3 much of this was derived from the ethereal sources - thanks to everyone
7 import "misc.idl", "lsa.idl", "samr.idl", "security.idl", "nbt.idl";
12 uuid("12345678-1234-abcd-ef00-01234567cffb"),
14 endpoint("ncacn_np:[\\pipe\\netlogon]","ncacn_ip_tcp:","ncalrpc:"),
15 pointer_default(unique)
20 typedef bitmap samr_AcctFlags samr_AcctFlags;
21 typedef bitmap samr_GroupAttrs samr_GroupAttrs;
27 [string,charset(UTF16)] uint16 *account_name;
38 time_t pw_must_change;
39 [string,charset(UTF16)] uint16 *computer;
40 [string,charset(UTF16)] uint16 *domain;
41 [string,charset(UTF16)] uint16 *script_path;
45 WERROR netr_LogonUasLogon(
46 [in,unique] [string,charset(UTF16)] uint16 *server_name,
47 [in] [string,charset(UTF16)] uint16 account_name[],
48 [in] [string,charset(UTF16)] uint16 workstation[],
49 [out,unique] netr_UasInfo *info
61 WERROR netr_LogonUasLogoff(
62 [in,unique] [string,charset(UTF16)] uint16 *server_name,
63 [in] [string,charset(UTF16)] uint16 account_name[],
64 [in] [string,charset(UTF16)] uint16 workstation[],
65 [out] netr_UasLogoffInfo info
72 /* in netr_AcctLockStr size seems to be be 24, and rrenard thinks
73 that the structure of the bindata looks like this:
75 dlong lockout_duration;
77 uint32 bad_attempt_lockout;
80 but it doesn't look as though this structure is reflected at the
81 NDR level. Maybe it is left to the application to decode the bindata array.
86 [size_is(size/2),length_is(length/2)] uint16 *bindata;
89 typedef [public,bitmap32bit] bitmap {
90 MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = 0x00000002,
91 MSV1_0_UPDATE_LOGON_STATISTICS = 0x00000004,
92 MSV1_0_RETURN_USER_PARAMETERS = 0x00000008,
93 MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT = 0x00000020,
94 MSV1_0_RETURN_PROFILE_PATH = 0x00000200,
95 MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT = 0x00000800
96 } netr_LogonParameterControl;
99 lsa_String domain_name;
100 netr_LogonParameterControl parameter_control; /* see MSV1_0_* */
102 uint32 logon_id_high;
103 lsa_String account_name;
104 lsa_String workstation;
108 netr_IdentityInfo identity_info;
109 samr_Password lmpassword;
110 samr_Password ntpassword;
113 typedef [flag(NDR_PAHEX)] struct {
115 [value(length)] uint16 size;
116 [size_is(length),length_is(length)] uint8 *data;
117 } netr_ChallengeResponse;
119 typedef [flag(NDR_PAHEX)] struct {
120 netr_IdentityInfo identity_info;
122 netr_ChallengeResponse nt;
123 netr_ChallengeResponse lm;
126 typedef [flag(NDR_PAHEX)] struct {
127 netr_IdentityInfo identity_info;
128 lsa_String package_name;
130 [size_is(length)] uint8 *data;
134 NetlogonInteractiveInformation = 1,
135 NetlogonNetworkInformation = 2,
136 NetlogonServiceInformation = 3,
137 NetlogonGenericInformation = 4,
138 NetlogonInteractiveTransitiveInformation = 5,
139 NetlogonNetworkTransitiveInformation = 6,
140 NetlogonServiceTransitiveInformation = 7
141 } netr_LogonInfoClass;
143 typedef [public,switch_type(netr_LogonInfoClass)] union {
144 [case(NetlogonInteractiveInformation)] netr_PasswordInfo *password;
145 [case(NetlogonNetworkInformation)] netr_NetworkInfo *network;
146 [case(NetlogonServiceInformation)] netr_PasswordInfo *password;
147 [case(NetlogonGenericInformation)] netr_GenericInfo *generic;
148 [case(NetlogonInteractiveTransitiveInformation)] netr_PasswordInfo *password;
149 [case(NetlogonNetworkTransitiveInformation)] netr_NetworkInfo *network;
150 [case(NetlogonServiceTransitiveInformation)] netr_PasswordInfo *password;
153 typedef [public,flag(NDR_PAHEX)] struct {
155 } netr_UserSessionKey;
157 typedef [public,flag(NDR_PAHEX)] struct {
161 /* Flags for user_flags below */
162 typedef [public,bitmap32bit] bitmap {
163 NETLOGON_GUEST = 0x0001,
164 NETLOGON_NOENCRYPTION = 0x0002,
165 NETLOGON_CACHED_ACCOUNT = 0x0004,
166 NETLOGON_USED_LM_PASSWORD = 0x0008,
167 NETLOGON_EXTRA_SIDS = 0x0020,
168 NETLOGON_SUBAUTH_SESSION_KEY = 0x0040,
169 NETLOGON_SERVER_TRUST_ACCOUNT = 0x0080,
170 NETLOGON_NTLMV2_ENABLED = 0x0100,
171 NETLOGON_RESOURCE_GROUPS = 0x0200,
172 NETLOGON_PROFILE_PATH_RETURNED = 0x0400
179 NTTIME last_password_change;
180 NTTIME allow_password_change;
181 NTTIME force_password_change;
182 lsa_String account_name;
183 lsa_String full_name;
184 lsa_String logon_script;
185 lsa_String profile_path;
186 lsa_String home_directory;
187 lsa_String home_drive;
189 uint16 bad_password_count;
192 samr_RidWithAttributeArray groups;
193 netr_UserFlags user_flags;
194 netr_UserSessionKey key;
195 lsa_StringLarge logon_server;
196 lsa_StringLarge domain;
197 dom_sid2 *domain_sid;
198 netr_LMSessionKey LMSessKey;
199 samr_AcctFlags acct_flags;
204 netr_SamBaseInfo base;
209 samr_GroupAttrs attributes;
212 typedef [public] struct {
213 netr_SamBaseInfo base;
215 [size_is(sidcount)] netr_SidAttr *sids;
219 netr_SamBaseInfo base;
221 [size_is(sidcount)] netr_SidAttr *sids;
223 lsa_String principle;
229 [size_is(pac_size)] uint8 *pac;
230 lsa_String logon_domain;
231 lsa_String logon_server;
232 lsa_String principal_name;
234 [size_is(auth_size)] uint8 *auth;
235 netr_UserSessionKey user_session_key;
236 uint32 expansionroom[10];
243 typedef [flag(NDR_PAHEX)] struct {
245 [size_is(length)] uint8 *data;
249 NetlogonValidationUasInfo = 1,
250 NetlogonValidationSamInfo = 2,
251 NetlogonValidationSamInfo2 = 3,
252 NetlogonValidationGenericInfo2 = 5,
253 NetlogonValidationSamInfo4 = 6
254 } netr_ValidationInfoClass;
256 typedef [public,switch_type(uint16)] union {
257 [case(NetlogonValidationSamInfo)] netr_SamInfo2 *sam2;
258 [case(NetlogonValidationSamInfo2)] netr_SamInfo3 *sam3;
259 [case(4)] netr_PacInfo *pac;
260 [case(NetlogonValidationGenericInfo2)] netr_GenericInfo2 *generic;
261 [case(NetlogonValidationSamInfo4)] netr_SamInfo6 *sam6;
264 typedef [public, flag(NDR_PAHEX)] struct {
268 typedef [public] struct {
269 netr_Credential cred;
271 } netr_Authenticator;
273 NTSTATUS netr_LogonSamLogon(
274 [in,unique] [string,charset(UTF16)] uint16 *server_name,
275 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
276 [in,unique] netr_Authenticator *credential,
277 [in,out,unique] netr_Authenticator *return_authenticator,
278 [in] netr_LogonInfoClass logon_level,
279 [in] [switch_is(logon_level)] netr_LogonLevel logon,
280 [in] uint16 validation_level,
281 [out] [switch_is(validation_level)] netr_Validation validation,
282 [out] uint8 authoritative
289 NTSTATUS netr_LogonSamLogoff(
290 [in,unique] [string,charset(UTF16)] uint16 *server_name,
291 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
292 [in,unique] netr_Authenticator *credential,
293 [in,out,unique] netr_Authenticator *return_authenticator,
294 [in] uint16 logon_level,
295 [in] [switch_is(logon_level)] netr_LogonLevel logon
303 [public] NTSTATUS netr_ServerReqChallenge(
304 [in,unique,string,charset(UTF16)] uint16 *server_name,
305 [in,string,charset(UTF16)] uint16 computer_name[],
306 [in,out,ref] netr_Credential *credentials
313 typedef enum netr_SchannelType netr_SchannelType;
315 NTSTATUS netr_ServerAuthenticate(
316 [in,unique,string,charset(UTF16)] uint16 *server_name,
317 [in,string,charset(UTF16)] uint16 account_name[],
318 [in] netr_SchannelType secure_channel_type,
319 [in,string,charset(UTF16)] uint16 computer_name[],
320 [in,out,ref] netr_Credential *credentials
327 NTSTATUS netr_ServerPasswordSet(
328 [in,unique] [string,charset(UTF16)] uint16 *server_name,
329 [in] [string,charset(UTF16)] uint16 account_name[],
330 [in] netr_SchannelType secure_channel_type,
331 [in] [string,charset(UTF16)] uint16 computer_name[],
332 [in] netr_Authenticator credential,
333 [in] samr_Password new_password,
334 [out] netr_Authenticator return_authenticator
341 typedef enum netr_SamDatabaseID netr_SamDatabaseID;
344 [string,charset(UTF16)] uint16 *account_name;
353 } netr_DELTA_DELETE_USER;
357 [value(length)] uint16 size;
364 [value(nt_length)] uint16 nt_size;
367 [value(lm_length)] uint16 lm_size;
369 uint8 nt_history[nt_length];
370 uint8 lm_history[lm_length];
371 } netr_PasswordHistory;
374 netr_USER_KEY16 lmpassword;
375 netr_USER_KEY16 ntpassword;
376 netr_PasswordHistory history;
379 typedef struct { /* TODO: make this a union! */
380 netr_USER_KEYS2 keys2;
381 } netr_USER_KEY_UNION;
383 typedef [public] struct {
385 netr_USER_KEY_UNION keys;
389 boolean8 SensitiveDataFlag;
392 /* netr_USER_KEYS encrypted with the session key */
393 [size_is(DataLength)][flag(NDR_PAHEX)] uint8 *SensitiveData;
394 } netr_USER_PRIVATE_INFO;
397 lsa_String account_name;
398 lsa_String full_name;
401 lsa_String home_directory;
402 lsa_String home_drive;
403 lsa_String logon_script;
404 lsa_String description;
405 lsa_String workstations;
408 samr_LogonHours logon_hours;
409 uint16 bad_password_count;
411 NTTIME last_password_change;
413 samr_AcctFlags acct_flags;
414 samr_Password lmpassword;
415 samr_Password ntpassword;
416 boolean8 nt_password_present;
417 boolean8 lm_password_present;
418 boolean8 password_expired;
420 lsa_String parameters;
423 netr_USER_PRIVATE_INFO user_private_info;
424 uint32 SecurityInformation;
426 lsa_String profile_path;
437 lsa_String domain_name;
438 lsa_String oem_information; /* comment */
439 dlong force_logoff_time;
440 uint16 min_password_length;
441 uint16 password_history_length;
442 /* yes, these are signed. They are in negative 100ns */
443 dlong max_password_age;
444 dlong min_password_age;
446 NTTIME domain_create_time;
447 uint32 SecurityInformation;
449 netr_AcctLockStr account_lockout;
453 uint32 logon_to_chgpass;
460 lsa_String group_name;
463 lsa_String description;
464 uint32 SecurityInformation;
490 [size_is(num_rids)] uint32 *rids;
491 [size_is(num_rids)] uint32 *attribs;
497 } netr_DELTA_GROUP_MEMBER;
500 lsa_String alias_name;
502 uint32 SecurityInformation;
504 lsa_String description;
520 } netr_DELTA_ALIAS_MEMBER;
523 uint32 pagedpoollimit;
524 uint32 nonpagedpoollimit;
525 uint32 minimumworkingsetsize;
526 uint32 maximumworkingsetsize;
527 uint32 pagefilelimit;
533 NTTIME auditretentionperiod;
534 boolean8 auditingmode;
535 uint32 maxauditeventcount;
536 [size_is(maxauditeventcount+1)] uint32 *eventauditoptions;
537 lsa_String primary_domain_name;
539 netr_QUOTA_LIMITS quota_limits;
541 NTTIME db_create_time;
542 uint32 SecurityInformation;
555 lsa_String domain_name;
556 uint32 num_controllers;
557 [size_is(num_controllers)] lsa_String *controller_names;
558 uint32 SecurityInformation;
568 } netr_DELTA_TRUSTED_DOMAIN;
572 } netr_DELTA_DELETE_TRUST;
575 uint32 privilege_entries;
576 uint32 privilege_control;
577 [size_is(privilege_entries)] uint32 *privilege_attrib;
578 [size_is(privilege_entries)] lsa_String *privilege_name;
579 netr_QUOTA_LIMITS quotalimits;
581 uint32 SecurityInformation;
591 } netr_DELTA_ACCOUNT;
595 } netr_DELTA_DELETE_ACCOUNT;
599 } netr_DELTA_DELETE_SECRET;
604 [size_is(maxlen)][length_is(len)] uint8 *cipher_data;
608 netr_CIPHER_VALUE current_cipher;
609 NTTIME current_cipher_set_time;
610 netr_CIPHER_VALUE old_cipher;
611 NTTIME old_cipher_set_time;
612 uint32 SecurityInformation;
625 NETR_DELTA_DOMAIN = 1,
626 NETR_DELTA_GROUP = 2,
627 NETR_DELTA_DELETE_GROUP = 3,
628 NETR_DELTA_RENAME_GROUP = 4,
630 NETR_DELTA_DELETE_USER = 6,
631 NETR_DELTA_RENAME_USER = 7,
632 NETR_DELTA_GROUP_MEMBER = 8,
633 NETR_DELTA_ALIAS = 9,
634 NETR_DELTA_DELETE_ALIAS = 10,
635 NETR_DELTA_RENAME_ALIAS = 11,
636 NETR_DELTA_ALIAS_MEMBER = 12,
637 NETR_DELTA_POLICY = 13,
638 NETR_DELTA_TRUSTED_DOMAIN = 14,
639 NETR_DELTA_DELETE_TRUST = 15,
640 NETR_DELTA_ACCOUNT = 16,
641 NETR_DELTA_DELETE_ACCOUNT = 17,
642 NETR_DELTA_SECRET = 18,
643 NETR_DELTA_DELETE_SECRET = 19,
644 NETR_DELTA_DELETE_GROUP2 = 20,
645 NETR_DELTA_DELETE_USER2 = 21,
646 NETR_DELTA_MODIFY_COUNT = 22
649 typedef [switch_type(netr_DeltaEnum)] union {
650 [case(NETR_DELTA_DOMAIN)] netr_DELTA_DOMAIN *domain;
651 [case(NETR_DELTA_GROUP)] netr_DELTA_GROUP *group;
652 [case(NETR_DELTA_DELETE_GROUP)] ; /* rid only */
653 [case(NETR_DELTA_RENAME_GROUP)] netr_DELTA_RENAME *rename_group;
654 [case(NETR_DELTA_USER)] netr_DELTA_USER *user;
655 [case(NETR_DELTA_DELETE_USER)] ; /* rid only */
656 [case(NETR_DELTA_RENAME_USER)] netr_DELTA_RENAME *rename_user;
657 [case(NETR_DELTA_GROUP_MEMBER)] netr_DELTA_GROUP_MEMBER *group_member;
658 [case(NETR_DELTA_ALIAS)] netr_DELTA_ALIAS *alias;
659 [case(NETR_DELTA_DELETE_ALIAS)] ; /* rid only */
660 [case(NETR_DELTA_RENAME_ALIAS)] netr_DELTA_RENAME *rename_alias;
661 [case(NETR_DELTA_ALIAS_MEMBER)] netr_DELTA_ALIAS_MEMBER *alias_member;
662 [case(NETR_DELTA_POLICY)] netr_DELTA_POLICY *policy;
663 [case(NETR_DELTA_TRUSTED_DOMAIN)] netr_DELTA_TRUSTED_DOMAIN *trusted_domain;
664 [case(NETR_DELTA_DELETE_TRUST)] netr_DELTA_DELETE_TRUST delete_trust;
665 [case(NETR_DELTA_ACCOUNT)] netr_DELTA_ACCOUNT *account;
666 [case(NETR_DELTA_DELETE_ACCOUNT)] netr_DELTA_DELETE_ACCOUNT delete_account;
667 [case(NETR_DELTA_SECRET)] netr_DELTA_SECRET *secret;
668 [case(NETR_DELTA_DELETE_SECRET)] netr_DELTA_DELETE_SECRET delete_secret;
669 [case(NETR_DELTA_DELETE_GROUP2)] netr_DELTA_DELETE_USER *delete_group;
670 [case(NETR_DELTA_DELETE_USER2)] netr_DELTA_DELETE_USER *delete_user;
671 [case(NETR_DELTA_MODIFY_COUNT)] udlong *modified_count;
674 typedef [switch_type(netr_DeltaEnum)] union {
675 [case(NETR_DELTA_DOMAIN)] uint32 rid;
676 [case(NETR_DELTA_GROUP)] uint32 rid;
677 [case(NETR_DELTA_DELETE_GROUP)] uint32 rid;
678 [case(NETR_DELTA_RENAME_GROUP)] uint32 rid;
679 [case(NETR_DELTA_USER)] uint32 rid;
680 [case(NETR_DELTA_DELETE_USER)] uint32 rid;
681 [case(NETR_DELTA_RENAME_USER)] uint32 rid;
682 [case(NETR_DELTA_GROUP_MEMBER)] uint32 rid;
683 [case(NETR_DELTA_ALIAS)] uint32 rid;
684 [case(NETR_DELTA_DELETE_ALIAS)] uint32 rid;
685 [case(NETR_DELTA_RENAME_ALIAS)] uint32 rid;
686 [case(NETR_DELTA_ALIAS_MEMBER)] uint32 rid;
687 [case(NETR_DELTA_POLICY)] dom_sid2 *sid;
688 [case(NETR_DELTA_TRUSTED_DOMAIN)] dom_sid2 *sid;
689 [case(NETR_DELTA_DELETE_TRUST)] dom_sid2 *sid;
690 [case(NETR_DELTA_ACCOUNT)] dom_sid2 *sid;
691 [case(NETR_DELTA_DELETE_ACCOUNT)] dom_sid2 *sid;
692 [case(NETR_DELTA_SECRET)] [string,charset(UTF16)] uint16 *name;
693 [case(NETR_DELTA_DELETE_SECRET)] [string,charset(UTF16)] uint16 *name;
694 [case(NETR_DELTA_DELETE_GROUP2)] uint32 rid;
695 [case(NETR_DELTA_DELETE_USER2)] uint32 rid;
696 [case(NETR_DELTA_MODIFY_COUNT)] ;
697 } netr_DELTA_ID_UNION;
700 netr_DeltaEnum delta_type;
701 [switch_is(delta_type)] netr_DELTA_ID_UNION delta_id_union;
702 [switch_is(delta_type)] netr_DELTA_UNION delta_union;
707 [size_is(num_deltas)] netr_DELTA_ENUM *delta_enum;
708 } netr_DELTA_ENUM_ARRAY;
711 NTSTATUS netr_DatabaseDeltas(
712 [in] [string,charset(UTF16)] uint16 logon_server[],
713 [in] [string,charset(UTF16)] uint16 computername[],
714 [in] netr_Authenticator credential,
715 [in,out] netr_Authenticator return_authenticator,
716 [in] netr_SamDatabaseID database_id,
717 [in,out] udlong sequence_num,
718 [in] uint32 preferredmaximumlength,
719 [out,unique] netr_DELTA_ENUM_ARRAY *delta_enum_array
726 NTSTATUS netr_DatabaseSync(
727 [in] [string,charset(UTF16)] uint16 logon_server[],
728 [in] [string,charset(UTF16)] uint16 computername[],
729 [in] netr_Authenticator credential,
730 [in,out] netr_Authenticator return_authenticator,
731 [in] netr_SamDatabaseID database_id,
732 [in,out] uint32 sync_context,
733 [in] uint32 preferredmaximumlength,
734 [out,unique] netr_DELTA_ENUM_ARRAY *delta_enum_array
741 /* w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this call */
743 typedef [flag(NDR_PAHEX)] struct {
744 uint8 computer_name[16];
746 uint32 serial_number;
750 [flag(NDR_REMAINING)] DATA_BLOB blob;
751 } netr_AccountBuffer;
753 NTSTATUS netr_AccountDeltas(
754 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
755 [in] [string,charset(UTF16)] uint16 computername[],
756 [in] netr_Authenticator credential,
757 [in,out] netr_Authenticator return_authenticator,
758 [in] netr_UAS_INFO_0 uas,
761 [in] uint32 buffersize,
762 [out,subcontext(4)] netr_AccountBuffer buffer,
763 [out] uint32 count_returned,
764 [out] uint32 total_entries,
765 [out] netr_UAS_INFO_0 recordid
772 NTSTATUS netr_AccountSync(
773 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
774 [in] [string,charset(UTF16)] uint16 computername[],
775 [in] netr_Authenticator credential,
776 [in,out] netr_Authenticator return_authenticator,
777 [in] uint32 reference,
779 [in] uint32 buffersize,
780 [out,subcontext(4)] netr_AccountBuffer buffer,
781 [out] uint32 count_returned,
782 [out] uint32 total_entries,
783 [out] uint32 next_reference,
784 [in,out] netr_UAS_INFO_0 recordid
791 WERROR netr_GetDcName(
792 [in] [string,charset(UTF16)] uint16 logon_server[],
793 [in,unique] [string,charset(UTF16)] uint16 *domainname,
794 [out,unique] [string,charset(UTF16)] uint16 *dcname
802 uint32 pdc_connection_status;
803 } netr_NETLOGON_INFO_1;
807 uint32 pdc_connection_status;
808 [string,charset(UTF16)] uint16 trusted_dc_name[];
809 uint32 tc_connection_status;
810 } netr_NETLOGON_INFO_2;
814 uint32 logon_attempts;
820 } netr_NETLOGON_INFO_3;
823 [case(1)] netr_NETLOGON_INFO_1 *info1;
824 [case(2)] netr_NETLOGON_INFO_2 *info2;
825 [case(3)] netr_NETLOGON_INFO_3 *info3;
826 } netr_CONTROL_QUERY_INFORMATION;
828 /* function_code values */
829 typedef [v1_enum] enum {
830 NETLOGON_CONTROL_SYNC = 2,
831 NETLOGON_CONTROL_REDISCOVER = 5,
832 NETLOGON_CONTROL_TC_QUERY = 6,
833 NETLOGON_CONTROL_TRANSPORT_NOTIFY = 7,
834 NETLOGON_CONTROL_SET_DBFLAG = 65534
835 } netr_LogonControlCode;
837 WERROR netr_LogonControl(
838 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
839 [in] netr_LogonControlCode function_code,
841 [out,switch_is(level)] netr_CONTROL_QUERY_INFORMATION info
848 WERROR netr_GetAnyDCName(
849 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
850 [in,unique] [string,charset(UTF16)] uint16 *domainname,
851 [out,unique] [string,charset(UTF16)] uint16 *dcname
859 [case(NETLOGON_CONTROL_REDISCOVER)] [string,charset(UTF16)] uint16 *domain;
860 [case(NETLOGON_CONTROL_TC_QUERY)] [string,charset(UTF16)] uint16 *domain;
861 [case(NETLOGON_CONTROL_TRANSPORT_NOTIFY)] [string,charset(UTF16)] uint16 *domain;
862 [case(NETLOGON_CONTROL_SET_DBFLAG)] uint32 debug_level;
863 } netr_CONTROL_DATA_INFORMATION;
865 WERROR netr_LogonControl2(
866 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
867 [in] uint32 function_code,
869 [in][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION data,
870 [out][switch_is(level)] netr_CONTROL_QUERY_INFORMATION query
874 /* If this flag is not set, then the passwords and LM session keys are
875 * encrypted with DES calls. (And the user session key is
877 const int NETLOGON_NEG_ARCFOUR = 0x00000004;
878 const int NETLOGON_NEG_128BIT = 0x00004000;
879 const int NETLOGON_NEG_SCHANNEL = 0x40000000;
884 typedef [bitmap32bit] bitmap {
885 NETLOGON_NEG_ACCOUNT_LOCKOUT = 0x00000001,
886 NETLOGON_NEG_PERSISTENT_SAMREPL = 0x00000002,
887 NETLOGON_NEG_ARCFOUR = 0x00000004,
888 NETLOGON_NEG_PROMOTION_COUNT = 0x00000008,
889 NETLOGON_NEG_CHANGELOG_BDC = 0x00000010,
890 NETLOGON_NEG_FULL_SYNC_REPL = 0x00000020,
891 NETLOGON_NEG_MULTIPLE_SIDS = 0x00000040,
892 NETLOGON_NEG_REDO = 0x00000080,
893 NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL = 0x00000100,
894 NETLOGON_NEG_SEND_PASSWORD_INFO_PDC = 0x00000200,
895 NETLOGON_NEG_GENERIC_PASSTHROUGH = 0x00000400,
896 NETLOGON_NEG_CONCURRENT_RPC = 0x00000800,
897 NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL = 0x00001000,
898 NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL = 0x00002000,
899 NETLOGON_NEG_128BIT = 0x00004000, /* STRONG_KEYS */
900 NETLOGON_NEG_TRANSITIVE_TRUSTS = 0x00008000,
901 NETLOGON_NEG_DNS_DOMAIN_TRUSTS = 0x00010000,
902 NETLOGON_NEG_PASSWORD_SET2 = 0x00020000,
903 NETLOGON_NEG_GETDOMAININFO = 0x00040000,
904 NETLOGON_NEG_CROSS_FOREST_TRUSTS = 0x00080000,
905 NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION = 0x00100000,
906 NETLOGON_NEG_RODC_PASSTHROUGH = 0x00200000,
907 NETLOGON_NEG_AUTHENTICATED_RPC_LSASS = 0x20000000,
908 NETLOGON_NEG_SCHANNEL = 0x40000000 /* AUTHENTICATED_RPC */
909 } netr_NegotiateFlags;
911 NTSTATUS netr_ServerAuthenticate2(
912 [in,unique] [string,charset(UTF16)] uint16 *server_name,
913 [in] [string,charset(UTF16)] uint16 account_name[],
914 [in] netr_SchannelType secure_channel_type,
915 [in] [string,charset(UTF16)] uint16 computer_name[],
916 [in,out,ref] netr_Credential *credentials,
917 [in,out,ref] uint32 *negotiate_flags
924 NTSTATUS netr_DatabaseSync2(
925 [in] [string,charset(UTF16)] uint16 logon_server[],
926 [in] [string,charset(UTF16)] uint16 computername[],
927 [in] netr_Authenticator credential,
928 [in,out] netr_Authenticator return_authenticator,
929 [in] netr_SamDatabaseID database_id,
930 [in] uint16 restart_state,
931 [in,out] uint32 sync_context,
932 [in] uint32 preferredmaximumlength,
933 [out,unique] netr_DELTA_ENUM_ARRAY *delta_enum_array
940 /* i'm not at all sure how this call works */
942 NTSTATUS netr_DatabaseRedo(
943 [in] [string,charset(UTF16)] uint16 logon_server[],
944 [in] [string,charset(UTF16)] uint16 computername[],
945 [in] netr_Authenticator credential,
946 [in,out] netr_Authenticator return_authenticator,
947 [in,unique][size_is(change_log_entry_size)] uint8 *change_log_entry,
948 [in] uint32 change_log_entry_size,
949 [out,unique] netr_DELTA_ENUM_ARRAY *delta_enum_array
956 WERROR netr_LogonControl2Ex(
957 [in,unique] [string,charset(UTF16)] uint16 *logon_server,
958 [in] uint32 function_code,
960 [in][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION data,
961 [out][switch_is(level)] netr_CONTROL_QUERY_INFORMATION query
968 [size_is(length)] uint8 *data;
971 WERROR netr_NetrEnumerateTrustedDomains(
972 [in,unique] [string,charset(UTF16)] uint16 *server_name,
973 [out,ref] netr_Blob *trusted_domains_blob
979 /* two unkown bits still: DS_IP_VERSION_AGNOSTIC and
980 * DS_TRY_NEXTCLOSEST_SITE - Guenther */
982 typedef [bitmap32bit] bitmap {
983 DS_FORCE_REDISCOVERY = 0x00000001,
984 DS_DIRECTORY_SERVICE_REQUIRED = 0x00000010,
985 DS_DIRECTORY_SERVICE_PREFERRED = 0x00000020,
986 DS_GC_SERVER_REQUIRED = 0x00000040,
987 DS_PDC_REQUIRED = 0x00000080,
988 DS_BACKGROUND_ONLY = 0x00000100,
989 DS_IP_REQUIRED = 0x00000200,
990 DS_KDC_REQUIRED = 0x00000400,
991 DS_TIMESERV_REQUIRED = 0x00000800,
992 DS_WRITABLE_REQUIRED = 0x00001000,
993 DS_GOOD_TIMESERV_PREFERRED = 0x00002000,
994 DS_AVOID_SELF = 0x00004000,
995 DS_ONLY_LDAP_NEEDED = 0x00008000,
996 DS_IS_FLAT_NAME = 0x00010000,
997 DS_IS_DNS_NAME = 0x00020000,
998 DS_TRY_NEXTCLOSEST_SITE = 0x00040000,
999 DS_DIRECTORY_SERVICE_6_REQUIRED = 0x00080000,
1000 DS_RETURN_DNS_NAME = 0x40000000,
1001 DS_RETURN_FLAT_NAME = 0x80000000
1002 } netr_DsRGetDCName_flags;
1004 typedef [v1_enum] enum {
1005 DS_ADDRESS_TYPE_INET = 1,
1006 DS_ADDRESS_TYPE_NETBIOS = 2
1007 } netr_DsRGetDCNameInfo_AddressType;
1009 typedef [bitmap32bit] bitmap {
1010 DS_SERVER_PDC = NBT_SERVER_PDC,
1011 DS_SERVER_GC = NBT_SERVER_GC,
1012 DS_SERVER_LDAP = NBT_SERVER_LDAP,
1013 DS_SERVER_DS = NBT_SERVER_DS,
1014 DS_SERVER_KDC = NBT_SERVER_KDC,
1015 DS_SERVER_TIMESERV = NBT_SERVER_TIMESERV,
1016 DS_SERVER_CLOSEST = NBT_SERVER_CLOSEST,
1017 DS_SERVER_WRITABLE = NBT_SERVER_WRITABLE,
1018 DS_SERVER_GOOD_TIMESERV = NBT_SERVER_GOOD_TIMESERV,
1019 DS_SERVER_NDNC = 0x00000400,
1020 DS_DNS_CONTROLLER = 0x20000000,
1021 DS_DNS_DOMAIN = 0x40000000,
1022 DS_DNS_FOREST = 0x80000000
1026 [string,charset(UTF16)] uint16 *dc_unc;
1027 [string,charset(UTF16)] uint16 *dc_address;
1028 netr_DsRGetDCNameInfo_AddressType dc_address_type;
1030 [string,charset(UTF16)] uint16 *domain_name;
1031 [string,charset(UTF16)] uint16 *forest_name;
1032 netr_DsR_DcFlags dc_flags;
1033 [string,charset(UTF16)] uint16 *dc_site_name;
1034 [string,charset(UTF16)] uint16 *client_site_name;
1035 } netr_DsRGetDCNameInfo;
1037 WERROR netr_DsRGetDCName(
1038 [in,unique] [string,charset(UTF16)] uint16 *server_unc,
1039 [in,unique] [string,charset(UTF16)] uint16 *domain_name,
1040 [in,unique] GUID *domain_guid,
1041 [in,unique] GUID *site_guid,
1042 [in] netr_DsRGetDCName_flags flags,
1043 [out,unique] netr_DsRGetDCNameInfo *info
1048 [todo] WERROR netr_NETRLOGONDUMMYROUTINE1();
1052 [todo] WERROR netr_NETRLOGONSETSERVICEBITS();
1056 WERROR netr_LogonGetTrustRid(
1057 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1058 [in,unique] [string,charset(UTF16)] uint16 *domain_name,
1059 [out,ref] uint32 *rid
1064 [todo] WERROR netr_NETRLOGONCOMPUTESERVERDIGEST();
1068 [todo] WERROR netr_NETRLOGONCOMPUTECLIENTDIGEST();
1072 [public] NTSTATUS netr_ServerAuthenticate3(
1073 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1074 [in] [string,charset(UTF16)] uint16 account_name[],
1075 [in] netr_SchannelType secure_channel_type,
1076 [in] [string,charset(UTF16)] uint16 computer_name[],
1077 [in,out,ref] netr_Credential *credentials,
1078 [in,out,ref] uint32 *negotiate_flags,
1079 [out,ref] uint32 *rid
1085 WERROR netr_DsRGetDCNameEx(
1086 [in,unique] [string,charset(UTF16)] uint16 *server_unc,
1087 [in,unique] [string,charset(UTF16)] uint16 *domain_name,
1088 [in,unique] GUID *domain_guid,
1089 [in,unique] [string,charset(UTF16)] uint16 *site_name,
1090 [in] netr_DsRGetDCName_flags flags,
1091 [out,unique] netr_DsRGetDCNameInfo *info
1096 WERROR netr_DsRGetSiteName(
1097 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
1098 [out,unique] [string,charset(UTF16)] uint16 *site
1103 typedef [bitmap32bit] bitmap {
1104 NETR_TRUST_FLAG_IN_FOREST = 0x00000001,
1105 NETR_TRUST_FLAG_OUTBOUND = 0x00000002,
1106 NETR_TRUST_FLAG_TREEROOT = 0x00000004,
1107 NETR_TRUST_FLAG_PRIMARY = 0x00000008,
1108 NETR_TRUST_FLAG_NATIVE = 0x00000010,
1109 NETR_TRUST_FLAG_INBOUND = 0x00000020,
1110 NETR_TRUST_FLAG_MIT_KRB5 = 0x00000080,
1111 NETR_TRUST_FLAG_AES = 0x00000100
1114 typedef [flag(NDR_PAHEX)] struct {
1117 [size_is(size/2),length_is(length/2)] uint16 *data;
1118 } netr_BinaryString;
1122 [string,charset(UTF16)] uint16 *workstation_domain;
1123 [string,charset(UTF16)] uint16 *workstation_site;
1124 [string,charset(UTF16)] uint16 *unknown1;
1125 [string,charset(UTF16)] uint16 *unknown2;
1126 [string,charset(UTF16)] uint16 *unknown3;
1127 [string,charset(UTF16)] uint16 *unknown4;
1128 netr_BinaryString blob2;
1130 lsa_String unknown5;
1131 lsa_String unknown6;
1133 } netr_DomainQuery1;
1136 [case(1)] netr_DomainQuery1 *query1;
1137 [case(2)] netr_DomainQuery1 *query1;
1141 /* these first 3 values come from the fact windows
1142 actually encodes this structure as a UNICODE_STRING
1143 - see MS-NRPC section 2.2.1.3.9 */
1144 [value(8)] uint32 length;
1145 [value(0)] uint32 dummy;
1146 [value(8)] uint32 size;
1147 netr_TrustFlags flags;
1148 uint32 parent_index;
1150 uint32 trust_attributes;
1151 } netr_trust_extension;
1154 uint16 length; /* value is 16 when info != NULL, otherwise 0 */
1155 [value(length)] uint16 size; /* value is 16 when info != NULL, otherwise 0 */
1156 netr_trust_extension *info;
1157 } netr_trust_extension_container;
1160 lsa_String domainname;
1161 lsa_String fulldomainname;
1165 netr_trust_extension_container trust_extension;
1166 lsa_String dummystring[3];
1168 } netr_DomainTrustInfo;
1172 [size_is(policy_size)] uint8 *policy;
1173 } netr_LsaPolicyInfo;
1175 typedef [public,bitmap32bit] bitmap {
1176 NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS = 0x00000001,
1177 NETR_WS_FLAG_HANDLES_SPN_UPDATE = 0x00000002
1178 } netr_WorkstationFlags;
1181 netr_DomainTrustInfo domaininfo;
1183 [size_is(num_trusts)] netr_DomainTrustInfo *trusts;
1184 netr_LsaPolicyInfo lsa_policy;
1185 lsa_String dns_hostname;
1186 lsa_String dummystring[3];
1187 netr_WorkstationFlags workstation_flags;
1188 uint32 supported_enc_types;
1193 [case(1)] netr_DomainInfo1 *info1;
1194 [case(2)] netr_DomainInfo1 *info2;
1197 NTSTATUS netr_LogonGetDomainInfo(
1198 [in] [string,charset(UTF16)] uint16 server_name[],
1199 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
1200 [in,ref] netr_Authenticator *credential,
1201 [in,out,ref] netr_Authenticator *return_authenticator,
1203 [in,switch_is(level)] netr_DomainQuery query,
1204 [out,switch_is(level)] netr_DomainInfo info
1207 typedef [flag(NDR_PAHEX)] struct {
1210 } netr_CryptPassword;
1214 NTSTATUS netr_ServerPasswordSet2(
1215 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1216 [in] [string,charset(UTF16)] uint16 account_name[],
1217 [in] netr_SchannelType secure_channel_type,
1218 [in] [string,charset(UTF16)] uint16 computer_name[],
1219 [in] netr_Authenticator credential,
1220 [in] netr_CryptPassword new_password,
1221 [out] netr_Authenticator return_authenticator
1226 WERROR netr_ServerPasswordGet(
1227 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1228 [in] [string,charset(UTF16)] uint16 account_name[],
1229 [in] netr_SchannelType secure_channel_type,
1230 [in] [string,charset(UTF16)] uint16 computer_name[],
1231 [in,ref] netr_Authenticator *credential,
1232 [out,ref] netr_Authenticator *return_authenticator,
1233 [out,ref] samr_Password *password
1238 [todo] WERROR netr_NETRLOGONSENDTOSAM();
1244 [size_is(count)] lsa_String *sitename;
1245 } netr_DsRAddressToSitenamesWCtr;
1248 [size_is(size)] uint8 *buffer;
1252 WERROR netr_DsRAddressToSitenamesW(
1253 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1254 [in] [range(0,32000)] uint32 count,
1255 [in] [size_is(count)] [ref] netr_DsRAddress *addresses,
1256 [out] [ref] netr_DsRAddressToSitenamesWCtr **ctr
1261 WERROR netr_DsRGetDCNameEx2(
1262 [in,unique] [string,charset(UTF16)] uint16 *server_unc,
1263 [in,unique] [string,charset(UTF16)] uint16 *client_account,
1264 [in] samr_AcctFlags mask,
1265 [in,unique] [string,charset(UTF16)] uint16 *domain_name,
1266 [in,unique] GUID *domain_guid,
1267 [in,unique] [string,charset(UTF16)] uint16 *site_name,
1268 [in] netr_DsRGetDCName_flags flags,
1269 [out,unique] netr_DsRGetDCNameInfo *info
1274 [todo] WERROR netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN();
1279 typedef [v1_enum] enum {
1280 NETR_TRUST_TYPE_DOWNLEVEL = 1,
1281 NETR_TRUST_TYPE_UPLEVEL = 2,
1282 NETR_TRUST_TYPE_MIT = 3,
1283 NETR_TRUST_TYPE_DCE = 4
1286 typedef [bitmap32bit] bitmap {
1287 NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE = 0x00000001,
1288 NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY = 0x00000002,
1289 NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN = 0x00000004,
1290 NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE = 0x00000008,
1291 NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION = 0x00000010,
1292 NETR_TRUST_ATTRIBUTE_WITHIN_FOREST = 0x00000020,
1293 NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL = 0x00000040
1294 } netr_TrustAttributes;
1297 [string,charset(UTF16)] uint16 *netbios_name;
1298 [string,charset(UTF16)] uint16 *dns_name;
1299 netr_TrustFlags trust_flags;
1300 uint32 parent_index;
1301 netr_TrustType trust_type;
1302 netr_TrustAttributes trust_attributes;
1309 [size_is(count)] netr_DomainTrust *array;
1310 } netr_DomainTrustList;
1312 WERROR netr_NetrEnumerateTrustedDomainsEx(
1313 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1314 [out,ref] netr_DomainTrustList *dom_trust_list
1321 [size_is(count)] lsa_String *sitename;
1322 [size_is(count)] lsa_String *subnetname;
1323 } netr_DsRAddressToSitenamesExWCtr;
1325 WERROR netr_DsRAddressToSitenamesExW(
1326 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1327 [in] [range(0,32000)] uint32 count,
1328 [in] [size_is(count)] [ref] netr_DsRAddress *addresses,
1329 [out] [ref] netr_DsRAddressToSitenamesExWCtr **ctr
1337 [size_is(num_sites)] [unique] lsa_String *sites;
1340 WERROR netr_DsrGetDcSiteCoverageW(
1341 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1342 [out,unique] DcSitesCtr *ctr
1347 NTSTATUS netr_LogonSamLogonEx(
1348 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1349 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
1350 [in] uint16 logon_level,
1351 [in] [switch_is(logon_level)] netr_LogonLevel logon,
1352 [in] uint16 validation_level,
1353 [out] [switch_is(validation_level)] netr_Validation validation,
1354 [out] uint8 authoritative,
1355 [in,out] uint32 flags
1361 WERROR netr_DsrEnumerateDomainTrusts(
1362 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1363 [in] netr_TrustFlags trust_flags,
1365 [out,unique,size_is(count)] netr_DomainTrust *trusts
1371 WERROR netr_DsrDeregisterDNSHostRecords(
1372 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1373 [in,unique] [string,charset(UTF16)] uint16 *domain,
1374 [in,unique] GUID *domain_guid,
1375 [in,unique] GUID *dsa_guid,
1376 [in,ref] [string,charset(UTF16)] uint16 *dns_host
1381 NTSTATUS netr_ServerTrustPasswordsGet(
1382 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1383 [in] [string,charset(UTF16)] uint16 account_name[],
1384 [in] netr_SchannelType secure_channel_type,
1385 [in] [string,charset(UTF16)] uint16 computer_name[],
1386 [in,ref] netr_Authenticator *credential,
1387 [out,ref] netr_Authenticator *return_authenticator,
1388 [out,ref] samr_Password *password,
1389 [out,ref] samr_Password *password2
1395 const int DS_GFTI_UPDATE_TDO = 0x1;
1397 WERROR netr_DsRGetForestTrustInformation(
1398 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1399 [in,unique] [string,charset(UTF16)] uint16 *trusted_domain_name,
1401 [out,ref] lsa_ForestTrustInformation **forest_trust_info
1406 WERROR netr_GetForestTrustInformation(
1407 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1408 [in,ref] [string,charset(UTF16)] uint16 *trusted_domain_name,
1409 [in,ref] netr_Authenticator *credential,
1410 [out,ref] netr_Authenticator *return_authenticator,
1412 [out,ref] lsa_ForestTrustInformation **forest_trust_info
1418 /* this is the ADS varient. I don't yet know what the "flags" are for */
1419 NTSTATUS netr_LogonSamLogonWithFlags(
1420 [in,unique] [string,charset(UTF16)] uint16 *server_name,
1421 [in,unique] [string,charset(UTF16)] uint16 *computer_name,
1422 [in,unique] netr_Authenticator *credential,
1423 [in,out,unique] netr_Authenticator *return_authenticator,
1424 [in] uint16 logon_level,
1425 [in] [switch_is(logon_level)] netr_LogonLevel logon,
1426 [in] uint16 validation_level,
1427 [out] [switch_is(validation_level)] netr_Validation validation,
1428 [out] uint8 authoritative,
1429 [in,out] uint32 flags
1434 [todo] WERROR netr_NETRSERVERGETTRUSTINFO();