X-Git-Url: http://git.samba.org/samba.git/?a=blobdiff_plain;f=source%2Flibrpc%2Fidl%2Flsa.idl;h=465c75778432ebeb5b65ce8a1e5099c70b9dfb91;hb=bb1ed44f45020f1e11d928f5130a889c11ee59c4;hp=66a75935664f34b642f8a0516f5ff8a6de102610;hpb=c759fa0000e37c3e93a7529a7701998af6727612;p=jelmer%2Fsamba4-debian.git diff --git a/source/librpc/idl/lsa.idl b/source/librpc/idl/lsa.idl index 66a759356..465c75778 100644 --- a/source/librpc/idl/lsa.idl +++ b/source/librpc/idl/lsa.idl @@ -6,35 +6,53 @@ [ uuid("12345778-1234-abcd-ef00-0123456789ab"), version(0.0), - endpoint("ncacn_np:[\\pipe\\lsarpc]","ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:"), + endpoint("ncacn_np:[\\pipe\\lsarpc]","ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:", "ncalrpc:"), pointer_default(unique), - helpstring("Local Server Authentication(?)"), + helpstring("Local Security Authority"), depends(security) ] interface lsarpc { + declare bitmap security_secinfo; + + typedef [public,noejs] struct { + [value(2*strlen_m(string))] uint16 length; + [value(2*strlen_m(string))] uint16 size; + [charset(UTF16),size_is(size),length_is(length)] uint8 *string; + } lsa_String; + + typedef [public] struct { + [value(2*strlen_m(string))] uint16 length; + [value(2*(strlen_m(string)+1))] uint16 size; + [flag(STR_SIZE4|STR_LEN4|STR_NOTERM|STR_LARGE_SIZE)] string *string; + } lsa_StringLarge; + + typedef [public] struct { + uint32 count; + [size_is(count)] lsa_String *names; + } lsa_Strings; + + typedef [public] struct { + [value(strlen_m(string))] uint16 length; + [value(strlen_m(string))] uint16 size; + ascstr_noterm *string; + } lsa_AsciiString; + /******************/ /* Function: 0x00 */ NTSTATUS lsa_Close ( - [in,out,ref] policy_handle *handle + [in,out] policy_handle *handle ); /******************/ /* Function: 0x01 */ NTSTATUS lsa_Delete ( - [in,ref] policy_handle *handle + [in] policy_handle *handle ); /******************/ /* Function: 0x02 */ - - typedef struct { - [value(2*strlen_m(r->string))] uint16 length; - [value(r->length)] uint16 size; - unistr_noterm *string; - } lsa_String; - typedef struct { uint32 low; uint32 high; @@ -51,19 +69,19 @@ } lsa_PrivArray; NTSTATUS lsa_EnumPrivs ( - [in,ref] policy_handle *handle, - [in,out,ref] uint32 *resume_handle, + [in] policy_handle *handle, + [in,out] uint32 *resume_handle, [in] uint32 max_count, - [out,ref] lsa_PrivArray *privs + [out] lsa_PrivArray *privs ); /******************/ /* Function: 0x03 */ NTSTATUS lsa_QuerySecurity ( - [in,ref] policy_handle *handle, - [in] uint32 sec_info, - [out] sec_desc_buf *sdbuf + [in] policy_handle *handle, + [in] security_secinfo sec_info, + [out,unique] sec_desc_buf *sdbuf ); @@ -89,7 +107,7 @@ typedef struct { uint32 len; /* ignored */ uint8 *root_dir; - unistr *object_name; + [string,charset(UTF16)] uint16 *object_name; uint32 attributes; security_descriptor *sec_desc; lsa_QosInfo *sec_qos; @@ -98,10 +116,10 @@ /* notice the screwup with the system_name - thats why MS created OpenPolicy2 */ NTSTATUS lsa_OpenPolicy ( - [in] uint16 *system_name, - [in,ref] lsa_ObjectAttribute *attr, + [in,unique] uint16 *system_name, + [in] lsa_ObjectAttribute *attr, [in] uint32 access_mask, - [out,ref] policy_handle *handle + [out] policy_handle *handle ); @@ -150,11 +168,11 @@ uint32 min_wss; uint32 max_wss; uint32 pagefile; - HYPER_T unknown; + hyper unknown; } lsa_DefaultQuotaInfo; typedef struct { - HYPER_T modified_id; + hyper modified_id; NTTIME db_create_time; } lsa_ModificationInfo; @@ -169,9 +187,15 @@ } lsa_AuditFullQueryInfo; typedef struct { - lsa_String name; - lsa_String dns_domain; - lsa_String dns_forest; + /* it's important that we use the lsa_StringLarge here, + * because otherwise windows clients result with such dns hostnames + * e.g. w2k3-client.samba4.samba.orgsamba4.samba.org + * where it should be + * w2k3-client.samba4.samba.org + */ + lsa_StringLarge name; + lsa_StringLarge dns_domain; + lsa_StringLarge dns_forest; GUID domain_guid; dom_sid2 *sid; } lsa_DnsDomainInfo; @@ -191,7 +215,7 @@ LSA_POLICY_INFO_DNS=12 } lsaPolicyInfo; - typedef union { + typedef [switch_type(uint16)] union { [case(LSA_POLICY_INFO_AUDIT_LOG)] lsa_AuditLogInfo audit_log; [case(LSA_POLICY_INFO_AUDIT_EVENTS)] lsa_AuditEventsInfo audit_events; [case(LSA_POLICY_INFO_DOMAIN)] lsa_DomainInfo domain; @@ -207,9 +231,9 @@ } lsa_PolicyInformation; NTSTATUS lsa_QueryInfoPolicy ( - [in,ref] policy_handle *handle, - [in] uint16 level, - [out,switch_is(level)] lsa_PolicyInformation *info + [in] policy_handle *handle, + [in] uint16 level, + [out,unique,switch_is(level)] lsa_PolicyInformation *info ); /******************/ @@ -223,13 +247,16 @@ /******************/ /* Function: 0x0a */ NTSTATUS lsa_CreateAccount ( - [in,ref] policy_handle *handle, - [in,ref] dom_sid2 *sid, - [in] uint32 access_mask, - [out,ref] policy_handle *acct_handle + [in] policy_handle *handle, + [in] dom_sid2 *sid, + [in] uint32 access_mask, + [out] policy_handle *acct_handle ); /******************/ + /* NOTE: This only returns accounts that have at least + one privilege set + */ /* Function: 0x0b */ typedef struct { dom_sid2 *sid; @@ -241,10 +268,10 @@ } lsa_SidArray; NTSTATUS lsa_EnumAccounts ( - [in,ref] policy_handle *handle, - [in,out,ref] uint32 *resume_handle, - [in,range(0,1000)] uint32 num_entries, - [out,ref] lsa_SidArray *sids + [in] policy_handle *handle, + [in,out] uint32 *resume_handle, + [in,range(0,8192)] uint32 num_entries, + [out] lsa_SidArray *sids ); @@ -257,16 +284,19 @@ } lsa_TrustInformation; NTSTATUS lsa_CreateTrustedDomain( - [in,ref] policy_handle *handle, - [in,ref] lsa_TrustInformation *info, + [in] policy_handle *handle, + [in] lsa_TrustInformation *info, [in] uint32 access_mask, - [out,ref] policy_handle *dom_handle + [out] policy_handle *trustdom_handle ); /******************/ /* Function: 0x0d */ + /* w2k3 treats max_size as max_domains*60 */ + const int LSA_ENUM_TRUST_DOMAIN_MULTIPLIER = 60; + typedef struct { lsa_String name; dom_sid2 *sid; @@ -278,18 +308,29 @@ } lsa_DomainList; NTSTATUS lsa_EnumTrustDom ( - [in,ref] policy_handle *handle, - [in,out,ref] uint32 *resume_handle, - [in,range(0,1000)] uint32 num_entries, - [out,ref] lsa_DomainList *domains + [in] policy_handle *handle, + [in,out] uint32 *resume_handle, + [in,range(0,1000)] uint32 max_size, + [out] lsa_DomainList *domains ); /******************/ /* Function: 0x0e */ - - typedef struct { - uint16 sid_type; + typedef enum { + SID_NAME_USE_NONE = 0,/* NOTUSED */ + SID_NAME_USER = 1, /* user */ + SID_NAME_DOM_GRP = 2, /* domain group */ + SID_NAME_DOMAIN = 3, /* domain: don't know what this is */ + SID_NAME_ALIAS = 4, /* local group */ + SID_NAME_WKN_GRP = 5, /* well-known group */ + SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating */ + SID_NAME_INVALID = 7, /* invalid account */ + SID_NAME_UNKNOWN = 8 /* oops. */ + } lsa_SidType; + + typedef struct { + lsa_SidType sid_type; uint32 rid; uint32 sid_index; } lsa_TranslatedSid; @@ -306,13 +347,13 @@ } lsa_RefDomainList; NTSTATUS lsa_LookupNames ( - [in,ref] policy_handle *handle, + [in] policy_handle *handle, [in,range(0,1000)] uint32 num_names, - [in,ref,size_is(num_names)] lsa_String *names, - [out] lsa_RefDomainList *domains, - [in,out,ref] lsa_TransSidArray *sids, + [in,size_is(num_names)] lsa_String names[], + [out,unique] lsa_RefDomainList *domains, + [in,out] lsa_TransSidArray *sids, [in] uint16 level, - [in,out,ref] uint32 *count + [in,out] uint32 *count ); @@ -320,7 +361,7 @@ /* Function: 0x0f */ typedef struct { - uint16 sid_type; + lsa_SidType sid_type; lsa_String name; uint32 sid_index; } lsa_TranslatedName; @@ -331,31 +372,31 @@ } lsa_TransNameArray; NTSTATUS lsa_LookupSids ( - [in,ref] policy_handle *handle, - [in,ref] lsa_SidArray *sids, - [out] lsa_RefDomainList *domains, - [in,out,ref] lsa_TransNameArray *names, + [in] policy_handle *handle, + [in] lsa_SidArray *sids, + [out,unique] lsa_RefDomainList *domains, + [in,out] lsa_TransNameArray *names, [in] uint16 level, - [in,out,ref] uint32 *count + [in,out] uint32 *count ); /* Function: 0x10 */ NTSTATUS lsa_CreateSecret( - [in,ref] policy_handle *handle, + [in] policy_handle *handle, [in] lsa_String name, [in] uint32 access_mask, - [out,ref] policy_handle *sec_handle + [out] policy_handle *sec_handle ); /*****************************************/ /* Function: 0x11 */ NTSTATUS lsa_OpenAccount ( - [in,ref] policy_handle *handle, - [in,ref] dom_sid2 *sid, + [in] policy_handle *handle, + [in] dom_sid2 *sid, [in] uint32 access_mask, - [out,ref] policy_handle *acct_handle + [out] policy_handle *acct_handle ); @@ -374,25 +415,25 @@ } lsa_PrivilegeSet; NTSTATUS lsa_EnumPrivsAccount ( - [in,ref] policy_handle *handle, - [out] lsa_PrivilegeSet *privs + [in] policy_handle *handle, + [out,unique] lsa_PrivilegeSet *privs ); /****************************************/ /* Function: 0x13 */ NTSTATUS lsa_AddPrivilegesToAccount( - [in,ref] policy_handle *handle, - [in,ref] lsa_PrivilegeSet *privs + [in] policy_handle *handle, + [in] lsa_PrivilegeSet *privs ); /****************************************/ /* Function: 0x14 */ NTSTATUS lsa_RemovePrivilegesFromAccount( - [in,ref] policy_handle *handle, + [in] policy_handle *handle, [in] uint8 remove_all, - [in] lsa_PrivilegeSet *privs + [in,unique] lsa_PrivilegeSet *privs ); /* Function: 0x15 */ @@ -408,10 +449,10 @@ /* Function: 0x19 */ NTSTATUS lsa_OpenTrustedDomain( - [in,ref] policy_handle *handle, - [in,ref] dom_sid2 *sid, + [in] policy_handle *handle, + [in] dom_sid2 *sid, [in] uint32 access_mask, - [out,ref] policy_handle *trustdom_handle + [out] policy_handle *trustdom_handle ); typedef [flag(NDR_PAHEX)] struct { @@ -421,20 +462,21 @@ } lsa_DATA_BUF; typedef [flag(NDR_PAHEX)] struct { - uint32 size; + [range(0,65536)] uint32 size; [size_is(size)] uint8 *data; } lsa_DATA_BUF2; typedef enum { - LSA_TRUSTED_DOMAIN_INFO_NAME=1, - LSA_TRUSTED_DOMAIN_INFO_2=2, - LSA_TRUSTED_DOMAIN_INFO_FLAGS=3, - LSA_TRUSTED_DOMAIN_INFO_PASSWORD=4, - LSA_TRUSTED_DOMAIN_INFO_5=5, - LSA_TRUSTED_DOMAIN_INFO_INFO_EX=6, - LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO=7, - LSA_TRUSTED_DOMAIN_INFO_FULL_INFO=8, - LSA_TRUSTED_DOMAIN_INFO_INFO_ALL=12 + LSA_TRUSTED_DOMAIN_INFO_NAME = 1, + LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS_INFO = 2, + LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET = 3, + LSA_TRUSTED_DOMAIN_INFO_PASSWORD = 4, + LSA_TRUSTED_DOMAIN_INFO_BASIC = 5, + LSA_TRUSTED_DOMAIN_INFO_INFO_EX = 6, + LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO = 7, + LSA_TRUSTED_DOMAIN_INFO_FULL_INFO = 8, + LSA_TRUSTED_DOMAIN_INFO_11 = 11, + LSA_TRUSTED_DOMAIN_INFO_INFO_ALL = 12 } lsa_TrustDomInfoEnum; typedef struct { @@ -442,78 +484,78 @@ } lsa_TrustDomainInfoName; typedef struct { - uint32 flags; - } lsa_TrustDomainInfoFlags; + uint32 posix_offset; + } lsa_TrustDomainInfoPosixOffset; typedef struct { - lsa_DATA_BUF *password; - lsa_DATA_BUF *old_password; + lsa_DATA_BUF *password; + lsa_DATA_BUF *old_password; } lsa_TrustDomainInfoPassword; typedef struct { lsa_String netbios_name; - dom_sid2 *sid; - } lsa_TrustDomainInfo5; + dom_sid2 *sid; + } lsa_TrustDomainInfoBasic; typedef struct { lsa_String domain_name; lsa_String netbios_name; - dom_sid2 *sid; - uint32 unknown1; - uint32 unknown2; - uint32 unknown3; + dom_sid2 *sid; + uint32 trust_direction; + uint32 trust_type; + uint32 trust_attributes; } lsa_TrustDomainInfoInfoEx; typedef struct { - HYPER_T unknown1; - uint32 unknown2; - lsa_DATA_BUF2 data; + NTTIME_hyper last_update_time; + uint32 secret_type; + lsa_DATA_BUF2 data; } lsa_TrustDomainInfoBuffer; typedef struct { - uint32 unknown1; - lsa_TrustDomainInfoBuffer *buff1; - lsa_TrustDomainInfoBuffer *buff2; - uint32 unknown2; - lsa_TrustDomainInfoBuffer *buff3; - lsa_TrustDomainInfoBuffer *buff4; + uint32 incoming_count; + lsa_TrustDomainInfoBuffer *incoming_current_auth_info; + lsa_TrustDomainInfoBuffer *incoming_previous_auth_info; + uint32 outgoing_count; + lsa_TrustDomainInfoBuffer *outgoing_current_auth_info; + lsa_TrustDomainInfoBuffer *outgoing_previous_auth_info; } lsa_TrustDomainInfoAuthInfo; typedef struct { - lsa_TrustDomainInfoInfoEx info_ex; - lsa_TrustDomainInfoFlags flags; - lsa_TrustDomainInfoAuthInfo auth_info; + lsa_TrustDomainInfoInfoEx info_ex; + lsa_TrustDomainInfoPosixOffset posix_offset; + lsa_TrustDomainInfoAuthInfo auth_info; } lsa_TrustDomainInfoFullInfo; typedef struct { - lsa_TrustDomainInfoInfoEx info_ex; - lsa_DATA_BUF2 data1; + lsa_TrustDomainInfoInfoEx info_ex; + lsa_DATA_BUF2 data1; } lsa_TrustDomainInfo11; typedef struct { - lsa_TrustDomainInfoInfoEx info_ex; - lsa_DATA_BUF2 data1; - lsa_TrustDomainInfoFlags flags; - lsa_TrustDomainInfoAuthInfo auth_info; + lsa_TrustDomainInfoInfoEx info_ex; + lsa_DATA_BUF2 data1; + lsa_TrustDomainInfoPosixOffset posix_offset; + lsa_TrustDomainInfoAuthInfo auth_info; } lsa_TrustDomainInfoInfoAll; - typedef union { - [case(LSA_TRUSTED_DOMAIN_INFO_NAME)] lsa_TrustDomainInfoName name; - [case(LSA_TRUSTED_DOMAIN_INFO_FLAGS)] lsa_TrustDomainInfoFlags flags; - [case(LSA_TRUSTED_DOMAIN_INFO_PASSWORD)] lsa_TrustDomainInfoPassword password; - [case(LSA_TRUSTED_DOMAIN_INFO_5)] lsa_TrustDomainInfo5 info5; - [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX)] lsa_TrustDomainInfoInfoEx info_ex; - [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO)] lsa_TrustDomainInfoAuthInfo auth_info; - [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)] lsa_TrustDomainInfoFullInfo full_info; - [case(11)] lsa_TrustDomainInfo11 info11; - [case(LSA_TRUSTED_DOMAIN_INFO_INFO_ALL)] lsa_TrustDomainInfoInfoAll info_all; + typedef [switch_type(lsa_TrustDomInfoEnum)] union { + [case(LSA_TRUSTED_DOMAIN_INFO_NAME)] lsa_TrustDomainInfoName name; + [case(LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET)] lsa_TrustDomainInfoPosixOffset posix_offset; + [case(LSA_TRUSTED_DOMAIN_INFO_PASSWORD)] lsa_TrustDomainInfoPassword password; + [case(LSA_TRUSTED_DOMAIN_INFO_BASIC)] lsa_TrustDomainInfoBasic info_basic; + [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX)] lsa_TrustDomainInfoInfoEx info_ex; + [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO)] lsa_TrustDomainInfoAuthInfo auth_info; + [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)] lsa_TrustDomainInfoFullInfo full_info; + [case(LSA_TRUSTED_DOMAIN_INFO_11)] lsa_TrustDomainInfo11 info11; + [case(LSA_TRUSTED_DOMAIN_INFO_INFO_ALL)] lsa_TrustDomainInfoInfoAll info_all; } lsa_TrustedDomainInfo; /* Function: 0x1a */ NTSTATUS lsa_QueryTrustedDomainInfo( - [in,ref] policy_handle *trustdom_handle, - [in] uint16 level, - [out,switch_is(level)] lsa_TrustedDomainInfo *info + [in] policy_handle *trustdom_handle, + [in] lsa_TrustDomInfoEnum level, + [out,switch_is(level),unique] lsa_TrustedDomainInfo *info ); /* Function: 0x1b */ @@ -521,18 +563,18 @@ /* Function: 0x1c */ NTSTATUS lsa_OpenSecret( - [in,ref] policy_handle *handle, - [in] lsa_String name, - [in] uint32 access_mask, - [out,ref] policy_handle *sec_handle + [in] policy_handle *handle, + [in] lsa_String name, + [in] uint32 access_mask, + [out] policy_handle *sec_handle ); /* Function: 0x1d */ NTSTATUS lsa_SetSecret( - [in,ref] policy_handle *handle, - [in] lsa_DATA_BUF *new_val, - [in] lsa_DATA_BUF *old_val + [in] policy_handle *sec_handle, + [in,unique] lsa_DATA_BUF *new_val, + [in,unique] lsa_DATA_BUF *old_val ); typedef struct { @@ -541,38 +583,38 @@ /* Function: 0x1e */ NTSTATUS lsa_QuerySecret ( - [in,ref] policy_handle *handle, - [in,out] lsa_DATA_BUF_PTR *new_val, - [in,out] NTTIME *new_mtime, - [in,out] lsa_DATA_BUF_PTR *old_val, - [in,out] NTTIME *old_mtime + [in] policy_handle *sec_handle, + [in,out,unique] lsa_DATA_BUF_PTR *new_val, + [in,out,unique] NTTIME_hyper *new_mtime, + [in,out,unique] lsa_DATA_BUF_PTR *old_val, + [in,out,unique] NTTIME_hyper *old_mtime ); /* Function: 0x1f */ NTSTATUS lsa_LookupPrivValue( - [in,ref] policy_handle *handle, - [in,ref] lsa_String *name, - [out,ref] lsa_LUID *luid + [in] policy_handle *handle, + [in] lsa_String *name, + [out] lsa_LUID *luid ); /* Function: 0x20 */ NTSTATUS lsa_LookupPrivName ( - [in,ref] policy_handle *handle, - [in,ref] lsa_LUID *luid, - [out] lsa_String *name + [in] policy_handle *handle, + [in] lsa_LUID *luid, + [out,unique] lsa_String *name ); /*******************/ /* Function: 0x21 */ NTSTATUS lsa_LookupPrivDisplayName ( - [in,ref] policy_handle *handle, - [in,ref] lsa_String *name, - [out] lsa_String *disp_name, + [in] policy_handle *handle, + [in] lsa_String *name, + [out,unique] lsa_String *disp_name, /* see http://www.microsoft.com/globaldev/nlsweb/ for language definitions */ - [in,out,ref] uint16 *language_id, + [in,out] uint16 *language_id, [in] uint16 unknown ); @@ -583,14 +625,14 @@ /*******************/ /* Function: 0x23 */ NTSTATUS lsa_EnumAccountsWithUserRight ( - [in,ref] policy_handle *handle, - [in] lsa_String *name, - [out,ref] lsa_SidArray *sids + [in] policy_handle *handle, + [in,unique] lsa_String *name, + [out] lsa_SidArray *sids ); /* Function: 0x24 */ typedef struct { - unistr *name; + [string,charset(UTF16)] uint16 *name; } lsa_RightAttribute; typedef struct { @@ -599,35 +641,35 @@ } lsa_RightSet; NTSTATUS lsa_EnumAccountRights ( - [in,ref] policy_handle *handle, - [in,ref] dom_sid2 *sid, - [out,ref] lsa_RightSet *rights + [in] policy_handle *handle, + [in] dom_sid2 *sid, + [out] lsa_RightSet *rights ); /**********************/ /* Function: 0x25 */ NTSTATUS lsa_AddAccountRights ( - [in,ref] policy_handle *handle, - [in,ref] dom_sid2 *sid, - [in,ref] lsa_RightSet *rights + [in] policy_handle *handle, + [in] dom_sid2 *sid, + [in] lsa_RightSet *rights ); /**********************/ /* Function: 0x26 */ NTSTATUS lsa_RemoveAccountRights ( - [in,ref] policy_handle *handle, - [in,ref] dom_sid2 *sid, + [in] policy_handle *handle, + [in] dom_sid2 *sid, [in] uint32 unknown, - [in,ref] lsa_RightSet *rights + [in] lsa_RightSet *rights ); /* Function: 0x27 */ NTSTATUS lsa_QueryTrustedDomainInfoBySid( - [in,ref] policy_handle *handle, - [in,ref] dom_sid2 *dom_sid, - [in] uint16 level, - [out,switch_is(level)] lsa_TrustedDomainInfo *info + [in] policy_handle *handle, + [in] dom_sid2 *dom_sid, + [in] lsa_TrustDomInfoEnum level, + [out,switch_is(level),unique] lsa_TrustedDomainInfo *info ); /* Function: 0x28 */ @@ -643,10 +685,10 @@ /**********************/ /* Function: 0x2c */ NTSTATUS lsa_OpenPolicy2 ( - [in] unistr *system_name, - [in,ref] lsa_ObjectAttribute *attr, + [in,unique] [string,charset(UTF16)] uint16 *system_name, + [in] lsa_ObjectAttribute *attr, [in] uint32 access_mask, - [out,ref] policy_handle *handle + [out] policy_handle *handle ); /**********************/ @@ -656,18 +698,18 @@ } lsa_StringPointer; NTSTATUS lsa_GetUserName( - [in] unistr *system_name, - [in,out] lsa_String *account_name, - [in,out] lsa_StringPointer *authority_name + [in,unique] [string,charset(UTF16)] uint16 *system_name, + [in,out,unique] lsa_String *account_name, + [in,out,unique] lsa_StringPointer *authority_name ); /**********************/ /* Function: 0x2e */ NTSTATUS lsa_QueryInfoPolicy2( - [in,ref] policy_handle *handle, + [in] policy_handle *handle, [in] uint16 level, - [out,switch_is(level)] lsa_PolicyInformation *info + [out,unique,switch_is(level)] lsa_PolicyInformation *info ); /* Function 0x2f */ @@ -676,10 +718,10 @@ /**********************/ /* Function 0x30 */ NTSTATUS lsa_QueryTrustedDomainInfoByName( - [in,ref] policy_handle *handle, + [in] policy_handle *handle, [in] lsa_String trusted_domain, - [in] uint16 level, - [out,switch_is(level)] lsa_TrustedDomainInfo *info + [in] lsa_TrustDomInfoEnum level, + [out,unique,switch_is(level)] lsa_TrustedDomainInfo *info ); /* Function 0x31 */ @@ -695,18 +737,53 @@ NTSTATUS lsa_CloseTrustedDomainEx(); /* Function 0x35 */ - NTSTATUS lsa_QueryDomainInformationPolicy(); + + /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000 + for unknown6 - gd */ + typedef struct { + uint32 enforce_restrictions; + hyper service_tkt_lifetime; + hyper user_tkt_lifetime; + hyper user_tkt_renewaltime; + hyper clock_skew; + hyper unknown6; + } lsa_DomainInfoKerberos; + + typedef struct { + uint32 blob_size; + [size_is(blob_size)] uint8 *efs_blob; + } lsa_DomainInfoEfs; + + typedef enum { + LSA_DOMAIN_INFO_POLICY_EFS=2, + LSA_DOMAIN_INFO_POLICY_KERBEROS=3 + } lsa_DomainInfoEnum; + + typedef [switch_type(uint16)] union { + [case(LSA_DOMAIN_INFO_POLICY_EFS)] lsa_DomainInfoEfs efs_info; + [case(LSA_DOMAIN_INFO_POLICY_KERBEROS)] lsa_DomainInfoKerberos kerberos_info; + } lsa_DomainInformationPolicy; + + NTSTATUS lsa_QueryDomainInformationPolicy( + [in] policy_handle *handle, + [in] uint16 level, + [out,unique,switch_is(level)] lsa_DomainInformationPolicy *info + ); /* Function 0x36 */ - NTSTATUS lsa_SetDomInfoPolicy(); + NTSTATUS lsa_SetDomainInformationPolicy( + [in] policy_handle *handle, + [in] uint16 level, + [in,unique,switch_is(level)] lsa_DomainInformationPolicy *info + ); /**********************/ /* Function 0x37 */ NTSTATUS lsa_OpenTrustedDomainByName( - [in,ref] policy_handle *handle, + [in] policy_handle *handle, [in] lsa_String name, [in] uint32 access_mask, - [out,ref] policy_handle *trustdom_handle + [out] policy_handle *trustdom_handle ); /* Function 0x38 */ @@ -716,7 +793,7 @@ /* Function 0x39 */ typedef struct { - uint16 sid_type; + lsa_SidType sid_type; lsa_String name; uint32 sid_index; uint32 unknown; @@ -728,12 +805,12 @@ } lsa_TransNameArray2; NTSTATUS lsa_LookupSids2( - [in,ref] policy_handle *handle, - [in,ref] lsa_SidArray *sids, - [out] lsa_RefDomainList *domains, - [in,out,ref] lsa_TransNameArray2 *names, + [in] policy_handle *handle, + [in] lsa_SidArray *sids, + [out,unique] lsa_RefDomainList *domains, + [in,out] lsa_TransNameArray2 *names, [in] uint16 level, - [in,out,ref] uint32 *count, + [in,out] uint32 *count, [in] uint32 unknown1, [in] uint32 unknown2 ); @@ -742,7 +819,7 @@ /* Function 0x3a */ typedef struct { - uint16 sid_type; + lsa_SidType sid_type; uint32 rid; uint32 sid_index; uint32 unknown; @@ -754,13 +831,13 @@ } lsa_TransSidArray2; NTSTATUS lsa_LookupNames2 ( - [in,ref] policy_handle *handle, + [in] policy_handle *handle, [in,range(0,1000)] uint32 num_names, - [in,ref,size_is(num_names)] lsa_String *names, - [out] lsa_RefDomainList *domains, - [in,out,ref] lsa_TransSidArray2 *sids, + [in,size_is(num_names)] lsa_String names[], + [out,unique] lsa_RefDomainList *domains, + [in,out] lsa_TransSidArray2 *sids, [in] uint16 level, - [in,out,ref] uint32 *count, + [in,out] uint32 *count, [in] uint32 unknown1, [in] uint32 unknown2 ); @@ -795,8 +872,8 @@ /**********************/ /* Function 0x44 */ typedef struct { - uint16 sid_type; - dom_sid *sid; + lsa_SidType sid_type; + dom_sid2 *sid; uint32 sid_index; uint32 unknown; } lsa_TranslatedSid3; @@ -807,13 +884,13 @@ } lsa_TransSidArray3; NTSTATUS lsa_LookupNames3 ( - [in,ref] policy_handle *handle, + [in] policy_handle *handle, [in,range(0,1000)] uint32 num_names, - [in,ref,size_is(num_names)] lsa_String *names, - [out] lsa_RefDomainList *domains, - [in,out,ref] lsa_TransSidArray3 *sids, + [in,size_is(num_names)] lsa_String names[], + [out,unique] lsa_RefDomainList *domains, + [in,out] lsa_TransSidArray3 *sids, [in] uint16 level, - [in,out,ref] uint32 *count, + [in,out] uint32 *count, [in] uint32 unknown1, [in] uint32 unknown2 ); @@ -843,11 +920,11 @@ /* Function 0x4c */ NTSTATUS lsa_LookupSids3( - [in,ref] lsa_SidArray *sids, - [out] lsa_RefDomainList *domains, - [in,out,ref] lsa_TransNameArray2 *names, + [in] lsa_SidArray *sids, + [out,unique] lsa_RefDomainList *domains, + [in,out] lsa_TransNameArray2 *names, [in] uint16 level, - [in,out,ref] uint32 *count, + [in,out] uint32 *count, [in] uint32 unknown1, [in] uint32 unknown2 );