#ifndef _NTDSAPIP_H_
#define _NTDSAPIP_H_

// Private definitions related to sdk\inc\ntdsapi.h.

// The following are DS_NAME_FORMATs which we don't want to publish
// in ntdsapi.h.  Although DS_NAME_FORMAT is an enumerated type, we 
// pass vanilla DWORDs on the wire such that RPC doesn't complain about
// enumerated type values out of range or unknown.  These should be
// defined at the high end of the range so we can extend DS_NAME_FORMAT
// in future versions w/o holes which will leave people wondering and
// experimenting what those "unused" values are used for.

#define DS_LIST_SITES                           0xffffffff
#define DS_LIST_SERVERS_IN_SITE                 0xfffffffe
#define DS_LIST_DOMAINS_IN_SITE                 0xfffffffd
#define DS_LIST_SERVERS_FOR_DOMAIN_IN_SITE      0xfffffffc
#define DS_LIST_INFO_FOR_SERVER                 0xfffffffb
#define DS_LIST_ROLES                           0xfffffffa
#define DS_NT4_ACCOUNT_NAME_SANS_DOMAIN         0xfffffff9
#define DS_MAP_SCHEMA_GUID                      0xfffffff8
#define DS_LIST_DOMAINS                         0xfffffff7
#define DS_LIST_NCS                             0xfffffff6
#define DS_ALT_SECURITY_IDENTITIES_NAME         0xfffffff5
#define DS_STRING_SID_NAME                      0xfffffff4
#define DS_LIST_SERVERS_WITH_DCS_IN_SITE        0xfffffff3
#define DS_USER_PRINCIPAL_NAME_FOR_LOGON        0xfffffff2
#define DS_LIST_GLOBAL_CATALOG_SERVERS          0xfffffff1
#define DS_NT4_ACCOUNT_NAME_SANS_DOMAIN_EX      0xfffffff0

// following should always be equal to lowest private #define
#define DS_NAME_FORMAT_PRIVATE_BEGIN            0xfffffff0

// The following are DS_NAME_ERRORs which we don't want to publish
// in ntdsapi.h.  Same reasoning as above.

#define DS_NAME_ERROR_IS_FPO                    0xffffffff
#define DS_NAME_ERROR_SCHEMA_GUID_NOT_FOUND     0xfffffffe
#define DS_NAME_ERROR_SCHEMA_GUID_ATTR          0xfffffffd
#define DS_NAME_ERROR_SCHEMA_GUID_ATTR_SET      0xfffffffc
#define DS_NAME_ERROR_SCHEMA_GUID_CLASS         0xfffffffb
#define DS_NAME_ERROR_SCHEMA_GUID_CONTROL_RIGHT 0xfffffffa
#define DS_NAME_ERROR_IS_SID_USER               0xfffffff9
#define DS_NAME_ERROR_IS_SID_GROUP              0xfffffff8
#define DS_NAME_ERROR_IS_SID_ALIAS              0xfffffff7
#define DS_NAME_ERROR_IS_SID_UNKNOWN            0xfffffff6
#define DS_NAME_ERROR_IS_SID_HISTORY_USER       0xfffffff5
#define DS_NAME_ERROR_IS_SID_HISTORY_GROUP      0xfffffff4
#define DS_NAME_ERROR_IS_SID_HISTORY_ALIAS      0xfffffff3
#define DS_NAME_ERROR_IS_SID_HISTORY_UNKNOWN    0xfffffff2

// following should always be equal to lowest private #define
#define DS_NAME_ERROR_PRIVATE_BEGIN             0xfffffff2

// The following are DS_NAME_FLAGs which we don't want to publish
// in ntdsapi.h.  Same reasoning as above.  Remember that the flags
// field is a bit map, not an enumeration.

#define DS_NAME_FLAG_PRIVATE_PURE_SYNTACTIC     0x40000000
#define DS_NAME_FLAG_PRIVATE_RESOLVE_FPOS       0x80000000
// following should always be equal to lowest private #define
#define DS_NAME_FLAG_PRIVATE_BEGIN              0x80000000

// The following are DS_ADDSID_FLAGs which we don't want to publish
// in ntdsapi.h.  Same reasoning as above.  Remember that the flags
// field is a bit map, not an enumeration.

#define DS_ADDSID_FLAG_PRIVATE_DEL_SRC_OBJ      0x80000000
#define DS_ADDSID_FLAG_PRIVATE_CHK_SECURE       0x40000000
// following should always be equal to lowest private #define
#define DS_ADDSID_FLAG_PRIVATE_BEGIN            0x40000000

// The following are dc info infolevels that we don't want to publish.
// While the published APIs are used to get information from the set of
// DCs published in a domain, some of these private infolevels are used
// to get information from a single domain controller. These private
// infolevels are intended mostly for debugging and monitoring.

#define DS_DCINFO_LEVEL_FFFFFFFF                0xffffffff

// following should always be equal to lowest private #define
#define DS_DCINFO_LEVEL_PRIVATE_BEGIN           0xffffffff

// For DS_DOMAIN_CONTROLLER_INFO_FFFFFFFF. This retrieves the ldap 
// connection list from a single domain controller.

typedef struct _DS_DOMAIN_CONTROLLER_INFO_FFFFFFFFW {

    DWORD   IPAddress;          // IP Address of client
    DWORD   NotificationCount;  // number of outstanding notifications
    DWORD   secTimeConnected;   // total time in seconds connected
    DWORD   Flags;              // Connection properties. defined below.
    DWORD   TotalRequests;      // Total number of requests made
    DWORD   Reserved1;          // Unused
#ifdef MIDL_PASS
    [string,unique] WCHAR   *UserName;
#else
    LPWSTR  UserName;           // the security principal used to bind
#endif

} DS_DOMAIN_CONTROLLER_INFO_FFFFFFFFW, *PDS_DOMAIN_CONTROLLER_INFO_FFFFFFFFW;

typedef struct _DS_DOMAIN_CONTROLLER_INFO_FFFFFFFFA {

    DWORD   IPAddress;          // IP Address of client
    DWORD   NotificationCount;  // number of outstanding notifications
    DWORD   secTimeConnected;   // total time in seconds connected
    DWORD   Flags;              // Connection properties. defined below.
    DWORD   TotalRequests;      // Total number of requests made
    DWORD   Reserved1;          // Unused
#ifdef MIDL_PASS
    [string,unique] CHAR    *UserName;
#else
    LPSTR   UserName;           // the security principal used to bind
#endif

} DS_DOMAIN_CONTROLLER_INFO_FFFFFFFFA, *PDS_DOMAIN_CONTROLLER_INFO_FFFFFFFFA;

//
// connection flags
//

#define LDAP_CONN_FLAG_BOUND    0x00000001      // bound connection
#define LDAP_CONN_FLAG_SSL      0x00000002      // connect using SSL
#define LDAP_CONN_FLAG_UDP      0x00000004      // UDP connection
#define LDAP_CONN_FLAG_GC       0x00000008      // came through the GC port
#define LDAP_CONN_FLAG_GSSAPI   0x00000010      // used gssapi
#define LDAP_CONN_FLAG_SPNEGO   0x00000020      // used spnego
#define LDAP_CONN_FLAG_SIMPLE   0x00000040      // used simple
#define LDAP_CONN_FLAG_DIGEST   0x00000080      // used Digest-MD5
#define LDAP_CONN_FLAG_SIGN     0x00000100      // signing on
#define LDAP_CONN_FLAG_SEAL     0x00000200      // sealing on

#ifdef UNICODE
#define DS_DOMAIN_CONTROLLER_INFO_FFFFFFFF  DS_DOMAIN_CONTROLLER_INFO_FFFFFFFFW
#define PDS_DOMAIN_CONTROLLER_INFO_FFFFFFFF  PDS_DOMAIN_CONTROLLER_INFO_FFFFFFFFW
#else
#define DS_DOMAIN_CONTROLLER_INFO_FFFFFFFF  DS_DOMAIN_CONTROLLER_INFO_FFFFFFFFA
#define PDS_DOMAIN_CONTROLLER_INFO_FFFFFFFF  PDS_DOMAIN_CONTROLLER_INFO_FFFFFFFFA
#endif

// ==========================================================
// DsCrackSpn2() -- parse a counted-length SPN into the ServiceClass,
// ServiceName, and InstanceName (and InstancePort) pieces.
// An SPN is passed in, along with a pointer to the maximum length
// for each piece and a pointer to a buffer where each piece should go.
// On exit, the maximum lengths are updated to the actual length for each piece
// and the buffer contain the appropriate piece. The InstancePort is 0 if not
// present.
//
// DWORD DsCrackSpn(
//      IN LPTSTR pszSPN,               // the SPN to parse
//      IN DWORD cSpn,                // length of pszSPN
//      IN OUT PUSHORT pcServiceClass,  // input -- max length of ServiceClass;
//                                         output -- actual length
//      OUT LPCTSTR ServiceClass,       // the ServiceClass part of the SPN
//      IN OUT PUSHORT pcServiceName,   // input -- max length of ServiceName;
//                                         output -- actual length
//      OUT LPCTSTR ServiceName,        // the ServiceName part of the SPN
//      IN OUT PUSHORT pcInstance,      // input -- max length of ServiceClass;
//                                         output -- actual length
//      OUT LPCTSTR InstanceName,  // the InstanceName part of the SPN
//      OUT PUSHORT InstancePort          // instance port
//
// Note: lengths are in characters; all string lengths include terminators
// All arguments except pszSpn are optional.
//

NTDSAPI
DWORD
WINAPI
DsCrackSpn2A(
    IN LPCSTR pszSpn,
    IN DWORD cSpn,
    IN OUT LPDWORD pcServiceClass,
    OUT LPSTR ServiceClass,
    IN OUT LPDWORD pcServiceName,
    OUT LPSTR ServiceName,
    IN OUT LPDWORD pcInstanceName,
    OUT LPSTR InstanceName,
    OUT USHORT *pInstancePort
    );

NTDSAPI
DWORD
WINAPI
DsCrackSpn2W(
    IN LPCWSTR pszSpn,
    IN DWORD cSpn,
    IN OUT DWORD *pcServiceClass,
    OUT LPWSTR ServiceClass,
    IN OUT DWORD *pcServiceName,
    OUT LPWSTR ServiceName,
    IN OUT DWORD *pcInstanceName,
    OUT LPWSTR InstanceName,
    OUT USHORT *pInstancePort
    );

NTDSAPI
DWORD
WINAPI
DsCrackSpn3W(
    IN LPCWSTR pszSpn,
    IN DWORD cSpn,
    IN OUT DWORD *pcHostName,
    OUT LPWSTR HostName,
    IN OUT DWORD *pcInstanceName,
    OUT LPWSTR InstanceName,
    OUT USHORT *pPortNumber,
    IN OUT DWORD *pcDomainName,
    OUT LPWSTR DomainName,
    IN OUT DWORD *pcRealmName,
    OUT LPWSTR RealmName
    );

#ifdef UNICODE
#define DsCrackSpn2 DsCrackSpn2W
#else
#define DsCrackSpn2 DsCrackSpn2A
#endif

#ifndef MIDL_PASS

DWORD
DsaopExecuteScript (
    IN  PVOID                  phAsync,
    IN  RPC_BINDING_HANDLE     hRpc,
    IN  DWORD                  cbPassword,
    IN  BYTE                  *pbPassword,
    OUT DWORD                 *dwOutVersion,
    OUT PVOID                  reply
    );

DWORD
DsaopPrepareScript ( 
    IN  PVOID                        phAsync,
    IN  RPC_BINDING_HANDLE           hRpc,
    OUT DWORD                        *dwOutVersion,
    OUT PVOID                        reply
    );
    
DWORD
DsaopBind(
    IN  LPCWSTR DomainControllerName,
    IN  LPCWSTR DnsDomainName,
    IN  ULONG AuthnSvc,
    IN  ULONG AuthnLevel,
    OUT RPC_BINDING_HANDLE  *phRpc
    );

DWORD
DsaopBindWithCred(
    IN  LPCWSTR DomainControllerName,
    IN  LPCWSTR DnsDomainName,
    IN  RPC_AUTH_IDENTITY_HANDLE AuthIdentity,
    IN  ULONG AuthnSvc,
    IN  ULONG AuthnLevel,
    OUT RPC_BINDING_HANDLE  *phRpc
    );

DWORD
DsaopBindWithSpn(
    IN  LPCWSTR DomainControllerName,
    IN  LPCWSTR DnsDomainName,
    IN  RPC_AUTH_IDENTITY_HANDLE AuthIdentity,
    IN  ULONG AuthnSvc,
    IN  ULONG AuthnLevel,
    IN  LPCWSTR ServicePrincipalName,
    OUT RPC_BINDING_HANDLE  *phRpc
    );

DWORD
DsaopUnBind(
    RPC_BINDING_HANDLE  *phRpc
    );
    
#endif 

#endif // _NTDSAPIP_H_