Coverage for /root/GitHubProjects/impacket/impacket/dcerpc/v5/nrpc.py : 83%

Hot-keys on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
2#
3# This software is provided under under a slightly modified version
4# of the Apache Software License. See the accompanying LICENSE file
5# for more information.
6#
7# Author: Alberto Solino (@agsolino)
8#
9# Description:
10# [MS-NRPC] Interface implementation
11#
12# Best way to learn how to use these calls is to grab the protocol standard
13# so you understand what the call does, and then read the test case located
14# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
15#
16# Some calls have helper functions, which makes it even easier to use.
17# They are located at the end of this file.
18# Helper functions start with "h"<name of the call>.
19# There are test cases for them too.
20#
21from struct import pack
22from six import b
23from impacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRENUM, NDRUNION, NDRPOINTER, NDRUniConformantArray, \
24 NDRUniFixedArray, NDRUniConformantVaryingArray
25from impacket.dcerpc.v5.dtypes import WSTR, LPWSTR, DWORD, ULONG, USHORT, PGUID, NTSTATUS, NULL, LONG, UCHAR, PRPC_SID, \
26 GUID, RPC_UNICODE_STRING, SECURITY_INFORMATION, LPULONG
27from impacket import system_errors, nt_errors
28from impacket.uuid import uuidtup_to_bin
29from impacket.dcerpc.v5.enum import Enum
30from impacket.dcerpc.v5.samr import OLD_LARGE_INTEGER
31from impacket.dcerpc.v5.lsad import PLSA_FOREST_TRUST_INFORMATION
32from impacket.dcerpc.v5.rpcrt import DCERPCException
33from impacket.structure import Structure
34from impacket import ntlm, crypto, LOG
35import hmac
36import hashlib
37try:
38 from Cryptodome.Cipher import DES, AES, ARC4
39except ImportError:
40 LOG.critical("Warning: You don't have any crypto installed. You need pycryptodomex")
41 LOG.critical("See https://pypi.org/project/pycryptodomex/")
43MSRPC_UUID_NRPC = uuidtup_to_bin(('12345678-1234-ABCD-EF00-01234567CFFB', '1.0'))
45class DCERPCSessionError(DCERPCException):
46 def __init__(self, error_string=None, error_code=None, packet=None):
47 DCERPCException.__init__(self, error_string, error_code, packet)
49 def __str__( self ):
50 key = self.error_code
51 if key in system_errors.ERROR_MESSAGES:
52 error_msg_short = system_errors.ERROR_MESSAGES[key][0]
53 error_msg_verbose = system_errors.ERROR_MESSAGES[key][1]
54 return 'NRPC SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
55 elif key in nt_errors.ERROR_MESSAGES:
56 error_msg_short = nt_errors.ERROR_MESSAGES[key][0]
57 error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1]
58 return 'NRPC SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
59 else:
60 return 'NRPC SessionError: unknown error code: 0x%x' % (self.error_code)
62################################################################################
63# CONSTANTS
64################################################################################
65# 2.2.1.2.5 NL_DNS_NAME_INFO
66# Type
67NlDnsLdapAtSite = 22
68NlDnsGcAtSite = 25
69NlDnsDsaCname = 28
70NlDnsKdcAtSite = 30
71NlDnsDcAtSite = 32
72NlDnsRfc1510KdcAtSite = 34
73NlDnsGenericGcAtSite = 36
75# DnsDomainInfoType
76NlDnsDomainName = 1
77NlDnsDomainNameAlias = 2
78NlDnsForestName = 3
79NlDnsForestNameAlias = 4
80NlDnsNdncDomainName = 5
81NlDnsRecordName = 6
83# 2.2.1.3.15 NL_OSVERSIONINFO_V1
84# wSuiteMask
85VER_SUITE_BACKOFFICE = 0x00000004
86VER_SUITE_BLADE = 0x00000400
87VER_SUITE_COMPUTE_SERVER = 0x00004000
88VER_SUITE_DATACENTER = 0x00000080
89VER_SUITE_ENTERPRISE = 0x00000002
90VER_SUITE_EMBEDDEDNT = 0x00000040
91VER_SUITE_PERSONAL = 0x00000200
92VER_SUITE_SINGLEUSERTS = 0x00000100
93VER_SUITE_SMALLBUSINESS = 0x00000001
94VER_SUITE_SMALLBUSINESS_RESTRICTED = 0x00000020
95VER_SUITE_STORAGE_SERVER = 0x00002000
96VER_SUITE_TERMINAL = 0x00000010
98# wProductType
99VER_NT_DOMAIN_CONTROLLER = 0x00000002
100VER_NT_SERVER = 0x00000003
101VER_NT_WORKSTATION = 0x00000001
103# 2.2.1.4.18 NETLOGON Specific Access Masks
104NETLOGON_UAS_LOGON_ACCESS = 0x0001
105NETLOGON_UAS_LOGOFF_ACCESS = 0x0002
106NETLOGON_CONTROL_ACCESS = 0x0004
107NETLOGON_QUERY_ACCESS = 0x0008
108NETLOGON_SERVICE_ACCESS = 0x0010
109NETLOGON_FTINFO_ACCESS = 0x0020
110NETLOGON_WKSTA_RPC_ACCESS = 0x0040
112# 3.5.4.9.1 NetrLogonControl2Ex (Opnum 18)
113# FunctionCode
114NETLOGON_CONTROL_QUERY = 0x00000001
115NETLOGON_CONTROL_REPLICATE = 0x00000002
116NETLOGON_CONTROL_SYNCHRONIZE = 0x00000003
117NETLOGON_CONTROL_PDC_REPLICATE = 0x00000004
118NETLOGON_CONTROL_REDISCOVER = 0x00000005
119NETLOGON_CONTROL_TC_QUERY = 0x00000006
120NETLOGON_CONTROL_TRANSPORT_NOTIFY = 0x00000007
121NETLOGON_CONTROL_FIND_USER = 0x00000008
122NETLOGON_CONTROL_CHANGE_PASSWORD = 0x00000009
123NETLOGON_CONTROL_TC_VERIFY = 0x0000000A
124NETLOGON_CONTROL_FORCE_DNS_REG = 0x0000000B
125NETLOGON_CONTROL_QUERY_DNS_REG = 0x0000000C
126NETLOGON_CONTROL_BACKUP_CHANGE_LOG = 0x0000FFFC
127NETLOGON_CONTROL_TRUNCATE_LOG = 0x0000FFFD
128NETLOGON_CONTROL_SET_DBFLAG = 0x0000FFFE
129NETLOGON_CONTROL_BREAKPOINT = 0x0000FFFF
131################################################################################
132# STRUCTURES
133################################################################################
134# 3.5.4.1 RPC Binding Handles for Netlogon Methods
135LOGONSRV_HANDLE = WSTR
136PLOGONSRV_HANDLE = LPWSTR
138# 2.2.1.1.1 CYPHER_BLOCK
139class CYPHER_BLOCK(NDRSTRUCT):
140 structure = (
141 ('Data', '8s=b""'),
142 )
143 def getAlignment(self):
144 return 1
146NET_API_STATUS = DWORD
148# 2.2.1.1.2 STRING
149from impacket.dcerpc.v5.lsad import STRING
151# 2.2.1.1.3 LM_OWF_PASSWORD
152class CYPHER_BLOCK_ARRAY(NDRUniFixedArray):
153 def getDataLen(self, data, offset=0):
154 return len(CYPHER_BLOCK())*2
156class LM_OWF_PASSWORD(NDRSTRUCT):
157 structure = (
158 ('Data', CYPHER_BLOCK_ARRAY),
159 )
161# 2.2.1.1.4 NT_OWF_PASSWORD
162NT_OWF_PASSWORD = LM_OWF_PASSWORD
163ENCRYPTED_NT_OWF_PASSWORD = NT_OWF_PASSWORD
165# 2.2.1.3.4 NETLOGON_CREDENTIAL
166class UCHAR_FIXED_ARRAY(NDRUniFixedArray):
167 align = 1
168 def getDataLen(self, data, offset=0):
169 return len(CYPHER_BLOCK())
171class NETLOGON_CREDENTIAL(NDRSTRUCT):
172 structure = (
173 ('Data',UCHAR_FIXED_ARRAY),
174 )
175 def getAlignment(self):
176 return 1
178# 2.2.1.1.5 NETLOGON_AUTHENTICATOR
179class NETLOGON_AUTHENTICATOR(NDRSTRUCT):
180 structure = (
181 ('Credential', NETLOGON_CREDENTIAL),
182 ('Timestamp', DWORD),
183 )
185class PNETLOGON_AUTHENTICATOR(NDRPOINTER):
186 referent = (
187 ('Data', NETLOGON_AUTHENTICATOR),
188 )
190# 2.2.1.2.1 DOMAIN_CONTROLLER_INFOW
191class DOMAIN_CONTROLLER_INFOW(NDRSTRUCT):
192 structure = (
193 ('DomainControllerName', LPWSTR),
194 ('DomainControllerAddress', LPWSTR),
195 ('DomainControllerAddressType', ULONG),
196 ('DomainGuid', GUID),
197 ('DomainName', LPWSTR),
198 ('DnsForestName', LPWSTR),
199 ('Flags', ULONG),
200 ('DcSiteName', LPWSTR),
201 ('ClientSiteName', LPWSTR),
202 )
204class PDOMAIN_CONTROLLER_INFOW(NDRPOINTER):
205 referent = (
206 ('Data', DOMAIN_CONTROLLER_INFOW),
207 )
209# 2.2.1.2.2 NL_SITE_NAME_ARRAY
210class RPC_UNICODE_STRING_ARRAY(NDRUniConformantArray):
211 item = RPC_UNICODE_STRING
213class PRPC_UNICODE_STRING_ARRAY(NDRPOINTER):
214 referent = (
215 ('Data', RPC_UNICODE_STRING_ARRAY),
216 )
218class NL_SITE_NAME_ARRAY(NDRSTRUCT):
219 structure = (
220 ('EntryCount', ULONG),
221 ('SiteNames', PRPC_UNICODE_STRING_ARRAY),
222 )
224class PNL_SITE_NAME_ARRAY(NDRPOINTER):
225 referent = (
226 ('Data', NL_SITE_NAME_ARRAY),
227 )
229# 2.2.1.2.3 NL_SITE_NAME_EX_ARRAY
230class RPC_UNICODE_STRING_ARRAY(NDRUniConformantArray):
231 item = RPC_UNICODE_STRING
233class NL_SITE_NAME_EX_ARRAY(NDRSTRUCT):
234 structure = (
235 ('EntryCount', ULONG),
236 ('SiteNames', PRPC_UNICODE_STRING_ARRAY),
237 ('SubnetNames', PRPC_UNICODE_STRING_ARRAY),
238 )
240class PNL_SITE_NAME_EX_ARRAY(NDRPOINTER):
241 referent = (
242 ('Data', NL_SITE_NAME_EX_ARRAY),
243 )
245# 2.2.1.2.4 NL_SOCKET_ADDRESS
246# 2.2.1.2.4.1 IPv4 Address Structure
247class IPv4Address(Structure):
248 structure = (
249 ('AddressFamily', '<H=0'),
250 ('Port', '<H=0'),
251 ('Address', '<L=0'),
252 ('Padding', '<L=0'),
253 )
255class UCHAR_ARRAY(NDRUniConformantArray):
256 item = 'c'
258class PUCHAR_ARRAY(NDRPOINTER):
259 referent = (
260 ('Data', UCHAR_ARRAY),
261 )
263class NL_SOCKET_ADDRESS(NDRSTRUCT):
264 structure = (
265 ('lpSockaddr', PUCHAR_ARRAY),
266 ('iSockaddrLength', ULONG),
267 )
269class NL_SOCKET_ADDRESS_ARRAY(NDRUniConformantArray):
270 item = NL_SOCKET_ADDRESS
272# 2.2.1.2.5 NL_DNS_NAME_INFO
273class NL_DNS_NAME_INFO(NDRSTRUCT):
274 structure = (
275 ('Type', ULONG),
276 ('DnsDomainInfoType', WSTR),
277 ('Priority', ULONG),
278 ('Weight', ULONG),
279 ('Port', ULONG),
280 ('Register', UCHAR),
281 ('Status', ULONG),
282 )
284# 2.2.1.2.6 NL_DNS_NAME_INFO_ARRAY
285class NL_DNS_NAME_INFO_ARRAY(NDRUniConformantArray):
286 item = NL_DNS_NAME_INFO
288class PNL_DNS_NAME_INFO_ARRAY(NDRPOINTER):
289 referent = (
290 ('Data', NL_DNS_NAME_INFO_ARRAY),
291 )
293class NL_DNS_NAME_INFO_ARRAY(NDRSTRUCT):
294 structure = (
295 ('EntryCount', ULONG),
296 ('DnsNamesInfo', PNL_DNS_NAME_INFO_ARRAY),
297 )
299# 2.2.1.3 Secure Channel Establishment and Maintenance Structures
300# ToDo
302# 2.2.1.3.5 NETLOGON_LSA_POLICY_INFO
303class NETLOGON_LSA_POLICY_INFO(NDRSTRUCT):
304 structure = (
305 ('LsaPolicySize', ULONG),
306 ('LsaPolicy', PUCHAR_ARRAY),
307 )
309class PNETLOGON_LSA_POLICY_INFO(NDRPOINTER):
310 referent = (
311 ('Data', NETLOGON_LSA_POLICY_INFO),
312 )
314# 2.2.1.3.6 NETLOGON_WORKSTATION_INFO
315class NETLOGON_WORKSTATION_INFO(NDRSTRUCT):
316 structure = (
317 ('LsaPolicy', NETLOGON_LSA_POLICY_INFO),
318 ('DnsHostName', LPWSTR),
319 ('SiteName', LPWSTR),
320 ('Dummy1', LPWSTR),
321 ('Dummy2', LPWSTR),
322 ('Dummy3', LPWSTR),
323 ('Dummy4', LPWSTR),
324 ('OsVersion', RPC_UNICODE_STRING),
325 ('OsName', RPC_UNICODE_STRING),
326 ('DummyString3', RPC_UNICODE_STRING),
327 ('DummyString4', RPC_UNICODE_STRING),
328 ('WorkstationFlags', ULONG),
329 ('KerberosSupportedEncryptionTypes', ULONG),
330 ('DummyLong3', ULONG),
331 ('DummyLong4', ULONG),
332 )
334class PNETLOGON_WORKSTATION_INFO(NDRPOINTER):
335 referent = (
336 ('Data', NETLOGON_WORKSTATION_INFO),
337 )
339# 2.2.1.3.7 NL_TRUST_PASSWORD
340class NL_TRUST_PASSWORD_FIXED_ARRAY(NDRUniFixedArray):
341 def getDataLen(self, data, offset=0):
342 return 512+4
344 def getAlignment(self):
345 return 1
347class WCHAR_ARRAY(NDRUniFixedArray):
348 def getDataLen(self, data, offset=0):
349 return 512
351class NL_TRUST_PASSWORD(NDRSTRUCT):
352 structure = (
353 ('Buffer', WCHAR_ARRAY),
354 ('Length', ULONG),
355 )
357class PNL_TRUST_PASSWORD(NDRPOINTER):
358 referent = (
359 ('Data', NL_TRUST_PASSWORD),
360 )
362# 2.2.1.3.8 NL_PASSWORD_VERSION
363class NL_PASSWORD_VERSION(NDRSTRUCT):
364 structure = (
365 ('ReservedField', ULONG),
366 ('PasswordVersionNumber', ULONG),
367 ('PasswordVersionPresent', ULONG),
368 )
370# 2.2.1.3.9 NETLOGON_WORKSTATION_INFORMATION
371class NETLOGON_WORKSTATION_INFORMATION(NDRUNION):
372 commonHdr = (
373 ('tag', DWORD),
374 )
376 union = {
377 1 : ('WorkstationInfo', PNETLOGON_WORKSTATION_INFO),
378 2 : ('LsaPolicyInfo', PNETLOGON_LSA_POLICY_INFO),
379 }
381# 2.2.1.3.10 NETLOGON_ONE_DOMAIN_INFO
382class NETLOGON_ONE_DOMAIN_INFO(NDRSTRUCT):
383 structure = (
384 ('DomainName', RPC_UNICODE_STRING),
385 ('DnsDomainName', RPC_UNICODE_STRING),
386 ('DnsForestName', RPC_UNICODE_STRING),
387 ('DomainGuid', GUID),
388 ('DomainSid', PRPC_SID),
389 ('TrustExtension', RPC_UNICODE_STRING),
390 ('DummyString2', RPC_UNICODE_STRING),
391 ('DummyString3', RPC_UNICODE_STRING),
392 ('DummyString4', RPC_UNICODE_STRING),
393 ('DummyLong1', ULONG),
394 ('DummyLong2', ULONG),
395 ('DummyLong3', ULONG),
396 ('DummyLong4', ULONG),
397 )
399class NETLOGON_ONE_DOMAIN_INFO_ARRAY(NDRUniConformantArray):
400 item = NETLOGON_ONE_DOMAIN_INFO
402class PNETLOGON_ONE_DOMAIN_INFO_ARRAY(NDRPOINTER):
403 referent = (
404 ('Data', NETLOGON_ONE_DOMAIN_INFO_ARRAY),
405 )
407# 2.2.1.3.11 NETLOGON_DOMAIN_INFO
408class NETLOGON_DOMAIN_INFO(NDRSTRUCT):
409 structure = (
410 ('PrimaryDomain', NETLOGON_ONE_DOMAIN_INFO),
411 ('TrustedDomainCount', ULONG),
412 ('TrustedDomains', PNETLOGON_ONE_DOMAIN_INFO_ARRAY),
413 ('LsaPolicy', NETLOGON_LSA_POLICY_INFO),
414 ('DnsHostNameInDs', RPC_UNICODE_STRING),
415 ('DummyString2', RPC_UNICODE_STRING),
416 ('DummyString3', RPC_UNICODE_STRING),
417 ('DummyString4', RPC_UNICODE_STRING),
418 ('WorkstationFlags', ULONG),
419 ('SupportedEncTypes', ULONG),
420 ('DummyLong3', ULONG),
421 ('DummyLong4', ULONG),
422 )
424class PNETLOGON_DOMAIN_INFO(NDRPOINTER):
425 referent = (
426 ('Data', NETLOGON_DOMAIN_INFO),
427 )
429# 2.2.1.3.12 NETLOGON_DOMAIN_INFORMATION
430class NETLOGON_DOMAIN_INFORMATION(NDRUNION):
431 commonHdr = (
432 ('tag', DWORD),
433 )
435 union = {
436 1 : ('DomainInfo', PNETLOGON_DOMAIN_INFO),
437 2 : ('LsaPolicyInfo', PNETLOGON_LSA_POLICY_INFO),
438 }
440# 2.2.1.3.13 NETLOGON_SECURE_CHANNEL_TYPE
441class NETLOGON_SECURE_CHANNEL_TYPE(NDRENUM):
442 class enumItems(Enum):
443 NullSecureChannel = 0
444 MsvApSecureChannel = 1
445 WorkstationSecureChannel = 2
446 TrustedDnsDomainSecureChannel = 3
447 TrustedDomainSecureChannel = 4
448 UasServerSecureChannel = 5
449 ServerSecureChannel = 6
450 CdcServerSecureChannel = 7
452# 2.2.1.3.14 NETLOGON_CAPABILITIES
453class NETLOGON_CAPABILITIES(NDRUNION):
454 commonHdr = (
455 ('tag', DWORD),
456 )
458 union = {
459 1 : ('ServerCapabilities', ULONG),
460 }
462# 2.2.1.3.15 NL_OSVERSIONINFO_V1
463class UCHAR_FIXED_ARRAY(NDRUniFixedArray):
464 def getDataLen(self, data, offset=0):
465 return 128
467class NL_OSVERSIONINFO_V1(NDRSTRUCT):
468 structure = (
469 ('dwOSVersionInfoSize', DWORD),
470 ('dwMajorVersion', DWORD),
471 ('dwMinorVersion', DWORD),
472 ('dwBuildNumber', DWORD),
473 ('dwPlatformId', DWORD),
474 ('szCSDVersion', UCHAR_FIXED_ARRAY),
475 ('wServicePackMajor', USHORT),
476 ('wServicePackMinor', USHORT),
477 ('wSuiteMask', USHORT),
478 ('wProductType', UCHAR),
479 ('wReserved', UCHAR),
480 )
482class PNL_OSVERSIONINFO_V1(NDRPOINTER):
483 referent = (
484 ('Data', NL_OSVERSIONINFO_V1),
485 )
487# 2.2.1.3.16 NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES_V1
488class PLPWSTR(NDRPOINTER):
489 referent = (
490 ('Data', LPWSTR),
491 )
493class NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES_V1(NDRSTRUCT):
494 structure = (
495 ('ClientDnsHostName', PLPWSTR),
496 ('OsVersionInfo', PNL_OSVERSIONINFO_V1),
497 ('OsName', PLPWSTR),
498 )
500# 2.2.1.3.17 NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES
501class NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES(NDRUNION):
502 commonHdr = (
503 ('tag', DWORD),
504 )
506 union = {
507 1 : ('V1', NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES_V1),
508 }
510# 2.2.1.3.18 NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES_V1
511class NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES_V1(NDRSTRUCT):
512 structure = (
513 ('HubName', PLPWSTR),
514 ('OldDnsHostName', PLPWSTR),
515 ('SupportedEncTypes', LPULONG),
516 )
518# 2.2.1.3.19 NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES
519class NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES(NDRUNION):
520 commonHdr = (
521 ('tag', DWORD),
522 )
524 union = {
525 1 : ('V1', NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES_V1),
526 }
528# 2.2.1.4.1 LM_CHALLENGE
529class CHAR_FIXED_8_ARRAY(NDRUniFixedArray):
530 def getDataLen(self, data, offset=0):
531 return 8
533class LM_CHALLENGE(NDRSTRUCT):
534 structure = (
535 ('Data', CHAR_FIXED_8_ARRAY),
536 )
538# 2.2.1.4.15 NETLOGON_LOGON_IDENTITY_INFO
539class NETLOGON_LOGON_IDENTITY_INFO(NDRSTRUCT):
540 structure = (
541 ('LogonDomainName', RPC_UNICODE_STRING),
542 ('ParameterControl', ULONG),
543 ('Reserved', OLD_LARGE_INTEGER),
544 ('UserName', RPC_UNICODE_STRING),
545 ('Workstation', RPC_UNICODE_STRING),
546 )
548class PNETLOGON_LOGON_IDENTITY_INFO(NDRPOINTER):
549 referent = (
550 ('Data', NETLOGON_LOGON_IDENTITY_INFO),
551 )
553# 2.2.1.4.2 NETLOGON_GENERIC_INFO
554class NETLOGON_GENERIC_INFO(NDRSTRUCT):
555 structure = (
556 ('Identity', NETLOGON_LOGON_IDENTITY_INFO),
557 ('PackageName', RPC_UNICODE_STRING),
558 ('DataLength', ULONG),
559 ('LogonData', PUCHAR_ARRAY),
560 )
562class PNETLOGON_GENERIC_INFO(NDRPOINTER):
563 referent = (
564 ('Data', NETLOGON_GENERIC_INFO),
565 )
567# 2.2.1.4.3 NETLOGON_INTERACTIVE_INFO
568class NETLOGON_INTERACTIVE_INFO(NDRSTRUCT):
569 structure = (
570 ('Identity', NETLOGON_LOGON_IDENTITY_INFO),
571 ('LmOwfPassword', LM_OWF_PASSWORD),
572 ('NtOwfPassword', NT_OWF_PASSWORD),
573 )
575class PNETLOGON_INTERACTIVE_INFO(NDRPOINTER):
576 referent = (
577 ('Data', NETLOGON_INTERACTIVE_INFO),
578 )
580# 2.2.1.4.4 NETLOGON_SERVICE_INFO
581class NETLOGON_SERVICE_INFO(NDRSTRUCT):
582 structure = (
583 ('Identity', NETLOGON_LOGON_IDENTITY_INFO),
584 ('LmOwfPassword', LM_OWF_PASSWORD),
585 ('NtOwfPassword', NT_OWF_PASSWORD),
586 )
588class PNETLOGON_SERVICE_INFO(NDRPOINTER):
589 referent = (
590 ('Data', NETLOGON_SERVICE_INFO),
591 )
593# 2.2.1.4.5 NETLOGON_NETWORK_INFO
594class NETLOGON_NETWORK_INFO(NDRSTRUCT):
595 structure = (
596 ('Identity', NETLOGON_LOGON_IDENTITY_INFO),
597 ('LmChallenge', LM_CHALLENGE),
598 ('NtChallengeResponse', STRING),
599 ('LmChallengeResponse', STRING),
600 )
602class PNETLOGON_NETWORK_INFO(NDRPOINTER):
603 referent = (
604 ('Data', NETLOGON_NETWORK_INFO),
605 )
607# 2.2.1.4.16 NETLOGON_LOGON_INFO_CLASS
608class NETLOGON_LOGON_INFO_CLASS(NDRENUM):
609 class enumItems(Enum):
610 NetlogonInteractiveInformation = 1
611 NetlogonNetworkInformation = 2
612 NetlogonServiceInformation = 3
613 NetlogonGenericInformation = 4
614 NetlogonInteractiveTransitiveInformation = 5
615 NetlogonNetworkTransitiveInformation = 6
616 NetlogonServiceTransitiveInformation = 7
618# 2.2.1.4.6 NETLOGON_LEVEL
619class NETLOGON_LEVEL(NDRUNION):
620 union = {
621 NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveInformation : ('LogonInteractive', PNETLOGON_INTERACTIVE_INFO),
622 NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveTransitiveInformation : ('LogonInteractiveTransitive', PNETLOGON_INTERACTIVE_INFO),
623 NETLOGON_LOGON_INFO_CLASS.NetlogonServiceInformation : ('LogonService', PNETLOGON_SERVICE_INFO),
624 NETLOGON_LOGON_INFO_CLASS.NetlogonServiceTransitiveInformation : ('LogonServiceTransitive', PNETLOGON_SERVICE_INFO),
625 NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkInformation : ('LogonNetwork', PNETLOGON_NETWORK_INFO),
626 NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkTransitiveInformation : ('LogonNetworkTransitive', PNETLOGON_NETWORK_INFO),
627 NETLOGON_LOGON_INFO_CLASS.NetlogonGenericInformation : ('LogonGeneric', PNETLOGON_GENERIC_INFO),
628 }
630# 2.2.1.4.7 NETLOGON_SID_AND_ATTRIBUTES
631class NETLOGON_SID_AND_ATTRIBUTES(NDRSTRUCT):
632 structure = (
633 ('Sid', PRPC_SID),
634 ('Attributes', ULONG),
635 )
637# 2.2.1.4.8 NETLOGON_VALIDATION_GENERIC_INFO2
638class NETLOGON_VALIDATION_GENERIC_INFO2(NDRSTRUCT):
639 structure = (
640 ('DataLength', ULONG),
641 ('ValidationData', PUCHAR_ARRAY),
642 )
644class PNETLOGON_VALIDATION_GENERIC_INFO2(NDRPOINTER):
645 referent = (
646 ('Data', NETLOGON_VALIDATION_GENERIC_INFO2),
647 )
649# 2.2.1.4.9 USER_SESSION_KEY
650USER_SESSION_KEY = LM_OWF_PASSWORD
652# 2.2.1.4.10 GROUP_MEMBERSHIP
653class GROUP_MEMBERSHIP(NDRSTRUCT):
654 structure = (
655 ('RelativeId', ULONG),
656 ('Attributes', ULONG),
657 )
659class GROUP_MEMBERSHIP_ARRAY(NDRUniConformantArray):
660 item = GROUP_MEMBERSHIP
662class PGROUP_MEMBERSHIP_ARRAY(NDRPOINTER):
663 referent = (
664 ('Data', GROUP_MEMBERSHIP_ARRAY),
665 )
667# 2.2.1.4.11 NETLOGON_VALIDATION_SAM_INFO
668class LONG_ARRAY(NDRUniFixedArray):
669 def getDataLen(self, data, offset=0):
670 return 4*10
672class NETLOGON_VALIDATION_SAM_INFO(NDRSTRUCT):
673 structure = (
674 ('LogonTime', OLD_LARGE_INTEGER),
675 ('LogoffTime', OLD_LARGE_INTEGER),
676 ('KickOffTime', OLD_LARGE_INTEGER),
677 ('PasswordLastSet', OLD_LARGE_INTEGER),
678 ('PasswordCanChange', OLD_LARGE_INTEGER),
679 ('PasswordMustChange', OLD_LARGE_INTEGER),
680 ('EffectiveName', RPC_UNICODE_STRING),
681 ('FullName', RPC_UNICODE_STRING),
682 ('LogonScript', RPC_UNICODE_STRING),
683 ('ProfilePath', RPC_UNICODE_STRING),
684 ('HomeDirectory', RPC_UNICODE_STRING),
685 ('HomeDirectoryDrive', RPC_UNICODE_STRING),
686 ('LogonCount', USHORT),
687 ('BadPasswordCount', USHORT),
688 ('UserId', ULONG),
689 ('PrimaryGroupId', ULONG),
690 ('GroupCount', ULONG),
691 ('GroupIds', PGROUP_MEMBERSHIP_ARRAY),
692 ('UserFlags', ULONG),
693 ('UserSessionKey', USER_SESSION_KEY),
694 ('LogonServer', RPC_UNICODE_STRING),
695 ('LogonDomainName', RPC_UNICODE_STRING),
696 ('LogonDomainId', PRPC_SID),
697 ('ExpansionRoom', LONG_ARRAY),
698 )
700class PNETLOGON_VALIDATION_SAM_INFO(NDRPOINTER):
701 referent = (
702 ('Data', NETLOGON_VALIDATION_SAM_INFO),
703 )
705# 2.2.1.4.12 NETLOGON_VALIDATION_SAM_INFO2
706class NETLOGON_SID_AND_ATTRIBUTES_ARRAY(NDRUniConformantArray):
707 item = NETLOGON_SID_AND_ATTRIBUTES
709class PNETLOGON_SID_AND_ATTRIBUTES_ARRAY(NDRPOINTER):
710 referent = (
711 ('Data', NETLOGON_SID_AND_ATTRIBUTES_ARRAY),
712 )
714class NETLOGON_VALIDATION_SAM_INFO2(NDRSTRUCT):
715 structure = (
716 ('LogonTime', OLD_LARGE_INTEGER),
717 ('LogoffTime', OLD_LARGE_INTEGER),
718 ('KickOffTime', OLD_LARGE_INTEGER),
719 ('PasswordLastSet', OLD_LARGE_INTEGER),
720 ('PasswordCanChange', OLD_LARGE_INTEGER),
721 ('PasswordMustChange', OLD_LARGE_INTEGER),
722 ('EffectiveName', RPC_UNICODE_STRING),
723 ('FullName', RPC_UNICODE_STRING),
724 ('LogonScript', RPC_UNICODE_STRING),
725 ('ProfilePath', RPC_UNICODE_STRING),
726 ('HomeDirectory', RPC_UNICODE_STRING),
727 ('HomeDirectoryDrive', RPC_UNICODE_STRING),
728 ('LogonCount', USHORT),
729 ('BadPasswordCount', USHORT),
730 ('UserId', ULONG),
731 ('PrimaryGroupId', ULONG),
732 ('GroupCount', ULONG),
733 ('GroupIds', PGROUP_MEMBERSHIP_ARRAY),
734 ('UserFlags', ULONG),
735 ('UserSessionKey', USER_SESSION_KEY),
736 ('LogonServer', RPC_UNICODE_STRING),
737 ('LogonDomainName', RPC_UNICODE_STRING),
738 ('LogonDomainId', PRPC_SID),
739 ('ExpansionRoom', LONG_ARRAY),
740 ('SidCount', ULONG),
741 ('ExtraSids', PNETLOGON_SID_AND_ATTRIBUTES_ARRAY),
742 )
744class PNETLOGON_VALIDATION_SAM_INFO2(NDRPOINTER):
745 referent = (
746 ('Data', NETLOGON_VALIDATION_SAM_INFO2),
747 )
749# 2.2.1.4.13 NETLOGON_VALIDATION_SAM_INFO4
750class NETLOGON_VALIDATION_SAM_INFO4(NDRSTRUCT):
751 structure = (
752 ('LogonTime', OLD_LARGE_INTEGER),
753 ('LogoffTime', OLD_LARGE_INTEGER),
754 ('KickOffTime', OLD_LARGE_INTEGER),
755 ('PasswordLastSet', OLD_LARGE_INTEGER),
756 ('PasswordCanChange', OLD_LARGE_INTEGER),
757 ('PasswordMustChange', OLD_LARGE_INTEGER),
758 ('EffectiveName', RPC_UNICODE_STRING),
759 ('FullName', RPC_UNICODE_STRING),
760 ('LogonScript', RPC_UNICODE_STRING),
761 ('ProfilePath', RPC_UNICODE_STRING),
762 ('HomeDirectory', RPC_UNICODE_STRING),
763 ('HomeDirectoryDrive', RPC_UNICODE_STRING),
764 ('LogonCount', USHORT),
765 ('BadPasswordCount', USHORT),
766 ('UserId', ULONG),
767 ('PrimaryGroupId', ULONG),
768 ('GroupCount', ULONG),
769 ('GroupIds', PGROUP_MEMBERSHIP_ARRAY),
770 ('UserFlags', ULONG),
771 ('UserSessionKey', USER_SESSION_KEY),
772 ('LogonServer', RPC_UNICODE_STRING),
773 ('LogonDomainName', RPC_UNICODE_STRING),
774 ('LogonDomainId', PRPC_SID),
776 ('LMKey', CHAR_FIXED_8_ARRAY),
777 ('UserAccountControl', ULONG),
778 ('SubAuthStatus', ULONG),
779 ('LastSuccessfulILogon', OLD_LARGE_INTEGER),
780 ('LastFailedILogon', OLD_LARGE_INTEGER),
781 ('FailedILogonCount', ULONG),
782 ('Reserved4', ULONG),
784 ('SidCount', ULONG),
785 ('ExtraSids', PNETLOGON_SID_AND_ATTRIBUTES_ARRAY),
786 ('DnsLogonDomainName', RPC_UNICODE_STRING),
787 ('Upn', RPC_UNICODE_STRING),
788 ('ExpansionString1', RPC_UNICODE_STRING),
789 ('ExpansionString2', RPC_UNICODE_STRING),
790 ('ExpansionString3', RPC_UNICODE_STRING),
791 ('ExpansionString4', RPC_UNICODE_STRING),
792 ('ExpansionString5', RPC_UNICODE_STRING),
793 ('ExpansionString6', RPC_UNICODE_STRING),
794 ('ExpansionString7', RPC_UNICODE_STRING),
795 ('ExpansionString8', RPC_UNICODE_STRING),
796 ('ExpansionString9', RPC_UNICODE_STRING),
797 ('ExpansionString10', RPC_UNICODE_STRING),
798 )
800class PNETLOGON_VALIDATION_SAM_INFO4(NDRPOINTER):
801 referent = (
802 ('Data', NETLOGON_VALIDATION_SAM_INFO4),
803 )
805# 2.2.1.4.17 NETLOGON_VALIDATION_INFO_CLASS
806class NETLOGON_VALIDATION_INFO_CLASS(NDRENUM):
807 class enumItems(Enum):
808 NetlogonValidationUasInfo = 1
809 NetlogonValidationSamInfo = 2
810 NetlogonValidationSamInfo2 = 3
811 NetlogonValidationGenericInfo = 4
812 NetlogonValidationGenericInfo2 = 5
813 NetlogonValidationSamInfo4 = 6
815# 2.2.1.4.14 NETLOGON_VALIDATION
816class NETLOGON_VALIDATION(NDRUNION):
817 union = {
818 NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo : ('ValidationSam', PNETLOGON_VALIDATION_SAM_INFO),
819 NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo2 : ('ValidationSam2', PNETLOGON_VALIDATION_SAM_INFO2),
820 NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationGenericInfo2: ('ValidationGeneric2', PNETLOGON_VALIDATION_GENERIC_INFO2),
821 NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo4 : ('ValidationSam4', PNETLOGON_VALIDATION_SAM_INFO4),
822 }
824# 2.2.1.5.2 NLPR_QUOTA_LIMITS
825class NLPR_QUOTA_LIMITS(NDRSTRUCT):
826 structure = (
827 ('PagedPoolLimit', ULONG),
828 ('NonPagedPoolLimit', ULONG),
829 ('MinimumWorkingSetSize', ULONG),
830 ('MaximumWorkingSetSize', ULONG),
831 ('PagefileLimit', ULONG),
832 ('Reserved', OLD_LARGE_INTEGER),
833 )
835# 2.2.1.5.3 NETLOGON_DELTA_ACCOUNTS
836class ULONG_ARRAY(NDRUniConformantArray):
837 item = ULONG
839class PULONG_ARRAY(NDRPOINTER):
840 referent = (
841 ('Data', ULONG_ARRAY),
842 )
844class NETLOGON_DELTA_ACCOUNTS(NDRSTRUCT):
845 structure = (
846 ('PrivilegeEntries', ULONG),
847 ('PrivilegeControl', ULONG),
848 ('PrivilegeAttributes', PULONG_ARRAY),
849 ('PrivilegeNames', PRPC_UNICODE_STRING_ARRAY),
850 ('QuotaLimits', NLPR_QUOTA_LIMITS),
851 ('SystemAccessFlags', ULONG),
852 ('SecurityInformation', SECURITY_INFORMATION),
853 ('SecuritySize', ULONG),
854 ('SecurityDescriptor', PUCHAR_ARRAY),
855 ('DummyString1', RPC_UNICODE_STRING),
856 ('DummyString2', RPC_UNICODE_STRING),
857 ('DummyString3', RPC_UNICODE_STRING),
858 ('DummyString4', RPC_UNICODE_STRING),
859 ('DummyLong1', ULONG),
860 ('DummyLong2', ULONG),
861 ('DummyLong3', ULONG),
862 ('DummyLong4', ULONG),
863 )
865class PNETLOGON_DELTA_ACCOUNTS(NDRPOINTER):
866 referent = (
867 ('Data', NETLOGON_DELTA_ACCOUNTS),
868 )
870# 2.2.1.5.5 NLPR_SID_INFORMATION
871class NLPR_SID_INFORMATION(NDRSTRUCT):
872 structure = (
873 ('SidPointer', PRPC_SID),
874 )
876# 2.2.1.5.6 NLPR_SID_ARRAY
877class NLPR_SID_INFORMATION_ARRAY(NDRUniConformantArray):
878 item = NLPR_SID_INFORMATION
880class PNLPR_SID_INFORMATION_ARRAY(NDRPOINTER):
881 referent = (
882 ('Data', NLPR_SID_INFORMATION_ARRAY),
883 )
885class NLPR_SID_ARRAY(NDRSTRUCT):
886 referent = (
887 ('Count', ULONG),
888 ('Sids', PNLPR_SID_INFORMATION_ARRAY),
889 )
891# 2.2.1.5.7 NETLOGON_DELTA_ALIAS_MEMBER
892class NETLOGON_DELTA_ALIAS_MEMBER(NDRSTRUCT):
893 structure = (
894 ('Members', NLPR_SID_ARRAY),
895 ('DummyLong1', ULONG),
896 ('DummyLong2', ULONG),
897 ('DummyLong3', ULONG),
898 ('DummyLong4', ULONG),
899 )
901class PNETLOGON_DELTA_ALIAS_MEMBER(NDRPOINTER):
902 referent = (
903 ('Data', NETLOGON_DELTA_ALIAS_MEMBER),
904 )
906# 2.2.1.5.8 NETLOGON_DELTA_DELETE_GROUP
907class NETLOGON_DELTA_DELETE_GROUP(NDRSTRUCT):
908 structure = (
909 ('AccountName', LPWSTR),
910 ('DummyString1', RPC_UNICODE_STRING),
911 ('DummyString2', RPC_UNICODE_STRING),
912 ('DummyString3', RPC_UNICODE_STRING),
913 ('DummyString4', RPC_UNICODE_STRING),
914 ('DummyLong1', ULONG),
915 ('DummyLong2', ULONG),
916 ('DummyLong3', ULONG),
917 ('DummyLong4', ULONG),
918 )
920class PNETLOGON_DELTA_DELETE_GROUP(NDRPOINTER):
921 referent = (
922 ('Data', NETLOGON_DELTA_DELETE_GROUP),
923 )
925# 2.2.1.5.9 NETLOGON_DELTA_DELETE_USER
926class NETLOGON_DELTA_DELETE_USER(NDRSTRUCT):
927 structure = (
928 ('AccountName', LPWSTR),
929 ('DummyString1', RPC_UNICODE_STRING),
930 ('DummyString2', RPC_UNICODE_STRING),
931 ('DummyString3', RPC_UNICODE_STRING),
932 ('DummyString4', RPC_UNICODE_STRING),
933 ('DummyLong1', ULONG),
934 ('DummyLong2', ULONG),
935 ('DummyLong3', ULONG),
936 ('DummyLong4', ULONG),
937 )
939class PNETLOGON_DELTA_DELETE_USER(NDRPOINTER):
940 referent = (
941 ('Data', NETLOGON_DELTA_DELETE_USER),
942 )
944# 2.2.1.5.10 NETLOGON_DELTA_DOMAIN
945class NETLOGON_DELTA_DOMAIN(NDRSTRUCT):
946 structure = (
947 ('DomainName', RPC_UNICODE_STRING),
948 ('OemInformation', RPC_UNICODE_STRING),
949 ('ForceLogoff', OLD_LARGE_INTEGER),
950 ('MinPasswordLength', USHORT),
951 ('PasswordHistoryLength', USHORT),
952 ('MaxPasswordAge', OLD_LARGE_INTEGER),
953 ('MinPasswordAge', OLD_LARGE_INTEGER),
954 ('DomainModifiedCount', OLD_LARGE_INTEGER),
955 ('DomainCreationTime', OLD_LARGE_INTEGER),
956 ('SecurityInformation', SECURITY_INFORMATION),
957 ('SecuritySize', ULONG),
958 ('SecurityDescriptor', PUCHAR_ARRAY),
959 ('DomainLockoutInformation', RPC_UNICODE_STRING),
960 ('DummyString2', RPC_UNICODE_STRING),
961 ('DummyString3', RPC_UNICODE_STRING),
962 ('DummyString4', RPC_UNICODE_STRING),
963 ('PasswordProperties', ULONG),
964 ('DummyLong2', ULONG),
965 ('DummyLong3', ULONG),
966 ('DummyLong4', ULONG),
967 )
969class PNETLOGON_DELTA_DOMAIN(NDRPOINTER):
970 referent = (
971 ('Data', NETLOGON_DELTA_DOMAIN),
972 )
974# 2.2.1.5.13 NETLOGON_DELTA_GROUP
975class NETLOGON_DELTA_GROUP(NDRSTRUCT):
976 structure = (
977 ('Name', RPC_UNICODE_STRING),
978 ('RelativeId', ULONG),
979 ('Attributes', ULONG),
980 ('AdminComment', RPC_UNICODE_STRING),
981 ('SecurityInformation', USHORT),
982 ('SecuritySize', ULONG),
983 ('SecurityDescriptor', SECURITY_INFORMATION),
984 ('DummyString1', RPC_UNICODE_STRING),
985 ('DummyString2', RPC_UNICODE_STRING),
986 ('DummyString3', RPC_UNICODE_STRING),
987 ('DummyString4', RPC_UNICODE_STRING),
988 ('DummyLong1', ULONG),
989 ('DummyLong2', ULONG),
990 ('DummyLong3', ULONG),
991 ('DummyLong4', ULONG),
992 )
994class PNETLOGON_DELTA_GROUP(NDRPOINTER):
995 referent = (
996 ('Data', NETLOGON_DELTA_GROUP),
997 )
999# 2.2.1.5.24 NETLOGON_RENAME_GROUP
1000class NETLOGON_RENAME_GROUP(NDRSTRUCT):
1001 structure = (
1002 ('OldName', RPC_UNICODE_STRING),
1003 ('NewName', RPC_UNICODE_STRING),
1004 ('DummyString1', RPC_UNICODE_STRING),
1005 ('DummyString2', RPC_UNICODE_STRING),
1006 ('DummyString3', RPC_UNICODE_STRING),
1007 ('DummyString4', RPC_UNICODE_STRING),
1008 ('DummyLong1', ULONG),
1009 ('DummyLong2', ULONG),
1010 ('DummyLong3', ULONG),
1011 ('DummyLong4', ULONG),
1012 )
1014class PNETLOGON_DELTA_RENAME_GROUP(NDRPOINTER):
1015 referent = (
1016 ('Data', NETLOGON_RENAME_GROUP),
1017 )
1019# 2.2.1.5.14 NLPR_LOGON_HOURS
1020from impacket.dcerpc.v5.samr import SAMPR_LOGON_HOURS
1021NLPR_LOGON_HOURS = SAMPR_LOGON_HOURS
1023# 2.2.1.5.15 NLPR_USER_PRIVATE_INFO
1024class NLPR_USER_PRIVATE_INFO(NDRSTRUCT):
1025 structure = (
1026 ('SensitiveData', UCHAR),
1027 ('DataLength', ULONG),
1028 ('Data', PUCHAR_ARRAY),
1029 )
1031# 2.2.1.5.16 NETLOGON_DELTA_USER
1032class NETLOGON_DELTA_USER(NDRSTRUCT):
1033 structure = (
1034 ('UserName', RPC_UNICODE_STRING),
1035 ('FullName', RPC_UNICODE_STRING),
1036 ('UserId', ULONG),
1037 ('PrimaryGroupId', ULONG),
1038 ('HomeDirectory', RPC_UNICODE_STRING),
1039 ('HomeDirectoryDrive', RPC_UNICODE_STRING),
1040 ('ScriptPath', RPC_UNICODE_STRING),
1041 ('AdminComment', RPC_UNICODE_STRING),
1042 ('WorkStations', RPC_UNICODE_STRING),
1043 ('LastLogon', OLD_LARGE_INTEGER),
1044 ('LastLogoff', OLD_LARGE_INTEGER),
1045 ('LogonHours', NLPR_LOGON_HOURS),
1046 ('BadPasswordCount', USHORT),
1047 ('LogonCount', USHORT),
1048 ('PasswordLastSet', OLD_LARGE_INTEGER),
1049 ('AccountExpires', OLD_LARGE_INTEGER),
1050 ('UserAccountControl', ULONG),
1051 ('EncryptedNtOwfPassword', PUCHAR_ARRAY),
1052 ('EncryptedLmOwfPassword', PUCHAR_ARRAY),
1053 ('NtPasswordPresent', UCHAR),
1054 ('LmPasswordPresent', UCHAR),
1055 ('PasswordExpired', UCHAR),
1056 ('UserComment', RPC_UNICODE_STRING),
1057 ('Parameters', RPC_UNICODE_STRING),
1058 ('CountryCode', USHORT),
1059 ('CodePage', USHORT),
1060 ('PrivateData', NLPR_USER_PRIVATE_INFO),
1061 ('SecurityInformation', SECURITY_INFORMATION),
1062 ('SecuritySize', ULONG),
1063 ('SecurityDescriptor', PUCHAR_ARRAY),
1064 ('ProfilePath', RPC_UNICODE_STRING),
1065 ('DummyString2', RPC_UNICODE_STRING),
1066 ('DummyString3', RPC_UNICODE_STRING),
1067 ('DummyString4', RPC_UNICODE_STRING),
1068 ('DummyLong1', ULONG),
1069 ('DummyLong2', ULONG),
1070 ('DummyLong3', ULONG),
1071 ('DummyLong4', ULONG),
1072 )
1074class PNETLOGON_DELTA_USER(NDRPOINTER):
1075 referent = (
1076 ('Data', NETLOGON_DELTA_USER),
1077 )
1079# 2.2.1.5.25 NETLOGON_RENAME_USER
1080class NETLOGON_RENAME_USER(NDRSTRUCT):
1081 structure = (
1082 ('OldName', RPC_UNICODE_STRING),
1083 ('NewName', RPC_UNICODE_STRING),
1084 ('DummyString1', RPC_UNICODE_STRING),
1085 ('DummyString2', RPC_UNICODE_STRING),
1086 ('DummyString3', RPC_UNICODE_STRING),
1087 ('DummyString4', RPC_UNICODE_STRING),
1088 ('DummyLong1', ULONG),
1089 ('DummyLong2', ULONG),
1090 ('DummyLong3', ULONG),
1091 ('DummyLong4', ULONG),
1092 )
1094class PNETLOGON_DELTA_RENAME_USER(NDRPOINTER):
1095 referent = (
1096 ('Data', NETLOGON_RENAME_USER),
1097 )
1099# 2.2.1.5.17 NETLOGON_DELTA_GROUP_MEMBER
1100class NETLOGON_DELTA_GROUP_MEMBER(NDRSTRUCT):
1101 structure = (
1102 ('Members', PULONG_ARRAY),
1103 ('Attributes', PULONG_ARRAY),
1104 ('MemberCount', ULONG),
1105 ('DummyLong1', ULONG),
1106 ('DummyLong2', ULONG),
1107 ('DummyLong3', ULONG),
1108 ('DummyLong4', ULONG),
1109 )
1111class PNETLOGON_DELTA_GROUP_MEMBER(NDRPOINTER):
1112 referent = (
1113 ('Data', NETLOGON_DELTA_GROUP_MEMBER),
1114 )
1116# 2.2.1.5.4 NETLOGON_DELTA_ALIAS
1117class NETLOGON_DELTA_ALIAS(NDRSTRUCT):
1118 structure = (
1119 ('Name', RPC_UNICODE_STRING),
1120 ('RelativeId', ULONG),
1121 ('SecurityInformation', SECURITY_INFORMATION),
1122 ('SecuritySize', ULONG),
1123 ('SecurityDescriptor', PUCHAR_ARRAY),
1124 ('Comment', RPC_UNICODE_STRING),
1125 ('DummyString2', RPC_UNICODE_STRING),
1126 ('DummyString3', RPC_UNICODE_STRING),
1127 ('DummyString4', RPC_UNICODE_STRING),
1128 ('DummyLong1', ULONG),
1129 ('DummyLong2', ULONG),
1130 ('DummyLong3', ULONG),
1131 ('DummyLong4', ULONG),
1132 )
1134class PNETLOGON_DELTA_ALIAS(NDRPOINTER):
1135 referent = (
1136 ('Data', NETLOGON_DELTA_ALIAS),
1137 )
1139# 2.2.1.5.23 NETLOGON_RENAME_ALIAS
1140class NETLOGON_RENAME_ALIAS(NDRSTRUCT):
1141 structure = (
1142 ('OldName', RPC_UNICODE_STRING),
1143 ('NewName', RPC_UNICODE_STRING),
1144 ('DummyString1', RPC_UNICODE_STRING),
1145 ('DummyString2', RPC_UNICODE_STRING),
1146 ('DummyString3', RPC_UNICODE_STRING),
1147 ('DummyString4', RPC_UNICODE_STRING),
1148 ('DummyLong1', ULONG),
1149 ('DummyLong2', ULONG),
1150 ('DummyLong3', ULONG),
1151 ('DummyLong4', ULONG),
1152 )
1154class PNETLOGON_DELTA_RENAME_ALIAS(NDRPOINTER):
1155 referent = (
1156 ('Data', NETLOGON_RENAME_ALIAS),
1157 )
1159# 2.2.1.5.19 NETLOGON_DELTA_POLICY
1160class NETLOGON_DELTA_POLICY(NDRSTRUCT):
1161 structure = (
1162 ('MaximumLogSize', ULONG),
1163 ('AuditRetentionPeriod', OLD_LARGE_INTEGER),
1164 ('AuditingMode', UCHAR),
1165 ('MaximumAuditEventCount', ULONG),
1166 ('EventAuditingOptions', PULONG_ARRAY),
1167 ('PrimaryDomainName', RPC_UNICODE_STRING),
1168 ('PrimaryDomainSid', PRPC_SID),
1169 ('QuotaLimits', NLPR_QUOTA_LIMITS),
1170 ('ModifiedId', OLD_LARGE_INTEGER),
1171 ('DatabaseCreationTime', OLD_LARGE_INTEGER),
1172 ('SecurityInformation', SECURITY_INFORMATION),
1173 ('SecuritySize', ULONG),
1174 ('SecurityDescriptor', PUCHAR_ARRAY),
1175 ('DummyString1', RPC_UNICODE_STRING),
1176 ('DummyString2', RPC_UNICODE_STRING),
1177 ('DummyString3', RPC_UNICODE_STRING),
1178 ('DummyString4', RPC_UNICODE_STRING),
1179 ('DummyLong1', ULONG),
1180 ('DummyLong2', ULONG),
1181 ('DummyLong3', ULONG),
1182 ('DummyLong4', ULONG),
1183 )
1185class PNETLOGON_DELTA_POLICY(NDRPOINTER):
1186 referent = (
1187 ('Data', NETLOGON_DELTA_POLICY),
1188 )
1190# 2.2.1.5.22 NETLOGON_DELTA_TRUSTED_DOMAINS
1191class NETLOGON_DELTA_TRUSTED_DOMAINS(NDRSTRUCT):
1192 structure = (
1193 ('DomainName', RPC_UNICODE_STRING),
1194 ('NumControllerEntries', ULONG),
1195 ('ControllerNames', PRPC_UNICODE_STRING_ARRAY),
1196 ('SecurityInformation', SECURITY_INFORMATION),
1197 ('SecuritySize', ULONG),
1198 ('SecurityDescriptor', PUCHAR_ARRAY),
1199 ('DummyString1', RPC_UNICODE_STRING),
1200 ('DummyString2', RPC_UNICODE_STRING),
1201 ('DummyString3', RPC_UNICODE_STRING),
1202 ('DummyString4', RPC_UNICODE_STRING),
1203 ('DummyLong1', ULONG),
1204 ('DummyLong2', ULONG),
1205 ('DummyLong3', ULONG),
1206 ('DummyLong4', ULONG),
1207 )
1209class PNETLOGON_DELTA_TRUSTED_DOMAINS(NDRPOINTER):
1210 referent = (
1211 ('Data', NETLOGON_DELTA_TRUSTED_DOMAINS),
1212 )
1214# 2.2.1.5.20 NLPR_CR_CIPHER_VALUE
1215class UCHAR_ARRAY2(NDRUniConformantVaryingArray):
1216 item = UCHAR
1218class PUCHAR_ARRAY2(NDRPOINTER):
1219 referent = (
1220 ('Data', UCHAR_ARRAY2),
1221 )
1223class NLPR_CR_CIPHER_VALUE(NDRSTRUCT):
1224 structure = (
1225 ('Length', ULONG),
1226 ('MaximumLength', ULONG),
1227 ('Buffer', PUCHAR_ARRAY2),
1228 )
1230# 2.2.1.5.21 NETLOGON_DELTA_SECRET
1231class NETLOGON_DELTA_SECRET(NDRSTRUCT):
1232 structure = (
1233 ('CurrentValue', NLPR_CR_CIPHER_VALUE),
1234 ('CurrentValueSetTime', OLD_LARGE_INTEGER),
1235 ('OldValue', NLPR_CR_CIPHER_VALUE),
1236 ('OldValueSetTime', OLD_LARGE_INTEGER),
1237 ('SecurityInformation', SECURITY_INFORMATION),
1238 ('SecuritySize', ULONG),
1239 ('SecurityDescriptor', PUCHAR_ARRAY),
1240 ('DummyString1', RPC_UNICODE_STRING),
1241 ('DummyString2', RPC_UNICODE_STRING),
1242 ('DummyString3', RPC_UNICODE_STRING),
1243 ('DummyString4', RPC_UNICODE_STRING),
1244 ('DummyLong1', ULONG),
1245 ('DummyLong2', ULONG),
1246 ('DummyLong3', ULONG),
1247 ('DummyLong4', ULONG),
1248 )
1250class PNETLOGON_DELTA_SECRET(NDRPOINTER):
1251 referent = (
1252 ('Data', NETLOGON_DELTA_SECRET),
1253 )
1255# 2.2.1.5.26 NLPR_MODIFIED_COUNT
1256class NLPR_MODIFIED_COUNT(NDRSTRUCT):
1257 structure = (
1258 ('ModifiedCount', OLD_LARGE_INTEGER),
1259 )
1261class PNLPR_MODIFIED_COUNT(NDRPOINTER):
1262 referent = (
1263 ('Data', NLPR_MODIFIED_COUNT),
1264 )
1266# 2.2.1.5.28 NETLOGON_DELTA_TYPE
1267class NETLOGON_DELTA_TYPE(NDRENUM):
1268 class enumItems(Enum):
1269 AddOrChangeDomain = 1
1270 AddOrChangeGroup = 2
1271 DeleteGroup = 3
1272 RenameGroup = 4
1273 AddOrChangeUser = 5
1274 DeleteUser = 6
1275 RenameUser = 7
1276 ChangeGroupMembership = 8
1277 AddOrChangeAlias = 9
1278 DeleteAlias = 10
1279 RenameAlias = 11
1280 ChangeAliasMembership = 12
1281 AddOrChangeLsaPolicy = 13
1282 AddOrChangeLsaTDomain = 14
1283 DeleteLsaTDomain = 15
1284 AddOrChangeLsaAccount = 16
1285 DeleteLsaAccount = 17
1286 AddOrChangeLsaSecret = 18
1287 DeleteLsaSecret = 19
1288 DeleteGroupByName = 20
1289 DeleteUserByName = 21
1290 SerialNumberSkip = 22
1292# 2.2.1.5.27 NETLOGON_DELTA_UNION
1293class NETLOGON_DELTA_UNION(NDRUNION):
1294 union = {
1295 NETLOGON_DELTA_TYPE.AddOrChangeDomain : ('DeltaDomain', PNETLOGON_DELTA_DOMAIN),
1296 NETLOGON_DELTA_TYPE.AddOrChangeGroup : ('DeltaGroup', PNETLOGON_DELTA_GROUP),
1297 NETLOGON_DELTA_TYPE.RenameGroup : ('DeltaRenameGroup', PNETLOGON_DELTA_RENAME_GROUP),
1298 NETLOGON_DELTA_TYPE.AddOrChangeUser : ('DeltaUser', PNETLOGON_DELTA_USER),
1299 NETLOGON_DELTA_TYPE.RenameUser : ('DeltaRenameUser', PNETLOGON_DELTA_RENAME_USER),
1300 NETLOGON_DELTA_TYPE.ChangeGroupMembership : ('DeltaGroupMember', PNETLOGON_DELTA_GROUP_MEMBER),
1301 NETLOGON_DELTA_TYPE.AddOrChangeAlias : ('DeltaAlias', PNETLOGON_DELTA_ALIAS),
1302 NETLOGON_DELTA_TYPE.RenameAlias : ('DeltaRenameAlias', PNETLOGON_DELTA_RENAME_ALIAS),
1303 NETLOGON_DELTA_TYPE.ChangeAliasMembership : ('DeltaAliasMember', PNETLOGON_DELTA_ALIAS_MEMBER),
1304 NETLOGON_DELTA_TYPE.AddOrChangeLsaPolicy : ('DeltaPolicy', PNETLOGON_DELTA_POLICY),
1305 NETLOGON_DELTA_TYPE.AddOrChangeLsaTDomain : ('DeltaTDomains', PNETLOGON_DELTA_TRUSTED_DOMAINS),
1306 NETLOGON_DELTA_TYPE.AddOrChangeLsaAccount : ('DeltaAccounts', PNETLOGON_DELTA_ACCOUNTS),
1307 NETLOGON_DELTA_TYPE.AddOrChangeLsaSecret : ('DeltaSecret', PNETLOGON_DELTA_SECRET),
1308 NETLOGON_DELTA_TYPE.DeleteGroupByName : ('DeltaDeleteGroup', PNETLOGON_DELTA_DELETE_GROUP),
1309 NETLOGON_DELTA_TYPE.DeleteUserByName : ('DeltaDeleteUser', PNETLOGON_DELTA_DELETE_USER),
1310 NETLOGON_DELTA_TYPE.SerialNumberSkip : ('DeltaSerialNumberSkip', PNLPR_MODIFIED_COUNT),
1311 }
1313# 2.2.1.5.18 NETLOGON_DELTA_ID_UNION
1314class NETLOGON_DELTA_ID_UNION(NDRUNION):
1315 union = {
1316 NETLOGON_DELTA_TYPE.AddOrChangeDomain : ('Rid', ULONG),
1317 NETLOGON_DELTA_TYPE.AddOrChangeGroup : ('Rid', ULONG),
1318 NETLOGON_DELTA_TYPE.DeleteGroup : ('Rid', ULONG),
1319 NETLOGON_DELTA_TYPE.RenameGroup : ('Rid', ULONG),
1320 NETLOGON_DELTA_TYPE.AddOrChangeUser : ('Rid', ULONG),
1321 NETLOGON_DELTA_TYPE.DeleteUser : ('Rid', ULONG),
1322 NETLOGON_DELTA_TYPE.RenameUser : ('Rid', ULONG),
1323 NETLOGON_DELTA_TYPE.ChangeGroupMembership : ('Rid', ULONG),
1324 NETLOGON_DELTA_TYPE.AddOrChangeAlias : ('Rid', ULONG),
1325 NETLOGON_DELTA_TYPE.DeleteAlias : ('Rid', ULONG),
1326 NETLOGON_DELTA_TYPE.RenameAlias : ('Rid', ULONG),
1327 NETLOGON_DELTA_TYPE.ChangeAliasMembership : ('Rid', ULONG),
1328 NETLOGON_DELTA_TYPE.DeleteGroupByName : ('Rid', ULONG),
1329 NETLOGON_DELTA_TYPE.DeleteUserByName : ('Rid', ULONG),
1330 NETLOGON_DELTA_TYPE.AddOrChangeLsaPolicy : ('Sid', PRPC_SID),
1331 NETLOGON_DELTA_TYPE.AddOrChangeLsaTDomain : ('Sid', PRPC_SID),
1332 NETLOGON_DELTA_TYPE.DeleteLsaTDomain : ('Sid', PRPC_SID),
1333 NETLOGON_DELTA_TYPE.AddOrChangeLsaAccount : ('Sid', PRPC_SID),
1334 NETLOGON_DELTA_TYPE.DeleteLsaAccount : ('Sid', PRPC_SID),
1335 NETLOGON_DELTA_TYPE.AddOrChangeLsaSecret : ('Name', LPWSTR),
1336 NETLOGON_DELTA_TYPE.DeleteLsaSecret : ('Name', LPWSTR),
1337 }
1339# 2.2.1.5.11 NETLOGON_DELTA_ENUM
1340class NETLOGON_DELTA_ENUM(NDRSTRUCT):
1341 structure = (
1342 ('DeltaType', NETLOGON_DELTA_TYPE),
1343 ('DeltaID', NETLOGON_DELTA_ID_UNION),
1344 ('DeltaUnion', NETLOGON_DELTA_UNION),
1345 )
1347# 2.2.1.5.12 NETLOGON_DELTA_ENUM_ARRAY
1348class NETLOGON_DELTA_ENUM_ARRAY_ARRAY(NDRUniConformantArray):
1349 item = NETLOGON_DELTA_ENUM
1351class PNETLOGON_DELTA_ENUM_ARRAY_ARRAY(NDRSTRUCT):
1352 referent = (
1353 ('Data', NETLOGON_DELTA_ENUM_ARRAY_ARRAY),
1354 )
1356class PNETLOGON_DELTA_ENUM_ARRAY(NDRPOINTER):
1357 structure = (
1358 ('CountReturned', DWORD),
1359 ('Deltas', PNETLOGON_DELTA_ENUM_ARRAY_ARRAY),
1360 )
1362# 2.2.1.5.29 SYNC_STATE
1363class SYNC_STATE(NDRENUM):
1364 class enumItems(Enum):
1365 NormalState = 0
1366 DomainState = 1
1367 GroupState = 2
1368 UasBuiltInGroupState = 3
1369 UserState = 4
1370 GroupMemberState = 5
1371 AliasState = 6
1372 AliasMemberState = 7
1373 SamDoneState = 8
1375# 2.2.1.6.1 DOMAIN_NAME_BUFFER
1376class DOMAIN_NAME_BUFFER(NDRSTRUCT):
1377 structure = (
1378 ('DomainNameByteCount', ULONG),
1379 ('DomainNames', PUCHAR_ARRAY),
1380 )
1382# 2.2.1.6.2 DS_DOMAIN_TRUSTSW
1383class DS_DOMAIN_TRUSTSW(NDRSTRUCT):
1384 structure = (
1385 ('NetbiosDomainName', LPWSTR),
1386 ('DnsDomainName', LPWSTR),
1387 ('Flags', ULONG),
1388 ('ParentIndex', ULONG),
1389 ('TrustType', ULONG),
1390 ('TrustAttributes', ULONG),
1391 ('DomainSid', PRPC_SID),
1392 ('DomainGuid', GUID),
1393 )
1395# 2.2.1.6.3 NETLOGON_TRUSTED_DOMAIN_ARRAY
1396class DS_DOMAIN_TRUSTSW_ARRAY(NDRUniConformantArray):
1397 item = DS_DOMAIN_TRUSTSW
1399class PDS_DOMAIN_TRUSTSW_ARRAY(NDRPOINTER):
1400 referent = (
1401 ('Data', DS_DOMAIN_TRUSTSW_ARRAY),
1402 )
1404class NETLOGON_TRUSTED_DOMAIN_ARRAY(NDRSTRUCT):
1405 structure = (
1406 ('DomainCount', DWORD),
1407 ('Domains', PDS_DOMAIN_TRUSTSW_ARRAY),
1408 )
1410# 2.2.1.6.4 NL_GENERIC_RPC_DATA
1411class NL_GENERIC_RPC_DATA(NDRSTRUCT):
1412 structure = (
1413 ('UlongEntryCount', ULONG),
1414 ('UlongData', PULONG_ARRAY),
1415 ('UnicodeStringEntryCount', ULONG),
1416 ('UnicodeStringData', PRPC_UNICODE_STRING_ARRAY),
1417 )
1419class PNL_GENERIC_RPC_DATA(NDRPOINTER):
1420 referent = (
1421 ('Data', NL_GENERIC_RPC_DATA),
1422 )
1424# 2.2.1.7.1 NETLOGON_CONTROL_DATA_INFORMATION
1425class NETLOGON_CONTROL_DATA_INFORMATION(NDRUNION):
1426 commonHdr = (
1427 ('tag', DWORD),
1428 )
1430 union = {
1431 5 : ('TrustedDomainName', LPWSTR),
1432 6 : ('TrustedDomainName', LPWSTR),
1433 9 : ('TrustedDomainName', LPWSTR),
1434 10 : ('TrustedDomainName', LPWSTR),
1435 65534 : ('DebugFlag', DWORD),
1436 8: ('UserName', LPWSTR),
1437 }
1439# 2.2.1.7.2 NETLOGON_INFO_1
1440class NETLOGON_INFO_1(NDRSTRUCT):
1441 structure = (
1442 ('netlog1_flags', DWORD),
1443 ('netlog1_pdc_connection_status', NET_API_STATUS),
1444 )
1446class PNETLOGON_INFO_1(NDRPOINTER):
1447 referent = (
1448 ('Data', NETLOGON_INFO_1),
1449 )
1451# 2.2.1.7.3 NETLOGON_INFO_2
1452class NETLOGON_INFO_2(NDRSTRUCT):
1453 structure = (
1454 ('netlog2_flags', DWORD),
1455 ('netlog2_pdc_connection_status', NET_API_STATUS),
1456 ('netlog2_trusted_dc_name', LPWSTR),
1457 ('netlog2_tc_connection_status', NET_API_STATUS),
1458 )
1460class PNETLOGON_INFO_2(NDRPOINTER):
1461 referent = (
1462 ('Data', NETLOGON_INFO_2),
1463 )
1465# 2.2.1.7.4 NETLOGON_INFO_3
1466class NETLOGON_INFO_3(NDRSTRUCT):
1467 structure = (
1468 ('netlog3_flags', DWORD),
1469 ('netlog3_logon_attempts', DWORD),
1470 ('netlog3_reserved1', DWORD),
1471 ('netlog3_reserved2', DWORD),
1472 ('netlog3_reserved3', DWORD),
1473 ('netlog3_reserved4', DWORD),
1474 ('netlog3_reserved5', DWORD),
1475 )
1477class PNETLOGON_INFO_3(NDRPOINTER):
1478 referent = (
1479 ('Data', NETLOGON_INFO_3),
1480 )
1482# 2.2.1.7.5 NETLOGON_INFO_4
1483class NETLOGON_INFO_4(NDRSTRUCT):
1484 structure = (
1485 ('netlog4_trusted_dc_name', LPWSTR),
1486 ('netlog4_trusted_domain_name', LPWSTR),
1487 )
1489class PNETLOGON_INFO_4(NDRPOINTER):
1490 referent = (
1491 ('Data', NETLOGON_INFO_4),
1492 )
1494# 2.2.1.7.6 NETLOGON_CONTROL_QUERY_INFORMATION
1495class NETLOGON_CONTROL_QUERY_INFORMATION(NDRUNION):
1496 commonHdr = (
1497 ('tag', DWORD),
1498 )
1500 union = {
1501 1 : ('NetlogonInfo1', PNETLOGON_INFO_1),
1502 2 : ('NetlogonInfo2', PNETLOGON_INFO_2),
1503 3 : ('NetlogonInfo3', PNETLOGON_INFO_3),
1504 4 : ('NetlogonInfo4', PNETLOGON_INFO_4),
1505 }
1507# 2.2.1.8.1 NETLOGON_VALIDATION_UAS_INFO
1508class NETLOGON_VALIDATION_UAS_INFO(NDRSTRUCT):
1509 structure = (
1510 ('usrlog1_eff_name', DWORD),
1511 ('usrlog1_priv', DWORD),
1512 ('usrlog1_auth_flags', DWORD),
1513 ('usrlog1_num_logons', DWORD),
1514 ('usrlog1_bad_pw_count', DWORD),
1515 ('usrlog1_last_logon', DWORD),
1516 ('usrlog1_last_logoff', DWORD),
1517 ('usrlog1_logoff_time', DWORD),
1518 ('usrlog1_kickoff_time', DWORD),
1519 ('usrlog1_password_age', DWORD),
1520 ('usrlog1_pw_can_change', DWORD),
1521 ('usrlog1_pw_must_change', DWORD),
1522 ('usrlog1_computer', LPWSTR),
1523 ('usrlog1_domain', LPWSTR),
1524 ('usrlog1_script_path', LPWSTR),
1525 ('usrlog1_reserved1', DWORD),
1526 )
1528class PNETLOGON_VALIDATION_UAS_INFO(NDRPOINTER):
1529 referent = (
1530 ('Data', NETLOGON_VALIDATION_UAS_INFO),
1531 )
1533# 2.2.1.8.2 NETLOGON_LOGOFF_UAS_INFO
1534class NETLOGON_LOGOFF_UAS_INFO(NDRSTRUCT):
1535 structure = (
1536 ('Duration', DWORD),
1537 ('LogonCount', USHORT),
1538 )
1540# 2.2.1.8.3 UAS_INFO_0
1541class UAS_INFO_0(NDRSTRUCT):
1542 structure = (
1543 ('ComputerName', '16s=""'),
1544 ('TimeCreated', ULONG),
1545 ('SerialNumber', ULONG),
1546 )
1547 def getAlignment(self):
1548 return 4
1550# 2.2.1.8.4 NETLOGON_DUMMY1
1551class NETLOGON_DUMMY1(NDRUNION):
1552 commonHdr = (
1553 ('tag', DWORD),
1554 )
1556 union = {
1557 1 : ('Dummy', ULONG),
1558 }
1560# 3.5.4.8.2 NetrLogonComputeServerDigest (Opnum 24)
1561class CHAR_FIXED_16_ARRAY(NDRUniFixedArray):
1562 def getDataLen(self, data, offset=0):
1563 return 16
1566################################################################################
1567# SSPI
1568################################################################################
1569# Constants
1570NL_AUTH_MESSAGE_NETBIOS_DOMAIN = 0x1
1571NL_AUTH_MESSAGE_NETBIOS_HOST = 0x2
1572NL_AUTH_MESSAGE_DNS_DOMAIN = 0x4
1573NL_AUTH_MESSAGE_DNS_HOST = 0x8
1574NL_AUTH_MESSAGE_NETBIOS_HOST_UTF8 = 0x10
1576NL_AUTH_MESSAGE_REQUEST = 0x0
1577NL_AUTH_MESSAGE_RESPONSE = 0x1
1579NL_SIGNATURE_HMAC_MD5 = 0x77
1580NL_SIGNATURE_HMAC_SHA256 = 0x13
1581NL_SEAL_NOT_ENCRYPTED = 0xffff
1582NL_SEAL_RC4 = 0x7A
1583NL_SEAL_AES128 = 0x1A
1585# Structures
1586class NL_AUTH_MESSAGE(Structure):
1587 structure = (
1588 ('MessageType','<L=0'),
1589 ('Flags','<L=0'),
1590 ('Buffer',':'),
1591 )
1592 def __init__(self, data = None, alignment = 0):
1593 Structure.__init__(self, data, alignment)
1594 if data is None:
1595 self['Buffer'] = b'\x00'*4
1597class NL_AUTH_SIGNATURE(Structure):
1598 structure = (
1599 ('SignatureAlgorithm','<H=0'),
1600 ('SealAlgorithm','<H=0'),
1601 ('Pad','<H=0xffff'),
1602 ('Flags','<H=0'),
1603 ('SequenceNumber','8s=""'),
1604 ('Checksum','8s=""'),
1605 ('_Confounder','_-Confounder','8'),
1606 ('Confounder',':'),
1607 )
1608 def __init__(self, data = None, alignment = 0):
1609 Structure.__init__(self, data, alignment)
1610 if data is None:
1611 self['Confounder'] = ''
1613class NL_AUTH_SHA2_SIGNATURE(Structure):
1614 structure = (
1615 ('SignatureAlgorithm','<H=0'),
1616 ('SealAlgorithm','<H=0'),
1617 ('Pad','<H=0xffff'),
1618 ('Flags','<H=0'),
1619 ('SequenceNumber','8s=""'),
1620 ('Checksum','32s=""'),
1621 ('_Confounder','_-Confounder','8'),
1622 ('Confounder',':'),
1623 )
1624 def __init__(self, data = None, alignment = 0):
1625 Structure.__init__(self, data, alignment)
1626 if data is None:
1627 self['Confounder'] = ''
1629# Section 3.1.4.4.2
1630def ComputeNetlogonCredential(inputData, Sk):
1631 k1 = Sk[:7]
1632 k3 = crypto.transformKey(k1)
1633 k2 = Sk[7:14]
1634 k4 = crypto.transformKey(k2)
1635 Crypt1 = DES.new(k3, DES.MODE_ECB)
1636 Crypt2 = DES.new(k4, DES.MODE_ECB)
1637 cipherText = Crypt1.encrypt(inputData)
1638 return Crypt2.encrypt(cipherText)
1640# Section 3.1.4.4.1
1641def ComputeNetlogonCredentialAES(inputData, Sk):
1642 IV=b'\x00'*16
1643 Crypt1 = AES.new(Sk, AES.MODE_CFB, IV)
1644 return Crypt1.encrypt(inputData)
1646# Section 3.1.4.3.1
1647def ComputeSessionKeyAES(sharedSecret, clientChallenge, serverChallenge, sharedSecretHash = None):
1648 # added the ability to receive hashes already
1649 if sharedSecretHash is None:
1650 M4SS = ntlm.NTOWFv1(sharedSecret)
1651 else:
1652 M4SS = sharedSecretHash
1654 hm = hmac.new(key=M4SS, digestmod=hashlib.sha256)
1655 hm.update(clientChallenge)
1656 hm.update(serverChallenge)
1657 sessionKey = hm.digest()
1659 return sessionKey[:16]
1661# 3.1.4.3.2 Strong-key Session-Key
1662def ComputeSessionKeyStrongKey(sharedSecret, clientChallenge, serverChallenge, sharedSecretHash = None):
1663 # added the ability to receive hashes already
1665 if sharedSecretHash is None: 1665 ↛ 1666line 1665 didn't jump to line 1666, because the condition on line 1665 was never true
1666 M4SS = ntlm.NTOWFv1(sharedSecret)
1667 else:
1668 M4SS = sharedSecretHash
1670 md5 = hashlib.new('md5')
1671 md5.update(b'\x00'*4)
1672 md5.update(clientChallenge)
1673 md5.update(serverChallenge)
1674 finalMD5 = md5.digest()
1675 hm = hmac.new(M4SS, digestmod=hashlib.md5)
1676 hm.update(finalMD5)
1677 return hm.digest()
1679def deriveSequenceNumber(sequenceNum):
1680 sequenceLow = sequenceNum & 0xffffffff
1681 sequenceHigh = (sequenceNum >> 32) & 0xffffffff
1682 sequenceHigh |= 0x80000000
1684 res = pack('>L', sequenceLow)
1685 res += pack('>L', sequenceHigh)
1686 return res
1688def ComputeNetlogonSignatureAES(authSignature, message, confounder, sessionKey):
1689 # [MS-NRPC] Section 3.3.4.2.1, point 7
1690 hm = hmac.new(key=sessionKey, digestmod=hashlib.sha256)
1691 hm.update(authSignature.getData()[:8])
1692 # If no confidentiality requested, it should be ''
1693 hm.update(confounder)
1694 hm.update(bytes(message))
1695 return hm.digest()[:8]+'\x00'*24
1697def ComputeNetlogonSignatureMD5(authSignature, message, confounder, sessionKey):
1698 # [MS-NRPC] Section 3.3.4.2.1, point 7
1699 md5 = hashlib.new('md5')
1700 md5.update(b'\x00'*4)
1701 md5.update(authSignature.getData()[:8])
1702 # If no confidentiality requested, it should be ''
1703 md5.update(confounder)
1704 md5.update(bytes(message))
1705 finalMD5 = md5.digest()
1706 hm = hmac.new(sessionKey, digestmod=hashlib.md5)
1707 hm.update(finalMD5)
1708 return hm.digest()[:8]
1710def encryptSequenceNumberRC4(sequenceNum, checkSum, sessionKey):
1711 # [MS-NRPC] Section 3.3.4.2.1, point 9
1713 hm = hmac.new(sessionKey, digestmod=hashlib.md5)
1714 hm.update(b'\x00'*4)
1715 hm2 = hmac.new(hm.digest(), digestmod=hashlib.md5)
1716 hm2.update(checkSum)
1717 encryptionKey = hm2.digest()
1719 cipher = ARC4.new(encryptionKey)
1720 return cipher.encrypt(sequenceNum)
1722def decryptSequenceNumberRC4(sequenceNum, checkSum, sessionKey):
1723 # [MS-NRPC] Section 3.3.4.2.2, point 5
1725 return encryptSequenceNumberRC4(sequenceNum, checkSum, sessionKey)
1727def encryptSequenceNumberAES(sequenceNum, checkSum, sessionKey):
1728 # [MS-NRPC] Section 3.3.4.2.1, point 9
1729 IV = checkSum[:8] + checkSum[:8]
1730 Cipher = AES.new(sessionKey, AES.MODE_CFB, IV)
1731 return Cipher.encrypt(sequenceNum)
1733def decryptSequenceNumberAES(sequenceNum, checkSum, sessionKey):
1734 # [MS-NRPC] Section 3.3.4.2.1, point 9
1735 IV = checkSum[:8] + checkSum[:8]
1736 Cipher = AES.new(sessionKey, AES.MODE_CFB, IV)
1737 return Cipher.decrypt(sequenceNum)
1739def SIGN(data, confounder, sequenceNum, key, aes = False):
1740 if aes is False:
1741 signature = NL_AUTH_SIGNATURE()
1742 signature['SignatureAlgorithm'] = NL_SIGNATURE_HMAC_MD5
1743 if confounder == '':
1744 signature['SealAlgorithm'] = NL_SEAL_NOT_ENCRYPTED
1745 else:
1746 signature['SealAlgorithm'] = NL_SEAL_RC4
1747 signature['Checksum'] = ComputeNetlogonSignatureMD5(signature, data, confounder, key)
1748 signature['SequenceNumber'] = encryptSequenceNumberRC4(deriveSequenceNumber(sequenceNum), signature['Checksum'], key)
1749 return signature
1750 else:
1751 signature = NL_AUTH_SIGNATURE()
1752 signature['SignatureAlgorithm'] = NL_SIGNATURE_HMAC_SHA256
1753 if confounder == '':
1754 signature['SealAlgorithm'] = NL_SEAL_NOT_ENCRYPTED
1755 else:
1756 signature['SealAlgorithm'] = NL_SEAL_AES128
1757 signature['Checksum'] = ComputeNetlogonSignatureAES(signature, data, confounder, key)
1758 signature['SequenceNumber'] = encryptSequenceNumberAES(deriveSequenceNumber(sequenceNum), signature['Checksum'], key)
1759 return signature
1761def SEAL(data, confounder, sequenceNum, key, aes = False):
1762 signature = SIGN(data, confounder, sequenceNum, key, aes)
1763 sequenceNum = deriveSequenceNumber(sequenceNum)
1765 XorKey = bytearray(key)
1766 for i in range(len(XorKey)):
1767 XorKey[i] = XorKey[i] ^ 0xf0
1769 XorKey = bytes(XorKey)
1771 if aes is False:
1772 hm = hmac.new(XorKey, digestmod=hashlib.md5)
1773 hm.update(b'\x00'*4)
1774 hm2 = hmac.new(hm.digest(), digestmod=hashlib.md5)
1775 hm2.update(sequenceNum)
1776 encryptionKey = hm2.digest()
1778 cipher = ARC4.new(encryptionKey)
1779 cfounder = cipher.encrypt(confounder)
1780 cipher = ARC4.new(encryptionKey)
1781 encrypted = cipher.encrypt(data)
1783 signature['Confounder'] = cfounder
1785 return encrypted, signature
1786 else:
1787 IV = sequenceNum + sequenceNum
1788 cipher = AES.new(XorKey, AES.MODE_CFB, IV)
1789 cfounder = cipher.encrypt(confounder)
1790 encrypted = cipher.encrypt(data)
1792 signature['Confounder'] = cfounder
1794 return encrypted, signature
1796def UNSEAL(data, auth_data, key, aes = False):
1797 auth_data = NL_AUTH_SIGNATURE(auth_data)
1798 XorKey = bytearray(key)
1799 for i in range(len(XorKey)):
1800 XorKey[i] = XorKey[i] ^ 0xf0
1802 XorKey = bytes(XorKey)
1804 if aes is False:
1805 sequenceNum = decryptSequenceNumberRC4(auth_data['SequenceNumber'], auth_data['Checksum'], key)
1806 hm = hmac.new(XorKey, digestmod=hashlib.md5)
1807 hm.update(b'\x00'*4)
1808 hm2 = hmac.new(hm.digest(), digestmod=hashlib.md5)
1809 hm2.update(sequenceNum)
1810 encryptionKey = hm2.digest()
1812 cipher = ARC4.new(encryptionKey)
1813 cfounder = cipher.encrypt(auth_data['Confounder'])
1814 cipher = ARC4.new(encryptionKey)
1815 plain = cipher.encrypt(data)
1817 return plain, cfounder
1818 else:
1819 sequenceNum = decryptSequenceNumberAES(auth_data['SequenceNumber'], auth_data['Checksum'], key)
1820 IV = sequenceNum + sequenceNum
1821 cipher = AES.new(XorKey, AES.MODE_CFB, IV)
1822 cfounder = cipher.decrypt(auth_data['Confounder'])
1823 plain = cipher.decrypt(data)
1824 return plain, cfounder
1827def getSSPType1(workstation='', domain='', signingRequired=False):
1828 auth = NL_AUTH_MESSAGE()
1829 auth['Flags'] = 0
1830 auth['Buffer'] = b''
1831 auth['Flags'] |= NL_AUTH_MESSAGE_NETBIOS_DOMAIN
1832 if domain != '':
1833 auth['Buffer'] = auth['Buffer'] + b(domain) + b'\x00'
1834 else:
1835 auth['Buffer'] += b'WORKGROUP\x00'
1837 auth['Flags'] |= NL_AUTH_MESSAGE_NETBIOS_HOST
1839 if workstation != '':
1840 auth['Buffer'] = auth['Buffer'] + b(workstation) + b'\x00'
1841 else:
1842 auth['Buffer'] += b'MYHOST\x00'
1844 auth['Flags'] |= NL_AUTH_MESSAGE_NETBIOS_HOST_UTF8
1846 if workstation != '':
1847 auth['Buffer'] += pack('<B',len(workstation)) + b(workstation) + b'\x00'
1848 else:
1849 auth['Buffer'] += b'\x06MYHOST\x00'
1851 return auth
1853################################################################################
1854# RPC CALLS
1855################################################################################
1856# 3.5.4.3.1 DsrGetDcNameEx2 (Opnum 34)
1857class DsrGetDcNameEx2(NDRCALL):
1858 opnum = 34
1859 structure = (
1860 ('ComputerName',PLOGONSRV_HANDLE),
1861 ('AccountName', LPWSTR),
1862 ('AllowableAccountControlBits', ULONG),
1863 ('DomainName',LPWSTR),
1864 ('DomainGuid',PGUID),
1865 ('SiteName',LPWSTR),
1866 ('Flags',ULONG),
1867 )
1869class DsrGetDcNameEx2Response(NDRCALL):
1870 structure = (
1871 ('DomainControllerInfo',PDOMAIN_CONTROLLER_INFOW),
1872 ('ErrorCode',NET_API_STATUS),
1873 )
1875# 3.5.4.3.2 DsrGetDcNameEx (Opnum 27)
1876class DsrGetDcNameEx(NDRCALL):
1877 opnum = 27
1878 structure = (
1879 ('ComputerName',PLOGONSRV_HANDLE),
1880 ('DomainName',LPWSTR),
1881 ('DomainGuid',PGUID),
1882 ('SiteName',LPWSTR),
1883 ('Flags',ULONG),
1884 )
1886class DsrGetDcNameExResponse(NDRCALL):
1887 structure = (
1888 ('DomainControllerInfo',PDOMAIN_CONTROLLER_INFOW),
1889 ('ErrorCode',NET_API_STATUS),
1890 )
1892# 3.5.4.3.3 DsrGetDcName (Opnum 20)
1893class DsrGetDcName(NDRCALL):
1894 opnum = 20
1895 structure = (
1896 ('ComputerName',PLOGONSRV_HANDLE),
1897 ('DomainName',LPWSTR),
1898 ('DomainGuid',PGUID),
1899 ('SiteGuid',PGUID),
1900 ('Flags',ULONG),
1901 )
1903class DsrGetDcNameResponse(NDRCALL):
1904 structure = (
1905 ('DomainControllerInfo',PDOMAIN_CONTROLLER_INFOW),
1906 ('ErrorCode',NET_API_STATUS),
1907 )
1909# 3.5.4.3.4 NetrGetDCName (Opnum 11)
1910class NetrGetDCName(NDRCALL):
1911 opnum = 11
1912 structure = (
1913 ('ServerName',LOGONSRV_HANDLE),
1914 ('DomainName',LPWSTR),
1915 )
1917class NetrGetDCNameResponse(NDRCALL):
1918 structure = (
1919 ('Buffer',LPWSTR),
1920 ('ErrorCode',NET_API_STATUS),
1921 )
1923# 3.5.4.3.5 NetrGetAnyDCName (Opnum 13)
1924class NetrGetAnyDCName(NDRCALL):
1925 opnum = 13
1926 structure = (
1927 ('ServerName',PLOGONSRV_HANDLE),
1928 ('DomainName',LPWSTR),
1929 )
1931class NetrGetAnyDCNameResponse(NDRCALL):
1932 structure = (
1933 ('Buffer',LPWSTR),
1934 ('ErrorCode',NET_API_STATUS),
1935 )
1937# 3.5.4.3.6 DsrGetSiteName (Opnum 28)
1938class DsrGetSiteName(NDRCALL):
1939 opnum = 28
1940 structure = (
1941 ('ComputerName',PLOGONSRV_HANDLE),
1942 )
1944class DsrGetSiteNameResponse(NDRCALL):
1945 structure = (
1946 ('SiteName',LPWSTR),
1947 ('ErrorCode',NET_API_STATUS),
1948 )
1950# 3.5.4.3.7 DsrGetDcSiteCoverageW (Opnum 38)
1951class DsrGetDcSiteCoverageW(NDRCALL):
1952 opnum = 38
1953 structure = (
1954 ('ServerName',PLOGONSRV_HANDLE),
1955 )
1957class DsrGetDcSiteCoverageWResponse(NDRCALL):
1958 structure = (
1959 ('SiteNames',PNL_SITE_NAME_ARRAY),
1960 ('ErrorCode',NET_API_STATUS),
1961 )
1963# 3.5.4.3.8 DsrAddressToSiteNamesW (Opnum 33)
1964class DsrAddressToSiteNamesW(NDRCALL):
1965 opnum = 33
1966 structure = (
1967 ('ComputerName',PLOGONSRV_HANDLE),
1968 ('EntryCount',ULONG),
1969 ('SocketAddresses',NL_SOCKET_ADDRESS_ARRAY),
1970 )
1972class DsrAddressToSiteNamesWResponse(NDRCALL):
1973 structure = (
1974 ('SiteNames',PNL_SITE_NAME_ARRAY),
1975 ('ErrorCode',NET_API_STATUS),
1976 )
1978# 3.5.4.3.9 DsrAddressToSiteNamesExW (Opnum 37)
1979class DsrAddressToSiteNamesExW(NDRCALL):
1980 opnum = 37
1981 structure = (
1982 ('ComputerName',PLOGONSRV_HANDLE),
1983 ('EntryCount',ULONG),
1984 ('SocketAddresses',NL_SOCKET_ADDRESS_ARRAY),
1985 )
1987class DsrAddressToSiteNamesExWResponse(NDRCALL):
1988 structure = (
1989 ('SiteNames',PNL_SITE_NAME_EX_ARRAY),
1990 ('ErrorCode',NET_API_STATUS),
1991 )
1993# 3.5.4.3.10 DsrDeregisterDnsHostRecords (Opnum 41)
1994class DsrDeregisterDnsHostRecords(NDRCALL):
1995 opnum = 41
1996 structure = (
1997 ('ServerName',PLOGONSRV_HANDLE),
1998 ('DnsDomainName',LPWSTR),
1999 ('DomainGuid',PGUID),
2000 ('DsaGuid',PGUID),
2001 ('DnsHostName',WSTR),
2002 )
2004class DsrDeregisterDnsHostRecordsResponse(NDRCALL):
2005 structure = (
2006 ('ErrorCode',NET_API_STATUS),
2007 )
2009# 3.5.4.3.11 DSRUpdateReadOnlyServerDnsRecords (Opnum 48)
2010class DSRUpdateReadOnlyServerDnsRecords(NDRCALL):
2011 opnum = 48
2012 structure = (
2013 ('ServerName',PLOGONSRV_HANDLE),
2014 ('ComputerName',WSTR),
2015 ('Authenticator',NETLOGON_AUTHENTICATOR),
2016 ('SiteName',LPWSTR),
2017 ('DnsTtl',ULONG),
2018 ('DnsNames',NL_DNS_NAME_INFO_ARRAY),
2019 )
2021class DSRUpdateReadOnlyServerDnsRecordsResponse(NDRCALL):
2022 structure = (
2023 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2024 ('DnsNames',NL_DNS_NAME_INFO_ARRAY),
2025 ('ErrorCode',NTSTATUS),
2026 )
2028# 3.5.4.4.1 NetrServerReqChallenge (Opnum 4)
2029class NetrServerReqChallenge(NDRCALL):
2030 opnum = 4
2031 structure = (
2032 ('PrimaryName',PLOGONSRV_HANDLE),
2033 ('ComputerName',WSTR),
2034 ('ClientChallenge',NETLOGON_CREDENTIAL),
2035 )
2037class NetrServerReqChallengeResponse(NDRCALL):
2038 structure = (
2039 ('ServerChallenge',NETLOGON_CREDENTIAL),
2040 ('ErrorCode',NTSTATUS),
2041 )
2043# 3.5.4.4.2 NetrServerAuthenticate3 (Opnum 26)
2044class NetrServerAuthenticate3(NDRCALL):
2045 opnum = 26
2046 structure = (
2047 ('PrimaryName',PLOGONSRV_HANDLE),
2048 ('AccountName',WSTR),
2049 ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE),
2050 ('ComputerName',WSTR),
2051 ('ClientCredential',NETLOGON_CREDENTIAL),
2052 ('NegotiateFlags',ULONG),
2053 )
2055class NetrServerAuthenticate3Response(NDRCALL):
2056 structure = (
2057 ('ServerCredential',NETLOGON_CREDENTIAL),
2058 ('NegotiateFlags',ULONG),
2059 ('AccountRid',ULONG),
2060 ('ErrorCode',NTSTATUS),
2061 )
2063# 3.5.4.4.3 NetrServerAuthenticate2 (Opnum 15)
2064class NetrServerAuthenticate2(NDRCALL):
2065 opnum = 15
2066 structure = (
2067 ('PrimaryName',PLOGONSRV_HANDLE),
2068 ('AccountName',WSTR),
2069 ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE),
2070 ('ComputerName',WSTR),
2071 ('ClientCredential',NETLOGON_CREDENTIAL),
2072 ('NegotiateFlags',ULONG),
2073 )
2075class NetrServerAuthenticate2Response(NDRCALL):
2076 structure = (
2077 ('ServerCredential',NETLOGON_CREDENTIAL),
2078 ('NegotiateFlags',ULONG),
2079 ('ErrorCode',NTSTATUS),
2080 )
2082# 3.5.4.4.4 NetrServerAuthenticate (Opnum 5)
2083class NetrServerAuthenticate(NDRCALL):
2084 opnum = 5
2085 structure = (
2086 ('PrimaryName',PLOGONSRV_HANDLE),
2087 ('AccountName',WSTR),
2088 ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE),
2089 ('ComputerName',WSTR),
2090 ('ClientCredential',NETLOGON_CREDENTIAL),
2091 )
2093class NetrServerAuthenticateResponse(NDRCALL):
2094 structure = (
2095 ('ServerCredential',NETLOGON_CREDENTIAL),
2096 ('ErrorCode',NTSTATUS),
2097 )
2099# 3.5.4.4.5 NetrServerPasswordSet2 (Opnum 30)
2100class NetrServerPasswordSet2(NDRCALL):
2101 opnum = 30
2102 structure = (
2103 ('PrimaryName',PLOGONSRV_HANDLE),
2104 ('AccountName',WSTR),
2105 ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE),
2106 ('ComputerName',WSTR),
2107 ('Authenticator',NETLOGON_AUTHENTICATOR),
2108 #('ClearNewPassword',NL_TRUST_PASSWORD),
2109 ('ClearNewPassword',NL_TRUST_PASSWORD_FIXED_ARRAY),
2110 )
2112class NetrServerPasswordSet2Response(NDRCALL):
2113 structure = (
2114 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2115 ('ErrorCode',NTSTATUS),
2116 )
2118# 3.5.4.4.6 NetrServerPasswordSet (Opnum 6)
2120# 3.5.4.4.7 NetrServerPasswordGet (Opnum 31)
2121class NetrServerPasswordGet(NDRCALL):
2122 opnum = 31
2123 structure = (
2124 ('PrimaryName',PLOGONSRV_HANDLE),
2125 ('AccountName',WSTR),
2126 ('AccountType',NETLOGON_SECURE_CHANNEL_TYPE),
2127 ('ComputerName',WSTR),
2128 ('Authenticator',NETLOGON_AUTHENTICATOR),
2129 )
2131class NetrServerPasswordGetResponse(NDRCALL):
2132 structure = (
2133 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2134 ('EncryptedNtOwfPassword',ENCRYPTED_NT_OWF_PASSWORD),
2135 ('ErrorCode',NTSTATUS),
2136 )
2138# 3.5.4.4.8 NetrServerTrustPasswordsGet (Opnum 42)
2139class NetrServerTrustPasswordsGet(NDRCALL):
2140 opnum = 42
2141 structure = (
2142 ('TrustedDcName',PLOGONSRV_HANDLE),
2143 ('AccountName',WSTR),
2144 ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE),
2145 ('ComputerName',WSTR),
2146 ('Authenticator',NETLOGON_AUTHENTICATOR),
2147 )
2149class NetrServerTrustPasswordsGetResponse(NDRCALL):
2150 structure = (
2151 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2152 ('EncryptedNewOwfPassword',ENCRYPTED_NT_OWF_PASSWORD),
2153 ('EncryptedOldOwfPassword',ENCRYPTED_NT_OWF_PASSWORD),
2154 ('ErrorCode',NTSTATUS),
2155 )
2157# 3.5.4.4.9 NetrLogonGetDomainInfo (Opnum 29)
2158class NetrLogonGetDomainInfo(NDRCALL):
2159 opnum = 29
2160 structure = (
2161 ('ServerName',LOGONSRV_HANDLE),
2162 ('ComputerName',LPWSTR),
2163 ('Authenticator',NETLOGON_AUTHENTICATOR),
2164 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2165 ('Level',DWORD),
2166 ('WkstaBuffer',NETLOGON_WORKSTATION_INFORMATION),
2167 )
2169class NetrLogonGetDomainInfoResponse(NDRCALL):
2170 structure = (
2171 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2172 ('DomBuffer',NETLOGON_DOMAIN_INFORMATION),
2173 ('ErrorCode',NTSTATUS),
2174 )
2176# 3.5.4.4.10 NetrLogonGetCapabilities (Opnum 21)
2177class NetrLogonGetCapabilities(NDRCALL):
2178 opnum = 21
2179 structure = (
2180 ('ServerName',LOGONSRV_HANDLE),
2181 ('ComputerName',LPWSTR),
2182 ('Authenticator',NETLOGON_AUTHENTICATOR),
2183 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2184 ('QueryLevel',DWORD),
2185 )
2187class NetrLogonGetCapabilitiesResponse(NDRCALL):
2188 structure = (
2189 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2190 ('ServerCapabilities',NETLOGON_CAPABILITIES),
2191 ('ErrorCode',NTSTATUS),
2192 )
2194# 3.5.4.4.11 NetrChainSetClientAttributes (Opnum 49)
2196# 3.5.4.5.1 NetrLogonSamLogonEx (Opnum 39)
2197class NetrLogonSamLogonEx(NDRCALL):
2198 opnum = 39
2199 structure = (
2200 ('LogonServer',LPWSTR),
2201 ('ComputerName',LPWSTR),
2202 ('LogonLevel',NETLOGON_LOGON_INFO_CLASS),
2203 ('LogonInformation',NETLOGON_LEVEL),
2204 ('ValidationLevel',NETLOGON_VALIDATION_INFO_CLASS),
2205 ('ExtraFlags',ULONG),
2206 )
2208class NetrLogonSamLogonExResponse(NDRCALL):
2209 structure = (
2210 ('ValidationInformation',NETLOGON_VALIDATION),
2211 ('Authoritative',UCHAR),
2212 ('ExtraFlags',ULONG),
2213 ('ErrorCode',NTSTATUS),
2214 )
2216# 3.5.4.5.2 NetrLogonSamLogonWithFlags (Opnum 45)
2217class NetrLogonSamLogonWithFlags(NDRCALL):
2218 opnum = 45
2219 structure = (
2220 ('LogonServer',LPWSTR),
2221 ('ComputerName',LPWSTR),
2222 ('Authenticator',PNETLOGON_AUTHENTICATOR),
2223 ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR),
2224 ('LogonLevel',NETLOGON_LOGON_INFO_CLASS),
2225 ('LogonInformation',NETLOGON_LEVEL),
2226 ('ValidationLevel',NETLOGON_VALIDATION_INFO_CLASS),
2227 ('ExtraFlags',ULONG),
2228 )
2230class NetrLogonSamLogonWithFlagsResponse(NDRCALL):
2231 structure = (
2232 ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR),
2233 ('ValidationInformation',NETLOGON_VALIDATION),
2234 ('Authoritative',UCHAR),
2235 ('ExtraFlags',ULONG),
2236 ('ErrorCode',NTSTATUS),
2237 )
2239# 3.5.4.5.3 NetrLogonSamLogon (Opnum 2)
2240class NetrLogonSamLogon(NDRCALL):
2241 opnum = 2
2242 structure = (
2243 ('LogonServer',LPWSTR),
2244 ('ComputerName',LPWSTR),
2245 ('Authenticator',PNETLOGON_AUTHENTICATOR),
2246 ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR),
2247 ('LogonLevel',NETLOGON_LOGON_INFO_CLASS),
2248 ('LogonInformation',NETLOGON_LEVEL),
2249 ('ValidationLevel',NETLOGON_VALIDATION_INFO_CLASS),
2250 )
2252class NetrLogonSamLogonResponse(NDRCALL):
2253 structure = (
2254 ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR),
2255 ('ValidationInformation',NETLOGON_VALIDATION),
2256 ('Authoritative',UCHAR),
2257 ('ErrorCode',NTSTATUS),
2258 )
2260# 3.5.4.5.4 NetrLogonSamLogoff (Opnum 3)
2261class NetrLogonSamLogoff(NDRCALL):
2262 opnum = 3
2263 structure = (
2264 ('LogonServer',LPWSTR),
2265 ('ComputerName',LPWSTR),
2266 ('Authenticator',PNETLOGON_AUTHENTICATOR),
2267 ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR),
2268 ('LogonLevel',NETLOGON_LOGON_INFO_CLASS),
2269 ('LogonInformation',NETLOGON_LEVEL),
2270 )
2272class NetrLogonSamLogoffResponse(NDRCALL):
2273 structure = (
2274 ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR),
2275 ('ErrorCode',NTSTATUS),
2276 )
2278# 3.5.4.6.1 NetrDatabaseDeltas (Opnum 7)
2279class NetrDatabaseDeltas(NDRCALL):
2280 opnum = 7
2281 structure = (
2282 ('PrimaryName',LOGONSRV_HANDLE),
2283 ('ComputerName',WSTR),
2284 ('Authenticator',NETLOGON_AUTHENTICATOR),
2285 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2286 ('DatabaseID',DWORD),
2287 ('DomainModifiedCount',NLPR_MODIFIED_COUNT),
2288 ('PreferredMaximumLength',DWORD),
2289 )
2291class NetrDatabaseDeltasResponse(NDRCALL):
2292 structure = (
2293 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2294 ('DomainModifiedCount',NLPR_MODIFIED_COUNT),
2295 ('DeltaArray',PNETLOGON_DELTA_ENUM_ARRAY),
2296 ('ErrorCode',NTSTATUS),
2297 )
2299# 3.5.4.6.2 NetrDatabaseSync2 (Opnum 16)
2300class NetrDatabaseSync2(NDRCALL):
2301 opnum = 16
2302 structure = (
2303 ('PrimaryName',LOGONSRV_HANDLE),
2304 ('ComputerName',WSTR),
2305 ('Authenticator',NETLOGON_AUTHENTICATOR),
2306 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2307 ('DatabaseID',DWORD),
2308 ('RestartState',SYNC_STATE),
2309 ('SyncContext',ULONG),
2310 ('PreferredMaximumLength',DWORD),
2311 )
2313class NetrDatabaseSync2Response(NDRCALL):
2314 structure = (
2315 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2316 ('SyncContext',ULONG),
2317 ('DeltaArray',PNETLOGON_DELTA_ENUM_ARRAY),
2318 ('ErrorCode',NTSTATUS),
2319 )
2321# 3.5.4.6.3 NetrDatabaseSync (Opnum 8)
2322class NetrDatabaseSync(NDRCALL):
2323 opnum = 8
2324 structure = (
2325 ('PrimaryName',LOGONSRV_HANDLE),
2326 ('ComputerName',WSTR),
2327 ('Authenticator',NETLOGON_AUTHENTICATOR),
2328 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2329 ('DatabaseID',DWORD),
2330 ('SyncContext',ULONG),
2331 ('PreferredMaximumLength',DWORD),
2332 )
2334class NetrDatabaseSyncResponse(NDRCALL):
2335 structure = (
2336 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2337 ('SyncContext',ULONG),
2338 ('DeltaArray',PNETLOGON_DELTA_ENUM_ARRAY),
2339 ('ErrorCode',NTSTATUS),
2340 )
2342# 3.5.4.6.4 NetrDatabaseRedo (Opnum 17)
2343class NetrDatabaseRedo(NDRCALL):
2344 opnum = 17
2345 structure = (
2346 ('PrimaryName',LOGONSRV_HANDLE),
2347 ('ComputerName',WSTR),
2348 ('Authenticator',NETLOGON_AUTHENTICATOR),
2349 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2350 ('ChangeLogEntry',PUCHAR_ARRAY),
2351 ('ChangeLogEntrySize',DWORD),
2352 )
2354class NetrDatabaseRedoResponse(NDRCALL):
2355 structure = (
2356 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2357 ('DeltaArray',PNETLOGON_DELTA_ENUM_ARRAY),
2358 ('ErrorCode',NTSTATUS),
2359 )
2361# 3.5.4.7.1 DsrEnumerateDomainTrusts (Opnum 40)
2362class DsrEnumerateDomainTrusts(NDRCALL):
2363 opnum = 40
2364 structure = (
2365 ('ServerName',PLOGONSRV_HANDLE),
2366 ('Flags',ULONG),
2367 )
2369class DsrEnumerateDomainTrustsResponse(NDRCALL):
2370 structure = (
2371 ('Domains',NETLOGON_TRUSTED_DOMAIN_ARRAY),
2372 ('ErrorCode',NTSTATUS),
2373 )
2375# 3.5.4.7.2 NetrEnumerateTrustedDomainsEx (Opnum 36)
2376class NetrEnumerateTrustedDomainsEx(NDRCALL):
2377 opnum = 36
2378 structure = (
2379 ('ServerName',PLOGONSRV_HANDLE),
2380 )
2382class NetrEnumerateTrustedDomainsExResponse(NDRCALL):
2383 structure = (
2384 ('Domains',NETLOGON_TRUSTED_DOMAIN_ARRAY),
2385 ('ErrorCode',NTSTATUS),
2386 )
2388# 3.5.4.7.3 NetrEnumerateTrustedDomains (Opnum 19)
2389class NetrEnumerateTrustedDomains(NDRCALL):
2390 opnum = 19
2391 structure = (
2392 ('ServerName',PLOGONSRV_HANDLE),
2393 )
2395class NetrEnumerateTrustedDomainsResponse(NDRCALL):
2396 structure = (
2397 ('DomainNameBuffer',DOMAIN_NAME_BUFFER),
2398 ('ErrorCode',NTSTATUS),
2399 )
2401# 3.5.4.7.4 NetrGetForestTrustInformation (Opnum 44)
2402class NetrGetForestTrustInformation(NDRCALL):
2403 opnum = 44
2404 structure = (
2405 ('ServerName',PLOGONSRV_HANDLE),
2406 ('ComputerName',WSTR),
2407 ('Authenticator',NETLOGON_AUTHENTICATOR),
2408 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2409 ('Flags',DWORD),
2410 )
2412class NetrGetForestTrustInformationResponse(NDRCALL):
2413 structure = (
2414 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2415 ('ForestTrustInfo',PLSA_FOREST_TRUST_INFORMATION),
2416 ('ErrorCode',NTSTATUS),
2417 )
2419# 3.5.4.7.5 DsrGetForestTrustInformation (Opnum 43)
2420class DsrGetForestTrustInformation(NDRCALL):
2421 opnum = 43
2422 structure = (
2423 ('ServerName',PLOGONSRV_HANDLE),
2424 ('TrustedDomainName',LPWSTR),
2425 ('Flags',DWORD),
2426 )
2428class DsrGetForestTrustInformationResponse(NDRCALL):
2429 structure = (
2430 ('ForestTrustInfo',PLSA_FOREST_TRUST_INFORMATION),
2431 ('ErrorCode',NTSTATUS),
2432 )
2434# 3.5.4.7.6 NetrServerGetTrustInfo (Opnum 46)
2435class NetrServerGetTrustInfo(NDRCALL):
2436 opnum = 46
2437 structure = (
2438 ('TrustedDcName',PLOGONSRV_HANDLE),
2439 ('AccountName',WSTR),
2440 ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE),
2441 ('ComputerName',WSTR),
2442 ('Authenticator',NETLOGON_AUTHENTICATOR),
2443 )
2445class NetrServerGetTrustInfoResponse(NDRCALL):
2446 structure = (
2447 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2448 ('EncryptedNewOwfPassword',ENCRYPTED_NT_OWF_PASSWORD),
2449 ('EncryptedOldOwfPassword',ENCRYPTED_NT_OWF_PASSWORD),
2450 ('TrustInfo',PNL_GENERIC_RPC_DATA),
2451 ('ErrorCode',NTSTATUS),
2452 )
2454# 3.5.4.8.1 NetrLogonGetTrustRid (Opnum 23)
2455class NetrLogonGetTrustRid(NDRCALL):
2456 opnum = 23
2457 structure = (
2458 ('ServerName',PLOGONSRV_HANDLE),
2459 ('DomainName',LPWSTR),
2460 )
2462class NetrLogonGetTrustRidResponse(NDRCALL):
2463 structure = (
2464 ('Rid',ULONG),
2465 ('ErrorCode',NTSTATUS),
2466 )
2468# 3.5.4.8.2 NetrLogonComputeServerDigest (Opnum 24)
2469class NetrLogonComputeServerDigest(NDRCALL):
2470 opnum = 24
2471 structure = (
2472 ('ServerName',PLOGONSRV_HANDLE),
2473 ('Rid',ULONG),
2474 ('Message',UCHAR_ARRAY),
2475 ('MessageSize',ULONG),
2476 )
2478class NetrLogonComputeServerDigestResponse(NDRCALL):
2479 structure = (
2480 ('NewMessageDigest',CHAR_FIXED_16_ARRAY),
2481 ('OldMessageDigest',CHAR_FIXED_16_ARRAY),
2482 ('ErrorCode',NTSTATUS),
2483 )
2485# 3.5.4.8.3 NetrLogonComputeClientDigest (Opnum 25)
2486class NetrLogonComputeClientDigest(NDRCALL):
2487 opnum = 25
2488 structure = (
2489 ('ServerName',PLOGONSRV_HANDLE),
2490 ('DomainName',LPWSTR),
2491 ('Message',UCHAR_ARRAY),
2492 ('MessageSize',ULONG),
2493 )
2495class NetrLogonComputeClientDigestResponse(NDRCALL):
2496 structure = (
2497 ('NewMessageDigest',CHAR_FIXED_16_ARRAY),
2498 ('OldMessageDigest',CHAR_FIXED_16_ARRAY),
2499 ('ErrorCode',NTSTATUS),
2500 )
2502# 3.5.4.8.4 NetrLogonSendToSam (Opnum 32)
2503class NetrLogonSendToSam(NDRCALL):
2504 opnum = 32
2505 structure = (
2506 ('PrimaryName',PLOGONSRV_HANDLE),
2507 ('ComputerName',WSTR),
2508 ('Authenticator',NETLOGON_AUTHENTICATOR),
2509 ('OpaqueBuffer',UCHAR_ARRAY),
2510 ('OpaqueBufferSize',ULONG),
2511 )
2513class NetrLogonSendToSamResponse(NDRCALL):
2514 structure = (
2515 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2516 ('ErrorCode',NTSTATUS),
2517 )
2519# 3.5.4.8.5 NetrLogonSetServiceBits (Opnum 22)
2520class NetrLogonSetServiceBits(NDRCALL):
2521 opnum = 22
2522 structure = (
2523 ('ServerName',PLOGONSRV_HANDLE),
2524 ('ServiceBitsOfInterest',DWORD),
2525 ('ServiceBits',DWORD),
2526 )
2528class NetrLogonSetServiceBitsResponse(NDRCALL):
2529 structure = (
2530 ('ErrorCode',NTSTATUS),
2531 )
2533# 3.5.4.8.6 NetrLogonGetTimeServiceParentDomain (Opnum 35)
2534class NetrLogonGetTimeServiceParentDomain(NDRCALL):
2535 opnum = 35
2536 structure = (
2537 ('ServerName',PLOGONSRV_HANDLE),
2538 )
2540class NetrLogonGetTimeServiceParentDomainResponse(NDRCALL):
2541 structure = (
2542 ('DomainName',LPWSTR),
2543 ('PdcSameSite',LONG),
2544 ('ErrorCode',NET_API_STATUS),
2545 )
2547# 3.5.4.9.1 NetrLogonControl2Ex (Opnum 18)
2548class NetrLogonControl2Ex(NDRCALL):
2549 opnum = 18
2550 structure = (
2551 ('ServerName',PLOGONSRV_HANDLE),
2552 ('FunctionCode',DWORD),
2553 ('QueryLevel',DWORD),
2554 ('Data',NETLOGON_CONTROL_DATA_INFORMATION),
2555 )
2557class NetrLogonControl2ExResponse(NDRCALL):
2558 structure = (
2559 ('Buffer',NETLOGON_CONTROL_DATA_INFORMATION),
2560 ('ErrorCode',NET_API_STATUS),
2561 )
2563# 3.5.4.9.2 NetrLogonControl2 (Opnum 14)
2564class NetrLogonControl2(NDRCALL):
2565 opnum = 14
2566 structure = (
2567 ('ServerName',PLOGONSRV_HANDLE),
2568 ('FunctionCode',DWORD),
2569 ('QueryLevel',DWORD),
2570 ('Data',NETLOGON_CONTROL_DATA_INFORMATION),
2571 )
2573class NetrLogonControl2Response(NDRCALL):
2574 structure = (
2575 ('Buffer',NETLOGON_CONTROL_DATA_INFORMATION),
2576 ('ErrorCode',NET_API_STATUS),
2577 )
2579# 3.5.4.9.3 NetrLogonControl (Opnum 12)
2580class NetrLogonControl(NDRCALL):
2581 opnum = 12
2582 structure = (
2583 ('ServerName',PLOGONSRV_HANDLE),
2584 ('FunctionCode',DWORD),
2585 ('QueryLevel',DWORD),
2586 ('Data',NETLOGON_CONTROL_DATA_INFORMATION),
2587 )
2589class NetrLogonControlResponse(NDRCALL):
2590 structure = (
2591 ('Buffer',NETLOGON_CONTROL_DATA_INFORMATION),
2592 ('ErrorCode',NET_API_STATUS),
2593 )
2595# 3.5.4.10.1 NetrLogonUasLogon (Opnum 0)
2596class NetrLogonUasLogon(NDRCALL):
2597 opnum = 0
2598 structure = (
2599 ('ServerName',PLOGONSRV_HANDLE),
2600 ('UserName',WSTR),
2601 ('Workstation',WSTR),
2602 )
2604class NetrLogonUasLogonResponse(NDRCALL):
2605 structure = (
2606 ('ValidationInformation',PNETLOGON_VALIDATION_UAS_INFO),
2607 ('ErrorCode',NET_API_STATUS),
2608 )
2610# 3.5.4.10.2 NetrLogonUasLogoff (Opnum 1)
2611class NetrLogonUasLogoff(NDRCALL):
2612 opnum = 1
2613 structure = (
2614 ('ServerName',PLOGONSRV_HANDLE),
2615 ('UserName',WSTR),
2616 ('Workstation',WSTR),
2617 )
2619class NetrLogonUasLogoffResponse(NDRCALL):
2620 structure = (
2621 ('LogoffInformation',NETLOGON_LOGOFF_UAS_INFO),
2622 ('ErrorCode',NET_API_STATUS),
2623 )
2625################################################################################
2626# OPNUMs and their corresponding structures
2627################################################################################
2628OPNUMS = {
2629 0 : (NetrLogonUasLogon, NetrLogonUasLogonResponse),
2630 1 : (NetrLogonUasLogoff, NetrLogonUasLogoffResponse),
2631 2 : (NetrLogonSamLogon, NetrLogonSamLogonResponse),
2632 3 : (NetrLogonSamLogoff, NetrLogonSamLogoffResponse),
2633 4 : (NetrServerReqChallenge, NetrServerReqChallengeResponse),
2634 5 : (NetrServerAuthenticate, NetrServerAuthenticateResponse),
2635# 6 : (NetrServerPasswordSet, NetrServerPasswordSetResponse),
2636 7 : (NetrDatabaseDeltas, NetrDatabaseDeltasResponse),
2637 8 : (NetrDatabaseSync, NetrDatabaseSyncResponse),
2638# 9 : (NetrAccountDeltas, NetrAccountDeltasResponse),
2639# 10 : (NetrAccountSync, NetrAccountSyncResponse),
2640 11 : (NetrGetDCName, NetrGetDCNameResponse),
2641 12 : (NetrLogonControl, NetrLogonControlResponse),
2642 13 : (NetrGetAnyDCName, NetrGetAnyDCNameResponse),
2643 14 : (NetrLogonControl2, NetrLogonControl2Response),
2644 15 : (NetrServerAuthenticate2, NetrServerAuthenticate2Response),
2645 16 : (NetrDatabaseSync2, NetrDatabaseSync2Response),
2646 17 : (NetrDatabaseRedo, NetrDatabaseRedoResponse),
2647 18 : (NetrLogonControl2Ex, NetrLogonControl2ExResponse),
2648 19 : (NetrEnumerateTrustedDomains, NetrEnumerateTrustedDomainsResponse),
2649 20 : (DsrGetDcName, DsrGetDcNameResponse),
2650 21 : (NetrLogonGetCapabilities, NetrLogonGetCapabilitiesResponse),
2651 22 : (NetrLogonSetServiceBits, NetrLogonSetServiceBitsResponse),
2652 23 : (NetrLogonGetTrustRid, NetrLogonGetTrustRidResponse),
2653 24 : (NetrLogonComputeServerDigest, NetrLogonComputeServerDigestResponse),
2654 25 : (NetrLogonComputeClientDigest, NetrLogonComputeClientDigestResponse),
2655 26 : (NetrServerAuthenticate3, NetrServerAuthenticate3Response),
2656 27 : (DsrGetDcNameEx, DsrGetDcNameExResponse),
2657 28 : (DsrGetSiteName, DsrGetSiteNameResponse),
2658 29 : (NetrLogonGetDomainInfo, NetrLogonGetDomainInfoResponse),
2659 30 : (NetrServerPasswordSet2, NetrServerPasswordSet2Response),
2660 31 : (NetrServerPasswordGet, NetrServerPasswordGetResponse),
2661 32 : (NetrLogonSendToSam, NetrLogonSendToSamResponse),
2662 33 : (DsrAddressToSiteNamesW, DsrAddressToSiteNamesWResponse),
2663 34 : (DsrGetDcNameEx2, DsrGetDcNameEx2Response),
2664 35 : (NetrLogonGetTimeServiceParentDomain, NetrLogonGetTimeServiceParentDomainResponse),
2665 36 : (NetrEnumerateTrustedDomainsEx, NetrEnumerateTrustedDomainsExResponse),
2666 37 : (DsrAddressToSiteNamesExW, DsrAddressToSiteNamesExWResponse),
2667 38 : (DsrGetDcSiteCoverageW, DsrGetDcSiteCoverageWResponse),
2668 39 : (NetrLogonSamLogonEx, NetrLogonSamLogonExResponse),
2669 40 : (DsrEnumerateDomainTrusts, DsrEnumerateDomainTrustsResponse),
2670 41 : (DsrDeregisterDnsHostRecords, DsrDeregisterDnsHostRecordsResponse),
2671 42 : (NetrServerTrustPasswordsGet, NetrServerTrustPasswordsGetResponse),
2672 43 : (DsrGetForestTrustInformation, DsrGetForestTrustInformationResponse),
2673 44 : (NetrGetForestTrustInformation, NetrGetForestTrustInformationResponse),
2674 45 : (NetrLogonSamLogonWithFlags, NetrLogonSamLogonWithFlagsResponse),
2675 46 : (NetrServerGetTrustInfo, NetrServerGetTrustInfoResponse),
2676# 48 : (DsrUpdateReadOnlyServerDnsRecords, DsrUpdateReadOnlyServerDnsRecordsResponse),
2677# 49 : (NetrChainSetClientAttributes, NetrChainSetClientAttributesResponse),
2678}
2680################################################################################
2681# HELPER FUNCTIONS
2682################################################################################
2683def checkNullString(string):
2684 if string == NULL:
2685 return string
2687 if string[-1:] != '\x00':
2688 return string + '\x00'
2689 else:
2690 return string
2692def hNetrServerReqChallenge(dce, primaryName, computerName, clientChallenge):
2693 request = NetrServerReqChallenge()
2694 request['PrimaryName'] = checkNullString(primaryName)
2695 request['ComputerName'] = checkNullString(computerName)
2696 request['ClientChallenge'] = clientChallenge
2697 return dce.request(request)
2699def hNetrServerAuthenticate3(dce, primaryName, accountName, secureChannelType, computerName, clientCredential, negotiateFlags):
2700 request = NetrServerAuthenticate3()
2701 request['PrimaryName'] = checkNullString(primaryName)
2702 request['AccountName'] = checkNullString(accountName)
2703 request['SecureChannelType'] = secureChannelType
2704 request['ClientCredential'] = clientCredential
2705 request['ComputerName'] = checkNullString(computerName)
2706 request['NegotiateFlags'] = negotiateFlags
2707 return dce.request(request)
2709def hDsrGetDcNameEx2(dce, computerName, accountName, allowableAccountControlBits, domainName, domainGuid, siteName, flags):
2710 request = DsrGetDcNameEx2()
2711 request['ComputerName'] = checkNullString(computerName)
2712 request['AccountName'] = checkNullString(accountName)
2713 request['AllowableAccountControlBits'] = allowableAccountControlBits
2714 request['DomainName'] = checkNullString(domainName)
2715 request['DomainGuid'] = domainGuid
2716 request['SiteName'] = checkNullString(siteName)
2717 request['Flags'] = flags
2718 return dce.request(request)
2720def hDsrGetDcNameEx(dce, computerName, domainName, domainGuid, siteName, flags):
2721 request = DsrGetDcNameEx()
2722 request['ComputerName'] = checkNullString(computerName)
2723 request['DomainName'] = checkNullString(domainName)
2724 request['DomainGuid'] = domainGuid
2725 request['SiteName'] = siteName
2726 request['Flags'] = flags
2727 return dce.request(request)
2729def hDsrGetDcName(dce, computerName, domainName, domainGuid, siteGuid, flags):
2730 request = DsrGetDcName()
2731 request['ComputerName'] = checkNullString(computerName)
2732 request['DomainName'] = checkNullString(domainName)
2733 request['DomainGuid'] = domainGuid
2734 request['SiteGuid'] = siteGuid
2735 request['Flags'] = flags
2736 return dce.request(request)
2738def hNetrGetAnyDCName(dce, serverName, domainName):
2739 request = NetrGetAnyDCName()
2740 request['ServerName'] = checkNullString(serverName)
2741 request['DomainName'] = checkNullString(domainName)
2742 return dce.request(request)
2744def hNetrGetDCName(dce, serverName, domainName):
2745 request = NetrGetDCName()
2746 request['ServerName'] = checkNullString(serverName)
2747 request['DomainName'] = checkNullString(domainName)
2748 return dce.request(request)
2750def hDsrGetSiteName(dce, computerName):
2751 request = DsrGetSiteName()
2752 request['ComputerName'] = checkNullString(computerName)
2753 return dce.request(request)
2755def hDsrGetDcSiteCoverageW(dce, serverName):
2756 request = DsrGetDcSiteCoverageW()
2757 request['ServerName'] = checkNullString(serverName)
2758 return dce.request(request)
2760def hNetrServerAuthenticate2(dce, primaryName, accountName, secureChannelType, computerName, clientCredential, negotiateFlags):
2761 request = NetrServerAuthenticate2()
2762 request['PrimaryName'] = checkNullString(primaryName)
2763 request['AccountName'] = checkNullString(accountName)
2764 request['SecureChannelType'] = secureChannelType
2765 request['ClientCredential'] = clientCredential
2766 request['ComputerName'] = checkNullString(computerName)
2767 request['NegotiateFlags'] = negotiateFlags
2768 return dce.request(request)
2770def hNetrServerAuthenticate(dce, primaryName, accountName, secureChannelType, computerName, clientCredential):
2771 request = NetrServerAuthenticate()
2772 request['PrimaryName'] = checkNullString(primaryName)
2773 request['AccountName'] = checkNullString(accountName)
2774 request['SecureChannelType'] = secureChannelType
2775 request['ClientCredential'] = clientCredential
2776 request['ComputerName'] = checkNullString(computerName)
2777 return dce.request(request)
2779def hNetrServerPasswordGet(dce, primaryName, accountName, accountType, computerName, authenticator):
2780 request = NetrServerPasswordGet()
2781 request['PrimaryName'] = checkNullString(primaryName)
2782 request['AccountName'] = checkNullString(accountName)
2783 request['AccountType'] = accountType
2784 request['ComputerName'] = checkNullString(computerName)
2785 request['Authenticator'] = authenticator
2786 return dce.request(request)
2788def hNetrServerTrustPasswordsGet(dce, trustedDcName, accountName, secureChannelType, computerName, authenticator):
2789 request = NetrServerTrustPasswordsGet()
2790 request['TrustedDcName'] = checkNullString(trustedDcName)
2791 request['AccountName'] = checkNullString(accountName)
2792 request['SecureChannelType'] = secureChannelType
2793 request['ComputerName'] = checkNullString(computerName)
2794 request['Authenticator'] = authenticator
2795 return dce.request(request)
2797def hNetrServerPasswordSet2(dce, primaryName, accountName, secureChannelType, computerName, authenticator, clearNewPasswordBlob):
2798 request = NetrServerPasswordSet2()
2799 request['PrimaryName'] = checkNullString(primaryName)
2800 request['AccountName'] = checkNullString(accountName)
2801 request['SecureChannelType'] = secureChannelType
2802 request['ComputerName'] = checkNullString(computerName)
2803 request['Authenticator'] = authenticator
2804 request['ClearNewPassword'] = clearNewPasswordBlob
2805 return dce.request(request)
2807def hNetrLogonGetDomainInfo(dce, serverName, computerName, authenticator, returnAuthenticator=0, level=1):
2808 request = NetrLogonGetDomainInfo()
2809 request['ServerName'] = checkNullString(serverName)
2810 request['ComputerName'] = checkNullString(computerName)
2811 request['Authenticator'] = authenticator
2812 if returnAuthenticator == 0: 2812 ↛ 2816line 2812 didn't jump to line 2816, because the condition on line 2812 was never false
2813 request['ReturnAuthenticator']['Credential'] = b'\x00'*8
2814 request['ReturnAuthenticator']['Timestamp'] = 0
2815 else:
2816 request['ReturnAuthenticator'] = returnAuthenticator
2818 request['Level'] = 1
2819 if level == 1: 2819 ↛ 2829line 2819 didn't jump to line 2829, because the condition on line 2819 was never false
2820 request['WkstaBuffer']['tag'] = 1
2821 request['WkstaBuffer']['WorkstationInfo']['DnsHostName'] = NULL
2822 request['WkstaBuffer']['WorkstationInfo']['SiteName'] = NULL
2823 request['WkstaBuffer']['WorkstationInfo']['OsName'] = ''
2824 request['WkstaBuffer']['WorkstationInfo']['Dummy1'] = NULL
2825 request['WkstaBuffer']['WorkstationInfo']['Dummy2'] = NULL
2826 request['WkstaBuffer']['WorkstationInfo']['Dummy3'] = NULL
2827 request['WkstaBuffer']['WorkstationInfo']['Dummy4'] = NULL
2828 else:
2829 request['WkstaBuffer']['tag'] = 2
2830 request['WkstaBuffer']['LsaPolicyInfo']['LsaPolicy'] = NULL
2831 return dce.request(request)
2833def hNetrLogonGetCapabilities(dce, serverName, computerName, authenticator, returnAuthenticator=0, queryLevel=1):
2834 request = NetrLogonGetCapabilities()
2835 request['ServerName'] = checkNullString(serverName)
2836 request['ComputerName'] = checkNullString(computerName)
2837 request['Authenticator'] = authenticator
2838 if returnAuthenticator == 0: 2838 ↛ 2842line 2838 didn't jump to line 2842, because the condition on line 2838 was never false
2839 request['ReturnAuthenticator']['Credential'] = b'\x00'*8
2840 request['ReturnAuthenticator']['Timestamp'] = 0
2841 else:
2842 request['ReturnAuthenticator'] = returnAuthenticator
2843 request['QueryLevel'] = queryLevel
2844 return dce.request(request)
2846def hNetrServerGetTrustInfo(dce, trustedDcName, accountName, secureChannelType, computerName, authenticator):
2847 request = NetrServerGetTrustInfo()
2848 request['TrustedDcName'] = checkNullString(trustedDcName)
2849 request['AccountName'] = checkNullString(accountName)
2850 request['SecureChannelType'] = secureChannelType
2851 request['ComputerName'] = checkNullString(computerName)
2852 request['Authenticator'] = authenticator
2853 return dce.request(request)