idl: share lsa.idl between s3 and s4.
[ira/wip.git] / librpc / idl / lsa.idl
1 #include "idl_types.h"
2
3 /*
4   lsa interface definition
5 */
6
7 import "misc.idl", "security.idl";
8
9 [ uuid("12345778-1234-abcd-ef00-0123456789ab"),
10   version(0.0),
11   endpoint("ncacn_np:[\\pipe\\lsarpc]","ncacn_np:[\\pipe\\netlogon]","ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:", "ncalrpc:"),
12   pointer_default(unique),
13   helpstring("Local Security Authority")
14 ] interface lsarpc
15 {
16         typedef bitmap security_secinfo security_secinfo;
17         typedef bitmap kerb_EncTypes kerb_EncTypes;
18
19         typedef [public,noejs] struct {
20                 [value(2*strlen_m(string))] uint16 length;
21                 [value(2*strlen_m(string))] uint16 size;
22                 [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
23         } lsa_String;
24
25         typedef [public] struct {
26                 [value(2*strlen_m(string))] uint16 length;
27                 [value(2*strlen_m_term(string))] uint16 size;
28                 [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
29         } lsa_StringLarge;
30
31         typedef [public] struct {
32                 uint32 count;
33                 [size_is(count)] lsa_String *names;
34         } lsa_Strings;
35
36         typedef [public] struct {
37                 [value(strlen_m(string))] uint16 length;
38                 [value(strlen_m(string))] uint16 size;
39                 [charset(DOS),size_is(size),length_is(length)] uint8 *string;
40         } lsa_AsciiString;
41
42         typedef [public] struct {
43                 [value(strlen_m(string))] uint16 length;
44                 [value(strlen_m_term(string))] uint16 size;
45                 [charset(DOS),size_is(size),length_is(length)] uint8 *string;
46         } lsa_AsciiStringLarge;
47
48         typedef [public] struct {
49                 uint16 length;
50                 uint16 size;
51                 [size_is(size/2),length_is(length/2)] uint16 *array;
52         } lsa_BinaryString;
53
54         /******************/
55         /* Function: 0x00 */
56         NTSTATUS lsa_Close (
57                 [in,out]     policy_handle *handle
58                 );
59
60
61         /******************/
62         /* Function: 0x01 */
63         [public] NTSTATUS lsa_Delete (
64                 [in]     policy_handle *handle
65                 );
66
67
68         /******************/
69         /* Function: 0x02 */
70         typedef struct {
71                 uint32 low;
72                 uint32 high;
73         } lsa_LUID;
74
75         typedef struct {
76                 lsa_StringLarge name;
77                 lsa_LUID luid;
78         } lsa_PrivEntry;
79
80         typedef struct {
81                 uint32 count;
82                 [size_is(count)] lsa_PrivEntry *privs;
83         } lsa_PrivArray;
84
85         [public] NTSTATUS lsa_EnumPrivs (
86                 [in]            policy_handle *handle,
87                 [in,out,ref]    uint32 *resume_handle,
88                 [out,ref]       lsa_PrivArray *privs,
89                 [in]            uint32 max_count
90                 );
91
92         /******************/
93         /* Function: 0x03 */
94         NTSTATUS lsa_QuerySecurity (
95                 [in]            policy_handle *handle,
96                 [in]            security_secinfo sec_info,
97                 [out,ref]       sec_desc_buf **sdbuf
98                 );
99
100         /******************/
101         /* Function: 0x04 */
102         NTSTATUS lsa_SetSecObj(
103                 [in]            policy_handle *handle,
104                 [in]            security_secinfo sec_info,
105                 [in,ref]        sec_desc_buf *sdbuf
106                 );
107
108         /******************/
109         /* Function: 0x05 */
110         [todo] NTSTATUS lsa_ChangePassword ();
111
112
113         /******************/
114         /* Function: 0x06 */
115         typedef struct {
116                 uint32  len; /* ignored */
117                 uint16  impersonation_level;
118                 uint8   context_mode;
119                 uint8   effective_only;
120         } lsa_QosInfo;
121
122         typedef struct {
123                 uint32 len; /* ignored */
124                 uint8 *root_dir;
125                 [string,charset(UTF16)] uint16 *object_name;
126                 uint32 attributes;
127                 security_descriptor *sec_desc;
128                 lsa_QosInfo *sec_qos;
129         } lsa_ObjectAttribute;
130
131         typedef [public,bitmap32bit] bitmap {
132                 LSA_POLICY_VIEW_LOCAL_INFORMATION       = 0x00000001,
133                 LSA_POLICY_VIEW_AUDIT_INFORMATION       = 0x00000002,
134                 LSA_POLICY_GET_PRIVATE_INFORMATION      = 0x00000004,
135                 LSA_POLICY_TRUST_ADMIN                  = 0x00000008,
136                 LSA_POLICY_CREATE_ACCOUNT               = 0x00000010,
137                 LSA_POLICY_CREATE_SECRET                = 0x00000020,
138                 LSA_POLICY_CREATE_PRIVILEGE             = 0x00000040,
139                 LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS     = 0x00000080,
140                 LSA_POLICY_SET_AUDIT_REQUIREMENTS       = 0x00000100,
141                 LSA_POLICY_AUDIT_LOG_ADMIN              = 0x00000200,
142                 LSA_POLICY_SERVER_ADMIN                 = 0x00000400,
143                 LSA_POLICY_LOOKUP_NAMES                 = 0x00000800
144         } lsa_PolicyAccessMask;
145
146         /* notice the screwup with the system_name - thats why MS created
147            OpenPolicy2 */
148         [public] NTSTATUS lsa_OpenPolicy (
149                 [in,unique]       uint16 *system_name,
150                 [in]   lsa_ObjectAttribute *attr,
151                 [in]   lsa_PolicyAccessMask access_mask,
152                 [out]  policy_handle *handle
153                 );
154
155
156
157         /******************/
158         /* Function: 0x07 */
159
160         typedef struct {
161                 uint32 percent_full;
162                 uint32 maximum_log_size;
163                 hyper  retention_time;
164                 uint8  shutdown_in_progress;
165                 hyper  time_to_shutdown;
166                 uint32 next_audit_record;
167         } lsa_AuditLogInfo;
168
169         typedef [v1_enum] enum {
170                 LSA_AUDIT_POLICY_NONE=0,
171                 LSA_AUDIT_POLICY_SUCCESS=1,
172                 LSA_AUDIT_POLICY_FAILURE=2,
173                 LSA_AUDIT_POLICY_ALL=(LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE),
174                 LSA_AUDIT_POLICY_CLEAR=4
175         } lsa_PolicyAuditPolicy;
176
177         typedef enum {
178                 LSA_AUDIT_CATEGORY_SYSTEM = 0,
179                 LSA_AUDIT_CATEGORY_LOGON = 1,
180                 LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS = 2,
181                 LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS = 3,
182                 LSA_AUDIT_CATEGORY_PROCCESS_TRACKING = 4,
183                 LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES = 5,
184                 LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT = 6,
185                 LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS = 7,        /* only in win2k/2k3 */
186                 LSA_AUDIT_CATEGORY_ACCOUNT_LOGON = 8                    /* only in win2k/2k3 */
187         } lsa_PolicyAuditEventType;
188
189         typedef struct {
190                 uint32 auditing_mode;
191                 [size_is(count)] lsa_PolicyAuditPolicy *settings;
192                 uint32 count;
193         } lsa_AuditEventsInfo;
194
195         typedef struct {
196                 lsa_StringLarge name;
197                 dom_sid2 *sid;
198         } lsa_DomainInfo;
199
200         typedef struct {
201                 lsa_String name;
202         } lsa_PDAccountInfo;
203
204         typedef [v1_enum] enum {
205                 LSA_ROLE_BACKUP=2,
206                 LSA_ROLE_PRIMARY=3
207         } lsa_Role;
208
209         typedef struct {
210                 lsa_Role role;
211         } lsa_ServerRole;
212
213         typedef struct {
214                 lsa_String source;
215                 lsa_String account;
216         } lsa_ReplicaSourceInfo;
217
218         typedef struct {
219                 uint32 paged_pool;
220                 uint32 non_paged_pool;
221                 uint32 min_wss;
222                 uint32 max_wss;
223                 uint32 pagefile;
224                 hyper unknown;
225         } lsa_DefaultQuotaInfo;
226
227         typedef struct {
228                 hyper modified_id;
229                 NTTIME_hyper db_create_time;
230         } lsa_ModificationInfo;
231
232         typedef struct {
233                 uint8 shutdown_on_full;
234         } lsa_AuditFullSetInfo;
235
236         typedef struct {
237                 uint8 shutdown_on_full;
238                 uint8 log_is_full;
239         } lsa_AuditFullQueryInfo;
240
241         typedef struct {
242                 /* it's important that we use the lsa_StringLarge here,
243                  * because otherwise windows clients result with such dns hostnames
244                  * e.g. w2k3-client.samba4.samba.orgsamba4.samba.org
245                  * where it should be
246                  *      w2k3-client.samba4.samba.org
247                  */
248                 lsa_StringLarge name;
249                 lsa_StringLarge dns_domain;
250                 lsa_StringLarge dns_forest;
251                 GUID domain_guid;
252                 dom_sid2 *sid;
253         } lsa_DnsDomainInfo;
254
255         typedef enum {
256                 LSA_POLICY_INFO_AUDIT_LOG=1,
257                 LSA_POLICY_INFO_AUDIT_EVENTS=2,
258                 LSA_POLICY_INFO_DOMAIN=3,
259                 LSA_POLICY_INFO_PD=4,
260                 LSA_POLICY_INFO_ACCOUNT_DOMAIN=5,
261                 LSA_POLICY_INFO_ROLE=6,
262                 LSA_POLICY_INFO_REPLICA=7,
263                 LSA_POLICY_INFO_QUOTA=8,
264                 LSA_POLICY_INFO_MOD=9,
265                 LSA_POLICY_INFO_AUDIT_FULL_SET=10,
266                 LSA_POLICY_INFO_AUDIT_FULL_QUERY=11,
267                 LSA_POLICY_INFO_DNS=12,
268                 LSA_POLICY_INFO_DNS_INT=13,
269                 LSA_POLICY_INFO_L_ACCOUNT_DOMAIN=14
270         } lsa_PolicyInfo;
271
272         typedef [switch_type(uint16)] union {
273                 [case(LSA_POLICY_INFO_AUDIT_LOG)]        lsa_AuditLogInfo       audit_log;
274                 [case(LSA_POLICY_INFO_AUDIT_EVENTS)]     lsa_AuditEventsInfo    audit_events;
275                 [case(LSA_POLICY_INFO_DOMAIN)]           lsa_DomainInfo         domain;
276                 [case(LSA_POLICY_INFO_PD)]               lsa_PDAccountInfo      pd;
277                 [case(LSA_POLICY_INFO_ACCOUNT_DOMAIN)]   lsa_DomainInfo         account_domain;
278                 [case(LSA_POLICY_INFO_ROLE)]             lsa_ServerRole         role;
279                 [case(LSA_POLICY_INFO_REPLICA)]          lsa_ReplicaSourceInfo  replica;
280                 [case(LSA_POLICY_INFO_QUOTA)]            lsa_DefaultQuotaInfo   quota;
281                 [case(LSA_POLICY_INFO_MOD)]              lsa_ModificationInfo   mod;
282                 [case(LSA_POLICY_INFO_AUDIT_FULL_SET)]   lsa_AuditFullSetInfo   auditfullset;
283                 [case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery;
284                 [case(LSA_POLICY_INFO_DNS)]              lsa_DnsDomainInfo      dns;
285                 [case(LSA_POLICY_INFO_DNS_INT)]          lsa_DnsDomainInfo      dns;
286                 [case(LSA_POLICY_INFO_L_ACCOUNT_DOMAIN)] lsa_DomainInfo         l_account_domain;
287         } lsa_PolicyInformation;
288
289         NTSTATUS lsa_QueryInfoPolicy(
290                 [in]                            policy_handle *handle,
291                 [in]                            lsa_PolicyInfo level,
292                 [out,ref,switch_is(level)]      lsa_PolicyInformation **info
293                 );
294
295         /******************/
296         /* Function:       0x08 */
297         NTSTATUS lsa_SetInfoPolicy (
298                 [in]                            policy_handle *handle,
299                 [in]                            lsa_PolicyInfo level,
300                 [in,switch_is(level)]           lsa_PolicyInformation *info
301                 );
302
303         /******************/
304         /* Function:       0x09 */
305         [todo] NTSTATUS lsa_ClearAuditLog ();
306
307         /******************/
308         /* Function: 0x0a */
309         [public] NTSTATUS lsa_CreateAccount (
310                 [in]    policy_handle *handle,
311                 [in,ref] dom_sid2 *sid,
312                 [in]    uint32 access_mask,
313                 [out]   policy_handle *acct_handle
314                 );
315
316         /******************/
317         /* NOTE: This only returns accounts that have at least
318            one privilege set
319         */
320         /* Function: 0x0b */
321         typedef struct {
322                 dom_sid2 *sid;
323         } lsa_SidPtr;
324
325         typedef [public] struct {
326                 [range(0,1000)] uint32 num_sids;
327                 [size_is(num_sids)] lsa_SidPtr *sids;
328         } lsa_SidArray;
329
330         [public] NTSTATUS lsa_EnumAccounts(
331                 [in]         policy_handle *handle,
332                 [in,out,ref] uint32 *resume_handle,
333                 [out,ref]    lsa_SidArray *sids,
334                 [in,range(0,8192)] uint32 num_entries
335                 );
336
337         /*************************************************/
338         /* Function: 0x0c                                */
339
340         [public] NTSTATUS lsa_CreateTrustedDomain(
341                 [in]         policy_handle *policy_handle,
342                 [in]         lsa_DomainInfo *info,
343                 [in]         uint32 access_mask,
344                 [out]        policy_handle *trustdom_handle
345                 );
346
347
348         /******************/
349         /* Function: 0x0d */
350
351         /* w2k3 treats max_size as max_domains*60       */
352         const int LSA_ENUM_TRUST_DOMAIN_MULTIPLIER = 60;
353
354         typedef struct {
355                 uint32 count;
356                 [size_is(count)] lsa_DomainInfo *domains;
357         } lsa_DomainList;
358
359         NTSTATUS lsa_EnumTrustDom(
360                 [in]               policy_handle *handle,
361                 [in,out,ref]       uint32 *resume_handle,
362                 [out,ref]          lsa_DomainList *domains,
363                 [in]               uint32 max_size
364                 );
365
366
367         /******************/
368         /* Function: 0x0e */
369         typedef [public] enum {
370                 SID_NAME_USE_NONE = 0,/* NOTUSED */
371                 SID_NAME_USER     = 1, /* user */
372                 SID_NAME_DOM_GRP  = 2, /* domain group */
373                 SID_NAME_DOMAIN   = 3, /* domain: don't know what this is */
374                 SID_NAME_ALIAS    = 4, /* local group */
375                 SID_NAME_WKN_GRP  = 5, /* well-known group */
376                 SID_NAME_DELETED  = 6, /* deleted account: needed for c2 rating */
377                 SID_NAME_INVALID  = 7, /* invalid account */
378                 SID_NAME_UNKNOWN  = 8, /* oops. */
379                 SID_NAME_COMPUTER = 9  /* machine */
380         } lsa_SidType;
381
382         typedef struct {
383                 lsa_SidType sid_type;
384                 uint32 rid;
385                 uint32 sid_index;
386         } lsa_TranslatedSid;
387
388         typedef struct {
389                 [range(0,1000)] uint32 count;
390                 [size_is(count)] lsa_TranslatedSid *sids;
391         } lsa_TransSidArray;
392
393         const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32;
394         typedef struct {
395                 [range(0,1000)] uint32 count;
396                 [size_is(count)] lsa_DomainInfo *domains;
397                 uint32 max_size;
398         } lsa_RefDomainList;
399
400         /* Level 1: Ask everywhere
401          * Level 2: Ask domain and trusted domains, no builtin and wkn
402          * Level 3: Only ask domain
403          * Level 4: W2k3ad: Only ask AD trusts
404          * Level 5: Only ask transitive forest trusts
405          * Level 6: Like 4
406          */
407
408         typedef enum {
409                 LSA_LOOKUP_NAMES_ALL = 1,
410                 LSA_LOOKUP_NAMES_DOMAINS_ONLY = 2,
411                 LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3,
412                 LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY = 4,
413                 LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY = 5,
414                 LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6,
415                 LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC = 7
416         } lsa_LookupNamesLevel;
417
418         [public] NTSTATUS lsa_LookupNames (
419                 [in]         policy_handle *handle,
420                 [in,range(0,1000)] uint32 num_names,
421                 [in,size_is(num_names)]  lsa_String names[],
422                 [out,ref]    lsa_RefDomainList **domains,
423                 [in,out,ref] lsa_TransSidArray *sids,
424                 [in]         lsa_LookupNamesLevel level,
425                 [in,out,ref] uint32 *count
426                 );
427
428
429         /******************/
430         /* Function: 0x0f */
431
432         typedef struct {
433                 lsa_SidType sid_type;
434                 lsa_String name;
435                 uint32 sid_index;
436         } lsa_TranslatedName;
437
438         typedef struct {
439                 [range(0,1000)] uint32 count;
440                 [size_is(count)] lsa_TranslatedName *names;
441         } lsa_TransNameArray;
442
443         [public] NTSTATUS lsa_LookupSids(
444                 [in]         policy_handle *handle,
445                 [in,ref]     lsa_SidArray *sids,
446                 [out,ref]    lsa_RefDomainList **domains,
447                 [in,out,ref] lsa_TransNameArray *names,
448                 [in]         uint16 level,
449                 [in,out,ref] uint32 *count
450                 );
451
452
453         /* Function:        0x10 */
454         [public] NTSTATUS lsa_CreateSecret(
455                 [in]         policy_handle *handle,
456                 [in]         lsa_String       name,
457                 [in]         uint32         access_mask,
458                 [out]        policy_handle *sec_handle
459                 );
460
461
462         /*****************************************/
463         /* Function:     0x11                    */
464         NTSTATUS lsa_OpenAccount(
465                 [in]         policy_handle *handle,
466                 [in,ref]     dom_sid2 *sid,
467                 [in]         uint32 access_mask,
468                 [out]        policy_handle *acct_handle
469                 );
470
471
472         /****************************************/
473         /* Function:    0x12                    */
474
475         typedef struct {
476                 lsa_LUID luid;
477                 uint32 attribute;
478         } lsa_LUIDAttribute;
479
480         typedef struct {
481                 [range(0,1000)] uint32 count;
482                 uint32 unknown;
483                 [size_is(count)] lsa_LUIDAttribute set[*];
484         } lsa_PrivilegeSet;
485
486         NTSTATUS lsa_EnumPrivsAccount(
487                 [in]         policy_handle *handle,
488                 [out,ref] lsa_PrivilegeSet **privs
489                 );
490
491
492         /****************************************/
493         /* Function:            0x13 */
494         NTSTATUS lsa_AddPrivilegesToAccount(
495                 [in]         policy_handle *handle,
496                 [in,ref]     lsa_PrivilegeSet *privs
497                 );
498
499
500         /****************************************/
501         /* Function:         0x14 */
502         NTSTATUS lsa_RemovePrivilegesFromAccount(
503                 [in]         policy_handle *handle,
504                 [in]         uint8 remove_all,
505                 [in,unique]  lsa_PrivilegeSet *privs
506                 );
507
508         /* Function:           0x15 */
509         [todo] NTSTATUS lsa_GetQuotasForAccount();
510
511         /* Function:           0x16 */
512         [todo] NTSTATUS lsa_SetQuotasForAccount();
513
514         typedef [bitmap32bit] bitmap {
515                 LSA_POLICY_MODE_INTERACTIVE             = 0x00000001,
516                 LSA_POLICY_MODE_NETWORK                 = 0x00000002,
517                 LSA_POLICY_MODE_BATCH                   = 0x00000004,
518                 LSA_POLICY_MODE_SERVICE                 = 0x00000010,
519                 LSA_POLICY_MODE_PROXY                   = 0x00000020,
520                 LSA_POLICY_MODE_DENY_INTERACTIVE        = 0x00000040,
521                 LSA_POLICY_MODE_DENY_NETWORK            = 0x00000080,
522                 LSA_POLICY_MODE_DENY_BATCH              = 0x00000100,
523                 LSA_POLICY_MODE_DENY_SERVICE            = 0x00000200,
524                 LSA_POLICY_MODE_REMOTE_INTERACTIVE      = 0x00000400,
525                 LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE = 0x00000800,
526                 LSA_POLICY_MODE_ALL                     = 0x00000FF7,
527                 LSA_POLICY_MODE_ALL_NT4                 = 0x00000037
528         } lsa_SystemAccessModeFlags;
529
530         /* Function:    0x17 */
531         NTSTATUS lsa_GetSystemAccessAccount(
532                 [in]      policy_handle *handle,
533                 [out,ref] uint32 *access_mask
534                 );
535
536         /* Function:    0x18 */
537         NTSTATUS lsa_SetSystemAccessAccount(
538                 [in] policy_handle *handle,
539                 [in] uint32 access_mask
540                 );
541
542         /* Function:        0x19 */
543         NTSTATUS lsa_OpenTrustedDomain(
544                 [in]     policy_handle *handle,
545                 [in]     dom_sid2      *sid,
546                 [in]     uint32         access_mask,
547                 [out]    policy_handle *trustdom_handle
548                 );
549
550         typedef [flag(NDR_PAHEX)] struct {
551                 uint32 length;
552                 uint32 size;
553                 [size_is(size),length_is(length)] uint8 *data;
554         } lsa_DATA_BUF;
555
556         typedef [flag(NDR_PAHEX)] struct {
557                 [range(0,65536)] uint32 size;
558                 [size_is(size)] uint8 *data;
559         } lsa_DATA_BUF2;
560
561         typedef enum {
562                 LSA_TRUSTED_DOMAIN_INFO_NAME                  = 1,
563                 LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS           = 2,
564                 LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET          = 3,
565                 LSA_TRUSTED_DOMAIN_INFO_PASSWORD              = 4,
566                 LSA_TRUSTED_DOMAIN_INFO_BASIC                 = 5,
567                 LSA_TRUSTED_DOMAIN_INFO_INFO_EX               = 6,
568                 LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO             = 7,
569                 LSA_TRUSTED_DOMAIN_INFO_FULL_INFO             = 8,
570                 LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL    = 9,
571                 LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL    = 10,
572                 LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL     = 11,
573                 LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL  = 12,
574                 LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES = 13
575         } lsa_TrustDomInfoEnum;
576
577         typedef [public,bitmap32bit] bitmap {
578                 LSA_TRUST_DIRECTION_INBOUND  = 0x00000001,
579                 LSA_TRUST_DIRECTION_OUTBOUND = 0x00000002
580         } lsa_TrustDirection;
581
582         typedef [v1_enum] enum {
583                 LSA_TRUST_TYPE_DOWNLEVEL  = 0x00000001,
584                 LSA_TRUST_TYPE_UPLEVEL    = 0x00000002,
585                 LSA_TRUST_TYPE_MIT        = 0x00000003
586         } lsa_TrustType;
587
588         typedef [public,bitmap32bit] bitmap {
589                 LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE      = 0x00000001,
590                 LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY        = 0x00000002,
591                 LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN  = 0x00000004,
592                 LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE   = 0x00000008,
593                 LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION  = 0x00000010,
594                 LSA_TRUST_ATTRIBUTE_WITHIN_FOREST       = 0x00000020,
595                 LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL   = 0x00000040,
596                 LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION = 0x00000080
597         } lsa_TrustAttributes;
598
599         typedef struct {
600                 lsa_StringLarge  netbios_name;
601         } lsa_TrustDomainInfoName;
602
603
604         typedef struct {
605                 uint32 entries;
606                 [size_is(entries)] lsa_StringLarge  *netbios_names;
607         } lsa_TrustDomainInfoControllers;
608
609         typedef struct {
610                 uint32         posix_offset;
611         } lsa_TrustDomainInfoPosixOffset;
612
613         typedef struct {
614                 lsa_DATA_BUF  *password;
615                 lsa_DATA_BUF  *old_password;
616         } lsa_TrustDomainInfoPassword;
617
618         typedef struct {
619                 lsa_String     netbios_name;
620                 dom_sid2      *sid;
621         } lsa_TrustDomainInfoBasic;
622
623         typedef struct {
624                 lsa_StringLarge     domain_name;
625                 lsa_StringLarge     netbios_name;
626                 dom_sid2           *sid;
627                 lsa_TrustDirection  trust_direction;
628                 lsa_TrustType       trust_type;
629                 lsa_TrustAttributes trust_attributes;
630         } lsa_TrustDomainInfoInfoEx;
631
632         typedef [public,v1_enum] enum {
633                 TRUST_AUTH_TYPE_NONE = 0,
634                 TRUST_AUTH_TYPE_NT4OWF = 1,
635                 TRUST_AUTH_TYPE_CLEAR = 2,
636                 TRUST_AUTH_TYPE_VERSION = 3
637         } lsa_TrustAuthType;
638
639         typedef struct {
640                 NTTIME_hyper   last_update_time;
641                 lsa_TrustAuthType AuthType;
642                 lsa_DATA_BUF2  data;
643         } lsa_TrustDomainInfoBuffer;
644
645         typedef struct {
646                 uint32 incoming_count;
647                 lsa_TrustDomainInfoBuffer *incoming_current_auth_info;
648                 lsa_TrustDomainInfoBuffer *incoming_previous_auth_info;
649                 uint32 outgoing_count;
650                 lsa_TrustDomainInfoBuffer *outgoing_current_auth_info;
651                 lsa_TrustDomainInfoBuffer *outgoing_previous_auth_info;
652         } lsa_TrustDomainInfoAuthInfo;
653
654         typedef struct {
655                 lsa_TrustDomainInfoInfoEx      info_ex;
656                 lsa_TrustDomainInfoPosixOffset posix_offset;
657                 lsa_TrustDomainInfoAuthInfo    auth_info;
658         } lsa_TrustDomainInfoFullInfo;
659
660         typedef struct {
661                 lsa_DATA_BUF2                          auth_blob;
662         } lsa_TrustDomainInfoAuthInfoInternal;
663
664         typedef struct {
665                 lsa_TrustDomainInfoInfoEx              info_ex;
666                 lsa_TrustDomainInfoPosixOffset         posix_offset;
667                 lsa_TrustDomainInfoAuthInfoInternal    auth_info;
668         } lsa_TrustDomainInfoFullInfoInternal;
669
670         typedef struct {
671                 lsa_TrustDomainInfoInfoEx      info_ex;
672                 uint32 forest_trust_length;
673                 [size_is(forest_trust_length)] uint8 *forest_trust_data;
674         } lsa_TrustDomainInfoInfoEx2Internal;
675
676         typedef struct {
677                 lsa_TrustDomainInfoInfoEx2Internal     info;
678                 lsa_TrustDomainInfoPosixOffset posix_offset;
679                 lsa_TrustDomainInfoAuthInfo    auth_info;
680         } lsa_TrustDomainInfoFullInfo2Internal;
681
682         typedef struct {
683                 kerb_EncTypes enc_types;
684         } lsa_TrustDomainInfoSupportedEncTypes;
685
686         typedef [switch_type(lsa_TrustDomInfoEnum)] union {
687                 [case(LSA_TRUSTED_DOMAIN_INFO_NAME)]
688                         lsa_TrustDomainInfoName              name;
689                 [case(LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS)]
690                         lsa_TrustDomainInfoControllers   controllers;
691                 [case(LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET)]
692                         lsa_TrustDomainInfoPosixOffset       posix_offset;
693                 [case(LSA_TRUSTED_DOMAIN_INFO_PASSWORD)]
694                         lsa_TrustDomainInfoPassword          password;
695                 [case(LSA_TRUSTED_DOMAIN_INFO_BASIC)]
696                         lsa_TrustDomainInfoBasic             info_basic;
697                 [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX)]
698                         lsa_TrustDomainInfoInfoEx            info_ex;
699                 [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO)]
700                         lsa_TrustDomainInfoAuthInfo          auth_info;
701                 [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)]
702                         lsa_TrustDomainInfoFullInfo          full_info;
703                 [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL)]
704                         lsa_TrustDomainInfoAuthInfoInternal  auth_info_internal;
705                 [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL)]
706                         lsa_TrustDomainInfoFullInfoInternal  full_info_internal;
707                 [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL)]
708                         lsa_TrustDomainInfoInfoEx2Internal   info_ex2_internal;
709                 [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL)]
710                         lsa_TrustDomainInfoFullInfo2Internal     full_info2_internal;
711                 [case(LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES)]
712                         lsa_TrustDomainInfoSupportedEncTypes enc_types;
713         } lsa_TrustedDomainInfo;
714
715         /* Function:       0x1a */
716         NTSTATUS lsa_QueryTrustedDomainInfo(
717                 [in]     policy_handle                   *trustdom_handle,
718                 [in]     lsa_TrustDomInfoEnum             level,
719                 [out,switch_is(level),ref] lsa_TrustedDomainInfo **info
720                 );
721
722         /* Function:     0x1b */
723         NTSTATUS lsa_SetInformationTrustedDomain(
724                 [in]                  policy_handle         *trustdom_handle,
725                 [in]                  lsa_TrustDomInfoEnum   level,
726                 [in,switch_is(level)] lsa_TrustedDomainInfo *info
727                 );
728
729         /* Function:          0x1c */
730         [public] NTSTATUS lsa_OpenSecret(
731                 [in]     policy_handle    *handle,
732                 [in]         lsa_String        name,
733                 [in]         uint32            access_mask,
734                 [out]    policy_handle    *sec_handle
735                 );
736
737         /* Function:           0x1d */
738
739         [public] NTSTATUS lsa_SetSecret(
740                 [in]     policy_handle    *sec_handle,
741                 [in,unique]         lsa_DATA_BUF     *new_val,
742                 [in,unique]         lsa_DATA_BUF     *old_val
743                 );
744
745         typedef struct {
746                 lsa_DATA_BUF *buf;
747         } lsa_DATA_BUF_PTR;
748
749         /* Function:         0x1e */
750         [public] NTSTATUS lsa_QuerySecret (
751                 [in]     policy_handle     *sec_handle,
752                 [in,out,unique]     lsa_DATA_BUF_PTR  *new_val,
753                 [in,out,unique]     NTTIME_hyper      *new_mtime,
754                 [in,out,unique]     lsa_DATA_BUF_PTR  *old_val,
755                 [in,out,unique]     NTTIME_hyper      *old_mtime
756                 );
757
758         /* Function:     0x1f */
759         NTSTATUS lsa_LookupPrivValue(
760                 [in]     policy_handle *handle,
761                 [in,ref] lsa_String *name,
762                 [out,ref] lsa_LUID *luid
763                 );
764
765
766         /* Function:      0x20 */
767         NTSTATUS lsa_LookupPrivName(
768                 [in]     policy_handle *handle,
769                 [in,ref] lsa_LUID *luid,
770                 [out,ref] lsa_StringLarge **name
771                 );
772
773
774         /*******************/
775         /* Function:  0x21 */
776         NTSTATUS lsa_LookupPrivDisplayName(
777                 [in] policy_handle *handle,
778                 [in,ref] lsa_String *name,
779                 [in] uint16 language_id,
780                 [in] uint16 language_id_sys,
781                 [out,ref] lsa_StringLarge **disp_name,
782                 /* see http://www.microsoft.com/globaldev/nlsweb/ for
783                    language definitions */
784                 [out,ref] uint16 *returned_language_id
785                 );
786
787         /*******************/
788         /* Function:  0x22 */
789         NTSTATUS lsa_DeleteObject (
790                 [in,out]     policy_handle *handle
791                 );
792
793         /*******************/
794         /* Function:      0x23 */
795         NTSTATUS lsa_EnumAccountsWithUserRight (
796                 [in]     policy_handle *handle,
797                 [in,unique]         lsa_String *name,
798                 [out]    lsa_SidArray *sids
799                 );
800
801         /* Function:      0x24 */
802         typedef struct {
803                 [string,charset(UTF16)] uint16 *name;
804         } lsa_RightAttribute;
805
806         typedef struct {
807                 [range(0,256)] uint32 count;
808                 [size_is(count)] lsa_StringLarge *names;
809         } lsa_RightSet;
810
811         NTSTATUS lsa_EnumAccountRights (
812                 [in]     policy_handle *handle,
813                 [in,ref] dom_sid2 *sid,
814                 [out,ref] lsa_RightSet *rights
815                 );
816
817
818         /**********************/
819         /* Function:       0x25 */
820         NTSTATUS lsa_AddAccountRights (
821                 [in]     policy_handle *handle,
822                 [in,ref] dom_sid2 *sid,
823                 [in,ref] lsa_RightSet *rights
824                 );
825
826         /**********************/
827         /* Function:       0x26 */
828         NTSTATUS lsa_RemoveAccountRights (
829                 [in]     policy_handle *handle,
830                 [in,ref] dom_sid2 *sid,
831                 [in]     uint8 remove_all,
832                 [in,ref] lsa_RightSet *rights
833                 );
834
835         /* Function:   0x27 */
836         NTSTATUS lsa_QueryTrustedDomainInfoBySid(
837                 [in]               policy_handle         *handle,
838                 [in,ref]           dom_sid2              *dom_sid,
839                 [in]               lsa_TrustDomInfoEnum  level,
840                 [out,switch_is(level),ref] lsa_TrustedDomainInfo **info
841         );
842
843         /* Function:     0x28 */
844         NTSTATUS lsa_SetTrustedDomainInfo(
845                 [in]               policy_handle         *handle,
846                 [in]               dom_sid2              *dom_sid,
847                 [in]               lsa_TrustDomInfoEnum  level,
848                 [in,switch_is(level)] lsa_TrustedDomainInfo *info
849         );
850
851         /* Function:      0x29 */
852         NTSTATUS lsa_DeleteTrustedDomain(
853                 [in]               policy_handle         *handle,
854                 [in]               dom_sid2              *dom_sid
855         );
856
857         /* Function:       0x2a */
858         [todo] NTSTATUS lsa_StorePrivateData();
859         /* Function:        0x2b */
860         [todo] NTSTATUS lsa_RetrievePrivateData();
861
862
863         /**********************/
864         /* Function:     0x2c */
865         [public] NTSTATUS lsa_OpenPolicy2 (
866                 [in,unique]      [string,charset(UTF16)] uint16 *system_name,
867                 [in]  lsa_ObjectAttribute *attr,
868                 [in]  lsa_PolicyAccessMask access_mask,
869                 [out] policy_handle *handle
870                 );
871
872         /**********************/
873         /* Function:     0x2d */
874         NTSTATUS lsa_GetUserName(
875                 [in,unique] [string,charset(UTF16)] uint16 *system_name,
876                 [in,out,ref] lsa_String **account_name,
877                 [in,out,unique] lsa_String **authority_name
878                 );
879
880         /**********************/
881         /* Function:          0x2e */
882
883         NTSTATUS lsa_QueryInfoPolicy2(
884                 [in]                         policy_handle *handle,
885                 [in]                         lsa_PolicyInfo level,
886                 [out,ref,switch_is(level)]   lsa_PolicyInformation **info
887                 );
888
889         /* Function 0x2f */
890         NTSTATUS lsa_SetInfoPolicy2(
891                 [in]                            policy_handle *handle,
892                 [in]                            lsa_PolicyInfo level,
893                 [in,switch_is(level)]           lsa_PolicyInformation *info
894                 );
895
896         /**********************/
897         /* Function 0x30 */
898         NTSTATUS lsa_QueryTrustedDomainInfoByName(
899                 [in]                   policy_handle          *handle,
900                 [in,ref]               lsa_String             *trusted_domain,
901                 [in]                   lsa_TrustDomInfoEnum   level,
902                 [out,ref,switch_is(level)] lsa_TrustedDomainInfo **info
903                 );
904
905         /**********************/
906         /* Function 0x31 */
907         NTSTATUS lsa_SetTrustedDomainInfoByName(
908                 [in]                   policy_handle         *handle,
909                 [in]                   lsa_String             trusted_domain,
910                 [in]                   lsa_TrustDomInfoEnum   level,
911                 [in,unique,switch_is(level)] lsa_TrustedDomainInfo *info
912                 );
913
914         /* Function 0x32 */
915
916         /* w2k3 treats max_size as max_domains*82       */
917         const int LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER = 82;
918
919         typedef struct {
920                 uint32 count;
921                 [size_is(count)] lsa_TrustDomainInfoInfoEx *domains;
922         } lsa_DomainListEx;
923
924         NTSTATUS lsa_EnumTrustedDomainsEx (
925                 [in]               policy_handle *handle,
926                 [in,out]           uint32 *resume_handle,
927                 [out]              lsa_DomainListEx *domains,
928                 [in]               uint32 max_size
929                 );
930
931         /* Function 0x33 */
932         NTSTATUS lsa_CreateTrustedDomainEx(
933                 [in]  policy_handle               *policy_handle,
934                 [in]  lsa_TrustDomainInfoInfoEx   *info,
935                 [in]  lsa_TrustDomainInfoAuthInfoInternal *auth_info,
936                 [in]  uint32 access_mask,
937                 [out] policy_handle               *trustdom_handle
938                 );
939
940
941         /* Function 0x34 */
942         NTSTATUS lsa_CloseTrustedDomainEx(
943                 [in,out]                   policy_handle         *handle
944         );
945
946         /* Function 0x35 */
947
948         /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000
949            for unknown6 - gd */
950         typedef struct {
951                 uint32 enforce_restrictions;
952                 hyper service_tkt_lifetime;
953                 hyper user_tkt_lifetime;
954                 hyper user_tkt_renewaltime;
955                 hyper clock_skew;
956                 hyper unknown6;
957         } lsa_DomainInfoKerberos;
958
959         typedef struct {
960                 uint32 blob_size;
961                 [size_is(blob_size)] uint8 *efs_blob;
962         } lsa_DomainInfoEfs;
963
964         typedef enum {
965                 LSA_DOMAIN_INFO_POLICY_EFS=2,
966                 LSA_DOMAIN_INFO_POLICY_KERBEROS=3
967         } lsa_DomainInfoEnum;
968
969         typedef [switch_type(uint16)] union {
970                 [case(LSA_DOMAIN_INFO_POLICY_EFS)]      lsa_DomainInfoEfs       efs_info;
971                 [case(LSA_DOMAIN_INFO_POLICY_KERBEROS)] lsa_DomainInfoKerberos  kerberos_info;
972         } lsa_DomainInformationPolicy;
973
974         NTSTATUS lsa_QueryDomainInformationPolicy(
975                 [in]            policy_handle *handle,
976                 [in]            uint16 level,
977                 [out,ref,switch_is(level)]      lsa_DomainInformationPolicy **info
978                 );
979
980         /* Function 0x36 */
981         NTSTATUS lsa_SetDomainInformationPolicy(
982                 [in]            policy_handle *handle,
983                 [in]                    uint16 level,
984                 [in,unique,switch_is(level)]    lsa_DomainInformationPolicy *info
985                 );
986
987         /**********************/
988         /* Function 0x37 */
989         NTSTATUS lsa_OpenTrustedDomainByName(
990                 [in]     policy_handle *handle,
991                 [in]         lsa_String     name,
992                 [in]         uint32         access_mask,
993                 [out]    policy_handle *trustdom_handle
994                 );
995
996         /* Function 0x38 */
997         [todo] NTSTATUS lsa_TestCall();
998
999         /**********************/
1000         /* Function 0x39 */
1001
1002         typedef struct {
1003                 lsa_SidType sid_type;
1004                 lsa_String name;
1005                 uint32 sid_index;
1006                 uint32 unknown;
1007         } lsa_TranslatedName2;
1008
1009         typedef struct {
1010                 [range(0,1000)] uint32 count;
1011                 [size_is(count)] lsa_TranslatedName2 *names;
1012         } lsa_TransNameArray2;
1013
1014         [public] NTSTATUS lsa_LookupSids2(
1015                 [in]     policy_handle *handle,
1016                 [in,ref] lsa_SidArray *sids,
1017                 [out,ref]    lsa_RefDomainList **domains,
1018                 [in,out,ref] lsa_TransNameArray2 *names,
1019                 [in]         uint16 level,
1020                 [in,out,ref] uint32 *count,
1021                 [in]         uint32 unknown1,
1022                 [in]         uint32 unknown2
1023                 );
1024
1025         /**********************/
1026         /* Function 0x3a */
1027
1028         typedef struct {
1029                 lsa_SidType sid_type;
1030                 uint32 rid;
1031                 uint32 sid_index;
1032                 uint32 unknown;
1033         } lsa_TranslatedSid2;
1034
1035         typedef struct {
1036                 [range(0,1000)] uint32 count;
1037                 [size_is(count)] lsa_TranslatedSid2 *sids;
1038         } lsa_TransSidArray2;
1039
1040         [public] NTSTATUS lsa_LookupNames2 (
1041                 [in]     policy_handle *handle,
1042                 [in,range(0,1000)] uint32 num_names,
1043                 [in,size_is(num_names)]  lsa_String names[],
1044                 [out,ref]    lsa_RefDomainList **domains,
1045                 [in,out,ref] lsa_TransSidArray2 *sids,
1046                 [in]         lsa_LookupNamesLevel level,
1047                 [in,out,ref] uint32 *count,
1048                 [in]         uint32 lookup_options,
1049                 [in]         uint32 client_revision /* LSA_CLIENT_REVISION* */
1050                 );
1051
1052         /* Function 0x3b */
1053         NTSTATUS lsa_CreateTrustedDomainEx2(
1054                 [in]  policy_handle               *policy_handle,
1055                 [in]  lsa_TrustDomainInfoInfoEx   *info,
1056                 [in]  lsa_TrustDomainInfoAuthInfoInternal *auth_info,
1057                 [in]  uint32                       access_mask,
1058                 [out] policy_handle               *trustdom_handle
1059                 );
1060
1061         /* Function 0x3c */
1062         [todo] NTSTATUS lsa_CREDRWRITE();
1063
1064         /* Function 0x3d */
1065         [todo] NTSTATUS lsa_CREDRREAD();
1066
1067         /* Function 0x3e */
1068         [todo] NTSTATUS lsa_CREDRENUMERATE();
1069
1070         /* Function 0x3f */
1071         [todo] NTSTATUS lsa_CREDRWRITEDOMAINCREDENTIALS();
1072
1073         /* Function 0x40 */
1074         [todo] NTSTATUS lsa_CREDRREADDOMAINCREDENTIALS();
1075
1076         /* Function 0x41 */
1077         [todo] NTSTATUS lsa_CREDRDELETE();
1078
1079         /* Function 0x42 */
1080         [todo] NTSTATUS lsa_CREDRGETTARGETINFO();
1081
1082         /* Function 0x43 */
1083         [todo] NTSTATUS lsa_CREDRPROFILELOADED();
1084
1085         /**********************/
1086         /* Function 0x44 */
1087         typedef struct {
1088                 lsa_SidType sid_type;
1089                 dom_sid2 *sid;
1090                 uint32 sid_index;
1091                 uint32 flags;
1092         } lsa_TranslatedSid3;
1093
1094         typedef struct {
1095                 [range(0,1000)] uint32 count;
1096                 [size_is(count)] lsa_TranslatedSid3 *sids;
1097         } lsa_TransSidArray3;
1098
1099         [public] NTSTATUS lsa_LookupNames3 (
1100                 [in]     policy_handle *handle,
1101                 [in,range(0,1000)] uint32 num_names,
1102                 [in,size_is(num_names)]  lsa_String names[],
1103                 [out,ref]    lsa_RefDomainList **domains,
1104                 [in,out,ref] lsa_TransSidArray3 *sids,
1105                 [in]         lsa_LookupNamesLevel level,
1106                 [in,out,ref] uint32 *count,
1107                 [in]         uint32 lookup_options,
1108                 [in]         uint32 client_revision /* LSA_CLIENT_REVISION* */
1109                 );
1110
1111         /* Function 0x45 */
1112         [todo] NTSTATUS lsa_CREDRGETSESSIONTYPES();
1113
1114         /* Function 0x46 */
1115         [todo] NTSTATUS lsa_LSARREGISTERAUDITEVENT();
1116
1117         /* Function 0x47 */
1118         [todo] NTSTATUS lsa_LSARGENAUDITEVENT();
1119
1120         /* Function 0x48 */
1121         [todo] NTSTATUS lsa_LSARUNREGISTERAUDITEVENT();
1122
1123         /* Function 0x49 */
1124         typedef struct {
1125                 [range(0,131072)] uint32 length;
1126                 [size_is(length)] uint8 *data;
1127         } lsa_ForestTrustBinaryData;
1128
1129         typedef struct {
1130                 dom_sid2 *domain_sid;
1131                 lsa_StringLarge dns_domain_name;
1132                 lsa_StringLarge netbios_domain_name;
1133         } lsa_ForestTrustDomainInfo;
1134
1135         typedef [switch_type(uint32)] union {
1136                 [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_String top_level_name;
1137                 [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex;
1138                 [case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info;
1139                 [default] lsa_ForestTrustBinaryData data;
1140         } lsa_ForestTrustData;
1141
1142         typedef [v1_enum] enum {
1143                 LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0,
1144                 LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
1145                 LSA_FOREST_TRUST_DOMAIN_INFO = 2,
1146                 LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3
1147         } lsa_ForestTrustRecordType;
1148
1149         typedef struct {
1150                 uint32 flags;
1151                 lsa_ForestTrustRecordType level;
1152                 hyper unknown;
1153                 [switch_is(level)] lsa_ForestTrustData forest_trust_data;
1154         } lsa_ForestTrustRecord;
1155
1156         typedef [public] struct {
1157                 [range(0,4000)] uint32 count;
1158                 [size_is(count)] lsa_ForestTrustRecord **entries;
1159         } lsa_ForestTrustInformation;
1160
1161         NTSTATUS lsa_lsaRQueryForestTrustInformation(
1162                 [in] policy_handle *handle,
1163                 [in,ref] lsa_String *trusted_domain_name,
1164                 [in] uint16 unknown, /* level ? */
1165                 [out,ref] lsa_ForestTrustInformation **forest_trust_info
1166                 );
1167
1168         /* Function 0x4a */
1169         [todo] NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION();
1170
1171         /* Function 0x4b */
1172         [todo] NTSTATUS lsa_CREDRRENAME();
1173
1174         /*****************/
1175         /* Function 0x4c */
1176
1177         [public] NTSTATUS lsa_LookupSids3(
1178                 [in,ref]     lsa_SidArray *sids,
1179                 [out,ref]    lsa_RefDomainList **domains,
1180                 [in,out,ref] lsa_TransNameArray2 *names,
1181                 [in]         uint16 level,
1182                 [in,out,ref] uint32 *count,
1183                 [in]         uint32 unknown1,
1184                 [in]         uint32 unknown2
1185                 );
1186
1187         const int LSA_CLIENT_REVISION_NO_DNS     = 0x00000001;
1188         const int LSA_CLIENT_REVISION_DNS        = 0x00000002;
1189
1190         const int LSA_LOOKUP_OPTIONS_NO_ISOLATED = 0x80000000;
1191
1192         /* Function 0x4d */
1193         NTSTATUS lsa_LookupNames4(
1194                 [in,range(0,1000)] uint32 num_names,
1195                 [in,size_is(num_names)]  lsa_String names[],
1196                 [out,ref]    lsa_RefDomainList **domains,
1197                 [in,out,ref] lsa_TransSidArray3 *sids,
1198                 [in]         lsa_LookupNamesLevel level,
1199                 [in,out,ref] uint32 *count,
1200                 [in]         uint32 lookup_options,
1201                 [in]         uint32 client_revision /* LSA_CLIENT_REVISION* */
1202                 );
1203
1204         /* Function 0x4e */
1205         [todo] NTSTATUS lsa_LSAROPENPOLICYSCE();
1206
1207         /* Function 0x4f */
1208         [todo] NTSTATUS lsa_LSARADTREGISTERSECURITYEVENTSOURCE();
1209
1210         /* Function 0x50 */
1211         [todo] NTSTATUS lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE();
1212
1213         /* Function 0x51 */
1214         [todo] NTSTATUS lsa_LSARADTREPORTSECURITYEVENT();
1215
1216 }