3 much of this was derived from the ethereal sources - thanks to everyone
7 import "misc.idl", "lsa.idl", "samr.idl", "security.idl", "nbt.idl";
12 uuid("12345678-1234-abcd-ef00-01234567cffb"),
14 endpoint("ncacn_np:[\\pipe\\netlogon]","ncacn_ip_tcp:","ncalrpc:"),
15 pointer_default(unique)
20 typedef bitmap samr_AcctFlags samr_AcctFlags;
21 typedef bitmap samr_GroupAttrs samr_GroupAttrs;
27 [string,charset(UTF16)] uint16 *account_name;
38 time_t pw_must_change;
39 [string,charset(UTF16)] uint16 *computer;
40 [string,charset(UTF16)] uint16 *domain;
41 [string,charset(UTF16)] uint16 *script_path;
45 WERROR netr_LogonUasLogon(
46 [in,unique] [string,charset(UTF16)] uint16 *server_name,
47 [in] [string,charset(UTF16)] uint16 account_name[],
48 [in] [string,charset(UTF16)] uint16 workstation[],
49 [out,ref] netr_UasInfo *info
61 WERROR netr_LogonUasLogoff(
62 [in,unique] [string,charset(UTF16)] uint16 *server_name,
63 [in] [string,charset(UTF16)] uint16 account_name[],
64 [in] [string,charset(UTF16)] uint16 workstation[],
65 [out,ref] netr_UasLogoffInfo *info
72 /* in netr_AcctLockStr size seems to be be 24, and rrenard thinks
73 that the structure of the bindata looks like this:
75 dlong lockout_duration;
77 uint32 bad_attempt_lockout;
80 but it doesn't look as though this structure is reflected at the
81 NDR level. Maybe it is left to the application to decode the bindata array.
83 typedef [public] struct {
84 dlong lockout_duration;
86 uint32 bad_attempt_lockout;
90 /* - MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
91 * sets the NETLOGON_SERVER_TRUST_ACCOUNT user_flag
92 * - MSV1_0_UPDATE_LOGON_STATISTICS
93 * sets the logon time on network logon
94 * - MSV1_0_RETURN_USER_PARAMETERS
95 * sets the user parameters in the driveletter
96 * - MSV1_0_RETURN_PROFILE_PATH
97 * returns the profilepath in the driveletter and
98 * sets LOGON_PROFILE_PATH_RETURNED user_flag
101 typedef [public,bitmap32bit] bitmap {
102 MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = 0x00000002,
103 MSV1_0_UPDATE_LOGON_STATISTICS = 0x00000004,
104 MSV1_0_RETURN_USER_PARAMETERS = 0x00000008,
105 MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT = 0x00000020,
106 MSV1_0_RETURN_PROFILE_PATH = 0x00000200,
107 MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT = 0x00000800
108 } netr_LogonParameterControl;
111 lsa_String domain_name;
112 netr_LogonParameterControl parameter_control; /* see MSV1_0_* */
114 uint32 logon_id_high;
115 lsa_String account_name;
116 lsa_String workstation;
120 netr_IdentityInfo identity_info;
121 samr_Password lmpassword;
122 samr_Password ntpassword;
125 typedef [flag(NDR_PAHEX)] struct {
127 [value(length)] uint16 size;
128 [size_is(length),length_is(length)] uint8 *data;
129 } netr_ChallengeResponse;
131 typedef [flag(NDR_PAHEX)] struct {
132 netr_IdentityInfo identity_info;
134 netr_ChallengeResponse nt;
135 netr_ChallengeResponse lm;
138 typedef [public,switch_type(uint16)] union {
139 [case(1)] netr_PasswordInfo *password;
140 [case(2)] netr_NetworkInfo *network;
141 [case(3)] netr_PasswordInfo *password;
142 [case(5)] netr_PasswordInfo *password;
143 [case(6)] netr_NetworkInfo *network;
146 typedef [public,flag(NDR_PAHEX)] struct {
148 } netr_UserSessionKey;
150 typedef [public,flag(NDR_PAHEX)] struct {
154 /* Flags for user_flags below */
155 typedef [public,bitmap32bit] bitmap {
156 NETLOGON_GUEST = 0x00000001,
157 NETLOGON_NOENCRYPTION = 0x00000002,
158 NETLOGON_CACHED_ACCOUNT = 0x00000004,
159 NETLOGON_USED_LM_PASSWORD = 0x00000008,
160 NETLOGON_EXTRA_SIDS = 0x00000020,
161 NETLOGON_SUBAUTH_SESSION_KEY = 0x00000040,
162 NETLOGON_SERVER_TRUST_ACCOUNT = 0x00000080,
163 NETLOGON_NTLMV2_ENABLED = 0x00000100,
164 NETLOGON_RESOURCE_GROUPS = 0x00000200,
165 NETLOGON_PROFILE_PATH_RETURNED = 0x00000400,
166 NETLOGON_GRACE_LOGON = 0x01000000
173 NTTIME last_password_change;
174 NTTIME allow_password_change;
175 NTTIME force_password_change;
176 lsa_String account_name;
177 lsa_String full_name;
178 lsa_String logon_script;
179 lsa_String profile_path;
180 lsa_String home_directory;
181 lsa_String home_drive;
183 uint16 bad_password_count;
186 samr_RidWithAttributeArray groups;
187 netr_UserFlags user_flags;
188 netr_UserSessionKey key;
189 lsa_StringLarge logon_server;
190 lsa_StringLarge domain;
191 dom_sid2 *domain_sid;
192 netr_LMSessionKey LMSessKey;
193 samr_AcctFlags acct_flags;
198 netr_SamBaseInfo base;
203 samr_GroupAttrs attributes;
206 typedef [public] struct {
207 netr_SamBaseInfo base;
209 [size_is(sidcount)] netr_SidAttr *sids;
213 netr_SamBaseInfo base;
215 [size_is(sidcount)] netr_SidAttr *sids;
217 lsa_String principle;
223 [size_is(pac_size)] uint8 *pac;
224 lsa_String logon_domain;
225 lsa_String logon_server;
226 lsa_String principal_name;
228 [size_is(auth_size)] uint8 *auth;
229 netr_UserSessionKey user_session_key;
230 uint32 expansionroom[10];
237 typedef [public,switch_type(uint16)] union {
238 [case(2)] netr_SamInfo2 *sam2;
239 [case(3)] netr_SamInfo3 *sam3;
240 [case(4)] netr_PacInfo *pac;
241 [case(5)] netr_PacInfo *pac;
242 [case(6)] netr_SamInfo6 *sam6;
245 typedef [public, flag(NDR_PAHEX)] struct {
249 typedef [public] struct {
250 netr_Credential cred;
252 } netr_Authenticator;
255 INTERACTIVE_LOGON_TYPE = 1,
259 NTSTATUS netr_LogonSamLogon(
260 [in,unique] [string,charset(UTF16)] uint16 *server_name,
261 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
262 [in,unique] netr_Authenticator *credential,
263 [in,out,unique] netr_Authenticator *return_authenticator,
264 [in] netr_LogonLevel logon_level,
265 [in,ref] [switch_is(logon_level)] netr_LogonInfo *logon,
266 [in] uint16 validation_level,
267 [out,ref] [switch_is(validation_level)] netr_Validation *validation,
268 [out,ref] uint8 *authoritative
275 NTSTATUS netr_LogonSamLogoff(
276 [in,unique] [string,charset(UTF16)] uint16 *server_name,
277 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
278 [in,unique] netr_Authenticator *credential,
279 [in,out,unique] netr_Authenticator *return_authenticator,
280 [in] netr_LogonLevel logon_level,
281 [in] [switch_is(logon_level)] netr_LogonInfo logon
289 NTSTATUS netr_ServerReqChallenge(
290 [in,unique,string,charset(UTF16)] uint16 *server_name,
291 [in,string,charset(UTF16)] uint16 computer_name[],
292 [in,ref] netr_Credential *credentials,
293 [out,ref] netr_Credential *return_credentials
300 typedef enum netr_SchannelType netr_SchannelType;
302 NTSTATUS netr_ServerAuthenticate(
303 [in,unique,string,charset(UTF16)] uint16 *server_name,
304 [in,string,charset(UTF16)] uint16 account_name[],
305 [in] netr_SchannelType secure_channel_type,
306 [in,string,charset(UTF16)] uint16 computer_name[],
307 [in,ref] netr_Credential *credentials,
308 [out,ref] netr_Credential *return_credentials
315 NTSTATUS netr_ServerPasswordSet(
316 [in,unique] [string,charset(UTF16)] uint16 *server_name,
317 [in] [string,charset(UTF16)] uint16 account_name[],
318 [in] netr_SchannelType secure_channel_type,
319 [in] [string,charset(UTF16)] uint16 computer_name[],
320 [in,ref] netr_Authenticator *credential,
321 [out,ref] netr_Authenticator *return_authenticator,
322 [in,ref] samr_Password *new_password
329 typedef enum netr_SamDatabaseID netr_SamDatabaseID;
332 [string,charset(UTF16)] uint16 *account_name;
341 } netr_DELTA_DELETE_USER;
345 [value(length)] uint16 size;
352 [value(nt_length)] uint16 nt_size;
355 [value(lm_length)] uint16 lm_size;
357 uint8 nt_history[nt_length];
358 uint8 lm_history[lm_length];
359 } netr_PasswordHistory;
362 netr_USER_KEY16 lmpassword;
363 netr_USER_KEY16 ntpassword;
364 netr_PasswordHistory history;
367 typedef struct { /* TODO: make this a union! */
368 netr_USER_KEYS2 keys2;
369 } netr_USER_KEY_UNION;
371 typedef [public] struct {
373 netr_USER_KEY_UNION keys;
377 boolean8 SensitiveDataFlag;
380 /* netr_USER_KEYS encrypted with the session key */
381 [size_is(DataLength)][flag(NDR_PAHEX)] uint8 *SensitiveData;
382 } netr_USER_PRIVATE_INFO;
385 lsa_String account_name;
386 lsa_String full_name;
389 lsa_String home_directory;
390 lsa_String home_drive;
391 lsa_String logon_script;
392 lsa_String description;
393 lsa_String workstations;
396 samr_LogonHours logon_hours;
397 uint16 bad_password_count;
399 NTTIME last_password_change;
401 samr_AcctFlags acct_flags;
402 samr_Password lmpassword;
403 samr_Password ntpassword;
404 boolean8 nt_password_present;
405 boolean8 lm_password_present;
406 boolean8 password_expired;
408 lsa_String parameters;
411 netr_USER_PRIVATE_INFO user_private_info;
412 uint32 SecurityInformation;
414 lsa_String profile_path;
425 lsa_String domain_name;
427 dlong force_logoff_time;
428 uint16 min_password_length;
429 uint16 password_history_length;
430 /* yes, these are signed. They are in negative 100ns */
431 dlong max_password_age;
432 dlong min_password_age;
434 NTTIME domain_create_time;
435 uint32 SecurityInformation;
437 lsa_BinaryString account_lockout;
441 uint32 logon_to_chgpass;
448 lsa_String group_name;
451 lsa_String description;
452 uint32 SecurityInformation;
478 [size_is(num_rids)] uint32 *rids;
479 [size_is(num_rids)] uint32 *attribs;
485 } netr_DELTA_GROUP_MEMBER;
488 lsa_String alias_name;
490 uint32 SecurityInformation;
492 lsa_String description;
508 } netr_DELTA_ALIAS_MEMBER;
511 uint32 pagedpoollimit;
512 uint32 nonpagedpoollimit;
513 uint32 minimumworkingsetsize;
514 uint32 maximumworkingsetsize;
515 uint32 pagefilelimit;
521 NTTIME auditretentionperiod;
522 boolean8 auditingmode;
523 uint32 maxauditeventcount;
524 [size_is(maxauditeventcount+1)] uint32 *eventauditoptions;
525 lsa_String primary_domain_name;
527 netr_QUOTA_LIMITS quota_limits;
529 NTTIME db_create_time;
530 uint32 SecurityInformation;
543 lsa_String domain_name;
544 uint32 num_controllers;
545 [size_is(num_controllers)] lsa_String *controller_names;
546 uint32 SecurityInformation;
556 } netr_DELTA_TRUSTED_DOMAIN;
560 } netr_DELTA_DELETE_TRUST;
563 uint32 privilege_entries;
564 uint32 privilege_control;
565 [size_is(privilege_entries)] uint32 *privilege_attrib;
566 [size_is(privilege_entries)] lsa_String *privilege_name;
567 netr_QUOTA_LIMITS quotalimits;
569 uint32 SecurityInformation;
579 } netr_DELTA_ACCOUNT;
583 } netr_DELTA_DELETE_ACCOUNT;
587 } netr_DELTA_DELETE_SECRET;
592 [size_is(maxlen)][length_is(len)] uint8 *cipher_data;
596 netr_CIPHER_VALUE current_cipher;
597 NTTIME current_cipher_set_time;
598 netr_CIPHER_VALUE old_cipher;
599 NTTIME old_cipher_set_time;
600 uint32 SecurityInformation;
613 NETR_DELTA_DOMAIN = 1,
614 NETR_DELTA_GROUP = 2,
615 NETR_DELTA_DELETE_GROUP = 3,
616 NETR_DELTA_RENAME_GROUP = 4,
618 NETR_DELTA_DELETE_USER = 6,
619 NETR_DELTA_RENAME_USER = 7,
620 NETR_DELTA_GROUP_MEMBER = 8,
621 NETR_DELTA_ALIAS = 9,
622 NETR_DELTA_DELETE_ALIAS = 10,
623 NETR_DELTA_RENAME_ALIAS = 11,
624 NETR_DELTA_ALIAS_MEMBER = 12,
625 NETR_DELTA_POLICY = 13,
626 NETR_DELTA_TRUSTED_DOMAIN = 14,
627 NETR_DELTA_DELETE_TRUST = 15,
628 NETR_DELTA_ACCOUNT = 16,
629 NETR_DELTA_DELETE_ACCOUNT = 17,
630 NETR_DELTA_SECRET = 18,
631 NETR_DELTA_DELETE_SECRET = 19,
632 NETR_DELTA_DELETE_GROUP2 = 20,
633 NETR_DELTA_DELETE_USER2 = 21,
634 NETR_DELTA_MODIFY_COUNT = 22
637 typedef [switch_type(netr_DeltaEnum)] union {
638 [case(NETR_DELTA_DOMAIN)] netr_DELTA_DOMAIN *domain;
639 [case(NETR_DELTA_GROUP)] netr_DELTA_GROUP *group;
640 [case(NETR_DELTA_DELETE_GROUP)] ; /* rid only */
641 [case(NETR_DELTA_RENAME_GROUP)] netr_DELTA_RENAME *rename_group;
642 [case(NETR_DELTA_USER)] netr_DELTA_USER *user;
643 [case(NETR_DELTA_DELETE_USER)] ; /* rid only */
644 [case(NETR_DELTA_RENAME_USER)] netr_DELTA_RENAME *rename_user;
645 [case(NETR_DELTA_GROUP_MEMBER)] netr_DELTA_GROUP_MEMBER *group_member;
646 [case(NETR_DELTA_ALIAS)] netr_DELTA_ALIAS *alias;
647 [case(NETR_DELTA_DELETE_ALIAS)] ; /* rid only */
648 [case(NETR_DELTA_RENAME_ALIAS)] netr_DELTA_RENAME *rename_alias;
649 [case(NETR_DELTA_ALIAS_MEMBER)] netr_DELTA_ALIAS_MEMBER *alias_member;
650 [case(NETR_DELTA_POLICY)] netr_DELTA_POLICY *policy;
651 [case(NETR_DELTA_TRUSTED_DOMAIN)] netr_DELTA_TRUSTED_DOMAIN *trusted_domain;
652 [case(NETR_DELTA_DELETE_TRUST)] netr_DELTA_DELETE_TRUST delete_trust;
653 [case(NETR_DELTA_ACCOUNT)] netr_DELTA_ACCOUNT *account;
654 [case(NETR_DELTA_DELETE_ACCOUNT)] netr_DELTA_DELETE_ACCOUNT delete_account;
655 [case(NETR_DELTA_SECRET)] netr_DELTA_SECRET *secret;
656 [case(NETR_DELTA_DELETE_SECRET)] netr_DELTA_DELETE_SECRET delete_secret;
657 [case(NETR_DELTA_DELETE_GROUP2)] netr_DELTA_DELETE_USER *delete_group;
658 [case(NETR_DELTA_DELETE_USER2)] netr_DELTA_DELETE_USER *delete_user;
659 [case(NETR_DELTA_MODIFY_COUNT)] udlong *modified_count;
662 typedef [switch_type(netr_DeltaEnum)] union {
663 [case(NETR_DELTA_DOMAIN)] uint32 rid;
664 [case(NETR_DELTA_GROUP)] uint32 rid;
665 [case(NETR_DELTA_DELETE_GROUP)] uint32 rid;
666 [case(NETR_DELTA_RENAME_GROUP)] uint32 rid;
667 [case(NETR_DELTA_USER)] uint32 rid;
668 [case(NETR_DELTA_DELETE_USER)] uint32 rid;
669 [case(NETR_DELTA_RENAME_USER)] uint32 rid;
670 [case(NETR_DELTA_GROUP_MEMBER)] uint32 rid;
671 [case(NETR_DELTA_ALIAS)] uint32 rid;
672 [case(NETR_DELTA_DELETE_ALIAS)] uint32 rid;
673 [case(NETR_DELTA_RENAME_ALIAS)] uint32 rid;
674 [case(NETR_DELTA_ALIAS_MEMBER)] uint32 rid;
675 [case(NETR_DELTA_POLICY)] dom_sid2 *sid;
676 [case(NETR_DELTA_TRUSTED_DOMAIN)] dom_sid2 *sid;
677 [case(NETR_DELTA_DELETE_TRUST)] dom_sid2 *sid;
678 [case(NETR_DELTA_ACCOUNT)] dom_sid2 *sid;
679 [case(NETR_DELTA_DELETE_ACCOUNT)] dom_sid2 *sid;
680 [case(NETR_DELTA_SECRET)] [string,charset(UTF16)] uint16 *name;
681 [case(NETR_DELTA_DELETE_SECRET)] [string,charset(UTF16)] uint16 *name;
682 [case(NETR_DELTA_DELETE_GROUP2)] uint32 rid;
683 [case(NETR_DELTA_DELETE_USER2)] uint32 rid;
684 [case(NETR_DELTA_MODIFY_COUNT)] ;
685 } netr_DELTA_ID_UNION;
688 netr_DeltaEnum delta_type;
689 [switch_is(delta_type)] netr_DELTA_ID_UNION delta_id_union;
690 [switch_is(delta_type)] netr_DELTA_UNION delta_union;
695 [size_is(num_deltas)] netr_DELTA_ENUM *delta_enum;
696 } netr_DELTA_ENUM_ARRAY;
699 NTSTATUS netr_DatabaseDeltas(
700 [in] [string,charset(UTF16)] uint16 logon_server[],
701 [in] [string,charset(UTF16)] uint16 computername[],
702 [in,ref] netr_Authenticator *credential,
703 [in,out,ref] netr_Authenticator *return_authenticator,
704 [in] netr_SamDatabaseID database_id,
705 [in,out,ref] udlong *sequence_num,
706 [out,ref] netr_DELTA_ENUM_ARRAY **delta_enum_array,
707 [in] uint32 preferredmaximumlength
714 NTSTATUS netr_DatabaseSync(
715 [in] [string,charset(UTF16)] uint16 logon_server[],
716 [in] [string,charset(UTF16)] uint16 computername[],
717 [in] netr_Authenticator credential,
718 [in,out,ref] netr_Authenticator *return_authenticator,
719 [in] netr_SamDatabaseID database_id,
720 [in,out,ref] uint32 *sync_context,
721 [in] uint32 preferredmaximumlength,
722 [out,ref] netr_DELTA_ENUM_ARRAY *delta_enum_array
729 /* w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this call */
731 typedef [flag(NDR_PAHEX)] struct {
732 uint8 computer_name[16];
734 uint32 serial_number;
738 [flag(NDR_REMAINING)] DATA_BLOB blob;
739 } netr_AccountBuffer;
741 NTSTATUS netr_AccountDeltas(
742 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
743 [in] [string,charset(UTF16)] uint16 computername[],
744 [in] netr_Authenticator credential,
745 [in,out,ref] netr_Authenticator *return_authenticator,
746 [in] netr_UAS_INFO_0 uas,
749 [in] uint32 buffersize,
750 [out,ref,subcontext(4)] netr_AccountBuffer *buffer,
751 [out,ref] uint32 *count_returned,
752 [out,ref] uint32 *total_entries,
753 [out,ref] netr_UAS_INFO_0 *recordid
760 NTSTATUS netr_AccountSync(
761 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
762 [in] [string,charset(UTF16)] uint16 computername[],
763 [in] netr_Authenticator credential,
764 [in,out,ref] netr_Authenticator *return_authenticator,
765 [in] uint32 reference,
767 [in] uint32 buffersize,
768 [out,ref,subcontext(4)] netr_AccountBuffer *buffer,
769 [out,ref] uint32 *count_returned,
770 [out,ref] uint32 *total_entries,
771 [out,ref] uint32 *next_reference,
772 [in,out,ref] netr_UAS_INFO_0 *recordid
779 WERROR netr_GetDcName(
780 [in] [string,charset(UTF16)] uint16 logon_server[],
781 [in,unique] [string,charset(UTF16)] uint16 *domainname,
782 [out,ref] [string,charset(UTF16)] uint16 **dcname
788 typedef [bitmap32bit] bitmap {
789 NETLOGON_CTRL_REPL_NEEDED = 0x0001,
790 NETLOGON_CTRL_REPL_IN_PROGRESS = 0x0002,
791 NETLOGON_CTRL_REPL_FULL_SYNC = 0x0004
795 netr_InfoFlags flags;
796 uint32 pdc_connection_status;
797 } netr_NETLOGON_INFO_1;
800 netr_InfoFlags flags;
801 uint32 pdc_connection_status;
802 [string,charset(UTF16)] uint16 *trusted_dc_name;
803 uint32 tc_connection_status;
804 } netr_NETLOGON_INFO_2;
807 netr_InfoFlags flags;
808 uint32 logon_attempts;
814 } netr_NETLOGON_INFO_3;
817 [case(1)] netr_NETLOGON_INFO_1 *info1;
818 [case(2)] netr_NETLOGON_INFO_2 *info2;
819 [case(3)] netr_NETLOGON_INFO_3 *info3;
820 } netr_CONTROL_QUERY_INFORMATION;
822 /* function_code values */
823 typedef [v1_enum] enum {
824 NETLOGON_CONTROL_SYNC = 2,
825 NETLOGON_CONTROL_REDISCOVER = 5,
826 NETLOGON_CONTROL_TC_QUERY = 6,
827 NETLOGON_CONTROL_TRANSPORT_NOTIFY = 7,
828 NETLOGON_CONTROL_SET_DBFLAG = 65534
829 } netr_LogonControlCode;
831 WERROR netr_LogonControl(
832 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
833 [in] netr_LogonControlCode function_code,
835 [out,ref,switch_is(level)] netr_CONTROL_QUERY_INFORMATION *info
842 WERROR netr_GetAnyDCName(
843 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
844 [in,unique] [string,charset(UTF16)] uint16 *domainname,
845 [out,ref] [string,charset(UTF16)] uint16 **dcname
853 [case(NETLOGON_CONTROL_REDISCOVER)] [string,charset(UTF16)] uint16 *domain;
854 [case(NETLOGON_CONTROL_TC_QUERY)] [string,charset(UTF16)] uint16 *domain;
855 [case(NETLOGON_CONTROL_TRANSPORT_NOTIFY)] [string,charset(UTF16)] uint16 *domain;
856 [case(NETLOGON_CONTROL_SET_DBFLAG)] uint32 debug_level;
857 } netr_CONTROL_DATA_INFORMATION;
859 WERROR netr_LogonControl2(
860 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
861 [in] netr_LogonControlCode function_code,
863 [in,ref][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION *data,
864 [out,ref][switch_is(level)] netr_CONTROL_QUERY_INFORMATION *query
868 /* If NETLOGON_NEG_ARCFOUR flag is not set, then the passwords and LM
869 * session keys are encrypted with DES calls. (And the user session key
875 typedef [bitmap32bit] bitmap {
876 NETLOGON_NEG_ACCOUNT_LOCKOUT = 0x00000001,
877 NETLOGON_NEG_PERSISTENT_SAMREPL = 0x00000002,
878 NETLOGON_NEG_ARCFOUR = 0x00000004,
879 NETLOGON_NEG_PROMOTION_COUNT = 0x00000008,
880 NETLOGON_NEG_CHANGELOG_BDC = 0x00000010,
881 NETLOGON_NEG_FULL_SYNC_REPL = 0x00000020,
882 NETLOGON_NEG_MULTIPLE_SIDS = 0x00000040,
883 NETLOGON_NEG_REDO = 0x00000080,
884 NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL = 0x00000100,
885 NETLOGON_NEG_SEND_PASSWORD_INFO_PDC = 0x00000200,
886 NETLOGON_NEG_GENERIC_PASSTHROUGH = 0x00000400,
887 NETLOGON_NEG_CONCURRENT_RPC = 0x00000800,
888 NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL = 0x00001000,
889 NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL = 0x00002000,
890 NETLOGON_NEG_128BIT = 0x00004000, /* STRONG_KEYS */
891 NETLOGON_NEG_TRANSITIVE_TRUSTS = 0x00008000,
892 NETLOGON_NEG_DNS_DOMAIN_TRUSTS = 0x00010000,
893 NETLOGON_NEG_PASSWORD_SET2 = 0x00020000,
894 NETLOGON_NEG_GETDOMAININFO = 0x00040000,
895 NETLOGON_NEG_CROSS_FOREST_TRUSTS = 0x00080000,
896 NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION = 0x00100000,
897 NETLOGON_NEG_RODC_PASSTHROUGH = 0x00200000,
898 NETLOGON_NEG_AUTHENTICATED_RPC_LSASS = 0x20000000,
899 NETLOGON_NEG_SCHANNEL = 0x40000000 /* AUTHENTICATED_RPC */
900 } netr_NegotiateFlags;
902 NTSTATUS netr_ServerAuthenticate2(
903 [in,unique] [string,charset(UTF16)] uint16 *server_name,
904 [in] [string,charset(UTF16)] uint16 account_name[],
905 [in] netr_SchannelType secure_channel_type,
906 [in] [string,charset(UTF16)] uint16 computer_name[],
907 [in,ref] netr_Credential *credentials,
908 [out,ref] netr_Credential *return_credentials,
909 [in,out,ref] netr_NegotiateFlags *negotiate_flags
916 NTSTATUS netr_DatabaseSync2(
917 [in] [string,charset(UTF16)] uint16 logon_server[],
918 [in] [string,charset(UTF16)] uint16 computername[],
919 [in] netr_Authenticator *credential,
920 [in,out,ref] netr_Authenticator *return_authenticator,
921 [in] netr_SamDatabaseID database_id,
922 [in] uint16 restart_state,
923 [in,out,ref] uint32 *sync_context,
924 [out,ref] netr_DELTA_ENUM_ARRAY **delta_enum_array,
925 [in] uint32 preferredmaximumlength
932 /* i'm not at all sure how this call works */
934 NTSTATUS netr_DatabaseRedo(
935 [in] [string,charset(UTF16)] uint16 logon_server[],
936 [in] [string,charset(UTF16)] uint16 computername[],
937 [in] netr_Authenticator credential,
938 [in,out,ref] netr_Authenticator *return_authenticator,
939 [in,unique][size_is(change_log_entry_size)] uint8 *change_log_entry,
940 [in] uint32 change_log_entry_size,
941 [out,ref] netr_DELTA_ENUM_ARRAY *delta_enum_array
948 WERROR netr_LogonControl2Ex(
949 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
950 [in] uint32 function_code,
952 [in][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION data,
953 [out,ref][switch_is(level)] netr_CONTROL_QUERY_INFORMATION *query
960 [size_is(length)] uint8 *data;
963 WERROR netr_NetrEnumerateTrustedDomains(
964 [in,unique] [string,charset(UTF16)] uint16 *server_name,
965 [out,ref] netr_Blob *trusted_domains_blob
971 /* one unkown bit still: DS_IP_VERSION_AGNOSTIC - gd*/
973 const int DSGETDC_VALID_FLAGS = (DS_FORCE_REDISCOVERY |
974 DS_DIRECTORY_SERVICE_REQUIRED |
975 DS_DIRECTORY_SERVICE_PREFERRED |
976 DS_GC_SERVER_REQUIRED |
981 DS_TIMESERV_REQUIRED |
982 DS_WRITABLE_REQUIRED |
983 DS_GOOD_TIMESERV_PREFERRED |
985 DS_ONLY_LDAP_NEEDED |
988 DS_RETURN_FLAT_NAME |
991 typedef [bitmap32bit] bitmap {
992 DS_FORCE_REDISCOVERY = 0x00000001,
993 DS_DIRECTORY_SERVICE_REQUIRED = 0x00000010,
994 DS_DIRECTORY_SERVICE_PREFERRED = 0x00000020,
995 DS_GC_SERVER_REQUIRED = 0x00000040,
996 DS_PDC_REQUIRED = 0x00000080,
997 DS_BACKGROUND_ONLY = 0x00000100,
998 DS_IP_REQUIRED = 0x00000200,
999 DS_KDC_REQUIRED = 0x00000400,
1000 DS_TIMESERV_REQUIRED = 0x00000800,
1001 DS_WRITABLE_REQUIRED = 0x00001000,
1002 DS_GOOD_TIMESERV_PREFERRED = 0x00002000,
1003 DS_AVOID_SELF = 0x00004000,
1004 DS_ONLY_LDAP_NEEDED = 0x00008000,
1005 DS_IS_FLAT_NAME = 0x00010000,
1006 DS_IS_DNS_NAME = 0x00020000,
1007 DS_TRY_NEXTCLOSEST_SITE = 0x00040000,
1008 DS_DIRECTORY_SERVICE_6_REQUIRED = 0x00080000,
1009 DS_RETURN_DNS_NAME = 0x40000000,
1010 DS_RETURN_FLAT_NAME = 0x80000000
1011 } netr_DsRGetDCName_flags;
1013 typedef [v1_enum] enum {
1014 DS_ADDRESS_TYPE_INET = 1,
1015 DS_ADDRESS_TYPE_NETBIOS = 2
1016 } netr_DsRGetDCNameInfo_AddressType;
1018 typedef [bitmap32bit] bitmap {
1019 DS_SERVER_PDC = NBT_SERVER_PDC,
1020 DS_SERVER_GC = NBT_SERVER_GC,
1021 DS_SERVER_LDAP = NBT_SERVER_LDAP,
1022 DS_SERVER_DS = NBT_SERVER_DS,
1023 DS_SERVER_KDC = NBT_SERVER_KDC,
1024 DS_SERVER_TIMESERV = NBT_SERVER_TIMESERV,
1025 DS_SERVER_CLOSEST = NBT_SERVER_CLOSEST,
1026 DS_SERVER_WRITABLE = NBT_SERVER_WRITABLE,
1027 DS_SERVER_GOOD_TIMESERV = NBT_SERVER_GOOD_TIMESERV,
1028 DS_SERVER_NDNC = NBT_SERVER_NDNC,
1029 DS_SERVER_SELECT_SECRET_DOMAIN_6 = NBT_SERVER_SELECT_SECRET_DOMAIN_6,
1030 DS_SERVER_FULL_SECRET_DOMAIN_6 = NBT_SERVER_FULL_SECRET_DOMAIN_6,
1031 DS_DNS_CONTROLLER = 0x20000000,
1032 DS_DNS_DOMAIN = 0x40000000,
1033 DS_DNS_FOREST = 0x80000000
1036 typedef [public] struct {
1037 [string,charset(UTF16)] uint16 *dc_unc;
1038 [string,charset(UTF16)] uint16 *dc_address;
1039 netr_DsRGetDCNameInfo_AddressType dc_address_type;
1041 [string,charset(UTF16)] uint16 *domain_name;
1042 [string,charset(UTF16)] uint16 *forest_name;
1043 netr_DsR_DcFlags dc_flags;
1044 [string,charset(UTF16)] uint16 *dc_site_name;
1045 [string,charset(UTF16)] uint16 *client_site_name;
1046 } netr_DsRGetDCNameInfo;
1048 WERROR netr_DsRGetDCName(
1049 [in,unique] [string,charset(UTF16)] uint16 *server_unc,
1050 [in,unique] [string,charset(UTF16)] uint16 *domain_name,
1051 [in,unique] GUID *domain_guid,
1052 [in,unique] GUID *site_guid,
1053 [in] netr_DsRGetDCName_flags flags,
1054 [out,ref] netr_DsRGetDCNameInfo **info
1059 [todo] WERROR netr_NETRLOGONDUMMYROUTINE1();
1063 [todo] WERROR netr_NETRLOGONSETSERVICEBITS();
1067 WERROR netr_LogonGetTrustRid(
1068 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1069 [in,unique] [string,charset(UTF16)] uint16 *domain_name,
1070 [out,ref] uint32 *rid
1075 [todo] WERROR netr_NETRLOGONCOMPUTESERVERDIGEST();
1079 [todo] WERROR netr_NETRLOGONCOMPUTECLIENTDIGEST();
1083 NTSTATUS netr_ServerAuthenticate3(
1084 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1085 [in] [string,charset(UTF16)] uint16 account_name[],
1086 [in] netr_SchannelType secure_channel_type,
1087 [in] [string,charset(UTF16)] uint16 computer_name[],
1088 [in,out,ref] netr_Credential *credentials,
1089 [in,out,ref] netr_NegotiateFlags *negotiate_flags,
1090 [out,ref] uint32 *rid
1096 WERROR netr_DsRGetDCNameEx(
1097 [in,unique] [string,charset(UTF16)] uint16 *server_unc,
1098 [in,unique] [string,charset(UTF16)] uint16 *domain_name,
1099 [in,unique] GUID *domain_guid,
1100 [in,unique] [string,charset(UTF16)] uint16 *site_name,
1101 [in] netr_DsRGetDCName_flags flags,
1102 [out,ref] netr_DsRGetDCNameInfo **info
1107 WERROR netr_DsRGetSiteName(
1108 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
1109 [out,ref] [string,charset(UTF16)] uint16 **site
1114 typedef [bitmap32bit] bitmap {
1115 NETR_TRUST_FLAG_IN_FOREST = 0x00000001,
1116 NETR_TRUST_FLAG_OUTBOUND = 0x00000002,
1117 NETR_TRUST_FLAG_TREEROOT = 0x00000004,
1118 NETR_TRUST_FLAG_PRIMARY = 0x00000008,
1119 NETR_TRUST_FLAG_NATIVE = 0x00000010,
1120 NETR_TRUST_FLAG_INBOUND = 0x00000020,
1121 NETR_TRUST_FLAG_MIT_KRB5 = 0x00000080,
1122 NETR_TRUST_FLAG_AES = 0x00000100
1125 typedef [flag(NDR_PAHEX)] struct {
1128 [size_is(size/2),length_is(length/2)] uint16 *data;
1129 } netr_BinaryString;
1133 [string,charset(UTF16)] uint16 *workstation_domain;
1134 [string,charset(UTF16)] uint16 *workstation_site;
1135 [string,charset(UTF16)] uint16 *unknown1;
1136 [string,charset(UTF16)] uint16 *unknown2;
1137 [string,charset(UTF16)] uint16 *unknown3;
1138 [string,charset(UTF16)] uint16 *unknown4;
1139 netr_BinaryString blob2;
1141 lsa_String unknown5;
1142 lsa_String unknown6;
1144 } netr_DomainQuery1;
1147 [case(1)] netr_DomainQuery1 *query1;
1148 [case(2)] netr_DomainQuery1 *query1;
1152 /* these first 3 values come from the fact windows
1153 actually encodes this structure as a UNICODE_STRING
1154 - see MS-NRPC section 2.2.1.3.9 */
1155 [value(8)] uint32 length;
1156 [value(0)] uint32 dummy;
1157 [value(8)] uint32 size;
1158 netr_TrustFlags flags;
1159 uint32 parent_index;
1161 uint32 trust_attributes;
1162 } netr_trust_extension;
1165 uint16 length; /* value is 16 when info != NULL, otherwise 0 */
1166 [value(length)] uint16 size; /* value is 16 when info != NULL, otherwise 0 */
1167 netr_trust_extension *info;
1168 } netr_trust_extension_container;
1171 lsa_String domainname;
1172 lsa_String fulldomainname;
1176 netr_trust_extension_container trust_extension;
1177 lsa_String dummystring[3];
1179 } netr_DomainTrustInfo;
1183 [size_is(policy_size)] uint8 *policy;
1184 } netr_LsaPolicyInfo;
1186 typedef [public,bitmap32bit] bitmap {
1187 NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS = 0x00000001,
1188 NETR_WS_FLAG_HANDLES_SPN_UPDATE = 0x00000002
1189 } netr_WorkstationFlags;
1192 netr_DomainTrustInfo domaininfo;
1194 [size_is(num_trusts)] netr_DomainTrustInfo *trusts;
1195 netr_LsaPolicyInfo lsa_policy;
1196 lsa_String dns_hostname;
1197 lsa_String dummystring[3];
1198 netr_WorkstationFlags workstation_flags;
1199 uint32 supported_enc_types;
1204 [case(1)] netr_DomainInfo1 *info1;
1205 [case(2)] netr_DomainInfo1 *info2;
1208 NTSTATUS netr_LogonGetDomainInfo(
1209 [in] [string,charset(UTF16)] uint16 server_name[],
1210 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
1211 [in,ref] netr_Authenticator *credential,
1212 [in,out,ref] netr_Authenticator *return_authenticator,
1214 [in,switch_is(level)] netr_DomainQuery query,
1215 [out,ref,switch_is(level)] netr_DomainInfo *info
1218 typedef [flag(NDR_PAHEX)] struct {
1221 } netr_CryptPassword;
1225 NTSTATUS netr_ServerPasswordSet2(
1226 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1227 [in] [string,charset(UTF16)] uint16 account_name[],
1228 [in] netr_SchannelType secure_channel_type,
1229 [in] [string,charset(UTF16)] uint16 computer_name[],
1230 [in,ref] netr_Authenticator *credential,
1231 [out,ref] netr_Authenticator *return_authenticator,
1232 [in,ref] netr_CryptPassword *new_password
1237 WERROR netr_ServerPasswordGet(
1238 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1239 [in] [string,charset(UTF16)] uint16 account_name[],
1240 [in] netr_SchannelType secure_channel_type,
1241 [in] [string,charset(UTF16)] uint16 computer_name[],
1242 [in,ref] netr_Authenticator *credential,
1243 [out,ref] netr_Authenticator *return_authenticator,
1244 [out,ref] samr_Password *password
1249 [todo] WERROR netr_NETRLOGONSENDTOSAM();
1255 [size_is(count)] lsa_String *sitename;
1256 } netr_DsRAddressToSitenamesWCtr;
1259 [size_is(size)] uint8 *buffer;
1263 WERROR netr_DsRAddressToSitenamesW(
1264 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1265 [in] [range(0,32000)] uint32 count,
1266 [in] [size_is(count)] [ref] netr_DsRAddress *addresses,
1267 [out] [ref] netr_DsRAddressToSitenamesWCtr **ctr
1272 WERROR netr_DsRGetDCNameEx2(
1273 [in,unique] [string,charset(UTF16)] uint16 *server_unc,
1274 [in,unique] [string,charset(UTF16)] uint16 *client_account,
1275 [in] samr_AcctFlags mask,
1276 [in,unique] [string,charset(UTF16)] uint16 *domain_name,
1277 [in,unique] GUID *domain_guid,
1278 [in,unique] [string,charset(UTF16)] uint16 *site_name,
1279 [in] netr_DsRGetDCName_flags flags,
1280 [out,ref] netr_DsRGetDCNameInfo **info
1285 [todo] WERROR netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN();
1289 typedef [v1_enum] enum {
1290 NETR_TRUST_TYPE_DOWNLEVEL = 1,
1291 NETR_TRUST_TYPE_UPLEVEL = 2,
1292 NETR_TRUST_TYPE_MIT = 3,
1293 NETR_TRUST_TYPE_DCE = 4
1296 typedef [bitmap32bit] bitmap {
1297 NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE = 0x00000001,
1298 NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY = 0x00000002,
1299 NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN = 0x00000004,
1300 NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE = 0x00000008,
1301 NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION = 0x00000010,
1302 NETR_TRUST_ATTRIBUTE_WITHIN_FOREST = 0x00000020,
1303 NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL = 0x00000040
1304 } netr_TrustAttributes;
1307 [string,charset(UTF16)] uint16 *netbios_name;
1308 [string,charset(UTF16)] uint16 *dns_name;
1309 netr_TrustFlags trust_flags;
1310 uint32 parent_index;
1311 netr_TrustType trust_type;
1312 netr_TrustAttributes trust_attributes;
1319 [size_is(count)] netr_DomainTrust *array;
1320 } netr_DomainTrustList;
1322 WERROR netr_NetrEnumerateTrustedDomainsEx(
1323 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1324 [out,ref] netr_DomainTrustList *dom_trust_list
1331 [size_is(count)] lsa_String *sitename;
1332 [size_is(count)] lsa_String *subnetname;
1333 } netr_DsRAddressToSitenamesExWCtr;
1335 WERROR netr_DsRAddressToSitenamesExW(
1336 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1337 [in] [range(0,32000)] uint32 count,
1338 [in] [size_is(count)] [ref] netr_DsRAddress *addresses,
1339 [out] [ref] netr_DsRAddressToSitenamesExWCtr **ctr
1347 [size_is(num_sites)] [unique] lsa_String *sites;
1350 WERROR netr_DsrGetDcSiteCoverageW(
1351 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1352 [out,ref] DcSitesCtr *ctr
1357 NTSTATUS netr_LogonSamLogonEx(
1358 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1359 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
1360 [in] netr_LogonLevel logon_level,
1361 [in,ref] [switch_is(logon_level)] netr_LogonInfo *logon,
1362 [in] uint16 validation_level,
1363 [out,ref] [switch_is(validation_level)] netr_Validation *validation,
1364 [out,ref] uint8 *authoritative,
1365 [in,out,ref] uint32 *flags
1371 WERROR netr_DsrEnumerateDomainTrusts(
1372 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1373 [in] netr_TrustFlags trust_flags,
1374 [out,ref] netr_DomainTrustList *trusts
1380 WERROR netr_DsrDeregisterDNSHostRecords(
1381 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1382 [in,unique] [string,charset(UTF16)] uint16 *domain,
1383 [in,unique] GUID *domain_guid,
1384 [in,unique] GUID *dsa_guid,
1385 [in,ref] [string,charset(UTF16)] uint16 *dns_host
1390 NTSTATUS netr_ServerTrustPasswordsGet(
1391 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1392 [in] [string,charset(UTF16)] uint16 account_name[],
1393 [in] netr_SchannelType secure_channel_type,
1394 [in] [string,charset(UTF16)] uint16 computer_name[],
1395 [in,ref] netr_Authenticator *credential,
1396 [out,ref] netr_Authenticator *return_authenticator,
1397 [out,ref] samr_Password *password,
1398 [out,ref] samr_Password *password2
1404 const int DS_GFTI_UPDATE_TDO = 0x1;
1406 WERROR netr_DsRGetForestTrustInformation(
1407 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1408 [in,unique] [string,charset(UTF16)] uint16 *trusted_domain_name,
1410 [out,ref] lsa_ForestTrustInformation **forest_trust_info
1415 WERROR netr_GetForestTrustInformation(
1416 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1417 [in,ref] [string,charset(UTF16)] uint16 *trusted_domain_name,
1418 [in,ref] netr_Authenticator *credential,
1419 [out,ref] netr_Authenticator *return_authenticator,
1421 [out,ref] lsa_ForestTrustInformation **forest_trust_info
1427 /* this is the ADS varient. I don't yet know what the "flags" are for */
1428 NTSTATUS netr_LogonSamLogonWithFlags(
1429 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1430 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
1431 [in,unique] netr_Authenticator *credential,
1432 [in,out,unique] netr_Authenticator *return_authenticator,
1433 [in] netr_LogonLevel logon_level,
1434 [in] [switch_is(logon_level)] netr_LogonInfo logon,
1435 [in] uint16 validation_level,
1436 [out,ref] [switch_is(validation_level)] netr_Validation *validation,
1437 [out,ref] uint8 *authoritative,
1438 [in,out,ref] uint32 *flags
1443 [todo] WERROR netr_NETRSERVERGETTRUSTINFO();