8 files changed, 111 insertions, 44 deletions
diff --git a/source4/librpc/idl/dcerpc.idl b/source4/librpc/idl/dcerpc.idl
index 1c6574b11b..a78329d990 100644
--- a/source4/librpc/idl/dcerpc.idl
+++ b/source4/librpc/idl/dcerpc.idl
@@ -261,6 +261,7 @@ interface dcerpc
 	const uint8 DCERPC_PFC_FLAG_OBJECT_UUID		= 0x80; /* on valid guid is in the optional object field */
 
 	/* these offsets are needed by the signing code */
+	const uint8 DCERPC_PFC_OFFSET      =  3;
 	const uint8 DCERPC_DREP_OFFSET     =  4;
 	const uint8 DCERPC_FRAG_LEN_OFFSET =  8;
 	const uint8 DCERPC_AUTH_LEN_OFFSET = 10;
diff --git a/source4/librpc/idl/drsblobs.idl b/source4/librpc/idl/drsblobs.idl
index 6b1f649ff5..4274d2000a 100644
--- a/source4/librpc/idl/drsblobs.idl
+++ b/source4/librpc/idl/drsblobs.idl
@@ -409,24 +409,35 @@ interface drsblobs {
 		[size_is(1)] AuthenticationInformation array[];
 	} AuthenticationInformationArray;
 
+	/* This is nopull,nopush because we pass count down to the
+	 * manual parser of AuthenticationInformationArray */
 	typedef [public,nopull,nopush,noprint,gensize] struct {
 		uint32 count;
 		[relative] AuthenticationInformationArray *current;
 		[relative] AuthenticationInformationArray *previous;
 	} trustAuthInOutBlob;
 
-	typedef [public] struct {
-		uint8 confounder[512];
-		trustAuthInOutBlob outgoing;
-		trustAuthInOutBlob incoming;
-		[value(ndr_size_trustAuthInOutBlob(&outgoing, ndr->flags))] uint32 outgoing_size;
-		[value(ndr_size_trustAuthInOutBlob(&incoming, ndr->flags))] uint32 incoming_size;
-	} trustAuthInAndOutBlob;
-	
 	void decode_trustAuthInOut(
 		[in] trustAuthInOutBlob blob
 		);
 
+	typedef [public,gensize] struct {
+		uint32 count;
+		[relative] AuthenticationInformation *current[count];
+	} trustCurrentPasswords;
+
+	typedef [public,nopull] struct {
+		uint8 confounder[512];
+		[subcontext(0),subcontext_size(outgoing_size)] trustCurrentPasswords outgoing;
+		[subcontext(0),subcontext_size(incoming_size)] trustCurrentPasswords incoming;
+		[value(ndr_size_trustCurrentPasswords(&outgoing, ndr->flags))] uint32 outgoing_size;
+		[value(ndr_size_trustCurrentPasswords(&incoming, ndr->flags))] uint32 incoming_size;
+	} trustDomainPasswords;
+
+	void decode_trustDomainPasswords(
+		[in] trustDomainPasswords blob
+		);
+
 	typedef [public] struct {
 		uint32 marker;
 		DATA_BLOB data;
diff --git a/source4/librpc/idl/drsuapi.idl b/source4/librpc/idl/drsuapi.idl
index 0a5a081dd7..a41bc9cf19 100644
--- a/source4/librpc/idl/drsuapi.idl
+++ b/source4/librpc/idl/drsuapi.idl
@@ -877,7 +877,7 @@ interface drsuapi
 	} drsuapi_DsNameFlags;
 
 	typedef [v1_enum] enum {
-		DRSUAPI_DS_NAME_FORMAT_UKNOWN			= 0,
+		DRSUAPI_DS_NAME_FORMAT_UNKNOWN			= 0,
 		DRSUAPI_DS_NAME_FORMAT_FQDN_1779		= 1,
 		DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT		= 2,
 		DRSUAPI_DS_NAME_FORMAT_DISPLAY			= 3,
@@ -970,7 +970,7 @@ interface drsuapi
 	typedef struct {
 		[charset(UTF16),string] uint16 *server_dn;
 		[charset(UTF16),string] uint16 *domain_dn;
-		uint32 unknown; /* 0x000000001 */
+		boolean32 commit;
 	} drsuapi_DsRemoveDSServerRequest1;
 
 	typedef [switch_type(int32)] union {
@@ -978,7 +978,7 @@ interface drsuapi
 	} drsuapi_DsRemoveDSServerRequest;
 
 	typedef struct {
-		WERROR status;
+		boolean32 last_dc_in_domain;
 	} drsuapi_DsRemoveDSServerResult1;
 
 	typedef [switch_type(int32)] union {
diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl
index 9a6e4a202c..4dce6d6d1e 100644
--- a/source4/librpc/idl/lsa.idl
+++ b/source4/librpc/idl/lsa.idl
@@ -140,12 +140,11 @@ import "misc.idl", "security.idl";
 
 	typedef struct {
 		uint32 percent_full;
-		uint32 log_size;
-		NTTIME retention_time;
+		uint32 maximum_log_size;
+		hyper  retention_time;
 		uint8  shutdown_in_progress;
-		NTTIME time_to_shutdown;
+		hyper  time_to_shutdown;
 		uint32 next_audit_record;
-		uint32 unknown;
 	} lsa_AuditLogInfo;
 
 	typedef [v1_enum] enum {
@@ -183,9 +182,13 @@ import "misc.idl", "security.idl";
 		lsa_String name;
 	} lsa_PDAccountInfo;
 
+	typedef [v1_enum] enum {
+		LSA_ROLE_BACKUP=2,
+		LSA_ROLE_PRIMARY=3
+	} lsa_Role;
+
 	typedef struct {
-		uint16 unknown; /* an midl padding bug? */
-		uint16 role;
+		lsa_Role role;
 	} lsa_ServerRole;
 
 	typedef struct {
@@ -204,7 +207,7 @@ import "misc.idl", "security.idl";
 
 	typedef struct {
 		hyper modified_id;
-		NTTIME db_create_time;
+		NTTIME_hyper db_create_time;
 	} lsa_ModificationInfo;
 
 	typedef struct {
@@ -212,7 +215,6 @@ import "misc.idl", "security.idl";
 	} lsa_AuditFullSetInfo;
 
 	typedef struct {
-		uint16 unknown; /* an midl padding bug? */
 		uint8 shutdown_on_full;
 		uint8 log_is_full;
 	} lsa_AuditFullQueryInfo;
@@ -243,7 +245,8 @@ import "misc.idl", "security.idl";
 		LSA_POLICY_INFO_DB=9,
 		LSA_POLICY_INFO_AUDIT_FULL_SET=10,
 		LSA_POLICY_INFO_AUDIT_FULL_QUERY=11,
-		LSA_POLICY_INFO_DNS=12
+		LSA_POLICY_INFO_DNS=12,
+		LSA_POLICY_INFO_DNS_INT=13
 	} lsa_PolicyInfo;
 
 	typedef [switch_type(uint16)] union {
@@ -259,6 +262,7 @@ import "misc.idl", "security.idl";
 		[case(LSA_POLICY_INFO_AUDIT_FULL_SET)]   lsa_AuditFullSetInfo   auditfullset;
 		[case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery;
 		[case(LSA_POLICY_INFO_DNS)]              lsa_DnsDomainInfo      dns;
+		[case(LSA_POLICY_INFO_DNS_INT)]          lsa_DnsDomainInfo      dns;
 	} lsa_PolicyInformation;
 
 	NTSTATUS lsa_QueryInfoPolicy (
@@ -387,7 +391,8 @@ import "misc.idl", "security.idl";
 		LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3,
 		LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY = 4,
 		LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY = 5,
-		LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6
+		LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6,
+		LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC = 7
 	} lsa_LookupNamesLevel;
 
 	[public] NTSTATUS lsa_LookupNames (
@@ -1008,8 +1013,8 @@ import "misc.idl", "security.idl";
 		[in,out] lsa_TransSidArray2 *sids,
 		[in]         lsa_LookupNamesLevel level,
 		[in,out] uint32 *count,
-		[in]         uint32 unknown1,
-		[in]         uint32 unknown2
+		[in]         uint32 lookup_options,
+		[in]         uint32 client_revision /* LSA_CLIENT_REVISION* */
 		);
 
 	/* Function 0x3b */
@@ -1051,7 +1056,7 @@ import "misc.idl", "security.idl";
 		lsa_SidType sid_type;
 		dom_sid2 *sid;
 		uint32 sid_index;
-		uint32 unknown;
+		uint32 flags;
 	} lsa_TranslatedSid3;
 
 	typedef struct {
@@ -1067,8 +1072,8 @@ import "misc.idl", "security.idl";
 		[in,out] lsa_TransSidArray3 *sids,
 		[in]         lsa_LookupNamesLevel level,
 		[in,out] uint32 *count,
-		[in]         uint32 unknown1,
-		[in]         uint32 unknown2
+		[in]         uint32 lookup_options,
+		[in]         uint32 client_revision /* LSA_CLIENT_REVISION* */
 		);
 
 	/* Function 0x45 */
@@ -1147,6 +1152,11 @@ import "misc.idl", "security.idl";
 		[in]         uint32 unknown2
 		);
 
+	const int LSA_CLIENT_REVISION_NO_DNS     = 0x00000001;
+	const int LSA_CLIENT_REVISION_DNS        = 0x00000002;
+
+	const int LSA_LOOKUP_OPTIONS_NO_ISOLATED = 0x80000000;
+
 	/* Function 0x4d */
 	NTSTATUS lsa_LookupNames4(
 		[in,range(0,1000)] uint32 num_names,
@@ -1155,8 +1165,8 @@ import "misc.idl", "security.idl";
 		[in,out] lsa_TransSidArray3 *sids,
 		[in]         lsa_LookupNamesLevel level,
 		[in,out] uint32 *count,
-		[in]         uint32 unknown1,
-		[in]         uint32 unknown2
+		[in]         uint32 lookup_options,
+		[in]         uint32 client_revision /* LSA_CLIENT_REVISION* */
 		);
 
 	/* Function 0x4e */
diff --git a/source4/librpc/idl/misc.idl b/source4/librpc/idl/misc.idl
index 8331977398..791b86466c 100644
--- a/source4/librpc/idl/misc.idl
+++ b/source4/librpc/idl/misc.idl
@@ -30,9 +30,11 @@ interface misc
 	/* Only SEC_CHAN_WKSTA can forward requests to other domains. */
 
 	typedef [public] enum {
-		SEC_CHAN_WKSTA   = 2,
-		SEC_CHAN_DOMAIN  = 4,
-		SEC_CHAN_BDC     = 6
+		SEC_CHAN_NULL        = 0,
+		SEC_CHAN_WKSTA       = 2,
+		SEC_CHAN_DNS_DOMAIN  = 3,
+		SEC_CHAN_DOMAIN      = 4,
+		SEC_CHAN_BDC         = 6
 	} netr_SchannelType;
 
 	/* SAM database types */
diff --git a/source4/librpc/idl/nbt.idl b/source4/librpc/idl/nbt.idl
index 63be489e0d..38a2b9596a 100644
--- a/source4/librpc/idl/nbt.idl
+++ b/source4/librpc/idl/nbt.idl
@@ -10,7 +10,7 @@
 
 import "misc.idl", "security.idl", "svcctl.idl", "samr.idl";
 [
-	helper("libcli/netlogon.h", "libcli/nbt/libnbt.h")
+	helper("../libcli/netlogon.h", "../libcli/nbt/libnbt.h")
 ]
 interface nbt
 {
diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index 8a36922fdd..22e90878e7 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -1100,6 +1100,16 @@ interface netlogon
 
 	/****************/
 	/* Function 0x1d */
+	typedef [bitmap32bit] bitmap {
+		NETR_TRUST_FLAG_IN_FOREST = 0x00000001,
+		NETR_TRUST_FLAG_OUTBOUND  = 0x00000002,
+		NETR_TRUST_FLAG_TREEROOT  = 0x00000004,
+		NETR_TRUST_FLAG_PRIMARY   = 0x00000008,
+		NETR_TRUST_FLAG_NATIVE    = 0x00000010,
+		NETR_TRUST_FLAG_INBOUND   = 0x00000020,
+		NETR_TRUST_FLAG_MIT_KRB5  = 0x00000080,
+		NETR_TRUST_FLAG_AES       = 0x00000100
+	} netr_TrustFlags;
 
 	typedef [flag(NDR_PAHEX)] struct {
 		uint16 length;
@@ -1128,25 +1138,60 @@ interface netlogon
 	} netr_DomainQuery;
 
 	typedef struct {
+		/* these first 3 values come from the fact windows
+		   actually encodes this structure as a UNICODE_STRING
+		   - see MS-NRPC section 2.2.1.3.9 */
+		[value(8)] uint32 length;
+		[value(0)] uint32 dummy;
+		[value(8)] uint32 size;
+		netr_TrustFlags flags;
+		uint32 parent_index;
+		uint32 trust_type;
+		uint32 trust_attributes;
+	} netr_trust_extension;
+
+	typedef struct {
+		uint16 length; /* value is 16 when info != NULL, otherwise 0 */
+		[value(length)] uint16 size;   /* value is 16 when info != NULL, otherwise 0 */
+		netr_trust_extension *info;
+	} netr_trust_extension_container;
+
+	typedef struct {
 		lsa_String domainname;
 		lsa_String fulldomainname;
 		lsa_String forest;
 		GUID        guid;
 		dom_sid2    *sid;
-		netr_BinaryString unknown1[4];
-		uint32      unknown[4];
+		netr_trust_extension_container trust_extension;
+		lsa_String dummystring[3];
+		uint32     dummy[4];
 	} netr_DomainTrustInfo;
 
 	typedef struct {
+		uint32 policy_size;
+		[size_is(policy_size)] uint8 *policy;
+	} netr_LsaPolicyInfo;
+
+	typedef [public,bitmap32bit] bitmap {
+		NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS = 0x00000001,
+		NETR_WS_FLAG_HANDLES_SPN_UPDATE     = 0x00000002
+	} netr_WorkstationFlags;
+
+	typedef struct {
 		netr_DomainTrustInfo domaininfo;
 		uint32 num_trusts;
 		[size_is(num_trusts)] netr_DomainTrustInfo *trusts;
-		uint32 unknown[14]; /* room for expansion? */
+		netr_LsaPolicyInfo lsa_policy;
+		lsa_String dns_hostname;
+		lsa_String dummystring[3];
+		netr_WorkstationFlags workstation_flags;
+		uint32 supported_enc_types;
+		uint32 dummy[2];
 	} netr_DomainInfo1;
 
 	typedef union {
 		[case(1)] netr_DomainInfo1 *info1;
-		[case(2)] netr_DomainInfo1 *info1;
+		[case(2)] netr_DomainInfo1 *info2;
 	} netr_DomainInfo;
 	
 	NTSTATUS netr_LogonGetDomainInfo(
@@ -1230,14 +1275,6 @@ interface netlogon
 
 	/****************/
 	/* Function 0x24 */
-	typedef [bitmap32bit] bitmap {
-		NETR_TRUST_FLAG_IN_FOREST = 0x00000001,
-		NETR_TRUST_FLAG_OUTBOUND  = 0x00000002,
-		NETR_TRUST_FLAG_TREEROOT  = 0x00000004,
-		NETR_TRUST_FLAG_PRIMARY   = 0x00000008,
-		NETR_TRUST_FLAG_NATIVE    = 0x00000010,
-		NETR_TRUST_FLAG_INBOUND   = 0x00000020
-	} netr_TrustFlags;
 
 	typedef [v1_enum] enum {
 		NETR_TRUST_TYPE_DOWNLEVEL	= 1,
diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl
index 80efe46453..ac7641c0af 100644
--- a/source4/librpc/idl/security.idl
+++ b/source4/librpc/idl/security.idl
@@ -153,6 +153,7 @@ interface security
 	const string SID_CREATOR_OWNER_DOMAIN = "S-1-3";
 	const string SID_CREATOR_OWNER        = "S-1-3-0";
 	const string SID_CREATOR_GROUP        = "S-1-3-1";
+	const string SID_OWNER_RIGHTS         = "S-1-3-4";
 
 	/* SECURITY_NT_AUTHORITY */
 	const string NAME_NT_AUTHORITY            = "NT AUTHORITY";
@@ -172,9 +173,14 @@ interface security
 	const string SID_NT_TERMINAL_SERVER_USERS = "S-1-5-13";
 	const string SID_NT_REMOTE_INTERACTIVE    = "S-1-5-14";
 	const string SID_NT_THIS_ORGANISATION     = "S-1-5-15";
+	const string SID_NT_IUSR                  = "S-1-5-17";
 	const string SID_NT_SYSTEM                = "S-1-5-18";
 	const string SID_NT_LOCAL_SERVICE         = "S-1-5-19";
 	const string SID_NT_NETWORK_SERVICE       = "S-1-5-20";
+	const string SID_NT_DIGEST_AUTHENTICATION = "S-1-5-64-21";
+	const string SID_NT_NTLM_AUTHENTICATION   = "S-1-5-64-10";
+	const string SID_NT_SCHANNEL_AUTHENTICATION = "S-1-5-64-14";
+	const string SID_NT_OTHER_ORGANISATION    = "S-1-5-1000";
 
 	/* SECURITY_BUILTIN_DOMAIN_RID */
 	const string NAME_BUILTIN                  = "BUILTIN";