git.samba.org / kai / samba-autobuild / .git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
drsuapi.idl: add DN/fpo-enabled attributes as DRSUAPI_ATTID_* values
[kai/samba-autobuild/.git] / librpc / idl / lsa.idl
diff --git a/librpc/idl/lsa.idl b/librpc/idl/lsa.idl
index db5ca3172044ad76ad30c0dc3d8f2b02f9cd7b48..ea8a426fa01d349fcb6dca4ae9a629c4c9abfa3a 100644 (file)
--- a/librpc/idl/lsa.idl
+++ b/librpc/idl/lsa.idl
@@ -8,7 +8,8 @@ import "misc.idl", "security.idl";
 
 [ uuid("12345778-1234-abcd-ef00-0123456789ab"),
   version(0.0),
-  endpoint("ncacn_np:[\\pipe\\lsarpc]","ncacn_np:[\\pipe\\netlogon]","ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:", "ncalrpc:"),
+  endpoint("ncacn_np:[\\pipe\\lsarpc]","ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:", "ncalrpc:"),
+  pyhelper("librpc/ndr/py_lsa.c"),
   pointer_default(unique),
   helpstring("Local Security Authority")
 ] interface lsarpc
@@ -113,14 +114,14 @@ import "misc.idl", "security.idl";
        /******************/
        /* Function: 0x06 */
        typedef struct {
-               uint32  len; /* ignored */
+               uint3264  len; /* ignored */
                uint16  impersonation_level;
                uint8   context_mode;
                uint8   effective_only;
        } lsa_QosInfo;
 
        typedef struct {
-               uint32 len; /* ignored */
+               uint3264 len; /* ignored */
                uint8 *root_dir;
                [string,charset(UTF16)] uint16 *object_name;
                uint32 attributes;
@@ -140,9 +141,138 @@ import "misc.idl", "security.idl";
                LSA_POLICY_SET_AUDIT_REQUIREMENTS       = 0x00000100,
                LSA_POLICY_AUDIT_LOG_ADMIN              = 0x00000200,
                LSA_POLICY_SERVER_ADMIN                 = 0x00000400,
-               LSA_POLICY_LOOKUP_NAMES                 = 0x00000800
+               LSA_POLICY_LOOKUP_NAMES                 = 0x00000800,
+               LSA_POLICY_NOTIFICATION                 = 0x00001000
        } lsa_PolicyAccessMask;
 
+       const int LSA_POLICY_ALL_ACCESS =
+               (STANDARD_RIGHTS_REQUIRED_ACCESS        |
+               LSA_POLICY_VIEW_LOCAL_INFORMATION       |
+               LSA_POLICY_VIEW_AUDIT_INFORMATION       |
+               LSA_POLICY_GET_PRIVATE_INFORMATION      |
+               LSA_POLICY_TRUST_ADMIN                  |
+               LSA_POLICY_CREATE_ACCOUNT               |
+               LSA_POLICY_CREATE_SECRET                |
+               LSA_POLICY_CREATE_PRIVILEGE             |
+               LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS     |
+               LSA_POLICY_SET_AUDIT_REQUIREMENTS       |
+               LSA_POLICY_AUDIT_LOG_ADMIN              |
+               LSA_POLICY_SERVER_ADMIN                 |
+               LSA_POLICY_LOOKUP_NAMES                 |
+               LSA_POLICY_NOTIFICATION);
+
+       const int LSA_POLICY_READ =
+               (STANDARD_RIGHTS_READ_ACCESS            |
+               LSA_POLICY_VIEW_LOCAL_INFORMATION       |
+               LSA_POLICY_VIEW_AUDIT_INFORMATION       |
+               LSA_POLICY_GET_PRIVATE_INFORMATION);
+
+       const int LSA_POLICY_WRITE =
+               (STANDARD_RIGHTS_READ_ACCESS            |
+               LSA_POLICY_TRUST_ADMIN                  |
+               LSA_POLICY_CREATE_ACCOUNT               |
+               LSA_POLICY_CREATE_SECRET                |
+               LSA_POLICY_CREATE_PRIVILEGE             |
+               LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS     |
+               LSA_POLICY_SET_AUDIT_REQUIREMENTS       |
+               LSA_POLICY_AUDIT_LOG_ADMIN              |
+               LSA_POLICY_SERVER_ADMIN);
+
+       const int LSA_POLICY_EXECUTE =
+               (STANDARD_RIGHTS_EXECUTE_ACCESS         |
+               LSA_POLICY_VIEW_LOCAL_INFORMATION       |
+               LSA_POLICY_LOOKUP_NAMES);
+
+       typedef [public,bitmap32bit] bitmap {
+               LSA_ACCOUNT_VIEW                        = 0x00000001,
+               LSA_ACCOUNT_ADJUST_PRIVILEGES           = 0x00000002,
+               LSA_ACCOUNT_ADJUST_QUOTAS               = 0x00000004,
+               LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS        = 0x00000008
+       } lsa_AccountAccessMask;
+
+       const int LSA_ACCOUNT_ALL_ACCESS =
+               (STANDARD_RIGHTS_REQUIRED_ACCESS        |
+               LSA_ACCOUNT_VIEW                        |
+               LSA_ACCOUNT_ADJUST_PRIVILEGES           |
+               LSA_ACCOUNT_ADJUST_QUOTAS               |
+               LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS);
+
+       const int LSA_ACCOUNT_READ =
+               (STANDARD_RIGHTS_READ_ACCESS            |
+               LSA_ACCOUNT_VIEW);
+
+       const int LSA_ACCOUNT_WRITE =
+               (STANDARD_RIGHTS_READ_ACCESS            |
+               LSA_ACCOUNT_ADJUST_PRIVILEGES           |
+               LSA_ACCOUNT_ADJUST_QUOTAS               |
+               LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS);
+
+       const int LSA_ACCOUNT_EXECUTE =
+               (STANDARD_RIGHTS_EXECUTE_ACCESS);
+
+       typedef [public,bitmap32bit] bitmap {
+               LSA_SECRET_SET_VALUE                    = 0x00000001,
+               LSA_SECRET_QUERY_VALUE                  = 0x00000002
+       } lsa_SecretAccessMask;
+
+       const int LSA_SECRET_ALL_ACCESS =
+               (LSA_SECRET_QUERY_VALUE |
+                LSA_SECRET_SET_VALUE |
+                SEC_STD_DELETE |
+                STANDARD_RIGHTS_READ_ACCESS |
+                SEC_STD_WRITE_DAC |
+                SEC_STD_WRITE_OWNER); /* 0x000F0003 */
+
+       const int LSA_SECRET_READ =
+               (LSA_SECRET_QUERY_VALUE |
+               STANDARD_RIGHTS_READ_ACCESS); /* 0x00020002 */
+
+       const int LSA_SECRET_WRITE =
+               (LSA_SECRET_SET_VALUE |
+               STANDARD_RIGHTS_READ_ACCESS); /* 0x00020001 */
+
+       const int LSA_SECRET_EXECUTE =
+               (STANDARD_RIGHTS_READ_ACCESS); /* 0x00020000 */
+
+       typedef [public,bitmap32bit] bitmap {
+               LSA_TRUSTED_QUERY_DOMAIN_NAME           = 0x00000001,
+               LSA_TRUSTED_QUERY_CONTROLLERS           = 0x00000002,
+               LSA_TRUSTED_SET_CONTROLLERS             = 0x00000004,
+               LSA_TRUSTED_QUERY_POSIX                 = 0x00000008,
+               LSA_TRUSTED_SET_POSIX                   = 0x00000010,
+               LSA_TRUSTED_SET_AUTH                    = 0x00000020,
+               LSA_TRUSTED_QUERY_AUTH                  = 0x00000040
+       } lsa_TrustedAccessMask;
+
+       const int LSA_TRUSTED_DOMAIN_ALL_ACCESS =
+               (LSA_TRUSTED_QUERY_DOMAIN_NAME |
+                LSA_TRUSTED_QUERY_CONTROLLERS |
+                LSA_TRUSTED_SET_CONTROLLERS |
+                LSA_TRUSTED_QUERY_POSIX |
+                LSA_TRUSTED_SET_POSIX |
+                LSA_TRUSTED_SET_AUTH |
+                LSA_TRUSTED_QUERY_AUTH |
+                SEC_STD_DELETE |
+                STANDARD_RIGHTS_READ_ACCESS |
+                SEC_STD_WRITE_DAC |
+                SEC_STD_WRITE_OWNER); /* 0x000F007F */
+
+       const int LSA_TRUSTED_DOMAIN_READ =
+               (LSA_TRUSTED_QUERY_DOMAIN_NAME |
+                STANDARD_RIGHTS_READ_ACCESS); /* 0x00020001 */
+
+       const int LSA_TRUSTED_DOMAIN_WRITE =
+               (LSA_TRUSTED_SET_CONTROLLERS |
+                LSA_TRUSTED_SET_POSIX |
+                LSA_TRUSTED_SET_AUTH |
+                STANDARD_RIGHTS_READ_ACCESS); /* 0x00020034 */
+
+       const int LSA_TRUSTED_DOMAIN_EXECUTE =
+               (LSA_TRUSTED_QUERY_DOMAIN_NAME |
+                LSA_TRUSTED_QUERY_POSIX |
+                STANDARD_RIGHTS_READ_ACCESS); /* 0x0002000C */
+
+
        /* notice the screwup with the system_name - thats why MS created
           OpenPolicy2 */
        [public] NTSTATUS lsa_OpenPolicy (
@@ -238,7 +368,7 @@ import "misc.idl", "security.idl";
                uint8 log_is_full;
        } lsa_AuditFullQueryInfo;
 
-       typedef struct {
+       typedef [public] struct {
                /* it's important that we use the lsa_StringLarge here,
                 * because otherwise windows clients result with such dns hostnames
                 * e.g. w2k3-client.samba4.samba.orgsamba4.samba.org
@@ -309,7 +439,7 @@ import "misc.idl", "security.idl";
        [public] NTSTATUS lsa_CreateAccount (
                [in]    policy_handle *handle,
                [in,ref] dom_sid2 *sid,
-               [in]    uint32 access_mask,
+               [in]    lsa_AccountAccessMask access_mask,
                [out]   policy_handle *acct_handle
                );
 
@@ -323,7 +453,7 @@ import "misc.idl", "security.idl";
        } lsa_SidPtr;
 
        typedef [public] struct {
-               [range(0,1000)] uint32 num_sids;
+               [range(0,20480)] uint32 num_sids;
                [size_is(num_sids)] lsa_SidPtr *sids;
        } lsa_SidArray;
 
@@ -340,7 +470,7 @@ import "misc.idl", "security.idl";
        [public] NTSTATUS lsa_CreateTrustedDomain(
                [in]         policy_handle *policy_handle,
                [in]         lsa_DomainInfo *info,
-               [in]         uint32 access_mask,
+               [in]         lsa_TrustedAccessMask access_mask,
                [out]        policy_handle *trustdom_handle
                );
 
@@ -376,7 +506,8 @@ import "misc.idl", "security.idl";
                SID_NAME_DELETED  = 6, /* deleted account: needed for c2 rating */
                SID_NAME_INVALID  = 7, /* invalid account */
                SID_NAME_UNKNOWN  = 8, /* oops. */
-               SID_NAME_COMPUTER = 9  /* machine */
+               SID_NAME_COMPUTER = 9, /* machine */
+               SID_NAME_LABEL    = 10 /* Mandatory Label */
        } lsa_SidType;
 
        typedef struct {
@@ -391,7 +522,7 @@ import "misc.idl", "security.idl";
        } lsa_TransSidArray;
 
        const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32;
-       typedef struct {
+       typedef [public] struct {
                [range(0,1000)] uint32 count;
                [size_is(count)] lsa_DomainInfo *domains;
                uint32 max_size;
@@ -405,7 +536,7 @@ import "misc.idl", "security.idl";
         * Level 6: Like 4
         */
 
-       typedef enum {
+       typedef [public] enum {
                LSA_LOOKUP_NAMES_ALL = 1,
                LSA_LOOKUP_NAMES_DOMAINS_ONLY = 2,
                LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3,
@@ -435,8 +566,8 @@ import "misc.idl", "security.idl";
                uint32 sid_index;
        } lsa_TranslatedName;
 
-       typedef struct {
-               [range(0,1000)] uint32 count;
+       typedef [public] struct {
+               [range(0,20480)] uint32 count;
                [size_is(count)] lsa_TranslatedName *names;
        } lsa_TransNameArray;
 
@@ -445,7 +576,7 @@ import "misc.idl", "security.idl";
                [in,ref]     lsa_SidArray *sids,
                [out,ref]    lsa_RefDomainList **domains,
                [in,out,ref] lsa_TransNameArray *names,
-               [in]         uint16 level,
+               [in]         lsa_LookupNamesLevel level,
                [in,out,ref] uint32 *count
                );
 
@@ -454,7 +585,7 @@ import "misc.idl", "security.idl";
        [public] NTSTATUS lsa_CreateSecret(
                [in]         policy_handle *handle,
                [in]         lsa_String       name,
-               [in]         uint32         access_mask,
+               [in]         lsa_SecretAccessMask access_mask,
                [out]        policy_handle *sec_handle
                );
 
@@ -464,7 +595,7 @@ import "misc.idl", "security.idl";
        NTSTATUS lsa_OpenAccount(
                [in]         policy_handle *handle,
                [in,ref]     dom_sid2 *sid,
-               [in]         uint32 access_mask,
+               [in]         lsa_AccountAccessMask access_mask,
                [out]        policy_handle *acct_handle
                );
 
@@ -511,45 +642,29 @@ import "misc.idl", "security.idl";
        /* Function:           0x16 */
        [todo] NTSTATUS lsa_SetQuotasForAccount();
 
-       typedef [bitmap32bit] bitmap {
-               LSA_POLICY_MODE_INTERACTIVE             = 0x00000001,
-               LSA_POLICY_MODE_NETWORK                 = 0x00000002,
-               LSA_POLICY_MODE_BATCH                   = 0x00000004,
-               LSA_POLICY_MODE_SERVICE                 = 0x00000010,
-               LSA_POLICY_MODE_PROXY                   = 0x00000020,
-               LSA_POLICY_MODE_DENY_INTERACTIVE        = 0x00000040,
-               LSA_POLICY_MODE_DENY_NETWORK            = 0x00000080,
-               LSA_POLICY_MODE_DENY_BATCH              = 0x00000100,
-               LSA_POLICY_MODE_DENY_SERVICE            = 0x00000200,
-               LSA_POLICY_MODE_REMOTE_INTERACTIVE      = 0x00000400,
-               LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE = 0x00000800,
-               LSA_POLICY_MODE_ALL                     = 0x00000FF7,
-               LSA_POLICY_MODE_ALL_NT4                 = 0x00000037
-       } lsa_SystemAccessModeFlags;
-
        /* Function:    0x17 */
        NTSTATUS lsa_GetSystemAccessAccount(
                [in]      policy_handle *handle,
-               [out,ref] uint32 *access_mask
+               [out,ref] lsa_AccountAccessMask *access_mask
                );
 
        /* Function:    0x18 */
        NTSTATUS lsa_SetSystemAccessAccount(
                [in] policy_handle *handle,
-               [in] uint32 access_mask
+               [in] lsa_AccountAccessMask access_mask
                );
 
        /* Function:        0x19 */
        NTSTATUS lsa_OpenTrustedDomain(
                [in]     policy_handle *handle,
                [in]     dom_sid2      *sid,
-               [in]     uint32         access_mask,
+               [in]     lsa_TrustedAccessMask access_mask,
                [out]    policy_handle *trustdom_handle
                );
 
        typedef [flag(NDR_PAHEX)] struct {
-               uint32 length;
-               uint32 size;
+               uint3264 length;
+               uint3264 size;
                [size_is(size),length_is(length)] uint8 *data;
        } lsa_DATA_BUF;
 
@@ -571,7 +686,7 @@ import "misc.idl", "security.idl";
                LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL    = 10,
                LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL     = 11,
                LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL  = 12,
-               LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES = 13
+               LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES = 13
        } lsa_TrustDomInfoEnum;
 
        typedef [public,bitmap32bit] bitmap {
@@ -579,10 +694,11 @@ import "misc.idl", "security.idl";
                LSA_TRUST_DIRECTION_OUTBOUND = 0x00000002
        } lsa_TrustDirection;
 
-       typedef [v1_enum] enum {
+       typedef [public,v1_enum] enum {
                LSA_TRUST_TYPE_DOWNLEVEL  = 0x00000001,
                LSA_TRUST_TYPE_UPLEVEL    = 0x00000002,
-               LSA_TRUST_TYPE_MIT        = 0x00000003
+               LSA_TRUST_TYPE_MIT        = 0x00000003,
+               LSA_TRUST_TYPE_DCE        = 0x00000004
        } lsa_TrustType;
 
        typedef [public,bitmap32bit] bitmap {
@@ -620,7 +736,7 @@ import "misc.idl", "security.idl";
                dom_sid2      *sid;
        } lsa_TrustDomainInfoBasic;
 
-       typedef struct {
+       typedef [public] struct {
                lsa_StringLarge     domain_name;
                lsa_StringLarge     netbios_name;
                dom_sid2           *sid;
@@ -642,7 +758,7 @@ import "misc.idl", "security.idl";
                lsa_DATA_BUF2  data;
        } lsa_TrustDomainInfoBuffer;
 
-       typedef struct {
+       typedef [public] struct {
                uint32 incoming_count;
                lsa_TrustDomainInfoBuffer *incoming_current_auth_info;
                lsa_TrustDomainInfoBuffer *incoming_previous_auth_info;
@@ -708,7 +824,7 @@ import "misc.idl", "security.idl";
                        lsa_TrustDomainInfoInfoEx2Internal   info_ex2_internal;
                [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL)]
                        lsa_TrustDomainInfoFullInfo2Internal     full_info2_internal;
-               [case(LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES)]
+               [case(LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES)]
                        lsa_TrustDomainInfoSupportedEncTypes enc_types;
        } lsa_TrustedDomainInfo;
 
@@ -730,7 +846,7 @@ import "misc.idl", "security.idl";
        [public] NTSTATUS lsa_OpenSecret(
                [in]     policy_handle    *handle,
                [in]         lsa_String        name,
-               [in]         uint32            access_mask,
+               [in]     lsa_SecretAccessMask access_mask,
                [out]    policy_handle    *sec_handle
                );
 
@@ -855,10 +971,18 @@ import "misc.idl", "security.idl";
        );
 
        /* Function:       0x2a */
-       [todo] NTSTATUS lsa_StorePrivateData();
-       /* Function:        0x2b */
-       [todo] NTSTATUS lsa_RetrievePrivateData();
+       NTSTATUS lsa_StorePrivateData(
+               [in]            policy_handle   *handle,
+               [in,ref]        lsa_String      *name,
+               [in,unique]     lsa_DATA_BUF    *val
+       );
 
+       /* Function:        0x2b */
+       NTSTATUS lsa_RetrievePrivateData(
+               [in]            policy_handle   *handle,
+               [in,ref]        lsa_String      *name,
+               [in,out,ref]    lsa_DATA_BUF    **val
+       );
 
        /**********************/
        /* Function:     0x2c */
@@ -904,11 +1028,11 @@ import "misc.idl", "security.idl";
 
        /**********************/
        /* Function 0x31 */
-       NTSTATUS lsa_SetTrustedDomainInfoByName(
+       [public] NTSTATUS lsa_SetTrustedDomainInfoByName(
                [in]                   policy_handle         *handle,
-               [in]                   lsa_String             trusted_domain,
+               [in,ref]               lsa_String             *trusted_domain,
                [in]                   lsa_TrustDomInfoEnum   level,
-               [in,unique,switch_is(level)] lsa_TrustedDomainInfo *info
+               [in,ref,switch_is(level)] lsa_TrustedDomainInfo *info
                );
 
        /* Function 0x32 */
@@ -932,8 +1056,8 @@ import "misc.idl", "security.idl";
        NTSTATUS lsa_CreateTrustedDomainEx(
                [in]  policy_handle               *policy_handle,
                [in]  lsa_TrustDomainInfoInfoEx   *info,
-               [in]  lsa_TrustDomainInfoAuthInfoInternal *auth_info,
-               [in]  uint32 access_mask,
+               [in]  lsa_TrustDomainInfoAuthInfo *auth_info,
+               [in]  lsa_TrustedAccessMask access_mask,
                [out] policy_handle               *trustdom_handle
                );
 
@@ -944,16 +1068,19 @@ import "misc.idl", "security.idl";
        );
 
        /* Function 0x35 */
+       typedef [bitmap32bit] bitmap {
+               LSA_POLICY_KERBEROS_VALIDATE_CLIENT = 0x00000080
+       } lsa_krbAuthenticationOptions;
 
        /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000
-          for unknown6 - gd */
+          for reserved - gd */
        typedef struct {
-               uint32 enforce_restrictions;
+               lsa_krbAuthenticationOptions authentication_options;
                hyper service_tkt_lifetime;
                hyper user_tkt_lifetime;
                hyper user_tkt_renewaltime;
                hyper clock_skew;
-               hyper unknown6;
+               hyper reserved;
        } lsa_DomainInfoKerberos;
 
        typedef struct {
@@ -989,7 +1116,7 @@ import "misc.idl", "security.idl";
        NTSTATUS lsa_OpenTrustedDomainByName(
                [in]     policy_handle *handle,
                [in]         lsa_String     name,
-               [in]         uint32         access_mask,
+               [in]     lsa_TrustedAccessMask access_mask,
                [out]    policy_handle *trustdom_handle
                );
 
@@ -1011,15 +1138,25 @@ import "misc.idl", "security.idl";
                [size_is(count)] lsa_TranslatedName2 *names;
        } lsa_TransNameArray2;
 
+       typedef [v1_enum] enum {
+               LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES         = 0x00000000,
+               LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES_LOCAL   = 0x80000000
+       } lsa_LookupOptions;
+
+       typedef [v1_enum] enum {
+               LSA_CLIENT_REVISION_1   = 0x00000001,
+               LSA_CLIENT_REVISION_2   = 0x00000002
+       } lsa_ClientRevision;
+
        [public] NTSTATUS lsa_LookupSids2(
                [in]     policy_handle *handle,
                [in,ref] lsa_SidArray *sids,
                [out,ref]    lsa_RefDomainList **domains,
                [in,out,ref] lsa_TransNameArray2 *names,
-               [in]         uint16 level,
+               [in]         lsa_LookupNamesLevel level,
                [in,out,ref] uint32 *count,
-               [in]         uint32 unknown1,
-               [in]         uint32 unknown2
+               [in]         lsa_LookupOptions lookup_options,
+               [in]         lsa_ClientRevision client_revision
                );
 
        /**********************/
@@ -1045,16 +1182,16 @@ import "misc.idl", "security.idl";
                [in,out,ref] lsa_TransSidArray2 *sids,
                [in]         lsa_LookupNamesLevel level,
                [in,out,ref] uint32 *count,
-               [in]         uint32 lookup_options,
-               [in]         uint32 client_revision /* LSA_CLIENT_REVISION* */
+               [in]         lsa_LookupOptions lookup_options,
+               [in]         lsa_ClientRevision client_revision
                );
 
        /* Function 0x3b */
        NTSTATUS lsa_CreateTrustedDomainEx2(
                [in]  policy_handle               *policy_handle,
                [in]  lsa_TrustDomainInfoInfoEx   *info,
-               [in]  lsa_TrustDomainInfoAuthInfoInternal *auth_info,
-               [in]  uint32                       access_mask,
+               [in]  lsa_TrustDomainInfoAuthInfoInternal *auth_info_internal,
+               [in]  lsa_TrustedAccessMask access_mask,
                [out] policy_handle               *trustdom_handle
                );
 
@@ -1104,8 +1241,8 @@ import "misc.idl", "security.idl";
                [in,out,ref] lsa_TransSidArray3 *sids,
                [in]         lsa_LookupNamesLevel level,
                [in,out,ref] uint32 *count,
-               [in]         uint32 lookup_options,
-               [in]         uint32 client_revision /* LSA_CLIENT_REVISION* */
+               [in]         lsa_LookupOptions lookup_options,
+               [in]         lsa_ClientRevision client_revision
                );
 
        /* Function 0x45 */
@@ -1121,8 +1258,39 @@ import "misc.idl", "security.idl";
        [todo] NTSTATUS lsa_LSARUNREGISTERAUDITEVENT();
 
        /* Function 0x49 */
+       typedef [bitmap32bit,public] bitmap {
+               /* these apply to LSA_FOREST_TRUST_TOP_LEVEL_NAME */
+               LSA_TLN_DISABLED_NEW            = 0x00000001,
+               LSA_TLN_DISABLED_ADMIN          = 0x00000002,
+               LSA_TLN_DISABLED_CONFLICT       = 0x00000004,
+
+               /* these apply to LSA_FOREST_TRUST_DOMAIN_INFO */
+               LSA_SID_DISABLED_ADMIN          = 0x00000001,
+               LSA_SID_DISABLED_CONFLICT       = 0x00000002,
+               LSA_NB_DISABLED_ADMIN           = 0x00000004,
+               LSA_NB_DISABLED_CONFLICT        = 0x00000008
+       } lsa_ForestTrustRecordFlags;
+
+       const uint32 LSA_TLN_DISABLED_MASK = (
+                                       LSA_TLN_DISABLED_NEW |
+                                       LSA_TLN_DISABLED_ADMIN |
+                                       LSA_TLN_DISABLED_CONFLICT);
+       const uint32 LSA_SID_DISABLED_MASK = (
+                                       LSA_SID_DISABLED_ADMIN |
+                                       LSA_SID_DISABLED_CONFLICT);
+       const uint32 LSA_NB_DISABLED_MASK = (
+                                       LSA_NB_DISABLED_ADMIN |
+                                       LSA_NB_DISABLED_CONFLICT);
+
+       typedef enum {
+               LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0,
+               LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
+               LSA_FOREST_TRUST_DOMAIN_INFO = 2,
+               LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3
+       } lsa_ForestTrustRecordType;
+
        typedef struct {
-               [range(0,131072)] uint32 length;
+               [range(0,131072)] uint3264 length;
                [size_is(length)] uint8 *data;
        } lsa_ForestTrustBinaryData;
 
@@ -1132,25 +1300,18 @@ import "misc.idl", "security.idl";
                lsa_StringLarge netbios_domain_name;
        } lsa_ForestTrustDomainInfo;
 
-       typedef [switch_type(uint32)] union {
-               [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_String top_level_name;
+       typedef [switch_type(lsa_ForestTrustRecordType)] union {
+               [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_StringLarge top_level_name;
                [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex;
                [case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info;
                [default] lsa_ForestTrustBinaryData data;
        } lsa_ForestTrustData;
 
-       typedef [v1_enum] enum {
-               LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0,
-               LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
-               LSA_FOREST_TRUST_DOMAIN_INFO = 2,
-               LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3
-       } lsa_ForestTrustRecordType;
-
        typedef struct {
-               uint32 flags;
-               lsa_ForestTrustRecordType level;
-               hyper unknown;
-               [switch_is(level)] lsa_ForestTrustData forest_trust_data;
+               lsa_ForestTrustRecordFlags flags;
+               lsa_ForestTrustRecordType type;
+               NTTIME_hyper time;
+               [switch_is(type)] lsa_ForestTrustData forest_trust_data;
        } lsa_ForestTrustRecord;
 
        typedef [public] struct {
@@ -1158,15 +1319,42 @@ import "misc.idl", "security.idl";
                [size_is(count)] lsa_ForestTrustRecord **entries;
        } lsa_ForestTrustInformation;
 
-       NTSTATUS lsa_lsaRQueryForestTrustInformation(
+       [public] NTSTATUS lsa_lsaRQueryForestTrustInformation(
                [in] policy_handle *handle,
                [in,ref] lsa_String *trusted_domain_name,
-               [in] uint16 unknown, /* level ? */
+               [in] lsa_ForestTrustRecordType highest_record_type,
                [out,ref] lsa_ForestTrustInformation **forest_trust_info
                );
 
-       /* Function 0x4a */
-       [todo] NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION();
+       /*****************
+        * Function 0x4a */
+
+       typedef [v1_enum] enum {
+               LSA_FOREST_TRUST_COLLISION_TDO = 0,
+               LSA_FOREST_TRUST_COLLISION_XREF = 1,
+               LSA_FOREST_TRUST_COLLISION_OTHER = 2
+       } lsa_ForestTrustCollisionRecordType;
+
+       typedef [public] struct {
+               uint32 index;
+               lsa_ForestTrustCollisionRecordType type;
+               lsa_ForestTrustRecordFlags flags;
+               lsa_String name;
+       } lsa_ForestTrustCollisionRecord;
+
+       typedef [public] struct {
+               uint32 count;
+               [size_is(count)] lsa_ForestTrustCollisionRecord **entries;
+       } lsa_ForestTrustCollisionInfo;
+
+       [public] NTSTATUS lsa_lsaRSetForestTrustInformation(
+               [in]      policy_handle *handle,
+               [in,ref]  lsa_StringLarge *trusted_domain_name,
+               [in]      lsa_ForestTrustRecordType highest_record_type,
+               [in,ref]  lsa_ForestTrustInformation *forest_trust_info,
+               [in]      boolean8 check_only,
+               [out,ref] lsa_ForestTrustCollisionInfo **collision_info
+               );
 
        /* Function 0x4b */
        [todo] NTSTATUS lsa_CREDRRENAME();
@@ -1178,10 +1366,10 @@ import "misc.idl", "security.idl";
                [in,ref]     lsa_SidArray *sids,
                [out,ref]    lsa_RefDomainList **domains,
                [in,out,ref] lsa_TransNameArray2 *names,
-               [in]         uint16 level,
+               [in]         lsa_LookupNamesLevel level,
                [in,out,ref] uint32 *count,
-               [in]         uint32 unknown1,
-               [in]         uint32 unknown2
+               [in]         lsa_LookupOptions lookup_options,
+               [in]         lsa_ClientRevision client_revision
                );
 
        const int LSA_CLIENT_REVISION_NO_DNS     = 0x00000001;
@@ -1197,8 +1385,8 @@ import "misc.idl", "security.idl";
                [in,out,ref] lsa_TransSidArray3 *sids,
                [in]         lsa_LookupNamesLevel level,
                [in,out,ref] uint32 *count,
-               [in]         uint32 lookup_options,
-               [in]         uint32 client_revision /* LSA_CLIENT_REVISION* */
+               [in]         lsa_LookupOptions lookup_options,
+               [in]         lsa_ClientRevision client_revision
                );
 
        /* Function 0x4e */
Unnamed repository; edit this file 'description' to name the repository.