lsa interface definition
*/
-import "security.idl";
+import "misc.idl", "security.idl";
[ uuid("12345778-1234-abcd-ef00-0123456789ab"),
version(0.0),
typedef [public] struct {
[value(2*strlen_m(string))] uint16 length;
- [value(2*(strlen_m(string)+1))] uint16 size;
+ [value(2*strlen_m_term(string))] uint16 size;
[charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
} lsa_StringLarge;
typedef [public] struct {
[value(strlen_m(string))] uint16 length;
[value(strlen_m(string))] uint16 size;
- ascstr_noterm *string;
+ [charset(DOS),size_is(size),length_is(length)] uint8 *string;
} lsa_AsciiString;
+ typedef [public] struct {
+ [value(strlen_m(string))] uint16 length;
+ [value(strlen_m_term(string))] uint16 size;
+ [charset(DOS),size_is(size),length_is(length)] uint8 *string;
+ } lsa_AsciiStringLarge;
+
+ typedef [public] struct {
+ uint16 length;
+ uint16 size;
+ [size_is(size/2),length_is(length/2)] uint16 *array;
+ } lsa_BinaryString;
+
/******************/
/* Function: 0x00 */
NTSTATUS lsa_Close (
[public] NTSTATUS lsa_EnumPrivs (
[in] policy_handle *handle,
- [in,out] uint32 *resume_handle,
- [in] uint32 max_count,
- [out] lsa_PrivArray *privs
+ [in,out,ref] uint32 *resume_handle,
+ [out,ref] lsa_PrivArray *privs,
+ [in] uint32 max_count
);
/******************/
/******************/
/* Function: 0x05 */
- NTSTATUS lsa_ChangePassword ();
+ [todo] NTSTATUS lsa_ChangePassword ();
/******************/
lsa_QosInfo *sec_qos;
} lsa_ObjectAttribute;
+ typedef [public,bitmap32bit] bitmap {
+ LSA_POLICY_VIEW_LOCAL_INFORMATION = 0x00000001,
+ LSA_POLICY_VIEW_AUDIT_INFORMATION = 0x00000002,
+ LSA_POLICY_GET_PRIVATE_INFORMATION = 0x00000004,
+ LSA_POLICY_TRUST_ADMIN = 0x00000008,
+ LSA_POLICY_CREATE_ACCOUNT = 0x00000010,
+ LSA_POLICY_CREATE_SECRET = 0x00000020,
+ LSA_POLICY_CREATE_PRIVILEGE = 0x00000040,
+ LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x00000080,
+ LSA_POLICY_SET_AUDIT_REQUIREMENTS = 0x00000100,
+ LSA_POLICY_AUDIT_LOG_ADMIN = 0x00000200,
+ LSA_POLICY_SERVER_ADMIN = 0x00000400,
+ LSA_POLICY_LOOKUP_NAMES = 0x00000800
+ } lsa_PolicyAccessMask;
+
/* notice the screwup with the system_name - thats why MS created
OpenPolicy2 */
[public] NTSTATUS lsa_OpenPolicy (
[in,unique] uint16 *system_name,
[in] lsa_ObjectAttribute *attr,
- [in] uint32 access_mask,
+ [in] lsa_PolicyAccessMask access_mask,
[out] policy_handle *handle
);
/******************/
/* Function: 0x09 */
- NTSTATUS lsa_ClearAuditLog ();
+ [todo] NTSTATUS lsa_ClearAuditLog ();
/******************/
/* Function: 0x0a */
[public] NTSTATUS lsa_CreateAccount (
[in] policy_handle *handle,
- [in] dom_sid2 *sid,
+ [in,ref] dom_sid2 *sid,
[in] uint32 access_mask,
[out] policy_handle *acct_handle
);
[public] NTSTATUS lsa_EnumAccounts (
[in] policy_handle *handle,
- [in,out] uint32 *resume_handle,
- [in,range(0,8192)] uint32 num_entries,
- [out] lsa_SidArray *sids
+ [in,out,ref] uint32 *resume_handle,
+ [out,ref] lsa_SidArray *sids,
+ [in,range(0,8192)] uint32 num_entries
);
NTSTATUS lsa_EnumTrustDom (
[in] policy_handle *handle,
- [in,out] uint32 *resume_handle,
- [in] uint32 max_size,
- [out] lsa_DomainList *domains
+ [in,out,ref] uint32 *resume_handle,
+ [out,ref] lsa_DomainList *domains,
+ [in] uint32 max_size
);
} lsa_TransSidArray;
const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32;
+ const int MAX_REF_DOMAINS = LSA_REF_DOMAIN_LIST_MULTIPLIER;
+
typedef struct {
[range(0,1000)] uint32 count;
[size_is(count)] lsa_DomainInfo *domains;
[in] policy_handle *handle,
[in,range(0,1000)] uint32 num_names,
[in,size_is(num_names)] lsa_String names[],
- [out,unique] lsa_RefDomainList *domains,
- [in,out] lsa_TransSidArray *sids,
+ [out,ref] lsa_RefDomainList **domains,
+ [in,out,ref] lsa_TransSidArray *sids,
[in] lsa_LookupNamesLevel level,
- [in,out] uint32 *count
+ [in,out,ref] uint32 *count
);
[size_is(count)] lsa_TranslatedName *names;
} lsa_TransNameArray;
+ /* This number is based on Win2k and later maximum response allowed */
+ const int MAX_LOOKUP_SIDS = 0x5000; /* 20480 */
+
[public] NTSTATUS lsa_LookupSids (
[in] policy_handle *handle,
- [in] lsa_SidArray *sids,
- [out,unique] lsa_RefDomainList *domains,
- [in,out] lsa_TransNameArray *names,
+ [in,ref] lsa_SidArray *sids,
+ [out,ref] lsa_RefDomainList **domains,
+ [in,out,ref] lsa_TransNameArray *names,
[in] uint16 level,
- [in,out] uint32 *count
+ [in,out,ref] uint32 *count
);
/*****************************************/
/* Function: 0x11 */
- NTSTATUS lsa_OpenAccount (
+ NTSTATUS lsa_OpenAccount(
[in] policy_handle *handle,
- [in] dom_sid2 *sid,
+ [in,ref] dom_sid2 *sid,
[in] uint32 access_mask,
[out] policy_handle *acct_handle
);
NTSTATUS lsa_EnumPrivsAccount (
[in] policy_handle *handle,
- [out,unique] lsa_PrivilegeSet *privs
+ [out,ref] lsa_PrivilegeSet **privs
);
/* Function: 0x13 */
NTSTATUS lsa_AddPrivilegesToAccount(
[in] policy_handle *handle,
- [in] lsa_PrivilegeSet *privs
+ [in,ref] lsa_PrivilegeSet *privs
);
);
/* Function: 0x15 */
- NTSTATUS lsa_GetQuotasForAccount();
+ [todo] NTSTATUS lsa_GetQuotasForAccount();
/* Function: 0x16 */
- NTSTATUS lsa_SetQuotasForAccount();
+ [todo] NTSTATUS lsa_SetQuotasForAccount();
/* Function: 0x17 */
- NTSTATUS lsa_GetSystemAccessAccount();
+ NTSTATUS lsa_GetSystemAccessAccount(
+ [in] policy_handle *handle,
+ [out,ref] uint32 *access_mask
+ );
+
/* Function: 0x18 */
- NTSTATUS lsa_SetSystemAccessAccount();
+ NTSTATUS lsa_SetSystemAccessAccount(
+ [in] policy_handle *handle,
+ [in] uint32 access_mask
+ );
/* Function: 0x19 */
NTSTATUS lsa_OpenTrustedDomain(
/* Function: 0x1a */
NTSTATUS lsa_QueryTrustedDomainInfo(
[in] policy_handle *trustdom_handle,
- [in] lsa_TrustDomInfoEnum level,
- [out,switch_is(level),unique] lsa_TrustedDomainInfo *info
+ [in] lsa_TrustDomInfoEnum level,
+ [out,switch_is(level),ref] lsa_TrustedDomainInfo **info
);
/* Function: 0x1b */
/* Function: 0x1f */
NTSTATUS lsa_LookupPrivValue(
[in] policy_handle *handle,
- [in] lsa_String *name,
- [out] lsa_LUID *luid
+ [in,ref] lsa_String *name,
+ [out,ref] lsa_LUID *luid
);
/* Function: 0x20 */
NTSTATUS lsa_LookupPrivName (
[in] policy_handle *handle,
- [in] lsa_LUID *luid,
- [out,unique] lsa_StringLarge *name
+ [in,ref] lsa_LUID *luid,
+ [out,ref] lsa_StringLarge **name
);
/*******************/
/* Function: 0x21 */
NTSTATUS lsa_LookupPrivDisplayName (
- [in] policy_handle *handle,
- [in] lsa_String *name,
- [out,unique] lsa_StringLarge *disp_name,
+ [in] policy_handle *handle,
+ [in,ref] lsa_String *name,
+ [in] uint16 language_id,
+ [in] uint16 language_id_sys,
+ [out,ref] lsa_StringLarge **disp_name,
/* see http://www.microsoft.com/globaldev/nlsweb/ for
language definitions */
- [in,out] uint16 *language_id,
- [in] uint16 unknown
+ [out,ref] uint16 *returned_language_id
);
/* Function: 0x22 */
- NTSTATUS lsa_DeleteObject(
- [in,out] policy_handle **handle
+ NTSTATUS lsa_DeleteObject (
+ [in,out] policy_handle *handle
);
+
/*******************/
/* Function: 0x23 */
NTSTATUS lsa_EnumAccountsWithUserRight (
} lsa_RightAttribute;
typedef struct {
- uint32 count;
+ [range(0,256)] uint32 count;
[size_is(count)] lsa_StringLarge *names;
} lsa_RightSet;
NTSTATUS lsa_EnumAccountRights (
[in] policy_handle *handle,
- [in] dom_sid2 *sid,
- [out] lsa_RightSet *rights
+ [in,ref] dom_sid2 *sid,
+ [out,ref] lsa_RightSet *rights
);
/* Function: 0x25 */
NTSTATUS lsa_AddAccountRights (
[in] policy_handle *handle,
- [in] dom_sid2 *sid,
- [in] lsa_RightSet *rights
+ [in,ref] dom_sid2 *sid,
+ [in,ref] lsa_RightSet *rights
);
/**********************/
/* Function: 0x26 */
NTSTATUS lsa_RemoveAccountRights (
[in] policy_handle *handle,
- [in] dom_sid2 *sid,
- [in] uint32 unknown,
- [in] lsa_RightSet *rights
+ [in,ref] dom_sid2 *sid,
+ [in] uint8 remove_all,
+ [in,ref] lsa_RightSet *rights
);
/* Function: 0x27 */
NTSTATUS lsa_QueryTrustedDomainInfoBySid(
[in] policy_handle *handle,
- [in] dom_sid2 *dom_sid,
- [in] lsa_TrustDomInfoEnum level,
- [out,switch_is(level),unique] lsa_TrustedDomainInfo *info
+ [in,ref] dom_sid2 *dom_sid,
+ [in] lsa_TrustDomInfoEnum level,
+ [out,switch_is(level),ref] lsa_TrustedDomainInfo **info
);
/* Function: 0x28 */
);
/* Function: 0x2a */
- NTSTATUS lsa_StorePrivateData();
+ [todo] NTSTATUS lsa_StorePrivateData();
/* Function: 0x2b */
- NTSTATUS lsa_RetrievePrivateData();
+ [todo] NTSTATUS lsa_RetrievePrivateData();
/**********************/
[public] NTSTATUS lsa_OpenPolicy2 (
[in,unique] [string,charset(UTF16)] uint16 *system_name,
[in] lsa_ObjectAttribute *attr,
- [in] uint32 access_mask,
+ [in] lsa_PolicyAccessMask access_mask,
[out] policy_handle *handle
);
/**********************/
/* Function: 0x2d */
- typedef struct {
- lsa_String *string;
- } lsa_StringPointer;
-
NTSTATUS lsa_GetUserName(
[in,unique] [string,charset(UTF16)] uint16 *system_name,
- [in,out,unique] lsa_String *account_name,
- [in,out,unique] lsa_StringPointer *authority_name
+ [in,out,ref] lsa_String **account_name,
+ [in,out,unique] lsa_String **authority_name
);
/**********************/
/**********************/
/* Function 0x30 */
NTSTATUS lsa_QueryTrustedDomainInfoByName(
- [in] policy_handle *handle,
- [in] lsa_String trusted_domain,
- [in] lsa_TrustDomInfoEnum level,
- [out,unique,switch_is(level)] lsa_TrustedDomainInfo *info
+ [in] policy_handle *handle,
+ [in,ref] lsa_String *trusted_domain,
+ [in] lsa_TrustDomInfoEnum level,
+ [out,ref,switch_is(level)] lsa_TrustedDomainInfo **info
);
/**********************/
NTSTATUS lsa_QueryDomainInformationPolicy(
[in] policy_handle *handle,
- [in] uint16 level,
- [out,unique,switch_is(level)] lsa_DomainInformationPolicy *info
+ [in] uint16 level,
+ [out,ref,switch_is(level)] lsa_DomainInformationPolicy **info
);
/* Function 0x36 */
);
/* Function 0x38 */
- NTSTATUS lsa_TestCall();
+ [todo] NTSTATUS lsa_TestCall();
/**********************/
/* Function 0x39 */
[public] NTSTATUS lsa_LookupSids2(
[in] policy_handle *handle,
- [in] lsa_SidArray *sids,
- [out,unique] lsa_RefDomainList *domains,
- [in,out] lsa_TransNameArray2 *names,
+ [in,ref] lsa_SidArray *sids,
+ [out,ref] lsa_RefDomainList **domains,
+ [in,out,ref] lsa_TransNameArray2 *names,
[in] uint16 level,
- [in,out] uint32 *count,
+ [in,out,ref] uint32 *count,
[in] uint32 unknown1,
[in] uint32 unknown2
);
[in] policy_handle *handle,
[in,range(0,1000)] uint32 num_names,
[in,size_is(num_names)] lsa_String names[],
- [out,unique] lsa_RefDomainList *domains,
- [in,out] lsa_TransSidArray2 *sids,
+ [out,ref] lsa_RefDomainList **domains,
+ [in,out,ref] lsa_TransSidArray2 *sids,
[in] lsa_LookupNamesLevel level,
- [in,out] uint32 *count,
+ [in,out,ref] uint32 *count,
[in] uint32 unknown1,
[in] uint32 unknown2
);
NTSTATUS lsa_CreateTrustedDomainEx2();
/* Function 0x3c */
- NTSTATUS lsa_CREDRWRITE();
+ [todo] NTSTATUS lsa_CREDRWRITE();
/* Function 0x3d */
- NTSTATUS lsa_CREDRREAD();
+ [todo] NTSTATUS lsa_CREDRREAD();
/* Function 0x3e */
- NTSTATUS lsa_CREDRENUMERATE();
+ [todo] NTSTATUS lsa_CREDRENUMERATE();
/* Function 0x3f */
- NTSTATUS lsa_CREDRWRITEDOMAINCREDENTIALS();
+ [todo] NTSTATUS lsa_CREDRWRITEDOMAINCREDENTIALS();
/* Function 0x40 */
- NTSTATUS lsa_CREDRREADDOMAINCREDENTIALS();
+ [todo] NTSTATUS lsa_CREDRREADDOMAINCREDENTIALS();
/* Function 0x41 */
- NTSTATUS lsa_CREDRDELETE();
+ [todo] NTSTATUS lsa_CREDRDELETE();
/* Function 0x42 */
- NTSTATUS lsa_CREDRGETTARGETINFO();
+ [todo] NTSTATUS lsa_CREDRGETTARGETINFO();
/* Function 0x43 */
- NTSTATUS lsa_CREDRPROFILELOADED();
+ [todo] NTSTATUS lsa_CREDRPROFILELOADED();
/**********************/
/* Function 0x44 */
[in] policy_handle *handle,
[in,range(0,1000)] uint32 num_names,
[in,size_is(num_names)] lsa_String names[],
- [out,unique] lsa_RefDomainList *domains,
- [in,out] lsa_TransSidArray3 *sids,
+ [out,ref] lsa_RefDomainList **domains,
+ [in,out,ref] lsa_TransSidArray3 *sids,
[in] lsa_LookupNamesLevel level,
- [in,out] uint32 *count,
+ [in,out,ref] uint32 *count,
[in] uint32 unknown1,
[in] uint32 unknown2
);
/* Function 0x45 */
- NTSTATUS lsa_CREDRGETSESSIONTYPES();
+ [todo] NTSTATUS lsa_CREDRGETSESSIONTYPES();
/* Function 0x46 */
- NTSTATUS lsa_LSARREGISTERAUDITEVENT();
+ [todo] NTSTATUS lsa_LSARREGISTERAUDITEVENT();
/* Function 0x47 */
- NTSTATUS lsa_LSARGENAUDITEVENT();
+ [todo] NTSTATUS lsa_LSARGENAUDITEVENT();
/* Function 0x48 */
- NTSTATUS lsa_LSARUNREGISTERAUDITEVENT();
+ [todo] NTSTATUS lsa_LSARUNREGISTERAUDITEVENT();
/* Function 0x49 */
typedef struct {
);
/* Function 0x4a */
- NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION();
+ [todo] NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION();
/* Function 0x4b */
- NTSTATUS lsa_CREDRRENAME();
+ [todo] NTSTATUS lsa_CREDRRENAME();
/*****************/
/* Function 0x4c */
[public] NTSTATUS lsa_LookupSids3(
- [in] lsa_SidArray *sids,
- [out,unique] lsa_RefDomainList *domains,
- [in,out] lsa_TransNameArray2 *names,
+ [in,ref] lsa_SidArray *sids,
+ [out,ref] lsa_RefDomainList **domains,
+ [in,out,ref] lsa_TransNameArray2 *names,
[in] uint16 level,
- [in,out] uint32 *count,
+ [in,out,ref] uint32 *count,
[in] uint32 unknown1,
[in] uint32 unknown2
);
+ const int LSA_CLIENT_REVISION_NO_DNS = 0x00000001;
+ const int LSA_CLIENT_REVISION_DNS = 0x00000002;
+
+ const int LSA_LOOKUP_OPTIONS_NO_ISOLATED = 0x80000000;
+
/* Function 0x4d */
NTSTATUS lsa_LookupNames4(
[in,range(0,1000)] uint32 num_names,
[in,size_is(num_names)] lsa_String names[],
- [out,unique] lsa_RefDomainList *domains,
- [in,out] lsa_TransSidArray3 *sids,
+ [out,ref] lsa_RefDomainList **domains,
+ [in,out,ref] lsa_TransSidArray3 *sids,
[in] lsa_LookupNamesLevel level,
- [in,out] uint32 *count,
+ [in,out,ref] uint32 *count,
[in] uint32 unknown1,
[in] uint32 unknown2
);
/* Function 0x4e */
- NTSTATUS lsa_LSAROPENPOLICYSCE();
+ [todo] NTSTATUS lsa_LSAROPENPOLICYSCE();
/* Function 0x4f */
- NTSTATUS lsa_LSARADTREGISTERSECURITYEVENTSOURCE();
+ [todo] NTSTATUS lsa_LSARADTREGISTERSECURITYEVENTSOURCE();
/* Function 0x50 */
- NTSTATUS lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE();
+ [todo] NTSTATUS lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE();
/* Function 0x51 */
- NTSTATUS lsa_LSARADTREPORTSECURITYEVENT();
+ [todo] NTSTATUS lsa_LSARADTREPORTSECURITYEVENT();
}