X-Git-Url: http://git.samba.org/samba.git/?p=bbaumbach%2Fsamba-autobuild%2F.git;a=blobdiff_plain;f=source%2Finclude%2Frpc_lsa.h;h=22436c59b2a2706ec5f6728ae716a04ec6aaf6bb;hp=33dde6e3cb490cac077e329f4bf1fc88adb62380;hb=99dd28da84c270f46535bd2ffa6bfef96d2e2eed;hpb=f7019d22aa580f77e2f779f4a5ede59088a25d53 diff --git a/source/include/rpc_lsa.h b/source/include/rpc_lsa.h index 33dde6e3cb4..22436c59b2a 100644 --- a/source/include/rpc_lsa.h +++ b/source/include/rpc_lsa.h @@ -1,13 +1,14 @@ /* Unix SMB/CIFS implementation. SMB parameters and setup - Copyright (C) Andrew Tridgell 1992-1997 - Copyright (C) Luke Kenneth Casson Leighton 1996-1997 - Copyright (C) Paul Ashton 1997 + Copyright (C) Andrew Tridgell 1992-1997 + Copyright (C) Luke Kenneth Casson Leighton 1996-1997 + Copyright (C) Paul Ashton 1997 + Copyright (C) Gerald (Jerry) Carter 2005 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -16,15 +17,12 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #ifndef _RPC_LSA_H /* _RPC_LSA_H */ #define _RPC_LSA_H -#include "rpc_misc.h" - /* Opcodes available on PIPE_LSARPC */ #define LSA_CLOSE 0x00 @@ -39,11 +37,11 @@ #define LSA_CLEARAUDITLOG 0x09 #define LSA_CREATEACCOUNT 0x0a #define LSA_ENUM_ACCOUNTS 0x0b -#define LSA_CREATETRUSTDOM 0x0c +#define LSA_CREATETRUSTDOM 0x0c /* TODO: implement this one -- jerry */ #define LSA_ENUMTRUSTDOM 0x0d #define LSA_LOOKUPNAMES 0x0e #define LSA_LOOKUPSIDS 0x0f -#define LSA_CREATESECRET 0x10 +#define LSA_CREATESECRET 0x10 /* TODO: implement this one -- jerry */ #define LSA_OPENACCOUNT 0x11 #define LSA_ENUMPRIVSACCOUNT 0x12 #define LSA_ADDPRIVS 0x13 @@ -53,20 +51,20 @@ #define LSA_GETSYSTEMACCOUNT 0x17 #define LSA_SETSYSTEMACCOUNT 0x18 #define LSA_OPENTRUSTDOM 0x19 -#define LSA_QUERYTRUSTDOM 0x1a +#define LSA_QUERYTRUSTDOMINFO 0x1a #define LSA_SETINFOTRUSTDOM 0x1b -#define LSA_OPENSECRET 0x1c -#define LSA_SETSECRET 0x1d +#define LSA_OPENSECRET 0x1c /* TODO: implement this one -- jerry */ +#define LSA_SETSECRET 0x1d /* TODO: implement this one -- jerry */ #define LSA_QUERYSECRET 0x1e #define LSA_LOOKUPPRIVVALUE 0x1f #define LSA_LOOKUPPRIVNAME 0x20 #define LSA_PRIV_GET_DISPNAME 0x21 -#define LSA_DELETEOBJECT 0x22 -#define LSA_ENUMACCTWITHRIGHT 0x23 +#define LSA_DELETEOBJECT 0x22 /* TODO: implement this one -- jerry */ +#define LSA_ENUMACCTWITHRIGHT 0x23 /* TODO: implement this one -- jerry */ #define LSA_ENUMACCTRIGHTS 0x24 #define LSA_ADDACCTRIGHTS 0x25 #define LSA_REMOVEACCTRIGHTS 0x26 -#define LSA_QUERYTRUSTDOMINFO 0x27 +#define LSA_QUERYTRUSTDOMINFOBYSID 0x27 #define LSA_SETTRUSTDOMINFO 0x28 #define LSA_DELETETRUSTDOM 0x29 #define LSA_STOREPRIVDATA 0x2a @@ -74,25 +72,54 @@ #define LSA_OPENPOLICY2 0x2c #define LSA_UNK_GET_CONNUSER 0x2d /* LsaGetConnectedCredentials ? */ #define LSA_QUERYINFO2 0x2e +#define LSA_QUERYTRUSTDOMINFOBYNAME 0x30 +#define LSA_QUERYDOMINFOPOL 0x35 +#define LSA_OPENTRUSTDOMBYNAME 0x37 + +#define LSA_LOOKUPSIDS2 0x39 +#define LSA_LOOKUPNAMES2 0x3a +#define LSA_LOOKUPNAMES3 0x44 +#define LSA_LOOKUPSIDS3 0x4c +#define LSA_LOOKUPNAMES4 0x4d /* XXXX these are here to get a compile! */ #define LSA_LOOKUPRIDS 0xFD -/* DOM_QUERY - info class 3 and 5 LSA Query response */ -typedef struct dom_query_info -{ - uint16 uni_dom_max_len; /* domain name string length * 2 */ - uint16 uni_dom_str_len; /* domain name string length * 2 */ - uint32 buffer_dom_name; /* undocumented domain name string buffer pointer */ - uint32 buffer_dom_sid; /* undocumented domain SID string buffer pointer */ - UNISTR2 uni_domain_name; /* domain name (unicode string) */ - DOM_SID2 dom_sid; /* domain SID */ - -} DOM_QUERY; +#define LSA_AUDIT_NUM_CATEGORIES_NT4 7 +#define LSA_AUDIT_NUM_CATEGORIES_WIN2K 9 + +#define LSA_AUDIT_NUM_CATEGORIES LSA_AUDIT_NUM_CATEGORIES_NT4 + +#define LSA_AUDIT_POLICY_NONE 0x00 +#define LSA_AUDIT_POLICY_SUCCESS 0x01 +#define LSA_AUDIT_POLICY_FAILURE 0x02 +#define LSA_AUDIT_POLICY_ALL (LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE) +#define LSA_AUDIT_POLICY_CLEAR 0x04 + +enum lsa_audit_categories { + LSA_AUDIT_CATEGORY_SYSTEM = 0, + LSA_AUDIT_CATEGORY_LOGON = 1, + LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS, + LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS, + LSA_AUDIT_CATEGORY_PROCCESS_TRACKING, + LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES, + LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT, + LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS, /* only in win2k/2k3 */ + LSA_AUDIT_CATEGORY_ACCOUNT_LOGON /* only in win2k/2k3 */ +}; + +/* level 1 is auditing settings */ +typedef struct dom_query_1 +{ + uint32 percent_full; + uint32 log_size; + NTTIME retention_time; + uint8 shutdown_in_progress; + NTTIME time_to_shutdown; + uint32 next_audit_record; + uint32 unknown; +} DOM_QUERY_1; -/* level 5 is same as level 3. */ -typedef DOM_QUERY DOM_QUERY_3; -typedef DOM_QUERY DOM_QUERY_5; /* level 2 is auditing settings */ typedef struct dom_query_2 @@ -100,15 +127,62 @@ typedef struct dom_query_2 uint32 auditing_enabled; uint32 count1; /* usualy 7, at least on nt4sp4 */ uint32 count2; /* the same */ + uint32 ptr; uint32 *auditsettings; } DOM_QUERY_2; +/* DOM_QUERY - info class 3 and 5 LSA Query response */ +typedef struct dom_query_info_3 +{ + uint16 uni_dom_max_len; /* domain name string length * 2 */ + uint16 uni_dom_str_len; /* domain name string length * 2 */ + uint32 buffer_dom_name; /* undocumented domain name string buffer pointer */ + uint32 buffer_dom_sid; /* undocumented domain SID string buffer pointer */ + UNISTR2 uni_domain_name; /* domain name (unicode string) */ + DOM_SID2 dom_sid; /* domain SID */ + +} DOM_QUERY_3; + +/* level 5 is same as level 3. */ +typedef DOM_QUERY_3 DOM_QUERY_5; + /* level 6 is server role information */ typedef struct dom_query_6 { uint16 server_role; /* 2=backup, 3=primary */ } DOM_QUERY_6; +/* level 10 is audit full set info */ +typedef struct dom_query_10 +{ + uint8 shutdown_on_full; +} DOM_QUERY_10; + +/* level 11 is audit full query info */ +typedef struct dom_query_11 +{ + uint16 unknown; + uint8 shutdown_on_full; + uint8 log_is_full; +} DOM_QUERY_11; + +/* level 12 is DNS domain info */ +typedef struct lsa_dns_dom_info +{ + UNIHDR hdr_nb_dom_name; /* netbios domain name */ + UNIHDR hdr_dns_dom_name; + UNIHDR hdr_forest_name; + + struct GUID dom_guid; /* domain GUID */ + + UNISTR2 uni_nb_dom_name; + UNISTR2 uni_dns_dom_name; + UNISTR2 uni_forest_name; + + uint32 ptr_dom_sid; + DOM_SID2 dom_sid; /* domain SID */ +} DOM_QUERY_12; + typedef struct seq_qos_info { uint32 len; /* 12 */ @@ -201,7 +275,7 @@ typedef struct lsa_r_open_pol2_info POLICY_VIEW_AUDIT_INFORMATION |\ POLICY_GET_PRIVATE_INFORMATION) -#define POLICY_WRITE ( STANDARD_RIGHTS_WRITE_ACCESS |\ +#define POLICY_WRITE ( STD_RIGHT_READ_CONTROL_ACCESS |\ POLICY_TRUST_ADMIN |\ POLICY_CREATE_ACCOUNT |\ POLICY_CREATE_SECRET |\ @@ -237,94 +311,84 @@ typedef struct r_lsa_query_sec_obj_info typedef struct lsa_query_info { POLICY_HND pol; /* policy handle */ - uint16 info_class; /* info class */ + uint16 info_class; /* info class */ } LSA_Q_QUERY_INFO; -/* LSA_INFO_UNION */ -typedef union lsa_info_union -{ - DOM_QUERY_2 id2; - DOM_QUERY_3 id3; - DOM_QUERY_5 id5; - DOM_QUERY_6 id6; -} LSA_INFO_UNION; - -/* LSA_R_QUERY_INFO - response to LSA query info policy */ -typedef struct lsa_r_query_info +/* LSA_INFO_CTR */ +typedef struct lsa_info_ctr { - uint32 undoc_buffer; /* undocumented buffer pointer */ - uint16 info_class; /* info class (same as info class in request) */ - - LSA_INFO_UNION dom; + uint16 info_class; + union { + DOM_QUERY_1 id1; + DOM_QUERY_2 id2; + DOM_QUERY_3 id3; + DOM_QUERY_5 id5; + DOM_QUERY_6 id6; + DOM_QUERY_10 id10; + DOM_QUERY_11 id11; + DOM_QUERY_12 id12; + } info; - NTSTATUS status; /* return code */ +} LSA_INFO_CTR; -} LSA_R_QUERY_INFO; +typedef LSA_INFO_CTR LSA_INFO_CTR2; -/* LSA_DNS_DOM_INFO - DNS domain info - info class 12*/ -typedef struct lsa_dns_dom_info +/* LSA_Q_SET_INFO - LSA set info policy */ +typedef struct lsa_set_info { - UNIHDR hdr_nb_dom_name; /* netbios domain name */ - UNIHDR hdr_dns_dom_name; - UNIHDR hdr_forest_name; + POLICY_HND pol; /* policy handle */ + uint16 info_class; /* info class */ + LSA_INFO_CTR ctr; - GUID dom_guid; /* domain GUID */ +} LSA_Q_SET_INFO; - UNISTR2 uni_nb_dom_name; - UNISTR2 uni_dns_dom_name; - UNISTR2 uni_forest_name; +/* LSA_R_SET_INFO - response to LSA set info policy */ +typedef struct lsa_r_set_info +{ + NTSTATUS status; /* return code */ - uint32 ptr_dom_sid; - DOM_SID2 dom_sid; /* domain SID */ -} LSA_DNS_DOM_INFO; +} LSA_R_SET_INFO; -typedef union lsa_info2_union +/* LSA_R_QUERY_INFO - response to LSA query info policy */ +typedef struct lsa_r_query_info { - LSA_DNS_DOM_INFO dns_dom_info; -} LSA_INFO2_UNION; + uint32 dom_ptr; /* undocumented buffer pointer */ + LSA_INFO_CTR ctr; + NTSTATUS status; /* return code */ -/* LSA_Q_QUERY_INFO2 - LSA query info */ -typedef struct lsa_q_query_info2 -{ - POLICY_HND pol; /* policy handle */ - uint16 info_class; /* info class */ -} LSA_Q_QUERY_INFO2; +} LSA_R_QUERY_INFO; -typedef struct lsa_r_query_info2 -{ - uint32 ptr; /* pointer to info struct */ - uint16 info_class; - LSA_INFO2_UNION info; /* so far the only one */ - NTSTATUS status; -} LSA_R_QUERY_INFO2; +typedef LSA_Q_QUERY_INFO LSA_Q_QUERY_INFO2; +typedef LSA_R_QUERY_INFO LSA_R_QUERY_INFO2; -/* LSA_Q_ENUM_TRUST_DOM - LSA enumerate trusted domains */ -typedef struct lsa_enum_trust_dom_info -{ - POLICY_HND pol; /* policy handle */ - uint32 enum_context; /* enumeration context handle */ - uint32 preferred_len; /* preferred maximum length */ +/*******************************************************/ +typedef struct { + POLICY_HND pol; + uint32 enum_context; + uint32 preferred_len; /* preferred maximum length */ } LSA_Q_ENUM_TRUST_DOM; -/* LSA_R_ENUM_TRUST_DOM - response to LSA enumerate trusted domains */ -typedef struct lsa_r_enum_trust_dom_info -{ - uint32 enum_context; /* enumeration context handle */ - uint32 num_domains; /* number of domains */ - uint32 ptr_enum_domains; /* buffer pointer to num domains */ - - /* this lot is only added if ptr_enum_domains is non-NULL */ - uint32 num_domains2; /* number of domains */ - UNIHDR2 *hdr_domain_name; - UNISTR2 *uni_domain_name; - DOM_SID2 *domain_sid; +typedef struct { + UNISTR4 name; + DOM_SID2 *sid; +} DOMAIN_INFO; - NTSTATUS status; /* return code */ +typedef struct { + uint32 count; + DOMAIN_INFO *domains; +} DOMAIN_LIST; +typedef struct { + uint32 enum_context; + uint32 count; + DOMAIN_LIST *domlist; + NTSTATUS status; } LSA_R_ENUM_TRUST_DOM; +/*******************************************************/ + /* LSA_Q_CLOSE */ typedef struct lsa_q_close_info { @@ -363,13 +427,13 @@ typedef struct dom_trust_info /* DOM_R_REF */ typedef struct dom_ref_info { - uint32 num_ref_doms_1; /* num referenced domains */ - uint32 ptr_ref_dom; /* pointer to referenced domains */ - uint32 max_entries; /* 32 - max number of entries */ - uint32 num_ref_doms_2; /* num referenced domains */ + uint32 num_ref_doms_1; /* num referenced domains */ + uint32 ptr_ref_dom; /* pointer to referenced domains */ + uint32 max_entries; /* 32 - max number of entries */ + uint32 num_ref_doms_2; /* num referenced domains */ - DOM_TRUST_HDR hdr_ref_dom[MAX_REF_DOMAINS]; /* referenced domains */ - DOM_TRUST_INFO ref_dom [MAX_REF_DOMAINS]; /* referenced domains */ + DOM_TRUST_HDR hdr_ref_dom[MAX_REF_DOMAINS]; /* referenced domains */ + DOM_TRUST_INFO ref_dom [MAX_REF_DOMAINS]; /* referenced domains */ } DOM_R_REF; @@ -384,8 +448,18 @@ typedef struct lsa_trans_name_info } LSA_TRANS_NAME; -/* This number purly arbitary - just to prevent a client from requesting large amounts of memory */ -#define MAX_LOOKUP_SIDS 256 +/* LSA_TRANS_NAME2 - translated name */ +typedef struct lsa_trans_name_info2 +{ + uint16 sid_name_use; /* value is 5 for a well-known group; 2 for a domain group; 1 for a user... */ + UNIHDR hdr_name; + uint32 domain_idx; /* index into DOM_R_REF array of SIDs */ + uint32 unknown; + +} LSA_TRANS_NAME2; + +/* This number is based on Win2k and later maximum response allowed */ +#define MAX_LOOKUP_SIDS 20480 /* 0x5000 */ /* LSA_TRANS_NAME_ENUM - LSA Translated Name Enumeration container */ typedef struct lsa_trans_name_enum_info @@ -399,6 +473,18 @@ typedef struct lsa_trans_name_enum_info } LSA_TRANS_NAME_ENUM; +/* LSA_TRANS_NAME_ENUM2 - LSA Translated Name Enumeration container 2 */ +typedef struct lsa_trans_name_enum_info2 +{ + uint32 num_entries; + uint32 ptr_trans_names; + uint32 num_entries2; + + LSA_TRANS_NAME2 *name; /* translated names */ + UNISTR2 *uni_name; + +} LSA_TRANS_NAME_ENUM2; + /* LSA_SID_ENUM - LSA SID enumeration container */ typedef struct lsa_sid_enum_info { @@ -417,7 +503,7 @@ typedef struct lsa_q_lookup_sids POLICY_HND pol; /* policy handle */ LSA_SID_ENUM sids; LSA_TRANS_NAME_ENUM names; - LOOKUP_LEVEL level; + uint16 level; uint32 mapped_count; } LSA_Q_LOOKUP_SIDS; @@ -428,13 +514,64 @@ typedef struct lsa_r_lookup_sids uint32 ptr_dom_ref; DOM_R_REF *dom_ref; /* domain reference info */ - LSA_TRANS_NAME_ENUM *names; + LSA_TRANS_NAME_ENUM names; uint32 mapped_count; NTSTATUS status; /* return code */ } LSA_R_LOOKUP_SIDS; +/* LSA_Q_LOOKUP_SIDS2 - LSA Lookup SIDs 2*/ +typedef struct lsa_q_lookup_sids2 +{ + POLICY_HND pol; /* policy handle */ + LSA_SID_ENUM sids; + LSA_TRANS_NAME_ENUM2 names; + uint16 level; + uint32 mapped_count; + uint32 unknown1; + uint32 unknown2; + +} LSA_Q_LOOKUP_SIDS2; + +/* LSA_R_LOOKUP_SIDS2 - response to LSA Lookup SIDs 2*/ +typedef struct lsa_r_lookup_sids2 +{ + uint32 ptr_dom_ref; + DOM_R_REF *dom_ref; /* domain reference info */ + + LSA_TRANS_NAME_ENUM2 names; + uint32 mapped_count; + + NTSTATUS status; /* return code */ + +} LSA_R_LOOKUP_SIDS2; + +/* LSA_Q_LOOKUP_SIDS3 - LSA Lookup SIDs 3 */ +typedef struct lsa_q_lookup_sids3 +{ + LSA_SID_ENUM sids; + LSA_TRANS_NAME_ENUM2 names; + uint16 level; + uint32 mapped_count; + uint32 unknown1; + uint32 unknown2; + +} LSA_Q_LOOKUP_SIDS3; + +/* LSA_R_LOOKUP_SIDS3 - response to LSA Lookup SIDs 3 */ +typedef struct lsa_r_lookup_sids3 +{ + uint32 ptr_dom_ref; + DOM_R_REF *dom_ref; /* domain reference info */ + + LSA_TRANS_NAME_ENUM2 names; + uint32 mapped_count; + + NTSTATUS status; /* return code */ + +} LSA_R_LOOKUP_SIDS3; + /* LSA_Q_LOOKUP_NAMES - LSA Lookup NAMEs */ typedef struct lsa_q_lookup_names { @@ -446,7 +583,7 @@ typedef struct lsa_q_lookup_names uint32 num_trans_entries; uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */ - uint32 lookup_level; + uint16 lookup_level; uint32 mapped_count; } LSA_Q_LOOKUP_NAMES; @@ -460,31 +597,121 @@ typedef struct lsa_r_lookup_names uint32 num_entries; uint32 ptr_entries; uint32 num_entries2; - DOM_RID2 *dom_rid; /* domain RIDs being looked up */ + DOM_RID *dom_rid; /* domain RIDs being looked up */ uint32 mapped_count; NTSTATUS status; /* return code */ } LSA_R_LOOKUP_NAMES; -/* This is probably a policy handle but at the moment we - never read it - so use a dummy struct. */ +/* LSA_Q_LOOKUP_NAMES2 - LSA Lookup NAMEs 2*/ +typedef struct lsa_q_lookup_names2 +{ + POLICY_HND pol; /* policy handle */ + uint32 num_entries; + uint32 num_entries2; + UNIHDR *hdr_name; /* name buffer pointers */ + UNISTR2 *uni_name; /* names to be looked up */ -typedef struct lsa_q_open_secret + uint32 num_trans_entries; + uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */ + uint16 lookup_level; + uint32 mapped_count; + uint32 unknown1; + uint32 unknown2; + +} LSA_Q_LOOKUP_NAMES2; + +/* LSA_R_LOOKUP_NAMES2 - response to LSA Lookup NAMEs by name 2 */ +typedef struct lsa_r_lookup_names2 { - uint32 dummy; -} LSA_Q_OPEN_SECRET; + uint32 ptr_dom_ref; + DOM_R_REF *dom_ref; /* domain reference info */ -/* We always return "not found" at present - so just marshal the minimum. */ + uint32 num_entries; + uint32 ptr_entries; + uint32 num_entries2; + DOM_RID2 *dom_rid; /* domain RIDs being looked up */ + + uint32 mapped_count; + + NTSTATUS status; /* return code */ +} LSA_R_LOOKUP_NAMES2; -typedef struct lsa_r_open_secret +/* LSA_Q_LOOKUP_NAMES3 - LSA Lookup NAMEs 3 */ +typedef struct lsa_q_lookup_names3 { - uint32 dummy1; - uint32 dummy2; - uint32 dummy3; - uint32 dummy4; - NTSTATUS status; -} LSA_R_OPEN_SECRET; + POLICY_HND pol; /* policy handle */ + uint32 num_entries; + uint32 num_entries2; + UNIHDR *hdr_name; /* name buffer pointers */ + UNISTR2 *uni_name; /* names to be looked up */ + + uint32 num_trans_entries; + uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */ + uint16 lookup_level; + uint32 mapped_count; + uint32 unknown1; + uint32 unknown2; + +} LSA_Q_LOOKUP_NAMES3; + +/* Sid type used in lookupnames3 and lookupnames4. */ +typedef struct lsa_translatedsid3 { + uint8 sid_type; + DOM_SID2 *sid2; + uint32 sid_idx; + uint32 unknown; +} LSA_TRANSLATED_SID3; + +/* LSA_R_LOOKUP_NAMES3 - response to LSA Lookup NAMEs by name 3 */ +typedef struct lsa_r_lookup_names3 +{ + uint32 ptr_dom_ref; + DOM_R_REF *dom_ref; /* domain reference info */ + + uint32 num_entries; + uint32 ptr_entries; + uint32 num_entries2; + LSA_TRANSLATED_SID3 *trans_sids; + + uint32 mapped_count; + + NTSTATUS status; /* return code */ +} LSA_R_LOOKUP_NAMES3; + +/* LSA_Q_LOOKUP_NAMES4 - LSA Lookup NAMEs 4 */ +typedef struct lsa_q_lookup_names4 +{ + uint32 num_entries; + uint32 num_entries2; + UNIHDR *hdr_name; /* name buffer pointers */ + UNISTR2 *uni_name; /* names to be looked up */ + + uint32 num_trans_entries; + uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */ + uint16 lookup_level; + uint32 mapped_count; + uint32 unknown1; + uint32 unknown2; + +} LSA_Q_LOOKUP_NAMES4; + +/* LSA_R_LOOKUP_NAMES3 - response to LSA Lookup NAMEs by name 4 */ +typedef struct lsa_r_lookup_names4 +{ + uint32 ptr_dom_ref; + DOM_R_REF *dom_ref; /* domain reference info */ + + uint32 num_entries; + uint32 ptr_entries; + uint32 num_entries2; + LSA_TRANSLATED_SID3 *trans_sids; + + uint32 mapped_count; + + NTSTATUS status; /* return code */ +} LSA_R_LOOKUP_NAMES4; typedef struct lsa_enum_priv_entry { @@ -526,7 +753,7 @@ typedef struct typedef struct { uint32 count; - UNISTR2_ARRAY rights; + UNISTR4_ARRAY *rights; NTSTATUS status; } LSA_R_ENUM_ACCT_RIGHTS; @@ -536,8 +763,8 @@ typedef struct { POLICY_HND pol; /* policy handle */ DOM_SID2 sid; - UNISTR2_ARRAY rights; uint32 count; + UNISTR4_ARRAY *rights; } LSA_Q_ADD_ACCT_RIGHTS; /* LSA_R_ADD_ACCT_RIGHTS - LSA add account rights */ @@ -553,8 +780,8 @@ typedef struct POLICY_HND pol; /* policy handle */ DOM_SID2 sid; uint32 removeall; - UNISTR2_ARRAY rights; uint32 count; + UNISTR4_ARRAY *rights; } LSA_Q_REMOVE_ACCT_RIGHTS; /* LSA_R_REMOVE_ACCT_RIGHTS - LSA remove account rights */ @@ -629,6 +856,20 @@ typedef struct lsa_r_unk_get_connuser } LSA_R_UNK_GET_CONNUSER; +typedef struct lsa_q_createaccount +{ + POLICY_HND pol; /* policy handle */ + DOM_SID2 sid; + uint32 access; /* access */ +} LSA_Q_CREATEACCOUNT; + +typedef struct lsa_r_createaccount +{ + POLICY_HND pol; /* policy handle */ + NTSTATUS status; +} LSA_R_CREATEACCOUNT; + + typedef struct lsa_q_openaccount { POLICY_HND pol; /* policy handle */ @@ -647,26 +888,6 @@ typedef struct lsa_q_enumprivsaccount POLICY_HND pol; /* policy handle */ } LSA_Q_ENUMPRIVSACCOUNT; - -typedef struct LUID -{ - uint32 low; - uint32 high; -} LUID; - -typedef struct LUID_ATTR -{ - LUID luid; - uint32 attr; -} LUID_ATTR ; - -typedef struct privilege_set -{ - uint32 count; - uint32 control; - LUID_ATTR *set; -} PRIVILEGE_SET; - typedef struct lsa_r_enumprivsaccount { uint32 ptr; @@ -698,20 +919,20 @@ typedef struct lsa_r_setsystemaccount NTSTATUS status; } LSA_R_SETSYSTEMACCOUNT; +typedef struct { + UNIHDR hdr; + UNISTR2 unistring; +} LSA_STRING; -typedef struct lsa_q_lookupprivvalue -{ +typedef struct { POLICY_HND pol; /* policy handle */ - UNIHDR hdr_right; - UNISTR2 uni2_right; -} LSA_Q_LOOKUPPRIVVALUE; + LSA_STRING privname; +} LSA_Q_LOOKUP_PRIV_VALUE; -typedef struct lsa_r_lookupprivvalue -{ +typedef struct { LUID luid; NTSTATUS status; -} LSA_R_LOOKUPPRIVVALUE; - +} LSA_R_LOOKUP_PRIV_VALUE; typedef struct lsa_q_addprivs { @@ -740,7 +961,136 @@ typedef struct lsa_r_removeprivs NTSTATUS status; } LSA_R_REMOVEPRIVS; +/*******************************************************/ +#if 0 /* jerry, I think this not correct - gd */ +typedef struct { + POLICY_HND handle; + uint32 count; /* ??? this is what ethereal calls it */ + DOM_SID sid; +} LSA_Q_OPEN_TRUSTED_DOMAIN; +#endif + +/* LSA_Q_OPEN_TRUSTED_DOMAIN - LSA Query Open Trusted Domain */ +typedef struct lsa_q_open_trusted_domain +{ + POLICY_HND pol; /* policy handle */ + DOM_SID2 sid; /* domain sid */ + uint32 access_mask; /* access mask */ + +} LSA_Q_OPEN_TRUSTED_DOMAIN; -#endif /* _RPC_LSA_H */ +/* LSA_R_OPEN_TRUSTED_DOMAIN - response to LSA Query Open Trusted Domain */ +typedef struct { + POLICY_HND handle; /* trustdom policy handle */ + NTSTATUS status; /* return code */ +} LSA_R_OPEN_TRUSTED_DOMAIN; + + +/*******************************************************/ +typedef struct { + POLICY_HND handle; + UNISTR4 secretname; + uint32 access; +} LSA_Q_OPEN_SECRET; + +typedef struct { + POLICY_HND handle; + NTSTATUS status; +} LSA_R_OPEN_SECRET; + +/*******************************************************/ + +typedef struct { + POLICY_HND handle; +} LSA_Q_DELETE_OBJECT; + +typedef struct { + NTSTATUS status; +} LSA_R_DELETE_OBJECT; + + +/*******************************************************/ + +typedef struct { + POLICY_HND handle; + UNISTR4 secretname; + uint32 access; +} LSA_Q_CREATE_SECRET; + +typedef struct { + POLICY_HND handle; + NTSTATUS status; +} LSA_R_CREATE_SECRET; + + +/*******************************************************/ + +typedef struct { + POLICY_HND handle; + UNISTR4 secretname; + uint32 access; +} LSA_Q_CREATE_TRUSTED_DOMAIN; + +typedef struct { + POLICY_HND handle; + NTSTATUS status; +} LSA_R_CREATE_TRUSTED_DOMAIN; + + +/*******************************************************/ + +typedef struct { + uint32 size; /* size is written on the wire twice so I + can only assume that one is supposed to + be a max length and one is a size */ + UNISTR2 *data; /* not really a UNICODE string but the parsing + is the same */ +} LSA_DATA_BLOB; + +typedef struct { + POLICY_HND handle; + LSA_DATA_BLOB *old_value; + LSA_DATA_BLOB *new_value; +} LSA_Q_SET_SECRET; + +typedef struct { + NTSTATUS status; +} LSA_R_SET_SECRET; + +typedef struct dom_info_kerberos { + uint32 enforce_restrictions; + NTTIME service_tkt_lifetime; + NTTIME user_tkt_lifetime; + NTTIME user_tkt_renewaltime; + NTTIME clock_skew; + NTTIME unknown6; +} LSA_DOM_INFO_POLICY_KERBEROS; + +typedef struct dom_info_efs { + uint32 blob_len; + UNISTR2 efs_blob; +} LSA_DOM_INFO_POLICY_EFS; + +typedef struct lsa_dom_info_union { + uint16 info_class; + LSA_DOM_INFO_POLICY_EFS efs_policy; + LSA_DOM_INFO_POLICY_KERBEROS krb_policy; +} LSA_DOM_INFO_UNION; + +/* LSA_Q_QUERY_DOM_INFO_POLICY - LSA query info */ +typedef struct lsa_q_query_dom_info_policy +{ + POLICY_HND pol; /* policy handle */ + uint16 info_class; /* info class */ +} LSA_Q_QUERY_DOM_INFO_POLICY; + +typedef struct lsa_r_query_dom_info_policy +{ + LSA_DOM_INFO_UNION *info; + NTSTATUS status; +} LSA_R_QUERY_DOM_INFO_POLICY; + + +#endif /* _RPC_LSA_H */