3 much of this was derived from the ethereal sources - thanks to everyone
7 import "misc.idl", "lsa.idl", "samr.idl", "security.idl";
11 cpp_quote("#define netr_DeltaEnum8Bit netr_DeltaEnum")
12 cpp_quote("#define netr_SamDatabaseID8Bit netr_SamDatabaseID")
14 cpp_quote("#define ENC_CRC32 KERB_ENCTYPE_DES_CBC_CRC")
15 cpp_quote("#define ENC_RSA_MD5 KERB_ENCTYPE_DES_CBC_MD5")
16 cpp_quote("#define ENC_RC4_HMAC_MD5 KERB_ENCTYPE_RC4_HMAC_MD5")
17 cpp_quote("#define ENC_HMAC_SHA1_96_AES128 KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96")
18 cpp_quote("#define ENC_HMAC_SHA1_96_AES256 KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96")
19 cpp_quote("#define ENC_HMAC_SHA1_96_AES256_SK KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96_SK")
20 cpp_quote("#define ENC_FAST_SUPPORTED KERB_ENCTYPE_FAST_SUPPORTED")
21 cpp_quote("#define ENC_COMPOUND_IDENTITY_SUPPORTED KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED")
22 cpp_quote("#define ENC_CLAIMS_SUPPORTED KERB_ENCTYPE_CLAIMS_SUPPORTED")
23 cpp_quote("#define ENC_RESOURCE_SID_COMPRESSION_DISABLED KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED")
24 cpp_quote("#define NETLOGON_SERVER_PIPE_STATE_MAGIC 0x4f555358")
27 uuid("12345678-1234-abcd-ef00-01234567cffb"),
29 endpoint("ncacn_np:[\\pipe\\netlogon]","ncacn_ip_tcp:","ncalrpc:"),
30 helper("../librpc/ndr/ndr_netlogon.h"),
32 pointer_default(unique)
37 typedef bitmap samr_AcctFlags samr_AcctFlags;
38 typedef bitmap security_GroupAttrs security_GroupAttrs;
39 typedef enum netr_DeltaEnum8Bit netr_DeltaEnum8Bit;
40 typedef enum netr_SamDatabaseID8Bit netr_SamDatabaseID8Bit;
46 [string,charset(UTF16)] uint16 *account_name;
57 time_t pw_must_change;
58 [string,charset(UTF16)] uint16 *computer;
59 [string,charset(UTF16)] uint16 *domain;
60 [string,charset(UTF16)] uint16 *script_path;
64 WERROR netr_LogonUasLogon(
65 [in,unique] [string,charset(UTF16)] uint16 *server_name,
66 [in] [string,charset(UTF16)] uint16 *account_name,
67 [in] [string,charset(UTF16)] uint16 *workstation,
68 [out,ref] netr_UasInfo **info
80 WERROR netr_LogonUasLogoff(
81 [in,unique] [string,charset(UTF16)] uint16 *server_name,
82 [in] [string,charset(UTF16)] uint16 *account_name,
83 [in] [string,charset(UTF16)] uint16 *workstation,
84 [out,ref] netr_UasLogoffInfo *info
91 /* in netr_AcctLockStr size seems to be be 24, and rrenard thinks
92 that the structure of the bindata looks like this:
94 dlong lockout_duration;
96 uint32 bad_attempt_lockout;
99 but it doesn't look as though this structure is reflected at the
100 NDR level. Maybe it is left to the application to decode the bindata array.
102 typedef [public] struct {
103 dlong lockout_duration;
105 uint32 bad_attempt_lockout;
109 /* - MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
110 * sets the NETLOGON_SERVER_TRUST_ACCOUNT user_flag
111 * - MSV1_0_UPDATE_LOGON_STATISTICS
112 * sets the logon time on network logon
113 * - MSV1_0_RETURN_USER_PARAMETERS
114 * sets the user parameters in the driveletter
115 * - MSV1_0_RETURN_PROFILE_PATH
116 * returns the profilepath in the driveletter and
117 * sets LOGON_PROFILE_PATH_RETURNED user_flag
120 typedef [public,bitmap32bit] bitmap {
121 MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = 0x00000002,
122 MSV1_0_UPDATE_LOGON_STATISTICS = 0x00000004,
123 MSV1_0_RETURN_USER_PARAMETERS = 0x00000008,
124 MSV1_0_DONT_TRY_GUEST_ACCOUNT = 0x00000010,
125 MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT = 0x00000020,
126 MSV1_0_RETURN_PASSWORD_EXPIRY = 0x00000040,
127 MSV1_0_USE_CLIENT_CHALLENGE = 0x00000080,
128 MSV1_0_TRY_GUEST_ACCOUNT_ONLY = 0x00000100,
129 MSV1_0_RETURN_PROFILE_PATH = 0x00000200,
130 MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY = 0x00000400,
131 MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT = 0x00000800,
132 MSV1_0_DISABLE_PERSONAL_FALLBACK = 0x00001000,
133 MSV1_0_ALLOW_FORCE_GUEST = 0x00002000,
134 MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED = 0x00004000,
135 MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY = 0x00008000,
136 MSV1_0_ALLOW_MSVCHAPV2 = 0x00010000,
137 MSV1_0_S4U2SELF = 0x00020000,
138 MSV1_0_CHECK_LOGONHOURS_FOR_S4U = 0x00040000,
139 MSV1_0_SUBAUTHENTICATION_DLL_EX = 0x00100000
140 } netr_LogonParameterControl;
142 /* Summary of the of the Query and Response from Microsoft on
143 * the usage of logon_id in netr_IdendityInfo
145 * [REG:119013019612095] [MS-NRPC]: NETLOGON_LOGON_IDENTITY_INFO: Does
146 * the Reserved field have LogonId meaning?
149 * In NetrLogonSamLogonEx does the Reserved field
150 * (of NETLOGON_LOGON_IDENTITY_INFO) have LogonId meaning?
152 * What is a valid LogonID, and does have any audit usage?
154 * Samba is sending a constant "deadbeef" in hex and would like to
155 * understand any usage of this field.
158 * The NRPC spec is accurate in defining the field as Reserved, and
159 * without protocol significance. In the header file in our source
160 * code, it is defined as LogonId and commented as such, but it’s
161 * effectively not used. This is probably why the API structure has
162 * that field name. It may have been intended as such but it’s not
165 * Samba now sends a random value in this field.
168 lsa_String domain_name;
169 netr_LogonParameterControl parameter_control; /* see MSV1_0_* */
171 lsa_String account_name;
172 lsa_String workstation;
176 netr_IdentityInfo identity_info;
177 samr_Password lmpassword;
178 samr_Password ntpassword;
181 typedef [flag(NDR_PAHEX)] struct {
183 [value(length)] uint16 size;
184 [size_is(length),length_is(length)] uint8 *data;
185 } netr_ChallengeResponse;
187 typedef [flag(NDR_PAHEX)] struct {
188 netr_IdentityInfo identity_info;
190 netr_ChallengeResponse nt;
191 netr_ChallengeResponse lm;
194 typedef [flag(NDR_PAHEX)] struct {
195 netr_IdentityInfo identity_info;
196 lsa_String package_name;
198 [size_is(length)] uint8 *data;
201 typedef [public] enum {
202 NetlogonInteractiveInformation = 1,
203 NetlogonNetworkInformation = 2,
204 NetlogonServiceInformation = 3,
205 NetlogonGenericInformation = 4,
206 NetlogonInteractiveTransitiveInformation = 5,
207 NetlogonNetworkTransitiveInformation = 6,
208 NetlogonServiceTransitiveInformation = 7
209 } netr_LogonInfoClass;
211 typedef [public,switch_type(netr_LogonInfoClass)] union {
212 [case(NetlogonInteractiveInformation)] netr_PasswordInfo *password;
213 [case(NetlogonNetworkInformation)] netr_NetworkInfo *network;
214 [case(NetlogonServiceInformation)] netr_PasswordInfo *password;
215 [case(NetlogonGenericInformation)] netr_GenericInfo *generic;
216 [case(NetlogonInteractiveTransitiveInformation)] netr_PasswordInfo *password;
217 [case(NetlogonNetworkTransitiveInformation)] netr_NetworkInfo *network;
218 [case(NetlogonServiceTransitiveInformation)] netr_PasswordInfo *password;
222 typedef [public,flag(NDR_PAHEX)] struct {
224 } netr_UserSessionKey;
226 typedef [public,flag(NDR_PAHEX)] struct {
230 /* Flags for user_flags below */
231 typedef [public,bitmap32bit] bitmap {
232 NETLOGON_GUEST = 0x00000001,
233 NETLOGON_NOENCRYPTION = 0x00000002,
234 NETLOGON_CACHED_ACCOUNT = 0x00000004,
235 NETLOGON_USED_LM_PASSWORD = 0x00000008,
236 NETLOGON_EXTRA_SIDS = 0x00000020,
237 NETLOGON_SUBAUTH_SESSION_KEY = 0x00000040,
238 NETLOGON_SERVER_TRUST_ACCOUNT = 0x00000080,
239 NETLOGON_NTLMV2_ENABLED = 0x00000100,
240 NETLOGON_RESOURCE_GROUPS = 0x00000200,
241 NETLOGON_PROFILE_PATH_RETURNED = 0x00000400,
242 NETLOGON_GRACE_LOGON = 0x01000000
249 NTTIME last_password_change;
250 NTTIME allow_password_change;
251 NTTIME force_password_change;
252 lsa_String account_name;
253 lsa_String full_name;
254 lsa_String logon_script;
255 lsa_String profile_path;
256 lsa_String home_directory;
257 lsa_String home_drive;
259 uint16 bad_password_count;
262 samr_RidWithAttributeArray groups;
263 netr_UserFlags user_flags;
264 [flag(NDR_SECRET)] netr_UserSessionKey key;
265 lsa_StringLarge logon_server;
266 lsa_StringLarge logon_domain;
267 dom_sid2 *domain_sid;
268 [flag(NDR_SECRET)] netr_LMSessionKey LMSessKey;
269 samr_AcctFlags acct_flags;
270 uint32 sub_auth_status;
271 NTTIME last_successful_logon;
272 NTTIME last_failed_logon;
273 uint32 failed_logon_count;
278 netr_SamBaseInfo base;
281 typedef [public] struct {
283 security_GroupAttrs attributes;
286 typedef [public] struct {
287 netr_SamBaseInfo base;
289 [size_is(sidcount)] netr_SidAttr *sids;
293 netr_SamBaseInfo base;
295 [size_is(sidcount)] netr_SidAttr *sids;
298 * Should pointer values be allocated
299 * of sids[*].sid before the following ones?
301 * That's at least the case for
304 lsa_String dns_domainname;
305 lsa_String principal_name;
311 [size_is(pac_size)] uint8 *pac;
312 lsa_String logon_domain;
313 lsa_String logon_server;
314 lsa_String principal_name;
316 [size_is(auth_size)] uint8 *auth;
317 netr_UserSessionKey user_session_key;
318 uint32 expansionroom[10];
325 typedef [flag(NDR_PAHEX)] struct {
327 [size_is(length)] uint8 *data;
331 NetlogonValidationUasInfo = 1,
332 NetlogonValidationSamInfo = 2,
333 NetlogonValidationSamInfo2 = 3,
334 NetlogonValidationGenericInfo2 = 5,
335 NetlogonValidationSamInfo4 = 6
336 } netr_ValidationInfoClass;
338 typedef [public,switch_type(uint16)] union {
339 [case(NetlogonValidationSamInfo)] netr_SamInfo2 *sam2;
340 [case(NetlogonValidationSamInfo2)] netr_SamInfo3 *sam3;
341 [case(4)] netr_PacInfo *pac;
342 [case(NetlogonValidationGenericInfo2)] netr_GenericInfo2 *generic;
343 [case(NetlogonValidationSamInfo4)] netr_SamInfo6 *sam6;
347 typedef [public, flag(NDR_PAHEX)] struct {
351 typedef [public] struct {
352 netr_Credential client_challenge;
353 netr_Credential server_challenge;
354 } netlogon_server_pipe_state;
356 typedef [public] struct {
357 netr_Credential cred;
359 } netr_Authenticator;
361 [public] NTSTATUS netr_LogonSamLogon(
362 [in,unique] [string,charset(UTF16)] uint16 *server_name,
363 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
364 [in,unique] netr_Authenticator *credential,
365 [in,out,unique] netr_Authenticator *return_authenticator,
366 [in] netr_LogonInfoClass logon_level,
367 [in,ref] [switch_is(logon_level)] netr_LogonLevel *logon,
368 [in] uint16 validation_level,
369 [out,ref] [switch_is(validation_level)] netr_Validation *validation,
370 [out,ref] uint8 *authoritative
377 NTSTATUS netr_LogonSamLogoff(
378 [in,unique] [string,charset(UTF16)] uint16 *server_name,
379 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
380 [in,unique] netr_Authenticator *credential,
381 [in,out,unique] netr_Authenticator *return_authenticator,
382 [in] netr_LogonInfoClass logon_level,
383 [in] [switch_is(logon_level)] netr_LogonLevel logon
391 [public] NTSTATUS netr_ServerReqChallenge(
392 [in,unique,string,charset(UTF16)] uint16 *server_name,
393 [in,string,charset(UTF16)] uint16 *computer_name,
394 [in,ref] netr_Credential *credentials,
395 [out,ref] netr_Credential *return_credentials
402 typedef enum netr_SchannelType netr_SchannelType;
404 NTSTATUS netr_ServerAuthenticate(
405 [in,unique,string,charset(UTF16)] uint16 *server_name,
406 [in,string,charset(UTF16)] uint16 *account_name,
407 [in] netr_SchannelType secure_channel_type,
408 [in,string,charset(UTF16)] uint16 *computer_name,
409 [in,ref] netr_Credential *credentials,
410 [out,ref] netr_Credential *return_credentials
417 NTSTATUS netr_ServerPasswordSet(
418 [in,unique] [string,charset(UTF16)] uint16 *server_name,
419 [in] [string,charset(UTF16)] uint16 *account_name,
420 [in] netr_SchannelType secure_channel_type,
421 [in] [string,charset(UTF16)] uint16 *computer_name,
422 [in,ref] netr_Authenticator *credential,
423 [out,ref] netr_Authenticator *return_authenticator,
424 [in,ref] samr_Password *new_password
431 typedef enum netr_SamDatabaseID netr_SamDatabaseID;
434 [string,charset(UTF16)] uint16 *account_name;
443 } netr_DELTA_DELETE_USER;
447 [value(length)] uint16 size;
454 [value(nt_length)] uint16 nt_size;
457 [value(lm_length)] uint16 lm_size;
459 uint8 nt_history[nt_length];
460 uint8 lm_history[lm_length];
461 } netr_PasswordHistory;
464 netr_USER_KEY16 lmpassword;
465 netr_USER_KEY16 ntpassword;
466 netr_PasswordHistory history;
469 typedef struct { /* TODO: make this a union! */
470 netr_USER_KEYS2 keys2;
471 } netr_USER_KEY_UNION;
473 typedef [public] struct {
475 netr_USER_KEY_UNION keys;
479 boolean8 SensitiveDataFlag;
482 /* netr_USER_KEYS encrypted with the session key */
483 [size_is(DataLength)][flag(NDR_PAHEX)] uint8 *SensitiveData;
484 } netr_USER_PRIVATE_INFO;
487 lsa_String account_name;
488 lsa_String full_name;
491 lsa_String home_directory;
492 lsa_String home_drive;
493 lsa_String logon_script;
494 lsa_String description;
495 lsa_String workstations;
498 samr_LogonHours logon_hours;
499 uint16 bad_password_count;
501 NTTIME last_password_change;
503 samr_AcctFlags acct_flags;
504 samr_Password lmpassword;
505 samr_Password ntpassword;
506 boolean8 nt_password_present;
507 boolean8 lm_password_present;
508 boolean8 password_expired;
510 lsa_BinaryString parameters;
513 netr_USER_PRIVATE_INFO user_private_info;
514 uint32 SecurityInformation;
516 lsa_String profile_path;
527 lsa_String domain_name;
528 lsa_String oem_information; /* comment */
529 dlong force_logoff_time;
530 uint16 min_password_length;
531 uint16 password_history_length;
532 /* yes, these are signed. They are in negative 100ns */
533 dlong max_password_age;
534 dlong min_password_age;
536 NTTIME domain_create_time;
537 uint32 SecurityInformation;
539 lsa_BinaryString account_lockout;
543 uint32 logon_to_chgpass;
550 lsa_String group_name;
553 lsa_String description;
554 uint32 SecurityInformation;
580 [size_is(num_rids)] uint32 *rids;
581 [size_is(num_rids)] uint32 *attribs;
587 } netr_DELTA_GROUP_MEMBER;
590 lsa_String alias_name;
592 uint32 SecurityInformation;
594 lsa_String description;
610 } netr_DELTA_ALIAS_MEMBER;
613 uint32 pagedpoollimit;
614 uint32 nonpagedpoollimit;
615 uint32 minimumworkingsetsize;
616 uint32 maximumworkingsetsize;
617 uint32 pagefilelimit;
623 NTTIME auditretentionperiod;
624 boolean8 auditingmode;
625 uint32 maxauditeventcount;
626 [size_is(maxauditeventcount+1)] uint32 *eventauditoptions;
627 lsa_String primary_domain_name;
629 netr_QUOTA_LIMITS quota_limits;
631 NTTIME db_create_time;
632 uint32 SecurityInformation;
645 lsa_String domain_name;
646 uint32 num_controllers;
647 [size_is(num_controllers)] lsa_String *controller_names;
648 uint32 SecurityInformation;
658 } netr_DELTA_TRUSTED_DOMAIN;
661 uint32 privilege_entries;
662 uint32 privilege_control;
663 [size_is(privilege_entries)] uint32 *privilege_attrib;
664 [size_is(privilege_entries)] lsa_String *privilege_name;
665 netr_QUOTA_LIMITS quotalimits;
667 uint32 SecurityInformation;
677 } netr_DELTA_ACCOUNT;
682 [size_is(maxlen)][length_is(len)] uint8 *cipher_data;
686 netr_CIPHER_VALUE current_cipher;
687 NTTIME current_cipher_set_time;
688 netr_CIPHER_VALUE old_cipher;
689 NTTIME old_cipher_set_time;
690 uint32 SecurityInformation;
703 NETR_DELTA_DOMAIN = 1,
704 NETR_DELTA_GROUP = 2,
705 NETR_DELTA_DELETE_GROUP = 3,
706 NETR_DELTA_RENAME_GROUP = 4,
708 NETR_DELTA_DELETE_USER = 6,
709 NETR_DELTA_RENAME_USER = 7,
710 NETR_DELTA_GROUP_MEMBER = 8,
711 NETR_DELTA_ALIAS = 9,
712 NETR_DELTA_DELETE_ALIAS = 10,
713 NETR_DELTA_RENAME_ALIAS = 11,
714 NETR_DELTA_ALIAS_MEMBER = 12,
715 NETR_DELTA_POLICY = 13,
716 NETR_DELTA_TRUSTED_DOMAIN = 14,
717 NETR_DELTA_DELETE_TRUST = 15,
718 NETR_DELTA_ACCOUNT = 16,
719 NETR_DELTA_DELETE_ACCOUNT = 17,
720 NETR_DELTA_SECRET = 18,
721 NETR_DELTA_DELETE_SECRET = 19,
722 NETR_DELTA_DELETE_GROUP2 = 20,
723 NETR_DELTA_DELETE_USER2 = 21,
724 NETR_DELTA_MODIFY_COUNT = 22
727 typedef [switch_type(netr_DeltaEnum)] union {
728 [case(NETR_DELTA_DOMAIN)] netr_DELTA_DOMAIN *domain;
729 [case(NETR_DELTA_GROUP)] netr_DELTA_GROUP *group;
730 [case(NETR_DELTA_DELETE_GROUP)] ; /* rid only */
731 [case(NETR_DELTA_RENAME_GROUP)] netr_DELTA_RENAME *rename_group;
732 [case(NETR_DELTA_USER)] netr_DELTA_USER *user;
733 [case(NETR_DELTA_DELETE_USER)] ; /* rid only */
734 [case(NETR_DELTA_RENAME_USER)] netr_DELTA_RENAME *rename_user;
735 [case(NETR_DELTA_GROUP_MEMBER)] netr_DELTA_GROUP_MEMBER *group_member;
736 [case(NETR_DELTA_ALIAS)] netr_DELTA_ALIAS *alias;
737 [case(NETR_DELTA_DELETE_ALIAS)] ; /* rid only */
738 [case(NETR_DELTA_RENAME_ALIAS)] netr_DELTA_RENAME *rename_alias;
739 [case(NETR_DELTA_ALIAS_MEMBER)] netr_DELTA_ALIAS_MEMBER *alias_member;
740 [case(NETR_DELTA_POLICY)] netr_DELTA_POLICY *policy;
741 [case(NETR_DELTA_TRUSTED_DOMAIN)] netr_DELTA_TRUSTED_DOMAIN *trusted_domain;
742 [case(NETR_DELTA_DELETE_TRUST)] ; /* sid only */
743 [case(NETR_DELTA_ACCOUNT)] netr_DELTA_ACCOUNT *account;
744 [case(NETR_DELTA_DELETE_ACCOUNT)] ; /* sid only */
745 [case(NETR_DELTA_SECRET)] netr_DELTA_SECRET *secret;
746 [case(NETR_DELTA_DELETE_SECRET)] ; /* name only */
747 [case(NETR_DELTA_DELETE_GROUP2)] netr_DELTA_DELETE_USER *delete_group;
748 [case(NETR_DELTA_DELETE_USER2)] netr_DELTA_DELETE_USER *delete_user;
749 [case(NETR_DELTA_MODIFY_COUNT)] udlong *modified_count;
753 typedef [switch_type(netr_DeltaEnum)] union {
754 [case(NETR_DELTA_DOMAIN)] uint32 rid;
755 [case(NETR_DELTA_GROUP)] uint32 rid;
756 [case(NETR_DELTA_DELETE_GROUP)] uint32 rid;
757 [case(NETR_DELTA_RENAME_GROUP)] uint32 rid;
758 [case(NETR_DELTA_USER)] uint32 rid;
759 [case(NETR_DELTA_DELETE_USER)] uint32 rid;
760 [case(NETR_DELTA_RENAME_USER)] uint32 rid;
761 [case(NETR_DELTA_GROUP_MEMBER)] uint32 rid;
762 [case(NETR_DELTA_ALIAS)] uint32 rid;
763 [case(NETR_DELTA_DELETE_ALIAS)] uint32 rid;
764 [case(NETR_DELTA_RENAME_ALIAS)] uint32 rid;
765 [case(NETR_DELTA_ALIAS_MEMBER)] uint32 rid;
766 [case(NETR_DELTA_POLICY)] dom_sid2 *sid;
767 [case(NETR_DELTA_TRUSTED_DOMAIN)] dom_sid2 *sid;
768 [case(NETR_DELTA_DELETE_TRUST)] dom_sid2 *sid;
769 [case(NETR_DELTA_ACCOUNT)] dom_sid2 *sid;
770 [case(NETR_DELTA_DELETE_ACCOUNT)] dom_sid2 *sid;
771 [case(NETR_DELTA_SECRET)] [string,charset(UTF16)] uint16 *name;
772 [case(NETR_DELTA_DELETE_SECRET)] [string,charset(UTF16)] uint16 *name;
773 [case(NETR_DELTA_DELETE_GROUP2)] uint32 rid;
774 [case(NETR_DELTA_DELETE_USER2)] uint32 rid;
775 [case(NETR_DELTA_MODIFY_COUNT)] ;
777 } netr_DELTA_ID_UNION;
780 netr_DeltaEnum delta_type;
781 [switch_is(delta_type)] netr_DELTA_ID_UNION delta_id_union;
782 [switch_is(delta_type)] netr_DELTA_UNION delta_union;
787 [size_is(num_deltas)] netr_DELTA_ENUM *delta_enum;
788 } netr_DELTA_ENUM_ARRAY;
790 NTSTATUS netr_DatabaseDeltas(
791 [in] [string,charset(UTF16)] uint16 *logon_server,
792 [in] [string,charset(UTF16)] uint16 *computername,
793 [in,ref] netr_Authenticator *credential,
794 [in,out,ref] netr_Authenticator *return_authenticator,
795 [in] netr_SamDatabaseID database_id,
796 [in,out,ref] udlong *sequence_num,
797 [out,ref] netr_DELTA_ENUM_ARRAY **delta_enum_array,
798 [in] uint32 preferredmaximumlength
805 NTSTATUS netr_DatabaseSync(
806 [in] [string,charset(UTF16)] uint16 *logon_server,
807 [in] [string,charset(UTF16)] uint16 *computername,
808 [in,ref] netr_Authenticator *credential,
809 [in,out,ref] netr_Authenticator *return_authenticator,
810 [in] netr_SamDatabaseID database_id,
811 [in,out,ref] uint32 *sync_context,
812 [out,ref] netr_DELTA_ENUM_ARRAY **delta_enum_array,
813 [in] uint32 preferredmaximumlength
820 /* w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this call */
822 typedef [flag(NDR_PAHEX)] struct {
823 uint8 computer_name[16];
825 uint32 serial_number;
829 [flag(NDR_REMAINING)] DATA_BLOB blob;
830 } netr_AccountBuffer;
832 NTSTATUS netr_AccountDeltas(
833 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
834 [in] [string,charset(UTF16)] uint16 *computername,
835 [in] netr_Authenticator credential,
836 [in,out,ref] netr_Authenticator *return_authenticator,
837 [in] netr_UAS_INFO_0 uas,
840 [in] uint32 buffersize,
841 [out,ref,subcontext(4)] netr_AccountBuffer *buffer,
842 [out,ref] uint32 *count_returned,
843 [out,ref] uint32 *total_entries,
844 [out,ref] netr_UAS_INFO_0 *recordid
851 NTSTATUS netr_AccountSync(
852 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
853 [in] [string,charset(UTF16)] uint16 *computername,
854 [in] netr_Authenticator credential,
855 [in,out,ref] netr_Authenticator *return_authenticator,
856 [in] uint32 reference,
858 [in] uint32 buffersize,
859 [out,ref,subcontext(4)] netr_AccountBuffer *buffer,
860 [out,ref] uint32 *count_returned,
861 [out,ref] uint32 *total_entries,
862 [out,ref] uint32 *next_reference,
863 [in,out,ref] netr_UAS_INFO_0 *recordid
870 WERROR netr_GetDcName(
871 [in] [string,charset(UTF16)] uint16 *logon_server,
872 [in,unique] [string,charset(UTF16)] uint16 *domainname,
873 [out,ref] [string,charset(UTF16)] uint16 **dcname
879 typedef [bitmap32bit] bitmap {
880 NETLOGON_REPLICATION_NEEDED = 0x00000001,
881 NETLOGON_REPLICATION_IN_PROGRESS = 0x00000002,
882 NETLOGON_FULL_SYNC_REPLICATION = 0x00000004,
883 NETLOGON_REDO_NEEDED = 0x00000008,
884 NETLOGON_HAS_IP = 0x00000010,
885 NETLOGON_HAS_TIMESERV = 0x00000020,
886 NETLOGON_DNS_UPDATE_FAILURE = 0x00000040,
887 NETLOGON_VERIFY_STATUS_RETURNED = 0x00000080
891 netr_InfoFlags flags;
892 WERROR pdc_connection_status;
893 } netr_NETLOGON_INFO_1;
896 netr_InfoFlags flags;
897 WERROR pdc_connection_status;
898 [string,charset(UTF16)] uint16 *trusted_dc_name;
899 WERROR tc_connection_status;
900 } netr_NETLOGON_INFO_2;
903 netr_InfoFlags flags;
904 uint32 logon_attempts;
910 } netr_NETLOGON_INFO_3;
913 [string,charset(UTF16)] uint16 *trusted_dc_name;
914 [string,charset(UTF16)] uint16 *trusted_domain_name;
915 } netr_NETLOGON_INFO_4;
917 typedef [public] union {
918 [case(1)] netr_NETLOGON_INFO_1 *info1;
919 [case(2)] netr_NETLOGON_INFO_2 *info2;
920 [case(3)] netr_NETLOGON_INFO_3 *info3;
921 [case(4)] netr_NETLOGON_INFO_4 *info4;
923 } netr_CONTROL_QUERY_INFORMATION;
925 /* function_code values */
926 typedef [v1_enum,public] enum {
927 NETLOGON_CONTROL_QUERY = 0x00000001,
928 NETLOGON_CONTROL_REPLICATE = 0x00000002,
929 NETLOGON_CONTROL_SYNCHRONIZE = 0x00000003,
930 NETLOGON_CONTROL_PDC_REPLICATE = 0x00000004,
931 NETLOGON_CONTROL_REDISCOVER = 0x00000005,
932 NETLOGON_CONTROL_TC_QUERY = 0x00000006,
933 NETLOGON_CONTROL_TRANSPORT_NOTIFY = 0x00000007,
934 NETLOGON_CONTROL_FIND_USER = 0x00000008,
935 NETLOGON_CONTROL_CHANGE_PASSWORD = 0x00000009,
936 NETLOGON_CONTROL_TC_VERIFY = 0x0000000A,
937 NETLOGON_CONTROL_FORCE_DNS_REG = 0x0000000B,
938 NETLOGON_CONTROL_QUERY_DNS_REG = 0x0000000C,
939 NETLOGON_CONTROL_BACKUP_CHANGE_LOG = 0x0000FFFC,
940 NETLOGON_CONTROL_TRUNCATE_LOG = 0x0000FFFD,
941 NETLOGON_CONTROL_SET_DBFLAG = 0x0000FFFE,
942 NETLOGON_CONTROL_BREAKPOINT = 0x0000FFFF
943 } netr_LogonControlCode;
945 WERROR netr_LogonControl(
946 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
947 [in] netr_LogonControlCode function_code,
949 [out,ref,switch_is(level)] netr_CONTROL_QUERY_INFORMATION *query
956 WERROR netr_GetAnyDCName(
957 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
958 [in,unique] [string,charset(UTF16)] uint16 *domainname,
959 [out,ref] [string,charset(UTF16)] uint16 **dcname
966 typedef [public,switch_type(netr_LogonControlCode)] union {
967 [case(NETLOGON_CONTROL_REDISCOVER)] [string,charset(UTF16)] uint16 *domain;
968 [case(NETLOGON_CONTROL_TC_QUERY)] [string,charset(UTF16)] uint16 *domain;
969 [case(NETLOGON_CONTROL_TRANSPORT_NOTIFY)] [string,charset(UTF16)] uint16 *domain;
970 [case(NETLOGON_CONTROL_CHANGE_PASSWORD)] [string,charset(UTF16)] uint16 *domain;
971 [case(NETLOGON_CONTROL_TC_VERIFY)] [string,charset(UTF16)] uint16 *domain;
972 [case(NETLOGON_CONTROL_FIND_USER)] [string,charset(UTF16)] uint16 *user;
973 [case(NETLOGON_CONTROL_SET_DBFLAG)] uint32 debug_level;
975 } netr_CONTROL_DATA_INFORMATION;
977 WERROR netr_LogonControl2(
978 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
979 [in] netr_LogonControlCode function_code,
981 [in,ref][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION *data,
982 [out,ref][switch_is(level)] netr_CONTROL_QUERY_INFORMATION *query
986 /* If NETLOGON_NEG_ARCFOUR flag is not set, then the passwords and LM
987 * session keys are encrypted with DES calls. (And the user session key
993 typedef [public,bitmap32bit] bitmap {
994 NETLOGON_NEG_ACCOUNT_LOCKOUT = 0x00000001,
995 NETLOGON_NEG_PERSISTENT_SAMREPL = 0x00000002,
996 NETLOGON_NEG_ARCFOUR = 0x00000004,
997 NETLOGON_NEG_PROMOTION_COUNT = 0x00000008,
998 NETLOGON_NEG_CHANGELOG_BDC = 0x00000010,
999 NETLOGON_NEG_FULL_SYNC_REPL = 0x00000020,
1000 NETLOGON_NEG_MULTIPLE_SIDS = 0x00000040,
1001 NETLOGON_NEG_REDO = 0x00000080,
1002 NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL = 0x00000100,
1003 NETLOGON_NEG_SEND_PASSWORD_INFO_PDC = 0x00000200,
1004 NETLOGON_NEG_GENERIC_PASSTHROUGH = 0x00000400,
1005 NETLOGON_NEG_CONCURRENT_RPC = 0x00000800,
1006 NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL = 0x00001000,
1007 NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL = 0x00002000,
1008 NETLOGON_NEG_STRONG_KEYS = 0x00004000,
1009 NETLOGON_NEG_TRANSITIVE_TRUSTS = 0x00008000,
1010 NETLOGON_NEG_DNS_DOMAIN_TRUSTS = 0x00010000,
1011 NETLOGON_NEG_PASSWORD_SET2 = 0x00020000,
1012 NETLOGON_NEG_GETDOMAININFO = 0x00040000,
1013 NETLOGON_NEG_CROSS_FOREST_TRUSTS = 0x00080000,
1014 NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION = 0x00100000,
1015 NETLOGON_NEG_RODC_PASSTHROUGH = 0x00200000,
1016 NETLOGON_NEG_SUPPORTS_AES_SHA2 = 0x00400000,
1017 NETLOGON_NEG_SUPPORTS_AES = 0x01000000,
1018 NETLOGON_NEG_AUTHENTICATED_RPC_LSASS = 0x20000000,
1019 NETLOGON_NEG_AUTHENTICATED_RPC = 0x40000000
1020 } netr_NegotiateFlags;
1022 const uint32 NETLOGON_NEG_128BIT = NETLOGON_NEG_STRONG_KEYS;
1023 const uint32 NETLOGON_NEG_SCHANNEL = NETLOGON_NEG_AUTHENTICATED_RPC;
1025 NTSTATUS netr_ServerAuthenticate2(
1026 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1027 [in] [string,charset(UTF16)] uint16 *account_name,
1028 [in] netr_SchannelType secure_channel_type,
1029 [in] [string,charset(UTF16)] uint16 *computer_name,
1030 [in,ref] netr_Credential *credentials,
1031 [out,ref] netr_Credential *return_credentials,
1032 [in,out,ref] netr_NegotiateFlags *negotiate_flags
1040 SYNCSTATE_NORMAL_STATE = 0,
1041 SYNCSTATE_DOMAIN_STATE = 1,
1042 SYNCSTATE_GROUP_STATE = 2,
1043 SYNCSTATE_UAS_BUILT_IN_GROUP_STATE = 3,
1044 SYNCSTATE_USER_STATE = 4,
1045 SYNCSTATE_GROUP_MEMBER_STATE = 5,
1046 SYNCSTATE_ALIAS_STATE = 6,
1047 SYNCSTATE_ALIAS_MEMBER_STATE = 7,
1048 SYNCSTATE_SAM_DONE_STATE = 8
1051 NTSTATUS netr_DatabaseSync2(
1052 [in] [string,charset(UTF16)] uint16 *logon_server,
1053 [in] [string,charset(UTF16)] uint16 *computername,
1054 [in,ref] netr_Authenticator *credential,
1055 [in,out,ref] netr_Authenticator *return_authenticator,
1056 [in] netr_SamDatabaseID database_id,
1057 [in] SyncStateEnum restart_state,
1058 [in,out,ref] uint32 *sync_context,
1059 [out,ref] netr_DELTA_ENUM_ARRAY **delta_enum_array,
1060 [in] uint32 preferredmaximumlength
1067 /* i'm not at all sure how this call works */
1069 typedef [bitmap16bit] bitmap {
1070 NETR_CHANGELOG_IMMEDIATE_REPL_REQUIRED = 0x0001,
1071 NETR_CHANGELOG_CHANGED_PASSWORD = 0x0002,
1072 NETR_CHANGELOG_SID_INCLUDED = 0x0004,
1073 NETR_CHANGELOG_NAME_INCLUDED = 0x0008,
1074 NETR_CHANGELOG_FIRST_PROMOTION_OBJ = 0x0010
1075 } netr_ChangeLogFlags;
1077 typedef [nodiscriminant] union {
1078 [case(NETR_CHANGELOG_SID_INCLUDED)] dom_sid object_sid;
1079 [case(NETR_CHANGELOG_NAME_INCLUDED)] nstring object_name;
1081 } netr_ChangeLogObject;
1083 typedef [public,gensize] struct {
1084 uint32 serial_number1;
1085 uint32 serial_number2;
1087 netr_ChangeLogFlags flags;
1088 netr_SamDatabaseID8Bit db_index;
1089 netr_DeltaEnum8Bit delta_type;
1090 [switch_is(flags & (NETR_CHANGELOG_SID_INCLUDED|NETR_CHANGELOG_NAME_INCLUDED))] netr_ChangeLogObject object;
1091 } netr_ChangeLogEntry;
1093 NTSTATUS netr_DatabaseRedo(
1094 [in] [string,charset(UTF16)] uint16 *logon_server,
1095 [in] [string,charset(UTF16)] uint16 *computername,
1096 [in] netr_Authenticator *credential,
1097 [in,out,ref] netr_Authenticator *return_authenticator,
1099 * we cannot use subcontext_size() here, as
1100 * change_log_entry_size is encoded after the subcontext
1102 [in] [subcontext(4)/*,subcontext_size(change_log_entry_size)*/]
1103 netr_ChangeLogEntry change_log_entry,
1104 [in] [value(ndr_size_netr_ChangeLogEntry(&change_log_entry,
1106 uint32 change_log_entry_size,
1107 [out,ref] netr_DELTA_ENUM_ARRAY **delta_enum_array
1114 WERROR netr_LogonControl2Ex(
1115 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
1116 [in] netr_LogonControlCode function_code,
1118 [in,ref][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION *data,
1119 [out,ref][switch_is(level)] netr_CONTROL_QUERY_INFORMATION *query
1126 [size_is(length)] uint8 *data;
1129 NTSTATUS netr_NetrEnumerateTrustedDomains(
1130 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1131 [out,ref] netr_Blob *trusted_domains_blob
1137 /* one unknown bit still: DS_IP_VERSION_AGNOSTIC - gd*/
1139 const int DSGETDC_VALID_FLAGS = (DS_FORCE_REDISCOVERY |
1140 DS_DIRECTORY_SERVICE_REQUIRED |
1141 DS_DIRECTORY_SERVICE_PREFERRED |
1142 DS_GC_SERVER_REQUIRED |
1144 DS_BACKGROUND_ONLY |
1147 DS_TIMESERV_REQUIRED |
1148 DS_WRITABLE_REQUIRED |
1149 DS_GOOD_TIMESERV_PREFERRED |
1151 DS_ONLY_LDAP_NEEDED |
1154 DS_TRY_NEXTCLOSEST_SITE |
1155 DS_DIRECTORY_SERVICE_6_REQUIRED |
1156 DS_WEB_SERVICE_REQUIRED |
1158 * For now we skip these until
1159 * we have test for them:
1160 * DS_DIRECTORY_SERVICE_8_REQUIRED |
1161 * DS_DIRECTORY_SERVICE_9_REQUIRED |
1162 * DS_DIRECTORY_SERVICE_10_REQUIRED |
1164 DS_RETURN_FLAT_NAME |
1165 DS_RETURN_DNS_NAME);
1167 typedef [bitmap32bit] bitmap {
1168 DS_FORCE_REDISCOVERY = 0x00000001,
1169 DS_DIRECTORY_SERVICE_REQUIRED = 0x00000010,
1170 DS_DIRECTORY_SERVICE_PREFERRED = 0x00000020,
1171 DS_GC_SERVER_REQUIRED = 0x00000040,
1172 DS_PDC_REQUIRED = 0x00000080,
1173 DS_BACKGROUND_ONLY = 0x00000100,
1174 DS_IP_REQUIRED = 0x00000200,
1175 DS_KDC_REQUIRED = 0x00000400,
1176 DS_TIMESERV_REQUIRED = 0x00000800,
1177 DS_WRITABLE_REQUIRED = 0x00001000,
1178 DS_GOOD_TIMESERV_PREFERRED = 0x00002000,
1179 DS_AVOID_SELF = 0x00004000,
1180 DS_ONLY_LDAP_NEEDED = 0x00008000,
1181 DS_IS_FLAT_NAME = 0x00010000,
1182 DS_IS_DNS_NAME = 0x00020000,
1183 DS_TRY_NEXTCLOSEST_SITE = 0x00040000,
1184 DS_DIRECTORY_SERVICE_6_REQUIRED = 0x00080000, /* 2008 */
1185 DS_WEB_SERVICE_REQUIRED = 0x00100000,
1186 DS_DIRECTORY_SERVICE_8_REQUIRED = 0x00200000, /* 2012 */
1187 DS_DIRECTORY_SERVICE_9_REQUIRED = 0x00400000, /* 2012R2 */
1188 DS_DIRECTORY_SERVICE_10_REQUIRED= 0x00800000, /* 2016 */
1189 DS_RETURN_DNS_NAME = 0x40000000,
1190 DS_RETURN_FLAT_NAME = 0x80000000
1191 } netr_DsRGetDCName_flags;
1193 typedef [v1_enum] enum {
1194 DS_ADDRESS_TYPE_INET = 1,
1195 DS_ADDRESS_TYPE_NETBIOS = 2
1196 } netr_DsRGetDCNameInfo_AddressType;
1198 typedef [bitmap32bit] bitmap {
1199 DS_SERVER_PDC = 0x00000001,
1200 DS_SERVER_GC = 0x00000004,
1201 DS_SERVER_LDAP = 0x00000008,
1202 DS_SERVER_DS = 0x00000010,
1203 DS_SERVER_KDC = 0x00000020,
1204 DS_SERVER_TIMESERV = 0x00000040,
1205 DS_SERVER_CLOSEST = 0x00000080,
1206 DS_SERVER_WRITABLE = 0x00000100,
1207 DS_SERVER_GOOD_TIMESERV = 0x00000200,
1208 DS_SERVER_NDNC = 0x00000400,
1209 DS_SERVER_SELECT_SECRET_DOMAIN_6 = 0x00000800, /* 2008 / RODC */
1210 DS_SERVER_FULL_SECRET_DOMAIN_6 = 0x00001000, /* 2008 / RWDC */
1211 DS_SERVER_WEBSERV = 0x00002000,
1212 DS_SERVER_DS_8 = 0x00004000, /* 2012 */
1213 DS_SERVER_DS_9 = 0x00008000, /* 2012R2 */
1214 DS_SERVER_DS_10 = 0x00010000, /* 2016 */
1215 DS_DNS_CONTROLLER = 0x20000000,
1216 DS_DNS_DOMAIN = 0x40000000,
1217 DS_DNS_FOREST_ROOT = 0x80000000
1220 typedef [public] struct {
1221 [string,charset(UTF16)] uint16 *dc_unc;
1222 [string,charset(UTF16)] uint16 *dc_address;
1223 netr_DsRGetDCNameInfo_AddressType dc_address_type;
1225 [string,charset(UTF16)] uint16 *domain_name;
1226 [string,charset(UTF16)] uint16 *forest_name;
1227 netr_DsR_DcFlags dc_flags;
1228 [string,charset(UTF16)] uint16 *dc_site_name;
1229 [string,charset(UTF16)] uint16 *client_site_name;
1230 } netr_DsRGetDCNameInfo;
1232 WERROR netr_DsRGetDCName(
1233 [in,unique] [string,charset(UTF16)] uint16 *server_unc,
1234 [in,unique] [string,charset(UTF16)] uint16 *domain_name,
1235 [in,unique] GUID *domain_guid,
1236 [in,unique] GUID *site_guid,
1237 [in] netr_DsRGetDCName_flags flags,
1238 [out,ref] netr_DsRGetDCNameInfo **info
1243 typedef [switch_type(uint32)] union {
1244 [case(1)] netr_NegotiateFlags server_capabilities;
1245 } netr_Capabilities;
1247 NTSTATUS netr_LogonGetCapabilities(
1248 [in] [string,charset(UTF16)] uint16 *server_name,
1249 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
1250 [in,ref] netr_Authenticator *credential,
1251 [in,out,ref] netr_Authenticator *return_authenticator,
1252 [in] uint32 query_level,
1253 [out,ref,switch_is(query_level)] netr_Capabilities *capabilities
1258 [todo] WERROR netr_NETRLOGONSETSERVICEBITS();
1262 WERROR netr_LogonGetTrustRid(
1263 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1264 [in,unique] [string,charset(UTF16)] uint16 *domain_name,
1265 [out,ref] uint32 *rid
1270 [todo] WERROR netr_NETRLOGONCOMPUTESERVERDIGEST();
1274 [todo] WERROR netr_NETRLOGONCOMPUTECLIENTDIGEST();
1278 [public] NTSTATUS netr_ServerAuthenticate3(
1279 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1280 [in] [string,charset(UTF16)] uint16 *account_name,
1281 [in] netr_SchannelType secure_channel_type,
1282 [in] [string,charset(UTF16)] uint16 *computer_name,
1283 [in,ref] netr_Credential *credentials,
1284 [out,ref] netr_Credential *return_credentials,
1285 [in,out,ref] netr_NegotiateFlags *negotiate_flags,
1286 [out,ref] uint32 *rid
1292 WERROR netr_DsRGetDCNameEx(
1293 [in,unique] [string,charset(UTF16)] uint16 *server_unc,
1294 [in,unique] [string,charset(UTF16)] uint16 *domain_name,
1295 [in,unique] GUID *domain_guid,
1296 [in,unique] [string,charset(UTF16)] uint16 *site_name,
1297 [in] netr_DsRGetDCName_flags flags,
1298 [out,ref] netr_DsRGetDCNameInfo **info
1304 WERROR netr_DsRGetSiteName(
1305 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
1306 [out,ref] [string,charset(UTF16)] uint16 **site
1311 typedef [public,bitmap32bit] bitmap {
1312 NETR_TRUST_FLAG_IN_FOREST = 0x00000001,
1313 NETR_TRUST_FLAG_OUTBOUND = 0x00000002,
1314 NETR_TRUST_FLAG_TREEROOT = 0x00000004,
1315 NETR_TRUST_FLAG_PRIMARY = 0x00000008,
1316 NETR_TRUST_FLAG_NATIVE = 0x00000010,
1317 NETR_TRUST_FLAG_INBOUND = 0x00000020,
1318 NETR_TRUST_FLAG_MIT_KRB5 = 0x00000080,
1319 NETR_TRUST_FLAG_AES = 0x00000100
1322 typedef [bitmap32bit] bitmap {
1323 NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS = 0x00000001,
1324 NETR_WS_FLAG_HANDLES_SPN_UPDATE = 0x00000002
1325 } netr_WorkstationFlags;
1327 typedef [bitmap16bit] bitmap {
1328 NETR_VER_SUITE_BACKOFFICE = 0x0004,
1329 NETR_VER_SUITE_BLADE = 0x0400,
1330 NETR_VER_SUITE_COMPUTE_SERVER = 0x4000,
1331 NETR_VER_SUITE_DATACENTER = 0x0080,
1332 NETR_VER_SUITE_ENTERPRISE = 0x0002,
1333 NETR_VER_SUITE_EMBEDDEDNT = 0x0040,
1334 NETR_VER_SUITE_PERSONAL = 0x0200,
1335 NETR_VER_SUITE_SINGLEUSERTS = 0x0100,
1336 NETR_VER_SUITE_SMALLBUSINESS = 0x0001,
1337 NETR_VER_SUITE_SMALLBUSINESS_RESTRICTED = 0x0020,
1338 NETR_VER_SUITE_STORAGE_SERVER = 0x2000,
1339 NETR_VER_SUITE_TERMINAL = 0x0010,
1340 NETR_VER_SUITE_WH_SERVER = 0x8000
1343 typedef [bitmap8bit] bitmap {
1344 NETR_VER_NT_DOMAIN_CONTROLLER = 0x02,
1345 NETR_VER_NT_SERVER = 0x03,
1346 NETR_VER_NT_WORKSTATION = 0x01
1351 [size_is(policy_size)] uint8 *policy;
1352 } netr_LsaPolicyInformation;
1355 [value(284)] uint32 OSVersionInfoSize;
1356 uint32 MajorVersion;
1357 uint32 MinorVersion;
1360 [subcontext(0),subcontext_size(256)] nstring CSDVersion;
1361 uint16 ServicePackMajor;
1362 uint16 ServicePackMinor;
1363 netr_SuiteMask SuiteMask;
1364 netr_ProductType ProductType;
1366 } netr_OsVersionInfoEx;
1369 /* these first 3 values come from the fact windows
1370 actually encodes this structure as a UNICODE_STRING
1371 - see MS-NRPC section 2.2.1.3.9 */
1372 /* 142 * 2 = 284 (length of structure "netr_OsVersionInfoEx") */
1373 [value(142)] uint3264 length;
1374 [value(0)] uint3264 dummy;
1375 [value(142)] uint3264 size;
1376 [subcontext(0),subcontext_size(size*2)]
1377 netr_OsVersionInfoEx os;
1381 /* value is 284 when info != os, otherwise 0 (for length and
1383 [value(os == NULL ? 0 : 284)] uint16 length;
1384 [value(os == NULL ? 0 : 284)] uint16 size;
1386 } netr_OsVersionContainer;
1389 netr_LsaPolicyInformation lsa_policy;
1390 [string,charset(UTF16)] uint16 *dns_hostname;
1391 [string,charset(UTF16)] uint16 *sitename;
1392 [string,charset(UTF16)] uint16 *dummy1;
1393 [string,charset(UTF16)] uint16 *dummy2;
1394 [string,charset(UTF16)] uint16 *dummy3;
1395 [string,charset(UTF16)] uint16 *dummy4;
1396 netr_OsVersionContainer os_version;
1398 lsa_String dummy_string3;
1399 lsa_String dummy_string4;
1400 netr_WorkstationFlags workstation_flags;
1401 kerb_EncTypes supported_enc_types;
1404 } netr_WorkstationInformation;
1407 [case(1)] netr_WorkstationInformation *workstation_info;
1408 [case(2)] netr_WorkstationInformation *lsa_policy_info;
1409 } netr_WorkstationInfo;
1412 netr_TrustFlags flags;
1413 uint32 parent_index;
1414 lsa_TrustType trust_type;
1415 lsa_TrustAttributes trust_attributes;
1416 } netr_trust_extension_info;
1419 /* these first 3 values come from the fact windows
1420 actually encodes this structure as a UNICODE_STRING
1421 - see MS-NRPC section 2.2.1.3.9 */
1422 [value(8)] uint3264 length;
1423 [value(0)] uint3264 dummy;
1424 [value(8)] uint3264 size;
1425 [subcontext(0),subcontext_size(size*2)]
1426 netr_trust_extension_info info;
1427 } netr_trust_extension;
1430 /* value is 16 when info != NULL, otherwise 0 */
1431 [value(info == NULL ? 0 : 16)] uint16 length;
1432 [value(info == NULL ? 0 : 16)] uint16 size;
1433 netr_trust_extension *info;
1434 } netr_trust_extension_container;
1437 lsa_StringLarge domainname;
1438 lsa_StringLarge dns_domainname;
1439 lsa_StringLarge dns_forestname;
1441 dom_sid2 *domain_sid;
1442 netr_trust_extension_container trust_extension;
1443 lsa_StringLarge dummy_string2;
1444 lsa_StringLarge dummy_string3;
1445 lsa_StringLarge dummy_string4;
1450 } netr_OneDomainInfo;
1453 netr_OneDomainInfo primary_domain;
1454 uint32 trusted_domain_count;
1455 [size_is(trusted_domain_count)] netr_OneDomainInfo *trusted_domains;
1456 netr_LsaPolicyInformation lsa_policy;
1457 lsa_StringLarge dns_hostname;
1458 lsa_StringLarge dummy_string2;
1459 lsa_StringLarge dummy_string3;
1460 lsa_StringLarge dummy_string4;
1461 netr_WorkstationFlags workstation_flags;
1462 kerb_EncTypes supported_enc_types;
1465 } netr_DomainInformation;
1468 [case(1)] netr_DomainInformation *domain_info;
1469 [case(2)] netr_LsaPolicyInformation *lsa_policy_info;
1472 [public] NTSTATUS netr_LogonGetDomainInfo(
1473 [in] [string,charset(UTF16)] uint16 *server_name,
1474 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
1475 [in,ref] netr_Authenticator *credential,
1476 [in,out,ref] netr_Authenticator *return_authenticator,
1478 [in,ref,switch_is(level)] netr_WorkstationInfo *query,
1479 [out,ref,switch_is(level)] netr_DomainInfo *info
1485 /* [MS-NRPC] 2.2.1.3.8 NL_PASSWORD_VERSION */
1487 /* someone's birthday ? */
1488 const int NETLOGON_PASSWORD_VERSION_NUMBER_PRESENT = 0x02231968;
1491 uint32 ReservedField;
1492 uint32 PasswordVersionNumber;
1493 uint32 PasswordVersionPresent;
1494 } NL_PASSWORD_VERSION;
1496 typedef [flag(NDR_PAHEX)] struct {
1499 } netr_CryptPassword;
1501 NTSTATUS netr_ServerPasswordSet2(
1502 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1503 [in] [string,charset(UTF16)] uint16 *account_name,
1504 [in] netr_SchannelType secure_channel_type,
1505 [in] [string,charset(UTF16)] uint16 *computer_name,
1506 [in,ref] netr_Authenticator *credential,
1507 [out,ref] netr_Authenticator *return_authenticator,
1508 [in,ref] netr_CryptPassword *new_password
1513 NTSTATUS netr_ServerPasswordGet(
1514 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1515 [in] [string,charset(UTF16)] uint16 *account_name,
1516 [in] netr_SchannelType secure_channel_type,
1517 [in] [string,charset(UTF16)] uint16 *computer_name,
1518 [in,ref] netr_Authenticator *credential,
1519 [out,ref] netr_Authenticator *return_authenticator,
1520 [out,ref] samr_Password *password
1523 typedef [public] enum {
1524 SendToSamUpdatePassword = 0,
1525 SendToSamResetBadPasswordCount = 1,
1526 SendToSamUpdatePasswordForward = 2,
1527 SendToSamUpdateLastLogonTimestamp = 3,
1528 SendToSamResetSmartCardPassword = 4
1529 } netr_SendToSamType;
1533 } netr_SendToSamResetBadPasswordCount;
1535 typedef [nodiscriminant, public,switch_type(netr_SendToSamType)] union {
1536 /* TODO Implement other SendToSam message types
1537 * [case(SendToSamUpdatePassword)] netr_SendToSamUpdatePassword ...; */
1538 [case(SendToSamResetBadPasswordCount)] netr_SendToSamResetBadPasswordCount reset_bad_password;
1540 * [case(SendToSamUpdatePasswordForward)] netrSendToSamUpdatePasswordForward ...;
1541 * [case(SendToSamUpdateLastLogonTimestamp)] netrSendToSamUpdateLastLogonTimestamp ...;
1542 * [case(SendToSamResetSmartCardPassword)] netrSendToSamResetSmartCardPassword ...;
1545 } netr_SendToSamMessage;
1547 typedef [public] struct {
1548 netr_SendToSamType message_type;
1549 uint32 message_size;
1550 [switch_is(message_type), subcontext(0), subcontext_size(message_size)] netr_SendToSamMessage message;
1551 } netr_SendToSamBase;
1555 NTSTATUS netr_NetrLogonSendToSam(
1556 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1557 [in] [string,charset(UTF16)] uint16 *computer_name,
1558 [in,ref] netr_Authenticator *credential,
1559 [out,ref] netr_Authenticator *return_authenticator,
1560 [in,ref] [size_is(buffer_len)] uint8 *opaque_buffer,
1561 [in] uint32 buffer_len
1568 [size_is(count)] lsa_String *sitename;
1569 } netr_DsRAddressToSitenamesWCtr;
1572 [size_is(size)] uint8 *buffer;
1576 WERROR netr_DsRAddressToSitenamesW(
1577 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1578 [in] [range(0,32000)] uint32 count,
1579 [in] [size_is(count)] [ref] netr_DsRAddress *addresses,
1580 [out] [ref] netr_DsRAddressToSitenamesWCtr **ctr
1585 WERROR netr_DsRGetDCNameEx2(
1586 [in,unique] [string,charset(UTF16)] uint16 *server_unc,
1587 [in,unique] [string,charset(UTF16)] uint16 *client_account,
1588 [in] samr_AcctFlags mask,
1589 [in,unique] [string,charset(UTF16)] uint16 *domain_name,
1590 [in,unique] GUID *domain_guid,
1591 [in,unique] [string,charset(UTF16)] uint16 *site_name,
1592 [in] netr_DsRGetDCName_flags flags,
1593 [out,ref] netr_DsRGetDCNameInfo **info
1598 [todo] WERROR netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN();
1603 typedef [public] struct {
1604 [string,charset(UTF16)] uint16 *netbios_name;
1605 [string,charset(UTF16)] uint16 *dns_name;
1606 netr_TrustFlags trust_flags;
1607 uint32 parent_index;
1608 lsa_TrustType trust_type;
1609 lsa_TrustAttributes trust_attributes;
1614 typedef [public] struct {
1616 [size_is(count)] netr_DomainTrust *array;
1617 } netr_DomainTrustList;
1619 WERROR netr_NetrEnumerateTrustedDomainsEx(
1620 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1621 [out,ref] netr_DomainTrustList *dom_trust_list
1628 [size_is(count)] lsa_String *sitename;
1629 [size_is(count)] lsa_String *subnetname;
1630 } netr_DsRAddressToSitenamesExWCtr;
1632 WERROR netr_DsRAddressToSitenamesExW(
1633 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1634 [in] [range(0,32000)] uint32 count,
1635 [in] [size_is(count)] [ref] netr_DsRAddress *addresses,
1636 [out] [ref] netr_DsRAddressToSitenamesExWCtr **ctr
1644 [size_is(num_sites)] [unique] lsa_String *sites;
1647 WERROR netr_DsrGetDcSiteCoverageW(
1648 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1649 [out,ref] DcSitesCtr **ctr
1654 typedef [public,bitmap32bit] bitmap {
1655 /* Request MUST be passed to the domain controller at the root of the forest. */
1656 NETLOGON_SAMLOGON_FLAG_PASS_TO_FOREST_ROOT = 0x00000001,
1657 /* Request MUST be passed to the DC at the end of the first hop over a cross-forest trust. */
1658 NETLOGON_SAMLOGON_FLAG_PASS_CROSS_FOREST_HOP = 0x00000002,
1659 /* Request was passed by an RODC to a DC in a different domain. */
1660 NETLOGON_SAMLOGON_FLAG_RODC_TO_OTHER_DOMAIN = 0x00000004,
1661 /* Request is an NTLM authentication package request passed by an RODC. */
1662 NETLOGON_SAMLOGON_FLAG_RODC_NTLM_REQUEST = 0x00000008
1663 } netr_LogonSamLogon_flags;
1665 NTSTATUS netr_LogonSamLogonEx(
1666 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1667 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
1668 [in] netr_LogonInfoClass logon_level,
1669 [in,ref] [switch_is(logon_level)] netr_LogonLevel *logon,
1670 [in] uint16 validation_level,
1671 [out,ref] [switch_is(validation_level)] netr_Validation *validation,
1672 [out,ref] uint8 *authoritative,
1673 [in,out,ref] netr_LogonSamLogon_flags *flags
1679 WERROR netr_DsrEnumerateDomainTrusts(
1680 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1681 [in] netr_TrustFlags trust_flags,
1682 [out,ref] netr_DomainTrustList *trusts
1688 WERROR netr_DsrDeregisterDNSHostRecords(
1689 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1690 [in,unique] [string,charset(UTF16)] uint16 *domain,
1691 [in,unique] GUID *domain_guid,
1692 [in,unique] GUID *dsa_guid,
1693 [in,ref] [string,charset(UTF16)] uint16 *dns_host
1698 NTSTATUS netr_ServerTrustPasswordsGet(
1699 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1700 [in] [string,charset(UTF16)] uint16 *account_name,
1701 [in] netr_SchannelType secure_channel_type,
1702 [in] [string,charset(UTF16)] uint16 *computer_name,
1703 [in,ref] netr_Authenticator *credential,
1704 [out,ref] netr_Authenticator *return_authenticator,
1705 [out,ref] samr_Password *new_owf_password,
1706 [out,ref] samr_Password *old_owf_password
1712 const int DS_GFTI_UPDATE_TDO = 0x1;
1714 WERROR netr_DsRGetForestTrustInformation(
1715 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1716 [in,unique] [string,charset(UTF16)] uint16 *trusted_domain_name,
1718 [out,ref] lsa_ForestTrustInformation **forest_trust_info
1723 NTSTATUS netr_GetForestTrustInformation(
1724 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1725 [in,ref] [string,charset(UTF16)] uint16 *computer_name,
1726 [in,ref] netr_Authenticator *credential,
1727 [out,ref] netr_Authenticator *return_authenticator,
1729 [out,ref] lsa_ForestTrustInformation **forest_trust_info
1735 /* this is the ADS varient. I don't yet know what the "flags" are for */
1736 NTSTATUS netr_LogonSamLogonWithFlags(
1737 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1738 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
1739 [in,unique] netr_Authenticator *credential,
1740 [in,out,unique] netr_Authenticator *return_authenticator,
1741 [in] netr_LogonInfoClass logon_level,
1742 [in,ref] [switch_is(logon_level)] netr_LogonLevel *logon,
1743 [in] uint16 validation_level,
1744 [out,ref] [switch_is(validation_level)] netr_Validation *validation,
1745 [out,ref] uint8 *authoritative,
1746 [in,out,ref] netr_LogonSamLogon_flags *flags
1754 [size_is(count)] uint32 *data;
1756 [size_is(count)] lsa_String *entries;
1759 NTSTATUS netr_ServerGetTrustInfo(
1760 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1761 [in,ref] [string,charset(UTF16)] uint16 *account_name,
1762 [in] netr_SchannelType secure_channel_type,
1763 [in,ref] [string,charset(UTF16)] uint16 *computer_name,
1764 [in,ref] netr_Authenticator *credential,
1765 [out,ref] netr_Authenticator *return_authenticator,
1766 [out,ref] samr_Password *new_owf_password,
1767 [out,ref] samr_Password *old_owf_password,
1768 [out,ref] netr_TrustInfo **trust_info
1774 NTSTATUS netr_Unused47(void);
1781 NlDnsLdapAtSite = 22,
1784 NlDnsKdcAtSite = 30,
1786 NlDnsRfc1510KdcAtSite = 34,
1787 NlDnsGenericGcAtSite = 36
1791 NlDnsInfoTypeNone = 0,
1792 NlDnsDomainName = 1,
1793 NlDnsDomainNameAlias = 2,
1794 NlDnsForestName = 3,
1795 NlDnsForestNameAlias = 4,
1796 NlDnsNdncDomainName = 5,
1798 } netr_DnsDomainInfoType;
1802 [string,charset(UTF16)] uint16 *dns_domain_info;
1803 netr_DnsDomainInfoType dns_domain_info_type;
1807 boolean32 dns_register;
1811 typedef [public] struct {
1813 [size_is(count)] NL_DNS_NAME_INFO *names;
1814 } NL_DNS_NAME_INFO_ARRAY;
1816 NTSTATUS netr_DsrUpdateReadOnlyServerDnsRecords(
1817 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1818 [in,ref] [string,charset(UTF16)] uint16 *computer_name,
1819 [in, ref] netr_Authenticator *credential,
1820 [out,ref] netr_Authenticator *return_authenticator,
1821 [in,unique] [string,charset(UTF16)] uint16 *site_name,
1822 [in] uint32 dns_ttl,
1823 [in,out,ref] NL_DNS_NAME_INFO_ARRAY *dns_names