da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER START
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The contents of this file are subject to the terms of the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Common Development and Distribution License (the "License").
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You may not use this file except in compliance with the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * See the License for the specific language governing permissions
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * and limitations under the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * When distributing Covered Code, include this CDDL HEADER in each
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If applicable, add the following below this CDDL HEADER, with the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * fields enclosed by brackets "[]" replaced with your own identifying
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * information: Portions Copyright [yyyy] [name of copyright owner]
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER END
fd9ee8b58485b20072eeef1310a88ff348d5e7fajoyce mcintosh * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Local Security Authority RPC (LSARPC) interface definition.
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * Names containing a backslash ('\') are known as qualified or composite
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * names. The string preceding the backslash is assumed to be the domain
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * name and the string following the slash is assumed to be name to be
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * resolved within that domain.
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * Names that do not contain a backslash are known as isolated names.
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * An isolated name may be a single label, such as john, or may be in
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * user principal name (UPN) form, such as john@example.com.
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb/* Windows 2000 */
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb/* Windows 2000 SP3 */
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb/* Windows Server 2003 */
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb#define LSARPC_OPNUM_AdtUnregisterSecurityEventSource 0x50
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb/* Windows Vista */
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * Lookup levels. Level 1 appears to mean only look on the local host and
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * level 2 means forward the request to the PDC. On the PDC it probably
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * doesn't matter which level you use but on a BDC a level 1 lookup will
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * fail if the BDC doesn't have the info whereas a level 2 lookup will also
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * check with the PDC.
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier#define LSA_LOOKUP_XFORESTREFERRAL 5 /* Windows XP */
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier#define LSA_LOOKUP_RODCREFERRALTOFULLDC 7 /* Windows Vista */
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * Name/SID lookup flags
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * Name/SID lookup options
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * 0x00000000 Lookup isolated names both locally and in domains/forests.
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * 0x80000000 Lookup isolated names (except for UPNs) only in the local
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * account database. Do not lookup UPNs.
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * Client revision
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * 0x00000001 Client does not understand DNS names or forests.
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * 0x00000002 Client understands DNS names and forests.
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * 0 means the same as 1
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * Anything greater than 2 means the same as 2
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Definition for a SID. The ndl compiler won't allow a typedef of
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * a structure containing variable size members.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * OpenPolicy2 obtains a handle for a remote LSA. This handle is
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * required for all subsequent LSA requests.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The server name should be the name of the target PDC or BDC, with
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * the double backslash prefix.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * As far as I can tell, the mslsa_object_attributes structure can be
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * all zero except for the length, which should be set to sizeof(struct
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * mslsa_object_attributes).
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * For read access, the desired access mask should contain the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * READ_CONTROL standard right and whatever policy rights are required.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * I haven't tried any update operations but if you get the access mask
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * wrong you can crash the domain controller.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * From netmon:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * length = 12
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * impersonation_level = 2
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * context_tracking_mode = 1
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * effective_only = 0
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CloseHandle closes an association with the LSA. The returned handle
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * will be all zero.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * EnumPrivileges
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Obtain a list of privilege names. This interface is not implemented
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * yet The definition below has not been tested. This is a guess based
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * on data available from netmon.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * QuerySecurityObject. I'm not entirely sure how to set this up yet.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * I used the discovery RPC to scope it out. The structures are set up
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * according to netmon and the assumption that a security descriptor
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * on the wire looks like the regular user level security descriptor.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /* struct mslsa_SecurityDescriptor *desc; */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * EnumerateAccounts and EnumerateTrustedDomain.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw OUT REFERENCE struct mslsa_EnumTrustedDomainBuf *enum_buf;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright OUT REFERENCE struct mslsa_EnumTrustedDomainBufEx *enum_buf;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Definitions common to both LookupSids and LookupNames. Both return
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * an mslsa_domain_table[]. Each interface also returns a specific
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * table with entries which index the mslsa_domain_table[].
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Definitions for LookupSids.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The input parameters are:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * A valid LSA handle obtained from an LsarOpenPolicy.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The table of SIDs to be looked up.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * A table of names (probably empty).
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The lookup level (local=1 or PDC=2).
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * An enumeration counter (used for continuation operations).
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The output results are:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * A table of referenced domains.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * A table of usernames.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The updated value of the enumeration counter.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The result status.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Definitions for LookupNames.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * LookupNames requires the following input parameters.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * A valid LSA handle obtained from an LsarOpenPolicy.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The table of names to be looked up.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * A table of translated sids (probably empty).
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The lookup level (local=1 or PDC=2).
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * An enumeration counter (used for continuation operations).
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The outputs are as follows.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * A table of referenced domains.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * A table of translated sids (actually rids).
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The updated value of the enumeration counter.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The result status.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * QueryInfoPolicy returns various pieces of policy information. The
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * desired information is specified using a class value, as defined
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb * MSLSA_POLICY_AUDIT_EVENTS_INFO
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb * MSLSA_POLICY_PRIMARY_DOMAIN_INFO
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb * MSLSA_POLICY_ACCOUNT_DOMAIN_INFO
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb * MSLSA_POLICY_SERVER_ROLE_INFO
8d7e41661dc4633488e93b13363137523ce59977jose borrego * This structure needs to be declared, even though it can't be used in
8d7e41661dc4633488e93b13363137523ce59977jose borrego * mslsa_QueryInfoPolicy, in order to get the appropriate size to calculate
8d7e41661dc4633488e93b13363137523ce59977jose borrego * the correct fixup offsets. If ndrgen did the right thing,
8d7e41661dc4633488e93b13363137523ce59977jose borrego * mslsa_PolicyInfoRes would be one of the out parameters. However, if
8d7e41661dc4633488e93b13363137523ce59977jose borrego * we do it that way, the switch_value isn't known early enough to do
8d7e41661dc4633488e93b13363137523ce59977jose borrego * the fixup calculation. So it all has to go in mslsa_QueryInfoPolicy.
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Can't use this form because we need to include members explicitly.
8d7e41661dc4633488e93b13363137523ce59977jose borrego * OUT struct mslsa_PolicyInfoRes result;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * OpenAccount.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns a handle that can be used to access the account specified
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * by a SID. This handle can be used to enumerate account privileges.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * EnumPrivilegesAccount.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Enumerate the list of privileges held by the specified account. The
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * handle must be a valid account handle obtained via OpenAccount. The
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * luid values returned will be probably only be relevant on the domain
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * controller so we'll need to find a way to convert them to the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * actual privilege names.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw struct mslsa_LuidAndAttributes privilege[ANY_SIZE_ARRAY];
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * LookupPrivValue
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Map a privilege name to a local unique id (LUID). Privilege names
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * are consistent across the network. LUIDs are machine specific.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The privilege list is provided as a set of LUIDs so the privilege
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lookup functions must be used to identify which the privilege to
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * which each LUID refers. The handle here is a policy handle.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * LookupPrivName
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Map a privilege value (LUID) to a privilege name. Privilege names
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * are consistent across the network. LUIDs are machine specific.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The privilege list is provided as a set of LUIDs so the privilege
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lookup functions must be used to identify which the privilege to
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * which each LUID refers. The handle here is a policy handle.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * LookupPrivDisplayName
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Map a privilege name to a local unique id (LUID). Privilege names
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * are consistent across the network. LUIDs are machine specific.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The privilege list is provided as a set of LUIDs so the privilege
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lookup functions must be used to identify which the privilege to
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * which each LUID refers. The handle here is a policy handle.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * GetConnectedUser
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * Return the account name and NetBIOS domain name for the user making
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier * the request. All input fields should be ignored by the server.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * LSARPC_OPNUM_LookupSids2
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * SID lookup function that appeared in Windows 2000. It appears to be
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * very similar to the original SID lookup RPC. There are two extra IN
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * parameters, which we don't care about. The OUT name structure has
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * an extra field, in which zero seems to be okay.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
fe1c642d06e14b412cd83ae2179303186ab08972Bill Kriertypedef struct lsar_name_entry2 lsar_translated_name_ex_t;
fe1c642d06e14b412cd83ae2179303186ab08972Bill Kriertypedef struct lsar_name_table2 lsar_translated_names_ex_t;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * LSARPC_OPNUM_LookupNames2
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Name lookup function that appeared in Windows 2000. It appears to be
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * very similar to the original name lookup RPC. There are two extra IN
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * parameters, which we don't care about. The lsar_rid_entry2 structure
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * has an extra field, in which zero seems to be okay.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
fe1c642d06e14b412cd83ae2179303186ab08972Bill Kriertypedef struct lsar_translated_sid_ex2 lsar_translated_sid_ex2_t;
fe1c642d06e14b412cd83ae2179303186ab08972Bill Kriertypedef struct lsar_sid_ex2_table lsar_sid_ex2_table_t;
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier IN REFERENCE struct mslsa_lup_name_table *name_table;
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier IN REFERENCE struct mslsa_lup_name_table *name_table;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The LSARPC interface definition.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ***********************************************************************
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright struct mslsa_EnumTrustedDomainEx EnumTrustedDomainEx;