1# Copyright (c) 2003-2016 CORE Security Technologies 2# 3# This software is provided under under a slightly modified version 4# of the Apache Software License. See the accompanying LICENSE file 5# for more information. 6# 7# Author: Alberto Solino (@agsolino) 8# 9# Description: 10# [MS-LSAD] Interface implementation 11# 12# Best way to learn how to use these calls is to grab the protocol standard 13# so you understand what the call does, and then read the test case located 14# at https://github.com/CoreSecurity/impacket/tree/master/impacket/testcases/SMB_RPC 15# 16# Some calls have helper functions, which makes it even easier to use. 17# They are located at the end of this file. 18# Helper functions start with "h"<name of the call>. 19# There are test cases for them too. 20# 21from impacket.dcerpc.v5.ndr import NDRCALL, NDRENUM, NDRUNION, NDRUniConformantVaryingArray, NDRPOINTER, NDR, NDRSTRUCT, \ 22 NDRUniConformantArray 23from impacket.dcerpc.v5.dtypes import DWORD, LPWSTR, STR, LUID, LONG, ULONG, RPC_UNICODE_STRING, PRPC_SID, LPBYTE, \ 24 LARGE_INTEGER, NTSTATUS, RPC_SID, ACCESS_MASK, UCHAR, PRPC_UNICODE_STRING, PLARGE_INTEGER, USHORT, \ 25 SECURITY_INFORMATION, NULL, MAXIMUM_ALLOWED, GUID, SECURITY_DESCRIPTOR, OWNER_SECURITY_INFORMATION 26from impacket import nt_errors 27from impacket.uuid import uuidtup_to_bin 28from impacket.dcerpc.v5.enum import Enum 29from impacket.dcerpc.v5.rpcrt import DCERPCException 30 31MSRPC_UUID_LSAD = uuidtup_to_bin(('12345778-1234-ABCD-EF00-0123456789AB','0.0')) 32 33class DCERPCSessionError(DCERPCException): 34 def __init__(self, error_string=None, error_code=None, packet=None): 35 DCERPCException.__init__(self, error_string, error_code, packet) 36 37 def __str__( self ): 38 key = self.error_code 39 if nt_errors.ERROR_MESSAGES.has_key(key): 40 error_msg_short = nt_errors.ERROR_MESSAGES[key][0] 41 error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1] 42 return 'LSAD SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose) 43 else: 44 return 'LSAD SessionError: unknown error code: 0x%x' % self.error_code 45 46################################################################################ 47# CONSTANTS 48################################################################################ 49# 2.2.1.1.2 ACCESS_MASK for Policy Objects 50POLICY_VIEW_LOCAL_INFORMATION = 0x00000001 51POLICY_VIEW_AUDIT_INFORMATION = 0x00000002 52POLICY_GET_PRIVATE_INFORMATION = 0x00000004 53POLICY_TRUST_ADMIN = 0x00000008 54POLICY_CREATE_ACCOUNT = 0x00000010 55POLICY_CREATE_SECRET = 0x00000020 56POLICY_CREATE_PRIVILEGE = 0x00000040 57POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x00000080 58POLICY_SET_AUDIT_REQUIREMENTS = 0x00000100 59POLICY_AUDIT_LOG_ADMIN = 0x00000200 60POLICY_SERVER_ADMIN = 0x00000400 61POLICY_LOOKUP_NAMES = 0x00000800 62POLICY_NOTIFICATION = 0x00001000 63 64# 2.2.1.1.3 ACCESS_MASK for Account Objects 65ACCOUNT_VIEW = 0x00000001 66ACCOUNT_ADJUST_PRIVILEGES = 0x00000002 67ACCOUNT_ADJUST_QUOTAS = 0x00000004 68ACCOUNT_ADJUST_SYSTEM_ACCESS = 0x00000008 69 70# 2.2.1.1.4 ACCESS_MASK for Secret Objects 71SECRET_SET_VALUE = 0x00000001 72SECRET_QUERY_VALUE = 0x00000002 73 74# 2.2.1.1.5 ACCESS_MASK for Trusted Domain Objects 75TRUSTED_QUERY_DOMAIN_NAME = 0x00000001 76TRUSTED_QUERY_CONTROLLERS = 0x00000002 77TRUSTED_SET_CONTROLLERS = 0x00000004 78TRUSTED_QUERY_POSIX = 0x00000008 79TRUSTED_SET_POSIX = 0x00000010 80TRUSTED_SET_AUTH = 0x00000020 81TRUSTED_QUERY_AUTH = 0x00000040 82 83# 2.2.1.2 POLICY_SYSTEM_ACCESS_MODE 84POLICY_MODE_INTERACTIVE = 0x00000001 85POLICY_MODE_NETWORK = 0x00000002 86POLICY_MODE_BATCH = 0x00000004 87POLICY_MODE_SERVICE = 0x00000010 88POLICY_MODE_DENY_INTERACTIVE = 0x00000040 89POLICY_MODE_DENY_NETWORK = 0x00000080 90POLICY_MODE_DENY_BATCH = 0x00000100 91POLICY_MODE_DENY_SERVICE = 0x00000200 92POLICY_MODE_REMOTE_INTERACTIVE = 0x00000400 93POLICY_MODE_DENY_REMOTE_INTERACTIVE = 0x00000800 94POLICY_MODE_ALL = 0x00000FF7 95POLICY_MODE_ALL_NT4 = 0x00000037 96 97# 2.2.4.4 LSAPR_POLICY_AUDIT_EVENTS_INFO 98# EventAuditingOptions 99POLICY_AUDIT_EVENT_UNCHANGED = 0x00000000 100POLICY_AUDIT_EVENT_NONE = 0x00000004 101POLICY_AUDIT_EVENT_SUCCESS = 0x00000001 102POLICY_AUDIT_EVENT_FAILURE = 0x00000002 103 104# 2.2.4.19 POLICY_DOMAIN_KERBEROS_TICKET_INFO 105# AuthenticationOptions 106POLICY_KERBEROS_VALIDATE_CLIENT = 0x00000080 107 108# 2.2.7.21 LSA_FOREST_TRUST_RECORD 109# Flags 110LSA_TLN_DISABLED_NEW = 0x00000001 111LSA_TLN_DISABLED_ADMIN = 0x00000002 112LSA_TLN_DISABLED_CONFLICT = 0x00000004 113LSA_SID_DISABLED_ADMIN = 0x00000001 114LSA_SID_DISABLED_CONFLICT = 0x00000002 115LSA_NB_DISABLED_ADMIN = 0x00000004 116LSA_NB_DISABLED_CONFLICT = 0x00000008 117LSA_FTRECORD_DISABLED_REASONS = 0x0000FFFF 118 119################################################################################ 120# STRUCTURES 121################################################################################ 122# 2.2.2.1 LSAPR_HANDLE 123class LSAPR_HANDLE(NDRSTRUCT): 124 align = 1 125 structure = ( 126 ('Data','20s=""'), 127 ) 128 129# 2.2.2.3 LSA_UNICODE_STRING 130LSA_UNICODE_STRING = RPC_UNICODE_STRING 131 132# 2.2.3.1 STRING 133class STRING(NDRSTRUCT): 134 commonHdr = ( 135 ('MaximumLength','<H=len(Data)-12'), 136 ('Length','<H=len(Data)-12'), 137 ('ReferentID','<L=0xff'), 138 ) 139 commonHdr64 = ( 140 ('MaximumLength','<H=len(Data)-24'), 141 ('Length','<H=len(Data)-24'), 142 ('ReferentID','<Q=0xff'), 143 ) 144 145 referent = ( 146 ('Data',STR), 147 ) 148 149 def dump(self, msg = None, indent = 0): 150 if msg is None: msg = self.__class__.__name__ 151 ind = ' '*indent 152 if msg != '': 153 print "%s" % (msg), 154 # Here just print the data 155 print " %r" % (self['Data']), 156 157 def __setitem__(self, key, value): 158 if key == 'Data': 159 self.fields['MaximumLength'] = None 160 self.fields['Length'] = None 161 self.data = None # force recompute 162 return NDR.__setitem__(self, key, value) 163 164# 2.2.3.2 LSAPR_ACL 165class LSAPR_ACL(NDRSTRUCT): 166 structure = ( 167 ('AclRevision', UCHAR), 168 ('Sbz1', UCHAR), 169 ('AclSize', USHORT), 170 ('Dummy1',NDRUniConformantArray), 171 ) 172 173# 2.2.3.4 LSAPR_SECURITY_DESCRIPTOR 174LSAPR_SECURITY_DESCRIPTOR = SECURITY_DESCRIPTOR 175 176class PLSAPR_SECURITY_DESCRIPTOR(NDRPOINTER): 177 referent = ( 178 ('Data', LSAPR_SECURITY_DESCRIPTOR), 179 ) 180 181# 2.2.3.5 SECURITY_IMPERSONATION_LEVEL 182class SECURITY_IMPERSONATION_LEVEL(NDRENUM): 183 class enumItems(Enum): 184 SecurityAnonymous = 0 185 SecurityIdentification = 1 186 SecurityImpersonation = 2 187 SecurityDelegation = 3 188 189# 2.2.3.6 SECURITY_CONTEXT_TRACKING_MODE 190SECURITY_CONTEXT_TRACKING_MODE = UCHAR 191 192# 2.2.3.7 SECURITY_QUALITY_OF_SERVICE 193class SECURITY_QUALITY_OF_SERVICE(NDRSTRUCT): 194 structure = ( 195 ('Length', DWORD), 196 ('ImpersonationLevel', SECURITY_IMPERSONATION_LEVEL), 197 ('ContextTrackingMode', SECURITY_CONTEXT_TRACKING_MODE), 198 ('EffectiveOnly', UCHAR), 199 ) 200 201class PSECURITY_QUALITY_OF_SERVICE(NDRPOINTER): 202 referent = ( 203 ('Data', SECURITY_QUALITY_OF_SERVICE), 204 ) 205 206# 2.2.2.4 LSAPR_OBJECT_ATTRIBUTES 207class LSAPR_OBJECT_ATTRIBUTES(NDRSTRUCT): 208 structure = ( 209 ('Length', DWORD), 210 ('RootDirectory', LPWSTR), 211 ('ObjectName', LPWSTR), 212 ('Attributes', DWORD), 213 ('SecurityDescriptor', PLSAPR_SECURITY_DESCRIPTOR), 214 ('SecurityQualityOfService', PSECURITY_QUALITY_OF_SERVICE), 215 ) 216 217# 2.2.2.5 LSAPR_SR_SECURITY_DESCRIPTOR 218class LSAPR_SR_SECURITY_DESCRIPTOR(NDRSTRUCT): 219 structure = ( 220 ('Length', DWORD), 221 ('SecurityDescriptor', LPBYTE), 222 ) 223 224class PLSAPR_SR_SECURITY_DESCRIPTOR(NDRPOINTER): 225 referent = ( 226 ('Data', LSAPR_SR_SECURITY_DESCRIPTOR), 227 ) 228 229# 2.2.3.3 SECURITY_DESCRIPTOR_CONTROL 230SECURITY_DESCRIPTOR_CONTROL = ULONG 231 232# 2.2.4.1 POLICY_INFORMATION_CLASS 233class POLICY_INFORMATION_CLASS(NDRENUM): 234 class enumItems(Enum): 235 PolicyAuditLogInformation = 1 236 PolicyAuditEventsInformation = 2 237 PolicyPrimaryDomainInformation = 3 238 PolicyPdAccountInformation = 4 239 PolicyAccountDomainInformation = 5 240 PolicyLsaServerRoleInformation = 6 241 PolicyReplicaSourceInformation = 7 242 PolicyInformationNotUsedOnWire = 8 243 PolicyModificationInformation = 9 244 PolicyAuditFullSetInformation = 10 245 PolicyAuditFullQueryInformation = 11 246 PolicyDnsDomainInformation = 12 247 PolicyDnsDomainInformationInt = 13 248 PolicyLocalAccountDomainInformation = 14 249 PolicyLastEntry = 15 250 251# 2.2.4.3 POLICY_AUDIT_LOG_INFO 252class POLICY_AUDIT_LOG_INFO(NDRSTRUCT): 253 structure = ( 254 ('AuditLogPercentFull', DWORD), 255 ('MaximumLogSize', DWORD), 256 ('AuditRetentionPeriod', LARGE_INTEGER), 257 ('AuditLogFullShutdownInProgress', UCHAR), 258 ('TimeToShutdown', LARGE_INTEGER), 259 ('NextAuditRecordId', DWORD), 260 ) 261 262# 2.2.4.4 LSAPR_POLICY_AUDIT_EVENTS_INFO 263class DWORD_ARRAY(NDRUniConformantArray): 264 item = DWORD 265 266class PDWORD_ARRAY(NDRPOINTER): 267 referent = ( 268 ('Data', DWORD_ARRAY), 269 ) 270 271class LSAPR_POLICY_AUDIT_EVENTS_INFO(NDRSTRUCT): 272 structure = ( 273 ('AuditingMode', UCHAR), 274 ('EventAuditingOptions', PDWORD_ARRAY), 275 ('MaximumAuditEventCount', DWORD), 276 ) 277 278# 2.2.4.5 LSAPR_POLICY_PRIMARY_DOM_INFO 279class LSAPR_POLICY_PRIMARY_DOM_INFO(NDRSTRUCT): 280 structure = ( 281 ('Name', RPC_UNICODE_STRING), 282 ('Sid', PRPC_SID), 283 ) 284 285# 2.2.4.6 LSAPR_POLICY_ACCOUNT_DOM_INFO 286class LSAPR_POLICY_ACCOUNT_DOM_INFO(NDRSTRUCT): 287 structure = ( 288 ('DomainName', RPC_UNICODE_STRING), 289 ('DomainSid', PRPC_SID), 290 ) 291 292# 2.2.4.7 LSAPR_POLICY_PD_ACCOUNT_INFO 293class LSAPR_POLICY_PD_ACCOUNT_INFO(NDRSTRUCT): 294 structure = ( 295 ('Name', RPC_UNICODE_STRING), 296 ) 297 298# 2.2.4.8 POLICY_LSA_SERVER_ROLE 299class POLICY_LSA_SERVER_ROLE(NDRENUM): 300 class enumItems(Enum): 301 PolicyServerRoleBackup = 2 302 PolicyServerRolePrimary = 3 303 304# 2.2.4.9 POLICY_LSA_SERVER_ROLE_INFO 305class POLICY_LSA_SERVER_ROLE_INFO(NDRSTRUCT): 306 structure = ( 307 ('LsaServerRole', POLICY_LSA_SERVER_ROLE), 308 ) 309 310# 2.2.4.10 LSAPR_POLICY_REPLICA_SRCE_INFO 311class LSAPR_POLICY_REPLICA_SRCE_INFO(NDRSTRUCT): 312 structure = ( 313 ('ReplicaSource', RPC_UNICODE_STRING), 314 ('ReplicaAccountName', RPC_UNICODE_STRING), 315 ) 316 317# 2.2.4.11 POLICY_MODIFICATION_INFO 318class POLICY_MODIFICATION_INFO(NDRSTRUCT): 319 structure = ( 320 ('ModifiedId', LARGE_INTEGER), 321 ('DatabaseCreationTime', LARGE_INTEGER), 322 ) 323 324# 2.2.4.12 POLICY_AUDIT_FULL_SET_INFO 325class POLICY_AUDIT_FULL_SET_INFO(NDRSTRUCT): 326 structure = ( 327 ('ShutDownOnFull', UCHAR), 328 ) 329 330# 2.2.4.13 POLICY_AUDIT_FULL_QUERY_INFO 331class POLICY_AUDIT_FULL_QUERY_INFO(NDRSTRUCT): 332 structure = ( 333 ('ShutDownOnFull', UCHAR), 334 ('LogIsFull', UCHAR), 335 ) 336 337# 2.2.4.14 LSAPR_POLICY_DNS_DOMAIN_INFO 338class LSAPR_POLICY_DNS_DOMAIN_INFO(NDRSTRUCT): 339 structure = ( 340 ('Name', RPC_UNICODE_STRING), 341 ('DnsDomainName', RPC_UNICODE_STRING), 342 ('DnsForestName', RPC_UNICODE_STRING), 343 ('DomainGuid', GUID), 344 ('Sid', PRPC_SID), 345 ) 346 347# 2.2.4.2 LSAPR_POLICY_INFORMATION 348class LSAPR_POLICY_INFORMATION(NDRUNION): 349 union = { 350 POLICY_INFORMATION_CLASS.PolicyAuditLogInformation : ('PolicyAuditLogInfo', POLICY_AUDIT_LOG_INFO), 351 POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation : ('PolicyAuditEventsInfo', LSAPR_POLICY_AUDIT_EVENTS_INFO), 352 POLICY_INFORMATION_CLASS.PolicyPrimaryDomainInformation : ('PolicyPrimaryDomainInfo', LSAPR_POLICY_PRIMARY_DOM_INFO), 353 POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation : ('PolicyAccountDomainInfo', LSAPR_POLICY_ACCOUNT_DOM_INFO), 354 POLICY_INFORMATION_CLASS.PolicyPdAccountInformation : ('PolicyPdAccountInfo', LSAPR_POLICY_PD_ACCOUNT_INFO), 355 POLICY_INFORMATION_CLASS.PolicyLsaServerRoleInformation : ('PolicyServerRoleInfo', POLICY_LSA_SERVER_ROLE_INFO), 356 POLICY_INFORMATION_CLASS.PolicyReplicaSourceInformation : ('PolicyReplicaSourceInfo', LSAPR_POLICY_REPLICA_SRCE_INFO), 357 POLICY_INFORMATION_CLASS.PolicyModificationInformation : ('PolicyModificationInfo', POLICY_MODIFICATION_INFO), 358 POLICY_INFORMATION_CLASS.PolicyAuditFullSetInformation : ('PolicyAuditFullSetInfo', POLICY_AUDIT_FULL_SET_INFO), 359 POLICY_INFORMATION_CLASS.PolicyAuditFullQueryInformation : ('PolicyAuditFullQueryInfo', POLICY_AUDIT_FULL_QUERY_INFO), 360 POLICY_INFORMATION_CLASS.PolicyDnsDomainInformation : ('PolicyDnsDomainInfo', LSAPR_POLICY_DNS_DOMAIN_INFO), 361 POLICY_INFORMATION_CLASS.PolicyDnsDomainInformationInt : ('PolicyDnsDomainInfoInt', LSAPR_POLICY_DNS_DOMAIN_INFO), 362 POLICY_INFORMATION_CLASS.PolicyLocalAccountDomainInformation: ('PolicyLocalAccountDomainInfo', LSAPR_POLICY_ACCOUNT_DOM_INFO), 363 } 364 365class PLSAPR_POLICY_INFORMATION(NDRPOINTER): 366 referent = ( 367 ('Data', LSAPR_POLICY_INFORMATION), 368 ) 369 370# 2.2.4.15 POLICY_DOMAIN_INFORMATION_CLASS 371class POLICY_DOMAIN_INFORMATION_CLASS(NDRENUM): 372 class enumItems(Enum): 373 PolicyDomainQualityOfServiceInformation = 1 374 PolicyDomainEfsInformation = 2 375 PolicyDomainKerberosTicketInformation = 3 376 377# 2.2.4.17 POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO 378class POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO(NDRSTRUCT): 379 structure = ( 380 ('QualityOfService', DWORD), 381 ) 382 383# 2.2.4.18 LSAPR_POLICY_DOMAIN_EFS_INFO 384class LSAPR_POLICY_DOMAIN_EFS_INFO(NDRSTRUCT): 385 structure = ( 386 ('InfoLength', DWORD), 387 ('EfsBlob', LPBYTE), 388 ) 389 390# 2.2.4.19 POLICY_DOMAIN_KERBEROS_TICKET_INFO 391class POLICY_DOMAIN_KERBEROS_TICKET_INFO(NDRSTRUCT): 392 structure = ( 393 ('AuthenticationOptions', DWORD), 394 ('MaxServiceTicketAge', LARGE_INTEGER), 395 ('MaxTicketAge', LARGE_INTEGER), 396 ('MaxRenewAge', LARGE_INTEGER), 397 ('MaxClockSkew', LARGE_INTEGER), 398 ('Reserved', LARGE_INTEGER), 399 ) 400 401# 2.2.4.16 LSAPR_POLICY_DOMAIN_INFORMATION 402class LSAPR_POLICY_DOMAIN_INFORMATION(NDRUNION): 403 union = { 404 POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainQualityOfServiceInformation : ('PolicyDomainQualityOfServiceInfo', POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO ), 405 POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainEfsInformation : ('PolicyDomainEfsInfo', LSAPR_POLICY_DOMAIN_EFS_INFO), 406 POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainKerberosTicketInformation : ('PolicyDomainKerbTicketInfo', POLICY_DOMAIN_KERBEROS_TICKET_INFO), 407 } 408 409class PLSAPR_POLICY_DOMAIN_INFORMATION(NDRPOINTER): 410 referent = ( 411 ('Data', LSAPR_POLICY_DOMAIN_INFORMATION), 412 ) 413 414# 2.2.4.20 POLICY_AUDIT_EVENT_TYPE 415class POLICY_AUDIT_EVENT_TYPE(NDRENUM): 416 class enumItems(Enum): 417 AuditCategorySystem = 0 418 AuditCategoryLogon = 1 419 AuditCategoryObjectAccess = 2 420 AuditCategoryPrivilegeUse = 3 421 AuditCategoryDetailedTracking = 4 422 AuditCategoryPolicyChange = 5 423 AuditCategoryAccountManagement = 6 424 AuditCategoryDirectoryServiceAccess = 7 425 AuditCategoryAccountLogon = 8 426 427# 2.2.5.1 LSAPR_ACCOUNT_INFORMATION 428class LSAPR_ACCOUNT_INFORMATION(NDRSTRUCT): 429 structure = ( 430 ('Sid', PRPC_SID), 431 ) 432 433# 2.2.5.2 LSAPR_ACCOUNT_ENUM_BUFFER 434class LSAPR_ACCOUNT_INFORMATION_ARRAY(NDRUniConformantArray): 435 item = LSAPR_ACCOUNT_INFORMATION 436 437class PLSAPR_ACCOUNT_INFORMATION_ARRAY(NDRPOINTER): 438 referent = ( 439 ('Data', LSAPR_ACCOUNT_INFORMATION_ARRAY), 440 ) 441 442class LSAPR_ACCOUNT_ENUM_BUFFER(NDRSTRUCT): 443 structure = ( 444 ('EntriesRead', ULONG), 445 ('Information', PLSAPR_ACCOUNT_INFORMATION_ARRAY), 446 ) 447 448# 2.2.5.3 LSAPR_USER_RIGHT_SET 449class RPC_UNICODE_STRING_ARRAY(NDRUniConformantArray): 450 item = RPC_UNICODE_STRING 451 452class PRPC_UNICODE_STRING_ARRAY(NDRPOINTER): 453 referent = ( 454 ('Data', RPC_UNICODE_STRING_ARRAY), 455 ) 456 457class LSAPR_USER_RIGHT_SET(NDRSTRUCT): 458 structure = ( 459 ('EntriesRead', ULONG), 460 ('UserRights', PRPC_UNICODE_STRING_ARRAY), 461 ) 462 463# 2.2.5.4 LSAPR_LUID_AND_ATTRIBUTES 464class LSAPR_LUID_AND_ATTRIBUTES(NDRSTRUCT): 465 structure = ( 466 ('Luid', LUID), 467 ('Attributes', ULONG), 468 ) 469 470# 2.2.5.5 LSAPR_PRIVILEGE_SET 471class LSAPR_LUID_AND_ATTRIBUTES_ARRAY(NDRUniConformantArray): 472 item = LSAPR_LUID_AND_ATTRIBUTES 473 474class LSAPR_PRIVILEGE_SET(NDRSTRUCT): 475 structure = ( 476 ('PrivilegeCount', ULONG), 477 ('Control', ULONG), 478 ('Privilege', LSAPR_LUID_AND_ATTRIBUTES_ARRAY), 479 ) 480 481class PLSAPR_PRIVILEGE_SET(NDRPOINTER): 482 referent = ( 483 ('Data', LSAPR_PRIVILEGE_SET), 484 ) 485 486# 2.2.6.1 LSAPR_CR_CIPHER_VALUE 487class PCHAR_ARRAY(NDRPOINTER): 488 referent = ( 489 ('Data', NDRUniConformantVaryingArray), 490 ) 491 492class LSAPR_CR_CIPHER_VALUE(NDRSTRUCT): 493 structure = ( 494 ('Length', LONG), 495 ('MaximumLength', LONG), 496 ('Buffer', PCHAR_ARRAY), 497 ) 498 499class PLSAPR_CR_CIPHER_VALUE(NDRPOINTER): 500 referent = ( 501 ('Data', LSAPR_CR_CIPHER_VALUE), 502 ) 503 504class PPLSAPR_CR_CIPHER_VALUE(NDRPOINTER): 505 referent = ( 506 ('Data', PLSAPR_CR_CIPHER_VALUE), 507 ) 508 509# 2.2.7.1 LSAPR_TRUST_INFORMATION 510class LSAPR_TRUST_INFORMATION(NDRSTRUCT): 511 structure = ( 512 ('Name', RPC_UNICODE_STRING), 513 ('Sid', PRPC_SID), 514 ) 515 516# 2.2.7.2 TRUSTED_INFORMATION_CLASS 517class TRUSTED_INFORMATION_CLASS(NDRENUM): 518 class enumItems(Enum): 519 TrustedDomainNameInformation = 1 520 TrustedControllersInformation = 2 521 TrustedPosixOffsetInformation = 3 522 TrustedPasswordInformation = 4 523 TrustedDomainInformationBasic = 5 524 TrustedDomainInformationEx = 6 525 TrustedDomainAuthInformation = 7 526 TrustedDomainFullInformation = 8 527 TrustedDomainAuthInformationInternal = 9 528 TrustedDomainFullInformationInternal = 10 529 TrustedDomainInformationEx2Internal = 11 530 TrustedDomainFullInformation2Internal = 12 531 TrustedDomainSupportedEncryptionTypes = 13 532 533# 2.2.7.4 LSAPR_TRUSTED_DOMAIN_NAME_INFO 534class LSAPR_TRUSTED_DOMAIN_NAME_INFO(NDRSTRUCT): 535 structure = ( 536 ('Name', RPC_UNICODE_STRING), 537 ) 538 539# 2.2.7.5 LSAPR_TRUSTED_CONTROLLERS_INFO 540class LSAPR_TRUSTED_CONTROLLERS_INFO(NDRSTRUCT): 541 structure = ( 542 ('Entries', ULONG), 543 ('Names', PRPC_UNICODE_STRING_ARRAY), 544 ) 545 546# 2.2.7.6 TRUSTED_POSIX_OFFSET_INFO 547class TRUSTED_POSIX_OFFSET_INFO(NDRSTRUCT): 548 structure = ( 549 ('Offset', ULONG), 550 ) 551 552# 2.2.7.7 LSAPR_TRUSTED_PASSWORD_INFO 553class LSAPR_TRUSTED_PASSWORD_INFO(NDRSTRUCT): 554 structure = ( 555 ('Password', PLSAPR_CR_CIPHER_VALUE), 556 ('OldPassword', PLSAPR_CR_CIPHER_VALUE), 557 ) 558 559# 2.2.7.8 LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC 560LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC = LSAPR_TRUST_INFORMATION 561 562# 2.2.7.9 LSAPR_TRUSTED_DOMAIN_INFORMATION_EX 563class LSAPR_TRUSTED_DOMAIN_INFORMATION_EX(NDRSTRUCT): 564 structure = ( 565 ('Name', RPC_UNICODE_STRING), 566 ('FlatName', RPC_UNICODE_STRING), 567 ('Sid', PRPC_SID), 568 ('TrustDirection', ULONG), 569 ('TrustType', ULONG), 570 ('TrustAttributes', ULONG), 571 ) 572 573# 2.2.7.10 LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2 574class LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2(NDRSTRUCT): 575 structure = ( 576 ('Name', RPC_UNICODE_STRING), 577 ('FlatName', RPC_UNICODE_STRING), 578 ('Sid', PRPC_SID), 579 ('TrustDirection', ULONG), 580 ('TrustType', ULONG), 581 ('TrustAttributes', ULONG), 582 ('ForestTrustLength', ULONG), 583 ('ForestTrustInfo', LPBYTE), 584 ) 585 586# 2.2.7.17 LSAPR_AUTH_INFORMATION 587class LSAPR_AUTH_INFORMATION(NDRSTRUCT): 588 structure = ( 589 ('LastUpdateTime', LARGE_INTEGER), 590 ('AuthType', ULONG), 591 ('AuthInfoLength', ULONG), 592 ('AuthInfo', LPBYTE), 593 ) 594 595class PLSAPR_AUTH_INFORMATION(NDRPOINTER): 596 referent = ( 597 ('Data', LSAPR_AUTH_INFORMATION), 598 ) 599 600# 2.2.7.11 LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION 601class LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION(NDRSTRUCT): 602 structure = ( 603 ('IncomingAuthInfos', ULONG), 604 ('IncomingAuthenticationInformation', PLSAPR_AUTH_INFORMATION), 605 ('IncomingPreviousAuthenticationInformation', PLSAPR_AUTH_INFORMATION), 606 ('OutgoingAuthInfos', ULONG), 607 ('OutgoingAuthenticationInformation', PLSAPR_AUTH_INFORMATION), 608 ('OutgoingPreviousAuthenticationInformation', PLSAPR_AUTH_INFORMATION), 609 ) 610 611# 2.2.7.16 LSAPR_TRUSTED_DOMAIN_AUTH_BLOB 612class LSAPR_TRUSTED_DOMAIN_AUTH_BLOB(NDRSTRUCT): 613 structure = ( 614 ('AuthSize', ULONG), 615 ('AuthBlob', LPBYTE), 616 ) 617 618# 2.2.7.12 LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL 619class LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL(NDRSTRUCT): 620 structure = ( 621 ('AuthBlob', LSAPR_TRUSTED_DOMAIN_AUTH_BLOB), 622 ) 623 624# 2.2.7.13 LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION 625class LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION(NDRSTRUCT): 626 structure = ( 627 ('Information', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX), 628 ('PosixOffset', TRUSTED_POSIX_OFFSET_INFO), 629 ('AuthInformation', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION), 630 ) 631 632# 2.2.7.14 LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL 633class LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL(NDRSTRUCT): 634 structure = ( 635 ('Information', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX), 636 ('PosixOffset', TRUSTED_POSIX_OFFSET_INFO), 637 ('AuthInformation', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL), 638 ) 639 640# 2.2.7.15 LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2 641class LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2(NDRSTRUCT): 642 structure = ( 643 ('Information', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX), 644 ('PosixOffset', TRUSTED_POSIX_OFFSET_INFO), 645 ('AuthInformation', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION), 646 ) 647 648# 2.2.7.18 TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES 649class TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES(NDRSTRUCT): 650 structure = ( 651 ('SupportedEncryptionTypes', ULONG), 652 ) 653 654# 2.2.7.3 LSAPR_TRUSTED_DOMAIN_INFO 655class LSAPR_TRUSTED_DOMAIN_INFO(NDRUNION): 656 union = { 657 TRUSTED_INFORMATION_CLASS.TrustedDomainNameInformation : ('TrustedDomainNameInfo', LSAPR_TRUSTED_DOMAIN_NAME_INFO ), 658 TRUSTED_INFORMATION_CLASS.TrustedControllersInformation : ('TrustedControllersInfo', LSAPR_TRUSTED_CONTROLLERS_INFO), 659 TRUSTED_INFORMATION_CLASS.TrustedPosixOffsetInformation : ('TrustedPosixOffsetInfo', TRUSTED_POSIX_OFFSET_INFO), 660 TRUSTED_INFORMATION_CLASS.TrustedPasswordInformation : ('TrustedPasswordInfo', LSAPR_TRUSTED_PASSWORD_INFO ), 661 TRUSTED_INFORMATION_CLASS.TrustedDomainInformationBasic : ('TrustedDomainInfoBasic', LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC), 662 TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx : ('TrustedDomainInfoEx', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX), 663 TRUSTED_INFORMATION_CLASS.TrustedDomainAuthInformation : ('TrustedAuthInfo', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION), 664 TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation : ('TrustedFullInfo', LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION), 665 TRUSTED_INFORMATION_CLASS.TrustedDomainAuthInformationInternal : ('TrustedAuthInfoInternal', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL), 666 TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformationInternal : ('TrustedFullInfoInternal', LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL), 667 TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx2Internal : ('TrustedDomainInfoEx2', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2), 668 TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation2Internal : ('TrustedFullInfo2', LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2), 669 TRUSTED_INFORMATION_CLASS.TrustedDomainSupportedEncryptionTypes : ('TrustedDomainSETs', TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES), 670 } 671 672# 2.2.7.19 LSAPR_TRUSTED_ENUM_BUFFER 673class LSAPR_TRUST_INFORMATION_ARRAY(NDRUniConformantArray): 674 item = LSAPR_TRUST_INFORMATION 675 676class PLSAPR_TRUST_INFORMATION_ARRAY(NDRPOINTER): 677 referent = ( 678 ('Data', LSAPR_TRUST_INFORMATION_ARRAY), 679 ) 680 681class LSAPR_TRUSTED_ENUM_BUFFER(NDRSTRUCT): 682 structure = ( 683 ('Entries', ULONG), 684 ('Information', PLSAPR_TRUST_INFORMATION_ARRAY), 685 ) 686 687# 2.2.7.20 LSAPR_TRUSTED_ENUM_BUFFER_EX 688class LSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY(NDRUniConformantArray): 689 item = LSAPR_TRUSTED_DOMAIN_INFORMATION_EX 690 691class PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY(NDRPOINTER): 692 referent = ( 693 ('Data', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY), 694 ) 695 696class LSAPR_TRUSTED_ENUM_BUFFER_EX(NDRSTRUCT): 697 structure = ( 698 ('Entries', ULONG), 699 ('EnumerationBuffer', PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY), 700 ) 701 702# 2.2.7.22 LSA_FOREST_TRUST_RECORD_TYPE 703class LSA_FOREST_TRUST_RECORD_TYPE(NDRENUM): 704 class enumItems(Enum): 705 ForestTrustTopLevelName = 0 706 ForestTrustTopLevelNameEx = 1 707 ForestTrustDomainInfo = 2 708 709# 2.2.7.24 LSA_FOREST_TRUST_DOMAIN_INFO 710class LSA_FOREST_TRUST_DOMAIN_INFO(NDRSTRUCT): 711 structure = ( 712 ('Sid', PRPC_SID), 713 ('DnsName', LSA_UNICODE_STRING), 714 ('NetbiosName', LSA_UNICODE_STRING), 715 ) 716 717# 2.2.7.21 LSA_FOREST_TRUST_RECORD 718class LSA_FOREST_TRUST_DATA_UNION(NDRUNION): 719 union = { 720 LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName : ('TopLevelName', LSA_UNICODE_STRING ), 721 LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx : ('TopLevelName', LSA_UNICODE_STRING), 722 LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo : ('DomainInfo', LSA_FOREST_TRUST_DOMAIN_INFO), 723 } 724 725class LSA_FOREST_TRUST_RECORD(NDRSTRUCT): 726 structure = ( 727 ('Flags', ULONG), 728 ('ForestTrustType', LSA_FOREST_TRUST_RECORD_TYPE), 729 ('Time', LARGE_INTEGER), 730 ('ForestTrustData', LSA_FOREST_TRUST_DATA_UNION), 731 ) 732 733class PLSA_FOREST_TRUST_RECORD(NDRPOINTER): 734 referent = ( 735 ('Data', LSA_FOREST_TRUST_RECORD), 736 ) 737 738# 2.2.7.23 LSA_FOREST_TRUST_BINARY_DATA 739class LSA_FOREST_TRUST_BINARY_DATA(NDRSTRUCT): 740 structure = ( 741 ('Length', ULONG), 742 ('Buffer', LPBYTE), 743 ) 744 745# 2.2.7.25 LSA_FOREST_TRUST_INFORMATION 746class LSA_FOREST_TRUST_RECORD_ARRAY(NDRUniConformantArray): 747 item = PLSA_FOREST_TRUST_RECORD 748 749class PLSA_FOREST_TRUST_RECORD_ARRAY(NDRPOINTER): 750 referent = ( 751 ('Data', LSA_FOREST_TRUST_RECORD_ARRAY), 752 ) 753 754class LSA_FOREST_TRUST_INFORMATION(NDRSTRUCT): 755 structure = ( 756 ('RecordCount', ULONG), 757 ('Entries', PLSA_FOREST_TRUST_RECORD_ARRAY), 758 ) 759 760class PLSA_FOREST_TRUST_INFORMATION(NDRPOINTER): 761 referent = ( 762 ('Data', LSA_FOREST_TRUST_INFORMATION), 763 ) 764 765# 2.2.7.26 LSA_FOREST_TRUST_COLLISION_RECORD_TYPE 766class LSA_FOREST_TRUST_COLLISION_RECORD_TYPE(NDRENUM): 767 class enumItems(Enum): 768 CollisionTdo = 0 769 CollisionXref = 1 770 CollisionOther = 2 771 772# 2.2.7.27 LSA_FOREST_TRUST_COLLISION_RECORD 773class LSA_FOREST_TRUST_COLLISION_RECORD(NDRSTRUCT): 774 structure = ( 775 ('Index', ULONG), 776 ('Type', LSA_FOREST_TRUST_COLLISION_RECORD_TYPE), 777 ('Flags', ULONG), 778 ('Name', LSA_UNICODE_STRING), 779 ) 780 781# 2.2.8.1 LSAPR_POLICY_PRIVILEGE_DEF 782class LSAPR_POLICY_PRIVILEGE_DEF(NDRSTRUCT): 783 structure = ( 784 ('Name', RPC_UNICODE_STRING), 785 ('LocalValue', LUID), 786 ) 787 788# 2.2.8.2 LSAPR_PRIVILEGE_ENUM_BUFFER 789class LSAPR_POLICY_PRIVILEGE_DEF_ARRAY(NDRUniConformantArray): 790 item = LSAPR_POLICY_PRIVILEGE_DEF 791 792class PLSAPR_POLICY_PRIVILEGE_DEF_ARRAY(NDRPOINTER): 793 referent = ( 794 ('Data', LSAPR_POLICY_PRIVILEGE_DEF_ARRAY), 795 ) 796 797class LSAPR_PRIVILEGE_ENUM_BUFFER(NDRSTRUCT): 798 structure = ( 799 ('Entries', ULONG), 800 ('Privileges', PLSAPR_POLICY_PRIVILEGE_DEF_ARRAY), 801 ) 802 803 804################################################################################ 805# RPC CALLS 806################################################################################ 807# 3.1.4.4.1 LsarOpenPolicy2 (Opnum 44) 808class LsarOpenPolicy2(NDRCALL): 809 opnum = 44 810 structure = ( 811 ('SystemName', LPWSTR), 812 ('ObjectAttributes',LSAPR_OBJECT_ATTRIBUTES), 813 ('DesiredAccess',ACCESS_MASK), 814 ) 815 816class LsarOpenPolicy2Response(NDRCALL): 817 structure = ( 818 ('PolicyHandle',LSAPR_HANDLE), 819 ('ErrorCode', NTSTATUS), 820 ) 821 822# 3.1.4.4.2 LsarOpenPolicy (Opnum 6) 823class LsarOpenPolicy(NDRCALL): 824 opnum = 6 825 structure = ( 826 ('SystemName', LPWSTR), 827 ('ObjectAttributes',LSAPR_OBJECT_ATTRIBUTES), 828 ('DesiredAccess',ACCESS_MASK), 829 ) 830 831class LsarOpenPolicyResponse(NDRCALL): 832 structure = ( 833 ('PolicyHandle',LSAPR_HANDLE), 834 ('ErrorCode', NTSTATUS), 835 ) 836 837# 3.1.4.4.3 LsarQueryInformationPolicy2 (Opnum 46) 838class LsarQueryInformationPolicy2(NDRCALL): 839 opnum = 46 840 structure = ( 841 ('PolicyHandle', LSAPR_HANDLE), 842 ('InformationClass',POLICY_INFORMATION_CLASS), 843 ) 844 845class LsarQueryInformationPolicy2Response(NDRCALL): 846 structure = ( 847 ('PolicyInformation',PLSAPR_POLICY_INFORMATION), 848 ('ErrorCode', NTSTATUS), 849 ) 850 851# 3.1.4.4.4 LsarQueryInformationPolicy (Opnum 7) 852class LsarQueryInformationPolicy(NDRCALL): 853 opnum = 7 854 structure = ( 855 ('PolicyHandle', LSAPR_HANDLE), 856 ('InformationClass',POLICY_INFORMATION_CLASS), 857 ) 858 859class LsarQueryInformationPolicyResponse(NDRCALL): 860 structure = ( 861 ('PolicyInformation',PLSAPR_POLICY_INFORMATION), 862 ('ErrorCode', NTSTATUS), 863 ) 864 865# 3.1.4.4.5 LsarSetInformationPolicy2 (Opnum 47) 866class LsarSetInformationPolicy2(NDRCALL): 867 opnum = 47 868 structure = ( 869 ('PolicyHandle', LSAPR_HANDLE), 870 ('InformationClass',POLICY_INFORMATION_CLASS), 871 ('PolicyInformation',LSAPR_POLICY_INFORMATION), 872 ) 873 874class LsarSetInformationPolicy2Response(NDRCALL): 875 structure = ( 876 ('ErrorCode', NTSTATUS), 877 ) 878 879# 3.1.4.4.6 LsarSetInformationPolicy (Opnum 8) 880class LsarSetInformationPolicy(NDRCALL): 881 opnum = 8 882 structure = ( 883 ('PolicyHandle', LSAPR_HANDLE), 884 ('InformationClass',POLICY_INFORMATION_CLASS), 885 ('PolicyInformation',LSAPR_POLICY_INFORMATION), 886 ) 887 888class LsarSetInformationPolicyResponse(NDRCALL): 889 structure = ( 890 ('ErrorCode', NTSTATUS), 891 ) 892 893# 3.1.4.4.7 LsarQueryDomainInformationPolicy (Opnum 53) 894class LsarQueryDomainInformationPolicy(NDRCALL): 895 opnum = 53 896 structure = ( 897 ('PolicyHandle', LSAPR_HANDLE), 898 ('InformationClass',POLICY_DOMAIN_INFORMATION_CLASS), 899 ) 900 901class LsarQueryDomainInformationPolicyResponse(NDRCALL): 902 structure = ( 903 ('PolicyDomainInformation',PLSAPR_POLICY_DOMAIN_INFORMATION), 904 ('ErrorCode', NTSTATUS), 905 ) 906 907# 3.1.4.4.8 LsarSetDomainInformationPolicy (Opnum 54) 908# 3.1.4.5.1 LsarCreateAccount (Opnum 10) 909class LsarCreateAccount(NDRCALL): 910 opnum = 10 911 structure = ( 912 ('PolicyHandle', LSAPR_HANDLE), 913 ('AccountSid',RPC_SID), 914 ('DesiredAccess',ACCESS_MASK), 915 ) 916 917class LsarCreateAccountResponse(NDRCALL): 918 structure = ( 919 ('AccountHandle',LSAPR_HANDLE), 920 ('ErrorCode', NTSTATUS), 921 ) 922 923# 3.1.4.5.2 LsarEnumerateAccounts (Opnum 11) 924class LsarEnumerateAccounts(NDRCALL): 925 opnum = 11 926 structure = ( 927 ('PolicyHandle', LSAPR_HANDLE), 928 ('EnumerationContext',ULONG), 929 ('PreferedMaximumLength',ULONG), 930 ) 931 932class LsarEnumerateAccountsResponse(NDRCALL): 933 structure = ( 934 ('EnumerationContext',ULONG), 935 ('EnumerationBuffer',LSAPR_ACCOUNT_ENUM_BUFFER), 936 ('ErrorCode', NTSTATUS), 937 ) 938 939# 3.1.4.5.3 LsarOpenAccount (Opnum 17) 940class LsarOpenAccount(NDRCALL): 941 opnum = 17 942 structure = ( 943 ('PolicyHandle', LSAPR_HANDLE), 944 ('AccountSid',RPC_SID), 945 ('DesiredAccess',ACCESS_MASK), 946 ) 947 948class LsarOpenAccountResponse(NDRCALL): 949 structure = ( 950 ('AccountHandle',LSAPR_HANDLE), 951 ('ErrorCode', NTSTATUS), 952 ) 953 954# 3.1.4.5.4 LsarEnumeratePrivilegesAccount (Opnum 18) 955class LsarEnumeratePrivilegesAccount(NDRCALL): 956 opnum = 18 957 structure = ( 958 ('AccountHandle', LSAPR_HANDLE), 959 ) 960 961class LsarEnumeratePrivilegesAccountResponse(NDRCALL): 962 structure = ( 963 ('Privileges',PLSAPR_PRIVILEGE_SET), 964 ('ErrorCode', NTSTATUS), 965 ) 966 967# 3.1.4.5.5 LsarAddPrivilegesToAccount (Opnum 19) 968class LsarAddPrivilegesToAccount(NDRCALL): 969 opnum = 19 970 structure = ( 971 ('AccountHandle', LSAPR_HANDLE), 972 ('Privileges', LSAPR_PRIVILEGE_SET), 973 ) 974 975class LsarAddPrivilegesToAccountResponse(NDRCALL): 976 structure = ( 977 ('ErrorCode', NTSTATUS), 978 ) 979 980# 3.1.4.5.6 LsarRemovePrivilegesFromAccount (Opnum 20) 981class LsarRemovePrivilegesFromAccount(NDRCALL): 982 opnum = 20 983 structure = ( 984 ('AccountHandle', LSAPR_HANDLE), 985 ('AllPrivileges', UCHAR), 986 ('Privileges', PLSAPR_PRIVILEGE_SET), 987 ) 988 989class LsarRemovePrivilegesFromAccountResponse(NDRCALL): 990 structure = ( 991 ('ErrorCode', NTSTATUS), 992 ) 993 994# 3.1.4.5.7 LsarGetSystemAccessAccount (Opnum 23) 995class LsarGetSystemAccessAccount(NDRCALL): 996 opnum = 23 997 structure = ( 998 ('AccountHandle', LSAPR_HANDLE), 999 ) 1000 1001class LsarGetSystemAccessAccountResponse(NDRCALL): 1002 structure = ( 1003 ('SystemAccess', ULONG), 1004 ('ErrorCode', NTSTATUS), 1005 ) 1006 1007# 3.1.4.5.8 LsarSetSystemAccessAccount (Opnum 24) 1008class LsarSetSystemAccessAccount(NDRCALL): 1009 opnum = 24 1010 structure = ( 1011 ('AccountHandle', LSAPR_HANDLE), 1012 ('SystemAccess', ULONG), 1013 ) 1014 1015class LsarSetSystemAccessAccountResponse(NDRCALL): 1016 structure = ( 1017 ('ErrorCode', NTSTATUS), 1018 ) 1019 1020# 3.1.4.5.9 LsarEnumerateAccountsWithUserRight (Opnum 35) 1021class LsarEnumerateAccountsWithUserRight(NDRCALL): 1022 opnum = 35 1023 structure = ( 1024 ('PolicyHandle', LSAPR_HANDLE), 1025 ('UserRight', PRPC_UNICODE_STRING), 1026 ) 1027 1028class LsarEnumerateAccountsWithUserRightResponse(NDRCALL): 1029 structure = ( 1030 ('EnumerationBuffer',LSAPR_ACCOUNT_ENUM_BUFFER), 1031 ('ErrorCode', NTSTATUS), 1032 ) 1033 1034# 3.1.4.5.10 LsarEnumerateAccountRights (Opnum 36) 1035class LsarEnumerateAccountRights(NDRCALL): 1036 opnum = 36 1037 structure = ( 1038 ('PolicyHandle', LSAPR_HANDLE), 1039 ('AccountSid', RPC_SID), 1040 ) 1041 1042class LsarEnumerateAccountRightsResponse(NDRCALL): 1043 structure = ( 1044 ('UserRights',LSAPR_USER_RIGHT_SET), 1045 ('ErrorCode', NTSTATUS), 1046 ) 1047 1048# 3.1.4.5.11 LsarAddAccountRights (Opnum 37) 1049class LsarAddAccountRights(NDRCALL): 1050 opnum = 37 1051 structure = ( 1052 ('PolicyHandle', LSAPR_HANDLE), 1053 ('AccountSid', RPC_SID), 1054 ('UserRights',LSAPR_USER_RIGHT_SET), 1055 ) 1056 1057class LsarAddAccountRightsResponse(NDRCALL): 1058 structure = ( 1059 ('ErrorCode', NTSTATUS), 1060 ) 1061 1062# 3.1.4.5.12 LsarRemoveAccountRights (Opnum 38) 1063class LsarRemoveAccountRights(NDRCALL): 1064 opnum = 38 1065 structure = ( 1066 ('PolicyHandle', LSAPR_HANDLE), 1067 ('AccountSid', RPC_SID), 1068 ('AllRights', UCHAR), 1069 ('UserRights',LSAPR_USER_RIGHT_SET), 1070 ) 1071 1072class LsarRemoveAccountRightsResponse(NDRCALL): 1073 structure = ( 1074 ('ErrorCode', NTSTATUS), 1075 ) 1076 1077# 3.1.4.6.1 LsarCreateSecret (Opnum 16) 1078class LsarCreateSecret(NDRCALL): 1079 opnum = 16 1080 structure = ( 1081 ('PolicyHandle', LSAPR_HANDLE), 1082 ('SecretName', RPC_UNICODE_STRING), 1083 ('DesiredAccess', ACCESS_MASK), 1084 ) 1085 1086class LsarCreateSecretResponse(NDRCALL): 1087 structure = ( 1088 ('SecretHandle', LSAPR_HANDLE), 1089 ('ErrorCode', NTSTATUS), 1090 ) 1091 1092# 3.1.4.6.2 LsarOpenSecret (Opnum 28) 1093class LsarOpenSecret(NDRCALL): 1094 opnum = 28 1095 structure = ( 1096 ('PolicyHandle', LSAPR_HANDLE), 1097 ('SecretName', RPC_UNICODE_STRING), 1098 ('DesiredAccess', ACCESS_MASK), 1099 ) 1100 1101class LsarOpenSecretResponse(NDRCALL): 1102 structure = ( 1103 ('SecretHandle', LSAPR_HANDLE), 1104 ('ErrorCode', NTSTATUS), 1105 ) 1106 1107# 3.1.4.6.3 LsarSetSecret (Opnum 29) 1108class LsarSetSecret(NDRCALL): 1109 opnum = 29 1110 structure = ( 1111 ('SecretHandle', LSAPR_HANDLE), 1112 ('EncryptedCurrentValue', PLSAPR_CR_CIPHER_VALUE), 1113 ('EncryptedOldValue', PLSAPR_CR_CIPHER_VALUE), 1114 ) 1115 1116class LsarSetSecretResponse(NDRCALL): 1117 structure = ( 1118 ('ErrorCode', NTSTATUS), 1119 ) 1120 1121# 3.1.4.6.4 LsarQuerySecret (Opnum 30) 1122class LsarQuerySecret(NDRCALL): 1123 opnum = 30 1124 structure = ( 1125 ('SecretHandle', LSAPR_HANDLE), 1126 ('EncryptedCurrentValue', PPLSAPR_CR_CIPHER_VALUE), 1127 ('CurrentValueSetTime', PLARGE_INTEGER), 1128 ('EncryptedOldValue', PPLSAPR_CR_CIPHER_VALUE), 1129 ('OldValueSetTime', PLARGE_INTEGER), 1130 ) 1131 1132class LsarQuerySecretResponse(NDRCALL): 1133 structure = ( 1134 ('EncryptedCurrentValue', PPLSAPR_CR_CIPHER_VALUE), 1135 ('CurrentValueSetTime', PLARGE_INTEGER), 1136 ('EncryptedOldValue', PPLSAPR_CR_CIPHER_VALUE), 1137 ('OldValueSetTime', PLARGE_INTEGER), 1138 ('ErrorCode', NTSTATUS), 1139 ) 1140 1141# 3.1.4.6.5 LsarStorePrivateData (Opnum 42) 1142class LsarStorePrivateData(NDRCALL): 1143 opnum = 42 1144 structure = ( 1145 ('PolicyHandle', LSAPR_HANDLE), 1146 ('KeyName', RPC_UNICODE_STRING), 1147 ('EncryptedData', PLSAPR_CR_CIPHER_VALUE), 1148 ) 1149 1150class LsarStorePrivateDataResponse(NDRCALL): 1151 structure = ( 1152 ('ErrorCode', NTSTATUS), 1153 ) 1154 1155# 3.1.4.6.6 LsarRetrievePrivateData (Opnum 43) 1156class LsarRetrievePrivateData(NDRCALL): 1157 opnum = 43 1158 structure = ( 1159 ('PolicyHandle', LSAPR_HANDLE), 1160 ('KeyName', RPC_UNICODE_STRING), 1161 ('EncryptedData', PLSAPR_CR_CIPHER_VALUE), 1162 ) 1163 1164class LsarRetrievePrivateDataResponse(NDRCALL): 1165 structure = ( 1166 ('EncryptedData', PLSAPR_CR_CIPHER_VALUE), 1167 ('ErrorCode', NTSTATUS), 1168 ) 1169 1170# 3.1.4.7.1 LsarOpenTrustedDomain (Opnum 25) 1171# 3.1.4.7.1 LsarQueryInfoTrustedDomain (Opnum 26) 1172# 3.1.4.7.2 LsarQueryTrustedDomainInfo (Opnum 39) 1173# 3.1.4.7.3 LsarSetTrustedDomainInfo (Opnum 40) 1174# 3.1.4.7.4 LsarDeleteTrustedDomain (Opnum 41) 1175# 3.1.4.7.5 LsarQueryTrustedDomainInfoByName (Opnum 48) 1176# 3.1.4.7.6 LsarSetTrustedDomainInfoByName (Opnum 49) 1177# 3.1.4.7.7 LsarEnumerateTrustedDomainsEx (Opnum 50) 1178class LsarEnumerateTrustedDomainsEx(NDRCALL): 1179 opnum = 50 1180 structure = ( 1181 ('PolicyHandle', LSAPR_HANDLE), 1182 ('EnumerationContext', ULONG), 1183 ('PreferedMaximumLength', ULONG), 1184 ) 1185 1186class LsarEnumerateTrustedDomainsExResponse(NDRCALL): 1187 structure = ( 1188 ('EnumerationContext', ULONG), 1189 ('EnumerationBuffer',LSAPR_TRUSTED_ENUM_BUFFER_EX), 1190 ('ErrorCode', NTSTATUS), 1191 ) 1192 1193# 3.1.4.7.8 LsarEnumerateTrustedDomains (Opnum 13) 1194class LsarEnumerateTrustedDomains(NDRCALL): 1195 opnum = 13 1196 structure = ( 1197 ('PolicyHandle', LSAPR_HANDLE), 1198 ('EnumerationContext', ULONG), 1199 ('PreferedMaximumLength', ULONG), 1200 ) 1201 1202class LsarEnumerateTrustedDomainsResponse(NDRCALL): 1203 structure = ( 1204 ('EnumerationContext', ULONG), 1205 ('EnumerationBuffer',LSAPR_TRUSTED_ENUM_BUFFER), 1206 ('ErrorCode', NTSTATUS), 1207 ) 1208 1209# 3.1.4.7.9 LsarOpenTrustedDomainByName (Opnum 55) 1210# 3.1.4.7.10 LsarCreateTrustedDomainEx2 (Opnum 59) 1211# 3.1.4.7.11 LsarCreateTrustedDomainEx (Opnum 51) 1212# 3.1.4.7.12 LsarCreateTrustedDomain (Opnum 12) 1213# 3.1.4.7.14 LsarSetInformationTrustedDomain (Opnum 27) 1214# 3.1.4.7.15 LsarQueryForestTrustInformation (Opnum 73) 1215class LsarQueryForestTrustInformation(NDRCALL): 1216 opnum = 73 1217 structure = ( 1218 ('PolicyHandle', LSAPR_HANDLE), 1219 ('TrustedDomainName', LSA_UNICODE_STRING), 1220 ('HighestRecordType', LSA_FOREST_TRUST_RECORD_TYPE), 1221 ) 1222 1223class LsarQueryForestTrustInformationResponse(NDRCALL): 1224 structure = ( 1225 ('ForestTrustInfo', PLSA_FOREST_TRUST_INFORMATION), 1226 ('ErrorCode', NTSTATUS), 1227 ) 1228 1229# 3.1.4.7.16 LsarSetForestTrustInformation (Opnum 74) 1230 1231# 3.1.4.8.1 LsarEnumeratePrivileges (Opnum 2) 1232class LsarEnumeratePrivileges(NDRCALL): 1233 opnum = 2 1234 structure = ( 1235 ('PolicyHandle', LSAPR_HANDLE), 1236 ('EnumerationContext', ULONG), 1237 ('PreferedMaximumLength', ULONG), 1238 ) 1239 1240class LsarEnumeratePrivilegesResponse(NDRCALL): 1241 structure = ( 1242 ('EnumerationContext', ULONG), 1243 ('EnumerationBuffer', LSAPR_PRIVILEGE_ENUM_BUFFER), 1244 ('ErrorCode', NTSTATUS), 1245 ) 1246 1247# 3.1.4.8.2 LsarLookupPrivilegeValue (Opnum 31) 1248class LsarLookupPrivilegeValue(NDRCALL): 1249 opnum = 31 1250 structure = ( 1251 ('PolicyHandle', LSAPR_HANDLE), 1252 ('Name', RPC_UNICODE_STRING), 1253 ) 1254 1255class LsarLookupPrivilegeValueResponse(NDRCALL): 1256 structure = ( 1257 ('Value', LUID), 1258 ('ErrorCode', NTSTATUS), 1259 ) 1260 1261# 3.1.4.8.3 LsarLookupPrivilegeName (Opnum 32) 1262class LsarLookupPrivilegeName(NDRCALL): 1263 opnum = 32 1264 structure = ( 1265 ('PolicyHandle', LSAPR_HANDLE), 1266 ('Value', LUID), 1267 ) 1268 1269class LsarLookupPrivilegeNameResponse(NDRCALL): 1270 structure = ( 1271 ('Name', PRPC_UNICODE_STRING), 1272 ('ErrorCode', NTSTATUS), 1273 ) 1274 1275# 3.1.4.8.4 LsarLookupPrivilegeDisplayName (Opnum 33) 1276class LsarLookupPrivilegeDisplayName(NDRCALL): 1277 opnum = 33 1278 structure = ( 1279 ('PolicyHandle', LSAPR_HANDLE), 1280 ('Name', RPC_UNICODE_STRING), 1281 ('ClientLanguage', USHORT), 1282 ('ClientSystemDefaultLanguage', USHORT), 1283 ) 1284 1285class LsarLookupPrivilegeDisplayNameResponse(NDRCALL): 1286 structure = ( 1287 ('Name', PRPC_UNICODE_STRING), 1288 ('LanguageReturned', UCHAR), 1289 ('ErrorCode', NTSTATUS), 1290 ) 1291 1292# 3.1.4.9.1 LsarQuerySecurityObject (Opnum 3) 1293class LsarQuerySecurityObject(NDRCALL): 1294 opnum = 3 1295 structure = ( 1296 ('PolicyHandle', LSAPR_HANDLE), 1297 ('SecurityInformation', SECURITY_INFORMATION), 1298 ) 1299 1300class LsarQuerySecurityObjectResponse(NDRCALL): 1301 structure = ( 1302 ('SecurityDescriptor', PLSAPR_SR_SECURITY_DESCRIPTOR), 1303 ('ErrorCode', NTSTATUS), 1304 ) 1305 1306# 3.1.4.9.2 LsarSetSecurityObject (Opnum 4) 1307class LsarSetSecurityObject(NDRCALL): 1308 opnum = 4 1309 structure = ( 1310 ('PolicyHandle', LSAPR_HANDLE), 1311 ('SecurityInformation', SECURITY_INFORMATION), 1312 ('SecurityDescriptor', LSAPR_SR_SECURITY_DESCRIPTOR), 1313 ) 1314 1315class LsarSetSecurityObjectResponse(NDRCALL): 1316 structure = ( 1317 ('ErrorCode', NTSTATUS), 1318 ) 1319 1320# 3.1.4.9.3 LsarDeleteObject (Opnum 34) 1321class LsarDeleteObject(NDRCALL): 1322 opnum = 34 1323 structure = ( 1324 ('ObjectHandle', LSAPR_HANDLE), 1325 ) 1326 1327class LsarDeleteObjectResponse(NDRCALL): 1328 structure = ( 1329 ('ObjectHandle', LSAPR_HANDLE), 1330 ('ErrorCode', NTSTATUS), 1331 ) 1332 1333# 3.1.4.9.4 LsarClose (Opnum 0) 1334class LsarClose(NDRCALL): 1335 opnum = 0 1336 structure = ( 1337 ('ObjectHandle', LSAPR_HANDLE), 1338 ) 1339 1340class LsarCloseResponse(NDRCALL): 1341 structure = ( 1342 ('ObjectHandle', LSAPR_HANDLE), 1343 ('ErrorCode', NTSTATUS), 1344 ) 1345 1346################################################################################ 1347# OPNUMs and their corresponding structures 1348################################################################################ 1349OPNUMS = { 1350 0 : (LsarClose, LsarCloseResponse), 1351 2 : (LsarEnumeratePrivileges, LsarEnumeratePrivilegesResponse), 1352 3 : (LsarQuerySecurityObject, LsarQuerySecurityObjectResponse), 1353 4 : (LsarSetSecurityObject, LsarSetSecurityObjectResponse), 1354 6 : (LsarOpenPolicy, LsarOpenPolicyResponse), 1355 7 : (LsarQueryInformationPolicy, LsarQueryInformationPolicyResponse), 1356 8 : (LsarSetInformationPolicy, LsarSetInformationPolicyResponse), 135710 : (LsarCreateAccount, LsarCreateAccountResponse), 135811 : (LsarEnumerateAccounts, LsarEnumerateAccountsResponse), 1359#12 : (LsarCreateTrustedDomain, LsarCreateTrustedDomainResponse), 136013 : (LsarEnumerateTrustedDomains, LsarEnumerateTrustedDomainsResponse), 136116 : (LsarCreateSecret, LsarCreateSecretResponse), 136217 : (LsarOpenAccount, LsarOpenAccountResponse), 136318 : (LsarEnumeratePrivilegesAccount, LsarEnumeratePrivilegesAccountResponse), 136419 : (LsarAddPrivilegesToAccount, LsarAddPrivilegesToAccountResponse), 136520 : (LsarRemovePrivilegesFromAccount, LsarRemovePrivilegesFromAccountResponse), 136623 : (LsarGetSystemAccessAccount, LsarGetSystemAccessAccountResponse), 136724 : (LsarSetSystemAccessAccount, LsarSetSystemAccessAccountResponse), 1368#25 : (LsarOpenTrustedDomain, LsarOpenTrustedDomainResponse), 1369#26 : (LsarQueryInfoTrustedDomain, LsarQueryInfoTrustedDomainResponse), 1370#27 : (LsarSetInformationTrustedDomain, LsarSetInformationTrustedDomainResponse), 137128 : (LsarOpenSecret, LsarOpenSecretResponse), 137229 : (LsarSetSecret, LsarSetSecretResponse), 137330 : (LsarQuerySecret, LsarQuerySecretResponse), 137431 : (LsarLookupPrivilegeValue, LsarLookupPrivilegeValueResponse), 137532 : (LsarLookupPrivilegeName, LsarLookupPrivilegeNameResponse), 137633 : (LsarLookupPrivilegeDisplayName, LsarLookupPrivilegeDisplayNameResponse), 137734 : (LsarDeleteObject, LsarDeleteObjectResponse), 137835 : (LsarEnumerateAccountsWithUserRight, LsarEnumerateAccountsWithUserRightResponse), 137936 : (LsarEnumerateAccountRights, LsarEnumerateAccountRightsResponse), 138037 : (LsarAddAccountRights, LsarAddAccountRightsResponse), 138138 : (LsarRemoveAccountRights, LsarRemoveAccountRightsResponse), 1382#39 : (LsarQueryTrustedDomainInfo, LsarQueryTrustedDomainInfoResponse), 1383#40 : (LsarSetTrustedDomainInfo, LsarSetTrustedDomainInfoResponse), 1384#41 : (LsarDeleteTrustedDomain, LsarDeleteTrustedDomainResponse), 138542 : (LsarStorePrivateData, LsarStorePrivateDataResponse), 138643 : (LsarRetrievePrivateData, LsarRetrievePrivateDataResponse), 138744 : (LsarOpenPolicy2, LsarOpenPolicy2Response), 138846 : (LsarQueryInformationPolicy2, LsarQueryInformationPolicy2Response), 138947 : (LsarSetInformationPolicy2, LsarSetInformationPolicy2Response), 1390#48 : (LsarQueryTrustedDomainInfoByName, LsarQueryTrustedDomainInfoByNameResponse), 1391#49 : (LsarSetTrustedDomainInfoByName, LsarSetTrustedDomainInfoByNameResponse), 139250 : (LsarEnumerateTrustedDomainsEx, LsarEnumerateTrustedDomainsExResponse), 1393#51 : (LsarCreateTrustedDomainEx, LsarCreateTrustedDomainExResponse), 139453 : (LsarQueryDomainInformationPolicy, LsarQueryDomainInformationPolicyResponse), 1395#54 : (LsarSetDomainInformationPolicy, LsarSetDomainInformationPolicyResponse), 1396#55 : (LsarOpenTrustedDomainByName, LsarOpenTrustedDomainByNameResponse), 1397#59 : (LsarCreateTrustedDomainEx2, LsarCreateTrustedDomainEx2Response), 1398#73 : (LsarQueryForestTrustInformation, LsarQueryForestTrustInformationResponse), 1399#74 : (LsarSetForestTrustInformation, LsarSetForestTrustInformationResponse), 1400} 1401 1402################################################################################ 1403# HELPER FUNCTIONS 1404################################################################################ 1405def hLsarOpenPolicy2(dce, desiredAccess = MAXIMUM_ALLOWED): 1406 request = LsarOpenPolicy2() 1407 request['SystemName'] = NULL 1408 request['ObjectAttributes']['RootDirectory'] = NULL 1409 request['ObjectAttributes']['ObjectName'] = NULL 1410 request['ObjectAttributes']['SecurityDescriptor'] = NULL 1411 request['ObjectAttributes']['SecurityQualityOfService'] = NULL 1412 request['DesiredAccess'] = desiredAccess 1413 return dce.request(request) 1414 1415def hLsarOpenPolicy(dce, desiredAccess = MAXIMUM_ALLOWED): 1416 request = LsarOpenPolicy() 1417 request['SystemName'] = NULL 1418 request['ObjectAttributes']['RootDirectory'] = NULL 1419 request['ObjectAttributes']['ObjectName'] = NULL 1420 request['ObjectAttributes']['SecurityDescriptor'] = NULL 1421 request['ObjectAttributes']['SecurityQualityOfService'] = NULL 1422 request['DesiredAccess'] = desiredAccess 1423 return dce.request(request) 1424 1425def hLsarQueryInformationPolicy2(dce, policyHandle, informationClass): 1426 request = LsarQueryInformationPolicy2() 1427 request['PolicyHandle'] = policyHandle 1428 request['InformationClass'] = informationClass 1429 return dce.request(request) 1430 1431def hLsarQueryInformationPolicy(dce, policyHandle, informationClass): 1432 request = LsarQueryInformationPolicy() 1433 request['PolicyHandle'] = policyHandle 1434 request['InformationClass'] = informationClass 1435 return dce.request(request) 1436 1437def hLsarQueryDomainInformationPolicy(dce, policyHandle, informationClass): 1438 request = LsarQueryInformationPolicy() 1439 request['PolicyHandle'] = policyHandle 1440 request['InformationClass'] = informationClass 1441 return dce.request(request) 1442 1443def hLsarEnumerateAccounts(dce, policyHandle, preferedMaximumLength=0xffffffff): 1444 request = LsarEnumerateAccounts() 1445 request['PolicyHandle'] = policyHandle 1446 request['PreferedMaximumLength'] = preferedMaximumLength 1447 return dce.request(request) 1448 1449def hLsarEnumerateAccountsWithUserRight(dce, policyHandle, UserRight): 1450 request = LsarEnumerateAccountsWithUserRight() 1451 request['PolicyHandle'] = policyHandle 1452 request['UserRight'] = UserRight 1453 return dce.request(request) 1454 1455def hLsarEnumerateTrustedDomainsEx(dce, policyHandle, enumerationContext=0, preferedMaximumLength=0xffffffff): 1456 request = LsarEnumerateTrustedDomainsEx() 1457 request['PolicyHandle'] = policyHandle 1458 request['EnumerationContext'] = enumerationContext 1459 request['PreferedMaximumLength'] = preferedMaximumLength 1460 return dce.request(request) 1461 1462def hLsarEnumerateTrustedDomains(dce, policyHandle, enumerationContext=0, preferedMaximumLength=0xffffffff): 1463 request = LsarEnumerateTrustedDomains() 1464 request['PolicyHandle'] = policyHandle 1465 request['EnumerationContext'] = enumerationContext 1466 request['PreferedMaximumLength'] = preferedMaximumLength 1467 return dce.request(request) 1468 1469def hLsarOpenAccount(dce, policyHandle, accountSid, desiredAccess=MAXIMUM_ALLOWED): 1470 request = LsarOpenAccount() 1471 request['PolicyHandle'] = policyHandle 1472 request['AccountSid'].fromCanonical(accountSid) 1473 request['DesiredAccess'] = desiredAccess 1474 return dce.request(request) 1475 1476def hLsarClose(dce, objectHandle): 1477 request = LsarClose() 1478 request['ObjectHandle'] = objectHandle 1479 return dce.request(request) 1480 1481def hLsarCreateAccount(dce, policyHandle, accountSid, desiredAccess=MAXIMUM_ALLOWED): 1482 request = LsarCreateAccount() 1483 request['PolicyHandle'] = policyHandle 1484 request['AccountSid'].fromCanonical(accountSid) 1485 request['DesiredAccess'] = desiredAccess 1486 return dce.request(request) 1487 1488def hLsarDeleteObject(dce, objectHandle): 1489 request = LsarDeleteObject() 1490 request['ObjectHandle'] = objectHandle 1491 return dce.request(request) 1492 1493def hLsarEnumeratePrivilegesAccount(dce, accountHandle): 1494 request = LsarEnumeratePrivilegesAccount() 1495 request['AccountHandle'] = accountHandle 1496 return dce.request(request) 1497 1498def hLsarGetSystemAccessAccount(dce, accountHandle): 1499 request = LsarGetSystemAccessAccount() 1500 request['AccountHandle'] = accountHandle 1501 return dce.request(request) 1502 1503def hLsarSetSystemAccessAccount(dce, accountHandle, systemAccess): 1504 request = LsarSetSystemAccessAccount() 1505 request['AccountHandle'] = accountHandle 1506 request['SystemAccess'] = systemAccess 1507 return dce.request(request) 1508 1509def hLsarAddPrivilegesToAccount(dce, accountHandle, privileges): 1510 request = LsarAddPrivilegesToAccount() 1511 request['AccountHandle'] = accountHandle 1512 request['Privileges']['PrivilegeCount'] = len(privileges) 1513 request['Privileges']['Control'] = 0 1514 for priv in privileges: 1515 request['Privileges']['Privilege'].append(priv) 1516 1517 return dce.request(request) 1518 1519def hLsarRemovePrivilegesFromAccount(dce, accountHandle, privileges, allPrivileges = False): 1520 request = LsarRemovePrivilegesFromAccount() 1521 request['AccountHandle'] = accountHandle 1522 request['Privileges']['Control'] = 0 1523 if privileges != NULL: 1524 request['Privileges']['PrivilegeCount'] = len(privileges) 1525 for priv in privileges: 1526 request['Privileges']['Privilege'].append(priv) 1527 else: 1528 request['Privileges']['PrivilegeCount'] = NULL 1529 request['AllPrivileges'] = allPrivileges 1530 1531 return dce.request(request) 1532 1533def hLsarEnumerateAccountRights(dce, policyHandle, accountSid): 1534 request = LsarEnumerateAccountRights() 1535 request['PolicyHandle'] = policyHandle 1536 request['AccountSid'].fromCanonical(accountSid) 1537 return dce.request(request) 1538 1539def hLsarAddAccountRights(dce, policyHandle, accountSid, userRights): 1540 request = LsarAddAccountRights() 1541 request['PolicyHandle'] = policyHandle 1542 request['AccountSid'].fromCanonical(accountSid) 1543 request['UserRights']['EntriesRead'] = len(userRights) 1544 for userRight in userRights: 1545 right = RPC_UNICODE_STRING() 1546 right['Data'] = userRight 1547 request['UserRights']['UserRights'].append(right) 1548 1549 return dce.request(request) 1550 1551def hLsarRemoveAccountRights(dce, policyHandle, accountSid, userRights): 1552 request = LsarRemoveAccountRights() 1553 request['PolicyHandle'] = policyHandle 1554 request['AccountSid'].fromCanonical(accountSid) 1555 request['UserRights']['EntriesRead'] = len(userRights) 1556 for userRight in userRights: 1557 right = RPC_UNICODE_STRING() 1558 right['Data'] = userRight 1559 request['UserRights']['UserRights'].append(right) 1560 1561 return dce.request(request) 1562 1563def hLsarCreateSecret(dce, policyHandle, secretName, desiredAccess=MAXIMUM_ALLOWED): 1564 request = LsarCreateSecret() 1565 request['PolicyHandle'] = policyHandle 1566 request['SecretName'] = secretName 1567 request['DesiredAccess'] = desiredAccess 1568 return dce.request(request) 1569 1570def hLsarOpenSecret(dce, policyHandle, secretName, desiredAccess=MAXIMUM_ALLOWED): 1571 request = LsarOpenSecret() 1572 request['PolicyHandle'] = policyHandle 1573 request['SecretName'] = secretName 1574 request['DesiredAccess'] = desiredAccess 1575 return dce.request(request) 1576 1577def hLsarSetSecret(dce, secretHandle, encryptedCurrentValue, encryptedOldValue): 1578 request = LsarOpenSecret() 1579 request['SecretHandle'] = secretHandle 1580 if encryptedCurrentValue != NULL: 1581 request['EncryptedCurrentValue']['Length'] = len(encryptedCurrentValue) 1582 request['EncryptedCurrentValue']['MaximumLength'] = len(encryptedCurrentValue) 1583 request['EncryptedCurrentValue']['Buffer'] = list(encryptedCurrentValue) 1584 if encryptedOldValue != NULL: 1585 request['EncryptedOldValue']['Length'] = len(encryptedOldValue) 1586 request['EncryptedOldValue']['MaximumLength'] = len(encryptedOldValue) 1587 request['EncryptedOldValue']['Buffer'] = list(encryptedOldValue) 1588 return dce.request(request) 1589 1590def hLsarQuerySecret(dce, secretHandle): 1591 request = LsarQuerySecret() 1592 request['SecretHandle'] = secretHandle 1593 request['EncryptedCurrentValue']['Buffer'] = NULL 1594 request['EncryptedOldValue']['Buffer'] = NULL 1595 request['OldValueSetTime'] = NULL 1596 return dce.request(request) 1597 1598def hLsarRetrievePrivateData(dce, policyHandle, keyName): 1599 request = LsarRetrievePrivateData() 1600 request['PolicyHandle'] = policyHandle 1601 request['KeyName'] = keyName 1602 retVal = dce.request(request) 1603 return ''.join(retVal['EncryptedData']['Buffer']) 1604 1605def hLsarStorePrivateData(dce, policyHandle, keyName, encryptedData): 1606 request = LsarStorePrivateData() 1607 request['PolicyHandle'] = policyHandle 1608 request['KeyName'] = keyName 1609 if encryptedData != NULL: 1610 request['EncryptedData']['Length'] = len(encryptedData) 1611 request['EncryptedData']['MaximumLength'] = len(encryptedData) 1612 request['EncryptedData']['Buffer'] = list(encryptedData) 1613 else: 1614 request['EncryptedData'] = NULL 1615 return dce.request(request) 1616 1617def hLsarEnumeratePrivileges(dce, policyHandle, enumerationContext = 0, preferedMaximumLength = 0xffffffff): 1618 request = LsarEnumeratePrivileges() 1619 request['PolicyHandle'] = policyHandle 1620 request['EnumerationContext'] = enumerationContext 1621 request['PreferedMaximumLength'] = preferedMaximumLength 1622 return dce.request(request) 1623 1624def hLsarLookupPrivilegeValue(dce, policyHandle, name): 1625 request = LsarLookupPrivilegeValue() 1626 request['PolicyHandle'] = policyHandle 1627 request['Name'] = name 1628 return dce.request(request) 1629 1630def hLsarLookupPrivilegeName(dce, policyHandle, luid): 1631 request = LsarLookupPrivilegeName() 1632 request['PolicyHandle'] = policyHandle 1633 request['Value'] = luid 1634 return dce.request(request) 1635 1636def hLsarQuerySecurityObject(dce, policyHandle, securityInformation = OWNER_SECURITY_INFORMATION): 1637 request = LsarQuerySecurityObject() 1638 request['PolicyHandle'] = policyHandle 1639 request['SecurityInformation'] = securityInformation 1640 retVal = dce.request(request) 1641 return ''.join(retVal['SecurityDescriptor']['SecurityDescriptor']) 1642 1643def hLsarSetSecurityObject(dce, policyHandle, securityInformation, securityDescriptor): 1644 request = LsarSetSecurityObject() 1645 request['PolicyHandle'] = policyHandle 1646 request['SecurityInformation'] = securityInformation 1647 request['SecurityDescriptor']['Length'] = len(securityDescriptor) 1648 request['SecurityDescriptor']['SecurityDescriptor'] = list(securityDescriptor) 1649 return dce.request(request) 1650 1651def hLsarSetInformationPolicy2(dce, policyHandle, informationClass, policyInformation): 1652 request = LsarSetInformationPolicy2() 1653 request['PolicyHandle'] = policyHandle 1654 request['InformationClass'] = informationClass 1655 request['PolicyInformation'] = policyInformation 1656 return dce.request(request) 1657 1658def hLsarSetInformationPolicy(dce, policyHandle, informationClass, policyInformation): 1659 request = LsarSetInformationPolicy() 1660 request['PolicyHandle'] = policyHandle 1661 request['InformationClass'] = informationClass 1662 request['PolicyInformation'] = policyInformation 1663 return dce.request(request) 1664 1665