4 lsa interface definition
7 import
"misc.idl", "security.idl";
9 [ uuid("12345778-1234-abcd-ef00-0123456789ab"),
11 endpoint("ncacn_np:[\\pipe\\lsarpc]","ncacn_np:[\\pipe\\netlogon]","ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:", "ncalrpc:"),
12 pointer_default(unique),
13 helpstring("Local Security Authority")
16 typedef bitmap security_secinfo security_secinfo
;
17 typedef bitmap kerb_EncTypes kerb_EncTypes
;
19 typedef [public,noejs
] struct {
20 [value
(2*strlen_m
(string))] uint16 length
;
21 [value
(2*strlen_m
(string))] uint16 size
;
22 [charset
(UTF16
),size_is(size
/2),length_is(length
/2)] uint16
*string;
25 typedef [public] struct {
26 [value
(2*strlen_m
(string))] uint16 length
;
27 [value
(2*strlen_m_term
(string))] uint16 size
;
28 [charset
(UTF16
),size_is(size
/2),length_is(length
/2)] uint16
*string;
31 typedef [public] struct {
33 [size_is(count
)] lsa_String
*names
;
36 typedef [public] struct {
37 [value
(strlen_m
(string))] uint16 length
;
38 [value
(strlen_m
(string))] uint16 size
;
39 [charset
(DOS
),size_is(size
),length_is(length
)] uint8
*string;
42 typedef [public] struct {
43 [value
(strlen_m
(string))] uint16 length
;
44 [value
(strlen_m_term
(string))] uint16 size
;
45 [charset
(DOS
),size_is(size
),length_is(length
)] uint8
*string;
46 } lsa_AsciiStringLarge
;
48 typedef [public] struct {
51 [size_is(size
/2),length_is(length
/2)] uint16
*array
;
57 [in,out] policy_handle
*handle
63 [public] NTSTATUS lsa_Delete
(
64 [in] policy_handle
*handle
82 [size_is(count
)] lsa_PrivEntry
*privs
;
85 [public] NTSTATUS lsa_EnumPrivs
(
86 [in] policy_handle
*handle,
87 [in,out] uint32
*resume_handle
,
88 [in] uint32 max_count
,
89 [out] lsa_PrivArray
*privs
95 NTSTATUS lsa_QuerySecurity
(
96 [in] policy_handle
*handle,
97 [in] security_secinfo sec_info
,
98 [out,unique] sec_desc_buf
*sdbuf
104 NTSTATUS lsa_SetSecObj
(
105 [in] policy_handle
*handle,
106 [in] security_secinfo sec_info
,
107 [in,ref] sec_desc_buf
*sdbuf
112 [todo
] NTSTATUS lsa_ChangePassword
();
118 uint32 len
; /* ignored */
119 uint16 impersonation_level
;
121 uint8 effective_only
;
125 uint32 len
; /* ignored */
127 [string,charset
(UTF16
)] uint16
*object_name
;
129 security_descriptor
*sec_desc
;
130 lsa_QosInfo
*sec_qos
;
131 } lsa_ObjectAttribute
;
133 typedef [public,bitmap32bit
] bitmap
{
134 LSA_POLICY_VIEW_LOCAL_INFORMATION
= 0x00000001,
135 LSA_POLICY_VIEW_AUDIT_INFORMATION
= 0x00000002,
136 LSA_POLICY_GET_PRIVATE_INFORMATION
= 0x00000004,
137 LSA_POLICY_TRUST_ADMIN
= 0x00000008,
138 LSA_POLICY_CREATE_ACCOUNT
= 0x00000010,
139 LSA_POLICY_CREATE_SECRET
= 0x00000020,
140 LSA_POLICY_CREATE_PRIVILEGE
= 0x00000040,
141 LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
= 0x00000080,
142 LSA_POLICY_SET_AUDIT_REQUIREMENTS
= 0x00000100,
143 LSA_POLICY_AUDIT_LOG_ADMIN
= 0x00000200,
144 LSA_POLICY_SERVER_ADMIN
= 0x00000400,
145 LSA_POLICY_LOOKUP_NAMES
= 0x00000800
146 } lsa_PolicyAccessMask
;
148 /* notice the screwup with the system_name - thats why MS created
150 [public] NTSTATUS lsa_OpenPolicy
(
151 [in,unique] uint16
*system_name
,
152 [in] lsa_ObjectAttribute
*attr
,
153 [in] lsa_PolicyAccessMask access_mask
,
154 [out] policy_handle
*handle
164 uint32 maximum_log_size
;
165 hyper retention_time
;
166 uint8 shutdown_in_progress
;
167 hyper time_to_shutdown
;
168 uint32 next_audit_record
;
171 typedef [v1_enum] enum {
172 LSA_AUDIT_POLICY_NONE
=0,
173 LSA_AUDIT_POLICY_SUCCESS
=1,
174 LSA_AUDIT_POLICY_FAILURE
=2,
175 LSA_AUDIT_POLICY_ALL
=(LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE
),
176 LSA_AUDIT_POLICY_CLEAR
=4
177 } lsa_PolicyAuditPolicy
;
180 LSA_AUDIT_CATEGORY_SYSTEM
= 0,
181 LSA_AUDIT_CATEGORY_LOGON
= 1,
182 LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS
= 2,
183 LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS
= 3,
184 LSA_AUDIT_CATEGORY_PROCCESS_TRACKING
= 4,
185 LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES
= 5,
186 LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT
= 6,
187 LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS
= 7, /* only in win2k/2k3 */
188 LSA_AUDIT_CATEGORY_ACCOUNT_LOGON
= 8 /* only in win2k/2k3 */
189 } lsa_PolicyAuditEventType
;
192 uint32 auditing_mode
;
193 [size_is(count
)] lsa_PolicyAuditPolicy
*settings
;
195 } lsa_AuditEventsInfo
;
198 lsa_StringLarge name
;
206 typedef [v1_enum] enum {
218 } lsa_ReplicaSourceInfo
;
222 uint32 non_paged_pool
;
227 } lsa_DefaultQuotaInfo
;
231 NTTIME_hyper db_create_time
;
232 } lsa_ModificationInfo
;
235 uint8 shutdown_on_full
;
236 } lsa_AuditFullSetInfo
;
239 uint8 shutdown_on_full
;
241 } lsa_AuditFullQueryInfo
;
244 /* it's important that we use the lsa_StringLarge here,
245 * because otherwise windows clients result with such dns hostnames
246 * e.g. w2k3-client.samba4.samba.orgsamba4.samba.org
248 * w2k3-client.samba4.samba.org
250 lsa_StringLarge name
;
251 lsa_StringLarge dns_domain
;
252 lsa_StringLarge dns_forest
;
258 LSA_POLICY_INFO_AUDIT_LOG
=1,
259 LSA_POLICY_INFO_AUDIT_EVENTS
=2,
260 LSA_POLICY_INFO_DOMAIN
=3,
261 LSA_POLICY_INFO_PD
=4,
262 LSA_POLICY_INFO_ACCOUNT_DOMAIN
=5,
263 LSA_POLICY_INFO_ROLE
=6,
264 LSA_POLICY_INFO_REPLICA
=7,
265 LSA_POLICY_INFO_QUOTA
=8,
266 LSA_POLICY_INFO_MOD
=9,
267 LSA_POLICY_INFO_AUDIT_FULL_SET
=10,
268 LSA_POLICY_INFO_AUDIT_FULL_QUERY
=11,
269 LSA_POLICY_INFO_DNS
=12,
270 LSA_POLICY_INFO_DNS_INT
=13,
271 LSA_POLICY_INFO_L_ACCOUNT_DOMAIN
=14
274 typedef [switch_type(uint16
)] union {
275 [case(LSA_POLICY_INFO_AUDIT_LOG
)] lsa_AuditLogInfo audit_log
;
276 [case(LSA_POLICY_INFO_AUDIT_EVENTS
)] lsa_AuditEventsInfo audit_events
;
277 [case(LSA_POLICY_INFO_DOMAIN
)] lsa_DomainInfo domain
;
278 [case(LSA_POLICY_INFO_PD
)] lsa_PDAccountInfo pd
;
279 [case(LSA_POLICY_INFO_ACCOUNT_DOMAIN
)] lsa_DomainInfo account_domain
;
280 [case(LSA_POLICY_INFO_ROLE
)] lsa_ServerRole role
;
281 [case(LSA_POLICY_INFO_REPLICA
)] lsa_ReplicaSourceInfo replica
;
282 [case(LSA_POLICY_INFO_QUOTA
)] lsa_DefaultQuotaInfo quota
;
283 [case(LSA_POLICY_INFO_MOD
)] lsa_ModificationInfo mod
;
284 [case(LSA_POLICY_INFO_AUDIT_FULL_SET
)] lsa_AuditFullSetInfo auditfullset
;
285 [case(LSA_POLICY_INFO_AUDIT_FULL_QUERY
)] lsa_AuditFullQueryInfo auditfullquery
;
286 [case(LSA_POLICY_INFO_DNS
)] lsa_DnsDomainInfo dns
;
287 [case(LSA_POLICY_INFO_DNS_INT
)] lsa_DnsDomainInfo dns
;
288 [case(LSA_POLICY_INFO_L_ACCOUNT_DOMAIN
)] lsa_DomainInfo l_account_domain
;
289 } lsa_PolicyInformation
;
291 NTSTATUS lsa_QueryInfoPolicy
(
292 [in] policy_handle
*handle,
293 [in] lsa_PolicyInfo level
,
294 [out,unique,switch_is(level
)] lsa_PolicyInformation
*info
299 NTSTATUS lsa_SetInfoPolicy
(
300 [in] policy_handle
*handle,
301 [in] lsa_PolicyInfo level
,
302 [in,switch_is(level
)] lsa_PolicyInformation
*info
307 [todo
] NTSTATUS lsa_ClearAuditLog
();
311 [public] NTSTATUS lsa_CreateAccount
(
312 [in] policy_handle
*handle,
313 [in,ref] dom_sid2
*sid
,
314 [in] uint32 access_mask
,
315 [out] policy_handle
*acct_handle
319 /* NOTE: This only returns accounts that have at least
327 typedef [public] struct {
328 [range(0,1000)] uint32 num_sids
;
329 [size_is(num_sids
)] lsa_SidPtr
*sids
;
332 [public] NTSTATUS lsa_EnumAccounts
(
333 [in] policy_handle
*handle,
334 [in,out] uint32
*resume_handle
,
335 [in,range(0,8192)] uint32 num_entries
,
336 [out] lsa_SidArray
*sids
340 /*************************************************/
343 [public] NTSTATUS lsa_CreateTrustedDomain
(
344 [in] policy_handle
*policy_handle
,
345 [in] lsa_DomainInfo
*info
,
346 [in] uint32 access_mask
,
347 [out] policy_handle
*trustdom_handle
354 /* w2k3 treats max_size as max_domains*60 */
355 const int LSA_ENUM_TRUST_DOMAIN_MULTIPLIER
= 60;
359 [size_is(count
)] lsa_DomainInfo
*domains
;
362 NTSTATUS lsa_EnumTrustDom
(
363 [in] policy_handle
*handle,
364 [in,out] uint32
*resume_handle
,
365 [in] uint32 max_size
,
366 [out] lsa_DomainList
*domains
372 typedef [public] enum {
373 SID_NAME_USE_NONE
= 0,/* NOTUSED */
374 SID_NAME_USER
= 1, /* user */
375 SID_NAME_DOM_GRP
= 2, /* domain group */
376 SID_NAME_DOMAIN
= 3, /* domain: don't know what this is */
377 SID_NAME_ALIAS
= 4, /* local group */
378 SID_NAME_WKN_GRP
= 5, /* well-known group */
379 SID_NAME_DELETED
= 6, /* deleted account: needed for c2 rating */
380 SID_NAME_INVALID
= 7, /* invalid account */
381 SID_NAME_UNKNOWN
= 8, /* oops. */
382 SID_NAME_COMPUTER
= 9 /* machine */
386 lsa_SidType sid_type
;
392 [range(0,1000)] uint32 count
;
393 [size_is(count
)] lsa_TranslatedSid
*sids
;
396 const int LSA_REF_DOMAIN_LIST_MULTIPLIER
= 32;
398 [range(0,1000)] uint32 count
;
399 [size_is(count
)] lsa_DomainInfo
*domains
;
403 /* Level 1: Ask everywhere
404 * Level 2: Ask domain and trusted domains, no builtin and wkn
405 * Level 3: Only ask domain
406 * Level 4: W2k3ad: Only ask AD trusts
407 * Level 5: Only ask transitive forest trusts
412 LSA_LOOKUP_NAMES_ALL
= 1,
413 LSA_LOOKUP_NAMES_DOMAINS_ONLY
= 2,
414 LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY
= 3,
415 LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY
= 4,
416 LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY
= 5,
417 LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2
= 6,
418 LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC
= 7
419 } lsa_LookupNamesLevel
;
421 [public] NTSTATUS lsa_LookupNames
(
422 [in] policy_handle
*handle,
423 [in,range(0,1000)] uint32 num_names
,
424 [in,size_is(num_names
)] lsa_String names
[],
425 [out,unique] lsa_RefDomainList
*domains
,
426 [in,out] lsa_TransSidArray
*sids
,
427 [in] lsa_LookupNamesLevel level
,
428 [in,out] uint32
*count
436 lsa_SidType sid_type
;
439 } lsa_TranslatedName
;
442 [range(0,1000)] uint32 count
;
443 [size_is(count
)] lsa_TranslatedName
*names
;
444 } lsa_TransNameArray
;
446 [public] NTSTATUS lsa_LookupSids
(
447 [in] policy_handle
*handle,
448 [in] lsa_SidArray
*sids
,
449 [out,unique] lsa_RefDomainList
*domains
,
450 [in,out] lsa_TransNameArray
*names
,
452 [in,out] uint32
*count
457 [public] NTSTATUS lsa_CreateSecret
(
458 [in] policy_handle
*handle,
459 [in] lsa_String name
,
460 [in] uint32 access_mask
,
461 [out] policy_handle
*sec_handle
465 /*****************************************/
467 NTSTATUS lsa_OpenAccount
(
468 [in] policy_handle
*handle,
469 [in,ref] dom_sid2
*sid
,
470 [in] uint32 access_mask
,
471 [out] policy_handle
*acct_handle
475 /****************************************/
484 [range(0,1000)] uint32 count
;
486 [size_is(count
)] lsa_LUIDAttribute set
[*];
489 NTSTATUS lsa_EnumPrivsAccount
(
490 [in] policy_handle
*handle,
491 [out,unique] lsa_PrivilegeSet
*privs
495 /****************************************/
497 NTSTATUS lsa_AddPrivilegesToAccount
(
498 [in] policy_handle
*handle,
499 [in,ref] lsa_PrivilegeSet
*privs
503 /****************************************/
505 NTSTATUS lsa_RemovePrivilegesFromAccount
(
506 [in] policy_handle
*handle,
507 [in] uint8 remove_all
,
508 [in,unique] lsa_PrivilegeSet
*privs
512 [todo
] NTSTATUS lsa_GetQuotasForAccount
();
515 [todo
] NTSTATUS lsa_SetQuotasForAccount
();
517 typedef [bitmap32bit
] bitmap
{
518 LSA_POLICY_MODE_INTERACTIVE
= 0x00000001,
519 LSA_POLICY_MODE_NETWORK
= 0x00000002,
520 LSA_POLICY_MODE_BATCH
= 0x00000004,
521 LSA_POLICY_MODE_SERVICE
= 0x00000010,
522 LSA_POLICY_MODE_PROXY
= 0x00000020,
523 LSA_POLICY_MODE_DENY_INTERACTIVE
= 0x00000040,
524 LSA_POLICY_MODE_DENY_NETWORK
= 0x00000080,
525 LSA_POLICY_MODE_DENY_BATCH
= 0x00000100,
526 LSA_POLICY_MODE_DENY_SERVICE
= 0x00000200,
527 LSA_POLICY_MODE_REMOTE_INTERACTIVE
= 0x00000400,
528 LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE
= 0x00000800,
529 LSA_POLICY_MODE_ALL
= 0x00000FF7,
530 LSA_POLICY_MODE_ALL_NT4
= 0x00000037
531 } lsa_SystemAccessModeFlags
;
534 NTSTATUS lsa_GetSystemAccessAccount
(
535 [in] policy_handle
*handle,
536 [out,ref] uint32
*access_mask
540 NTSTATUS lsa_SetSystemAccessAccount
(
541 [in] policy_handle
*handle,
542 [in] uint32 access_mask
546 NTSTATUS lsa_OpenTrustedDomain
(
547 [in] policy_handle
*handle,
549 [in] uint32 access_mask
,
550 [out] policy_handle
*trustdom_handle
553 typedef [flag
(NDR_PAHEX
)] struct {
556 [size_is(size
),length_is(length
)] uint8
*data
;
559 typedef [flag
(NDR_PAHEX
)] struct {
560 [range(0,65536)] uint32 size
;
561 [size_is(size
)] uint8
*data
;
565 LSA_TRUSTED_DOMAIN_INFO_NAME
= 1,
566 LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS
= 2,
567 LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET
= 3,
568 LSA_TRUSTED_DOMAIN_INFO_PASSWORD
= 4,
569 LSA_TRUSTED_DOMAIN_INFO_BASIC
= 5,
570 LSA_TRUSTED_DOMAIN_INFO_INFO_EX
= 6,
571 LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO
= 7,
572 LSA_TRUSTED_DOMAIN_INFO_FULL_INFO
= 8,
573 LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL
= 9,
574 LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL
= 10,
575 LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL
= 11,
576 LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL
= 12,
577 LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES
= 13
578 } lsa_TrustDomInfoEnum
;
580 typedef [public,bitmap32bit
] bitmap
{
581 LSA_TRUST_DIRECTION_INBOUND
= 0x00000001,
582 LSA_TRUST_DIRECTION_OUTBOUND
= 0x00000002
583 } lsa_TrustDirection
;
585 typedef [v1_enum] enum {
586 LSA_TRUST_TYPE_DOWNLEVEL
= 0x00000001,
587 LSA_TRUST_TYPE_UPLEVEL
= 0x00000002,
588 LSA_TRUST_TYPE_MIT
= 0x00000003
591 typedef [public,bitmap32bit
] bitmap
{
592 LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
= 0x00000001,
593 LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
= 0x00000002,
594 LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
= 0x00000004,
595 LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
= 0x00000008,
596 LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
= 0x00000010,
597 LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
= 0x00000020,
598 LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
= 0x00000040,
599 LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
= 0x00000080
600 } lsa_TrustAttributes
;
603 lsa_StringLarge netbios_name
;
604 } lsa_TrustDomainInfoName
;
609 [size_is(entries
)] lsa_StringLarge
*netbios_names
;
610 } lsa_TrustDomainInfoControllers
;
614 } lsa_TrustDomainInfoPosixOffset
;
617 lsa_DATA_BUF
*password
;
618 lsa_DATA_BUF
*old_password
;
619 } lsa_TrustDomainInfoPassword
;
622 lsa_String netbios_name
;
624 } lsa_TrustDomainInfoBasic
;
627 lsa_StringLarge domain_name
;
628 lsa_StringLarge netbios_name
;
630 lsa_TrustDirection trust_direction
;
631 lsa_TrustType trust_type
;
632 lsa_TrustAttributes trust_attributes
;
633 } lsa_TrustDomainInfoInfoEx
;
635 typedef [public,v1_enum] enum {
636 TRUST_AUTH_TYPE_NONE
= 0,
637 TRUST_AUTH_TYPE_NT4OWF
= 1,
638 TRUST_AUTH_TYPE_CLEAR
= 2,
639 TRUST_AUTH_TYPE_VERSION
= 3
643 NTTIME_hyper last_update_time
;
644 lsa_TrustAuthType AuthType
;
646 } lsa_TrustDomainInfoBuffer
;
649 uint32 incoming_count
;
650 lsa_TrustDomainInfoBuffer
*incoming_current_auth_info
;
651 lsa_TrustDomainInfoBuffer
*incoming_previous_auth_info
;
652 uint32 outgoing_count
;
653 lsa_TrustDomainInfoBuffer
*outgoing_current_auth_info
;
654 lsa_TrustDomainInfoBuffer
*outgoing_previous_auth_info
;
655 } lsa_TrustDomainInfoAuthInfo
;
658 lsa_TrustDomainInfoInfoEx info_ex
;
659 lsa_TrustDomainInfoPosixOffset posix_offset
;
660 lsa_TrustDomainInfoAuthInfo auth_info
;
661 } lsa_TrustDomainInfoFullInfo
;
664 lsa_DATA_BUF2 auth_blob
;
665 } lsa_TrustDomainInfoAuthInfoInternal
;
668 lsa_TrustDomainInfoInfoEx info_ex
;
669 lsa_TrustDomainInfoPosixOffset posix_offset
;
670 lsa_TrustDomainInfoAuthInfoInternal auth_info
;
671 } lsa_TrustDomainInfoFullInfoInternal
;
674 lsa_TrustDomainInfoInfoEx info_ex
;
675 uint32 forest_trust_length
;
676 [size_is(forest_trust_length
)] uint8
*forest_trust_data
;
677 } lsa_TrustDomainInfoInfoEx2Internal
;
680 lsa_TrustDomainInfoInfoEx2Internal info
;
681 lsa_TrustDomainInfoPosixOffset posix_offset
;
682 lsa_TrustDomainInfoAuthInfo auth_info
;
683 } lsa_TrustDomainInfoFullInfo2Internal
;
686 kerb_EncTypes enc_types
;
687 } lsa_TrustDomainInfoSupportedEncTypes
;
689 typedef [switch_type(lsa_TrustDomInfoEnum
)] union {
690 [case(LSA_TRUSTED_DOMAIN_INFO_NAME
)]
691 lsa_TrustDomainInfoName name
;
692 [case(LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS
)]
693 lsa_TrustDomainInfoControllers controllers
;
694 [case(LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET
)]
695 lsa_TrustDomainInfoPosixOffset posix_offset
;
696 [case(LSA_TRUSTED_DOMAIN_INFO_PASSWORD
)]
697 lsa_TrustDomainInfoPassword password
;
698 [case(LSA_TRUSTED_DOMAIN_INFO_BASIC
)]
699 lsa_TrustDomainInfoBasic info_basic
;
700 [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX
)]
701 lsa_TrustDomainInfoInfoEx info_ex
;
702 [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO
)]
703 lsa_TrustDomainInfoAuthInfo auth_info
;
704 [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO
)]
705 lsa_TrustDomainInfoFullInfo full_info
;
706 [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL
)]
707 lsa_TrustDomainInfoAuthInfoInternal auth_info_internal
;
708 [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL
)]
709 lsa_TrustDomainInfoFullInfoInternal full_info_internal
;
710 [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL
)]
711 lsa_TrustDomainInfoInfoEx2Internal info_ex2_internal
;
712 [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL
)]
713 lsa_TrustDomainInfoFullInfo2Internal full_info2_internal
;
714 [case(LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES
)]
715 lsa_TrustDomainInfoSupportedEncTypes enc_types
;
716 } lsa_TrustedDomainInfo
;
719 NTSTATUS lsa_QueryTrustedDomainInfo
(
720 [in] policy_handle
*trustdom_handle
,
721 [in] lsa_TrustDomInfoEnum level
,
722 [out,switch_is(level
),unique] lsa_TrustedDomainInfo
*info
726 NTSTATUS lsa_SetInformationTrustedDomain
(
727 [in] policy_handle
*trustdom_handle
,
728 [in] lsa_TrustDomInfoEnum level
,
729 [in,switch_is(level
)] lsa_TrustedDomainInfo
*info
733 [public] NTSTATUS lsa_OpenSecret
(
734 [in] policy_handle
*handle,
735 [in] lsa_String name
,
736 [in] uint32 access_mask
,
737 [out] policy_handle
*sec_handle
742 [public] NTSTATUS lsa_SetSecret
(
743 [in] policy_handle
*sec_handle
,
744 [in,unique] lsa_DATA_BUF
*new_val
,
745 [in,unique] lsa_DATA_BUF
*old_val
753 [public] NTSTATUS lsa_QuerySecret
(
754 [in] policy_handle
*sec_handle
,
755 [in,out,unique] lsa_DATA_BUF_PTR
*new_val
,
756 [in,out,unique] NTTIME_hyper
*new_mtime
,
757 [in,out,unique] lsa_DATA_BUF_PTR
*old_val
,
758 [in,out,unique] NTTIME_hyper
*old_mtime
762 NTSTATUS lsa_LookupPrivValue
(
763 [in] policy_handle
*handle,
764 [in,ref] lsa_String
*name
,
765 [out,ref] lsa_LUID
*luid
770 NTSTATUS lsa_LookupPrivName
(
771 [in] policy_handle
*handle,
773 [out,unique] lsa_StringLarge
*name
777 /*******************/
779 NTSTATUS lsa_LookupPrivDisplayName
(
780 [in] policy_handle
*handle,
781 [in] lsa_String
*name
,
782 [out,unique] lsa_StringLarge
*disp_name
,
783 /* see http://www.microsoft.com/globaldev/nlsweb/ for
784 language definitions */
785 [in,out] uint16
*language_id
,
789 /*******************/
791 NTSTATUS lsa_DeleteObject
(
792 [in,out] policy_handle
*handle
797 /*******************/
799 NTSTATUS lsa_EnumAccountsWithUserRight
(
800 [in] policy_handle
*handle,
801 [in,unique] lsa_String
*name
,
802 [out] lsa_SidArray
*sids
807 [string,charset
(UTF16
)] uint16
*name
;
808 } lsa_RightAttribute
;
811 [range(0,256)] uint32 count
;
812 [size_is(count
)] lsa_StringLarge
*names
;
815 NTSTATUS lsa_EnumAccountRights
(
816 [in] policy_handle
*handle,
817 [in,ref] dom_sid2
*sid
,
818 [out,ref] lsa_RightSet
*rights
822 /**********************/
824 NTSTATUS lsa_AddAccountRights
(
825 [in] policy_handle
*handle,
826 [in,ref] dom_sid2
*sid
,
827 [in,ref] lsa_RightSet
*rights
830 /**********************/
832 NTSTATUS lsa_RemoveAccountRights
(
833 [in] policy_handle
*handle,
834 [in,ref] dom_sid2
*sid
,
835 [in] uint8 remove_all
,
836 [in,ref] lsa_RightSet
*rights
840 NTSTATUS lsa_QueryTrustedDomainInfoBySid
(
841 [in] policy_handle
*handle,
842 [in] dom_sid2
*dom_sid
,
843 [in] lsa_TrustDomInfoEnum level
,
844 [out,switch_is(level
),unique] lsa_TrustedDomainInfo
*info
848 NTSTATUS lsa_SetTrustedDomainInfo
(
849 [in] policy_handle
*handle,
850 [in] dom_sid2
*dom_sid
,
851 [in] lsa_TrustDomInfoEnum level
,
852 [in,switch_is(level
)] lsa_TrustedDomainInfo
*info
855 NTSTATUS lsa_DeleteTrustedDomain
(
856 [in] policy_handle
*handle,
857 [in] dom_sid2
*dom_sid
861 [todo
] NTSTATUS lsa_StorePrivateData
();
863 [todo
] NTSTATUS lsa_RetrievePrivateData
();
866 /**********************/
868 [public] NTSTATUS lsa_OpenPolicy2
(
869 [in,unique] [string,charset
(UTF16
)] uint16
*system_name
,
870 [in] lsa_ObjectAttribute
*attr
,
871 [in] lsa_PolicyAccessMask access_mask
,
872 [out] policy_handle
*handle
875 /**********************/
881 NTSTATUS lsa_GetUserName
(
882 [in,unique] [string,charset
(UTF16
)] uint16
*system_name
,
883 [in,out,unique] lsa_String
*account_name
,
884 [in,out,unique] lsa_StringPointer
*authority_name
887 /**********************/
890 NTSTATUS lsa_QueryInfoPolicy2
(
891 [in] policy_handle
*handle,
892 [in] lsa_PolicyInfo level
,
893 [out,unique,switch_is(level
)] lsa_PolicyInformation
*info
897 NTSTATUS lsa_SetInfoPolicy2
(
898 [in] policy_handle
*handle,
899 [in] lsa_PolicyInfo level
,
900 [in,switch_is(level
)] lsa_PolicyInformation
*info
903 /**********************/
905 NTSTATUS lsa_QueryTrustedDomainInfoByName
(
906 [in] policy_handle
*handle,
907 [in] lsa_String trusted_domain
,
908 [in] lsa_TrustDomInfoEnum level
,
909 [out,unique,switch_is(level
)] lsa_TrustedDomainInfo
*info
912 /**********************/
914 NTSTATUS lsa_SetTrustedDomainInfoByName
(
915 [in] policy_handle
*handle,
916 [in] lsa_String trusted_domain
,
917 [in] lsa_TrustDomInfoEnum level
,
918 [in,unique,switch_is(level
)] lsa_TrustedDomainInfo
*info
923 /* w2k3 treats max_size as max_domains*82 */
924 const int LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER
= 82;
928 [size_is(count
)] lsa_TrustDomainInfoInfoEx
*domains
;
931 NTSTATUS lsa_EnumTrustedDomainsEx
(
932 [in] policy_handle
*handle,
933 [in,out] uint32
*resume_handle
,
934 [out] lsa_DomainListEx
*domains
,
939 NTSTATUS lsa_CreateTrustedDomainEx
(
940 [in] policy_handle
*policy_handle
,
941 [in] lsa_TrustDomainInfoInfoEx
*info
,
942 [in] lsa_TrustDomainInfoAuthInfoInternal
*auth_info
,
943 [in] uint32 access_mask
,
944 [out] policy_handle
*trustdom_handle
949 NTSTATUS lsa_CloseTrustedDomainEx
(
950 [in,out] policy_handle
*handle
955 /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000
958 uint32 enforce_restrictions
;
959 hyper service_tkt_lifetime
;
960 hyper user_tkt_lifetime
;
961 hyper user_tkt_renewaltime
;
964 } lsa_DomainInfoKerberos
;
968 [size_is(blob_size
)] uint8
*efs_blob
;
972 LSA_DOMAIN_INFO_POLICY_EFS
=2,
973 LSA_DOMAIN_INFO_POLICY_KERBEROS
=3
974 } lsa_DomainInfoEnum
;
976 typedef [switch_type(uint16
)] union {
977 [case(LSA_DOMAIN_INFO_POLICY_EFS
)] lsa_DomainInfoEfs efs_info
;
978 [case(LSA_DOMAIN_INFO_POLICY_KERBEROS
)] lsa_DomainInfoKerberos kerberos_info
;
979 } lsa_DomainInformationPolicy
;
981 NTSTATUS lsa_QueryDomainInformationPolicy
(
982 [in] policy_handle
*handle,
984 [out,unique,switch_is(level
)] lsa_DomainInformationPolicy
*info
988 NTSTATUS lsa_SetDomainInformationPolicy
(
989 [in] policy_handle
*handle,
991 [in,unique,switch_is(level
)] lsa_DomainInformationPolicy
*info
994 /**********************/
996 NTSTATUS lsa_OpenTrustedDomainByName
(
997 [in] policy_handle
*handle,
998 [in] lsa_String name
,
999 [in] uint32 access_mask
,
1000 [out] policy_handle
*trustdom_handle
1004 [todo
] NTSTATUS lsa_TestCall
();
1006 /**********************/
1010 lsa_SidType sid_type
;
1014 } lsa_TranslatedName2
;
1017 [range(0,1000)] uint32 count
;
1018 [size_is(count
)] lsa_TranslatedName2
*names
;
1019 } lsa_TransNameArray2
;
1021 [public] NTSTATUS lsa_LookupSids2
(
1022 [in] policy_handle
*handle,
1023 [in] lsa_SidArray
*sids
,
1024 [out,unique] lsa_RefDomainList
*domains
,
1025 [in,out] lsa_TransNameArray2
*names
,
1027 [in,out] uint32
*count
,
1028 [in] uint32 unknown1
,
1029 [in] uint32 unknown2
1032 /**********************/
1036 lsa_SidType sid_type
;
1040 } lsa_TranslatedSid2
;
1043 [range(0,1000)] uint32 count
;
1044 [size_is(count
)] lsa_TranslatedSid2
*sids
;
1045 } lsa_TransSidArray2
;
1047 [public] NTSTATUS lsa_LookupNames2
(
1048 [in] policy_handle
*handle,
1049 [in,range(0,1000)] uint32 num_names
,
1050 [in,size_is(num_names
)] lsa_String names
[],
1051 [out,unique] lsa_RefDomainList
*domains
,
1052 [in,out] lsa_TransSidArray2
*sids
,
1053 [in] lsa_LookupNamesLevel level
,
1054 [in,out] uint32
*count
,
1055 [in] uint32 lookup_options
,
1056 [in] uint32 client_revision
/* LSA_CLIENT_REVISION* */
1060 NTSTATUS lsa_CreateTrustedDomainEx2
(
1061 [in] policy_handle
*policy_handle
,
1062 [in] lsa_TrustDomainInfoInfoEx
*info
,
1063 [in] lsa_TrustDomainInfoAuthInfoInternal
*auth_info
,
1064 [in] uint32 access_mask
,
1065 [out] policy_handle
*trustdom_handle
1069 [todo
] NTSTATUS lsa_CREDRWRITE
();
1072 [todo
] NTSTATUS lsa_CREDRREAD
();
1075 [todo
] NTSTATUS lsa_CREDRENUMERATE
();
1078 [todo
] NTSTATUS lsa_CREDRWRITEDOMAINCREDENTIALS
();
1081 [todo
] NTSTATUS lsa_CREDRREADDOMAINCREDENTIALS
();
1084 [todo
] NTSTATUS lsa_CREDRDELETE
();
1087 [todo
] NTSTATUS lsa_CREDRGETTARGETINFO
();
1090 [todo
] NTSTATUS lsa_CREDRPROFILELOADED
();
1092 /**********************/
1095 lsa_SidType sid_type
;
1099 } lsa_TranslatedSid3
;
1102 [range(0,1000)] uint32 count
;
1103 [size_is(count
)] lsa_TranslatedSid3
*sids
;
1104 } lsa_TransSidArray3
;
1106 [public] NTSTATUS lsa_LookupNames3
(
1107 [in] policy_handle
*handle,
1108 [in,range(0,1000)] uint32 num_names
,
1109 [in,size_is(num_names
)] lsa_String names
[],
1110 [out,unique] lsa_RefDomainList
*domains
,
1111 [in,out] lsa_TransSidArray3
*sids
,
1112 [in] lsa_LookupNamesLevel level
,
1113 [in,out] uint32
*count
,
1114 [in] uint32 lookup_options
,
1115 [in] uint32 client_revision
/* LSA_CLIENT_REVISION* */
1119 [todo
] NTSTATUS lsa_CREDRGETSESSIONTYPES
();
1122 [todo
] NTSTATUS lsa_LSARREGISTERAUDITEVENT
();
1125 [todo
] NTSTATUS lsa_LSARGENAUDITEVENT
();
1128 [todo
] NTSTATUS lsa_LSARUNREGISTERAUDITEVENT
();
1132 [range(0,131072)] uint32 length
;
1133 [size_is(length
)] uint8
*data
;
1134 } lsa_ForestTrustBinaryData
;
1137 dom_sid2
*domain_sid
;
1138 lsa_StringLarge dns_domain_name
;
1139 lsa_StringLarge netbios_domain_name
;
1140 } lsa_ForestTrustDomainInfo
;
1142 typedef [switch_type(uint32
)] union {
1143 [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME
)] lsa_String top_level_name
;
1144 [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX
)] lsa_StringLarge top_level_name_ex
;
1145 [case(LSA_FOREST_TRUST_DOMAIN_INFO
)] lsa_ForestTrustDomainInfo domain_info
;
1146 [default] lsa_ForestTrustBinaryData data
;
1147 } lsa_ForestTrustData
;
1149 typedef [v1_enum] enum {
1150 LSA_FOREST_TRUST_TOP_LEVEL_NAME
= 0,
1151 LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX
= 1,
1152 LSA_FOREST_TRUST_DOMAIN_INFO
= 2,
1153 LSA_FOREST_TRUST_RECORD_TYPE_LAST
= 3
1154 } lsa_ForestTrustRecordType
;
1158 lsa_ForestTrustRecordType level
;
1160 [switch_is(level
)] lsa_ForestTrustData forest_trust_data
;
1161 } lsa_ForestTrustRecord
;
1163 typedef [public] struct {
1164 [range(0,4000)] uint32 count
;
1165 [size_is(count
)] lsa_ForestTrustRecord
**entries
;
1166 } lsa_ForestTrustInformation
;
1168 NTSTATUS lsa_lsaRQueryForestTrustInformation
(
1169 [in] policy_handle
*handle,
1170 [in,ref] lsa_String
*trusted_domain_name
,
1171 [in] uint16 unknown
, /* level ? */
1172 [out,ref] lsa_ForestTrustInformation
**forest_trust_info
1176 [todo
] NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION
();
1179 [todo
] NTSTATUS lsa_CREDRRENAME
();
1184 [public] NTSTATUS lsa_LookupSids3
(
1185 [in] lsa_SidArray
*sids
,
1186 [out,unique] lsa_RefDomainList
*domains
,
1187 [in,out] lsa_TransNameArray2
*names
,
1189 [in,out] uint32
*count
,
1190 [in] uint32 unknown1
,
1191 [in] uint32 unknown2
1194 const int LSA_CLIENT_REVISION_NO_DNS
= 0x00000001;
1195 const int LSA_CLIENT_REVISION_DNS
= 0x00000002;
1197 const int LSA_LOOKUP_OPTIONS_NO_ISOLATED
= 0x80000000;
1200 NTSTATUS lsa_LookupNames4
(
1201 [in,range(0,1000)] uint32 num_names
,
1202 [in,size_is(num_names
)] lsa_String names
[],
1203 [out,unique] lsa_RefDomainList
*domains
,
1204 [in,out] lsa_TransSidArray3
*sids
,
1205 [in] lsa_LookupNamesLevel level
,
1206 [in,out] uint32
*count
,
1207 [in] uint32 lookup_options
,
1208 [in] uint32 client_revision
/* LSA_CLIENT_REVISION* */
1212 [todo
] NTSTATUS lsa_LSAROPENPOLICYSCE
();
1215 [todo
] NTSTATUS lsa_LSARADTREGISTERSECURITYEVENTSOURCE
();
1218 [todo
] NTSTATUS lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE
();
1221 [todo
] NTSTATUS lsa_LSARADTREPORTSECURITYEVENT
();