Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
[samba.git] / source4 / librpc / idl / lsa.idl
1 #include "idl_types.h"
2
3 /*
4   lsa interface definition
5 */
6
7 import "security.idl";
8
9 [ uuid("12345778-1234-abcd-ef00-0123456789ab"),
10   version(0.0),
11   endpoint("ncacn_np:[\\pipe\\lsarpc]","ncacn_np:[\\pipe\\netlogon]","ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:", "ncalrpc:"),
12   pointer_default(unique),
13   helpstring("Local Security Authority")
14 ] interface lsarpc
15 {
16         typedef bitmap security_secinfo security_secinfo;
17
18         typedef [public,noejs] struct {
19                 [value(2*strlen_m(string))] uint16 length;
20                 [value(2*strlen_m(string))] uint16 size;
21                 [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
22         } lsa_String;
23
24         typedef [public] struct {
25                 [value(2*strlen_m(string))] uint16 length;
26                 [value(2*(strlen_m(string)+1))] uint16 size;
27                 [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
28         } lsa_StringLarge;
29
30         typedef [public] struct {
31                 uint32 count;
32                 [size_is(count)] lsa_String *names;
33         } lsa_Strings;
34
35         typedef [public] struct {
36                 [value(strlen_m(string))] uint16 length;
37                 [value(strlen_m(string))] uint16 size;
38                 ascstr_noterm *string;
39         } lsa_AsciiString;
40
41         /******************/
42         /* Function: 0x00 */
43         NTSTATUS lsa_Close (
44                 [in,out]     policy_handle *handle
45                 );
46         
47
48         /******************/
49         /* Function: 0x01 */
50         [public] NTSTATUS lsa_Delete (
51                 [in]     policy_handle *handle
52                 );
53
54
55         /******************/
56         /* Function: 0x02 */
57         typedef struct {
58                 uint32 low;
59                 uint32 high;
60         } lsa_LUID;
61         
62         typedef struct {
63                 lsa_StringLarge name;
64                 lsa_LUID luid;
65         } lsa_PrivEntry;
66
67         typedef struct {
68                 uint32 count;
69                 [size_is(count)] lsa_PrivEntry *privs;
70         } lsa_PrivArray;
71
72         [public] NTSTATUS lsa_EnumPrivs (
73                 [in]     policy_handle *handle,
74                 [in,out] uint32 *resume_handle,
75                 [in]         uint32 max_count,
76                 [out]    lsa_PrivArray *privs
77                 );
78
79         /******************/
80         /* Function: 0x03 */
81
82         NTSTATUS lsa_QuerySecurity (
83                 [in]     policy_handle *handle,
84                 [in]         security_secinfo sec_info,
85                 [out,unique]        sec_desc_buf *sdbuf
86                 );
87
88
89         /******************/
90         /* Function: 0x04 */
91         NTSTATUS lsa_SetSecObj ();
92
93
94         /******************/
95         /* Function: 0x05 */
96         NTSTATUS lsa_ChangePassword ();
97
98
99         /******************/
100         /* Function: 0x06 */
101         typedef struct {
102                 uint32  len; /* ignored */
103                 uint16  impersonation_level;
104                 uint8   context_mode;
105                 uint8   effective_only;
106         } lsa_QosInfo;
107         
108         typedef struct {
109                 uint32 len; /* ignored */
110                 uint8 *root_dir;
111                 [string,charset(UTF16)] uint16 *object_name;
112                 uint32 attributes;
113                 security_descriptor *sec_desc;
114                 lsa_QosInfo *sec_qos;
115         } lsa_ObjectAttribute;
116
117         /* notice the screwup with the system_name - thats why MS created
118            OpenPolicy2 */
119         [public] NTSTATUS lsa_OpenPolicy (
120                 [in,unique]       uint16 *system_name,
121                 [in]   lsa_ObjectAttribute *attr,
122                 [in]       uint32 access_mask,
123                 [out]  policy_handle *handle
124                 );
125         
126
127
128         /******************/
129         /* Function: 0x07 */
130
131         typedef struct {
132                 uint32 percent_full;
133                 uint32 log_size;
134                 NTTIME retention_time;
135                 uint8  shutdown_in_progress;
136                 NTTIME time_to_shutdown;
137                 uint32 next_audit_record;
138                 uint32 unknown;
139         } lsa_AuditLogInfo;
140
141         typedef [v1_enum] enum {
142                 LSA_AUDIT_POLICY_NONE=0,
143                 LSA_AUDIT_POLICY_SUCCESS=1,
144                 LSA_AUDIT_POLICY_FAILURE=2,
145                 LSA_AUDIT_POLICY_ALL=(LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE),
146                 LSA_AUDIT_POLICY_CLEAR=4
147         } lsa_PolicyAuditPolicy;
148
149         typedef enum {
150                 LSA_AUDIT_CATEGORY_SYSTEM = 0,
151                 LSA_AUDIT_CATEGORY_LOGON = 1,
152                 LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS = 2,
153                 LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS = 3,
154                 LSA_AUDIT_CATEGORY_PROCCESS_TRACKING = 4,
155                 LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES = 5,
156                 LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT = 6,
157                 LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS = 7,        /* only in win2k/2k3 */
158                 LSA_AUDIT_CATEGORY_ACCOUNT_LOGON = 8                    /* only in win2k/2k3 */
159         } lsa_PolicyAuditEventType;
160
161         typedef struct {
162                 uint32 auditing_mode;
163                 [size_is(count)] lsa_PolicyAuditPolicy *settings;
164                 uint32 count;
165         } lsa_AuditEventsInfo;
166
167         typedef struct {
168                 lsa_StringLarge name;
169                 dom_sid2 *sid;
170         } lsa_DomainInfo;
171
172         typedef struct {
173                 lsa_String name;
174         } lsa_PDAccountInfo;
175
176         typedef struct {
177                 uint16 unknown; /* an midl padding bug? */
178                 uint16 role;
179         } lsa_ServerRole;
180
181         typedef struct {
182                 lsa_String source;
183                 lsa_String account;
184         } lsa_ReplicaSourceInfo;
185
186         typedef struct {
187                 uint32 paged_pool;
188                 uint32 non_paged_pool;
189                 uint32 min_wss;
190                 uint32 max_wss;
191                 uint32 pagefile;
192                 hyper unknown;
193         } lsa_DefaultQuotaInfo;
194
195         typedef struct {
196                 hyper modified_id;
197                 NTTIME db_create_time;
198         } lsa_ModificationInfo;
199
200         typedef struct {
201                 uint8 shutdown_on_full;
202         } lsa_AuditFullSetInfo;
203
204         typedef struct {
205                 uint16 unknown; /* an midl padding bug? */
206                 uint8 shutdown_on_full;
207                 uint8 log_is_full;
208         } lsa_AuditFullQueryInfo;
209
210         typedef struct {
211                 /* it's important that we use the lsa_StringLarge here,
212                  * because otherwise windows clients result with such dns hostnames
213                  * e.g. w2k3-client.samba4.samba.orgsamba4.samba.org
214                  * where it should be
215                  *      w2k3-client.samba4.samba.org
216                  */
217                 lsa_StringLarge name;
218                 lsa_StringLarge dns_domain;
219                 lsa_StringLarge dns_forest;
220                 GUID domain_guid;
221                 dom_sid2 *sid;
222         } lsa_DnsDomainInfo;
223
224         typedef enum {
225                 LSA_POLICY_INFO_AUDIT_LOG=1,
226                 LSA_POLICY_INFO_AUDIT_EVENTS=2,
227                 LSA_POLICY_INFO_DOMAIN=3,
228                 LSA_POLICY_INFO_PD=4,
229                 LSA_POLICY_INFO_ACCOUNT_DOMAIN=5,
230                 LSA_POLICY_INFO_ROLE=6,
231                 LSA_POLICY_INFO_REPLICA=7,
232                 LSA_POLICY_INFO_QUOTA=8,
233                 LSA_POLICY_INFO_DB=9,
234                 LSA_POLICY_INFO_AUDIT_FULL_SET=10,
235                 LSA_POLICY_INFO_AUDIT_FULL_QUERY=11,
236                 LSA_POLICY_INFO_DNS=12
237         } lsa_PolicyInfo;
238
239         typedef [switch_type(uint16)] union {
240                 [case(LSA_POLICY_INFO_AUDIT_LOG)]        lsa_AuditLogInfo       audit_log;
241                 [case(LSA_POLICY_INFO_AUDIT_EVENTS)]     lsa_AuditEventsInfo    audit_events;
242                 [case(LSA_POLICY_INFO_DOMAIN)]           lsa_DomainInfo         domain;
243                 [case(LSA_POLICY_INFO_PD)]               lsa_PDAccountInfo      pd;
244                 [case(LSA_POLICY_INFO_ACCOUNT_DOMAIN)]   lsa_DomainInfo         account_domain;
245                 [case(LSA_POLICY_INFO_ROLE)]             lsa_ServerRole         role;
246                 [case(LSA_POLICY_INFO_REPLICA)]          lsa_ReplicaSourceInfo  replica;
247                 [case(LSA_POLICY_INFO_QUOTA)]            lsa_DefaultQuotaInfo   quota;
248                 [case(LSA_POLICY_INFO_DB)]               lsa_ModificationInfo   db;
249                 [case(LSA_POLICY_INFO_AUDIT_FULL_SET)]   lsa_AuditFullSetInfo   auditfullset;
250                 [case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery;
251                 [case(LSA_POLICY_INFO_DNS)]              lsa_DnsDomainInfo      dns;
252         } lsa_PolicyInformation;
253
254         NTSTATUS lsa_QueryInfoPolicy (
255                 [in]                            policy_handle *handle,
256                 [in]                            lsa_PolicyInfo level,
257                 [out,unique,switch_is(level)]   lsa_PolicyInformation *info
258                 );
259
260         /******************/
261         /* Function:       0x08 */
262         NTSTATUS lsa_SetInfoPolicy (
263                 [in]                            policy_handle *handle,
264                 [in]                            lsa_PolicyInfo level,
265                 [in,switch_is(level)]           lsa_PolicyInformation *info
266                 );
267
268         /******************/
269         /* Function:       0x09 */
270         NTSTATUS lsa_ClearAuditLog ();
271
272         /******************/
273         /* Function: 0x0a */
274         [public] NTSTATUS lsa_CreateAccount (
275                 [in]    policy_handle *handle,
276                 [in]    dom_sid2 *sid,
277                 [in]    uint32 access_mask,
278                 [out]   policy_handle *acct_handle
279                 );
280
281         /******************/
282         /* NOTE: This only returns accounts that have at least
283            one privilege set 
284         */
285         /* Function: 0x0b */
286         typedef struct {
287                 dom_sid2 *sid;
288         } lsa_SidPtr;
289         
290         typedef [public] struct {
291                 [range(0,1000)] uint32 num_sids;
292                 [size_is(num_sids)] lsa_SidPtr *sids;
293         } lsa_SidArray;
294
295         [public] NTSTATUS lsa_EnumAccounts (
296                 [in]         policy_handle *handle,
297                 [in,out]     uint32 *resume_handle,
298                 [in,range(0,8192)] uint32 num_entries,
299                 [out]        lsa_SidArray *sids
300                 );
301
302
303         /*************************************************/
304         /* Function: 0x0c                                */
305
306         [public] NTSTATUS lsa_CreateTrustedDomain(
307                 [in]         policy_handle *handle,
308                 [in]         lsa_DomainInfo *info,
309                 [in]         uint32 access_mask,
310                 [out]        policy_handle *trustdom_handle
311                 );
312
313
314         /******************/
315         /* Function: 0x0d */
316
317         /* w2k3 treats max_size as max_domains*60       */
318         const int LSA_ENUM_TRUST_DOMAIN_MULTIPLIER = 60;
319
320         typedef struct {
321                 uint32 count;
322                 [size_is(count)] lsa_DomainInfo *domains;
323         } lsa_DomainList;
324
325         NTSTATUS lsa_EnumTrustDom (
326                 [in]               policy_handle *handle,
327                 [in,out]           uint32 *resume_handle,
328                 [in]               uint32 max_size,
329                 [out]              lsa_DomainList *domains
330                 );
331
332
333         /******************/
334         /* Function: 0x0e */
335         typedef enum {
336                 SID_NAME_USE_NONE = 0,/* NOTUSED */
337                 SID_NAME_USER     = 1, /* user */
338                 SID_NAME_DOM_GRP  = 2, /* domain group */
339                 SID_NAME_DOMAIN   = 3, /* domain: don't know what this is */
340                 SID_NAME_ALIAS    = 4, /* local group */
341                 SID_NAME_WKN_GRP  = 5, /* well-known group */
342                 SID_NAME_DELETED  = 6, /* deleted account: needed for c2 rating */
343                 SID_NAME_INVALID  = 7, /* invalid account */
344                 SID_NAME_UNKNOWN  = 8, /* oops. */
345                 SID_NAME_COMPUTER = 9  /* machine */
346         } lsa_SidType;
347
348         typedef struct {
349                 lsa_SidType sid_type;
350                 uint32 rid;
351                 uint32 sid_index;
352         } lsa_TranslatedSid;
353
354         typedef struct {
355                 [range(0,1000)] uint32 count;
356                 [size_is(count)] lsa_TranslatedSid *sids;
357         } lsa_TransSidArray;
358
359         const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32;
360         typedef struct {
361                 [range(0,1000)] uint32 count;
362                 [size_is(count)] lsa_DomainInfo *domains;
363                 uint32 max_size;
364         } lsa_RefDomainList;
365
366         /* Level 1: Ask everywhere
367          * Level 2: Ask domain and trusted domains, no builtin and wkn
368          * Level 3: Only ask domain
369          * Level 4: W2k3ad: Only ask AD trusts
370          * Level 5: Only ask transitive forest trusts
371          * Level 6: Like 4
372          */
373
374         typedef enum {
375                 LSA_LOOKUP_NAMES_ALL = 1,
376                 LSA_LOOKUP_NAMES_DOMAINS_ONLY = 2,
377                 LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3,
378                 LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY = 4,
379                 LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY = 5,
380                 LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6
381         } lsa_LookupNamesLevel;
382
383         [public] NTSTATUS lsa_LookupNames (
384                 [in]         policy_handle *handle,
385                 [in,range(0,1000)] uint32 num_names,
386                 [in,size_is(num_names)]  lsa_String names[],
387                 [out,unique] lsa_RefDomainList *domains,
388                 [in,out]     lsa_TransSidArray *sids,
389                 [in]         lsa_LookupNamesLevel level,
390                 [in,out]     uint32 *count
391                 );
392
393
394         /******************/
395         /* Function: 0x0f */
396
397         typedef struct {
398                 lsa_SidType sid_type;
399                 lsa_String name;
400                 uint32 sid_index;
401         } lsa_TranslatedName;
402
403         typedef struct {
404                 [range(0,1000)] uint32 count;
405                 [size_is(count)] lsa_TranslatedName *names;
406         } lsa_TransNameArray;
407
408         [public] NTSTATUS lsa_LookupSids (
409                 [in]         policy_handle *handle,
410                 [in]         lsa_SidArray *sids,
411                 [out,unique]        lsa_RefDomainList *domains,
412                 [in,out]     lsa_TransNameArray *names,
413                 [in]         uint16 level,
414                 [in,out] uint32 *count
415                 );
416
417
418         /* Function:        0x10 */
419         [public] NTSTATUS lsa_CreateSecret(
420                 [in]         policy_handle *handle,
421                 [in]         lsa_String       name,
422                 [in]         uint32         access_mask,
423                 [out]        policy_handle *sec_handle
424                 );
425
426
427         /*****************************************/
428         /* Function:     0x11                    */
429         NTSTATUS lsa_OpenAccount (
430                 [in]         policy_handle *handle,
431                 [in]         dom_sid2 *sid,
432                 [in]         uint32 access_mask,
433                 [out]        policy_handle *acct_handle
434                 );
435
436
437         /****************************************/
438         /* Function:    0x12                    */
439
440         typedef struct {
441                 lsa_LUID luid;
442                 uint32 attribute;
443         } lsa_LUIDAttribute;
444         
445         typedef struct {
446                 [range(0,1000)] uint32 count;
447                 uint32 unknown;
448                 [size_is(count)] lsa_LUIDAttribute set[*];
449         } lsa_PrivilegeSet;
450         
451         NTSTATUS lsa_EnumPrivsAccount (
452                 [in]         policy_handle *handle,
453                 [out,unique] lsa_PrivilegeSet *privs
454                 );
455
456
457         /****************************************/
458         /* Function:            0x13 */
459         NTSTATUS lsa_AddPrivilegesToAccount(
460                 [in]         policy_handle *handle,
461                 [in]         lsa_PrivilegeSet *privs
462                 );
463         
464
465         /****************************************/
466         /* Function:         0x14 */
467         NTSTATUS lsa_RemovePrivilegesFromAccount(
468                 [in]         policy_handle *handle,
469                 [in]         uint8 remove_all,
470                 [in,unique]  lsa_PrivilegeSet *privs
471                 );
472
473         /* Function:           0x15 */
474         NTSTATUS lsa_GetQuotasForAccount();
475         
476         /* Function:           0x16 */
477         NTSTATUS lsa_SetQuotasForAccount();
478         
479         /* Function:    0x17 */
480         NTSTATUS lsa_GetSystemAccessAccount();
481         /* Function:    0x18 */
482         NTSTATUS lsa_SetSystemAccessAccount();
483
484         /* Function:        0x19 */
485         NTSTATUS lsa_OpenTrustedDomain(
486                 [in]     policy_handle *handle,
487                 [in]     dom_sid2      *sid,
488                 [in]         uint32         access_mask,
489                 [out]    policy_handle *trustdom_handle
490                 );
491
492         typedef [flag(NDR_PAHEX)] struct {
493                 uint32 length;
494                 uint32 size;
495                 [size_is(size),length_is(length)] uint8 *data;
496         } lsa_DATA_BUF;
497
498         typedef [flag(NDR_PAHEX)] struct {
499                 [range(0,65536)] uint32 size;
500                 [size_is(size)] uint8 *data;
501         } lsa_DATA_BUF2;
502
503         typedef enum {
504                 LSA_TRUSTED_DOMAIN_INFO_NAME             = 1,
505                 LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS_INFO = 2,
506                 LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET     = 3,
507                 LSA_TRUSTED_DOMAIN_INFO_PASSWORD         = 4,
508                 LSA_TRUSTED_DOMAIN_INFO_BASIC            = 5,
509                 LSA_TRUSTED_DOMAIN_INFO_INFO_EX          = 6,
510                 LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO        = 7,
511                 LSA_TRUSTED_DOMAIN_INFO_FULL_INFO        = 8,
512                 LSA_TRUSTED_DOMAIN_INFO_11               = 11,
513                 LSA_TRUSTED_DOMAIN_INFO_INFO_ALL         = 12
514         } lsa_TrustDomInfoEnum;
515
516         typedef struct {
517                 lsa_StringLarge  netbios_name;
518         } lsa_TrustDomainInfoName;
519
520         typedef struct {
521                 uint32         posix_offset;
522         } lsa_TrustDomainInfoPosixOffset;
523
524         typedef struct {
525                 lsa_DATA_BUF  *password;
526                 lsa_DATA_BUF  *old_password;
527         } lsa_TrustDomainInfoPassword;
528
529         typedef struct {
530                 lsa_String     netbios_name;
531                 dom_sid2      *sid;
532         } lsa_TrustDomainInfoBasic;
533
534         typedef struct {
535                 lsa_StringLarge     domain_name;
536                 lsa_StringLarge     netbios_name;
537                 dom_sid2      *sid;
538                 uint32         trust_direction;
539                 uint32         trust_type;
540                 uint32         trust_attributes;
541         } lsa_TrustDomainInfoInfoEx;
542
543         typedef struct {
544                 NTTIME_hyper   last_update_time;
545                 uint32         secret_type;
546                 lsa_DATA_BUF2  data;
547         } lsa_TrustDomainInfoBuffer;
548
549         typedef struct {
550                 uint32 incoming_count;
551                 lsa_TrustDomainInfoBuffer *incoming_current_auth_info;
552                 lsa_TrustDomainInfoBuffer *incoming_previous_auth_info;
553                 uint32 outgoing_count;
554                 lsa_TrustDomainInfoBuffer *outgoing_current_auth_info;
555                 lsa_TrustDomainInfoBuffer *outgoing_previous_auth_info;
556         } lsa_TrustDomainInfoAuthInfo;
557
558         typedef struct {
559                 lsa_TrustDomainInfoInfoEx      info_ex;
560                 lsa_TrustDomainInfoPosixOffset posix_offset;
561                 lsa_TrustDomainInfoAuthInfo    auth_info;
562         } lsa_TrustDomainInfoFullInfo;
563
564         typedef struct {
565                 lsa_TrustDomainInfoInfoEx      info_ex;
566                 lsa_DATA_BUF2                  data1;
567         } lsa_TrustDomainInfo11;
568
569         typedef struct {
570                 lsa_TrustDomainInfoInfoEx      info_ex;
571                 lsa_DATA_BUF2                  data1;
572                 lsa_TrustDomainInfoPosixOffset posix_offset;
573                 lsa_TrustDomainInfoAuthInfo    auth_info;
574         } lsa_TrustDomainInfoInfoAll;
575
576         typedef [switch_type(lsa_TrustDomInfoEnum)] union {
577                 [case(LSA_TRUSTED_DOMAIN_INFO_NAME)]         lsa_TrustDomainInfoName        name;
578                 [case(LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET)] lsa_TrustDomainInfoPosixOffset posix_offset;
579                 [case(LSA_TRUSTED_DOMAIN_INFO_PASSWORD)]     lsa_TrustDomainInfoPassword    password;
580                 [case(LSA_TRUSTED_DOMAIN_INFO_BASIC)]        lsa_TrustDomainInfoBasic       info_basic;
581                 [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX)]      lsa_TrustDomainInfoInfoEx      info_ex;
582                 [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO)]    lsa_TrustDomainInfoAuthInfo    auth_info;
583                 [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)]    lsa_TrustDomainInfoFullInfo    full_info;
584                 [case(LSA_TRUSTED_DOMAIN_INFO_11)]           lsa_TrustDomainInfo11          info11;
585                 [case(LSA_TRUSTED_DOMAIN_INFO_INFO_ALL)]     lsa_TrustDomainInfoInfoAll     info_all;
586         } lsa_TrustedDomainInfo;
587
588         /* Function:       0x1a */
589         NTSTATUS lsa_QueryTrustedDomainInfo(
590                 [in]     policy_handle                   *trustdom_handle,
591                 [in]     lsa_TrustDomInfoEnum             level, 
592                 [out,switch_is(level),unique] lsa_TrustedDomainInfo *info
593                 );
594
595         /* Function:     0x1b */
596         NTSTATUS lsa_SetInformationTrustedDomain();
597
598         /* Function:          0x1c */
599         [public] NTSTATUS lsa_OpenSecret(
600                 [in]     policy_handle    *handle,
601                 [in]         lsa_String        name,
602                 [in]         uint32            access_mask,
603                 [out]    policy_handle    *sec_handle
604                 );
605
606         /* Function:           0x1d */
607
608         [public] NTSTATUS lsa_SetSecret(
609                 [in]     policy_handle    *sec_handle,
610                 [in,unique]         lsa_DATA_BUF     *new_val,
611                 [in,unique]         lsa_DATA_BUF     *old_val
612                 );
613
614         typedef struct {
615                 lsa_DATA_BUF *buf;
616         } lsa_DATA_BUF_PTR;
617
618         /* Function:         0x1e */
619         [public] NTSTATUS lsa_QuerySecret (
620                 [in]     policy_handle     *sec_handle,
621                 [in,out,unique]     lsa_DATA_BUF_PTR  *new_val,
622                 [in,out,unique]     NTTIME_hyper      *new_mtime,
623                 [in,out,unique]     lsa_DATA_BUF_PTR  *old_val,
624                 [in,out,unique]     NTTIME_hyper      *old_mtime
625                 );
626
627         /* Function:     0x1f */
628         NTSTATUS lsa_LookupPrivValue(
629                 [in]     policy_handle *handle,
630                 [in]     lsa_String *name,
631                 [out]    lsa_LUID *luid
632                 );
633
634
635         /* Function:      0x20 */
636         NTSTATUS lsa_LookupPrivName (
637                 [in]     policy_handle *handle,
638                 [in]     lsa_LUID *luid,
639                 [out,unique]        lsa_StringLarge *name
640                 );
641
642
643         /*******************/
644         /* Function:  0x21 */
645         NTSTATUS lsa_LookupPrivDisplayName (
646                 [in]     policy_handle *handle,
647                 [in]     lsa_String *name,
648                 [out,unique]        lsa_StringLarge *disp_name,
649                 /* see http://www.microsoft.com/globaldev/nlsweb/ for
650                    language definitions */
651                 [in,out] uint16 *language_id,
652                 [in]         uint16 unknown
653                 );
654
655         /* Function:        0x22 */
656         NTSTATUS lsa_DeleteObject();
657
658         
659         /*******************/
660         /* Function:      0x23 */
661         NTSTATUS lsa_EnumAccountsWithUserRight (
662                 [in]     policy_handle *handle,
663                 [in,unique]         lsa_String *name,
664                 [out]    lsa_SidArray *sids
665                 );
666
667         /* Function:      0x24 */
668         typedef struct {
669                 [string,charset(UTF16)] uint16 *name;
670         } lsa_RightAttribute;
671         
672         typedef struct {
673                 uint32 count;
674                 [size_is(count)] lsa_StringLarge *names;
675         } lsa_RightSet;
676         
677         NTSTATUS lsa_EnumAccountRights (
678                 [in]     policy_handle *handle,
679                 [in]     dom_sid2 *sid,
680                 [out]    lsa_RightSet *rights
681                 );
682
683
684         /**********************/
685         /* Function:       0x25 */
686         NTSTATUS lsa_AddAccountRights (
687                 [in]     policy_handle *handle,
688                 [in]     dom_sid2 *sid,
689                 [in]     lsa_RightSet *rights
690                 );
691         
692         /**********************/
693         /* Function:       0x26 */
694         NTSTATUS lsa_RemoveAccountRights (
695                 [in]     policy_handle *handle,
696                 [in]     dom_sid2 *sid,
697                 [in]         uint32 unknown,
698                 [in]     lsa_RightSet *rights
699                 );
700
701         /* Function:   0x27 */
702         NTSTATUS lsa_QueryTrustedDomainInfoBySid(
703                 [in]               policy_handle         *handle,
704                 [in]               dom_sid2              *dom_sid,
705                 [in]                   lsa_TrustDomInfoEnum  level, 
706                 [out,switch_is(level),unique] lsa_TrustedDomainInfo *info
707         );
708
709         /* Function:     0x28 */
710         NTSTATUS lsa_SetTrustedDomainInfo();
711         /* Function:      0x29 */
712         NTSTATUS lsa_DeleteTrustedDomain(
713                 [in]               policy_handle         *handle,
714                 [in]               dom_sid2              *dom_sid
715         );
716
717         /* Function:       0x2a */
718         NTSTATUS lsa_StorePrivateData();
719         /* Function:        0x2b */
720         NTSTATUS lsa_RetrievePrivateData();
721
722
723         /**********************/
724         /* Function:     0x2c */
725         [public] NTSTATUS lsa_OpenPolicy2 (
726                 [in,unique]      [string,charset(UTF16)] uint16 *system_name,
727                 [in]  lsa_ObjectAttribute *attr,
728                 [in]      uint32 access_mask,
729                 [out] policy_handle *handle
730                 );
731
732         /**********************/
733         /* Function:     0x2d */
734         typedef struct {
735                 lsa_String *string;
736         } lsa_StringPointer;
737
738         NTSTATUS lsa_GetUserName(
739                 [in,unique] [string,charset(UTF16)] uint16 *system_name,
740                 [in,out,unique] lsa_String *account_name,
741                 [in,out,unique] lsa_StringPointer *authority_name
742                 );
743
744         /**********************/
745         /* Function:          0x2e */
746
747         NTSTATUS lsa_QueryInfoPolicy2(
748                 [in]                 policy_handle *handle,
749                 [in]                     lsa_PolicyInfo level,
750                 [out,unique,switch_is(level)]   lsa_PolicyInformation *info
751                 );
752
753         /* Function 0x2f */
754         NTSTATUS lsa_SetInfoPolicy2(
755                 [in]                            policy_handle *handle,
756                 [in]                            lsa_PolicyInfo level,
757                 [in,switch_is(level)]           lsa_PolicyInformation *info
758                 );
759
760         /**********************/
761         /* Function 0x30 */
762         NTSTATUS lsa_QueryTrustedDomainInfoByName(
763                 [in]                   policy_handle         *handle,
764                 [in]                   lsa_String             trusted_domain,
765                 [in]                   lsa_TrustDomInfoEnum   level, 
766                 [out,unique,switch_is(level)] lsa_TrustedDomainInfo *info
767                 );
768
769         /**********************/
770         /* Function 0x31 */
771         NTSTATUS lsa_SetTrustedDomainInfoByName(
772                 [in]                   policy_handle         *handle,
773                 [in]                   lsa_String             trusted_domain,
774                 [in]                   lsa_TrustDomInfoEnum   level, 
775                 [in,unique,switch_is(level)] lsa_TrustedDomainInfo *info
776                 );
777
778         /* Function 0x32 */
779
780         /* w2k3 treats max_size as max_domains*82       */
781         const int LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER = 82;
782
783         typedef struct {
784                 uint32 count;
785                 [size_is(count)] lsa_TrustDomainInfoInfoEx *domains;
786         } lsa_DomainListEx;
787
788         NTSTATUS lsa_EnumTrustedDomainsEx (
789                 [in]               policy_handle *handle,
790                 [in,out]           uint32 *resume_handle,
791                 [out]              lsa_DomainListEx *domains,
792                 [in]               uint32 max_size
793                 );
794
795
796         /* Function 0x33 */
797         NTSTATUS lsa_CreateTrustedDomainEx();
798
799         /* Function 0x34 */
800         NTSTATUS lsa_CloseTrustedDomainEx(
801                 [in,out]                   policy_handle         *handle
802         );
803
804         /* Function 0x35 */
805
806         /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000 
807            for unknown6 - gd */
808         typedef struct {
809                 uint32 enforce_restrictions;
810                 hyper service_tkt_lifetime;
811                 hyper user_tkt_lifetime;
812                 hyper user_tkt_renewaltime;
813                 hyper clock_skew;
814                 hyper unknown6;
815         } lsa_DomainInfoKerberos;
816
817         typedef struct {
818                 uint32 blob_size;
819                 [size_is(blob_size)] uint8 *efs_blob;
820         } lsa_DomainInfoEfs;
821
822         typedef enum {
823                 LSA_DOMAIN_INFO_POLICY_EFS=2,
824                 LSA_DOMAIN_INFO_POLICY_KERBEROS=3
825         } lsa_DomainInfoEnum;
826
827         typedef [switch_type(uint16)] union {
828                 [case(LSA_DOMAIN_INFO_POLICY_EFS)]      lsa_DomainInfoEfs       efs_info;
829                 [case(LSA_DOMAIN_INFO_POLICY_KERBEROS)] lsa_DomainInfoKerberos  kerberos_info;
830         } lsa_DomainInformationPolicy;
831
832         NTSTATUS lsa_QueryDomainInformationPolicy(
833                 [in]            policy_handle *handle,
834                 [in]                    uint16 level,
835                 [out,unique,switch_is(level)]   lsa_DomainInformationPolicy *info
836                 );
837
838         /* Function 0x36 */
839         NTSTATUS lsa_SetDomainInformationPolicy(
840                 [in]            policy_handle *handle,
841                 [in]                    uint16 level,
842                 [in,unique,switch_is(level)]    lsa_DomainInformationPolicy *info
843                 );
844
845         /**********************/
846         /* Function 0x37 */
847         NTSTATUS lsa_OpenTrustedDomainByName(
848                 [in]     policy_handle *handle,
849                 [in]         lsa_String     name,
850                 [in]         uint32         access_mask,
851                 [out]    policy_handle *trustdom_handle
852                 );
853
854         /* Function 0x38 */
855         NTSTATUS lsa_TestCall();
856
857         /**********************/
858         /* Function 0x39 */
859
860         typedef struct {
861                 lsa_SidType sid_type;
862                 lsa_String name;
863                 uint32 sid_index;
864                 uint32 unknown;
865         } lsa_TranslatedName2;
866
867         typedef struct {
868                 [range(0,1000)] uint32 count;
869                 [size_is(count)] lsa_TranslatedName2 *names;
870         } lsa_TransNameArray2;
871
872         [public] NTSTATUS lsa_LookupSids2(
873                 [in]     policy_handle *handle,
874                 [in]     lsa_SidArray *sids,
875                 [out,unique]        lsa_RefDomainList *domains,
876                 [in,out] lsa_TransNameArray2 *names,
877                 [in]         uint16 level,
878                 [in,out] uint32 *count,
879                 [in]         uint32 unknown1,
880                 [in]         uint32 unknown2
881                 );
882
883         /**********************/
884         /* Function 0x3a */
885
886         typedef struct {
887                 lsa_SidType sid_type;
888                 uint32 rid;
889                 uint32 sid_index;
890                 uint32 unknown;
891         } lsa_TranslatedSid2;
892
893         typedef struct {
894                 [range(0,1000)] uint32 count;
895                 [size_is(count)] lsa_TranslatedSid2 *sids;
896         } lsa_TransSidArray2;
897
898         [public] NTSTATUS lsa_LookupNames2 (
899                 [in]     policy_handle *handle,
900                 [in,range(0,1000)] uint32 num_names,
901                 [in,size_is(num_names)]  lsa_String names[],
902                 [out,unique]        lsa_RefDomainList *domains,
903                 [in,out] lsa_TransSidArray2 *sids,
904                 [in]         lsa_LookupNamesLevel level,
905                 [in,out] uint32 *count,
906                 [in]         uint32 unknown1,
907                 [in]         uint32 unknown2
908                 );
909
910         /* Function 0x3b */
911         NTSTATUS lsa_CreateTrustedDomainEx2();
912
913         /* Function 0x3c */
914         NTSTATUS lsa_CREDRWRITE();
915
916         /* Function 0x3d */
917         NTSTATUS lsa_CREDRREAD();
918
919         /* Function 0x3e */
920         NTSTATUS lsa_CREDRENUMERATE();
921
922         /* Function 0x3f */
923         NTSTATUS lsa_CREDRWRITEDOMAINCREDENTIALS();
924
925         /* Function 0x40 */
926         NTSTATUS lsa_CREDRREADDOMAINCREDENTIALS();
927
928         /* Function 0x41 */
929         NTSTATUS lsa_CREDRDELETE();
930
931         /* Function 0x42 */
932         NTSTATUS lsa_CREDRGETTARGETINFO();
933
934         /* Function 0x43 */
935         NTSTATUS lsa_CREDRPROFILELOADED();
936
937         /**********************/
938         /* Function 0x44 */
939         typedef struct {
940                 lsa_SidType sid_type;
941                 dom_sid2 *sid;
942                 uint32 sid_index;
943                 uint32 unknown;
944         } lsa_TranslatedSid3;
945
946         typedef struct {
947                 [range(0,1000)] uint32 count;
948                 [size_is(count)] lsa_TranslatedSid3 *sids;
949         } lsa_TransSidArray3;
950
951         [public] NTSTATUS lsa_LookupNames3 (
952                 [in]     policy_handle *handle,
953                 [in,range(0,1000)] uint32 num_names,
954                 [in,size_is(num_names)]  lsa_String names[],
955                 [out,unique]        lsa_RefDomainList *domains,
956                 [in,out] lsa_TransSidArray3 *sids,
957                 [in]         lsa_LookupNamesLevel level,
958                 [in,out] uint32 *count,
959                 [in]         uint32 unknown1,
960                 [in]         uint32 unknown2
961                 );
962
963         /* Function 0x45 */
964         NTSTATUS lsa_CREDRGETSESSIONTYPES();
965
966         /* Function 0x46 */
967         NTSTATUS lsa_LSARREGISTERAUDITEVENT();
968
969         /* Function 0x47 */
970         NTSTATUS lsa_LSARGENAUDITEVENT();
971
972         /* Function 0x48 */
973         NTSTATUS lsa_LSARUNREGISTERAUDITEVENT();
974
975         /* Function 0x49 */
976         typedef struct {
977                 [range(0,131072)] uint32 length;
978                 [size_is(length)] uint8 *data;
979         } lsa_ForestTrustBinaryData;
980
981         typedef struct {
982                 dom_sid2 *domain_sid;
983                 lsa_StringLarge dns_domain_name;
984                 lsa_StringLarge netbios_domain_name;
985         } lsa_ForestTrustDomainInfo;
986
987         typedef [switch_type(uint32)] union {
988                 [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_String top_level_name;
989                 [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex;
990                 [case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info;
991                 [default] lsa_ForestTrustBinaryData data;
992         } lsa_ForestTrustData;
993
994         typedef [v1_enum] enum {
995                 LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0,
996                 LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
997                 LSA_FOREST_TRUST_DOMAIN_INFO = 2,
998                 LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3
999         } lsa_ForestTrustRecordType;
1000
1001         typedef struct {
1002                 uint32 flags;
1003                 lsa_ForestTrustRecordType level;
1004                 hyper unknown;
1005                 [switch_is(level)] lsa_ForestTrustData forest_trust_data;
1006         } lsa_ForestTrustRecord;
1007
1008         typedef [public] struct {
1009                 [range(0,4000)] uint32 count;
1010                 [size_is(count)] lsa_ForestTrustRecord **entries;
1011         } lsa_ForestTrustInformation;
1012
1013         NTSTATUS lsa_lsaRQueryForestTrustInformation(
1014                 [in] policy_handle *handle,
1015                 [in,ref] lsa_String *trusted_domain_name,
1016                 [in] uint16 unknown, /* level ? */
1017                 [out,ref] lsa_ForestTrustInformation **forest_trust_info
1018                 );
1019
1020         /* Function 0x4a */
1021         NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION();
1022
1023         /* Function 0x4b */
1024         NTSTATUS lsa_CREDRRENAME();
1025
1026         /*****************/
1027         /* Function 0x4c */
1028
1029         [public] NTSTATUS lsa_LookupSids3(
1030                 [in]         lsa_SidArray *sids,
1031                 [out,unique] lsa_RefDomainList *domains,
1032                 [in,out]     lsa_TransNameArray2 *names,
1033                 [in]         uint16 level,
1034                 [in,out]     uint32 *count,
1035                 [in]         uint32 unknown1,
1036                 [in]         uint32 unknown2
1037                 );
1038
1039         /* Function 0x4d */
1040         NTSTATUS lsa_LookupNames4(
1041                 [in,range(0,1000)] uint32 num_names,
1042                 [in,size_is(num_names)]  lsa_String names[],
1043                 [out,unique]        lsa_RefDomainList *domains,
1044                 [in,out] lsa_TransSidArray3 *sids,
1045                 [in]         lsa_LookupNamesLevel level,
1046                 [in,out] uint32 *count,
1047                 [in]         uint32 unknown1,
1048                 [in]         uint32 unknown2
1049                 );
1050
1051         /* Function 0x4e */
1052         NTSTATUS lsa_LSAROPENPOLICYSCE();
1053
1054         /* Function 0x4f */
1055         NTSTATUS lsa_LSARADTREGISTERSECURITYEVENTSOURCE();
1056
1057         /* Function 0x50 */
1058         NTSTATUS lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE();
1059
1060         /* Function 0x51 */
1061         NTSTATUS lsa_LSARADTREPORTSECURITYEVENT();
1062
1063 }