summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Potter <tpot@samba.org>2001-09-13 07:15:35 +0000
committerTim Potter <tpot@samba.org>2001-09-13 07:15:35 +0000
commit8b67689feb28b95e80140e104c45dda53e591478 (patch)
tree9b79841e5fe996ce18470d24befa689075d44dcf
parentf04f28a62246dd16b3467f7aba2a492e64b8eed1 (diff)
downloadsamba-8b67689feb28b95e80140e104c45dda53e591478.tar.gz
samba-8b67689feb28b95e80140e104c45dda53e591478.tar.bz2
samba-8b67689feb28b95e80140e104c45dda53e591478.zip
Discovered a whole lot more opcodes on the LSA pipe while writing a rpc
scanner. There's lots of quota, privilege, and trusted domain goodness waiting to be reverse engineered here! Unfortunately the scanner can crash LSASS.EXE on NT4 just by writing packets containing 0xdeadbeef. )-: (This used to be commit f0ef301cff57c9bf07694e0675eec67c61367afb)
-rw-r--r--source3/include/rpc_lsa.h44
1 files changed, 38 insertions, 6 deletions
diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h
index e9df7f406e..7d7fac8e10 100644
--- a/source3/include/rpc_lsa.h
+++ b/source3/include/rpc_lsa.h
@@ -39,20 +39,52 @@ enum SID_NAME_USE
SID_NAME_UNKNOWN = 8 /* oops. */
};
-/* ntlsa pipe */
+/* Opcodes available on this pipe */
+
#define LSA_CLOSE 0x00
-#define LSA_ENUM_PRIVS 0x02
+#define LSA_DELETE 0x01
+#define LSA_ENUMPRIVS 0x02
+#define LSA_QUERYSECOBJ 0x03
+#define LSA_SETSECOBJ 0x04
+#define LSA_CHANGEPASSWORD 0x05
#define LSA_OPENPOLICY 0x06
#define LSA_QUERYINFOPOLICY 0x07
+#define LSA_SETINFOPOLICY 0x08
+#define LSA_CLEARAUDITLOG 0x09
+#define LSA_CREATEACCOUNT 0x0a
#define LSA_ENUM_ACCOUNTS 0x0b
+#define LSA_CREATETRUSTDOM 0x0c
#define LSA_ENUMTRUSTDOM 0x0d
#define LSA_LOOKUPNAMES 0x0e
#define LSA_LOOKUPSIDS 0x0f
-#define LSA_OPENACCOUNT 0x11
-#define LSA_ENUMPRIVSACCOUNT 0x12
-#define LSA_GETSYSTEMACCOUNT 0x17
-#define LSA_OPENSECRET 0x1C
+#define LSA_CREATESECRET 0x10
+#define LSA_OPENACCOUNT 0x11
+#define LSA_ENUMPRIVSACCOUNT 0x12
+#define LSA_ADDPRIVS 0x13
+#define LSA_REMOVEPRIVS 0x14
+#define LSA_GETQUOTAS 0x15
+#define LSA_SETQUOTAS 0x16
+#define LSA_GETSYSTEMACCOUNT 0x17
+#define LSA_SETSYSTEMACCOUNT 0x18
+#define LSA_OPENTRUSTDOM 0x19
+#define LSA_QUERYTRUSTDOM 0x1a
+#define LSA_SETINFOTRUSTDOM 0x1b
+#define LSA_OPENSECRET 0x1c
+#define LSA_SETSECRET 0x1d
+#define LSA_QUERYSECRET 0x1e
+#define LSA_LOOKUPPRIVVALUE 0x1f
+#define LSA_LOOKUPPRIVNAME 0x20
#define LSA_PRIV_GET_DISPNAME 0x21
+#define LSA_DELETEOBJECT 0x22
+#define LSA_ENUMACCTWITHRIGHT 0x23
+#define LSA_ENUMACCTRIGHTS 0x24
+#define LSA_ADDACCTRIGHTS 0x25
+#define LSA_REMOVEACCTRIGHTS 0x26
+#define LSA_QUERYTRUSTDOMINFO 0x27
+#define LSA_SETTRUSTDOMINFO 0x28
+#define LSA_DELETETRUSTDOM 0x29
+#define LSA_STOREPRIVDATA 0x2a
+#define LSA_RETRPRIVDATA 0x2b
#define LSA_OPENPOLICY2 0x2c
#define LSA_UNK_GET_CONNUSER 0x2d /* LsaGetConnectedCredentials ? */