2 Unix SMB/CIFS implementation.
3 SMB parameters and setup
4 Copyright (C) Andrew Tridgell 1992-1997
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1997
6 Copyright (C) Paul Ashton 1997
7 Copyright (C) Gerald (Jerry) Carter 2005
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #ifndef _RPC_LSA_H /* _RPC_LSA_H */
29 /* Opcodes available on PIPE_LSARPC */
31 #if 0 /* UNIMPLEMENTED */
33 #define LSA_LOOKUPSIDS2 0x39
37 #define LSA_CLOSE 0x00
38 #define LSA_DELETE 0x01
39 #define LSA_ENUM_PRIVS 0x02
40 #define LSA_QUERYSECOBJ 0x03
41 #define LSA_SETSECOBJ 0x04
42 #define LSA_CHANGEPASSWORD 0x05
43 #define LSA_OPENPOLICY 0x06
44 #define LSA_QUERYINFOPOLICY 0x07
45 #define LSA_SETINFOPOLICY 0x08
46 #define LSA_CLEARAUDITLOG 0x09
47 #define LSA_CREATEACCOUNT 0x0a
48 #define LSA_ENUM_ACCOUNTS 0x0b
49 #define LSA_CREATETRUSTDOM 0x0c /* TODO: implement this one -- jerry */
50 #define LSA_ENUMTRUSTDOM 0x0d
51 #define LSA_LOOKUPNAMES 0x0e
52 #define LSA_LOOKUPSIDS 0x0f
53 #define LSA_CREATESECRET 0x10 /* TODO: implement this one -- jerry */
54 #define LSA_OPENACCOUNT 0x11
55 #define LSA_ENUMPRIVSACCOUNT 0x12
56 #define LSA_ADDPRIVS 0x13
57 #define LSA_REMOVEPRIVS 0x14
58 #define LSA_GETQUOTAS 0x15
59 #define LSA_SETQUOTAS 0x16
60 #define LSA_GETSYSTEMACCOUNT 0x17
61 #define LSA_SETSYSTEMACCOUNT 0x18
62 #define LSA_OPENTRUSTDOM 0x19 /* TODO: implement this one -- jerry */
63 #define LSA_QUERYTRUSTDOM 0x1a
64 #define LSA_SETINFOTRUSTDOM 0x1b
65 #define LSA_OPENSECRET 0x1c /* TODO: implement this one -- jerry */
66 #define LSA_SETSECRET 0x1d /* TODO: implement this one -- jerry */
67 #define LSA_QUERYSECRET 0x1e
68 #define LSA_LOOKUPPRIVVALUE 0x1f
69 #define LSA_LOOKUPPRIVNAME 0x20
70 #define LSA_PRIV_GET_DISPNAME 0x21
71 #define LSA_DELETEOBJECT 0x22 /* TODO: implement this one -- jerry */
72 #define LSA_ENUMACCTWITHRIGHT 0x23 /* TODO: implement this one -- jerry */
73 #define LSA_ENUMACCTRIGHTS 0x24
74 #define LSA_ADDACCTRIGHTS 0x25
75 #define LSA_REMOVEACCTRIGHTS 0x26
76 #define LSA_QUERYTRUSTDOMINFO 0x27
77 #define LSA_SETTRUSTDOMINFO 0x28
78 #define LSA_DELETETRUSTDOM 0x29
79 #define LSA_STOREPRIVDATA 0x2a
80 #define LSA_RETRPRIVDATA 0x2b
81 #define LSA_OPENPOLICY2 0x2c
82 #define LSA_UNK_GET_CONNUSER 0x2d /* LsaGetConnectedCredentials ? */
83 #define LSA_QUERYINFO2 0x2e
85 /* XXXX these are here to get a compile! */
86 #define LSA_LOOKUPRIDS 0xFD
88 /* DOM_QUERY - info class 3 and 5 LSA Query response */
89 typedef struct dom_query_info
91 uint16 uni_dom_max_len; /* domain name string length * 2 */
92 uint16 uni_dom_str_len; /* domain name string length * 2 */
93 uint32 buffer_dom_name; /* undocumented domain name string buffer pointer */
94 uint32 buffer_dom_sid; /* undocumented domain SID string buffer pointer */
95 UNISTR2 uni_domain_name; /* domain name (unicode string) */
96 DOM_SID2 dom_sid; /* domain SID */
100 /* level 5 is same as level 3. */
101 typedef DOM_QUERY DOM_QUERY_3;
102 typedef DOM_QUERY DOM_QUERY_5;
104 /* level 2 is auditing settings */
105 typedef struct dom_query_2
107 uint32 auditing_enabled;
108 uint32 count1; /* usualy 7, at least on nt4sp4 */
109 uint32 count2; /* the same */
110 uint32 *auditsettings;
113 /* level 6 is server role information */
114 typedef struct dom_query_6
116 uint16 server_role; /* 2=backup, 3=primary */
119 typedef struct seq_qos_info
122 uint16 sec_imp_level; /* 0x02 - impersonation level */
123 uint8 sec_ctxt_mode; /* 0x01 - context tracking mode */
124 uint8 effective_only; /* 0x00 - effective only */
128 typedef struct obj_attr_info
130 uint32 len; /* 0x18 - length (in bytes) inc. the length field. */
131 uint32 ptr_root_dir; /* 0 - root directory (pointer) */
132 uint32 ptr_obj_name; /* 0 - object name (pointer) */
133 uint32 attributes; /* 0 - attributes (undocumented) */
134 uint32 ptr_sec_desc; /* 0 - security descriptior (pointer) */
135 uint32 ptr_sec_qos; /* security quality of service */
136 LSA_SEC_QOS *sec_qos;
140 /* LSA_Q_OPEN_POL - LSA Query Open Policy */
141 typedef struct lsa_q_open_pol_info
143 uint32 ptr; /* undocumented buffer pointer */
144 uint16 system_name; /* 0x5c - system name */
145 LSA_OBJ_ATTR attr ; /* object attributes */
147 uint32 des_access; /* desired access attributes */
151 /* LSA_R_OPEN_POL - response to LSA Open Policy */
152 typedef struct lsa_r_open_pol_info
154 POLICY_HND pol; /* policy handle */
155 NTSTATUS status; /* return code */
159 /* LSA_Q_OPEN_POL2 - LSA Query Open Policy */
160 typedef struct lsa_q_open_pol2_info
162 uint32 ptr; /* undocumented buffer pointer */
163 UNISTR2 uni_server_name; /* server name, starting with two '\'s */
164 LSA_OBJ_ATTR attr ; /* object attributes */
166 uint32 des_access; /* desired access attributes */
170 /* LSA_R_OPEN_POL2 - response to LSA Open Policy */
171 typedef struct lsa_r_open_pol2_info
173 POLICY_HND pol; /* policy handle */
174 NTSTATUS status; /* return code */
179 #define POLICY_VIEW_LOCAL_INFORMATION 0x00000001
180 #define POLICY_VIEW_AUDIT_INFORMATION 0x00000002
181 #define POLICY_GET_PRIVATE_INFORMATION 0x00000004
182 #define POLICY_TRUST_ADMIN 0x00000008
183 #define POLICY_CREATE_ACCOUNT 0x00000010
184 #define POLICY_CREATE_SECRET 0x00000020
185 #define POLICY_CREATE_PRIVILEGE 0x00000040
186 #define POLICY_SET_DEFAULT_QUOTA_LIMITS 0x00000080
187 #define POLICY_SET_AUDIT_REQUIREMENTS 0x00000100
188 #define POLICY_AUDIT_LOG_ADMIN 0x00000200
189 #define POLICY_SERVER_ADMIN 0x00000400
190 #define POLICY_LOOKUP_NAMES 0x00000800
192 #define POLICY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS |\
193 POLICY_VIEW_LOCAL_INFORMATION |\
194 POLICY_VIEW_AUDIT_INFORMATION |\
195 POLICY_GET_PRIVATE_INFORMATION |\
196 POLICY_TRUST_ADMIN |\
197 POLICY_CREATE_ACCOUNT |\
198 POLICY_CREATE_SECRET |\
199 POLICY_CREATE_PRIVILEGE |\
200 POLICY_SET_DEFAULT_QUOTA_LIMITS |\
201 POLICY_SET_AUDIT_REQUIREMENTS |\
202 POLICY_AUDIT_LOG_ADMIN |\
203 POLICY_SERVER_ADMIN |\
204 POLICY_LOOKUP_NAMES )
207 #define POLICY_READ ( STANDARD_RIGHTS_READ_ACCESS |\
208 POLICY_VIEW_AUDIT_INFORMATION |\
209 POLICY_GET_PRIVATE_INFORMATION)
211 #define POLICY_WRITE ( STD_RIGHT_READ_CONTROL_ACCESS |\
212 POLICY_TRUST_ADMIN |\
213 POLICY_CREATE_ACCOUNT |\
214 POLICY_CREATE_SECRET |\
215 POLICY_CREATE_PRIVILEGE |\
216 POLICY_SET_DEFAULT_QUOTA_LIMITS |\
217 POLICY_SET_AUDIT_REQUIREMENTS |\
218 POLICY_AUDIT_LOG_ADMIN |\
221 #define POLICY_EXECUTE ( STANDARD_RIGHTS_EXECUTE_ACCESS |\
222 POLICY_VIEW_LOCAL_INFORMATION |\
223 POLICY_LOOKUP_NAMES )
225 /* LSA_Q_QUERY_SEC_OBJ - LSA query security */
226 typedef struct lsa_query_sec_obj_info
228 POLICY_HND pol; /* policy handle */
231 } LSA_Q_QUERY_SEC_OBJ;
233 /* LSA_R_QUERY_SEC_OBJ - probably an open */
234 typedef struct r_lsa_query_sec_obj_info
239 NTSTATUS status; /* return status */
241 } LSA_R_QUERY_SEC_OBJ;
243 /* LSA_Q_QUERY_INFO - LSA query info policy */
244 typedef struct lsa_query_info
246 POLICY_HND pol; /* policy handle */
247 uint16 info_class; /* info class */
252 typedef union lsa_info_union
260 /* LSA_R_QUERY_INFO - response to LSA query info policy */
261 typedef struct lsa_r_query_info
263 uint32 undoc_buffer; /* undocumented buffer pointer */
264 uint16 info_class; /* info class (same as info class in request) */
268 NTSTATUS status; /* return code */
272 /* LSA_DNS_DOM_INFO - DNS domain info - info class 12*/
273 typedef struct lsa_dns_dom_info
275 UNIHDR hdr_nb_dom_name; /* netbios domain name */
276 UNIHDR hdr_dns_dom_name;
277 UNIHDR hdr_forest_name;
279 struct uuid dom_guid; /* domain GUID */
281 UNISTR2 uni_nb_dom_name;
282 UNISTR2 uni_dns_dom_name;
283 UNISTR2 uni_forest_name;
286 DOM_SID2 dom_sid; /* domain SID */
289 typedef union lsa_info2_union
291 LSA_DNS_DOM_INFO dns_dom_info;
294 /* LSA_Q_QUERY_INFO2 - LSA query info */
295 typedef struct lsa_q_query_info2
297 POLICY_HND pol; /* policy handle */
298 uint16 info_class; /* info class */
301 typedef struct lsa_r_query_info2
303 uint32 ptr; /* pointer to info struct */
305 LSA_INFO2_UNION info; /* so far the only one */
309 /*******************************************************/
314 uint32 preferred_len; /* preferred maximum length */
315 } LSA_Q_ENUM_TRUST_DOM;
324 DOMAIN_INFO *domains;
330 DOMAIN_LIST *domlist;
332 } LSA_R_ENUM_TRUST_DOM;
334 /*******************************************************/
337 typedef struct lsa_q_close_info
339 POLICY_HND pol; /* policy handle */
344 typedef struct lsa_r_close_info
346 POLICY_HND pol; /* policy handle. should be all zeros. */
348 NTSTATUS status; /* return code */
353 #define MAX_REF_DOMAINS 32
356 typedef struct dom_trust_hdr
358 UNIHDR hdr_dom_name; /* referenced domain unicode string headers */
364 typedef struct dom_trust_info
366 UNISTR2 uni_dom_name; /* domain name unicode string */
367 DOM_SID2 ref_dom ; /* referenced domain SID */
372 typedef struct dom_ref_info
374 uint32 num_ref_doms_1; /* num referenced domains */
375 uint32 ptr_ref_dom; /* pointer to referenced domains */
376 uint32 max_entries; /* 32 - max number of entries */
377 uint32 num_ref_doms_2; /* num referenced domains */
379 DOM_TRUST_HDR hdr_ref_dom[MAX_REF_DOMAINS]; /* referenced domains */
380 DOM_TRUST_INFO ref_dom [MAX_REF_DOMAINS]; /* referenced domains */
384 /* the domain_idx points to a SID associated with the name */
386 /* LSA_TRANS_NAME - translated name */
387 typedef struct lsa_trans_name_info
389 uint16 sid_name_use; /* value is 5 for a well-known group; 2 for a domain group; 1 for a user... */
391 uint32 domain_idx; /* index into DOM_R_REF array of SIDs */
395 /* This number is based on Win2k and later maximum response allowed */
396 #define MAX_LOOKUP_SIDS 20480
398 /* LSA_TRANS_NAME_ENUM - LSA Translated Name Enumeration container */
399 typedef struct lsa_trans_name_enum_info
402 uint32 ptr_trans_names;
405 LSA_TRANS_NAME *name; /* translated names */
408 } LSA_TRANS_NAME_ENUM;
410 /* LSA_SID_ENUM - LSA SID enumeration container */
411 typedef struct lsa_sid_enum_info
417 uint32 *ptr_sid; /* domain SID pointers to be looked up. */
418 DOM_SID2 *sid; /* domain SIDs to be looked up. */
422 /* LSA_Q_LOOKUP_SIDS - LSA Lookup SIDs */
423 typedef struct lsa_q_lookup_sids
425 POLICY_HND pol; /* policy handle */
427 LSA_TRANS_NAME_ENUM names;
433 /* LSA_R_LOOKUP_SIDS - response to LSA Lookup SIDs */
434 typedef struct lsa_r_lookup_sids
437 DOM_R_REF *dom_ref; /* domain reference info */
439 LSA_TRANS_NAME_ENUM *names;
442 NTSTATUS status; /* return code */
446 /* LSA_Q_LOOKUP_NAMES - LSA Lookup NAMEs */
447 typedef struct lsa_q_lookup_names
449 POLICY_HND pol; /* policy handle */
452 UNIHDR *hdr_name; /* name buffer pointers */
453 UNISTR2 *uni_name; /* names to be looked up */
455 uint32 num_trans_entries;
456 uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */
460 } LSA_Q_LOOKUP_NAMES;
462 /* LSA_R_LOOKUP_NAMES - response to LSA Lookup NAMEs by name */
463 typedef struct lsa_r_lookup_names
466 DOM_R_REF *dom_ref; /* domain reference info */
471 DOM_RID2 *dom_rid; /* domain RIDs being looked up */
475 NTSTATUS status; /* return code */
476 } LSA_R_LOOKUP_NAMES;
478 typedef struct lsa_enum_priv_entry
487 /* LSA_Q_ENUM_PRIVS - LSA enum privileges */
488 typedef struct lsa_q_enum_privs
490 POLICY_HND pol; /* policy handle */
492 uint32 pref_max_length;
495 typedef struct lsa_r_enum_privs
502 LSA_PRIV_ENTRY *privs;
507 /* LSA_Q_ENUM_ACCT_RIGHTS - LSA enum account rights */
510 POLICY_HND pol; /* policy handle */
512 } LSA_Q_ENUM_ACCT_RIGHTS;
514 /* LSA_R_ENUM_ACCT_RIGHTS - LSA enum account rights */
518 UNISTR4_ARRAY *rights;
520 } LSA_R_ENUM_ACCT_RIGHTS;
523 /* LSA_Q_ADD_ACCT_RIGHTS - LSA add account rights */
526 POLICY_HND pol; /* policy handle */
529 UNISTR4_ARRAY *rights;
530 } LSA_Q_ADD_ACCT_RIGHTS;
532 /* LSA_R_ADD_ACCT_RIGHTS - LSA add account rights */
536 } LSA_R_ADD_ACCT_RIGHTS;
539 /* LSA_Q_REMOVE_ACCT_RIGHTS - LSA remove account rights */
542 POLICY_HND pol; /* policy handle */
546 UNISTR4_ARRAY *rights;
547 } LSA_Q_REMOVE_ACCT_RIGHTS;
549 /* LSA_R_REMOVE_ACCT_RIGHTS - LSA remove account rights */
553 } LSA_R_REMOVE_ACCT_RIGHTS;
556 /* LSA_Q_PRIV_GET_DISPNAME - LSA get privilege display name */
557 typedef struct lsa_q_priv_get_dispname
559 POLICY_HND pol; /* policy handle */
564 } LSA_Q_PRIV_GET_DISPNAME;
566 typedef struct lsa_r_priv_get_dispname
575 } LSA_R_PRIV_GET_DISPNAME;
577 /* LSA_Q_ENUM_ACCOUNTS */
578 typedef struct lsa_q_enum_accounts
580 POLICY_HND pol; /* policy handle */
582 uint32 pref_max_length;
583 } LSA_Q_ENUM_ACCOUNTS;
585 /* LSA_R_ENUM_ACCOUNTS */
586 typedef struct lsa_r_enum_accounts
591 } LSA_R_ENUM_ACCOUNTS;
593 /* LSA_Q_UNK_GET_CONNUSER - gets username\domain of connected user
594 called when "Take Ownership" is clicked -SK */
595 typedef struct lsa_q_unk_get_connuser
598 UNISTR2 uni2_srvname;
599 uint32 unk1; /* 3 unknown uint32's are seen right after uni2_srvname */
600 uint32 unk2; /* unk2 appears to be a ptr, unk1 = unk3 = 0 usually */
602 } LSA_Q_UNK_GET_CONNUSER;
604 /* LSA_R_UNK_GET_CONNUSER */
605 typedef struct lsa_r_unk_get_connuser
607 uint32 ptr_user_name;
608 UNIHDR hdr_user_name;
609 UNISTR2 uni2_user_name;
615 UNISTR2 uni2_dom_name;
618 } LSA_R_UNK_GET_CONNUSER;
621 typedef struct lsa_q_createaccount
623 POLICY_HND pol; /* policy handle */
625 uint32 access; /* access */
626 } LSA_Q_CREATEACCOUNT;
628 typedef struct lsa_r_createaccount
630 POLICY_HND pol; /* policy handle */
632 } LSA_R_CREATEACCOUNT;
635 typedef struct lsa_q_openaccount
637 POLICY_HND pol; /* policy handle */
639 uint32 access; /* desired access */
642 typedef struct lsa_r_openaccount
644 POLICY_HND pol; /* policy handle */
648 typedef struct lsa_q_enumprivsaccount
650 POLICY_HND pol; /* policy handle */
651 } LSA_Q_ENUMPRIVSACCOUNT;
653 typedef struct lsa_r_enumprivsaccount
659 } LSA_R_ENUMPRIVSACCOUNT;
661 typedef struct lsa_q_getsystemaccount
663 POLICY_HND pol; /* policy handle */
664 } LSA_Q_GETSYSTEMACCOUNT;
666 typedef struct lsa_r_getsystemaccount
670 } LSA_R_GETSYSTEMACCOUNT;
673 typedef struct lsa_q_setsystemaccount
675 POLICY_HND pol; /* policy handle */
677 } LSA_Q_SETSYSTEMACCOUNT;
679 typedef struct lsa_r_setsystemaccount
682 } LSA_R_SETSYSTEMACCOUNT;
690 POLICY_HND pol; /* policy handle */
692 } LSA_Q_LOOKUP_PRIV_VALUE;
697 } LSA_R_LOOKUP_PRIV_VALUE;
699 typedef struct lsa_q_addprivs
701 POLICY_HND pol; /* policy handle */
706 typedef struct lsa_r_addprivs
712 typedef struct lsa_q_removeprivs
714 POLICY_HND pol; /* policy handle */
721 typedef struct lsa_r_removeprivs
726 /*******************************************************/
730 uint32 count; /* ??? this is what ethereal calls it */
732 } LSA_Q_OPEN_TRUSTED_DOMAIN;
737 } LSA_R_OPEN_TRUSTED_DOMAIN;
740 /*******************************************************/
754 /*******************************************************/
758 } LSA_Q_DELETE_OBJECT;
762 } LSA_R_DELETE_OBJECT;
765 /*******************************************************/
771 } LSA_Q_CREATE_SECRET;
776 } LSA_R_CREATE_SECRET;
779 /*******************************************************/
785 } LSA_Q_CREATE_TRUSTED_DOMAIN;
790 } LSA_R_CREATE_TRUSTED_DOMAIN;
793 /*******************************************************/
796 uint32 size; /* size is written on the wire twice so I
797 can only assume that one is supposed to
798 be a max length and one is a size */
799 UNISTR2 *data; /* not really a UNICODE string but the parsing
805 LSA_DATA_BLOB *old_value;
806 LSA_DATA_BLOB *new_value;
814 #endif /* _RPC_LSA_H */