2 Unix SMB/CIFS implementation.
3 SMB parameters and setup
4 Copyright (C) Andrew Tridgell 1992-1997
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1997
6 Copyright (C) Paul Ashton 1997
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 #ifndef _RPC_LSA_H /* _RPC_LSA_H */
28 /* Opcodes available on PIPE_LSARPC */
30 #if 0 /* UNIMPLEMENTED */
32 #define LSA_LOOKUPSIDS2 0x39
36 #define LSA_CLOSE 0x00
37 #define LSA_DELETE 0x01
38 #define LSA_ENUM_PRIVS 0x02
39 #define LSA_QUERYSECOBJ 0x03
40 #define LSA_SETSECOBJ 0x04
41 #define LSA_CHANGEPASSWORD 0x05
42 #define LSA_OPENPOLICY 0x06
43 #define LSA_QUERYINFOPOLICY 0x07
44 #define LSA_SETINFOPOLICY 0x08
45 #define LSA_CLEARAUDITLOG 0x09
46 #define LSA_CREATEACCOUNT 0x0a
47 #define LSA_ENUM_ACCOUNTS 0x0b
48 #define LSA_CREATETRUSTDOM 0x0c
49 #define LSA_ENUMTRUSTDOM 0x0d
50 #define LSA_LOOKUPNAMES 0x0e
51 #define LSA_LOOKUPSIDS 0x0f
52 #define LSA_CREATESECRET 0x10
53 #define LSA_OPENACCOUNT 0x11
54 #define LSA_ENUMPRIVSACCOUNT 0x12
55 #define LSA_ADDPRIVS 0x13
56 #define LSA_REMOVEPRIVS 0x14
57 #define LSA_GETQUOTAS 0x15
58 #define LSA_SETQUOTAS 0x16
59 #define LSA_GETSYSTEMACCOUNT 0x17
60 #define LSA_SETSYSTEMACCOUNT 0x18
61 #define LSA_OPENTRUSTDOM 0x19
62 #define LSA_QUERYTRUSTDOM 0x1a
63 #define LSA_SETINFOTRUSTDOM 0x1b
64 #define LSA_OPENSECRET 0x1c
65 #define LSA_SETSECRET 0x1d
66 #define LSA_QUERYSECRET 0x1e
67 #define LSA_LOOKUPPRIVVALUE 0x1f
68 #define LSA_LOOKUPPRIVNAME 0x20
69 #define LSA_PRIV_GET_DISPNAME 0x21
70 #define LSA_DELETEOBJECT 0x22
71 #define LSA_ENUMACCTWITHRIGHT 0x23
72 #define LSA_ENUMACCTRIGHTS 0x24
73 #define LSA_ADDACCTRIGHTS 0x25
74 #define LSA_REMOVEACCTRIGHTS 0x26
75 #define LSA_QUERYTRUSTDOMINFO 0x27
76 #define LSA_SETTRUSTDOMINFO 0x28
77 #define LSA_DELETETRUSTDOM 0x29
78 #define LSA_STOREPRIVDATA 0x2a
79 #define LSA_RETRPRIVDATA 0x2b
80 #define LSA_OPENPOLICY2 0x2c
81 #define LSA_UNK_GET_CONNUSER 0x2d /* LsaGetConnectedCredentials ? */
82 #define LSA_QUERYINFO2 0x2e
84 /* XXXX these are here to get a compile! */
85 #define LSA_LOOKUPRIDS 0xFD
87 /* DOM_QUERY - info class 3 and 5 LSA Query response */
88 typedef struct dom_query_info
90 uint16 uni_dom_max_len
; /* domain name string length * 2 */
91 uint16 uni_dom_str_len
; /* domain name string length * 2 */
92 uint32 buffer_dom_name
; /* undocumented domain name string buffer pointer */
93 uint32 buffer_dom_sid
; /* undocumented domain SID string buffer pointer */
94 UNISTR2 uni_domain_name
; /* domain name (unicode string) */
95 DOM_SID2 dom_sid
; /* domain SID */
99 /* level 5 is same as level 3. */
100 typedef DOM_QUERY DOM_QUERY_3
;
101 typedef DOM_QUERY DOM_QUERY_5
;
103 /* level 2 is auditing settings */
104 typedef struct dom_query_2
106 uint32 auditing_enabled
;
107 uint32 count1
; /* usualy 7, at least on nt4sp4 */
108 uint32 count2
; /* the same */
109 uint32
*auditsettings
;
112 /* level 6 is server role information */
113 typedef struct dom_query_6
115 uint16 server_role
; /* 2=backup, 3=primary */
118 typedef struct seq_qos_info
121 uint16 sec_imp_level
; /* 0x02 - impersonation level */
122 uint8 sec_ctxt_mode
; /* 0x01 - context tracking mode */
123 uint8 effective_only
; /* 0x00 - effective only */
127 typedef struct obj_attr_info
129 uint32 len
; /* 0x18 - length (in bytes) inc. the length field. */
130 uint32 ptr_root_dir
; /* 0 - root directory (pointer) */
131 uint32 ptr_obj_name
; /* 0 - object name (pointer) */
132 uint32 attributes
; /* 0 - attributes (undocumented) */
133 uint32 ptr_sec_desc
; /* 0 - security descriptior (pointer) */
134 uint32 ptr_sec_qos
; /* security quality of service */
135 LSA_SEC_QOS
*sec_qos
;
139 /* LSA_Q_OPEN_POL - LSA Query Open Policy */
140 typedef struct lsa_q_open_pol_info
142 uint32 ptr
; /* undocumented buffer pointer */
143 uint16 system_name
; /* 0x5c - system name */
144 LSA_OBJ_ATTR attr
; /* object attributes */
146 uint32 des_access
; /* desired access attributes */
150 /* LSA_R_OPEN_POL - response to LSA Open Policy */
151 typedef struct lsa_r_open_pol_info
153 POLICY_HND pol
; /* policy handle */
154 NTSTATUS status
; /* return code */
158 /* LSA_Q_OPEN_POL2 - LSA Query Open Policy */
159 typedef struct lsa_q_open_pol2_info
161 uint32 ptr
; /* undocumented buffer pointer */
162 UNISTR2 uni_server_name
; /* server name, starting with two '\'s */
163 LSA_OBJ_ATTR attr
; /* object attributes */
165 uint32 des_access
; /* desired access attributes */
169 /* LSA_R_OPEN_POL2 - response to LSA Open Policy */
170 typedef struct lsa_r_open_pol2_info
172 POLICY_HND pol
; /* policy handle */
173 NTSTATUS status
; /* return code */
178 #define POLICY_VIEW_LOCAL_INFORMATION 0x00000001
179 #define POLICY_VIEW_AUDIT_INFORMATION 0x00000002
180 #define POLICY_GET_PRIVATE_INFORMATION 0x00000004
181 #define POLICY_TRUST_ADMIN 0x00000008
182 #define POLICY_CREATE_ACCOUNT 0x00000010
183 #define POLICY_CREATE_SECRET 0x00000020
184 #define POLICY_CREATE_PRIVILEGE 0x00000040
185 #define POLICY_SET_DEFAULT_QUOTA_LIMITS 0x00000080
186 #define POLICY_SET_AUDIT_REQUIREMENTS 0x00000100
187 #define POLICY_AUDIT_LOG_ADMIN 0x00000200
188 #define POLICY_SERVER_ADMIN 0x00000400
189 #define POLICY_LOOKUP_NAMES 0x00000800
191 #define POLICY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS |\
192 POLICY_VIEW_LOCAL_INFORMATION |\
193 POLICY_VIEW_AUDIT_INFORMATION |\
194 POLICY_GET_PRIVATE_INFORMATION |\
195 POLICY_TRUST_ADMIN |\
196 POLICY_CREATE_ACCOUNT |\
197 POLICY_CREATE_SECRET |\
198 POLICY_CREATE_PRIVILEGE |\
199 POLICY_SET_DEFAULT_QUOTA_LIMITS |\
200 POLICY_SET_AUDIT_REQUIREMENTS |\
201 POLICY_AUDIT_LOG_ADMIN |\
202 POLICY_SERVER_ADMIN |\
203 POLICY_LOOKUP_NAMES )
206 #define POLICY_READ ( STANDARD_RIGHTS_READ_ACCESS |\
207 POLICY_VIEW_AUDIT_INFORMATION |\
208 POLICY_GET_PRIVATE_INFORMATION)
210 #define POLICY_WRITE ( STANDARD_RIGHTS_WRITE_ACCESS |\
211 POLICY_TRUST_ADMIN |\
212 POLICY_CREATE_ACCOUNT |\
213 POLICY_CREATE_SECRET |\
214 POLICY_CREATE_PRIVILEGE |\
215 POLICY_SET_DEFAULT_QUOTA_LIMITS |\
216 POLICY_SET_AUDIT_REQUIREMENTS |\
217 POLICY_AUDIT_LOG_ADMIN |\
220 #define POLICY_EXECUTE ( STANDARD_RIGHTS_EXECUTE_ACCESS |\
221 POLICY_VIEW_LOCAL_INFORMATION |\
222 POLICY_LOOKUP_NAMES )
224 /* LSA_Q_QUERY_SEC_OBJ - LSA query security */
225 typedef struct lsa_query_sec_obj_info
227 POLICY_HND pol
; /* policy handle */
230 } LSA_Q_QUERY_SEC_OBJ
;
232 /* LSA_R_QUERY_SEC_OBJ - probably an open */
233 typedef struct r_lsa_query_sec_obj_info
238 NTSTATUS status
; /* return status */
240 } LSA_R_QUERY_SEC_OBJ
;
242 /* LSA_Q_QUERY_INFO - LSA query info policy */
243 typedef struct lsa_query_info
245 POLICY_HND pol
; /* policy handle */
246 uint16 info_class
; /* info class */
251 typedef union lsa_info_union
259 /* LSA_R_QUERY_INFO - response to LSA query info policy */
260 typedef struct lsa_r_query_info
262 uint32 undoc_buffer
; /* undocumented buffer pointer */
263 uint16 info_class
; /* info class (same as info class in request) */
267 NTSTATUS status
; /* return code */
271 /* LSA_DNS_DOM_INFO - DNS domain info - info class 12*/
272 typedef struct lsa_dns_dom_info
274 UNIHDR hdr_nb_dom_name
; /* netbios domain name */
275 UNIHDR hdr_dns_dom_name
;
276 UNIHDR hdr_forest_name
;
278 struct uuid dom_guid
; /* domain GUID */
280 UNISTR2 uni_nb_dom_name
;
281 UNISTR2 uni_dns_dom_name
;
282 UNISTR2 uni_forest_name
;
285 DOM_SID2 dom_sid
; /* domain SID */
288 typedef union lsa_info2_union
290 LSA_DNS_DOM_INFO dns_dom_info
;
293 /* LSA_Q_QUERY_INFO2 - LSA query info */
294 typedef struct lsa_q_query_info2
296 POLICY_HND pol
; /* policy handle */
297 uint16 info_class
; /* info class */
300 typedef struct lsa_r_query_info2
302 uint32 ptr
; /* pointer to info struct */
304 LSA_INFO2_UNION info
; /* so far the only one */
308 /* LSA_Q_ENUM_TRUST_DOM - LSA enumerate trusted domains */
309 typedef struct lsa_enum_trust_dom_info
311 POLICY_HND pol
; /* policy handle */
312 uint32 enum_context
; /* enumeration context handle */
313 uint32 preferred_len
; /* preferred maximum length */
315 } LSA_Q_ENUM_TRUST_DOM
;
317 /* LSA_R_ENUM_TRUST_DOM - response to LSA enumerate trusted domains */
318 typedef struct lsa_r_enum_trust_dom_info
320 uint32 enum_context
; /* enumeration context handle */
321 uint32 num_domains
; /* number of domains */
322 uint32 ptr_enum_domains
; /* buffer pointer to num domains */
324 /* this lot is only added if ptr_enum_domains is non-NULL */
325 uint32 num_domains2
; /* number of domains */
326 UNIHDR2
*hdr_domain_name
;
327 UNISTR2
*uni_domain_name
;
328 DOM_SID2
*domain_sid
;
330 NTSTATUS status
; /* return code */
332 } LSA_R_ENUM_TRUST_DOM
;
335 typedef struct lsa_q_close_info
337 POLICY_HND pol
; /* policy handle */
342 typedef struct lsa_r_close_info
344 POLICY_HND pol
; /* policy handle. should be all zeros. */
346 NTSTATUS status
; /* return code */
351 #define MAX_REF_DOMAINS 32
354 typedef struct dom_trust_hdr
356 UNIHDR hdr_dom_name
; /* referenced domain unicode string headers */
362 typedef struct dom_trust_info
364 UNISTR2 uni_dom_name
; /* domain name unicode string */
365 DOM_SID2 ref_dom
; /* referenced domain SID */
370 typedef struct dom_ref_info
372 uint32 num_ref_doms_1
; /* num referenced domains */
373 uint32 ptr_ref_dom
; /* pointer to referenced domains */
374 uint32 max_entries
; /* 32 - max number of entries */
375 uint32 num_ref_doms_2
; /* num referenced domains */
377 DOM_TRUST_HDR hdr_ref_dom
[MAX_REF_DOMAINS
]; /* referenced domains */
378 DOM_TRUST_INFO ref_dom
[MAX_REF_DOMAINS
]; /* referenced domains */
382 /* the domain_idx points to a SID associated with the name */
384 /* LSA_TRANS_NAME - translated name */
385 typedef struct lsa_trans_name_info
387 uint16 sid_name_use
; /* value is 5 for a well-known group; 2 for a domain group; 1 for a user... */
389 uint32 domain_idx
; /* index into DOM_R_REF array of SIDs */
393 /* This number purly arbitary - just to prevent a client from requesting large amounts of memory */
394 #define MAX_LOOKUP_SIDS 256
396 /* LSA_TRANS_NAME_ENUM - LSA Translated Name Enumeration container */
397 typedef struct lsa_trans_name_enum_info
400 uint32 ptr_trans_names
;
403 LSA_TRANS_NAME
*name
; /* translated names */
406 } LSA_TRANS_NAME_ENUM
;
408 /* LSA_SID_ENUM - LSA SID enumeration container */
409 typedef struct lsa_sid_enum_info
415 uint32
*ptr_sid
; /* domain SID pointers to be looked up. */
416 DOM_SID2
*sid
; /* domain SIDs to be looked up. */
420 /* LSA_Q_LOOKUP_SIDS - LSA Lookup SIDs */
421 typedef struct lsa_q_lookup_sids
423 POLICY_HND pol
; /* policy handle */
425 LSA_TRANS_NAME_ENUM names
;
431 /* LSA_R_LOOKUP_SIDS - response to LSA Lookup SIDs */
432 typedef struct lsa_r_lookup_sids
435 DOM_R_REF
*dom_ref
; /* domain reference info */
437 LSA_TRANS_NAME_ENUM
*names
;
440 NTSTATUS status
; /* return code */
444 /* LSA_Q_LOOKUP_NAMES - LSA Lookup NAMEs */
445 typedef struct lsa_q_lookup_names
447 POLICY_HND pol
; /* policy handle */
450 UNIHDR
*hdr_name
; /* name buffer pointers */
451 UNISTR2
*uni_name
; /* names to be looked up */
453 uint32 num_trans_entries
;
454 uint32 ptr_trans_sids
; /* undocumented domain SID buffer pointer */
458 } LSA_Q_LOOKUP_NAMES
;
460 /* LSA_R_LOOKUP_NAMES - response to LSA Lookup NAMEs by name */
461 typedef struct lsa_r_lookup_names
464 DOM_R_REF
*dom_ref
; /* domain reference info */
469 DOM_RID2
*dom_rid
; /* domain RIDs being looked up */
473 NTSTATUS status
; /* return code */
474 } LSA_R_LOOKUP_NAMES
;
476 /* This is probably a policy handle but at the moment we
477 never read it - so use a dummy struct. */
479 typedef struct lsa_q_open_secret
484 /* We always return "not found" at present - so just marshal the minimum. */
486 typedef struct lsa_r_open_secret
495 typedef struct lsa_enum_priv_entry
504 /* LSA_Q_ENUM_PRIVS - LSA enum privileges */
505 typedef struct lsa_q_enum_privs
507 POLICY_HND pol
; /* policy handle */
509 uint32 pref_max_length
;
512 typedef struct lsa_r_enum_privs
519 LSA_PRIV_ENTRY
*privs
;
524 /* LSA_Q_ENUM_ACCT_RIGHTS - LSA enum account rights */
527 POLICY_HND pol
; /* policy handle */
529 } LSA_Q_ENUM_ACCT_RIGHTS
;
531 /* LSA_R_ENUM_ACCT_RIGHTS - LSA enum account rights */
535 UNISTR2_ARRAY rights
;
537 } LSA_R_ENUM_ACCT_RIGHTS
;
540 /* LSA_Q_ADD_ACCT_RIGHTS - LSA add account rights */
543 POLICY_HND pol
; /* policy handle */
545 UNISTR2_ARRAY rights
;
547 } LSA_Q_ADD_ACCT_RIGHTS
;
549 /* LSA_R_ADD_ACCT_RIGHTS - LSA add account rights */
553 } LSA_R_ADD_ACCT_RIGHTS
;
556 /* LSA_Q_REMOVE_ACCT_RIGHTS - LSA remove account rights */
559 POLICY_HND pol
; /* policy handle */
562 UNISTR2_ARRAY rights
;
564 } LSA_Q_REMOVE_ACCT_RIGHTS
;
566 /* LSA_R_REMOVE_ACCT_RIGHTS - LSA remove account rights */
570 } LSA_R_REMOVE_ACCT_RIGHTS
;
573 /* LSA_Q_PRIV_GET_DISPNAME - LSA get privilege display name */
574 typedef struct lsa_q_priv_get_dispname
576 POLICY_HND pol
; /* policy handle */
581 } LSA_Q_PRIV_GET_DISPNAME
;
583 typedef struct lsa_r_priv_get_dispname
592 } LSA_R_PRIV_GET_DISPNAME
;
594 /* LSA_Q_ENUM_ACCOUNTS */
595 typedef struct lsa_q_enum_accounts
597 POLICY_HND pol
; /* policy handle */
599 uint32 pref_max_length
;
600 } LSA_Q_ENUM_ACCOUNTS
;
602 /* LSA_R_ENUM_ACCOUNTS */
603 typedef struct lsa_r_enum_accounts
608 } LSA_R_ENUM_ACCOUNTS
;
610 /* LSA_Q_UNK_GET_CONNUSER - gets username\domain of connected user
611 called when "Take Ownership" is clicked -SK */
612 typedef struct lsa_q_unk_get_connuser
615 UNISTR2 uni2_srvname
;
616 uint32 unk1
; /* 3 unknown uint32's are seen right after uni2_srvname */
617 uint32 unk2
; /* unk2 appears to be a ptr, unk1 = unk3 = 0 usually */
619 } LSA_Q_UNK_GET_CONNUSER
;
621 /* LSA_R_UNK_GET_CONNUSER */
622 typedef struct lsa_r_unk_get_connuser
624 uint32 ptr_user_name
;
625 UNIHDR hdr_user_name
;
626 UNISTR2 uni2_user_name
;
632 UNISTR2 uni2_dom_name
;
635 } LSA_R_UNK_GET_CONNUSER
;
638 typedef struct lsa_q_openaccount
640 POLICY_HND pol
; /* policy handle */
642 uint32 access
; /* desired access */
645 typedef struct lsa_r_openaccount
647 POLICY_HND pol
; /* policy handle */
651 typedef struct lsa_q_enumprivsaccount
653 POLICY_HND pol
; /* policy handle */
654 } LSA_Q_ENUMPRIVSACCOUNT
;
656 typedef struct lsa_r_enumprivsaccount
662 } LSA_R_ENUMPRIVSACCOUNT
;
664 typedef struct lsa_q_getsystemaccount
666 POLICY_HND pol
; /* policy handle */
667 } LSA_Q_GETSYSTEMACCOUNT
;
669 typedef struct lsa_r_getsystemaccount
673 } LSA_R_GETSYSTEMACCOUNT
;
676 typedef struct lsa_q_setsystemaccount
678 POLICY_HND pol
; /* policy handle */
680 } LSA_Q_SETSYSTEMACCOUNT
;
682 typedef struct lsa_r_setsystemaccount
685 } LSA_R_SETSYSTEMACCOUNT
;
688 typedef struct lsa_q_lookupprivvalue
690 POLICY_HND pol
; /* policy handle */
693 } LSA_Q_LOOKUPPRIVVALUE
;
695 typedef struct lsa_r_lookupprivvalue
699 } LSA_R_LOOKUPPRIVVALUE
;
702 typedef struct lsa_q_addprivs
704 POLICY_HND pol
; /* policy handle */
709 typedef struct lsa_r_addprivs
715 typedef struct lsa_q_removeprivs
717 POLICY_HND pol
; /* policy handle */
724 typedef struct lsa_r_removeprivs
730 #endif /* _RPC_LSA_H */