLogEntry(&change_log_entry, ndr->flags))] uint32 change_log_entry_size,
+               /*
+                * we cannot use subcontext_size() here, as
+                * change_log_entry_size is encoded after the subcontext
+                */
+               [in]     [subcontext(4)/*,subcontext_size(change_log_entry_size)*/]
+                       netr_ChangeLogEntry change_log_entry,
+               [in]     [value(ndr_size_netr_ChangeLogEntry(&change_log_entry,
+                               ndr->flags))]
+                       uint32 change_log_entry_size,
                 [out,ref]    netr_DELTA_ENUM_ARRAY **delta_enum_array
                 );
  
@@ -1004,10 +1113,10 @@ interface netlogon
  
         WERROR netr_LogonControl2Ex(
                 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
-               [in]   uint32 function_code,
+               [in]   netr_LogonControlCode function_code,
                 [in]   uint32 level,
-               [in][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION  data,
-               [out,ref][switch_is(level)]     netr_CONTROL_QUERY_INFORMATION *query
+               [in,ref][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION  *data,
+               [out,ref][switch_is(level)] netr_CONTROL_QUERY_INFORMATION *query
                 );
  
         /*****************/
@@ -1017,7 +1126,7 @@ interface netlogon
                 [size_is(length)] uint8 *data;
         } netr_Blob;
  
-       WERROR netr_NetrEnumerateTrustedDomains(
+       NTSTATUS netr_NetrEnumerateTrustedDomains(
                 [in,unique] [string,charset(UTF16)] uint16 *server_name,
                 [out,ref] netr_Blob *trusted_domains_blob
                 );
@@ -1025,7 +1134,7 @@ interface netlogon
         /*****************/
         /* Function 0x14 */
  
-       /* one unkown bit still: DS_IP_VERSION_AGNOSTIC - gd*/
+       /* one unknown bit still: DS_IP_VERSION_AGNOSTIC - gd*/
  
         const int DSGETDC_VALID_FLAGS = (DS_FORCE_REDISCOVERY |
                                          DS_DIRECTORY_SERVICE_REQUIRED |
@@ -1042,6 +1151,16 @@ interface netlogon
                                          DS_ONLY_LDAP_NEEDED |
                                          DS_IS_FLAT_NAME |
                                          DS_IS_DNS_NAME |
+                                        DS_TRY_NEXTCLOSEST_SITE |
+                                        DS_DIRECTORY_SERVICE_6_REQUIRED |
+                                        DS_WEB_SERVICE_REQUIRED |
+                                        /*
+                                         * For now we skip these until
+                                         * we have test for them:
+                                         * DS_DIRECTORY_SERVICE_8_REQUIRED |
+                                         * DS_DIRECTORY_SERVICE_9_REQUIRED |
+                                         * DS_DIRECTORY_SERVICE_10_REQUIRED |
+                                         */
                                          DS_RETURN_FLAT_NAME |
                                          DS_RETURN_DNS_NAME);
  
@@ -1062,7 +1181,11 @@ interface netlogon
                 DS_IS_FLAT_NAME                 = 0x00010000,
                 DS_IS_DNS_NAME                  = 0x00020000,
                 DS_TRY_NEXTCLOSEST_SITE         = 0x00040000,
-               DS_DIRECTORY_SERVICE_6_REQUIRED = 0x00080000,
+               DS_DIRECTORY_SERVICE_6_REQUIRED = 0x00080000, /* 2008 */
+               DS_WEB_SERVICE_REQUIRED         = 0x00100000,
+               DS_DIRECTORY_SERVICE_8_REQUIRED = 0x00200000, /* 2012 */
+               DS_DIRECTORY_SERVICE_9_REQUIRED = 0x00400000, /* 2012R2 */
+               DS_DIRECTORY_SERVICE_10_REQUIRED= 0x00800000, /* 2016 */
                 DS_RETURN_DNS_NAME              = 0x40000000,
                 DS_RETURN_FLAT_NAME             = 0x80000000
         } netr_DsRGetDCName_flags;
@@ -1073,21 +1196,25 @@ interface netlogon
         } netr_DsRGetDCNameInfo_AddressType;
  
         typedef [bitmap32bit] bitmap {
-               DS_SERVER_PDC                    = NBT_SERVER_PDC,
-               DS_SERVER_GC                     = NBT_SERVER_GC,
-               DS_SERVER_LDAP                   = NBT_SERVER_LDAP,
-               DS_SERVER_DS                     = NBT_SERVER_DS,
-               DS_SERVER_KDC                    = NBT_SERVER_KDC,
-               DS_SERVER_TIMESERV               = NBT_SERVER_TIMESERV,
-               DS_SERVER_CLOSEST                = NBT_SERVER_CLOSEST,
-               DS_SERVER_WRITABLE               = NBT_SERVER_WRITABLE,
-               DS_SERVER_GOOD_TIMESERV          = NBT_SERVER_GOOD_TIMESERV,
-               DS_SERVER_NDNC                   = NBT_SERVER_NDNC,
-               DS_SERVER_SELECT_SECRET_DOMAIN_6 = NBT_SERVER_SELECT_SECRET_DOMAIN_6,
-               DS_SERVER_FULL_SECRET_DOMAIN_6   = NBT_SERVER_FULL_SECRET_DOMAIN_6,
+               DS_SERVER_PDC                    = 0x00000001,
+               DS_SERVER_GC                     = 0x00000004,
+               DS_SERVER_LDAP                   = 0x00000008,
+               DS_SERVER_DS                     = 0x00000010,
+               DS_SERVER_KDC                    = 0x00000020,
+               DS_SERVER_TIMESERV               = 0x00000040,
+               DS_SERVER_CLOSEST                = 0x00000080,
+               DS_SERVER_WRITABLE               = 0x00000100,
+               DS_SERVER_GOOD_TIMESERV          = 0x00000200,
+               DS_SERVER_NDNC                   = 0x00000400,
+               DS_SERVER_SELECT_SECRET_DOMAIN_6 = 0x00000800, /* 2008 / RODC */
+               DS_SERVER_FULL_SECRET_DOMAIN_6   = 0x00001000, /* 2008 / RWDC */
+               DS_SERVER_WEBSERV                = 0x00002000,
+               DS_SERVER_DS_8                   = 0x00004000, /* 2012 */
+               DS_SERVER_DS_9                   = 0x00008000, /* 2012R2 */
+               DS_SERVER_DS_10                  = 0x00010000, /* 2016 */
                 DS_DNS_CONTROLLER                = 0x20000000,
                 DS_DNS_DOMAIN                    = 0x40000000,
-               DS_DNS_FOREST                    = 0x80000000
+               DS_DNS_FOREST_ROOT               = 0x80000000
         } netr_DsR_DcFlags;
  
         typedef [public] struct {
@@ -1113,7 +1240,18 @@ interface netlogon
  
         /*****************/
         /* Function 0x15 */
-       [todo] WERROR netr_NETRLOGONDUMMYROUTINE1();
+       typedef [switch_type(uint32)] union {
+               [case(1)] netr_NegotiateFlags server_capabilities;
+       } netr_Capabilities;
+
+       NTSTATUS netr_LogonGetCapabilities(
+               [in]         [string,charset(UTF16)] uint16 *server_name,
+               [in,unique]  [string,charset(UTF16)] uint16 *computer_name,
+               [in,ref]     netr_Authenticator *credential,
+               [in,out,ref] netr_Authenticator *return_authenticator,
+               [in]         uint32 query_level,
+               [out,ref,switch_is(query_level)] netr_Capabilities *capabilities
+               );
  
         /****************/
         /* Function 0x16 */
@@ -1139,9 +1277,9 @@ interface netlogon
         /* Function 0x1a */
         [public] NTSTATUS netr_ServerAuthenticate3(
                 [in,unique]  [string,charset(UTF16)] uint16 *server_name,
-               [in]         [string,charset(UTF16)] uint16 account_name[],
+               [in]         [string,charset(UTF16)] uint16 *account_name,
                 [in]         netr_SchannelType secure_channel_type,
-               [in]         [string,charset(UTF16)] uint16 computer_name[],
+               [in]         [string,charset(UTF16)] uint16 *computer_name,
                 [in,ref]     netr_Credential *credentials,
                 [out,ref]    netr_Credential *return_credentials,
                 [in,out,ref] netr_NegotiateFlags *negotiate_flags,
@@ -1170,7 +1308,7 @@ interface netlogon
  
         /****************/
         /* Function 0x1d */
-       typedef [bitmap32bit] bitmap {
+       typedef [public,bitmap32bit] bitmap {
                 NETR_TRUST_FLAG_IN_FOREST = 0x00000001,
                 NETR_TRUST_FLAG_OUTBOUND  = 0x00000002,
                 NETR_TRUST_FLAG_TREEROOT  = 0x00000004,
@@ -1181,111 +1319,190 @@ interface netlogon
                 NETR_TRUST_FLAG_AES       = 0x00000100
         } netr_TrustFlags;
  
-       typedef [flag(NDR_PAHEX)] struct {
-               uint16 length;
-               uint16 size;
-               [size_is(size/2),length_is(length/2)] uint16 *data;
-       } netr_BinaryString;
+       typedef [bitmap32bit] bitmap {
+               NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS = 0x00000001,
+               NETR_WS_FLAG_HANDLES_SPN_UPDATE     = 0x00000002
+       } netr_WorkstationFlags;
+
+       typedef [bitmap16bit] bitmap {
+               NETR_VER_SUITE_BACKOFFICE               = 0x0004,
+               NETR_VER_SUITE_BLADE                    = 0x0400,
+               NETR_VER_SUITE_COMPUTE_SERVER           = 0x4000,
+               NETR_VER_SUITE_DATACENTER               = 0x0080,
+               NETR_VER_SUITE_ENTERPRISE               = 0x0002,
+               NETR_VER_SUITE_EMBEDDEDNT               = 0x0040,
+               NETR_VER_SUITE_PERSONAL                 = 0x0200,
+               NETR_VER_SUITE_SINGLEUSERTS             = 0x0100,
+               NETR_VER_SUITE_SMALLBUSINESS            = 0x0001,
+               NETR_VER_SUITE_SMALLBUSINESS_RESTRICTED = 0x0020,
+               NETR_VER_SUITE_STORAGE_SERVER           = 0x2000,
+               NETR_VER_SUITE_TERMINAL                 = 0x0010,
+               NETR_VER_SUITE_WH_SERVER                = 0x8000
+       } netr_SuiteMask;
+
+       typedef [bitmap8bit] bitmap {
+               NETR_VER_NT_DOMAIN_CONTROLLER   = 0x02,
+               NETR_VER_NT_SERVER              = 0x03,
+               NETR_VER_NT_WORKSTATION         = 0x01
+       } netr_ProductType;
  
         typedef struct {
-               netr_Blob blob;
-               [string,charset(UTF16)] uint16 *workstation_domain;
-               [string,charset(UTF16)] uint16 *workstation_site;
-               [string,charset(UTF16)] uint16 *unknown1;
-               [string,charset(UTF16)] uint16 *unknown2;
-               [string,charset(UTF16)] uint16 *unknown3;
-               [string,charset(UTF16)] uint16 *unknown4;
-               netr_BinaryString blob2;
-               lsa_String product;
-               lsa_String unknown5;
-               lsa_String unknown6;
-               uint32 unknown7[4];
-       } netr_DomainQuery1;
+               uint32 policy_size;
+               [size_is(policy_size)] uint8 *policy;
+       } netr_LsaPolicyInformation;
  
-       typedef union {
-               [case(1)] netr_DomainQuery1 *query1;
-               [case(2)] netr_DomainQuery1 *query1;
-       } netr_DomainQuery;
+       typedef struct {
+               [value(284)] uint32 OSVersionInfoSize;
+               uint32 MajorVersion;
+               uint32 MinorVersion;
+               uint32 BuildNumber;
+               uint32 PlatformId;
+               [subcontext(0),subcontext_size(256)] nstring CSDVersion;
+               uint16 ServicePackMajor;
+               uint16 ServicePackMinor;
+               netr_SuiteMask SuiteMask;
+               netr_ProductType ProductType;
+               uint8 Reserved;
+       } netr_OsVersionInfoEx;
  
         typedef struct {
                 /* these first 3 values come from the fact windows
                    actually encodes this structure as a UNICODE_STRING
                    - see MS-NRPC section 2.2.1.3.9 */
-               [value(8)] uint32 length;
-               [value(0)] uint32 dummy;
-               [value(8)] uint32 size;
+               /* 142 * 2 = 284 (length of structure "netr_OsVersionInfoEx") */
+               [value(142)] uint3264 length;
+               [value(0)] uint3264 dummy;
+               [value(142)] uint3264 size;
+               [subcontext(0),subcontext_size(size*2)]
+               netr_OsVersionInfoEx os;
+       } netr_OsVersion;
+
+       typedef struct {
+               /* value is 284 when info != os, otherwise 0 (for length and
+                  size) */
+               [value(os == NULL ? 0 : 284)] uint16 length;
+               [value(os == NULL ? 0 : 284)] uint16 size;
+               netr_OsVersion *os;
+       } netr_OsVersionContainer;
+
+       typedef struct {
+               netr_LsaPolicyInformation lsa_policy;
+               [string,charset(UTF16)] uint16 *dns_hostname;
+               [string,charset(UTF16)] uint16 *sitename;
+               [string,charset(UTF16)] uint16 *dummy1;
+               [string,charset(UTF16)] uint16 *dummy2;
+               [string,charset(UTF16)] uint16 *dummy3;
+               [string,charset(UTF16)] uint16 *dummy4;
+               netr_OsVersionContainer os_version;
+               lsa_String os_name;
+               lsa_String dummy_string3;
+               lsa_String dummy_string4;
+               netr_WorkstationFlags workstation_flags;
+               kerb_EncTypes supported_enc_types;
+               uint32 dummy_long3;
+               uint32 dummy_long4;
+       } netr_WorkstationInformation;
+
+       typedef union {
+               [case(1)] netr_WorkstationInformation *workstation_info;
+               [case(2)] netr_WorkstationInformation *lsa_policy_info;
+       } netr_WorkstationInfo;
+
+       typedef struct {
                 netr_TrustFlags flags;
                 uint32 parent_index;
-               uint32 trust_type;
-               uint32 trust_attributes;
+               lsa_TrustType trust_type;
+               lsa_TrustAttributes trust_attributes;
+       } netr_trust_extension_info;
+
+       typedef struct {
+               /* these first 3 values come from the fact windows
+                  actually encodes this structure as a UNICODE_STRING
+                  - see MS-NRPC section 2.2.1.3.9 */
+               [value(8)] uint3264 length;
+               [value(0)] uint3264 dummy;
+               [value(8)] uint3264 size;
+               [subcontext(0),subcontext_size(size*2)]
+               netr_trust_extension_info info;
         } netr_trust_extension;
  
         typedef struct {
-               uint16 length; /* value is 16 when info != NULL, otherwise 0 */
-               [value(length)] uint16 size;   /* value is 16 when info != NULL, otherwise 0 */
+               /* value is 16 when info != NULL, otherwise 0 */
+               [value(info == NULL ? 0 : 16)] uint16 length;
+               [value(info == NULL ? 0 : 16)] uint16 size;
                 netr_trust_extension *info;
         } netr_trust_extension_container;
  
         typedef struct {
-               lsa_String domainname;
-               lsa_String fulldomainname;
-               lsa_String forest;
-               GUID        guid;
-               dom_sid2    *sid;
+               lsa_StringLarge domainname;
+               lsa_StringLarge dns_domainname;
+               lsa_StringLarge dns_forestname;
+               GUID domain_guid;
+               dom_sid2 *domain_sid;
                 netr_trust_extension_container trust_extension;
-               lsa_String dummystring[3];
-               uint32     dummy[4];
-       } netr_DomainTrustInfo;
-
-       typedef struct {
-               uint32 policy_size;
-               [size_is(policy_size)] uint8 *policy;
-       } netr_LsaPolicyInfo;
-
-       typedef [public,bitmap32bit] bitmap {
-               NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS = 0x00000001,
-               NETR_WS_FLAG_HANDLES_SPN_UPDATE     = 0x00000002
-       } netr_WorkstationFlags;
+               lsa_StringLarge dummy_string2;
+               lsa_StringLarge dummy_string3;
+               lsa_StringLarge dummy_string4;
+               uint32 dummy_long1;
+               uint32 dummy_long2;
+               uint32 dummy_long3;
+               uint32 dummy_long4;
+       } netr_OneDomainInfo;
  
         typedef struct {
-               netr_DomainTrustInfo domaininfo;
-               uint32 num_trusts;
-               [size_is(num_trusts)] netr_DomainTrustInfo *trusts;
-               netr_LsaPolicyInfo lsa_policy;
-               lsa_String dns_hostname;
-               lsa_String dummystring[3];
+               netr_OneDomainInfo primary_domain;
+               uint32 trusted_domain_count;
+               [size_is(trusted_domain_count)] netr_OneDomainInfo *trusted_domains;
+               netr_LsaPolicyInformation lsa_policy;
+               lsa_StringLarge dns_hostname;
+               lsa_StringLarge dummy_string2;
+               lsa_StringLarge dummy_string3;
+               lsa_StringLarge dummy_string4;
                 netr_WorkstationFlags workstation_flags;
-               uint32 supported_enc_types;
-               uint32 dummy[2];
-       } netr_DomainInfo1;
+               kerb_EncTypes supported_enc_types;
+               uint32 dummy_long3;
+               uint32 dummy_long4;
+       } netr_DomainInformation;
  
         typedef union {
-               [case(1)] netr_DomainInfo1 *info1;
-               [case(2)] netr_DomainInfo1 *info2;
+               [case(1)] netr_DomainInformation *domain_info;
+               [case(2)] netr_LsaPolicyInformation *lsa_policy_info;
         } netr_DomainInfo;
         
-       NTSTATUS netr_LogonGetDomainInfo(
-               [in]         [string,charset(UTF16)] uint16 server_name[],
+       [public] NTSTATUS netr_LogonGetDomainInfo(
+               [in]         [string,charset(UTF16)] uint16 *server_name,
                 [in,unique]  [string,charset(UTF16)] uint16 *computer_name,
                 [in,ref]     netr_Authenticator *credential,
                 [in,out,ref] netr_Authenticator *return_authenticator,
                 [in]         uint32 level,
-               [in,switch_is(level)] netr_DomainQuery query,
+               [in,ref,switch_is(level)] netr_WorkstationInfo *query,
                 [out,ref,switch_is(level)] netr_DomainInfo *info
                 );
  
+       /*****************/
+       /* Function 0x1e */
+
+       /* [MS-NRPC] 2.2.1.3.8 NL_PASSWORD_VERSION */
+
+       /* someone's birthday ? */
+       const int NETLOGON_PASSWORD_VERSION_NUMBER_PRESENT = 0x02231968;
+
+       typedef struct {
+               uint32 ReservedField;
+               uint32 PasswordVersionNumber;
+               uint32 PasswordVersionPresent;
+       } NL_PASSWORD_VERSION;
+
         typedef [flag(NDR_PAHEX)] struct {
                 uint8 data[512];
                 uint32 length;
         } netr_CryptPassword;
  
-       /*****************/
-       /* Function 0x1e */
         NTSTATUS netr_ServerPasswordSet2(
                 [in,unique] [string,charset(UTF16)] uint16 *server_name,
-               [in]  [string,charset(UTF16)] uint16 account_name[],
+               [in]  [string,charset(UTF16)] uint16 *account_name,
                 [in]  netr_SchannelType secure_channel_type,
-               [in]  [string,charset(UTF16)] uint16 computer_name[],
+               [in]  [string,charset(UTF16)] uint16 *computer_name,
                 [in,ref] netr_Authenticator *credential,
                 [out,ref] netr_Authenticator *return_authenticator,
                 [in,ref] netr_CryptPassword *new_password
@@ -1293,19 +1510,56 @@ interface netlogon
  
         /****************/
         /* Function 0x1f */
-       WERROR netr_ServerPasswordGet(
+       NTSTATUS netr_ServerPasswordGet(
                 [in,unique] [string,charset(UTF16)] uint16 *server_name,
-               [in]  [string,charset(UTF16)] uint16 account_name[],
+               [in]  [string,charset(UTF16)] uint16 *account_name,
                 [in]  netr_SchannelType secure_channel_type,
-               [in]  [string,charset(UTF16)] uint16 computer_name[],
+               [in]  [string,charset(UTF16)] uint16 *computer_name,
                 [in,ref] netr_Authenticator *credential,
                 [out,ref] netr_Authenticator *return_authenticator,
                 [out,ref] samr_Password *password
                 );
  
+       typedef [public] enum {
+               SendToSamUpdatePassword = 0,
+               SendToSamResetBadPasswordCount = 1,
+               SendToSamUpdatePasswordForward = 2,
+               SendToSamUpdateLastLogonTimestamp = 3,
+               SendToSamResetSmartCardPassword = 4
+       } netr_SendToSamType;
+
+       typedef struct {
+               GUID guid;
+       } netr_SendToSamResetBadPasswordCount;
+
+       typedef [nodiscriminant, public,switch_type(netr_SendToSamType)] union {
+               /* TODO Implement other SendToSam message types
+                * [case(SendToSamUpdatePassword)] netr_SendToSamUpdatePassword ...; */
+               [case(SendToSamResetBadPasswordCount)] netr_SendToSamResetBadPasswordCount reset_bad_password;
+               /*
+                * [case(SendToSamUpdatePasswordForward)] netrSendToSamUpdatePasswordForward ...;
+                * [case(SendToSamUpdateLastLogonTimestamp)] netrSendToSamUpdateLastLogonTimestamp ...;
+                * [case(SendToSamResetSmartCardPassword)]   netrSendToSamResetSmartCardPassword ...;
+                */
+               [default];
+       } netr_SendToSamMessage;
+
+       typedef [public] struct {
+               netr_SendToSamType message_type;
+               uint32 message_size;
+               [switch_is(message_type), subcontext(0), subcontext_size(message_size)] netr_SendToSamMessage message;
+       } netr_SendToSamBase;
+
         /****************/
         /* Function 0x20 */
-       [todo] WERROR netr_NETRLOGONSENDTOSAM();
+       NTSTATUS netr_NetrLogonSendToSam(
+               [in,unique] [string,charset(UTF16)] uint16 *server_name,
+               [in]  [string,charset(UTF16)] uint16 *computer_name,
+               [in,ref] netr_Authenticator *credential,
+               [out,ref] netr_Authenticator *return_authenticator,
+               [in,ref]  [size_is(buffer_len)] uint8 *opaque_buffer,
+               [in] uint32 buffer_len
+               );
  
         /****************/
         /* Function 0x21 */
@@ -1346,35 +1600,18 @@ interface netlogon
         /****************/
         /* Function 0x24 */
  
-       typedef [v1_enum] enum {
-               NETR_TRUST_TYPE_DOWNLEVEL       = 1,
-               NETR_TRUST_TYPE_UPLEVEL         = 2,
-               NETR_TRUST_TYPE_MIT             = 3,
-               NETR_TRUST_TYPE_DCE             = 4
-       } netr_TrustType;
-
-       typedef [bitmap32bit] bitmap {
-               NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE     = 0x00000001,
-               NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY       = 0x00000002,
-               NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN = 0x00000004,
-               NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE  = 0x00000008,
-               NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION = 0x00000010,
-               NETR_TRUST_ATTRIBUTE_WITHIN_FOREST      = 0x00000020,
-               NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL  = 0x00000040
-       } netr_TrustAttributes;
-
-       typedef struct {
+       typedef [public] struct {
                 [string,charset(UTF16)] uint16                  *netbios_name;
                 [string,charset(UTF16)] uint16                  *dns_name;
                 netr_TrustFlags         trust_flags;
                 uint32                  parent_index;
-               netr_TrustType          trust_type;
-               netr_TrustAttributes    trust_attributes;
+               lsa_TrustType           trust_type;
+               lsa_TrustAttributes     trust_attributes;
                 dom_sid2                *sid;
                 GUID                    guid;
         } netr_DomainTrust;
  
-        typedef struct {
+        typedef [public] struct {
                  uint32 count;
                  [size_is(count)] netr_DomainTrust *array;
          } netr_DomainTrustList;
@@ -1414,6 +1651,17 @@ interface netlogon
  
         /****************/
         /* Function 0x27 */
+       typedef [public,bitmap32bit] bitmap {
+               /* Request MUST be passed to the domain controller at the root of the forest. */
+               NETLOGON_SAMLOGON_FLAG_PASS_TO_FOREST_ROOT = 0x00000001,
+               /* Request MUST be passed to the DC at the end of the first hop over a cross-forest trust. */
+               NETLOGON_SAMLOGON_FLAG_PASS_CROSS_FOREST_HOP = 0x00000002,
+               /* Request was passed by an RODC to a DC in a different domain. */
+               NETLOGON_SAMLOGON_FLAG_RODC_TO_OTHER_DOMAIN = 0x00000004,
+               /* Request is an NTLM authentication package request passed by an RODC. */
+               NETLOGON_SAMLOGON_FLAG_RODC_NTLM_REQUEST = 0x00000008
+       } netr_LogonSamLogon_flags;
+
         NTSTATUS netr_LogonSamLogonEx(
                 [in,unique] [string,charset(UTF16)] uint16 *server_name,
                 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
@@ -1422,7 +1670,7 @@ interface netlogon
                 [in]  uint16 validation_level,
                 [out,ref] [switch_is(validation_level)] netr_Validation *validation,
                 [out,ref] uint8 *authoritative,
-               [in,out,ref] uint32 *flags
+               [in,out,ref] netr_LogonSamLogon_flags *flags
                 );
  
         /****************/
@@ -1449,13 +1697,13 @@ interface netlogon
         /* Function 0x2a */
         NTSTATUS netr_ServerTrustPasswordsGet(
                 [in,unique] [string,charset(UTF16)] uint16 *server_name,
-               [in]  [string,charset(UTF16)] uint16 account_name[],
+               [in]  [string,charset(UTF16)] uint16 *account_name,
                 [in]  netr_SchannelType secure_channel_type,
-               [in]  [string,charset(UTF16)] uint16 computer_name[],
+               [in]  [string,charset(UTF16)] uint16 *computer_name,
                 [in,ref] netr_Authenticator *credential,
                 [out,ref] netr_Authenticator *return_authenticator,
-               [out,ref] samr_Password *password,
-               [out,ref] samr_Password *password2
+               [out,ref] samr_Password *new_owf_password,
+               [out,ref] samr_Password *old_owf_password
         );
  
         /****************/
@@ -1472,9 +1720,9 @@ interface netlogon
  
         /****************/
         /* Function 0x2c */
-       WERROR netr_GetForestTrustInformation(
+       NTSTATUS netr_GetForestTrustInformation(
                 [in,unique] [string,charset(UTF16)] uint16 *server_name,
-               [in,ref] [string,charset(UTF16)] uint16 *trusted_domain_name,
+               [in,ref] [string,charset(UTF16)] uint16 *computer_name,
                 [in,ref] netr_Authenticator *credential,
                 [out,ref] netr_Authenticator *return_authenticator,
                 [in] uint32 flags,
@@ -1495,10 +1743,83 @@ interface netlogon
                 [in]  uint16 validation_level,
                 [out,ref] [switch_is(validation_level)] netr_Validation *validation,
                 [out,ref] uint8 *authoritative,
-               [in,out,ref] uint32 *flags
+               [in,out,ref] netr_LogonSamLogon_flags *flags
                 );
  
         /****************/
         /* Function 0x2e */
-       [todo] WERROR netr_NETRSERVERGETTRUSTINFO();
+
+       typedef struct {
+               uint32 count;
+               [size_is(count)] uint32 *data;
+               uint32 entry_count;
+               [size_is(count)] lsa_String *entries;
+       } netr_TrustInfo;
+
+       NTSTATUS netr_ServerGetTrustInfo(
+               [in,unique] [string,charset(UTF16)] uint16 *server_name,
+               [in,ref] [string,charset(UTF16)] uint16 *account_name,
+               [in] netr_SchannelType secure_channel_type,
+               [in,ref] [string,charset(UTF16)] uint16 *computer_name,
+               [in,ref] netr_Authenticator *credential,
+               [out,ref] netr_Authenticator *return_authenticator,
+               [out,ref] samr_Password *new_owf_password,
+               [out,ref] samr_Password *old_owf_password,
+               [out,ref] netr_TrustInfo **trust_info
+               );
+
+       /****************/
+       /* Function 0x2f */
+
+       NTSTATUS netr_Unused47(void);
+
+
+       /****************/
+       /* Function 0x30 */
+
+       typedef enum {
+               NlDnsLdapAtSite       = 22,
+               NlDnsGcAtSite         = 25,
+               NlDnsDsaCname         = 28,
+               NlDnsKdcAtSite        = 30,
+               NlDnsDcAtSite         = 32,
+               NlDnsRfc1510KdcAtSite = 34,
+               NlDnsGenericGcAtSite  = 36
+       } netr_DnsType;
+
+       typedef enum {
+               NlDnsInfoTypeNone    = 0,
+               NlDnsDomainName      = 1,
+               NlDnsDomainNameAlias = 2,
+               NlDnsForestName      = 3,
+               NlDnsForestNameAlias = 4,
+               NlDnsNdncDomainName  = 5,
+               NlDnsRecordName      = 6
+       } netr_DnsDomainInfoType;
+
+       typedef struct {
+               netr_DnsType type;
+               [string,charset(UTF16)] uint16 *dns_domain_info;
+               netr_DnsDomainInfoType dns_domain_info_type;
+               uint32 priority;
+               uint32 weight;
+               uint32 port;
+               boolean32 dns_register;
+               uint32 status;
+       } NL_DNS_NAME_INFO;
+
+       typedef [public] struct {
+               uint32 count;
+               [size_is(count)] NL_DNS_NAME_INFO *names;
+       } NL_DNS_NAME_INFO_ARRAY;
+
+       NTSTATUS netr_DsrUpdateReadOnlyServerDnsRecords(
+               [in,unique] [string,charset(UTF16)] uint16 *server_name,
+               [in,ref] [string,charset(UTF16)] uint16 *computer_name,
+               [in, ref] netr_Authenticator *credential,
+               [out,ref]   netr_Authenticator *return_authenticator,
+               [in,unique] [string,charset(UTF16)] uint16 *site_name,
+               [in] uint32 dns_ttl,
+               [in,out,ref] NL_DNS_NAME_INFO_ARRAY *dns_names
+               );
  }