librpc/idl/lsa.idl

   1 #include "idl_types.h"
   2
   3 /*
   4   lsa interface definition
   5 */
   6
   7 import "misc.idl", "security.idl";
   8
   9 [ uuid("12345778-1234-abcd-ef00-0123456789ab"),
  10   version(0.0),
  11   endpoint("ncacn_np:[\\pipe\\lsarpc]","ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:", "ncalrpc:"),
  12   pyhelper("librpc/ndr/py_lsa.c"),
  13   pointer_default(unique),
  14   helpstring("Local Security Authority")
  15 ] interface lsarpc
  16 {
  17         typedef bitmap security_secinfo security_secinfo;
  18         typedef bitmap kerb_EncTypes kerb_EncTypes;
  19
  20         typedef [public] struct {
  21                 [value(2*strlen_m(string))] uint16 length;
  22                 [value(2*strlen_m(string))] uint16 size;
  23                 [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
  24         } lsa_String;
  25
  26         typedef [public] struct {
  27                 [value(2*strlen_m(string))] uint16 length;
  28                 [value(2*strlen_m_term(string))] uint16 size;
  29                 [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
  30         } lsa_StringLarge;
  31
  32         typedef [public] struct {
  33                 uint32 count;
  34                 [size_is(count)] lsa_String *names;
  35         } lsa_Strings;
  36
  37         typedef [public] struct {
  38                 [value(strlen_m(string))] uint16 length;
  39                 [value(strlen_m(string))] uint16 size;
  40                 [charset(DOS),size_is(size),length_is(length)] uint8 *string;
  41         } lsa_AsciiString;
  42
  43         typedef [public] struct {
  44                 [value(strlen_m(string))] uint16 length;
  45                 [value(strlen_m_term(string))] uint16 size;
  46                 [charset(DOS),size_is(size),length_is(length)] uint8 *string;
  47         } lsa_AsciiStringLarge;
  48
  49         typedef [public] struct {
  50                 uint16 length;
  51                 uint16 size;
  52                 [size_is(size/2),length_is(length/2)] uint16 *array;
  53         } lsa_BinaryString;
  54
  55         /******************/
  56         /* Function: 0x00 */
  57         NTSTATUS lsa_Close (
  58                 [in,out]     policy_handle *handle
  59                 );
  60
  61
  62         /******************/
  63         /* Function: 0x01 */
  64         [public] NTSTATUS lsa_Delete (
  65                 [in]     policy_handle *handle
  66                 );
  67
  68
  69         /******************/
  70         /* Function: 0x02 */
  71         typedef struct {
  72                 uint32 low;
  73                 uint32 high;
  74         } lsa_LUID;
  75
  76         typedef struct {
  77                 lsa_StringLarge name;
  78                 lsa_LUID luid;
  79         } lsa_PrivEntry;
  80
  81         typedef struct {
  82                 uint32 count;
  83                 [size_is(count)] lsa_PrivEntry *privs;
  84         } lsa_PrivArray;
  85
  86         [public] NTSTATUS lsa_EnumPrivs (
  87                 [in]            policy_handle *handle,
  88                 [in,out,ref]    uint32 *resume_handle,
  89                 [out,ref]       lsa_PrivArray *privs,
  90                 [in]            uint32 max_count
  91                 );
  92
  93         /******************/
  94         /* Function: 0x03 */
  95         NTSTATUS lsa_QuerySecurity (
  96                 [in]            policy_handle *handle,
  97                 [in]            security_secinfo sec_info,
  98                 [out,ref]       sec_desc_buf **sdbuf
  99                 );
 100
 101         /******************/
 102         /* Function: 0x04 */
 103         NTSTATUS lsa_SetSecObj(
 104                 [in]            policy_handle *handle,
 105                 [in]            security_secinfo sec_info,
 106                 [in,ref]        sec_desc_buf *sdbuf
 107                 );
 108
 109         /******************/
 110         /* Function: 0x05 */
 111         [todo] NTSTATUS lsa_ChangePassword ();
 112
 113
 114         /******************/
 115         /* Function: 0x06 */
 116
 117         typedef enum {
 118                 LSA_SECURITY_ANONYMOUS                  = 0,
 119                 LSA_SECURITY_IDENTIFICATION             = 1,
 120                 LSA_SECURITY_IMPERSONATION              = 2,
 121                 LSA_SECURITY_DELEGATION                 = 3
 122         } lsa_SecurityImpersonationLevel;
 123
 124         typedef struct {
 125                 uint3264  len; /* ignored */
 126                 lsa_SecurityImpersonationLevel  impersonation_level;
 127                 uint8   context_mode;
 128                 uint8   effective_only;
 129         } lsa_QosInfo;
 130
 131         typedef struct {
 132                 uint3264 len; /* ignored */
 133                 uint8 *root_dir;
 134                 [string,charset(UTF16)] uint16 *object_name;
 135                 uint32 attributes;
 136                 security_descriptor *sec_desc;
 137                 lsa_QosInfo *sec_qos;
 138         } lsa_ObjectAttribute;
 139
 140         typedef [public,bitmap32bit] bitmap {
 141                 LSA_POLICY_VIEW_LOCAL_INFORMATION       = 0x00000001,
 142                 LSA_POLICY_VIEW_AUDIT_INFORMATION       = 0x00000002,
 143                 LSA_POLICY_GET_PRIVATE_INFORMATION      = 0x00000004,
 144                 LSA_POLICY_TRUST_ADMIN                  = 0x00000008,
 145                 LSA_POLICY_CREATE_ACCOUNT               = 0x00000010,
 146                 LSA_POLICY_CREATE_SECRET                = 0x00000020,
 147                 LSA_POLICY_CREATE_PRIVILEGE             = 0x00000040,
 148                 LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS     = 0x00000080,
 149                 LSA_POLICY_SET_AUDIT_REQUIREMENTS       = 0x00000100,
 150                 LSA_POLICY_AUDIT_LOG_ADMIN              = 0x00000200,
 151                 LSA_POLICY_SERVER_ADMIN                 = 0x00000400,
 152                 LSA_POLICY_LOOKUP_NAMES                 = 0x00000800,
 153                 LSA_POLICY_NOTIFICATION                 = 0x00001000
 154         } lsa_PolicyAccessMask;
 155
 156         const int LSA_POLICY_ALL_ACCESS =
 157                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
 158                 LSA_POLICY_VIEW_LOCAL_INFORMATION       |
 159                 LSA_POLICY_VIEW_AUDIT_INFORMATION       |
 160                 LSA_POLICY_GET_PRIVATE_INFORMATION      |
 161                 LSA_POLICY_TRUST_ADMIN                  |
 162                 LSA_POLICY_CREATE_ACCOUNT               |
 163                 LSA_POLICY_CREATE_SECRET                |
 164                 LSA_POLICY_CREATE_PRIVILEGE             |
 165                 LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS     |
 166                 LSA_POLICY_SET_AUDIT_REQUIREMENTS       |
 167                 LSA_POLICY_AUDIT_LOG_ADMIN              |
 168                 LSA_POLICY_SERVER_ADMIN                 |
 169                 LSA_POLICY_LOOKUP_NAMES                 |
 170                 LSA_POLICY_NOTIFICATION);
 171
 172         const int LSA_POLICY_READ =
 173                 (STANDARD_RIGHTS_READ_ACCESS            |
 174                 LSA_POLICY_VIEW_LOCAL_INFORMATION       |
 175                 LSA_POLICY_VIEW_AUDIT_INFORMATION       |
 176                 LSA_POLICY_GET_PRIVATE_INFORMATION);
 177
 178         const int LSA_POLICY_WRITE =
 179                 (STANDARD_RIGHTS_READ_ACCESS            |
 180                 LSA_POLICY_TRUST_ADMIN                  |
 181                 LSA_POLICY_CREATE_ACCOUNT               |
 182                 LSA_POLICY_CREATE_SECRET                |
 183                 LSA_POLICY_CREATE_PRIVILEGE             |
 184                 LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS     |
 185                 LSA_POLICY_SET_AUDIT_REQUIREMENTS       |
 186                 LSA_POLICY_AUDIT_LOG_ADMIN              |
 187                 LSA_POLICY_SERVER_ADMIN);
 188
 189         const int LSA_POLICY_EXECUTE =
 190                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
 191                 LSA_POLICY_VIEW_LOCAL_INFORMATION       |
 192                 LSA_POLICY_LOOKUP_NAMES);
 193
 194         typedef [public,bitmap32bit] bitmap {
 195                 LSA_ACCOUNT_VIEW                        = 0x00000001,
 196                 LSA_ACCOUNT_ADJUST_PRIVILEGES           = 0x00000002,
 197                 LSA_ACCOUNT_ADJUST_QUOTAS               = 0x00000004,
 198                 LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS        = 0x00000008
 199         } lsa_AccountAccessMask;
 200
 201         const int LSA_ACCOUNT_ALL_ACCESS =
 202                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
 203                 LSA_ACCOUNT_VIEW                        |
 204                 LSA_ACCOUNT_ADJUST_PRIVILEGES           |
 205                 LSA_ACCOUNT_ADJUST_QUOTAS               |
 206                 LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS);
 207
 208         const int LSA_ACCOUNT_READ =
 209                 (STANDARD_RIGHTS_READ_ACCESS            |
 210                 LSA_ACCOUNT_VIEW);
 211
 212         const int LSA_ACCOUNT_WRITE =
 213                 (STANDARD_RIGHTS_READ_ACCESS            |
 214                 LSA_ACCOUNT_ADJUST_PRIVILEGES           |
 215                 LSA_ACCOUNT_ADJUST_QUOTAS               |
 216                 LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS);
 217
 218         const int LSA_ACCOUNT_EXECUTE =
 219                 (STANDARD_RIGHTS_EXECUTE_ACCESS);
 220
 221         typedef [public,bitmap32bit] bitmap {
 222                 LSA_SECRET_SET_VALUE                    = 0x00000001,
 223                 LSA_SECRET_QUERY_VALUE                  = 0x00000002
 224         } lsa_SecretAccessMask;
 225
 226         const int LSA_SECRET_ALL_ACCESS =
 227                 (LSA_SECRET_QUERY_VALUE |
 228                  LSA_SECRET_SET_VALUE |
 229                  SEC_STD_DELETE |
 230                  STANDARD_RIGHTS_READ_ACCESS |
 231                  SEC_STD_WRITE_DAC |
 232                  SEC_STD_WRITE_OWNER); /* 0x000F0003 */
 233
 234         const int LSA_SECRET_READ =
 235                 (LSA_SECRET_QUERY_VALUE |
 236                 STANDARD_RIGHTS_READ_ACCESS); /* 0x00020002 */
 237
 238         const int LSA_SECRET_WRITE =
 239                 (LSA_SECRET_SET_VALUE |
 240                 STANDARD_RIGHTS_READ_ACCESS); /* 0x00020001 */
 241
 242         const int LSA_SECRET_EXECUTE =
 243                 (STANDARD_RIGHTS_READ_ACCESS); /* 0x00020000 */
 244
 245         typedef [public,bitmap32bit] bitmap {
 246                 LSA_TRUSTED_QUERY_DOMAIN_NAME           = 0x00000001,
 247                 LSA_TRUSTED_QUERY_CONTROLLERS           = 0x00000002,
 248                 LSA_TRUSTED_SET_CONTROLLERS             = 0x00000004,
 249                 LSA_TRUSTED_QUERY_POSIX                 = 0x00000008,
 250                 LSA_TRUSTED_SET_POSIX                   = 0x00000010,
 251                 LSA_TRUSTED_SET_AUTH                    = 0x00000020,
 252                 LSA_TRUSTED_QUERY_AUTH                  = 0x00000040
 253         } lsa_TrustedAccessMask;
 254
 255         const int LSA_TRUSTED_DOMAIN_ALL_ACCESS =
 256                 (LSA_TRUSTED_QUERY_DOMAIN_NAME |
 257                  LSA_TRUSTED_QUERY_CONTROLLERS |
 258                  LSA_TRUSTED_SET_CONTROLLERS |
 259                  LSA_TRUSTED_QUERY_POSIX |
 260                  LSA_TRUSTED_SET_POSIX |
 261                  LSA_TRUSTED_SET_AUTH |
 262                  LSA_TRUSTED_QUERY_AUTH |
 263                  SEC_STD_DELETE |
 264                  STANDARD_RIGHTS_READ_ACCESS |
 265                  SEC_STD_WRITE_DAC |
 266                  SEC_STD_WRITE_OWNER); /* 0x000F007F */
 267
 268         const int LSA_TRUSTED_DOMAIN_READ =
 269                 (LSA_TRUSTED_QUERY_DOMAIN_NAME |
 270                  STANDARD_RIGHTS_READ_ACCESS); /* 0x00020001 */
 271
 272         const int LSA_TRUSTED_DOMAIN_WRITE =
 273                 (LSA_TRUSTED_SET_CONTROLLERS |
 274                  LSA_TRUSTED_SET_POSIX |
 275                  LSA_TRUSTED_SET_AUTH |
 276                  STANDARD_RIGHTS_READ_ACCESS); /* 0x00020034 */
 277
 278         const int LSA_TRUSTED_DOMAIN_EXECUTE =
 279                 (LSA_TRUSTED_QUERY_DOMAIN_NAME |
 280                  LSA_TRUSTED_QUERY_POSIX |
 281                  STANDARD_RIGHTS_READ_ACCESS); /* 0x0002000C */
 282
 283
 284         /* notice the screwup with the system_name - that's why MS created
 285            OpenPolicy2 */
 286         [public] NTSTATUS lsa_OpenPolicy (
 287                 [in,unique]       uint16 *system_name,
 288                 [in]   lsa_ObjectAttribute *attr,
 289                 [in]   lsa_PolicyAccessMask access_mask,
 290                 [out]  policy_handle *handle
 291                 );
 292
 293
 294
 295         /******************/
 296         /* Function: 0x07 */
 297
 298         typedef struct {
 299                 uint32 percent_full;
 300                 uint32 maximum_log_size;
 301                 hyper  retention_time;
 302                 uint8  shutdown_in_progress;
 303                 hyper  time_to_shutdown;
 304                 uint32 next_audit_record;
 305         } lsa_AuditLogInfo;
 306
 307         typedef [v1_enum] enum {
 308                 LSA_AUDIT_POLICY_NONE=0,
 309                 LSA_AUDIT_POLICY_SUCCESS=1,
 310                 LSA_AUDIT_POLICY_FAILURE=2,
 311                 LSA_AUDIT_POLICY_ALL=(LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE),
 312                 LSA_AUDIT_POLICY_CLEAR=4
 313         } lsa_PolicyAuditPolicy;
 314
 315         typedef enum {
 316                 LSA_AUDIT_CATEGORY_SYSTEM = 0,
 317                 LSA_AUDIT_CATEGORY_LOGON = 1,
 318                 LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS = 2,
 319                 LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS = 3,
 320                 LSA_AUDIT_CATEGORY_PROCCESS_TRACKING = 4,
 321                 LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES = 5,
 322                 LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT = 6,
 323                 LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS = 7,        /* only in win2k/2k3 */
 324                 LSA_AUDIT_CATEGORY_ACCOUNT_LOGON = 8                    /* only in win2k/2k3 */
 325         } lsa_PolicyAuditEventType;
 326
 327         typedef struct {
 328                 uint32 auditing_mode;
 329                 [size_is(count)] lsa_PolicyAuditPolicy *settings;
 330                 uint32 count;
 331         } lsa_AuditEventsInfo;
 332
 333         typedef struct {
 334                 lsa_StringLarge name;
 335                 dom_sid2 *sid;
 336         } lsa_DomainInfo;
 337
 338         typedef struct {
 339                 lsa_String name;
 340         } lsa_PDAccountInfo;
 341
 342         typedef [v1_enum] enum {
 343                 LSA_ROLE_BACKUP=2,
 344                 LSA_ROLE_PRIMARY=3
 345         } lsa_Role;
 346
 347         typedef struct {
 348                 lsa_Role role;
 349         } lsa_ServerRole;
 350
 351         typedef struct {
 352                 lsa_String source;
 353                 lsa_String account;
 354         } lsa_ReplicaSourceInfo;
 355
 356         typedef struct {
 357                 uint32 paged_pool;
 358                 uint32 non_paged_pool;
 359                 uint32 min_wss;
 360                 uint32 max_wss;
 361                 uint32 pagefile;
 362                 hyper unknown;
 363         } lsa_DefaultQuotaInfo;
 364
 365         typedef struct {
 366                 hyper modified_id;
 367                 NTTIME_hyper db_create_time;
 368         } lsa_ModificationInfo;
 369
 370         typedef struct {
 371                 uint8 shutdown_on_full;
 372         } lsa_AuditFullSetInfo;
 373
 374         typedef struct {
 375                 uint8 shutdown_on_full;
 376                 uint8 log_is_full;
 377         } lsa_AuditFullQueryInfo;
 378
 379         typedef [public] struct {
 380                 /* it's important that we use the lsa_StringLarge here,
 381                  * because otherwise windows clients result with such dns hostnames
 382                  * e.g. w2k3-client.samba4.samba.orgsamba4.samba.org
 383                  * where it should be
 384                  *      w2k3-client.samba4.samba.org
 385                  */
 386                 lsa_StringLarge name;
 387                 lsa_StringLarge dns_domain;
 388                 lsa_StringLarge dns_forest;
 389                 GUID domain_guid;
 390                 dom_sid2 *sid;
 391         } lsa_DnsDomainInfo;
 392
 393         typedef enum {
 394                 LSA_POLICY_INFO_AUDIT_LOG=1,
 395                 LSA_POLICY_INFO_AUDIT_EVENTS=2,
 396                 LSA_POLICY_INFO_DOMAIN=3,
 397                 LSA_POLICY_INFO_PD=4,
 398                 LSA_POLICY_INFO_ACCOUNT_DOMAIN=5,
 399                 LSA_POLICY_INFO_ROLE=6,
 400                 LSA_POLICY_INFO_REPLICA=7,
 401                 LSA_POLICY_INFO_QUOTA=8,
 402                 LSA_POLICY_INFO_MOD=9,
 403                 LSA_POLICY_INFO_AUDIT_FULL_SET=10,
 404                 LSA_POLICY_INFO_AUDIT_FULL_QUERY=11,
 405                 LSA_POLICY_INFO_DNS=12,
 406                 LSA_POLICY_INFO_DNS_INT=13,
 407                 LSA_POLICY_INFO_L_ACCOUNT_DOMAIN=14
 408         } lsa_PolicyInfo;
 409
 410         typedef [switch_type(uint16)] union {
 411                 [case(LSA_POLICY_INFO_AUDIT_LOG)]        lsa_AuditLogInfo       audit_log;
 412                 [case(LSA_POLICY_INFO_AUDIT_EVENTS)]     lsa_AuditEventsInfo    audit_events;
 413                 [case(LSA_POLICY_INFO_DOMAIN)]           lsa_DomainInfo         domain;
 414                 [case(LSA_POLICY_INFO_PD)]               lsa_PDAccountInfo      pd;
 415                 [case(LSA_POLICY_INFO_ACCOUNT_DOMAIN)]   lsa_DomainInfo         account_domain;
 416                 [case(LSA_POLICY_INFO_ROLE)]             lsa_ServerRole         role;
 417                 [case(LSA_POLICY_INFO_REPLICA)]          lsa_ReplicaSourceInfo  replica;
 418                 [case(LSA_POLICY_INFO_QUOTA)]            lsa_DefaultQuotaInfo   quota;
 419                 [case(LSA_POLICY_INFO_MOD)]              lsa_ModificationInfo   mod;
 420                 [case(LSA_POLICY_INFO_AUDIT_FULL_SET)]   lsa_AuditFullSetInfo   auditfullset;
 421                 [case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery;
 422                 [case(LSA_POLICY_INFO_DNS)]              lsa_DnsDomainInfo      dns;
 423                 [case(LSA_POLICY_INFO_DNS_INT)]          lsa_DnsDomainInfo      dns_int;
 424                 [case(LSA_POLICY_INFO_L_ACCOUNT_DOMAIN)] lsa_DomainInfo         l_account_domain;
 425         } lsa_PolicyInformation;
 426
 427         NTSTATUS lsa_QueryInfoPolicy(
 428                 [in]                            policy_handle *handle,
 429                 [in]                            lsa_PolicyInfo level,
 430                 [out,ref,switch_is(level)]      lsa_PolicyInformation **info
 431                 );
 432
 433         /******************/
 434         /* Function:       0x08 */
 435         NTSTATUS lsa_SetInfoPolicy (
 436                 [in]                            policy_handle *handle,
 437                 [in]                            lsa_PolicyInfo level,
 438                 [in,switch_is(level)]           lsa_PolicyInformation *info
 439                 );
 440
 441         /******************/
 442         /* Function:       0x09 */
 443         [todo] NTSTATUS lsa_ClearAuditLog ();
 444
 445         /******************/
 446         /* Function: 0x0a */
 447         [public] NTSTATUS lsa_CreateAccount (
 448                 [in]    policy_handle *handle,
 449                 [in,ref] dom_sid2 *sid,
 450                 [in]    lsa_AccountAccessMask access_mask,
 451                 [out]   policy_handle *acct_handle
 452                 );
 453
 454         /******************/
 455         /* NOTE: This only returns accounts that have at least
 456            one privilege set
 457         */
 458         /* Function: 0x0b */
 459         typedef struct {
 460                 dom_sid2 *sid;
 461         } lsa_SidPtr;
 462
 463         typedef [public] struct {
 464                 [range(0,20480)] uint32 num_sids;
 465                 [size_is(num_sids)] lsa_SidPtr *sids;
 466         } lsa_SidArray;
 467
 468         [public] NTSTATUS lsa_EnumAccounts(
 469                 [in]         policy_handle *handle,
 470                 [in,out,ref] uint32 *resume_handle,
 471                 [out,ref]    lsa_SidArray *sids,
 472                 [in,range(0,8192)] uint32 num_entries
 473                 );
 474
 475         /*************************************************/
 476         /* Function: 0x0c                                */
 477
 478         [public] NTSTATUS lsa_CreateTrustedDomain(
 479                 [in]         policy_handle *policy_handle,
 480                 [in]         lsa_DomainInfo *info,
 481                 [in]         lsa_TrustedAccessMask access_mask,
 482                 [out]        policy_handle *trustdom_handle
 483                 );
 484
 485
 486         /******************/
 487         /* Function: 0x0d */
 488
 489         /* w2k3 treats max_size as max_domains*60       */
 490         const int LSA_ENUM_TRUST_DOMAIN_MULTIPLIER = 60;
 491
 492         typedef struct {
 493                 uint32 count;
 494                 [size_is(count)] lsa_DomainInfo *domains;
 495         } lsa_DomainList;
 496
 497         NTSTATUS lsa_EnumTrustDom(
 498                 [in]               policy_handle *handle,
 499                 [in,out,ref]       uint32 *resume_handle,
 500                 [out,ref]          lsa_DomainList *domains,
 501                 [in]               uint32 max_size
 502                 );
 503
 504
 505         /******************/
 506         /* Function: 0x0e */
 507         typedef [public] enum {
 508                 SID_NAME_USE_NONE = 0,/* NOTUSED */
 509                 SID_NAME_USER     = 1, /* user */
 510                 SID_NAME_DOM_GRP  = 2, /* domain group */
 511                 SID_NAME_DOMAIN   = 3, /* domain: don't know what this is */
 512                 SID_NAME_ALIAS    = 4, /* local group */
 513                 SID_NAME_WKN_GRP  = 5, /* well-known group */
 514                 SID_NAME_DELETED  = 6, /* deleted account: needed for c2 rating */
 515                 SID_NAME_INVALID  = 7, /* invalid account */
 516                 SID_NAME_UNKNOWN  = 8, /* oops. */
 517                 SID_NAME_COMPUTER = 9, /* machine */
 518                 SID_NAME_LABEL    = 10 /* Mandatory Label */
 519         } lsa_SidType;
 520
 521         typedef struct {
 522                 lsa_SidType sid_type;
 523                 uint32 rid;
 524                 uint32 sid_index;
 525         } lsa_TranslatedSid;
 526
 527         typedef struct {
 528                 [range(0,1000)] uint32 count;
 529                 [size_is(count)] lsa_TranslatedSid *sids;
 530         } lsa_TransSidArray;
 531
 532         const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32;
 533         typedef [public] struct {
 534                 [range(0,1000)] uint32 count;
 535                 [size_is(count)] lsa_DomainInfo *domains;
 536                 uint32 max_size;
 537         } lsa_RefDomainList;
 538
 539         /* Level 1: Ask everywhere
 540          * Level 2: Ask domain and trusted domains, no builtin and wkn
 541          * Level 3: Only ask domain
 542          * Level 4: W2k3ad: Only ask AD trusts
 543          * Level 5: Only ask transitive forest trusts
 544          * Level 6: Like 4
 545          */
 546
 547         typedef [public] enum {
 548                 LSA_LOOKUP_NAMES_ALL = 1,
 549                 LSA_LOOKUP_NAMES_DOMAINS_ONLY = 2,
 550                 LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3,
 551                 LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY = 4,
 552                 LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY = 5,
 553                 LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6,
 554                 LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC = 7
 555         } lsa_LookupNamesLevel;
 556
 557         [public] NTSTATUS lsa_LookupNames (
 558                 [in]         policy_handle *handle,
 559                 [in,range(0,1000)] uint32 num_names,
 560                 [in,size_is(num_names)]  lsa_String names[],
 561                 [out,ref]    lsa_RefDomainList **domains,
 562                 [in,out,ref] lsa_TransSidArray *sids,
 563                 [in]         lsa_LookupNamesLevel level,
 564                 [in,out,ref] uint32 *count
 565                 );
 566
 567
 568         /******************/
 569         /* Function: 0x0f */
 570
 571         typedef struct {
 572                 lsa_SidType sid_type;
 573                 lsa_String name;
 574                 uint32 sid_index;
 575         } lsa_TranslatedName;
 576
 577         typedef [public] struct {
 578                 [range(0,20480)] uint32 count;
 579                 [size_is(count)] lsa_TranslatedName *names;
 580         } lsa_TransNameArray;
 581
 582         [public] NTSTATUS lsa_LookupSids(
 583                 [in]         policy_handle *handle,
 584                 [in,ref]     lsa_SidArray *sids,
 585                 [out,ref]    lsa_RefDomainList **domains,
 586                 [in,out,ref] lsa_TransNameArray *names,
 587                 [in]         lsa_LookupNamesLevel level,
 588                 [in,out,ref] uint32 *count
 589                 );
 590
 591
 592         /* Function:        0x10 */
 593         [public] NTSTATUS lsa_CreateSecret(
 594                 [in]         policy_handle *handle,
 595                 [in]         lsa_String       name,
 596                 [in]         lsa_SecretAccessMask access_mask,
 597                 [out]        policy_handle *sec_handle
 598                 );
 599
 600
 601         /*****************************************/
 602         /* Function:     0x11                    */
 603         NTSTATUS lsa_OpenAccount(
 604                 [in]         policy_handle *handle,
 605                 [in,ref]     dom_sid2 *sid,
 606                 [in]         lsa_AccountAccessMask access_mask,
 607                 [out]        policy_handle *acct_handle
 608                 );
 609
 610
 611         /****************************************/
 612         /* Function:    0x12                    */
 613
 614         typedef struct {
 615                 lsa_LUID luid;
 616                 uint32 attribute;
 617         } lsa_LUIDAttribute;
 618
 619         typedef struct {
 620                 [range(0,1000)] uint32 count;
 621                 uint32 unknown;
 622                 [size_is(count)] lsa_LUIDAttribute set[*];
 623         } lsa_PrivilegeSet;
 624
 625         NTSTATUS lsa_EnumPrivsAccount(
 626                 [in]         policy_handle *handle,
 627                 [out,ref] lsa_PrivilegeSet **privs
 628                 );
 629
 630
 631         /****************************************/
 632         /* Function:            0x13 */
 633         NTSTATUS lsa_AddPrivilegesToAccount(
 634                 [in]         policy_handle *handle,
 635                 [in,ref]     lsa_PrivilegeSet *privs
 636                 );
 637
 638
 639         /****************************************/
 640         /* Function:         0x14 */
 641         NTSTATUS lsa_RemovePrivilegesFromAccount(
 642                 [in]         policy_handle *handle,
 643                 [in]         uint8 remove_all,
 644                 [in,unique]  lsa_PrivilegeSet *privs
 645                 );
 646
 647         /* Function:           0x15 */
 648         [todo] NTSTATUS lsa_GetQuotasForAccount();
 649
 650         /* Function:           0x16 */
 651         [todo] NTSTATUS lsa_SetQuotasForAccount();
 652
 653         /* Function:    0x17 */
 654         NTSTATUS lsa_GetSystemAccessAccount(
 655                 [in]      policy_handle *handle,
 656                 [out,ref] lsa_AccountAccessMask *access_mask
 657                 );
 658
 659         /* Function:    0x18 */
 660         NTSTATUS lsa_SetSystemAccessAccount(
 661                 [in] policy_handle *handle,
 662                 [in] lsa_AccountAccessMask access_mask
 663                 );
 664
 665         /* Function:        0x19 */
 666         NTSTATUS lsa_OpenTrustedDomain(
 667                 [in]     policy_handle *handle,
 668                 [in]     dom_sid2      *sid,
 669                 [in]     lsa_TrustedAccessMask access_mask,
 670                 [out]    policy_handle *trustdom_handle
 671                 );
 672
 673         typedef [flag(NDR_PAHEX)] struct {
 674                 uint3264 length;
 675                 uint3264 size;
 676                 [size_is(size),length_is(length)] uint8 *data;
 677         } lsa_DATA_BUF;
 678
 679         typedef [flag(NDR_PAHEX)] struct {
 680                 [range(0,65536)] uint32 size;
 681                 [size_is(size)] uint8 *data;
 682         } lsa_DATA_BUF2;
 683
 684         typedef enum {
 685                 LSA_TRUSTED_DOMAIN_INFO_NAME                  = 1,
 686                 LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS           = 2,
 687                 LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET          = 3,
 688                 LSA_TRUSTED_DOMAIN_INFO_PASSWORD              = 4,
 689                 LSA_TRUSTED_DOMAIN_INFO_BASIC                 = 5,
 690                 LSA_TRUSTED_DOMAIN_INFO_INFO_EX               = 6,
 691                 LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO             = 7,
 692                 LSA_TRUSTED_DOMAIN_INFO_FULL_INFO             = 8,
 693                 LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL    = 9,
 694                 LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL    = 10,
 695                 LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL     = 11,
 696                 LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL  = 12,
 697                 LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES = 13,
 698                 LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL_AES= 14,
 699                 LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL_AES= 15
 700         } lsa_TrustDomInfoEnum;
 701
 702         typedef [public,bitmap32bit] bitmap {
 703                 LSA_TRUST_DIRECTION_INBOUND  = 0x00000001,
 704                 LSA_TRUST_DIRECTION_OUTBOUND = 0x00000002
 705         } lsa_TrustDirection;
 706
 707         typedef [public,v1_enum] enum {
 708                 LSA_TRUST_TYPE_DOWNLEVEL  = 0x00000001,
 709                 LSA_TRUST_TYPE_UPLEVEL    = 0x00000002,
 710                 LSA_TRUST_TYPE_MIT        = 0x00000003,
 711                 LSA_TRUST_TYPE_DCE        = 0x00000004
 712         } lsa_TrustType;
 713
 714         typedef [public,bitmap32bit] bitmap {
 715                 LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE                              = 0x00000001,
 716                 LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY                                = 0x00000002,
 717                 LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN                          = 0x00000004,
 718                 LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE                           = 0x00000008,
 719                 LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION                          = 0x00000010,
 720                 LSA_TRUST_ATTRIBUTE_WITHIN_FOREST                               = 0x00000020,
 721                 LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL                           = 0x00000040,
 722                 LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION                         = 0x00000080,
 723                 LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION        = 0x00000200,
 724                 LSA_TRUST_ATTRIBUTE_PIM_TRUST                                   = 0x00000400,
 725                 LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION    = 0x00000800
 726         } lsa_TrustAttributes;
 727
 728         typedef struct {
 729                 lsa_StringLarge  netbios_name;
 730         } lsa_TrustDomainInfoName;
 731
 732
 733         typedef struct {
 734                 uint32 entries;
 735                 [size_is(entries)] lsa_StringLarge  *netbios_names;
 736         } lsa_TrustDomainInfoControllers;
 737
 738         typedef struct {
 739                 uint32         posix_offset;
 740         } lsa_TrustDomainInfoPosixOffset;
 741
 742         typedef struct {
 743                 lsa_DATA_BUF  *password;
 744                 lsa_DATA_BUF  *old_password;
 745         } lsa_TrustDomainInfoPassword;
 746
 747         typedef struct {
 748                 lsa_String     netbios_name;
 749                 dom_sid2      *sid;
 750         } lsa_TrustDomainInfoBasic;
 751
 752         typedef [public] struct {
 753                 lsa_StringLarge     domain_name;
 754                 lsa_StringLarge     netbios_name;
 755                 dom_sid2           *sid;
 756                 lsa_TrustDirection  trust_direction;
 757                 lsa_TrustType       trust_type;
 758                 lsa_TrustAttributes trust_attributes;
 759         } lsa_TrustDomainInfoInfoEx;
 760
 761         typedef [public,v1_enum] enum {
 762                 TRUST_AUTH_TYPE_NONE = 0,
 763                 TRUST_AUTH_TYPE_NT4OWF = 1,
 764                 TRUST_AUTH_TYPE_CLEAR = 2,
 765                 TRUST_AUTH_TYPE_VERSION = 3
 766         } lsa_TrustAuthType;
 767
 768         typedef struct {
 769                 NTTIME_hyper   last_update_time;
 770                 lsa_TrustAuthType AuthType;
 771                 lsa_DATA_BUF2  data;
 772         } lsa_TrustDomainInfoBuffer;
 773
 774         typedef [public] struct {
 775                 uint32 incoming_count;
 776                 lsa_TrustDomainInfoBuffer *incoming_current_auth_info;
 777                 lsa_TrustDomainInfoBuffer *incoming_previous_auth_info;
 778                 uint32 outgoing_count;
 779                 lsa_TrustDomainInfoBuffer *outgoing_current_auth_info;
 780                 lsa_TrustDomainInfoBuffer *outgoing_previous_auth_info;
 781         } lsa_TrustDomainInfoAuthInfo;
 782
 783         typedef struct {
 784                 lsa_TrustDomainInfoInfoEx      info_ex;
 785                 lsa_TrustDomainInfoPosixOffset posix_offset;
 786                 lsa_TrustDomainInfoAuthInfo    auth_info;
 787         } lsa_TrustDomainInfoFullInfo;
 788
 789         typedef struct {
 790                 lsa_DATA_BUF2                          auth_blob;
 791         } lsa_TrustDomainInfoAuthInfoInternal;
 792
 793         typedef struct {
 794                 lsa_TrustDomainInfoInfoEx              info_ex;
 795                 lsa_TrustDomainInfoPosixOffset         posix_offset;
 796                 lsa_TrustDomainInfoAuthInfoInternal    auth_info;
 797         } lsa_TrustDomainInfoFullInfoInternal;
 798
 799         typedef struct {
 800                 uint8 auth_data[64];
 801                 uint8 salt[16];
 802                 lsa_DATA_BUF2 cipher;
 803         } lsa_TrustDomainInfoAuthInfoInternalAES;
 804
 805         typedef struct {
 806                 lsa_TrustDomainInfoInfoEx              info_ex;
 807                 lsa_TrustDomainInfoPosixOffset         posix_offset;
 808                 lsa_TrustDomainInfoAuthInfoInternalAES auth_info;
 809         } lsa_TrustDomainInfoFullInfoInternalAES;
 810
 811         typedef struct {
 812                 lsa_TrustDomainInfoInfoEx      info_ex;
 813                 uint32 forest_trust_length;
 814                 [size_is(forest_trust_length)] uint8 *forest_trust_data;
 815         } lsa_TrustDomainInfoInfoEx2Internal;
 816
 817         typedef struct {
 818                 lsa_TrustDomainInfoInfoEx2Internal     info;
 819                 lsa_TrustDomainInfoPosixOffset posix_offset;
 820                 lsa_TrustDomainInfoAuthInfo    auth_info;
 821         } lsa_TrustDomainInfoFullInfo2Internal;
 822
 823         typedef struct {
 824                 kerb_EncTypes enc_types;
 825         } lsa_TrustDomainInfoSupportedEncTypes;
 826
 827         typedef [switch_type(lsa_TrustDomInfoEnum)] union {
 828                 [case(LSA_TRUSTED_DOMAIN_INFO_NAME)]
 829                         lsa_TrustDomainInfoName              name;
 830                 [case(LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS)]
 831                         lsa_TrustDomainInfoControllers   controllers;
 832                 [case(LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET)]
 833                         lsa_TrustDomainInfoPosixOffset       posix_offset;
 834                 [case(LSA_TRUSTED_DOMAIN_INFO_PASSWORD)]
 835                         lsa_TrustDomainInfoPassword          password;
 836                 [case(LSA_TRUSTED_DOMAIN_INFO_BASIC)]
 837                         lsa_TrustDomainInfoBasic             info_basic;
 838                 [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX)]
 839                         lsa_TrustDomainInfoInfoEx            info_ex;
 840                 [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO)]
 841                         lsa_TrustDomainInfoAuthInfo          auth_info;
 842                 [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)]
 843                         lsa_TrustDomainInfoFullInfo          full_info;
 844                 [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL)]
 845                         lsa_TrustDomainInfoAuthInfoInternal  auth_info_internal;
 846                 [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL)]
 847                         lsa_TrustDomainInfoFullInfoInternal  full_info_internal;
 848                 [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL)]
 849                         lsa_TrustDomainInfoInfoEx2Internal   info_ex2_internal;
 850                 [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL)]
 851                         lsa_TrustDomainInfoFullInfo2Internal     full_info2_internal;
 852                 [case(LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES)]
 853                         lsa_TrustDomainInfoSupportedEncTypes enc_types;
 854                 [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL_AES)]
 855                         lsa_TrustDomainInfoAuthInfoInternalAES auth_info_internal_aes;
 856                 [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL_AES)]
 857                         lsa_TrustDomainInfoFullInfoInternalAES full_info_internal_aes;
 858         } lsa_TrustedDomainInfo;
 859
 860         /* Function:       0x1a */
 861         NTSTATUS lsa_QueryTrustedDomainInfo(
 862                 [in]     policy_handle                   *trustdom_handle,
 863                 [in]     lsa_TrustDomInfoEnum             level,
 864                 [out,switch_is(level),ref] lsa_TrustedDomainInfo **info
 865                 );
 866
 867         /* Function:     0x1b */
 868         NTSTATUS lsa_SetInformationTrustedDomain(
 869                 [in]                  policy_handle         *trustdom_handle,
 870                 [in]                  lsa_TrustDomInfoEnum   level,
 871                 [in,switch_is(level)] lsa_TrustedDomainInfo *info
 872                 );
 873
 874         /* Function:          0x1c */
 875         [public] NTSTATUS lsa_OpenSecret(
 876                 [in]     policy_handle    *handle,
 877                 [in]         lsa_String        name,
 878                 [in]     lsa_SecretAccessMask access_mask,
 879                 [out]    policy_handle    *sec_handle
 880                 );
 881
 882         /* Function:           0x1d */
 883
 884         [public] NTSTATUS lsa_SetSecret(
 885                 [in]     policy_handle    *sec_handle,
 886                 [in,unique]         lsa_DATA_BUF     *new_val,
 887                 [in,unique]         lsa_DATA_BUF     *old_val
 888                 );
 889
 890         typedef struct {
 891                 lsa_DATA_BUF *buf;
 892         } lsa_DATA_BUF_PTR;
 893
 894         /* Function:         0x1e */
 895         [public] NTSTATUS lsa_QuerySecret (
 896                 [in]     policy_handle     *sec_handle,
 897                 [in,out,unique]     lsa_DATA_BUF_PTR  *new_val,
 898                 [in,out,unique]     NTTIME_hyper      *new_mtime,
 899                 [in,out,unique]     lsa_DATA_BUF_PTR  *old_val,
 900                 [in,out,unique]     NTTIME_hyper      *old_mtime
 901                 );
 902
 903         /* Function:     0x1f */
 904         NTSTATUS lsa_LookupPrivValue(
 905                 [in]     policy_handle *handle,
 906                 [in,ref] lsa_String *name,
 907                 [out,ref] lsa_LUID *luid
 908                 );
 909
 910
 911         /* Function:      0x20 */
 912         NTSTATUS lsa_LookupPrivName(
 913                 [in]     policy_handle *handle,
 914                 [in,ref] lsa_LUID *luid,
 915                 [out,ref] lsa_StringLarge **name
 916                 );
 917
 918
 919         /*******************/
 920         /* Function:  0x21 */
 921         NTSTATUS lsa_LookupPrivDisplayName(
 922                 [in] policy_handle *handle,
 923                 [in,ref] lsa_String *name,
 924                 [in] uint16 language_id,
 925                 [in] uint16 language_id_sys,
 926                 [out,ref] lsa_StringLarge **disp_name,
 927                 /* see http://www.microsoft.com/globaldev/nlsweb/ for
 928                    language definitions */
 929                 [out,ref] uint16 *returned_language_id
 930                 );
 931
 932         /*******************/
 933         /* Function:  0x22 */
 934         NTSTATUS lsa_DeleteObject (
 935                 [in,out]     policy_handle *handle
 936                 );
 937
 938         /*******************/
 939         /* Function:      0x23 */
 940         NTSTATUS lsa_EnumAccountsWithUserRight (
 941                 [in]     policy_handle *handle,
 942                 [in,unique]         lsa_String *name,
 943                 [out]    lsa_SidArray *sids
 944                 );
 945
 946         /* Function:      0x24 */
 947         typedef struct {
 948                 [string,charset(UTF16)] uint16 *name;
 949         } lsa_RightAttribute;
 950
 951         typedef struct {
 952                 [range(0,256)] uint32 count;
 953                 [size_is(count)] lsa_StringLarge *names;
 954         } lsa_RightSet;
 955
 956         NTSTATUS lsa_EnumAccountRights (
 957                 [in]     policy_handle *handle,
 958                 [in,ref] dom_sid2 *sid,
 959                 [out,ref] lsa_RightSet *rights
 960                 );
 961
 962
 963         /**********************/
 964         /* Function:       0x25 */
 965         NTSTATUS lsa_AddAccountRights (
 966                 [in]     policy_handle *handle,
 967                 [in,ref] dom_sid2 *sid,
 968                 [in,ref] lsa_RightSet *rights
 969                 );
 970
 971         /**********************/
 972         /* Function:       0x26 */
 973         NTSTATUS lsa_RemoveAccountRights (
 974                 [in]     policy_handle *handle,
 975                 [in,ref] dom_sid2 *sid,
 976                 [in]     uint8 remove_all,
 977                 [in,ref] lsa_RightSet *rights
 978                 );
 979
 980         /* Function:   0x27 */
 981         NTSTATUS lsa_QueryTrustedDomainInfoBySid(
 982                 [in]               policy_handle         *handle,
 983                 [in,ref]           dom_sid2              *dom_sid,
 984                 [in]               lsa_TrustDomInfoEnum  level,
 985                 [out,switch_is(level),ref] lsa_TrustedDomainInfo **info
 986         );
 987
 988         /* Function:     0x28 */
 989         NTSTATUS lsa_SetTrustedDomainInfo(
 990                 [in]               policy_handle         *handle,
 991                 [in]               dom_sid2              *dom_sid,
 992                 [in]               lsa_TrustDomInfoEnum  level,
 993                 [in,switch_is(level)] lsa_TrustedDomainInfo *info
 994         );
 995
 996         /* Function:      0x29 */
 997         NTSTATUS lsa_DeleteTrustedDomain(
 998                 [in]               policy_handle         *handle,
 999                 [in]               dom_sid2              *dom_sid
1000         );
1001
1002         /* Function:       0x2a */
1003         NTSTATUS lsa_StorePrivateData(
1004                 [in]            policy_handle   *handle,
1005                 [in,ref]        lsa_String      *name,
1006                 [in,unique]     lsa_DATA_BUF    *val
1007         );
1008
1009         /* Function:        0x2b */
1010         NTSTATUS lsa_RetrievePrivateData(
1011                 [in]            policy_handle   *handle,
1012                 [in,ref]        lsa_String      *name,
1013                 [in,out,ref]    lsa_DATA_BUF    **val
1014         );
1015
1016         /**********************/
1017         /* Function:     0x2c */
1018         [public] NTSTATUS lsa_OpenPolicy2 (
1019                 [in,unique]      [string,charset(UTF16)] uint16 *system_name,
1020                 [in]  lsa_ObjectAttribute *attr,
1021                 [in]  lsa_PolicyAccessMask access_mask,
1022                 [out] policy_handle *handle
1023                 );
1024
1025         /**********************/
1026         /* Function:     0x2d */
1027         NTSTATUS lsa_GetUserName(
1028                 [in,unique] [string,charset(UTF16)] uint16 *system_name,
1029                 [in,out,ref] lsa_String **account_name,
1030                 [in,out,unique] lsa_String **authority_name
1031                 );
1032
1033         /**********************/
1034         /* Function:          0x2e */
1035
1036         NTSTATUS lsa_QueryInfoPolicy2(
1037                 [in]                         policy_handle *handle,
1038                 [in]                         lsa_PolicyInfo level,
1039                 [out,ref,switch_is(level)]   lsa_PolicyInformation **info
1040                 );
1041
1042         /* Function 0x2f */
1043         NTSTATUS lsa_SetInfoPolicy2(
1044                 [in]                            policy_handle *handle,
1045                 [in]                            lsa_PolicyInfo level,
1046                 [in,switch_is(level)]           lsa_PolicyInformation *info
1047                 );
1048
1049         /**********************/
1050         /* Function 0x30 */
1051         NTSTATUS lsa_QueryTrustedDomainInfoByName(
1052                 [in]                   policy_handle          *handle,
1053                 [in,ref]               lsa_String             *trusted_domain,
1054                 [in]                   lsa_TrustDomInfoEnum   level,
1055                 [out,ref,switch_is(level)] lsa_TrustedDomainInfo **info
1056                 );
1057
1058         /**********************/
1059         /* Function 0x31 */
1060         [public] NTSTATUS lsa_SetTrustedDomainInfoByName(
1061                 [in]                   policy_handle         *handle,
1062                 [in,ref]               lsa_String             *trusted_domain,
1063                 [in]                   lsa_TrustDomInfoEnum   level,
1064                 [in,ref,switch_is(level)] lsa_TrustedDomainInfo *info
1065                 );
1066
1067         /* Function 0x32 */
1068
1069         /* w2k3 treats max_size as max_domains*82       */
1070         const int LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER = 82;
1071
1072         typedef struct {
1073                 uint32 count;
1074                 [size_is(count)] lsa_TrustDomainInfoInfoEx *domains;
1075         } lsa_DomainListEx;
1076
1077         NTSTATUS lsa_EnumTrustedDomainsEx (
1078                 [in]               policy_handle *handle,
1079                 [in,out]           uint32 *resume_handle,
1080                 [out]              lsa_DomainListEx *domains,
1081                 [in]               uint32 max_size
1082                 );
1083
1084         /* Function 0x33 */
1085         NTSTATUS lsa_CreateTrustedDomainEx(
1086                 [in]  policy_handle               *policy_handle,
1087                 [in]  lsa_TrustDomainInfoInfoEx   *info,
1088                 [in]  lsa_TrustDomainInfoAuthInfo *auth_info,
1089                 [in]  lsa_TrustedAccessMask access_mask,
1090                 [out] policy_handle               *trustdom_handle
1091                 );
1092
1093
1094         /* Function 0x34 */
1095         NTSTATUS lsa_CloseTrustedDomainEx(
1096                 [in,out]                   policy_handle         *handle
1097         );
1098
1099         /* Function 0x35 */
1100         typedef struct {
1101                 uint32 quality_of_service;
1102         } lsa_DomainInfoQoS;
1103
1104         typedef [bitmap32bit] bitmap {
1105                 LSA_POLICY_KERBEROS_VALIDATE_CLIENT = 0x00000080
1106         } lsa_krbAuthenticationOptions;
1107
1108         /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000
1109            for reserved - gd */
1110         typedef struct {
1111                 lsa_krbAuthenticationOptions authentication_options;
1112                 hyper service_tkt_lifetime;
1113                 hyper user_tkt_lifetime;
1114                 hyper user_tkt_renewaltime;
1115                 hyper clock_skew;
1116                 hyper reserved;
1117         } lsa_DomainInfoKerberos;
1118
1119         typedef struct {
1120                 uint32 blob_size;
1121                 [size_is(blob_size)] uint8 *efs_blob;
1122         } lsa_DomainInfoEfs;
1123
1124         typedef enum {
1125                 LSA_DOMAIN_INFO_POLICY_QOS=1,
1126                 LSA_DOMAIN_INFO_POLICY_EFS=2,
1127                 LSA_DOMAIN_INFO_POLICY_KERBEROS=3
1128         } lsa_DomainInfoEnum;
1129
1130         typedef [switch_type(lsa_DomainInfoEnum)] union {
1131                 [case(LSA_DOMAIN_INFO_POLICY_QOS)]      lsa_DomainInfoQoS       qos_info;
1132                 [case(LSA_DOMAIN_INFO_POLICY_EFS)]      lsa_DomainInfoEfs       efs_info;
1133                 [case(LSA_DOMAIN_INFO_POLICY_KERBEROS)] lsa_DomainInfoKerberos  kerberos_info;
1134         } lsa_DomainInformationPolicy;
1135
1136         NTSTATUS lsa_QueryDomainInformationPolicy(
1137                 [in]            policy_handle *handle,
1138                 [in]            lsa_DomainInfoEnum level,
1139                 [out,ref,switch_is(level)]      lsa_DomainInformationPolicy **info
1140                 );
1141
1142         /* Function 0x36 */
1143         NTSTATUS lsa_SetDomainInformationPolicy(
1144                 [in]            policy_handle *handle,
1145                 [in]            lsa_DomainInfoEnum level,
1146                 [in,unique,switch_is(level)]    lsa_DomainInformationPolicy *info
1147                 );
1148
1149         /**********************/
1150         /* Function 0x37 */
1151         NTSTATUS lsa_OpenTrustedDomainByName(
1152                 [in]     policy_handle *handle,
1153                 [in]         lsa_String     name,
1154                 [in]     lsa_TrustedAccessMask access_mask,
1155                 [out]    policy_handle *trustdom_handle
1156                 );
1157
1158         /* Function 0x38 */
1159         [todo] NTSTATUS lsa_TestCall();
1160
1161         /**********************/
1162         /* Function 0x39 */
1163
1164         typedef struct {
1165                 lsa_SidType sid_type;
1166                 lsa_String name;
1167                 uint32 sid_index;
1168                 uint32 unknown;
1169         } lsa_TranslatedName2;
1170
1171         typedef struct {
1172                 [range(0,1000)] uint32 count;
1173                 [size_is(count)] lsa_TranslatedName2 *names;
1174         } lsa_TransNameArray2;
1175
1176         typedef [v1_enum] enum {
1177                 LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES         = 0x00000000,
1178                 LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES_LOCAL   = 0x80000000
1179         } lsa_LookupOptions;
1180
1181         typedef [v1_enum] enum {
1182                 LSA_CLIENT_REVISION_1   = 0x00000001,
1183                 LSA_CLIENT_REVISION_2   = 0x00000002
1184         } lsa_ClientRevision;
1185
1186         [public] NTSTATUS lsa_LookupSids2(
1187                 [in]     policy_handle *handle,
1188                 [in,ref] lsa_SidArray *sids,
1189                 [out,ref]    lsa_RefDomainList **domains,
1190                 [in,out,ref] lsa_TransNameArray2 *names,
1191                 [in]         lsa_LookupNamesLevel level,
1192                 [in,out,ref] uint32 *count,
1193                 [in]         lsa_LookupOptions lookup_options,
1194                 [in]         lsa_ClientRevision client_revision
1195                 );
1196
1197         /**********************/
1198         /* Function 0x3a */
1199
1200         typedef struct {
1201                 lsa_SidType sid_type;
1202                 uint32 rid;
1203                 uint32 sid_index;
1204                 uint32 unknown;
1205         } lsa_TranslatedSid2;
1206
1207         typedef struct {
1208                 [range(0,1000)] uint32 count;
1209                 [size_is(count)] lsa_TranslatedSid2 *sids;
1210         } lsa_TransSidArray2;
1211
1212         [public] NTSTATUS lsa_LookupNames2 (
1213                 [in]     policy_handle *handle,
1214                 [in,range(0,1000)] uint32 num_names,
1215                 [in,size_is(num_names)]  lsa_String names[],
1216                 [out,ref]    lsa_RefDomainList **domains,
1217                 [in,out,ref] lsa_TransSidArray2 *sids,
1218                 [in]         lsa_LookupNamesLevel level,
1219                 [in,out,ref] uint32 *count,
1220                 [in]         lsa_LookupOptions lookup_options,
1221                 [in]         lsa_ClientRevision client_revision
1222                 );
1223
1224         /* Function 0x3b */
1225         NTSTATUS lsa_CreateTrustedDomainEx2(
1226                 [in]  policy_handle               *policy_handle,
1227                 [in]  lsa_TrustDomainInfoInfoEx   *info,
1228                 [in]  lsa_TrustDomainInfoAuthInfoInternal *auth_info_internal,
1229                 [in]  lsa_TrustedAccessMask access_mask,
1230                 [out] policy_handle               *trustdom_handle
1231                 );
1232
1233         /* Function 0x3c */
1234         [todo] NTSTATUS lsa_CREDRWRITE();
1235
1236         /* Function 0x3d */
1237         [todo] NTSTATUS lsa_CREDRREAD();
1238
1239         /* Function 0x3e */
1240         [todo] NTSTATUS lsa_CREDRENUMERATE();
1241
1242         /* Function 0x3f */
1243         [todo] NTSTATUS lsa_CREDRWRITEDOMAINCREDENTIALS();
1244
1245         /* Function 0x40 */
1246         [todo] NTSTATUS lsa_CREDRREADDOMAINCREDENTIALS();
1247
1248         /* Function 0x41 */
1249         [todo] NTSTATUS lsa_CREDRDELETE();
1250
1251         /* Function 0x42 */
1252         [todo] NTSTATUS lsa_CREDRGETTARGETINFO();
1253
1254         /* Function 0x43 */
1255         [todo] NTSTATUS lsa_CREDRPROFILELOADED();
1256
1257         /**********************/
1258         /* Function 0x44 */
1259         typedef struct {
1260                 lsa_SidType sid_type;
1261                 dom_sid2 *sid;
1262                 uint32 sid_index;
1263                 uint32 flags;
1264         } lsa_TranslatedSid3;
1265
1266         typedef struct {
1267                 [range(0,1000)] uint32 count;
1268                 [size_is(count)] lsa_TranslatedSid3 *sids;
1269         } lsa_TransSidArray3;
1270
1271         [public] NTSTATUS lsa_LookupNames3 (
1272                 [in]     policy_handle *handle,
1273                 [in,range(0,1000)] uint32 num_names,
1274                 [in,size_is(num_names)]  lsa_String names[],
1275                 [out,ref]    lsa_RefDomainList **domains,
1276                 [in,out,ref] lsa_TransSidArray3 *sids,
1277                 [in]         lsa_LookupNamesLevel level,
1278                 [in,out,ref] uint32 *count,
1279                 [in]         lsa_LookupOptions lookup_options,
1280                 [in]         lsa_ClientRevision client_revision
1281                 );
1282
1283         /* Function 0x45 */
1284         [todo] NTSTATUS lsa_CREDRGETSESSIONTYPES();
1285
1286         /* Function 0x46 */
1287         [todo] NTSTATUS lsa_LSARREGISTERAUDITEVENT();
1288
1289         /* Function 0x47 */
1290         [todo] NTSTATUS lsa_LSARGENAUDITEVENT();
1291
1292         /* Function 0x48 */
1293         [todo] NTSTATUS lsa_LSARUNREGISTERAUDITEVENT();
1294
1295         /* Function 0x49 */
1296         typedef [bitmap32bit,public] bitmap {
1297                 /* these apply to LSA_FOREST_TRUST_TOP_LEVEL_NAME */
1298                 LSA_TLN_DISABLED_NEW            = 0x00000001,
1299                 LSA_TLN_DISABLED_ADMIN          = 0x00000002,
1300                 LSA_TLN_DISABLED_CONFLICT       = 0x00000004,
1301
1302                 /* these apply to LSA_FOREST_TRUST_DOMAIN_INFO */
1303                 LSA_SID_DISABLED_ADMIN          = 0x00000001,
1304                 LSA_SID_DISABLED_CONFLICT       = 0x00000002,
1305                 LSA_NB_DISABLED_ADMIN           = 0x00000004,
1306                 LSA_NB_DISABLED_CONFLICT        = 0x00000008
1307         } lsa_ForestTrustRecordFlags;
1308
1309         const uint32 LSA_TLN_DISABLED_MASK = (
1310                                         LSA_TLN_DISABLED_NEW |
1311                                         LSA_TLN_DISABLED_ADMIN |
1312                                         LSA_TLN_DISABLED_CONFLICT);
1313         const uint32 LSA_SID_DISABLED_MASK = (
1314                                         LSA_SID_DISABLED_ADMIN |
1315                                         LSA_SID_DISABLED_CONFLICT);
1316         const uint32 LSA_NB_DISABLED_MASK = (
1317                                         LSA_NB_DISABLED_ADMIN |
1318                                         LSA_NB_DISABLED_CONFLICT);
1319
1320         typedef enum {
1321                 LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0,
1322                 LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
1323                 LSA_FOREST_TRUST_DOMAIN_INFO = 2,
1324                 LSA_FOREST_TRUST_BINARY_DATA = 3,
1325                 LSA_FOREST_TRUST_SCANNER_INFO = 4
1326         } lsa_ForestTrustRecordType;
1327         const uint32 LSA_FOREST_TRUST_RECORD_TYPE_LAST =
1328                 LSA_FOREST_TRUST_BINARY_DATA;
1329         const uint32 LSA_FOREST_TRUST_RECORD2_TYPE_LAST =
1330                 LSA_FOREST_TRUST_SCANNER_INFO;
1331
1332         typedef struct {
1333                 [range(0,131072)] uint3264 length;
1334                 [size_is(length)] uint8 *data;
1335         } lsa_ForestTrustBinaryData;
1336
1337         typedef struct {
1338                 dom_sid2 *domain_sid;
1339                 lsa_StringLarge dns_domain_name;
1340                 lsa_StringLarge netbios_domain_name;
1341         } lsa_ForestTrustDomainInfo;
1342
1343         typedef [switch_type(lsa_ForestTrustRecordType)] union {
1344                 [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_StringLarge top_level_name;
1345                 [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex;
1346                 [case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info;
1347                 [default] lsa_ForestTrustBinaryData data;
1348         } lsa_ForestTrustData;
1349
1350         typedef struct {
1351                 lsa_ForestTrustRecordFlags flags;
1352                 lsa_ForestTrustRecordType type;
1353                 NTTIME_hyper time;
1354                 [switch_is(type)] lsa_ForestTrustData forest_trust_data;
1355         } lsa_ForestTrustRecord;
1356
1357         typedef [public] struct {
1358                 [range(0,4000)] uint32 count;
1359                 [size_is(count)] lsa_ForestTrustRecord **entries;
1360         } lsa_ForestTrustInformation;
1361
1362         [public] NTSTATUS lsa_lsaRQueryForestTrustInformation(
1363                 [in] policy_handle *handle,
1364                 [in,ref] lsa_String *trusted_domain_name,
1365                 [in] lsa_ForestTrustRecordType highest_record_type,
1366                 [out,ref] lsa_ForestTrustInformation **forest_trust_info
1367                 );
1368
1369         /*****************
1370          * Function 0x4a */
1371
1372         typedef [v1_enum] enum {
1373                 LSA_FOREST_TRUST_COLLISION_TDO = 0,
1374                 LSA_FOREST_TRUST_COLLISION_XREF = 1,
1375                 LSA_FOREST_TRUST_COLLISION_OTHER = 2
1376         } lsa_ForestTrustCollisionRecordType;
1377
1378         typedef [public] struct {
1379                 uint32 index;
1380                 lsa_ForestTrustCollisionRecordType type;
1381                 lsa_ForestTrustRecordFlags flags;
1382                 lsa_String name;
1383         } lsa_ForestTrustCollisionRecord;
1384
1385         typedef [public] struct {
1386                 uint32 count;
1387                 [size_is(count)] lsa_ForestTrustCollisionRecord **entries;
1388         } lsa_ForestTrustCollisionInfo;
1389
1390         [public] NTSTATUS lsa_lsaRSetForestTrustInformation(
1391                 [in]      policy_handle *handle,
1392                 [in,ref]  lsa_StringLarge *trusted_domain_name,
1393                 [in]      lsa_ForestTrustRecordType highest_record_type,
1394                 [in,ref]  lsa_ForestTrustInformation *forest_trust_info,
1395                 [in]      boolean8 check_only,
1396                 [out,ref] lsa_ForestTrustCollisionInfo **collision_info
1397                 );
1398
1399         /* Function 0x4b */
1400         [todo] NTSTATUS lsa_CREDRRENAME();
1401
1402         /*****************/
1403         /* Function 0x4c */
1404
1405         [public] NTSTATUS lsa_LookupSids3(
1406                 [in,ref]     lsa_SidArray *sids,
1407                 [out,ref]    lsa_RefDomainList **domains,
1408                 [in,out,ref] lsa_TransNameArray2 *names,
1409                 [in]         lsa_LookupNamesLevel level,
1410                 [in,out,ref] uint32 *count,
1411                 [in]         lsa_LookupOptions lookup_options,
1412                 [in]         lsa_ClientRevision client_revision
1413                 );
1414
1415         const int LSA_CLIENT_REVISION_NO_DNS     = 0x00000001;
1416         const int LSA_CLIENT_REVISION_DNS        = 0x00000002;
1417
1418         const int LSA_LOOKUP_OPTIONS_NO_ISOLATED = 0x80000000;
1419
1420         /* Function 0x4d */
1421         NTSTATUS lsa_LookupNames4(
1422                 [in,range(0,1000)] uint32 num_names,
1423                 [in,size_is(num_names)]  lsa_String names[],
1424                 [out,ref]    lsa_RefDomainList **domains,
1425                 [in,out,ref] lsa_TransSidArray3 *sids,
1426                 [in]         lsa_LookupNamesLevel level,
1427                 [in,out,ref] uint32 *count,
1428                 [in]         lsa_LookupOptions lookup_options,
1429                 [in]         lsa_ClientRevision client_revision
1430                 );
1431
1432         /* Function 0x4e */
1433         [todo] NTSTATUS lsa_LSAROPENPOLICYSCE();
1434
1435         /* Function 0x4f */
1436         [todo] NTSTATUS lsa_LSARADTREGISTERSECURITYEVENTSOURCE();
1437
1438         /* Function 0x50 */
1439         [todo] NTSTATUS lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE();
1440
1441         /* Function 0x51 */
1442         [todo] NTSTATUS lsa_LSARADTREPORTSECURITYEVENT();
1443
1444         /* Function 0x52 (82) */
1445         [todo] void lsa_Opnum82NotUsedOnWire(void);
1446
1447         /* Function 0x53 (83) */
1448         [todo] void lsa_Opnum83NotUsedOnWire(void);
1449
1450         /* Function 0x54 (84) */
1451         [todo] void lsa_Opnum84NotUsedOnWire(void);
1452
1453         /* Function 0x55 (85) */
1454         [todo] void lsa_Opnum85NotUsedOnWire(void);
1455
1456         /* Function 0x56 (86) */
1457         [todo] void lsa_Opnum86NotUsedOnWire(void);
1458
1459         /* Function 0x57 (87) */
1460         [todo] void lsa_Opnum87NotUsedOnWire(void);
1461
1462         /* Function 0x58 (88) */
1463         [todo] void lsa_Opnum88NotUsedOnWire(void);
1464
1465         /* Function 0x59 (89) */
1466         [todo] void lsa_Opnum89NotUsedOnWire(void);
1467
1468         /* Function 0x5A (90) */
1469         [todo] void lsa_Opnum90NotUsedOnWire(void);
1470
1471         /* Function 0x5B (91) */
1472         [todo] void lsa_Opnum91NotUsedOnWire(void);
1473
1474         /* Function 0x5C (92) */
1475         [todo] void lsa_Opnum92NotUsedOnWire(void);
1476
1477         /* Function 0x5D (93) */
1478         [todo] void lsa_Opnum93NotUsedOnWire(void);
1479
1480         /* Function 0x5E (94) */
1481         [todo] void lsa_Opnum94NotUsedOnWire(void);
1482
1483         /* Function 0x5F (95) */
1484         [todo] void lsa_Opnum95NotUsedOnWire(void);
1485
1486         /* Function 0x60 (96) */
1487         [todo] void lsa_Opnum96NotUsedOnWire(void);
1488
1489         /* Function 0x61 (97) */
1490         [todo] void lsa_Opnum97NotUsedOnWire(void);
1491
1492         /* Function 0x62 (98) */
1493         [todo] void lsa_Opnum98NotUsedOnWire(void);
1494
1495         /* Function 0x63 (99) */
1496         [todo] void lsa_Opnum99NotUsedOnWire(void);
1497
1498         /* Function 0x64 (100) */
1499         [todo] void lsa_Opnum100NotUsedOnWire(void);
1500
1501         /* Function 0x65 (101) */
1502         [todo] void lsa_Opnum101NotUsedOnWire(void);
1503
1504         /* Function 0x66 (102) */
1505         [todo] void lsa_Opnum102NotUsedOnWire(void);
1506
1507         /* Function 0x67 (103) */
1508         [todo] void lsa_Opnum103NotUsedOnWire(void);
1509
1510         /* Function 0x68 (104) */
1511         [todo] void lsa_Opnum104NotUsedOnWire(void);
1512
1513         /* Function 0x69 (105) */
1514         [todo] void lsa_Opnum105NotUsedOnWire(void);
1515
1516         /* Function 0x6A (106) */
1517         [todo] void lsa_Opnum106NotUsedOnWire(void);
1518
1519         /* Function 0x6B (107) */
1520         [todo] void lsa_Opnum107NotUsedOnWire(void);
1521
1522         /* Function 0x6C (108) */
1523         [todo] void lsa_Opnum108NotUsedOnWire(void);
1524
1525         /* Function 0x6D (109) */
1526         [todo] void lsa_Opnum109NotUsedOnWire(void);
1527
1528         /* Function 0x6E (110) */
1529         [todo] void lsa_Opnum110NotUsedOnWire(void);
1530
1531         /* Function 0x6F (111) */
1532         [todo] void lsa_Opnum111NotUsedOnWire(void);
1533
1534         /* Function 0x70 (112) */
1535         [todo] void lsa_Opnum112NotUsedOnWire(void);
1536
1537         /* Function 0x71 (113) */
1538         [todo] void lsa_Opnum113NotUsedOnWire(void);
1539
1540         /* Function 0x72 (114) */
1541         [todo] void lsa_Opnum114NotUsedOnWire(void);
1542
1543         /* Function 0x73 (115) */
1544         [todo] void lsa_Opnum115NotUsedOnWire(void);
1545
1546         /* Function 0x74 (116) */
1547         [todo] void lsa_Opnum116NotUsedOnWire(void);
1548
1549         /* Function 0x75 (117) */
1550         [todo] void lsa_Opnum117NotUsedOnWire(void);
1551
1552         /* Function 0x76 (118) */
1553         [todo] void lsa_Opnum118NotUsedOnWire(void);
1554
1555         /* Function 0x77 (119) */
1556         [todo] void lsa_Opnum119NotUsedOnWire(void);
1557
1558         /* Function 0x78 (120) */
1559         [todo] void lsa_Opnum120NotUsedOnWire(void);
1560
1561         /* Function 0x79 (121) */
1562         [todo] void lsa_Opnum121NotUsedOnWire(void);
1563
1564         /* Function 0x7A (122) */
1565         [todo] void lsa_Opnum122NotUsedOnWire(void);
1566
1567         /* Function 0x7B (123) */
1568         [todo] void lsa_Opnum123NotUsedOnWire(void);
1569
1570         /* Function 0x7C (124) */
1571         [todo] void lsa_Opnum124NotUsedOnWire(void);
1572
1573         /* Function 0x7D (125) */
1574         [todo] void lsa_Opnum125NotUsedOnWire(void);
1575
1576         /* Function 0x7E (126) */
1577         [todo] void lsa_Opnum126NotUsedOnWire(void);
1578
1579         /* Function 0x7F (127) */
1580         [todo] void lsa_Opnum127NotUsedOnWire(void);
1581
1582         /* Function 0x80 (128) */
1583         [todo] void lsa_Opnum128NotUsedOnWire(void);
1584
1585         /***********************/
1586         /* Function 0x81 (129) */
1587
1588         NTSTATUS lsa_CreateTrustedDomainEx3(
1589                 [in]  policy_handle               *policy_handle,
1590                 [in]  lsa_TrustDomainInfoInfoEx   *info,
1591                 [in]  lsa_TrustDomainInfoAuthInfoInternalAES *auth_info_internal,
1592                 [in]  lsa_TrustedAccessMask       access_mask,
1593                 [out] policy_handle               *trustdom_handle
1594                 );
1595
1596         /***********************/
1597         /* Function 0x82 (130) */
1598
1599         typedef [bitmap32bit] bitmap {
1600                 LSA_FEATURE_TDO_AUTH_INFO_AES_CIPHER    = 0x00000001
1601         } lsa_RevisionSupportedFeature;
1602
1603         typedef struct {
1604                 uint32 revision;
1605                 lsa_RevisionSupportedFeature supported_features;
1606         } lsa_revision_info1;
1607
1608         typedef [switch_type(uint32)] union {
1609                 [case(1)] lsa_revision_info1 info1;
1610         } lsa_revision_info;
1611
1612         [public] NTSTATUS lsa_OpenPolicy3 (
1613                 [in,unique]      [string,charset(UTF16)] uint16 *system_name,
1614                 [in]  lsa_ObjectAttribute *attr,
1615                 [in]  lsa_PolicyAccessMask access_mask,
1616                 [in]  uint32 in_version,
1617                 [in,ref][switch_is(in_version)] lsa_revision_info *in_revision_info,
1618                 [out,ref]  uint32 *out_version,
1619                 [out,ref][switch_is(*out_version)] lsa_revision_info *out_revision_info,
1620                 [out,ref] policy_handle *handle
1621                 );
1622
1623         /* Function 0x83 (131) */
1624         [todo] void lsa_Opnum131NotUsedOnWire(void);
1625
1626         /***********************/
1627         /* Function 0x84 (132) */
1628         typedef [switch_type(lsa_ForestTrustRecordType)] union {
1629                 [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_StringLarge top_level_name;
1630                 [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex;
1631                 [case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info;
1632                 [case(LSA_FOREST_TRUST_BINARY_DATA)] lsa_ForestTrustBinaryData data;
1633                 /*
1634                  * lsa_ForestTrustScannerInfo would have the same
1635                  * definition as lsa_ForestTrustDomainInfo
1636                  */
1637                 [case(LSA_FOREST_TRUST_SCANNER_INFO)] lsa_ForestTrustDomainInfo scanner_info;
1638         } lsa_ForestTrustData2;
1639
1640         typedef struct {
1641                 lsa_ForestTrustRecordFlags flags;
1642                 lsa_ForestTrustRecordType type;
1643                 NTTIME_hyper time;
1644                 [switch_is(type)] lsa_ForestTrustData2 forest_trust_data;
1645         } lsa_ForestTrustRecord2;
1646
1647         typedef [public] struct {
1648                 [range(0,4000)] uint32 count;
1649                 [size_is(count)] lsa_ForestTrustRecord2 **entries;
1650         } lsa_ForestTrustInformation2;
1651
1652         [public] NTSTATUS lsa_lsaRQueryForestTrustInformation2(
1653                 [in] policy_handle *handle,
1654                 [in,ref] lsa_String *trusted_domain_name,
1655                 [in] lsa_ForestTrustRecordType highest_record_type,
1656                 [out,ref] lsa_ForestTrustInformation2 **forest_trust_info
1657                 );
1658
1659         /***********************/
1660         /* Function 0x85 (133) */
1661         [public] NTSTATUS lsa_lsaRSetForestTrustInformation2(
1662                 [in]      policy_handle *handle,
1663                 [in,ref]  lsa_StringLarge *trusted_domain_name,
1664                 [in]      lsa_ForestTrustRecordType highest_record_type,
1665                 [in,ref]  lsa_ForestTrustInformation2 *forest_trust_info,
1666                 [in]      boolean8 check_only,
1667                 [out,ref] lsa_ForestTrustCollisionInfo **collision_info
1668                 );
1669 }