Wireshark  2.9.0-477-g68ec514b
The Wireshark network protocol analyzer
lsa.idl
1 #include "idl_types.h"
2 
3 /*
4  lsa interface definition
5 */
6 
7 /*import "misc.idl", "security.idl";*/
8 
9 [ uuid("12345778-1234-abcd-ef00-0123456789ab"),
10  version(0.0),
11  endpoint("ncacn_np:[\\pipe\\lsarpc]","ncacn_np:[\\pipe\\netlogon]","ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:", "ncalrpc:"),
12  pointer_default(unique),
13  helpstring("Local Security Authority")
14 ] interface lsarpc
15 {
16  typedef [bitmap32bit] bitmap {
17  LSA_POLICY_NOTIFICATION = 0x00001000,
18  LSA_POLICY_LOOKUP_NAMES = 0x00000800,
19  LSA_POLICY_SERVER_ADMIN = 0x00000400,
20  LSA_POLICY_AUDIT_LOG_ADMIN = 0x00000200,
21  LSA_POLICY_SET_AUDIT_REQUIREMENTS = 0x00000100,
22  LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x00000080,
23  LSA_POLICY_CREATE_PRIVILEGE = 0x00000040,
24  LSA_POLICY_CREATE_SECRET = 0x00000020,
25  LSA_POLICY_CREATE_ACCOUNT = 0x00000010,
26  LSA_POLICY_TRUST_ADMIN = 0x00000008,
27  LSA_POLICY_GET_PRIVATE_INFORMATION = 0x00000004,
28  LSA_POLICY_VIEW_AUDIT_INFORMATION = 0x00000002,
29  LSA_POLICY_VIEW_LOCAL_INFORMATION = 0x00000001
30  } lsa_PolicyAccessMask;
31 
32  typedef [bitmap32bit] bitmap {
33  LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS = 0x00000008,
34  LSA_ACCOUNT_ADJUST_QUOTAS = 0x00000004,
35  LSA_ACCOUNT_ADJUST_PRIVILEGES = 0x00000002,
36  LSA_ACCOUNT_VIEW = 0x00000001
37  } lsa_AccountAccessMask;
38 
39  typedef [bitmap32bit] bitmap {
40  LSA_DOMAIN_QUERY_AUTH = 0x00000040,
41  LSA_DOMAIN_SET_AUTH = 0x00000020,
42  LSA_DOMAIN_SET_POSIX = 0x00000010,
43  LSA_DOMAIN_QUERY_POSIX = 0x00000008,
44  LSA_DOMAIN_SET_CONTROLLERS = 0x00000004,
45  LSA_DOMAIN_QUERY_CONTROLLERS = 0x00000002,
46  LSA_DOMAIN_QUERY_DOMAIN_NAME = 0x00000001
47  } lsa_DomainAccessMask;
48 
49  typedef [bitmap32bit] bitmap {
50  LSA_SECRET_QUERY_VALUE = 0x00000002,
51  LSA_SECRET_SET_VALUE = 0x00000001
52  } lsa_SecretAccessMask;
53 
54  typedef bitmap security_secinfo security_secinfo;
55 
56  typedef [public] struct {
57  [value(2*strlen_m(string))] uint16 length;
58  [value(2*strlen_m(string))] uint16 size;
59  [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
60  } lsa_String;
61 
62  typedef [public] struct {
63  [value(2*strlen_m(string))] uint16 length;
64  [value(2*strlen_m_term(string))] uint16 size;
65  [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
66  } lsa_StringLarge;
67 
68  typedef [public] struct {
69  uint32 count;
70  [size_is(count)] lsa_String *names;
71  } lsa_Strings;
72 
73  typedef [public] struct {
74  [value(strlen_m(string))] uint16 length;
75  [value(strlen_m(string))] uint16 size;
76  [charset(DOS),size_is(size),length_is(length)] uint8 *string;
77  } lsa_AsciiString;
78 
79  typedef [public] struct {
80  [value(strlen_m(string))] uint16 length;
81  [value(strlen_m_term(string))] uint16 size;
82  [charset(DOS),size_is(size),length_is(length)] uint8 *string;
83  } lsa_AsciiStringLarge;
84 
85  /******************/
86  /* Function: 0x00 */
87  NTSTATUS lsa_Close (
88  [in,out] policy_handle *handle
89  );
90 
91 
92  /******************/
93  /* Function: 0x01 */
94  [public] NTSTATUS lsa_Delete (
95  [in] policy_handle *handle
96  );
97 
98 
99  /******************/
100  /* Function: 0x02 */
101  typedef struct {
102  uint32 low;
103  uint32 high;
104  } lsa_LUID;
105 
106  typedef struct {
107  lsa_StringLarge name;
108  lsa_LUID luid;
109  } lsa_PrivEntry;
110 
111  typedef struct {
112  uint32 count;
113  [size_is(count)] lsa_PrivEntry *privs;
114  } lsa_PrivArray;
115 
116  [public] NTSTATUS lsa_EnumPrivs (
117  [in] policy_handle *handle,
118  [in,out] uint32 *resume_handle,
119  [in] uint32 max_count,
120  [out] lsa_PrivArray *privs
121  );
122 
123  /******************/
124  /* Function: 0x03 */
125 
126  NTSTATUS lsa_QuerySecurity (
127  [in] policy_handle *handle,
128  [in] security_secinfo sec_info,
129  [out,unique] sec_desc_buf *sdbuf
130  );
131 
132 
133  /******************/
134  /* Function: 0x04 */
135  [todo] NTSTATUS lsa_SetSecObj ();
136 
137 
138  /******************/
139  /* Function: 0x05 */
140  [todo] NTSTATUS lsa_ChangePassword ();
141 
142 
143  /******************/
144  /* Function: 0x06 */
145 
146  typedef enum {
147  LSA_SECURITY_ANONYMOUS = 0,
148  LSA_SECURITY_IDENTIFICATION = 1,
149  LSA_SECURITY_IMPERSONATION = 2,
150  LSA_SECURITY_DELEGATION = 3
151  } lsa_SecurityImpersonationLevel;
152 
153  typedef struct {
154  uint32 len; /* ignored */
155  lsa_SecurityImpersonationLevel impersonation_level;
156  uint8 context_mode;
157  uint8 effective_only;
158  } lsa_QosInfo;
159 
160  typedef struct {
161  uint32 len; /* ignored */
162  uint8 *root_dir;
163  [string,charset(UTF16)] uint16 *object_name;
164  uint32 attributes;
165  security_descriptor *sec_desc;
166  lsa_QosInfo *sec_qos;
167  } lsa_ObjectAttribute;
168 
169  /* notice the screwup with the system_name - thats why MS created
170  OpenPolicy2 */
171  [public] NTSTATUS lsa_OpenPolicy (
172  [in,unique] uint16 *system_name,
173  [in] lsa_ObjectAttribute *attr,
174  [in] lsa_PolicyAccessMask access_mask,
175  [out] policy_handle *handle
176  );
177 
178 
179 
180  /******************/
181  /* Function: 0x07 */
182 
183  typedef struct {
184  uint32 percent_full;
185  uint32 log_size;
186  NTTIME retention_time;
187  uint8 shutdown_in_progress;
188  NTTIME time_to_shutdown;
189  uint32 next_audit_record;
190  uint32 unknown;
191  } lsa_AuditLogInfo;
192 
193  typedef [v1_enum] enum {
194  LSA_AUDIT_POLICY_NONE=0,
195  LSA_AUDIT_POLICY_SUCCESS=1,
196  LSA_AUDIT_POLICY_FAILURE=2,
197  LSA_AUDIT_POLICY_ALL=(LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE),
198  LSA_AUDIT_POLICY_CLEAR=4
199  } lsa_PolicyAuditPolicy;
200 
201  typedef enum {
202  LSA_AUDIT_CATEGORY_SYSTEM = 0,
203  LSA_AUDIT_CATEGORY_LOGON = 1,
204  LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS = 2,
205  LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS = 3,
206  LSA_AUDIT_CATEGORY_PROCCESS_TRACKING = 4,
207  LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES = 5,
208  LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT = 6,
209  LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS = 7, /* only in win2k/2k3 */
210  LSA_AUDIT_CATEGORY_ACCOUNT_LOGON = 8 /* only in win2k/2k3 */
211  } lsa_PolicyAuditEventType;
212 
213  typedef struct {
214  uint32 auditing_mode;
215  [size_is(count)] lsa_PolicyAuditPolicy *settings;
216  uint32 count;
217  } lsa_AuditEventsInfo;
218 
219  typedef struct {
220  lsa_StringLarge name;
221  dom_sid2 *sid;
222  } lsa_DomainInfo;
223 
224  typedef struct {
225  lsa_String name;
226  } lsa_PDAccountInfo;
227 
228  typedef enum {
229  LSA_POLICY_ROLE_BACKUP = 2,
230  LSA_POLICY_ROLE_PRIMARY = 3
231  } lsa_PolicyServerRole;
232 
233  typedef struct {
234  lsa_PolicyServerRole role;
235  } lsa_ServerRole;
236 
237  typedef struct {
238  lsa_String source;
239  lsa_String account;
240  } lsa_ReplicaSourceInfo;
241 
242  typedef struct {
243  uint32 paged_pool;
244  uint32 non_paged_pool;
245  uint32 min_wss;
246  uint32 max_wss;
247  uint32 pagefile;
248  hyper unknown;
249  } lsa_DefaultQuotaInfo;
250 
251  typedef struct {
252  hyper modified_id;
253  NTTIME db_create_time;
254  } lsa_ModificationInfo;
255 
256  typedef struct {
257  uint8 shutdown_on_full;
258  } lsa_AuditFullSetInfo;
259 
260  typedef struct {
261  uint16 unknown; /* an midl padding bug? */
262  uint8 shutdown_on_full;
263  uint8 log_is_full;
264  } lsa_AuditFullQueryInfo;
265 
266  typedef struct {
267  /* it's important that we use the lsa_StringLarge here,
268  * because otherwise windows clients result with such dns hostnames
269  * e.g. w2k3-client.samba4.samba.orgsamba4.samba.org
270  * where it should be
271  * w2k3-client.samba4.samba.org
272  */
273  lsa_StringLarge name;
274  lsa_StringLarge dns_domain;
275  lsa_StringLarge dns_forest;
276  GUID domain_guid;
277  dom_sid2 *sid;
278  } lsa_DnsDomainInfo;
279 
280  typedef enum {
281  LSA_POLICY_INFO_AUDIT_LOG=1,
282  LSA_POLICY_INFO_AUDIT_EVENTS=2,
283  LSA_POLICY_INFO_DOMAIN=3,
284  LSA_POLICY_INFO_PD=4,
285  LSA_POLICY_INFO_ACCOUNT_DOMAIN=5,
286  LSA_POLICY_INFO_ROLE=6,
287  LSA_POLICY_INFO_REPLICA=7,
288  LSA_POLICY_INFO_QUOTA=8,
289  LSA_POLICY_INFO_DB=9,
290  LSA_POLICY_INFO_AUDIT_FULL_SET=10,
291  LSA_POLICY_INFO_AUDIT_FULL_QUERY=11,
292  LSA_POLICY_INFO_DNS=12,
293  LSA_POLICY_INFO_DNS_INT=13,
294  LSA_POLICY_INFO_LOCAL_ACCOUNT_DOMAIN=14
295  } lsa_PolicyInfo;
296 
297  typedef [switch_type(uint16)] union {
298  [case(LSA_POLICY_INFO_AUDIT_LOG)] lsa_AuditLogInfo audit_log;
299  [case(LSA_POLICY_INFO_AUDIT_EVENTS)] lsa_AuditEventsInfo audit_events;
300  [case(LSA_POLICY_INFO_DOMAIN)] lsa_DomainInfo domain;
301  [case(LSA_POLICY_INFO_PD)] lsa_PDAccountInfo pd;
302  [case(LSA_POLICY_INFO_ACCOUNT_DOMAIN)] lsa_DomainInfo account_domain;
303  [case(LSA_POLICY_INFO_ROLE)] lsa_ServerRole role;
304  [case(LSA_POLICY_INFO_REPLICA)] lsa_ReplicaSourceInfo replica;
305  [case(LSA_POLICY_INFO_QUOTA)] lsa_DefaultQuotaInfo quota;
306  [case(LSA_POLICY_INFO_DB)] lsa_ModificationInfo db;
307  [case(LSA_POLICY_INFO_AUDIT_FULL_SET)] lsa_AuditFullSetInfo auditfullset;
308  [case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery;
309  [case(LSA_POLICY_INFO_DNS)] lsa_DnsDomainInfo dns;
310  } lsa_PolicyInformation;
311 
312  NTSTATUS lsa_QueryInfoPolicy (
313  [in] policy_handle *handle,
314  [in] lsa_PolicyInfo level,
315  [out,unique,switch_is(level)] lsa_PolicyInformation *info
316  );
317 
318  /******************/
319  /* Function: 0x08 */
320  NTSTATUS lsa_SetInfoPolicy (
321  [in] policy_handle *handle,
322  [in] lsa_PolicyInfo level,
323  [in,switch_is(level)] lsa_PolicyInformation *info
324  );
325 
326  /******************/
327  /* Function: 0x09 */
328  [todo] NTSTATUS lsa_ClearAuditLog ();
329 
330  /******************/
331  /* Function: 0x0a */
332  [public] NTSTATUS lsa_CreateAccount (
333  [in] policy_handle *handle,
334  [in] dom_sid2 *sid,
335  [in] lsa_AccountAccessMask access_mask,
336  [out] policy_handle *acct_handle
337  );
338 
339  /******************/
340  /* NOTE: This only returns accounts that have at least
341  one privilege set
342  */
343  /* Function: 0x0b */
344  typedef struct {
345  dom_sid2 *sid;
346  } lsa_SidPtr;
347 
348  typedef [public] struct {
349  [range(0,1000)] uint32 num_sids;
350  [size_is(num_sids)] lsa_SidPtr *sids;
351  } lsa_SidArray;
352 
353  [public] NTSTATUS lsa_EnumAccounts (
354  [in] policy_handle *handle,
355  [in,out] uint32 *resume_handle,
356  [in,range(0,8192)] uint32 num_entries,
357  [out] lsa_SidArray *sids
358  );
359 
360 
361  /*************************************************/
362  /* Function: 0x0c */
363 
364  [public] NTSTATUS lsa_CreateTrustedDomain(
365  [in] policy_handle *handle,
366  [in] lsa_DomainInfo *info,
367  [in] lsa_DomainAccessMask access_mask,
368  [out] policy_handle *trustdom_handle
369  );
370 
371 
372  /******************/
373  /* Function: 0x0d */
374 
375  /* w2k3 treats max_size as max_domains*60 */
376  const int LSA_ENUM_TRUST_DOMAIN_MULTIPLIER = 60;
377 
378  typedef struct {
379  uint32 count;
380  [size_is(count)] lsa_DomainInfo *domains;
381  } lsa_DomainList;
382 
383  NTSTATUS lsa_EnumTrustDom (
384  [in] policy_handle *handle,
385  [in,out] uint32 *resume_handle,
386  [in] uint32 max_size,
387  [out] lsa_DomainList *domains
388  );
389 
390 
391  /******************/
392  /* Function: 0x0e */
393  typedef [public] enum {
394  SID_NAME_USE_NONE = 0,/* NOTUSED */
395  SID_NAME_USER = 1, /* user */
396  SID_NAME_DOM_GRP = 2, /* domain group */
397  SID_NAME_DOMAIN = 3, /* domain: don't know what this is */
398  SID_NAME_ALIAS = 4, /* local group */
399  SID_NAME_WKN_GRP = 5, /* well-known group */
400  SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating */
401  SID_NAME_INVALID = 7, /* invalid account */
402  SID_NAME_UNKNOWN = 8, /* oops. */
403  SID_NAME_COMPUTER = 9 /* machine */
404  } lsa_SidType;
405 
406  typedef struct {
407  lsa_SidType sid_type;
408  uint32 rid;
409  uint32 sid_index;
410  } lsa_TranslatedSid;
411 
412  typedef struct {
413  [range(0,1000)] uint32 count;
414  [size_is(count)] lsa_TranslatedSid *sids;
415  } lsa_TransSidArray;
416 
417  const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32;
418  typedef struct {
419  [range(0,1000)] uint32 count;
420  [size_is(count)] lsa_DomainInfo *domains;
421  uint32 max_size;
422  } lsa_RefDomainList;
423 
424  /* Level 1: Ask everywhere
425  * Level 2: Ask domain and trusted domains, no builtin and wkn
426  * Level 3: Only ask domain
427  * Level 4: W2k3ad: Only ask AD trusts
428  * Level 5: Only ask transitive forest trusts
429  * Level 6: Like 4
430  */
431 
432  typedef enum {
433  LSA_LOOKUP_NAMES_ALL = 1,
434  LSA_LOOKUP_NAMES_DOMAINS_ONLY = 2,
435  LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3,
436  LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY = 4,
437  LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY = 5,
438  LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6
439  } lsa_LookupNamesLevel;
440 
441  [public] NTSTATUS lsa_LookupNames (
442  [in] policy_handle *handle,
443  [in,range(0,1000)] uint32 num_names,
444  [in,size_is(num_names)] lsa_String names[],
445  [out,unique] lsa_RefDomainList *domains,
446  [in,out] lsa_TransSidArray *sids,
447  [in] lsa_LookupNamesLevel level,
448  [in,out] uint32 *count
449  );
450 
451 
452  /******************/
453  /* Function: 0x0f */
454 
455  typedef struct {
456  lsa_SidType sid_type;
457  lsa_String name;
458  uint32 sid_index;
459  } lsa_TranslatedName;
460 
461  typedef struct {
462  [range(0,1000)] uint32 count;
463  [size_is(count)] lsa_TranslatedName *names;
464  } lsa_TransNameArray;
465 
466  [public] NTSTATUS lsa_LookupSids (
467  [in] policy_handle *handle,
468  [in] lsa_SidArray *sids,
469  [out,unique] lsa_RefDomainList *domains,
470  [in,out] lsa_TransNameArray *names,
471  [in] uint16 level,
472  [in,out] uint32 *count
473  );
474 
475 
476  /* Function: 0x10 */
477  [public] NTSTATUS lsa_CreateSecret(
478  [in] policy_handle *handle,
479  [in] lsa_String name,
480  [in] lsa_SecretAccessMask access_mask,
481  [out] policy_handle *sec_handle
482  );
483 
484 
485  /*****************************************/
486  /* Function: 0x11 */
487  NTSTATUS lsa_OpenAccount (
488  [in] policy_handle *handle,
489  [in] dom_sid2 *sid,
490  [in] lsa_AccountAccessMask access_mask,
491  [out] policy_handle *acct_handle
492  );
493 
494 
495  /****************************************/
496  /* Function: 0x12 */
497 
498  typedef struct {
499  lsa_LUID luid;
500  uint32 attribute;
501  } lsa_LUIDAttribute;
502 
503  typedef struct {
504  [range(0,1000)] uint32 count;
505  uint32 unknown;
506  [size_is(count)] lsa_LUIDAttribute set[*];
507  } lsa_PrivilegeSet;
508 
509  NTSTATUS lsa_EnumPrivsAccount (
510  [in] policy_handle *handle,
511  [out,unique] lsa_PrivilegeSet *privs
512  );
513 
514 
515  /****************************************/
516  /* Function: 0x13 */
517  NTSTATUS lsa_AddPrivilegesToAccount(
518  [in] policy_handle *handle,
519  [in] lsa_PrivilegeSet *privs
520  );
521 
522 
523  /****************************************/
524  /* Function: 0x14 */
525  NTSTATUS lsa_RemovePrivilegesFromAccount(
526  [in] policy_handle *handle,
527  [in] uint8 remove_all,
528  [in,unique] lsa_PrivilegeSet *privs
529  );
530 
531  /* Function: 0x15 */
532  [todo] NTSTATUS lsa_GetQuotasForAccount();
533 
534  /* Function: 0x16 */
535  [todo] NTSTATUS lsa_SetQuotasForAccount();
536 
537  /* Function: 0x17 */
538  [todo] NTSTATUS lsa_GetSystemAccessAccount();
539  /* Function: 0x18 */
540  [todo] NTSTATUS lsa_SetSystemAccessAccount();
541 
542  /* Function: 0x19 */
543  NTSTATUS lsa_OpenTrustedDomain(
544  [in] policy_handle *handle,
545  [in] dom_sid2 *sid,
546  [in] lsa_DomainAccessMask access_mask,
547  [out] policy_handle *trustdom_handle
548  );
549 
550  typedef [flag(NDR_PAHEX)] struct {
551  uint32 length;
552  uint32 size;
553  [size_is(size),length_is(length)] uint8 *data;
554  } lsa_DATA_BUF;
555 
556  typedef [flag(NDR_PAHEX)] struct {
557  [range(0,65536)] uint32 size;
558  [size_is(size)] uint8 *data;
559  } lsa_DATA_BUF2;
560 
561  typedef enum {
562  LSA_TRUSTED_DOMAIN_INFO_NAME = 1,
563  LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS_INFO = 2,
564  LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET = 3,
565  LSA_TRUSTED_DOMAIN_INFO_PASSWORD = 4,
566  LSA_TRUSTED_DOMAIN_INFO_BASIC = 5,
567  LSA_TRUSTED_DOMAIN_INFO_INFO_EX = 6,
568  LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO = 7,
569  LSA_TRUSTED_DOMAIN_INFO_FULL_INFO = 8,
570  LSA_TRUSTED_DOMAIN_INFO_11 = 11,
571  LSA_TRUSTED_DOMAIN_INFO_INFO_ALL = 12
572  } lsa_TrustDomInfoEnum;
573 
574  typedef struct {
575  lsa_StringLarge netbios_name;
576  } lsa_TrustDomainInfoName;
577 
578  typedef struct {
579  uint32 posix_offset;
580  } lsa_TrustDomainInfoPosixOffset;
581 
582  typedef struct {
583  lsa_DATA_BUF *password;
584  lsa_DATA_BUF *old_password;
585  } lsa_TrustDomainInfoPassword;
586 
587  typedef struct {
588  lsa_String netbios_name;
589  dom_sid2 *sid;
590  } lsa_TrustDomainInfoBasic;
591 
592  typedef struct {
593  lsa_StringLarge domain_name;
594  lsa_StringLarge netbios_name;
595  dom_sid2 *sid;
596  uint32 trust_direction;
597  uint32 trust_type;
598  uint32 trust_attributes;
599  } lsa_TrustDomainInfoInfoEx;
600 
601  typedef struct {
602  NTTIME_hyper last_update_time;
603  uint32 secret_type;
604  lsa_DATA_BUF2 data;
605  } lsa_TrustDomainInfoBuffer;
606 
607  typedef struct {
608  uint32 incoming_count;
609  lsa_TrustDomainInfoBuffer *incoming_current_auth_info;
610  lsa_TrustDomainInfoBuffer *incoming_previous_auth_info;
611  uint32 outgoing_count;
612  lsa_TrustDomainInfoBuffer *outgoing_current_auth_info;
613  lsa_TrustDomainInfoBuffer *outgoing_previous_auth_info;
614  } lsa_TrustDomainInfoAuthInfo;
615 
616  typedef struct {
617  lsa_TrustDomainInfoInfoEx info_ex;
618  lsa_TrustDomainInfoPosixOffset posix_offset;
619  lsa_TrustDomainInfoAuthInfo auth_info;
620  } lsa_TrustDomainInfoFullInfo;
621 
622  typedef struct {
623  lsa_TrustDomainInfoInfoEx info_ex;
624  lsa_DATA_BUF2 data1;
625  } lsa_TrustDomainInfo11;
626 
627  typedef struct {
628  lsa_TrustDomainInfoInfoEx info_ex;
629  lsa_DATA_BUF2 data1;
630  lsa_TrustDomainInfoPosixOffset posix_offset;
631  lsa_TrustDomainInfoAuthInfo auth_info;
632  } lsa_TrustDomainInfoInfoAll;
633 
634  typedef [switch_type(lsa_TrustDomInfoEnum)] union {
635  [case(LSA_TRUSTED_DOMAIN_INFO_NAME)] lsa_TrustDomainInfoName name;
636  [case(LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET)] lsa_TrustDomainInfoPosixOffset posix_offset;
637  [case(LSA_TRUSTED_DOMAIN_INFO_PASSWORD)] lsa_TrustDomainInfoPassword password;
638  [case(LSA_TRUSTED_DOMAIN_INFO_BASIC)] lsa_TrustDomainInfoBasic info_basic;
639  [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX)] lsa_TrustDomainInfoInfoEx info_ex;
640  [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO)] lsa_TrustDomainInfoAuthInfo auth_info;
641  [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)] lsa_TrustDomainInfoFullInfo full_info;
642  [case(LSA_TRUSTED_DOMAIN_INFO_11)] lsa_TrustDomainInfo11 info11;
643  [case(LSA_TRUSTED_DOMAIN_INFO_INFO_ALL)] lsa_TrustDomainInfoInfoAll info_all;
644  } lsa_TrustedDomainInfo;
645 
646  /* Function: 0x1a */
647  NTSTATUS lsa_QueryTrustedDomainInfo(
648  [in] policy_handle *trustdom_handle,
649  [in] lsa_TrustDomInfoEnum level,
650  [out,switch_is(level),unique] lsa_TrustedDomainInfo *info
651  );
652 
653  /* Function: 0x1b */
654  [todo] NTSTATUS lsa_SetInformationTrustedDomain();
655 
656  /* Function: 0x1c */
657  [public] NTSTATUS lsa_OpenSecret(
658  [in] policy_handle *handle,
659  [in] lsa_String name,
660  [in] lsa_SecretAccessMask access_mask,
661  [out] policy_handle *sec_handle
662  );
663 
664  /* Function: 0x1d */
665 
666  [public] NTSTATUS lsa_SetSecret(
667  [in] policy_handle *sec_handle,
668  [in,unique] lsa_DATA_BUF *new_val,
669  [in,unique] lsa_DATA_BUF *old_val
670  );
671 
672  typedef struct {
673  lsa_DATA_BUF *buf;
674  } lsa_DATA_BUF_PTR;
675 
676  /* Function: 0x1e */
677  [public] NTSTATUS lsa_QuerySecret (
678  [in] policy_handle *sec_handle,
679  [in,out,unique] lsa_DATA_BUF_PTR *new_val,
680  [in,out,unique] NTTIME_hyper *new_mtime,
681  [in,out,unique] lsa_DATA_BUF_PTR *old_val,
682  [in,out,unique] NTTIME_hyper *old_mtime
683  );
684 
685  /* Function: 0x1f */
686  NTSTATUS lsa_LookupPrivValue(
687  [in] policy_handle *handle,
688  [in] lsa_String *name,
689  [out] lsa_LUID *luid
690  );
691 
692 
693  /* Function: 0x20 */
694  NTSTATUS lsa_LookupPrivName (
695  [in] policy_handle *handle,
696  [in] lsa_LUID *luid,
697  [out,unique] lsa_StringLarge *name
698  );
699 
700 
701  /*******************/
702  /* Function: 0x21 */
703  NTSTATUS lsa_LookupPrivDisplayName (
704  [in] policy_handle *handle,
705  [in] lsa_String *name,
706  [out,unique] lsa_StringLarge *disp_name,
707  /* see http://www.microsoft.com/globaldev/nlsweb/ for
708  language definitions */
709  [in,out] uint16 *language_id,
710  [in] uint16 unknown
711  );
712 
713  /* Function: 0x22 */
714  [todo] NTSTATUS lsa_DeleteObject();
715 
716 
717  /*******************/
718  /* Function: 0x23 */
719  NTSTATUS lsa_EnumAccountsWithUserRight (
720  [in] policy_handle *handle,
721  [in,unique] lsa_String *name,
722  [out] lsa_SidArray *sids
723  );
724 
725  /* Function: 0x24 */
726  typedef struct {
727  [string,charset(UTF16)] uint16 *name;
728  } lsa_RightAttribute;
729 
730  typedef struct {
731  uint32 count;
732  [size_is(count)] lsa_StringLarge *names;
733  } lsa_RightSet;
734 
735  NTSTATUS lsa_EnumAccountRights (
736  [in] policy_handle *handle,
737  [in] dom_sid2 *sid,
738  [out] lsa_RightSet *rights
739  );
740 
741 
742  /**********************/
743  /* Function: 0x25 */
744  NTSTATUS lsa_AddAccountRights (
745  [in] policy_handle *handle,
746  [in] dom_sid2 *sid,
747  [in] lsa_RightSet *rights
748  );
749 
750  /**********************/
751  /* Function: 0x26 */
752  NTSTATUS lsa_RemoveAccountRights (
753  [in] policy_handle *handle,
754  [in] dom_sid2 *sid,
755  [in] uint32 unknown,
756  [in] lsa_RightSet *rights
757  );
758 
759  /* Function: 0x27 */
760  NTSTATUS lsa_QueryTrustedDomainInfoBySid(
761  [in] policy_handle *handle,
762  [in] dom_sid2 *dom_sid,
763  [in] lsa_TrustDomInfoEnum level,
764  [out,switch_is(level),unique] lsa_TrustedDomainInfo *info
765  );
766 
767  /* Function: 0x28 */
768  [todo] NTSTATUS lsa_SetTrustedDomainInfo();
769  /* Function: 0x29 */
770  NTSTATUS lsa_DeleteTrustedDomain(
771  [in] policy_handle *handle,
772  [in] dom_sid2 *dom_sid
773  );
774 
775  /* Function: 0x2a */
776  [todo] NTSTATUS lsa_StorePrivateData();
777  /* Function: 0x2b */
778  [todo] NTSTATUS lsa_RetrievePrivateData();
779 
780 
781  /**********************/
782  /* Function: 0x2c */
783  [public] NTSTATUS lsa_OpenPolicy2 (
784  [in,unique] [string,charset(UTF16)] uint16 *system_name,
785  [in] lsa_ObjectAttribute *attr,
786  [in] lsa_PolicyAccessMask access_mask,
787  [out] policy_handle *handle
788  );
789 
790  /**********************/
791  /* Function: 0x2d */
792  typedef struct {
793  lsa_String *string;
794  } lsa_StringPointer;
795 
796  NTSTATUS lsa_GetUserName(
797  [in,unique] [string,charset(UTF16)] uint16 *system_name,
798  [in,out,unique] lsa_String *account_name,
799  [in,out,unique] lsa_StringPointer *authority_name
800  );
801 
802  /**********************/
803  /* Function: 0x2e */
804 
805  NTSTATUS lsa_QueryInfoPolicy2(
806  [in] policy_handle *handle,
807  [in] lsa_PolicyInfo level,
808  [out,unique,switch_is(level)] lsa_PolicyInformation *info
809  );
810 
811  /* Function 0x2f */
812  NTSTATUS lsa_SetInfoPolicy2(
813  [in] policy_handle *handle,
814  [in] lsa_PolicyInfo level,
815  [in,switch_is(level)] lsa_PolicyInformation *info
816  );
817 
818  /**********************/
819  /* Function 0x30 */
820  NTSTATUS lsa_QueryTrustedDomainInfoByName(
821  [in] policy_handle *handle,
822  [in] lsa_String trusted_domain,
823  [in] lsa_TrustDomInfoEnum level,
824  [out,unique,switch_is(level)] lsa_TrustedDomainInfo *info
825  );
826 
827  /**********************/
828  /* Function 0x31 */
829  NTSTATUS lsa_SetTrustedDomainInfoByName(
830  [in] policy_handle *handle,
831  [in] lsa_String trusted_domain,
832  [in] lsa_TrustDomInfoEnum level,
833  [in,unique,switch_is(level)] lsa_TrustedDomainInfo *info
834  );
835 
836  /* Function 0x32 */
837 
838  /* w2k3 treats max_size as max_domains*82 */
839  const int LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER = 82;
840 
841  typedef struct {
842  uint32 count;
843  [size_is(count)] lsa_TrustDomainInfoInfoEx *domains;
844  } lsa_DomainListEx;
845 
846  NTSTATUS lsa_EnumTrustedDomainsEx (
847  [in] policy_handle *handle,
848  [in,out] uint32 *resume_handle,
849  [out] lsa_DomainListEx *domains,
850  [in] uint32 max_size
851  );
852 
853 
854  /* Function 0x33 */
855  [todo] NTSTATUS lsa_CreateTrustedDomainEx();
856 
857  /* Function 0x34 */
858  NTSTATUS lsa_CloseTrustedDomainEx(
859  [in,out] policy_handle *handle
860  );
861 
862  /* Function 0x35 */
863 
864  /* w2k3 returns either 0x000bbbd000000000 or 0x000a48e800000000
865  for unknown6 - gd */
866  typedef struct {
867  uint32 enforce_restrictions;
868  hyper service_tkt_lifetime;
869  hyper user_tkt_lifetime;
870  hyper user_tkt_renewaltime;
871  hyper clock_skew;
872  hyper unknown6;
873  } lsa_DomainInfoKerberos;
874 
875  typedef struct {
876  uint32 blob_size;
877  [size_is(blob_size)] uint8 *efs_blob;
878  } lsa_DomainInfoEfs;
879 
880  typedef enum {
881  LSA_DOMAIN_INFO_POLICY_QOS=1,
882  LSA_DOMAIN_INFO_POLICY_EFS=2,
883  LSA_DOMAIN_INFO_POLICY_KERBEROS=3
884  } lsa_DomainInfoEnum;
885 
886  typedef [switch_type(uint16)] union {
887  [case(LSA_DOMAIN_INFO_POLICY_EFS)] lsa_DomainInfoEfs efs_info;
888  [case(LSA_DOMAIN_INFO_POLICY_KERBEROS)] lsa_DomainInfoKerberos kerberos_info;
889  } lsa_DomainInformationPolicy;
890 
891  NTSTATUS lsa_QueryDomainInformationPolicy(
892  [in] policy_handle *handle,
893  [in] lsa_DomainInfoEnum level,
894  [out,unique,switch_is(level)] lsa_DomainInformationPolicy *info
895  );
896 
897  /* Function 0x36 */
898  NTSTATUS lsa_SetDomainInformationPolicy(
899  [in] policy_handle *handle,
900  [in] lsa_DomainInfoEnum level,
901  [in,unique,switch_is(level)] lsa_DomainInformationPolicy *info
902  );
903 
904  /**********************/
905  /* Function 0x37 */
906  NTSTATUS lsa_OpenTrustedDomainByName(
907  [in] policy_handle *handle,
908  [in] lsa_String name,
909  [in] lsa_DomainAccessMask access_mask,
910  [out] policy_handle *trustdom_handle
911  );
912 
913  /* Function 0x38 */
914  [todo] NTSTATUS lsa_TestCall();
915 
916  /**********************/
917  /* Function 0x39 */
918 
919  typedef struct {
920  lsa_SidType sid_type;
921  lsa_String name;
922  uint32 sid_index;
923  uint32 unknown;
924  } lsa_TranslatedName2;
925 
926  typedef struct {
927  [range(0,1000)] uint32 count;
928  [size_is(count)] lsa_TranslatedName2 *names;
929  } lsa_TransNameArray2;
930 
931  [public] NTSTATUS lsa_LookupSids2(
932  [in] policy_handle *handle,
933  [in] lsa_SidArray *sids,
934  [out,unique] lsa_RefDomainList *domains,
935  [in,out] lsa_TransNameArray2 *names,
936  [in] uint16 level,
937  [in,out] uint32 *count,
938  [in] uint32 unknown1,
939  [in] uint32 unknown2
940  );
941 
942  /**********************/
943  /* Function 0x3a */
944 
945  typedef struct {
946  lsa_SidType sid_type;
947  uint32 rid;
948  uint32 sid_index;
949  uint32 unknown;
950  } lsa_TranslatedSid2;
951 
952  typedef struct {
953  [range(0,1000)] uint32 count;
954  [size_is(count)] lsa_TranslatedSid2 *sids;
955  } lsa_TransSidArray2;
956 
957  [public] NTSTATUS lsa_LookupNames2 (
958  [in] policy_handle *handle,
959  [in,range(0,1000)] uint32 num_names,
960  [in,size_is(num_names)] lsa_String names[],
961  [out,unique] lsa_RefDomainList *domains,
962  [in,out] lsa_TransSidArray2 *sids,
963  [in] lsa_LookupNamesLevel level,
964  [in,out] uint32 *count,
965  [in] uint32 unknown1,
966  [in] uint32 unknown2
967  );
968 
969  /* Function 0x3b */
970  [todo] NTSTATUS lsa_CreateTrustedDomainEx2();
971 
972  /* Function 0x3c */
973  [todo] NTSTATUS lsa_CREDRWRITE();
974 
975  /* Function 0x3d */
976  [todo] NTSTATUS lsa_CREDRREAD();
977 
978  /* Function 0x3e */
979  [todo] NTSTATUS lsa_CREDRENUMERATE();
980 
981  /* Function 0x3f */
982  [todo] NTSTATUS lsa_CREDRWRITEDOMAINCREDENTIALS();
983 
984  /* Function 0x40 */
985  [todo] NTSTATUS lsa_CREDRREADDOMAINCREDENTIALS();
986 
987  /* Function 0x41 */
988  [todo] NTSTATUS lsa_CREDRDELETE();
989 
990  /* Function 0x42 */
991  [todo] NTSTATUS lsa_CREDRGETTARGETINFO();
992 
993  /* Function 0x43 */
994  [todo] NTSTATUS lsa_CREDRPROFILELOADED();
995 
996  /**********************/
997  /* Function 0x44 */
998  typedef struct {
999  lsa_SidType sid_type;
1000  dom_sid2 *sid;
1001  uint32 sid_index;
1002  uint32 unknown;
1003  } lsa_TranslatedSid3;
1004 
1005  typedef struct {
1006  [range(0,1000)] uint32 count;
1007  [size_is(count)] lsa_TranslatedSid3 *sids;
1008  } lsa_TransSidArray3;
1009 
1010  [public] NTSTATUS lsa_LookupNames3 (
1011  [in] policy_handle *handle,
1012  [in,range(0,1000)] uint32 num_names,
1013  [in,size_is(num_names)] lsa_String names[],
1014  [out,unique] lsa_RefDomainList *domains,
1015  [in,out] lsa_TransSidArray3 *sids,
1016  [in] lsa_LookupNamesLevel level,
1017  [in,out] uint32 *count,
1018  [in] uint32 unknown1,
1019  [in] uint32 unknown2
1020  );
1021 
1022  /* Function 0x45 */
1023  [todo] NTSTATUS lsa_CREDRGETSESSIONTYPES();
1024 
1025  /* Function 0x46 */
1026  [todo] NTSTATUS lsa_LSARREGISTERAUDITEVENT();
1027 
1028  /* Function 0x47 */
1029  [todo] NTSTATUS lsa_LSARGENAUDITEVENT();
1030 
1031  /* Function 0x48 */
1032  [todo] NTSTATUS lsa_LSARUNREGISTERAUDITEVENT();
1033 
1034  /* Function 0x49 */
1035  typedef struct {
1036  [range(0,131072)] uint32 length;
1037  [size_is(length)] uint8 *data;
1038  } lsa_ForestTrustBinaryData;
1039 
1040  typedef struct {
1041  dom_sid2 *domain_sid;
1042  lsa_StringLarge dns_domain_name;
1043  lsa_StringLarge netbios_domain_name;
1044  } lsa_ForestTrustDomainInfo;
1045 
1046  typedef [switch_type(uint32)] union {
1047  [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_String top_level_name;
1048  [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex;
1049  [case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info;
1050  [default] lsa_ForestTrustBinaryData data;
1051  } lsa_ForestTrustData;
1052 
1053  typedef [v1_enum] enum {
1054  LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0,
1055  LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
1056  LSA_FOREST_TRUST_DOMAIN_INFO = 2,
1057  LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3
1058  } lsa_ForestTrustRecordType;
1059 
1060  typedef struct {
1061  uint32 flags;
1062  lsa_ForestTrustRecordType level;
1063  hyper unknown;
1064  [switch_is(level)] lsa_ForestTrustData forest_trust_data;
1065  } lsa_ForestTrustRecord;
1066 
1067  typedef [public] struct {
1068  [range(0,4000)] uint32 count;
1069  [size_is(count)] lsa_ForestTrustRecord **entries;
1070  } lsa_ForestTrustInformation;
1071 
1072  NTSTATUS lsa_lsaRQueryForestTrustInformation(
1073  [in] policy_handle *handle,
1074  [in,ref] lsa_String *trusted_domain_name,
1075  [in] uint16 unknown, /* level ? */
1076  [out,ref] lsa_ForestTrustInformation **forest_trust_info
1077  );
1078 
1079  /* Function 0x4a */
1080  [todo] NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION();
1081 
1082  /* Function 0x4b */
1083  [todo] NTSTATUS lsa_CREDRRENAME();
1084 
1085  /*****************/
1086  /* Function 0x4c */
1087 
1088  [public] NTSTATUS lsa_LookupSids3(
1089  [in] lsa_SidArray *sids,
1090  [out,unique] lsa_RefDomainList *domains,
1091  [in,out] lsa_TransNameArray2 *names,
1092  [in] uint16 level,
1093  [in,out] uint32 *count,
1094  [in] uint32 unknown1,
1095  [in] uint32 unknown2
1096  );
1097 
1098  /* Function 0x4d */
1099  NTSTATUS lsa_LookupNames4(
1100  [in,range(0,1000)] uint32 num_names,
1101  [in,size_is(num_names)] lsa_String names[],
1102  [out,unique] lsa_RefDomainList *domains,
1103  [in,out] lsa_TransSidArray3 *sids,
1104  [in] lsa_LookupNamesLevel level,
1105  [in,out] uint32 *count,
1106  [in] uint32 unknown1,
1107  [in] uint32 unknown2
1108  );
1109 
1110  /* Function 0x4e */
1111  [todo] NTSTATUS lsa_LSAROPENPOLICYSCE();
1112 
1113  /* Function 0x4f */
1114  [todo] NTSTATUS lsa_LSARADTREGISTERSECURITYEVENTSOURCE();
1115 
1116  /* Function 0x50 */
1117  [todo] NTSTATUS lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE();
1118 
1119  /* Function 0x51 */
1120  [todo] NTSTATUS lsa_LSARADTREPORTSECURITYEVENT();
1121 
1122 }
Definition: file-pcapng.c:177
Definition: conversation.c:27