Move MAX_REF_DOMAINS to lsa.idl.
[gd/samba/.git] / source / librpc / idl / lsa.idl
1 #include "idl_types.h"
2
3 /*
4   lsa interface definition
5 */
6
7 import "security.idl";
8
9 [ uuid("12345778-1234-abcd-ef00-0123456789ab"),
10   version(0.0),
11   endpoint("ncacn_np:[\\pipe\\lsarpc]","ncacn_np:[\\pipe\\netlogon]","ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:", "ncalrpc:"),
12   pointer_default(unique),
13   helpstring("Local Security Authority")
14 ] interface lsarpc
15 {
16         typedef bitmap security_secinfo security_secinfo;
17
18         typedef [public,noejs] struct {
19                 [value(2*strlen_m(string))] uint16 length;
20                 [value(2*strlen_m(string))] uint16 size;
21                 [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
22         } lsa_String;
23
24         typedef [public] struct {
25                 [value(2*strlen_m(string))] uint16 length;
26                 [value(2*(strlen_m(string)+1))] uint16 size;
27                 [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
28         } lsa_StringLarge;
29
30         typedef [public] struct {
31                 uint32 count;
32                 [size_is(count)] lsa_String *names;
33         } lsa_Strings;
34
35         typedef [public] struct {
36                 [value(strlen_m(string))] uint16 length;
37                 [value(strlen_m(string))] uint16 size;
38                 ascstr_noterm *string;
39         } lsa_AsciiString;
40
41         /******************/
42         /* Function: 0x00 */
43         NTSTATUS lsa_Close (
44                 [in,out]     policy_handle *handle
45                 );
46         
47
48         /******************/
49         /* Function: 0x01 */
50         [public] NTSTATUS lsa_Delete (
51                 [in]     policy_handle *handle
52                 );
53
54
55         /******************/
56         /* Function: 0x02 */
57         typedef struct {
58                 uint32 low;
59                 uint32 high;
60         } lsa_LUID;
61         
62         typedef struct {
63                 lsa_StringLarge name;
64                 lsa_LUID luid;
65         } lsa_PrivEntry;
66
67         typedef struct {
68                 uint32 count;
69                 [size_is(count)] lsa_PrivEntry *privs;
70         } lsa_PrivArray;
71
72         [public] NTSTATUS lsa_EnumPrivs (
73                 [in]     policy_handle *handle,
74                 [in,out,ref] uint32 *resume_handle,
75                 [out,ref] lsa_PrivArray *privs,
76                 [in]         uint32 max_count
77                 );
78
79         /******************/
80         /* Function: 0x03 */
81
82         NTSTATUS lsa_QuerySecurity (
83                 [in]     policy_handle *handle,
84                 [in]         security_secinfo sec_info,
85                 [out,ref]    sec_desc_buf **sdbuf
86                 );
87
88
89         /******************/
90         /* Function: 0x04 */
91         NTSTATUS lsa_SetSecObj(
92                 [in]            policy_handle *handle,
93                 [in]            security_secinfo sec_info,
94                 [in,ref]        sec_desc_buf *sdbuf
95                 );
96
97         /******************/
98         /* Function: 0x05 */
99         NTSTATUS lsa_ChangePassword ();
100
101
102         /******************/
103         /* Function: 0x06 */
104         typedef struct {
105                 uint32  len; /* ignored */
106                 uint16  impersonation_level;
107                 uint8   context_mode;
108                 uint8   effective_only;
109         } lsa_QosInfo;
110         
111         typedef struct {
112                 uint32 len; /* ignored */
113                 uint8 *root_dir;
114                 [string,charset(UTF16)] uint16 *object_name;
115                 uint32 attributes;
116                 security_descriptor *sec_desc;
117                 lsa_QosInfo *sec_qos;
118         } lsa_ObjectAttribute;
119
120         typedef [public,bitmap32bit] bitmap {
121                 LSA_POLICY_VIEW_LOCAL_INFORMATION       = 0x00000001,
122                 LSA_POLICY_VIEW_AUDIT_INFORMATION       = 0x00000002,
123                 LSA_POLICY_GET_PRIVATE_INFORMATION      = 0x00000004,
124                 LSA_POLICY_TRUST_ADMIN                  = 0x00000008,
125                 LSA_POLICY_CREATE_ACCOUNT               = 0x00000010,
126                 LSA_POLICY_CREATE_SECRET                = 0x00000020,
127                 LSA_POLICY_CREATE_PRIVILEGE             = 0x00000040,
128                 LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS     = 0x00000080,
129                 LSA_POLICY_SET_AUDIT_REQUIREMENTS       = 0x00000100,
130                 LSA_POLICY_AUDIT_LOG_ADMIN              = 0x00000200,
131                 LSA_POLICY_SERVER_ADMIN                 = 0x00000400,
132                 LSA_POLICY_LOOKUP_NAMES                 = 0x00000800
133         } lsa_PolicyAccessMask;
134
135         /* notice the screwup with the system_name - thats why MS created
136            OpenPolicy2 */
137         [public] NTSTATUS lsa_OpenPolicy (
138                 [in,unique]       uint16 *system_name,
139                 [in]   lsa_ObjectAttribute *attr,
140                 [in]   lsa_PolicyAccessMask access_mask,
141                 [out]  policy_handle *handle
142                 );
143         
144
145
146         /******************/
147         /* Function: 0x07 */
148
149         typedef struct {
150                 uint32 percent_full;
151                 uint32 log_size;
152                 NTTIME retention_time;
153                 uint8  shutdown_in_progress;
154                 NTTIME time_to_shutdown;
155                 uint32 next_audit_record;
156                 uint32 unknown;
157         } lsa_AuditLogInfo;
158
159         typedef [v1_enum] enum {
160                 LSA_AUDIT_POLICY_NONE=0,
161                 LSA_AUDIT_POLICY_SUCCESS=1,
162                 LSA_AUDIT_POLICY_FAILURE=2,
163                 LSA_AUDIT_POLICY_ALL=(LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE),
164                 LSA_AUDIT_POLICY_CLEAR=4
165         } lsa_PolicyAuditPolicy;
166
167         typedef enum {
168                 LSA_AUDIT_CATEGORY_SYSTEM = 0,
169                 LSA_AUDIT_CATEGORY_LOGON = 1,
170                 LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS = 2,
171                 LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS = 3,
172                 LSA_AUDIT_CATEGORY_PROCCESS_TRACKING = 4,
173                 LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES = 5,
174                 LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT = 6,
175                 LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS = 7,        /* only in win2k/2k3 */
176                 LSA_AUDIT_CATEGORY_ACCOUNT_LOGON = 8                    /* only in win2k/2k3 */
177         } lsa_PolicyAuditEventType;
178
179         typedef struct {
180                 uint32 auditing_mode;
181                 [size_is(count)] lsa_PolicyAuditPolicy *settings;
182                 uint32 count;
183         } lsa_AuditEventsInfo;
184
185         typedef struct {
186                 lsa_StringLarge name;
187                 dom_sid2 *sid;
188         } lsa_DomainInfo;
189
190         typedef struct {
191                 lsa_String name;
192         } lsa_PDAccountInfo;
193
194         typedef struct {
195                 uint16 unknown; /* an midl padding bug? */
196                 uint16 role;
197         } lsa_ServerRole;
198
199         typedef struct {
200                 lsa_String source;
201                 lsa_String account;
202         } lsa_ReplicaSourceInfo;
203
204         typedef struct {
205                 uint32 paged_pool;
206                 uint32 non_paged_pool;
207                 uint32 min_wss;
208                 uint32 max_wss;
209                 uint32 pagefile;
210                 hyper unknown;
211         } lsa_DefaultQuotaInfo;
212
213         typedef struct {
214                 hyper modified_id;
215                 NTTIME db_create_time;
216         } lsa_ModificationInfo;
217
218         typedef struct {
219                 uint8 shutdown_on_full;
220         } lsa_AuditFullSetInfo;
221
222         typedef struct {
223                 uint16 unknown; /* an midl padding bug? */
224                 uint8 shutdown_on_full;
225                 uint8 log_is_full;
226         } lsa_AuditFullQueryInfo;
227
228         typedef struct {
229                 /* it's important that we use the lsa_StringLarge here,
230                  * because otherwise windows clients result with such dns hostnames
231                  * e.g. w2k3-client.samba4.samba.orgsamba4.samba.org
232                  * where it should be
233                  *      w2k3-client.samba4.samba.org
234                  */
235                 lsa_StringLarge name;
236                 lsa_StringLarge dns_domain;
237                 lsa_StringLarge dns_forest;
238                 GUID domain_guid;
239                 dom_sid2 *sid;
240         } lsa_DnsDomainInfo;
241
242         typedef enum {
243                 LSA_POLICY_INFO_AUDIT_LOG=1,
244                 LSA_POLICY_INFO_AUDIT_EVENTS=2,
245                 LSA_POLICY_INFO_DOMAIN=3,
246                 LSA_POLICY_INFO_PD=4,
247                 LSA_POLICY_INFO_ACCOUNT_DOMAIN=5,
248                 LSA_POLICY_INFO_ROLE=6,
249                 LSA_POLICY_INFO_REPLICA=7,
250                 LSA_POLICY_INFO_QUOTA=8,
251                 LSA_POLICY_INFO_DB=9,
252                 LSA_POLICY_INFO_AUDIT_FULL_SET=10,
253                 LSA_POLICY_INFO_AUDIT_FULL_QUERY=11,
254                 LSA_POLICY_INFO_DNS=12
255         } lsa_PolicyInfo;
256
257         typedef [switch_type(uint16)] union {
258                 [case(LSA_POLICY_INFO_AUDIT_LOG)]        lsa_AuditLogInfo       audit_log;
259                 [case(LSA_POLICY_INFO_AUDIT_EVENTS)]     lsa_AuditEventsInfo    audit_events;
260                 [case(LSA_POLICY_INFO_DOMAIN)]           lsa_DomainInfo         domain;
261                 [case(LSA_POLICY_INFO_PD)]               lsa_PDAccountInfo      pd;
262                 [case(LSA_POLICY_INFO_ACCOUNT_DOMAIN)]   lsa_DomainInfo         account_domain;
263                 [case(LSA_POLICY_INFO_ROLE)]             lsa_ServerRole         role;
264                 [case(LSA_POLICY_INFO_REPLICA)]          lsa_ReplicaSourceInfo  replica;
265                 [case(LSA_POLICY_INFO_QUOTA)]            lsa_DefaultQuotaInfo   quota;
266                 [case(LSA_POLICY_INFO_DB)]               lsa_ModificationInfo   db;
267                 [case(LSA_POLICY_INFO_AUDIT_FULL_SET)]   lsa_AuditFullSetInfo   auditfullset;
268                 [case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery;
269                 [case(LSA_POLICY_INFO_DNS)]              lsa_DnsDomainInfo      dns;
270         } lsa_PolicyInformation;
271
272         NTSTATUS lsa_QueryInfoPolicy(
273                 [in]                            policy_handle *handle,
274                 [in]                            lsa_PolicyInfo level,
275                 [out,ref,switch_is(level)]      lsa_PolicyInformation **info
276                 );
277
278         /******************/
279         /* Function:       0x08 */
280         NTSTATUS lsa_SetInfoPolicy (
281                 [in]                            policy_handle *handle,
282                 [in]                            lsa_PolicyInfo level,
283                 [in,switch_is(level)]           lsa_PolicyInformation *info
284                 );
285
286         /******************/
287         /* Function:       0x09 */
288         NTSTATUS lsa_ClearAuditLog ();
289
290         /******************/
291         /* Function: 0x0a */
292         [public] NTSTATUS lsa_CreateAccount (
293                 [in]    policy_handle *handle,
294                 [in,ref] dom_sid2 *sid,
295                 [in]    uint32 access_mask,
296                 [out]   policy_handle *acct_handle
297                 );
298
299         /******************/
300         /* NOTE: This only returns accounts that have at least
301            one privilege set 
302         */
303         /* Function: 0x0b */
304         typedef struct {
305                 dom_sid2 *sid;
306         } lsa_SidPtr;
307         
308         typedef [public] struct {
309                 [range(0,1000)] uint32 num_sids;
310                 [size_is(num_sids)] lsa_SidPtr *sids;
311         } lsa_SidArray;
312
313         [public] NTSTATUS lsa_EnumAccounts (
314                 [in]         policy_handle *handle,
315                 [in,out,ref] uint32 *resume_handle,
316                 [out,ref]    lsa_SidArray *sids,
317                 [in,range(0,8192)] uint32 num_entries
318                 );
319
320
321         /*************************************************/
322         /* Function: 0x0c                                */
323
324         [public] NTSTATUS lsa_CreateTrustedDomain(
325                 [in]         policy_handle *handle,
326                 [in]         lsa_DomainInfo *info,
327                 [in]         uint32 access_mask,
328                 [out]        policy_handle *trustdom_handle
329                 );
330
331
332         /******************/
333         /* Function: 0x0d */
334
335         /* w2k3 treats max_size as max_domains*60       */
336         const int LSA_ENUM_TRUST_DOMAIN_MULTIPLIER = 60;
337
338         typedef struct {
339                 uint32 count;
340                 [size_is(count)] lsa_DomainInfo *domains;
341         } lsa_DomainList;
342
343         NTSTATUS lsa_EnumTrustDom (
344                 [in]               policy_handle *handle,
345                 [in,out,ref]       uint32 *resume_handle,
346                 [out,ref]          lsa_DomainList *domains,
347                 [in]               uint32 max_size
348                 );
349
350
351         /******************/
352         /* Function: 0x0e */
353         typedef enum {
354                 SID_NAME_USE_NONE = 0,/* NOTUSED */
355                 SID_NAME_USER     = 1, /* user */
356                 SID_NAME_DOM_GRP  = 2, /* domain group */
357                 SID_NAME_DOMAIN   = 3, /* domain: don't know what this is */
358                 SID_NAME_ALIAS    = 4, /* local group */
359                 SID_NAME_WKN_GRP  = 5, /* well-known group */
360                 SID_NAME_DELETED  = 6, /* deleted account: needed for c2 rating */
361                 SID_NAME_INVALID  = 7, /* invalid account */
362                 SID_NAME_UNKNOWN  = 8, /* oops. */
363                 SID_NAME_COMPUTER = 9  /* machine */
364         } lsa_SidType;
365
366         typedef struct {
367                 lsa_SidType sid_type;
368                 uint32 rid;
369                 uint32 sid_index;
370         } lsa_TranslatedSid;
371
372         typedef struct {
373                 [range(0,1000)] uint32 count;
374                 [size_is(count)] lsa_TranslatedSid *sids;
375         } lsa_TransSidArray;
376
377         const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32;
378         const int MAX_REF_DOMAINS = LSA_REF_DOMAIN_LIST_MULTIPLIER;
379
380         typedef struct {
381                 [range(0,1000)] uint32 count;
382                 [size_is(count)] lsa_DomainInfo *domains;
383                 uint32 max_size;
384         } lsa_RefDomainList;
385
386         /* Level 1: Ask everywhere
387          * Level 2: Ask domain and trusted domains, no builtin and wkn
388          * Level 3: Only ask domain
389          * Level 4: W2k3ad: Only ask AD trusts
390          * Level 5: Only ask transitive forest trusts
391          * Level 6: Like 4
392          */
393
394         typedef enum {
395                 LSA_LOOKUP_NAMES_ALL = 1,
396                 LSA_LOOKUP_NAMES_DOMAINS_ONLY = 2,
397                 LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3,
398                 LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY = 4,
399                 LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY = 5,
400                 LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6
401         } lsa_LookupNamesLevel;
402
403         [public] NTSTATUS lsa_LookupNames (
404                 [in]         policy_handle *handle,
405                 [in,range(0,1000)] uint32 num_names,
406                 [in,size_is(num_names)]  lsa_String names[],
407                 [out,ref]    lsa_RefDomainList **domains,
408                 [in,out,ref] lsa_TransSidArray *sids,
409                 [in]         lsa_LookupNamesLevel level,
410                 [in,out,ref] uint32 *count
411                 );
412
413
414         /******************/
415         /* Function: 0x0f */
416
417         typedef struct {
418                 lsa_SidType sid_type;
419                 lsa_String name;
420                 uint32 sid_index;
421         } lsa_TranslatedName;
422
423         typedef struct {
424                 [range(0,1000)] uint32 count;
425                 [size_is(count)] lsa_TranslatedName *names;
426         } lsa_TransNameArray;
427
428         [public] NTSTATUS lsa_LookupSids (
429                 [in]         policy_handle *handle,
430                 [in,ref]     lsa_SidArray *sids,
431                 [out,ref]    lsa_RefDomainList **domains,
432                 [in,out,ref] lsa_TransNameArray *names,
433                 [in]         uint16 level,
434                 [in,out,ref] uint32 *count
435                 );
436
437
438         /* Function:        0x10 */
439         [public] NTSTATUS lsa_CreateSecret(
440                 [in]         policy_handle *handle,
441                 [in]         lsa_String       name,
442                 [in]         uint32         access_mask,
443                 [out]        policy_handle *sec_handle
444                 );
445
446
447         /*****************************************/
448         /* Function:     0x11                    */
449         NTSTATUS lsa_OpenAccount(
450                 [in]         policy_handle *handle,
451                 [in,ref]     dom_sid2 *sid,
452                 [in]         uint32 access_mask,
453                 [out]        policy_handle *acct_handle
454                 );
455
456
457         /****************************************/
458         /* Function:    0x12                    */
459
460         typedef struct {
461                 lsa_LUID luid;
462                 uint32 attribute;
463         } lsa_LUIDAttribute;
464         
465         typedef struct {
466                 [range(0,1000)] uint32 count;
467                 uint32 unknown;
468                 [size_is(count)] lsa_LUIDAttribute set[*];
469         } lsa_PrivilegeSet;
470         
471         NTSTATUS lsa_EnumPrivsAccount (
472                 [in]         policy_handle *handle,
473                 [out,ref] lsa_PrivilegeSet **privs
474                 );
475
476
477         /****************************************/
478         /* Function:            0x13 */
479         NTSTATUS lsa_AddPrivilegesToAccount(
480                 [in]         policy_handle *handle,
481                 [in,ref]     lsa_PrivilegeSet *privs
482                 );
483         
484
485         /****************************************/
486         /* Function:         0x14 */
487         NTSTATUS lsa_RemovePrivilegesFromAccount(
488                 [in]         policy_handle *handle,
489                 [in]         uint8 remove_all,
490                 [in,unique]  lsa_PrivilegeSet *privs
491                 );
492
493         /* Function:           0x15 */
494         NTSTATUS lsa_GetQuotasForAccount();
495         
496         /* Function:           0x16 */
497         NTSTATUS lsa_SetQuotasForAccount();
498         
499         /* Function:    0x17 */
500         NTSTATUS lsa_GetSystemAccessAccount(
501                 [in]    policy_handle *handle,
502                 [out,ref] uint32 *access_mask
503                 );
504
505         /* Function:    0x18 */
506         NTSTATUS lsa_SetSystemAccessAccount(
507                 [in]    policy_handle *handle,
508                 [in]    uint32 access_mask
509                 );
510
511         /* Function:        0x19 */
512         NTSTATUS lsa_OpenTrustedDomain(
513                 [in]     policy_handle *handle,
514                 [in]     dom_sid2      *sid,
515                 [in]         uint32         access_mask,
516                 [out]    policy_handle *trustdom_handle
517                 );
518
519         typedef [flag(NDR_PAHEX)] struct {
520                 uint32 length;
521                 uint32 size;
522                 [size_is(size),length_is(length)] uint8 *data;
523         } lsa_DATA_BUF;
524
525         typedef [flag(NDR_PAHEX)] struct {
526                 [range(0,65536)] uint32 size;
527                 [size_is(size)] uint8 *data;
528         } lsa_DATA_BUF2;
529
530         typedef enum {
531                 LSA_TRUSTED_DOMAIN_INFO_NAME             = 1,
532                 LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS_INFO = 2,
533                 LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET     = 3,
534                 LSA_TRUSTED_DOMAIN_INFO_PASSWORD         = 4,
535                 LSA_TRUSTED_DOMAIN_INFO_BASIC            = 5,
536                 LSA_TRUSTED_DOMAIN_INFO_INFO_EX          = 6,
537                 LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO        = 7,
538                 LSA_TRUSTED_DOMAIN_INFO_FULL_INFO        = 8,
539                 LSA_TRUSTED_DOMAIN_INFO_11               = 11,
540                 LSA_TRUSTED_DOMAIN_INFO_INFO_ALL         = 12
541         } lsa_TrustDomInfoEnum;
542
543         typedef struct {
544                 lsa_StringLarge  netbios_name;
545         } lsa_TrustDomainInfoName;
546
547         typedef struct {
548                 uint32         posix_offset;
549         } lsa_TrustDomainInfoPosixOffset;
550
551         typedef struct {
552                 lsa_DATA_BUF  *password;
553                 lsa_DATA_BUF  *old_password;
554         } lsa_TrustDomainInfoPassword;
555
556         typedef struct {
557                 lsa_String     netbios_name;
558                 dom_sid2      *sid;
559         } lsa_TrustDomainInfoBasic;
560
561         typedef struct {
562                 lsa_StringLarge     domain_name;
563                 lsa_StringLarge     netbios_name;
564                 dom_sid2      *sid;
565                 uint32         trust_direction;
566                 uint32         trust_type;
567                 uint32         trust_attributes;
568         } lsa_TrustDomainInfoInfoEx;
569
570         typedef struct {
571                 NTTIME_hyper   last_update_time;
572                 uint32         secret_type;
573                 lsa_DATA_BUF2  data;
574         } lsa_TrustDomainInfoBuffer;
575
576         typedef struct {
577                 uint32 incoming_count;
578                 lsa_TrustDomainInfoBuffer *incoming_current_auth_info;
579                 lsa_TrustDomainInfoBuffer *incoming_previous_auth_info;
580                 uint32 outgoing_count;
581                 lsa_TrustDomainInfoBuffer *outgoing_current_auth_info;
582                 lsa_TrustDomainInfoBuffer *outgoing_previous_auth_info;
583         } lsa_TrustDomainInfoAuthInfo;
584
585         typedef struct {
586                 lsa_TrustDomainInfoInfoEx      info_ex;
587                 lsa_TrustDomainInfoPosixOffset posix_offset;
588                 lsa_TrustDomainInfoAuthInfo    auth_info;
589         } lsa_TrustDomainInfoFullInfo;
590
591         typedef struct {
592                 lsa_TrustDomainInfoInfoEx      info_ex;
593                 lsa_DATA_BUF2                  data1;
594         } lsa_TrustDomainInfo11;
595
596         typedef struct {
597                 lsa_TrustDomainInfoInfoEx      info_ex;
598                 lsa_DATA_BUF2                  data1;
599                 lsa_TrustDomainInfoPosixOffset posix_offset;
600                 lsa_TrustDomainInfoAuthInfo    auth_info;
601         } lsa_TrustDomainInfoInfoAll;
602
603         typedef [switch_type(lsa_TrustDomInfoEnum)] union {
604                 [case(LSA_TRUSTED_DOMAIN_INFO_NAME)]         lsa_TrustDomainInfoName        name;
605                 [case(LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET)] lsa_TrustDomainInfoPosixOffset posix_offset;
606                 [case(LSA_TRUSTED_DOMAIN_INFO_PASSWORD)]     lsa_TrustDomainInfoPassword    password;
607                 [case(LSA_TRUSTED_DOMAIN_INFO_BASIC)]        lsa_TrustDomainInfoBasic       info_basic;
608                 [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX)]      lsa_TrustDomainInfoInfoEx      info_ex;
609                 [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO)]    lsa_TrustDomainInfoAuthInfo    auth_info;
610                 [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)]    lsa_TrustDomainInfoFullInfo    full_info;
611                 [case(LSA_TRUSTED_DOMAIN_INFO_11)]           lsa_TrustDomainInfo11          info11;
612                 [case(LSA_TRUSTED_DOMAIN_INFO_INFO_ALL)]     lsa_TrustDomainInfoInfoAll     info_all;
613         } lsa_TrustedDomainInfo;
614
615         /* Function:       0x1a */
616         NTSTATUS lsa_QueryTrustedDomainInfo(
617                 [in]     policy_handle                   *trustdom_handle,
618                 [in]     lsa_TrustDomInfoEnum             level, 
619                 [out,switch_is(level),unique] lsa_TrustedDomainInfo *info
620                 );
621
622         /* Function:     0x1b */
623         NTSTATUS lsa_SetInformationTrustedDomain();
624
625         /* Function:          0x1c */
626         [public] NTSTATUS lsa_OpenSecret(
627                 [in]     policy_handle    *handle,
628                 [in]         lsa_String        name,
629                 [in]         uint32            access_mask,
630                 [out]    policy_handle    *sec_handle
631                 );
632
633         /* Function:           0x1d */
634
635         [public] NTSTATUS lsa_SetSecret(
636                 [in]     policy_handle    *sec_handle,
637                 [in,unique]         lsa_DATA_BUF     *new_val,
638                 [in,unique]         lsa_DATA_BUF     *old_val
639                 );
640
641         typedef struct {
642                 lsa_DATA_BUF *buf;
643         } lsa_DATA_BUF_PTR;
644
645         /* Function:         0x1e */
646         [public] NTSTATUS lsa_QuerySecret (
647                 [in]     policy_handle     *sec_handle,
648                 [in,out,unique]     lsa_DATA_BUF_PTR  *new_val,
649                 [in,out,unique]     NTTIME_hyper      *new_mtime,
650                 [in,out,unique]     lsa_DATA_BUF_PTR  *old_val,
651                 [in,out,unique]     NTTIME_hyper      *old_mtime
652                 );
653
654         /* Function:     0x1f */
655         NTSTATUS lsa_LookupPrivValue(
656                 [in]     policy_handle *handle,
657                 [in,ref] lsa_String *name,
658                 [out,ref] lsa_LUID *luid
659                 );
660
661
662         /* Function:      0x20 */
663         NTSTATUS lsa_LookupPrivName (
664                 [in]     policy_handle *handle,
665                 [in]     lsa_LUID *luid,
666                 [out,unique]        lsa_StringLarge *name
667                 );
668
669
670         /*******************/
671         /* Function:  0x21 */
672         NTSTATUS lsa_LookupPrivDisplayName (
673                 [in] policy_handle *handle,
674                 [in,ref] lsa_String *name,
675                 [in] uint16 language_id,
676                 [in] uint16 language_id_sys,
677                 [out,ref] lsa_StringLarge **disp_name,
678                 /* see http://www.microsoft.com/globaldev/nlsweb/ for
679                    language definitions */
680                 [out,ref] uint16 *returned_language_id
681                 );
682
683         /* Function:        0x22 */
684         NTSTATUS lsa_DeleteObject(
685                 [in,out] policy_handle *handle
686                 );
687
688         /*******************/
689         /* Function:      0x23 */
690         NTSTATUS lsa_EnumAccountsWithUserRight (
691                 [in]     policy_handle *handle,
692                 [in,unique]         lsa_String *name,
693                 [out]    lsa_SidArray *sids
694                 );
695
696         /* Function:      0x24 */
697         typedef struct {
698                 [string,charset(UTF16)] uint16 *name;
699         } lsa_RightAttribute;
700         
701         typedef struct {
702                 [range(0,256)] uint32 count;
703                 [size_is(count)] lsa_StringLarge *names;
704         } lsa_RightSet;
705         
706         NTSTATUS lsa_EnumAccountRights (
707                 [in]     policy_handle *handle,
708                 [in,ref] dom_sid2 *sid,
709                 [out,ref] lsa_RightSet *rights
710                 );
711
712
713         /**********************/
714         /* Function:       0x25 */
715         NTSTATUS lsa_AddAccountRights (
716                 [in]     policy_handle *handle,
717                 [in,ref] dom_sid2 *sid,
718                 [in,ref] lsa_RightSet *rights
719                 );
720         
721         /**********************/
722         /* Function:       0x26 */
723         NTSTATUS lsa_RemoveAccountRights (
724                 [in]     policy_handle *handle,
725                 [in,ref] dom_sid2 *sid,
726                 [in]     uint8 remove_all,
727                 [in,ref] lsa_RightSet *rights
728                 );
729
730         /* Function:   0x27 */
731         NTSTATUS lsa_QueryTrustedDomainInfoBySid(
732                 [in]               policy_handle         *handle,
733                 [in]               dom_sid2              *dom_sid,
734                 [in]                   lsa_TrustDomInfoEnum  level, 
735                 [out,switch_is(level),unique] lsa_TrustedDomainInfo *info
736         );
737
738         /* Function:     0x28 */
739         NTSTATUS lsa_SetTrustedDomainInfo();
740         /* Function:      0x29 */
741         NTSTATUS lsa_DeleteTrustedDomain(
742                 [in]               policy_handle         *handle,
743                 [in]               dom_sid2              *dom_sid
744         );
745
746         /* Function:       0x2a */
747         NTSTATUS lsa_StorePrivateData();
748         /* Function:        0x2b */
749         NTSTATUS lsa_RetrievePrivateData();
750
751
752         /**********************/
753         /* Function:     0x2c */
754         [public] NTSTATUS lsa_OpenPolicy2 (
755                 [in,unique]      [string,charset(UTF16)] uint16 *system_name,
756                 [in]  lsa_ObjectAttribute *attr,
757                 [in]  lsa_PolicyAccessMask access_mask,
758                 [out] policy_handle *handle
759                 );
760
761         /**********************/
762         /* Function:     0x2d */
763         NTSTATUS lsa_GetUserName(
764                 [in,unique] [string,charset(UTF16)] uint16 *system_name,
765                 [in,out,ref] lsa_String **account_name,
766                 [in,out,unique] lsa_String **authority_name
767                 );
768
769         /**********************/
770         /* Function:          0x2e */
771
772         NTSTATUS lsa_QueryInfoPolicy2(
773                 [in]                         policy_handle *handle,
774                 [in]                         lsa_PolicyInfo level,
775                 [out,ref,switch_is(level)]   lsa_PolicyInformation **info
776                 );
777
778         /* Function 0x2f */
779         NTSTATUS lsa_SetInfoPolicy2(
780                 [in]                            policy_handle *handle,
781                 [in]                            lsa_PolicyInfo level,
782                 [in,switch_is(level)]           lsa_PolicyInformation *info
783                 );
784
785         /**********************/
786         /* Function 0x30 */
787         NTSTATUS lsa_QueryTrustedDomainInfoByName(
788                 [in]                   policy_handle          *handle,
789                 [in,ref]               lsa_String             *trusted_domain,
790                 [in]                   lsa_TrustDomInfoEnum   level,
791                 [out,ref,switch_is(level)] lsa_TrustedDomainInfo *info
792                 );
793
794         /**********************/
795         /* Function 0x31 */
796         NTSTATUS lsa_SetTrustedDomainInfoByName(
797                 [in]                   policy_handle         *handle,
798                 [in]                   lsa_String             trusted_domain,
799                 [in]                   lsa_TrustDomInfoEnum   level, 
800                 [in,unique,switch_is(level)] lsa_TrustedDomainInfo *info
801                 );
802
803         /* Function 0x32 */
804
805         /* w2k3 treats max_size as max_domains*82       */
806         const int LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER = 82;
807
808         typedef struct {
809                 uint32 count;
810                 [size_is(count)] lsa_TrustDomainInfoInfoEx *domains;
811         } lsa_DomainListEx;
812
813         NTSTATUS lsa_EnumTrustedDomainsEx (
814                 [in]               policy_handle *handle,
815                 [in,out]           uint32 *resume_handle,
816                 [out]              lsa_DomainListEx *domains,
817                 [in]               uint32 max_size
818                 );
819
820
821         /* Function 0x33 */
822         NTSTATUS lsa_CreateTrustedDomainEx();
823
824         /* Function 0x34 */
825         NTSTATUS lsa_CloseTrustedDomainEx(
826                 [in,out]                   policy_handle         *handle
827         );
828
829         /* Function 0x35 */
830
831         /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000 
832            for unknown6 - gd */
833         typedef struct {
834                 uint32 enforce_restrictions;
835                 hyper service_tkt_lifetime;
836                 hyper user_tkt_lifetime;
837                 hyper user_tkt_renewaltime;
838                 hyper clock_skew;
839                 hyper unknown6;
840         } lsa_DomainInfoKerberos;
841
842         typedef struct {
843                 uint32 blob_size;
844                 [size_is(blob_size)] uint8 *efs_blob;
845         } lsa_DomainInfoEfs;
846
847         typedef enum {
848                 LSA_DOMAIN_INFO_POLICY_EFS=2,
849                 LSA_DOMAIN_INFO_POLICY_KERBEROS=3
850         } lsa_DomainInfoEnum;
851
852         typedef [switch_type(uint16)] union {
853                 [case(LSA_DOMAIN_INFO_POLICY_EFS)]      lsa_DomainInfoEfs       efs_info;
854                 [case(LSA_DOMAIN_INFO_POLICY_KERBEROS)] lsa_DomainInfoKerberos  kerberos_info;
855         } lsa_DomainInformationPolicy;
856
857         NTSTATUS lsa_QueryDomainInformationPolicy(
858                 [in]            policy_handle *handle,
859                 [in]                    uint16 level,
860                 [out,unique,switch_is(level)]   lsa_DomainInformationPolicy *info
861                 );
862
863         /* Function 0x36 */
864         NTSTATUS lsa_SetDomainInformationPolicy(
865                 [in]            policy_handle *handle,
866                 [in]                    uint16 level,
867                 [in,unique,switch_is(level)]    lsa_DomainInformationPolicy *info
868                 );
869
870         /**********************/
871         /* Function 0x37 */
872         NTSTATUS lsa_OpenTrustedDomainByName(
873                 [in]     policy_handle *handle,
874                 [in]         lsa_String     name,
875                 [in]         uint32         access_mask,
876                 [out]    policy_handle *trustdom_handle
877                 );
878
879         /* Function 0x38 */
880         NTSTATUS lsa_TestCall();
881
882         /**********************/
883         /* Function 0x39 */
884
885         typedef struct {
886                 lsa_SidType sid_type;
887                 lsa_String name;
888                 uint32 sid_index;
889                 uint32 unknown;
890         } lsa_TranslatedName2;
891
892         typedef struct {
893                 [range(0,1000)] uint32 count;
894                 [size_is(count)] lsa_TranslatedName2 *names;
895         } lsa_TransNameArray2;
896
897         [public] NTSTATUS lsa_LookupSids2(
898                 [in]     policy_handle *handle,
899                 [in,ref] lsa_SidArray *sids,
900                 [out,ref]    lsa_RefDomainList **domains,
901                 [in,out,ref] lsa_TransNameArray2 *names,
902                 [in]         uint16 level,
903                 [in,out,ref] uint32 *count,
904                 [in]         uint32 unknown1,
905                 [in]         uint32 unknown2
906                 );
907
908         /**********************/
909         /* Function 0x3a */
910
911         typedef struct {
912                 lsa_SidType sid_type;
913                 uint32 rid;
914                 uint32 sid_index;
915                 uint32 unknown;
916         } lsa_TranslatedSid2;
917
918         typedef struct {
919                 [range(0,1000)] uint32 count;
920                 [size_is(count)] lsa_TranslatedSid2 *sids;
921         } lsa_TransSidArray2;
922
923         [public] NTSTATUS lsa_LookupNames2 (
924                 [in]     policy_handle *handle,
925                 [in,range(0,1000)] uint32 num_names,
926                 [in,size_is(num_names)]  lsa_String names[],
927                 [out,ref]    lsa_RefDomainList **domains,
928                 [in,out,ref] lsa_TransSidArray2 *sids,
929                 [in]         lsa_LookupNamesLevel level,
930                 [in,out,ref] uint32 *count,
931                 [in]         uint32 unknown1,
932                 [in]         uint32 unknown2
933                 );
934
935         /* Function 0x3b */
936         NTSTATUS lsa_CreateTrustedDomainEx2();
937
938         /* Function 0x3c */
939         NTSTATUS lsa_CREDRWRITE();
940
941         /* Function 0x3d */
942         NTSTATUS lsa_CREDRREAD();
943
944         /* Function 0x3e */
945         NTSTATUS lsa_CREDRENUMERATE();
946
947         /* Function 0x3f */
948         NTSTATUS lsa_CREDRWRITEDOMAINCREDENTIALS();
949
950         /* Function 0x40 */
951         NTSTATUS lsa_CREDRREADDOMAINCREDENTIALS();
952
953         /* Function 0x41 */
954         NTSTATUS lsa_CREDRDELETE();
955
956         /* Function 0x42 */
957         NTSTATUS lsa_CREDRGETTARGETINFO();
958
959         /* Function 0x43 */
960         NTSTATUS lsa_CREDRPROFILELOADED();
961
962         /**********************/
963         /* Function 0x44 */
964         typedef struct {
965                 lsa_SidType sid_type;
966                 dom_sid2 *sid;
967                 uint32 sid_index;
968                 uint32 unknown;
969         } lsa_TranslatedSid3;
970
971         typedef struct {
972                 [range(0,1000)] uint32 count;
973                 [size_is(count)] lsa_TranslatedSid3 *sids;
974         } lsa_TransSidArray3;
975
976         [public] NTSTATUS lsa_LookupNames3 (
977                 [in]     policy_handle *handle,
978                 [in,range(0,1000)] uint32 num_names,
979                 [in,size_is(num_names)]  lsa_String names[],
980                 [out,ref]    lsa_RefDomainList **domains,
981                 [in,out,ref] lsa_TransSidArray3 *sids,
982                 [in]         lsa_LookupNamesLevel level,
983                 [in,out,ref] uint32 *count,
984                 [in]         uint32 unknown1,
985                 [in]         uint32 unknown2
986                 );
987
988         /* Function 0x45 */
989         NTSTATUS lsa_CREDRGETSESSIONTYPES();
990
991         /* Function 0x46 */
992         NTSTATUS lsa_LSARREGISTERAUDITEVENT();
993
994         /* Function 0x47 */
995         NTSTATUS lsa_LSARGENAUDITEVENT();
996
997         /* Function 0x48 */
998         NTSTATUS lsa_LSARUNREGISTERAUDITEVENT();
999
1000         /* Function 0x49 */
1001         typedef struct {
1002                 [range(0,131072)] uint32 length;
1003                 [size_is(length)] uint8 *data;
1004         } lsa_ForestTrustBinaryData;
1005
1006         typedef struct {
1007                 dom_sid2 *domain_sid;
1008                 lsa_StringLarge dns_domain_name;
1009                 lsa_StringLarge netbios_domain_name;
1010         } lsa_ForestTrustDomainInfo;
1011
1012         typedef [switch_type(uint32)] union {
1013                 [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_String top_level_name;
1014                 [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex;
1015                 [case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info;
1016                 [default] lsa_ForestTrustBinaryData data;
1017         } lsa_ForestTrustData;
1018
1019         typedef [v1_enum] enum {
1020                 LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0,
1021                 LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
1022                 LSA_FOREST_TRUST_DOMAIN_INFO = 2,
1023                 LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3
1024         } lsa_ForestTrustRecordType;
1025
1026         typedef struct {
1027                 uint32 flags;
1028                 lsa_ForestTrustRecordType level;
1029                 hyper unknown;
1030                 [switch_is(level)] lsa_ForestTrustData forest_trust_data;
1031         } lsa_ForestTrustRecord;
1032
1033         typedef [public] struct {
1034                 [range(0,4000)] uint32 count;
1035                 [size_is(count)] lsa_ForestTrustRecord **entries;
1036         } lsa_ForestTrustInformation;
1037
1038         NTSTATUS lsa_lsaRQueryForestTrustInformation(
1039                 [in] policy_handle *handle,
1040                 [in,ref] lsa_String *trusted_domain_name,
1041                 [in] uint16 unknown, /* level ? */
1042                 [out,ref] lsa_ForestTrustInformation **forest_trust_info
1043                 );
1044
1045         /* Function 0x4a */
1046         NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION();
1047
1048         /* Function 0x4b */
1049         NTSTATUS lsa_CREDRRENAME();
1050
1051         /*****************/
1052         /* Function 0x4c */
1053
1054         [public] NTSTATUS lsa_LookupSids3(
1055                 [in,ref]     lsa_SidArray *sids,
1056                 [out,ref]    lsa_RefDomainList **domains,
1057                 [in,out,ref] lsa_TransNameArray2 *names,
1058                 [in]         uint16 level,
1059                 [in,out,ref] uint32 *count,
1060                 [in]         uint32 unknown1,
1061                 [in]         uint32 unknown2
1062                 );
1063
1064         /* Function 0x4d */
1065         NTSTATUS lsa_LookupNames4(
1066                 [in,range(0,1000)] uint32 num_names,
1067                 [in,size_is(num_names)]  lsa_String names[],
1068                 [out,ref]    lsa_RefDomainList **domains,
1069                 [in,out,ref] lsa_TransSidArray3 *sids,
1070                 [in]         lsa_LookupNamesLevel level,
1071                 [in,out,ref] uint32 *count,
1072                 [in]         uint32 unknown1,
1073                 [in]         uint32 unknown2
1074                 );
1075
1076         /* Function 0x4e */
1077         NTSTATUS lsa_LSAROPENPOLICYSCE();
1078
1079         /* Function 0x4f */
1080         NTSTATUS lsa_LSARADTREGISTERSECURITYEVENTSOURCE();
1081
1082         /* Function 0x50 */
1083         NTSTATUS lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE();
1084
1085         /* Function 0x51 */
1086         NTSTATUS lsa_LSARADTREPORTSECURITYEVENT();
1087
1088 }