2 Unix SMB/CIFS implementation.
3 SMB parameters and setup
4 Copyright (C) Andrew Tridgell 1992-1997
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1997
6 Copyright (C) Paul Ashton 1997
7 Copyright (C) Gerald (Jerry) Carter 2005
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #ifndef _RPC_LSA_H /* _RPC_LSA_H */
26 /* Opcodes available on PIPE_LSARPC */
28 #define LSA_CLOSE 0x00
29 #define LSA_DELETE 0x01
30 #define LSA_ENUM_PRIVS 0x02
31 #define LSA_QUERYSECOBJ 0x03
32 #define LSA_SETSECOBJ 0x04
33 #define LSA_CHANGEPASSWORD 0x05
34 #define LSA_OPENPOLICY 0x06
35 #define LSA_QUERYINFOPOLICY 0x07
36 #define LSA_SETINFOPOLICY 0x08
37 #define LSA_CLEARAUDITLOG 0x09
38 #define LSA_CREATEACCOUNT 0x0a
39 #define LSA_ENUM_ACCOUNTS 0x0b
40 #define LSA_CREATETRUSTDOM 0x0c /* TODO: implement this one -- jerry */
41 #define LSA_ENUMTRUSTDOM 0x0d
42 #define LSA_LOOKUPNAMES 0x0e
43 #define LSA_LOOKUPSIDS 0x0f
44 #define LSA_CREATESECRET 0x10 /* TODO: implement this one -- jerry */
45 #define LSA_OPENACCOUNT 0x11
46 #define LSA_ENUMPRIVSACCOUNT 0x12
47 #define LSA_ADDPRIVS 0x13
48 #define LSA_REMOVEPRIVS 0x14
49 #define LSA_GETQUOTAS 0x15
50 #define LSA_SETQUOTAS 0x16
51 #define LSA_GETSYSTEMACCOUNT 0x17
52 #define LSA_SETSYSTEMACCOUNT 0x18
53 #define LSA_OPENTRUSTDOM 0x19
54 #define LSA_QUERYTRUSTDOMINFO 0x1a
55 #define LSA_SETINFOTRUSTDOM 0x1b
56 #define LSA_OPENSECRET 0x1c /* TODO: implement this one -- jerry */
57 #define LSA_SETSECRET 0x1d /* TODO: implement this one -- jerry */
58 #define LSA_QUERYSECRET 0x1e
59 #define LSA_LOOKUPPRIVVALUE 0x1f
60 #define LSA_LOOKUPPRIVNAME 0x20
61 #define LSA_PRIV_GET_DISPNAME 0x21
62 #define LSA_DELETEOBJECT 0x22 /* TODO: implement this one -- jerry */
63 #define LSA_ENUMACCTWITHRIGHT 0x23 /* TODO: implement this one -- jerry */
64 #define LSA_ENUMACCTRIGHTS 0x24
65 #define LSA_ADDACCTRIGHTS 0x25
66 #define LSA_REMOVEACCTRIGHTS 0x26
67 #define LSA_QUERYTRUSTDOMINFOBYSID 0x27
68 #define LSA_SETTRUSTDOMINFO 0x28
69 #define LSA_DELETETRUSTDOM 0x29
70 #define LSA_STOREPRIVDATA 0x2a
71 #define LSA_RETRPRIVDATA 0x2b
72 #define LSA_OPENPOLICY2 0x2c
73 #define LSA_UNK_GET_CONNUSER 0x2d /* LsaGetConnectedCredentials ? */
74 #define LSA_QUERYINFO2 0x2e
75 #define LSA_QUERYTRUSTDOMINFOBYNAME 0x30
76 #define LSA_QUERYDOMINFOPOL 0x35
77 #define LSA_OPENTRUSTDOMBYNAME 0x37
79 #define LSA_LOOKUPSIDS2 0x39
80 #define LSA_LOOKUPNAMES2 0x3a
81 #define LSA_LOOKUPNAMES3 0x44
82 #define LSA_LOOKUPSIDS3 0x4c
83 #define LSA_LOOKUPNAMES4 0x4d
85 /* XXXX these are here to get a compile! */
86 #define LSA_LOOKUPRIDS 0xFD
88 #define LSA_AUDIT_NUM_CATEGORIES_NT4 7
89 #define LSA_AUDIT_NUM_CATEGORIES_WIN2K 9
90 #define LSA_AUDIT_NUM_CATEGORIES LSA_AUDIT_NUM_CATEGORIES_NT4
92 typedef struct seq_qos_info
95 uint16 sec_imp_level; /* 0x02 - impersonation level */
96 uint8 sec_ctxt_mode; /* 0x01 - context tracking mode */
97 uint8 effective_only; /* 0x00 - effective only */
101 typedef struct obj_attr_info
103 uint32 len; /* 0x18 - length (in bytes) inc. the length field. */
104 uint32 ptr_root_dir; /* 0 - root directory (pointer) */
105 uint32 ptr_obj_name; /* 0 - object name (pointer) */
106 uint32 attributes; /* 0 - attributes (undocumented) */
107 uint32 ptr_sec_desc; /* 0 - security descriptior (pointer) */
108 uint32 ptr_sec_qos; /* security quality of service */
109 LSA_SEC_QOS *sec_qos;
113 /* LSA_Q_OPEN_POL - LSA Query Open Policy */
114 typedef struct lsa_q_open_pol_info
116 uint32 ptr; /* undocumented buffer pointer */
117 uint16 system_name; /* 0x5c - system name */
118 LSA_OBJ_ATTR attr ; /* object attributes */
120 uint32 des_access; /* desired access attributes */
124 /* LSA_R_OPEN_POL - response to LSA Open Policy */
125 typedef struct lsa_r_open_pol_info
127 POLICY_HND pol; /* policy handle */
128 NTSTATUS status; /* return code */
132 /* LSA_Q_OPEN_POL2 - LSA Query Open Policy */
133 typedef struct lsa_q_open_pol2_info
135 uint32 ptr; /* undocumented buffer pointer */
136 UNISTR2 uni_server_name; /* server name, starting with two '\'s */
137 LSA_OBJ_ATTR attr ; /* object attributes */
139 uint32 des_access; /* desired access attributes */
143 /* LSA_R_OPEN_POL2 - response to LSA Open Policy */
144 typedef struct lsa_r_open_pol2_info
146 POLICY_HND pol; /* policy handle */
147 NTSTATUS status; /* return code */
152 #define POLICY_VIEW_LOCAL_INFORMATION 0x00000001
153 #define POLICY_VIEW_AUDIT_INFORMATION 0x00000002
154 #define POLICY_GET_PRIVATE_INFORMATION 0x00000004
155 #define POLICY_TRUST_ADMIN 0x00000008
156 #define POLICY_CREATE_ACCOUNT 0x00000010
157 #define POLICY_CREATE_SECRET 0x00000020
158 #define POLICY_CREATE_PRIVILEGE 0x00000040
159 #define POLICY_SET_DEFAULT_QUOTA_LIMITS 0x00000080
160 #define POLICY_SET_AUDIT_REQUIREMENTS 0x00000100
161 #define POLICY_AUDIT_LOG_ADMIN 0x00000200
162 #define POLICY_SERVER_ADMIN 0x00000400
163 #define POLICY_LOOKUP_NAMES 0x00000800
165 #define POLICY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS |\
166 POLICY_VIEW_LOCAL_INFORMATION |\
167 POLICY_VIEW_AUDIT_INFORMATION |\
168 POLICY_GET_PRIVATE_INFORMATION |\
169 POLICY_TRUST_ADMIN |\
170 POLICY_CREATE_ACCOUNT |\
171 POLICY_CREATE_SECRET |\
172 POLICY_CREATE_PRIVILEGE |\
173 POLICY_SET_DEFAULT_QUOTA_LIMITS |\
174 POLICY_SET_AUDIT_REQUIREMENTS |\
175 POLICY_AUDIT_LOG_ADMIN |\
176 POLICY_SERVER_ADMIN |\
177 POLICY_LOOKUP_NAMES )
180 #define POLICY_READ ( STANDARD_RIGHTS_READ_ACCESS |\
181 POLICY_VIEW_AUDIT_INFORMATION |\
182 POLICY_GET_PRIVATE_INFORMATION)
184 #define POLICY_WRITE ( STD_RIGHT_READ_CONTROL_ACCESS |\
185 POLICY_TRUST_ADMIN |\
186 POLICY_CREATE_ACCOUNT |\
187 POLICY_CREATE_SECRET |\
188 POLICY_CREATE_PRIVILEGE |\
189 POLICY_SET_DEFAULT_QUOTA_LIMITS |\
190 POLICY_SET_AUDIT_REQUIREMENTS |\
191 POLICY_AUDIT_LOG_ADMIN |\
194 #define POLICY_EXECUTE ( STANDARD_RIGHTS_EXECUTE_ACCESS |\
195 POLICY_VIEW_LOCAL_INFORMATION |\
196 POLICY_LOOKUP_NAMES )
198 /*******************************************************/
203 uint32 preferred_len; /* preferred maximum length */
204 } LSA_Q_ENUM_TRUST_DOM;
213 DOMAIN_INFO *domains;
219 DOMAIN_LIST *domlist;
221 } LSA_R_ENUM_TRUST_DOM;
223 /*******************************************************/
226 typedef struct lsa_q_close_info
228 POLICY_HND pol; /* policy handle */
233 typedef struct lsa_r_close_info
235 POLICY_HND pol; /* policy handle. should be all zeros. */
237 NTSTATUS status; /* return code */
242 #define MAX_REF_DOMAINS 32
245 typedef struct dom_trust_hdr
247 UNIHDR hdr_dom_name; /* referenced domain unicode string headers */
253 typedef struct dom_trust_info
255 UNISTR2 uni_dom_name; /* domain name unicode string */
256 DOM_SID2 ref_dom ; /* referenced domain SID */
261 typedef struct dom_ref_info
263 uint32 num_ref_doms_1; /* num referenced domains */
264 uint32 ptr_ref_dom; /* pointer to referenced domains */
265 uint32 max_entries; /* 32 - max number of entries */
266 uint32 num_ref_doms_2; /* num referenced domains */
268 DOM_TRUST_HDR hdr_ref_dom[MAX_REF_DOMAINS]; /* referenced domains */
269 DOM_TRUST_INFO ref_dom [MAX_REF_DOMAINS]; /* referenced domains */
273 /* the domain_idx points to a SID associated with the name */
275 /* LSA_TRANS_NAME - translated name */
276 typedef struct lsa_trans_name_info
278 uint16 sid_name_use; /* value is 5 for a well-known group; 2 for a domain group; 1 for a user... */
280 uint32 domain_idx; /* index into DOM_R_REF array of SIDs */
284 /* LSA_TRANS_NAME2 - translated name */
285 typedef struct lsa_trans_name_info2
287 uint16 sid_name_use; /* value is 5 for a well-known group; 2 for a domain group; 1 for a user... */
289 uint32 domain_idx; /* index into DOM_R_REF array of SIDs */
294 /* This number is based on Win2k and later maximum response allowed */
295 #define MAX_LOOKUP_SIDS 20480 /* 0x5000 */
297 /* LSA_TRANS_NAME_ENUM - LSA Translated Name Enumeration container */
298 typedef struct lsa_trans_name_enum_info
301 uint32 ptr_trans_names;
304 LSA_TRANS_NAME *name; /* translated names */
307 } LSA_TRANS_NAME_ENUM;
309 /* LSA_TRANS_NAME_ENUM2 - LSA Translated Name Enumeration container 2 */
310 typedef struct lsa_trans_name_enum_info2
313 uint32 ptr_trans_names;
316 LSA_TRANS_NAME2 *name; /* translated names */
319 } LSA_TRANS_NAME_ENUM2;
321 /* LSA_SID_ENUM - LSA SID enumeration container */
322 typedef struct lsa_sid_enum_info
328 uint32 *ptr_sid; /* domain SID pointers to be looked up. */
329 DOM_SID2 *sid; /* domain SIDs to be looked up. */
333 /* LSA_Q_LOOKUP_SIDS - LSA Lookup SIDs */
334 typedef struct lsa_q_lookup_sids
336 POLICY_HND pol; /* policy handle */
338 LSA_TRANS_NAME_ENUM names;
344 /* LSA_R_LOOKUP_SIDS - response to LSA Lookup SIDs */
345 typedef struct lsa_r_lookup_sids
348 DOM_R_REF *dom_ref; /* domain reference info */
350 LSA_TRANS_NAME_ENUM names;
353 NTSTATUS status; /* return code */
357 /* LSA_Q_LOOKUP_SIDS2 - LSA Lookup SIDs 2*/
358 typedef struct lsa_q_lookup_sids2
360 POLICY_HND pol; /* policy handle */
362 LSA_TRANS_NAME_ENUM2 names;
368 } LSA_Q_LOOKUP_SIDS2;
370 /* LSA_R_LOOKUP_SIDS2 - response to LSA Lookup SIDs 2*/
371 typedef struct lsa_r_lookup_sids2
374 DOM_R_REF *dom_ref; /* domain reference info */
376 LSA_TRANS_NAME_ENUM2 names;
379 NTSTATUS status; /* return code */
381 } LSA_R_LOOKUP_SIDS2;
383 /* LSA_Q_LOOKUP_SIDS3 - LSA Lookup SIDs 3 */
384 typedef struct lsa_q_lookup_sids3
387 LSA_TRANS_NAME_ENUM2 names;
393 } LSA_Q_LOOKUP_SIDS3;
395 /* LSA_R_LOOKUP_SIDS3 - response to LSA Lookup SIDs 3 */
396 typedef struct lsa_r_lookup_sids3
399 DOM_R_REF *dom_ref; /* domain reference info */
401 LSA_TRANS_NAME_ENUM2 names;
404 NTSTATUS status; /* return code */
406 } LSA_R_LOOKUP_SIDS3;
408 /* LSA_Q_LOOKUP_NAMES - LSA Lookup NAMEs */
409 typedef struct lsa_q_lookup_names
411 POLICY_HND pol; /* policy handle */
414 UNIHDR *hdr_name; /* name buffer pointers */
415 UNISTR2 *uni_name; /* names to be looked up */
417 uint32 num_trans_entries;
418 uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */
422 } LSA_Q_LOOKUP_NAMES;
424 /* LSA_R_LOOKUP_NAMES - response to LSA Lookup NAMEs by name */
425 typedef struct lsa_r_lookup_names
428 DOM_R_REF *dom_ref; /* domain reference info */
433 DOM_RID *dom_rid; /* domain RIDs being looked up */
437 NTSTATUS status; /* return code */
438 } LSA_R_LOOKUP_NAMES;
440 /* LSA_Q_LOOKUP_NAMES2 - LSA Lookup NAMEs 2*/
441 typedef struct lsa_q_lookup_names2
443 POLICY_HND pol; /* policy handle */
446 UNIHDR *hdr_name; /* name buffer pointers */
447 UNISTR2 *uni_name; /* names to be looked up */
449 uint32 num_trans_entries;
450 uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */
456 } LSA_Q_LOOKUP_NAMES2;
458 /* LSA_R_LOOKUP_NAMES2 - response to LSA Lookup NAMEs by name 2 */
459 typedef struct lsa_r_lookup_names2
462 DOM_R_REF *dom_ref; /* domain reference info */
467 DOM_RID2 *dom_rid; /* domain RIDs being looked up */
471 NTSTATUS status; /* return code */
472 } LSA_R_LOOKUP_NAMES2;
474 /* LSA_Q_LOOKUP_NAMES3 - LSA Lookup NAMEs 3 */
475 typedef struct lsa_q_lookup_names3
477 POLICY_HND pol; /* policy handle */
480 UNIHDR *hdr_name; /* name buffer pointers */
481 UNISTR2 *uni_name; /* names to be looked up */
483 uint32 num_trans_entries;
484 uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */
490 } LSA_Q_LOOKUP_NAMES3;
492 /* Sid type used in lookupnames3 and lookupnames4. */
493 typedef struct lsa_translatedsid3 {
498 } LSA_TRANSLATED_SID3;
500 /* LSA_R_LOOKUP_NAMES3 - response to LSA Lookup NAMEs by name 3 */
501 typedef struct lsa_r_lookup_names3
504 DOM_R_REF *dom_ref; /* domain reference info */
509 LSA_TRANSLATED_SID3 *trans_sids;
513 NTSTATUS status; /* return code */
514 } LSA_R_LOOKUP_NAMES3;
516 /* LSA_Q_LOOKUP_NAMES4 - LSA Lookup NAMEs 4 */
517 typedef struct lsa_q_lookup_names4
521 UNIHDR *hdr_name; /* name buffer pointers */
522 UNISTR2 *uni_name; /* names to be looked up */
524 uint32 num_trans_entries;
525 uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */
531 } LSA_Q_LOOKUP_NAMES4;
533 /* LSA_R_LOOKUP_NAMES3 - response to LSA Lookup NAMEs by name 4 */
534 typedef struct lsa_r_lookup_names4
537 DOM_R_REF *dom_ref; /* domain reference info */
542 LSA_TRANSLATED_SID3 *trans_sids;
546 NTSTATUS status; /* return code */
547 } LSA_R_LOOKUP_NAMES4;
549 typedef struct lsa_enum_priv_entry
558 /* LSA_Q_ENUM_PRIVS - LSA enum privileges */
559 typedef struct lsa_q_enum_privs
561 POLICY_HND pol; /* policy handle */
563 uint32 pref_max_length;
566 typedef struct lsa_r_enum_privs
573 LSA_PRIV_ENTRY *privs;
578 /* LSA_Q_ENUM_ACCT_RIGHTS - LSA enum account rights */
581 POLICY_HND pol; /* policy handle */
583 } LSA_Q_ENUM_ACCT_RIGHTS;
585 /* LSA_R_ENUM_ACCT_RIGHTS - LSA enum account rights */
589 UNISTR4_ARRAY *rights;
591 } LSA_R_ENUM_ACCT_RIGHTS;
594 /* LSA_Q_ADD_ACCT_RIGHTS - LSA add account rights */
597 POLICY_HND pol; /* policy handle */
600 UNISTR4_ARRAY *rights;
601 } LSA_Q_ADD_ACCT_RIGHTS;
603 /* LSA_R_ADD_ACCT_RIGHTS - LSA add account rights */
607 } LSA_R_ADD_ACCT_RIGHTS;
610 /* LSA_Q_REMOVE_ACCT_RIGHTS - LSA remove account rights */
613 POLICY_HND pol; /* policy handle */
617 UNISTR4_ARRAY *rights;
618 } LSA_Q_REMOVE_ACCT_RIGHTS;
620 /* LSA_R_REMOVE_ACCT_RIGHTS - LSA remove account rights */
624 } LSA_R_REMOVE_ACCT_RIGHTS;
627 /* LSA_Q_PRIV_GET_DISPNAME - LSA get privilege display name */
628 typedef struct lsa_q_priv_get_dispname
630 POLICY_HND pol; /* policy handle */
635 } LSA_Q_PRIV_GET_DISPNAME;
637 typedef struct lsa_r_priv_get_dispname
646 } LSA_R_PRIV_GET_DISPNAME;
648 /* LSA_Q_ENUM_ACCOUNTS */
649 typedef struct lsa_q_enum_accounts
651 POLICY_HND pol; /* policy handle */
653 uint32 pref_max_length;
654 } LSA_Q_ENUM_ACCOUNTS;
656 /* LSA_R_ENUM_ACCOUNTS */
657 typedef struct lsa_r_enum_accounts
662 } LSA_R_ENUM_ACCOUNTS;
664 /* LSA_Q_UNK_GET_CONNUSER - gets username\domain of connected user
665 called when "Take Ownership" is clicked -SK */
666 typedef struct lsa_q_unk_get_connuser
669 UNISTR2 uni2_srvname;
670 uint32 unk1; /* 3 unknown uint32's are seen right after uni2_srvname */
671 uint32 unk2; /* unk2 appears to be a ptr, unk1 = unk3 = 0 usually */
673 } LSA_Q_UNK_GET_CONNUSER;
675 /* LSA_R_UNK_GET_CONNUSER */
676 typedef struct lsa_r_unk_get_connuser
678 uint32 ptr_user_name;
679 UNIHDR hdr_user_name;
680 UNISTR2 uni2_user_name;
686 UNISTR2 uni2_dom_name;
689 } LSA_R_UNK_GET_CONNUSER;
692 typedef struct lsa_q_openaccount
694 POLICY_HND pol; /* policy handle */
696 uint32 access; /* desired access */
699 typedef struct lsa_r_openaccount
701 POLICY_HND pol; /* policy handle */
705 typedef struct lsa_q_enumprivsaccount
707 POLICY_HND pol; /* policy handle */
708 } LSA_Q_ENUMPRIVSACCOUNT;
710 typedef struct lsa_r_enumprivsaccount
716 } LSA_R_ENUMPRIVSACCOUNT;
718 typedef struct lsa_q_getsystemaccount
720 POLICY_HND pol; /* policy handle */
721 } LSA_Q_GETSYSTEMACCOUNT;
723 typedef struct lsa_r_getsystemaccount
727 } LSA_R_GETSYSTEMACCOUNT;
730 typedef struct lsa_q_setsystemaccount
732 POLICY_HND pol; /* policy handle */
734 } LSA_Q_SETSYSTEMACCOUNT;
736 typedef struct lsa_r_setsystemaccount
739 } LSA_R_SETSYSTEMACCOUNT;
747 POLICY_HND pol; /* policy handle */
749 } LSA_Q_LOOKUP_PRIV_VALUE;
754 } LSA_R_LOOKUP_PRIV_VALUE;
756 typedef struct lsa_q_addprivs
758 POLICY_HND pol; /* policy handle */
763 typedef struct lsa_r_addprivs
769 typedef struct lsa_q_removeprivs
771 POLICY_HND pol; /* policy handle */
778 typedef struct lsa_r_removeprivs
783 #endif /* _RPC_LSA_H */