1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23 * Use is subject to license terms.
24 *
25 * Copyright 2020 Tintri by DDN, Inc. All rights reserved.
26 */
27
28#ifndef _MLSVC_NETR_NDL_
29#define _MLSVC_NETR_NDL_
30
31/*
32 ***********************************************************************
33 *
34 * NetLogon RPC (NETR) interface definition.
35 *
36 ***********************************************************************
37 */
38
39#include <libmlrpc/ndrtypes.ndl>
40
41
42#define NETR_OPNUM_UasLogon			0x00
43#define NETR_OPNUM_UasLogoff			0x01
44#define NETR_OPNUM_SamLogon			0x02
45#define NETR_OPNUM_SamLogoff			0x03
46#define NETR_OPNUM_ServerReqChallenge		0x04
47#define NETR_OPNUM_ServerAuthenticate		0x05
48#define NETR_OPNUM_ServerPasswordSet		0x06
49#define NETR_OPNUM_DatabaseDeltas		0x07
50#define NETR_OPNUM_DatabaseSync			0x08
51#define NETR_OPNUM_AccountDeltas		0x09
52#define NETR_OPNUM_AccountSync			0x0a
53#define NETR_OPNUM_GetDCName			0x0b
54#define NETR_OPNUM_LogonControl			0x0c
55#define NETR_OPNUM_GetAnyDCName			0x0d
56#define NETR_OPNUM_LogonControl2		0x0E
57#define NETR_OPNUM_ServerAuthenticate2		0x0F
58#define NETR_OPNUM_DatabaseSync2		0x10
59#define NETR_OPNUM_DatabaseRedo			0x11
60#define NETR_OPNUM_LogonControl2Ex		0x12
61#define NETR_OPNUM_TrustDomainList		0x13
62#define NETR_OPNUM_DsrGetDcName			0x14
63#define NETR_OPNUM_LogonGetCapabilities		0x15
64#define NETR_OPNUM_LogonSetServiceBits		0x16
65#define NETR_OPNUM_LogonGetTrustRid		0x17
66#define NETR_OPNUM_LogonComputeServerDigest	0x18
67#define NETR_OPNUM_LogonComputeClientDigest	0x19
68#define NETR_OPNUM_ServerAuthenticate3		0x1A
69#define NETR_OPNUM_DsrGetDcNameEx		0x1B
70#define NETR_OPNUM_DsrGetSiteName		0x1C
71#define NETR_OPNUM_LogonGetDomainInfo		0x1D
72#define NETR_OPNUM_ServerPasswordSet2		0x1E
73
74#define	NETR_OPNUM_SamLogonEx			0x27
75
76/*
77 * This is not a real NETR OPNUM.  It's used to unpack the
78 * struct krb5_validation_info found in the Kerberos PAC.
79 */
80#define	NETR_OPNUM_decode_krb5_pac		1000
81
82
83struct netr_sid {
84	BYTE		Revision;
85	BYTE		SubAuthCount;
86	BYTE		Authority[6];
87  SIZE_IS(SubAuthCount)
88	DWORD		SubAuthority[ANY_SIZE_ARRAY];
89};
90
91
92struct netr_string {
93	WORD		length;
94	WORD		allosize;
95	LPTSTR		str;
96};
97typedef struct netr_string netr_string_t;
98
99
100/*
101 * Alternative varying/conformant string definition - for
102 * non-null terminated strings. This definition must match
103 * ndr_vcbuf_t.
104 */
105struct netr_vcs {
106	/*
107	 * size_is (actually a copy of length_is) will
108	 * be inserted here by the marshalling library.
109	 */
110	DWORD vc_first_is;
111	DWORD vc_length_is;
112  SIZE_IS(vc_length_is)
113	WORD buffer[ANY_SIZE_ARRAY];
114};
115
116struct netr_vcstr {
117	WORD wclen;
118	WORD wcsize;
119	struct netr_vcs *vcs;
120};
121typedef struct netr_vcstr netr_vcstr_t;
122
123struct netr_vcb {
124	/*
125	 * size_is (actually a copy of length_is) will
126	 * be inserted here by the marshalling library.
127	 */
128	DWORD vc_first_is;
129	DWORD vc_length_is;
130  SIZE_IS(vc_length_is)
131	BYTE buffer[ANY_SIZE_ARRAY];
132};
133
134struct netr_vcbuf {
135	WORD len;
136	WORD size;
137	struct netr_vcb *vcb;
138};
139typedef struct netr_vcbuf netr_vcbuf_t;
140
141struct netr_credential {
142	BYTE data[8];
143};
144
145struct netr_authenticator {
146	struct netr_credential credential;
147	DWORD timestamp;
148};
149typedef struct netr_authenticator netr_auth_t;
150
151
152struct OLD_LARGE_INTEGER {
153	DWORD LowPart;
154	DWORD HighPart;
155};
156typedef struct OLD_LARGE_INTEGER netr_int64_t;
157
158struct CYPHER_BLOCK {
159	BYTE data[8];
160};
161
162struct OWF_PASSWORD {
163	BYTE data[16];
164};
165typedef struct OWF_PASSWORD netr_owf_password_t;
166
167/*
168 * NL_TRUST_PASSWORD
169 * See also: samr_user_password
170 */
171#define NETR_TRUST_PWLEN	256
172struct netr_trust_password {
173	WORD	Buffer[NETR_TRUST_PWLEN];
174	DWORD	Length;
175};
176typedef struct netr_trust_password netr_trust_password_t;
177
178struct USER_SESSION_KEY {
179	struct CYPHER_BLOCK data[2];
180};
181
182
183
184
185/*
186 ***********************************************************************
187 * ServerReqChallenge
188 ***********************************************************************
189 */
190ALIGN(2)
191OPERATION(NETR_OPNUM_ServerReqChallenge)
192struct netr_ServerReqChallenge {
193	IN		LPTSTR servername;
194	IN REFERENCE	LPTSTR hostname;
195	IN		struct netr_credential client_challenge;
196	OUT		struct netr_credential server_challenge;
197	OUT		DWORD status;
198};
199
200
201/*
202 ***********************************************************************
203 * ServerAuthenticate2
204 ***********************************************************************
205 */
206ALIGN(2)
207OPERATION(NETR_OPNUM_ServerAuthenticate2)
208struct netr_ServerAuthenticate2 {
209	IN		LPTSTR servername;
210	IN REFERENCE	LPTSTR account_name;
211	IN		WORD account_type;
212	IN REFERENCE	LPTSTR hostname;
213	IN		struct netr_credential client_credential;
214	OUT		struct netr_credential server_credential;
215	INOUT	DWORD negotiate_flags;
216	OUT		DWORD status;
217};
218
219
220/*
221 ***********************************************************************
222 * ServerPasswordSet
223 ***********************************************************************
224 */
225ALIGN(2)
226OPERATION(NETR_OPNUM_ServerPasswordSet)
227struct netr_PasswordSet {
228	IN		LPTSTR servername;
229	IN REFERENCE	LPTSTR account_name;
230	IN		WORD sec_chan_type;
231	IN REFERENCE	LPTSTR hostname;
232	INOUT	struct netr_authenticator auth;
233	IN		netr_owf_password_t owf_password;
234	OUT		DWORD status;
235};
236
237OPERATION(NETR_OPNUM_ServerPasswordSet2)
238struct netr_PasswordSet2 {
239	IN		LPTSTR servername;
240	IN REFERENCE	LPTSTR account_name;
241	IN		WORD sec_chan_type;
242	IN REFERENCE	LPTSTR hostname;
243	INOUT	struct netr_authenticator auth;
244	IN		netr_trust_password_t trust_password;
245	OUT		DWORD status;
246};
247
248
249/*
250 ***********************************************************************
251 * SamLogon
252 ***********************************************************************
253 */
254
255/*
256 * The challenge-response data should always be 24 bytes.
257 */
258#define NETR_CR_PASSWORD_SIZE			24
259
260
261struct lm_challenge {
262	BYTE data[8];
263};
264typedef struct lm_challenge lm_challenge_t;
265
266/*
267 * Input data
268 */
269struct netr_logon_identity_info {
270	netr_vcstr_t domain_name;
271	DWORD parameter_control;
272	struct OLD_LARGE_INTEGER logon_id;
273	netr_vcstr_t username;
274	netr_vcstr_t workstation;
275};
276typedef struct netr_logon_identity_info netr_logon_id_t;
277
278
279/*
280 * Level 1: interactive logon
281 */
282struct netr_logon_info1 {
283	netr_logon_id_t identity;
284	netr_owf_password_t lm_owf_password;
285	netr_owf_password_t nt_owf_password;
286};
287
288
289/*
290 * Level 2: network logon.
291 */
292struct netr_logon_info2 {
293	netr_logon_id_t identity;
294	lm_challenge_t lm_challenge;
295	netr_vcbuf_t nt_response;
296	netr_vcbuf_t lm_response;
297};
298
299
300union netr_logon_info_u {
301	UNION_INFO_PTR(1,netr_logon_info);
302	UNION_INFO_PTR(2,netr_logon_info);
303	DEFAULT	DWORD nothing;
304};
305
306
307FAKE
308struct netr_login_info {
309	WORD logon_level;
310	WORD switch_value;
311  SWITCH(switch_value)
312	union netr_logon_info_u ru;
313};
314
315
316/*
317 * Output data
318 */
319struct netr_group_membership {
320	DWORD rid;
321	DWORD attributes;
322};
323
324
325struct netr_sid_and_attributes {
326	struct netr_sid *sid;
327	DWORD attributes;
328};
329
330
331struct netr_validation_info3 {
332	struct OLD_LARGE_INTEGER LogonTime;
333	struct OLD_LARGE_INTEGER LogoffTime;
334	struct OLD_LARGE_INTEGER KickOffTime;
335	struct OLD_LARGE_INTEGER PasswordLastSet;
336	struct OLD_LARGE_INTEGER PasswordCanChange;
337	struct OLD_LARGE_INTEGER PasswordMustChange;
338	netr_string_t EffectiveName;
339	netr_string_t FullName;
340	netr_string_t LogonScript;
341	netr_string_t ProfilePath;
342	netr_string_t HomeDirectory;
343	netr_string_t HomeDirectoryDrive;
344	WORD LogonCount;
345	WORD BadPasswordCount;
346	DWORD UserId;
347	DWORD PrimaryGroupId;
348	DWORD GroupCount;
349  SIZE_IS(GroupCount)
350	struct netr_group_membership *GroupIds;
351	DWORD UserFlags;
352	struct USER_SESSION_KEY UserSessionKey;
353	netr_string_t LogonServer;
354	netr_string_t LogonDomainName;
355	struct netr_sid *LogonDomainId;
356	DWORD ExpansionRoom[10];
357	DWORD SidCount;
358  SIZE_IS(SidCount)
359	struct netr_sid_and_attributes *ExtraSids;
360};
361
362/* NETR_OPNUM_decode_krb5_pac */
363struct krb5_validation_info {
364	struct netr_validation_info3 info3;
365	/* Kerberos PAC "resource group" stuff. */
366	struct netr_sid *rg_dom_sid;
367	DWORD rg_rid_cnt;
368  SIZE_IS(rg_rid_cnt)
369	struct netr_group_membership *rg_rids;
370};
371
372union netr_validation_u {
373	CASE(3) struct netr_validation_info3 *info3;
374	DEFAULT	DWORD nothing;
375};
376
377
378/*
379 * This structure needs to be declared, even though it can't be used
380 * in netr_SamLogon, in order to get the appropriate size to calculate
381 * the correct fixup offsets.  If ndrgen did the right thing,
382 * netr_validation_info would be one of the out parameters. However,
383 * if we do it that way, the switch_value isn't known early enough to
384 * do the fixup calculation. So it all has to go in netr_SamLogon.
385 */
386struct netr_validation_info {
387	WORD validation_level;
388  SWITCH(validation_level)
389	union netr_validation_u ru;
390};
391
392
393/*
394 * WARNING
395 *
396 * Validation_level is really a WORD and authoritative is really a
397 * BYTE. They are declared as DWORD here due to the way things are
398 * unmarshalled. NT does not clear out the unused bytes in the
399 * DWORD so they must be cast to get the correct value.
400 */
401ALIGN(2)
402OPERATION(NETR_OPNUM_SamLogon)
403struct netr_SamLogon {
404	IN		LPTSTR servername;
405	IN		LPTSTR hostname;
406	IN		struct netr_authenticator *auth;
407	INOUT	struct netr_authenticator *ret_auth;
408	IN		struct netr_login_info logon_info;
409	INOUT	WORD validation_level;
410  SWITCH(validation_level)
411	OUT		union netr_validation_u ru;
412	OUT		DWORD authoritative;
413	OUT		DWORD status;
414};
415
416ALIGN(2)
417OPERATION(NETR_OPNUM_SamLogonEx)
418struct netr_SamLogonEx {
419	IN		LPTSTR servername;
420	IN		LPTSTR hostname;
421	IN		struct netr_login_info logon_info;
422	INOUT	WORD validation_level;
423  SWITCH(validation_level)
424	OUT		union netr_validation_u ru;
425	OUT		DWORD authoritative;
426	INOUT		DWORD extra_flags;
427	OUT		DWORD status;
428};
429
430/*
431 ***********************************************************************
432 * SamLogoff
433 ***********************************************************************
434 */
435OPERATION(NETR_OPNUM_SamLogoff)
436struct netr_SamLogoff {
437	IN		LPTSTR servername;
438	IN REFERENCE	LPTSTR hostname;
439	IN		struct netr_authenticator auth;
440	INOUT	struct netr_authenticator ret_auth;
441	IN		DWORD logon_level;
442  SWITCH(logon_level)
443	IN		union netr_logon_info_u ru;
444	OUT		DWORD status;
445};
446
447
448/*
449 ***********************************************************************
450 * The NETR interface definition.
451 ***********************************************************************
452 */
453INTERFACE(0)
454union netr_interface {
455	CASE(NETR_OPNUM_ServerReqChallenge)
456		struct netr_ServerReqChallenge		ServerReqChallenge;
457	CASE(NETR_OPNUM_ServerAuthenticate2)
458		struct netr_ServerAuthenticate2		ServerAuthenticate2;
459	CASE(NETR_OPNUM_SamLogon)
460		struct netr_SamLogon			SamLogon;
461	CASE(NETR_OPNUM_SamLogonEx)
462		struct netr_SamLogonEx			SamLogonEx;
463	CASE(NETR_OPNUM_SamLogoff)
464		struct netr_SamLogoff			SamLogoff;
465	CASE(NETR_OPNUM_ServerPasswordSet)
466		struct netr_PasswordSet			PasswordSet;
467	CASE(NETR_OPNUM_ServerPasswordSet2)
468		struct netr_PasswordSet2		PasswordSet2;
469
470	/* Special, for smb_decode_krb5_pac() */
471	CASE(NETR_OPNUM_decode_krb5_pac)
472		struct krb5_validation_info		krb5pac;
473};
474typedef union netr_interface netr_interface_t;
475EXTERNTYPEINFO(netr_interface)
476
477#endif /* _MLSVC_NETR_NDL_ */
478