/******************/
/* Function: 0x06 */
typedef struct {
- uint32 len; /* ignored */
+ uint3264 len; /* ignored */
uint16 impersonation_level;
uint8 context_mode;
uint8 effective_only;
} lsa_QosInfo;
typedef struct {
- uint32 len; /* ignored */
+ uint3264 len; /* ignored */
uint8 *root_dir;
[string,charset(UTF16)] uint16 *object_name;
uint32 attributes;
LSA_POLICY_SET_AUDIT_REQUIREMENTS |
LSA_POLICY_AUDIT_LOG_ADMIN |
LSA_POLICY_SERVER_ADMIN |
- LSA_POLICY_LOOKUP_NAMES);
+ LSA_POLICY_LOOKUP_NAMES |
+ LSA_POLICY_NOTIFICATION);
const int LSA_POLICY_READ =
(STANDARD_RIGHTS_READ_ACCESS |
LSA_SECRET_QUERY_VALUE = 0x00000002
} lsa_SecretAccessMask;
+ const int LSA_SECRET_ALL_ACCESS =
+ (LSA_SECRET_QUERY_VALUE |
+ LSA_SECRET_SET_VALUE |
+ SEC_STD_DELETE |
+ STANDARD_RIGHTS_READ_ACCESS |
+ SEC_STD_WRITE_DAC |
+ SEC_STD_WRITE_OWNER); /* 0x000F0003 */
+
+ const int LSA_SECRET_READ =
+ (LSA_SECRET_QUERY_VALUE |
+ STANDARD_RIGHTS_READ_ACCESS); /* 0x00020002 */
+
+ const int LSA_SECRET_WRITE =
+ (LSA_SECRET_SET_VALUE |
+ STANDARD_RIGHTS_READ_ACCESS); /* 0x00020001 */
+
+ const int LSA_SECRET_EXECUTE =
+ (STANDARD_RIGHTS_READ_ACCESS); /* 0x00020000 */
+
typedef [public,bitmap32bit] bitmap {
LSA_TRUSTED_QUERY_DOMAIN_NAME = 0x00000001,
LSA_TRUSTED_QUERY_CONTROLLERS = 0x00000002,
LSA_TRUSTED_QUERY_AUTH = 0x00000040
} lsa_TrustedAccessMask;
+ const int LSA_TRUSTED_DOMAIN_ALL_ACCESS =
+ (LSA_TRUSTED_QUERY_DOMAIN_NAME |
+ LSA_TRUSTED_QUERY_CONTROLLERS |
+ LSA_TRUSTED_SET_CONTROLLERS |
+ LSA_TRUSTED_QUERY_POSIX |
+ LSA_TRUSTED_SET_POSIX |
+ LSA_TRUSTED_SET_AUTH |
+ LSA_TRUSTED_QUERY_AUTH |
+ SEC_STD_DELETE |
+ STANDARD_RIGHTS_READ_ACCESS |
+ SEC_STD_WRITE_DAC |
+ SEC_STD_WRITE_OWNER); /* 0x000F007F */
+
+ const int LSA_TRUSTED_DOMAIN_READ =
+ (LSA_TRUSTED_QUERY_DOMAIN_NAME |
+ STANDARD_RIGHTS_READ_ACCESS); /* 0x00020001 */
+
+ const int LSA_TRUSTED_DOMAIN_WRITE =
+ (LSA_TRUSTED_SET_CONTROLLERS |
+ LSA_TRUSTED_SET_POSIX |
+ LSA_TRUSTED_SET_AUTH |
+ STANDARD_RIGHTS_READ_ACCESS); /* 0x00020034 */
+
+ const int LSA_TRUSTED_DOMAIN_EXECUTE =
+ (LSA_TRUSTED_QUERY_DOMAIN_NAME |
+ LSA_TRUSTED_QUERY_POSIX |
+ STANDARD_RIGHTS_READ_ACCESS); /* 0x0002000C */
+
+
/* notice the screwup with the system_name - thats why MS created
OpenPolicy2 */
[public] NTSTATUS lsa_OpenPolicy (
} lsa_SidPtr;
typedef [public] struct {
- [range(0,1000)] uint32 num_sids;
+ [range(0,20480)] uint32 num_sids;
[size_is(num_sids)] lsa_SidPtr *sids;
} lsa_SidArray;
} lsa_TransSidArray;
const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32;
- typedef struct {
+ typedef [public] struct {
[range(0,1000)] uint32 count;
[size_is(count)] lsa_DomainInfo *domains;
uint32 max_size;
* Level 6: Like 4
*/
- typedef enum {
+ typedef [public] enum {
LSA_LOOKUP_NAMES_ALL = 1,
LSA_LOOKUP_NAMES_DOMAINS_ONLY = 2,
LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3,
uint32 sid_index;
} lsa_TranslatedName;
- typedef struct {
- [range(0,1000)] uint32 count;
+ typedef [public] struct {
+ [range(0,20480)] uint32 count;
[size_is(count)] lsa_TranslatedName *names;
} lsa_TransNameArray;
[in,ref] lsa_SidArray *sids,
[out,ref] lsa_RefDomainList **domains,
[in,out,ref] lsa_TransNameArray *names,
- [in] uint16 level,
+ [in] lsa_LookupNamesLevel level,
[in,out,ref] uint32 *count
);
/* Function: 0x16 */
[todo] NTSTATUS lsa_SetQuotasForAccount();
- typedef [bitmap32bit] bitmap {
- LSA_POLICY_MODE_INTERACTIVE = 0x00000001,
- LSA_POLICY_MODE_NETWORK = 0x00000002,
- LSA_POLICY_MODE_BATCH = 0x00000004,
- LSA_POLICY_MODE_SERVICE = 0x00000010,
- LSA_POLICY_MODE_PROXY = 0x00000020,
- LSA_POLICY_MODE_DENY_INTERACTIVE = 0x00000040,
- LSA_POLICY_MODE_DENY_NETWORK = 0x00000080,
- LSA_POLICY_MODE_DENY_BATCH = 0x00000100,
- LSA_POLICY_MODE_DENY_SERVICE = 0x00000200,
- LSA_POLICY_MODE_REMOTE_INTERACTIVE = 0x00000400,
- LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE = 0x00000800,
- LSA_POLICY_MODE_ALL = 0x00000FF7,
- LSA_POLICY_MODE_ALL_NT4 = 0x00000037
- } lsa_SystemAccessModeFlags;
-
/* Function: 0x17 */
NTSTATUS lsa_GetSystemAccessAccount(
[in] policy_handle *handle,
);
typedef [flag(NDR_PAHEX)] struct {
- uint32 length;
- uint32 size;
+ uint3264 length;
+ uint3264 size;
[size_is(size),length_is(length)] uint8 *data;
} lsa_DATA_BUF;
LSA_TRUST_DIRECTION_OUTBOUND = 0x00000002
} lsa_TrustDirection;
- typedef [v1_enum] enum {
+ typedef [public,v1_enum] enum {
LSA_TRUST_TYPE_DOWNLEVEL = 0x00000001,
LSA_TRUST_TYPE_UPLEVEL = 0x00000002,
- LSA_TRUST_TYPE_MIT = 0x00000003
+ LSA_TRUST_TYPE_MIT = 0x00000003,
+ LSA_TRUST_TYPE_DCE = 0x00000004
} lsa_TrustType;
typedef [public,bitmap32bit] bitmap {
dom_sid2 *sid;
} lsa_TrustDomainInfoBasic;
- typedef struct {
+ typedef [public] struct {
lsa_StringLarge domain_name;
lsa_StringLarge netbios_name;
dom_sid2 *sid;
lsa_DATA_BUF2 data;
} lsa_TrustDomainInfoBuffer;
- typedef struct {
+ typedef [public] struct {
uint32 incoming_count;
lsa_TrustDomainInfoBuffer *incoming_current_auth_info;
lsa_TrustDomainInfoBuffer *incoming_previous_auth_info;
/**********************/
/* Function 0x31 */
- NTSTATUS lsa_SetTrustedDomainInfoByName(
+ [public] NTSTATUS lsa_SetTrustedDomainInfoByName(
[in] policy_handle *handle,
- [in] lsa_String trusted_domain,
+ [in,ref] lsa_String *trusted_domain,
[in] lsa_TrustDomInfoEnum level,
- [in,unique,switch_is(level)] lsa_TrustedDomainInfo *info
+ [in,ref,switch_is(level)] lsa_TrustedDomainInfo *info
);
/* Function 0x32 */
NTSTATUS lsa_CreateTrustedDomainEx(
[in] policy_handle *policy_handle,
[in] lsa_TrustDomainInfoInfoEx *info,
- [in] lsa_TrustDomainInfoAuthInfoInternal *auth_info,
- [in] uint32 access_mask,
+ [in] lsa_TrustDomainInfoAuthInfo *auth_info,
+ [in] lsa_TrustedAccessMask access_mask,
[out] policy_handle *trustdom_handle
);
);
/* Function 0x35 */
+ typedef [bitmap32bit] bitmap {
+ LSA_POLICY_KERBEROS_VALIDATE_CLIENT = 0x00000080
+ } lsa_krbAuthenticationOptions;
/* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000
- for unknown6 - gd */
+ for reserved - gd */
typedef struct {
- uint32 enforce_restrictions;
+ lsa_krbAuthenticationOptions authentication_options;
hyper service_tkt_lifetime;
hyper user_tkt_lifetime;
hyper user_tkt_renewaltime;
hyper clock_skew;
- hyper unknown6;
+ hyper reserved;
} lsa_DomainInfoKerberos;
typedef struct {
NTSTATUS lsa_OpenTrustedDomainByName(
[in] policy_handle *handle,
[in] lsa_String name,
- [in] uint32 access_mask,
+ [in] lsa_TrustedAccessMask access_mask,
[out] policy_handle *trustdom_handle
);
[size_is(count)] lsa_TranslatedName2 *names;
} lsa_TransNameArray2;
+ typedef [v1_enum] enum {
+ LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES = 0x00000000,
+ LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES_LOCAL = 0x80000000
+ } lsa_LookupOptions;
+
+ typedef [v1_enum] enum {
+ LSA_CLIENT_REVISION_1 = 0x00000001,
+ LSA_CLIENT_REVISION_2 = 0x00000002
+ } lsa_ClientRevision;
+
[public] NTSTATUS lsa_LookupSids2(
[in] policy_handle *handle,
[in,ref] lsa_SidArray *sids,
[out,ref] lsa_RefDomainList **domains,
[in,out,ref] lsa_TransNameArray2 *names,
- [in] uint16 level,
+ [in] lsa_LookupNamesLevel level,
[in,out,ref] uint32 *count,
- [in] uint32 unknown1,
- [in] uint32 unknown2
+ [in] lsa_LookupOptions lookup_options,
+ [in] lsa_ClientRevision client_revision
);
/**********************/
[in,out,ref] lsa_TransSidArray2 *sids,
[in] lsa_LookupNamesLevel level,
[in,out,ref] uint32 *count,
- [in] uint32 lookup_options,
- [in] uint32 client_revision /* LSA_CLIENT_REVISION* */
+ [in] lsa_LookupOptions lookup_options,
+ [in] lsa_ClientRevision client_revision
);
/* Function 0x3b */
NTSTATUS lsa_CreateTrustedDomainEx2(
[in] policy_handle *policy_handle,
[in] lsa_TrustDomainInfoInfoEx *info,
- [in] lsa_TrustDomainInfoAuthInfoInternal *auth_info,
- [in] uint32 access_mask,
+ [in] lsa_TrustDomainInfoAuthInfoInternal *auth_info_internal,
+ [in] lsa_TrustedAccessMask access_mask,
[out] policy_handle *trustdom_handle
);
[in,out,ref] lsa_TransSidArray3 *sids,
[in] lsa_LookupNamesLevel level,
[in,out,ref] uint32 *count,
- [in] uint32 lookup_options,
- [in] uint32 client_revision /* LSA_CLIENT_REVISION* */
+ [in] lsa_LookupOptions lookup_options,
+ [in] lsa_ClientRevision client_revision
);
/* Function 0x45 */
[todo] NTSTATUS lsa_LSARUNREGISTERAUDITEVENT();
/* Function 0x49 */
+ typedef [bitmap32bit,public] bitmap {
+ /* these apply to LSA_FOREST_TRUST_TOP_LEVEL_NAME */
+ LSA_TLN_DISABLED_NEW = 0x00000001,
+ LSA_TLN_DISABLED_ADMIN = 0x00000002,
+ LSA_TLN_DISABLED_CONFLICT = 0x00000004,
+
+ /* these apply to LSA_FOREST_TRUST_DOMAIN_INFO */
+ LSA_SID_DISABLED_ADMIN = 0x00000001,
+ LSA_SID_DISABLED_CONFLICT = 0x00000002,
+ LSA_NB_DISABLED_ADMIN = 0x00000004,
+ LSA_NB_DISABLED_CONFLICT = 0x00000008
+ } lsa_ForestTrustRecordFlags;
+
+ typedef enum {
+ LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0,
+ LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
+ LSA_FOREST_TRUST_DOMAIN_INFO = 2,
+ LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3
+ } lsa_ForestTrustRecordType;
+
typedef struct {
- [range(0,131072)] uint32 length;
+ [range(0,131072)] uint3264 length;
[size_is(length)] uint8 *data;
} lsa_ForestTrustBinaryData;
lsa_StringLarge netbios_domain_name;
} lsa_ForestTrustDomainInfo;
- typedef [switch_type(uint32)] union {
- [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_String top_level_name;
+ typedef [switch_type(lsa_ForestTrustRecordType)] union {
+ [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_StringLarge top_level_name;
[case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex;
[case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info;
[default] lsa_ForestTrustBinaryData data;
} lsa_ForestTrustData;
- typedef [v1_enum] enum {
- LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0,
- LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
- LSA_FOREST_TRUST_DOMAIN_INFO = 2,
- LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3
- } lsa_ForestTrustRecordType;
-
typedef struct {
- uint32 flags;
- lsa_ForestTrustRecordType level;
- hyper unknown;
- [switch_is(level)] lsa_ForestTrustData forest_trust_data;
+ lsa_ForestTrustRecordFlags flags;
+ lsa_ForestTrustRecordType type;
+ NTTIME_hyper time;
+ [switch_is(type)] lsa_ForestTrustData forest_trust_data;
} lsa_ForestTrustRecord;
typedef [public] struct {
[size_is(count)] lsa_ForestTrustRecord **entries;
} lsa_ForestTrustInformation;
- NTSTATUS lsa_lsaRQueryForestTrustInformation(
+ [public] NTSTATUS lsa_lsaRQueryForestTrustInformation(
[in] policy_handle *handle,
[in,ref] lsa_String *trusted_domain_name,
- [in] uint16 unknown, /* level ? */
+ [in] lsa_ForestTrustRecordType highest_record_type,
[out,ref] lsa_ForestTrustInformation **forest_trust_info
);
- /* Function 0x4a */
- [todo] NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION();
+ /*****************
+ * Function 0x4a */
+
+ typedef [v1_enum] enum {
+ LSA_FOREST_TRUST_COLLISION_TDO = 0,
+ LSA_FOREST_TRUST_COLLISION_XREF = 1,
+ LSA_FOREST_TRUST_COLLISION_OTHER = 2
+ } lsa_ForestTrustCollisionRecordType;
+
+ typedef [public] struct {
+ uint32 index;
+ lsa_ForestTrustCollisionRecordType type;
+ lsa_ForestTrustRecordFlags flags;
+ lsa_String name;
+ } lsa_ForestTrustCollisionRecord;
+
+ typedef [public] struct {
+ uint32 count;
+ [size_is(count)] lsa_ForestTrustCollisionRecord **entries;
+ } lsa_ForestTrustCollisionInfo;
+
+ [public] NTSTATUS lsa_lsaRSetForestTrustInformation(
+ [in] policy_handle *handle,
+ [in,ref] lsa_StringLarge *trusted_domain_name,
+ [in] lsa_ForestTrustRecordType highest_record_type,
+ [in,ref] lsa_ForestTrustInformation *forest_trust_info,
+ [in] boolean8 check_only,
+ [out,ref] lsa_ForestTrustCollisionInfo **collision_info
+ );
/* Function 0x4b */
[todo] NTSTATUS lsa_CREDRRENAME();
[in,ref] lsa_SidArray *sids,
[out,ref] lsa_RefDomainList **domains,
[in,out,ref] lsa_TransNameArray2 *names,
- [in] uint16 level,
+ [in] lsa_LookupNamesLevel level,
[in,out,ref] uint32 *count,
- [in] uint32 unknown1,
- [in] uint32 unknown2
+ [in] lsa_LookupOptions lookup_options,
+ [in] lsa_ClientRevision client_revision
);
const int LSA_CLIENT_REVISION_NO_DNS = 0x00000001;
[in,out,ref] lsa_TransSidArray3 *sids,
[in] lsa_LookupNamesLevel level,
[in,out,ref] uint32 *count,
- [in] uint32 lookup_options,
- [in] uint32 client_revision /* LSA_CLIENT_REVISION* */
+ [in] lsa_LookupOptions lookup_options,
+ [in] lsa_ClientRevision client_revision
);
/* Function 0x4e */