Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# Impacket - Collection of Python classes for working with network protocols. 

2# 

3# SECUREAUTH LABS. Copyright (C) 2019 SecureAuth Corporation. All rights reserved. 

4# 

5# This software is provided under a slightly modified version 

6# of the Apache Software License. See the accompanying LICENSE file 

7# for more information. 

8# 

9# Description: 

10# [MS-SAMR] Interface implementation 

11# 

12# Best way to learn how to use these calls is to grab the protocol standard 

13# so you understand what the call does, and then read the test case located 

14# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC 

15# 

16# Some calls have helper functions, which makes it even easier to use. 

17# They are located at the end of this file. 

18# Helper functions start with "h"<name of the call>. 

19# There are test cases for them too. 

20# 

21# Author: 

22# Alberto Solino (@agsolino) 

23# 

24from __future__ import division 

25from __future__ import print_function 

26from binascii import unhexlify 

27 

28from impacket.dcerpc.v5.ndr import NDRCALL, NDR, NDRSTRUCT, NDRUNION, NDRPOINTER, NDRUniConformantArray, \ 

29 NDRUniConformantVaryingArray, NDRENUM 

30from impacket.dcerpc.v5.dtypes import NULL, RPC_UNICODE_STRING, ULONG, USHORT, UCHAR, LARGE_INTEGER, RPC_SID, LONG, STR, \ 

31 LPBYTE, SECURITY_INFORMATION, PRPC_SID, PRPC_UNICODE_STRING, LPWSTR 

32from impacket.dcerpc.v5.rpcrt import DCERPCException 

33from impacket import nt_errors, LOG 

34from impacket.uuid import uuidtup_to_bin 

35from impacket.dcerpc.v5.enum import Enum 

36from impacket.structure import Structure 

37 

38import struct 

39import os 

40from hashlib import md5 

41from Cryptodome.Cipher import ARC4 

42 

43MSRPC_UUID_SAMR = uuidtup_to_bin(('12345778-1234-ABCD-EF00-0123456789AC', '1.0')) 

44 

45class DCERPCSessionError(DCERPCException): 

46 def __init__(self, error_string=None, error_code=None, packet=None): 

47 DCERPCException.__init__(self, error_string, error_code, packet) 

48 

49 def __str__( self ): 

50 key = self.error_code 

51 if key in nt_errors.ERROR_MESSAGES: 51 ↛ 56line 51 didn't jump to line 56, because the condition on line 51 was never false

52 error_msg_short = nt_errors.ERROR_MESSAGES[key][0] 

53 error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1] 

54 return 'SAMR SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose) 

55 else: 

56 return 'SAMR SessionError: unknown error code: 0x%x' % self.error_code 

57 

58################################################################################ 

59# CONSTANTS 

60################################################################################ 

61PSAMPR_SERVER_NAME = LPWSTR 

62# 2.2.1.1 Common ACCESS_MASK Values 

63DELETE = 0x00010000 

64READ_CONTROL = 0x00020000 

65WRITE_DAC = 0x00040000 

66WRITE_OWNER = 0x00080000 

67ACCESS_SYSTEM_SECURITY = 0x01000000 

68MAXIMUM_ALLOWED = 0x02000000 

69 

70# 2.2.1.2 Generic ACCESS_MASK Values 

71GENERIC_READ = 0x80000000 

72GENERIC_WRITE = 0x40000000 

73GENERIC_EXECUTE = 0x20000000 

74GENERIC_ALL = 0x10000000 

75 

76# 2.2.1.3 Server ACCESS_MASK Values 

77SAM_SERVER_CONNECT = 0x00000001 

78SAM_SERVER_SHUTDOWN = 0x00000002 

79SAM_SERVER_INITIALIZE = 0x00000004 

80SAM_SERVER_CREATE_DOMAIN = 0x00000008 

81SAM_SERVER_ENUMERATE_DOMAINS = 0x00000010 

82SAM_SERVER_LOOKUP_DOMAIN = 0x00000020 

83SAM_SERVER_ALL_ACCESS = 0x000F003F 

84SAM_SERVER_READ = 0x00020010 

85SAM_SERVER_WRITE = 0x0002000E 

86SAM_SERVER_EXECUTE = 0x00020021 

87 

88# 2.2.1.4 Domain ACCESS_MASK Values 

89DOMAIN_READ_PASSWORD_PARAMETERS = 0x00000001 

90DOMAIN_WRITE_PASSWORD_PARAMS = 0x00000002 

91DOMAIN_READ_OTHER_PARAMETERS = 0x00000004 

92DOMAIN_WRITE_OTHER_PARAMETERS = 0x00000008 

93DOMAIN_CREATE_USER = 0x00000010 

94DOMAIN_CREATE_GROUP = 0x00000020 

95DOMAIN_CREATE_ALIAS = 0x00000040 

96DOMAIN_GET_ALIAS_MEMBERSHIP = 0x00000080 

97DOMAIN_LIST_ACCOUNTS = 0x00000100 

98DOMAIN_LOOKUP = 0x00000200 

99DOMAIN_ADMINISTER_SERVER = 0x00000400 

100DOMAIN_ALL_ACCESS = 0x000F07FF 

101DOMAIN_READ = 0x00020084 

102DOMAIN_WRITE = 0x0002047A 

103DOMAIN_EXECUTE = 0x00020301 

104 

105# 2.2.1.5 Group ACCESS_MASK Values 

106GROUP_READ_INFORMATION = 0x00000001 

107GROUP_WRITE_ACCOUNT = 0x00000002 

108GROUP_ADD_MEMBER = 0x00000004 

109GROUP_REMOVE_MEMBER = 0x00000008 

110GROUP_LIST_MEMBERS = 0x00000010 

111GROUP_ALL_ACCESS = 0x000F001F 

112GROUP_READ = 0x00020010 

113GROUP_WRITE = 0x0002000E 

114GROUP_EXECUTE = 0x00020001 

115 

116# 2.2.1.6 Alias ACCESS_MASK Values 

117ALIAS_ADD_MEMBER = 0x00000001 

118ALIAS_REMOVE_MEMBER = 0x00000002 

119ALIAS_LIST_MEMBERS = 0x00000004 

120ALIAS_READ_INFORMATION = 0x00000008 

121ALIAS_WRITE_ACCOUNT = 0x00000010 

122ALIAS_ALL_ACCESS = 0x000F001F 

123ALIAS_READ = 0x00020004 

124ALIAS_WRITE = 0x00020013 

125ALIAS_EXECUTE = 0x00020008 

126 

127# 2.2.1.7 User ACCESS_MASK Values 

128USER_READ_GENERAL = 0x00000001 

129USER_READ_PREFERENCES = 0x00000002 

130USER_WRITE_PREFERENCES = 0x00000004 

131USER_READ_LOGON = 0x00000008 

132USER_READ_ACCOUNT = 0x00000010 

133USER_WRITE_ACCOUNT = 0x00000020 

134USER_CHANGE_PASSWORD = 0x00000040 

135USER_FORCE_PASSWORD_CHANGE = 0x00000080 

136USER_LIST_GROUPS = 0x00000100 

137USER_READ_GROUP_INFORMATION = 0x00000200 

138USER_WRITE_GROUP_INFORMATION = 0x00000400 

139USER_ALL_ACCESS = 0x000F07FF 

140USER_READ = 0x0002031A 

141USER_WRITE = 0x00020044 

142USER_EXECUTE = 0x00020041 

143 

144# 2.2.1.8 USER_ALL Values 

145USER_ALL_USERNAME = 0x00000001 

146USER_ALL_FULLNAME = 0x00000002 

147USER_ALL_USERID = 0x00000004 

148USER_ALL_PRIMARYGROUPID = 0x00000008 

149USER_ALL_ADMINCOMMENT = 0x00000010 

150USER_ALL_USERCOMMENT = 0x00000020 

151USER_ALL_HOMEDIRECTORY = 0x00000040 

152USER_ALL_HOMEDIRECTORYDRIVE = 0x00000080 

153USER_ALL_SCRIPTPATH = 0x00000100 

154USER_ALL_PROFILEPATH = 0x00000200 

155USER_ALL_WORKSTATIONS = 0x00000400 

156USER_ALL_LASTLOGON = 0x00000800 

157USER_ALL_LASTLOGOFF = 0x00001000 

158USER_ALL_LOGONHOURS = 0x00002000 

159USER_ALL_BADPASSWORDCOUNT = 0x00004000 

160USER_ALL_LOGONCOUNT = 0x00008000 

161USER_ALL_PASSWORDCANCHANGE = 0x00010000 

162USER_ALL_PASSWORDMUSTCHANGE = 0x00020000 

163USER_ALL_PASSWORDLASTSET = 0x00040000 

164USER_ALL_ACCOUNTEXPIRES = 0x00080000 

165USER_ALL_USERACCOUNTCONTROL = 0x00100000 

166USER_ALL_PARAMETERS = 0x00200000 

167USER_ALL_COUNTRYCODE = 0x00400000 

168USER_ALL_CODEPAGE = 0x00800000 

169USER_ALL_NTPASSWORDPRESENT = 0x01000000 

170USER_ALL_LMPASSWORDPRESENT = 0x02000000 

171USER_ALL_PRIVATEDATA = 0x04000000 

172USER_ALL_PASSWORDEXPIRED = 0x08000000 

173USER_ALL_SECURITYDESCRIPTOR = 0x10000000 

174USER_ALL_UNDEFINED_MASK = 0xC0000000 

175 

176# 2.2.1.9 ACCOUNT_TYPE Values 

177SAM_DOMAIN_OBJECT = 0x00000000 

178SAM_GROUP_OBJECT = 0x10000000 

179SAM_NON_SECURITY_GROUP_OBJECT = 0x10000001 

180SAM_ALIAS_OBJECT = 0x20000000 

181SAM_NON_SECURITY_ALIAS_OBJECT = 0x20000001 

182SAM_USER_OBJECT = 0x30000000 

183SAM_MACHINE_ACCOUNT = 0x30000001 

184SAM_TRUST_ACCOUNT = 0x30000002 

185SAM_APP_BASIC_GROUP = 0x40000000 

186SAM_APP_QUERY_GROUP = 0x40000001 

187 

188# 2.2.1.10 SE_GROUP Attributes 

189SE_GROUP_MANDATORY = 0x00000001 

190SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002 

191SE_GROUP_ENABLED = 0x00000004 

192 

193# 2.2.1.11 GROUP_TYPE Codes 

194GROUP_TYPE_ACCOUNT_GROUP = 0x00000002 

195GROUP_TYPE_RESOURCE_GROUP = 0x00000004 

196GROUP_TYPE_UNIVERSAL_GROUP = 0x00000008 

197GROUP_TYPE_SECURITY_ENABLED = 0x80000000 

198GROUP_TYPE_SECURITY_ACCOUNT = 0x80000002 

199GROUP_TYPE_SECURITY_RESOURCE = 0x80000004 

200GROUP_TYPE_SECURITY_UNIVERSAL = 0x80000008 

201 

202# 2.2.1.12 USER_ACCOUNT Codes 

203USER_ACCOUNT_DISABLED = 0x00000001 

204USER_HOME_DIRECTORY_REQUIRED = 0x00000002 

205USER_PASSWORD_NOT_REQUIRED = 0x00000004 

206USER_TEMP_DUPLICATE_ACCOUNT = 0x00000008 

207USER_NORMAL_ACCOUNT = 0x00000010 

208USER_MNS_LOGON_ACCOUNT = 0x00000020 

209USER_INTERDOMAIN_TRUST_ACCOUNT = 0x00000040 

210USER_WORKSTATION_TRUST_ACCOUNT = 0x00000080 

211USER_SERVER_TRUST_ACCOUNT = 0x00000100 

212USER_DONT_EXPIRE_PASSWORD = 0x00000200 

213USER_ACCOUNT_AUTO_LOCKED = 0x00000400 

214USER_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0x00000800 

215USER_SMARTCARD_REQUIRED = 0x00001000 

216USER_TRUSTED_FOR_DELEGATION = 0x00002000 

217USER_NOT_DELEGATED = 0x00004000 

218USER_USE_DES_KEY_ONLY = 0x00008000 

219USER_DONT_REQUIRE_PREAUTH = 0x00010000 

220USER_PASSWORD_EXPIRED = 0x00020000 

221USER_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x00040000 

222USER_NO_AUTH_DATA_REQUIRED = 0x00080000 

223USER_PARTIAL_SECRETS_ACCOUNT = 0x00100000 

224USER_USE_AES_KEYS = 0x00200000 

225 

226# 2.2.1.13 UF_FLAG Codes 

227UF_SCRIPT = 0x00000001 

228UF_ACCOUNTDISABLE = 0x00000002 

229UF_HOMEDIR_REQUIRED = 0x00000008 

230UF_LOCKOUT = 0x00000010 

231UF_PASSWD_NOTREQD = 0x00000020 

232UF_PASSWD_CANT_CHANGE = 0x00000040 

233UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0x00000080 

234UF_TEMP_DUPLICATE_ACCOUNT = 0x00000100 

235UF_NORMAL_ACCOUNT = 0x00000200 

236UF_INTERDOMAIN_TRUST_ACCOUNT = 0x00000800 

237UF_WORKSTATION_TRUST_ACCOUNT = 0x00001000 

238UF_SERVER_TRUST_ACCOUNT = 0x00002000 

239UF_DONT_EXPIRE_PASSWD = 0x00010000 

240UF_MNS_LOGON_ACCOUNT = 0x00020000 

241UF_SMARTCARD_REQUIRED = 0x00040000 

242UF_TRUSTED_FOR_DELEGATION = 0x00080000 

243UF_NOT_DELEGATED = 0x00100000 

244UF_USE_DES_KEY_ONLY = 0x00200000 

245UF_DONT_REQUIRE_PREAUTH = 0x00400000 

246UF_PASSWORD_EXPIRED = 0x00800000 

247UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x01000000 

248UF_NO_AUTH_DATA_REQUIRED = 0x02000000 

249UF_PARTIAL_SECRETS_ACCOUNT = 0x04000000 

250UF_USE_AES_KEYS = 0x08000000 

251 

252# 2.2.1.14 Predefined RIDs 

253DOMAIN_USER_RID_ADMIN = 0x000001F4 

254DOMAIN_USER_RID_GUEST = 0x000001F5 

255DOMAIN_USER_RID_KRBTGT = 0x000001F6 

256DOMAIN_GROUP_RID_ADMINS = 0x00000200 

257DOMAIN_GROUP_RID_USERS = 0x00000201 

258DOMAIN_GROUP_RID_COMPUTERS = 0x00000203 

259DOMAIN_GROUP_RID_CONTROLLERS = 0x00000204 

260DOMAIN_ALIAS_RID_ADMINS = 0x00000220 

261DOMAIN_GROUP_RID_READONLY_CONTROLLERS = 0x00000209 

262 

263# 2.2.4.1 Domain Fields 

264DOMAIN_PASSWORD_COMPLEX = 0x00000001 

265DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002 

266DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004 

267DOMAIN_LOCKOUT_ADMINS = 0x00000008 

268DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010 

269DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020 

270 

271# 2.2.9.2 SAM_VALIDATE_PERSISTED_FIELDS PresentFields 

272SAM_VALIDATE_PASSWORD_LAST_SET = 0x00000001 

273SAM_VALIDATE_BAD_PASSWORD_TIME = 0x00000002 

274SAM_VALIDATE_LOCKOUT_TIME = 0x00000004 

275SAM_VALIDATE_BAD_PASSWORD_COUNT = 0x00000008 

276SAM_VALIDATE_PASSWORD_HISTORY_LENGTH = 0x00000010 

277SAM_VALIDATE_PASSWORD_HISTORY = 0x00000020 

278 

279################################################################################ 

280# STRUCTURES 

281################################################################################ 

282class RPC_UNICODE_STRING_ARRAY(NDRUniConformantVaryingArray): 

283 item = RPC_UNICODE_STRING 

284 

285class RPC_UNICODE_STRING_ARRAY_C(NDRUniConformantArray): 

286 item = RPC_UNICODE_STRING 

287 

288class PRPC_UNICODE_STRING_ARRAY(NDRPOINTER): 

289 referent = ( 

290 ('Data',RPC_UNICODE_STRING_ARRAY_C), 

291 ) 

292 

293# 2.2.2.1 RPC_STRING, PRPC_STRING 

294class RPC_STRING(NDRSTRUCT): 

295 commonHdr = ( 

296 ('MaximumLength','<H=len(Data)-12'), 

297 ('Length','<H=len(Data)-12'), 

298 ('ReferentID','<L=0xff'), 

299 ) 

300 commonHdr64 = ( 

301 ('MaximumLength','<H=len(Data)-24'), 

302 ('Length','<H=len(Data)-24'), 

303 ('ReferentID','<Q=0xff'), 

304 ) 

305 

306 referent = ( 

307 ('Data',STR), 

308 ) 

309 

310 def dump(self, msg = None, indent = 0): 

311 if msg is None: 311 ↛ 312line 311 didn't jump to line 312, because the condition on line 311 was never true

312 msg = self.__class__.__name__ 

313 if msg != '': 313 ↛ 316line 313 didn't jump to line 316, because the condition on line 313 was never false

314 print("%s" % msg, end=' ') 

315 # Here just print the data 

316 print(" %r" % (self['Data']), end=' ') 

317 

318class PRPC_STRING(NDRPOINTER): 

319 referent = ( 

320 ('Data', RPC_STRING), 

321 ) 

322 

323# 2.2.2.2 OLD_LARGE_INTEGER 

324class OLD_LARGE_INTEGER(NDRSTRUCT): 

325 structure = ( 

326 ('LowPart',ULONG), 

327 ('HighPart',LONG), 

328 ) 

329 

330# 2.2.2.3 SID_NAME_USE 

331class SID_NAME_USE(NDRENUM): 

332 class enumItems(Enum): 

333 SidTypeUser = 1 

334 SidTypeGroup = 2 

335 SidTypeDomain = 3 

336 SidTypeAlias = 4 

337 SidTypeWellKnownGroup = 5 

338 SidTypeDeletedAccount = 6 

339 SidTypeInvalid = 7 

340 SidTypeUnknown = 8 

341 SidTypeComputer = 9 

342 SidTypeLabel = 10 

343 

344# 2.2.2.4 RPC_SHORT_BLOB 

345class USHORT_ARRAY(NDRUniConformantVaryingArray): 

346 item = '<H' 

347 pass 

348 

349class PUSHORT_ARRAY(NDRPOINTER): 

350 referent = ( 

351 ('Data', USHORT_ARRAY), 

352 ) 

353 

354class RPC_SHORT_BLOB(NDRSTRUCT): 

355 structure = ( 

356 ('Length', USHORT), 

357 ('MaximumLength', USHORT), 

358 ('Buffer',PUSHORT_ARRAY), 

359 ) 

360 

361# 2.2.3.2 SAMPR_HANDLE 

362class SAMPR_HANDLE(NDRSTRUCT): 

363 structure = ( 

364 ('Data','20s=b""'), 

365 ) 

366 def getAlignment(self): 

367 if self._isNDR64 is True: 

368 return 8 

369 else: 

370 return 4 

371 

372# 2.2.3.3 ENCRYPTED_LM_OWF_PASSWORD, ENCRYPTED_NT_OWF_PASSWORD 

373class ENCRYPTED_LM_OWF_PASSWORD(NDRSTRUCT): 

374 structure = ( 

375 ('Data', '16s=b""'), 

376 ) 

377 def getAlignment(self): 

378 return 1 

379 

380ENCRYPTED_NT_OWF_PASSWORD = ENCRYPTED_LM_OWF_PASSWORD 

381 

382class PENCRYPTED_LM_OWF_PASSWORD(NDRPOINTER): 

383 referent = ( 

384 ('Data', ENCRYPTED_LM_OWF_PASSWORD), 

385 ) 

386 

387PENCRYPTED_NT_OWF_PASSWORD = PENCRYPTED_LM_OWF_PASSWORD 

388 

389# 2.2.3.4 SAMPR_ULONG_ARRAY 

390#class SAMPR_ULONG_ARRAY(NDRUniConformantVaryingArray): 

391# item = '<L' 

392class ULONG_ARRAY(NDRUniConformantArray): 

393 item = ULONG 

394 

395class PULONG_ARRAY(NDRPOINTER): 

396 referent = ( 

397 ('Data', ULONG_ARRAY), 

398 ) 

399 

400class ULONG_ARRAY_CV(NDRUniConformantVaryingArray): 

401 item = ULONG 

402 

403class SAMPR_ULONG_ARRAY(NDRSTRUCT): 

404 structure = ( 

405 ('Count', ULONG), 

406 ('Element', PULONG_ARRAY), 

407 ) 

408 

409# 2.2.3.5 SAMPR_SID_INFORMATION 

410class SAMPR_SID_INFORMATION(NDRSTRUCT): 

411 structure = ( 

412 ('SidPointer', RPC_SID), 

413 ) 

414 

415class PSAMPR_SID_INFORMATION(NDRPOINTER): 

416 referent = ( 

417 ('Data', SAMPR_SID_INFORMATION), 

418 ) 

419 

420class SAMPR_SID_INFORMATION_ARRAY(NDRUniConformantArray): 

421 item = PSAMPR_SID_INFORMATION 

422 

423class PSAMPR_SID_INFORMATION_ARRAY(NDRPOINTER): 

424 referent = ( 

425 ('Data', SAMPR_SID_INFORMATION_ARRAY), 

426 ) 

427 

428# 2.2.3.6 SAMPR_PSID_ARRAY 

429class SAMPR_PSID_ARRAY(NDRSTRUCT): 

430 structure = ( 

431 ('Count', ULONG), 

432 ('Sids', PSAMPR_SID_INFORMATION_ARRAY), 

433 ) 

434 

435# 2.2.3.7 SAMPR_PSID_ARRAY_OUT 

436class SAMPR_PSID_ARRAY_OUT(NDRSTRUCT): 

437 structure = ( 

438 ('Count', ULONG), 

439 ('Sids', PSAMPR_SID_INFORMATION_ARRAY), 

440 ) 

441 

442# 2.2.3.8 SAMPR_RETURNED_USTRING_ARRAY 

443class SAMPR_RETURNED_USTRING_ARRAY(NDRSTRUCT): 

444 structure = ( 

445 ('Count', ULONG), 

446 ('Element', PRPC_UNICODE_STRING_ARRAY), 

447 ) 

448 

449# 2.2.3.9 SAMPR_RID_ENUMERATION 

450class SAMPR_RID_ENUMERATION(NDRSTRUCT): 

451 structure = ( 

452 ('RelativeId',ULONG), 

453 ('Name',RPC_UNICODE_STRING), 

454 ) 

455 

456class SAMPR_RID_ENUMERATION_ARRAY(NDRUniConformantArray): 

457 item = SAMPR_RID_ENUMERATION 

458 

459class PSAMPR_RID_ENUMERATION_ARRAY(NDRPOINTER): 

460 referent = ( 

461 ('Data', SAMPR_RID_ENUMERATION_ARRAY), 

462 ) 

463 

464# 2.2.3.10 SAMPR_ENUMERATION_BUFFER 

465class SAMPR_ENUMERATION_BUFFER(NDRSTRUCT): 

466 structure = ( 

467 ('EntriesRead',ULONG ), 

468 ('Buffer',PSAMPR_RID_ENUMERATION_ARRAY ), 

469 ) 

470 

471class PSAMPR_ENUMERATION_BUFFER(NDRPOINTER): 

472 referent = ( 

473 ('Data',SAMPR_ENUMERATION_BUFFER), 

474 ) 

475 

476# 2.2.3.11 SAMPR_SR_SECURITY_DESCRIPTOR 

477class CHAR_ARRAY(NDRUniConformantArray): 

478 pass 

479 

480class PCHAR_ARRAY(NDRPOINTER): 

481 referent = ( 

482 ('Data', CHAR_ARRAY), 

483 ) 

484 

485class SAMPR_SR_SECURITY_DESCRIPTOR(NDRSTRUCT): 

486 structure = ( 

487 ('Length', ULONG), 

488 ('SecurityDescriptor', PCHAR_ARRAY), 

489 ) 

490 

491class PSAMPR_SR_SECURITY_DESCRIPTOR(NDRPOINTER): 

492 referent = ( 

493 ('Data', SAMPR_SR_SECURITY_DESCRIPTOR), 

494 ) 

495 

496# 2.2.3.12 GROUP_MEMBERSHIP 

497class GROUP_MEMBERSHIP(NDRSTRUCT): 

498 structure = ( 

499 ('RelativeId',ULONG), 

500 ('Attributes',ULONG), 

501 ) 

502 

503class GROUP_MEMBERSHIP_ARRAY(NDRUniConformantArray): 

504 item = GROUP_MEMBERSHIP 

505 

506class PGROUP_MEMBERSHIP_ARRAY(NDRPOINTER): 

507 referent = ( 

508 ('Data',GROUP_MEMBERSHIP_ARRAY), 

509 ) 

510 

511# 2.2.3.13 SAMPR_GET_GROUPS_BUFFER 

512class SAMPR_GET_GROUPS_BUFFER(NDRSTRUCT): 

513 structure = ( 

514 ('MembershipCount',ULONG), 

515 ('Groups',PGROUP_MEMBERSHIP_ARRAY), 

516 ) 

517 

518class PSAMPR_GET_GROUPS_BUFFER(NDRPOINTER): 

519 referent = ( 

520 ('Data',SAMPR_GET_GROUPS_BUFFER), 

521 ) 

522 

523# 2.2.3.14 SAMPR_GET_MEMBERS_BUFFER 

524class SAMPR_GET_MEMBERS_BUFFER(NDRSTRUCT): 

525 structure = ( 

526 ('MemberCount', ULONG), 

527 ('Members', PULONG_ARRAY), 

528 ('Attributes', PULONG_ARRAY), 

529 ) 

530 

531class PSAMPR_GET_MEMBERS_BUFFER(NDRPOINTER): 

532 referent = ( 

533 ('Data', SAMPR_GET_MEMBERS_BUFFER), 

534 ) 

535 

536# 2.2.3.15 SAMPR_REVISION_INFO_V1 

537class SAMPR_REVISION_INFO_V1(NDRSTRUCT): 

538 structure = ( 

539 ('Revision',ULONG), 

540 ('SupportedFeatures',ULONG), 

541 ) 

542 

543# 2.2.3.16 SAMPR_REVISION_INFO 

544class SAMPR_REVISION_INFO(NDRUNION): 

545 commonHdr = ( 

546 ('tag', ULONG), 

547 ) 

548 

549 union = { 

550 1: ('V1', SAMPR_REVISION_INFO_V1), 

551 } 

552 

553# 2.2.3.17 USER_DOMAIN_PASSWORD_INFORMATION 

554class USER_DOMAIN_PASSWORD_INFORMATION(NDRSTRUCT): 

555 structure = ( 

556 ('MinPasswordLength', USHORT), 

557 ('PasswordProperties', ULONG), 

558 ) 

559 

560# 2.2.4.2 DOMAIN_SERVER_ENABLE_STATE 

561class DOMAIN_SERVER_ENABLE_STATE(NDRENUM): 

562 class enumItems(Enum): 

563 DomainServerEnabled = 1 

564 DomainServerDisabled = 2 

565 

566# 2.2.4.3 DOMAIN_STATE_INFORMATION 

567class DOMAIN_STATE_INFORMATION(NDRSTRUCT): 

568 structure = ( 

569 ('DomainServerState', DOMAIN_SERVER_ENABLE_STATE), 

570 ) 

571 

572# 2.2.4.4 DOMAIN_SERVER_ROLE 

573class DOMAIN_SERVER_ROLE(NDRENUM): 

574 class enumItems(Enum): 

575 DomainServerRoleBackup = 2 

576 DomainServerRolePrimary = 3 

577 

578# 2.2.4.5 DOMAIN_PASSWORD_INFORMATION 

579class DOMAIN_PASSWORD_INFORMATION(NDRSTRUCT): 

580 structure = ( 

581 ('MinPasswordLength', USHORT), 

582 ('PasswordHistoryLength', USHORT), 

583 ('PasswordProperties', ULONG), 

584 ('MaxPasswordAge', OLD_LARGE_INTEGER), 

585 ('MinPasswordAge', OLD_LARGE_INTEGER), 

586 ) 

587 

588# 2.2.4.6 DOMAIN_LOGOFF_INFORMATION 

589class DOMAIN_LOGOFF_INFORMATION(NDRSTRUCT): 

590 structure = ( 

591 ('ForceLogoff', OLD_LARGE_INTEGER), 

592 ) 

593 

594# 2.2.4.7 DOMAIN_SERVER_ROLE_INFORMATION 

595class DOMAIN_SERVER_ROLE_INFORMATION(NDRSTRUCT): 

596 structure = ( 

597 ('DomainServerRole', DOMAIN_SERVER_ROLE), 

598 ) 

599 

600# 2.2.4.8 DOMAIN_MODIFIED_INFORMATION 

601class DOMAIN_MODIFIED_INFORMATION(NDRSTRUCT): 

602 structure = ( 

603 ('DomainModifiedCount', OLD_LARGE_INTEGER), 

604 ('CreationTime', OLD_LARGE_INTEGER), 

605 ) 

606 

607# 2.2.4.9 DOMAIN_MODIFIED_INFORMATION2 

608class DOMAIN_MODIFIED_INFORMATION2(NDRSTRUCT): 

609 structure = ( 

610 ('DomainModifiedCount', OLD_LARGE_INTEGER), 

611 ('CreationTime', OLD_LARGE_INTEGER), 

612 ('ModifiedCountAtLastPromotion', OLD_LARGE_INTEGER), 

613 ) 

614 

615# 2.2.4.10 SAMPR_DOMAIN_GENERAL_INFORMATION 

616class SAMPR_DOMAIN_GENERAL_INFORMATION(NDRSTRUCT): 

617 structure = ( 

618 ('ForceLogoff', OLD_LARGE_INTEGER), 

619 ('OemInformation', RPC_UNICODE_STRING), 

620 ('DomainName', RPC_UNICODE_STRING), 

621 ('ReplicaSourceNodeName', RPC_UNICODE_STRING), 

622 ('DomainModifiedCount', OLD_LARGE_INTEGER), 

623 ('DomainServerState', ULONG), 

624 ('DomainServerRole', ULONG), 

625 ('UasCompatibilityRequired', UCHAR), 

626 ('UserCount', ULONG), 

627 ('GroupCount', ULONG), 

628 ('AliasCount', ULONG), 

629 ) 

630 

631# 2.2.4.11 SAMPR_DOMAIN_GENERAL_INFORMATION2 

632class SAMPR_DOMAIN_GENERAL_INFORMATION2(NDRSTRUCT): 

633 structure = ( 

634 ('I1', SAMPR_DOMAIN_GENERAL_INFORMATION), 

635 ('LockoutDuration', LARGE_INTEGER), 

636 ('LockoutObservationWindow', LARGE_INTEGER), 

637 ('LockoutThreshold', USHORT), 

638 ) 

639 

640# 2.2.4.12 SAMPR_DOMAIN_OEM_INFORMATION 

641class SAMPR_DOMAIN_OEM_INFORMATION(NDRSTRUCT): 

642 structure = ( 

643 ('OemInformation', RPC_UNICODE_STRING), 

644 ) 

645 

646# 2.2.4.13 SAMPR_DOMAIN_NAME_INFORMATION 

647class SAMPR_DOMAIN_NAME_INFORMATION(NDRSTRUCT): 

648 structure = ( 

649 ('DomainName', RPC_UNICODE_STRING), 

650 ) 

651 

652# 2.2.4.14 SAMPR_DOMAIN_REPLICATION_INFORMATION 

653class SAMPR_DOMAIN_REPLICATION_INFORMATION(NDRSTRUCT): 

654 structure = ( 

655 ('ReplicaSourceNodeName', RPC_UNICODE_STRING), 

656 ) 

657 

658# 2.2.4.15 SAMPR_DOMAIN_LOCKOUT_INFORMATION 

659class SAMPR_DOMAIN_LOCKOUT_INFORMATION(NDRSTRUCT): 

660 structure = ( 

661 ('LockoutDuration', LARGE_INTEGER), 

662 ('LockoutObservationWindow', LARGE_INTEGER), 

663 ('LockoutThreshold', USHORT), 

664 ) 

665 

666# 2.2.4.16 DOMAIN_INFORMATION_CLASS 

667class DOMAIN_INFORMATION_CLASS(NDRENUM): 

668 class enumItems(Enum): 

669 DomainPasswordInformation = 1 

670 DomainGeneralInformation = 2 

671 DomainLogoffInformation = 3 

672 DomainOemInformation = 4 

673 DomainNameInformation = 5 

674 DomainReplicationInformation = 6 

675 DomainServerRoleInformation = 7 

676 DomainModifiedInformation = 8 

677 DomainStateInformation = 9 

678 DomainGeneralInformation2 = 11 

679 DomainLockoutInformation = 12 

680 DomainModifiedInformation2 = 13 

681 

682# 2.2.4.17 SAMPR_DOMAIN_INFO_BUFFER 

683class SAMPR_DOMAIN_INFO_BUFFER(NDRUNION): 

684 union = { 

685 DOMAIN_INFORMATION_CLASS.DomainPasswordInformation : ('Password', DOMAIN_PASSWORD_INFORMATION), 

686 DOMAIN_INFORMATION_CLASS.DomainGeneralInformation : ('General', SAMPR_DOMAIN_GENERAL_INFORMATION), 

687 DOMAIN_INFORMATION_CLASS.DomainLogoffInformation : ('Logoff', DOMAIN_LOGOFF_INFORMATION), 

688 DOMAIN_INFORMATION_CLASS.DomainOemInformation : ('Oem', SAMPR_DOMAIN_OEM_INFORMATION), 

689 DOMAIN_INFORMATION_CLASS.DomainNameInformation : ('Name', SAMPR_DOMAIN_NAME_INFORMATION), 

690 DOMAIN_INFORMATION_CLASS.DomainServerRoleInformation : ('Role', DOMAIN_SERVER_ROLE_INFORMATION), 

691 DOMAIN_INFORMATION_CLASS.DomainReplicationInformation : ('Replication', SAMPR_DOMAIN_REPLICATION_INFORMATION), 

692 DOMAIN_INFORMATION_CLASS.DomainModifiedInformation : ('Modified', DOMAIN_MODIFIED_INFORMATION), 

693 DOMAIN_INFORMATION_CLASS.DomainStateInformation : ('State', DOMAIN_STATE_INFORMATION), 

694 DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2 : ('General2', SAMPR_DOMAIN_GENERAL_INFORMATION2), 

695 DOMAIN_INFORMATION_CLASS.DomainLockoutInformation : ('Lockout', SAMPR_DOMAIN_LOCKOUT_INFORMATION), 

696 DOMAIN_INFORMATION_CLASS.DomainModifiedInformation2 : ('Modified2', DOMAIN_MODIFIED_INFORMATION2), 

697 } 

698 

699class PSAMPR_DOMAIN_INFO_BUFFER(NDRPOINTER): 

700 referent = ( 

701 ('Data', SAMPR_DOMAIN_INFO_BUFFER), 

702 ) 

703 

704# 2.2.5.2 GROUP_ATTRIBUTE_INFORMATION 

705class GROUP_ATTRIBUTE_INFORMATION(NDRSTRUCT): 

706 structure = ( 

707 ('Attributes', ULONG), 

708 ) 

709 

710# 2.2.5.3 SAMPR_GROUP_GENERAL_INFORMATION 

711class SAMPR_GROUP_GENERAL_INFORMATION(NDRSTRUCT): 

712 structure = ( 

713 ('Name', RPC_UNICODE_STRING), 

714 ('Attributes', ULONG), 

715 ('MemberCount', ULONG), 

716 ('AdminComment', RPC_UNICODE_STRING), 

717 ) 

718 

719# 2.2.5.4 SAMPR_GROUP_NAME_INFORMATION 

720class SAMPR_GROUP_NAME_INFORMATION(NDRSTRUCT): 

721 structure = ( 

722 ('Name', RPC_UNICODE_STRING), 

723 ) 

724 

725# 2.2.5.5 SAMPR_GROUP_ADM_COMMENT_INFORMATION 

726class SAMPR_GROUP_ADM_COMMENT_INFORMATION(NDRSTRUCT): 

727 structure = ( 

728 ('AdminComment', RPC_UNICODE_STRING), 

729 ) 

730 

731# 2.2.5.6 GROUP_INFORMATION_CLASS 

732class GROUP_INFORMATION_CLASS(NDRENUM): 

733 class enumItems(Enum): 

734 GroupGeneralInformation = 1 

735 GroupNameInformation = 2 

736 GroupAttributeInformation = 3 

737 GroupAdminCommentInformation = 4 

738 GroupReplicationInformation = 5 

739 

740# 2.2.5.7 SAMPR_GROUP_INFO_BUFFER 

741class SAMPR_GROUP_INFO_BUFFER(NDRUNION): 

742 union = { 

743 GROUP_INFORMATION_CLASS.GroupGeneralInformation : ('General', SAMPR_GROUP_GENERAL_INFORMATION), 

744 GROUP_INFORMATION_CLASS.GroupNameInformation : ('Name', SAMPR_GROUP_NAME_INFORMATION), 

745 GROUP_INFORMATION_CLASS.GroupAttributeInformation : ('Attribute', GROUP_ATTRIBUTE_INFORMATION), 

746 GROUP_INFORMATION_CLASS.GroupAdminCommentInformation : ('AdminComment', SAMPR_GROUP_ADM_COMMENT_INFORMATION), 

747 GROUP_INFORMATION_CLASS.GroupReplicationInformation : ('DoNotUse', SAMPR_GROUP_GENERAL_INFORMATION), 

748 } 

749 

750class PSAMPR_GROUP_INFO_BUFFER(NDRPOINTER): 

751 referent = ( 

752 ('Data', SAMPR_GROUP_INFO_BUFFER), 

753 ) 

754 

755# 2.2.6.2 SAMPR_ALIAS_GENERAL_INFORMATION 

756class SAMPR_ALIAS_GENERAL_INFORMATION(NDRSTRUCT): 

757 structure = ( 

758 ('Name', RPC_UNICODE_STRING), 

759 ('MemberCount', ULONG), 

760 ('AdminComment', RPC_UNICODE_STRING), 

761 ) 

762 

763# 2.2.6.3 SAMPR_ALIAS_NAME_INFORMATION 

764class SAMPR_ALIAS_NAME_INFORMATION(NDRSTRUCT): 

765 structure = ( 

766 ('Name', RPC_UNICODE_STRING), 

767 ) 

768 

769# 2.2.6.4 SAMPR_ALIAS_ADM_COMMENT_INFORMATION 

770class SAMPR_ALIAS_ADM_COMMENT_INFORMATION(NDRSTRUCT): 

771 structure = ( 

772 ('AdminComment', RPC_UNICODE_STRING), 

773 ) 

774 

775# 2.2.6.5 ALIAS_INFORMATION_CLASS 

776class ALIAS_INFORMATION_CLASS(NDRENUM): 

777 class enumItems(Enum): 

778 AliasGeneralInformation = 1 

779 AliasNameInformation = 2 

780 AliasAdminCommentInformation = 3 

781 

782# 2.2.6.6 SAMPR_ALIAS_INFO_BUFFER 

783class SAMPR_ALIAS_INFO_BUFFER(NDRUNION): 

784 union = { 

785 ALIAS_INFORMATION_CLASS.AliasGeneralInformation : ('General', SAMPR_ALIAS_GENERAL_INFORMATION), 

786 ALIAS_INFORMATION_CLASS.AliasNameInformation : ('Name', SAMPR_ALIAS_NAME_INFORMATION), 

787 ALIAS_INFORMATION_CLASS.AliasAdminCommentInformation : ('AdminComment', SAMPR_ALIAS_ADM_COMMENT_INFORMATION), 

788 } 

789 

790class PSAMPR_ALIAS_INFO_BUFFER(NDRPOINTER): 

791 referent = ( 

792 ('Data', SAMPR_ALIAS_INFO_BUFFER), 

793 ) 

794 

795# 2.2.7.2 USER_PRIMARY_GROUP_INFORMATION 

796class USER_PRIMARY_GROUP_INFORMATION(NDRSTRUCT): 

797 structure = ( 

798 ('PrimaryGroupId', ULONG), 

799 ) 

800 

801# 2.2.7.3 USER_CONTROL_INFORMATION 

802class USER_CONTROL_INFORMATION(NDRSTRUCT): 

803 structure = ( 

804 ('UserAccountControl', ULONG), 

805 ) 

806 

807# 2.2.7.4 USER_EXPIRES_INFORMATION 

808class USER_EXPIRES_INFORMATION(NDRSTRUCT): 

809 structure = ( 

810 ('AccountExpires', OLD_LARGE_INTEGER), 

811 ) 

812 

813# 2.2.7.5 SAMPR_LOGON_HOURS 

814class LOGON_HOURS_ARRAY(NDRUniConformantVaryingArray): 

815 pass 

816 

817class PLOGON_HOURS_ARRAY(NDRPOINTER): 

818 referent = ( 

819 ('Data', LOGON_HOURS_ARRAY), 

820 ) 

821 

822class SAMPR_LOGON_HOURS(NDRSTRUCT): 

823 structure = ( 

824 #('UnitsPerWeek', NDRSHORT), 

825 ('UnitsPerWeek', ULONG), 

826 ('LogonHours', PLOGON_HOURS_ARRAY), 

827 ) 

828 

829 def getData(self, soFar = 0): 

830 if self['LogonHours'] != 0: 

831 self['UnitsPerWeek'] = len(self['LogonHours']) * 8 

832 return NDR.getData(self, soFar) 

833 

834# 2.2.7.6 SAMPR_USER_ALL_INFORMATION 

835class SAMPR_USER_ALL_INFORMATION(NDRSTRUCT): 

836 structure = ( 

837 ('LastLogon', OLD_LARGE_INTEGER), 

838 ('LastLogoff', OLD_LARGE_INTEGER), 

839 ('PasswordLastSet', OLD_LARGE_INTEGER), 

840 ('AccountExpires', OLD_LARGE_INTEGER), 

841 ('PasswordCanChange', OLD_LARGE_INTEGER), 

842 ('PasswordMustChange', OLD_LARGE_INTEGER), 

843 ('UserName', RPC_UNICODE_STRING), 

844 ('FullName', RPC_UNICODE_STRING), 

845 ('HomeDirectory', RPC_UNICODE_STRING), 

846 ('HomeDirectoryDrive', RPC_UNICODE_STRING), 

847 ('ScriptPath', RPC_UNICODE_STRING), 

848 ('ProfilePath', RPC_UNICODE_STRING), 

849 ('AdminComment', RPC_UNICODE_STRING), 

850 ('WorkStations', RPC_UNICODE_STRING), 

851 ('UserComment', RPC_UNICODE_STRING), 

852 ('Parameters', RPC_UNICODE_STRING), 

853 

854 ('LmOwfPassword', RPC_SHORT_BLOB), 

855 ('NtOwfPassword', RPC_SHORT_BLOB), 

856 ('PrivateData', RPC_UNICODE_STRING), 

857 

858 ('SecurityDescriptor', SAMPR_SR_SECURITY_DESCRIPTOR), 

859 

860 ('UserId', ULONG), 

861 ('PrimaryGroupId', ULONG), 

862 ('UserAccountControl', ULONG), 

863 ('WhichFields', ULONG), 

864 ('LogonHours', SAMPR_LOGON_HOURS), 

865 ('BadPasswordCount', USHORT), 

866 ('LogonCount', USHORT), 

867 ('CountryCode', USHORT), 

868 ('CodePage', USHORT), 

869 ('LmPasswordPresent', UCHAR), 

870 ('NtPasswordPresent', UCHAR), 

871 ('PasswordExpired', UCHAR), 

872 ('PrivateDataSensitive', UCHAR), 

873 ) 

874 

875# 2.2.7.7 SAMPR_USER_GENERAL_INFORMATION 

876class SAMPR_USER_GENERAL_INFORMATION(NDRSTRUCT): 

877 structure = ( 

878 ('UserName', RPC_UNICODE_STRING), 

879 ('FullName', RPC_UNICODE_STRING), 

880 ('PrimaryGroupId', ULONG), 

881 ('AdminComment', RPC_UNICODE_STRING), 

882 ('UserComment', RPC_UNICODE_STRING), 

883 ) 

884 

885# 2.2.7.8 SAMPR_USER_PREFERENCES_INFORMATION 

886class SAMPR_USER_PREFERENCES_INFORMATION(NDRSTRUCT): 

887 structure = ( 

888 ('UserComment', RPC_UNICODE_STRING), 

889 ('Reserved1', RPC_UNICODE_STRING), 

890 ('CountryCode', USHORT), 

891 ('CodePage', USHORT), 

892 ) 

893 

894# 2.2.7.9 SAMPR_USER_PARAMETERS_INFORMATION 

895class SAMPR_USER_PARAMETERS_INFORMATION(NDRSTRUCT): 

896 structure = ( 

897 ('Parameters', RPC_UNICODE_STRING), 

898 ) 

899 

900# 2.2.7.10 SAMPR_USER_LOGON_INFORMATION 

901class SAMPR_USER_LOGON_INFORMATION(NDRSTRUCT): 

902 structure = ( 

903 ('UserName', RPC_UNICODE_STRING), 

904 ('FullName', RPC_UNICODE_STRING), 

905 ('UserId', ULONG), 

906 ('PrimaryGroupId', ULONG), 

907 ('HomeDirectory', RPC_UNICODE_STRING), 

908 ('HomeDirectoryDrive', RPC_UNICODE_STRING), 

909 ('ScriptPath', RPC_UNICODE_STRING), 

910 ('ProfilePath', RPC_UNICODE_STRING), 

911 ('WorkStations', RPC_UNICODE_STRING), 

912 ('LastLogon', OLD_LARGE_INTEGER), 

913 ('LastLogoff', OLD_LARGE_INTEGER), 

914 ('PasswordLastSet', OLD_LARGE_INTEGER), 

915 ('PasswordCanChange', OLD_LARGE_INTEGER), 

916 ('PasswordMustChange', OLD_LARGE_INTEGER), 

917 ('LogonHours', SAMPR_LOGON_HOURS), 

918 ('BadPasswordCount', USHORT), 

919 ('LogonCount', USHORT), 

920 ('UserAccountControl', ULONG), 

921 ) 

922 

923# 2.2.7.11 SAMPR_USER_ACCOUNT_INFORMATION 

924class SAMPR_USER_ACCOUNT_INFORMATION(NDRSTRUCT): 

925 structure = ( 

926 ('UserName', RPC_UNICODE_STRING), 

927 ('FullName', RPC_UNICODE_STRING), 

928 ('UserId', ULONG), 

929 ('PrimaryGroupId', ULONG), 

930 ('HomeDirectory', RPC_UNICODE_STRING), 

931 ('HomeDirectoryDrive', RPC_UNICODE_STRING), 

932 ('ScriptPath', RPC_UNICODE_STRING), 

933 ('ProfilePath', RPC_UNICODE_STRING), 

934 ('AdminComment', RPC_UNICODE_STRING), 

935 ('WorkStations', RPC_UNICODE_STRING), 

936 ('LastLogon', OLD_LARGE_INTEGER), 

937 ('LastLogoff', OLD_LARGE_INTEGER), 

938 ('LogonHours', SAMPR_LOGON_HOURS), 

939 ('BadPasswordCount', USHORT), 

940 ('LogonCount', USHORT), 

941 ('PasswordLastSet', OLD_LARGE_INTEGER), 

942 ('AccountExpires', OLD_LARGE_INTEGER), 

943 ('UserAccountControl', ULONG) 

944 ) 

945 

946# 2.2.7.12 SAMPR_USER_A_NAME_INFORMATION 

947class SAMPR_USER_A_NAME_INFORMATION(NDRSTRUCT): 

948 structure = ( 

949 ('UserName', RPC_UNICODE_STRING), 

950 ) 

951 

952# 2.2.7.13 SAMPR_USER_F_NAME_INFORMATION 

953class SAMPR_USER_F_NAME_INFORMATION(NDRSTRUCT): 

954 structure = ( 

955 ('FullName', RPC_UNICODE_STRING), 

956 ) 

957 

958# 2.2.7.14 SAMPR_USER_NAME_INFORMATION 

959class SAMPR_USER_NAME_INFORMATION(NDRSTRUCT): 

960 structure = ( 

961 ('UserName', RPC_UNICODE_STRING), 

962 ('FullName', RPC_UNICODE_STRING), 

963 ) 

964 

965# 2.2.7.15 SAMPR_USER_HOME_INFORMATION 

966class SAMPR_USER_HOME_INFORMATION(NDRSTRUCT): 

967 structure = ( 

968 ('HomeDirectory', RPC_UNICODE_STRING), 

969 ('HomeDirectoryDrive', RPC_UNICODE_STRING), 

970 ) 

971 

972# 2.2.7.16 SAMPR_USER_SCRIPT_INFORMATION 

973class SAMPR_USER_SCRIPT_INFORMATION(NDRSTRUCT): 

974 structure = ( 

975 ('ScriptPath', RPC_UNICODE_STRING), 

976 ) 

977 

978# 2.2.7.17 SAMPR_USER_PROFILE_INFORMATION 

979class SAMPR_USER_PROFILE_INFORMATION(NDRSTRUCT): 

980 structure = ( 

981 ('ProfilePath', RPC_UNICODE_STRING), 

982 ) 

983 

984# 2.2.7.18 SAMPR_USER_ADMIN_COMMENT_INFORMATION 

985class SAMPR_USER_ADMIN_COMMENT_INFORMATION(NDRSTRUCT): 

986 structure = ( 

987 ('AdminComment', RPC_UNICODE_STRING), 

988 ) 

989 

990# 2.2.7.19 SAMPR_USER_WORKSTATIONS_INFORMATION 

991class SAMPR_USER_WORKSTATIONS_INFORMATION(NDRSTRUCT): 

992 structure = ( 

993 ('WorkStations', RPC_UNICODE_STRING), 

994 ) 

995 

996# 2.2.7.20 SAMPR_USER_LOGON_HOURS_INFORMATION 

997class SAMPR_USER_LOGON_HOURS_INFORMATION(NDRSTRUCT): 

998 structure = ( 

999 ('LogonHours', SAMPR_LOGON_HOURS), 

1000 ) 

1001 

1002# 2.2.7.21 SAMPR_ENCRYPTED_USER_PASSWORD 

1003class SAMPR_USER_PASSWORD(NDRSTRUCT): 

1004 structure = ( 

1005 ('Buffer', '512s=b""'), 

1006 ('Length', ULONG), 

1007 ) 

1008 def getAlignment(self): 

1009 return 4 

1010 

1011 

1012class SAMPR_ENCRYPTED_USER_PASSWORD(NDRSTRUCT): 

1013 structure = ( 

1014 ('Buffer', '516s=b""'), 

1015 ) 

1016 def getAlignment(self): 

1017 return 1 

1018 

1019class PSAMPR_ENCRYPTED_USER_PASSWORD(NDRPOINTER): 

1020 referent = ( 

1021 ('Data', SAMPR_ENCRYPTED_USER_PASSWORD), 

1022 ) 

1023 

1024# 2.2.7.22 SAMPR_ENCRYPTED_USER_PASSWORD_NEW 

1025class SAMPR_ENCRYPTED_USER_PASSWORD_NEW(NDRSTRUCT): 

1026 structure = ( 

1027 ('Buffer', '532s=b""'), 

1028 ) 

1029 def getAlignment(self): 

1030 return 1 

1031 

1032# 2.2.7.23 SAMPR_USER_INTERNAL1_INFORMATION 

1033class SAMPR_USER_INTERNAL1_INFORMATION(NDRSTRUCT): 

1034 structure = ( 

1035 ('EncryptedNtOwfPassword', ENCRYPTED_NT_OWF_PASSWORD), 

1036 ('EncryptedLmOwfPassword', ENCRYPTED_LM_OWF_PASSWORD), 

1037 ('NtPasswordPresent', UCHAR), 

1038 ('LmPasswordPresent', UCHAR), 

1039 ('PasswordExpired', UCHAR), 

1040 ) 

1041 

1042# 2.2.7.24 SAMPR_USER_INTERNAL4_INFORMATION 

1043class SAMPR_USER_INTERNAL4_INFORMATION(NDRSTRUCT): 

1044 structure = ( 

1045 ('I1', SAMPR_USER_ALL_INFORMATION), 

1046 ('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD), 

1047 ) 

1048 

1049# 2.2.7.25 SAMPR_USER_INTERNAL4_INFORMATION_NEW 

1050class SAMPR_USER_INTERNAL4_INFORMATION_NEW(NDRSTRUCT): 

1051 structure = ( 

1052 ('I1', SAMPR_USER_ALL_INFORMATION), 

1053 ('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD_NEW), 

1054 ) 

1055 

1056# 2.2.7.26 SAMPR_USER_INTERNAL5_INFORMATION 

1057class SAMPR_USER_INTERNAL5_INFORMATION(NDRSTRUCT): 

1058 structure = ( 

1059 ('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD), 

1060 ('PasswordExpired', UCHAR), 

1061 ) 

1062 

1063# 2.2.7.27 SAMPR_USER_INTERNAL5_INFORMATION_NEW 

1064class SAMPR_USER_INTERNAL5_INFORMATION_NEW(NDRSTRUCT): 

1065 structure = ( 

1066 ('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD_NEW), 

1067 ('PasswordExpired', UCHAR), 

1068 ) 

1069 

1070# 2.2.7.28 USER_INFORMATION_CLASS 

1071class USER_INFORMATION_CLASS(NDRENUM): 

1072 class enumItems(Enum): 

1073 UserGeneralInformation = 1 

1074 UserPreferencesInformation = 2 

1075 UserLogonInformation = 3 

1076 UserLogonHoursInformation = 4 

1077 UserAccountInformation = 5 

1078 UserNameInformation = 6 

1079 UserAccountNameInformation = 7 

1080 UserFullNameInformation = 8 

1081 UserPrimaryGroupInformation = 9 

1082 UserHomeInformation = 10 

1083 UserScriptInformation = 11 

1084 UserProfileInformation = 12 

1085 UserAdminCommentInformation = 13 

1086 UserWorkStationsInformation = 14 

1087 UserControlInformation = 16 

1088 UserExpiresInformation = 17 

1089 UserInternal1Information = 18 

1090 UserParametersInformation = 20 

1091 UserAllInformation = 21 

1092 UserInternal4Information = 23 

1093 UserInternal5Information = 24 

1094 UserInternal4InformationNew = 25 

1095 UserInternal5InformationNew = 26 

1096 

1097# 2.2.7.29 SAMPR_USER_INFO_BUFFER 

1098class SAMPR_USER_INFO_BUFFER(NDRUNION): 

1099 union = { 

1100 USER_INFORMATION_CLASS.UserGeneralInformation : ('General', SAMPR_USER_GENERAL_INFORMATION), 

1101 USER_INFORMATION_CLASS.UserPreferencesInformation : ('Preferences', SAMPR_USER_PREFERENCES_INFORMATION), 

1102 USER_INFORMATION_CLASS.UserLogonInformation : ('Logon', SAMPR_USER_LOGON_INFORMATION), 

1103 USER_INFORMATION_CLASS.UserLogonHoursInformation : ('LogonHours', SAMPR_USER_LOGON_HOURS_INFORMATION), 

1104 USER_INFORMATION_CLASS.UserAccountInformation : ('Account', SAMPR_USER_ACCOUNT_INFORMATION), 

1105 USER_INFORMATION_CLASS.UserNameInformation : ('Name', SAMPR_USER_NAME_INFORMATION), 

1106 USER_INFORMATION_CLASS.UserAccountNameInformation : ('AccountName', SAMPR_USER_A_NAME_INFORMATION), 

1107 USER_INFORMATION_CLASS.UserFullNameInformation : ('FullName', SAMPR_USER_F_NAME_INFORMATION), 

1108 USER_INFORMATION_CLASS.UserPrimaryGroupInformation: ('PrimaryGroup', USER_PRIMARY_GROUP_INFORMATION), 

1109 USER_INFORMATION_CLASS.UserHomeInformation : ('Home', SAMPR_USER_HOME_INFORMATION), 

1110 USER_INFORMATION_CLASS.UserScriptInformation : ('Script', SAMPR_USER_SCRIPT_INFORMATION), 

1111 USER_INFORMATION_CLASS.UserProfileInformation : ('Profile', SAMPR_USER_PROFILE_INFORMATION), 

1112 USER_INFORMATION_CLASS.UserAdminCommentInformation: ('AdminComment', SAMPR_USER_ADMIN_COMMENT_INFORMATION), 

1113 USER_INFORMATION_CLASS.UserWorkStationsInformation: ('WorkStations', SAMPR_USER_WORKSTATIONS_INFORMATION), 

1114 USER_INFORMATION_CLASS.UserControlInformation : ('Control', USER_CONTROL_INFORMATION), 

1115 USER_INFORMATION_CLASS.UserExpiresInformation : ('Expires', USER_EXPIRES_INFORMATION), 

1116 USER_INFORMATION_CLASS.UserInternal1Information : ('Internal1', SAMPR_USER_INTERNAL1_INFORMATION), 

1117 USER_INFORMATION_CLASS.UserParametersInformation : ('Parameters', SAMPR_USER_PARAMETERS_INFORMATION ), 

1118 USER_INFORMATION_CLASS.UserAllInformation : ('All', SAMPR_USER_ALL_INFORMATION), 

1119 USER_INFORMATION_CLASS.UserInternal4Information : ('Internal4', SAMPR_USER_INTERNAL4_INFORMATION), 

1120 USER_INFORMATION_CLASS.UserInternal5Information : ('Internal5', SAMPR_USER_INTERNAL5_INFORMATION), 

1121 USER_INFORMATION_CLASS.UserInternal4InformationNew: ('Internal4New', SAMPR_USER_INTERNAL4_INFORMATION_NEW), 

1122 USER_INFORMATION_CLASS.UserInternal5InformationNew: ('Internal5New', SAMPR_USER_INTERNAL5_INFORMATION_NEW), 

1123 } 

1124 

1125class PSAMPR_USER_INFO_BUFFER(NDRPOINTER): 

1126 referent = ( 

1127 ('Data', SAMPR_USER_INFO_BUFFER), 

1128 ) 

1129 

1130class PSAMPR_SERVER_NAME2(NDRPOINTER): 

1131 referent = ( 

1132 ('Data', '4s=b""'), 

1133 ) 

1134 

1135# 2.2.8.2 SAMPR_DOMAIN_DISPLAY_USER 

1136class SAMPR_DOMAIN_DISPLAY_USER(NDRSTRUCT): 

1137 structure = ( 

1138 ('Index',ULONG), 

1139 ('Rid',ULONG), 

1140 ('AccountControl',ULONG), 

1141 ('AccountName',RPC_UNICODE_STRING), 

1142 ('AdminComment',RPC_UNICODE_STRING), 

1143 ('FullName',RPC_UNICODE_STRING), 

1144 ) 

1145 

1146class SAMPR_DOMAIN_DISPLAY_USER_ARRAY(NDRUniConformantArray): 

1147 item = SAMPR_DOMAIN_DISPLAY_USER 

1148 

1149class PSAMPR_DOMAIN_DISPLAY_USER_ARRAY(NDRPOINTER): 

1150 referent = ( 

1151 ('Data',SAMPR_DOMAIN_DISPLAY_USER_ARRAY), 

1152 ) 

1153 

1154# 2.2.8.3 SAMPR_DOMAIN_DISPLAY_MACHINE 

1155class SAMPR_DOMAIN_DISPLAY_MACHINE(NDRSTRUCT): 

1156 structure = ( 

1157 ('Index',ULONG), 

1158 ('Rid',ULONG), 

1159 ('AccountControl',ULONG), 

1160 ('AccountName',RPC_UNICODE_STRING), 

1161 ('AdminComment',RPC_UNICODE_STRING), 

1162 ) 

1163 

1164class SAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY(NDRUniConformantArray): 

1165 item = SAMPR_DOMAIN_DISPLAY_MACHINE 

1166 

1167class PSAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY(NDRPOINTER): 

1168 referent = ( 

1169 ('Data',SAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY), 

1170 ) 

1171 

1172# 2.2.8.4 SAMPR_DOMAIN_DISPLAY_GROUP 

1173class SAMPR_DOMAIN_DISPLAY_GROUP(NDRSTRUCT): 

1174 structure = ( 

1175 ('Index',ULONG), 

1176 ('Rid',ULONG), 

1177 ('AccountControl',ULONG), 

1178 ('AccountName',RPC_UNICODE_STRING), 

1179 ('AdminComment',RPC_UNICODE_STRING), 

1180 ) 

1181 

1182class SAMPR_DOMAIN_DISPLAY_GROUP_ARRAY(NDRUniConformantArray): 

1183 item = SAMPR_DOMAIN_DISPLAY_GROUP 

1184 

1185class PSAMPR_DOMAIN_DISPLAY_GROUP_ARRAY(NDRPOINTER): 

1186 referent = ( 

1187 ('Data',SAMPR_DOMAIN_DISPLAY_GROUP_ARRAY), 

1188 ) 

1189 

1190# 2.2.8.5 SAMPR_DOMAIN_DISPLAY_OEM_USER 

1191class SAMPR_DOMAIN_DISPLAY_OEM_USER(NDRSTRUCT): 

1192 structure = ( 

1193 ('Index',ULONG), 

1194 ('OemAccountName',RPC_STRING), 

1195 ) 

1196 

1197class SAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY(NDRUniConformantArray): 

1198 item = SAMPR_DOMAIN_DISPLAY_OEM_USER 

1199 

1200class PSAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY(NDRPOINTER): 

1201 referent = ( 

1202 ('Data',SAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY), 

1203 ) 

1204 

1205# 2.2.8.6 SAMPR_DOMAIN_DISPLAY_OEM_GROUP 

1206class SAMPR_DOMAIN_DISPLAY_OEM_GROUP(NDRSTRUCT): 

1207 structure = ( 

1208 ('Index',ULONG), 

1209 ('OemAccountName',RPC_STRING), 

1210 ) 

1211 

1212class SAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY(NDRUniConformantArray): 

1213 item = SAMPR_DOMAIN_DISPLAY_OEM_GROUP 

1214 

1215class PSAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY(NDRPOINTER): 

1216 referent = ( 

1217 ('Data',SAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY), 

1218 ) 

1219 

1220#2.2.8.7 SAMPR_DOMAIN_DISPLAY_USER_BUFFER 

1221class SAMPR_DOMAIN_DISPLAY_USER_BUFFER(NDRSTRUCT): 

1222 structure = ( 

1223 ('EntriesRead', ULONG), 

1224 ('Buffer', PSAMPR_DOMAIN_DISPLAY_USER_ARRAY), 

1225 ) 

1226 

1227# 2.2.8.8 SAMPR_DOMAIN_DISPLAY_MACHINE_BUFFER 

1228class SAMPR_DOMAIN_DISPLAY_MACHINE_BUFFER(NDRSTRUCT): 

1229 structure = ( 

1230 ('EntriesRead', ULONG), 

1231 ('Buffer', PSAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY), 

1232 ) 

1233 

1234# 2.2.8.9 SAMPR_DOMAIN_DISPLAY_GROUP_BUFFER 

1235class SAMPR_DOMAIN_DISPLAY_GROUP_BUFFER(NDRSTRUCT): 

1236 structure = ( 

1237 ('EntriesRead', ULONG), 

1238 ('Buffer', PSAMPR_DOMAIN_DISPLAY_GROUP_ARRAY), 

1239 ) 

1240 

1241# 2.2.8.10 SAMPR_DOMAIN_DISPLAY_OEM_USER_BUFFER 

1242class SAMPR_DOMAIN_DISPLAY_OEM_USER_BUFFER(NDRSTRUCT): 

1243 structure = ( 

1244 ('EntriesRead', ULONG), 

1245 ('Buffer', PSAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY), 

1246 ) 

1247 

1248# 2.2.8.11 SAMPR_DOMAIN_DISPLAY_OEM_GROUP_BUFFER 

1249class SAMPR_DOMAIN_DISPLAY_OEM_GROUP_BUFFER(NDRSTRUCT): 

1250 structure = ( 

1251 ('EntriesRead', ULONG), 

1252 ('Buffer', PSAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY), 

1253 ) 

1254 

1255# 2.2.8.12 DOMAIN_DISPLAY_INFORMATION 

1256class DOMAIN_DISPLAY_INFORMATION(NDRENUM): 

1257 class enumItems(Enum): 

1258 DomainDisplayUser = 1 

1259 DomainDisplayMachine = 2 

1260 DomainDisplayGroup = 3 

1261 DomainDisplayOemUser = 4 

1262 DomainDisplayOemGroup = 5 

1263 

1264# 2.2.8.13 SAMPR_DISPLAY_INFO_BUFFER 

1265class SAMPR_DISPLAY_INFO_BUFFER(NDRUNION): 

1266 union = { 

1267 DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser : ('UserInformation', SAMPR_DOMAIN_DISPLAY_USER_BUFFER), 

1268 DOMAIN_DISPLAY_INFORMATION.DomainDisplayMachine : ('MachineInformation', SAMPR_DOMAIN_DISPLAY_MACHINE_BUFFER), 

1269 DOMAIN_DISPLAY_INFORMATION.DomainDisplayGroup : ('GroupInformation', SAMPR_DOMAIN_DISPLAY_GROUP_BUFFER), 

1270 DOMAIN_DISPLAY_INFORMATION.DomainDisplayOemUser : ('OemUserInformation', SAMPR_DOMAIN_DISPLAY_OEM_USER_BUFFER), 

1271 DOMAIN_DISPLAY_INFORMATION.DomainDisplayOemGroup : ('OemGroupInformation', SAMPR_DOMAIN_DISPLAY_OEM_GROUP_BUFFER), 

1272 } 

1273 

1274# 2.2.9.1 SAM_VALIDATE_PASSWORD_HASH 

1275class SAM_VALIDATE_PASSWORD_HASH(NDRSTRUCT): 

1276 structure = ( 

1277 ('Length', ULONG), 

1278 ('Hash', LPBYTE), 

1279 ) 

1280 

1281class PSAM_VALIDATE_PASSWORD_HASH(NDRPOINTER): 

1282 referent = ( 

1283 ('Data', SAM_VALIDATE_PASSWORD_HASH), 

1284 ) 

1285 

1286# 2.2.9.2 SAM_VALIDATE_PERSISTED_FIELDS 

1287class SAM_VALIDATE_PERSISTED_FIELDS(NDRSTRUCT): 

1288 structure = ( 

1289 ('PresentFields', ULONG), 

1290 ('PasswordLastSet', LARGE_INTEGER), 

1291 ('BadPasswordTime', LARGE_INTEGER), 

1292 ('LockoutTime', LARGE_INTEGER), 

1293 ('BadPasswordCount', ULONG), 

1294 ('PasswordHistoryLength', ULONG), 

1295 ('PasswordHistory', PSAM_VALIDATE_PASSWORD_HASH), 

1296 ) 

1297 

1298# 2.2.9.3 SAM_VALIDATE_VALIDATION_STATUS 

1299class SAM_VALIDATE_VALIDATION_STATUS(NDRENUM): 

1300 class enumItems(Enum): 

1301 SamValidateSuccess = 0 

1302 SamValidatePasswordMustChange = 1 

1303 SamValidateAccountLockedOut = 2 

1304 SamValidatePasswordExpired = 3 

1305 SamValidatePasswordIncorrect = 4 

1306 SamValidatePasswordIsInHistory = 5 

1307 SamValidatePasswordTooShort = 6 

1308 SamValidatePasswordTooLong = 7 

1309 SamValidatePasswordNotComplexEnough = 8 

1310 SamValidatePasswordTooRecent = 9 

1311 SamValidatePasswordFilterError = 10 

1312 

1313# 2.2.9.4 SAM_VALIDATE_STANDARD_OUTPUT_ARG 

1314class SAM_VALIDATE_STANDARD_OUTPUT_ARG(NDRSTRUCT): 

1315 structure = ( 

1316 ('ChangedPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS), 

1317 ('ValidationStatus', SAM_VALIDATE_VALIDATION_STATUS), 

1318 ) 

1319 

1320class PSAM_VALIDATE_STANDARD_OUTPUT_ARG(NDRPOINTER): 

1321 referent = ( 

1322 ('Data', SAM_VALIDATE_STANDARD_OUTPUT_ARG), 

1323 ) 

1324 

1325# 2.2.9.5 SAM_VALIDATE_AUTHENTICATION_INPUT_ARG 

1326class SAM_VALIDATE_AUTHENTICATION_INPUT_ARG(NDRSTRUCT): 

1327 structure = ( 

1328 ('InputPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS), 

1329 ('PasswordMatched', UCHAR), 

1330 ) 

1331 

1332# 2.2.9.6 SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG 

1333class SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG(NDRSTRUCT): 

1334 structure = ( 

1335 ('InputPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS), 

1336 ('ClearPassword', RPC_UNICODE_STRING), 

1337 ('UserAccountName', RPC_UNICODE_STRING), 

1338 ('HashedPassword', SAM_VALIDATE_PASSWORD_HASH), 

1339 ('PasswordMatch', UCHAR), 

1340 ) 

1341 

1342# 2.2.9.7 SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG 

1343class SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG(NDRSTRUCT): 

1344 structure = ( 

1345 ('InputPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS), 

1346 ('ClearPassword', RPC_UNICODE_STRING), 

1347 ('UserAccountName', RPC_UNICODE_STRING), 

1348 ('HashedPassword', SAM_VALIDATE_PASSWORD_HASH), 

1349 ('PasswordMustChangeAtNextLogon', UCHAR), 

1350 ('ClearLockout', UCHAR), 

1351 ) 

1352 

1353# 2.2.9.8 PASSWORD_POLICY_VALIDATION_TYPE 

1354class PASSWORD_POLICY_VALIDATION_TYPE(NDRENUM): 

1355 class enumItems(Enum): 

1356 SamValidateAuthentication = 1 

1357 SamValidatePasswordChange = 2 

1358 SamValidatePasswordReset = 3 

1359 

1360# 2.2.9.9 SAM_VALIDATE_INPUT_ARG 

1361class SAM_VALIDATE_INPUT_ARG(NDRUNION): 

1362 union = { 

1363 PASSWORD_POLICY_VALIDATION_TYPE.SamValidateAuthentication : ('ValidateAuthenticationInput', SAM_VALIDATE_AUTHENTICATION_INPUT_ARG), 

1364 PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordChange : ('ValidatePasswordChangeInput', SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG), 

1365 PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordReset : ('ValidatePasswordResetInput', SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG), 

1366 } 

1367 

1368# 2.2.9.10 SAM_VALIDATE_OUTPUT_ARG 

1369class SAM_VALIDATE_OUTPUT_ARG(NDRUNION): 

1370 union = { 

1371 PASSWORD_POLICY_VALIDATION_TYPE.SamValidateAuthentication : ('ValidateAuthenticationOutput', SAM_VALIDATE_STANDARD_OUTPUT_ARG), 

1372 PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordChange : ('ValidatePasswordChangeOutput', SAM_VALIDATE_STANDARD_OUTPUT_ARG), 

1373 PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordReset : ('ValidatePasswordResetOutput', SAM_VALIDATE_STANDARD_OUTPUT_ARG), 

1374 } 

1375 

1376class PSAM_VALIDATE_OUTPUT_ARG(NDRPOINTER): 

1377 referent = ( 

1378 ('Data', SAM_VALIDATE_OUTPUT_ARG), 

1379 ) 

1380 

1381# 2.2.10 Supplemental Credentials Structures 

1382 

1383# 2.2.10.1 USER_PROPERTIES 

1384class USER_PROPERTIES(Structure): 

1385 structure = ( 

1386 ('Reserved1','<L=0'), 

1387 ('Length','<L=0'), 

1388 ('Reserved2','<H=0'), 

1389 ('Reserved3','<H=0'), 

1390 ('Reserved4','96s=""'), 

1391 ('PropertySignature','<H=0x50'), 

1392 ('PropertyCount','<H=0'), 

1393 ('UserProperties',':'), 

1394 ) 

1395 

1396# 2.2.10.2 USER_PROPERTY 

1397class USER_PROPERTY(Structure): 

1398 structure = ( 

1399 ('NameLength','<H=0'), 

1400 ('ValueLength','<H=0'), 

1401 ('Reserved','<H=0'), 

1402 ('_PropertyName','_-PropertyName', "self['NameLength']"), 

1403 ('PropertyName',':'), 

1404 ('_PropertyValue','_-PropertyValue', "self['ValueLength']"), 

1405 ('PropertyValue',':'), 

1406 ) 

1407 

1408# 2.2.10.3 Primary:WDigest - WDIGEST_CREDENTIALS 

1409class WDIGEST_CREDENTIALS(Structure): 

1410 structure = ( 

1411 ('Reserved1','B=0'), 

1412 ('Reserved2','B=0'), 

1413 ('Version','B=1'), 

1414 ('NumberOfHashes','B=29'), 

1415 ('Reserved3','12s=""'), 

1416 ('Hash1', '16s=""'), 

1417 ('Hash2', '16s=""'), 

1418 ('Hash3', '16s=""'), 

1419 ('Hash4', '16s=""'), 

1420 ('Hash5', '16s=""'), 

1421 ('Hash6', '16s=""'), 

1422 ('Hash7', '16s=""'), 

1423 ('Hash8', '16s=""'), 

1424 ('Hash9', '16s=""'), 

1425 ('Hash10', '16s=""'), 

1426 ('Hash11', '16s=""'), 

1427 ('Hash12', '16s=""'), 

1428 ('Hash13', '16s=""'), 

1429 ('Hash14', '16s=""'), 

1430 ('Hash15', '16s=""'), 

1431 ('Hash16', '16s=""'), 

1432 ('Hash17', '16s=""'), 

1433 ('Hash18', '16s=""'), 

1434 ('Hash19', '16s=""'), 

1435 ('Hash20', '16s=""'), 

1436 ('Hash21', '16s=""'), 

1437 ('Hash22', '16s=""'), 

1438 ('Hash23', '16s=""'), 

1439 ('Hash24', '16s=""'), 

1440 ('Hash25', '16s=""'), 

1441 ('Hash26', '16s=""'), 

1442 ('Hash27', '16s=""'), 

1443 ('Hash28', '16s=""'), 

1444 ('Hash29', '16s=""'), 

1445 ) 

1446 

1447# 2.2.10.5 KERB_KEY_DATA 

1448class KERB_KEY_DATA(Structure): 

1449 structure = ( 

1450 ('Reserved1','<H=0'), 

1451 ('Reserved2','<H=0'), 

1452 ('Reserved3','<H=0'), 

1453 ('KeyType','<L=0'), 

1454 ('KeyLength','<L=0'), 

1455 ('KeyOffset','<L=0'), 

1456 ) 

1457 

1458# 2.2.10.4 Primary:Kerberos - KERB_STORED_CREDENTIAL 

1459class KERB_STORED_CREDENTIAL(Structure): 

1460 structure = ( 

1461 ('Revision','<H=3'), 

1462 ('Flags','<H=0'), 

1463 ('CredentialCount','<H=0'), 

1464 ('OldCredentialCount','<H=0'), 

1465 ('DefaultSaltLength','<H=0'), 

1466 ('DefaultSaltMaximumLength','<H=0'), 

1467 ('DefaultSaltOffset','<L=0'), 

1468 #('Credentials',':'), 

1469 #('OldCredentials',':'), 

1470 #('DefaultSalt',':'), 

1471 #('KeyValues',':'), 

1472 # All the preceding stuff inside this Buffer 

1473 ('Buffer',':'), 

1474 ) 

1475 

1476# 2.2.10.7 KERB_KEY_DATA_NEW 

1477class KERB_KEY_DATA_NEW(Structure): 

1478 structure = ( 

1479 ('Reserved1','<H=0'), 

1480 ('Reserved2','<H=0'), 

1481 ('Reserved3','<L=0'), 

1482 ('IterationCount','<L=0'), 

1483 ('KeyType','<L=0'), 

1484 ('KeyLength','<L=0'), 

1485 ('KeyOffset','<L=0'), 

1486 ) 

1487 

1488# 2.2.10.6 Primary:Kerberos-Newer-Keys - KERB_STORED_CREDENTIAL_NEW 

1489class KERB_STORED_CREDENTIAL_NEW(Structure): 

1490 structure = ( 

1491 ('Revision','<H=4'), 

1492 ('Flags','<H=0'), 

1493 ('CredentialCount','<H=0'), 

1494 ('ServiceCredentialCount','<H=0'), 

1495 ('OldCredentialCount','<H=0'), 

1496 ('OlderCredentialCount','<H=0'), 

1497 ('DefaultSaltLength','<H=0'), 

1498 ('DefaultSaltMaximumLength','<H=0'), 

1499 ('DefaultSaltOffset','<L=0'), 

1500 ('DefaultIterationCount','<L=0'), 

1501 #('Credentials',':'), 

1502 #('ServiceCredentials',':'), 

1503 #('OldCredentials',':'), 

1504 #('OlderCredentials',':'), 

1505 #('DefaultSalt',':'), 

1506 #('KeyValues',':'), 

1507 # All the preceding stuff inside this Buffer 

1508 ('Buffer',':'), 

1509 ) 

1510 

1511################################################################################ 

1512# RPC CALLS 

1513################################################################################ 

1514 

1515class SamrConnect(NDRCALL): 

1516 opnum = 0 

1517 structure = ( 

1518 ('ServerName',PSAMPR_SERVER_NAME2), 

1519 ('DesiredAccess', ULONG), 

1520 ) 

1521 

1522class SamrConnectResponse(NDRCALL): 

1523 structure = ( 

1524 ('ServerHandle',SAMPR_HANDLE), 

1525 ('ErrorCode',ULONG), 

1526 ) 

1527 

1528class SamrCloseHandle(NDRCALL): 

1529 opnum = 1 

1530 structure = ( 

1531 ('SamHandle',SAMPR_HANDLE), 

1532 ('DesiredAccess', LONG), 

1533 ) 

1534 

1535class SamrCloseHandleResponse(NDRCALL): 

1536 structure = ( 

1537 ('SamHandle',SAMPR_HANDLE), 

1538 ('ErrorCode',ULONG), 

1539 ) 

1540 

1541class SamrSetSecurityObject(NDRCALL): 

1542 opnum = 2 

1543 structure = ( 

1544 ('ObjectHandle',SAMPR_HANDLE), 

1545 ('SecurityInformation', SECURITY_INFORMATION), 

1546 ('SecurityDescriptor', SAMPR_SR_SECURITY_DESCRIPTOR), 

1547 ) 

1548 

1549class SamrSetSecurityObjectResponse(NDRCALL): 

1550 structure = ( 

1551 ('ErrorCode',ULONG), 

1552 ) 

1553 

1554class SamrQuerySecurityObject(NDRCALL): 

1555 opnum = 3 

1556 structure = ( 

1557 ('ObjectHandle',SAMPR_HANDLE), 

1558 ('SecurityInformation', SECURITY_INFORMATION), 

1559 ) 

1560 

1561class SamrQuerySecurityObjectResponse(NDRCALL): 

1562 structure = ( 

1563 ('SecurityDescriptor',PSAMPR_SR_SECURITY_DESCRIPTOR), 

1564 ('ErrorCode',ULONG), 

1565 ) 

1566 

1567class SamrLookupDomainInSamServer(NDRCALL): 

1568 opnum = 5 

1569 structure = ( 

1570 ('ServerHandle',SAMPR_HANDLE), 

1571 ('Name', RPC_UNICODE_STRING), 

1572 ) 

1573 

1574class SamrLookupDomainInSamServerResponse(NDRCALL): 

1575 structure = ( 

1576 ('DomainId',PRPC_SID), 

1577 ('ErrorCode',ULONG), 

1578 ) 

1579 

1580class SamrEnumerateDomainsInSamServer(NDRCALL): 

1581 opnum = 6 

1582 structure = ( 

1583 ('ServerHandle',SAMPR_HANDLE), 

1584 ('EnumerationContext', ULONG), 

1585 ('PreferedMaximumLength', ULONG), 

1586 ) 

1587 

1588class SamrEnumerateDomainsInSamServerResponse(NDRCALL): 

1589 structure = ( 

1590 ('EnumerationContext',ULONG), 

1591 ('Buffer',PSAMPR_ENUMERATION_BUFFER), 

1592 ('CountReturned',ULONG), 

1593 ('ErrorCode',ULONG), 

1594 ) 

1595 

1596class SamrOpenDomain(NDRCALL): 

1597 opnum = 7 

1598 structure = ( 

1599 ('ServerHandle',SAMPR_HANDLE), 

1600 ('DesiredAccess', ULONG), 

1601 ('DomainId', RPC_SID), 

1602 ) 

1603 

1604class SamrOpenDomainResponse(NDRCALL): 

1605 structure = ( 

1606 ('DomainHandle',SAMPR_HANDLE), 

1607 ('ErrorCode',ULONG), 

1608 ) 

1609 

1610class SamrQueryInformationDomain(NDRCALL): 

1611 opnum = 8 

1612 structure = ( 

1613 ('DomainHandle',SAMPR_HANDLE), 

1614 ('DomainInformationClass', DOMAIN_INFORMATION_CLASS), 

1615 ) 

1616 

1617class SamrQueryInformationDomainResponse(NDRCALL): 

1618 structure = ( 

1619 ('Buffer',PSAMPR_DOMAIN_INFO_BUFFER), 

1620 ('ErrorCode',ULONG), 

1621 ) 

1622 

1623class SamrSetInformationDomain(NDRCALL): 

1624 opnum = 9 

1625 structure = ( 

1626 ('DomainHandle',SAMPR_HANDLE), 

1627 ('DomainInformationClass', DOMAIN_INFORMATION_CLASS), 

1628 ('DomainInformation', SAMPR_DOMAIN_INFO_BUFFER), 

1629 ) 

1630 

1631class SamrSetInformationDomainResponse(NDRCALL): 

1632 structure = ( 

1633 ('ErrorCode',ULONG), 

1634 ) 

1635 

1636class SamrCreateGroupInDomain(NDRCALL): 

1637 opnum = 10 

1638 structure = ( 

1639 ('DomainHandle',SAMPR_HANDLE), 

1640 ('Name', RPC_UNICODE_STRING), 

1641 ('DesiredAccess', ULONG), 

1642 ) 

1643 

1644class SamrCreateGroupInDomainResponse(NDRCALL): 

1645 structure = ( 

1646 ('GroupHandle',SAMPR_HANDLE), 

1647 ('RelativeId',ULONG), 

1648 ('ErrorCode',ULONG), 

1649 ) 

1650 

1651class SamrEnumerateGroupsInDomain(NDRCALL): 

1652 opnum = 11 

1653 structure = ( 

1654 ('DomainHandle',SAMPR_HANDLE), 

1655 ('EnumerationContext', ULONG), 

1656 ('PreferedMaximumLength', ULONG), 

1657 ) 

1658 

1659class SamrCreateUserInDomain(NDRCALL): 

1660 opnum = 12 

1661 structure = ( 

1662 ('DomainHandle',SAMPR_HANDLE), 

1663 ('Name', RPC_UNICODE_STRING), 

1664 ('DesiredAccess', ULONG), 

1665 ) 

1666 

1667class SamrCreateUserInDomainResponse(NDRCALL): 

1668 structure = ( 

1669 ('UserHandle',SAMPR_HANDLE), 

1670 ('RelativeId',ULONG), 

1671 ('ErrorCode',ULONG), 

1672 ) 

1673 

1674class SamrEnumerateGroupsInDomainResponse(NDRCALL): 

1675 structure = ( 

1676 ('EnumerationContext',ULONG), 

1677 ('Buffer',PSAMPR_ENUMERATION_BUFFER), 

1678 ('CountReturned',ULONG), 

1679 ('ErrorCode',ULONG), 

1680 ) 

1681 

1682class SamrEnumerateUsersInDomain(NDRCALL): 

1683 opnum = 13 

1684 structure = ( 

1685 ('DomainHandle',SAMPR_HANDLE), 

1686 ('EnumerationContext', ULONG), 

1687 ('UserAccountControl', ULONG), 

1688 ('PreferedMaximumLength', ULONG), 

1689 ) 

1690 

1691class SamrEnumerateUsersInDomainResponse(NDRCALL): 

1692 structure = ( 

1693 ('EnumerationContext',ULONG), 

1694 ('Buffer',PSAMPR_ENUMERATION_BUFFER), 

1695 ('CountReturned',ULONG), 

1696 ('ErrorCode',ULONG), 

1697 ) 

1698 

1699class SamrCreateAliasInDomain(NDRCALL): 

1700 opnum = 14 

1701 structure = ( 

1702 ('DomainHandle',SAMPR_HANDLE), 

1703 ('AccountName', RPC_UNICODE_STRING), 

1704 ('DesiredAccess', ULONG), 

1705 ) 

1706 

1707class SamrCreateAliasInDomainResponse(NDRCALL): 

1708 structure = ( 

1709 ('AliasHandle',SAMPR_HANDLE), 

1710 ('RelativeId',ULONG), 

1711 ('ErrorCode',ULONG), 

1712 ) 

1713 

1714 

1715class SamrEnumerateAliasesInDomain(NDRCALL): 

1716 opnum = 15 

1717 structure = ( 

1718 ('DomainHandle',SAMPR_HANDLE), 

1719 ('EnumerationContext', ULONG), 

1720 ('PreferedMaximumLength', ULONG), 

1721 ) 

1722 

1723class SamrEnumerateAliasesInDomainResponse(NDRCALL): 

1724 structure = ( 

1725 ('EnumerationContext',ULONG), 

1726 ('Buffer',PSAMPR_ENUMERATION_BUFFER), 

1727 ('CountReturned',ULONG), 

1728 ('ErrorCode',ULONG), 

1729 ) 

1730 

1731class SamrGetAliasMembership(NDRCALL): 

1732 opnum = 16 

1733 structure = ( 

1734 ('DomainHandle',SAMPR_HANDLE), 

1735 ('SidArray',SAMPR_PSID_ARRAY), 

1736 ) 

1737 

1738class SamrGetAliasMembershipResponse(NDRCALL): 

1739 structure = ( 

1740 ('Membership',SAMPR_ULONG_ARRAY), 

1741 ('ErrorCode',ULONG), 

1742 ) 

1743 

1744class SamrLookupNamesInDomain(NDRCALL): 

1745 opnum = 17 

1746 structure = ( 

1747 ('DomainHandle',SAMPR_HANDLE), 

1748 ('Count',ULONG), 

1749 ('Names',RPC_UNICODE_STRING_ARRAY), 

1750 ) 

1751 

1752class SamrLookupNamesInDomainResponse(NDRCALL): 

1753 structure = ( 

1754 ('RelativeIds',SAMPR_ULONG_ARRAY), 

1755 ('Use',SAMPR_ULONG_ARRAY), 

1756 ('ErrorCode',ULONG), 

1757 ) 

1758 

1759class SamrLookupIdsInDomain(NDRCALL): 

1760 opnum = 18 

1761 structure = ( 

1762 ('DomainHandle',SAMPR_HANDLE), 

1763 ('Count',ULONG), 

1764 ('RelativeIds',ULONG_ARRAY_CV), 

1765 ) 

1766 

1767class SamrLookupIdsInDomainResponse(NDRCALL): 

1768 structure = ( 

1769 ('Names',SAMPR_RETURNED_USTRING_ARRAY), 

1770 ('Use',SAMPR_ULONG_ARRAY), 

1771 ('ErrorCode',ULONG), 

1772 ) 

1773 

1774class SamrOpenGroup(NDRCALL): 

1775 opnum = 19 

1776 structure = ( 

1777 ('DomainHandle',SAMPR_HANDLE), 

1778 ('DesiredAccess', ULONG), 

1779 ('GroupId', ULONG), 

1780 ) 

1781 

1782class SamrOpenGroupResponse(NDRCALL): 

1783 structure = ( 

1784 ('GroupHandle',SAMPR_HANDLE), 

1785 ('ErrorCode',ULONG), 

1786 ) 

1787 

1788class SamrQueryInformationGroup(NDRCALL): 

1789 opnum = 20 

1790 structure = ( 

1791 ('GroupHandle',SAMPR_HANDLE), 

1792 ('GroupInformationClass', GROUP_INFORMATION_CLASS), 

1793 ) 

1794 

1795class SamrQueryInformationGroupResponse(NDRCALL): 

1796 structure = ( 

1797 ('Buffer',PSAMPR_GROUP_INFO_BUFFER), 

1798 ('ErrorCode',ULONG), 

1799 ) 

1800 

1801class SamrSetInformationGroup(NDRCALL): 

1802 opnum = 21 

1803 structure = ( 

1804 ('GroupHandle',SAMPR_HANDLE), 

1805 ('GroupInformationClass', GROUP_INFORMATION_CLASS), 

1806 ('Buffer', SAMPR_GROUP_INFO_BUFFER), 

1807 ) 

1808 

1809class SamrSetInformationGroupResponse(NDRCALL): 

1810 structure = ( 

1811 ('ErrorCode',ULONG), 

1812 ) 

1813 

1814class SamrAddMemberToGroup(NDRCALL): 

1815 opnum = 22 

1816 structure = ( 

1817 ('GroupHandle',SAMPR_HANDLE), 

1818 ('MemberId', ULONG), 

1819 ('Attributes', ULONG), 

1820 ) 

1821 

1822class SamrAddMemberToGroupResponse(NDRCALL): 

1823 structure = ( 

1824 ('ErrorCode',ULONG), 

1825 ) 

1826 

1827class SamrDeleteGroup(NDRCALL): 

1828 opnum = 23 

1829 structure = ( 

1830 ('GroupHandle',SAMPR_HANDLE), 

1831 ) 

1832 

1833class SamrDeleteGroupResponse(NDRCALL): 

1834 structure = ( 

1835 ('GroupHandle',SAMPR_HANDLE), 

1836 ('ErrorCode',ULONG), 

1837 ) 

1838 

1839class SamrRemoveMemberFromGroup(NDRCALL): 

1840 opnum = 24 

1841 structure = ( 

1842 ('GroupHandle',SAMPR_HANDLE), 

1843 ('MemberId', ULONG), 

1844 ) 

1845 

1846class SamrRemoveMemberFromGroupResponse(NDRCALL): 

1847 structure = ( 

1848 ('ErrorCode',ULONG), 

1849 ) 

1850 

1851class SamrGetMembersInGroup(NDRCALL): 

1852 opnum = 25 

1853 structure = ( 

1854 ('GroupHandle',SAMPR_HANDLE), 

1855 ) 

1856 

1857class SamrGetMembersInGroupResponse(NDRCALL): 

1858 structure = ( 

1859 ('Members',PSAMPR_GET_MEMBERS_BUFFER), 

1860 ('ErrorCode',ULONG), 

1861 ) 

1862 

1863class SamrSetMemberAttributesOfGroup(NDRCALL): 

1864 opnum = 26 

1865 structure = ( 

1866 ('GroupHandle',SAMPR_HANDLE), 

1867 ('MemberId',ULONG), 

1868 ('Attributes',ULONG), 

1869 ) 

1870 

1871class SamrSetMemberAttributesOfGroupResponse(NDRCALL): 

1872 structure = ( 

1873 ('ErrorCode',ULONG), 

1874 ) 

1875 

1876class SamrOpenAlias(NDRCALL): 

1877 opnum = 27 

1878 structure = ( 

1879 ('DomainHandle',SAMPR_HANDLE), 

1880 ('DesiredAccess', ULONG), 

1881 ('AliasId', ULONG), 

1882 ) 

1883 

1884class SamrOpenAliasResponse(NDRCALL): 

1885 structure = ( 

1886 ('AliasHandle',SAMPR_HANDLE), 

1887 ('ErrorCode',ULONG), 

1888 ) 

1889 

1890class SamrQueryInformationAlias(NDRCALL): 

1891 opnum = 28 

1892 structure = ( 

1893 ('AliasHandle',SAMPR_HANDLE), 

1894 ('AliasInformationClass', ALIAS_INFORMATION_CLASS), 

1895 ) 

1896 

1897class SamrQueryInformationAliasResponse(NDRCALL): 

1898 structure = ( 

1899 ('Buffer',PSAMPR_ALIAS_INFO_BUFFER), 

1900 ('ErrorCode',ULONG), 

1901 ) 

1902 

1903class SamrSetInformationAlias(NDRCALL): 

1904 opnum = 29 

1905 structure = ( 

1906 ('AliasHandle',SAMPR_HANDLE), 

1907 ('AliasInformationClass', ALIAS_INFORMATION_CLASS), 

1908 ('Buffer',SAMPR_ALIAS_INFO_BUFFER), 

1909 ) 

1910 

1911class SamrSetInformationAliasResponse(NDRCALL): 

1912 structure = ( 

1913 ('ErrorCode',ULONG), 

1914 ) 

1915 

1916class SamrDeleteAlias(NDRCALL): 

1917 opnum = 30 

1918 structure = ( 

1919 ('AliasHandle',SAMPR_HANDLE), 

1920 ) 

1921 

1922class SamrDeleteAliasResponse(NDRCALL): 

1923 structure = ( 

1924 ('AliasHandle',SAMPR_HANDLE), 

1925 ('ErrorCode',ULONG), 

1926 ) 

1927 

1928class SamrAddMemberToAlias(NDRCALL): 

1929 opnum = 31 

1930 structure = ( 

1931 ('AliasHandle',SAMPR_HANDLE), 

1932 ('MemberId', RPC_SID), 

1933 ) 

1934 

1935class SamrAddMemberToAliasResponse(NDRCALL): 

1936 structure = ( 

1937 ('ErrorCode',ULONG), 

1938 ) 

1939 

1940class SamrRemoveMemberFromAlias(NDRCALL): 

1941 opnum = 32 

1942 structure = ( 

1943 ('AliasHandle',SAMPR_HANDLE), 

1944 ('MemberId', RPC_SID), 

1945 ) 

1946 

1947class SamrRemoveMemberFromAliasResponse(NDRCALL): 

1948 structure = ( 

1949 ('ErrorCode',ULONG), 

1950 ) 

1951 

1952class SamrGetMembersInAlias(NDRCALL): 

1953 opnum = 33 

1954 structure = ( 

1955 ('AliasHandle',SAMPR_HANDLE), 

1956 ) 

1957 

1958class SamrGetMembersInAliasResponse(NDRCALL): 

1959 structure = ( 

1960 ('Members',SAMPR_PSID_ARRAY_OUT), 

1961 ('ErrorCode',ULONG), 

1962 ) 

1963 

1964class SamrOpenUser(NDRCALL): 

1965 opnum = 34 

1966 structure = ( 

1967 ('DomainHandle',SAMPR_HANDLE), 

1968 ('DesiredAccess', ULONG), 

1969 ('UserId', ULONG), 

1970 ) 

1971 

1972class SamrOpenUserResponse(NDRCALL): 

1973 structure = ( 

1974 ('UserHandle',SAMPR_HANDLE), 

1975 ('ErrorCode',ULONG), 

1976 ) 

1977 

1978class SamrDeleteUser(NDRCALL): 

1979 opnum = 35 

1980 structure = ( 

1981 ('UserHandle',SAMPR_HANDLE), 

1982 ) 

1983 

1984class SamrDeleteUserResponse(NDRCALL): 

1985 structure = ( 

1986 ('UserHandle',SAMPR_HANDLE), 

1987 ('ErrorCode',ULONG), 

1988 ) 

1989 

1990class SamrQueryInformationUser(NDRCALL): 

1991 opnum = 36 

1992 structure = ( 

1993 ('UserHandle',SAMPR_HANDLE), 

1994 ('UserInformationClass', USER_INFORMATION_CLASS ), 

1995 ) 

1996 

1997class SamrQueryInformationUserResponse(NDRCALL): 

1998 structure = ( 

1999 ('Buffer',PSAMPR_USER_INFO_BUFFER), 

2000 ('ErrorCode',ULONG), 

2001 ) 

2002 

2003class SamrSetInformationUser(NDRCALL): 

2004 opnum = 37 

2005 structure = ( 

2006 ('UserHandle',SAMPR_HANDLE), 

2007 ('UserInformationClass', USER_INFORMATION_CLASS ), 

2008 ('Buffer',SAMPR_USER_INFO_BUFFER), 

2009 ) 

2010 

2011class SamrSetInformationUserResponse(NDRCALL): 

2012 structure = ( 

2013 ('ErrorCode',ULONG), 

2014 ) 

2015 

2016class SamrChangePasswordUser(NDRCALL): 

2017 opnum = 38 

2018 structure = ( 

2019 ('UserHandle',SAMPR_HANDLE), 

2020 ('LmPresent', UCHAR ), 

2021 ('OldLmEncryptedWithNewLm',PENCRYPTED_LM_OWF_PASSWORD), 

2022 ('NewLmEncryptedWithOldLm',PENCRYPTED_LM_OWF_PASSWORD), 

2023 ('NtPresent', UCHAR), 

2024 ('OldNtEncryptedWithNewNt',PENCRYPTED_NT_OWF_PASSWORD), 

2025 ('NewNtEncryptedWithOldNt',PENCRYPTED_NT_OWF_PASSWORD), 

2026 ('NtCrossEncryptionPresent',UCHAR), 

2027 ('NewNtEncryptedWithNewLm',PENCRYPTED_NT_OWF_PASSWORD), 

2028 ('LmCrossEncryptionPresent',UCHAR), 

2029 ('NewLmEncryptedWithNewNt',PENCRYPTED_NT_OWF_PASSWORD), 

2030 ) 

2031 

2032class SamrChangePasswordUserResponse(NDRCALL): 

2033 structure = ( 

2034 ('ErrorCode',ULONG), 

2035 ) 

2036 

2037class SamrGetGroupsForUser(NDRCALL): 

2038 opnum = 39 

2039 structure = ( 

2040 ('UserHandle',SAMPR_HANDLE), 

2041 ) 

2042 

2043class SamrGetGroupsForUserResponse(NDRCALL): 

2044 structure = ( 

2045 ('Groups',PSAMPR_GET_GROUPS_BUFFER), 

2046 ('ErrorCode',ULONG), 

2047 ) 

2048 

2049class SamrQueryDisplayInformation(NDRCALL): 

2050 opnum = 40 

2051 structure = ( 

2052 ('DomainHandle',SAMPR_HANDLE), 

2053 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION), 

2054 ('Index', ULONG), 

2055 ('EntryCount',ULONG), 

2056 ('PreferredMaximumLength',ULONG), 

2057 ) 

2058 

2059class SamrQueryDisplayInformationResponse(NDRCALL): 

2060 structure = ( 

2061 ('TotalAvailable',ULONG), 

2062 ('TotalReturned',ULONG), 

2063 ('Buffer',SAMPR_DISPLAY_INFO_BUFFER), 

2064 ('ErrorCode',ULONG), 

2065 ) 

2066 

2067class SamrGetDisplayEnumerationIndex(NDRCALL): 

2068 opnum = 41 

2069 structure = ( 

2070 ('DomainHandle',SAMPR_HANDLE), 

2071 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION), 

2072 ('Prefix', RPC_UNICODE_STRING), 

2073 ) 

2074 

2075class SamrGetDisplayEnumerationIndexResponse(NDRCALL): 

2076 structure = ( 

2077 ('Index',ULONG), 

2078 ('ErrorCode',ULONG), 

2079 ) 

2080 

2081class SamrGetUserDomainPasswordInformation(NDRCALL): 

2082 opnum = 44 

2083 structure = ( 

2084 ('UserHandle',SAMPR_HANDLE), 

2085 ) 

2086 

2087class SamrGetUserDomainPasswordInformationResponse(NDRCALL): 

2088 structure = ( 

2089 ('PasswordInformation',USER_DOMAIN_PASSWORD_INFORMATION), 

2090 ('ErrorCode',ULONG), 

2091 ) 

2092 

2093class SamrRemoveMemberFromForeignDomain(NDRCALL): 

2094 opnum = 45 

2095 structure = ( 

2096 ('DomainHandle',SAMPR_HANDLE), 

2097 ('MemberSid', RPC_SID), 

2098 ) 

2099 

2100class SamrRemoveMemberFromForeignDomainResponse(NDRCALL): 

2101 structure = ( 

2102 ('ErrorCode',ULONG), 

2103 ) 

2104 

2105class SamrQueryInformationDomain2(NDRCALL): 

2106 opnum = 46 

2107 structure = ( 

2108 ('DomainHandle',SAMPR_HANDLE), 

2109 ('DomainInformationClass', DOMAIN_INFORMATION_CLASS), 

2110 ) 

2111 

2112class SamrQueryInformationDomain2Response(NDRCALL): 

2113 structure = ( 

2114 ('Buffer',PSAMPR_DOMAIN_INFO_BUFFER), 

2115 ('ErrorCode',ULONG), 

2116 ) 

2117 

2118class SamrQueryInformationUser2(NDRCALL): 

2119 opnum = 47 

2120 structure = ( 

2121 ('UserHandle',SAMPR_HANDLE), 

2122 ('UserInformationClass', USER_INFORMATION_CLASS ), 

2123 ) 

2124 

2125class SamrQueryInformationUser2Response(NDRCALL): 

2126 structure = ( 

2127 ('Buffer',PSAMPR_USER_INFO_BUFFER), 

2128 ('ErrorCode',ULONG), 

2129 ) 

2130 

2131class SamrQueryDisplayInformation2(NDRCALL): 

2132 opnum = 48 

2133 structure = ( 

2134 ('DomainHandle',SAMPR_HANDLE), 

2135 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION), 

2136 ('Index', ULONG), 

2137 ('EntryCount',ULONG), 

2138 ('PreferredMaximumLength',ULONG), 

2139 ) 

2140 

2141class SamrQueryDisplayInformation2Response(NDRCALL): 

2142 structure = ( 

2143 ('TotalAvailable',ULONG), 

2144 ('TotalReturned',ULONG), 

2145 ('Buffer',SAMPR_DISPLAY_INFO_BUFFER), 

2146 ('ErrorCode',ULONG), 

2147 ) 

2148 

2149class SamrGetDisplayEnumerationIndex2(NDRCALL): 

2150 opnum = 49 

2151 structure = ( 

2152 ('DomainHandle',SAMPR_HANDLE), 

2153 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION), 

2154 ('Prefix', RPC_UNICODE_STRING), 

2155 ) 

2156 

2157class SamrGetDisplayEnumerationIndex2Response(NDRCALL): 

2158 structure = ( 

2159 ('Index',ULONG), 

2160 ('ErrorCode',ULONG), 

2161 ) 

2162 

2163class SamrCreateUser2InDomain(NDRCALL): 

2164 opnum = 50 

2165 structure = ( 

2166 ('DomainHandle',SAMPR_HANDLE), 

2167 ('Name', RPC_UNICODE_STRING), 

2168 ('AccountType', ULONG), 

2169 ('DesiredAccess', ULONG), 

2170 ) 

2171 

2172class SamrCreateUser2InDomainResponse(NDRCALL): 

2173 structure = ( 

2174 ('UserHandle',SAMPR_HANDLE), 

2175 ('GrantedAccess',ULONG), 

2176 ('RelativeId',ULONG), 

2177 ('ErrorCode',ULONG), 

2178 ) 

2179 

2180class SamrQueryDisplayInformation3(NDRCALL): 

2181 opnum = 51 

2182 structure = ( 

2183 ('DomainHandle',SAMPR_HANDLE), 

2184 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION), 

2185 ('Index', ULONG), 

2186 ('EntryCount',ULONG), 

2187 ('PreferredMaximumLength',ULONG), 

2188 ) 

2189 

2190class SamrQueryDisplayInformation3Response(NDRCALL): 

2191 structure = ( 

2192 ('TotalAvailable',ULONG), 

2193 ('TotalReturned',ULONG), 

2194 ('Buffer',SAMPR_DISPLAY_INFO_BUFFER), 

2195 ('ErrorCode',ULONG), 

2196 ) 

2197 

2198class SamrAddMultipleMembersToAlias(NDRCALL): 

2199 opnum = 52 

2200 structure = ( 

2201 ('AliasHandle',SAMPR_HANDLE), 

2202 ('MembersBuffer', SAMPR_PSID_ARRAY), 

2203 ) 

2204 

2205class SamrAddMultipleMembersToAliasResponse(NDRCALL): 

2206 structure = ( 

2207 ('ErrorCode',ULONG), 

2208 ) 

2209 

2210class SamrRemoveMultipleMembersFromAlias(NDRCALL): 

2211 opnum = 53 

2212 structure = ( 

2213 ('AliasHandle',SAMPR_HANDLE), 

2214 ('MembersBuffer', SAMPR_PSID_ARRAY), 

2215 ) 

2216 

2217class SamrRemoveMultipleMembersFromAliasResponse(NDRCALL): 

2218 structure = ( 

2219 ('ErrorCode',ULONG), 

2220 ) 

2221 

2222class SamrOemChangePasswordUser2(NDRCALL): 

2223 opnum = 54 

2224 structure = ( 

2225 ('ServerName', PRPC_STRING), 

2226 ('UserName', RPC_STRING), 

2227 ('NewPasswordEncryptedWithOldLm', PSAMPR_ENCRYPTED_USER_PASSWORD), 

2228 ('OldLmOwfPasswordEncryptedWithNewLm', PENCRYPTED_LM_OWF_PASSWORD), 

2229 ) 

2230 

2231class SamrOemChangePasswordUser2Response(NDRCALL): 

2232 structure = ( 

2233 ('ErrorCode',ULONG), 

2234 ) 

2235 

2236class SamrUnicodeChangePasswordUser2(NDRCALL): 

2237 opnum = 55 

2238 structure = ( 

2239 ('ServerName', PRPC_UNICODE_STRING), 

2240 ('UserName', RPC_UNICODE_STRING), 

2241 ('NewPasswordEncryptedWithOldNt',PSAMPR_ENCRYPTED_USER_PASSWORD), 

2242 ('OldNtOwfPasswordEncryptedWithNewNt',PENCRYPTED_NT_OWF_PASSWORD), 

2243 ('LmPresent',UCHAR), 

2244 ('NewPasswordEncryptedWithOldLm',PSAMPR_ENCRYPTED_USER_PASSWORD), 

2245 ('OldLmOwfPasswordEncryptedWithNewNt',PENCRYPTED_LM_OWF_PASSWORD), 

2246 ) 

2247 

2248class SamrUnicodeChangePasswordUser2Response(NDRCALL): 

2249 structure = ( 

2250 ('ErrorCode',ULONG), 

2251 ) 

2252 

2253class SamrGetDomainPasswordInformation(NDRCALL): 

2254 opnum = 56 

2255 structure = ( 

2256 #('BindingHandle',SAMPR_HANDLE), 

2257 ('Unused', PRPC_UNICODE_STRING), 

2258 ) 

2259 

2260class SamrGetDomainPasswordInformationResponse(NDRCALL): 

2261 structure = ( 

2262 ('PasswordInformation',USER_DOMAIN_PASSWORD_INFORMATION), 

2263 ('ErrorCode',ULONG), 

2264 ) 

2265 

2266class SamrConnect2(NDRCALL): 

2267 opnum = 57 

2268 structure = ( 

2269 ('ServerName',PSAMPR_SERVER_NAME), 

2270 ('DesiredAccess', ULONG), 

2271 ) 

2272 

2273class SamrConnect2Response(NDRCALL): 

2274 structure = ( 

2275 ('ServerHandle',SAMPR_HANDLE), 

2276 ('ErrorCode',ULONG), 

2277 ) 

2278 

2279class SamrSetInformationUser2(NDRCALL): 

2280 opnum = 58 

2281 structure = ( 

2282 ('UserHandle',SAMPR_HANDLE), 

2283 ('UserInformationClass', USER_INFORMATION_CLASS), 

2284 ('Buffer', SAMPR_USER_INFO_BUFFER), 

2285 ) 

2286 

2287class SamrSetInformationUser2Response(NDRCALL): 

2288 structure = ( 

2289 ('ErrorCode',ULONG), 

2290 ) 

2291 

2292class SamrConnect4(NDRCALL): 

2293 opnum = 62 

2294 structure = ( 

2295 ('ServerName',PSAMPR_SERVER_NAME), 

2296 ('ClientRevision', ULONG), 

2297 ('DesiredAccess', ULONG), 

2298 ) 

2299 

2300class SamrConnect4Response(NDRCALL): 

2301 structure = ( 

2302 ('ServerHandle',SAMPR_HANDLE), 

2303 ('ErrorCode',ULONG), 

2304 ) 

2305 

2306class SamrConnect5(NDRCALL): 

2307 opnum = 64 

2308 structure = ( 

2309 ('ServerName',PSAMPR_SERVER_NAME), 

2310 ('DesiredAccess', ULONG), 

2311 ('InVersion', ULONG), 

2312 ('InRevisionInfo',SAMPR_REVISION_INFO), 

2313 ) 

2314 

2315class SamrConnect5Response(NDRCALL): 

2316 structure = ( 

2317 ('OutVersion',ULONG), 

2318 ('OutRevisionInfo',SAMPR_REVISION_INFO), 

2319 ('ServerHandle',SAMPR_HANDLE), 

2320 ('ErrorCode',ULONG), 

2321 ) 

2322 

2323class SamrRidToSid(NDRCALL): 

2324 opnum = 65 

2325 structure = ( 

2326 ('ObjectHandle',SAMPR_HANDLE), 

2327 ('Rid', ULONG), 

2328 ) 

2329 

2330class SamrRidToSidResponse(NDRCALL): 

2331 structure = ( 

2332 ('Sid',PRPC_SID), 

2333 ('ErrorCode',ULONG), 

2334 ) 

2335 

2336class SamrSetDSRMPassword(NDRCALL): 

2337 opnum = 66 

2338 structure = ( 

2339 ('Unused', PRPC_UNICODE_STRING), 

2340 ('UserId',ULONG), 

2341 ('EncryptedNtOwfPassword',PENCRYPTED_NT_OWF_PASSWORD), 

2342 ) 

2343 

2344class SamrSetDSRMPasswordResponse(NDRCALL): 

2345 structure = ( 

2346 ('ErrorCode',ULONG), 

2347 ) 

2348 

2349class SamrValidatePassword(NDRCALL): 

2350 opnum = 67 

2351 structure = ( 

2352 ('ValidationType', PASSWORD_POLICY_VALIDATION_TYPE), 

2353 ('InputArg',SAM_VALIDATE_INPUT_ARG), 

2354 ) 

2355 

2356class SamrValidatePasswordResponse(NDRCALL): 

2357 structure = ( 

2358 ('OutputArg',PSAM_VALIDATE_OUTPUT_ARG), 

2359 ('ErrorCode',ULONG), 

2360 ) 

2361 

2362################################################################################ 

2363# OPNUMs and their corresponding structures 

2364################################################################################ 

2365OPNUMS = { 

2366 0 : (SamrConnect, SamrConnectResponse), 

2367 1 : (SamrCloseHandle, SamrCloseHandleResponse), 

2368 2 : (SamrSetSecurityObject, SamrSetSecurityObjectResponse), 

2369 3 : (SamrQuerySecurityObject, SamrQuerySecurityObjectResponse), 

2370 5 : (SamrLookupDomainInSamServer, SamrLookupDomainInSamServerResponse), 

2371 6 : (SamrEnumerateDomainsInSamServer, SamrEnumerateDomainsInSamServerResponse), 

2372 7 : (SamrOpenDomain, SamrOpenDomainResponse), 

2373 8 : (SamrQueryInformationDomain, SamrQueryInformationDomainResponse), 

2374 9 : (SamrSetInformationDomain, SamrSetInformationDomainResponse), 

237510 : (SamrCreateGroupInDomain, SamrCreateGroupInDomainResponse), 

237611 : (SamrEnumerateGroupsInDomain, SamrEnumerateGroupsInDomainResponse), 

237712 : (SamrCreateUserInDomain, SamrCreateUserInDomainResponse), 

237813 : (SamrEnumerateUsersInDomain, SamrEnumerateUsersInDomainResponse), 

237914 : (SamrCreateAliasInDomain, SamrCreateAliasInDomainResponse), 

238015 : (SamrEnumerateAliasesInDomain, SamrEnumerateAliasesInDomainResponse), 

238116 : (SamrGetAliasMembership, SamrGetAliasMembershipResponse), 

238217 : (SamrLookupNamesInDomain, SamrLookupNamesInDomainResponse), 

238318 : (SamrLookupIdsInDomain, SamrLookupIdsInDomainResponse), 

238419 : (SamrOpenGroup, SamrOpenGroupResponse), 

238520 : (SamrQueryInformationGroup, SamrQueryInformationGroupResponse), 

238621 : (SamrSetInformationGroup, SamrSetInformationGroupResponse), 

238722 : (SamrAddMemberToGroup, SamrAddMemberToGroupResponse), 

238823 : (SamrDeleteGroup, SamrDeleteGroupResponse), 

238924 : (SamrRemoveMemberFromGroup, SamrRemoveMemberFromGroupResponse), 

239025 : (SamrGetMembersInGroup, SamrGetMembersInGroupResponse), 

239126 : (SamrSetMemberAttributesOfGroup, SamrSetMemberAttributesOfGroupResponse), 

239227 : (SamrOpenAlias, SamrOpenAliasResponse), 

239328 : (SamrQueryInformationAlias, SamrQueryInformationAliasResponse), 

239429 : (SamrSetInformationAlias, SamrSetInformationAliasResponse), 

239530 : (SamrDeleteAlias, SamrDeleteAliasResponse), 

239631 : (SamrAddMemberToAlias, SamrAddMemberToAliasResponse), 

239732 : (SamrRemoveMemberFromAlias, SamrRemoveMemberFromAliasResponse), 

239833 : (SamrGetMembersInAlias, SamrGetMembersInAliasResponse), 

239934 : (SamrOpenUser, SamrOpenUserResponse), 

240035 : (SamrDeleteUser, SamrDeleteUserResponse), 

240136 : (SamrQueryInformationUser, SamrQueryInformationUserResponse), 

240237 : (SamrSetInformationUser, SamrSetInformationUserResponse), 

240338 : (SamrChangePasswordUser, SamrChangePasswordUserResponse), 

240439 : (SamrGetGroupsForUser, SamrGetGroupsForUserResponse), 

240540 : (SamrQueryDisplayInformation, SamrQueryDisplayInformationResponse), 

240641 : (SamrGetDisplayEnumerationIndex, SamrGetDisplayEnumerationIndexResponse), 

240744 : (SamrGetUserDomainPasswordInformation, SamrGetUserDomainPasswordInformationResponse), 

240845 : (SamrRemoveMemberFromForeignDomain, SamrRemoveMemberFromForeignDomainResponse), 

240946 : (SamrQueryInformationDomain2, SamrQueryInformationDomain2Response), 

241047 : (SamrQueryInformationUser2, SamrQueryInformationUser2Response), 

241148 : (SamrQueryDisplayInformation2, SamrQueryDisplayInformation2Response), 

241249 : (SamrGetDisplayEnumerationIndex2, SamrGetDisplayEnumerationIndex2Response), 

241350 : (SamrCreateUser2InDomain, SamrCreateUser2InDomainResponse), 

241451 : (SamrQueryDisplayInformation3, SamrQueryDisplayInformation3Response), 

241552 : (SamrAddMultipleMembersToAlias, SamrAddMultipleMembersToAliasResponse), 

241653 : (SamrRemoveMultipleMembersFromAlias, SamrRemoveMultipleMembersFromAliasResponse), 

241754 : (SamrOemChangePasswordUser2, SamrOemChangePasswordUser2Response), 

241855 : (SamrUnicodeChangePasswordUser2, SamrUnicodeChangePasswordUser2Response), 

241956 : (SamrGetDomainPasswordInformation, SamrGetDomainPasswordInformationResponse), 

242057 : (SamrConnect2, SamrConnect2Response), 

242158 : (SamrSetInformationUser2, SamrSetInformationUser2Response), 

242262 : (SamrConnect4, SamrConnect4Response), 

242364 : (SamrConnect5, SamrConnect5Response), 

242465 : (SamrRidToSid, SamrRidToSidResponse), 

242566 : (SamrSetDSRMPassword, SamrSetDSRMPasswordResponse), 

242667 : (SamrValidatePassword, SamrValidatePasswordResponse), 

2427} 

2428 

2429################################################################################ 

2430# HELPER FUNCTIONS 

2431################################################################################ 

2432 

2433def hSamrConnect5(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED, inVersion=1, revision=3): 

2434 request = SamrConnect5() 

2435 request['ServerName'] = serverName 

2436 request['DesiredAccess'] = desiredAccess 

2437 request['InVersion'] = inVersion 

2438 request['InRevisionInfo']['tag'] = inVersion 

2439 request['InRevisionInfo']['V1']['Revision'] = revision 

2440 return dce.request(request) 

2441 

2442def hSamrConnect4(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED, clientRevision=2): 

2443 request = SamrConnect4() 

2444 request['ServerName'] = serverName 

2445 request['DesiredAccess'] = desiredAccess 

2446 request['ClientRevision'] = clientRevision 

2447 return dce.request(request) 

2448 

2449def hSamrConnect2(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED): 

2450 request = SamrConnect2() 

2451 request['ServerName'] = serverName 

2452 request['DesiredAccess'] = desiredAccess 

2453 return dce.request(request) 

2454 

2455def hSamrConnect(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED): 

2456 request = SamrConnect() 

2457 request['ServerName'] = serverName 

2458 request['DesiredAccess'] = desiredAccess 

2459 return dce.request(request) 

2460 

2461def hSamrOpenDomain(dce, serverHandle, desiredAccess=MAXIMUM_ALLOWED, domainId=NULL): 

2462 request = SamrOpenDomain() 

2463 request['ServerHandle'] = serverHandle 

2464 request['DesiredAccess'] = desiredAccess 

2465 request['DomainId'] = domainId 

2466 return dce.request(request) 

2467 

2468def hSamrOpenGroup(dce, domainHandle, desiredAccess=MAXIMUM_ALLOWED, groupId=0): 

2469 request = SamrOpenGroup() 

2470 request['DomainHandle'] = domainHandle 

2471 request['DesiredAccess'] = desiredAccess 

2472 request['GroupId'] = groupId 

2473 return dce.request(request) 

2474 

2475def hSamrOpenAlias(dce, domainHandle, desiredAccess=MAXIMUM_ALLOWED, aliasId=0): 

2476 request = SamrOpenAlias() 

2477 request['DomainHandle'] = domainHandle 

2478 request['DesiredAccess'] = desiredAccess 

2479 request['AliasId'] = aliasId 

2480 return dce.request(request) 

2481 

2482def hSamrOpenUser(dce, domainHandle, desiredAccess=MAXIMUM_ALLOWED, userId=0): 

2483 request = SamrOpenUser() 

2484 request['DomainHandle'] = domainHandle 

2485 request['DesiredAccess'] = desiredAccess 

2486 request['UserId'] = userId 

2487 return dce.request(request) 

2488 

2489def hSamrEnumerateDomainsInSamServer(dce, serverHandle, enumerationContext=0, preferedMaximumLength=0xffffffff): 

2490 request = SamrEnumerateDomainsInSamServer() 

2491 request['ServerHandle'] = serverHandle 

2492 request['EnumerationContext'] = enumerationContext 

2493 request['PreferedMaximumLength'] = preferedMaximumLength 

2494 return dce.request(request) 

2495 

2496def hSamrEnumerateGroupsInDomain(dce, domainHandle, enumerationContext=0, preferedMaximumLength=0xffffffff): 

2497 request = SamrEnumerateGroupsInDomain() 

2498 request['DomainHandle'] = domainHandle 

2499 request['EnumerationContext'] = enumerationContext 

2500 request['PreferedMaximumLength'] = preferedMaximumLength 

2501 return dce.request(request) 

2502 

2503def hSamrEnumerateAliasesInDomain(dce, domainHandle, enumerationContext=0, preferedMaximumLength=0xffffffff): 

2504 request = SamrEnumerateAliasesInDomain() 

2505 request['DomainHandle'] = domainHandle 

2506 request['EnumerationContext'] = enumerationContext 

2507 request['PreferedMaximumLength'] = preferedMaximumLength 

2508 return dce.request(request) 

2509 

2510def hSamrEnumerateUsersInDomain(dce, domainHandle, userAccountControl=USER_NORMAL_ACCOUNT, enumerationContext=0, preferedMaximumLength=0xffffffff): 

2511 request = SamrEnumerateUsersInDomain() 

2512 request['DomainHandle'] = domainHandle 

2513 request['UserAccountControl'] = userAccountControl 

2514 request['EnumerationContext'] = enumerationContext 

2515 request['PreferedMaximumLength'] = preferedMaximumLength 

2516 return dce.request(request) 

2517 

2518def hSamrQueryDisplayInformation3(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, index=0, entryCount=0xffffffff, preferedMaximumLength=0xffffffff): 

2519 request = SamrQueryDisplayInformation3() 

2520 request['DomainHandle'] = domainHandle 

2521 request['DisplayInformationClass'] = displayInformationClass 

2522 request['Index'] = index 

2523 request['EntryCount'] = entryCount 

2524 request['PreferredMaximumLength'] = preferedMaximumLength 

2525 return dce.request(request) 

2526 

2527def hSamrQueryDisplayInformation2(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, index=0, entryCount=0xffffffff, preferedMaximumLength=0xffffffff): 

2528 request = SamrQueryDisplayInformation2() 

2529 request['DomainHandle'] = domainHandle 

2530 request['DisplayInformationClass'] = displayInformationClass 

2531 request['Index'] = index 

2532 request['EntryCount'] = entryCount 

2533 request['PreferredMaximumLength'] = preferedMaximumLength 

2534 return dce.request(request) 

2535 

2536def hSamrQueryDisplayInformation(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, index=0, entryCount=0xffffffff, preferedMaximumLength=0xffffffff): 

2537 request = SamrQueryDisplayInformation() 

2538 request['DomainHandle'] = domainHandle 

2539 request['DisplayInformationClass'] = displayInformationClass 

2540 request['Index'] = index 

2541 request['EntryCount'] = entryCount 

2542 request['PreferredMaximumLength'] = preferedMaximumLength 

2543 return dce.request(request) 

2544 

2545def hSamrGetDisplayEnumerationIndex2(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, prefix=''): 

2546 request = SamrGetDisplayEnumerationIndex2() 

2547 request['DomainHandle'] = domainHandle 

2548 request['DisplayInformationClass'] = displayInformationClass 

2549 request['Prefix'] = prefix 

2550 return dce.request(request) 

2551 

2552def hSamrGetDisplayEnumerationIndex(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, prefix=''): 

2553 request = SamrGetDisplayEnumerationIndex() 

2554 request['DomainHandle'] = domainHandle 

2555 request['DisplayInformationClass'] = displayInformationClass 

2556 request['Prefix'] = prefix 

2557 return dce.request(request) 

2558 

2559def hSamrCreateGroupInDomain(dce, domainHandle, name, desiredAccess=GROUP_ALL_ACCESS): 

2560 request = SamrCreateGroupInDomain() 

2561 request['DomainHandle'] = domainHandle 

2562 request['Name'] = name 

2563 request['DesiredAccess'] = desiredAccess 

2564 return dce.request(request) 

2565 

2566def hSamrCreateAliasInDomain(dce, domainHandle, accountName, desiredAccess=GROUP_ALL_ACCESS): 

2567 request = SamrCreateAliasInDomain() 

2568 request['DomainHandle'] = domainHandle 

2569 request['AccountName'] = accountName 

2570 request['DesiredAccess'] = desiredAccess 

2571 return dce.request(request) 

2572 

2573def hSamrCreateUser2InDomain(dce, domainHandle, name, accountType=USER_NORMAL_ACCOUNT, desiredAccess=GROUP_ALL_ACCESS): 

2574 request = SamrCreateUser2InDomain() 

2575 request['DomainHandle'] = domainHandle 

2576 request['Name'] = name 

2577 request['AccountType'] = accountType 

2578 request['DesiredAccess'] = desiredAccess 

2579 return dce.request(request) 

2580 

2581def hSamrCreateUserInDomain(dce, domainHandle, name, desiredAccess=GROUP_ALL_ACCESS): 

2582 request = SamrCreateUserInDomain() 

2583 request['DomainHandle'] = domainHandle 

2584 request['Name'] = name 

2585 request['DesiredAccess'] = desiredAccess 

2586 return dce.request(request) 

2587 

2588def hSamrQueryInformationDomain(dce, domainHandle, domainInformationClass=DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2): 

2589 request = SamrQueryInformationDomain() 

2590 request['DomainHandle'] = domainHandle 

2591 request['DomainInformationClass'] = domainInformationClass 

2592 return dce.request(request) 

2593 

2594def hSamrQueryInformationDomain2(dce, domainHandle, domainInformationClass=DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2): 

2595 request = SamrQueryInformationDomain2() 

2596 request['DomainHandle'] = domainHandle 

2597 request['DomainInformationClass'] = domainInformationClass 

2598 return dce.request(request) 

2599 

2600def hSamrQueryInformationGroup(dce, groupHandle, groupInformationClass=GROUP_INFORMATION_CLASS.GroupGeneralInformation): 

2601 request = SamrQueryInformationGroup() 

2602 request['GroupHandle'] = groupHandle 

2603 request['GroupInformationClass'] = groupInformationClass 

2604 return dce.request(request) 

2605 

2606def hSamrQueryInformationAlias(dce, aliasHandle, aliasInformationClass=ALIAS_INFORMATION_CLASS.AliasGeneralInformation): 

2607 request = SamrQueryInformationAlias() 

2608 request['AliasHandle'] = aliasHandle 

2609 request['AliasInformationClass'] = aliasInformationClass 

2610 return dce.request(request) 

2611 

2612def hSamrQueryInformationUser2(dce, userHandle, userInformationClass=USER_INFORMATION_CLASS.UserGeneralInformation): 

2613 request = SamrQueryInformationUser2() 

2614 request['UserHandle'] = userHandle 

2615 request['UserInformationClass'] = userInformationClass 

2616 return dce.request(request) 

2617 

2618def hSamrQueryInformationUser(dce, userHandle, userInformationClass=USER_INFORMATION_CLASS.UserGeneralInformation): 

2619 request = SamrQueryInformationUser() 

2620 request['UserHandle'] = userHandle 

2621 request['UserInformationClass'] = userInformationClass 

2622 return dce.request(request) 

2623 

2624def hSamrSetInformationDomain(dce, domainHandle, domainInformation): 

2625 request = SamrSetInformationDomain() 

2626 request['DomainHandle'] = domainHandle 

2627 request['DomainInformationClass'] = domainInformation['tag'] 

2628 request['DomainInformation'] = domainInformation 

2629 return dce.request(request) 

2630 

2631def hSamrSetInformationGroup(dce, groupHandle, buffer): 

2632 request = SamrSetInformationGroup() 

2633 request['GroupHandle'] = groupHandle 

2634 request['GroupInformationClass'] = buffer['tag'] 

2635 request['Buffer'] = buffer 

2636 return dce.request(request) 

2637 

2638def hSamrSetInformationAlias(dce, aliasHandle, buffer): 

2639 request = SamrSetInformationAlias() 

2640 request['AliasHandle'] = aliasHandle 

2641 request['AliasInformationClass'] = buffer['tag'] 

2642 request['Buffer'] = buffer 

2643 return dce.request(request) 

2644 

2645def hSamrSetInformationUser2(dce, userHandle, buffer): 

2646 request = SamrSetInformationUser2() 

2647 request['UserHandle'] = userHandle 

2648 request['UserInformationClass'] = buffer['tag'] 

2649 request['Buffer'] = buffer 

2650 return dce.request(request) 

2651 

2652def hSamrSetInformationUser(dce, userHandle, buffer): 

2653 request = SamrSetInformationUser() 

2654 request['UserHandle'] = userHandle 

2655 request['UserInformationClass'] = buffer['tag'] 

2656 request['Buffer'] = buffer 

2657 return dce.request(request) 

2658 

2659def hSamrDeleteGroup(dce, groupHandle): 

2660 request = SamrDeleteGroup() 

2661 request['GroupHandle'] = groupHandle 

2662 return dce.request(request) 

2663 

2664def hSamrDeleteAlias(dce, aliasHandle): 

2665 request = SamrDeleteAlias() 

2666 request['AliasHandle'] = aliasHandle 

2667 return dce.request(request) 

2668 

2669def hSamrDeleteUser(dce, userHandle): 

2670 request = SamrDeleteUser() 

2671 request['UserHandle'] = userHandle 

2672 return dce.request(request) 

2673 

2674def hSamrAddMemberToGroup(dce, groupHandle, memberId, attributes): 

2675 request = SamrAddMemberToGroup() 

2676 request['GroupHandle'] = groupHandle 

2677 request['MemberId'] = memberId 

2678 request['Attributes'] = attributes 

2679 return dce.request(request) 

2680 

2681def hSamrRemoveMemberFromGroup(dce, groupHandle, memberId): 

2682 request = SamrRemoveMemberFromGroup() 

2683 request['GroupHandle'] = groupHandle 

2684 request['MemberId'] = memberId 

2685 return dce.request(request) 

2686 

2687def hSamrGetMembersInGroup(dce, groupHandle): 

2688 request = SamrGetMembersInGroup() 

2689 request['GroupHandle'] = groupHandle 

2690 return dce.request(request) 

2691 

2692def hSamrAddMemberToAlias(dce, aliasHandle, memberId): 

2693 request = SamrAddMemberToAlias() 

2694 request['AliasHandle'] = aliasHandle 

2695 request['MemberId'] = memberId 

2696 return dce.request(request) 

2697 

2698def hSamrRemoveMemberFromAlias(dce, aliasHandle, memberId): 

2699 request = SamrRemoveMemberFromAlias() 

2700 request['AliasHandle'] = aliasHandle 

2701 request['MemberId'] = memberId 

2702 return dce.request(request) 

2703 

2704def hSamrGetMembersInAlias(dce, aliasHandle): 

2705 request = SamrGetMembersInAlias() 

2706 request['AliasHandle'] = aliasHandle 

2707 return dce.request(request) 

2708 

2709def hSamrRemoveMemberFromForeignDomain(dce, domainHandle, memberSid): 

2710 request = SamrRemoveMemberFromForeignDomain() 

2711 request['DomainHandle'] = domainHandle 

2712 request['MemberSid'] = memberSid 

2713 return dce.request(request) 

2714 

2715def hSamrAddMultipleMembersToAlias(dce, aliasHandle, membersBuffer): 

2716 request = SamrAddMultipleMembersToAlias() 

2717 request['AliasHandle'] = aliasHandle 

2718 request['MembersBuffer'] = membersBuffer 

2719 request['MembersBuffer']['Count'] = len(membersBuffer['Sids']) 

2720 return dce.request(request) 

2721 

2722def hSamrRemoveMultipleMembersFromAlias(dce, aliasHandle, membersBuffer): 

2723 request = SamrRemoveMultipleMembersFromAlias() 

2724 request['AliasHandle'] = aliasHandle 

2725 request['MembersBuffer'] = membersBuffer 

2726 request['MembersBuffer']['Count'] = len(membersBuffer['Sids']) 

2727 return dce.request(request) 

2728 

2729def hSamrGetGroupsForUser(dce, userHandle): 

2730 request = SamrGetGroupsForUser() 

2731 request['UserHandle'] = userHandle 

2732 return dce.request(request) 

2733 

2734def hSamrGetAliasMembership(dce, domainHandle, sidArray): 

2735 request = SamrGetAliasMembership() 

2736 request['DomainHandle'] = domainHandle 

2737 request['SidArray'] = sidArray 

2738 request['SidArray']['Count'] = len(sidArray['Sids']) 

2739 return dce.request(request) 

2740 

2741def hSamrChangePasswordUser(dce, userHandle, oldPassword, newPassword, oldPwdHashNT='', newPwdHashLM='', newPwdHashNT=''): 

2742 request = SamrChangePasswordUser() 

2743 request['UserHandle'] = userHandle 

2744 

2745 from impacket import crypto, ntlm 

2746 

2747 if oldPwdHashNT == '': 2747 ↛ 2751line 2747 didn't jump to line 2751, because the condition on line 2747 was never false

2748 oldPwdHashNT = ntlm.NTOWFv1(oldPassword) 

2749 else: 

2750 # Let's convert the hashes to binary form, if not yet 

2751 try: 

2752 oldPwdHashNT = unhexlify(oldPwdHashNT) 

2753 except: 

2754 pass 

2755 

2756 if newPwdHashLM == '': 2756 ↛ 2760line 2756 didn't jump to line 2760, because the condition on line 2756 was never false

2757 newPwdHashLM = ntlm.LMOWFv1(newPassword) 

2758 else: 

2759 # Let's convert the hashes to binary form, if not yet 

2760 try: 

2761 newPwdHashLM = unhexlify(newPwdHashLM) 

2762 except: 

2763 pass 

2764 

2765 if newPwdHashNT == '': 2765 ↛ 2769line 2765 didn't jump to line 2769, because the condition on line 2765 was never false

2766 newPwdHashNT = ntlm.NTOWFv1(newPassword) 

2767 else: 

2768 # Let's convert the hashes to binary form, if not yet 

2769 try: 

2770 newPwdHashNT = unhexlify(newPwdHashNT) 

2771 except: 

2772 pass 

2773 

2774 request['LmPresent'] = 0 

2775 request['OldLmEncryptedWithNewLm'] = NULL 

2776 request['NewLmEncryptedWithOldLm'] = NULL 

2777 request['NtPresent'] = 1 

2778 request['OldNtEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(oldPwdHashNT, newPwdHashNT) 

2779 request['NewNtEncryptedWithOldNt'] = crypto.SamEncryptNTLMHash(newPwdHashNT, oldPwdHashNT) 

2780 request['NtCrossEncryptionPresent'] = 0 

2781 request['NewNtEncryptedWithNewLm'] = NULL 

2782 request['LmCrossEncryptionPresent'] = 1 

2783 request['NewLmEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(newPwdHashLM, newPwdHashNT) 

2784 

2785 return dce.request(request) 

2786 

2787def hSamrUnicodeChangePasswordUser2(dce, serverName='\x00', userName='', oldPassword='', newPassword='', oldPwdHashLM = '', oldPwdHashNT = ''): 

2788 request = SamrUnicodeChangePasswordUser2() 

2789 request['ServerName'] = serverName 

2790 request['UserName'] = userName 

2791 

2792 try: 

2793 from Cryptodome.Cipher import ARC4 

2794 except Exception: 

2795 LOG.critical("Warning: You don't have any crypto installed. You need pycryptodomex") 

2796 LOG.critical("See https://pypi.org/project/pycryptodomex/") 

2797 from impacket import crypto, ntlm 

2798 

2799 if oldPwdHashLM == '' and oldPwdHashNT == '': 2799 ↛ 2804line 2799 didn't jump to line 2804, because the condition on line 2799 was never false

2800 oldPwdHashLM = ntlm.LMOWFv1(oldPassword) 

2801 oldPwdHashNT = ntlm.NTOWFv1(oldPassword) 

2802 else: 

2803 # Let's convert the hashes to binary form, if not yet 

2804 try: 

2805 oldPwdHashLM = unhexlify(oldPwdHashLM) 

2806 except: 

2807 pass 

2808 try: 

2809 oldPwdHashNT = unhexlify(oldPwdHashNT) 

2810 except: 

2811 pass 

2812 

2813 newPwdHashNT = ntlm.NTOWFv1(newPassword) 

2814 

2815 samUser = SAMPR_USER_PASSWORD() 

2816 try: 

2817 samUser['Buffer'] = b'A'*(512-len(newPassword)*2) + newPassword.encode('utf-16le') 

2818 except UnicodeDecodeError: 

2819 import sys 

2820 samUser['Buffer'] = b'A'*(512-len(newPassword)*2) + newPassword.decode(sys.getfilesystemencoding()).encode('utf-16le') 

2821 

2822 samUser['Length'] = len(newPassword)*2 

2823 pwdBuff = samUser.getData() 

2824 

2825 rc4 = ARC4.new(oldPwdHashNT) 

2826 encBuf = rc4.encrypt(pwdBuff) 

2827 request['NewPasswordEncryptedWithOldNt']['Buffer'] = encBuf 

2828 request['OldNtOwfPasswordEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(oldPwdHashNT, newPwdHashNT) 

2829 request['LmPresent'] = 0 

2830 request['NewPasswordEncryptedWithOldLm'] = NULL 

2831 request['OldLmOwfPasswordEncryptedWithNewNt'] = NULL 

2832 

2833 return dce.request(request) 

2834 

2835def hSamrLookupDomainInSamServer(dce, serverHandle, name): 

2836 request = SamrLookupDomainInSamServer() 

2837 request['ServerHandle'] = serverHandle 

2838 request['Name'] = name 

2839 return dce.request(request) 

2840 

2841def hSamrSetSecurityObject(dce, objectHandle, securityInformation, securityDescriptor): 

2842 request = SamrSetSecurityObject() 

2843 request['ObjectHandle'] = objectHandle 

2844 request['SecurityInformation'] = securityInformation 

2845 request['SecurityDescriptor'] = securityDescriptor 

2846 return dce.request(request) 

2847 

2848def hSamrQuerySecurityObject(dce, objectHandle, securityInformation): 

2849 request = SamrQuerySecurityObject() 

2850 request['ObjectHandle'] = objectHandle 

2851 request['SecurityInformation'] = securityInformation 

2852 return dce.request(request) 

2853 

2854def hSamrCloseHandle(dce, samHandle): 

2855 request = SamrCloseHandle() 

2856 request['SamHandle'] = samHandle 

2857 return dce.request(request) 

2858 

2859def hSamrSetMemberAttributesOfGroup(dce, groupHandle, memberId, attributes): 

2860 request = SamrSetMemberAttributesOfGroup() 

2861 request['GroupHandle'] = groupHandle 

2862 request['MemberId'] = memberId 

2863 request['Attributes'] = attributes 

2864 return dce.request(request) 

2865 

2866def hSamrGetUserDomainPasswordInformation(dce, userHandle): 

2867 request = SamrGetUserDomainPasswordInformation() 

2868 request['UserHandle'] = userHandle 

2869 return dce.request(request) 

2870 

2871def hSamrGetDomainPasswordInformation(dce): 

2872 request = SamrGetDomainPasswordInformation() 

2873 request['Unused'] = NULL 

2874 return dce.request(request) 

2875 

2876def hSamrRidToSid(dce, objectHandle, rid): 

2877 request = SamrRidToSid() 

2878 request['ObjectHandle'] = objectHandle 

2879 request['Rid'] = rid 

2880 return dce.request(request) 

2881 

2882def hSamrValidatePassword(dce, inputArg): 

2883 request = SamrValidatePassword() 

2884 request['ValidationType'] = inputArg['tag'] 

2885 request['InputArg'] = inputArg 

2886 return dce.request(request) 

2887 

2888def hSamrLookupNamesInDomain(dce, domainHandle, names): 

2889 request = SamrLookupNamesInDomain() 

2890 request['DomainHandle'] = domainHandle 

2891 request['Count'] = len(names) 

2892 for name in names: 

2893 entry = RPC_UNICODE_STRING() 

2894 entry['Data'] = name 

2895 request['Names'].append(entry) 

2896 

2897 request.fields['Names'].fields['MaximumCount'] = 1000 

2898 

2899 return dce.request(request) 

2900 

2901def hSamrLookupIdsInDomain(dce, domainHandle, ids): 

2902 request = SamrLookupIdsInDomain() 

2903 request['DomainHandle'] = domainHandle 

2904 request['Count'] = len(ids) 

2905 for dId in ids: 

2906 entry = ULONG() 

2907 entry['Data'] = dId 

2908 request['RelativeIds'].append(entry) 

2909 

2910 request.fields['RelativeIds'].fields['MaximumCount'] = 1000 

2911 

2912 return dce.request(request) 

2913 

2914def hSamrSetPasswordInternal4New(dce, userHandle, password): 

2915 request = SamrSetInformationUser2() 

2916 request['UserHandle'] = userHandle 

2917 request['UserInformationClass'] = USER_INFORMATION_CLASS.UserInternal4InformationNew 

2918 request['Buffer']['tag'] = USER_INFORMATION_CLASS.UserInternal4InformationNew 

2919 request['Buffer']['Internal4New']['I1']['WhichFields'] = 0x01000000 | 0x08000000 

2920 

2921 request['Buffer']['Internal4New']['I1']['UserName'] = NULL 

2922 request['Buffer']['Internal4New']['I1']['FullName'] = NULL 

2923 request['Buffer']['Internal4New']['I1']['HomeDirectory'] = NULL 

2924 request['Buffer']['Internal4New']['I1']['HomeDirectoryDrive'] = NULL 

2925 request['Buffer']['Internal4New']['I1']['ScriptPath'] = NULL 

2926 request['Buffer']['Internal4New']['I1']['ProfilePath'] = NULL 

2927 request['Buffer']['Internal4New']['I1']['AdminComment'] = NULL 

2928 request['Buffer']['Internal4New']['I1']['WorkStations'] = NULL 

2929 request['Buffer']['Internal4New']['I1']['UserComment'] = NULL 

2930 request['Buffer']['Internal4New']['I1']['Parameters'] = NULL 

2931 request['Buffer']['Internal4New']['I1']['LmOwfPassword']['Buffer'] = NULL 

2932 request['Buffer']['Internal4New']['I1']['NtOwfPassword']['Buffer'] = NULL 

2933 request['Buffer']['Internal4New']['I1']['PrivateData'] = NULL 

2934 request['Buffer']['Internal4New']['I1']['SecurityDescriptor']['SecurityDescriptor'] = NULL 

2935 request['Buffer']['Internal4New']['I1']['LogonHours']['LogonHours'] = NULL 

2936 request['Buffer']['Internal4New']['I1']['PasswordExpired'] = 1 

2937 

2938 #crypto 

2939 pwdbuff = password.encode("utf-16le") 

2940 bufflen = len(pwdbuff) 

2941 pwdbuff = pwdbuff.rjust(512, b'\0') 

2942 pwdbuff += struct.pack('<I', bufflen) 

2943 salt = os.urandom(16) 

2944 session_key = dce.get_rpc_transport().get_smb_connection().getSessionKey() 

2945 keymd = md5() 

2946 keymd.update(salt) 

2947 keymd.update(session_key) 

2948 key = keymd.digest() 

2949 

2950 cipher = ARC4.new(key) 

2951 buffercrypt = cipher.encrypt(pwdbuff) + salt 

2952 

2953 

2954 request['Buffer']['Internal4New']['UserPassword']['Buffer'] = buffercrypt 

2955 return dce.request(request)