1/* 2 Unix SMB/CIFS implementation. 3 SMB parameters and setup 4 Copyright (C) Andrew Tridgell 1992-1997 5 Copyright (C) Luke Kenneth Casson Leighton 1996-1997 6 Copyright (C) Paul Ashton 1997 7 Copyright (C) Gerald (Jerry) Carter 2005 8 9 This program is free software; you can redistribute it and/or modify 10 it under the terms of the GNU General Public License as published by 11 the Free Software Foundation; either version 2 of the License, or 12 (at your option) any later version. 13 14 This program is distributed in the hope that it will be useful, 15 but WITHOUT ANY WARRANTY; without even the implied warranty of 16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 GNU General Public License for more details. 18 19 You should have received a copy of the GNU General Public License 20 along with this program; if not, write to the Free Software 21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 22*/ 23 24#ifndef _RPC_LSA_H /* _RPC_LSA_H */ 25#define _RPC_LSA_H 26 27/* Opcodes available on PIPE_LSARPC */ 28 29#define LSA_CLOSE 0x00 30#define LSA_DELETE 0x01 31#define LSA_ENUM_PRIVS 0x02 32#define LSA_QUERYSECOBJ 0x03 33#define LSA_SETSECOBJ 0x04 34#define LSA_CHANGEPASSWORD 0x05 35#define LSA_OPENPOLICY 0x06 36#define LSA_QUERYINFOPOLICY 0x07 37#define LSA_SETINFOPOLICY 0x08 38#define LSA_CLEARAUDITLOG 0x09 39#define LSA_CREATEACCOUNT 0x0a 40#define LSA_ENUM_ACCOUNTS 0x0b 41#define LSA_CREATETRUSTDOM 0x0c /* TODO: implement this one -- jerry */ 42#define LSA_ENUMTRUSTDOM 0x0d 43#define LSA_LOOKUPNAMES 0x0e 44#define LSA_LOOKUPSIDS 0x0f 45#define LSA_CREATESECRET 0x10 /* TODO: implement this one -- jerry */ 46#define LSA_OPENACCOUNT 0x11 47#define LSA_ENUMPRIVSACCOUNT 0x12 48#define LSA_ADDPRIVS 0x13 49#define LSA_REMOVEPRIVS 0x14 50#define LSA_GETQUOTAS 0x15 51#define LSA_SETQUOTAS 0x16 52#define LSA_GETSYSTEMACCOUNT 0x17 53#define LSA_SETSYSTEMACCOUNT 0x18 54#define LSA_OPENTRUSTDOM 0x19 55#define LSA_QUERYTRUSTDOMINFO 0x1a 56#define LSA_SETINFOTRUSTDOM 0x1b 57#define LSA_OPENSECRET 0x1c /* TODO: implement this one -- jerry */ 58#define LSA_SETSECRET 0x1d /* TODO: implement this one -- jerry */ 59#define LSA_QUERYSECRET 0x1e 60#define LSA_LOOKUPPRIVVALUE 0x1f 61#define LSA_LOOKUPPRIVNAME 0x20 62#define LSA_PRIV_GET_DISPNAME 0x21 63#define LSA_DELETEOBJECT 0x22 /* TODO: implement this one -- jerry */ 64#define LSA_ENUMACCTWITHRIGHT 0x23 /* TODO: implement this one -- jerry */ 65#define LSA_ENUMACCTRIGHTS 0x24 66#define LSA_ADDACCTRIGHTS 0x25 67#define LSA_REMOVEACCTRIGHTS 0x26 68#define LSA_QUERYTRUSTDOMINFOBYSID 0x27 69#define LSA_SETTRUSTDOMINFO 0x28 70#define LSA_DELETETRUSTDOM 0x29 71#define LSA_STOREPRIVDATA 0x2a 72#define LSA_RETRPRIVDATA 0x2b 73#define LSA_OPENPOLICY2 0x2c 74#define LSA_UNK_GET_CONNUSER 0x2d /* LsaGetConnectedCredentials ? */ 75#define LSA_QUERYINFO2 0x2e 76#define LSA_QUERYTRUSTDOMINFOBYNAME 0x30 77#define LSA_QUERYDOMINFOPOL 0x35 78#define LSA_OPENTRUSTDOMBYNAME 0x37 79 80#define LSA_LOOKUPSIDS2 0x39 81#define LSA_LOOKUPNAMES2 0x3a 82#define LSA_LOOKUPNAMES3 0x44 83#define LSA_LOOKUPSIDS3 0x4c 84#define LSA_LOOKUPNAMES4 0x4d 85 86/* XXXX these are here to get a compile! */ 87#define LSA_LOOKUPRIDS 0xFD 88 89#define LSA_AUDIT_NUM_CATEGORIES_NT4 7 90#define LSA_AUDIT_NUM_CATEGORIES_WIN2K 9 91 92#define LSA_AUDIT_NUM_CATEGORIES LSA_AUDIT_NUM_CATEGORIES_NT4 93 94#define LSA_AUDIT_POLICY_NONE 0x00 95#define LSA_AUDIT_POLICY_SUCCESS 0x01 96#define LSA_AUDIT_POLICY_FAILURE 0x02 97#define LSA_AUDIT_POLICY_ALL (LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE) 98#define LSA_AUDIT_POLICY_CLEAR 0x04 99 100enum lsa_audit_categories { 101 LSA_AUDIT_CATEGORY_SYSTEM = 0, 102 LSA_AUDIT_CATEGORY_LOGON = 1, 103 LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS, 104 LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS, 105 LSA_AUDIT_CATEGORY_PROCCESS_TRACKING, 106 LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES, 107 LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT, 108 LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS, /* only in win2k/2k3 */ 109 LSA_AUDIT_CATEGORY_ACCOUNT_LOGON /* only in win2k/2k3 */ 110}; 111 112/* level 1 is auditing settings */ 113typedef struct dom_query_1 114{ 115 uint32 percent_full; 116 uint32 log_size; 117 NTTIME retention_time; 118 uint8 shutdown_in_progress; 119 NTTIME time_to_shutdown; 120 uint32 next_audit_record; 121 uint32 unknown; 122} DOM_QUERY_1; 123 124 125/* level 2 is auditing settings */ 126typedef struct dom_query_2 127{ 128 uint32 auditing_enabled; 129 uint32 count1; /* usualy 7, at least on nt4sp4 */ 130 uint32 count2; /* the same */ 131 uint32 ptr; 132 uint32 *auditsettings; 133} DOM_QUERY_2; 134 135/* DOM_QUERY - info class 3 and 5 LSA Query response */ 136typedef struct dom_query_info_3 137{ 138 uint16 uni_dom_max_len; /* domain name string length * 2 */ 139 uint16 uni_dom_str_len; /* domain name string length * 2 */ 140 uint32 buffer_dom_name; /* undocumented domain name string buffer pointer */ 141 uint32 buffer_dom_sid; /* undocumented domain SID string buffer pointer */ 142 UNISTR2 uni_domain_name; /* domain name (unicode string) */ 143 DOM_SID2 dom_sid; /* domain SID */ 144 145} DOM_QUERY_3; 146 147/* level 5 is same as level 3. */ 148typedef DOM_QUERY_3 DOM_QUERY_5; 149 150/* level 6 is server role information */ 151typedef struct dom_query_6 152{ 153 uint16 server_role; /* 2=backup, 3=primary */ 154} DOM_QUERY_6; 155 156/* level 10 is audit full set info */ 157typedef struct dom_query_10 158{ 159 uint8 shutdown_on_full; 160} DOM_QUERY_10; 161 162/* level 11 is audit full query info */ 163typedef struct dom_query_11 164{ 165 uint16 unknown; 166 uint8 shutdown_on_full; 167 uint8 log_is_full; 168} DOM_QUERY_11; 169 170/* level 12 is DNS domain info */ 171typedef struct lsa_dns_dom_info 172{ 173 UNIHDR hdr_nb_dom_name; /* netbios domain name */ 174 UNIHDR hdr_dns_dom_name; 175 UNIHDR hdr_forest_name; 176 177 struct GUID dom_guid; /* domain GUID */ 178 179 UNISTR2 uni_nb_dom_name; 180 UNISTR2 uni_dns_dom_name; 181 UNISTR2 uni_forest_name; 182 183 uint32 ptr_dom_sid; 184 DOM_SID2 dom_sid; /* domain SID */ 185} DOM_QUERY_12; 186 187typedef struct seq_qos_info 188{ 189 uint32 len; /* 12 */ 190 uint16 sec_imp_level; /* 0x02 - impersonation level */ 191 uint8 sec_ctxt_mode; /* 0x01 - context tracking mode */ 192 uint8 effective_only; /* 0x00 - effective only */ 193 194} LSA_SEC_QOS; 195 196typedef struct obj_attr_info 197{ 198 uint32 len; /* 0x18 - length (in bytes) inc. the length field. */ 199 uint32 ptr_root_dir; /* 0 - root directory (pointer) */ 200 uint32 ptr_obj_name; /* 0 - object name (pointer) */ 201 uint32 attributes; /* 0 - attributes (undocumented) */ 202 uint32 ptr_sec_desc; /* 0 - security descriptior (pointer) */ 203 uint32 ptr_sec_qos; /* security quality of service */ 204 LSA_SEC_QOS *sec_qos; 205 206} LSA_OBJ_ATTR; 207 208/* LSA_Q_OPEN_POL - LSA Query Open Policy */ 209typedef struct lsa_q_open_pol_info 210{ 211 uint32 ptr; /* undocumented buffer pointer */ 212 uint16 system_name; /* 0x5c - system name */ 213 LSA_OBJ_ATTR attr ; /* object attributes */ 214 215 uint32 des_access; /* desired access attributes */ 216 217} LSA_Q_OPEN_POL; 218 219/* LSA_R_OPEN_POL - response to LSA Open Policy */ 220typedef struct lsa_r_open_pol_info 221{ 222 POLICY_HND pol; /* policy handle */ 223 NTSTATUS status; /* return code */ 224 225} LSA_R_OPEN_POL; 226 227/* LSA_Q_OPEN_POL2 - LSA Query Open Policy */ 228typedef struct lsa_q_open_pol2_info 229{ 230 uint32 ptr; /* undocumented buffer pointer */ 231 UNISTR2 uni_server_name; /* server name, starting with two '\'s */ 232 LSA_OBJ_ATTR attr ; /* object attributes */ 233 234 uint32 des_access; /* desired access attributes */ 235 236} LSA_Q_OPEN_POL2; 237 238/* LSA_R_OPEN_POL2 - response to LSA Open Policy */ 239typedef struct lsa_r_open_pol2_info 240{ 241 POLICY_HND pol; /* policy handle */ 242 NTSTATUS status; /* return code */ 243 244} LSA_R_OPEN_POL2; 245 246 247#define POLICY_VIEW_LOCAL_INFORMATION 0x00000001 248#define POLICY_VIEW_AUDIT_INFORMATION 0x00000002 249#define POLICY_GET_PRIVATE_INFORMATION 0x00000004 250#define POLICY_TRUST_ADMIN 0x00000008 251#define POLICY_CREATE_ACCOUNT 0x00000010 252#define POLICY_CREATE_SECRET 0x00000020 253#define POLICY_CREATE_PRIVILEGE 0x00000040 254#define POLICY_SET_DEFAULT_QUOTA_LIMITS 0x00000080 255#define POLICY_SET_AUDIT_REQUIREMENTS 0x00000100 256#define POLICY_AUDIT_LOG_ADMIN 0x00000200 257#define POLICY_SERVER_ADMIN 0x00000400 258#define POLICY_LOOKUP_NAMES 0x00000800 259 260#define POLICY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS |\ 261 POLICY_VIEW_LOCAL_INFORMATION |\ 262 POLICY_VIEW_AUDIT_INFORMATION |\ 263 POLICY_GET_PRIVATE_INFORMATION |\ 264 POLICY_TRUST_ADMIN |\ 265 POLICY_CREATE_ACCOUNT |\ 266 POLICY_CREATE_SECRET |\ 267 POLICY_CREATE_PRIVILEGE |\ 268 POLICY_SET_DEFAULT_QUOTA_LIMITS |\ 269 POLICY_SET_AUDIT_REQUIREMENTS |\ 270 POLICY_AUDIT_LOG_ADMIN |\ 271 POLICY_SERVER_ADMIN |\ 272 POLICY_LOOKUP_NAMES ) 273 274 275#define POLICY_READ ( STANDARD_RIGHTS_READ_ACCESS |\ 276 POLICY_VIEW_AUDIT_INFORMATION |\ 277 POLICY_GET_PRIVATE_INFORMATION) 278 279#define POLICY_WRITE ( STD_RIGHT_READ_CONTROL_ACCESS |\ 280 POLICY_TRUST_ADMIN |\ 281 POLICY_CREATE_ACCOUNT |\ 282 POLICY_CREATE_SECRET |\ 283 POLICY_CREATE_PRIVILEGE |\ 284 POLICY_SET_DEFAULT_QUOTA_LIMITS |\ 285 POLICY_SET_AUDIT_REQUIREMENTS |\ 286 POLICY_AUDIT_LOG_ADMIN |\ 287 POLICY_SERVER_ADMIN) 288 289#define POLICY_EXECUTE ( STANDARD_RIGHTS_EXECUTE_ACCESS |\ 290 POLICY_VIEW_LOCAL_INFORMATION |\ 291 POLICY_LOOKUP_NAMES ) 292 293/* LSA_Q_QUERY_SEC_OBJ - LSA query security */ 294typedef struct lsa_query_sec_obj_info 295{ 296 POLICY_HND pol; /* policy handle */ 297 uint32 sec_info; 298 299} LSA_Q_QUERY_SEC_OBJ; 300 301/* LSA_R_QUERY_SEC_OBJ - probably an open */ 302typedef struct r_lsa_query_sec_obj_info 303{ 304 uint32 ptr; 305 SEC_DESC_BUF *buf; 306 307 NTSTATUS status; /* return status */ 308 309} LSA_R_QUERY_SEC_OBJ; 310 311/* LSA_Q_QUERY_INFO - LSA query info policy */ 312typedef struct lsa_query_info 313{ 314 POLICY_HND pol; /* policy handle */ 315 uint16 info_class; /* info class */ 316 317} LSA_Q_QUERY_INFO; 318 319/* LSA_INFO_CTR */ 320typedef struct lsa_info_ctr 321{ 322 uint16 info_class; 323 union { 324 DOM_QUERY_1 id1; 325 DOM_QUERY_2 id2; 326 DOM_QUERY_3 id3; 327 DOM_QUERY_5 id5; 328 DOM_QUERY_6 id6; 329 DOM_QUERY_10 id10; 330 DOM_QUERY_11 id11; 331 DOM_QUERY_12 id12; 332 } info; 333 334} LSA_INFO_CTR; 335 336typedef LSA_INFO_CTR LSA_INFO_CTR2; 337 338/* LSA_Q_SET_INFO - LSA set info policy */ 339typedef struct lsa_set_info 340{ 341 POLICY_HND pol; /* policy handle */ 342 uint16 info_class; /* info class */ 343 LSA_INFO_CTR ctr; 344 345} LSA_Q_SET_INFO; 346 347/* LSA_R_SET_INFO - response to LSA set info policy */ 348typedef struct lsa_r_set_info 349{ 350 NTSTATUS status; /* return code */ 351 352} LSA_R_SET_INFO; 353 354/* LSA_R_QUERY_INFO - response to LSA query info policy */ 355typedef struct lsa_r_query_info 356{ 357 uint32 dom_ptr; /* undocumented buffer pointer */ 358 LSA_INFO_CTR ctr; 359 NTSTATUS status; /* return code */ 360 361} LSA_R_QUERY_INFO; 362 363typedef LSA_Q_QUERY_INFO LSA_Q_QUERY_INFO2; 364typedef LSA_R_QUERY_INFO LSA_R_QUERY_INFO2; 365 366/*******************************************************/ 367 368typedef struct { 369 POLICY_HND pol; 370 uint32 enum_context; 371 uint32 preferred_len; /* preferred maximum length */ 372} LSA_Q_ENUM_TRUST_DOM; 373 374typedef struct { 375 UNISTR4 name; 376 DOM_SID2 *sid; 377} DOMAIN_INFO; 378 379typedef struct { 380 uint32 count; 381 DOMAIN_INFO *domains; 382} DOMAIN_LIST; 383 384typedef struct { 385 uint32 enum_context; 386 uint32 count; 387 DOMAIN_LIST *domlist; 388 NTSTATUS status; 389} LSA_R_ENUM_TRUST_DOM; 390 391/*******************************************************/ 392 393/* LSA_Q_CLOSE */ 394typedef struct lsa_q_close_info 395{ 396 POLICY_HND pol; /* policy handle */ 397 398} LSA_Q_CLOSE; 399 400/* LSA_R_CLOSE */ 401typedef struct lsa_r_close_info 402{ 403 POLICY_HND pol; /* policy handle. should be all zeros. */ 404 405 NTSTATUS status; /* return code */ 406 407} LSA_R_CLOSE; 408 409 410#define MAX_REF_DOMAINS 32 411 412/* DOM_TRUST_HDR */ 413typedef struct dom_trust_hdr 414{ 415 UNIHDR hdr_dom_name; /* referenced domain unicode string headers */ 416 uint32 ptr_dom_sid; 417 418} DOM_TRUST_HDR; 419 420/* DOM_TRUST_INFO */ 421typedef struct dom_trust_info 422{ 423 UNISTR2 uni_dom_name; /* domain name unicode string */ 424 DOM_SID2 ref_dom ; /* referenced domain SID */ 425 426} DOM_TRUST_INFO; 427 428/* DOM_R_REF */ 429typedef struct dom_ref_info 430{ 431 uint32 num_ref_doms_1; /* num referenced domains */ 432 uint32 ptr_ref_dom; /* pointer to referenced domains */ 433 uint32 max_entries; /* 32 - max number of entries */ 434 uint32 num_ref_doms_2; /* num referenced domains */ 435 436 DOM_TRUST_HDR hdr_ref_dom[MAX_REF_DOMAINS]; /* referenced domains */ 437 DOM_TRUST_INFO ref_dom [MAX_REF_DOMAINS]; /* referenced domains */ 438 439} DOM_R_REF; 440 441/* the domain_idx points to a SID associated with the name */ 442 443/* LSA_TRANS_NAME - translated name */ 444typedef struct lsa_trans_name_info 445{ 446 uint16 sid_name_use; /* value is 5 for a well-known group; 2 for a domain group; 1 for a user... */ 447 UNIHDR hdr_name; 448 uint32 domain_idx; /* index into DOM_R_REF array of SIDs */ 449 450} LSA_TRANS_NAME; 451 452/* LSA_TRANS_NAME2 - translated name */ 453typedef struct lsa_trans_name_info2 454{ 455 uint16 sid_name_use; /* value is 5 for a well-known group; 2 for a domain group; 1 for a user... */ 456 UNIHDR hdr_name; 457 uint32 domain_idx; /* index into DOM_R_REF array of SIDs */ 458 uint32 unknown; 459 460} LSA_TRANS_NAME2; 461 462/* This number is based on Win2k and later maximum response allowed */ 463#define MAX_LOOKUP_SIDS 20480 /* 0x5000 */ 464 465/* LSA_TRANS_NAME_ENUM - LSA Translated Name Enumeration container */ 466typedef struct lsa_trans_name_enum_info 467{ 468 uint32 num_entries; 469 uint32 ptr_trans_names; 470 uint32 num_entries2; 471 472 LSA_TRANS_NAME *name; /* translated names */ 473 UNISTR2 *uni_name; 474 475} LSA_TRANS_NAME_ENUM; 476 477/* LSA_TRANS_NAME_ENUM2 - LSA Translated Name Enumeration container 2 */ 478typedef struct lsa_trans_name_enum_info2 479{ 480 uint32 num_entries; 481 uint32 ptr_trans_names; 482 uint32 num_entries2; 483 484 LSA_TRANS_NAME2 *name; /* translated names */ 485 UNISTR2 *uni_name; 486 487} LSA_TRANS_NAME_ENUM2; 488 489/* LSA_SID_ENUM - LSA SID enumeration container */ 490typedef struct lsa_sid_enum_info 491{ 492 uint32 num_entries; 493 uint32 ptr_sid_enum; 494 uint32 num_entries2; 495 496 uint32 *ptr_sid; /* domain SID pointers to be looked up. */ 497 DOM_SID2 *sid; /* domain SIDs to be looked up. */ 498 499} LSA_SID_ENUM; 500 501/* LSA_Q_LOOKUP_SIDS - LSA Lookup SIDs */ 502typedef struct lsa_q_lookup_sids 503{ 504 POLICY_HND pol; /* policy handle */ 505 LSA_SID_ENUM sids; 506 LSA_TRANS_NAME_ENUM names; 507 uint16 level; 508 uint32 mapped_count; 509 510} LSA_Q_LOOKUP_SIDS; 511 512/* LSA_R_LOOKUP_SIDS - response to LSA Lookup SIDs */ 513typedef struct lsa_r_lookup_sids 514{ 515 uint32 ptr_dom_ref; 516 DOM_R_REF *dom_ref; /* domain reference info */ 517 518 LSA_TRANS_NAME_ENUM names; 519 uint32 mapped_count; 520 521 NTSTATUS status; /* return code */ 522 523} LSA_R_LOOKUP_SIDS; 524 525/* LSA_Q_LOOKUP_SIDS2 - LSA Lookup SIDs 2*/ 526typedef struct lsa_q_lookup_sids2 527{ 528 POLICY_HND pol; /* policy handle */ 529 LSA_SID_ENUM sids; 530 LSA_TRANS_NAME_ENUM2 names; 531 uint16 level; 532 uint32 mapped_count; 533 uint32 unknown1; 534 uint32 unknown2; 535 536} LSA_Q_LOOKUP_SIDS2; 537 538/* LSA_R_LOOKUP_SIDS2 - response to LSA Lookup SIDs 2*/ 539typedef struct lsa_r_lookup_sids2 540{ 541 uint32 ptr_dom_ref; 542 DOM_R_REF *dom_ref; /* domain reference info */ 543 544 LSA_TRANS_NAME_ENUM2 names; 545 uint32 mapped_count; 546 547 NTSTATUS status; /* return code */ 548 549} LSA_R_LOOKUP_SIDS2; 550 551/* LSA_Q_LOOKUP_SIDS3 - LSA Lookup SIDs 3 */ 552typedef struct lsa_q_lookup_sids3 553{ 554 LSA_SID_ENUM sids; 555 LSA_TRANS_NAME_ENUM2 names; 556 uint16 level; 557 uint32 mapped_count; 558 uint32 unknown1; 559 uint32 unknown2; 560 561} LSA_Q_LOOKUP_SIDS3; 562 563/* LSA_R_LOOKUP_SIDS3 - response to LSA Lookup SIDs 3 */ 564typedef struct lsa_r_lookup_sids3 565{ 566 uint32 ptr_dom_ref; 567 DOM_R_REF *dom_ref; /* domain reference info */ 568 569 LSA_TRANS_NAME_ENUM2 names; 570 uint32 mapped_count; 571 572 NTSTATUS status; /* return code */ 573 574} LSA_R_LOOKUP_SIDS3; 575 576/* LSA_Q_LOOKUP_NAMES - LSA Lookup NAMEs */ 577typedef struct lsa_q_lookup_names 578{ 579 POLICY_HND pol; /* policy handle */ 580 uint32 num_entries; 581 uint32 num_entries2; 582 UNIHDR *hdr_name; /* name buffer pointers */ 583 UNISTR2 *uni_name; /* names to be looked up */ 584 585 uint32 num_trans_entries; 586 uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */ 587 uint16 lookup_level; 588 uint32 mapped_count; 589 590} LSA_Q_LOOKUP_NAMES; 591 592/* LSA_R_LOOKUP_NAMES - response to LSA Lookup NAMEs by name */ 593typedef struct lsa_r_lookup_names 594{ 595 uint32 ptr_dom_ref; 596 DOM_R_REF *dom_ref; /* domain reference info */ 597 598 uint32 num_entries; 599 uint32 ptr_entries; 600 uint32 num_entries2; 601 DOM_RID *dom_rid; /* domain RIDs being looked up */ 602 603 uint32 mapped_count; 604 605 NTSTATUS status; /* return code */ 606} LSA_R_LOOKUP_NAMES; 607 608/* LSA_Q_LOOKUP_NAMES2 - LSA Lookup NAMEs 2*/ 609typedef struct lsa_q_lookup_names2 610{ 611 POLICY_HND pol; /* policy handle */ 612 uint32 num_entries; 613 uint32 num_entries2; 614 UNIHDR *hdr_name; /* name buffer pointers */ 615 UNISTR2 *uni_name; /* names to be looked up */ 616 617 uint32 num_trans_entries; 618 uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */ 619 uint16 lookup_level; 620 uint32 mapped_count; 621 uint32 unknown1; 622 uint32 unknown2; 623 624} LSA_Q_LOOKUP_NAMES2; 625 626/* LSA_R_LOOKUP_NAMES2 - response to LSA Lookup NAMEs by name 2 */ 627typedef struct lsa_r_lookup_names2 628{ 629 uint32 ptr_dom_ref; 630 DOM_R_REF *dom_ref; /* domain reference info */ 631 632 uint32 num_entries; 633 uint32 ptr_entries; 634 uint32 num_entries2; 635 DOM_RID2 *dom_rid; /* domain RIDs being looked up */ 636 637 uint32 mapped_count; 638 639 NTSTATUS status; /* return code */ 640} LSA_R_LOOKUP_NAMES2; 641 642/* LSA_Q_LOOKUP_NAMES3 - LSA Lookup NAMEs 3 */ 643typedef struct lsa_q_lookup_names3 644{ 645 POLICY_HND pol; /* policy handle */ 646 uint32 num_entries; 647 uint32 num_entries2; 648 UNIHDR *hdr_name; /* name buffer pointers */ 649 UNISTR2 *uni_name; /* names to be looked up */ 650 651 uint32 num_trans_entries; 652 uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */ 653 uint16 lookup_level; 654 uint32 mapped_count; 655 uint32 unknown1; 656 uint32 unknown2; 657 658} LSA_Q_LOOKUP_NAMES3; 659 660/* Sid type used in lookupnames3 and lookupnames4. */ 661typedef struct lsa_translatedsid3 { 662 uint8 sid_type; 663 DOM_SID2 *sid2; 664 uint32 sid_idx; 665 uint32 unknown; 666} LSA_TRANSLATED_SID3; 667 668/* LSA_R_LOOKUP_NAMES3 - response to LSA Lookup NAMEs by name 3 */ 669typedef struct lsa_r_lookup_names3 670{ 671 uint32 ptr_dom_ref; 672 DOM_R_REF *dom_ref; /* domain reference info */ 673 674 uint32 num_entries; 675 uint32 ptr_entries; 676 uint32 num_entries2; 677 LSA_TRANSLATED_SID3 *trans_sids; 678 679 uint32 mapped_count; 680 681 NTSTATUS status; /* return code */ 682} LSA_R_LOOKUP_NAMES3; 683 684/* LSA_Q_LOOKUP_NAMES4 - LSA Lookup NAMEs 4 */ 685typedef struct lsa_q_lookup_names4 686{ 687 uint32 num_entries; 688 uint32 num_entries2; 689 UNIHDR *hdr_name; /* name buffer pointers */ 690 UNISTR2 *uni_name; /* names to be looked up */ 691 692 uint32 num_trans_entries; 693 uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */ 694 uint16 lookup_level; 695 uint32 mapped_count; 696 uint32 unknown1; 697 uint32 unknown2; 698 699} LSA_Q_LOOKUP_NAMES4; 700 701/* LSA_R_LOOKUP_NAMES3 - response to LSA Lookup NAMEs by name 4 */ 702typedef struct lsa_r_lookup_names4 703{ 704 uint32 ptr_dom_ref; 705 DOM_R_REF *dom_ref; /* domain reference info */ 706 707 uint32 num_entries; 708 uint32 ptr_entries; 709 uint32 num_entries2; 710 LSA_TRANSLATED_SID3 *trans_sids; 711 712 uint32 mapped_count; 713 714 NTSTATUS status; /* return code */ 715} LSA_R_LOOKUP_NAMES4; 716 717typedef struct lsa_enum_priv_entry 718{ 719 UNIHDR hdr_name; 720 uint32 luid_low; 721 uint32 luid_high; 722 UNISTR2 name; 723 724} LSA_PRIV_ENTRY; 725 726/* LSA_Q_ENUM_PRIVS - LSA enum privileges */ 727typedef struct lsa_q_enum_privs 728{ 729 POLICY_HND pol; /* policy handle */ 730 uint32 enum_context; 731 uint32 pref_max_length; 732} LSA_Q_ENUM_PRIVS; 733 734typedef struct lsa_r_enum_privs 735{ 736 uint32 enum_context; 737 uint32 count; 738 uint32 ptr; 739 uint32 count1; 740 741 LSA_PRIV_ENTRY *privs; 742 743 NTSTATUS status; 744} LSA_R_ENUM_PRIVS; 745 746/* LSA_Q_ENUM_ACCT_RIGHTS - LSA enum account rights */ 747typedef struct 748{ 749 POLICY_HND pol; /* policy handle */ 750 DOM_SID2 sid; 751} LSA_Q_ENUM_ACCT_RIGHTS; 752 753/* LSA_R_ENUM_ACCT_RIGHTS - LSA enum account rights */ 754typedef struct 755{ 756 uint32 count; 757 UNISTR4_ARRAY *rights; 758 NTSTATUS status; 759} LSA_R_ENUM_ACCT_RIGHTS; 760 761 762/* LSA_Q_ADD_ACCT_RIGHTS - LSA add account rights */ 763typedef struct 764{ 765 POLICY_HND pol; /* policy handle */ 766 DOM_SID2 sid; 767 uint32 count; 768 UNISTR4_ARRAY *rights; 769} LSA_Q_ADD_ACCT_RIGHTS; 770 771/* LSA_R_ADD_ACCT_RIGHTS - LSA add account rights */ 772typedef struct 773{ 774 NTSTATUS status; 775} LSA_R_ADD_ACCT_RIGHTS; 776 777 778/* LSA_Q_REMOVE_ACCT_RIGHTS - LSA remove account rights */ 779typedef struct 780{ 781 POLICY_HND pol; /* policy handle */ 782 DOM_SID2 sid; 783 uint32 removeall; 784 uint32 count; 785 UNISTR4_ARRAY *rights; 786} LSA_Q_REMOVE_ACCT_RIGHTS; 787 788/* LSA_R_REMOVE_ACCT_RIGHTS - LSA remove account rights */ 789typedef struct 790{ 791 NTSTATUS status; 792} LSA_R_REMOVE_ACCT_RIGHTS; 793 794 795/* LSA_Q_PRIV_GET_DISPNAME - LSA get privilege display name */ 796typedef struct lsa_q_priv_get_dispname 797{ 798 POLICY_HND pol; /* policy handle */ 799 UNIHDR hdr_name; 800 UNISTR2 name; 801 uint16 lang_id; 802 uint16 lang_id_sys; 803} LSA_Q_PRIV_GET_DISPNAME; 804 805typedef struct lsa_r_priv_get_dispname 806{ 807 uint32 ptr_info; 808 UNIHDR hdr_desc; 809 UNISTR2 desc; 810 /* Don't align ! */ 811 uint16 lang_id; 812 /* align */ 813 NTSTATUS status; 814} LSA_R_PRIV_GET_DISPNAME; 815 816/* LSA_Q_ENUM_ACCOUNTS */ 817typedef struct lsa_q_enum_accounts 818{ 819 POLICY_HND pol; /* policy handle */ 820 uint32 enum_context; 821 uint32 pref_max_length; 822} LSA_Q_ENUM_ACCOUNTS; 823 824/* LSA_R_ENUM_ACCOUNTS */ 825typedef struct lsa_r_enum_accounts 826{ 827 uint32 enum_context; 828 LSA_SID_ENUM sids; 829 NTSTATUS status; 830} LSA_R_ENUM_ACCOUNTS; 831 832/* LSA_Q_UNK_GET_CONNUSER - gets username\domain of connected user 833 called when "Take Ownership" is clicked -SK */ 834typedef struct lsa_q_unk_get_connuser 835{ 836 uint32 ptr_srvname; 837 UNISTR2 uni2_srvname; 838 uint32 unk1; /* 3 unknown uint32's are seen right after uni2_srvname */ 839 uint32 unk2; /* unk2 appears to be a ptr, unk1 = unk3 = 0 usually */ 840 uint32 unk3; 841} LSA_Q_UNK_GET_CONNUSER; 842 843/* LSA_R_UNK_GET_CONNUSER */ 844typedef struct lsa_r_unk_get_connuser 845{ 846 uint32 ptr_user_name; 847 UNIHDR hdr_user_name; 848 UNISTR2 uni2_user_name; 849 850 uint32 unk1; 851 852 uint32 ptr_dom_name; 853 UNIHDR hdr_dom_name; 854 UNISTR2 uni2_dom_name; 855 856 NTSTATUS status; 857} LSA_R_UNK_GET_CONNUSER; 858 859 860typedef struct lsa_q_createaccount 861{ 862 POLICY_HND pol; /* policy handle */ 863 DOM_SID2 sid; 864 uint32 access; /* access */ 865} LSA_Q_CREATEACCOUNT; 866 867typedef struct lsa_r_createaccount 868{ 869 POLICY_HND pol; /* policy handle */ 870 NTSTATUS status; 871} LSA_R_CREATEACCOUNT; 872 873 874typedef struct lsa_q_openaccount 875{ 876 POLICY_HND pol; /* policy handle */ 877 DOM_SID2 sid; 878 uint32 access; /* desired access */ 879} LSA_Q_OPENACCOUNT; 880 881typedef struct lsa_r_openaccount 882{ 883 POLICY_HND pol; /* policy handle */ 884 NTSTATUS status; 885} LSA_R_OPENACCOUNT; 886 887typedef struct lsa_q_enumprivsaccount 888{ 889 POLICY_HND pol; /* policy handle */ 890} LSA_Q_ENUMPRIVSACCOUNT; 891 892typedef struct lsa_r_enumprivsaccount 893{ 894 uint32 ptr; 895 uint32 count; 896 PRIVILEGE_SET set; 897 NTSTATUS status; 898} LSA_R_ENUMPRIVSACCOUNT; 899 900typedef struct lsa_q_getsystemaccount 901{ 902 POLICY_HND pol; /* policy handle */ 903} LSA_Q_GETSYSTEMACCOUNT; 904 905typedef struct lsa_r_getsystemaccount 906{ 907 uint32 access; 908 NTSTATUS status; 909} LSA_R_GETSYSTEMACCOUNT; 910 911 912typedef struct lsa_q_setsystemaccount 913{ 914 POLICY_HND pol; /* policy handle */ 915 uint32 access; 916} LSA_Q_SETSYSTEMACCOUNT; 917 918typedef struct lsa_r_setsystemaccount 919{ 920 NTSTATUS status; 921} LSA_R_SETSYSTEMACCOUNT; 922 923typedef struct { 924 UNIHDR hdr; 925 UNISTR2 unistring; 926} LSA_STRING; 927 928typedef struct { 929 POLICY_HND pol; /* policy handle */ 930 LSA_STRING privname; 931} LSA_Q_LOOKUP_PRIV_VALUE; 932 933typedef struct { 934 LUID luid; 935 NTSTATUS status; 936} LSA_R_LOOKUP_PRIV_VALUE; 937 938typedef struct lsa_q_addprivs 939{ 940 POLICY_HND pol; /* policy handle */ 941 uint32 count; 942 PRIVILEGE_SET set; 943} LSA_Q_ADDPRIVS; 944 945typedef struct lsa_r_addprivs 946{ 947 NTSTATUS status; 948} LSA_R_ADDPRIVS; 949 950 951typedef struct lsa_q_removeprivs 952{ 953 POLICY_HND pol; /* policy handle */ 954 uint32 allrights; 955 uint32 ptr; 956 uint32 count; 957 PRIVILEGE_SET set; 958} LSA_Q_REMOVEPRIVS; 959 960typedef struct lsa_r_removeprivs 961{ 962 NTSTATUS status; 963} LSA_R_REMOVEPRIVS; 964 965/*******************************************************/ 966#if 0 /* jerry, I think this not correct - gd */ 967typedef struct { 968 POLICY_HND handle; 969 uint32 count; /* ??? this is what ethereal calls it */ 970 DOM_SID sid; 971} LSA_Q_OPEN_TRUSTED_DOMAIN; 972#endif 973 974/* LSA_Q_OPEN_TRUSTED_DOMAIN - LSA Query Open Trusted Domain */ 975typedef struct lsa_q_open_trusted_domain 976{ 977 POLICY_HND pol; /* policy handle */ 978 DOM_SID2 sid; /* domain sid */ 979 uint32 access_mask; /* access mask */ 980 981} LSA_Q_OPEN_TRUSTED_DOMAIN; 982 983/* LSA_R_OPEN_TRUSTED_DOMAIN - response to LSA Query Open Trusted Domain */ 984typedef struct { 985 POLICY_HND handle; /* trustdom policy handle */ 986 NTSTATUS status; /* return code */ 987} LSA_R_OPEN_TRUSTED_DOMAIN; 988 989 990/*******************************************************/ 991 992/* LSA_Q_OPEN_TRUSTED_DOMAIN_BY_NAME - LSA Query Open Trusted Domain by Name*/ 993typedef struct lsa_q_open_trusted_domain_by_name 994{ 995 POLICY_HND pol; /* policy handle */ 996 LSA_STRING name; /* domain name */ 997 uint32 access_mask; /* access mask */ 998 999} LSA_Q_OPEN_TRUSTED_DOMAIN_BY_NAME; 1000 1001/* LSA_R_OPEN_TRUSTED_DOMAIN_BY_NAME - response to LSA Query Open Trusted Domain by Name */ 1002typedef struct { 1003 POLICY_HND handle; /* trustdom policy handle */ 1004 NTSTATUS status; /* return code */ 1005} LSA_R_OPEN_TRUSTED_DOMAIN_BY_NAME; 1006 1007 1008/*******************************************************/ 1009 1010 1011typedef struct { 1012 POLICY_HND handle; 1013 UNISTR4 secretname; 1014 uint32 access; 1015} LSA_Q_OPEN_SECRET; 1016 1017typedef struct { 1018 POLICY_HND handle; 1019 NTSTATUS status; 1020} LSA_R_OPEN_SECRET; 1021 1022 1023/*******************************************************/ 1024 1025typedef struct { 1026 POLICY_HND handle; 1027} LSA_Q_DELETE_OBJECT; 1028 1029typedef struct { 1030 NTSTATUS status; 1031} LSA_R_DELETE_OBJECT; 1032 1033 1034/*******************************************************/ 1035 1036typedef struct { 1037 POLICY_HND handle; 1038 UNISTR4 secretname; 1039 uint32 access; 1040} LSA_Q_CREATE_SECRET; 1041 1042typedef struct { 1043 POLICY_HND handle; 1044 NTSTATUS status; 1045} LSA_R_CREATE_SECRET; 1046 1047 1048/*******************************************************/ 1049 1050typedef struct { 1051 POLICY_HND handle; 1052 UNISTR4 secretname; 1053 uint32 access; 1054} LSA_Q_CREATE_TRUSTED_DOMAIN; 1055 1056typedef struct { 1057 POLICY_HND handle; 1058 NTSTATUS status; 1059} LSA_R_CREATE_TRUSTED_DOMAIN; 1060 1061 1062/*******************************************************/ 1063 1064typedef struct { 1065 uint32 size; /* size is written on the wire twice so I 1066 can only assume that one is supposed to 1067 be a max length and one is a size */ 1068 UNISTR2 *data; /* not really a UNICODE string but the parsing 1069 is the same */ 1070} LSA_DATA_BLOB; 1071 1072typedef struct { 1073 POLICY_HND handle; 1074 LSA_DATA_BLOB *old_value; 1075 LSA_DATA_BLOB *new_value; 1076} LSA_Q_SET_SECRET; 1077 1078typedef struct { 1079 NTSTATUS status; 1080} LSA_R_SET_SECRET; 1081 1082/* LSA_Q_QUERY_TRUSTED_DOMAIN_INFO - LSA query trusted domain info */ 1083typedef struct lsa_query_trusted_domain_info 1084{ 1085 POLICY_HND pol; /* policy handle */ 1086 uint16 info_class; /* info class */ 1087 1088} LSA_Q_QUERY_TRUSTED_DOMAIN_INFO; 1089 1090/* LSA_Q_QUERY_TRUSTED_DOMAIN_INFO_BY_SID - LSA query trusted domain info */ 1091typedef struct lsa_query_trusted_domain_info_by_sid 1092{ 1093 POLICY_HND pol; /* policy handle */ 1094 DOM_SID2 dom_sid; /* domain sid */ 1095 uint16 info_class; /* info class */ 1096 1097} LSA_Q_QUERY_TRUSTED_DOMAIN_INFO_BY_SID; 1098 1099/* LSA_Q_QUERY_TRUSTED_DOMAIN_INFO_BY_NAME - LSA query trusted domain info */ 1100typedef struct lsa_query_trusted_domain_info_by_name 1101{ 1102 POLICY_HND pol; /* policy handle */ 1103 LSA_STRING domain_name; /* domain name */ 1104 uint16 info_class; /* info class */ 1105 1106} LSA_Q_QUERY_TRUSTED_DOMAIN_INFO_BY_NAME; 1107 1108typedef struct trusted_domain_info_name { 1109 LSA_STRING netbios_name; 1110} TRUSTED_DOMAIN_INFO_NAME; 1111 1112typedef struct trusted_domain_info_posix_offset { 1113 uint32 posix_offset; 1114} TRUSTED_DOMAIN_INFO_POSIX_OFFSET; 1115 1116typedef struct lsa_data_buf { 1117 uint32 size; 1118 uint32 offset; 1119 uint32 length; 1120 uint8 *data; 1121} LSA_DATA_BUF; 1122 1123typedef struct lsa_data_buf_hdr { 1124 uint32 length; 1125 uint32 size; 1126 uint32 data_ptr; 1127} LSA_DATA_BUF_HDR; 1128 1129 1130typedef struct lsa_data_buf2 { 1131 uint32 size; 1132 uint8 *data; 1133} LSA_DATA_BUF2; 1134 1135typedef struct trusted_domain_info_password { 1136 uint32 ptr_password; 1137 uint32 ptr_old_password; 1138 LSA_DATA_BUF_HDR password_hdr; 1139 LSA_DATA_BUF_HDR old_password_hdr; 1140 LSA_DATA_BUF password; 1141 LSA_DATA_BUF old_password; 1142} TRUSTED_DOMAIN_INFO_PASSWORD; 1143 1144typedef struct trusted_domain_info_basic { 1145 LSA_STRING netbios_name; 1146 DOM_SID2 sid; 1147} TRUSTED_DOMAIN_INFO_BASIC; 1148 1149typedef struct trusted_domain_info_ex { 1150 LSA_STRING domain_name; 1151 LSA_STRING netbios_name; 1152 DOM_SID2 sid; 1153 uint32 trust_direction; 1154 uint32 trust_type; 1155 uint32 trust_attributes; 1156} TRUSTED_DOMAIN_INFO_EX; 1157 1158typedef struct trust_domain_info_buffer { 1159 NTTIME last_update_time; 1160 uint32 secret_type; 1161 LSA_DATA_BUF2 data; 1162} LSA_TRUSTED_DOMAIN_INFO_BUFFER; 1163 1164typedef struct trusted_domain_info_auth_info { 1165 uint32 incoming_count; 1166 LSA_TRUSTED_DOMAIN_INFO_BUFFER incoming_current_auth_info; 1167 LSA_TRUSTED_DOMAIN_INFO_BUFFER incoming_previous_auth_info; 1168 uint32 outgoing_count; 1169 LSA_TRUSTED_DOMAIN_INFO_BUFFER outgoing_current_auth_info; 1170 LSA_TRUSTED_DOMAIN_INFO_BUFFER outgoing_previous_auth_info; 1171} TRUSTED_DOMAIN_INFO_AUTH_INFO; 1172 1173typedef struct trusted_domain_info_full_info { 1174 TRUSTED_DOMAIN_INFO_EX info_ex; 1175 TRUSTED_DOMAIN_INFO_POSIX_OFFSET posix_offset; 1176 TRUSTED_DOMAIN_INFO_AUTH_INFO auth_info; 1177} TRUSTED_DOMAIN_INFO_FULL_INFO; 1178 1179typedef struct trusted_domain_info_11 { 1180 TRUSTED_DOMAIN_INFO_EX info_ex; 1181 LSA_DATA_BUF2 data1; 1182} TRUSTED_DOMAIN_INFO_11; 1183 1184typedef struct trusted_domain_info_all { 1185 TRUSTED_DOMAIN_INFO_EX info_ex; 1186 LSA_DATA_BUF2 data1; 1187 TRUSTED_DOMAIN_INFO_POSIX_OFFSET posix_offset; 1188 TRUSTED_DOMAIN_INFO_AUTH_INFO auth_info; 1189} TRUSTED_DOMAIN_INFO_ALL; 1190 1191/* LSA_TRUSTED_DOMAIN_INFO */ 1192typedef union lsa_trusted_domain_info 1193{ 1194 uint16 info_class; 1195 TRUSTED_DOMAIN_INFO_NAME name; 1196 /* deprecated - gd 1197 TRUSTED_DOMAIN_INFO_CONTROLLERS_INFO controllers; */ 1198 TRUSTED_DOMAIN_INFO_POSIX_OFFSET posix_offset; 1199 TRUSTED_DOMAIN_INFO_PASSWORD password; 1200 TRUSTED_DOMAIN_INFO_BASIC basic; 1201 TRUSTED_DOMAIN_INFO_EX info_ex; 1202 TRUSTED_DOMAIN_INFO_AUTH_INFO auth_info; 1203 TRUSTED_DOMAIN_INFO_FULL_INFO full_info; 1204 TRUSTED_DOMAIN_INFO_11 info11; 1205 TRUSTED_DOMAIN_INFO_ALL info_all; 1206 1207} LSA_TRUSTED_DOMAIN_INFO; 1208 1209/* LSA_R_QUERY_TRUSTED_DOMAIN_INFO - LSA query trusted domain info */ 1210typedef struct r_lsa_query_trusted_domain_info 1211{ 1212 LSA_TRUSTED_DOMAIN_INFO *info; 1213 NTSTATUS status; 1214} LSA_R_QUERY_TRUSTED_DOMAIN_INFO; 1215 1216typedef struct dom_info_kerberos { 1217 uint32 enforce_restrictions; 1218 NTTIME service_tkt_lifetime; 1219 NTTIME user_tkt_lifetime; 1220 NTTIME user_tkt_renewaltime; 1221 NTTIME clock_skew; 1222 NTTIME unknown6; 1223} LSA_DOM_INFO_POLICY_KERBEROS; 1224 1225typedef struct dom_info_efs { 1226 uint32 blob_len; 1227 UNISTR2 efs_blob; 1228} LSA_DOM_INFO_POLICY_EFS; 1229 1230typedef struct lsa_dom_info_union { 1231 uint16 info_class; 1232 LSA_DOM_INFO_POLICY_EFS efs_policy; 1233 LSA_DOM_INFO_POLICY_KERBEROS krb_policy; 1234} LSA_DOM_INFO_UNION; 1235 1236/* LSA_Q_QUERY_DOM_INFO_POLICY - LSA query info */ 1237typedef struct lsa_q_query_dom_info_policy 1238{ 1239 POLICY_HND pol; /* policy handle */ 1240 uint16 info_class; /* info class */ 1241} LSA_Q_QUERY_DOM_INFO_POLICY; 1242 1243typedef struct lsa_r_query_dom_info_policy 1244{ 1245 LSA_DOM_INFO_UNION *info; 1246 NTSTATUS status; 1247} LSA_R_QUERY_DOM_INFO_POLICY; 1248 1249 1250#endif /* _RPC_LSA_H */ 1251