Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# Impacket - Collection of Python classes for working with network protocols. 

2# 

3# SECUREAUTH LABS. Copyright (C) 2018 SecureAuth Corporation. All rights reserved. 

4# 

5# This software is provided under a slightly modified version 

6# of the Apache Software License. See the accompanying LICENSE file 

7# for more information. 

8# 

9# Description: 

10# [MS-LSAD] Interface implementation 

11# 

12# Best way to learn how to use these calls is to grab the protocol standard 

13# so you understand what the call does, and then read the test case located 

14# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC 

15# 

16# Some calls have helper functions, which makes it even easier to use. 

17# They are located at the end of this file. 

18# Helper functions start with "h"<name of the call>. 

19# There are test cases for them too. 

20# 

21# Author: 

22# Alberto Solino (@agsolino) 

23# 

24from __future__ import division 

25from __future__ import print_function 

26from impacket.dcerpc.v5.ndr import NDRCALL, NDRENUM, NDRUNION, NDRUniConformantVaryingArray, NDRPOINTER, NDR, NDRSTRUCT, \ 

27 NDRUniConformantArray 

28from impacket.dcerpc.v5.dtypes import DWORD, LPWSTR, STR, LUID, LONG, ULONG, RPC_UNICODE_STRING, PRPC_SID, LPBYTE, \ 

29 LARGE_INTEGER, NTSTATUS, RPC_SID, ACCESS_MASK, UCHAR, PRPC_UNICODE_STRING, PLARGE_INTEGER, USHORT, \ 

30 SECURITY_INFORMATION, NULL, MAXIMUM_ALLOWED, GUID, SECURITY_DESCRIPTOR, OWNER_SECURITY_INFORMATION 

31from impacket import nt_errors 

32from impacket.uuid import uuidtup_to_bin 

33from impacket.dcerpc.v5.enum import Enum 

34from impacket.dcerpc.v5.rpcrt import DCERPCException 

35 

36MSRPC_UUID_LSAD = uuidtup_to_bin(('12345778-1234-ABCD-EF00-0123456789AB','0.0')) 

37 

38class DCERPCSessionError(DCERPCException): 

39 def __init__(self, error_string=None, error_code=None, packet=None): 

40 DCERPCException.__init__(self, error_string, error_code, packet) 

41 

42 def __str__( self ): 

43 key = self.error_code 

44 if key in nt_errors.ERROR_MESSAGES: 44 ↛ 49line 44 didn't jump to line 49, because the condition on line 44 was never false

45 error_msg_short = nt_errors.ERROR_MESSAGES[key][0] 

46 error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1] 

47 return 'LSAD SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose) 

48 else: 

49 return 'LSAD SessionError: unknown error code: 0x%x' % self.error_code 

50 

51################################################################################ 

52# CONSTANTS 

53################################################################################ 

54# 2.2.1.1.2 ACCESS_MASK for Policy Objects 

55POLICY_VIEW_LOCAL_INFORMATION = 0x00000001 

56POLICY_VIEW_AUDIT_INFORMATION = 0x00000002 

57POLICY_GET_PRIVATE_INFORMATION = 0x00000004 

58POLICY_TRUST_ADMIN = 0x00000008 

59POLICY_CREATE_ACCOUNT = 0x00000010 

60POLICY_CREATE_SECRET = 0x00000020 

61POLICY_CREATE_PRIVILEGE = 0x00000040 

62POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x00000080 

63POLICY_SET_AUDIT_REQUIREMENTS = 0x00000100 

64POLICY_AUDIT_LOG_ADMIN = 0x00000200 

65POLICY_SERVER_ADMIN = 0x00000400 

66POLICY_LOOKUP_NAMES = 0x00000800 

67POLICY_NOTIFICATION = 0x00001000 

68 

69# 2.2.1.1.3 ACCESS_MASK for Account Objects 

70ACCOUNT_VIEW = 0x00000001 

71ACCOUNT_ADJUST_PRIVILEGES = 0x00000002 

72ACCOUNT_ADJUST_QUOTAS = 0x00000004 

73ACCOUNT_ADJUST_SYSTEM_ACCESS = 0x00000008 

74 

75# 2.2.1.1.4 ACCESS_MASK for Secret Objects 

76SECRET_SET_VALUE = 0x00000001 

77SECRET_QUERY_VALUE = 0x00000002 

78 

79# 2.2.1.1.5 ACCESS_MASK for Trusted Domain Objects 

80TRUSTED_QUERY_DOMAIN_NAME = 0x00000001 

81TRUSTED_QUERY_CONTROLLERS = 0x00000002 

82TRUSTED_SET_CONTROLLERS = 0x00000004 

83TRUSTED_QUERY_POSIX = 0x00000008 

84TRUSTED_SET_POSIX = 0x00000010 

85TRUSTED_SET_AUTH = 0x00000020 

86TRUSTED_QUERY_AUTH = 0x00000040 

87 

88# 2.2.1.2 POLICY_SYSTEM_ACCESS_MODE 

89POLICY_MODE_INTERACTIVE = 0x00000001 

90POLICY_MODE_NETWORK = 0x00000002 

91POLICY_MODE_BATCH = 0x00000004 

92POLICY_MODE_SERVICE = 0x00000010 

93POLICY_MODE_DENY_INTERACTIVE = 0x00000040 

94POLICY_MODE_DENY_NETWORK = 0x00000080 

95POLICY_MODE_DENY_BATCH = 0x00000100 

96POLICY_MODE_DENY_SERVICE = 0x00000200 

97POLICY_MODE_REMOTE_INTERACTIVE = 0x00000400 

98POLICY_MODE_DENY_REMOTE_INTERACTIVE = 0x00000800 

99POLICY_MODE_ALL = 0x00000FF7 

100POLICY_MODE_ALL_NT4 = 0x00000037 

101 

102# 2.2.4.4 LSAPR_POLICY_AUDIT_EVENTS_INFO 

103# EventAuditingOptions 

104POLICY_AUDIT_EVENT_UNCHANGED = 0x00000000 

105POLICY_AUDIT_EVENT_NONE = 0x00000004 

106POLICY_AUDIT_EVENT_SUCCESS = 0x00000001 

107POLICY_AUDIT_EVENT_FAILURE = 0x00000002 

108 

109# 2.2.4.19 POLICY_DOMAIN_KERBEROS_TICKET_INFO 

110# AuthenticationOptions 

111POLICY_KERBEROS_VALIDATE_CLIENT = 0x00000080 

112 

113# 2.2.7.21 LSA_FOREST_TRUST_RECORD 

114# Flags 

115LSA_TLN_DISABLED_NEW = 0x00000001 

116LSA_TLN_DISABLED_ADMIN = 0x00000002 

117LSA_TLN_DISABLED_CONFLICT = 0x00000004 

118LSA_SID_DISABLED_ADMIN = 0x00000001 

119LSA_SID_DISABLED_CONFLICT = 0x00000002 

120LSA_NB_DISABLED_ADMIN = 0x00000004 

121LSA_NB_DISABLED_CONFLICT = 0x00000008 

122LSA_FTRECORD_DISABLED_REASONS = 0x0000FFFF 

123 

124################################################################################ 

125# STRUCTURES 

126################################################################################ 

127# 2.2.2.1 LSAPR_HANDLE 

128class LSAPR_HANDLE(NDRSTRUCT): 

129 align = 1 

130 structure = ( 

131 ('Data','20s=""'), 

132 ) 

133 

134# 2.2.2.3 LSA_UNICODE_STRING 

135LSA_UNICODE_STRING = RPC_UNICODE_STRING 

136 

137# 2.2.3.1 STRING 

138class STRING(NDRSTRUCT): 

139 commonHdr = ( 

140 ('MaximumLength','<H=len(Data)-12'), 

141 ('Length','<H=len(Data)-12'), 

142 ('ReferentID','<L=0xff'), 

143 ) 

144 commonHdr64 = ( 

145 ('MaximumLength','<H=len(Data)-24'), 

146 ('Length','<H=len(Data)-24'), 

147 ('ReferentID','<Q=0xff'), 

148 ) 

149 

150 referent = ( 

151 ('Data',STR), 

152 ) 

153 

154 def dump(self, msg = None, indent = 0): 

155 if msg is None: 

156 msg = self.__class__.__name__ 

157 if msg != '': 

158 print("%s" % msg, end=' ') 

159 # Here just print the data 

160 print(" %r" % (self['Data']), end=' ') 

161 

162 def __setitem__(self, key, value): 

163 if key == 'Data': 

164 self.fields['MaximumLength'] = None 

165 self.fields['Length'] = None 

166 self.data = None # force recompute 

167 return NDR.__setitem__(self, key, value) 

168 

169# 2.2.3.2 LSAPR_ACL 

170class LSAPR_ACL(NDRSTRUCT): 

171 structure = ( 

172 ('AclRevision', UCHAR), 

173 ('Sbz1', UCHAR), 

174 ('AclSize', USHORT), 

175 ('Dummy1',NDRUniConformantArray), 

176 ) 

177 

178# 2.2.3.4 LSAPR_SECURITY_DESCRIPTOR 

179LSAPR_SECURITY_DESCRIPTOR = SECURITY_DESCRIPTOR 

180 

181class PLSAPR_SECURITY_DESCRIPTOR(NDRPOINTER): 

182 referent = ( 

183 ('Data', LSAPR_SECURITY_DESCRIPTOR), 

184 ) 

185 

186# 2.2.3.5 SECURITY_IMPERSONATION_LEVEL 

187class SECURITY_IMPERSONATION_LEVEL(NDRENUM): 

188 class enumItems(Enum): 

189 SecurityAnonymous = 0 

190 SecurityIdentification = 1 

191 SecurityImpersonation = 2 

192 SecurityDelegation = 3 

193 

194# 2.2.3.6 SECURITY_CONTEXT_TRACKING_MODE 

195SECURITY_CONTEXT_TRACKING_MODE = UCHAR 

196 

197# 2.2.3.7 SECURITY_QUALITY_OF_SERVICE 

198class SECURITY_QUALITY_OF_SERVICE(NDRSTRUCT): 

199 structure = ( 

200 ('Length', DWORD), 

201 ('ImpersonationLevel', SECURITY_IMPERSONATION_LEVEL), 

202 ('ContextTrackingMode', SECURITY_CONTEXT_TRACKING_MODE), 

203 ('EffectiveOnly', UCHAR), 

204 ) 

205 

206class PSECURITY_QUALITY_OF_SERVICE(NDRPOINTER): 

207 referent = ( 

208 ('Data', SECURITY_QUALITY_OF_SERVICE), 

209 ) 

210 

211# 2.2.2.4 LSAPR_OBJECT_ATTRIBUTES 

212class LSAPR_OBJECT_ATTRIBUTES(NDRSTRUCT): 

213 structure = ( 

214 ('Length', DWORD), 

215 ('RootDirectory', LPWSTR), 

216 ('ObjectName', LPWSTR), 

217 ('Attributes', DWORD), 

218 ('SecurityDescriptor', PLSAPR_SECURITY_DESCRIPTOR), 

219 ('SecurityQualityOfService', PSECURITY_QUALITY_OF_SERVICE), 

220 ) 

221 

222# 2.2.2.5 LSAPR_SR_SECURITY_DESCRIPTOR 

223class LSAPR_SR_SECURITY_DESCRIPTOR(NDRSTRUCT): 

224 structure = ( 

225 ('Length', DWORD), 

226 ('SecurityDescriptor', LPBYTE), 

227 ) 

228 

229class PLSAPR_SR_SECURITY_DESCRIPTOR(NDRPOINTER): 

230 referent = ( 

231 ('Data', LSAPR_SR_SECURITY_DESCRIPTOR), 

232 ) 

233 

234# 2.2.3.3 SECURITY_DESCRIPTOR_CONTROL 

235SECURITY_DESCRIPTOR_CONTROL = ULONG 

236 

237# 2.2.4.1 POLICY_INFORMATION_CLASS 

238class POLICY_INFORMATION_CLASS(NDRENUM): 

239 class enumItems(Enum): 

240 PolicyAuditLogInformation = 1 

241 PolicyAuditEventsInformation = 2 

242 PolicyPrimaryDomainInformation = 3 

243 PolicyPdAccountInformation = 4 

244 PolicyAccountDomainInformation = 5 

245 PolicyLsaServerRoleInformation = 6 

246 PolicyReplicaSourceInformation = 7 

247 PolicyInformationNotUsedOnWire = 8 

248 PolicyModificationInformation = 9 

249 PolicyAuditFullSetInformation = 10 

250 PolicyAuditFullQueryInformation = 11 

251 PolicyDnsDomainInformation = 12 

252 PolicyDnsDomainInformationInt = 13 

253 PolicyLocalAccountDomainInformation = 14 

254 PolicyLastEntry = 15 

255 

256# 2.2.4.3 POLICY_AUDIT_LOG_INFO 

257class POLICY_AUDIT_LOG_INFO(NDRSTRUCT): 

258 structure = ( 

259 ('AuditLogPercentFull', DWORD), 

260 ('MaximumLogSize', DWORD), 

261 ('AuditRetentionPeriod', LARGE_INTEGER), 

262 ('AuditLogFullShutdownInProgress', UCHAR), 

263 ('TimeToShutdown', LARGE_INTEGER), 

264 ('NextAuditRecordId', DWORD), 

265 ) 

266 

267# 2.2.4.4 LSAPR_POLICY_AUDIT_EVENTS_INFO 

268class DWORD_ARRAY(NDRUniConformantArray): 

269 item = DWORD 

270 

271class PDWORD_ARRAY(NDRPOINTER): 

272 referent = ( 

273 ('Data', DWORD_ARRAY), 

274 ) 

275 

276class LSAPR_POLICY_AUDIT_EVENTS_INFO(NDRSTRUCT): 

277 structure = ( 

278 ('AuditingMode', UCHAR), 

279 ('EventAuditingOptions', PDWORD_ARRAY), 

280 ('MaximumAuditEventCount', DWORD), 

281 ) 

282 

283# 2.2.4.5 LSAPR_POLICY_PRIMARY_DOM_INFO 

284class LSAPR_POLICY_PRIMARY_DOM_INFO(NDRSTRUCT): 

285 structure = ( 

286 ('Name', RPC_UNICODE_STRING), 

287 ('Sid', PRPC_SID), 

288 ) 

289 

290# 2.2.4.6 LSAPR_POLICY_ACCOUNT_DOM_INFO 

291class LSAPR_POLICY_ACCOUNT_DOM_INFO(NDRSTRUCT): 

292 structure = ( 

293 ('DomainName', RPC_UNICODE_STRING), 

294 ('DomainSid', PRPC_SID), 

295 ) 

296 

297# 2.2.4.7 LSAPR_POLICY_PD_ACCOUNT_INFO 

298class LSAPR_POLICY_PD_ACCOUNT_INFO(NDRSTRUCT): 

299 structure = ( 

300 ('Name', RPC_UNICODE_STRING), 

301 ) 

302 

303# 2.2.4.8 POLICY_LSA_SERVER_ROLE 

304class POLICY_LSA_SERVER_ROLE(NDRENUM): 

305 class enumItems(Enum): 

306 PolicyServerRoleBackup = 2 

307 PolicyServerRolePrimary = 3 

308 

309# 2.2.4.9 POLICY_LSA_SERVER_ROLE_INFO 

310class POLICY_LSA_SERVER_ROLE_INFO(NDRSTRUCT): 

311 structure = ( 

312 ('LsaServerRole', POLICY_LSA_SERVER_ROLE), 

313 ) 

314 

315# 2.2.4.10 LSAPR_POLICY_REPLICA_SRCE_INFO 

316class LSAPR_POLICY_REPLICA_SRCE_INFO(NDRSTRUCT): 

317 structure = ( 

318 ('ReplicaSource', RPC_UNICODE_STRING), 

319 ('ReplicaAccountName', RPC_UNICODE_STRING), 

320 ) 

321 

322# 2.2.4.11 POLICY_MODIFICATION_INFO 

323class POLICY_MODIFICATION_INFO(NDRSTRUCT): 

324 structure = ( 

325 ('ModifiedId', LARGE_INTEGER), 

326 ('DatabaseCreationTime', LARGE_INTEGER), 

327 ) 

328 

329# 2.2.4.12 POLICY_AUDIT_FULL_SET_INFO 

330class POLICY_AUDIT_FULL_SET_INFO(NDRSTRUCT): 

331 structure = ( 

332 ('ShutDownOnFull', UCHAR), 

333 ) 

334 

335# 2.2.4.13 POLICY_AUDIT_FULL_QUERY_INFO 

336class POLICY_AUDIT_FULL_QUERY_INFO(NDRSTRUCT): 

337 structure = ( 

338 ('ShutDownOnFull', UCHAR), 

339 ('LogIsFull', UCHAR), 

340 ) 

341 

342# 2.2.4.14 LSAPR_POLICY_DNS_DOMAIN_INFO 

343class LSAPR_POLICY_DNS_DOMAIN_INFO(NDRSTRUCT): 

344 structure = ( 

345 ('Name', RPC_UNICODE_STRING), 

346 ('DnsDomainName', RPC_UNICODE_STRING), 

347 ('DnsForestName', RPC_UNICODE_STRING), 

348 ('DomainGuid', GUID), 

349 ('Sid', PRPC_SID), 

350 ) 

351 

352# 2.2.4.2 LSAPR_POLICY_INFORMATION 

353class LSAPR_POLICY_INFORMATION(NDRUNION): 

354 union = { 

355 POLICY_INFORMATION_CLASS.PolicyAuditLogInformation : ('PolicyAuditLogInfo', POLICY_AUDIT_LOG_INFO), 

356 POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation : ('PolicyAuditEventsInfo', LSAPR_POLICY_AUDIT_EVENTS_INFO), 

357 POLICY_INFORMATION_CLASS.PolicyPrimaryDomainInformation : ('PolicyPrimaryDomainInfo', LSAPR_POLICY_PRIMARY_DOM_INFO), 

358 POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation : ('PolicyAccountDomainInfo', LSAPR_POLICY_ACCOUNT_DOM_INFO), 

359 POLICY_INFORMATION_CLASS.PolicyPdAccountInformation : ('PolicyPdAccountInfo', LSAPR_POLICY_PD_ACCOUNT_INFO), 

360 POLICY_INFORMATION_CLASS.PolicyLsaServerRoleInformation : ('PolicyServerRoleInfo', POLICY_LSA_SERVER_ROLE_INFO), 

361 POLICY_INFORMATION_CLASS.PolicyReplicaSourceInformation : ('PolicyReplicaSourceInfo', LSAPR_POLICY_REPLICA_SRCE_INFO), 

362 POLICY_INFORMATION_CLASS.PolicyModificationInformation : ('PolicyModificationInfo', POLICY_MODIFICATION_INFO), 

363 POLICY_INFORMATION_CLASS.PolicyAuditFullSetInformation : ('PolicyAuditFullSetInfo', POLICY_AUDIT_FULL_SET_INFO), 

364 POLICY_INFORMATION_CLASS.PolicyAuditFullQueryInformation : ('PolicyAuditFullQueryInfo', POLICY_AUDIT_FULL_QUERY_INFO), 

365 POLICY_INFORMATION_CLASS.PolicyDnsDomainInformation : ('PolicyDnsDomainInfo', LSAPR_POLICY_DNS_DOMAIN_INFO), 

366 POLICY_INFORMATION_CLASS.PolicyDnsDomainInformationInt : ('PolicyDnsDomainInfoInt', LSAPR_POLICY_DNS_DOMAIN_INFO), 

367 POLICY_INFORMATION_CLASS.PolicyLocalAccountDomainInformation: ('PolicyLocalAccountDomainInfo', LSAPR_POLICY_ACCOUNT_DOM_INFO), 

368 } 

369 

370class PLSAPR_POLICY_INFORMATION(NDRPOINTER): 

371 referent = ( 

372 ('Data', LSAPR_POLICY_INFORMATION), 

373 ) 

374 

375# 2.2.4.15 POLICY_DOMAIN_INFORMATION_CLASS 

376class POLICY_DOMAIN_INFORMATION_CLASS(NDRENUM): 

377 class enumItems(Enum): 

378 PolicyDomainQualityOfServiceInformation = 1 

379 PolicyDomainEfsInformation = 2 

380 PolicyDomainKerberosTicketInformation = 3 

381 

382# 2.2.4.17 POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO 

383class POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO(NDRSTRUCT): 

384 structure = ( 

385 ('QualityOfService', DWORD), 

386 ) 

387 

388# 2.2.4.18 LSAPR_POLICY_DOMAIN_EFS_INFO 

389class LSAPR_POLICY_DOMAIN_EFS_INFO(NDRSTRUCT): 

390 structure = ( 

391 ('InfoLength', DWORD), 

392 ('EfsBlob', LPBYTE), 

393 ) 

394 

395# 2.2.4.19 POLICY_DOMAIN_KERBEROS_TICKET_INFO 

396class POLICY_DOMAIN_KERBEROS_TICKET_INFO(NDRSTRUCT): 

397 structure = ( 

398 ('AuthenticationOptions', DWORD), 

399 ('MaxServiceTicketAge', LARGE_INTEGER), 

400 ('MaxTicketAge', LARGE_INTEGER), 

401 ('MaxRenewAge', LARGE_INTEGER), 

402 ('MaxClockSkew', LARGE_INTEGER), 

403 ('Reserved', LARGE_INTEGER), 

404 ) 

405 

406# 2.2.4.16 LSAPR_POLICY_DOMAIN_INFORMATION 

407class LSAPR_POLICY_DOMAIN_INFORMATION(NDRUNION): 

408 union = { 

409 POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainQualityOfServiceInformation : ('PolicyDomainQualityOfServiceInfo', POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO ), 

410 POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainEfsInformation : ('PolicyDomainEfsInfo', LSAPR_POLICY_DOMAIN_EFS_INFO), 

411 POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainKerberosTicketInformation : ('PolicyDomainKerbTicketInfo', POLICY_DOMAIN_KERBEROS_TICKET_INFO), 

412 } 

413 

414class PLSAPR_POLICY_DOMAIN_INFORMATION(NDRPOINTER): 

415 referent = ( 

416 ('Data', LSAPR_POLICY_DOMAIN_INFORMATION), 

417 ) 

418 

419# 2.2.4.20 POLICY_AUDIT_EVENT_TYPE 

420class POLICY_AUDIT_EVENT_TYPE(NDRENUM): 

421 class enumItems(Enum): 

422 AuditCategorySystem = 0 

423 AuditCategoryLogon = 1 

424 AuditCategoryObjectAccess = 2 

425 AuditCategoryPrivilegeUse = 3 

426 AuditCategoryDetailedTracking = 4 

427 AuditCategoryPolicyChange = 5 

428 AuditCategoryAccountManagement = 6 

429 AuditCategoryDirectoryServiceAccess = 7 

430 AuditCategoryAccountLogon = 8 

431 

432# 2.2.5.1 LSAPR_ACCOUNT_INFORMATION 

433class LSAPR_ACCOUNT_INFORMATION(NDRSTRUCT): 

434 structure = ( 

435 ('Sid', PRPC_SID), 

436 ) 

437 

438# 2.2.5.2 LSAPR_ACCOUNT_ENUM_BUFFER 

439class LSAPR_ACCOUNT_INFORMATION_ARRAY(NDRUniConformantArray): 

440 item = LSAPR_ACCOUNT_INFORMATION 

441 

442class PLSAPR_ACCOUNT_INFORMATION_ARRAY(NDRPOINTER): 

443 referent = ( 

444 ('Data', LSAPR_ACCOUNT_INFORMATION_ARRAY), 

445 ) 

446 

447class LSAPR_ACCOUNT_ENUM_BUFFER(NDRSTRUCT): 

448 structure = ( 

449 ('EntriesRead', ULONG), 

450 ('Information', PLSAPR_ACCOUNT_INFORMATION_ARRAY), 

451 ) 

452 

453# 2.2.5.3 LSAPR_USER_RIGHT_SET 

454class RPC_UNICODE_STRING_ARRAY(NDRUniConformantArray): 

455 item = RPC_UNICODE_STRING 

456 

457class PRPC_UNICODE_STRING_ARRAY(NDRPOINTER): 

458 referent = ( 

459 ('Data', RPC_UNICODE_STRING_ARRAY), 

460 ) 

461 

462class LSAPR_USER_RIGHT_SET(NDRSTRUCT): 

463 structure = ( 

464 ('EntriesRead', ULONG), 

465 ('UserRights', PRPC_UNICODE_STRING_ARRAY), 

466 ) 

467 

468# 2.2.5.4 LSAPR_LUID_AND_ATTRIBUTES 

469class LSAPR_LUID_AND_ATTRIBUTES(NDRSTRUCT): 

470 structure = ( 

471 ('Luid', LUID), 

472 ('Attributes', ULONG), 

473 ) 

474 

475# 2.2.5.5 LSAPR_PRIVILEGE_SET 

476class LSAPR_LUID_AND_ATTRIBUTES_ARRAY(NDRUniConformantArray): 

477 item = LSAPR_LUID_AND_ATTRIBUTES 

478 

479class LSAPR_PRIVILEGE_SET(NDRSTRUCT): 

480 structure = ( 

481 ('PrivilegeCount', ULONG), 

482 ('Control', ULONG), 

483 ('Privilege', LSAPR_LUID_AND_ATTRIBUTES_ARRAY), 

484 ) 

485 

486class PLSAPR_PRIVILEGE_SET(NDRPOINTER): 

487 referent = ( 

488 ('Data', LSAPR_PRIVILEGE_SET), 

489 ) 

490 

491# 2.2.6.1 LSAPR_CR_CIPHER_VALUE 

492class PCHAR_ARRAY(NDRPOINTER): 

493 referent = ( 

494 ('Data', NDRUniConformantVaryingArray), 

495 ) 

496 

497class LSAPR_CR_CIPHER_VALUE(NDRSTRUCT): 

498 structure = ( 

499 ('Length', LONG), 

500 ('MaximumLength', LONG), 

501 ('Buffer', PCHAR_ARRAY), 

502 ) 

503 

504class PLSAPR_CR_CIPHER_VALUE(NDRPOINTER): 

505 referent = ( 

506 ('Data', LSAPR_CR_CIPHER_VALUE), 

507 ) 

508 

509class PPLSAPR_CR_CIPHER_VALUE(NDRPOINTER): 

510 referent = ( 

511 ('Data', PLSAPR_CR_CIPHER_VALUE), 

512 ) 

513 

514# 2.2.7.1 LSAPR_TRUST_INFORMATION 

515class LSAPR_TRUST_INFORMATION(NDRSTRUCT): 

516 structure = ( 

517 ('Name', RPC_UNICODE_STRING), 

518 ('Sid', PRPC_SID), 

519 ) 

520 

521# 2.2.7.2 TRUSTED_INFORMATION_CLASS 

522class TRUSTED_INFORMATION_CLASS(NDRENUM): 

523 class enumItems(Enum): 

524 TrustedDomainNameInformation = 1 

525 TrustedControllersInformation = 2 

526 TrustedPosixOffsetInformation = 3 

527 TrustedPasswordInformation = 4 

528 TrustedDomainInformationBasic = 5 

529 TrustedDomainInformationEx = 6 

530 TrustedDomainAuthInformation = 7 

531 TrustedDomainFullInformation = 8 

532 TrustedDomainAuthInformationInternal = 9 

533 TrustedDomainFullInformationInternal = 10 

534 TrustedDomainInformationEx2Internal = 11 

535 TrustedDomainFullInformation2Internal = 12 

536 TrustedDomainSupportedEncryptionTypes = 13 

537 

538# 2.2.7.4 LSAPR_TRUSTED_DOMAIN_NAME_INFO 

539class LSAPR_TRUSTED_DOMAIN_NAME_INFO(NDRSTRUCT): 

540 structure = ( 

541 ('Name', RPC_UNICODE_STRING), 

542 ) 

543 

544# 2.2.7.5 LSAPR_TRUSTED_CONTROLLERS_INFO 

545class LSAPR_TRUSTED_CONTROLLERS_INFO(NDRSTRUCT): 

546 structure = ( 

547 ('Entries', ULONG), 

548 ('Names', PRPC_UNICODE_STRING_ARRAY), 

549 ) 

550 

551# 2.2.7.6 TRUSTED_POSIX_OFFSET_INFO 

552class TRUSTED_POSIX_OFFSET_INFO(NDRSTRUCT): 

553 structure = ( 

554 ('Offset', ULONG), 

555 ) 

556 

557# 2.2.7.7 LSAPR_TRUSTED_PASSWORD_INFO 

558class LSAPR_TRUSTED_PASSWORD_INFO(NDRSTRUCT): 

559 structure = ( 

560 ('Password', PLSAPR_CR_CIPHER_VALUE), 

561 ('OldPassword', PLSAPR_CR_CIPHER_VALUE), 

562 ) 

563 

564# 2.2.7.8 LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC 

565LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC = LSAPR_TRUST_INFORMATION 

566 

567# 2.2.7.9 LSAPR_TRUSTED_DOMAIN_INFORMATION_EX 

568class LSAPR_TRUSTED_DOMAIN_INFORMATION_EX(NDRSTRUCT): 

569 structure = ( 

570 ('Name', RPC_UNICODE_STRING), 

571 ('FlatName', RPC_UNICODE_STRING), 

572 ('Sid', PRPC_SID), 

573 ('TrustDirection', ULONG), 

574 ('TrustType', ULONG), 

575 ('TrustAttributes', ULONG), 

576 ) 

577 

578# 2.2.7.10 LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2 

579class LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2(NDRSTRUCT): 

580 structure = ( 

581 ('Name', RPC_UNICODE_STRING), 

582 ('FlatName', RPC_UNICODE_STRING), 

583 ('Sid', PRPC_SID), 

584 ('TrustDirection', ULONG), 

585 ('TrustType', ULONG), 

586 ('TrustAttributes', ULONG), 

587 ('ForestTrustLength', ULONG), 

588 ('ForestTrustInfo', LPBYTE), 

589 ) 

590 

591# 2.2.7.17 LSAPR_AUTH_INFORMATION 

592class LSAPR_AUTH_INFORMATION(NDRSTRUCT): 

593 structure = ( 

594 ('LastUpdateTime', LARGE_INTEGER), 

595 ('AuthType', ULONG), 

596 ('AuthInfoLength', ULONG), 

597 ('AuthInfo', LPBYTE), 

598 ) 

599 

600class PLSAPR_AUTH_INFORMATION(NDRPOINTER): 

601 referent = ( 

602 ('Data', LSAPR_AUTH_INFORMATION), 

603 ) 

604 

605# 2.2.7.11 LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION 

606class LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION(NDRSTRUCT): 

607 structure = ( 

608 ('IncomingAuthInfos', ULONG), 

609 ('IncomingAuthenticationInformation', PLSAPR_AUTH_INFORMATION), 

610 ('IncomingPreviousAuthenticationInformation', PLSAPR_AUTH_INFORMATION), 

611 ('OutgoingAuthInfos', ULONG), 

612 ('OutgoingAuthenticationInformation', PLSAPR_AUTH_INFORMATION), 

613 ('OutgoingPreviousAuthenticationInformation', PLSAPR_AUTH_INFORMATION), 

614 ) 

615 

616# 2.2.7.16 LSAPR_TRUSTED_DOMAIN_AUTH_BLOB 

617class LSAPR_TRUSTED_DOMAIN_AUTH_BLOB(NDRSTRUCT): 

618 structure = ( 

619 ('AuthSize', ULONG), 

620 ('AuthBlob', LPBYTE), 

621 ) 

622 

623# 2.2.7.12 LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL 

624class LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL(NDRSTRUCT): 

625 structure = ( 

626 ('AuthBlob', LSAPR_TRUSTED_DOMAIN_AUTH_BLOB), 

627 ) 

628 

629# 2.2.7.13 LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION 

630class LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION(NDRSTRUCT): 

631 structure = ( 

632 ('Information', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX), 

633 ('PosixOffset', TRUSTED_POSIX_OFFSET_INFO), 

634 ('AuthInformation', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION), 

635 ) 

636 

637# 2.2.7.14 LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL 

638class LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL(NDRSTRUCT): 

639 structure = ( 

640 ('Information', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX), 

641 ('PosixOffset', TRUSTED_POSIX_OFFSET_INFO), 

642 ('AuthInformation', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL), 

643 ) 

644 

645# 2.2.7.15 LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2 

646class LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2(NDRSTRUCT): 

647 structure = ( 

648 ('Information', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX), 

649 ('PosixOffset', TRUSTED_POSIX_OFFSET_INFO), 

650 ('AuthInformation', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION), 

651 ) 

652 

653# 2.2.7.18 TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES 

654class TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES(NDRSTRUCT): 

655 structure = ( 

656 ('SupportedEncryptionTypes', ULONG), 

657 ) 

658 

659# 2.2.7.3 LSAPR_TRUSTED_DOMAIN_INFO 

660class LSAPR_TRUSTED_DOMAIN_INFO(NDRUNION): 

661 union = { 

662 TRUSTED_INFORMATION_CLASS.TrustedDomainNameInformation : ('TrustedDomainNameInfo', LSAPR_TRUSTED_DOMAIN_NAME_INFO ), 

663 TRUSTED_INFORMATION_CLASS.TrustedControllersInformation : ('TrustedControllersInfo', LSAPR_TRUSTED_CONTROLLERS_INFO), 

664 TRUSTED_INFORMATION_CLASS.TrustedPosixOffsetInformation : ('TrustedPosixOffsetInfo', TRUSTED_POSIX_OFFSET_INFO), 

665 TRUSTED_INFORMATION_CLASS.TrustedPasswordInformation : ('TrustedPasswordInfo', LSAPR_TRUSTED_PASSWORD_INFO ), 

666 TRUSTED_INFORMATION_CLASS.TrustedDomainInformationBasic : ('TrustedDomainInfoBasic', LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC), 

667 TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx : ('TrustedDomainInfoEx', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX), 

668 TRUSTED_INFORMATION_CLASS.TrustedDomainAuthInformation : ('TrustedAuthInfo', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION), 

669 TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation : ('TrustedFullInfo', LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION), 

670 TRUSTED_INFORMATION_CLASS.TrustedDomainAuthInformationInternal : ('TrustedAuthInfoInternal', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL), 

671 TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformationInternal : ('TrustedFullInfoInternal', LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL), 

672 TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx2Internal : ('TrustedDomainInfoEx2', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2), 

673 TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation2Internal : ('TrustedFullInfo2', LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2), 

674 TRUSTED_INFORMATION_CLASS.TrustedDomainSupportedEncryptionTypes : ('TrustedDomainSETs', TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES), 

675 } 

676 

677# 2.2.7.19 LSAPR_TRUSTED_ENUM_BUFFER 

678class LSAPR_TRUST_INFORMATION_ARRAY(NDRUniConformantArray): 

679 item = LSAPR_TRUST_INFORMATION 

680 

681class PLSAPR_TRUST_INFORMATION_ARRAY(NDRPOINTER): 

682 referent = ( 

683 ('Data', LSAPR_TRUST_INFORMATION_ARRAY), 

684 ) 

685 

686class LSAPR_TRUSTED_ENUM_BUFFER(NDRSTRUCT): 

687 structure = ( 

688 ('Entries', ULONG), 

689 ('Information', PLSAPR_TRUST_INFORMATION_ARRAY), 

690 ) 

691 

692# 2.2.7.20 LSAPR_TRUSTED_ENUM_BUFFER_EX 

693class LSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY(NDRUniConformantArray): 

694 item = LSAPR_TRUSTED_DOMAIN_INFORMATION_EX 

695 

696class PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY(NDRPOINTER): 

697 referent = ( 

698 ('Data', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY), 

699 ) 

700 

701class LSAPR_TRUSTED_ENUM_BUFFER_EX(NDRSTRUCT): 

702 structure = ( 

703 ('Entries', ULONG), 

704 ('EnumerationBuffer', PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY), 

705 ) 

706 

707# 2.2.7.22 LSA_FOREST_TRUST_RECORD_TYPE 

708class LSA_FOREST_TRUST_RECORD_TYPE(NDRENUM): 

709 class enumItems(Enum): 

710 ForestTrustTopLevelName = 0 

711 ForestTrustTopLevelNameEx = 1 

712 ForestTrustDomainInfo = 2 

713 

714# 2.2.7.24 LSA_FOREST_TRUST_DOMAIN_INFO 

715class LSA_FOREST_TRUST_DOMAIN_INFO(NDRSTRUCT): 

716 structure = ( 

717 ('Sid', PRPC_SID), 

718 ('DnsName', LSA_UNICODE_STRING), 

719 ('NetbiosName', LSA_UNICODE_STRING), 

720 ) 

721 

722# 2.2.7.21 LSA_FOREST_TRUST_RECORD 

723class LSA_FOREST_TRUST_DATA_UNION(NDRUNION): 

724 union = { 

725 LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName : ('TopLevelName', LSA_UNICODE_STRING ), 

726 LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx : ('TopLevelName', LSA_UNICODE_STRING), 

727 LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo : ('DomainInfo', LSA_FOREST_TRUST_DOMAIN_INFO), 

728 } 

729 

730class LSA_FOREST_TRUST_RECORD(NDRSTRUCT): 

731 structure = ( 

732 ('Flags', ULONG), 

733 ('ForestTrustType', LSA_FOREST_TRUST_RECORD_TYPE), 

734 ('Time', LARGE_INTEGER), 

735 ('ForestTrustData', LSA_FOREST_TRUST_DATA_UNION), 

736 ) 

737 

738class PLSA_FOREST_TRUST_RECORD(NDRPOINTER): 

739 referent = ( 

740 ('Data', LSA_FOREST_TRUST_RECORD), 

741 ) 

742 

743# 2.2.7.23 LSA_FOREST_TRUST_BINARY_DATA 

744class LSA_FOREST_TRUST_BINARY_DATA(NDRSTRUCT): 

745 structure = ( 

746 ('Length', ULONG), 

747 ('Buffer', LPBYTE), 

748 ) 

749 

750# 2.2.7.25 LSA_FOREST_TRUST_INFORMATION 

751class LSA_FOREST_TRUST_RECORD_ARRAY(NDRUniConformantArray): 

752 item = PLSA_FOREST_TRUST_RECORD 

753 

754class PLSA_FOREST_TRUST_RECORD_ARRAY(NDRPOINTER): 

755 referent = ( 

756 ('Data', LSA_FOREST_TRUST_RECORD_ARRAY), 

757 ) 

758 

759class LSA_FOREST_TRUST_INFORMATION(NDRSTRUCT): 

760 structure = ( 

761 ('RecordCount', ULONG), 

762 ('Entries', PLSA_FOREST_TRUST_RECORD_ARRAY), 

763 ) 

764 

765class PLSA_FOREST_TRUST_INFORMATION(NDRPOINTER): 

766 referent = ( 

767 ('Data', LSA_FOREST_TRUST_INFORMATION), 

768 ) 

769 

770# 2.2.7.26 LSA_FOREST_TRUST_COLLISION_RECORD_TYPE 

771class LSA_FOREST_TRUST_COLLISION_RECORD_TYPE(NDRENUM): 

772 class enumItems(Enum): 

773 CollisionTdo = 0 

774 CollisionXref = 1 

775 CollisionOther = 2 

776 

777# 2.2.7.27 LSA_FOREST_TRUST_COLLISION_RECORD 

778class LSA_FOREST_TRUST_COLLISION_RECORD(NDRSTRUCT): 

779 structure = ( 

780 ('Index', ULONG), 

781 ('Type', LSA_FOREST_TRUST_COLLISION_RECORD_TYPE), 

782 ('Flags', ULONG), 

783 ('Name', LSA_UNICODE_STRING), 

784 ) 

785 

786# 2.2.8.1 LSAPR_POLICY_PRIVILEGE_DEF 

787class LSAPR_POLICY_PRIVILEGE_DEF(NDRSTRUCT): 

788 structure = ( 

789 ('Name', RPC_UNICODE_STRING), 

790 ('LocalValue', LUID), 

791 ) 

792 

793# 2.2.8.2 LSAPR_PRIVILEGE_ENUM_BUFFER 

794class LSAPR_POLICY_PRIVILEGE_DEF_ARRAY(NDRUniConformantArray): 

795 item = LSAPR_POLICY_PRIVILEGE_DEF 

796 

797class PLSAPR_POLICY_PRIVILEGE_DEF_ARRAY(NDRPOINTER): 

798 referent = ( 

799 ('Data', LSAPR_POLICY_PRIVILEGE_DEF_ARRAY), 

800 ) 

801 

802class LSAPR_PRIVILEGE_ENUM_BUFFER(NDRSTRUCT): 

803 structure = ( 

804 ('Entries', ULONG), 

805 ('Privileges', PLSAPR_POLICY_PRIVILEGE_DEF_ARRAY), 

806 ) 

807 

808 

809################################################################################ 

810# RPC CALLS 

811################################################################################ 

812# 3.1.4.4.1 LsarOpenPolicy2 (Opnum 44) 

813class LsarOpenPolicy2(NDRCALL): 

814 opnum = 44 

815 structure = ( 

816 ('SystemName', LPWSTR), 

817 ('ObjectAttributes',LSAPR_OBJECT_ATTRIBUTES), 

818 ('DesiredAccess',ACCESS_MASK), 

819 ) 

820 

821class LsarOpenPolicy2Response(NDRCALL): 

822 structure = ( 

823 ('PolicyHandle',LSAPR_HANDLE), 

824 ('ErrorCode', NTSTATUS), 

825 ) 

826 

827# 3.1.4.4.2 LsarOpenPolicy (Opnum 6) 

828class LsarOpenPolicy(NDRCALL): 

829 opnum = 6 

830 structure = ( 

831 ('SystemName', LPWSTR), 

832 ('ObjectAttributes',LSAPR_OBJECT_ATTRIBUTES), 

833 ('DesiredAccess',ACCESS_MASK), 

834 ) 

835 

836class LsarOpenPolicyResponse(NDRCALL): 

837 structure = ( 

838 ('PolicyHandle',LSAPR_HANDLE), 

839 ('ErrorCode', NTSTATUS), 

840 ) 

841 

842# 3.1.4.4.3 LsarQueryInformationPolicy2 (Opnum 46) 

843class LsarQueryInformationPolicy2(NDRCALL): 

844 opnum = 46 

845 structure = ( 

846 ('PolicyHandle', LSAPR_HANDLE), 

847 ('InformationClass',POLICY_INFORMATION_CLASS), 

848 ) 

849 

850class LsarQueryInformationPolicy2Response(NDRCALL): 

851 structure = ( 

852 ('PolicyInformation',PLSAPR_POLICY_INFORMATION), 

853 ('ErrorCode', NTSTATUS), 

854 ) 

855 

856# 3.1.4.4.4 LsarQueryInformationPolicy (Opnum 7) 

857class LsarQueryInformationPolicy(NDRCALL): 

858 opnum = 7 

859 structure = ( 

860 ('PolicyHandle', LSAPR_HANDLE), 

861 ('InformationClass',POLICY_INFORMATION_CLASS), 

862 ) 

863 

864class LsarQueryInformationPolicyResponse(NDRCALL): 

865 structure = ( 

866 ('PolicyInformation',PLSAPR_POLICY_INFORMATION), 

867 ('ErrorCode', NTSTATUS), 

868 ) 

869 

870# 3.1.4.4.5 LsarSetInformationPolicy2 (Opnum 47) 

871class LsarSetInformationPolicy2(NDRCALL): 

872 opnum = 47 

873 structure = ( 

874 ('PolicyHandle', LSAPR_HANDLE), 

875 ('InformationClass',POLICY_INFORMATION_CLASS), 

876 ('PolicyInformation',LSAPR_POLICY_INFORMATION), 

877 ) 

878 

879class LsarSetInformationPolicy2Response(NDRCALL): 

880 structure = ( 

881 ('ErrorCode', NTSTATUS), 

882 ) 

883 

884# 3.1.4.4.6 LsarSetInformationPolicy (Opnum 8) 

885class LsarSetInformationPolicy(NDRCALL): 

886 opnum = 8 

887 structure = ( 

888 ('PolicyHandle', LSAPR_HANDLE), 

889 ('InformationClass',POLICY_INFORMATION_CLASS), 

890 ('PolicyInformation',LSAPR_POLICY_INFORMATION), 

891 ) 

892 

893class LsarSetInformationPolicyResponse(NDRCALL): 

894 structure = ( 

895 ('ErrorCode', NTSTATUS), 

896 ) 

897 

898# 3.1.4.4.7 LsarQueryDomainInformationPolicy (Opnum 53) 

899class LsarQueryDomainInformationPolicy(NDRCALL): 

900 opnum = 53 

901 structure = ( 

902 ('PolicyHandle', LSAPR_HANDLE), 

903 ('InformationClass',POLICY_DOMAIN_INFORMATION_CLASS), 

904 ) 

905 

906class LsarQueryDomainInformationPolicyResponse(NDRCALL): 

907 structure = ( 

908 ('PolicyDomainInformation',PLSAPR_POLICY_DOMAIN_INFORMATION), 

909 ('ErrorCode', NTSTATUS), 

910 ) 

911 

912# 3.1.4.4.8 LsarSetDomainInformationPolicy (Opnum 54) 

913# 3.1.4.5.1 LsarCreateAccount (Opnum 10) 

914class LsarCreateAccount(NDRCALL): 

915 opnum = 10 

916 structure = ( 

917 ('PolicyHandle', LSAPR_HANDLE), 

918 ('AccountSid',RPC_SID), 

919 ('DesiredAccess',ACCESS_MASK), 

920 ) 

921 

922class LsarCreateAccountResponse(NDRCALL): 

923 structure = ( 

924 ('AccountHandle',LSAPR_HANDLE), 

925 ('ErrorCode', NTSTATUS), 

926 ) 

927 

928# 3.1.4.5.2 LsarEnumerateAccounts (Opnum 11) 

929class LsarEnumerateAccounts(NDRCALL): 

930 opnum = 11 

931 structure = ( 

932 ('PolicyHandle', LSAPR_HANDLE), 

933 ('EnumerationContext',ULONG), 

934 ('PreferedMaximumLength',ULONG), 

935 ) 

936 

937class LsarEnumerateAccountsResponse(NDRCALL): 

938 structure = ( 

939 ('EnumerationContext',ULONG), 

940 ('EnumerationBuffer',LSAPR_ACCOUNT_ENUM_BUFFER), 

941 ('ErrorCode', NTSTATUS), 

942 ) 

943 

944# 3.1.4.5.3 LsarOpenAccount (Opnum 17) 

945class LsarOpenAccount(NDRCALL): 

946 opnum = 17 

947 structure = ( 

948 ('PolicyHandle', LSAPR_HANDLE), 

949 ('AccountSid',RPC_SID), 

950 ('DesiredAccess',ACCESS_MASK), 

951 ) 

952 

953class LsarOpenAccountResponse(NDRCALL): 

954 structure = ( 

955 ('AccountHandle',LSAPR_HANDLE), 

956 ('ErrorCode', NTSTATUS), 

957 ) 

958 

959# 3.1.4.5.4 LsarEnumeratePrivilegesAccount (Opnum 18) 

960class LsarEnumeratePrivilegesAccount(NDRCALL): 

961 opnum = 18 

962 structure = ( 

963 ('AccountHandle', LSAPR_HANDLE), 

964 ) 

965 

966class LsarEnumeratePrivilegesAccountResponse(NDRCALL): 

967 structure = ( 

968 ('Privileges',PLSAPR_PRIVILEGE_SET), 

969 ('ErrorCode', NTSTATUS), 

970 ) 

971 

972# 3.1.4.5.5 LsarAddPrivilegesToAccount (Opnum 19) 

973class LsarAddPrivilegesToAccount(NDRCALL): 

974 opnum = 19 

975 structure = ( 

976 ('AccountHandle', LSAPR_HANDLE), 

977 ('Privileges', LSAPR_PRIVILEGE_SET), 

978 ) 

979 

980class LsarAddPrivilegesToAccountResponse(NDRCALL): 

981 structure = ( 

982 ('ErrorCode', NTSTATUS), 

983 ) 

984 

985# 3.1.4.5.6 LsarRemovePrivilegesFromAccount (Opnum 20) 

986class LsarRemovePrivilegesFromAccount(NDRCALL): 

987 opnum = 20 

988 structure = ( 

989 ('AccountHandle', LSAPR_HANDLE), 

990 ('AllPrivileges', UCHAR), 

991 ('Privileges', PLSAPR_PRIVILEGE_SET), 

992 ) 

993 

994class LsarRemovePrivilegesFromAccountResponse(NDRCALL): 

995 structure = ( 

996 ('ErrorCode', NTSTATUS), 

997 ) 

998 

999# 3.1.4.5.7 LsarGetSystemAccessAccount (Opnum 23) 

1000class LsarGetSystemAccessAccount(NDRCALL): 

1001 opnum = 23 

1002 structure = ( 

1003 ('AccountHandle', LSAPR_HANDLE), 

1004 ) 

1005 

1006class LsarGetSystemAccessAccountResponse(NDRCALL): 

1007 structure = ( 

1008 ('SystemAccess', ULONG), 

1009 ('ErrorCode', NTSTATUS), 

1010 ) 

1011 

1012# 3.1.4.5.8 LsarSetSystemAccessAccount (Opnum 24) 

1013class LsarSetSystemAccessAccount(NDRCALL): 

1014 opnum = 24 

1015 structure = ( 

1016 ('AccountHandle', LSAPR_HANDLE), 

1017 ('SystemAccess', ULONG), 

1018 ) 

1019 

1020class LsarSetSystemAccessAccountResponse(NDRCALL): 

1021 structure = ( 

1022 ('ErrorCode', NTSTATUS), 

1023 ) 

1024 

1025# 3.1.4.5.9 LsarEnumerateAccountsWithUserRight (Opnum 35) 

1026class LsarEnumerateAccountsWithUserRight(NDRCALL): 

1027 opnum = 35 

1028 structure = ( 

1029 ('PolicyHandle', LSAPR_HANDLE), 

1030 ('UserRight', PRPC_UNICODE_STRING), 

1031 ) 

1032 

1033class LsarEnumerateAccountsWithUserRightResponse(NDRCALL): 

1034 structure = ( 

1035 ('EnumerationBuffer',LSAPR_ACCOUNT_ENUM_BUFFER), 

1036 ('ErrorCode', NTSTATUS), 

1037 ) 

1038 

1039# 3.1.4.5.10 LsarEnumerateAccountRights (Opnum 36) 

1040class LsarEnumerateAccountRights(NDRCALL): 

1041 opnum = 36 

1042 structure = ( 

1043 ('PolicyHandle', LSAPR_HANDLE), 

1044 ('AccountSid', RPC_SID), 

1045 ) 

1046 

1047class LsarEnumerateAccountRightsResponse(NDRCALL): 

1048 structure = ( 

1049 ('UserRights',LSAPR_USER_RIGHT_SET), 

1050 ('ErrorCode', NTSTATUS), 

1051 ) 

1052 

1053# 3.1.4.5.11 LsarAddAccountRights (Opnum 37) 

1054class LsarAddAccountRights(NDRCALL): 

1055 opnum = 37 

1056 structure = ( 

1057 ('PolicyHandle', LSAPR_HANDLE), 

1058 ('AccountSid', RPC_SID), 

1059 ('UserRights',LSAPR_USER_RIGHT_SET), 

1060 ) 

1061 

1062class LsarAddAccountRightsResponse(NDRCALL): 

1063 structure = ( 

1064 ('ErrorCode', NTSTATUS), 

1065 ) 

1066 

1067# 3.1.4.5.12 LsarRemoveAccountRights (Opnum 38) 

1068class LsarRemoveAccountRights(NDRCALL): 

1069 opnum = 38 

1070 structure = ( 

1071 ('PolicyHandle', LSAPR_HANDLE), 

1072 ('AccountSid', RPC_SID), 

1073 ('AllRights', UCHAR), 

1074 ('UserRights',LSAPR_USER_RIGHT_SET), 

1075 ) 

1076 

1077class LsarRemoveAccountRightsResponse(NDRCALL): 

1078 structure = ( 

1079 ('ErrorCode', NTSTATUS), 

1080 ) 

1081 

1082# 3.1.4.6.1 LsarCreateSecret (Opnum 16) 

1083class LsarCreateSecret(NDRCALL): 

1084 opnum = 16 

1085 structure = ( 

1086 ('PolicyHandle', LSAPR_HANDLE), 

1087 ('SecretName', RPC_UNICODE_STRING), 

1088 ('DesiredAccess', ACCESS_MASK), 

1089 ) 

1090 

1091class LsarCreateSecretResponse(NDRCALL): 

1092 structure = ( 

1093 ('SecretHandle', LSAPR_HANDLE), 

1094 ('ErrorCode', NTSTATUS), 

1095 ) 

1096 

1097# 3.1.4.6.2 LsarOpenSecret (Opnum 28) 

1098class LsarOpenSecret(NDRCALL): 

1099 opnum = 28 

1100 structure = ( 

1101 ('PolicyHandle', LSAPR_HANDLE), 

1102 ('SecretName', RPC_UNICODE_STRING), 

1103 ('DesiredAccess', ACCESS_MASK), 

1104 ) 

1105 

1106class LsarOpenSecretResponse(NDRCALL): 

1107 structure = ( 

1108 ('SecretHandle', LSAPR_HANDLE), 

1109 ('ErrorCode', NTSTATUS), 

1110 ) 

1111 

1112# 3.1.4.6.3 LsarSetSecret (Opnum 29) 

1113class LsarSetSecret(NDRCALL): 

1114 opnum = 29 

1115 structure = ( 

1116 ('SecretHandle', LSAPR_HANDLE), 

1117 ('EncryptedCurrentValue', PLSAPR_CR_CIPHER_VALUE), 

1118 ('EncryptedOldValue', PLSAPR_CR_CIPHER_VALUE), 

1119 ) 

1120 

1121class LsarSetSecretResponse(NDRCALL): 

1122 structure = ( 

1123 ('ErrorCode', NTSTATUS), 

1124 ) 

1125 

1126# 3.1.4.6.4 LsarQuerySecret (Opnum 30) 

1127class LsarQuerySecret(NDRCALL): 

1128 opnum = 30 

1129 structure = ( 

1130 ('SecretHandle', LSAPR_HANDLE), 

1131 ('EncryptedCurrentValue', PPLSAPR_CR_CIPHER_VALUE), 

1132 ('CurrentValueSetTime', PLARGE_INTEGER), 

1133 ('EncryptedOldValue', PPLSAPR_CR_CIPHER_VALUE), 

1134 ('OldValueSetTime', PLARGE_INTEGER), 

1135 ) 

1136 

1137class LsarQuerySecretResponse(NDRCALL): 

1138 structure = ( 

1139 ('EncryptedCurrentValue', PPLSAPR_CR_CIPHER_VALUE), 

1140 ('CurrentValueSetTime', PLARGE_INTEGER), 

1141 ('EncryptedOldValue', PPLSAPR_CR_CIPHER_VALUE), 

1142 ('OldValueSetTime', PLARGE_INTEGER), 

1143 ('ErrorCode', NTSTATUS), 

1144 ) 

1145 

1146# 3.1.4.6.5 LsarStorePrivateData (Opnum 42) 

1147class LsarStorePrivateData(NDRCALL): 

1148 opnum = 42 

1149 structure = ( 

1150 ('PolicyHandle', LSAPR_HANDLE), 

1151 ('KeyName', RPC_UNICODE_STRING), 

1152 ('EncryptedData', PLSAPR_CR_CIPHER_VALUE), 

1153 ) 

1154 

1155class LsarStorePrivateDataResponse(NDRCALL): 

1156 structure = ( 

1157 ('ErrorCode', NTSTATUS), 

1158 ) 

1159 

1160# 3.1.4.6.6 LsarRetrievePrivateData (Opnum 43) 

1161class LsarRetrievePrivateData(NDRCALL): 

1162 opnum = 43 

1163 structure = ( 

1164 ('PolicyHandle', LSAPR_HANDLE), 

1165 ('KeyName', RPC_UNICODE_STRING), 

1166 ('EncryptedData', PLSAPR_CR_CIPHER_VALUE), 

1167 ) 

1168 

1169class LsarRetrievePrivateDataResponse(NDRCALL): 

1170 structure = ( 

1171 ('EncryptedData', PLSAPR_CR_CIPHER_VALUE), 

1172 ('ErrorCode', NTSTATUS), 

1173 ) 

1174 

1175# 3.1.4.7.1 LsarOpenTrustedDomain (Opnum 25) 

1176# 3.1.4.7.1 LsarQueryInfoTrustedDomain (Opnum 26) 

1177# 3.1.4.7.2 LsarQueryTrustedDomainInfo (Opnum 39) 

1178# 3.1.4.7.3 LsarSetTrustedDomainInfo (Opnum 40) 

1179# 3.1.4.7.4 LsarDeleteTrustedDomain (Opnum 41) 

1180# 3.1.4.7.5 LsarQueryTrustedDomainInfoByName (Opnum 48) 

1181# 3.1.4.7.6 LsarSetTrustedDomainInfoByName (Opnum 49) 

1182# 3.1.4.7.7 LsarEnumerateTrustedDomainsEx (Opnum 50) 

1183class LsarEnumerateTrustedDomainsEx(NDRCALL): 

1184 opnum = 50 

1185 structure = ( 

1186 ('PolicyHandle', LSAPR_HANDLE), 

1187 ('EnumerationContext', ULONG), 

1188 ('PreferedMaximumLength', ULONG), 

1189 ) 

1190 

1191class LsarEnumerateTrustedDomainsExResponse(NDRCALL): 

1192 structure = ( 

1193 ('EnumerationContext', ULONG), 

1194 ('EnumerationBuffer',LSAPR_TRUSTED_ENUM_BUFFER_EX), 

1195 ('ErrorCode', NTSTATUS), 

1196 ) 

1197 

1198# 3.1.4.7.8 LsarEnumerateTrustedDomains (Opnum 13) 

1199class LsarEnumerateTrustedDomains(NDRCALL): 

1200 opnum = 13 

1201 structure = ( 

1202 ('PolicyHandle', LSAPR_HANDLE), 

1203 ('EnumerationContext', ULONG), 

1204 ('PreferedMaximumLength', ULONG), 

1205 ) 

1206 

1207class LsarEnumerateTrustedDomainsResponse(NDRCALL): 

1208 structure = ( 

1209 ('EnumerationContext', ULONG), 

1210 ('EnumerationBuffer',LSAPR_TRUSTED_ENUM_BUFFER), 

1211 ('ErrorCode', NTSTATUS), 

1212 ) 

1213 

1214# 3.1.4.7.9 LsarOpenTrustedDomainByName (Opnum 55) 

1215# 3.1.4.7.10 LsarCreateTrustedDomainEx2 (Opnum 59) 

1216# 3.1.4.7.11 LsarCreateTrustedDomainEx (Opnum 51) 

1217# 3.1.4.7.12 LsarCreateTrustedDomain (Opnum 12) 

1218# 3.1.4.7.14 LsarSetInformationTrustedDomain (Opnum 27) 

1219# 3.1.4.7.15 LsarQueryForestTrustInformation (Opnum 73) 

1220class LsarQueryForestTrustInformation(NDRCALL): 

1221 opnum = 73 

1222 structure = ( 

1223 ('PolicyHandle', LSAPR_HANDLE), 

1224 ('TrustedDomainName', LSA_UNICODE_STRING), 

1225 ('HighestRecordType', LSA_FOREST_TRUST_RECORD_TYPE), 

1226 ) 

1227 

1228class LsarQueryForestTrustInformationResponse(NDRCALL): 

1229 structure = ( 

1230 ('ForestTrustInfo', PLSA_FOREST_TRUST_INFORMATION), 

1231 ('ErrorCode', NTSTATUS), 

1232 ) 

1233 

1234# 3.1.4.7.16 LsarSetForestTrustInformation (Opnum 74) 

1235 

1236# 3.1.4.8.1 LsarEnumeratePrivileges (Opnum 2) 

1237class LsarEnumeratePrivileges(NDRCALL): 

1238 opnum = 2 

1239 structure = ( 

1240 ('PolicyHandle', LSAPR_HANDLE), 

1241 ('EnumerationContext', ULONG), 

1242 ('PreferedMaximumLength', ULONG), 

1243 ) 

1244 

1245class LsarEnumeratePrivilegesResponse(NDRCALL): 

1246 structure = ( 

1247 ('EnumerationContext', ULONG), 

1248 ('EnumerationBuffer', LSAPR_PRIVILEGE_ENUM_BUFFER), 

1249 ('ErrorCode', NTSTATUS), 

1250 ) 

1251 

1252# 3.1.4.8.2 LsarLookupPrivilegeValue (Opnum 31) 

1253class LsarLookupPrivilegeValue(NDRCALL): 

1254 opnum = 31 

1255 structure = ( 

1256 ('PolicyHandle', LSAPR_HANDLE), 

1257 ('Name', RPC_UNICODE_STRING), 

1258 ) 

1259 

1260class LsarLookupPrivilegeValueResponse(NDRCALL): 

1261 structure = ( 

1262 ('Value', LUID), 

1263 ('ErrorCode', NTSTATUS), 

1264 ) 

1265 

1266# 3.1.4.8.3 LsarLookupPrivilegeName (Opnum 32) 

1267class LsarLookupPrivilegeName(NDRCALL): 

1268 opnum = 32 

1269 structure = ( 

1270 ('PolicyHandle', LSAPR_HANDLE), 

1271 ('Value', LUID), 

1272 ) 

1273 

1274class LsarLookupPrivilegeNameResponse(NDRCALL): 

1275 structure = ( 

1276 ('Name', PRPC_UNICODE_STRING), 

1277 ('ErrorCode', NTSTATUS), 

1278 ) 

1279 

1280# 3.1.4.8.4 LsarLookupPrivilegeDisplayName (Opnum 33) 

1281class LsarLookupPrivilegeDisplayName(NDRCALL): 

1282 opnum = 33 

1283 structure = ( 

1284 ('PolicyHandle', LSAPR_HANDLE), 

1285 ('Name', RPC_UNICODE_STRING), 

1286 ('ClientLanguage', USHORT), 

1287 ('ClientSystemDefaultLanguage', USHORT), 

1288 ) 

1289 

1290class LsarLookupPrivilegeDisplayNameResponse(NDRCALL): 

1291 structure = ( 

1292 ('Name', PRPC_UNICODE_STRING), 

1293 ('LanguageReturned', UCHAR), 

1294 ('ErrorCode', NTSTATUS), 

1295 ) 

1296 

1297# 3.1.4.9.1 LsarQuerySecurityObject (Opnum 3) 

1298class LsarQuerySecurityObject(NDRCALL): 

1299 opnum = 3 

1300 structure = ( 

1301 ('PolicyHandle', LSAPR_HANDLE), 

1302 ('SecurityInformation', SECURITY_INFORMATION), 

1303 ) 

1304 

1305class LsarQuerySecurityObjectResponse(NDRCALL): 

1306 structure = ( 

1307 ('SecurityDescriptor', PLSAPR_SR_SECURITY_DESCRIPTOR), 

1308 ('ErrorCode', NTSTATUS), 

1309 ) 

1310 

1311# 3.1.4.9.2 LsarSetSecurityObject (Opnum 4) 

1312class LsarSetSecurityObject(NDRCALL): 

1313 opnum = 4 

1314 structure = ( 

1315 ('PolicyHandle', LSAPR_HANDLE), 

1316 ('SecurityInformation', SECURITY_INFORMATION), 

1317 ('SecurityDescriptor', LSAPR_SR_SECURITY_DESCRIPTOR), 

1318 ) 

1319 

1320class LsarSetSecurityObjectResponse(NDRCALL): 

1321 structure = ( 

1322 ('ErrorCode', NTSTATUS), 

1323 ) 

1324 

1325# 3.1.4.9.3 LsarDeleteObject (Opnum 34) 

1326class LsarDeleteObject(NDRCALL): 

1327 opnum = 34 

1328 structure = ( 

1329 ('ObjectHandle', LSAPR_HANDLE), 

1330 ) 

1331 

1332class LsarDeleteObjectResponse(NDRCALL): 

1333 structure = ( 

1334 ('ObjectHandle', LSAPR_HANDLE), 

1335 ('ErrorCode', NTSTATUS), 

1336 ) 

1337 

1338# 3.1.4.9.4 LsarClose (Opnum 0) 

1339class LsarClose(NDRCALL): 

1340 opnum = 0 

1341 structure = ( 

1342 ('ObjectHandle', LSAPR_HANDLE), 

1343 ) 

1344 

1345class LsarCloseResponse(NDRCALL): 

1346 structure = ( 

1347 ('ObjectHandle', LSAPR_HANDLE), 

1348 ('ErrorCode', NTSTATUS), 

1349 ) 

1350 

1351################################################################################ 

1352# OPNUMs and their corresponding structures 

1353################################################################################ 

1354OPNUMS = { 

1355 0 : (LsarClose, LsarCloseResponse), 

1356 2 : (LsarEnumeratePrivileges, LsarEnumeratePrivilegesResponse), 

1357 3 : (LsarQuerySecurityObject, LsarQuerySecurityObjectResponse), 

1358 4 : (LsarSetSecurityObject, LsarSetSecurityObjectResponse), 

1359 6 : (LsarOpenPolicy, LsarOpenPolicyResponse), 

1360 7 : (LsarQueryInformationPolicy, LsarQueryInformationPolicyResponse), 

1361 8 : (LsarSetInformationPolicy, LsarSetInformationPolicyResponse), 

136210 : (LsarCreateAccount, LsarCreateAccountResponse), 

136311 : (LsarEnumerateAccounts, LsarEnumerateAccountsResponse), 

1364#12 : (LsarCreateTrustedDomain, LsarCreateTrustedDomainResponse), 

136513 : (LsarEnumerateTrustedDomains, LsarEnumerateTrustedDomainsResponse), 

136616 : (LsarCreateSecret, LsarCreateSecretResponse), 

136717 : (LsarOpenAccount, LsarOpenAccountResponse), 

136818 : (LsarEnumeratePrivilegesAccount, LsarEnumeratePrivilegesAccountResponse), 

136919 : (LsarAddPrivilegesToAccount, LsarAddPrivilegesToAccountResponse), 

137020 : (LsarRemovePrivilegesFromAccount, LsarRemovePrivilegesFromAccountResponse), 

137123 : (LsarGetSystemAccessAccount, LsarGetSystemAccessAccountResponse), 

137224 : (LsarSetSystemAccessAccount, LsarSetSystemAccessAccountResponse), 

1373#25 : (LsarOpenTrustedDomain, LsarOpenTrustedDomainResponse), 

1374#26 : (LsarQueryInfoTrustedDomain, LsarQueryInfoTrustedDomainResponse), 

1375#27 : (LsarSetInformationTrustedDomain, LsarSetInformationTrustedDomainResponse), 

137628 : (LsarOpenSecret, LsarOpenSecretResponse), 

137729 : (LsarSetSecret, LsarSetSecretResponse), 

137830 : (LsarQuerySecret, LsarQuerySecretResponse), 

137931 : (LsarLookupPrivilegeValue, LsarLookupPrivilegeValueResponse), 

138032 : (LsarLookupPrivilegeName, LsarLookupPrivilegeNameResponse), 

138133 : (LsarLookupPrivilegeDisplayName, LsarLookupPrivilegeDisplayNameResponse), 

138234 : (LsarDeleteObject, LsarDeleteObjectResponse), 

138335 : (LsarEnumerateAccountsWithUserRight, LsarEnumerateAccountsWithUserRightResponse), 

138436 : (LsarEnumerateAccountRights, LsarEnumerateAccountRightsResponse), 

138537 : (LsarAddAccountRights, LsarAddAccountRightsResponse), 

138638 : (LsarRemoveAccountRights, LsarRemoveAccountRightsResponse), 

1387#39 : (LsarQueryTrustedDomainInfo, LsarQueryTrustedDomainInfoResponse), 

1388#40 : (LsarSetTrustedDomainInfo, LsarSetTrustedDomainInfoResponse), 

1389#41 : (LsarDeleteTrustedDomain, LsarDeleteTrustedDomainResponse), 

139042 : (LsarStorePrivateData, LsarStorePrivateDataResponse), 

139143 : (LsarRetrievePrivateData, LsarRetrievePrivateDataResponse), 

139244 : (LsarOpenPolicy2, LsarOpenPolicy2Response), 

139346 : (LsarQueryInformationPolicy2, LsarQueryInformationPolicy2Response), 

139447 : (LsarSetInformationPolicy2, LsarSetInformationPolicy2Response), 

1395#48 : (LsarQueryTrustedDomainInfoByName, LsarQueryTrustedDomainInfoByNameResponse), 

1396#49 : (LsarSetTrustedDomainInfoByName, LsarSetTrustedDomainInfoByNameResponse), 

139750 : (LsarEnumerateTrustedDomainsEx, LsarEnumerateTrustedDomainsExResponse), 

1398#51 : (LsarCreateTrustedDomainEx, LsarCreateTrustedDomainExResponse), 

139953 : (LsarQueryDomainInformationPolicy, LsarQueryDomainInformationPolicyResponse), 

1400#54 : (LsarSetDomainInformationPolicy, LsarSetDomainInformationPolicyResponse), 

1401#55 : (LsarOpenTrustedDomainByName, LsarOpenTrustedDomainByNameResponse), 

1402#59 : (LsarCreateTrustedDomainEx2, LsarCreateTrustedDomainEx2Response), 

1403#73 : (LsarQueryForestTrustInformation, LsarQueryForestTrustInformationResponse), 

1404#74 : (LsarSetForestTrustInformation, LsarSetForestTrustInformationResponse), 

1405} 

1406 

1407################################################################################ 

1408# HELPER FUNCTIONS 

1409################################################################################ 

1410def hLsarOpenPolicy2(dce, desiredAccess = MAXIMUM_ALLOWED): 

1411 request = LsarOpenPolicy2() 

1412 request['SystemName'] = NULL 

1413 request['ObjectAttributes']['RootDirectory'] = NULL 

1414 request['ObjectAttributes']['ObjectName'] = NULL 

1415 request['ObjectAttributes']['SecurityDescriptor'] = NULL 

1416 request['ObjectAttributes']['SecurityQualityOfService'] = NULL 

1417 request['DesiredAccess'] = desiredAccess 

1418 return dce.request(request) 

1419 

1420def hLsarOpenPolicy(dce, desiredAccess = MAXIMUM_ALLOWED): 

1421 request = LsarOpenPolicy() 

1422 request['SystemName'] = NULL 

1423 request['ObjectAttributes']['RootDirectory'] = NULL 

1424 request['ObjectAttributes']['ObjectName'] = NULL 

1425 request['ObjectAttributes']['SecurityDescriptor'] = NULL 

1426 request['ObjectAttributes']['SecurityQualityOfService'] = NULL 

1427 request['DesiredAccess'] = desiredAccess 

1428 return dce.request(request) 

1429 

1430def hLsarQueryInformationPolicy2(dce, policyHandle, informationClass): 

1431 request = LsarQueryInformationPolicy2() 

1432 request['PolicyHandle'] = policyHandle 

1433 request['InformationClass'] = informationClass 

1434 return dce.request(request) 

1435 

1436def hLsarQueryInformationPolicy(dce, policyHandle, informationClass): 

1437 request = LsarQueryInformationPolicy() 

1438 request['PolicyHandle'] = policyHandle 

1439 request['InformationClass'] = informationClass 

1440 return dce.request(request) 

1441 

1442def hLsarQueryDomainInformationPolicy(dce, policyHandle, informationClass): 

1443 request = LsarQueryInformationPolicy() 

1444 request['PolicyHandle'] = policyHandle 

1445 request['InformationClass'] = informationClass 

1446 return dce.request(request) 

1447 

1448def hLsarEnumerateAccounts(dce, policyHandle, preferedMaximumLength=0xffffffff): 

1449 request = LsarEnumerateAccounts() 

1450 request['PolicyHandle'] = policyHandle 

1451 request['PreferedMaximumLength'] = preferedMaximumLength 

1452 return dce.request(request) 

1453 

1454def hLsarEnumerateAccountsWithUserRight(dce, policyHandle, UserRight): 

1455 request = LsarEnumerateAccountsWithUserRight() 

1456 request['PolicyHandle'] = policyHandle 

1457 request['UserRight'] = UserRight 

1458 return dce.request(request) 

1459 

1460def hLsarEnumerateTrustedDomainsEx(dce, policyHandle, enumerationContext=0, preferedMaximumLength=0xffffffff): 

1461 request = LsarEnumerateTrustedDomainsEx() 

1462 request['PolicyHandle'] = policyHandle 

1463 request['EnumerationContext'] = enumerationContext 

1464 request['PreferedMaximumLength'] = preferedMaximumLength 

1465 return dce.request(request) 

1466 

1467def hLsarEnumerateTrustedDomains(dce, policyHandle, enumerationContext=0, preferedMaximumLength=0xffffffff): 

1468 request = LsarEnumerateTrustedDomains() 

1469 request['PolicyHandle'] = policyHandle 

1470 request['EnumerationContext'] = enumerationContext 

1471 request['PreferedMaximumLength'] = preferedMaximumLength 

1472 return dce.request(request) 

1473 

1474def hLsarOpenAccount(dce, policyHandle, accountSid, desiredAccess=MAXIMUM_ALLOWED): 

1475 request = LsarOpenAccount() 

1476 request['PolicyHandle'] = policyHandle 

1477 request['AccountSid'].fromCanonical(accountSid) 

1478 request['DesiredAccess'] = desiredAccess 

1479 return dce.request(request) 

1480 

1481def hLsarClose(dce, objectHandle): 

1482 request = LsarClose() 

1483 request['ObjectHandle'] = objectHandle 

1484 return dce.request(request) 

1485 

1486def hLsarCreateAccount(dce, policyHandle, accountSid, desiredAccess=MAXIMUM_ALLOWED): 

1487 request = LsarCreateAccount() 

1488 request['PolicyHandle'] = policyHandle 

1489 request['AccountSid'].fromCanonical(accountSid) 

1490 request['DesiredAccess'] = desiredAccess 

1491 return dce.request(request) 

1492 

1493def hLsarDeleteObject(dce, objectHandle): 

1494 request = LsarDeleteObject() 

1495 request['ObjectHandle'] = objectHandle 

1496 return dce.request(request) 

1497 

1498def hLsarEnumeratePrivilegesAccount(dce, accountHandle): 

1499 request = LsarEnumeratePrivilegesAccount() 

1500 request['AccountHandle'] = accountHandle 

1501 return dce.request(request) 

1502 

1503def hLsarGetSystemAccessAccount(dce, accountHandle): 

1504 request = LsarGetSystemAccessAccount() 

1505 request['AccountHandle'] = accountHandle 

1506 return dce.request(request) 

1507 

1508def hLsarSetSystemAccessAccount(dce, accountHandle, systemAccess): 

1509 request = LsarSetSystemAccessAccount() 

1510 request['AccountHandle'] = accountHandle 

1511 request['SystemAccess'] = systemAccess 

1512 return dce.request(request) 

1513 

1514def hLsarAddPrivilegesToAccount(dce, accountHandle, privileges): 

1515 request = LsarAddPrivilegesToAccount() 

1516 request['AccountHandle'] = accountHandle 

1517 request['Privileges']['PrivilegeCount'] = len(privileges) 

1518 request['Privileges']['Control'] = 0 

1519 for priv in privileges: 

1520 request['Privileges']['Privilege'].append(priv) 

1521 

1522 return dce.request(request) 

1523 

1524def hLsarRemovePrivilegesFromAccount(dce, accountHandle, privileges, allPrivileges = False): 

1525 request = LsarRemovePrivilegesFromAccount() 

1526 request['AccountHandle'] = accountHandle 

1527 request['Privileges']['Control'] = 0 

1528 if privileges != NULL: 

1529 request['Privileges']['PrivilegeCount'] = len(privileges) 

1530 for priv in privileges: 

1531 request['Privileges']['Privilege'].append(priv) 

1532 else: 

1533 request['Privileges']['PrivilegeCount'] = NULL 

1534 request['AllPrivileges'] = allPrivileges 

1535 

1536 return dce.request(request) 

1537 

1538def hLsarEnumerateAccountRights(dce, policyHandle, accountSid): 

1539 request = LsarEnumerateAccountRights() 

1540 request['PolicyHandle'] = policyHandle 

1541 request['AccountSid'].fromCanonical(accountSid) 

1542 return dce.request(request) 

1543 

1544def hLsarAddAccountRights(dce, policyHandle, accountSid, userRights): 

1545 request = LsarAddAccountRights() 

1546 request['PolicyHandle'] = policyHandle 

1547 request['AccountSid'].fromCanonical(accountSid) 

1548 request['UserRights']['EntriesRead'] = len(userRights) 

1549 for userRight in userRights: 

1550 right = RPC_UNICODE_STRING() 

1551 right['Data'] = userRight 

1552 request['UserRights']['UserRights'].append(right) 

1553 

1554 return dce.request(request) 

1555 

1556def hLsarRemoveAccountRights(dce, policyHandle, accountSid, userRights): 

1557 request = LsarRemoveAccountRights() 

1558 request['PolicyHandle'] = policyHandle 

1559 request['AccountSid'].fromCanonical(accountSid) 

1560 request['UserRights']['EntriesRead'] = len(userRights) 

1561 for userRight in userRights: 

1562 right = RPC_UNICODE_STRING() 

1563 right['Data'] = userRight 

1564 request['UserRights']['UserRights'].append(right) 

1565 

1566 return dce.request(request) 

1567 

1568def hLsarCreateSecret(dce, policyHandle, secretName, desiredAccess=MAXIMUM_ALLOWED): 

1569 request = LsarCreateSecret() 

1570 request['PolicyHandle'] = policyHandle 

1571 request['SecretName'] = secretName 

1572 request['DesiredAccess'] = desiredAccess 

1573 return dce.request(request) 

1574 

1575def hLsarOpenSecret(dce, policyHandle, secretName, desiredAccess=MAXIMUM_ALLOWED): 

1576 request = LsarOpenSecret() 

1577 request['PolicyHandle'] = policyHandle 

1578 request['SecretName'] = secretName 

1579 request['DesiredAccess'] = desiredAccess 

1580 return dce.request(request) 

1581 

1582def hLsarSetSecret(dce, secretHandle, encryptedCurrentValue, encryptedOldValue): 

1583 request = LsarOpenSecret() 

1584 request['SecretHandle'] = secretHandle 

1585 if encryptedCurrentValue != NULL: 

1586 request['EncryptedCurrentValue']['Length'] = len(encryptedCurrentValue) 

1587 request['EncryptedCurrentValue']['MaximumLength'] = len(encryptedCurrentValue) 

1588 request['EncryptedCurrentValue']['Buffer'] = list(encryptedCurrentValue) 

1589 if encryptedOldValue != NULL: 

1590 request['EncryptedOldValue']['Length'] = len(encryptedOldValue) 

1591 request['EncryptedOldValue']['MaximumLength'] = len(encryptedOldValue) 

1592 request['EncryptedOldValue']['Buffer'] = list(encryptedOldValue) 

1593 return dce.request(request) 

1594 

1595def hLsarQuerySecret(dce, secretHandle): 

1596 request = LsarQuerySecret() 

1597 request['SecretHandle'] = secretHandle 

1598 request['EncryptedCurrentValue']['Buffer'] = NULL 

1599 request['EncryptedOldValue']['Buffer'] = NULL 

1600 request['OldValueSetTime'] = NULL 

1601 return dce.request(request) 

1602 

1603def hLsarRetrievePrivateData(dce, policyHandle, keyName): 

1604 request = LsarRetrievePrivateData() 

1605 request['PolicyHandle'] = policyHandle 

1606 request['KeyName'] = keyName 

1607 retVal = dce.request(request) 

1608 return b''.join(retVal['EncryptedData']['Buffer']) 

1609 

1610def hLsarStorePrivateData(dce, policyHandle, keyName, encryptedData): 

1611 request = LsarStorePrivateData() 

1612 request['PolicyHandle'] = policyHandle 

1613 request['KeyName'] = keyName 

1614 if encryptedData != NULL: 

1615 request['EncryptedData']['Length'] = len(encryptedData) 

1616 request['EncryptedData']['MaximumLength'] = len(encryptedData) 

1617 request['EncryptedData']['Buffer'] = list(encryptedData) 

1618 else: 

1619 request['EncryptedData'] = NULL 

1620 return dce.request(request) 

1621 

1622def hLsarEnumeratePrivileges(dce, policyHandle, enumerationContext = 0, preferedMaximumLength = 0xffffffff): 

1623 request = LsarEnumeratePrivileges() 

1624 request['PolicyHandle'] = policyHandle 

1625 request['EnumerationContext'] = enumerationContext 

1626 request['PreferedMaximumLength'] = preferedMaximumLength 

1627 return dce.request(request) 

1628 

1629def hLsarLookupPrivilegeValue(dce, policyHandle, name): 

1630 request = LsarLookupPrivilegeValue() 

1631 request['PolicyHandle'] = policyHandle 

1632 request['Name'] = name 

1633 return dce.request(request) 

1634 

1635def hLsarLookupPrivilegeName(dce, policyHandle, luid): 

1636 request = LsarLookupPrivilegeName() 

1637 request['PolicyHandle'] = policyHandle 

1638 request['Value'] = luid 

1639 return dce.request(request) 

1640 

1641def hLsarQuerySecurityObject(dce, policyHandle, securityInformation = OWNER_SECURITY_INFORMATION): 

1642 request = LsarQuerySecurityObject() 

1643 request['PolicyHandle'] = policyHandle 

1644 request['SecurityInformation'] = securityInformation 

1645 retVal = dce.request(request) 

1646 return b''.join(retVal['SecurityDescriptor']['SecurityDescriptor']) 

1647 

1648def hLsarSetSecurityObject(dce, policyHandle, securityInformation, securityDescriptor): 

1649 request = LsarSetSecurityObject() 

1650 request['PolicyHandle'] = policyHandle 

1651 request['SecurityInformation'] = securityInformation 

1652 request['SecurityDescriptor']['Length'] = len(securityDescriptor) 

1653 request['SecurityDescriptor']['SecurityDescriptor'] = list(securityDescriptor) 

1654 return dce.request(request) 

1655 

1656def hLsarSetInformationPolicy2(dce, policyHandle, informationClass, policyInformation): 

1657 request = LsarSetInformationPolicy2() 

1658 request['PolicyHandle'] = policyHandle 

1659 request['InformationClass'] = informationClass 

1660 request['PolicyInformation'] = policyInformation 

1661 return dce.request(request) 

1662 

1663def hLsarSetInformationPolicy(dce, policyHandle, informationClass, policyInformation): 

1664 request = LsarSetInformationPolicy() 

1665 request['PolicyHandle'] = policyHandle 

1666 request['InformationClass'] = informationClass 

1667 request['PolicyInformation'] = policyInformation 

1668 return dce.request(request)