xref: /titanic_51/usr/src/uts/common/smbsrv/ndl/lsarpc.ndl (revision fbbfbc6ee66f60ad88ebd18c6c030797335354f4)
1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23 * Use is subject to license terms.
24 */
25
26#ifndef _MLSVC_LSA_NDL_
27#define _MLSVC_LSA_NDL_
28
29/*
30 ***********************************************************************
31 * Local Security Authority RPC (LSARPC) interface definition.
32 ***********************************************************************
33 */
34
35#include "ndrtypes.ndl"
36
37
38#define	LSARPC_OPNUM_CloseHandle			0x00
39#define	LSARPC_OPNUM_Delete				0x01
40#define	LSARPC_OPNUM_EnumPrivileges			0x02
41#define	LSARPC_OPNUM_QuerySecurityObject		0x03
42#define	LSARPC_OPNUM_SetSecurityObject			0x04
43#define	LSARPC_OPNUM_ChangePassword			0x05
44#define	LSARPC_OPNUM_OpenPolicy				0x06
45#define	LSARPC_OPNUM_QueryInfoPolicy			0x07
46#define	LSARPC_OPNUM_SetInfoPolicy			0x08
47#define	LSARPC_OPNUM_ClearAuditLog			0x09
48#define	LSARPC_OPNUM_CreateAccount			0x0a
49#define	LSARPC_OPNUM_EnumerateAccounts			0x0b
50#define	LSARPC_OPNUM_CreateTrustedDomain		0x0c
51#define	LSARPC_OPNUM_EnumTrustedDomain			0x0d
52#define	LSARPC_OPNUM_LookupNames			0x0e
53#define	LSARPC_OPNUM_LookupSids				0x0f
54#define	LSARPC_OPNUM_CreateSecret			0x10
55#define	LSARPC_OPNUM_OpenAccount			0x11
56#define	LSARPC_OPNUM_EnumPrivsAccount			0x12
57#define	LSARPC_OPNUM_AddAccountPrivs			0x13
58#define	LSARPC_OPNUM_RemoveAccountPrivs			0x14
59#define	LSARPC_OPNUM_GetAccountQuota			0x15
60#define	LSARPC_OPNUM_SetAccountQuota			0x16
61#define	LSARPC_OPNUM_GetSystemAccessAccount		0x17
62#define	LSARPC_OPNUM_SetSystemAccessAccount		0x18
63#define	LSARPC_OPNUM_OpenTrustedDomain			0x19
64#define	LSARPC_OPNUM_QueryInfoTrustedDomain		0x1a
65#define	LSARPC_OPNUM_SetinfoTrustedDomain		0x1b
66#define	LSARPC_OPNUM_OpenSecret				0x1c
67#define	LSARPC_OPNUM_SetSecret				0x1d
68#define	LSARPC_OPNUM_QuerySecret			0x1e
69#define	LSARPC_OPNUM_LookupPrivValue			0x1f
70#define	LSARPC_OPNUM_LookupPrivName			0x20
71#define	LSARPC_OPNUM_LookupPrivDisplayName		0x21
72#define	LSARPC_OPNUM_DeleteObject			0x22
73#define	LSARPC_OPNUM_EnumAccountsWithUserRight		0x23
74#define	LSARPC_OPNUM_EnumAccountRights			0x24
75#define	LSARPC_OPNUM_AddAccountRights			0x25
76#define	LSARPC_OPNUM_RemoveAccountRights		0x26
77#define	LSARPC_OPNUM_QueryTrustedDomainInfo		0x27
78#define	LSARPC_OPNUM_SetTrustedDomainInfo		0x28
79
80/* Windows 2000 */
81#define	LSARPC_OPNUM_DeleteTrustedDomain		0x29
82#define	LSARPC_OPNUM_StorePrivateData			0x2a
83#define	LSARPC_OPNUM_RetrievePrivateData		0x2b
84#define	LSARPC_OPNUM_OpenPolicy2			0x2c
85#define	LSARPC_OPNUM_GetConnectedUser			0x2d
86#define	LSARPC_OPNUM_QueryInfoPolicy2			0x2e
87#define	LSARPC_OPNUM_SetInfoPolicy2			0x2f
88#define	LSARPC_OPNUM_QueryTrustedDomainInfoByName	0x30
89#define	LSARPC_OPNUM_SetTrustedDomainInfoByName		0x31
90#define	LSARPC_OPNUM_EnumTrustedDomainsEx		0x32
91#define	LSARPC_OPNUM_CreateTrustedDomainEx		0x33
92#define	LSARPC_OPNUM_CloseTrustedDomainEx		0x34
93#define	LSARPC_OPNUM_QueryDomainInfoPolicy		0x35
94#define	LSARPC_OPNUM_SetDomainInfoPolicy		0x36
95#define	LSARPC_OPNUM_OpenTrustedDomainByName		0x37
96#define	LSARPC_OPNUM_TestCall				0x38
97#define	LSARPC_OPNUM_LookupSids2			0x39
98#define	LSARPC_OPNUM_LookupNames2			0x3a
99#define	LSARPC_OPNUM_CreateTrustedDomainEx2		0x3b
100
101/* Windows 2000 SP3 */
102#define	LSARPC_OPNUM_CredWrite				0x3c
103#define	LSARPC_OPNUM_CredRead				0x3d
104#define	LSARPC_OPNUM_CredEnumerate			0x3e
105#define	LSARPC_OPNUM_CredWriteDomainCreds		0x3f
106#define	LSARPC_OPNUM_CredReadDomainCreds		0x40
107#define	LSARPC_OPNUM_CredDelete				0x41
108#define	LSARPC_OPNUM_CredGetTargetInfo			0x42
109#define	LSARPC_OPNUM_CredProfileLoaded			0x43
110#define	LSARPC_OPNUM_LookupNames3			0x44
111#define	LSARPC_OPNUM_CredGetSessionTypes		0x45
112#define	LSARPC_OPNUM_RegisterAuditEvent			0x46
113#define	LSARPC_OPNUM_GenAuditEvent			0x47
114#define	LSARPC_OPNUM_UnregisterAuditEvent		0x48
115#define	LSARPC_OPNUM_QueryForestTrustInfo		0x49
116#define	LSARPC_OPNUM_SetForestTrustInfo			0x4a
117#define	LSARPC_OPNUM_CredRename				0x4b
118#define	LSARPC_OPNUM_LookupSids3			0x4c
119#define	LSARPC_OPNUM_LookupNames4			0x4d
120#define	LSARPC_OPNUM_OpenPolicySce			0x4e
121
122/* Windows Server 2003 */
123#define	LSARPC_OPNUM_AdtRegisterSecurityEventSource	0x4f
124#define	LSARPC_OPNUM_AdtUnregisterSecurityEventSource	0x50
125#define	LSARPC_OPNUM_AdtReportSecurityEvent		0x51
126
127/* Windows Vista */
128#define	LSARPC_OPNUM_CredFindBestCredential		0x52
129#define	LSARPC_OPNUM_SetAuditPolicy			0x53
130#define	LSARPC_OPNUM_QueryAuditPolicy			0x54
131#define	LSARPC_OPNUM_EnumerateAuditPolicy		0x55
132#define	LSARPC_OPNUM_EnumerateAuditCategories		0x56
133#define	LSARPC_OPNUM_EnumerateAuditSubCategories	0x57
134#define	LSARPC_OPNUM_LookupAuditCategoryName		0x58
135#define	LSARPC_OPNUM_LookupAuditSubCategoryName		0x59
136#define	LSARPC_OPNUM_SetAuditSecurity			0x5a
137#define	LSARPC_OPNUM_QueryAuditSecurity			0x5b
138#define	LSARPC_OPNUM_CredReadByTokenHandle		0x5c
139#define	LSARPC_OPNUM_CredRestoreCredentials		0x5d
140#define	LSARPC_OPNUM_CredBackupCredentials		0x5e
141
142/*
143 * There are at least two lookup level settings. Level 1 appears to mean
144 * only look on the local host and level 2 means forward the request to
145 * the PDC. On the PDC it probably doesn't matter which level you use but
146 * on a BDC a level 1 lookup will fail if the BDC doesn't have the info
147 * whereas a level 2 lookup will also check with the PDC.
148 */
149#define MSLSA_LOOKUP_LEVEL_1		1
150#define MSLSA_LOOKUP_LEVEL_2		2
151
152
153/*
154 * Definition for a SID. The ndl compiler won't allow a typedef of
155 * a structure containing variable size members.
156 */
157struct mslsa_sid {
158	BYTE		Revision;
159	BYTE		SubAuthCount;
160	BYTE		Authority[6];
161  SIZE_IS(SubAuthCount)
162	DWORD		SubAuthority[ANY_SIZE_ARRAY];
163};
164
165struct mslsa_string_desc {
166	WORD		length;
167	WORD		allosize;
168	LPTSTR		str;
169};
170typedef struct mslsa_string_desc mslsa_string_t;
171
172CONTEXT_HANDLE(mslsa_handle) mslsa_handle_t;
173
174struct mslsa_luid {
175	DWORD low_part;
176	DWORD high_part;
177};
178typedef struct mslsa_luid mslsa_luid_t;
179
180struct mslsa_guid {
181	DWORD	data1;
182	WORD	data2;
183	WORD	data3;
184	BYTE	data4[8];
185};
186typedef struct mslsa_guid mslsa_guid_t;
187
188/*
189 ***********************************************************************
190 * OpenPolicy2 obtains a handle for a remote LSA. This handle is
191 * required for all subsequent LSA requests.
192 *
193 * The server name should be the name of the target PDC or BDC, with
194 * the double backslash prefix.
195 *
196 * As far as I can tell, the mslsa_object_attributes structure can be
197 * all zero except for the length, which should be set to sizeof(struct
198 * mslsa_object_attributes).
199 *
200 * For read access, the desired access mask should contain the
201 * READ_CONTROL standard right and whatever policy rights are required.
202 * I haven't tried any update operations but if you get the access mask
203 * wrong you can crash the domain controller.
204 ***********************************************************************
205 */
206
207
208/*
209 * From netmon:
210 *	length = 12
211 *	impersonation_level = 2
212 *	context_tracking_mode = 1
213 *	effective_only = 0
214 */
215struct mslsa_quality_of_service {
216	DWORD length;
217	WORD impersonation_level;
218	BYTE context_tracking_mode;
219	BYTE effective_only;
220};
221
222
223struct mslsa_object_attributes {
224	DWORD length;
225	DWORD rootDirectory;
226	DWORD objectName;
227	DWORD attributes;
228	DWORD securityDescriptor;
229	struct mslsa_quality_of_service *qualityOfService;
230};
231
232
233OPERATION(LSARPC_OPNUM_OpenPolicy)
234struct mslsa_OpenPolicy {
235	IN	DWORD	*servername;
236	IN	struct mslsa_object_attributes attributes;
237	IN	DWORD desiredAccess;
238	OUT	mslsa_handle_t domain_handle;
239	OUT	DWORD status;
240};
241
242OPERATION(LSARPC_OPNUM_OpenPolicy2)
243struct mslsa_OpenPolicy2 {
244	IN	LPTSTR servername;
245	IN	struct mslsa_object_attributes attributes;
246	IN	DWORD desiredAccess;
247	OUT	mslsa_handle_t domain_handle;
248	OUT	DWORD status;
249};
250
251
252/*
253 ***********************************************************************
254 * CloseHandle closes an association with the LSA. The returned handle
255 * will be all zero.
256 ***********************************************************************
257 */
258OPERATION(LSARPC_OPNUM_CloseHandle)
259struct mslsa_CloseHandle {
260	IN	mslsa_handle_t handle;
261	OUT	mslsa_handle_t result_handle;
262	OUT	DWORD status;
263};
264
265
266/*
267 ***********************************************************************
268 * EnumPrivileges
269 *
270 * Obtain a list of privilege names. This interface is not implemented
271 * yet The definition below has not been tested. This is a guess based
272 * on data available from netmon.
273 ***********************************************************************
274 */
275struct mslsa_PrivDef {
276	mslsa_string_t name;
277	mslsa_luid_t luid;
278};
279
280
281struct mslsa_PrivEnumBuf {
282	DWORD entries_read;
283  SIZE_IS(entries_read)
284	struct mslsa_PrivDef *def;
285};
286
287
288OPERATION(LSARPC_OPNUM_EnumPrivileges)
289struct mslsa_EnumPrivileges {
290	IN	mslsa_handle_t handle;
291	INOUT	DWORD enum_context;
292	IN	DWORD max_length;
293	OUT	REFERENCE struct mslsa_PrivEnumBuf *enum_buf;
294	OUT	DWORD status;
295};
296
297
298/*
299 ***********************************************************************
300 * QuerySecurityObject. I'm not entirely sure how to set this up yet.
301 * I used the discovery RPC to scope it out. The structures are set up
302 * according to netmon and the assumption that a security descriptor
303 * on the wire looks like the regular user level security descriptor.
304 ***********************************************************************
305 */
306struct mslsa_SecurityDescriptor {
307	BYTE revision;
308	BYTE sbz1;
309	WORD control;
310	DWORD owner;
311	DWORD group;
312	DWORD sacl;
313	DWORD dacl;
314};
315
316
317struct mslsa_SecurityDescInfo {
318	DWORD length;
319  SIZE_IS(length)
320  	BYTE *desc; /* temporary */
321	/* struct mslsa_SecurityDescriptor *desc; */
322};
323
324
325OPERATION(LSARPC_OPNUM_QuerySecurityObject)
326struct mslsa_QuerySecurityObject {
327	IN	mslsa_handle_t handle;
328	IN	DWORD security_info;
329	OUT	struct mslsa_SecurityDescInfo *desc_info;
330	OUT	DWORD status;
331};
332
333
334/*
335 ***********************************************************************
336 * EnumerateAccounts and EnumerateTrustedDomain.
337 ***********************************************************************
338 */
339struct mslsa_AccountInfo {
340	struct mslsa_sid *sid;
341};
342
343
344struct mslsa_EnumAccountBuf {
345	DWORD entries_read;
346  SIZE_IS(entries_read)
347	struct mslsa_AccountInfo *info;
348};
349
350
351OPERATION(LSARPC_OPNUM_EnumerateAccounts)
352struct mslsa_EnumerateAccounts {
353	IN	mslsa_handle_t handle;
354	INOUT	DWORD enum_context;
355	IN	DWORD max_length;
356	OUT	REFERENCE struct mslsa_EnumAccountBuf *enum_buf;
357	OUT	DWORD status;
358};
359
360
361struct mslsa_TrustedDomainInfo {
362	mslsa_string_t name;
363	struct mslsa_sid *sid;
364};
365
366
367struct mslsa_EnumTrustedDomainBuf {
368	DWORD entries_read;
369  SIZE_IS(entries_read)
370	struct mslsa_TrustedDomainInfo *info;
371};
372
373
374OPERATION(LSARPC_OPNUM_EnumTrustedDomain)
375struct mslsa_EnumTrustedDomain {
376	IN	mslsa_handle_t handle;
377	INOUT	DWORD enum_context;
378	IN	DWORD max_length;
379	OUT REFERENCE	struct mslsa_EnumTrustedDomainBuf *enum_buf;
380	OUT	DWORD status;
381};
382
383struct mslsa_TrustedDomainInfoEx {
384	mslsa_string_t		dns_name;
385	mslsa_string_t		nb_name;
386	struct mslsa_sid	*sid;
387	DWORD			trust_direction;
388	DWORD			trust_type;
389	DWORD			trust_attrs;
390};
391
392struct mslsa_EnumTrustedDomainBufEx {
393	DWORD entries_read;
394  SIZE_IS(entries_read)
395	struct mslsa_TrustedDomainInfoEx *info;
396};
397
398OPERATION(LSARPC_OPNUM_EnumTrustedDomainsEx)
399struct mslsa_EnumTrustedDomainEx {
400	IN	mslsa_handle_t handle;
401	INOUT	DWORD enum_context;
402	IN	DWORD max_length;
403	OUT REFERENCE	struct mslsa_EnumTrustedDomainBufEx *enum_buf;
404	OUT	DWORD status;
405};
406
407/*
408 ***********************************************************************
409 * Definitions common to both LookupSids and LookupNames. Both return
410 * an mslsa_domain_table[]. Each interface also returns a specific
411 * table with entries which index the mslsa_domain_table[].
412 ***********************************************************************
413 */
414struct mslsa_domain_entry {
415	mslsa_string_t domain_name;
416	struct mslsa_sid *domain_sid;
417};
418typedef struct mslsa_domain_entry mslsa_domain_entry_t;
419
420
421struct mslsa_domain_table {
422	DWORD		n_entry;
423  SIZE_IS(n_entry)
424  	mslsa_domain_entry_t *entries;
425	DWORD		max_n_entry;
426};
427
428
429/*
430 ***********************************************************************
431 * Definitions for LookupSids.
432 *
433 * The input parameters are:
434 *
435 *	A valid LSA handle obtained from an LsarOpenPolicy.
436 *	The table of SIDs to be looked up.
437 *	A table of names (probably empty).
438 *	The lookup level (local=1 or PDC=2).
439 *	An enumeration counter (used for continuation operations).
440 *
441 * The output results are:
442 *
443 *	A table of referenced domains.
444 *	A table of usernames.
445 *	The updated value of the enumeration counter.
446 *	The result status.
447 ***********************************************************************
448 */
449
450struct mslsa_lup_sid_entry {
451	struct mslsa_sid *psid;
452};
453
454struct mslsa_lup_sid_table {
455	DWORD		n_entry;
456    SIZE_IS(n_entry)
457	struct mslsa_lup_sid_entry *entries;
458};
459
460struct mslsa_name_entry {
461	WORD		sid_name_use;
462	WORD		unknown_flags;
463	mslsa_string_t	name;
464	DWORD		domain_ix;		/* -1 means none */
465};
466
467struct mslsa_name_table {
468	DWORD		n_entry;
469    SIZE_IS(n_entry)
470	struct mslsa_name_entry *entries;
471};
472
473OPERATION(LSARPC_OPNUM_LookupSids)
474struct mslsa_LookupSids {
475	IN	mslsa_handle_t	handle;
476	IN	struct mslsa_lup_sid_table lup_sid_table;
477
478	OUT	struct mslsa_domain_table *domain_table;
479	INOUT	struct mslsa_name_table name_table;
480
481	IN	DWORD lookup_level;
482	INOUT	DWORD mapped_count;
483 	OUT	DWORD status;
484};
485
486OPERATION(LSARPC_OPNUM_CreateSecret)
487struct mslsa_CreateSecret {
488	IN	mslsa_handle_t handle;
489	IN	mslsa_string_t name;
490	IN	DWORD access_mask;
491	OUT	mslsa_handle_t secret_handle;
492	OUT	DWORD status;
493};
494
495/*
496 ***********************************************************************
497 * Definitions for LookupNames.
498 *
499 * LookupNames requires the following input parameters.
500 *
501 *	A valid LSA handle obtained from an LsarOpenPolicy.
502 *	The table of names to be looked up.
503 *	A table of translated sids (probably empty).
504 *	The lookup level (local=1 or PDC=2).
505 *	An enumeration counter (used for continuation operations).
506 *
507 * The outputs are as follows.
508 *
509 *	A table of referenced domains.
510 *	A table of translated sids (actually rids).
511 *	The updated value of the enumeration counter.
512 *	The result status.
513 ***********************************************************************
514 */
515struct mslsa_lup_name_table {
516	DWORD n_entry;
517  SIZE_IS(n_entry)
518	mslsa_string_t names[ANY_SIZE_ARRAY];
519};
520
521
522struct mslsa_rid_entry {
523	WORD sid_name_use;
524	WORD pad;	 /* alignment - probably not required */
525	DWORD rid;
526	DWORD domain_index;
527};
528
529
530struct mslsa_rid_table {
531	DWORD n_entry;
532  SIZE_IS(n_entry)
533	struct mslsa_rid_entry *rids;
534};
535
536
537OPERATION(LSARPC_OPNUM_LookupNames)
538struct mslsa_LookupNames {
539	IN		mslsa_handle_t handle;
540	IN	REFERENCE	struct mslsa_lup_name_table *name_table;
541
542	OUT		struct mslsa_domain_table *domain_table;
543	INOUT	struct mslsa_rid_table translated_sids;
544
545	IN		DWORD lookup_level;
546	INOUT	DWORD mapped_count;
547	OUT		DWORD status;
548};
549
550
551/*
552 ***********************************************************************
553 * QueryInfoPolicy returns various pieces of policy information. The
554 * desired information is specified using a class value, as defined
555 * below.
556 ***********************************************************************
557 */
558#define MSLSA_POLICY_AUDIT_LOG_INFO		1
559#define MSLSA_POLICY_AUDIT_EVENTS_INFO		2
560#define MSLSA_POLICY_PRIMARY_DOMAIN_INFO	3
561#define MSLSA_POLICY_UNKNOWN_4_INFO		4
562#define MSLSA_POLICY_ACCOUNT_DOMAIN_INFO	5
563#define MSLSA_POLICY_SERVER_ROLE_INFO		6
564#define MSLSA_POLICY_REPLICA_SOURCE_INFO	7
565#define MSLSA_POLICY_DEFAULT_QUOTA_INFO		8
566#define MSLSA_POLICY_DB_INFO			9
567#define MSLSA_POLICY_AUDIT_SET_INFO		10
568#define MSLSA_POLICY_AUDIT_QUERY_INFO		11
569#define MSLSA_POLICY_DNS_DOMAIN_INFO		12
570
571#define	LSA_ROLE_STANDALONE_WORKSTATION		0
572#define	LSA_ROLE_MEMBER_WORKSTATION		1
573#define	LSA_ROLE_STANDALONE_SERVER		2
574#define	LSA_ROLE_MEMBER_SERVER			3
575#define	LSA_ROLE_BACKUP_DC			4
576#define	LSA_ROLE_PRIMARY_DC			5
577
578/*
579 * MSLSA_POLICY_AUDIT_EVENTS_INFO
580 */
581struct mslsa_AuditEventsInfo {
582	DWORD enabled;
583    SIZE_IS (count)
584	DWORD *settings;
585	DWORD count;
586};
587
588/*
589 * MSLSA_POLICY_PRIMARY_DOMAIN_INFO
590 */
591struct mslsa_PrimaryDomainInfo {
592	struct mslsa_string_desc name;
593	struct mslsa_sid *sid;
594};
595
596/*
597 * MSLSA_POLICY_ACCOUNT_DOMAIN_INFO
598 */
599struct mslsa_AccountDomainInfo {
600	struct mslsa_string_desc name;
601	struct mslsa_sid *sid;
602};
603
604/*
605 * MSLSA_POLICY_SERVER_ROLE_INFO
606 */
607struct mslsa_ServerRoleInfo {
608	DWORD role;
609	DWORD pad;
610};
611
612struct mslsa_DnsDomainInfo {
613	struct mslsa_string_desc nb_domain;
614	struct mslsa_string_desc dns_domain;
615	struct mslsa_string_desc forest;
616	struct mslsa_guid guid;
617	struct mslsa_sid *sid;
618};
619
620union mslsa_PolicyInfoResUnion {
621	CASE(2) struct mslsa_AuditEventsInfo audit_events;
622	CASE(3) struct mslsa_PrimaryDomainInfo pd_info;
623	CASE(5) struct mslsa_AccountDomainInfo ad_info;
624	CASE(6) struct mslsa_ServerRoleInfo server_role;
625	CASE(12) struct mslsa_DnsDomainInfo dns_info;
626	DEFAULT	char *nullptr;
627};
628
629/*
630 * This structure needs to be declared, even though it can't be used in
631 * mslsa_QueryInfoPolicy, in order to get the appropriate size to calculate
632 * the correct fixup offsets.  If ndrgen did the right thing,
633 * mslsa_PolicyInfoRes would be one of the out parameters.  However, if
634 * we do it that way, the switch_value isn't known early enough to do
635 * the fixup calculation.  So it all has to go in mslsa_QueryInfoPolicy.
636 */
637struct mslsa_PolicyInfoRes {
638	DWORD address;
639	WORD switch_value;
640    SWITCH(switch_value)
641	union mslsa_PolicyInfoResUnion ru;
642};
643
644OPERATION(LSARPC_OPNUM_QueryInfoPolicy)
645struct mslsa_QueryInfoPolicy {
646	IN	mslsa_handle_t handle;
647	IN	WORD info_class;
648	/*
649	 * Can't use this form because we need to include members explicitly.
650	 * OUT	struct mslsa_PolicyInfoRes result;
651	 */
652	OUT	DWORD address;
653	OUT	WORD switch_value;
654    SWITCH(switch_value)
655	OUT	union mslsa_PolicyInfoResUnion ru;
656	OUT	DWORD status;
657};
658
659
660
661/*
662 ***********************************************************************
663 * OpenAccount.
664 *
665 * Returns a handle that can be used to access the account specified
666 * by a SID. This handle can be used to enumerate account privileges.
667 ***********************************************************************
668 */
669OPERATION(LSARPC_OPNUM_OpenAccount)
670struct mslsa_OpenAccount {
671	IN  mslsa_handle_t handle;
672	IN REFERENCE	struct mslsa_sid *sid;
673	IN	DWORD access_mask;
674	OUT mslsa_handle_t account_handle;
675	OUT DWORD status;
676};
677
678
679
680 /*
681 ***********************************************************************
682 * EnumPrivilegesAccount.
683 *
684 * Enumerate the list of privileges held by the specified account. The
685 * handle must be a valid account handle obtained via OpenAccount. The
686 * luid values returned will be probably only be relevant on the domain
687 * controller so we'll need to find a way to convert them to the
688 * actual privilege names.
689 ***********************************************************************
690 */
691struct mslsa_LuidAndAttributes {
692	struct mslsa_luid luid;
693	DWORD attributes;
694};
695
696
697struct mslsa_PrivilegeSet {
698	DWORD privilege_count;
699	DWORD control;
700  SIZE_IS(privilege_count)
701	struct mslsa_LuidAndAttributes privilege[ANY_SIZE_ARRAY];
702};
703
704
705OPERATION(LSARPC_OPNUM_EnumPrivsAccount)
706	struct mslsa_EnumPrivsAccount {
707	IN	mslsa_handle_t account_handle;
708	OUT	struct mslsa_PrivilegeSet *privileges;
709	OUT	DWORD status;
710};
711
712OPERATION(LSARPC_OPNUM_OpenSecret)
713struct mslsa_OpenSecret {
714	IN	mslsa_handle_t handle;
715	IN	mslsa_string_t name;
716	IN	DWORD access_mask;
717	OUT	mslsa_handle_t secret_handle;
718	OUT	DWORD status;
719};
720
721
722/*
723 ***********************************************************************
724 * LookupPrivValue
725 *
726 * Map a privilege name to a local unique id (LUID). Privilege names
727 * are consistent across the network. LUIDs are machine specific.
728 * The privilege list is provided as a set of LUIDs so the privilege
729 * lookup functions must be used to identify which the privilege to
730 * which each LUID refers. The handle here is a policy handle.
731 ***********************************************************************
732 */
733OPERATION(LSARPC_OPNUM_LookupPrivValue)
734struct mslsa_LookupPrivValue {
735	IN	mslsa_handle_t handle;
736	IN	mslsa_string_t name;
737	OUT	struct mslsa_luid luid;
738	OUT	DWORD status;
739};
740
741
742/*
743 ***********************************************************************
744 * LookupPrivName
745 *
746 * Map a privilege value (LUID) to a privilege name. Privilege names
747 * are consistent across the network. LUIDs are machine specific.
748 * The privilege list is provided as a set of LUIDs so the privilege
749 * lookup functions must be used to identify which the privilege to
750 * which each LUID refers. The handle here is a policy handle.
751 ***********************************************************************
752 */
753OPERATION(LSARPC_OPNUM_LookupPrivName)
754struct mslsa_LookupPrivName {
755	IN	mslsa_handle_t handle;
756	IN	struct mslsa_luid luid;
757	OUT	mslsa_string_t *name;
758	OUT	DWORD status;
759};
760
761
762/*
763 ***********************************************************************
764 * LookupPrivDisplayName
765 *
766 * Map a privilege name to a local unique id (LUID). Privilege names
767 * are consistent across the network. LUIDs are machine specific.
768 * The privilege list is provided as a set of LUIDs so the privilege
769 * lookup functions must be used to identify which the privilege to
770 * which each LUID refers. The handle here is a policy handle.
771 ***********************************************************************
772 */
773OPERATION(LSARPC_OPNUM_LookupPrivDisplayName)
774struct mslsa_LookupPrivDisplayName {
775	IN	mslsa_handle_t handle;
776	IN	mslsa_string_t name;
777	IN	WORD client_language;
778	IN	WORD default_language;
779	OUT	mslsa_string_t *display_name;
780	OUT	WORD language_ret;
781	OUT	DWORD status;
782};
783
784
785/*
786 ***********************************************************************
787 * GetConnectedUser
788 *
789 * This is still guesswork. Netmon doesn't know about this
790 * call and I'm not really sure what it is intended to achieve.
791 * Another packet capture application, Ethereal, calls this RPC as
792 * GetConnectedUser.
793 * We will receive our own hostname in the request and it appears
794 * we should respond with an account name and the domain name of connected
795 * user from the client that makes this call.
796 ***********************************************************************
797 */
798
799struct mslsa_DomainName {
800	struct mslsa_string_desc *name;
801};
802
803
804OPERATION(LSARPC_OPNUM_GetConnectedUser)
805struct mslsa_GetConnectedUser {
806	IN	LPTSTR hostname;
807	IN  BYTE *unknown1;
808	IN  BYTE *unknown2;
809	OUT	struct mslsa_string_desc *owner;
810	OUT	struct mslsa_DomainName *domain;
811	OUT	DWORD status;
812};
813
814
815/*
816 ***********************************************************************
817 * LSARPC_OPNUM_LookupSids2
818 *
819 * SID lookup function that appeared in Windows 2000. It appears to be
820 * very similar to the original SID lookup RPC. There are two extra IN
821 * parameters, which we don't care about. The OUT name structure has
822 * an extra field, in which zero seems to be okay.
823 ***********************************************************************
824 */
825struct lsar_name_entry2 {
826	WORD sid_name_use;
827	WORD unknown_flags;	/* maybe alignment */
828	mslsa_string_t name;
829	DWORD domain_ix;	/* -1 means none */
830	DWORD unknown;		/* added */
831};
832
833
834struct lsar_name_table2 {
835	DWORD n_entry;
836  SIZE_IS(n_entry)
837	struct lsar_name_entry2 *entries;
838};
839
840
841OPERATION(LSARPC_OPNUM_LookupSids2)
842struct lsar_lookup_sids2 {
843	IN		mslsa_handle_t policy_handle;
844	IN		struct mslsa_lup_sid_table lup_sid_table;
845	OUT		struct mslsa_domain_table *domain_table;
846	INOUT	struct lsar_name_table2 name_table;
847	IN		DWORD lookup_level;
848	INOUT	DWORD mapped_count;
849	IN		DWORD zero;
850	IN		DWORD requested_count;
851 	OUT		DWORD status;
852};
853
854
855/*
856 ***********************************************************************
857 * LSARPC_OPNUM_LookupNames2
858 *
859 * Name lookup function that appeared in Windows 2000. It appears to be
860 * very similar to the original name lookup RPC. There are two extra IN
861 * parameters, which we don't care about. The lsar_rid_entry2 structure
862 * has an extra field, in which zero seems to be okay.
863 ***********************************************************************
864 */
865struct lsar_rid_entry2 {
866	WORD sid_name_use;
867	WORD pad;		/* alignment - probably not required */
868	DWORD rid;
869	DWORD domain_index;	/* -1 means none */
870	DWORD unknown;		/* new */
871};
872
873
874struct lsar_rid_table2 {
875	DWORD n_entry;
876  SIZE_IS(n_entry)
877	struct lsar_rid_entry2 *rids;
878};
879
880
881OPERATION(LSARPC_OPNUM_LookupNames2)
882struct lsar_LookupNames2 {
883	IN		mslsa_handle_t policy_handle;
884	IN	REFERENCE	struct mslsa_lup_name_table *name_table;
885	OUT		struct mslsa_domain_table *domain_table;
886	INOUT	struct lsar_rid_table2 translated_sids;
887	IN		DWORD lookup_level;
888	INOUT	DWORD mapped_count;
889	IN		DWORD unknown_sbz;
890	IN		DWORD unknown_sb2;
891	OUT		DWORD status;
892};
893
894/*
895 ***********************************************************************
896 * The LSARPC interface definition.
897 ***********************************************************************
898 */
899INTERFACE(0)
900union lsarpc_interface {
901	CASE(LSARPC_OPNUM_CloseHandle)
902		struct mslsa_CloseHandle		CloseHandle;
903	CASE(LSARPC_OPNUM_QuerySecurityObject)
904		struct mslsa_QuerySecurityObject	QuerySecurityObj;
905	CASE(LSARPC_OPNUM_EnumerateAccounts)
906		struct mslsa_EnumerateAccounts		EnumAccounts;
907	CASE(LSARPC_OPNUM_EnumTrustedDomainsEx)
908		struct mslsa_EnumTrustedDomainEx	EnumTrustedDomainEx;
909	CASE(LSARPC_OPNUM_EnumTrustedDomain)
910		struct mslsa_EnumTrustedDomain		EnumTrustedDomain;
911	CASE(LSARPC_OPNUM_OpenAccount)
912		struct mslsa_OpenAccount		OpenAccount;
913	CASE(LSARPC_OPNUM_EnumPrivsAccount)
914		struct mslsa_EnumPrivsAccount		EnumPrivsAccount;
915	CASE(LSARPC_OPNUM_LookupPrivValue)
916		struct mslsa_LookupPrivValue		LookupPrivValue;
917	CASE(LSARPC_OPNUM_LookupPrivName)
918		struct mslsa_LookupPrivName		LookupPrivName;
919	CASE(LSARPC_OPNUM_LookupPrivDisplayName)
920		struct mslsa_LookupPrivDisplayName	LookupPrivDisplayName;
921	CASE(LSARPC_OPNUM_CreateSecret)
922		struct mslsa_CreateSecret		CreateSecret;
923	CASE(LSARPC_OPNUM_OpenSecret)
924		struct mslsa_OpenSecret			OpenSecret;
925	CASE(LSARPC_OPNUM_QueryInfoPolicy)
926		struct mslsa_QueryInfoPolicy		QueryInfoPolicy;
927	CASE(LSARPC_OPNUM_OpenPolicy)
928		struct mslsa_OpenPolicy			OpenPolicy;
929	CASE(LSARPC_OPNUM_OpenPolicy2)
930		struct mslsa_OpenPolicy2		OpenPolicy2;
931	CASE(LSARPC_OPNUM_LookupSids)
932		struct mslsa_LookupSids			LookupSids;
933	CASE(LSARPC_OPNUM_LookupNames)
934		struct mslsa_LookupNames		LookupNames;
935	CASE(LSARPC_OPNUM_GetConnectedUser)
936		struct mslsa_GetConnectedUser		GetConnectedUser;
937	CASE(LSARPC_OPNUM_LookupSids2)
938		struct lsar_lookup_sids2		LookupSids2;
939	CASE(LSARPC_OPNUM_LookupNames2)
940		struct lsar_LookupNames2		LookupNames2;
941};
942typedef union lsarpc_interface	lsarpc_interface_t;
943EXTERNTYPEINFO(lsarpc_interface)
944
945#endif /* _MLSVC_LSA_NDL_ */
946