1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23 * Use is subject to license terms.
24 */
25
26#ifndef _MLSVC_LSA_NDL_
27#define _MLSVC_LSA_NDL_
28
29#pragma ident	"%Z%%M%	%I%	%E% SMI"
30
31/*
32 ***********************************************************************
33 * Local Security Authority RPC (LSARPC) interface definition.
34 ***********************************************************************
35 */
36
37#include "ndrtypes.ndl"
38
39
40#define	LSARPC_OPNUM_CloseHandle			0x00
41#define	LSARPC_OPNUM_Delete				0x01
42#define	LSARPC_OPNUM_EnumPrivileges			0x02
43#define	LSARPC_OPNUM_QuerySecurityObject		0x03
44#define	LSARPC_OPNUM_SetSecurityObject			0x04
45#define	LSARPC_OPNUM_ChangePassword			0x05
46#define	LSARPC_OPNUM_OpenPolicy				0x06
47#define	LSARPC_OPNUM_QueryInfoPolicy			0x07
48#define	LSARPC_OPNUM_SetInfoPolicy			0x08
49#define	LSARPC_OPNUM_ClearAuditLog			0x09
50#define	LSARPC_OPNUM_CreateAccount			0x0a
51#define	LSARPC_OPNUM_EnumerateAccounts			0x0b
52#define	LSARPC_OPNUM_CreateTrustedDomain		0x0c
53#define	LSARPC_OPNUM_EnumTrustedDomain			0x0d
54#define	LSARPC_OPNUM_LookupNames			0x0e
55#define	LSARPC_OPNUM_LookupSids				0x0f
56#define	LSARPC_OPNUM_CreateSecret			0x10
57#define	LSARPC_OPNUM_OpenAccount			0x11
58#define	LSARPC_OPNUM_EnumPrivsAccount			0x12
59#define	LSARPC_OPNUM_AddAccountPrivs			0x13
60#define	LSARPC_OPNUM_RemoveAccountPrivs			0x14
61#define	LSARPC_OPNUM_GetAccountQuota			0x15
62#define	LSARPC_OPNUM_SetAccountQuota			0x16
63#define	LSARPC_OPNUM_GetSystemAccessAccount		0x17
64#define	LSARPC_OPNUM_SetSystemAccessAccount		0x18
65#define	LSARPC_OPNUM_OpenTrustedDomain			0x19
66#define	LSARPC_OPNUM_QueryInfoTrustedDomain		0x1a
67#define	LSARPC_OPNUM_SetinfoTrustedDomain		0x1b
68#define	LSARPC_OPNUM_OpenSecret				0x1c
69#define	LSARPC_OPNUM_SetSecret				0x1d
70#define	LSARPC_OPNUM_QuerySecret			0x1e
71#define	LSARPC_OPNUM_LookupPrivValue			0x1f
72#define	LSARPC_OPNUM_LookupPrivName			0x20
73#define	LSARPC_OPNUM_LookupPrivDisplayName		0x21
74#define	LSARPC_OPNUM_DeleteObject			0x22
75#define	LSARPC_OPNUM_EnumAccountsWithUserRight		0x23
76#define	LSARPC_OPNUM_EnumAccountRights			0x24
77#define	LSARPC_OPNUM_AddAccountRights			0x25
78#define	LSARPC_OPNUM_RemoveAccountRights		0x26
79#define	LSARPC_OPNUM_QueryTrustedDomainInfo		0x27
80#define	LSARPC_OPNUM_SetTrustedDomainInfo		0x28
81
82/* Windows 2000 */
83#define	LSARPC_OPNUM_DeleteTrustedDomain		0x29
84#define	LSARPC_OPNUM_StorePrivateData			0x2a
85#define	LSARPC_OPNUM_RetrievePrivateData		0x2b
86#define	LSARPC_OPNUM_OpenPolicy2			0x2c
87#define	LSARPC_OPNUM_GetConnectedUser			0x2d
88#define	LSARPC_OPNUM_QueryInfoPolicy2			0x2e
89#define	LSARPC_OPNUM_SetInfoPolicy2			0x2f
90#define	LSARPC_OPNUM_QueryTrustedDomainInfoByName	0x30
91#define	LSARPC_OPNUM_SetTrustedDomainInfoByName		0x31
92#define	LSARPC_OPNUM_EnumTrustedDomainsEx		0x32
93#define	LSARPC_OPNUM_CreateTrustedDomainEx		0x33
94#define	LSARPC_OPNUM_CloseTrustedDomainEx		0x34
95#define	LSARPC_OPNUM_QueryDomainInfoPolicy		0x35
96#define	LSARPC_OPNUM_SetDomainInfoPolicy		0x36
97#define	LSARPC_OPNUM_OpenTrustedDomainByName		0x37
98#define	LSARPC_OPNUM_TestCall				0x38
99#define	LSARPC_OPNUM_LookupSids2			0x39
100#define	LSARPC_OPNUM_LookupNames2			0x3a
101#define	LSARPC_OPNUM_CreateTrustedDomainEx2		0x3b
102
103/* Windows 2000 SP3 */
104#define	LSARPC_OPNUM_CredWrite				0x3c
105#define	LSARPC_OPNUM_CredRead				0x3d
106#define	LSARPC_OPNUM_CredEnumerate			0x3e
107#define	LSARPC_OPNUM_CredWriteDomainCreds		0x3f
108#define	LSARPC_OPNUM_CredReadDomainCreds		0x40
109#define	LSARPC_OPNUM_CredDelete				0x41
110#define	LSARPC_OPNUM_CredGetTargetInfo			0x42
111#define	LSARPC_OPNUM_CredProfileLoaded			0x43
112#define	LSARPC_OPNUM_LookupNames3			0x44
113#define	LSARPC_OPNUM_CredGetSessionTypes		0x45
114#define	LSARPC_OPNUM_RegisterAuditEvent			0x46
115#define	LSARPC_OPNUM_GenAuditEvent			0x47
116#define	LSARPC_OPNUM_UnregisterAuditEvent		0x48
117#define	LSARPC_OPNUM_QueryForestTrustInfo		0x49
118#define	LSARPC_OPNUM_SetForestTrustInfo			0x4a
119#define	LSARPC_OPNUM_CredRename				0x4b
120#define	LSARPC_OPNUM_LookupSids3			0x4c
121#define	LSARPC_OPNUM_LookupNames4			0x4d
122#define	LSARPC_OPNUM_OpenPolicySce			0x4e
123
124/* Windows Server 2003 */
125#define	LSARPC_OPNUM_AdtRegisterSecurityEventSource	0x4f
126#define	LSARPC_OPNUM_AdtUnregisterSecurityEventSource	0x50
127#define	LSARPC_OPNUM_AdtReportSecurityEvent		0x51
128
129/* Windows Vista */
130#define	LSARPC_OPNUM_CredFindBestCredential		0x52
131#define	LSARPC_OPNUM_SetAuditPolicy			0x53
132#define	LSARPC_OPNUM_QueryAuditPolicy			0x54
133#define	LSARPC_OPNUM_EnumerateAuditPolicy		0x55
134#define	LSARPC_OPNUM_EnumerateAuditCategories		0x56
135#define	LSARPC_OPNUM_EnumerateAuditSubCategories	0x57
136#define	LSARPC_OPNUM_LookupAuditCategoryName		0x58
137#define	LSARPC_OPNUM_LookupAuditSubCategoryName		0x59
138#define	LSARPC_OPNUM_SetAuditSecurity			0x5a
139#define	LSARPC_OPNUM_QueryAuditSecurity			0x5b
140#define	LSARPC_OPNUM_CredReadByTokenHandle		0x5c
141#define	LSARPC_OPNUM_CredRestoreCredentials		0x5d
142#define	LSARPC_OPNUM_CredBackupCredentials		0x5e
143
144/*
145 * There are at least two lookup level settings. Level 1 appears to mean
146 * only look on the local host and level 2 means forward the request to
147 * the PDC. On the PDC it probably doesn't matter which level you use but
148 * on a BDC a level 1 lookup will fail if the BDC doesn't have the info
149 * whereas a level 2 lookup will also check with the PDC.
150 */
151#define MSLSA_LOOKUP_LEVEL_1		1
152#define MSLSA_LOOKUP_LEVEL_2		2
153
154
155/*
156 * Definition for a SID. The ndl compiler won't allow a typedef of
157 * a structure containing variable size members.
158 */
159struct mslsa_sid {
160	BYTE		Revision;
161	BYTE		SubAuthCount;
162	BYTE		Authority[6];
163  SIZE_IS(SubAuthCount)
164	DWORD		SubAuthority[ANY_SIZE_ARRAY];
165};
166
167struct mslsa_string_desc {
168	WORD		length;
169	WORD		allosize;
170	LPTSTR		str;
171};
172typedef struct mslsa_string_desc mslsa_string_t;
173
174
175struct mslsa_handle {
176	DWORD hand1;
177	DWORD hand2;
178	WORD  hand3[2];
179	BYTE  hand4[8];
180};
181typedef struct mslsa_handle	mslsa_handle_t;
182
183
184struct mslsa_luid {
185	DWORD low_part;
186	DWORD high_part;
187};
188typedef struct mslsa_luid mslsa_luid_t;
189
190
191/*
192 ***********************************************************************
193 * OpenPolicy2 obtains a handle for a remote LSA. This handle is
194 * required for all subsequent LSA requests.
195 *
196 * The server name should be the name of the target PDC or BDC, with
197 * the double backslash prefix.
198 *
199 * As far as I can tell, the mslsa_object_attributes structure can be
200 * all zero except for the length, which should be set to sizeof(struct
201 * mslsa_object_attributes).
202 *
203 * For read access, the desired access mask should contain the
204 * READ_CONTROL standard right and whatever policy rights are required.
205 * I haven't tried any update operations but if you get the access mask
206 * wrong you can crash the domain controller.
207 ***********************************************************************
208 */
209
210
211/*
212 * From netmon:
213 *	length = 12
214 *	impersonation_level = 2
215 *	context_tracking_mode = 1
216 *	effective_only = 0
217 */
218struct mslsa_quality_of_service {
219	DWORD length;
220	WORD impersonation_level;
221	BYTE context_tracking_mode;
222	BYTE effective_only;
223};
224
225
226struct mslsa_object_attributes {
227	DWORD length;
228	DWORD rootDirectory;
229	DWORD objectName;
230	DWORD attributes;
231	DWORD securityDescriptor;
232	struct mslsa_quality_of_service *qualityOfService;
233};
234
235
236OPERATION(LSARPC_OPNUM_OpenPolicy)
237struct mslsa_OpenPolicy {
238	IN	DWORD	*servername;
239	IN	struct mslsa_object_attributes attributes;
240	IN	DWORD desiredAccess;
241	OUT	mslsa_handle_t domain_handle;
242	OUT	DWORD status;
243};
244
245OPERATION(LSARPC_OPNUM_OpenPolicy2)
246struct mslsa_OpenPolicy2 {
247	IN	LPTSTR servername;
248	IN	struct mslsa_object_attributes attributes;
249	IN	DWORD desiredAccess;
250	OUT	mslsa_handle_t domain_handle;
251	OUT	DWORD status;
252};
253
254
255/*
256 ***********************************************************************
257 * CloseHandle closes an association with the LSA. The returned handle
258 * will be all zero.
259 ***********************************************************************
260 */
261OPERATION(LSARPC_OPNUM_CloseHandle)
262struct mslsa_CloseHandle {
263	IN	mslsa_handle_t handle;
264	OUT	mslsa_handle_t result_handle;
265	OUT	DWORD status;
266};
267
268
269/*
270 ***********************************************************************
271 * EnumPrivileges
272 *
273 * Obtain a list of privilege names. This interface is not implemented
274 * yet The definition below has not been tested. This is a guess based
275 * on data available from netmon.
276 ***********************************************************************
277 */
278struct mslsa_PrivDef {
279	mslsa_string_t name;
280	mslsa_luid_t luid;
281};
282
283
284struct mslsa_PrivEnumBuf {
285	DWORD entries_read;
286  SIZE_IS(entries_read)
287	struct mslsa_PrivDef *def;
288};
289
290
291OPERATION(LSARPC_OPNUM_EnumPrivileges)
292struct mslsa_EnumPrivileges {
293	IN	mslsa_handle_t handle;
294	INOUT	DWORD enum_context;
295	IN	DWORD max_length;
296	OUT	REFERENCE struct mslsa_PrivEnumBuf *enum_buf;
297	OUT	DWORD status;
298};
299
300
301/*
302 ***********************************************************************
303 * QuerySecurityObject. I'm not entirely sure how to set this up yet.
304 * I used the discovery RPC to scope it out. The structures are set up
305 * according to netmon and the assumption that a security descriptor
306 * on the wire looks like the regular user level security descriptor.
307 ***********************************************************************
308 */
309struct mslsa_SecurityDescriptor {
310	BYTE revision;
311	BYTE sbz1;
312	WORD control;
313	DWORD owner;
314	DWORD group;
315	DWORD sacl;
316	DWORD dacl;
317};
318
319
320struct mslsa_SecurityDescInfo {
321	DWORD length;
322  SIZE_IS(length)
323  	BYTE *desc; /* temporary */
324	/* struct mslsa_SecurityDescriptor *desc; */
325};
326
327
328OPERATION(LSARPC_OPNUM_QuerySecurityObject)
329struct mslsa_QuerySecurityObject {
330	IN	mslsa_handle_t handle;
331	IN	DWORD security_info;
332	OUT	struct mslsa_SecurityDescInfo *desc_info;
333	OUT	DWORD status;
334};
335
336
337/*
338 ***********************************************************************
339 * EnumerateAccounts and EnumerateTrustedDomain.
340 ***********************************************************************
341 */
342struct mslsa_AccountInfo {
343	struct mslsa_sid *sid;
344};
345
346
347struct mslsa_EnumAccountBuf {
348	DWORD entries_read;
349  SIZE_IS(entries_read)
350	struct mslsa_AccountInfo *info;
351};
352
353
354OPERATION(LSARPC_OPNUM_EnumerateAccounts)
355struct mslsa_EnumerateAccounts {
356	IN	mslsa_handle_t handle;
357	INOUT	DWORD enum_context;
358	IN	DWORD max_length;
359	OUT	REFERENCE struct mslsa_EnumAccountBuf *enum_buf;
360	OUT	DWORD status;
361};
362
363
364struct mslsa_TrustedDomainInfo {
365	mslsa_string_t name;
366	struct mslsa_sid *sid;
367};
368
369
370struct mslsa_EnumTrustedDomainBuf {
371	DWORD entries_read;
372  SIZE_IS(entries_read)
373	struct mslsa_TrustedDomainInfo *info;
374};
375
376
377OPERATION(LSARPC_OPNUM_EnumTrustedDomain)
378struct mslsa_EnumTrustedDomain {
379	IN	mslsa_handle_t handle;
380	INOUT	DWORD enum_context;
381	IN	DWORD max_length;
382	OUT REFERENCE	struct mslsa_EnumTrustedDomainBuf *enum_buf;
383	OUT	DWORD status;
384};
385
386
387/*
388 ***********************************************************************
389 * Definitions common to both LookupSids and LookupNames. Both return
390 * an mslsa_domain_table[]. Each interface also returns a specific
391 * table with entries which index the mslsa_domain_table[].
392 ***********************************************************************
393 */
394struct mslsa_domain_entry {
395	mslsa_string_t domain_name;
396	struct mslsa_sid *domain_sid;
397};
398typedef struct mslsa_domain_entry mslsa_domain_entry_t;
399
400
401struct mslsa_domain_table {
402	DWORD		n_entry;
403  SIZE_IS(n_entry)
404  	mslsa_domain_entry_t *entries;
405	DWORD		max_n_entry;
406};
407
408
409/*
410 ***********************************************************************
411 * Definitions for LookupSids.
412 *
413 * The input parameters are:
414 *
415 *	A valid LSA handle obtained from an LsarOpenPolicy.
416 *	The table of SIDs to be looked up.
417 *	A table of names (probably empty).
418 *	The lookup level (local=1 or PDC=2).
419 *	An enumeration counter (used for continuation operations).
420 *
421 * The output results are:
422 *
423 *	A table of referenced domains.
424 *	A table of usernames.
425 *	The updated value of the enumeration counter.
426 *	The result status.
427 ***********************************************************************
428 */
429
430struct mslsa_lup_sid_entry {
431	struct mslsa_sid *psid;
432};
433
434struct mslsa_lup_sid_table {
435	DWORD		n_entry;
436    SIZE_IS(n_entry)
437	struct mslsa_lup_sid_entry *entries;
438};
439
440struct mslsa_name_entry {
441	WORD		sid_name_use;
442	WORD		unknown_flags;
443	mslsa_string_t	name;
444	DWORD		domain_ix;		/* -1 means none */
445};
446
447struct mslsa_name_table {
448	DWORD		n_entry;
449    SIZE_IS(n_entry)
450	struct mslsa_name_entry *entries;
451};
452
453OPERATION(LSARPC_OPNUM_LookupSids)
454struct mslsa_LookupSids {
455	IN	mslsa_handle_t	handle;
456	IN	struct mslsa_lup_sid_table lup_sid_table;
457
458	OUT	struct mslsa_domain_table *domain_table;
459	INOUT	struct mslsa_name_table name_table;
460
461	IN	DWORD lookup_level;
462	INOUT	DWORD mapped_count;
463 	OUT	DWORD status;
464};
465
466OPERATION(LSARPC_OPNUM_CreateSecret)
467struct mslsa_CreateSecret {
468	IN	mslsa_handle_t handle;
469	IN	mslsa_string_t name;
470	IN	DWORD access_mask;
471	OUT	mslsa_handle_t secret_handle;
472	OUT	DWORD status;
473};
474
475/*
476 ***********************************************************************
477 * Definitions for LookupNames.
478 *
479 * LookupNames requires the following input parameters.
480 *
481 *	A valid LSA handle obtained from an LsarOpenPolicy.
482 *	The table of names to be looked up.
483 *	A table of translated sids (probably empty).
484 *	The lookup level (local=1 or PDC=2).
485 *	An enumeration counter (used for continuation operations).
486 *
487 * The outputs are as follows.
488 *
489 *	A table of referenced domains.
490 *	A table of translated sids (actually rids).
491 *	The updated value of the enumeration counter.
492 *	The result status.
493 ***********************************************************************
494 */
495struct mslsa_lup_name_table {
496	DWORD n_entry;
497  SIZE_IS(n_entry)
498	mslsa_string_t names[ANY_SIZE_ARRAY];
499};
500
501
502struct mslsa_rid_entry {
503	WORD sid_name_use;
504	WORD pad;	 /* alignment - probably not required */
505	DWORD rid;
506	DWORD domain_index;
507};
508
509
510struct mslsa_rid_table {
511	DWORD n_entry;
512  SIZE_IS(n_entry)
513	struct mslsa_rid_entry *rids;
514};
515
516
517OPERATION(LSARPC_OPNUM_LookupNames)
518struct mslsa_LookupNames {
519	IN		mslsa_handle_t handle;
520	IN	REFERENCE	struct mslsa_lup_name_table *name_table;
521
522	OUT		struct mslsa_domain_table *domain_table;
523	INOUT	struct mslsa_rid_table translated_sids;
524
525	IN		DWORD lookup_level;
526	INOUT	DWORD mapped_count;
527	OUT		DWORD status;
528};
529
530
531/*
532 ***********************************************************************
533 * QueryInfoPolicy returns various pieces of policy information. The
534 * desired information is specified using a class value, as defined
535 * below.
536 ***********************************************************************
537 */
538#define MSLSA_POLICY_AUDIT_LOG_INFO		1
539#define MSLSA_POLICY_AUDIT_EVENTS_INFO		2
540#define MSLSA_POLICY_PRIMARY_DOMAIN_INFO	3
541#define MSLSA_POLICY_UNKNOWN_4_INFO		4
542#define MSLSA_POLICY_ACCOUNT_DOMAIN_INFO	5
543#define MSLSA_POLICY_SERVER_ROLE_INFO		6
544#define MSLSA_POLICY_REPLICA_SOURCE_INFO	7
545#define MSLSA_POLICY_DEFAULT_QUOTA_INFO		8
546#define MSLSA_POLICY_DB_INFO			9
547#define MSLSA_POLICY_AUDIT_SET_INFO		10
548#define MSLSA_POLICY_AUDIT_QUERY_INFO		11
549#define MSLSA_POLICY_DNS_INFO			12
550
551#define	LSA_ROLE_STANDALONE_WORKSTATION		0
552#define	LSA_ROLE_MEMBER_WORKSTATION		1
553#define	LSA_ROLE_STANDALONE_SERVER		2
554#define	LSA_ROLE_MEMBER_SERVER			3
555#define	LSA_ROLE_BACKUP_DC			4
556#define	LSA_ROLE_PRIMARY_DC			5
557
558/*
559 * MSLSA_POLICY_AUDIT_EVENTS_INFO
560 */
561struct mslsa_AuditEventsInfo {
562	DWORD enabled;
563    SIZE_IS (count)
564	DWORD *settings;
565	DWORD count;
566};
567
568/*
569 * MSLSA_POLICY_PRIMARY_DOMAIN_INFO
570 */
571struct mslsa_PrimaryDomainInfo {
572	struct mslsa_string_desc name;
573	struct mslsa_sid *sid;
574};
575
576/*
577 * MSLSA_POLICY_ACCOUNT_DOMAIN_INFO
578 */
579struct mslsa_AccountDomainInfo {
580	struct mslsa_string_desc name;
581	struct mslsa_sid *sid;
582};
583
584/*
585 * MSLSA_POLICY_SERVER_ROLE_INFO
586 */
587struct mslsa_ServerRoleInfo {
588	DWORD role;
589	DWORD pad;
590};
591
592union mslsa_PolicyInfoResUnion {
593	CASE(2) struct mslsa_AuditEventsInfo audit_events;
594	CASE(3) struct mslsa_PrimaryDomainInfo pd_info;
595	CASE(5) struct mslsa_AccountDomainInfo ad_info;
596	CASE(6) struct mslsa_ServerRoleInfo server_role;
597	DEFAULT	char *nullptr;
598};
599
600struct mslsa_PolicyInfo {
601	WORD switch_value;
602    SWITCH(switch_value)
603	union mslsa_PolicyInfoResUnion ru;
604};
605
606OPERATION(LSARPC_OPNUM_QueryInfoPolicy)
607struct mslsa_QueryInfoPolicy {
608	IN	mslsa_handle_t handle;
609	IN	WORD info_class;
610	OUT	struct mslsa_PolicyInfo *info;
611	OUT	DWORD status;
612};
613
614/*
615 ***********************************************************************
616 * OpenAccount.
617 *
618 * Returns a handle that can be used to access the account specified
619 * by a SID. This handle can be used to enumerate account privileges.
620 ***********************************************************************
621 */
622OPERATION(LSARPC_OPNUM_OpenAccount)
623struct mslsa_OpenAccount {
624	IN  mslsa_handle_t handle;
625	IN REFERENCE	struct mslsa_sid *sid;
626	IN	DWORD access_mask;
627	OUT mslsa_handle_t account_handle;
628	OUT DWORD status;
629};
630
631
632/*
633 ***********************************************************************
634 * EnumPrivilegesAccount.
635 *
636 * Enumerate the list of privileges held by the specified account. The
637 * handle must be a valid account handle obtained via OpenAccount. The
638 * luid values returned will be probably only be relevant on the domain
639 * controller so we'll need to find a way to convert them to the
640 * actual privilege names.
641 ***********************************************************************
642 */
643struct mslsa_LuidAndAttributes {
644	struct mslsa_luid luid;
645	DWORD attributes;
646};
647
648
649struct mslsa_PrivilegeSet {
650	DWORD privilege_count;
651	DWORD control;
652  SIZE_IS(privilege_count)
653	struct mslsa_LuidAndAttributes privilege[ANY_SIZE_ARRAY];
654};
655
656
657OPERATION(LSARPC_OPNUM_EnumPrivsAccount)
658	struct mslsa_EnumPrivsAccount {
659	IN	mslsa_handle_t account_handle;
660	OUT	struct mslsa_PrivilegeSet *privileges;
661	OUT	DWORD status;
662};
663
664OPERATION(LSARPC_OPNUM_OpenSecret)
665struct mslsa_OpenSecret {
666	IN	mslsa_handle_t handle;
667	IN	mslsa_string_t name;
668	IN	DWORD access_mask;
669	OUT	mslsa_handle_t secret_handle;
670	OUT	DWORD status;
671};
672
673
674/*
675 ***********************************************************************
676 * LookupPrivValue
677 *
678 * Map a privilege name to a local unique id (LUID). Privilege names
679 * are consistent across the network. LUIDs are machine specific.
680 * The privilege list is provided as a set of LUIDs so the privilege
681 * lookup functions must be used to identify which the privilege to
682 * which each LUID refers. The handle here is a policy handle.
683 ***********************************************************************
684 */
685OPERATION(LSARPC_OPNUM_LookupPrivValue)
686struct mslsa_LookupPrivValue {
687	IN	mslsa_handle_t handle;
688	IN	mslsa_string_t name;
689	OUT	struct mslsa_luid luid;
690	OUT	DWORD status;
691};
692
693
694/*
695 ***********************************************************************
696 * LookupPrivName
697 *
698 * Map a privilege value (LUID) to a privilege name. Privilege names
699 * are consistent across the network. LUIDs are machine specific.
700 * The privilege list is provided as a set of LUIDs so the privilege
701 * lookup functions must be used to identify which the privilege to
702 * which each LUID refers. The handle here is a policy handle.
703 ***********************************************************************
704 */
705OPERATION(LSARPC_OPNUM_LookupPrivName)
706struct mslsa_LookupPrivName {
707	IN	mslsa_handle_t handle;
708	IN	struct mslsa_luid luid;
709	OUT	mslsa_string_t *name;
710	OUT	DWORD status;
711};
712
713
714/*
715 ***********************************************************************
716 * LookupPrivDisplayName
717 *
718 * Map a privilege name to a local unique id (LUID). Privilege names
719 * are consistent across the network. LUIDs are machine specific.
720 * The privilege list is provided as a set of LUIDs so the privilege
721 * lookup functions must be used to identify which the privilege to
722 * which each LUID refers. The handle here is a policy handle.
723 ***********************************************************************
724 */
725OPERATION(LSARPC_OPNUM_LookupPrivDisplayName)
726struct mslsa_LookupPrivDisplayName {
727	IN	mslsa_handle_t handle;
728	IN	mslsa_string_t name;
729	IN	WORD client_language;
730	IN	WORD default_language;
731	OUT	mslsa_string_t *display_name;
732	OUT	WORD language_ret;
733	OUT	DWORD status;
734};
735
736
737/*
738 ***********************************************************************
739 * GetConnectedUser
740 *
741 * This is still guesswork. Netmon doesn't know about this
742 * call and I'm not really sure what it is intended to achieve.
743 * Another packet capture application, Ethereal, calls this RPC as
744 * GetConnectedUser.
745 * We will receive our own hostname in the request and it appears
746 * we should respond with an account name and the domain name of connected
747 * user from the client that makes this call.
748 ***********************************************************************
749 */
750
751struct mslsa_DomainName {
752	struct mslsa_string_desc *name;
753};
754
755
756OPERATION(LSARPC_OPNUM_GetConnectedUser)
757struct mslsa_GetConnectedUser {
758	IN	LPTSTR hostname;
759	IN  BYTE *unknown1;
760	IN  BYTE *unknown2;
761	OUT	struct mslsa_string_desc *owner;
762	OUT	struct mslsa_DomainName *domain;
763	OUT	DWORD status;
764};
765
766
767/*
768 ***********************************************************************
769 * LSARPC_OPNUM_LookupSids2
770 *
771 * SID lookup function that appeared in Windows 2000. It appears to be
772 * very similar to the original SID lookup RPC. There are two extra IN
773 * parameters, which we don't care about. The OUT name structure has
774 * an extra field, in which zero seems to be okay.
775 ***********************************************************************
776 */
777struct lsar_name_entry2 {
778	WORD sid_name_use;
779	WORD unknown_flags;	/* maybe alignment */
780	mslsa_string_t name;
781	DWORD domain_ix;	/* -1 means none */
782	DWORD unknown;		/* added */
783};
784
785
786struct lsar_name_table2 {
787	DWORD n_entry;
788  SIZE_IS(n_entry)
789	struct lsar_name_entry2 *entries;
790};
791
792
793OPERATION(LSARPC_OPNUM_LookupSids2)
794struct lsar_lookup_sids2 {
795	IN		mslsa_handle_t policy_handle;
796	IN		struct mslsa_lup_sid_table lup_sid_table;
797	OUT		struct mslsa_domain_table *domain_table;
798	INOUT	struct lsar_name_table2 name_table;
799	IN		DWORD lookup_level;
800	INOUT	DWORD mapped_count;
801	IN		DWORD zero;
802	IN		DWORD requested_count;
803 	OUT		DWORD status;
804};
805
806
807/*
808 ***********************************************************************
809 * LSARPC_OPNUM_LookupNames2
810 *
811 * Name lookup function that appeared in Windows 2000. It appears to be
812 * very similar to the original name lookup RPC. There are two extra IN
813 * parameters, which we don't care about. The lsar_rid_entry2 structure
814 * has an extra field, in which zero seems to be okay.
815 ***********************************************************************
816 */
817struct lsar_rid_entry2 {
818	WORD sid_name_use;
819	WORD pad;		/* alignment - probably not required */
820	DWORD rid;
821	DWORD domain_index;	/* -1 means none */
822	DWORD unknown;		/* new */
823};
824
825
826struct lsar_rid_table2 {
827	DWORD n_entry;
828  SIZE_IS(n_entry)
829	struct lsar_rid_entry2 *rids;
830};
831
832
833OPERATION(LSARPC_OPNUM_LookupNames2)
834struct lsar_LookupNames2 {
835	IN		mslsa_handle_t policy_handle;
836	IN	REFERENCE	struct mslsa_lup_name_table *name_table;
837	OUT		struct mslsa_domain_table *domain_table;
838	INOUT	struct lsar_rid_table2 translated_sids;
839	IN		DWORD lookup_level;
840	INOUT	DWORD mapped_count;
841	IN		DWORD unknown_sbz;
842	IN		DWORD unknown_sb2;
843	OUT		DWORD status;
844};
845
846/*
847 ***********************************************************************
848 * The LSARPC interface definition.
849 ***********************************************************************
850 */
851INTERFACE(0)
852union lsarpc_interface {
853	CASE(LSARPC_OPNUM_CloseHandle)
854		struct mslsa_CloseHandle		CloseHandle;
855	CASE(LSARPC_OPNUM_QuerySecurityObject)
856		struct mslsa_QuerySecurityObject	QuerySecurityObj;
857	CASE(LSARPC_OPNUM_EnumerateAccounts)
858		struct mslsa_EnumerateAccounts		EnumAccounts;
859	CASE(LSARPC_OPNUM_EnumTrustedDomain)
860		struct mslsa_EnumTrustedDomain		EnumTrustedDomain;
861	CASE(LSARPC_OPNUM_OpenAccount)
862		struct mslsa_OpenAccount		OpenAccount;
863	CASE(LSARPC_OPNUM_EnumPrivsAccount)
864		struct mslsa_EnumPrivsAccount		EnumPrivsAccount;
865	CASE(LSARPC_OPNUM_LookupPrivValue)
866		struct mslsa_LookupPrivValue		LookupPrivValue;
867	CASE(LSARPC_OPNUM_LookupPrivName)
868		struct mslsa_LookupPrivName		LookupPrivName;
869	CASE(LSARPC_OPNUM_LookupPrivDisplayName)
870		struct mslsa_LookupPrivDisplayName	LookupPrivDisplayName;
871	CASE(LSARPC_OPNUM_CreateSecret)
872		struct mslsa_CreateSecret		CreateSecret;
873	CASE(LSARPC_OPNUM_OpenSecret)
874		struct mslsa_OpenSecret			OpenSecret;
875	CASE(LSARPC_OPNUM_QueryInfoPolicy)
876		struct mslsa_QueryInfoPolicy		QueryInfoPolicy;
877	CASE(LSARPC_OPNUM_OpenPolicy)
878		struct mslsa_OpenPolicy			OpenPolicy;
879	CASE(LSARPC_OPNUM_OpenPolicy2)
880		struct mslsa_OpenPolicy2		OpenPolicy2;
881	CASE(LSARPC_OPNUM_LookupSids)
882		struct mslsa_LookupSids			LookupSids;
883	CASE(LSARPC_OPNUM_LookupNames)
884		struct mslsa_LookupNames		LookupNames;
885	CASE(LSARPC_OPNUM_GetConnectedUser)
886		struct mslsa_GetConnectedUser		GetConnectedUser;
887	CASE(LSARPC_OPNUM_LookupSids2)
888		struct lsar_lookup_sids2		LookupSids2;
889	CASE(LSARPC_OPNUM_LookupNames2)
890		struct lsar_LookupNames2		LookupNames2;
891};
892typedef union lsarpc_interface	lsarpc_interface_t;
893EXTERNTYPEINFO(lsarpc_interface)
894
895#endif /* _MLSVC_LSA_NDL_ */
896