Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved. 

2# 

3# This software is provided under under a slightly modified version 

4# of the Apache Software License. See the accompanying LICENSE file 

5# for more information. 

6# 

7# Author: Alberto Solino (@agsolino) 

8# 

9# Description: 

10# [MS-SAMR] Interface implementation 

11# 

12# Best way to learn how to use these calls is to grab the protocol standard 

13# so you understand what the call does, and then read the test case located 

14# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC 

15# 

16# Some calls have helper functions, which makes it even easier to use. 

17# They are located at the end of this file. 

18# Helper functions start with "h"<name of the call>. 

19# There are test cases for them too. 

20# 

21from __future__ import division 

22from __future__ import print_function 

23from binascii import unhexlify 

24 

25from impacket.dcerpc.v5.ndr import NDRCALL, NDR, NDRSTRUCT, NDRUNION, NDRPOINTER, NDRUniConformantArray, \ 

26 NDRUniConformantVaryingArray, NDRENUM 

27from impacket.dcerpc.v5.dtypes import NULL, RPC_UNICODE_STRING, ULONG, USHORT, UCHAR, LARGE_INTEGER, RPC_SID, LONG, STR, \ 

28 LPBYTE, SECURITY_INFORMATION, PRPC_SID, PRPC_UNICODE_STRING, LPWSTR 

29from impacket.dcerpc.v5.rpcrt import DCERPCException 

30from impacket import nt_errors, LOG 

31from impacket.uuid import uuidtup_to_bin 

32from impacket.dcerpc.v5.enum import Enum 

33from impacket.structure import Structure 

34 

35import struct 

36import os 

37from hashlib import md5 

38from Cryptodome.Cipher import ARC4 

39 

40MSRPC_UUID_SAMR = uuidtup_to_bin(('12345778-1234-ABCD-EF00-0123456789AC', '1.0')) 

41 

42class DCERPCSessionError(DCERPCException): 

43 def __init__(self, error_string=None, error_code=None, packet=None): 

44 DCERPCException.__init__(self, error_string, error_code, packet) 

45 

46 def __str__( self ): 

47 key = self.error_code 

48 if key in nt_errors.ERROR_MESSAGES: 48 ↛ 53line 48 didn't jump to line 53, because the condition on line 48 was never false

49 error_msg_short = nt_errors.ERROR_MESSAGES[key][0] 

50 error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1] 

51 return 'SAMR SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose) 

52 else: 

53 return 'SAMR SessionError: unknown error code: 0x%x' % self.error_code 

54 

55################################################################################ 

56# CONSTANTS 

57################################################################################ 

58PSAMPR_SERVER_NAME = LPWSTR 

59# 2.2.1.1 Common ACCESS_MASK Values 

60DELETE = 0x00010000 

61READ_CONTROL = 0x00020000 

62WRITE_DAC = 0x00040000 

63WRITE_OWNER = 0x00080000 

64ACCESS_SYSTEM_SECURITY = 0x01000000 

65MAXIMUM_ALLOWED = 0x02000000 

66 

67# 2.2.1.2 Generic ACCESS_MASK Values 

68GENERIC_READ = 0x80000000 

69GENERIC_WRITE = 0x40000000 

70GENERIC_EXECUTE = 0x20000000 

71GENERIC_ALL = 0x10000000 

72 

73# 2.2.1.3 Server ACCESS_MASK Values 

74SAM_SERVER_CONNECT = 0x00000001 

75SAM_SERVER_SHUTDOWN = 0x00000002 

76SAM_SERVER_INITIALIZE = 0x00000004 

77SAM_SERVER_CREATE_DOMAIN = 0x00000008 

78SAM_SERVER_ENUMERATE_DOMAINS = 0x00000010 

79SAM_SERVER_LOOKUP_DOMAIN = 0x00000020 

80SAM_SERVER_ALL_ACCESS = 0x000F003F 

81SAM_SERVER_READ = 0x00020010 

82SAM_SERVER_WRITE = 0x0002000E 

83SAM_SERVER_EXECUTE = 0x00020021 

84 

85# 2.2.1.4 Domain ACCESS_MASK Values 

86DOMAIN_READ_PASSWORD_PARAMETERS = 0x00000001 

87DOMAIN_WRITE_PASSWORD_PARAMS = 0x00000002 

88DOMAIN_READ_OTHER_PARAMETERS = 0x00000004 

89DOMAIN_WRITE_OTHER_PARAMETERS = 0x00000008 

90DOMAIN_CREATE_USER = 0x00000010 

91DOMAIN_CREATE_GROUP = 0x00000020 

92DOMAIN_CREATE_ALIAS = 0x00000040 

93DOMAIN_GET_ALIAS_MEMBERSHIP = 0x00000080 

94DOMAIN_LIST_ACCOUNTS = 0x00000100 

95DOMAIN_LOOKUP = 0x00000200 

96DOMAIN_ADMINISTER_SERVER = 0x00000400 

97DOMAIN_ALL_ACCESS = 0x000F07FF 

98DOMAIN_READ = 0x00020084 

99DOMAIN_WRITE = 0x0002047A 

100DOMAIN_EXECUTE = 0x00020301 

101 

102# 2.2.1.5 Group ACCESS_MASK Values 

103GROUP_READ_INFORMATION = 0x00000001 

104GROUP_WRITE_ACCOUNT = 0x00000002 

105GROUP_ADD_MEMBER = 0x00000004 

106GROUP_REMOVE_MEMBER = 0x00000008 

107GROUP_LIST_MEMBERS = 0x00000010 

108GROUP_ALL_ACCESS = 0x000F001F 

109GROUP_READ = 0x00020010 

110GROUP_WRITE = 0x0002000E 

111GROUP_EXECUTE = 0x00020001 

112 

113# 2.2.1.6 Alias ACCESS_MASK Values 

114ALIAS_ADD_MEMBER = 0x00000001 

115ALIAS_REMOVE_MEMBER = 0x00000002 

116ALIAS_LIST_MEMBERS = 0x00000004 

117ALIAS_READ_INFORMATION = 0x00000008 

118ALIAS_WRITE_ACCOUNT = 0x00000010 

119ALIAS_ALL_ACCESS = 0x000F001F 

120ALIAS_READ = 0x00020004 

121ALIAS_WRITE = 0x00020013 

122ALIAS_EXECUTE = 0x00020008 

123 

124# 2.2.1.7 User ACCESS_MASK Values 

125USER_READ_GENERAL = 0x00000001 

126USER_READ_PREFERENCES = 0x00000002 

127USER_WRITE_PREFERENCES = 0x00000004 

128USER_READ_LOGON = 0x00000008 

129USER_READ_ACCOUNT = 0x00000010 

130USER_WRITE_ACCOUNT = 0x00000020 

131USER_CHANGE_PASSWORD = 0x00000040 

132USER_FORCE_PASSWORD_CHANGE = 0x00000080 

133USER_LIST_GROUPS = 0x00000100 

134USER_READ_GROUP_INFORMATION = 0x00000200 

135USER_WRITE_GROUP_INFORMATION = 0x00000400 

136USER_ALL_ACCESS = 0x000F07FF 

137USER_READ = 0x0002031A 

138USER_WRITE = 0x00020044 

139USER_EXECUTE = 0x00020041 

140 

141# 2.2.1.8 USER_ALL Values 

142USER_ALL_USERNAME = 0x00000001 

143USER_ALL_FULLNAME = 0x00000002 

144USER_ALL_USERID = 0x00000004 

145USER_ALL_PRIMARYGROUPID = 0x00000008 

146USER_ALL_ADMINCOMMENT = 0x00000010 

147USER_ALL_USERCOMMENT = 0x00000020 

148USER_ALL_HOMEDIRECTORY = 0x00000040 

149USER_ALL_HOMEDIRECTORYDRIVE = 0x00000080 

150USER_ALL_SCRIPTPATH = 0x00000100 

151USER_ALL_PROFILEPATH = 0x00000200 

152USER_ALL_WORKSTATIONS = 0x00000400 

153USER_ALL_LASTLOGON = 0x00000800 

154USER_ALL_LASTLOGOFF = 0x00001000 

155USER_ALL_LOGONHOURS = 0x00002000 

156USER_ALL_BADPASSWORDCOUNT = 0x00004000 

157USER_ALL_LOGONCOUNT = 0x00008000 

158USER_ALL_PASSWORDCANCHANGE = 0x00010000 

159USER_ALL_PASSWORDMUSTCHANGE = 0x00020000 

160USER_ALL_PASSWORDLASTSET = 0x00040000 

161USER_ALL_ACCOUNTEXPIRES = 0x00080000 

162USER_ALL_USERACCOUNTCONTROL = 0x00100000 

163USER_ALL_PARAMETERS = 0x00200000 

164USER_ALL_COUNTRYCODE = 0x00400000 

165USER_ALL_CODEPAGE = 0x00800000 

166USER_ALL_NTPASSWORDPRESENT = 0x01000000 

167USER_ALL_LMPASSWORDPRESENT = 0x02000000 

168USER_ALL_PRIVATEDATA = 0x04000000 

169USER_ALL_PASSWORDEXPIRED = 0x08000000 

170USER_ALL_SECURITYDESCRIPTOR = 0x10000000 

171USER_ALL_UNDEFINED_MASK = 0xC0000000 

172 

173# 2.2.1.9 ACCOUNT_TYPE Values 

174SAM_DOMAIN_OBJECT = 0x00000000 

175SAM_GROUP_OBJECT = 0x10000000 

176SAM_NON_SECURITY_GROUP_OBJECT = 0x10000001 

177SAM_ALIAS_OBJECT = 0x20000000 

178SAM_NON_SECURITY_ALIAS_OBJECT = 0x20000001 

179SAM_USER_OBJECT = 0x30000000 

180SAM_MACHINE_ACCOUNT = 0x30000001 

181SAM_TRUST_ACCOUNT = 0x30000002 

182SAM_APP_BASIC_GROUP = 0x40000000 

183SAM_APP_QUERY_GROUP = 0x40000001 

184 

185# 2.2.1.10 SE_GROUP Attributes 

186SE_GROUP_MANDATORY = 0x00000001 

187SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002 

188SE_GROUP_ENABLED = 0x00000004 

189 

190# 2.2.1.11 GROUP_TYPE Codes 

191GROUP_TYPE_ACCOUNT_GROUP = 0x00000002 

192GROUP_TYPE_RESOURCE_GROUP = 0x00000004 

193GROUP_TYPE_UNIVERSAL_GROUP = 0x00000008 

194GROUP_TYPE_SECURITY_ENABLED = 0x80000000 

195GROUP_TYPE_SECURITY_ACCOUNT = 0x80000002 

196GROUP_TYPE_SECURITY_RESOURCE = 0x80000004 

197GROUP_TYPE_SECURITY_UNIVERSAL = 0x80000008 

198 

199# 2.2.1.12 USER_ACCOUNT Codes 

200USER_ACCOUNT_DISABLED = 0x00000001 

201USER_HOME_DIRECTORY_REQUIRED = 0x00000002 

202USER_PASSWORD_NOT_REQUIRED = 0x00000004 

203USER_TEMP_DUPLICATE_ACCOUNT = 0x00000008 

204USER_NORMAL_ACCOUNT = 0x00000010 

205USER_MNS_LOGON_ACCOUNT = 0x00000020 

206USER_INTERDOMAIN_TRUST_ACCOUNT = 0x00000040 

207USER_WORKSTATION_TRUST_ACCOUNT = 0x00000080 

208USER_SERVER_TRUST_ACCOUNT = 0x00000100 

209USER_DONT_EXPIRE_PASSWORD = 0x00000200 

210USER_ACCOUNT_AUTO_LOCKED = 0x00000400 

211USER_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0x00000800 

212USER_SMARTCARD_REQUIRED = 0x00001000 

213USER_TRUSTED_FOR_DELEGATION = 0x00002000 

214USER_NOT_DELEGATED = 0x00004000 

215USER_USE_DES_KEY_ONLY = 0x00008000 

216USER_DONT_REQUIRE_PREAUTH = 0x00010000 

217USER_PASSWORD_EXPIRED = 0x00020000 

218USER_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x00040000 

219USER_NO_AUTH_DATA_REQUIRED = 0x00080000 

220USER_PARTIAL_SECRETS_ACCOUNT = 0x00100000 

221USER_USE_AES_KEYS = 0x00200000 

222 

223# 2.2.1.13 UF_FLAG Codes 

224UF_SCRIPT = 0x00000001 

225UF_ACCOUNTDISABLE = 0x00000002 

226UF_HOMEDIR_REQUIRED = 0x00000008 

227UF_LOCKOUT = 0x00000010 

228UF_PASSWD_NOTREQD = 0x00000020 

229UF_PASSWD_CANT_CHANGE = 0x00000040 

230UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0x00000080 

231UF_TEMP_DUPLICATE_ACCOUNT = 0x00000100 

232UF_NORMAL_ACCOUNT = 0x00000200 

233UF_INTERDOMAIN_TRUST_ACCOUNT = 0x00000800 

234UF_WORKSTATION_TRUST_ACCOUNT = 0x00001000 

235UF_SERVER_TRUST_ACCOUNT = 0x00002000 

236UF_DONT_EXPIRE_PASSWD = 0x00010000 

237UF_MNS_LOGON_ACCOUNT = 0x00020000 

238UF_SMARTCARD_REQUIRED = 0x00040000 

239UF_TRUSTED_FOR_DELEGATION = 0x00080000 

240UF_NOT_DELEGATED = 0x00100000 

241UF_USE_DES_KEY_ONLY = 0x00200000 

242UF_DONT_REQUIRE_PREAUTH = 0x00400000 

243UF_PASSWORD_EXPIRED = 0x00800000 

244UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x01000000 

245UF_NO_AUTH_DATA_REQUIRED = 0x02000000 

246UF_PARTIAL_SECRETS_ACCOUNT = 0x04000000 

247UF_USE_AES_KEYS = 0x08000000 

248 

249# 2.2.1.14 Predefined RIDs 

250DOMAIN_USER_RID_ADMIN = 0x000001F4 

251DOMAIN_USER_RID_GUEST = 0x000001F5 

252DOMAIN_USER_RID_KRBTGT = 0x000001F6 

253DOMAIN_GROUP_RID_ADMINS = 0x00000200 

254DOMAIN_GROUP_RID_USERS = 0x00000201 

255DOMAIN_GROUP_RID_COMPUTERS = 0x00000203 

256DOMAIN_GROUP_RID_CONTROLLERS = 0x00000204 

257DOMAIN_ALIAS_RID_ADMINS = 0x00000220 

258DOMAIN_GROUP_RID_READONLY_CONTROLLERS = 0x00000209 

259 

260# 2.2.4.1 Domain Fields 

261DOMAIN_PASSWORD_COMPLEX = 0x00000001 

262DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002 

263DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004 

264DOMAIN_LOCKOUT_ADMINS = 0x00000008 

265DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010 

266DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020 

267 

268# 2.2.9.2 SAM_VALIDATE_PERSISTED_FIELDS PresentFields 

269SAM_VALIDATE_PASSWORD_LAST_SET = 0x00000001 

270SAM_VALIDATE_BAD_PASSWORD_TIME = 0x00000002 

271SAM_VALIDATE_LOCKOUT_TIME = 0x00000004 

272SAM_VALIDATE_BAD_PASSWORD_COUNT = 0x00000008 

273SAM_VALIDATE_PASSWORD_HISTORY_LENGTH = 0x00000010 

274SAM_VALIDATE_PASSWORD_HISTORY = 0x00000020 

275 

276################################################################################ 

277# STRUCTURES 

278################################################################################ 

279class RPC_UNICODE_STRING_ARRAY(NDRUniConformantVaryingArray): 

280 item = RPC_UNICODE_STRING 

281 

282class RPC_UNICODE_STRING_ARRAY_C(NDRUniConformantArray): 

283 item = RPC_UNICODE_STRING 

284 

285class PRPC_UNICODE_STRING_ARRAY(NDRPOINTER): 

286 referent = ( 

287 ('Data',RPC_UNICODE_STRING_ARRAY_C), 

288 ) 

289 

290# 2.2.2.1 RPC_STRING, PRPC_STRING 

291class RPC_STRING(NDRSTRUCT): 

292 commonHdr = ( 

293 ('MaximumLength','<H=len(Data)-12'), 

294 ('Length','<H=len(Data)-12'), 

295 ('ReferentID','<L=0xff'), 

296 ) 

297 commonHdr64 = ( 

298 ('MaximumLength','<H=len(Data)-24'), 

299 ('Length','<H=len(Data)-24'), 

300 ('ReferentID','<Q=0xff'), 

301 ) 

302 

303 referent = ( 

304 ('Data',STR), 

305 ) 

306 

307 def dump(self, msg = None, indent = 0): 

308 if msg is None: 308 ↛ 309line 308 didn't jump to line 309, because the condition on line 308 was never true

309 msg = self.__class__.__name__ 

310 if msg != '': 310 ↛ 313line 310 didn't jump to line 313, because the condition on line 310 was never false

311 print("%s" % msg, end=' ') 

312 # Here just print the data 

313 print(" %r" % (self['Data']), end=' ') 

314 

315class PRPC_STRING(NDRPOINTER): 

316 referent = ( 

317 ('Data', RPC_STRING), 

318 ) 

319 

320# 2.2.2.2 OLD_LARGE_INTEGER 

321class OLD_LARGE_INTEGER(NDRSTRUCT): 

322 structure = ( 

323 ('LowPart',ULONG), 

324 ('HighPart',LONG), 

325 ) 

326 

327# 2.2.2.3 SID_NAME_USE 

328class SID_NAME_USE(NDRENUM): 

329 class enumItems(Enum): 

330 SidTypeUser = 1 

331 SidTypeGroup = 2 

332 SidTypeDomain = 3 

333 SidTypeAlias = 4 

334 SidTypeWellKnownGroup = 5 

335 SidTypeDeletedAccount = 6 

336 SidTypeInvalid = 7 

337 SidTypeUnknown = 8 

338 SidTypeComputer = 9 

339 SidTypeLabel = 10 

340 

341# 2.2.2.4 RPC_SHORT_BLOB 

342class USHORT_ARRAY(NDRUniConformantVaryingArray): 

343 item = '<H' 

344 pass 

345 

346class PUSHORT_ARRAY(NDRPOINTER): 

347 referent = ( 

348 ('Data', USHORT_ARRAY), 

349 ) 

350 

351class RPC_SHORT_BLOB(NDRSTRUCT): 

352 structure = ( 

353 ('Length', USHORT), 

354 ('MaximumLength', USHORT), 

355 ('Buffer',PUSHORT_ARRAY), 

356 ) 

357 

358# 2.2.3.2 SAMPR_HANDLE 

359class SAMPR_HANDLE(NDRSTRUCT): 

360 structure = ( 

361 ('Data','20s=b""'), 

362 ) 

363 def getAlignment(self): 

364 if self._isNDR64 is True: 

365 return 8 

366 else: 

367 return 4 

368 

369# 2.2.3.3 ENCRYPTED_LM_OWF_PASSWORD, ENCRYPTED_NT_OWF_PASSWORD 

370class ENCRYPTED_LM_OWF_PASSWORD(NDRSTRUCT): 

371 structure = ( 

372 ('Data', '16s=b""'), 

373 ) 

374 def getAlignment(self): 

375 return 1 

376 

377ENCRYPTED_NT_OWF_PASSWORD = ENCRYPTED_LM_OWF_PASSWORD 

378 

379class PENCRYPTED_LM_OWF_PASSWORD(NDRPOINTER): 

380 referent = ( 

381 ('Data', ENCRYPTED_LM_OWF_PASSWORD), 

382 ) 

383 

384PENCRYPTED_NT_OWF_PASSWORD = PENCRYPTED_LM_OWF_PASSWORD 

385 

386# 2.2.3.4 SAMPR_ULONG_ARRAY 

387#class SAMPR_ULONG_ARRAY(NDRUniConformantVaryingArray): 

388# item = '<L' 

389class ULONG_ARRAY(NDRUniConformantArray): 

390 item = ULONG 

391 

392class PULONG_ARRAY(NDRPOINTER): 

393 referent = ( 

394 ('Data', ULONG_ARRAY), 

395 ) 

396 

397class ULONG_ARRAY_CV(NDRUniConformantVaryingArray): 

398 item = ULONG 

399 

400class SAMPR_ULONG_ARRAY(NDRSTRUCT): 

401 structure = ( 

402 ('Count', ULONG), 

403 ('Element', PULONG_ARRAY), 

404 ) 

405 

406# 2.2.3.5 SAMPR_SID_INFORMATION 

407class SAMPR_SID_INFORMATION(NDRSTRUCT): 

408 structure = ( 

409 ('SidPointer', RPC_SID), 

410 ) 

411 

412class PSAMPR_SID_INFORMATION(NDRPOINTER): 

413 referent = ( 

414 ('Data', SAMPR_SID_INFORMATION), 

415 ) 

416 

417class SAMPR_SID_INFORMATION_ARRAY(NDRUniConformantArray): 

418 item = PSAMPR_SID_INFORMATION 

419 

420class PSAMPR_SID_INFORMATION_ARRAY(NDRPOINTER): 

421 referent = ( 

422 ('Data', SAMPR_SID_INFORMATION_ARRAY), 

423 ) 

424 

425# 2.2.3.6 SAMPR_PSID_ARRAY 

426class SAMPR_PSID_ARRAY(NDRSTRUCT): 

427 structure = ( 

428 ('Count', ULONG), 

429 ('Sids', PSAMPR_SID_INFORMATION_ARRAY), 

430 ) 

431 

432# 2.2.3.7 SAMPR_PSID_ARRAY_OUT 

433class SAMPR_PSID_ARRAY_OUT(NDRSTRUCT): 

434 structure = ( 

435 ('Count', ULONG), 

436 ('Sids', PSAMPR_SID_INFORMATION_ARRAY), 

437 ) 

438 

439# 2.2.3.8 SAMPR_RETURNED_USTRING_ARRAY 

440class SAMPR_RETURNED_USTRING_ARRAY(NDRSTRUCT): 

441 structure = ( 

442 ('Count', ULONG), 

443 ('Element', PRPC_UNICODE_STRING_ARRAY), 

444 ) 

445 

446# 2.2.3.9 SAMPR_RID_ENUMERATION 

447class SAMPR_RID_ENUMERATION(NDRSTRUCT): 

448 structure = ( 

449 ('RelativeId',ULONG), 

450 ('Name',RPC_UNICODE_STRING), 

451 ) 

452 

453class SAMPR_RID_ENUMERATION_ARRAY(NDRUniConformantArray): 

454 item = SAMPR_RID_ENUMERATION 

455 

456class PSAMPR_RID_ENUMERATION_ARRAY(NDRPOINTER): 

457 referent = ( 

458 ('Data', SAMPR_RID_ENUMERATION_ARRAY), 

459 ) 

460 

461# 2.2.3.10 SAMPR_ENUMERATION_BUFFER 

462class SAMPR_ENUMERATION_BUFFER(NDRSTRUCT): 

463 structure = ( 

464 ('EntriesRead',ULONG ), 

465 ('Buffer',PSAMPR_RID_ENUMERATION_ARRAY ), 

466 ) 

467 

468class PSAMPR_ENUMERATION_BUFFER(NDRPOINTER): 

469 referent = ( 

470 ('Data',SAMPR_ENUMERATION_BUFFER), 

471 ) 

472 

473# 2.2.3.11 SAMPR_SR_SECURITY_DESCRIPTOR 

474class CHAR_ARRAY(NDRUniConformantArray): 

475 pass 

476 

477class PCHAR_ARRAY(NDRPOINTER): 

478 referent = ( 

479 ('Data', CHAR_ARRAY), 

480 ) 

481 

482class SAMPR_SR_SECURITY_DESCRIPTOR(NDRSTRUCT): 

483 structure = ( 

484 ('Length', ULONG), 

485 ('SecurityDescriptor', PCHAR_ARRAY), 

486 ) 

487 

488class PSAMPR_SR_SECURITY_DESCRIPTOR(NDRPOINTER): 

489 referent = ( 

490 ('Data', SAMPR_SR_SECURITY_DESCRIPTOR), 

491 ) 

492 

493# 2.2.3.12 GROUP_MEMBERSHIP 

494class GROUP_MEMBERSHIP(NDRSTRUCT): 

495 structure = ( 

496 ('RelativeId',ULONG), 

497 ('Attributes',ULONG), 

498 ) 

499 

500class GROUP_MEMBERSHIP_ARRAY(NDRUniConformantArray): 

501 item = GROUP_MEMBERSHIP 

502 

503class PGROUP_MEMBERSHIP_ARRAY(NDRPOINTER): 

504 referent = ( 

505 ('Data',GROUP_MEMBERSHIP_ARRAY), 

506 ) 

507 

508# 2.2.3.13 SAMPR_GET_GROUPS_BUFFER 

509class SAMPR_GET_GROUPS_BUFFER(NDRSTRUCT): 

510 structure = ( 

511 ('MembershipCount',ULONG), 

512 ('Groups',PGROUP_MEMBERSHIP_ARRAY), 

513 ) 

514 

515class PSAMPR_GET_GROUPS_BUFFER(NDRPOINTER): 

516 referent = ( 

517 ('Data',SAMPR_GET_GROUPS_BUFFER), 

518 ) 

519 

520# 2.2.3.14 SAMPR_GET_MEMBERS_BUFFER 

521class SAMPR_GET_MEMBERS_BUFFER(NDRSTRUCT): 

522 structure = ( 

523 ('MemberCount', ULONG), 

524 ('Members', PULONG_ARRAY), 

525 ('Attributes', PULONG_ARRAY), 

526 ) 

527 

528class PSAMPR_GET_MEMBERS_BUFFER(NDRPOINTER): 

529 referent = ( 

530 ('Data', SAMPR_GET_MEMBERS_BUFFER), 

531 ) 

532 

533# 2.2.3.15 SAMPR_REVISION_INFO_V1 

534class SAMPR_REVISION_INFO_V1(NDRSTRUCT): 

535 structure = ( 

536 ('Revision',ULONG), 

537 ('SupportedFeatures',ULONG), 

538 ) 

539 

540# 2.2.3.16 SAMPR_REVISION_INFO 

541class SAMPR_REVISION_INFO(NDRUNION): 

542 commonHdr = ( 

543 ('tag', ULONG), 

544 ) 

545 

546 union = { 

547 1: ('V1', SAMPR_REVISION_INFO_V1), 

548 } 

549 

550# 2.2.3.17 USER_DOMAIN_PASSWORD_INFORMATION 

551class USER_DOMAIN_PASSWORD_INFORMATION(NDRSTRUCT): 

552 structure = ( 

553 ('MinPasswordLength', USHORT), 

554 ('PasswordProperties', ULONG), 

555 ) 

556 

557# 2.2.4.2 DOMAIN_SERVER_ENABLE_STATE 

558class DOMAIN_SERVER_ENABLE_STATE(NDRENUM): 

559 class enumItems(Enum): 

560 DomainServerEnabled = 1 

561 DomainServerDisabled = 2 

562 

563# 2.2.4.3 DOMAIN_STATE_INFORMATION 

564class DOMAIN_STATE_INFORMATION(NDRSTRUCT): 

565 structure = ( 

566 ('DomainServerState', DOMAIN_SERVER_ENABLE_STATE), 

567 ) 

568 

569# 2.2.4.4 DOMAIN_SERVER_ROLE 

570class DOMAIN_SERVER_ROLE(NDRENUM): 

571 class enumItems(Enum): 

572 DomainServerRoleBackup = 2 

573 DomainServerRolePrimary = 3 

574 

575# 2.2.4.5 DOMAIN_PASSWORD_INFORMATION 

576class DOMAIN_PASSWORD_INFORMATION(NDRSTRUCT): 

577 structure = ( 

578 ('MinPasswordLength', USHORT), 

579 ('PasswordHistoryLength', USHORT), 

580 ('PasswordProperties', ULONG), 

581 ('MaxPasswordAge', OLD_LARGE_INTEGER), 

582 ('MinPasswordAge', OLD_LARGE_INTEGER), 

583 ) 

584 

585# 2.2.4.6 DOMAIN_LOGOFF_INFORMATION 

586class DOMAIN_LOGOFF_INFORMATION(NDRSTRUCT): 

587 structure = ( 

588 ('ForceLogoff', OLD_LARGE_INTEGER), 

589 ) 

590 

591# 2.2.4.7 DOMAIN_SERVER_ROLE_INFORMATION 

592class DOMAIN_SERVER_ROLE_INFORMATION(NDRSTRUCT): 

593 structure = ( 

594 ('DomainServerRole', DOMAIN_SERVER_ROLE), 

595 ) 

596 

597# 2.2.4.8 DOMAIN_MODIFIED_INFORMATION 

598class DOMAIN_MODIFIED_INFORMATION(NDRSTRUCT): 

599 structure = ( 

600 ('DomainModifiedCount', OLD_LARGE_INTEGER), 

601 ('CreationTime', OLD_LARGE_INTEGER), 

602 ) 

603 

604# 2.2.4.9 DOMAIN_MODIFIED_INFORMATION2 

605class DOMAIN_MODIFIED_INFORMATION2(NDRSTRUCT): 

606 structure = ( 

607 ('DomainModifiedCount', OLD_LARGE_INTEGER), 

608 ('CreationTime', OLD_LARGE_INTEGER), 

609 ('ModifiedCountAtLastPromotion', OLD_LARGE_INTEGER), 

610 ) 

611 

612# 2.2.4.10 SAMPR_DOMAIN_GENERAL_INFORMATION 

613class SAMPR_DOMAIN_GENERAL_INFORMATION(NDRSTRUCT): 

614 structure = ( 

615 ('ForceLogoff', OLD_LARGE_INTEGER), 

616 ('OemInformation', RPC_UNICODE_STRING), 

617 ('DomainName', RPC_UNICODE_STRING), 

618 ('ReplicaSourceNodeName', RPC_UNICODE_STRING), 

619 ('DomainModifiedCount', OLD_LARGE_INTEGER), 

620 ('DomainServerState', ULONG), 

621 ('DomainServerRole', ULONG), 

622 ('UasCompatibilityRequired', UCHAR), 

623 ('UserCount', ULONG), 

624 ('GroupCount', ULONG), 

625 ('AliasCount', ULONG), 

626 ) 

627 

628# 2.2.4.11 SAMPR_DOMAIN_GENERAL_INFORMATION2 

629class SAMPR_DOMAIN_GENERAL_INFORMATION2(NDRSTRUCT): 

630 structure = ( 

631 ('I1', SAMPR_DOMAIN_GENERAL_INFORMATION), 

632 ('LockoutDuration', LARGE_INTEGER), 

633 ('LockoutObservationWindow', LARGE_INTEGER), 

634 ('LockoutThreshold', USHORT), 

635 ) 

636 

637# 2.2.4.12 SAMPR_DOMAIN_OEM_INFORMATION 

638class SAMPR_DOMAIN_OEM_INFORMATION(NDRSTRUCT): 

639 structure = ( 

640 ('OemInformation', RPC_UNICODE_STRING), 

641 ) 

642 

643# 2.2.4.13 SAMPR_DOMAIN_NAME_INFORMATION 

644class SAMPR_DOMAIN_NAME_INFORMATION(NDRSTRUCT): 

645 structure = ( 

646 ('DomainName', RPC_UNICODE_STRING), 

647 ) 

648 

649# 2.2.4.14 SAMPR_DOMAIN_REPLICATION_INFORMATION 

650class SAMPR_DOMAIN_REPLICATION_INFORMATION(NDRSTRUCT): 

651 structure = ( 

652 ('ReplicaSourceNodeName', RPC_UNICODE_STRING), 

653 ) 

654 

655# 2.2.4.15 SAMPR_DOMAIN_LOCKOUT_INFORMATION 

656class SAMPR_DOMAIN_LOCKOUT_INFORMATION(NDRSTRUCT): 

657 structure = ( 

658 ('LockoutDuration', LARGE_INTEGER), 

659 ('LockoutObservationWindow', LARGE_INTEGER), 

660 ('LockoutThreshold', USHORT), 

661 ) 

662 

663# 2.2.4.16 DOMAIN_INFORMATION_CLASS 

664class DOMAIN_INFORMATION_CLASS(NDRENUM): 

665 class enumItems(Enum): 

666 DomainPasswordInformation = 1 

667 DomainGeneralInformation = 2 

668 DomainLogoffInformation = 3 

669 DomainOemInformation = 4 

670 DomainNameInformation = 5 

671 DomainReplicationInformation = 6 

672 DomainServerRoleInformation = 7 

673 DomainModifiedInformation = 8 

674 DomainStateInformation = 9 

675 DomainGeneralInformation2 = 11 

676 DomainLockoutInformation = 12 

677 DomainModifiedInformation2 = 13 

678 

679# 2.2.4.17 SAMPR_DOMAIN_INFO_BUFFER 

680class SAMPR_DOMAIN_INFO_BUFFER(NDRUNION): 

681 union = { 

682 DOMAIN_INFORMATION_CLASS.DomainPasswordInformation : ('Password', DOMAIN_PASSWORD_INFORMATION), 

683 DOMAIN_INFORMATION_CLASS.DomainGeneralInformation : ('General', SAMPR_DOMAIN_GENERAL_INFORMATION), 

684 DOMAIN_INFORMATION_CLASS.DomainLogoffInformation : ('Logoff', DOMAIN_LOGOFF_INFORMATION), 

685 DOMAIN_INFORMATION_CLASS.DomainOemInformation : ('Oem', SAMPR_DOMAIN_OEM_INFORMATION), 

686 DOMAIN_INFORMATION_CLASS.DomainNameInformation : ('Name', SAMPR_DOMAIN_NAME_INFORMATION), 

687 DOMAIN_INFORMATION_CLASS.DomainServerRoleInformation : ('Role', DOMAIN_SERVER_ROLE_INFORMATION), 

688 DOMAIN_INFORMATION_CLASS.DomainReplicationInformation : ('Replication', SAMPR_DOMAIN_REPLICATION_INFORMATION), 

689 DOMAIN_INFORMATION_CLASS.DomainModifiedInformation : ('Modified', DOMAIN_MODIFIED_INFORMATION), 

690 DOMAIN_INFORMATION_CLASS.DomainStateInformation : ('State', DOMAIN_STATE_INFORMATION), 

691 DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2 : ('General2', SAMPR_DOMAIN_GENERAL_INFORMATION2), 

692 DOMAIN_INFORMATION_CLASS.DomainLockoutInformation : ('Lockout', SAMPR_DOMAIN_LOCKOUT_INFORMATION), 

693 DOMAIN_INFORMATION_CLASS.DomainModifiedInformation2 : ('Modified2', DOMAIN_MODIFIED_INFORMATION2), 

694 } 

695 

696class PSAMPR_DOMAIN_INFO_BUFFER(NDRPOINTER): 

697 referent = ( 

698 ('Data', SAMPR_DOMAIN_INFO_BUFFER), 

699 ) 

700 

701# 2.2.5.2 GROUP_ATTRIBUTE_INFORMATION 

702class GROUP_ATTRIBUTE_INFORMATION(NDRSTRUCT): 

703 structure = ( 

704 ('Attributes', ULONG), 

705 ) 

706 

707# 2.2.5.3 SAMPR_GROUP_GENERAL_INFORMATION 

708class SAMPR_GROUP_GENERAL_INFORMATION(NDRSTRUCT): 

709 structure = ( 

710 ('Name', RPC_UNICODE_STRING), 

711 ('Attributes', ULONG), 

712 ('MemberCount', ULONG), 

713 ('AdminComment', RPC_UNICODE_STRING), 

714 ) 

715 

716# 2.2.5.4 SAMPR_GROUP_NAME_INFORMATION 

717class SAMPR_GROUP_NAME_INFORMATION(NDRSTRUCT): 

718 structure = ( 

719 ('Name', RPC_UNICODE_STRING), 

720 ) 

721 

722# 2.2.5.5 SAMPR_GROUP_ADM_COMMENT_INFORMATION 

723class SAMPR_GROUP_ADM_COMMENT_INFORMATION(NDRSTRUCT): 

724 structure = ( 

725 ('AdminComment', RPC_UNICODE_STRING), 

726 ) 

727 

728# 2.2.5.6 GROUP_INFORMATION_CLASS 

729class GROUP_INFORMATION_CLASS(NDRENUM): 

730 class enumItems(Enum): 

731 GroupGeneralInformation = 1 

732 GroupNameInformation = 2 

733 GroupAttributeInformation = 3 

734 GroupAdminCommentInformation = 4 

735 GroupReplicationInformation = 5 

736 

737# 2.2.5.7 SAMPR_GROUP_INFO_BUFFER 

738class SAMPR_GROUP_INFO_BUFFER(NDRUNION): 

739 union = { 

740 GROUP_INFORMATION_CLASS.GroupGeneralInformation : ('General', SAMPR_GROUP_GENERAL_INFORMATION), 

741 GROUP_INFORMATION_CLASS.GroupNameInformation : ('Name', SAMPR_GROUP_NAME_INFORMATION), 

742 GROUP_INFORMATION_CLASS.GroupAttributeInformation : ('Attribute', GROUP_ATTRIBUTE_INFORMATION), 

743 GROUP_INFORMATION_CLASS.GroupAdminCommentInformation : ('AdminComment', SAMPR_GROUP_ADM_COMMENT_INFORMATION), 

744 GROUP_INFORMATION_CLASS.GroupReplicationInformation : ('DoNotUse', SAMPR_GROUP_GENERAL_INFORMATION), 

745 } 

746 

747class PSAMPR_GROUP_INFO_BUFFER(NDRPOINTER): 

748 referent = ( 

749 ('Data', SAMPR_GROUP_INFO_BUFFER), 

750 ) 

751 

752# 2.2.6.2 SAMPR_ALIAS_GENERAL_INFORMATION 

753class SAMPR_ALIAS_GENERAL_INFORMATION(NDRSTRUCT): 

754 structure = ( 

755 ('Name', RPC_UNICODE_STRING), 

756 ('MemberCount', ULONG), 

757 ('AdminComment', RPC_UNICODE_STRING), 

758 ) 

759 

760# 2.2.6.3 SAMPR_ALIAS_NAME_INFORMATION 

761class SAMPR_ALIAS_NAME_INFORMATION(NDRSTRUCT): 

762 structure = ( 

763 ('Name', RPC_UNICODE_STRING), 

764 ) 

765 

766# 2.2.6.4 SAMPR_ALIAS_ADM_COMMENT_INFORMATION 

767class SAMPR_ALIAS_ADM_COMMENT_INFORMATION(NDRSTRUCT): 

768 structure = ( 

769 ('AdminComment', RPC_UNICODE_STRING), 

770 ) 

771 

772# 2.2.6.5 ALIAS_INFORMATION_CLASS 

773class ALIAS_INFORMATION_CLASS(NDRENUM): 

774 class enumItems(Enum): 

775 AliasGeneralInformation = 1 

776 AliasNameInformation = 2 

777 AliasAdminCommentInformation = 3 

778 

779# 2.2.6.6 SAMPR_ALIAS_INFO_BUFFER 

780class SAMPR_ALIAS_INFO_BUFFER(NDRUNION): 

781 union = { 

782 ALIAS_INFORMATION_CLASS.AliasGeneralInformation : ('General', SAMPR_ALIAS_GENERAL_INFORMATION), 

783 ALIAS_INFORMATION_CLASS.AliasNameInformation : ('Name', SAMPR_ALIAS_NAME_INFORMATION), 

784 ALIAS_INFORMATION_CLASS.AliasAdminCommentInformation : ('AdminComment', SAMPR_ALIAS_ADM_COMMENT_INFORMATION), 

785 } 

786 

787class PSAMPR_ALIAS_INFO_BUFFER(NDRPOINTER): 

788 referent = ( 

789 ('Data', SAMPR_ALIAS_INFO_BUFFER), 

790 ) 

791 

792# 2.2.7.2 USER_PRIMARY_GROUP_INFORMATION 

793class USER_PRIMARY_GROUP_INFORMATION(NDRSTRUCT): 

794 structure = ( 

795 ('PrimaryGroupId', ULONG), 

796 ) 

797 

798# 2.2.7.3 USER_CONTROL_INFORMATION 

799class USER_CONTROL_INFORMATION(NDRSTRUCT): 

800 structure = ( 

801 ('UserAccountControl', ULONG), 

802 ) 

803 

804# 2.2.7.4 USER_EXPIRES_INFORMATION 

805class USER_EXPIRES_INFORMATION(NDRSTRUCT): 

806 structure = ( 

807 ('AccountExpires', OLD_LARGE_INTEGER), 

808 ) 

809 

810# 2.2.7.5 SAMPR_LOGON_HOURS 

811class LOGON_HOURS_ARRAY(NDRUniConformantVaryingArray): 

812 pass 

813 

814class PLOGON_HOURS_ARRAY(NDRPOINTER): 

815 referent = ( 

816 ('Data', LOGON_HOURS_ARRAY), 

817 ) 

818 

819class SAMPR_LOGON_HOURS(NDRSTRUCT): 

820 structure = ( 

821 #('UnitsPerWeek', NDRSHORT), 

822 ('UnitsPerWeek', ULONG), 

823 ('LogonHours', PLOGON_HOURS_ARRAY), 

824 ) 

825 

826 def getData(self, soFar = 0): 

827 if self['LogonHours'] != 0: 

828 self['UnitsPerWeek'] = len(self['LogonHours']) * 8 

829 return NDR.getData(self, soFar) 

830 

831# 2.2.7.6 SAMPR_USER_ALL_INFORMATION 

832class SAMPR_USER_ALL_INFORMATION(NDRSTRUCT): 

833 structure = ( 

834 ('LastLogon', OLD_LARGE_INTEGER), 

835 ('LastLogoff', OLD_LARGE_INTEGER), 

836 ('PasswordLastSet', OLD_LARGE_INTEGER), 

837 ('AccountExpires', OLD_LARGE_INTEGER), 

838 ('PasswordCanChange', OLD_LARGE_INTEGER), 

839 ('PasswordMustChange', OLD_LARGE_INTEGER), 

840 ('UserName', RPC_UNICODE_STRING), 

841 ('FullName', RPC_UNICODE_STRING), 

842 ('HomeDirectory', RPC_UNICODE_STRING), 

843 ('HomeDirectoryDrive', RPC_UNICODE_STRING), 

844 ('ScriptPath', RPC_UNICODE_STRING), 

845 ('ProfilePath', RPC_UNICODE_STRING), 

846 ('AdminComment', RPC_UNICODE_STRING), 

847 ('WorkStations', RPC_UNICODE_STRING), 

848 ('UserComment', RPC_UNICODE_STRING), 

849 ('Parameters', RPC_UNICODE_STRING), 

850 

851 ('LmOwfPassword', RPC_SHORT_BLOB), 

852 ('NtOwfPassword', RPC_SHORT_BLOB), 

853 ('PrivateData', RPC_UNICODE_STRING), 

854 

855 ('SecurityDescriptor', SAMPR_SR_SECURITY_DESCRIPTOR), 

856 

857 ('UserId', ULONG), 

858 ('PrimaryGroupId', ULONG), 

859 ('UserAccountControl', ULONG), 

860 ('WhichFields', ULONG), 

861 ('LogonHours', SAMPR_LOGON_HOURS), 

862 ('BadPasswordCount', USHORT), 

863 ('LogonCount', USHORT), 

864 ('CountryCode', USHORT), 

865 ('CodePage', USHORT), 

866 ('LmPasswordPresent', UCHAR), 

867 ('NtPasswordPresent', UCHAR), 

868 ('PasswordExpired', UCHAR), 

869 ('PrivateDataSensitive', UCHAR), 

870 ) 

871 

872# 2.2.7.7 SAMPR_USER_GENERAL_INFORMATION 

873class SAMPR_USER_GENERAL_INFORMATION(NDRSTRUCT): 

874 structure = ( 

875 ('UserName', RPC_UNICODE_STRING), 

876 ('FullName', RPC_UNICODE_STRING), 

877 ('PrimaryGroupId', ULONG), 

878 ('AdminComment', RPC_UNICODE_STRING), 

879 ('UserComment', RPC_UNICODE_STRING), 

880 ) 

881 

882# 2.2.7.8 SAMPR_USER_PREFERENCES_INFORMATION 

883class SAMPR_USER_PREFERENCES_INFORMATION(NDRSTRUCT): 

884 structure = ( 

885 ('UserComment', RPC_UNICODE_STRING), 

886 ('Reserved1', RPC_UNICODE_STRING), 

887 ('CountryCode', USHORT), 

888 ('CodePage', USHORT), 

889 ) 

890 

891# 2.2.7.9 SAMPR_USER_PARAMETERS_INFORMATION 

892class SAMPR_USER_PARAMETERS_INFORMATION(NDRSTRUCT): 

893 structure = ( 

894 ('Parameters', RPC_UNICODE_STRING), 

895 ) 

896 

897# 2.2.7.10 SAMPR_USER_LOGON_INFORMATION 

898class SAMPR_USER_LOGON_INFORMATION(NDRSTRUCT): 

899 structure = ( 

900 ('UserName', RPC_UNICODE_STRING), 

901 ('FullName', RPC_UNICODE_STRING), 

902 ('UserId', ULONG), 

903 ('PrimaryGroupId', ULONG), 

904 ('HomeDirectory', RPC_UNICODE_STRING), 

905 ('HomeDirectoryDrive', RPC_UNICODE_STRING), 

906 ('ScriptPath', RPC_UNICODE_STRING), 

907 ('ProfilePath', RPC_UNICODE_STRING), 

908 ('WorkStations', RPC_UNICODE_STRING), 

909 ('LastLogon', OLD_LARGE_INTEGER), 

910 ('LastLogoff', OLD_LARGE_INTEGER), 

911 ('PasswordLastSet', OLD_LARGE_INTEGER), 

912 ('PasswordCanChange', OLD_LARGE_INTEGER), 

913 ('PasswordMustChange', OLD_LARGE_INTEGER), 

914 ('LogonHours', SAMPR_LOGON_HOURS), 

915 ('BadPasswordCount', USHORT), 

916 ('LogonCount', USHORT), 

917 ('UserAccountControl', ULONG), 

918 ) 

919 

920# 2.2.7.11 SAMPR_USER_ACCOUNT_INFORMATION 

921class SAMPR_USER_ACCOUNT_INFORMATION(NDRSTRUCT): 

922 structure = ( 

923 ('UserName', RPC_UNICODE_STRING), 

924 ('FullName', RPC_UNICODE_STRING), 

925 ('UserId', ULONG), 

926 ('PrimaryGroupId', ULONG), 

927 ('HomeDirectory', RPC_UNICODE_STRING), 

928 ('HomeDirectoryDrive', RPC_UNICODE_STRING), 

929 ('ScriptPath', RPC_UNICODE_STRING), 

930 ('ProfilePath', RPC_UNICODE_STRING), 

931 ('AdminComment', RPC_UNICODE_STRING), 

932 ('WorkStations', RPC_UNICODE_STRING), 

933 ('LastLogon', OLD_LARGE_INTEGER), 

934 ('LastLogoff', OLD_LARGE_INTEGER), 

935 ('LogonHours', SAMPR_LOGON_HOURS), 

936 ('BadPasswordCount', USHORT), 

937 ('LogonCount', USHORT), 

938 ('PasswordLastSet', OLD_LARGE_INTEGER), 

939 ('AccountExpires', OLD_LARGE_INTEGER), 

940 ('UserAccountControl', ULONG) 

941 ) 

942 

943# 2.2.7.12 SAMPR_USER_A_NAME_INFORMATION 

944class SAMPR_USER_A_NAME_INFORMATION(NDRSTRUCT): 

945 structure = ( 

946 ('UserName', RPC_UNICODE_STRING), 

947 ) 

948 

949# 2.2.7.13 SAMPR_USER_F_NAME_INFORMATION 

950class SAMPR_USER_F_NAME_INFORMATION(NDRSTRUCT): 

951 structure = ( 

952 ('FullName', RPC_UNICODE_STRING), 

953 ) 

954 

955# 2.2.7.14 SAMPR_USER_NAME_INFORMATION 

956class SAMPR_USER_NAME_INFORMATION(NDRSTRUCT): 

957 structure = ( 

958 ('UserName', RPC_UNICODE_STRING), 

959 ('FullName', RPC_UNICODE_STRING), 

960 ) 

961 

962# 2.2.7.15 SAMPR_USER_HOME_INFORMATION 

963class SAMPR_USER_HOME_INFORMATION(NDRSTRUCT): 

964 structure = ( 

965 ('HomeDirectory', RPC_UNICODE_STRING), 

966 ('HomeDirectoryDrive', RPC_UNICODE_STRING), 

967 ) 

968 

969# 2.2.7.16 SAMPR_USER_SCRIPT_INFORMATION 

970class SAMPR_USER_SCRIPT_INFORMATION(NDRSTRUCT): 

971 structure = ( 

972 ('ScriptPath', RPC_UNICODE_STRING), 

973 ) 

974 

975# 2.2.7.17 SAMPR_USER_PROFILE_INFORMATION 

976class SAMPR_USER_PROFILE_INFORMATION(NDRSTRUCT): 

977 structure = ( 

978 ('ProfilePath', RPC_UNICODE_STRING), 

979 ) 

980 

981# 2.2.7.18 SAMPR_USER_ADMIN_COMMENT_INFORMATION 

982class SAMPR_USER_ADMIN_COMMENT_INFORMATION(NDRSTRUCT): 

983 structure = ( 

984 ('AdminComment', RPC_UNICODE_STRING), 

985 ) 

986 

987# 2.2.7.19 SAMPR_USER_WORKSTATIONS_INFORMATION 

988class SAMPR_USER_WORKSTATIONS_INFORMATION(NDRSTRUCT): 

989 structure = ( 

990 ('WorkStations', RPC_UNICODE_STRING), 

991 ) 

992 

993# 2.2.7.20 SAMPR_USER_LOGON_HOURS_INFORMATION 

994class SAMPR_USER_LOGON_HOURS_INFORMATION(NDRSTRUCT): 

995 structure = ( 

996 ('LogonHours', SAMPR_LOGON_HOURS), 

997 ) 

998 

999# 2.2.7.21 SAMPR_ENCRYPTED_USER_PASSWORD 

1000class SAMPR_USER_PASSWORD(NDRSTRUCT): 

1001 structure = ( 

1002 ('Buffer', '512s=b""'), 

1003 ('Length', ULONG), 

1004 ) 

1005 def getAlignment(self): 

1006 return 4 

1007 

1008 

1009class SAMPR_ENCRYPTED_USER_PASSWORD(NDRSTRUCT): 

1010 structure = ( 

1011 ('Buffer', '516s=b""'), 

1012 ) 

1013 def getAlignment(self): 

1014 return 1 

1015 

1016class PSAMPR_ENCRYPTED_USER_PASSWORD(NDRPOINTER): 

1017 referent = ( 

1018 ('Data', SAMPR_ENCRYPTED_USER_PASSWORD), 

1019 ) 

1020 

1021# 2.2.7.22 SAMPR_ENCRYPTED_USER_PASSWORD_NEW 

1022class SAMPR_ENCRYPTED_USER_PASSWORD_NEW(NDRSTRUCT): 

1023 structure = ( 

1024 ('Buffer', '532s=b""'), 

1025 ) 

1026 def getAlignment(self): 

1027 return 1 

1028 

1029# 2.2.7.23 SAMPR_USER_INTERNAL1_INFORMATION 

1030class SAMPR_USER_INTERNAL1_INFORMATION(NDRSTRUCT): 

1031 structure = ( 

1032 ('EncryptedNtOwfPassword', ENCRYPTED_NT_OWF_PASSWORD), 

1033 ('EncryptedLmOwfPassword', ENCRYPTED_LM_OWF_PASSWORD), 

1034 ('NtPasswordPresent', UCHAR), 

1035 ('LmPasswordPresent', UCHAR), 

1036 ('PasswordExpired', UCHAR), 

1037 ) 

1038 

1039# 2.2.7.24 SAMPR_USER_INTERNAL4_INFORMATION 

1040class SAMPR_USER_INTERNAL4_INFORMATION(NDRSTRUCT): 

1041 structure = ( 

1042 ('I1', SAMPR_USER_ALL_INFORMATION), 

1043 ('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD), 

1044 ) 

1045 

1046# 2.2.7.25 SAMPR_USER_INTERNAL4_INFORMATION_NEW 

1047class SAMPR_USER_INTERNAL4_INFORMATION_NEW(NDRSTRUCT): 

1048 structure = ( 

1049 ('I1', SAMPR_USER_ALL_INFORMATION), 

1050 ('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD_NEW), 

1051 ) 

1052 

1053# 2.2.7.26 SAMPR_USER_INTERNAL5_INFORMATION 

1054class SAMPR_USER_INTERNAL5_INFORMATION(NDRSTRUCT): 

1055 structure = ( 

1056 ('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD), 

1057 ('PasswordExpired', UCHAR), 

1058 ) 

1059 

1060# 2.2.7.27 SAMPR_USER_INTERNAL5_INFORMATION_NEW 

1061class SAMPR_USER_INTERNAL5_INFORMATION_NEW(NDRSTRUCT): 

1062 structure = ( 

1063 ('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD_NEW), 

1064 ('PasswordExpired', UCHAR), 

1065 ) 

1066 

1067# 2.2.7.28 USER_INFORMATION_CLASS 

1068class USER_INFORMATION_CLASS(NDRENUM): 

1069 class enumItems(Enum): 

1070 UserGeneralInformation = 1 

1071 UserPreferencesInformation = 2 

1072 UserLogonInformation = 3 

1073 UserLogonHoursInformation = 4 

1074 UserAccountInformation = 5 

1075 UserNameInformation = 6 

1076 UserAccountNameInformation = 7 

1077 UserFullNameInformation = 8 

1078 UserPrimaryGroupInformation = 9 

1079 UserHomeInformation = 10 

1080 UserScriptInformation = 11 

1081 UserProfileInformation = 12 

1082 UserAdminCommentInformation = 13 

1083 UserWorkStationsInformation = 14 

1084 UserControlInformation = 16 

1085 UserExpiresInformation = 17 

1086 UserInternal1Information = 18 

1087 UserParametersInformation = 20 

1088 UserAllInformation = 21 

1089 UserInternal4Information = 23 

1090 UserInternal5Information = 24 

1091 UserInternal4InformationNew = 25 

1092 UserInternal5InformationNew = 26 

1093 

1094# 2.2.7.29 SAMPR_USER_INFO_BUFFER 

1095class SAMPR_USER_INFO_BUFFER(NDRUNION): 

1096 union = { 

1097 USER_INFORMATION_CLASS.UserGeneralInformation : ('General', SAMPR_USER_GENERAL_INFORMATION), 

1098 USER_INFORMATION_CLASS.UserPreferencesInformation : ('Preferences', SAMPR_USER_PREFERENCES_INFORMATION), 

1099 USER_INFORMATION_CLASS.UserLogonInformation : ('Logon', SAMPR_USER_LOGON_INFORMATION), 

1100 USER_INFORMATION_CLASS.UserLogonHoursInformation : ('LogonHours', SAMPR_USER_LOGON_HOURS_INFORMATION), 

1101 USER_INFORMATION_CLASS.UserAccountInformation : ('Account', SAMPR_USER_ACCOUNT_INFORMATION), 

1102 USER_INFORMATION_CLASS.UserNameInformation : ('Name', SAMPR_USER_NAME_INFORMATION), 

1103 USER_INFORMATION_CLASS.UserAccountNameInformation : ('AccountName', SAMPR_USER_A_NAME_INFORMATION), 

1104 USER_INFORMATION_CLASS.UserFullNameInformation : ('FullName', SAMPR_USER_F_NAME_INFORMATION), 

1105 USER_INFORMATION_CLASS.UserPrimaryGroupInformation: ('PrimaryGroup', USER_PRIMARY_GROUP_INFORMATION), 

1106 USER_INFORMATION_CLASS.UserHomeInformation : ('Home', SAMPR_USER_HOME_INFORMATION), 

1107 USER_INFORMATION_CLASS.UserScriptInformation : ('Script', SAMPR_USER_SCRIPT_INFORMATION), 

1108 USER_INFORMATION_CLASS.UserProfileInformation : ('Profile', SAMPR_USER_PROFILE_INFORMATION), 

1109 USER_INFORMATION_CLASS.UserAdminCommentInformation: ('AdminComment', SAMPR_USER_ADMIN_COMMENT_INFORMATION), 

1110 USER_INFORMATION_CLASS.UserWorkStationsInformation: ('WorkStations', SAMPR_USER_WORKSTATIONS_INFORMATION), 

1111 USER_INFORMATION_CLASS.UserControlInformation : ('Control', USER_CONTROL_INFORMATION), 

1112 USER_INFORMATION_CLASS.UserExpiresInformation : ('Expires', USER_EXPIRES_INFORMATION), 

1113 USER_INFORMATION_CLASS.UserInternal1Information : ('Internal1', SAMPR_USER_INTERNAL1_INFORMATION), 

1114 USER_INFORMATION_CLASS.UserParametersInformation : ('Parameters', SAMPR_USER_PARAMETERS_INFORMATION ), 

1115 USER_INFORMATION_CLASS.UserAllInformation : ('All', SAMPR_USER_ALL_INFORMATION), 

1116 USER_INFORMATION_CLASS.UserInternal4Information : ('Internal4', SAMPR_USER_INTERNAL4_INFORMATION), 

1117 USER_INFORMATION_CLASS.UserInternal5Information : ('Internal5', SAMPR_USER_INTERNAL5_INFORMATION), 

1118 USER_INFORMATION_CLASS.UserInternal4InformationNew: ('Internal4New', SAMPR_USER_INTERNAL4_INFORMATION_NEW), 

1119 USER_INFORMATION_CLASS.UserInternal5InformationNew: ('Internal5New', SAMPR_USER_INTERNAL5_INFORMATION_NEW), 

1120 } 

1121 

1122class PSAMPR_USER_INFO_BUFFER(NDRPOINTER): 

1123 referent = ( 

1124 ('Data', SAMPR_USER_INFO_BUFFER), 

1125 ) 

1126 

1127class PSAMPR_SERVER_NAME2(NDRPOINTER): 

1128 referent = ( 

1129 ('Data', '4s=b""'), 

1130 ) 

1131 

1132# 2.2.8.2 SAMPR_DOMAIN_DISPLAY_USER 

1133class SAMPR_DOMAIN_DISPLAY_USER(NDRSTRUCT): 

1134 structure = ( 

1135 ('Index',ULONG), 

1136 ('Rid',ULONG), 

1137 ('AccountControl',ULONG), 

1138 ('AccountName',RPC_UNICODE_STRING), 

1139 ('AdminComment',RPC_UNICODE_STRING), 

1140 ('FullName',RPC_UNICODE_STRING), 

1141 ) 

1142 

1143class SAMPR_DOMAIN_DISPLAY_USER_ARRAY(NDRUniConformantArray): 

1144 item = SAMPR_DOMAIN_DISPLAY_USER 

1145 

1146class PSAMPR_DOMAIN_DISPLAY_USER_ARRAY(NDRPOINTER): 

1147 referent = ( 

1148 ('Data',SAMPR_DOMAIN_DISPLAY_USER_ARRAY), 

1149 ) 

1150 

1151# 2.2.8.3 SAMPR_DOMAIN_DISPLAY_MACHINE 

1152class SAMPR_DOMAIN_DISPLAY_MACHINE(NDRSTRUCT): 

1153 structure = ( 

1154 ('Index',ULONG), 

1155 ('Rid',ULONG), 

1156 ('AccountControl',ULONG), 

1157 ('AccountName',RPC_UNICODE_STRING), 

1158 ('AdminComment',RPC_UNICODE_STRING), 

1159 ) 

1160 

1161class SAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY(NDRUniConformantArray): 

1162 item = SAMPR_DOMAIN_DISPLAY_MACHINE 

1163 

1164class PSAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY(NDRPOINTER): 

1165 referent = ( 

1166 ('Data',SAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY), 

1167 ) 

1168 

1169# 2.2.8.4 SAMPR_DOMAIN_DISPLAY_GROUP 

1170class SAMPR_DOMAIN_DISPLAY_GROUP(NDRSTRUCT): 

1171 structure = ( 

1172 ('Index',ULONG), 

1173 ('Rid',ULONG), 

1174 ('AccountControl',ULONG), 

1175 ('AccountName',RPC_UNICODE_STRING), 

1176 ('AdminComment',RPC_UNICODE_STRING), 

1177 ) 

1178 

1179class SAMPR_DOMAIN_DISPLAY_GROUP_ARRAY(NDRUniConformantArray): 

1180 item = SAMPR_DOMAIN_DISPLAY_GROUP 

1181 

1182class PSAMPR_DOMAIN_DISPLAY_GROUP_ARRAY(NDRPOINTER): 

1183 referent = ( 

1184 ('Data',SAMPR_DOMAIN_DISPLAY_GROUP_ARRAY), 

1185 ) 

1186 

1187# 2.2.8.5 SAMPR_DOMAIN_DISPLAY_OEM_USER 

1188class SAMPR_DOMAIN_DISPLAY_OEM_USER(NDRSTRUCT): 

1189 structure = ( 

1190 ('Index',ULONG), 

1191 ('OemAccountName',RPC_STRING), 

1192 ) 

1193 

1194class SAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY(NDRUniConformantArray): 

1195 item = SAMPR_DOMAIN_DISPLAY_OEM_USER 

1196 

1197class PSAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY(NDRPOINTER): 

1198 referent = ( 

1199 ('Data',SAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY), 

1200 ) 

1201 

1202# 2.2.8.6 SAMPR_DOMAIN_DISPLAY_OEM_GROUP 

1203class SAMPR_DOMAIN_DISPLAY_OEM_GROUP(NDRSTRUCT): 

1204 structure = ( 

1205 ('Index',ULONG), 

1206 ('OemAccountName',RPC_STRING), 

1207 ) 

1208 

1209class SAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY(NDRUniConformantArray): 

1210 item = SAMPR_DOMAIN_DISPLAY_OEM_GROUP 

1211 

1212class PSAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY(NDRPOINTER): 

1213 referent = ( 

1214 ('Data',SAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY), 

1215 ) 

1216 

1217#2.2.8.7 SAMPR_DOMAIN_DISPLAY_USER_BUFFER 

1218class SAMPR_DOMAIN_DISPLAY_USER_BUFFER(NDRSTRUCT): 

1219 structure = ( 

1220 ('EntriesRead', ULONG), 

1221 ('Buffer', PSAMPR_DOMAIN_DISPLAY_USER_ARRAY), 

1222 ) 

1223 

1224# 2.2.8.8 SAMPR_DOMAIN_DISPLAY_MACHINE_BUFFER 

1225class SAMPR_DOMAIN_DISPLAY_MACHINE_BUFFER(NDRSTRUCT): 

1226 structure = ( 

1227 ('EntriesRead', ULONG), 

1228 ('Buffer', PSAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY), 

1229 ) 

1230 

1231# 2.2.8.9 SAMPR_DOMAIN_DISPLAY_GROUP_BUFFER 

1232class SAMPR_DOMAIN_DISPLAY_GROUP_BUFFER(NDRSTRUCT): 

1233 structure = ( 

1234 ('EntriesRead', ULONG), 

1235 ('Buffer', PSAMPR_DOMAIN_DISPLAY_GROUP_ARRAY), 

1236 ) 

1237 

1238# 2.2.8.10 SAMPR_DOMAIN_DISPLAY_OEM_USER_BUFFER 

1239class SAMPR_DOMAIN_DISPLAY_OEM_USER_BUFFER(NDRSTRUCT): 

1240 structure = ( 

1241 ('EntriesRead', ULONG), 

1242 ('Buffer', PSAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY), 

1243 ) 

1244 

1245# 2.2.8.11 SAMPR_DOMAIN_DISPLAY_OEM_GROUP_BUFFER 

1246class SAMPR_DOMAIN_DISPLAY_OEM_GROUP_BUFFER(NDRSTRUCT): 

1247 structure = ( 

1248 ('EntriesRead', ULONG), 

1249 ('Buffer', PSAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY), 

1250 ) 

1251 

1252# 2.2.8.12 DOMAIN_DISPLAY_INFORMATION 

1253class DOMAIN_DISPLAY_INFORMATION(NDRENUM): 

1254 class enumItems(Enum): 

1255 DomainDisplayUser = 1 

1256 DomainDisplayMachine = 2 

1257 DomainDisplayGroup = 3 

1258 DomainDisplayOemUser = 4 

1259 DomainDisplayOemGroup = 5 

1260 

1261# 2.2.8.13 SAMPR_DISPLAY_INFO_BUFFER 

1262class SAMPR_DISPLAY_INFO_BUFFER(NDRUNION): 

1263 union = { 

1264 DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser : ('UserInformation', SAMPR_DOMAIN_DISPLAY_USER_BUFFER), 

1265 DOMAIN_DISPLAY_INFORMATION.DomainDisplayMachine : ('MachineInformation', SAMPR_DOMAIN_DISPLAY_MACHINE_BUFFER), 

1266 DOMAIN_DISPLAY_INFORMATION.DomainDisplayGroup : ('GroupInformation', SAMPR_DOMAIN_DISPLAY_GROUP_BUFFER), 

1267 DOMAIN_DISPLAY_INFORMATION.DomainDisplayOemUser : ('OemUserInformation', SAMPR_DOMAIN_DISPLAY_OEM_USER_BUFFER), 

1268 DOMAIN_DISPLAY_INFORMATION.DomainDisplayOemGroup : ('OemGroupInformation', SAMPR_DOMAIN_DISPLAY_OEM_GROUP_BUFFER), 

1269 } 

1270 

1271# 2.2.9.1 SAM_VALIDATE_PASSWORD_HASH 

1272class SAM_VALIDATE_PASSWORD_HASH(NDRSTRUCT): 

1273 structure = ( 

1274 ('Length', ULONG), 

1275 ('Hash', LPBYTE), 

1276 ) 

1277 

1278class PSAM_VALIDATE_PASSWORD_HASH(NDRPOINTER): 

1279 referent = ( 

1280 ('Data', SAM_VALIDATE_PASSWORD_HASH), 

1281 ) 

1282 

1283# 2.2.9.2 SAM_VALIDATE_PERSISTED_FIELDS 

1284class SAM_VALIDATE_PERSISTED_FIELDS(NDRSTRUCT): 

1285 structure = ( 

1286 ('PresentFields', ULONG), 

1287 ('PasswordLastSet', LARGE_INTEGER), 

1288 ('BadPasswordTime', LARGE_INTEGER), 

1289 ('LockoutTime', LARGE_INTEGER), 

1290 ('BadPasswordCount', ULONG), 

1291 ('PasswordHistoryLength', ULONG), 

1292 ('PasswordHistory', PSAM_VALIDATE_PASSWORD_HASH), 

1293 ) 

1294 

1295# 2.2.9.3 SAM_VALIDATE_VALIDATION_STATUS 

1296class SAM_VALIDATE_VALIDATION_STATUS(NDRENUM): 

1297 class enumItems(Enum): 

1298 SamValidateSuccess = 0 

1299 SamValidatePasswordMustChange = 1 

1300 SamValidateAccountLockedOut = 2 

1301 SamValidatePasswordExpired = 3 

1302 SamValidatePasswordIncorrect = 4 

1303 SamValidatePasswordIsInHistory = 5 

1304 SamValidatePasswordTooShort = 6 

1305 SamValidatePasswordTooLong = 7 

1306 SamValidatePasswordNotComplexEnough = 8 

1307 SamValidatePasswordTooRecent = 9 

1308 SamValidatePasswordFilterError = 10 

1309 

1310# 2.2.9.4 SAM_VALIDATE_STANDARD_OUTPUT_ARG 

1311class SAM_VALIDATE_STANDARD_OUTPUT_ARG(NDRSTRUCT): 

1312 structure = ( 

1313 ('ChangedPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS), 

1314 ('ValidationStatus', SAM_VALIDATE_VALIDATION_STATUS), 

1315 ) 

1316 

1317class PSAM_VALIDATE_STANDARD_OUTPUT_ARG(NDRPOINTER): 

1318 referent = ( 

1319 ('Data', SAM_VALIDATE_STANDARD_OUTPUT_ARG), 

1320 ) 

1321 

1322# 2.2.9.5 SAM_VALIDATE_AUTHENTICATION_INPUT_ARG 

1323class SAM_VALIDATE_AUTHENTICATION_INPUT_ARG(NDRSTRUCT): 

1324 structure = ( 

1325 ('InputPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS), 

1326 ('PasswordMatched', UCHAR), 

1327 ) 

1328 

1329# 2.2.9.6 SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG 

1330class SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG(NDRSTRUCT): 

1331 structure = ( 

1332 ('InputPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS), 

1333 ('ClearPassword', RPC_UNICODE_STRING), 

1334 ('UserAccountName', RPC_UNICODE_STRING), 

1335 ('HashedPassword', SAM_VALIDATE_PASSWORD_HASH), 

1336 ('PasswordMatch', UCHAR), 

1337 ) 

1338 

1339# 2.2.9.7 SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG 

1340class SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG(NDRSTRUCT): 

1341 structure = ( 

1342 ('InputPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS), 

1343 ('ClearPassword', RPC_UNICODE_STRING), 

1344 ('UserAccountName', RPC_UNICODE_STRING), 

1345 ('HashedPassword', SAM_VALIDATE_PASSWORD_HASH), 

1346 ('PasswordMustChangeAtNextLogon', UCHAR), 

1347 ('ClearLockout', UCHAR), 

1348 ) 

1349 

1350# 2.2.9.8 PASSWORD_POLICY_VALIDATION_TYPE 

1351class PASSWORD_POLICY_VALIDATION_TYPE(NDRENUM): 

1352 class enumItems(Enum): 

1353 SamValidateAuthentication = 1 

1354 SamValidatePasswordChange = 2 

1355 SamValidatePasswordReset = 3 

1356 

1357# 2.2.9.9 SAM_VALIDATE_INPUT_ARG 

1358class SAM_VALIDATE_INPUT_ARG(NDRUNION): 

1359 union = { 

1360 PASSWORD_POLICY_VALIDATION_TYPE.SamValidateAuthentication : ('ValidateAuthenticationInput', SAM_VALIDATE_AUTHENTICATION_INPUT_ARG), 

1361 PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordChange : ('ValidatePasswordChangeInput', SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG), 

1362 PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordReset : ('ValidatePasswordResetInput', SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG), 

1363 } 

1364 

1365# 2.2.9.10 SAM_VALIDATE_OUTPUT_ARG 

1366class SAM_VALIDATE_OUTPUT_ARG(NDRUNION): 

1367 union = { 

1368 PASSWORD_POLICY_VALIDATION_TYPE.SamValidateAuthentication : ('ValidateAuthenticationOutput', SAM_VALIDATE_STANDARD_OUTPUT_ARG), 

1369 PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordChange : ('ValidatePasswordChangeOutput', SAM_VALIDATE_STANDARD_OUTPUT_ARG), 

1370 PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordReset : ('ValidatePasswordResetOutput', SAM_VALIDATE_STANDARD_OUTPUT_ARG), 

1371 } 

1372 

1373class PSAM_VALIDATE_OUTPUT_ARG(NDRPOINTER): 

1374 referent = ( 

1375 ('Data', SAM_VALIDATE_OUTPUT_ARG), 

1376 ) 

1377 

1378# 2.2.10 Supplemental Credentials Structures 

1379 

1380# 2.2.10.1 USER_PROPERTIES 

1381class USER_PROPERTIES(Structure): 

1382 structure = ( 

1383 ('Reserved1','<L=0'), 

1384 ('Length','<L=0'), 

1385 ('Reserved2','<H=0'), 

1386 ('Reserved3','<H=0'), 

1387 ('Reserved4','96s=""'), 

1388 ('PropertySignature','<H=0x50'), 

1389 ('PropertyCount','<H=0'), 

1390 ('UserProperties',':'), 

1391 ) 

1392 

1393# 2.2.10.2 USER_PROPERTY 

1394class USER_PROPERTY(Structure): 

1395 structure = ( 

1396 ('NameLength','<H=0'), 

1397 ('ValueLength','<H=0'), 

1398 ('Reserved','<H=0'), 

1399 ('_PropertyName','_-PropertyName', "self['NameLength']"), 

1400 ('PropertyName',':'), 

1401 ('_PropertyValue','_-PropertyValue', "self['ValueLength']"), 

1402 ('PropertyValue',':'), 

1403 ) 

1404 

1405# 2.2.10.3 Primary:WDigest - WDIGEST_CREDENTIALS 

1406class WDIGEST_CREDENTIALS(Structure): 

1407 structure = ( 

1408 ('Reserved1','B=0'), 

1409 ('Reserved2','B=0'), 

1410 ('Version','B=1'), 

1411 ('NumberOfHashes','B=29'), 

1412 ('Reserved3','12s=""'), 

1413 ('Hash1', '16s=""'), 

1414 ('Hash2', '16s=""'), 

1415 ('Hash3', '16s=""'), 

1416 ('Hash4', '16s=""'), 

1417 ('Hash5', '16s=""'), 

1418 ('Hash6', '16s=""'), 

1419 ('Hash7', '16s=""'), 

1420 ('Hash8', '16s=""'), 

1421 ('Hash9', '16s=""'), 

1422 ('Hash10', '16s=""'), 

1423 ('Hash11', '16s=""'), 

1424 ('Hash12', '16s=""'), 

1425 ('Hash13', '16s=""'), 

1426 ('Hash14', '16s=""'), 

1427 ('Hash15', '16s=""'), 

1428 ('Hash16', '16s=""'), 

1429 ('Hash17', '16s=""'), 

1430 ('Hash18', '16s=""'), 

1431 ('Hash19', '16s=""'), 

1432 ('Hash20', '16s=""'), 

1433 ('Hash21', '16s=""'), 

1434 ('Hash22', '16s=""'), 

1435 ('Hash23', '16s=""'), 

1436 ('Hash24', '16s=""'), 

1437 ('Hash25', '16s=""'), 

1438 ('Hash26', '16s=""'), 

1439 ('Hash27', '16s=""'), 

1440 ('Hash28', '16s=""'), 

1441 ('Hash29', '16s=""'), 

1442 ) 

1443 

1444# 2.2.10.5 KERB_KEY_DATA 

1445class KERB_KEY_DATA(Structure): 

1446 structure = ( 

1447 ('Reserved1','<H=0'), 

1448 ('Reserved2','<H=0'), 

1449 ('Reserved3','<H=0'), 

1450 ('KeyType','<L=0'), 

1451 ('KeyLength','<L=0'), 

1452 ('KeyOffset','<L=0'), 

1453 ) 

1454 

1455# 2.2.10.4 Primary:Kerberos - KERB_STORED_CREDENTIAL 

1456class KERB_STORED_CREDENTIAL(Structure): 

1457 structure = ( 

1458 ('Revision','<H=3'), 

1459 ('Flags','<H=0'), 

1460 ('CredentialCount','<H=0'), 

1461 ('OldCredentialCount','<H=0'), 

1462 ('DefaultSaltLength','<H=0'), 

1463 ('DefaultSaltMaximumLength','<H=0'), 

1464 ('DefaultSaltOffset','<L=0'), 

1465 #('Credentials',':'), 

1466 #('OldCredentials',':'), 

1467 #('DefaultSalt',':'), 

1468 #('KeyValues',':'), 

1469 # All the preceding stuff inside this Buffer 

1470 ('Buffer',':'), 

1471 ) 

1472 

1473# 2.2.10.7 KERB_KEY_DATA_NEW 

1474class KERB_KEY_DATA_NEW(Structure): 

1475 structure = ( 

1476 ('Reserved1','<H=0'), 

1477 ('Reserved2','<H=0'), 

1478 ('Reserved3','<L=0'), 

1479 ('IterationCount','<L=0'), 

1480 ('KeyType','<L=0'), 

1481 ('KeyLength','<L=0'), 

1482 ('KeyOffset','<L=0'), 

1483 ) 

1484 

1485# 2.2.10.6 Primary:Kerberos-Newer-Keys - KERB_STORED_CREDENTIAL_NEW 

1486class KERB_STORED_CREDENTIAL_NEW(Structure): 

1487 structure = ( 

1488 ('Revision','<H=4'), 

1489 ('Flags','<H=0'), 

1490 ('CredentialCount','<H=0'), 

1491 ('ServiceCredentialCount','<H=0'), 

1492 ('OldCredentialCount','<H=0'), 

1493 ('OlderCredentialCount','<H=0'), 

1494 ('DefaultSaltLength','<H=0'), 

1495 ('DefaultSaltMaximumLength','<H=0'), 

1496 ('DefaultSaltOffset','<L=0'), 

1497 ('DefaultIterationCount','<L=0'), 

1498 #('Credentials',':'), 

1499 #('ServiceCredentials',':'), 

1500 #('OldCredentials',':'), 

1501 #('OlderCredentials',':'), 

1502 #('DefaultSalt',':'), 

1503 #('KeyValues',':'), 

1504 # All the preceding stuff inside this Buffer 

1505 ('Buffer',':'), 

1506 ) 

1507 

1508################################################################################ 

1509# RPC CALLS 

1510################################################################################ 

1511 

1512class SamrConnect(NDRCALL): 

1513 opnum = 0 

1514 structure = ( 

1515 ('ServerName',PSAMPR_SERVER_NAME2), 

1516 ('DesiredAccess', ULONG), 

1517 ) 

1518 

1519class SamrConnectResponse(NDRCALL): 

1520 structure = ( 

1521 ('ServerHandle',SAMPR_HANDLE), 

1522 ('ErrorCode',ULONG), 

1523 ) 

1524 

1525class SamrCloseHandle(NDRCALL): 

1526 opnum = 1 

1527 structure = ( 

1528 ('SamHandle',SAMPR_HANDLE), 

1529 ('DesiredAccess', LONG), 

1530 ) 

1531 

1532class SamrCloseHandleResponse(NDRCALL): 

1533 structure = ( 

1534 ('SamHandle',SAMPR_HANDLE), 

1535 ('ErrorCode',ULONG), 

1536 ) 

1537 

1538class SamrSetSecurityObject(NDRCALL): 

1539 opnum = 2 

1540 structure = ( 

1541 ('ObjectHandle',SAMPR_HANDLE), 

1542 ('SecurityInformation', SECURITY_INFORMATION), 

1543 ('SecurityDescriptor', SAMPR_SR_SECURITY_DESCRIPTOR), 

1544 ) 

1545 

1546class SamrSetSecurityObjectResponse(NDRCALL): 

1547 structure = ( 

1548 ('ErrorCode',ULONG), 

1549 ) 

1550 

1551class SamrQuerySecurityObject(NDRCALL): 

1552 opnum = 3 

1553 structure = ( 

1554 ('ObjectHandle',SAMPR_HANDLE), 

1555 ('SecurityInformation', SECURITY_INFORMATION), 

1556 ) 

1557 

1558class SamrQuerySecurityObjectResponse(NDRCALL): 

1559 structure = ( 

1560 ('SecurityDescriptor',PSAMPR_SR_SECURITY_DESCRIPTOR), 

1561 ('ErrorCode',ULONG), 

1562 ) 

1563 

1564class SamrLookupDomainInSamServer(NDRCALL): 

1565 opnum = 5 

1566 structure = ( 

1567 ('ServerHandle',SAMPR_HANDLE), 

1568 ('Name', RPC_UNICODE_STRING), 

1569 ) 

1570 

1571class SamrLookupDomainInSamServerResponse(NDRCALL): 

1572 structure = ( 

1573 ('DomainId',PRPC_SID), 

1574 ('ErrorCode',ULONG), 

1575 ) 

1576 

1577class SamrEnumerateDomainsInSamServer(NDRCALL): 

1578 opnum = 6 

1579 structure = ( 

1580 ('ServerHandle',SAMPR_HANDLE), 

1581 ('EnumerationContext', ULONG), 

1582 ('PreferedMaximumLength', ULONG), 

1583 ) 

1584 

1585class SamrEnumerateDomainsInSamServerResponse(NDRCALL): 

1586 structure = ( 

1587 ('EnumerationContext',ULONG), 

1588 ('Buffer',PSAMPR_ENUMERATION_BUFFER), 

1589 ('CountReturned',ULONG), 

1590 ('ErrorCode',ULONG), 

1591 ) 

1592 

1593class SamrOpenDomain(NDRCALL): 

1594 opnum = 7 

1595 structure = ( 

1596 ('ServerHandle',SAMPR_HANDLE), 

1597 ('DesiredAccess', ULONG), 

1598 ('DomainId', RPC_SID), 

1599 ) 

1600 

1601class SamrOpenDomainResponse(NDRCALL): 

1602 structure = ( 

1603 ('DomainHandle',SAMPR_HANDLE), 

1604 ('ErrorCode',ULONG), 

1605 ) 

1606 

1607class SamrQueryInformationDomain(NDRCALL): 

1608 opnum = 8 

1609 structure = ( 

1610 ('DomainHandle',SAMPR_HANDLE), 

1611 ('DomainInformationClass', DOMAIN_INFORMATION_CLASS), 

1612 ) 

1613 

1614class SamrQueryInformationDomainResponse(NDRCALL): 

1615 structure = ( 

1616 ('Buffer',PSAMPR_DOMAIN_INFO_BUFFER), 

1617 ('ErrorCode',ULONG), 

1618 ) 

1619 

1620class SamrSetInformationDomain(NDRCALL): 

1621 opnum = 9 

1622 structure = ( 

1623 ('DomainHandle',SAMPR_HANDLE), 

1624 ('DomainInformationClass', DOMAIN_INFORMATION_CLASS), 

1625 ('DomainInformation', SAMPR_DOMAIN_INFO_BUFFER), 

1626 ) 

1627 

1628class SamrSetInformationDomainResponse(NDRCALL): 

1629 structure = ( 

1630 ('ErrorCode',ULONG), 

1631 ) 

1632 

1633class SamrCreateGroupInDomain(NDRCALL): 

1634 opnum = 10 

1635 structure = ( 

1636 ('DomainHandle',SAMPR_HANDLE), 

1637 ('Name', RPC_UNICODE_STRING), 

1638 ('DesiredAccess', ULONG), 

1639 ) 

1640 

1641class SamrCreateGroupInDomainResponse(NDRCALL): 

1642 structure = ( 

1643 ('GroupHandle',SAMPR_HANDLE), 

1644 ('RelativeId',ULONG), 

1645 ('ErrorCode',ULONG), 

1646 ) 

1647 

1648class SamrEnumerateGroupsInDomain(NDRCALL): 

1649 opnum = 11 

1650 structure = ( 

1651 ('DomainHandle',SAMPR_HANDLE), 

1652 ('EnumerationContext', ULONG), 

1653 ('PreferedMaximumLength', ULONG), 

1654 ) 

1655 

1656class SamrCreateUserInDomain(NDRCALL): 

1657 opnum = 12 

1658 structure = ( 

1659 ('DomainHandle',SAMPR_HANDLE), 

1660 ('Name', RPC_UNICODE_STRING), 

1661 ('DesiredAccess', ULONG), 

1662 ) 

1663 

1664class SamrCreateUserInDomainResponse(NDRCALL): 

1665 structure = ( 

1666 ('UserHandle',SAMPR_HANDLE), 

1667 ('RelativeId',ULONG), 

1668 ('ErrorCode',ULONG), 

1669 ) 

1670 

1671class SamrEnumerateGroupsInDomainResponse(NDRCALL): 

1672 structure = ( 

1673 ('EnumerationContext',ULONG), 

1674 ('Buffer',PSAMPR_ENUMERATION_BUFFER), 

1675 ('CountReturned',ULONG), 

1676 ('ErrorCode',ULONG), 

1677 ) 

1678 

1679class SamrEnumerateUsersInDomain(NDRCALL): 

1680 opnum = 13 

1681 structure = ( 

1682 ('DomainHandle',SAMPR_HANDLE), 

1683 ('EnumerationContext', ULONG), 

1684 ('UserAccountControl', ULONG), 

1685 ('PreferedMaximumLength', ULONG), 

1686 ) 

1687 

1688class SamrEnumerateUsersInDomainResponse(NDRCALL): 

1689 structure = ( 

1690 ('EnumerationContext',ULONG), 

1691 ('Buffer',PSAMPR_ENUMERATION_BUFFER), 

1692 ('CountReturned',ULONG), 

1693 ('ErrorCode',ULONG), 

1694 ) 

1695 

1696class SamrCreateAliasInDomain(NDRCALL): 

1697 opnum = 14 

1698 structure = ( 

1699 ('DomainHandle',SAMPR_HANDLE), 

1700 ('AccountName', RPC_UNICODE_STRING), 

1701 ('DesiredAccess', ULONG), 

1702 ) 

1703 

1704class SamrCreateAliasInDomainResponse(NDRCALL): 

1705 structure = ( 

1706 ('AliasHandle',SAMPR_HANDLE), 

1707 ('RelativeId',ULONG), 

1708 ('ErrorCode',ULONG), 

1709 ) 

1710 

1711 

1712class SamrEnumerateAliasesInDomain(NDRCALL): 

1713 opnum = 15 

1714 structure = ( 

1715 ('DomainHandle',SAMPR_HANDLE), 

1716 ('EnumerationContext', ULONG), 

1717 ('PreferedMaximumLength', ULONG), 

1718 ) 

1719 

1720class SamrEnumerateAliasesInDomainResponse(NDRCALL): 

1721 structure = ( 

1722 ('EnumerationContext',ULONG), 

1723 ('Buffer',PSAMPR_ENUMERATION_BUFFER), 

1724 ('CountReturned',ULONG), 

1725 ('ErrorCode',ULONG), 

1726 ) 

1727 

1728class SamrGetAliasMembership(NDRCALL): 

1729 opnum = 16 

1730 structure = ( 

1731 ('DomainHandle',SAMPR_HANDLE), 

1732 ('SidArray',SAMPR_PSID_ARRAY), 

1733 ) 

1734 

1735class SamrGetAliasMembershipResponse(NDRCALL): 

1736 structure = ( 

1737 ('Membership',SAMPR_ULONG_ARRAY), 

1738 ('ErrorCode',ULONG), 

1739 ) 

1740 

1741class SamrLookupNamesInDomain(NDRCALL): 

1742 opnum = 17 

1743 structure = ( 

1744 ('DomainHandle',SAMPR_HANDLE), 

1745 ('Count',ULONG), 

1746 ('Names',RPC_UNICODE_STRING_ARRAY), 

1747 ) 

1748 

1749class SamrLookupNamesInDomainResponse(NDRCALL): 

1750 structure = ( 

1751 ('RelativeIds',SAMPR_ULONG_ARRAY), 

1752 ('Use',SAMPR_ULONG_ARRAY), 

1753 ('ErrorCode',ULONG), 

1754 ) 

1755 

1756class SamrLookupIdsInDomain(NDRCALL): 

1757 opnum = 18 

1758 structure = ( 

1759 ('DomainHandle',SAMPR_HANDLE), 

1760 ('Count',ULONG), 

1761 ('RelativeIds',ULONG_ARRAY_CV), 

1762 ) 

1763 

1764class SamrLookupIdsInDomainResponse(NDRCALL): 

1765 structure = ( 

1766 ('Names',SAMPR_RETURNED_USTRING_ARRAY), 

1767 ('Use',SAMPR_ULONG_ARRAY), 

1768 ('ErrorCode',ULONG), 

1769 ) 

1770 

1771class SamrOpenGroup(NDRCALL): 

1772 opnum = 19 

1773 structure = ( 

1774 ('DomainHandle',SAMPR_HANDLE), 

1775 ('DesiredAccess', ULONG), 

1776 ('GroupId', ULONG), 

1777 ) 

1778 

1779class SamrOpenGroupResponse(NDRCALL): 

1780 structure = ( 

1781 ('GroupHandle',SAMPR_HANDLE), 

1782 ('ErrorCode',ULONG), 

1783 ) 

1784 

1785class SamrQueryInformationGroup(NDRCALL): 

1786 opnum = 20 

1787 structure = ( 

1788 ('GroupHandle',SAMPR_HANDLE), 

1789 ('GroupInformationClass', GROUP_INFORMATION_CLASS), 

1790 ) 

1791 

1792class SamrQueryInformationGroupResponse(NDRCALL): 

1793 structure = ( 

1794 ('Buffer',PSAMPR_GROUP_INFO_BUFFER), 

1795 ('ErrorCode',ULONG), 

1796 ) 

1797 

1798class SamrSetInformationGroup(NDRCALL): 

1799 opnum = 21 

1800 structure = ( 

1801 ('GroupHandle',SAMPR_HANDLE), 

1802 ('GroupInformationClass', GROUP_INFORMATION_CLASS), 

1803 ('Buffer', SAMPR_GROUP_INFO_BUFFER), 

1804 ) 

1805 

1806class SamrSetInformationGroupResponse(NDRCALL): 

1807 structure = ( 

1808 ('ErrorCode',ULONG), 

1809 ) 

1810 

1811class SamrAddMemberToGroup(NDRCALL): 

1812 opnum = 22 

1813 structure = ( 

1814 ('GroupHandle',SAMPR_HANDLE), 

1815 ('MemberId', ULONG), 

1816 ('Attributes', ULONG), 

1817 ) 

1818 

1819class SamrAddMemberToGroupResponse(NDRCALL): 

1820 structure = ( 

1821 ('ErrorCode',ULONG), 

1822 ) 

1823 

1824class SamrDeleteGroup(NDRCALL): 

1825 opnum = 23 

1826 structure = ( 

1827 ('GroupHandle',SAMPR_HANDLE), 

1828 ) 

1829 

1830class SamrDeleteGroupResponse(NDRCALL): 

1831 structure = ( 

1832 ('GroupHandle',SAMPR_HANDLE), 

1833 ('ErrorCode',ULONG), 

1834 ) 

1835 

1836class SamrRemoveMemberFromGroup(NDRCALL): 

1837 opnum = 24 

1838 structure = ( 

1839 ('GroupHandle',SAMPR_HANDLE), 

1840 ('MemberId', ULONG), 

1841 ) 

1842 

1843class SamrRemoveMemberFromGroupResponse(NDRCALL): 

1844 structure = ( 

1845 ('ErrorCode',ULONG), 

1846 ) 

1847 

1848class SamrGetMembersInGroup(NDRCALL): 

1849 opnum = 25 

1850 structure = ( 

1851 ('GroupHandle',SAMPR_HANDLE), 

1852 ) 

1853 

1854class SamrGetMembersInGroupResponse(NDRCALL): 

1855 structure = ( 

1856 ('Members',PSAMPR_GET_MEMBERS_BUFFER), 

1857 ('ErrorCode',ULONG), 

1858 ) 

1859 

1860class SamrSetMemberAttributesOfGroup(NDRCALL): 

1861 opnum = 26 

1862 structure = ( 

1863 ('GroupHandle',SAMPR_HANDLE), 

1864 ('MemberId',ULONG), 

1865 ('Attributes',ULONG), 

1866 ) 

1867 

1868class SamrSetMemberAttributesOfGroupResponse(NDRCALL): 

1869 structure = ( 

1870 ('ErrorCode',ULONG), 

1871 ) 

1872 

1873class SamrOpenAlias(NDRCALL): 

1874 opnum = 27 

1875 structure = ( 

1876 ('DomainHandle',SAMPR_HANDLE), 

1877 ('DesiredAccess', ULONG), 

1878 ('AliasId', ULONG), 

1879 ) 

1880 

1881class SamrOpenAliasResponse(NDRCALL): 

1882 structure = ( 

1883 ('AliasHandle',SAMPR_HANDLE), 

1884 ('ErrorCode',ULONG), 

1885 ) 

1886 

1887class SamrQueryInformationAlias(NDRCALL): 

1888 opnum = 28 

1889 structure = ( 

1890 ('AliasHandle',SAMPR_HANDLE), 

1891 ('AliasInformationClass', ALIAS_INFORMATION_CLASS), 

1892 ) 

1893 

1894class SamrQueryInformationAliasResponse(NDRCALL): 

1895 structure = ( 

1896 ('Buffer',PSAMPR_ALIAS_INFO_BUFFER), 

1897 ('ErrorCode',ULONG), 

1898 ) 

1899 

1900class SamrSetInformationAlias(NDRCALL): 

1901 opnum = 29 

1902 structure = ( 

1903 ('AliasHandle',SAMPR_HANDLE), 

1904 ('AliasInformationClass', ALIAS_INFORMATION_CLASS), 

1905 ('Buffer',SAMPR_ALIAS_INFO_BUFFER), 

1906 ) 

1907 

1908class SamrSetInformationAliasResponse(NDRCALL): 

1909 structure = ( 

1910 ('ErrorCode',ULONG), 

1911 ) 

1912 

1913class SamrDeleteAlias(NDRCALL): 

1914 opnum = 30 

1915 structure = ( 

1916 ('AliasHandle',SAMPR_HANDLE), 

1917 ) 

1918 

1919class SamrDeleteAliasResponse(NDRCALL): 

1920 structure = ( 

1921 ('AliasHandle',SAMPR_HANDLE), 

1922 ('ErrorCode',ULONG), 

1923 ) 

1924 

1925class SamrAddMemberToAlias(NDRCALL): 

1926 opnum = 31 

1927 structure = ( 

1928 ('AliasHandle',SAMPR_HANDLE), 

1929 ('MemberId', RPC_SID), 

1930 ) 

1931 

1932class SamrAddMemberToAliasResponse(NDRCALL): 

1933 structure = ( 

1934 ('ErrorCode',ULONG), 

1935 ) 

1936 

1937class SamrRemoveMemberFromAlias(NDRCALL): 

1938 opnum = 32 

1939 structure = ( 

1940 ('AliasHandle',SAMPR_HANDLE), 

1941 ('MemberId', RPC_SID), 

1942 ) 

1943 

1944class SamrRemoveMemberFromAliasResponse(NDRCALL): 

1945 structure = ( 

1946 ('ErrorCode',ULONG), 

1947 ) 

1948 

1949class SamrGetMembersInAlias(NDRCALL): 

1950 opnum = 33 

1951 structure = ( 

1952 ('AliasHandle',SAMPR_HANDLE), 

1953 ) 

1954 

1955class SamrGetMembersInAliasResponse(NDRCALL): 

1956 structure = ( 

1957 ('Members',SAMPR_PSID_ARRAY_OUT), 

1958 ('ErrorCode',ULONG), 

1959 ) 

1960 

1961class SamrOpenUser(NDRCALL): 

1962 opnum = 34 

1963 structure = ( 

1964 ('DomainHandle',SAMPR_HANDLE), 

1965 ('DesiredAccess', ULONG), 

1966 ('UserId', ULONG), 

1967 ) 

1968 

1969class SamrOpenUserResponse(NDRCALL): 

1970 structure = ( 

1971 ('UserHandle',SAMPR_HANDLE), 

1972 ('ErrorCode',ULONG), 

1973 ) 

1974 

1975class SamrDeleteUser(NDRCALL): 

1976 opnum = 35 

1977 structure = ( 

1978 ('UserHandle',SAMPR_HANDLE), 

1979 ) 

1980 

1981class SamrDeleteUserResponse(NDRCALL): 

1982 structure = ( 

1983 ('UserHandle',SAMPR_HANDLE), 

1984 ('ErrorCode',ULONG), 

1985 ) 

1986 

1987class SamrQueryInformationUser(NDRCALL): 

1988 opnum = 36 

1989 structure = ( 

1990 ('UserHandle',SAMPR_HANDLE), 

1991 ('UserInformationClass', USER_INFORMATION_CLASS ), 

1992 ) 

1993 

1994class SamrQueryInformationUserResponse(NDRCALL): 

1995 structure = ( 

1996 ('Buffer',PSAMPR_USER_INFO_BUFFER), 

1997 ('ErrorCode',ULONG), 

1998 ) 

1999 

2000class SamrSetInformationUser(NDRCALL): 

2001 opnum = 37 

2002 structure = ( 

2003 ('UserHandle',SAMPR_HANDLE), 

2004 ('UserInformationClass', USER_INFORMATION_CLASS ), 

2005 ('Buffer',SAMPR_USER_INFO_BUFFER), 

2006 ) 

2007 

2008class SamrSetInformationUserResponse(NDRCALL): 

2009 structure = ( 

2010 ('ErrorCode',ULONG), 

2011 ) 

2012 

2013class SamrChangePasswordUser(NDRCALL): 

2014 opnum = 38 

2015 structure = ( 

2016 ('UserHandle',SAMPR_HANDLE), 

2017 ('LmPresent', UCHAR ), 

2018 ('OldLmEncryptedWithNewLm',PENCRYPTED_LM_OWF_PASSWORD), 

2019 ('NewLmEncryptedWithOldLm',PENCRYPTED_LM_OWF_PASSWORD), 

2020 ('NtPresent', UCHAR), 

2021 ('OldNtEncryptedWithNewNt',PENCRYPTED_NT_OWF_PASSWORD), 

2022 ('NewNtEncryptedWithOldNt',PENCRYPTED_NT_OWF_PASSWORD), 

2023 ('NtCrossEncryptionPresent',UCHAR), 

2024 ('NewNtEncryptedWithNewLm',PENCRYPTED_NT_OWF_PASSWORD), 

2025 ('LmCrossEncryptionPresent',UCHAR), 

2026 ('NewLmEncryptedWithNewNt',PENCRYPTED_NT_OWF_PASSWORD), 

2027 ) 

2028 

2029class SamrChangePasswordUserResponse(NDRCALL): 

2030 structure = ( 

2031 ('ErrorCode',ULONG), 

2032 ) 

2033 

2034class SamrGetGroupsForUser(NDRCALL): 

2035 opnum = 39 

2036 structure = ( 

2037 ('UserHandle',SAMPR_HANDLE), 

2038 ) 

2039 

2040class SamrGetGroupsForUserResponse(NDRCALL): 

2041 structure = ( 

2042 ('Groups',PSAMPR_GET_GROUPS_BUFFER), 

2043 ('ErrorCode',ULONG), 

2044 ) 

2045 

2046class SamrQueryDisplayInformation(NDRCALL): 

2047 opnum = 40 

2048 structure = ( 

2049 ('DomainHandle',SAMPR_HANDLE), 

2050 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION), 

2051 ('Index', ULONG), 

2052 ('EntryCount',ULONG), 

2053 ('PreferredMaximumLength',ULONG), 

2054 ) 

2055 

2056class SamrQueryDisplayInformationResponse(NDRCALL): 

2057 structure = ( 

2058 ('TotalAvailable',ULONG), 

2059 ('TotalReturned',ULONG), 

2060 ('Buffer',SAMPR_DISPLAY_INFO_BUFFER), 

2061 ('ErrorCode',ULONG), 

2062 ) 

2063 

2064class SamrGetDisplayEnumerationIndex(NDRCALL): 

2065 opnum = 41 

2066 structure = ( 

2067 ('DomainHandle',SAMPR_HANDLE), 

2068 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION), 

2069 ('Prefix', RPC_UNICODE_STRING), 

2070 ) 

2071 

2072class SamrGetDisplayEnumerationIndexResponse(NDRCALL): 

2073 structure = ( 

2074 ('Index',ULONG), 

2075 ('ErrorCode',ULONG), 

2076 ) 

2077 

2078class SamrGetUserDomainPasswordInformation(NDRCALL): 

2079 opnum = 44 

2080 structure = ( 

2081 ('UserHandle',SAMPR_HANDLE), 

2082 ) 

2083 

2084class SamrGetUserDomainPasswordInformationResponse(NDRCALL): 

2085 structure = ( 

2086 ('PasswordInformation',USER_DOMAIN_PASSWORD_INFORMATION), 

2087 ('ErrorCode',ULONG), 

2088 ) 

2089 

2090class SamrRemoveMemberFromForeignDomain(NDRCALL): 

2091 opnum = 45 

2092 structure = ( 

2093 ('DomainHandle',SAMPR_HANDLE), 

2094 ('MemberSid', RPC_SID), 

2095 ) 

2096 

2097class SamrRemoveMemberFromForeignDomainResponse(NDRCALL): 

2098 structure = ( 

2099 ('ErrorCode',ULONG), 

2100 ) 

2101 

2102class SamrQueryInformationDomain2(NDRCALL): 

2103 opnum = 46 

2104 structure = ( 

2105 ('DomainHandle',SAMPR_HANDLE), 

2106 ('DomainInformationClass', DOMAIN_INFORMATION_CLASS), 

2107 ) 

2108 

2109class SamrQueryInformationDomain2Response(NDRCALL): 

2110 structure = ( 

2111 ('Buffer',PSAMPR_DOMAIN_INFO_BUFFER), 

2112 ('ErrorCode',ULONG), 

2113 ) 

2114 

2115class SamrQueryInformationUser2(NDRCALL): 

2116 opnum = 47 

2117 structure = ( 

2118 ('UserHandle',SAMPR_HANDLE), 

2119 ('UserInformationClass', USER_INFORMATION_CLASS ), 

2120 ) 

2121 

2122class SamrQueryInformationUser2Response(NDRCALL): 

2123 structure = ( 

2124 ('Buffer',PSAMPR_USER_INFO_BUFFER), 

2125 ('ErrorCode',ULONG), 

2126 ) 

2127 

2128class SamrQueryDisplayInformation2(NDRCALL): 

2129 opnum = 48 

2130 structure = ( 

2131 ('DomainHandle',SAMPR_HANDLE), 

2132 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION), 

2133 ('Index', ULONG), 

2134 ('EntryCount',ULONG), 

2135 ('PreferredMaximumLength',ULONG), 

2136 ) 

2137 

2138class SamrQueryDisplayInformation2Response(NDRCALL): 

2139 structure = ( 

2140 ('TotalAvailable',ULONG), 

2141 ('TotalReturned',ULONG), 

2142 ('Buffer',SAMPR_DISPLAY_INFO_BUFFER), 

2143 ('ErrorCode',ULONG), 

2144 ) 

2145 

2146class SamrGetDisplayEnumerationIndex2(NDRCALL): 

2147 opnum = 49 

2148 structure = ( 

2149 ('DomainHandle',SAMPR_HANDLE), 

2150 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION), 

2151 ('Prefix', RPC_UNICODE_STRING), 

2152 ) 

2153 

2154class SamrGetDisplayEnumerationIndex2Response(NDRCALL): 

2155 structure = ( 

2156 ('Index',ULONG), 

2157 ('ErrorCode',ULONG), 

2158 ) 

2159 

2160class SamrCreateUser2InDomain(NDRCALL): 

2161 opnum = 50 

2162 structure = ( 

2163 ('DomainHandle',SAMPR_HANDLE), 

2164 ('Name', RPC_UNICODE_STRING), 

2165 ('AccountType', ULONG), 

2166 ('DesiredAccess', ULONG), 

2167 ) 

2168 

2169class SamrCreateUser2InDomainResponse(NDRCALL): 

2170 structure = ( 

2171 ('UserHandle',SAMPR_HANDLE), 

2172 ('GrantedAccess',ULONG), 

2173 ('RelativeId',ULONG), 

2174 ('ErrorCode',ULONG), 

2175 ) 

2176 

2177class SamrQueryDisplayInformation3(NDRCALL): 

2178 opnum = 51 

2179 structure = ( 

2180 ('DomainHandle',SAMPR_HANDLE), 

2181 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION), 

2182 ('Index', ULONG), 

2183 ('EntryCount',ULONG), 

2184 ('PreferredMaximumLength',ULONG), 

2185 ) 

2186 

2187class SamrQueryDisplayInformation3Response(NDRCALL): 

2188 structure = ( 

2189 ('TotalAvailable',ULONG), 

2190 ('TotalReturned',ULONG), 

2191 ('Buffer',SAMPR_DISPLAY_INFO_BUFFER), 

2192 ('ErrorCode',ULONG), 

2193 ) 

2194 

2195class SamrAddMultipleMembersToAlias(NDRCALL): 

2196 opnum = 52 

2197 structure = ( 

2198 ('AliasHandle',SAMPR_HANDLE), 

2199 ('MembersBuffer', SAMPR_PSID_ARRAY), 

2200 ) 

2201 

2202class SamrAddMultipleMembersToAliasResponse(NDRCALL): 

2203 structure = ( 

2204 ('ErrorCode',ULONG), 

2205 ) 

2206 

2207class SamrRemoveMultipleMembersFromAlias(NDRCALL): 

2208 opnum = 53 

2209 structure = ( 

2210 ('AliasHandle',SAMPR_HANDLE), 

2211 ('MembersBuffer', SAMPR_PSID_ARRAY), 

2212 ) 

2213 

2214class SamrRemoveMultipleMembersFromAliasResponse(NDRCALL): 

2215 structure = ( 

2216 ('ErrorCode',ULONG), 

2217 ) 

2218 

2219class SamrOemChangePasswordUser2(NDRCALL): 

2220 opnum = 54 

2221 structure = ( 

2222 ('ServerName', PRPC_STRING), 

2223 ('UserName', RPC_STRING), 

2224 ('NewPasswordEncryptedWithOldLm', PSAMPR_ENCRYPTED_USER_PASSWORD), 

2225 ('OldLmOwfPasswordEncryptedWithNewLm', PENCRYPTED_LM_OWF_PASSWORD), 

2226 ) 

2227 

2228class SamrOemChangePasswordUser2Response(NDRCALL): 

2229 structure = ( 

2230 ('ErrorCode',ULONG), 

2231 ) 

2232 

2233class SamrUnicodeChangePasswordUser2(NDRCALL): 

2234 opnum = 55 

2235 structure = ( 

2236 ('ServerName', PRPC_UNICODE_STRING), 

2237 ('UserName', RPC_UNICODE_STRING), 

2238 ('NewPasswordEncryptedWithOldNt',PSAMPR_ENCRYPTED_USER_PASSWORD), 

2239 ('OldNtOwfPasswordEncryptedWithNewNt',PENCRYPTED_NT_OWF_PASSWORD), 

2240 ('LmPresent',UCHAR), 

2241 ('NewPasswordEncryptedWithOldLm',PSAMPR_ENCRYPTED_USER_PASSWORD), 

2242 ('OldLmOwfPasswordEncryptedWithNewNt',PENCRYPTED_LM_OWF_PASSWORD), 

2243 ) 

2244 

2245class SamrUnicodeChangePasswordUser2Response(NDRCALL): 

2246 structure = ( 

2247 ('ErrorCode',ULONG), 

2248 ) 

2249 

2250class SamrGetDomainPasswordInformation(NDRCALL): 

2251 opnum = 56 

2252 structure = ( 

2253 #('BindingHandle',SAMPR_HANDLE), 

2254 ('Unused', PRPC_UNICODE_STRING), 

2255 ) 

2256 

2257class SamrGetDomainPasswordInformationResponse(NDRCALL): 

2258 structure = ( 

2259 ('PasswordInformation',USER_DOMAIN_PASSWORD_INFORMATION), 

2260 ('ErrorCode',ULONG), 

2261 ) 

2262 

2263class SamrConnect2(NDRCALL): 

2264 opnum = 57 

2265 structure = ( 

2266 ('ServerName',PSAMPR_SERVER_NAME), 

2267 ('DesiredAccess', ULONG), 

2268 ) 

2269 

2270class SamrConnect2Response(NDRCALL): 

2271 structure = ( 

2272 ('ServerHandle',SAMPR_HANDLE), 

2273 ('ErrorCode',ULONG), 

2274 ) 

2275 

2276class SamrSetInformationUser2(NDRCALL): 

2277 opnum = 58 

2278 structure = ( 

2279 ('UserHandle',SAMPR_HANDLE), 

2280 ('UserInformationClass', USER_INFORMATION_CLASS), 

2281 ('Buffer', SAMPR_USER_INFO_BUFFER), 

2282 ) 

2283 

2284class SamrSetInformationUser2Response(NDRCALL): 

2285 structure = ( 

2286 ('ErrorCode',ULONG), 

2287 ) 

2288 

2289class SamrConnect4(NDRCALL): 

2290 opnum = 62 

2291 structure = ( 

2292 ('ServerName',PSAMPR_SERVER_NAME), 

2293 ('ClientRevision', ULONG), 

2294 ('DesiredAccess', ULONG), 

2295 ) 

2296 

2297class SamrConnect4Response(NDRCALL): 

2298 structure = ( 

2299 ('ServerHandle',SAMPR_HANDLE), 

2300 ('ErrorCode',ULONG), 

2301 ) 

2302 

2303class SamrConnect5(NDRCALL): 

2304 opnum = 64 

2305 structure = ( 

2306 ('ServerName',PSAMPR_SERVER_NAME), 

2307 ('DesiredAccess', ULONG), 

2308 ('InVersion', ULONG), 

2309 ('InRevisionInfo',SAMPR_REVISION_INFO), 

2310 ) 

2311 

2312class SamrConnect5Response(NDRCALL): 

2313 structure = ( 

2314 ('OutVersion',ULONG), 

2315 ('OutRevisionInfo',SAMPR_REVISION_INFO), 

2316 ('ServerHandle',SAMPR_HANDLE), 

2317 ('ErrorCode',ULONG), 

2318 ) 

2319 

2320class SamrRidToSid(NDRCALL): 

2321 opnum = 65 

2322 structure = ( 

2323 ('ObjectHandle',SAMPR_HANDLE), 

2324 ('Rid', ULONG), 

2325 ) 

2326 

2327class SamrRidToSidResponse(NDRCALL): 

2328 structure = ( 

2329 ('Sid',PRPC_SID), 

2330 ('ErrorCode',ULONG), 

2331 ) 

2332 

2333class SamrSetDSRMPassword(NDRCALL): 

2334 opnum = 66 

2335 structure = ( 

2336 ('Unused', PRPC_UNICODE_STRING), 

2337 ('UserId',ULONG), 

2338 ('EncryptedNtOwfPassword',PENCRYPTED_NT_OWF_PASSWORD), 

2339 ) 

2340 

2341class SamrSetDSRMPasswordResponse(NDRCALL): 

2342 structure = ( 

2343 ('ErrorCode',ULONG), 

2344 ) 

2345 

2346class SamrValidatePassword(NDRCALL): 

2347 opnum = 67 

2348 structure = ( 

2349 ('ValidationType', PASSWORD_POLICY_VALIDATION_TYPE), 

2350 ('InputArg',SAM_VALIDATE_INPUT_ARG), 

2351 ) 

2352 

2353class SamrValidatePasswordResponse(NDRCALL): 

2354 structure = ( 

2355 ('OutputArg',PSAM_VALIDATE_OUTPUT_ARG), 

2356 ('ErrorCode',ULONG), 

2357 ) 

2358 

2359################################################################################ 

2360# OPNUMs and their corresponding structures 

2361################################################################################ 

2362OPNUMS = { 

2363 0 : (SamrConnect, SamrConnectResponse), 

2364 1 : (SamrCloseHandle, SamrCloseHandleResponse), 

2365 2 : (SamrSetSecurityObject, SamrSetSecurityObjectResponse), 

2366 3 : (SamrQuerySecurityObject, SamrQuerySecurityObjectResponse), 

2367 5 : (SamrLookupDomainInSamServer, SamrLookupDomainInSamServerResponse), 

2368 6 : (SamrEnumerateDomainsInSamServer, SamrEnumerateDomainsInSamServerResponse), 

2369 7 : (SamrOpenDomain, SamrOpenDomainResponse), 

2370 8 : (SamrQueryInformationDomain, SamrQueryInformationDomainResponse), 

2371 9 : (SamrSetInformationDomain, SamrSetInformationDomainResponse), 

237210 : (SamrCreateGroupInDomain, SamrCreateGroupInDomainResponse), 

237311 : (SamrEnumerateGroupsInDomain, SamrEnumerateGroupsInDomainResponse), 

237412 : (SamrCreateUserInDomain, SamrCreateUserInDomainResponse), 

237513 : (SamrEnumerateUsersInDomain, SamrEnumerateUsersInDomainResponse), 

237614 : (SamrCreateAliasInDomain, SamrCreateAliasInDomainResponse), 

237715 : (SamrEnumerateAliasesInDomain, SamrEnumerateAliasesInDomainResponse), 

237816 : (SamrGetAliasMembership, SamrGetAliasMembershipResponse), 

237917 : (SamrLookupNamesInDomain, SamrLookupNamesInDomainResponse), 

238018 : (SamrLookupIdsInDomain, SamrLookupIdsInDomainResponse), 

238119 : (SamrOpenGroup, SamrOpenGroupResponse), 

238220 : (SamrQueryInformationGroup, SamrQueryInformationGroupResponse), 

238321 : (SamrSetInformationGroup, SamrSetInformationGroupResponse), 

238422 : (SamrAddMemberToGroup, SamrAddMemberToGroupResponse), 

238523 : (SamrDeleteGroup, SamrDeleteGroupResponse), 

238624 : (SamrRemoveMemberFromGroup, SamrRemoveMemberFromGroupResponse), 

238725 : (SamrGetMembersInGroup, SamrGetMembersInGroupResponse), 

238826 : (SamrSetMemberAttributesOfGroup, SamrSetMemberAttributesOfGroupResponse), 

238927 : (SamrOpenAlias, SamrOpenAliasResponse), 

239028 : (SamrQueryInformationAlias, SamrQueryInformationAliasResponse), 

239129 : (SamrSetInformationAlias, SamrSetInformationAliasResponse), 

239230 : (SamrDeleteAlias, SamrDeleteAliasResponse), 

239331 : (SamrAddMemberToAlias, SamrAddMemberToAliasResponse), 

239432 : (SamrRemoveMemberFromAlias, SamrRemoveMemberFromAliasResponse), 

239533 : (SamrGetMembersInAlias, SamrGetMembersInAliasResponse), 

239634 : (SamrOpenUser, SamrOpenUserResponse), 

239735 : (SamrDeleteUser, SamrDeleteUserResponse), 

239836 : (SamrQueryInformationUser, SamrQueryInformationUserResponse), 

239937 : (SamrSetInformationUser, SamrSetInformationUserResponse), 

240038 : (SamrChangePasswordUser, SamrChangePasswordUserResponse), 

240139 : (SamrGetGroupsForUser, SamrGetGroupsForUserResponse), 

240240 : (SamrQueryDisplayInformation, SamrQueryDisplayInformationResponse), 

240341 : (SamrGetDisplayEnumerationIndex, SamrGetDisplayEnumerationIndexResponse), 

240444 : (SamrGetUserDomainPasswordInformation, SamrGetUserDomainPasswordInformationResponse), 

240545 : (SamrRemoveMemberFromForeignDomain, SamrRemoveMemberFromForeignDomainResponse), 

240646 : (SamrQueryInformationDomain2, SamrQueryInformationDomain2Response), 

240747 : (SamrQueryInformationUser2, SamrQueryInformationUser2Response), 

240848 : (SamrQueryDisplayInformation2, SamrQueryDisplayInformation2Response), 

240949 : (SamrGetDisplayEnumerationIndex2, SamrGetDisplayEnumerationIndex2Response), 

241050 : (SamrCreateUser2InDomain, SamrCreateUser2InDomainResponse), 

241151 : (SamrQueryDisplayInformation3, SamrQueryDisplayInformation3Response), 

241252 : (SamrAddMultipleMembersToAlias, SamrAddMultipleMembersToAliasResponse), 

241353 : (SamrRemoveMultipleMembersFromAlias, SamrRemoveMultipleMembersFromAliasResponse), 

241454 : (SamrOemChangePasswordUser2, SamrOemChangePasswordUser2Response), 

241555 : (SamrUnicodeChangePasswordUser2, SamrUnicodeChangePasswordUser2Response), 

241656 : (SamrGetDomainPasswordInformation, SamrGetDomainPasswordInformationResponse), 

241757 : (SamrConnect2, SamrConnect2Response), 

241858 : (SamrSetInformationUser2, SamrSetInformationUser2Response), 

241962 : (SamrConnect4, SamrConnect4Response), 

242064 : (SamrConnect5, SamrConnect5Response), 

242165 : (SamrRidToSid, SamrRidToSidResponse), 

242266 : (SamrSetDSRMPassword, SamrSetDSRMPasswordResponse), 

242367 : (SamrValidatePassword, SamrValidatePasswordResponse), 

2424} 

2425 

2426################################################################################ 

2427# HELPER FUNCTIONS 

2428################################################################################ 

2429 

2430def hSamrConnect5(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED, inVersion=1, revision=3): 

2431 request = SamrConnect5() 

2432 request['ServerName'] = serverName 

2433 request['DesiredAccess'] = desiredAccess 

2434 request['InVersion'] = inVersion 

2435 request['InRevisionInfo']['tag'] = inVersion 

2436 request['InRevisionInfo']['V1']['Revision'] = revision 

2437 return dce.request(request) 

2438 

2439def hSamrConnect4(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED, clientRevision=2): 

2440 request = SamrConnect4() 

2441 request['ServerName'] = serverName 

2442 request['DesiredAccess'] = desiredAccess 

2443 request['ClientRevision'] = clientRevision 

2444 return dce.request(request) 

2445 

2446def hSamrConnect2(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED): 

2447 request = SamrConnect2() 

2448 request['ServerName'] = serverName 

2449 request['DesiredAccess'] = desiredAccess 

2450 return dce.request(request) 

2451 

2452def hSamrConnect(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED): 

2453 request = SamrConnect() 

2454 request['ServerName'] = serverName 

2455 request['DesiredAccess'] = desiredAccess 

2456 return dce.request(request) 

2457 

2458def hSamrOpenDomain(dce, serverHandle, desiredAccess=MAXIMUM_ALLOWED, domainId=NULL): 

2459 request = SamrOpenDomain() 

2460 request['ServerHandle'] = serverHandle 

2461 request['DesiredAccess'] = desiredAccess 

2462 request['DomainId'] = domainId 

2463 return dce.request(request) 

2464 

2465def hSamrOpenGroup(dce, domainHandle, desiredAccess=MAXIMUM_ALLOWED, groupId=0): 

2466 request = SamrOpenGroup() 

2467 request['DomainHandle'] = domainHandle 

2468 request['DesiredAccess'] = desiredAccess 

2469 request['GroupId'] = groupId 

2470 return dce.request(request) 

2471 

2472def hSamrOpenAlias(dce, domainHandle, desiredAccess=MAXIMUM_ALLOWED, aliasId=0): 

2473 request = SamrOpenAlias() 

2474 request['DomainHandle'] = domainHandle 

2475 request['DesiredAccess'] = desiredAccess 

2476 request['AliasId'] = aliasId 

2477 return dce.request(request) 

2478 

2479def hSamrOpenUser(dce, domainHandle, desiredAccess=MAXIMUM_ALLOWED, userId=0): 

2480 request = SamrOpenUser() 

2481 request['DomainHandle'] = domainHandle 

2482 request['DesiredAccess'] = desiredAccess 

2483 request['UserId'] = userId 

2484 return dce.request(request) 

2485 

2486def hSamrEnumerateDomainsInSamServer(dce, serverHandle, enumerationContext=0, preferedMaximumLength=0xffffffff): 

2487 request = SamrEnumerateDomainsInSamServer() 

2488 request['ServerHandle'] = serverHandle 

2489 request['EnumerationContext'] = enumerationContext 

2490 request['PreferedMaximumLength'] = preferedMaximumLength 

2491 return dce.request(request) 

2492 

2493def hSamrEnumerateGroupsInDomain(dce, domainHandle, enumerationContext=0, preferedMaximumLength=0xffffffff): 

2494 request = SamrEnumerateGroupsInDomain() 

2495 request['DomainHandle'] = domainHandle 

2496 request['EnumerationContext'] = enumerationContext 

2497 request['PreferedMaximumLength'] = preferedMaximumLength 

2498 return dce.request(request) 

2499 

2500def hSamrEnumerateAliasesInDomain(dce, domainHandle, enumerationContext=0, preferedMaximumLength=0xffffffff): 

2501 request = SamrEnumerateAliasesInDomain() 

2502 request['DomainHandle'] = domainHandle 

2503 request['EnumerationContext'] = enumerationContext 

2504 request['PreferedMaximumLength'] = preferedMaximumLength 

2505 return dce.request(request) 

2506 

2507def hSamrEnumerateUsersInDomain(dce, domainHandle, userAccountControl=USER_NORMAL_ACCOUNT, enumerationContext=0, preferedMaximumLength=0xffffffff): 

2508 request = SamrEnumerateUsersInDomain() 

2509 request['DomainHandle'] = domainHandle 

2510 request['UserAccountControl'] = userAccountControl 

2511 request['EnumerationContext'] = enumerationContext 

2512 request['PreferedMaximumLength'] = preferedMaximumLength 

2513 return dce.request(request) 

2514 

2515def hSamrQueryDisplayInformation3(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, index=0, entryCount=0xffffffff, preferedMaximumLength=0xffffffff): 

2516 request = SamrQueryDisplayInformation3() 

2517 request['DomainHandle'] = domainHandle 

2518 request['DisplayInformationClass'] = displayInformationClass 

2519 request['Index'] = index 

2520 request['EntryCount'] = entryCount 

2521 request['PreferredMaximumLength'] = preferedMaximumLength 

2522 return dce.request(request) 

2523 

2524def hSamrQueryDisplayInformation2(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, index=0, entryCount=0xffffffff, preferedMaximumLength=0xffffffff): 

2525 request = SamrQueryDisplayInformation2() 

2526 request['DomainHandle'] = domainHandle 

2527 request['DisplayInformationClass'] = displayInformationClass 

2528 request['Index'] = index 

2529 request['EntryCount'] = entryCount 

2530 request['PreferredMaximumLength'] = preferedMaximumLength 

2531 return dce.request(request) 

2532 

2533def hSamrQueryDisplayInformation(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, index=0, entryCount=0xffffffff, preferedMaximumLength=0xffffffff): 

2534 request = SamrQueryDisplayInformation() 

2535 request['DomainHandle'] = domainHandle 

2536 request['DisplayInformationClass'] = displayInformationClass 

2537 request['Index'] = index 

2538 request['EntryCount'] = entryCount 

2539 request['PreferredMaximumLength'] = preferedMaximumLength 

2540 return dce.request(request) 

2541 

2542def hSamrGetDisplayEnumerationIndex2(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, prefix=''): 

2543 request = SamrGetDisplayEnumerationIndex2() 

2544 request['DomainHandle'] = domainHandle 

2545 request['DisplayInformationClass'] = displayInformationClass 

2546 request['Prefix'] = prefix 

2547 return dce.request(request) 

2548 

2549def hSamrGetDisplayEnumerationIndex(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, prefix=''): 

2550 request = SamrGetDisplayEnumerationIndex() 

2551 request['DomainHandle'] = domainHandle 

2552 request['DisplayInformationClass'] = displayInformationClass 

2553 request['Prefix'] = prefix 

2554 return dce.request(request) 

2555 

2556def hSamrCreateGroupInDomain(dce, domainHandle, name, desiredAccess=GROUP_ALL_ACCESS): 

2557 request = SamrCreateGroupInDomain() 

2558 request['DomainHandle'] = domainHandle 

2559 request['Name'] = name 

2560 request['DesiredAccess'] = desiredAccess 

2561 return dce.request(request) 

2562 

2563def hSamrCreateAliasInDomain(dce, domainHandle, accountName, desiredAccess=GROUP_ALL_ACCESS): 

2564 request = SamrCreateAliasInDomain() 

2565 request['DomainHandle'] = domainHandle 

2566 request['AccountName'] = accountName 

2567 request['DesiredAccess'] = desiredAccess 

2568 return dce.request(request) 

2569 

2570def hSamrCreateUser2InDomain(dce, domainHandle, name, accountType=USER_NORMAL_ACCOUNT, desiredAccess=GROUP_ALL_ACCESS): 

2571 request = SamrCreateUser2InDomain() 

2572 request['DomainHandle'] = domainHandle 

2573 request['Name'] = name 

2574 request['AccountType'] = accountType 

2575 request['DesiredAccess'] = desiredAccess 

2576 return dce.request(request) 

2577 

2578def hSamrCreateUserInDomain(dce, domainHandle, name, desiredAccess=GROUP_ALL_ACCESS): 

2579 request = SamrCreateUserInDomain() 

2580 request['DomainHandle'] = domainHandle 

2581 request['Name'] = name 

2582 request['DesiredAccess'] = desiredAccess 

2583 return dce.request(request) 

2584 

2585def hSamrQueryInformationDomain(dce, domainHandle, domainInformationClass=DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2): 

2586 request = SamrQueryInformationDomain() 

2587 request['DomainHandle'] = domainHandle 

2588 request['DomainInformationClass'] = domainInformationClass 

2589 return dce.request(request) 

2590 

2591def hSamrQueryInformationDomain2(dce, domainHandle, domainInformationClass=DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2): 

2592 request = SamrQueryInformationDomain2() 

2593 request['DomainHandle'] = domainHandle 

2594 request['DomainInformationClass'] = domainInformationClass 

2595 return dce.request(request) 

2596 

2597def hSamrQueryInformationGroup(dce, groupHandle, groupInformationClass=GROUP_INFORMATION_CLASS.GroupGeneralInformation): 

2598 request = SamrQueryInformationGroup() 

2599 request['GroupHandle'] = groupHandle 

2600 request['GroupInformationClass'] = groupInformationClass 

2601 return dce.request(request) 

2602 

2603def hSamrQueryInformationAlias(dce, aliasHandle, aliasInformationClass=ALIAS_INFORMATION_CLASS.AliasGeneralInformation): 

2604 request = SamrQueryInformationAlias() 

2605 request['AliasHandle'] = aliasHandle 

2606 request['AliasInformationClass'] = aliasInformationClass 

2607 return dce.request(request) 

2608 

2609def hSamrQueryInformationUser2(dce, userHandle, userInformationClass=USER_INFORMATION_CLASS.UserGeneralInformation): 

2610 request = SamrQueryInformationUser2() 

2611 request['UserHandle'] = userHandle 

2612 request['UserInformationClass'] = userInformationClass 

2613 return dce.request(request) 

2614 

2615def hSamrQueryInformationUser(dce, userHandle, userInformationClass=USER_INFORMATION_CLASS.UserGeneralInformation): 

2616 request = SamrQueryInformationUser() 

2617 request['UserHandle'] = userHandle 

2618 request['UserInformationClass'] = userInformationClass 

2619 return dce.request(request) 

2620 

2621def hSamrSetInformationDomain(dce, domainHandle, domainInformation): 

2622 request = SamrSetInformationDomain() 

2623 request['DomainHandle'] = domainHandle 

2624 request['DomainInformationClass'] = domainInformation['tag'] 

2625 request['DomainInformation'] = domainInformation 

2626 return dce.request(request) 

2627 

2628def hSamrSetInformationGroup(dce, groupHandle, buffer): 

2629 request = SamrSetInformationGroup() 

2630 request['GroupHandle'] = groupHandle 

2631 request['GroupInformationClass'] = buffer['tag'] 

2632 request['Buffer'] = buffer 

2633 return dce.request(request) 

2634 

2635def hSamrSetInformationAlias(dce, aliasHandle, buffer): 

2636 request = SamrSetInformationAlias() 

2637 request['AliasHandle'] = aliasHandle 

2638 request['AliasInformationClass'] = buffer['tag'] 

2639 request['Buffer'] = buffer 

2640 return dce.request(request) 

2641 

2642def hSamrSetInformationUser2(dce, userHandle, buffer): 

2643 request = SamrSetInformationUser2() 

2644 request['UserHandle'] = userHandle 

2645 request['UserInformationClass'] = buffer['tag'] 

2646 request['Buffer'] = buffer 

2647 return dce.request(request) 

2648 

2649def hSamrSetInformationUser(dce, userHandle, buffer): 

2650 request = SamrSetInformationUser() 

2651 request['UserHandle'] = userHandle 

2652 request['UserInformationClass'] = buffer['tag'] 

2653 request['Buffer'] = buffer 

2654 return dce.request(request) 

2655 

2656def hSamrDeleteGroup(dce, groupHandle): 

2657 request = SamrDeleteGroup() 

2658 request['GroupHandle'] = groupHandle 

2659 return dce.request(request) 

2660 

2661def hSamrDeleteAlias(dce, aliasHandle): 

2662 request = SamrDeleteAlias() 

2663 request['AliasHandle'] = aliasHandle 

2664 return dce.request(request) 

2665 

2666def hSamrDeleteUser(dce, userHandle): 

2667 request = SamrDeleteUser() 

2668 request['UserHandle'] = userHandle 

2669 return dce.request(request) 

2670 

2671def hSamrAddMemberToGroup(dce, groupHandle, memberId, attributes): 

2672 request = SamrAddMemberToGroup() 

2673 request['GroupHandle'] = groupHandle 

2674 request['MemberId'] = memberId 

2675 request['Attributes'] = attributes 

2676 return dce.request(request) 

2677 

2678def hSamrRemoveMemberFromGroup(dce, groupHandle, memberId): 

2679 request = SamrRemoveMemberFromGroup() 

2680 request['GroupHandle'] = groupHandle 

2681 request['MemberId'] = memberId 

2682 return dce.request(request) 

2683 

2684def hSamrGetMembersInGroup(dce, groupHandle): 

2685 request = SamrGetMembersInGroup() 

2686 request['GroupHandle'] = groupHandle 

2687 return dce.request(request) 

2688 

2689def hSamrAddMemberToAlias(dce, aliasHandle, memberId): 

2690 request = SamrAddMemberToAlias() 

2691 request['AliasHandle'] = aliasHandle 

2692 request['MemberId'] = memberId 

2693 return dce.request(request) 

2694 

2695def hSamrRemoveMemberFromAlias(dce, aliasHandle, memberId): 

2696 request = SamrRemoveMemberFromAlias() 

2697 request['AliasHandle'] = aliasHandle 

2698 request['MemberId'] = memberId 

2699 return dce.request(request) 

2700 

2701def hSamrGetMembersInAlias(dce, aliasHandle): 

2702 request = SamrGetMembersInAlias() 

2703 request['AliasHandle'] = aliasHandle 

2704 return dce.request(request) 

2705 

2706def hSamrRemoveMemberFromForeignDomain(dce, domainHandle, memberSid): 

2707 request = SamrRemoveMemberFromForeignDomain() 

2708 request['DomainHandle'] = domainHandle 

2709 request['MemberSid'] = memberSid 

2710 return dce.request(request) 

2711 

2712def hSamrAddMultipleMembersToAlias(dce, aliasHandle, membersBuffer): 

2713 request = SamrAddMultipleMembersToAlias() 

2714 request['AliasHandle'] = aliasHandle 

2715 request['MembersBuffer'] = membersBuffer 

2716 request['MembersBuffer']['Count'] = len(membersBuffer['Sids']) 

2717 return dce.request(request) 

2718 

2719def hSamrRemoveMultipleMembersFromAlias(dce, aliasHandle, membersBuffer): 

2720 request = SamrRemoveMultipleMembersFromAlias() 

2721 request['AliasHandle'] = aliasHandle 

2722 request['MembersBuffer'] = membersBuffer 

2723 request['MembersBuffer']['Count'] = len(membersBuffer['Sids']) 

2724 return dce.request(request) 

2725 

2726def hSamrGetGroupsForUser(dce, userHandle): 

2727 request = SamrGetGroupsForUser() 

2728 request['UserHandle'] = userHandle 

2729 return dce.request(request) 

2730 

2731def hSamrGetAliasMembership(dce, domainHandle, sidArray): 

2732 request = SamrGetAliasMembership() 

2733 request['DomainHandle'] = domainHandle 

2734 request['SidArray'] = sidArray 

2735 request['SidArray']['Count'] = len(sidArray['Sids']) 

2736 return dce.request(request) 

2737 

2738def hSamrChangePasswordUser(dce, userHandle, oldPassword, newPassword): 

2739 request = SamrChangePasswordUser() 

2740 request['UserHandle'] = userHandle 

2741 

2742 from impacket import crypto, ntlm 

2743 

2744 oldPwdHashNT = ntlm.NTOWFv1(oldPassword) 

2745 newPwdHashNT = ntlm.NTOWFv1(newPassword) 

2746 newPwdHashLM = ntlm.LMOWFv1(newPassword) 

2747 

2748 request['LmPresent'] = 0 

2749 request['OldLmEncryptedWithNewLm'] = NULL 

2750 request['NewLmEncryptedWithOldLm'] = NULL 

2751 request['NtPresent'] = 1 

2752 request['OldNtEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(oldPwdHashNT, newPwdHashNT) 

2753 request['NewNtEncryptedWithOldNt'] = crypto.SamEncryptNTLMHash(newPwdHashNT, oldPwdHashNT) 

2754 request['NtCrossEncryptionPresent'] = 0 

2755 request['NewNtEncryptedWithNewLm'] = NULL 

2756 request['LmCrossEncryptionPresent'] = 1 

2757 request['NewLmEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(newPwdHashLM, newPwdHashNT) 

2758 

2759 return dce.request(request) 

2760 

2761def hSamrUnicodeChangePasswordUser2(dce, serverName='\x00', userName='', oldPassword='', newPassword='', oldPwdHashLM = '', oldPwdHashNT = ''): 

2762 request = SamrUnicodeChangePasswordUser2() 

2763 request['ServerName'] = serverName 

2764 request['UserName'] = userName 

2765 

2766 try: 

2767 from Cryptodome.Cipher import ARC4 

2768 except Exception: 

2769 LOG.critical("Warning: You don't have any crypto installed. You need pycryptodomex") 

2770 LOG.critical("See https://pypi.org/project/pycryptodomex/") 

2771 from impacket import crypto, ntlm 

2772 

2773 if oldPwdHashLM == '' and oldPwdHashNT == '': 2773 ↛ 2778line 2773 didn't jump to line 2778, because the condition on line 2773 was never false

2774 oldPwdHashLM = ntlm.LMOWFv1(oldPassword) 

2775 oldPwdHashNT = ntlm.NTOWFv1(oldPassword) 

2776 else: 

2777 # Let's convert the hashes to binary form, if not yet 

2778 try: 

2779 oldPwdHashLM = unhexlify(oldPwdHashLM) 

2780 except: 

2781 pass 

2782 try: 

2783 oldPwdHashNT = unhexlify(oldPwdHashNT) 

2784 except: 

2785 pass 

2786 

2787 newPwdHashNT = ntlm.NTOWFv1(newPassword) 

2788 

2789 samUser = SAMPR_USER_PASSWORD() 

2790 try: 

2791 samUser['Buffer'] = b'A'*(512-len(newPassword)*2) + newPassword.encode('utf-16le') 

2792 except UnicodeDecodeError: 

2793 import sys 

2794 samUser['Buffer'] = b'A'*(512-len(newPassword)*2) + newPassword.decode(sys.getfilesystemencoding()).encode('utf-16le') 

2795 

2796 samUser['Length'] = len(newPassword)*2 

2797 pwdBuff = samUser.getData() 

2798 

2799 rc4 = ARC4.new(oldPwdHashNT) 

2800 encBuf = rc4.encrypt(pwdBuff) 

2801 request['NewPasswordEncryptedWithOldNt']['Buffer'] = encBuf 

2802 request['OldNtOwfPasswordEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(oldPwdHashNT, newPwdHashNT) 

2803 request['LmPresent'] = 0 

2804 request['NewPasswordEncryptedWithOldLm'] = NULL 

2805 request['OldLmOwfPasswordEncryptedWithNewNt'] = NULL 

2806 

2807 return dce.request(request) 

2808 

2809def hSamrLookupDomainInSamServer(dce, serverHandle, name): 

2810 request = SamrLookupDomainInSamServer() 

2811 request['ServerHandle'] = serverHandle 

2812 request['Name'] = name 

2813 return dce.request(request) 

2814 

2815def hSamrSetSecurityObject(dce, objectHandle, securityInformation, securityDescriptor): 

2816 request = SamrSetSecurityObject() 

2817 request['ObjectHandle'] = objectHandle 

2818 request['SecurityInformation'] = securityInformation 

2819 request['SecurityDescriptor'] = securityDescriptor 

2820 return dce.request(request) 

2821 

2822def hSamrQuerySecurityObject(dce, objectHandle, securityInformation): 

2823 request = SamrQuerySecurityObject() 

2824 request['ObjectHandle'] = objectHandle 

2825 request['SecurityInformation'] = securityInformation 

2826 return dce.request(request) 

2827 

2828def hSamrCloseHandle(dce, samHandle): 

2829 request = SamrCloseHandle() 

2830 request['SamHandle'] = samHandle 

2831 return dce.request(request) 

2832 

2833def hSamrSetMemberAttributesOfGroup(dce, groupHandle, memberId, attributes): 

2834 request = SamrSetMemberAttributesOfGroup() 

2835 request['GroupHandle'] = groupHandle 

2836 request['MemberId'] = memberId 

2837 request['Attributes'] = attributes 

2838 return dce.request(request) 

2839 

2840def hSamrGetUserDomainPasswordInformation(dce, userHandle): 

2841 request = SamrGetUserDomainPasswordInformation() 

2842 request['UserHandle'] = userHandle 

2843 return dce.request(request) 

2844 

2845def hSamrGetDomainPasswordInformation(dce): 

2846 request = SamrGetDomainPasswordInformation() 

2847 request['Unused'] = NULL 

2848 return dce.request(request) 

2849 

2850def hSamrRidToSid(dce, objectHandle, rid): 

2851 request = SamrRidToSid() 

2852 request['ObjectHandle'] = objectHandle 

2853 request['Rid'] = rid 

2854 return dce.request(request) 

2855 

2856def hSamrValidatePassword(dce, inputArg): 

2857 request = SamrValidatePassword() 

2858 request['ValidationType'] = inputArg['tag'] 

2859 request['InputArg'] = inputArg 

2860 return dce.request(request) 

2861 

2862def hSamrLookupNamesInDomain(dce, domainHandle, names): 

2863 request = SamrLookupNamesInDomain() 

2864 request['DomainHandle'] = domainHandle 

2865 request['Count'] = len(names) 

2866 for name in names: 

2867 entry = RPC_UNICODE_STRING() 

2868 entry['Data'] = name 

2869 request['Names'].append(entry) 

2870 

2871 request.fields['Names'].fields['MaximumCount'] = 1000 

2872 

2873 return dce.request(request) 

2874 

2875def hSamrLookupIdsInDomain(dce, domainHandle, ids): 

2876 request = SamrLookupIdsInDomain() 

2877 request['DomainHandle'] = domainHandle 

2878 request['Count'] = len(ids) 

2879 for dId in ids: 

2880 entry = ULONG() 

2881 entry['Data'] = dId 

2882 request['RelativeIds'].append(entry) 

2883 

2884 request.fields['RelativeIds'].fields['MaximumCount'] = 1000 

2885 

2886 return dce.request(request) 

2887 

2888def hSamrSetPasswordInternal4New(dce, userHandle, password): 

2889 request = SamrSetInformationUser2() 

2890 request['UserHandle'] = userHandle 

2891 request['UserInformationClass'] = USER_INFORMATION_CLASS.UserInternal4InformationNew 

2892 request['Buffer']['tag'] = USER_INFORMATION_CLASS.UserInternal4InformationNew 

2893 request['Buffer']['Internal4New']['I1']['WhichFields'] = 0x01000000 | 0x08000000 

2894 

2895 request['Buffer']['Internal4New']['I1']['UserName'] = NULL 

2896 request['Buffer']['Internal4New']['I1']['FullName'] = NULL 

2897 request['Buffer']['Internal4New']['I1']['HomeDirectory'] = NULL 

2898 request['Buffer']['Internal4New']['I1']['HomeDirectoryDrive'] = NULL 

2899 request['Buffer']['Internal4New']['I1']['ScriptPath'] = NULL 

2900 request['Buffer']['Internal4New']['I1']['ProfilePath'] = NULL 

2901 request['Buffer']['Internal4New']['I1']['AdminComment'] = NULL 

2902 request['Buffer']['Internal4New']['I1']['WorkStations'] = NULL 

2903 request['Buffer']['Internal4New']['I1']['UserComment'] = NULL 

2904 request['Buffer']['Internal4New']['I1']['Parameters'] = NULL 

2905 request['Buffer']['Internal4New']['I1']['LmOwfPassword']['Buffer'] = NULL 

2906 request['Buffer']['Internal4New']['I1']['NtOwfPassword']['Buffer'] = NULL 

2907 request['Buffer']['Internal4New']['I1']['PrivateData'] = NULL 

2908 request['Buffer']['Internal4New']['I1']['SecurityDescriptor']['SecurityDescriptor'] = NULL 

2909 request['Buffer']['Internal4New']['I1']['LogonHours']['LogonHours'] = NULL 

2910 request['Buffer']['Internal4New']['I1']['PasswordExpired'] = 1 

2911 

2912 #crypto 

2913 pwdbuff = password.encode("utf-16le") 

2914 bufflen = len(pwdbuff) 

2915 pwdbuff = pwdbuff.rjust(512, b'\0') 

2916 pwdbuff += struct.pack('<I', bufflen) 

2917 salt = os.urandom(16) 

2918 session_key = dce.get_rpc_transport().get_smb_connection().getSessionKey() 

2919 keymd = md5() 

2920 keymd.update(salt) 

2921 keymd.update(session_key) 

2922 key = keymd.digest() 

2923 

2924 cipher = ARC4.new(key) 

2925 buffercrypt = cipher.encrypt(pwdbuff) + salt 

2926 

2927 

2928 request['Buffer']['Internal4New']['UserPassword']['Buffer'] = buffercrypt 

2929 return dce.request(request)