xref: /illumos-gate/usr/src/uts/common/smbsrv/ndl/lsarpc.ndl (revision d321a33cdd896e6b211d113a33698dd76e89b861)
1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23 * Use is subject to license terms.
24 */
25
26#ifndef _MLSVC_LSA_NDL_
27#define _MLSVC_LSA_NDL_
28
29#pragma ident	"%Z%%M%	%I%	%E% SMI"
30
31/*
32 ***********************************************************************
33 * Local Security Authority RPC (LSARPC) interface definition.
34 ***********************************************************************
35 */
36
37#include "ndrtypes.ndl"
38
39
40#define LSARPC_OPNUM_CloseHandle		0x00
41#define LSARPC_OPNUM_EnumPrivileges		0x02
42#define LSARPC_OPNUM_QuerySecurityObject	0x03
43#define LSARPC_OPNUM_SetSecurityObject		0x04
44#define LSARPC_OPNUM_ChangePassword		0x05
45#define LSARPC_OPNUM_OpenPolicy			0x06
46#define LSARPC_OPNUM_QueryInfoPolicy		0x07
47#define LSARPC_OPNUM_SetInfoPolicy		0x08
48#define LSARPC_OPNUM_Unknown09			0x09	/* Crashed the DC */
49#define LSARPC_OPNUM_CreateAccount		0x0a
50#define LSARPC_OPNUM_EnumerateAccounts		0x0b
51#define LSARPC_OPNUM_CreateTrustedDomain	0x0c
52#define LSARPC_OPNUM_EnumTrustedDomain		0x0d
53#define LSARPC_OPNUM_LookupNames		0x0e
54#define LSARPC_OPNUM_LookupSids			0x0f
55#define LSARPC_OPNUM_CreateSecret		0x10
56#define LSARPC_OPNUM_OpenAccount		0x11
57#define LSARPC_OPNUM_EnumPrivsAccount		0x12
58#define LSARPC_OPNUM_GetSystemAccessAccount	0x17
59#define LSARPC_OPNUM_OpenSecret			0x1c
60#define LSARPC_OPNUM_LookupPrivValue		0x1f
61#define LSARPC_OPNUM_LookupPrivName		0x20
62#define LSARPC_OPNUM_LookupPrivDisplayName	0x21
63#define LSARPC_OPNUM_AddAccountRights		0x25
64#define LSARPC_OPNUM_OpenPolicy2		0x2c
65#define LSARPC_OPNUM_GetConnectedUser		0x2d
66#define LSARPC_OPNUM_Discovery			0x2e
67#define LSARPC_OPNUM_LookupSids2		0x39
68#define LSARPC_OPNUM_LookupNames2		0x3a
69
70
71/*
72 * There are at least two lookup level settings. Level 1 appears to mean
73 * only look on the local host and level 2 means forward the request to
74 * the PDC. On the PDC it probably doesn't matter which level you use but
75 * on a BDC a level 1 lookup will fail if the BDC doesn't have the info
76 * whereas a level 2 lookup will also check with the PDC.
77 */
78#define MSLSA_LOOKUP_LEVEL_1		1
79#define MSLSA_LOOKUP_LEVEL_2		2
80
81
82/*
83 * Definition for a SID. The ndl compiler won't allow a typedef of
84 * a structure containing variable size members.
85 */
86struct mslsa_sid {
87	BYTE		Revision;
88	BYTE		SubAuthCount;
89	BYTE		Authority[6];
90  SIZE_IS(SubAuthCount)
91	DWORD		SubAuthority[ANY_SIZE_ARRAY];
92};
93
94struct mslsa_string_desc {
95	WORD		length;
96	WORD		allosize;
97	LPTSTR		str;
98};
99typedef struct mslsa_string_desc mslsa_string_t;
100
101
102struct mslsa_handle {
103	DWORD hand1;
104	DWORD hand2;
105	WORD  hand3[2];
106	BYTE  hand4[8];
107};
108typedef struct mslsa_handle	mslsa_handle_t;
109
110
111struct mslsa_luid {
112	DWORD low_part;
113	DWORD high_part;
114};
115typedef struct mslsa_luid mslsa_luid_t;
116
117
118/*
119 ***********************************************************************
120 * OpenPolicy2 obtains a handle for a remote LSA. This handle is
121 * required for all subsequent LSA requests.
122 *
123 * The server name should be the name of the target PDC or BDC, with
124 * the double backslash prefix.
125 *
126 * As far as I can tell, the mslsa_object_attributes structure can be
127 * all zero except for the length, which should be set to sizeof(struct
128 * mslsa_object_attributes).
129 *
130 * For read access, the desired access mask should contain the
131 * READ_CONTROL standard right and whatever policy rights are required.
132 * I haven't tried any update operations but if you get the access mask
133 * wrong you can crash the domain controller.
134 ***********************************************************************
135 */
136
137
138/*
139 * From netmon:
140 *	length = 12
141 *	impersonation_level = 2
142 *	context_tracking_mode = 1
143 *	effective_only = 0
144 */
145struct mslsa_quality_of_service {
146	DWORD length;
147	WORD impersonation_level;
148	BYTE context_tracking_mode;
149	BYTE effective_only;
150};
151
152
153struct mslsa_object_attributes {
154	DWORD length;
155	DWORD rootDirectory;
156	DWORD objectName;
157	DWORD attributes;
158	DWORD securityDescriptor;
159	struct mslsa_quality_of_service *qualityOfService;
160};
161
162
163OPERATION(LSARPC_OPNUM_OpenPolicy)
164struct mslsa_OpenPolicy {
165	IN	DWORD	*servername;
166	IN	struct mslsa_object_attributes attributes;
167	IN	DWORD desiredAccess;
168	OUT	mslsa_handle_t domain_handle;
169	OUT	DWORD status;
170};
171
172OPERATION(LSARPC_OPNUM_OpenPolicy2)
173struct mslsa_OpenPolicy2 {
174	IN	LPTSTR servername;
175	IN	struct mslsa_object_attributes attributes;
176	IN	DWORD desiredAccess;
177	OUT	mslsa_handle_t domain_handle;
178	OUT	DWORD status;
179};
180
181
182/*
183 ***********************************************************************
184 * CloseHandle closes an association with the LSA. The returned handle
185 * will be all zero.
186 ***********************************************************************
187 */
188OPERATION(LSARPC_OPNUM_CloseHandle)
189struct mslsa_CloseHandle {
190	IN	mslsa_handle_t handle;
191	OUT	mslsa_handle_t result_handle;
192	OUT	DWORD status;
193};
194
195
196/*
197 ***********************************************************************
198 * EnumPrivileges
199 *
200 * Obtain a list of privilege names. This interface is not implemented
201 * yet The definition below has not been tested. This is a guess based
202 * on data available from netmon.
203 ***********************************************************************
204 */
205struct mslsa_PrivDef {
206	mslsa_string_t name;
207	mslsa_luid_t luid;
208};
209
210
211struct mslsa_PrivEnumBuf {
212	DWORD entries_read;
213  SIZE_IS(entries_read)
214	struct mslsa_PrivDef *def;
215};
216
217
218OPERATION(LSARPC_OPNUM_EnumPrivileges)
219struct mslsa_EnumPrivileges {
220	IN	mslsa_handle_t handle;
221	INOUT	DWORD enum_context;
222	IN	DWORD max_length;
223	OUT	REFERENCE struct mslsa_PrivEnumBuf *enum_buf;
224	OUT	DWORD status;
225};
226
227
228/*
229 ***********************************************************************
230 * QuerySecurityObject. I'm not entirely sure how to set this up yet.
231 * I used the discovery RPC to scope it out. The structures are set up
232 * according to netmon and the assumption that a security descriptor
233 * on the wire looks like the regular user level security descriptor.
234 ***********************************************************************
235 */
236struct mslsa_SecurityDescriptor {
237	BYTE revision;
238	BYTE sbz1;
239	WORD control;
240	DWORD owner;
241	DWORD group;
242	DWORD sacl;
243	DWORD dacl;
244};
245
246
247struct mslsa_SecurityDescInfo {
248	DWORD length;
249  SIZE_IS(length)
250  	BYTE *desc; /* temporary */
251	/* struct mslsa_SecurityDescriptor *desc; */
252};
253
254
255OPERATION(LSARPC_OPNUM_QuerySecurityObject)
256struct mslsa_QuerySecurityObject {
257	IN	mslsa_handle_t handle;
258	IN	DWORD security_info;
259	OUT	struct mslsa_SecurityDescInfo *desc_info;
260	OUT	DWORD status;
261};
262
263
264/*
265 ***********************************************************************
266 * EnumerateAccounts and EnumerateTrustedDomain.
267 ***********************************************************************
268 */
269struct mslsa_AccountInfo {
270	struct mslsa_sid *sid;
271};
272
273
274struct mslsa_EnumAccountBuf {
275	DWORD entries_read;
276  SIZE_IS(entries_read)
277	struct mslsa_AccountInfo *info;
278};
279
280
281OPERATION(LSARPC_OPNUM_EnumerateAccounts)
282struct mslsa_EnumerateAccounts {
283	IN	mslsa_handle_t handle;
284	INOUT	DWORD enum_context;
285	IN	DWORD max_length;
286	OUT	REFERENCE struct mslsa_EnumAccountBuf *enum_buf;
287	OUT	DWORD status;
288};
289
290
291struct mslsa_TrustedDomainInfo {
292	mslsa_string_t name;
293	struct mslsa_sid *sid;
294};
295
296
297struct mslsa_EnumTrustedDomainBuf {
298	DWORD entries_read;
299  SIZE_IS(entries_read)
300	struct mslsa_TrustedDomainInfo *info;
301};
302
303
304OPERATION(LSARPC_OPNUM_EnumTrustedDomain)
305struct mslsa_EnumTrustedDomain {
306	IN	mslsa_handle_t handle;
307	INOUT	DWORD enum_context;
308	IN	DWORD max_length;
309	OUT REFERENCE	struct mslsa_EnumTrustedDomainBuf *enum_buf;
310	OUT	DWORD status;
311};
312
313
314/*
315 ***********************************************************************
316 * Definitions common to both LookupSids and LookupNames. Both return
317 * an mslsa_domain_table[]. Each interface also returns a specific
318 * table with entries which index the mslsa_domain_table[].
319 ***********************************************************************
320 */
321struct mslsa_domain_entry {
322	mslsa_string_t domain_name;
323	struct mslsa_sid *domain_sid;
324};
325typedef struct mslsa_domain_entry mslsa_domain_entry_t;
326
327
328struct mslsa_domain_table {
329	DWORD		n_entry;
330  SIZE_IS(n_entry)
331  	mslsa_domain_entry_t *entries;
332	DWORD		max_n_entry;
333};
334
335
336/*
337 ***********************************************************************
338 * Definitions for LookupSids.
339 *
340 * The input parameters are:
341 *
342 *	A valid LSA handle obtained from an LsarOpenPolicy.
343 *	The table of SIDs to be looked up.
344 *	A table of names (probably empty).
345 *	The lookup level (local=1 or PDC=2).
346 *	An enumeration counter (used for continuation operations).
347 *
348 * The output results are:
349 *
350 *	A table of referenced domains.
351 *	A table of usernames.
352 *	The updated value of the enumeration counter.
353 *	The result status.
354 ***********************************************************************
355 */
356
357struct mslsa_lup_sid_entry {
358	struct mslsa_sid *psid;
359};
360
361struct mslsa_lup_sid_table {
362	DWORD		n_entry;
363    SIZE_IS(n_entry)
364	struct mslsa_lup_sid_entry *entries;
365};
366
367struct mslsa_name_entry {
368	WORD		sid_name_use;
369	WORD		unknown_flags;
370	mslsa_string_t	name;
371	DWORD		domain_ix;		/* -1 means none */
372};
373
374struct mslsa_name_table {
375	DWORD		n_entry;
376    SIZE_IS(n_entry)
377	struct mslsa_name_entry *entries;
378};
379
380OPERATION(LSARPC_OPNUM_LookupSids)
381struct mslsa_LookupSids {
382	IN	mslsa_handle_t	handle;
383	IN	struct mslsa_lup_sid_table lup_sid_table;
384
385	OUT	struct mslsa_domain_table *domain_table;
386	INOUT	struct mslsa_name_table name_table;
387
388	IN	DWORD lookup_level;
389	INOUT	DWORD mapped_count;
390 	OUT	DWORD status;
391};
392
393
394/*
395 ***********************************************************************
396 * Definitions for LookupNames.
397 *
398 * LookupNames requires the following input parameters.
399 *
400 *	A valid LSA handle obtained from an LsarOpenPolicy.
401 *	The table of names to be looked up.
402 *	A table of translated sids (probably empty).
403 *	The lookup level (local=1 or PDC=2).
404 *	An enumeration counter (used for continuation operations).
405 *
406 * The outputs are as follows.
407 *
408 *	A table of referenced domains.
409 *	A table of translated sids (actually rids).
410 *	The updated value of the enumeration counter.
411 *	The result status.
412 ***********************************************************************
413 */
414struct mslsa_lup_name_table {
415	DWORD n_entry;
416  SIZE_IS(n_entry)
417	mslsa_string_t names[ANY_SIZE_ARRAY];
418};
419
420
421struct mslsa_rid_entry {
422	WORD sid_name_use;
423	WORD pad;	 /* alignment - probably not required */
424	DWORD rid;
425	DWORD domain_index;
426};
427
428
429struct mslsa_rid_table {
430	DWORD n_entry;
431  SIZE_IS(n_entry)
432	struct mslsa_rid_entry *rids;
433};
434
435
436OPERATION(LSARPC_OPNUM_LookupNames)
437struct mslsa_LookupNames {
438	IN		mslsa_handle_t handle;
439	IN	REFERENCE	struct mslsa_lup_name_table *name_table;
440
441	OUT		struct mslsa_domain_table *domain_table;
442	INOUT	struct mslsa_rid_table translated_sids;
443
444	IN		DWORD lookup_level;
445	INOUT	DWORD mapped_count;
446	OUT		DWORD status;
447};
448
449
450/*
451 ***********************************************************************
452 * QueryInfoPolicy returns various pieces of policy information. The
453 * desired information is specified using a class value, as defined
454 * below.
455 ***********************************************************************
456 */
457#define MSLSA_POLICY_UNKNOWN_1_INFO		1
458#define MSLSA_POLICY_UNKNOWN_2_INFO		2
459#define MSLSA_POLICY_PRIMARY_DOMAIN_INFO	3
460#define MSLSA_POLICY_UNKNOWN_4_INFO		4
461#define MSLSA_POLICY_ACCOUNT_DOMAIN_INFO	5
462#define MSLSA_POLICY_SERVER_ROLE_INFO		6
463#define MSLSA_POLICY_REPLICA_SOURCE_INFO	7
464#define MSLSA_POLICY_DEFAULT_QUOTA_INFO		8
465
466
467struct mslsa_PrimaryDomainInfo {
468	struct mslsa_string_desc name;
469	struct mslsa_sid *sid;
470};
471
472
473struct mslsa_AccountDomainInfo {
474	struct mslsa_string_desc name;
475	struct mslsa_sid *sid;
476};
477
478/*
479struct mslsa_ServerRoleInfo {
480	WORD unknown_0x0003;
481	WORD unknown_0x000e;
482};
483*/
484
485union mslsa_PolicyInfoResUnion {
486	CASE(3)	struct mslsa_PrimaryDomainInfo pd_info;
487	CASE(5)	struct mslsa_AccountDomainInfo ad_info;
488	DEFAULT	char *nullptr;
489};
490
491
492struct mslsa_PolicyInfo {
493	WORD switch_value;
494	SWITCH(switch_value)
495		union mslsa_PolicyInfoResUnion ru;
496};
497
498
499OPERATION(LSARPC_OPNUM_QueryInfoPolicy)
500struct mslsa_QueryInfoPolicy {
501	IN	mslsa_handle_t handle;
502	IN	WORD info_class;
503	OUT	struct mslsa_PolicyInfo *info;
504	OUT	DWORD status;
505};
506
507
508/*
509 ***********************************************************************
510 * OpenAccount.
511 *
512 * Returns a handle that can be used to access the account specified
513 * by a SID. This handle can be used to enumerate account privileges.
514 ***********************************************************************
515 */
516OPERATION(LSARPC_OPNUM_OpenAccount)
517struct mslsa_OpenAccount {
518	IN  mslsa_handle_t handle;
519	IN REFERENCE	struct mslsa_sid *sid;
520	IN	DWORD access_mask;
521	OUT mslsa_handle_t account_handle;
522	OUT DWORD status;
523};
524
525
526/*
527 ***********************************************************************
528 * EnumPrivilegesAccount.
529 *
530 * Enumerate the list of privileges held by the specified account. The
531 * handle must be a valid account handle obtained via OpenAccount. The
532 * luid values returned will be probably only be relevant on the domain
533 * controller so we'll need to find a way to convert them to the
534 * actual privilege names.
535 ***********************************************************************
536 */
537struct mslsa_LuidAndAttributes {
538	struct mslsa_luid luid;
539	DWORD attributes;
540};
541
542
543struct mslsa_PrivilegeSet {
544	DWORD privilege_count;
545	DWORD control;
546  SIZE_IS(privilege_count)
547	struct mslsa_LuidAndAttributes privilege[ANY_SIZE_ARRAY];
548};
549
550
551OPERATION(LSARPC_OPNUM_EnumPrivsAccount)
552	struct mslsa_EnumPrivsAccount {
553	IN	mslsa_handle_t account_handle;
554	OUT	struct mslsa_PrivilegeSet *privileges;
555	OUT	DWORD status;
556};
557
558
559/*
560 ***********************************************************************
561 * LookupPrivValue
562 *
563 * Map a privilege name to a local unique id (LUID). Privilege names
564 * are consistent across the network. LUIDs are machine specific.
565 * The privilege list is provided as a set of LUIDs so the privilege
566 * lookup functions must be used to identify which the privilege to
567 * which each LUID refers. The handle here is a policy handle.
568 ***********************************************************************
569 */
570OPERATION(LSARPC_OPNUM_LookupPrivValue)
571struct mslsa_LookupPrivValue {
572	IN	mslsa_handle_t handle;
573	IN	mslsa_string_t name;
574	OUT	struct mslsa_luid luid;
575	OUT	DWORD status;
576};
577
578
579/*
580 ***********************************************************************
581 * LookupPrivName
582 *
583 * Map a privilege value (LUID) to a privilege name. Privilege names
584 * are consistent across the network. LUIDs are machine specific.
585 * The privilege list is provided as a set of LUIDs so the privilege
586 * lookup functions must be used to identify which the privilege to
587 * which each LUID refers. The handle here is a policy handle.
588 ***********************************************************************
589 */
590OPERATION(LSARPC_OPNUM_LookupPrivName)
591struct mslsa_LookupPrivName {
592	IN	mslsa_handle_t handle;
593	IN	struct mslsa_luid luid;
594	OUT	mslsa_string_t *name;
595	OUT	DWORD status;
596};
597
598
599/*
600 ***********************************************************************
601 * LookupPrivDisplayName
602 *
603 * Map a privilege name to a local unique id (LUID). Privilege names
604 * are consistent across the network. LUIDs are machine specific.
605 * The privilege list is provided as a set of LUIDs so the privilege
606 * lookup functions must be used to identify which the privilege to
607 * which each LUID refers. The handle here is a policy handle.
608 ***********************************************************************
609 */
610OPERATION(LSARPC_OPNUM_LookupPrivDisplayName)
611struct mslsa_LookupPrivDisplayName {
612	IN	mslsa_handle_t handle;
613	IN	mslsa_string_t name;
614	IN	WORD client_language;
615	IN	WORD default_language;
616	OUT	mslsa_string_t *display_name;
617	OUT	WORD language_ret;
618	OUT	DWORD status;
619};
620
621
622/*
623 ***********************************************************************
624 * GetConnectedUser
625 *
626 * This is still guesswork. Netmon doesn't know about this
627 * call and I'm not really sure what it is intended to achieve.
628 * Another packet capture application, Ethereal, calls this RPC as
629 * GetConnectedUser.
630 * We will receive our own hostname in the request and it appears
631 * we should respond with an account name and the domain name of connected
632 * user from the client that makes this call.
633 ***********************************************************************
634 */
635
636struct mslsa_DomainName {
637	struct mslsa_string_desc *name;
638};
639
640
641OPERATION(LSARPC_OPNUM_GetConnectedUser)
642struct mslsa_GetConnectedUser {
643	IN	LPTSTR hostname;
644	IN  BYTE *unknown1;
645	IN  BYTE *unknown2;
646	OUT	struct mslsa_string_desc *owner;
647	OUT	struct mslsa_DomainName *domain;
648	OUT	DWORD status;
649};
650
651
652/*
653 ***********************************************************************
654 * LSARPC_OPNUM_LookupSids2
655 *
656 * SID lookup function that appeared in Windows 2000. It appears to be
657 * very similar to the original SID lookup RPC. There are two extra IN
658 * parameters, which we don't care about. The OUT name structure has
659 * an extra field, in which zero seems to be okay.
660 ***********************************************************************
661 */
662struct lsar_name_entry2 {
663	WORD sid_name_use;
664	WORD unknown_flags;	/* maybe alignment */
665	mslsa_string_t name;
666	DWORD domain_ix;	/* -1 means none */
667	DWORD unknown;		/* added */
668};
669
670
671struct lsar_name_table2 {
672	DWORD n_entry;
673  SIZE_IS(n_entry)
674	struct lsar_name_entry2 *entries;
675};
676
677
678OPERATION(LSARPC_OPNUM_LookupSids2)
679struct lsar_lookup_sids2 {
680	IN		mslsa_handle_t policy_handle;
681	IN		struct mslsa_lup_sid_table lup_sid_table;
682	OUT		struct mslsa_domain_table *domain_table;
683	INOUT	struct lsar_name_table2 name_table;
684	IN		DWORD lookup_level;
685	INOUT	DWORD mapped_count;
686	IN		DWORD zero;
687	IN		DWORD requested_count;
688 	OUT		DWORD status;
689};
690
691
692/*
693 ***********************************************************************
694 * LSARPC_OPNUM_LookupNames2
695 *
696 * Name lookup function that appeared in Windows 2000. It appears to be
697 * very similar to the original name lookup RPC. There are two extra IN
698 * parameters, which we don't care about. The lsar_rid_entry2 structure
699 * has an extra field, in which zero seems to be okay.
700 ***********************************************************************
701 */
702struct lsar_rid_entry2 {
703	WORD sid_name_use;
704	WORD pad;		/* alignment - probably not required */
705	DWORD rid;
706	DWORD domain_index;	/* -1 means none */
707	DWORD unknown;		/* new */
708};
709
710
711struct lsar_rid_table2 {
712	DWORD n_entry;
713  SIZE_IS(n_entry)
714	struct lsar_rid_entry2 *rids;
715};
716
717
718OPERATION(LSARPC_OPNUM_LookupNames2)
719struct lsar_LookupNames2 {
720	IN		mslsa_handle_t policy_handle;
721	IN	REFERENCE	struct mslsa_lup_name_table *name_table;
722	OUT		struct mslsa_domain_table *domain_table;
723	INOUT	struct lsar_rid_table2 translated_sids;
724	IN		DWORD lookup_level;
725	INOUT	DWORD mapped_count;
726	IN		DWORD unknown_sbz;
727	IN		DWORD unknown_sb2;
728	OUT		DWORD status;
729};
730
731
732/*
733 ***********************************************************************
734 * This is a generic discovery entry. As long as the handle is valid
735 * this is useful for scoping the network to discover new worlds. To
736 * seek out new life, new civilizations. To boldly spilt infinitives
737 * where no man has gone before. So basically we send and receive a
738 * big buffer and let netmon tell us to which RPC the opnum refers.
739 ***********************************************************************
740 */
741
742#define LSA_DISCOVERY_SIZE		16
743
744
745OPERATION(LSARPC_OPNUM_Discovery)
746struct mslsa_Discovery {
747	IN	mslsa_handle_t handle;
748	IN	DWORD in_stuff[LSA_DISCOVERY_SIZE];
749	OUT	DWORD out_stuff[LSA_DISCOVERY_SIZE];
750	OUT	DWORD status;
751};
752
753
754/*
755 ***********************************************************************
756 * The LSARPC interface definition.
757 ***********************************************************************
758 */
759INTERFACE(0)
760union lsarpc_interface {
761	CASE(LSARPC_OPNUM_CloseHandle)
762		struct mslsa_CloseHandle		CloseHandle;
763	CASE(LSARPC_OPNUM_QuerySecurityObject)
764		struct mslsa_QuerySecurityObject	QuerySecurityObj;
765	CASE(LSARPC_OPNUM_EnumerateAccounts)
766		struct mslsa_EnumerateAccounts		EnumAccounts;
767	CASE(LSARPC_OPNUM_EnumTrustedDomain)
768		struct mslsa_EnumTrustedDomain		EnumTrustedDomain;
769	CASE(LSARPC_OPNUM_OpenAccount)
770		struct mslsa_OpenAccount		OpenAccount;
771	CASE(LSARPC_OPNUM_EnumPrivsAccount)
772		struct mslsa_EnumPrivsAccount		EnumPrivsAccount;
773	CASE(LSARPC_OPNUM_LookupPrivValue)
774		struct mslsa_LookupPrivValue		LookupPrivValue;
775	CASE(LSARPC_OPNUM_LookupPrivName)
776		struct mslsa_LookupPrivName		LookupPrivName;
777	CASE(LSARPC_OPNUM_LookupPrivDisplayName)
778		struct mslsa_LookupPrivDisplayName	LookupPrivDisplayName;
779	CASE(LSARPC_OPNUM_Discovery)
780		struct mslsa_Discovery			Discovery;
781	CASE(LSARPC_OPNUM_QueryInfoPolicy)
782		struct mslsa_QueryInfoPolicy		QueryInfoPolicy;
783	CASE(LSARPC_OPNUM_OpenPolicy)
784		struct mslsa_OpenPolicy			OpenPolicy;
785	CASE(LSARPC_OPNUM_OpenPolicy2)
786		struct mslsa_OpenPolicy2		OpenPolicy2;
787	CASE(LSARPC_OPNUM_LookupSids)
788		struct mslsa_LookupSids			LookupSids;
789	CASE(LSARPC_OPNUM_LookupNames)
790		struct mslsa_LookupNames		LookupNames;
791	CASE(LSARPC_OPNUM_GetConnectedUser)
792		struct mslsa_GetConnectedUser		GetConnectedUser;
793	CASE(LSARPC_OPNUM_LookupSids2)
794		struct lsar_lookup_sids2		LookupSids2;
795	CASE(LSARPC_OPNUM_LookupNames2)
796		struct lsar_LookupNames2		LookupNames2;
797};
798typedef union lsarpc_interface	lsarpc_interface_t;
799EXTERNTYPEINFO(lsarpc_interface)
800
801#endif /* _MLSVC_LSA_NDL_ */
802