diff options
Diffstat (limited to 'source3/include/rpc_lsa.h')
-rw-r--r-- | source3/include/rpc_lsa.h | 1085 |
1 files changed, 32 insertions, 1053 deletions
diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h index ef6ff6db28..b4021afd0a 100644 --- a/source3/include/rpc_lsa.h +++ b/source3/include/rpc_lsa.h @@ -23,1058 +23,37 @@ #ifndef _RPC_LSA_H /* _RPC_LSA_H */ #define _RPC_LSA_H -/* Opcodes available on PIPE_LSARPC */ - -#define LSA_CLOSE 0x00 -#define LSA_DELETE 0x01 -#define LSA_ENUM_PRIVS 0x02 -#define LSA_QUERYSECOBJ 0x03 -#define LSA_SETSECOBJ 0x04 -#define LSA_CHANGEPASSWORD 0x05 -#define LSA_OPENPOLICY 0x06 -#define LSA_QUERYINFOPOLICY 0x07 -#define LSA_SETINFOPOLICY 0x08 -#define LSA_CLEARAUDITLOG 0x09 -#define LSA_CREATEACCOUNT 0x0a -#define LSA_ENUM_ACCOUNTS 0x0b -#define LSA_CREATETRUSTDOM 0x0c /* TODO: implement this one -- jerry */ -#define LSA_ENUMTRUSTDOM 0x0d -#define LSA_LOOKUPNAMES 0x0e -#define LSA_LOOKUPSIDS 0x0f -#define LSA_CREATESECRET 0x10 /* TODO: implement this one -- jerry */ -#define LSA_OPENACCOUNT 0x11 -#define LSA_ENUMPRIVSACCOUNT 0x12 -#define LSA_ADDPRIVS 0x13 -#define LSA_REMOVEPRIVS 0x14 -#define LSA_GETQUOTAS 0x15 -#define LSA_SETQUOTAS 0x16 -#define LSA_GETSYSTEMACCOUNT 0x17 -#define LSA_SETSYSTEMACCOUNT 0x18 -#define LSA_OPENTRUSTDOM 0x19 -#define LSA_QUERYTRUSTDOMINFO 0x1a -#define LSA_SETINFOTRUSTDOM 0x1b -#define LSA_OPENSECRET 0x1c /* TODO: implement this one -- jerry */ -#define LSA_SETSECRET 0x1d /* TODO: implement this one -- jerry */ -#define LSA_QUERYSECRET 0x1e -#define LSA_LOOKUPPRIVVALUE 0x1f -#define LSA_LOOKUPPRIVNAME 0x20 -#define LSA_PRIV_GET_DISPNAME 0x21 -#define LSA_DELETEOBJECT 0x22 /* TODO: implement this one -- jerry */ -#define LSA_ENUMACCTWITHRIGHT 0x23 /* TODO: implement this one -- jerry */ -#define LSA_ENUMACCTRIGHTS 0x24 -#define LSA_ADDACCTRIGHTS 0x25 -#define LSA_REMOVEACCTRIGHTS 0x26 -#define LSA_QUERYTRUSTDOMINFOBYSID 0x27 -#define LSA_SETTRUSTDOMINFO 0x28 -#define LSA_DELETETRUSTDOM 0x29 -#define LSA_STOREPRIVDATA 0x2a -#define LSA_RETRPRIVDATA 0x2b -#define LSA_OPENPOLICY2 0x2c -#define LSA_UNK_GET_CONNUSER 0x2d /* LsaGetConnectedCredentials ? */ -#define LSA_QUERYINFO2 0x2e -#define LSA_QUERYTRUSTDOMINFOBYNAME 0x30 -#define LSA_QUERYDOMINFOPOL 0x35 -#define LSA_OPENTRUSTDOMBYNAME 0x37 - -#define LSA_LOOKUPSIDS2 0x39 -#define LSA_LOOKUPNAMES2 0x3a -#define LSA_LOOKUPNAMES3 0x44 -#define LSA_LOOKUPSIDS3 0x4c -#define LSA_LOOKUPNAMES4 0x4d - -/* XXXX these are here to get a compile! */ -#define LSA_LOOKUPRIDS 0xFD - -#define LSA_AUDIT_NUM_CATEGORIES_NT4 7 -#define LSA_AUDIT_NUM_CATEGORIES_WIN2K 9 - -#define LSA_AUDIT_NUM_CATEGORIES LSA_AUDIT_NUM_CATEGORIES_NT4 - -#define LSA_AUDIT_POLICY_NONE 0x00 -#define LSA_AUDIT_POLICY_SUCCESS 0x01 -#define LSA_AUDIT_POLICY_FAILURE 0x02 -#define LSA_AUDIT_POLICY_ALL (LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE) -#define LSA_AUDIT_POLICY_CLEAR 0x04 - -enum lsa_audit_categories { - LSA_AUDIT_CATEGORY_SYSTEM = 0, - LSA_AUDIT_CATEGORY_LOGON = 1, - LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS, - LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS, - LSA_AUDIT_CATEGORY_PROCCESS_TRACKING, - LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES, - LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT, - LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS, /* only in win2k/2k3 */ - LSA_AUDIT_CATEGORY_ACCOUNT_LOGON /* only in win2k/2k3 */ -}; - -/* level 1 is auditing settings */ -typedef struct dom_query_1 -{ - uint32 percent_full; - uint32 log_size; - NTTIME retention_time; - uint8 shutdown_in_progress; - NTTIME time_to_shutdown; - uint32 next_audit_record; - uint32 unknown; -} DOM_QUERY_1; - - -/* level 2 is auditing settings */ -typedef struct dom_query_2 -{ - uint32 auditing_enabled; - uint32 count1; /* usualy 7, at least on nt4sp4 */ - uint32 count2; /* the same */ - uint32 ptr; - uint32 *auditsettings; -} DOM_QUERY_2; - -/* DOM_QUERY - info class 3 and 5 LSA Query response */ -typedef struct dom_query_info_3 -{ - uint16 uni_dom_max_len; /* domain name string length * 2 */ - uint16 uni_dom_str_len; /* domain name string length * 2 */ - uint32 buffer_dom_name; /* undocumented domain name string buffer pointer */ - uint32 buffer_dom_sid; /* undocumented domain SID string buffer pointer */ - UNISTR2 uni_domain_name; /* domain name (unicode string) */ - DOM_SID2 dom_sid; /* domain SID */ - -} DOM_QUERY_3; - -/* level 5 is same as level 3. */ -typedef DOM_QUERY_3 DOM_QUERY_5; - -/* level 6 is server role information */ -typedef struct dom_query_6 -{ - uint16 server_role; /* 2=backup, 3=primary */ -} DOM_QUERY_6; - -/* level 10 is audit full set info */ -typedef struct dom_query_10 -{ - uint8 shutdown_on_full; -} DOM_QUERY_10; - -/* level 11 is audit full query info */ -typedef struct dom_query_11 -{ - uint16 unknown; - uint8 shutdown_on_full; - uint8 log_is_full; -} DOM_QUERY_11; - -/* level 12 is DNS domain info */ -typedef struct lsa_dns_dom_info -{ - UNIHDR hdr_nb_dom_name; /* netbios domain name */ - UNIHDR hdr_dns_dom_name; - UNIHDR hdr_forest_name; - - struct GUID dom_guid; /* domain GUID */ - - UNISTR2 uni_nb_dom_name; - UNISTR2 uni_dns_dom_name; - UNISTR2 uni_forest_name; - - uint32 ptr_dom_sid; - DOM_SID2 dom_sid; /* domain SID */ -} DOM_QUERY_12; - -typedef struct seq_qos_info -{ - uint32 len; /* 12 */ - uint16 sec_imp_level; /* 0x02 - impersonation level */ - uint8 sec_ctxt_mode; /* 0x01 - context tracking mode */ - uint8 effective_only; /* 0x00 - effective only */ - -} LSA_SEC_QOS; - -typedef struct obj_attr_info -{ - uint32 len; /* 0x18 - length (in bytes) inc. the length field. */ - uint32 ptr_root_dir; /* 0 - root directory (pointer) */ - uint32 ptr_obj_name; /* 0 - object name (pointer) */ - uint32 attributes; /* 0 - attributes (undocumented) */ - uint32 ptr_sec_desc; /* 0 - security descriptior (pointer) */ - uint32 ptr_sec_qos; /* security quality of service */ - LSA_SEC_QOS *sec_qos; - -} LSA_OBJ_ATTR; - -/* LSA_Q_OPEN_POL - LSA Query Open Policy */ -typedef struct lsa_q_open_pol_info -{ - uint32 ptr; /* undocumented buffer pointer */ - uint16 system_name; /* 0x5c - system name */ - LSA_OBJ_ATTR attr ; /* object attributes */ - - uint32 des_access; /* desired access attributes */ - -} LSA_Q_OPEN_POL; - -/* LSA_R_OPEN_POL - response to LSA Open Policy */ -typedef struct lsa_r_open_pol_info -{ - POLICY_HND pol; /* policy handle */ - NTSTATUS status; /* return code */ - -} LSA_R_OPEN_POL; - -/* LSA_Q_OPEN_POL2 - LSA Query Open Policy */ -typedef struct lsa_q_open_pol2_info -{ - uint32 ptr; /* undocumented buffer pointer */ - UNISTR2 uni_server_name; /* server name, starting with two '\'s */ - LSA_OBJ_ATTR attr ; /* object attributes */ - - uint32 des_access; /* desired access attributes */ - -} LSA_Q_OPEN_POL2; - -/* LSA_R_OPEN_POL2 - response to LSA Open Policy */ -typedef struct lsa_r_open_pol2_info -{ - POLICY_HND pol; /* policy handle */ - NTSTATUS status; /* return code */ - -} LSA_R_OPEN_POL2; - - -#define POLICY_VIEW_LOCAL_INFORMATION 0x00000001 -#define POLICY_VIEW_AUDIT_INFORMATION 0x00000002 -#define POLICY_GET_PRIVATE_INFORMATION 0x00000004 -#define POLICY_TRUST_ADMIN 0x00000008 -#define POLICY_CREATE_ACCOUNT 0x00000010 -#define POLICY_CREATE_SECRET 0x00000020 -#define POLICY_CREATE_PRIVILEGE 0x00000040 -#define POLICY_SET_DEFAULT_QUOTA_LIMITS 0x00000080 -#define POLICY_SET_AUDIT_REQUIREMENTS 0x00000100 -#define POLICY_AUDIT_LOG_ADMIN 0x00000200 -#define POLICY_SERVER_ADMIN 0x00000400 -#define POLICY_LOOKUP_NAMES 0x00000800 - -#define POLICY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS |\ - POLICY_VIEW_LOCAL_INFORMATION |\ - POLICY_VIEW_AUDIT_INFORMATION |\ - POLICY_GET_PRIVATE_INFORMATION |\ - POLICY_TRUST_ADMIN |\ - POLICY_CREATE_ACCOUNT |\ - POLICY_CREATE_SECRET |\ - POLICY_CREATE_PRIVILEGE |\ - POLICY_SET_DEFAULT_QUOTA_LIMITS |\ - POLICY_SET_AUDIT_REQUIREMENTS |\ - POLICY_AUDIT_LOG_ADMIN |\ - POLICY_SERVER_ADMIN |\ - POLICY_LOOKUP_NAMES ) - - -#define POLICY_READ ( STANDARD_RIGHTS_READ_ACCESS |\ - POLICY_VIEW_AUDIT_INFORMATION |\ - POLICY_GET_PRIVATE_INFORMATION) - -#define POLICY_WRITE ( STD_RIGHT_READ_CONTROL_ACCESS |\ - POLICY_TRUST_ADMIN |\ - POLICY_CREATE_ACCOUNT |\ - POLICY_CREATE_SECRET |\ - POLICY_CREATE_PRIVILEGE |\ - POLICY_SET_DEFAULT_QUOTA_LIMITS |\ - POLICY_SET_AUDIT_REQUIREMENTS |\ - POLICY_AUDIT_LOG_ADMIN |\ - POLICY_SERVER_ADMIN) - -#define POLICY_EXECUTE ( STANDARD_RIGHTS_EXECUTE_ACCESS |\ - POLICY_VIEW_LOCAL_INFORMATION |\ - POLICY_LOOKUP_NAMES ) - -/* LSA_Q_QUERY_SEC_OBJ - LSA query security */ -typedef struct lsa_query_sec_obj_info -{ - POLICY_HND pol; /* policy handle */ - uint32 sec_info; - -} LSA_Q_QUERY_SEC_OBJ; - -/* LSA_R_QUERY_SEC_OBJ - probably an open */ -typedef struct r_lsa_query_sec_obj_info -{ - uint32 ptr; - SEC_DESC_BUF *buf; - - NTSTATUS status; /* return status */ - -} LSA_R_QUERY_SEC_OBJ; - -/* LSA_Q_QUERY_INFO - LSA query info policy */ -typedef struct lsa_query_info -{ - POLICY_HND pol; /* policy handle */ - uint16 info_class; /* info class */ - -} LSA_Q_QUERY_INFO; - -/* LSA_INFO_CTR */ -typedef struct lsa_info_ctr -{ - uint16 info_class; - union { - DOM_QUERY_1 id1; - DOM_QUERY_2 id2; - DOM_QUERY_3 id3; - DOM_QUERY_5 id5; - DOM_QUERY_6 id6; - DOM_QUERY_10 id10; - DOM_QUERY_11 id11; - DOM_QUERY_12 id12; - } info; - -} LSA_INFO_CTR; - -typedef LSA_INFO_CTR LSA_INFO_CTR2; - -/* LSA_R_QUERY_INFO - response to LSA query info policy */ -typedef struct lsa_r_query_info -{ - uint32 dom_ptr; /* undocumented buffer pointer */ - LSA_INFO_CTR ctr; - NTSTATUS status; /* return code */ - -} LSA_R_QUERY_INFO; - -typedef LSA_Q_QUERY_INFO LSA_Q_QUERY_INFO2; -typedef LSA_R_QUERY_INFO LSA_R_QUERY_INFO2; - -/*******************************************************/ - -typedef struct { - POLICY_HND pol; - uint32 enum_context; - uint32 preferred_len; /* preferred maximum length */ -} LSA_Q_ENUM_TRUST_DOM; - -typedef struct { - UNISTR4 name; - DOM_SID2 *sid; -} DOMAIN_INFO; - -typedef struct { - uint32 count; - DOMAIN_INFO *domains; -} DOMAIN_LIST; - -typedef struct { - uint32 enum_context; - uint32 count; - DOMAIN_LIST *domlist; - NTSTATUS status; -} LSA_R_ENUM_TRUST_DOM; - -/*******************************************************/ - -/* LSA_Q_CLOSE */ -typedef struct lsa_q_close_info -{ - POLICY_HND pol; /* policy handle */ - -} LSA_Q_CLOSE; - -/* LSA_R_CLOSE */ -typedef struct lsa_r_close_info -{ - POLICY_HND pol; /* policy handle. should be all zeros. */ - - NTSTATUS status; /* return code */ - -} LSA_R_CLOSE; - - -#define MAX_REF_DOMAINS 32 - -/* DOM_TRUST_HDR */ -typedef struct dom_trust_hdr -{ - UNIHDR hdr_dom_name; /* referenced domain unicode string headers */ - uint32 ptr_dom_sid; - -} DOM_TRUST_HDR; - -/* DOM_TRUST_INFO */ -typedef struct dom_trust_info -{ - UNISTR2 uni_dom_name; /* domain name unicode string */ - DOM_SID2 ref_dom ; /* referenced domain SID */ - -} DOM_TRUST_INFO; - -/* DOM_R_REF */ -typedef struct dom_ref_info -{ - uint32 num_ref_doms_1; /* num referenced domains */ - uint32 ptr_ref_dom; /* pointer to referenced domains */ - uint32 max_entries; /* 32 - max number of entries */ - uint32 num_ref_doms_2; /* num referenced domains */ - - DOM_TRUST_HDR hdr_ref_dom[MAX_REF_DOMAINS]; /* referenced domains */ - DOM_TRUST_INFO ref_dom [MAX_REF_DOMAINS]; /* referenced domains */ - -} DOM_R_REF; - -/* the domain_idx points to a SID associated with the name */ - -/* LSA_TRANS_NAME - translated name */ -typedef struct lsa_trans_name_info -{ - uint16 sid_name_use; /* value is 5 for a well-known group; 2 for a domain group; 1 for a user... */ - UNIHDR hdr_name; - uint32 domain_idx; /* index into DOM_R_REF array of SIDs */ - -} LSA_TRANS_NAME; - -/* LSA_TRANS_NAME2 - translated name */ -typedef struct lsa_trans_name_info2 -{ - uint16 sid_name_use; /* value is 5 for a well-known group; 2 for a domain group; 1 for a user... */ - UNIHDR hdr_name; - uint32 domain_idx; /* index into DOM_R_REF array of SIDs */ - uint32 unknown; - -} LSA_TRANS_NAME2; - -/* This number is based on Win2k and later maximum response allowed */ -#define MAX_LOOKUP_SIDS 20480 /* 0x5000 */ - -/* LSA_TRANS_NAME_ENUM - LSA Translated Name Enumeration container */ -typedef struct lsa_trans_name_enum_info -{ - uint32 num_entries; - uint32 ptr_trans_names; - uint32 num_entries2; - - LSA_TRANS_NAME *name; /* translated names */ - UNISTR2 *uni_name; - -} LSA_TRANS_NAME_ENUM; - -/* LSA_TRANS_NAME_ENUM2 - LSA Translated Name Enumeration container 2 */ -typedef struct lsa_trans_name_enum_info2 -{ - uint32 num_entries; - uint32 ptr_trans_names; - uint32 num_entries2; - - LSA_TRANS_NAME2 *name; /* translated names */ - UNISTR2 *uni_name; - -} LSA_TRANS_NAME_ENUM2; - -/* LSA_SID_ENUM - LSA SID enumeration container */ -typedef struct lsa_sid_enum_info -{ - uint32 num_entries; - uint32 ptr_sid_enum; - uint32 num_entries2; - - uint32 *ptr_sid; /* domain SID pointers to be looked up. */ - DOM_SID2 *sid; /* domain SIDs to be looked up. */ - -} LSA_SID_ENUM; - -/* LSA_Q_LOOKUP_SIDS - LSA Lookup SIDs */ -typedef struct lsa_q_lookup_sids -{ - POLICY_HND pol; /* policy handle */ - LSA_SID_ENUM sids; - LSA_TRANS_NAME_ENUM names; - uint16 level; - uint32 mapped_count; - -} LSA_Q_LOOKUP_SIDS; - -/* LSA_R_LOOKUP_SIDS - response to LSA Lookup SIDs */ -typedef struct lsa_r_lookup_sids -{ - uint32 ptr_dom_ref; - DOM_R_REF *dom_ref; /* domain reference info */ - - LSA_TRANS_NAME_ENUM names; - uint32 mapped_count; - - NTSTATUS status; /* return code */ - -} LSA_R_LOOKUP_SIDS; - -/* LSA_Q_LOOKUP_SIDS2 - LSA Lookup SIDs 2*/ -typedef struct lsa_q_lookup_sids2 -{ - POLICY_HND pol; /* policy handle */ - LSA_SID_ENUM sids; - LSA_TRANS_NAME_ENUM2 names; - uint16 level; - uint32 mapped_count; - uint32 unknown1; - uint32 unknown2; - -} LSA_Q_LOOKUP_SIDS2; - -/* LSA_R_LOOKUP_SIDS2 - response to LSA Lookup SIDs 2*/ -typedef struct lsa_r_lookup_sids2 -{ - uint32 ptr_dom_ref; - DOM_R_REF *dom_ref; /* domain reference info */ - - LSA_TRANS_NAME_ENUM2 names; - uint32 mapped_count; - - NTSTATUS status; /* return code */ - -} LSA_R_LOOKUP_SIDS2; - -/* LSA_Q_LOOKUP_SIDS3 - LSA Lookup SIDs 3 */ -typedef struct lsa_q_lookup_sids3 -{ - LSA_SID_ENUM sids; - LSA_TRANS_NAME_ENUM2 names; - uint16 level; - uint32 mapped_count; - uint32 unknown1; - uint32 unknown2; - -} LSA_Q_LOOKUP_SIDS3; - -/* LSA_R_LOOKUP_SIDS3 - response to LSA Lookup SIDs 3 */ -typedef struct lsa_r_lookup_sids3 -{ - uint32 ptr_dom_ref; - DOM_R_REF *dom_ref; /* domain reference info */ - - LSA_TRANS_NAME_ENUM2 names; - uint32 mapped_count; - - NTSTATUS status; /* return code */ - -} LSA_R_LOOKUP_SIDS3; - -/* LSA_Q_LOOKUP_NAMES - LSA Lookup NAMEs */ -typedef struct lsa_q_lookup_names -{ - POLICY_HND pol; /* policy handle */ - uint32 num_entries; - uint32 num_entries2; - UNIHDR *hdr_name; /* name buffer pointers */ - UNISTR2 *uni_name; /* names to be looked up */ - - uint32 num_trans_entries; - uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */ - uint16 lookup_level; - uint32 mapped_count; - -} LSA_Q_LOOKUP_NAMES; - -/* LSA_R_LOOKUP_NAMES - response to LSA Lookup NAMEs by name */ -typedef struct lsa_r_lookup_names -{ - uint32 ptr_dom_ref; - DOM_R_REF *dom_ref; /* domain reference info */ - - uint32 num_entries; - uint32 ptr_entries; - uint32 num_entries2; - DOM_RID *dom_rid; /* domain RIDs being looked up */ - - uint32 mapped_count; - - NTSTATUS status; /* return code */ -} LSA_R_LOOKUP_NAMES; - -/* LSA_Q_LOOKUP_NAMES2 - LSA Lookup NAMEs 2*/ -typedef struct lsa_q_lookup_names2 -{ - POLICY_HND pol; /* policy handle */ - uint32 num_entries; - uint32 num_entries2; - UNIHDR *hdr_name; /* name buffer pointers */ - UNISTR2 *uni_name; /* names to be looked up */ - - uint32 num_trans_entries; - uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */ - uint16 lookup_level; - uint32 mapped_count; - uint32 unknown1; - uint32 unknown2; - -} LSA_Q_LOOKUP_NAMES2; - -/* LSA_R_LOOKUP_NAMES2 - response to LSA Lookup NAMEs by name 2 */ -typedef struct lsa_r_lookup_names2 -{ - uint32 ptr_dom_ref; - DOM_R_REF *dom_ref; /* domain reference info */ - - uint32 num_entries; - uint32 ptr_entries; - uint32 num_entries2; - DOM_RID2 *dom_rid; /* domain RIDs being looked up */ - - uint32 mapped_count; - - NTSTATUS status; /* return code */ -} LSA_R_LOOKUP_NAMES2; - -/* LSA_Q_LOOKUP_NAMES3 - LSA Lookup NAMEs 3 */ -typedef struct lsa_q_lookup_names3 -{ - POLICY_HND pol; /* policy handle */ - uint32 num_entries; - uint32 num_entries2; - UNIHDR *hdr_name; /* name buffer pointers */ - UNISTR2 *uni_name; /* names to be looked up */ - - uint32 num_trans_entries; - uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */ - uint16 lookup_level; - uint32 mapped_count; - uint32 unknown1; - uint32 unknown2; - -} LSA_Q_LOOKUP_NAMES3; - -/* Sid type used in lookupnames3 and lookupnames4. */ -typedef struct lsa_translatedsid3 { - uint8 sid_type; - DOM_SID2 *sid2; - uint32 sid_idx; - uint32 unknown; -} LSA_TRANSLATED_SID3; - -/* LSA_R_LOOKUP_NAMES3 - response to LSA Lookup NAMEs by name 3 */ -typedef struct lsa_r_lookup_names3 -{ - uint32 ptr_dom_ref; - DOM_R_REF *dom_ref; /* domain reference info */ - - uint32 num_entries; - uint32 ptr_entries; - uint32 num_entries2; - LSA_TRANSLATED_SID3 *trans_sids; - - uint32 mapped_count; - - NTSTATUS status; /* return code */ -} LSA_R_LOOKUP_NAMES3; - -/* LSA_Q_LOOKUP_NAMES4 - LSA Lookup NAMEs 4 */ -typedef struct lsa_q_lookup_names4 -{ - uint32 num_entries; - uint32 num_entries2; - UNIHDR *hdr_name; /* name buffer pointers */ - UNISTR2 *uni_name; /* names to be looked up */ - - uint32 num_trans_entries; - uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */ - uint16 lookup_level; - uint32 mapped_count; - uint32 unknown1; - uint32 unknown2; - -} LSA_Q_LOOKUP_NAMES4; - -/* LSA_R_LOOKUP_NAMES3 - response to LSA Lookup NAMEs by name 4 */ -typedef struct lsa_r_lookup_names4 -{ - uint32 ptr_dom_ref; - DOM_R_REF *dom_ref; /* domain reference info */ - - uint32 num_entries; - uint32 ptr_entries; - uint32 num_entries2; - LSA_TRANSLATED_SID3 *trans_sids; - - uint32 mapped_count; - - NTSTATUS status; /* return code */ -} LSA_R_LOOKUP_NAMES4; - -typedef struct lsa_enum_priv_entry -{ - UNIHDR hdr_name; - uint32 luid_low; - uint32 luid_high; - UNISTR2 name; - -} LSA_PRIV_ENTRY; - -/* LSA_Q_ENUM_PRIVS - LSA enum privileges */ -typedef struct lsa_q_enum_privs -{ - POLICY_HND pol; /* policy handle */ - uint32 enum_context; - uint32 pref_max_length; -} LSA_Q_ENUM_PRIVS; - -typedef struct lsa_r_enum_privs -{ - uint32 enum_context; - uint32 count; - uint32 ptr; - uint32 count1; - - LSA_PRIV_ENTRY *privs; - - NTSTATUS status; -} LSA_R_ENUM_PRIVS; - -/* LSA_Q_ENUM_ACCT_RIGHTS - LSA enum account rights */ -typedef struct -{ - POLICY_HND pol; /* policy handle */ - DOM_SID2 sid; -} LSA_Q_ENUM_ACCT_RIGHTS; - -/* LSA_R_ENUM_ACCT_RIGHTS - LSA enum account rights */ -typedef struct -{ - uint32 count; - UNISTR4_ARRAY *rights; - NTSTATUS status; -} LSA_R_ENUM_ACCT_RIGHTS; - - -/* LSA_Q_ADD_ACCT_RIGHTS - LSA add account rights */ -typedef struct -{ - POLICY_HND pol; /* policy handle */ - DOM_SID2 sid; - uint32 count; - UNISTR4_ARRAY *rights; -} LSA_Q_ADD_ACCT_RIGHTS; - -/* LSA_R_ADD_ACCT_RIGHTS - LSA add account rights */ -typedef struct -{ - NTSTATUS status; -} LSA_R_ADD_ACCT_RIGHTS; - - -/* LSA_Q_REMOVE_ACCT_RIGHTS - LSA remove account rights */ -typedef struct -{ - POLICY_HND pol; /* policy handle */ - DOM_SID2 sid; - uint32 removeall; - uint32 count; - UNISTR4_ARRAY *rights; -} LSA_Q_REMOVE_ACCT_RIGHTS; - -/* LSA_R_REMOVE_ACCT_RIGHTS - LSA remove account rights */ -typedef struct -{ - NTSTATUS status; -} LSA_R_REMOVE_ACCT_RIGHTS; - - -/* LSA_Q_PRIV_GET_DISPNAME - LSA get privilege display name */ -typedef struct lsa_q_priv_get_dispname -{ - POLICY_HND pol; /* policy handle */ - UNIHDR hdr_name; - UNISTR2 name; - uint16 lang_id; - uint16 lang_id_sys; -} LSA_Q_PRIV_GET_DISPNAME; - -typedef struct lsa_r_priv_get_dispname -{ - uint32 ptr_info; - UNIHDR hdr_desc; - UNISTR2 desc; - /* Don't align ! */ - uint16 lang_id; - /* align */ - NTSTATUS status; -} LSA_R_PRIV_GET_DISPNAME; - -/* LSA_Q_ENUM_ACCOUNTS */ -typedef struct lsa_q_enum_accounts -{ - POLICY_HND pol; /* policy handle */ - uint32 enum_context; - uint32 pref_max_length; -} LSA_Q_ENUM_ACCOUNTS; - -/* LSA_R_ENUM_ACCOUNTS */ -typedef struct lsa_r_enum_accounts -{ - uint32 enum_context; - LSA_SID_ENUM sids; - NTSTATUS status; -} LSA_R_ENUM_ACCOUNTS; - -/* LSA_Q_UNK_GET_CONNUSER - gets username\domain of connected user - called when "Take Ownership" is clicked -SK */ -typedef struct lsa_q_unk_get_connuser -{ - uint32 ptr_srvname; - UNISTR2 uni2_srvname; - uint32 unk1; /* 3 unknown uint32's are seen right after uni2_srvname */ - uint32 unk2; /* unk2 appears to be a ptr, unk1 = unk3 = 0 usually */ - uint32 unk3; -} LSA_Q_UNK_GET_CONNUSER; - -/* LSA_R_UNK_GET_CONNUSER */ -typedef struct lsa_r_unk_get_connuser -{ - uint32 ptr_user_name; - UNIHDR hdr_user_name; - UNISTR2 uni2_user_name; - - uint32 unk1; - - uint32 ptr_dom_name; - UNIHDR hdr_dom_name; - UNISTR2 uni2_dom_name; - - NTSTATUS status; -} LSA_R_UNK_GET_CONNUSER; - - -typedef struct lsa_q_createaccount -{ - POLICY_HND pol; /* policy handle */ - DOM_SID2 sid; - uint32 access; /* access */ -} LSA_Q_CREATEACCOUNT; - -typedef struct lsa_r_createaccount -{ - POLICY_HND pol; /* policy handle */ - NTSTATUS status; -} LSA_R_CREATEACCOUNT; - - -typedef struct lsa_q_openaccount -{ - POLICY_HND pol; /* policy handle */ - DOM_SID2 sid; - uint32 access; /* desired access */ -} LSA_Q_OPENACCOUNT; - -typedef struct lsa_r_openaccount -{ - POLICY_HND pol; /* policy handle */ - NTSTATUS status; -} LSA_R_OPENACCOUNT; - -typedef struct lsa_q_enumprivsaccount -{ - POLICY_HND pol; /* policy handle */ -} LSA_Q_ENUMPRIVSACCOUNT; - -typedef struct lsa_r_enumprivsaccount -{ - uint32 ptr; - uint32 count; - PRIVILEGE_SET set; - NTSTATUS status; -} LSA_R_ENUMPRIVSACCOUNT; - -typedef struct lsa_q_getsystemaccount -{ - POLICY_HND pol; /* policy handle */ -} LSA_Q_GETSYSTEMACCOUNT; - -typedef struct lsa_r_getsystemaccount -{ - uint32 access; - NTSTATUS status; -} LSA_R_GETSYSTEMACCOUNT; - - -typedef struct lsa_q_setsystemaccount -{ - POLICY_HND pol; /* policy handle */ - uint32 access; -} LSA_Q_SETSYSTEMACCOUNT; - -typedef struct lsa_r_setsystemaccount -{ - NTSTATUS status; -} LSA_R_SETSYSTEMACCOUNT; - -typedef struct { - UNIHDR hdr; - UNISTR2 unistring; -} LSA_STRING; - -typedef struct { - POLICY_HND pol; /* policy handle */ - LSA_STRING privname; -} LSA_Q_LOOKUP_PRIV_VALUE; - -typedef struct { - LUID luid; - NTSTATUS status; -} LSA_R_LOOKUP_PRIV_VALUE; - -typedef struct lsa_q_addprivs -{ - POLICY_HND pol; /* policy handle */ - uint32 count; - PRIVILEGE_SET set; -} LSA_Q_ADDPRIVS; - -typedef struct lsa_r_addprivs -{ - NTSTATUS status; -} LSA_R_ADDPRIVS; - - -typedef struct lsa_q_removeprivs -{ - POLICY_HND pol; /* policy handle */ - uint32 allrights; - uint32 ptr; - uint32 count; - PRIVILEGE_SET set; -} LSA_Q_REMOVEPRIVS; - -typedef struct lsa_r_removeprivs -{ - NTSTATUS status; -} LSA_R_REMOVEPRIVS; - -/*******************************************************/ -#if 0 /* jerry, I think this not correct - gd */ -typedef struct { - POLICY_HND handle; - uint32 count; /* ??? this is what ethereal calls it */ - DOM_SID sid; -} LSA_Q_OPEN_TRUSTED_DOMAIN; -#endif - -/* LSA_Q_OPEN_TRUSTED_DOMAIN - LSA Query Open Trusted Domain */ -typedef struct lsa_q_open_trusted_domain -{ - POLICY_HND pol; /* policy handle */ - DOM_SID2 sid; /* domain sid */ - uint32 access_mask; /* access mask */ - -} LSA_Q_OPEN_TRUSTED_DOMAIN; - -/* LSA_R_OPEN_TRUSTED_DOMAIN - response to LSA Query Open Trusted Domain */ -typedef struct { - POLICY_HND handle; /* trustdom policy handle */ - NTSTATUS status; /* return code */ -} LSA_R_OPEN_TRUSTED_DOMAIN; - - -/*******************************************************/ - -typedef struct { - POLICY_HND handle; - UNISTR4 secretname; - uint32 access; -} LSA_Q_OPEN_SECRET; - -typedef struct { - POLICY_HND handle; - NTSTATUS status; -} LSA_R_OPEN_SECRET; - - -/*******************************************************/ - -typedef struct { - POLICY_HND handle; -} LSA_Q_DELETE_OBJECT; - -typedef struct { - NTSTATUS status; -} LSA_R_DELETE_OBJECT; - - -/*******************************************************/ - -typedef struct { - POLICY_HND handle; - UNISTR4 secretname; - uint32 access; -} LSA_Q_CREATE_SECRET; - -typedef struct { - POLICY_HND handle; - NTSTATUS status; -} LSA_R_CREATE_SECRET; - - -/*******************************************************/ - -typedef struct { - POLICY_HND handle; - UNISTR4 secretname; - uint32 access; -} LSA_Q_CREATE_TRUSTED_DOMAIN; - -typedef struct { - POLICY_HND handle; - NTSTATUS status; -} LSA_R_CREATE_TRUSTED_DOMAIN; - - -/*******************************************************/ - -typedef struct { - uint32 size; /* size is written on the wire twice so I - can only assume that one is supposed to - be a max length and one is a size */ - UNISTR2 *data; /* not really a UNICODE string but the parsing - is the same */ -} LSA_DATA_BLOB; - -typedef struct { - POLICY_HND handle; - LSA_DATA_BLOB *old_value; - LSA_DATA_BLOB *new_value; -} LSA_Q_SET_SECRET; - -typedef struct { - NTSTATUS status; -} LSA_R_SET_SECRET; - -typedef struct dom_info_kerberos { - uint32 enforce_restrictions; - NTTIME service_tkt_lifetime; - NTTIME user_tkt_lifetime; - NTTIME user_tkt_renewaltime; - NTTIME clock_skew; - NTTIME unknown6; -} LSA_DOM_INFO_POLICY_KERBEROS; - -typedef struct dom_info_efs { - uint32 blob_len; - UNISTR2 efs_blob; -} LSA_DOM_INFO_POLICY_EFS; - -typedef struct lsa_dom_info_union { - uint16 info_class; - LSA_DOM_INFO_POLICY_EFS efs_policy; - LSA_DOM_INFO_POLICY_KERBEROS krb_policy; -} LSA_DOM_INFO_UNION; - -/* LSA_Q_QUERY_DOM_INFO_POLICY - LSA query info */ -typedef struct lsa_q_query_dom_info_policy -{ - POLICY_HND pol; /* policy handle */ - uint16 info_class; /* info class */ -} LSA_Q_QUERY_DOM_INFO_POLICY; - -typedef struct lsa_r_query_dom_info_policy -{ - LSA_DOM_INFO_UNION *info; - NTSTATUS status; -} LSA_R_QUERY_DOM_INFO_POLICY; - +#define LSA_POLICY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS |\ + LSA_POLICY_VIEW_LOCAL_INFORMATION |\ + LSA_POLICY_VIEW_AUDIT_INFORMATION |\ + LSA_POLICY_GET_PRIVATE_INFORMATION |\ + LSA_POLICY_TRUST_ADMIN |\ + LSA_POLICY_CREATE_ACCOUNT |\ + LSA_POLICY_CREATE_SECRET |\ + LSA_POLICY_CREATE_PRIVILEGE |\ + LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS |\ + LSA_POLICY_SET_AUDIT_REQUIREMENTS |\ + LSA_POLICY_AUDIT_LOG_ADMIN |\ + LSA_POLICY_SERVER_ADMIN |\ + LSA_POLICY_LOOKUP_NAMES ) + + +#define LSA_POLICY_READ ( STANDARD_RIGHTS_READ_ACCESS |\ + LSA_POLICY_VIEW_AUDIT_INFORMATION |\ + LSA_POLICY_GET_PRIVATE_INFORMATION) + +#define LSA_POLICY_WRITE ( STD_RIGHT_READ_CONTROL_ACCESS |\ + LSA_POLICY_TRUST_ADMIN |\ + LSA_POLICY_CREATE_ACCOUNT |\ + LSA_POLICY_CREATE_SECRET |\ + LSA_POLICY_CREATE_PRIVILEGE |\ + LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS |\ + LSA_POLICY_SET_AUDIT_REQUIREMENTS |\ + LSA_POLICY_AUDIT_LOG_ADMIN |\ + LSA_POLICY_SERVER_ADMIN) + +#define LSA_POLICY_EXECUTE ( STANDARD_RIGHTS_EXECUTE_ACCESS |\ + LSA_POLICY_VIEW_LOCAL_INFORMATION |\ + LSA_POLICY_LOOKUP_NAMES ) #endif /* _RPC_LSA_H */ |