Coverage for /root/GitHubProjects/impacket/impacket/dcerpc/v5/lsad.py : 93%

Hot-keys on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
2#
3# This software is provided under under a slightly modified version
4# of the Apache Software License. See the accompanying LICENSE file
5# for more information.
6#
7# Author: Alberto Solino (@agsolino)
8#
9# Description:
10# [MS-LSAD] Interface implementation
11#
12# Best way to learn how to use these calls is to grab the protocol standard
13# so you understand what the call does, and then read the test case located
14# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
15#
16# Some calls have helper functions, which makes it even easier to use.
17# They are located at the end of this file.
18# Helper functions start with "h"<name of the call>.
19# There are test cases for them too.
20#
21from __future__ import division
22from __future__ import print_function
23from impacket.dcerpc.v5.ndr import NDRCALL, NDRENUM, NDRUNION, NDRUniConformantVaryingArray, NDRPOINTER, NDR, NDRSTRUCT, \
24 NDRUniConformantArray
25from impacket.dcerpc.v5.dtypes import DWORD, LPWSTR, STR, LUID, LONG, ULONG, RPC_UNICODE_STRING, PRPC_SID, LPBYTE, \
26 LARGE_INTEGER, NTSTATUS, RPC_SID, ACCESS_MASK, UCHAR, PRPC_UNICODE_STRING, PLARGE_INTEGER, USHORT, \
27 SECURITY_INFORMATION, NULL, MAXIMUM_ALLOWED, GUID, SECURITY_DESCRIPTOR, OWNER_SECURITY_INFORMATION
28from impacket import nt_errors
29from impacket.uuid import uuidtup_to_bin
30from impacket.dcerpc.v5.enum import Enum
31from impacket.dcerpc.v5.rpcrt import DCERPCException
33MSRPC_UUID_LSAD = uuidtup_to_bin(('12345778-1234-ABCD-EF00-0123456789AB','0.0'))
35class DCERPCSessionError(DCERPCException):
36 def __init__(self, error_string=None, error_code=None, packet=None):
37 DCERPCException.__init__(self, error_string, error_code, packet)
39 def __str__( self ):
40 key = self.error_code
41 if key in nt_errors.ERROR_MESSAGES: 41 ↛ 46line 41 didn't jump to line 46, because the condition on line 41 was never false
42 error_msg_short = nt_errors.ERROR_MESSAGES[key][0]
43 error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1]
44 return 'LSAD SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
45 else:
46 return 'LSAD SessionError: unknown error code: 0x%x' % self.error_code
48################################################################################
49# CONSTANTS
50################################################################################
51# 2.2.1.1.2 ACCESS_MASK for Policy Objects
52POLICY_VIEW_LOCAL_INFORMATION = 0x00000001
53POLICY_VIEW_AUDIT_INFORMATION = 0x00000002
54POLICY_GET_PRIVATE_INFORMATION = 0x00000004
55POLICY_TRUST_ADMIN = 0x00000008
56POLICY_CREATE_ACCOUNT = 0x00000010
57POLICY_CREATE_SECRET = 0x00000020
58POLICY_CREATE_PRIVILEGE = 0x00000040
59POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x00000080
60POLICY_SET_AUDIT_REQUIREMENTS = 0x00000100
61POLICY_AUDIT_LOG_ADMIN = 0x00000200
62POLICY_SERVER_ADMIN = 0x00000400
63POLICY_LOOKUP_NAMES = 0x00000800
64POLICY_NOTIFICATION = 0x00001000
66# 2.2.1.1.3 ACCESS_MASK for Account Objects
67ACCOUNT_VIEW = 0x00000001
68ACCOUNT_ADJUST_PRIVILEGES = 0x00000002
69ACCOUNT_ADJUST_QUOTAS = 0x00000004
70ACCOUNT_ADJUST_SYSTEM_ACCESS = 0x00000008
72# 2.2.1.1.4 ACCESS_MASK for Secret Objects
73SECRET_SET_VALUE = 0x00000001
74SECRET_QUERY_VALUE = 0x00000002
76# 2.2.1.1.5 ACCESS_MASK for Trusted Domain Objects
77TRUSTED_QUERY_DOMAIN_NAME = 0x00000001
78TRUSTED_QUERY_CONTROLLERS = 0x00000002
79TRUSTED_SET_CONTROLLERS = 0x00000004
80TRUSTED_QUERY_POSIX = 0x00000008
81TRUSTED_SET_POSIX = 0x00000010
82TRUSTED_SET_AUTH = 0x00000020
83TRUSTED_QUERY_AUTH = 0x00000040
85# 2.2.1.2 POLICY_SYSTEM_ACCESS_MODE
86POLICY_MODE_INTERACTIVE = 0x00000001
87POLICY_MODE_NETWORK = 0x00000002
88POLICY_MODE_BATCH = 0x00000004
89POLICY_MODE_SERVICE = 0x00000010
90POLICY_MODE_DENY_INTERACTIVE = 0x00000040
91POLICY_MODE_DENY_NETWORK = 0x00000080
92POLICY_MODE_DENY_BATCH = 0x00000100
93POLICY_MODE_DENY_SERVICE = 0x00000200
94POLICY_MODE_REMOTE_INTERACTIVE = 0x00000400
95POLICY_MODE_DENY_REMOTE_INTERACTIVE = 0x00000800
96POLICY_MODE_ALL = 0x00000FF7
97POLICY_MODE_ALL_NT4 = 0x00000037
99# 2.2.4.4 LSAPR_POLICY_AUDIT_EVENTS_INFO
100# EventAuditingOptions
101POLICY_AUDIT_EVENT_UNCHANGED = 0x00000000
102POLICY_AUDIT_EVENT_NONE = 0x00000004
103POLICY_AUDIT_EVENT_SUCCESS = 0x00000001
104POLICY_AUDIT_EVENT_FAILURE = 0x00000002
106# 2.2.4.19 POLICY_DOMAIN_KERBEROS_TICKET_INFO
107# AuthenticationOptions
108POLICY_KERBEROS_VALIDATE_CLIENT = 0x00000080
110# 2.2.7.21 LSA_FOREST_TRUST_RECORD
111# Flags
112LSA_TLN_DISABLED_NEW = 0x00000001
113LSA_TLN_DISABLED_ADMIN = 0x00000002
114LSA_TLN_DISABLED_CONFLICT = 0x00000004
115LSA_SID_DISABLED_ADMIN = 0x00000001
116LSA_SID_DISABLED_CONFLICT = 0x00000002
117LSA_NB_DISABLED_ADMIN = 0x00000004
118LSA_NB_DISABLED_CONFLICT = 0x00000008
119LSA_FTRECORD_DISABLED_REASONS = 0x0000FFFF
121################################################################################
122# STRUCTURES
123################################################################################
124# 2.2.2.1 LSAPR_HANDLE
125class LSAPR_HANDLE(NDRSTRUCT):
126 align = 1
127 structure = (
128 ('Data','20s=""'),
129 )
131# 2.2.2.3 LSA_UNICODE_STRING
132LSA_UNICODE_STRING = RPC_UNICODE_STRING
134# 2.2.3.1 STRING
135class STRING(NDRSTRUCT):
136 commonHdr = (
137 ('MaximumLength','<H=len(Data)-12'),
138 ('Length','<H=len(Data)-12'),
139 ('ReferentID','<L=0xff'),
140 )
141 commonHdr64 = (
142 ('MaximumLength','<H=len(Data)-24'),
143 ('Length','<H=len(Data)-24'),
144 ('ReferentID','<Q=0xff'),
145 )
147 referent = (
148 ('Data',STR),
149 )
151 def dump(self, msg = None, indent = 0):
152 if msg is None:
153 msg = self.__class__.__name__
154 if msg != '':
155 print("%s" % msg, end=' ')
156 # Here just print the data
157 print(" %r" % (self['Data']), end=' ')
159 def __setitem__(self, key, value):
160 if key == 'Data':
161 self.fields['MaximumLength'] = None
162 self.fields['Length'] = None
163 self.data = None # force recompute
164 return NDR.__setitem__(self, key, value)
166# 2.2.3.2 LSAPR_ACL
167class LSAPR_ACL(NDRSTRUCT):
168 structure = (
169 ('AclRevision', UCHAR),
170 ('Sbz1', UCHAR),
171 ('AclSize', USHORT),
172 ('Dummy1',NDRUniConformantArray),
173 )
175# 2.2.3.4 LSAPR_SECURITY_DESCRIPTOR
176LSAPR_SECURITY_DESCRIPTOR = SECURITY_DESCRIPTOR
178class PLSAPR_SECURITY_DESCRIPTOR(NDRPOINTER):
179 referent = (
180 ('Data', LSAPR_SECURITY_DESCRIPTOR),
181 )
183# 2.2.3.5 SECURITY_IMPERSONATION_LEVEL
184class SECURITY_IMPERSONATION_LEVEL(NDRENUM):
185 class enumItems(Enum):
186 SecurityAnonymous = 0
187 SecurityIdentification = 1
188 SecurityImpersonation = 2
189 SecurityDelegation = 3
191# 2.2.3.6 SECURITY_CONTEXT_TRACKING_MODE
192SECURITY_CONTEXT_TRACKING_MODE = UCHAR
194# 2.2.3.7 SECURITY_QUALITY_OF_SERVICE
195class SECURITY_QUALITY_OF_SERVICE(NDRSTRUCT):
196 structure = (
197 ('Length', DWORD),
198 ('ImpersonationLevel', SECURITY_IMPERSONATION_LEVEL),
199 ('ContextTrackingMode', SECURITY_CONTEXT_TRACKING_MODE),
200 ('EffectiveOnly', UCHAR),
201 )
203class PSECURITY_QUALITY_OF_SERVICE(NDRPOINTER):
204 referent = (
205 ('Data', SECURITY_QUALITY_OF_SERVICE),
206 )
208# 2.2.2.4 LSAPR_OBJECT_ATTRIBUTES
209class LSAPR_OBJECT_ATTRIBUTES(NDRSTRUCT):
210 structure = (
211 ('Length', DWORD),
212 ('RootDirectory', LPWSTR),
213 ('ObjectName', LPWSTR),
214 ('Attributes', DWORD),
215 ('SecurityDescriptor', PLSAPR_SECURITY_DESCRIPTOR),
216 ('SecurityQualityOfService', PSECURITY_QUALITY_OF_SERVICE),
217 )
219# 2.2.2.5 LSAPR_SR_SECURITY_DESCRIPTOR
220class LSAPR_SR_SECURITY_DESCRIPTOR(NDRSTRUCT):
221 structure = (
222 ('Length', DWORD),
223 ('SecurityDescriptor', LPBYTE),
224 )
226class PLSAPR_SR_SECURITY_DESCRIPTOR(NDRPOINTER):
227 referent = (
228 ('Data', LSAPR_SR_SECURITY_DESCRIPTOR),
229 )
231# 2.2.3.3 SECURITY_DESCRIPTOR_CONTROL
232SECURITY_DESCRIPTOR_CONTROL = ULONG
234# 2.2.4.1 POLICY_INFORMATION_CLASS
235class POLICY_INFORMATION_CLASS(NDRENUM):
236 class enumItems(Enum):
237 PolicyAuditLogInformation = 1
238 PolicyAuditEventsInformation = 2
239 PolicyPrimaryDomainInformation = 3
240 PolicyPdAccountInformation = 4
241 PolicyAccountDomainInformation = 5
242 PolicyLsaServerRoleInformation = 6
243 PolicyReplicaSourceInformation = 7
244 PolicyInformationNotUsedOnWire = 8
245 PolicyModificationInformation = 9
246 PolicyAuditFullSetInformation = 10
247 PolicyAuditFullQueryInformation = 11
248 PolicyDnsDomainInformation = 12
249 PolicyDnsDomainInformationInt = 13
250 PolicyLocalAccountDomainInformation = 14
251 PolicyLastEntry = 15
253# 2.2.4.3 POLICY_AUDIT_LOG_INFO
254class POLICY_AUDIT_LOG_INFO(NDRSTRUCT):
255 structure = (
256 ('AuditLogPercentFull', DWORD),
257 ('MaximumLogSize', DWORD),
258 ('AuditRetentionPeriod', LARGE_INTEGER),
259 ('AuditLogFullShutdownInProgress', UCHAR),
260 ('TimeToShutdown', LARGE_INTEGER),
261 ('NextAuditRecordId', DWORD),
262 )
264# 2.2.4.4 LSAPR_POLICY_AUDIT_EVENTS_INFO
265class DWORD_ARRAY(NDRUniConformantArray):
266 item = DWORD
268class PDWORD_ARRAY(NDRPOINTER):
269 referent = (
270 ('Data', DWORD_ARRAY),
271 )
273class LSAPR_POLICY_AUDIT_EVENTS_INFO(NDRSTRUCT):
274 structure = (
275 ('AuditingMode', UCHAR),
276 ('EventAuditingOptions', PDWORD_ARRAY),
277 ('MaximumAuditEventCount', DWORD),
278 )
280# 2.2.4.5 LSAPR_POLICY_PRIMARY_DOM_INFO
281class LSAPR_POLICY_PRIMARY_DOM_INFO(NDRSTRUCT):
282 structure = (
283 ('Name', RPC_UNICODE_STRING),
284 ('Sid', PRPC_SID),
285 )
287# 2.2.4.6 LSAPR_POLICY_ACCOUNT_DOM_INFO
288class LSAPR_POLICY_ACCOUNT_DOM_INFO(NDRSTRUCT):
289 structure = (
290 ('DomainName', RPC_UNICODE_STRING),
291 ('DomainSid', PRPC_SID),
292 )
294# 2.2.4.7 LSAPR_POLICY_PD_ACCOUNT_INFO
295class LSAPR_POLICY_PD_ACCOUNT_INFO(NDRSTRUCT):
296 structure = (
297 ('Name', RPC_UNICODE_STRING),
298 )
300# 2.2.4.8 POLICY_LSA_SERVER_ROLE
301class POLICY_LSA_SERVER_ROLE(NDRENUM):
302 class enumItems(Enum):
303 PolicyServerRoleBackup = 2
304 PolicyServerRolePrimary = 3
306# 2.2.4.9 POLICY_LSA_SERVER_ROLE_INFO
307class POLICY_LSA_SERVER_ROLE_INFO(NDRSTRUCT):
308 structure = (
309 ('LsaServerRole', POLICY_LSA_SERVER_ROLE),
310 )
312# 2.2.4.10 LSAPR_POLICY_REPLICA_SRCE_INFO
313class LSAPR_POLICY_REPLICA_SRCE_INFO(NDRSTRUCT):
314 structure = (
315 ('ReplicaSource', RPC_UNICODE_STRING),
316 ('ReplicaAccountName', RPC_UNICODE_STRING),
317 )
319# 2.2.4.11 POLICY_MODIFICATION_INFO
320class POLICY_MODIFICATION_INFO(NDRSTRUCT):
321 structure = (
322 ('ModifiedId', LARGE_INTEGER),
323 ('DatabaseCreationTime', LARGE_INTEGER),
324 )
326# 2.2.4.12 POLICY_AUDIT_FULL_SET_INFO
327class POLICY_AUDIT_FULL_SET_INFO(NDRSTRUCT):
328 structure = (
329 ('ShutDownOnFull', UCHAR),
330 )
332# 2.2.4.13 POLICY_AUDIT_FULL_QUERY_INFO
333class POLICY_AUDIT_FULL_QUERY_INFO(NDRSTRUCT):
334 structure = (
335 ('ShutDownOnFull', UCHAR),
336 ('LogIsFull', UCHAR),
337 )
339# 2.2.4.14 LSAPR_POLICY_DNS_DOMAIN_INFO
340class LSAPR_POLICY_DNS_DOMAIN_INFO(NDRSTRUCT):
341 structure = (
342 ('Name', RPC_UNICODE_STRING),
343 ('DnsDomainName', RPC_UNICODE_STRING),
344 ('DnsForestName', RPC_UNICODE_STRING),
345 ('DomainGuid', GUID),
346 ('Sid', PRPC_SID),
347 )
349# 2.2.4.2 LSAPR_POLICY_INFORMATION
350class LSAPR_POLICY_INFORMATION(NDRUNION):
351 union = {
352 POLICY_INFORMATION_CLASS.PolicyAuditLogInformation : ('PolicyAuditLogInfo', POLICY_AUDIT_LOG_INFO),
353 POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation : ('PolicyAuditEventsInfo', LSAPR_POLICY_AUDIT_EVENTS_INFO),
354 POLICY_INFORMATION_CLASS.PolicyPrimaryDomainInformation : ('PolicyPrimaryDomainInfo', LSAPR_POLICY_PRIMARY_DOM_INFO),
355 POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation : ('PolicyAccountDomainInfo', LSAPR_POLICY_ACCOUNT_DOM_INFO),
356 POLICY_INFORMATION_CLASS.PolicyPdAccountInformation : ('PolicyPdAccountInfo', LSAPR_POLICY_PD_ACCOUNT_INFO),
357 POLICY_INFORMATION_CLASS.PolicyLsaServerRoleInformation : ('PolicyServerRoleInfo', POLICY_LSA_SERVER_ROLE_INFO),
358 POLICY_INFORMATION_CLASS.PolicyReplicaSourceInformation : ('PolicyReplicaSourceInfo', LSAPR_POLICY_REPLICA_SRCE_INFO),
359 POLICY_INFORMATION_CLASS.PolicyModificationInformation : ('PolicyModificationInfo', POLICY_MODIFICATION_INFO),
360 POLICY_INFORMATION_CLASS.PolicyAuditFullSetInformation : ('PolicyAuditFullSetInfo', POLICY_AUDIT_FULL_SET_INFO),
361 POLICY_INFORMATION_CLASS.PolicyAuditFullQueryInformation : ('PolicyAuditFullQueryInfo', POLICY_AUDIT_FULL_QUERY_INFO),
362 POLICY_INFORMATION_CLASS.PolicyDnsDomainInformation : ('PolicyDnsDomainInfo', LSAPR_POLICY_DNS_DOMAIN_INFO),
363 POLICY_INFORMATION_CLASS.PolicyDnsDomainInformationInt : ('PolicyDnsDomainInfoInt', LSAPR_POLICY_DNS_DOMAIN_INFO),
364 POLICY_INFORMATION_CLASS.PolicyLocalAccountDomainInformation: ('PolicyLocalAccountDomainInfo', LSAPR_POLICY_ACCOUNT_DOM_INFO),
365 }
367class PLSAPR_POLICY_INFORMATION(NDRPOINTER):
368 referent = (
369 ('Data', LSAPR_POLICY_INFORMATION),
370 )
372# 2.2.4.15 POLICY_DOMAIN_INFORMATION_CLASS
373class POLICY_DOMAIN_INFORMATION_CLASS(NDRENUM):
374 class enumItems(Enum):
375 PolicyDomainQualityOfServiceInformation = 1
376 PolicyDomainEfsInformation = 2
377 PolicyDomainKerberosTicketInformation = 3
379# 2.2.4.17 POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO
380class POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO(NDRSTRUCT):
381 structure = (
382 ('QualityOfService', DWORD),
383 )
385# 2.2.4.18 LSAPR_POLICY_DOMAIN_EFS_INFO
386class LSAPR_POLICY_DOMAIN_EFS_INFO(NDRSTRUCT):
387 structure = (
388 ('InfoLength', DWORD),
389 ('EfsBlob', LPBYTE),
390 )
392# 2.2.4.19 POLICY_DOMAIN_KERBEROS_TICKET_INFO
393class POLICY_DOMAIN_KERBEROS_TICKET_INFO(NDRSTRUCT):
394 structure = (
395 ('AuthenticationOptions', DWORD),
396 ('MaxServiceTicketAge', LARGE_INTEGER),
397 ('MaxTicketAge', LARGE_INTEGER),
398 ('MaxRenewAge', LARGE_INTEGER),
399 ('MaxClockSkew', LARGE_INTEGER),
400 ('Reserved', LARGE_INTEGER),
401 )
403# 2.2.4.16 LSAPR_POLICY_DOMAIN_INFORMATION
404class LSAPR_POLICY_DOMAIN_INFORMATION(NDRUNION):
405 union = {
406 POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainQualityOfServiceInformation : ('PolicyDomainQualityOfServiceInfo', POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO ),
407 POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainEfsInformation : ('PolicyDomainEfsInfo', LSAPR_POLICY_DOMAIN_EFS_INFO),
408 POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainKerberosTicketInformation : ('PolicyDomainKerbTicketInfo', POLICY_DOMAIN_KERBEROS_TICKET_INFO),
409 }
411class PLSAPR_POLICY_DOMAIN_INFORMATION(NDRPOINTER):
412 referent = (
413 ('Data', LSAPR_POLICY_DOMAIN_INFORMATION),
414 )
416# 2.2.4.20 POLICY_AUDIT_EVENT_TYPE
417class POLICY_AUDIT_EVENT_TYPE(NDRENUM):
418 class enumItems(Enum):
419 AuditCategorySystem = 0
420 AuditCategoryLogon = 1
421 AuditCategoryObjectAccess = 2
422 AuditCategoryPrivilegeUse = 3
423 AuditCategoryDetailedTracking = 4
424 AuditCategoryPolicyChange = 5
425 AuditCategoryAccountManagement = 6
426 AuditCategoryDirectoryServiceAccess = 7
427 AuditCategoryAccountLogon = 8
429# 2.2.5.1 LSAPR_ACCOUNT_INFORMATION
430class LSAPR_ACCOUNT_INFORMATION(NDRSTRUCT):
431 structure = (
432 ('Sid', PRPC_SID),
433 )
435# 2.2.5.2 LSAPR_ACCOUNT_ENUM_BUFFER
436class LSAPR_ACCOUNT_INFORMATION_ARRAY(NDRUniConformantArray):
437 item = LSAPR_ACCOUNT_INFORMATION
439class PLSAPR_ACCOUNT_INFORMATION_ARRAY(NDRPOINTER):
440 referent = (
441 ('Data', LSAPR_ACCOUNT_INFORMATION_ARRAY),
442 )
444class LSAPR_ACCOUNT_ENUM_BUFFER(NDRSTRUCT):
445 structure = (
446 ('EntriesRead', ULONG),
447 ('Information', PLSAPR_ACCOUNT_INFORMATION_ARRAY),
448 )
450# 2.2.5.3 LSAPR_USER_RIGHT_SET
451class RPC_UNICODE_STRING_ARRAY(NDRUniConformantArray):
452 item = RPC_UNICODE_STRING
454class PRPC_UNICODE_STRING_ARRAY(NDRPOINTER):
455 referent = (
456 ('Data', RPC_UNICODE_STRING_ARRAY),
457 )
459class LSAPR_USER_RIGHT_SET(NDRSTRUCT):
460 structure = (
461 ('EntriesRead', ULONG),
462 ('UserRights', PRPC_UNICODE_STRING_ARRAY),
463 )
465# 2.2.5.4 LSAPR_LUID_AND_ATTRIBUTES
466class LSAPR_LUID_AND_ATTRIBUTES(NDRSTRUCT):
467 structure = (
468 ('Luid', LUID),
469 ('Attributes', ULONG),
470 )
472# 2.2.5.5 LSAPR_PRIVILEGE_SET
473class LSAPR_LUID_AND_ATTRIBUTES_ARRAY(NDRUniConformantArray):
474 item = LSAPR_LUID_AND_ATTRIBUTES
476class LSAPR_PRIVILEGE_SET(NDRSTRUCT):
477 structure = (
478 ('PrivilegeCount', ULONG),
479 ('Control', ULONG),
480 ('Privilege', LSAPR_LUID_AND_ATTRIBUTES_ARRAY),
481 )
483class PLSAPR_PRIVILEGE_SET(NDRPOINTER):
484 referent = (
485 ('Data', LSAPR_PRIVILEGE_SET),
486 )
488# 2.2.6.1 LSAPR_CR_CIPHER_VALUE
489class PCHAR_ARRAY(NDRPOINTER):
490 referent = (
491 ('Data', NDRUniConformantVaryingArray),
492 )
494class LSAPR_CR_CIPHER_VALUE(NDRSTRUCT):
495 structure = (
496 ('Length', LONG),
497 ('MaximumLength', LONG),
498 ('Buffer', PCHAR_ARRAY),
499 )
501class PLSAPR_CR_CIPHER_VALUE(NDRPOINTER):
502 referent = (
503 ('Data', LSAPR_CR_CIPHER_VALUE),
504 )
506class PPLSAPR_CR_CIPHER_VALUE(NDRPOINTER):
507 referent = (
508 ('Data', PLSAPR_CR_CIPHER_VALUE),
509 )
511# 2.2.7.1 LSAPR_TRUST_INFORMATION
512class LSAPR_TRUST_INFORMATION(NDRSTRUCT):
513 structure = (
514 ('Name', RPC_UNICODE_STRING),
515 ('Sid', PRPC_SID),
516 )
518# 2.2.7.2 TRUSTED_INFORMATION_CLASS
519class TRUSTED_INFORMATION_CLASS(NDRENUM):
520 class enumItems(Enum):
521 TrustedDomainNameInformation = 1
522 TrustedControllersInformation = 2
523 TrustedPosixOffsetInformation = 3
524 TrustedPasswordInformation = 4
525 TrustedDomainInformationBasic = 5
526 TrustedDomainInformationEx = 6
527 TrustedDomainAuthInformation = 7
528 TrustedDomainFullInformation = 8
529 TrustedDomainAuthInformationInternal = 9
530 TrustedDomainFullInformationInternal = 10
531 TrustedDomainInformationEx2Internal = 11
532 TrustedDomainFullInformation2Internal = 12
533 TrustedDomainSupportedEncryptionTypes = 13
535# 2.2.7.4 LSAPR_TRUSTED_DOMAIN_NAME_INFO
536class LSAPR_TRUSTED_DOMAIN_NAME_INFO(NDRSTRUCT):
537 structure = (
538 ('Name', RPC_UNICODE_STRING),
539 )
541# 2.2.7.5 LSAPR_TRUSTED_CONTROLLERS_INFO
542class LSAPR_TRUSTED_CONTROLLERS_INFO(NDRSTRUCT):
543 structure = (
544 ('Entries', ULONG),
545 ('Names', PRPC_UNICODE_STRING_ARRAY),
546 )
548# 2.2.7.6 TRUSTED_POSIX_OFFSET_INFO
549class TRUSTED_POSIX_OFFSET_INFO(NDRSTRUCT):
550 structure = (
551 ('Offset', ULONG),
552 )
554# 2.2.7.7 LSAPR_TRUSTED_PASSWORD_INFO
555class LSAPR_TRUSTED_PASSWORD_INFO(NDRSTRUCT):
556 structure = (
557 ('Password', PLSAPR_CR_CIPHER_VALUE),
558 ('OldPassword', PLSAPR_CR_CIPHER_VALUE),
559 )
561# 2.2.7.8 LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC
562LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC = LSAPR_TRUST_INFORMATION
564# 2.2.7.9 LSAPR_TRUSTED_DOMAIN_INFORMATION_EX
565class LSAPR_TRUSTED_DOMAIN_INFORMATION_EX(NDRSTRUCT):
566 structure = (
567 ('Name', RPC_UNICODE_STRING),
568 ('FlatName', RPC_UNICODE_STRING),
569 ('Sid', PRPC_SID),
570 ('TrustDirection', ULONG),
571 ('TrustType', ULONG),
572 ('TrustAttributes', ULONG),
573 )
575# 2.2.7.10 LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2
576class LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2(NDRSTRUCT):
577 structure = (
578 ('Name', RPC_UNICODE_STRING),
579 ('FlatName', RPC_UNICODE_STRING),
580 ('Sid', PRPC_SID),
581 ('TrustDirection', ULONG),
582 ('TrustType', ULONG),
583 ('TrustAttributes', ULONG),
584 ('ForestTrustLength', ULONG),
585 ('ForestTrustInfo', LPBYTE),
586 )
588# 2.2.7.17 LSAPR_AUTH_INFORMATION
589class LSAPR_AUTH_INFORMATION(NDRSTRUCT):
590 structure = (
591 ('LastUpdateTime', LARGE_INTEGER),
592 ('AuthType', ULONG),
593 ('AuthInfoLength', ULONG),
594 ('AuthInfo', LPBYTE),
595 )
597class PLSAPR_AUTH_INFORMATION(NDRPOINTER):
598 referent = (
599 ('Data', LSAPR_AUTH_INFORMATION),
600 )
602# 2.2.7.11 LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION
603class LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION(NDRSTRUCT):
604 structure = (
605 ('IncomingAuthInfos', ULONG),
606 ('IncomingAuthenticationInformation', PLSAPR_AUTH_INFORMATION),
607 ('IncomingPreviousAuthenticationInformation', PLSAPR_AUTH_INFORMATION),
608 ('OutgoingAuthInfos', ULONG),
609 ('OutgoingAuthenticationInformation', PLSAPR_AUTH_INFORMATION),
610 ('OutgoingPreviousAuthenticationInformation', PLSAPR_AUTH_INFORMATION),
611 )
613# 2.2.7.16 LSAPR_TRUSTED_DOMAIN_AUTH_BLOB
614class LSAPR_TRUSTED_DOMAIN_AUTH_BLOB(NDRSTRUCT):
615 structure = (
616 ('AuthSize', ULONG),
617 ('AuthBlob', LPBYTE),
618 )
620# 2.2.7.12 LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL
621class LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL(NDRSTRUCT):
622 structure = (
623 ('AuthBlob', LSAPR_TRUSTED_DOMAIN_AUTH_BLOB),
624 )
626# 2.2.7.13 LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION
627class LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION(NDRSTRUCT):
628 structure = (
629 ('Information', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX),
630 ('PosixOffset', TRUSTED_POSIX_OFFSET_INFO),
631 ('AuthInformation', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION),
632 )
634# 2.2.7.14 LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL
635class LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL(NDRSTRUCT):
636 structure = (
637 ('Information', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX),
638 ('PosixOffset', TRUSTED_POSIX_OFFSET_INFO),
639 ('AuthInformation', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL),
640 )
642# 2.2.7.15 LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2
643class LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2(NDRSTRUCT):
644 structure = (
645 ('Information', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX),
646 ('PosixOffset', TRUSTED_POSIX_OFFSET_INFO),
647 ('AuthInformation', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION),
648 )
650# 2.2.7.18 TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES
651class TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES(NDRSTRUCT):
652 structure = (
653 ('SupportedEncryptionTypes', ULONG),
654 )
656# 2.2.7.3 LSAPR_TRUSTED_DOMAIN_INFO
657class LSAPR_TRUSTED_DOMAIN_INFO(NDRUNION):
658 union = {
659 TRUSTED_INFORMATION_CLASS.TrustedDomainNameInformation : ('TrustedDomainNameInfo', LSAPR_TRUSTED_DOMAIN_NAME_INFO ),
660 TRUSTED_INFORMATION_CLASS.TrustedControllersInformation : ('TrustedControllersInfo', LSAPR_TRUSTED_CONTROLLERS_INFO),
661 TRUSTED_INFORMATION_CLASS.TrustedPosixOffsetInformation : ('TrustedPosixOffsetInfo', TRUSTED_POSIX_OFFSET_INFO),
662 TRUSTED_INFORMATION_CLASS.TrustedPasswordInformation : ('TrustedPasswordInfo', LSAPR_TRUSTED_PASSWORD_INFO ),
663 TRUSTED_INFORMATION_CLASS.TrustedDomainInformationBasic : ('TrustedDomainInfoBasic', LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC),
664 TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx : ('TrustedDomainInfoEx', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX),
665 TRUSTED_INFORMATION_CLASS.TrustedDomainAuthInformation : ('TrustedAuthInfo', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION),
666 TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation : ('TrustedFullInfo', LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION),
667 TRUSTED_INFORMATION_CLASS.TrustedDomainAuthInformationInternal : ('TrustedAuthInfoInternal', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL),
668 TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformationInternal : ('TrustedFullInfoInternal', LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL),
669 TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx2Internal : ('TrustedDomainInfoEx2', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2),
670 TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation2Internal : ('TrustedFullInfo2', LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2),
671 TRUSTED_INFORMATION_CLASS.TrustedDomainSupportedEncryptionTypes : ('TrustedDomainSETs', TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES),
672 }
674# 2.2.7.19 LSAPR_TRUSTED_ENUM_BUFFER
675class LSAPR_TRUST_INFORMATION_ARRAY(NDRUniConformantArray):
676 item = LSAPR_TRUST_INFORMATION
678class PLSAPR_TRUST_INFORMATION_ARRAY(NDRPOINTER):
679 referent = (
680 ('Data', LSAPR_TRUST_INFORMATION_ARRAY),
681 )
683class LSAPR_TRUSTED_ENUM_BUFFER(NDRSTRUCT):
684 structure = (
685 ('Entries', ULONG),
686 ('Information', PLSAPR_TRUST_INFORMATION_ARRAY),
687 )
689# 2.2.7.20 LSAPR_TRUSTED_ENUM_BUFFER_EX
690class LSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY(NDRUniConformantArray):
691 item = LSAPR_TRUSTED_DOMAIN_INFORMATION_EX
693class PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY(NDRPOINTER):
694 referent = (
695 ('Data', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY),
696 )
698class LSAPR_TRUSTED_ENUM_BUFFER_EX(NDRSTRUCT):
699 structure = (
700 ('Entries', ULONG),
701 ('EnumerationBuffer', PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY),
702 )
704# 2.2.7.22 LSA_FOREST_TRUST_RECORD_TYPE
705class LSA_FOREST_TRUST_RECORD_TYPE(NDRENUM):
706 class enumItems(Enum):
707 ForestTrustTopLevelName = 0
708 ForestTrustTopLevelNameEx = 1
709 ForestTrustDomainInfo = 2
711# 2.2.7.24 LSA_FOREST_TRUST_DOMAIN_INFO
712class LSA_FOREST_TRUST_DOMAIN_INFO(NDRSTRUCT):
713 structure = (
714 ('Sid', PRPC_SID),
715 ('DnsName', LSA_UNICODE_STRING),
716 ('NetbiosName', LSA_UNICODE_STRING),
717 )
719# 2.2.7.21 LSA_FOREST_TRUST_RECORD
720class LSA_FOREST_TRUST_DATA_UNION(NDRUNION):
721 union = {
722 LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName : ('TopLevelName', LSA_UNICODE_STRING ),
723 LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx : ('TopLevelName', LSA_UNICODE_STRING),
724 LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo : ('DomainInfo', LSA_FOREST_TRUST_DOMAIN_INFO),
725 }
727class LSA_FOREST_TRUST_RECORD(NDRSTRUCT):
728 structure = (
729 ('Flags', ULONG),
730 ('ForestTrustType', LSA_FOREST_TRUST_RECORD_TYPE),
731 ('Time', LARGE_INTEGER),
732 ('ForestTrustData', LSA_FOREST_TRUST_DATA_UNION),
733 )
735class PLSA_FOREST_TRUST_RECORD(NDRPOINTER):
736 referent = (
737 ('Data', LSA_FOREST_TRUST_RECORD),
738 )
740# 2.2.7.23 LSA_FOREST_TRUST_BINARY_DATA
741class LSA_FOREST_TRUST_BINARY_DATA(NDRSTRUCT):
742 structure = (
743 ('Length', ULONG),
744 ('Buffer', LPBYTE),
745 )
747# 2.2.7.25 LSA_FOREST_TRUST_INFORMATION
748class LSA_FOREST_TRUST_RECORD_ARRAY(NDRUniConformantArray):
749 item = PLSA_FOREST_TRUST_RECORD
751class PLSA_FOREST_TRUST_RECORD_ARRAY(NDRPOINTER):
752 referent = (
753 ('Data', LSA_FOREST_TRUST_RECORD_ARRAY),
754 )
756class LSA_FOREST_TRUST_INFORMATION(NDRSTRUCT):
757 structure = (
758 ('RecordCount', ULONG),
759 ('Entries', PLSA_FOREST_TRUST_RECORD_ARRAY),
760 )
762class PLSA_FOREST_TRUST_INFORMATION(NDRPOINTER):
763 referent = (
764 ('Data', LSA_FOREST_TRUST_INFORMATION),
765 )
767# 2.2.7.26 LSA_FOREST_TRUST_COLLISION_RECORD_TYPE
768class LSA_FOREST_TRUST_COLLISION_RECORD_TYPE(NDRENUM):
769 class enumItems(Enum):
770 CollisionTdo = 0
771 CollisionXref = 1
772 CollisionOther = 2
774# 2.2.7.27 LSA_FOREST_TRUST_COLLISION_RECORD
775class LSA_FOREST_TRUST_COLLISION_RECORD(NDRSTRUCT):
776 structure = (
777 ('Index', ULONG),
778 ('Type', LSA_FOREST_TRUST_COLLISION_RECORD_TYPE),
779 ('Flags', ULONG),
780 ('Name', LSA_UNICODE_STRING),
781 )
783# 2.2.8.1 LSAPR_POLICY_PRIVILEGE_DEF
784class LSAPR_POLICY_PRIVILEGE_DEF(NDRSTRUCT):
785 structure = (
786 ('Name', RPC_UNICODE_STRING),
787 ('LocalValue', LUID),
788 )
790# 2.2.8.2 LSAPR_PRIVILEGE_ENUM_BUFFER
791class LSAPR_POLICY_PRIVILEGE_DEF_ARRAY(NDRUniConformantArray):
792 item = LSAPR_POLICY_PRIVILEGE_DEF
794class PLSAPR_POLICY_PRIVILEGE_DEF_ARRAY(NDRPOINTER):
795 referent = (
796 ('Data', LSAPR_POLICY_PRIVILEGE_DEF_ARRAY),
797 )
799class LSAPR_PRIVILEGE_ENUM_BUFFER(NDRSTRUCT):
800 structure = (
801 ('Entries', ULONG),
802 ('Privileges', PLSAPR_POLICY_PRIVILEGE_DEF_ARRAY),
803 )
806################################################################################
807# RPC CALLS
808################################################################################
809# 3.1.4.4.1 LsarOpenPolicy2 (Opnum 44)
810class LsarOpenPolicy2(NDRCALL):
811 opnum = 44
812 structure = (
813 ('SystemName', LPWSTR),
814 ('ObjectAttributes',LSAPR_OBJECT_ATTRIBUTES),
815 ('DesiredAccess',ACCESS_MASK),
816 )
818class LsarOpenPolicy2Response(NDRCALL):
819 structure = (
820 ('PolicyHandle',LSAPR_HANDLE),
821 ('ErrorCode', NTSTATUS),
822 )
824# 3.1.4.4.2 LsarOpenPolicy (Opnum 6)
825class LsarOpenPolicy(NDRCALL):
826 opnum = 6
827 structure = (
828 ('SystemName', LPWSTR),
829 ('ObjectAttributes',LSAPR_OBJECT_ATTRIBUTES),
830 ('DesiredAccess',ACCESS_MASK),
831 )
833class LsarOpenPolicyResponse(NDRCALL):
834 structure = (
835 ('PolicyHandle',LSAPR_HANDLE),
836 ('ErrorCode', NTSTATUS),
837 )
839# 3.1.4.4.3 LsarQueryInformationPolicy2 (Opnum 46)
840class LsarQueryInformationPolicy2(NDRCALL):
841 opnum = 46
842 structure = (
843 ('PolicyHandle', LSAPR_HANDLE),
844 ('InformationClass',POLICY_INFORMATION_CLASS),
845 )
847class LsarQueryInformationPolicy2Response(NDRCALL):
848 structure = (
849 ('PolicyInformation',PLSAPR_POLICY_INFORMATION),
850 ('ErrorCode', NTSTATUS),
851 )
853# 3.1.4.4.4 LsarQueryInformationPolicy (Opnum 7)
854class LsarQueryInformationPolicy(NDRCALL):
855 opnum = 7
856 structure = (
857 ('PolicyHandle', LSAPR_HANDLE),
858 ('InformationClass',POLICY_INFORMATION_CLASS),
859 )
861class LsarQueryInformationPolicyResponse(NDRCALL):
862 structure = (
863 ('PolicyInformation',PLSAPR_POLICY_INFORMATION),
864 ('ErrorCode', NTSTATUS),
865 )
867# 3.1.4.4.5 LsarSetInformationPolicy2 (Opnum 47)
868class LsarSetInformationPolicy2(NDRCALL):
869 opnum = 47
870 structure = (
871 ('PolicyHandle', LSAPR_HANDLE),
872 ('InformationClass',POLICY_INFORMATION_CLASS),
873 ('PolicyInformation',LSAPR_POLICY_INFORMATION),
874 )
876class LsarSetInformationPolicy2Response(NDRCALL):
877 structure = (
878 ('ErrorCode', NTSTATUS),
879 )
881# 3.1.4.4.6 LsarSetInformationPolicy (Opnum 8)
882class LsarSetInformationPolicy(NDRCALL):
883 opnum = 8
884 structure = (
885 ('PolicyHandle', LSAPR_HANDLE),
886 ('InformationClass',POLICY_INFORMATION_CLASS),
887 ('PolicyInformation',LSAPR_POLICY_INFORMATION),
888 )
890class LsarSetInformationPolicyResponse(NDRCALL):
891 structure = (
892 ('ErrorCode', NTSTATUS),
893 )
895# 3.1.4.4.7 LsarQueryDomainInformationPolicy (Opnum 53)
896class LsarQueryDomainInformationPolicy(NDRCALL):
897 opnum = 53
898 structure = (
899 ('PolicyHandle', LSAPR_HANDLE),
900 ('InformationClass',POLICY_DOMAIN_INFORMATION_CLASS),
901 )
903class LsarQueryDomainInformationPolicyResponse(NDRCALL):
904 structure = (
905 ('PolicyDomainInformation',PLSAPR_POLICY_DOMAIN_INFORMATION),
906 ('ErrorCode', NTSTATUS),
907 )
909# 3.1.4.4.8 LsarSetDomainInformationPolicy (Opnum 54)
910# 3.1.4.5.1 LsarCreateAccount (Opnum 10)
911class LsarCreateAccount(NDRCALL):
912 opnum = 10
913 structure = (
914 ('PolicyHandle', LSAPR_HANDLE),
915 ('AccountSid',RPC_SID),
916 ('DesiredAccess',ACCESS_MASK),
917 )
919class LsarCreateAccountResponse(NDRCALL):
920 structure = (
921 ('AccountHandle',LSAPR_HANDLE),
922 ('ErrorCode', NTSTATUS),
923 )
925# 3.1.4.5.2 LsarEnumerateAccounts (Opnum 11)
926class LsarEnumerateAccounts(NDRCALL):
927 opnum = 11
928 structure = (
929 ('PolicyHandle', LSAPR_HANDLE),
930 ('EnumerationContext',ULONG),
931 ('PreferedMaximumLength',ULONG),
932 )
934class LsarEnumerateAccountsResponse(NDRCALL):
935 structure = (
936 ('EnumerationContext',ULONG),
937 ('EnumerationBuffer',LSAPR_ACCOUNT_ENUM_BUFFER),
938 ('ErrorCode', NTSTATUS),
939 )
941# 3.1.4.5.3 LsarOpenAccount (Opnum 17)
942class LsarOpenAccount(NDRCALL):
943 opnum = 17
944 structure = (
945 ('PolicyHandle', LSAPR_HANDLE),
946 ('AccountSid',RPC_SID),
947 ('DesiredAccess',ACCESS_MASK),
948 )
950class LsarOpenAccountResponse(NDRCALL):
951 structure = (
952 ('AccountHandle',LSAPR_HANDLE),
953 ('ErrorCode', NTSTATUS),
954 )
956# 3.1.4.5.4 LsarEnumeratePrivilegesAccount (Opnum 18)
957class LsarEnumeratePrivilegesAccount(NDRCALL):
958 opnum = 18
959 structure = (
960 ('AccountHandle', LSAPR_HANDLE),
961 )
963class LsarEnumeratePrivilegesAccountResponse(NDRCALL):
964 structure = (
965 ('Privileges',PLSAPR_PRIVILEGE_SET),
966 ('ErrorCode', NTSTATUS),
967 )
969# 3.1.4.5.5 LsarAddPrivilegesToAccount (Opnum 19)
970class LsarAddPrivilegesToAccount(NDRCALL):
971 opnum = 19
972 structure = (
973 ('AccountHandle', LSAPR_HANDLE),
974 ('Privileges', LSAPR_PRIVILEGE_SET),
975 )
977class LsarAddPrivilegesToAccountResponse(NDRCALL):
978 structure = (
979 ('ErrorCode', NTSTATUS),
980 )
982# 3.1.4.5.6 LsarRemovePrivilegesFromAccount (Opnum 20)
983class LsarRemovePrivilegesFromAccount(NDRCALL):
984 opnum = 20
985 structure = (
986 ('AccountHandle', LSAPR_HANDLE),
987 ('AllPrivileges', UCHAR),
988 ('Privileges', PLSAPR_PRIVILEGE_SET),
989 )
991class LsarRemovePrivilegesFromAccountResponse(NDRCALL):
992 structure = (
993 ('ErrorCode', NTSTATUS),
994 )
996# 3.1.4.5.7 LsarGetSystemAccessAccount (Opnum 23)
997class LsarGetSystemAccessAccount(NDRCALL):
998 opnum = 23
999 structure = (
1000 ('AccountHandle', LSAPR_HANDLE),
1001 )
1003class LsarGetSystemAccessAccountResponse(NDRCALL):
1004 structure = (
1005 ('SystemAccess', ULONG),
1006 ('ErrorCode', NTSTATUS),
1007 )
1009# 3.1.4.5.8 LsarSetSystemAccessAccount (Opnum 24)
1010class LsarSetSystemAccessAccount(NDRCALL):
1011 opnum = 24
1012 structure = (
1013 ('AccountHandle', LSAPR_HANDLE),
1014 ('SystemAccess', ULONG),
1015 )
1017class LsarSetSystemAccessAccountResponse(NDRCALL):
1018 structure = (
1019 ('ErrorCode', NTSTATUS),
1020 )
1022# 3.1.4.5.9 LsarEnumerateAccountsWithUserRight (Opnum 35)
1023class LsarEnumerateAccountsWithUserRight(NDRCALL):
1024 opnum = 35
1025 structure = (
1026 ('PolicyHandle', LSAPR_HANDLE),
1027 ('UserRight', PRPC_UNICODE_STRING),
1028 )
1030class LsarEnumerateAccountsWithUserRightResponse(NDRCALL):
1031 structure = (
1032 ('EnumerationBuffer',LSAPR_ACCOUNT_ENUM_BUFFER),
1033 ('ErrorCode', NTSTATUS),
1034 )
1036# 3.1.4.5.10 LsarEnumerateAccountRights (Opnum 36)
1037class LsarEnumerateAccountRights(NDRCALL):
1038 opnum = 36
1039 structure = (
1040 ('PolicyHandle', LSAPR_HANDLE),
1041 ('AccountSid', RPC_SID),
1042 )
1044class LsarEnumerateAccountRightsResponse(NDRCALL):
1045 structure = (
1046 ('UserRights',LSAPR_USER_RIGHT_SET),
1047 ('ErrorCode', NTSTATUS),
1048 )
1050# 3.1.4.5.11 LsarAddAccountRights (Opnum 37)
1051class LsarAddAccountRights(NDRCALL):
1052 opnum = 37
1053 structure = (
1054 ('PolicyHandle', LSAPR_HANDLE),
1055 ('AccountSid', RPC_SID),
1056 ('UserRights',LSAPR_USER_RIGHT_SET),
1057 )
1059class LsarAddAccountRightsResponse(NDRCALL):
1060 structure = (
1061 ('ErrorCode', NTSTATUS),
1062 )
1064# 3.1.4.5.12 LsarRemoveAccountRights (Opnum 38)
1065class LsarRemoveAccountRights(NDRCALL):
1066 opnum = 38
1067 structure = (
1068 ('PolicyHandle', LSAPR_HANDLE),
1069 ('AccountSid', RPC_SID),
1070 ('AllRights', UCHAR),
1071 ('UserRights',LSAPR_USER_RIGHT_SET),
1072 )
1074class LsarRemoveAccountRightsResponse(NDRCALL):
1075 structure = (
1076 ('ErrorCode', NTSTATUS),
1077 )
1079# 3.1.4.6.1 LsarCreateSecret (Opnum 16)
1080class LsarCreateSecret(NDRCALL):
1081 opnum = 16
1082 structure = (
1083 ('PolicyHandle', LSAPR_HANDLE),
1084 ('SecretName', RPC_UNICODE_STRING),
1085 ('DesiredAccess', ACCESS_MASK),
1086 )
1088class LsarCreateSecretResponse(NDRCALL):
1089 structure = (
1090 ('SecretHandle', LSAPR_HANDLE),
1091 ('ErrorCode', NTSTATUS),
1092 )
1094# 3.1.4.6.2 LsarOpenSecret (Opnum 28)
1095class LsarOpenSecret(NDRCALL):
1096 opnum = 28
1097 structure = (
1098 ('PolicyHandle', LSAPR_HANDLE),
1099 ('SecretName', RPC_UNICODE_STRING),
1100 ('DesiredAccess', ACCESS_MASK),
1101 )
1103class LsarOpenSecretResponse(NDRCALL):
1104 structure = (
1105 ('SecretHandle', LSAPR_HANDLE),
1106 ('ErrorCode', NTSTATUS),
1107 )
1109# 3.1.4.6.3 LsarSetSecret (Opnum 29)
1110class LsarSetSecret(NDRCALL):
1111 opnum = 29
1112 structure = (
1113 ('SecretHandle', LSAPR_HANDLE),
1114 ('EncryptedCurrentValue', PLSAPR_CR_CIPHER_VALUE),
1115 ('EncryptedOldValue', PLSAPR_CR_CIPHER_VALUE),
1116 )
1118class LsarSetSecretResponse(NDRCALL):
1119 structure = (
1120 ('ErrorCode', NTSTATUS),
1121 )
1123# 3.1.4.6.4 LsarQuerySecret (Opnum 30)
1124class LsarQuerySecret(NDRCALL):
1125 opnum = 30
1126 structure = (
1127 ('SecretHandle', LSAPR_HANDLE),
1128 ('EncryptedCurrentValue', PPLSAPR_CR_CIPHER_VALUE),
1129 ('CurrentValueSetTime', PLARGE_INTEGER),
1130 ('EncryptedOldValue', PPLSAPR_CR_CIPHER_VALUE),
1131 ('OldValueSetTime', PLARGE_INTEGER),
1132 )
1134class LsarQuerySecretResponse(NDRCALL):
1135 structure = (
1136 ('EncryptedCurrentValue', PPLSAPR_CR_CIPHER_VALUE),
1137 ('CurrentValueSetTime', PLARGE_INTEGER),
1138 ('EncryptedOldValue', PPLSAPR_CR_CIPHER_VALUE),
1139 ('OldValueSetTime', PLARGE_INTEGER),
1140 ('ErrorCode', NTSTATUS),
1141 )
1143# 3.1.4.6.5 LsarStorePrivateData (Opnum 42)
1144class LsarStorePrivateData(NDRCALL):
1145 opnum = 42
1146 structure = (
1147 ('PolicyHandle', LSAPR_HANDLE),
1148 ('KeyName', RPC_UNICODE_STRING),
1149 ('EncryptedData', PLSAPR_CR_CIPHER_VALUE),
1150 )
1152class LsarStorePrivateDataResponse(NDRCALL):
1153 structure = (
1154 ('ErrorCode', NTSTATUS),
1155 )
1157# 3.1.4.6.6 LsarRetrievePrivateData (Opnum 43)
1158class LsarRetrievePrivateData(NDRCALL):
1159 opnum = 43
1160 structure = (
1161 ('PolicyHandle', LSAPR_HANDLE),
1162 ('KeyName', RPC_UNICODE_STRING),
1163 ('EncryptedData', PLSAPR_CR_CIPHER_VALUE),
1164 )
1166class LsarRetrievePrivateDataResponse(NDRCALL):
1167 structure = (
1168 ('EncryptedData', PLSAPR_CR_CIPHER_VALUE),
1169 ('ErrorCode', NTSTATUS),
1170 )
1172# 3.1.4.7.1 LsarOpenTrustedDomain (Opnum 25)
1173# 3.1.4.7.1 LsarQueryInfoTrustedDomain (Opnum 26)
1174# 3.1.4.7.2 LsarQueryTrustedDomainInfo (Opnum 39)
1175# 3.1.4.7.3 LsarSetTrustedDomainInfo (Opnum 40)
1176# 3.1.4.7.4 LsarDeleteTrustedDomain (Opnum 41)
1177# 3.1.4.7.5 LsarQueryTrustedDomainInfoByName (Opnum 48)
1178# 3.1.4.7.6 LsarSetTrustedDomainInfoByName (Opnum 49)
1179# 3.1.4.7.7 LsarEnumerateTrustedDomainsEx (Opnum 50)
1180class LsarEnumerateTrustedDomainsEx(NDRCALL):
1181 opnum = 50
1182 structure = (
1183 ('PolicyHandle', LSAPR_HANDLE),
1184 ('EnumerationContext', ULONG),
1185 ('PreferedMaximumLength', ULONG),
1186 )
1188class LsarEnumerateTrustedDomainsExResponse(NDRCALL):
1189 structure = (
1190 ('EnumerationContext', ULONG),
1191 ('EnumerationBuffer',LSAPR_TRUSTED_ENUM_BUFFER_EX),
1192 ('ErrorCode', NTSTATUS),
1193 )
1195# 3.1.4.7.8 LsarEnumerateTrustedDomains (Opnum 13)
1196class LsarEnumerateTrustedDomains(NDRCALL):
1197 opnum = 13
1198 structure = (
1199 ('PolicyHandle', LSAPR_HANDLE),
1200 ('EnumerationContext', ULONG),
1201 ('PreferedMaximumLength', ULONG),
1202 )
1204class LsarEnumerateTrustedDomainsResponse(NDRCALL):
1205 structure = (
1206 ('EnumerationContext', ULONG),
1207 ('EnumerationBuffer',LSAPR_TRUSTED_ENUM_BUFFER),
1208 ('ErrorCode', NTSTATUS),
1209 )
1211# 3.1.4.7.9 LsarOpenTrustedDomainByName (Opnum 55)
1212# 3.1.4.7.10 LsarCreateTrustedDomainEx2 (Opnum 59)
1213# 3.1.4.7.11 LsarCreateTrustedDomainEx (Opnum 51)
1214# 3.1.4.7.12 LsarCreateTrustedDomain (Opnum 12)
1215# 3.1.4.7.14 LsarSetInformationTrustedDomain (Opnum 27)
1216# 3.1.4.7.15 LsarQueryForestTrustInformation (Opnum 73)
1217class LsarQueryForestTrustInformation(NDRCALL):
1218 opnum = 73
1219 structure = (
1220 ('PolicyHandle', LSAPR_HANDLE),
1221 ('TrustedDomainName', LSA_UNICODE_STRING),
1222 ('HighestRecordType', LSA_FOREST_TRUST_RECORD_TYPE),
1223 )
1225class LsarQueryForestTrustInformationResponse(NDRCALL):
1226 structure = (
1227 ('ForestTrustInfo', PLSA_FOREST_TRUST_INFORMATION),
1228 ('ErrorCode', NTSTATUS),
1229 )
1231# 3.1.4.7.16 LsarSetForestTrustInformation (Opnum 74)
1233# 3.1.4.8.1 LsarEnumeratePrivileges (Opnum 2)
1234class LsarEnumeratePrivileges(NDRCALL):
1235 opnum = 2
1236 structure = (
1237 ('PolicyHandle', LSAPR_HANDLE),
1238 ('EnumerationContext', ULONG),
1239 ('PreferedMaximumLength', ULONG),
1240 )
1242class LsarEnumeratePrivilegesResponse(NDRCALL):
1243 structure = (
1244 ('EnumerationContext', ULONG),
1245 ('EnumerationBuffer', LSAPR_PRIVILEGE_ENUM_BUFFER),
1246 ('ErrorCode', NTSTATUS),
1247 )
1249# 3.1.4.8.2 LsarLookupPrivilegeValue (Opnum 31)
1250class LsarLookupPrivilegeValue(NDRCALL):
1251 opnum = 31
1252 structure = (
1253 ('PolicyHandle', LSAPR_HANDLE),
1254 ('Name', RPC_UNICODE_STRING),
1255 )
1257class LsarLookupPrivilegeValueResponse(NDRCALL):
1258 structure = (
1259 ('Value', LUID),
1260 ('ErrorCode', NTSTATUS),
1261 )
1263# 3.1.4.8.3 LsarLookupPrivilegeName (Opnum 32)
1264class LsarLookupPrivilegeName(NDRCALL):
1265 opnum = 32
1266 structure = (
1267 ('PolicyHandle', LSAPR_HANDLE),
1268 ('Value', LUID),
1269 )
1271class LsarLookupPrivilegeNameResponse(NDRCALL):
1272 structure = (
1273 ('Name', PRPC_UNICODE_STRING),
1274 ('ErrorCode', NTSTATUS),
1275 )
1277# 3.1.4.8.4 LsarLookupPrivilegeDisplayName (Opnum 33)
1278class LsarLookupPrivilegeDisplayName(NDRCALL):
1279 opnum = 33
1280 structure = (
1281 ('PolicyHandle', LSAPR_HANDLE),
1282 ('Name', RPC_UNICODE_STRING),
1283 ('ClientLanguage', USHORT),
1284 ('ClientSystemDefaultLanguage', USHORT),
1285 )
1287class LsarLookupPrivilegeDisplayNameResponse(NDRCALL):
1288 structure = (
1289 ('Name', PRPC_UNICODE_STRING),
1290 ('LanguageReturned', UCHAR),
1291 ('ErrorCode', NTSTATUS),
1292 )
1294# 3.1.4.9.1 LsarQuerySecurityObject (Opnum 3)
1295class LsarQuerySecurityObject(NDRCALL):
1296 opnum = 3
1297 structure = (
1298 ('PolicyHandle', LSAPR_HANDLE),
1299 ('SecurityInformation', SECURITY_INFORMATION),
1300 )
1302class LsarQuerySecurityObjectResponse(NDRCALL):
1303 structure = (
1304 ('SecurityDescriptor', PLSAPR_SR_SECURITY_DESCRIPTOR),
1305 ('ErrorCode', NTSTATUS),
1306 )
1308# 3.1.4.9.2 LsarSetSecurityObject (Opnum 4)
1309class LsarSetSecurityObject(NDRCALL):
1310 opnum = 4
1311 structure = (
1312 ('PolicyHandle', LSAPR_HANDLE),
1313 ('SecurityInformation', SECURITY_INFORMATION),
1314 ('SecurityDescriptor', LSAPR_SR_SECURITY_DESCRIPTOR),
1315 )
1317class LsarSetSecurityObjectResponse(NDRCALL):
1318 structure = (
1319 ('ErrorCode', NTSTATUS),
1320 )
1322# 3.1.4.9.3 LsarDeleteObject (Opnum 34)
1323class LsarDeleteObject(NDRCALL):
1324 opnum = 34
1325 structure = (
1326 ('ObjectHandle', LSAPR_HANDLE),
1327 )
1329class LsarDeleteObjectResponse(NDRCALL):
1330 structure = (
1331 ('ObjectHandle', LSAPR_HANDLE),
1332 ('ErrorCode', NTSTATUS),
1333 )
1335# 3.1.4.9.4 LsarClose (Opnum 0)
1336class LsarClose(NDRCALL):
1337 opnum = 0
1338 structure = (
1339 ('ObjectHandle', LSAPR_HANDLE),
1340 )
1342class LsarCloseResponse(NDRCALL):
1343 structure = (
1344 ('ObjectHandle', LSAPR_HANDLE),
1345 ('ErrorCode', NTSTATUS),
1346 )
1348################################################################################
1349# OPNUMs and their corresponding structures
1350################################################################################
1351OPNUMS = {
1352 0 : (LsarClose, LsarCloseResponse),
1353 2 : (LsarEnumeratePrivileges, LsarEnumeratePrivilegesResponse),
1354 3 : (LsarQuerySecurityObject, LsarQuerySecurityObjectResponse),
1355 4 : (LsarSetSecurityObject, LsarSetSecurityObjectResponse),
1356 6 : (LsarOpenPolicy, LsarOpenPolicyResponse),
1357 7 : (LsarQueryInformationPolicy, LsarQueryInformationPolicyResponse),
1358 8 : (LsarSetInformationPolicy, LsarSetInformationPolicyResponse),
135910 : (LsarCreateAccount, LsarCreateAccountResponse),
136011 : (LsarEnumerateAccounts, LsarEnumerateAccountsResponse),
1361#12 : (LsarCreateTrustedDomain, LsarCreateTrustedDomainResponse),
136213 : (LsarEnumerateTrustedDomains, LsarEnumerateTrustedDomainsResponse),
136316 : (LsarCreateSecret, LsarCreateSecretResponse),
136417 : (LsarOpenAccount, LsarOpenAccountResponse),
136518 : (LsarEnumeratePrivilegesAccount, LsarEnumeratePrivilegesAccountResponse),
136619 : (LsarAddPrivilegesToAccount, LsarAddPrivilegesToAccountResponse),
136720 : (LsarRemovePrivilegesFromAccount, LsarRemovePrivilegesFromAccountResponse),
136823 : (LsarGetSystemAccessAccount, LsarGetSystemAccessAccountResponse),
136924 : (LsarSetSystemAccessAccount, LsarSetSystemAccessAccountResponse),
1370#25 : (LsarOpenTrustedDomain, LsarOpenTrustedDomainResponse),
1371#26 : (LsarQueryInfoTrustedDomain, LsarQueryInfoTrustedDomainResponse),
1372#27 : (LsarSetInformationTrustedDomain, LsarSetInformationTrustedDomainResponse),
137328 : (LsarOpenSecret, LsarOpenSecretResponse),
137429 : (LsarSetSecret, LsarSetSecretResponse),
137530 : (LsarQuerySecret, LsarQuerySecretResponse),
137631 : (LsarLookupPrivilegeValue, LsarLookupPrivilegeValueResponse),
137732 : (LsarLookupPrivilegeName, LsarLookupPrivilegeNameResponse),
137833 : (LsarLookupPrivilegeDisplayName, LsarLookupPrivilegeDisplayNameResponse),
137934 : (LsarDeleteObject, LsarDeleteObjectResponse),
138035 : (LsarEnumerateAccountsWithUserRight, LsarEnumerateAccountsWithUserRightResponse),
138136 : (LsarEnumerateAccountRights, LsarEnumerateAccountRightsResponse),
138237 : (LsarAddAccountRights, LsarAddAccountRightsResponse),
138338 : (LsarRemoveAccountRights, LsarRemoveAccountRightsResponse),
1384#39 : (LsarQueryTrustedDomainInfo, LsarQueryTrustedDomainInfoResponse),
1385#40 : (LsarSetTrustedDomainInfo, LsarSetTrustedDomainInfoResponse),
1386#41 : (LsarDeleteTrustedDomain, LsarDeleteTrustedDomainResponse),
138742 : (LsarStorePrivateData, LsarStorePrivateDataResponse),
138843 : (LsarRetrievePrivateData, LsarRetrievePrivateDataResponse),
138944 : (LsarOpenPolicy2, LsarOpenPolicy2Response),
139046 : (LsarQueryInformationPolicy2, LsarQueryInformationPolicy2Response),
139147 : (LsarSetInformationPolicy2, LsarSetInformationPolicy2Response),
1392#48 : (LsarQueryTrustedDomainInfoByName, LsarQueryTrustedDomainInfoByNameResponse),
1393#49 : (LsarSetTrustedDomainInfoByName, LsarSetTrustedDomainInfoByNameResponse),
139450 : (LsarEnumerateTrustedDomainsEx, LsarEnumerateTrustedDomainsExResponse),
1395#51 : (LsarCreateTrustedDomainEx, LsarCreateTrustedDomainExResponse),
139653 : (LsarQueryDomainInformationPolicy, LsarQueryDomainInformationPolicyResponse),
1397#54 : (LsarSetDomainInformationPolicy, LsarSetDomainInformationPolicyResponse),
1398#55 : (LsarOpenTrustedDomainByName, LsarOpenTrustedDomainByNameResponse),
1399#59 : (LsarCreateTrustedDomainEx2, LsarCreateTrustedDomainEx2Response),
1400#73 : (LsarQueryForestTrustInformation, LsarQueryForestTrustInformationResponse),
1401#74 : (LsarSetForestTrustInformation, LsarSetForestTrustInformationResponse),
1402}
1404################################################################################
1405# HELPER FUNCTIONS
1406################################################################################
1407def hLsarOpenPolicy2(dce, desiredAccess = MAXIMUM_ALLOWED):
1408 request = LsarOpenPolicy2()
1409 request['SystemName'] = NULL
1410 request['ObjectAttributes']['RootDirectory'] = NULL
1411 request['ObjectAttributes']['ObjectName'] = NULL
1412 request['ObjectAttributes']['SecurityDescriptor'] = NULL
1413 request['ObjectAttributes']['SecurityQualityOfService'] = NULL
1414 request['DesiredAccess'] = desiredAccess
1415 return dce.request(request)
1417def hLsarOpenPolicy(dce, desiredAccess = MAXIMUM_ALLOWED):
1418 request = LsarOpenPolicy()
1419 request['SystemName'] = NULL
1420 request['ObjectAttributes']['RootDirectory'] = NULL
1421 request['ObjectAttributes']['ObjectName'] = NULL
1422 request['ObjectAttributes']['SecurityDescriptor'] = NULL
1423 request['ObjectAttributes']['SecurityQualityOfService'] = NULL
1424 request['DesiredAccess'] = desiredAccess
1425 return dce.request(request)
1427def hLsarQueryInformationPolicy2(dce, policyHandle, informationClass):
1428 request = LsarQueryInformationPolicy2()
1429 request['PolicyHandle'] = policyHandle
1430 request['InformationClass'] = informationClass
1431 return dce.request(request)
1433def hLsarQueryInformationPolicy(dce, policyHandle, informationClass):
1434 request = LsarQueryInformationPolicy()
1435 request['PolicyHandle'] = policyHandle
1436 request['InformationClass'] = informationClass
1437 return dce.request(request)
1439def hLsarQueryDomainInformationPolicy(dce, policyHandle, informationClass):
1440 request = LsarQueryInformationPolicy()
1441 request['PolicyHandle'] = policyHandle
1442 request['InformationClass'] = informationClass
1443 return dce.request(request)
1445def hLsarEnumerateAccounts(dce, policyHandle, preferedMaximumLength=0xffffffff):
1446 request = LsarEnumerateAccounts()
1447 request['PolicyHandle'] = policyHandle
1448 request['PreferedMaximumLength'] = preferedMaximumLength
1449 return dce.request(request)
1451def hLsarEnumerateAccountsWithUserRight(dce, policyHandle, UserRight):
1452 request = LsarEnumerateAccountsWithUserRight()
1453 request['PolicyHandle'] = policyHandle
1454 request['UserRight'] = UserRight
1455 return dce.request(request)
1457def hLsarEnumerateTrustedDomainsEx(dce, policyHandle, enumerationContext=0, preferedMaximumLength=0xffffffff):
1458 request = LsarEnumerateTrustedDomainsEx()
1459 request['PolicyHandle'] = policyHandle
1460 request['EnumerationContext'] = enumerationContext
1461 request['PreferedMaximumLength'] = preferedMaximumLength
1462 return dce.request(request)
1464def hLsarEnumerateTrustedDomains(dce, policyHandle, enumerationContext=0, preferedMaximumLength=0xffffffff):
1465 request = LsarEnumerateTrustedDomains()
1466 request['PolicyHandle'] = policyHandle
1467 request['EnumerationContext'] = enumerationContext
1468 request['PreferedMaximumLength'] = preferedMaximumLength
1469 return dce.request(request)
1471def hLsarOpenAccount(dce, policyHandle, accountSid, desiredAccess=MAXIMUM_ALLOWED):
1472 request = LsarOpenAccount()
1473 request['PolicyHandle'] = policyHandle
1474 request['AccountSid'].fromCanonical(accountSid)
1475 request['DesiredAccess'] = desiredAccess
1476 return dce.request(request)
1478def hLsarClose(dce, objectHandle):
1479 request = LsarClose()
1480 request['ObjectHandle'] = objectHandle
1481 return dce.request(request)
1483def hLsarCreateAccount(dce, policyHandle, accountSid, desiredAccess=MAXIMUM_ALLOWED):
1484 request = LsarCreateAccount()
1485 request['PolicyHandle'] = policyHandle
1486 request['AccountSid'].fromCanonical(accountSid)
1487 request['DesiredAccess'] = desiredAccess
1488 return dce.request(request)
1490def hLsarDeleteObject(dce, objectHandle):
1491 request = LsarDeleteObject()
1492 request['ObjectHandle'] = objectHandle
1493 return dce.request(request)
1495def hLsarEnumeratePrivilegesAccount(dce, accountHandle):
1496 request = LsarEnumeratePrivilegesAccount()
1497 request['AccountHandle'] = accountHandle
1498 return dce.request(request)
1500def hLsarGetSystemAccessAccount(dce, accountHandle):
1501 request = LsarGetSystemAccessAccount()
1502 request['AccountHandle'] = accountHandle
1503 return dce.request(request)
1505def hLsarSetSystemAccessAccount(dce, accountHandle, systemAccess):
1506 request = LsarSetSystemAccessAccount()
1507 request['AccountHandle'] = accountHandle
1508 request['SystemAccess'] = systemAccess
1509 return dce.request(request)
1511def hLsarAddPrivilegesToAccount(dce, accountHandle, privileges):
1512 request = LsarAddPrivilegesToAccount()
1513 request['AccountHandle'] = accountHandle
1514 request['Privileges']['PrivilegeCount'] = len(privileges)
1515 request['Privileges']['Control'] = 0
1516 for priv in privileges:
1517 request['Privileges']['Privilege'].append(priv)
1519 return dce.request(request)
1521def hLsarRemovePrivilegesFromAccount(dce, accountHandle, privileges, allPrivileges = False):
1522 request = LsarRemovePrivilegesFromAccount()
1523 request['AccountHandle'] = accountHandle
1524 request['Privileges']['Control'] = 0
1525 if privileges != NULL:
1526 request['Privileges']['PrivilegeCount'] = len(privileges)
1527 for priv in privileges:
1528 request['Privileges']['Privilege'].append(priv)
1529 else:
1530 request['Privileges']['PrivilegeCount'] = NULL
1531 request['AllPrivileges'] = allPrivileges
1533 return dce.request(request)
1535def hLsarEnumerateAccountRights(dce, policyHandle, accountSid):
1536 request = LsarEnumerateAccountRights()
1537 request['PolicyHandle'] = policyHandle
1538 request['AccountSid'].fromCanonical(accountSid)
1539 return dce.request(request)
1541def hLsarAddAccountRights(dce, policyHandle, accountSid, userRights):
1542 request = LsarAddAccountRights()
1543 request['PolicyHandle'] = policyHandle
1544 request['AccountSid'].fromCanonical(accountSid)
1545 request['UserRights']['EntriesRead'] = len(userRights)
1546 for userRight in userRights:
1547 right = RPC_UNICODE_STRING()
1548 right['Data'] = userRight
1549 request['UserRights']['UserRights'].append(right)
1551 return dce.request(request)
1553def hLsarRemoveAccountRights(dce, policyHandle, accountSid, userRights):
1554 request = LsarRemoveAccountRights()
1555 request['PolicyHandle'] = policyHandle
1556 request['AccountSid'].fromCanonical(accountSid)
1557 request['UserRights']['EntriesRead'] = len(userRights)
1558 for userRight in userRights:
1559 right = RPC_UNICODE_STRING()
1560 right['Data'] = userRight
1561 request['UserRights']['UserRights'].append(right)
1563 return dce.request(request)
1565def hLsarCreateSecret(dce, policyHandle, secretName, desiredAccess=MAXIMUM_ALLOWED):
1566 request = LsarCreateSecret()
1567 request['PolicyHandle'] = policyHandle
1568 request['SecretName'] = secretName
1569 request['DesiredAccess'] = desiredAccess
1570 return dce.request(request)
1572def hLsarOpenSecret(dce, policyHandle, secretName, desiredAccess=MAXIMUM_ALLOWED):
1573 request = LsarOpenSecret()
1574 request['PolicyHandle'] = policyHandle
1575 request['SecretName'] = secretName
1576 request['DesiredAccess'] = desiredAccess
1577 return dce.request(request)
1579def hLsarSetSecret(dce, secretHandle, encryptedCurrentValue, encryptedOldValue):
1580 request = LsarOpenSecret()
1581 request['SecretHandle'] = secretHandle
1582 if encryptedCurrentValue != NULL:
1583 request['EncryptedCurrentValue']['Length'] = len(encryptedCurrentValue)
1584 request['EncryptedCurrentValue']['MaximumLength'] = len(encryptedCurrentValue)
1585 request['EncryptedCurrentValue']['Buffer'] = list(encryptedCurrentValue)
1586 if encryptedOldValue != NULL:
1587 request['EncryptedOldValue']['Length'] = len(encryptedOldValue)
1588 request['EncryptedOldValue']['MaximumLength'] = len(encryptedOldValue)
1589 request['EncryptedOldValue']['Buffer'] = list(encryptedOldValue)
1590 return dce.request(request)
1592def hLsarQuerySecret(dce, secretHandle):
1593 request = LsarQuerySecret()
1594 request['SecretHandle'] = secretHandle
1595 request['EncryptedCurrentValue']['Buffer'] = NULL
1596 request['EncryptedOldValue']['Buffer'] = NULL
1597 request['OldValueSetTime'] = NULL
1598 return dce.request(request)
1600def hLsarRetrievePrivateData(dce, policyHandle, keyName):
1601 request = LsarRetrievePrivateData()
1602 request['PolicyHandle'] = policyHandle
1603 request['KeyName'] = keyName
1604 retVal = dce.request(request)
1605 return b''.join(retVal['EncryptedData']['Buffer'])
1607def hLsarStorePrivateData(dce, policyHandle, keyName, encryptedData):
1608 request = LsarStorePrivateData()
1609 request['PolicyHandle'] = policyHandle
1610 request['KeyName'] = keyName
1611 if encryptedData != NULL:
1612 request['EncryptedData']['Length'] = len(encryptedData)
1613 request['EncryptedData']['MaximumLength'] = len(encryptedData)
1614 request['EncryptedData']['Buffer'] = list(encryptedData)
1615 else:
1616 request['EncryptedData'] = NULL
1617 return dce.request(request)
1619def hLsarEnumeratePrivileges(dce, policyHandle, enumerationContext = 0, preferedMaximumLength = 0xffffffff):
1620 request = LsarEnumeratePrivileges()
1621 request['PolicyHandle'] = policyHandle
1622 request['EnumerationContext'] = enumerationContext
1623 request['PreferedMaximumLength'] = preferedMaximumLength
1624 return dce.request(request)
1626def hLsarLookupPrivilegeValue(dce, policyHandle, name):
1627 request = LsarLookupPrivilegeValue()
1628 request['PolicyHandle'] = policyHandle
1629 request['Name'] = name
1630 return dce.request(request)
1632def hLsarLookupPrivilegeName(dce, policyHandle, luid):
1633 request = LsarLookupPrivilegeName()
1634 request['PolicyHandle'] = policyHandle
1635 request['Value'] = luid
1636 return dce.request(request)
1638def hLsarQuerySecurityObject(dce, policyHandle, securityInformation = OWNER_SECURITY_INFORMATION):
1639 request = LsarQuerySecurityObject()
1640 request['PolicyHandle'] = policyHandle
1641 request['SecurityInformation'] = securityInformation
1642 retVal = dce.request(request)
1643 return b''.join(retVal['SecurityDescriptor']['SecurityDescriptor'])
1645def hLsarSetSecurityObject(dce, policyHandle, securityInformation, securityDescriptor):
1646 request = LsarSetSecurityObject()
1647 request['PolicyHandle'] = policyHandle
1648 request['SecurityInformation'] = securityInformation
1649 request['SecurityDescriptor']['Length'] = len(securityDescriptor)
1650 request['SecurityDescriptor']['SecurityDescriptor'] = list(securityDescriptor)
1651 return dce.request(request)
1653def hLsarSetInformationPolicy2(dce, policyHandle, informationClass, policyInformation):
1654 request = LsarSetInformationPolicy2()
1655 request['PolicyHandle'] = policyHandle
1656 request['InformationClass'] = informationClass
1657 request['PolicyInformation'] = policyInformation
1658 return dce.request(request)
1660def hLsarSetInformationPolicy(dce, policyHandle, informationClass, policyInformation):
1661 request = LsarSetInformationPolicy()
1662 request['PolicyHandle'] = policyHandle
1663 request['InformationClass'] = informationClass
1664 request['PolicyInformation'] = policyInformation
1665 return dce.request(request)