xref: /titanic_50/usr/src/uts/common/smbsrv/ndl/lsarpc.ndl (revision 6a634c9dca3093f3922e4b7ab826d7bdf17bf78e) 
1da6c28aaSamw/*
2da6c28aaSamw * CDDL HEADER START
3da6c28aaSamw *
4da6c28aaSamw * The contents of this file are subject to the terms of the
5da6c28aaSamw * Common Development and Distribution License (the "License").
6da6c28aaSamw * You may not use this file except in compliance with the License.
7da6c28aaSamw *
8da6c28aaSamw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9da6c28aaSamw * or http://www.opensolaris.org/os/licensing.
10da6c28aaSamw * See the License for the specific language governing permissions
11da6c28aaSamw * and limitations under the License.
12da6c28aaSamw *
13da6c28aaSamw * When distributing Covered Code, include this CDDL HEADER in each
14da6c28aaSamw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15da6c28aaSamw * If applicable, add the following below this CDDL HEADER, with the
16da6c28aaSamw * fields enclosed by brackets "[]" replaced with your own identifying
17da6c28aaSamw * information: Portions Copyright [yyyy] [name of copyright owner]
18da6c28aaSamw *
19da6c28aaSamw * CDDL HEADER END
20da6c28aaSamw */
21da6c28aaSamw/*
22*fd9ee8b5Sjoyce mcintosh * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23da6c28aaSamw */
24da6c28aaSamw
25da6c28aaSamw#ifndef _MLSVC_LSA_NDL_
26da6c28aaSamw#define _MLSVC_LSA_NDL_
27da6c28aaSamw
28da6c28aaSamw/*
29da6c28aaSamw * Local Security Authority RPC (LSARPC) interface definition.
30fe1c642dSBill Krier *
31fe1c642dSBill Krier * Names containing a backslash ('\') are known as qualified or composite
32fe1c642dSBill Krier * names.  The string preceding the backslash is assumed to be the domain
33fe1c642dSBill Krier * name and the string following the slash is assumed to be name to be
34fe1c642dSBill Krier * resolved within that domain.
35fe1c642dSBill Krier *
36fe1c642dSBill Krier * Names that do not contain a backslash are known as isolated names.
37fe1c642dSBill Krier * An isolated name may be a single label, such as john, or may be in
38fe1c642dSBill Krier * user principal name (UPN) form, such as john@example.com.
39da6c28aaSamw */
40da6c28aaSamw
41da6c28aaSamw#include "ndrtypes.ndl"
42da6c28aaSamw
43da6c28aaSamw
44da6c28aaSamw#define	LSARPC_OPNUM_CloseHandle			0x00
45faa1795aSjb150015#define	LSARPC_OPNUM_Delete				0x01
46da6c28aaSamw#define	LSARPC_OPNUM_EnumPrivileges			0x02
47da6c28aaSamw#define	LSARPC_OPNUM_QuerySecurityObject		0x03
48da6c28aaSamw#define	LSARPC_OPNUM_SetSecurityObject			0x04
49da6c28aaSamw#define	LSARPC_OPNUM_ChangePassword			0x05
50da6c28aaSamw#define	LSARPC_OPNUM_OpenPolicy				0x06
51da6c28aaSamw#define	LSARPC_OPNUM_QueryInfoPolicy			0x07
52da6c28aaSamw#define	LSARPC_OPNUM_SetInfoPolicy			0x08
53faa1795aSjb150015#define	LSARPC_OPNUM_ClearAuditLog			0x09
54da6c28aaSamw#define	LSARPC_OPNUM_CreateAccount			0x0a
55da6c28aaSamw#define	LSARPC_OPNUM_EnumerateAccounts			0x0b
56da6c28aaSamw#define	LSARPC_OPNUM_CreateTrustedDomain		0x0c
57da6c28aaSamw#define	LSARPC_OPNUM_EnumTrustedDomain			0x0d
58da6c28aaSamw#define	LSARPC_OPNUM_LookupNames			0x0e
59da6c28aaSamw#define	LSARPC_OPNUM_LookupSids				0x0f
60da6c28aaSamw#define	LSARPC_OPNUM_CreateSecret			0x10
61da6c28aaSamw#define	LSARPC_OPNUM_OpenAccount			0x11
62da6c28aaSamw#define	LSARPC_OPNUM_EnumPrivsAccount			0x12
63faa1795aSjb150015#define	LSARPC_OPNUM_AddAccountPrivs			0x13
64faa1795aSjb150015#define	LSARPC_OPNUM_RemoveAccountPrivs			0x14
65faa1795aSjb150015#define	LSARPC_OPNUM_GetAccountQuota			0x15
66faa1795aSjb150015#define	LSARPC_OPNUM_SetAccountQuota			0x16
67da6c28aaSamw#define	LSARPC_OPNUM_GetSystemAccessAccount		0x17
68faa1795aSjb150015#define	LSARPC_OPNUM_SetSystemAccessAccount		0x18
69faa1795aSjb150015#define	LSARPC_OPNUM_OpenTrustedDomain			0x19
70faa1795aSjb150015#define	LSARPC_OPNUM_QueryInfoTrustedDomain		0x1a
71faa1795aSjb150015#define	LSARPC_OPNUM_SetinfoTrustedDomain		0x1b
72da6c28aaSamw#define	LSARPC_OPNUM_OpenSecret				0x1c
73faa1795aSjb150015#define	LSARPC_OPNUM_SetSecret				0x1d
74faa1795aSjb150015#define	LSARPC_OPNUM_QuerySecret			0x1e
75da6c28aaSamw#define	LSARPC_OPNUM_LookupPrivValue			0x1f
76da6c28aaSamw#define	LSARPC_OPNUM_LookupPrivName			0x20
77da6c28aaSamw#define	LSARPC_OPNUM_LookupPrivDisplayName		0x21
78faa1795aSjb150015#define	LSARPC_OPNUM_DeleteObject			0x22
79faa1795aSjb150015#define	LSARPC_OPNUM_EnumAccountsWithUserRight		0x23
80faa1795aSjb150015#define	LSARPC_OPNUM_EnumAccountRights			0x24
81da6c28aaSamw#define	LSARPC_OPNUM_AddAccountRights			0x25
82faa1795aSjb150015#define	LSARPC_OPNUM_RemoveAccountRights		0x26
83faa1795aSjb150015#define	LSARPC_OPNUM_QueryTrustedDomainInfo		0x27
84faa1795aSjb150015#define	LSARPC_OPNUM_SetTrustedDomainInfo		0x28
85faa1795aSjb150015
86faa1795aSjb150015/* Windows 2000 */
87faa1795aSjb150015#define	LSARPC_OPNUM_DeleteTrustedDomain		0x29
88faa1795aSjb150015#define	LSARPC_OPNUM_StorePrivateData			0x2a
89faa1795aSjb150015#define	LSARPC_OPNUM_RetrievePrivateData		0x2b
90da6c28aaSamw#define	LSARPC_OPNUM_OpenPolicy2			0x2c
91da6c28aaSamw#define	LSARPC_OPNUM_GetConnectedUser			0x2d
92faa1795aSjb150015#define	LSARPC_OPNUM_QueryInfoPolicy2			0x2e
93faa1795aSjb150015#define	LSARPC_OPNUM_SetInfoPolicy2			0x2f
94faa1795aSjb150015#define	LSARPC_OPNUM_QueryTrustedDomainInfoByName	0x30
95faa1795aSjb150015#define	LSARPC_OPNUM_SetTrustedDomainInfoByName		0x31
96faa1795aSjb150015#define	LSARPC_OPNUM_EnumTrustedDomainsEx		0x32
97faa1795aSjb150015#define	LSARPC_OPNUM_CreateTrustedDomainEx		0x33
98faa1795aSjb150015#define	LSARPC_OPNUM_CloseTrustedDomainEx		0x34
99faa1795aSjb150015#define	LSARPC_OPNUM_QueryDomainInfoPolicy		0x35
100faa1795aSjb150015#define	LSARPC_OPNUM_SetDomainInfoPolicy		0x36
101faa1795aSjb150015#define	LSARPC_OPNUM_OpenTrustedDomainByName		0x37
102faa1795aSjb150015#define	LSARPC_OPNUM_TestCall				0x38
103da6c28aaSamw#define	LSARPC_OPNUM_LookupSids2			0x39
104da6c28aaSamw#define	LSARPC_OPNUM_LookupNames2			0x3a
105faa1795aSjb150015#define	LSARPC_OPNUM_CreateTrustedDomainEx2		0x3b
106da6c28aaSamw
107faa1795aSjb150015/* Windows 2000 SP3 */
108faa1795aSjb150015#define	LSARPC_OPNUM_CredWrite				0x3c
109faa1795aSjb150015#define	LSARPC_OPNUM_CredRead				0x3d
110faa1795aSjb150015#define	LSARPC_OPNUM_CredEnumerate			0x3e
111faa1795aSjb150015#define	LSARPC_OPNUM_CredWriteDomainCreds		0x3f
112faa1795aSjb150015#define	LSARPC_OPNUM_CredReadDomainCreds		0x40
113faa1795aSjb150015#define	LSARPC_OPNUM_CredDelete				0x41
114faa1795aSjb150015#define	LSARPC_OPNUM_CredGetTargetInfo			0x42
115faa1795aSjb150015#define	LSARPC_OPNUM_CredProfileLoaded			0x43
116faa1795aSjb150015#define	LSARPC_OPNUM_LookupNames3			0x44
117faa1795aSjb150015#define	LSARPC_OPNUM_CredGetSessionTypes		0x45
118faa1795aSjb150015#define	LSARPC_OPNUM_RegisterAuditEvent			0x46
119faa1795aSjb150015#define	LSARPC_OPNUM_GenAuditEvent			0x47
120faa1795aSjb150015#define	LSARPC_OPNUM_UnregisterAuditEvent		0x48
121faa1795aSjb150015#define	LSARPC_OPNUM_QueryForestTrustInfo		0x49
122faa1795aSjb150015#define	LSARPC_OPNUM_SetForestTrustInfo			0x4a
123faa1795aSjb150015#define	LSARPC_OPNUM_CredRename				0x4b
124faa1795aSjb150015#define	LSARPC_OPNUM_LookupSids3			0x4c
125faa1795aSjb150015#define	LSARPC_OPNUM_LookupNames4			0x4d
126faa1795aSjb150015#define	LSARPC_OPNUM_OpenPolicySce			0x4e
127faa1795aSjb150015
128faa1795aSjb150015/* Windows Server 2003 */
129faa1795aSjb150015#define	LSARPC_OPNUM_AdtRegisterSecurityEventSource	0x4f
130faa1795aSjb150015#define	LSARPC_OPNUM_AdtUnregisterSecurityEventSource	0x50
131faa1795aSjb150015#define	LSARPC_OPNUM_AdtReportSecurityEvent		0x51
132faa1795aSjb150015
133faa1795aSjb150015/* Windows Vista */
134faa1795aSjb150015#define	LSARPC_OPNUM_CredFindBestCredential		0x52
135faa1795aSjb150015#define	LSARPC_OPNUM_SetAuditPolicy			0x53
136faa1795aSjb150015#define	LSARPC_OPNUM_QueryAuditPolicy			0x54
137faa1795aSjb150015#define	LSARPC_OPNUM_EnumerateAuditPolicy		0x55
138faa1795aSjb150015#define	LSARPC_OPNUM_EnumerateAuditCategories		0x56
139faa1795aSjb150015#define	LSARPC_OPNUM_EnumerateAuditSubCategories	0x57
140faa1795aSjb150015#define	LSARPC_OPNUM_LookupAuditCategoryName		0x58
141faa1795aSjb150015#define	LSARPC_OPNUM_LookupAuditSubCategoryName		0x59
142faa1795aSjb150015#define	LSARPC_OPNUM_SetAuditSecurity			0x5a
143faa1795aSjb150015#define	LSARPC_OPNUM_QueryAuditSecurity			0x5b
144faa1795aSjb150015#define	LSARPC_OPNUM_CredReadByTokenHandle		0x5c
145faa1795aSjb150015#define	LSARPC_OPNUM_CredRestoreCredentials		0x5d
146faa1795aSjb150015#define	LSARPC_OPNUM_CredBackupCredentials		0x5e
147da6c28aaSamw
148da6c28aaSamw/*
149fe1c642dSBill Krier * Lookup levels.  Level 1 appears to mean only look on the local host and
150fe1c642dSBill Krier * level 2 means forward the request to the PDC.  On the PDC it probably
151fe1c642dSBill Krier * doesn't matter which level you use but on a BDC a level 1 lookup will
152fe1c642dSBill Krier * fail if the BDC doesn't have the info whereas a level 2 lookup will also
153fe1c642dSBill Krier * check with the PDC.
154da6c28aaSamw */
155fe1c642dSBill Krier#define	LSA_LOOKUP_WKSTA			1	/* Windows NT 3.1 */
156fe1c642dSBill Krier#define	LSA_LOOKUP_PDC				2
157fe1c642dSBill Krier#define	LSA_LOOKUP_TDL				3
158fe1c642dSBill Krier#define	LSA_LOOKUP_GC				4	/* Windows 2000 */
159fe1c642dSBill Krier#define	LSA_LOOKUP_XFORESTREFERRAL		5	/* Windows XP */
160fe1c642dSBill Krier#define	LSA_LOOKUP_XFORESTRESOLVE		6
161fe1c642dSBill Krier#define	LSA_LOOKUP_RODCREFERRALTOFULLDC		7	/* Windows Vista */
162da6c28aaSamw
163fe1c642dSBill Krier/*
164fe1c642dSBill Krier * Name/SID lookup flags
165fe1c642dSBill Krier */
166fe1c642dSBill Krier#define	LSA_LOOKUP_NAME_NOT_SPN			0x00000001
167fe1c642dSBill Krier#define	LSA_LOOKUP_NAME_MAYBE_XFOREST		0x00000002
168fe1c642dSBill Krier#define	LSA_LOOKUP_NAME_IN_DBVIEW		0x00000004
169fe1c642dSBill Krier
170fe1c642dSBill Krier/*
171fe1c642dSBill Krier * Name/SID lookup options
172fe1c642dSBill Krier *
173fe1c642dSBill Krier * 0x00000000	Lookup isolated names both locally and in domains/forests.
174fe1c642dSBill Krier * 0x80000000	Lookup isolated names (except for UPNs) only in the local
175fe1c642dSBill Krier *		account database.  Do not lookup UPNs.
176fe1c642dSBill Krier */
177fe1c642dSBill Krier#define	LSA_LOOKUP_OPT_ALL			0x00000000
178fe1c642dSBill Krier#define	LSA_LOOKUP_OPT_LOCAL			0x80000000
179fe1c642dSBill Krier
180fe1c642dSBill Krier/*
181fe1c642dSBill Krier * Client revision
182fe1c642dSBill Krier *
183fe1c642dSBill Krier * 0x00000001	Client does not understand DNS names or forests.
184fe1c642dSBill Krier * 0x00000002	Client understands DNS names and forests.
185fe1c642dSBill Krier *
186fe1c642dSBill Krier * Notes:
187fe1c642dSBill Krier *	0 means the same as 1
188fe1c642dSBill Krier *	Anything greater than 2 means the same as 2
189fe1c642dSBill Krier */
190fe1c642dSBill Krier#define	LSA_CLIENT_REVISION_NT			0x00000001
191fe1c642dSBill Krier#define	LSA_CLIENT_REVISION_AD			0x00000002
192da6c28aaSamw
193da6c28aaSamw/*
194da6c28aaSamw * Definition for a SID. The ndl compiler won't allow a typedef of
195da6c28aaSamw * a structure containing variable size members.
196da6c28aaSamw */
197da6c28aaSamwstruct mslsa_sid {
198da6c28aaSamw	BYTE		Revision;
199da6c28aaSamw	BYTE		SubAuthCount;
200da6c28aaSamw	BYTE		Authority[6];
201da6c28aaSamw  SIZE_IS(SubAuthCount)
202da6c28aaSamw	DWORD		SubAuthority[ANY_SIZE_ARRAY];
203da6c28aaSamw};
204da6c28aaSamw
205da6c28aaSamwstruct mslsa_string_desc {
206da6c28aaSamw	WORD		length;
207da6c28aaSamw	WORD		allosize;
208da6c28aaSamw	LPTSTR		str;
209da6c28aaSamw};
210da6c28aaSamwtypedef struct mslsa_string_desc mslsa_string_t;
211da6c28aaSamw
2128d7e4166Sjose borregoCONTEXT_HANDLE(mslsa_handle) mslsa_handle_t;
213da6c28aaSamw
214da6c28aaSamwstruct mslsa_luid {
215da6c28aaSamw	DWORD low_part;
216da6c28aaSamw	DWORD high_part;
217da6c28aaSamw};
218da6c28aaSamwtypedef struct mslsa_luid mslsa_luid_t;
219da6c28aaSamw
2208d7e4166Sjose borregostruct mslsa_guid {
2218d7e4166Sjose borrego	DWORD	data1;
2228d7e4166Sjose borrego	WORD	data2;
2238d7e4166Sjose borrego	WORD	data3;
2248d7e4166Sjose borrego	BYTE	data4[8];
2258d7e4166Sjose borrego};
2268d7e4166Sjose borregotypedef struct mslsa_guid mslsa_guid_t;
227da6c28aaSamw
228da6c28aaSamw/*
229da6c28aaSamw ***********************************************************************
230da6c28aaSamw * OpenPolicy2 obtains a handle for a remote LSA. This handle is
231da6c28aaSamw * required for all subsequent LSA requests.
232da6c28aaSamw *
233da6c28aaSamw * The server name should be the name of the target PDC or BDC, with
234da6c28aaSamw * the double backslash prefix.
235da6c28aaSamw *
236da6c28aaSamw * As far as I can tell, the mslsa_object_attributes structure can be
237da6c28aaSamw * all zero except for the length, which should be set to sizeof(struct
238da6c28aaSamw * mslsa_object_attributes).
239da6c28aaSamw *
240da6c28aaSamw * For read access, the desired access mask should contain the
241da6c28aaSamw * READ_CONTROL standard right and whatever policy rights are required.
242da6c28aaSamw * I haven't tried any update operations but if you get the access mask
243da6c28aaSamw * wrong you can crash the domain controller.
244da6c28aaSamw ***********************************************************************
245da6c28aaSamw */
246da6c28aaSamw
247da6c28aaSamw
248da6c28aaSamw/*
249da6c28aaSamw * From netmon:
250da6c28aaSamw *	length = 12
251da6c28aaSamw *	impersonation_level = 2
252da6c28aaSamw *	context_tracking_mode = 1
253da6c28aaSamw *	effective_only = 0
254da6c28aaSamw */
255da6c28aaSamwstruct mslsa_quality_of_service {
256da6c28aaSamw	DWORD length;
257da6c28aaSamw	WORD impersonation_level;
258da6c28aaSamw	BYTE context_tracking_mode;
259da6c28aaSamw	BYTE effective_only;
260da6c28aaSamw};
261da6c28aaSamw
262da6c28aaSamw
263da6c28aaSamwstruct mslsa_object_attributes {
264da6c28aaSamw	DWORD length;
265da6c28aaSamw	DWORD rootDirectory;
266da6c28aaSamw	DWORD objectName;
267da6c28aaSamw	DWORD attributes;
268da6c28aaSamw	DWORD securityDescriptor;
269da6c28aaSamw	struct mslsa_quality_of_service *qualityOfService;
270da6c28aaSamw};
271da6c28aaSamw
272da6c28aaSamw
273da6c28aaSamwOPERATION(LSARPC_OPNUM_OpenPolicy)
274da6c28aaSamwstruct mslsa_OpenPolicy {
275da6c28aaSamw	IN	DWORD	*servername;
276da6c28aaSamw	IN	struct mslsa_object_attributes attributes;
277da6c28aaSamw	IN	DWORD desiredAccess;
278da6c28aaSamw	OUT	mslsa_handle_t domain_handle;
279da6c28aaSamw	OUT	DWORD status;
280da6c28aaSamw};
281da6c28aaSamw
282da6c28aaSamwOPERATION(LSARPC_OPNUM_OpenPolicy2)
283da6c28aaSamwstruct mslsa_OpenPolicy2 {
284da6c28aaSamw	IN	LPTSTR servername;
285da6c28aaSamw	IN	struct mslsa_object_attributes attributes;
286da6c28aaSamw	IN	DWORD desiredAccess;
287da6c28aaSamw	OUT	mslsa_handle_t domain_handle;
288da6c28aaSamw	OUT	DWORD status;
289da6c28aaSamw};
290da6c28aaSamw
291da6c28aaSamw
292da6c28aaSamw/*
293da6c28aaSamw ***********************************************************************
294da6c28aaSamw * CloseHandle closes an association with the LSA. The returned handle
295da6c28aaSamw * will be all zero.
296da6c28aaSamw ***********************************************************************
297da6c28aaSamw */
298da6c28aaSamwOPERATION(LSARPC_OPNUM_CloseHandle)
299da6c28aaSamwstruct mslsa_CloseHandle {
300da6c28aaSamw	IN	mslsa_handle_t handle;
301da6c28aaSamw	OUT	mslsa_handle_t result_handle;
302da6c28aaSamw	OUT	DWORD status;
303da6c28aaSamw};
304da6c28aaSamw
305da6c28aaSamw
306da6c28aaSamw/*
307da6c28aaSamw ***********************************************************************
308da6c28aaSamw * EnumPrivileges
309da6c28aaSamw *
310da6c28aaSamw * Obtain a list of privilege names. This interface is not implemented
311da6c28aaSamw * yet The definition below has not been tested. This is a guess based
312da6c28aaSamw * on data available from netmon.
313da6c28aaSamw ***********************************************************************
314da6c28aaSamw */
315da6c28aaSamwstruct mslsa_PrivDef {
316da6c28aaSamw	mslsa_string_t name;
317da6c28aaSamw	mslsa_luid_t luid;
318da6c28aaSamw};
319da6c28aaSamw
320da6c28aaSamw
321da6c28aaSamwstruct mslsa_PrivEnumBuf {
322da6c28aaSamw	DWORD entries_read;
323da6c28aaSamw  SIZE_IS(entries_read)
324da6c28aaSamw	struct mslsa_PrivDef *def;
325da6c28aaSamw};
326da6c28aaSamw
327da6c28aaSamw
328da6c28aaSamwOPERATION(LSARPC_OPNUM_EnumPrivileges)
329da6c28aaSamwstruct mslsa_EnumPrivileges {
330da6c28aaSamw	IN	mslsa_handle_t handle;
331da6c28aaSamw	INOUT	DWORD enum_context;
332da6c28aaSamw	IN	DWORD max_length;
333da6c28aaSamw	OUT	REFERENCE struct mslsa_PrivEnumBuf *enum_buf;
334da6c28aaSamw	OUT	DWORD status;
335da6c28aaSamw};
336da6c28aaSamw
337da6c28aaSamw
338da6c28aaSamw/*
339da6c28aaSamw ***********************************************************************
340da6c28aaSamw * QuerySecurityObject. I'm not entirely sure how to set this up yet.
341da6c28aaSamw * I used the discovery RPC to scope it out. The structures are set up
342da6c28aaSamw * according to netmon and the assumption that a security descriptor
343da6c28aaSamw * on the wire looks like the regular user level security descriptor.
344da6c28aaSamw ***********************************************************************
345da6c28aaSamw */
346da6c28aaSamwstruct mslsa_SecurityDescriptor {
347da6c28aaSamw	BYTE revision;
348da6c28aaSamw	BYTE sbz1;
349da6c28aaSamw	WORD control;
350da6c28aaSamw	DWORD owner;
351da6c28aaSamw	DWORD group;
352da6c28aaSamw	DWORD sacl;
353da6c28aaSamw	DWORD dacl;
354da6c28aaSamw};
355da6c28aaSamw
356da6c28aaSamw
357da6c28aaSamwstruct mslsa_SecurityDescInfo {
358da6c28aaSamw	DWORD length;
359da6c28aaSamw  SIZE_IS(length)
360da6c28aaSamw  	BYTE *desc; /* temporary */
361da6c28aaSamw	/* struct mslsa_SecurityDescriptor *desc; */
362da6c28aaSamw};
363da6c28aaSamw
364da6c28aaSamw
365da6c28aaSamwOPERATION(LSARPC_OPNUM_QuerySecurityObject)
366da6c28aaSamwstruct mslsa_QuerySecurityObject {
367da6c28aaSamw	IN	mslsa_handle_t handle;
368da6c28aaSamw	IN	DWORD security_info;
369da6c28aaSamw	OUT	struct mslsa_SecurityDescInfo *desc_info;
370da6c28aaSamw	OUT	DWORD status;
371da6c28aaSamw};
372da6c28aaSamw
373da6c28aaSamw
374da6c28aaSamw/*
375da6c28aaSamw ***********************************************************************
376da6c28aaSamw * EnumerateAccounts and EnumerateTrustedDomain.
377da6c28aaSamw ***********************************************************************
378da6c28aaSamw */
379da6c28aaSamwstruct mslsa_AccountInfo {
380da6c28aaSamw	struct mslsa_sid *sid;
381da6c28aaSamw};
382da6c28aaSamw
383da6c28aaSamw
384da6c28aaSamwstruct mslsa_EnumAccountBuf {
385da6c28aaSamw	DWORD entries_read;
386da6c28aaSamw  SIZE_IS(entries_read)
387da6c28aaSamw	struct mslsa_AccountInfo *info;
388da6c28aaSamw};
389da6c28aaSamw
390da6c28aaSamw
391da6c28aaSamwOPERATION(LSARPC_OPNUM_EnumerateAccounts)
392da6c28aaSamwstruct mslsa_EnumerateAccounts {
393da6c28aaSamw	IN	mslsa_handle_t handle;
394da6c28aaSamw	INOUT	DWORD enum_context;
395da6c28aaSamw	IN	DWORD max_length;
396da6c28aaSamw	OUT	REFERENCE struct mslsa_EnumAccountBuf *enum_buf;
397da6c28aaSamw	OUT	DWORD status;
398da6c28aaSamw};
399da6c28aaSamw
400da6c28aaSamw
401da6c28aaSamwstruct mslsa_TrustedDomainInfo {
402da6c28aaSamw	mslsa_string_t name;
403da6c28aaSamw	struct mslsa_sid *sid;
404da6c28aaSamw};
405da6c28aaSamw
406da6c28aaSamw
407da6c28aaSamwstruct mslsa_EnumTrustedDomainBuf {
408da6c28aaSamw	DWORD entries_read;
409da6c28aaSamw  SIZE_IS(entries_read)
410da6c28aaSamw	struct mslsa_TrustedDomainInfo *info;
411da6c28aaSamw};
412da6c28aaSamw
413da6c28aaSamw
414da6c28aaSamwOPERATION(LSARPC_OPNUM_EnumTrustedDomain)
415da6c28aaSamwstruct mslsa_EnumTrustedDomain {
416da6c28aaSamw	IN	mslsa_handle_t handle;
417da6c28aaSamw	INOUT	DWORD enum_context;
418da6c28aaSamw	IN	DWORD max_length;
419da6c28aaSamw	OUT REFERENCE	struct mslsa_EnumTrustedDomainBuf *enum_buf;
420da6c28aaSamw	OUT	DWORD status;
421da6c28aaSamw};
422da6c28aaSamw
42329bd2886SAlan Wrightstruct mslsa_TrustedDomainInfoEx {
42429bd2886SAlan Wright	mslsa_string_t		dns_name;
42529bd2886SAlan Wright	mslsa_string_t		nb_name;
42629bd2886SAlan Wright	struct mslsa_sid	*sid;
42729bd2886SAlan Wright	DWORD			trust_direction;
42829bd2886SAlan Wright	DWORD			trust_type;
42929bd2886SAlan Wright	DWORD			trust_attrs;
43029bd2886SAlan Wright};
43129bd2886SAlan Wright
43229bd2886SAlan Wrightstruct mslsa_EnumTrustedDomainBufEx {
43329bd2886SAlan Wright	DWORD entries_read;
43429bd2886SAlan Wright  SIZE_IS(entries_read)
43529bd2886SAlan Wright	struct mslsa_TrustedDomainInfoEx *info;
43629bd2886SAlan Wright};
43729bd2886SAlan Wright
43829bd2886SAlan WrightOPERATION(LSARPC_OPNUM_EnumTrustedDomainsEx)
43929bd2886SAlan Wrightstruct mslsa_EnumTrustedDomainEx {
44029bd2886SAlan Wright	IN	mslsa_handle_t handle;
44129bd2886SAlan Wright	INOUT	DWORD enum_context;
44229bd2886SAlan Wright	IN	DWORD max_length;
44329bd2886SAlan Wright	OUT REFERENCE	struct mslsa_EnumTrustedDomainBufEx *enum_buf;
44429bd2886SAlan Wright	OUT	DWORD status;
44529bd2886SAlan Wright};
446da6c28aaSamw
447da6c28aaSamw/*
448da6c28aaSamw ***********************************************************************
449da6c28aaSamw * Definitions common to both LookupSids and LookupNames. Both return
450da6c28aaSamw * an mslsa_domain_table[]. Each interface also returns a specific
451da6c28aaSamw * table with entries which index the mslsa_domain_table[].
452da6c28aaSamw ***********************************************************************
453da6c28aaSamw */
454da6c28aaSamwstruct mslsa_domain_entry {
455da6c28aaSamw	mslsa_string_t domain_name;
456da6c28aaSamw	struct mslsa_sid *domain_sid;
457da6c28aaSamw};
458da6c28aaSamwtypedef struct mslsa_domain_entry mslsa_domain_entry_t;
459da6c28aaSamw
460da6c28aaSamw
461da6c28aaSamwstruct mslsa_domain_table {
462da6c28aaSamw	DWORD		n_entry;
463da6c28aaSamw  SIZE_IS(n_entry)
464da6c28aaSamw  	mslsa_domain_entry_t *entries;
465da6c28aaSamw	DWORD		max_n_entry;
466da6c28aaSamw};
467da6c28aaSamw
468da6c28aaSamw
469da6c28aaSamw/*
470da6c28aaSamw ***********************************************************************
471da6c28aaSamw * Definitions for LookupSids.
472da6c28aaSamw *
473da6c28aaSamw * The input parameters are:
474da6c28aaSamw *
475da6c28aaSamw *	A valid LSA handle obtained from an LsarOpenPolicy.
476da6c28aaSamw *	The table of SIDs to be looked up.
477da6c28aaSamw *	A table of names (probably empty).
478da6c28aaSamw *	The lookup level (local=1 or PDC=2).
479da6c28aaSamw *	An enumeration counter (used for continuation operations).
480da6c28aaSamw *
481da6c28aaSamw * The output results are:
482da6c28aaSamw *
483da6c28aaSamw *	A table of referenced domains.
484da6c28aaSamw *	A table of usernames.
485da6c28aaSamw *	The updated value of the enumeration counter.
486da6c28aaSamw *	The result status.
487da6c28aaSamw ***********************************************************************
488da6c28aaSamw */
489da6c28aaSamw
490da6c28aaSamwstruct mslsa_lup_sid_entry {
491da6c28aaSamw	struct mslsa_sid *psid;
492da6c28aaSamw};
493da6c28aaSamw
494da6c28aaSamwstruct mslsa_lup_sid_table {
495da6c28aaSamw	DWORD		n_entry;
496da6c28aaSamw    SIZE_IS(n_entry)
497da6c28aaSamw	struct mslsa_lup_sid_entry *entries;
498da6c28aaSamw};
499da6c28aaSamw
500da6c28aaSamwstruct mslsa_name_entry {
501da6c28aaSamw	WORD		sid_name_use;
502da6c28aaSamw	WORD		unknown_flags;
503da6c28aaSamw	mslsa_string_t	name;
504da6c28aaSamw	DWORD		domain_ix;		/* -1 means none */
505da6c28aaSamw};
506da6c28aaSamw
507da6c28aaSamwstruct mslsa_name_table {
508da6c28aaSamw	DWORD		n_entry;
509da6c28aaSamw    SIZE_IS(n_entry)
510da6c28aaSamw	struct mslsa_name_entry *entries;
511da6c28aaSamw};
512da6c28aaSamw
513da6c28aaSamwOPERATION(LSARPC_OPNUM_LookupSids)
514da6c28aaSamwstruct mslsa_LookupSids {
515da6c28aaSamw	IN	mslsa_handle_t	handle;
516da6c28aaSamw	IN	struct mslsa_lup_sid_table lup_sid_table;
517da6c28aaSamw
518da6c28aaSamw	OUT	struct mslsa_domain_table *domain_table;
519da6c28aaSamw	INOUT	struct mslsa_name_table name_table;
520da6c28aaSamw
521*fd9ee8b5Sjoyce mcintosh	IN	WORD lookup_level;
522da6c28aaSamw	INOUT	DWORD mapped_count;
523da6c28aaSamw 	OUT	DWORD status;
524da6c28aaSamw};
525da6c28aaSamw
526faa1795aSjb150015OPERATION(LSARPC_OPNUM_CreateSecret)
527faa1795aSjb150015struct mslsa_CreateSecret {
528faa1795aSjb150015	IN	mslsa_handle_t handle;
529faa1795aSjb150015	IN	mslsa_string_t name;
530faa1795aSjb150015	IN	DWORD access_mask;
531faa1795aSjb150015	OUT	mslsa_handle_t secret_handle;
532faa1795aSjb150015	OUT	DWORD status;
533faa1795aSjb150015};
534da6c28aaSamw
535da6c28aaSamw/*
536da6c28aaSamw ***********************************************************************
537da6c28aaSamw * Definitions for LookupNames.
538da6c28aaSamw *
539da6c28aaSamw * LookupNames requires the following input parameters.
540da6c28aaSamw *
541da6c28aaSamw *	A valid LSA handle obtained from an LsarOpenPolicy.
542da6c28aaSamw *	The table of names to be looked up.
543da6c28aaSamw *	A table of translated sids (probably empty).
544da6c28aaSamw *	The lookup level (local=1 or PDC=2).
545da6c28aaSamw *	An enumeration counter (used for continuation operations).
546da6c28aaSamw *
547da6c28aaSamw * The outputs are as follows.
548da6c28aaSamw *
549da6c28aaSamw *	A table of referenced domains.
550da6c28aaSamw *	A table of translated sids (actually rids).
551da6c28aaSamw *	The updated value of the enumeration counter.
552da6c28aaSamw *	The result status.
553da6c28aaSamw ***********************************************************************
554da6c28aaSamw */
555da6c28aaSamwstruct mslsa_lup_name_table {
556da6c28aaSamw	DWORD n_entry;
557da6c28aaSamw  SIZE_IS(n_entry)
558da6c28aaSamw	mslsa_string_t names[ANY_SIZE_ARRAY];
559da6c28aaSamw};
560da6c28aaSamw
561da6c28aaSamw
562da6c28aaSamwstruct mslsa_rid_entry {
563da6c28aaSamw	WORD sid_name_use;
564fe1c642dSBill Krier	WORD pad;
565da6c28aaSamw	DWORD rid;
566da6c28aaSamw	DWORD domain_index;
567da6c28aaSamw};
568da6c28aaSamw
569da6c28aaSamw
570da6c28aaSamwstruct mslsa_rid_table {
571da6c28aaSamw	DWORD n_entry;
572da6c28aaSamw  SIZE_IS(n_entry)
573da6c28aaSamw	struct mslsa_rid_entry *rids;
574da6c28aaSamw};
575da6c28aaSamw
576da6c28aaSamw
577da6c28aaSamwOPERATION(LSARPC_OPNUM_LookupNames)
578da6c28aaSamwstruct mslsa_LookupNames {
579da6c28aaSamw	IN	mslsa_handle_t handle;
580da6c28aaSamw	IN	REFERENCE	struct mslsa_lup_name_table *name_table;
581da6c28aaSamw
582da6c28aaSamw	OUT	struct mslsa_domain_table *domain_table;
583da6c28aaSamw	INOUT	struct mslsa_rid_table translated_sids;
584da6c28aaSamw
585*fd9ee8b5Sjoyce mcintosh	IN	WORD lookup_level;
586da6c28aaSamw	INOUT	DWORD mapped_count;
587da6c28aaSamw	OUT	DWORD status;
588da6c28aaSamw};
589da6c28aaSamw
590da6c28aaSamw
591da6c28aaSamw/*
592da6c28aaSamw ***********************************************************************
593da6c28aaSamw * QueryInfoPolicy returns various pieces of policy information. The
594da6c28aaSamw * desired information is specified using a class value, as defined
595da6c28aaSamw * below.
596da6c28aaSamw ***********************************************************************
597da6c28aaSamw */
598faa1795aSjb150015#define MSLSA_POLICY_AUDIT_LOG_INFO		1
599faa1795aSjb150015#define MSLSA_POLICY_AUDIT_EVENTS_INFO		2
600da6c28aaSamw#define MSLSA_POLICY_PRIMARY_DOMAIN_INFO	3
601da6c28aaSamw#define MSLSA_POLICY_UNKNOWN_4_INFO		4
602da6c28aaSamw#define MSLSA_POLICY_ACCOUNT_DOMAIN_INFO	5
603da6c28aaSamw#define MSLSA_POLICY_SERVER_ROLE_INFO		6
604da6c28aaSamw#define MSLSA_POLICY_REPLICA_SOURCE_INFO	7
605da6c28aaSamw#define MSLSA_POLICY_DEFAULT_QUOTA_INFO		8
606faa1795aSjb150015#define MSLSA_POLICY_DB_INFO			9
607faa1795aSjb150015#define MSLSA_POLICY_AUDIT_SET_INFO		10
608faa1795aSjb150015#define MSLSA_POLICY_AUDIT_QUERY_INFO		11
6098d7e4166Sjose borrego#define MSLSA_POLICY_DNS_DOMAIN_INFO		12
610da6c28aaSamw
611faa1795aSjb150015#define	LSA_ROLE_STANDALONE_WORKSTATION		0
612faa1795aSjb150015#define	LSA_ROLE_MEMBER_WORKSTATION		1
613faa1795aSjb150015#define	LSA_ROLE_STANDALONE_SERVER		2
614faa1795aSjb150015#define	LSA_ROLE_MEMBER_SERVER			3
615faa1795aSjb150015#define	LSA_ROLE_BACKUP_DC			4
616faa1795aSjb150015#define	LSA_ROLE_PRIMARY_DC			5
617da6c28aaSamw
618faa1795aSjb150015/*
619faa1795aSjb150015 * MSLSA_POLICY_AUDIT_EVENTS_INFO
620faa1795aSjb150015 */
621faa1795aSjb150015struct mslsa_AuditEventsInfo {
622faa1795aSjb150015	DWORD enabled;
623faa1795aSjb150015    SIZE_IS (count)
624faa1795aSjb150015	DWORD *settings;
625faa1795aSjb150015	DWORD count;
626faa1795aSjb150015};
627faa1795aSjb150015
628faa1795aSjb150015/*
629faa1795aSjb150015 * MSLSA_POLICY_PRIMARY_DOMAIN_INFO
630faa1795aSjb150015 */
631da6c28aaSamwstruct mslsa_PrimaryDomainInfo {
632da6c28aaSamw	struct mslsa_string_desc name;
633da6c28aaSamw	struct mslsa_sid *sid;
634da6c28aaSamw};
635da6c28aaSamw
636faa1795aSjb150015/*
637faa1795aSjb150015 * MSLSA_POLICY_ACCOUNT_DOMAIN_INFO
638faa1795aSjb150015 */
639da6c28aaSamwstruct mslsa_AccountDomainInfo {
640da6c28aaSamw	struct mslsa_string_desc name;
641da6c28aaSamw	struct mslsa_sid *sid;
642da6c28aaSamw};
643da6c28aaSamw
644da6c28aaSamw/*
645faa1795aSjb150015 * MSLSA_POLICY_SERVER_ROLE_INFO
646da6c28aaSamw */
647faa1795aSjb150015struct mslsa_ServerRoleInfo {
648faa1795aSjb150015	DWORD role;
649faa1795aSjb150015	DWORD pad;
650faa1795aSjb150015};
651da6c28aaSamw
6528d7e4166Sjose borregostruct mslsa_DnsDomainInfo {
6538d7e4166Sjose borrego	struct mslsa_string_desc nb_domain;
6548d7e4166Sjose borrego	struct mslsa_string_desc dns_domain;
6558d7e4166Sjose borrego	struct mslsa_string_desc forest;
6568d7e4166Sjose borrego	struct mslsa_guid guid;
6578d7e4166Sjose borrego	struct mslsa_sid *sid;
6588d7e4166Sjose borrego};
6598d7e4166Sjose borrego
660da6c28aaSamwunion mslsa_PolicyInfoResUnion {
661faa1795aSjb150015	CASE(2) struct mslsa_AuditEventsInfo audit_events;
662da6c28aaSamw	CASE(3) struct mslsa_PrimaryDomainInfo pd_info;
663da6c28aaSamw	CASE(5) struct mslsa_AccountDomainInfo ad_info;
664faa1795aSjb150015	CASE(6) struct mslsa_ServerRoleInfo server_role;
6658d7e4166Sjose borrego	CASE(12) struct mslsa_DnsDomainInfo dns_info;
666da6c28aaSamw	DEFAULT	char *nullptr;
667da6c28aaSamw};
668da6c28aaSamw
6698d7e4166Sjose borrego/*
6708d7e4166Sjose borrego * This structure needs to be declared, even though it can't be used in
6718d7e4166Sjose borrego * mslsa_QueryInfoPolicy, in order to get the appropriate size to calculate
6728d7e4166Sjose borrego * the correct fixup offsets.  If ndrgen did the right thing,
6738d7e4166Sjose borrego * mslsa_PolicyInfoRes would be one of the out parameters.  However, if
6748d7e4166Sjose borrego * we do it that way, the switch_value isn't known early enough to do
6758d7e4166Sjose borrego * the fixup calculation.  So it all has to go in mslsa_QueryInfoPolicy.
6768d7e4166Sjose borrego */
6778d7e4166Sjose borregostruct mslsa_PolicyInfoRes {
6788d7e4166Sjose borrego	DWORD address;
679da6c28aaSamw	WORD switch_value;
680da6c28aaSamw    SWITCH(switch_value)
681da6c28aaSamw	union mslsa_PolicyInfoResUnion ru;
682da6c28aaSamw};
683da6c28aaSamw
684da6c28aaSamwOPERATION(LSARPC_OPNUM_QueryInfoPolicy)
685da6c28aaSamwstruct mslsa_QueryInfoPolicy {
686da6c28aaSamw	IN	mslsa_handle_t handle;
687da6c28aaSamw	IN	WORD info_class;
6888d7e4166Sjose borrego	/*
6898d7e4166Sjose borrego	 * Can't use this form because we need to include members explicitly.
6908d7e4166Sjose borrego	 * OUT	struct mslsa_PolicyInfoRes result;
6918d7e4166Sjose borrego	 */
6928d7e4166Sjose borrego	OUT	DWORD address;
6938d7e4166Sjose borrego	OUT	WORD switch_value;
6948d7e4166Sjose borrego    SWITCH(switch_value)
6958d7e4166Sjose borrego	OUT	union mslsa_PolicyInfoResUnion ru;
696da6c28aaSamw	OUT	DWORD status;
697da6c28aaSamw};
698da6c28aaSamw
6998d7e4166Sjose borrego
7008d7e4166Sjose borrego
701da6c28aaSamw/*
702da6c28aaSamw ***********************************************************************
703da6c28aaSamw * OpenAccount.
704da6c28aaSamw *
705da6c28aaSamw * Returns a handle that can be used to access the account specified
706da6c28aaSamw * by a SID. This handle can be used to enumerate account privileges.
707da6c28aaSamw ***********************************************************************
708da6c28aaSamw */
709da6c28aaSamwOPERATION(LSARPC_OPNUM_OpenAccount)
710da6c28aaSamwstruct mslsa_OpenAccount {
711da6c28aaSamw	IN  mslsa_handle_t handle;
712da6c28aaSamw	IN REFERENCE	struct mslsa_sid *sid;
713da6c28aaSamw	IN	DWORD access_mask;
714da6c28aaSamw	OUT mslsa_handle_t account_handle;
715da6c28aaSamw	OUT DWORD status;
716da6c28aaSamw};
717da6c28aaSamw
718da6c28aaSamw
7198d7e4166Sjose borrego
720da6c28aaSamw /*
721da6c28aaSamw ***********************************************************************
722da6c28aaSamw * EnumPrivilegesAccount.
723da6c28aaSamw *
724da6c28aaSamw * Enumerate the list of privileges held by the specified account. The
725da6c28aaSamw * handle must be a valid account handle obtained via OpenAccount. The
726da6c28aaSamw * luid values returned will be probably only be relevant on the domain
727da6c28aaSamw * controller so we'll need to find a way to convert them to the
728da6c28aaSamw * actual privilege names.
729da6c28aaSamw ***********************************************************************
730da6c28aaSamw */
731da6c28aaSamwstruct mslsa_LuidAndAttributes {
732da6c28aaSamw	struct mslsa_luid luid;
733da6c28aaSamw	DWORD attributes;
734da6c28aaSamw};
735da6c28aaSamw
736da6c28aaSamw
737da6c28aaSamwstruct mslsa_PrivilegeSet {
738da6c28aaSamw	DWORD privilege_count;
739da6c28aaSamw	DWORD control;
740da6c28aaSamw  SIZE_IS(privilege_count)
741da6c28aaSamw	struct mslsa_LuidAndAttributes privilege[ANY_SIZE_ARRAY];
742da6c28aaSamw};
743da6c28aaSamw
744da6c28aaSamw
745da6c28aaSamwOPERATION(LSARPC_OPNUM_EnumPrivsAccount)
746da6c28aaSamw	struct mslsa_EnumPrivsAccount {
747da6c28aaSamw	IN	mslsa_handle_t account_handle;
748da6c28aaSamw	OUT	struct mslsa_PrivilegeSet *privileges;
749da6c28aaSamw	OUT	DWORD status;
750da6c28aaSamw};
751da6c28aaSamw
752faa1795aSjb150015OPERATION(LSARPC_OPNUM_OpenSecret)
753faa1795aSjb150015struct mslsa_OpenSecret {
754faa1795aSjb150015	IN	mslsa_handle_t handle;
755faa1795aSjb150015	IN	mslsa_string_t name;
756faa1795aSjb150015	IN	DWORD access_mask;
757faa1795aSjb150015	OUT	mslsa_handle_t secret_handle;
758faa1795aSjb150015	OUT	DWORD status;
759faa1795aSjb150015};
760faa1795aSjb150015
761da6c28aaSamw
762da6c28aaSamw/*
763da6c28aaSamw ***********************************************************************
764da6c28aaSamw * LookupPrivValue
765da6c28aaSamw *
766da6c28aaSamw * Map a privilege name to a local unique id (LUID). Privilege names
767da6c28aaSamw * are consistent across the network. LUIDs are machine specific.
768da6c28aaSamw * The privilege list is provided as a set of LUIDs so the privilege
769da6c28aaSamw * lookup functions must be used to identify which the privilege to
770da6c28aaSamw * which each LUID refers. The handle here is a policy handle.
771da6c28aaSamw ***********************************************************************
772da6c28aaSamw */
773da6c28aaSamwOPERATION(LSARPC_OPNUM_LookupPrivValue)
774da6c28aaSamwstruct mslsa_LookupPrivValue {
775da6c28aaSamw	IN	mslsa_handle_t handle;
776da6c28aaSamw	IN	mslsa_string_t name;
777da6c28aaSamw	OUT	struct mslsa_luid luid;
778da6c28aaSamw	OUT	DWORD status;
779da6c28aaSamw};
780da6c28aaSamw
781da6c28aaSamw
782da6c28aaSamw/*
783da6c28aaSamw ***********************************************************************
784da6c28aaSamw * LookupPrivName
785da6c28aaSamw *
786da6c28aaSamw * Map a privilege value (LUID) to a privilege name. Privilege names
787da6c28aaSamw * are consistent across the network. LUIDs are machine specific.
788da6c28aaSamw * The privilege list is provided as a set of LUIDs so the privilege
789da6c28aaSamw * lookup functions must be used to identify which the privilege to
790da6c28aaSamw * which each LUID refers. The handle here is a policy handle.
791da6c28aaSamw ***********************************************************************
792da6c28aaSamw */
793da6c28aaSamwOPERATION(LSARPC_OPNUM_LookupPrivName)
794da6c28aaSamwstruct mslsa_LookupPrivName {
795da6c28aaSamw	IN	mslsa_handle_t handle;
796da6c28aaSamw	IN	struct mslsa_luid luid;
797da6c28aaSamw	OUT	mslsa_string_t *name;
798da6c28aaSamw	OUT	DWORD status;
799da6c28aaSamw};
800da6c28aaSamw
801da6c28aaSamw
802da6c28aaSamw/*
803da6c28aaSamw ***********************************************************************
804da6c28aaSamw * LookupPrivDisplayName
805da6c28aaSamw *
806da6c28aaSamw * Map a privilege name to a local unique id (LUID). Privilege names
807da6c28aaSamw * are consistent across the network. LUIDs are machine specific.
808da6c28aaSamw * The privilege list is provided as a set of LUIDs so the privilege
809da6c28aaSamw * lookup functions must be used to identify which the privilege to
810da6c28aaSamw * which each LUID refers. The handle here is a policy handle.
811da6c28aaSamw ***********************************************************************
812da6c28aaSamw */
813da6c28aaSamwOPERATION(LSARPC_OPNUM_LookupPrivDisplayName)
814da6c28aaSamwstruct mslsa_LookupPrivDisplayName {
815da6c28aaSamw	IN	mslsa_handle_t handle;
816da6c28aaSamw	IN	mslsa_string_t name;
817da6c28aaSamw	IN	WORD client_language;
818da6c28aaSamw	IN	WORD default_language;
819da6c28aaSamw	OUT	mslsa_string_t *display_name;
820da6c28aaSamw	OUT	WORD language_ret;
821da6c28aaSamw	OUT	DWORD status;
822da6c28aaSamw};
823da6c28aaSamw
824da6c28aaSamw
825da6c28aaSamw/*
826da6c28aaSamw ***********************************************************************
827da6c28aaSamw * GetConnectedUser
828da6c28aaSamw *
829fe1c642dSBill Krier * Return the account name and NetBIOS domain name for the user making
830fe1c642dSBill Krier * the request.  All input fields should be ignored by the server.
831da6c28aaSamw ***********************************************************************
832da6c28aaSamw */
833da6c28aaSamwstruct mslsa_DomainName {
834da6c28aaSamw	struct mslsa_string_desc *name;
835da6c28aaSamw};
836da6c28aaSamw
837da6c28aaSamw
838da6c28aaSamwOPERATION(LSARPC_OPNUM_GetConnectedUser)
839da6c28aaSamwstruct mslsa_GetConnectedUser {
840da6c28aaSamw	IN	LPTSTR hostname;
841fe1c642dSBill Krier	IN	BYTE *owner_in;
842fe1c642dSBill Krier	IN	BYTE *domain_in;
843da6c28aaSamw	OUT	struct mslsa_string_desc *owner;
844da6c28aaSamw	OUT	struct mslsa_DomainName *domain;
845da6c28aaSamw	OUT	DWORD status;
846da6c28aaSamw};
847da6c28aaSamw
848da6c28aaSamw
849da6c28aaSamw/*
850da6c28aaSamw ***********************************************************************
851da6c28aaSamw * LSARPC_OPNUM_LookupSids2
852da6c28aaSamw *
853da6c28aaSamw * SID lookup function that appeared in Windows 2000. It appears to be
854da6c28aaSamw * very similar to the original SID lookup RPC. There are two extra IN
855da6c28aaSamw * parameters, which we don't care about. The OUT name structure has
856da6c28aaSamw * an extra field, in which zero seems to be okay.
857da6c28aaSamw ***********************************************************************
858da6c28aaSamw */
859da6c28aaSamwstruct lsar_name_entry2 {
860da6c28aaSamw	WORD sid_name_use;
861fe1c642dSBill Krier	WORD padding;
862da6c28aaSamw	mslsa_string_t name;
863da6c28aaSamw	DWORD domain_ix;	/* -1 means none */
864fe1c642dSBill Krier	DWORD flags;
865da6c28aaSamw};
866fe1c642dSBill Kriertypedef struct lsar_name_entry2 lsar_translated_name_ex_t;
867da6c28aaSamw
868da6c28aaSamwstruct lsar_name_table2 {
869da6c28aaSamw	DWORD n_entry;
870da6c28aaSamw  SIZE_IS(n_entry)
871da6c28aaSamw	struct lsar_name_entry2 *entries;
872da6c28aaSamw};
873fe1c642dSBill Kriertypedef struct lsar_name_table2 lsar_translated_names_ex_t;
874da6c28aaSamw
875da6c28aaSamwOPERATION(LSARPC_OPNUM_LookupSids2)
876da6c28aaSamwstruct lsar_lookup_sids2 {
877da6c28aaSamw	IN		mslsa_handle_t policy_handle;
878da6c28aaSamw	IN		struct mslsa_lup_sid_table lup_sid_table;
879da6c28aaSamw	OUT		struct mslsa_domain_table *domain_table;
880da6c28aaSamw	INOUT	struct lsar_name_table2 name_table;
881*fd9ee8b5Sjoyce mcintosh	IN		WORD lookup_level;
882da6c28aaSamw	INOUT	DWORD mapped_count;
883fe1c642dSBill Krier	IN		DWORD lookup_options;
884fe1c642dSBill Krier	IN		DWORD client_revision;
885da6c28aaSamw 	OUT		DWORD status;
886da6c28aaSamw};
887da6c28aaSamw
888fe1c642dSBill KrierOPERATION(LSARPC_OPNUM_LookupSids3)
889fe1c642dSBill Krierstruct lsar_lookup_sids3 {
890fe1c642dSBill Krier	IN		struct mslsa_lup_sid_table	lup_sid_table;
891fe1c642dSBill Krier	OUT		struct mslsa_domain_table	*domain_table;
892fe1c642dSBill Krier	INOUT		lsar_translated_names_ex_t	name_table;
893*fd9ee8b5Sjoyce mcintosh	IN		WORD				lookup_level;
894fe1c642dSBill Krier	INOUT		DWORD				mapped_count;
895fe1c642dSBill Krier	IN		DWORD				lookup_options;
896fe1c642dSBill Krier	IN		DWORD				client_revision;
897fe1c642dSBill Krier 	OUT		DWORD				status;
898fe1c642dSBill Krier};
899da6c28aaSamw
900da6c28aaSamw/*
901da6c28aaSamw ***********************************************************************
902da6c28aaSamw * LSARPC_OPNUM_LookupNames2
903da6c28aaSamw *
904da6c28aaSamw * Name lookup function that appeared in Windows 2000. It appears to be
905da6c28aaSamw * very similar to the original name lookup RPC. There are two extra IN
906da6c28aaSamw * parameters, which we don't care about. The lsar_rid_entry2 structure
907da6c28aaSamw * has an extra field, in which zero seems to be okay.
908da6c28aaSamw ***********************************************************************
909da6c28aaSamw */
910da6c28aaSamwstruct lsar_rid_entry2 {
911da6c28aaSamw	WORD sid_name_use;
912fe1c642dSBill Krier	WORD pad;
913da6c28aaSamw	DWORD rid;
914da6c28aaSamw	DWORD domain_index;	/* -1 means none */
915fe1c642dSBill Krier	DWORD flags;
916da6c28aaSamw};
917da6c28aaSamw
918da6c28aaSamw
919da6c28aaSamwstruct lsar_rid_table2 {
920da6c28aaSamw	DWORD n_entry;
921da6c28aaSamw  SIZE_IS(n_entry)
922da6c28aaSamw	struct lsar_rid_entry2 *rids;
923da6c28aaSamw};
924da6c28aaSamw
925da6c28aaSamw
926da6c28aaSamwOPERATION(LSARPC_OPNUM_LookupNames2)
927da6c28aaSamwstruct lsar_LookupNames2 {
928da6c28aaSamw	IN		mslsa_handle_t policy_handle;
929da6c28aaSamw	IN	REFERENCE	struct mslsa_lup_name_table *name_table;
930da6c28aaSamw	OUT		struct mslsa_domain_table *domain_table;
931da6c28aaSamw	INOUT	struct lsar_rid_table2 translated_sids;
932*fd9ee8b5Sjoyce mcintosh	IN		WORD lookup_level;
933da6c28aaSamw	INOUT	DWORD mapped_count;
934fe1c642dSBill Krier	IN		DWORD lookup_options;
935fe1c642dSBill Krier	IN		DWORD client_revision;
936fe1c642dSBill Krier	OUT		DWORD status;
937fe1c642dSBill Krier};
938fe1c642dSBill Krier
939fe1c642dSBill Krierstruct lsar_translated_sid_ex2 {
940fe1c642dSBill Krier	WORD			sid_name_use;
941fe1c642dSBill Krier	WORD			pad;
942fe1c642dSBill Krier	struct mslsa_sid	*sid;
943fe1c642dSBill Krier	DWORD			domain_index;	/* -1 means none */
944fe1c642dSBill Krier	DWORD			flags;
945fe1c642dSBill Krier};
946fe1c642dSBill Kriertypedef struct lsar_translated_sid_ex2 lsar_translated_sid_ex2_t;
947fe1c642dSBill Krier
948fe1c642dSBill Krierstruct lsar_sid_ex2_table {
949fe1c642dSBill Krier	DWORD			n_entry;
950fe1c642dSBill Krier  SIZE_IS(n_entry)
951fe1c642dSBill Krier	struct lsar_translated_sid_ex2	*sids;
952fe1c642dSBill Krier};
953fe1c642dSBill Kriertypedef struct lsar_sid_ex2_table lsar_sid_ex2_table_t;
954fe1c642dSBill Krier
955fe1c642dSBill KrierOPERATION(LSARPC_OPNUM_LookupNames3)
956fe1c642dSBill Krierstruct lsar_LookupNames3 {
957fe1c642dSBill Krier	IN		mslsa_handle_t			policy_handle;
958fe1c642dSBill Krier	IN REFERENCE	struct mslsa_lup_name_table	*name_table;
959fe1c642dSBill Krier	OUT		struct mslsa_domain_table	*domain_table;
960fe1c642dSBill Krier	INOUT		struct lsar_sid_ex2_table	translated_sids;
961*fd9ee8b5Sjoyce mcintosh	IN		WORD				lookup_level;
962fe1c642dSBill Krier	INOUT		DWORD				mapped_count;
963fe1c642dSBill Krier	IN		DWORD				lookup_options;
964fe1c642dSBill Krier	IN		DWORD				client_revision;
965fe1c642dSBill Krier	OUT		DWORD				status;
966fe1c642dSBill Krier};
967fe1c642dSBill Krier
968fe1c642dSBill KrierOPERATION(LSARPC_OPNUM_LookupNames4)
969fe1c642dSBill Krierstruct lsar_LookupNames4 {
970fe1c642dSBill Krier	IN REFERENCE	struct mslsa_lup_name_table	*name_table;
971fe1c642dSBill Krier	OUT		struct mslsa_domain_table	*domain_table;
972fe1c642dSBill Krier	INOUT		struct lsar_sid_ex2_table	translated_sids;
973*fd9ee8b5Sjoyce mcintosh	IN		WORD				lookup_level;
974fe1c642dSBill Krier	INOUT		DWORD				mapped_count;
975fe1c642dSBill Krier	IN		DWORD				lookup_options;
976fe1c642dSBill Krier	IN		DWORD				client_revision;
977da6c28aaSamw	OUT		DWORD				status;
978da6c28aaSamw};
979da6c28aaSamw
980da6c28aaSamw/*
981da6c28aaSamw ***********************************************************************
982da6c28aaSamw * The LSARPC interface definition.
983da6c28aaSamw ***********************************************************************
984da6c28aaSamw */
985da6c28aaSamwINTERFACE(0)
986da6c28aaSamwunion lsarpc_interface {
987da6c28aaSamw	CASE(LSARPC_OPNUM_CloseHandle)
988da6c28aaSamw		struct mslsa_CloseHandle		CloseHandle;
989da6c28aaSamw	CASE(LSARPC_OPNUM_QuerySecurityObject)
990da6c28aaSamw		struct mslsa_QuerySecurityObject	QuerySecurityObj;
991da6c28aaSamw	CASE(LSARPC_OPNUM_EnumerateAccounts)
992da6c28aaSamw		struct mslsa_EnumerateAccounts		EnumAccounts;
99329bd2886SAlan Wright	CASE(LSARPC_OPNUM_EnumTrustedDomainsEx)
99429bd2886SAlan Wright		struct mslsa_EnumTrustedDomainEx	EnumTrustedDomainEx;
995da6c28aaSamw	CASE(LSARPC_OPNUM_EnumTrustedDomain)
996da6c28aaSamw		struct mslsa_EnumTrustedDomain		EnumTrustedDomain;
997da6c28aaSamw	CASE(LSARPC_OPNUM_OpenAccount)
998da6c28aaSamw		struct mslsa_OpenAccount		OpenAccount;
999da6c28aaSamw	CASE(LSARPC_OPNUM_EnumPrivsAccount)
1000da6c28aaSamw		struct mslsa_EnumPrivsAccount		EnumPrivsAccount;
1001da6c28aaSamw	CASE(LSARPC_OPNUM_LookupPrivValue)
1002da6c28aaSamw		struct mslsa_LookupPrivValue		LookupPrivValue;
1003da6c28aaSamw	CASE(LSARPC_OPNUM_LookupPrivName)
1004da6c28aaSamw		struct mslsa_LookupPrivName		LookupPrivName;
1005da6c28aaSamw	CASE(LSARPC_OPNUM_LookupPrivDisplayName)
1006da6c28aaSamw		struct mslsa_LookupPrivDisplayName	LookupPrivDisplayName;
1007faa1795aSjb150015	CASE(LSARPC_OPNUM_CreateSecret)
1008faa1795aSjb150015		struct mslsa_CreateSecret		CreateSecret;
1009faa1795aSjb150015	CASE(LSARPC_OPNUM_OpenSecret)
1010faa1795aSjb150015		struct mslsa_OpenSecret			OpenSecret;
1011da6c28aaSamw	CASE(LSARPC_OPNUM_QueryInfoPolicy)
1012da6c28aaSamw		struct mslsa_QueryInfoPolicy		QueryInfoPolicy;
1013da6c28aaSamw	CASE(LSARPC_OPNUM_OpenPolicy)
1014da6c28aaSamw		struct mslsa_OpenPolicy			OpenPolicy;
1015da6c28aaSamw	CASE(LSARPC_OPNUM_OpenPolicy2)
1016da6c28aaSamw		struct mslsa_OpenPolicy2		OpenPolicy2;
1017da6c28aaSamw	CASE(LSARPC_OPNUM_LookupSids)
1018da6c28aaSamw		struct mslsa_LookupSids			LookupSids;
1019da6c28aaSamw	CASE(LSARPC_OPNUM_LookupNames)
1020da6c28aaSamw		struct mslsa_LookupNames		LookupNames;
1021da6c28aaSamw	CASE(LSARPC_OPNUM_GetConnectedUser)
1022da6c28aaSamw		struct mslsa_GetConnectedUser		GetConnectedUser;
1023da6c28aaSamw	CASE(LSARPC_OPNUM_LookupSids2)
1024da6c28aaSamw		struct lsar_lookup_sids2		LookupSids2;
1025fe1c642dSBill Krier	CASE(LSARPC_OPNUM_LookupSids3)
1026fe1c642dSBill Krier		struct lsar_lookup_sids3		LookupSids3;
1027da6c28aaSamw	CASE(LSARPC_OPNUM_LookupNames2)
1028da6c28aaSamw		struct lsar_LookupNames2		LookupNames2;
1029fe1c642dSBill Krier	CASE(LSARPC_OPNUM_LookupNames3)
1030fe1c642dSBill Krier		struct lsar_LookupNames3		LookupNames3;
1031fe1c642dSBill Krier	CASE(LSARPC_OPNUM_LookupNames4)
1032fe1c642dSBill Krier		struct lsar_LookupNames4		LookupNames4;
1033da6c28aaSamw};
1034da6c28aaSamwtypedef union lsarpc_interface	lsarpc_interface_t;
1035da6c28aaSamwEXTERNTYPEINFO(lsarpc_interface)
1036da6c28aaSamw
1037da6c28aaSamw#endif /* _MLSVC_LSA_NDL_ */
1038