4 lsa interface definition
7 import "misc.idl", "security.idl";
9 [ uuid("12345778-1234-abcd-ef00-0123456789ab"),
11 endpoint("ncacn_np:[\\pipe\\lsarpc]","ncacn_np:[\\pipe\\netlogon]","ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:", "ncalrpc:"),
12 pointer_default(unique),
13 helpstring("Local Security Authority")
16 typedef bitmap security_secinfo security_secinfo;
17 typedef bitmap kerb_EncTypes kerb_EncTypes;
19 typedef [public,noejs] struct {
20 [value(2*strlen_m(string))] uint16 length;
21 [value(2*strlen_m(string))] uint16 size;
22 [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
25 typedef [public] struct {
26 [value(2*strlen_m(string))] uint16 length;
27 [value(2*strlen_m_term(string))] uint16 size;
28 [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
31 typedef [public] struct {
33 [size_is(count)] lsa_String *names;
36 typedef [public] struct {
37 [value(strlen_m(string))] uint16 length;
38 [value(strlen_m(string))] uint16 size;
39 [charset(DOS),size_is(size),length_is(length)] uint8 *string;
42 typedef [public] struct {
43 [value(strlen_m(string))] uint16 length;
44 [value(strlen_m_term(string))] uint16 size;
45 [charset(DOS),size_is(size),length_is(length)] uint8 *string;
46 } lsa_AsciiStringLarge;
48 typedef [public] struct {
51 [size_is(size/2),length_is(length/2)] uint16 *array;
57 [in,out] policy_handle *handle
63 [public] NTSTATUS lsa_Delete (
64 [in] policy_handle *handle
82 [size_is(count)] lsa_PrivEntry *privs;
85 [public] NTSTATUS lsa_EnumPrivs (
86 [in] policy_handle *handle,
87 [in,out,ref] uint32 *resume_handle,
88 [out,ref] lsa_PrivArray *privs,
95 NTSTATUS lsa_QuerySecurity (
96 [in] policy_handle *handle,
97 [in] security_secinfo sec_info,
98 [out,ref] sec_desc_buf **sdbuf
104 NTSTATUS lsa_SetSecObj(
105 [in] policy_handle *handle,
106 [in] security_secinfo sec_info,
107 [in,ref] sec_desc_buf *sdbuf
112 [todo] NTSTATUS lsa_ChangePassword ();
118 uint32 len; /* ignored */
119 uint16 impersonation_level;
121 uint8 effective_only;
125 uint32 len; /* ignored */
127 [string,charset(UTF16)] uint16 *object_name;
129 security_descriptor *sec_desc;
130 lsa_QosInfo *sec_qos;
131 } lsa_ObjectAttribute;
133 typedef [public,bitmap32bit] bitmap {
134 LSA_POLICY_VIEW_LOCAL_INFORMATION = 0x00000001,
135 LSA_POLICY_VIEW_AUDIT_INFORMATION = 0x00000002,
136 LSA_POLICY_GET_PRIVATE_INFORMATION = 0x00000004,
137 LSA_POLICY_TRUST_ADMIN = 0x00000008,
138 LSA_POLICY_CREATE_ACCOUNT = 0x00000010,
139 LSA_POLICY_CREATE_SECRET = 0x00000020,
140 LSA_POLICY_CREATE_PRIVILEGE = 0x00000040,
141 LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x00000080,
142 LSA_POLICY_SET_AUDIT_REQUIREMENTS = 0x00000100,
143 LSA_POLICY_AUDIT_LOG_ADMIN = 0x00000200,
144 LSA_POLICY_SERVER_ADMIN = 0x00000400,
145 LSA_POLICY_LOOKUP_NAMES = 0x00000800
146 } lsa_PolicyAccessMask;
148 /* notice the screwup with the system_name - thats why MS created
150 [public] NTSTATUS lsa_OpenPolicy (
151 [in,unique] uint16 *system_name,
152 [in] lsa_ObjectAttribute *attr,
153 [in] lsa_PolicyAccessMask access_mask,
154 [out] policy_handle *handle
165 NTTIME retention_time;
166 uint8 shutdown_in_progress;
167 NTTIME time_to_shutdown;
168 uint32 next_audit_record;
172 typedef [v1_enum] enum {
173 LSA_AUDIT_POLICY_NONE=0,
174 LSA_AUDIT_POLICY_SUCCESS=1,
175 LSA_AUDIT_POLICY_FAILURE=2,
176 LSA_AUDIT_POLICY_ALL=(LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE),
177 LSA_AUDIT_POLICY_CLEAR=4
178 } lsa_PolicyAuditPolicy;
181 LSA_AUDIT_CATEGORY_SYSTEM = 0,
182 LSA_AUDIT_CATEGORY_LOGON = 1,
183 LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS = 2,
184 LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS = 3,
185 LSA_AUDIT_CATEGORY_PROCCESS_TRACKING = 4,
186 LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES = 5,
187 LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT = 6,
188 LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS = 7, /* only in win2k/2k3 */
189 LSA_AUDIT_CATEGORY_ACCOUNT_LOGON = 8 /* only in win2k/2k3 */
190 } lsa_PolicyAuditEventType;
193 uint32 auditing_mode;
194 [size_is(count)] lsa_PolicyAuditPolicy *settings;
196 } lsa_AuditEventsInfo;
199 lsa_StringLarge name;
208 uint16 unknown; /* an midl padding bug? */
215 } lsa_ReplicaSourceInfo;
219 uint32 non_paged_pool;
224 } lsa_DefaultQuotaInfo;
228 NTTIME_hyper db_create_time;
229 } lsa_ModificationInfo;
232 uint8 shutdown_on_full;
233 } lsa_AuditFullSetInfo;
236 uint16 unknown; /* an midl padding bug? */
237 uint8 shutdown_on_full;
239 } lsa_AuditFullQueryInfo;
242 /* it's important that we use the lsa_StringLarge here,
243 * because otherwise windows clients result with such dns hostnames
244 * e.g. w2k3-client.samba4.samba.orgsamba4.samba.org
246 * w2k3-client.samba4.samba.org
248 lsa_StringLarge name;
249 lsa_StringLarge dns_domain;
250 lsa_StringLarge dns_forest;
256 LSA_POLICY_INFO_AUDIT_LOG=1,
257 LSA_POLICY_INFO_AUDIT_EVENTS=2,
258 LSA_POLICY_INFO_DOMAIN=3,
259 LSA_POLICY_INFO_PD=4,
260 LSA_POLICY_INFO_ACCOUNT_DOMAIN=5,
261 LSA_POLICY_INFO_ROLE=6,
262 LSA_POLICY_INFO_REPLICA=7,
263 LSA_POLICY_INFO_QUOTA=8,
264 LSA_POLICY_INFO_DB=9,
265 LSA_POLICY_INFO_AUDIT_FULL_SET=10,
266 LSA_POLICY_INFO_AUDIT_FULL_QUERY=11,
267 LSA_POLICY_INFO_DNS=12,
268 LSA_POLICY_INFO_DNS_INT=13
271 typedef [switch_type(uint16)] union {
272 [case(LSA_POLICY_INFO_AUDIT_LOG)] lsa_AuditLogInfo audit_log;
273 [case(LSA_POLICY_INFO_AUDIT_EVENTS)] lsa_AuditEventsInfo audit_events;
274 [case(LSA_POLICY_INFO_DOMAIN)] lsa_DomainInfo domain;
275 [case(LSA_POLICY_INFO_PD)] lsa_PDAccountInfo pd;
276 [case(LSA_POLICY_INFO_ACCOUNT_DOMAIN)] lsa_DomainInfo account_domain;
277 [case(LSA_POLICY_INFO_ROLE)] lsa_ServerRole role;
278 [case(LSA_POLICY_INFO_REPLICA)] lsa_ReplicaSourceInfo replica;
279 [case(LSA_POLICY_INFO_QUOTA)] lsa_DefaultQuotaInfo quota;
280 [case(LSA_POLICY_INFO_DB)] lsa_ModificationInfo db;
281 [case(LSA_POLICY_INFO_AUDIT_FULL_SET)] lsa_AuditFullSetInfo auditfullset;
282 [case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery;
283 [case(LSA_POLICY_INFO_DNS)] lsa_DnsDomainInfo dns;
284 [case(LSA_POLICY_INFO_DNS_INT)] lsa_DnsDomainInfo dns;
285 } lsa_PolicyInformation;
287 NTSTATUS lsa_QueryInfoPolicy(
288 [in] policy_handle *handle,
289 [in] lsa_PolicyInfo level,
290 [out,ref,switch_is(level)] lsa_PolicyInformation **info
295 NTSTATUS lsa_SetInfoPolicy (
296 [in] policy_handle *handle,
297 [in] lsa_PolicyInfo level,
298 [in,switch_is(level)] lsa_PolicyInformation *info
303 [todo] NTSTATUS lsa_ClearAuditLog ();
307 [public] NTSTATUS lsa_CreateAccount (
308 [in] policy_handle *handle,
309 [in,ref] dom_sid2 *sid,
310 [in] uint32 access_mask,
311 [out] policy_handle *acct_handle
315 /* NOTE: This only returns accounts that have at least
323 typedef [public] struct {
324 [range(0,1000)] uint32 num_sids;
325 [size_is(num_sids)] lsa_SidPtr *sids;
328 [public] NTSTATUS lsa_EnumAccounts (
329 [in] policy_handle *handle,
330 [in,out,ref] uint32 *resume_handle,
331 [out,ref] lsa_SidArray *sids,
332 [in,range(0,8192)] uint32 num_entries
336 /*************************************************/
339 [public] NTSTATUS lsa_CreateTrustedDomain(
340 [in] policy_handle *handle,
341 [in] lsa_DomainInfo *info,
342 [in] uint32 access_mask,
343 [out] policy_handle *trustdom_handle
350 /* w2k3 treats max_size as max_domains*60 */
351 const int LSA_ENUM_TRUST_DOMAIN_MULTIPLIER = 60;
355 [size_is(count)] lsa_DomainInfo *domains;
358 NTSTATUS lsa_EnumTrustDom (
359 [in] policy_handle *handle,
360 [in,out,ref] uint32 *resume_handle,
361 [out,ref] lsa_DomainList *domains,
369 SID_NAME_USE_NONE = 0,/* NOTUSED */
370 SID_NAME_USER = 1, /* user */
371 SID_NAME_DOM_GRP = 2, /* domain group */
372 SID_NAME_DOMAIN = 3, /* domain: don't know what this is */
373 SID_NAME_ALIAS = 4, /* local group */
374 SID_NAME_WKN_GRP = 5, /* well-known group */
375 SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating */
376 SID_NAME_INVALID = 7, /* invalid account */
377 SID_NAME_UNKNOWN = 8, /* oops. */
378 SID_NAME_COMPUTER = 9 /* machine */
382 lsa_SidType sid_type;
388 [range(0,1000)] uint32 count;
389 [size_is(count)] lsa_TranslatedSid *sids;
392 const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32;
393 const int MAX_REF_DOMAINS = LSA_REF_DOMAIN_LIST_MULTIPLIER;
396 [range(0,1000)] uint32 count;
397 [size_is(count)] lsa_DomainInfo *domains;
401 /* Level 1: Ask everywhere
402 * Level 2: Ask domain and trusted domains, no builtin and wkn
403 * Level 3: Only ask domain
404 * Level 4: W2k3ad: Only ask AD trusts
405 * Level 5: Only ask transitive forest trusts
410 LSA_LOOKUP_NAMES_ALL = 1,
411 LSA_LOOKUP_NAMES_DOMAINS_ONLY = 2,
412 LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3,
413 LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY = 4,
414 LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY = 5,
415 LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6,
416 LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC = 7
417 } lsa_LookupNamesLevel;
419 [public] NTSTATUS lsa_LookupNames (
420 [in] policy_handle *handle,
421 [in,range(0,1000)] uint32 num_names,
422 [in,size_is(num_names)] lsa_String names[],
423 [out,ref] lsa_RefDomainList **domains,
424 [in,out,ref] lsa_TransSidArray *sids,
425 [in] lsa_LookupNamesLevel level,
426 [in,out,ref] uint32 *count
434 lsa_SidType sid_type;
437 } lsa_TranslatedName;
440 [range(0,1000)] uint32 count;
441 [size_is(count)] lsa_TranslatedName *names;
442 } lsa_TransNameArray;
444 /* This number is based on Win2k and later maximum response allowed */
445 const int MAX_LOOKUP_SIDS = 0x5000; /* 20480 */
447 [public] NTSTATUS lsa_LookupSids (
448 [in] policy_handle *handle,
449 [in,ref] lsa_SidArray *sids,
450 [out,ref] lsa_RefDomainList **domains,
451 [in,out,ref] lsa_TransNameArray *names,
453 [in,out,ref] uint32 *count
458 [public] NTSTATUS lsa_CreateSecret(
459 [in] policy_handle *handle,
460 [in] lsa_String name,
461 [in] uint32 access_mask,
462 [out] policy_handle *sec_handle
466 /*****************************************/
468 NTSTATUS lsa_OpenAccount(
469 [in] policy_handle *handle,
470 [in,ref] dom_sid2 *sid,
471 [in] uint32 access_mask,
472 [out] policy_handle *acct_handle
476 /****************************************/
485 [range(0,1000)] uint32 count;
487 [size_is(count)] lsa_LUIDAttribute set[*];
490 NTSTATUS lsa_EnumPrivsAccount (
491 [in] policy_handle *handle,
492 [out,ref] lsa_PrivilegeSet **privs
496 /****************************************/
498 NTSTATUS lsa_AddPrivilegesToAccount(
499 [in] policy_handle *handle,
500 [in,ref] lsa_PrivilegeSet *privs
504 /****************************************/
506 NTSTATUS lsa_RemovePrivilegesFromAccount(
507 [in] policy_handle *handle,
508 [in] uint8 remove_all,
509 [in,unique] lsa_PrivilegeSet *privs
513 [todo] NTSTATUS lsa_GetQuotasForAccount();
516 [todo] NTSTATUS lsa_SetQuotasForAccount();
519 NTSTATUS lsa_GetSystemAccessAccount(
520 [in] policy_handle *handle,
521 [out,ref] uint32 *access_mask
525 NTSTATUS lsa_SetSystemAccessAccount(
526 [in] policy_handle *handle,
527 [in] uint32 access_mask
531 NTSTATUS lsa_OpenTrustedDomain(
532 [in] policy_handle *handle,
534 [in] uint32 access_mask,
535 [out] policy_handle *trustdom_handle
538 typedef [flag(NDR_PAHEX)] struct {
541 [size_is(size),length_is(length)] uint8 *data;
544 typedef [flag(NDR_PAHEX)] struct {
545 [range(0,65536)] uint32 size;
546 [size_is(size)] uint8 *data;
550 LSA_TRUSTED_DOMAIN_INFO_NAME = 1,
551 LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS = 2,
552 LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET = 3,
553 LSA_TRUSTED_DOMAIN_INFO_PASSWORD = 4,
554 LSA_TRUSTED_DOMAIN_INFO_BASIC = 5,
555 LSA_TRUSTED_DOMAIN_INFO_INFO_EX = 6,
556 LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO = 7,
557 LSA_TRUSTED_DOMAIN_INFO_FULL_INFO = 8,
558 LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL = 9,
559 LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL = 10,
560 LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL = 11,
561 LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL = 12,
562 LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES = 13
563 } lsa_TrustDomInfoEnum;
565 typedef [public,bitmap32bit] bitmap {
566 LSA_TRUST_DIRECTION_INBOUND = 0x00000001,
567 LSA_TRUST_DIRECTION_OUTBOUND = 0x00000002
568 } lsa_TrustDirection;
570 typedef [v1_enum] enum {
571 LSA_TRUST_TYPE_DOWNLEVEL = 0x00000001,
572 LSA_TRUST_TYPE_UPLEVEL = 0x00000002,
573 LSA_TRUST_TYPE_MIT = 0x00000003
576 typedef [public,bitmap32bit] bitmap {
577 LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE = 0x00000001,
578 LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY = 0x00000002,
579 LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN = 0x00000004,
580 LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE = 0x00000008,
581 LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION = 0x00000010,
582 LSA_TRUST_ATTRIBUTE_WITHIN_FOREST = 0x00000020,
583 LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL = 0x00000040,
584 LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION = 0x00000080
585 } lsa_TrustAttributes;
588 lsa_StringLarge netbios_name;
589 } lsa_TrustDomainInfoName;
594 [size_is(entries)] lsa_StringLarge *netbios_names;
595 } lsa_TrustDomainInfoControllers;
599 } lsa_TrustDomainInfoPosixOffset;
602 lsa_DATA_BUF *password;
603 lsa_DATA_BUF *old_password;
604 } lsa_TrustDomainInfoPassword;
607 lsa_String netbios_name;
609 } lsa_TrustDomainInfoBasic;
612 lsa_StringLarge domain_name;
613 lsa_StringLarge netbios_name;
615 lsa_TrustDirection trust_direction;
616 lsa_TrustType trust_type;
617 lsa_TrustAttributes trust_attributes;
618 } lsa_TrustDomainInfoInfoEx;
620 typedef [public,v1_enum] enum {
621 TRUST_AUTH_TYPE_NONE = 0,
622 TRUST_AUTH_TYPE_NT4OWF = 1,
623 TRUST_AUTH_TYPE_CLEAR = 2,
624 TRUST_AUTH_TYPE_VERSION = 3
628 NTTIME_hyper last_update_time;
629 lsa_TrustAuthType AuthType;
631 } lsa_TrustDomainInfoBuffer;
634 uint32 incoming_count;
635 lsa_TrustDomainInfoBuffer *incoming_current_auth_info;
636 lsa_TrustDomainInfoBuffer *incoming_previous_auth_info;
637 uint32 outgoing_count;
638 lsa_TrustDomainInfoBuffer *outgoing_current_auth_info;
639 lsa_TrustDomainInfoBuffer *outgoing_previous_auth_info;
640 } lsa_TrustDomainInfoAuthInfo;
643 lsa_TrustDomainInfoInfoEx info_ex;
644 lsa_TrustDomainInfoPosixOffset posix_offset;
645 lsa_TrustDomainInfoAuthInfo auth_info;
646 } lsa_TrustDomainInfoFullInfo;
649 lsa_DATA_BUF2 auth_blob;
650 } lsa_TrustDomainInfoAuthInfoInternal;
653 lsa_TrustDomainInfoInfoEx info_ex;
654 lsa_TrustDomainInfoPosixOffset posix_offset;
655 lsa_TrustDomainInfoAuthInfoInternal auth_info;
656 } lsa_TrustDomainInfoFullInfoInternal;
659 lsa_TrustDomainInfoInfoEx info_ex;
660 uint32 forest_trust_length;
661 [size_is(forest_trust_length)] uint8 *forest_trust_data;
662 } lsa_TrustDomainInfoInfoEx2Internal;
665 lsa_TrustDomainInfoInfoEx2Internal info;
666 lsa_TrustDomainInfoPosixOffset posix_offset;
667 lsa_TrustDomainInfoAuthInfo auth_info;
668 } lsa_TrustDomainInfoFullInfo2Internal;
671 kerb_EncTypes enc_types;
672 } lsa_TrustDomainInfoSupportedEncTypes;
674 typedef [switch_type(lsa_TrustDomInfoEnum)] union {
675 [case(LSA_TRUSTED_DOMAIN_INFO_NAME)]
676 lsa_TrustDomainInfoName name;
677 [case(LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS)]
678 lsa_TrustDomainInfoControllers controllers;
679 [case(LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET)]
680 lsa_TrustDomainInfoPosixOffset posix_offset;
681 [case(LSA_TRUSTED_DOMAIN_INFO_PASSWORD)]
682 lsa_TrustDomainInfoPassword password;
683 [case(LSA_TRUSTED_DOMAIN_INFO_BASIC)]
684 lsa_TrustDomainInfoBasic info_basic;
685 [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX)]
686 lsa_TrustDomainInfoInfoEx info_ex;
687 [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO)]
688 lsa_TrustDomainInfoAuthInfo auth_info;
689 [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)]
690 lsa_TrustDomainInfoFullInfo full_info;
691 [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL)]
692 lsa_TrustDomainInfoAuthInfoInternal auth_info_internal;
693 [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL)]
694 lsa_TrustDomainInfoFullInfoInternal full_info_internal;
695 [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL)]
696 lsa_TrustDomainInfoInfoEx2Internal info_ex2_internal;
697 [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL)]
698 lsa_TrustDomainInfoFullInfo2Internal full_info2_internal;
699 [case(LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES)]
700 lsa_TrustDomainInfoSupportedEncTypes enc_types;
701 } lsa_TrustedDomainInfo;
704 NTSTATUS lsa_QueryTrustedDomainInfo(
705 [in] policy_handle *trustdom_handle,
706 [in] lsa_TrustDomInfoEnum level,
707 [out,switch_is(level),ref] lsa_TrustedDomainInfo **info
711 NTSTATUS lsa_SetInformationTrustedDomain(
712 [in] policy_handle *trustdom_handle,
713 [in] lsa_TrustDomInfoEnum level,
714 [in,switch_is(level)] lsa_TrustedDomainInfo *info
718 [public] NTSTATUS lsa_OpenSecret(
719 [in] policy_handle *handle,
720 [in] lsa_String name,
721 [in] uint32 access_mask,
722 [out] policy_handle *sec_handle
727 [public] NTSTATUS lsa_SetSecret(
728 [in] policy_handle *sec_handle,
729 [in,unique] lsa_DATA_BUF *new_val,
730 [in,unique] lsa_DATA_BUF *old_val
738 [public] NTSTATUS lsa_QuerySecret (
739 [in] policy_handle *sec_handle,
740 [in,out,unique] lsa_DATA_BUF_PTR *new_val,
741 [in,out,unique] NTTIME_hyper *new_mtime,
742 [in,out,unique] lsa_DATA_BUF_PTR *old_val,
743 [in,out,unique] NTTIME_hyper *old_mtime
747 NTSTATUS lsa_LookupPrivValue(
748 [in] policy_handle *handle,
749 [in,ref] lsa_String *name,
750 [out,ref] lsa_LUID *luid
755 NTSTATUS lsa_LookupPrivName (
756 [in] policy_handle *handle,
757 [in,ref] lsa_LUID *luid,
758 [out,ref] lsa_StringLarge **name
762 /*******************/
764 NTSTATUS lsa_LookupPrivDisplayName (
765 [in] policy_handle *handle,
766 [in,ref] lsa_String *name,
767 [in] uint16 language_id,
768 [in] uint16 language_id_sys,
769 [out,ref] lsa_StringLarge **disp_name,
770 /* see http://www.microsoft.com/globaldev/nlsweb/ for
771 language definitions */
772 [out,ref] uint16 *returned_language_id
776 NTSTATUS lsa_DeleteObject (
777 [in,out] policy_handle *handle
781 /*******************/
783 NTSTATUS lsa_EnumAccountsWithUserRight (
784 [in] policy_handle *handle,
785 [in,unique] lsa_String *name,
786 [out] lsa_SidArray *sids
791 [string,charset(UTF16)] uint16 *name;
792 } lsa_RightAttribute;
795 [range(0,256)] uint32 count;
796 [size_is(count)] lsa_StringLarge *names;
799 NTSTATUS lsa_EnumAccountRights (
800 [in] policy_handle *handle,
801 [in,ref] dom_sid2 *sid,
802 [out,ref] lsa_RightSet *rights
806 /**********************/
808 NTSTATUS lsa_AddAccountRights (
809 [in] policy_handle *handle,
810 [in,ref] dom_sid2 *sid,
811 [in,ref] lsa_RightSet *rights
814 /**********************/
816 NTSTATUS lsa_RemoveAccountRights (
817 [in] policy_handle *handle,
818 [in,ref] dom_sid2 *sid,
819 [in] uint8 remove_all,
820 [in,ref] lsa_RightSet *rights
824 NTSTATUS lsa_QueryTrustedDomainInfoBySid(
825 [in] policy_handle *handle,
826 [in,ref] dom_sid2 *dom_sid,
827 [in] lsa_TrustDomInfoEnum level,
828 [out,switch_is(level),ref] lsa_TrustedDomainInfo **info
832 NTSTATUS lsa_SetTrustedDomainInfo(
833 [in] policy_handle *handle,
834 [in] dom_sid2 *dom_sid,
835 [in] lsa_TrustDomInfoEnum level,
836 [in,switch_is(level)] lsa_TrustedDomainInfo *info
840 NTSTATUS lsa_DeleteTrustedDomain(
841 [in] policy_handle *handle,
842 [in] dom_sid2 *dom_sid
846 [todo] NTSTATUS lsa_StorePrivateData();
848 [todo] NTSTATUS lsa_RetrievePrivateData();
851 /**********************/
853 [public] NTSTATUS lsa_OpenPolicy2 (
854 [in,unique] [string,charset(UTF16)] uint16 *system_name,
855 [in] lsa_ObjectAttribute *attr,
856 [in] lsa_PolicyAccessMask access_mask,
857 [out] policy_handle *handle
860 /**********************/
862 NTSTATUS lsa_GetUserName(
863 [in,unique] [string,charset(UTF16)] uint16 *system_name,
864 [in,out,ref] lsa_String **account_name,
865 [in,out,unique] lsa_String **authority_name
868 /**********************/
871 NTSTATUS lsa_QueryInfoPolicy2(
872 [in] policy_handle *handle,
873 [in] lsa_PolicyInfo level,
874 [out,ref,switch_is(level)] lsa_PolicyInformation **info
878 NTSTATUS lsa_SetInfoPolicy2(
879 [in] policy_handle *handle,
880 [in] lsa_PolicyInfo level,
881 [in,switch_is(level)] lsa_PolicyInformation *info
884 /**********************/
886 NTSTATUS lsa_QueryTrustedDomainInfoByName(
887 [in] policy_handle *handle,
888 [in,ref] lsa_String *trusted_domain,
889 [in] lsa_TrustDomInfoEnum level,
890 [out,ref,switch_is(level)] lsa_TrustedDomainInfo **info
893 /**********************/
895 NTSTATUS lsa_SetTrustedDomainInfoByName(
896 [in] policy_handle *handle,
897 [in] lsa_String trusted_domain,
898 [in] lsa_TrustDomInfoEnum level,
899 [in,unique,switch_is(level)] lsa_TrustedDomainInfo *info
904 /* w2k3 treats max_size as max_domains*82 */
905 const int LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER = 82;
909 [size_is(count)] lsa_TrustDomainInfoInfoEx *domains;
912 NTSTATUS lsa_EnumTrustedDomainsEx (
913 [in] policy_handle *handle,
914 [in,out] uint32 *resume_handle,
915 [out] lsa_DomainListEx *domains,
920 NTSTATUS lsa_CreateTrustedDomainEx(
921 [in] policy_handle *policy_handle,
922 [in] lsa_TrustDomainInfoInfoEx *info,
923 [in] lsa_TrustDomainInfoAuthInfoInternal *auth_info,
924 [in] uint32 access_mask,
925 [out] policy_handle *trustdom_handle
930 NTSTATUS lsa_CloseTrustedDomainEx(
931 [in,out] policy_handle *handle
936 /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000
939 uint32 enforce_restrictions;
940 hyper service_tkt_lifetime;
941 hyper user_tkt_lifetime;
942 hyper user_tkt_renewaltime;
945 } lsa_DomainInfoKerberos;
949 [size_is(blob_size)] uint8 *efs_blob;
953 LSA_DOMAIN_INFO_POLICY_EFS=2,
954 LSA_DOMAIN_INFO_POLICY_KERBEROS=3
955 } lsa_DomainInfoEnum;
957 typedef [switch_type(uint16)] union {
958 [case(LSA_DOMAIN_INFO_POLICY_EFS)] lsa_DomainInfoEfs efs_info;
959 [case(LSA_DOMAIN_INFO_POLICY_KERBEROS)] lsa_DomainInfoKerberos kerberos_info;
960 } lsa_DomainInformationPolicy;
962 NTSTATUS lsa_QueryDomainInformationPolicy(
963 [in] policy_handle *handle,
965 [out,ref,switch_is(level)] lsa_DomainInformationPolicy **info
969 NTSTATUS lsa_SetDomainInformationPolicy(
970 [in] policy_handle *handle,
972 [in,unique,switch_is(level)] lsa_DomainInformationPolicy *info
975 /**********************/
977 NTSTATUS lsa_OpenTrustedDomainByName(
978 [in] policy_handle *handle,
979 [in] lsa_String name,
980 [in] uint32 access_mask,
981 [out] policy_handle *trustdom_handle
985 [todo] NTSTATUS lsa_TestCall();
987 /**********************/
991 lsa_SidType sid_type;
995 } lsa_TranslatedName2;
998 [range(0,1000)] uint32 count;
999 [size_is(count)] lsa_TranslatedName2 *names;
1000 } lsa_TransNameArray2;
1002 [public] NTSTATUS lsa_LookupSids2(
1003 [in] policy_handle *handle,
1004 [in,ref] lsa_SidArray *sids,
1005 [out,ref] lsa_RefDomainList **domains,
1006 [in,out,ref] lsa_TransNameArray2 *names,
1008 [in,out,ref] uint32 *count,
1009 [in] uint32 unknown1,
1010 [in] uint32 unknown2
1013 /**********************/
1017 lsa_SidType sid_type;
1021 } lsa_TranslatedSid2;
1024 [range(0,1000)] uint32 count;
1025 [size_is(count)] lsa_TranslatedSid2 *sids;
1026 } lsa_TransSidArray2;
1028 [public] NTSTATUS lsa_LookupNames2 (
1029 [in] policy_handle *handle,
1030 [in,range(0,1000)] uint32 num_names,
1031 [in,size_is(num_names)] lsa_String names[],
1032 [out,ref] lsa_RefDomainList **domains,
1033 [in,out,ref] lsa_TransSidArray2 *sids,
1034 [in] lsa_LookupNamesLevel level,
1035 [in,out,ref] uint32 *count,
1036 [in] uint32 lookup_options,
1037 [in] uint32 client_revision /* LSA_CLIENT_REVISION* */
1041 NTSTATUS lsa_CreateTrustedDomainEx2(
1042 [in] policy_handle *policy_handle,
1043 [in] lsa_TrustDomainInfoInfoEx *info,
1044 [in] lsa_TrustDomainInfoAuthInfoInternal *auth_info,
1045 [in] uint32 access_mask,
1046 [out] policy_handle *trustdom_handle
1050 [todo] NTSTATUS lsa_CREDRWRITE();
1053 [todo] NTSTATUS lsa_CREDRREAD();
1056 [todo] NTSTATUS lsa_CREDRENUMERATE();
1059 [todo] NTSTATUS lsa_CREDRWRITEDOMAINCREDENTIALS();
1062 [todo] NTSTATUS lsa_CREDRREADDOMAINCREDENTIALS();
1065 [todo] NTSTATUS lsa_CREDRDELETE();
1068 [todo] NTSTATUS lsa_CREDRGETTARGETINFO();
1071 [todo] NTSTATUS lsa_CREDRPROFILELOADED();
1073 /**********************/
1076 lsa_SidType sid_type;
1080 } lsa_TranslatedSid3;
1083 [range(0,1000)] uint32 count;
1084 [size_is(count)] lsa_TranslatedSid3 *sids;
1085 } lsa_TransSidArray3;
1087 [public] NTSTATUS lsa_LookupNames3 (
1088 [in] policy_handle *handle,
1089 [in,range(0,1000)] uint32 num_names,
1090 [in,size_is(num_names)] lsa_String names[],
1091 [out,ref] lsa_RefDomainList **domains,
1092 [in,out,ref] lsa_TransSidArray3 *sids,
1093 [in] lsa_LookupNamesLevel level,
1094 [in,out,ref] uint32 *count,
1095 [in] uint32 lookup_options,
1096 [in] uint32 client_revision /* LSA_CLIENT_REVISION* */
1100 [todo] NTSTATUS lsa_CREDRGETSESSIONTYPES();
1103 [todo] NTSTATUS lsa_LSARREGISTERAUDITEVENT();
1106 [todo] NTSTATUS lsa_LSARGENAUDITEVENT();
1109 [todo] NTSTATUS lsa_LSARUNREGISTERAUDITEVENT();
1113 [range(0,131072)] uint32 length;
1114 [size_is(length)] uint8 *data;
1115 } lsa_ForestTrustBinaryData;
1118 dom_sid2 *domain_sid;
1119 lsa_StringLarge dns_domain_name;
1120 lsa_StringLarge netbios_domain_name;
1121 } lsa_ForestTrustDomainInfo;
1123 typedef [switch_type(uint32)] union {
1124 [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_String top_level_name;
1125 [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex;
1126 [case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info;
1127 [default] lsa_ForestTrustBinaryData data;
1128 } lsa_ForestTrustData;
1130 typedef [v1_enum] enum {
1131 LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0,
1132 LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
1133 LSA_FOREST_TRUST_DOMAIN_INFO = 2,
1134 LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3
1135 } lsa_ForestTrustRecordType;
1139 lsa_ForestTrustRecordType level;
1141 [switch_is(level)] lsa_ForestTrustData forest_trust_data;
1142 } lsa_ForestTrustRecord;
1144 typedef [public] struct {
1145 [range(0,4000)] uint32 count;
1146 [size_is(count)] lsa_ForestTrustRecord **entries;
1147 } lsa_ForestTrustInformation;
1149 NTSTATUS lsa_lsaRQueryForestTrustInformation(
1150 [in] policy_handle *handle,
1151 [in,ref] lsa_String *trusted_domain_name,
1152 [in] uint16 unknown, /* level ? */
1153 [out,ref] lsa_ForestTrustInformation **forest_trust_info
1157 [todo] NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION();
1160 [todo] NTSTATUS lsa_CREDRRENAME();
1165 [public] NTSTATUS lsa_LookupSids3(
1166 [in,ref] lsa_SidArray *sids,
1167 [out,ref] lsa_RefDomainList **domains,
1168 [in,out,ref] lsa_TransNameArray2 *names,
1170 [in,out,ref] uint32 *count,
1171 [in] uint32 unknown1,
1172 [in] uint32 unknown2
1175 const int LSA_CLIENT_REVISION_NO_DNS = 0x00000001;
1176 const int LSA_CLIENT_REVISION_DNS = 0x00000002;
1178 const int LSA_LOOKUP_OPTIONS_NO_ISOLATED = 0x80000000;
1181 NTSTATUS lsa_LookupNames4(
1182 [in,range(0,1000)] uint32 num_names,
1183 [in,size_is(num_names)] lsa_String names[],
1184 [out,ref] lsa_RefDomainList **domains,
1185 [in,out,ref] lsa_TransSidArray3 *sids,
1186 [in] lsa_LookupNamesLevel level,
1187 [in,out,ref] uint32 *count,
1188 [in] uint32 lookup_options,
1189 [in] uint32 client_revision /* LSA_CLIENT_REVISION* */
1193 [todo] NTSTATUS lsa_LSAROPENPOLICYSCE();
1196 [todo] NTSTATUS lsa_LSARADTREGISTERSECURITYEVENTSOURCE();
1199 [todo] NTSTATUS lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE();
1202 [todo] NTSTATUS lsa_LSARADTREPORTSECURITYEVENT();