4 lsa interface definition
9 [ uuid("12345778-1234-abcd-ef00-0123456789ab"),
11 endpoint("ncacn_np:[\\pipe\\lsarpc]","ncacn_np:[\\pipe\\netlogon]","ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:", "ncalrpc:"),
12 pointer_default(unique),
13 helpstring("Local Security Authority")
16 typedef bitmap security_secinfo security_secinfo
;
18 typedef [public,noejs
] struct {
19 [value
(2*strlen_m
(string))] uint16 length
;
20 [value
(2*strlen_m
(string))] uint16 size
;
21 [charset
(UTF16
),size_is(size
/2),length_is(length
/2)] uint16
*string;
24 typedef [public] struct {
25 [value
(2*strlen_m
(string))] uint16 length
;
26 [value
(2*(strlen_m
(string)+1))] uint16 size
;
27 [charset
(UTF16
),size_is(size
/2),length_is(length
/2)] uint16
*string;
30 typedef [public] struct {
32 [size_is(count
)] lsa_String
*names
;
35 typedef [public] struct {
36 [value
(strlen_m
(string))] uint16 length
;
37 [value
(strlen_m
(string))] uint16 size
;
38 ascstr_noterm
*string;
44 [in,out] policy_handle
*handle
50 [public] NTSTATUS lsa_Delete
(
51 [in] policy_handle
*handle
69 [size_is(count
)] lsa_PrivEntry
*privs
;
72 [public] NTSTATUS lsa_EnumPrivs
(
73 [in] policy_handle
*handle,
74 [in,out,ref] uint32
*resume_handle
,
75 [out,ref] lsa_PrivArray
*privs
,
82 NTSTATUS lsa_QuerySecurity
(
83 [in] policy_handle
*handle,
84 [in] security_secinfo sec_info
,
85 [out,ref] sec_desc_buf
**sdbuf
91 NTSTATUS lsa_SetSecObj
(
92 [in] policy_handle
*handle,
93 [in] security_secinfo sec_info
,
94 [in,ref] sec_desc_buf
*sdbuf
99 NTSTATUS lsa_ChangePassword
();
105 uint32 len
; /* ignored */
106 uint16 impersonation_level
;
108 uint8 effective_only
;
112 uint32 len
; /* ignored */
114 [string,charset
(UTF16
)] uint16
*object_name
;
116 security_descriptor
*sec_desc
;
117 lsa_QosInfo
*sec_qos
;
118 } lsa_ObjectAttribute
;
120 typedef [public,bitmap32bit
] bitmap
{
121 LSA_POLICY_VIEW_LOCAL_INFORMATION
= 0x00000001,
122 LSA_POLICY_VIEW_AUDIT_INFORMATION
= 0x00000002,
123 LSA_POLICY_GET_PRIVATE_INFORMATION
= 0x00000004,
124 LSA_POLICY_TRUST_ADMIN
= 0x00000008,
125 LSA_POLICY_CREATE_ACCOUNT
= 0x00000010,
126 LSA_POLICY_CREATE_SECRET
= 0x00000020,
127 LSA_POLICY_CREATE_PRIVILEGE
= 0x00000040,
128 LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
= 0x00000080,
129 LSA_POLICY_SET_AUDIT_REQUIREMENTS
= 0x00000100,
130 LSA_POLICY_AUDIT_LOG_ADMIN
= 0x00000200,
131 LSA_POLICY_SERVER_ADMIN
= 0x00000400,
132 LSA_POLICY_LOOKUP_NAMES
= 0x00000800
133 } lsa_PolicyAccessMask
;
135 /* notice the screwup with the system_name - thats why MS created
137 [public] NTSTATUS lsa_OpenPolicy
(
138 [in,unique] uint16
*system_name
,
139 [in] lsa_ObjectAttribute
*attr
,
140 [in] lsa_PolicyAccessMask access_mask
,
141 [out] policy_handle
*handle
152 NTTIME retention_time
;
153 uint8 shutdown_in_progress
;
154 NTTIME time_to_shutdown
;
155 uint32 next_audit_record
;
159 typedef [v1_enum] enum {
160 LSA_AUDIT_POLICY_NONE
=0,
161 LSA_AUDIT_POLICY_SUCCESS
=1,
162 LSA_AUDIT_POLICY_FAILURE
=2,
163 LSA_AUDIT_POLICY_ALL
=(LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE
),
164 LSA_AUDIT_POLICY_CLEAR
=4
165 } lsa_PolicyAuditPolicy
;
168 LSA_AUDIT_CATEGORY_SYSTEM
= 0,
169 LSA_AUDIT_CATEGORY_LOGON
= 1,
170 LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS
= 2,
171 LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS
= 3,
172 LSA_AUDIT_CATEGORY_PROCCESS_TRACKING
= 4,
173 LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES
= 5,
174 LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT
= 6,
175 LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS
= 7, /* only in win2k/2k3 */
176 LSA_AUDIT_CATEGORY_ACCOUNT_LOGON
= 8 /* only in win2k/2k3 */
177 } lsa_PolicyAuditEventType
;
180 uint32 auditing_mode
;
181 [size_is(count
)] lsa_PolicyAuditPolicy
*settings
;
183 } lsa_AuditEventsInfo
;
186 lsa_StringLarge name
;
195 uint16 unknown
; /* an midl padding bug? */
202 } lsa_ReplicaSourceInfo
;
206 uint32 non_paged_pool
;
211 } lsa_DefaultQuotaInfo
;
215 NTTIME db_create_time
;
216 } lsa_ModificationInfo
;
219 uint8 shutdown_on_full
;
220 } lsa_AuditFullSetInfo
;
223 uint16 unknown
; /* an midl padding bug? */
224 uint8 shutdown_on_full
;
226 } lsa_AuditFullQueryInfo
;
229 /* it's important that we use the lsa_StringLarge here,
230 * because otherwise windows clients result with such dns hostnames
231 * e.g. w2k3-client.samba4.samba.orgsamba4.samba.org
233 * w2k3-client.samba4.samba.org
235 lsa_StringLarge name
;
236 lsa_StringLarge dns_domain
;
237 lsa_StringLarge dns_forest
;
243 LSA_POLICY_INFO_AUDIT_LOG
=1,
244 LSA_POLICY_INFO_AUDIT_EVENTS
=2,
245 LSA_POLICY_INFO_DOMAIN
=3,
246 LSA_POLICY_INFO_PD
=4,
247 LSA_POLICY_INFO_ACCOUNT_DOMAIN
=5,
248 LSA_POLICY_INFO_ROLE
=6,
249 LSA_POLICY_INFO_REPLICA
=7,
250 LSA_POLICY_INFO_QUOTA
=8,
251 LSA_POLICY_INFO_DB
=9,
252 LSA_POLICY_INFO_AUDIT_FULL_SET
=10,
253 LSA_POLICY_INFO_AUDIT_FULL_QUERY
=11,
254 LSA_POLICY_INFO_DNS
=12
257 typedef [switch_type(uint16
)] union {
258 [case(LSA_POLICY_INFO_AUDIT_LOG
)] lsa_AuditLogInfo audit_log
;
259 [case(LSA_POLICY_INFO_AUDIT_EVENTS
)] lsa_AuditEventsInfo audit_events
;
260 [case(LSA_POLICY_INFO_DOMAIN
)] lsa_DomainInfo domain
;
261 [case(LSA_POLICY_INFO_PD
)] lsa_PDAccountInfo pd
;
262 [case(LSA_POLICY_INFO_ACCOUNT_DOMAIN
)] lsa_DomainInfo account_domain
;
263 [case(LSA_POLICY_INFO_ROLE
)] lsa_ServerRole role
;
264 [case(LSA_POLICY_INFO_REPLICA
)] lsa_ReplicaSourceInfo replica
;
265 [case(LSA_POLICY_INFO_QUOTA
)] lsa_DefaultQuotaInfo quota
;
266 [case(LSA_POLICY_INFO_DB
)] lsa_ModificationInfo db
;
267 [case(LSA_POLICY_INFO_AUDIT_FULL_SET
)] lsa_AuditFullSetInfo auditfullset
;
268 [case(LSA_POLICY_INFO_AUDIT_FULL_QUERY
)] lsa_AuditFullQueryInfo auditfullquery
;
269 [case(LSA_POLICY_INFO_DNS
)] lsa_DnsDomainInfo dns
;
270 } lsa_PolicyInformation
;
272 NTSTATUS lsa_QueryInfoPolicy
(
273 [in] policy_handle
*handle,
274 [in] lsa_PolicyInfo level
,
275 [out,ref,switch_is(level
)] lsa_PolicyInformation
**info
280 NTSTATUS lsa_SetInfoPolicy
(
281 [in] policy_handle
*handle,
282 [in] lsa_PolicyInfo level
,
283 [in,switch_is(level
)] lsa_PolicyInformation
*info
288 NTSTATUS lsa_ClearAuditLog
();
292 [public] NTSTATUS lsa_CreateAccount
(
293 [in] policy_handle
*handle,
294 [in,ref] dom_sid2
*sid
,
295 [in] uint32 access_mask
,
296 [out] policy_handle
*acct_handle
300 /* NOTE: This only returns accounts that have at least
308 typedef [public] struct {
309 [range(0,1000)] uint32 num_sids
;
310 [size_is(num_sids
)] lsa_SidPtr
*sids
;
313 [public] NTSTATUS lsa_EnumAccounts
(
314 [in] policy_handle
*handle,
315 [in,out,ref] uint32
*resume_handle
,
316 [out,ref] lsa_SidArray
*sids
,
317 [in,range(0,8192)] uint32 num_entries
321 /*************************************************/
324 [public] NTSTATUS lsa_CreateTrustedDomain
(
325 [in] policy_handle
*handle,
326 [in] lsa_DomainInfo
*info
,
327 [in] uint32 access_mask
,
328 [out] policy_handle
*trustdom_handle
335 /* w2k3 treats max_size as max_domains*60 */
336 const int LSA_ENUM_TRUST_DOMAIN_MULTIPLIER
= 60;
340 [size_is(count
)] lsa_DomainInfo
*domains
;
343 NTSTATUS lsa_EnumTrustDom
(
344 [in] policy_handle
*handle,
345 [in,out,ref] uint32
*resume_handle
,
346 [out,ref] lsa_DomainList
*domains
,
354 SID_NAME_USE_NONE
= 0,/* NOTUSED */
355 SID_NAME_USER
= 1, /* user */
356 SID_NAME_DOM_GRP
= 2, /* domain group */
357 SID_NAME_DOMAIN
= 3, /* domain: don't know what this is */
358 SID_NAME_ALIAS
= 4, /* local group */
359 SID_NAME_WKN_GRP
= 5, /* well-known group */
360 SID_NAME_DELETED
= 6, /* deleted account: needed for c2 rating */
361 SID_NAME_INVALID
= 7, /* invalid account */
362 SID_NAME_UNKNOWN
= 8, /* oops. */
363 SID_NAME_COMPUTER
= 9 /* machine */
367 lsa_SidType sid_type
;
373 [range(0,1000)] uint32 count
;
374 [size_is(count
)] lsa_TranslatedSid
*sids
;
377 const int LSA_REF_DOMAIN_LIST_MULTIPLIER
= 32;
378 const int MAX_REF_DOMAINS
= LSA_REF_DOMAIN_LIST_MULTIPLIER
;
381 [range(0,1000)] uint32 count
;
382 [size_is(count
)] lsa_DomainInfo
*domains
;
386 /* Level 1: Ask everywhere
387 * Level 2: Ask domain and trusted domains, no builtin and wkn
388 * Level 3: Only ask domain
389 * Level 4: W2k3ad: Only ask AD trusts
390 * Level 5: Only ask transitive forest trusts
395 LSA_LOOKUP_NAMES_ALL
= 1,
396 LSA_LOOKUP_NAMES_DOMAINS_ONLY
= 2,
397 LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY
= 3,
398 LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY
= 4,
399 LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY
= 5,
400 LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2
= 6
401 } lsa_LookupNamesLevel
;
403 [public] NTSTATUS lsa_LookupNames
(
404 [in] policy_handle
*handle,
405 [in,range(0,1000)] uint32 num_names
,
406 [in,size_is(num_names
)] lsa_String names
[],
407 [out,ref] lsa_RefDomainList
**domains
,
408 [in,out,ref] lsa_TransSidArray
*sids
,
409 [in] lsa_LookupNamesLevel level
,
410 [in,out,ref] uint32
*count
418 lsa_SidType sid_type
;
421 } lsa_TranslatedName
;
424 [range(0,1000)] uint32 count
;
425 [size_is(count
)] lsa_TranslatedName
*names
;
426 } lsa_TransNameArray
;
428 /* This number is based on Win2k and later maximum response allowed */
429 const int MAX_LOOKUP_SIDS
= 0x5000; /* 20480 */
431 [public] NTSTATUS lsa_LookupSids
(
432 [in] policy_handle
*handle,
433 [in,ref] lsa_SidArray
*sids
,
434 [out,ref] lsa_RefDomainList
**domains
,
435 [in,out,ref] lsa_TransNameArray
*names
,
437 [in,out,ref] uint32
*count
442 [public] NTSTATUS lsa_CreateSecret
(
443 [in] policy_handle
*handle,
444 [in] lsa_String name
,
445 [in] uint32 access_mask
,
446 [out] policy_handle
*sec_handle
450 /*****************************************/
452 NTSTATUS lsa_OpenAccount
(
453 [in] policy_handle
*handle,
454 [in,ref] dom_sid2
*sid
,
455 [in] uint32 access_mask
,
456 [out] policy_handle
*acct_handle
460 /****************************************/
469 [range(0,1000)] uint32 count
;
471 [size_is(count
)] lsa_LUIDAttribute set
[*];
474 NTSTATUS lsa_EnumPrivsAccount
(
475 [in] policy_handle
*handle,
476 [out,ref] lsa_PrivilegeSet
**privs
480 /****************************************/
482 NTSTATUS lsa_AddPrivilegesToAccount
(
483 [in] policy_handle
*handle,
484 [in,ref] lsa_PrivilegeSet
*privs
488 /****************************************/
490 NTSTATUS lsa_RemovePrivilegesFromAccount
(
491 [in] policy_handle
*handle,
492 [in] uint8 remove_all
,
493 [in,unique] lsa_PrivilegeSet
*privs
497 NTSTATUS lsa_GetQuotasForAccount
();
500 NTSTATUS lsa_SetQuotasForAccount
();
503 NTSTATUS lsa_GetSystemAccessAccount
(
504 [in] policy_handle
*handle,
505 [out,ref] uint32
*access_mask
509 NTSTATUS lsa_SetSystemAccessAccount
(
510 [in] policy_handle
*handle,
511 [in] uint32 access_mask
515 NTSTATUS lsa_OpenTrustedDomain
(
516 [in] policy_handle
*handle,
518 [in] uint32 access_mask
,
519 [out] policy_handle
*trustdom_handle
522 typedef [flag
(NDR_PAHEX
)] struct {
525 [size_is(size
),length_is(length
)] uint8
*data
;
528 typedef [flag
(NDR_PAHEX
)] struct {
529 [range(0,65536)] uint32 size
;
530 [size_is(size
)] uint8
*data
;
534 LSA_TRUSTED_DOMAIN_INFO_NAME
= 1,
535 LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS_INFO
= 2,
536 LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET
= 3,
537 LSA_TRUSTED_DOMAIN_INFO_PASSWORD
= 4,
538 LSA_TRUSTED_DOMAIN_INFO_BASIC
= 5,
539 LSA_TRUSTED_DOMAIN_INFO_INFO_EX
= 6,
540 LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO
= 7,
541 LSA_TRUSTED_DOMAIN_INFO_FULL_INFO
= 8,
542 LSA_TRUSTED_DOMAIN_INFO_11
= 11,
543 LSA_TRUSTED_DOMAIN_INFO_INFO_ALL
= 12
544 } lsa_TrustDomInfoEnum
;
547 lsa_StringLarge netbios_name
;
548 } lsa_TrustDomainInfoName
;
552 } lsa_TrustDomainInfoPosixOffset
;
555 lsa_DATA_BUF
*password
;
556 lsa_DATA_BUF
*old_password
;
557 } lsa_TrustDomainInfoPassword
;
560 lsa_String netbios_name
;
562 } lsa_TrustDomainInfoBasic
;
565 lsa_StringLarge domain_name
;
566 lsa_StringLarge netbios_name
;
568 uint32 trust_direction
;
570 uint32 trust_attributes
;
571 } lsa_TrustDomainInfoInfoEx
;
574 NTTIME_hyper last_update_time
;
577 } lsa_TrustDomainInfoBuffer
;
580 uint32 incoming_count
;
581 lsa_TrustDomainInfoBuffer
*incoming_current_auth_info
;
582 lsa_TrustDomainInfoBuffer
*incoming_previous_auth_info
;
583 uint32 outgoing_count
;
584 lsa_TrustDomainInfoBuffer
*outgoing_current_auth_info
;
585 lsa_TrustDomainInfoBuffer
*outgoing_previous_auth_info
;
586 } lsa_TrustDomainInfoAuthInfo
;
589 lsa_TrustDomainInfoInfoEx info_ex
;
590 lsa_TrustDomainInfoPosixOffset posix_offset
;
591 lsa_TrustDomainInfoAuthInfo auth_info
;
592 } lsa_TrustDomainInfoFullInfo
;
595 lsa_TrustDomainInfoInfoEx info_ex
;
597 } lsa_TrustDomainInfo11
;
600 lsa_TrustDomainInfoInfoEx info_ex
;
602 lsa_TrustDomainInfoPosixOffset posix_offset
;
603 lsa_TrustDomainInfoAuthInfo auth_info
;
604 } lsa_TrustDomainInfoInfoAll
;
606 typedef [switch_type(lsa_TrustDomInfoEnum
)] union {
607 [case(LSA_TRUSTED_DOMAIN_INFO_NAME
)] lsa_TrustDomainInfoName name
;
608 [case(LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET
)] lsa_TrustDomainInfoPosixOffset posix_offset
;
609 [case(LSA_TRUSTED_DOMAIN_INFO_PASSWORD
)] lsa_TrustDomainInfoPassword password
;
610 [case(LSA_TRUSTED_DOMAIN_INFO_BASIC
)] lsa_TrustDomainInfoBasic info_basic
;
611 [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX
)] lsa_TrustDomainInfoInfoEx info_ex
;
612 [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO
)] lsa_TrustDomainInfoAuthInfo auth_info
;
613 [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO
)] lsa_TrustDomainInfoFullInfo full_info
;
614 [case(LSA_TRUSTED_DOMAIN_INFO_11
)] lsa_TrustDomainInfo11 info11
;
615 [case(LSA_TRUSTED_DOMAIN_INFO_INFO_ALL
)] lsa_TrustDomainInfoInfoAll info_all
;
616 } lsa_TrustedDomainInfo
;
619 NTSTATUS lsa_QueryTrustedDomainInfo
(
620 [in] policy_handle
*trustdom_handle
,
621 [in] lsa_TrustDomInfoEnum level
,
622 [out,switch_is(level
),unique] lsa_TrustedDomainInfo
*info
626 NTSTATUS lsa_SetInformationTrustedDomain
();
629 [public] NTSTATUS lsa_OpenSecret
(
630 [in] policy_handle
*handle,
631 [in] lsa_String name
,
632 [in] uint32 access_mask
,
633 [out] policy_handle
*sec_handle
638 [public] NTSTATUS lsa_SetSecret
(
639 [in] policy_handle
*sec_handle
,
640 [in,unique] lsa_DATA_BUF
*new_val
,
641 [in,unique] lsa_DATA_BUF
*old_val
649 [public] NTSTATUS lsa_QuerySecret
(
650 [in] policy_handle
*sec_handle
,
651 [in,out,unique] lsa_DATA_BUF_PTR
*new_val
,
652 [in,out,unique] NTTIME_hyper
*new_mtime
,
653 [in,out,unique] lsa_DATA_BUF_PTR
*old_val
,
654 [in,out,unique] NTTIME_hyper
*old_mtime
658 NTSTATUS lsa_LookupPrivValue
(
659 [in] policy_handle
*handle,
660 [in,ref] lsa_String
*name
,
661 [out,ref] lsa_LUID
*luid
666 NTSTATUS lsa_LookupPrivName
(
667 [in] policy_handle
*handle,
669 [out,unique] lsa_StringLarge
*name
673 /*******************/
675 NTSTATUS lsa_LookupPrivDisplayName
(
676 [in] policy_handle
*handle,
677 [in,ref] lsa_String
*name
,
678 [in] uint16 language_id
,
679 [in] uint16 language_id_sys
,
680 [out,ref] lsa_StringLarge
**disp_name
,
681 /* see http://www.microsoft.com/globaldev/nlsweb/ for
682 language definitions */
683 [out,ref] uint16
*returned_language_id
687 NTSTATUS lsa_DeleteObject
(
688 [in,out] policy_handle
*handle
691 /*******************/
693 NTSTATUS lsa_EnumAccountsWithUserRight
(
694 [in] policy_handle
*handle,
695 [in,unique] lsa_String
*name
,
696 [out] lsa_SidArray
*sids
701 [string,charset
(UTF16
)] uint16
*name
;
702 } lsa_RightAttribute
;
705 [range(0,256)] uint32 count
;
706 [size_is(count
)] lsa_StringLarge
*names
;
709 NTSTATUS lsa_EnumAccountRights
(
710 [in] policy_handle
*handle,
711 [in,ref] dom_sid2
*sid
,
712 [out,ref] lsa_RightSet
*rights
716 /**********************/
718 NTSTATUS lsa_AddAccountRights
(
719 [in] policy_handle
*handle,
720 [in,ref] dom_sid2
*sid
,
721 [in,ref] lsa_RightSet
*rights
724 /**********************/
726 NTSTATUS lsa_RemoveAccountRights
(
727 [in] policy_handle
*handle,
728 [in,ref] dom_sid2
*sid
,
729 [in] uint8 remove_all
,
730 [in,ref] lsa_RightSet
*rights
734 NTSTATUS lsa_QueryTrustedDomainInfoBySid
(
735 [in] policy_handle
*handle,
736 [in] dom_sid2
*dom_sid
,
737 [in] lsa_TrustDomInfoEnum level
,
738 [out,switch_is(level
),unique] lsa_TrustedDomainInfo
*info
742 NTSTATUS lsa_SetTrustedDomainInfo
();
744 NTSTATUS lsa_DeleteTrustedDomain
(
745 [in] policy_handle
*handle,
746 [in] dom_sid2
*dom_sid
750 NTSTATUS lsa_StorePrivateData
();
752 NTSTATUS lsa_RetrievePrivateData
();
755 /**********************/
757 [public] NTSTATUS lsa_OpenPolicy2
(
758 [in,unique] [string,charset
(UTF16
)] uint16
*system_name
,
759 [in] lsa_ObjectAttribute
*attr
,
760 [in] lsa_PolicyAccessMask access_mask
,
761 [out] policy_handle
*handle
764 /**********************/
766 NTSTATUS lsa_GetUserName
(
767 [in,unique] [string,charset
(UTF16
)] uint16
*system_name
,
768 [in,out,ref] lsa_String
**account_name
,
769 [in,out,unique] lsa_String
**authority_name
772 /**********************/
775 NTSTATUS lsa_QueryInfoPolicy2
(
776 [in] policy_handle
*handle,
777 [in] lsa_PolicyInfo level
,
778 [out,ref,switch_is(level
)] lsa_PolicyInformation
**info
782 NTSTATUS lsa_SetInfoPolicy2
(
783 [in] policy_handle
*handle,
784 [in] lsa_PolicyInfo level
,
785 [in,switch_is(level
)] lsa_PolicyInformation
*info
788 /**********************/
790 NTSTATUS lsa_QueryTrustedDomainInfoByName
(
791 [in] policy_handle
*handle,
792 [in,ref] lsa_String
*trusted_domain
,
793 [in] lsa_TrustDomInfoEnum level
,
794 [out,ref,switch_is(level
)] lsa_TrustedDomainInfo
*info
797 /**********************/
799 NTSTATUS lsa_SetTrustedDomainInfoByName
(
800 [in] policy_handle
*handle,
801 [in] lsa_String trusted_domain
,
802 [in] lsa_TrustDomInfoEnum level
,
803 [in,unique,switch_is(level
)] lsa_TrustedDomainInfo
*info
808 /* w2k3 treats max_size as max_domains*82 */
809 const int LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER
= 82;
813 [size_is(count
)] lsa_TrustDomainInfoInfoEx
*domains
;
816 NTSTATUS lsa_EnumTrustedDomainsEx
(
817 [in] policy_handle
*handle,
818 [in,out] uint32
*resume_handle
,
819 [out] lsa_DomainListEx
*domains
,
825 NTSTATUS lsa_CreateTrustedDomainEx
();
828 NTSTATUS lsa_CloseTrustedDomainEx
(
829 [in,out] policy_handle
*handle
834 /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000
837 uint32 enforce_restrictions
;
838 hyper service_tkt_lifetime
;
839 hyper user_tkt_lifetime
;
840 hyper user_tkt_renewaltime
;
843 } lsa_DomainInfoKerberos
;
847 [size_is(blob_size
)] uint8
*efs_blob
;
851 LSA_DOMAIN_INFO_POLICY_EFS
=2,
852 LSA_DOMAIN_INFO_POLICY_KERBEROS
=3
853 } lsa_DomainInfoEnum
;
855 typedef [switch_type(uint16
)] union {
856 [case(LSA_DOMAIN_INFO_POLICY_EFS
)] lsa_DomainInfoEfs efs_info
;
857 [case(LSA_DOMAIN_INFO_POLICY_KERBEROS
)] lsa_DomainInfoKerberos kerberos_info
;
858 } lsa_DomainInformationPolicy
;
860 NTSTATUS lsa_QueryDomainInformationPolicy
(
861 [in] policy_handle
*handle,
863 [out,unique,switch_is(level
)] lsa_DomainInformationPolicy
*info
867 NTSTATUS lsa_SetDomainInformationPolicy
(
868 [in] policy_handle
*handle,
870 [in,unique,switch_is(level
)] lsa_DomainInformationPolicy
*info
873 /**********************/
875 NTSTATUS lsa_OpenTrustedDomainByName
(
876 [in] policy_handle
*handle,
877 [in] lsa_String name
,
878 [in] uint32 access_mask
,
879 [out] policy_handle
*trustdom_handle
883 NTSTATUS lsa_TestCall
();
885 /**********************/
889 lsa_SidType sid_type
;
893 } lsa_TranslatedName2
;
896 [range(0,1000)] uint32 count
;
897 [size_is(count
)] lsa_TranslatedName2
*names
;
898 } lsa_TransNameArray2
;
900 [public] NTSTATUS lsa_LookupSids2
(
901 [in] policy_handle
*handle,
902 [in,ref] lsa_SidArray
*sids
,
903 [out,ref] lsa_RefDomainList
**domains
,
904 [in,out,ref] lsa_TransNameArray2
*names
,
906 [in,out,ref] uint32
*count
,
907 [in] uint32 unknown1
,
911 /**********************/
915 lsa_SidType sid_type
;
919 } lsa_TranslatedSid2
;
922 [range(0,1000)] uint32 count
;
923 [size_is(count
)] lsa_TranslatedSid2
*sids
;
924 } lsa_TransSidArray2
;
926 [public] NTSTATUS lsa_LookupNames2
(
927 [in] policy_handle
*handle,
928 [in,range(0,1000)] uint32 num_names
,
929 [in,size_is(num_names
)] lsa_String names
[],
930 [out,ref] lsa_RefDomainList
**domains
,
931 [in,out,ref] lsa_TransSidArray2
*sids
,
932 [in] lsa_LookupNamesLevel level
,
933 [in,out,ref] uint32
*count
,
934 [in] uint32 unknown1
,
939 NTSTATUS lsa_CreateTrustedDomainEx2
();
942 NTSTATUS lsa_CREDRWRITE
();
945 NTSTATUS lsa_CREDRREAD
();
948 NTSTATUS lsa_CREDRENUMERATE
();
951 NTSTATUS lsa_CREDRWRITEDOMAINCREDENTIALS
();
954 NTSTATUS lsa_CREDRREADDOMAINCREDENTIALS
();
957 NTSTATUS lsa_CREDRDELETE
();
960 NTSTATUS lsa_CREDRGETTARGETINFO
();
963 NTSTATUS lsa_CREDRPROFILELOADED
();
965 /**********************/
968 lsa_SidType sid_type
;
972 } lsa_TranslatedSid3
;
975 [range(0,1000)] uint32 count
;
976 [size_is(count
)] lsa_TranslatedSid3
*sids
;
977 } lsa_TransSidArray3
;
979 [public] NTSTATUS lsa_LookupNames3
(
980 [in] policy_handle
*handle,
981 [in,range(0,1000)] uint32 num_names
,
982 [in,size_is(num_names
)] lsa_String names
[],
983 [out,ref] lsa_RefDomainList
**domains
,
984 [in,out,ref] lsa_TransSidArray3
*sids
,
985 [in] lsa_LookupNamesLevel level
,
986 [in,out,ref] uint32
*count
,
987 [in] uint32 unknown1
,
992 NTSTATUS lsa_CREDRGETSESSIONTYPES
();
995 NTSTATUS lsa_LSARREGISTERAUDITEVENT
();
998 NTSTATUS lsa_LSARGENAUDITEVENT
();
1001 NTSTATUS lsa_LSARUNREGISTERAUDITEVENT
();
1005 [range(0,131072)] uint32 length
;
1006 [size_is(length
)] uint8
*data
;
1007 } lsa_ForestTrustBinaryData
;
1010 dom_sid2
*domain_sid
;
1011 lsa_StringLarge dns_domain_name
;
1012 lsa_StringLarge netbios_domain_name
;
1013 } lsa_ForestTrustDomainInfo
;
1015 typedef [switch_type(uint32
)] union {
1016 [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME
)] lsa_String top_level_name
;
1017 [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX
)] lsa_StringLarge top_level_name_ex
;
1018 [case(LSA_FOREST_TRUST_DOMAIN_INFO
)] lsa_ForestTrustDomainInfo domain_info
;
1019 [default] lsa_ForestTrustBinaryData data
;
1020 } lsa_ForestTrustData
;
1022 typedef [v1_enum] enum {
1023 LSA_FOREST_TRUST_TOP_LEVEL_NAME
= 0,
1024 LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX
= 1,
1025 LSA_FOREST_TRUST_DOMAIN_INFO
= 2,
1026 LSA_FOREST_TRUST_RECORD_TYPE_LAST
= 3
1027 } lsa_ForestTrustRecordType
;
1031 lsa_ForestTrustRecordType level
;
1033 [switch_is(level
)] lsa_ForestTrustData forest_trust_data
;
1034 } lsa_ForestTrustRecord
;
1036 typedef [public] struct {
1037 [range(0,4000)] uint32 count
;
1038 [size_is(count
)] lsa_ForestTrustRecord
**entries
;
1039 } lsa_ForestTrustInformation
;
1041 NTSTATUS lsa_lsaRQueryForestTrustInformation
(
1042 [in] policy_handle
*handle,
1043 [in,ref] lsa_String
*trusted_domain_name
,
1044 [in] uint16 unknown
, /* level ? */
1045 [out,ref] lsa_ForestTrustInformation
**forest_trust_info
1049 NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION
();
1052 NTSTATUS lsa_CREDRRENAME
();
1057 [public] NTSTATUS lsa_LookupSids3
(
1058 [in,ref] lsa_SidArray
*sids
,
1059 [out,ref] lsa_RefDomainList
**domains
,
1060 [in,out,ref] lsa_TransNameArray2
*names
,
1062 [in,out,ref] uint32
*count
,
1063 [in] uint32 unknown1
,
1064 [in] uint32 unknown2
1068 NTSTATUS lsa_LookupNames4
(
1069 [in,range(0,1000)] uint32 num_names
,
1070 [in,size_is(num_names
)] lsa_String names
[],
1071 [out,ref] lsa_RefDomainList
**domains
,
1072 [in,out,ref] lsa_TransSidArray3
*sids
,
1073 [in] lsa_LookupNamesLevel level
,
1074 [in,out,ref] uint32
*count
,
1075 [in] uint32 unknown1
,
1076 [in] uint32 unknown2
1080 NTSTATUS lsa_LSAROPENPOLICYSCE
();
1083 NTSTATUS lsa_LSARADTREGISTERSECURITYEVENTSOURCE
();
1086 NTSTATUS lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE
();
1089 NTSTATUS lsa_LSARADTREPORTSECURITYEVENT
();