Print this page
1575 untangle libmlrpc ... (smbsrv)
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/smbsrv/ndl/lsarpc.ndl
+++ new/usr/src/uts/common/smbsrv/ndl/lsarpc.ndl
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
|
↓ open down ↓ |
12 lines elided |
↑ open up ↑ |
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23 + * Copyright 2013 Nexenta Systems, Inc. All rights reserved.
23 24 */
24 25
25 26 #ifndef _MLSVC_LSA_NDL_
26 27 #define _MLSVC_LSA_NDL_
27 28
28 29 /*
29 30 * Local Security Authority RPC (LSARPC) interface definition.
30 31 *
31 32 * Names containing a backslash ('\') are known as qualified or composite
32 33 * names. The string preceding the backslash is assumed to be the domain
33 34 * name and the string following the slash is assumed to be name to be
34 35 * resolved within that domain.
35 36 *
36 37 * Names that do not contain a backslash are known as isolated names.
37 38 * An isolated name may be a single label, such as john, or may be in
38 39 * user principal name (UPN) form, such as john@example.com.
39 40 */
40 41
41 -#include "ndrtypes.ndl"
42 +#include <libmlrpc/ndrtypes.ndl>
42 43
43 44
44 45 #define LSARPC_OPNUM_CloseHandle 0x00
45 46 #define LSARPC_OPNUM_Delete 0x01
46 47 #define LSARPC_OPNUM_EnumPrivileges 0x02
47 48 #define LSARPC_OPNUM_QuerySecurityObject 0x03
48 49 #define LSARPC_OPNUM_SetSecurityObject 0x04
49 50 #define LSARPC_OPNUM_ChangePassword 0x05
50 51 #define LSARPC_OPNUM_OpenPolicy 0x06
51 52 #define LSARPC_OPNUM_QueryInfoPolicy 0x07
52 53 #define LSARPC_OPNUM_SetInfoPolicy 0x08
53 54 #define LSARPC_OPNUM_ClearAuditLog 0x09
54 55 #define LSARPC_OPNUM_CreateAccount 0x0a
55 56 #define LSARPC_OPNUM_EnumerateAccounts 0x0b
56 57 #define LSARPC_OPNUM_CreateTrustedDomain 0x0c
57 58 #define LSARPC_OPNUM_EnumTrustedDomain 0x0d
58 59 #define LSARPC_OPNUM_LookupNames 0x0e
59 60 #define LSARPC_OPNUM_LookupSids 0x0f
60 61 #define LSARPC_OPNUM_CreateSecret 0x10
61 62 #define LSARPC_OPNUM_OpenAccount 0x11
62 63 #define LSARPC_OPNUM_EnumPrivsAccount 0x12
63 64 #define LSARPC_OPNUM_AddAccountPrivs 0x13
64 65 #define LSARPC_OPNUM_RemoveAccountPrivs 0x14
65 66 #define LSARPC_OPNUM_GetAccountQuota 0x15
66 67 #define LSARPC_OPNUM_SetAccountQuota 0x16
67 68 #define LSARPC_OPNUM_GetSystemAccessAccount 0x17
68 69 #define LSARPC_OPNUM_SetSystemAccessAccount 0x18
69 70 #define LSARPC_OPNUM_OpenTrustedDomain 0x19
70 71 #define LSARPC_OPNUM_QueryInfoTrustedDomain 0x1a
71 72 #define LSARPC_OPNUM_SetinfoTrustedDomain 0x1b
72 73 #define LSARPC_OPNUM_OpenSecret 0x1c
73 74 #define LSARPC_OPNUM_SetSecret 0x1d
74 75 #define LSARPC_OPNUM_QuerySecret 0x1e
75 76 #define LSARPC_OPNUM_LookupPrivValue 0x1f
76 77 #define LSARPC_OPNUM_LookupPrivName 0x20
77 78 #define LSARPC_OPNUM_LookupPrivDisplayName 0x21
78 79 #define LSARPC_OPNUM_DeleteObject 0x22
79 80 #define LSARPC_OPNUM_EnumAccountsWithUserRight 0x23
80 81 #define LSARPC_OPNUM_EnumAccountRights 0x24
81 82 #define LSARPC_OPNUM_AddAccountRights 0x25
82 83 #define LSARPC_OPNUM_RemoveAccountRights 0x26
83 84 #define LSARPC_OPNUM_QueryTrustedDomainInfo 0x27
84 85 #define LSARPC_OPNUM_SetTrustedDomainInfo 0x28
85 86
86 87 /* Windows 2000 */
87 88 #define LSARPC_OPNUM_DeleteTrustedDomain 0x29
88 89 #define LSARPC_OPNUM_StorePrivateData 0x2a
89 90 #define LSARPC_OPNUM_RetrievePrivateData 0x2b
90 91 #define LSARPC_OPNUM_OpenPolicy2 0x2c
91 92 #define LSARPC_OPNUM_GetConnectedUser 0x2d
92 93 #define LSARPC_OPNUM_QueryInfoPolicy2 0x2e
93 94 #define LSARPC_OPNUM_SetInfoPolicy2 0x2f
94 95 #define LSARPC_OPNUM_QueryTrustedDomainInfoByName 0x30
95 96 #define LSARPC_OPNUM_SetTrustedDomainInfoByName 0x31
96 97 #define LSARPC_OPNUM_EnumTrustedDomainsEx 0x32
97 98 #define LSARPC_OPNUM_CreateTrustedDomainEx 0x33
98 99 #define LSARPC_OPNUM_CloseTrustedDomainEx 0x34
99 100 #define LSARPC_OPNUM_QueryDomainInfoPolicy 0x35
100 101 #define LSARPC_OPNUM_SetDomainInfoPolicy 0x36
101 102 #define LSARPC_OPNUM_OpenTrustedDomainByName 0x37
102 103 #define LSARPC_OPNUM_TestCall 0x38
103 104 #define LSARPC_OPNUM_LookupSids2 0x39
104 105 #define LSARPC_OPNUM_LookupNames2 0x3a
105 106 #define LSARPC_OPNUM_CreateTrustedDomainEx2 0x3b
106 107
107 108 /* Windows 2000 SP3 */
108 109 #define LSARPC_OPNUM_CredWrite 0x3c
109 110 #define LSARPC_OPNUM_CredRead 0x3d
110 111 #define LSARPC_OPNUM_CredEnumerate 0x3e
111 112 #define LSARPC_OPNUM_CredWriteDomainCreds 0x3f
112 113 #define LSARPC_OPNUM_CredReadDomainCreds 0x40
113 114 #define LSARPC_OPNUM_CredDelete 0x41
114 115 #define LSARPC_OPNUM_CredGetTargetInfo 0x42
115 116 #define LSARPC_OPNUM_CredProfileLoaded 0x43
116 117 #define LSARPC_OPNUM_LookupNames3 0x44
117 118 #define LSARPC_OPNUM_CredGetSessionTypes 0x45
118 119 #define LSARPC_OPNUM_RegisterAuditEvent 0x46
119 120 #define LSARPC_OPNUM_GenAuditEvent 0x47
120 121 #define LSARPC_OPNUM_UnregisterAuditEvent 0x48
121 122 #define LSARPC_OPNUM_QueryForestTrustInfo 0x49
122 123 #define LSARPC_OPNUM_SetForestTrustInfo 0x4a
123 124 #define LSARPC_OPNUM_CredRename 0x4b
124 125 #define LSARPC_OPNUM_LookupSids3 0x4c
125 126 #define LSARPC_OPNUM_LookupNames4 0x4d
126 127 #define LSARPC_OPNUM_OpenPolicySce 0x4e
127 128
128 129 /* Windows Server 2003 */
129 130 #define LSARPC_OPNUM_AdtRegisterSecurityEventSource 0x4f
130 131 #define LSARPC_OPNUM_AdtUnregisterSecurityEventSource 0x50
131 132 #define LSARPC_OPNUM_AdtReportSecurityEvent 0x51
132 133
133 134 /* Windows Vista */
134 135 #define LSARPC_OPNUM_CredFindBestCredential 0x52
135 136 #define LSARPC_OPNUM_SetAuditPolicy 0x53
136 137 #define LSARPC_OPNUM_QueryAuditPolicy 0x54
137 138 #define LSARPC_OPNUM_EnumerateAuditPolicy 0x55
138 139 #define LSARPC_OPNUM_EnumerateAuditCategories 0x56
139 140 #define LSARPC_OPNUM_EnumerateAuditSubCategories 0x57
140 141 #define LSARPC_OPNUM_LookupAuditCategoryName 0x58
141 142 #define LSARPC_OPNUM_LookupAuditSubCategoryName 0x59
142 143 #define LSARPC_OPNUM_SetAuditSecurity 0x5a
143 144 #define LSARPC_OPNUM_QueryAuditSecurity 0x5b
144 145 #define LSARPC_OPNUM_CredReadByTokenHandle 0x5c
145 146 #define LSARPC_OPNUM_CredRestoreCredentials 0x5d
146 147 #define LSARPC_OPNUM_CredBackupCredentials 0x5e
147 148
148 149 /*
149 150 * Lookup levels. Level 1 appears to mean only look on the local host and
150 151 * level 2 means forward the request to the PDC. On the PDC it probably
151 152 * doesn't matter which level you use but on a BDC a level 1 lookup will
152 153 * fail if the BDC doesn't have the info whereas a level 2 lookup will also
153 154 * check with the PDC.
154 155 */
155 156 #define LSA_LOOKUP_WKSTA 1 /* Windows NT 3.1 */
156 157 #define LSA_LOOKUP_PDC 2
157 158 #define LSA_LOOKUP_TDL 3
158 159 #define LSA_LOOKUP_GC 4 /* Windows 2000 */
159 160 #define LSA_LOOKUP_XFORESTREFERRAL 5 /* Windows XP */
160 161 #define LSA_LOOKUP_XFORESTRESOLVE 6
161 162 #define LSA_LOOKUP_RODCREFERRALTOFULLDC 7 /* Windows Vista */
162 163
163 164 /*
164 165 * Name/SID lookup flags
165 166 */
166 167 #define LSA_LOOKUP_NAME_NOT_SPN 0x00000001
167 168 #define LSA_LOOKUP_NAME_MAYBE_XFOREST 0x00000002
168 169 #define LSA_LOOKUP_NAME_IN_DBVIEW 0x00000004
169 170
170 171 /*
171 172 * Name/SID lookup options
172 173 *
173 174 * 0x00000000 Lookup isolated names both locally and in domains/forests.
174 175 * 0x80000000 Lookup isolated names (except for UPNs) only in the local
175 176 * account database. Do not lookup UPNs.
176 177 */
177 178 #define LSA_LOOKUP_OPT_ALL 0x00000000
178 179 #define LSA_LOOKUP_OPT_LOCAL 0x80000000
179 180
180 181 /*
181 182 * Client revision
182 183 *
183 184 * 0x00000001 Client does not understand DNS names or forests.
184 185 * 0x00000002 Client understands DNS names and forests.
185 186 *
186 187 * Notes:
187 188 * 0 means the same as 1
188 189 * Anything greater than 2 means the same as 2
189 190 */
190 191 #define LSA_CLIENT_REVISION_NT 0x00000001
191 192 #define LSA_CLIENT_REVISION_AD 0x00000002
192 193
193 194 /*
194 195 * Definition for a SID. The ndl compiler won't allow a typedef of
195 196 * a structure containing variable size members.
196 197 */
197 198 struct mslsa_sid {
198 199 BYTE Revision;
199 200 BYTE SubAuthCount;
200 201 BYTE Authority[6];
201 202 SIZE_IS(SubAuthCount)
202 203 DWORD SubAuthority[ANY_SIZE_ARRAY];
203 204 };
204 205
205 206 struct mslsa_string_desc {
206 207 WORD length;
207 208 WORD allosize;
208 209 LPTSTR str;
209 210 };
210 211 typedef struct mslsa_string_desc mslsa_string_t;
211 212
212 213 CONTEXT_HANDLE(mslsa_handle) mslsa_handle_t;
213 214
214 215 struct mslsa_luid {
215 216 DWORD low_part;
216 217 DWORD high_part;
217 218 };
218 219 typedef struct mslsa_luid mslsa_luid_t;
219 220
220 221 struct mslsa_guid {
221 222 DWORD data1;
222 223 WORD data2;
223 224 WORD data3;
224 225 BYTE data4[8];
225 226 };
226 227 typedef struct mslsa_guid mslsa_guid_t;
227 228
228 229 /*
229 230 ***********************************************************************
230 231 * OpenPolicy2 obtains a handle for a remote LSA. This handle is
231 232 * required for all subsequent LSA requests.
232 233 *
233 234 * The server name should be the name of the target PDC or BDC, with
234 235 * the double backslash prefix.
235 236 *
236 237 * As far as I can tell, the mslsa_object_attributes structure can be
237 238 * all zero except for the length, which should be set to sizeof(struct
238 239 * mslsa_object_attributes).
239 240 *
240 241 * For read access, the desired access mask should contain the
241 242 * READ_CONTROL standard right and whatever policy rights are required.
242 243 * I haven't tried any update operations but if you get the access mask
243 244 * wrong you can crash the domain controller.
244 245 ***********************************************************************
245 246 */
246 247
247 248
248 249 /*
249 250 * From netmon:
250 251 * length = 12
251 252 * impersonation_level = 2
252 253 * context_tracking_mode = 1
253 254 * effective_only = 0
254 255 */
255 256 struct mslsa_quality_of_service {
256 257 DWORD length;
257 258 WORD impersonation_level;
258 259 BYTE context_tracking_mode;
259 260 BYTE effective_only;
260 261 };
261 262
262 263
263 264 struct mslsa_object_attributes {
264 265 DWORD length;
265 266 DWORD rootDirectory;
266 267 DWORD objectName;
267 268 DWORD attributes;
268 269 DWORD securityDescriptor;
269 270 struct mslsa_quality_of_service *qualityOfService;
270 271 };
271 272
272 273
273 274 OPERATION(LSARPC_OPNUM_OpenPolicy)
274 275 struct mslsa_OpenPolicy {
275 276 IN DWORD *servername;
276 277 IN struct mslsa_object_attributes attributes;
277 278 IN DWORD desiredAccess;
278 279 OUT mslsa_handle_t domain_handle;
279 280 OUT DWORD status;
280 281 };
281 282
282 283 OPERATION(LSARPC_OPNUM_OpenPolicy2)
283 284 struct mslsa_OpenPolicy2 {
284 285 IN LPTSTR servername;
285 286 IN struct mslsa_object_attributes attributes;
286 287 IN DWORD desiredAccess;
287 288 OUT mslsa_handle_t domain_handle;
288 289 OUT DWORD status;
289 290 };
290 291
291 292
292 293 /*
293 294 ***********************************************************************
294 295 * CloseHandle closes an association with the LSA. The returned handle
295 296 * will be all zero.
296 297 ***********************************************************************
297 298 */
298 299 OPERATION(LSARPC_OPNUM_CloseHandle)
299 300 struct mslsa_CloseHandle {
300 301 IN mslsa_handle_t handle;
301 302 OUT mslsa_handle_t result_handle;
302 303 OUT DWORD status;
303 304 };
304 305
305 306
306 307 /*
307 308 ***********************************************************************
308 309 * EnumPrivileges
309 310 *
310 311 * Obtain a list of privilege names. This interface is not implemented
311 312 * yet The definition below has not been tested. This is a guess based
312 313 * on data available from netmon.
313 314 ***********************************************************************
314 315 */
315 316 struct mslsa_PrivDef {
316 317 mslsa_string_t name;
317 318 mslsa_luid_t luid;
318 319 };
319 320
320 321
321 322 struct mslsa_PrivEnumBuf {
322 323 DWORD entries_read;
323 324 SIZE_IS(entries_read)
324 325 struct mslsa_PrivDef *def;
325 326 };
326 327
327 328
328 329 OPERATION(LSARPC_OPNUM_EnumPrivileges)
329 330 struct mslsa_EnumPrivileges {
330 331 IN mslsa_handle_t handle;
331 332 INOUT DWORD enum_context;
332 333 IN DWORD max_length;
333 334 OUT REFERENCE struct mslsa_PrivEnumBuf *enum_buf;
334 335 OUT DWORD status;
335 336 };
336 337
337 338
338 339 /*
339 340 ***********************************************************************
340 341 * QuerySecurityObject. I'm not entirely sure how to set this up yet.
341 342 * I used the discovery RPC to scope it out. The structures are set up
342 343 * according to netmon and the assumption that a security descriptor
343 344 * on the wire looks like the regular user level security descriptor.
344 345 ***********************************************************************
345 346 */
346 347 struct mslsa_SecurityDescriptor {
347 348 BYTE revision;
348 349 BYTE sbz1;
349 350 WORD control;
350 351 DWORD owner;
351 352 DWORD group;
352 353 DWORD sacl;
353 354 DWORD dacl;
354 355 };
355 356
356 357
357 358 struct mslsa_SecurityDescInfo {
358 359 DWORD length;
359 360 SIZE_IS(length)
360 361 BYTE *desc; /* temporary */
361 362 /* struct mslsa_SecurityDescriptor *desc; */
362 363 };
363 364
364 365
365 366 OPERATION(LSARPC_OPNUM_QuerySecurityObject)
366 367 struct mslsa_QuerySecurityObject {
367 368 IN mslsa_handle_t handle;
368 369 IN DWORD security_info;
369 370 OUT struct mslsa_SecurityDescInfo *desc_info;
370 371 OUT DWORD status;
371 372 };
372 373
373 374
374 375 /*
375 376 ***********************************************************************
376 377 * EnumerateAccounts and EnumerateTrustedDomain.
377 378 ***********************************************************************
378 379 */
379 380 struct mslsa_AccountInfo {
380 381 struct mslsa_sid *sid;
381 382 };
382 383
383 384
384 385 struct mslsa_EnumAccountBuf {
385 386 DWORD entries_read;
386 387 SIZE_IS(entries_read)
387 388 struct mslsa_AccountInfo *info;
388 389 };
389 390
390 391
391 392 OPERATION(LSARPC_OPNUM_EnumerateAccounts)
392 393 struct mslsa_EnumerateAccounts {
393 394 IN mslsa_handle_t handle;
394 395 INOUT DWORD enum_context;
395 396 IN DWORD max_length;
396 397 OUT REFERENCE struct mslsa_EnumAccountBuf *enum_buf;
397 398 OUT DWORD status;
398 399 };
399 400
400 401
401 402 struct mslsa_TrustedDomainInfo {
402 403 mslsa_string_t name;
403 404 struct mslsa_sid *sid;
404 405 };
405 406
406 407
407 408 struct mslsa_EnumTrustedDomainBuf {
408 409 DWORD entries_read;
409 410 SIZE_IS(entries_read)
410 411 struct mslsa_TrustedDomainInfo *info;
411 412 };
412 413
413 414
414 415 OPERATION(LSARPC_OPNUM_EnumTrustedDomain)
415 416 struct mslsa_EnumTrustedDomain {
416 417 IN mslsa_handle_t handle;
417 418 INOUT DWORD enum_context;
418 419 IN DWORD max_length;
419 420 OUT REFERENCE struct mslsa_EnumTrustedDomainBuf *enum_buf;
420 421 OUT DWORD status;
421 422 };
422 423
423 424 struct mslsa_TrustedDomainInfoEx {
424 425 mslsa_string_t dns_name;
425 426 mslsa_string_t nb_name;
426 427 struct mslsa_sid *sid;
427 428 DWORD trust_direction;
428 429 DWORD trust_type;
429 430 DWORD trust_attrs;
430 431 };
431 432
432 433 struct mslsa_EnumTrustedDomainBufEx {
433 434 DWORD entries_read;
434 435 SIZE_IS(entries_read)
435 436 struct mslsa_TrustedDomainInfoEx *info;
436 437 };
437 438
438 439 OPERATION(LSARPC_OPNUM_EnumTrustedDomainsEx)
439 440 struct mslsa_EnumTrustedDomainEx {
440 441 IN mslsa_handle_t handle;
441 442 INOUT DWORD enum_context;
442 443 IN DWORD max_length;
443 444 OUT REFERENCE struct mslsa_EnumTrustedDomainBufEx *enum_buf;
444 445 OUT DWORD status;
445 446 };
446 447
447 448 /*
448 449 ***********************************************************************
449 450 * Definitions common to both LookupSids and LookupNames. Both return
450 451 * an mslsa_domain_table[]. Each interface also returns a specific
451 452 * table with entries which index the mslsa_domain_table[].
452 453 ***********************************************************************
453 454 */
454 455 struct mslsa_domain_entry {
455 456 mslsa_string_t domain_name;
456 457 struct mslsa_sid *domain_sid;
457 458 };
458 459 typedef struct mslsa_domain_entry mslsa_domain_entry_t;
459 460
460 461
461 462 struct mslsa_domain_table {
462 463 DWORD n_entry;
463 464 SIZE_IS(n_entry)
464 465 mslsa_domain_entry_t *entries;
465 466 DWORD max_n_entry;
466 467 };
467 468
468 469
469 470 /*
470 471 ***********************************************************************
471 472 * Definitions for LookupSids.
472 473 *
473 474 * The input parameters are:
474 475 *
475 476 * A valid LSA handle obtained from an LsarOpenPolicy.
476 477 * The table of SIDs to be looked up.
477 478 * A table of names (probably empty).
478 479 * The lookup level (local=1 or PDC=2).
479 480 * An enumeration counter (used for continuation operations).
480 481 *
481 482 * The output results are:
482 483 *
483 484 * A table of referenced domains.
484 485 * A table of usernames.
485 486 * The updated value of the enumeration counter.
486 487 * The result status.
487 488 ***********************************************************************
488 489 */
489 490
490 491 struct mslsa_lup_sid_entry {
491 492 struct mslsa_sid *psid;
492 493 };
493 494
494 495 struct mslsa_lup_sid_table {
495 496 DWORD n_entry;
496 497 SIZE_IS(n_entry)
497 498 struct mslsa_lup_sid_entry *entries;
498 499 };
499 500
500 501 struct mslsa_name_entry {
501 502 WORD sid_name_use;
502 503 WORD unknown_flags;
503 504 mslsa_string_t name;
504 505 DWORD domain_ix; /* -1 means none */
505 506 };
506 507
507 508 struct mslsa_name_table {
508 509 DWORD n_entry;
509 510 SIZE_IS(n_entry)
510 511 struct mslsa_name_entry *entries;
511 512 };
512 513
513 514 OPERATION(LSARPC_OPNUM_LookupSids)
514 515 struct mslsa_LookupSids {
515 516 IN mslsa_handle_t handle;
516 517 IN struct mslsa_lup_sid_table lup_sid_table;
517 518
518 519 OUT struct mslsa_domain_table *domain_table;
519 520 INOUT struct mslsa_name_table name_table;
520 521
521 522 IN WORD lookup_level;
522 523 INOUT DWORD mapped_count;
523 524 OUT DWORD status;
524 525 };
525 526
526 527 OPERATION(LSARPC_OPNUM_CreateSecret)
527 528 struct mslsa_CreateSecret {
528 529 IN mslsa_handle_t handle;
529 530 IN mslsa_string_t name;
530 531 IN DWORD access_mask;
531 532 OUT mslsa_handle_t secret_handle;
532 533 OUT DWORD status;
533 534 };
534 535
535 536 /*
536 537 ***********************************************************************
537 538 * Definitions for LookupNames.
538 539 *
539 540 * LookupNames requires the following input parameters.
540 541 *
541 542 * A valid LSA handle obtained from an LsarOpenPolicy.
542 543 * The table of names to be looked up.
543 544 * A table of translated sids (probably empty).
544 545 * The lookup level (local=1 or PDC=2).
545 546 * An enumeration counter (used for continuation operations).
546 547 *
547 548 * The outputs are as follows.
548 549 *
549 550 * A table of referenced domains.
550 551 * A table of translated sids (actually rids).
551 552 * The updated value of the enumeration counter.
552 553 * The result status.
553 554 ***********************************************************************
554 555 */
555 556 struct mslsa_lup_name_table {
556 557 DWORD n_entry;
557 558 SIZE_IS(n_entry)
558 559 mslsa_string_t names[ANY_SIZE_ARRAY];
559 560 };
560 561
561 562
562 563 struct mslsa_rid_entry {
563 564 WORD sid_name_use;
564 565 WORD pad;
565 566 DWORD rid;
566 567 DWORD domain_index;
567 568 };
568 569
569 570
570 571 struct mslsa_rid_table {
571 572 DWORD n_entry;
572 573 SIZE_IS(n_entry)
573 574 struct mslsa_rid_entry *rids;
574 575 };
575 576
576 577
577 578 OPERATION(LSARPC_OPNUM_LookupNames)
578 579 struct mslsa_LookupNames {
579 580 IN mslsa_handle_t handle;
580 581 IN REFERENCE struct mslsa_lup_name_table *name_table;
581 582
582 583 OUT struct mslsa_domain_table *domain_table;
583 584 INOUT struct mslsa_rid_table translated_sids;
584 585
585 586 IN WORD lookup_level;
586 587 INOUT DWORD mapped_count;
587 588 OUT DWORD status;
588 589 };
589 590
590 591
591 592 /*
592 593 ***********************************************************************
593 594 * QueryInfoPolicy returns various pieces of policy information. The
594 595 * desired information is specified using a class value, as defined
595 596 * below.
596 597 ***********************************************************************
597 598 */
598 599 #define MSLSA_POLICY_AUDIT_LOG_INFO 1
599 600 #define MSLSA_POLICY_AUDIT_EVENTS_INFO 2
600 601 #define MSLSA_POLICY_PRIMARY_DOMAIN_INFO 3
601 602 #define MSLSA_POLICY_UNKNOWN_4_INFO 4
602 603 #define MSLSA_POLICY_ACCOUNT_DOMAIN_INFO 5
603 604 #define MSLSA_POLICY_SERVER_ROLE_INFO 6
604 605 #define MSLSA_POLICY_REPLICA_SOURCE_INFO 7
605 606 #define MSLSA_POLICY_DEFAULT_QUOTA_INFO 8
606 607 #define MSLSA_POLICY_DB_INFO 9
607 608 #define MSLSA_POLICY_AUDIT_SET_INFO 10
608 609 #define MSLSA_POLICY_AUDIT_QUERY_INFO 11
609 610 #define MSLSA_POLICY_DNS_DOMAIN_INFO 12
610 611
611 612 #define LSA_ROLE_STANDALONE_WORKSTATION 0
612 613 #define LSA_ROLE_MEMBER_WORKSTATION 1
613 614 #define LSA_ROLE_STANDALONE_SERVER 2
614 615 #define LSA_ROLE_MEMBER_SERVER 3
615 616 #define LSA_ROLE_BACKUP_DC 4
616 617 #define LSA_ROLE_PRIMARY_DC 5
617 618
618 619 /*
619 620 * MSLSA_POLICY_AUDIT_EVENTS_INFO
620 621 */
621 622 struct mslsa_AuditEventsInfo {
622 623 DWORD enabled;
623 624 SIZE_IS (count)
624 625 DWORD *settings;
625 626 DWORD count;
626 627 };
627 628
628 629 /*
629 630 * MSLSA_POLICY_PRIMARY_DOMAIN_INFO
630 631 */
631 632 struct mslsa_PrimaryDomainInfo {
632 633 struct mslsa_string_desc name;
633 634 struct mslsa_sid *sid;
634 635 };
635 636
636 637 /*
637 638 * MSLSA_POLICY_ACCOUNT_DOMAIN_INFO
638 639 */
639 640 struct mslsa_AccountDomainInfo {
640 641 struct mslsa_string_desc name;
641 642 struct mslsa_sid *sid;
642 643 };
643 644
644 645 /*
645 646 * MSLSA_POLICY_SERVER_ROLE_INFO
646 647 */
647 648 struct mslsa_ServerRoleInfo {
648 649 DWORD role;
649 650 DWORD pad;
650 651 };
651 652
652 653 struct mslsa_DnsDomainInfo {
653 654 struct mslsa_string_desc nb_domain;
654 655 struct mslsa_string_desc dns_domain;
655 656 struct mslsa_string_desc forest;
656 657 struct mslsa_guid guid;
657 658 struct mslsa_sid *sid;
658 659 };
659 660
660 661 union mslsa_PolicyInfoResUnion {
661 662 CASE(2) struct mslsa_AuditEventsInfo audit_events;
662 663 CASE(3) struct mslsa_PrimaryDomainInfo pd_info;
663 664 CASE(5) struct mslsa_AccountDomainInfo ad_info;
664 665 CASE(6) struct mslsa_ServerRoleInfo server_role;
665 666 CASE(12) struct mslsa_DnsDomainInfo dns_info;
666 667 DEFAULT char *nullptr;
667 668 };
668 669
669 670 /*
670 671 * This structure needs to be declared, even though it can't be used in
671 672 * mslsa_QueryInfoPolicy, in order to get the appropriate size to calculate
672 673 * the correct fixup offsets. If ndrgen did the right thing,
673 674 * mslsa_PolicyInfoRes would be one of the out parameters. However, if
674 675 * we do it that way, the switch_value isn't known early enough to do
675 676 * the fixup calculation. So it all has to go in mslsa_QueryInfoPolicy.
676 677 */
677 678 struct mslsa_PolicyInfoRes {
678 679 DWORD address;
679 680 WORD switch_value;
680 681 SWITCH(switch_value)
681 682 union mslsa_PolicyInfoResUnion ru;
682 683 };
683 684
684 685 OPERATION(LSARPC_OPNUM_QueryInfoPolicy)
685 686 struct mslsa_QueryInfoPolicy {
686 687 IN mslsa_handle_t handle;
687 688 IN WORD info_class;
688 689 /*
689 690 * Can't use this form because we need to include members explicitly.
690 691 * OUT struct mslsa_PolicyInfoRes result;
691 692 */
692 693 OUT DWORD address;
693 694 OUT WORD switch_value;
694 695 SWITCH(switch_value)
695 696 OUT union mslsa_PolicyInfoResUnion ru;
696 697 OUT DWORD status;
697 698 };
698 699
699 700
700 701
701 702 /*
702 703 ***********************************************************************
703 704 * OpenAccount.
704 705 *
705 706 * Returns a handle that can be used to access the account specified
706 707 * by a SID. This handle can be used to enumerate account privileges.
707 708 ***********************************************************************
708 709 */
709 710 OPERATION(LSARPC_OPNUM_OpenAccount)
710 711 struct mslsa_OpenAccount {
711 712 IN mslsa_handle_t handle;
712 713 IN REFERENCE struct mslsa_sid *sid;
713 714 IN DWORD access_mask;
714 715 OUT mslsa_handle_t account_handle;
715 716 OUT DWORD status;
716 717 };
717 718
718 719
719 720
720 721 /*
721 722 ***********************************************************************
722 723 * EnumPrivilegesAccount.
723 724 *
724 725 * Enumerate the list of privileges held by the specified account. The
725 726 * handle must be a valid account handle obtained via OpenAccount. The
726 727 * luid values returned will be probably only be relevant on the domain
727 728 * controller so we'll need to find a way to convert them to the
728 729 * actual privilege names.
729 730 ***********************************************************************
730 731 */
731 732 struct mslsa_LuidAndAttributes {
732 733 struct mslsa_luid luid;
733 734 DWORD attributes;
734 735 };
735 736
736 737
737 738 struct mslsa_PrivilegeSet {
738 739 DWORD privilege_count;
739 740 DWORD control;
740 741 SIZE_IS(privilege_count)
741 742 struct mslsa_LuidAndAttributes privilege[ANY_SIZE_ARRAY];
742 743 };
743 744
744 745
745 746 OPERATION(LSARPC_OPNUM_EnumPrivsAccount)
746 747 struct mslsa_EnumPrivsAccount {
747 748 IN mslsa_handle_t account_handle;
748 749 OUT struct mslsa_PrivilegeSet *privileges;
749 750 OUT DWORD status;
750 751 };
751 752
752 753 OPERATION(LSARPC_OPNUM_OpenSecret)
753 754 struct mslsa_OpenSecret {
754 755 IN mslsa_handle_t handle;
755 756 IN mslsa_string_t name;
756 757 IN DWORD access_mask;
757 758 OUT mslsa_handle_t secret_handle;
758 759 OUT DWORD status;
759 760 };
760 761
761 762
762 763 /*
763 764 ***********************************************************************
764 765 * LookupPrivValue
765 766 *
766 767 * Map a privilege name to a local unique id (LUID). Privilege names
767 768 * are consistent across the network. LUIDs are machine specific.
768 769 * The privilege list is provided as a set of LUIDs so the privilege
769 770 * lookup functions must be used to identify which the privilege to
770 771 * which each LUID refers. The handle here is a policy handle.
771 772 ***********************************************************************
772 773 */
773 774 OPERATION(LSARPC_OPNUM_LookupPrivValue)
774 775 struct mslsa_LookupPrivValue {
775 776 IN mslsa_handle_t handle;
776 777 IN mslsa_string_t name;
777 778 OUT struct mslsa_luid luid;
778 779 OUT DWORD status;
779 780 };
780 781
781 782
782 783 /*
783 784 ***********************************************************************
784 785 * LookupPrivName
785 786 *
786 787 * Map a privilege value (LUID) to a privilege name. Privilege names
787 788 * are consistent across the network. LUIDs are machine specific.
788 789 * The privilege list is provided as a set of LUIDs so the privilege
789 790 * lookup functions must be used to identify which the privilege to
790 791 * which each LUID refers. The handle here is a policy handle.
791 792 ***********************************************************************
792 793 */
793 794 OPERATION(LSARPC_OPNUM_LookupPrivName)
794 795 struct mslsa_LookupPrivName {
795 796 IN mslsa_handle_t handle;
796 797 IN struct mslsa_luid luid;
797 798 OUT mslsa_string_t *name;
798 799 OUT DWORD status;
799 800 };
800 801
801 802
802 803 /*
803 804 ***********************************************************************
804 805 * LookupPrivDisplayName
805 806 *
806 807 * Map a privilege name to a local unique id (LUID). Privilege names
807 808 * are consistent across the network. LUIDs are machine specific.
808 809 * The privilege list is provided as a set of LUIDs so the privilege
809 810 * lookup functions must be used to identify which the privilege to
810 811 * which each LUID refers. The handle here is a policy handle.
811 812 ***********************************************************************
812 813 */
813 814 OPERATION(LSARPC_OPNUM_LookupPrivDisplayName)
814 815 struct mslsa_LookupPrivDisplayName {
815 816 IN mslsa_handle_t handle;
816 817 IN mslsa_string_t name;
817 818 IN WORD client_language;
818 819 IN WORD default_language;
819 820 OUT mslsa_string_t *display_name;
820 821 OUT WORD language_ret;
821 822 OUT DWORD status;
822 823 };
823 824
824 825
825 826 /*
826 827 ***********************************************************************
827 828 * GetConnectedUser
828 829 *
829 830 * Return the account name and NetBIOS domain name for the user making
830 831 * the request. All input fields should be ignored by the server.
831 832 ***********************************************************************
832 833 */
833 834 struct mslsa_DomainName {
834 835 struct mslsa_string_desc *name;
835 836 };
836 837
837 838
838 839 OPERATION(LSARPC_OPNUM_GetConnectedUser)
839 840 struct mslsa_GetConnectedUser {
840 841 IN LPTSTR hostname;
841 842 IN BYTE *owner_in;
842 843 IN BYTE *domain_in;
843 844 OUT struct mslsa_string_desc *owner;
844 845 OUT struct mslsa_DomainName *domain;
845 846 OUT DWORD status;
846 847 };
847 848
848 849
849 850 /*
850 851 ***********************************************************************
851 852 * LSARPC_OPNUM_LookupSids2
852 853 *
853 854 * SID lookup function that appeared in Windows 2000. It appears to be
854 855 * very similar to the original SID lookup RPC. There are two extra IN
855 856 * parameters, which we don't care about. The OUT name structure has
856 857 * an extra field, in which zero seems to be okay.
857 858 ***********************************************************************
858 859 */
859 860 struct lsar_name_entry2 {
860 861 WORD sid_name_use;
861 862 WORD padding;
862 863 mslsa_string_t name;
863 864 DWORD domain_ix; /* -1 means none */
864 865 DWORD flags;
865 866 };
866 867 typedef struct lsar_name_entry2 lsar_translated_name_ex_t;
867 868
868 869 struct lsar_name_table2 {
869 870 DWORD n_entry;
870 871 SIZE_IS(n_entry)
871 872 struct lsar_name_entry2 *entries;
872 873 };
873 874 typedef struct lsar_name_table2 lsar_translated_names_ex_t;
874 875
875 876 OPERATION(LSARPC_OPNUM_LookupSids2)
876 877 struct lsar_lookup_sids2 {
877 878 IN mslsa_handle_t policy_handle;
878 879 IN struct mslsa_lup_sid_table lup_sid_table;
879 880 OUT struct mslsa_domain_table *domain_table;
880 881 INOUT struct lsar_name_table2 name_table;
881 882 IN WORD lookup_level;
882 883 INOUT DWORD mapped_count;
883 884 IN DWORD lookup_options;
884 885 IN DWORD client_revision;
885 886 OUT DWORD status;
886 887 };
887 888
888 889 OPERATION(LSARPC_OPNUM_LookupSids3)
889 890 struct lsar_lookup_sids3 {
890 891 IN struct mslsa_lup_sid_table lup_sid_table;
891 892 OUT struct mslsa_domain_table *domain_table;
892 893 INOUT lsar_translated_names_ex_t name_table;
893 894 IN WORD lookup_level;
894 895 INOUT DWORD mapped_count;
895 896 IN DWORD lookup_options;
896 897 IN DWORD client_revision;
897 898 OUT DWORD status;
898 899 };
899 900
900 901 /*
901 902 ***********************************************************************
902 903 * LSARPC_OPNUM_LookupNames2
903 904 *
904 905 * Name lookup function that appeared in Windows 2000. It appears to be
905 906 * very similar to the original name lookup RPC. There are two extra IN
906 907 * parameters, which we don't care about. The lsar_rid_entry2 structure
907 908 * has an extra field, in which zero seems to be okay.
908 909 ***********************************************************************
909 910 */
910 911 struct lsar_rid_entry2 {
911 912 WORD sid_name_use;
912 913 WORD pad;
913 914 DWORD rid;
914 915 DWORD domain_index; /* -1 means none */
915 916 DWORD flags;
916 917 };
917 918
918 919
919 920 struct lsar_rid_table2 {
920 921 DWORD n_entry;
921 922 SIZE_IS(n_entry)
922 923 struct lsar_rid_entry2 *rids;
923 924 };
924 925
925 926
926 927 OPERATION(LSARPC_OPNUM_LookupNames2)
927 928 struct lsar_LookupNames2 {
928 929 IN mslsa_handle_t policy_handle;
929 930 IN REFERENCE struct mslsa_lup_name_table *name_table;
930 931 OUT struct mslsa_domain_table *domain_table;
931 932 INOUT struct lsar_rid_table2 translated_sids;
932 933 IN WORD lookup_level;
933 934 INOUT DWORD mapped_count;
934 935 IN DWORD lookup_options;
935 936 IN DWORD client_revision;
936 937 OUT DWORD status;
937 938 };
938 939
939 940 struct lsar_translated_sid_ex2 {
940 941 WORD sid_name_use;
941 942 WORD pad;
942 943 struct mslsa_sid *sid;
943 944 DWORD domain_index; /* -1 means none */
944 945 DWORD flags;
945 946 };
946 947 typedef struct lsar_translated_sid_ex2 lsar_translated_sid_ex2_t;
947 948
948 949 struct lsar_sid_ex2_table {
949 950 DWORD n_entry;
950 951 SIZE_IS(n_entry)
951 952 struct lsar_translated_sid_ex2 *sids;
952 953 };
953 954 typedef struct lsar_sid_ex2_table lsar_sid_ex2_table_t;
954 955
955 956 OPERATION(LSARPC_OPNUM_LookupNames3)
956 957 struct lsar_LookupNames3 {
957 958 IN mslsa_handle_t policy_handle;
958 959 IN REFERENCE struct mslsa_lup_name_table *name_table;
959 960 OUT struct mslsa_domain_table *domain_table;
960 961 INOUT struct lsar_sid_ex2_table translated_sids;
961 962 IN WORD lookup_level;
962 963 INOUT DWORD mapped_count;
963 964 IN DWORD lookup_options;
964 965 IN DWORD client_revision;
965 966 OUT DWORD status;
966 967 };
967 968
968 969 OPERATION(LSARPC_OPNUM_LookupNames4)
969 970 struct lsar_LookupNames4 {
970 971 IN REFERENCE struct mslsa_lup_name_table *name_table;
971 972 OUT struct mslsa_domain_table *domain_table;
972 973 INOUT struct lsar_sid_ex2_table translated_sids;
973 974 IN WORD lookup_level;
974 975 INOUT DWORD mapped_count;
975 976 IN DWORD lookup_options;
976 977 IN DWORD client_revision;
977 978 OUT DWORD status;
978 979 };
979 980
980 981 /*
981 982 ***********************************************************************
982 983 * The LSARPC interface definition.
983 984 ***********************************************************************
984 985 */
985 986 INTERFACE(0)
986 987 union lsarpc_interface {
987 988 CASE(LSARPC_OPNUM_CloseHandle)
988 989 struct mslsa_CloseHandle CloseHandle;
989 990 CASE(LSARPC_OPNUM_QuerySecurityObject)
990 991 struct mslsa_QuerySecurityObject QuerySecurityObj;
991 992 CASE(LSARPC_OPNUM_EnumerateAccounts)
992 993 struct mslsa_EnumerateAccounts EnumAccounts;
993 994 CASE(LSARPC_OPNUM_EnumTrustedDomainsEx)
994 995 struct mslsa_EnumTrustedDomainEx EnumTrustedDomainEx;
995 996 CASE(LSARPC_OPNUM_EnumTrustedDomain)
996 997 struct mslsa_EnumTrustedDomain EnumTrustedDomain;
997 998 CASE(LSARPC_OPNUM_OpenAccount)
998 999 struct mslsa_OpenAccount OpenAccount;
999 1000 CASE(LSARPC_OPNUM_EnumPrivsAccount)
1000 1001 struct mslsa_EnumPrivsAccount EnumPrivsAccount;
1001 1002 CASE(LSARPC_OPNUM_LookupPrivValue)
1002 1003 struct mslsa_LookupPrivValue LookupPrivValue;
1003 1004 CASE(LSARPC_OPNUM_LookupPrivName)
1004 1005 struct mslsa_LookupPrivName LookupPrivName;
1005 1006 CASE(LSARPC_OPNUM_LookupPrivDisplayName)
1006 1007 struct mslsa_LookupPrivDisplayName LookupPrivDisplayName;
1007 1008 CASE(LSARPC_OPNUM_CreateSecret)
1008 1009 struct mslsa_CreateSecret CreateSecret;
1009 1010 CASE(LSARPC_OPNUM_OpenSecret)
1010 1011 struct mslsa_OpenSecret OpenSecret;
1011 1012 CASE(LSARPC_OPNUM_QueryInfoPolicy)
1012 1013 struct mslsa_QueryInfoPolicy QueryInfoPolicy;
1013 1014 CASE(LSARPC_OPNUM_OpenPolicy)
1014 1015 struct mslsa_OpenPolicy OpenPolicy;
1015 1016 CASE(LSARPC_OPNUM_OpenPolicy2)
1016 1017 struct mslsa_OpenPolicy2 OpenPolicy2;
1017 1018 CASE(LSARPC_OPNUM_LookupSids)
1018 1019 struct mslsa_LookupSids LookupSids;
1019 1020 CASE(LSARPC_OPNUM_LookupNames)
1020 1021 struct mslsa_LookupNames LookupNames;
1021 1022 CASE(LSARPC_OPNUM_GetConnectedUser)
1022 1023 struct mslsa_GetConnectedUser GetConnectedUser;
1023 1024 CASE(LSARPC_OPNUM_LookupSids2)
1024 1025 struct lsar_lookup_sids2 LookupSids2;
1025 1026 CASE(LSARPC_OPNUM_LookupSids3)
1026 1027 struct lsar_lookup_sids3 LookupSids3;
1027 1028 CASE(LSARPC_OPNUM_LookupNames2)
1028 1029 struct lsar_LookupNames2 LookupNames2;
1029 1030 CASE(LSARPC_OPNUM_LookupNames3)
1030 1031 struct lsar_LookupNames3 LookupNames3;
1031 1032 CASE(LSARPC_OPNUM_LookupNames4)
1032 1033 struct lsar_LookupNames4 LookupNames4;
1033 1034 };
1034 1035 typedef union lsarpc_interface lsarpc_interface_t;
1035 1036 EXTERNTYPEINFO(lsarpc_interface)
1036 1037
1037 1038 #endif /* _MLSVC_LSA_NDL_ */
|
↓ open down ↓ |
986 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX