Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved. 

2# 

3# This software is provided under under a slightly modified version 

4# of the Apache Software License. See the accompanying LICENSE file 

5# for more information. 

6# 

7# Author: Alberto Solino (@agsolino) 

8# 

9# Description: 

10# [MS-NRPC] Interface implementation 

11# 

12# Best way to learn how to use these calls is to grab the protocol standard 

13# so you understand what the call does, and then read the test case located 

14# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC 

15# 

16# Some calls have helper functions, which makes it even easier to use. 

17# They are located at the end of this file. 

18# Helper functions start with "h"<name of the call>. 

19# There are test cases for them too. 

20# 

21from struct import pack 

22from six import b 

23from impacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRENUM, NDRUNION, NDRPOINTER, NDRUniConformantArray, \ 

24 NDRUniFixedArray, NDRUniConformantVaryingArray 

25from impacket.dcerpc.v5.dtypes import WSTR, LPWSTR, DWORD, ULONG, USHORT, PGUID, NTSTATUS, NULL, LONG, UCHAR, PRPC_SID, \ 

26 GUID, RPC_UNICODE_STRING, SECURITY_INFORMATION, LPULONG 

27from impacket import system_errors, nt_errors 

28from impacket.uuid import uuidtup_to_bin 

29from impacket.dcerpc.v5.enum import Enum 

30from impacket.dcerpc.v5.samr import OLD_LARGE_INTEGER 

31from impacket.dcerpc.v5.lsad import PLSA_FOREST_TRUST_INFORMATION 

32from impacket.dcerpc.v5.rpcrt import DCERPCException 

33from impacket.structure import Structure 

34from impacket import ntlm, crypto, LOG 

35import hmac 

36import hashlib 

37try: 

38 from Cryptodome.Cipher import DES, AES, ARC4 

39except ImportError: 

40 LOG.critical("Warning: You don't have any crypto installed. You need pycryptodomex") 

41 LOG.critical("See https://pypi.org/project/pycryptodomex/") 

42 

43MSRPC_UUID_NRPC = uuidtup_to_bin(('12345678-1234-ABCD-EF00-01234567CFFB', '1.0')) 

44 

45class DCERPCSessionError(DCERPCException): 

46 def __init__(self, error_string=None, error_code=None, packet=None): 

47 DCERPCException.__init__(self, error_string, error_code, packet) 

48 

49 def __str__( self ): 

50 key = self.error_code 

51 if key in system_errors.ERROR_MESSAGES: 

52 error_msg_short = system_errors.ERROR_MESSAGES[key][0] 

53 error_msg_verbose = system_errors.ERROR_MESSAGES[key][1] 

54 return 'NRPC SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose) 

55 elif key in nt_errors.ERROR_MESSAGES: 

56 error_msg_short = nt_errors.ERROR_MESSAGES[key][0] 

57 error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1] 

58 return 'NRPC SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose) 

59 else: 

60 return 'NRPC SessionError: unknown error code: 0x%x' % (self.error_code) 

61 

62################################################################################ 

63# CONSTANTS 

64################################################################################ 

65# 2.2.1.2.5 NL_DNS_NAME_INFO 

66# Type 

67NlDnsLdapAtSite = 22 

68NlDnsGcAtSite = 25 

69NlDnsDsaCname = 28 

70NlDnsKdcAtSite = 30 

71NlDnsDcAtSite = 32 

72NlDnsRfc1510KdcAtSite = 34 

73NlDnsGenericGcAtSite = 36 

74 

75# DnsDomainInfoType 

76NlDnsDomainName = 1 

77NlDnsDomainNameAlias = 2 

78NlDnsForestName = 3 

79NlDnsForestNameAlias = 4 

80NlDnsNdncDomainName = 5 

81NlDnsRecordName = 6 

82 

83# 2.2.1.3.15 NL_OSVERSIONINFO_V1 

84# wSuiteMask 

85VER_SUITE_BACKOFFICE = 0x00000004 

86VER_SUITE_BLADE = 0x00000400 

87VER_SUITE_COMPUTE_SERVER = 0x00004000 

88VER_SUITE_DATACENTER = 0x00000080 

89VER_SUITE_ENTERPRISE = 0x00000002 

90VER_SUITE_EMBEDDEDNT = 0x00000040 

91VER_SUITE_PERSONAL = 0x00000200 

92VER_SUITE_SINGLEUSERTS = 0x00000100 

93VER_SUITE_SMALLBUSINESS = 0x00000001 

94VER_SUITE_SMALLBUSINESS_RESTRICTED = 0x00000020 

95VER_SUITE_STORAGE_SERVER = 0x00002000 

96VER_SUITE_TERMINAL = 0x00000010 

97 

98# wProductType 

99VER_NT_DOMAIN_CONTROLLER = 0x00000002 

100VER_NT_SERVER = 0x00000003 

101VER_NT_WORKSTATION = 0x00000001 

102 

103# 2.2.1.4.18 NETLOGON Specific Access Masks 

104NETLOGON_UAS_LOGON_ACCESS = 0x0001 

105NETLOGON_UAS_LOGOFF_ACCESS = 0x0002 

106NETLOGON_CONTROL_ACCESS = 0x0004 

107NETLOGON_QUERY_ACCESS = 0x0008 

108NETLOGON_SERVICE_ACCESS = 0x0010 

109NETLOGON_FTINFO_ACCESS = 0x0020 

110NETLOGON_WKSTA_RPC_ACCESS = 0x0040 

111 

112# 3.5.4.9.1 NetrLogonControl2Ex (Opnum 18) 

113# FunctionCode 

114NETLOGON_CONTROL_QUERY = 0x00000001 

115NETLOGON_CONTROL_REPLICATE = 0x00000002 

116NETLOGON_CONTROL_SYNCHRONIZE = 0x00000003 

117NETLOGON_CONTROL_PDC_REPLICATE = 0x00000004 

118NETLOGON_CONTROL_REDISCOVER = 0x00000005 

119NETLOGON_CONTROL_TC_QUERY = 0x00000006 

120NETLOGON_CONTROL_TRANSPORT_NOTIFY = 0x00000007 

121NETLOGON_CONTROL_FIND_USER = 0x00000008 

122NETLOGON_CONTROL_CHANGE_PASSWORD = 0x00000009 

123NETLOGON_CONTROL_TC_VERIFY = 0x0000000A 

124NETLOGON_CONTROL_FORCE_DNS_REG = 0x0000000B 

125NETLOGON_CONTROL_QUERY_DNS_REG = 0x0000000C 

126NETLOGON_CONTROL_BACKUP_CHANGE_LOG = 0x0000FFFC 

127NETLOGON_CONTROL_TRUNCATE_LOG = 0x0000FFFD 

128NETLOGON_CONTROL_SET_DBFLAG = 0x0000FFFE 

129NETLOGON_CONTROL_BREAKPOINT = 0x0000FFFF 

130 

131################################################################################ 

132# STRUCTURES 

133################################################################################ 

134# 3.5.4.1 RPC Binding Handles for Netlogon Methods 

135LOGONSRV_HANDLE = WSTR 

136PLOGONSRV_HANDLE = LPWSTR 

137 

138# 2.2.1.1.1 CYPHER_BLOCK 

139class CYPHER_BLOCK(NDRSTRUCT): 

140 structure = ( 

141 ('Data', '8s=b""'), 

142 ) 

143 def getAlignment(self): 

144 return 1 

145 

146NET_API_STATUS = DWORD 

147 

148# 2.2.1.1.2 STRING 

149from impacket.dcerpc.v5.lsad import STRING 

150 

151# 2.2.1.1.3 LM_OWF_PASSWORD 

152class CYPHER_BLOCK_ARRAY(NDRUniFixedArray): 

153 def getDataLen(self, data, offset=0): 

154 return len(CYPHER_BLOCK())*2 

155 

156class LM_OWF_PASSWORD(NDRSTRUCT): 

157 structure = ( 

158 ('Data', CYPHER_BLOCK_ARRAY), 

159 ) 

160 

161# 2.2.1.1.4 NT_OWF_PASSWORD 

162NT_OWF_PASSWORD = LM_OWF_PASSWORD 

163ENCRYPTED_NT_OWF_PASSWORD = NT_OWF_PASSWORD 

164 

165# 2.2.1.3.4 NETLOGON_CREDENTIAL 

166class UCHAR_FIXED_ARRAY(NDRUniFixedArray): 

167 align = 1 

168 def getDataLen(self, data, offset=0): 

169 return len(CYPHER_BLOCK()) 

170 

171class NETLOGON_CREDENTIAL(NDRSTRUCT): 

172 structure = ( 

173 ('Data',UCHAR_FIXED_ARRAY), 

174 ) 

175 def getAlignment(self): 

176 return 1 

177 

178# 2.2.1.1.5 NETLOGON_AUTHENTICATOR 

179class NETLOGON_AUTHENTICATOR(NDRSTRUCT): 

180 structure = ( 

181 ('Credential', NETLOGON_CREDENTIAL), 

182 ('Timestamp', DWORD), 

183 ) 

184 

185class PNETLOGON_AUTHENTICATOR(NDRPOINTER): 

186 referent = ( 

187 ('Data', NETLOGON_AUTHENTICATOR), 

188 ) 

189 

190# 2.2.1.2.1 DOMAIN_CONTROLLER_INFOW 

191class DOMAIN_CONTROLLER_INFOW(NDRSTRUCT): 

192 structure = ( 

193 ('DomainControllerName', LPWSTR), 

194 ('DomainControllerAddress', LPWSTR), 

195 ('DomainControllerAddressType', ULONG), 

196 ('DomainGuid', GUID), 

197 ('DomainName', LPWSTR), 

198 ('DnsForestName', LPWSTR), 

199 ('Flags', ULONG), 

200 ('DcSiteName', LPWSTR), 

201 ('ClientSiteName', LPWSTR), 

202 ) 

203 

204class PDOMAIN_CONTROLLER_INFOW(NDRPOINTER): 

205 referent = ( 

206 ('Data', DOMAIN_CONTROLLER_INFOW), 

207 ) 

208 

209# 2.2.1.2.2 NL_SITE_NAME_ARRAY 

210class RPC_UNICODE_STRING_ARRAY(NDRUniConformantArray): 

211 item = RPC_UNICODE_STRING 

212 

213class PRPC_UNICODE_STRING_ARRAY(NDRPOINTER): 

214 referent = ( 

215 ('Data', RPC_UNICODE_STRING_ARRAY), 

216 ) 

217 

218class NL_SITE_NAME_ARRAY(NDRSTRUCT): 

219 structure = ( 

220 ('EntryCount', ULONG), 

221 ('SiteNames', PRPC_UNICODE_STRING_ARRAY), 

222 ) 

223 

224class PNL_SITE_NAME_ARRAY(NDRPOINTER): 

225 referent = ( 

226 ('Data', NL_SITE_NAME_ARRAY), 

227 ) 

228 

229# 2.2.1.2.3 NL_SITE_NAME_EX_ARRAY 

230class RPC_UNICODE_STRING_ARRAY(NDRUniConformantArray): 

231 item = RPC_UNICODE_STRING 

232 

233class NL_SITE_NAME_EX_ARRAY(NDRSTRUCT): 

234 structure = ( 

235 ('EntryCount', ULONG), 

236 ('SiteNames', PRPC_UNICODE_STRING_ARRAY), 

237 ('SubnetNames', PRPC_UNICODE_STRING_ARRAY), 

238 ) 

239 

240class PNL_SITE_NAME_EX_ARRAY(NDRPOINTER): 

241 referent = ( 

242 ('Data', NL_SITE_NAME_EX_ARRAY), 

243 ) 

244 

245# 2.2.1.2.4 NL_SOCKET_ADDRESS 

246# 2.2.1.2.4.1 IPv4 Address Structure 

247class IPv4Address(Structure): 

248 structure = ( 

249 ('AddressFamily', '<H=0'), 

250 ('Port', '<H=0'), 

251 ('Address', '<L=0'), 

252 ('Padding', '<L=0'), 

253 ) 

254 

255class UCHAR_ARRAY(NDRUniConformantArray): 

256 item = 'c' 

257 

258class PUCHAR_ARRAY(NDRPOINTER): 

259 referent = ( 

260 ('Data', UCHAR_ARRAY), 

261 ) 

262 

263class NL_SOCKET_ADDRESS(NDRSTRUCT): 

264 structure = ( 

265 ('lpSockaddr', PUCHAR_ARRAY), 

266 ('iSockaddrLength', ULONG), 

267 ) 

268 

269class NL_SOCKET_ADDRESS_ARRAY(NDRUniConformantArray): 

270 item = NL_SOCKET_ADDRESS 

271 

272# 2.2.1.2.5 NL_DNS_NAME_INFO 

273class NL_DNS_NAME_INFO(NDRSTRUCT): 

274 structure = ( 

275 ('Type', ULONG), 

276 ('DnsDomainInfoType', WSTR), 

277 ('Priority', ULONG), 

278 ('Weight', ULONG), 

279 ('Port', ULONG), 

280 ('Register', UCHAR), 

281 ('Status', ULONG), 

282 ) 

283 

284# 2.2.1.2.6 NL_DNS_NAME_INFO_ARRAY 

285class NL_DNS_NAME_INFO_ARRAY(NDRUniConformantArray): 

286 item = NL_DNS_NAME_INFO 

287 

288class PNL_DNS_NAME_INFO_ARRAY(NDRPOINTER): 

289 referent = ( 

290 ('Data', NL_DNS_NAME_INFO_ARRAY), 

291 ) 

292 

293class NL_DNS_NAME_INFO_ARRAY(NDRSTRUCT): 

294 structure = ( 

295 ('EntryCount', ULONG), 

296 ('DnsNamesInfo', PNL_DNS_NAME_INFO_ARRAY), 

297 ) 

298 

299# 2.2.1.3 Secure Channel Establishment and Maintenance Structures 

300# ToDo 

301 

302# 2.2.1.3.5 NETLOGON_LSA_POLICY_INFO 

303class NETLOGON_LSA_POLICY_INFO(NDRSTRUCT): 

304 structure = ( 

305 ('LsaPolicySize', ULONG), 

306 ('LsaPolicy', PUCHAR_ARRAY), 

307 ) 

308 

309class PNETLOGON_LSA_POLICY_INFO(NDRPOINTER): 

310 referent = ( 

311 ('Data', NETLOGON_LSA_POLICY_INFO), 

312 ) 

313 

314# 2.2.1.3.6 NETLOGON_WORKSTATION_INFO 

315class NETLOGON_WORKSTATION_INFO(NDRSTRUCT): 

316 structure = ( 

317 ('LsaPolicy', NETLOGON_LSA_POLICY_INFO), 

318 ('DnsHostName', LPWSTR), 

319 ('SiteName', LPWSTR), 

320 ('Dummy1', LPWSTR), 

321 ('Dummy2', LPWSTR), 

322 ('Dummy3', LPWSTR), 

323 ('Dummy4', LPWSTR), 

324 ('OsVersion', RPC_UNICODE_STRING), 

325 ('OsName', RPC_UNICODE_STRING), 

326 ('DummyString3', RPC_UNICODE_STRING), 

327 ('DummyString4', RPC_UNICODE_STRING), 

328 ('WorkstationFlags', ULONG), 

329 ('KerberosSupportedEncryptionTypes', ULONG), 

330 ('DummyLong3', ULONG), 

331 ('DummyLong4', ULONG), 

332 ) 

333 

334class PNETLOGON_WORKSTATION_INFO(NDRPOINTER): 

335 referent = ( 

336 ('Data', NETLOGON_WORKSTATION_INFO), 

337 ) 

338 

339# 2.2.1.3.7 NL_TRUST_PASSWORD 

340class NL_TRUST_PASSWORD_FIXED_ARRAY(NDRUniFixedArray): 

341 def getDataLen(self, data, offset=0): 

342 return 512+4 

343 

344 def getAlignment(self): 

345 return 1 

346 

347class WCHAR_ARRAY(NDRUniFixedArray): 

348 def getDataLen(self, data, offset=0): 

349 return 512 

350 

351class NL_TRUST_PASSWORD(NDRSTRUCT): 

352 structure = ( 

353 ('Buffer', WCHAR_ARRAY), 

354 ('Length', ULONG), 

355 ) 

356 

357class PNL_TRUST_PASSWORD(NDRPOINTER): 

358 referent = ( 

359 ('Data', NL_TRUST_PASSWORD), 

360 ) 

361 

362# 2.2.1.3.8 NL_PASSWORD_VERSION 

363class NL_PASSWORD_VERSION(NDRSTRUCT): 

364 structure = ( 

365 ('ReservedField', ULONG), 

366 ('PasswordVersionNumber', ULONG), 

367 ('PasswordVersionPresent', ULONG), 

368 ) 

369 

370# 2.2.1.3.9 NETLOGON_WORKSTATION_INFORMATION 

371class NETLOGON_WORKSTATION_INFORMATION(NDRUNION): 

372 commonHdr = ( 

373 ('tag', DWORD), 

374 ) 

375 

376 union = { 

377 1 : ('WorkstationInfo', PNETLOGON_WORKSTATION_INFO), 

378 2 : ('LsaPolicyInfo', PNETLOGON_LSA_POLICY_INFO), 

379 } 

380 

381# 2.2.1.3.10 NETLOGON_ONE_DOMAIN_INFO 

382class NETLOGON_ONE_DOMAIN_INFO(NDRSTRUCT): 

383 structure = ( 

384 ('DomainName', RPC_UNICODE_STRING), 

385 ('DnsDomainName', RPC_UNICODE_STRING), 

386 ('DnsForestName', RPC_UNICODE_STRING), 

387 ('DomainGuid', GUID), 

388 ('DomainSid', PRPC_SID), 

389 ('TrustExtension', RPC_UNICODE_STRING), 

390 ('DummyString2', RPC_UNICODE_STRING), 

391 ('DummyString3', RPC_UNICODE_STRING), 

392 ('DummyString4', RPC_UNICODE_STRING), 

393 ('DummyLong1', ULONG), 

394 ('DummyLong2', ULONG), 

395 ('DummyLong3', ULONG), 

396 ('DummyLong4', ULONG), 

397 ) 

398 

399class NETLOGON_ONE_DOMAIN_INFO_ARRAY(NDRUniConformantArray): 

400 item = NETLOGON_ONE_DOMAIN_INFO 

401 

402class PNETLOGON_ONE_DOMAIN_INFO_ARRAY(NDRPOINTER): 

403 referent = ( 

404 ('Data', NETLOGON_ONE_DOMAIN_INFO_ARRAY), 

405 ) 

406 

407# 2.2.1.3.11 NETLOGON_DOMAIN_INFO 

408class NETLOGON_DOMAIN_INFO(NDRSTRUCT): 

409 structure = ( 

410 ('PrimaryDomain', NETLOGON_ONE_DOMAIN_INFO), 

411 ('TrustedDomainCount', ULONG), 

412 ('TrustedDomains', PNETLOGON_ONE_DOMAIN_INFO_ARRAY), 

413 ('LsaPolicy', NETLOGON_LSA_POLICY_INFO), 

414 ('DnsHostNameInDs', RPC_UNICODE_STRING), 

415 ('DummyString2', RPC_UNICODE_STRING), 

416 ('DummyString3', RPC_UNICODE_STRING), 

417 ('DummyString4', RPC_UNICODE_STRING), 

418 ('WorkstationFlags', ULONG), 

419 ('SupportedEncTypes', ULONG), 

420 ('DummyLong3', ULONG), 

421 ('DummyLong4', ULONG), 

422 ) 

423 

424class PNETLOGON_DOMAIN_INFO(NDRPOINTER): 

425 referent = ( 

426 ('Data', NETLOGON_DOMAIN_INFO), 

427 ) 

428 

429# 2.2.1.3.12 NETLOGON_DOMAIN_INFORMATION 

430class NETLOGON_DOMAIN_INFORMATION(NDRUNION): 

431 commonHdr = ( 

432 ('tag', DWORD), 

433 ) 

434 

435 union = { 

436 1 : ('DomainInfo', PNETLOGON_DOMAIN_INFO), 

437 2 : ('LsaPolicyInfo', PNETLOGON_LSA_POLICY_INFO), 

438 } 

439 

440# 2.2.1.3.13 NETLOGON_SECURE_CHANNEL_TYPE 

441class NETLOGON_SECURE_CHANNEL_TYPE(NDRENUM): 

442 class enumItems(Enum): 

443 NullSecureChannel = 0 

444 MsvApSecureChannel = 1 

445 WorkstationSecureChannel = 2 

446 TrustedDnsDomainSecureChannel = 3 

447 TrustedDomainSecureChannel = 4 

448 UasServerSecureChannel = 5 

449 ServerSecureChannel = 6 

450 CdcServerSecureChannel = 7 

451 

452# 2.2.1.3.14 NETLOGON_CAPABILITIES 

453class NETLOGON_CAPABILITIES(NDRUNION): 

454 commonHdr = ( 

455 ('tag', DWORD), 

456 ) 

457 

458 union = { 

459 1 : ('ServerCapabilities', ULONG), 

460 } 

461 

462# 2.2.1.3.15 NL_OSVERSIONINFO_V1 

463class UCHAR_FIXED_ARRAY(NDRUniFixedArray): 

464 def getDataLen(self, data, offset=0): 

465 return 128 

466 

467class NL_OSVERSIONINFO_V1(NDRSTRUCT): 

468 structure = ( 

469 ('dwOSVersionInfoSize', DWORD), 

470 ('dwMajorVersion', DWORD), 

471 ('dwMinorVersion', DWORD), 

472 ('dwBuildNumber', DWORD), 

473 ('dwPlatformId', DWORD), 

474 ('szCSDVersion', UCHAR_FIXED_ARRAY), 

475 ('wServicePackMajor', USHORT), 

476 ('wServicePackMinor', USHORT), 

477 ('wSuiteMask', USHORT), 

478 ('wProductType', UCHAR), 

479 ('wReserved', UCHAR), 

480 ) 

481 

482class PNL_OSVERSIONINFO_V1(NDRPOINTER): 

483 referent = ( 

484 ('Data', NL_OSVERSIONINFO_V1), 

485 ) 

486 

487# 2.2.1.3.16 NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES_V1 

488class PLPWSTR(NDRPOINTER): 

489 referent = ( 

490 ('Data', LPWSTR), 

491 ) 

492 

493class NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES_V1(NDRSTRUCT): 

494 structure = ( 

495 ('ClientDnsHostName', PLPWSTR), 

496 ('OsVersionInfo', PNL_OSVERSIONINFO_V1), 

497 ('OsName', PLPWSTR), 

498 ) 

499 

500# 2.2.1.3.17 NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES 

501class NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES(NDRUNION): 

502 commonHdr = ( 

503 ('tag', DWORD), 

504 ) 

505 

506 union = { 

507 1 : ('V1', NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES_V1), 

508 } 

509 

510# 2.2.1.3.18 NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES_V1 

511class NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES_V1(NDRSTRUCT): 

512 structure = ( 

513 ('HubName', PLPWSTR), 

514 ('OldDnsHostName', PLPWSTR), 

515 ('SupportedEncTypes', LPULONG), 

516 ) 

517 

518# 2.2.1.3.19 NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES 

519class NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES(NDRUNION): 

520 commonHdr = ( 

521 ('tag', DWORD), 

522 ) 

523 

524 union = { 

525 1 : ('V1', NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES_V1), 

526 } 

527 

528# 2.2.1.4.1 LM_CHALLENGE 

529class CHAR_FIXED_8_ARRAY(NDRUniFixedArray): 

530 def getDataLen(self, data, offset=0): 

531 return 8 

532 

533class LM_CHALLENGE(NDRSTRUCT): 

534 structure = ( 

535 ('Data', CHAR_FIXED_8_ARRAY), 

536 ) 

537 

538# 2.2.1.4.15 NETLOGON_LOGON_IDENTITY_INFO 

539class NETLOGON_LOGON_IDENTITY_INFO(NDRSTRUCT): 

540 structure = ( 

541 ('LogonDomainName', RPC_UNICODE_STRING), 

542 ('ParameterControl', ULONG), 

543 ('Reserved', OLD_LARGE_INTEGER), 

544 ('UserName', RPC_UNICODE_STRING), 

545 ('Workstation', RPC_UNICODE_STRING), 

546 ) 

547 

548class PNETLOGON_LOGON_IDENTITY_INFO(NDRPOINTER): 

549 referent = ( 

550 ('Data', NETLOGON_LOGON_IDENTITY_INFO), 

551 ) 

552 

553# 2.2.1.4.2 NETLOGON_GENERIC_INFO 

554class NETLOGON_GENERIC_INFO(NDRSTRUCT): 

555 structure = ( 

556 ('Identity', NETLOGON_LOGON_IDENTITY_INFO), 

557 ('PackageName', RPC_UNICODE_STRING), 

558 ('DataLength', ULONG), 

559 ('LogonData', PUCHAR_ARRAY), 

560 ) 

561 

562class PNETLOGON_GENERIC_INFO(NDRPOINTER): 

563 referent = ( 

564 ('Data', NETLOGON_GENERIC_INFO), 

565 ) 

566 

567# 2.2.1.4.3 NETLOGON_INTERACTIVE_INFO 

568class NETLOGON_INTERACTIVE_INFO(NDRSTRUCT): 

569 structure = ( 

570 ('Identity', NETLOGON_LOGON_IDENTITY_INFO), 

571 ('LmOwfPassword', LM_OWF_PASSWORD), 

572 ('NtOwfPassword', NT_OWF_PASSWORD), 

573 ) 

574 

575class PNETLOGON_INTERACTIVE_INFO(NDRPOINTER): 

576 referent = ( 

577 ('Data', NETLOGON_INTERACTIVE_INFO), 

578 ) 

579 

580# 2.2.1.4.4 NETLOGON_SERVICE_INFO 

581class NETLOGON_SERVICE_INFO(NDRSTRUCT): 

582 structure = ( 

583 ('Identity', NETLOGON_LOGON_IDENTITY_INFO), 

584 ('LmOwfPassword', LM_OWF_PASSWORD), 

585 ('NtOwfPassword', NT_OWF_PASSWORD), 

586 ) 

587 

588class PNETLOGON_SERVICE_INFO(NDRPOINTER): 

589 referent = ( 

590 ('Data', NETLOGON_SERVICE_INFO), 

591 ) 

592 

593# 2.2.1.4.5 NETLOGON_NETWORK_INFO 

594class NETLOGON_NETWORK_INFO(NDRSTRUCT): 

595 structure = ( 

596 ('Identity', NETLOGON_LOGON_IDENTITY_INFO), 

597 ('LmChallenge', LM_CHALLENGE), 

598 ('NtChallengeResponse', STRING), 

599 ('LmChallengeResponse', STRING), 

600 ) 

601 

602class PNETLOGON_NETWORK_INFO(NDRPOINTER): 

603 referent = ( 

604 ('Data', NETLOGON_NETWORK_INFO), 

605 ) 

606 

607# 2.2.1.4.16 NETLOGON_LOGON_INFO_CLASS 

608class NETLOGON_LOGON_INFO_CLASS(NDRENUM): 

609 class enumItems(Enum): 

610 NetlogonInteractiveInformation = 1 

611 NetlogonNetworkInformation = 2 

612 NetlogonServiceInformation = 3 

613 NetlogonGenericInformation = 4 

614 NetlogonInteractiveTransitiveInformation = 5 

615 NetlogonNetworkTransitiveInformation = 6 

616 NetlogonServiceTransitiveInformation = 7 

617 

618# 2.2.1.4.6 NETLOGON_LEVEL 

619class NETLOGON_LEVEL(NDRUNION): 

620 union = { 

621 NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveInformation : ('LogonInteractive', PNETLOGON_INTERACTIVE_INFO), 

622 NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveTransitiveInformation : ('LogonInteractiveTransitive', PNETLOGON_INTERACTIVE_INFO), 

623 NETLOGON_LOGON_INFO_CLASS.NetlogonServiceInformation : ('LogonService', PNETLOGON_SERVICE_INFO), 

624 NETLOGON_LOGON_INFO_CLASS.NetlogonServiceTransitiveInformation : ('LogonServiceTransitive', PNETLOGON_SERVICE_INFO), 

625 NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkInformation : ('LogonNetwork', PNETLOGON_NETWORK_INFO), 

626 NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkTransitiveInformation : ('LogonNetworkTransitive', PNETLOGON_NETWORK_INFO), 

627 NETLOGON_LOGON_INFO_CLASS.NetlogonGenericInformation : ('LogonGeneric', PNETLOGON_GENERIC_INFO), 

628 } 

629 

630# 2.2.1.4.7 NETLOGON_SID_AND_ATTRIBUTES 

631class NETLOGON_SID_AND_ATTRIBUTES(NDRSTRUCT): 

632 structure = ( 

633 ('Sid', PRPC_SID), 

634 ('Attributes', ULONG), 

635 ) 

636 

637# 2.2.1.4.8 NETLOGON_VALIDATION_GENERIC_INFO2 

638class NETLOGON_VALIDATION_GENERIC_INFO2(NDRSTRUCT): 

639 structure = ( 

640 ('DataLength', ULONG), 

641 ('ValidationData', PUCHAR_ARRAY), 

642 ) 

643 

644class PNETLOGON_VALIDATION_GENERIC_INFO2(NDRPOINTER): 

645 referent = ( 

646 ('Data', NETLOGON_VALIDATION_GENERIC_INFO2), 

647 ) 

648 

649# 2.2.1.4.9 USER_SESSION_KEY 

650USER_SESSION_KEY = LM_OWF_PASSWORD 

651 

652# 2.2.1.4.10 GROUP_MEMBERSHIP 

653class GROUP_MEMBERSHIP(NDRSTRUCT): 

654 structure = ( 

655 ('RelativeId', ULONG), 

656 ('Attributes', ULONG), 

657 ) 

658 

659class GROUP_MEMBERSHIP_ARRAY(NDRUniConformantArray): 

660 item = GROUP_MEMBERSHIP 

661 

662class PGROUP_MEMBERSHIP_ARRAY(NDRPOINTER): 

663 referent = ( 

664 ('Data', GROUP_MEMBERSHIP_ARRAY), 

665 ) 

666 

667# 2.2.1.4.11 NETLOGON_VALIDATION_SAM_INFO 

668class LONG_ARRAY(NDRUniFixedArray): 

669 def getDataLen(self, data, offset=0): 

670 return 4*10 

671 

672class NETLOGON_VALIDATION_SAM_INFO(NDRSTRUCT): 

673 structure = ( 

674 ('LogonTime', OLD_LARGE_INTEGER), 

675 ('LogoffTime', OLD_LARGE_INTEGER), 

676 ('KickOffTime', OLD_LARGE_INTEGER), 

677 ('PasswordLastSet', OLD_LARGE_INTEGER), 

678 ('PasswordCanChange', OLD_LARGE_INTEGER), 

679 ('PasswordMustChange', OLD_LARGE_INTEGER), 

680 ('EffectiveName', RPC_UNICODE_STRING), 

681 ('FullName', RPC_UNICODE_STRING), 

682 ('LogonScript', RPC_UNICODE_STRING), 

683 ('ProfilePath', RPC_UNICODE_STRING), 

684 ('HomeDirectory', RPC_UNICODE_STRING), 

685 ('HomeDirectoryDrive', RPC_UNICODE_STRING), 

686 ('LogonCount', USHORT), 

687 ('BadPasswordCount', USHORT), 

688 ('UserId', ULONG), 

689 ('PrimaryGroupId', ULONG), 

690 ('GroupCount', ULONG), 

691 ('GroupIds', PGROUP_MEMBERSHIP_ARRAY), 

692 ('UserFlags', ULONG), 

693 ('UserSessionKey', USER_SESSION_KEY), 

694 ('LogonServer', RPC_UNICODE_STRING), 

695 ('LogonDomainName', RPC_UNICODE_STRING), 

696 ('LogonDomainId', PRPC_SID), 

697 ('ExpansionRoom', LONG_ARRAY), 

698 ) 

699 

700class PNETLOGON_VALIDATION_SAM_INFO(NDRPOINTER): 

701 referent = ( 

702 ('Data', NETLOGON_VALIDATION_SAM_INFO), 

703 ) 

704 

705# 2.2.1.4.12 NETLOGON_VALIDATION_SAM_INFO2 

706class NETLOGON_SID_AND_ATTRIBUTES_ARRAY(NDRUniConformantArray): 

707 item = NETLOGON_SID_AND_ATTRIBUTES 

708 

709class PNETLOGON_SID_AND_ATTRIBUTES_ARRAY(NDRPOINTER): 

710 referent = ( 

711 ('Data', NETLOGON_SID_AND_ATTRIBUTES_ARRAY), 

712 ) 

713 

714class NETLOGON_VALIDATION_SAM_INFO2(NDRSTRUCT): 

715 structure = ( 

716 ('LogonTime', OLD_LARGE_INTEGER), 

717 ('LogoffTime', OLD_LARGE_INTEGER), 

718 ('KickOffTime', OLD_LARGE_INTEGER), 

719 ('PasswordLastSet', OLD_LARGE_INTEGER), 

720 ('PasswordCanChange', OLD_LARGE_INTEGER), 

721 ('PasswordMustChange', OLD_LARGE_INTEGER), 

722 ('EffectiveName', RPC_UNICODE_STRING), 

723 ('FullName', RPC_UNICODE_STRING), 

724 ('LogonScript', RPC_UNICODE_STRING), 

725 ('ProfilePath', RPC_UNICODE_STRING), 

726 ('HomeDirectory', RPC_UNICODE_STRING), 

727 ('HomeDirectoryDrive', RPC_UNICODE_STRING), 

728 ('LogonCount', USHORT), 

729 ('BadPasswordCount', USHORT), 

730 ('UserId', ULONG), 

731 ('PrimaryGroupId', ULONG), 

732 ('GroupCount', ULONG), 

733 ('GroupIds', PGROUP_MEMBERSHIP_ARRAY), 

734 ('UserFlags', ULONG), 

735 ('UserSessionKey', USER_SESSION_KEY), 

736 ('LogonServer', RPC_UNICODE_STRING), 

737 ('LogonDomainName', RPC_UNICODE_STRING), 

738 ('LogonDomainId', PRPC_SID), 

739 ('ExpansionRoom', LONG_ARRAY), 

740 ('SidCount', ULONG), 

741 ('ExtraSids', PNETLOGON_SID_AND_ATTRIBUTES_ARRAY), 

742 ) 

743 

744class PNETLOGON_VALIDATION_SAM_INFO2(NDRPOINTER): 

745 referent = ( 

746 ('Data', NETLOGON_VALIDATION_SAM_INFO2), 

747 ) 

748 

749# 2.2.1.4.13 NETLOGON_VALIDATION_SAM_INFO4 

750class NETLOGON_VALIDATION_SAM_INFO4(NDRSTRUCT): 

751 structure = ( 

752 ('LogonTime', OLD_LARGE_INTEGER), 

753 ('LogoffTime', OLD_LARGE_INTEGER), 

754 ('KickOffTime', OLD_LARGE_INTEGER), 

755 ('PasswordLastSet', OLD_LARGE_INTEGER), 

756 ('PasswordCanChange', OLD_LARGE_INTEGER), 

757 ('PasswordMustChange', OLD_LARGE_INTEGER), 

758 ('EffectiveName', RPC_UNICODE_STRING), 

759 ('FullName', RPC_UNICODE_STRING), 

760 ('LogonScript', RPC_UNICODE_STRING), 

761 ('ProfilePath', RPC_UNICODE_STRING), 

762 ('HomeDirectory', RPC_UNICODE_STRING), 

763 ('HomeDirectoryDrive', RPC_UNICODE_STRING), 

764 ('LogonCount', USHORT), 

765 ('BadPasswordCount', USHORT), 

766 ('UserId', ULONG), 

767 ('PrimaryGroupId', ULONG), 

768 ('GroupCount', ULONG), 

769 ('GroupIds', PGROUP_MEMBERSHIP_ARRAY), 

770 ('UserFlags', ULONG), 

771 ('UserSessionKey', USER_SESSION_KEY), 

772 ('LogonServer', RPC_UNICODE_STRING), 

773 ('LogonDomainName', RPC_UNICODE_STRING), 

774 ('LogonDomainId', PRPC_SID), 

775 

776 ('LMKey', CHAR_FIXED_8_ARRAY), 

777 ('UserAccountControl', ULONG), 

778 ('SubAuthStatus', ULONG), 

779 ('LastSuccessfulILogon', OLD_LARGE_INTEGER), 

780 ('LastFailedILogon', OLD_LARGE_INTEGER), 

781 ('FailedILogonCount', ULONG), 

782 ('Reserved4', ULONG), 

783 

784 ('SidCount', ULONG), 

785 ('ExtraSids', PNETLOGON_SID_AND_ATTRIBUTES_ARRAY), 

786 ('DnsLogonDomainName', RPC_UNICODE_STRING), 

787 ('Upn', RPC_UNICODE_STRING), 

788 ('ExpansionString1', RPC_UNICODE_STRING), 

789 ('ExpansionString2', RPC_UNICODE_STRING), 

790 ('ExpansionString3', RPC_UNICODE_STRING), 

791 ('ExpansionString4', RPC_UNICODE_STRING), 

792 ('ExpansionString5', RPC_UNICODE_STRING), 

793 ('ExpansionString6', RPC_UNICODE_STRING), 

794 ('ExpansionString7', RPC_UNICODE_STRING), 

795 ('ExpansionString8', RPC_UNICODE_STRING), 

796 ('ExpansionString9', RPC_UNICODE_STRING), 

797 ('ExpansionString10', RPC_UNICODE_STRING), 

798 ) 

799 

800class PNETLOGON_VALIDATION_SAM_INFO4(NDRPOINTER): 

801 referent = ( 

802 ('Data', NETLOGON_VALIDATION_SAM_INFO4), 

803 ) 

804 

805# 2.2.1.4.17 NETLOGON_VALIDATION_INFO_CLASS 

806class NETLOGON_VALIDATION_INFO_CLASS(NDRENUM): 

807 class enumItems(Enum): 

808 NetlogonValidationUasInfo = 1 

809 NetlogonValidationSamInfo = 2 

810 NetlogonValidationSamInfo2 = 3 

811 NetlogonValidationGenericInfo = 4 

812 NetlogonValidationGenericInfo2 = 5 

813 NetlogonValidationSamInfo4 = 6 

814 

815# 2.2.1.4.14 NETLOGON_VALIDATION 

816class NETLOGON_VALIDATION(NDRUNION): 

817 union = { 

818 NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo : ('ValidationSam', PNETLOGON_VALIDATION_SAM_INFO), 

819 NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo2 : ('ValidationSam2', PNETLOGON_VALIDATION_SAM_INFO2), 

820 NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationGenericInfo2: ('ValidationGeneric2', PNETLOGON_VALIDATION_GENERIC_INFO2), 

821 NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo4 : ('ValidationSam4', PNETLOGON_VALIDATION_SAM_INFO4), 

822 } 

823 

824# 2.2.1.5.2 NLPR_QUOTA_LIMITS 

825class NLPR_QUOTA_LIMITS(NDRSTRUCT): 

826 structure = ( 

827 ('PagedPoolLimit', ULONG), 

828 ('NonPagedPoolLimit', ULONG), 

829 ('MinimumWorkingSetSize', ULONG), 

830 ('MaximumWorkingSetSize', ULONG), 

831 ('PagefileLimit', ULONG), 

832 ('Reserved', OLD_LARGE_INTEGER), 

833 ) 

834 

835# 2.2.1.5.3 NETLOGON_DELTA_ACCOUNTS 

836class ULONG_ARRAY(NDRUniConformantArray): 

837 item = ULONG 

838 

839class PULONG_ARRAY(NDRPOINTER): 

840 referent = ( 

841 ('Data', ULONG_ARRAY), 

842 ) 

843 

844class NETLOGON_DELTA_ACCOUNTS(NDRSTRUCT): 

845 structure = ( 

846 ('PrivilegeEntries', ULONG), 

847 ('PrivilegeControl', ULONG), 

848 ('PrivilegeAttributes', PULONG_ARRAY), 

849 ('PrivilegeNames', PRPC_UNICODE_STRING_ARRAY), 

850 ('QuotaLimits', NLPR_QUOTA_LIMITS), 

851 ('SystemAccessFlags', ULONG), 

852 ('SecurityInformation', SECURITY_INFORMATION), 

853 ('SecuritySize', ULONG), 

854 ('SecurityDescriptor', PUCHAR_ARRAY), 

855 ('DummyString1', RPC_UNICODE_STRING), 

856 ('DummyString2', RPC_UNICODE_STRING), 

857 ('DummyString3', RPC_UNICODE_STRING), 

858 ('DummyString4', RPC_UNICODE_STRING), 

859 ('DummyLong1', ULONG), 

860 ('DummyLong2', ULONG), 

861 ('DummyLong3', ULONG), 

862 ('DummyLong4', ULONG), 

863 ) 

864 

865class PNETLOGON_DELTA_ACCOUNTS(NDRPOINTER): 

866 referent = ( 

867 ('Data', NETLOGON_DELTA_ACCOUNTS), 

868 ) 

869 

870# 2.2.1.5.5 NLPR_SID_INFORMATION 

871class NLPR_SID_INFORMATION(NDRSTRUCT): 

872 structure = ( 

873 ('SidPointer', PRPC_SID), 

874 ) 

875 

876# 2.2.1.5.6 NLPR_SID_ARRAY 

877class NLPR_SID_INFORMATION_ARRAY(NDRUniConformantArray): 

878 item = NLPR_SID_INFORMATION 

879 

880class PNLPR_SID_INFORMATION_ARRAY(NDRPOINTER): 

881 referent = ( 

882 ('Data', NLPR_SID_INFORMATION_ARRAY), 

883 ) 

884 

885class NLPR_SID_ARRAY(NDRSTRUCT): 

886 referent = ( 

887 ('Count', ULONG), 

888 ('Sids', PNLPR_SID_INFORMATION_ARRAY), 

889 ) 

890 

891# 2.2.1.5.7 NETLOGON_DELTA_ALIAS_MEMBER 

892class NETLOGON_DELTA_ALIAS_MEMBER(NDRSTRUCT): 

893 structure = ( 

894 ('Members', NLPR_SID_ARRAY), 

895 ('DummyLong1', ULONG), 

896 ('DummyLong2', ULONG), 

897 ('DummyLong3', ULONG), 

898 ('DummyLong4', ULONG), 

899 ) 

900 

901class PNETLOGON_DELTA_ALIAS_MEMBER(NDRPOINTER): 

902 referent = ( 

903 ('Data', NETLOGON_DELTA_ALIAS_MEMBER), 

904 ) 

905 

906# 2.2.1.5.8 NETLOGON_DELTA_DELETE_GROUP 

907class NETLOGON_DELTA_DELETE_GROUP(NDRSTRUCT): 

908 structure = ( 

909 ('AccountName', LPWSTR), 

910 ('DummyString1', RPC_UNICODE_STRING), 

911 ('DummyString2', RPC_UNICODE_STRING), 

912 ('DummyString3', RPC_UNICODE_STRING), 

913 ('DummyString4', RPC_UNICODE_STRING), 

914 ('DummyLong1', ULONG), 

915 ('DummyLong2', ULONG), 

916 ('DummyLong3', ULONG), 

917 ('DummyLong4', ULONG), 

918 ) 

919 

920class PNETLOGON_DELTA_DELETE_GROUP(NDRPOINTER): 

921 referent = ( 

922 ('Data', NETLOGON_DELTA_DELETE_GROUP), 

923 ) 

924 

925# 2.2.1.5.9 NETLOGON_DELTA_DELETE_USER 

926class NETLOGON_DELTA_DELETE_USER(NDRSTRUCT): 

927 structure = ( 

928 ('AccountName', LPWSTR), 

929 ('DummyString1', RPC_UNICODE_STRING), 

930 ('DummyString2', RPC_UNICODE_STRING), 

931 ('DummyString3', RPC_UNICODE_STRING), 

932 ('DummyString4', RPC_UNICODE_STRING), 

933 ('DummyLong1', ULONG), 

934 ('DummyLong2', ULONG), 

935 ('DummyLong3', ULONG), 

936 ('DummyLong4', ULONG), 

937 ) 

938 

939class PNETLOGON_DELTA_DELETE_USER(NDRPOINTER): 

940 referent = ( 

941 ('Data', NETLOGON_DELTA_DELETE_USER), 

942 ) 

943 

944# 2.2.1.5.10 NETLOGON_DELTA_DOMAIN 

945class NETLOGON_DELTA_DOMAIN(NDRSTRUCT): 

946 structure = ( 

947 ('DomainName', RPC_UNICODE_STRING), 

948 ('OemInformation', RPC_UNICODE_STRING), 

949 ('ForceLogoff', OLD_LARGE_INTEGER), 

950 ('MinPasswordLength', USHORT), 

951 ('PasswordHistoryLength', USHORT), 

952 ('MaxPasswordAge', OLD_LARGE_INTEGER), 

953 ('MinPasswordAge', OLD_LARGE_INTEGER), 

954 ('DomainModifiedCount', OLD_LARGE_INTEGER), 

955 ('DomainCreationTime', OLD_LARGE_INTEGER), 

956 ('SecurityInformation', SECURITY_INFORMATION), 

957 ('SecuritySize', ULONG), 

958 ('SecurityDescriptor', PUCHAR_ARRAY), 

959 ('DomainLockoutInformation', RPC_UNICODE_STRING), 

960 ('DummyString2', RPC_UNICODE_STRING), 

961 ('DummyString3', RPC_UNICODE_STRING), 

962 ('DummyString4', RPC_UNICODE_STRING), 

963 ('PasswordProperties', ULONG), 

964 ('DummyLong2', ULONG), 

965 ('DummyLong3', ULONG), 

966 ('DummyLong4', ULONG), 

967 ) 

968 

969class PNETLOGON_DELTA_DOMAIN(NDRPOINTER): 

970 referent = ( 

971 ('Data', NETLOGON_DELTA_DOMAIN), 

972 ) 

973 

974# 2.2.1.5.13 NETLOGON_DELTA_GROUP 

975class NETLOGON_DELTA_GROUP(NDRSTRUCT): 

976 structure = ( 

977 ('Name', RPC_UNICODE_STRING), 

978 ('RelativeId', ULONG), 

979 ('Attributes', ULONG), 

980 ('AdminComment', RPC_UNICODE_STRING), 

981 ('SecurityInformation', USHORT), 

982 ('SecuritySize', ULONG), 

983 ('SecurityDescriptor', SECURITY_INFORMATION), 

984 ('DummyString1', RPC_UNICODE_STRING), 

985 ('DummyString2', RPC_UNICODE_STRING), 

986 ('DummyString3', RPC_UNICODE_STRING), 

987 ('DummyString4', RPC_UNICODE_STRING), 

988 ('DummyLong1', ULONG), 

989 ('DummyLong2', ULONG), 

990 ('DummyLong3', ULONG), 

991 ('DummyLong4', ULONG), 

992 ) 

993 

994class PNETLOGON_DELTA_GROUP(NDRPOINTER): 

995 referent = ( 

996 ('Data', NETLOGON_DELTA_GROUP), 

997 ) 

998 

999# 2.2.1.5.24 NETLOGON_RENAME_GROUP 

1000class NETLOGON_RENAME_GROUP(NDRSTRUCT): 

1001 structure = ( 

1002 ('OldName', RPC_UNICODE_STRING), 

1003 ('NewName', RPC_UNICODE_STRING), 

1004 ('DummyString1', RPC_UNICODE_STRING), 

1005 ('DummyString2', RPC_UNICODE_STRING), 

1006 ('DummyString3', RPC_UNICODE_STRING), 

1007 ('DummyString4', RPC_UNICODE_STRING), 

1008 ('DummyLong1', ULONG), 

1009 ('DummyLong2', ULONG), 

1010 ('DummyLong3', ULONG), 

1011 ('DummyLong4', ULONG), 

1012 ) 

1013 

1014class PNETLOGON_DELTA_RENAME_GROUP(NDRPOINTER): 

1015 referent = ( 

1016 ('Data', NETLOGON_RENAME_GROUP), 

1017 ) 

1018 

1019# 2.2.1.5.14 NLPR_LOGON_HOURS 

1020from impacket.dcerpc.v5.samr import SAMPR_LOGON_HOURS 

1021NLPR_LOGON_HOURS = SAMPR_LOGON_HOURS 

1022 

1023# 2.2.1.5.15 NLPR_USER_PRIVATE_INFO 

1024class NLPR_USER_PRIVATE_INFO(NDRSTRUCT): 

1025 structure = ( 

1026 ('SensitiveData', UCHAR), 

1027 ('DataLength', ULONG), 

1028 ('Data', PUCHAR_ARRAY), 

1029 ) 

1030 

1031# 2.2.1.5.16 NETLOGON_DELTA_USER 

1032class NETLOGON_DELTA_USER(NDRSTRUCT): 

1033 structure = ( 

1034 ('UserName', RPC_UNICODE_STRING), 

1035 ('FullName', RPC_UNICODE_STRING), 

1036 ('UserId', ULONG), 

1037 ('PrimaryGroupId', ULONG), 

1038 ('HomeDirectory', RPC_UNICODE_STRING), 

1039 ('HomeDirectoryDrive', RPC_UNICODE_STRING), 

1040 ('ScriptPath', RPC_UNICODE_STRING), 

1041 ('AdminComment', RPC_UNICODE_STRING), 

1042 ('WorkStations', RPC_UNICODE_STRING), 

1043 ('LastLogon', OLD_LARGE_INTEGER), 

1044 ('LastLogoff', OLD_LARGE_INTEGER), 

1045 ('LogonHours', NLPR_LOGON_HOURS), 

1046 ('BadPasswordCount', USHORT), 

1047 ('LogonCount', USHORT), 

1048 ('PasswordLastSet', OLD_LARGE_INTEGER), 

1049 ('AccountExpires', OLD_LARGE_INTEGER), 

1050 ('UserAccountControl', ULONG), 

1051 ('EncryptedNtOwfPassword', PUCHAR_ARRAY), 

1052 ('EncryptedLmOwfPassword', PUCHAR_ARRAY), 

1053 ('NtPasswordPresent', UCHAR), 

1054 ('LmPasswordPresent', UCHAR), 

1055 ('PasswordExpired', UCHAR), 

1056 ('UserComment', RPC_UNICODE_STRING), 

1057 ('Parameters', RPC_UNICODE_STRING), 

1058 ('CountryCode', USHORT), 

1059 ('CodePage', USHORT), 

1060 ('PrivateData', NLPR_USER_PRIVATE_INFO), 

1061 ('SecurityInformation', SECURITY_INFORMATION), 

1062 ('SecuritySize', ULONG), 

1063 ('SecurityDescriptor', PUCHAR_ARRAY), 

1064 ('ProfilePath', RPC_UNICODE_STRING), 

1065 ('DummyString2', RPC_UNICODE_STRING), 

1066 ('DummyString3', RPC_UNICODE_STRING), 

1067 ('DummyString4', RPC_UNICODE_STRING), 

1068 ('DummyLong1', ULONG), 

1069 ('DummyLong2', ULONG), 

1070 ('DummyLong3', ULONG), 

1071 ('DummyLong4', ULONG), 

1072 ) 

1073 

1074class PNETLOGON_DELTA_USER(NDRPOINTER): 

1075 referent = ( 

1076 ('Data', NETLOGON_DELTA_USER), 

1077 ) 

1078 

1079# 2.2.1.5.25 NETLOGON_RENAME_USER 

1080class NETLOGON_RENAME_USER(NDRSTRUCT): 

1081 structure = ( 

1082 ('OldName', RPC_UNICODE_STRING), 

1083 ('NewName', RPC_UNICODE_STRING), 

1084 ('DummyString1', RPC_UNICODE_STRING), 

1085 ('DummyString2', RPC_UNICODE_STRING), 

1086 ('DummyString3', RPC_UNICODE_STRING), 

1087 ('DummyString4', RPC_UNICODE_STRING), 

1088 ('DummyLong1', ULONG), 

1089 ('DummyLong2', ULONG), 

1090 ('DummyLong3', ULONG), 

1091 ('DummyLong4', ULONG), 

1092 ) 

1093 

1094class PNETLOGON_DELTA_RENAME_USER(NDRPOINTER): 

1095 referent = ( 

1096 ('Data', NETLOGON_RENAME_USER), 

1097 ) 

1098 

1099# 2.2.1.5.17 NETLOGON_DELTA_GROUP_MEMBER 

1100class NETLOGON_DELTA_GROUP_MEMBER(NDRSTRUCT): 

1101 structure = ( 

1102 ('Members', PULONG_ARRAY), 

1103 ('Attributes', PULONG_ARRAY), 

1104 ('MemberCount', ULONG), 

1105 ('DummyLong1', ULONG), 

1106 ('DummyLong2', ULONG), 

1107 ('DummyLong3', ULONG), 

1108 ('DummyLong4', ULONG), 

1109 ) 

1110 

1111class PNETLOGON_DELTA_GROUP_MEMBER(NDRPOINTER): 

1112 referent = ( 

1113 ('Data', NETLOGON_DELTA_GROUP_MEMBER), 

1114 ) 

1115 

1116# 2.2.1.5.4 NETLOGON_DELTA_ALIAS 

1117class NETLOGON_DELTA_ALIAS(NDRSTRUCT): 

1118 structure = ( 

1119 ('Name', RPC_UNICODE_STRING), 

1120 ('RelativeId', ULONG), 

1121 ('SecurityInformation', SECURITY_INFORMATION), 

1122 ('SecuritySize', ULONG), 

1123 ('SecurityDescriptor', PUCHAR_ARRAY), 

1124 ('Comment', RPC_UNICODE_STRING), 

1125 ('DummyString2', RPC_UNICODE_STRING), 

1126 ('DummyString3', RPC_UNICODE_STRING), 

1127 ('DummyString4', RPC_UNICODE_STRING), 

1128 ('DummyLong1', ULONG), 

1129 ('DummyLong2', ULONG), 

1130 ('DummyLong3', ULONG), 

1131 ('DummyLong4', ULONG), 

1132 ) 

1133 

1134class PNETLOGON_DELTA_ALIAS(NDRPOINTER): 

1135 referent = ( 

1136 ('Data', NETLOGON_DELTA_ALIAS), 

1137 ) 

1138 

1139# 2.2.1.5.23 NETLOGON_RENAME_ALIAS 

1140class NETLOGON_RENAME_ALIAS(NDRSTRUCT): 

1141 structure = ( 

1142 ('OldName', RPC_UNICODE_STRING), 

1143 ('NewName', RPC_UNICODE_STRING), 

1144 ('DummyString1', RPC_UNICODE_STRING), 

1145 ('DummyString2', RPC_UNICODE_STRING), 

1146 ('DummyString3', RPC_UNICODE_STRING), 

1147 ('DummyString4', RPC_UNICODE_STRING), 

1148 ('DummyLong1', ULONG), 

1149 ('DummyLong2', ULONG), 

1150 ('DummyLong3', ULONG), 

1151 ('DummyLong4', ULONG), 

1152 ) 

1153 

1154class PNETLOGON_DELTA_RENAME_ALIAS(NDRPOINTER): 

1155 referent = ( 

1156 ('Data', NETLOGON_RENAME_ALIAS), 

1157 ) 

1158 

1159# 2.2.1.5.19 NETLOGON_DELTA_POLICY 

1160class NETLOGON_DELTA_POLICY(NDRSTRUCT): 

1161 structure = ( 

1162 ('MaximumLogSize', ULONG), 

1163 ('AuditRetentionPeriod', OLD_LARGE_INTEGER), 

1164 ('AuditingMode', UCHAR), 

1165 ('MaximumAuditEventCount', ULONG), 

1166 ('EventAuditingOptions', PULONG_ARRAY), 

1167 ('PrimaryDomainName', RPC_UNICODE_STRING), 

1168 ('PrimaryDomainSid', PRPC_SID), 

1169 ('QuotaLimits', NLPR_QUOTA_LIMITS), 

1170 ('ModifiedId', OLD_LARGE_INTEGER), 

1171 ('DatabaseCreationTime', OLD_LARGE_INTEGER), 

1172 ('SecurityInformation', SECURITY_INFORMATION), 

1173 ('SecuritySize', ULONG), 

1174 ('SecurityDescriptor', PUCHAR_ARRAY), 

1175 ('DummyString1', RPC_UNICODE_STRING), 

1176 ('DummyString2', RPC_UNICODE_STRING), 

1177 ('DummyString3', RPC_UNICODE_STRING), 

1178 ('DummyString4', RPC_UNICODE_STRING), 

1179 ('DummyLong1', ULONG), 

1180 ('DummyLong2', ULONG), 

1181 ('DummyLong3', ULONG), 

1182 ('DummyLong4', ULONG), 

1183 ) 

1184 

1185class PNETLOGON_DELTA_POLICY(NDRPOINTER): 

1186 referent = ( 

1187 ('Data', NETLOGON_DELTA_POLICY), 

1188 ) 

1189 

1190# 2.2.1.5.22 NETLOGON_DELTA_TRUSTED_DOMAINS 

1191class NETLOGON_DELTA_TRUSTED_DOMAINS(NDRSTRUCT): 

1192 structure = ( 

1193 ('DomainName', RPC_UNICODE_STRING), 

1194 ('NumControllerEntries', ULONG), 

1195 ('ControllerNames', PRPC_UNICODE_STRING_ARRAY), 

1196 ('SecurityInformation', SECURITY_INFORMATION), 

1197 ('SecuritySize', ULONG), 

1198 ('SecurityDescriptor', PUCHAR_ARRAY), 

1199 ('DummyString1', RPC_UNICODE_STRING), 

1200 ('DummyString2', RPC_UNICODE_STRING), 

1201 ('DummyString3', RPC_UNICODE_STRING), 

1202 ('DummyString4', RPC_UNICODE_STRING), 

1203 ('DummyLong1', ULONG), 

1204 ('DummyLong2', ULONG), 

1205 ('DummyLong3', ULONG), 

1206 ('DummyLong4', ULONG), 

1207 ) 

1208 

1209class PNETLOGON_DELTA_TRUSTED_DOMAINS(NDRPOINTER): 

1210 referent = ( 

1211 ('Data', NETLOGON_DELTA_TRUSTED_DOMAINS), 

1212 ) 

1213 

1214# 2.2.1.5.20 NLPR_CR_CIPHER_VALUE 

1215class UCHAR_ARRAY2(NDRUniConformantVaryingArray): 

1216 item = UCHAR 

1217 

1218class PUCHAR_ARRAY2(NDRPOINTER): 

1219 referent = ( 

1220 ('Data', UCHAR_ARRAY2), 

1221 ) 

1222 

1223class NLPR_CR_CIPHER_VALUE(NDRSTRUCT): 

1224 structure = ( 

1225 ('Length', ULONG), 

1226 ('MaximumLength', ULONG), 

1227 ('Buffer', PUCHAR_ARRAY2), 

1228 ) 

1229 

1230# 2.2.1.5.21 NETLOGON_DELTA_SECRET 

1231class NETLOGON_DELTA_SECRET(NDRSTRUCT): 

1232 structure = ( 

1233 ('CurrentValue', NLPR_CR_CIPHER_VALUE), 

1234 ('CurrentValueSetTime', OLD_LARGE_INTEGER), 

1235 ('OldValue', NLPR_CR_CIPHER_VALUE), 

1236 ('OldValueSetTime', OLD_LARGE_INTEGER), 

1237 ('SecurityInformation', SECURITY_INFORMATION), 

1238 ('SecuritySize', ULONG), 

1239 ('SecurityDescriptor', PUCHAR_ARRAY), 

1240 ('DummyString1', RPC_UNICODE_STRING), 

1241 ('DummyString2', RPC_UNICODE_STRING), 

1242 ('DummyString3', RPC_UNICODE_STRING), 

1243 ('DummyString4', RPC_UNICODE_STRING), 

1244 ('DummyLong1', ULONG), 

1245 ('DummyLong2', ULONG), 

1246 ('DummyLong3', ULONG), 

1247 ('DummyLong4', ULONG), 

1248 ) 

1249 

1250class PNETLOGON_DELTA_SECRET(NDRPOINTER): 

1251 referent = ( 

1252 ('Data', NETLOGON_DELTA_SECRET), 

1253 ) 

1254 

1255# 2.2.1.5.26 NLPR_MODIFIED_COUNT 

1256class NLPR_MODIFIED_COUNT(NDRSTRUCT): 

1257 structure = ( 

1258 ('ModifiedCount', OLD_LARGE_INTEGER), 

1259 ) 

1260 

1261class PNLPR_MODIFIED_COUNT(NDRPOINTER): 

1262 referent = ( 

1263 ('Data', NLPR_MODIFIED_COUNT), 

1264 ) 

1265 

1266# 2.2.1.5.28 NETLOGON_DELTA_TYPE 

1267class NETLOGON_DELTA_TYPE(NDRENUM): 

1268 class enumItems(Enum): 

1269 AddOrChangeDomain = 1 

1270 AddOrChangeGroup = 2 

1271 DeleteGroup = 3 

1272 RenameGroup = 4 

1273 AddOrChangeUser = 5 

1274 DeleteUser = 6 

1275 RenameUser = 7 

1276 ChangeGroupMembership = 8 

1277 AddOrChangeAlias = 9 

1278 DeleteAlias = 10 

1279 RenameAlias = 11 

1280 ChangeAliasMembership = 12 

1281 AddOrChangeLsaPolicy = 13 

1282 AddOrChangeLsaTDomain = 14 

1283 DeleteLsaTDomain = 15 

1284 AddOrChangeLsaAccount = 16 

1285 DeleteLsaAccount = 17 

1286 AddOrChangeLsaSecret = 18 

1287 DeleteLsaSecret = 19 

1288 DeleteGroupByName = 20 

1289 DeleteUserByName = 21 

1290 SerialNumberSkip = 22 

1291 

1292# 2.2.1.5.27 NETLOGON_DELTA_UNION 

1293class NETLOGON_DELTA_UNION(NDRUNION): 

1294 union = { 

1295 NETLOGON_DELTA_TYPE.AddOrChangeDomain : ('DeltaDomain', PNETLOGON_DELTA_DOMAIN), 

1296 NETLOGON_DELTA_TYPE.AddOrChangeGroup : ('DeltaGroup', PNETLOGON_DELTA_GROUP), 

1297 NETLOGON_DELTA_TYPE.RenameGroup : ('DeltaRenameGroup', PNETLOGON_DELTA_RENAME_GROUP), 

1298 NETLOGON_DELTA_TYPE.AddOrChangeUser : ('DeltaUser', PNETLOGON_DELTA_USER), 

1299 NETLOGON_DELTA_TYPE.RenameUser : ('DeltaRenameUser', PNETLOGON_DELTA_RENAME_USER), 

1300 NETLOGON_DELTA_TYPE.ChangeGroupMembership : ('DeltaGroupMember', PNETLOGON_DELTA_GROUP_MEMBER), 

1301 NETLOGON_DELTA_TYPE.AddOrChangeAlias : ('DeltaAlias', PNETLOGON_DELTA_ALIAS), 

1302 NETLOGON_DELTA_TYPE.RenameAlias : ('DeltaRenameAlias', PNETLOGON_DELTA_RENAME_ALIAS), 

1303 NETLOGON_DELTA_TYPE.ChangeAliasMembership : ('DeltaAliasMember', PNETLOGON_DELTA_ALIAS_MEMBER), 

1304 NETLOGON_DELTA_TYPE.AddOrChangeLsaPolicy : ('DeltaPolicy', PNETLOGON_DELTA_POLICY), 

1305 NETLOGON_DELTA_TYPE.AddOrChangeLsaTDomain : ('DeltaTDomains', PNETLOGON_DELTA_TRUSTED_DOMAINS), 

1306 NETLOGON_DELTA_TYPE.AddOrChangeLsaAccount : ('DeltaAccounts', PNETLOGON_DELTA_ACCOUNTS), 

1307 NETLOGON_DELTA_TYPE.AddOrChangeLsaSecret : ('DeltaSecret', PNETLOGON_DELTA_SECRET), 

1308 NETLOGON_DELTA_TYPE.DeleteGroupByName : ('DeltaDeleteGroup', PNETLOGON_DELTA_DELETE_GROUP), 

1309 NETLOGON_DELTA_TYPE.DeleteUserByName : ('DeltaDeleteUser', PNETLOGON_DELTA_DELETE_USER), 

1310 NETLOGON_DELTA_TYPE.SerialNumberSkip : ('DeltaSerialNumberSkip', PNLPR_MODIFIED_COUNT), 

1311 } 

1312 

1313# 2.2.1.5.18 NETLOGON_DELTA_ID_UNION 

1314class NETLOGON_DELTA_ID_UNION(NDRUNION): 

1315 union = { 

1316 NETLOGON_DELTA_TYPE.AddOrChangeDomain : ('Rid', ULONG), 

1317 NETLOGON_DELTA_TYPE.AddOrChangeGroup : ('Rid', ULONG), 

1318 NETLOGON_DELTA_TYPE.DeleteGroup : ('Rid', ULONG), 

1319 NETLOGON_DELTA_TYPE.RenameGroup : ('Rid', ULONG), 

1320 NETLOGON_DELTA_TYPE.AddOrChangeUser : ('Rid', ULONG), 

1321 NETLOGON_DELTA_TYPE.DeleteUser : ('Rid', ULONG), 

1322 NETLOGON_DELTA_TYPE.RenameUser : ('Rid', ULONG), 

1323 NETLOGON_DELTA_TYPE.ChangeGroupMembership : ('Rid', ULONG), 

1324 NETLOGON_DELTA_TYPE.AddOrChangeAlias : ('Rid', ULONG), 

1325 NETLOGON_DELTA_TYPE.DeleteAlias : ('Rid', ULONG), 

1326 NETLOGON_DELTA_TYPE.RenameAlias : ('Rid', ULONG), 

1327 NETLOGON_DELTA_TYPE.ChangeAliasMembership : ('Rid', ULONG), 

1328 NETLOGON_DELTA_TYPE.DeleteGroupByName : ('Rid', ULONG), 

1329 NETLOGON_DELTA_TYPE.DeleteUserByName : ('Rid', ULONG), 

1330 NETLOGON_DELTA_TYPE.AddOrChangeLsaPolicy : ('Sid', PRPC_SID), 

1331 NETLOGON_DELTA_TYPE.AddOrChangeLsaTDomain : ('Sid', PRPC_SID), 

1332 NETLOGON_DELTA_TYPE.DeleteLsaTDomain : ('Sid', PRPC_SID), 

1333 NETLOGON_DELTA_TYPE.AddOrChangeLsaAccount : ('Sid', PRPC_SID), 

1334 NETLOGON_DELTA_TYPE.DeleteLsaAccount : ('Sid', PRPC_SID), 

1335 NETLOGON_DELTA_TYPE.AddOrChangeLsaSecret : ('Name', LPWSTR), 

1336 NETLOGON_DELTA_TYPE.DeleteLsaSecret : ('Name', LPWSTR), 

1337 } 

1338 

1339# 2.2.1.5.11 NETLOGON_DELTA_ENUM 

1340class NETLOGON_DELTA_ENUM(NDRSTRUCT): 

1341 structure = ( 

1342 ('DeltaType', NETLOGON_DELTA_TYPE), 

1343 ('DeltaID', NETLOGON_DELTA_ID_UNION), 

1344 ('DeltaUnion', NETLOGON_DELTA_UNION), 

1345 ) 

1346 

1347# 2.2.1.5.12 NETLOGON_DELTA_ENUM_ARRAY 

1348class NETLOGON_DELTA_ENUM_ARRAY_ARRAY(NDRUniConformantArray): 

1349 item = NETLOGON_DELTA_ENUM 

1350 

1351class PNETLOGON_DELTA_ENUM_ARRAY_ARRAY(NDRSTRUCT): 

1352 referent = ( 

1353 ('Data', NETLOGON_DELTA_ENUM_ARRAY_ARRAY), 

1354 ) 

1355 

1356class PNETLOGON_DELTA_ENUM_ARRAY(NDRPOINTER): 

1357 structure = ( 

1358 ('CountReturned', DWORD), 

1359 ('Deltas', PNETLOGON_DELTA_ENUM_ARRAY_ARRAY), 

1360 ) 

1361 

1362# 2.2.1.5.29 SYNC_STATE 

1363class SYNC_STATE(NDRENUM): 

1364 class enumItems(Enum): 

1365 NormalState = 0 

1366 DomainState = 1 

1367 GroupState = 2 

1368 UasBuiltInGroupState = 3 

1369 UserState = 4 

1370 GroupMemberState = 5 

1371 AliasState = 6 

1372 AliasMemberState = 7 

1373 SamDoneState = 8 

1374 

1375# 2.2.1.6.1 DOMAIN_NAME_BUFFER 

1376class DOMAIN_NAME_BUFFER(NDRSTRUCT): 

1377 structure = ( 

1378 ('DomainNameByteCount', ULONG), 

1379 ('DomainNames', PUCHAR_ARRAY), 

1380 ) 

1381 

1382# 2.2.1.6.2 DS_DOMAIN_TRUSTSW 

1383class DS_DOMAIN_TRUSTSW(NDRSTRUCT): 

1384 structure = ( 

1385 ('NetbiosDomainName', LPWSTR), 

1386 ('DnsDomainName', LPWSTR), 

1387 ('Flags', ULONG), 

1388 ('ParentIndex', ULONG), 

1389 ('TrustType', ULONG), 

1390 ('TrustAttributes', ULONG), 

1391 ('DomainSid', PRPC_SID), 

1392 ('DomainGuid', GUID), 

1393 ) 

1394 

1395# 2.2.1.6.3 NETLOGON_TRUSTED_DOMAIN_ARRAY 

1396class DS_DOMAIN_TRUSTSW_ARRAY(NDRUniConformantArray): 

1397 item = DS_DOMAIN_TRUSTSW 

1398 

1399class PDS_DOMAIN_TRUSTSW_ARRAY(NDRPOINTER): 

1400 referent = ( 

1401 ('Data', DS_DOMAIN_TRUSTSW_ARRAY), 

1402 ) 

1403 

1404class NETLOGON_TRUSTED_DOMAIN_ARRAY(NDRSTRUCT): 

1405 structure = ( 

1406 ('DomainCount', DWORD), 

1407 ('Domains', PDS_DOMAIN_TRUSTSW_ARRAY), 

1408 ) 

1409 

1410# 2.2.1.6.4 NL_GENERIC_RPC_DATA 

1411class NL_GENERIC_RPC_DATA(NDRSTRUCT): 

1412 structure = ( 

1413 ('UlongEntryCount', ULONG), 

1414 ('UlongData', PULONG_ARRAY), 

1415 ('UnicodeStringEntryCount', ULONG), 

1416 ('UnicodeStringData', PRPC_UNICODE_STRING_ARRAY), 

1417 ) 

1418 

1419class PNL_GENERIC_RPC_DATA(NDRPOINTER): 

1420 referent = ( 

1421 ('Data', NL_GENERIC_RPC_DATA), 

1422 ) 

1423 

1424# 2.2.1.7.1 NETLOGON_CONTROL_DATA_INFORMATION 

1425class NETLOGON_CONTROL_DATA_INFORMATION(NDRUNION): 

1426 commonHdr = ( 

1427 ('tag', DWORD), 

1428 ) 

1429 

1430 union = { 

1431 5 : ('TrustedDomainName', LPWSTR), 

1432 6 : ('TrustedDomainName', LPWSTR), 

1433 9 : ('TrustedDomainName', LPWSTR), 

1434 10 : ('TrustedDomainName', LPWSTR), 

1435 65534 : ('DebugFlag', DWORD), 

1436 8: ('UserName', LPWSTR), 

1437 } 

1438 

1439# 2.2.1.7.2 NETLOGON_INFO_1 

1440class NETLOGON_INFO_1(NDRSTRUCT): 

1441 structure = ( 

1442 ('netlog1_flags', DWORD), 

1443 ('netlog1_pdc_connection_status', NET_API_STATUS), 

1444 ) 

1445 

1446class PNETLOGON_INFO_1(NDRPOINTER): 

1447 referent = ( 

1448 ('Data', NETLOGON_INFO_1), 

1449 ) 

1450 

1451# 2.2.1.7.3 NETLOGON_INFO_2 

1452class NETLOGON_INFO_2(NDRSTRUCT): 

1453 structure = ( 

1454 ('netlog2_flags', DWORD), 

1455 ('netlog2_pdc_connection_status', NET_API_STATUS), 

1456 ('netlog2_trusted_dc_name', LPWSTR), 

1457 ('netlog2_tc_connection_status', NET_API_STATUS), 

1458 ) 

1459 

1460class PNETLOGON_INFO_2(NDRPOINTER): 

1461 referent = ( 

1462 ('Data', NETLOGON_INFO_2), 

1463 ) 

1464 

1465# 2.2.1.7.4 NETLOGON_INFO_3 

1466class NETLOGON_INFO_3(NDRSTRUCT): 

1467 structure = ( 

1468 ('netlog3_flags', DWORD), 

1469 ('netlog3_logon_attempts', DWORD), 

1470 ('netlog3_reserved1', DWORD), 

1471 ('netlog3_reserved2', DWORD), 

1472 ('netlog3_reserved3', DWORD), 

1473 ('netlog3_reserved4', DWORD), 

1474 ('netlog3_reserved5', DWORD), 

1475 ) 

1476 

1477class PNETLOGON_INFO_3(NDRPOINTER): 

1478 referent = ( 

1479 ('Data', NETLOGON_INFO_3), 

1480 ) 

1481 

1482# 2.2.1.7.5 NETLOGON_INFO_4 

1483class NETLOGON_INFO_4(NDRSTRUCT): 

1484 structure = ( 

1485 ('netlog4_trusted_dc_name', LPWSTR), 

1486 ('netlog4_trusted_domain_name', LPWSTR), 

1487 ) 

1488 

1489class PNETLOGON_INFO_4(NDRPOINTER): 

1490 referent = ( 

1491 ('Data', NETLOGON_INFO_4), 

1492 ) 

1493 

1494# 2.2.1.7.6 NETLOGON_CONTROL_QUERY_INFORMATION 

1495class NETLOGON_CONTROL_QUERY_INFORMATION(NDRUNION): 

1496 commonHdr = ( 

1497 ('tag', DWORD), 

1498 ) 

1499 

1500 union = { 

1501 1 : ('NetlogonInfo1', PNETLOGON_INFO_1), 

1502 2 : ('NetlogonInfo2', PNETLOGON_INFO_2), 

1503 3 : ('NetlogonInfo3', PNETLOGON_INFO_3), 

1504 4 : ('NetlogonInfo4', PNETLOGON_INFO_4), 

1505 } 

1506 

1507# 2.2.1.8.1 NETLOGON_VALIDATION_UAS_INFO 

1508class NETLOGON_VALIDATION_UAS_INFO(NDRSTRUCT): 

1509 structure = ( 

1510 ('usrlog1_eff_name', DWORD), 

1511 ('usrlog1_priv', DWORD), 

1512 ('usrlog1_auth_flags', DWORD), 

1513 ('usrlog1_num_logons', DWORD), 

1514 ('usrlog1_bad_pw_count', DWORD), 

1515 ('usrlog1_last_logon', DWORD), 

1516 ('usrlog1_last_logoff', DWORD), 

1517 ('usrlog1_logoff_time', DWORD), 

1518 ('usrlog1_kickoff_time', DWORD), 

1519 ('usrlog1_password_age', DWORD), 

1520 ('usrlog1_pw_can_change', DWORD), 

1521 ('usrlog1_pw_must_change', DWORD), 

1522 ('usrlog1_computer', LPWSTR), 

1523 ('usrlog1_domain', LPWSTR), 

1524 ('usrlog1_script_path', LPWSTR), 

1525 ('usrlog1_reserved1', DWORD), 

1526 ) 

1527 

1528class PNETLOGON_VALIDATION_UAS_INFO(NDRPOINTER): 

1529 referent = ( 

1530 ('Data', NETLOGON_VALIDATION_UAS_INFO), 

1531 ) 

1532 

1533# 2.2.1.8.2 NETLOGON_LOGOFF_UAS_INFO 

1534class NETLOGON_LOGOFF_UAS_INFO(NDRSTRUCT): 

1535 structure = ( 

1536 ('Duration', DWORD), 

1537 ('LogonCount', USHORT), 

1538 ) 

1539 

1540# 2.2.1.8.3 UAS_INFO_0 

1541class UAS_INFO_0(NDRSTRUCT): 

1542 structure = ( 

1543 ('ComputerName', '16s=""'), 

1544 ('TimeCreated', ULONG), 

1545 ('SerialNumber', ULONG), 

1546 ) 

1547 def getAlignment(self): 

1548 return 4 

1549 

1550# 2.2.1.8.4 NETLOGON_DUMMY1 

1551class NETLOGON_DUMMY1(NDRUNION): 

1552 commonHdr = ( 

1553 ('tag', DWORD), 

1554 ) 

1555 

1556 union = { 

1557 1 : ('Dummy', ULONG), 

1558 } 

1559 

1560# 3.5.4.8.2 NetrLogonComputeServerDigest (Opnum 24) 

1561class CHAR_FIXED_16_ARRAY(NDRUniFixedArray): 

1562 def getDataLen(self, data, offset=0): 

1563 return 16 

1564 

1565 

1566################################################################################ 

1567# SSPI 

1568################################################################################ 

1569# Constants 

1570NL_AUTH_MESSAGE_NETBIOS_DOMAIN = 0x1 

1571NL_AUTH_MESSAGE_NETBIOS_HOST = 0x2 

1572NL_AUTH_MESSAGE_DNS_DOMAIN = 0x4 

1573NL_AUTH_MESSAGE_DNS_HOST = 0x8 

1574NL_AUTH_MESSAGE_NETBIOS_HOST_UTF8 = 0x10 

1575 

1576NL_AUTH_MESSAGE_REQUEST = 0x0 

1577NL_AUTH_MESSAGE_RESPONSE = 0x1 

1578 

1579NL_SIGNATURE_HMAC_MD5 = 0x77 

1580NL_SIGNATURE_HMAC_SHA256 = 0x13 

1581NL_SEAL_NOT_ENCRYPTED = 0xffff 

1582NL_SEAL_RC4 = 0x7A 

1583NL_SEAL_AES128 = 0x1A 

1584 

1585# Structures 

1586class NL_AUTH_MESSAGE(Structure): 

1587 structure = ( 

1588 ('MessageType','<L=0'), 

1589 ('Flags','<L=0'), 

1590 ('Buffer',':'), 

1591 ) 

1592 def __init__(self, data = None, alignment = 0): 

1593 Structure.__init__(self, data, alignment) 

1594 if data is None: 

1595 self['Buffer'] = b'\x00'*4 

1596 

1597class NL_AUTH_SIGNATURE(Structure): 

1598 structure = ( 

1599 ('SignatureAlgorithm','<H=0'), 

1600 ('SealAlgorithm','<H=0'), 

1601 ('Pad','<H=0xffff'), 

1602 ('Flags','<H=0'), 

1603 ('SequenceNumber','8s=""'), 

1604 ('Checksum','8s=""'), 

1605 ('_Confounder','_-Confounder','8'), 

1606 ('Confounder',':'), 

1607 ) 

1608 def __init__(self, data = None, alignment = 0): 

1609 Structure.__init__(self, data, alignment) 

1610 if data is None: 

1611 self['Confounder'] = '' 

1612 

1613class NL_AUTH_SHA2_SIGNATURE(Structure): 

1614 structure = ( 

1615 ('SignatureAlgorithm','<H=0'), 

1616 ('SealAlgorithm','<H=0'), 

1617 ('Pad','<H=0xffff'), 

1618 ('Flags','<H=0'), 

1619 ('SequenceNumber','8s=""'), 

1620 ('Checksum','32s=""'), 

1621 ('_Confounder','_-Confounder','8'), 

1622 ('Confounder',':'), 

1623 ) 

1624 def __init__(self, data = None, alignment = 0): 

1625 Structure.__init__(self, data, alignment) 

1626 if data is None: 

1627 self['Confounder'] = '' 

1628 

1629# Section 3.1.4.4.2 

1630def ComputeNetlogonCredential(inputData, Sk): 

1631 k1 = Sk[:7] 

1632 k3 = crypto.transformKey(k1) 

1633 k2 = Sk[7:14] 

1634 k4 = crypto.transformKey(k2) 

1635 Crypt1 = DES.new(k3, DES.MODE_ECB) 

1636 Crypt2 = DES.new(k4, DES.MODE_ECB) 

1637 cipherText = Crypt1.encrypt(inputData) 

1638 return Crypt2.encrypt(cipherText) 

1639 

1640# Section 3.1.4.4.1 

1641def ComputeNetlogonCredentialAES(inputData, Sk): 

1642 IV=b'\x00'*16 

1643 Crypt1 = AES.new(Sk, AES.MODE_CFB, IV) 

1644 return Crypt1.encrypt(inputData) 

1645 

1646# Section 3.1.4.3.1 

1647def ComputeSessionKeyAES(sharedSecret, clientChallenge, serverChallenge, sharedSecretHash = None): 

1648 # added the ability to receive hashes already 

1649 if sharedSecretHash is None: 

1650 M4SS = ntlm.NTOWFv1(sharedSecret) 

1651 else: 

1652 M4SS = sharedSecretHash 

1653 

1654 hm = hmac.new(key=M4SS, digestmod=hashlib.sha256) 

1655 hm.update(clientChallenge) 

1656 hm.update(serverChallenge) 

1657 sessionKey = hm.digest() 

1658 

1659 return sessionKey[:16] 

1660 

1661# 3.1.4.3.2 Strong-key Session-Key 

1662def ComputeSessionKeyStrongKey(sharedSecret, clientChallenge, serverChallenge, sharedSecretHash = None): 

1663 # added the ability to receive hashes already 

1664 

1665 if sharedSecretHash is None: 1665 ↛ 1666line 1665 didn't jump to line 1666, because the condition on line 1665 was never true

1666 M4SS = ntlm.NTOWFv1(sharedSecret) 

1667 else: 

1668 M4SS = sharedSecretHash 

1669 

1670 md5 = hashlib.new('md5') 

1671 md5.update(b'\x00'*4) 

1672 md5.update(clientChallenge) 

1673 md5.update(serverChallenge) 

1674 finalMD5 = md5.digest() 

1675 hm = hmac.new(M4SS, digestmod=hashlib.md5) 

1676 hm.update(finalMD5) 

1677 return hm.digest() 

1678 

1679def deriveSequenceNumber(sequenceNum): 

1680 sequenceLow = sequenceNum & 0xffffffff 

1681 sequenceHigh = (sequenceNum >> 32) & 0xffffffff 

1682 sequenceHigh |= 0x80000000 

1683 

1684 res = pack('>L', sequenceLow) 

1685 res += pack('>L', sequenceHigh) 

1686 return res 

1687 

1688def ComputeNetlogonSignatureAES(authSignature, message, confounder, sessionKey): 

1689 # [MS-NRPC] Section 3.3.4.2.1, point 7 

1690 hm = hmac.new(key=sessionKey, digestmod=hashlib.sha256) 

1691 hm.update(authSignature.getData()[:8]) 

1692 # If no confidentiality requested, it should be '' 

1693 hm.update(confounder) 

1694 hm.update(bytes(message)) 

1695 return hm.digest()[:8]+'\x00'*24 

1696 

1697def ComputeNetlogonSignatureMD5(authSignature, message, confounder, sessionKey): 

1698 # [MS-NRPC] Section 3.3.4.2.1, point 7 

1699 md5 = hashlib.new('md5') 

1700 md5.update(b'\x00'*4) 

1701 md5.update(authSignature.getData()[:8]) 

1702 # If no confidentiality requested, it should be '' 

1703 md5.update(confounder) 

1704 md5.update(bytes(message)) 

1705 finalMD5 = md5.digest() 

1706 hm = hmac.new(sessionKey, digestmod=hashlib.md5) 

1707 hm.update(finalMD5) 

1708 return hm.digest()[:8] 

1709 

1710def encryptSequenceNumberRC4(sequenceNum, checkSum, sessionKey): 

1711 # [MS-NRPC] Section 3.3.4.2.1, point 9 

1712 

1713 hm = hmac.new(sessionKey, digestmod=hashlib.md5) 

1714 hm.update(b'\x00'*4) 

1715 hm2 = hmac.new(hm.digest(), digestmod=hashlib.md5) 

1716 hm2.update(checkSum) 

1717 encryptionKey = hm2.digest() 

1718 

1719 cipher = ARC4.new(encryptionKey) 

1720 return cipher.encrypt(sequenceNum) 

1721 

1722def decryptSequenceNumberRC4(sequenceNum, checkSum, sessionKey): 

1723 # [MS-NRPC] Section 3.3.4.2.2, point 5 

1724 

1725 return encryptSequenceNumberRC4(sequenceNum, checkSum, sessionKey) 

1726 

1727def encryptSequenceNumberAES(sequenceNum, checkSum, sessionKey): 

1728 # [MS-NRPC] Section 3.3.4.2.1, point 9 

1729 IV = checkSum[:8] + checkSum[:8] 

1730 Cipher = AES.new(sessionKey, AES.MODE_CFB, IV) 

1731 return Cipher.encrypt(sequenceNum) 

1732 

1733def decryptSequenceNumberAES(sequenceNum, checkSum, sessionKey): 

1734 # [MS-NRPC] Section 3.3.4.2.1, point 9 

1735 IV = checkSum[:8] + checkSum[:8] 

1736 Cipher = AES.new(sessionKey, AES.MODE_CFB, IV) 

1737 return Cipher.decrypt(sequenceNum) 

1738 

1739def SIGN(data, confounder, sequenceNum, key, aes = False): 

1740 if aes is False: 

1741 signature = NL_AUTH_SIGNATURE() 

1742 signature['SignatureAlgorithm'] = NL_SIGNATURE_HMAC_MD5 

1743 if confounder == '': 

1744 signature['SealAlgorithm'] = NL_SEAL_NOT_ENCRYPTED 

1745 else: 

1746 signature['SealAlgorithm'] = NL_SEAL_RC4 

1747 signature['Checksum'] = ComputeNetlogonSignatureMD5(signature, data, confounder, key) 

1748 signature['SequenceNumber'] = encryptSequenceNumberRC4(deriveSequenceNumber(sequenceNum), signature['Checksum'], key) 

1749 return signature 

1750 else: 

1751 signature = NL_AUTH_SIGNATURE() 

1752 signature['SignatureAlgorithm'] = NL_SIGNATURE_HMAC_SHA256 

1753 if confounder == '': 

1754 signature['SealAlgorithm'] = NL_SEAL_NOT_ENCRYPTED 

1755 else: 

1756 signature['SealAlgorithm'] = NL_SEAL_AES128 

1757 signature['Checksum'] = ComputeNetlogonSignatureAES(signature, data, confounder, key) 

1758 signature['SequenceNumber'] = encryptSequenceNumberAES(deriveSequenceNumber(sequenceNum), signature['Checksum'], key) 

1759 return signature 

1760 

1761def SEAL(data, confounder, sequenceNum, key, aes = False): 

1762 signature = SIGN(data, confounder, sequenceNum, key, aes) 

1763 sequenceNum = deriveSequenceNumber(sequenceNum) 

1764 

1765 XorKey = bytearray(key) 

1766 for i in range(len(XorKey)): 

1767 XorKey[i] = XorKey[i] ^ 0xf0 

1768 

1769 XorKey = bytes(XorKey) 

1770 

1771 if aes is False: 

1772 hm = hmac.new(XorKey, digestmod=hashlib.md5) 

1773 hm.update(b'\x00'*4) 

1774 hm2 = hmac.new(hm.digest(), digestmod=hashlib.md5) 

1775 hm2.update(sequenceNum) 

1776 encryptionKey = hm2.digest() 

1777 

1778 cipher = ARC4.new(encryptionKey) 

1779 cfounder = cipher.encrypt(confounder) 

1780 cipher = ARC4.new(encryptionKey) 

1781 encrypted = cipher.encrypt(data) 

1782 

1783 signature['Confounder'] = cfounder 

1784 

1785 return encrypted, signature 

1786 else: 

1787 IV = sequenceNum + sequenceNum 

1788 cipher = AES.new(XorKey, AES.MODE_CFB, IV) 

1789 cfounder = cipher.encrypt(confounder) 

1790 encrypted = cipher.encrypt(data) 

1791 

1792 signature['Confounder'] = cfounder 

1793 

1794 return encrypted, signature 

1795 

1796def UNSEAL(data, auth_data, key, aes = False): 

1797 auth_data = NL_AUTH_SIGNATURE(auth_data) 

1798 XorKey = bytearray(key) 

1799 for i in range(len(XorKey)): 

1800 XorKey[i] = XorKey[i] ^ 0xf0 

1801 

1802 XorKey = bytes(XorKey) 

1803 

1804 if aes is False: 

1805 sequenceNum = decryptSequenceNumberRC4(auth_data['SequenceNumber'], auth_data['Checksum'], key) 

1806 hm = hmac.new(XorKey, digestmod=hashlib.md5) 

1807 hm.update(b'\x00'*4) 

1808 hm2 = hmac.new(hm.digest(), digestmod=hashlib.md5) 

1809 hm2.update(sequenceNum) 

1810 encryptionKey = hm2.digest() 

1811 

1812 cipher = ARC4.new(encryptionKey) 

1813 cfounder = cipher.encrypt(auth_data['Confounder']) 

1814 cipher = ARC4.new(encryptionKey) 

1815 plain = cipher.encrypt(data) 

1816 

1817 return plain, cfounder 

1818 else: 

1819 sequenceNum = decryptSequenceNumberAES(auth_data['SequenceNumber'], auth_data['Checksum'], key) 

1820 IV = sequenceNum + sequenceNum 

1821 cipher = AES.new(XorKey, AES.MODE_CFB, IV) 

1822 cfounder = cipher.decrypt(auth_data['Confounder']) 

1823 plain = cipher.decrypt(data) 

1824 return plain, cfounder 

1825 

1826 

1827def getSSPType1(workstation='', domain='', signingRequired=False): 

1828 auth = NL_AUTH_MESSAGE() 

1829 auth['Flags'] = 0 

1830 auth['Buffer'] = b'' 

1831 auth['Flags'] |= NL_AUTH_MESSAGE_NETBIOS_DOMAIN 

1832 if domain != '': 

1833 auth['Buffer'] = auth['Buffer'] + b(domain) + b'\x00' 

1834 else: 

1835 auth['Buffer'] += b'WORKGROUP\x00' 

1836 

1837 auth['Flags'] |= NL_AUTH_MESSAGE_NETBIOS_HOST 

1838 

1839 if workstation != '': 

1840 auth['Buffer'] = auth['Buffer'] + b(workstation) + b'\x00' 

1841 else: 

1842 auth['Buffer'] += b'MYHOST\x00' 

1843 

1844 auth['Flags'] |= NL_AUTH_MESSAGE_NETBIOS_HOST_UTF8 

1845 

1846 if workstation != '': 

1847 auth['Buffer'] += pack('<B',len(workstation)) + b(workstation) + b'\x00' 

1848 else: 

1849 auth['Buffer'] += b'\x06MYHOST\x00' 

1850 

1851 return auth 

1852 

1853################################################################################ 

1854# RPC CALLS 

1855################################################################################ 

1856# 3.5.4.3.1 DsrGetDcNameEx2 (Opnum 34) 

1857class DsrGetDcNameEx2(NDRCALL): 

1858 opnum = 34 

1859 structure = ( 

1860 ('ComputerName',PLOGONSRV_HANDLE), 

1861 ('AccountName', LPWSTR), 

1862 ('AllowableAccountControlBits', ULONG), 

1863 ('DomainName',LPWSTR), 

1864 ('DomainGuid',PGUID), 

1865 ('SiteName',LPWSTR), 

1866 ('Flags',ULONG), 

1867 ) 

1868 

1869class DsrGetDcNameEx2Response(NDRCALL): 

1870 structure = ( 

1871 ('DomainControllerInfo',PDOMAIN_CONTROLLER_INFOW), 

1872 ('ErrorCode',NET_API_STATUS), 

1873 ) 

1874 

1875# 3.5.4.3.2 DsrGetDcNameEx (Opnum 27) 

1876class DsrGetDcNameEx(NDRCALL): 

1877 opnum = 27 

1878 structure = ( 

1879 ('ComputerName',PLOGONSRV_HANDLE), 

1880 ('DomainName',LPWSTR), 

1881 ('DomainGuid',PGUID), 

1882 ('SiteName',LPWSTR), 

1883 ('Flags',ULONG), 

1884 ) 

1885 

1886class DsrGetDcNameExResponse(NDRCALL): 

1887 structure = ( 

1888 ('DomainControllerInfo',PDOMAIN_CONTROLLER_INFOW), 

1889 ('ErrorCode',NET_API_STATUS), 

1890 ) 

1891 

1892# 3.5.4.3.3 DsrGetDcName (Opnum 20) 

1893class DsrGetDcName(NDRCALL): 

1894 opnum = 20 

1895 structure = ( 

1896 ('ComputerName',PLOGONSRV_HANDLE), 

1897 ('DomainName',LPWSTR), 

1898 ('DomainGuid',PGUID), 

1899 ('SiteGuid',PGUID), 

1900 ('Flags',ULONG), 

1901 ) 

1902 

1903class DsrGetDcNameResponse(NDRCALL): 

1904 structure = ( 

1905 ('DomainControllerInfo',PDOMAIN_CONTROLLER_INFOW), 

1906 ('ErrorCode',NET_API_STATUS), 

1907 ) 

1908 

1909# 3.5.4.3.4 NetrGetDCName (Opnum 11) 

1910class NetrGetDCName(NDRCALL): 

1911 opnum = 11 

1912 structure = ( 

1913 ('ServerName',LOGONSRV_HANDLE), 

1914 ('DomainName',LPWSTR), 

1915 ) 

1916 

1917class NetrGetDCNameResponse(NDRCALL): 

1918 structure = ( 

1919 ('Buffer',LPWSTR), 

1920 ('ErrorCode',NET_API_STATUS), 

1921 ) 

1922 

1923# 3.5.4.3.5 NetrGetAnyDCName (Opnum 13) 

1924class NetrGetAnyDCName(NDRCALL): 

1925 opnum = 13 

1926 structure = ( 

1927 ('ServerName',PLOGONSRV_HANDLE), 

1928 ('DomainName',LPWSTR), 

1929 ) 

1930 

1931class NetrGetAnyDCNameResponse(NDRCALL): 

1932 structure = ( 

1933 ('Buffer',LPWSTR), 

1934 ('ErrorCode',NET_API_STATUS), 

1935 ) 

1936 

1937# 3.5.4.3.6 DsrGetSiteName (Opnum 28) 

1938class DsrGetSiteName(NDRCALL): 

1939 opnum = 28 

1940 structure = ( 

1941 ('ComputerName',PLOGONSRV_HANDLE), 

1942 ) 

1943 

1944class DsrGetSiteNameResponse(NDRCALL): 

1945 structure = ( 

1946 ('SiteName',LPWSTR), 

1947 ('ErrorCode',NET_API_STATUS), 

1948 ) 

1949 

1950# 3.5.4.3.7 DsrGetDcSiteCoverageW (Opnum 38) 

1951class DsrGetDcSiteCoverageW(NDRCALL): 

1952 opnum = 38 

1953 structure = ( 

1954 ('ServerName',PLOGONSRV_HANDLE), 

1955 ) 

1956 

1957class DsrGetDcSiteCoverageWResponse(NDRCALL): 

1958 structure = ( 

1959 ('SiteNames',PNL_SITE_NAME_ARRAY), 

1960 ('ErrorCode',NET_API_STATUS), 

1961 ) 

1962 

1963# 3.5.4.3.8 DsrAddressToSiteNamesW (Opnum 33) 

1964class DsrAddressToSiteNamesW(NDRCALL): 

1965 opnum = 33 

1966 structure = ( 

1967 ('ComputerName',PLOGONSRV_HANDLE), 

1968 ('EntryCount',ULONG), 

1969 ('SocketAddresses',NL_SOCKET_ADDRESS_ARRAY), 

1970 ) 

1971 

1972class DsrAddressToSiteNamesWResponse(NDRCALL): 

1973 structure = ( 

1974 ('SiteNames',PNL_SITE_NAME_ARRAY), 

1975 ('ErrorCode',NET_API_STATUS), 

1976 ) 

1977 

1978# 3.5.4.3.9 DsrAddressToSiteNamesExW (Opnum 37) 

1979class DsrAddressToSiteNamesExW(NDRCALL): 

1980 opnum = 37 

1981 structure = ( 

1982 ('ComputerName',PLOGONSRV_HANDLE), 

1983 ('EntryCount',ULONG), 

1984 ('SocketAddresses',NL_SOCKET_ADDRESS_ARRAY), 

1985 ) 

1986 

1987class DsrAddressToSiteNamesExWResponse(NDRCALL): 

1988 structure = ( 

1989 ('SiteNames',PNL_SITE_NAME_EX_ARRAY), 

1990 ('ErrorCode',NET_API_STATUS), 

1991 ) 

1992 

1993# 3.5.4.3.10 DsrDeregisterDnsHostRecords (Opnum 41) 

1994class DsrDeregisterDnsHostRecords(NDRCALL): 

1995 opnum = 41 

1996 structure = ( 

1997 ('ServerName',PLOGONSRV_HANDLE), 

1998 ('DnsDomainName',LPWSTR), 

1999 ('DomainGuid',PGUID), 

2000 ('DsaGuid',PGUID), 

2001 ('DnsHostName',WSTR), 

2002 ) 

2003 

2004class DsrDeregisterDnsHostRecordsResponse(NDRCALL): 

2005 structure = ( 

2006 ('ErrorCode',NET_API_STATUS), 

2007 ) 

2008 

2009# 3.5.4.3.11 DSRUpdateReadOnlyServerDnsRecords (Opnum 48) 

2010class DSRUpdateReadOnlyServerDnsRecords(NDRCALL): 

2011 opnum = 48 

2012 structure = ( 

2013 ('ServerName',PLOGONSRV_HANDLE), 

2014 ('ComputerName',WSTR), 

2015 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2016 ('SiteName',LPWSTR), 

2017 ('DnsTtl',ULONG), 

2018 ('DnsNames',NL_DNS_NAME_INFO_ARRAY), 

2019 ) 

2020 

2021class DSRUpdateReadOnlyServerDnsRecordsResponse(NDRCALL): 

2022 structure = ( 

2023 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2024 ('DnsNames',NL_DNS_NAME_INFO_ARRAY), 

2025 ('ErrorCode',NTSTATUS), 

2026 ) 

2027 

2028# 3.5.4.4.1 NetrServerReqChallenge (Opnum 4) 

2029class NetrServerReqChallenge(NDRCALL): 

2030 opnum = 4 

2031 structure = ( 

2032 ('PrimaryName',PLOGONSRV_HANDLE), 

2033 ('ComputerName',WSTR), 

2034 ('ClientChallenge',NETLOGON_CREDENTIAL), 

2035 ) 

2036 

2037class NetrServerReqChallengeResponse(NDRCALL): 

2038 structure = ( 

2039 ('ServerChallenge',NETLOGON_CREDENTIAL), 

2040 ('ErrorCode',NTSTATUS), 

2041 ) 

2042 

2043# 3.5.4.4.2 NetrServerAuthenticate3 (Opnum 26) 

2044class NetrServerAuthenticate3(NDRCALL): 

2045 opnum = 26 

2046 structure = ( 

2047 ('PrimaryName',PLOGONSRV_HANDLE), 

2048 ('AccountName',WSTR), 

2049 ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE), 

2050 ('ComputerName',WSTR), 

2051 ('ClientCredential',NETLOGON_CREDENTIAL), 

2052 ('NegotiateFlags',ULONG), 

2053 ) 

2054 

2055class NetrServerAuthenticate3Response(NDRCALL): 

2056 structure = ( 

2057 ('ServerCredential',NETLOGON_CREDENTIAL), 

2058 ('NegotiateFlags',ULONG), 

2059 ('AccountRid',ULONG), 

2060 ('ErrorCode',NTSTATUS), 

2061 ) 

2062 

2063# 3.5.4.4.3 NetrServerAuthenticate2 (Opnum 15) 

2064class NetrServerAuthenticate2(NDRCALL): 

2065 opnum = 15 

2066 structure = ( 

2067 ('PrimaryName',PLOGONSRV_HANDLE), 

2068 ('AccountName',WSTR), 

2069 ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE), 

2070 ('ComputerName',WSTR), 

2071 ('ClientCredential',NETLOGON_CREDENTIAL), 

2072 ('NegotiateFlags',ULONG), 

2073 ) 

2074 

2075class NetrServerAuthenticate2Response(NDRCALL): 

2076 structure = ( 

2077 ('ServerCredential',NETLOGON_CREDENTIAL), 

2078 ('NegotiateFlags',ULONG), 

2079 ('ErrorCode',NTSTATUS), 

2080 ) 

2081 

2082# 3.5.4.4.4 NetrServerAuthenticate (Opnum 5) 

2083class NetrServerAuthenticate(NDRCALL): 

2084 opnum = 5 

2085 structure = ( 

2086 ('PrimaryName',PLOGONSRV_HANDLE), 

2087 ('AccountName',WSTR), 

2088 ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE), 

2089 ('ComputerName',WSTR), 

2090 ('ClientCredential',NETLOGON_CREDENTIAL), 

2091 ) 

2092 

2093class NetrServerAuthenticateResponse(NDRCALL): 

2094 structure = ( 

2095 ('ServerCredential',NETLOGON_CREDENTIAL), 

2096 ('ErrorCode',NTSTATUS), 

2097 ) 

2098 

2099# 3.5.4.4.5 NetrServerPasswordSet2 (Opnum 30) 

2100class NetrServerPasswordSet2(NDRCALL): 

2101 opnum = 30 

2102 structure = ( 

2103 ('PrimaryName',PLOGONSRV_HANDLE), 

2104 ('AccountName',WSTR), 

2105 ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE), 

2106 ('ComputerName',WSTR), 

2107 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2108 #('ClearNewPassword',NL_TRUST_PASSWORD), 

2109 ('ClearNewPassword',NL_TRUST_PASSWORD_FIXED_ARRAY), 

2110 ) 

2111 

2112class NetrServerPasswordSet2Response(NDRCALL): 

2113 structure = ( 

2114 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2115 ('ErrorCode',NTSTATUS), 

2116 ) 

2117 

2118# 3.5.4.4.6 NetrServerPasswordSet (Opnum 6) 

2119 

2120# 3.5.4.4.7 NetrServerPasswordGet (Opnum 31) 

2121class NetrServerPasswordGet(NDRCALL): 

2122 opnum = 31 

2123 structure = ( 

2124 ('PrimaryName',PLOGONSRV_HANDLE), 

2125 ('AccountName',WSTR), 

2126 ('AccountType',NETLOGON_SECURE_CHANNEL_TYPE), 

2127 ('ComputerName',WSTR), 

2128 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2129 ) 

2130 

2131class NetrServerPasswordGetResponse(NDRCALL): 

2132 structure = ( 

2133 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2134 ('EncryptedNtOwfPassword',ENCRYPTED_NT_OWF_PASSWORD), 

2135 ('ErrorCode',NTSTATUS), 

2136 ) 

2137 

2138# 3.5.4.4.8 NetrServerTrustPasswordsGet (Opnum 42) 

2139class NetrServerTrustPasswordsGet(NDRCALL): 

2140 opnum = 42 

2141 structure = ( 

2142 ('TrustedDcName',PLOGONSRV_HANDLE), 

2143 ('AccountName',WSTR), 

2144 ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE), 

2145 ('ComputerName',WSTR), 

2146 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2147 ) 

2148 

2149class NetrServerTrustPasswordsGetResponse(NDRCALL): 

2150 structure = ( 

2151 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2152 ('EncryptedNewOwfPassword',ENCRYPTED_NT_OWF_PASSWORD), 

2153 ('EncryptedOldOwfPassword',ENCRYPTED_NT_OWF_PASSWORD), 

2154 ('ErrorCode',NTSTATUS), 

2155 ) 

2156 

2157# 3.5.4.4.9 NetrLogonGetDomainInfo (Opnum 29) 

2158class NetrLogonGetDomainInfo(NDRCALL): 

2159 opnum = 29 

2160 structure = ( 

2161 ('ServerName',LOGONSRV_HANDLE), 

2162 ('ComputerName',LPWSTR), 

2163 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2164 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2165 ('Level',DWORD), 

2166 ('WkstaBuffer',NETLOGON_WORKSTATION_INFORMATION), 

2167 ) 

2168 

2169class NetrLogonGetDomainInfoResponse(NDRCALL): 

2170 structure = ( 

2171 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2172 ('DomBuffer',NETLOGON_DOMAIN_INFORMATION), 

2173 ('ErrorCode',NTSTATUS), 

2174 ) 

2175 

2176# 3.5.4.4.10 NetrLogonGetCapabilities (Opnum 21) 

2177class NetrLogonGetCapabilities(NDRCALL): 

2178 opnum = 21 

2179 structure = ( 

2180 ('ServerName',LOGONSRV_HANDLE), 

2181 ('ComputerName',LPWSTR), 

2182 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2183 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2184 ('QueryLevel',DWORD), 

2185 ) 

2186 

2187class NetrLogonGetCapabilitiesResponse(NDRCALL): 

2188 structure = ( 

2189 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2190 ('ServerCapabilities',NETLOGON_CAPABILITIES), 

2191 ('ErrorCode',NTSTATUS), 

2192 ) 

2193 

2194# 3.5.4.4.11 NetrChainSetClientAttributes (Opnum 49) 

2195 

2196# 3.5.4.5.1 NetrLogonSamLogonEx (Opnum 39) 

2197class NetrLogonSamLogonEx(NDRCALL): 

2198 opnum = 39 

2199 structure = ( 

2200 ('LogonServer',LPWSTR), 

2201 ('ComputerName',LPWSTR), 

2202 ('LogonLevel',NETLOGON_LOGON_INFO_CLASS), 

2203 ('LogonInformation',NETLOGON_LEVEL), 

2204 ('ValidationLevel',NETLOGON_VALIDATION_INFO_CLASS), 

2205 ('ExtraFlags',ULONG), 

2206 ) 

2207 

2208class NetrLogonSamLogonExResponse(NDRCALL): 

2209 structure = ( 

2210 ('ValidationInformation',NETLOGON_VALIDATION), 

2211 ('Authoritative',UCHAR), 

2212 ('ExtraFlags',ULONG), 

2213 ('ErrorCode',NTSTATUS), 

2214 ) 

2215 

2216# 3.5.4.5.2 NetrLogonSamLogonWithFlags (Opnum 45) 

2217class NetrLogonSamLogonWithFlags(NDRCALL): 

2218 opnum = 45 

2219 structure = ( 

2220 ('LogonServer',LPWSTR), 

2221 ('ComputerName',LPWSTR), 

2222 ('Authenticator',PNETLOGON_AUTHENTICATOR), 

2223 ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR), 

2224 ('LogonLevel',NETLOGON_LOGON_INFO_CLASS), 

2225 ('LogonInformation',NETLOGON_LEVEL), 

2226 ('ValidationLevel',NETLOGON_VALIDATION_INFO_CLASS), 

2227 ('ExtraFlags',ULONG), 

2228 ) 

2229 

2230class NetrLogonSamLogonWithFlagsResponse(NDRCALL): 

2231 structure = ( 

2232 ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR), 

2233 ('ValidationInformation',NETLOGON_VALIDATION), 

2234 ('Authoritative',UCHAR), 

2235 ('ExtraFlags',ULONG), 

2236 ('ErrorCode',NTSTATUS), 

2237 ) 

2238 

2239# 3.5.4.5.3 NetrLogonSamLogon (Opnum 2) 

2240class NetrLogonSamLogon(NDRCALL): 

2241 opnum = 2 

2242 structure = ( 

2243 ('LogonServer',LPWSTR), 

2244 ('ComputerName',LPWSTR), 

2245 ('Authenticator',PNETLOGON_AUTHENTICATOR), 

2246 ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR), 

2247 ('LogonLevel',NETLOGON_LOGON_INFO_CLASS), 

2248 ('LogonInformation',NETLOGON_LEVEL), 

2249 ('ValidationLevel',NETLOGON_VALIDATION_INFO_CLASS), 

2250 ) 

2251 

2252class NetrLogonSamLogonResponse(NDRCALL): 

2253 structure = ( 

2254 ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR), 

2255 ('ValidationInformation',NETLOGON_VALIDATION), 

2256 ('Authoritative',UCHAR), 

2257 ('ErrorCode',NTSTATUS), 

2258 ) 

2259 

2260# 3.5.4.5.4 NetrLogonSamLogoff (Opnum 3) 

2261class NetrLogonSamLogoff(NDRCALL): 

2262 opnum = 3 

2263 structure = ( 

2264 ('LogonServer',LPWSTR), 

2265 ('ComputerName',LPWSTR), 

2266 ('Authenticator',PNETLOGON_AUTHENTICATOR), 

2267 ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR), 

2268 ('LogonLevel',NETLOGON_LOGON_INFO_CLASS), 

2269 ('LogonInformation',NETLOGON_LEVEL), 

2270 ) 

2271 

2272class NetrLogonSamLogoffResponse(NDRCALL): 

2273 structure = ( 

2274 ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR), 

2275 ('ErrorCode',NTSTATUS), 

2276 ) 

2277 

2278# 3.5.4.6.1 NetrDatabaseDeltas (Opnum 7) 

2279class NetrDatabaseDeltas(NDRCALL): 

2280 opnum = 7 

2281 structure = ( 

2282 ('PrimaryName',LOGONSRV_HANDLE), 

2283 ('ComputerName',WSTR), 

2284 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2285 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2286 ('DatabaseID',DWORD), 

2287 ('DomainModifiedCount',NLPR_MODIFIED_COUNT), 

2288 ('PreferredMaximumLength',DWORD), 

2289 ) 

2290 

2291class NetrDatabaseDeltasResponse(NDRCALL): 

2292 structure = ( 

2293 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2294 ('DomainModifiedCount',NLPR_MODIFIED_COUNT), 

2295 ('DeltaArray',PNETLOGON_DELTA_ENUM_ARRAY), 

2296 ('ErrorCode',NTSTATUS), 

2297 ) 

2298 

2299# 3.5.4.6.2 NetrDatabaseSync2 (Opnum 16) 

2300class NetrDatabaseSync2(NDRCALL): 

2301 opnum = 16 

2302 structure = ( 

2303 ('PrimaryName',LOGONSRV_HANDLE), 

2304 ('ComputerName',WSTR), 

2305 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2306 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2307 ('DatabaseID',DWORD), 

2308 ('RestartState',SYNC_STATE), 

2309 ('SyncContext',ULONG), 

2310 ('PreferredMaximumLength',DWORD), 

2311 ) 

2312 

2313class NetrDatabaseSync2Response(NDRCALL): 

2314 structure = ( 

2315 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2316 ('SyncContext',ULONG), 

2317 ('DeltaArray',PNETLOGON_DELTA_ENUM_ARRAY), 

2318 ('ErrorCode',NTSTATUS), 

2319 ) 

2320 

2321# 3.5.4.6.3 NetrDatabaseSync (Opnum 8) 

2322class NetrDatabaseSync(NDRCALL): 

2323 opnum = 8 

2324 structure = ( 

2325 ('PrimaryName',LOGONSRV_HANDLE), 

2326 ('ComputerName',WSTR), 

2327 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2328 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2329 ('DatabaseID',DWORD), 

2330 ('SyncContext',ULONG), 

2331 ('PreferredMaximumLength',DWORD), 

2332 ) 

2333 

2334class NetrDatabaseSyncResponse(NDRCALL): 

2335 structure = ( 

2336 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2337 ('SyncContext',ULONG), 

2338 ('DeltaArray',PNETLOGON_DELTA_ENUM_ARRAY), 

2339 ('ErrorCode',NTSTATUS), 

2340 ) 

2341 

2342# 3.5.4.6.4 NetrDatabaseRedo (Opnum 17) 

2343class NetrDatabaseRedo(NDRCALL): 

2344 opnum = 17 

2345 structure = ( 

2346 ('PrimaryName',LOGONSRV_HANDLE), 

2347 ('ComputerName',WSTR), 

2348 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2349 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2350 ('ChangeLogEntry',PUCHAR_ARRAY), 

2351 ('ChangeLogEntrySize',DWORD), 

2352 ) 

2353 

2354class NetrDatabaseRedoResponse(NDRCALL): 

2355 structure = ( 

2356 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2357 ('DeltaArray',PNETLOGON_DELTA_ENUM_ARRAY), 

2358 ('ErrorCode',NTSTATUS), 

2359 ) 

2360 

2361# 3.5.4.7.1 DsrEnumerateDomainTrusts (Opnum 40) 

2362class DsrEnumerateDomainTrusts(NDRCALL): 

2363 opnum = 40 

2364 structure = ( 

2365 ('ServerName',PLOGONSRV_HANDLE), 

2366 ('Flags',ULONG), 

2367 ) 

2368 

2369class DsrEnumerateDomainTrustsResponse(NDRCALL): 

2370 structure = ( 

2371 ('Domains',NETLOGON_TRUSTED_DOMAIN_ARRAY), 

2372 ('ErrorCode',NTSTATUS), 

2373 ) 

2374 

2375# 3.5.4.7.2 NetrEnumerateTrustedDomainsEx (Opnum 36) 

2376class NetrEnumerateTrustedDomainsEx(NDRCALL): 

2377 opnum = 36 

2378 structure = ( 

2379 ('ServerName',PLOGONSRV_HANDLE), 

2380 ) 

2381 

2382class NetrEnumerateTrustedDomainsExResponse(NDRCALL): 

2383 structure = ( 

2384 ('Domains',NETLOGON_TRUSTED_DOMAIN_ARRAY), 

2385 ('ErrorCode',NTSTATUS), 

2386 ) 

2387 

2388# 3.5.4.7.3 NetrEnumerateTrustedDomains (Opnum 19) 

2389class NetrEnumerateTrustedDomains(NDRCALL): 

2390 opnum = 19 

2391 structure = ( 

2392 ('ServerName',PLOGONSRV_HANDLE), 

2393 ) 

2394 

2395class NetrEnumerateTrustedDomainsResponse(NDRCALL): 

2396 structure = ( 

2397 ('DomainNameBuffer',DOMAIN_NAME_BUFFER), 

2398 ('ErrorCode',NTSTATUS), 

2399 ) 

2400 

2401# 3.5.4.7.4 NetrGetForestTrustInformation (Opnum 44) 

2402class NetrGetForestTrustInformation(NDRCALL): 

2403 opnum = 44 

2404 structure = ( 

2405 ('ServerName',PLOGONSRV_HANDLE), 

2406 ('ComputerName',WSTR), 

2407 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2408 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2409 ('Flags',DWORD), 

2410 ) 

2411 

2412class NetrGetForestTrustInformationResponse(NDRCALL): 

2413 structure = ( 

2414 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2415 ('ForestTrustInfo',PLSA_FOREST_TRUST_INFORMATION), 

2416 ('ErrorCode',NTSTATUS), 

2417 ) 

2418 

2419# 3.5.4.7.5 DsrGetForestTrustInformation (Opnum 43) 

2420class DsrGetForestTrustInformation(NDRCALL): 

2421 opnum = 43 

2422 structure = ( 

2423 ('ServerName',PLOGONSRV_HANDLE), 

2424 ('TrustedDomainName',LPWSTR), 

2425 ('Flags',DWORD), 

2426 ) 

2427 

2428class DsrGetForestTrustInformationResponse(NDRCALL): 

2429 structure = ( 

2430 ('ForestTrustInfo',PLSA_FOREST_TRUST_INFORMATION), 

2431 ('ErrorCode',NTSTATUS), 

2432 ) 

2433 

2434# 3.5.4.7.6 NetrServerGetTrustInfo (Opnum 46) 

2435class NetrServerGetTrustInfo(NDRCALL): 

2436 opnum = 46 

2437 structure = ( 

2438 ('TrustedDcName',PLOGONSRV_HANDLE), 

2439 ('AccountName',WSTR), 

2440 ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE), 

2441 ('ComputerName',WSTR), 

2442 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2443 ) 

2444 

2445class NetrServerGetTrustInfoResponse(NDRCALL): 

2446 structure = ( 

2447 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2448 ('EncryptedNewOwfPassword',ENCRYPTED_NT_OWF_PASSWORD), 

2449 ('EncryptedOldOwfPassword',ENCRYPTED_NT_OWF_PASSWORD), 

2450 ('TrustInfo',PNL_GENERIC_RPC_DATA), 

2451 ('ErrorCode',NTSTATUS), 

2452 ) 

2453 

2454# 3.5.4.8.1 NetrLogonGetTrustRid (Opnum 23) 

2455class NetrLogonGetTrustRid(NDRCALL): 

2456 opnum = 23 

2457 structure = ( 

2458 ('ServerName',PLOGONSRV_HANDLE), 

2459 ('DomainName',LPWSTR), 

2460 ) 

2461 

2462class NetrLogonGetTrustRidResponse(NDRCALL): 

2463 structure = ( 

2464 ('Rid',ULONG), 

2465 ('ErrorCode',NTSTATUS), 

2466 ) 

2467 

2468# 3.5.4.8.2 NetrLogonComputeServerDigest (Opnum 24) 

2469class NetrLogonComputeServerDigest(NDRCALL): 

2470 opnum = 24 

2471 structure = ( 

2472 ('ServerName',PLOGONSRV_HANDLE), 

2473 ('Rid',ULONG), 

2474 ('Message',UCHAR_ARRAY), 

2475 ('MessageSize',ULONG), 

2476 ) 

2477 

2478class NetrLogonComputeServerDigestResponse(NDRCALL): 

2479 structure = ( 

2480 ('NewMessageDigest',CHAR_FIXED_16_ARRAY), 

2481 ('OldMessageDigest',CHAR_FIXED_16_ARRAY), 

2482 ('ErrorCode',NTSTATUS), 

2483 ) 

2484 

2485# 3.5.4.8.3 NetrLogonComputeClientDigest (Opnum 25) 

2486class NetrLogonComputeClientDigest(NDRCALL): 

2487 opnum = 25 

2488 structure = ( 

2489 ('ServerName',PLOGONSRV_HANDLE), 

2490 ('DomainName',LPWSTR), 

2491 ('Message',UCHAR_ARRAY), 

2492 ('MessageSize',ULONG), 

2493 ) 

2494 

2495class NetrLogonComputeClientDigestResponse(NDRCALL): 

2496 structure = ( 

2497 ('NewMessageDigest',CHAR_FIXED_16_ARRAY), 

2498 ('OldMessageDigest',CHAR_FIXED_16_ARRAY), 

2499 ('ErrorCode',NTSTATUS), 

2500 ) 

2501 

2502# 3.5.4.8.4 NetrLogonSendToSam (Opnum 32) 

2503class NetrLogonSendToSam(NDRCALL): 

2504 opnum = 32 

2505 structure = ( 

2506 ('PrimaryName',PLOGONSRV_HANDLE), 

2507 ('ComputerName',WSTR), 

2508 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2509 ('OpaqueBuffer',UCHAR_ARRAY), 

2510 ('OpaqueBufferSize',ULONG), 

2511 ) 

2512 

2513class NetrLogonSendToSamResponse(NDRCALL): 

2514 structure = ( 

2515 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2516 ('ErrorCode',NTSTATUS), 

2517 ) 

2518 

2519# 3.5.4.8.5 NetrLogonSetServiceBits (Opnum 22) 

2520class NetrLogonSetServiceBits(NDRCALL): 

2521 opnum = 22 

2522 structure = ( 

2523 ('ServerName',PLOGONSRV_HANDLE), 

2524 ('ServiceBitsOfInterest',DWORD), 

2525 ('ServiceBits',DWORD), 

2526 ) 

2527 

2528class NetrLogonSetServiceBitsResponse(NDRCALL): 

2529 structure = ( 

2530 ('ErrorCode',NTSTATUS), 

2531 ) 

2532 

2533# 3.5.4.8.6 NetrLogonGetTimeServiceParentDomain (Opnum 35) 

2534class NetrLogonGetTimeServiceParentDomain(NDRCALL): 

2535 opnum = 35 

2536 structure = ( 

2537 ('ServerName',PLOGONSRV_HANDLE), 

2538 ) 

2539 

2540class NetrLogonGetTimeServiceParentDomainResponse(NDRCALL): 

2541 structure = ( 

2542 ('DomainName',LPWSTR), 

2543 ('PdcSameSite',LONG), 

2544 ('ErrorCode',NET_API_STATUS), 

2545 ) 

2546 

2547# 3.5.4.9.1 NetrLogonControl2Ex (Opnum 18) 

2548class NetrLogonControl2Ex(NDRCALL): 

2549 opnum = 18 

2550 structure = ( 

2551 ('ServerName',PLOGONSRV_HANDLE), 

2552 ('FunctionCode',DWORD), 

2553 ('QueryLevel',DWORD), 

2554 ('Data',NETLOGON_CONTROL_DATA_INFORMATION), 

2555 ) 

2556 

2557class NetrLogonControl2ExResponse(NDRCALL): 

2558 structure = ( 

2559 ('Buffer',NETLOGON_CONTROL_DATA_INFORMATION), 

2560 ('ErrorCode',NET_API_STATUS), 

2561 ) 

2562 

2563# 3.5.4.9.2 NetrLogonControl2 (Opnum 14) 

2564class NetrLogonControl2(NDRCALL): 

2565 opnum = 14 

2566 structure = ( 

2567 ('ServerName',PLOGONSRV_HANDLE), 

2568 ('FunctionCode',DWORD), 

2569 ('QueryLevel',DWORD), 

2570 ('Data',NETLOGON_CONTROL_DATA_INFORMATION), 

2571 ) 

2572 

2573class NetrLogonControl2Response(NDRCALL): 

2574 structure = ( 

2575 ('Buffer',NETLOGON_CONTROL_DATA_INFORMATION), 

2576 ('ErrorCode',NET_API_STATUS), 

2577 ) 

2578 

2579# 3.5.4.9.3 NetrLogonControl (Opnum 12) 

2580class NetrLogonControl(NDRCALL): 

2581 opnum = 12 

2582 structure = ( 

2583 ('ServerName',PLOGONSRV_HANDLE), 

2584 ('FunctionCode',DWORD), 

2585 ('QueryLevel',DWORD), 

2586 ('Data',NETLOGON_CONTROL_DATA_INFORMATION), 

2587 ) 

2588 

2589class NetrLogonControlResponse(NDRCALL): 

2590 structure = ( 

2591 ('Buffer',NETLOGON_CONTROL_DATA_INFORMATION), 

2592 ('ErrorCode',NET_API_STATUS), 

2593 ) 

2594 

2595# 3.5.4.10.1 NetrLogonUasLogon (Opnum 0) 

2596class NetrLogonUasLogon(NDRCALL): 

2597 opnum = 0 

2598 structure = ( 

2599 ('ServerName',PLOGONSRV_HANDLE), 

2600 ('UserName',WSTR), 

2601 ('Workstation',WSTR), 

2602 ) 

2603 

2604class NetrLogonUasLogonResponse(NDRCALL): 

2605 structure = ( 

2606 ('ValidationInformation',PNETLOGON_VALIDATION_UAS_INFO), 

2607 ('ErrorCode',NET_API_STATUS), 

2608 ) 

2609 

2610# 3.5.4.10.2 NetrLogonUasLogoff (Opnum 1) 

2611class NetrLogonUasLogoff(NDRCALL): 

2612 opnum = 1 

2613 structure = ( 

2614 ('ServerName',PLOGONSRV_HANDLE), 

2615 ('UserName',WSTR), 

2616 ('Workstation',WSTR), 

2617 ) 

2618 

2619class NetrLogonUasLogoffResponse(NDRCALL): 

2620 structure = ( 

2621 ('LogoffInformation',NETLOGON_LOGOFF_UAS_INFO), 

2622 ('ErrorCode',NET_API_STATUS), 

2623 ) 

2624 

2625################################################################################ 

2626# OPNUMs and their corresponding structures 

2627################################################################################ 

2628OPNUMS = { 

2629 0 : (NetrLogonUasLogon, NetrLogonUasLogonResponse), 

2630 1 : (NetrLogonUasLogoff, NetrLogonUasLogoffResponse), 

2631 2 : (NetrLogonSamLogon, NetrLogonSamLogonResponse), 

2632 3 : (NetrLogonSamLogoff, NetrLogonSamLogoffResponse), 

2633 4 : (NetrServerReqChallenge, NetrServerReqChallengeResponse), 

2634 5 : (NetrServerAuthenticate, NetrServerAuthenticateResponse), 

2635# 6 : (NetrServerPasswordSet, NetrServerPasswordSetResponse), 

2636 7 : (NetrDatabaseDeltas, NetrDatabaseDeltasResponse), 

2637 8 : (NetrDatabaseSync, NetrDatabaseSyncResponse), 

2638# 9 : (NetrAccountDeltas, NetrAccountDeltasResponse), 

2639# 10 : (NetrAccountSync, NetrAccountSyncResponse), 

2640 11 : (NetrGetDCName, NetrGetDCNameResponse), 

2641 12 : (NetrLogonControl, NetrLogonControlResponse), 

2642 13 : (NetrGetAnyDCName, NetrGetAnyDCNameResponse), 

2643 14 : (NetrLogonControl2, NetrLogonControl2Response), 

2644 15 : (NetrServerAuthenticate2, NetrServerAuthenticate2Response), 

2645 16 : (NetrDatabaseSync2, NetrDatabaseSync2Response), 

2646 17 : (NetrDatabaseRedo, NetrDatabaseRedoResponse), 

2647 18 : (NetrLogonControl2Ex, NetrLogonControl2ExResponse), 

2648 19 : (NetrEnumerateTrustedDomains, NetrEnumerateTrustedDomainsResponse), 

2649 20 : (DsrGetDcName, DsrGetDcNameResponse), 

2650 21 : (NetrLogonGetCapabilities, NetrLogonGetCapabilitiesResponse), 

2651 22 : (NetrLogonSetServiceBits, NetrLogonSetServiceBitsResponse), 

2652 23 : (NetrLogonGetTrustRid, NetrLogonGetTrustRidResponse), 

2653 24 : (NetrLogonComputeServerDigest, NetrLogonComputeServerDigestResponse), 

2654 25 : (NetrLogonComputeClientDigest, NetrLogonComputeClientDigestResponse), 

2655 26 : (NetrServerAuthenticate3, NetrServerAuthenticate3Response), 

2656 27 : (DsrGetDcNameEx, DsrGetDcNameExResponse), 

2657 28 : (DsrGetSiteName, DsrGetSiteNameResponse), 

2658 29 : (NetrLogonGetDomainInfo, NetrLogonGetDomainInfoResponse), 

2659 30 : (NetrServerPasswordSet2, NetrServerPasswordSet2Response), 

2660 31 : (NetrServerPasswordGet, NetrServerPasswordGetResponse), 

2661 32 : (NetrLogonSendToSam, NetrLogonSendToSamResponse), 

2662 33 : (DsrAddressToSiteNamesW, DsrAddressToSiteNamesWResponse), 

2663 34 : (DsrGetDcNameEx2, DsrGetDcNameEx2Response), 

2664 35 : (NetrLogonGetTimeServiceParentDomain, NetrLogonGetTimeServiceParentDomainResponse), 

2665 36 : (NetrEnumerateTrustedDomainsEx, NetrEnumerateTrustedDomainsExResponse), 

2666 37 : (DsrAddressToSiteNamesExW, DsrAddressToSiteNamesExWResponse), 

2667 38 : (DsrGetDcSiteCoverageW, DsrGetDcSiteCoverageWResponse), 

2668 39 : (NetrLogonSamLogonEx, NetrLogonSamLogonExResponse), 

2669 40 : (DsrEnumerateDomainTrusts, DsrEnumerateDomainTrustsResponse), 

2670 41 : (DsrDeregisterDnsHostRecords, DsrDeregisterDnsHostRecordsResponse), 

2671 42 : (NetrServerTrustPasswordsGet, NetrServerTrustPasswordsGetResponse), 

2672 43 : (DsrGetForestTrustInformation, DsrGetForestTrustInformationResponse), 

2673 44 : (NetrGetForestTrustInformation, NetrGetForestTrustInformationResponse), 

2674 45 : (NetrLogonSamLogonWithFlags, NetrLogonSamLogonWithFlagsResponse), 

2675 46 : (NetrServerGetTrustInfo, NetrServerGetTrustInfoResponse), 

2676# 48 : (DsrUpdateReadOnlyServerDnsRecords, DsrUpdateReadOnlyServerDnsRecordsResponse), 

2677# 49 : (NetrChainSetClientAttributes, NetrChainSetClientAttributesResponse), 

2678} 

2679 

2680################################################################################ 

2681# HELPER FUNCTIONS 

2682################################################################################ 

2683def checkNullString(string): 

2684 if string == NULL: 

2685 return string 

2686 

2687 if string[-1:] != '\x00': 

2688 return string + '\x00' 

2689 else: 

2690 return string 

2691 

2692def hNetrServerReqChallenge(dce, primaryName, computerName, clientChallenge): 

2693 request = NetrServerReqChallenge() 

2694 request['PrimaryName'] = checkNullString(primaryName) 

2695 request['ComputerName'] = checkNullString(computerName) 

2696 request['ClientChallenge'] = clientChallenge 

2697 return dce.request(request) 

2698 

2699def hNetrServerAuthenticate3(dce, primaryName, accountName, secureChannelType, computerName, clientCredential, negotiateFlags): 

2700 request = NetrServerAuthenticate3() 

2701 request['PrimaryName'] = checkNullString(primaryName) 

2702 request['AccountName'] = checkNullString(accountName) 

2703 request['SecureChannelType'] = secureChannelType 

2704 request['ClientCredential'] = clientCredential 

2705 request['ComputerName'] = checkNullString(computerName) 

2706 request['NegotiateFlags'] = negotiateFlags 

2707 return dce.request(request) 

2708 

2709def hDsrGetDcNameEx2(dce, computerName, accountName, allowableAccountControlBits, domainName, domainGuid, siteName, flags): 

2710 request = DsrGetDcNameEx2() 

2711 request['ComputerName'] = checkNullString(computerName) 

2712 request['AccountName'] = checkNullString(accountName) 

2713 request['AllowableAccountControlBits'] = allowableAccountControlBits 

2714 request['DomainName'] = checkNullString(domainName) 

2715 request['DomainGuid'] = domainGuid 

2716 request['SiteName'] = checkNullString(siteName) 

2717 request['Flags'] = flags 

2718 return dce.request(request) 

2719 

2720def hDsrGetDcNameEx(dce, computerName, domainName, domainGuid, siteName, flags): 

2721 request = DsrGetDcNameEx() 

2722 request['ComputerName'] = checkNullString(computerName) 

2723 request['DomainName'] = checkNullString(domainName) 

2724 request['DomainGuid'] = domainGuid 

2725 request['SiteName'] = siteName 

2726 request['Flags'] = flags 

2727 return dce.request(request) 

2728 

2729def hDsrGetDcName(dce, computerName, domainName, domainGuid, siteGuid, flags): 

2730 request = DsrGetDcName() 

2731 request['ComputerName'] = checkNullString(computerName) 

2732 request['DomainName'] = checkNullString(domainName) 

2733 request['DomainGuid'] = domainGuid 

2734 request['SiteGuid'] = siteGuid 

2735 request['Flags'] = flags 

2736 return dce.request(request) 

2737 

2738def hNetrGetAnyDCName(dce, serverName, domainName): 

2739 request = NetrGetAnyDCName() 

2740 request['ServerName'] = checkNullString(serverName) 

2741 request['DomainName'] = checkNullString(domainName) 

2742 return dce.request(request) 

2743 

2744def hNetrGetDCName(dce, serverName, domainName): 

2745 request = NetrGetDCName() 

2746 request['ServerName'] = checkNullString(serverName) 

2747 request['DomainName'] = checkNullString(domainName) 

2748 return dce.request(request) 

2749 

2750def hDsrGetSiteName(dce, computerName): 

2751 request = DsrGetSiteName() 

2752 request['ComputerName'] = checkNullString(computerName) 

2753 return dce.request(request) 

2754 

2755def hDsrGetDcSiteCoverageW(dce, serverName): 

2756 request = DsrGetDcSiteCoverageW() 

2757 request['ServerName'] = checkNullString(serverName) 

2758 return dce.request(request) 

2759 

2760def hNetrServerAuthenticate2(dce, primaryName, accountName, secureChannelType, computerName, clientCredential, negotiateFlags): 

2761 request = NetrServerAuthenticate2() 

2762 request['PrimaryName'] = checkNullString(primaryName) 

2763 request['AccountName'] = checkNullString(accountName) 

2764 request['SecureChannelType'] = secureChannelType 

2765 request['ClientCredential'] = clientCredential 

2766 request['ComputerName'] = checkNullString(computerName) 

2767 request['NegotiateFlags'] = negotiateFlags 

2768 return dce.request(request) 

2769 

2770def hNetrServerAuthenticate(dce, primaryName, accountName, secureChannelType, computerName, clientCredential): 

2771 request = NetrServerAuthenticate() 

2772 request['PrimaryName'] = checkNullString(primaryName) 

2773 request['AccountName'] = checkNullString(accountName) 

2774 request['SecureChannelType'] = secureChannelType 

2775 request['ClientCredential'] = clientCredential 

2776 request['ComputerName'] = checkNullString(computerName) 

2777 return dce.request(request) 

2778 

2779def hNetrServerPasswordGet(dce, primaryName, accountName, accountType, computerName, authenticator): 

2780 request = NetrServerPasswordGet() 

2781 request['PrimaryName'] = checkNullString(primaryName) 

2782 request['AccountName'] = checkNullString(accountName) 

2783 request['AccountType'] = accountType 

2784 request['ComputerName'] = checkNullString(computerName) 

2785 request['Authenticator'] = authenticator 

2786 return dce.request(request) 

2787 

2788def hNetrServerTrustPasswordsGet(dce, trustedDcName, accountName, secureChannelType, computerName, authenticator): 

2789 request = NetrServerTrustPasswordsGet() 

2790 request['TrustedDcName'] = checkNullString(trustedDcName) 

2791 request['AccountName'] = checkNullString(accountName) 

2792 request['SecureChannelType'] = secureChannelType 

2793 request['ComputerName'] = checkNullString(computerName) 

2794 request['Authenticator'] = authenticator 

2795 return dce.request(request) 

2796 

2797def hNetrServerPasswordSet2(dce, primaryName, accountName, secureChannelType, computerName, authenticator, clearNewPasswordBlob): 

2798 request = NetrServerPasswordSet2() 

2799 request['PrimaryName'] = checkNullString(primaryName) 

2800 request['AccountName'] = checkNullString(accountName) 

2801 request['SecureChannelType'] = secureChannelType 

2802 request['ComputerName'] = checkNullString(computerName) 

2803 request['Authenticator'] = authenticator 

2804 request['ClearNewPassword'] = clearNewPasswordBlob 

2805 return dce.request(request) 

2806 

2807def hNetrLogonGetDomainInfo(dce, serverName, computerName, authenticator, returnAuthenticator=0, level=1): 

2808 request = NetrLogonGetDomainInfo() 

2809 request['ServerName'] = checkNullString(serverName) 

2810 request['ComputerName'] = checkNullString(computerName) 

2811 request['Authenticator'] = authenticator 

2812 if returnAuthenticator == 0: 2812 ↛ 2816line 2812 didn't jump to line 2816, because the condition on line 2812 was never false

2813 request['ReturnAuthenticator']['Credential'] = b'\x00'*8 

2814 request['ReturnAuthenticator']['Timestamp'] = 0 

2815 else: 

2816 request['ReturnAuthenticator'] = returnAuthenticator 

2817 

2818 request['Level'] = 1 

2819 if level == 1: 2819 ↛ 2829line 2819 didn't jump to line 2829, because the condition on line 2819 was never false

2820 request['WkstaBuffer']['tag'] = 1 

2821 request['WkstaBuffer']['WorkstationInfo']['DnsHostName'] = NULL 

2822 request['WkstaBuffer']['WorkstationInfo']['SiteName'] = NULL 

2823 request['WkstaBuffer']['WorkstationInfo']['OsName'] = '' 

2824 request['WkstaBuffer']['WorkstationInfo']['Dummy1'] = NULL 

2825 request['WkstaBuffer']['WorkstationInfo']['Dummy2'] = NULL 

2826 request['WkstaBuffer']['WorkstationInfo']['Dummy3'] = NULL 

2827 request['WkstaBuffer']['WorkstationInfo']['Dummy4'] = NULL 

2828 else: 

2829 request['WkstaBuffer']['tag'] = 2 

2830 request['WkstaBuffer']['LsaPolicyInfo']['LsaPolicy'] = NULL 

2831 return dce.request(request) 

2832 

2833def hNetrLogonGetCapabilities(dce, serverName, computerName, authenticator, returnAuthenticator=0, queryLevel=1): 

2834 request = NetrLogonGetCapabilities() 

2835 request['ServerName'] = checkNullString(serverName) 

2836 request['ComputerName'] = checkNullString(computerName) 

2837 request['Authenticator'] = authenticator 

2838 if returnAuthenticator == 0: 2838 ↛ 2842line 2838 didn't jump to line 2842, because the condition on line 2838 was never false

2839 request['ReturnAuthenticator']['Credential'] = b'\x00'*8 

2840 request['ReturnAuthenticator']['Timestamp'] = 0 

2841 else: 

2842 request['ReturnAuthenticator'] = returnAuthenticator 

2843 request['QueryLevel'] = queryLevel 

2844 return dce.request(request) 

2845 

2846def hNetrServerGetTrustInfo(dce, trustedDcName, accountName, secureChannelType, computerName, authenticator): 

2847 request = NetrServerGetTrustInfo() 

2848 request['TrustedDcName'] = checkNullString(trustedDcName) 

2849 request['AccountName'] = checkNullString(accountName) 

2850 request['SecureChannelType'] = secureChannelType 

2851 request['ComputerName'] = checkNullString(computerName) 

2852 request['Authenticator'] = authenticator 

2853 return dce.request(request)