Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-simo

(This used to be commit 05c22a55a4c052c682a2f2afdb0696504195d18c)

1 files changed, 103 insertions, 24 deletions

diff --git a/source3/librpc/idl/lsa.idl b/source3/librpc/idl/lsa.idl
index 7daf648a63..8d26ec0aad 100644
--- a/source3/librpc/idl/lsa.idl
+++ b/source3/librpc/idl/lsa.idl
@@ -47,7 +47,7 @@ import "security.idl";
 
 	/******************/
 	/* Function: 0x01 */
-	NTSTATUS lsa_Delete (
+	[public] NTSTATUS lsa_Delete (
 		[in]     policy_handle *handle
 		);
 
@@ -69,7 +69,7 @@ import "security.idl";
 		[size_is(count)] lsa_PrivEntry *privs;
 	} lsa_PrivArray;
 
-	NTSTATUS lsa_EnumPrivs (
+	[public] NTSTATUS lsa_EnumPrivs (
 		[in]     policy_handle *handle,
 		[in,out] uint32 *resume_handle,
 		[in]         uint32 max_count,
@@ -116,7 +116,7 @@ import "security.idl";
 
 	/* notice the screwup with the system_name - thats why MS created
 	   OpenPolicy2 */
-	NTSTATUS lsa_OpenPolicy (
+	[public] NTSTATUS lsa_OpenPolicy (
 		[in,unique]       uint16 *system_name,
 		[in]   lsa_ObjectAttribute *attr,
 		[in]       uint32 access_mask,
@@ -138,9 +138,29 @@ import "security.idl";
 		uint32 unknown;
 	} lsa_AuditLogInfo;
 
+	typedef [v1_enum] enum {
+		LSA_AUDIT_POLICY_NONE=0,
+		LSA_AUDIT_POLICY_SUCCESS=1,
+		LSA_AUDIT_POLICY_FAILURE=2,
+		LSA_AUDIT_POLICY_ALL=(LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE),
+		LSA_AUDIT_POLICY_CLEAR=4
+	} lsa_PolicyAuditPolicy;
+
+	typedef enum {
+		LSA_AUDIT_CATEGORY_SYSTEM = 0,
+		LSA_AUDIT_CATEGORY_LOGON = 1,
+		LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS = 2,
+		LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS = 3,
+		LSA_AUDIT_CATEGORY_PROCCESS_TRACKING = 4,
+		LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES = 5,
+		LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT = 6,
+		LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS = 7,	/* only in win2k/2k3 */
+		LSA_AUDIT_CATEGORY_ACCOUNT_LOGON = 8			/* only in win2k/2k3 */
+	} lsa_PolicyAuditEventType;
+
 	typedef struct {
 		uint32 auditing_mode;
-		[size_is(count)] uint32 *settings;
+		[size_is(count)] lsa_PolicyAuditPolicy *settings;
 		uint32 count;
 	} lsa_AuditEventsInfo;
 
@@ -251,7 +271,7 @@ import "security.idl";
 
 	/******************/
 	/* Function: 0x0a */
-	NTSTATUS lsa_CreateAccount (
+	[public] NTSTATUS lsa_CreateAccount (
 		[in]    policy_handle *handle,
 		[in]    dom_sid2 *sid,
 		[in]    uint32 access_mask,
@@ -272,7 +292,7 @@ import "security.idl";
 		[size_is(num_sids)] lsa_SidPtr *sids;
 	} lsa_SidArray;
 
-	NTSTATUS lsa_EnumAccounts (
+	[public] NTSTATUS lsa_EnumAccounts (
 		[in]         policy_handle *handle,
 		[in,out]     uint32 *resume_handle,
 		[in,range(0,8192)] uint32 num_entries,
@@ -283,7 +303,7 @@ import "security.idl";
 	/*************************************************/
 	/* Function: 0x0c                                */
 
-	NTSTATUS lsa_CreateTrustedDomain(
+	[public] NTSTATUS lsa_CreateTrustedDomain(
 		[in]         policy_handle *handle,
 		[in]         lsa_DomainInfo *info,
 		[in]         uint32 access_mask,
@@ -305,7 +325,7 @@ import "security.idl";
 	NTSTATUS lsa_EnumTrustDom (
 		[in]               policy_handle *handle,
 		[in,out]           uint32 *resume_handle,
-		[in,range(0,1000)] uint32 max_size,
+		[in]               uint32 max_size,
 		[out]              lsa_DomainList *domains
 		);
 
@@ -343,13 +363,30 @@ import "security.idl";
 		uint32 max_size;
 	} lsa_RefDomainList;
 
-	NTSTATUS lsa_LookupNames (
+	/* Level 1: Ask everywhere
+	 * Level 2: Ask domain and trusted domains, no builtin and wkn
+	 * Level 3: Only ask domain
+	 * Level 4: W2k3ad: Only ask AD trusts
+	 * Level 5: Only ask transitive forest trusts
+	 * Level 6: Like 4
+	 */
+
+	typedef enum {
+		LSA_LOOKUP_NAMES_ALL = 1,
+		LSA_LOOKUP_NAMES_DOMAINS_ONLY = 2,
+		LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3,
+		LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY = 4,
+		LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY = 5,
+		LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6
+	} lsa_LookupNamesLevel;
+
+	[public] NTSTATUS lsa_LookupNames (
 		[in]         policy_handle *handle,
 		[in,range(0,1000)] uint32 num_names,
 		[in,size_is(num_names)]  lsa_String names[],
 		[out,unique] lsa_RefDomainList *domains,
 		[in,out]     lsa_TransSidArray *sids,
-		[in]         uint16 level,
+		[in]         lsa_LookupNamesLevel level,
 		[in,out]     uint32 *count
 		);
 
@@ -368,7 +405,7 @@ import "security.idl";
 		[size_is(count)] lsa_TranslatedName *names;
 	} lsa_TransNameArray;
 
-	NTSTATUS lsa_LookupSids (
+	[public] NTSTATUS lsa_LookupSids (
 		[in]         policy_handle *handle,
 		[in]         lsa_SidArray *sids,
 		[out,unique]        lsa_RefDomainList *domains,
@@ -379,7 +416,7 @@ import "security.idl";
 
 
 	/* Function:        0x10 */
-	NTSTATUS lsa_CreateSecret(
+	[public] NTSTATUS lsa_CreateSecret(
 		[in]         policy_handle *handle,
 		[in]         lsa_String       name,
 		[in]         uint32         access_mask,
@@ -559,7 +596,7 @@ import "security.idl";
 	NTSTATUS lsa_SetInformationTrustedDomain();
 
 	/* Function:          0x1c */
-	NTSTATUS lsa_OpenSecret(
+	[public] NTSTATUS lsa_OpenSecret(
 		[in]     policy_handle    *handle,
 		[in]         lsa_String        name,
 		[in]         uint32            access_mask,
@@ -568,7 +605,7 @@ import "security.idl";
 
 	/* Function:           0x1d */
 
-	NTSTATUS lsa_SetSecret(
+	[public] NTSTATUS lsa_SetSecret(
 		[in]     policy_handle    *sec_handle,
 		[in,unique]         lsa_DATA_BUF     *new_val,
 		[in,unique]         lsa_DATA_BUF     *old_val
@@ -579,7 +616,7 @@ import "security.idl";
 	} lsa_DATA_BUF_PTR;
 
 	/* Function:         0x1e */
-	NTSTATUS lsa_QuerySecret (
+	[public] NTSTATUS lsa_QuerySecret (
 		[in]     policy_handle     *sec_handle,
 		[in,out,unique]     lsa_DATA_BUF_PTR  *new_val,
 		[in,out,unique]     NTTIME_hyper      *new_mtime,
@@ -685,7 +722,7 @@ import "security.idl";
 
 	/**********************/
 	/* Function:     0x2c */
-	NTSTATUS lsa_OpenPolicy2 (
+	[public] NTSTATUS lsa_OpenPolicy2 (
 		[in,unique]      [string,charset(UTF16)] uint16 *system_name,
 		[in]  lsa_ObjectAttribute *attr,
 		[in]      uint32 access_mask,
@@ -832,7 +869,7 @@ import "security.idl";
 		[size_is(count)] lsa_TranslatedName2 *names;
 	} lsa_TransNameArray2;
 
-	NTSTATUS lsa_LookupSids2(
+	[public] NTSTATUS lsa_LookupSids2(
 		[in]     policy_handle *handle,
 		[in]     lsa_SidArray *sids,
 		[out,unique]        lsa_RefDomainList *domains,
@@ -858,13 +895,13 @@ import "security.idl";
 		[size_is(count)] lsa_TranslatedSid2 *sids;
 	} lsa_TransSidArray2;
 
-	NTSTATUS lsa_LookupNames2 (
+	[public] NTSTATUS lsa_LookupNames2 (
 		[in]     policy_handle *handle,
 		[in,range(0,1000)] uint32 num_names,
 		[in,size_is(num_names)]  lsa_String names[],
 		[out,unique]        lsa_RefDomainList *domains,
 		[in,out] lsa_TransSidArray2 *sids,
-		[in]         uint16 level,
+		[in]         lsa_LookupNamesLevel level,
 		[in,out] uint32 *count,
 		[in]         uint32 unknown1,
 		[in]         uint32 unknown2
@@ -911,13 +948,13 @@ import "security.idl";
 		[size_is(count)] lsa_TranslatedSid3 *sids;
 	} lsa_TransSidArray3;
 
-	NTSTATUS lsa_LookupNames3 (
+	[public] NTSTATUS lsa_LookupNames3 (
 		[in]     policy_handle *handle,
 		[in,range(0,1000)] uint32 num_names,
 		[in,size_is(num_names)]  lsa_String names[],
 		[out,unique]        lsa_RefDomainList *domains,
 		[in,out] lsa_TransSidArray3 *sids,
-		[in]         uint16 level,
+		[in]         lsa_LookupNamesLevel level,
 		[in,out] uint32 *count,
 		[in]         uint32 unknown1,
 		[in]         uint32 unknown2
@@ -936,7 +973,49 @@ import "security.idl";
 	NTSTATUS lsa_LSARUNREGISTERAUDITEVENT();
 
 	/* Function 0x49 */
-	NTSTATUS lsa_LSARQUERYFORESTTRUSTINFORMATION();
+	typedef struct {
+		[range(0,131072)] uint32 length;
+		[size_is(length)] uint8 *data;
+	} lsa_ForestTrustBinaryData;
+
+	typedef struct {
+		dom_sid2 *domain_sid;
+		lsa_StringLarge dns_domain_name;
+		lsa_StringLarge netbios_domain_name;
+	} lsa_ForestTrustDomainInfo;
+
+	typedef [switch_type(uint32)] union {
+		[case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_String top_level_name;
+		[case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex;
+		[case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info;
+		[default] lsa_ForestTrustBinaryData data;
+	} lsa_ForestTrustData;
+
+	typedef [v1_enum] enum {
+		LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0,
+		LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
+		LSA_FOREST_TRUST_DOMAIN_INFO = 2,
+		LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3
+	} lsa_ForestTrustRecordType;
+
+	typedef struct {
+		uint32 flags;
+		lsa_ForestTrustRecordType level;
+		hyper unknown;
+		[switch_is(level)] lsa_ForestTrustData forest_trust_data;
+	} lsa_ForestTrustRecord;
+
+	typedef [public] struct {
+		[range(0,4000)] uint32 count;
+		[size_is(count)] lsa_ForestTrustRecord **entries;
+	} lsa_ForestTrustInformation;
+
+	NTSTATUS lsa_lsaRQueryForestTrustInformation(
+		[in] policy_handle *handle,
+		[in,ref] lsa_String *trusted_domain_name,
+		[in] uint16 unknown, /* level ? */
+		[out,ref] lsa_ForestTrustInformation **forest_trust_info
+		);
 
 	/* Function 0x4a */
 	NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION();
@@ -947,7 +1026,7 @@ import "security.idl";
 	/*****************/
 	/* Function 0x4c */
 
-	NTSTATUS lsa_LookupSids3(
+	[public] NTSTATUS lsa_LookupSids3(
 		[in]         lsa_SidArray *sids,
 		[out,unique] lsa_RefDomainList *domains,
 		[in,out]     lsa_TransNameArray2 *names,
@@ -963,7 +1042,7 @@ import "security.idl";
 		[in,size_is(num_names)]  lsa_String names[],
 		[out,unique]        lsa_RefDomainList *domains,
 		[in,out] lsa_TransSidArray3 *sids,
-		[in]         uint16 level,
+		[in]         lsa_LookupNamesLevel level,
 		[in,out] uint32 *count,
 		[in]         uint32 unknown1,
 		[in]         uint32 unknown2