4
lsa interface definition
7
import "misc.idl", "security.idl";
9
[ uuid("12345778-1234-abcd-ef00-0123456789ab"),
11
endpoint("ncacn_np:[\\pipe\\lsarpc]","ncacn_np:[\\pipe\\netlogon]","ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:", "ncalrpc:"),
12
pointer_default(unique),
13
helpstring("Local Security Authority")
16
typedef bitmap security_secinfo security_secinfo;
17
typedef bitmap kerb_EncTypes kerb_EncTypes;
19
typedef [public] struct {
20
[value(2*strlen_m(string))] uint16 length;
21
[value(2*strlen_m(string))] uint16 size;
22
[charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
25
typedef [public] struct {
26
[value(2*strlen_m(string))] uint16 length;
27
[value(2*strlen_m_term(string))] uint16 size;
28
[charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
31
typedef [public] struct {
33
[size_is(count)] lsa_String *names;
36
typedef [public] struct {
37
[value(strlen_m(string))] uint16 length;
38
[value(strlen_m(string))] uint16 size;
39
[charset(DOS),size_is(size),length_is(length)] uint8 *string;
42
typedef [public] struct {
43
[value(strlen_m(string))] uint16 length;
44
[value(strlen_m_term(string))] uint16 size;
45
[charset(DOS),size_is(size),length_is(length)] uint8 *string;
46
} lsa_AsciiStringLarge;
48
typedef [public] struct {
51
[size_is(size/2),length_is(length/2)] uint16 *array;
57
[in,out] policy_handle *handle
63
[public] NTSTATUS lsa_Delete (
64
[in] policy_handle *handle
82
[size_is(count)] lsa_PrivEntry *privs;
85
[public] NTSTATUS lsa_EnumPrivs (
86
[in] policy_handle *handle,
87
[in,out,ref] uint32 *resume_handle,
88
[out,ref] lsa_PrivArray *privs,
94
NTSTATUS lsa_QuerySecurity (
95
[in] policy_handle *handle,
96
[in] security_secinfo sec_info,
97
[out,ref] sec_desc_buf **sdbuf
102
NTSTATUS lsa_SetSecObj(
103
[in] policy_handle *handle,
104
[in] security_secinfo sec_info,
105
[in,ref] sec_desc_buf *sdbuf
110
[todo] NTSTATUS lsa_ChangePassword ();
116
uint32 len; /* ignored */
117
uint16 impersonation_level;
119
uint8 effective_only;
123
uint32 len; /* ignored */
125
[string,charset(UTF16)] uint16 *object_name;
127
security_descriptor *sec_desc;
128
lsa_QosInfo *sec_qos;
129
} lsa_ObjectAttribute;
131
typedef [public,bitmap32bit] bitmap {
132
LSA_POLICY_VIEW_LOCAL_INFORMATION = 0x00000001,
133
LSA_POLICY_VIEW_AUDIT_INFORMATION = 0x00000002,
134
LSA_POLICY_GET_PRIVATE_INFORMATION = 0x00000004,
135
LSA_POLICY_TRUST_ADMIN = 0x00000008,
136
LSA_POLICY_CREATE_ACCOUNT = 0x00000010,
137
LSA_POLICY_CREATE_SECRET = 0x00000020,
138
LSA_POLICY_CREATE_PRIVILEGE = 0x00000040,
139
LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x00000080,
140
LSA_POLICY_SET_AUDIT_REQUIREMENTS = 0x00000100,
141
LSA_POLICY_AUDIT_LOG_ADMIN = 0x00000200,
142
LSA_POLICY_SERVER_ADMIN = 0x00000400,
143
LSA_POLICY_LOOKUP_NAMES = 0x00000800,
144
LSA_POLICY_NOTIFICATION = 0x00001000
145
} lsa_PolicyAccessMask;
147
const int LSA_POLICY_ALL_ACCESS =
148
(STANDARD_RIGHTS_REQUIRED_ACCESS |
149
LSA_POLICY_VIEW_LOCAL_INFORMATION |
150
LSA_POLICY_VIEW_AUDIT_INFORMATION |
151
LSA_POLICY_GET_PRIVATE_INFORMATION |
152
LSA_POLICY_TRUST_ADMIN |
153
LSA_POLICY_CREATE_ACCOUNT |
154
LSA_POLICY_CREATE_SECRET |
155
LSA_POLICY_CREATE_PRIVILEGE |
156
LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS |
157
LSA_POLICY_SET_AUDIT_REQUIREMENTS |
158
LSA_POLICY_AUDIT_LOG_ADMIN |
159
LSA_POLICY_SERVER_ADMIN |
160
LSA_POLICY_LOOKUP_NAMES);
162
const int LSA_POLICY_READ =
163
(STANDARD_RIGHTS_READ_ACCESS |
164
LSA_POLICY_VIEW_LOCAL_INFORMATION |
165
LSA_POLICY_VIEW_AUDIT_INFORMATION |
166
LSA_POLICY_GET_PRIVATE_INFORMATION);
168
const int LSA_POLICY_WRITE =
169
(STANDARD_RIGHTS_READ_ACCESS |
170
LSA_POLICY_TRUST_ADMIN |
171
LSA_POLICY_CREATE_ACCOUNT |
172
LSA_POLICY_CREATE_SECRET |
173
LSA_POLICY_CREATE_PRIVILEGE |
174
LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS |
175
LSA_POLICY_SET_AUDIT_REQUIREMENTS |
176
LSA_POLICY_AUDIT_LOG_ADMIN |
177
LSA_POLICY_SERVER_ADMIN);
179
const int LSA_POLICY_EXECUTE =
180
(STANDARD_RIGHTS_EXECUTE_ACCESS |
181
LSA_POLICY_VIEW_LOCAL_INFORMATION |
182
LSA_POLICY_LOOKUP_NAMES);
184
typedef [public,bitmap32bit] bitmap {
185
LSA_ACCOUNT_VIEW = 0x00000001,
186
LSA_ACCOUNT_ADJUST_PRIVILEGES = 0x00000002,
187
LSA_ACCOUNT_ADJUST_QUOTAS = 0x00000004,
188
LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS = 0x00000008
189
} lsa_AccountAccessMask;
191
const int LSA_ACCOUNT_ALL_ACCESS =
192
(STANDARD_RIGHTS_REQUIRED_ACCESS |
194
LSA_ACCOUNT_ADJUST_PRIVILEGES |
195
LSA_ACCOUNT_ADJUST_QUOTAS |
196
LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS);
198
const int LSA_ACCOUNT_READ =
199
(STANDARD_RIGHTS_READ_ACCESS |
202
const int LSA_ACCOUNT_WRITE =
203
(STANDARD_RIGHTS_READ_ACCESS |
204
LSA_ACCOUNT_ADJUST_PRIVILEGES |
205
LSA_ACCOUNT_ADJUST_QUOTAS |
206
LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS);
208
const int LSA_ACCOUNT_EXECUTE =
209
(STANDARD_RIGHTS_EXECUTE_ACCESS);
211
typedef [public,bitmap32bit] bitmap {
212
LSA_SECRET_SET_VALUE = 0x00000001,
213
LSA_SECRET_QUERY_VALUE = 0x00000002
214
} lsa_SecretAccessMask;
216
typedef [public,bitmap32bit] bitmap {
217
LSA_TRUSTED_QUERY_DOMAIN_NAME = 0x00000001,
218
LSA_TRUSTED_QUERY_CONTROLLERS = 0x00000002,
219
LSA_TRUSTED_SET_CONTROLLERS = 0x00000004,
220
LSA_TRUSTED_QUERY_POSIX = 0x00000008,
221
LSA_TRUSTED_SET_POSIX = 0x00000010,
222
LSA_TRUSTED_SET_AUTH = 0x00000020,
223
LSA_TRUSTED_QUERY_AUTH = 0x00000040
224
} lsa_TrustedAccessMask;
226
/* notice the screwup with the system_name - thats why MS created
228
[public] NTSTATUS lsa_OpenPolicy (
229
[in,unique] uint16 *system_name,
230
[in] lsa_ObjectAttribute *attr,
231
[in] lsa_PolicyAccessMask access_mask,
232
[out] policy_handle *handle
242
uint32 maximum_log_size;
243
hyper retention_time;
244
uint8 shutdown_in_progress;
245
hyper time_to_shutdown;
246
uint32 next_audit_record;
249
typedef [v1_enum] enum {
250
LSA_AUDIT_POLICY_NONE=0,
251
LSA_AUDIT_POLICY_SUCCESS=1,
252
LSA_AUDIT_POLICY_FAILURE=2,
253
LSA_AUDIT_POLICY_ALL=(LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE),
254
LSA_AUDIT_POLICY_CLEAR=4
255
} lsa_PolicyAuditPolicy;
258
LSA_AUDIT_CATEGORY_SYSTEM = 0,
259
LSA_AUDIT_CATEGORY_LOGON = 1,
260
LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS = 2,
261
LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS = 3,
262
LSA_AUDIT_CATEGORY_PROCCESS_TRACKING = 4,
263
LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES = 5,
264
LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT = 6,
265
LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS = 7, /* only in win2k/2k3 */
266
LSA_AUDIT_CATEGORY_ACCOUNT_LOGON = 8 /* only in win2k/2k3 */
267
} lsa_PolicyAuditEventType;
270
uint32 auditing_mode;
271
[size_is(count)] lsa_PolicyAuditPolicy *settings;
273
} lsa_AuditEventsInfo;
276
lsa_StringLarge name;
284
typedef [v1_enum] enum {
296
} lsa_ReplicaSourceInfo;
300
uint32 non_paged_pool;
305
} lsa_DefaultQuotaInfo;
309
NTTIME_hyper db_create_time;
310
} lsa_ModificationInfo;
313
uint8 shutdown_on_full;
314
} lsa_AuditFullSetInfo;
317
uint8 shutdown_on_full;
319
} lsa_AuditFullQueryInfo;
322
/* it's important that we use the lsa_StringLarge here,
323
* because otherwise windows clients result with such dns hostnames
324
* e.g. w2k3-client.samba4.samba.orgsamba4.samba.org
326
* w2k3-client.samba4.samba.org
328
lsa_StringLarge name;
329
lsa_StringLarge dns_domain;
330
lsa_StringLarge dns_forest;
336
LSA_POLICY_INFO_AUDIT_LOG=1,
337
LSA_POLICY_INFO_AUDIT_EVENTS=2,
338
LSA_POLICY_INFO_DOMAIN=3,
339
LSA_POLICY_INFO_PD=4,
340
LSA_POLICY_INFO_ACCOUNT_DOMAIN=5,
341
LSA_POLICY_INFO_ROLE=6,
342
LSA_POLICY_INFO_REPLICA=7,
343
LSA_POLICY_INFO_QUOTA=8,
344
LSA_POLICY_INFO_MOD=9,
345
LSA_POLICY_INFO_AUDIT_FULL_SET=10,
346
LSA_POLICY_INFO_AUDIT_FULL_QUERY=11,
347
LSA_POLICY_INFO_DNS=12,
348
LSA_POLICY_INFO_DNS_INT=13,
349
LSA_POLICY_INFO_L_ACCOUNT_DOMAIN=14
352
typedef [switch_type(uint16)] union {
353
[case(LSA_POLICY_INFO_AUDIT_LOG)] lsa_AuditLogInfo audit_log;
354
[case(LSA_POLICY_INFO_AUDIT_EVENTS)] lsa_AuditEventsInfo audit_events;
355
[case(LSA_POLICY_INFO_DOMAIN)] lsa_DomainInfo domain;
356
[case(LSA_POLICY_INFO_PD)] lsa_PDAccountInfo pd;
357
[case(LSA_POLICY_INFO_ACCOUNT_DOMAIN)] lsa_DomainInfo account_domain;
358
[case(LSA_POLICY_INFO_ROLE)] lsa_ServerRole role;
359
[case(LSA_POLICY_INFO_REPLICA)] lsa_ReplicaSourceInfo replica;
360
[case(LSA_POLICY_INFO_QUOTA)] lsa_DefaultQuotaInfo quota;
361
[case(LSA_POLICY_INFO_MOD)] lsa_ModificationInfo mod;
362
[case(LSA_POLICY_INFO_AUDIT_FULL_SET)] lsa_AuditFullSetInfo auditfullset;
363
[case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery;
364
[case(LSA_POLICY_INFO_DNS)] lsa_DnsDomainInfo dns;
365
[case(LSA_POLICY_INFO_DNS_INT)] lsa_DnsDomainInfo dns;
366
[case(LSA_POLICY_INFO_L_ACCOUNT_DOMAIN)] lsa_DomainInfo l_account_domain;
367
} lsa_PolicyInformation;
369
NTSTATUS lsa_QueryInfoPolicy(
370
[in] policy_handle *handle,
371
[in] lsa_PolicyInfo level,
372
[out,ref,switch_is(level)] lsa_PolicyInformation **info
377
NTSTATUS lsa_SetInfoPolicy (
378
[in] policy_handle *handle,
379
[in] lsa_PolicyInfo level,
380
[in,switch_is(level)] lsa_PolicyInformation *info
385
[todo] NTSTATUS lsa_ClearAuditLog ();
389
[public] NTSTATUS lsa_CreateAccount (
390
[in] policy_handle *handle,
391
[in,ref] dom_sid2 *sid,
392
[in] uint32 access_mask,
393
[out] policy_handle *acct_handle
397
/* NOTE: This only returns accounts that have at least
405
typedef [public] struct {
406
[range(0,1000)] uint32 num_sids;
407
[size_is(num_sids)] lsa_SidPtr *sids;
410
[public] NTSTATUS lsa_EnumAccounts(
411
[in] policy_handle *handle,
412
[in,out,ref] uint32 *resume_handle,
413
[out,ref] lsa_SidArray *sids,
414
[in,range(0,8192)] uint32 num_entries
417
/*************************************************/
420
[public] NTSTATUS lsa_CreateTrustedDomain(
421
[in] policy_handle *policy_handle,
422
[in] lsa_DomainInfo *info,
423
[in] uint32 access_mask,
424
[out] policy_handle *trustdom_handle
431
/* w2k3 treats max_size as max_domains*60 */
432
const int LSA_ENUM_TRUST_DOMAIN_MULTIPLIER = 60;
436
[size_is(count)] lsa_DomainInfo *domains;
439
NTSTATUS lsa_EnumTrustDom(
440
[in] policy_handle *handle,
441
[in,out,ref] uint32 *resume_handle,
442
[out,ref] lsa_DomainList *domains,
449
typedef [public] enum {
450
SID_NAME_USE_NONE = 0,/* NOTUSED */
451
SID_NAME_USER = 1, /* user */
452
SID_NAME_DOM_GRP = 2, /* domain group */
453
SID_NAME_DOMAIN = 3, /* domain: don't know what this is */
454
SID_NAME_ALIAS = 4, /* local group */
455
SID_NAME_WKN_GRP = 5, /* well-known group */
456
SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating */
457
SID_NAME_INVALID = 7, /* invalid account */
458
SID_NAME_UNKNOWN = 8, /* oops. */
459
SID_NAME_COMPUTER = 9 /* machine */
463
lsa_SidType sid_type;
469
[range(0,1000)] uint32 count;
470
[size_is(count)] lsa_TranslatedSid *sids;
473
const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32;
475
[range(0,1000)] uint32 count;
476
[size_is(count)] lsa_DomainInfo *domains;
480
/* Level 1: Ask everywhere
481
* Level 2: Ask domain and trusted domains, no builtin and wkn
482
* Level 3: Only ask domain
483
* Level 4: W2k3ad: Only ask AD trusts
484
* Level 5: Only ask transitive forest trusts
489
LSA_LOOKUP_NAMES_ALL = 1,
490
LSA_LOOKUP_NAMES_DOMAINS_ONLY = 2,
491
LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3,
492
LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY = 4,
493
LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY = 5,
494
LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6,
495
LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC = 7
496
} lsa_LookupNamesLevel;
498
[public] NTSTATUS lsa_LookupNames (
499
[in] policy_handle *handle,
500
[in,range(0,1000)] uint32 num_names,
501
[in,size_is(num_names)] lsa_String names[],
502
[out,ref] lsa_RefDomainList **domains,
503
[in,out,ref] lsa_TransSidArray *sids,
504
[in] lsa_LookupNamesLevel level,
505
[in,out,ref] uint32 *count
513
lsa_SidType sid_type;
516
} lsa_TranslatedName;
519
[range(0,1000)] uint32 count;
520
[size_is(count)] lsa_TranslatedName *names;
521
} lsa_TransNameArray;
523
[public] NTSTATUS lsa_LookupSids(
524
[in] policy_handle *handle,
525
[in,ref] lsa_SidArray *sids,
526
[out,ref] lsa_RefDomainList **domains,
527
[in,out,ref] lsa_TransNameArray *names,
529
[in,out,ref] uint32 *count
534
[public] NTSTATUS lsa_CreateSecret(
535
[in] policy_handle *handle,
536
[in] lsa_String name,
537
[in] uint32 access_mask,
538
[out] policy_handle *sec_handle
542
/*****************************************/
544
NTSTATUS lsa_OpenAccount(
545
[in] policy_handle *handle,
546
[in,ref] dom_sid2 *sid,
547
[in] uint32 access_mask,
548
[out] policy_handle *acct_handle
552
/****************************************/
561
[range(0,1000)] uint32 count;
563
[size_is(count)] lsa_LUIDAttribute set[*];
566
NTSTATUS lsa_EnumPrivsAccount(
567
[in] policy_handle *handle,
568
[out,ref] lsa_PrivilegeSet **privs
572
/****************************************/
574
NTSTATUS lsa_AddPrivilegesToAccount(
575
[in] policy_handle *handle,
576
[in,ref] lsa_PrivilegeSet *privs
580
/****************************************/
582
NTSTATUS lsa_RemovePrivilegesFromAccount(
583
[in] policy_handle *handle,
584
[in] uint8 remove_all,
585
[in,unique] lsa_PrivilegeSet *privs
589
[todo] NTSTATUS lsa_GetQuotasForAccount();
592
[todo] NTSTATUS lsa_SetQuotasForAccount();
594
typedef [bitmap32bit] bitmap {
595
LSA_POLICY_MODE_INTERACTIVE = 0x00000001,
596
LSA_POLICY_MODE_NETWORK = 0x00000002,
597
LSA_POLICY_MODE_BATCH = 0x00000004,
598
LSA_POLICY_MODE_SERVICE = 0x00000010,
599
LSA_POLICY_MODE_PROXY = 0x00000020,
600
LSA_POLICY_MODE_DENY_INTERACTIVE = 0x00000040,
601
LSA_POLICY_MODE_DENY_NETWORK = 0x00000080,
602
LSA_POLICY_MODE_DENY_BATCH = 0x00000100,
603
LSA_POLICY_MODE_DENY_SERVICE = 0x00000200,
604
LSA_POLICY_MODE_REMOTE_INTERACTIVE = 0x00000400,
605
LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE = 0x00000800,
606
LSA_POLICY_MODE_ALL = 0x00000FF7,
607
LSA_POLICY_MODE_ALL_NT4 = 0x00000037
608
} lsa_SystemAccessModeFlags;
611
NTSTATUS lsa_GetSystemAccessAccount(
612
[in] policy_handle *handle,
613
[out,ref] uint32 *access_mask
617
NTSTATUS lsa_SetSystemAccessAccount(
618
[in] policy_handle *handle,
619
[in] uint32 access_mask
623
NTSTATUS lsa_OpenTrustedDomain(
624
[in] policy_handle *handle,
626
[in] uint32 access_mask,
627
[out] policy_handle *trustdom_handle
630
typedef [flag(NDR_PAHEX)] struct {
633
[size_is(size),length_is(length)] uint8 *data;
636
typedef [flag(NDR_PAHEX)] struct {
637
[range(0,65536)] uint32 size;
638
[size_is(size)] uint8 *data;
642
LSA_TRUSTED_DOMAIN_INFO_NAME = 1,
643
LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS = 2,
644
LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET = 3,
645
LSA_TRUSTED_DOMAIN_INFO_PASSWORD = 4,
646
LSA_TRUSTED_DOMAIN_INFO_BASIC = 5,
647
LSA_TRUSTED_DOMAIN_INFO_INFO_EX = 6,
648
LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO = 7,
649
LSA_TRUSTED_DOMAIN_INFO_FULL_INFO = 8,
650
LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL = 9,
651
LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL = 10,
652
LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL = 11,
653
LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL = 12,
654
LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES = 13
655
} lsa_TrustDomInfoEnum;
657
typedef [public,bitmap32bit] bitmap {
658
LSA_TRUST_DIRECTION_INBOUND = 0x00000001,
659
LSA_TRUST_DIRECTION_OUTBOUND = 0x00000002
660
} lsa_TrustDirection;
662
typedef [v1_enum] enum {
663
LSA_TRUST_TYPE_DOWNLEVEL = 0x00000001,
664
LSA_TRUST_TYPE_UPLEVEL = 0x00000002,
665
LSA_TRUST_TYPE_MIT = 0x00000003
668
typedef [public,bitmap32bit] bitmap {
669
LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE = 0x00000001,
670
LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY = 0x00000002,
671
LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN = 0x00000004,
672
LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE = 0x00000008,
673
LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION = 0x00000010,
674
LSA_TRUST_ATTRIBUTE_WITHIN_FOREST = 0x00000020,
675
LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL = 0x00000040,
676
LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION = 0x00000080
677
} lsa_TrustAttributes;
680
lsa_StringLarge netbios_name;
681
} lsa_TrustDomainInfoName;
686
[size_is(entries)] lsa_StringLarge *netbios_names;
687
} lsa_TrustDomainInfoControllers;
691
} lsa_TrustDomainInfoPosixOffset;
694
lsa_DATA_BUF *password;
695
lsa_DATA_BUF *old_password;
696
} lsa_TrustDomainInfoPassword;
699
lsa_String netbios_name;
701
} lsa_TrustDomainInfoBasic;
704
lsa_StringLarge domain_name;
705
lsa_StringLarge netbios_name;
707
lsa_TrustDirection trust_direction;
708
lsa_TrustType trust_type;
709
lsa_TrustAttributes trust_attributes;
710
} lsa_TrustDomainInfoInfoEx;
712
typedef [public,v1_enum] enum {
713
TRUST_AUTH_TYPE_NONE = 0,
714
TRUST_AUTH_TYPE_NT4OWF = 1,
715
TRUST_AUTH_TYPE_CLEAR = 2,
716
TRUST_AUTH_TYPE_VERSION = 3
720
NTTIME_hyper last_update_time;
721
lsa_TrustAuthType AuthType;
723
} lsa_TrustDomainInfoBuffer;
726
uint32 incoming_count;
727
lsa_TrustDomainInfoBuffer *incoming_current_auth_info;
728
lsa_TrustDomainInfoBuffer *incoming_previous_auth_info;
729
uint32 outgoing_count;
730
lsa_TrustDomainInfoBuffer *outgoing_current_auth_info;
731
lsa_TrustDomainInfoBuffer *outgoing_previous_auth_info;
732
} lsa_TrustDomainInfoAuthInfo;
735
lsa_TrustDomainInfoInfoEx info_ex;
736
lsa_TrustDomainInfoPosixOffset posix_offset;
737
lsa_TrustDomainInfoAuthInfo auth_info;
738
} lsa_TrustDomainInfoFullInfo;
741
lsa_DATA_BUF2 auth_blob;
742
} lsa_TrustDomainInfoAuthInfoInternal;
745
lsa_TrustDomainInfoInfoEx info_ex;
746
lsa_TrustDomainInfoPosixOffset posix_offset;
747
lsa_TrustDomainInfoAuthInfoInternal auth_info;
748
} lsa_TrustDomainInfoFullInfoInternal;
751
lsa_TrustDomainInfoInfoEx info_ex;
752
uint32 forest_trust_length;
753
[size_is(forest_trust_length)] uint8 *forest_trust_data;
754
} lsa_TrustDomainInfoInfoEx2Internal;
757
lsa_TrustDomainInfoInfoEx2Internal info;
758
lsa_TrustDomainInfoPosixOffset posix_offset;
759
lsa_TrustDomainInfoAuthInfo auth_info;
760
} lsa_TrustDomainInfoFullInfo2Internal;
763
kerb_EncTypes enc_types;
764
} lsa_TrustDomainInfoSupportedEncTypes;
766
typedef [switch_type(lsa_TrustDomInfoEnum)] union {
767
[case(LSA_TRUSTED_DOMAIN_INFO_NAME)]
768
lsa_TrustDomainInfoName name;
769
[case(LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS)]
770
lsa_TrustDomainInfoControllers controllers;
771
[case(LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET)]
772
lsa_TrustDomainInfoPosixOffset posix_offset;
773
[case(LSA_TRUSTED_DOMAIN_INFO_PASSWORD)]
774
lsa_TrustDomainInfoPassword password;
775
[case(LSA_TRUSTED_DOMAIN_INFO_BASIC)]
776
lsa_TrustDomainInfoBasic info_basic;
777
[case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX)]
778
lsa_TrustDomainInfoInfoEx info_ex;
779
[case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO)]
780
lsa_TrustDomainInfoAuthInfo auth_info;
781
[case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)]
782
lsa_TrustDomainInfoFullInfo full_info;
783
[case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL)]
784
lsa_TrustDomainInfoAuthInfoInternal auth_info_internal;
785
[case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL)]
786
lsa_TrustDomainInfoFullInfoInternal full_info_internal;
787
[case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL)]
788
lsa_TrustDomainInfoInfoEx2Internal info_ex2_internal;
789
[case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL)]
790
lsa_TrustDomainInfoFullInfo2Internal full_info2_internal;
791
[case(LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES)]
792
lsa_TrustDomainInfoSupportedEncTypes enc_types;
793
} lsa_TrustedDomainInfo;
796
NTSTATUS lsa_QueryTrustedDomainInfo(
797
[in] policy_handle *trustdom_handle,
798
[in] lsa_TrustDomInfoEnum level,
799
[out,switch_is(level),ref] lsa_TrustedDomainInfo **info
803
NTSTATUS lsa_SetInformationTrustedDomain(
804
[in] policy_handle *trustdom_handle,
805
[in] lsa_TrustDomInfoEnum level,
806
[in,switch_is(level)] lsa_TrustedDomainInfo *info
810
[public] NTSTATUS lsa_OpenSecret(
811
[in] policy_handle *handle,
812
[in] lsa_String name,
813
[in] uint32 access_mask,
814
[out] policy_handle *sec_handle
819
[public] NTSTATUS lsa_SetSecret(
820
[in] policy_handle *sec_handle,
821
[in,unique] lsa_DATA_BUF *new_val,
822
[in,unique] lsa_DATA_BUF *old_val
830
[public] NTSTATUS lsa_QuerySecret (
831
[in] policy_handle *sec_handle,
832
[in,out,unique] lsa_DATA_BUF_PTR *new_val,
833
[in,out,unique] NTTIME_hyper *new_mtime,
834
[in,out,unique] lsa_DATA_BUF_PTR *old_val,
835
[in,out,unique] NTTIME_hyper *old_mtime
839
NTSTATUS lsa_LookupPrivValue(
840
[in] policy_handle *handle,
841
[in,ref] lsa_String *name,
842
[out,ref] lsa_LUID *luid
847
NTSTATUS lsa_LookupPrivName(
848
[in] policy_handle *handle,
849
[in,ref] lsa_LUID *luid,
850
[out,ref] lsa_StringLarge **name
854
/*******************/
856
NTSTATUS lsa_LookupPrivDisplayName(
857
[in] policy_handle *handle,
858
[in,ref] lsa_String *name,
859
[in] uint16 language_id,
860
[in] uint16 language_id_sys,
861
[out,ref] lsa_StringLarge **disp_name,
862
/* see http://www.microsoft.com/globaldev/nlsweb/ for
863
language definitions */
864
[out,ref] uint16 *returned_language_id
867
/*******************/
869
NTSTATUS lsa_DeleteObject (
870
[in,out] policy_handle *handle
873
/*******************/
875
NTSTATUS lsa_EnumAccountsWithUserRight (
876
[in] policy_handle *handle,
877
[in,unique] lsa_String *name,
878
[out] lsa_SidArray *sids
883
[string,charset(UTF16)] uint16 *name;
884
} lsa_RightAttribute;
887
[range(0,256)] uint32 count;
888
[size_is(count)] lsa_StringLarge *names;
891
NTSTATUS lsa_EnumAccountRights (
892
[in] policy_handle *handle,
893
[in,ref] dom_sid2 *sid,
894
[out,ref] lsa_RightSet *rights
898
/**********************/
900
NTSTATUS lsa_AddAccountRights (
901
[in] policy_handle *handle,
902
[in,ref] dom_sid2 *sid,
903
[in,ref] lsa_RightSet *rights
906
/**********************/
908
NTSTATUS lsa_RemoveAccountRights (
909
[in] policy_handle *handle,
910
[in,ref] dom_sid2 *sid,
911
[in] uint8 remove_all,
912
[in,ref] lsa_RightSet *rights
916
NTSTATUS lsa_QueryTrustedDomainInfoBySid(
917
[in] policy_handle *handle,
918
[in,ref] dom_sid2 *dom_sid,
919
[in] lsa_TrustDomInfoEnum level,
920
[out,switch_is(level),ref] lsa_TrustedDomainInfo **info
924
NTSTATUS lsa_SetTrustedDomainInfo(
925
[in] policy_handle *handle,
926
[in] dom_sid2 *dom_sid,
927
[in] lsa_TrustDomInfoEnum level,
928
[in,switch_is(level)] lsa_TrustedDomainInfo *info
932
NTSTATUS lsa_DeleteTrustedDomain(
933
[in] policy_handle *handle,
934
[in] dom_sid2 *dom_sid
938
[todo] NTSTATUS lsa_StorePrivateData();
940
[todo] NTSTATUS lsa_RetrievePrivateData();
943
/**********************/
945
[public] NTSTATUS lsa_OpenPolicy2 (
946
[in,unique] [string,charset(UTF16)] uint16 *system_name,
947
[in] lsa_ObjectAttribute *attr,
948
[in] lsa_PolicyAccessMask access_mask,
949
[out] policy_handle *handle
952
/**********************/
954
NTSTATUS lsa_GetUserName(
955
[in,unique] [string,charset(UTF16)] uint16 *system_name,
956
[in,out,ref] lsa_String **account_name,
957
[in,out,unique] lsa_String **authority_name
960
/**********************/
963
NTSTATUS lsa_QueryInfoPolicy2(
964
[in] policy_handle *handle,
965
[in] lsa_PolicyInfo level,
966
[out,ref,switch_is(level)] lsa_PolicyInformation **info
970
NTSTATUS lsa_SetInfoPolicy2(
971
[in] policy_handle *handle,
972
[in] lsa_PolicyInfo level,
973
[in,switch_is(level)] lsa_PolicyInformation *info
976
/**********************/
978
NTSTATUS lsa_QueryTrustedDomainInfoByName(
979
[in] policy_handle *handle,
980
[in,ref] lsa_String *trusted_domain,
981
[in] lsa_TrustDomInfoEnum level,
982
[out,ref,switch_is(level)] lsa_TrustedDomainInfo **info
985
/**********************/
987
NTSTATUS lsa_SetTrustedDomainInfoByName(
988
[in] policy_handle *handle,
989
[in] lsa_String trusted_domain,
990
[in] lsa_TrustDomInfoEnum level,
991
[in,unique,switch_is(level)] lsa_TrustedDomainInfo *info
996
/* w2k3 treats max_size as max_domains*82 */
997
const int LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER = 82;
1001
[size_is(count)] lsa_TrustDomainInfoInfoEx *domains;
1004
NTSTATUS lsa_EnumTrustedDomainsEx (
1005
[in] policy_handle *handle,
1006
[in,out] uint32 *resume_handle,
1007
[out] lsa_DomainListEx *domains,
1008
[in] uint32 max_size
1012
NTSTATUS lsa_CreateTrustedDomainEx(
1013
[in] policy_handle *policy_handle,
1014
[in] lsa_TrustDomainInfoInfoEx *info,
1015
[in] lsa_TrustDomainInfoAuthInfoInternal *auth_info,
1016
[in] uint32 access_mask,
1017
[out] policy_handle *trustdom_handle
1022
NTSTATUS lsa_CloseTrustedDomainEx(
1023
[in,out] policy_handle *handle
1028
/* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000
1029
for unknown6 - gd */
1031
uint32 enforce_restrictions;
1032
hyper service_tkt_lifetime;
1033
hyper user_tkt_lifetime;
1034
hyper user_tkt_renewaltime;
1037
} lsa_DomainInfoKerberos;
1041
[size_is(blob_size)] uint8 *efs_blob;
1042
} lsa_DomainInfoEfs;
1045
LSA_DOMAIN_INFO_POLICY_EFS=2,
1046
LSA_DOMAIN_INFO_POLICY_KERBEROS=3
1047
} lsa_DomainInfoEnum;
1049
typedef [switch_type(uint16)] union {
1050
[case(LSA_DOMAIN_INFO_POLICY_EFS)] lsa_DomainInfoEfs efs_info;
1051
[case(LSA_DOMAIN_INFO_POLICY_KERBEROS)] lsa_DomainInfoKerberos kerberos_info;
1052
} lsa_DomainInformationPolicy;
1054
NTSTATUS lsa_QueryDomainInformationPolicy(
1055
[in] policy_handle *handle,
1057
[out,ref,switch_is(level)] lsa_DomainInformationPolicy **info
1061
NTSTATUS lsa_SetDomainInformationPolicy(
1062
[in] policy_handle *handle,
1064
[in,unique,switch_is(level)] lsa_DomainInformationPolicy *info
1067
/**********************/
1069
NTSTATUS lsa_OpenTrustedDomainByName(
1070
[in] policy_handle *handle,
1071
[in] lsa_String name,
1072
[in] uint32 access_mask,
1073
[out] policy_handle *trustdom_handle
1077
[todo] NTSTATUS lsa_TestCall();
1079
/**********************/
1083
lsa_SidType sid_type;
1087
} lsa_TranslatedName2;
1090
[range(0,1000)] uint32 count;
1091
[size_is(count)] lsa_TranslatedName2 *names;
1092
} lsa_TransNameArray2;
1094
[public] NTSTATUS lsa_LookupSids2(
1095
[in] policy_handle *handle,
1096
[in,ref] lsa_SidArray *sids,
1097
[out,ref] lsa_RefDomainList **domains,
1098
[in,out,ref] lsa_TransNameArray2 *names,
1100
[in,out,ref] uint32 *count,
1101
[in] uint32 unknown1,
1102
[in] uint32 unknown2
1105
/**********************/
1109
lsa_SidType sid_type;
1113
} lsa_TranslatedSid2;
1116
[range(0,1000)] uint32 count;
1117
[size_is(count)] lsa_TranslatedSid2 *sids;
1118
} lsa_TransSidArray2;
1120
[public] NTSTATUS lsa_LookupNames2 (
1121
[in] policy_handle *handle,
1122
[in,range(0,1000)] uint32 num_names,
1123
[in,size_is(num_names)] lsa_String names[],
1124
[out,ref] lsa_RefDomainList **domains,
1125
[in,out,ref] lsa_TransSidArray2 *sids,
1126
[in] lsa_LookupNamesLevel level,
1127
[in,out,ref] uint32 *count,
1128
[in] uint32 lookup_options,
1129
[in] uint32 client_revision /* LSA_CLIENT_REVISION* */
1133
NTSTATUS lsa_CreateTrustedDomainEx2(
1134
[in] policy_handle *policy_handle,
1135
[in] lsa_TrustDomainInfoInfoEx *info,
1136
[in] lsa_TrustDomainInfoAuthInfoInternal *auth_info,
1137
[in] uint32 access_mask,
1138
[out] policy_handle *trustdom_handle
1142
[todo] NTSTATUS lsa_CREDRWRITE();
1145
[todo] NTSTATUS lsa_CREDRREAD();
1148
[todo] NTSTATUS lsa_CREDRENUMERATE();
1151
[todo] NTSTATUS lsa_CREDRWRITEDOMAINCREDENTIALS();
1154
[todo] NTSTATUS lsa_CREDRREADDOMAINCREDENTIALS();
1157
[todo] NTSTATUS lsa_CREDRDELETE();
1160
[todo] NTSTATUS lsa_CREDRGETTARGETINFO();
1163
[todo] NTSTATUS lsa_CREDRPROFILELOADED();
1165
/**********************/
1168
lsa_SidType sid_type;
1172
} lsa_TranslatedSid3;
1175
[range(0,1000)] uint32 count;
1176
[size_is(count)] lsa_TranslatedSid3 *sids;
1177
} lsa_TransSidArray3;
1179
[public] NTSTATUS lsa_LookupNames3 (
1180
[in] policy_handle *handle,
1181
[in,range(0,1000)] uint32 num_names,
1182
[in,size_is(num_names)] lsa_String names[],
1183
[out,ref] lsa_RefDomainList **domains,
1184
[in,out,ref] lsa_TransSidArray3 *sids,
1185
[in] lsa_LookupNamesLevel level,
1186
[in,out,ref] uint32 *count,
1187
[in] uint32 lookup_options,
1188
[in] uint32 client_revision /* LSA_CLIENT_REVISION* */
1192
[todo] NTSTATUS lsa_CREDRGETSESSIONTYPES();
1195
[todo] NTSTATUS lsa_LSARREGISTERAUDITEVENT();
1198
[todo] NTSTATUS lsa_LSARGENAUDITEVENT();
1201
[todo] NTSTATUS lsa_LSARUNREGISTERAUDITEVENT();
1205
[range(0,131072)] uint32 length;
1206
[size_is(length)] uint8 *data;
1207
} lsa_ForestTrustBinaryData;
1210
dom_sid2 *domain_sid;
1211
lsa_StringLarge dns_domain_name;
1212
lsa_StringLarge netbios_domain_name;
1213
} lsa_ForestTrustDomainInfo;
1215
typedef [switch_type(uint32)] union {
1216
[case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_String top_level_name;
1217
[case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex;
1218
[case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info;
1219
[default] lsa_ForestTrustBinaryData data;
1220
} lsa_ForestTrustData;
1222
typedef [v1_enum] enum {
1223
LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0,
1224
LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
1225
LSA_FOREST_TRUST_DOMAIN_INFO = 2,
1226
LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3
1227
} lsa_ForestTrustRecordType;
1231
lsa_ForestTrustRecordType level;
1233
[switch_is(level)] lsa_ForestTrustData forest_trust_data;
1234
} lsa_ForestTrustRecord;
1236
typedef [public] struct {
1237
[range(0,4000)] uint32 count;
1238
[size_is(count)] lsa_ForestTrustRecord **entries;
1239
} lsa_ForestTrustInformation;
1241
NTSTATUS lsa_lsaRQueryForestTrustInformation(
1242
[in] policy_handle *handle,
1243
[in,ref] lsa_String *trusted_domain_name,
1244
[in] uint16 unknown, /* level ? */
1245
[out,ref] lsa_ForestTrustInformation **forest_trust_info
1249
[todo] NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION();
1252
[todo] NTSTATUS lsa_CREDRRENAME();
1257
[public] NTSTATUS lsa_LookupSids3(
1258
[in,ref] lsa_SidArray *sids,
1259
[out,ref] lsa_RefDomainList **domains,
1260
[in,out,ref] lsa_TransNameArray2 *names,
1262
[in,out,ref] uint32 *count,
1263
[in] uint32 unknown1,
1264
[in] uint32 unknown2
1267
const int LSA_CLIENT_REVISION_NO_DNS = 0x00000001;
1268
const int LSA_CLIENT_REVISION_DNS = 0x00000002;
1270
const int LSA_LOOKUP_OPTIONS_NO_ISOLATED = 0x80000000;
1273
NTSTATUS lsa_LookupNames4(
1274
[in,range(0,1000)] uint32 num_names,
1275
[in,size_is(num_names)] lsa_String names[],
1276
[out,ref] lsa_RefDomainList **domains,
1277
[in,out,ref] lsa_TransSidArray3 *sids,
1278
[in] lsa_LookupNamesLevel level,
1279
[in,out,ref] uint32 *count,
1280
[in] uint32 lookup_options,
1281
[in] uint32 client_revision /* LSA_CLIENT_REVISION* */
1285
[todo] NTSTATUS lsa_LSAROPENPOLICYSCE();
1288
[todo] NTSTATUS lsa_LSARADTREGISTERSECURITYEVENTSOURCE();
1291
[todo] NTSTATUS lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE();
1294
[todo] NTSTATUS lsa_LSARADTREPORTSECURITYEVENT();