Coverage for /root/GitHubProjects/impacket/impacket/dcerpc/v5/samr.py : 94%

Hot-keys on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# Impacket - Collection of Python classes for working with network protocols.
2#
3# SECUREAUTH LABS. Copyright (C) 2019 SecureAuth Corporation. All rights reserved.
4#
5# This software is provided under a slightly modified version
6# of the Apache Software License. See the accompanying LICENSE file
7# for more information.
8#
9# Description:
10# [MS-SAMR] Interface implementation
11#
12# Best way to learn how to use these calls is to grab the protocol standard
13# so you understand what the call does, and then read the test case located
14# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
15#
16# Some calls have helper functions, which makes it even easier to use.
17# They are located at the end of this file.
18# Helper functions start with "h"<name of the call>.
19# There are test cases for them too.
20#
21# Author:
22# Alberto Solino (@agsolino)
23#
24from __future__ import division
25from __future__ import print_function
26from binascii import unhexlify
28from impacket.dcerpc.v5.ndr import NDRCALL, NDR, NDRSTRUCT, NDRUNION, NDRPOINTER, NDRUniConformantArray, \
29 NDRUniConformantVaryingArray, NDRENUM
30from impacket.dcerpc.v5.dtypes import NULL, RPC_UNICODE_STRING, ULONG, USHORT, UCHAR, LARGE_INTEGER, RPC_SID, LONG, STR, \
31 LPBYTE, SECURITY_INFORMATION, PRPC_SID, PRPC_UNICODE_STRING, LPWSTR
32from impacket.dcerpc.v5.rpcrt import DCERPCException
33from impacket import nt_errors, LOG
34from impacket.uuid import uuidtup_to_bin
35from impacket.dcerpc.v5.enum import Enum
36from impacket.structure import Structure
38import struct
39import os
40from hashlib import md5
41from Cryptodome.Cipher import ARC4
43MSRPC_UUID_SAMR = uuidtup_to_bin(('12345778-1234-ABCD-EF00-0123456789AC', '1.0'))
45class DCERPCSessionError(DCERPCException):
46 def __init__(self, error_string=None, error_code=None, packet=None):
47 DCERPCException.__init__(self, error_string, error_code, packet)
49 def __str__( self ):
50 key = self.error_code
51 if key in nt_errors.ERROR_MESSAGES: 51 ↛ 56line 51 didn't jump to line 56, because the condition on line 51 was never false
52 error_msg_short = nt_errors.ERROR_MESSAGES[key][0]
53 error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1]
54 return 'SAMR SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
55 else:
56 return 'SAMR SessionError: unknown error code: 0x%x' % self.error_code
58################################################################################
59# CONSTANTS
60################################################################################
61PSAMPR_SERVER_NAME = LPWSTR
62# 2.2.1.1 Common ACCESS_MASK Values
63DELETE = 0x00010000
64READ_CONTROL = 0x00020000
65WRITE_DAC = 0x00040000
66WRITE_OWNER = 0x00080000
67ACCESS_SYSTEM_SECURITY = 0x01000000
68MAXIMUM_ALLOWED = 0x02000000
70# 2.2.1.2 Generic ACCESS_MASK Values
71GENERIC_READ = 0x80000000
72GENERIC_WRITE = 0x40000000
73GENERIC_EXECUTE = 0x20000000
74GENERIC_ALL = 0x10000000
76# 2.2.1.3 Server ACCESS_MASK Values
77SAM_SERVER_CONNECT = 0x00000001
78SAM_SERVER_SHUTDOWN = 0x00000002
79SAM_SERVER_INITIALIZE = 0x00000004
80SAM_SERVER_CREATE_DOMAIN = 0x00000008
81SAM_SERVER_ENUMERATE_DOMAINS = 0x00000010
82SAM_SERVER_LOOKUP_DOMAIN = 0x00000020
83SAM_SERVER_ALL_ACCESS = 0x000F003F
84SAM_SERVER_READ = 0x00020010
85SAM_SERVER_WRITE = 0x0002000E
86SAM_SERVER_EXECUTE = 0x00020021
88# 2.2.1.4 Domain ACCESS_MASK Values
89DOMAIN_READ_PASSWORD_PARAMETERS = 0x00000001
90DOMAIN_WRITE_PASSWORD_PARAMS = 0x00000002
91DOMAIN_READ_OTHER_PARAMETERS = 0x00000004
92DOMAIN_WRITE_OTHER_PARAMETERS = 0x00000008
93DOMAIN_CREATE_USER = 0x00000010
94DOMAIN_CREATE_GROUP = 0x00000020
95DOMAIN_CREATE_ALIAS = 0x00000040
96DOMAIN_GET_ALIAS_MEMBERSHIP = 0x00000080
97DOMAIN_LIST_ACCOUNTS = 0x00000100
98DOMAIN_LOOKUP = 0x00000200
99DOMAIN_ADMINISTER_SERVER = 0x00000400
100DOMAIN_ALL_ACCESS = 0x000F07FF
101DOMAIN_READ = 0x00020084
102DOMAIN_WRITE = 0x0002047A
103DOMAIN_EXECUTE = 0x00020301
105# 2.2.1.5 Group ACCESS_MASK Values
106GROUP_READ_INFORMATION = 0x00000001
107GROUP_WRITE_ACCOUNT = 0x00000002
108GROUP_ADD_MEMBER = 0x00000004
109GROUP_REMOVE_MEMBER = 0x00000008
110GROUP_LIST_MEMBERS = 0x00000010
111GROUP_ALL_ACCESS = 0x000F001F
112GROUP_READ = 0x00020010
113GROUP_WRITE = 0x0002000E
114GROUP_EXECUTE = 0x00020001
116# 2.2.1.6 Alias ACCESS_MASK Values
117ALIAS_ADD_MEMBER = 0x00000001
118ALIAS_REMOVE_MEMBER = 0x00000002
119ALIAS_LIST_MEMBERS = 0x00000004
120ALIAS_READ_INFORMATION = 0x00000008
121ALIAS_WRITE_ACCOUNT = 0x00000010
122ALIAS_ALL_ACCESS = 0x000F001F
123ALIAS_READ = 0x00020004
124ALIAS_WRITE = 0x00020013
125ALIAS_EXECUTE = 0x00020008
127# 2.2.1.7 User ACCESS_MASK Values
128USER_READ_GENERAL = 0x00000001
129USER_READ_PREFERENCES = 0x00000002
130USER_WRITE_PREFERENCES = 0x00000004
131USER_READ_LOGON = 0x00000008
132USER_READ_ACCOUNT = 0x00000010
133USER_WRITE_ACCOUNT = 0x00000020
134USER_CHANGE_PASSWORD = 0x00000040
135USER_FORCE_PASSWORD_CHANGE = 0x00000080
136USER_LIST_GROUPS = 0x00000100
137USER_READ_GROUP_INFORMATION = 0x00000200
138USER_WRITE_GROUP_INFORMATION = 0x00000400
139USER_ALL_ACCESS = 0x000F07FF
140USER_READ = 0x0002031A
141USER_WRITE = 0x00020044
142USER_EXECUTE = 0x00020041
144# 2.2.1.8 USER_ALL Values
145USER_ALL_USERNAME = 0x00000001
146USER_ALL_FULLNAME = 0x00000002
147USER_ALL_USERID = 0x00000004
148USER_ALL_PRIMARYGROUPID = 0x00000008
149USER_ALL_ADMINCOMMENT = 0x00000010
150USER_ALL_USERCOMMENT = 0x00000020
151USER_ALL_HOMEDIRECTORY = 0x00000040
152USER_ALL_HOMEDIRECTORYDRIVE = 0x00000080
153USER_ALL_SCRIPTPATH = 0x00000100
154USER_ALL_PROFILEPATH = 0x00000200
155USER_ALL_WORKSTATIONS = 0x00000400
156USER_ALL_LASTLOGON = 0x00000800
157USER_ALL_LASTLOGOFF = 0x00001000
158USER_ALL_LOGONHOURS = 0x00002000
159USER_ALL_BADPASSWORDCOUNT = 0x00004000
160USER_ALL_LOGONCOUNT = 0x00008000
161USER_ALL_PASSWORDCANCHANGE = 0x00010000
162USER_ALL_PASSWORDMUSTCHANGE = 0x00020000
163USER_ALL_PASSWORDLASTSET = 0x00040000
164USER_ALL_ACCOUNTEXPIRES = 0x00080000
165USER_ALL_USERACCOUNTCONTROL = 0x00100000
166USER_ALL_PARAMETERS = 0x00200000
167USER_ALL_COUNTRYCODE = 0x00400000
168USER_ALL_CODEPAGE = 0x00800000
169USER_ALL_NTPASSWORDPRESENT = 0x01000000
170USER_ALL_LMPASSWORDPRESENT = 0x02000000
171USER_ALL_PRIVATEDATA = 0x04000000
172USER_ALL_PASSWORDEXPIRED = 0x08000000
173USER_ALL_SECURITYDESCRIPTOR = 0x10000000
174USER_ALL_UNDEFINED_MASK = 0xC0000000
176# 2.2.1.9 ACCOUNT_TYPE Values
177SAM_DOMAIN_OBJECT = 0x00000000
178SAM_GROUP_OBJECT = 0x10000000
179SAM_NON_SECURITY_GROUP_OBJECT = 0x10000001
180SAM_ALIAS_OBJECT = 0x20000000
181SAM_NON_SECURITY_ALIAS_OBJECT = 0x20000001
182SAM_USER_OBJECT = 0x30000000
183SAM_MACHINE_ACCOUNT = 0x30000001
184SAM_TRUST_ACCOUNT = 0x30000002
185SAM_APP_BASIC_GROUP = 0x40000000
186SAM_APP_QUERY_GROUP = 0x40000001
188# 2.2.1.10 SE_GROUP Attributes
189SE_GROUP_MANDATORY = 0x00000001
190SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002
191SE_GROUP_ENABLED = 0x00000004
193# 2.2.1.11 GROUP_TYPE Codes
194GROUP_TYPE_ACCOUNT_GROUP = 0x00000002
195GROUP_TYPE_RESOURCE_GROUP = 0x00000004
196GROUP_TYPE_UNIVERSAL_GROUP = 0x00000008
197GROUP_TYPE_SECURITY_ENABLED = 0x80000000
198GROUP_TYPE_SECURITY_ACCOUNT = 0x80000002
199GROUP_TYPE_SECURITY_RESOURCE = 0x80000004
200GROUP_TYPE_SECURITY_UNIVERSAL = 0x80000008
202# 2.2.1.12 USER_ACCOUNT Codes
203USER_ACCOUNT_DISABLED = 0x00000001
204USER_HOME_DIRECTORY_REQUIRED = 0x00000002
205USER_PASSWORD_NOT_REQUIRED = 0x00000004
206USER_TEMP_DUPLICATE_ACCOUNT = 0x00000008
207USER_NORMAL_ACCOUNT = 0x00000010
208USER_MNS_LOGON_ACCOUNT = 0x00000020
209USER_INTERDOMAIN_TRUST_ACCOUNT = 0x00000040
210USER_WORKSTATION_TRUST_ACCOUNT = 0x00000080
211USER_SERVER_TRUST_ACCOUNT = 0x00000100
212USER_DONT_EXPIRE_PASSWORD = 0x00000200
213USER_ACCOUNT_AUTO_LOCKED = 0x00000400
214USER_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0x00000800
215USER_SMARTCARD_REQUIRED = 0x00001000
216USER_TRUSTED_FOR_DELEGATION = 0x00002000
217USER_NOT_DELEGATED = 0x00004000
218USER_USE_DES_KEY_ONLY = 0x00008000
219USER_DONT_REQUIRE_PREAUTH = 0x00010000
220USER_PASSWORD_EXPIRED = 0x00020000
221USER_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x00040000
222USER_NO_AUTH_DATA_REQUIRED = 0x00080000
223USER_PARTIAL_SECRETS_ACCOUNT = 0x00100000
224USER_USE_AES_KEYS = 0x00200000
226# 2.2.1.13 UF_FLAG Codes
227UF_SCRIPT = 0x00000001
228UF_ACCOUNTDISABLE = 0x00000002
229UF_HOMEDIR_REQUIRED = 0x00000008
230UF_LOCKOUT = 0x00000010
231UF_PASSWD_NOTREQD = 0x00000020
232UF_PASSWD_CANT_CHANGE = 0x00000040
233UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0x00000080
234UF_TEMP_DUPLICATE_ACCOUNT = 0x00000100
235UF_NORMAL_ACCOUNT = 0x00000200
236UF_INTERDOMAIN_TRUST_ACCOUNT = 0x00000800
237UF_WORKSTATION_TRUST_ACCOUNT = 0x00001000
238UF_SERVER_TRUST_ACCOUNT = 0x00002000
239UF_DONT_EXPIRE_PASSWD = 0x00010000
240UF_MNS_LOGON_ACCOUNT = 0x00020000
241UF_SMARTCARD_REQUIRED = 0x00040000
242UF_TRUSTED_FOR_DELEGATION = 0x00080000
243UF_NOT_DELEGATED = 0x00100000
244UF_USE_DES_KEY_ONLY = 0x00200000
245UF_DONT_REQUIRE_PREAUTH = 0x00400000
246UF_PASSWORD_EXPIRED = 0x00800000
247UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x01000000
248UF_NO_AUTH_DATA_REQUIRED = 0x02000000
249UF_PARTIAL_SECRETS_ACCOUNT = 0x04000000
250UF_USE_AES_KEYS = 0x08000000
252# 2.2.1.14 Predefined RIDs
253DOMAIN_USER_RID_ADMIN = 0x000001F4
254DOMAIN_USER_RID_GUEST = 0x000001F5
255DOMAIN_USER_RID_KRBTGT = 0x000001F6
256DOMAIN_GROUP_RID_ADMINS = 0x00000200
257DOMAIN_GROUP_RID_USERS = 0x00000201
258DOMAIN_GROUP_RID_COMPUTERS = 0x00000203
259DOMAIN_GROUP_RID_CONTROLLERS = 0x00000204
260DOMAIN_ALIAS_RID_ADMINS = 0x00000220
261DOMAIN_GROUP_RID_READONLY_CONTROLLERS = 0x00000209
263# 2.2.4.1 Domain Fields
264DOMAIN_PASSWORD_COMPLEX = 0x00000001
265DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002
266DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004
267DOMAIN_LOCKOUT_ADMINS = 0x00000008
268DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010
269DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020
271# 2.2.9.2 SAM_VALIDATE_PERSISTED_FIELDS PresentFields
272SAM_VALIDATE_PASSWORD_LAST_SET = 0x00000001
273SAM_VALIDATE_BAD_PASSWORD_TIME = 0x00000002
274SAM_VALIDATE_LOCKOUT_TIME = 0x00000004
275SAM_VALIDATE_BAD_PASSWORD_COUNT = 0x00000008
276SAM_VALIDATE_PASSWORD_HISTORY_LENGTH = 0x00000010
277SAM_VALIDATE_PASSWORD_HISTORY = 0x00000020
279################################################################################
280# STRUCTURES
281################################################################################
282class RPC_UNICODE_STRING_ARRAY(NDRUniConformantVaryingArray):
283 item = RPC_UNICODE_STRING
285class RPC_UNICODE_STRING_ARRAY_C(NDRUniConformantArray):
286 item = RPC_UNICODE_STRING
288class PRPC_UNICODE_STRING_ARRAY(NDRPOINTER):
289 referent = (
290 ('Data',RPC_UNICODE_STRING_ARRAY_C),
291 )
293# 2.2.2.1 RPC_STRING, PRPC_STRING
294class RPC_STRING(NDRSTRUCT):
295 commonHdr = (
296 ('MaximumLength','<H=len(Data)-12'),
297 ('Length','<H=len(Data)-12'),
298 ('ReferentID','<L=0xff'),
299 )
300 commonHdr64 = (
301 ('MaximumLength','<H=len(Data)-24'),
302 ('Length','<H=len(Data)-24'),
303 ('ReferentID','<Q=0xff'),
304 )
306 referent = (
307 ('Data',STR),
308 )
310 def dump(self, msg = None, indent = 0):
311 if msg is None: 311 ↛ 312line 311 didn't jump to line 312, because the condition on line 311 was never true
312 msg = self.__class__.__name__
313 if msg != '': 313 ↛ 316line 313 didn't jump to line 316, because the condition on line 313 was never false
314 print("%s" % msg, end=' ')
315 # Here just print the data
316 print(" %r" % (self['Data']), end=' ')
318class PRPC_STRING(NDRPOINTER):
319 referent = (
320 ('Data', RPC_STRING),
321 )
323# 2.2.2.2 OLD_LARGE_INTEGER
324class OLD_LARGE_INTEGER(NDRSTRUCT):
325 structure = (
326 ('LowPart',ULONG),
327 ('HighPart',LONG),
328 )
330# 2.2.2.3 SID_NAME_USE
331class SID_NAME_USE(NDRENUM):
332 class enumItems(Enum):
333 SidTypeUser = 1
334 SidTypeGroup = 2
335 SidTypeDomain = 3
336 SidTypeAlias = 4
337 SidTypeWellKnownGroup = 5
338 SidTypeDeletedAccount = 6
339 SidTypeInvalid = 7
340 SidTypeUnknown = 8
341 SidTypeComputer = 9
342 SidTypeLabel = 10
344# 2.2.2.4 RPC_SHORT_BLOB
345class USHORT_ARRAY(NDRUniConformantVaryingArray):
346 item = '<H'
347 pass
349class PUSHORT_ARRAY(NDRPOINTER):
350 referent = (
351 ('Data', USHORT_ARRAY),
352 )
354class RPC_SHORT_BLOB(NDRSTRUCT):
355 structure = (
356 ('Length', USHORT),
357 ('MaximumLength', USHORT),
358 ('Buffer',PUSHORT_ARRAY),
359 )
361# 2.2.3.2 SAMPR_HANDLE
362class SAMPR_HANDLE(NDRSTRUCT):
363 structure = (
364 ('Data','20s=b""'),
365 )
366 def getAlignment(self):
367 if self._isNDR64 is True:
368 return 8
369 else:
370 return 4
372# 2.2.3.3 ENCRYPTED_LM_OWF_PASSWORD, ENCRYPTED_NT_OWF_PASSWORD
373class ENCRYPTED_LM_OWF_PASSWORD(NDRSTRUCT):
374 structure = (
375 ('Data', '16s=b""'),
376 )
377 def getAlignment(self):
378 return 1
380ENCRYPTED_NT_OWF_PASSWORD = ENCRYPTED_LM_OWF_PASSWORD
382class PENCRYPTED_LM_OWF_PASSWORD(NDRPOINTER):
383 referent = (
384 ('Data', ENCRYPTED_LM_OWF_PASSWORD),
385 )
387PENCRYPTED_NT_OWF_PASSWORD = PENCRYPTED_LM_OWF_PASSWORD
389# 2.2.3.4 SAMPR_ULONG_ARRAY
390#class SAMPR_ULONG_ARRAY(NDRUniConformantVaryingArray):
391# item = '<L'
392class ULONG_ARRAY(NDRUniConformantArray):
393 item = ULONG
395class PULONG_ARRAY(NDRPOINTER):
396 referent = (
397 ('Data', ULONG_ARRAY),
398 )
400class ULONG_ARRAY_CV(NDRUniConformantVaryingArray):
401 item = ULONG
403class SAMPR_ULONG_ARRAY(NDRSTRUCT):
404 structure = (
405 ('Count', ULONG),
406 ('Element', PULONG_ARRAY),
407 )
409# 2.2.3.5 SAMPR_SID_INFORMATION
410class SAMPR_SID_INFORMATION(NDRSTRUCT):
411 structure = (
412 ('SidPointer', RPC_SID),
413 )
415class PSAMPR_SID_INFORMATION(NDRPOINTER):
416 referent = (
417 ('Data', SAMPR_SID_INFORMATION),
418 )
420class SAMPR_SID_INFORMATION_ARRAY(NDRUniConformantArray):
421 item = PSAMPR_SID_INFORMATION
423class PSAMPR_SID_INFORMATION_ARRAY(NDRPOINTER):
424 referent = (
425 ('Data', SAMPR_SID_INFORMATION_ARRAY),
426 )
428# 2.2.3.6 SAMPR_PSID_ARRAY
429class SAMPR_PSID_ARRAY(NDRSTRUCT):
430 structure = (
431 ('Count', ULONG),
432 ('Sids', PSAMPR_SID_INFORMATION_ARRAY),
433 )
435# 2.2.3.7 SAMPR_PSID_ARRAY_OUT
436class SAMPR_PSID_ARRAY_OUT(NDRSTRUCT):
437 structure = (
438 ('Count', ULONG),
439 ('Sids', PSAMPR_SID_INFORMATION_ARRAY),
440 )
442# 2.2.3.8 SAMPR_RETURNED_USTRING_ARRAY
443class SAMPR_RETURNED_USTRING_ARRAY(NDRSTRUCT):
444 structure = (
445 ('Count', ULONG),
446 ('Element', PRPC_UNICODE_STRING_ARRAY),
447 )
449# 2.2.3.9 SAMPR_RID_ENUMERATION
450class SAMPR_RID_ENUMERATION(NDRSTRUCT):
451 structure = (
452 ('RelativeId',ULONG),
453 ('Name',RPC_UNICODE_STRING),
454 )
456class SAMPR_RID_ENUMERATION_ARRAY(NDRUniConformantArray):
457 item = SAMPR_RID_ENUMERATION
459class PSAMPR_RID_ENUMERATION_ARRAY(NDRPOINTER):
460 referent = (
461 ('Data', SAMPR_RID_ENUMERATION_ARRAY),
462 )
464# 2.2.3.10 SAMPR_ENUMERATION_BUFFER
465class SAMPR_ENUMERATION_BUFFER(NDRSTRUCT):
466 structure = (
467 ('EntriesRead',ULONG ),
468 ('Buffer',PSAMPR_RID_ENUMERATION_ARRAY ),
469 )
471class PSAMPR_ENUMERATION_BUFFER(NDRPOINTER):
472 referent = (
473 ('Data',SAMPR_ENUMERATION_BUFFER),
474 )
476# 2.2.3.11 SAMPR_SR_SECURITY_DESCRIPTOR
477class CHAR_ARRAY(NDRUniConformantArray):
478 pass
480class PCHAR_ARRAY(NDRPOINTER):
481 referent = (
482 ('Data', CHAR_ARRAY),
483 )
485class SAMPR_SR_SECURITY_DESCRIPTOR(NDRSTRUCT):
486 structure = (
487 ('Length', ULONG),
488 ('SecurityDescriptor', PCHAR_ARRAY),
489 )
491class PSAMPR_SR_SECURITY_DESCRIPTOR(NDRPOINTER):
492 referent = (
493 ('Data', SAMPR_SR_SECURITY_DESCRIPTOR),
494 )
496# 2.2.3.12 GROUP_MEMBERSHIP
497class GROUP_MEMBERSHIP(NDRSTRUCT):
498 structure = (
499 ('RelativeId',ULONG),
500 ('Attributes',ULONG),
501 )
503class GROUP_MEMBERSHIP_ARRAY(NDRUniConformantArray):
504 item = GROUP_MEMBERSHIP
506class PGROUP_MEMBERSHIP_ARRAY(NDRPOINTER):
507 referent = (
508 ('Data',GROUP_MEMBERSHIP_ARRAY),
509 )
511# 2.2.3.13 SAMPR_GET_GROUPS_BUFFER
512class SAMPR_GET_GROUPS_BUFFER(NDRSTRUCT):
513 structure = (
514 ('MembershipCount',ULONG),
515 ('Groups',PGROUP_MEMBERSHIP_ARRAY),
516 )
518class PSAMPR_GET_GROUPS_BUFFER(NDRPOINTER):
519 referent = (
520 ('Data',SAMPR_GET_GROUPS_BUFFER),
521 )
523# 2.2.3.14 SAMPR_GET_MEMBERS_BUFFER
524class SAMPR_GET_MEMBERS_BUFFER(NDRSTRUCT):
525 structure = (
526 ('MemberCount', ULONG),
527 ('Members', PULONG_ARRAY),
528 ('Attributes', PULONG_ARRAY),
529 )
531class PSAMPR_GET_MEMBERS_BUFFER(NDRPOINTER):
532 referent = (
533 ('Data', SAMPR_GET_MEMBERS_BUFFER),
534 )
536# 2.2.3.15 SAMPR_REVISION_INFO_V1
537class SAMPR_REVISION_INFO_V1(NDRSTRUCT):
538 structure = (
539 ('Revision',ULONG),
540 ('SupportedFeatures',ULONG),
541 )
543# 2.2.3.16 SAMPR_REVISION_INFO
544class SAMPR_REVISION_INFO(NDRUNION):
545 commonHdr = (
546 ('tag', ULONG),
547 )
549 union = {
550 1: ('V1', SAMPR_REVISION_INFO_V1),
551 }
553# 2.2.3.17 USER_DOMAIN_PASSWORD_INFORMATION
554class USER_DOMAIN_PASSWORD_INFORMATION(NDRSTRUCT):
555 structure = (
556 ('MinPasswordLength', USHORT),
557 ('PasswordProperties', ULONG),
558 )
560# 2.2.4.2 DOMAIN_SERVER_ENABLE_STATE
561class DOMAIN_SERVER_ENABLE_STATE(NDRENUM):
562 class enumItems(Enum):
563 DomainServerEnabled = 1
564 DomainServerDisabled = 2
566# 2.2.4.3 DOMAIN_STATE_INFORMATION
567class DOMAIN_STATE_INFORMATION(NDRSTRUCT):
568 structure = (
569 ('DomainServerState', DOMAIN_SERVER_ENABLE_STATE),
570 )
572# 2.2.4.4 DOMAIN_SERVER_ROLE
573class DOMAIN_SERVER_ROLE(NDRENUM):
574 class enumItems(Enum):
575 DomainServerRoleBackup = 2
576 DomainServerRolePrimary = 3
578# 2.2.4.5 DOMAIN_PASSWORD_INFORMATION
579class DOMAIN_PASSWORD_INFORMATION(NDRSTRUCT):
580 structure = (
581 ('MinPasswordLength', USHORT),
582 ('PasswordHistoryLength', USHORT),
583 ('PasswordProperties', ULONG),
584 ('MaxPasswordAge', OLD_LARGE_INTEGER),
585 ('MinPasswordAge', OLD_LARGE_INTEGER),
586 )
588# 2.2.4.6 DOMAIN_LOGOFF_INFORMATION
589class DOMAIN_LOGOFF_INFORMATION(NDRSTRUCT):
590 structure = (
591 ('ForceLogoff', OLD_LARGE_INTEGER),
592 )
594# 2.2.4.7 DOMAIN_SERVER_ROLE_INFORMATION
595class DOMAIN_SERVER_ROLE_INFORMATION(NDRSTRUCT):
596 structure = (
597 ('DomainServerRole', DOMAIN_SERVER_ROLE),
598 )
600# 2.2.4.8 DOMAIN_MODIFIED_INFORMATION
601class DOMAIN_MODIFIED_INFORMATION(NDRSTRUCT):
602 structure = (
603 ('DomainModifiedCount', OLD_LARGE_INTEGER),
604 ('CreationTime', OLD_LARGE_INTEGER),
605 )
607# 2.2.4.9 DOMAIN_MODIFIED_INFORMATION2
608class DOMAIN_MODIFIED_INFORMATION2(NDRSTRUCT):
609 structure = (
610 ('DomainModifiedCount', OLD_LARGE_INTEGER),
611 ('CreationTime', OLD_LARGE_INTEGER),
612 ('ModifiedCountAtLastPromotion', OLD_LARGE_INTEGER),
613 )
615# 2.2.4.10 SAMPR_DOMAIN_GENERAL_INFORMATION
616class SAMPR_DOMAIN_GENERAL_INFORMATION(NDRSTRUCT):
617 structure = (
618 ('ForceLogoff', OLD_LARGE_INTEGER),
619 ('OemInformation', RPC_UNICODE_STRING),
620 ('DomainName', RPC_UNICODE_STRING),
621 ('ReplicaSourceNodeName', RPC_UNICODE_STRING),
622 ('DomainModifiedCount', OLD_LARGE_INTEGER),
623 ('DomainServerState', ULONG),
624 ('DomainServerRole', ULONG),
625 ('UasCompatibilityRequired', UCHAR),
626 ('UserCount', ULONG),
627 ('GroupCount', ULONG),
628 ('AliasCount', ULONG),
629 )
631# 2.2.4.11 SAMPR_DOMAIN_GENERAL_INFORMATION2
632class SAMPR_DOMAIN_GENERAL_INFORMATION2(NDRSTRUCT):
633 structure = (
634 ('I1', SAMPR_DOMAIN_GENERAL_INFORMATION),
635 ('LockoutDuration', LARGE_INTEGER),
636 ('LockoutObservationWindow', LARGE_INTEGER),
637 ('LockoutThreshold', USHORT),
638 )
640# 2.2.4.12 SAMPR_DOMAIN_OEM_INFORMATION
641class SAMPR_DOMAIN_OEM_INFORMATION(NDRSTRUCT):
642 structure = (
643 ('OemInformation', RPC_UNICODE_STRING),
644 )
646# 2.2.4.13 SAMPR_DOMAIN_NAME_INFORMATION
647class SAMPR_DOMAIN_NAME_INFORMATION(NDRSTRUCT):
648 structure = (
649 ('DomainName', RPC_UNICODE_STRING),
650 )
652# 2.2.4.14 SAMPR_DOMAIN_REPLICATION_INFORMATION
653class SAMPR_DOMAIN_REPLICATION_INFORMATION(NDRSTRUCT):
654 structure = (
655 ('ReplicaSourceNodeName', RPC_UNICODE_STRING),
656 )
658# 2.2.4.15 SAMPR_DOMAIN_LOCKOUT_INFORMATION
659class SAMPR_DOMAIN_LOCKOUT_INFORMATION(NDRSTRUCT):
660 structure = (
661 ('LockoutDuration', LARGE_INTEGER),
662 ('LockoutObservationWindow', LARGE_INTEGER),
663 ('LockoutThreshold', USHORT),
664 )
666# 2.2.4.16 DOMAIN_INFORMATION_CLASS
667class DOMAIN_INFORMATION_CLASS(NDRENUM):
668 class enumItems(Enum):
669 DomainPasswordInformation = 1
670 DomainGeneralInformation = 2
671 DomainLogoffInformation = 3
672 DomainOemInformation = 4
673 DomainNameInformation = 5
674 DomainReplicationInformation = 6
675 DomainServerRoleInformation = 7
676 DomainModifiedInformation = 8
677 DomainStateInformation = 9
678 DomainGeneralInformation2 = 11
679 DomainLockoutInformation = 12
680 DomainModifiedInformation2 = 13
682# 2.2.4.17 SAMPR_DOMAIN_INFO_BUFFER
683class SAMPR_DOMAIN_INFO_BUFFER(NDRUNION):
684 union = {
685 DOMAIN_INFORMATION_CLASS.DomainPasswordInformation : ('Password', DOMAIN_PASSWORD_INFORMATION),
686 DOMAIN_INFORMATION_CLASS.DomainGeneralInformation : ('General', SAMPR_DOMAIN_GENERAL_INFORMATION),
687 DOMAIN_INFORMATION_CLASS.DomainLogoffInformation : ('Logoff', DOMAIN_LOGOFF_INFORMATION),
688 DOMAIN_INFORMATION_CLASS.DomainOemInformation : ('Oem', SAMPR_DOMAIN_OEM_INFORMATION),
689 DOMAIN_INFORMATION_CLASS.DomainNameInformation : ('Name', SAMPR_DOMAIN_NAME_INFORMATION),
690 DOMAIN_INFORMATION_CLASS.DomainServerRoleInformation : ('Role', DOMAIN_SERVER_ROLE_INFORMATION),
691 DOMAIN_INFORMATION_CLASS.DomainReplicationInformation : ('Replication', SAMPR_DOMAIN_REPLICATION_INFORMATION),
692 DOMAIN_INFORMATION_CLASS.DomainModifiedInformation : ('Modified', DOMAIN_MODIFIED_INFORMATION),
693 DOMAIN_INFORMATION_CLASS.DomainStateInformation : ('State', DOMAIN_STATE_INFORMATION),
694 DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2 : ('General2', SAMPR_DOMAIN_GENERAL_INFORMATION2),
695 DOMAIN_INFORMATION_CLASS.DomainLockoutInformation : ('Lockout', SAMPR_DOMAIN_LOCKOUT_INFORMATION),
696 DOMAIN_INFORMATION_CLASS.DomainModifiedInformation2 : ('Modified2', DOMAIN_MODIFIED_INFORMATION2),
697 }
699class PSAMPR_DOMAIN_INFO_BUFFER(NDRPOINTER):
700 referent = (
701 ('Data', SAMPR_DOMAIN_INFO_BUFFER),
702 )
704# 2.2.5.2 GROUP_ATTRIBUTE_INFORMATION
705class GROUP_ATTRIBUTE_INFORMATION(NDRSTRUCT):
706 structure = (
707 ('Attributes', ULONG),
708 )
710# 2.2.5.3 SAMPR_GROUP_GENERAL_INFORMATION
711class SAMPR_GROUP_GENERAL_INFORMATION(NDRSTRUCT):
712 structure = (
713 ('Name', RPC_UNICODE_STRING),
714 ('Attributes', ULONG),
715 ('MemberCount', ULONG),
716 ('AdminComment', RPC_UNICODE_STRING),
717 )
719# 2.2.5.4 SAMPR_GROUP_NAME_INFORMATION
720class SAMPR_GROUP_NAME_INFORMATION(NDRSTRUCT):
721 structure = (
722 ('Name', RPC_UNICODE_STRING),
723 )
725# 2.2.5.5 SAMPR_GROUP_ADM_COMMENT_INFORMATION
726class SAMPR_GROUP_ADM_COMMENT_INFORMATION(NDRSTRUCT):
727 structure = (
728 ('AdminComment', RPC_UNICODE_STRING),
729 )
731# 2.2.5.6 GROUP_INFORMATION_CLASS
732class GROUP_INFORMATION_CLASS(NDRENUM):
733 class enumItems(Enum):
734 GroupGeneralInformation = 1
735 GroupNameInformation = 2
736 GroupAttributeInformation = 3
737 GroupAdminCommentInformation = 4
738 GroupReplicationInformation = 5
740# 2.2.5.7 SAMPR_GROUP_INFO_BUFFER
741class SAMPR_GROUP_INFO_BUFFER(NDRUNION):
742 union = {
743 GROUP_INFORMATION_CLASS.GroupGeneralInformation : ('General', SAMPR_GROUP_GENERAL_INFORMATION),
744 GROUP_INFORMATION_CLASS.GroupNameInformation : ('Name', SAMPR_GROUP_NAME_INFORMATION),
745 GROUP_INFORMATION_CLASS.GroupAttributeInformation : ('Attribute', GROUP_ATTRIBUTE_INFORMATION),
746 GROUP_INFORMATION_CLASS.GroupAdminCommentInformation : ('AdminComment', SAMPR_GROUP_ADM_COMMENT_INFORMATION),
747 GROUP_INFORMATION_CLASS.GroupReplicationInformation : ('DoNotUse', SAMPR_GROUP_GENERAL_INFORMATION),
748 }
750class PSAMPR_GROUP_INFO_BUFFER(NDRPOINTER):
751 referent = (
752 ('Data', SAMPR_GROUP_INFO_BUFFER),
753 )
755# 2.2.6.2 SAMPR_ALIAS_GENERAL_INFORMATION
756class SAMPR_ALIAS_GENERAL_INFORMATION(NDRSTRUCT):
757 structure = (
758 ('Name', RPC_UNICODE_STRING),
759 ('MemberCount', ULONG),
760 ('AdminComment', RPC_UNICODE_STRING),
761 )
763# 2.2.6.3 SAMPR_ALIAS_NAME_INFORMATION
764class SAMPR_ALIAS_NAME_INFORMATION(NDRSTRUCT):
765 structure = (
766 ('Name', RPC_UNICODE_STRING),
767 )
769# 2.2.6.4 SAMPR_ALIAS_ADM_COMMENT_INFORMATION
770class SAMPR_ALIAS_ADM_COMMENT_INFORMATION(NDRSTRUCT):
771 structure = (
772 ('AdminComment', RPC_UNICODE_STRING),
773 )
775# 2.2.6.5 ALIAS_INFORMATION_CLASS
776class ALIAS_INFORMATION_CLASS(NDRENUM):
777 class enumItems(Enum):
778 AliasGeneralInformation = 1
779 AliasNameInformation = 2
780 AliasAdminCommentInformation = 3
782# 2.2.6.6 SAMPR_ALIAS_INFO_BUFFER
783class SAMPR_ALIAS_INFO_BUFFER(NDRUNION):
784 union = {
785 ALIAS_INFORMATION_CLASS.AliasGeneralInformation : ('General', SAMPR_ALIAS_GENERAL_INFORMATION),
786 ALIAS_INFORMATION_CLASS.AliasNameInformation : ('Name', SAMPR_ALIAS_NAME_INFORMATION),
787 ALIAS_INFORMATION_CLASS.AliasAdminCommentInformation : ('AdminComment', SAMPR_ALIAS_ADM_COMMENT_INFORMATION),
788 }
790class PSAMPR_ALIAS_INFO_BUFFER(NDRPOINTER):
791 referent = (
792 ('Data', SAMPR_ALIAS_INFO_BUFFER),
793 )
795# 2.2.7.2 USER_PRIMARY_GROUP_INFORMATION
796class USER_PRIMARY_GROUP_INFORMATION(NDRSTRUCT):
797 structure = (
798 ('PrimaryGroupId', ULONG),
799 )
801# 2.2.7.3 USER_CONTROL_INFORMATION
802class USER_CONTROL_INFORMATION(NDRSTRUCT):
803 structure = (
804 ('UserAccountControl', ULONG),
805 )
807# 2.2.7.4 USER_EXPIRES_INFORMATION
808class USER_EXPIRES_INFORMATION(NDRSTRUCT):
809 structure = (
810 ('AccountExpires', OLD_LARGE_INTEGER),
811 )
813# 2.2.7.5 SAMPR_LOGON_HOURS
814class LOGON_HOURS_ARRAY(NDRUniConformantVaryingArray):
815 pass
817class PLOGON_HOURS_ARRAY(NDRPOINTER):
818 referent = (
819 ('Data', LOGON_HOURS_ARRAY),
820 )
822class SAMPR_LOGON_HOURS(NDRSTRUCT):
823 structure = (
824 #('UnitsPerWeek', NDRSHORT),
825 ('UnitsPerWeek', ULONG),
826 ('LogonHours', PLOGON_HOURS_ARRAY),
827 )
829 def getData(self, soFar = 0):
830 if self['LogonHours'] != 0:
831 self['UnitsPerWeek'] = len(self['LogonHours']) * 8
832 return NDR.getData(self, soFar)
834# 2.2.7.6 SAMPR_USER_ALL_INFORMATION
835class SAMPR_USER_ALL_INFORMATION(NDRSTRUCT):
836 structure = (
837 ('LastLogon', OLD_LARGE_INTEGER),
838 ('LastLogoff', OLD_LARGE_INTEGER),
839 ('PasswordLastSet', OLD_LARGE_INTEGER),
840 ('AccountExpires', OLD_LARGE_INTEGER),
841 ('PasswordCanChange', OLD_LARGE_INTEGER),
842 ('PasswordMustChange', OLD_LARGE_INTEGER),
843 ('UserName', RPC_UNICODE_STRING),
844 ('FullName', RPC_UNICODE_STRING),
845 ('HomeDirectory', RPC_UNICODE_STRING),
846 ('HomeDirectoryDrive', RPC_UNICODE_STRING),
847 ('ScriptPath', RPC_UNICODE_STRING),
848 ('ProfilePath', RPC_UNICODE_STRING),
849 ('AdminComment', RPC_UNICODE_STRING),
850 ('WorkStations', RPC_UNICODE_STRING),
851 ('UserComment', RPC_UNICODE_STRING),
852 ('Parameters', RPC_UNICODE_STRING),
854 ('LmOwfPassword', RPC_SHORT_BLOB),
855 ('NtOwfPassword', RPC_SHORT_BLOB),
856 ('PrivateData', RPC_UNICODE_STRING),
858 ('SecurityDescriptor', SAMPR_SR_SECURITY_DESCRIPTOR),
860 ('UserId', ULONG),
861 ('PrimaryGroupId', ULONG),
862 ('UserAccountControl', ULONG),
863 ('WhichFields', ULONG),
864 ('LogonHours', SAMPR_LOGON_HOURS),
865 ('BadPasswordCount', USHORT),
866 ('LogonCount', USHORT),
867 ('CountryCode', USHORT),
868 ('CodePage', USHORT),
869 ('LmPasswordPresent', UCHAR),
870 ('NtPasswordPresent', UCHAR),
871 ('PasswordExpired', UCHAR),
872 ('PrivateDataSensitive', UCHAR),
873 )
875# 2.2.7.7 SAMPR_USER_GENERAL_INFORMATION
876class SAMPR_USER_GENERAL_INFORMATION(NDRSTRUCT):
877 structure = (
878 ('UserName', RPC_UNICODE_STRING),
879 ('FullName', RPC_UNICODE_STRING),
880 ('PrimaryGroupId', ULONG),
881 ('AdminComment', RPC_UNICODE_STRING),
882 ('UserComment', RPC_UNICODE_STRING),
883 )
885# 2.2.7.8 SAMPR_USER_PREFERENCES_INFORMATION
886class SAMPR_USER_PREFERENCES_INFORMATION(NDRSTRUCT):
887 structure = (
888 ('UserComment', RPC_UNICODE_STRING),
889 ('Reserved1', RPC_UNICODE_STRING),
890 ('CountryCode', USHORT),
891 ('CodePage', USHORT),
892 )
894# 2.2.7.9 SAMPR_USER_PARAMETERS_INFORMATION
895class SAMPR_USER_PARAMETERS_INFORMATION(NDRSTRUCT):
896 structure = (
897 ('Parameters', RPC_UNICODE_STRING),
898 )
900# 2.2.7.10 SAMPR_USER_LOGON_INFORMATION
901class SAMPR_USER_LOGON_INFORMATION(NDRSTRUCT):
902 structure = (
903 ('UserName', RPC_UNICODE_STRING),
904 ('FullName', RPC_UNICODE_STRING),
905 ('UserId', ULONG),
906 ('PrimaryGroupId', ULONG),
907 ('HomeDirectory', RPC_UNICODE_STRING),
908 ('HomeDirectoryDrive', RPC_UNICODE_STRING),
909 ('ScriptPath', RPC_UNICODE_STRING),
910 ('ProfilePath', RPC_UNICODE_STRING),
911 ('WorkStations', RPC_UNICODE_STRING),
912 ('LastLogon', OLD_LARGE_INTEGER),
913 ('LastLogoff', OLD_LARGE_INTEGER),
914 ('PasswordLastSet', OLD_LARGE_INTEGER),
915 ('PasswordCanChange', OLD_LARGE_INTEGER),
916 ('PasswordMustChange', OLD_LARGE_INTEGER),
917 ('LogonHours', SAMPR_LOGON_HOURS),
918 ('BadPasswordCount', USHORT),
919 ('LogonCount', USHORT),
920 ('UserAccountControl', ULONG),
921 )
923# 2.2.7.11 SAMPR_USER_ACCOUNT_INFORMATION
924class SAMPR_USER_ACCOUNT_INFORMATION(NDRSTRUCT):
925 structure = (
926 ('UserName', RPC_UNICODE_STRING),
927 ('FullName', RPC_UNICODE_STRING),
928 ('UserId', ULONG),
929 ('PrimaryGroupId', ULONG),
930 ('HomeDirectory', RPC_UNICODE_STRING),
931 ('HomeDirectoryDrive', RPC_UNICODE_STRING),
932 ('ScriptPath', RPC_UNICODE_STRING),
933 ('ProfilePath', RPC_UNICODE_STRING),
934 ('AdminComment', RPC_UNICODE_STRING),
935 ('WorkStations', RPC_UNICODE_STRING),
936 ('LastLogon', OLD_LARGE_INTEGER),
937 ('LastLogoff', OLD_LARGE_INTEGER),
938 ('LogonHours', SAMPR_LOGON_HOURS),
939 ('BadPasswordCount', USHORT),
940 ('LogonCount', USHORT),
941 ('PasswordLastSet', OLD_LARGE_INTEGER),
942 ('AccountExpires', OLD_LARGE_INTEGER),
943 ('UserAccountControl', ULONG)
944 )
946# 2.2.7.12 SAMPR_USER_A_NAME_INFORMATION
947class SAMPR_USER_A_NAME_INFORMATION(NDRSTRUCT):
948 structure = (
949 ('UserName', RPC_UNICODE_STRING),
950 )
952# 2.2.7.13 SAMPR_USER_F_NAME_INFORMATION
953class SAMPR_USER_F_NAME_INFORMATION(NDRSTRUCT):
954 structure = (
955 ('FullName', RPC_UNICODE_STRING),
956 )
958# 2.2.7.14 SAMPR_USER_NAME_INFORMATION
959class SAMPR_USER_NAME_INFORMATION(NDRSTRUCT):
960 structure = (
961 ('UserName', RPC_UNICODE_STRING),
962 ('FullName', RPC_UNICODE_STRING),
963 )
965# 2.2.7.15 SAMPR_USER_HOME_INFORMATION
966class SAMPR_USER_HOME_INFORMATION(NDRSTRUCT):
967 structure = (
968 ('HomeDirectory', RPC_UNICODE_STRING),
969 ('HomeDirectoryDrive', RPC_UNICODE_STRING),
970 )
972# 2.2.7.16 SAMPR_USER_SCRIPT_INFORMATION
973class SAMPR_USER_SCRIPT_INFORMATION(NDRSTRUCT):
974 structure = (
975 ('ScriptPath', RPC_UNICODE_STRING),
976 )
978# 2.2.7.17 SAMPR_USER_PROFILE_INFORMATION
979class SAMPR_USER_PROFILE_INFORMATION(NDRSTRUCT):
980 structure = (
981 ('ProfilePath', RPC_UNICODE_STRING),
982 )
984# 2.2.7.18 SAMPR_USER_ADMIN_COMMENT_INFORMATION
985class SAMPR_USER_ADMIN_COMMENT_INFORMATION(NDRSTRUCT):
986 structure = (
987 ('AdminComment', RPC_UNICODE_STRING),
988 )
990# 2.2.7.19 SAMPR_USER_WORKSTATIONS_INFORMATION
991class SAMPR_USER_WORKSTATIONS_INFORMATION(NDRSTRUCT):
992 structure = (
993 ('WorkStations', RPC_UNICODE_STRING),
994 )
996# 2.2.7.20 SAMPR_USER_LOGON_HOURS_INFORMATION
997class SAMPR_USER_LOGON_HOURS_INFORMATION(NDRSTRUCT):
998 structure = (
999 ('LogonHours', SAMPR_LOGON_HOURS),
1000 )
1002# 2.2.7.21 SAMPR_ENCRYPTED_USER_PASSWORD
1003class SAMPR_USER_PASSWORD(NDRSTRUCT):
1004 structure = (
1005 ('Buffer', '512s=b""'),
1006 ('Length', ULONG),
1007 )
1008 def getAlignment(self):
1009 return 4
1012class SAMPR_ENCRYPTED_USER_PASSWORD(NDRSTRUCT):
1013 structure = (
1014 ('Buffer', '516s=b""'),
1015 )
1016 def getAlignment(self):
1017 return 1
1019class PSAMPR_ENCRYPTED_USER_PASSWORD(NDRPOINTER):
1020 referent = (
1021 ('Data', SAMPR_ENCRYPTED_USER_PASSWORD),
1022 )
1024# 2.2.7.22 SAMPR_ENCRYPTED_USER_PASSWORD_NEW
1025class SAMPR_ENCRYPTED_USER_PASSWORD_NEW(NDRSTRUCT):
1026 structure = (
1027 ('Buffer', '532s=b""'),
1028 )
1029 def getAlignment(self):
1030 return 1
1032# 2.2.7.23 SAMPR_USER_INTERNAL1_INFORMATION
1033class SAMPR_USER_INTERNAL1_INFORMATION(NDRSTRUCT):
1034 structure = (
1035 ('EncryptedNtOwfPassword', ENCRYPTED_NT_OWF_PASSWORD),
1036 ('EncryptedLmOwfPassword', ENCRYPTED_LM_OWF_PASSWORD),
1037 ('NtPasswordPresent', UCHAR),
1038 ('LmPasswordPresent', UCHAR),
1039 ('PasswordExpired', UCHAR),
1040 )
1042# 2.2.7.24 SAMPR_USER_INTERNAL4_INFORMATION
1043class SAMPR_USER_INTERNAL4_INFORMATION(NDRSTRUCT):
1044 structure = (
1045 ('I1', SAMPR_USER_ALL_INFORMATION),
1046 ('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD),
1047 )
1049# 2.2.7.25 SAMPR_USER_INTERNAL4_INFORMATION_NEW
1050class SAMPR_USER_INTERNAL4_INFORMATION_NEW(NDRSTRUCT):
1051 structure = (
1052 ('I1', SAMPR_USER_ALL_INFORMATION),
1053 ('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD_NEW),
1054 )
1056# 2.2.7.26 SAMPR_USER_INTERNAL5_INFORMATION
1057class SAMPR_USER_INTERNAL5_INFORMATION(NDRSTRUCT):
1058 structure = (
1059 ('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD),
1060 ('PasswordExpired', UCHAR),
1061 )
1063# 2.2.7.27 SAMPR_USER_INTERNAL5_INFORMATION_NEW
1064class SAMPR_USER_INTERNAL5_INFORMATION_NEW(NDRSTRUCT):
1065 structure = (
1066 ('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD_NEW),
1067 ('PasswordExpired', UCHAR),
1068 )
1070# 2.2.7.28 USER_INFORMATION_CLASS
1071class USER_INFORMATION_CLASS(NDRENUM):
1072 class enumItems(Enum):
1073 UserGeneralInformation = 1
1074 UserPreferencesInformation = 2
1075 UserLogonInformation = 3
1076 UserLogonHoursInformation = 4
1077 UserAccountInformation = 5
1078 UserNameInformation = 6
1079 UserAccountNameInformation = 7
1080 UserFullNameInformation = 8
1081 UserPrimaryGroupInformation = 9
1082 UserHomeInformation = 10
1083 UserScriptInformation = 11
1084 UserProfileInformation = 12
1085 UserAdminCommentInformation = 13
1086 UserWorkStationsInformation = 14
1087 UserControlInformation = 16
1088 UserExpiresInformation = 17
1089 UserInternal1Information = 18
1090 UserParametersInformation = 20
1091 UserAllInformation = 21
1092 UserInternal4Information = 23
1093 UserInternal5Information = 24
1094 UserInternal4InformationNew = 25
1095 UserInternal5InformationNew = 26
1097# 2.2.7.29 SAMPR_USER_INFO_BUFFER
1098class SAMPR_USER_INFO_BUFFER(NDRUNION):
1099 union = {
1100 USER_INFORMATION_CLASS.UserGeneralInformation : ('General', SAMPR_USER_GENERAL_INFORMATION),
1101 USER_INFORMATION_CLASS.UserPreferencesInformation : ('Preferences', SAMPR_USER_PREFERENCES_INFORMATION),
1102 USER_INFORMATION_CLASS.UserLogonInformation : ('Logon', SAMPR_USER_LOGON_INFORMATION),
1103 USER_INFORMATION_CLASS.UserLogonHoursInformation : ('LogonHours', SAMPR_USER_LOGON_HOURS_INFORMATION),
1104 USER_INFORMATION_CLASS.UserAccountInformation : ('Account', SAMPR_USER_ACCOUNT_INFORMATION),
1105 USER_INFORMATION_CLASS.UserNameInformation : ('Name', SAMPR_USER_NAME_INFORMATION),
1106 USER_INFORMATION_CLASS.UserAccountNameInformation : ('AccountName', SAMPR_USER_A_NAME_INFORMATION),
1107 USER_INFORMATION_CLASS.UserFullNameInformation : ('FullName', SAMPR_USER_F_NAME_INFORMATION),
1108 USER_INFORMATION_CLASS.UserPrimaryGroupInformation: ('PrimaryGroup', USER_PRIMARY_GROUP_INFORMATION),
1109 USER_INFORMATION_CLASS.UserHomeInformation : ('Home', SAMPR_USER_HOME_INFORMATION),
1110 USER_INFORMATION_CLASS.UserScriptInformation : ('Script', SAMPR_USER_SCRIPT_INFORMATION),
1111 USER_INFORMATION_CLASS.UserProfileInformation : ('Profile', SAMPR_USER_PROFILE_INFORMATION),
1112 USER_INFORMATION_CLASS.UserAdminCommentInformation: ('AdminComment', SAMPR_USER_ADMIN_COMMENT_INFORMATION),
1113 USER_INFORMATION_CLASS.UserWorkStationsInformation: ('WorkStations', SAMPR_USER_WORKSTATIONS_INFORMATION),
1114 USER_INFORMATION_CLASS.UserControlInformation : ('Control', USER_CONTROL_INFORMATION),
1115 USER_INFORMATION_CLASS.UserExpiresInformation : ('Expires', USER_EXPIRES_INFORMATION),
1116 USER_INFORMATION_CLASS.UserInternal1Information : ('Internal1', SAMPR_USER_INTERNAL1_INFORMATION),
1117 USER_INFORMATION_CLASS.UserParametersInformation : ('Parameters', SAMPR_USER_PARAMETERS_INFORMATION ),
1118 USER_INFORMATION_CLASS.UserAllInformation : ('All', SAMPR_USER_ALL_INFORMATION),
1119 USER_INFORMATION_CLASS.UserInternal4Information : ('Internal4', SAMPR_USER_INTERNAL4_INFORMATION),
1120 USER_INFORMATION_CLASS.UserInternal5Information : ('Internal5', SAMPR_USER_INTERNAL5_INFORMATION),
1121 USER_INFORMATION_CLASS.UserInternal4InformationNew: ('Internal4New', SAMPR_USER_INTERNAL4_INFORMATION_NEW),
1122 USER_INFORMATION_CLASS.UserInternal5InformationNew: ('Internal5New', SAMPR_USER_INTERNAL5_INFORMATION_NEW),
1123 }
1125class PSAMPR_USER_INFO_BUFFER(NDRPOINTER):
1126 referent = (
1127 ('Data', SAMPR_USER_INFO_BUFFER),
1128 )
1130class PSAMPR_SERVER_NAME2(NDRPOINTER):
1131 referent = (
1132 ('Data', '4s=b""'),
1133 )
1135# 2.2.8.2 SAMPR_DOMAIN_DISPLAY_USER
1136class SAMPR_DOMAIN_DISPLAY_USER(NDRSTRUCT):
1137 structure = (
1138 ('Index',ULONG),
1139 ('Rid',ULONG),
1140 ('AccountControl',ULONG),
1141 ('AccountName',RPC_UNICODE_STRING),
1142 ('AdminComment',RPC_UNICODE_STRING),
1143 ('FullName',RPC_UNICODE_STRING),
1144 )
1146class SAMPR_DOMAIN_DISPLAY_USER_ARRAY(NDRUniConformantArray):
1147 item = SAMPR_DOMAIN_DISPLAY_USER
1149class PSAMPR_DOMAIN_DISPLAY_USER_ARRAY(NDRPOINTER):
1150 referent = (
1151 ('Data',SAMPR_DOMAIN_DISPLAY_USER_ARRAY),
1152 )
1154# 2.2.8.3 SAMPR_DOMAIN_DISPLAY_MACHINE
1155class SAMPR_DOMAIN_DISPLAY_MACHINE(NDRSTRUCT):
1156 structure = (
1157 ('Index',ULONG),
1158 ('Rid',ULONG),
1159 ('AccountControl',ULONG),
1160 ('AccountName',RPC_UNICODE_STRING),
1161 ('AdminComment',RPC_UNICODE_STRING),
1162 )
1164class SAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY(NDRUniConformantArray):
1165 item = SAMPR_DOMAIN_DISPLAY_MACHINE
1167class PSAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY(NDRPOINTER):
1168 referent = (
1169 ('Data',SAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY),
1170 )
1172# 2.2.8.4 SAMPR_DOMAIN_DISPLAY_GROUP
1173class SAMPR_DOMAIN_DISPLAY_GROUP(NDRSTRUCT):
1174 structure = (
1175 ('Index',ULONG),
1176 ('Rid',ULONG),
1177 ('AccountControl',ULONG),
1178 ('AccountName',RPC_UNICODE_STRING),
1179 ('AdminComment',RPC_UNICODE_STRING),
1180 )
1182class SAMPR_DOMAIN_DISPLAY_GROUP_ARRAY(NDRUniConformantArray):
1183 item = SAMPR_DOMAIN_DISPLAY_GROUP
1185class PSAMPR_DOMAIN_DISPLAY_GROUP_ARRAY(NDRPOINTER):
1186 referent = (
1187 ('Data',SAMPR_DOMAIN_DISPLAY_GROUP_ARRAY),
1188 )
1190# 2.2.8.5 SAMPR_DOMAIN_DISPLAY_OEM_USER
1191class SAMPR_DOMAIN_DISPLAY_OEM_USER(NDRSTRUCT):
1192 structure = (
1193 ('Index',ULONG),
1194 ('OemAccountName',RPC_STRING),
1195 )
1197class SAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY(NDRUniConformantArray):
1198 item = SAMPR_DOMAIN_DISPLAY_OEM_USER
1200class PSAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY(NDRPOINTER):
1201 referent = (
1202 ('Data',SAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY),
1203 )
1205# 2.2.8.6 SAMPR_DOMAIN_DISPLAY_OEM_GROUP
1206class SAMPR_DOMAIN_DISPLAY_OEM_GROUP(NDRSTRUCT):
1207 structure = (
1208 ('Index',ULONG),
1209 ('OemAccountName',RPC_STRING),
1210 )
1212class SAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY(NDRUniConformantArray):
1213 item = SAMPR_DOMAIN_DISPLAY_OEM_GROUP
1215class PSAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY(NDRPOINTER):
1216 referent = (
1217 ('Data',SAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY),
1218 )
1220#2.2.8.7 SAMPR_DOMAIN_DISPLAY_USER_BUFFER
1221class SAMPR_DOMAIN_DISPLAY_USER_BUFFER(NDRSTRUCT):
1222 structure = (
1223 ('EntriesRead', ULONG),
1224 ('Buffer', PSAMPR_DOMAIN_DISPLAY_USER_ARRAY),
1225 )
1227# 2.2.8.8 SAMPR_DOMAIN_DISPLAY_MACHINE_BUFFER
1228class SAMPR_DOMAIN_DISPLAY_MACHINE_BUFFER(NDRSTRUCT):
1229 structure = (
1230 ('EntriesRead', ULONG),
1231 ('Buffer', PSAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY),
1232 )
1234# 2.2.8.9 SAMPR_DOMAIN_DISPLAY_GROUP_BUFFER
1235class SAMPR_DOMAIN_DISPLAY_GROUP_BUFFER(NDRSTRUCT):
1236 structure = (
1237 ('EntriesRead', ULONG),
1238 ('Buffer', PSAMPR_DOMAIN_DISPLAY_GROUP_ARRAY),
1239 )
1241# 2.2.8.10 SAMPR_DOMAIN_DISPLAY_OEM_USER_BUFFER
1242class SAMPR_DOMAIN_DISPLAY_OEM_USER_BUFFER(NDRSTRUCT):
1243 structure = (
1244 ('EntriesRead', ULONG),
1245 ('Buffer', PSAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY),
1246 )
1248# 2.2.8.11 SAMPR_DOMAIN_DISPLAY_OEM_GROUP_BUFFER
1249class SAMPR_DOMAIN_DISPLAY_OEM_GROUP_BUFFER(NDRSTRUCT):
1250 structure = (
1251 ('EntriesRead', ULONG),
1252 ('Buffer', PSAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY),
1253 )
1255# 2.2.8.12 DOMAIN_DISPLAY_INFORMATION
1256class DOMAIN_DISPLAY_INFORMATION(NDRENUM):
1257 class enumItems(Enum):
1258 DomainDisplayUser = 1
1259 DomainDisplayMachine = 2
1260 DomainDisplayGroup = 3
1261 DomainDisplayOemUser = 4
1262 DomainDisplayOemGroup = 5
1264# 2.2.8.13 SAMPR_DISPLAY_INFO_BUFFER
1265class SAMPR_DISPLAY_INFO_BUFFER(NDRUNION):
1266 union = {
1267 DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser : ('UserInformation', SAMPR_DOMAIN_DISPLAY_USER_BUFFER),
1268 DOMAIN_DISPLAY_INFORMATION.DomainDisplayMachine : ('MachineInformation', SAMPR_DOMAIN_DISPLAY_MACHINE_BUFFER),
1269 DOMAIN_DISPLAY_INFORMATION.DomainDisplayGroup : ('GroupInformation', SAMPR_DOMAIN_DISPLAY_GROUP_BUFFER),
1270 DOMAIN_DISPLAY_INFORMATION.DomainDisplayOemUser : ('OemUserInformation', SAMPR_DOMAIN_DISPLAY_OEM_USER_BUFFER),
1271 DOMAIN_DISPLAY_INFORMATION.DomainDisplayOemGroup : ('OemGroupInformation', SAMPR_DOMAIN_DISPLAY_OEM_GROUP_BUFFER),
1272 }
1274# 2.2.9.1 SAM_VALIDATE_PASSWORD_HASH
1275class SAM_VALIDATE_PASSWORD_HASH(NDRSTRUCT):
1276 structure = (
1277 ('Length', ULONG),
1278 ('Hash', LPBYTE),
1279 )
1281class PSAM_VALIDATE_PASSWORD_HASH(NDRPOINTER):
1282 referent = (
1283 ('Data', SAM_VALIDATE_PASSWORD_HASH),
1284 )
1286# 2.2.9.2 SAM_VALIDATE_PERSISTED_FIELDS
1287class SAM_VALIDATE_PERSISTED_FIELDS(NDRSTRUCT):
1288 structure = (
1289 ('PresentFields', ULONG),
1290 ('PasswordLastSet', LARGE_INTEGER),
1291 ('BadPasswordTime', LARGE_INTEGER),
1292 ('LockoutTime', LARGE_INTEGER),
1293 ('BadPasswordCount', ULONG),
1294 ('PasswordHistoryLength', ULONG),
1295 ('PasswordHistory', PSAM_VALIDATE_PASSWORD_HASH),
1296 )
1298# 2.2.9.3 SAM_VALIDATE_VALIDATION_STATUS
1299class SAM_VALIDATE_VALIDATION_STATUS(NDRENUM):
1300 class enumItems(Enum):
1301 SamValidateSuccess = 0
1302 SamValidatePasswordMustChange = 1
1303 SamValidateAccountLockedOut = 2
1304 SamValidatePasswordExpired = 3
1305 SamValidatePasswordIncorrect = 4
1306 SamValidatePasswordIsInHistory = 5
1307 SamValidatePasswordTooShort = 6
1308 SamValidatePasswordTooLong = 7
1309 SamValidatePasswordNotComplexEnough = 8
1310 SamValidatePasswordTooRecent = 9
1311 SamValidatePasswordFilterError = 10
1313# 2.2.9.4 SAM_VALIDATE_STANDARD_OUTPUT_ARG
1314class SAM_VALIDATE_STANDARD_OUTPUT_ARG(NDRSTRUCT):
1315 structure = (
1316 ('ChangedPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS),
1317 ('ValidationStatus', SAM_VALIDATE_VALIDATION_STATUS),
1318 )
1320class PSAM_VALIDATE_STANDARD_OUTPUT_ARG(NDRPOINTER):
1321 referent = (
1322 ('Data', SAM_VALIDATE_STANDARD_OUTPUT_ARG),
1323 )
1325# 2.2.9.5 SAM_VALIDATE_AUTHENTICATION_INPUT_ARG
1326class SAM_VALIDATE_AUTHENTICATION_INPUT_ARG(NDRSTRUCT):
1327 structure = (
1328 ('InputPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS),
1329 ('PasswordMatched', UCHAR),
1330 )
1332# 2.2.9.6 SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG
1333class SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG(NDRSTRUCT):
1334 structure = (
1335 ('InputPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS),
1336 ('ClearPassword', RPC_UNICODE_STRING),
1337 ('UserAccountName', RPC_UNICODE_STRING),
1338 ('HashedPassword', SAM_VALIDATE_PASSWORD_HASH),
1339 ('PasswordMatch', UCHAR),
1340 )
1342# 2.2.9.7 SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG
1343class SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG(NDRSTRUCT):
1344 structure = (
1345 ('InputPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS),
1346 ('ClearPassword', RPC_UNICODE_STRING),
1347 ('UserAccountName', RPC_UNICODE_STRING),
1348 ('HashedPassword', SAM_VALIDATE_PASSWORD_HASH),
1349 ('PasswordMustChangeAtNextLogon', UCHAR),
1350 ('ClearLockout', UCHAR),
1351 )
1353# 2.2.9.8 PASSWORD_POLICY_VALIDATION_TYPE
1354class PASSWORD_POLICY_VALIDATION_TYPE(NDRENUM):
1355 class enumItems(Enum):
1356 SamValidateAuthentication = 1
1357 SamValidatePasswordChange = 2
1358 SamValidatePasswordReset = 3
1360# 2.2.9.9 SAM_VALIDATE_INPUT_ARG
1361class SAM_VALIDATE_INPUT_ARG(NDRUNION):
1362 union = {
1363 PASSWORD_POLICY_VALIDATION_TYPE.SamValidateAuthentication : ('ValidateAuthenticationInput', SAM_VALIDATE_AUTHENTICATION_INPUT_ARG),
1364 PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordChange : ('ValidatePasswordChangeInput', SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG),
1365 PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordReset : ('ValidatePasswordResetInput', SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG),
1366 }
1368# 2.2.9.10 SAM_VALIDATE_OUTPUT_ARG
1369class SAM_VALIDATE_OUTPUT_ARG(NDRUNION):
1370 union = {
1371 PASSWORD_POLICY_VALIDATION_TYPE.SamValidateAuthentication : ('ValidateAuthenticationOutput', SAM_VALIDATE_STANDARD_OUTPUT_ARG),
1372 PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordChange : ('ValidatePasswordChangeOutput', SAM_VALIDATE_STANDARD_OUTPUT_ARG),
1373 PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordReset : ('ValidatePasswordResetOutput', SAM_VALIDATE_STANDARD_OUTPUT_ARG),
1374 }
1376class PSAM_VALIDATE_OUTPUT_ARG(NDRPOINTER):
1377 referent = (
1378 ('Data', SAM_VALIDATE_OUTPUT_ARG),
1379 )
1381# 2.2.10 Supplemental Credentials Structures
1383# 2.2.10.1 USER_PROPERTIES
1384class USER_PROPERTIES(Structure):
1385 structure = (
1386 ('Reserved1','<L=0'),
1387 ('Length','<L=0'),
1388 ('Reserved2','<H=0'),
1389 ('Reserved3','<H=0'),
1390 ('Reserved4','96s=""'),
1391 ('PropertySignature','<H=0x50'),
1392 ('PropertyCount','<H=0'),
1393 ('UserProperties',':'),
1394 )
1396# 2.2.10.2 USER_PROPERTY
1397class USER_PROPERTY(Structure):
1398 structure = (
1399 ('NameLength','<H=0'),
1400 ('ValueLength','<H=0'),
1401 ('Reserved','<H=0'),
1402 ('_PropertyName','_-PropertyName', "self['NameLength']"),
1403 ('PropertyName',':'),
1404 ('_PropertyValue','_-PropertyValue', "self['ValueLength']"),
1405 ('PropertyValue',':'),
1406 )
1408# 2.2.10.3 Primary:WDigest - WDIGEST_CREDENTIALS
1409class WDIGEST_CREDENTIALS(Structure):
1410 structure = (
1411 ('Reserved1','B=0'),
1412 ('Reserved2','B=0'),
1413 ('Version','B=1'),
1414 ('NumberOfHashes','B=29'),
1415 ('Reserved3','12s=""'),
1416 ('Hash1', '16s=""'),
1417 ('Hash2', '16s=""'),
1418 ('Hash3', '16s=""'),
1419 ('Hash4', '16s=""'),
1420 ('Hash5', '16s=""'),
1421 ('Hash6', '16s=""'),
1422 ('Hash7', '16s=""'),
1423 ('Hash8', '16s=""'),
1424 ('Hash9', '16s=""'),
1425 ('Hash10', '16s=""'),
1426 ('Hash11', '16s=""'),
1427 ('Hash12', '16s=""'),
1428 ('Hash13', '16s=""'),
1429 ('Hash14', '16s=""'),
1430 ('Hash15', '16s=""'),
1431 ('Hash16', '16s=""'),
1432 ('Hash17', '16s=""'),
1433 ('Hash18', '16s=""'),
1434 ('Hash19', '16s=""'),
1435 ('Hash20', '16s=""'),
1436 ('Hash21', '16s=""'),
1437 ('Hash22', '16s=""'),
1438 ('Hash23', '16s=""'),
1439 ('Hash24', '16s=""'),
1440 ('Hash25', '16s=""'),
1441 ('Hash26', '16s=""'),
1442 ('Hash27', '16s=""'),
1443 ('Hash28', '16s=""'),
1444 ('Hash29', '16s=""'),
1445 )
1447# 2.2.10.5 KERB_KEY_DATA
1448class KERB_KEY_DATA(Structure):
1449 structure = (
1450 ('Reserved1','<H=0'),
1451 ('Reserved2','<H=0'),
1452 ('Reserved3','<H=0'),
1453 ('KeyType','<L=0'),
1454 ('KeyLength','<L=0'),
1455 ('KeyOffset','<L=0'),
1456 )
1458# 2.2.10.4 Primary:Kerberos - KERB_STORED_CREDENTIAL
1459class KERB_STORED_CREDENTIAL(Structure):
1460 structure = (
1461 ('Revision','<H=3'),
1462 ('Flags','<H=0'),
1463 ('CredentialCount','<H=0'),
1464 ('OldCredentialCount','<H=0'),
1465 ('DefaultSaltLength','<H=0'),
1466 ('DefaultSaltMaximumLength','<H=0'),
1467 ('DefaultSaltOffset','<L=0'),
1468 #('Credentials',':'),
1469 #('OldCredentials',':'),
1470 #('DefaultSalt',':'),
1471 #('KeyValues',':'),
1472 # All the preceding stuff inside this Buffer
1473 ('Buffer',':'),
1474 )
1476# 2.2.10.7 KERB_KEY_DATA_NEW
1477class KERB_KEY_DATA_NEW(Structure):
1478 structure = (
1479 ('Reserved1','<H=0'),
1480 ('Reserved2','<H=0'),
1481 ('Reserved3','<L=0'),
1482 ('IterationCount','<L=0'),
1483 ('KeyType','<L=0'),
1484 ('KeyLength','<L=0'),
1485 ('KeyOffset','<L=0'),
1486 )
1488# 2.2.10.6 Primary:Kerberos-Newer-Keys - KERB_STORED_CREDENTIAL_NEW
1489class KERB_STORED_CREDENTIAL_NEW(Structure):
1490 structure = (
1491 ('Revision','<H=4'),
1492 ('Flags','<H=0'),
1493 ('CredentialCount','<H=0'),
1494 ('ServiceCredentialCount','<H=0'),
1495 ('OldCredentialCount','<H=0'),
1496 ('OlderCredentialCount','<H=0'),
1497 ('DefaultSaltLength','<H=0'),
1498 ('DefaultSaltMaximumLength','<H=0'),
1499 ('DefaultSaltOffset','<L=0'),
1500 ('DefaultIterationCount','<L=0'),
1501 #('Credentials',':'),
1502 #('ServiceCredentials',':'),
1503 #('OldCredentials',':'),
1504 #('OlderCredentials',':'),
1505 #('DefaultSalt',':'),
1506 #('KeyValues',':'),
1507 # All the preceding stuff inside this Buffer
1508 ('Buffer',':'),
1509 )
1511################################################################################
1512# RPC CALLS
1513################################################################################
1515class SamrConnect(NDRCALL):
1516 opnum = 0
1517 structure = (
1518 ('ServerName',PSAMPR_SERVER_NAME2),
1519 ('DesiredAccess', ULONG),
1520 )
1522class SamrConnectResponse(NDRCALL):
1523 structure = (
1524 ('ServerHandle',SAMPR_HANDLE),
1525 ('ErrorCode',ULONG),
1526 )
1528class SamrCloseHandle(NDRCALL):
1529 opnum = 1
1530 structure = (
1531 ('SamHandle',SAMPR_HANDLE),
1532 ('DesiredAccess', LONG),
1533 )
1535class SamrCloseHandleResponse(NDRCALL):
1536 structure = (
1537 ('SamHandle',SAMPR_HANDLE),
1538 ('ErrorCode',ULONG),
1539 )
1541class SamrSetSecurityObject(NDRCALL):
1542 opnum = 2
1543 structure = (
1544 ('ObjectHandle',SAMPR_HANDLE),
1545 ('SecurityInformation', SECURITY_INFORMATION),
1546 ('SecurityDescriptor', SAMPR_SR_SECURITY_DESCRIPTOR),
1547 )
1549class SamrSetSecurityObjectResponse(NDRCALL):
1550 structure = (
1551 ('ErrorCode',ULONG),
1552 )
1554class SamrQuerySecurityObject(NDRCALL):
1555 opnum = 3
1556 structure = (
1557 ('ObjectHandle',SAMPR_HANDLE),
1558 ('SecurityInformation', SECURITY_INFORMATION),
1559 )
1561class SamrQuerySecurityObjectResponse(NDRCALL):
1562 structure = (
1563 ('SecurityDescriptor',PSAMPR_SR_SECURITY_DESCRIPTOR),
1564 ('ErrorCode',ULONG),
1565 )
1567class SamrLookupDomainInSamServer(NDRCALL):
1568 opnum = 5
1569 structure = (
1570 ('ServerHandle',SAMPR_HANDLE),
1571 ('Name', RPC_UNICODE_STRING),
1572 )
1574class SamrLookupDomainInSamServerResponse(NDRCALL):
1575 structure = (
1576 ('DomainId',PRPC_SID),
1577 ('ErrorCode',ULONG),
1578 )
1580class SamrEnumerateDomainsInSamServer(NDRCALL):
1581 opnum = 6
1582 structure = (
1583 ('ServerHandle',SAMPR_HANDLE),
1584 ('EnumerationContext', ULONG),
1585 ('PreferedMaximumLength', ULONG),
1586 )
1588class SamrEnumerateDomainsInSamServerResponse(NDRCALL):
1589 structure = (
1590 ('EnumerationContext',ULONG),
1591 ('Buffer',PSAMPR_ENUMERATION_BUFFER),
1592 ('CountReturned',ULONG),
1593 ('ErrorCode',ULONG),
1594 )
1596class SamrOpenDomain(NDRCALL):
1597 opnum = 7
1598 structure = (
1599 ('ServerHandle',SAMPR_HANDLE),
1600 ('DesiredAccess', ULONG),
1601 ('DomainId', RPC_SID),
1602 )
1604class SamrOpenDomainResponse(NDRCALL):
1605 structure = (
1606 ('DomainHandle',SAMPR_HANDLE),
1607 ('ErrorCode',ULONG),
1608 )
1610class SamrQueryInformationDomain(NDRCALL):
1611 opnum = 8
1612 structure = (
1613 ('DomainHandle',SAMPR_HANDLE),
1614 ('DomainInformationClass', DOMAIN_INFORMATION_CLASS),
1615 )
1617class SamrQueryInformationDomainResponse(NDRCALL):
1618 structure = (
1619 ('Buffer',PSAMPR_DOMAIN_INFO_BUFFER),
1620 ('ErrorCode',ULONG),
1621 )
1623class SamrSetInformationDomain(NDRCALL):
1624 opnum = 9
1625 structure = (
1626 ('DomainHandle',SAMPR_HANDLE),
1627 ('DomainInformationClass', DOMAIN_INFORMATION_CLASS),
1628 ('DomainInformation', SAMPR_DOMAIN_INFO_BUFFER),
1629 )
1631class SamrSetInformationDomainResponse(NDRCALL):
1632 structure = (
1633 ('ErrorCode',ULONG),
1634 )
1636class SamrCreateGroupInDomain(NDRCALL):
1637 opnum = 10
1638 structure = (
1639 ('DomainHandle',SAMPR_HANDLE),
1640 ('Name', RPC_UNICODE_STRING),
1641 ('DesiredAccess', ULONG),
1642 )
1644class SamrCreateGroupInDomainResponse(NDRCALL):
1645 structure = (
1646 ('GroupHandle',SAMPR_HANDLE),
1647 ('RelativeId',ULONG),
1648 ('ErrorCode',ULONG),
1649 )
1651class SamrEnumerateGroupsInDomain(NDRCALL):
1652 opnum = 11
1653 structure = (
1654 ('DomainHandle',SAMPR_HANDLE),
1655 ('EnumerationContext', ULONG),
1656 ('PreferedMaximumLength', ULONG),
1657 )
1659class SamrCreateUserInDomain(NDRCALL):
1660 opnum = 12
1661 structure = (
1662 ('DomainHandle',SAMPR_HANDLE),
1663 ('Name', RPC_UNICODE_STRING),
1664 ('DesiredAccess', ULONG),
1665 )
1667class SamrCreateUserInDomainResponse(NDRCALL):
1668 structure = (
1669 ('UserHandle',SAMPR_HANDLE),
1670 ('RelativeId',ULONG),
1671 ('ErrorCode',ULONG),
1672 )
1674class SamrEnumerateGroupsInDomainResponse(NDRCALL):
1675 structure = (
1676 ('EnumerationContext',ULONG),
1677 ('Buffer',PSAMPR_ENUMERATION_BUFFER),
1678 ('CountReturned',ULONG),
1679 ('ErrorCode',ULONG),
1680 )
1682class SamrEnumerateUsersInDomain(NDRCALL):
1683 opnum = 13
1684 structure = (
1685 ('DomainHandle',SAMPR_HANDLE),
1686 ('EnumerationContext', ULONG),
1687 ('UserAccountControl', ULONG),
1688 ('PreferedMaximumLength', ULONG),
1689 )
1691class SamrEnumerateUsersInDomainResponse(NDRCALL):
1692 structure = (
1693 ('EnumerationContext',ULONG),
1694 ('Buffer',PSAMPR_ENUMERATION_BUFFER),
1695 ('CountReturned',ULONG),
1696 ('ErrorCode',ULONG),
1697 )
1699class SamrCreateAliasInDomain(NDRCALL):
1700 opnum = 14
1701 structure = (
1702 ('DomainHandle',SAMPR_HANDLE),
1703 ('AccountName', RPC_UNICODE_STRING),
1704 ('DesiredAccess', ULONG),
1705 )
1707class SamrCreateAliasInDomainResponse(NDRCALL):
1708 structure = (
1709 ('AliasHandle',SAMPR_HANDLE),
1710 ('RelativeId',ULONG),
1711 ('ErrorCode',ULONG),
1712 )
1715class SamrEnumerateAliasesInDomain(NDRCALL):
1716 opnum = 15
1717 structure = (
1718 ('DomainHandle',SAMPR_HANDLE),
1719 ('EnumerationContext', ULONG),
1720 ('PreferedMaximumLength', ULONG),
1721 )
1723class SamrEnumerateAliasesInDomainResponse(NDRCALL):
1724 structure = (
1725 ('EnumerationContext',ULONG),
1726 ('Buffer',PSAMPR_ENUMERATION_BUFFER),
1727 ('CountReturned',ULONG),
1728 ('ErrorCode',ULONG),
1729 )
1731class SamrGetAliasMembership(NDRCALL):
1732 opnum = 16
1733 structure = (
1734 ('DomainHandle',SAMPR_HANDLE),
1735 ('SidArray',SAMPR_PSID_ARRAY),
1736 )
1738class SamrGetAliasMembershipResponse(NDRCALL):
1739 structure = (
1740 ('Membership',SAMPR_ULONG_ARRAY),
1741 ('ErrorCode',ULONG),
1742 )
1744class SamrLookupNamesInDomain(NDRCALL):
1745 opnum = 17
1746 structure = (
1747 ('DomainHandle',SAMPR_HANDLE),
1748 ('Count',ULONG),
1749 ('Names',RPC_UNICODE_STRING_ARRAY),
1750 )
1752class SamrLookupNamesInDomainResponse(NDRCALL):
1753 structure = (
1754 ('RelativeIds',SAMPR_ULONG_ARRAY),
1755 ('Use',SAMPR_ULONG_ARRAY),
1756 ('ErrorCode',ULONG),
1757 )
1759class SamrLookupIdsInDomain(NDRCALL):
1760 opnum = 18
1761 structure = (
1762 ('DomainHandle',SAMPR_HANDLE),
1763 ('Count',ULONG),
1764 ('RelativeIds',ULONG_ARRAY_CV),
1765 )
1767class SamrLookupIdsInDomainResponse(NDRCALL):
1768 structure = (
1769 ('Names',SAMPR_RETURNED_USTRING_ARRAY),
1770 ('Use',SAMPR_ULONG_ARRAY),
1771 ('ErrorCode',ULONG),
1772 )
1774class SamrOpenGroup(NDRCALL):
1775 opnum = 19
1776 structure = (
1777 ('DomainHandle',SAMPR_HANDLE),
1778 ('DesiredAccess', ULONG),
1779 ('GroupId', ULONG),
1780 )
1782class SamrOpenGroupResponse(NDRCALL):
1783 structure = (
1784 ('GroupHandle',SAMPR_HANDLE),
1785 ('ErrorCode',ULONG),
1786 )
1788class SamrQueryInformationGroup(NDRCALL):
1789 opnum = 20
1790 structure = (
1791 ('GroupHandle',SAMPR_HANDLE),
1792 ('GroupInformationClass', GROUP_INFORMATION_CLASS),
1793 )
1795class SamrQueryInformationGroupResponse(NDRCALL):
1796 structure = (
1797 ('Buffer',PSAMPR_GROUP_INFO_BUFFER),
1798 ('ErrorCode',ULONG),
1799 )
1801class SamrSetInformationGroup(NDRCALL):
1802 opnum = 21
1803 structure = (
1804 ('GroupHandle',SAMPR_HANDLE),
1805 ('GroupInformationClass', GROUP_INFORMATION_CLASS),
1806 ('Buffer', SAMPR_GROUP_INFO_BUFFER),
1807 )
1809class SamrSetInformationGroupResponse(NDRCALL):
1810 structure = (
1811 ('ErrorCode',ULONG),
1812 )
1814class SamrAddMemberToGroup(NDRCALL):
1815 opnum = 22
1816 structure = (
1817 ('GroupHandle',SAMPR_HANDLE),
1818 ('MemberId', ULONG),
1819 ('Attributes', ULONG),
1820 )
1822class SamrAddMemberToGroupResponse(NDRCALL):
1823 structure = (
1824 ('ErrorCode',ULONG),
1825 )
1827class SamrDeleteGroup(NDRCALL):
1828 opnum = 23
1829 structure = (
1830 ('GroupHandle',SAMPR_HANDLE),
1831 )
1833class SamrDeleteGroupResponse(NDRCALL):
1834 structure = (
1835 ('GroupHandle',SAMPR_HANDLE),
1836 ('ErrorCode',ULONG),
1837 )
1839class SamrRemoveMemberFromGroup(NDRCALL):
1840 opnum = 24
1841 structure = (
1842 ('GroupHandle',SAMPR_HANDLE),
1843 ('MemberId', ULONG),
1844 )
1846class SamrRemoveMemberFromGroupResponse(NDRCALL):
1847 structure = (
1848 ('ErrorCode',ULONG),
1849 )
1851class SamrGetMembersInGroup(NDRCALL):
1852 opnum = 25
1853 structure = (
1854 ('GroupHandle',SAMPR_HANDLE),
1855 )
1857class SamrGetMembersInGroupResponse(NDRCALL):
1858 structure = (
1859 ('Members',PSAMPR_GET_MEMBERS_BUFFER),
1860 ('ErrorCode',ULONG),
1861 )
1863class SamrSetMemberAttributesOfGroup(NDRCALL):
1864 opnum = 26
1865 structure = (
1866 ('GroupHandle',SAMPR_HANDLE),
1867 ('MemberId',ULONG),
1868 ('Attributes',ULONG),
1869 )
1871class SamrSetMemberAttributesOfGroupResponse(NDRCALL):
1872 structure = (
1873 ('ErrorCode',ULONG),
1874 )
1876class SamrOpenAlias(NDRCALL):
1877 opnum = 27
1878 structure = (
1879 ('DomainHandle',SAMPR_HANDLE),
1880 ('DesiredAccess', ULONG),
1881 ('AliasId', ULONG),
1882 )
1884class SamrOpenAliasResponse(NDRCALL):
1885 structure = (
1886 ('AliasHandle',SAMPR_HANDLE),
1887 ('ErrorCode',ULONG),
1888 )
1890class SamrQueryInformationAlias(NDRCALL):
1891 opnum = 28
1892 structure = (
1893 ('AliasHandle',SAMPR_HANDLE),
1894 ('AliasInformationClass', ALIAS_INFORMATION_CLASS),
1895 )
1897class SamrQueryInformationAliasResponse(NDRCALL):
1898 structure = (
1899 ('Buffer',PSAMPR_ALIAS_INFO_BUFFER),
1900 ('ErrorCode',ULONG),
1901 )
1903class SamrSetInformationAlias(NDRCALL):
1904 opnum = 29
1905 structure = (
1906 ('AliasHandle',SAMPR_HANDLE),
1907 ('AliasInformationClass', ALIAS_INFORMATION_CLASS),
1908 ('Buffer',SAMPR_ALIAS_INFO_BUFFER),
1909 )
1911class SamrSetInformationAliasResponse(NDRCALL):
1912 structure = (
1913 ('ErrorCode',ULONG),
1914 )
1916class SamrDeleteAlias(NDRCALL):
1917 opnum = 30
1918 structure = (
1919 ('AliasHandle',SAMPR_HANDLE),
1920 )
1922class SamrDeleteAliasResponse(NDRCALL):
1923 structure = (
1924 ('AliasHandle',SAMPR_HANDLE),
1925 ('ErrorCode',ULONG),
1926 )
1928class SamrAddMemberToAlias(NDRCALL):
1929 opnum = 31
1930 structure = (
1931 ('AliasHandle',SAMPR_HANDLE),
1932 ('MemberId', RPC_SID),
1933 )
1935class SamrAddMemberToAliasResponse(NDRCALL):
1936 structure = (
1937 ('ErrorCode',ULONG),
1938 )
1940class SamrRemoveMemberFromAlias(NDRCALL):
1941 opnum = 32
1942 structure = (
1943 ('AliasHandle',SAMPR_HANDLE),
1944 ('MemberId', RPC_SID),
1945 )
1947class SamrRemoveMemberFromAliasResponse(NDRCALL):
1948 structure = (
1949 ('ErrorCode',ULONG),
1950 )
1952class SamrGetMembersInAlias(NDRCALL):
1953 opnum = 33
1954 structure = (
1955 ('AliasHandle',SAMPR_HANDLE),
1956 )
1958class SamrGetMembersInAliasResponse(NDRCALL):
1959 structure = (
1960 ('Members',SAMPR_PSID_ARRAY_OUT),
1961 ('ErrorCode',ULONG),
1962 )
1964class SamrOpenUser(NDRCALL):
1965 opnum = 34
1966 structure = (
1967 ('DomainHandle',SAMPR_HANDLE),
1968 ('DesiredAccess', ULONG),
1969 ('UserId', ULONG),
1970 )
1972class SamrOpenUserResponse(NDRCALL):
1973 structure = (
1974 ('UserHandle',SAMPR_HANDLE),
1975 ('ErrorCode',ULONG),
1976 )
1978class SamrDeleteUser(NDRCALL):
1979 opnum = 35
1980 structure = (
1981 ('UserHandle',SAMPR_HANDLE),
1982 )
1984class SamrDeleteUserResponse(NDRCALL):
1985 structure = (
1986 ('UserHandle',SAMPR_HANDLE),
1987 ('ErrorCode',ULONG),
1988 )
1990class SamrQueryInformationUser(NDRCALL):
1991 opnum = 36
1992 structure = (
1993 ('UserHandle',SAMPR_HANDLE),
1994 ('UserInformationClass', USER_INFORMATION_CLASS ),
1995 )
1997class SamrQueryInformationUserResponse(NDRCALL):
1998 structure = (
1999 ('Buffer',PSAMPR_USER_INFO_BUFFER),
2000 ('ErrorCode',ULONG),
2001 )
2003class SamrSetInformationUser(NDRCALL):
2004 opnum = 37
2005 structure = (
2006 ('UserHandle',SAMPR_HANDLE),
2007 ('UserInformationClass', USER_INFORMATION_CLASS ),
2008 ('Buffer',SAMPR_USER_INFO_BUFFER),
2009 )
2011class SamrSetInformationUserResponse(NDRCALL):
2012 structure = (
2013 ('ErrorCode',ULONG),
2014 )
2016class SamrChangePasswordUser(NDRCALL):
2017 opnum = 38
2018 structure = (
2019 ('UserHandle',SAMPR_HANDLE),
2020 ('LmPresent', UCHAR ),
2021 ('OldLmEncryptedWithNewLm',PENCRYPTED_LM_OWF_PASSWORD),
2022 ('NewLmEncryptedWithOldLm',PENCRYPTED_LM_OWF_PASSWORD),
2023 ('NtPresent', UCHAR),
2024 ('OldNtEncryptedWithNewNt',PENCRYPTED_NT_OWF_PASSWORD),
2025 ('NewNtEncryptedWithOldNt',PENCRYPTED_NT_OWF_PASSWORD),
2026 ('NtCrossEncryptionPresent',UCHAR),
2027 ('NewNtEncryptedWithNewLm',PENCRYPTED_NT_OWF_PASSWORD),
2028 ('LmCrossEncryptionPresent',UCHAR),
2029 ('NewLmEncryptedWithNewNt',PENCRYPTED_NT_OWF_PASSWORD),
2030 )
2032class SamrChangePasswordUserResponse(NDRCALL):
2033 structure = (
2034 ('ErrorCode',ULONG),
2035 )
2037class SamrGetGroupsForUser(NDRCALL):
2038 opnum = 39
2039 structure = (
2040 ('UserHandle',SAMPR_HANDLE),
2041 )
2043class SamrGetGroupsForUserResponse(NDRCALL):
2044 structure = (
2045 ('Groups',PSAMPR_GET_GROUPS_BUFFER),
2046 ('ErrorCode',ULONG),
2047 )
2049class SamrQueryDisplayInformation(NDRCALL):
2050 opnum = 40
2051 structure = (
2052 ('DomainHandle',SAMPR_HANDLE),
2053 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION),
2054 ('Index', ULONG),
2055 ('EntryCount',ULONG),
2056 ('PreferredMaximumLength',ULONG),
2057 )
2059class SamrQueryDisplayInformationResponse(NDRCALL):
2060 structure = (
2061 ('TotalAvailable',ULONG),
2062 ('TotalReturned',ULONG),
2063 ('Buffer',SAMPR_DISPLAY_INFO_BUFFER),
2064 ('ErrorCode',ULONG),
2065 )
2067class SamrGetDisplayEnumerationIndex(NDRCALL):
2068 opnum = 41
2069 structure = (
2070 ('DomainHandle',SAMPR_HANDLE),
2071 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION),
2072 ('Prefix', RPC_UNICODE_STRING),
2073 )
2075class SamrGetDisplayEnumerationIndexResponse(NDRCALL):
2076 structure = (
2077 ('Index',ULONG),
2078 ('ErrorCode',ULONG),
2079 )
2081class SamrGetUserDomainPasswordInformation(NDRCALL):
2082 opnum = 44
2083 structure = (
2084 ('UserHandle',SAMPR_HANDLE),
2085 )
2087class SamrGetUserDomainPasswordInformationResponse(NDRCALL):
2088 structure = (
2089 ('PasswordInformation',USER_DOMAIN_PASSWORD_INFORMATION),
2090 ('ErrorCode',ULONG),
2091 )
2093class SamrRemoveMemberFromForeignDomain(NDRCALL):
2094 opnum = 45
2095 structure = (
2096 ('DomainHandle',SAMPR_HANDLE),
2097 ('MemberSid', RPC_SID),
2098 )
2100class SamrRemoveMemberFromForeignDomainResponse(NDRCALL):
2101 structure = (
2102 ('ErrorCode',ULONG),
2103 )
2105class SamrQueryInformationDomain2(NDRCALL):
2106 opnum = 46
2107 structure = (
2108 ('DomainHandle',SAMPR_HANDLE),
2109 ('DomainInformationClass', DOMAIN_INFORMATION_CLASS),
2110 )
2112class SamrQueryInformationDomain2Response(NDRCALL):
2113 structure = (
2114 ('Buffer',PSAMPR_DOMAIN_INFO_BUFFER),
2115 ('ErrorCode',ULONG),
2116 )
2118class SamrQueryInformationUser2(NDRCALL):
2119 opnum = 47
2120 structure = (
2121 ('UserHandle',SAMPR_HANDLE),
2122 ('UserInformationClass', USER_INFORMATION_CLASS ),
2123 )
2125class SamrQueryInformationUser2Response(NDRCALL):
2126 structure = (
2127 ('Buffer',PSAMPR_USER_INFO_BUFFER),
2128 ('ErrorCode',ULONG),
2129 )
2131class SamrQueryDisplayInformation2(NDRCALL):
2132 opnum = 48
2133 structure = (
2134 ('DomainHandle',SAMPR_HANDLE),
2135 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION),
2136 ('Index', ULONG),
2137 ('EntryCount',ULONG),
2138 ('PreferredMaximumLength',ULONG),
2139 )
2141class SamrQueryDisplayInformation2Response(NDRCALL):
2142 structure = (
2143 ('TotalAvailable',ULONG),
2144 ('TotalReturned',ULONG),
2145 ('Buffer',SAMPR_DISPLAY_INFO_BUFFER),
2146 ('ErrorCode',ULONG),
2147 )
2149class SamrGetDisplayEnumerationIndex2(NDRCALL):
2150 opnum = 49
2151 structure = (
2152 ('DomainHandle',SAMPR_HANDLE),
2153 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION),
2154 ('Prefix', RPC_UNICODE_STRING),
2155 )
2157class SamrGetDisplayEnumerationIndex2Response(NDRCALL):
2158 structure = (
2159 ('Index',ULONG),
2160 ('ErrorCode',ULONG),
2161 )
2163class SamrCreateUser2InDomain(NDRCALL):
2164 opnum = 50
2165 structure = (
2166 ('DomainHandle',SAMPR_HANDLE),
2167 ('Name', RPC_UNICODE_STRING),
2168 ('AccountType', ULONG),
2169 ('DesiredAccess', ULONG),
2170 )
2172class SamrCreateUser2InDomainResponse(NDRCALL):
2173 structure = (
2174 ('UserHandle',SAMPR_HANDLE),
2175 ('GrantedAccess',ULONG),
2176 ('RelativeId',ULONG),
2177 ('ErrorCode',ULONG),
2178 )
2180class SamrQueryDisplayInformation3(NDRCALL):
2181 opnum = 51
2182 structure = (
2183 ('DomainHandle',SAMPR_HANDLE),
2184 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION),
2185 ('Index', ULONG),
2186 ('EntryCount',ULONG),
2187 ('PreferredMaximumLength',ULONG),
2188 )
2190class SamrQueryDisplayInformation3Response(NDRCALL):
2191 structure = (
2192 ('TotalAvailable',ULONG),
2193 ('TotalReturned',ULONG),
2194 ('Buffer',SAMPR_DISPLAY_INFO_BUFFER),
2195 ('ErrorCode',ULONG),
2196 )
2198class SamrAddMultipleMembersToAlias(NDRCALL):
2199 opnum = 52
2200 structure = (
2201 ('AliasHandle',SAMPR_HANDLE),
2202 ('MembersBuffer', SAMPR_PSID_ARRAY),
2203 )
2205class SamrAddMultipleMembersToAliasResponse(NDRCALL):
2206 structure = (
2207 ('ErrorCode',ULONG),
2208 )
2210class SamrRemoveMultipleMembersFromAlias(NDRCALL):
2211 opnum = 53
2212 structure = (
2213 ('AliasHandle',SAMPR_HANDLE),
2214 ('MembersBuffer', SAMPR_PSID_ARRAY),
2215 )
2217class SamrRemoveMultipleMembersFromAliasResponse(NDRCALL):
2218 structure = (
2219 ('ErrorCode',ULONG),
2220 )
2222class SamrOemChangePasswordUser2(NDRCALL):
2223 opnum = 54
2224 structure = (
2225 ('ServerName', PRPC_STRING),
2226 ('UserName', RPC_STRING),
2227 ('NewPasswordEncryptedWithOldLm', PSAMPR_ENCRYPTED_USER_PASSWORD),
2228 ('OldLmOwfPasswordEncryptedWithNewLm', PENCRYPTED_LM_OWF_PASSWORD),
2229 )
2231class SamrOemChangePasswordUser2Response(NDRCALL):
2232 structure = (
2233 ('ErrorCode',ULONG),
2234 )
2236class SamrUnicodeChangePasswordUser2(NDRCALL):
2237 opnum = 55
2238 structure = (
2239 ('ServerName', PRPC_UNICODE_STRING),
2240 ('UserName', RPC_UNICODE_STRING),
2241 ('NewPasswordEncryptedWithOldNt',PSAMPR_ENCRYPTED_USER_PASSWORD),
2242 ('OldNtOwfPasswordEncryptedWithNewNt',PENCRYPTED_NT_OWF_PASSWORD),
2243 ('LmPresent',UCHAR),
2244 ('NewPasswordEncryptedWithOldLm',PSAMPR_ENCRYPTED_USER_PASSWORD),
2245 ('OldLmOwfPasswordEncryptedWithNewNt',PENCRYPTED_LM_OWF_PASSWORD),
2246 )
2248class SamrUnicodeChangePasswordUser2Response(NDRCALL):
2249 structure = (
2250 ('ErrorCode',ULONG),
2251 )
2253class SamrGetDomainPasswordInformation(NDRCALL):
2254 opnum = 56
2255 structure = (
2256 #('BindingHandle',SAMPR_HANDLE),
2257 ('Unused', PRPC_UNICODE_STRING),
2258 )
2260class SamrGetDomainPasswordInformationResponse(NDRCALL):
2261 structure = (
2262 ('PasswordInformation',USER_DOMAIN_PASSWORD_INFORMATION),
2263 ('ErrorCode',ULONG),
2264 )
2266class SamrConnect2(NDRCALL):
2267 opnum = 57
2268 structure = (
2269 ('ServerName',PSAMPR_SERVER_NAME),
2270 ('DesiredAccess', ULONG),
2271 )
2273class SamrConnect2Response(NDRCALL):
2274 structure = (
2275 ('ServerHandle',SAMPR_HANDLE),
2276 ('ErrorCode',ULONG),
2277 )
2279class SamrSetInformationUser2(NDRCALL):
2280 opnum = 58
2281 structure = (
2282 ('UserHandle',SAMPR_HANDLE),
2283 ('UserInformationClass', USER_INFORMATION_CLASS),
2284 ('Buffer', SAMPR_USER_INFO_BUFFER),
2285 )
2287class SamrSetInformationUser2Response(NDRCALL):
2288 structure = (
2289 ('ErrorCode',ULONG),
2290 )
2292class SamrConnect4(NDRCALL):
2293 opnum = 62
2294 structure = (
2295 ('ServerName',PSAMPR_SERVER_NAME),
2296 ('ClientRevision', ULONG),
2297 ('DesiredAccess', ULONG),
2298 )
2300class SamrConnect4Response(NDRCALL):
2301 structure = (
2302 ('ServerHandle',SAMPR_HANDLE),
2303 ('ErrorCode',ULONG),
2304 )
2306class SamrConnect5(NDRCALL):
2307 opnum = 64
2308 structure = (
2309 ('ServerName',PSAMPR_SERVER_NAME),
2310 ('DesiredAccess', ULONG),
2311 ('InVersion', ULONG),
2312 ('InRevisionInfo',SAMPR_REVISION_INFO),
2313 )
2315class SamrConnect5Response(NDRCALL):
2316 structure = (
2317 ('OutVersion',ULONG),
2318 ('OutRevisionInfo',SAMPR_REVISION_INFO),
2319 ('ServerHandle',SAMPR_HANDLE),
2320 ('ErrorCode',ULONG),
2321 )
2323class SamrRidToSid(NDRCALL):
2324 opnum = 65
2325 structure = (
2326 ('ObjectHandle',SAMPR_HANDLE),
2327 ('Rid', ULONG),
2328 )
2330class SamrRidToSidResponse(NDRCALL):
2331 structure = (
2332 ('Sid',PRPC_SID),
2333 ('ErrorCode',ULONG),
2334 )
2336class SamrSetDSRMPassword(NDRCALL):
2337 opnum = 66
2338 structure = (
2339 ('Unused', PRPC_UNICODE_STRING),
2340 ('UserId',ULONG),
2341 ('EncryptedNtOwfPassword',PENCRYPTED_NT_OWF_PASSWORD),
2342 )
2344class SamrSetDSRMPasswordResponse(NDRCALL):
2345 structure = (
2346 ('ErrorCode',ULONG),
2347 )
2349class SamrValidatePassword(NDRCALL):
2350 opnum = 67
2351 structure = (
2352 ('ValidationType', PASSWORD_POLICY_VALIDATION_TYPE),
2353 ('InputArg',SAM_VALIDATE_INPUT_ARG),
2354 )
2356class SamrValidatePasswordResponse(NDRCALL):
2357 structure = (
2358 ('OutputArg',PSAM_VALIDATE_OUTPUT_ARG),
2359 ('ErrorCode',ULONG),
2360 )
2362################################################################################
2363# OPNUMs and their corresponding structures
2364################################################################################
2365OPNUMS = {
2366 0 : (SamrConnect, SamrConnectResponse),
2367 1 : (SamrCloseHandle, SamrCloseHandleResponse),
2368 2 : (SamrSetSecurityObject, SamrSetSecurityObjectResponse),
2369 3 : (SamrQuerySecurityObject, SamrQuerySecurityObjectResponse),
2370 5 : (SamrLookupDomainInSamServer, SamrLookupDomainInSamServerResponse),
2371 6 : (SamrEnumerateDomainsInSamServer, SamrEnumerateDomainsInSamServerResponse),
2372 7 : (SamrOpenDomain, SamrOpenDomainResponse),
2373 8 : (SamrQueryInformationDomain, SamrQueryInformationDomainResponse),
2374 9 : (SamrSetInformationDomain, SamrSetInformationDomainResponse),
237510 : (SamrCreateGroupInDomain, SamrCreateGroupInDomainResponse),
237611 : (SamrEnumerateGroupsInDomain, SamrEnumerateGroupsInDomainResponse),
237712 : (SamrCreateUserInDomain, SamrCreateUserInDomainResponse),
237813 : (SamrEnumerateUsersInDomain, SamrEnumerateUsersInDomainResponse),
237914 : (SamrCreateAliasInDomain, SamrCreateAliasInDomainResponse),
238015 : (SamrEnumerateAliasesInDomain, SamrEnumerateAliasesInDomainResponse),
238116 : (SamrGetAliasMembership, SamrGetAliasMembershipResponse),
238217 : (SamrLookupNamesInDomain, SamrLookupNamesInDomainResponse),
238318 : (SamrLookupIdsInDomain, SamrLookupIdsInDomainResponse),
238419 : (SamrOpenGroup, SamrOpenGroupResponse),
238520 : (SamrQueryInformationGroup, SamrQueryInformationGroupResponse),
238621 : (SamrSetInformationGroup, SamrSetInformationGroupResponse),
238722 : (SamrAddMemberToGroup, SamrAddMemberToGroupResponse),
238823 : (SamrDeleteGroup, SamrDeleteGroupResponse),
238924 : (SamrRemoveMemberFromGroup, SamrRemoveMemberFromGroupResponse),
239025 : (SamrGetMembersInGroup, SamrGetMembersInGroupResponse),
239126 : (SamrSetMemberAttributesOfGroup, SamrSetMemberAttributesOfGroupResponse),
239227 : (SamrOpenAlias, SamrOpenAliasResponse),
239328 : (SamrQueryInformationAlias, SamrQueryInformationAliasResponse),
239429 : (SamrSetInformationAlias, SamrSetInformationAliasResponse),
239530 : (SamrDeleteAlias, SamrDeleteAliasResponse),
239631 : (SamrAddMemberToAlias, SamrAddMemberToAliasResponse),
239732 : (SamrRemoveMemberFromAlias, SamrRemoveMemberFromAliasResponse),
239833 : (SamrGetMembersInAlias, SamrGetMembersInAliasResponse),
239934 : (SamrOpenUser, SamrOpenUserResponse),
240035 : (SamrDeleteUser, SamrDeleteUserResponse),
240136 : (SamrQueryInformationUser, SamrQueryInformationUserResponse),
240237 : (SamrSetInformationUser, SamrSetInformationUserResponse),
240338 : (SamrChangePasswordUser, SamrChangePasswordUserResponse),
240439 : (SamrGetGroupsForUser, SamrGetGroupsForUserResponse),
240540 : (SamrQueryDisplayInformation, SamrQueryDisplayInformationResponse),
240641 : (SamrGetDisplayEnumerationIndex, SamrGetDisplayEnumerationIndexResponse),
240744 : (SamrGetUserDomainPasswordInformation, SamrGetUserDomainPasswordInformationResponse),
240845 : (SamrRemoveMemberFromForeignDomain, SamrRemoveMemberFromForeignDomainResponse),
240946 : (SamrQueryInformationDomain2, SamrQueryInformationDomain2Response),
241047 : (SamrQueryInformationUser2, SamrQueryInformationUser2Response),
241148 : (SamrQueryDisplayInformation2, SamrQueryDisplayInformation2Response),
241249 : (SamrGetDisplayEnumerationIndex2, SamrGetDisplayEnumerationIndex2Response),
241350 : (SamrCreateUser2InDomain, SamrCreateUser2InDomainResponse),
241451 : (SamrQueryDisplayInformation3, SamrQueryDisplayInformation3Response),
241552 : (SamrAddMultipleMembersToAlias, SamrAddMultipleMembersToAliasResponse),
241653 : (SamrRemoveMultipleMembersFromAlias, SamrRemoveMultipleMembersFromAliasResponse),
241754 : (SamrOemChangePasswordUser2, SamrOemChangePasswordUser2Response),
241855 : (SamrUnicodeChangePasswordUser2, SamrUnicodeChangePasswordUser2Response),
241956 : (SamrGetDomainPasswordInformation, SamrGetDomainPasswordInformationResponse),
242057 : (SamrConnect2, SamrConnect2Response),
242158 : (SamrSetInformationUser2, SamrSetInformationUser2Response),
242262 : (SamrConnect4, SamrConnect4Response),
242364 : (SamrConnect5, SamrConnect5Response),
242465 : (SamrRidToSid, SamrRidToSidResponse),
242566 : (SamrSetDSRMPassword, SamrSetDSRMPasswordResponse),
242667 : (SamrValidatePassword, SamrValidatePasswordResponse),
2427}
2429################################################################################
2430# HELPER FUNCTIONS
2431################################################################################
2433def hSamrConnect5(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED, inVersion=1, revision=3):
2434 request = SamrConnect5()
2435 request['ServerName'] = serverName
2436 request['DesiredAccess'] = desiredAccess
2437 request['InVersion'] = inVersion
2438 request['InRevisionInfo']['tag'] = inVersion
2439 request['InRevisionInfo']['V1']['Revision'] = revision
2440 return dce.request(request)
2442def hSamrConnect4(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED, clientRevision=2):
2443 request = SamrConnect4()
2444 request['ServerName'] = serverName
2445 request['DesiredAccess'] = desiredAccess
2446 request['ClientRevision'] = clientRevision
2447 return dce.request(request)
2449def hSamrConnect2(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED):
2450 request = SamrConnect2()
2451 request['ServerName'] = serverName
2452 request['DesiredAccess'] = desiredAccess
2453 return dce.request(request)
2455def hSamrConnect(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED):
2456 request = SamrConnect()
2457 request['ServerName'] = serverName
2458 request['DesiredAccess'] = desiredAccess
2459 return dce.request(request)
2461def hSamrOpenDomain(dce, serverHandle, desiredAccess=MAXIMUM_ALLOWED, domainId=NULL):
2462 request = SamrOpenDomain()
2463 request['ServerHandle'] = serverHandle
2464 request['DesiredAccess'] = desiredAccess
2465 request['DomainId'] = domainId
2466 return dce.request(request)
2468def hSamrOpenGroup(dce, domainHandle, desiredAccess=MAXIMUM_ALLOWED, groupId=0):
2469 request = SamrOpenGroup()
2470 request['DomainHandle'] = domainHandle
2471 request['DesiredAccess'] = desiredAccess
2472 request['GroupId'] = groupId
2473 return dce.request(request)
2475def hSamrOpenAlias(dce, domainHandle, desiredAccess=MAXIMUM_ALLOWED, aliasId=0):
2476 request = SamrOpenAlias()
2477 request['DomainHandle'] = domainHandle
2478 request['DesiredAccess'] = desiredAccess
2479 request['AliasId'] = aliasId
2480 return dce.request(request)
2482def hSamrOpenUser(dce, domainHandle, desiredAccess=MAXIMUM_ALLOWED, userId=0):
2483 request = SamrOpenUser()
2484 request['DomainHandle'] = domainHandle
2485 request['DesiredAccess'] = desiredAccess
2486 request['UserId'] = userId
2487 return dce.request(request)
2489def hSamrEnumerateDomainsInSamServer(dce, serverHandle, enumerationContext=0, preferedMaximumLength=0xffffffff):
2490 request = SamrEnumerateDomainsInSamServer()
2491 request['ServerHandle'] = serverHandle
2492 request['EnumerationContext'] = enumerationContext
2493 request['PreferedMaximumLength'] = preferedMaximumLength
2494 return dce.request(request)
2496def hSamrEnumerateGroupsInDomain(dce, domainHandle, enumerationContext=0, preferedMaximumLength=0xffffffff):
2497 request = SamrEnumerateGroupsInDomain()
2498 request['DomainHandle'] = domainHandle
2499 request['EnumerationContext'] = enumerationContext
2500 request['PreferedMaximumLength'] = preferedMaximumLength
2501 return dce.request(request)
2503def hSamrEnumerateAliasesInDomain(dce, domainHandle, enumerationContext=0, preferedMaximumLength=0xffffffff):
2504 request = SamrEnumerateAliasesInDomain()
2505 request['DomainHandle'] = domainHandle
2506 request['EnumerationContext'] = enumerationContext
2507 request['PreferedMaximumLength'] = preferedMaximumLength
2508 return dce.request(request)
2510def hSamrEnumerateUsersInDomain(dce, domainHandle, userAccountControl=USER_NORMAL_ACCOUNT, enumerationContext=0, preferedMaximumLength=0xffffffff):
2511 request = SamrEnumerateUsersInDomain()
2512 request['DomainHandle'] = domainHandle
2513 request['UserAccountControl'] = userAccountControl
2514 request['EnumerationContext'] = enumerationContext
2515 request['PreferedMaximumLength'] = preferedMaximumLength
2516 return dce.request(request)
2518def hSamrQueryDisplayInformation3(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, index=0, entryCount=0xffffffff, preferedMaximumLength=0xffffffff):
2519 request = SamrQueryDisplayInformation3()
2520 request['DomainHandle'] = domainHandle
2521 request['DisplayInformationClass'] = displayInformationClass
2522 request['Index'] = index
2523 request['EntryCount'] = entryCount
2524 request['PreferredMaximumLength'] = preferedMaximumLength
2525 return dce.request(request)
2527def hSamrQueryDisplayInformation2(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, index=0, entryCount=0xffffffff, preferedMaximumLength=0xffffffff):
2528 request = SamrQueryDisplayInformation2()
2529 request['DomainHandle'] = domainHandle
2530 request['DisplayInformationClass'] = displayInformationClass
2531 request['Index'] = index
2532 request['EntryCount'] = entryCount
2533 request['PreferredMaximumLength'] = preferedMaximumLength
2534 return dce.request(request)
2536def hSamrQueryDisplayInformation(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, index=0, entryCount=0xffffffff, preferedMaximumLength=0xffffffff):
2537 request = SamrQueryDisplayInformation()
2538 request['DomainHandle'] = domainHandle
2539 request['DisplayInformationClass'] = displayInformationClass
2540 request['Index'] = index
2541 request['EntryCount'] = entryCount
2542 request['PreferredMaximumLength'] = preferedMaximumLength
2543 return dce.request(request)
2545def hSamrGetDisplayEnumerationIndex2(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, prefix=''):
2546 request = SamrGetDisplayEnumerationIndex2()
2547 request['DomainHandle'] = domainHandle
2548 request['DisplayInformationClass'] = displayInformationClass
2549 request['Prefix'] = prefix
2550 return dce.request(request)
2552def hSamrGetDisplayEnumerationIndex(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, prefix=''):
2553 request = SamrGetDisplayEnumerationIndex()
2554 request['DomainHandle'] = domainHandle
2555 request['DisplayInformationClass'] = displayInformationClass
2556 request['Prefix'] = prefix
2557 return dce.request(request)
2559def hSamrCreateGroupInDomain(dce, domainHandle, name, desiredAccess=GROUP_ALL_ACCESS):
2560 request = SamrCreateGroupInDomain()
2561 request['DomainHandle'] = domainHandle
2562 request['Name'] = name
2563 request['DesiredAccess'] = desiredAccess
2564 return dce.request(request)
2566def hSamrCreateAliasInDomain(dce, domainHandle, accountName, desiredAccess=GROUP_ALL_ACCESS):
2567 request = SamrCreateAliasInDomain()
2568 request['DomainHandle'] = domainHandle
2569 request['AccountName'] = accountName
2570 request['DesiredAccess'] = desiredAccess
2571 return dce.request(request)
2573def hSamrCreateUser2InDomain(dce, domainHandle, name, accountType=USER_NORMAL_ACCOUNT, desiredAccess=GROUP_ALL_ACCESS):
2574 request = SamrCreateUser2InDomain()
2575 request['DomainHandle'] = domainHandle
2576 request['Name'] = name
2577 request['AccountType'] = accountType
2578 request['DesiredAccess'] = desiredAccess
2579 return dce.request(request)
2581def hSamrCreateUserInDomain(dce, domainHandle, name, desiredAccess=GROUP_ALL_ACCESS):
2582 request = SamrCreateUserInDomain()
2583 request['DomainHandle'] = domainHandle
2584 request['Name'] = name
2585 request['DesiredAccess'] = desiredAccess
2586 return dce.request(request)
2588def hSamrQueryInformationDomain(dce, domainHandle, domainInformationClass=DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2):
2589 request = SamrQueryInformationDomain()
2590 request['DomainHandle'] = domainHandle
2591 request['DomainInformationClass'] = domainInformationClass
2592 return dce.request(request)
2594def hSamrQueryInformationDomain2(dce, domainHandle, domainInformationClass=DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2):
2595 request = SamrQueryInformationDomain2()
2596 request['DomainHandle'] = domainHandle
2597 request['DomainInformationClass'] = domainInformationClass
2598 return dce.request(request)
2600def hSamrQueryInformationGroup(dce, groupHandle, groupInformationClass=GROUP_INFORMATION_CLASS.GroupGeneralInformation):
2601 request = SamrQueryInformationGroup()
2602 request['GroupHandle'] = groupHandle
2603 request['GroupInformationClass'] = groupInformationClass
2604 return dce.request(request)
2606def hSamrQueryInformationAlias(dce, aliasHandle, aliasInformationClass=ALIAS_INFORMATION_CLASS.AliasGeneralInformation):
2607 request = SamrQueryInformationAlias()
2608 request['AliasHandle'] = aliasHandle
2609 request['AliasInformationClass'] = aliasInformationClass
2610 return dce.request(request)
2612def hSamrQueryInformationUser2(dce, userHandle, userInformationClass=USER_INFORMATION_CLASS.UserGeneralInformation):
2613 request = SamrQueryInformationUser2()
2614 request['UserHandle'] = userHandle
2615 request['UserInformationClass'] = userInformationClass
2616 return dce.request(request)
2618def hSamrQueryInformationUser(dce, userHandle, userInformationClass=USER_INFORMATION_CLASS.UserGeneralInformation):
2619 request = SamrQueryInformationUser()
2620 request['UserHandle'] = userHandle
2621 request['UserInformationClass'] = userInformationClass
2622 return dce.request(request)
2624def hSamrSetInformationDomain(dce, domainHandle, domainInformation):
2625 request = SamrSetInformationDomain()
2626 request['DomainHandle'] = domainHandle
2627 request['DomainInformationClass'] = domainInformation['tag']
2628 request['DomainInformation'] = domainInformation
2629 return dce.request(request)
2631def hSamrSetInformationGroup(dce, groupHandle, buffer):
2632 request = SamrSetInformationGroup()
2633 request['GroupHandle'] = groupHandle
2634 request['GroupInformationClass'] = buffer['tag']
2635 request['Buffer'] = buffer
2636 return dce.request(request)
2638def hSamrSetInformationAlias(dce, aliasHandle, buffer):
2639 request = SamrSetInformationAlias()
2640 request['AliasHandle'] = aliasHandle
2641 request['AliasInformationClass'] = buffer['tag']
2642 request['Buffer'] = buffer
2643 return dce.request(request)
2645def hSamrSetInformationUser2(dce, userHandle, buffer):
2646 request = SamrSetInformationUser2()
2647 request['UserHandle'] = userHandle
2648 request['UserInformationClass'] = buffer['tag']
2649 request['Buffer'] = buffer
2650 return dce.request(request)
2652def hSamrSetInformationUser(dce, userHandle, buffer):
2653 request = SamrSetInformationUser()
2654 request['UserHandle'] = userHandle
2655 request['UserInformationClass'] = buffer['tag']
2656 request['Buffer'] = buffer
2657 return dce.request(request)
2659def hSamrDeleteGroup(dce, groupHandle):
2660 request = SamrDeleteGroup()
2661 request['GroupHandle'] = groupHandle
2662 return dce.request(request)
2664def hSamrDeleteAlias(dce, aliasHandle):
2665 request = SamrDeleteAlias()
2666 request['AliasHandle'] = aliasHandle
2667 return dce.request(request)
2669def hSamrDeleteUser(dce, userHandle):
2670 request = SamrDeleteUser()
2671 request['UserHandle'] = userHandle
2672 return dce.request(request)
2674def hSamrAddMemberToGroup(dce, groupHandle, memberId, attributes):
2675 request = SamrAddMemberToGroup()
2676 request['GroupHandle'] = groupHandle
2677 request['MemberId'] = memberId
2678 request['Attributes'] = attributes
2679 return dce.request(request)
2681def hSamrRemoveMemberFromGroup(dce, groupHandle, memberId):
2682 request = SamrRemoveMemberFromGroup()
2683 request['GroupHandle'] = groupHandle
2684 request['MemberId'] = memberId
2685 return dce.request(request)
2687def hSamrGetMembersInGroup(dce, groupHandle):
2688 request = SamrGetMembersInGroup()
2689 request['GroupHandle'] = groupHandle
2690 return dce.request(request)
2692def hSamrAddMemberToAlias(dce, aliasHandle, memberId):
2693 request = SamrAddMemberToAlias()
2694 request['AliasHandle'] = aliasHandle
2695 request['MemberId'] = memberId
2696 return dce.request(request)
2698def hSamrRemoveMemberFromAlias(dce, aliasHandle, memberId):
2699 request = SamrRemoveMemberFromAlias()
2700 request['AliasHandle'] = aliasHandle
2701 request['MemberId'] = memberId
2702 return dce.request(request)
2704def hSamrGetMembersInAlias(dce, aliasHandle):
2705 request = SamrGetMembersInAlias()
2706 request['AliasHandle'] = aliasHandle
2707 return dce.request(request)
2709def hSamrRemoveMemberFromForeignDomain(dce, domainHandle, memberSid):
2710 request = SamrRemoveMemberFromForeignDomain()
2711 request['DomainHandle'] = domainHandle
2712 request['MemberSid'] = memberSid
2713 return dce.request(request)
2715def hSamrAddMultipleMembersToAlias(dce, aliasHandle, membersBuffer):
2716 request = SamrAddMultipleMembersToAlias()
2717 request['AliasHandle'] = aliasHandle
2718 request['MembersBuffer'] = membersBuffer
2719 request['MembersBuffer']['Count'] = len(membersBuffer['Sids'])
2720 return dce.request(request)
2722def hSamrRemoveMultipleMembersFromAlias(dce, aliasHandle, membersBuffer):
2723 request = SamrRemoveMultipleMembersFromAlias()
2724 request['AliasHandle'] = aliasHandle
2725 request['MembersBuffer'] = membersBuffer
2726 request['MembersBuffer']['Count'] = len(membersBuffer['Sids'])
2727 return dce.request(request)
2729def hSamrGetGroupsForUser(dce, userHandle):
2730 request = SamrGetGroupsForUser()
2731 request['UserHandle'] = userHandle
2732 return dce.request(request)
2734def hSamrGetAliasMembership(dce, domainHandle, sidArray):
2735 request = SamrGetAliasMembership()
2736 request['DomainHandle'] = domainHandle
2737 request['SidArray'] = sidArray
2738 request['SidArray']['Count'] = len(sidArray['Sids'])
2739 return dce.request(request)
2741def hSamrChangePasswordUser(dce, userHandle, oldPassword, newPassword, oldPwdHashNT='', newPwdHashLM='', newPwdHashNT=''):
2742 request = SamrChangePasswordUser()
2743 request['UserHandle'] = userHandle
2745 from impacket import crypto, ntlm
2747 if oldPwdHashNT == '': 2747 ↛ 2751line 2747 didn't jump to line 2751, because the condition on line 2747 was never false
2748 oldPwdHashNT = ntlm.NTOWFv1(oldPassword)
2749 else:
2750 # Let's convert the hashes to binary form, if not yet
2751 try:
2752 oldPwdHashNT = unhexlify(oldPwdHashNT)
2753 except:
2754 pass
2756 if newPwdHashLM == '': 2756 ↛ 2760line 2756 didn't jump to line 2760, because the condition on line 2756 was never false
2757 newPwdHashLM = ntlm.LMOWFv1(newPassword)
2758 else:
2759 # Let's convert the hashes to binary form, if not yet
2760 try:
2761 newPwdHashLM = unhexlify(newPwdHashLM)
2762 except:
2763 pass
2765 if newPwdHashNT == '': 2765 ↛ 2769line 2765 didn't jump to line 2769, because the condition on line 2765 was never false
2766 newPwdHashNT = ntlm.NTOWFv1(newPassword)
2767 else:
2768 # Let's convert the hashes to binary form, if not yet
2769 try:
2770 newPwdHashNT = unhexlify(newPwdHashNT)
2771 except:
2772 pass
2774 request['LmPresent'] = 0
2775 request['OldLmEncryptedWithNewLm'] = NULL
2776 request['NewLmEncryptedWithOldLm'] = NULL
2777 request['NtPresent'] = 1
2778 request['OldNtEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(oldPwdHashNT, newPwdHashNT)
2779 request['NewNtEncryptedWithOldNt'] = crypto.SamEncryptNTLMHash(newPwdHashNT, oldPwdHashNT)
2780 request['NtCrossEncryptionPresent'] = 0
2781 request['NewNtEncryptedWithNewLm'] = NULL
2782 request['LmCrossEncryptionPresent'] = 1
2783 request['NewLmEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(newPwdHashLM, newPwdHashNT)
2785 return dce.request(request)
2787def hSamrUnicodeChangePasswordUser2(dce, serverName='\x00', userName='', oldPassword='', newPassword='', oldPwdHashLM = '', oldPwdHashNT = ''):
2788 request = SamrUnicodeChangePasswordUser2()
2789 request['ServerName'] = serverName
2790 request['UserName'] = userName
2792 try:
2793 from Cryptodome.Cipher import ARC4
2794 except Exception:
2795 LOG.critical("Warning: You don't have any crypto installed. You need pycryptodomex")
2796 LOG.critical("See https://pypi.org/project/pycryptodomex/")
2797 from impacket import crypto, ntlm
2799 if oldPwdHashLM == '' and oldPwdHashNT == '': 2799 ↛ 2804line 2799 didn't jump to line 2804, because the condition on line 2799 was never false
2800 oldPwdHashLM = ntlm.LMOWFv1(oldPassword)
2801 oldPwdHashNT = ntlm.NTOWFv1(oldPassword)
2802 else:
2803 # Let's convert the hashes to binary form, if not yet
2804 try:
2805 oldPwdHashLM = unhexlify(oldPwdHashLM)
2806 except:
2807 pass
2808 try:
2809 oldPwdHashNT = unhexlify(oldPwdHashNT)
2810 except:
2811 pass
2813 newPwdHashNT = ntlm.NTOWFv1(newPassword)
2815 samUser = SAMPR_USER_PASSWORD()
2816 try:
2817 samUser['Buffer'] = b'A'*(512-len(newPassword)*2) + newPassword.encode('utf-16le')
2818 except UnicodeDecodeError:
2819 import sys
2820 samUser['Buffer'] = b'A'*(512-len(newPassword)*2) + newPassword.decode(sys.getfilesystemencoding()).encode('utf-16le')
2822 samUser['Length'] = len(newPassword)*2
2823 pwdBuff = samUser.getData()
2825 rc4 = ARC4.new(oldPwdHashNT)
2826 encBuf = rc4.encrypt(pwdBuff)
2827 request['NewPasswordEncryptedWithOldNt']['Buffer'] = encBuf
2828 request['OldNtOwfPasswordEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(oldPwdHashNT, newPwdHashNT)
2829 request['LmPresent'] = 0
2830 request['NewPasswordEncryptedWithOldLm'] = NULL
2831 request['OldLmOwfPasswordEncryptedWithNewNt'] = NULL
2833 return dce.request(request)
2835def hSamrLookupDomainInSamServer(dce, serverHandle, name):
2836 request = SamrLookupDomainInSamServer()
2837 request['ServerHandle'] = serverHandle
2838 request['Name'] = name
2839 return dce.request(request)
2841def hSamrSetSecurityObject(dce, objectHandle, securityInformation, securityDescriptor):
2842 request = SamrSetSecurityObject()
2843 request['ObjectHandle'] = objectHandle
2844 request['SecurityInformation'] = securityInformation
2845 request['SecurityDescriptor'] = securityDescriptor
2846 return dce.request(request)
2848def hSamrQuerySecurityObject(dce, objectHandle, securityInformation):
2849 request = SamrQuerySecurityObject()
2850 request['ObjectHandle'] = objectHandle
2851 request['SecurityInformation'] = securityInformation
2852 return dce.request(request)
2854def hSamrCloseHandle(dce, samHandle):
2855 request = SamrCloseHandle()
2856 request['SamHandle'] = samHandle
2857 return dce.request(request)
2859def hSamrSetMemberAttributesOfGroup(dce, groupHandle, memberId, attributes):
2860 request = SamrSetMemberAttributesOfGroup()
2861 request['GroupHandle'] = groupHandle
2862 request['MemberId'] = memberId
2863 request['Attributes'] = attributes
2864 return dce.request(request)
2866def hSamrGetUserDomainPasswordInformation(dce, userHandle):
2867 request = SamrGetUserDomainPasswordInformation()
2868 request['UserHandle'] = userHandle
2869 return dce.request(request)
2871def hSamrGetDomainPasswordInformation(dce):
2872 request = SamrGetDomainPasswordInformation()
2873 request['Unused'] = NULL
2874 return dce.request(request)
2876def hSamrRidToSid(dce, objectHandle, rid):
2877 request = SamrRidToSid()
2878 request['ObjectHandle'] = objectHandle
2879 request['Rid'] = rid
2880 return dce.request(request)
2882def hSamrValidatePassword(dce, inputArg):
2883 request = SamrValidatePassword()
2884 request['ValidationType'] = inputArg['tag']
2885 request['InputArg'] = inputArg
2886 return dce.request(request)
2888def hSamrLookupNamesInDomain(dce, domainHandle, names):
2889 request = SamrLookupNamesInDomain()
2890 request['DomainHandle'] = domainHandle
2891 request['Count'] = len(names)
2892 for name in names:
2893 entry = RPC_UNICODE_STRING()
2894 entry['Data'] = name
2895 request['Names'].append(entry)
2897 request.fields['Names'].fields['MaximumCount'] = 1000
2899 return dce.request(request)
2901def hSamrLookupIdsInDomain(dce, domainHandle, ids):
2902 request = SamrLookupIdsInDomain()
2903 request['DomainHandle'] = domainHandle
2904 request['Count'] = len(ids)
2905 for dId in ids:
2906 entry = ULONG()
2907 entry['Data'] = dId
2908 request['RelativeIds'].append(entry)
2910 request.fields['RelativeIds'].fields['MaximumCount'] = 1000
2912 return dce.request(request)
2914def hSamrSetPasswordInternal4New(dce, userHandle, password):
2915 request = SamrSetInformationUser2()
2916 request['UserHandle'] = userHandle
2917 request['UserInformationClass'] = USER_INFORMATION_CLASS.UserInternal4InformationNew
2918 request['Buffer']['tag'] = USER_INFORMATION_CLASS.UserInternal4InformationNew
2919 request['Buffer']['Internal4New']['I1']['WhichFields'] = 0x01000000 | 0x08000000
2921 request['Buffer']['Internal4New']['I1']['UserName'] = NULL
2922 request['Buffer']['Internal4New']['I1']['FullName'] = NULL
2923 request['Buffer']['Internal4New']['I1']['HomeDirectory'] = NULL
2924 request['Buffer']['Internal4New']['I1']['HomeDirectoryDrive'] = NULL
2925 request['Buffer']['Internal4New']['I1']['ScriptPath'] = NULL
2926 request['Buffer']['Internal4New']['I1']['ProfilePath'] = NULL
2927 request['Buffer']['Internal4New']['I1']['AdminComment'] = NULL
2928 request['Buffer']['Internal4New']['I1']['WorkStations'] = NULL
2929 request['Buffer']['Internal4New']['I1']['UserComment'] = NULL
2930 request['Buffer']['Internal4New']['I1']['Parameters'] = NULL
2931 request['Buffer']['Internal4New']['I1']['LmOwfPassword']['Buffer'] = NULL
2932 request['Buffer']['Internal4New']['I1']['NtOwfPassword']['Buffer'] = NULL
2933 request['Buffer']['Internal4New']['I1']['PrivateData'] = NULL
2934 request['Buffer']['Internal4New']['I1']['SecurityDescriptor']['SecurityDescriptor'] = NULL
2935 request['Buffer']['Internal4New']['I1']['LogonHours']['LogonHours'] = NULL
2936 request['Buffer']['Internal4New']['I1']['PasswordExpired'] = 1
2938 #crypto
2939 pwdbuff = password.encode("utf-16le")
2940 bufflen = len(pwdbuff)
2941 pwdbuff = pwdbuff.rjust(512, b'\0')
2942 pwdbuff += struct.pack('<I', bufflen)
2943 salt = os.urandom(16)
2944 session_key = dce.get_rpc_transport().get_smb_connection().getSessionKey()
2945 keymd = md5()
2946 keymd.update(salt)
2947 keymd.update(session_key)
2948 key = keymd.digest()
2950 cipher = ARC4.new(key)
2951 buffercrypt = cipher.encrypt(pwdbuff) + salt
2954 request['Buffer']['Internal4New']['UserPassword']['Buffer'] = buffercrypt
2955 return dce.request(request)