Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# Impacket - Collection of Python classes for working with network protocols. 

2# 

3# SECUREAUTH LABS. Copyright (C) 2020 SecureAuth Corporation. All rights reserved. 

4# 

5# This software is provided under a slightly modified version 

6# of the Apache Software License. See the accompanying LICENSE file 

7# for more information. 

8# 

9# Description: 

10# [MS-NRPC] Interface implementation 

11# 

12# Best way to learn how to use these calls is to grab the protocol standard 

13# so you understand what the call does, and then read the test case located 

14# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC 

15# 

16# Some calls have helper functions, which makes it even easier to use. 

17# They are located at the end of this file. 

18# Helper functions start with "h"<name of the call>. 

19# There are test cases for them too. 

20# 

21# Author: 

22# Alberto Solino (@agsolino) 

23# 

24from struct import pack 

25from six import b 

26from impacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRENUM, NDRUNION, NDRPOINTER, NDRUniConformantArray, \ 

27 NDRUniFixedArray, NDRUniConformantVaryingArray 

28from impacket.dcerpc.v5.dtypes import WSTR, LPWSTR, DWORD, ULONG, USHORT, PGUID, NTSTATUS, NULL, LONG, UCHAR, PRPC_SID, \ 

29 GUID, RPC_UNICODE_STRING, SECURITY_INFORMATION, LPULONG 

30from impacket import system_errors, nt_errors 

31from impacket.uuid import uuidtup_to_bin 

32from impacket.dcerpc.v5.enum import Enum 

33from impacket.dcerpc.v5.samr import OLD_LARGE_INTEGER 

34from impacket.dcerpc.v5.lsad import PLSA_FOREST_TRUST_INFORMATION 

35from impacket.dcerpc.v5.rpcrt import DCERPCException 

36from impacket.structure import Structure 

37from impacket import ntlm, crypto, LOG 

38import hmac 

39import hashlib 

40try: 

41 from Cryptodome.Cipher import DES, AES, ARC4 

42except ImportError: 

43 LOG.critical("Warning: You don't have any crypto installed. You need pycryptodomex") 

44 LOG.critical("See https://pypi.org/project/pycryptodomex/") 

45 

46MSRPC_UUID_NRPC = uuidtup_to_bin(('12345678-1234-ABCD-EF00-01234567CFFB', '1.0')) 

47 

48class DCERPCSessionError(DCERPCException): 

49 def __init__(self, error_string=None, error_code=None, packet=None): 

50 DCERPCException.__init__(self, error_string, error_code, packet) 

51 

52 def __str__( self ): 

53 key = self.error_code 

54 if key in system_errors.ERROR_MESSAGES: 

55 error_msg_short = system_errors.ERROR_MESSAGES[key][0] 

56 error_msg_verbose = system_errors.ERROR_MESSAGES[key][1] 

57 return 'NRPC SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose) 

58 elif key in nt_errors.ERROR_MESSAGES: 58 ↛ 63line 58 didn't jump to line 63, because the condition on line 58 was never false

59 error_msg_short = nt_errors.ERROR_MESSAGES[key][0] 

60 error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1] 

61 return 'NRPC SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose) 

62 else: 

63 return 'NRPC SessionError: unknown error code: 0x%x' % (self.error_code) 

64 

65################################################################################ 

66# CONSTANTS 

67################################################################################ 

68# 2.2.1.2.5 NL_DNS_NAME_INFO 

69# Type 

70NlDnsLdapAtSite = 22 

71NlDnsGcAtSite = 25 

72NlDnsDsaCname = 28 

73NlDnsKdcAtSite = 30 

74NlDnsDcAtSite = 32 

75NlDnsRfc1510KdcAtSite = 34 

76NlDnsGenericGcAtSite = 36 

77 

78# DnsDomainInfoType 

79NlDnsDomainName = 1 

80NlDnsDomainNameAlias = 2 

81NlDnsForestName = 3 

82NlDnsForestNameAlias = 4 

83NlDnsNdncDomainName = 5 

84NlDnsRecordName = 6 

85 

86# 2.2.1.3.15 NL_OSVERSIONINFO_V1 

87# wSuiteMask 

88VER_SUITE_BACKOFFICE = 0x00000004 

89VER_SUITE_BLADE = 0x00000400 

90VER_SUITE_COMPUTE_SERVER = 0x00004000 

91VER_SUITE_DATACENTER = 0x00000080 

92VER_SUITE_ENTERPRISE = 0x00000002 

93VER_SUITE_EMBEDDEDNT = 0x00000040 

94VER_SUITE_PERSONAL = 0x00000200 

95VER_SUITE_SINGLEUSERTS = 0x00000100 

96VER_SUITE_SMALLBUSINESS = 0x00000001 

97VER_SUITE_SMALLBUSINESS_RESTRICTED = 0x00000020 

98VER_SUITE_STORAGE_SERVER = 0x00002000 

99VER_SUITE_TERMINAL = 0x00000010 

100 

101# wProductType 

102VER_NT_DOMAIN_CONTROLLER = 0x00000002 

103VER_NT_SERVER = 0x00000003 

104VER_NT_WORKSTATION = 0x00000001 

105 

106# 2.2.1.4.18 NETLOGON Specific Access Masks 

107NETLOGON_UAS_LOGON_ACCESS = 0x0001 

108NETLOGON_UAS_LOGOFF_ACCESS = 0x0002 

109NETLOGON_CONTROL_ACCESS = 0x0004 

110NETLOGON_QUERY_ACCESS = 0x0008 

111NETLOGON_SERVICE_ACCESS = 0x0010 

112NETLOGON_FTINFO_ACCESS = 0x0020 

113NETLOGON_WKSTA_RPC_ACCESS = 0x0040 

114 

115# 3.5.4.9.1 NetrLogonControl2Ex (Opnum 18) 

116# FunctionCode 

117NETLOGON_CONTROL_QUERY = 0x00000001 

118NETLOGON_CONTROL_REPLICATE = 0x00000002 

119NETLOGON_CONTROL_SYNCHRONIZE = 0x00000003 

120NETLOGON_CONTROL_PDC_REPLICATE = 0x00000004 

121NETLOGON_CONTROL_REDISCOVER = 0x00000005 

122NETLOGON_CONTROL_TC_QUERY = 0x00000006 

123NETLOGON_CONTROL_TRANSPORT_NOTIFY = 0x00000007 

124NETLOGON_CONTROL_FIND_USER = 0x00000008 

125NETLOGON_CONTROL_CHANGE_PASSWORD = 0x00000009 

126NETLOGON_CONTROL_TC_VERIFY = 0x0000000A 

127NETLOGON_CONTROL_FORCE_DNS_REG = 0x0000000B 

128NETLOGON_CONTROL_QUERY_DNS_REG = 0x0000000C 

129NETLOGON_CONTROL_BACKUP_CHANGE_LOG = 0x0000FFFC 

130NETLOGON_CONTROL_TRUNCATE_LOG = 0x0000FFFD 

131NETLOGON_CONTROL_SET_DBFLAG = 0x0000FFFE 

132NETLOGON_CONTROL_BREAKPOINT = 0x0000FFFF 

133 

134################################################################################ 

135# STRUCTURES 

136################################################################################ 

137# 3.5.4.1 RPC Binding Handles for Netlogon Methods 

138LOGONSRV_HANDLE = WSTR 

139PLOGONSRV_HANDLE = LPWSTR 

140 

141# 2.2.1.1.1 CYPHER_BLOCK 

142class CYPHER_BLOCK(NDRSTRUCT): 

143 structure = ( 

144 ('Data', '8s=b""'), 

145 ) 

146 def getAlignment(self): 

147 return 1 

148 

149NET_API_STATUS = DWORD 

150 

151# 2.2.1.1.2 STRING 

152from impacket.dcerpc.v5.lsad import STRING 

153 

154# 2.2.1.1.3 LM_OWF_PASSWORD 

155class CYPHER_BLOCK_ARRAY(NDRUniFixedArray): 

156 def getDataLen(self, data, offset=0): 

157 return len(CYPHER_BLOCK())*2 

158 

159class LM_OWF_PASSWORD(NDRSTRUCT): 

160 structure = ( 

161 ('Data', CYPHER_BLOCK_ARRAY), 

162 ) 

163 

164# 2.2.1.1.4 NT_OWF_PASSWORD 

165NT_OWF_PASSWORD = LM_OWF_PASSWORD 

166ENCRYPTED_NT_OWF_PASSWORD = NT_OWF_PASSWORD 

167 

168# 2.2.1.3.4 NETLOGON_CREDENTIAL 

169class UCHAR_FIXED_ARRAY(NDRUniFixedArray): 

170 align = 1 

171 def getDataLen(self, data, offset=0): 

172 return len(CYPHER_BLOCK()) 

173 

174class NETLOGON_CREDENTIAL(NDRSTRUCT): 

175 structure = ( 

176 ('Data',UCHAR_FIXED_ARRAY), 

177 ) 

178 def getAlignment(self): 

179 return 1 

180 

181# 2.2.1.1.5 NETLOGON_AUTHENTICATOR 

182class NETLOGON_AUTHENTICATOR(NDRSTRUCT): 

183 structure = ( 

184 ('Credential', NETLOGON_CREDENTIAL), 

185 ('Timestamp', DWORD), 

186 ) 

187 

188class PNETLOGON_AUTHENTICATOR(NDRPOINTER): 

189 referent = ( 

190 ('Data', NETLOGON_AUTHENTICATOR), 

191 ) 

192 

193# 2.2.1.2.1 DOMAIN_CONTROLLER_INFOW 

194class DOMAIN_CONTROLLER_INFOW(NDRSTRUCT): 

195 structure = ( 

196 ('DomainControllerName', LPWSTR), 

197 ('DomainControllerAddress', LPWSTR), 

198 ('DomainControllerAddressType', ULONG), 

199 ('DomainGuid', GUID), 

200 ('DomainName', LPWSTR), 

201 ('DnsForestName', LPWSTR), 

202 ('Flags', ULONG), 

203 ('DcSiteName', LPWSTR), 

204 ('ClientSiteName', LPWSTR), 

205 ) 

206 

207class PDOMAIN_CONTROLLER_INFOW(NDRPOINTER): 

208 referent = ( 

209 ('Data', DOMAIN_CONTROLLER_INFOW), 

210 ) 

211 

212# 2.2.1.2.2 NL_SITE_NAME_ARRAY 

213class RPC_UNICODE_STRING_ARRAY(NDRUniConformantArray): 

214 item = RPC_UNICODE_STRING 

215 

216class PRPC_UNICODE_STRING_ARRAY(NDRPOINTER): 

217 referent = ( 

218 ('Data', RPC_UNICODE_STRING_ARRAY), 

219 ) 

220 

221class NL_SITE_NAME_ARRAY(NDRSTRUCT): 

222 structure = ( 

223 ('EntryCount', ULONG), 

224 ('SiteNames', PRPC_UNICODE_STRING_ARRAY), 

225 ) 

226 

227class PNL_SITE_NAME_ARRAY(NDRPOINTER): 

228 referent = ( 

229 ('Data', NL_SITE_NAME_ARRAY), 

230 ) 

231 

232# 2.2.1.2.3 NL_SITE_NAME_EX_ARRAY 

233class RPC_UNICODE_STRING_ARRAY(NDRUniConformantArray): 

234 item = RPC_UNICODE_STRING 

235 

236class NL_SITE_NAME_EX_ARRAY(NDRSTRUCT): 

237 structure = ( 

238 ('EntryCount', ULONG), 

239 ('SiteNames', PRPC_UNICODE_STRING_ARRAY), 

240 ('SubnetNames', PRPC_UNICODE_STRING_ARRAY), 

241 ) 

242 

243class PNL_SITE_NAME_EX_ARRAY(NDRPOINTER): 

244 referent = ( 

245 ('Data', NL_SITE_NAME_EX_ARRAY), 

246 ) 

247 

248# 2.2.1.2.4 NL_SOCKET_ADDRESS 

249# 2.2.1.2.4.1 IPv4 Address Structure 

250class IPv4Address(Structure): 

251 structure = ( 

252 ('AddressFamily', '<H=0'), 

253 ('Port', '<H=0'), 

254 ('Address', '<L=0'), 

255 ('Padding', '<L=0'), 

256 ) 

257 

258class UCHAR_ARRAY(NDRUniConformantArray): 

259 item = 'c' 

260 

261class PUCHAR_ARRAY(NDRPOINTER): 

262 referent = ( 

263 ('Data', UCHAR_ARRAY), 

264 ) 

265 

266class NL_SOCKET_ADDRESS(NDRSTRUCT): 

267 structure = ( 

268 ('lpSockaddr', PUCHAR_ARRAY), 

269 ('iSockaddrLength', ULONG), 

270 ) 

271 

272class NL_SOCKET_ADDRESS_ARRAY(NDRUniConformantArray): 

273 item = NL_SOCKET_ADDRESS 

274 

275# 2.2.1.2.5 NL_DNS_NAME_INFO 

276class NL_DNS_NAME_INFO(NDRSTRUCT): 

277 structure = ( 

278 ('Type', ULONG), 

279 ('DnsDomainInfoType', WSTR), 

280 ('Priority', ULONG), 

281 ('Weight', ULONG), 

282 ('Port', ULONG), 

283 ('Register', UCHAR), 

284 ('Status', ULONG), 

285 ) 

286 

287# 2.2.1.2.6 NL_DNS_NAME_INFO_ARRAY 

288class NL_DNS_NAME_INFO_ARRAY(NDRUniConformantArray): 

289 item = NL_DNS_NAME_INFO 

290 

291class PNL_DNS_NAME_INFO_ARRAY(NDRPOINTER): 

292 referent = ( 

293 ('Data', NL_DNS_NAME_INFO_ARRAY), 

294 ) 

295 

296class NL_DNS_NAME_INFO_ARRAY(NDRSTRUCT): 

297 structure = ( 

298 ('EntryCount', ULONG), 

299 ('DnsNamesInfo', PNL_DNS_NAME_INFO_ARRAY), 

300 ) 

301 

302# 2.2.1.3 Secure Channel Establishment and Maintenance Structures 

303# ToDo 

304 

305# 2.2.1.3.5 NETLOGON_LSA_POLICY_INFO 

306class NETLOGON_LSA_POLICY_INFO(NDRSTRUCT): 

307 structure = ( 

308 ('LsaPolicySize', ULONG), 

309 ('LsaPolicy', PUCHAR_ARRAY), 

310 ) 

311 

312class PNETLOGON_LSA_POLICY_INFO(NDRPOINTER): 

313 referent = ( 

314 ('Data', NETLOGON_LSA_POLICY_INFO), 

315 ) 

316 

317# 2.2.1.3.6 NETLOGON_WORKSTATION_INFO 

318class NETLOGON_WORKSTATION_INFO(NDRSTRUCT): 

319 structure = ( 

320 ('LsaPolicy', NETLOGON_LSA_POLICY_INFO), 

321 ('DnsHostName', LPWSTR), 

322 ('SiteName', LPWSTR), 

323 ('Dummy1', LPWSTR), 

324 ('Dummy2', LPWSTR), 

325 ('Dummy3', LPWSTR), 

326 ('Dummy4', LPWSTR), 

327 ('OsVersion', RPC_UNICODE_STRING), 

328 ('OsName', RPC_UNICODE_STRING), 

329 ('DummyString3', RPC_UNICODE_STRING), 

330 ('DummyString4', RPC_UNICODE_STRING), 

331 ('WorkstationFlags', ULONG), 

332 ('KerberosSupportedEncryptionTypes', ULONG), 

333 ('DummyLong3', ULONG), 

334 ('DummyLong4', ULONG), 

335 ) 

336 

337class PNETLOGON_WORKSTATION_INFO(NDRPOINTER): 

338 referent = ( 

339 ('Data', NETLOGON_WORKSTATION_INFO), 

340 ) 

341 

342# 2.2.1.3.7 NL_TRUST_PASSWORD 

343class NL_TRUST_PASSWORD_FIXED_ARRAY(NDRUniFixedArray): 

344 def getDataLen(self, data, offset=0): 

345 return 512+4 

346 

347 def getAlignment(self): 

348 return 1 

349 

350class WCHAR_ARRAY(NDRUniFixedArray): 

351 def getDataLen(self, data, offset=0): 

352 return 512 

353 

354class NL_TRUST_PASSWORD(NDRSTRUCT): 

355 structure = ( 

356 ('Buffer', WCHAR_ARRAY), 

357 ('Length', ULONG), 

358 ) 

359 

360class PNL_TRUST_PASSWORD(NDRPOINTER): 

361 referent = ( 

362 ('Data', NL_TRUST_PASSWORD), 

363 ) 

364 

365# 2.2.1.3.8 NL_PASSWORD_VERSION 

366class NL_PASSWORD_VERSION(NDRSTRUCT): 

367 structure = ( 

368 ('ReservedField', ULONG), 

369 ('PasswordVersionNumber', ULONG), 

370 ('PasswordVersionPresent', ULONG), 

371 ) 

372 

373# 2.2.1.3.9 NETLOGON_WORKSTATION_INFORMATION 

374class NETLOGON_WORKSTATION_INFORMATION(NDRUNION): 

375 commonHdr = ( 

376 ('tag', DWORD), 

377 ) 

378 

379 union = { 

380 1 : ('WorkstationInfo', PNETLOGON_WORKSTATION_INFO), 

381 2 : ('LsaPolicyInfo', PNETLOGON_LSA_POLICY_INFO), 

382 } 

383 

384# 2.2.1.3.10 NETLOGON_ONE_DOMAIN_INFO 

385class NETLOGON_ONE_DOMAIN_INFO(NDRSTRUCT): 

386 structure = ( 

387 ('DomainName', RPC_UNICODE_STRING), 

388 ('DnsDomainName', RPC_UNICODE_STRING), 

389 ('DnsForestName', RPC_UNICODE_STRING), 

390 ('DomainGuid', GUID), 

391 ('DomainSid', PRPC_SID), 

392 ('TrustExtension', RPC_UNICODE_STRING), 

393 ('DummyString2', RPC_UNICODE_STRING), 

394 ('DummyString3', RPC_UNICODE_STRING), 

395 ('DummyString4', RPC_UNICODE_STRING), 

396 ('DummyLong1', ULONG), 

397 ('DummyLong2', ULONG), 

398 ('DummyLong3', ULONG), 

399 ('DummyLong4', ULONG), 

400 ) 

401 

402class NETLOGON_ONE_DOMAIN_INFO_ARRAY(NDRUniConformantArray): 

403 item = NETLOGON_ONE_DOMAIN_INFO 

404 

405class PNETLOGON_ONE_DOMAIN_INFO_ARRAY(NDRPOINTER): 

406 referent = ( 

407 ('Data', NETLOGON_ONE_DOMAIN_INFO_ARRAY), 

408 ) 

409 

410# 2.2.1.3.11 NETLOGON_DOMAIN_INFO 

411class NETLOGON_DOMAIN_INFO(NDRSTRUCT): 

412 structure = ( 

413 ('PrimaryDomain', NETLOGON_ONE_DOMAIN_INFO), 

414 ('TrustedDomainCount', ULONG), 

415 ('TrustedDomains', PNETLOGON_ONE_DOMAIN_INFO_ARRAY), 

416 ('LsaPolicy', NETLOGON_LSA_POLICY_INFO), 

417 ('DnsHostNameInDs', RPC_UNICODE_STRING), 

418 ('DummyString2', RPC_UNICODE_STRING), 

419 ('DummyString3', RPC_UNICODE_STRING), 

420 ('DummyString4', RPC_UNICODE_STRING), 

421 ('WorkstationFlags', ULONG), 

422 ('SupportedEncTypes', ULONG), 

423 ('DummyLong3', ULONG), 

424 ('DummyLong4', ULONG), 

425 ) 

426 

427class PNETLOGON_DOMAIN_INFO(NDRPOINTER): 

428 referent = ( 

429 ('Data', NETLOGON_DOMAIN_INFO), 

430 ) 

431 

432# 2.2.1.3.12 NETLOGON_DOMAIN_INFORMATION 

433class NETLOGON_DOMAIN_INFORMATION(NDRUNION): 

434 commonHdr = ( 

435 ('tag', DWORD), 

436 ) 

437 

438 union = { 

439 1 : ('DomainInfo', PNETLOGON_DOMAIN_INFO), 

440 2 : ('LsaPolicyInfo', PNETLOGON_LSA_POLICY_INFO), 

441 } 

442 

443# 2.2.1.3.13 NETLOGON_SECURE_CHANNEL_TYPE 

444class NETLOGON_SECURE_CHANNEL_TYPE(NDRENUM): 

445 class enumItems(Enum): 

446 NullSecureChannel = 0 

447 MsvApSecureChannel = 1 

448 WorkstationSecureChannel = 2 

449 TrustedDnsDomainSecureChannel = 3 

450 TrustedDomainSecureChannel = 4 

451 UasServerSecureChannel = 5 

452 ServerSecureChannel = 6 

453 CdcServerSecureChannel = 7 

454 

455# 2.2.1.3.14 NETLOGON_CAPABILITIES 

456class NETLOGON_CAPABILITIES(NDRUNION): 

457 commonHdr = ( 

458 ('tag', DWORD), 

459 ) 

460 

461 union = { 

462 1 : ('ServerCapabilities', ULONG), 

463 } 

464 

465# 2.2.1.3.15 NL_OSVERSIONINFO_V1 

466class UCHAR_FIXED_ARRAY(NDRUniFixedArray): 

467 def getDataLen(self, data, offset=0): 

468 return 128 

469 

470class NL_OSVERSIONINFO_V1(NDRSTRUCT): 

471 structure = ( 

472 ('dwOSVersionInfoSize', DWORD), 

473 ('dwMajorVersion', DWORD), 

474 ('dwMinorVersion', DWORD), 

475 ('dwBuildNumber', DWORD), 

476 ('dwPlatformId', DWORD), 

477 ('szCSDVersion', UCHAR_FIXED_ARRAY), 

478 ('wServicePackMajor', USHORT), 

479 ('wServicePackMinor', USHORT), 

480 ('wSuiteMask', USHORT), 

481 ('wProductType', UCHAR), 

482 ('wReserved', UCHAR), 

483 ) 

484 

485class PNL_OSVERSIONINFO_V1(NDRPOINTER): 

486 referent = ( 

487 ('Data', NL_OSVERSIONINFO_V1), 

488 ) 

489 

490# 2.2.1.3.16 NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES_V1 

491class PLPWSTR(NDRPOINTER): 

492 referent = ( 

493 ('Data', LPWSTR), 

494 ) 

495 

496class NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES_V1(NDRSTRUCT): 

497 structure = ( 

498 ('ClientDnsHostName', PLPWSTR), 

499 ('OsVersionInfo', PNL_OSVERSIONINFO_V1), 

500 ('OsName', PLPWSTR), 

501 ) 

502 

503# 2.2.1.3.17 NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES 

504class NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES(NDRUNION): 

505 commonHdr = ( 

506 ('tag', DWORD), 

507 ) 

508 

509 union = { 

510 1 : ('V1', NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES_V1), 

511 } 

512 

513# 2.2.1.3.18 NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES_V1 

514class NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES_V1(NDRSTRUCT): 

515 structure = ( 

516 ('HubName', PLPWSTR), 

517 ('OldDnsHostName', PLPWSTR), 

518 ('SupportedEncTypes', LPULONG), 

519 ) 

520 

521# 2.2.1.3.19 NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES 

522class NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES(NDRUNION): 

523 commonHdr = ( 

524 ('tag', DWORD), 

525 ) 

526 

527 union = { 

528 1 : ('V1', NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES_V1), 

529 } 

530 

531# 2.2.1.4.1 LM_CHALLENGE 

532class CHAR_FIXED_8_ARRAY(NDRUniFixedArray): 

533 def getDataLen(self, data, offset=0): 

534 return 8 

535 

536class LM_CHALLENGE(NDRSTRUCT): 

537 structure = ( 

538 ('Data', CHAR_FIXED_8_ARRAY), 

539 ) 

540 

541# 2.2.1.4.15 NETLOGON_LOGON_IDENTITY_INFO 

542class NETLOGON_LOGON_IDENTITY_INFO(NDRSTRUCT): 

543 structure = ( 

544 ('LogonDomainName', RPC_UNICODE_STRING), 

545 ('ParameterControl', ULONG), 

546 ('Reserved', OLD_LARGE_INTEGER), 

547 ('UserName', RPC_UNICODE_STRING), 

548 ('Workstation', RPC_UNICODE_STRING), 

549 ) 

550 

551class PNETLOGON_LOGON_IDENTITY_INFO(NDRPOINTER): 

552 referent = ( 

553 ('Data', NETLOGON_LOGON_IDENTITY_INFO), 

554 ) 

555 

556# 2.2.1.4.2 NETLOGON_GENERIC_INFO 

557class NETLOGON_GENERIC_INFO(NDRSTRUCT): 

558 structure = ( 

559 ('Identity', NETLOGON_LOGON_IDENTITY_INFO), 

560 ('PackageName', RPC_UNICODE_STRING), 

561 ('DataLength', ULONG), 

562 ('LogonData', PUCHAR_ARRAY), 

563 ) 

564 

565class PNETLOGON_GENERIC_INFO(NDRPOINTER): 

566 referent = ( 

567 ('Data', NETLOGON_GENERIC_INFO), 

568 ) 

569 

570# 2.2.1.4.3 NETLOGON_INTERACTIVE_INFO 

571class NETLOGON_INTERACTIVE_INFO(NDRSTRUCT): 

572 structure = ( 

573 ('Identity', NETLOGON_LOGON_IDENTITY_INFO), 

574 ('LmOwfPassword', LM_OWF_PASSWORD), 

575 ('NtOwfPassword', NT_OWF_PASSWORD), 

576 ) 

577 

578class PNETLOGON_INTERACTIVE_INFO(NDRPOINTER): 

579 referent = ( 

580 ('Data', NETLOGON_INTERACTIVE_INFO), 

581 ) 

582 

583# 2.2.1.4.4 NETLOGON_SERVICE_INFO 

584class NETLOGON_SERVICE_INFO(NDRSTRUCT): 

585 structure = ( 

586 ('Identity', NETLOGON_LOGON_IDENTITY_INFO), 

587 ('LmOwfPassword', LM_OWF_PASSWORD), 

588 ('NtOwfPassword', NT_OWF_PASSWORD), 

589 ) 

590 

591class PNETLOGON_SERVICE_INFO(NDRPOINTER): 

592 referent = ( 

593 ('Data', NETLOGON_SERVICE_INFO), 

594 ) 

595 

596# 2.2.1.4.5 NETLOGON_NETWORK_INFO 

597class NETLOGON_NETWORK_INFO(NDRSTRUCT): 

598 structure = ( 

599 ('Identity', NETLOGON_LOGON_IDENTITY_INFO), 

600 ('LmChallenge', LM_CHALLENGE), 

601 ('NtChallengeResponse', STRING), 

602 ('LmChallengeResponse', STRING), 

603 ) 

604 

605class PNETLOGON_NETWORK_INFO(NDRPOINTER): 

606 referent = ( 

607 ('Data', NETLOGON_NETWORK_INFO), 

608 ) 

609 

610# 2.2.1.4.16 NETLOGON_LOGON_INFO_CLASS 

611class NETLOGON_LOGON_INFO_CLASS(NDRENUM): 

612 class enumItems(Enum): 

613 NetlogonInteractiveInformation = 1 

614 NetlogonNetworkInformation = 2 

615 NetlogonServiceInformation = 3 

616 NetlogonGenericInformation = 4 

617 NetlogonInteractiveTransitiveInformation = 5 

618 NetlogonNetworkTransitiveInformation = 6 

619 NetlogonServiceTransitiveInformation = 7 

620 

621# 2.2.1.4.6 NETLOGON_LEVEL 

622class NETLOGON_LEVEL(NDRUNION): 

623 union = { 

624 NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveInformation : ('LogonInteractive', PNETLOGON_INTERACTIVE_INFO), 

625 NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveTransitiveInformation : ('LogonInteractiveTransitive', PNETLOGON_INTERACTIVE_INFO), 

626 NETLOGON_LOGON_INFO_CLASS.NetlogonServiceInformation : ('LogonService', PNETLOGON_SERVICE_INFO), 

627 NETLOGON_LOGON_INFO_CLASS.NetlogonServiceTransitiveInformation : ('LogonServiceTransitive', PNETLOGON_SERVICE_INFO), 

628 NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkInformation : ('LogonNetwork', PNETLOGON_NETWORK_INFO), 

629 NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkTransitiveInformation : ('LogonNetworkTransitive', PNETLOGON_NETWORK_INFO), 

630 NETLOGON_LOGON_INFO_CLASS.NetlogonGenericInformation : ('LogonGeneric', PNETLOGON_GENERIC_INFO), 

631 } 

632 

633# 2.2.1.4.7 NETLOGON_SID_AND_ATTRIBUTES 

634class NETLOGON_SID_AND_ATTRIBUTES(NDRSTRUCT): 

635 structure = ( 

636 ('Sid', PRPC_SID), 

637 ('Attributes', ULONG), 

638 ) 

639 

640# 2.2.1.4.8 NETLOGON_VALIDATION_GENERIC_INFO2 

641class NETLOGON_VALIDATION_GENERIC_INFO2(NDRSTRUCT): 

642 structure = ( 

643 ('DataLength', ULONG), 

644 ('ValidationData', PUCHAR_ARRAY), 

645 ) 

646 

647class PNETLOGON_VALIDATION_GENERIC_INFO2(NDRPOINTER): 

648 referent = ( 

649 ('Data', NETLOGON_VALIDATION_GENERIC_INFO2), 

650 ) 

651 

652# 2.2.1.4.9 USER_SESSION_KEY 

653USER_SESSION_KEY = LM_OWF_PASSWORD 

654 

655# 2.2.1.4.10 GROUP_MEMBERSHIP 

656class GROUP_MEMBERSHIP(NDRSTRUCT): 

657 structure = ( 

658 ('RelativeId', ULONG), 

659 ('Attributes', ULONG), 

660 ) 

661 

662class GROUP_MEMBERSHIP_ARRAY(NDRUniConformantArray): 

663 item = GROUP_MEMBERSHIP 

664 

665class PGROUP_MEMBERSHIP_ARRAY(NDRPOINTER): 

666 referent = ( 

667 ('Data', GROUP_MEMBERSHIP_ARRAY), 

668 ) 

669 

670# 2.2.1.4.11 NETLOGON_VALIDATION_SAM_INFO 

671class LONG_ARRAY(NDRUniFixedArray): 

672 def getDataLen(self, data, offset=0): 

673 return 4*10 

674 

675class NETLOGON_VALIDATION_SAM_INFO(NDRSTRUCT): 

676 structure = ( 

677 ('LogonTime', OLD_LARGE_INTEGER), 

678 ('LogoffTime', OLD_LARGE_INTEGER), 

679 ('KickOffTime', OLD_LARGE_INTEGER), 

680 ('PasswordLastSet', OLD_LARGE_INTEGER), 

681 ('PasswordCanChange', OLD_LARGE_INTEGER), 

682 ('PasswordMustChange', OLD_LARGE_INTEGER), 

683 ('EffectiveName', RPC_UNICODE_STRING), 

684 ('FullName', RPC_UNICODE_STRING), 

685 ('LogonScript', RPC_UNICODE_STRING), 

686 ('ProfilePath', RPC_UNICODE_STRING), 

687 ('HomeDirectory', RPC_UNICODE_STRING), 

688 ('HomeDirectoryDrive', RPC_UNICODE_STRING), 

689 ('LogonCount', USHORT), 

690 ('BadPasswordCount', USHORT), 

691 ('UserId', ULONG), 

692 ('PrimaryGroupId', ULONG), 

693 ('GroupCount', ULONG), 

694 ('GroupIds', PGROUP_MEMBERSHIP_ARRAY), 

695 ('UserFlags', ULONG), 

696 ('UserSessionKey', USER_SESSION_KEY), 

697 ('LogonServer', RPC_UNICODE_STRING), 

698 ('LogonDomainName', RPC_UNICODE_STRING), 

699 ('LogonDomainId', PRPC_SID), 

700 ('ExpansionRoom', LONG_ARRAY), 

701 ) 

702 

703class PNETLOGON_VALIDATION_SAM_INFO(NDRPOINTER): 

704 referent = ( 

705 ('Data', NETLOGON_VALIDATION_SAM_INFO), 

706 ) 

707 

708# 2.2.1.4.12 NETLOGON_VALIDATION_SAM_INFO2 

709class NETLOGON_SID_AND_ATTRIBUTES_ARRAY(NDRUniConformantArray): 

710 item = NETLOGON_SID_AND_ATTRIBUTES 

711 

712class PNETLOGON_SID_AND_ATTRIBUTES_ARRAY(NDRPOINTER): 

713 referent = ( 

714 ('Data', NETLOGON_SID_AND_ATTRIBUTES_ARRAY), 

715 ) 

716 

717class NETLOGON_VALIDATION_SAM_INFO2(NDRSTRUCT): 

718 structure = ( 

719 ('LogonTime', OLD_LARGE_INTEGER), 

720 ('LogoffTime', OLD_LARGE_INTEGER), 

721 ('KickOffTime', OLD_LARGE_INTEGER), 

722 ('PasswordLastSet', OLD_LARGE_INTEGER), 

723 ('PasswordCanChange', OLD_LARGE_INTEGER), 

724 ('PasswordMustChange', OLD_LARGE_INTEGER), 

725 ('EffectiveName', RPC_UNICODE_STRING), 

726 ('FullName', RPC_UNICODE_STRING), 

727 ('LogonScript', RPC_UNICODE_STRING), 

728 ('ProfilePath', RPC_UNICODE_STRING), 

729 ('HomeDirectory', RPC_UNICODE_STRING), 

730 ('HomeDirectoryDrive', RPC_UNICODE_STRING), 

731 ('LogonCount', USHORT), 

732 ('BadPasswordCount', USHORT), 

733 ('UserId', ULONG), 

734 ('PrimaryGroupId', ULONG), 

735 ('GroupCount', ULONG), 

736 ('GroupIds', PGROUP_MEMBERSHIP_ARRAY), 

737 ('UserFlags', ULONG), 

738 ('UserSessionKey', USER_SESSION_KEY), 

739 ('LogonServer', RPC_UNICODE_STRING), 

740 ('LogonDomainName', RPC_UNICODE_STRING), 

741 ('LogonDomainId', PRPC_SID), 

742 ('ExpansionRoom', LONG_ARRAY), 

743 ('SidCount', ULONG), 

744 ('ExtraSids', PNETLOGON_SID_AND_ATTRIBUTES_ARRAY), 

745 ) 

746 

747class PNETLOGON_VALIDATION_SAM_INFO2(NDRPOINTER): 

748 referent = ( 

749 ('Data', NETLOGON_VALIDATION_SAM_INFO2), 

750 ) 

751 

752# 2.2.1.4.13 NETLOGON_VALIDATION_SAM_INFO4 

753class NETLOGON_VALIDATION_SAM_INFO4(NDRSTRUCT): 

754 structure = ( 

755 ('LogonTime', OLD_LARGE_INTEGER), 

756 ('LogoffTime', OLD_LARGE_INTEGER), 

757 ('KickOffTime', OLD_LARGE_INTEGER), 

758 ('PasswordLastSet', OLD_LARGE_INTEGER), 

759 ('PasswordCanChange', OLD_LARGE_INTEGER), 

760 ('PasswordMustChange', OLD_LARGE_INTEGER), 

761 ('EffectiveName', RPC_UNICODE_STRING), 

762 ('FullName', RPC_UNICODE_STRING), 

763 ('LogonScript', RPC_UNICODE_STRING), 

764 ('ProfilePath', RPC_UNICODE_STRING), 

765 ('HomeDirectory', RPC_UNICODE_STRING), 

766 ('HomeDirectoryDrive', RPC_UNICODE_STRING), 

767 ('LogonCount', USHORT), 

768 ('BadPasswordCount', USHORT), 

769 ('UserId', ULONG), 

770 ('PrimaryGroupId', ULONG), 

771 ('GroupCount', ULONG), 

772 ('GroupIds', PGROUP_MEMBERSHIP_ARRAY), 

773 ('UserFlags', ULONG), 

774 ('UserSessionKey', USER_SESSION_KEY), 

775 ('LogonServer', RPC_UNICODE_STRING), 

776 ('LogonDomainName', RPC_UNICODE_STRING), 

777 ('LogonDomainId', PRPC_SID), 

778 

779 ('LMKey', CHAR_FIXED_8_ARRAY), 

780 ('UserAccountControl', ULONG), 

781 ('SubAuthStatus', ULONG), 

782 ('LastSuccessfulILogon', OLD_LARGE_INTEGER), 

783 ('LastFailedILogon', OLD_LARGE_INTEGER), 

784 ('FailedILogonCount', ULONG), 

785 ('Reserved4', ULONG), 

786 

787 ('SidCount', ULONG), 

788 ('ExtraSids', PNETLOGON_SID_AND_ATTRIBUTES_ARRAY), 

789 ('DnsLogonDomainName', RPC_UNICODE_STRING), 

790 ('Upn', RPC_UNICODE_STRING), 

791 ('ExpansionString1', RPC_UNICODE_STRING), 

792 ('ExpansionString2', RPC_UNICODE_STRING), 

793 ('ExpansionString3', RPC_UNICODE_STRING), 

794 ('ExpansionString4', RPC_UNICODE_STRING), 

795 ('ExpansionString5', RPC_UNICODE_STRING), 

796 ('ExpansionString6', RPC_UNICODE_STRING), 

797 ('ExpansionString7', RPC_UNICODE_STRING), 

798 ('ExpansionString8', RPC_UNICODE_STRING), 

799 ('ExpansionString9', RPC_UNICODE_STRING), 

800 ('ExpansionString10', RPC_UNICODE_STRING), 

801 ) 

802 

803class PNETLOGON_VALIDATION_SAM_INFO4(NDRPOINTER): 

804 referent = ( 

805 ('Data', NETLOGON_VALIDATION_SAM_INFO4), 

806 ) 

807 

808# 2.2.1.4.17 NETLOGON_VALIDATION_INFO_CLASS 

809class NETLOGON_VALIDATION_INFO_CLASS(NDRENUM): 

810 class enumItems(Enum): 

811 NetlogonValidationUasInfo = 1 

812 NetlogonValidationSamInfo = 2 

813 NetlogonValidationSamInfo2 = 3 

814 NetlogonValidationGenericInfo = 4 

815 NetlogonValidationGenericInfo2 = 5 

816 NetlogonValidationSamInfo4 = 6 

817 

818# 2.2.1.4.14 NETLOGON_VALIDATION 

819class NETLOGON_VALIDATION(NDRUNION): 

820 union = { 

821 NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo : ('ValidationSam', PNETLOGON_VALIDATION_SAM_INFO), 

822 NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo2 : ('ValidationSam2', PNETLOGON_VALIDATION_SAM_INFO2), 

823 NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationGenericInfo2: ('ValidationGeneric2', PNETLOGON_VALIDATION_GENERIC_INFO2), 

824 NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo4 : ('ValidationSam4', PNETLOGON_VALIDATION_SAM_INFO4), 

825 } 

826 

827# 2.2.1.5.2 NLPR_QUOTA_LIMITS 

828class NLPR_QUOTA_LIMITS(NDRSTRUCT): 

829 structure = ( 

830 ('PagedPoolLimit', ULONG), 

831 ('NonPagedPoolLimit', ULONG), 

832 ('MinimumWorkingSetSize', ULONG), 

833 ('MaximumWorkingSetSize', ULONG), 

834 ('PagefileLimit', ULONG), 

835 ('Reserved', OLD_LARGE_INTEGER), 

836 ) 

837 

838# 2.2.1.5.3 NETLOGON_DELTA_ACCOUNTS 

839class ULONG_ARRAY(NDRUniConformantArray): 

840 item = ULONG 

841 

842class PULONG_ARRAY(NDRPOINTER): 

843 referent = ( 

844 ('Data', ULONG_ARRAY), 

845 ) 

846 

847class NETLOGON_DELTA_ACCOUNTS(NDRSTRUCT): 

848 structure = ( 

849 ('PrivilegeEntries', ULONG), 

850 ('PrivilegeControl', ULONG), 

851 ('PrivilegeAttributes', PULONG_ARRAY), 

852 ('PrivilegeNames', PRPC_UNICODE_STRING_ARRAY), 

853 ('QuotaLimits', NLPR_QUOTA_LIMITS), 

854 ('SystemAccessFlags', ULONG), 

855 ('SecurityInformation', SECURITY_INFORMATION), 

856 ('SecuritySize', ULONG), 

857 ('SecurityDescriptor', PUCHAR_ARRAY), 

858 ('DummyString1', RPC_UNICODE_STRING), 

859 ('DummyString2', RPC_UNICODE_STRING), 

860 ('DummyString3', RPC_UNICODE_STRING), 

861 ('DummyString4', RPC_UNICODE_STRING), 

862 ('DummyLong1', ULONG), 

863 ('DummyLong2', ULONG), 

864 ('DummyLong3', ULONG), 

865 ('DummyLong4', ULONG), 

866 ) 

867 

868class PNETLOGON_DELTA_ACCOUNTS(NDRPOINTER): 

869 referent = ( 

870 ('Data', NETLOGON_DELTA_ACCOUNTS), 

871 ) 

872 

873# 2.2.1.5.5 NLPR_SID_INFORMATION 

874class NLPR_SID_INFORMATION(NDRSTRUCT): 

875 structure = ( 

876 ('SidPointer', PRPC_SID), 

877 ) 

878 

879# 2.2.1.5.6 NLPR_SID_ARRAY 

880class NLPR_SID_INFORMATION_ARRAY(NDRUniConformantArray): 

881 item = NLPR_SID_INFORMATION 

882 

883class PNLPR_SID_INFORMATION_ARRAY(NDRPOINTER): 

884 referent = ( 

885 ('Data', NLPR_SID_INFORMATION_ARRAY), 

886 ) 

887 

888class NLPR_SID_ARRAY(NDRSTRUCT): 

889 referent = ( 

890 ('Count', ULONG), 

891 ('Sids', PNLPR_SID_INFORMATION_ARRAY), 

892 ) 

893 

894# 2.2.1.5.7 NETLOGON_DELTA_ALIAS_MEMBER 

895class NETLOGON_DELTA_ALIAS_MEMBER(NDRSTRUCT): 

896 structure = ( 

897 ('Members', NLPR_SID_ARRAY), 

898 ('DummyLong1', ULONG), 

899 ('DummyLong2', ULONG), 

900 ('DummyLong3', ULONG), 

901 ('DummyLong4', ULONG), 

902 ) 

903 

904class PNETLOGON_DELTA_ALIAS_MEMBER(NDRPOINTER): 

905 referent = ( 

906 ('Data', NETLOGON_DELTA_ALIAS_MEMBER), 

907 ) 

908 

909# 2.2.1.5.8 NETLOGON_DELTA_DELETE_GROUP 

910class NETLOGON_DELTA_DELETE_GROUP(NDRSTRUCT): 

911 structure = ( 

912 ('AccountName', LPWSTR), 

913 ('DummyString1', RPC_UNICODE_STRING), 

914 ('DummyString2', RPC_UNICODE_STRING), 

915 ('DummyString3', RPC_UNICODE_STRING), 

916 ('DummyString4', RPC_UNICODE_STRING), 

917 ('DummyLong1', ULONG), 

918 ('DummyLong2', ULONG), 

919 ('DummyLong3', ULONG), 

920 ('DummyLong4', ULONG), 

921 ) 

922 

923class PNETLOGON_DELTA_DELETE_GROUP(NDRPOINTER): 

924 referent = ( 

925 ('Data', NETLOGON_DELTA_DELETE_GROUP), 

926 ) 

927 

928# 2.2.1.5.9 NETLOGON_DELTA_DELETE_USER 

929class NETLOGON_DELTA_DELETE_USER(NDRSTRUCT): 

930 structure = ( 

931 ('AccountName', LPWSTR), 

932 ('DummyString1', RPC_UNICODE_STRING), 

933 ('DummyString2', RPC_UNICODE_STRING), 

934 ('DummyString3', RPC_UNICODE_STRING), 

935 ('DummyString4', RPC_UNICODE_STRING), 

936 ('DummyLong1', ULONG), 

937 ('DummyLong2', ULONG), 

938 ('DummyLong3', ULONG), 

939 ('DummyLong4', ULONG), 

940 ) 

941 

942class PNETLOGON_DELTA_DELETE_USER(NDRPOINTER): 

943 referent = ( 

944 ('Data', NETLOGON_DELTA_DELETE_USER), 

945 ) 

946 

947# 2.2.1.5.10 NETLOGON_DELTA_DOMAIN 

948class NETLOGON_DELTA_DOMAIN(NDRSTRUCT): 

949 structure = ( 

950 ('DomainName', RPC_UNICODE_STRING), 

951 ('OemInformation', RPC_UNICODE_STRING), 

952 ('ForceLogoff', OLD_LARGE_INTEGER), 

953 ('MinPasswordLength', USHORT), 

954 ('PasswordHistoryLength', USHORT), 

955 ('MaxPasswordAge', OLD_LARGE_INTEGER), 

956 ('MinPasswordAge', OLD_LARGE_INTEGER), 

957 ('DomainModifiedCount', OLD_LARGE_INTEGER), 

958 ('DomainCreationTime', OLD_LARGE_INTEGER), 

959 ('SecurityInformation', SECURITY_INFORMATION), 

960 ('SecuritySize', ULONG), 

961 ('SecurityDescriptor', PUCHAR_ARRAY), 

962 ('DomainLockoutInformation', RPC_UNICODE_STRING), 

963 ('DummyString2', RPC_UNICODE_STRING), 

964 ('DummyString3', RPC_UNICODE_STRING), 

965 ('DummyString4', RPC_UNICODE_STRING), 

966 ('PasswordProperties', ULONG), 

967 ('DummyLong2', ULONG), 

968 ('DummyLong3', ULONG), 

969 ('DummyLong4', ULONG), 

970 ) 

971 

972class PNETLOGON_DELTA_DOMAIN(NDRPOINTER): 

973 referent = ( 

974 ('Data', NETLOGON_DELTA_DOMAIN), 

975 ) 

976 

977# 2.2.1.5.13 NETLOGON_DELTA_GROUP 

978class NETLOGON_DELTA_GROUP(NDRSTRUCT): 

979 structure = ( 

980 ('Name', RPC_UNICODE_STRING), 

981 ('RelativeId', ULONG), 

982 ('Attributes', ULONG), 

983 ('AdminComment', RPC_UNICODE_STRING), 

984 ('SecurityInformation', USHORT), 

985 ('SecuritySize', ULONG), 

986 ('SecurityDescriptor', SECURITY_INFORMATION), 

987 ('DummyString1', RPC_UNICODE_STRING), 

988 ('DummyString2', RPC_UNICODE_STRING), 

989 ('DummyString3', RPC_UNICODE_STRING), 

990 ('DummyString4', RPC_UNICODE_STRING), 

991 ('DummyLong1', ULONG), 

992 ('DummyLong2', ULONG), 

993 ('DummyLong3', ULONG), 

994 ('DummyLong4', ULONG), 

995 ) 

996 

997class PNETLOGON_DELTA_GROUP(NDRPOINTER): 

998 referent = ( 

999 ('Data', NETLOGON_DELTA_GROUP), 

1000 ) 

1001 

1002# 2.2.1.5.24 NETLOGON_RENAME_GROUP 

1003class NETLOGON_RENAME_GROUP(NDRSTRUCT): 

1004 structure = ( 

1005 ('OldName', RPC_UNICODE_STRING), 

1006 ('NewName', RPC_UNICODE_STRING), 

1007 ('DummyString1', RPC_UNICODE_STRING), 

1008 ('DummyString2', RPC_UNICODE_STRING), 

1009 ('DummyString3', RPC_UNICODE_STRING), 

1010 ('DummyString4', RPC_UNICODE_STRING), 

1011 ('DummyLong1', ULONG), 

1012 ('DummyLong2', ULONG), 

1013 ('DummyLong3', ULONG), 

1014 ('DummyLong4', ULONG), 

1015 ) 

1016 

1017class PNETLOGON_DELTA_RENAME_GROUP(NDRPOINTER): 

1018 referent = ( 

1019 ('Data', NETLOGON_RENAME_GROUP), 

1020 ) 

1021 

1022# 2.2.1.5.14 NLPR_LOGON_HOURS 

1023from impacket.dcerpc.v5.samr import SAMPR_LOGON_HOURS 

1024NLPR_LOGON_HOURS = SAMPR_LOGON_HOURS 

1025 

1026# 2.2.1.5.15 NLPR_USER_PRIVATE_INFO 

1027class NLPR_USER_PRIVATE_INFO(NDRSTRUCT): 

1028 structure = ( 

1029 ('SensitiveData', UCHAR), 

1030 ('DataLength', ULONG), 

1031 ('Data', PUCHAR_ARRAY), 

1032 ) 

1033 

1034# 2.2.1.5.16 NETLOGON_DELTA_USER 

1035class NETLOGON_DELTA_USER(NDRSTRUCT): 

1036 structure = ( 

1037 ('UserName', RPC_UNICODE_STRING), 

1038 ('FullName', RPC_UNICODE_STRING), 

1039 ('UserId', ULONG), 

1040 ('PrimaryGroupId', ULONG), 

1041 ('HomeDirectory', RPC_UNICODE_STRING), 

1042 ('HomeDirectoryDrive', RPC_UNICODE_STRING), 

1043 ('ScriptPath', RPC_UNICODE_STRING), 

1044 ('AdminComment', RPC_UNICODE_STRING), 

1045 ('WorkStations', RPC_UNICODE_STRING), 

1046 ('LastLogon', OLD_LARGE_INTEGER), 

1047 ('LastLogoff', OLD_LARGE_INTEGER), 

1048 ('LogonHours', NLPR_LOGON_HOURS), 

1049 ('BadPasswordCount', USHORT), 

1050 ('LogonCount', USHORT), 

1051 ('PasswordLastSet', OLD_LARGE_INTEGER), 

1052 ('AccountExpires', OLD_LARGE_INTEGER), 

1053 ('UserAccountControl', ULONG), 

1054 ('EncryptedNtOwfPassword', PUCHAR_ARRAY), 

1055 ('EncryptedLmOwfPassword', PUCHAR_ARRAY), 

1056 ('NtPasswordPresent', UCHAR), 

1057 ('LmPasswordPresent', UCHAR), 

1058 ('PasswordExpired', UCHAR), 

1059 ('UserComment', RPC_UNICODE_STRING), 

1060 ('Parameters', RPC_UNICODE_STRING), 

1061 ('CountryCode', USHORT), 

1062 ('CodePage', USHORT), 

1063 ('PrivateData', NLPR_USER_PRIVATE_INFO), 

1064 ('SecurityInformation', SECURITY_INFORMATION), 

1065 ('SecuritySize', ULONG), 

1066 ('SecurityDescriptor', PUCHAR_ARRAY), 

1067 ('ProfilePath', RPC_UNICODE_STRING), 

1068 ('DummyString2', RPC_UNICODE_STRING), 

1069 ('DummyString3', RPC_UNICODE_STRING), 

1070 ('DummyString4', RPC_UNICODE_STRING), 

1071 ('DummyLong1', ULONG), 

1072 ('DummyLong2', ULONG), 

1073 ('DummyLong3', ULONG), 

1074 ('DummyLong4', ULONG), 

1075 ) 

1076 

1077class PNETLOGON_DELTA_USER(NDRPOINTER): 

1078 referent = ( 

1079 ('Data', NETLOGON_DELTA_USER), 

1080 ) 

1081 

1082# 2.2.1.5.25 NETLOGON_RENAME_USER 

1083class NETLOGON_RENAME_USER(NDRSTRUCT): 

1084 structure = ( 

1085 ('OldName', RPC_UNICODE_STRING), 

1086 ('NewName', RPC_UNICODE_STRING), 

1087 ('DummyString1', RPC_UNICODE_STRING), 

1088 ('DummyString2', RPC_UNICODE_STRING), 

1089 ('DummyString3', RPC_UNICODE_STRING), 

1090 ('DummyString4', RPC_UNICODE_STRING), 

1091 ('DummyLong1', ULONG), 

1092 ('DummyLong2', ULONG), 

1093 ('DummyLong3', ULONG), 

1094 ('DummyLong4', ULONG), 

1095 ) 

1096 

1097class PNETLOGON_DELTA_RENAME_USER(NDRPOINTER): 

1098 referent = ( 

1099 ('Data', NETLOGON_RENAME_USER), 

1100 ) 

1101 

1102# 2.2.1.5.17 NETLOGON_DELTA_GROUP_MEMBER 

1103class NETLOGON_DELTA_GROUP_MEMBER(NDRSTRUCT): 

1104 structure = ( 

1105 ('Members', PULONG_ARRAY), 

1106 ('Attributes', PULONG_ARRAY), 

1107 ('MemberCount', ULONG), 

1108 ('DummyLong1', ULONG), 

1109 ('DummyLong2', ULONG), 

1110 ('DummyLong3', ULONG), 

1111 ('DummyLong4', ULONG), 

1112 ) 

1113 

1114class PNETLOGON_DELTA_GROUP_MEMBER(NDRPOINTER): 

1115 referent = ( 

1116 ('Data', NETLOGON_DELTA_GROUP_MEMBER), 

1117 ) 

1118 

1119# 2.2.1.5.4 NETLOGON_DELTA_ALIAS 

1120class NETLOGON_DELTA_ALIAS(NDRSTRUCT): 

1121 structure = ( 

1122 ('Name', RPC_UNICODE_STRING), 

1123 ('RelativeId', ULONG), 

1124 ('SecurityInformation', SECURITY_INFORMATION), 

1125 ('SecuritySize', ULONG), 

1126 ('SecurityDescriptor', PUCHAR_ARRAY), 

1127 ('Comment', RPC_UNICODE_STRING), 

1128 ('DummyString2', RPC_UNICODE_STRING), 

1129 ('DummyString3', RPC_UNICODE_STRING), 

1130 ('DummyString4', RPC_UNICODE_STRING), 

1131 ('DummyLong1', ULONG), 

1132 ('DummyLong2', ULONG), 

1133 ('DummyLong3', ULONG), 

1134 ('DummyLong4', ULONG), 

1135 ) 

1136 

1137class PNETLOGON_DELTA_ALIAS(NDRPOINTER): 

1138 referent = ( 

1139 ('Data', NETLOGON_DELTA_ALIAS), 

1140 ) 

1141 

1142# 2.2.1.5.23 NETLOGON_RENAME_ALIAS 

1143class NETLOGON_RENAME_ALIAS(NDRSTRUCT): 

1144 structure = ( 

1145 ('OldName', RPC_UNICODE_STRING), 

1146 ('NewName', RPC_UNICODE_STRING), 

1147 ('DummyString1', RPC_UNICODE_STRING), 

1148 ('DummyString2', RPC_UNICODE_STRING), 

1149 ('DummyString3', RPC_UNICODE_STRING), 

1150 ('DummyString4', RPC_UNICODE_STRING), 

1151 ('DummyLong1', ULONG), 

1152 ('DummyLong2', ULONG), 

1153 ('DummyLong3', ULONG), 

1154 ('DummyLong4', ULONG), 

1155 ) 

1156 

1157class PNETLOGON_DELTA_RENAME_ALIAS(NDRPOINTER): 

1158 referent = ( 

1159 ('Data', NETLOGON_RENAME_ALIAS), 

1160 ) 

1161 

1162# 2.2.1.5.19 NETLOGON_DELTA_POLICY 

1163class NETLOGON_DELTA_POLICY(NDRSTRUCT): 

1164 structure = ( 

1165 ('MaximumLogSize', ULONG), 

1166 ('AuditRetentionPeriod', OLD_LARGE_INTEGER), 

1167 ('AuditingMode', UCHAR), 

1168 ('MaximumAuditEventCount', ULONG), 

1169 ('EventAuditingOptions', PULONG_ARRAY), 

1170 ('PrimaryDomainName', RPC_UNICODE_STRING), 

1171 ('PrimaryDomainSid', PRPC_SID), 

1172 ('QuotaLimits', NLPR_QUOTA_LIMITS), 

1173 ('ModifiedId', OLD_LARGE_INTEGER), 

1174 ('DatabaseCreationTime', OLD_LARGE_INTEGER), 

1175 ('SecurityInformation', SECURITY_INFORMATION), 

1176 ('SecuritySize', ULONG), 

1177 ('SecurityDescriptor', PUCHAR_ARRAY), 

1178 ('DummyString1', RPC_UNICODE_STRING), 

1179 ('DummyString2', RPC_UNICODE_STRING), 

1180 ('DummyString3', RPC_UNICODE_STRING), 

1181 ('DummyString4', RPC_UNICODE_STRING), 

1182 ('DummyLong1', ULONG), 

1183 ('DummyLong2', ULONG), 

1184 ('DummyLong3', ULONG), 

1185 ('DummyLong4', ULONG), 

1186 ) 

1187 

1188class PNETLOGON_DELTA_POLICY(NDRPOINTER): 

1189 referent = ( 

1190 ('Data', NETLOGON_DELTA_POLICY), 

1191 ) 

1192 

1193# 2.2.1.5.22 NETLOGON_DELTA_TRUSTED_DOMAINS 

1194class NETLOGON_DELTA_TRUSTED_DOMAINS(NDRSTRUCT): 

1195 structure = ( 

1196 ('DomainName', RPC_UNICODE_STRING), 

1197 ('NumControllerEntries', ULONG), 

1198 ('ControllerNames', PRPC_UNICODE_STRING_ARRAY), 

1199 ('SecurityInformation', SECURITY_INFORMATION), 

1200 ('SecuritySize', ULONG), 

1201 ('SecurityDescriptor', PUCHAR_ARRAY), 

1202 ('DummyString1', RPC_UNICODE_STRING), 

1203 ('DummyString2', RPC_UNICODE_STRING), 

1204 ('DummyString3', RPC_UNICODE_STRING), 

1205 ('DummyString4', RPC_UNICODE_STRING), 

1206 ('DummyLong1', ULONG), 

1207 ('DummyLong2', ULONG), 

1208 ('DummyLong3', ULONG), 

1209 ('DummyLong4', ULONG), 

1210 ) 

1211 

1212class PNETLOGON_DELTA_TRUSTED_DOMAINS(NDRPOINTER): 

1213 referent = ( 

1214 ('Data', NETLOGON_DELTA_TRUSTED_DOMAINS), 

1215 ) 

1216 

1217# 2.2.1.5.20 NLPR_CR_CIPHER_VALUE 

1218class UCHAR_ARRAY2(NDRUniConformantVaryingArray): 

1219 item = UCHAR 

1220 

1221class PUCHAR_ARRAY2(NDRPOINTER): 

1222 referent = ( 

1223 ('Data', UCHAR_ARRAY2), 

1224 ) 

1225 

1226class NLPR_CR_CIPHER_VALUE(NDRSTRUCT): 

1227 structure = ( 

1228 ('Length', ULONG), 

1229 ('MaximumLength', ULONG), 

1230 ('Buffer', PUCHAR_ARRAY2), 

1231 ) 

1232 

1233# 2.2.1.5.21 NETLOGON_DELTA_SECRET 

1234class NETLOGON_DELTA_SECRET(NDRSTRUCT): 

1235 structure = ( 

1236 ('CurrentValue', NLPR_CR_CIPHER_VALUE), 

1237 ('CurrentValueSetTime', OLD_LARGE_INTEGER), 

1238 ('OldValue', NLPR_CR_CIPHER_VALUE), 

1239 ('OldValueSetTime', OLD_LARGE_INTEGER), 

1240 ('SecurityInformation', SECURITY_INFORMATION), 

1241 ('SecuritySize', ULONG), 

1242 ('SecurityDescriptor', PUCHAR_ARRAY), 

1243 ('DummyString1', RPC_UNICODE_STRING), 

1244 ('DummyString2', RPC_UNICODE_STRING), 

1245 ('DummyString3', RPC_UNICODE_STRING), 

1246 ('DummyString4', RPC_UNICODE_STRING), 

1247 ('DummyLong1', ULONG), 

1248 ('DummyLong2', ULONG), 

1249 ('DummyLong3', ULONG), 

1250 ('DummyLong4', ULONG), 

1251 ) 

1252 

1253class PNETLOGON_DELTA_SECRET(NDRPOINTER): 

1254 referent = ( 

1255 ('Data', NETLOGON_DELTA_SECRET), 

1256 ) 

1257 

1258# 2.2.1.5.26 NLPR_MODIFIED_COUNT 

1259class NLPR_MODIFIED_COUNT(NDRSTRUCT): 

1260 structure = ( 

1261 ('ModifiedCount', OLD_LARGE_INTEGER), 

1262 ) 

1263 

1264class PNLPR_MODIFIED_COUNT(NDRPOINTER): 

1265 referent = ( 

1266 ('Data', NLPR_MODIFIED_COUNT), 

1267 ) 

1268 

1269# 2.2.1.5.28 NETLOGON_DELTA_TYPE 

1270class NETLOGON_DELTA_TYPE(NDRENUM): 

1271 class enumItems(Enum): 

1272 AddOrChangeDomain = 1 

1273 AddOrChangeGroup = 2 

1274 DeleteGroup = 3 

1275 RenameGroup = 4 

1276 AddOrChangeUser = 5 

1277 DeleteUser = 6 

1278 RenameUser = 7 

1279 ChangeGroupMembership = 8 

1280 AddOrChangeAlias = 9 

1281 DeleteAlias = 10 

1282 RenameAlias = 11 

1283 ChangeAliasMembership = 12 

1284 AddOrChangeLsaPolicy = 13 

1285 AddOrChangeLsaTDomain = 14 

1286 DeleteLsaTDomain = 15 

1287 AddOrChangeLsaAccount = 16 

1288 DeleteLsaAccount = 17 

1289 AddOrChangeLsaSecret = 18 

1290 DeleteLsaSecret = 19 

1291 DeleteGroupByName = 20 

1292 DeleteUserByName = 21 

1293 SerialNumberSkip = 22 

1294 

1295# 2.2.1.5.27 NETLOGON_DELTA_UNION 

1296class NETLOGON_DELTA_UNION(NDRUNION): 

1297 union = { 

1298 NETLOGON_DELTA_TYPE.AddOrChangeDomain : ('DeltaDomain', PNETLOGON_DELTA_DOMAIN), 

1299 NETLOGON_DELTA_TYPE.AddOrChangeGroup : ('DeltaGroup', PNETLOGON_DELTA_GROUP), 

1300 NETLOGON_DELTA_TYPE.RenameGroup : ('DeltaRenameGroup', PNETLOGON_DELTA_RENAME_GROUP), 

1301 NETLOGON_DELTA_TYPE.AddOrChangeUser : ('DeltaUser', PNETLOGON_DELTA_USER), 

1302 NETLOGON_DELTA_TYPE.RenameUser : ('DeltaRenameUser', PNETLOGON_DELTA_RENAME_USER), 

1303 NETLOGON_DELTA_TYPE.ChangeGroupMembership : ('DeltaGroupMember', PNETLOGON_DELTA_GROUP_MEMBER), 

1304 NETLOGON_DELTA_TYPE.AddOrChangeAlias : ('DeltaAlias', PNETLOGON_DELTA_ALIAS), 

1305 NETLOGON_DELTA_TYPE.RenameAlias : ('DeltaRenameAlias', PNETLOGON_DELTA_RENAME_ALIAS), 

1306 NETLOGON_DELTA_TYPE.ChangeAliasMembership : ('DeltaAliasMember', PNETLOGON_DELTA_ALIAS_MEMBER), 

1307 NETLOGON_DELTA_TYPE.AddOrChangeLsaPolicy : ('DeltaPolicy', PNETLOGON_DELTA_POLICY), 

1308 NETLOGON_DELTA_TYPE.AddOrChangeLsaTDomain : ('DeltaTDomains', PNETLOGON_DELTA_TRUSTED_DOMAINS), 

1309 NETLOGON_DELTA_TYPE.AddOrChangeLsaAccount : ('DeltaAccounts', PNETLOGON_DELTA_ACCOUNTS), 

1310 NETLOGON_DELTA_TYPE.AddOrChangeLsaSecret : ('DeltaSecret', PNETLOGON_DELTA_SECRET), 

1311 NETLOGON_DELTA_TYPE.DeleteGroupByName : ('DeltaDeleteGroup', PNETLOGON_DELTA_DELETE_GROUP), 

1312 NETLOGON_DELTA_TYPE.DeleteUserByName : ('DeltaDeleteUser', PNETLOGON_DELTA_DELETE_USER), 

1313 NETLOGON_DELTA_TYPE.SerialNumberSkip : ('DeltaSerialNumberSkip', PNLPR_MODIFIED_COUNT), 

1314 } 

1315 

1316# 2.2.1.5.18 NETLOGON_DELTA_ID_UNION 

1317class NETLOGON_DELTA_ID_UNION(NDRUNION): 

1318 union = { 

1319 NETLOGON_DELTA_TYPE.AddOrChangeDomain : ('Rid', ULONG), 

1320 NETLOGON_DELTA_TYPE.AddOrChangeGroup : ('Rid', ULONG), 

1321 NETLOGON_DELTA_TYPE.DeleteGroup : ('Rid', ULONG), 

1322 NETLOGON_DELTA_TYPE.RenameGroup : ('Rid', ULONG), 

1323 NETLOGON_DELTA_TYPE.AddOrChangeUser : ('Rid', ULONG), 

1324 NETLOGON_DELTA_TYPE.DeleteUser : ('Rid', ULONG), 

1325 NETLOGON_DELTA_TYPE.RenameUser : ('Rid', ULONG), 

1326 NETLOGON_DELTA_TYPE.ChangeGroupMembership : ('Rid', ULONG), 

1327 NETLOGON_DELTA_TYPE.AddOrChangeAlias : ('Rid', ULONG), 

1328 NETLOGON_DELTA_TYPE.DeleteAlias : ('Rid', ULONG), 

1329 NETLOGON_DELTA_TYPE.RenameAlias : ('Rid', ULONG), 

1330 NETLOGON_DELTA_TYPE.ChangeAliasMembership : ('Rid', ULONG), 

1331 NETLOGON_DELTA_TYPE.DeleteGroupByName : ('Rid', ULONG), 

1332 NETLOGON_DELTA_TYPE.DeleteUserByName : ('Rid', ULONG), 

1333 NETLOGON_DELTA_TYPE.AddOrChangeLsaPolicy : ('Sid', PRPC_SID), 

1334 NETLOGON_DELTA_TYPE.AddOrChangeLsaTDomain : ('Sid', PRPC_SID), 

1335 NETLOGON_DELTA_TYPE.DeleteLsaTDomain : ('Sid', PRPC_SID), 

1336 NETLOGON_DELTA_TYPE.AddOrChangeLsaAccount : ('Sid', PRPC_SID), 

1337 NETLOGON_DELTA_TYPE.DeleteLsaAccount : ('Sid', PRPC_SID), 

1338 NETLOGON_DELTA_TYPE.AddOrChangeLsaSecret : ('Name', LPWSTR), 

1339 NETLOGON_DELTA_TYPE.DeleteLsaSecret : ('Name', LPWSTR), 

1340 } 

1341 

1342# 2.2.1.5.11 NETLOGON_DELTA_ENUM 

1343class NETLOGON_DELTA_ENUM(NDRSTRUCT): 

1344 structure = ( 

1345 ('DeltaType', NETLOGON_DELTA_TYPE), 

1346 ('DeltaID', NETLOGON_DELTA_ID_UNION), 

1347 ('DeltaUnion', NETLOGON_DELTA_UNION), 

1348 ) 

1349 

1350# 2.2.1.5.12 NETLOGON_DELTA_ENUM_ARRAY 

1351class NETLOGON_DELTA_ENUM_ARRAY_ARRAY(NDRUniConformantArray): 

1352 item = NETLOGON_DELTA_ENUM 

1353 

1354class PNETLOGON_DELTA_ENUM_ARRAY_ARRAY(NDRSTRUCT): 

1355 referent = ( 

1356 ('Data', NETLOGON_DELTA_ENUM_ARRAY_ARRAY), 

1357 ) 

1358 

1359class PNETLOGON_DELTA_ENUM_ARRAY(NDRPOINTER): 

1360 structure = ( 

1361 ('CountReturned', DWORD), 

1362 ('Deltas', PNETLOGON_DELTA_ENUM_ARRAY_ARRAY), 

1363 ) 

1364 

1365# 2.2.1.5.29 SYNC_STATE 

1366class SYNC_STATE(NDRENUM): 

1367 class enumItems(Enum): 

1368 NormalState = 0 

1369 DomainState = 1 

1370 GroupState = 2 

1371 UasBuiltInGroupState = 3 

1372 UserState = 4 

1373 GroupMemberState = 5 

1374 AliasState = 6 

1375 AliasMemberState = 7 

1376 SamDoneState = 8 

1377 

1378# 2.2.1.6.1 DOMAIN_NAME_BUFFER 

1379class DOMAIN_NAME_BUFFER(NDRSTRUCT): 

1380 structure = ( 

1381 ('DomainNameByteCount', ULONG), 

1382 ('DomainNames', PUCHAR_ARRAY), 

1383 ) 

1384 

1385# 2.2.1.6.2 DS_DOMAIN_TRUSTSW 

1386class DS_DOMAIN_TRUSTSW(NDRSTRUCT): 

1387 structure = ( 

1388 ('NetbiosDomainName', LPWSTR), 

1389 ('DnsDomainName', LPWSTR), 

1390 ('Flags', ULONG), 

1391 ('ParentIndex', ULONG), 

1392 ('TrustType', ULONG), 

1393 ('TrustAttributes', ULONG), 

1394 ('DomainSid', PRPC_SID), 

1395 ('DomainGuid', GUID), 

1396 ) 

1397 

1398# 2.2.1.6.3 NETLOGON_TRUSTED_DOMAIN_ARRAY 

1399class DS_DOMAIN_TRUSTSW_ARRAY(NDRUniConformantArray): 

1400 item = DS_DOMAIN_TRUSTSW 

1401 

1402class PDS_DOMAIN_TRUSTSW_ARRAY(NDRPOINTER): 

1403 referent = ( 

1404 ('Data', DS_DOMAIN_TRUSTSW_ARRAY), 

1405 ) 

1406 

1407class NETLOGON_TRUSTED_DOMAIN_ARRAY(NDRSTRUCT): 

1408 structure = ( 

1409 ('DomainCount', DWORD), 

1410 ('Domains', PDS_DOMAIN_TRUSTSW_ARRAY), 

1411 ) 

1412 

1413# 2.2.1.6.4 NL_GENERIC_RPC_DATA 

1414class NL_GENERIC_RPC_DATA(NDRSTRUCT): 

1415 structure = ( 

1416 ('UlongEntryCount', ULONG), 

1417 ('UlongData', PULONG_ARRAY), 

1418 ('UnicodeStringEntryCount', ULONG), 

1419 ('UnicodeStringData', PRPC_UNICODE_STRING_ARRAY), 

1420 ) 

1421 

1422class PNL_GENERIC_RPC_DATA(NDRPOINTER): 

1423 referent = ( 

1424 ('Data', NL_GENERIC_RPC_DATA), 

1425 ) 

1426 

1427# 2.2.1.7.1 NETLOGON_CONTROL_DATA_INFORMATION 

1428class NETLOGON_CONTROL_DATA_INFORMATION(NDRUNION): 

1429 commonHdr = ( 

1430 ('tag', DWORD), 

1431 ) 

1432 

1433 union = { 

1434 5 : ('TrustedDomainName', LPWSTR), 

1435 6 : ('TrustedDomainName', LPWSTR), 

1436 9 : ('TrustedDomainName', LPWSTR), 

1437 10 : ('TrustedDomainName', LPWSTR), 

1438 65534 : ('DebugFlag', DWORD), 

1439 8: ('UserName', LPWSTR), 

1440 } 

1441 

1442# 2.2.1.7.2 NETLOGON_INFO_1 

1443class NETLOGON_INFO_1(NDRSTRUCT): 

1444 structure = ( 

1445 ('netlog1_flags', DWORD), 

1446 ('netlog1_pdc_connection_status', NET_API_STATUS), 

1447 ) 

1448 

1449class PNETLOGON_INFO_1(NDRPOINTER): 

1450 referent = ( 

1451 ('Data', NETLOGON_INFO_1), 

1452 ) 

1453 

1454# 2.2.1.7.3 NETLOGON_INFO_2 

1455class NETLOGON_INFO_2(NDRSTRUCT): 

1456 structure = ( 

1457 ('netlog2_flags', DWORD), 

1458 ('netlog2_pdc_connection_status', NET_API_STATUS), 

1459 ('netlog2_trusted_dc_name', LPWSTR), 

1460 ('netlog2_tc_connection_status', NET_API_STATUS), 

1461 ) 

1462 

1463class PNETLOGON_INFO_2(NDRPOINTER): 

1464 referent = ( 

1465 ('Data', NETLOGON_INFO_2), 

1466 ) 

1467 

1468# 2.2.1.7.4 NETLOGON_INFO_3 

1469class NETLOGON_INFO_3(NDRSTRUCT): 

1470 structure = ( 

1471 ('netlog3_flags', DWORD), 

1472 ('netlog3_logon_attempts', DWORD), 

1473 ('netlog3_reserved1', DWORD), 

1474 ('netlog3_reserved2', DWORD), 

1475 ('netlog3_reserved3', DWORD), 

1476 ('netlog3_reserved4', DWORD), 

1477 ('netlog3_reserved5', DWORD), 

1478 ) 

1479 

1480class PNETLOGON_INFO_3(NDRPOINTER): 

1481 referent = ( 

1482 ('Data', NETLOGON_INFO_3), 

1483 ) 

1484 

1485# 2.2.1.7.5 NETLOGON_INFO_4 

1486class NETLOGON_INFO_4(NDRSTRUCT): 

1487 structure = ( 

1488 ('netlog4_trusted_dc_name', LPWSTR), 

1489 ('netlog4_trusted_domain_name', LPWSTR), 

1490 ) 

1491 

1492class PNETLOGON_INFO_4(NDRPOINTER): 

1493 referent = ( 

1494 ('Data', NETLOGON_INFO_4), 

1495 ) 

1496 

1497# 2.2.1.7.6 NETLOGON_CONTROL_QUERY_INFORMATION 

1498class NETLOGON_CONTROL_QUERY_INFORMATION(NDRUNION): 

1499 commonHdr = ( 

1500 ('tag', DWORD), 

1501 ) 

1502 

1503 union = { 

1504 1 : ('NetlogonInfo1', PNETLOGON_INFO_1), 

1505 2 : ('NetlogonInfo2', PNETLOGON_INFO_2), 

1506 3 : ('NetlogonInfo3', PNETLOGON_INFO_3), 

1507 4 : ('NetlogonInfo4', PNETLOGON_INFO_4), 

1508 } 

1509 

1510# 2.2.1.8.1 NETLOGON_VALIDATION_UAS_INFO 

1511class NETLOGON_VALIDATION_UAS_INFO(NDRSTRUCT): 

1512 structure = ( 

1513 ('usrlog1_eff_name', DWORD), 

1514 ('usrlog1_priv', DWORD), 

1515 ('usrlog1_auth_flags', DWORD), 

1516 ('usrlog1_num_logons', DWORD), 

1517 ('usrlog1_bad_pw_count', DWORD), 

1518 ('usrlog1_last_logon', DWORD), 

1519 ('usrlog1_last_logoff', DWORD), 

1520 ('usrlog1_logoff_time', DWORD), 

1521 ('usrlog1_kickoff_time', DWORD), 

1522 ('usrlog1_password_age', DWORD), 

1523 ('usrlog1_pw_can_change', DWORD), 

1524 ('usrlog1_pw_must_change', DWORD), 

1525 ('usrlog1_computer', LPWSTR), 

1526 ('usrlog1_domain', LPWSTR), 

1527 ('usrlog1_script_path', LPWSTR), 

1528 ('usrlog1_reserved1', DWORD), 

1529 ) 

1530 

1531class PNETLOGON_VALIDATION_UAS_INFO(NDRPOINTER): 

1532 referent = ( 

1533 ('Data', NETLOGON_VALIDATION_UAS_INFO), 

1534 ) 

1535 

1536# 2.2.1.8.2 NETLOGON_LOGOFF_UAS_INFO 

1537class NETLOGON_LOGOFF_UAS_INFO(NDRSTRUCT): 

1538 structure = ( 

1539 ('Duration', DWORD), 

1540 ('LogonCount', USHORT), 

1541 ) 

1542 

1543# 2.2.1.8.3 UAS_INFO_0 

1544class UAS_INFO_0(NDRSTRUCT): 

1545 structure = ( 

1546 ('ComputerName', '16s=""'), 

1547 ('TimeCreated', ULONG), 

1548 ('SerialNumber', ULONG), 

1549 ) 

1550 def getAlignment(self): 

1551 return 4 

1552 

1553# 2.2.1.8.4 NETLOGON_DUMMY1 

1554class NETLOGON_DUMMY1(NDRUNION): 

1555 commonHdr = ( 

1556 ('tag', DWORD), 

1557 ) 

1558 

1559 union = { 

1560 1 : ('Dummy', ULONG), 

1561 } 

1562 

1563# 3.5.4.8.2 NetrLogonComputeServerDigest (Opnum 24) 

1564class CHAR_FIXED_16_ARRAY(NDRUniFixedArray): 

1565 def getDataLen(self, data, offset=0): 

1566 return 16 

1567 

1568 

1569################################################################################ 

1570# SSPI 

1571################################################################################ 

1572# Constants 

1573NL_AUTH_MESSAGE_NETBIOS_DOMAIN = 0x1 

1574NL_AUTH_MESSAGE_NETBIOS_HOST = 0x2 

1575NL_AUTH_MESSAGE_DNS_DOMAIN = 0x4 

1576NL_AUTH_MESSAGE_DNS_HOST = 0x8 

1577NL_AUTH_MESSAGE_NETBIOS_HOST_UTF8 = 0x10 

1578 

1579NL_AUTH_MESSAGE_REQUEST = 0x0 

1580NL_AUTH_MESSAGE_RESPONSE = 0x1 

1581 

1582NL_SIGNATURE_HMAC_MD5 = 0x77 

1583NL_SIGNATURE_HMAC_SHA256 = 0x13 

1584NL_SEAL_NOT_ENCRYPTED = 0xffff 

1585NL_SEAL_RC4 = 0x7A 

1586NL_SEAL_AES128 = 0x1A 

1587 

1588# Structures 

1589class NL_AUTH_MESSAGE(Structure): 

1590 structure = ( 

1591 ('MessageType','<L=0'), 

1592 ('Flags','<L=0'), 

1593 ('Buffer',':'), 

1594 ) 

1595 def __init__(self, data = None, alignment = 0): 

1596 Structure.__init__(self, data, alignment) 

1597 if data is None: 

1598 self['Buffer'] = b'\x00'*4 

1599 

1600class NL_AUTH_SIGNATURE(Structure): 

1601 structure = ( 

1602 ('SignatureAlgorithm','<H=0'), 

1603 ('SealAlgorithm','<H=0'), 

1604 ('Pad','<H=0xffff'), 

1605 ('Flags','<H=0'), 

1606 ('SequenceNumber','8s=""'), 

1607 ('Checksum','8s=""'), 

1608 ('_Confounder','_-Confounder','8'), 

1609 ('Confounder',':'), 

1610 ) 

1611 def __init__(self, data = None, alignment = 0): 

1612 Structure.__init__(self, data, alignment) 

1613 if data is None: 

1614 self['Confounder'] = '' 

1615 

1616class NL_AUTH_SHA2_SIGNATURE(Structure): 

1617 structure = ( 

1618 ('SignatureAlgorithm','<H=0'), 

1619 ('SealAlgorithm','<H=0'), 

1620 ('Pad','<H=0xffff'), 

1621 ('Flags','<H=0'), 

1622 ('SequenceNumber','8s=""'), 

1623 ('Checksum','32s=""'), 

1624 ('_Confounder','_-Confounder','8'), 

1625 ('Confounder',':'), 

1626 ) 

1627 def __init__(self, data = None, alignment = 0): 

1628 Structure.__init__(self, data, alignment) 

1629 if data is None: 

1630 self['Confounder'] = '' 

1631 

1632# Section 3.1.4.4.2 

1633def ComputeNetlogonCredential(inputData, Sk): 

1634 k1 = Sk[:7] 

1635 k3 = crypto.transformKey(k1) 

1636 k2 = Sk[7:14] 

1637 k4 = crypto.transformKey(k2) 

1638 Crypt1 = DES.new(k3, DES.MODE_ECB) 

1639 Crypt2 = DES.new(k4, DES.MODE_ECB) 

1640 cipherText = Crypt1.encrypt(inputData) 

1641 return Crypt2.encrypt(cipherText) 

1642 

1643# Section 3.1.4.4.1 

1644def ComputeNetlogonCredentialAES(inputData, Sk): 

1645 IV=b'\x00'*16 

1646 Crypt1 = AES.new(Sk, AES.MODE_CFB, IV) 

1647 return Crypt1.encrypt(inputData) 

1648 

1649# Section 3.1.4.3.1 

1650def ComputeSessionKeyAES(sharedSecret, clientChallenge, serverChallenge, sharedSecretHash = None): 

1651 # added the ability to receive hashes already 

1652 if sharedSecretHash is None: 

1653 M4SS = ntlm.NTOWFv1(sharedSecret) 

1654 else: 

1655 M4SS = sharedSecretHash 

1656 

1657 hm = hmac.new(key=M4SS, digestmod=hashlib.sha256) 

1658 hm.update(clientChallenge) 

1659 hm.update(serverChallenge) 

1660 sessionKey = hm.digest() 

1661 

1662 return sessionKey[:16] 

1663 

1664# 3.1.4.3.2 Strong-key Session-Key 

1665def ComputeSessionKeyStrongKey(sharedSecret, clientChallenge, serverChallenge, sharedSecretHash = None): 

1666 # added the ability to receive hashes already 

1667 

1668 if sharedSecretHash is None: 1668 ↛ 1669line 1668 didn't jump to line 1669, because the condition on line 1668 was never true

1669 M4SS = ntlm.NTOWFv1(sharedSecret) 

1670 else: 

1671 M4SS = sharedSecretHash 

1672 

1673 md5 = hashlib.new('md5') 

1674 md5.update(b'\x00'*4) 

1675 md5.update(clientChallenge) 

1676 md5.update(serverChallenge) 

1677 finalMD5 = md5.digest() 

1678 hm = hmac.new(M4SS, digestmod=hashlib.md5) 

1679 hm.update(finalMD5) 

1680 return hm.digest() 

1681 

1682def deriveSequenceNumber(sequenceNum): 

1683 sequenceLow = sequenceNum & 0xffffffff 

1684 sequenceHigh = (sequenceNum >> 32) & 0xffffffff 

1685 sequenceHigh |= 0x80000000 

1686 

1687 res = pack('>L', sequenceLow) 

1688 res += pack('>L', sequenceHigh) 

1689 return res 

1690 

1691def ComputeNetlogonSignatureAES(authSignature, message, confounder, sessionKey): 

1692 # [MS-NRPC] Section 3.3.4.2.1, point 7 

1693 hm = hmac.new(key=sessionKey, digestmod=hashlib.sha256) 

1694 hm.update(authSignature.getData()[:8]) 

1695 # If no confidentiality requested, it should be '' 

1696 hm.update(confounder) 

1697 hm.update(bytes(message)) 

1698 return hm.digest()[:8]+'\x00'*24 

1699 

1700def ComputeNetlogonSignatureMD5(authSignature, message, confounder, sessionKey): 

1701 # [MS-NRPC] Section 3.3.4.2.1, point 7 

1702 md5 = hashlib.new('md5') 

1703 md5.update(b'\x00'*4) 

1704 md5.update(authSignature.getData()[:8]) 

1705 # If no confidentiality requested, it should be '' 

1706 md5.update(confounder) 

1707 md5.update(bytes(message)) 

1708 finalMD5 = md5.digest() 

1709 hm = hmac.new(sessionKey, digestmod=hashlib.md5) 

1710 hm.update(finalMD5) 

1711 return hm.digest()[:8] 

1712 

1713def encryptSequenceNumberRC4(sequenceNum, checkSum, sessionKey): 

1714 # [MS-NRPC] Section 3.3.4.2.1, point 9 

1715 

1716 hm = hmac.new(sessionKey, digestmod=hashlib.md5) 

1717 hm.update(b'\x00'*4) 

1718 hm2 = hmac.new(hm.digest(), digestmod=hashlib.md5) 

1719 hm2.update(checkSum) 

1720 encryptionKey = hm2.digest() 

1721 

1722 cipher = ARC4.new(encryptionKey) 

1723 return cipher.encrypt(sequenceNum) 

1724 

1725def decryptSequenceNumberRC4(sequenceNum, checkSum, sessionKey): 

1726 # [MS-NRPC] Section 3.3.4.2.2, point 5 

1727 

1728 return encryptSequenceNumberRC4(sequenceNum, checkSum, sessionKey) 

1729 

1730def encryptSequenceNumberAES(sequenceNum, checkSum, sessionKey): 

1731 # [MS-NRPC] Section 3.3.4.2.1, point 9 

1732 IV = checkSum[:8] + checkSum[:8] 

1733 Cipher = AES.new(sessionKey, AES.MODE_CFB, IV) 

1734 return Cipher.encrypt(sequenceNum) 

1735 

1736def decryptSequenceNumberAES(sequenceNum, checkSum, sessionKey): 

1737 # [MS-NRPC] Section 3.3.4.2.1, point 9 

1738 IV = checkSum[:8] + checkSum[:8] 

1739 Cipher = AES.new(sessionKey, AES.MODE_CFB, IV) 

1740 return Cipher.decrypt(sequenceNum) 

1741 

1742def SIGN(data, confounder, sequenceNum, key, aes = False): 

1743 if aes is False: 

1744 signature = NL_AUTH_SIGNATURE() 

1745 signature['SignatureAlgorithm'] = NL_SIGNATURE_HMAC_MD5 

1746 if confounder == '': 

1747 signature['SealAlgorithm'] = NL_SEAL_NOT_ENCRYPTED 

1748 else: 

1749 signature['SealAlgorithm'] = NL_SEAL_RC4 

1750 signature['Checksum'] = ComputeNetlogonSignatureMD5(signature, data, confounder, key) 

1751 signature['SequenceNumber'] = encryptSequenceNumberRC4(deriveSequenceNumber(sequenceNum), signature['Checksum'], key) 

1752 return signature 

1753 else: 

1754 signature = NL_AUTH_SIGNATURE() 

1755 signature['SignatureAlgorithm'] = NL_SIGNATURE_HMAC_SHA256 

1756 if confounder == '': 

1757 signature['SealAlgorithm'] = NL_SEAL_NOT_ENCRYPTED 

1758 else: 

1759 signature['SealAlgorithm'] = NL_SEAL_AES128 

1760 signature['Checksum'] = ComputeNetlogonSignatureAES(signature, data, confounder, key) 

1761 signature['SequenceNumber'] = encryptSequenceNumberAES(deriveSequenceNumber(sequenceNum), signature['Checksum'], key) 

1762 return signature 

1763 

1764def SEAL(data, confounder, sequenceNum, key, aes = False): 

1765 signature = SIGN(data, confounder, sequenceNum, key, aes) 

1766 sequenceNum = deriveSequenceNumber(sequenceNum) 

1767 

1768 XorKey = bytearray(key) 

1769 for i in range(len(XorKey)): 

1770 XorKey[i] = XorKey[i] ^ 0xf0 

1771 

1772 XorKey = bytes(XorKey) 

1773 

1774 if aes is False: 

1775 hm = hmac.new(XorKey, digestmod=hashlib.md5) 

1776 hm.update(b'\x00'*4) 

1777 hm2 = hmac.new(hm.digest(), digestmod=hashlib.md5) 

1778 hm2.update(sequenceNum) 

1779 encryptionKey = hm2.digest() 

1780 

1781 cipher = ARC4.new(encryptionKey) 

1782 cfounder = cipher.encrypt(confounder) 

1783 cipher = ARC4.new(encryptionKey) 

1784 encrypted = cipher.encrypt(data) 

1785 

1786 signature['Confounder'] = cfounder 

1787 

1788 return encrypted, signature 

1789 else: 

1790 IV = sequenceNum + sequenceNum 

1791 cipher = AES.new(XorKey, AES.MODE_CFB, IV) 

1792 cfounder = cipher.encrypt(confounder) 

1793 encrypted = cipher.encrypt(data) 

1794 

1795 signature['Confounder'] = cfounder 

1796 

1797 return encrypted, signature 

1798 

1799def UNSEAL(data, auth_data, key, aes = False): 

1800 auth_data = NL_AUTH_SIGNATURE(auth_data) 

1801 XorKey = bytearray(key) 

1802 for i in range(len(XorKey)): 

1803 XorKey[i] = XorKey[i] ^ 0xf0 

1804 

1805 XorKey = bytes(XorKey) 

1806 

1807 if aes is False: 

1808 sequenceNum = decryptSequenceNumberRC4(auth_data['SequenceNumber'], auth_data['Checksum'], key) 

1809 hm = hmac.new(XorKey, digestmod=hashlib.md5) 

1810 hm.update(b'\x00'*4) 

1811 hm2 = hmac.new(hm.digest(), digestmod=hashlib.md5) 

1812 hm2.update(sequenceNum) 

1813 encryptionKey = hm2.digest() 

1814 

1815 cipher = ARC4.new(encryptionKey) 

1816 cfounder = cipher.encrypt(auth_data['Confounder']) 

1817 cipher = ARC4.new(encryptionKey) 

1818 plain = cipher.encrypt(data) 

1819 

1820 return plain, cfounder 

1821 else: 

1822 sequenceNum = decryptSequenceNumberAES(auth_data['SequenceNumber'], auth_data['Checksum'], key) 

1823 IV = sequenceNum + sequenceNum 

1824 cipher = AES.new(XorKey, AES.MODE_CFB, IV) 

1825 cfounder = cipher.decrypt(auth_data['Confounder']) 

1826 plain = cipher.decrypt(data) 

1827 return plain, cfounder 

1828 

1829 

1830def getSSPType1(workstation='', domain='', signingRequired=False): 

1831 auth = NL_AUTH_MESSAGE() 

1832 auth['Flags'] = 0 

1833 auth['Buffer'] = b'' 

1834 auth['Flags'] |= NL_AUTH_MESSAGE_NETBIOS_DOMAIN 

1835 if domain != '': 

1836 auth['Buffer'] = auth['Buffer'] + b(domain) + b'\x00' 

1837 else: 

1838 auth['Buffer'] += b'WORKGROUP\x00' 

1839 

1840 auth['Flags'] |= NL_AUTH_MESSAGE_NETBIOS_HOST 

1841 

1842 if workstation != '': 

1843 auth['Buffer'] = auth['Buffer'] + b(workstation) + b'\x00' 

1844 else: 

1845 auth['Buffer'] += b'MYHOST\x00' 

1846 

1847 auth['Flags'] |= NL_AUTH_MESSAGE_NETBIOS_HOST_UTF8 

1848 

1849 if workstation != '': 

1850 auth['Buffer'] += pack('<B',len(workstation)) + b(workstation) + b'\x00' 

1851 else: 

1852 auth['Buffer'] += b'\x06MYHOST\x00' 

1853 

1854 return auth 

1855 

1856################################################################################ 

1857# RPC CALLS 

1858################################################################################ 

1859# 3.5.4.3.1 DsrGetDcNameEx2 (Opnum 34) 

1860class DsrGetDcNameEx2(NDRCALL): 

1861 opnum = 34 

1862 structure = ( 

1863 ('ComputerName',PLOGONSRV_HANDLE), 

1864 ('AccountName', LPWSTR), 

1865 ('AllowableAccountControlBits', ULONG), 

1866 ('DomainName',LPWSTR), 

1867 ('DomainGuid',PGUID), 

1868 ('SiteName',LPWSTR), 

1869 ('Flags',ULONG), 

1870 ) 

1871 

1872class DsrGetDcNameEx2Response(NDRCALL): 

1873 structure = ( 

1874 ('DomainControllerInfo',PDOMAIN_CONTROLLER_INFOW), 

1875 ('ErrorCode',NET_API_STATUS), 

1876 ) 

1877 

1878# 3.5.4.3.2 DsrGetDcNameEx (Opnum 27) 

1879class DsrGetDcNameEx(NDRCALL): 

1880 opnum = 27 

1881 structure = ( 

1882 ('ComputerName',PLOGONSRV_HANDLE), 

1883 ('DomainName',LPWSTR), 

1884 ('DomainGuid',PGUID), 

1885 ('SiteName',LPWSTR), 

1886 ('Flags',ULONG), 

1887 ) 

1888 

1889class DsrGetDcNameExResponse(NDRCALL): 

1890 structure = ( 

1891 ('DomainControllerInfo',PDOMAIN_CONTROLLER_INFOW), 

1892 ('ErrorCode',NET_API_STATUS), 

1893 ) 

1894 

1895# 3.5.4.3.3 DsrGetDcName (Opnum 20) 

1896class DsrGetDcName(NDRCALL): 

1897 opnum = 20 

1898 structure = ( 

1899 ('ComputerName',PLOGONSRV_HANDLE), 

1900 ('DomainName',LPWSTR), 

1901 ('DomainGuid',PGUID), 

1902 ('SiteGuid',PGUID), 

1903 ('Flags',ULONG), 

1904 ) 

1905 

1906class DsrGetDcNameResponse(NDRCALL): 

1907 structure = ( 

1908 ('DomainControllerInfo',PDOMAIN_CONTROLLER_INFOW), 

1909 ('ErrorCode',NET_API_STATUS), 

1910 ) 

1911 

1912# 3.5.4.3.4 NetrGetDCName (Opnum 11) 

1913class NetrGetDCName(NDRCALL): 

1914 opnum = 11 

1915 structure = ( 

1916 ('ServerName',LOGONSRV_HANDLE), 

1917 ('DomainName',LPWSTR), 

1918 ) 

1919 

1920class NetrGetDCNameResponse(NDRCALL): 

1921 structure = ( 

1922 ('Buffer',LPWSTR), 

1923 ('ErrorCode',NET_API_STATUS), 

1924 ) 

1925 

1926# 3.5.4.3.5 NetrGetAnyDCName (Opnum 13) 

1927class NetrGetAnyDCName(NDRCALL): 

1928 opnum = 13 

1929 structure = ( 

1930 ('ServerName',PLOGONSRV_HANDLE), 

1931 ('DomainName',LPWSTR), 

1932 ) 

1933 

1934class NetrGetAnyDCNameResponse(NDRCALL): 

1935 structure = ( 

1936 ('Buffer',LPWSTR), 

1937 ('ErrorCode',NET_API_STATUS), 

1938 ) 

1939 

1940# 3.5.4.3.6 DsrGetSiteName (Opnum 28) 

1941class DsrGetSiteName(NDRCALL): 

1942 opnum = 28 

1943 structure = ( 

1944 ('ComputerName',PLOGONSRV_HANDLE), 

1945 ) 

1946 

1947class DsrGetSiteNameResponse(NDRCALL): 

1948 structure = ( 

1949 ('SiteName',LPWSTR), 

1950 ('ErrorCode',NET_API_STATUS), 

1951 ) 

1952 

1953# 3.5.4.3.7 DsrGetDcSiteCoverageW (Opnum 38) 

1954class DsrGetDcSiteCoverageW(NDRCALL): 

1955 opnum = 38 

1956 structure = ( 

1957 ('ServerName',PLOGONSRV_HANDLE), 

1958 ) 

1959 

1960class DsrGetDcSiteCoverageWResponse(NDRCALL): 

1961 structure = ( 

1962 ('SiteNames',PNL_SITE_NAME_ARRAY), 

1963 ('ErrorCode',NET_API_STATUS), 

1964 ) 

1965 

1966# 3.5.4.3.8 DsrAddressToSiteNamesW (Opnum 33) 

1967class DsrAddressToSiteNamesW(NDRCALL): 

1968 opnum = 33 

1969 structure = ( 

1970 ('ComputerName',PLOGONSRV_HANDLE), 

1971 ('EntryCount',ULONG), 

1972 ('SocketAddresses',NL_SOCKET_ADDRESS_ARRAY), 

1973 ) 

1974 

1975class DsrAddressToSiteNamesWResponse(NDRCALL): 

1976 structure = ( 

1977 ('SiteNames',PNL_SITE_NAME_ARRAY), 

1978 ('ErrorCode',NET_API_STATUS), 

1979 ) 

1980 

1981# 3.5.4.3.9 DsrAddressToSiteNamesExW (Opnum 37) 

1982class DsrAddressToSiteNamesExW(NDRCALL): 

1983 opnum = 37 

1984 structure = ( 

1985 ('ComputerName',PLOGONSRV_HANDLE), 

1986 ('EntryCount',ULONG), 

1987 ('SocketAddresses',NL_SOCKET_ADDRESS_ARRAY), 

1988 ) 

1989 

1990class DsrAddressToSiteNamesExWResponse(NDRCALL): 

1991 structure = ( 

1992 ('SiteNames',PNL_SITE_NAME_EX_ARRAY), 

1993 ('ErrorCode',NET_API_STATUS), 

1994 ) 

1995 

1996# 3.5.4.3.10 DsrDeregisterDnsHostRecords (Opnum 41) 

1997class DsrDeregisterDnsHostRecords(NDRCALL): 

1998 opnum = 41 

1999 structure = ( 

2000 ('ServerName',PLOGONSRV_HANDLE), 

2001 ('DnsDomainName',LPWSTR), 

2002 ('DomainGuid',PGUID), 

2003 ('DsaGuid',PGUID), 

2004 ('DnsHostName',WSTR), 

2005 ) 

2006 

2007class DsrDeregisterDnsHostRecordsResponse(NDRCALL): 

2008 structure = ( 

2009 ('ErrorCode',NET_API_STATUS), 

2010 ) 

2011 

2012# 3.5.4.3.11 DSRUpdateReadOnlyServerDnsRecords (Opnum 48) 

2013class DSRUpdateReadOnlyServerDnsRecords(NDRCALL): 

2014 opnum = 48 

2015 structure = ( 

2016 ('ServerName',PLOGONSRV_HANDLE), 

2017 ('ComputerName',WSTR), 

2018 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2019 ('SiteName',LPWSTR), 

2020 ('DnsTtl',ULONG), 

2021 ('DnsNames',NL_DNS_NAME_INFO_ARRAY), 

2022 ) 

2023 

2024class DSRUpdateReadOnlyServerDnsRecordsResponse(NDRCALL): 

2025 structure = ( 

2026 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2027 ('DnsNames',NL_DNS_NAME_INFO_ARRAY), 

2028 ('ErrorCode',NTSTATUS), 

2029 ) 

2030 

2031# 3.5.4.4.1 NetrServerReqChallenge (Opnum 4) 

2032class NetrServerReqChallenge(NDRCALL): 

2033 opnum = 4 

2034 structure = ( 

2035 ('PrimaryName',PLOGONSRV_HANDLE), 

2036 ('ComputerName',WSTR), 

2037 ('ClientChallenge',NETLOGON_CREDENTIAL), 

2038 ) 

2039 

2040class NetrServerReqChallengeResponse(NDRCALL): 

2041 structure = ( 

2042 ('ServerChallenge',NETLOGON_CREDENTIAL), 

2043 ('ErrorCode',NTSTATUS), 

2044 ) 

2045 

2046# 3.5.4.4.2 NetrServerAuthenticate3 (Opnum 26) 

2047class NetrServerAuthenticate3(NDRCALL): 

2048 opnum = 26 

2049 structure = ( 

2050 ('PrimaryName',PLOGONSRV_HANDLE), 

2051 ('AccountName',WSTR), 

2052 ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE), 

2053 ('ComputerName',WSTR), 

2054 ('ClientCredential',NETLOGON_CREDENTIAL), 

2055 ('NegotiateFlags',ULONG), 

2056 ) 

2057 

2058class NetrServerAuthenticate3Response(NDRCALL): 

2059 structure = ( 

2060 ('ServerCredential',NETLOGON_CREDENTIAL), 

2061 ('NegotiateFlags',ULONG), 

2062 ('AccountRid',ULONG), 

2063 ('ErrorCode',NTSTATUS), 

2064 ) 

2065 

2066# 3.5.4.4.3 NetrServerAuthenticate2 (Opnum 15) 

2067class NetrServerAuthenticate2(NDRCALL): 

2068 opnum = 15 

2069 structure = ( 

2070 ('PrimaryName',PLOGONSRV_HANDLE), 

2071 ('AccountName',WSTR), 

2072 ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE), 

2073 ('ComputerName',WSTR), 

2074 ('ClientCredential',NETLOGON_CREDENTIAL), 

2075 ('NegotiateFlags',ULONG), 

2076 ) 

2077 

2078class NetrServerAuthenticate2Response(NDRCALL): 

2079 structure = ( 

2080 ('ServerCredential',NETLOGON_CREDENTIAL), 

2081 ('NegotiateFlags',ULONG), 

2082 ('ErrorCode',NTSTATUS), 

2083 ) 

2084 

2085# 3.5.4.4.4 NetrServerAuthenticate (Opnum 5) 

2086class NetrServerAuthenticate(NDRCALL): 

2087 opnum = 5 

2088 structure = ( 

2089 ('PrimaryName',PLOGONSRV_HANDLE), 

2090 ('AccountName',WSTR), 

2091 ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE), 

2092 ('ComputerName',WSTR), 

2093 ('ClientCredential',NETLOGON_CREDENTIAL), 

2094 ) 

2095 

2096class NetrServerAuthenticateResponse(NDRCALL): 

2097 structure = ( 

2098 ('ServerCredential',NETLOGON_CREDENTIAL), 

2099 ('ErrorCode',NTSTATUS), 

2100 ) 

2101 

2102# 3.5.4.4.5 NetrServerPasswordSet2 (Opnum 30) 

2103class NetrServerPasswordSet2(NDRCALL): 

2104 opnum = 30 

2105 structure = ( 

2106 ('PrimaryName',PLOGONSRV_HANDLE), 

2107 ('AccountName',WSTR), 

2108 ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE), 

2109 ('ComputerName',WSTR), 

2110 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2111 #('ClearNewPassword',NL_TRUST_PASSWORD), 

2112 ('ClearNewPassword',NL_TRUST_PASSWORD_FIXED_ARRAY), 

2113 ) 

2114 

2115class NetrServerPasswordSet2Response(NDRCALL): 

2116 structure = ( 

2117 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2118 ('ErrorCode',NTSTATUS), 

2119 ) 

2120 

2121# 3.5.4.4.6 NetrServerPasswordSet (Opnum 6) 

2122 

2123# 3.5.4.4.7 NetrServerPasswordGet (Opnum 31) 

2124class NetrServerPasswordGet(NDRCALL): 

2125 opnum = 31 

2126 structure = ( 

2127 ('PrimaryName',PLOGONSRV_HANDLE), 

2128 ('AccountName',WSTR), 

2129 ('AccountType',NETLOGON_SECURE_CHANNEL_TYPE), 

2130 ('ComputerName',WSTR), 

2131 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2132 ) 

2133 

2134class NetrServerPasswordGetResponse(NDRCALL): 

2135 structure = ( 

2136 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2137 ('EncryptedNtOwfPassword',ENCRYPTED_NT_OWF_PASSWORD), 

2138 ('ErrorCode',NTSTATUS), 

2139 ) 

2140 

2141# 3.5.4.4.8 NetrServerTrustPasswordsGet (Opnum 42) 

2142class NetrServerTrustPasswordsGet(NDRCALL): 

2143 opnum = 42 

2144 structure = ( 

2145 ('TrustedDcName',PLOGONSRV_HANDLE), 

2146 ('AccountName',WSTR), 

2147 ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE), 

2148 ('ComputerName',WSTR), 

2149 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2150 ) 

2151 

2152class NetrServerTrustPasswordsGetResponse(NDRCALL): 

2153 structure = ( 

2154 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2155 ('EncryptedNewOwfPassword',ENCRYPTED_NT_OWF_PASSWORD), 

2156 ('EncryptedOldOwfPassword',ENCRYPTED_NT_OWF_PASSWORD), 

2157 ('ErrorCode',NTSTATUS), 

2158 ) 

2159 

2160# 3.5.4.4.9 NetrLogonGetDomainInfo (Opnum 29) 

2161class NetrLogonGetDomainInfo(NDRCALL): 

2162 opnum = 29 

2163 structure = ( 

2164 ('ServerName',LOGONSRV_HANDLE), 

2165 ('ComputerName',LPWSTR), 

2166 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2167 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2168 ('Level',DWORD), 

2169 ('WkstaBuffer',NETLOGON_WORKSTATION_INFORMATION), 

2170 ) 

2171 

2172class NetrLogonGetDomainInfoResponse(NDRCALL): 

2173 structure = ( 

2174 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2175 ('DomBuffer',NETLOGON_DOMAIN_INFORMATION), 

2176 ('ErrorCode',NTSTATUS), 

2177 ) 

2178 

2179# 3.5.4.4.10 NetrLogonGetCapabilities (Opnum 21) 

2180class NetrLogonGetCapabilities(NDRCALL): 

2181 opnum = 21 

2182 structure = ( 

2183 ('ServerName',LOGONSRV_HANDLE), 

2184 ('ComputerName',LPWSTR), 

2185 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2186 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2187 ('QueryLevel',DWORD), 

2188 ) 

2189 

2190class NetrLogonGetCapabilitiesResponse(NDRCALL): 

2191 structure = ( 

2192 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2193 ('ServerCapabilities',NETLOGON_CAPABILITIES), 

2194 ('ErrorCode',NTSTATUS), 

2195 ) 

2196 

2197# 3.5.4.4.11 NetrChainSetClientAttributes (Opnum 49) 

2198 

2199# 3.5.4.5.1 NetrLogonSamLogonEx (Opnum 39) 

2200class NetrLogonSamLogonEx(NDRCALL): 

2201 opnum = 39 

2202 structure = ( 

2203 ('LogonServer',LPWSTR), 

2204 ('ComputerName',LPWSTR), 

2205 ('LogonLevel',NETLOGON_LOGON_INFO_CLASS), 

2206 ('LogonInformation',NETLOGON_LEVEL), 

2207 ('ValidationLevel',NETLOGON_VALIDATION_INFO_CLASS), 

2208 ('ExtraFlags',ULONG), 

2209 ) 

2210 

2211class NetrLogonSamLogonExResponse(NDRCALL): 

2212 structure = ( 

2213 ('ValidationInformation',NETLOGON_VALIDATION), 

2214 ('Authoritative',UCHAR), 

2215 ('ExtraFlags',ULONG), 

2216 ('ErrorCode',NTSTATUS), 

2217 ) 

2218 

2219# 3.5.4.5.2 NetrLogonSamLogonWithFlags (Opnum 45) 

2220class NetrLogonSamLogonWithFlags(NDRCALL): 

2221 opnum = 45 

2222 structure = ( 

2223 ('LogonServer',LPWSTR), 

2224 ('ComputerName',LPWSTR), 

2225 ('Authenticator',PNETLOGON_AUTHENTICATOR), 

2226 ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR), 

2227 ('LogonLevel',NETLOGON_LOGON_INFO_CLASS), 

2228 ('LogonInformation',NETLOGON_LEVEL), 

2229 ('ValidationLevel',NETLOGON_VALIDATION_INFO_CLASS), 

2230 ('ExtraFlags',ULONG), 

2231 ) 

2232 

2233class NetrLogonSamLogonWithFlagsResponse(NDRCALL): 

2234 structure = ( 

2235 ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR), 

2236 ('ValidationInformation',NETLOGON_VALIDATION), 

2237 ('Authoritative',UCHAR), 

2238 ('ExtraFlags',ULONG), 

2239 ('ErrorCode',NTSTATUS), 

2240 ) 

2241 

2242# 3.5.4.5.3 NetrLogonSamLogon (Opnum 2) 

2243class NetrLogonSamLogon(NDRCALL): 

2244 opnum = 2 

2245 structure = ( 

2246 ('LogonServer',LPWSTR), 

2247 ('ComputerName',LPWSTR), 

2248 ('Authenticator',PNETLOGON_AUTHENTICATOR), 

2249 ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR), 

2250 ('LogonLevel',NETLOGON_LOGON_INFO_CLASS), 

2251 ('LogonInformation',NETLOGON_LEVEL), 

2252 ('ValidationLevel',NETLOGON_VALIDATION_INFO_CLASS), 

2253 ) 

2254 

2255class NetrLogonSamLogonResponse(NDRCALL): 

2256 structure = ( 

2257 ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR), 

2258 ('ValidationInformation',NETLOGON_VALIDATION), 

2259 ('Authoritative',UCHAR), 

2260 ('ErrorCode',NTSTATUS), 

2261 ) 

2262 

2263# 3.5.4.5.4 NetrLogonSamLogoff (Opnum 3) 

2264class NetrLogonSamLogoff(NDRCALL): 

2265 opnum = 3 

2266 structure = ( 

2267 ('LogonServer',LPWSTR), 

2268 ('ComputerName',LPWSTR), 

2269 ('Authenticator',PNETLOGON_AUTHENTICATOR), 

2270 ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR), 

2271 ('LogonLevel',NETLOGON_LOGON_INFO_CLASS), 

2272 ('LogonInformation',NETLOGON_LEVEL), 

2273 ) 

2274 

2275class NetrLogonSamLogoffResponse(NDRCALL): 

2276 structure = ( 

2277 ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR), 

2278 ('ErrorCode',NTSTATUS), 

2279 ) 

2280 

2281# 3.5.4.6.1 NetrDatabaseDeltas (Opnum 7) 

2282class NetrDatabaseDeltas(NDRCALL): 

2283 opnum = 7 

2284 structure = ( 

2285 ('PrimaryName',LOGONSRV_HANDLE), 

2286 ('ComputerName',WSTR), 

2287 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2288 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2289 ('DatabaseID',DWORD), 

2290 ('DomainModifiedCount',NLPR_MODIFIED_COUNT), 

2291 ('PreferredMaximumLength',DWORD), 

2292 ) 

2293 

2294class NetrDatabaseDeltasResponse(NDRCALL): 

2295 structure = ( 

2296 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2297 ('DomainModifiedCount',NLPR_MODIFIED_COUNT), 

2298 ('DeltaArray',PNETLOGON_DELTA_ENUM_ARRAY), 

2299 ('ErrorCode',NTSTATUS), 

2300 ) 

2301 

2302# 3.5.4.6.2 NetrDatabaseSync2 (Opnum 16) 

2303class NetrDatabaseSync2(NDRCALL): 

2304 opnum = 16 

2305 structure = ( 

2306 ('PrimaryName',LOGONSRV_HANDLE), 

2307 ('ComputerName',WSTR), 

2308 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2309 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2310 ('DatabaseID',DWORD), 

2311 ('RestartState',SYNC_STATE), 

2312 ('SyncContext',ULONG), 

2313 ('PreferredMaximumLength',DWORD), 

2314 ) 

2315 

2316class NetrDatabaseSync2Response(NDRCALL): 

2317 structure = ( 

2318 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2319 ('SyncContext',ULONG), 

2320 ('DeltaArray',PNETLOGON_DELTA_ENUM_ARRAY), 

2321 ('ErrorCode',NTSTATUS), 

2322 ) 

2323 

2324# 3.5.4.6.3 NetrDatabaseSync (Opnum 8) 

2325class NetrDatabaseSync(NDRCALL): 

2326 opnum = 8 

2327 structure = ( 

2328 ('PrimaryName',LOGONSRV_HANDLE), 

2329 ('ComputerName',WSTR), 

2330 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2331 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2332 ('DatabaseID',DWORD), 

2333 ('SyncContext',ULONG), 

2334 ('PreferredMaximumLength',DWORD), 

2335 ) 

2336 

2337class NetrDatabaseSyncResponse(NDRCALL): 

2338 structure = ( 

2339 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2340 ('SyncContext',ULONG), 

2341 ('DeltaArray',PNETLOGON_DELTA_ENUM_ARRAY), 

2342 ('ErrorCode',NTSTATUS), 

2343 ) 

2344 

2345# 3.5.4.6.4 NetrDatabaseRedo (Opnum 17) 

2346class NetrDatabaseRedo(NDRCALL): 

2347 opnum = 17 

2348 structure = ( 

2349 ('PrimaryName',LOGONSRV_HANDLE), 

2350 ('ComputerName',WSTR), 

2351 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2352 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2353 ('ChangeLogEntry',PUCHAR_ARRAY), 

2354 ('ChangeLogEntrySize',DWORD), 

2355 ) 

2356 

2357class NetrDatabaseRedoResponse(NDRCALL): 

2358 structure = ( 

2359 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2360 ('DeltaArray',PNETLOGON_DELTA_ENUM_ARRAY), 

2361 ('ErrorCode',NTSTATUS), 

2362 ) 

2363 

2364# 3.5.4.7.1 DsrEnumerateDomainTrusts (Opnum 40) 

2365class DsrEnumerateDomainTrusts(NDRCALL): 

2366 opnum = 40 

2367 structure = ( 

2368 ('ServerName',PLOGONSRV_HANDLE), 

2369 ('Flags',ULONG), 

2370 ) 

2371 

2372class DsrEnumerateDomainTrustsResponse(NDRCALL): 

2373 structure = ( 

2374 ('Domains',NETLOGON_TRUSTED_DOMAIN_ARRAY), 

2375 ('ErrorCode',NTSTATUS), 

2376 ) 

2377 

2378# 3.5.4.7.2 NetrEnumerateTrustedDomainsEx (Opnum 36) 

2379class NetrEnumerateTrustedDomainsEx(NDRCALL): 

2380 opnum = 36 

2381 structure = ( 

2382 ('ServerName',PLOGONSRV_HANDLE), 

2383 ) 

2384 

2385class NetrEnumerateTrustedDomainsExResponse(NDRCALL): 

2386 structure = ( 

2387 ('Domains',NETLOGON_TRUSTED_DOMAIN_ARRAY), 

2388 ('ErrorCode',NTSTATUS), 

2389 ) 

2390 

2391# 3.5.4.7.3 NetrEnumerateTrustedDomains (Opnum 19) 

2392class NetrEnumerateTrustedDomains(NDRCALL): 

2393 opnum = 19 

2394 structure = ( 

2395 ('ServerName',PLOGONSRV_HANDLE), 

2396 ) 

2397 

2398class NetrEnumerateTrustedDomainsResponse(NDRCALL): 

2399 structure = ( 

2400 ('DomainNameBuffer',DOMAIN_NAME_BUFFER), 

2401 ('ErrorCode',NTSTATUS), 

2402 ) 

2403 

2404# 3.5.4.7.4 NetrGetForestTrustInformation (Opnum 44) 

2405class NetrGetForestTrustInformation(NDRCALL): 

2406 opnum = 44 

2407 structure = ( 

2408 ('ServerName',PLOGONSRV_HANDLE), 

2409 ('ComputerName',WSTR), 

2410 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2411 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2412 ('Flags',DWORD), 

2413 ) 

2414 

2415class NetrGetForestTrustInformationResponse(NDRCALL): 

2416 structure = ( 

2417 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2418 ('ForestTrustInfo',PLSA_FOREST_TRUST_INFORMATION), 

2419 ('ErrorCode',NTSTATUS), 

2420 ) 

2421 

2422# 3.5.4.7.5 DsrGetForestTrustInformation (Opnum 43) 

2423class DsrGetForestTrustInformation(NDRCALL): 

2424 opnum = 43 

2425 structure = ( 

2426 ('ServerName',PLOGONSRV_HANDLE), 

2427 ('TrustedDomainName',LPWSTR), 

2428 ('Flags',DWORD), 

2429 ) 

2430 

2431class DsrGetForestTrustInformationResponse(NDRCALL): 

2432 structure = ( 

2433 ('ForestTrustInfo',PLSA_FOREST_TRUST_INFORMATION), 

2434 ('ErrorCode',NTSTATUS), 

2435 ) 

2436 

2437# 3.5.4.7.6 NetrServerGetTrustInfo (Opnum 46) 

2438class NetrServerGetTrustInfo(NDRCALL): 

2439 opnum = 46 

2440 structure = ( 

2441 ('TrustedDcName',PLOGONSRV_HANDLE), 

2442 ('AccountName',WSTR), 

2443 ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE), 

2444 ('ComputerName',WSTR), 

2445 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2446 ) 

2447 

2448class NetrServerGetTrustInfoResponse(NDRCALL): 

2449 structure = ( 

2450 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2451 ('EncryptedNewOwfPassword',ENCRYPTED_NT_OWF_PASSWORD), 

2452 ('EncryptedOldOwfPassword',ENCRYPTED_NT_OWF_PASSWORD), 

2453 ('TrustInfo',PNL_GENERIC_RPC_DATA), 

2454 ('ErrorCode',NTSTATUS), 

2455 ) 

2456 

2457# 3.5.4.8.1 NetrLogonGetTrustRid (Opnum 23) 

2458class NetrLogonGetTrustRid(NDRCALL): 

2459 opnum = 23 

2460 structure = ( 

2461 ('ServerName',PLOGONSRV_HANDLE), 

2462 ('DomainName',LPWSTR), 

2463 ) 

2464 

2465class NetrLogonGetTrustRidResponse(NDRCALL): 

2466 structure = ( 

2467 ('Rid',ULONG), 

2468 ('ErrorCode',NTSTATUS), 

2469 ) 

2470 

2471# 3.5.4.8.2 NetrLogonComputeServerDigest (Opnum 24) 

2472class NetrLogonComputeServerDigest(NDRCALL): 

2473 opnum = 24 

2474 structure = ( 

2475 ('ServerName',PLOGONSRV_HANDLE), 

2476 ('Rid',ULONG), 

2477 ('Message',UCHAR_ARRAY), 

2478 ('MessageSize',ULONG), 

2479 ) 

2480 

2481class NetrLogonComputeServerDigestResponse(NDRCALL): 

2482 structure = ( 

2483 ('NewMessageDigest',CHAR_FIXED_16_ARRAY), 

2484 ('OldMessageDigest',CHAR_FIXED_16_ARRAY), 

2485 ('ErrorCode',NTSTATUS), 

2486 ) 

2487 

2488# 3.5.4.8.3 NetrLogonComputeClientDigest (Opnum 25) 

2489class NetrLogonComputeClientDigest(NDRCALL): 

2490 opnum = 25 

2491 structure = ( 

2492 ('ServerName',PLOGONSRV_HANDLE), 

2493 ('DomainName',LPWSTR), 

2494 ('Message',UCHAR_ARRAY), 

2495 ('MessageSize',ULONG), 

2496 ) 

2497 

2498class NetrLogonComputeClientDigestResponse(NDRCALL): 

2499 structure = ( 

2500 ('NewMessageDigest',CHAR_FIXED_16_ARRAY), 

2501 ('OldMessageDigest',CHAR_FIXED_16_ARRAY), 

2502 ('ErrorCode',NTSTATUS), 

2503 ) 

2504 

2505# 3.5.4.8.4 NetrLogonSendToSam (Opnum 32) 

2506class NetrLogonSendToSam(NDRCALL): 

2507 opnum = 32 

2508 structure = ( 

2509 ('PrimaryName',PLOGONSRV_HANDLE), 

2510 ('ComputerName',WSTR), 

2511 ('Authenticator',NETLOGON_AUTHENTICATOR), 

2512 ('OpaqueBuffer',UCHAR_ARRAY), 

2513 ('OpaqueBufferSize',ULONG), 

2514 ) 

2515 

2516class NetrLogonSendToSamResponse(NDRCALL): 

2517 structure = ( 

2518 ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR), 

2519 ('ErrorCode',NTSTATUS), 

2520 ) 

2521 

2522# 3.5.4.8.5 NetrLogonSetServiceBits (Opnum 22) 

2523class NetrLogonSetServiceBits(NDRCALL): 

2524 opnum = 22 

2525 structure = ( 

2526 ('ServerName',PLOGONSRV_HANDLE), 

2527 ('ServiceBitsOfInterest',DWORD), 

2528 ('ServiceBits',DWORD), 

2529 ) 

2530 

2531class NetrLogonSetServiceBitsResponse(NDRCALL): 

2532 structure = ( 

2533 ('ErrorCode',NTSTATUS), 

2534 ) 

2535 

2536# 3.5.4.8.6 NetrLogonGetTimeServiceParentDomain (Opnum 35) 

2537class NetrLogonGetTimeServiceParentDomain(NDRCALL): 

2538 opnum = 35 

2539 structure = ( 

2540 ('ServerName',PLOGONSRV_HANDLE), 

2541 ) 

2542 

2543class NetrLogonGetTimeServiceParentDomainResponse(NDRCALL): 

2544 structure = ( 

2545 ('DomainName',LPWSTR), 

2546 ('PdcSameSite',LONG), 

2547 ('ErrorCode',NET_API_STATUS), 

2548 ) 

2549 

2550# 3.5.4.9.1 NetrLogonControl2Ex (Opnum 18) 

2551class NetrLogonControl2Ex(NDRCALL): 

2552 opnum = 18 

2553 structure = ( 

2554 ('ServerName',PLOGONSRV_HANDLE), 

2555 ('FunctionCode',DWORD), 

2556 ('QueryLevel',DWORD), 

2557 ('Data',NETLOGON_CONTROL_DATA_INFORMATION), 

2558 ) 

2559 

2560class NetrLogonControl2ExResponse(NDRCALL): 

2561 structure = ( 

2562 ('Buffer',NETLOGON_CONTROL_DATA_INFORMATION), 

2563 ('ErrorCode',NET_API_STATUS), 

2564 ) 

2565 

2566# 3.5.4.9.2 NetrLogonControl2 (Opnum 14) 

2567class NetrLogonControl2(NDRCALL): 

2568 opnum = 14 

2569 structure = ( 

2570 ('ServerName',PLOGONSRV_HANDLE), 

2571 ('FunctionCode',DWORD), 

2572 ('QueryLevel',DWORD), 

2573 ('Data',NETLOGON_CONTROL_DATA_INFORMATION), 

2574 ) 

2575 

2576class NetrLogonControl2Response(NDRCALL): 

2577 structure = ( 

2578 ('Buffer',NETLOGON_CONTROL_DATA_INFORMATION), 

2579 ('ErrorCode',NET_API_STATUS), 

2580 ) 

2581 

2582# 3.5.4.9.3 NetrLogonControl (Opnum 12) 

2583class NetrLogonControl(NDRCALL): 

2584 opnum = 12 

2585 structure = ( 

2586 ('ServerName',PLOGONSRV_HANDLE), 

2587 ('FunctionCode',DWORD), 

2588 ('QueryLevel',DWORD), 

2589 ('Data',NETLOGON_CONTROL_DATA_INFORMATION), 

2590 ) 

2591 

2592class NetrLogonControlResponse(NDRCALL): 

2593 structure = ( 

2594 ('Buffer',NETLOGON_CONTROL_DATA_INFORMATION), 

2595 ('ErrorCode',NET_API_STATUS), 

2596 ) 

2597 

2598# 3.5.4.10.1 NetrLogonUasLogon (Opnum 0) 

2599class NetrLogonUasLogon(NDRCALL): 

2600 opnum = 0 

2601 structure = ( 

2602 ('ServerName',PLOGONSRV_HANDLE), 

2603 ('UserName',WSTR), 

2604 ('Workstation',WSTR), 

2605 ) 

2606 

2607class NetrLogonUasLogonResponse(NDRCALL): 

2608 structure = ( 

2609 ('ValidationInformation',PNETLOGON_VALIDATION_UAS_INFO), 

2610 ('ErrorCode',NET_API_STATUS), 

2611 ) 

2612 

2613# 3.5.4.10.2 NetrLogonUasLogoff (Opnum 1) 

2614class NetrLogonUasLogoff(NDRCALL): 

2615 opnum = 1 

2616 structure = ( 

2617 ('ServerName',PLOGONSRV_HANDLE), 

2618 ('UserName',WSTR), 

2619 ('Workstation',WSTR), 

2620 ) 

2621 

2622class NetrLogonUasLogoffResponse(NDRCALL): 

2623 structure = ( 

2624 ('LogoffInformation',NETLOGON_LOGOFF_UAS_INFO), 

2625 ('ErrorCode',NET_API_STATUS), 

2626 ) 

2627 

2628################################################################################ 

2629# OPNUMs and their corresponding structures 

2630################################################################################ 

2631OPNUMS = { 

2632 0 : (NetrLogonUasLogon, NetrLogonUasLogonResponse), 

2633 1 : (NetrLogonUasLogoff, NetrLogonUasLogoffResponse), 

2634 2 : (NetrLogonSamLogon, NetrLogonSamLogonResponse), 

2635 3 : (NetrLogonSamLogoff, NetrLogonSamLogoffResponse), 

2636 4 : (NetrServerReqChallenge, NetrServerReqChallengeResponse), 

2637 5 : (NetrServerAuthenticate, NetrServerAuthenticateResponse), 

2638# 6 : (NetrServerPasswordSet, NetrServerPasswordSetResponse), 

2639 7 : (NetrDatabaseDeltas, NetrDatabaseDeltasResponse), 

2640 8 : (NetrDatabaseSync, NetrDatabaseSyncResponse), 

2641# 9 : (NetrAccountDeltas, NetrAccountDeltasResponse), 

2642# 10 : (NetrAccountSync, NetrAccountSyncResponse), 

2643 11 : (NetrGetDCName, NetrGetDCNameResponse), 

2644 12 : (NetrLogonControl, NetrLogonControlResponse), 

2645 13 : (NetrGetAnyDCName, NetrGetAnyDCNameResponse), 

2646 14 : (NetrLogonControl2, NetrLogonControl2Response), 

2647 15 : (NetrServerAuthenticate2, NetrServerAuthenticate2Response), 

2648 16 : (NetrDatabaseSync2, NetrDatabaseSync2Response), 

2649 17 : (NetrDatabaseRedo, NetrDatabaseRedoResponse), 

2650 18 : (NetrLogonControl2Ex, NetrLogonControl2ExResponse), 

2651 19 : (NetrEnumerateTrustedDomains, NetrEnumerateTrustedDomainsResponse), 

2652 20 : (DsrGetDcName, DsrGetDcNameResponse), 

2653 21 : (NetrLogonGetCapabilities, NetrLogonGetCapabilitiesResponse), 

2654 22 : (NetrLogonSetServiceBits, NetrLogonSetServiceBitsResponse), 

2655 23 : (NetrLogonGetTrustRid, NetrLogonGetTrustRidResponse), 

2656 24 : (NetrLogonComputeServerDigest, NetrLogonComputeServerDigestResponse), 

2657 25 : (NetrLogonComputeClientDigest, NetrLogonComputeClientDigestResponse), 

2658 26 : (NetrServerAuthenticate3, NetrServerAuthenticate3Response), 

2659 27 : (DsrGetDcNameEx, DsrGetDcNameExResponse), 

2660 28 : (DsrGetSiteName, DsrGetSiteNameResponse), 

2661 29 : (NetrLogonGetDomainInfo, NetrLogonGetDomainInfoResponse), 

2662 30 : (NetrServerPasswordSet2, NetrServerPasswordSet2Response), 

2663 31 : (NetrServerPasswordGet, NetrServerPasswordGetResponse), 

2664 32 : (NetrLogonSendToSam, NetrLogonSendToSamResponse), 

2665 33 : (DsrAddressToSiteNamesW, DsrAddressToSiteNamesWResponse), 

2666 34 : (DsrGetDcNameEx2, DsrGetDcNameEx2Response), 

2667 35 : (NetrLogonGetTimeServiceParentDomain, NetrLogonGetTimeServiceParentDomainResponse), 

2668 36 : (NetrEnumerateTrustedDomainsEx, NetrEnumerateTrustedDomainsExResponse), 

2669 37 : (DsrAddressToSiteNamesExW, DsrAddressToSiteNamesExWResponse), 

2670 38 : (DsrGetDcSiteCoverageW, DsrGetDcSiteCoverageWResponse), 

2671 39 : (NetrLogonSamLogonEx, NetrLogonSamLogonExResponse), 

2672 40 : (DsrEnumerateDomainTrusts, DsrEnumerateDomainTrustsResponse), 

2673 41 : (DsrDeregisterDnsHostRecords, DsrDeregisterDnsHostRecordsResponse), 

2674 42 : (NetrServerTrustPasswordsGet, NetrServerTrustPasswordsGetResponse), 

2675 43 : (DsrGetForestTrustInformation, DsrGetForestTrustInformationResponse), 

2676 44 : (NetrGetForestTrustInformation, NetrGetForestTrustInformationResponse), 

2677 45 : (NetrLogonSamLogonWithFlags, NetrLogonSamLogonWithFlagsResponse), 

2678 46 : (NetrServerGetTrustInfo, NetrServerGetTrustInfoResponse), 

2679# 48 : (DsrUpdateReadOnlyServerDnsRecords, DsrUpdateReadOnlyServerDnsRecordsResponse), 

2680# 49 : (NetrChainSetClientAttributes, NetrChainSetClientAttributesResponse), 

2681} 

2682 

2683################################################################################ 

2684# HELPER FUNCTIONS 

2685################################################################################ 

2686def checkNullString(string): 

2687 if string == NULL: 

2688 return string 

2689 

2690 if string[-1:] != '\x00': 

2691 return string + '\x00' 

2692 else: 

2693 return string 

2694 

2695def hNetrServerReqChallenge(dce, primaryName, computerName, clientChallenge): 

2696 request = NetrServerReqChallenge() 

2697 request['PrimaryName'] = checkNullString(primaryName) 

2698 request['ComputerName'] = checkNullString(computerName) 

2699 request['ClientChallenge'] = clientChallenge 

2700 return dce.request(request) 

2701 

2702def hNetrServerAuthenticate3(dce, primaryName, accountName, secureChannelType, computerName, clientCredential, negotiateFlags): 

2703 request = NetrServerAuthenticate3() 

2704 request['PrimaryName'] = checkNullString(primaryName) 

2705 request['AccountName'] = checkNullString(accountName) 

2706 request['SecureChannelType'] = secureChannelType 

2707 request['ClientCredential'] = clientCredential 

2708 request['ComputerName'] = checkNullString(computerName) 

2709 request['NegotiateFlags'] = negotiateFlags 

2710 return dce.request(request) 

2711 

2712def hDsrGetDcNameEx2(dce, computerName, accountName, allowableAccountControlBits, domainName, domainGuid, siteName, flags): 

2713 request = DsrGetDcNameEx2() 

2714 request['ComputerName'] = checkNullString(computerName) 

2715 request['AccountName'] = checkNullString(accountName) 

2716 request['AllowableAccountControlBits'] = allowableAccountControlBits 

2717 request['DomainName'] = checkNullString(domainName) 

2718 request['DomainGuid'] = domainGuid 

2719 request['SiteName'] = checkNullString(siteName) 

2720 request['Flags'] = flags 

2721 return dce.request(request) 

2722 

2723def hDsrGetDcNameEx(dce, computerName, domainName, domainGuid, siteName, flags): 

2724 request = DsrGetDcNameEx() 

2725 request['ComputerName'] = checkNullString(computerName) 

2726 request['DomainName'] = checkNullString(domainName) 

2727 request['DomainGuid'] = domainGuid 

2728 request['SiteName'] = siteName 

2729 request['Flags'] = flags 

2730 return dce.request(request) 

2731 

2732def hDsrGetDcName(dce, computerName, domainName, domainGuid, siteGuid, flags): 

2733 request = DsrGetDcName() 

2734 request['ComputerName'] = checkNullString(computerName) 

2735 request['DomainName'] = checkNullString(domainName) 

2736 request['DomainGuid'] = domainGuid 

2737 request['SiteGuid'] = siteGuid 

2738 request['Flags'] = flags 

2739 return dce.request(request) 

2740 

2741def hNetrGetAnyDCName(dce, serverName, domainName): 

2742 request = NetrGetAnyDCName() 

2743 request['ServerName'] = checkNullString(serverName) 

2744 request['DomainName'] = checkNullString(domainName) 

2745 return dce.request(request) 

2746 

2747def hNetrGetDCName(dce, serverName, domainName): 

2748 request = NetrGetDCName() 

2749 request['ServerName'] = checkNullString(serverName) 

2750 request['DomainName'] = checkNullString(domainName) 

2751 return dce.request(request) 

2752 

2753def hDsrGetSiteName(dce, computerName): 

2754 request = DsrGetSiteName() 

2755 request['ComputerName'] = checkNullString(computerName) 

2756 return dce.request(request) 

2757 

2758def hDsrGetDcSiteCoverageW(dce, serverName): 

2759 request = DsrGetDcSiteCoverageW() 

2760 request['ServerName'] = checkNullString(serverName) 

2761 return dce.request(request) 

2762 

2763def hNetrServerAuthenticate2(dce, primaryName, accountName, secureChannelType, computerName, clientCredential, negotiateFlags): 

2764 request = NetrServerAuthenticate2() 

2765 request['PrimaryName'] = checkNullString(primaryName) 

2766 request['AccountName'] = checkNullString(accountName) 

2767 request['SecureChannelType'] = secureChannelType 

2768 request['ClientCredential'] = clientCredential 

2769 request['ComputerName'] = checkNullString(computerName) 

2770 request['NegotiateFlags'] = negotiateFlags 

2771 return dce.request(request) 

2772 

2773def hNetrServerAuthenticate(dce, primaryName, accountName, secureChannelType, computerName, clientCredential): 

2774 request = NetrServerAuthenticate() 

2775 request['PrimaryName'] = checkNullString(primaryName) 

2776 request['AccountName'] = checkNullString(accountName) 

2777 request['SecureChannelType'] = secureChannelType 

2778 request['ClientCredential'] = clientCredential 

2779 request['ComputerName'] = checkNullString(computerName) 

2780 return dce.request(request) 

2781 

2782def hNetrServerPasswordGet(dce, primaryName, accountName, accountType, computerName, authenticator): 

2783 request = NetrServerPasswordGet() 

2784 request['PrimaryName'] = checkNullString(primaryName) 

2785 request['AccountName'] = checkNullString(accountName) 

2786 request['AccountType'] = accountType 

2787 request['ComputerName'] = checkNullString(computerName) 

2788 request['Authenticator'] = authenticator 

2789 return dce.request(request) 

2790 

2791def hNetrServerTrustPasswordsGet(dce, trustedDcName, accountName, secureChannelType, computerName, authenticator): 

2792 request = NetrServerTrustPasswordsGet() 

2793 request['TrustedDcName'] = checkNullString(trustedDcName) 

2794 request['AccountName'] = checkNullString(accountName) 

2795 request['SecureChannelType'] = secureChannelType 

2796 request['ComputerName'] = checkNullString(computerName) 

2797 request['Authenticator'] = authenticator 

2798 return dce.request(request) 

2799 

2800def hNetrServerPasswordSet2(dce, primaryName, accountName, secureChannelType, computerName, authenticator, clearNewPasswordBlob): 

2801 request = NetrServerPasswordSet2() 

2802 request['PrimaryName'] = checkNullString(primaryName) 

2803 request['AccountName'] = checkNullString(accountName) 

2804 request['SecureChannelType'] = secureChannelType 

2805 request['ComputerName'] = checkNullString(computerName) 

2806 request['Authenticator'] = authenticator 

2807 request['ClearNewPassword'] = clearNewPasswordBlob 

2808 return dce.request(request) 

2809 

2810def hNetrLogonGetDomainInfo(dce, serverName, computerName, authenticator, returnAuthenticator=0, level=1): 

2811 request = NetrLogonGetDomainInfo() 

2812 request['ServerName'] = checkNullString(serverName) 

2813 request['ComputerName'] = checkNullString(computerName) 

2814 request['Authenticator'] = authenticator 

2815 if returnAuthenticator == 0: 2815 ↛ 2819line 2815 didn't jump to line 2819, because the condition on line 2815 was never false

2816 request['ReturnAuthenticator']['Credential'] = b'\x00'*8 

2817 request['ReturnAuthenticator']['Timestamp'] = 0 

2818 else: 

2819 request['ReturnAuthenticator'] = returnAuthenticator 

2820 

2821 request['Level'] = 1 

2822 if level == 1: 2822 ↛ 2832line 2822 didn't jump to line 2832, because the condition on line 2822 was never false

2823 request['WkstaBuffer']['tag'] = 1 

2824 request['WkstaBuffer']['WorkstationInfo']['DnsHostName'] = NULL 

2825 request['WkstaBuffer']['WorkstationInfo']['SiteName'] = NULL 

2826 request['WkstaBuffer']['WorkstationInfo']['OsName'] = '' 

2827 request['WkstaBuffer']['WorkstationInfo']['Dummy1'] = NULL 

2828 request['WkstaBuffer']['WorkstationInfo']['Dummy2'] = NULL 

2829 request['WkstaBuffer']['WorkstationInfo']['Dummy3'] = NULL 

2830 request['WkstaBuffer']['WorkstationInfo']['Dummy4'] = NULL 

2831 else: 

2832 request['WkstaBuffer']['tag'] = 2 

2833 request['WkstaBuffer']['LsaPolicyInfo']['LsaPolicy'] = NULL 

2834 return dce.request(request) 

2835 

2836def hNetrLogonGetCapabilities(dce, serverName, computerName, authenticator, returnAuthenticator=0, queryLevel=1): 

2837 request = NetrLogonGetCapabilities() 

2838 request['ServerName'] = checkNullString(serverName) 

2839 request['ComputerName'] = checkNullString(computerName) 

2840 request['Authenticator'] = authenticator 

2841 if returnAuthenticator == 0: 2841 ↛ 2845line 2841 didn't jump to line 2845, because the condition on line 2841 was never false

2842 request['ReturnAuthenticator']['Credential'] = b'\x00'*8 

2843 request['ReturnAuthenticator']['Timestamp'] = 0 

2844 else: 

2845 request['ReturnAuthenticator'] = returnAuthenticator 

2846 request['QueryLevel'] = queryLevel 

2847 return dce.request(request) 

2848 

2849def hNetrServerGetTrustInfo(dce, trustedDcName, accountName, secureChannelType, computerName, authenticator): 

2850 request = NetrServerGetTrustInfo() 

2851 request['TrustedDcName'] = checkNullString(trustedDcName) 

2852 request['AccountName'] = checkNullString(accountName) 

2853 request['SecureChannelType'] = secureChannelType 

2854 request['ComputerName'] = checkNullString(computerName) 

2855 request['Authenticator'] = authenticator 

2856 return dce.request(request)