From d04131c8ec9d327f7376ad85d8d1dba0f2bccea6 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 24 Oct 2008 15:17:49 +0200 Subject: idl: share lsa.idl between s3 and s4. Guenther --- librpc/idl/lsa.idl | 1216 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1216 insertions(+) create mode 100644 librpc/idl/lsa.idl (limited to 'librpc') diff --git a/librpc/idl/lsa.idl b/librpc/idl/lsa.idl new file mode 100644 index 0000000000..003641d97a --- /dev/null +++ b/librpc/idl/lsa.idl @@ -0,0 +1,1216 @@ +#include "idl_types.h" + +/* + lsa interface definition +*/ + +import "misc.idl", "security.idl"; + +[ uuid("12345778-1234-abcd-ef00-0123456789ab"), + version(0.0), + endpoint("ncacn_np:[\\pipe\\lsarpc]","ncacn_np:[\\pipe\\netlogon]","ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:", "ncalrpc:"), + pointer_default(unique), + helpstring("Local Security Authority") +] interface lsarpc +{ + typedef bitmap security_secinfo security_secinfo; + typedef bitmap kerb_EncTypes kerb_EncTypes; + + typedef [public,noejs] struct { + [value(2*strlen_m(string))] uint16 length; + [value(2*strlen_m(string))] uint16 size; + [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string; + } lsa_String; + + typedef [public] struct { + [value(2*strlen_m(string))] uint16 length; + [value(2*strlen_m_term(string))] uint16 size; + [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string; + } lsa_StringLarge; + + typedef [public] struct { + uint32 count; + [size_is(count)] lsa_String *names; + } lsa_Strings; + + typedef [public] struct { + [value(strlen_m(string))] uint16 length; + [value(strlen_m(string))] uint16 size; + [charset(DOS),size_is(size),length_is(length)] uint8 *string; + } lsa_AsciiString; + + typedef [public] struct { + [value(strlen_m(string))] uint16 length; + [value(strlen_m_term(string))] uint16 size; + [charset(DOS),size_is(size),length_is(length)] uint8 *string; + } lsa_AsciiStringLarge; + + typedef [public] struct { + uint16 length; + uint16 size; + [size_is(size/2),length_is(length/2)] uint16 *array; + } lsa_BinaryString; + + /******************/ + /* Function: 0x00 */ + NTSTATUS lsa_Close ( + [in,out] policy_handle *handle + ); + + + /******************/ + /* Function: 0x01 */ + [public] NTSTATUS lsa_Delete ( + [in] policy_handle *handle + ); + + + /******************/ + /* Function: 0x02 */ + typedef struct { + uint32 low; + uint32 high; + } lsa_LUID; + + typedef struct { + lsa_StringLarge name; + lsa_LUID luid; + } lsa_PrivEntry; + + typedef struct { + uint32 count; + [size_is(count)] lsa_PrivEntry *privs; + } lsa_PrivArray; + + [public] NTSTATUS lsa_EnumPrivs ( + [in] policy_handle *handle, + [in,out,ref] uint32 *resume_handle, + [out,ref] lsa_PrivArray *privs, + [in] uint32 max_count + ); + + /******************/ + /* Function: 0x03 */ + NTSTATUS lsa_QuerySecurity ( + [in] policy_handle *handle, + [in] security_secinfo sec_info, + [out,ref] sec_desc_buf **sdbuf + ); + + /******************/ + /* Function: 0x04 */ + NTSTATUS lsa_SetSecObj( + [in] policy_handle *handle, + [in] security_secinfo sec_info, + [in,ref] sec_desc_buf *sdbuf + ); + + /******************/ + /* Function: 0x05 */ + [todo] NTSTATUS lsa_ChangePassword (); + + + /******************/ + /* Function: 0x06 */ + typedef struct { + uint32 len; /* ignored */ + uint16 impersonation_level; + uint8 context_mode; + uint8 effective_only; + } lsa_QosInfo; + + typedef struct { + uint32 len; /* ignored */ + uint8 *root_dir; + [string,charset(UTF16)] uint16 *object_name; + uint32 attributes; + security_descriptor *sec_desc; + lsa_QosInfo *sec_qos; + } lsa_ObjectAttribute; + + typedef [public,bitmap32bit] bitmap { + LSA_POLICY_VIEW_LOCAL_INFORMATION = 0x00000001, + LSA_POLICY_VIEW_AUDIT_INFORMATION = 0x00000002, + LSA_POLICY_GET_PRIVATE_INFORMATION = 0x00000004, + LSA_POLICY_TRUST_ADMIN = 0x00000008, + LSA_POLICY_CREATE_ACCOUNT = 0x00000010, + LSA_POLICY_CREATE_SECRET = 0x00000020, + LSA_POLICY_CREATE_PRIVILEGE = 0x00000040, + LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x00000080, + LSA_POLICY_SET_AUDIT_REQUIREMENTS = 0x00000100, + LSA_POLICY_AUDIT_LOG_ADMIN = 0x00000200, + LSA_POLICY_SERVER_ADMIN = 0x00000400, + LSA_POLICY_LOOKUP_NAMES = 0x00000800 + } lsa_PolicyAccessMask; + + /* notice the screwup with the system_name - thats why MS created + OpenPolicy2 */ + [public] NTSTATUS lsa_OpenPolicy ( + [in,unique] uint16 *system_name, + [in] lsa_ObjectAttribute *attr, + [in] lsa_PolicyAccessMask access_mask, + [out] policy_handle *handle + ); + + + + /******************/ + /* Function: 0x07 */ + + typedef struct { + uint32 percent_full; + uint32 maximum_log_size; + hyper retention_time; + uint8 shutdown_in_progress; + hyper time_to_shutdown; + uint32 next_audit_record; + } lsa_AuditLogInfo; + + typedef [v1_enum] enum { + LSA_AUDIT_POLICY_NONE=0, + LSA_AUDIT_POLICY_SUCCESS=1, + LSA_AUDIT_POLICY_FAILURE=2, + LSA_AUDIT_POLICY_ALL=(LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE), + LSA_AUDIT_POLICY_CLEAR=4 + } lsa_PolicyAuditPolicy; + + typedef enum { + LSA_AUDIT_CATEGORY_SYSTEM = 0, + LSA_AUDIT_CATEGORY_LOGON = 1, + LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS = 2, + LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS = 3, + LSA_AUDIT_CATEGORY_PROCCESS_TRACKING = 4, + LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES = 5, + LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT = 6, + LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS = 7, /* only in win2k/2k3 */ + LSA_AUDIT_CATEGORY_ACCOUNT_LOGON = 8 /* only in win2k/2k3 */ + } lsa_PolicyAuditEventType; + + typedef struct { + uint32 auditing_mode; + [size_is(count)] lsa_PolicyAuditPolicy *settings; + uint32 count; + } lsa_AuditEventsInfo; + + typedef struct { + lsa_StringLarge name; + dom_sid2 *sid; + } lsa_DomainInfo; + + typedef struct { + lsa_String name; + } lsa_PDAccountInfo; + + typedef [v1_enum] enum { + LSA_ROLE_BACKUP=2, + LSA_ROLE_PRIMARY=3 + } lsa_Role; + + typedef struct { + lsa_Role role; + } lsa_ServerRole; + + typedef struct { + lsa_String source; + lsa_String account; + } lsa_ReplicaSourceInfo; + + typedef struct { + uint32 paged_pool; + uint32 non_paged_pool; + uint32 min_wss; + uint32 max_wss; + uint32 pagefile; + hyper unknown; + } lsa_DefaultQuotaInfo; + + typedef struct { + hyper modified_id; + NTTIME_hyper db_create_time; + } lsa_ModificationInfo; + + typedef struct { + uint8 shutdown_on_full; + } lsa_AuditFullSetInfo; + + typedef struct { + uint8 shutdown_on_full; + uint8 log_is_full; + } lsa_AuditFullQueryInfo; + + typedef struct { + /* it's important that we use the lsa_StringLarge here, + * because otherwise windows clients result with such dns hostnames + * e.g. w2k3-client.samba4.samba.orgsamba4.samba.org + * where it should be + * w2k3-client.samba4.samba.org + */ + lsa_StringLarge name; + lsa_StringLarge dns_domain; + lsa_StringLarge dns_forest; + GUID domain_guid; + dom_sid2 *sid; + } lsa_DnsDomainInfo; + + typedef enum { + LSA_POLICY_INFO_AUDIT_LOG=1, + LSA_POLICY_INFO_AUDIT_EVENTS=2, + LSA_POLICY_INFO_DOMAIN=3, + LSA_POLICY_INFO_PD=4, + LSA_POLICY_INFO_ACCOUNT_DOMAIN=5, + LSA_POLICY_INFO_ROLE=6, + LSA_POLICY_INFO_REPLICA=7, + LSA_POLICY_INFO_QUOTA=8, + LSA_POLICY_INFO_MOD=9, + LSA_POLICY_INFO_AUDIT_FULL_SET=10, + LSA_POLICY_INFO_AUDIT_FULL_QUERY=11, + LSA_POLICY_INFO_DNS=12, + LSA_POLICY_INFO_DNS_INT=13, + LSA_POLICY_INFO_L_ACCOUNT_DOMAIN=14 + } lsa_PolicyInfo; + + typedef [switch_type(uint16)] union { + [case(LSA_POLICY_INFO_AUDIT_LOG)] lsa_AuditLogInfo audit_log; + [case(LSA_POLICY_INFO_AUDIT_EVENTS)] lsa_AuditEventsInfo audit_events; + [case(LSA_POLICY_INFO_DOMAIN)] lsa_DomainInfo domain; + [case(LSA_POLICY_INFO_PD)] lsa_PDAccountInfo pd; + [case(LSA_POLICY_INFO_ACCOUNT_DOMAIN)] lsa_DomainInfo account_domain; + [case(LSA_POLICY_INFO_ROLE)] lsa_ServerRole role; + [case(LSA_POLICY_INFO_REPLICA)] lsa_ReplicaSourceInfo replica; + [case(LSA_POLICY_INFO_QUOTA)] lsa_DefaultQuotaInfo quota; + [case(LSA_POLICY_INFO_MOD)] lsa_ModificationInfo mod; + [case(LSA_POLICY_INFO_AUDIT_FULL_SET)] lsa_AuditFullSetInfo auditfullset; + [case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery; + [case(LSA_POLICY_INFO_DNS)] lsa_DnsDomainInfo dns; + [case(LSA_POLICY_INFO_DNS_INT)] lsa_DnsDomainInfo dns; + [case(LSA_POLICY_INFO_L_ACCOUNT_DOMAIN)] lsa_DomainInfo l_account_domain; + } lsa_PolicyInformation; + + NTSTATUS lsa_QueryInfoPolicy( + [in] policy_handle *handle, + [in] lsa_PolicyInfo level, + [out,ref,switch_is(level)] lsa_PolicyInformation **info + ); + + /******************/ + /* Function: 0x08 */ + NTSTATUS lsa_SetInfoPolicy ( + [in] policy_handle *handle, + [in] lsa_PolicyInfo level, + [in,switch_is(level)] lsa_PolicyInformation *info + ); + + /******************/ + /* Function: 0x09 */ + [todo] NTSTATUS lsa_ClearAuditLog (); + + /******************/ + /* Function: 0x0a */ + [public] NTSTATUS lsa_CreateAccount ( + [in] policy_handle *handle, + [in,ref] dom_sid2 *sid, + [in] uint32 access_mask, + [out] policy_handle *acct_handle + ); + + /******************/ + /* NOTE: This only returns accounts that have at least + one privilege set + */ + /* Function: 0x0b */ + typedef struct { + dom_sid2 *sid; + } lsa_SidPtr; + + typedef [public] struct { + [range(0,1000)] uint32 num_sids; + [size_is(num_sids)] lsa_SidPtr *sids; + } lsa_SidArray; + + [public] NTSTATUS lsa_EnumAccounts( + [in] policy_handle *handle, + [in,out,ref] uint32 *resume_handle, + [out,ref] lsa_SidArray *sids, + [in,range(0,8192)] uint32 num_entries + ); + + /*************************************************/ + /* Function: 0x0c */ + + [public] NTSTATUS lsa_CreateTrustedDomain( + [in] policy_handle *policy_handle, + [in] lsa_DomainInfo *info, + [in] uint32 access_mask, + [out] policy_handle *trustdom_handle + ); + + + /******************/ + /* Function: 0x0d */ + + /* w2k3 treats max_size as max_domains*60 */ + const int LSA_ENUM_TRUST_DOMAIN_MULTIPLIER = 60; + + typedef struct { + uint32 count; + [size_is(count)] lsa_DomainInfo *domains; + } lsa_DomainList; + + NTSTATUS lsa_EnumTrustDom( + [in] policy_handle *handle, + [in,out,ref] uint32 *resume_handle, + [out,ref] lsa_DomainList *domains, + [in] uint32 max_size + ); + + + /******************/ + /* Function: 0x0e */ + typedef [public] enum { + SID_NAME_USE_NONE = 0,/* NOTUSED */ + SID_NAME_USER = 1, /* user */ + SID_NAME_DOM_GRP = 2, /* domain group */ + SID_NAME_DOMAIN = 3, /* domain: don't know what this is */ + SID_NAME_ALIAS = 4, /* local group */ + SID_NAME_WKN_GRP = 5, /* well-known group */ + SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating */ + SID_NAME_INVALID = 7, /* invalid account */ + SID_NAME_UNKNOWN = 8, /* oops. */ + SID_NAME_COMPUTER = 9 /* machine */ + } lsa_SidType; + + typedef struct { + lsa_SidType sid_type; + uint32 rid; + uint32 sid_index; + } lsa_TranslatedSid; + + typedef struct { + [range(0,1000)] uint32 count; + [size_is(count)] lsa_TranslatedSid *sids; + } lsa_TransSidArray; + + const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32; + typedef struct { + [range(0,1000)] uint32 count; + [size_is(count)] lsa_DomainInfo *domains; + uint32 max_size; + } lsa_RefDomainList; + + /* Level 1: Ask everywhere + * Level 2: Ask domain and trusted domains, no builtin and wkn + * Level 3: Only ask domain + * Level 4: W2k3ad: Only ask AD trusts + * Level 5: Only ask transitive forest trusts + * Level 6: Like 4 + */ + + typedef enum { + LSA_LOOKUP_NAMES_ALL = 1, + LSA_LOOKUP_NAMES_DOMAINS_ONLY = 2, + LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3, + LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY = 4, + LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY = 5, + LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6, + LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC = 7 + } lsa_LookupNamesLevel; + + [public] NTSTATUS lsa_LookupNames ( + [in] policy_handle *handle, + [in,range(0,1000)] uint32 num_names, + [in,size_is(num_names)] lsa_String names[], + [out,ref] lsa_RefDomainList **domains, + [in,out,ref] lsa_TransSidArray *sids, + [in] lsa_LookupNamesLevel level, + [in,out,ref] uint32 *count + ); + + + /******************/ + /* Function: 0x0f */ + + typedef struct { + lsa_SidType sid_type; + lsa_String name; + uint32 sid_index; + } lsa_TranslatedName; + + typedef struct { + [range(0,1000)] uint32 count; + [size_is(count)] lsa_TranslatedName *names; + } lsa_TransNameArray; + + [public] NTSTATUS lsa_LookupSids( + [in] policy_handle *handle, + [in,ref] lsa_SidArray *sids, + [out,ref] lsa_RefDomainList **domains, + [in,out,ref] lsa_TransNameArray *names, + [in] uint16 level, + [in,out,ref] uint32 *count + ); + + + /* Function: 0x10 */ + [public] NTSTATUS lsa_CreateSecret( + [in] policy_handle *handle, + [in] lsa_String name, + [in] uint32 access_mask, + [out] policy_handle *sec_handle + ); + + + /*****************************************/ + /* Function: 0x11 */ + NTSTATUS lsa_OpenAccount( + [in] policy_handle *handle, + [in,ref] dom_sid2 *sid, + [in] uint32 access_mask, + [out] policy_handle *acct_handle + ); + + + /****************************************/ + /* Function: 0x12 */ + + typedef struct { + lsa_LUID luid; + uint32 attribute; + } lsa_LUIDAttribute; + + typedef struct { + [range(0,1000)] uint32 count; + uint32 unknown; + [size_is(count)] lsa_LUIDAttribute set[*]; + } lsa_PrivilegeSet; + + NTSTATUS lsa_EnumPrivsAccount( + [in] policy_handle *handle, + [out,ref] lsa_PrivilegeSet **privs + ); + + + /****************************************/ + /* Function: 0x13 */ + NTSTATUS lsa_AddPrivilegesToAccount( + [in] policy_handle *handle, + [in,ref] lsa_PrivilegeSet *privs + ); + + + /****************************************/ + /* Function: 0x14 */ + NTSTATUS lsa_RemovePrivilegesFromAccount( + [in] policy_handle *handle, + [in] uint8 remove_all, + [in,unique] lsa_PrivilegeSet *privs + ); + + /* Function: 0x15 */ + [todo] NTSTATUS lsa_GetQuotasForAccount(); + + /* Function: 0x16 */ + [todo] NTSTATUS lsa_SetQuotasForAccount(); + + typedef [bitmap32bit] bitmap { + LSA_POLICY_MODE_INTERACTIVE = 0x00000001, + LSA_POLICY_MODE_NETWORK = 0x00000002, + LSA_POLICY_MODE_BATCH = 0x00000004, + LSA_POLICY_MODE_SERVICE = 0x00000010, + LSA_POLICY_MODE_PROXY = 0x00000020, + LSA_POLICY_MODE_DENY_INTERACTIVE = 0x00000040, + LSA_POLICY_MODE_DENY_NETWORK = 0x00000080, + LSA_POLICY_MODE_DENY_BATCH = 0x00000100, + LSA_POLICY_MODE_DENY_SERVICE = 0x00000200, + LSA_POLICY_MODE_REMOTE_INTERACTIVE = 0x00000400, + LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE = 0x00000800, + LSA_POLICY_MODE_ALL = 0x00000FF7, + LSA_POLICY_MODE_ALL_NT4 = 0x00000037 + } lsa_SystemAccessModeFlags; + + /* Function: 0x17 */ + NTSTATUS lsa_GetSystemAccessAccount( + [in] policy_handle *handle, + [out,ref] uint32 *access_mask + ); + + /* Function: 0x18 */ + NTSTATUS lsa_SetSystemAccessAccount( + [in] policy_handle *handle, + [in] uint32 access_mask + ); + + /* Function: 0x19 */ + NTSTATUS lsa_OpenTrustedDomain( + [in] policy_handle *handle, + [in] dom_sid2 *sid, + [in] uint32 access_mask, + [out] policy_handle *trustdom_handle + ); + + typedef [flag(NDR_PAHEX)] struct { + uint32 length; + uint32 size; + [size_is(size),length_is(length)] uint8 *data; + } lsa_DATA_BUF; + + typedef [flag(NDR_PAHEX)] struct { + [range(0,65536)] uint32 size; + [size_is(size)] uint8 *data; + } lsa_DATA_BUF2; + + typedef enum { + LSA_TRUSTED_DOMAIN_INFO_NAME = 1, + LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS = 2, + LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET = 3, + LSA_TRUSTED_DOMAIN_INFO_PASSWORD = 4, + LSA_TRUSTED_DOMAIN_INFO_BASIC = 5, + LSA_TRUSTED_DOMAIN_INFO_INFO_EX = 6, + LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO = 7, + LSA_TRUSTED_DOMAIN_INFO_FULL_INFO = 8, + LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL = 9, + LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL = 10, + LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL = 11, + LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL = 12, + LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES = 13 + } lsa_TrustDomInfoEnum; + + typedef [public,bitmap32bit] bitmap { + LSA_TRUST_DIRECTION_INBOUND = 0x00000001, + LSA_TRUST_DIRECTION_OUTBOUND = 0x00000002 + } lsa_TrustDirection; + + typedef [v1_enum] enum { + LSA_TRUST_TYPE_DOWNLEVEL = 0x00000001, + LSA_TRUST_TYPE_UPLEVEL = 0x00000002, + LSA_TRUST_TYPE_MIT = 0x00000003 + } lsa_TrustType; + + typedef [public,bitmap32bit] bitmap { + LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE = 0x00000001, + LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY = 0x00000002, + LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN = 0x00000004, + LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE = 0x00000008, + LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION = 0x00000010, + LSA_TRUST_ATTRIBUTE_WITHIN_FOREST = 0x00000020, + LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL = 0x00000040, + LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION = 0x00000080 + } lsa_TrustAttributes; + + typedef struct { + lsa_StringLarge netbios_name; + } lsa_TrustDomainInfoName; + + + typedef struct { + uint32 entries; + [size_is(entries)] lsa_StringLarge *netbios_names; + } lsa_TrustDomainInfoControllers; + + typedef struct { + uint32 posix_offset; + } lsa_TrustDomainInfoPosixOffset; + + typedef struct { + lsa_DATA_BUF *password; + lsa_DATA_BUF *old_password; + } lsa_TrustDomainInfoPassword; + + typedef struct { + lsa_String netbios_name; + dom_sid2 *sid; + } lsa_TrustDomainInfoBasic; + + typedef struct { + lsa_StringLarge domain_name; + lsa_StringLarge netbios_name; + dom_sid2 *sid; + lsa_TrustDirection trust_direction; + lsa_TrustType trust_type; + lsa_TrustAttributes trust_attributes; + } lsa_TrustDomainInfoInfoEx; + + typedef [public,v1_enum] enum { + TRUST_AUTH_TYPE_NONE = 0, + TRUST_AUTH_TYPE_NT4OWF = 1, + TRUST_AUTH_TYPE_CLEAR = 2, + TRUST_AUTH_TYPE_VERSION = 3 + } lsa_TrustAuthType; + + typedef struct { + NTTIME_hyper last_update_time; + lsa_TrustAuthType AuthType; + lsa_DATA_BUF2 data; + } lsa_TrustDomainInfoBuffer; + + typedef struct { + uint32 incoming_count; + lsa_TrustDomainInfoBuffer *incoming_current_auth_info; + lsa_TrustDomainInfoBuffer *incoming_previous_auth_info; + uint32 outgoing_count; + lsa_TrustDomainInfoBuffer *outgoing_current_auth_info; + lsa_TrustDomainInfoBuffer *outgoing_previous_auth_info; + } lsa_TrustDomainInfoAuthInfo; + + typedef struct { + lsa_TrustDomainInfoInfoEx info_ex; + lsa_TrustDomainInfoPosixOffset posix_offset; + lsa_TrustDomainInfoAuthInfo auth_info; + } lsa_TrustDomainInfoFullInfo; + + typedef struct { + lsa_DATA_BUF2 auth_blob; + } lsa_TrustDomainInfoAuthInfoInternal; + + typedef struct { + lsa_TrustDomainInfoInfoEx info_ex; + lsa_TrustDomainInfoPosixOffset posix_offset; + lsa_TrustDomainInfoAuthInfoInternal auth_info; + } lsa_TrustDomainInfoFullInfoInternal; + + typedef struct { + lsa_TrustDomainInfoInfoEx info_ex; + uint32 forest_trust_length; + [size_is(forest_trust_length)] uint8 *forest_trust_data; + } lsa_TrustDomainInfoInfoEx2Internal; + + typedef struct { + lsa_TrustDomainInfoInfoEx2Internal info; + lsa_TrustDomainInfoPosixOffset posix_offset; + lsa_TrustDomainInfoAuthInfo auth_info; + } lsa_TrustDomainInfoFullInfo2Internal; + + typedef struct { + kerb_EncTypes enc_types; + } lsa_TrustDomainInfoSupportedEncTypes; + + typedef [switch_type(lsa_TrustDomInfoEnum)] union { + [case(LSA_TRUSTED_DOMAIN_INFO_NAME)] + lsa_TrustDomainInfoName name; + [case(LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS)] + lsa_TrustDomainInfoControllers controllers; + [case(LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET)] + lsa_TrustDomainInfoPosixOffset posix_offset; + [case(LSA_TRUSTED_DOMAIN_INFO_PASSWORD)] + lsa_TrustDomainInfoPassword password; + [case(LSA_TRUSTED_DOMAIN_INFO_BASIC)] + lsa_TrustDomainInfoBasic info_basic; + [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX)] + lsa_TrustDomainInfoInfoEx info_ex; + [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO)] + lsa_TrustDomainInfoAuthInfo auth_info; + [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)] + lsa_TrustDomainInfoFullInfo full_info; + [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL)] + lsa_TrustDomainInfoAuthInfoInternal auth_info_internal; + [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL)] + lsa_TrustDomainInfoFullInfoInternal full_info_internal; + [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL)] + lsa_TrustDomainInfoInfoEx2Internal info_ex2_internal; + [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL)] + lsa_TrustDomainInfoFullInfo2Internal full_info2_internal; + [case(LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES)] + lsa_TrustDomainInfoSupportedEncTypes enc_types; + } lsa_TrustedDomainInfo; + + /* Function: 0x1a */ + NTSTATUS lsa_QueryTrustedDomainInfo( + [in] policy_handle *trustdom_handle, + [in] lsa_TrustDomInfoEnum level, + [out,switch_is(level),ref] lsa_TrustedDomainInfo **info + ); + + /* Function: 0x1b */ + NTSTATUS lsa_SetInformationTrustedDomain( + [in] policy_handle *trustdom_handle, + [in] lsa_TrustDomInfoEnum level, + [in,switch_is(level)] lsa_TrustedDomainInfo *info + ); + + /* Function: 0x1c */ + [public] NTSTATUS lsa_OpenSecret( + [in] policy_handle *handle, + [in] lsa_String name, + [in] uint32 access_mask, + [out] policy_handle *sec_handle + ); + + /* Function: 0x1d */ + + [public] NTSTATUS lsa_SetSecret( + [in] policy_handle *sec_handle, + [in,unique] lsa_DATA_BUF *new_val, + [in,unique] lsa_DATA_BUF *old_val + ); + + typedef struct { + lsa_DATA_BUF *buf; + } lsa_DATA_BUF_PTR; + + /* Function: 0x1e */ + [public] NTSTATUS lsa_QuerySecret ( + [in] policy_handle *sec_handle, + [in,out,unique] lsa_DATA_BUF_PTR *new_val, + [in,out,unique] NTTIME_hyper *new_mtime, + [in,out,unique] lsa_DATA_BUF_PTR *old_val, + [in,out,unique] NTTIME_hyper *old_mtime + ); + + /* Function: 0x1f */ + NTSTATUS lsa_LookupPrivValue( + [in] policy_handle *handle, + [in,ref] lsa_String *name, + [out,ref] lsa_LUID *luid + ); + + + /* Function: 0x20 */ + NTSTATUS lsa_LookupPrivName( + [in] policy_handle *handle, + [in,ref] lsa_LUID *luid, + [out,ref] lsa_StringLarge **name + ); + + + /*******************/ + /* Function: 0x21 */ + NTSTATUS lsa_LookupPrivDisplayName( + [in] policy_handle *handle, + [in,ref] lsa_String *name, + [in] uint16 language_id, + [in] uint16 language_id_sys, + [out,ref] lsa_StringLarge **disp_name, + /* see http://www.microsoft.com/globaldev/nlsweb/ for + language definitions */ + [out,ref] uint16 *returned_language_id + ); + + /*******************/ + /* Function: 0x22 */ + NTSTATUS lsa_DeleteObject ( + [in,out] policy_handle *handle + ); + + /*******************/ + /* Function: 0x23 */ + NTSTATUS lsa_EnumAccountsWithUserRight ( + [in] policy_handle *handle, + [in,unique] lsa_String *name, + [out] lsa_SidArray *sids + ); + + /* Function: 0x24 */ + typedef struct { + [string,charset(UTF16)] uint16 *name; + } lsa_RightAttribute; + + typedef struct { + [range(0,256)] uint32 count; + [size_is(count)] lsa_StringLarge *names; + } lsa_RightSet; + + NTSTATUS lsa_EnumAccountRights ( + [in] policy_handle *handle, + [in,ref] dom_sid2 *sid, + [out,ref] lsa_RightSet *rights + ); + + + /**********************/ + /* Function: 0x25 */ + NTSTATUS lsa_AddAccountRights ( + [in] policy_handle *handle, + [in,ref] dom_sid2 *sid, + [in,ref] lsa_RightSet *rights + ); + + /**********************/ + /* Function: 0x26 */ + NTSTATUS lsa_RemoveAccountRights ( + [in] policy_handle *handle, + [in,ref] dom_sid2 *sid, + [in] uint8 remove_all, + [in,ref] lsa_RightSet *rights + ); + + /* Function: 0x27 */ + NTSTATUS lsa_QueryTrustedDomainInfoBySid( + [in] policy_handle *handle, + [in,ref] dom_sid2 *dom_sid, + [in] lsa_TrustDomInfoEnum level, + [out,switch_is(level),ref] lsa_TrustedDomainInfo **info + ); + + /* Function: 0x28 */ + NTSTATUS lsa_SetTrustedDomainInfo( + [in] policy_handle *handle, + [in] dom_sid2 *dom_sid, + [in] lsa_TrustDomInfoEnum level, + [in,switch_is(level)] lsa_TrustedDomainInfo *info + ); + + /* Function: 0x29 */ + NTSTATUS lsa_DeleteTrustedDomain( + [in] policy_handle *handle, + [in] dom_sid2 *dom_sid + ); + + /* Function: 0x2a */ + [todo] NTSTATUS lsa_StorePrivateData(); + /* Function: 0x2b */ + [todo] NTSTATUS lsa_RetrievePrivateData(); + + + /**********************/ + /* Function: 0x2c */ + [public] NTSTATUS lsa_OpenPolicy2 ( + [in,unique] [string,charset(UTF16)] uint16 *system_name, + [in] lsa_ObjectAttribute *attr, + [in] lsa_PolicyAccessMask access_mask, + [out] policy_handle *handle + ); + + /**********************/ + /* Function: 0x2d */ + NTSTATUS lsa_GetUserName( + [in,unique] [string,charset(UTF16)] uint16 *system_name, + [in,out,ref] lsa_String **account_name, + [in,out,unique] lsa_String **authority_name + ); + + /**********************/ + /* Function: 0x2e */ + + NTSTATUS lsa_QueryInfoPolicy2( + [in] policy_handle *handle, + [in] lsa_PolicyInfo level, + [out,ref,switch_is(level)] lsa_PolicyInformation **info + ); + + /* Function 0x2f */ + NTSTATUS lsa_SetInfoPolicy2( + [in] policy_handle *handle, + [in] lsa_PolicyInfo level, + [in,switch_is(level)] lsa_PolicyInformation *info + ); + + /**********************/ + /* Function 0x30 */ + NTSTATUS lsa_QueryTrustedDomainInfoByName( + [in] policy_handle *handle, + [in,ref] lsa_String *trusted_domain, + [in] lsa_TrustDomInfoEnum level, + [out,ref,switch_is(level)] lsa_TrustedDomainInfo **info + ); + + /**********************/ + /* Function 0x31 */ + NTSTATUS lsa_SetTrustedDomainInfoByName( + [in] policy_handle *handle, + [in] lsa_String trusted_domain, + [in] lsa_TrustDomInfoEnum level, + [in,unique,switch_is(level)] lsa_TrustedDomainInfo *info + ); + + /* Function 0x32 */ + + /* w2k3 treats max_size as max_domains*82 */ + const int LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER = 82; + + typedef struct { + uint32 count; + [size_is(count)] lsa_TrustDomainInfoInfoEx *domains; + } lsa_DomainListEx; + + NTSTATUS lsa_EnumTrustedDomainsEx ( + [in] policy_handle *handle, + [in,out] uint32 *resume_handle, + [out] lsa_DomainListEx *domains, + [in] uint32 max_size + ); + + /* Function 0x33 */ + NTSTATUS lsa_CreateTrustedDomainEx( + [in] policy_handle *policy_handle, + [in] lsa_TrustDomainInfoInfoEx *info, + [in] lsa_TrustDomainInfoAuthInfoInternal *auth_info, + [in] uint32 access_mask, + [out] policy_handle *trustdom_handle + ); + + + /* Function 0x34 */ + NTSTATUS lsa_CloseTrustedDomainEx( + [in,out] policy_handle *handle + ); + + /* Function 0x35 */ + + /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000 + for unknown6 - gd */ + typedef struct { + uint32 enforce_restrictions; + hyper service_tkt_lifetime; + hyper user_tkt_lifetime; + hyper user_tkt_renewaltime; + hyper clock_skew; + hyper unknown6; + } lsa_DomainInfoKerberos; + + typedef struct { + uint32 blob_size; + [size_is(blob_size)] uint8 *efs_blob; + } lsa_DomainInfoEfs; + + typedef enum { + LSA_DOMAIN_INFO_POLICY_EFS=2, + LSA_DOMAIN_INFO_POLICY_KERBEROS=3 + } lsa_DomainInfoEnum; + + typedef [switch_type(uint16)] union { + [case(LSA_DOMAIN_INFO_POLICY_EFS)] lsa_DomainInfoEfs efs_info; + [case(LSA_DOMAIN_INFO_POLICY_KERBEROS)] lsa_DomainInfoKerberos kerberos_info; + } lsa_DomainInformationPolicy; + + NTSTATUS lsa_QueryDomainInformationPolicy( + [in] policy_handle *handle, + [in] uint16 level, + [out,ref,switch_is(level)] lsa_DomainInformationPolicy **info + ); + + /* Function 0x36 */ + NTSTATUS lsa_SetDomainInformationPolicy( + [in] policy_handle *handle, + [in] uint16 level, + [in,unique,switch_is(level)] lsa_DomainInformationPolicy *info + ); + + /**********************/ + /* Function 0x37 */ + NTSTATUS lsa_OpenTrustedDomainByName( + [in] policy_handle *handle, + [in] lsa_String name, + [in] uint32 access_mask, + [out] policy_handle *trustdom_handle + ); + + /* Function 0x38 */ + [todo] NTSTATUS lsa_TestCall(); + + /**********************/ + /* Function 0x39 */ + + typedef struct { + lsa_SidType sid_type; + lsa_String name; + uint32 sid_index; + uint32 unknown; + } lsa_TranslatedName2; + + typedef struct { + [range(0,1000)] uint32 count; + [size_is(count)] lsa_TranslatedName2 *names; + } lsa_TransNameArray2; + + [public] NTSTATUS lsa_LookupSids2( + [in] policy_handle *handle, + [in,ref] lsa_SidArray *sids, + [out,ref] lsa_RefDomainList **domains, + [in,out,ref] lsa_TransNameArray2 *names, + [in] uint16 level, + [in,out,ref] uint32 *count, + [in] uint32 unknown1, + [in] uint32 unknown2 + ); + + /**********************/ + /* Function 0x3a */ + + typedef struct { + lsa_SidType sid_type; + uint32 rid; + uint32 sid_index; + uint32 unknown; + } lsa_TranslatedSid2; + + typedef struct { + [range(0,1000)] uint32 count; + [size_is(count)] lsa_TranslatedSid2 *sids; + } lsa_TransSidArray2; + + [public] NTSTATUS lsa_LookupNames2 ( + [in] policy_handle *handle, + [in,range(0,1000)] uint32 num_names, + [in,size_is(num_names)] lsa_String names[], + [out,ref] lsa_RefDomainList **domains, + [in,out,ref] lsa_TransSidArray2 *sids, + [in] lsa_LookupNamesLevel level, + [in,out,ref] uint32 *count, + [in] uint32 lookup_options, + [in] uint32 client_revision /* LSA_CLIENT_REVISION* */ + ); + + /* Function 0x3b */ + NTSTATUS lsa_CreateTrustedDomainEx2( + [in] policy_handle *policy_handle, + [in] lsa_TrustDomainInfoInfoEx *info, + [in] lsa_TrustDomainInfoAuthInfoInternal *auth_info, + [in] uint32 access_mask, + [out] policy_handle *trustdom_handle + ); + + /* Function 0x3c */ + [todo] NTSTATUS lsa_CREDRWRITE(); + + /* Function 0x3d */ + [todo] NTSTATUS lsa_CREDRREAD(); + + /* Function 0x3e */ + [todo] NTSTATUS lsa_CREDRENUMERATE(); + + /* Function 0x3f */ + [todo] NTSTATUS lsa_CREDRWRITEDOMAINCREDENTIALS(); + + /* Function 0x40 */ + [todo] NTSTATUS lsa_CREDRREADDOMAINCREDENTIALS(); + + /* Function 0x41 */ + [todo] NTSTATUS lsa_CREDRDELETE(); + + /* Function 0x42 */ + [todo] NTSTATUS lsa_CREDRGETTARGETINFO(); + + /* Function 0x43 */ + [todo] NTSTATUS lsa_CREDRPROFILELOADED(); + + /**********************/ + /* Function 0x44 */ + typedef struct { + lsa_SidType sid_type; + dom_sid2 *sid; + uint32 sid_index; + uint32 flags; + } lsa_TranslatedSid3; + + typedef struct { + [range(0,1000)] uint32 count; + [size_is(count)] lsa_TranslatedSid3 *sids; + } lsa_TransSidArray3; + + [public] NTSTATUS lsa_LookupNames3 ( + [in] policy_handle *handle, + [in,range(0,1000)] uint32 num_names, + [in,size_is(num_names)] lsa_String names[], + [out,ref] lsa_RefDomainList **domains, + [in,out,ref] lsa_TransSidArray3 *sids, + [in] lsa_LookupNamesLevel level, + [in,out,ref] uint32 *count, + [in] uint32 lookup_options, + [in] uint32 client_revision /* LSA_CLIENT_REVISION* */ + ); + + /* Function 0x45 */ + [todo] NTSTATUS lsa_CREDRGETSESSIONTYPES(); + + /* Function 0x46 */ + [todo] NTSTATUS lsa_LSARREGISTERAUDITEVENT(); + + /* Function 0x47 */ + [todo] NTSTATUS lsa_LSARGENAUDITEVENT(); + + /* Function 0x48 */ + [todo] NTSTATUS lsa_LSARUNREGISTERAUDITEVENT(); + + /* Function 0x49 */ + typedef struct { + [range(0,131072)] uint32 length; + [size_is(length)] uint8 *data; + } lsa_ForestTrustBinaryData; + + typedef struct { + dom_sid2 *domain_sid; + lsa_StringLarge dns_domain_name; + lsa_StringLarge netbios_domain_name; + } lsa_ForestTrustDomainInfo; + + typedef [switch_type(uint32)] union { + [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_String top_level_name; + [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex; + [case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info; + [default] lsa_ForestTrustBinaryData data; + } lsa_ForestTrustData; + + typedef [v1_enum] enum { + LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0, + LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1, + LSA_FOREST_TRUST_DOMAIN_INFO = 2, + LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3 + } lsa_ForestTrustRecordType; + + typedef struct { + uint32 flags; + lsa_ForestTrustRecordType level; + hyper unknown; + [switch_is(level)] lsa_ForestTrustData forest_trust_data; + } lsa_ForestTrustRecord; + + typedef [public] struct { + [range(0,4000)] uint32 count; + [size_is(count)] lsa_ForestTrustRecord **entries; + } lsa_ForestTrustInformation; + + NTSTATUS lsa_lsaRQueryForestTrustInformation( + [in] policy_handle *handle, + [in,ref] lsa_String *trusted_domain_name, + [in] uint16 unknown, /* level ? */ + [out,ref] lsa_ForestTrustInformation **forest_trust_info + ); + + /* Function 0x4a */ + [todo] NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION(); + + /* Function 0x4b */ + [todo] NTSTATUS lsa_CREDRRENAME(); + + /*****************/ + /* Function 0x4c */ + + [public] NTSTATUS lsa_LookupSids3( + [in,ref] lsa_SidArray *sids, + [out,ref] lsa_RefDomainList **domains, + [in,out,ref] lsa_TransNameArray2 *names, + [in] uint16 level, + [in,out,ref] uint32 *count, + [in] uint32 unknown1, + [in] uint32 unknown2 + ); + + const int LSA_CLIENT_REVISION_NO_DNS = 0x00000001; + const int LSA_CLIENT_REVISION_DNS = 0x00000002; + + const int LSA_LOOKUP_OPTIONS_NO_ISOLATED = 0x80000000; + + /* Function 0x4d */ + NTSTATUS lsa_LookupNames4( + [in,range(0,1000)] uint32 num_names, + [in,size_is(num_names)] lsa_String names[], + [out,ref] lsa_RefDomainList **domains, + [in,out,ref] lsa_TransSidArray3 *sids, + [in] lsa_LookupNamesLevel level, + [in,out,ref] uint32 *count, + [in] uint32 lookup_options, + [in] uint32 client_revision /* LSA_CLIENT_REVISION* */ + ); + + /* Function 0x4e */ + [todo] NTSTATUS lsa_LSAROPENPOLICYSCE(); + + /* Function 0x4f */ + [todo] NTSTATUS lsa_LSARADTREGISTERSECURITYEVENTSOURCE(); + + /* Function 0x50 */ + [todo] NTSTATUS lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE(); + + /* Function 0x51 */ + [todo] NTSTATUS lsa_LSARADTREPORTSECURITYEVENT(); + +} -- cgit