2 Unix SMB/CIFS implementation.
3 SMB parameters and setup
4 Copyright (C) Andrew Tridgell 1992-1997
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1997
6 Copyright (C) Paul Ashton 1997
7 Copyright (C) Gerald (Jerry) Carter 2005
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #ifndef _RPC_LSA_H /* _RPC_LSA_H */
26 /* Opcodes available on PIPE_LSARPC */
28 #define LSA_CLOSE 0x00
29 #define LSA_DELETE 0x01
30 #define LSA_ENUM_PRIVS 0x02
31 #define LSA_QUERYSECOBJ 0x03
32 #define LSA_SETSECOBJ 0x04
33 #define LSA_CHANGEPASSWORD 0x05
34 #define LSA_OPENPOLICY 0x06
35 #define LSA_QUERYINFOPOLICY 0x07
36 #define LSA_SETINFOPOLICY 0x08
37 #define LSA_CLEARAUDITLOG 0x09
38 #define LSA_CREATEACCOUNT 0x0a
39 #define LSA_ENUM_ACCOUNTS 0x0b
40 #define LSA_CREATETRUSTDOM 0x0c /* TODO: implement this one -- jerry */
41 #define LSA_ENUMTRUSTDOM 0x0d
42 #define LSA_LOOKUPNAMES 0x0e
43 #define LSA_LOOKUPSIDS 0x0f
44 #define LSA_CREATESECRET 0x10 /* TODO: implement this one -- jerry */
45 #define LSA_OPENACCOUNT 0x11
46 #define LSA_ENUMPRIVSACCOUNT 0x12
47 #define LSA_ADDPRIVS 0x13
48 #define LSA_REMOVEPRIVS 0x14
49 #define LSA_GETQUOTAS 0x15
50 #define LSA_SETQUOTAS 0x16
51 #define LSA_GETSYSTEMACCOUNT 0x17
52 #define LSA_SETSYSTEMACCOUNT 0x18
53 #define LSA_OPENTRUSTDOM 0x19
54 #define LSA_QUERYTRUSTDOMINFO 0x1a
55 #define LSA_SETINFOTRUSTDOM 0x1b
56 #define LSA_OPENSECRET 0x1c /* TODO: implement this one -- jerry */
57 #define LSA_SETSECRET 0x1d /* TODO: implement this one -- jerry */
58 #define LSA_QUERYSECRET 0x1e
59 #define LSA_LOOKUPPRIVVALUE 0x1f
60 #define LSA_LOOKUPPRIVNAME 0x20
61 #define LSA_PRIV_GET_DISPNAME 0x21
62 #define LSA_DELETEOBJECT 0x22 /* TODO: implement this one -- jerry */
63 #define LSA_ENUMACCTWITHRIGHT 0x23 /* TODO: implement this one -- jerry */
64 #define LSA_ENUMACCTRIGHTS 0x24
65 #define LSA_ADDACCTRIGHTS 0x25
66 #define LSA_REMOVEACCTRIGHTS 0x26
67 #define LSA_QUERYTRUSTDOMINFOBYSID 0x27
68 #define LSA_SETTRUSTDOMINFO 0x28
69 #define LSA_DELETETRUSTDOM 0x29
70 #define LSA_STOREPRIVDATA 0x2a
71 #define LSA_RETRPRIVDATA 0x2b
72 #define LSA_OPENPOLICY2 0x2c
73 #define LSA_UNK_GET_CONNUSER 0x2d /* LsaGetConnectedCredentials ? */
74 #define LSA_QUERYINFO2 0x2e
75 #define LSA_QUERYTRUSTDOMINFOBYNAME 0x30
76 #define LSA_QUERYDOMINFOPOL 0x35
77 #define LSA_OPENTRUSTDOMBYNAME 0x37
79 #define LSA_LOOKUPSIDS2 0x39
80 #define LSA_LOOKUPNAMES2 0x3a
81 #define LSA_LOOKUPNAMES3 0x44
82 #define LSA_LOOKUPSIDS3 0x4c
83 #define LSA_LOOKUPNAMES4 0x4d
85 /* XXXX these are here to get a compile! */
86 #define LSA_LOOKUPRIDS 0xFD
88 #define LSA_AUDIT_NUM_CATEGORIES_NT4 7
89 #define LSA_AUDIT_NUM_CATEGORIES_WIN2K 9
90 #define LSA_AUDIT_NUM_CATEGORIES LSA_AUDIT_NUM_CATEGORIES_NT4
92 #define POLICY_VIEW_LOCAL_INFORMATION 0x00000001
93 #define POLICY_VIEW_AUDIT_INFORMATION 0x00000002
94 #define POLICY_GET_PRIVATE_INFORMATION 0x00000004
95 #define POLICY_TRUST_ADMIN 0x00000008
96 #define POLICY_CREATE_ACCOUNT 0x00000010
97 #define POLICY_CREATE_SECRET 0x00000020
98 #define POLICY_CREATE_PRIVILEGE 0x00000040
99 #define POLICY_SET_DEFAULT_QUOTA_LIMITS 0x00000080
100 #define POLICY_SET_AUDIT_REQUIREMENTS 0x00000100
101 #define POLICY_AUDIT_LOG_ADMIN 0x00000200
102 #define POLICY_SERVER_ADMIN 0x00000400
103 #define POLICY_LOOKUP_NAMES 0x00000800
105 #define POLICY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS |\
106 POLICY_VIEW_LOCAL_INFORMATION |\
107 POLICY_VIEW_AUDIT_INFORMATION |\
108 POLICY_GET_PRIVATE_INFORMATION |\
109 POLICY_TRUST_ADMIN |\
110 POLICY_CREATE_ACCOUNT |\
111 POLICY_CREATE_SECRET |\
112 POLICY_CREATE_PRIVILEGE |\
113 POLICY_SET_DEFAULT_QUOTA_LIMITS |\
114 POLICY_SET_AUDIT_REQUIREMENTS |\
115 POLICY_AUDIT_LOG_ADMIN |\
116 POLICY_SERVER_ADMIN |\
117 POLICY_LOOKUP_NAMES )
120 #define POLICY_READ ( STANDARD_RIGHTS_READ_ACCESS |\
121 POLICY_VIEW_AUDIT_INFORMATION |\
122 POLICY_GET_PRIVATE_INFORMATION)
124 #define POLICY_WRITE ( STD_RIGHT_READ_CONTROL_ACCESS |\
125 POLICY_TRUST_ADMIN |\
126 POLICY_CREATE_ACCOUNT |\
127 POLICY_CREATE_SECRET |\
128 POLICY_CREATE_PRIVILEGE |\
129 POLICY_SET_DEFAULT_QUOTA_LIMITS |\
130 POLICY_SET_AUDIT_REQUIREMENTS |\
131 POLICY_AUDIT_LOG_ADMIN |\
134 #define POLICY_EXECUTE ( STANDARD_RIGHTS_EXECUTE_ACCESS |\
135 POLICY_VIEW_LOCAL_INFORMATION |\
136 POLICY_LOOKUP_NAMES )
138 /*******************************************************/
140 /*******************************************************/
142 #define MAX_REF_DOMAINS 32
145 typedef struct dom_trust_hdr
147 UNIHDR hdr_dom_name; /* referenced domain unicode string headers */
153 typedef struct dom_trust_info
155 UNISTR2 uni_dom_name; /* domain name unicode string */
156 DOM_SID2 ref_dom ; /* referenced domain SID */
161 typedef struct dom_ref_info
163 uint32 num_ref_doms_1; /* num referenced domains */
164 uint32 ptr_ref_dom; /* pointer to referenced domains */
165 uint32 max_entries; /* 32 - max number of entries */
166 uint32 num_ref_doms_2; /* num referenced domains */
168 DOM_TRUST_HDR hdr_ref_dom[MAX_REF_DOMAINS]; /* referenced domains */
169 DOM_TRUST_INFO ref_dom [MAX_REF_DOMAINS]; /* referenced domains */
173 /* the domain_idx points to a SID associated with the name */
175 /* LSA_TRANS_NAME - translated name */
176 typedef struct lsa_trans_name_info
178 uint16 sid_name_use; /* value is 5 for a well-known group; 2 for a domain group; 1 for a user... */
180 uint32 domain_idx; /* index into DOM_R_REF array of SIDs */
184 /* LSA_TRANS_NAME2 - translated name */
185 typedef struct lsa_trans_name_info2
187 uint16 sid_name_use; /* value is 5 for a well-known group; 2 for a domain group; 1 for a user... */
189 uint32 domain_idx; /* index into DOM_R_REF array of SIDs */
194 /* This number is based on Win2k and later maximum response allowed */
195 #define MAX_LOOKUP_SIDS 20480 /* 0x5000 */
197 /* LSA_TRANS_NAME_ENUM - LSA Translated Name Enumeration container */
198 typedef struct lsa_trans_name_enum_info
201 uint32 ptr_trans_names;
204 LSA_TRANS_NAME *name; /* translated names */
207 } LSA_TRANS_NAME_ENUM;
209 /* LSA_TRANS_NAME_ENUM2 - LSA Translated Name Enumeration container 2 */
210 typedef struct lsa_trans_name_enum_info2
213 uint32 ptr_trans_names;
216 LSA_TRANS_NAME2 *name; /* translated names */
219 } LSA_TRANS_NAME_ENUM2;
221 /* LSA_SID_ENUM - LSA SID enumeration container */
222 typedef struct lsa_sid_enum_info
228 uint32 *ptr_sid; /* domain SID pointers to be looked up. */
229 DOM_SID2 *sid; /* domain SIDs to be looked up. */
233 /* LSA_Q_LOOKUP_SIDS - LSA Lookup SIDs */
234 typedef struct lsa_q_lookup_sids
236 POLICY_HND pol; /* policy handle */
238 LSA_TRANS_NAME_ENUM names;
244 /* LSA_R_LOOKUP_SIDS - response to LSA Lookup SIDs */
245 typedef struct lsa_r_lookup_sids
248 DOM_R_REF *dom_ref; /* domain reference info */
250 LSA_TRANS_NAME_ENUM names;
253 NTSTATUS status; /* return code */
257 /* LSA_Q_LOOKUP_SIDS2 - LSA Lookup SIDs 2*/
258 typedef struct lsa_q_lookup_sids2
260 POLICY_HND pol; /* policy handle */
262 LSA_TRANS_NAME_ENUM2 names;
268 } LSA_Q_LOOKUP_SIDS2;
270 /* LSA_R_LOOKUP_SIDS2 - response to LSA Lookup SIDs 2*/
271 typedef struct lsa_r_lookup_sids2
274 DOM_R_REF *dom_ref; /* domain reference info */
276 LSA_TRANS_NAME_ENUM2 names;
279 NTSTATUS status; /* return code */
281 } LSA_R_LOOKUP_SIDS2;
283 /* LSA_Q_LOOKUP_SIDS3 - LSA Lookup SIDs 3 */
284 typedef struct lsa_q_lookup_sids3
287 LSA_TRANS_NAME_ENUM2 names;
293 } LSA_Q_LOOKUP_SIDS3;
295 /* LSA_R_LOOKUP_SIDS3 - response to LSA Lookup SIDs 3 */
296 typedef struct lsa_r_lookup_sids3
299 DOM_R_REF *dom_ref; /* domain reference info */
301 LSA_TRANS_NAME_ENUM2 names;
304 NTSTATUS status; /* return code */
306 } LSA_R_LOOKUP_SIDS3;
308 /* LSA_Q_LOOKUP_NAMES - LSA Lookup NAMEs */
309 typedef struct lsa_q_lookup_names
311 POLICY_HND pol; /* policy handle */
314 UNIHDR *hdr_name; /* name buffer pointers */
315 UNISTR2 *uni_name; /* names to be looked up */
317 uint32 num_trans_entries;
318 uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */
322 } LSA_Q_LOOKUP_NAMES;
324 /* LSA_R_LOOKUP_NAMES - response to LSA Lookup NAMEs by name */
325 typedef struct lsa_r_lookup_names
328 DOM_R_REF *dom_ref; /* domain reference info */
333 DOM_RID *dom_rid; /* domain RIDs being looked up */
337 NTSTATUS status; /* return code */
338 } LSA_R_LOOKUP_NAMES;
340 /* LSA_Q_LOOKUP_NAMES2 - LSA Lookup NAMEs 2*/
341 typedef struct lsa_q_lookup_names2
343 POLICY_HND pol; /* policy handle */
346 UNIHDR *hdr_name; /* name buffer pointers */
347 UNISTR2 *uni_name; /* names to be looked up */
349 uint32 num_trans_entries;
350 uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */
356 } LSA_Q_LOOKUP_NAMES2;
358 /* LSA_R_LOOKUP_NAMES2 - response to LSA Lookup NAMEs by name 2 */
359 typedef struct lsa_r_lookup_names2
362 DOM_R_REF *dom_ref; /* domain reference info */
367 DOM_RID2 *dom_rid; /* domain RIDs being looked up */
371 NTSTATUS status; /* return code */
372 } LSA_R_LOOKUP_NAMES2;
374 /* LSA_Q_LOOKUP_NAMES3 - LSA Lookup NAMEs 3 */
375 typedef struct lsa_q_lookup_names3
377 POLICY_HND pol; /* policy handle */
380 UNIHDR *hdr_name; /* name buffer pointers */
381 UNISTR2 *uni_name; /* names to be looked up */
383 uint32 num_trans_entries;
384 uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */
390 } LSA_Q_LOOKUP_NAMES3;
392 /* Sid type used in lookupnames3 and lookupnames4. */
393 typedef struct lsa_translatedsid3 {
398 } LSA_TRANSLATED_SID3;
400 /* LSA_R_LOOKUP_NAMES3 - response to LSA Lookup NAMEs by name 3 */
401 typedef struct lsa_r_lookup_names3
404 DOM_R_REF *dom_ref; /* domain reference info */
409 LSA_TRANSLATED_SID3 *trans_sids;
413 NTSTATUS status; /* return code */
414 } LSA_R_LOOKUP_NAMES3;
416 /* LSA_Q_LOOKUP_NAMES4 - LSA Lookup NAMEs 4 */
417 typedef struct lsa_q_lookup_names4
421 UNIHDR *hdr_name; /* name buffer pointers */
422 UNISTR2 *uni_name; /* names to be looked up */
424 uint32 num_trans_entries;
425 uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */
431 } LSA_Q_LOOKUP_NAMES4;
433 /* LSA_R_LOOKUP_NAMES3 - response to LSA Lookup NAMEs by name 4 */
434 typedef struct lsa_r_lookup_names4
437 DOM_R_REF *dom_ref; /* domain reference info */
442 LSA_TRANSLATED_SID3 *trans_sids;
446 NTSTATUS status; /* return code */
447 } LSA_R_LOOKUP_NAMES4;
449 /* LSA_Q_ENUM_ACCT_RIGHTS - LSA enum account rights */
452 POLICY_HND pol; /* policy handle */
454 } LSA_Q_ENUM_ACCT_RIGHTS;
456 /* LSA_R_ENUM_ACCT_RIGHTS - LSA enum account rights */
460 UNISTR4_ARRAY *rights;
462 } LSA_R_ENUM_ACCT_RIGHTS;
465 /* LSA_Q_ADD_ACCT_RIGHTS - LSA add account rights */
468 POLICY_HND pol; /* policy handle */
471 UNISTR4_ARRAY *rights;
472 } LSA_Q_ADD_ACCT_RIGHTS;
474 /* LSA_R_ADD_ACCT_RIGHTS - LSA add account rights */
478 } LSA_R_ADD_ACCT_RIGHTS;
481 /* LSA_Q_REMOVE_ACCT_RIGHTS - LSA remove account rights */
484 POLICY_HND pol; /* policy handle */
488 UNISTR4_ARRAY *rights;
489 } LSA_Q_REMOVE_ACCT_RIGHTS;
491 /* LSA_R_REMOVE_ACCT_RIGHTS - LSA remove account rights */
495 } LSA_R_REMOVE_ACCT_RIGHTS;
504 POLICY_HND pol; /* policy handle */
506 } LSA_Q_LOOKUP_PRIV_VALUE;
511 } LSA_R_LOOKUP_PRIV_VALUE;
513 typedef struct lsa_q_addprivs
515 POLICY_HND pol; /* policy handle */
520 typedef struct lsa_r_addprivs
526 typedef struct lsa_q_removeprivs
528 POLICY_HND pol; /* policy handle */
535 typedef struct lsa_r_removeprivs
540 #endif /* _RPC_LSA_H */