4 lsa interface definition
7 [ uuid("12345778-1234-abcd-ef00-0123456789ab"),
9 endpoint("ncacn_np:[\\pipe\\lsarpc]","ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:", "ncalrpc:"),
10 pointer_default(unique),
11 helpstring("Local Security Authority"),
15 declare bitmap security_secinfo;
17 typedef [public,noejs] struct {
18 [value(2*strlen_m(string))] uint16 length;
19 [value(2*strlen_m(string))] uint16 size;
20 unistr_noterm *string;
23 typedef [public] struct {
24 [value(2*strlen_m(string))] uint16 length;
25 [value(2*(strlen_m(string)+1))] uint16 size;
26 [flag(STR_SIZE4|STR_LEN4|STR_NOTERM|STR_LARGE_SIZE)] string *string;
29 typedef [public] struct {
31 [size_is(count)] lsa_String *names;
34 typedef [public] struct {
35 [value(strlen_m(string))] uint16 length;
36 [value(strlen_m(string))] uint16 size;
37 ascstr_noterm *string;
43 [in,out] policy_handle *handle
50 [in] policy_handle *handle
68 [size_is(count)] lsa_PrivEntry *privs;
71 NTSTATUS lsa_EnumPrivs (
72 [in] policy_handle *handle,
73 [in,out] uint32 *resume_handle,
74 [in] uint32 max_count,
75 [out] lsa_PrivArray *privs
81 NTSTATUS lsa_QuerySecurity (
82 [in] policy_handle *handle,
83 [in] security_secinfo sec_info,
84 [out,unique] sec_desc_buf *sdbuf
90 NTSTATUS lsa_SetSecObj ();
95 NTSTATUS lsa_ChangePassword ();
101 uint32 len; /* ignored */
102 uint16 impersonation_level;
104 uint8 effective_only;
108 uint32 len; /* ignored */
112 security_descriptor *sec_desc;
113 lsa_QosInfo *sec_qos;
114 } lsa_ObjectAttribute;
116 /* notice the screwup with the system_name - thats why MS created
118 NTSTATUS lsa_OpenPolicy (
119 [in,unique] uint16 *system_name,
120 [in] lsa_ObjectAttribute *attr,
121 [in] uint32 access_mask,
122 [out] policy_handle *handle
133 NTTIME retention_time;
134 uint8 shutdown_in_progress;
135 NTTIME time_to_shutdown;
136 uint32 next_audit_record;
141 uint32 auditing_mode;
142 [size_is(count)] uint32 *settings;
144 } lsa_AuditEventsInfo;
156 uint16 unknown; /* an midl padding bug? */
163 } lsa_ReplicaSourceInfo;
167 uint32 non_paged_pool;
172 } lsa_DefaultQuotaInfo;
176 NTTIME db_create_time;
177 } lsa_ModificationInfo;
180 uint8 shutdown_on_full;
181 } lsa_AuditFullSetInfo;
184 uint16 unknown; /* an midl padding bug? */
185 uint8 shutdown_on_full;
187 } lsa_AuditFullQueryInfo;
190 /* it's important that we use the lsa_StringLarge here,
191 * because otherwise windows clients result with such dns hostnames
192 * e.g. w2k3-client.samba4.samba.orgsamba4.samba.org
194 * w2k3-client.samba4.samba.org
196 lsa_StringLarge name;
197 lsa_StringLarge dns_domain;
198 lsa_StringLarge dns_forest;
204 LSA_POLICY_INFO_AUDIT_LOG=1,
205 LSA_POLICY_INFO_AUDIT_EVENTS=2,
206 LSA_POLICY_INFO_DOMAIN=3,
207 LSA_POLICY_INFO_PD=4,
208 LSA_POLICY_INFO_ACCOUNT_DOMAIN=5,
209 LSA_POLICY_INFO_ROLE=6,
210 LSA_POLICY_INFO_REPLICA=7,
211 LSA_POLICY_INFO_QUOTA=8,
212 LSA_POLICY_INFO_DB=9,
213 LSA_POLICY_INFO_AUDIT_FULL_SET=10,
214 LSA_POLICY_INFO_AUDIT_FULL_QUERY=11,
215 LSA_POLICY_INFO_DNS=12
218 typedef [switch_type(uint16)] union {
219 [case(LSA_POLICY_INFO_AUDIT_LOG)] lsa_AuditLogInfo audit_log;
220 [case(LSA_POLICY_INFO_AUDIT_EVENTS)] lsa_AuditEventsInfo audit_events;
221 [case(LSA_POLICY_INFO_DOMAIN)] lsa_DomainInfo domain;
222 [case(LSA_POLICY_INFO_PD)] lsa_PDAccountInfo pd;
223 [case(LSA_POLICY_INFO_ACCOUNT_DOMAIN)] lsa_DomainInfo account_domain;
224 [case(LSA_POLICY_INFO_ROLE)] lsa_ServerRole role;
225 [case(LSA_POLICY_INFO_REPLICA)] lsa_ReplicaSourceInfo replica;
226 [case(LSA_POLICY_INFO_QUOTA)] lsa_DefaultQuotaInfo quota;
227 [case(LSA_POLICY_INFO_DB)] lsa_ModificationInfo db;
228 [case(LSA_POLICY_INFO_AUDIT_FULL_SET)] lsa_AuditFullSetInfo auditfullset;
229 [case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery;
230 [case(LSA_POLICY_INFO_DNS)] lsa_DnsDomainInfo dns;
231 } lsa_PolicyInformation;
233 NTSTATUS lsa_QueryInfoPolicy (
234 [in] policy_handle *handle,
236 [out,unique,switch_is(level)] lsa_PolicyInformation *info
241 NTSTATUS lsa_SetInfoPolicy ();
245 NTSTATUS lsa_ClearAuditLog ();
249 NTSTATUS lsa_CreateAccount (
250 [in] policy_handle *handle,
252 [in] uint32 access_mask,
253 [out] policy_handle *acct_handle
257 /* NOTE: This only returns accounts that have at least
265 typedef [public] struct {
266 [range(0,1000)] uint32 num_sids;
267 [size_is(num_sids)] lsa_SidPtr *sids;
270 NTSTATUS lsa_EnumAccounts (
271 [in] policy_handle *handle,
272 [in,out] uint32 *resume_handle,
273 [in,range(0,8192)] uint32 num_entries,
274 [out] lsa_SidArray *sids
278 /*************************************************/
284 } lsa_TrustInformation;
286 NTSTATUS lsa_CreateTrustedDomain(
287 [in] policy_handle *handle,
288 [in] lsa_TrustInformation *info,
289 [in] uint32 access_mask,
290 [out] policy_handle *trustdom_handle
297 /* w2k3 treats max_size as max_domains*60 */
298 const int LSA_ENUM_TRUST_DOMAIN_MULTIPLIER = 60;
303 } lsa_DomainInformation;
307 [size_is(count)] lsa_DomainInformation *domains;
310 NTSTATUS lsa_EnumTrustDom (
311 [in] policy_handle *handle,
312 [in,out] uint32 *resume_handle,
313 [in,range(0,1000)] uint32 max_size,
314 [out] lsa_DomainList *domains
321 SID_NAME_USE_NONE = 0,/* NOTUSED */
322 SID_NAME_USER = 1, /* user */
323 SID_NAME_DOM_GRP = 2, /* domain group */
324 SID_NAME_DOMAIN = 3, /* domain: don't know what this is */
325 SID_NAME_ALIAS = 4, /* local group */
326 SID_NAME_WKN_GRP = 5, /* well-known group */
327 SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating */
328 SID_NAME_INVALID = 7, /* invalid account */
329 SID_NAME_UNKNOWN = 8 /* oops. */
333 lsa_SidType sid_type;
339 [range(0,1000)] uint32 count;
340 [size_is(count)] lsa_TranslatedSid *sids;
344 [range(0,1000)] uint32 count;
345 [size_is(count)] lsa_TrustInformation *domains;
349 NTSTATUS lsa_LookupNames (
350 [in] policy_handle *handle,
351 [in,range(0,1000)] uint32 num_names,
352 [in,size_is(num_names)] lsa_String names[],
353 [out,unique] lsa_RefDomainList *domains,
354 [in,out] lsa_TransSidArray *sids,
356 [in,out] uint32 *count
364 lsa_SidType sid_type;
367 } lsa_TranslatedName;
370 [range(0,1000)] uint32 count;
371 [size_is(count)] lsa_TranslatedName *names;
372 } lsa_TransNameArray;
374 NTSTATUS lsa_LookupSids (
375 [in] policy_handle *handle,
376 [in] lsa_SidArray *sids,
377 [out,unique] lsa_RefDomainList *domains,
378 [in,out] lsa_TransNameArray *names,
380 [in,out] uint32 *count
385 NTSTATUS lsa_CreateSecret(
386 [in] policy_handle *handle,
387 [in] lsa_String name,
388 [in] uint32 access_mask,
389 [out] policy_handle *sec_handle
393 /*****************************************/
395 NTSTATUS lsa_OpenAccount (
396 [in] policy_handle *handle,
398 [in] uint32 access_mask,
399 [out] policy_handle *acct_handle
403 /****************************************/
412 [range(0,1000)] uint32 count;
414 [size_is(count)] lsa_LUIDAttribute set[*];
417 NTSTATUS lsa_EnumPrivsAccount (
418 [in] policy_handle *handle,
419 [out,unique] lsa_PrivilegeSet *privs
423 /****************************************/
425 NTSTATUS lsa_AddPrivilegesToAccount(
426 [in] policy_handle *handle,
427 [in] lsa_PrivilegeSet *privs
431 /****************************************/
433 NTSTATUS lsa_RemovePrivilegesFromAccount(
434 [in] policy_handle *handle,
435 [in] uint8 remove_all,
436 [in,unique] lsa_PrivilegeSet *privs
440 NTSTATUS lsa_GetQuotasForAccount();
443 NTSTATUS lsa_SetQuotasForAccount();
446 NTSTATUS lsa_GetSystemAccessAccount();
448 NTSTATUS lsa_SetSystemAccessAccount();
451 NTSTATUS lsa_OpenTrustedDomain(
452 [in] policy_handle *handle,
454 [in] uint32 access_mask,
455 [out] policy_handle *trustdom_handle
458 typedef [flag(NDR_PAHEX)] struct {
461 [size_is(size),length_is(length)] uint8 *data;
464 typedef [flag(NDR_PAHEX)] struct {
465 [range(0,65536)] uint32 size;
466 [size_is(size)] uint8 *data;
470 LSA_TRUSTED_DOMAIN_INFO_NAME = 1,
471 LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS_INFO = 2,
472 LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET = 3,
473 LSA_TRUSTED_DOMAIN_INFO_PASSWORD = 4,
474 LSA_TRUSTED_DOMAIN_INFO_BASIC = 5,
475 LSA_TRUSTED_DOMAIN_INFO_INFO_EX = 6,
476 LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO = 7,
477 LSA_TRUSTED_DOMAIN_INFO_FULL_INFO = 8,
478 LSA_TRUSTED_DOMAIN_INFO_11 = 11,
479 LSA_TRUSTED_DOMAIN_INFO_INFO_ALL = 12
480 } lsa_TrustDomInfoEnum;
483 lsa_String netbios_name;
484 } lsa_TrustDomainInfoName;
488 } lsa_TrustDomainInfoPosixOffset;
491 lsa_DATA_BUF *password;
492 lsa_DATA_BUF *old_password;
493 } lsa_TrustDomainInfoPassword;
496 lsa_String netbios_name;
498 } lsa_TrustDomainInfoBasic;
501 lsa_String domain_name;
502 lsa_String netbios_name;
504 uint32 trust_direction;
506 uint32 trust_attributes;
507 } lsa_TrustDomainInfoInfoEx;
510 NTTIME_hyper last_update_time;
513 } lsa_TrustDomainInfoBuffer;
516 uint32 incoming_count;
517 lsa_TrustDomainInfoBuffer *incoming_current_auth_info;
518 lsa_TrustDomainInfoBuffer *incoming_previous_auth_info;
519 uint32 outgoing_count;
520 lsa_TrustDomainInfoBuffer *outgoing_current_auth_info;
521 lsa_TrustDomainInfoBuffer *outgoing_previous_auth_info;
522 } lsa_TrustDomainInfoAuthInfo;
525 lsa_TrustDomainInfoInfoEx info_ex;
526 lsa_TrustDomainInfoPosixOffset posix_offset;
527 lsa_TrustDomainInfoAuthInfo auth_info;
528 } lsa_TrustDomainInfoFullInfo;
531 lsa_TrustDomainInfoInfoEx info_ex;
533 } lsa_TrustDomainInfo11;
536 lsa_TrustDomainInfoInfoEx info_ex;
538 lsa_TrustDomainInfoPosixOffset posix_offset;
539 lsa_TrustDomainInfoAuthInfo auth_info;
540 } lsa_TrustDomainInfoInfoAll;
542 typedef [switch_type(lsa_TrustDomInfoEnum)] union {
543 [case(LSA_TRUSTED_DOMAIN_INFO_NAME)] lsa_TrustDomainInfoName name;
544 [case(LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET)] lsa_TrustDomainInfoPosixOffset posix_offset;
545 [case(LSA_TRUSTED_DOMAIN_INFO_PASSWORD)] lsa_TrustDomainInfoPassword password;
546 [case(LSA_TRUSTED_DOMAIN_INFO_BASIC)] lsa_TrustDomainInfoBasic info_basic;
547 [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX)] lsa_TrustDomainInfoInfoEx info_ex;
548 [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO)] lsa_TrustDomainInfoAuthInfo auth_info;
549 [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)] lsa_TrustDomainInfoFullInfo full_info;
550 [case(LSA_TRUSTED_DOMAIN_INFO_11)] lsa_TrustDomainInfo11 info11;
551 [case(LSA_TRUSTED_DOMAIN_INFO_INFO_ALL)] lsa_TrustDomainInfoInfoAll info_all;
552 } lsa_TrustedDomainInfo;
555 NTSTATUS lsa_QueryTrustedDomainInfo(
556 [in] policy_handle *trustdom_handle,
557 [in] lsa_TrustDomInfoEnum level,
558 [out,switch_is(level),unique] lsa_TrustedDomainInfo *info
562 NTSTATUS lsa_SetInformationTrustedDomain();
565 NTSTATUS lsa_OpenSecret(
566 [in] policy_handle *handle,
567 [in] lsa_String name,
568 [in] uint32 access_mask,
569 [out] policy_handle *sec_handle
574 NTSTATUS lsa_SetSecret(
575 [in] policy_handle *sec_handle,
576 [in,unique] lsa_DATA_BUF *new_val,
577 [in,unique] lsa_DATA_BUF *old_val
585 NTSTATUS lsa_QuerySecret (
586 [in] policy_handle *sec_handle,
587 [in,out,unique] lsa_DATA_BUF_PTR *new_val,
588 [in,out,unique] NTTIME_hyper *new_mtime,
589 [in,out,unique] lsa_DATA_BUF_PTR *old_val,
590 [in,out,unique] NTTIME_hyper *old_mtime
594 NTSTATUS lsa_LookupPrivValue(
595 [in] policy_handle *handle,
596 [in] lsa_String *name,
602 NTSTATUS lsa_LookupPrivName (
603 [in] policy_handle *handle,
605 [out,unique] lsa_String *name
609 /*******************/
611 NTSTATUS lsa_LookupPrivDisplayName (
612 [in] policy_handle *handle,
613 [in] lsa_String *name,
614 [out,unique] lsa_String *disp_name,
615 /* see http://www.microsoft.com/globaldev/nlsweb/ for
616 language definitions */
617 [in,out] uint16 *language_id,
622 NTSTATUS lsa_DeleteObject();
625 /*******************/
627 NTSTATUS lsa_EnumAccountsWithUserRight (
628 [in] policy_handle *handle,
629 [in,unique] lsa_String *name,
630 [out] lsa_SidArray *sids
636 } lsa_RightAttribute;
640 [size_is(count)] lsa_String *names;
643 NTSTATUS lsa_EnumAccountRights (
644 [in] policy_handle *handle,
646 [out] lsa_RightSet *rights
650 /**********************/
652 NTSTATUS lsa_AddAccountRights (
653 [in] policy_handle *handle,
655 [in] lsa_RightSet *rights
658 /**********************/
660 NTSTATUS lsa_RemoveAccountRights (
661 [in] policy_handle *handle,
664 [in] lsa_RightSet *rights
668 NTSTATUS lsa_QueryTrustedDomainInfoBySid(
669 [in] policy_handle *handle,
670 [in] dom_sid2 *dom_sid,
671 [in] lsa_TrustDomInfoEnum level,
672 [out,switch_is(level),unique] lsa_TrustedDomainInfo *info
676 NTSTATUS lsa_SetTrustDomainInfo();
678 NTSTATUS lsa_DeleteTrustDomain();
680 NTSTATUS lsa_StorePrivateData();
682 NTSTATUS lsa_RetrievePrivateData();
685 /**********************/
687 NTSTATUS lsa_OpenPolicy2 (
688 [in,unique] unistr *system_name,
689 [in] lsa_ObjectAttribute *attr,
690 [in] uint32 access_mask,
691 [out] policy_handle *handle
694 /**********************/
700 NTSTATUS lsa_GetUserName(
701 [in,unique] unistr *system_name,
702 [in,out,unique] lsa_String *account_name,
703 [in,out,unique] lsa_StringPointer *authority_name
706 /**********************/
709 NTSTATUS lsa_QueryInfoPolicy2(
710 [in] policy_handle *handle,
712 [out,unique,switch_is(level)] lsa_PolicyInformation *info
716 NTSTATUS lsa_SetInfoPolicy2();
718 /**********************/
720 NTSTATUS lsa_QueryTrustedDomainInfoByName(
721 [in] policy_handle *handle,
722 [in] lsa_String trusted_domain,
723 [in] lsa_TrustDomInfoEnum level,
724 [out,unique,switch_is(level)] lsa_TrustedDomainInfo *info
728 NTSTATUS lsa_SetTrustedDomainInfoByName();
731 NTSTATUS lsa_EnumTrustedDomainsEx();
734 NTSTATUS lsa_CreateTrustedDomainEx();
737 NTSTATUS lsa_CloseTrustedDomainEx();
741 /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000
744 uint32 enforce_restrictions;
745 hyper service_tkt_lifetime;
746 hyper user_tkt_lifetime;
747 hyper user_tkt_renewaltime;
750 } lsa_DomainInfoKerberos;
754 [size_is(blob_size)] uint8 *efs_blob;
758 LSA_DOMAIN_INFO_POLICY_EFS=2,
759 LSA_DOMAIN_INFO_POLICY_KERBEROS=3
760 } lsa_DomainInfoEnum;
762 typedef [switch_type(uint16)] union {
763 [case(LSA_DOMAIN_INFO_POLICY_EFS)] lsa_DomainInfoEfs efs_info;
764 [case(LSA_DOMAIN_INFO_POLICY_KERBEROS)] lsa_DomainInfoKerberos kerberos_info;
765 } lsa_DomainInformationPolicy;
767 NTSTATUS lsa_QueryDomainInformationPolicy(
768 [in] policy_handle *handle,
770 [out,unique,switch_is(level)] lsa_DomainInformationPolicy *info
774 NTSTATUS lsa_SetDomainInformationPolicy(
775 [in] policy_handle *handle,
777 [in,unique,switch_is(level)] lsa_DomainInformationPolicy *info
780 /**********************/
782 NTSTATUS lsa_OpenTrustedDomainByName(
783 [in] policy_handle *handle,
784 [in] lsa_String name,
785 [in] uint32 access_mask,
786 [out] policy_handle *trustdom_handle
790 NTSTATUS lsa_TestCall();
792 /**********************/
796 lsa_SidType sid_type;
800 } lsa_TranslatedName2;
803 [range(0,1000)] uint32 count;
804 [size_is(count)] lsa_TranslatedName2 *names;
805 } lsa_TransNameArray2;
807 NTSTATUS lsa_LookupSids2(
808 [in] policy_handle *handle,
809 [in] lsa_SidArray *sids,
810 [out,unique] lsa_RefDomainList *domains,
811 [in,out] lsa_TransNameArray2 *names,
813 [in,out] uint32 *count,
814 [in] uint32 unknown1,
818 /**********************/
822 lsa_SidType sid_type;
826 } lsa_TranslatedSid2;
829 [range(0,1000)] uint32 count;
830 [size_is(count)] lsa_TranslatedSid2 *sids;
831 } lsa_TransSidArray2;
833 NTSTATUS lsa_LookupNames2 (
834 [in] policy_handle *handle,
835 [in,range(0,1000)] uint32 num_names,
836 [in,size_is(num_names)] lsa_String names[],
837 [out,unique] lsa_RefDomainList *domains,
838 [in,out] lsa_TransSidArray2 *sids,
840 [in,out] uint32 *count,
841 [in] uint32 unknown1,
846 NTSTATUS lsa_CreateTrustedDomainEx2();
849 NTSTATUS lsa_CREDRWRITE();
852 NTSTATUS lsa_CREDRREAD();
855 NTSTATUS lsa_CREDRENUMERATE();
858 NTSTATUS lsa_CREDRWRITEDOMAINCREDENTIALS();
861 NTSTATUS lsa_CREDRREADDOMAINCREDENTIALS();
864 NTSTATUS lsa_CREDRDELETE();
867 NTSTATUS lsa_CREDRGETTARGETINFO();
870 NTSTATUS lsa_CREDRPROFILELOADED();
872 /**********************/
875 lsa_SidType sid_type;
879 } lsa_TranslatedSid3;
882 [range(0,1000)] uint32 count;
883 [size_is(count)] lsa_TranslatedSid3 *sids;
884 } lsa_TransSidArray3;
886 NTSTATUS lsa_LookupNames3 (
887 [in] policy_handle *handle,
888 [in,range(0,1000)] uint32 num_names,
889 [in,size_is(num_names)] lsa_String names[],
890 [out,unique] lsa_RefDomainList *domains,
891 [in,out] lsa_TransSidArray3 *sids,
893 [in,out] uint32 *count,
894 [in] uint32 unknown1,
899 NTSTATUS lsa_CREDRGETSESSIONTYPES();
902 NTSTATUS lsa_LSARREGISTERAUDITEVENT();
905 NTSTATUS lsa_LSARGENAUDITEVENT();
908 NTSTATUS lsa_LSARUNREGISTERAUDITEVENT();
911 NTSTATUS lsa_LSARQUERYFORESTTRUSTINFORMATION();
914 NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION();
917 NTSTATUS lsa_CREDRRENAME();
922 NTSTATUS lsa_LookupSids3(
923 [in] lsa_SidArray *sids,
924 [out,unique] lsa_RefDomainList *domains,
925 [in,out] lsa_TransNameArray2 *names,
927 [in,out] uint32 *count,
928 [in] uint32 unknown1,
933 NTSTATUS lsa_LSARLOOKUPNAMES4();
936 NTSTATUS lsa_LSAROPENPOLICYSCE();
939 NTSTATUS lsa_LSARADTREGISTERSECURITYEVENTSOURCE();
942 NTSTATUS lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE();
945 NTSTATUS lsa_LSARADTREPORTSECURITYEVENT();