3 much of this was derived from the ethereal sources - thanks to everyone
7 import "misc.idl", "lsa.idl", "samr.idl", "security.idl";
11 cpp_quote("#define netr_DeltaEnum8Bit netr_DeltaEnum")
12 cpp_quote("#define netr_SamDatabaseID8Bit netr_SamDatabaseID")
14 cpp_quote("#define ENC_CRC32 KERB_ENCTYPE_DES_CBC_CRC")
15 cpp_quote("#define ENC_RSA_MD5 KERB_ENCTYPE_DES_CBC_MD5")
16 cpp_quote("#define ENC_RC4_HMAC_MD5 KERB_ENCTYPE_RC4_HMAC_MD5")
17 cpp_quote("#define ENC_HMAC_SHA1_96_AES128 KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96")
18 cpp_quote("#define ENC_HMAC_SHA1_96_AES256 KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96")
19 cpp_quote("#define ENC_FAST_SUPPORTED KERB_ENCTYPE_FAST_SUPPORTED")
20 cpp_quote("#define ENC_COMPOUND_IDENTITY_SUPPORTED KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED")
21 cpp_quote("#define ENC_CLAIMS_SUPPORTED KERB_ENCTYPE_CLAIMS_SUPPORTED")
22 cpp_quote("#define NETLOGON_SERVER_PIPE_STATE_MAGIC 0x4f555358")
25 uuid("12345678-1234-abcd-ef00-01234567cffb"),
27 endpoint("ncacn_np:[\\pipe\\netlogon]","ncacn_ip_tcp:","ncalrpc:"),
28 helper("../librpc/ndr/ndr_netlogon.h"),
30 pointer_default(unique)
35 typedef bitmap samr_AcctFlags samr_AcctFlags;
36 typedef bitmap security_GroupAttrs security_GroupAttrs;
37 typedef enum netr_DeltaEnum8Bit netr_DeltaEnum8Bit;
38 typedef enum netr_SamDatabaseID8Bit netr_SamDatabaseID8Bit;
44 [string,charset(UTF16)] uint16 *account_name;
55 time_t pw_must_change;
56 [string,charset(UTF16)] uint16 *computer;
57 [string,charset(UTF16)] uint16 *domain;
58 [string,charset(UTF16)] uint16 *script_path;
62 WERROR netr_LogonUasLogon(
63 [in,unique] [string,charset(UTF16)] uint16 *server_name,
64 [in] [string,charset(UTF16)] uint16 *account_name,
65 [in] [string,charset(UTF16)] uint16 *workstation,
66 [out,ref] netr_UasInfo **info
78 WERROR netr_LogonUasLogoff(
79 [in,unique] [string,charset(UTF16)] uint16 *server_name,
80 [in] [string,charset(UTF16)] uint16 *account_name,
81 [in] [string,charset(UTF16)] uint16 *workstation,
82 [out,ref] netr_UasLogoffInfo *info
89 /* in netr_AcctLockStr size seems to be be 24, and rrenard thinks
90 that the structure of the bindata looks like this:
92 dlong lockout_duration;
94 uint32 bad_attempt_lockout;
97 but it doesn't look as though this structure is reflected at the
98 NDR level. Maybe it is left to the application to decode the bindata array.
100 typedef [public] struct {
101 dlong lockout_duration;
103 uint32 bad_attempt_lockout;
107 /* - MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
108 * sets the NETLOGON_SERVER_TRUST_ACCOUNT user_flag
109 * - MSV1_0_UPDATE_LOGON_STATISTICS
110 * sets the logon time on network logon
111 * - MSV1_0_RETURN_USER_PARAMETERS
112 * sets the user parameters in the driveletter
113 * - MSV1_0_RETURN_PROFILE_PATH
114 * returns the profilepath in the driveletter and
115 * sets LOGON_PROFILE_PATH_RETURNED user_flag
118 typedef [public,bitmap32bit] bitmap {
119 MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = 0x00000002,
120 MSV1_0_UPDATE_LOGON_STATISTICS = 0x00000004,
121 MSV1_0_RETURN_USER_PARAMETERS = 0x00000008,
122 MSV1_0_DONT_TRY_GUEST_ACCOUNT = 0x00000010,
123 MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT = 0x00000020,
124 MSV1_0_RETURN_PASSWORD_EXPIRY = 0x00000040,
125 MSV1_0_USE_CLIENT_CHALLENGE = 0x00000080,
126 MSV1_0_TRY_GUEST_ACCOUNT_ONLY = 0x00000100,
127 MSV1_0_RETURN_PROFILE_PATH = 0x00000200,
128 MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY = 0x00000400,
129 MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT = 0x00000800,
130 MSV1_0_DISABLE_PERSONAL_FALLBACK = 0x00001000,
131 MSV1_0_ALLOW_FORCE_GUEST = 0x00002000,
132 MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED = 0x00004000,
133 MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY = 0x00008000,
134 MSV1_0_ALLOW_MSVCHAPV2 = 0x00010000,
135 MSV1_0_S4U2SELF = 0x00020000,
136 MSV1_0_CHECK_LOGONHOURS_FOR_S4U = 0x00040000,
137 MSV1_0_SUBAUTHENTICATION_DLL_EX = 0x00100000
138 } netr_LogonParameterControl;
140 /* Summary of the of the Query and Response from Microsoft on
141 * the usage of logon_id in netr_IdendityInfo
143 * [REG:119013019612095] [MS-NRPC]: NETLOGON_LOGON_IDENTITY_INFO: Does
144 * the Reserved field have LogonId meaning?
147 * In NetrLogonSamLogonEx does the Reserved field
148 * (of NETLOGON_LOGON_IDENTITY_INFO) have LogonId meaning?
150 * What is a valid LogonID, and does have any audit usage?
152 * Samba is sending a constant "deadbeef" in hex and would like to
153 * understand any usage of this field.
156 * The NRPC spec is accurate in defining the field as Reserved, and
157 * without protocol significance. In the header file in our source
158 * code, it is defined as LogonId and commented as such, but it’s
159 * effectively not used. This is probably why the API structure has
160 * that field name. It may have been intended as such but it’s not
163 * Samba now sends a random value in this field.
166 lsa_String domain_name;
167 netr_LogonParameterControl parameter_control; /* see MSV1_0_* */
169 lsa_String account_name;
170 lsa_String workstation;
174 netr_IdentityInfo identity_info;
175 samr_Password lmpassword;
176 samr_Password ntpassword;
179 typedef [flag(NDR_PAHEX)] struct {
181 [value(length)] uint16 size;
182 [size_is(length),length_is(length)] uint8 *data;
183 } netr_ChallengeResponse;
185 typedef [flag(NDR_PAHEX)] struct {
186 netr_IdentityInfo identity_info;
188 netr_ChallengeResponse nt;
189 netr_ChallengeResponse lm;
192 typedef [flag(NDR_PAHEX)] struct {
193 netr_IdentityInfo identity_info;
194 lsa_String package_name;
196 [size_is(length)] uint8 *data;
199 typedef [public] enum {
200 NetlogonInteractiveInformation = 1,
201 NetlogonNetworkInformation = 2,
202 NetlogonServiceInformation = 3,
203 NetlogonGenericInformation = 4,
204 NetlogonInteractiveTransitiveInformation = 5,
205 NetlogonNetworkTransitiveInformation = 6,
206 NetlogonServiceTransitiveInformation = 7
207 } netr_LogonInfoClass;
209 typedef [public,switch_type(netr_LogonInfoClass)] union {
210 [case(NetlogonInteractiveInformation)] netr_PasswordInfo *password;
211 [case(NetlogonNetworkInformation)] netr_NetworkInfo *network;
212 [case(NetlogonServiceInformation)] netr_PasswordInfo *password;
213 [case(NetlogonGenericInformation)] netr_GenericInfo *generic;
214 [case(NetlogonInteractiveTransitiveInformation)] netr_PasswordInfo *password;
215 [case(NetlogonNetworkTransitiveInformation)] netr_NetworkInfo *network;
216 [case(NetlogonServiceTransitiveInformation)] netr_PasswordInfo *password;
220 typedef [public,flag(NDR_PAHEX)] struct {
222 } netr_UserSessionKey;
224 typedef [public,flag(NDR_PAHEX)] struct {
228 /* Flags for user_flags below */
229 typedef [public,bitmap32bit] bitmap {
230 NETLOGON_GUEST = 0x00000001,
231 NETLOGON_NOENCRYPTION = 0x00000002,
232 NETLOGON_CACHED_ACCOUNT = 0x00000004,
233 NETLOGON_USED_LM_PASSWORD = 0x00000008,
234 NETLOGON_EXTRA_SIDS = 0x00000020,
235 NETLOGON_SUBAUTH_SESSION_KEY = 0x00000040,
236 NETLOGON_SERVER_TRUST_ACCOUNT = 0x00000080,
237 NETLOGON_NTLMV2_ENABLED = 0x00000100,
238 NETLOGON_RESOURCE_GROUPS = 0x00000200,
239 NETLOGON_PROFILE_PATH_RETURNED = 0x00000400,
240 NETLOGON_GRACE_LOGON = 0x01000000
247 NTTIME last_password_change;
248 NTTIME allow_password_change;
249 NTTIME force_password_change;
250 lsa_String account_name;
251 lsa_String full_name;
252 lsa_String logon_script;
253 lsa_String profile_path;
254 lsa_String home_directory;
255 lsa_String home_drive;
257 uint16 bad_password_count;
260 samr_RidWithAttributeArray groups;
261 netr_UserFlags user_flags;
262 [flag(NDR_SECRET)] netr_UserSessionKey key;
263 lsa_StringLarge logon_server;
264 lsa_StringLarge logon_domain;
265 dom_sid2 *domain_sid;
266 [flag(NDR_SECRET)] netr_LMSessionKey LMSessKey;
267 samr_AcctFlags acct_flags;
268 uint32 sub_auth_status;
269 NTTIME last_successful_logon;
270 NTTIME last_failed_logon;
271 uint32 failed_logon_count;
276 netr_SamBaseInfo base;
279 typedef [public] struct {
281 security_GroupAttrs attributes;
284 typedef [public] struct {
285 netr_SamBaseInfo base;
287 [size_is(sidcount)] netr_SidAttr *sids;
291 netr_SamBaseInfo base;
293 [size_is(sidcount)] netr_SidAttr *sids;
296 * Should pointer values be allocated
297 * of sids[*].sid before the following ones?
299 * That's at least the case for
302 lsa_String dns_domainname;
303 lsa_String principal_name;
309 [size_is(pac_size)] uint8 *pac;
310 lsa_String logon_domain;
311 lsa_String logon_server;
312 lsa_String principal_name;
314 [size_is(auth_size)] uint8 *auth;
315 netr_UserSessionKey user_session_key;
316 uint32 expansionroom[10];
323 typedef [flag(NDR_PAHEX)] struct {
325 [size_is(length)] uint8 *data;
329 NetlogonValidationUasInfo = 1,
330 NetlogonValidationSamInfo = 2,
331 NetlogonValidationSamInfo2 = 3,
332 NetlogonValidationGenericInfo2 = 5,
333 NetlogonValidationSamInfo4 = 6
334 } netr_ValidationInfoClass;
336 typedef [public,switch_type(uint16)] union {
337 [case(NetlogonValidationSamInfo)] netr_SamInfo2 *sam2;
338 [case(NetlogonValidationSamInfo2)] netr_SamInfo3 *sam3;
339 [case(4)] netr_PacInfo *pac;
340 [case(NetlogonValidationGenericInfo2)] netr_GenericInfo2 *generic;
341 [case(NetlogonValidationSamInfo4)] netr_SamInfo6 *sam6;
345 typedef [public, flag(NDR_PAHEX)] struct {
349 typedef [public] struct {
350 netr_Credential client_challenge;
351 netr_Credential server_challenge;
352 } netlogon_server_pipe_state;
354 typedef [public] struct {
355 netr_Credential cred;
357 } netr_Authenticator;
359 [public] NTSTATUS netr_LogonSamLogon(
360 [in,unique] [string,charset(UTF16)] uint16 *server_name,
361 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
362 [in,unique] netr_Authenticator *credential,
363 [in,out,unique] netr_Authenticator *return_authenticator,
364 [in] netr_LogonInfoClass logon_level,
365 [in,ref] [switch_is(logon_level)] netr_LogonLevel *logon,
366 [in] uint16 validation_level,
367 [out,ref] [switch_is(validation_level)] netr_Validation *validation,
368 [out,ref] uint8 *authoritative
375 NTSTATUS netr_LogonSamLogoff(
376 [in,unique] [string,charset(UTF16)] uint16 *server_name,
377 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
378 [in,unique] netr_Authenticator *credential,
379 [in,out,unique] netr_Authenticator *return_authenticator,
380 [in] netr_LogonInfoClass logon_level,
381 [in] [switch_is(logon_level)] netr_LogonLevel logon
389 [public] NTSTATUS netr_ServerReqChallenge(
390 [in,unique,string,charset(UTF16)] uint16 *server_name,
391 [in,string,charset(UTF16)] uint16 *computer_name,
392 [in,ref] netr_Credential *credentials,
393 [out,ref] netr_Credential *return_credentials
400 typedef enum netr_SchannelType netr_SchannelType;
402 NTSTATUS netr_ServerAuthenticate(
403 [in,unique,string,charset(UTF16)] uint16 *server_name,
404 [in,string,charset(UTF16)] uint16 *account_name,
405 [in] netr_SchannelType secure_channel_type,
406 [in,string,charset(UTF16)] uint16 *computer_name,
407 [in,ref] netr_Credential *credentials,
408 [out,ref] netr_Credential *return_credentials
415 NTSTATUS netr_ServerPasswordSet(
416 [in,unique] [string,charset(UTF16)] uint16 *server_name,
417 [in] [string,charset(UTF16)] uint16 *account_name,
418 [in] netr_SchannelType secure_channel_type,
419 [in] [string,charset(UTF16)] uint16 *computer_name,
420 [in,ref] netr_Authenticator *credential,
421 [out,ref] netr_Authenticator *return_authenticator,
422 [in,ref] samr_Password *new_password
429 typedef enum netr_SamDatabaseID netr_SamDatabaseID;
432 [string,charset(UTF16)] uint16 *account_name;
441 } netr_DELTA_DELETE_USER;
445 [value(length)] uint16 size;
452 [value(nt_length)] uint16 nt_size;
455 [value(lm_length)] uint16 lm_size;
457 uint8 nt_history[nt_length];
458 uint8 lm_history[lm_length];
459 } netr_PasswordHistory;
462 netr_USER_KEY16 lmpassword;
463 netr_USER_KEY16 ntpassword;
464 netr_PasswordHistory history;
467 typedef struct { /* TODO: make this a union! */
468 netr_USER_KEYS2 keys2;
469 } netr_USER_KEY_UNION;
471 typedef [public] struct {
473 netr_USER_KEY_UNION keys;
477 boolean8 SensitiveDataFlag;
480 /* netr_USER_KEYS encrypted with the session key */
481 [size_is(DataLength)][flag(NDR_PAHEX)] uint8 *SensitiveData;
482 } netr_USER_PRIVATE_INFO;
485 lsa_String account_name;
486 lsa_String full_name;
489 lsa_String home_directory;
490 lsa_String home_drive;
491 lsa_String logon_script;
492 lsa_String description;
493 lsa_String workstations;
496 samr_LogonHours logon_hours;
497 uint16 bad_password_count;
499 NTTIME last_password_change;
501 samr_AcctFlags acct_flags;
502 samr_Password lmpassword;
503 samr_Password ntpassword;
504 boolean8 nt_password_present;
505 boolean8 lm_password_present;
506 boolean8 password_expired;
508 lsa_BinaryString parameters;
511 netr_USER_PRIVATE_INFO user_private_info;
512 uint32 SecurityInformation;
514 lsa_String profile_path;
525 lsa_String domain_name;
526 lsa_String oem_information; /* comment */
527 dlong force_logoff_time;
528 uint16 min_password_length;
529 uint16 password_history_length;
530 /* yes, these are signed. They are in negative 100ns */
531 dlong max_password_age;
532 dlong min_password_age;
534 NTTIME domain_create_time;
535 uint32 SecurityInformation;
537 lsa_BinaryString account_lockout;
541 uint32 logon_to_chgpass;
548 lsa_String group_name;
551 lsa_String description;
552 uint32 SecurityInformation;
578 [size_is(num_rids)] uint32 *rids;
579 [size_is(num_rids)] uint32 *attribs;
585 } netr_DELTA_GROUP_MEMBER;
588 lsa_String alias_name;
590 uint32 SecurityInformation;
592 lsa_String description;
608 } netr_DELTA_ALIAS_MEMBER;
611 uint32 pagedpoollimit;
612 uint32 nonpagedpoollimit;
613 uint32 minimumworkingsetsize;
614 uint32 maximumworkingsetsize;
615 uint32 pagefilelimit;
621 NTTIME auditretentionperiod;
622 boolean8 auditingmode;
623 uint32 maxauditeventcount;
624 [size_is(maxauditeventcount+1)] uint32 *eventauditoptions;
625 lsa_String primary_domain_name;
627 netr_QUOTA_LIMITS quota_limits;
629 NTTIME db_create_time;
630 uint32 SecurityInformation;
643 lsa_String domain_name;
644 uint32 num_controllers;
645 [size_is(num_controllers)] lsa_String *controller_names;
646 uint32 SecurityInformation;
656 } netr_DELTA_TRUSTED_DOMAIN;
659 uint32 privilege_entries;
660 uint32 privilege_control;
661 [size_is(privilege_entries)] uint32 *privilege_attrib;
662 [size_is(privilege_entries)] lsa_String *privilege_name;
663 netr_QUOTA_LIMITS quotalimits;
665 uint32 SecurityInformation;
675 } netr_DELTA_ACCOUNT;
680 [size_is(maxlen)][length_is(len)] uint8 *cipher_data;
684 netr_CIPHER_VALUE current_cipher;
685 NTTIME current_cipher_set_time;
686 netr_CIPHER_VALUE old_cipher;
687 NTTIME old_cipher_set_time;
688 uint32 SecurityInformation;
701 NETR_DELTA_DOMAIN = 1,
702 NETR_DELTA_GROUP = 2,
703 NETR_DELTA_DELETE_GROUP = 3,
704 NETR_DELTA_RENAME_GROUP = 4,
706 NETR_DELTA_DELETE_USER = 6,
707 NETR_DELTA_RENAME_USER = 7,
708 NETR_DELTA_GROUP_MEMBER = 8,
709 NETR_DELTA_ALIAS = 9,
710 NETR_DELTA_DELETE_ALIAS = 10,
711 NETR_DELTA_RENAME_ALIAS = 11,
712 NETR_DELTA_ALIAS_MEMBER = 12,
713 NETR_DELTA_POLICY = 13,
714 NETR_DELTA_TRUSTED_DOMAIN = 14,
715 NETR_DELTA_DELETE_TRUST = 15,
716 NETR_DELTA_ACCOUNT = 16,
717 NETR_DELTA_DELETE_ACCOUNT = 17,
718 NETR_DELTA_SECRET = 18,
719 NETR_DELTA_DELETE_SECRET = 19,
720 NETR_DELTA_DELETE_GROUP2 = 20,
721 NETR_DELTA_DELETE_USER2 = 21,
722 NETR_DELTA_MODIFY_COUNT = 22
725 typedef [switch_type(netr_DeltaEnum)] union {
726 [case(NETR_DELTA_DOMAIN)] netr_DELTA_DOMAIN *domain;
727 [case(NETR_DELTA_GROUP)] netr_DELTA_GROUP *group;
728 [case(NETR_DELTA_DELETE_GROUP)] ; /* rid only */
729 [case(NETR_DELTA_RENAME_GROUP)] netr_DELTA_RENAME *rename_group;
730 [case(NETR_DELTA_USER)] netr_DELTA_USER *user;
731 [case(NETR_DELTA_DELETE_USER)] ; /* rid only */
732 [case(NETR_DELTA_RENAME_USER)] netr_DELTA_RENAME *rename_user;
733 [case(NETR_DELTA_GROUP_MEMBER)] netr_DELTA_GROUP_MEMBER *group_member;
734 [case(NETR_DELTA_ALIAS)] netr_DELTA_ALIAS *alias;
735 [case(NETR_DELTA_DELETE_ALIAS)] ; /* rid only */
736 [case(NETR_DELTA_RENAME_ALIAS)] netr_DELTA_RENAME *rename_alias;
737 [case(NETR_DELTA_ALIAS_MEMBER)] netr_DELTA_ALIAS_MEMBER *alias_member;
738 [case(NETR_DELTA_POLICY)] netr_DELTA_POLICY *policy;
739 [case(NETR_DELTA_TRUSTED_DOMAIN)] netr_DELTA_TRUSTED_DOMAIN *trusted_domain;
740 [case(NETR_DELTA_DELETE_TRUST)] ; /* sid only */
741 [case(NETR_DELTA_ACCOUNT)] netr_DELTA_ACCOUNT *account;
742 [case(NETR_DELTA_DELETE_ACCOUNT)] ; /* sid only */
743 [case(NETR_DELTA_SECRET)] netr_DELTA_SECRET *secret;
744 [case(NETR_DELTA_DELETE_SECRET)] ; /* name only */
745 [case(NETR_DELTA_DELETE_GROUP2)] netr_DELTA_DELETE_USER *delete_group;
746 [case(NETR_DELTA_DELETE_USER2)] netr_DELTA_DELETE_USER *delete_user;
747 [case(NETR_DELTA_MODIFY_COUNT)] udlong *modified_count;
751 typedef [switch_type(netr_DeltaEnum)] union {
752 [case(NETR_DELTA_DOMAIN)] uint32 rid;
753 [case(NETR_DELTA_GROUP)] uint32 rid;
754 [case(NETR_DELTA_DELETE_GROUP)] uint32 rid;
755 [case(NETR_DELTA_RENAME_GROUP)] uint32 rid;
756 [case(NETR_DELTA_USER)] uint32 rid;
757 [case(NETR_DELTA_DELETE_USER)] uint32 rid;
758 [case(NETR_DELTA_RENAME_USER)] uint32 rid;
759 [case(NETR_DELTA_GROUP_MEMBER)] uint32 rid;
760 [case(NETR_DELTA_ALIAS)] uint32 rid;
761 [case(NETR_DELTA_DELETE_ALIAS)] uint32 rid;
762 [case(NETR_DELTA_RENAME_ALIAS)] uint32 rid;
763 [case(NETR_DELTA_ALIAS_MEMBER)] uint32 rid;
764 [case(NETR_DELTA_POLICY)] dom_sid2 *sid;
765 [case(NETR_DELTA_TRUSTED_DOMAIN)] dom_sid2 *sid;
766 [case(NETR_DELTA_DELETE_TRUST)] dom_sid2 *sid;
767 [case(NETR_DELTA_ACCOUNT)] dom_sid2 *sid;
768 [case(NETR_DELTA_DELETE_ACCOUNT)] dom_sid2 *sid;
769 [case(NETR_DELTA_SECRET)] [string,charset(UTF16)] uint16 *name;
770 [case(NETR_DELTA_DELETE_SECRET)] [string,charset(UTF16)] uint16 *name;
771 [case(NETR_DELTA_DELETE_GROUP2)] uint32 rid;
772 [case(NETR_DELTA_DELETE_USER2)] uint32 rid;
773 [case(NETR_DELTA_MODIFY_COUNT)] ;
775 } netr_DELTA_ID_UNION;
778 netr_DeltaEnum delta_type;
779 [switch_is(delta_type)] netr_DELTA_ID_UNION delta_id_union;
780 [switch_is(delta_type)] netr_DELTA_UNION delta_union;
785 [size_is(num_deltas)] netr_DELTA_ENUM *delta_enum;
786 } netr_DELTA_ENUM_ARRAY;
788 NTSTATUS netr_DatabaseDeltas(
789 [in] [string,charset(UTF16)] uint16 *logon_server,
790 [in] [string,charset(UTF16)] uint16 *computername,
791 [in,ref] netr_Authenticator *credential,
792 [in,out,ref] netr_Authenticator *return_authenticator,
793 [in] netr_SamDatabaseID database_id,
794 [in,out,ref] udlong *sequence_num,
795 [out,ref] netr_DELTA_ENUM_ARRAY **delta_enum_array,
796 [in] uint32 preferredmaximumlength
803 NTSTATUS netr_DatabaseSync(
804 [in] [string,charset(UTF16)] uint16 *logon_server,
805 [in] [string,charset(UTF16)] uint16 *computername,
806 [in,ref] netr_Authenticator *credential,
807 [in,out,ref] netr_Authenticator *return_authenticator,
808 [in] netr_SamDatabaseID database_id,
809 [in,out,ref] uint32 *sync_context,
810 [out,ref] netr_DELTA_ENUM_ARRAY **delta_enum_array,
811 [in] uint32 preferredmaximumlength
818 /* w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this call */
820 typedef [flag(NDR_PAHEX)] struct {
821 uint8 computer_name[16];
823 uint32 serial_number;
827 [flag(NDR_REMAINING)] DATA_BLOB blob;
828 } netr_AccountBuffer;
830 NTSTATUS netr_AccountDeltas(
831 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
832 [in] [string,charset(UTF16)] uint16 *computername,
833 [in] netr_Authenticator credential,
834 [in,out,ref] netr_Authenticator *return_authenticator,
835 [in] netr_UAS_INFO_0 uas,
838 [in] uint32 buffersize,
839 [out,ref,subcontext(4)] netr_AccountBuffer *buffer,
840 [out,ref] uint32 *count_returned,
841 [out,ref] uint32 *total_entries,
842 [out,ref] netr_UAS_INFO_0 *recordid
849 NTSTATUS netr_AccountSync(
850 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
851 [in] [string,charset(UTF16)] uint16 *computername,
852 [in] netr_Authenticator credential,
853 [in,out,ref] netr_Authenticator *return_authenticator,
854 [in] uint32 reference,
856 [in] uint32 buffersize,
857 [out,ref,subcontext(4)] netr_AccountBuffer *buffer,
858 [out,ref] uint32 *count_returned,
859 [out,ref] uint32 *total_entries,
860 [out,ref] uint32 *next_reference,
861 [in,out,ref] netr_UAS_INFO_0 *recordid
868 WERROR netr_GetDcName(
869 [in] [string,charset(UTF16)] uint16 *logon_server,
870 [in,unique] [string,charset(UTF16)] uint16 *domainname,
871 [out,ref] [string,charset(UTF16)] uint16 **dcname
877 typedef [bitmap32bit] bitmap {
878 NETLOGON_REPLICATION_NEEDED = 0x00000001,
879 NETLOGON_REPLICATION_IN_PROGRESS = 0x00000002,
880 NETLOGON_FULL_SYNC_REPLICATION = 0x00000004,
881 NETLOGON_REDO_NEEDED = 0x00000008,
882 NETLOGON_HAS_IP = 0x00000010,
883 NETLOGON_HAS_TIMESERV = 0x00000020,
884 NETLOGON_DNS_UPDATE_FAILURE = 0x00000040,
885 NETLOGON_VERIFY_STATUS_RETURNED = 0x00000080
889 netr_InfoFlags flags;
890 WERROR pdc_connection_status;
891 } netr_NETLOGON_INFO_1;
894 netr_InfoFlags flags;
895 WERROR pdc_connection_status;
896 [string,charset(UTF16)] uint16 *trusted_dc_name;
897 WERROR tc_connection_status;
898 } netr_NETLOGON_INFO_2;
901 netr_InfoFlags flags;
902 uint32 logon_attempts;
908 } netr_NETLOGON_INFO_3;
911 [string,charset(UTF16)] uint16 *trusted_dc_name;
912 [string,charset(UTF16)] uint16 *trusted_domain_name;
913 } netr_NETLOGON_INFO_4;
915 typedef [public] union {
916 [case(1)] netr_NETLOGON_INFO_1 *info1;
917 [case(2)] netr_NETLOGON_INFO_2 *info2;
918 [case(3)] netr_NETLOGON_INFO_3 *info3;
919 [case(4)] netr_NETLOGON_INFO_4 *info4;
921 } netr_CONTROL_QUERY_INFORMATION;
923 /* function_code values */
924 typedef [v1_enum,public] enum {
925 NETLOGON_CONTROL_QUERY = 0x00000001,
926 NETLOGON_CONTROL_REPLICATE = 0x00000002,
927 NETLOGON_CONTROL_SYNCHRONIZE = 0x00000003,
928 NETLOGON_CONTROL_PDC_REPLICATE = 0x00000004,
929 NETLOGON_CONTROL_REDISCOVER = 0x00000005,
930 NETLOGON_CONTROL_TC_QUERY = 0x00000006,
931 NETLOGON_CONTROL_TRANSPORT_NOTIFY = 0x00000007,
932 NETLOGON_CONTROL_FIND_USER = 0x00000008,
933 NETLOGON_CONTROL_CHANGE_PASSWORD = 0x00000009,
934 NETLOGON_CONTROL_TC_VERIFY = 0x0000000A,
935 NETLOGON_CONTROL_FORCE_DNS_REG = 0x0000000B,
936 NETLOGON_CONTROL_QUERY_DNS_REG = 0x0000000C,
937 NETLOGON_CONTROL_BACKUP_CHANGE_LOG = 0x0000FFFC,
938 NETLOGON_CONTROL_TRUNCATE_LOG = 0x0000FFFD,
939 NETLOGON_CONTROL_SET_DBFLAG = 0x0000FFFE,
940 NETLOGON_CONTROL_BREAKPOINT = 0x0000FFFF
941 } netr_LogonControlCode;
943 WERROR netr_LogonControl(
944 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
945 [in] netr_LogonControlCode function_code,
947 [out,ref,switch_is(level)] netr_CONTROL_QUERY_INFORMATION *query
954 WERROR netr_GetAnyDCName(
955 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
956 [in,unique] [string,charset(UTF16)] uint16 *domainname,
957 [out,ref] [string,charset(UTF16)] uint16 **dcname
964 typedef [public,switch_type(netr_LogonControlCode)] union {
965 [case(NETLOGON_CONTROL_REDISCOVER)] [string,charset(UTF16)] uint16 *domain;
966 [case(NETLOGON_CONTROL_TC_QUERY)] [string,charset(UTF16)] uint16 *domain;
967 [case(NETLOGON_CONTROL_TRANSPORT_NOTIFY)] [string,charset(UTF16)] uint16 *domain;
968 [case(NETLOGON_CONTROL_CHANGE_PASSWORD)] [string,charset(UTF16)] uint16 *domain;
969 [case(NETLOGON_CONTROL_TC_VERIFY)] [string,charset(UTF16)] uint16 *domain;
970 [case(NETLOGON_CONTROL_FIND_USER)] [string,charset(UTF16)] uint16 *user;
971 [case(NETLOGON_CONTROL_SET_DBFLAG)] uint32 debug_level;
973 } netr_CONTROL_DATA_INFORMATION;
975 WERROR netr_LogonControl2(
976 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
977 [in] netr_LogonControlCode function_code,
979 [in,ref][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION *data,
980 [out,ref][switch_is(level)] netr_CONTROL_QUERY_INFORMATION *query
984 /* If NETLOGON_NEG_ARCFOUR flag is not set, then the passwords and LM
985 * session keys are encrypted with DES calls. (And the user session key
991 typedef [public,bitmap32bit] bitmap {
992 NETLOGON_NEG_ACCOUNT_LOCKOUT = 0x00000001,
993 NETLOGON_NEG_PERSISTENT_SAMREPL = 0x00000002,
994 NETLOGON_NEG_ARCFOUR = 0x00000004,
995 NETLOGON_NEG_PROMOTION_COUNT = 0x00000008,
996 NETLOGON_NEG_CHANGELOG_BDC = 0x00000010,
997 NETLOGON_NEG_FULL_SYNC_REPL = 0x00000020,
998 NETLOGON_NEG_MULTIPLE_SIDS = 0x00000040,
999 NETLOGON_NEG_REDO = 0x00000080,
1000 NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL = 0x00000100,
1001 NETLOGON_NEG_SEND_PASSWORD_INFO_PDC = 0x00000200,
1002 NETLOGON_NEG_GENERIC_PASSTHROUGH = 0x00000400,
1003 NETLOGON_NEG_CONCURRENT_RPC = 0x00000800,
1004 NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL = 0x00001000,
1005 NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL = 0x00002000,
1006 NETLOGON_NEG_STRONG_KEYS = 0x00004000,
1007 NETLOGON_NEG_TRANSITIVE_TRUSTS = 0x00008000,
1008 NETLOGON_NEG_DNS_DOMAIN_TRUSTS = 0x00010000,
1009 NETLOGON_NEG_PASSWORD_SET2 = 0x00020000,
1010 NETLOGON_NEG_GETDOMAININFO = 0x00040000,
1011 NETLOGON_NEG_CROSS_FOREST_TRUSTS = 0x00080000,
1012 NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION = 0x00100000,
1013 NETLOGON_NEG_RODC_PASSTHROUGH = 0x00200000,
1014 NETLOGON_NEG_SUPPORTS_AES_SHA2 = 0x00400000,
1015 NETLOGON_NEG_SUPPORTS_AES = 0x01000000,
1016 NETLOGON_NEG_AUTHENTICATED_RPC_LSASS = 0x20000000,
1017 NETLOGON_NEG_AUTHENTICATED_RPC = 0x40000000
1018 } netr_NegotiateFlags;
1020 const uint32 NETLOGON_NEG_128BIT = NETLOGON_NEG_STRONG_KEYS;
1021 const uint32 NETLOGON_NEG_SCHANNEL = NETLOGON_NEG_AUTHENTICATED_RPC;
1023 NTSTATUS netr_ServerAuthenticate2(
1024 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1025 [in] [string,charset(UTF16)] uint16 *account_name,
1026 [in] netr_SchannelType secure_channel_type,
1027 [in] [string,charset(UTF16)] uint16 *computer_name,
1028 [in,ref] netr_Credential *credentials,
1029 [out,ref] netr_Credential *return_credentials,
1030 [in,out,ref] netr_NegotiateFlags *negotiate_flags
1038 SYNCSTATE_NORMAL_STATE = 0,
1039 SYNCSTATE_DOMAIN_STATE = 1,
1040 SYNCSTATE_GROUP_STATE = 2,
1041 SYNCSTATE_UAS_BUILT_IN_GROUP_STATE = 3,
1042 SYNCSTATE_USER_STATE = 4,
1043 SYNCSTATE_GROUP_MEMBER_STATE = 5,
1044 SYNCSTATE_ALIAS_STATE = 6,
1045 SYNCSTATE_ALIAS_MEMBER_STATE = 7,
1046 SYNCSTATE_SAM_DONE_STATE = 8
1049 NTSTATUS netr_DatabaseSync2(
1050 [in] [string,charset(UTF16)] uint16 *logon_server,
1051 [in] [string,charset(UTF16)] uint16 *computername,
1052 [in,ref] netr_Authenticator *credential,
1053 [in,out,ref] netr_Authenticator *return_authenticator,
1054 [in] netr_SamDatabaseID database_id,
1055 [in] SyncStateEnum restart_state,
1056 [in,out,ref] uint32 *sync_context,
1057 [out,ref] netr_DELTA_ENUM_ARRAY **delta_enum_array,
1058 [in] uint32 preferredmaximumlength
1065 /* i'm not at all sure how this call works */
1067 typedef [bitmap16bit] bitmap {
1068 NETR_CHANGELOG_IMMEDIATE_REPL_REQUIRED = 0x0001,
1069 NETR_CHANGELOG_CHANGED_PASSWORD = 0x0002,
1070 NETR_CHANGELOG_SID_INCLUDED = 0x0004,
1071 NETR_CHANGELOG_NAME_INCLUDED = 0x0008,
1072 NETR_CHANGELOG_FIRST_PROMOTION_OBJ = 0x0010
1073 } netr_ChangeLogFlags;
1075 typedef [nodiscriminant] union {
1076 [case(NETR_CHANGELOG_SID_INCLUDED)] dom_sid object_sid;
1077 [case(NETR_CHANGELOG_NAME_INCLUDED)] nstring object_name;
1079 } netr_ChangeLogObject;
1081 typedef [public,gensize] struct {
1082 uint32 serial_number1;
1083 uint32 serial_number2;
1085 netr_ChangeLogFlags flags;
1086 netr_SamDatabaseID8Bit db_index;
1087 netr_DeltaEnum8Bit delta_type;
1088 [switch_is(flags & (NETR_CHANGELOG_SID_INCLUDED|NETR_CHANGELOG_NAME_INCLUDED))] netr_ChangeLogObject object;
1089 } netr_ChangeLogEntry;
1091 NTSTATUS netr_DatabaseRedo(
1092 [in] [string,charset(UTF16)] uint16 *logon_server,
1093 [in] [string,charset(UTF16)] uint16 *computername,
1094 [in] netr_Authenticator *credential,
1095 [in,out,ref] netr_Authenticator *return_authenticator,
1097 * we cannot use subcontext_size() here, as
1098 * change_log_entry_size is encoded after the subcontext
1100 [in] [subcontext(4)/*,subcontext_size(change_log_entry_size)*/]
1101 netr_ChangeLogEntry change_log_entry,
1102 [in] [value(ndr_size_netr_ChangeLogEntry(&change_log_entry,
1104 uint32 change_log_entry_size,
1105 [out,ref] netr_DELTA_ENUM_ARRAY **delta_enum_array
1112 WERROR netr_LogonControl2Ex(
1113 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
1114 [in] netr_LogonControlCode function_code,
1116 [in,ref][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION *data,
1117 [out,ref][switch_is(level)] netr_CONTROL_QUERY_INFORMATION *query
1124 [size_is(length)] uint8 *data;
1127 NTSTATUS netr_NetrEnumerateTrustedDomains(
1128 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1129 [out,ref] netr_Blob *trusted_domains_blob
1135 /* one unknown bit still: DS_IP_VERSION_AGNOSTIC - gd*/
1137 const int DSGETDC_VALID_FLAGS = (DS_FORCE_REDISCOVERY |
1138 DS_DIRECTORY_SERVICE_REQUIRED |
1139 DS_DIRECTORY_SERVICE_PREFERRED |
1140 DS_GC_SERVER_REQUIRED |
1142 DS_BACKGROUND_ONLY |
1145 DS_TIMESERV_REQUIRED |
1146 DS_WRITABLE_REQUIRED |
1147 DS_GOOD_TIMESERV_PREFERRED |
1149 DS_ONLY_LDAP_NEEDED |
1152 DS_TRY_NEXTCLOSEST_SITE |
1153 DS_DIRECTORY_SERVICE_6_REQUIRED |
1154 DS_WEB_SERVICE_REQUIRED |
1156 * For now we skip these until
1157 * we have test for them:
1158 * DS_DIRECTORY_SERVICE_8_REQUIRED |
1159 * DS_DIRECTORY_SERVICE_9_REQUIRED |
1160 * DS_DIRECTORY_SERVICE_10_REQUIRED |
1162 DS_RETURN_FLAT_NAME |
1163 DS_RETURN_DNS_NAME);
1165 typedef [bitmap32bit] bitmap {
1166 DS_FORCE_REDISCOVERY = 0x00000001,
1167 DS_DIRECTORY_SERVICE_REQUIRED = 0x00000010,
1168 DS_DIRECTORY_SERVICE_PREFERRED = 0x00000020,
1169 DS_GC_SERVER_REQUIRED = 0x00000040,
1170 DS_PDC_REQUIRED = 0x00000080,
1171 DS_BACKGROUND_ONLY = 0x00000100,
1172 DS_IP_REQUIRED = 0x00000200,
1173 DS_KDC_REQUIRED = 0x00000400,
1174 DS_TIMESERV_REQUIRED = 0x00000800,
1175 DS_WRITABLE_REQUIRED = 0x00001000,
1176 DS_GOOD_TIMESERV_PREFERRED = 0x00002000,
1177 DS_AVOID_SELF = 0x00004000,
1178 DS_ONLY_LDAP_NEEDED = 0x00008000,
1179 DS_IS_FLAT_NAME = 0x00010000,
1180 DS_IS_DNS_NAME = 0x00020000,
1181 DS_TRY_NEXTCLOSEST_SITE = 0x00040000,
1182 DS_DIRECTORY_SERVICE_6_REQUIRED = 0x00080000, /* 2008 */
1183 DS_WEB_SERVICE_REQUIRED = 0x00100000,
1184 DS_DIRECTORY_SERVICE_8_REQUIRED = 0x00200000, /* 2012 */
1185 DS_DIRECTORY_SERVICE_9_REQUIRED = 0x00400000, /* 2012R2 */
1186 DS_DIRECTORY_SERVICE_10_REQUIRED= 0x00800000, /* 2016 */
1187 DS_RETURN_DNS_NAME = 0x40000000,
1188 DS_RETURN_FLAT_NAME = 0x80000000
1189 } netr_DsRGetDCName_flags;
1191 typedef [v1_enum] enum {
1192 DS_ADDRESS_TYPE_INET = 1,
1193 DS_ADDRESS_TYPE_NETBIOS = 2
1194 } netr_DsRGetDCNameInfo_AddressType;
1196 typedef [bitmap32bit] bitmap {
1197 DS_SERVER_PDC = 0x00000001,
1198 DS_SERVER_GC = 0x00000004,
1199 DS_SERVER_LDAP = 0x00000008,
1200 DS_SERVER_DS = 0x00000010,
1201 DS_SERVER_KDC = 0x00000020,
1202 DS_SERVER_TIMESERV = 0x00000040,
1203 DS_SERVER_CLOSEST = 0x00000080,
1204 DS_SERVER_WRITABLE = 0x00000100,
1205 DS_SERVER_GOOD_TIMESERV = 0x00000200,
1206 DS_SERVER_NDNC = 0x00000400,
1207 DS_SERVER_SELECT_SECRET_DOMAIN_6 = 0x00000800, /* 2008 / RODC */
1208 DS_SERVER_FULL_SECRET_DOMAIN_6 = 0x00001000, /* 2008 / RWDC */
1209 DS_SERVER_WEBSERV = 0x00002000,
1210 DS_SERVER_DS_8 = 0x00004000, /* 2012 */
1211 DS_SERVER_DS_9 = 0x00008000, /* 2012R2 */
1212 DS_SERVER_DS_10 = 0x00010000, /* 2016 */
1213 DS_DNS_CONTROLLER = 0x20000000,
1214 DS_DNS_DOMAIN = 0x40000000,
1215 DS_DNS_FOREST_ROOT = 0x80000000
1218 typedef [public] struct {
1219 [string,charset(UTF16)] uint16 *dc_unc;
1220 [string,charset(UTF16)] uint16 *dc_address;
1221 netr_DsRGetDCNameInfo_AddressType dc_address_type;
1223 [string,charset(UTF16)] uint16 *domain_name;
1224 [string,charset(UTF16)] uint16 *forest_name;
1225 netr_DsR_DcFlags dc_flags;
1226 [string,charset(UTF16)] uint16 *dc_site_name;
1227 [string,charset(UTF16)] uint16 *client_site_name;
1228 } netr_DsRGetDCNameInfo;
1230 WERROR netr_DsRGetDCName(
1231 [in,unique] [string,charset(UTF16)] uint16 *server_unc,
1232 [in,unique] [string,charset(UTF16)] uint16 *domain_name,
1233 [in,unique] GUID *domain_guid,
1234 [in,unique] GUID *site_guid,
1235 [in] netr_DsRGetDCName_flags flags,
1236 [out,ref] netr_DsRGetDCNameInfo **info
1241 typedef [switch_type(uint32)] union {
1242 [case(1)] netr_NegotiateFlags server_capabilities;
1243 } netr_Capabilities;
1245 NTSTATUS netr_LogonGetCapabilities(
1246 [in] [string,charset(UTF16)] uint16 *server_name,
1247 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
1248 [in,ref] netr_Authenticator *credential,
1249 [in,out,ref] netr_Authenticator *return_authenticator,
1250 [in] uint32 query_level,
1251 [out,ref,switch_is(query_level)] netr_Capabilities *capabilities
1256 [todo] WERROR netr_NETRLOGONSETSERVICEBITS();
1260 WERROR netr_LogonGetTrustRid(
1261 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1262 [in,unique] [string,charset(UTF16)] uint16 *domain_name,
1263 [out,ref] uint32 *rid
1268 [todo] WERROR netr_NETRLOGONCOMPUTESERVERDIGEST();
1272 [todo] WERROR netr_NETRLOGONCOMPUTECLIENTDIGEST();
1276 [public] NTSTATUS netr_ServerAuthenticate3(
1277 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1278 [in] [string,charset(UTF16)] uint16 *account_name,
1279 [in] netr_SchannelType secure_channel_type,
1280 [in] [string,charset(UTF16)] uint16 *computer_name,
1281 [in,ref] netr_Credential *credentials,
1282 [out,ref] netr_Credential *return_credentials,
1283 [in,out,ref] netr_NegotiateFlags *negotiate_flags,
1284 [out,ref] uint32 *rid
1290 WERROR netr_DsRGetDCNameEx(
1291 [in,unique] [string,charset(UTF16)] uint16 *server_unc,
1292 [in,unique] [string,charset(UTF16)] uint16 *domain_name,
1293 [in,unique] GUID *domain_guid,
1294 [in,unique] [string,charset(UTF16)] uint16 *site_name,
1295 [in] netr_DsRGetDCName_flags flags,
1296 [out,ref] netr_DsRGetDCNameInfo **info
1302 WERROR netr_DsRGetSiteName(
1303 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
1304 [out,ref] [string,charset(UTF16)] uint16 **site
1309 typedef [public,bitmap32bit] bitmap {
1310 NETR_TRUST_FLAG_IN_FOREST = 0x00000001,
1311 NETR_TRUST_FLAG_OUTBOUND = 0x00000002,
1312 NETR_TRUST_FLAG_TREEROOT = 0x00000004,
1313 NETR_TRUST_FLAG_PRIMARY = 0x00000008,
1314 NETR_TRUST_FLAG_NATIVE = 0x00000010,
1315 NETR_TRUST_FLAG_INBOUND = 0x00000020,
1316 NETR_TRUST_FLAG_MIT_KRB5 = 0x00000080,
1317 NETR_TRUST_FLAG_AES = 0x00000100
1320 typedef [bitmap32bit] bitmap {
1321 NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS = 0x00000001,
1322 NETR_WS_FLAG_HANDLES_SPN_UPDATE = 0x00000002
1323 } netr_WorkstationFlags;
1325 typedef [bitmap16bit] bitmap {
1326 NETR_VER_SUITE_BACKOFFICE = 0x0004,
1327 NETR_VER_SUITE_BLADE = 0x0400,
1328 NETR_VER_SUITE_COMPUTE_SERVER = 0x4000,
1329 NETR_VER_SUITE_DATACENTER = 0x0080,
1330 NETR_VER_SUITE_ENTERPRISE = 0x0002,
1331 NETR_VER_SUITE_EMBEDDEDNT = 0x0040,
1332 NETR_VER_SUITE_PERSONAL = 0x0200,
1333 NETR_VER_SUITE_SINGLEUSERTS = 0x0100,
1334 NETR_VER_SUITE_SMALLBUSINESS = 0x0001,
1335 NETR_VER_SUITE_SMALLBUSINESS_RESTRICTED = 0x0020,
1336 NETR_VER_SUITE_STORAGE_SERVER = 0x2000,
1337 NETR_VER_SUITE_TERMINAL = 0x0010,
1338 NETR_VER_SUITE_WH_SERVER = 0x8000
1341 typedef [bitmap8bit] bitmap {
1342 NETR_VER_NT_DOMAIN_CONTROLLER = 0x02,
1343 NETR_VER_NT_SERVER = 0x03,
1344 NETR_VER_NT_WORKSTATION = 0x01
1349 [size_is(policy_size)] uint8 *policy;
1350 } netr_LsaPolicyInformation;
1353 [value(284)] uint32 OSVersionInfoSize;
1354 uint32 MajorVersion;
1355 uint32 MinorVersion;
1358 [subcontext(0),subcontext_size(256)] nstring CSDVersion;
1359 uint16 ServicePackMajor;
1360 uint16 ServicePackMinor;
1361 netr_SuiteMask SuiteMask;
1362 netr_ProductType ProductType;
1364 } netr_OsVersionInfoEx;
1367 /* these first 3 values come from the fact windows
1368 actually encodes this structure as a UNICODE_STRING
1369 - see MS-NRPC section 2.2.1.3.9 */
1370 /* 142 * 2 = 284 (length of structure "netr_OsVersionInfoEx") */
1371 [value(142)] uint3264 length;
1372 [value(0)] uint3264 dummy;
1373 [value(142)] uint3264 size;
1374 [subcontext(0),subcontext_size(size*2)]
1375 netr_OsVersionInfoEx os;
1379 /* value is 284 when info != os, otherwise 0 (for length and
1381 [value(os == NULL ? 0 : 284)] uint16 length;
1382 [value(os == NULL ? 0 : 284)] uint16 size;
1384 } netr_OsVersionContainer;
1387 netr_LsaPolicyInformation lsa_policy;
1388 [string,charset(UTF16)] uint16 *dns_hostname;
1389 [string,charset(UTF16)] uint16 *sitename;
1390 [string,charset(UTF16)] uint16 *dummy1;
1391 [string,charset(UTF16)] uint16 *dummy2;
1392 [string,charset(UTF16)] uint16 *dummy3;
1393 [string,charset(UTF16)] uint16 *dummy4;
1394 netr_OsVersionContainer os_version;
1396 lsa_String dummy_string3;
1397 lsa_String dummy_string4;
1398 netr_WorkstationFlags workstation_flags;
1399 kerb_EncTypes supported_enc_types;
1402 } netr_WorkstationInformation;
1405 [case(1)] netr_WorkstationInformation *workstation_info;
1406 [case(2)] netr_WorkstationInformation *lsa_policy_info;
1407 } netr_WorkstationInfo;
1410 netr_TrustFlags flags;
1411 uint32 parent_index;
1412 lsa_TrustType trust_type;
1413 lsa_TrustAttributes trust_attributes;
1414 } netr_trust_extension_info;
1417 /* these first 3 values come from the fact windows
1418 actually encodes this structure as a UNICODE_STRING
1419 - see MS-NRPC section 2.2.1.3.9 */
1420 [value(8)] uint3264 length;
1421 [value(0)] uint3264 dummy;
1422 [value(8)] uint3264 size;
1423 [subcontext(0),subcontext_size(size*2)]
1424 netr_trust_extension_info info;
1425 } netr_trust_extension;
1428 /* value is 16 when info != NULL, otherwise 0 */
1429 [value(info == NULL ? 0 : 16)] uint16 length;
1430 [value(info == NULL ? 0 : 16)] uint16 size;
1431 netr_trust_extension *info;
1432 } netr_trust_extension_container;
1435 lsa_StringLarge domainname;
1436 lsa_StringLarge dns_domainname;
1437 lsa_StringLarge dns_forestname;
1439 dom_sid2 *domain_sid;
1440 netr_trust_extension_container trust_extension;
1441 lsa_StringLarge dummy_string2;
1442 lsa_StringLarge dummy_string3;
1443 lsa_StringLarge dummy_string4;
1448 } netr_OneDomainInfo;
1451 netr_OneDomainInfo primary_domain;
1452 uint32 trusted_domain_count;
1453 [size_is(trusted_domain_count)] netr_OneDomainInfo *trusted_domains;
1454 netr_LsaPolicyInformation lsa_policy;
1455 lsa_StringLarge dns_hostname;
1456 lsa_StringLarge dummy_string2;
1457 lsa_StringLarge dummy_string3;
1458 lsa_StringLarge dummy_string4;
1459 netr_WorkstationFlags workstation_flags;
1460 kerb_EncTypes supported_enc_types;
1463 } netr_DomainInformation;
1466 [case(1)] netr_DomainInformation *domain_info;
1467 [case(2)] netr_LsaPolicyInformation *lsa_policy_info;
1470 [public] NTSTATUS netr_LogonGetDomainInfo(
1471 [in] [string,charset(UTF16)] uint16 *server_name,
1472 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
1473 [in,ref] netr_Authenticator *credential,
1474 [in,out,ref] netr_Authenticator *return_authenticator,
1476 [in,ref,switch_is(level)] netr_WorkstationInfo *query,
1477 [out,ref,switch_is(level)] netr_DomainInfo *info
1483 /* [MS-NRPC] 2.2.1.3.8 NL_PASSWORD_VERSION */
1485 /* someone's birthday ? */
1486 const int NETLOGON_PASSWORD_VERSION_NUMBER_PRESENT = 0x02231968;
1489 uint32 ReservedField;
1490 uint32 PasswordVersionNumber;
1491 uint32 PasswordVersionPresent;
1492 } NL_PASSWORD_VERSION;
1494 typedef [flag(NDR_PAHEX)] struct {
1497 } netr_CryptPassword;
1499 NTSTATUS netr_ServerPasswordSet2(
1500 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1501 [in] [string,charset(UTF16)] uint16 *account_name,
1502 [in] netr_SchannelType secure_channel_type,
1503 [in] [string,charset(UTF16)] uint16 *computer_name,
1504 [in,ref] netr_Authenticator *credential,
1505 [out,ref] netr_Authenticator *return_authenticator,
1506 [in,ref] netr_CryptPassword *new_password
1511 NTSTATUS netr_ServerPasswordGet(
1512 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1513 [in] [string,charset(UTF16)] uint16 *account_name,
1514 [in] netr_SchannelType secure_channel_type,
1515 [in] [string,charset(UTF16)] uint16 *computer_name,
1516 [in,ref] netr_Authenticator *credential,
1517 [out,ref] netr_Authenticator *return_authenticator,
1518 [out,ref] samr_Password *password
1521 typedef [public] enum {
1522 SendToSamUpdatePassword = 0,
1523 SendToSamResetBadPasswordCount = 1,
1524 SendToSamUpdatePasswordForward = 2,
1525 SendToSamUpdateLastLogonTimestamp = 3,
1526 SendToSamResetSmartCardPassword = 4
1527 } netr_SendToSamType;
1531 } netr_SendToSamResetBadPasswordCount;
1533 typedef [nodiscriminant, public,switch_type(netr_SendToSamType)] union {
1534 /* TODO Implement other SendToSam message types
1535 * [case(SendToSamUpdatePassword)] netr_SendToSamUpdatePassword ...; */
1536 [case(SendToSamResetBadPasswordCount)] netr_SendToSamResetBadPasswordCount reset_bad_password;
1538 * [case(SendToSamUpdatePasswordForward)] netrSendToSamUpdatePasswordForward ...;
1539 * [case(SendToSamUpdateLastLogonTimestamp)] netrSendToSamUpdateLastLogonTimestamp ...;
1540 * [case(SendToSamResetSmartCardPassword)] netrSendToSamResetSmartCardPassword ...;
1543 } netr_SendToSamMessage;
1545 typedef [public] struct {
1546 netr_SendToSamType message_type;
1547 uint32 message_size;
1548 [switch_is(message_type), subcontext(0), subcontext_size(message_size)] netr_SendToSamMessage message;
1549 } netr_SendToSamBase;
1553 NTSTATUS netr_NetrLogonSendToSam(
1554 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1555 [in] [string,charset(UTF16)] uint16 *computer_name,
1556 [in,ref] netr_Authenticator *credential,
1557 [out,ref] netr_Authenticator *return_authenticator,
1558 [in,ref] [size_is(buffer_len)] uint8 *opaque_buffer,
1559 [in] uint32 buffer_len
1566 [size_is(count)] lsa_String *sitename;
1567 } netr_DsRAddressToSitenamesWCtr;
1570 [size_is(size)] uint8 *buffer;
1574 WERROR netr_DsRAddressToSitenamesW(
1575 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1576 [in] [range(0,32000)] uint32 count,
1577 [in] [size_is(count)] [ref] netr_DsRAddress *addresses,
1578 [out] [ref] netr_DsRAddressToSitenamesWCtr **ctr
1583 WERROR netr_DsRGetDCNameEx2(
1584 [in,unique] [string,charset(UTF16)] uint16 *server_unc,
1585 [in,unique] [string,charset(UTF16)] uint16 *client_account,
1586 [in] samr_AcctFlags mask,
1587 [in,unique] [string,charset(UTF16)] uint16 *domain_name,
1588 [in,unique] GUID *domain_guid,
1589 [in,unique] [string,charset(UTF16)] uint16 *site_name,
1590 [in] netr_DsRGetDCName_flags flags,
1591 [out,ref] netr_DsRGetDCNameInfo **info
1596 [todo] WERROR netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN();
1601 typedef [public] struct {
1602 [string,charset(UTF16)] uint16 *netbios_name;
1603 [string,charset(UTF16)] uint16 *dns_name;
1604 netr_TrustFlags trust_flags;
1605 uint32 parent_index;
1606 lsa_TrustType trust_type;
1607 lsa_TrustAttributes trust_attributes;
1612 typedef [public] struct {
1614 [size_is(count)] netr_DomainTrust *array;
1615 } netr_DomainTrustList;
1617 WERROR netr_NetrEnumerateTrustedDomainsEx(
1618 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1619 [out,ref] netr_DomainTrustList *dom_trust_list
1626 [size_is(count)] lsa_String *sitename;
1627 [size_is(count)] lsa_String *subnetname;
1628 } netr_DsRAddressToSitenamesExWCtr;
1630 WERROR netr_DsRAddressToSitenamesExW(
1631 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1632 [in] [range(0,32000)] uint32 count,
1633 [in] [size_is(count)] [ref] netr_DsRAddress *addresses,
1634 [out] [ref] netr_DsRAddressToSitenamesExWCtr **ctr
1642 [size_is(num_sites)] [unique] lsa_String *sites;
1645 WERROR netr_DsrGetDcSiteCoverageW(
1646 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1647 [out,ref] DcSitesCtr **ctr
1652 typedef [public,bitmap32bit] bitmap {
1653 /* Request MUST be passed to the domain controller at the root of the forest. */
1654 NETLOGON_SAMLOGON_FLAG_PASS_TO_FOREST_ROOT = 0x00000001,
1655 /* Request MUST be passed to the DC at the end of the first hop over a cross-forest trust. */
1656 NETLOGON_SAMLOGON_FLAG_PASS_CROSS_FOREST_HOP = 0x00000002,
1657 /* Request was passed by an RODC to a DC in a different domain. */
1658 NETLOGON_SAMLOGON_FLAG_RODC_TO_OTHER_DOMAIN = 0x00000004,
1659 /* Request is an NTLM authentication package request passed by an RODC. */
1660 NETLOGON_SAMLOGON_FLAG_RODC_NTLM_REQUEST = 0x00000008
1661 } netr_LogonSamLogon_flags;
1663 NTSTATUS netr_LogonSamLogonEx(
1664 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1665 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
1666 [in] netr_LogonInfoClass logon_level,
1667 [in,ref] [switch_is(logon_level)] netr_LogonLevel *logon,
1668 [in] uint16 validation_level,
1669 [out,ref] [switch_is(validation_level)] netr_Validation *validation,
1670 [out,ref] uint8 *authoritative,
1671 [in,out,ref] netr_LogonSamLogon_flags *flags
1677 WERROR netr_DsrEnumerateDomainTrusts(
1678 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1679 [in] netr_TrustFlags trust_flags,
1680 [out,ref] netr_DomainTrustList *trusts
1686 WERROR netr_DsrDeregisterDNSHostRecords(
1687 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1688 [in,unique] [string,charset(UTF16)] uint16 *domain,
1689 [in,unique] GUID *domain_guid,
1690 [in,unique] GUID *dsa_guid,
1691 [in,ref] [string,charset(UTF16)] uint16 *dns_host
1696 NTSTATUS netr_ServerTrustPasswordsGet(
1697 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1698 [in] [string,charset(UTF16)] uint16 *account_name,
1699 [in] netr_SchannelType secure_channel_type,
1700 [in] [string,charset(UTF16)] uint16 *computer_name,
1701 [in,ref] netr_Authenticator *credential,
1702 [out,ref] netr_Authenticator *return_authenticator,
1703 [out,ref] samr_Password *new_owf_password,
1704 [out,ref] samr_Password *old_owf_password
1710 const int DS_GFTI_UPDATE_TDO = 0x1;
1712 WERROR netr_DsRGetForestTrustInformation(
1713 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1714 [in,unique] [string,charset(UTF16)] uint16 *trusted_domain_name,
1716 [out,ref] lsa_ForestTrustInformation **forest_trust_info
1721 NTSTATUS netr_GetForestTrustInformation(
1722 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1723 [in,ref] [string,charset(UTF16)] uint16 *computer_name,
1724 [in,ref] netr_Authenticator *credential,
1725 [out,ref] netr_Authenticator *return_authenticator,
1727 [out,ref] lsa_ForestTrustInformation **forest_trust_info
1733 /* this is the ADS varient. I don't yet know what the "flags" are for */
1734 NTSTATUS netr_LogonSamLogonWithFlags(
1735 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1736 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
1737 [in,unique] netr_Authenticator *credential,
1738 [in,out,unique] netr_Authenticator *return_authenticator,
1739 [in] netr_LogonInfoClass logon_level,
1740 [in,ref] [switch_is(logon_level)] netr_LogonLevel *logon,
1741 [in] uint16 validation_level,
1742 [out,ref] [switch_is(validation_level)] netr_Validation *validation,
1743 [out,ref] uint8 *authoritative,
1744 [in,out,ref] netr_LogonSamLogon_flags *flags
1752 [size_is(count)] uint32 *data;
1754 [size_is(count)] lsa_String *entries;
1757 NTSTATUS netr_ServerGetTrustInfo(
1758 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1759 [in,ref] [string,charset(UTF16)] uint16 *account_name,
1760 [in] netr_SchannelType secure_channel_type,
1761 [in,ref] [string,charset(UTF16)] uint16 *computer_name,
1762 [in,ref] netr_Authenticator *credential,
1763 [out,ref] netr_Authenticator *return_authenticator,
1764 [out,ref] samr_Password *new_owf_password,
1765 [out,ref] samr_Password *old_owf_password,
1766 [out,ref] netr_TrustInfo **trust_info
1772 NTSTATUS netr_Unused47(void);
1779 NlDnsLdapAtSite = 22,
1782 NlDnsKdcAtSite = 30,
1784 NlDnsRfc1510KdcAtSite = 34,
1785 NlDnsGenericGcAtSite = 36
1789 NlDnsInfoTypeNone = 0,
1790 NlDnsDomainName = 1,
1791 NlDnsDomainNameAlias = 2,
1792 NlDnsForestName = 3,
1793 NlDnsForestNameAlias = 4,
1794 NlDnsNdncDomainName = 5,
1796 } netr_DnsDomainInfoType;
1800 [string,charset(UTF16)] uint16 *dns_domain_info;
1801 netr_DnsDomainInfoType dns_domain_info_type;
1805 boolean32 dns_register;
1809 typedef [public] struct {
1811 [size_is(count)] NL_DNS_NAME_INFO *names;
1812 } NL_DNS_NAME_INFO_ARRAY;
1814 NTSTATUS netr_DsrUpdateReadOnlyServerDnsRecords(
1815 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1816 [in,ref] [string,charset(UTF16)] uint16 *computer_name,
1817 [in, ref] netr_Authenticator *credential,
1818 [out,ref] netr_Authenticator *return_authenticator,
1819 [in,unique] [string,charset(UTF16)] uint16 *site_name,
1820 [in] uint32 dns_ttl,
1821 [in,out,ref] NL_DNS_NAME_INFO_ARRAY *dns_names