Coverage for /root/GitHubProjects/impacket/impacket/dcerpc/v5/lsad.py : 93%

Hot-keys on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# Impacket - Collection of Python classes for working with network protocols.
2#
3# SECUREAUTH LABS. Copyright (C) 2018 SecureAuth Corporation. All rights reserved.
4#
5# This software is provided under a slightly modified version
6# of the Apache Software License. See the accompanying LICENSE file
7# for more information.
8#
9# Description:
10# [MS-LSAD] Interface implementation
11#
12# Best way to learn how to use these calls is to grab the protocol standard
13# so you understand what the call does, and then read the test case located
14# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
15#
16# Some calls have helper functions, which makes it even easier to use.
17# They are located at the end of this file.
18# Helper functions start with "h"<name of the call>.
19# There are test cases for them too.
20#
21# Author:
22# Alberto Solino (@agsolino)
23#
24from __future__ import division
25from __future__ import print_function
26from impacket.dcerpc.v5.ndr import NDRCALL, NDRENUM, NDRUNION, NDRUniConformantVaryingArray, NDRPOINTER, NDR, NDRSTRUCT, \
27 NDRUniConformantArray
28from impacket.dcerpc.v5.dtypes import DWORD, LPWSTR, STR, LUID, LONG, ULONG, RPC_UNICODE_STRING, PRPC_SID, LPBYTE, \
29 LARGE_INTEGER, NTSTATUS, RPC_SID, ACCESS_MASK, UCHAR, PRPC_UNICODE_STRING, PLARGE_INTEGER, USHORT, \
30 SECURITY_INFORMATION, NULL, MAXIMUM_ALLOWED, GUID, SECURITY_DESCRIPTOR, OWNER_SECURITY_INFORMATION
31from impacket import nt_errors
32from impacket.uuid import uuidtup_to_bin
33from impacket.dcerpc.v5.enum import Enum
34from impacket.dcerpc.v5.rpcrt import DCERPCException
36MSRPC_UUID_LSAD = uuidtup_to_bin(('12345778-1234-ABCD-EF00-0123456789AB','0.0'))
38class DCERPCSessionError(DCERPCException):
39 def __init__(self, error_string=None, error_code=None, packet=None):
40 DCERPCException.__init__(self, error_string, error_code, packet)
42 def __str__( self ):
43 key = self.error_code
44 if key in nt_errors.ERROR_MESSAGES: 44 ↛ 49line 44 didn't jump to line 49, because the condition on line 44 was never false
45 error_msg_short = nt_errors.ERROR_MESSAGES[key][0]
46 error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1]
47 return 'LSAD SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
48 else:
49 return 'LSAD SessionError: unknown error code: 0x%x' % self.error_code
51################################################################################
52# CONSTANTS
53################################################################################
54# 2.2.1.1.2 ACCESS_MASK for Policy Objects
55POLICY_VIEW_LOCAL_INFORMATION = 0x00000001
56POLICY_VIEW_AUDIT_INFORMATION = 0x00000002
57POLICY_GET_PRIVATE_INFORMATION = 0x00000004
58POLICY_TRUST_ADMIN = 0x00000008
59POLICY_CREATE_ACCOUNT = 0x00000010
60POLICY_CREATE_SECRET = 0x00000020
61POLICY_CREATE_PRIVILEGE = 0x00000040
62POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x00000080
63POLICY_SET_AUDIT_REQUIREMENTS = 0x00000100
64POLICY_AUDIT_LOG_ADMIN = 0x00000200
65POLICY_SERVER_ADMIN = 0x00000400
66POLICY_LOOKUP_NAMES = 0x00000800
67POLICY_NOTIFICATION = 0x00001000
69# 2.2.1.1.3 ACCESS_MASK for Account Objects
70ACCOUNT_VIEW = 0x00000001
71ACCOUNT_ADJUST_PRIVILEGES = 0x00000002
72ACCOUNT_ADJUST_QUOTAS = 0x00000004
73ACCOUNT_ADJUST_SYSTEM_ACCESS = 0x00000008
75# 2.2.1.1.4 ACCESS_MASK for Secret Objects
76SECRET_SET_VALUE = 0x00000001
77SECRET_QUERY_VALUE = 0x00000002
79# 2.2.1.1.5 ACCESS_MASK for Trusted Domain Objects
80TRUSTED_QUERY_DOMAIN_NAME = 0x00000001
81TRUSTED_QUERY_CONTROLLERS = 0x00000002
82TRUSTED_SET_CONTROLLERS = 0x00000004
83TRUSTED_QUERY_POSIX = 0x00000008
84TRUSTED_SET_POSIX = 0x00000010
85TRUSTED_SET_AUTH = 0x00000020
86TRUSTED_QUERY_AUTH = 0x00000040
88# 2.2.1.2 POLICY_SYSTEM_ACCESS_MODE
89POLICY_MODE_INTERACTIVE = 0x00000001
90POLICY_MODE_NETWORK = 0x00000002
91POLICY_MODE_BATCH = 0x00000004
92POLICY_MODE_SERVICE = 0x00000010
93POLICY_MODE_DENY_INTERACTIVE = 0x00000040
94POLICY_MODE_DENY_NETWORK = 0x00000080
95POLICY_MODE_DENY_BATCH = 0x00000100
96POLICY_MODE_DENY_SERVICE = 0x00000200
97POLICY_MODE_REMOTE_INTERACTIVE = 0x00000400
98POLICY_MODE_DENY_REMOTE_INTERACTIVE = 0x00000800
99POLICY_MODE_ALL = 0x00000FF7
100POLICY_MODE_ALL_NT4 = 0x00000037
102# 2.2.4.4 LSAPR_POLICY_AUDIT_EVENTS_INFO
103# EventAuditingOptions
104POLICY_AUDIT_EVENT_UNCHANGED = 0x00000000
105POLICY_AUDIT_EVENT_NONE = 0x00000004
106POLICY_AUDIT_EVENT_SUCCESS = 0x00000001
107POLICY_AUDIT_EVENT_FAILURE = 0x00000002
109# 2.2.4.19 POLICY_DOMAIN_KERBEROS_TICKET_INFO
110# AuthenticationOptions
111POLICY_KERBEROS_VALIDATE_CLIENT = 0x00000080
113# 2.2.7.21 LSA_FOREST_TRUST_RECORD
114# Flags
115LSA_TLN_DISABLED_NEW = 0x00000001
116LSA_TLN_DISABLED_ADMIN = 0x00000002
117LSA_TLN_DISABLED_CONFLICT = 0x00000004
118LSA_SID_DISABLED_ADMIN = 0x00000001
119LSA_SID_DISABLED_CONFLICT = 0x00000002
120LSA_NB_DISABLED_ADMIN = 0x00000004
121LSA_NB_DISABLED_CONFLICT = 0x00000008
122LSA_FTRECORD_DISABLED_REASONS = 0x0000FFFF
124################################################################################
125# STRUCTURES
126################################################################################
127# 2.2.2.1 LSAPR_HANDLE
128class LSAPR_HANDLE(NDRSTRUCT):
129 align = 1
130 structure = (
131 ('Data','20s=""'),
132 )
134# 2.2.2.3 LSA_UNICODE_STRING
135LSA_UNICODE_STRING = RPC_UNICODE_STRING
137# 2.2.3.1 STRING
138class STRING(NDRSTRUCT):
139 commonHdr = (
140 ('MaximumLength','<H=len(Data)-12'),
141 ('Length','<H=len(Data)-12'),
142 ('ReferentID','<L=0xff'),
143 )
144 commonHdr64 = (
145 ('MaximumLength','<H=len(Data)-24'),
146 ('Length','<H=len(Data)-24'),
147 ('ReferentID','<Q=0xff'),
148 )
150 referent = (
151 ('Data',STR),
152 )
154 def dump(self, msg = None, indent = 0):
155 if msg is None:
156 msg = self.__class__.__name__
157 if msg != '':
158 print("%s" % msg, end=' ')
159 # Here just print the data
160 print(" %r" % (self['Data']), end=' ')
162 def __setitem__(self, key, value):
163 if key == 'Data':
164 self.fields['MaximumLength'] = None
165 self.fields['Length'] = None
166 self.data = None # force recompute
167 return NDR.__setitem__(self, key, value)
169# 2.2.3.2 LSAPR_ACL
170class LSAPR_ACL(NDRSTRUCT):
171 structure = (
172 ('AclRevision', UCHAR),
173 ('Sbz1', UCHAR),
174 ('AclSize', USHORT),
175 ('Dummy1',NDRUniConformantArray),
176 )
178# 2.2.3.4 LSAPR_SECURITY_DESCRIPTOR
179LSAPR_SECURITY_DESCRIPTOR = SECURITY_DESCRIPTOR
181class PLSAPR_SECURITY_DESCRIPTOR(NDRPOINTER):
182 referent = (
183 ('Data', LSAPR_SECURITY_DESCRIPTOR),
184 )
186# 2.2.3.5 SECURITY_IMPERSONATION_LEVEL
187class SECURITY_IMPERSONATION_LEVEL(NDRENUM):
188 class enumItems(Enum):
189 SecurityAnonymous = 0
190 SecurityIdentification = 1
191 SecurityImpersonation = 2
192 SecurityDelegation = 3
194# 2.2.3.6 SECURITY_CONTEXT_TRACKING_MODE
195SECURITY_CONTEXT_TRACKING_MODE = UCHAR
197# 2.2.3.7 SECURITY_QUALITY_OF_SERVICE
198class SECURITY_QUALITY_OF_SERVICE(NDRSTRUCT):
199 structure = (
200 ('Length', DWORD),
201 ('ImpersonationLevel', SECURITY_IMPERSONATION_LEVEL),
202 ('ContextTrackingMode', SECURITY_CONTEXT_TRACKING_MODE),
203 ('EffectiveOnly', UCHAR),
204 )
206class PSECURITY_QUALITY_OF_SERVICE(NDRPOINTER):
207 referent = (
208 ('Data', SECURITY_QUALITY_OF_SERVICE),
209 )
211# 2.2.2.4 LSAPR_OBJECT_ATTRIBUTES
212class LSAPR_OBJECT_ATTRIBUTES(NDRSTRUCT):
213 structure = (
214 ('Length', DWORD),
215 ('RootDirectory', LPWSTR),
216 ('ObjectName', LPWSTR),
217 ('Attributes', DWORD),
218 ('SecurityDescriptor', PLSAPR_SECURITY_DESCRIPTOR),
219 ('SecurityQualityOfService', PSECURITY_QUALITY_OF_SERVICE),
220 )
222# 2.2.2.5 LSAPR_SR_SECURITY_DESCRIPTOR
223class LSAPR_SR_SECURITY_DESCRIPTOR(NDRSTRUCT):
224 structure = (
225 ('Length', DWORD),
226 ('SecurityDescriptor', LPBYTE),
227 )
229class PLSAPR_SR_SECURITY_DESCRIPTOR(NDRPOINTER):
230 referent = (
231 ('Data', LSAPR_SR_SECURITY_DESCRIPTOR),
232 )
234# 2.2.3.3 SECURITY_DESCRIPTOR_CONTROL
235SECURITY_DESCRIPTOR_CONTROL = ULONG
237# 2.2.4.1 POLICY_INFORMATION_CLASS
238class POLICY_INFORMATION_CLASS(NDRENUM):
239 class enumItems(Enum):
240 PolicyAuditLogInformation = 1
241 PolicyAuditEventsInformation = 2
242 PolicyPrimaryDomainInformation = 3
243 PolicyPdAccountInformation = 4
244 PolicyAccountDomainInformation = 5
245 PolicyLsaServerRoleInformation = 6
246 PolicyReplicaSourceInformation = 7
247 PolicyInformationNotUsedOnWire = 8
248 PolicyModificationInformation = 9
249 PolicyAuditFullSetInformation = 10
250 PolicyAuditFullQueryInformation = 11
251 PolicyDnsDomainInformation = 12
252 PolicyDnsDomainInformationInt = 13
253 PolicyLocalAccountDomainInformation = 14
254 PolicyLastEntry = 15
256# 2.2.4.3 POLICY_AUDIT_LOG_INFO
257class POLICY_AUDIT_LOG_INFO(NDRSTRUCT):
258 structure = (
259 ('AuditLogPercentFull', DWORD),
260 ('MaximumLogSize', DWORD),
261 ('AuditRetentionPeriod', LARGE_INTEGER),
262 ('AuditLogFullShutdownInProgress', UCHAR),
263 ('TimeToShutdown', LARGE_INTEGER),
264 ('NextAuditRecordId', DWORD),
265 )
267# 2.2.4.4 LSAPR_POLICY_AUDIT_EVENTS_INFO
268class DWORD_ARRAY(NDRUniConformantArray):
269 item = DWORD
271class PDWORD_ARRAY(NDRPOINTER):
272 referent = (
273 ('Data', DWORD_ARRAY),
274 )
276class LSAPR_POLICY_AUDIT_EVENTS_INFO(NDRSTRUCT):
277 structure = (
278 ('AuditingMode', UCHAR),
279 ('EventAuditingOptions', PDWORD_ARRAY),
280 ('MaximumAuditEventCount', DWORD),
281 )
283# 2.2.4.5 LSAPR_POLICY_PRIMARY_DOM_INFO
284class LSAPR_POLICY_PRIMARY_DOM_INFO(NDRSTRUCT):
285 structure = (
286 ('Name', RPC_UNICODE_STRING),
287 ('Sid', PRPC_SID),
288 )
290# 2.2.4.6 LSAPR_POLICY_ACCOUNT_DOM_INFO
291class LSAPR_POLICY_ACCOUNT_DOM_INFO(NDRSTRUCT):
292 structure = (
293 ('DomainName', RPC_UNICODE_STRING),
294 ('DomainSid', PRPC_SID),
295 )
297# 2.2.4.7 LSAPR_POLICY_PD_ACCOUNT_INFO
298class LSAPR_POLICY_PD_ACCOUNT_INFO(NDRSTRUCT):
299 structure = (
300 ('Name', RPC_UNICODE_STRING),
301 )
303# 2.2.4.8 POLICY_LSA_SERVER_ROLE
304class POLICY_LSA_SERVER_ROLE(NDRENUM):
305 class enumItems(Enum):
306 PolicyServerRoleBackup = 2
307 PolicyServerRolePrimary = 3
309# 2.2.4.9 POLICY_LSA_SERVER_ROLE_INFO
310class POLICY_LSA_SERVER_ROLE_INFO(NDRSTRUCT):
311 structure = (
312 ('LsaServerRole', POLICY_LSA_SERVER_ROLE),
313 )
315# 2.2.4.10 LSAPR_POLICY_REPLICA_SRCE_INFO
316class LSAPR_POLICY_REPLICA_SRCE_INFO(NDRSTRUCT):
317 structure = (
318 ('ReplicaSource', RPC_UNICODE_STRING),
319 ('ReplicaAccountName', RPC_UNICODE_STRING),
320 )
322# 2.2.4.11 POLICY_MODIFICATION_INFO
323class POLICY_MODIFICATION_INFO(NDRSTRUCT):
324 structure = (
325 ('ModifiedId', LARGE_INTEGER),
326 ('DatabaseCreationTime', LARGE_INTEGER),
327 )
329# 2.2.4.12 POLICY_AUDIT_FULL_SET_INFO
330class POLICY_AUDIT_FULL_SET_INFO(NDRSTRUCT):
331 structure = (
332 ('ShutDownOnFull', UCHAR),
333 )
335# 2.2.4.13 POLICY_AUDIT_FULL_QUERY_INFO
336class POLICY_AUDIT_FULL_QUERY_INFO(NDRSTRUCT):
337 structure = (
338 ('ShutDownOnFull', UCHAR),
339 ('LogIsFull', UCHAR),
340 )
342# 2.2.4.14 LSAPR_POLICY_DNS_DOMAIN_INFO
343class LSAPR_POLICY_DNS_DOMAIN_INFO(NDRSTRUCT):
344 structure = (
345 ('Name', RPC_UNICODE_STRING),
346 ('DnsDomainName', RPC_UNICODE_STRING),
347 ('DnsForestName', RPC_UNICODE_STRING),
348 ('DomainGuid', GUID),
349 ('Sid', PRPC_SID),
350 )
352# 2.2.4.2 LSAPR_POLICY_INFORMATION
353class LSAPR_POLICY_INFORMATION(NDRUNION):
354 union = {
355 POLICY_INFORMATION_CLASS.PolicyAuditLogInformation : ('PolicyAuditLogInfo', POLICY_AUDIT_LOG_INFO),
356 POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation : ('PolicyAuditEventsInfo', LSAPR_POLICY_AUDIT_EVENTS_INFO),
357 POLICY_INFORMATION_CLASS.PolicyPrimaryDomainInformation : ('PolicyPrimaryDomainInfo', LSAPR_POLICY_PRIMARY_DOM_INFO),
358 POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation : ('PolicyAccountDomainInfo', LSAPR_POLICY_ACCOUNT_DOM_INFO),
359 POLICY_INFORMATION_CLASS.PolicyPdAccountInformation : ('PolicyPdAccountInfo', LSAPR_POLICY_PD_ACCOUNT_INFO),
360 POLICY_INFORMATION_CLASS.PolicyLsaServerRoleInformation : ('PolicyServerRoleInfo', POLICY_LSA_SERVER_ROLE_INFO),
361 POLICY_INFORMATION_CLASS.PolicyReplicaSourceInformation : ('PolicyReplicaSourceInfo', LSAPR_POLICY_REPLICA_SRCE_INFO),
362 POLICY_INFORMATION_CLASS.PolicyModificationInformation : ('PolicyModificationInfo', POLICY_MODIFICATION_INFO),
363 POLICY_INFORMATION_CLASS.PolicyAuditFullSetInformation : ('PolicyAuditFullSetInfo', POLICY_AUDIT_FULL_SET_INFO),
364 POLICY_INFORMATION_CLASS.PolicyAuditFullQueryInformation : ('PolicyAuditFullQueryInfo', POLICY_AUDIT_FULL_QUERY_INFO),
365 POLICY_INFORMATION_CLASS.PolicyDnsDomainInformation : ('PolicyDnsDomainInfo', LSAPR_POLICY_DNS_DOMAIN_INFO),
366 POLICY_INFORMATION_CLASS.PolicyDnsDomainInformationInt : ('PolicyDnsDomainInfoInt', LSAPR_POLICY_DNS_DOMAIN_INFO),
367 POLICY_INFORMATION_CLASS.PolicyLocalAccountDomainInformation: ('PolicyLocalAccountDomainInfo', LSAPR_POLICY_ACCOUNT_DOM_INFO),
368 }
370class PLSAPR_POLICY_INFORMATION(NDRPOINTER):
371 referent = (
372 ('Data', LSAPR_POLICY_INFORMATION),
373 )
375# 2.2.4.15 POLICY_DOMAIN_INFORMATION_CLASS
376class POLICY_DOMAIN_INFORMATION_CLASS(NDRENUM):
377 class enumItems(Enum):
378 PolicyDomainQualityOfServiceInformation = 1
379 PolicyDomainEfsInformation = 2
380 PolicyDomainKerberosTicketInformation = 3
382# 2.2.4.17 POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO
383class POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO(NDRSTRUCT):
384 structure = (
385 ('QualityOfService', DWORD),
386 )
388# 2.2.4.18 LSAPR_POLICY_DOMAIN_EFS_INFO
389class LSAPR_POLICY_DOMAIN_EFS_INFO(NDRSTRUCT):
390 structure = (
391 ('InfoLength', DWORD),
392 ('EfsBlob', LPBYTE),
393 )
395# 2.2.4.19 POLICY_DOMAIN_KERBEROS_TICKET_INFO
396class POLICY_DOMAIN_KERBEROS_TICKET_INFO(NDRSTRUCT):
397 structure = (
398 ('AuthenticationOptions', DWORD),
399 ('MaxServiceTicketAge', LARGE_INTEGER),
400 ('MaxTicketAge', LARGE_INTEGER),
401 ('MaxRenewAge', LARGE_INTEGER),
402 ('MaxClockSkew', LARGE_INTEGER),
403 ('Reserved', LARGE_INTEGER),
404 )
406# 2.2.4.16 LSAPR_POLICY_DOMAIN_INFORMATION
407class LSAPR_POLICY_DOMAIN_INFORMATION(NDRUNION):
408 union = {
409 POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainQualityOfServiceInformation : ('PolicyDomainQualityOfServiceInfo', POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO ),
410 POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainEfsInformation : ('PolicyDomainEfsInfo', LSAPR_POLICY_DOMAIN_EFS_INFO),
411 POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainKerberosTicketInformation : ('PolicyDomainKerbTicketInfo', POLICY_DOMAIN_KERBEROS_TICKET_INFO),
412 }
414class PLSAPR_POLICY_DOMAIN_INFORMATION(NDRPOINTER):
415 referent = (
416 ('Data', LSAPR_POLICY_DOMAIN_INFORMATION),
417 )
419# 2.2.4.20 POLICY_AUDIT_EVENT_TYPE
420class POLICY_AUDIT_EVENT_TYPE(NDRENUM):
421 class enumItems(Enum):
422 AuditCategorySystem = 0
423 AuditCategoryLogon = 1
424 AuditCategoryObjectAccess = 2
425 AuditCategoryPrivilegeUse = 3
426 AuditCategoryDetailedTracking = 4
427 AuditCategoryPolicyChange = 5
428 AuditCategoryAccountManagement = 6
429 AuditCategoryDirectoryServiceAccess = 7
430 AuditCategoryAccountLogon = 8
432# 2.2.5.1 LSAPR_ACCOUNT_INFORMATION
433class LSAPR_ACCOUNT_INFORMATION(NDRSTRUCT):
434 structure = (
435 ('Sid', PRPC_SID),
436 )
438# 2.2.5.2 LSAPR_ACCOUNT_ENUM_BUFFER
439class LSAPR_ACCOUNT_INFORMATION_ARRAY(NDRUniConformantArray):
440 item = LSAPR_ACCOUNT_INFORMATION
442class PLSAPR_ACCOUNT_INFORMATION_ARRAY(NDRPOINTER):
443 referent = (
444 ('Data', LSAPR_ACCOUNT_INFORMATION_ARRAY),
445 )
447class LSAPR_ACCOUNT_ENUM_BUFFER(NDRSTRUCT):
448 structure = (
449 ('EntriesRead', ULONG),
450 ('Information', PLSAPR_ACCOUNT_INFORMATION_ARRAY),
451 )
453# 2.2.5.3 LSAPR_USER_RIGHT_SET
454class RPC_UNICODE_STRING_ARRAY(NDRUniConformantArray):
455 item = RPC_UNICODE_STRING
457class PRPC_UNICODE_STRING_ARRAY(NDRPOINTER):
458 referent = (
459 ('Data', RPC_UNICODE_STRING_ARRAY),
460 )
462class LSAPR_USER_RIGHT_SET(NDRSTRUCT):
463 structure = (
464 ('EntriesRead', ULONG),
465 ('UserRights', PRPC_UNICODE_STRING_ARRAY),
466 )
468# 2.2.5.4 LSAPR_LUID_AND_ATTRIBUTES
469class LSAPR_LUID_AND_ATTRIBUTES(NDRSTRUCT):
470 structure = (
471 ('Luid', LUID),
472 ('Attributes', ULONG),
473 )
475# 2.2.5.5 LSAPR_PRIVILEGE_SET
476class LSAPR_LUID_AND_ATTRIBUTES_ARRAY(NDRUniConformantArray):
477 item = LSAPR_LUID_AND_ATTRIBUTES
479class LSAPR_PRIVILEGE_SET(NDRSTRUCT):
480 structure = (
481 ('PrivilegeCount', ULONG),
482 ('Control', ULONG),
483 ('Privilege', LSAPR_LUID_AND_ATTRIBUTES_ARRAY),
484 )
486class PLSAPR_PRIVILEGE_SET(NDRPOINTER):
487 referent = (
488 ('Data', LSAPR_PRIVILEGE_SET),
489 )
491# 2.2.6.1 LSAPR_CR_CIPHER_VALUE
492class PCHAR_ARRAY(NDRPOINTER):
493 referent = (
494 ('Data', NDRUniConformantVaryingArray),
495 )
497class LSAPR_CR_CIPHER_VALUE(NDRSTRUCT):
498 structure = (
499 ('Length', LONG),
500 ('MaximumLength', LONG),
501 ('Buffer', PCHAR_ARRAY),
502 )
504class PLSAPR_CR_CIPHER_VALUE(NDRPOINTER):
505 referent = (
506 ('Data', LSAPR_CR_CIPHER_VALUE),
507 )
509class PPLSAPR_CR_CIPHER_VALUE(NDRPOINTER):
510 referent = (
511 ('Data', PLSAPR_CR_CIPHER_VALUE),
512 )
514# 2.2.7.1 LSAPR_TRUST_INFORMATION
515class LSAPR_TRUST_INFORMATION(NDRSTRUCT):
516 structure = (
517 ('Name', RPC_UNICODE_STRING),
518 ('Sid', PRPC_SID),
519 )
521# 2.2.7.2 TRUSTED_INFORMATION_CLASS
522class TRUSTED_INFORMATION_CLASS(NDRENUM):
523 class enumItems(Enum):
524 TrustedDomainNameInformation = 1
525 TrustedControllersInformation = 2
526 TrustedPosixOffsetInformation = 3
527 TrustedPasswordInformation = 4
528 TrustedDomainInformationBasic = 5
529 TrustedDomainInformationEx = 6
530 TrustedDomainAuthInformation = 7
531 TrustedDomainFullInformation = 8
532 TrustedDomainAuthInformationInternal = 9
533 TrustedDomainFullInformationInternal = 10
534 TrustedDomainInformationEx2Internal = 11
535 TrustedDomainFullInformation2Internal = 12
536 TrustedDomainSupportedEncryptionTypes = 13
538# 2.2.7.4 LSAPR_TRUSTED_DOMAIN_NAME_INFO
539class LSAPR_TRUSTED_DOMAIN_NAME_INFO(NDRSTRUCT):
540 structure = (
541 ('Name', RPC_UNICODE_STRING),
542 )
544# 2.2.7.5 LSAPR_TRUSTED_CONTROLLERS_INFO
545class LSAPR_TRUSTED_CONTROLLERS_INFO(NDRSTRUCT):
546 structure = (
547 ('Entries', ULONG),
548 ('Names', PRPC_UNICODE_STRING_ARRAY),
549 )
551# 2.2.7.6 TRUSTED_POSIX_OFFSET_INFO
552class TRUSTED_POSIX_OFFSET_INFO(NDRSTRUCT):
553 structure = (
554 ('Offset', ULONG),
555 )
557# 2.2.7.7 LSAPR_TRUSTED_PASSWORD_INFO
558class LSAPR_TRUSTED_PASSWORD_INFO(NDRSTRUCT):
559 structure = (
560 ('Password', PLSAPR_CR_CIPHER_VALUE),
561 ('OldPassword', PLSAPR_CR_CIPHER_VALUE),
562 )
564# 2.2.7.8 LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC
565LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC = LSAPR_TRUST_INFORMATION
567# 2.2.7.9 LSAPR_TRUSTED_DOMAIN_INFORMATION_EX
568class LSAPR_TRUSTED_DOMAIN_INFORMATION_EX(NDRSTRUCT):
569 structure = (
570 ('Name', RPC_UNICODE_STRING),
571 ('FlatName', RPC_UNICODE_STRING),
572 ('Sid', PRPC_SID),
573 ('TrustDirection', ULONG),
574 ('TrustType', ULONG),
575 ('TrustAttributes', ULONG),
576 )
578# 2.2.7.10 LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2
579class LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2(NDRSTRUCT):
580 structure = (
581 ('Name', RPC_UNICODE_STRING),
582 ('FlatName', RPC_UNICODE_STRING),
583 ('Sid', PRPC_SID),
584 ('TrustDirection', ULONG),
585 ('TrustType', ULONG),
586 ('TrustAttributes', ULONG),
587 ('ForestTrustLength', ULONG),
588 ('ForestTrustInfo', LPBYTE),
589 )
591# 2.2.7.17 LSAPR_AUTH_INFORMATION
592class LSAPR_AUTH_INFORMATION(NDRSTRUCT):
593 structure = (
594 ('LastUpdateTime', LARGE_INTEGER),
595 ('AuthType', ULONG),
596 ('AuthInfoLength', ULONG),
597 ('AuthInfo', LPBYTE),
598 )
600class PLSAPR_AUTH_INFORMATION(NDRPOINTER):
601 referent = (
602 ('Data', LSAPR_AUTH_INFORMATION),
603 )
605# 2.2.7.11 LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION
606class LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION(NDRSTRUCT):
607 structure = (
608 ('IncomingAuthInfos', ULONG),
609 ('IncomingAuthenticationInformation', PLSAPR_AUTH_INFORMATION),
610 ('IncomingPreviousAuthenticationInformation', PLSAPR_AUTH_INFORMATION),
611 ('OutgoingAuthInfos', ULONG),
612 ('OutgoingAuthenticationInformation', PLSAPR_AUTH_INFORMATION),
613 ('OutgoingPreviousAuthenticationInformation', PLSAPR_AUTH_INFORMATION),
614 )
616# 2.2.7.16 LSAPR_TRUSTED_DOMAIN_AUTH_BLOB
617class LSAPR_TRUSTED_DOMAIN_AUTH_BLOB(NDRSTRUCT):
618 structure = (
619 ('AuthSize', ULONG),
620 ('AuthBlob', LPBYTE),
621 )
623# 2.2.7.12 LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL
624class LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL(NDRSTRUCT):
625 structure = (
626 ('AuthBlob', LSAPR_TRUSTED_DOMAIN_AUTH_BLOB),
627 )
629# 2.2.7.13 LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION
630class LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION(NDRSTRUCT):
631 structure = (
632 ('Information', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX),
633 ('PosixOffset', TRUSTED_POSIX_OFFSET_INFO),
634 ('AuthInformation', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION),
635 )
637# 2.2.7.14 LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL
638class LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL(NDRSTRUCT):
639 structure = (
640 ('Information', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX),
641 ('PosixOffset', TRUSTED_POSIX_OFFSET_INFO),
642 ('AuthInformation', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL),
643 )
645# 2.2.7.15 LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2
646class LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2(NDRSTRUCT):
647 structure = (
648 ('Information', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX),
649 ('PosixOffset', TRUSTED_POSIX_OFFSET_INFO),
650 ('AuthInformation', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION),
651 )
653# 2.2.7.18 TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES
654class TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES(NDRSTRUCT):
655 structure = (
656 ('SupportedEncryptionTypes', ULONG),
657 )
659# 2.2.7.3 LSAPR_TRUSTED_DOMAIN_INFO
660class LSAPR_TRUSTED_DOMAIN_INFO(NDRUNION):
661 union = {
662 TRUSTED_INFORMATION_CLASS.TrustedDomainNameInformation : ('TrustedDomainNameInfo', LSAPR_TRUSTED_DOMAIN_NAME_INFO ),
663 TRUSTED_INFORMATION_CLASS.TrustedControllersInformation : ('TrustedControllersInfo', LSAPR_TRUSTED_CONTROLLERS_INFO),
664 TRUSTED_INFORMATION_CLASS.TrustedPosixOffsetInformation : ('TrustedPosixOffsetInfo', TRUSTED_POSIX_OFFSET_INFO),
665 TRUSTED_INFORMATION_CLASS.TrustedPasswordInformation : ('TrustedPasswordInfo', LSAPR_TRUSTED_PASSWORD_INFO ),
666 TRUSTED_INFORMATION_CLASS.TrustedDomainInformationBasic : ('TrustedDomainInfoBasic', LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC),
667 TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx : ('TrustedDomainInfoEx', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX),
668 TRUSTED_INFORMATION_CLASS.TrustedDomainAuthInformation : ('TrustedAuthInfo', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION),
669 TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation : ('TrustedFullInfo', LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION),
670 TRUSTED_INFORMATION_CLASS.TrustedDomainAuthInformationInternal : ('TrustedAuthInfoInternal', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL),
671 TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformationInternal : ('TrustedFullInfoInternal', LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL),
672 TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx2Internal : ('TrustedDomainInfoEx2', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2),
673 TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation2Internal : ('TrustedFullInfo2', LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2),
674 TRUSTED_INFORMATION_CLASS.TrustedDomainSupportedEncryptionTypes : ('TrustedDomainSETs', TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES),
675 }
677# 2.2.7.19 LSAPR_TRUSTED_ENUM_BUFFER
678class LSAPR_TRUST_INFORMATION_ARRAY(NDRUniConformantArray):
679 item = LSAPR_TRUST_INFORMATION
681class PLSAPR_TRUST_INFORMATION_ARRAY(NDRPOINTER):
682 referent = (
683 ('Data', LSAPR_TRUST_INFORMATION_ARRAY),
684 )
686class LSAPR_TRUSTED_ENUM_BUFFER(NDRSTRUCT):
687 structure = (
688 ('Entries', ULONG),
689 ('Information', PLSAPR_TRUST_INFORMATION_ARRAY),
690 )
692# 2.2.7.20 LSAPR_TRUSTED_ENUM_BUFFER_EX
693class LSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY(NDRUniConformantArray):
694 item = LSAPR_TRUSTED_DOMAIN_INFORMATION_EX
696class PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY(NDRPOINTER):
697 referent = (
698 ('Data', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY),
699 )
701class LSAPR_TRUSTED_ENUM_BUFFER_EX(NDRSTRUCT):
702 structure = (
703 ('Entries', ULONG),
704 ('EnumerationBuffer', PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY),
705 )
707# 2.2.7.22 LSA_FOREST_TRUST_RECORD_TYPE
708class LSA_FOREST_TRUST_RECORD_TYPE(NDRENUM):
709 class enumItems(Enum):
710 ForestTrustTopLevelName = 0
711 ForestTrustTopLevelNameEx = 1
712 ForestTrustDomainInfo = 2
714# 2.2.7.24 LSA_FOREST_TRUST_DOMAIN_INFO
715class LSA_FOREST_TRUST_DOMAIN_INFO(NDRSTRUCT):
716 structure = (
717 ('Sid', PRPC_SID),
718 ('DnsName', LSA_UNICODE_STRING),
719 ('NetbiosName', LSA_UNICODE_STRING),
720 )
722# 2.2.7.21 LSA_FOREST_TRUST_RECORD
723class LSA_FOREST_TRUST_DATA_UNION(NDRUNION):
724 union = {
725 LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName : ('TopLevelName', LSA_UNICODE_STRING ),
726 LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx : ('TopLevelName', LSA_UNICODE_STRING),
727 LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo : ('DomainInfo', LSA_FOREST_TRUST_DOMAIN_INFO),
728 }
730class LSA_FOREST_TRUST_RECORD(NDRSTRUCT):
731 structure = (
732 ('Flags', ULONG),
733 ('ForestTrustType', LSA_FOREST_TRUST_RECORD_TYPE),
734 ('Time', LARGE_INTEGER),
735 ('ForestTrustData', LSA_FOREST_TRUST_DATA_UNION),
736 )
738class PLSA_FOREST_TRUST_RECORD(NDRPOINTER):
739 referent = (
740 ('Data', LSA_FOREST_TRUST_RECORD),
741 )
743# 2.2.7.23 LSA_FOREST_TRUST_BINARY_DATA
744class LSA_FOREST_TRUST_BINARY_DATA(NDRSTRUCT):
745 structure = (
746 ('Length', ULONG),
747 ('Buffer', LPBYTE),
748 )
750# 2.2.7.25 LSA_FOREST_TRUST_INFORMATION
751class LSA_FOREST_TRUST_RECORD_ARRAY(NDRUniConformantArray):
752 item = PLSA_FOREST_TRUST_RECORD
754class PLSA_FOREST_TRUST_RECORD_ARRAY(NDRPOINTER):
755 referent = (
756 ('Data', LSA_FOREST_TRUST_RECORD_ARRAY),
757 )
759class LSA_FOREST_TRUST_INFORMATION(NDRSTRUCT):
760 structure = (
761 ('RecordCount', ULONG),
762 ('Entries', PLSA_FOREST_TRUST_RECORD_ARRAY),
763 )
765class PLSA_FOREST_TRUST_INFORMATION(NDRPOINTER):
766 referent = (
767 ('Data', LSA_FOREST_TRUST_INFORMATION),
768 )
770# 2.2.7.26 LSA_FOREST_TRUST_COLLISION_RECORD_TYPE
771class LSA_FOREST_TRUST_COLLISION_RECORD_TYPE(NDRENUM):
772 class enumItems(Enum):
773 CollisionTdo = 0
774 CollisionXref = 1
775 CollisionOther = 2
777# 2.2.7.27 LSA_FOREST_TRUST_COLLISION_RECORD
778class LSA_FOREST_TRUST_COLLISION_RECORD(NDRSTRUCT):
779 structure = (
780 ('Index', ULONG),
781 ('Type', LSA_FOREST_TRUST_COLLISION_RECORD_TYPE),
782 ('Flags', ULONG),
783 ('Name', LSA_UNICODE_STRING),
784 )
786# 2.2.8.1 LSAPR_POLICY_PRIVILEGE_DEF
787class LSAPR_POLICY_PRIVILEGE_DEF(NDRSTRUCT):
788 structure = (
789 ('Name', RPC_UNICODE_STRING),
790 ('LocalValue', LUID),
791 )
793# 2.2.8.2 LSAPR_PRIVILEGE_ENUM_BUFFER
794class LSAPR_POLICY_PRIVILEGE_DEF_ARRAY(NDRUniConformantArray):
795 item = LSAPR_POLICY_PRIVILEGE_DEF
797class PLSAPR_POLICY_PRIVILEGE_DEF_ARRAY(NDRPOINTER):
798 referent = (
799 ('Data', LSAPR_POLICY_PRIVILEGE_DEF_ARRAY),
800 )
802class LSAPR_PRIVILEGE_ENUM_BUFFER(NDRSTRUCT):
803 structure = (
804 ('Entries', ULONG),
805 ('Privileges', PLSAPR_POLICY_PRIVILEGE_DEF_ARRAY),
806 )
809################################################################################
810# RPC CALLS
811################################################################################
812# 3.1.4.4.1 LsarOpenPolicy2 (Opnum 44)
813class LsarOpenPolicy2(NDRCALL):
814 opnum = 44
815 structure = (
816 ('SystemName', LPWSTR),
817 ('ObjectAttributes',LSAPR_OBJECT_ATTRIBUTES),
818 ('DesiredAccess',ACCESS_MASK),
819 )
821class LsarOpenPolicy2Response(NDRCALL):
822 structure = (
823 ('PolicyHandle',LSAPR_HANDLE),
824 ('ErrorCode', NTSTATUS),
825 )
827# 3.1.4.4.2 LsarOpenPolicy (Opnum 6)
828class LsarOpenPolicy(NDRCALL):
829 opnum = 6
830 structure = (
831 ('SystemName', LPWSTR),
832 ('ObjectAttributes',LSAPR_OBJECT_ATTRIBUTES),
833 ('DesiredAccess',ACCESS_MASK),
834 )
836class LsarOpenPolicyResponse(NDRCALL):
837 structure = (
838 ('PolicyHandle',LSAPR_HANDLE),
839 ('ErrorCode', NTSTATUS),
840 )
842# 3.1.4.4.3 LsarQueryInformationPolicy2 (Opnum 46)
843class LsarQueryInformationPolicy2(NDRCALL):
844 opnum = 46
845 structure = (
846 ('PolicyHandle', LSAPR_HANDLE),
847 ('InformationClass',POLICY_INFORMATION_CLASS),
848 )
850class LsarQueryInformationPolicy2Response(NDRCALL):
851 structure = (
852 ('PolicyInformation',PLSAPR_POLICY_INFORMATION),
853 ('ErrorCode', NTSTATUS),
854 )
856# 3.1.4.4.4 LsarQueryInformationPolicy (Opnum 7)
857class LsarQueryInformationPolicy(NDRCALL):
858 opnum = 7
859 structure = (
860 ('PolicyHandle', LSAPR_HANDLE),
861 ('InformationClass',POLICY_INFORMATION_CLASS),
862 )
864class LsarQueryInformationPolicyResponse(NDRCALL):
865 structure = (
866 ('PolicyInformation',PLSAPR_POLICY_INFORMATION),
867 ('ErrorCode', NTSTATUS),
868 )
870# 3.1.4.4.5 LsarSetInformationPolicy2 (Opnum 47)
871class LsarSetInformationPolicy2(NDRCALL):
872 opnum = 47
873 structure = (
874 ('PolicyHandle', LSAPR_HANDLE),
875 ('InformationClass',POLICY_INFORMATION_CLASS),
876 ('PolicyInformation',LSAPR_POLICY_INFORMATION),
877 )
879class LsarSetInformationPolicy2Response(NDRCALL):
880 structure = (
881 ('ErrorCode', NTSTATUS),
882 )
884# 3.1.4.4.6 LsarSetInformationPolicy (Opnum 8)
885class LsarSetInformationPolicy(NDRCALL):
886 opnum = 8
887 structure = (
888 ('PolicyHandle', LSAPR_HANDLE),
889 ('InformationClass',POLICY_INFORMATION_CLASS),
890 ('PolicyInformation',LSAPR_POLICY_INFORMATION),
891 )
893class LsarSetInformationPolicyResponse(NDRCALL):
894 structure = (
895 ('ErrorCode', NTSTATUS),
896 )
898# 3.1.4.4.7 LsarQueryDomainInformationPolicy (Opnum 53)
899class LsarQueryDomainInformationPolicy(NDRCALL):
900 opnum = 53
901 structure = (
902 ('PolicyHandle', LSAPR_HANDLE),
903 ('InformationClass',POLICY_DOMAIN_INFORMATION_CLASS),
904 )
906class LsarQueryDomainInformationPolicyResponse(NDRCALL):
907 structure = (
908 ('PolicyDomainInformation',PLSAPR_POLICY_DOMAIN_INFORMATION),
909 ('ErrorCode', NTSTATUS),
910 )
912# 3.1.4.4.8 LsarSetDomainInformationPolicy (Opnum 54)
913# 3.1.4.5.1 LsarCreateAccount (Opnum 10)
914class LsarCreateAccount(NDRCALL):
915 opnum = 10
916 structure = (
917 ('PolicyHandle', LSAPR_HANDLE),
918 ('AccountSid',RPC_SID),
919 ('DesiredAccess',ACCESS_MASK),
920 )
922class LsarCreateAccountResponse(NDRCALL):
923 structure = (
924 ('AccountHandle',LSAPR_HANDLE),
925 ('ErrorCode', NTSTATUS),
926 )
928# 3.1.4.5.2 LsarEnumerateAccounts (Opnum 11)
929class LsarEnumerateAccounts(NDRCALL):
930 opnum = 11
931 structure = (
932 ('PolicyHandle', LSAPR_HANDLE),
933 ('EnumerationContext',ULONG),
934 ('PreferedMaximumLength',ULONG),
935 )
937class LsarEnumerateAccountsResponse(NDRCALL):
938 structure = (
939 ('EnumerationContext',ULONG),
940 ('EnumerationBuffer',LSAPR_ACCOUNT_ENUM_BUFFER),
941 ('ErrorCode', NTSTATUS),
942 )
944# 3.1.4.5.3 LsarOpenAccount (Opnum 17)
945class LsarOpenAccount(NDRCALL):
946 opnum = 17
947 structure = (
948 ('PolicyHandle', LSAPR_HANDLE),
949 ('AccountSid',RPC_SID),
950 ('DesiredAccess',ACCESS_MASK),
951 )
953class LsarOpenAccountResponse(NDRCALL):
954 structure = (
955 ('AccountHandle',LSAPR_HANDLE),
956 ('ErrorCode', NTSTATUS),
957 )
959# 3.1.4.5.4 LsarEnumeratePrivilegesAccount (Opnum 18)
960class LsarEnumeratePrivilegesAccount(NDRCALL):
961 opnum = 18
962 structure = (
963 ('AccountHandle', LSAPR_HANDLE),
964 )
966class LsarEnumeratePrivilegesAccountResponse(NDRCALL):
967 structure = (
968 ('Privileges',PLSAPR_PRIVILEGE_SET),
969 ('ErrorCode', NTSTATUS),
970 )
972# 3.1.4.5.5 LsarAddPrivilegesToAccount (Opnum 19)
973class LsarAddPrivilegesToAccount(NDRCALL):
974 opnum = 19
975 structure = (
976 ('AccountHandle', LSAPR_HANDLE),
977 ('Privileges', LSAPR_PRIVILEGE_SET),
978 )
980class LsarAddPrivilegesToAccountResponse(NDRCALL):
981 structure = (
982 ('ErrorCode', NTSTATUS),
983 )
985# 3.1.4.5.6 LsarRemovePrivilegesFromAccount (Opnum 20)
986class LsarRemovePrivilegesFromAccount(NDRCALL):
987 opnum = 20
988 structure = (
989 ('AccountHandle', LSAPR_HANDLE),
990 ('AllPrivileges', UCHAR),
991 ('Privileges', PLSAPR_PRIVILEGE_SET),
992 )
994class LsarRemovePrivilegesFromAccountResponse(NDRCALL):
995 structure = (
996 ('ErrorCode', NTSTATUS),
997 )
999# 3.1.4.5.7 LsarGetSystemAccessAccount (Opnum 23)
1000class LsarGetSystemAccessAccount(NDRCALL):
1001 opnum = 23
1002 structure = (
1003 ('AccountHandle', LSAPR_HANDLE),
1004 )
1006class LsarGetSystemAccessAccountResponse(NDRCALL):
1007 structure = (
1008 ('SystemAccess', ULONG),
1009 ('ErrorCode', NTSTATUS),
1010 )
1012# 3.1.4.5.8 LsarSetSystemAccessAccount (Opnum 24)
1013class LsarSetSystemAccessAccount(NDRCALL):
1014 opnum = 24
1015 structure = (
1016 ('AccountHandle', LSAPR_HANDLE),
1017 ('SystemAccess', ULONG),
1018 )
1020class LsarSetSystemAccessAccountResponse(NDRCALL):
1021 structure = (
1022 ('ErrorCode', NTSTATUS),
1023 )
1025# 3.1.4.5.9 LsarEnumerateAccountsWithUserRight (Opnum 35)
1026class LsarEnumerateAccountsWithUserRight(NDRCALL):
1027 opnum = 35
1028 structure = (
1029 ('PolicyHandle', LSAPR_HANDLE),
1030 ('UserRight', PRPC_UNICODE_STRING),
1031 )
1033class LsarEnumerateAccountsWithUserRightResponse(NDRCALL):
1034 structure = (
1035 ('EnumerationBuffer',LSAPR_ACCOUNT_ENUM_BUFFER),
1036 ('ErrorCode', NTSTATUS),
1037 )
1039# 3.1.4.5.10 LsarEnumerateAccountRights (Opnum 36)
1040class LsarEnumerateAccountRights(NDRCALL):
1041 opnum = 36
1042 structure = (
1043 ('PolicyHandle', LSAPR_HANDLE),
1044 ('AccountSid', RPC_SID),
1045 )
1047class LsarEnumerateAccountRightsResponse(NDRCALL):
1048 structure = (
1049 ('UserRights',LSAPR_USER_RIGHT_SET),
1050 ('ErrorCode', NTSTATUS),
1051 )
1053# 3.1.4.5.11 LsarAddAccountRights (Opnum 37)
1054class LsarAddAccountRights(NDRCALL):
1055 opnum = 37
1056 structure = (
1057 ('PolicyHandle', LSAPR_HANDLE),
1058 ('AccountSid', RPC_SID),
1059 ('UserRights',LSAPR_USER_RIGHT_SET),
1060 )
1062class LsarAddAccountRightsResponse(NDRCALL):
1063 structure = (
1064 ('ErrorCode', NTSTATUS),
1065 )
1067# 3.1.4.5.12 LsarRemoveAccountRights (Opnum 38)
1068class LsarRemoveAccountRights(NDRCALL):
1069 opnum = 38
1070 structure = (
1071 ('PolicyHandle', LSAPR_HANDLE),
1072 ('AccountSid', RPC_SID),
1073 ('AllRights', UCHAR),
1074 ('UserRights',LSAPR_USER_RIGHT_SET),
1075 )
1077class LsarRemoveAccountRightsResponse(NDRCALL):
1078 structure = (
1079 ('ErrorCode', NTSTATUS),
1080 )
1082# 3.1.4.6.1 LsarCreateSecret (Opnum 16)
1083class LsarCreateSecret(NDRCALL):
1084 opnum = 16
1085 structure = (
1086 ('PolicyHandle', LSAPR_HANDLE),
1087 ('SecretName', RPC_UNICODE_STRING),
1088 ('DesiredAccess', ACCESS_MASK),
1089 )
1091class LsarCreateSecretResponse(NDRCALL):
1092 structure = (
1093 ('SecretHandle', LSAPR_HANDLE),
1094 ('ErrorCode', NTSTATUS),
1095 )
1097# 3.1.4.6.2 LsarOpenSecret (Opnum 28)
1098class LsarOpenSecret(NDRCALL):
1099 opnum = 28
1100 structure = (
1101 ('PolicyHandle', LSAPR_HANDLE),
1102 ('SecretName', RPC_UNICODE_STRING),
1103 ('DesiredAccess', ACCESS_MASK),
1104 )
1106class LsarOpenSecretResponse(NDRCALL):
1107 structure = (
1108 ('SecretHandle', LSAPR_HANDLE),
1109 ('ErrorCode', NTSTATUS),
1110 )
1112# 3.1.4.6.3 LsarSetSecret (Opnum 29)
1113class LsarSetSecret(NDRCALL):
1114 opnum = 29
1115 structure = (
1116 ('SecretHandle', LSAPR_HANDLE),
1117 ('EncryptedCurrentValue', PLSAPR_CR_CIPHER_VALUE),
1118 ('EncryptedOldValue', PLSAPR_CR_CIPHER_VALUE),
1119 )
1121class LsarSetSecretResponse(NDRCALL):
1122 structure = (
1123 ('ErrorCode', NTSTATUS),
1124 )
1126# 3.1.4.6.4 LsarQuerySecret (Opnum 30)
1127class LsarQuerySecret(NDRCALL):
1128 opnum = 30
1129 structure = (
1130 ('SecretHandle', LSAPR_HANDLE),
1131 ('EncryptedCurrentValue', PPLSAPR_CR_CIPHER_VALUE),
1132 ('CurrentValueSetTime', PLARGE_INTEGER),
1133 ('EncryptedOldValue', PPLSAPR_CR_CIPHER_VALUE),
1134 ('OldValueSetTime', PLARGE_INTEGER),
1135 )
1137class LsarQuerySecretResponse(NDRCALL):
1138 structure = (
1139 ('EncryptedCurrentValue', PPLSAPR_CR_CIPHER_VALUE),
1140 ('CurrentValueSetTime', PLARGE_INTEGER),
1141 ('EncryptedOldValue', PPLSAPR_CR_CIPHER_VALUE),
1142 ('OldValueSetTime', PLARGE_INTEGER),
1143 ('ErrorCode', NTSTATUS),
1144 )
1146# 3.1.4.6.5 LsarStorePrivateData (Opnum 42)
1147class LsarStorePrivateData(NDRCALL):
1148 opnum = 42
1149 structure = (
1150 ('PolicyHandle', LSAPR_HANDLE),
1151 ('KeyName', RPC_UNICODE_STRING),
1152 ('EncryptedData', PLSAPR_CR_CIPHER_VALUE),
1153 )
1155class LsarStorePrivateDataResponse(NDRCALL):
1156 structure = (
1157 ('ErrorCode', NTSTATUS),
1158 )
1160# 3.1.4.6.6 LsarRetrievePrivateData (Opnum 43)
1161class LsarRetrievePrivateData(NDRCALL):
1162 opnum = 43
1163 structure = (
1164 ('PolicyHandle', LSAPR_HANDLE),
1165 ('KeyName', RPC_UNICODE_STRING),
1166 ('EncryptedData', PLSAPR_CR_CIPHER_VALUE),
1167 )
1169class LsarRetrievePrivateDataResponse(NDRCALL):
1170 structure = (
1171 ('EncryptedData', PLSAPR_CR_CIPHER_VALUE),
1172 ('ErrorCode', NTSTATUS),
1173 )
1175# 3.1.4.7.1 LsarOpenTrustedDomain (Opnum 25)
1176# 3.1.4.7.1 LsarQueryInfoTrustedDomain (Opnum 26)
1177# 3.1.4.7.2 LsarQueryTrustedDomainInfo (Opnum 39)
1178# 3.1.4.7.3 LsarSetTrustedDomainInfo (Opnum 40)
1179# 3.1.4.7.4 LsarDeleteTrustedDomain (Opnum 41)
1180# 3.1.4.7.5 LsarQueryTrustedDomainInfoByName (Opnum 48)
1181# 3.1.4.7.6 LsarSetTrustedDomainInfoByName (Opnum 49)
1182# 3.1.4.7.7 LsarEnumerateTrustedDomainsEx (Opnum 50)
1183class LsarEnumerateTrustedDomainsEx(NDRCALL):
1184 opnum = 50
1185 structure = (
1186 ('PolicyHandle', LSAPR_HANDLE),
1187 ('EnumerationContext', ULONG),
1188 ('PreferedMaximumLength', ULONG),
1189 )
1191class LsarEnumerateTrustedDomainsExResponse(NDRCALL):
1192 structure = (
1193 ('EnumerationContext', ULONG),
1194 ('EnumerationBuffer',LSAPR_TRUSTED_ENUM_BUFFER_EX),
1195 ('ErrorCode', NTSTATUS),
1196 )
1198# 3.1.4.7.8 LsarEnumerateTrustedDomains (Opnum 13)
1199class LsarEnumerateTrustedDomains(NDRCALL):
1200 opnum = 13
1201 structure = (
1202 ('PolicyHandle', LSAPR_HANDLE),
1203 ('EnumerationContext', ULONG),
1204 ('PreferedMaximumLength', ULONG),
1205 )
1207class LsarEnumerateTrustedDomainsResponse(NDRCALL):
1208 structure = (
1209 ('EnumerationContext', ULONG),
1210 ('EnumerationBuffer',LSAPR_TRUSTED_ENUM_BUFFER),
1211 ('ErrorCode', NTSTATUS),
1212 )
1214# 3.1.4.7.9 LsarOpenTrustedDomainByName (Opnum 55)
1215# 3.1.4.7.10 LsarCreateTrustedDomainEx2 (Opnum 59)
1216# 3.1.4.7.11 LsarCreateTrustedDomainEx (Opnum 51)
1217# 3.1.4.7.12 LsarCreateTrustedDomain (Opnum 12)
1218# 3.1.4.7.14 LsarSetInformationTrustedDomain (Opnum 27)
1219# 3.1.4.7.15 LsarQueryForestTrustInformation (Opnum 73)
1220class LsarQueryForestTrustInformation(NDRCALL):
1221 opnum = 73
1222 structure = (
1223 ('PolicyHandle', LSAPR_HANDLE),
1224 ('TrustedDomainName', LSA_UNICODE_STRING),
1225 ('HighestRecordType', LSA_FOREST_TRUST_RECORD_TYPE),
1226 )
1228class LsarQueryForestTrustInformationResponse(NDRCALL):
1229 structure = (
1230 ('ForestTrustInfo', PLSA_FOREST_TRUST_INFORMATION),
1231 ('ErrorCode', NTSTATUS),
1232 )
1234# 3.1.4.7.16 LsarSetForestTrustInformation (Opnum 74)
1236# 3.1.4.8.1 LsarEnumeratePrivileges (Opnum 2)
1237class LsarEnumeratePrivileges(NDRCALL):
1238 opnum = 2
1239 structure = (
1240 ('PolicyHandle', LSAPR_HANDLE),
1241 ('EnumerationContext', ULONG),
1242 ('PreferedMaximumLength', ULONG),
1243 )
1245class LsarEnumeratePrivilegesResponse(NDRCALL):
1246 structure = (
1247 ('EnumerationContext', ULONG),
1248 ('EnumerationBuffer', LSAPR_PRIVILEGE_ENUM_BUFFER),
1249 ('ErrorCode', NTSTATUS),
1250 )
1252# 3.1.4.8.2 LsarLookupPrivilegeValue (Opnum 31)
1253class LsarLookupPrivilegeValue(NDRCALL):
1254 opnum = 31
1255 structure = (
1256 ('PolicyHandle', LSAPR_HANDLE),
1257 ('Name', RPC_UNICODE_STRING),
1258 )
1260class LsarLookupPrivilegeValueResponse(NDRCALL):
1261 structure = (
1262 ('Value', LUID),
1263 ('ErrorCode', NTSTATUS),
1264 )
1266# 3.1.4.8.3 LsarLookupPrivilegeName (Opnum 32)
1267class LsarLookupPrivilegeName(NDRCALL):
1268 opnum = 32
1269 structure = (
1270 ('PolicyHandle', LSAPR_HANDLE),
1271 ('Value', LUID),
1272 )
1274class LsarLookupPrivilegeNameResponse(NDRCALL):
1275 structure = (
1276 ('Name', PRPC_UNICODE_STRING),
1277 ('ErrorCode', NTSTATUS),
1278 )
1280# 3.1.4.8.4 LsarLookupPrivilegeDisplayName (Opnum 33)
1281class LsarLookupPrivilegeDisplayName(NDRCALL):
1282 opnum = 33
1283 structure = (
1284 ('PolicyHandle', LSAPR_HANDLE),
1285 ('Name', RPC_UNICODE_STRING),
1286 ('ClientLanguage', USHORT),
1287 ('ClientSystemDefaultLanguage', USHORT),
1288 )
1290class LsarLookupPrivilegeDisplayNameResponse(NDRCALL):
1291 structure = (
1292 ('Name', PRPC_UNICODE_STRING),
1293 ('LanguageReturned', UCHAR),
1294 ('ErrorCode', NTSTATUS),
1295 )
1297# 3.1.4.9.1 LsarQuerySecurityObject (Opnum 3)
1298class LsarQuerySecurityObject(NDRCALL):
1299 opnum = 3
1300 structure = (
1301 ('PolicyHandle', LSAPR_HANDLE),
1302 ('SecurityInformation', SECURITY_INFORMATION),
1303 )
1305class LsarQuerySecurityObjectResponse(NDRCALL):
1306 structure = (
1307 ('SecurityDescriptor', PLSAPR_SR_SECURITY_DESCRIPTOR),
1308 ('ErrorCode', NTSTATUS),
1309 )
1311# 3.1.4.9.2 LsarSetSecurityObject (Opnum 4)
1312class LsarSetSecurityObject(NDRCALL):
1313 opnum = 4
1314 structure = (
1315 ('PolicyHandle', LSAPR_HANDLE),
1316 ('SecurityInformation', SECURITY_INFORMATION),
1317 ('SecurityDescriptor', LSAPR_SR_SECURITY_DESCRIPTOR),
1318 )
1320class LsarSetSecurityObjectResponse(NDRCALL):
1321 structure = (
1322 ('ErrorCode', NTSTATUS),
1323 )
1325# 3.1.4.9.3 LsarDeleteObject (Opnum 34)
1326class LsarDeleteObject(NDRCALL):
1327 opnum = 34
1328 structure = (
1329 ('ObjectHandle', LSAPR_HANDLE),
1330 )
1332class LsarDeleteObjectResponse(NDRCALL):
1333 structure = (
1334 ('ObjectHandle', LSAPR_HANDLE),
1335 ('ErrorCode', NTSTATUS),
1336 )
1338# 3.1.4.9.4 LsarClose (Opnum 0)
1339class LsarClose(NDRCALL):
1340 opnum = 0
1341 structure = (
1342 ('ObjectHandle', LSAPR_HANDLE),
1343 )
1345class LsarCloseResponse(NDRCALL):
1346 structure = (
1347 ('ObjectHandle', LSAPR_HANDLE),
1348 ('ErrorCode', NTSTATUS),
1349 )
1351################################################################################
1352# OPNUMs and their corresponding structures
1353################################################################################
1354OPNUMS = {
1355 0 : (LsarClose, LsarCloseResponse),
1356 2 : (LsarEnumeratePrivileges, LsarEnumeratePrivilegesResponse),
1357 3 : (LsarQuerySecurityObject, LsarQuerySecurityObjectResponse),
1358 4 : (LsarSetSecurityObject, LsarSetSecurityObjectResponse),
1359 6 : (LsarOpenPolicy, LsarOpenPolicyResponse),
1360 7 : (LsarQueryInformationPolicy, LsarQueryInformationPolicyResponse),
1361 8 : (LsarSetInformationPolicy, LsarSetInformationPolicyResponse),
136210 : (LsarCreateAccount, LsarCreateAccountResponse),
136311 : (LsarEnumerateAccounts, LsarEnumerateAccountsResponse),
1364#12 : (LsarCreateTrustedDomain, LsarCreateTrustedDomainResponse),
136513 : (LsarEnumerateTrustedDomains, LsarEnumerateTrustedDomainsResponse),
136616 : (LsarCreateSecret, LsarCreateSecretResponse),
136717 : (LsarOpenAccount, LsarOpenAccountResponse),
136818 : (LsarEnumeratePrivilegesAccount, LsarEnumeratePrivilegesAccountResponse),
136919 : (LsarAddPrivilegesToAccount, LsarAddPrivilegesToAccountResponse),
137020 : (LsarRemovePrivilegesFromAccount, LsarRemovePrivilegesFromAccountResponse),
137123 : (LsarGetSystemAccessAccount, LsarGetSystemAccessAccountResponse),
137224 : (LsarSetSystemAccessAccount, LsarSetSystemAccessAccountResponse),
1373#25 : (LsarOpenTrustedDomain, LsarOpenTrustedDomainResponse),
1374#26 : (LsarQueryInfoTrustedDomain, LsarQueryInfoTrustedDomainResponse),
1375#27 : (LsarSetInformationTrustedDomain, LsarSetInformationTrustedDomainResponse),
137628 : (LsarOpenSecret, LsarOpenSecretResponse),
137729 : (LsarSetSecret, LsarSetSecretResponse),
137830 : (LsarQuerySecret, LsarQuerySecretResponse),
137931 : (LsarLookupPrivilegeValue, LsarLookupPrivilegeValueResponse),
138032 : (LsarLookupPrivilegeName, LsarLookupPrivilegeNameResponse),
138133 : (LsarLookupPrivilegeDisplayName, LsarLookupPrivilegeDisplayNameResponse),
138234 : (LsarDeleteObject, LsarDeleteObjectResponse),
138335 : (LsarEnumerateAccountsWithUserRight, LsarEnumerateAccountsWithUserRightResponse),
138436 : (LsarEnumerateAccountRights, LsarEnumerateAccountRightsResponse),
138537 : (LsarAddAccountRights, LsarAddAccountRightsResponse),
138638 : (LsarRemoveAccountRights, LsarRemoveAccountRightsResponse),
1387#39 : (LsarQueryTrustedDomainInfo, LsarQueryTrustedDomainInfoResponse),
1388#40 : (LsarSetTrustedDomainInfo, LsarSetTrustedDomainInfoResponse),
1389#41 : (LsarDeleteTrustedDomain, LsarDeleteTrustedDomainResponse),
139042 : (LsarStorePrivateData, LsarStorePrivateDataResponse),
139143 : (LsarRetrievePrivateData, LsarRetrievePrivateDataResponse),
139244 : (LsarOpenPolicy2, LsarOpenPolicy2Response),
139346 : (LsarQueryInformationPolicy2, LsarQueryInformationPolicy2Response),
139447 : (LsarSetInformationPolicy2, LsarSetInformationPolicy2Response),
1395#48 : (LsarQueryTrustedDomainInfoByName, LsarQueryTrustedDomainInfoByNameResponse),
1396#49 : (LsarSetTrustedDomainInfoByName, LsarSetTrustedDomainInfoByNameResponse),
139750 : (LsarEnumerateTrustedDomainsEx, LsarEnumerateTrustedDomainsExResponse),
1398#51 : (LsarCreateTrustedDomainEx, LsarCreateTrustedDomainExResponse),
139953 : (LsarQueryDomainInformationPolicy, LsarQueryDomainInformationPolicyResponse),
1400#54 : (LsarSetDomainInformationPolicy, LsarSetDomainInformationPolicyResponse),
1401#55 : (LsarOpenTrustedDomainByName, LsarOpenTrustedDomainByNameResponse),
1402#59 : (LsarCreateTrustedDomainEx2, LsarCreateTrustedDomainEx2Response),
1403#73 : (LsarQueryForestTrustInformation, LsarQueryForestTrustInformationResponse),
1404#74 : (LsarSetForestTrustInformation, LsarSetForestTrustInformationResponse),
1405}
1407################################################################################
1408# HELPER FUNCTIONS
1409################################################################################
1410def hLsarOpenPolicy2(dce, desiredAccess = MAXIMUM_ALLOWED):
1411 request = LsarOpenPolicy2()
1412 request['SystemName'] = NULL
1413 request['ObjectAttributes']['RootDirectory'] = NULL
1414 request['ObjectAttributes']['ObjectName'] = NULL
1415 request['ObjectAttributes']['SecurityDescriptor'] = NULL
1416 request['ObjectAttributes']['SecurityQualityOfService'] = NULL
1417 request['DesiredAccess'] = desiredAccess
1418 return dce.request(request)
1420def hLsarOpenPolicy(dce, desiredAccess = MAXIMUM_ALLOWED):
1421 request = LsarOpenPolicy()
1422 request['SystemName'] = NULL
1423 request['ObjectAttributes']['RootDirectory'] = NULL
1424 request['ObjectAttributes']['ObjectName'] = NULL
1425 request['ObjectAttributes']['SecurityDescriptor'] = NULL
1426 request['ObjectAttributes']['SecurityQualityOfService'] = NULL
1427 request['DesiredAccess'] = desiredAccess
1428 return dce.request(request)
1430def hLsarQueryInformationPolicy2(dce, policyHandle, informationClass):
1431 request = LsarQueryInformationPolicy2()
1432 request['PolicyHandle'] = policyHandle
1433 request['InformationClass'] = informationClass
1434 return dce.request(request)
1436def hLsarQueryInformationPolicy(dce, policyHandle, informationClass):
1437 request = LsarQueryInformationPolicy()
1438 request['PolicyHandle'] = policyHandle
1439 request['InformationClass'] = informationClass
1440 return dce.request(request)
1442def hLsarQueryDomainInformationPolicy(dce, policyHandle, informationClass):
1443 request = LsarQueryInformationPolicy()
1444 request['PolicyHandle'] = policyHandle
1445 request['InformationClass'] = informationClass
1446 return dce.request(request)
1448def hLsarEnumerateAccounts(dce, policyHandle, preferedMaximumLength=0xffffffff):
1449 request = LsarEnumerateAccounts()
1450 request['PolicyHandle'] = policyHandle
1451 request['PreferedMaximumLength'] = preferedMaximumLength
1452 return dce.request(request)
1454def hLsarEnumerateAccountsWithUserRight(dce, policyHandle, UserRight):
1455 request = LsarEnumerateAccountsWithUserRight()
1456 request['PolicyHandle'] = policyHandle
1457 request['UserRight'] = UserRight
1458 return dce.request(request)
1460def hLsarEnumerateTrustedDomainsEx(dce, policyHandle, enumerationContext=0, preferedMaximumLength=0xffffffff):
1461 request = LsarEnumerateTrustedDomainsEx()
1462 request['PolicyHandle'] = policyHandle
1463 request['EnumerationContext'] = enumerationContext
1464 request['PreferedMaximumLength'] = preferedMaximumLength
1465 return dce.request(request)
1467def hLsarEnumerateTrustedDomains(dce, policyHandle, enumerationContext=0, preferedMaximumLength=0xffffffff):
1468 request = LsarEnumerateTrustedDomains()
1469 request['PolicyHandle'] = policyHandle
1470 request['EnumerationContext'] = enumerationContext
1471 request['PreferedMaximumLength'] = preferedMaximumLength
1472 return dce.request(request)
1474def hLsarOpenAccount(dce, policyHandle, accountSid, desiredAccess=MAXIMUM_ALLOWED):
1475 request = LsarOpenAccount()
1476 request['PolicyHandle'] = policyHandle
1477 request['AccountSid'].fromCanonical(accountSid)
1478 request['DesiredAccess'] = desiredAccess
1479 return dce.request(request)
1481def hLsarClose(dce, objectHandle):
1482 request = LsarClose()
1483 request['ObjectHandle'] = objectHandle
1484 return dce.request(request)
1486def hLsarCreateAccount(dce, policyHandle, accountSid, desiredAccess=MAXIMUM_ALLOWED):
1487 request = LsarCreateAccount()
1488 request['PolicyHandle'] = policyHandle
1489 request['AccountSid'].fromCanonical(accountSid)
1490 request['DesiredAccess'] = desiredAccess
1491 return dce.request(request)
1493def hLsarDeleteObject(dce, objectHandle):
1494 request = LsarDeleteObject()
1495 request['ObjectHandle'] = objectHandle
1496 return dce.request(request)
1498def hLsarEnumeratePrivilegesAccount(dce, accountHandle):
1499 request = LsarEnumeratePrivilegesAccount()
1500 request['AccountHandle'] = accountHandle
1501 return dce.request(request)
1503def hLsarGetSystemAccessAccount(dce, accountHandle):
1504 request = LsarGetSystemAccessAccount()
1505 request['AccountHandle'] = accountHandle
1506 return dce.request(request)
1508def hLsarSetSystemAccessAccount(dce, accountHandle, systemAccess):
1509 request = LsarSetSystemAccessAccount()
1510 request['AccountHandle'] = accountHandle
1511 request['SystemAccess'] = systemAccess
1512 return dce.request(request)
1514def hLsarAddPrivilegesToAccount(dce, accountHandle, privileges):
1515 request = LsarAddPrivilegesToAccount()
1516 request['AccountHandle'] = accountHandle
1517 request['Privileges']['PrivilegeCount'] = len(privileges)
1518 request['Privileges']['Control'] = 0
1519 for priv in privileges:
1520 request['Privileges']['Privilege'].append(priv)
1522 return dce.request(request)
1524def hLsarRemovePrivilegesFromAccount(dce, accountHandle, privileges, allPrivileges = False):
1525 request = LsarRemovePrivilegesFromAccount()
1526 request['AccountHandle'] = accountHandle
1527 request['Privileges']['Control'] = 0
1528 if privileges != NULL:
1529 request['Privileges']['PrivilegeCount'] = len(privileges)
1530 for priv in privileges:
1531 request['Privileges']['Privilege'].append(priv)
1532 else:
1533 request['Privileges']['PrivilegeCount'] = NULL
1534 request['AllPrivileges'] = allPrivileges
1536 return dce.request(request)
1538def hLsarEnumerateAccountRights(dce, policyHandle, accountSid):
1539 request = LsarEnumerateAccountRights()
1540 request['PolicyHandle'] = policyHandle
1541 request['AccountSid'].fromCanonical(accountSid)
1542 return dce.request(request)
1544def hLsarAddAccountRights(dce, policyHandle, accountSid, userRights):
1545 request = LsarAddAccountRights()
1546 request['PolicyHandle'] = policyHandle
1547 request['AccountSid'].fromCanonical(accountSid)
1548 request['UserRights']['EntriesRead'] = len(userRights)
1549 for userRight in userRights:
1550 right = RPC_UNICODE_STRING()
1551 right['Data'] = userRight
1552 request['UserRights']['UserRights'].append(right)
1554 return dce.request(request)
1556def hLsarRemoveAccountRights(dce, policyHandle, accountSid, userRights):
1557 request = LsarRemoveAccountRights()
1558 request['PolicyHandle'] = policyHandle
1559 request['AccountSid'].fromCanonical(accountSid)
1560 request['UserRights']['EntriesRead'] = len(userRights)
1561 for userRight in userRights:
1562 right = RPC_UNICODE_STRING()
1563 right['Data'] = userRight
1564 request['UserRights']['UserRights'].append(right)
1566 return dce.request(request)
1568def hLsarCreateSecret(dce, policyHandle, secretName, desiredAccess=MAXIMUM_ALLOWED):
1569 request = LsarCreateSecret()
1570 request['PolicyHandle'] = policyHandle
1571 request['SecretName'] = secretName
1572 request['DesiredAccess'] = desiredAccess
1573 return dce.request(request)
1575def hLsarOpenSecret(dce, policyHandle, secretName, desiredAccess=MAXIMUM_ALLOWED):
1576 request = LsarOpenSecret()
1577 request['PolicyHandle'] = policyHandle
1578 request['SecretName'] = secretName
1579 request['DesiredAccess'] = desiredAccess
1580 return dce.request(request)
1582def hLsarSetSecret(dce, secretHandle, encryptedCurrentValue, encryptedOldValue):
1583 request = LsarOpenSecret()
1584 request['SecretHandle'] = secretHandle
1585 if encryptedCurrentValue != NULL:
1586 request['EncryptedCurrentValue']['Length'] = len(encryptedCurrentValue)
1587 request['EncryptedCurrentValue']['MaximumLength'] = len(encryptedCurrentValue)
1588 request['EncryptedCurrentValue']['Buffer'] = list(encryptedCurrentValue)
1589 if encryptedOldValue != NULL:
1590 request['EncryptedOldValue']['Length'] = len(encryptedOldValue)
1591 request['EncryptedOldValue']['MaximumLength'] = len(encryptedOldValue)
1592 request['EncryptedOldValue']['Buffer'] = list(encryptedOldValue)
1593 return dce.request(request)
1595def hLsarQuerySecret(dce, secretHandle):
1596 request = LsarQuerySecret()
1597 request['SecretHandle'] = secretHandle
1598 request['EncryptedCurrentValue']['Buffer'] = NULL
1599 request['EncryptedOldValue']['Buffer'] = NULL
1600 request['OldValueSetTime'] = NULL
1601 return dce.request(request)
1603def hLsarRetrievePrivateData(dce, policyHandle, keyName):
1604 request = LsarRetrievePrivateData()
1605 request['PolicyHandle'] = policyHandle
1606 request['KeyName'] = keyName
1607 retVal = dce.request(request)
1608 return b''.join(retVal['EncryptedData']['Buffer'])
1610def hLsarStorePrivateData(dce, policyHandle, keyName, encryptedData):
1611 request = LsarStorePrivateData()
1612 request['PolicyHandle'] = policyHandle
1613 request['KeyName'] = keyName
1614 if encryptedData != NULL:
1615 request['EncryptedData']['Length'] = len(encryptedData)
1616 request['EncryptedData']['MaximumLength'] = len(encryptedData)
1617 request['EncryptedData']['Buffer'] = list(encryptedData)
1618 else:
1619 request['EncryptedData'] = NULL
1620 return dce.request(request)
1622def hLsarEnumeratePrivileges(dce, policyHandle, enumerationContext = 0, preferedMaximumLength = 0xffffffff):
1623 request = LsarEnumeratePrivileges()
1624 request['PolicyHandle'] = policyHandle
1625 request['EnumerationContext'] = enumerationContext
1626 request['PreferedMaximumLength'] = preferedMaximumLength
1627 return dce.request(request)
1629def hLsarLookupPrivilegeValue(dce, policyHandle, name):
1630 request = LsarLookupPrivilegeValue()
1631 request['PolicyHandle'] = policyHandle
1632 request['Name'] = name
1633 return dce.request(request)
1635def hLsarLookupPrivilegeName(dce, policyHandle, luid):
1636 request = LsarLookupPrivilegeName()
1637 request['PolicyHandle'] = policyHandle
1638 request['Value'] = luid
1639 return dce.request(request)
1641def hLsarQuerySecurityObject(dce, policyHandle, securityInformation = OWNER_SECURITY_INFORMATION):
1642 request = LsarQuerySecurityObject()
1643 request['PolicyHandle'] = policyHandle
1644 request['SecurityInformation'] = securityInformation
1645 retVal = dce.request(request)
1646 return b''.join(retVal['SecurityDescriptor']['SecurityDescriptor'])
1648def hLsarSetSecurityObject(dce, policyHandle, securityInformation, securityDescriptor):
1649 request = LsarSetSecurityObject()
1650 request['PolicyHandle'] = policyHandle
1651 request['SecurityInformation'] = securityInformation
1652 request['SecurityDescriptor']['Length'] = len(securityDescriptor)
1653 request['SecurityDescriptor']['SecurityDescriptor'] = list(securityDescriptor)
1654 return dce.request(request)
1656def hLsarSetInformationPolicy2(dce, policyHandle, informationClass, policyInformation):
1657 request = LsarSetInformationPolicy2()
1658 request['PolicyHandle'] = policyHandle
1659 request['InformationClass'] = informationClass
1660 request['PolicyInformation'] = policyInformation
1661 return dce.request(request)
1663def hLsarSetInformationPolicy(dce, policyHandle, informationClass, policyInformation):
1664 request = LsarSetInformationPolicy()
1665 request['PolicyHandle'] = policyHandle
1666 request['InformationClass'] = informationClass
1667 request['PolicyInformation'] = policyInformation
1668 return dce.request(request)