1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26#ifndef _MLSVC_LSA_NDL_ 27#define _MLSVC_LSA_NDL_ 28 29/* 30 * Local Security Authority RPC (LSARPC) interface definition. 31 * 32 * Names containing a backslash ('\') are known as qualified or composite 33 * names. The string preceding the backslash is assumed to be the domain 34 * name and the string following the slash is assumed to be name to be 35 * resolved within that domain. 36 * 37 * Names that do not contain a backslash are known as isolated names. 38 * An isolated name may be a single label, such as john, or may be in 39 * user principal name (UPN) form, such as john@example.com. 40 */ 41 42#include "ndrtypes.ndl" 43 44 45#define LSARPC_OPNUM_CloseHandle 0x00 46#define LSARPC_OPNUM_Delete 0x01 47#define LSARPC_OPNUM_EnumPrivileges 0x02 48#define LSARPC_OPNUM_QuerySecurityObject 0x03 49#define LSARPC_OPNUM_SetSecurityObject 0x04 50#define LSARPC_OPNUM_ChangePassword 0x05 51#define LSARPC_OPNUM_OpenPolicy 0x06 52#define LSARPC_OPNUM_QueryInfoPolicy 0x07 53#define LSARPC_OPNUM_SetInfoPolicy 0x08 54#define LSARPC_OPNUM_ClearAuditLog 0x09 55#define LSARPC_OPNUM_CreateAccount 0x0a 56#define LSARPC_OPNUM_EnumerateAccounts 0x0b 57#define LSARPC_OPNUM_CreateTrustedDomain 0x0c 58#define LSARPC_OPNUM_EnumTrustedDomain 0x0d 59#define LSARPC_OPNUM_LookupNames 0x0e 60#define LSARPC_OPNUM_LookupSids 0x0f 61#define LSARPC_OPNUM_CreateSecret 0x10 62#define LSARPC_OPNUM_OpenAccount 0x11 63#define LSARPC_OPNUM_EnumPrivsAccount 0x12 64#define LSARPC_OPNUM_AddAccountPrivs 0x13 65#define LSARPC_OPNUM_RemoveAccountPrivs 0x14 66#define LSARPC_OPNUM_GetAccountQuota 0x15 67#define LSARPC_OPNUM_SetAccountQuota 0x16 68#define LSARPC_OPNUM_GetSystemAccessAccount 0x17 69#define LSARPC_OPNUM_SetSystemAccessAccount 0x18 70#define LSARPC_OPNUM_OpenTrustedDomain 0x19 71#define LSARPC_OPNUM_QueryInfoTrustedDomain 0x1a 72#define LSARPC_OPNUM_SetinfoTrustedDomain 0x1b 73#define LSARPC_OPNUM_OpenSecret 0x1c 74#define LSARPC_OPNUM_SetSecret 0x1d 75#define LSARPC_OPNUM_QuerySecret 0x1e 76#define LSARPC_OPNUM_LookupPrivValue 0x1f 77#define LSARPC_OPNUM_LookupPrivName 0x20 78#define LSARPC_OPNUM_LookupPrivDisplayName 0x21 79#define LSARPC_OPNUM_DeleteObject 0x22 80#define LSARPC_OPNUM_EnumAccountsWithUserRight 0x23 81#define LSARPC_OPNUM_EnumAccountRights 0x24 82#define LSARPC_OPNUM_AddAccountRights 0x25 83#define LSARPC_OPNUM_RemoveAccountRights 0x26 84#define LSARPC_OPNUM_QueryTrustedDomainInfo 0x27 85#define LSARPC_OPNUM_SetTrustedDomainInfo 0x28 86 87/* Windows 2000 */ 88#define LSARPC_OPNUM_DeleteTrustedDomain 0x29 89#define LSARPC_OPNUM_StorePrivateData 0x2a 90#define LSARPC_OPNUM_RetrievePrivateData 0x2b 91#define LSARPC_OPNUM_OpenPolicy2 0x2c 92#define LSARPC_OPNUM_GetConnectedUser 0x2d 93#define LSARPC_OPNUM_QueryInfoPolicy2 0x2e 94#define LSARPC_OPNUM_SetInfoPolicy2 0x2f 95#define LSARPC_OPNUM_QueryTrustedDomainInfoByName 0x30 96#define LSARPC_OPNUM_SetTrustedDomainInfoByName 0x31 97#define LSARPC_OPNUM_EnumTrustedDomainsEx 0x32 98#define LSARPC_OPNUM_CreateTrustedDomainEx 0x33 99#define LSARPC_OPNUM_CloseTrustedDomainEx 0x34 100#define LSARPC_OPNUM_QueryDomainInfoPolicy 0x35 101#define LSARPC_OPNUM_SetDomainInfoPolicy 0x36 102#define LSARPC_OPNUM_OpenTrustedDomainByName 0x37 103#define LSARPC_OPNUM_TestCall 0x38 104#define LSARPC_OPNUM_LookupSids2 0x39 105#define LSARPC_OPNUM_LookupNames2 0x3a 106#define LSARPC_OPNUM_CreateTrustedDomainEx2 0x3b 107 108/* Windows 2000 SP3 */ 109#define LSARPC_OPNUM_CredWrite 0x3c 110#define LSARPC_OPNUM_CredRead 0x3d 111#define LSARPC_OPNUM_CredEnumerate 0x3e 112#define LSARPC_OPNUM_CredWriteDomainCreds 0x3f 113#define LSARPC_OPNUM_CredReadDomainCreds 0x40 114#define LSARPC_OPNUM_CredDelete 0x41 115#define LSARPC_OPNUM_CredGetTargetInfo 0x42 116#define LSARPC_OPNUM_CredProfileLoaded 0x43 117#define LSARPC_OPNUM_LookupNames3 0x44 118#define LSARPC_OPNUM_CredGetSessionTypes 0x45 119#define LSARPC_OPNUM_RegisterAuditEvent 0x46 120#define LSARPC_OPNUM_GenAuditEvent 0x47 121#define LSARPC_OPNUM_UnregisterAuditEvent 0x48 122#define LSARPC_OPNUM_QueryForestTrustInfo 0x49 123#define LSARPC_OPNUM_SetForestTrustInfo 0x4a 124#define LSARPC_OPNUM_CredRename 0x4b 125#define LSARPC_OPNUM_LookupSids3 0x4c 126#define LSARPC_OPNUM_LookupNames4 0x4d 127#define LSARPC_OPNUM_OpenPolicySce 0x4e 128 129/* Windows Server 2003 */ 130#define LSARPC_OPNUM_AdtRegisterSecurityEventSource 0x4f 131#define LSARPC_OPNUM_AdtUnregisterSecurityEventSource 0x50 132#define LSARPC_OPNUM_AdtReportSecurityEvent 0x51 133 134/* Windows Vista */ 135#define LSARPC_OPNUM_CredFindBestCredential 0x52 136#define LSARPC_OPNUM_SetAuditPolicy 0x53 137#define LSARPC_OPNUM_QueryAuditPolicy 0x54 138#define LSARPC_OPNUM_EnumerateAuditPolicy 0x55 139#define LSARPC_OPNUM_EnumerateAuditCategories 0x56 140#define LSARPC_OPNUM_EnumerateAuditSubCategories 0x57 141#define LSARPC_OPNUM_LookupAuditCategoryName 0x58 142#define LSARPC_OPNUM_LookupAuditSubCategoryName 0x59 143#define LSARPC_OPNUM_SetAuditSecurity 0x5a 144#define LSARPC_OPNUM_QueryAuditSecurity 0x5b 145#define LSARPC_OPNUM_CredReadByTokenHandle 0x5c 146#define LSARPC_OPNUM_CredRestoreCredentials 0x5d 147#define LSARPC_OPNUM_CredBackupCredentials 0x5e 148 149/* 150 * Lookup levels. Level 1 appears to mean only look on the local host and 151 * level 2 means forward the request to the PDC. On the PDC it probably 152 * doesn't matter which level you use but on a BDC a level 1 lookup will 153 * fail if the BDC doesn't have the info whereas a level 2 lookup will also 154 * check with the PDC. 155 */ 156#define LSA_LOOKUP_WKSTA 1 /* Windows NT 3.1 */ 157#define LSA_LOOKUP_PDC 2 158#define LSA_LOOKUP_TDL 3 159#define LSA_LOOKUP_GC 4 /* Windows 2000 */ 160#define LSA_LOOKUP_XFORESTREFERRAL 5 /* Windows XP */ 161#define LSA_LOOKUP_XFORESTRESOLVE 6 162#define LSA_LOOKUP_RODCREFERRALTOFULLDC 7 /* Windows Vista */ 163 164/* 165 * Name/SID lookup flags 166 */ 167#define LSA_LOOKUP_NAME_NOT_SPN 0x00000001 168#define LSA_LOOKUP_NAME_MAYBE_XFOREST 0x00000002 169#define LSA_LOOKUP_NAME_IN_DBVIEW 0x00000004 170 171/* 172 * Name/SID lookup options 173 * 174 * 0x00000000 Lookup isolated names both locally and in domains/forests. 175 * 0x80000000 Lookup isolated names (except for UPNs) only in the local 176 * account database. Do not lookup UPNs. 177 */ 178#define LSA_LOOKUP_OPT_ALL 0x00000000 179#define LSA_LOOKUP_OPT_LOCAL 0x80000000 180 181/* 182 * Client revision 183 * 184 * 0x00000001 Client does not understand DNS names or forests. 185 * 0x00000002 Client understands DNS names and forests. 186 * 187 * Notes: 188 * 0 means the same as 1 189 * Anything greater than 2 means the same as 2 190 */ 191#define LSA_CLIENT_REVISION_NT 0x00000001 192#define LSA_CLIENT_REVISION_AD 0x00000002 193 194/* 195 * Definition for a SID. The ndl compiler won't allow a typedef of 196 * a structure containing variable size members. 197 */ 198struct mslsa_sid { 199 BYTE Revision; 200 BYTE SubAuthCount; 201 BYTE Authority[6]; 202 SIZE_IS(SubAuthCount) 203 DWORD SubAuthority[ANY_SIZE_ARRAY]; 204}; 205 206struct mslsa_string_desc { 207 WORD length; 208 WORD allosize; 209 LPTSTR str; 210}; 211typedef struct mslsa_string_desc mslsa_string_t; 212 213CONTEXT_HANDLE(mslsa_handle) mslsa_handle_t; 214 215struct mslsa_luid { 216 DWORD low_part; 217 DWORD high_part; 218}; 219typedef struct mslsa_luid mslsa_luid_t; 220 221struct mslsa_guid { 222 DWORD data1; 223 WORD data2; 224 WORD data3; 225 BYTE data4[8]; 226}; 227typedef struct mslsa_guid mslsa_guid_t; 228 229/* 230 *********************************************************************** 231 * OpenPolicy2 obtains a handle for a remote LSA. This handle is 232 * required for all subsequent LSA requests. 233 * 234 * The server name should be the name of the target PDC or BDC, with 235 * the double backslash prefix. 236 * 237 * As far as I can tell, the mslsa_object_attributes structure can be 238 * all zero except for the length, which should be set to sizeof(struct 239 * mslsa_object_attributes). 240 * 241 * For read access, the desired access mask should contain the 242 * READ_CONTROL standard right and whatever policy rights are required. 243 * I haven't tried any update operations but if you get the access mask 244 * wrong you can crash the domain controller. 245 *********************************************************************** 246 */ 247 248 249/* 250 * From netmon: 251 * length = 12 252 * impersonation_level = 2 253 * context_tracking_mode = 1 254 * effective_only = 0 255 */ 256struct mslsa_quality_of_service { 257 DWORD length; 258 WORD impersonation_level; 259 BYTE context_tracking_mode; 260 BYTE effective_only; 261}; 262 263 264struct mslsa_object_attributes { 265 DWORD length; 266 DWORD rootDirectory; 267 DWORD objectName; 268 DWORD attributes; 269 DWORD securityDescriptor; 270 struct mslsa_quality_of_service *qualityOfService; 271}; 272 273 274OPERATION(LSARPC_OPNUM_OpenPolicy) 275struct mslsa_OpenPolicy { 276 IN DWORD *servername; 277 IN struct mslsa_object_attributes attributes; 278 IN DWORD desiredAccess; 279 OUT mslsa_handle_t domain_handle; 280 OUT DWORD status; 281}; 282 283OPERATION(LSARPC_OPNUM_OpenPolicy2) 284struct mslsa_OpenPolicy2 { 285 IN LPTSTR servername; 286 IN struct mslsa_object_attributes attributes; 287 IN DWORD desiredAccess; 288 OUT mslsa_handle_t domain_handle; 289 OUT DWORD status; 290}; 291 292 293/* 294 *********************************************************************** 295 * CloseHandle closes an association with the LSA. The returned handle 296 * will be all zero. 297 *********************************************************************** 298 */ 299OPERATION(LSARPC_OPNUM_CloseHandle) 300struct mslsa_CloseHandle { 301 IN mslsa_handle_t handle; 302 OUT mslsa_handle_t result_handle; 303 OUT DWORD status; 304}; 305 306 307/* 308 *********************************************************************** 309 * EnumPrivileges 310 * 311 * Obtain a list of privilege names. This interface is not implemented 312 * yet The definition below has not been tested. This is a guess based 313 * on data available from netmon. 314 *********************************************************************** 315 */ 316struct mslsa_PrivDef { 317 mslsa_string_t name; 318 mslsa_luid_t luid; 319}; 320 321 322struct mslsa_PrivEnumBuf { 323 DWORD entries_read; 324 SIZE_IS(entries_read) 325 struct mslsa_PrivDef *def; 326}; 327 328 329OPERATION(LSARPC_OPNUM_EnumPrivileges) 330struct mslsa_EnumPrivileges { 331 IN mslsa_handle_t handle; 332 INOUT DWORD enum_context; 333 IN DWORD max_length; 334 OUT REFERENCE struct mslsa_PrivEnumBuf *enum_buf; 335 OUT DWORD status; 336}; 337 338 339/* 340 *********************************************************************** 341 * QuerySecurityObject. I'm not entirely sure how to set this up yet. 342 * I used the discovery RPC to scope it out. The structures are set up 343 * according to netmon and the assumption that a security descriptor 344 * on the wire looks like the regular user level security descriptor. 345 *********************************************************************** 346 */ 347struct mslsa_SecurityDescriptor { 348 BYTE revision; 349 BYTE sbz1; 350 WORD control; 351 DWORD owner; 352 DWORD group; 353 DWORD sacl; 354 DWORD dacl; 355}; 356 357 358struct mslsa_SecurityDescInfo { 359 DWORD length; 360 SIZE_IS(length) 361 BYTE *desc; /* temporary */ 362 /* struct mslsa_SecurityDescriptor *desc; */ 363}; 364 365 366OPERATION(LSARPC_OPNUM_QuerySecurityObject) 367struct mslsa_QuerySecurityObject { 368 IN mslsa_handle_t handle; 369 IN DWORD security_info; 370 OUT struct mslsa_SecurityDescInfo *desc_info; 371 OUT DWORD status; 372}; 373 374 375/* 376 *********************************************************************** 377 * EnumerateAccounts and EnumerateTrustedDomain. 378 *********************************************************************** 379 */ 380struct mslsa_AccountInfo { 381 struct mslsa_sid *sid; 382}; 383 384 385struct mslsa_EnumAccountBuf { 386 DWORD entries_read; 387 SIZE_IS(entries_read) 388 struct mslsa_AccountInfo *info; 389}; 390 391 392OPERATION(LSARPC_OPNUM_EnumerateAccounts) 393struct mslsa_EnumerateAccounts { 394 IN mslsa_handle_t handle; 395 INOUT DWORD enum_context; 396 IN DWORD max_length; 397 OUT REFERENCE struct mslsa_EnumAccountBuf *enum_buf; 398 OUT DWORD status; 399}; 400 401 402struct mslsa_TrustedDomainInfo { 403 mslsa_string_t name; 404 struct mslsa_sid *sid; 405}; 406 407 408struct mslsa_EnumTrustedDomainBuf { 409 DWORD entries_read; 410 SIZE_IS(entries_read) 411 struct mslsa_TrustedDomainInfo *info; 412}; 413 414 415OPERATION(LSARPC_OPNUM_EnumTrustedDomain) 416struct mslsa_EnumTrustedDomain { 417 IN mslsa_handle_t handle; 418 INOUT DWORD enum_context; 419 IN DWORD max_length; 420 OUT REFERENCE struct mslsa_EnumTrustedDomainBuf *enum_buf; 421 OUT DWORD status; 422}; 423 424struct mslsa_TrustedDomainInfoEx { 425 mslsa_string_t dns_name; 426 mslsa_string_t nb_name; 427 struct mslsa_sid *sid; 428 DWORD trust_direction; 429 DWORD trust_type; 430 DWORD trust_attrs; 431}; 432 433struct mslsa_EnumTrustedDomainBufEx { 434 DWORD entries_read; 435 SIZE_IS(entries_read) 436 struct mslsa_TrustedDomainInfoEx *info; 437}; 438 439OPERATION(LSARPC_OPNUM_EnumTrustedDomainsEx) 440struct mslsa_EnumTrustedDomainEx { 441 IN mslsa_handle_t handle; 442 INOUT DWORD enum_context; 443 IN DWORD max_length; 444 OUT REFERENCE struct mslsa_EnumTrustedDomainBufEx *enum_buf; 445 OUT DWORD status; 446}; 447 448/* 449 *********************************************************************** 450 * Definitions common to both LookupSids and LookupNames. Both return 451 * an mslsa_domain_table[]. Each interface also returns a specific 452 * table with entries which index the mslsa_domain_table[]. 453 *********************************************************************** 454 */ 455struct mslsa_domain_entry { 456 mslsa_string_t domain_name; 457 struct mslsa_sid *domain_sid; 458}; 459typedef struct mslsa_domain_entry mslsa_domain_entry_t; 460 461 462struct mslsa_domain_table { 463 DWORD n_entry; 464 SIZE_IS(n_entry) 465 mslsa_domain_entry_t *entries; 466 DWORD max_n_entry; 467}; 468 469 470/* 471 *********************************************************************** 472 * Definitions for LookupSids. 473 * 474 * The input parameters are: 475 * 476 * A valid LSA handle obtained from an LsarOpenPolicy. 477 * The table of SIDs to be looked up. 478 * A table of names (probably empty). 479 * The lookup level (local=1 or PDC=2). 480 * An enumeration counter (used for continuation operations). 481 * 482 * The output results are: 483 * 484 * A table of referenced domains. 485 * A table of usernames. 486 * The updated value of the enumeration counter. 487 * The result status. 488 *********************************************************************** 489 */ 490 491struct mslsa_lup_sid_entry { 492 struct mslsa_sid *psid; 493}; 494 495struct mslsa_lup_sid_table { 496 DWORD n_entry; 497 SIZE_IS(n_entry) 498 struct mslsa_lup_sid_entry *entries; 499}; 500 501struct mslsa_name_entry { 502 WORD sid_name_use; 503 WORD unknown_flags; 504 mslsa_string_t name; 505 DWORD domain_ix; /* -1 means none */ 506}; 507 508struct mslsa_name_table { 509 DWORD n_entry; 510 SIZE_IS(n_entry) 511 struct mslsa_name_entry *entries; 512}; 513 514OPERATION(LSARPC_OPNUM_LookupSids) 515struct mslsa_LookupSids { 516 IN mslsa_handle_t handle; 517 IN struct mslsa_lup_sid_table lup_sid_table; 518 519 OUT struct mslsa_domain_table *domain_table; 520 INOUT struct mslsa_name_table name_table; 521 522 IN DWORD lookup_level; 523 INOUT DWORD mapped_count; 524 OUT DWORD status; 525}; 526 527OPERATION(LSARPC_OPNUM_CreateSecret) 528struct mslsa_CreateSecret { 529 IN mslsa_handle_t handle; 530 IN mslsa_string_t name; 531 IN DWORD access_mask; 532 OUT mslsa_handle_t secret_handle; 533 OUT DWORD status; 534}; 535 536/* 537 *********************************************************************** 538 * Definitions for LookupNames. 539 * 540 * LookupNames requires the following input parameters. 541 * 542 * A valid LSA handle obtained from an LsarOpenPolicy. 543 * The table of names to be looked up. 544 * A table of translated sids (probably empty). 545 * The lookup level (local=1 or PDC=2). 546 * An enumeration counter (used for continuation operations). 547 * 548 * The outputs are as follows. 549 * 550 * A table of referenced domains. 551 * A table of translated sids (actually rids). 552 * The updated value of the enumeration counter. 553 * The result status. 554 *********************************************************************** 555 */ 556struct mslsa_lup_name_table { 557 DWORD n_entry; 558 SIZE_IS(n_entry) 559 mslsa_string_t names[ANY_SIZE_ARRAY]; 560}; 561 562 563struct mslsa_rid_entry { 564 WORD sid_name_use; 565 WORD pad; 566 DWORD rid; 567 DWORD domain_index; 568}; 569 570 571struct mslsa_rid_table { 572 DWORD n_entry; 573 SIZE_IS(n_entry) 574 struct mslsa_rid_entry *rids; 575}; 576 577 578OPERATION(LSARPC_OPNUM_LookupNames) 579struct mslsa_LookupNames { 580 IN mslsa_handle_t handle; 581 IN REFERENCE struct mslsa_lup_name_table *name_table; 582 583 OUT struct mslsa_domain_table *domain_table; 584 INOUT struct mslsa_rid_table translated_sids; 585 586 IN DWORD lookup_level; 587 INOUT DWORD mapped_count; 588 OUT DWORD status; 589}; 590 591 592/* 593 *********************************************************************** 594 * QueryInfoPolicy returns various pieces of policy information. The 595 * desired information is specified using a class value, as defined 596 * below. 597 *********************************************************************** 598 */ 599#define MSLSA_POLICY_AUDIT_LOG_INFO 1 600#define MSLSA_POLICY_AUDIT_EVENTS_INFO 2 601#define MSLSA_POLICY_PRIMARY_DOMAIN_INFO 3 602#define MSLSA_POLICY_UNKNOWN_4_INFO 4 603#define MSLSA_POLICY_ACCOUNT_DOMAIN_INFO 5 604#define MSLSA_POLICY_SERVER_ROLE_INFO 6 605#define MSLSA_POLICY_REPLICA_SOURCE_INFO 7 606#define MSLSA_POLICY_DEFAULT_QUOTA_INFO 8 607#define MSLSA_POLICY_DB_INFO 9 608#define MSLSA_POLICY_AUDIT_SET_INFO 10 609#define MSLSA_POLICY_AUDIT_QUERY_INFO 11 610#define MSLSA_POLICY_DNS_DOMAIN_INFO 12 611 612#define LSA_ROLE_STANDALONE_WORKSTATION 0 613#define LSA_ROLE_MEMBER_WORKSTATION 1 614#define LSA_ROLE_STANDALONE_SERVER 2 615#define LSA_ROLE_MEMBER_SERVER 3 616#define LSA_ROLE_BACKUP_DC 4 617#define LSA_ROLE_PRIMARY_DC 5 618 619/* 620 * MSLSA_POLICY_AUDIT_EVENTS_INFO 621 */ 622struct mslsa_AuditEventsInfo { 623 DWORD enabled; 624 SIZE_IS (count) 625 DWORD *settings; 626 DWORD count; 627}; 628 629/* 630 * MSLSA_POLICY_PRIMARY_DOMAIN_INFO 631 */ 632struct mslsa_PrimaryDomainInfo { 633 struct mslsa_string_desc name; 634 struct mslsa_sid *sid; 635}; 636 637/* 638 * MSLSA_POLICY_ACCOUNT_DOMAIN_INFO 639 */ 640struct mslsa_AccountDomainInfo { 641 struct mslsa_string_desc name; 642 struct mslsa_sid *sid; 643}; 644 645/* 646 * MSLSA_POLICY_SERVER_ROLE_INFO 647 */ 648struct mslsa_ServerRoleInfo { 649 DWORD role; 650 DWORD pad; 651}; 652 653struct mslsa_DnsDomainInfo { 654 struct mslsa_string_desc nb_domain; 655 struct mslsa_string_desc dns_domain; 656 struct mslsa_string_desc forest; 657 struct mslsa_guid guid; 658 struct mslsa_sid *sid; 659}; 660 661union mslsa_PolicyInfoResUnion { 662 CASE(2) struct mslsa_AuditEventsInfo audit_events; 663 CASE(3) struct mslsa_PrimaryDomainInfo pd_info; 664 CASE(5) struct mslsa_AccountDomainInfo ad_info; 665 CASE(6) struct mslsa_ServerRoleInfo server_role; 666 CASE(12) struct mslsa_DnsDomainInfo dns_info; 667 DEFAULT char *nullptr; 668}; 669 670/* 671 * This structure needs to be declared, even though it can't be used in 672 * mslsa_QueryInfoPolicy, in order to get the appropriate size to calculate 673 * the correct fixup offsets. If ndrgen did the right thing, 674 * mslsa_PolicyInfoRes would be one of the out parameters. However, if 675 * we do it that way, the switch_value isn't known early enough to do 676 * the fixup calculation. So it all has to go in mslsa_QueryInfoPolicy. 677 */ 678struct mslsa_PolicyInfoRes { 679 DWORD address; 680 WORD switch_value; 681 SWITCH(switch_value) 682 union mslsa_PolicyInfoResUnion ru; 683}; 684 685OPERATION(LSARPC_OPNUM_QueryInfoPolicy) 686struct mslsa_QueryInfoPolicy { 687 IN mslsa_handle_t handle; 688 IN WORD info_class; 689 /* 690 * Can't use this form because we need to include members explicitly. 691 * OUT struct mslsa_PolicyInfoRes result; 692 */ 693 OUT DWORD address; 694 OUT WORD switch_value; 695 SWITCH(switch_value) 696 OUT union mslsa_PolicyInfoResUnion ru; 697 OUT DWORD status; 698}; 699 700 701 702/* 703 *********************************************************************** 704 * OpenAccount. 705 * 706 * Returns a handle that can be used to access the account specified 707 * by a SID. This handle can be used to enumerate account privileges. 708 *********************************************************************** 709 */ 710OPERATION(LSARPC_OPNUM_OpenAccount) 711struct mslsa_OpenAccount { 712 IN mslsa_handle_t handle; 713 IN REFERENCE struct mslsa_sid *sid; 714 IN DWORD access_mask; 715 OUT mslsa_handle_t account_handle; 716 OUT DWORD status; 717}; 718 719 720 721 /* 722 *********************************************************************** 723 * EnumPrivilegesAccount. 724 * 725 * Enumerate the list of privileges held by the specified account. The 726 * handle must be a valid account handle obtained via OpenAccount. The 727 * luid values returned will be probably only be relevant on the domain 728 * controller so we'll need to find a way to convert them to the 729 * actual privilege names. 730 *********************************************************************** 731 */ 732struct mslsa_LuidAndAttributes { 733 struct mslsa_luid luid; 734 DWORD attributes; 735}; 736 737 738struct mslsa_PrivilegeSet { 739 DWORD privilege_count; 740 DWORD control; 741 SIZE_IS(privilege_count) 742 struct mslsa_LuidAndAttributes privilege[ANY_SIZE_ARRAY]; 743}; 744 745 746OPERATION(LSARPC_OPNUM_EnumPrivsAccount) 747 struct mslsa_EnumPrivsAccount { 748 IN mslsa_handle_t account_handle; 749 OUT struct mslsa_PrivilegeSet *privileges; 750 OUT DWORD status; 751}; 752 753OPERATION(LSARPC_OPNUM_OpenSecret) 754struct mslsa_OpenSecret { 755 IN mslsa_handle_t handle; 756 IN mslsa_string_t name; 757 IN DWORD access_mask; 758 OUT mslsa_handle_t secret_handle; 759 OUT DWORD status; 760}; 761 762 763/* 764 *********************************************************************** 765 * LookupPrivValue 766 * 767 * Map a privilege name to a local unique id (LUID). Privilege names 768 * are consistent across the network. LUIDs are machine specific. 769 * The privilege list is provided as a set of LUIDs so the privilege 770 * lookup functions must be used to identify which the privilege to 771 * which each LUID refers. The handle here is a policy handle. 772 *********************************************************************** 773 */ 774OPERATION(LSARPC_OPNUM_LookupPrivValue) 775struct mslsa_LookupPrivValue { 776 IN mslsa_handle_t handle; 777 IN mslsa_string_t name; 778 OUT struct mslsa_luid luid; 779 OUT DWORD status; 780}; 781 782 783/* 784 *********************************************************************** 785 * LookupPrivName 786 * 787 * Map a privilege value (LUID) to a privilege name. Privilege names 788 * are consistent across the network. LUIDs are machine specific. 789 * The privilege list is provided as a set of LUIDs so the privilege 790 * lookup functions must be used to identify which the privilege to 791 * which each LUID refers. The handle here is a policy handle. 792 *********************************************************************** 793 */ 794OPERATION(LSARPC_OPNUM_LookupPrivName) 795struct mslsa_LookupPrivName { 796 IN mslsa_handle_t handle; 797 IN struct mslsa_luid luid; 798 OUT mslsa_string_t *name; 799 OUT DWORD status; 800}; 801 802 803/* 804 *********************************************************************** 805 * LookupPrivDisplayName 806 * 807 * Map a privilege name to a local unique id (LUID). Privilege names 808 * are consistent across the network. LUIDs are machine specific. 809 * The privilege list is provided as a set of LUIDs so the privilege 810 * lookup functions must be used to identify which the privilege to 811 * which each LUID refers. The handle here is a policy handle. 812 *********************************************************************** 813 */ 814OPERATION(LSARPC_OPNUM_LookupPrivDisplayName) 815struct mslsa_LookupPrivDisplayName { 816 IN mslsa_handle_t handle; 817 IN mslsa_string_t name; 818 IN WORD client_language; 819 IN WORD default_language; 820 OUT mslsa_string_t *display_name; 821 OUT WORD language_ret; 822 OUT DWORD status; 823}; 824 825 826/* 827 *********************************************************************** 828 * GetConnectedUser 829 * 830 * Return the account name and NetBIOS domain name for the user making 831 * the request. All input fields should be ignored by the server. 832 *********************************************************************** 833 */ 834struct mslsa_DomainName { 835 struct mslsa_string_desc *name; 836}; 837 838 839OPERATION(LSARPC_OPNUM_GetConnectedUser) 840struct mslsa_GetConnectedUser { 841 IN LPTSTR hostname; 842 IN BYTE *owner_in; 843 IN BYTE *domain_in; 844 OUT struct mslsa_string_desc *owner; 845 OUT struct mslsa_DomainName *domain; 846 OUT DWORD status; 847}; 848 849 850/* 851 *********************************************************************** 852 * LSARPC_OPNUM_LookupSids2 853 * 854 * SID lookup function that appeared in Windows 2000. It appears to be 855 * very similar to the original SID lookup RPC. There are two extra IN 856 * parameters, which we don't care about. The OUT name structure has 857 * an extra field, in which zero seems to be okay. 858 *********************************************************************** 859 */ 860struct lsar_name_entry2 { 861 WORD sid_name_use; 862 WORD padding; 863 mslsa_string_t name; 864 DWORD domain_ix; /* -1 means none */ 865 DWORD flags; 866}; 867typedef struct lsar_name_entry2 lsar_translated_name_ex_t; 868 869struct lsar_name_table2 { 870 DWORD n_entry; 871 SIZE_IS(n_entry) 872 struct lsar_name_entry2 *entries; 873}; 874typedef struct lsar_name_table2 lsar_translated_names_ex_t; 875 876OPERATION(LSARPC_OPNUM_LookupSids2) 877struct lsar_lookup_sids2 { 878 IN mslsa_handle_t policy_handle; 879 IN struct mslsa_lup_sid_table lup_sid_table; 880 OUT struct mslsa_domain_table *domain_table; 881 INOUT struct lsar_name_table2 name_table; 882 IN DWORD lookup_level; 883 INOUT DWORD mapped_count; 884 IN DWORD lookup_options; 885 IN DWORD client_revision; 886 OUT DWORD status; 887}; 888 889OPERATION(LSARPC_OPNUM_LookupSids3) 890struct lsar_lookup_sids3 { 891 IN struct mslsa_lup_sid_table lup_sid_table; 892 OUT struct mslsa_domain_table *domain_table; 893 INOUT lsar_translated_names_ex_t name_table; 894 IN DWORD lookup_level; 895 INOUT DWORD mapped_count; 896 IN DWORD lookup_options; 897 IN DWORD client_revision; 898 OUT DWORD status; 899}; 900 901/* 902 *********************************************************************** 903 * LSARPC_OPNUM_LookupNames2 904 * 905 * Name lookup function that appeared in Windows 2000. It appears to be 906 * very similar to the original name lookup RPC. There are two extra IN 907 * parameters, which we don't care about. The lsar_rid_entry2 structure 908 * has an extra field, in which zero seems to be okay. 909 *********************************************************************** 910 */ 911struct lsar_rid_entry2 { 912 WORD sid_name_use; 913 WORD pad; 914 DWORD rid; 915 DWORD domain_index; /* -1 means none */ 916 DWORD flags; 917}; 918 919 920struct lsar_rid_table2 { 921 DWORD n_entry; 922 SIZE_IS(n_entry) 923 struct lsar_rid_entry2 *rids; 924}; 925 926 927OPERATION(LSARPC_OPNUM_LookupNames2) 928struct lsar_LookupNames2 { 929 IN mslsa_handle_t policy_handle; 930 IN REFERENCE struct mslsa_lup_name_table *name_table; 931 OUT struct mslsa_domain_table *domain_table; 932 INOUT struct lsar_rid_table2 translated_sids; 933 IN DWORD lookup_level; 934 INOUT DWORD mapped_count; 935 IN DWORD lookup_options; 936 IN DWORD client_revision; 937 OUT DWORD status; 938}; 939 940struct lsar_translated_sid_ex2 { 941 WORD sid_name_use; 942 WORD pad; 943 struct mslsa_sid *sid; 944 DWORD domain_index; /* -1 means none */ 945 DWORD flags; 946}; 947typedef struct lsar_translated_sid_ex2 lsar_translated_sid_ex2_t; 948 949struct lsar_sid_ex2_table { 950 DWORD n_entry; 951 SIZE_IS(n_entry) 952 struct lsar_translated_sid_ex2 *sids; 953}; 954typedef struct lsar_sid_ex2_table lsar_sid_ex2_table_t; 955 956OPERATION(LSARPC_OPNUM_LookupNames3) 957struct lsar_LookupNames3 { 958 IN mslsa_handle_t policy_handle; 959 IN REFERENCE struct mslsa_lup_name_table *name_table; 960 OUT struct mslsa_domain_table *domain_table; 961 INOUT struct lsar_sid_ex2_table translated_sids; 962 IN DWORD lookup_level; 963 INOUT DWORD mapped_count; 964 IN DWORD lookup_options; 965 IN DWORD client_revision; 966 OUT DWORD status; 967}; 968 969OPERATION(LSARPC_OPNUM_LookupNames4) 970struct lsar_LookupNames4 { 971 IN REFERENCE struct mslsa_lup_name_table *name_table; 972 OUT struct mslsa_domain_table *domain_table; 973 INOUT struct lsar_sid_ex2_table translated_sids; 974 IN DWORD lookup_level; 975 INOUT DWORD mapped_count; 976 IN DWORD lookup_options; 977 IN DWORD client_revision; 978 OUT DWORD status; 979}; 980 981/* 982 *********************************************************************** 983 * The LSARPC interface definition. 984 *********************************************************************** 985 */ 986INTERFACE(0) 987union lsarpc_interface { 988 CASE(LSARPC_OPNUM_CloseHandle) 989 struct mslsa_CloseHandle CloseHandle; 990 CASE(LSARPC_OPNUM_QuerySecurityObject) 991 struct mslsa_QuerySecurityObject QuerySecurityObj; 992 CASE(LSARPC_OPNUM_EnumerateAccounts) 993 struct mslsa_EnumerateAccounts EnumAccounts; 994 CASE(LSARPC_OPNUM_EnumTrustedDomainsEx) 995 struct mslsa_EnumTrustedDomainEx EnumTrustedDomainEx; 996 CASE(LSARPC_OPNUM_EnumTrustedDomain) 997 struct mslsa_EnumTrustedDomain EnumTrustedDomain; 998 CASE(LSARPC_OPNUM_OpenAccount) 999 struct mslsa_OpenAccount OpenAccount; 1000 CASE(LSARPC_OPNUM_EnumPrivsAccount) 1001 struct mslsa_EnumPrivsAccount EnumPrivsAccount; 1002 CASE(LSARPC_OPNUM_LookupPrivValue) 1003 struct mslsa_LookupPrivValue LookupPrivValue; 1004 CASE(LSARPC_OPNUM_LookupPrivName) 1005 struct mslsa_LookupPrivName LookupPrivName; 1006 CASE(LSARPC_OPNUM_LookupPrivDisplayName) 1007 struct mslsa_LookupPrivDisplayName LookupPrivDisplayName; 1008 CASE(LSARPC_OPNUM_CreateSecret) 1009 struct mslsa_CreateSecret CreateSecret; 1010 CASE(LSARPC_OPNUM_OpenSecret) 1011 struct mslsa_OpenSecret OpenSecret; 1012 CASE(LSARPC_OPNUM_QueryInfoPolicy) 1013 struct mslsa_QueryInfoPolicy QueryInfoPolicy; 1014 CASE(LSARPC_OPNUM_OpenPolicy) 1015 struct mslsa_OpenPolicy OpenPolicy; 1016 CASE(LSARPC_OPNUM_OpenPolicy2) 1017 struct mslsa_OpenPolicy2 OpenPolicy2; 1018 CASE(LSARPC_OPNUM_LookupSids) 1019 struct mslsa_LookupSids LookupSids; 1020 CASE(LSARPC_OPNUM_LookupNames) 1021 struct mslsa_LookupNames LookupNames; 1022 CASE(LSARPC_OPNUM_GetConnectedUser) 1023 struct mslsa_GetConnectedUser GetConnectedUser; 1024 CASE(LSARPC_OPNUM_LookupSids2) 1025 struct lsar_lookup_sids2 LookupSids2; 1026 CASE(LSARPC_OPNUM_LookupSids3) 1027 struct lsar_lookup_sids3 LookupSids3; 1028 CASE(LSARPC_OPNUM_LookupNames2) 1029 struct lsar_LookupNames2 LookupNames2; 1030 CASE(LSARPC_OPNUM_LookupNames3) 1031 struct lsar_LookupNames3 LookupNames3; 1032 CASE(LSARPC_OPNUM_LookupNames4) 1033 struct lsar_LookupNames4 LookupNames4; 1034}; 1035typedef union lsarpc_interface lsarpc_interface_t; 1036EXTERNTYPEINFO(lsarpc_interface) 1037 1038#endif /* _MLSVC_LSA_NDL_ */ 1039