Coverage for /root/GitHubProjects/impacket/impacket/dcerpc/v5/samr.py : 95%

Hot-keys on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
2#
3# This software is provided under under a slightly modified version
4# of the Apache Software License. See the accompanying LICENSE file
5# for more information.
6#
7# Author: Alberto Solino (@agsolino)
8#
9# Description:
10# [MS-SAMR] Interface implementation
11#
12# Best way to learn how to use these calls is to grab the protocol standard
13# so you understand what the call does, and then read the test case located
14# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
15#
16# Some calls have helper functions, which makes it even easier to use.
17# They are located at the end of this file.
18# Helper functions start with "h"<name of the call>.
19# There are test cases for them too.
20#
21from __future__ import division
22from __future__ import print_function
23from binascii import unhexlify
25from impacket.dcerpc.v5.ndr import NDRCALL, NDR, NDRSTRUCT, NDRUNION, NDRPOINTER, NDRUniConformantArray, \
26 NDRUniConformantVaryingArray, NDRENUM
27from impacket.dcerpc.v5.dtypes import NULL, RPC_UNICODE_STRING, ULONG, USHORT, UCHAR, LARGE_INTEGER, RPC_SID, LONG, STR, \
28 LPBYTE, SECURITY_INFORMATION, PRPC_SID, PRPC_UNICODE_STRING, LPWSTR
29from impacket.dcerpc.v5.rpcrt import DCERPCException
30from impacket import nt_errors, LOG
31from impacket.uuid import uuidtup_to_bin
32from impacket.dcerpc.v5.enum import Enum
33from impacket.structure import Structure
35import struct
36import os
37from hashlib import md5
38from Cryptodome.Cipher import ARC4
40MSRPC_UUID_SAMR = uuidtup_to_bin(('12345778-1234-ABCD-EF00-0123456789AC', '1.0'))
42class DCERPCSessionError(DCERPCException):
43 def __init__(self, error_string=None, error_code=None, packet=None):
44 DCERPCException.__init__(self, error_string, error_code, packet)
46 def __str__( self ):
47 key = self.error_code
48 if key in nt_errors.ERROR_MESSAGES: 48 ↛ 53line 48 didn't jump to line 53, because the condition on line 48 was never false
49 error_msg_short = nt_errors.ERROR_MESSAGES[key][0]
50 error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1]
51 return 'SAMR SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
52 else:
53 return 'SAMR SessionError: unknown error code: 0x%x' % self.error_code
55################################################################################
56# CONSTANTS
57################################################################################
58PSAMPR_SERVER_NAME = LPWSTR
59# 2.2.1.1 Common ACCESS_MASK Values
60DELETE = 0x00010000
61READ_CONTROL = 0x00020000
62WRITE_DAC = 0x00040000
63WRITE_OWNER = 0x00080000
64ACCESS_SYSTEM_SECURITY = 0x01000000
65MAXIMUM_ALLOWED = 0x02000000
67# 2.2.1.2 Generic ACCESS_MASK Values
68GENERIC_READ = 0x80000000
69GENERIC_WRITE = 0x40000000
70GENERIC_EXECUTE = 0x20000000
71GENERIC_ALL = 0x10000000
73# 2.2.1.3 Server ACCESS_MASK Values
74SAM_SERVER_CONNECT = 0x00000001
75SAM_SERVER_SHUTDOWN = 0x00000002
76SAM_SERVER_INITIALIZE = 0x00000004
77SAM_SERVER_CREATE_DOMAIN = 0x00000008
78SAM_SERVER_ENUMERATE_DOMAINS = 0x00000010
79SAM_SERVER_LOOKUP_DOMAIN = 0x00000020
80SAM_SERVER_ALL_ACCESS = 0x000F003F
81SAM_SERVER_READ = 0x00020010
82SAM_SERVER_WRITE = 0x0002000E
83SAM_SERVER_EXECUTE = 0x00020021
85# 2.2.1.4 Domain ACCESS_MASK Values
86DOMAIN_READ_PASSWORD_PARAMETERS = 0x00000001
87DOMAIN_WRITE_PASSWORD_PARAMS = 0x00000002
88DOMAIN_READ_OTHER_PARAMETERS = 0x00000004
89DOMAIN_WRITE_OTHER_PARAMETERS = 0x00000008
90DOMAIN_CREATE_USER = 0x00000010
91DOMAIN_CREATE_GROUP = 0x00000020
92DOMAIN_CREATE_ALIAS = 0x00000040
93DOMAIN_GET_ALIAS_MEMBERSHIP = 0x00000080
94DOMAIN_LIST_ACCOUNTS = 0x00000100
95DOMAIN_LOOKUP = 0x00000200
96DOMAIN_ADMINISTER_SERVER = 0x00000400
97DOMAIN_ALL_ACCESS = 0x000F07FF
98DOMAIN_READ = 0x00020084
99DOMAIN_WRITE = 0x0002047A
100DOMAIN_EXECUTE = 0x00020301
102# 2.2.1.5 Group ACCESS_MASK Values
103GROUP_READ_INFORMATION = 0x00000001
104GROUP_WRITE_ACCOUNT = 0x00000002
105GROUP_ADD_MEMBER = 0x00000004
106GROUP_REMOVE_MEMBER = 0x00000008
107GROUP_LIST_MEMBERS = 0x00000010
108GROUP_ALL_ACCESS = 0x000F001F
109GROUP_READ = 0x00020010
110GROUP_WRITE = 0x0002000E
111GROUP_EXECUTE = 0x00020001
113# 2.2.1.6 Alias ACCESS_MASK Values
114ALIAS_ADD_MEMBER = 0x00000001
115ALIAS_REMOVE_MEMBER = 0x00000002
116ALIAS_LIST_MEMBERS = 0x00000004
117ALIAS_READ_INFORMATION = 0x00000008
118ALIAS_WRITE_ACCOUNT = 0x00000010
119ALIAS_ALL_ACCESS = 0x000F001F
120ALIAS_READ = 0x00020004
121ALIAS_WRITE = 0x00020013
122ALIAS_EXECUTE = 0x00020008
124# 2.2.1.7 User ACCESS_MASK Values
125USER_READ_GENERAL = 0x00000001
126USER_READ_PREFERENCES = 0x00000002
127USER_WRITE_PREFERENCES = 0x00000004
128USER_READ_LOGON = 0x00000008
129USER_READ_ACCOUNT = 0x00000010
130USER_WRITE_ACCOUNT = 0x00000020
131USER_CHANGE_PASSWORD = 0x00000040
132USER_FORCE_PASSWORD_CHANGE = 0x00000080
133USER_LIST_GROUPS = 0x00000100
134USER_READ_GROUP_INFORMATION = 0x00000200
135USER_WRITE_GROUP_INFORMATION = 0x00000400
136USER_ALL_ACCESS = 0x000F07FF
137USER_READ = 0x0002031A
138USER_WRITE = 0x00020044
139USER_EXECUTE = 0x00020041
141# 2.2.1.8 USER_ALL Values
142USER_ALL_USERNAME = 0x00000001
143USER_ALL_FULLNAME = 0x00000002
144USER_ALL_USERID = 0x00000004
145USER_ALL_PRIMARYGROUPID = 0x00000008
146USER_ALL_ADMINCOMMENT = 0x00000010
147USER_ALL_USERCOMMENT = 0x00000020
148USER_ALL_HOMEDIRECTORY = 0x00000040
149USER_ALL_HOMEDIRECTORYDRIVE = 0x00000080
150USER_ALL_SCRIPTPATH = 0x00000100
151USER_ALL_PROFILEPATH = 0x00000200
152USER_ALL_WORKSTATIONS = 0x00000400
153USER_ALL_LASTLOGON = 0x00000800
154USER_ALL_LASTLOGOFF = 0x00001000
155USER_ALL_LOGONHOURS = 0x00002000
156USER_ALL_BADPASSWORDCOUNT = 0x00004000
157USER_ALL_LOGONCOUNT = 0x00008000
158USER_ALL_PASSWORDCANCHANGE = 0x00010000
159USER_ALL_PASSWORDMUSTCHANGE = 0x00020000
160USER_ALL_PASSWORDLASTSET = 0x00040000
161USER_ALL_ACCOUNTEXPIRES = 0x00080000
162USER_ALL_USERACCOUNTCONTROL = 0x00100000
163USER_ALL_PARAMETERS = 0x00200000
164USER_ALL_COUNTRYCODE = 0x00400000
165USER_ALL_CODEPAGE = 0x00800000
166USER_ALL_NTPASSWORDPRESENT = 0x01000000
167USER_ALL_LMPASSWORDPRESENT = 0x02000000
168USER_ALL_PRIVATEDATA = 0x04000000
169USER_ALL_PASSWORDEXPIRED = 0x08000000
170USER_ALL_SECURITYDESCRIPTOR = 0x10000000
171USER_ALL_UNDEFINED_MASK = 0xC0000000
173# 2.2.1.9 ACCOUNT_TYPE Values
174SAM_DOMAIN_OBJECT = 0x00000000
175SAM_GROUP_OBJECT = 0x10000000
176SAM_NON_SECURITY_GROUP_OBJECT = 0x10000001
177SAM_ALIAS_OBJECT = 0x20000000
178SAM_NON_SECURITY_ALIAS_OBJECT = 0x20000001
179SAM_USER_OBJECT = 0x30000000
180SAM_MACHINE_ACCOUNT = 0x30000001
181SAM_TRUST_ACCOUNT = 0x30000002
182SAM_APP_BASIC_GROUP = 0x40000000
183SAM_APP_QUERY_GROUP = 0x40000001
185# 2.2.1.10 SE_GROUP Attributes
186SE_GROUP_MANDATORY = 0x00000001
187SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002
188SE_GROUP_ENABLED = 0x00000004
190# 2.2.1.11 GROUP_TYPE Codes
191GROUP_TYPE_ACCOUNT_GROUP = 0x00000002
192GROUP_TYPE_RESOURCE_GROUP = 0x00000004
193GROUP_TYPE_UNIVERSAL_GROUP = 0x00000008
194GROUP_TYPE_SECURITY_ENABLED = 0x80000000
195GROUP_TYPE_SECURITY_ACCOUNT = 0x80000002
196GROUP_TYPE_SECURITY_RESOURCE = 0x80000004
197GROUP_TYPE_SECURITY_UNIVERSAL = 0x80000008
199# 2.2.1.12 USER_ACCOUNT Codes
200USER_ACCOUNT_DISABLED = 0x00000001
201USER_HOME_DIRECTORY_REQUIRED = 0x00000002
202USER_PASSWORD_NOT_REQUIRED = 0x00000004
203USER_TEMP_DUPLICATE_ACCOUNT = 0x00000008
204USER_NORMAL_ACCOUNT = 0x00000010
205USER_MNS_LOGON_ACCOUNT = 0x00000020
206USER_INTERDOMAIN_TRUST_ACCOUNT = 0x00000040
207USER_WORKSTATION_TRUST_ACCOUNT = 0x00000080
208USER_SERVER_TRUST_ACCOUNT = 0x00000100
209USER_DONT_EXPIRE_PASSWORD = 0x00000200
210USER_ACCOUNT_AUTO_LOCKED = 0x00000400
211USER_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0x00000800
212USER_SMARTCARD_REQUIRED = 0x00001000
213USER_TRUSTED_FOR_DELEGATION = 0x00002000
214USER_NOT_DELEGATED = 0x00004000
215USER_USE_DES_KEY_ONLY = 0x00008000
216USER_DONT_REQUIRE_PREAUTH = 0x00010000
217USER_PASSWORD_EXPIRED = 0x00020000
218USER_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x00040000
219USER_NO_AUTH_DATA_REQUIRED = 0x00080000
220USER_PARTIAL_SECRETS_ACCOUNT = 0x00100000
221USER_USE_AES_KEYS = 0x00200000
223# 2.2.1.13 UF_FLAG Codes
224UF_SCRIPT = 0x00000001
225UF_ACCOUNTDISABLE = 0x00000002
226UF_HOMEDIR_REQUIRED = 0x00000008
227UF_LOCKOUT = 0x00000010
228UF_PASSWD_NOTREQD = 0x00000020
229UF_PASSWD_CANT_CHANGE = 0x00000040
230UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0x00000080
231UF_TEMP_DUPLICATE_ACCOUNT = 0x00000100
232UF_NORMAL_ACCOUNT = 0x00000200
233UF_INTERDOMAIN_TRUST_ACCOUNT = 0x00000800
234UF_WORKSTATION_TRUST_ACCOUNT = 0x00001000
235UF_SERVER_TRUST_ACCOUNT = 0x00002000
236UF_DONT_EXPIRE_PASSWD = 0x00010000
237UF_MNS_LOGON_ACCOUNT = 0x00020000
238UF_SMARTCARD_REQUIRED = 0x00040000
239UF_TRUSTED_FOR_DELEGATION = 0x00080000
240UF_NOT_DELEGATED = 0x00100000
241UF_USE_DES_KEY_ONLY = 0x00200000
242UF_DONT_REQUIRE_PREAUTH = 0x00400000
243UF_PASSWORD_EXPIRED = 0x00800000
244UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x01000000
245UF_NO_AUTH_DATA_REQUIRED = 0x02000000
246UF_PARTIAL_SECRETS_ACCOUNT = 0x04000000
247UF_USE_AES_KEYS = 0x08000000
249# 2.2.1.14 Predefined RIDs
250DOMAIN_USER_RID_ADMIN = 0x000001F4
251DOMAIN_USER_RID_GUEST = 0x000001F5
252DOMAIN_USER_RID_KRBTGT = 0x000001F6
253DOMAIN_GROUP_RID_ADMINS = 0x00000200
254DOMAIN_GROUP_RID_USERS = 0x00000201
255DOMAIN_GROUP_RID_COMPUTERS = 0x00000203
256DOMAIN_GROUP_RID_CONTROLLERS = 0x00000204
257DOMAIN_ALIAS_RID_ADMINS = 0x00000220
258DOMAIN_GROUP_RID_READONLY_CONTROLLERS = 0x00000209
260# 2.2.4.1 Domain Fields
261DOMAIN_PASSWORD_COMPLEX = 0x00000001
262DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002
263DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004
264DOMAIN_LOCKOUT_ADMINS = 0x00000008
265DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010
266DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020
268# 2.2.9.2 SAM_VALIDATE_PERSISTED_FIELDS PresentFields
269SAM_VALIDATE_PASSWORD_LAST_SET = 0x00000001
270SAM_VALIDATE_BAD_PASSWORD_TIME = 0x00000002
271SAM_VALIDATE_LOCKOUT_TIME = 0x00000004
272SAM_VALIDATE_BAD_PASSWORD_COUNT = 0x00000008
273SAM_VALIDATE_PASSWORD_HISTORY_LENGTH = 0x00000010
274SAM_VALIDATE_PASSWORD_HISTORY = 0x00000020
276################################################################################
277# STRUCTURES
278################################################################################
279class RPC_UNICODE_STRING_ARRAY(NDRUniConformantVaryingArray):
280 item = RPC_UNICODE_STRING
282class RPC_UNICODE_STRING_ARRAY_C(NDRUniConformantArray):
283 item = RPC_UNICODE_STRING
285class PRPC_UNICODE_STRING_ARRAY(NDRPOINTER):
286 referent = (
287 ('Data',RPC_UNICODE_STRING_ARRAY_C),
288 )
290# 2.2.2.1 RPC_STRING, PRPC_STRING
291class RPC_STRING(NDRSTRUCT):
292 commonHdr = (
293 ('MaximumLength','<H=len(Data)-12'),
294 ('Length','<H=len(Data)-12'),
295 ('ReferentID','<L=0xff'),
296 )
297 commonHdr64 = (
298 ('MaximumLength','<H=len(Data)-24'),
299 ('Length','<H=len(Data)-24'),
300 ('ReferentID','<Q=0xff'),
301 )
303 referent = (
304 ('Data',STR),
305 )
307 def dump(self, msg = None, indent = 0):
308 if msg is None: 308 ↛ 309line 308 didn't jump to line 309, because the condition on line 308 was never true
309 msg = self.__class__.__name__
310 if msg != '': 310 ↛ 313line 310 didn't jump to line 313, because the condition on line 310 was never false
311 print("%s" % msg, end=' ')
312 # Here just print the data
313 print(" %r" % (self['Data']), end=' ')
315class PRPC_STRING(NDRPOINTER):
316 referent = (
317 ('Data', RPC_STRING),
318 )
320# 2.2.2.2 OLD_LARGE_INTEGER
321class OLD_LARGE_INTEGER(NDRSTRUCT):
322 structure = (
323 ('LowPart',ULONG),
324 ('HighPart',LONG),
325 )
327# 2.2.2.3 SID_NAME_USE
328class SID_NAME_USE(NDRENUM):
329 class enumItems(Enum):
330 SidTypeUser = 1
331 SidTypeGroup = 2
332 SidTypeDomain = 3
333 SidTypeAlias = 4
334 SidTypeWellKnownGroup = 5
335 SidTypeDeletedAccount = 6
336 SidTypeInvalid = 7
337 SidTypeUnknown = 8
338 SidTypeComputer = 9
339 SidTypeLabel = 10
341# 2.2.2.4 RPC_SHORT_BLOB
342class USHORT_ARRAY(NDRUniConformantVaryingArray):
343 item = '<H'
344 pass
346class PUSHORT_ARRAY(NDRPOINTER):
347 referent = (
348 ('Data', USHORT_ARRAY),
349 )
351class RPC_SHORT_BLOB(NDRSTRUCT):
352 structure = (
353 ('Length', USHORT),
354 ('MaximumLength', USHORT),
355 ('Buffer',PUSHORT_ARRAY),
356 )
358# 2.2.3.2 SAMPR_HANDLE
359class SAMPR_HANDLE(NDRSTRUCT):
360 structure = (
361 ('Data','20s=b""'),
362 )
363 def getAlignment(self):
364 if self._isNDR64 is True:
365 return 8
366 else:
367 return 4
369# 2.2.3.3 ENCRYPTED_LM_OWF_PASSWORD, ENCRYPTED_NT_OWF_PASSWORD
370class ENCRYPTED_LM_OWF_PASSWORD(NDRSTRUCT):
371 structure = (
372 ('Data', '16s=b""'),
373 )
374 def getAlignment(self):
375 return 1
377ENCRYPTED_NT_OWF_PASSWORD = ENCRYPTED_LM_OWF_PASSWORD
379class PENCRYPTED_LM_OWF_PASSWORD(NDRPOINTER):
380 referent = (
381 ('Data', ENCRYPTED_LM_OWF_PASSWORD),
382 )
384PENCRYPTED_NT_OWF_PASSWORD = PENCRYPTED_LM_OWF_PASSWORD
386# 2.2.3.4 SAMPR_ULONG_ARRAY
387#class SAMPR_ULONG_ARRAY(NDRUniConformantVaryingArray):
388# item = '<L'
389class ULONG_ARRAY(NDRUniConformantArray):
390 item = ULONG
392class PULONG_ARRAY(NDRPOINTER):
393 referent = (
394 ('Data', ULONG_ARRAY),
395 )
397class ULONG_ARRAY_CV(NDRUniConformantVaryingArray):
398 item = ULONG
400class SAMPR_ULONG_ARRAY(NDRSTRUCT):
401 structure = (
402 ('Count', ULONG),
403 ('Element', PULONG_ARRAY),
404 )
406# 2.2.3.5 SAMPR_SID_INFORMATION
407class SAMPR_SID_INFORMATION(NDRSTRUCT):
408 structure = (
409 ('SidPointer', RPC_SID),
410 )
412class PSAMPR_SID_INFORMATION(NDRPOINTER):
413 referent = (
414 ('Data', SAMPR_SID_INFORMATION),
415 )
417class SAMPR_SID_INFORMATION_ARRAY(NDRUniConformantArray):
418 item = PSAMPR_SID_INFORMATION
420class PSAMPR_SID_INFORMATION_ARRAY(NDRPOINTER):
421 referent = (
422 ('Data', SAMPR_SID_INFORMATION_ARRAY),
423 )
425# 2.2.3.6 SAMPR_PSID_ARRAY
426class SAMPR_PSID_ARRAY(NDRSTRUCT):
427 structure = (
428 ('Count', ULONG),
429 ('Sids', PSAMPR_SID_INFORMATION_ARRAY),
430 )
432# 2.2.3.7 SAMPR_PSID_ARRAY_OUT
433class SAMPR_PSID_ARRAY_OUT(NDRSTRUCT):
434 structure = (
435 ('Count', ULONG),
436 ('Sids', PSAMPR_SID_INFORMATION_ARRAY),
437 )
439# 2.2.3.8 SAMPR_RETURNED_USTRING_ARRAY
440class SAMPR_RETURNED_USTRING_ARRAY(NDRSTRUCT):
441 structure = (
442 ('Count', ULONG),
443 ('Element', PRPC_UNICODE_STRING_ARRAY),
444 )
446# 2.2.3.9 SAMPR_RID_ENUMERATION
447class SAMPR_RID_ENUMERATION(NDRSTRUCT):
448 structure = (
449 ('RelativeId',ULONG),
450 ('Name',RPC_UNICODE_STRING),
451 )
453class SAMPR_RID_ENUMERATION_ARRAY(NDRUniConformantArray):
454 item = SAMPR_RID_ENUMERATION
456class PSAMPR_RID_ENUMERATION_ARRAY(NDRPOINTER):
457 referent = (
458 ('Data', SAMPR_RID_ENUMERATION_ARRAY),
459 )
461# 2.2.3.10 SAMPR_ENUMERATION_BUFFER
462class SAMPR_ENUMERATION_BUFFER(NDRSTRUCT):
463 structure = (
464 ('EntriesRead',ULONG ),
465 ('Buffer',PSAMPR_RID_ENUMERATION_ARRAY ),
466 )
468class PSAMPR_ENUMERATION_BUFFER(NDRPOINTER):
469 referent = (
470 ('Data',SAMPR_ENUMERATION_BUFFER),
471 )
473# 2.2.3.11 SAMPR_SR_SECURITY_DESCRIPTOR
474class CHAR_ARRAY(NDRUniConformantArray):
475 pass
477class PCHAR_ARRAY(NDRPOINTER):
478 referent = (
479 ('Data', CHAR_ARRAY),
480 )
482class SAMPR_SR_SECURITY_DESCRIPTOR(NDRSTRUCT):
483 structure = (
484 ('Length', ULONG),
485 ('SecurityDescriptor', PCHAR_ARRAY),
486 )
488class PSAMPR_SR_SECURITY_DESCRIPTOR(NDRPOINTER):
489 referent = (
490 ('Data', SAMPR_SR_SECURITY_DESCRIPTOR),
491 )
493# 2.2.3.12 GROUP_MEMBERSHIP
494class GROUP_MEMBERSHIP(NDRSTRUCT):
495 structure = (
496 ('RelativeId',ULONG),
497 ('Attributes',ULONG),
498 )
500class GROUP_MEMBERSHIP_ARRAY(NDRUniConformantArray):
501 item = GROUP_MEMBERSHIP
503class PGROUP_MEMBERSHIP_ARRAY(NDRPOINTER):
504 referent = (
505 ('Data',GROUP_MEMBERSHIP_ARRAY),
506 )
508# 2.2.3.13 SAMPR_GET_GROUPS_BUFFER
509class SAMPR_GET_GROUPS_BUFFER(NDRSTRUCT):
510 structure = (
511 ('MembershipCount',ULONG),
512 ('Groups',PGROUP_MEMBERSHIP_ARRAY),
513 )
515class PSAMPR_GET_GROUPS_BUFFER(NDRPOINTER):
516 referent = (
517 ('Data',SAMPR_GET_GROUPS_BUFFER),
518 )
520# 2.2.3.14 SAMPR_GET_MEMBERS_BUFFER
521class SAMPR_GET_MEMBERS_BUFFER(NDRSTRUCT):
522 structure = (
523 ('MemberCount', ULONG),
524 ('Members', PULONG_ARRAY),
525 ('Attributes', PULONG_ARRAY),
526 )
528class PSAMPR_GET_MEMBERS_BUFFER(NDRPOINTER):
529 referent = (
530 ('Data', SAMPR_GET_MEMBERS_BUFFER),
531 )
533# 2.2.3.15 SAMPR_REVISION_INFO_V1
534class SAMPR_REVISION_INFO_V1(NDRSTRUCT):
535 structure = (
536 ('Revision',ULONG),
537 ('SupportedFeatures',ULONG),
538 )
540# 2.2.3.16 SAMPR_REVISION_INFO
541class SAMPR_REVISION_INFO(NDRUNION):
542 commonHdr = (
543 ('tag', ULONG),
544 )
546 union = {
547 1: ('V1', SAMPR_REVISION_INFO_V1),
548 }
550# 2.2.3.17 USER_DOMAIN_PASSWORD_INFORMATION
551class USER_DOMAIN_PASSWORD_INFORMATION(NDRSTRUCT):
552 structure = (
553 ('MinPasswordLength', USHORT),
554 ('PasswordProperties', ULONG),
555 )
557# 2.2.4.2 DOMAIN_SERVER_ENABLE_STATE
558class DOMAIN_SERVER_ENABLE_STATE(NDRENUM):
559 class enumItems(Enum):
560 DomainServerEnabled = 1
561 DomainServerDisabled = 2
563# 2.2.4.3 DOMAIN_STATE_INFORMATION
564class DOMAIN_STATE_INFORMATION(NDRSTRUCT):
565 structure = (
566 ('DomainServerState', DOMAIN_SERVER_ENABLE_STATE),
567 )
569# 2.2.4.4 DOMAIN_SERVER_ROLE
570class DOMAIN_SERVER_ROLE(NDRENUM):
571 class enumItems(Enum):
572 DomainServerRoleBackup = 2
573 DomainServerRolePrimary = 3
575# 2.2.4.5 DOMAIN_PASSWORD_INFORMATION
576class DOMAIN_PASSWORD_INFORMATION(NDRSTRUCT):
577 structure = (
578 ('MinPasswordLength', USHORT),
579 ('PasswordHistoryLength', USHORT),
580 ('PasswordProperties', ULONG),
581 ('MaxPasswordAge', OLD_LARGE_INTEGER),
582 ('MinPasswordAge', OLD_LARGE_INTEGER),
583 )
585# 2.2.4.6 DOMAIN_LOGOFF_INFORMATION
586class DOMAIN_LOGOFF_INFORMATION(NDRSTRUCT):
587 structure = (
588 ('ForceLogoff', OLD_LARGE_INTEGER),
589 )
591# 2.2.4.7 DOMAIN_SERVER_ROLE_INFORMATION
592class DOMAIN_SERVER_ROLE_INFORMATION(NDRSTRUCT):
593 structure = (
594 ('DomainServerRole', DOMAIN_SERVER_ROLE),
595 )
597# 2.2.4.8 DOMAIN_MODIFIED_INFORMATION
598class DOMAIN_MODIFIED_INFORMATION(NDRSTRUCT):
599 structure = (
600 ('DomainModifiedCount', OLD_LARGE_INTEGER),
601 ('CreationTime', OLD_LARGE_INTEGER),
602 )
604# 2.2.4.9 DOMAIN_MODIFIED_INFORMATION2
605class DOMAIN_MODIFIED_INFORMATION2(NDRSTRUCT):
606 structure = (
607 ('DomainModifiedCount', OLD_LARGE_INTEGER),
608 ('CreationTime', OLD_LARGE_INTEGER),
609 ('ModifiedCountAtLastPromotion', OLD_LARGE_INTEGER),
610 )
612# 2.2.4.10 SAMPR_DOMAIN_GENERAL_INFORMATION
613class SAMPR_DOMAIN_GENERAL_INFORMATION(NDRSTRUCT):
614 structure = (
615 ('ForceLogoff', OLD_LARGE_INTEGER),
616 ('OemInformation', RPC_UNICODE_STRING),
617 ('DomainName', RPC_UNICODE_STRING),
618 ('ReplicaSourceNodeName', RPC_UNICODE_STRING),
619 ('DomainModifiedCount', OLD_LARGE_INTEGER),
620 ('DomainServerState', ULONG),
621 ('DomainServerRole', ULONG),
622 ('UasCompatibilityRequired', UCHAR),
623 ('UserCount', ULONG),
624 ('GroupCount', ULONG),
625 ('AliasCount', ULONG),
626 )
628# 2.2.4.11 SAMPR_DOMAIN_GENERAL_INFORMATION2
629class SAMPR_DOMAIN_GENERAL_INFORMATION2(NDRSTRUCT):
630 structure = (
631 ('I1', SAMPR_DOMAIN_GENERAL_INFORMATION),
632 ('LockoutDuration', LARGE_INTEGER),
633 ('LockoutObservationWindow', LARGE_INTEGER),
634 ('LockoutThreshold', USHORT),
635 )
637# 2.2.4.12 SAMPR_DOMAIN_OEM_INFORMATION
638class SAMPR_DOMAIN_OEM_INFORMATION(NDRSTRUCT):
639 structure = (
640 ('OemInformation', RPC_UNICODE_STRING),
641 )
643# 2.2.4.13 SAMPR_DOMAIN_NAME_INFORMATION
644class SAMPR_DOMAIN_NAME_INFORMATION(NDRSTRUCT):
645 structure = (
646 ('DomainName', RPC_UNICODE_STRING),
647 )
649# 2.2.4.14 SAMPR_DOMAIN_REPLICATION_INFORMATION
650class SAMPR_DOMAIN_REPLICATION_INFORMATION(NDRSTRUCT):
651 structure = (
652 ('ReplicaSourceNodeName', RPC_UNICODE_STRING),
653 )
655# 2.2.4.15 SAMPR_DOMAIN_LOCKOUT_INFORMATION
656class SAMPR_DOMAIN_LOCKOUT_INFORMATION(NDRSTRUCT):
657 structure = (
658 ('LockoutDuration', LARGE_INTEGER),
659 ('LockoutObservationWindow', LARGE_INTEGER),
660 ('LockoutThreshold', USHORT),
661 )
663# 2.2.4.16 DOMAIN_INFORMATION_CLASS
664class DOMAIN_INFORMATION_CLASS(NDRENUM):
665 class enumItems(Enum):
666 DomainPasswordInformation = 1
667 DomainGeneralInformation = 2
668 DomainLogoffInformation = 3
669 DomainOemInformation = 4
670 DomainNameInformation = 5
671 DomainReplicationInformation = 6
672 DomainServerRoleInformation = 7
673 DomainModifiedInformation = 8
674 DomainStateInformation = 9
675 DomainGeneralInformation2 = 11
676 DomainLockoutInformation = 12
677 DomainModifiedInformation2 = 13
679# 2.2.4.17 SAMPR_DOMAIN_INFO_BUFFER
680class SAMPR_DOMAIN_INFO_BUFFER(NDRUNION):
681 union = {
682 DOMAIN_INFORMATION_CLASS.DomainPasswordInformation : ('Password', DOMAIN_PASSWORD_INFORMATION),
683 DOMAIN_INFORMATION_CLASS.DomainGeneralInformation : ('General', SAMPR_DOMAIN_GENERAL_INFORMATION),
684 DOMAIN_INFORMATION_CLASS.DomainLogoffInformation : ('Logoff', DOMAIN_LOGOFF_INFORMATION),
685 DOMAIN_INFORMATION_CLASS.DomainOemInformation : ('Oem', SAMPR_DOMAIN_OEM_INFORMATION),
686 DOMAIN_INFORMATION_CLASS.DomainNameInformation : ('Name', SAMPR_DOMAIN_NAME_INFORMATION),
687 DOMAIN_INFORMATION_CLASS.DomainServerRoleInformation : ('Role', DOMAIN_SERVER_ROLE_INFORMATION),
688 DOMAIN_INFORMATION_CLASS.DomainReplicationInformation : ('Replication', SAMPR_DOMAIN_REPLICATION_INFORMATION),
689 DOMAIN_INFORMATION_CLASS.DomainModifiedInformation : ('Modified', DOMAIN_MODIFIED_INFORMATION),
690 DOMAIN_INFORMATION_CLASS.DomainStateInformation : ('State', DOMAIN_STATE_INFORMATION),
691 DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2 : ('General2', SAMPR_DOMAIN_GENERAL_INFORMATION2),
692 DOMAIN_INFORMATION_CLASS.DomainLockoutInformation : ('Lockout', SAMPR_DOMAIN_LOCKOUT_INFORMATION),
693 DOMAIN_INFORMATION_CLASS.DomainModifiedInformation2 : ('Modified2', DOMAIN_MODIFIED_INFORMATION2),
694 }
696class PSAMPR_DOMAIN_INFO_BUFFER(NDRPOINTER):
697 referent = (
698 ('Data', SAMPR_DOMAIN_INFO_BUFFER),
699 )
701# 2.2.5.2 GROUP_ATTRIBUTE_INFORMATION
702class GROUP_ATTRIBUTE_INFORMATION(NDRSTRUCT):
703 structure = (
704 ('Attributes', ULONG),
705 )
707# 2.2.5.3 SAMPR_GROUP_GENERAL_INFORMATION
708class SAMPR_GROUP_GENERAL_INFORMATION(NDRSTRUCT):
709 structure = (
710 ('Name', RPC_UNICODE_STRING),
711 ('Attributes', ULONG),
712 ('MemberCount', ULONG),
713 ('AdminComment', RPC_UNICODE_STRING),
714 )
716# 2.2.5.4 SAMPR_GROUP_NAME_INFORMATION
717class SAMPR_GROUP_NAME_INFORMATION(NDRSTRUCT):
718 structure = (
719 ('Name', RPC_UNICODE_STRING),
720 )
722# 2.2.5.5 SAMPR_GROUP_ADM_COMMENT_INFORMATION
723class SAMPR_GROUP_ADM_COMMENT_INFORMATION(NDRSTRUCT):
724 structure = (
725 ('AdminComment', RPC_UNICODE_STRING),
726 )
728# 2.2.5.6 GROUP_INFORMATION_CLASS
729class GROUP_INFORMATION_CLASS(NDRENUM):
730 class enumItems(Enum):
731 GroupGeneralInformation = 1
732 GroupNameInformation = 2
733 GroupAttributeInformation = 3
734 GroupAdminCommentInformation = 4
735 GroupReplicationInformation = 5
737# 2.2.5.7 SAMPR_GROUP_INFO_BUFFER
738class SAMPR_GROUP_INFO_BUFFER(NDRUNION):
739 union = {
740 GROUP_INFORMATION_CLASS.GroupGeneralInformation : ('General', SAMPR_GROUP_GENERAL_INFORMATION),
741 GROUP_INFORMATION_CLASS.GroupNameInformation : ('Name', SAMPR_GROUP_NAME_INFORMATION),
742 GROUP_INFORMATION_CLASS.GroupAttributeInformation : ('Attribute', GROUP_ATTRIBUTE_INFORMATION),
743 GROUP_INFORMATION_CLASS.GroupAdminCommentInformation : ('AdminComment', SAMPR_GROUP_ADM_COMMENT_INFORMATION),
744 GROUP_INFORMATION_CLASS.GroupReplicationInformation : ('DoNotUse', SAMPR_GROUP_GENERAL_INFORMATION),
745 }
747class PSAMPR_GROUP_INFO_BUFFER(NDRPOINTER):
748 referent = (
749 ('Data', SAMPR_GROUP_INFO_BUFFER),
750 )
752# 2.2.6.2 SAMPR_ALIAS_GENERAL_INFORMATION
753class SAMPR_ALIAS_GENERAL_INFORMATION(NDRSTRUCT):
754 structure = (
755 ('Name', RPC_UNICODE_STRING),
756 ('MemberCount', ULONG),
757 ('AdminComment', RPC_UNICODE_STRING),
758 )
760# 2.2.6.3 SAMPR_ALIAS_NAME_INFORMATION
761class SAMPR_ALIAS_NAME_INFORMATION(NDRSTRUCT):
762 structure = (
763 ('Name', RPC_UNICODE_STRING),
764 )
766# 2.2.6.4 SAMPR_ALIAS_ADM_COMMENT_INFORMATION
767class SAMPR_ALIAS_ADM_COMMENT_INFORMATION(NDRSTRUCT):
768 structure = (
769 ('AdminComment', RPC_UNICODE_STRING),
770 )
772# 2.2.6.5 ALIAS_INFORMATION_CLASS
773class ALIAS_INFORMATION_CLASS(NDRENUM):
774 class enumItems(Enum):
775 AliasGeneralInformation = 1
776 AliasNameInformation = 2
777 AliasAdminCommentInformation = 3
779# 2.2.6.6 SAMPR_ALIAS_INFO_BUFFER
780class SAMPR_ALIAS_INFO_BUFFER(NDRUNION):
781 union = {
782 ALIAS_INFORMATION_CLASS.AliasGeneralInformation : ('General', SAMPR_ALIAS_GENERAL_INFORMATION),
783 ALIAS_INFORMATION_CLASS.AliasNameInformation : ('Name', SAMPR_ALIAS_NAME_INFORMATION),
784 ALIAS_INFORMATION_CLASS.AliasAdminCommentInformation : ('AdminComment', SAMPR_ALIAS_ADM_COMMENT_INFORMATION),
785 }
787class PSAMPR_ALIAS_INFO_BUFFER(NDRPOINTER):
788 referent = (
789 ('Data', SAMPR_ALIAS_INFO_BUFFER),
790 )
792# 2.2.7.2 USER_PRIMARY_GROUP_INFORMATION
793class USER_PRIMARY_GROUP_INFORMATION(NDRSTRUCT):
794 structure = (
795 ('PrimaryGroupId', ULONG),
796 )
798# 2.2.7.3 USER_CONTROL_INFORMATION
799class USER_CONTROL_INFORMATION(NDRSTRUCT):
800 structure = (
801 ('UserAccountControl', ULONG),
802 )
804# 2.2.7.4 USER_EXPIRES_INFORMATION
805class USER_EXPIRES_INFORMATION(NDRSTRUCT):
806 structure = (
807 ('AccountExpires', OLD_LARGE_INTEGER),
808 )
810# 2.2.7.5 SAMPR_LOGON_HOURS
811class LOGON_HOURS_ARRAY(NDRUniConformantVaryingArray):
812 pass
814class PLOGON_HOURS_ARRAY(NDRPOINTER):
815 referent = (
816 ('Data', LOGON_HOURS_ARRAY),
817 )
819class SAMPR_LOGON_HOURS(NDRSTRUCT):
820 structure = (
821 #('UnitsPerWeek', NDRSHORT),
822 ('UnitsPerWeek', ULONG),
823 ('LogonHours', PLOGON_HOURS_ARRAY),
824 )
826 def getData(self, soFar = 0):
827 if self['LogonHours'] != 0:
828 self['UnitsPerWeek'] = len(self['LogonHours']) * 8
829 return NDR.getData(self, soFar)
831# 2.2.7.6 SAMPR_USER_ALL_INFORMATION
832class SAMPR_USER_ALL_INFORMATION(NDRSTRUCT):
833 structure = (
834 ('LastLogon', OLD_LARGE_INTEGER),
835 ('LastLogoff', OLD_LARGE_INTEGER),
836 ('PasswordLastSet', OLD_LARGE_INTEGER),
837 ('AccountExpires', OLD_LARGE_INTEGER),
838 ('PasswordCanChange', OLD_LARGE_INTEGER),
839 ('PasswordMustChange', OLD_LARGE_INTEGER),
840 ('UserName', RPC_UNICODE_STRING),
841 ('FullName', RPC_UNICODE_STRING),
842 ('HomeDirectory', RPC_UNICODE_STRING),
843 ('HomeDirectoryDrive', RPC_UNICODE_STRING),
844 ('ScriptPath', RPC_UNICODE_STRING),
845 ('ProfilePath', RPC_UNICODE_STRING),
846 ('AdminComment', RPC_UNICODE_STRING),
847 ('WorkStations', RPC_UNICODE_STRING),
848 ('UserComment', RPC_UNICODE_STRING),
849 ('Parameters', RPC_UNICODE_STRING),
851 ('LmOwfPassword', RPC_SHORT_BLOB),
852 ('NtOwfPassword', RPC_SHORT_BLOB),
853 ('PrivateData', RPC_UNICODE_STRING),
855 ('SecurityDescriptor', SAMPR_SR_SECURITY_DESCRIPTOR),
857 ('UserId', ULONG),
858 ('PrimaryGroupId', ULONG),
859 ('UserAccountControl', ULONG),
860 ('WhichFields', ULONG),
861 ('LogonHours', SAMPR_LOGON_HOURS),
862 ('BadPasswordCount', USHORT),
863 ('LogonCount', USHORT),
864 ('CountryCode', USHORT),
865 ('CodePage', USHORT),
866 ('LmPasswordPresent', UCHAR),
867 ('NtPasswordPresent', UCHAR),
868 ('PasswordExpired', UCHAR),
869 ('PrivateDataSensitive', UCHAR),
870 )
872# 2.2.7.7 SAMPR_USER_GENERAL_INFORMATION
873class SAMPR_USER_GENERAL_INFORMATION(NDRSTRUCT):
874 structure = (
875 ('UserName', RPC_UNICODE_STRING),
876 ('FullName', RPC_UNICODE_STRING),
877 ('PrimaryGroupId', ULONG),
878 ('AdminComment', RPC_UNICODE_STRING),
879 ('UserComment', RPC_UNICODE_STRING),
880 )
882# 2.2.7.8 SAMPR_USER_PREFERENCES_INFORMATION
883class SAMPR_USER_PREFERENCES_INFORMATION(NDRSTRUCT):
884 structure = (
885 ('UserComment', RPC_UNICODE_STRING),
886 ('Reserved1', RPC_UNICODE_STRING),
887 ('CountryCode', USHORT),
888 ('CodePage', USHORT),
889 )
891# 2.2.7.9 SAMPR_USER_PARAMETERS_INFORMATION
892class SAMPR_USER_PARAMETERS_INFORMATION(NDRSTRUCT):
893 structure = (
894 ('Parameters', RPC_UNICODE_STRING),
895 )
897# 2.2.7.10 SAMPR_USER_LOGON_INFORMATION
898class SAMPR_USER_LOGON_INFORMATION(NDRSTRUCT):
899 structure = (
900 ('UserName', RPC_UNICODE_STRING),
901 ('FullName', RPC_UNICODE_STRING),
902 ('UserId', ULONG),
903 ('PrimaryGroupId', ULONG),
904 ('HomeDirectory', RPC_UNICODE_STRING),
905 ('HomeDirectoryDrive', RPC_UNICODE_STRING),
906 ('ScriptPath', RPC_UNICODE_STRING),
907 ('ProfilePath', RPC_UNICODE_STRING),
908 ('WorkStations', RPC_UNICODE_STRING),
909 ('LastLogon', OLD_LARGE_INTEGER),
910 ('LastLogoff', OLD_LARGE_INTEGER),
911 ('PasswordLastSet', OLD_LARGE_INTEGER),
912 ('PasswordCanChange', OLD_LARGE_INTEGER),
913 ('PasswordMustChange', OLD_LARGE_INTEGER),
914 ('LogonHours', SAMPR_LOGON_HOURS),
915 ('BadPasswordCount', USHORT),
916 ('LogonCount', USHORT),
917 ('UserAccountControl', ULONG),
918 )
920# 2.2.7.11 SAMPR_USER_ACCOUNT_INFORMATION
921class SAMPR_USER_ACCOUNT_INFORMATION(NDRSTRUCT):
922 structure = (
923 ('UserName', RPC_UNICODE_STRING),
924 ('FullName', RPC_UNICODE_STRING),
925 ('UserId', ULONG),
926 ('PrimaryGroupId', ULONG),
927 ('HomeDirectory', RPC_UNICODE_STRING),
928 ('HomeDirectoryDrive', RPC_UNICODE_STRING),
929 ('ScriptPath', RPC_UNICODE_STRING),
930 ('ProfilePath', RPC_UNICODE_STRING),
931 ('AdminComment', RPC_UNICODE_STRING),
932 ('WorkStations', RPC_UNICODE_STRING),
933 ('LastLogon', OLD_LARGE_INTEGER),
934 ('LastLogoff', OLD_LARGE_INTEGER),
935 ('LogonHours', SAMPR_LOGON_HOURS),
936 ('BadPasswordCount', USHORT),
937 ('LogonCount', USHORT),
938 ('PasswordLastSet', OLD_LARGE_INTEGER),
939 ('AccountExpires', OLD_LARGE_INTEGER),
940 ('UserAccountControl', ULONG)
941 )
943# 2.2.7.12 SAMPR_USER_A_NAME_INFORMATION
944class SAMPR_USER_A_NAME_INFORMATION(NDRSTRUCT):
945 structure = (
946 ('UserName', RPC_UNICODE_STRING),
947 )
949# 2.2.7.13 SAMPR_USER_F_NAME_INFORMATION
950class SAMPR_USER_F_NAME_INFORMATION(NDRSTRUCT):
951 structure = (
952 ('FullName', RPC_UNICODE_STRING),
953 )
955# 2.2.7.14 SAMPR_USER_NAME_INFORMATION
956class SAMPR_USER_NAME_INFORMATION(NDRSTRUCT):
957 structure = (
958 ('UserName', RPC_UNICODE_STRING),
959 ('FullName', RPC_UNICODE_STRING),
960 )
962# 2.2.7.15 SAMPR_USER_HOME_INFORMATION
963class SAMPR_USER_HOME_INFORMATION(NDRSTRUCT):
964 structure = (
965 ('HomeDirectory', RPC_UNICODE_STRING),
966 ('HomeDirectoryDrive', RPC_UNICODE_STRING),
967 )
969# 2.2.7.16 SAMPR_USER_SCRIPT_INFORMATION
970class SAMPR_USER_SCRIPT_INFORMATION(NDRSTRUCT):
971 structure = (
972 ('ScriptPath', RPC_UNICODE_STRING),
973 )
975# 2.2.7.17 SAMPR_USER_PROFILE_INFORMATION
976class SAMPR_USER_PROFILE_INFORMATION(NDRSTRUCT):
977 structure = (
978 ('ProfilePath', RPC_UNICODE_STRING),
979 )
981# 2.2.7.18 SAMPR_USER_ADMIN_COMMENT_INFORMATION
982class SAMPR_USER_ADMIN_COMMENT_INFORMATION(NDRSTRUCT):
983 structure = (
984 ('AdminComment', RPC_UNICODE_STRING),
985 )
987# 2.2.7.19 SAMPR_USER_WORKSTATIONS_INFORMATION
988class SAMPR_USER_WORKSTATIONS_INFORMATION(NDRSTRUCT):
989 structure = (
990 ('WorkStations', RPC_UNICODE_STRING),
991 )
993# 2.2.7.20 SAMPR_USER_LOGON_HOURS_INFORMATION
994class SAMPR_USER_LOGON_HOURS_INFORMATION(NDRSTRUCT):
995 structure = (
996 ('LogonHours', SAMPR_LOGON_HOURS),
997 )
999# 2.2.7.21 SAMPR_ENCRYPTED_USER_PASSWORD
1000class SAMPR_USER_PASSWORD(NDRSTRUCT):
1001 structure = (
1002 ('Buffer', '512s=b""'),
1003 ('Length', ULONG),
1004 )
1005 def getAlignment(self):
1006 return 4
1009class SAMPR_ENCRYPTED_USER_PASSWORD(NDRSTRUCT):
1010 structure = (
1011 ('Buffer', '516s=b""'),
1012 )
1013 def getAlignment(self):
1014 return 1
1016class PSAMPR_ENCRYPTED_USER_PASSWORD(NDRPOINTER):
1017 referent = (
1018 ('Data', SAMPR_ENCRYPTED_USER_PASSWORD),
1019 )
1021# 2.2.7.22 SAMPR_ENCRYPTED_USER_PASSWORD_NEW
1022class SAMPR_ENCRYPTED_USER_PASSWORD_NEW(NDRSTRUCT):
1023 structure = (
1024 ('Buffer', '532s=b""'),
1025 )
1026 def getAlignment(self):
1027 return 1
1029# 2.2.7.23 SAMPR_USER_INTERNAL1_INFORMATION
1030class SAMPR_USER_INTERNAL1_INFORMATION(NDRSTRUCT):
1031 structure = (
1032 ('EncryptedNtOwfPassword', ENCRYPTED_NT_OWF_PASSWORD),
1033 ('EncryptedLmOwfPassword', ENCRYPTED_LM_OWF_PASSWORD),
1034 ('NtPasswordPresent', UCHAR),
1035 ('LmPasswordPresent', UCHAR),
1036 ('PasswordExpired', UCHAR),
1037 )
1039# 2.2.7.24 SAMPR_USER_INTERNAL4_INFORMATION
1040class SAMPR_USER_INTERNAL4_INFORMATION(NDRSTRUCT):
1041 structure = (
1042 ('I1', SAMPR_USER_ALL_INFORMATION),
1043 ('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD),
1044 )
1046# 2.2.7.25 SAMPR_USER_INTERNAL4_INFORMATION_NEW
1047class SAMPR_USER_INTERNAL4_INFORMATION_NEW(NDRSTRUCT):
1048 structure = (
1049 ('I1', SAMPR_USER_ALL_INFORMATION),
1050 ('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD_NEW),
1051 )
1053# 2.2.7.26 SAMPR_USER_INTERNAL5_INFORMATION
1054class SAMPR_USER_INTERNAL5_INFORMATION(NDRSTRUCT):
1055 structure = (
1056 ('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD),
1057 ('PasswordExpired', UCHAR),
1058 )
1060# 2.2.7.27 SAMPR_USER_INTERNAL5_INFORMATION_NEW
1061class SAMPR_USER_INTERNAL5_INFORMATION_NEW(NDRSTRUCT):
1062 structure = (
1063 ('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD_NEW),
1064 ('PasswordExpired', UCHAR),
1065 )
1067# 2.2.7.28 USER_INFORMATION_CLASS
1068class USER_INFORMATION_CLASS(NDRENUM):
1069 class enumItems(Enum):
1070 UserGeneralInformation = 1
1071 UserPreferencesInformation = 2
1072 UserLogonInformation = 3
1073 UserLogonHoursInformation = 4
1074 UserAccountInformation = 5
1075 UserNameInformation = 6
1076 UserAccountNameInformation = 7
1077 UserFullNameInformation = 8
1078 UserPrimaryGroupInformation = 9
1079 UserHomeInformation = 10
1080 UserScriptInformation = 11
1081 UserProfileInformation = 12
1082 UserAdminCommentInformation = 13
1083 UserWorkStationsInformation = 14
1084 UserControlInformation = 16
1085 UserExpiresInformation = 17
1086 UserInternal1Information = 18
1087 UserParametersInformation = 20
1088 UserAllInformation = 21
1089 UserInternal4Information = 23
1090 UserInternal5Information = 24
1091 UserInternal4InformationNew = 25
1092 UserInternal5InformationNew = 26
1094# 2.2.7.29 SAMPR_USER_INFO_BUFFER
1095class SAMPR_USER_INFO_BUFFER(NDRUNION):
1096 union = {
1097 USER_INFORMATION_CLASS.UserGeneralInformation : ('General', SAMPR_USER_GENERAL_INFORMATION),
1098 USER_INFORMATION_CLASS.UserPreferencesInformation : ('Preferences', SAMPR_USER_PREFERENCES_INFORMATION),
1099 USER_INFORMATION_CLASS.UserLogonInformation : ('Logon', SAMPR_USER_LOGON_INFORMATION),
1100 USER_INFORMATION_CLASS.UserLogonHoursInformation : ('LogonHours', SAMPR_USER_LOGON_HOURS_INFORMATION),
1101 USER_INFORMATION_CLASS.UserAccountInformation : ('Account', SAMPR_USER_ACCOUNT_INFORMATION),
1102 USER_INFORMATION_CLASS.UserNameInformation : ('Name', SAMPR_USER_NAME_INFORMATION),
1103 USER_INFORMATION_CLASS.UserAccountNameInformation : ('AccountName', SAMPR_USER_A_NAME_INFORMATION),
1104 USER_INFORMATION_CLASS.UserFullNameInformation : ('FullName', SAMPR_USER_F_NAME_INFORMATION),
1105 USER_INFORMATION_CLASS.UserPrimaryGroupInformation: ('PrimaryGroup', USER_PRIMARY_GROUP_INFORMATION),
1106 USER_INFORMATION_CLASS.UserHomeInformation : ('Home', SAMPR_USER_HOME_INFORMATION),
1107 USER_INFORMATION_CLASS.UserScriptInformation : ('Script', SAMPR_USER_SCRIPT_INFORMATION),
1108 USER_INFORMATION_CLASS.UserProfileInformation : ('Profile', SAMPR_USER_PROFILE_INFORMATION),
1109 USER_INFORMATION_CLASS.UserAdminCommentInformation: ('AdminComment', SAMPR_USER_ADMIN_COMMENT_INFORMATION),
1110 USER_INFORMATION_CLASS.UserWorkStationsInformation: ('WorkStations', SAMPR_USER_WORKSTATIONS_INFORMATION),
1111 USER_INFORMATION_CLASS.UserControlInformation : ('Control', USER_CONTROL_INFORMATION),
1112 USER_INFORMATION_CLASS.UserExpiresInformation : ('Expires', USER_EXPIRES_INFORMATION),
1113 USER_INFORMATION_CLASS.UserInternal1Information : ('Internal1', SAMPR_USER_INTERNAL1_INFORMATION),
1114 USER_INFORMATION_CLASS.UserParametersInformation : ('Parameters', SAMPR_USER_PARAMETERS_INFORMATION ),
1115 USER_INFORMATION_CLASS.UserAllInformation : ('All', SAMPR_USER_ALL_INFORMATION),
1116 USER_INFORMATION_CLASS.UserInternal4Information : ('Internal4', SAMPR_USER_INTERNAL4_INFORMATION),
1117 USER_INFORMATION_CLASS.UserInternal5Information : ('Internal5', SAMPR_USER_INTERNAL5_INFORMATION),
1118 USER_INFORMATION_CLASS.UserInternal4InformationNew: ('Internal4New', SAMPR_USER_INTERNAL4_INFORMATION_NEW),
1119 USER_INFORMATION_CLASS.UserInternal5InformationNew: ('Internal5New', SAMPR_USER_INTERNAL5_INFORMATION_NEW),
1120 }
1122class PSAMPR_USER_INFO_BUFFER(NDRPOINTER):
1123 referent = (
1124 ('Data', SAMPR_USER_INFO_BUFFER),
1125 )
1127class PSAMPR_SERVER_NAME2(NDRPOINTER):
1128 referent = (
1129 ('Data', '4s=b""'),
1130 )
1132# 2.2.8.2 SAMPR_DOMAIN_DISPLAY_USER
1133class SAMPR_DOMAIN_DISPLAY_USER(NDRSTRUCT):
1134 structure = (
1135 ('Index',ULONG),
1136 ('Rid',ULONG),
1137 ('AccountControl',ULONG),
1138 ('AccountName',RPC_UNICODE_STRING),
1139 ('AdminComment',RPC_UNICODE_STRING),
1140 ('FullName',RPC_UNICODE_STRING),
1141 )
1143class SAMPR_DOMAIN_DISPLAY_USER_ARRAY(NDRUniConformantArray):
1144 item = SAMPR_DOMAIN_DISPLAY_USER
1146class PSAMPR_DOMAIN_DISPLAY_USER_ARRAY(NDRPOINTER):
1147 referent = (
1148 ('Data',SAMPR_DOMAIN_DISPLAY_USER_ARRAY),
1149 )
1151# 2.2.8.3 SAMPR_DOMAIN_DISPLAY_MACHINE
1152class SAMPR_DOMAIN_DISPLAY_MACHINE(NDRSTRUCT):
1153 structure = (
1154 ('Index',ULONG),
1155 ('Rid',ULONG),
1156 ('AccountControl',ULONG),
1157 ('AccountName',RPC_UNICODE_STRING),
1158 ('AdminComment',RPC_UNICODE_STRING),
1159 )
1161class SAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY(NDRUniConformantArray):
1162 item = SAMPR_DOMAIN_DISPLAY_MACHINE
1164class PSAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY(NDRPOINTER):
1165 referent = (
1166 ('Data',SAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY),
1167 )
1169# 2.2.8.4 SAMPR_DOMAIN_DISPLAY_GROUP
1170class SAMPR_DOMAIN_DISPLAY_GROUP(NDRSTRUCT):
1171 structure = (
1172 ('Index',ULONG),
1173 ('Rid',ULONG),
1174 ('AccountControl',ULONG),
1175 ('AccountName',RPC_UNICODE_STRING),
1176 ('AdminComment',RPC_UNICODE_STRING),
1177 )
1179class SAMPR_DOMAIN_DISPLAY_GROUP_ARRAY(NDRUniConformantArray):
1180 item = SAMPR_DOMAIN_DISPLAY_GROUP
1182class PSAMPR_DOMAIN_DISPLAY_GROUP_ARRAY(NDRPOINTER):
1183 referent = (
1184 ('Data',SAMPR_DOMAIN_DISPLAY_GROUP_ARRAY),
1185 )
1187# 2.2.8.5 SAMPR_DOMAIN_DISPLAY_OEM_USER
1188class SAMPR_DOMAIN_DISPLAY_OEM_USER(NDRSTRUCT):
1189 structure = (
1190 ('Index',ULONG),
1191 ('OemAccountName',RPC_STRING),
1192 )
1194class SAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY(NDRUniConformantArray):
1195 item = SAMPR_DOMAIN_DISPLAY_OEM_USER
1197class PSAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY(NDRPOINTER):
1198 referent = (
1199 ('Data',SAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY),
1200 )
1202# 2.2.8.6 SAMPR_DOMAIN_DISPLAY_OEM_GROUP
1203class SAMPR_DOMAIN_DISPLAY_OEM_GROUP(NDRSTRUCT):
1204 structure = (
1205 ('Index',ULONG),
1206 ('OemAccountName',RPC_STRING),
1207 )
1209class SAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY(NDRUniConformantArray):
1210 item = SAMPR_DOMAIN_DISPLAY_OEM_GROUP
1212class PSAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY(NDRPOINTER):
1213 referent = (
1214 ('Data',SAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY),
1215 )
1217#2.2.8.7 SAMPR_DOMAIN_DISPLAY_USER_BUFFER
1218class SAMPR_DOMAIN_DISPLAY_USER_BUFFER(NDRSTRUCT):
1219 structure = (
1220 ('EntriesRead', ULONG),
1221 ('Buffer', PSAMPR_DOMAIN_DISPLAY_USER_ARRAY),
1222 )
1224# 2.2.8.8 SAMPR_DOMAIN_DISPLAY_MACHINE_BUFFER
1225class SAMPR_DOMAIN_DISPLAY_MACHINE_BUFFER(NDRSTRUCT):
1226 structure = (
1227 ('EntriesRead', ULONG),
1228 ('Buffer', PSAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY),
1229 )
1231# 2.2.8.9 SAMPR_DOMAIN_DISPLAY_GROUP_BUFFER
1232class SAMPR_DOMAIN_DISPLAY_GROUP_BUFFER(NDRSTRUCT):
1233 structure = (
1234 ('EntriesRead', ULONG),
1235 ('Buffer', PSAMPR_DOMAIN_DISPLAY_GROUP_ARRAY),
1236 )
1238# 2.2.8.10 SAMPR_DOMAIN_DISPLAY_OEM_USER_BUFFER
1239class SAMPR_DOMAIN_DISPLAY_OEM_USER_BUFFER(NDRSTRUCT):
1240 structure = (
1241 ('EntriesRead', ULONG),
1242 ('Buffer', PSAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY),
1243 )
1245# 2.2.8.11 SAMPR_DOMAIN_DISPLAY_OEM_GROUP_BUFFER
1246class SAMPR_DOMAIN_DISPLAY_OEM_GROUP_BUFFER(NDRSTRUCT):
1247 structure = (
1248 ('EntriesRead', ULONG),
1249 ('Buffer', PSAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY),
1250 )
1252# 2.2.8.12 DOMAIN_DISPLAY_INFORMATION
1253class DOMAIN_DISPLAY_INFORMATION(NDRENUM):
1254 class enumItems(Enum):
1255 DomainDisplayUser = 1
1256 DomainDisplayMachine = 2
1257 DomainDisplayGroup = 3
1258 DomainDisplayOemUser = 4
1259 DomainDisplayOemGroup = 5
1261# 2.2.8.13 SAMPR_DISPLAY_INFO_BUFFER
1262class SAMPR_DISPLAY_INFO_BUFFER(NDRUNION):
1263 union = {
1264 DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser : ('UserInformation', SAMPR_DOMAIN_DISPLAY_USER_BUFFER),
1265 DOMAIN_DISPLAY_INFORMATION.DomainDisplayMachine : ('MachineInformation', SAMPR_DOMAIN_DISPLAY_MACHINE_BUFFER),
1266 DOMAIN_DISPLAY_INFORMATION.DomainDisplayGroup : ('GroupInformation', SAMPR_DOMAIN_DISPLAY_GROUP_BUFFER),
1267 DOMAIN_DISPLAY_INFORMATION.DomainDisplayOemUser : ('OemUserInformation', SAMPR_DOMAIN_DISPLAY_OEM_USER_BUFFER),
1268 DOMAIN_DISPLAY_INFORMATION.DomainDisplayOemGroup : ('OemGroupInformation', SAMPR_DOMAIN_DISPLAY_OEM_GROUP_BUFFER),
1269 }
1271# 2.2.9.1 SAM_VALIDATE_PASSWORD_HASH
1272class SAM_VALIDATE_PASSWORD_HASH(NDRSTRUCT):
1273 structure = (
1274 ('Length', ULONG),
1275 ('Hash', LPBYTE),
1276 )
1278class PSAM_VALIDATE_PASSWORD_HASH(NDRPOINTER):
1279 referent = (
1280 ('Data', SAM_VALIDATE_PASSWORD_HASH),
1281 )
1283# 2.2.9.2 SAM_VALIDATE_PERSISTED_FIELDS
1284class SAM_VALIDATE_PERSISTED_FIELDS(NDRSTRUCT):
1285 structure = (
1286 ('PresentFields', ULONG),
1287 ('PasswordLastSet', LARGE_INTEGER),
1288 ('BadPasswordTime', LARGE_INTEGER),
1289 ('LockoutTime', LARGE_INTEGER),
1290 ('BadPasswordCount', ULONG),
1291 ('PasswordHistoryLength', ULONG),
1292 ('PasswordHistory', PSAM_VALIDATE_PASSWORD_HASH),
1293 )
1295# 2.2.9.3 SAM_VALIDATE_VALIDATION_STATUS
1296class SAM_VALIDATE_VALIDATION_STATUS(NDRENUM):
1297 class enumItems(Enum):
1298 SamValidateSuccess = 0
1299 SamValidatePasswordMustChange = 1
1300 SamValidateAccountLockedOut = 2
1301 SamValidatePasswordExpired = 3
1302 SamValidatePasswordIncorrect = 4
1303 SamValidatePasswordIsInHistory = 5
1304 SamValidatePasswordTooShort = 6
1305 SamValidatePasswordTooLong = 7
1306 SamValidatePasswordNotComplexEnough = 8
1307 SamValidatePasswordTooRecent = 9
1308 SamValidatePasswordFilterError = 10
1310# 2.2.9.4 SAM_VALIDATE_STANDARD_OUTPUT_ARG
1311class SAM_VALIDATE_STANDARD_OUTPUT_ARG(NDRSTRUCT):
1312 structure = (
1313 ('ChangedPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS),
1314 ('ValidationStatus', SAM_VALIDATE_VALIDATION_STATUS),
1315 )
1317class PSAM_VALIDATE_STANDARD_OUTPUT_ARG(NDRPOINTER):
1318 referent = (
1319 ('Data', SAM_VALIDATE_STANDARD_OUTPUT_ARG),
1320 )
1322# 2.2.9.5 SAM_VALIDATE_AUTHENTICATION_INPUT_ARG
1323class SAM_VALIDATE_AUTHENTICATION_INPUT_ARG(NDRSTRUCT):
1324 structure = (
1325 ('InputPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS),
1326 ('PasswordMatched', UCHAR),
1327 )
1329# 2.2.9.6 SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG
1330class SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG(NDRSTRUCT):
1331 structure = (
1332 ('InputPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS),
1333 ('ClearPassword', RPC_UNICODE_STRING),
1334 ('UserAccountName', RPC_UNICODE_STRING),
1335 ('HashedPassword', SAM_VALIDATE_PASSWORD_HASH),
1336 ('PasswordMatch', UCHAR),
1337 )
1339# 2.2.9.7 SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG
1340class SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG(NDRSTRUCT):
1341 structure = (
1342 ('InputPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS),
1343 ('ClearPassword', RPC_UNICODE_STRING),
1344 ('UserAccountName', RPC_UNICODE_STRING),
1345 ('HashedPassword', SAM_VALIDATE_PASSWORD_HASH),
1346 ('PasswordMustChangeAtNextLogon', UCHAR),
1347 ('ClearLockout', UCHAR),
1348 )
1350# 2.2.9.8 PASSWORD_POLICY_VALIDATION_TYPE
1351class PASSWORD_POLICY_VALIDATION_TYPE(NDRENUM):
1352 class enumItems(Enum):
1353 SamValidateAuthentication = 1
1354 SamValidatePasswordChange = 2
1355 SamValidatePasswordReset = 3
1357# 2.2.9.9 SAM_VALIDATE_INPUT_ARG
1358class SAM_VALIDATE_INPUT_ARG(NDRUNION):
1359 union = {
1360 PASSWORD_POLICY_VALIDATION_TYPE.SamValidateAuthentication : ('ValidateAuthenticationInput', SAM_VALIDATE_AUTHENTICATION_INPUT_ARG),
1361 PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordChange : ('ValidatePasswordChangeInput', SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG),
1362 PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordReset : ('ValidatePasswordResetInput', SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG),
1363 }
1365# 2.2.9.10 SAM_VALIDATE_OUTPUT_ARG
1366class SAM_VALIDATE_OUTPUT_ARG(NDRUNION):
1367 union = {
1368 PASSWORD_POLICY_VALIDATION_TYPE.SamValidateAuthentication : ('ValidateAuthenticationOutput', SAM_VALIDATE_STANDARD_OUTPUT_ARG),
1369 PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordChange : ('ValidatePasswordChangeOutput', SAM_VALIDATE_STANDARD_OUTPUT_ARG),
1370 PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordReset : ('ValidatePasswordResetOutput', SAM_VALIDATE_STANDARD_OUTPUT_ARG),
1371 }
1373class PSAM_VALIDATE_OUTPUT_ARG(NDRPOINTER):
1374 referent = (
1375 ('Data', SAM_VALIDATE_OUTPUT_ARG),
1376 )
1378# 2.2.10 Supplemental Credentials Structures
1380# 2.2.10.1 USER_PROPERTIES
1381class USER_PROPERTIES(Structure):
1382 structure = (
1383 ('Reserved1','<L=0'),
1384 ('Length','<L=0'),
1385 ('Reserved2','<H=0'),
1386 ('Reserved3','<H=0'),
1387 ('Reserved4','96s=""'),
1388 ('PropertySignature','<H=0x50'),
1389 ('PropertyCount','<H=0'),
1390 ('UserProperties',':'),
1391 )
1393# 2.2.10.2 USER_PROPERTY
1394class USER_PROPERTY(Structure):
1395 structure = (
1396 ('NameLength','<H=0'),
1397 ('ValueLength','<H=0'),
1398 ('Reserved','<H=0'),
1399 ('_PropertyName','_-PropertyName', "self['NameLength']"),
1400 ('PropertyName',':'),
1401 ('_PropertyValue','_-PropertyValue', "self['ValueLength']"),
1402 ('PropertyValue',':'),
1403 )
1405# 2.2.10.3 Primary:WDigest - WDIGEST_CREDENTIALS
1406class WDIGEST_CREDENTIALS(Structure):
1407 structure = (
1408 ('Reserved1','B=0'),
1409 ('Reserved2','B=0'),
1410 ('Version','B=1'),
1411 ('NumberOfHashes','B=29'),
1412 ('Reserved3','12s=""'),
1413 ('Hash1', '16s=""'),
1414 ('Hash2', '16s=""'),
1415 ('Hash3', '16s=""'),
1416 ('Hash4', '16s=""'),
1417 ('Hash5', '16s=""'),
1418 ('Hash6', '16s=""'),
1419 ('Hash7', '16s=""'),
1420 ('Hash8', '16s=""'),
1421 ('Hash9', '16s=""'),
1422 ('Hash10', '16s=""'),
1423 ('Hash11', '16s=""'),
1424 ('Hash12', '16s=""'),
1425 ('Hash13', '16s=""'),
1426 ('Hash14', '16s=""'),
1427 ('Hash15', '16s=""'),
1428 ('Hash16', '16s=""'),
1429 ('Hash17', '16s=""'),
1430 ('Hash18', '16s=""'),
1431 ('Hash19', '16s=""'),
1432 ('Hash20', '16s=""'),
1433 ('Hash21', '16s=""'),
1434 ('Hash22', '16s=""'),
1435 ('Hash23', '16s=""'),
1436 ('Hash24', '16s=""'),
1437 ('Hash25', '16s=""'),
1438 ('Hash26', '16s=""'),
1439 ('Hash27', '16s=""'),
1440 ('Hash28', '16s=""'),
1441 ('Hash29', '16s=""'),
1442 )
1444# 2.2.10.5 KERB_KEY_DATA
1445class KERB_KEY_DATA(Structure):
1446 structure = (
1447 ('Reserved1','<H=0'),
1448 ('Reserved2','<H=0'),
1449 ('Reserved3','<H=0'),
1450 ('KeyType','<L=0'),
1451 ('KeyLength','<L=0'),
1452 ('KeyOffset','<L=0'),
1453 )
1455# 2.2.10.4 Primary:Kerberos - KERB_STORED_CREDENTIAL
1456class KERB_STORED_CREDENTIAL(Structure):
1457 structure = (
1458 ('Revision','<H=3'),
1459 ('Flags','<H=0'),
1460 ('CredentialCount','<H=0'),
1461 ('OldCredentialCount','<H=0'),
1462 ('DefaultSaltLength','<H=0'),
1463 ('DefaultSaltMaximumLength','<H=0'),
1464 ('DefaultSaltOffset','<L=0'),
1465 #('Credentials',':'),
1466 #('OldCredentials',':'),
1467 #('DefaultSalt',':'),
1468 #('KeyValues',':'),
1469 # All the preceding stuff inside this Buffer
1470 ('Buffer',':'),
1471 )
1473# 2.2.10.7 KERB_KEY_DATA_NEW
1474class KERB_KEY_DATA_NEW(Structure):
1475 structure = (
1476 ('Reserved1','<H=0'),
1477 ('Reserved2','<H=0'),
1478 ('Reserved3','<L=0'),
1479 ('IterationCount','<L=0'),
1480 ('KeyType','<L=0'),
1481 ('KeyLength','<L=0'),
1482 ('KeyOffset','<L=0'),
1483 )
1485# 2.2.10.6 Primary:Kerberos-Newer-Keys - KERB_STORED_CREDENTIAL_NEW
1486class KERB_STORED_CREDENTIAL_NEW(Structure):
1487 structure = (
1488 ('Revision','<H=4'),
1489 ('Flags','<H=0'),
1490 ('CredentialCount','<H=0'),
1491 ('ServiceCredentialCount','<H=0'),
1492 ('OldCredentialCount','<H=0'),
1493 ('OlderCredentialCount','<H=0'),
1494 ('DefaultSaltLength','<H=0'),
1495 ('DefaultSaltMaximumLength','<H=0'),
1496 ('DefaultSaltOffset','<L=0'),
1497 ('DefaultIterationCount','<L=0'),
1498 #('Credentials',':'),
1499 #('ServiceCredentials',':'),
1500 #('OldCredentials',':'),
1501 #('OlderCredentials',':'),
1502 #('DefaultSalt',':'),
1503 #('KeyValues',':'),
1504 # All the preceding stuff inside this Buffer
1505 ('Buffer',':'),
1506 )
1508################################################################################
1509# RPC CALLS
1510################################################################################
1512class SamrConnect(NDRCALL):
1513 opnum = 0
1514 structure = (
1515 ('ServerName',PSAMPR_SERVER_NAME2),
1516 ('DesiredAccess', ULONG),
1517 )
1519class SamrConnectResponse(NDRCALL):
1520 structure = (
1521 ('ServerHandle',SAMPR_HANDLE),
1522 ('ErrorCode',ULONG),
1523 )
1525class SamrCloseHandle(NDRCALL):
1526 opnum = 1
1527 structure = (
1528 ('SamHandle',SAMPR_HANDLE),
1529 ('DesiredAccess', LONG),
1530 )
1532class SamrCloseHandleResponse(NDRCALL):
1533 structure = (
1534 ('SamHandle',SAMPR_HANDLE),
1535 ('ErrorCode',ULONG),
1536 )
1538class SamrSetSecurityObject(NDRCALL):
1539 opnum = 2
1540 structure = (
1541 ('ObjectHandle',SAMPR_HANDLE),
1542 ('SecurityInformation', SECURITY_INFORMATION),
1543 ('SecurityDescriptor', SAMPR_SR_SECURITY_DESCRIPTOR),
1544 )
1546class SamrSetSecurityObjectResponse(NDRCALL):
1547 structure = (
1548 ('ErrorCode',ULONG),
1549 )
1551class SamrQuerySecurityObject(NDRCALL):
1552 opnum = 3
1553 structure = (
1554 ('ObjectHandle',SAMPR_HANDLE),
1555 ('SecurityInformation', SECURITY_INFORMATION),
1556 )
1558class SamrQuerySecurityObjectResponse(NDRCALL):
1559 structure = (
1560 ('SecurityDescriptor',PSAMPR_SR_SECURITY_DESCRIPTOR),
1561 ('ErrorCode',ULONG),
1562 )
1564class SamrLookupDomainInSamServer(NDRCALL):
1565 opnum = 5
1566 structure = (
1567 ('ServerHandle',SAMPR_HANDLE),
1568 ('Name', RPC_UNICODE_STRING),
1569 )
1571class SamrLookupDomainInSamServerResponse(NDRCALL):
1572 structure = (
1573 ('DomainId',PRPC_SID),
1574 ('ErrorCode',ULONG),
1575 )
1577class SamrEnumerateDomainsInSamServer(NDRCALL):
1578 opnum = 6
1579 structure = (
1580 ('ServerHandle',SAMPR_HANDLE),
1581 ('EnumerationContext', ULONG),
1582 ('PreferedMaximumLength', ULONG),
1583 )
1585class SamrEnumerateDomainsInSamServerResponse(NDRCALL):
1586 structure = (
1587 ('EnumerationContext',ULONG),
1588 ('Buffer',PSAMPR_ENUMERATION_BUFFER),
1589 ('CountReturned',ULONG),
1590 ('ErrorCode',ULONG),
1591 )
1593class SamrOpenDomain(NDRCALL):
1594 opnum = 7
1595 structure = (
1596 ('ServerHandle',SAMPR_HANDLE),
1597 ('DesiredAccess', ULONG),
1598 ('DomainId', RPC_SID),
1599 )
1601class SamrOpenDomainResponse(NDRCALL):
1602 structure = (
1603 ('DomainHandle',SAMPR_HANDLE),
1604 ('ErrorCode',ULONG),
1605 )
1607class SamrQueryInformationDomain(NDRCALL):
1608 opnum = 8
1609 structure = (
1610 ('DomainHandle',SAMPR_HANDLE),
1611 ('DomainInformationClass', DOMAIN_INFORMATION_CLASS),
1612 )
1614class SamrQueryInformationDomainResponse(NDRCALL):
1615 structure = (
1616 ('Buffer',PSAMPR_DOMAIN_INFO_BUFFER),
1617 ('ErrorCode',ULONG),
1618 )
1620class SamrSetInformationDomain(NDRCALL):
1621 opnum = 9
1622 structure = (
1623 ('DomainHandle',SAMPR_HANDLE),
1624 ('DomainInformationClass', DOMAIN_INFORMATION_CLASS),
1625 ('DomainInformation', SAMPR_DOMAIN_INFO_BUFFER),
1626 )
1628class SamrSetInformationDomainResponse(NDRCALL):
1629 structure = (
1630 ('ErrorCode',ULONG),
1631 )
1633class SamrCreateGroupInDomain(NDRCALL):
1634 opnum = 10
1635 structure = (
1636 ('DomainHandle',SAMPR_HANDLE),
1637 ('Name', RPC_UNICODE_STRING),
1638 ('DesiredAccess', ULONG),
1639 )
1641class SamrCreateGroupInDomainResponse(NDRCALL):
1642 structure = (
1643 ('GroupHandle',SAMPR_HANDLE),
1644 ('RelativeId',ULONG),
1645 ('ErrorCode',ULONG),
1646 )
1648class SamrEnumerateGroupsInDomain(NDRCALL):
1649 opnum = 11
1650 structure = (
1651 ('DomainHandle',SAMPR_HANDLE),
1652 ('EnumerationContext', ULONG),
1653 ('PreferedMaximumLength', ULONG),
1654 )
1656class SamrCreateUserInDomain(NDRCALL):
1657 opnum = 12
1658 structure = (
1659 ('DomainHandle',SAMPR_HANDLE),
1660 ('Name', RPC_UNICODE_STRING),
1661 ('DesiredAccess', ULONG),
1662 )
1664class SamrCreateUserInDomainResponse(NDRCALL):
1665 structure = (
1666 ('UserHandle',SAMPR_HANDLE),
1667 ('RelativeId',ULONG),
1668 ('ErrorCode',ULONG),
1669 )
1671class SamrEnumerateGroupsInDomainResponse(NDRCALL):
1672 structure = (
1673 ('EnumerationContext',ULONG),
1674 ('Buffer',PSAMPR_ENUMERATION_BUFFER),
1675 ('CountReturned',ULONG),
1676 ('ErrorCode',ULONG),
1677 )
1679class SamrEnumerateUsersInDomain(NDRCALL):
1680 opnum = 13
1681 structure = (
1682 ('DomainHandle',SAMPR_HANDLE),
1683 ('EnumerationContext', ULONG),
1684 ('UserAccountControl', ULONG),
1685 ('PreferedMaximumLength', ULONG),
1686 )
1688class SamrEnumerateUsersInDomainResponse(NDRCALL):
1689 structure = (
1690 ('EnumerationContext',ULONG),
1691 ('Buffer',PSAMPR_ENUMERATION_BUFFER),
1692 ('CountReturned',ULONG),
1693 ('ErrorCode',ULONG),
1694 )
1696class SamrCreateAliasInDomain(NDRCALL):
1697 opnum = 14
1698 structure = (
1699 ('DomainHandle',SAMPR_HANDLE),
1700 ('AccountName', RPC_UNICODE_STRING),
1701 ('DesiredAccess', ULONG),
1702 )
1704class SamrCreateAliasInDomainResponse(NDRCALL):
1705 structure = (
1706 ('AliasHandle',SAMPR_HANDLE),
1707 ('RelativeId',ULONG),
1708 ('ErrorCode',ULONG),
1709 )
1712class SamrEnumerateAliasesInDomain(NDRCALL):
1713 opnum = 15
1714 structure = (
1715 ('DomainHandle',SAMPR_HANDLE),
1716 ('EnumerationContext', ULONG),
1717 ('PreferedMaximumLength', ULONG),
1718 )
1720class SamrEnumerateAliasesInDomainResponse(NDRCALL):
1721 structure = (
1722 ('EnumerationContext',ULONG),
1723 ('Buffer',PSAMPR_ENUMERATION_BUFFER),
1724 ('CountReturned',ULONG),
1725 ('ErrorCode',ULONG),
1726 )
1728class SamrGetAliasMembership(NDRCALL):
1729 opnum = 16
1730 structure = (
1731 ('DomainHandle',SAMPR_HANDLE),
1732 ('SidArray',SAMPR_PSID_ARRAY),
1733 )
1735class SamrGetAliasMembershipResponse(NDRCALL):
1736 structure = (
1737 ('Membership',SAMPR_ULONG_ARRAY),
1738 ('ErrorCode',ULONG),
1739 )
1741class SamrLookupNamesInDomain(NDRCALL):
1742 opnum = 17
1743 structure = (
1744 ('DomainHandle',SAMPR_HANDLE),
1745 ('Count',ULONG),
1746 ('Names',RPC_UNICODE_STRING_ARRAY),
1747 )
1749class SamrLookupNamesInDomainResponse(NDRCALL):
1750 structure = (
1751 ('RelativeIds',SAMPR_ULONG_ARRAY),
1752 ('Use',SAMPR_ULONG_ARRAY),
1753 ('ErrorCode',ULONG),
1754 )
1756class SamrLookupIdsInDomain(NDRCALL):
1757 opnum = 18
1758 structure = (
1759 ('DomainHandle',SAMPR_HANDLE),
1760 ('Count',ULONG),
1761 ('RelativeIds',ULONG_ARRAY_CV),
1762 )
1764class SamrLookupIdsInDomainResponse(NDRCALL):
1765 structure = (
1766 ('Names',SAMPR_RETURNED_USTRING_ARRAY),
1767 ('Use',SAMPR_ULONG_ARRAY),
1768 ('ErrorCode',ULONG),
1769 )
1771class SamrOpenGroup(NDRCALL):
1772 opnum = 19
1773 structure = (
1774 ('DomainHandle',SAMPR_HANDLE),
1775 ('DesiredAccess', ULONG),
1776 ('GroupId', ULONG),
1777 )
1779class SamrOpenGroupResponse(NDRCALL):
1780 structure = (
1781 ('GroupHandle',SAMPR_HANDLE),
1782 ('ErrorCode',ULONG),
1783 )
1785class SamrQueryInformationGroup(NDRCALL):
1786 opnum = 20
1787 structure = (
1788 ('GroupHandle',SAMPR_HANDLE),
1789 ('GroupInformationClass', GROUP_INFORMATION_CLASS),
1790 )
1792class SamrQueryInformationGroupResponse(NDRCALL):
1793 structure = (
1794 ('Buffer',PSAMPR_GROUP_INFO_BUFFER),
1795 ('ErrorCode',ULONG),
1796 )
1798class SamrSetInformationGroup(NDRCALL):
1799 opnum = 21
1800 structure = (
1801 ('GroupHandle',SAMPR_HANDLE),
1802 ('GroupInformationClass', GROUP_INFORMATION_CLASS),
1803 ('Buffer', SAMPR_GROUP_INFO_BUFFER),
1804 )
1806class SamrSetInformationGroupResponse(NDRCALL):
1807 structure = (
1808 ('ErrorCode',ULONG),
1809 )
1811class SamrAddMemberToGroup(NDRCALL):
1812 opnum = 22
1813 structure = (
1814 ('GroupHandle',SAMPR_HANDLE),
1815 ('MemberId', ULONG),
1816 ('Attributes', ULONG),
1817 )
1819class SamrAddMemberToGroupResponse(NDRCALL):
1820 structure = (
1821 ('ErrorCode',ULONG),
1822 )
1824class SamrDeleteGroup(NDRCALL):
1825 opnum = 23
1826 structure = (
1827 ('GroupHandle',SAMPR_HANDLE),
1828 )
1830class SamrDeleteGroupResponse(NDRCALL):
1831 structure = (
1832 ('GroupHandle',SAMPR_HANDLE),
1833 ('ErrorCode',ULONG),
1834 )
1836class SamrRemoveMemberFromGroup(NDRCALL):
1837 opnum = 24
1838 structure = (
1839 ('GroupHandle',SAMPR_HANDLE),
1840 ('MemberId', ULONG),
1841 )
1843class SamrRemoveMemberFromGroupResponse(NDRCALL):
1844 structure = (
1845 ('ErrorCode',ULONG),
1846 )
1848class SamrGetMembersInGroup(NDRCALL):
1849 opnum = 25
1850 structure = (
1851 ('GroupHandle',SAMPR_HANDLE),
1852 )
1854class SamrGetMembersInGroupResponse(NDRCALL):
1855 structure = (
1856 ('Members',PSAMPR_GET_MEMBERS_BUFFER),
1857 ('ErrorCode',ULONG),
1858 )
1860class SamrSetMemberAttributesOfGroup(NDRCALL):
1861 opnum = 26
1862 structure = (
1863 ('GroupHandle',SAMPR_HANDLE),
1864 ('MemberId',ULONG),
1865 ('Attributes',ULONG),
1866 )
1868class SamrSetMemberAttributesOfGroupResponse(NDRCALL):
1869 structure = (
1870 ('ErrorCode',ULONG),
1871 )
1873class SamrOpenAlias(NDRCALL):
1874 opnum = 27
1875 structure = (
1876 ('DomainHandle',SAMPR_HANDLE),
1877 ('DesiredAccess', ULONG),
1878 ('AliasId', ULONG),
1879 )
1881class SamrOpenAliasResponse(NDRCALL):
1882 structure = (
1883 ('AliasHandle',SAMPR_HANDLE),
1884 ('ErrorCode',ULONG),
1885 )
1887class SamrQueryInformationAlias(NDRCALL):
1888 opnum = 28
1889 structure = (
1890 ('AliasHandle',SAMPR_HANDLE),
1891 ('AliasInformationClass', ALIAS_INFORMATION_CLASS),
1892 )
1894class SamrQueryInformationAliasResponse(NDRCALL):
1895 structure = (
1896 ('Buffer',PSAMPR_ALIAS_INFO_BUFFER),
1897 ('ErrorCode',ULONG),
1898 )
1900class SamrSetInformationAlias(NDRCALL):
1901 opnum = 29
1902 structure = (
1903 ('AliasHandle',SAMPR_HANDLE),
1904 ('AliasInformationClass', ALIAS_INFORMATION_CLASS),
1905 ('Buffer',SAMPR_ALIAS_INFO_BUFFER),
1906 )
1908class SamrSetInformationAliasResponse(NDRCALL):
1909 structure = (
1910 ('ErrorCode',ULONG),
1911 )
1913class SamrDeleteAlias(NDRCALL):
1914 opnum = 30
1915 structure = (
1916 ('AliasHandle',SAMPR_HANDLE),
1917 )
1919class SamrDeleteAliasResponse(NDRCALL):
1920 structure = (
1921 ('AliasHandle',SAMPR_HANDLE),
1922 ('ErrorCode',ULONG),
1923 )
1925class SamrAddMemberToAlias(NDRCALL):
1926 opnum = 31
1927 structure = (
1928 ('AliasHandle',SAMPR_HANDLE),
1929 ('MemberId', RPC_SID),
1930 )
1932class SamrAddMemberToAliasResponse(NDRCALL):
1933 structure = (
1934 ('ErrorCode',ULONG),
1935 )
1937class SamrRemoveMemberFromAlias(NDRCALL):
1938 opnum = 32
1939 structure = (
1940 ('AliasHandle',SAMPR_HANDLE),
1941 ('MemberId', RPC_SID),
1942 )
1944class SamrRemoveMemberFromAliasResponse(NDRCALL):
1945 structure = (
1946 ('ErrorCode',ULONG),
1947 )
1949class SamrGetMembersInAlias(NDRCALL):
1950 opnum = 33
1951 structure = (
1952 ('AliasHandle',SAMPR_HANDLE),
1953 )
1955class SamrGetMembersInAliasResponse(NDRCALL):
1956 structure = (
1957 ('Members',SAMPR_PSID_ARRAY_OUT),
1958 ('ErrorCode',ULONG),
1959 )
1961class SamrOpenUser(NDRCALL):
1962 opnum = 34
1963 structure = (
1964 ('DomainHandle',SAMPR_HANDLE),
1965 ('DesiredAccess', ULONG),
1966 ('UserId', ULONG),
1967 )
1969class SamrOpenUserResponse(NDRCALL):
1970 structure = (
1971 ('UserHandle',SAMPR_HANDLE),
1972 ('ErrorCode',ULONG),
1973 )
1975class SamrDeleteUser(NDRCALL):
1976 opnum = 35
1977 structure = (
1978 ('UserHandle',SAMPR_HANDLE),
1979 )
1981class SamrDeleteUserResponse(NDRCALL):
1982 structure = (
1983 ('UserHandle',SAMPR_HANDLE),
1984 ('ErrorCode',ULONG),
1985 )
1987class SamrQueryInformationUser(NDRCALL):
1988 opnum = 36
1989 structure = (
1990 ('UserHandle',SAMPR_HANDLE),
1991 ('UserInformationClass', USER_INFORMATION_CLASS ),
1992 )
1994class SamrQueryInformationUserResponse(NDRCALL):
1995 structure = (
1996 ('Buffer',PSAMPR_USER_INFO_BUFFER),
1997 ('ErrorCode',ULONG),
1998 )
2000class SamrSetInformationUser(NDRCALL):
2001 opnum = 37
2002 structure = (
2003 ('UserHandle',SAMPR_HANDLE),
2004 ('UserInformationClass', USER_INFORMATION_CLASS ),
2005 ('Buffer',SAMPR_USER_INFO_BUFFER),
2006 )
2008class SamrSetInformationUserResponse(NDRCALL):
2009 structure = (
2010 ('ErrorCode',ULONG),
2011 )
2013class SamrChangePasswordUser(NDRCALL):
2014 opnum = 38
2015 structure = (
2016 ('UserHandle',SAMPR_HANDLE),
2017 ('LmPresent', UCHAR ),
2018 ('OldLmEncryptedWithNewLm',PENCRYPTED_LM_OWF_PASSWORD),
2019 ('NewLmEncryptedWithOldLm',PENCRYPTED_LM_OWF_PASSWORD),
2020 ('NtPresent', UCHAR),
2021 ('OldNtEncryptedWithNewNt',PENCRYPTED_NT_OWF_PASSWORD),
2022 ('NewNtEncryptedWithOldNt',PENCRYPTED_NT_OWF_PASSWORD),
2023 ('NtCrossEncryptionPresent',UCHAR),
2024 ('NewNtEncryptedWithNewLm',PENCRYPTED_NT_OWF_PASSWORD),
2025 ('LmCrossEncryptionPresent',UCHAR),
2026 ('NewLmEncryptedWithNewNt',PENCRYPTED_NT_OWF_PASSWORD),
2027 )
2029class SamrChangePasswordUserResponse(NDRCALL):
2030 structure = (
2031 ('ErrorCode',ULONG),
2032 )
2034class SamrGetGroupsForUser(NDRCALL):
2035 opnum = 39
2036 structure = (
2037 ('UserHandle',SAMPR_HANDLE),
2038 )
2040class SamrGetGroupsForUserResponse(NDRCALL):
2041 structure = (
2042 ('Groups',PSAMPR_GET_GROUPS_BUFFER),
2043 ('ErrorCode',ULONG),
2044 )
2046class SamrQueryDisplayInformation(NDRCALL):
2047 opnum = 40
2048 structure = (
2049 ('DomainHandle',SAMPR_HANDLE),
2050 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION),
2051 ('Index', ULONG),
2052 ('EntryCount',ULONG),
2053 ('PreferredMaximumLength',ULONG),
2054 )
2056class SamrQueryDisplayInformationResponse(NDRCALL):
2057 structure = (
2058 ('TotalAvailable',ULONG),
2059 ('TotalReturned',ULONG),
2060 ('Buffer',SAMPR_DISPLAY_INFO_BUFFER),
2061 ('ErrorCode',ULONG),
2062 )
2064class SamrGetDisplayEnumerationIndex(NDRCALL):
2065 opnum = 41
2066 structure = (
2067 ('DomainHandle',SAMPR_HANDLE),
2068 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION),
2069 ('Prefix', RPC_UNICODE_STRING),
2070 )
2072class SamrGetDisplayEnumerationIndexResponse(NDRCALL):
2073 structure = (
2074 ('Index',ULONG),
2075 ('ErrorCode',ULONG),
2076 )
2078class SamrGetUserDomainPasswordInformation(NDRCALL):
2079 opnum = 44
2080 structure = (
2081 ('UserHandle',SAMPR_HANDLE),
2082 )
2084class SamrGetUserDomainPasswordInformationResponse(NDRCALL):
2085 structure = (
2086 ('PasswordInformation',USER_DOMAIN_PASSWORD_INFORMATION),
2087 ('ErrorCode',ULONG),
2088 )
2090class SamrRemoveMemberFromForeignDomain(NDRCALL):
2091 opnum = 45
2092 structure = (
2093 ('DomainHandle',SAMPR_HANDLE),
2094 ('MemberSid', RPC_SID),
2095 )
2097class SamrRemoveMemberFromForeignDomainResponse(NDRCALL):
2098 structure = (
2099 ('ErrorCode',ULONG),
2100 )
2102class SamrQueryInformationDomain2(NDRCALL):
2103 opnum = 46
2104 structure = (
2105 ('DomainHandle',SAMPR_HANDLE),
2106 ('DomainInformationClass', DOMAIN_INFORMATION_CLASS),
2107 )
2109class SamrQueryInformationDomain2Response(NDRCALL):
2110 structure = (
2111 ('Buffer',PSAMPR_DOMAIN_INFO_BUFFER),
2112 ('ErrorCode',ULONG),
2113 )
2115class SamrQueryInformationUser2(NDRCALL):
2116 opnum = 47
2117 structure = (
2118 ('UserHandle',SAMPR_HANDLE),
2119 ('UserInformationClass', USER_INFORMATION_CLASS ),
2120 )
2122class SamrQueryInformationUser2Response(NDRCALL):
2123 structure = (
2124 ('Buffer',PSAMPR_USER_INFO_BUFFER),
2125 ('ErrorCode',ULONG),
2126 )
2128class SamrQueryDisplayInformation2(NDRCALL):
2129 opnum = 48
2130 structure = (
2131 ('DomainHandle',SAMPR_HANDLE),
2132 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION),
2133 ('Index', ULONG),
2134 ('EntryCount',ULONG),
2135 ('PreferredMaximumLength',ULONG),
2136 )
2138class SamrQueryDisplayInformation2Response(NDRCALL):
2139 structure = (
2140 ('TotalAvailable',ULONG),
2141 ('TotalReturned',ULONG),
2142 ('Buffer',SAMPR_DISPLAY_INFO_BUFFER),
2143 ('ErrorCode',ULONG),
2144 )
2146class SamrGetDisplayEnumerationIndex2(NDRCALL):
2147 opnum = 49
2148 structure = (
2149 ('DomainHandle',SAMPR_HANDLE),
2150 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION),
2151 ('Prefix', RPC_UNICODE_STRING),
2152 )
2154class SamrGetDisplayEnumerationIndex2Response(NDRCALL):
2155 structure = (
2156 ('Index',ULONG),
2157 ('ErrorCode',ULONG),
2158 )
2160class SamrCreateUser2InDomain(NDRCALL):
2161 opnum = 50
2162 structure = (
2163 ('DomainHandle',SAMPR_HANDLE),
2164 ('Name', RPC_UNICODE_STRING),
2165 ('AccountType', ULONG),
2166 ('DesiredAccess', ULONG),
2167 )
2169class SamrCreateUser2InDomainResponse(NDRCALL):
2170 structure = (
2171 ('UserHandle',SAMPR_HANDLE),
2172 ('GrantedAccess',ULONG),
2173 ('RelativeId',ULONG),
2174 ('ErrorCode',ULONG),
2175 )
2177class SamrQueryDisplayInformation3(NDRCALL):
2178 opnum = 51
2179 structure = (
2180 ('DomainHandle',SAMPR_HANDLE),
2181 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION),
2182 ('Index', ULONG),
2183 ('EntryCount',ULONG),
2184 ('PreferredMaximumLength',ULONG),
2185 )
2187class SamrQueryDisplayInformation3Response(NDRCALL):
2188 structure = (
2189 ('TotalAvailable',ULONG),
2190 ('TotalReturned',ULONG),
2191 ('Buffer',SAMPR_DISPLAY_INFO_BUFFER),
2192 ('ErrorCode',ULONG),
2193 )
2195class SamrAddMultipleMembersToAlias(NDRCALL):
2196 opnum = 52
2197 structure = (
2198 ('AliasHandle',SAMPR_HANDLE),
2199 ('MembersBuffer', SAMPR_PSID_ARRAY),
2200 )
2202class SamrAddMultipleMembersToAliasResponse(NDRCALL):
2203 structure = (
2204 ('ErrorCode',ULONG),
2205 )
2207class SamrRemoveMultipleMembersFromAlias(NDRCALL):
2208 opnum = 53
2209 structure = (
2210 ('AliasHandle',SAMPR_HANDLE),
2211 ('MembersBuffer', SAMPR_PSID_ARRAY),
2212 )
2214class SamrRemoveMultipleMembersFromAliasResponse(NDRCALL):
2215 structure = (
2216 ('ErrorCode',ULONG),
2217 )
2219class SamrOemChangePasswordUser2(NDRCALL):
2220 opnum = 54
2221 structure = (
2222 ('ServerName', PRPC_STRING),
2223 ('UserName', RPC_STRING),
2224 ('NewPasswordEncryptedWithOldLm', PSAMPR_ENCRYPTED_USER_PASSWORD),
2225 ('OldLmOwfPasswordEncryptedWithNewLm', PENCRYPTED_LM_OWF_PASSWORD),
2226 )
2228class SamrOemChangePasswordUser2Response(NDRCALL):
2229 structure = (
2230 ('ErrorCode',ULONG),
2231 )
2233class SamrUnicodeChangePasswordUser2(NDRCALL):
2234 opnum = 55
2235 structure = (
2236 ('ServerName', PRPC_UNICODE_STRING),
2237 ('UserName', RPC_UNICODE_STRING),
2238 ('NewPasswordEncryptedWithOldNt',PSAMPR_ENCRYPTED_USER_PASSWORD),
2239 ('OldNtOwfPasswordEncryptedWithNewNt',PENCRYPTED_NT_OWF_PASSWORD),
2240 ('LmPresent',UCHAR),
2241 ('NewPasswordEncryptedWithOldLm',PSAMPR_ENCRYPTED_USER_PASSWORD),
2242 ('OldLmOwfPasswordEncryptedWithNewNt',PENCRYPTED_LM_OWF_PASSWORD),
2243 )
2245class SamrUnicodeChangePasswordUser2Response(NDRCALL):
2246 structure = (
2247 ('ErrorCode',ULONG),
2248 )
2250class SamrGetDomainPasswordInformation(NDRCALL):
2251 opnum = 56
2252 structure = (
2253 #('BindingHandle',SAMPR_HANDLE),
2254 ('Unused', PRPC_UNICODE_STRING),
2255 )
2257class SamrGetDomainPasswordInformationResponse(NDRCALL):
2258 structure = (
2259 ('PasswordInformation',USER_DOMAIN_PASSWORD_INFORMATION),
2260 ('ErrorCode',ULONG),
2261 )
2263class SamrConnect2(NDRCALL):
2264 opnum = 57
2265 structure = (
2266 ('ServerName',PSAMPR_SERVER_NAME),
2267 ('DesiredAccess', ULONG),
2268 )
2270class SamrConnect2Response(NDRCALL):
2271 structure = (
2272 ('ServerHandle',SAMPR_HANDLE),
2273 ('ErrorCode',ULONG),
2274 )
2276class SamrSetInformationUser2(NDRCALL):
2277 opnum = 58
2278 structure = (
2279 ('UserHandle',SAMPR_HANDLE),
2280 ('UserInformationClass', USER_INFORMATION_CLASS),
2281 ('Buffer', SAMPR_USER_INFO_BUFFER),
2282 )
2284class SamrSetInformationUser2Response(NDRCALL):
2285 structure = (
2286 ('ErrorCode',ULONG),
2287 )
2289class SamrConnect4(NDRCALL):
2290 opnum = 62
2291 structure = (
2292 ('ServerName',PSAMPR_SERVER_NAME),
2293 ('ClientRevision', ULONG),
2294 ('DesiredAccess', ULONG),
2295 )
2297class SamrConnect4Response(NDRCALL):
2298 structure = (
2299 ('ServerHandle',SAMPR_HANDLE),
2300 ('ErrorCode',ULONG),
2301 )
2303class SamrConnect5(NDRCALL):
2304 opnum = 64
2305 structure = (
2306 ('ServerName',PSAMPR_SERVER_NAME),
2307 ('DesiredAccess', ULONG),
2308 ('InVersion', ULONG),
2309 ('InRevisionInfo',SAMPR_REVISION_INFO),
2310 )
2312class SamrConnect5Response(NDRCALL):
2313 structure = (
2314 ('OutVersion',ULONG),
2315 ('OutRevisionInfo',SAMPR_REVISION_INFO),
2316 ('ServerHandle',SAMPR_HANDLE),
2317 ('ErrorCode',ULONG),
2318 )
2320class SamrRidToSid(NDRCALL):
2321 opnum = 65
2322 structure = (
2323 ('ObjectHandle',SAMPR_HANDLE),
2324 ('Rid', ULONG),
2325 )
2327class SamrRidToSidResponse(NDRCALL):
2328 structure = (
2329 ('Sid',PRPC_SID),
2330 ('ErrorCode',ULONG),
2331 )
2333class SamrSetDSRMPassword(NDRCALL):
2334 opnum = 66
2335 structure = (
2336 ('Unused', PRPC_UNICODE_STRING),
2337 ('UserId',ULONG),
2338 ('EncryptedNtOwfPassword',PENCRYPTED_NT_OWF_PASSWORD),
2339 )
2341class SamrSetDSRMPasswordResponse(NDRCALL):
2342 structure = (
2343 ('ErrorCode',ULONG),
2344 )
2346class SamrValidatePassword(NDRCALL):
2347 opnum = 67
2348 structure = (
2349 ('ValidationType', PASSWORD_POLICY_VALIDATION_TYPE),
2350 ('InputArg',SAM_VALIDATE_INPUT_ARG),
2351 )
2353class SamrValidatePasswordResponse(NDRCALL):
2354 structure = (
2355 ('OutputArg',PSAM_VALIDATE_OUTPUT_ARG),
2356 ('ErrorCode',ULONG),
2357 )
2359################################################################################
2360# OPNUMs and their corresponding structures
2361################################################################################
2362OPNUMS = {
2363 0 : (SamrConnect, SamrConnectResponse),
2364 1 : (SamrCloseHandle, SamrCloseHandleResponse),
2365 2 : (SamrSetSecurityObject, SamrSetSecurityObjectResponse),
2366 3 : (SamrQuerySecurityObject, SamrQuerySecurityObjectResponse),
2367 5 : (SamrLookupDomainInSamServer, SamrLookupDomainInSamServerResponse),
2368 6 : (SamrEnumerateDomainsInSamServer, SamrEnumerateDomainsInSamServerResponse),
2369 7 : (SamrOpenDomain, SamrOpenDomainResponse),
2370 8 : (SamrQueryInformationDomain, SamrQueryInformationDomainResponse),
2371 9 : (SamrSetInformationDomain, SamrSetInformationDomainResponse),
237210 : (SamrCreateGroupInDomain, SamrCreateGroupInDomainResponse),
237311 : (SamrEnumerateGroupsInDomain, SamrEnumerateGroupsInDomainResponse),
237412 : (SamrCreateUserInDomain, SamrCreateUserInDomainResponse),
237513 : (SamrEnumerateUsersInDomain, SamrEnumerateUsersInDomainResponse),
237614 : (SamrCreateAliasInDomain, SamrCreateAliasInDomainResponse),
237715 : (SamrEnumerateAliasesInDomain, SamrEnumerateAliasesInDomainResponse),
237816 : (SamrGetAliasMembership, SamrGetAliasMembershipResponse),
237917 : (SamrLookupNamesInDomain, SamrLookupNamesInDomainResponse),
238018 : (SamrLookupIdsInDomain, SamrLookupIdsInDomainResponse),
238119 : (SamrOpenGroup, SamrOpenGroupResponse),
238220 : (SamrQueryInformationGroup, SamrQueryInformationGroupResponse),
238321 : (SamrSetInformationGroup, SamrSetInformationGroupResponse),
238422 : (SamrAddMemberToGroup, SamrAddMemberToGroupResponse),
238523 : (SamrDeleteGroup, SamrDeleteGroupResponse),
238624 : (SamrRemoveMemberFromGroup, SamrRemoveMemberFromGroupResponse),
238725 : (SamrGetMembersInGroup, SamrGetMembersInGroupResponse),
238826 : (SamrSetMemberAttributesOfGroup, SamrSetMemberAttributesOfGroupResponse),
238927 : (SamrOpenAlias, SamrOpenAliasResponse),
239028 : (SamrQueryInformationAlias, SamrQueryInformationAliasResponse),
239129 : (SamrSetInformationAlias, SamrSetInformationAliasResponse),
239230 : (SamrDeleteAlias, SamrDeleteAliasResponse),
239331 : (SamrAddMemberToAlias, SamrAddMemberToAliasResponse),
239432 : (SamrRemoveMemberFromAlias, SamrRemoveMemberFromAliasResponse),
239533 : (SamrGetMembersInAlias, SamrGetMembersInAliasResponse),
239634 : (SamrOpenUser, SamrOpenUserResponse),
239735 : (SamrDeleteUser, SamrDeleteUserResponse),
239836 : (SamrQueryInformationUser, SamrQueryInformationUserResponse),
239937 : (SamrSetInformationUser, SamrSetInformationUserResponse),
240038 : (SamrChangePasswordUser, SamrChangePasswordUserResponse),
240139 : (SamrGetGroupsForUser, SamrGetGroupsForUserResponse),
240240 : (SamrQueryDisplayInformation, SamrQueryDisplayInformationResponse),
240341 : (SamrGetDisplayEnumerationIndex, SamrGetDisplayEnumerationIndexResponse),
240444 : (SamrGetUserDomainPasswordInformation, SamrGetUserDomainPasswordInformationResponse),
240545 : (SamrRemoveMemberFromForeignDomain, SamrRemoveMemberFromForeignDomainResponse),
240646 : (SamrQueryInformationDomain2, SamrQueryInformationDomain2Response),
240747 : (SamrQueryInformationUser2, SamrQueryInformationUser2Response),
240848 : (SamrQueryDisplayInformation2, SamrQueryDisplayInformation2Response),
240949 : (SamrGetDisplayEnumerationIndex2, SamrGetDisplayEnumerationIndex2Response),
241050 : (SamrCreateUser2InDomain, SamrCreateUser2InDomainResponse),
241151 : (SamrQueryDisplayInformation3, SamrQueryDisplayInformation3Response),
241252 : (SamrAddMultipleMembersToAlias, SamrAddMultipleMembersToAliasResponse),
241353 : (SamrRemoveMultipleMembersFromAlias, SamrRemoveMultipleMembersFromAliasResponse),
241454 : (SamrOemChangePasswordUser2, SamrOemChangePasswordUser2Response),
241555 : (SamrUnicodeChangePasswordUser2, SamrUnicodeChangePasswordUser2Response),
241656 : (SamrGetDomainPasswordInformation, SamrGetDomainPasswordInformationResponse),
241757 : (SamrConnect2, SamrConnect2Response),
241858 : (SamrSetInformationUser2, SamrSetInformationUser2Response),
241962 : (SamrConnect4, SamrConnect4Response),
242064 : (SamrConnect5, SamrConnect5Response),
242165 : (SamrRidToSid, SamrRidToSidResponse),
242266 : (SamrSetDSRMPassword, SamrSetDSRMPasswordResponse),
242367 : (SamrValidatePassword, SamrValidatePasswordResponse),
2424}
2426################################################################################
2427# HELPER FUNCTIONS
2428################################################################################
2430def hSamrConnect5(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED, inVersion=1, revision=3):
2431 request = SamrConnect5()
2432 request['ServerName'] = serverName
2433 request['DesiredAccess'] = desiredAccess
2434 request['InVersion'] = inVersion
2435 request['InRevisionInfo']['tag'] = inVersion
2436 request['InRevisionInfo']['V1']['Revision'] = revision
2437 return dce.request(request)
2439def hSamrConnect4(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED, clientRevision=2):
2440 request = SamrConnect4()
2441 request['ServerName'] = serverName
2442 request['DesiredAccess'] = desiredAccess
2443 request['ClientRevision'] = clientRevision
2444 return dce.request(request)
2446def hSamrConnect2(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED):
2447 request = SamrConnect2()
2448 request['ServerName'] = serverName
2449 request['DesiredAccess'] = desiredAccess
2450 return dce.request(request)
2452def hSamrConnect(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED):
2453 request = SamrConnect()
2454 request['ServerName'] = serverName
2455 request['DesiredAccess'] = desiredAccess
2456 return dce.request(request)
2458def hSamrOpenDomain(dce, serverHandle, desiredAccess=MAXIMUM_ALLOWED, domainId=NULL):
2459 request = SamrOpenDomain()
2460 request['ServerHandle'] = serverHandle
2461 request['DesiredAccess'] = desiredAccess
2462 request['DomainId'] = domainId
2463 return dce.request(request)
2465def hSamrOpenGroup(dce, domainHandle, desiredAccess=MAXIMUM_ALLOWED, groupId=0):
2466 request = SamrOpenGroup()
2467 request['DomainHandle'] = domainHandle
2468 request['DesiredAccess'] = desiredAccess
2469 request['GroupId'] = groupId
2470 return dce.request(request)
2472def hSamrOpenAlias(dce, domainHandle, desiredAccess=MAXIMUM_ALLOWED, aliasId=0):
2473 request = SamrOpenAlias()
2474 request['DomainHandle'] = domainHandle
2475 request['DesiredAccess'] = desiredAccess
2476 request['AliasId'] = aliasId
2477 return dce.request(request)
2479def hSamrOpenUser(dce, domainHandle, desiredAccess=MAXIMUM_ALLOWED, userId=0):
2480 request = SamrOpenUser()
2481 request['DomainHandle'] = domainHandle
2482 request['DesiredAccess'] = desiredAccess
2483 request['UserId'] = userId
2484 return dce.request(request)
2486def hSamrEnumerateDomainsInSamServer(dce, serverHandle, enumerationContext=0, preferedMaximumLength=0xffffffff):
2487 request = SamrEnumerateDomainsInSamServer()
2488 request['ServerHandle'] = serverHandle
2489 request['EnumerationContext'] = enumerationContext
2490 request['PreferedMaximumLength'] = preferedMaximumLength
2491 return dce.request(request)
2493def hSamrEnumerateGroupsInDomain(dce, domainHandle, enumerationContext=0, preferedMaximumLength=0xffffffff):
2494 request = SamrEnumerateGroupsInDomain()
2495 request['DomainHandle'] = domainHandle
2496 request['EnumerationContext'] = enumerationContext
2497 request['PreferedMaximumLength'] = preferedMaximumLength
2498 return dce.request(request)
2500def hSamrEnumerateAliasesInDomain(dce, domainHandle, enumerationContext=0, preferedMaximumLength=0xffffffff):
2501 request = SamrEnumerateAliasesInDomain()
2502 request['DomainHandle'] = domainHandle
2503 request['EnumerationContext'] = enumerationContext
2504 request['PreferedMaximumLength'] = preferedMaximumLength
2505 return dce.request(request)
2507def hSamrEnumerateUsersInDomain(dce, domainHandle, userAccountControl=USER_NORMAL_ACCOUNT, enumerationContext=0, preferedMaximumLength=0xffffffff):
2508 request = SamrEnumerateUsersInDomain()
2509 request['DomainHandle'] = domainHandle
2510 request['UserAccountControl'] = userAccountControl
2511 request['EnumerationContext'] = enumerationContext
2512 request['PreferedMaximumLength'] = preferedMaximumLength
2513 return dce.request(request)
2515def hSamrQueryDisplayInformation3(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, index=0, entryCount=0xffffffff, preferedMaximumLength=0xffffffff):
2516 request = SamrQueryDisplayInformation3()
2517 request['DomainHandle'] = domainHandle
2518 request['DisplayInformationClass'] = displayInformationClass
2519 request['Index'] = index
2520 request['EntryCount'] = entryCount
2521 request['PreferredMaximumLength'] = preferedMaximumLength
2522 return dce.request(request)
2524def hSamrQueryDisplayInformation2(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, index=0, entryCount=0xffffffff, preferedMaximumLength=0xffffffff):
2525 request = SamrQueryDisplayInformation2()
2526 request['DomainHandle'] = domainHandle
2527 request['DisplayInformationClass'] = displayInformationClass
2528 request['Index'] = index
2529 request['EntryCount'] = entryCount
2530 request['PreferredMaximumLength'] = preferedMaximumLength
2531 return dce.request(request)
2533def hSamrQueryDisplayInformation(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, index=0, entryCount=0xffffffff, preferedMaximumLength=0xffffffff):
2534 request = SamrQueryDisplayInformation()
2535 request['DomainHandle'] = domainHandle
2536 request['DisplayInformationClass'] = displayInformationClass
2537 request['Index'] = index
2538 request['EntryCount'] = entryCount
2539 request['PreferredMaximumLength'] = preferedMaximumLength
2540 return dce.request(request)
2542def hSamrGetDisplayEnumerationIndex2(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, prefix=''):
2543 request = SamrGetDisplayEnumerationIndex2()
2544 request['DomainHandle'] = domainHandle
2545 request['DisplayInformationClass'] = displayInformationClass
2546 request['Prefix'] = prefix
2547 return dce.request(request)
2549def hSamrGetDisplayEnumerationIndex(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, prefix=''):
2550 request = SamrGetDisplayEnumerationIndex()
2551 request['DomainHandle'] = domainHandle
2552 request['DisplayInformationClass'] = displayInformationClass
2553 request['Prefix'] = prefix
2554 return dce.request(request)
2556def hSamrCreateGroupInDomain(dce, domainHandle, name, desiredAccess=GROUP_ALL_ACCESS):
2557 request = SamrCreateGroupInDomain()
2558 request['DomainHandle'] = domainHandle
2559 request['Name'] = name
2560 request['DesiredAccess'] = desiredAccess
2561 return dce.request(request)
2563def hSamrCreateAliasInDomain(dce, domainHandle, accountName, desiredAccess=GROUP_ALL_ACCESS):
2564 request = SamrCreateAliasInDomain()
2565 request['DomainHandle'] = domainHandle
2566 request['AccountName'] = accountName
2567 request['DesiredAccess'] = desiredAccess
2568 return dce.request(request)
2570def hSamrCreateUser2InDomain(dce, domainHandle, name, accountType=USER_NORMAL_ACCOUNT, desiredAccess=GROUP_ALL_ACCESS):
2571 request = SamrCreateUser2InDomain()
2572 request['DomainHandle'] = domainHandle
2573 request['Name'] = name
2574 request['AccountType'] = accountType
2575 request['DesiredAccess'] = desiredAccess
2576 return dce.request(request)
2578def hSamrCreateUserInDomain(dce, domainHandle, name, desiredAccess=GROUP_ALL_ACCESS):
2579 request = SamrCreateUserInDomain()
2580 request['DomainHandle'] = domainHandle
2581 request['Name'] = name
2582 request['DesiredAccess'] = desiredAccess
2583 return dce.request(request)
2585def hSamrQueryInformationDomain(dce, domainHandle, domainInformationClass=DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2):
2586 request = SamrQueryInformationDomain()
2587 request['DomainHandle'] = domainHandle
2588 request['DomainInformationClass'] = domainInformationClass
2589 return dce.request(request)
2591def hSamrQueryInformationDomain2(dce, domainHandle, domainInformationClass=DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2):
2592 request = SamrQueryInformationDomain2()
2593 request['DomainHandle'] = domainHandle
2594 request['DomainInformationClass'] = domainInformationClass
2595 return dce.request(request)
2597def hSamrQueryInformationGroup(dce, groupHandle, groupInformationClass=GROUP_INFORMATION_CLASS.GroupGeneralInformation):
2598 request = SamrQueryInformationGroup()
2599 request['GroupHandle'] = groupHandle
2600 request['GroupInformationClass'] = groupInformationClass
2601 return dce.request(request)
2603def hSamrQueryInformationAlias(dce, aliasHandle, aliasInformationClass=ALIAS_INFORMATION_CLASS.AliasGeneralInformation):
2604 request = SamrQueryInformationAlias()
2605 request['AliasHandle'] = aliasHandle
2606 request['AliasInformationClass'] = aliasInformationClass
2607 return dce.request(request)
2609def hSamrQueryInformationUser2(dce, userHandle, userInformationClass=USER_INFORMATION_CLASS.UserGeneralInformation):
2610 request = SamrQueryInformationUser2()
2611 request['UserHandle'] = userHandle
2612 request['UserInformationClass'] = userInformationClass
2613 return dce.request(request)
2615def hSamrQueryInformationUser(dce, userHandle, userInformationClass=USER_INFORMATION_CLASS.UserGeneralInformation):
2616 request = SamrQueryInformationUser()
2617 request['UserHandle'] = userHandle
2618 request['UserInformationClass'] = userInformationClass
2619 return dce.request(request)
2621def hSamrSetInformationDomain(dce, domainHandle, domainInformation):
2622 request = SamrSetInformationDomain()
2623 request['DomainHandle'] = domainHandle
2624 request['DomainInformationClass'] = domainInformation['tag']
2625 request['DomainInformation'] = domainInformation
2626 return dce.request(request)
2628def hSamrSetInformationGroup(dce, groupHandle, buffer):
2629 request = SamrSetInformationGroup()
2630 request['GroupHandle'] = groupHandle
2631 request['GroupInformationClass'] = buffer['tag']
2632 request['Buffer'] = buffer
2633 return dce.request(request)
2635def hSamrSetInformationAlias(dce, aliasHandle, buffer):
2636 request = SamrSetInformationAlias()
2637 request['AliasHandle'] = aliasHandle
2638 request['AliasInformationClass'] = buffer['tag']
2639 request['Buffer'] = buffer
2640 return dce.request(request)
2642def hSamrSetInformationUser2(dce, userHandle, buffer):
2643 request = SamrSetInformationUser2()
2644 request['UserHandle'] = userHandle
2645 request['UserInformationClass'] = buffer['tag']
2646 request['Buffer'] = buffer
2647 return dce.request(request)
2649def hSamrSetInformationUser(dce, userHandle, buffer):
2650 request = SamrSetInformationUser()
2651 request['UserHandle'] = userHandle
2652 request['UserInformationClass'] = buffer['tag']
2653 request['Buffer'] = buffer
2654 return dce.request(request)
2656def hSamrDeleteGroup(dce, groupHandle):
2657 request = SamrDeleteGroup()
2658 request['GroupHandle'] = groupHandle
2659 return dce.request(request)
2661def hSamrDeleteAlias(dce, aliasHandle):
2662 request = SamrDeleteAlias()
2663 request['AliasHandle'] = aliasHandle
2664 return dce.request(request)
2666def hSamrDeleteUser(dce, userHandle):
2667 request = SamrDeleteUser()
2668 request['UserHandle'] = userHandle
2669 return dce.request(request)
2671def hSamrAddMemberToGroup(dce, groupHandle, memberId, attributes):
2672 request = SamrAddMemberToGroup()
2673 request['GroupHandle'] = groupHandle
2674 request['MemberId'] = memberId
2675 request['Attributes'] = attributes
2676 return dce.request(request)
2678def hSamrRemoveMemberFromGroup(dce, groupHandle, memberId):
2679 request = SamrRemoveMemberFromGroup()
2680 request['GroupHandle'] = groupHandle
2681 request['MemberId'] = memberId
2682 return dce.request(request)
2684def hSamrGetMembersInGroup(dce, groupHandle):
2685 request = SamrGetMembersInGroup()
2686 request['GroupHandle'] = groupHandle
2687 return dce.request(request)
2689def hSamrAddMemberToAlias(dce, aliasHandle, memberId):
2690 request = SamrAddMemberToAlias()
2691 request['AliasHandle'] = aliasHandle
2692 request['MemberId'] = memberId
2693 return dce.request(request)
2695def hSamrRemoveMemberFromAlias(dce, aliasHandle, memberId):
2696 request = SamrRemoveMemberFromAlias()
2697 request['AliasHandle'] = aliasHandle
2698 request['MemberId'] = memberId
2699 return dce.request(request)
2701def hSamrGetMembersInAlias(dce, aliasHandle):
2702 request = SamrGetMembersInAlias()
2703 request['AliasHandle'] = aliasHandle
2704 return dce.request(request)
2706def hSamrRemoveMemberFromForeignDomain(dce, domainHandle, memberSid):
2707 request = SamrRemoveMemberFromForeignDomain()
2708 request['DomainHandle'] = domainHandle
2709 request['MemberSid'] = memberSid
2710 return dce.request(request)
2712def hSamrAddMultipleMembersToAlias(dce, aliasHandle, membersBuffer):
2713 request = SamrAddMultipleMembersToAlias()
2714 request['AliasHandle'] = aliasHandle
2715 request['MembersBuffer'] = membersBuffer
2716 request['MembersBuffer']['Count'] = len(membersBuffer['Sids'])
2717 return dce.request(request)
2719def hSamrRemoveMultipleMembersFromAlias(dce, aliasHandle, membersBuffer):
2720 request = SamrRemoveMultipleMembersFromAlias()
2721 request['AliasHandle'] = aliasHandle
2722 request['MembersBuffer'] = membersBuffer
2723 request['MembersBuffer']['Count'] = len(membersBuffer['Sids'])
2724 return dce.request(request)
2726def hSamrGetGroupsForUser(dce, userHandle):
2727 request = SamrGetGroupsForUser()
2728 request['UserHandle'] = userHandle
2729 return dce.request(request)
2731def hSamrGetAliasMembership(dce, domainHandle, sidArray):
2732 request = SamrGetAliasMembership()
2733 request['DomainHandle'] = domainHandle
2734 request['SidArray'] = sidArray
2735 request['SidArray']['Count'] = len(sidArray['Sids'])
2736 return dce.request(request)
2738def hSamrChangePasswordUser(dce, userHandle, oldPassword, newPassword):
2739 request = SamrChangePasswordUser()
2740 request['UserHandle'] = userHandle
2742 from impacket import crypto, ntlm
2744 oldPwdHashNT = ntlm.NTOWFv1(oldPassword)
2745 newPwdHashNT = ntlm.NTOWFv1(newPassword)
2746 newPwdHashLM = ntlm.LMOWFv1(newPassword)
2748 request['LmPresent'] = 0
2749 request['OldLmEncryptedWithNewLm'] = NULL
2750 request['NewLmEncryptedWithOldLm'] = NULL
2751 request['NtPresent'] = 1
2752 request['OldNtEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(oldPwdHashNT, newPwdHashNT)
2753 request['NewNtEncryptedWithOldNt'] = crypto.SamEncryptNTLMHash(newPwdHashNT, oldPwdHashNT)
2754 request['NtCrossEncryptionPresent'] = 0
2755 request['NewNtEncryptedWithNewLm'] = NULL
2756 request['LmCrossEncryptionPresent'] = 1
2757 request['NewLmEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(newPwdHashLM, newPwdHashNT)
2759 return dce.request(request)
2761def hSamrUnicodeChangePasswordUser2(dce, serverName='\x00', userName='', oldPassword='', newPassword='', oldPwdHashLM = '', oldPwdHashNT = ''):
2762 request = SamrUnicodeChangePasswordUser2()
2763 request['ServerName'] = serverName
2764 request['UserName'] = userName
2766 try:
2767 from Cryptodome.Cipher import ARC4
2768 except Exception:
2769 LOG.critical("Warning: You don't have any crypto installed. You need pycryptodomex")
2770 LOG.critical("See https://pypi.org/project/pycryptodomex/")
2771 from impacket import crypto, ntlm
2773 if oldPwdHashLM == '' and oldPwdHashNT == '': 2773 ↛ 2778line 2773 didn't jump to line 2778, because the condition on line 2773 was never false
2774 oldPwdHashLM = ntlm.LMOWFv1(oldPassword)
2775 oldPwdHashNT = ntlm.NTOWFv1(oldPassword)
2776 else:
2777 # Let's convert the hashes to binary form, if not yet
2778 try:
2779 oldPwdHashLM = unhexlify(oldPwdHashLM)
2780 except:
2781 pass
2782 try:
2783 oldPwdHashNT = unhexlify(oldPwdHashNT)
2784 except:
2785 pass
2787 newPwdHashNT = ntlm.NTOWFv1(newPassword)
2789 samUser = SAMPR_USER_PASSWORD()
2790 try:
2791 samUser['Buffer'] = b'A'*(512-len(newPassword)*2) + newPassword.encode('utf-16le')
2792 except UnicodeDecodeError:
2793 import sys
2794 samUser['Buffer'] = b'A'*(512-len(newPassword)*2) + newPassword.decode(sys.getfilesystemencoding()).encode('utf-16le')
2796 samUser['Length'] = len(newPassword)*2
2797 pwdBuff = samUser.getData()
2799 rc4 = ARC4.new(oldPwdHashNT)
2800 encBuf = rc4.encrypt(pwdBuff)
2801 request['NewPasswordEncryptedWithOldNt']['Buffer'] = encBuf
2802 request['OldNtOwfPasswordEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(oldPwdHashNT, newPwdHashNT)
2803 request['LmPresent'] = 0
2804 request['NewPasswordEncryptedWithOldLm'] = NULL
2805 request['OldLmOwfPasswordEncryptedWithNewNt'] = NULL
2807 return dce.request(request)
2809def hSamrLookupDomainInSamServer(dce, serverHandle, name):
2810 request = SamrLookupDomainInSamServer()
2811 request['ServerHandle'] = serverHandle
2812 request['Name'] = name
2813 return dce.request(request)
2815def hSamrSetSecurityObject(dce, objectHandle, securityInformation, securityDescriptor):
2816 request = SamrSetSecurityObject()
2817 request['ObjectHandle'] = objectHandle
2818 request['SecurityInformation'] = securityInformation
2819 request['SecurityDescriptor'] = securityDescriptor
2820 return dce.request(request)
2822def hSamrQuerySecurityObject(dce, objectHandle, securityInformation):
2823 request = SamrQuerySecurityObject()
2824 request['ObjectHandle'] = objectHandle
2825 request['SecurityInformation'] = securityInformation
2826 return dce.request(request)
2828def hSamrCloseHandle(dce, samHandle):
2829 request = SamrCloseHandle()
2830 request['SamHandle'] = samHandle
2831 return dce.request(request)
2833def hSamrSetMemberAttributesOfGroup(dce, groupHandle, memberId, attributes):
2834 request = SamrSetMemberAttributesOfGroup()
2835 request['GroupHandle'] = groupHandle
2836 request['MemberId'] = memberId
2837 request['Attributes'] = attributes
2838 return dce.request(request)
2840def hSamrGetUserDomainPasswordInformation(dce, userHandle):
2841 request = SamrGetUserDomainPasswordInformation()
2842 request['UserHandle'] = userHandle
2843 return dce.request(request)
2845def hSamrGetDomainPasswordInformation(dce):
2846 request = SamrGetDomainPasswordInformation()
2847 request['Unused'] = NULL
2848 return dce.request(request)
2850def hSamrRidToSid(dce, objectHandle, rid):
2851 request = SamrRidToSid()
2852 request['ObjectHandle'] = objectHandle
2853 request['Rid'] = rid
2854 return dce.request(request)
2856def hSamrValidatePassword(dce, inputArg):
2857 request = SamrValidatePassword()
2858 request['ValidationType'] = inputArg['tag']
2859 request['InputArg'] = inputArg
2860 return dce.request(request)
2862def hSamrLookupNamesInDomain(dce, domainHandle, names):
2863 request = SamrLookupNamesInDomain()
2864 request['DomainHandle'] = domainHandle
2865 request['Count'] = len(names)
2866 for name in names:
2867 entry = RPC_UNICODE_STRING()
2868 entry['Data'] = name
2869 request['Names'].append(entry)
2871 request.fields['Names'].fields['MaximumCount'] = 1000
2873 return dce.request(request)
2875def hSamrLookupIdsInDomain(dce, domainHandle, ids):
2876 request = SamrLookupIdsInDomain()
2877 request['DomainHandle'] = domainHandle
2878 request['Count'] = len(ids)
2879 for dId in ids:
2880 entry = ULONG()
2881 entry['Data'] = dId
2882 request['RelativeIds'].append(entry)
2884 request.fields['RelativeIds'].fields['MaximumCount'] = 1000
2886 return dce.request(request)
2888def hSamrSetPasswordInternal4New(dce, userHandle, password):
2889 request = SamrSetInformationUser2()
2890 request['UserHandle'] = userHandle
2891 request['UserInformationClass'] = USER_INFORMATION_CLASS.UserInternal4InformationNew
2892 request['Buffer']['tag'] = USER_INFORMATION_CLASS.UserInternal4InformationNew
2893 request['Buffer']['Internal4New']['I1']['WhichFields'] = 0x01000000 | 0x08000000
2895 request['Buffer']['Internal4New']['I1']['UserName'] = NULL
2896 request['Buffer']['Internal4New']['I1']['FullName'] = NULL
2897 request['Buffer']['Internal4New']['I1']['HomeDirectory'] = NULL
2898 request['Buffer']['Internal4New']['I1']['HomeDirectoryDrive'] = NULL
2899 request['Buffer']['Internal4New']['I1']['ScriptPath'] = NULL
2900 request['Buffer']['Internal4New']['I1']['ProfilePath'] = NULL
2901 request['Buffer']['Internal4New']['I1']['AdminComment'] = NULL
2902 request['Buffer']['Internal4New']['I1']['WorkStations'] = NULL
2903 request['Buffer']['Internal4New']['I1']['UserComment'] = NULL
2904 request['Buffer']['Internal4New']['I1']['Parameters'] = NULL
2905 request['Buffer']['Internal4New']['I1']['LmOwfPassword']['Buffer'] = NULL
2906 request['Buffer']['Internal4New']['I1']['NtOwfPassword']['Buffer'] = NULL
2907 request['Buffer']['Internal4New']['I1']['PrivateData'] = NULL
2908 request['Buffer']['Internal4New']['I1']['SecurityDescriptor']['SecurityDescriptor'] = NULL
2909 request['Buffer']['Internal4New']['I1']['LogonHours']['LogonHours'] = NULL
2910 request['Buffer']['Internal4New']['I1']['PasswordExpired'] = 1
2912 #crypto
2913 pwdbuff = password.encode("utf-16le")
2914 bufflen = len(pwdbuff)
2915 pwdbuff = pwdbuff.rjust(512, b'\0')
2916 pwdbuff += struct.pack('<I', bufflen)
2917 salt = os.urandom(16)
2918 session_key = dce.get_rpc_transport().get_smb_connection().getSessionKey()
2919 keymd = md5()
2920 keymd.update(salt)
2921 keymd.update(session_key)
2922 key = keymd.digest()
2924 cipher = ARC4.new(key)
2925 buffercrypt = cipher.encrypt(pwdbuff) + salt
2928 request['Buffer']['Internal4New']['UserPassword']['Buffer'] = buffercrypt
2929 return dce.request(request)