[in,unique] [string,charset(UTF16)] uint16 *server_name,
[in] [string,charset(UTF16)] uint16 account_name[],
[in] [string,charset(UTF16)] uint16 workstation[],
- [out,unique] netr_UasInfo *info
+ [out,ref] netr_UasInfo **info
);
[in,unique] [string,charset(UTF16)] uint16 *server_name,
[in] [string,charset(UTF16)] uint16 account_name[],
[in] [string,charset(UTF16)] uint16 workstation[],
- [out] netr_UasLogoffInfo info
+ [out,ref] netr_UasLogoffInfo *info
);
but it doesn't look as though this structure is reflected at the
NDR level. Maybe it is left to the application to decode the bindata array.
*/
- typedef struct {
- uint16 size;
- uint16 length;
- [size_is(size/2),length_is(length/2)] uint16 *bindata;
+ typedef [public] struct {
+ dlong lockout_duration;
+ udlong reset_count;
+ uint32 bad_attempt_lockout;
+ uint32 dummy;
} netr_AcctLockStr;
+ /* - MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
+ * sets the NETLOGON_SERVER_TRUST_ACCOUNT user_flag
+ * - MSV1_0_UPDATE_LOGON_STATISTICS
+ * sets the logon time on network logon
+ * - MSV1_0_RETURN_USER_PARAMETERS
+ * sets the user parameters in the driveletter
+ * - MSV1_0_RETURN_PROFILE_PATH
+ * returns the profilepath in the driveletter and
+ * sets LOGON_PROFILE_PATH_RETURNED user_flag
+ */
+
typedef [public,bitmap32bit] bitmap {
MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = 0x00000002,
MSV1_0_UPDATE_LOGON_STATISTICS = 0x00000004,
netr_IdentityInfo identity_info;
lsa_String package_name;
uint32 length;
- [size_is(length),length_is(length)] uint8 *data;
+ [size_is(length)] uint8 *data;
} netr_GenericInfo;
typedef enum {
typedef [public,switch_type(netr_LogonInfoClass)] union {
[case(NetlogonInteractiveInformation)] netr_PasswordInfo *password;
[case(NetlogonNetworkInformation)] netr_NetworkInfo *network;
- [case(NetlogonServiceInformation)] netr_PasswordInfo *password;
- [case(NetlogonGenericInformation)] netr_GenericInfo *generic;
+ [case(NetlogonServiceInformation)] netr_PasswordInfo *password;
+ [case(NetlogonGenericInformation)] netr_GenericInfo *generic;
[case(NetlogonInteractiveTransitiveInformation)] netr_PasswordInfo *password;
[case(NetlogonNetworkTransitiveInformation)] netr_NetworkInfo *network;
- [case(NetlogonServiceTransitiveInformation)] netr_PasswordInfo *password;
+ [case(NetlogonServiceTransitiveInformation)] netr_PasswordInfo *password;
} netr_LogonLevel;
typedef [public,flag(NDR_PAHEX)] struct {
/* Flags for user_flags below */
typedef [public,bitmap32bit] bitmap {
- NETLOGON_GUEST = 0x0001,
- NETLOGON_NOENCRYPTION = 0x0002,
- NETLOGON_CACHED_ACCOUNT = 0x0004,
- NETLOGON_USED_LM_PASSWORD = 0x0008,
- NETLOGON_EXTRA_SIDS = 0x0020,
- NETLOGON_SUBAUTH_SESSION_KEY = 0x0040,
- NETLOGON_SERVER_TRUST_ACCOUNT = 0x0080,
- NETLOGON_NTLMV2_ENABLED = 0x0100,
- NETLOGON_RESOURCE_GROUPS = 0x0200,
- NETLOGON_PROFILE_PATH_RETURNED = 0x0400
+ NETLOGON_GUEST = 0x00000001,
+ NETLOGON_NOENCRYPTION = 0x00000002,
+ NETLOGON_CACHED_ACCOUNT = 0x00000004,
+ NETLOGON_USED_LM_PASSWORD = 0x00000008,
+ NETLOGON_EXTRA_SIDS = 0x00000020,
+ NETLOGON_SUBAUTH_SESSION_KEY = 0x00000040,
+ NETLOGON_SERVER_TRUST_ACCOUNT = 0x00000080,
+ NETLOGON_NTLMV2_ENABLED = 0x00000100,
+ NETLOGON_RESOURCE_GROUPS = 0x00000200,
+ NETLOGON_PROFILE_PATH_RETURNED = 0x00000400,
+ NETLOGON_GRACE_LOGON = 0x01000000
} netr_UserFlags;
typedef struct {
lsa_String unknown4;
} netr_PacInfo;
+ typedef [flag(NDR_PAHEX)] struct {
+ uint32 length;
+ [size_is(length)] uint8 *data;
+ } netr_GenericInfo2;
+
+ typedef enum {
+ NetlogonValidationUasInfo = 1,
+ NetlogonValidationSamInfo = 2,
+ NetlogonValidationSamInfo2 = 3,
+ NetlogonValidationGenericInfo2 = 5,
+ NetlogonValidationSamInfo4 = 6
+ } netr_ValidationInfoClass;
+
typedef [public,switch_type(uint16)] union {
- [case(2)] netr_SamInfo2 *sam2;
- [case(3)] netr_SamInfo3 *sam3;
+ [case(NetlogonValidationSamInfo)] netr_SamInfo2 *sam2;
+ [case(NetlogonValidationSamInfo2)] netr_SamInfo3 *sam3;
[case(4)] netr_PacInfo *pac;
- [case(5)] netr_PacInfo *pac;
- [case(6)] netr_SamInfo6 *sam6;
+ [case(NetlogonValidationGenericInfo2)] netr_GenericInfo2 *generic;
+ [case(NetlogonValidationSamInfo4)] netr_SamInfo6 *sam6;
} netr_Validation;
typedef [public, flag(NDR_PAHEX)] struct {
[in,unique] [string,charset(UTF16)] uint16 *computer_name,
[in,unique] netr_Authenticator *credential,
[in,out,unique] netr_Authenticator *return_authenticator,
- [in] uint16 logon_level,
+ [in] netr_LogonInfoClass logon_level,
[in] [switch_is(logon_level)] netr_LogonLevel logon
);
NTTIME domain_create_time;
uint32 SecurityInformation;
sec_desc_buf sdbuf;
- netr_AcctLockStr account_lockout;
+ lsa_BinaryString account_lockout;
lsa_String unknown2;
lsa_String unknown3;
lsa_String unknown4;
WERROR netr_GetDcName(
[in] [string,charset(UTF16)] uint16 logon_server[],
[in,unique] [string,charset(UTF16)] uint16 *domainname,
- [out,unique] [string,charset(UTF16)] uint16 *dcname
+ [out,ref] [string,charset(UTF16)] uint16 **dcname
);
/*****************/
/* Function 0x0C */
+ typedef [bitmap32bit] bitmap {
+ NETLOGON_CTRL_REPL_NEEDED = 0x0001,
+ NETLOGON_CTRL_REPL_IN_PROGRESS = 0x0002,
+ NETLOGON_CTRL_REPL_FULL_SYNC = 0x0004
+ } netr_InfoFlags;
+
typedef struct {
- uint32 flags;
+ netr_InfoFlags flags;
uint32 pdc_connection_status;
} netr_NETLOGON_INFO_1;
typedef struct {
- uint32 flags;
+ netr_InfoFlags flags;
uint32 pdc_connection_status;
- [string,charset(UTF16)] uint16 trusted_dc_name[];
+ [string,charset(UTF16)] uint16 *trusted_dc_name;
uint32 tc_connection_status;
} netr_NETLOGON_INFO_2;
typedef struct {
- uint32 flags;
+ netr_InfoFlags flags;
uint32 logon_attempts;
uint32 unknown1;
uint32 unknown2;
/* function_code values */
typedef [v1_enum] enum {
+ NETLOGON_CONTROL_SYNC = 2,
NETLOGON_CONTROL_REDISCOVER = 5,
NETLOGON_CONTROL_TC_QUERY = 6,
NETLOGON_CONTROL_TRANSPORT_NOTIFY = 7,
WERROR netr_GetAnyDCName(
[in,unique] [string,charset(UTF16)] uint16 *logon_server,
[in,unique] [string,charset(UTF16)] uint16 *domainname,
- [out,unique] [string,charset(UTF16)] uint16 *dcname
+ [out,ref] [string,charset(UTF16)] uint16 **dcname
);
WERROR netr_LogonControl2(
[in,unique] [string,charset(UTF16)] uint16 *logon_server,
- [in] uint32 function_code,
+ [in] netr_LogonControlCode function_code,
[in] uint32 level,
[in][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION data,
[out][switch_is(level)] netr_CONTROL_QUERY_INFORMATION query
);
- /* If this flag is not set, then the passwords and LM session keys are
- * encrypted with DES calls. (And the user session key is
- * unencrypted) */
- const int NETLOGON_NEG_ARCFOUR = 0x00000004;
- const int NETLOGON_NEG_128BIT = 0x00004000;
- const int NETLOGON_NEG_SCHANNEL = 0x40000000;
+ /* If NETLOGON_NEG_ARCFOUR flag is not set, then the passwords and LM
+ * session keys are encrypted with DES calls. (And the user session key
+ * is unencrypted) */
/*****************/
/* Function 0x0F */
+ typedef [bitmap32bit] bitmap {
+ NETLOGON_NEG_ACCOUNT_LOCKOUT = 0x00000001,
+ NETLOGON_NEG_PERSISTENT_SAMREPL = 0x00000002,
+ NETLOGON_NEG_ARCFOUR = 0x00000004,
+ NETLOGON_NEG_PROMOTION_COUNT = 0x00000008,
+ NETLOGON_NEG_CHANGELOG_BDC = 0x00000010,
+ NETLOGON_NEG_FULL_SYNC_REPL = 0x00000020,
+ NETLOGON_NEG_MULTIPLE_SIDS = 0x00000040,
+ NETLOGON_NEG_REDO = 0x00000080,
+ NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL = 0x00000100,
+ NETLOGON_NEG_SEND_PASSWORD_INFO_PDC = 0x00000200,
+ NETLOGON_NEG_GENERIC_PASSTHROUGH = 0x00000400,
+ NETLOGON_NEG_CONCURRENT_RPC = 0x00000800,
+ NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL = 0x00001000,
+ NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL = 0x00002000,
+ NETLOGON_NEG_128BIT = 0x00004000, /* STRONG_KEYS */
+ NETLOGON_NEG_TRANSITIVE_TRUSTS = 0x00008000,
+ NETLOGON_NEG_DNS_DOMAIN_TRUSTS = 0x00010000,
+ NETLOGON_NEG_PASSWORD_SET2 = 0x00020000,
+ NETLOGON_NEG_GETDOMAININFO = 0x00040000,
+ NETLOGON_NEG_CROSS_FOREST_TRUSTS = 0x00080000,
+ NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION = 0x00100000,
+ NETLOGON_NEG_RODC_PASSTHROUGH = 0x00200000,
+ NETLOGON_NEG_AUTHENTICATED_RPC_LSASS = 0x20000000,
+ NETLOGON_NEG_SCHANNEL = 0x40000000 /* AUTHENTICATED_RPC */
+ } netr_NegotiateFlags;
+
NTSTATUS netr_ServerAuthenticate2(
[in,unique] [string,charset(UTF16)] uint16 *server_name,
[in] [string,charset(UTF16)] uint16 account_name[],
[in] netr_SchannelType secure_channel_type,
[in] [string,charset(UTF16)] uint16 computer_name[],
[in,out,ref] netr_Credential *credentials,
- [in,out,ref] uint32 *negotiate_flags
+ [in,out,ref] netr_NegotiateFlags *negotiate_flags
);
/*****************/
/* Function 0x14 */
- /* two unkown bits still: DS_IP_VERSION_AGNOSTIC and
- * DS_TRY_NEXTCLOSEST_SITE - Guenther */
+ /* one unkown bit still: DS_IP_VERSION_AGNOSTIC - gd*/
+
+ const int DSGETDC_VALID_FLAGS = (DS_FORCE_REDISCOVERY |
+ DS_DIRECTORY_SERVICE_REQUIRED |
+ DS_DIRECTORY_SERVICE_PREFERRED |
+ DS_GC_SERVER_REQUIRED |
+ DS_PDC_REQUIRED |
+ DS_BACKGROUND_ONLY |
+ DS_IP_REQUIRED |
+ DS_KDC_REQUIRED |
+ DS_TIMESERV_REQUIRED |
+ DS_WRITABLE_REQUIRED |
+ DS_GOOD_TIMESERV_PREFERRED |
+ DS_AVOID_SELF |
+ DS_ONLY_LDAP_NEEDED |
+ DS_IS_FLAT_NAME |
+ DS_IS_DNS_NAME |
+ DS_RETURN_FLAT_NAME |
+ DS_RETURN_DNS_NAME);
typedef [bitmap32bit] bitmap {
DS_FORCE_REDISCOVERY = 0x00000001,
DS_ONLY_LDAP_NEEDED = 0x00008000,
DS_IS_FLAT_NAME = 0x00010000,
DS_IS_DNS_NAME = 0x00020000,
+ DS_TRY_NEXTCLOSEST_SITE = 0x00040000,
+ DS_DIRECTORY_SERVICE_6_REQUIRED = 0x00080000,
DS_RETURN_DNS_NAME = 0x40000000,
DS_RETURN_FLAT_NAME = 0x80000000
} netr_DsRGetDCName_flags;
} netr_DsRGetDCNameInfo_AddressType;
typedef [bitmap32bit] bitmap {
- DS_SERVER_PDC = NBT_SERVER_PDC,
- DS_SERVER_GC = NBT_SERVER_GC,
- DS_SERVER_LDAP = NBT_SERVER_LDAP,
- DS_SERVER_DS = NBT_SERVER_DS,
- DS_SERVER_KDC = NBT_SERVER_KDC,
- DS_SERVER_TIMESERV = NBT_SERVER_TIMESERV,
- DS_SERVER_CLOSEST = NBT_SERVER_CLOSEST,
- DS_SERVER_WRITABLE = NBT_SERVER_WRITABLE,
- DS_SERVER_GOOD_TIMESERV = NBT_SERVER_GOOD_TIMESERV,
- DS_SERVER_NDNC = 0x00000400,
- DS_DNS_CONTROLLER = 0x20000000,
- DS_DNS_DOMAIN = 0x40000000,
- DS_DNS_FOREST = 0x80000000
+ DS_SERVER_PDC = NBT_SERVER_PDC,
+ DS_SERVER_GC = NBT_SERVER_GC,
+ DS_SERVER_LDAP = NBT_SERVER_LDAP,
+ DS_SERVER_DS = NBT_SERVER_DS,
+ DS_SERVER_KDC = NBT_SERVER_KDC,
+ DS_SERVER_TIMESERV = NBT_SERVER_TIMESERV,
+ DS_SERVER_CLOSEST = NBT_SERVER_CLOSEST,
+ DS_SERVER_WRITABLE = NBT_SERVER_WRITABLE,
+ DS_SERVER_GOOD_TIMESERV = NBT_SERVER_GOOD_TIMESERV,
+ DS_SERVER_NDNC = NBT_SERVER_NDNC,
+ DS_SERVER_SELECT_SECRET_DOMAIN_6 = NBT_SERVER_SELECT_SECRET_DOMAIN_6,
+ DS_SERVER_FULL_SECRET_DOMAIN_6 = NBT_SERVER_FULL_SECRET_DOMAIN_6,
+ DS_DNS_CONTROLLER = 0x20000000,
+ DS_DNS_DOMAIN = 0x40000000,
+ DS_DNS_FOREST = 0x80000000
} netr_DsR_DcFlags;
- typedef struct {
+ typedef [public] struct {
[string,charset(UTF16)] uint16 *dc_unc;
[string,charset(UTF16)] uint16 *dc_address;
netr_DsRGetDCNameInfo_AddressType dc_address_type;
/****************/
/* Function 0x1a */
[public] NTSTATUS netr_ServerAuthenticate3(
- [in,unique] [string,charset(UTF16)] uint16 *server_name,
+ [in,unique] [string,charset(UTF16)] uint16 *server_name,
[in] [string,charset(UTF16)] uint16 account_name[],
[in] netr_SchannelType secure_channel_type,
[in] [string,charset(UTF16)] uint16 computer_name[],
[in,out,ref] netr_Credential *credentials,
- [in,out,ref] uint32 *negotiate_flags,
+ [in,out,ref] netr_NegotiateFlags *negotiate_flags,
[out,ref] uint32 *rid
);
/* Function 0x1c */
WERROR netr_DsRGetSiteName(
[in,unique] [string,charset(UTF16)] uint16 *computer_name,
- [out,unique] [string,charset(UTF16)] uint16 *site
+ [out,ref] [string,charset(UTF16)] uint16 **site
);
/****************/
/* Function 0x1d */
+ typedef [bitmap32bit] bitmap {
+ NETR_TRUST_FLAG_IN_FOREST = 0x00000001,
+ NETR_TRUST_FLAG_OUTBOUND = 0x00000002,
+ NETR_TRUST_FLAG_TREEROOT = 0x00000004,
+ NETR_TRUST_FLAG_PRIMARY = 0x00000008,
+ NETR_TRUST_FLAG_NATIVE = 0x00000010,
+ NETR_TRUST_FLAG_INBOUND = 0x00000020,
+ NETR_TRUST_FLAG_MIT_KRB5 = 0x00000080,
+ NETR_TRUST_FLAG_AES = 0x00000100
+ } netr_TrustFlags;
typedef [flag(NDR_PAHEX)] struct {
uint16 length;
[case(2)] netr_DomainQuery1 *query1;
} netr_DomainQuery;
+ typedef struct {
+ /* these first 3 values come from the fact windows
+ actually encodes this structure as a UNICODE_STRING
+ - see MS-NRPC section 2.2.1.3.9 */
+ [value(8)] uint32 length;
+ [value(0)] uint32 dummy;
+ [value(8)] uint32 size;
+ netr_TrustFlags flags;
+ uint32 parent_index;
+ uint32 trust_type;
+ uint32 trust_attributes;
+ } netr_trust_extension;
+
+ typedef struct {
+ uint16 length; /* value is 16 when info != NULL, otherwise 0 */
+ [value(length)] uint16 size; /* value is 16 when info != NULL, otherwise 0 */
+ netr_trust_extension *info;
+ } netr_trust_extension_container;
+
typedef struct {
lsa_String domainname;
lsa_String fulldomainname;
lsa_String forest;
GUID guid;
dom_sid2 *sid;
- netr_BinaryString unknown1[4];
- uint32 unknown[4];
+ netr_trust_extension_container trust_extension;
+ lsa_String dummystring[3];
+ uint32 dummy[4];
} netr_DomainTrustInfo;
+ typedef struct {
+ uint32 policy_size;
+ [size_is(policy_size)] uint8 *policy;
+ } netr_LsaPolicyInfo;
+
+ typedef [public,bitmap32bit] bitmap {
+ NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS = 0x00000001,
+ NETR_WS_FLAG_HANDLES_SPN_UPDATE = 0x00000002
+ } netr_WorkstationFlags;
+
typedef struct {
netr_DomainTrustInfo domaininfo;
uint32 num_trusts;
[size_is(num_trusts)] netr_DomainTrustInfo *trusts;
- uint32 unknown[14]; /* room for expansion? */
+ netr_LsaPolicyInfo lsa_policy;
+ lsa_String dns_hostname;
+ lsa_String dummystring[3];
+ netr_WorkstationFlags workstation_flags;
+ uint32 supported_enc_types;
+ uint32 dummy[2];
} netr_DomainInfo1;
typedef union {
[case(1)] netr_DomainInfo1 *info1;
- [case(2)] netr_DomainInfo1 *info1;
+ [case(2)] netr_DomainInfo1 *info2;
} netr_DomainInfo;
NTSTATUS netr_LogonGetDomainInfo(
/****************/
/* Function 0x24 */
- typedef [bitmap32bit] bitmap {
- NETR_TRUST_FLAG_IN_FOREST = 0x00000001,
- NETR_TRUST_FLAG_OUTBOUND = 0x00000002,
- NETR_TRUST_FLAG_TREEROOT = 0x00000004,
- NETR_TRUST_FLAG_PRIMARY = 0x00000008,
- NETR_TRUST_FLAG_NATIVE = 0x00000010,
- NETR_TRUST_FLAG_INBOUND = 0x00000020
- } netr_TrustFlags;
typedef [v1_enum] enum {
NETR_TRUST_TYPE_DOWNLEVEL = 1,
WERROR netr_DsrGetDcSiteCoverageW(
[in,unique] [string,charset(UTF16)] uint16 *server_name,
- [out,unique] DcSitesCtr *ctr
+ [out,ref] DcSitesCtr **ctr
);
/****************/
NTSTATUS netr_LogonSamLogonEx(
[in,unique] [string,charset(UTF16)] uint16 *server_name,
[in,unique] [string,charset(UTF16)] uint16 *computer_name,
- [in] uint16 logon_level,
+ [in] netr_LogonInfoClass logon_level,
[in] [switch_is(logon_level)] netr_LogonLevel logon,
[in] uint16 validation_level,
[out] [switch_is(validation_level)] netr_Validation validation,
WERROR netr_DsrEnumerateDomainTrusts(
[in,unique] [string,charset(UTF16)] uint16 *server_name,
[in] netr_TrustFlags trust_flags,
- [out] uint32 count,
- [out,unique,size_is(count)] netr_DomainTrust *trusts
+ [out,ref] netr_DomainTrustList *trusts
);
/****************/
/* Function 0x2a */
NTSTATUS netr_ServerTrustPasswordsGet(
- [in,unique] [string,charset(UTF16)] uint16 *server_name,
+ [in,unique] [string,charset(UTF16)] uint16 *server_name,
[in] [string,charset(UTF16)] uint16 account_name[],
[in] netr_SchannelType secure_channel_type,
[in] [string,charset(UTF16)] uint16 computer_name[],
[in,unique] [string,charset(UTF16)] uint16 *computer_name,
[in,unique] netr_Authenticator *credential,
[in,out,unique] netr_Authenticator *return_authenticator,
- [in] uint16 logon_level,
+ [in] netr_LogonInfoClass logon_level,
[in] [switch_is(logon_level)] netr_LogonLevel logon,
[in] uint16 validation_level,
[out] [switch_is(validation_level)] netr_Validation validation,