Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved. 

2# 

3# This software is provided under under a slightly modified version 

4# of the Apache Software License. See the accompanying LICENSE file 

5# for more information. 

6# 

7# Author: Alberto Solino (@agsolino) 

8# 

9# Description: 

10# [MS-LSAD] Interface implementation 

11# 

12# Best way to learn how to use these calls is to grab the protocol standard 

13# so you understand what the call does, and then read the test case located 

14# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC 

15# 

16# Some calls have helper functions, which makes it even easier to use. 

17# They are located at the end of this file.  

18# Helper functions start with "h"<name of the call>. 

19# There are test cases for them too.  

20# 

21from __future__ import division 

22from __future__ import print_function 

23from impacket.dcerpc.v5.ndr import NDRCALL, NDRENUM, NDRUNION, NDRUniConformantVaryingArray, NDRPOINTER, NDR, NDRSTRUCT, \ 

24 NDRUniConformantArray 

25from impacket.dcerpc.v5.dtypes import DWORD, LPWSTR, STR, LUID, LONG, ULONG, RPC_UNICODE_STRING, PRPC_SID, LPBYTE, \ 

26 LARGE_INTEGER, NTSTATUS, RPC_SID, ACCESS_MASK, UCHAR, PRPC_UNICODE_STRING, PLARGE_INTEGER, USHORT, \ 

27 SECURITY_INFORMATION, NULL, MAXIMUM_ALLOWED, GUID, SECURITY_DESCRIPTOR, OWNER_SECURITY_INFORMATION 

28from impacket import nt_errors 

29from impacket.uuid import uuidtup_to_bin 

30from impacket.dcerpc.v5.enum import Enum 

31from impacket.dcerpc.v5.rpcrt import DCERPCException 

32 

33MSRPC_UUID_LSAD = uuidtup_to_bin(('12345778-1234-ABCD-EF00-0123456789AB','0.0')) 

34 

35class DCERPCSessionError(DCERPCException): 

36 def __init__(self, error_string=None, error_code=None, packet=None): 

37 DCERPCException.__init__(self, error_string, error_code, packet) 

38 

39 def __str__( self ): 

40 key = self.error_code 

41 if key in nt_errors.ERROR_MESSAGES: 41 ↛ 46line 41 didn't jump to line 46, because the condition on line 41 was never false

42 error_msg_short = nt_errors.ERROR_MESSAGES[key][0] 

43 error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1] 

44 return 'LSAD SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose) 

45 else: 

46 return 'LSAD SessionError: unknown error code: 0x%x' % self.error_code 

47 

48################################################################################ 

49# CONSTANTS 

50################################################################################ 

51# 2.2.1.1.2 ACCESS_MASK for Policy Objects 

52POLICY_VIEW_LOCAL_INFORMATION = 0x00000001 

53POLICY_VIEW_AUDIT_INFORMATION = 0x00000002 

54POLICY_GET_PRIVATE_INFORMATION = 0x00000004 

55POLICY_TRUST_ADMIN = 0x00000008 

56POLICY_CREATE_ACCOUNT = 0x00000010 

57POLICY_CREATE_SECRET = 0x00000020 

58POLICY_CREATE_PRIVILEGE = 0x00000040 

59POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x00000080 

60POLICY_SET_AUDIT_REQUIREMENTS = 0x00000100 

61POLICY_AUDIT_LOG_ADMIN = 0x00000200 

62POLICY_SERVER_ADMIN = 0x00000400 

63POLICY_LOOKUP_NAMES = 0x00000800 

64POLICY_NOTIFICATION = 0x00001000 

65 

66# 2.2.1.1.3 ACCESS_MASK for Account Objects 

67ACCOUNT_VIEW = 0x00000001 

68ACCOUNT_ADJUST_PRIVILEGES = 0x00000002 

69ACCOUNT_ADJUST_QUOTAS = 0x00000004 

70ACCOUNT_ADJUST_SYSTEM_ACCESS = 0x00000008 

71 

72# 2.2.1.1.4 ACCESS_MASK for Secret Objects 

73SECRET_SET_VALUE = 0x00000001 

74SECRET_QUERY_VALUE = 0x00000002 

75 

76# 2.2.1.1.5 ACCESS_MASK for Trusted Domain Objects 

77TRUSTED_QUERY_DOMAIN_NAME = 0x00000001 

78TRUSTED_QUERY_CONTROLLERS = 0x00000002 

79TRUSTED_SET_CONTROLLERS = 0x00000004 

80TRUSTED_QUERY_POSIX = 0x00000008 

81TRUSTED_SET_POSIX = 0x00000010 

82TRUSTED_SET_AUTH = 0x00000020 

83TRUSTED_QUERY_AUTH = 0x00000040 

84 

85# 2.2.1.2 POLICY_SYSTEM_ACCESS_MODE 

86POLICY_MODE_INTERACTIVE = 0x00000001 

87POLICY_MODE_NETWORK = 0x00000002 

88POLICY_MODE_BATCH = 0x00000004 

89POLICY_MODE_SERVICE = 0x00000010 

90POLICY_MODE_DENY_INTERACTIVE = 0x00000040 

91POLICY_MODE_DENY_NETWORK = 0x00000080 

92POLICY_MODE_DENY_BATCH = 0x00000100 

93POLICY_MODE_DENY_SERVICE = 0x00000200 

94POLICY_MODE_REMOTE_INTERACTIVE = 0x00000400 

95POLICY_MODE_DENY_REMOTE_INTERACTIVE = 0x00000800 

96POLICY_MODE_ALL = 0x00000FF7 

97POLICY_MODE_ALL_NT4 = 0x00000037 

98 

99# 2.2.4.4 LSAPR_POLICY_AUDIT_EVENTS_INFO 

100# EventAuditingOptions 

101POLICY_AUDIT_EVENT_UNCHANGED = 0x00000000 

102POLICY_AUDIT_EVENT_NONE = 0x00000004 

103POLICY_AUDIT_EVENT_SUCCESS = 0x00000001 

104POLICY_AUDIT_EVENT_FAILURE = 0x00000002 

105 

106# 2.2.4.19 POLICY_DOMAIN_KERBEROS_TICKET_INFO 

107# AuthenticationOptions 

108POLICY_KERBEROS_VALIDATE_CLIENT = 0x00000080 

109 

110# 2.2.7.21 LSA_FOREST_TRUST_RECORD 

111# Flags 

112LSA_TLN_DISABLED_NEW = 0x00000001 

113LSA_TLN_DISABLED_ADMIN = 0x00000002 

114LSA_TLN_DISABLED_CONFLICT = 0x00000004 

115LSA_SID_DISABLED_ADMIN = 0x00000001 

116LSA_SID_DISABLED_CONFLICT = 0x00000002 

117LSA_NB_DISABLED_ADMIN = 0x00000004 

118LSA_NB_DISABLED_CONFLICT = 0x00000008 

119LSA_FTRECORD_DISABLED_REASONS = 0x0000FFFF 

120 

121################################################################################ 

122# STRUCTURES 

123################################################################################ 

124# 2.2.2.1 LSAPR_HANDLE 

125class LSAPR_HANDLE(NDRSTRUCT): 

126 align = 1 

127 structure = ( 

128 ('Data','20s=""'), 

129 ) 

130 

131# 2.2.2.3 LSA_UNICODE_STRING 

132LSA_UNICODE_STRING = RPC_UNICODE_STRING 

133 

134# 2.2.3.1 STRING 

135class STRING(NDRSTRUCT): 

136 commonHdr = ( 

137 ('MaximumLength','<H=len(Data)-12'), 

138 ('Length','<H=len(Data)-12'), 

139 ('ReferentID','<L=0xff'), 

140 ) 

141 commonHdr64 = ( 

142 ('MaximumLength','<H=len(Data)-24'), 

143 ('Length','<H=len(Data)-24'), 

144 ('ReferentID','<Q=0xff'), 

145 ) 

146 

147 referent = ( 

148 ('Data',STR), 

149 ) 

150 

151 def dump(self, msg = None, indent = 0): 

152 if msg is None: 

153 msg = self.__class__.__name__ 

154 if msg != '': 

155 print("%s" % msg, end=' ') 

156 # Here just print the data 

157 print(" %r" % (self['Data']), end=' ') 

158 

159 def __setitem__(self, key, value): 

160 if key == 'Data': 

161 self.fields['MaximumLength'] = None 

162 self.fields['Length'] = None 

163 self.data = None # force recompute 

164 return NDR.__setitem__(self, key, value) 

165 

166# 2.2.3.2 LSAPR_ACL 

167class LSAPR_ACL(NDRSTRUCT): 

168 structure = ( 

169 ('AclRevision', UCHAR), 

170 ('Sbz1', UCHAR), 

171 ('AclSize', USHORT), 

172 ('Dummy1',NDRUniConformantArray), 

173 ) 

174 

175# 2.2.3.4 LSAPR_SECURITY_DESCRIPTOR 

176LSAPR_SECURITY_DESCRIPTOR = SECURITY_DESCRIPTOR 

177 

178class PLSAPR_SECURITY_DESCRIPTOR(NDRPOINTER): 

179 referent = ( 

180 ('Data', LSAPR_SECURITY_DESCRIPTOR), 

181 ) 

182 

183# 2.2.3.5 SECURITY_IMPERSONATION_LEVEL 

184class SECURITY_IMPERSONATION_LEVEL(NDRENUM): 

185 class enumItems(Enum): 

186 SecurityAnonymous = 0 

187 SecurityIdentification = 1 

188 SecurityImpersonation = 2 

189 SecurityDelegation = 3 

190 

191# 2.2.3.6 SECURITY_CONTEXT_TRACKING_MODE 

192SECURITY_CONTEXT_TRACKING_MODE = UCHAR 

193 

194# 2.2.3.7 SECURITY_QUALITY_OF_SERVICE 

195class SECURITY_QUALITY_OF_SERVICE(NDRSTRUCT): 

196 structure = ( 

197 ('Length', DWORD), 

198 ('ImpersonationLevel', SECURITY_IMPERSONATION_LEVEL), 

199 ('ContextTrackingMode', SECURITY_CONTEXT_TRACKING_MODE), 

200 ('EffectiveOnly', UCHAR), 

201 ) 

202 

203class PSECURITY_QUALITY_OF_SERVICE(NDRPOINTER): 

204 referent = ( 

205 ('Data', SECURITY_QUALITY_OF_SERVICE), 

206 ) 

207 

208# 2.2.2.4 LSAPR_OBJECT_ATTRIBUTES 

209class LSAPR_OBJECT_ATTRIBUTES(NDRSTRUCT): 

210 structure = ( 

211 ('Length', DWORD), 

212 ('RootDirectory', LPWSTR), 

213 ('ObjectName', LPWSTR), 

214 ('Attributes', DWORD), 

215 ('SecurityDescriptor', PLSAPR_SECURITY_DESCRIPTOR), 

216 ('SecurityQualityOfService', PSECURITY_QUALITY_OF_SERVICE), 

217 ) 

218 

219# 2.2.2.5 LSAPR_SR_SECURITY_DESCRIPTOR 

220class LSAPR_SR_SECURITY_DESCRIPTOR(NDRSTRUCT): 

221 structure = ( 

222 ('Length', DWORD), 

223 ('SecurityDescriptor', LPBYTE), 

224 ) 

225 

226class PLSAPR_SR_SECURITY_DESCRIPTOR(NDRPOINTER): 

227 referent = ( 

228 ('Data', LSAPR_SR_SECURITY_DESCRIPTOR), 

229 ) 

230 

231# 2.2.3.3 SECURITY_DESCRIPTOR_CONTROL 

232SECURITY_DESCRIPTOR_CONTROL = ULONG 

233 

234# 2.2.4.1 POLICY_INFORMATION_CLASS 

235class POLICY_INFORMATION_CLASS(NDRENUM): 

236 class enumItems(Enum): 

237 PolicyAuditLogInformation = 1 

238 PolicyAuditEventsInformation = 2 

239 PolicyPrimaryDomainInformation = 3 

240 PolicyPdAccountInformation = 4 

241 PolicyAccountDomainInformation = 5 

242 PolicyLsaServerRoleInformation = 6 

243 PolicyReplicaSourceInformation = 7 

244 PolicyInformationNotUsedOnWire = 8 

245 PolicyModificationInformation = 9 

246 PolicyAuditFullSetInformation = 10 

247 PolicyAuditFullQueryInformation = 11 

248 PolicyDnsDomainInformation = 12 

249 PolicyDnsDomainInformationInt = 13 

250 PolicyLocalAccountDomainInformation = 14 

251 PolicyLastEntry = 15 

252 

253# 2.2.4.3 POLICY_AUDIT_LOG_INFO 

254class POLICY_AUDIT_LOG_INFO(NDRSTRUCT): 

255 structure = ( 

256 ('AuditLogPercentFull', DWORD), 

257 ('MaximumLogSize', DWORD), 

258 ('AuditRetentionPeriod', LARGE_INTEGER), 

259 ('AuditLogFullShutdownInProgress', UCHAR), 

260 ('TimeToShutdown', LARGE_INTEGER), 

261 ('NextAuditRecordId', DWORD), 

262 ) 

263 

264# 2.2.4.4 LSAPR_POLICY_AUDIT_EVENTS_INFO 

265class DWORD_ARRAY(NDRUniConformantArray): 

266 item = DWORD 

267 

268class PDWORD_ARRAY(NDRPOINTER): 

269 referent = ( 

270 ('Data', DWORD_ARRAY), 

271 ) 

272 

273class LSAPR_POLICY_AUDIT_EVENTS_INFO(NDRSTRUCT): 

274 structure = ( 

275 ('AuditingMode', UCHAR), 

276 ('EventAuditingOptions', PDWORD_ARRAY), 

277 ('MaximumAuditEventCount', DWORD), 

278 ) 

279 

280# 2.2.4.5 LSAPR_POLICY_PRIMARY_DOM_INFO 

281class LSAPR_POLICY_PRIMARY_DOM_INFO(NDRSTRUCT): 

282 structure = ( 

283 ('Name', RPC_UNICODE_STRING), 

284 ('Sid', PRPC_SID), 

285 ) 

286 

287# 2.2.4.6 LSAPR_POLICY_ACCOUNT_DOM_INFO 

288class LSAPR_POLICY_ACCOUNT_DOM_INFO(NDRSTRUCT): 

289 structure = ( 

290 ('DomainName', RPC_UNICODE_STRING), 

291 ('DomainSid', PRPC_SID), 

292 ) 

293 

294# 2.2.4.7 LSAPR_POLICY_PD_ACCOUNT_INFO 

295class LSAPR_POLICY_PD_ACCOUNT_INFO(NDRSTRUCT): 

296 structure = ( 

297 ('Name', RPC_UNICODE_STRING), 

298 ) 

299 

300# 2.2.4.8 POLICY_LSA_SERVER_ROLE 

301class POLICY_LSA_SERVER_ROLE(NDRENUM): 

302 class enumItems(Enum): 

303 PolicyServerRoleBackup = 2 

304 PolicyServerRolePrimary = 3 

305 

306# 2.2.4.9 POLICY_LSA_SERVER_ROLE_INFO 

307class POLICY_LSA_SERVER_ROLE_INFO(NDRSTRUCT): 

308 structure = ( 

309 ('LsaServerRole', POLICY_LSA_SERVER_ROLE), 

310 ) 

311 

312# 2.2.4.10 LSAPR_POLICY_REPLICA_SRCE_INFO 

313class LSAPR_POLICY_REPLICA_SRCE_INFO(NDRSTRUCT): 

314 structure = ( 

315 ('ReplicaSource', RPC_UNICODE_STRING), 

316 ('ReplicaAccountName', RPC_UNICODE_STRING), 

317 ) 

318 

319# 2.2.4.11 POLICY_MODIFICATION_INFO 

320class POLICY_MODIFICATION_INFO(NDRSTRUCT): 

321 structure = ( 

322 ('ModifiedId', LARGE_INTEGER), 

323 ('DatabaseCreationTime', LARGE_INTEGER), 

324 ) 

325 

326# 2.2.4.12 POLICY_AUDIT_FULL_SET_INFO 

327class POLICY_AUDIT_FULL_SET_INFO(NDRSTRUCT): 

328 structure = ( 

329 ('ShutDownOnFull', UCHAR), 

330 ) 

331 

332# 2.2.4.13 POLICY_AUDIT_FULL_QUERY_INFO 

333class POLICY_AUDIT_FULL_QUERY_INFO(NDRSTRUCT): 

334 structure = ( 

335 ('ShutDownOnFull', UCHAR), 

336 ('LogIsFull', UCHAR), 

337 ) 

338 

339# 2.2.4.14 LSAPR_POLICY_DNS_DOMAIN_INFO 

340class LSAPR_POLICY_DNS_DOMAIN_INFO(NDRSTRUCT): 

341 structure = ( 

342 ('Name', RPC_UNICODE_STRING), 

343 ('DnsDomainName', RPC_UNICODE_STRING), 

344 ('DnsForestName', RPC_UNICODE_STRING), 

345 ('DomainGuid', GUID), 

346 ('Sid', PRPC_SID), 

347 ) 

348 

349# 2.2.4.2 LSAPR_POLICY_INFORMATION 

350class LSAPR_POLICY_INFORMATION(NDRUNION): 

351 union = { 

352 POLICY_INFORMATION_CLASS.PolicyAuditLogInformation : ('PolicyAuditLogInfo', POLICY_AUDIT_LOG_INFO), 

353 POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation : ('PolicyAuditEventsInfo', LSAPR_POLICY_AUDIT_EVENTS_INFO), 

354 POLICY_INFORMATION_CLASS.PolicyPrimaryDomainInformation : ('PolicyPrimaryDomainInfo', LSAPR_POLICY_PRIMARY_DOM_INFO), 

355 POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation : ('PolicyAccountDomainInfo', LSAPR_POLICY_ACCOUNT_DOM_INFO), 

356 POLICY_INFORMATION_CLASS.PolicyPdAccountInformation : ('PolicyPdAccountInfo', LSAPR_POLICY_PD_ACCOUNT_INFO), 

357 POLICY_INFORMATION_CLASS.PolicyLsaServerRoleInformation : ('PolicyServerRoleInfo', POLICY_LSA_SERVER_ROLE_INFO), 

358 POLICY_INFORMATION_CLASS.PolicyReplicaSourceInformation : ('PolicyReplicaSourceInfo', LSAPR_POLICY_REPLICA_SRCE_INFO), 

359 POLICY_INFORMATION_CLASS.PolicyModificationInformation : ('PolicyModificationInfo', POLICY_MODIFICATION_INFO), 

360 POLICY_INFORMATION_CLASS.PolicyAuditFullSetInformation : ('PolicyAuditFullSetInfo', POLICY_AUDIT_FULL_SET_INFO), 

361 POLICY_INFORMATION_CLASS.PolicyAuditFullQueryInformation : ('PolicyAuditFullQueryInfo', POLICY_AUDIT_FULL_QUERY_INFO), 

362 POLICY_INFORMATION_CLASS.PolicyDnsDomainInformation : ('PolicyDnsDomainInfo', LSAPR_POLICY_DNS_DOMAIN_INFO), 

363 POLICY_INFORMATION_CLASS.PolicyDnsDomainInformationInt : ('PolicyDnsDomainInfoInt', LSAPR_POLICY_DNS_DOMAIN_INFO), 

364 POLICY_INFORMATION_CLASS.PolicyLocalAccountDomainInformation: ('PolicyLocalAccountDomainInfo', LSAPR_POLICY_ACCOUNT_DOM_INFO), 

365 } 

366 

367class PLSAPR_POLICY_INFORMATION(NDRPOINTER): 

368 referent = ( 

369 ('Data', LSAPR_POLICY_INFORMATION), 

370 ) 

371 

372# 2.2.4.15 POLICY_DOMAIN_INFORMATION_CLASS 

373class POLICY_DOMAIN_INFORMATION_CLASS(NDRENUM): 

374 class enumItems(Enum): 

375 PolicyDomainQualityOfServiceInformation = 1 

376 PolicyDomainEfsInformation = 2 

377 PolicyDomainKerberosTicketInformation = 3 

378 

379# 2.2.4.17 POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO 

380class POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO(NDRSTRUCT): 

381 structure = ( 

382 ('QualityOfService', DWORD), 

383 ) 

384 

385# 2.2.4.18 LSAPR_POLICY_DOMAIN_EFS_INFO 

386class LSAPR_POLICY_DOMAIN_EFS_INFO(NDRSTRUCT): 

387 structure = ( 

388 ('InfoLength', DWORD), 

389 ('EfsBlob', LPBYTE), 

390 ) 

391 

392# 2.2.4.19 POLICY_DOMAIN_KERBEROS_TICKET_INFO 

393class POLICY_DOMAIN_KERBEROS_TICKET_INFO(NDRSTRUCT): 

394 structure = ( 

395 ('AuthenticationOptions', DWORD), 

396 ('MaxServiceTicketAge', LARGE_INTEGER), 

397 ('MaxTicketAge', LARGE_INTEGER), 

398 ('MaxRenewAge', LARGE_INTEGER), 

399 ('MaxClockSkew', LARGE_INTEGER), 

400 ('Reserved', LARGE_INTEGER), 

401 ) 

402 

403# 2.2.4.16 LSAPR_POLICY_DOMAIN_INFORMATION 

404class LSAPR_POLICY_DOMAIN_INFORMATION(NDRUNION): 

405 union = { 

406 POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainQualityOfServiceInformation : ('PolicyDomainQualityOfServiceInfo', POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO ), 

407 POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainEfsInformation : ('PolicyDomainEfsInfo', LSAPR_POLICY_DOMAIN_EFS_INFO), 

408 POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainKerberosTicketInformation : ('PolicyDomainKerbTicketInfo', POLICY_DOMAIN_KERBEROS_TICKET_INFO), 

409 } 

410 

411class PLSAPR_POLICY_DOMAIN_INFORMATION(NDRPOINTER): 

412 referent = ( 

413 ('Data', LSAPR_POLICY_DOMAIN_INFORMATION), 

414 ) 

415 

416# 2.2.4.20 POLICY_AUDIT_EVENT_TYPE 

417class POLICY_AUDIT_EVENT_TYPE(NDRENUM): 

418 class enumItems(Enum): 

419 AuditCategorySystem = 0 

420 AuditCategoryLogon = 1 

421 AuditCategoryObjectAccess = 2 

422 AuditCategoryPrivilegeUse = 3 

423 AuditCategoryDetailedTracking = 4 

424 AuditCategoryPolicyChange = 5 

425 AuditCategoryAccountManagement = 6 

426 AuditCategoryDirectoryServiceAccess = 7 

427 AuditCategoryAccountLogon = 8 

428 

429# 2.2.5.1 LSAPR_ACCOUNT_INFORMATION 

430class LSAPR_ACCOUNT_INFORMATION(NDRSTRUCT): 

431 structure = ( 

432 ('Sid', PRPC_SID), 

433 ) 

434 

435# 2.2.5.2 LSAPR_ACCOUNT_ENUM_BUFFER 

436class LSAPR_ACCOUNT_INFORMATION_ARRAY(NDRUniConformantArray): 

437 item = LSAPR_ACCOUNT_INFORMATION 

438 

439class PLSAPR_ACCOUNT_INFORMATION_ARRAY(NDRPOINTER): 

440 referent = ( 

441 ('Data', LSAPR_ACCOUNT_INFORMATION_ARRAY), 

442 ) 

443 

444class LSAPR_ACCOUNT_ENUM_BUFFER(NDRSTRUCT): 

445 structure = ( 

446 ('EntriesRead', ULONG), 

447 ('Information', PLSAPR_ACCOUNT_INFORMATION_ARRAY), 

448 ) 

449 

450# 2.2.5.3 LSAPR_USER_RIGHT_SET 

451class RPC_UNICODE_STRING_ARRAY(NDRUniConformantArray): 

452 item = RPC_UNICODE_STRING 

453 

454class PRPC_UNICODE_STRING_ARRAY(NDRPOINTER): 

455 referent = ( 

456 ('Data', RPC_UNICODE_STRING_ARRAY), 

457 ) 

458 

459class LSAPR_USER_RIGHT_SET(NDRSTRUCT): 

460 structure = ( 

461 ('EntriesRead', ULONG), 

462 ('UserRights', PRPC_UNICODE_STRING_ARRAY), 

463 ) 

464 

465# 2.2.5.4 LSAPR_LUID_AND_ATTRIBUTES 

466class LSAPR_LUID_AND_ATTRIBUTES(NDRSTRUCT): 

467 structure = ( 

468 ('Luid', LUID), 

469 ('Attributes', ULONG), 

470 ) 

471 

472# 2.2.5.5 LSAPR_PRIVILEGE_SET 

473class LSAPR_LUID_AND_ATTRIBUTES_ARRAY(NDRUniConformantArray): 

474 item = LSAPR_LUID_AND_ATTRIBUTES 

475 

476class LSAPR_PRIVILEGE_SET(NDRSTRUCT): 

477 structure = ( 

478 ('PrivilegeCount', ULONG), 

479 ('Control', ULONG), 

480 ('Privilege', LSAPR_LUID_AND_ATTRIBUTES_ARRAY), 

481 ) 

482 

483class PLSAPR_PRIVILEGE_SET(NDRPOINTER): 

484 referent = ( 

485 ('Data', LSAPR_PRIVILEGE_SET), 

486 ) 

487 

488# 2.2.6.1 LSAPR_CR_CIPHER_VALUE 

489class PCHAR_ARRAY(NDRPOINTER): 

490 referent = ( 

491 ('Data', NDRUniConformantVaryingArray), 

492 ) 

493 

494class LSAPR_CR_CIPHER_VALUE(NDRSTRUCT): 

495 structure = ( 

496 ('Length', LONG), 

497 ('MaximumLength', LONG), 

498 ('Buffer', PCHAR_ARRAY), 

499 ) 

500 

501class PLSAPR_CR_CIPHER_VALUE(NDRPOINTER): 

502 referent = ( 

503 ('Data', LSAPR_CR_CIPHER_VALUE), 

504 ) 

505 

506class PPLSAPR_CR_CIPHER_VALUE(NDRPOINTER): 

507 referent = ( 

508 ('Data', PLSAPR_CR_CIPHER_VALUE), 

509 ) 

510 

511# 2.2.7.1 LSAPR_TRUST_INFORMATION 

512class LSAPR_TRUST_INFORMATION(NDRSTRUCT): 

513 structure = ( 

514 ('Name', RPC_UNICODE_STRING), 

515 ('Sid', PRPC_SID), 

516 ) 

517 

518# 2.2.7.2 TRUSTED_INFORMATION_CLASS 

519class TRUSTED_INFORMATION_CLASS(NDRENUM): 

520 class enumItems(Enum): 

521 TrustedDomainNameInformation = 1 

522 TrustedControllersInformation = 2 

523 TrustedPosixOffsetInformation = 3 

524 TrustedPasswordInformation = 4 

525 TrustedDomainInformationBasic = 5 

526 TrustedDomainInformationEx = 6 

527 TrustedDomainAuthInformation = 7 

528 TrustedDomainFullInformation = 8 

529 TrustedDomainAuthInformationInternal = 9 

530 TrustedDomainFullInformationInternal = 10 

531 TrustedDomainInformationEx2Internal = 11 

532 TrustedDomainFullInformation2Internal = 12 

533 TrustedDomainSupportedEncryptionTypes = 13 

534 

535# 2.2.7.4 LSAPR_TRUSTED_DOMAIN_NAME_INFO 

536class LSAPR_TRUSTED_DOMAIN_NAME_INFO(NDRSTRUCT): 

537 structure = ( 

538 ('Name', RPC_UNICODE_STRING), 

539 ) 

540 

541# 2.2.7.5 LSAPR_TRUSTED_CONTROLLERS_INFO 

542class LSAPR_TRUSTED_CONTROLLERS_INFO(NDRSTRUCT): 

543 structure = ( 

544 ('Entries', ULONG), 

545 ('Names', PRPC_UNICODE_STRING_ARRAY), 

546 ) 

547 

548# 2.2.7.6 TRUSTED_POSIX_OFFSET_INFO 

549class TRUSTED_POSIX_OFFSET_INFO(NDRSTRUCT): 

550 structure = ( 

551 ('Offset', ULONG), 

552 ) 

553 

554# 2.2.7.7 LSAPR_TRUSTED_PASSWORD_INFO 

555class LSAPR_TRUSTED_PASSWORD_INFO(NDRSTRUCT): 

556 structure = ( 

557 ('Password', PLSAPR_CR_CIPHER_VALUE), 

558 ('OldPassword', PLSAPR_CR_CIPHER_VALUE), 

559 ) 

560 

561# 2.2.7.8 LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC 

562LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC = LSAPR_TRUST_INFORMATION 

563 

564# 2.2.7.9 LSAPR_TRUSTED_DOMAIN_INFORMATION_EX 

565class LSAPR_TRUSTED_DOMAIN_INFORMATION_EX(NDRSTRUCT): 

566 structure = ( 

567 ('Name', RPC_UNICODE_STRING), 

568 ('FlatName', RPC_UNICODE_STRING), 

569 ('Sid', PRPC_SID), 

570 ('TrustDirection', ULONG), 

571 ('TrustType', ULONG), 

572 ('TrustAttributes', ULONG), 

573 ) 

574 

575# 2.2.7.10 LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2 

576class LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2(NDRSTRUCT): 

577 structure = ( 

578 ('Name', RPC_UNICODE_STRING), 

579 ('FlatName', RPC_UNICODE_STRING), 

580 ('Sid', PRPC_SID), 

581 ('TrustDirection', ULONG), 

582 ('TrustType', ULONG), 

583 ('TrustAttributes', ULONG), 

584 ('ForestTrustLength', ULONG), 

585 ('ForestTrustInfo', LPBYTE), 

586 ) 

587 

588# 2.2.7.17 LSAPR_AUTH_INFORMATION 

589class LSAPR_AUTH_INFORMATION(NDRSTRUCT): 

590 structure = ( 

591 ('LastUpdateTime', LARGE_INTEGER), 

592 ('AuthType', ULONG), 

593 ('AuthInfoLength', ULONG), 

594 ('AuthInfo', LPBYTE), 

595 ) 

596 

597class PLSAPR_AUTH_INFORMATION(NDRPOINTER): 

598 referent = ( 

599 ('Data', LSAPR_AUTH_INFORMATION), 

600 ) 

601 

602# 2.2.7.11 LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION 

603class LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION(NDRSTRUCT): 

604 structure = ( 

605 ('IncomingAuthInfos', ULONG), 

606 ('IncomingAuthenticationInformation', PLSAPR_AUTH_INFORMATION), 

607 ('IncomingPreviousAuthenticationInformation', PLSAPR_AUTH_INFORMATION), 

608 ('OutgoingAuthInfos', ULONG), 

609 ('OutgoingAuthenticationInformation', PLSAPR_AUTH_INFORMATION), 

610 ('OutgoingPreviousAuthenticationInformation', PLSAPR_AUTH_INFORMATION), 

611 ) 

612 

613# 2.2.7.16 LSAPR_TRUSTED_DOMAIN_AUTH_BLOB 

614class LSAPR_TRUSTED_DOMAIN_AUTH_BLOB(NDRSTRUCT): 

615 structure = ( 

616 ('AuthSize', ULONG), 

617 ('AuthBlob', LPBYTE), 

618 ) 

619 

620# 2.2.7.12 LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL 

621class LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL(NDRSTRUCT): 

622 structure = ( 

623 ('AuthBlob', LSAPR_TRUSTED_DOMAIN_AUTH_BLOB), 

624 ) 

625 

626# 2.2.7.13 LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION 

627class LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION(NDRSTRUCT): 

628 structure = ( 

629 ('Information', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX), 

630 ('PosixOffset', TRUSTED_POSIX_OFFSET_INFO), 

631 ('AuthInformation', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION), 

632 ) 

633 

634# 2.2.7.14 LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL 

635class LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL(NDRSTRUCT): 

636 structure = ( 

637 ('Information', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX), 

638 ('PosixOffset', TRUSTED_POSIX_OFFSET_INFO), 

639 ('AuthInformation', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL), 

640 ) 

641 

642# 2.2.7.15 LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2 

643class LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2(NDRSTRUCT): 

644 structure = ( 

645 ('Information', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX), 

646 ('PosixOffset', TRUSTED_POSIX_OFFSET_INFO), 

647 ('AuthInformation', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION), 

648 ) 

649 

650# 2.2.7.18 TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES 

651class TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES(NDRSTRUCT): 

652 structure = ( 

653 ('SupportedEncryptionTypes', ULONG), 

654 ) 

655 

656# 2.2.7.3 LSAPR_TRUSTED_DOMAIN_INFO 

657class LSAPR_TRUSTED_DOMAIN_INFO(NDRUNION): 

658 union = { 

659 TRUSTED_INFORMATION_CLASS.TrustedDomainNameInformation : ('TrustedDomainNameInfo', LSAPR_TRUSTED_DOMAIN_NAME_INFO ), 

660 TRUSTED_INFORMATION_CLASS.TrustedControllersInformation : ('TrustedControllersInfo', LSAPR_TRUSTED_CONTROLLERS_INFO), 

661 TRUSTED_INFORMATION_CLASS.TrustedPosixOffsetInformation : ('TrustedPosixOffsetInfo', TRUSTED_POSIX_OFFSET_INFO), 

662 TRUSTED_INFORMATION_CLASS.TrustedPasswordInformation : ('TrustedPasswordInfo', LSAPR_TRUSTED_PASSWORD_INFO ), 

663 TRUSTED_INFORMATION_CLASS.TrustedDomainInformationBasic : ('TrustedDomainInfoBasic', LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC), 

664 TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx : ('TrustedDomainInfoEx', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX), 

665 TRUSTED_INFORMATION_CLASS.TrustedDomainAuthInformation : ('TrustedAuthInfo', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION), 

666 TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation : ('TrustedFullInfo', LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION), 

667 TRUSTED_INFORMATION_CLASS.TrustedDomainAuthInformationInternal : ('TrustedAuthInfoInternal', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL), 

668 TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformationInternal : ('TrustedFullInfoInternal', LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL), 

669 TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx2Internal : ('TrustedDomainInfoEx2', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2), 

670 TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation2Internal : ('TrustedFullInfo2', LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2), 

671 TRUSTED_INFORMATION_CLASS.TrustedDomainSupportedEncryptionTypes : ('TrustedDomainSETs', TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES), 

672 } 

673 

674# 2.2.7.19 LSAPR_TRUSTED_ENUM_BUFFER 

675class LSAPR_TRUST_INFORMATION_ARRAY(NDRUniConformantArray): 

676 item = LSAPR_TRUST_INFORMATION 

677 

678class PLSAPR_TRUST_INFORMATION_ARRAY(NDRPOINTER): 

679 referent = ( 

680 ('Data', LSAPR_TRUST_INFORMATION_ARRAY), 

681 ) 

682 

683class LSAPR_TRUSTED_ENUM_BUFFER(NDRSTRUCT): 

684 structure = ( 

685 ('Entries', ULONG), 

686 ('Information', PLSAPR_TRUST_INFORMATION_ARRAY), 

687 ) 

688 

689# 2.2.7.20 LSAPR_TRUSTED_ENUM_BUFFER_EX 

690class LSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY(NDRUniConformantArray): 

691 item = LSAPR_TRUSTED_DOMAIN_INFORMATION_EX 

692 

693class PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY(NDRPOINTER): 

694 referent = ( 

695 ('Data', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY), 

696 ) 

697 

698class LSAPR_TRUSTED_ENUM_BUFFER_EX(NDRSTRUCT): 

699 structure = ( 

700 ('Entries', ULONG), 

701 ('EnumerationBuffer', PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY), 

702 ) 

703 

704# 2.2.7.22 LSA_FOREST_TRUST_RECORD_TYPE 

705class LSA_FOREST_TRUST_RECORD_TYPE(NDRENUM): 

706 class enumItems(Enum): 

707 ForestTrustTopLevelName = 0 

708 ForestTrustTopLevelNameEx = 1 

709 ForestTrustDomainInfo = 2 

710 

711# 2.2.7.24 LSA_FOREST_TRUST_DOMAIN_INFO 

712class LSA_FOREST_TRUST_DOMAIN_INFO(NDRSTRUCT): 

713 structure = ( 

714 ('Sid', PRPC_SID), 

715 ('DnsName', LSA_UNICODE_STRING), 

716 ('NetbiosName', LSA_UNICODE_STRING), 

717 ) 

718 

719# 2.2.7.21 LSA_FOREST_TRUST_RECORD 

720class LSA_FOREST_TRUST_DATA_UNION(NDRUNION): 

721 union = { 

722 LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName : ('TopLevelName', LSA_UNICODE_STRING ), 

723 LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx : ('TopLevelName', LSA_UNICODE_STRING), 

724 LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo : ('DomainInfo', LSA_FOREST_TRUST_DOMAIN_INFO), 

725 } 

726 

727class LSA_FOREST_TRUST_RECORD(NDRSTRUCT): 

728 structure = ( 

729 ('Flags', ULONG), 

730 ('ForestTrustType', LSA_FOREST_TRUST_RECORD_TYPE), 

731 ('Time', LARGE_INTEGER), 

732 ('ForestTrustData', LSA_FOREST_TRUST_DATA_UNION), 

733 ) 

734 

735class PLSA_FOREST_TRUST_RECORD(NDRPOINTER): 

736 referent = ( 

737 ('Data', LSA_FOREST_TRUST_RECORD), 

738 ) 

739 

740# 2.2.7.23 LSA_FOREST_TRUST_BINARY_DATA 

741class LSA_FOREST_TRUST_BINARY_DATA(NDRSTRUCT): 

742 structure = ( 

743 ('Length', ULONG), 

744 ('Buffer', LPBYTE), 

745 ) 

746 

747# 2.2.7.25 LSA_FOREST_TRUST_INFORMATION 

748class LSA_FOREST_TRUST_RECORD_ARRAY(NDRUniConformantArray): 

749 item = PLSA_FOREST_TRUST_RECORD 

750 

751class PLSA_FOREST_TRUST_RECORD_ARRAY(NDRPOINTER): 

752 referent = ( 

753 ('Data', LSA_FOREST_TRUST_RECORD_ARRAY), 

754 ) 

755 

756class LSA_FOREST_TRUST_INFORMATION(NDRSTRUCT): 

757 structure = ( 

758 ('RecordCount', ULONG), 

759 ('Entries', PLSA_FOREST_TRUST_RECORD_ARRAY), 

760 ) 

761 

762class PLSA_FOREST_TRUST_INFORMATION(NDRPOINTER): 

763 referent = ( 

764 ('Data', LSA_FOREST_TRUST_INFORMATION), 

765 ) 

766 

767# 2.2.7.26 LSA_FOREST_TRUST_COLLISION_RECORD_TYPE 

768class LSA_FOREST_TRUST_COLLISION_RECORD_TYPE(NDRENUM): 

769 class enumItems(Enum): 

770 CollisionTdo = 0 

771 CollisionXref = 1 

772 CollisionOther = 2 

773 

774# 2.2.7.27 LSA_FOREST_TRUST_COLLISION_RECORD 

775class LSA_FOREST_TRUST_COLLISION_RECORD(NDRSTRUCT): 

776 structure = ( 

777 ('Index', ULONG), 

778 ('Type', LSA_FOREST_TRUST_COLLISION_RECORD_TYPE), 

779 ('Flags', ULONG), 

780 ('Name', LSA_UNICODE_STRING), 

781 ) 

782 

783# 2.2.8.1 LSAPR_POLICY_PRIVILEGE_DEF 

784class LSAPR_POLICY_PRIVILEGE_DEF(NDRSTRUCT): 

785 structure = ( 

786 ('Name', RPC_UNICODE_STRING), 

787 ('LocalValue', LUID), 

788 ) 

789 

790# 2.2.8.2 LSAPR_PRIVILEGE_ENUM_BUFFER 

791class LSAPR_POLICY_PRIVILEGE_DEF_ARRAY(NDRUniConformantArray): 

792 item = LSAPR_POLICY_PRIVILEGE_DEF 

793 

794class PLSAPR_POLICY_PRIVILEGE_DEF_ARRAY(NDRPOINTER): 

795 referent = ( 

796 ('Data', LSAPR_POLICY_PRIVILEGE_DEF_ARRAY), 

797 ) 

798 

799class LSAPR_PRIVILEGE_ENUM_BUFFER(NDRSTRUCT): 

800 structure = ( 

801 ('Entries', ULONG), 

802 ('Privileges', PLSAPR_POLICY_PRIVILEGE_DEF_ARRAY), 

803 ) 

804 

805 

806################################################################################ 

807# RPC CALLS 

808################################################################################ 

809# 3.1.4.4.1 LsarOpenPolicy2 (Opnum 44) 

810class LsarOpenPolicy2(NDRCALL): 

811 opnum = 44 

812 structure = ( 

813 ('SystemName', LPWSTR), 

814 ('ObjectAttributes',LSAPR_OBJECT_ATTRIBUTES), 

815 ('DesiredAccess',ACCESS_MASK), 

816 ) 

817 

818class LsarOpenPolicy2Response(NDRCALL): 

819 structure = ( 

820 ('PolicyHandle',LSAPR_HANDLE), 

821 ('ErrorCode', NTSTATUS), 

822 ) 

823 

824# 3.1.4.4.2 LsarOpenPolicy (Opnum 6) 

825class LsarOpenPolicy(NDRCALL): 

826 opnum = 6 

827 structure = ( 

828 ('SystemName', LPWSTR), 

829 ('ObjectAttributes',LSAPR_OBJECT_ATTRIBUTES), 

830 ('DesiredAccess',ACCESS_MASK), 

831 ) 

832 

833class LsarOpenPolicyResponse(NDRCALL): 

834 structure = ( 

835 ('PolicyHandle',LSAPR_HANDLE), 

836 ('ErrorCode', NTSTATUS), 

837 ) 

838 

839# 3.1.4.4.3 LsarQueryInformationPolicy2 (Opnum 46) 

840class LsarQueryInformationPolicy2(NDRCALL): 

841 opnum = 46 

842 structure = ( 

843 ('PolicyHandle', LSAPR_HANDLE), 

844 ('InformationClass',POLICY_INFORMATION_CLASS), 

845 ) 

846 

847class LsarQueryInformationPolicy2Response(NDRCALL): 

848 structure = ( 

849 ('PolicyInformation',PLSAPR_POLICY_INFORMATION), 

850 ('ErrorCode', NTSTATUS), 

851 ) 

852 

853# 3.1.4.4.4 LsarQueryInformationPolicy (Opnum 7) 

854class LsarQueryInformationPolicy(NDRCALL): 

855 opnum = 7 

856 structure = ( 

857 ('PolicyHandle', LSAPR_HANDLE), 

858 ('InformationClass',POLICY_INFORMATION_CLASS), 

859 ) 

860 

861class LsarQueryInformationPolicyResponse(NDRCALL): 

862 structure = ( 

863 ('PolicyInformation',PLSAPR_POLICY_INFORMATION), 

864 ('ErrorCode', NTSTATUS), 

865 ) 

866 

867# 3.1.4.4.5 LsarSetInformationPolicy2 (Opnum 47) 

868class LsarSetInformationPolicy2(NDRCALL): 

869 opnum = 47 

870 structure = ( 

871 ('PolicyHandle', LSAPR_HANDLE), 

872 ('InformationClass',POLICY_INFORMATION_CLASS), 

873 ('PolicyInformation',LSAPR_POLICY_INFORMATION), 

874 ) 

875 

876class LsarSetInformationPolicy2Response(NDRCALL): 

877 structure = ( 

878 ('ErrorCode', NTSTATUS), 

879 ) 

880 

881# 3.1.4.4.6 LsarSetInformationPolicy (Opnum 8) 

882class LsarSetInformationPolicy(NDRCALL): 

883 opnum = 8 

884 structure = ( 

885 ('PolicyHandle', LSAPR_HANDLE), 

886 ('InformationClass',POLICY_INFORMATION_CLASS), 

887 ('PolicyInformation',LSAPR_POLICY_INFORMATION), 

888 ) 

889 

890class LsarSetInformationPolicyResponse(NDRCALL): 

891 structure = ( 

892 ('ErrorCode', NTSTATUS), 

893 ) 

894 

895# 3.1.4.4.7 LsarQueryDomainInformationPolicy (Opnum 53) 

896class LsarQueryDomainInformationPolicy(NDRCALL): 

897 opnum = 53 

898 structure = ( 

899 ('PolicyHandle', LSAPR_HANDLE), 

900 ('InformationClass',POLICY_DOMAIN_INFORMATION_CLASS), 

901 ) 

902 

903class LsarQueryDomainInformationPolicyResponse(NDRCALL): 

904 structure = ( 

905 ('PolicyDomainInformation',PLSAPR_POLICY_DOMAIN_INFORMATION), 

906 ('ErrorCode', NTSTATUS), 

907 ) 

908 

909# 3.1.4.4.8 LsarSetDomainInformationPolicy (Opnum 54) 

910# 3.1.4.5.1 LsarCreateAccount (Opnum 10) 

911class LsarCreateAccount(NDRCALL): 

912 opnum = 10 

913 structure = ( 

914 ('PolicyHandle', LSAPR_HANDLE), 

915 ('AccountSid',RPC_SID), 

916 ('DesiredAccess',ACCESS_MASK), 

917 ) 

918 

919class LsarCreateAccountResponse(NDRCALL): 

920 structure = ( 

921 ('AccountHandle',LSAPR_HANDLE), 

922 ('ErrorCode', NTSTATUS), 

923 ) 

924 

925# 3.1.4.5.2 LsarEnumerateAccounts (Opnum 11) 

926class LsarEnumerateAccounts(NDRCALL): 

927 opnum = 11 

928 structure = ( 

929 ('PolicyHandle', LSAPR_HANDLE), 

930 ('EnumerationContext',ULONG), 

931 ('PreferedMaximumLength',ULONG), 

932 ) 

933 

934class LsarEnumerateAccountsResponse(NDRCALL): 

935 structure = ( 

936 ('EnumerationContext',ULONG), 

937 ('EnumerationBuffer',LSAPR_ACCOUNT_ENUM_BUFFER), 

938 ('ErrorCode', NTSTATUS), 

939 ) 

940 

941# 3.1.4.5.3 LsarOpenAccount (Opnum 17) 

942class LsarOpenAccount(NDRCALL): 

943 opnum = 17 

944 structure = ( 

945 ('PolicyHandle', LSAPR_HANDLE), 

946 ('AccountSid',RPC_SID), 

947 ('DesiredAccess',ACCESS_MASK), 

948 ) 

949 

950class LsarOpenAccountResponse(NDRCALL): 

951 structure = ( 

952 ('AccountHandle',LSAPR_HANDLE), 

953 ('ErrorCode', NTSTATUS), 

954 ) 

955 

956# 3.1.4.5.4 LsarEnumeratePrivilegesAccount (Opnum 18) 

957class LsarEnumeratePrivilegesAccount(NDRCALL): 

958 opnum = 18 

959 structure = ( 

960 ('AccountHandle', LSAPR_HANDLE), 

961 ) 

962 

963class LsarEnumeratePrivilegesAccountResponse(NDRCALL): 

964 structure = ( 

965 ('Privileges',PLSAPR_PRIVILEGE_SET), 

966 ('ErrorCode', NTSTATUS), 

967 ) 

968 

969# 3.1.4.5.5 LsarAddPrivilegesToAccount (Opnum 19) 

970class LsarAddPrivilegesToAccount(NDRCALL): 

971 opnum = 19 

972 structure = ( 

973 ('AccountHandle', LSAPR_HANDLE), 

974 ('Privileges', LSAPR_PRIVILEGE_SET), 

975 ) 

976 

977class LsarAddPrivilegesToAccountResponse(NDRCALL): 

978 structure = ( 

979 ('ErrorCode', NTSTATUS), 

980 ) 

981 

982# 3.1.4.5.6 LsarRemovePrivilegesFromAccount (Opnum 20) 

983class LsarRemovePrivilegesFromAccount(NDRCALL): 

984 opnum = 20 

985 structure = ( 

986 ('AccountHandle', LSAPR_HANDLE), 

987 ('AllPrivileges', UCHAR), 

988 ('Privileges', PLSAPR_PRIVILEGE_SET), 

989 ) 

990 

991class LsarRemovePrivilegesFromAccountResponse(NDRCALL): 

992 structure = ( 

993 ('ErrorCode', NTSTATUS), 

994 ) 

995 

996# 3.1.4.5.7 LsarGetSystemAccessAccount (Opnum 23) 

997class LsarGetSystemAccessAccount(NDRCALL): 

998 opnum = 23 

999 structure = ( 

1000 ('AccountHandle', LSAPR_HANDLE), 

1001 ) 

1002 

1003class LsarGetSystemAccessAccountResponse(NDRCALL): 

1004 structure = ( 

1005 ('SystemAccess', ULONG), 

1006 ('ErrorCode', NTSTATUS), 

1007 ) 

1008 

1009# 3.1.4.5.8 LsarSetSystemAccessAccount (Opnum 24) 

1010class LsarSetSystemAccessAccount(NDRCALL): 

1011 opnum = 24 

1012 structure = ( 

1013 ('AccountHandle', LSAPR_HANDLE), 

1014 ('SystemAccess', ULONG), 

1015 ) 

1016 

1017class LsarSetSystemAccessAccountResponse(NDRCALL): 

1018 structure = ( 

1019 ('ErrorCode', NTSTATUS), 

1020 ) 

1021 

1022# 3.1.4.5.9 LsarEnumerateAccountsWithUserRight (Opnum 35) 

1023class LsarEnumerateAccountsWithUserRight(NDRCALL): 

1024 opnum = 35 

1025 structure = ( 

1026 ('PolicyHandle', LSAPR_HANDLE), 

1027 ('UserRight', PRPC_UNICODE_STRING), 

1028 ) 

1029 

1030class LsarEnumerateAccountsWithUserRightResponse(NDRCALL): 

1031 structure = ( 

1032 ('EnumerationBuffer',LSAPR_ACCOUNT_ENUM_BUFFER), 

1033 ('ErrorCode', NTSTATUS), 

1034 ) 

1035 

1036# 3.1.4.5.10 LsarEnumerateAccountRights (Opnum 36) 

1037class LsarEnumerateAccountRights(NDRCALL): 

1038 opnum = 36 

1039 structure = ( 

1040 ('PolicyHandle', LSAPR_HANDLE), 

1041 ('AccountSid', RPC_SID), 

1042 ) 

1043 

1044class LsarEnumerateAccountRightsResponse(NDRCALL): 

1045 structure = ( 

1046 ('UserRights',LSAPR_USER_RIGHT_SET), 

1047 ('ErrorCode', NTSTATUS), 

1048 ) 

1049 

1050# 3.1.4.5.11 LsarAddAccountRights (Opnum 37) 

1051class LsarAddAccountRights(NDRCALL): 

1052 opnum = 37 

1053 structure = ( 

1054 ('PolicyHandle', LSAPR_HANDLE), 

1055 ('AccountSid', RPC_SID), 

1056 ('UserRights',LSAPR_USER_RIGHT_SET), 

1057 ) 

1058 

1059class LsarAddAccountRightsResponse(NDRCALL): 

1060 structure = ( 

1061 ('ErrorCode', NTSTATUS), 

1062 ) 

1063 

1064# 3.1.4.5.12 LsarRemoveAccountRights (Opnum 38) 

1065class LsarRemoveAccountRights(NDRCALL): 

1066 opnum = 38 

1067 structure = ( 

1068 ('PolicyHandle', LSAPR_HANDLE), 

1069 ('AccountSid', RPC_SID), 

1070 ('AllRights', UCHAR), 

1071 ('UserRights',LSAPR_USER_RIGHT_SET), 

1072 ) 

1073 

1074class LsarRemoveAccountRightsResponse(NDRCALL): 

1075 structure = ( 

1076 ('ErrorCode', NTSTATUS), 

1077 ) 

1078 

1079# 3.1.4.6.1 LsarCreateSecret (Opnum 16) 

1080class LsarCreateSecret(NDRCALL): 

1081 opnum = 16 

1082 structure = ( 

1083 ('PolicyHandle', LSAPR_HANDLE), 

1084 ('SecretName', RPC_UNICODE_STRING), 

1085 ('DesiredAccess', ACCESS_MASK), 

1086 ) 

1087 

1088class LsarCreateSecretResponse(NDRCALL): 

1089 structure = ( 

1090 ('SecretHandle', LSAPR_HANDLE), 

1091 ('ErrorCode', NTSTATUS), 

1092 ) 

1093 

1094# 3.1.4.6.2 LsarOpenSecret (Opnum 28) 

1095class LsarOpenSecret(NDRCALL): 

1096 opnum = 28 

1097 structure = ( 

1098 ('PolicyHandle', LSAPR_HANDLE), 

1099 ('SecretName', RPC_UNICODE_STRING), 

1100 ('DesiredAccess', ACCESS_MASK), 

1101 ) 

1102 

1103class LsarOpenSecretResponse(NDRCALL): 

1104 structure = ( 

1105 ('SecretHandle', LSAPR_HANDLE), 

1106 ('ErrorCode', NTSTATUS), 

1107 ) 

1108 

1109# 3.1.4.6.3 LsarSetSecret (Opnum 29) 

1110class LsarSetSecret(NDRCALL): 

1111 opnum = 29 

1112 structure = ( 

1113 ('SecretHandle', LSAPR_HANDLE), 

1114 ('EncryptedCurrentValue', PLSAPR_CR_CIPHER_VALUE), 

1115 ('EncryptedOldValue', PLSAPR_CR_CIPHER_VALUE), 

1116 ) 

1117 

1118class LsarSetSecretResponse(NDRCALL): 

1119 structure = ( 

1120 ('ErrorCode', NTSTATUS), 

1121 ) 

1122 

1123# 3.1.4.6.4 LsarQuerySecret (Opnum 30) 

1124class LsarQuerySecret(NDRCALL): 

1125 opnum = 30 

1126 structure = ( 

1127 ('SecretHandle', LSAPR_HANDLE), 

1128 ('EncryptedCurrentValue', PPLSAPR_CR_CIPHER_VALUE), 

1129 ('CurrentValueSetTime', PLARGE_INTEGER), 

1130 ('EncryptedOldValue', PPLSAPR_CR_CIPHER_VALUE), 

1131 ('OldValueSetTime', PLARGE_INTEGER), 

1132 ) 

1133 

1134class LsarQuerySecretResponse(NDRCALL): 

1135 structure = ( 

1136 ('EncryptedCurrentValue', PPLSAPR_CR_CIPHER_VALUE), 

1137 ('CurrentValueSetTime', PLARGE_INTEGER), 

1138 ('EncryptedOldValue', PPLSAPR_CR_CIPHER_VALUE), 

1139 ('OldValueSetTime', PLARGE_INTEGER), 

1140 ('ErrorCode', NTSTATUS), 

1141 ) 

1142 

1143# 3.1.4.6.5 LsarStorePrivateData (Opnum 42) 

1144class LsarStorePrivateData(NDRCALL): 

1145 opnum = 42 

1146 structure = ( 

1147 ('PolicyHandle', LSAPR_HANDLE), 

1148 ('KeyName', RPC_UNICODE_STRING), 

1149 ('EncryptedData', PLSAPR_CR_CIPHER_VALUE), 

1150 ) 

1151 

1152class LsarStorePrivateDataResponse(NDRCALL): 

1153 structure = ( 

1154 ('ErrorCode', NTSTATUS), 

1155 ) 

1156 

1157# 3.1.4.6.6 LsarRetrievePrivateData (Opnum 43) 

1158class LsarRetrievePrivateData(NDRCALL): 

1159 opnum = 43 

1160 structure = ( 

1161 ('PolicyHandle', LSAPR_HANDLE), 

1162 ('KeyName', RPC_UNICODE_STRING), 

1163 ('EncryptedData', PLSAPR_CR_CIPHER_VALUE), 

1164 ) 

1165 

1166class LsarRetrievePrivateDataResponse(NDRCALL): 

1167 structure = ( 

1168 ('EncryptedData', PLSAPR_CR_CIPHER_VALUE), 

1169 ('ErrorCode', NTSTATUS), 

1170 ) 

1171 

1172# 3.1.4.7.1 LsarOpenTrustedDomain (Opnum 25) 

1173# 3.1.4.7.1 LsarQueryInfoTrustedDomain (Opnum 26) 

1174# 3.1.4.7.2 LsarQueryTrustedDomainInfo (Opnum 39) 

1175# 3.1.4.7.3 LsarSetTrustedDomainInfo (Opnum 40) 

1176# 3.1.4.7.4 LsarDeleteTrustedDomain (Opnum 41) 

1177# 3.1.4.7.5 LsarQueryTrustedDomainInfoByName (Opnum 48) 

1178# 3.1.4.7.6 LsarSetTrustedDomainInfoByName (Opnum 49) 

1179# 3.1.4.7.7 LsarEnumerateTrustedDomainsEx (Opnum 50) 

1180class LsarEnumerateTrustedDomainsEx(NDRCALL): 

1181 opnum = 50 

1182 structure = ( 

1183 ('PolicyHandle', LSAPR_HANDLE), 

1184 ('EnumerationContext', ULONG), 

1185 ('PreferedMaximumLength', ULONG), 

1186 ) 

1187 

1188class LsarEnumerateTrustedDomainsExResponse(NDRCALL): 

1189 structure = ( 

1190 ('EnumerationContext', ULONG), 

1191 ('EnumerationBuffer',LSAPR_TRUSTED_ENUM_BUFFER_EX), 

1192 ('ErrorCode', NTSTATUS), 

1193 ) 

1194 

1195# 3.1.4.7.8 LsarEnumerateTrustedDomains (Opnum 13) 

1196class LsarEnumerateTrustedDomains(NDRCALL): 

1197 opnum = 13 

1198 structure = ( 

1199 ('PolicyHandle', LSAPR_HANDLE), 

1200 ('EnumerationContext', ULONG), 

1201 ('PreferedMaximumLength', ULONG), 

1202 ) 

1203 

1204class LsarEnumerateTrustedDomainsResponse(NDRCALL): 

1205 structure = ( 

1206 ('EnumerationContext', ULONG), 

1207 ('EnumerationBuffer',LSAPR_TRUSTED_ENUM_BUFFER), 

1208 ('ErrorCode', NTSTATUS), 

1209 ) 

1210 

1211# 3.1.4.7.9 LsarOpenTrustedDomainByName (Opnum 55) 

1212# 3.1.4.7.10 LsarCreateTrustedDomainEx2 (Opnum 59) 

1213# 3.1.4.7.11 LsarCreateTrustedDomainEx (Opnum 51) 

1214# 3.1.4.7.12 LsarCreateTrustedDomain (Opnum 12) 

1215# 3.1.4.7.14 LsarSetInformationTrustedDomain (Opnum 27) 

1216# 3.1.4.7.15 LsarQueryForestTrustInformation (Opnum 73) 

1217class LsarQueryForestTrustInformation(NDRCALL): 

1218 opnum = 73 

1219 structure = ( 

1220 ('PolicyHandle', LSAPR_HANDLE), 

1221 ('TrustedDomainName', LSA_UNICODE_STRING), 

1222 ('HighestRecordType', LSA_FOREST_TRUST_RECORD_TYPE), 

1223 ) 

1224 

1225class LsarQueryForestTrustInformationResponse(NDRCALL): 

1226 structure = ( 

1227 ('ForestTrustInfo', PLSA_FOREST_TRUST_INFORMATION), 

1228 ('ErrorCode', NTSTATUS), 

1229 ) 

1230 

1231# 3.1.4.7.16 LsarSetForestTrustInformation (Opnum 74) 

1232 

1233# 3.1.4.8.1 LsarEnumeratePrivileges (Opnum 2) 

1234class LsarEnumeratePrivileges(NDRCALL): 

1235 opnum = 2 

1236 structure = ( 

1237 ('PolicyHandle', LSAPR_HANDLE), 

1238 ('EnumerationContext', ULONG), 

1239 ('PreferedMaximumLength', ULONG), 

1240 ) 

1241 

1242class LsarEnumeratePrivilegesResponse(NDRCALL): 

1243 structure = ( 

1244 ('EnumerationContext', ULONG), 

1245 ('EnumerationBuffer', LSAPR_PRIVILEGE_ENUM_BUFFER), 

1246 ('ErrorCode', NTSTATUS), 

1247 ) 

1248 

1249# 3.1.4.8.2 LsarLookupPrivilegeValue (Opnum 31) 

1250class LsarLookupPrivilegeValue(NDRCALL): 

1251 opnum = 31 

1252 structure = ( 

1253 ('PolicyHandle', LSAPR_HANDLE), 

1254 ('Name', RPC_UNICODE_STRING), 

1255 ) 

1256 

1257class LsarLookupPrivilegeValueResponse(NDRCALL): 

1258 structure = ( 

1259 ('Value', LUID), 

1260 ('ErrorCode', NTSTATUS), 

1261 ) 

1262 

1263# 3.1.4.8.3 LsarLookupPrivilegeName (Opnum 32) 

1264class LsarLookupPrivilegeName(NDRCALL): 

1265 opnum = 32 

1266 structure = ( 

1267 ('PolicyHandle', LSAPR_HANDLE), 

1268 ('Value', LUID), 

1269 ) 

1270 

1271class LsarLookupPrivilegeNameResponse(NDRCALL): 

1272 structure = ( 

1273 ('Name', PRPC_UNICODE_STRING), 

1274 ('ErrorCode', NTSTATUS), 

1275 ) 

1276 

1277# 3.1.4.8.4 LsarLookupPrivilegeDisplayName (Opnum 33) 

1278class LsarLookupPrivilegeDisplayName(NDRCALL): 

1279 opnum = 33 

1280 structure = ( 

1281 ('PolicyHandle', LSAPR_HANDLE), 

1282 ('Name', RPC_UNICODE_STRING), 

1283 ('ClientLanguage', USHORT), 

1284 ('ClientSystemDefaultLanguage', USHORT), 

1285 ) 

1286 

1287class LsarLookupPrivilegeDisplayNameResponse(NDRCALL): 

1288 structure = ( 

1289 ('Name', PRPC_UNICODE_STRING), 

1290 ('LanguageReturned', UCHAR), 

1291 ('ErrorCode', NTSTATUS), 

1292 ) 

1293 

1294# 3.1.4.9.1 LsarQuerySecurityObject (Opnum 3) 

1295class LsarQuerySecurityObject(NDRCALL): 

1296 opnum = 3 

1297 structure = ( 

1298 ('PolicyHandle', LSAPR_HANDLE), 

1299 ('SecurityInformation', SECURITY_INFORMATION), 

1300 ) 

1301 

1302class LsarQuerySecurityObjectResponse(NDRCALL): 

1303 structure = ( 

1304 ('SecurityDescriptor', PLSAPR_SR_SECURITY_DESCRIPTOR), 

1305 ('ErrorCode', NTSTATUS), 

1306 ) 

1307 

1308# 3.1.4.9.2 LsarSetSecurityObject (Opnum 4) 

1309class LsarSetSecurityObject(NDRCALL): 

1310 opnum = 4 

1311 structure = ( 

1312 ('PolicyHandle', LSAPR_HANDLE), 

1313 ('SecurityInformation', SECURITY_INFORMATION), 

1314 ('SecurityDescriptor', LSAPR_SR_SECURITY_DESCRIPTOR), 

1315 ) 

1316 

1317class LsarSetSecurityObjectResponse(NDRCALL): 

1318 structure = ( 

1319 ('ErrorCode', NTSTATUS), 

1320 ) 

1321 

1322# 3.1.4.9.3 LsarDeleteObject (Opnum 34) 

1323class LsarDeleteObject(NDRCALL): 

1324 opnum = 34 

1325 structure = ( 

1326 ('ObjectHandle', LSAPR_HANDLE), 

1327 ) 

1328 

1329class LsarDeleteObjectResponse(NDRCALL): 

1330 structure = ( 

1331 ('ObjectHandle', LSAPR_HANDLE), 

1332 ('ErrorCode', NTSTATUS), 

1333 ) 

1334 

1335# 3.1.4.9.4 LsarClose (Opnum 0) 

1336class LsarClose(NDRCALL): 

1337 opnum = 0 

1338 structure = ( 

1339 ('ObjectHandle', LSAPR_HANDLE), 

1340 ) 

1341 

1342class LsarCloseResponse(NDRCALL): 

1343 structure = ( 

1344 ('ObjectHandle', LSAPR_HANDLE), 

1345 ('ErrorCode', NTSTATUS), 

1346 ) 

1347 

1348################################################################################ 

1349# OPNUMs and their corresponding structures 

1350################################################################################ 

1351OPNUMS = { 

1352 0 : (LsarClose, LsarCloseResponse), 

1353 2 : (LsarEnumeratePrivileges, LsarEnumeratePrivilegesResponse), 

1354 3 : (LsarQuerySecurityObject, LsarQuerySecurityObjectResponse), 

1355 4 : (LsarSetSecurityObject, LsarSetSecurityObjectResponse), 

1356 6 : (LsarOpenPolicy, LsarOpenPolicyResponse), 

1357 7 : (LsarQueryInformationPolicy, LsarQueryInformationPolicyResponse), 

1358 8 : (LsarSetInformationPolicy, LsarSetInformationPolicyResponse), 

135910 : (LsarCreateAccount, LsarCreateAccountResponse), 

136011 : (LsarEnumerateAccounts, LsarEnumerateAccountsResponse), 

1361#12 : (LsarCreateTrustedDomain, LsarCreateTrustedDomainResponse), 

136213 : (LsarEnumerateTrustedDomains, LsarEnumerateTrustedDomainsResponse), 

136316 : (LsarCreateSecret, LsarCreateSecretResponse), 

136417 : (LsarOpenAccount, LsarOpenAccountResponse), 

136518 : (LsarEnumeratePrivilegesAccount, LsarEnumeratePrivilegesAccountResponse), 

136619 : (LsarAddPrivilegesToAccount, LsarAddPrivilegesToAccountResponse), 

136720 : (LsarRemovePrivilegesFromAccount, LsarRemovePrivilegesFromAccountResponse), 

136823 : (LsarGetSystemAccessAccount, LsarGetSystemAccessAccountResponse), 

136924 : (LsarSetSystemAccessAccount, LsarSetSystemAccessAccountResponse), 

1370#25 : (LsarOpenTrustedDomain, LsarOpenTrustedDomainResponse), 

1371#26 : (LsarQueryInfoTrustedDomain, LsarQueryInfoTrustedDomainResponse), 

1372#27 : (LsarSetInformationTrustedDomain, LsarSetInformationTrustedDomainResponse), 

137328 : (LsarOpenSecret, LsarOpenSecretResponse), 

137429 : (LsarSetSecret, LsarSetSecretResponse), 

137530 : (LsarQuerySecret, LsarQuerySecretResponse), 

137631 : (LsarLookupPrivilegeValue, LsarLookupPrivilegeValueResponse), 

137732 : (LsarLookupPrivilegeName, LsarLookupPrivilegeNameResponse), 

137833 : (LsarLookupPrivilegeDisplayName, LsarLookupPrivilegeDisplayNameResponse), 

137934 : (LsarDeleteObject, LsarDeleteObjectResponse), 

138035 : (LsarEnumerateAccountsWithUserRight, LsarEnumerateAccountsWithUserRightResponse), 

138136 : (LsarEnumerateAccountRights, LsarEnumerateAccountRightsResponse), 

138237 : (LsarAddAccountRights, LsarAddAccountRightsResponse), 

138338 : (LsarRemoveAccountRights, LsarRemoveAccountRightsResponse), 

1384#39 : (LsarQueryTrustedDomainInfo, LsarQueryTrustedDomainInfoResponse), 

1385#40 : (LsarSetTrustedDomainInfo, LsarSetTrustedDomainInfoResponse), 

1386#41 : (LsarDeleteTrustedDomain, LsarDeleteTrustedDomainResponse), 

138742 : (LsarStorePrivateData, LsarStorePrivateDataResponse), 

138843 : (LsarRetrievePrivateData, LsarRetrievePrivateDataResponse), 

138944 : (LsarOpenPolicy2, LsarOpenPolicy2Response), 

139046 : (LsarQueryInformationPolicy2, LsarQueryInformationPolicy2Response), 

139147 : (LsarSetInformationPolicy2, LsarSetInformationPolicy2Response), 

1392#48 : (LsarQueryTrustedDomainInfoByName, LsarQueryTrustedDomainInfoByNameResponse), 

1393#49 : (LsarSetTrustedDomainInfoByName, LsarSetTrustedDomainInfoByNameResponse), 

139450 : (LsarEnumerateTrustedDomainsEx, LsarEnumerateTrustedDomainsExResponse), 

1395#51 : (LsarCreateTrustedDomainEx, LsarCreateTrustedDomainExResponse), 

139653 : (LsarQueryDomainInformationPolicy, LsarQueryDomainInformationPolicyResponse), 

1397#54 : (LsarSetDomainInformationPolicy, LsarSetDomainInformationPolicyResponse), 

1398#55 : (LsarOpenTrustedDomainByName, LsarOpenTrustedDomainByNameResponse), 

1399#59 : (LsarCreateTrustedDomainEx2, LsarCreateTrustedDomainEx2Response), 

1400#73 : (LsarQueryForestTrustInformation, LsarQueryForestTrustInformationResponse), 

1401#74 : (LsarSetForestTrustInformation, LsarSetForestTrustInformationResponse), 

1402} 

1403 

1404################################################################################ 

1405# HELPER FUNCTIONS 

1406################################################################################ 

1407def hLsarOpenPolicy2(dce, desiredAccess = MAXIMUM_ALLOWED): 

1408 request = LsarOpenPolicy2() 

1409 request['SystemName'] = NULL 

1410 request['ObjectAttributes']['RootDirectory'] = NULL 

1411 request['ObjectAttributes']['ObjectName'] = NULL 

1412 request['ObjectAttributes']['SecurityDescriptor'] = NULL 

1413 request['ObjectAttributes']['SecurityQualityOfService'] = NULL 

1414 request['DesiredAccess'] = desiredAccess 

1415 return dce.request(request) 

1416 

1417def hLsarOpenPolicy(dce, desiredAccess = MAXIMUM_ALLOWED): 

1418 request = LsarOpenPolicy() 

1419 request['SystemName'] = NULL 

1420 request['ObjectAttributes']['RootDirectory'] = NULL 

1421 request['ObjectAttributes']['ObjectName'] = NULL 

1422 request['ObjectAttributes']['SecurityDescriptor'] = NULL 

1423 request['ObjectAttributes']['SecurityQualityOfService'] = NULL 

1424 request['DesiredAccess'] = desiredAccess 

1425 return dce.request(request) 

1426 

1427def hLsarQueryInformationPolicy2(dce, policyHandle, informationClass): 

1428 request = LsarQueryInformationPolicy2() 

1429 request['PolicyHandle'] = policyHandle 

1430 request['InformationClass'] = informationClass 

1431 return dce.request(request) 

1432 

1433def hLsarQueryInformationPolicy(dce, policyHandle, informationClass): 

1434 request = LsarQueryInformationPolicy() 

1435 request['PolicyHandle'] = policyHandle 

1436 request['InformationClass'] = informationClass 

1437 return dce.request(request) 

1438 

1439def hLsarQueryDomainInformationPolicy(dce, policyHandle, informationClass): 

1440 request = LsarQueryInformationPolicy() 

1441 request['PolicyHandle'] = policyHandle 

1442 request['InformationClass'] = informationClass 

1443 return dce.request(request) 

1444 

1445def hLsarEnumerateAccounts(dce, policyHandle, preferedMaximumLength=0xffffffff): 

1446 request = LsarEnumerateAccounts() 

1447 request['PolicyHandle'] = policyHandle 

1448 request['PreferedMaximumLength'] = preferedMaximumLength 

1449 return dce.request(request) 

1450 

1451def hLsarEnumerateAccountsWithUserRight(dce, policyHandle, UserRight): 

1452 request = LsarEnumerateAccountsWithUserRight() 

1453 request['PolicyHandle'] = policyHandle 

1454 request['UserRight'] = UserRight 

1455 return dce.request(request) 

1456 

1457def hLsarEnumerateTrustedDomainsEx(dce, policyHandle, enumerationContext=0, preferedMaximumLength=0xffffffff): 

1458 request = LsarEnumerateTrustedDomainsEx() 

1459 request['PolicyHandle'] = policyHandle 

1460 request['EnumerationContext'] = enumerationContext 

1461 request['PreferedMaximumLength'] = preferedMaximumLength 

1462 return dce.request(request) 

1463 

1464def hLsarEnumerateTrustedDomains(dce, policyHandle, enumerationContext=0, preferedMaximumLength=0xffffffff): 

1465 request = LsarEnumerateTrustedDomains() 

1466 request['PolicyHandle'] = policyHandle 

1467 request['EnumerationContext'] = enumerationContext 

1468 request['PreferedMaximumLength'] = preferedMaximumLength 

1469 return dce.request(request) 

1470 

1471def hLsarOpenAccount(dce, policyHandle, accountSid, desiredAccess=MAXIMUM_ALLOWED): 

1472 request = LsarOpenAccount() 

1473 request['PolicyHandle'] = policyHandle 

1474 request['AccountSid'].fromCanonical(accountSid) 

1475 request['DesiredAccess'] = desiredAccess 

1476 return dce.request(request) 

1477 

1478def hLsarClose(dce, objectHandle): 

1479 request = LsarClose() 

1480 request['ObjectHandle'] = objectHandle 

1481 return dce.request(request) 

1482 

1483def hLsarCreateAccount(dce, policyHandle, accountSid, desiredAccess=MAXIMUM_ALLOWED): 

1484 request = LsarCreateAccount() 

1485 request['PolicyHandle'] = policyHandle 

1486 request['AccountSid'].fromCanonical(accountSid) 

1487 request['DesiredAccess'] = desiredAccess 

1488 return dce.request(request) 

1489 

1490def hLsarDeleteObject(dce, objectHandle): 

1491 request = LsarDeleteObject() 

1492 request['ObjectHandle'] = objectHandle 

1493 return dce.request(request) 

1494 

1495def hLsarEnumeratePrivilegesAccount(dce, accountHandle): 

1496 request = LsarEnumeratePrivilegesAccount() 

1497 request['AccountHandle'] = accountHandle 

1498 return dce.request(request) 

1499 

1500def hLsarGetSystemAccessAccount(dce, accountHandle): 

1501 request = LsarGetSystemAccessAccount() 

1502 request['AccountHandle'] = accountHandle 

1503 return dce.request(request) 

1504 

1505def hLsarSetSystemAccessAccount(dce, accountHandle, systemAccess): 

1506 request = LsarSetSystemAccessAccount() 

1507 request['AccountHandle'] = accountHandle 

1508 request['SystemAccess'] = systemAccess 

1509 return dce.request(request) 

1510 

1511def hLsarAddPrivilegesToAccount(dce, accountHandle, privileges): 

1512 request = LsarAddPrivilegesToAccount() 

1513 request['AccountHandle'] = accountHandle 

1514 request['Privileges']['PrivilegeCount'] = len(privileges) 

1515 request['Privileges']['Control'] = 0 

1516 for priv in privileges: 

1517 request['Privileges']['Privilege'].append(priv) 

1518 

1519 return dce.request(request) 

1520 

1521def hLsarRemovePrivilegesFromAccount(dce, accountHandle, privileges, allPrivileges = False): 

1522 request = LsarRemovePrivilegesFromAccount() 

1523 request['AccountHandle'] = accountHandle 

1524 request['Privileges']['Control'] = 0 

1525 if privileges != NULL: 

1526 request['Privileges']['PrivilegeCount'] = len(privileges) 

1527 for priv in privileges: 

1528 request['Privileges']['Privilege'].append(priv) 

1529 else: 

1530 request['Privileges']['PrivilegeCount'] = NULL 

1531 request['AllPrivileges'] = allPrivileges 

1532 

1533 return dce.request(request) 

1534 

1535def hLsarEnumerateAccountRights(dce, policyHandle, accountSid): 

1536 request = LsarEnumerateAccountRights() 

1537 request['PolicyHandle'] = policyHandle 

1538 request['AccountSid'].fromCanonical(accountSid) 

1539 return dce.request(request) 

1540 

1541def hLsarAddAccountRights(dce, policyHandle, accountSid, userRights): 

1542 request = LsarAddAccountRights() 

1543 request['PolicyHandle'] = policyHandle 

1544 request['AccountSid'].fromCanonical(accountSid) 

1545 request['UserRights']['EntriesRead'] = len(userRights) 

1546 for userRight in userRights: 

1547 right = RPC_UNICODE_STRING() 

1548 right['Data'] = userRight 

1549 request['UserRights']['UserRights'].append(right) 

1550 

1551 return dce.request(request) 

1552 

1553def hLsarRemoveAccountRights(dce, policyHandle, accountSid, userRights): 

1554 request = LsarRemoveAccountRights() 

1555 request['PolicyHandle'] = policyHandle 

1556 request['AccountSid'].fromCanonical(accountSid) 

1557 request['UserRights']['EntriesRead'] = len(userRights) 

1558 for userRight in userRights: 

1559 right = RPC_UNICODE_STRING() 

1560 right['Data'] = userRight 

1561 request['UserRights']['UserRights'].append(right) 

1562 

1563 return dce.request(request) 

1564 

1565def hLsarCreateSecret(dce, policyHandle, secretName, desiredAccess=MAXIMUM_ALLOWED): 

1566 request = LsarCreateSecret() 

1567 request['PolicyHandle'] = policyHandle 

1568 request['SecretName'] = secretName 

1569 request['DesiredAccess'] = desiredAccess 

1570 return dce.request(request) 

1571 

1572def hLsarOpenSecret(dce, policyHandle, secretName, desiredAccess=MAXIMUM_ALLOWED): 

1573 request = LsarOpenSecret() 

1574 request['PolicyHandle'] = policyHandle 

1575 request['SecretName'] = secretName 

1576 request['DesiredAccess'] = desiredAccess 

1577 return dce.request(request) 

1578 

1579def hLsarSetSecret(dce, secretHandle, encryptedCurrentValue, encryptedOldValue): 

1580 request = LsarOpenSecret() 

1581 request['SecretHandle'] = secretHandle 

1582 if encryptedCurrentValue != NULL: 

1583 request['EncryptedCurrentValue']['Length'] = len(encryptedCurrentValue) 

1584 request['EncryptedCurrentValue']['MaximumLength'] = len(encryptedCurrentValue) 

1585 request['EncryptedCurrentValue']['Buffer'] = list(encryptedCurrentValue) 

1586 if encryptedOldValue != NULL: 

1587 request['EncryptedOldValue']['Length'] = len(encryptedOldValue) 

1588 request['EncryptedOldValue']['MaximumLength'] = len(encryptedOldValue) 

1589 request['EncryptedOldValue']['Buffer'] = list(encryptedOldValue) 

1590 return dce.request(request) 

1591 

1592def hLsarQuerySecret(dce, secretHandle): 

1593 request = LsarQuerySecret() 

1594 request['SecretHandle'] = secretHandle 

1595 request['EncryptedCurrentValue']['Buffer'] = NULL 

1596 request['EncryptedOldValue']['Buffer'] = NULL 

1597 request['OldValueSetTime'] = NULL 

1598 return dce.request(request) 

1599 

1600def hLsarRetrievePrivateData(dce, policyHandle, keyName): 

1601 request = LsarRetrievePrivateData() 

1602 request['PolicyHandle'] = policyHandle 

1603 request['KeyName'] = keyName 

1604 retVal = dce.request(request) 

1605 return b''.join(retVal['EncryptedData']['Buffer']) 

1606 

1607def hLsarStorePrivateData(dce, policyHandle, keyName, encryptedData): 

1608 request = LsarStorePrivateData() 

1609 request['PolicyHandle'] = policyHandle 

1610 request['KeyName'] = keyName 

1611 if encryptedData != NULL: 

1612 request['EncryptedData']['Length'] = len(encryptedData) 

1613 request['EncryptedData']['MaximumLength'] = len(encryptedData) 

1614 request['EncryptedData']['Buffer'] = list(encryptedData) 

1615 else: 

1616 request['EncryptedData'] = NULL 

1617 return dce.request(request) 

1618 

1619def hLsarEnumeratePrivileges(dce, policyHandle, enumerationContext = 0, preferedMaximumLength = 0xffffffff): 

1620 request = LsarEnumeratePrivileges() 

1621 request['PolicyHandle'] = policyHandle 

1622 request['EnumerationContext'] = enumerationContext 

1623 request['PreferedMaximumLength'] = preferedMaximumLength 

1624 return dce.request(request) 

1625 

1626def hLsarLookupPrivilegeValue(dce, policyHandle, name): 

1627 request = LsarLookupPrivilegeValue() 

1628 request['PolicyHandle'] = policyHandle 

1629 request['Name'] = name 

1630 return dce.request(request) 

1631 

1632def hLsarLookupPrivilegeName(dce, policyHandle, luid): 

1633 request = LsarLookupPrivilegeName() 

1634 request['PolicyHandle'] = policyHandle 

1635 request['Value'] = luid 

1636 return dce.request(request) 

1637 

1638def hLsarQuerySecurityObject(dce, policyHandle, securityInformation = OWNER_SECURITY_INFORMATION): 

1639 request = LsarQuerySecurityObject() 

1640 request['PolicyHandle'] = policyHandle 

1641 request['SecurityInformation'] = securityInformation 

1642 retVal = dce.request(request) 

1643 return b''.join(retVal['SecurityDescriptor']['SecurityDescriptor']) 

1644 

1645def hLsarSetSecurityObject(dce, policyHandle, securityInformation, securityDescriptor): 

1646 request = LsarSetSecurityObject() 

1647 request['PolicyHandle'] = policyHandle 

1648 request['SecurityInformation'] = securityInformation 

1649 request['SecurityDescriptor']['Length'] = len(securityDescriptor) 

1650 request['SecurityDescriptor']['SecurityDescriptor'] = list(securityDescriptor) 

1651 return dce.request(request) 

1652 

1653def hLsarSetInformationPolicy2(dce, policyHandle, informationClass, policyInformation): 

1654 request = LsarSetInformationPolicy2() 

1655 request['PolicyHandle'] = policyHandle 

1656 request['InformationClass'] = informationClass 

1657 request['PolicyInformation'] = policyInformation 

1658 return dce.request(request) 

1659 

1660def hLsarSetInformationPolicy(dce, policyHandle, informationClass, policyInformation): 

1661 request = LsarSetInformationPolicy() 

1662 request['PolicyHandle'] = policyHandle 

1663 request['InformationClass'] = informationClass 

1664 request['PolicyInformation'] = policyInformation 

1665 return dce.request(request)