4 lsa interface definition
9 [ uuid("12345778-1234-abcd-ef00-0123456789ab"),
11 endpoint("ncacn_np:[\\pipe\\lsarpc]","ncacn_np:[\\pipe\\netlogon]","ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:", "ncalrpc:"),
12 pointer_default(unique),
13 helpstring("Local Security Authority")
16 typedef bitmap security_secinfo security_secinfo;
18 typedef [public,noejs] struct {
19 [value(2*strlen_m(string))] uint16 length;
20 [value(2*strlen_m(string))] uint16 size;
21 [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
24 typedef [public] struct {
25 [value(2*strlen_m(string))] uint16 length;
26 [value(2*strlen_m_term(string))] uint16 size;
27 [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
30 typedef [public] struct {
32 [size_is(count)] lsa_String *names;
35 typedef [public] struct {
36 [value(strlen_m(string))] uint16 length;
37 [value(strlen_m(string))] uint16 size;
38 [charset(DOS),size_is(size),length_is(length)] uint8 *string;
41 typedef [public] struct {
42 [value(strlen_m(string))] uint16 length;
43 [value(strlen_m_term(string))] uint16 size;
44 [charset(DOS),size_is(size),length_is(length)] uint8 *string;
45 } lsa_AsciiStringLarge;
50 [in,out] policy_handle *handle
56 [public] NTSTATUS lsa_Delete (
57 [in] policy_handle *handle
75 [size_is(count)] lsa_PrivEntry *privs;
78 [public] NTSTATUS lsa_EnumPrivs (
79 [in] policy_handle *handle,
80 [in,out,ref] uint32 *resume_handle,
81 [out,ref] lsa_PrivArray *privs,
88 NTSTATUS lsa_QuerySecurity (
89 [in] policy_handle *handle,
90 [in] security_secinfo sec_info,
91 [out,ref] sec_desc_buf **sdbuf
97 NTSTATUS lsa_SetSecObj(
98 [in] policy_handle *handle,
99 [in] security_secinfo sec_info,
100 [in,ref] sec_desc_buf *sdbuf
105 NTSTATUS lsa_ChangePassword ();
111 uint32 len; /* ignored */
112 uint16 impersonation_level;
114 uint8 effective_only;
118 uint32 len; /* ignored */
120 [string,charset(UTF16)] uint16 *object_name;
122 security_descriptor *sec_desc;
123 lsa_QosInfo *sec_qos;
124 } lsa_ObjectAttribute;
126 typedef [public,bitmap32bit] bitmap {
127 LSA_POLICY_VIEW_LOCAL_INFORMATION = 0x00000001,
128 LSA_POLICY_VIEW_AUDIT_INFORMATION = 0x00000002,
129 LSA_POLICY_GET_PRIVATE_INFORMATION = 0x00000004,
130 LSA_POLICY_TRUST_ADMIN = 0x00000008,
131 LSA_POLICY_CREATE_ACCOUNT = 0x00000010,
132 LSA_POLICY_CREATE_SECRET = 0x00000020,
133 LSA_POLICY_CREATE_PRIVILEGE = 0x00000040,
134 LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x00000080,
135 LSA_POLICY_SET_AUDIT_REQUIREMENTS = 0x00000100,
136 LSA_POLICY_AUDIT_LOG_ADMIN = 0x00000200,
137 LSA_POLICY_SERVER_ADMIN = 0x00000400,
138 LSA_POLICY_LOOKUP_NAMES = 0x00000800
139 } lsa_PolicyAccessMask;
141 /* notice the screwup with the system_name - thats why MS created
143 [public] NTSTATUS lsa_OpenPolicy (
144 [in,unique] uint16 *system_name,
145 [in] lsa_ObjectAttribute *attr,
146 [in] lsa_PolicyAccessMask access_mask,
147 [out] policy_handle *handle
158 NTTIME retention_time;
159 uint8 shutdown_in_progress;
160 NTTIME time_to_shutdown;
161 uint32 next_audit_record;
165 typedef [v1_enum] enum {
166 LSA_AUDIT_POLICY_NONE=0,
167 LSA_AUDIT_POLICY_SUCCESS=1,
168 LSA_AUDIT_POLICY_FAILURE=2,
169 LSA_AUDIT_POLICY_ALL=(LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE),
170 LSA_AUDIT_POLICY_CLEAR=4
171 } lsa_PolicyAuditPolicy;
174 LSA_AUDIT_CATEGORY_SYSTEM = 0,
175 LSA_AUDIT_CATEGORY_LOGON = 1,
176 LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS = 2,
177 LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS = 3,
178 LSA_AUDIT_CATEGORY_PROCCESS_TRACKING = 4,
179 LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES = 5,
180 LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT = 6,
181 LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS = 7, /* only in win2k/2k3 */
182 LSA_AUDIT_CATEGORY_ACCOUNT_LOGON = 8 /* only in win2k/2k3 */
183 } lsa_PolicyAuditEventType;
186 uint32 auditing_mode;
187 [size_is(count)] lsa_PolicyAuditPolicy *settings;
189 } lsa_AuditEventsInfo;
192 lsa_StringLarge name;
201 uint16 unknown; /* an midl padding bug? */
208 } lsa_ReplicaSourceInfo;
212 uint32 non_paged_pool;
217 } lsa_DefaultQuotaInfo;
221 NTTIME db_create_time;
222 } lsa_ModificationInfo;
225 uint8 shutdown_on_full;
226 } lsa_AuditFullSetInfo;
229 uint16 unknown; /* an midl padding bug? */
230 uint8 shutdown_on_full;
232 } lsa_AuditFullQueryInfo;
235 /* it's important that we use the lsa_StringLarge here,
236 * because otherwise windows clients result with such dns hostnames
237 * e.g. w2k3-client.samba4.samba.orgsamba4.samba.org
239 * w2k3-client.samba4.samba.org
241 lsa_StringLarge name;
242 lsa_StringLarge dns_domain;
243 lsa_StringLarge dns_forest;
249 LSA_POLICY_INFO_AUDIT_LOG=1,
250 LSA_POLICY_INFO_AUDIT_EVENTS=2,
251 LSA_POLICY_INFO_DOMAIN=3,
252 LSA_POLICY_INFO_PD=4,
253 LSA_POLICY_INFO_ACCOUNT_DOMAIN=5,
254 LSA_POLICY_INFO_ROLE=6,
255 LSA_POLICY_INFO_REPLICA=7,
256 LSA_POLICY_INFO_QUOTA=8,
257 LSA_POLICY_INFO_DB=9,
258 LSA_POLICY_INFO_AUDIT_FULL_SET=10,
259 LSA_POLICY_INFO_AUDIT_FULL_QUERY=11,
260 LSA_POLICY_INFO_DNS=12
263 typedef [switch_type(uint16)] union {
264 [case(LSA_POLICY_INFO_AUDIT_LOG)] lsa_AuditLogInfo audit_log;
265 [case(LSA_POLICY_INFO_AUDIT_EVENTS)] lsa_AuditEventsInfo audit_events;
266 [case(LSA_POLICY_INFO_DOMAIN)] lsa_DomainInfo domain;
267 [case(LSA_POLICY_INFO_PD)] lsa_PDAccountInfo pd;
268 [case(LSA_POLICY_INFO_ACCOUNT_DOMAIN)] lsa_DomainInfo account_domain;
269 [case(LSA_POLICY_INFO_ROLE)] lsa_ServerRole role;
270 [case(LSA_POLICY_INFO_REPLICA)] lsa_ReplicaSourceInfo replica;
271 [case(LSA_POLICY_INFO_QUOTA)] lsa_DefaultQuotaInfo quota;
272 [case(LSA_POLICY_INFO_DB)] lsa_ModificationInfo db;
273 [case(LSA_POLICY_INFO_AUDIT_FULL_SET)] lsa_AuditFullSetInfo auditfullset;
274 [case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery;
275 [case(LSA_POLICY_INFO_DNS)] lsa_DnsDomainInfo dns;
276 } lsa_PolicyInformation;
278 NTSTATUS lsa_QueryInfoPolicy(
279 [in] policy_handle *handle,
280 [in] lsa_PolicyInfo level,
281 [out,ref,switch_is(level)] lsa_PolicyInformation **info
286 NTSTATUS lsa_SetInfoPolicy (
287 [in] policy_handle *handle,
288 [in] lsa_PolicyInfo level,
289 [in,switch_is(level)] lsa_PolicyInformation *info
294 NTSTATUS lsa_ClearAuditLog ();
298 [public] NTSTATUS lsa_CreateAccount (
299 [in] policy_handle *handle,
300 [in,ref] dom_sid2 *sid,
301 [in] uint32 access_mask,
302 [out] policy_handle *acct_handle
306 /* NOTE: This only returns accounts that have at least
314 typedef [public] struct {
315 [range(0,1000)] uint32 num_sids;
316 [size_is(num_sids)] lsa_SidPtr *sids;
319 [public] NTSTATUS lsa_EnumAccounts (
320 [in] policy_handle *handle,
321 [in,out,ref] uint32 *resume_handle,
322 [out,ref] lsa_SidArray *sids,
323 [in,range(0,8192)] uint32 num_entries
327 /*************************************************/
330 [public] NTSTATUS lsa_CreateTrustedDomain(
331 [in] policy_handle *handle,
332 [in] lsa_DomainInfo *info,
333 [in] uint32 access_mask,
334 [out] policy_handle *trustdom_handle
341 /* w2k3 treats max_size as max_domains*60 */
342 const int LSA_ENUM_TRUST_DOMAIN_MULTIPLIER = 60;
346 [size_is(count)] lsa_DomainInfo *domains;
349 NTSTATUS lsa_EnumTrustDom (
350 [in] policy_handle *handle,
351 [in,out,ref] uint32 *resume_handle,
352 [out,ref] lsa_DomainList *domains,
360 SID_NAME_USE_NONE = 0,/* NOTUSED */
361 SID_NAME_USER = 1, /* user */
362 SID_NAME_DOM_GRP = 2, /* domain group */
363 SID_NAME_DOMAIN = 3, /* domain: don't know what this is */
364 SID_NAME_ALIAS = 4, /* local group */
365 SID_NAME_WKN_GRP = 5, /* well-known group */
366 SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating */
367 SID_NAME_INVALID = 7, /* invalid account */
368 SID_NAME_UNKNOWN = 8, /* oops. */
369 SID_NAME_COMPUTER = 9 /* machine */
373 lsa_SidType sid_type;
379 [range(0,1000)] uint32 count;
380 [size_is(count)] lsa_TranslatedSid *sids;
383 const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32;
384 const int MAX_REF_DOMAINS = LSA_REF_DOMAIN_LIST_MULTIPLIER;
387 [range(0,1000)] uint32 count;
388 [size_is(count)] lsa_DomainInfo *domains;
392 /* Level 1: Ask everywhere
393 * Level 2: Ask domain and trusted domains, no builtin and wkn
394 * Level 3: Only ask domain
395 * Level 4: W2k3ad: Only ask AD trusts
396 * Level 5: Only ask transitive forest trusts
401 LSA_LOOKUP_NAMES_ALL = 1,
402 LSA_LOOKUP_NAMES_DOMAINS_ONLY = 2,
403 LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3,
404 LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY = 4,
405 LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY = 5,
406 LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6
407 } lsa_LookupNamesLevel;
409 [public] NTSTATUS lsa_LookupNames (
410 [in] policy_handle *handle,
411 [in,range(0,1000)] uint32 num_names,
412 [in,size_is(num_names)] lsa_String names[],
413 [out,ref] lsa_RefDomainList **domains,
414 [in,out,ref] lsa_TransSidArray *sids,
415 [in] lsa_LookupNamesLevel level,
416 [in,out,ref] uint32 *count
424 lsa_SidType sid_type;
427 } lsa_TranslatedName;
430 [range(0,1000)] uint32 count;
431 [size_is(count)] lsa_TranslatedName *names;
432 } lsa_TransNameArray;
434 /* This number is based on Win2k and later maximum response allowed */
435 const int MAX_LOOKUP_SIDS = 0x5000; /* 20480 */
437 [public] NTSTATUS lsa_LookupSids (
438 [in] policy_handle *handle,
439 [in,ref] lsa_SidArray *sids,
440 [out,ref] lsa_RefDomainList **domains,
441 [in,out,ref] lsa_TransNameArray *names,
443 [in,out,ref] uint32 *count
448 [public] NTSTATUS lsa_CreateSecret(
449 [in] policy_handle *handle,
450 [in] lsa_String name,
451 [in] uint32 access_mask,
452 [out] policy_handle *sec_handle
456 /*****************************************/
458 NTSTATUS lsa_OpenAccount(
459 [in] policy_handle *handle,
460 [in,ref] dom_sid2 *sid,
461 [in] uint32 access_mask,
462 [out] policy_handle *acct_handle
466 /****************************************/
475 [range(0,1000)] uint32 count;
477 [size_is(count)] lsa_LUIDAttribute set[*];
480 NTSTATUS lsa_EnumPrivsAccount (
481 [in] policy_handle *handle,
482 [out,ref] lsa_PrivilegeSet **privs
486 /****************************************/
488 NTSTATUS lsa_AddPrivilegesToAccount(
489 [in] policy_handle *handle,
490 [in,ref] lsa_PrivilegeSet *privs
494 /****************************************/
496 NTSTATUS lsa_RemovePrivilegesFromAccount(
497 [in] policy_handle *handle,
498 [in] uint8 remove_all,
499 [in,unique] lsa_PrivilegeSet *privs
503 NTSTATUS lsa_GetQuotasForAccount();
506 NTSTATUS lsa_SetQuotasForAccount();
509 NTSTATUS lsa_GetSystemAccessAccount(
510 [in] policy_handle *handle,
511 [out,ref] uint32 *access_mask
515 NTSTATUS lsa_SetSystemAccessAccount(
516 [in] policy_handle *handle,
517 [in] uint32 access_mask
521 NTSTATUS lsa_OpenTrustedDomain(
522 [in] policy_handle *handle,
524 [in] uint32 access_mask,
525 [out] policy_handle *trustdom_handle
528 typedef [flag(NDR_PAHEX)] struct {
531 [size_is(size),length_is(length)] uint8 *data;
534 typedef [flag(NDR_PAHEX)] struct {
535 [range(0,65536)] uint32 size;
536 [size_is(size)] uint8 *data;
540 LSA_TRUSTED_DOMAIN_INFO_NAME = 1,
541 LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS_INFO = 2,
542 LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET = 3,
543 LSA_TRUSTED_DOMAIN_INFO_PASSWORD = 4,
544 LSA_TRUSTED_DOMAIN_INFO_BASIC = 5,
545 LSA_TRUSTED_DOMAIN_INFO_INFO_EX = 6,
546 LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO = 7,
547 LSA_TRUSTED_DOMAIN_INFO_FULL_INFO = 8,
548 LSA_TRUSTED_DOMAIN_INFO_11 = 11,
549 LSA_TRUSTED_DOMAIN_INFO_INFO_ALL = 12
550 } lsa_TrustDomInfoEnum;
553 lsa_StringLarge netbios_name;
554 } lsa_TrustDomainInfoName;
558 } lsa_TrustDomainInfoPosixOffset;
561 lsa_DATA_BUF *password;
562 lsa_DATA_BUF *old_password;
563 } lsa_TrustDomainInfoPassword;
566 lsa_String netbios_name;
568 } lsa_TrustDomainInfoBasic;
571 lsa_StringLarge domain_name;
572 lsa_StringLarge netbios_name;
574 uint32 trust_direction;
576 uint32 trust_attributes;
577 } lsa_TrustDomainInfoInfoEx;
580 NTTIME_hyper last_update_time;
583 } lsa_TrustDomainInfoBuffer;
586 uint32 incoming_count;
587 lsa_TrustDomainInfoBuffer *incoming_current_auth_info;
588 lsa_TrustDomainInfoBuffer *incoming_previous_auth_info;
589 uint32 outgoing_count;
590 lsa_TrustDomainInfoBuffer *outgoing_current_auth_info;
591 lsa_TrustDomainInfoBuffer *outgoing_previous_auth_info;
592 } lsa_TrustDomainInfoAuthInfo;
595 lsa_TrustDomainInfoInfoEx info_ex;
596 lsa_TrustDomainInfoPosixOffset posix_offset;
597 lsa_TrustDomainInfoAuthInfo auth_info;
598 } lsa_TrustDomainInfoFullInfo;
601 lsa_TrustDomainInfoInfoEx info_ex;
603 } lsa_TrustDomainInfo11;
606 lsa_TrustDomainInfoInfoEx info_ex;
608 lsa_TrustDomainInfoPosixOffset posix_offset;
609 lsa_TrustDomainInfoAuthInfo auth_info;
610 } lsa_TrustDomainInfoInfoAll;
612 typedef [switch_type(lsa_TrustDomInfoEnum)] union {
613 [case(LSA_TRUSTED_DOMAIN_INFO_NAME)] lsa_TrustDomainInfoName name;
614 [case(LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET)] lsa_TrustDomainInfoPosixOffset posix_offset;
615 [case(LSA_TRUSTED_DOMAIN_INFO_PASSWORD)] lsa_TrustDomainInfoPassword password;
616 [case(LSA_TRUSTED_DOMAIN_INFO_BASIC)] lsa_TrustDomainInfoBasic info_basic;
617 [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX)] lsa_TrustDomainInfoInfoEx info_ex;
618 [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO)] lsa_TrustDomainInfoAuthInfo auth_info;
619 [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)] lsa_TrustDomainInfoFullInfo full_info;
620 [case(LSA_TRUSTED_DOMAIN_INFO_11)] lsa_TrustDomainInfo11 info11;
621 [case(LSA_TRUSTED_DOMAIN_INFO_INFO_ALL)] lsa_TrustDomainInfoInfoAll info_all;
622 } lsa_TrustedDomainInfo;
625 NTSTATUS lsa_QueryTrustedDomainInfo(
626 [in] policy_handle *trustdom_handle,
627 [in] lsa_TrustDomInfoEnum level,
628 [out,switch_is(level),unique] lsa_TrustedDomainInfo *info
632 NTSTATUS lsa_SetInformationTrustedDomain();
635 [public] NTSTATUS lsa_OpenSecret(
636 [in] policy_handle *handle,
637 [in] lsa_String name,
638 [in] uint32 access_mask,
639 [out] policy_handle *sec_handle
644 [public] NTSTATUS lsa_SetSecret(
645 [in] policy_handle *sec_handle,
646 [in,unique] lsa_DATA_BUF *new_val,
647 [in,unique] lsa_DATA_BUF *old_val
655 [public] NTSTATUS lsa_QuerySecret (
656 [in] policy_handle *sec_handle,
657 [in,out,unique] lsa_DATA_BUF_PTR *new_val,
658 [in,out,unique] NTTIME_hyper *new_mtime,
659 [in,out,unique] lsa_DATA_BUF_PTR *old_val,
660 [in,out,unique] NTTIME_hyper *old_mtime
664 NTSTATUS lsa_LookupPrivValue(
665 [in] policy_handle *handle,
666 [in,ref] lsa_String *name,
667 [out,ref] lsa_LUID *luid
672 NTSTATUS lsa_LookupPrivName (
673 [in] policy_handle *handle,
675 [out,unique] lsa_StringLarge *name
679 /*******************/
681 NTSTATUS lsa_LookupPrivDisplayName (
682 [in] policy_handle *handle,
683 [in,ref] lsa_String *name,
684 [in] uint16 language_id,
685 [in] uint16 language_id_sys,
686 [out,ref] lsa_StringLarge **disp_name,
687 /* see http://www.microsoft.com/globaldev/nlsweb/ for
688 language definitions */
689 [out,ref] uint16 *returned_language_id
693 NTSTATUS lsa_DeleteObject(
694 [in,out] policy_handle *handle
697 /*******************/
699 NTSTATUS lsa_EnumAccountsWithUserRight (
700 [in] policy_handle *handle,
701 [in,unique] lsa_String *name,
702 [out] lsa_SidArray *sids
707 [string,charset(UTF16)] uint16 *name;
708 } lsa_RightAttribute;
711 [range(0,256)] uint32 count;
712 [size_is(count)] lsa_StringLarge *names;
715 NTSTATUS lsa_EnumAccountRights (
716 [in] policy_handle *handle,
717 [in,ref] dom_sid2 *sid,
718 [out,ref] lsa_RightSet *rights
722 /**********************/
724 NTSTATUS lsa_AddAccountRights (
725 [in] policy_handle *handle,
726 [in,ref] dom_sid2 *sid,
727 [in,ref] lsa_RightSet *rights
730 /**********************/
732 NTSTATUS lsa_RemoveAccountRights (
733 [in] policy_handle *handle,
734 [in,ref] dom_sid2 *sid,
735 [in] uint8 remove_all,
736 [in,ref] lsa_RightSet *rights
740 NTSTATUS lsa_QueryTrustedDomainInfoBySid(
741 [in] policy_handle *handle,
742 [in] dom_sid2 *dom_sid,
743 [in] lsa_TrustDomInfoEnum level,
744 [out,switch_is(level),unique] lsa_TrustedDomainInfo *info
748 NTSTATUS lsa_SetTrustedDomainInfo();
750 NTSTATUS lsa_DeleteTrustedDomain(
751 [in] policy_handle *handle,
752 [in] dom_sid2 *dom_sid
756 NTSTATUS lsa_StorePrivateData();
758 NTSTATUS lsa_RetrievePrivateData();
761 /**********************/
763 [public] NTSTATUS lsa_OpenPolicy2 (
764 [in,unique] [string,charset(UTF16)] uint16 *system_name,
765 [in] lsa_ObjectAttribute *attr,
766 [in] lsa_PolicyAccessMask access_mask,
767 [out] policy_handle *handle
770 /**********************/
772 NTSTATUS lsa_GetUserName(
773 [in,unique] [string,charset(UTF16)] uint16 *system_name,
774 [in,out,ref] lsa_String **account_name,
775 [in,out,unique] lsa_String **authority_name
778 /**********************/
781 NTSTATUS lsa_QueryInfoPolicy2(
782 [in] policy_handle *handle,
783 [in] lsa_PolicyInfo level,
784 [out,ref,switch_is(level)] lsa_PolicyInformation **info
788 NTSTATUS lsa_SetInfoPolicy2(
789 [in] policy_handle *handle,
790 [in] lsa_PolicyInfo level,
791 [in,switch_is(level)] lsa_PolicyInformation *info
794 /**********************/
796 NTSTATUS lsa_QueryTrustedDomainInfoByName(
797 [in] policy_handle *handle,
798 [in,ref] lsa_String *trusted_domain,
799 [in] lsa_TrustDomInfoEnum level,
800 [out,ref,switch_is(level)] lsa_TrustedDomainInfo *info
803 /**********************/
805 NTSTATUS lsa_SetTrustedDomainInfoByName(
806 [in] policy_handle *handle,
807 [in] lsa_String trusted_domain,
808 [in] lsa_TrustDomInfoEnum level,
809 [in,unique,switch_is(level)] lsa_TrustedDomainInfo *info
814 /* w2k3 treats max_size as max_domains*82 */
815 const int LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER = 82;
819 [size_is(count)] lsa_TrustDomainInfoInfoEx *domains;
822 NTSTATUS lsa_EnumTrustedDomainsEx (
823 [in] policy_handle *handle,
824 [in,out] uint32 *resume_handle,
825 [out] lsa_DomainListEx *domains,
831 NTSTATUS lsa_CreateTrustedDomainEx();
834 NTSTATUS lsa_CloseTrustedDomainEx(
835 [in,out] policy_handle *handle
840 /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000
843 uint32 enforce_restrictions;
844 hyper service_tkt_lifetime;
845 hyper user_tkt_lifetime;
846 hyper user_tkt_renewaltime;
849 } lsa_DomainInfoKerberos;
853 [size_is(blob_size)] uint8 *efs_blob;
857 LSA_DOMAIN_INFO_POLICY_EFS=2,
858 LSA_DOMAIN_INFO_POLICY_KERBEROS=3
859 } lsa_DomainInfoEnum;
861 typedef [switch_type(uint16)] union {
862 [case(LSA_DOMAIN_INFO_POLICY_EFS)] lsa_DomainInfoEfs efs_info;
863 [case(LSA_DOMAIN_INFO_POLICY_KERBEROS)] lsa_DomainInfoKerberos kerberos_info;
864 } lsa_DomainInformationPolicy;
866 NTSTATUS lsa_QueryDomainInformationPolicy(
867 [in] policy_handle *handle,
869 [out,unique,switch_is(level)] lsa_DomainInformationPolicy *info
873 NTSTATUS lsa_SetDomainInformationPolicy(
874 [in] policy_handle *handle,
876 [in,unique,switch_is(level)] lsa_DomainInformationPolicy *info
879 /**********************/
881 NTSTATUS lsa_OpenTrustedDomainByName(
882 [in] policy_handle *handle,
883 [in] lsa_String name,
884 [in] uint32 access_mask,
885 [out] policy_handle *trustdom_handle
889 NTSTATUS lsa_TestCall();
891 /**********************/
895 lsa_SidType sid_type;
899 } lsa_TranslatedName2;
902 [range(0,1000)] uint32 count;
903 [size_is(count)] lsa_TranslatedName2 *names;
904 } lsa_TransNameArray2;
906 [public] NTSTATUS lsa_LookupSids2(
907 [in] policy_handle *handle,
908 [in,ref] lsa_SidArray *sids,
909 [out,ref] lsa_RefDomainList **domains,
910 [in,out,ref] lsa_TransNameArray2 *names,
912 [in,out,ref] uint32 *count,
913 [in] uint32 unknown1,
917 /**********************/
921 lsa_SidType sid_type;
925 } lsa_TranslatedSid2;
928 [range(0,1000)] uint32 count;
929 [size_is(count)] lsa_TranslatedSid2 *sids;
930 } lsa_TransSidArray2;
932 [public] NTSTATUS lsa_LookupNames2 (
933 [in] policy_handle *handle,
934 [in,range(0,1000)] uint32 num_names,
935 [in,size_is(num_names)] lsa_String names[],
936 [out,ref] lsa_RefDomainList **domains,
937 [in,out,ref] lsa_TransSidArray2 *sids,
938 [in] lsa_LookupNamesLevel level,
939 [in,out,ref] uint32 *count,
940 [in] uint32 unknown1,
945 NTSTATUS lsa_CreateTrustedDomainEx2();
948 NTSTATUS lsa_CREDRWRITE();
951 NTSTATUS lsa_CREDRREAD();
954 NTSTATUS lsa_CREDRENUMERATE();
957 NTSTATUS lsa_CREDRWRITEDOMAINCREDENTIALS();
960 NTSTATUS lsa_CREDRREADDOMAINCREDENTIALS();
963 NTSTATUS lsa_CREDRDELETE();
966 NTSTATUS lsa_CREDRGETTARGETINFO();
969 NTSTATUS lsa_CREDRPROFILELOADED();
971 /**********************/
974 lsa_SidType sid_type;
978 } lsa_TranslatedSid3;
981 [range(0,1000)] uint32 count;
982 [size_is(count)] lsa_TranslatedSid3 *sids;
983 } lsa_TransSidArray3;
985 [public] NTSTATUS lsa_LookupNames3 (
986 [in] policy_handle *handle,
987 [in,range(0,1000)] uint32 num_names,
988 [in,size_is(num_names)] lsa_String names[],
989 [out,ref] lsa_RefDomainList **domains,
990 [in,out,ref] lsa_TransSidArray3 *sids,
991 [in] lsa_LookupNamesLevel level,
992 [in,out,ref] uint32 *count,
993 [in] uint32 unknown1,
998 NTSTATUS lsa_CREDRGETSESSIONTYPES();
1001 NTSTATUS lsa_LSARREGISTERAUDITEVENT();
1004 NTSTATUS lsa_LSARGENAUDITEVENT();
1007 NTSTATUS lsa_LSARUNREGISTERAUDITEVENT();
1011 [range(0,131072)] uint32 length;
1012 [size_is(length)] uint8 *data;
1013 } lsa_ForestTrustBinaryData;
1016 dom_sid2 *domain_sid;
1017 lsa_StringLarge dns_domain_name;
1018 lsa_StringLarge netbios_domain_name;
1019 } lsa_ForestTrustDomainInfo;
1021 typedef [switch_type(uint32)] union {
1022 [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_String top_level_name;
1023 [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex;
1024 [case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info;
1025 [default] lsa_ForestTrustBinaryData data;
1026 } lsa_ForestTrustData;
1028 typedef [v1_enum] enum {
1029 LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0,
1030 LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
1031 LSA_FOREST_TRUST_DOMAIN_INFO = 2,
1032 LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3
1033 } lsa_ForestTrustRecordType;
1037 lsa_ForestTrustRecordType level;
1039 [switch_is(level)] lsa_ForestTrustData forest_trust_data;
1040 } lsa_ForestTrustRecord;
1042 typedef [public] struct {
1043 [range(0,4000)] uint32 count;
1044 [size_is(count)] lsa_ForestTrustRecord **entries;
1045 } lsa_ForestTrustInformation;
1047 NTSTATUS lsa_lsaRQueryForestTrustInformation(
1048 [in] policy_handle *handle,
1049 [in,ref] lsa_String *trusted_domain_name,
1050 [in] uint16 unknown, /* level ? */
1051 [out,ref] lsa_ForestTrustInformation **forest_trust_info
1055 NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION();
1058 NTSTATUS lsa_CREDRRENAME();
1063 [public] NTSTATUS lsa_LookupSids3(
1064 [in,ref] lsa_SidArray *sids,
1065 [out,ref] lsa_RefDomainList **domains,
1066 [in,out,ref] lsa_TransNameArray2 *names,
1068 [in,out,ref] uint32 *count,
1069 [in] uint32 unknown1,
1070 [in] uint32 unknown2
1074 NTSTATUS lsa_LookupNames4(
1075 [in,range(0,1000)] uint32 num_names,
1076 [in,size_is(num_names)] lsa_String names[],
1077 [out,ref] lsa_RefDomainList **domains,
1078 [in,out,ref] lsa_TransSidArray3 *sids,
1079 [in] lsa_LookupNamesLevel level,
1080 [in,out,ref] uint32 *count,
1081 [in] uint32 unknown1,
1082 [in] uint32 unknown2
1086 NTSTATUS lsa_LSAROPENPOLICYSCE();
1089 NTSTATUS lsa_LSARADTREGISTERSECURITYEVENTSOURCE();
1092 NTSTATUS lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE();
1095 NTSTATUS lsa_LSARADTREPORTSECURITYEVENT();