93cfdee2014e2335b97024361e7832a02dda45c9
[kai/samba.git] / source / librpc / idl / lsa.idl
1 #include "idl_types.h"
2
3 /*
4   lsa interface definition
5 */
6
7 import "misc.idl", "security.idl";
8
9 [ uuid("12345778-1234-abcd-ef00-0123456789ab"),
10   version(0.0),
11   endpoint("ncacn_np:[\\pipe\\lsarpc]","ncacn_np:[\\pipe\\netlogon]","ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:", "ncalrpc:"),
12   pointer_default(unique),
13   helpstring("Local Security Authority")
14 ] interface lsarpc
15 {
16         typedef bitmap security_secinfo security_secinfo;
17
18         typedef [public,noejs] struct {
19                 [value(2*strlen_m(string))] uint16 length;
20                 [value(2*strlen_m(string))] uint16 size;
21                 [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
22         } lsa_String;
23
24         typedef [public] struct {
25                 [value(2*strlen_m(string))] uint16 length;
26                 [value(2*strlen_m_term(string))] uint16 size;
27                 [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
28         } lsa_StringLarge;
29
30         typedef [public] struct {
31                 uint32 count;
32                 [size_is(count)] lsa_String *names;
33         } lsa_Strings;
34
35         typedef [public] struct {
36                 [value(strlen_m(string))] uint16 length;
37                 [value(strlen_m(string))] uint16 size;
38                 [charset(DOS),size_is(size),length_is(length)] uint8 *string;
39         } lsa_AsciiString;
40
41         typedef [public] struct {
42                 [value(strlen_m(string))] uint16 length;
43                 [value(strlen_m_term(string))] uint16 size;
44                 [charset(DOS),size_is(size),length_is(length)] uint8 *string;
45         } lsa_AsciiStringLarge;
46
47         /******************/
48         /* Function: 0x00 */
49         NTSTATUS lsa_Close (
50                 [in,out]     policy_handle *handle
51                 );
52         
53
54         /******************/
55         /* Function: 0x01 */
56         [public] NTSTATUS lsa_Delete (
57                 [in]     policy_handle *handle
58                 );
59
60
61         /******************/
62         /* Function: 0x02 */
63         typedef struct {
64                 uint32 low;
65                 uint32 high;
66         } lsa_LUID;
67         
68         typedef struct {
69                 lsa_StringLarge name;
70                 lsa_LUID luid;
71         } lsa_PrivEntry;
72
73         typedef struct {
74                 uint32 count;
75                 [size_is(count)] lsa_PrivEntry *privs;
76         } lsa_PrivArray;
77
78         [public] NTSTATUS lsa_EnumPrivs (
79                 [in]     policy_handle *handle,
80                 [in,out] uint32 *resume_handle,
81                 [in]         uint32 max_count,
82                 [out]    lsa_PrivArray *privs
83                 );
84
85         /******************/
86         /* Function: 0x03 */
87
88         NTSTATUS lsa_QuerySecurity (
89                 [in]     policy_handle *handle,
90                 [in]         security_secinfo sec_info,
91                 [out,unique]        sec_desc_buf *sdbuf
92                 );
93
94
95         /******************/
96         /* Function: 0x04 */
97         [todo] NTSTATUS lsa_SetSecObj ();
98
99
100         /******************/
101         /* Function: 0x05 */
102         [todo] NTSTATUS lsa_ChangePassword ();
103
104
105         /******************/
106         /* Function: 0x06 */
107         typedef struct {
108                 uint32  len; /* ignored */
109                 uint16  impersonation_level;
110                 uint8   context_mode;
111                 uint8   effective_only;
112         } lsa_QosInfo;
113         
114         typedef struct {
115                 uint32 len; /* ignored */
116                 uint8 *root_dir;
117                 [string,charset(UTF16)] uint16 *object_name;
118                 uint32 attributes;
119                 security_descriptor *sec_desc;
120                 lsa_QosInfo *sec_qos;
121         } lsa_ObjectAttribute;
122
123         /* notice the screwup with the system_name - thats why MS created
124            OpenPolicy2 */
125         [public] NTSTATUS lsa_OpenPolicy (
126                 [in,unique]       uint16 *system_name,
127                 [in]   lsa_ObjectAttribute *attr,
128                 [in]       uint32 access_mask,
129                 [out]  policy_handle *handle
130                 );
131         
132
133
134         /******************/
135         /* Function: 0x07 */
136
137         typedef struct {
138                 uint32 percent_full;
139                 uint32 log_size;
140                 NTTIME retention_time;
141                 uint8  shutdown_in_progress;
142                 NTTIME time_to_shutdown;
143                 uint32 next_audit_record;
144                 uint32 unknown;
145         } lsa_AuditLogInfo;
146
147         typedef [v1_enum] enum {
148                 LSA_AUDIT_POLICY_NONE=0,
149                 LSA_AUDIT_POLICY_SUCCESS=1,
150                 LSA_AUDIT_POLICY_FAILURE=2,
151                 LSA_AUDIT_POLICY_ALL=(LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE),
152                 LSA_AUDIT_POLICY_CLEAR=4
153         } lsa_PolicyAuditPolicy;
154
155         typedef enum {
156                 LSA_AUDIT_CATEGORY_SYSTEM = 0,
157                 LSA_AUDIT_CATEGORY_LOGON = 1,
158                 LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS = 2,
159                 LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS = 3,
160                 LSA_AUDIT_CATEGORY_PROCCESS_TRACKING = 4,
161                 LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES = 5,
162                 LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT = 6,
163                 LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS = 7,        /* only in win2k/2k3 */
164                 LSA_AUDIT_CATEGORY_ACCOUNT_LOGON = 8                    /* only in win2k/2k3 */
165         } lsa_PolicyAuditEventType;
166
167         typedef struct {
168                 uint32 auditing_mode;
169                 [size_is(count)] lsa_PolicyAuditPolicy *settings;
170                 uint32 count;
171         } lsa_AuditEventsInfo;
172
173         typedef struct {
174                 lsa_StringLarge name;
175                 dom_sid2 *sid;
176         } lsa_DomainInfo;
177
178         typedef struct {
179                 lsa_String name;
180         } lsa_PDAccountInfo;
181
182         typedef struct {
183                 uint16 unknown; /* an midl padding bug? */
184                 uint16 role;
185         } lsa_ServerRole;
186
187         typedef struct {
188                 lsa_String source;
189                 lsa_String account;
190         } lsa_ReplicaSourceInfo;
191
192         typedef struct {
193                 uint32 paged_pool;
194                 uint32 non_paged_pool;
195                 uint32 min_wss;
196                 uint32 max_wss;
197                 uint32 pagefile;
198                 hyper unknown;
199         } lsa_DefaultQuotaInfo;
200
201         typedef struct {
202                 hyper modified_id;
203                 NTTIME db_create_time;
204         } lsa_ModificationInfo;
205
206         typedef struct {
207                 uint8 shutdown_on_full;
208         } lsa_AuditFullSetInfo;
209
210         typedef struct {
211                 uint16 unknown; /* an midl padding bug? */
212                 uint8 shutdown_on_full;
213                 uint8 log_is_full;
214         } lsa_AuditFullQueryInfo;
215
216         typedef struct {
217                 /* it's important that we use the lsa_StringLarge here,
218                  * because otherwise windows clients result with such dns hostnames
219                  * e.g. w2k3-client.samba4.samba.orgsamba4.samba.org
220                  * where it should be
221                  *      w2k3-client.samba4.samba.org
222                  */
223                 lsa_StringLarge name;
224                 lsa_StringLarge dns_domain;
225                 lsa_StringLarge dns_forest;
226                 GUID domain_guid;
227                 dom_sid2 *sid;
228         } lsa_DnsDomainInfo;
229
230         typedef enum {
231                 LSA_POLICY_INFO_AUDIT_LOG=1,
232                 LSA_POLICY_INFO_AUDIT_EVENTS=2,
233                 LSA_POLICY_INFO_DOMAIN=3,
234                 LSA_POLICY_INFO_PD=4,
235                 LSA_POLICY_INFO_ACCOUNT_DOMAIN=5,
236                 LSA_POLICY_INFO_ROLE=6,
237                 LSA_POLICY_INFO_REPLICA=7,
238                 LSA_POLICY_INFO_QUOTA=8,
239                 LSA_POLICY_INFO_DB=9,
240                 LSA_POLICY_INFO_AUDIT_FULL_SET=10,
241                 LSA_POLICY_INFO_AUDIT_FULL_QUERY=11,
242                 LSA_POLICY_INFO_DNS=12
243         } lsa_PolicyInfo;
244
245         typedef [switch_type(uint16)] union {
246                 [case(LSA_POLICY_INFO_AUDIT_LOG)]        lsa_AuditLogInfo       audit_log;
247                 [case(LSA_POLICY_INFO_AUDIT_EVENTS)]     lsa_AuditEventsInfo    audit_events;
248                 [case(LSA_POLICY_INFO_DOMAIN)]           lsa_DomainInfo         domain;
249                 [case(LSA_POLICY_INFO_PD)]               lsa_PDAccountInfo      pd;
250                 [case(LSA_POLICY_INFO_ACCOUNT_DOMAIN)]   lsa_DomainInfo         account_domain;
251                 [case(LSA_POLICY_INFO_ROLE)]             lsa_ServerRole         role;
252                 [case(LSA_POLICY_INFO_REPLICA)]          lsa_ReplicaSourceInfo  replica;
253                 [case(LSA_POLICY_INFO_QUOTA)]            lsa_DefaultQuotaInfo   quota;
254                 [case(LSA_POLICY_INFO_DB)]               lsa_ModificationInfo   db;
255                 [case(LSA_POLICY_INFO_AUDIT_FULL_SET)]   lsa_AuditFullSetInfo   auditfullset;
256                 [case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery;
257                 [case(LSA_POLICY_INFO_DNS)]              lsa_DnsDomainInfo      dns;
258         } lsa_PolicyInformation;
259
260         NTSTATUS lsa_QueryInfoPolicy (
261                 [in]                            policy_handle *handle,
262                 [in]                            lsa_PolicyInfo level,
263                 [out,unique,switch_is(level)]   lsa_PolicyInformation *info
264                 );
265
266         /******************/
267         /* Function:       0x08 */
268         NTSTATUS lsa_SetInfoPolicy (
269                 [in]                            policy_handle *handle,
270                 [in]                            lsa_PolicyInfo level,
271                 [in,switch_is(level)]           lsa_PolicyInformation *info
272                 );
273
274         /******************/
275         /* Function:       0x09 */
276         [todo] NTSTATUS lsa_ClearAuditLog ();
277
278         /******************/
279         /* Function: 0x0a */
280         [public] NTSTATUS lsa_CreateAccount (
281                 [in]    policy_handle *handle,
282                 [in]    dom_sid2 *sid,
283                 [in]    uint32 access_mask,
284                 [out]   policy_handle *acct_handle
285                 );
286
287         /******************/
288         /* NOTE: This only returns accounts that have at least
289            one privilege set 
290         */
291         /* Function: 0x0b */
292         typedef struct {
293                 dom_sid2 *sid;
294         } lsa_SidPtr;
295         
296         typedef [public] struct {
297                 [range(0,1000)] uint32 num_sids;
298                 [size_is(num_sids)] lsa_SidPtr *sids;
299         } lsa_SidArray;
300
301         [public] NTSTATUS lsa_EnumAccounts (
302                 [in]         policy_handle *handle,
303                 [in,out]     uint32 *resume_handle,
304                 [in,range(0,8192)] uint32 num_entries,
305                 [out]        lsa_SidArray *sids
306                 );
307
308
309         /*************************************************/
310         /* Function: 0x0c                                */
311
312         [public] NTSTATUS lsa_CreateTrustedDomain(
313                 [in]         policy_handle *handle,
314                 [in]         lsa_DomainInfo *info,
315                 [in]         uint32 access_mask,
316                 [out]        policy_handle *trustdom_handle
317                 );
318
319
320         /******************/
321         /* Function: 0x0d */
322
323         /* w2k3 treats max_size as max_domains*60       */
324         const int LSA_ENUM_TRUST_DOMAIN_MULTIPLIER = 60;
325
326         typedef struct {
327                 uint32 count;
328                 [size_is(count)] lsa_DomainInfo *domains;
329         } lsa_DomainList;
330
331         NTSTATUS lsa_EnumTrustDom (
332                 [in]               policy_handle *handle,
333                 [in,out]           uint32 *resume_handle,
334                 [in]               uint32 max_size,
335                 [out]              lsa_DomainList *domains
336                 );
337
338
339         /******************/
340         /* Function: 0x0e */
341         typedef [public] enum {
342                 SID_NAME_USE_NONE = 0,/* NOTUSED */
343                 SID_NAME_USER     = 1, /* user */
344                 SID_NAME_DOM_GRP  = 2, /* domain group */
345                 SID_NAME_DOMAIN   = 3, /* domain: don't know what this is */
346                 SID_NAME_ALIAS    = 4, /* local group */
347                 SID_NAME_WKN_GRP  = 5, /* well-known group */
348                 SID_NAME_DELETED  = 6, /* deleted account: needed for c2 rating */
349                 SID_NAME_INVALID  = 7, /* invalid account */
350                 SID_NAME_UNKNOWN  = 8, /* oops. */
351                 SID_NAME_COMPUTER = 9  /* machine */
352         } lsa_SidType;
353
354         typedef struct {
355                 lsa_SidType sid_type;
356                 uint32 rid;
357                 uint32 sid_index;
358         } lsa_TranslatedSid;
359
360         typedef struct {
361                 [range(0,1000)] uint32 count;
362                 [size_is(count)] lsa_TranslatedSid *sids;
363         } lsa_TransSidArray;
364
365         const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32;
366         typedef struct {
367                 [range(0,1000)] uint32 count;
368                 [size_is(count)] lsa_DomainInfo *domains;
369                 uint32 max_size;
370         } lsa_RefDomainList;
371
372         /* Level 1: Ask everywhere
373          * Level 2: Ask domain and trusted domains, no builtin and wkn
374          * Level 3: Only ask domain
375          * Level 4: W2k3ad: Only ask AD trusts
376          * Level 5: Only ask transitive forest trusts
377          * Level 6: Like 4
378          */
379
380         typedef enum {
381                 LSA_LOOKUP_NAMES_ALL = 1,
382                 LSA_LOOKUP_NAMES_DOMAINS_ONLY = 2,
383                 LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3,
384                 LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY = 4,
385                 LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY = 5,
386                 LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6
387         } lsa_LookupNamesLevel;
388
389         [public] NTSTATUS lsa_LookupNames (
390                 [in]         policy_handle *handle,
391                 [in,range(0,1000)] uint32 num_names,
392                 [in,size_is(num_names)]  lsa_String names[],
393                 [out,unique] lsa_RefDomainList *domains,
394                 [in,out]     lsa_TransSidArray *sids,
395                 [in]         lsa_LookupNamesLevel level,
396                 [in,out]     uint32 *count
397                 );
398
399
400         /******************/
401         /* Function: 0x0f */
402
403         typedef struct {
404                 lsa_SidType sid_type;
405                 lsa_String name;
406                 uint32 sid_index;
407         } lsa_TranslatedName;
408
409         typedef struct {
410                 [range(0,1000)] uint32 count;
411                 [size_is(count)] lsa_TranslatedName *names;
412         } lsa_TransNameArray;
413
414         [public] NTSTATUS lsa_LookupSids (
415                 [in]         policy_handle *handle,
416                 [in]         lsa_SidArray *sids,
417                 [out,unique]        lsa_RefDomainList *domains,
418                 [in,out]     lsa_TransNameArray *names,
419                 [in]         uint16 level,
420                 [in,out] uint32 *count
421                 );
422
423
424         /* Function:        0x10 */
425         [public] NTSTATUS lsa_CreateSecret(
426                 [in]         policy_handle *handle,
427                 [in]         lsa_String       name,
428                 [in]         uint32         access_mask,
429                 [out]        policy_handle *sec_handle
430                 );
431
432
433         /*****************************************/
434         /* Function:     0x11                    */
435         NTSTATUS lsa_OpenAccount (
436                 [in]         policy_handle *handle,
437                 [in]         dom_sid2 *sid,
438                 [in]         uint32 access_mask,
439                 [out]        policy_handle *acct_handle
440                 );
441
442
443         /****************************************/
444         /* Function:    0x12                    */
445
446         typedef struct {
447                 lsa_LUID luid;
448                 uint32 attribute;
449         } lsa_LUIDAttribute;
450         
451         typedef struct {
452                 [range(0,1000)] uint32 count;
453                 uint32 unknown;
454                 [size_is(count)] lsa_LUIDAttribute set[*];
455         } lsa_PrivilegeSet;
456         
457         NTSTATUS lsa_EnumPrivsAccount (
458                 [in]         policy_handle *handle,
459                 [out,unique] lsa_PrivilegeSet *privs
460                 );
461
462
463         /****************************************/
464         /* Function:            0x13 */
465         NTSTATUS lsa_AddPrivilegesToAccount(
466                 [in]         policy_handle *handle,
467                 [in]         lsa_PrivilegeSet *privs
468                 );
469         
470
471         /****************************************/
472         /* Function:         0x14 */
473         NTSTATUS lsa_RemovePrivilegesFromAccount(
474                 [in]         policy_handle *handle,
475                 [in]         uint8 remove_all,
476                 [in,unique]  lsa_PrivilegeSet *privs
477                 );
478
479         /* Function:           0x15 */
480         [todo] NTSTATUS lsa_GetQuotasForAccount();
481         
482         /* Function:           0x16 */
483         [todo] NTSTATUS lsa_SetQuotasForAccount();
484         
485         /* Function:    0x17 */
486         [todo] NTSTATUS lsa_GetSystemAccessAccount();
487         /* Function:    0x18 */
488         [todo] NTSTATUS lsa_SetSystemAccessAccount();
489
490         /* Function:        0x19 */
491         NTSTATUS lsa_OpenTrustedDomain(
492                 [in]     policy_handle *handle,
493                 [in]     dom_sid2      *sid,
494                 [in]         uint32         access_mask,
495                 [out]    policy_handle *trustdom_handle
496                 );
497
498         typedef [flag(NDR_PAHEX)] struct {
499                 uint32 length;
500                 uint32 size;
501                 [size_is(size),length_is(length)] uint8 *data;
502         } lsa_DATA_BUF;
503
504         typedef [flag(NDR_PAHEX)] struct {
505                 [range(0,65536)] uint32 size;
506                 [size_is(size)] uint8 *data;
507         } lsa_DATA_BUF2;
508
509         typedef enum {
510                 LSA_TRUSTED_DOMAIN_INFO_NAME             = 1,
511                 LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS_INFO = 2,
512                 LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET     = 3,
513                 LSA_TRUSTED_DOMAIN_INFO_PASSWORD         = 4,
514                 LSA_TRUSTED_DOMAIN_INFO_BASIC            = 5,
515                 LSA_TRUSTED_DOMAIN_INFO_INFO_EX          = 6,
516                 LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO        = 7,
517                 LSA_TRUSTED_DOMAIN_INFO_FULL_INFO        = 8,
518                 LSA_TRUSTED_DOMAIN_INFO_11               = 11,
519                 LSA_TRUSTED_DOMAIN_INFO_INFO_ALL         = 12
520         } lsa_TrustDomInfoEnum;
521
522         typedef struct {
523                 lsa_StringLarge  netbios_name;
524         } lsa_TrustDomainInfoName;
525
526         typedef struct {
527                 uint32         posix_offset;
528         } lsa_TrustDomainInfoPosixOffset;
529
530         typedef struct {
531                 lsa_DATA_BUF  *password;
532                 lsa_DATA_BUF  *old_password;
533         } lsa_TrustDomainInfoPassword;
534
535         typedef struct {
536                 lsa_String     netbios_name;
537                 dom_sid2      *sid;
538         } lsa_TrustDomainInfoBasic;
539
540         typedef struct {
541                 lsa_StringLarge     domain_name;
542                 lsa_StringLarge     netbios_name;
543                 dom_sid2      *sid;
544                 uint32         trust_direction;
545                 uint32         trust_type;
546                 uint32         trust_attributes;
547         } lsa_TrustDomainInfoInfoEx;
548
549         typedef struct {
550                 NTTIME_hyper   last_update_time;
551                 uint32         secret_type;
552                 lsa_DATA_BUF2  data;
553         } lsa_TrustDomainInfoBuffer;
554
555         typedef struct {
556                 uint32 incoming_count;
557                 lsa_TrustDomainInfoBuffer *incoming_current_auth_info;
558                 lsa_TrustDomainInfoBuffer *incoming_previous_auth_info;
559                 uint32 outgoing_count;
560                 lsa_TrustDomainInfoBuffer *outgoing_current_auth_info;
561                 lsa_TrustDomainInfoBuffer *outgoing_previous_auth_info;
562         } lsa_TrustDomainInfoAuthInfo;
563
564         typedef struct {
565                 lsa_TrustDomainInfoInfoEx      info_ex;
566                 lsa_TrustDomainInfoPosixOffset posix_offset;
567                 lsa_TrustDomainInfoAuthInfo    auth_info;
568         } lsa_TrustDomainInfoFullInfo;
569
570         typedef struct {
571                 lsa_TrustDomainInfoInfoEx      info_ex;
572                 lsa_DATA_BUF2                  data1;
573         } lsa_TrustDomainInfo11;
574
575         typedef struct {
576                 lsa_TrustDomainInfoInfoEx      info_ex;
577                 lsa_DATA_BUF2                  data1;
578                 lsa_TrustDomainInfoPosixOffset posix_offset;
579                 lsa_TrustDomainInfoAuthInfo    auth_info;
580         } lsa_TrustDomainInfoInfoAll;
581
582         typedef [switch_type(lsa_TrustDomInfoEnum)] union {
583                 [case(LSA_TRUSTED_DOMAIN_INFO_NAME)]         lsa_TrustDomainInfoName        name;
584                 [case(LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET)] lsa_TrustDomainInfoPosixOffset posix_offset;
585                 [case(LSA_TRUSTED_DOMAIN_INFO_PASSWORD)]     lsa_TrustDomainInfoPassword    password;
586                 [case(LSA_TRUSTED_DOMAIN_INFO_BASIC)]        lsa_TrustDomainInfoBasic       info_basic;
587                 [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX)]      lsa_TrustDomainInfoInfoEx      info_ex;
588                 [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO)]    lsa_TrustDomainInfoAuthInfo    auth_info;
589                 [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)]    lsa_TrustDomainInfoFullInfo    full_info;
590                 [case(LSA_TRUSTED_DOMAIN_INFO_11)]           lsa_TrustDomainInfo11          info11;
591                 [case(LSA_TRUSTED_DOMAIN_INFO_INFO_ALL)]     lsa_TrustDomainInfoInfoAll     info_all;
592         } lsa_TrustedDomainInfo;
593
594         /* Function:       0x1a */
595         NTSTATUS lsa_QueryTrustedDomainInfo(
596                 [in]     policy_handle                   *trustdom_handle,
597                 [in]     lsa_TrustDomInfoEnum             level, 
598                 [out,switch_is(level),unique] lsa_TrustedDomainInfo *info
599                 );
600
601         /* Function:     0x1b */
602         [todo] NTSTATUS lsa_SetInformationTrustedDomain();
603
604         /* Function:          0x1c */
605         [public] NTSTATUS lsa_OpenSecret(
606                 [in]     policy_handle    *handle,
607                 [in]         lsa_String        name,
608                 [in]         uint32            access_mask,
609                 [out]    policy_handle    *sec_handle
610                 );
611
612         /* Function:           0x1d */
613
614         [public] NTSTATUS lsa_SetSecret(
615                 [in]     policy_handle    *sec_handle,
616                 [in,unique]         lsa_DATA_BUF     *new_val,
617                 [in,unique]         lsa_DATA_BUF     *old_val
618                 );
619
620         typedef struct {
621                 lsa_DATA_BUF *buf;
622         } lsa_DATA_BUF_PTR;
623
624         /* Function:         0x1e */
625         [public] NTSTATUS lsa_QuerySecret (
626                 [in]     policy_handle     *sec_handle,
627                 [in,out,unique]     lsa_DATA_BUF_PTR  *new_val,
628                 [in,out,unique]     NTTIME_hyper      *new_mtime,
629                 [in,out,unique]     lsa_DATA_BUF_PTR  *old_val,
630                 [in,out,unique]     NTTIME_hyper      *old_mtime
631                 );
632
633         /* Function:     0x1f */
634         NTSTATUS lsa_LookupPrivValue(
635                 [in]     policy_handle *handle,
636                 [in]     lsa_String *name,
637                 [out]    lsa_LUID *luid
638                 );
639
640
641         /* Function:      0x20 */
642         NTSTATUS lsa_LookupPrivName (
643                 [in]     policy_handle *handle,
644                 [in]     lsa_LUID *luid,
645                 [out,unique]        lsa_StringLarge *name
646                 );
647
648
649         /*******************/
650         /* Function:  0x21 */
651         NTSTATUS lsa_LookupPrivDisplayName (
652                 [in]     policy_handle *handle,
653                 [in]     lsa_String *name,
654                 [out,unique]        lsa_StringLarge *disp_name,
655                 /* see http://www.microsoft.com/globaldev/nlsweb/ for
656                    language definitions */
657                 [in,out] uint16 *language_id,
658                 [in]         uint16 unknown
659                 );
660
661         /* Function:        0x22 */
662         [todo] NTSTATUS lsa_DeleteObject();
663
664         
665         /*******************/
666         /* Function:      0x23 */
667         NTSTATUS lsa_EnumAccountsWithUserRight (
668                 [in]     policy_handle *handle,
669                 [in,unique]         lsa_String *name,
670                 [out]    lsa_SidArray *sids
671                 );
672
673         /* Function:      0x24 */
674         typedef struct {
675                 [string,charset(UTF16)] uint16 *name;
676         } lsa_RightAttribute;
677         
678         typedef struct {
679                 uint32 count;
680                 [size_is(count)] lsa_StringLarge *names;
681         } lsa_RightSet;
682         
683         NTSTATUS lsa_EnumAccountRights (
684                 [in]     policy_handle *handle,
685                 [in]     dom_sid2 *sid,
686                 [out]    lsa_RightSet *rights
687                 );
688
689
690         /**********************/
691         /* Function:       0x25 */
692         NTSTATUS lsa_AddAccountRights (
693                 [in]     policy_handle *handle,
694                 [in]     dom_sid2 *sid,
695                 [in]     lsa_RightSet *rights
696                 );
697         
698         /**********************/
699         /* Function:       0x26 */
700         NTSTATUS lsa_RemoveAccountRights (
701                 [in]     policy_handle *handle,
702                 [in]     dom_sid2 *sid,
703                 [in]         uint32 unknown,
704                 [in]     lsa_RightSet *rights
705                 );
706
707         /* Function:   0x27 */
708         NTSTATUS lsa_QueryTrustedDomainInfoBySid(
709                 [in]               policy_handle         *handle,
710                 [in]               dom_sid2              *dom_sid,
711                 [in]                   lsa_TrustDomInfoEnum  level, 
712                 [out,switch_is(level),unique] lsa_TrustedDomainInfo *info
713         );
714
715         /* Function:     0x28 */
716         [todo] NTSTATUS lsa_SetTrustedDomainInfo();
717         /* Function:      0x29 */
718         NTSTATUS lsa_DeleteTrustedDomain(
719                 [in]               policy_handle         *handle,
720                 [in]               dom_sid2              *dom_sid
721         );
722
723         /* Function:       0x2a */
724         [todo] NTSTATUS lsa_StorePrivateData();
725         /* Function:        0x2b */
726         [todo] NTSTATUS lsa_RetrievePrivateData();
727
728
729         /**********************/
730         /* Function:     0x2c */
731         [public] NTSTATUS lsa_OpenPolicy2 (
732                 [in,unique]      [string,charset(UTF16)] uint16 *system_name,
733                 [in]  lsa_ObjectAttribute *attr,
734                 [in]      uint32 access_mask,
735                 [out] policy_handle *handle
736                 );
737
738         /**********************/
739         /* Function:     0x2d */
740         typedef struct {
741                 lsa_String *string;
742         } lsa_StringPointer;
743
744         NTSTATUS lsa_GetUserName(
745                 [in,unique] [string,charset(UTF16)] uint16 *system_name,
746                 [in,out,unique] lsa_String *account_name,
747                 [in,out,unique] lsa_StringPointer *authority_name
748                 );
749
750         /**********************/
751         /* Function:          0x2e */
752
753         NTSTATUS lsa_QueryInfoPolicy2(
754                 [in]                 policy_handle *handle,
755                 [in]                     lsa_PolicyInfo level,
756                 [out,unique,switch_is(level)]   lsa_PolicyInformation *info
757                 );
758
759         /* Function 0x2f */
760         NTSTATUS lsa_SetInfoPolicy2(
761                 [in]                            policy_handle *handle,
762                 [in]                            lsa_PolicyInfo level,
763                 [in,switch_is(level)]           lsa_PolicyInformation *info
764                 );
765
766         /**********************/
767         /* Function 0x30 */
768         NTSTATUS lsa_QueryTrustedDomainInfoByName(
769                 [in]                   policy_handle         *handle,
770                 [in]                   lsa_String             trusted_domain,
771                 [in]                   lsa_TrustDomInfoEnum   level, 
772                 [out,unique,switch_is(level)] lsa_TrustedDomainInfo *info
773                 );
774
775         /**********************/
776         /* Function 0x31 */
777         NTSTATUS lsa_SetTrustedDomainInfoByName(
778                 [in]                   policy_handle         *handle,
779                 [in]                   lsa_String             trusted_domain,
780                 [in]                   lsa_TrustDomInfoEnum   level, 
781                 [in,unique,switch_is(level)] lsa_TrustedDomainInfo *info
782                 );
783
784         /* Function 0x32 */
785
786         /* w2k3 treats max_size as max_domains*82       */
787         const int LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER = 82;
788
789         typedef struct {
790                 uint32 count;
791                 [size_is(count)] lsa_TrustDomainInfoInfoEx *domains;
792         } lsa_DomainListEx;
793
794         NTSTATUS lsa_EnumTrustedDomainsEx (
795                 [in]               policy_handle *handle,
796                 [in,out]           uint32 *resume_handle,
797                 [out]              lsa_DomainListEx *domains,
798                 [in]               uint32 max_size
799                 );
800
801
802         /* Function 0x33 */
803         [todo] NTSTATUS lsa_CreateTrustedDomainEx();
804
805         /* Function 0x34 */
806         NTSTATUS lsa_CloseTrustedDomainEx(
807                 [in,out]                   policy_handle         *handle
808         );
809
810         /* Function 0x35 */
811
812         /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000 
813            for unknown6 - gd */
814         typedef struct {
815                 uint32 enforce_restrictions;
816                 hyper service_tkt_lifetime;
817                 hyper user_tkt_lifetime;
818                 hyper user_tkt_renewaltime;
819                 hyper clock_skew;
820                 hyper unknown6;
821         } lsa_DomainInfoKerberos;
822
823         typedef struct {
824                 uint32 blob_size;
825                 [size_is(blob_size)] uint8 *efs_blob;
826         } lsa_DomainInfoEfs;
827
828         typedef enum {
829                 LSA_DOMAIN_INFO_POLICY_EFS=2,
830                 LSA_DOMAIN_INFO_POLICY_KERBEROS=3
831         } lsa_DomainInfoEnum;
832
833         typedef [switch_type(uint16)] union {
834                 [case(LSA_DOMAIN_INFO_POLICY_EFS)]      lsa_DomainInfoEfs       efs_info;
835                 [case(LSA_DOMAIN_INFO_POLICY_KERBEROS)] lsa_DomainInfoKerberos  kerberos_info;
836         } lsa_DomainInformationPolicy;
837
838         NTSTATUS lsa_QueryDomainInformationPolicy(
839                 [in]            policy_handle *handle,
840                 [in]                    uint16 level,
841                 [out,unique,switch_is(level)]   lsa_DomainInformationPolicy *info
842                 );
843
844         /* Function 0x36 */
845         NTSTATUS lsa_SetDomainInformationPolicy(
846                 [in]            policy_handle *handle,
847                 [in]                    uint16 level,
848                 [in,unique,switch_is(level)]    lsa_DomainInformationPolicy *info
849                 );
850
851         /**********************/
852         /* Function 0x37 */
853         NTSTATUS lsa_OpenTrustedDomainByName(
854                 [in]     policy_handle *handle,
855                 [in]         lsa_String     name,
856                 [in]         uint32         access_mask,
857                 [out]    policy_handle *trustdom_handle
858                 );
859
860         /* Function 0x38 */
861         [todo] NTSTATUS lsa_TestCall();
862
863         /**********************/
864         /* Function 0x39 */
865
866         typedef struct {
867                 lsa_SidType sid_type;
868                 lsa_String name;
869                 uint32 sid_index;
870                 uint32 unknown;
871         } lsa_TranslatedName2;
872
873         typedef struct {
874                 [range(0,1000)] uint32 count;
875                 [size_is(count)] lsa_TranslatedName2 *names;
876         } lsa_TransNameArray2;
877
878         [public] NTSTATUS lsa_LookupSids2(
879                 [in]     policy_handle *handle,
880                 [in]     lsa_SidArray *sids,
881                 [out,unique]        lsa_RefDomainList *domains,
882                 [in,out] lsa_TransNameArray2 *names,
883                 [in]         uint16 level,
884                 [in,out] uint32 *count,
885                 [in]         uint32 unknown1,
886                 [in]         uint32 unknown2
887                 );
888
889         /**********************/
890         /* Function 0x3a */
891
892         typedef struct {
893                 lsa_SidType sid_type;
894                 uint32 rid;
895                 uint32 sid_index;
896                 uint32 unknown;
897         } lsa_TranslatedSid2;
898
899         typedef struct {
900                 [range(0,1000)] uint32 count;
901                 [size_is(count)] lsa_TranslatedSid2 *sids;
902         } lsa_TransSidArray2;
903
904         [public] NTSTATUS lsa_LookupNames2 (
905                 [in]     policy_handle *handle,
906                 [in,range(0,1000)] uint32 num_names,
907                 [in,size_is(num_names)]  lsa_String names[],
908                 [out,unique]        lsa_RefDomainList *domains,
909                 [in,out] lsa_TransSidArray2 *sids,
910                 [in]         lsa_LookupNamesLevel level,
911                 [in,out] uint32 *count,
912                 [in]         uint32 unknown1,
913                 [in]         uint32 unknown2
914                 );
915
916         /* Function 0x3b */
917         [todo] NTSTATUS lsa_CreateTrustedDomainEx2();
918
919         /* Function 0x3c */
920         [todo] NTSTATUS lsa_CREDRWRITE();
921
922         /* Function 0x3d */
923         [todo] NTSTATUS lsa_CREDRREAD();
924
925         /* Function 0x3e */
926         [todo] NTSTATUS lsa_CREDRENUMERATE();
927
928         /* Function 0x3f */
929         [todo] NTSTATUS lsa_CREDRWRITEDOMAINCREDENTIALS();
930
931         /* Function 0x40 */
932         [todo] NTSTATUS lsa_CREDRREADDOMAINCREDENTIALS();
933
934         /* Function 0x41 */
935         [todo] NTSTATUS lsa_CREDRDELETE();
936
937         /* Function 0x42 */
938         [todo] NTSTATUS lsa_CREDRGETTARGETINFO();
939
940         /* Function 0x43 */
941         [todo] NTSTATUS lsa_CREDRPROFILELOADED();
942
943         /**********************/
944         /* Function 0x44 */
945         typedef struct {
946                 lsa_SidType sid_type;
947                 dom_sid2 *sid;
948                 uint32 sid_index;
949                 uint32 unknown;
950         } lsa_TranslatedSid3;
951
952         typedef struct {
953                 [range(0,1000)] uint32 count;
954                 [size_is(count)] lsa_TranslatedSid3 *sids;
955         } lsa_TransSidArray3;
956
957         [public] NTSTATUS lsa_LookupNames3 (
958                 [in]     policy_handle *handle,
959                 [in,range(0,1000)] uint32 num_names,
960                 [in,size_is(num_names)]  lsa_String names[],
961                 [out,unique]        lsa_RefDomainList *domains,
962                 [in,out] lsa_TransSidArray3 *sids,
963                 [in]         lsa_LookupNamesLevel level,
964                 [in,out] uint32 *count,
965                 [in]         uint32 unknown1,
966                 [in]         uint32 unknown2
967                 );
968
969         /* Function 0x45 */
970         [todo] NTSTATUS lsa_CREDRGETSESSIONTYPES();
971
972         /* Function 0x46 */
973         [todo] NTSTATUS lsa_LSARREGISTERAUDITEVENT();
974
975         /* Function 0x47 */
976         [todo] NTSTATUS lsa_LSARGENAUDITEVENT();
977
978         /* Function 0x48 */
979         [todo] NTSTATUS lsa_LSARUNREGISTERAUDITEVENT();
980
981         /* Function 0x49 */
982         typedef struct {
983                 [range(0,131072)] uint32 length;
984                 [size_is(length)] uint8 *data;
985         } lsa_ForestTrustBinaryData;
986
987         typedef struct {
988                 dom_sid2 *domain_sid;
989                 lsa_StringLarge dns_domain_name;
990                 lsa_StringLarge netbios_domain_name;
991         } lsa_ForestTrustDomainInfo;
992
993         typedef [switch_type(uint32)] union {
994                 [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_String top_level_name;
995                 [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex;
996                 [case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info;
997                 [default] lsa_ForestTrustBinaryData data;
998         } lsa_ForestTrustData;
999
1000         typedef [v1_enum] enum {
1001                 LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0,
1002                 LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
1003                 LSA_FOREST_TRUST_DOMAIN_INFO = 2,
1004                 LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3
1005         } lsa_ForestTrustRecordType;
1006
1007         typedef struct {
1008                 uint32 flags;
1009                 lsa_ForestTrustRecordType level;
1010                 hyper unknown;
1011                 [switch_is(level)] lsa_ForestTrustData forest_trust_data;
1012         } lsa_ForestTrustRecord;
1013
1014         typedef [public] struct {
1015                 [range(0,4000)] uint32 count;
1016                 [size_is(count)] lsa_ForestTrustRecord **entries;
1017         } lsa_ForestTrustInformation;
1018
1019         NTSTATUS lsa_lsaRQueryForestTrustInformation(
1020                 [in] policy_handle *handle,
1021                 [in,ref] lsa_String *trusted_domain_name,
1022                 [in] uint16 unknown, /* level ? */
1023                 [out,ref] lsa_ForestTrustInformation **forest_trust_info
1024                 );
1025
1026         /* Function 0x4a */
1027         [todo] NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION();
1028
1029         /* Function 0x4b */
1030         [todo] NTSTATUS lsa_CREDRRENAME();
1031
1032         /*****************/
1033         /* Function 0x4c */
1034
1035         [public] NTSTATUS lsa_LookupSids3(
1036                 [in]         lsa_SidArray *sids,
1037                 [out,unique] lsa_RefDomainList *domains,
1038                 [in,out]     lsa_TransNameArray2 *names,
1039                 [in]         uint16 level,
1040                 [in,out]     uint32 *count,
1041                 [in]         uint32 unknown1,
1042                 [in]         uint32 unknown2
1043                 );
1044
1045         /* Function 0x4d */
1046         NTSTATUS lsa_LookupNames4(
1047                 [in,range(0,1000)] uint32 num_names,
1048                 [in,size_is(num_names)]  lsa_String names[],
1049                 [out,unique]        lsa_RefDomainList *domains,
1050                 [in,out] lsa_TransSidArray3 *sids,
1051                 [in]         lsa_LookupNamesLevel level,
1052                 [in,out] uint32 *count,
1053                 [in]         uint32 unknown1,
1054                 [in]         uint32 unknown2
1055                 );
1056
1057         /* Function 0x4e */
1058         [todo] NTSTATUS lsa_LSAROPENPOLICYSCE();
1059
1060         /* Function 0x4f */
1061         [todo] NTSTATUS lsa_LSARADTREGISTERSECURITYEVENTSOURCE();
1062
1063         /* Function 0x50 */
1064         [todo] NTSTATUS lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE();
1065
1066         /* Function 0x51 */
1067         [todo] NTSTATUS lsa_LSARADTREPORTSECURITYEVENT();
1068
1069 }