[ uuid("12345778-1234-abcd-ef00-0123456789ab"),
version(0.0),
- endpoint("ncacn_np:[\\pipe\\lsarpc]","ncacn_np:[\\pipe\\netlogon]","ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:", "ncalrpc:"),
+ endpoint("ncacn_np:[\\pipe\\lsarpc]","ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:", "ncalrpc:"),
+ pyhelper("librpc/ndr/py_lsa.c"),
pointer_default(unique),
helpstring("Local Security Authority")
] interface lsarpc
LSA_POLICY_SET_AUDIT_REQUIREMENTS |
LSA_POLICY_AUDIT_LOG_ADMIN |
LSA_POLICY_SERVER_ADMIN |
- LSA_POLICY_LOOKUP_NAMES);
+ LSA_POLICY_LOOKUP_NAMES |
+ LSA_POLICY_NOTIFICATION);
const int LSA_POLICY_READ =
(STANDARD_RIGHTS_READ_ACCESS |
uint8 log_is_full;
} lsa_AuditFullQueryInfo;
- typedef struct {
+ typedef [public] struct {
/* it's important that we use the lsa_StringLarge here,
* because otherwise windows clients result with such dns hostnames
* e.g. w2k3-client.samba4.samba.orgsamba4.samba.org
SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating */
SID_NAME_INVALID = 7, /* invalid account */
SID_NAME_UNKNOWN = 8, /* oops. */
- SID_NAME_COMPUTER = 9 /* machine */
+ SID_NAME_COMPUTER = 9, /* machine */
+ SID_NAME_LABEL = 10 /* Mandatory Label */
} lsa_SidType;
typedef struct {
} lsa_TransSidArray;
const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32;
- typedef struct {
+ typedef [public] struct {
[range(0,1000)] uint32 count;
[size_is(count)] lsa_DomainInfo *domains;
uint32 max_size;
* Level 6: Like 4
*/
- typedef enum {
+ typedef [public] enum {
LSA_LOOKUP_NAMES_ALL = 1,
LSA_LOOKUP_NAMES_DOMAINS_ONLY = 2,
LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3,
uint32 sid_index;
} lsa_TranslatedName;
- typedef struct {
+ typedef [public] struct {
[range(0,20480)] uint32 count;
[size_is(count)] lsa_TranslatedName *names;
} lsa_TransNameArray;
LSA_TRUST_DIRECTION_OUTBOUND = 0x00000002
} lsa_TrustDirection;
- typedef [v1_enum] enum {
+ typedef [public,v1_enum] enum {
LSA_TRUST_TYPE_DOWNLEVEL = 0x00000001,
LSA_TRUST_TYPE_UPLEVEL = 0x00000002,
- LSA_TRUST_TYPE_MIT = 0x00000003
+ LSA_TRUST_TYPE_MIT = 0x00000003,
+ LSA_TRUST_TYPE_DCE = 0x00000004
} lsa_TrustType;
typedef [public,bitmap32bit] bitmap {
dom_sid2 *sid;
} lsa_TrustDomainInfoBasic;
- typedef struct {
+ typedef [public] struct {
lsa_StringLarge domain_name;
lsa_StringLarge netbios_name;
dom_sid2 *sid;
NTSTATUS lsa_CreateTrustedDomainEx(
[in] policy_handle *policy_handle,
[in] lsa_TrustDomainInfoInfoEx *info,
- [in] lsa_TrustDomainInfoAuthInfoInternal *auth_info,
- [in] uint32 access_mask,
+ [in] lsa_TrustDomainInfoAuthInfo *auth_info,
+ [in] lsa_TrustedAccessMask access_mask,
[out] policy_handle *trustdom_handle
);
);
/* Function 0x35 */
+ typedef [bitmap32bit] bitmap {
+ LSA_POLICY_KERBEROS_VALIDATE_CLIENT = 0x00000080
+ } lsa_krbAuthenticationOptions;
/* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000
for reserved - gd */
typedef struct {
- uint32 enforce_restrictions;
+ lsa_krbAuthenticationOptions authentication_options;
hyper service_tkt_lifetime;
hyper user_tkt_lifetime;
hyper user_tkt_renewaltime;
NTSTATUS lsa_OpenTrustedDomainByName(
[in] policy_handle *handle,
[in] lsa_String name,
- [in] uint32 access_mask,
+ [in] lsa_TrustedAccessMask access_mask,
[out] policy_handle *trustdom_handle
);
NTSTATUS lsa_CreateTrustedDomainEx2(
[in] policy_handle *policy_handle,
[in] lsa_TrustDomainInfoInfoEx *info,
- [in] lsa_TrustDomainInfoAuthInfoInternal *auth_info,
- [in] uint32 access_mask,
+ [in] lsa_TrustDomainInfoAuthInfoInternal *auth_info_internal,
+ [in] lsa_TrustedAccessMask access_mask,
[out] policy_handle *trustdom_handle
);
[todo] NTSTATUS lsa_LSARUNREGISTERAUDITEVENT();
/* Function 0x49 */
+ typedef [bitmap32bit,public] bitmap {
+ /* these apply to LSA_FOREST_TRUST_TOP_LEVEL_NAME */
+ LSA_TLN_DISABLED_NEW = 0x00000001,
+ LSA_TLN_DISABLED_ADMIN = 0x00000002,
+ LSA_TLN_DISABLED_CONFLICT = 0x00000004,
+
+ /* these apply to LSA_FOREST_TRUST_DOMAIN_INFO */
+ LSA_SID_DISABLED_ADMIN = 0x00000001,
+ LSA_SID_DISABLED_CONFLICT = 0x00000002,
+ LSA_NB_DISABLED_ADMIN = 0x00000004,
+ LSA_NB_DISABLED_CONFLICT = 0x00000008
+ } lsa_ForestTrustRecordFlags;
+
+ const uint32 LSA_TLN_DISABLED_MASK = (
+ LSA_TLN_DISABLED_NEW |
+ LSA_TLN_DISABLED_ADMIN |
+ LSA_TLN_DISABLED_CONFLICT);
+ const uint32 LSA_SID_DISABLED_MASK = (
+ LSA_SID_DISABLED_ADMIN |
+ LSA_SID_DISABLED_CONFLICT);
+ const uint32 LSA_NB_DISABLED_MASK = (
+ LSA_NB_DISABLED_ADMIN |
+ LSA_NB_DISABLED_CONFLICT);
+
+ typedef enum {
+ LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0,
+ LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
+ LSA_FOREST_TRUST_DOMAIN_INFO = 2,
+ LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3
+ } lsa_ForestTrustRecordType;
+
typedef struct {
[range(0,131072)] uint3264 length;
[size_is(length)] uint8 *data;
lsa_StringLarge netbios_domain_name;
} lsa_ForestTrustDomainInfo;
- typedef [switch_type(uint32)] union {
+ typedef [switch_type(lsa_ForestTrustRecordType)] union {
[case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_StringLarge top_level_name;
[case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex;
[case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info;
[default] lsa_ForestTrustBinaryData data;
} lsa_ForestTrustData;
- typedef [v1_enum] enum {
- LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0,
- LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
- LSA_FOREST_TRUST_DOMAIN_INFO = 2,
- LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3
- } lsa_ForestTrustRecordType;
-
typedef struct {
- uint32 flags;
+ lsa_ForestTrustRecordFlags flags;
lsa_ForestTrustRecordType type;
- hyper time;
+ NTTIME_hyper time;
[switch_is(type)] lsa_ForestTrustData forest_trust_data;
} lsa_ForestTrustRecord;
[size_is(count)] lsa_ForestTrustRecord **entries;
} lsa_ForestTrustInformation;
- NTSTATUS lsa_lsaRQueryForestTrustInformation(
+ [public] NTSTATUS lsa_lsaRQueryForestTrustInformation(
[in] policy_handle *handle,
[in,ref] lsa_String *trusted_domain_name,
- [in] uint16 unknown, /* level ? */
+ [in] lsa_ForestTrustRecordType highest_record_type,
[out,ref] lsa_ForestTrustInformation **forest_trust_info
);
LSA_FOREST_TRUST_COLLISION_OTHER = 2
} lsa_ForestTrustCollisionRecordType;
- /* if type is CollisionTdo, flags can be */
- typedef [bitmap32bit] bitmap {
- LSA_TLN_DISABLED_NEW = 0x00000001,
- LSA_TLN_DISABLED_ADMIN = 0x00000002,
- LSA_TLN_DISABLED_CONFLICT = 0x00000004
- } lsa_ForestTrustCollisionTDOFlags;
-
- /* if type is CollisionXref, flags can be */
- typedef [bitmap32bit] bitmap {
- LSA_SID_DISABLED_ADMIN = 0x00000001,
- LSA_SID_DISABLED_CONFLICT = 0x00000002,
- LSA_NB_DISABLED_ADMIN = 0x00000004,
- LSA_NB_DISABLED_CONFLICT = 0x00000008
- } lsa_ForestTrustCollisionXrefFlags;
-
- typedef [nodiscriminant] union {
- [case(LSA_FOREST_TRUST_COLLISION_TDO)] lsa_ForestTrustCollisionTDOFlags flags;
- [case(LSA_FOREST_TRUST_COLLISION_XREF)] lsa_ForestTrustCollisionXrefFlags flags;
- [default] uint32 flags;
- } lsa_ForestTrustCollisionFlags;
-
- typedef struct {
+ typedef [public] struct {
uint32 index;
lsa_ForestTrustCollisionRecordType type;
- [switch_is(type)] lsa_ForestTrustCollisionFlags flags;
+ lsa_ForestTrustRecordFlags flags;
lsa_String name;
} lsa_ForestTrustCollisionRecord;
- typedef struct {
+ typedef [public] struct {
uint32 count;
[size_is(count)] lsa_ForestTrustCollisionRecord **entries;
} lsa_ForestTrustCollisionInfo;
[public] NTSTATUS lsa_lsaRSetForestTrustInformation(
[in] policy_handle *handle,
[in,ref] lsa_StringLarge *trusted_domain_name,
- [in] uint16 highest_record_type,
+ [in] lsa_ForestTrustRecordType highest_record_type,
[in,ref] lsa_ForestTrustInformation *forest_trust_info,
- [in] uint8 check_only,
+ [in] boolean8 check_only,
[out,ref] lsa_ForestTrustCollisionInfo **collision_info
);