1# Copyright (c) 2003-2016 CORE Security Technologies 2# 3# This software is provided under under a slightly modified version 4# of the Apache Software License. See the accompanying LICENSE file 5# for more information. 6# 7# Author: Alberto Solino (@agsolino) 8# 9# Description: 10# [MS-SAMR] Interface implementation 11# 12# Best way to learn how to use these calls is to grab the protocol standard 13# so you understand what the call does, and then read the test case located 14# at https://github.com/CoreSecurity/impacket/tree/master/impacket/testcases/SMB_RPC 15# 16# Some calls have helper functions, which makes it even easier to use. 17# They are located at the end of this file. 18# Helper functions start with "h"<name of the call>. 19# There are test cases for them too. 20# 21from binascii import unhexlify 22 23from impacket.dcerpc.v5.ndr import NDRCALL, NDR, NDRSTRUCT, NDRUNION, NDRPOINTER, NDRUniConformantArray, \ 24 NDRUniConformantVaryingArray, NDRENUM 25from impacket.dcerpc.v5.dtypes import NULL, RPC_UNICODE_STRING, ULONG, USHORT, UCHAR, LARGE_INTEGER, RPC_SID, LONG, STR, \ 26 LPBYTE, SECURITY_INFORMATION, PRPC_SID, PRPC_UNICODE_STRING, LPWSTR 27from impacket.dcerpc.v5.rpcrt import DCERPCException 28from impacket import nt_errors, LOG 29from impacket.uuid import uuidtup_to_bin 30from impacket.dcerpc.v5.enum import Enum 31from impacket.structure import Structure 32 33MSRPC_UUID_SAMR = uuidtup_to_bin(('12345778-1234-ABCD-EF00-0123456789AC', '1.0')) 34 35class DCERPCSessionError(DCERPCException): 36 def __init__(self, error_string=None, error_code=None, packet=None): 37 DCERPCException.__init__(self, error_string, error_code, packet) 38 39 def __str__( self ): 40 key = self.error_code 41 if nt_errors.ERROR_MESSAGES.has_key(key): 42 error_msg_short = nt_errors.ERROR_MESSAGES[key][0] 43 error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1] 44 return 'SAMR SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose) 45 else: 46 return 'SAMR SessionError: unknown error code: 0x%x' % self.error_code 47 48################################################################################ 49# CONSTANTS 50################################################################################ 51PSAMPR_SERVER_NAME = LPWSTR 52# 2.2.1.1 Common ACCESS_MASK Values 53DELETE = 0x00010000 54READ_CONTROL = 0x00020000 55WRITE_DAC = 0x00040000 56WRITE_OWNER = 0x00080000 57ACCESS_SYSTEM_SECURITY = 0x01000000 58MAXIMUM_ALLOWED = 0x02000000 59 60# 2.2.1.2 Generic ACCESS_MASK Values 61GENERIC_READ = 0x80000000 62GENERIC_WRITE = 0x40000000 63GENERIC_EXECUTE = 0x20000000 64GENERIC_ALL = 0x10000000 65 66# 2.2.1.3 Server ACCESS_MASK Values 67SAM_SERVER_CONNECT = 0x00000001 68SAM_SERVER_SHUTDOWN = 0x00000002 69SAM_SERVER_INITIALIZE = 0x00000004 70SAM_SERVER_CREATE_DOMAIN = 0x00000008 71SAM_SERVER_ENUMERATE_DOMAINS = 0x00000010 72SAM_SERVER_LOOKUP_DOMAIN = 0x00000020 73SAM_SERVER_ALL_ACCESS = 0x000F003F 74SAM_SERVER_READ = 0x00020010 75SAM_SERVER_WRITE = 0x0002000E 76SAM_SERVER_EXECUTE = 0x00020021 77 78# 2.2.1.4 Domain ACCESS_MASK Values 79DOMAIN_READ_PASSWORD_PARAMETERS = 0x00000001 80DOMAIN_WRITE_PASSWORD_PARAMS = 0x00000002 81DOMAIN_READ_OTHER_PARAMETERS = 0x00000004 82DOMAIN_WRITE_OTHER_PARAMETERS = 0x00000008 83DOMAIN_CREATE_USER = 0x00000010 84DOMAIN_CREATE_GROUP = 0x00000020 85DOMAIN_CREATE_ALIAS = 0x00000040 86DOMAIN_GET_ALIAS_MEMBERSHIP = 0x00000080 87DOMAIN_LIST_ACCOUNTS = 0x00000100 88DOMAIN_LOOKUP = 0x00000200 89DOMAIN_ADMINISTER_SERVER = 0x00000400 90DOMAIN_ALL_ACCESS = 0x000F07FF 91DOMAIN_READ = 0x00020084 92DOMAIN_WRITE = 0x0002047A 93DOMAIN_EXECUTE = 0x00020301 94 95# 2.2.1.5 Group ACCESS_MASK Values 96GROUP_READ_INFORMATION = 0x00000001 97GROUP_WRITE_ACCOUNT = 0x00000002 98GROUP_ADD_MEMBER = 0x00000004 99GROUP_REMOVE_MEMBER = 0x00000008 100GROUP_LIST_MEMBERS = 0x00000010 101GROUP_ALL_ACCESS = 0x000F001F 102GROUP_READ = 0x00020010 103GROUP_WRITE = 0x0002000E 104GROUP_EXECUTE = 0x00020001 105 106# 2.2.1.6 Alias ACCESS_MASK Values 107ALIAS_ADD_MEMBER = 0x00000001 108ALIAS_REMOVE_MEMBER = 0x00000002 109ALIAS_LIST_MEMBERS = 0x00000004 110ALIAS_READ_INFORMATION = 0x00000008 111ALIAS_WRITE_ACCOUNT = 0x00000010 112ALIAS_ALL_ACCESS = 0x000F001F 113ALIAS_READ = 0x00020004 114ALIAS_WRITE = 0x00020013 115ALIAS_EXECUTE = 0x00020008 116 117# 2.2.1.7 User ACCESS_MASK Values 118USER_READ_GENERAL = 0x00000001 119USER_READ_PREFERENCES = 0x00000002 120USER_WRITE_PREFERENCES = 0x00000004 121USER_READ_LOGON = 0x00000008 122USER_READ_ACCOUNT = 0x00000010 123USER_WRITE_ACCOUNT = 0x00000020 124USER_CHANGE_PASSWORD = 0x00000040 125USER_FORCE_PASSWORD_CHANGE = 0x00000080 126USER_LIST_GROUPS = 0x00000100 127USER_READ_GROUP_INFORMATION = 0x00000200 128USER_WRITE_GROUP_INFORMATION = 0x00000400 129USER_ALL_ACCESS = 0x000F07FF 130USER_READ = 0x0002031A 131USER_WRITE = 0x00020044 132USER_EXECUTE = 0x00020041 133 134# 2.2.1.8 USER_ALL Values 135USER_ALL_USERNAME = 0x00000001 136USER_ALL_FULLNAME = 0x00000002 137USER_ALL_USERID = 0x00000004 138USER_ALL_PRIMARYGROUPID = 0x00000008 139USER_ALL_ADMINCOMMENT = 0x00000010 140USER_ALL_USERCOMMENT = 0x00000020 141USER_ALL_HOMEDIRECTORY = 0x00000040 142USER_ALL_HOMEDIRECTORYDRIVE = 0x00000080 143USER_ALL_SCRIPTPATH = 0x00000100 144USER_ALL_PROFILEPATH = 0x00000200 145USER_ALL_WORKSTATIONS = 0x00000400 146USER_ALL_LASTLOGON = 0x00000800 147USER_ALL_LASTLOGOFF = 0x00001000 148USER_ALL_LOGONHOURS = 0x00002000 149USER_ALL_BADPASSWORDCOUNT = 0x00004000 150USER_ALL_LOGONCOUNT = 0x00008000 151USER_ALL_PASSWORDCANCHANGE = 0x00010000 152USER_ALL_PASSWORDMUSTCHANGE = 0x00020000 153USER_ALL_PASSWORDLASTSET = 0x00040000 154USER_ALL_ACCOUNTEXPIRES = 0x00080000 155USER_ALL_USERACCOUNTCONTROL = 0x00100000 156USER_ALL_PARAMETERS = 0x00200000 157USER_ALL_COUNTRYCODE = 0x00400000 158USER_ALL_CODEPAGE = 0x00800000 159USER_ALL_NTPASSWORDPRESENT = 0x01000000 160USER_ALL_LMPASSWORDPRESENT = 0x02000000 161USER_ALL_PRIVATEDATA = 0x04000000 162USER_ALL_PASSWORDEXPIRED = 0x08000000 163USER_ALL_SECURITYDESCRIPTOR = 0x10000000 164USER_ALL_UNDEFINED_MASK = 0xC0000000 165 166# 2.2.1.9 ACCOUNT_TYPE Values 167SAM_DOMAIN_OBJECT = 0x00000000 168SAM_GROUP_OBJECT = 0x10000000 169SAM_NON_SECURITY_GROUP_OBJECT = 0x10000001 170SAM_ALIAS_OBJECT = 0x20000000 171SAM_NON_SECURITY_ALIAS_OBJECT = 0x20000001 172SAM_USER_OBJECT = 0x30000000 173SAM_MACHINE_ACCOUNT = 0x30000001 174SAM_TRUST_ACCOUNT = 0x30000002 175SAM_APP_BASIC_GROUP = 0x40000000 176SAM_APP_QUERY_GROUP = 0x40000001 177 178# 2.2.1.10 SE_GROUP Attributes 179SE_GROUP_MANDATORY = 0x00000001 180SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002 181SE_GROUP_ENABLED = 0x00000004 182 183# 2.2.1.11 GROUP_TYPE Codes 184GROUP_TYPE_ACCOUNT_GROUP = 0x00000002 185GROUP_TYPE_RESOURCE_GROUP = 0x00000004 186GROUP_TYPE_UNIVERSAL_GROUP = 0x00000008 187GROUP_TYPE_SECURITY_ENABLED = 0x80000000 188GROUP_TYPE_SECURITY_ACCOUNT = 0x80000002 189GROUP_TYPE_SECURITY_RESOURCE = 0x80000004 190GROUP_TYPE_SECURITY_UNIVERSAL = 0x80000008 191 192# 2.2.1.12 USER_ACCOUNT Codes 193USER_ACCOUNT_DISABLED = 0x00000001 194USER_HOME_DIRECTORY_REQUIRED = 0x00000002 195USER_PASSWORD_NOT_REQUIRED = 0x00000004 196USER_TEMP_DUPLICATE_ACCOUNT = 0x00000008 197USER_NORMAL_ACCOUNT = 0x00000010 198USER_MNS_LOGON_ACCOUNT = 0x00000020 199USER_INTERDOMAIN_TRUST_ACCOUNT = 0x00000040 200USER_WORKSTATION_TRUST_ACCOUNT = 0x00000080 201USER_SERVER_TRUST_ACCOUNT = 0x00000100 202USER_DONT_EXPIRE_PASSWORD = 0x00000200 203USER_ACCOUNT_AUTO_LOCKED = 0x00000400 204USER_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0x00000800 205USER_SMARTCARD_REQUIRED = 0x00001000 206USER_TRUSTED_FOR_DELEGATION = 0x00002000 207USER_NOT_DELEGATED = 0x00004000 208USER_USE_DES_KEY_ONLY = 0x00008000 209USER_DONT_REQUIRE_PREAUTH = 0x00010000 210USER_PASSWORD_EXPIRED = 0x00020000 211USER_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x00040000 212USER_NO_AUTH_DATA_REQUIRED = 0x00080000 213USER_PARTIAL_SECRETS_ACCOUNT = 0x00100000 214USER_USE_AES_KEYS = 0x00200000 215 216# 2.2.1.13 UF_FLAG Codes 217UF_SCRIPT = 0x00000001 218UF_ACCOUNTDISABLE = 0x00000002 219UF_HOMEDIR_REQUIRED = 0x00000008 220UF_LOCKOUT = 0x00000010 221UF_PASSWD_NOTREQD = 0x00000020 222UF_PASSWD_CANT_CHANGE = 0x00000040 223UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0x00000080 224UF_TEMP_DUPLICATE_ACCOUNT = 0x00000100 225UF_NORMAL_ACCOUNT = 0x00000200 226UF_INTERDOMAIN_TRUST_ACCOUNT = 0x00000800 227UF_WORKSTATION_TRUST_ACCOUNT = 0x00001000 228UF_SERVER_TRUST_ACCOUNT = 0x00002000 229UF_DONT_EXPIRE_PASSWD = 0x00010000 230UF_MNS_LOGON_ACCOUNT = 0x00020000 231UF_SMARTCARD_REQUIRED = 0x00040000 232UF_TRUSTED_FOR_DELEGATION = 0x00080000 233UF_NOT_DELEGATED = 0x00100000 234UF_USE_DES_KEY_ONLY = 0x00200000 235UF_DONT_REQUIRE_PREAUTH = 0x00400000 236UF_PASSWORD_EXPIRED = 0x00800000 237UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x01000000 238UF_NO_AUTH_DATA_REQUIRED = 0x02000000 239UF_PARTIAL_SECRETS_ACCOUNT = 0x04000000 240UF_USE_AES_KEYS = 0x08000000 241 242# 2.2.1.14 Predefined RIDs 243DOMAIN_USER_RID_ADMIN = 0x000001F4 244DOMAIN_USER_RID_GUEST = 0x000001F5 245DOMAIN_USER_RID_KRBTGT = 0x000001F6 246DOMAIN_GROUP_RID_ADMINS = 0x00000200 247DOMAIN_GROUP_RID_USERS = 0x00000201 248DOMAIN_GROUP_RID_COMPUTERS = 0x00000203 249DOMAIN_GROUP_RID_CONTROLLERS = 0x00000204 250DOMAIN_ALIAS_RID_ADMINS = 0x00000220 251DOMAIN_GROUP_RID_READONLY_CONTROLLERS = 0x00000209 252 253# 2.2.4.1 Domain Fields 254DOMAIN_PASSWORD_COMPLEX = 0x00000001 255DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002 256DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004 257DOMAIN_LOCKOUT_ADMINS = 0x00000008 258DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010 259DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020 260 261# 2.2.9.2 SAM_VALIDATE_PERSISTED_FIELDS PresentFields 262SAM_VALIDATE_PASSWORD_LAST_SET = 0x00000001 263SAM_VALIDATE_BAD_PASSWORD_TIME = 0x00000002 264SAM_VALIDATE_LOCKOUT_TIME = 0x00000004 265SAM_VALIDATE_BAD_PASSWORD_COUNT = 0x00000008 266SAM_VALIDATE_PASSWORD_HISTORY_LENGTH = 0x00000010 267SAM_VALIDATE_PASSWORD_HISTORY = 0x00000020 268 269################################################################################ 270# STRUCTURES 271################################################################################ 272class RPC_UNICODE_STRING_ARRAY(NDRUniConformantVaryingArray): 273 item = RPC_UNICODE_STRING 274 275class RPC_UNICODE_STRING_ARRAY_C(NDRUniConformantArray): 276 item = RPC_UNICODE_STRING 277 278class PRPC_UNICODE_STRING_ARRAY(NDRPOINTER): 279 referent = ( 280 ('Data',RPC_UNICODE_STRING_ARRAY_C), 281 ) 282 283# 2.2.2.1 RPC_STRING, PRPC_STRING 284class RPC_STRING(NDRSTRUCT): 285 commonHdr = ( 286 ('MaximumLength','<H=len(Data)-12'), 287 ('Length','<H=len(Data)-12'), 288 ('ReferentID','<L=0xff'), 289 ) 290 commonHdr64 = ( 291 ('MaximumLength','<H=len(Data)-24'), 292 ('Length','<H=len(Data)-24'), 293 ('ReferentID','<Q=0xff'), 294 ) 295 296 referent = ( 297 ('Data',STR), 298 ) 299 300 def dump(self, msg = None, indent = 0): 301 if msg is None: msg = self.__class__.__name__ 302 if msg != '': 303 print "%s" % msg, 304 # Here just print the data 305 print " %r" % (self['Data']), 306 307class PRPC_STRING(NDRPOINTER): 308 referent = ( 309 ('Data', RPC_STRING), 310 ) 311 312# 2.2.2.2 OLD_LARGE_INTEGER 313class OLD_LARGE_INTEGER(NDRSTRUCT): 314 structure = ( 315 ('LowPart',ULONG), 316 ('HighPart',LONG), 317 ) 318 319# 2.2.2.3 SID_NAME_USE 320class SID_NAME_USE(NDRENUM): 321 class enumItems(Enum): 322 SidTypeUser = 1 323 SidTypeGroup = 2 324 SidTypeDomain = 3 325 SidTypeAlias = 4 326 SidTypeWellKnownGroup = 5 327 SidTypeDeletedAccount = 6 328 SidTypeInvalid = 7 329 SidTypeUnknown = 8 330 SidTypeComputer = 9 331 SidTypeLabel = 10 332 333# 2.2.2.4 RPC_SHORT_BLOB 334class USHORT_ARRAY(NDRUniConformantVaryingArray): 335 item = '<H' 336 pass 337 338class PUSHORT_ARRAY(NDRPOINTER): 339 referent = ( 340 ('Data', USHORT_ARRAY), 341 ) 342 343class RPC_SHORT_BLOB(NDRSTRUCT): 344 structure = ( 345 ('Length', USHORT), 346 ('MaximumLength', USHORT), 347 ('Buffer',PUSHORT_ARRAY), 348 ) 349 350# 2.2.3.2 SAMPR_HANDLE 351class SAMPR_HANDLE(NDRSTRUCT): 352 structure = ( 353 ('Data','20s=""'), 354 ) 355 def getAlignment(self): 356 if self._isNDR64 is True: 357 return 8 358 else: 359 return 4 360 361# 2.2.3.3 ENCRYPTED_LM_OWF_PASSWORD, ENCRYPTED_NT_OWF_PASSWORD 362class ENCRYPTED_LM_OWF_PASSWORD(NDRSTRUCT): 363 structure = ( 364 ('Data', '16s=""'), 365 ) 366 def getAlignment(self): 367 return 1 368 369ENCRYPTED_NT_OWF_PASSWORD = ENCRYPTED_LM_OWF_PASSWORD 370 371class PENCRYPTED_LM_OWF_PASSWORD(NDRPOINTER): 372 referent = ( 373 ('Data', ENCRYPTED_LM_OWF_PASSWORD), 374 ) 375 376PENCRYPTED_NT_OWF_PASSWORD = PENCRYPTED_LM_OWF_PASSWORD 377 378# 2.2.3.4 SAMPR_ULONG_ARRAY 379#class SAMPR_ULONG_ARRAY(NDRUniConformantVaryingArray): 380# item = '<L' 381class ULONG_ARRAY(NDRUniConformantArray): 382 item = ULONG 383 384class PULONG_ARRAY(NDRPOINTER): 385 referent = ( 386 ('Data', ULONG_ARRAY), 387 ) 388 389class ULONG_ARRAY_CV(NDRUniConformantVaryingArray): 390 item = ULONG 391 392class SAMPR_ULONG_ARRAY(NDRSTRUCT): 393 structure = ( 394 ('Count', ULONG), 395 ('Element', PULONG_ARRAY), 396 ) 397 398# 2.2.3.5 SAMPR_SID_INFORMATION 399class SAMPR_SID_INFORMATION(NDRSTRUCT): 400 structure = ( 401 ('SidPointer', RPC_SID), 402 ) 403 404class PSAMPR_SID_INFORMATION(NDRPOINTER): 405 referent = ( 406 ('Data', SAMPR_SID_INFORMATION), 407 ) 408 409class SAMPR_SID_INFORMATION_ARRAY(NDRUniConformantArray): 410 item = PSAMPR_SID_INFORMATION 411 412class PSAMPR_SID_INFORMATION_ARRAY(NDRPOINTER): 413 referent = ( 414 ('Data', SAMPR_SID_INFORMATION_ARRAY), 415 ) 416 417# 2.2.3.6 SAMPR_PSID_ARRAY 418class SAMPR_PSID_ARRAY(NDRSTRUCT): 419 structure = ( 420 ('Count', ULONG), 421 ('Sids', PSAMPR_SID_INFORMATION_ARRAY), 422 ) 423 424# 2.2.3.7 SAMPR_PSID_ARRAY_OUT 425class SAMPR_PSID_ARRAY_OUT(NDRSTRUCT): 426 structure = ( 427 ('Count', ULONG), 428 ('Sids', PSAMPR_SID_INFORMATION_ARRAY), 429 ) 430 431# 2.2.3.8 SAMPR_RETURNED_USTRING_ARRAY 432class SAMPR_RETURNED_USTRING_ARRAY(NDRSTRUCT): 433 structure = ( 434 ('Count', ULONG), 435 ('Element', PRPC_UNICODE_STRING_ARRAY), 436 ) 437 438# 2.2.3.9 SAMPR_RID_ENUMERATION 439class SAMPR_RID_ENUMERATION(NDRSTRUCT): 440 structure = ( 441 ('RelativeId',ULONG), 442 ('Name',RPC_UNICODE_STRING), 443 ) 444 445class SAMPR_RID_ENUMERATION_ARRAY(NDRUniConformantArray): 446 item = SAMPR_RID_ENUMERATION 447 448class PSAMPR_RID_ENUMERATION_ARRAY(NDRPOINTER): 449 referent = ( 450 ('Data', SAMPR_RID_ENUMERATION_ARRAY), 451 ) 452 453# 2.2.3.10 SAMPR_ENUMERATION_BUFFER 454class SAMPR_ENUMERATION_BUFFER(NDRSTRUCT): 455 structure = ( 456 ('EntriesRead',ULONG ), 457 ('Buffer',PSAMPR_RID_ENUMERATION_ARRAY ), 458 ) 459 460class PSAMPR_ENUMERATION_BUFFER(NDRPOINTER): 461 referent = ( 462 ('Data',SAMPR_ENUMERATION_BUFFER), 463 ) 464 465# 2.2.3.11 SAMPR_SR_SECURITY_DESCRIPTOR 466class CHAR_ARRAY(NDRUniConformantArray): 467 pass 468 469class PCHAR_ARRAY(NDRPOINTER): 470 referent = ( 471 ('Data', CHAR_ARRAY), 472 ) 473 474class SAMPR_SR_SECURITY_DESCRIPTOR(NDRSTRUCT): 475 structure = ( 476 ('Length', ULONG), 477 ('SecurityDescriptor', PCHAR_ARRAY), 478 ) 479 480class PSAMPR_SR_SECURITY_DESCRIPTOR(NDRPOINTER): 481 referent = ( 482 ('Data', SAMPR_SR_SECURITY_DESCRIPTOR), 483 ) 484 485# 2.2.3.12 GROUP_MEMBERSHIP 486class GROUP_MEMBERSHIP(NDRSTRUCT): 487 structure = ( 488 ('RelativeId',ULONG), 489 ('Attributes',ULONG), 490 ) 491 492class GROUP_MEMBERSHIP_ARRAY(NDRUniConformantArray): 493 item = GROUP_MEMBERSHIP 494 495class PGROUP_MEMBERSHIP_ARRAY(NDRPOINTER): 496 referent = ( 497 ('Data',GROUP_MEMBERSHIP_ARRAY), 498 ) 499 500# 2.2.3.13 SAMPR_GET_GROUPS_BUFFER 501class SAMPR_GET_GROUPS_BUFFER(NDRSTRUCT): 502 structure = ( 503 ('MembershipCount',ULONG), 504 ('Groups',PGROUP_MEMBERSHIP_ARRAY), 505 ) 506 507class PSAMPR_GET_GROUPS_BUFFER(NDRPOINTER): 508 referent = ( 509 ('Data',SAMPR_GET_GROUPS_BUFFER), 510 ) 511 512# 2.2.3.14 SAMPR_GET_MEMBERS_BUFFER 513class SAMPR_GET_MEMBERS_BUFFER(NDRSTRUCT): 514 structure = ( 515 ('MemberCount', ULONG), 516 ('Members', PULONG_ARRAY), 517 ('Attributes', PULONG_ARRAY), 518 ) 519 520class PSAMPR_GET_MEMBERS_BUFFER(NDRPOINTER): 521 referent = ( 522 ('Data', SAMPR_GET_MEMBERS_BUFFER), 523 ) 524 525# 2.2.3.15 SAMPR_REVISION_INFO_V1 526class SAMPR_REVISION_INFO_V1(NDRSTRUCT): 527 structure = ( 528 ('Revision',ULONG), 529 ('SupportedFeatures',ULONG), 530 ) 531 532# 2.2.3.16 SAMPR_REVISION_INFO 533class SAMPR_REVISION_INFO(NDRUNION): 534 commonHdr = ( 535 ('tag', ULONG), 536 ) 537 538 union = { 539 1: ('V1', SAMPR_REVISION_INFO_V1), 540 } 541 542# 2.2.3.17 USER_DOMAIN_PASSWORD_INFORMATION 543class USER_DOMAIN_PASSWORD_INFORMATION(NDRSTRUCT): 544 structure = ( 545 ('MinPasswordLength', USHORT), 546 ('PasswordProperties', ULONG), 547 ) 548 549# 2.2.4.2 DOMAIN_SERVER_ENABLE_STATE 550class DOMAIN_SERVER_ENABLE_STATE(NDRENUM): 551 class enumItems(Enum): 552 DomainServerEnabled = 1 553 DomainServerDisabled = 2 554 555# 2.2.4.3 DOMAIN_STATE_INFORMATION 556class DOMAIN_STATE_INFORMATION(NDRSTRUCT): 557 structure = ( 558 ('DomainServerState', DOMAIN_SERVER_ENABLE_STATE), 559 ) 560 561# 2.2.4.4 DOMAIN_SERVER_ROLE 562class DOMAIN_SERVER_ROLE(NDRENUM): 563 class enumItems(Enum): 564 DomainServerRoleBackup = 2 565 DomainServerRolePrimary = 3 566 567# 2.2.4.5 DOMAIN_PASSWORD_INFORMATION 568class DOMAIN_PASSWORD_INFORMATION(NDRSTRUCT): 569 structure = ( 570 ('MinPasswordLength', USHORT), 571 ('PasswordHistoryLength', USHORT), 572 ('PasswordProperties', ULONG), 573 ('MaxPasswordAge', OLD_LARGE_INTEGER), 574 ('MinPasswordAge', OLD_LARGE_INTEGER), 575 ) 576 577# 2.2.4.6 DOMAIN_LOGOFF_INFORMATION 578class DOMAIN_LOGOFF_INFORMATION(NDRSTRUCT): 579 structure = ( 580 ('ForceLogoff', OLD_LARGE_INTEGER), 581 ) 582 583# 2.2.4.7 DOMAIN_SERVER_ROLE_INFORMATION 584class DOMAIN_SERVER_ROLE_INFORMATION(NDRSTRUCT): 585 structure = ( 586 ('DomainServerRole', DOMAIN_SERVER_ROLE), 587 ) 588 589# 2.2.4.8 DOMAIN_MODIFIED_INFORMATION 590class DOMAIN_MODIFIED_INFORMATION(NDRSTRUCT): 591 structure = ( 592 ('DomainModifiedCount', OLD_LARGE_INTEGER), 593 ('CreationTime', OLD_LARGE_INTEGER), 594 ) 595 596# 2.2.4.9 DOMAIN_MODIFIED_INFORMATION2 597class DOMAIN_MODIFIED_INFORMATION2(NDRSTRUCT): 598 structure = ( 599 ('DomainModifiedCount', OLD_LARGE_INTEGER), 600 ('CreationTime', OLD_LARGE_INTEGER), 601 ('ModifiedCountAtLastPromotion', OLD_LARGE_INTEGER), 602 ) 603 604# 2.2.4.10 SAMPR_DOMAIN_GENERAL_INFORMATION 605class SAMPR_DOMAIN_GENERAL_INFORMATION(NDRSTRUCT): 606 structure = ( 607 ('ForceLogoff', OLD_LARGE_INTEGER), 608 ('OemInformation', RPC_UNICODE_STRING), 609 ('DomainName', RPC_UNICODE_STRING), 610 ('ReplicaSourceNodeName', RPC_UNICODE_STRING), 611 ('DomainModifiedCount', OLD_LARGE_INTEGER), 612 ('DomainServerState', ULONG), 613 ('DomainServerRole', ULONG), 614 ('UasCompatibilityRequired', UCHAR), 615 ('UserCount', ULONG), 616 ('GroupCount', ULONG), 617 ('AliasCount', ULONG), 618 ) 619 620# 2.2.4.11 SAMPR_DOMAIN_GENERAL_INFORMATION2 621class SAMPR_DOMAIN_GENERAL_INFORMATION2(NDRSTRUCT): 622 structure = ( 623 ('I1', SAMPR_DOMAIN_GENERAL_INFORMATION), 624 ('LockoutDuration', LARGE_INTEGER), 625 ('LockoutObservationWindow', LARGE_INTEGER), 626 ('LockoutThreshold', USHORT), 627 ) 628 629# 2.2.4.12 SAMPR_DOMAIN_OEM_INFORMATION 630class SAMPR_DOMAIN_OEM_INFORMATION(NDRSTRUCT): 631 structure = ( 632 ('OemInformation', RPC_UNICODE_STRING), 633 ) 634 635# 2.2.4.13 SAMPR_DOMAIN_NAME_INFORMATION 636class SAMPR_DOMAIN_NAME_INFORMATION(NDRSTRUCT): 637 structure = ( 638 ('DomainName', RPC_UNICODE_STRING), 639 ) 640 641# 2.2.4.14 SAMPR_DOMAIN_REPLICATION_INFORMATION 642class SAMPR_DOMAIN_REPLICATION_INFORMATION(NDRSTRUCT): 643 structure = ( 644 ('ReplicaSourceNodeName', RPC_UNICODE_STRING), 645 ) 646 647# 2.2.4.15 SAMPR_DOMAIN_LOCKOUT_INFORMATION 648class SAMPR_DOMAIN_LOCKOUT_INFORMATION(NDRSTRUCT): 649 structure = ( 650 ('LockoutDuration', LARGE_INTEGER), 651 ('LockoutObservationWindow', LARGE_INTEGER), 652 ('LockoutThreshold', USHORT), 653 ) 654 655# 2.2.4.16 DOMAIN_INFORMATION_CLASS 656class DOMAIN_INFORMATION_CLASS(NDRENUM): 657 class enumItems(Enum): 658 DomainPasswordInformation = 1 659 DomainGeneralInformation = 2 660 DomainLogoffInformation = 3 661 DomainOemInformation = 4 662 DomainNameInformation = 5 663 DomainReplicationInformation = 6 664 DomainServerRoleInformation = 7 665 DomainModifiedInformation = 8 666 DomainStateInformation = 9 667 DomainGeneralInformation2 = 11 668 DomainLockoutInformation = 12 669 DomainModifiedInformation2 = 13 670 671# 2.2.4.17 SAMPR_DOMAIN_INFO_BUFFER 672class SAMPR_DOMAIN_INFO_BUFFER(NDRUNION): 673 union = { 674 DOMAIN_INFORMATION_CLASS.DomainPasswordInformation : ('Password', DOMAIN_PASSWORD_INFORMATION), 675 DOMAIN_INFORMATION_CLASS.DomainGeneralInformation : ('General', SAMPR_DOMAIN_GENERAL_INFORMATION), 676 DOMAIN_INFORMATION_CLASS.DomainLogoffInformation : ('Logoff', DOMAIN_LOGOFF_INFORMATION), 677 DOMAIN_INFORMATION_CLASS.DomainOemInformation : ('Oem', SAMPR_DOMAIN_OEM_INFORMATION), 678 DOMAIN_INFORMATION_CLASS.DomainNameInformation : ('Name', SAMPR_DOMAIN_NAME_INFORMATION), 679 DOMAIN_INFORMATION_CLASS.DomainServerRoleInformation : ('Role', DOMAIN_SERVER_ROLE_INFORMATION), 680 DOMAIN_INFORMATION_CLASS.DomainReplicationInformation : ('Replication', SAMPR_DOMAIN_REPLICATION_INFORMATION), 681 DOMAIN_INFORMATION_CLASS.DomainModifiedInformation : ('Modified', DOMAIN_MODIFIED_INFORMATION), 682 DOMAIN_INFORMATION_CLASS.DomainStateInformation : ('State', DOMAIN_STATE_INFORMATION), 683 DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2 : ('General2', SAMPR_DOMAIN_GENERAL_INFORMATION2), 684 DOMAIN_INFORMATION_CLASS.DomainLockoutInformation : ('Lockout', SAMPR_DOMAIN_LOCKOUT_INFORMATION), 685 DOMAIN_INFORMATION_CLASS.DomainModifiedInformation2 : ('Modified2', DOMAIN_MODIFIED_INFORMATION2), 686 } 687 688class PSAMPR_DOMAIN_INFO_BUFFER(NDRPOINTER): 689 referent = ( 690 ('Data', SAMPR_DOMAIN_INFO_BUFFER), 691 ) 692 693# 2.2.5.2 GROUP_ATTRIBUTE_INFORMATION 694class GROUP_ATTRIBUTE_INFORMATION(NDRSTRUCT): 695 structure = ( 696 ('Attributes', ULONG), 697 ) 698 699# 2.2.5.3 SAMPR_GROUP_GENERAL_INFORMATION 700class SAMPR_GROUP_GENERAL_INFORMATION(NDRSTRUCT): 701 structure = ( 702 ('Name', RPC_UNICODE_STRING), 703 ('Attributes', ULONG), 704 ('MemberCount', ULONG), 705 ('AdminComment', RPC_UNICODE_STRING), 706 ) 707 708# 2.2.5.4 SAMPR_GROUP_NAME_INFORMATION 709class SAMPR_GROUP_NAME_INFORMATION(NDRSTRUCT): 710 structure = ( 711 ('Name', RPC_UNICODE_STRING), 712 ) 713 714# 2.2.5.5 SAMPR_GROUP_ADM_COMMENT_INFORMATION 715class SAMPR_GROUP_ADM_COMMENT_INFORMATION(NDRSTRUCT): 716 structure = ( 717 ('AdminComment', RPC_UNICODE_STRING), 718 ) 719 720# 2.2.5.6 GROUP_INFORMATION_CLASS 721class GROUP_INFORMATION_CLASS(NDRENUM): 722 class enumItems(Enum): 723 GroupGeneralInformation = 1 724 GroupNameInformation = 2 725 GroupAttributeInformation = 3 726 GroupAdminCommentInformation = 4 727 GroupReplicationInformation = 5 728 729# 2.2.5.7 SAMPR_GROUP_INFO_BUFFER 730class SAMPR_GROUP_INFO_BUFFER(NDRUNION): 731 union = { 732 GROUP_INFORMATION_CLASS.GroupGeneralInformation : ('General', SAMPR_GROUP_GENERAL_INFORMATION), 733 GROUP_INFORMATION_CLASS.GroupNameInformation : ('Name', SAMPR_GROUP_NAME_INFORMATION), 734 GROUP_INFORMATION_CLASS.GroupAttributeInformation : ('Attribute', GROUP_ATTRIBUTE_INFORMATION), 735 GROUP_INFORMATION_CLASS.GroupAdminCommentInformation : ('AdminComment', SAMPR_GROUP_ADM_COMMENT_INFORMATION), 736 GROUP_INFORMATION_CLASS.GroupReplicationInformation : ('DoNotUse', SAMPR_GROUP_GENERAL_INFORMATION), 737 } 738 739class PSAMPR_GROUP_INFO_BUFFER(NDRPOINTER): 740 referent = ( 741 ('Data', SAMPR_GROUP_INFO_BUFFER), 742 ) 743 744# 2.2.6.2 SAMPR_ALIAS_GENERAL_INFORMATION 745class SAMPR_ALIAS_GENERAL_INFORMATION(NDRSTRUCT): 746 structure = ( 747 ('Name', RPC_UNICODE_STRING), 748 ('MemberCount', ULONG), 749 ('AdminComment', RPC_UNICODE_STRING), 750 ) 751 752# 2.2.6.3 SAMPR_ALIAS_NAME_INFORMATION 753class SAMPR_ALIAS_NAME_INFORMATION(NDRSTRUCT): 754 structure = ( 755 ('Name', RPC_UNICODE_STRING), 756 ) 757 758# 2.2.6.4 SAMPR_ALIAS_ADM_COMMENT_INFORMATION 759class SAMPR_ALIAS_ADM_COMMENT_INFORMATION(NDRSTRUCT): 760 structure = ( 761 ('AdminComment', RPC_UNICODE_STRING), 762 ) 763 764# 2.2.6.5 ALIAS_INFORMATION_CLASS 765class ALIAS_INFORMATION_CLASS(NDRENUM): 766 class enumItems(Enum): 767 AliasGeneralInformation = 1 768 AliasNameInformation = 2 769 AliasAdminCommentInformation = 3 770 771# 2.2.6.6 SAMPR_ALIAS_INFO_BUFFER 772class SAMPR_ALIAS_INFO_BUFFER(NDRUNION): 773 union = { 774 ALIAS_INFORMATION_CLASS.AliasGeneralInformation : ('General', SAMPR_ALIAS_GENERAL_INFORMATION), 775 ALIAS_INFORMATION_CLASS.AliasNameInformation : ('Name', SAMPR_ALIAS_NAME_INFORMATION), 776 ALIAS_INFORMATION_CLASS.AliasAdminCommentInformation : ('AdminComment', SAMPR_ALIAS_ADM_COMMENT_INFORMATION), 777 } 778 779class PSAMPR_ALIAS_INFO_BUFFER(NDRPOINTER): 780 referent = ( 781 ('Data', SAMPR_ALIAS_INFO_BUFFER), 782 ) 783 784# 2.2.7.2 USER_PRIMARY_GROUP_INFORMATION 785class USER_PRIMARY_GROUP_INFORMATION(NDRSTRUCT): 786 structure = ( 787 ('PrimaryGroupId', ULONG), 788 ) 789 790# 2.2.7.3 USER_CONTROL_INFORMATION 791class USER_CONTROL_INFORMATION(NDRSTRUCT): 792 structure = ( 793 ('UserAccountControl', ULONG), 794 ) 795 796# 2.2.7.4 USER_EXPIRES_INFORMATION 797class USER_EXPIRES_INFORMATION(NDRSTRUCT): 798 structure = ( 799 ('AccountExpires', OLD_LARGE_INTEGER), 800 ) 801 802# 2.2.7.5 SAMPR_LOGON_HOURS 803class LOGON_HOURS_ARRAY(NDRUniConformantVaryingArray): 804 pass 805 806class PLOGON_HOURS_ARRAY(NDRPOINTER): 807 referent = ( 808 ('Data', LOGON_HOURS_ARRAY), 809 ) 810 811class SAMPR_LOGON_HOURS(NDRSTRUCT): 812 structure = ( 813 #('UnitsPerWeek', NDRSHORT), 814 ('UnitsPerWeek', ULONG), 815 ('LogonHours', PLOGON_HOURS_ARRAY), 816 ) 817 818 def getData(self, soFar = 0): 819 self['UnitsPerWeek'] = len(self['LogonHours']) * 8 820 return NDR.getData(self, soFar) 821 822# 2.2.7.6 SAMPR_USER_ALL_INFORMATION 823class SAMPR_USER_ALL_INFORMATION(NDRSTRUCT): 824 structure = ( 825 ('LastLogon', OLD_LARGE_INTEGER), 826 ('LastLogoff', OLD_LARGE_INTEGER), 827 ('PasswordLastSet', OLD_LARGE_INTEGER), 828 ('AccountExpires', OLD_LARGE_INTEGER), 829 ('PasswordCanChange', OLD_LARGE_INTEGER), 830 ('PasswordMustChange', OLD_LARGE_INTEGER), 831 ('UserName', RPC_UNICODE_STRING), 832 ('FullName', RPC_UNICODE_STRING), 833 ('HomeDirectory', RPC_UNICODE_STRING), 834 ('HomeDirectoryDrive', RPC_UNICODE_STRING), 835 ('ScriptPath', RPC_UNICODE_STRING), 836 ('ProfilePath', RPC_UNICODE_STRING), 837 ('AdminComment', RPC_UNICODE_STRING), 838 ('WorkStations', RPC_UNICODE_STRING), 839 ('UserComment', RPC_UNICODE_STRING), 840 ('Parameters', RPC_UNICODE_STRING), 841 842 ('LmOwfPassword', RPC_SHORT_BLOB), 843 ('NtOwfPassword', RPC_SHORT_BLOB), 844 ('PrivateData', RPC_UNICODE_STRING), 845 846 ('SecurityDescriptor', SAMPR_SR_SECURITY_DESCRIPTOR), 847 848 ('UserId', ULONG), 849 ('PrimaryGroupId', ULONG), 850 ('UserAccountControl', ULONG), 851 ('WhichFields', ULONG), 852 ('LogonHours', SAMPR_LOGON_HOURS), 853 ('BadPasswordCount', USHORT), 854 ('LogonCount', USHORT), 855 ('CountryCode', USHORT), 856 ('CodePage', USHORT), 857 ('LmPasswordPresent', UCHAR), 858 ('NtPasswordPresent', UCHAR), 859 ('PasswordExpired', UCHAR), 860 ('PrivateDataSensitive', UCHAR), 861 ) 862 863# 2.2.7.7 SAMPR_USER_GENERAL_INFORMATION 864class SAMPR_USER_GENERAL_INFORMATION(NDRSTRUCT): 865 structure = ( 866 ('UserName', RPC_UNICODE_STRING), 867 ('FullName', RPC_UNICODE_STRING), 868 ('PrimaryGroupId', ULONG), 869 ('AdminComment', RPC_UNICODE_STRING), 870 ('UserComment', RPC_UNICODE_STRING), 871 ) 872 873# 2.2.7.8 SAMPR_USER_PREFERENCES_INFORMATION 874class SAMPR_USER_PREFERENCES_INFORMATION(NDRSTRUCT): 875 structure = ( 876 ('UserComment', RPC_UNICODE_STRING), 877 ('Reserved1', RPC_UNICODE_STRING), 878 ('CountryCode', USHORT), 879 ('CodePage', USHORT), 880 ) 881 882# 2.2.7.9 SAMPR_USER_PARAMETERS_INFORMATION 883class SAMPR_USER_PARAMETERS_INFORMATION(NDRSTRUCT): 884 structure = ( 885 ('Parameters', RPC_UNICODE_STRING), 886 ) 887 888# 2.2.7.10 SAMPR_USER_LOGON_INFORMATION 889class SAMPR_USER_LOGON_INFORMATION(NDRSTRUCT): 890 structure = ( 891 ('UserName', RPC_UNICODE_STRING), 892 ('FullName', RPC_UNICODE_STRING), 893 ('UserId', ULONG), 894 ('PrimaryGroupId', ULONG), 895 ('HomeDirectory', RPC_UNICODE_STRING), 896 ('HomeDirectoryDrive', RPC_UNICODE_STRING), 897 ('ScriptPath', RPC_UNICODE_STRING), 898 ('ProfilePath', RPC_UNICODE_STRING), 899 ('WorkStations', RPC_UNICODE_STRING), 900 ('LastLogon', OLD_LARGE_INTEGER), 901 ('LastLogoff', OLD_LARGE_INTEGER), 902 ('PasswordLastSet', OLD_LARGE_INTEGER), 903 ('PasswordCanChange', OLD_LARGE_INTEGER), 904 ('PasswordMustChange', OLD_LARGE_INTEGER), 905 ('LogonHours', SAMPR_LOGON_HOURS), 906 ('BadPasswordCount', USHORT), 907 ('LogonCount', USHORT), 908 ('UserAccountControl', ULONG), 909 ) 910 911# 2.2.7.11 SAMPR_USER_ACCOUNT_INFORMATION 912class SAMPR_USER_ACCOUNT_INFORMATION(NDRSTRUCT): 913 structure = ( 914 ('UserName', RPC_UNICODE_STRING), 915 ('FullName', RPC_UNICODE_STRING), 916 ('UserId', ULONG), 917 ('PrimaryGroupId', ULONG), 918 ('HomeDirectory', RPC_UNICODE_STRING), 919 ('HomeDirectoryDrive', RPC_UNICODE_STRING), 920 ('ScriptPath', RPC_UNICODE_STRING), 921 ('ProfilePath', RPC_UNICODE_STRING), 922 ('AdminComment', RPC_UNICODE_STRING), 923 ('WorkStations', RPC_UNICODE_STRING), 924 ('LastLogon', OLD_LARGE_INTEGER), 925 ('LastLogoff', OLD_LARGE_INTEGER), 926 ('LogonHours', SAMPR_LOGON_HOURS), 927 ('BadPasswordCount', USHORT), 928 ('LogonCount', USHORT), 929 ('PasswordLastSet', OLD_LARGE_INTEGER), 930 ('AccountExpires', OLD_LARGE_INTEGER), 931 ('UserAccountControl', ULONG) 932 ) 933 934# 2.2.7.12 SAMPR_USER_A_NAME_INFORMATION 935class SAMPR_USER_A_NAME_INFORMATION(NDRSTRUCT): 936 structure = ( 937 ('UserName', RPC_UNICODE_STRING), 938 ) 939 940# 2.2.7.13 SAMPR_USER_F_NAME_INFORMATION 941class SAMPR_USER_F_NAME_INFORMATION(NDRSTRUCT): 942 structure = ( 943 ('FullName', RPC_UNICODE_STRING), 944 ) 945 946# 2.2.7.14 SAMPR_USER_NAME_INFORMATION 947class SAMPR_USER_NAME_INFORMATION(NDRSTRUCT): 948 structure = ( 949 ('UserName', RPC_UNICODE_STRING), 950 ('FullName', RPC_UNICODE_STRING), 951 ) 952 953# 2.2.7.15 SAMPR_USER_HOME_INFORMATION 954class SAMPR_USER_HOME_INFORMATION(NDRSTRUCT): 955 structure = ( 956 ('HomeDirectory', RPC_UNICODE_STRING), 957 ('HomeDirectoryDrive', RPC_UNICODE_STRING), 958 ) 959 960# 2.2.7.16 SAMPR_USER_SCRIPT_INFORMATION 961class SAMPR_USER_SCRIPT_INFORMATION(NDRSTRUCT): 962 structure = ( 963 ('ScriptPath', RPC_UNICODE_STRING), 964 ) 965 966# 2.2.7.17 SAMPR_USER_PROFILE_INFORMATION 967class SAMPR_USER_PROFILE_INFORMATION(NDRSTRUCT): 968 structure = ( 969 ('ProfilePath', RPC_UNICODE_STRING), 970 ) 971 972# 2.2.7.18 SAMPR_USER_ADMIN_COMMENT_INFORMATION 973class SAMPR_USER_ADMIN_COMMENT_INFORMATION(NDRSTRUCT): 974 structure = ( 975 ('AdminComment', RPC_UNICODE_STRING), 976 ) 977 978# 2.2.7.19 SAMPR_USER_WORKSTATIONS_INFORMATION 979class SAMPR_USER_WORKSTATIONS_INFORMATION(NDRSTRUCT): 980 structure = ( 981 ('WorkStations', RPC_UNICODE_STRING), 982 ) 983 984# 2.2.7.20 SAMPR_USER_LOGON_HOURS_INFORMATION 985class SAMPR_USER_LOGON_HOURS_INFORMATION(NDRSTRUCT): 986 structure = ( 987 ('LogonHours', SAMPR_LOGON_HOURS), 988 ) 989 990# 2.2.7.21 SAMPR_ENCRYPTED_USER_PASSWORD 991class SAMPR_USER_PASSWORD(NDRSTRUCT): 992 structure = ( 993 ('Buffer', '512s=""'), 994 ('Length', ULONG), 995 ) 996 def getAlignment(self): 997 return 4 998 999 1000class SAMPR_ENCRYPTED_USER_PASSWORD(NDRSTRUCT): 1001 structure = ( 1002 ('Buffer', '516s=""'), 1003 ) 1004 def getAlignment(self): 1005 return 1 1006 1007class PSAMPR_ENCRYPTED_USER_PASSWORD(NDRPOINTER): 1008 referent = ( 1009 ('Data', SAMPR_ENCRYPTED_USER_PASSWORD), 1010 ) 1011 1012# 2.2.7.22 SAMPR_ENCRYPTED_USER_PASSWORD_NEW 1013class SAMPR_ENCRYPTED_USER_PASSWORD_NEW(NDRSTRUCT): 1014 structure = ( 1015 ('Buffer', '522s=""'), 1016 ) 1017 def getAlignment(self): 1018 return 1 1019 1020# 2.2.7.23 SAMPR_USER_INTERNAL1_INFORMATION 1021class SAMPR_USER_INTERNAL1_INFORMATION(NDRSTRUCT): 1022 structure = ( 1023 ('EncryptedNtOwfPassword', ENCRYPTED_NT_OWF_PASSWORD), 1024 ('EncryptedLmOwfPassword', ENCRYPTED_LM_OWF_PASSWORD), 1025 ('NtPasswordPresent', UCHAR), 1026 ('LmPasswordPresent', UCHAR), 1027 ('PasswordExpired', UCHAR), 1028 ) 1029 1030# 2.2.7.24 SAMPR_USER_INTERNAL4_INFORMATION 1031class SAMPR_USER_INTERNAL4_INFORMATION(NDRSTRUCT): 1032 structure = ( 1033 ('I1', SAMPR_USER_ALL_INFORMATION), 1034 ('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD), 1035 ) 1036 1037# 2.2.7.25 SAMPR_USER_INTERNAL4_INFORMATION_NEW 1038class SAMPR_USER_INTERNAL4_INFORMATION_NEW(NDRSTRUCT): 1039 structure = ( 1040 ('I1', SAMPR_USER_ALL_INFORMATION), 1041 ('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD_NEW), 1042 ) 1043 1044# 2.2.7.26 SAMPR_USER_INTERNAL5_INFORMATION 1045class SAMPR_USER_INTERNAL5_INFORMATION(NDRSTRUCT): 1046 structure = ( 1047 ('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD), 1048 ('PasswordExpired', UCHAR), 1049 ) 1050 1051# 2.2.7.27 SAMPR_USER_INTERNAL5_INFORMATION_NEW 1052class SAMPR_USER_INTERNAL5_INFORMATION_NEW(NDRSTRUCT): 1053 structure = ( 1054 ('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD_NEW), 1055 ('PasswordExpired', UCHAR), 1056 ) 1057 1058# 2.2.7.28 USER_INFORMATION_CLASS 1059class USER_INFORMATION_CLASS(NDRENUM): 1060 class enumItems(Enum): 1061 UserGeneralInformation = 1 1062 UserPreferencesInformation = 2 1063 UserLogonInformation = 3 1064 UserLogonHoursInformation = 4 1065 UserAccountInformation = 5 1066 UserNameInformation = 6 1067 UserAccountNameInformation = 7 1068 UserFullNameInformation = 8 1069 UserPrimaryGroupInformation = 9 1070 UserHomeInformation = 10 1071 UserScriptInformation = 11 1072 UserProfileInformation = 12 1073 UserAdminCommentInformation = 13 1074 UserWorkStationsInformation = 14 1075 UserControlInformation = 16 1076 UserExpiresInformation = 17 1077 UserInternal1Information = 18 1078 UserParametersInformation = 20 1079 UserAllInformation = 21 1080 UserInternal4Information = 23 1081 UserInternal5Information = 24 1082 UserInternal4InformationNew = 25 1083 UserInternal5InformationNew = 26 1084 1085# 2.2.7.29 SAMPR_USER_INFO_BUFFER 1086class SAMPR_USER_INFO_BUFFER(NDRUNION): 1087 union = { 1088 USER_INFORMATION_CLASS.UserGeneralInformation : ('General', SAMPR_USER_GENERAL_INFORMATION), 1089 USER_INFORMATION_CLASS.UserPreferencesInformation : ('Preferences', SAMPR_USER_PREFERENCES_INFORMATION), 1090 USER_INFORMATION_CLASS.UserLogonInformation : ('Logon', SAMPR_USER_LOGON_INFORMATION), 1091 USER_INFORMATION_CLASS.UserLogonHoursInformation : ('LogonHours', SAMPR_USER_LOGON_HOURS_INFORMATION), 1092 USER_INFORMATION_CLASS.UserAccountInformation : ('Account', SAMPR_USER_ACCOUNT_INFORMATION), 1093 USER_INFORMATION_CLASS.UserNameInformation : ('Name', SAMPR_USER_NAME_INFORMATION), 1094 USER_INFORMATION_CLASS.UserAccountNameInformation : ('AccountName', SAMPR_USER_A_NAME_INFORMATION), 1095 USER_INFORMATION_CLASS.UserFullNameInformation : ('FullName', SAMPR_USER_F_NAME_INFORMATION), 1096 USER_INFORMATION_CLASS.UserPrimaryGroupInformation: ('PrimaryGroup', USER_PRIMARY_GROUP_INFORMATION), 1097 USER_INFORMATION_CLASS.UserHomeInformation : ('Home', SAMPR_USER_HOME_INFORMATION), 1098 USER_INFORMATION_CLASS.UserScriptInformation : ('Script', SAMPR_USER_SCRIPT_INFORMATION), 1099 USER_INFORMATION_CLASS.UserProfileInformation : ('Profile', SAMPR_USER_PROFILE_INFORMATION), 1100 USER_INFORMATION_CLASS.UserAdminCommentInformation: ('AdminComment', SAMPR_USER_ADMIN_COMMENT_INFORMATION), 1101 USER_INFORMATION_CLASS.UserWorkStationsInformation: ('WorkStations', SAMPR_USER_WORKSTATIONS_INFORMATION), 1102 USER_INFORMATION_CLASS.UserControlInformation : ('Control', USER_CONTROL_INFORMATION), 1103 USER_INFORMATION_CLASS.UserExpiresInformation : ('Expires', USER_EXPIRES_INFORMATION), 1104 USER_INFORMATION_CLASS.UserInternal1Information : ('Internal1', SAMPR_USER_INTERNAL1_INFORMATION), 1105 USER_INFORMATION_CLASS.UserParametersInformation : ('Parameters', SAMPR_USER_PARAMETERS_INFORMATION ), 1106 USER_INFORMATION_CLASS.UserAllInformation : ('All', SAMPR_USER_ALL_INFORMATION), 1107 USER_INFORMATION_CLASS.UserInternal4Information : ('Internal4', SAMPR_USER_INTERNAL4_INFORMATION), 1108 USER_INFORMATION_CLASS.UserInternal5Information : ('Internal5', SAMPR_USER_INTERNAL5_INFORMATION), 1109 USER_INFORMATION_CLASS.UserInternal4InformationNew: ('Internal4New', SAMPR_USER_INTERNAL4_INFORMATION_NEW), 1110 USER_INFORMATION_CLASS.UserInternal5InformationNew: ('Internal5New', SAMPR_USER_INTERNAL5_INFORMATION_NEW), 1111 } 1112 1113class PSAMPR_USER_INFO_BUFFER(NDRPOINTER): 1114 referent = ( 1115 ('Data', SAMPR_USER_INFO_BUFFER), 1116 ) 1117 1118class PSAMPR_SERVER_NAME2(NDRPOINTER): 1119 referent = ( 1120 ('Data', '4s=""'), 1121 ) 1122 1123# 2.2.8.2 SAMPR_DOMAIN_DISPLAY_USER 1124class SAMPR_DOMAIN_DISPLAY_USER(NDRSTRUCT): 1125 structure = ( 1126 ('Index',ULONG), 1127 ('Rid',ULONG), 1128 ('AccountControl',ULONG), 1129 ('AccountName',RPC_UNICODE_STRING), 1130 ('AdminComment',RPC_UNICODE_STRING), 1131 ('FullName',RPC_UNICODE_STRING), 1132 ) 1133 1134class SAMPR_DOMAIN_DISPLAY_USER_ARRAY(NDRUniConformantArray): 1135 item = SAMPR_DOMAIN_DISPLAY_USER 1136 1137class PSAMPR_DOMAIN_DISPLAY_USER_ARRAY(NDRPOINTER): 1138 referent = ( 1139 ('Data',SAMPR_DOMAIN_DISPLAY_USER_ARRAY), 1140 ) 1141 1142# 2.2.8.3 SAMPR_DOMAIN_DISPLAY_MACHINE 1143class SAMPR_DOMAIN_DISPLAY_MACHINE(NDRSTRUCT): 1144 structure = ( 1145 ('Index',ULONG), 1146 ('Rid',ULONG), 1147 ('AccountControl',ULONG), 1148 ('AccountName',RPC_UNICODE_STRING), 1149 ('AdminComment',RPC_UNICODE_STRING), 1150 ) 1151 1152class SAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY(NDRUniConformantArray): 1153 item = SAMPR_DOMAIN_DISPLAY_MACHINE 1154 1155class PSAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY(NDRPOINTER): 1156 referent = ( 1157 ('Data',SAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY), 1158 ) 1159 1160# 2.2.8.4 SAMPR_DOMAIN_DISPLAY_GROUP 1161class SAMPR_DOMAIN_DISPLAY_GROUP(NDRSTRUCT): 1162 structure = ( 1163 ('Index',ULONG), 1164 ('Rid',ULONG), 1165 ('AccountControl',ULONG), 1166 ('AccountName',RPC_UNICODE_STRING), 1167 ('AdminComment',RPC_UNICODE_STRING), 1168 ) 1169 1170class SAMPR_DOMAIN_DISPLAY_GROUP_ARRAY(NDRUniConformantArray): 1171 item = SAMPR_DOMAIN_DISPLAY_GROUP 1172 1173class PSAMPR_DOMAIN_DISPLAY_GROUP_ARRAY(NDRPOINTER): 1174 referent = ( 1175 ('Data',SAMPR_DOMAIN_DISPLAY_GROUP_ARRAY), 1176 ) 1177 1178# 2.2.8.5 SAMPR_DOMAIN_DISPLAY_OEM_USER 1179class SAMPR_DOMAIN_DISPLAY_OEM_USER(NDRSTRUCT): 1180 structure = ( 1181 ('Index',ULONG), 1182 ('OemAccountName',RPC_STRING), 1183 ) 1184 1185class SAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY(NDRUniConformantArray): 1186 item = SAMPR_DOMAIN_DISPLAY_OEM_USER 1187 1188class PSAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY(NDRPOINTER): 1189 referent = ( 1190 ('Data',SAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY), 1191 ) 1192 1193# 2.2.8.6 SAMPR_DOMAIN_DISPLAY_OEM_GROUP 1194class SAMPR_DOMAIN_DISPLAY_OEM_GROUP(NDRSTRUCT): 1195 structure = ( 1196 ('Index',ULONG), 1197 ('OemAccountName',RPC_STRING), 1198 ) 1199 1200class SAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY(NDRUniConformantArray): 1201 item = SAMPR_DOMAIN_DISPLAY_OEM_GROUP 1202 1203class PSAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY(NDRPOINTER): 1204 referent = ( 1205 ('Data',SAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY), 1206 ) 1207 1208#2.2.8.7 SAMPR_DOMAIN_DISPLAY_USER_BUFFER 1209class SAMPR_DOMAIN_DISPLAY_USER_BUFFER(NDRSTRUCT): 1210 structure = ( 1211 ('EntriesRead', ULONG), 1212 ('Buffer', PSAMPR_DOMAIN_DISPLAY_USER_ARRAY), 1213 ) 1214 1215# 2.2.8.8 SAMPR_DOMAIN_DISPLAY_MACHINE_BUFFER 1216class SAMPR_DOMAIN_DISPLAY_MACHINE_BUFFER(NDRSTRUCT): 1217 structure = ( 1218 ('EntriesRead', ULONG), 1219 ('Buffer', PSAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY), 1220 ) 1221 1222# 2.2.8.9 SAMPR_DOMAIN_DISPLAY_GROUP_BUFFER 1223class SAMPR_DOMAIN_DISPLAY_GROUP_BUFFER(NDRSTRUCT): 1224 structure = ( 1225 ('EntriesRead', ULONG), 1226 ('Buffer', PSAMPR_DOMAIN_DISPLAY_GROUP_ARRAY), 1227 ) 1228 1229# 2.2.8.10 SAMPR_DOMAIN_DISPLAY_OEM_USER_BUFFER 1230class SAMPR_DOMAIN_DISPLAY_OEM_USER_BUFFER(NDRSTRUCT): 1231 structure = ( 1232 ('EntriesRead', ULONG), 1233 ('Buffer', PSAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY), 1234 ) 1235 1236# 2.2.8.11 SAMPR_DOMAIN_DISPLAY_OEM_GROUP_BUFFER 1237class SAMPR_DOMAIN_DISPLAY_OEM_GROUP_BUFFER(NDRSTRUCT): 1238 structure = ( 1239 ('EntriesRead', ULONG), 1240 ('Buffer', PSAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY), 1241 ) 1242 1243# 2.2.8.12 DOMAIN_DISPLAY_INFORMATION 1244class DOMAIN_DISPLAY_INFORMATION(NDRENUM): 1245 class enumItems(Enum): 1246 DomainDisplayUser = 1 1247 DomainDisplayMachine = 2 1248 DomainDisplayGroup = 3 1249 DomainDisplayOemUser = 4 1250 DomainDisplayOemGroup = 5 1251 1252# 2.2.8.13 SAMPR_DISPLAY_INFO_BUFFER 1253class SAMPR_DISPLAY_INFO_BUFFER(NDRUNION): 1254 union = { 1255 DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser : ('UserInformation', SAMPR_DOMAIN_DISPLAY_USER_BUFFER), 1256 DOMAIN_DISPLAY_INFORMATION.DomainDisplayMachine : ('MachineInformation', SAMPR_DOMAIN_DISPLAY_MACHINE_BUFFER), 1257 DOMAIN_DISPLAY_INFORMATION.DomainDisplayGroup : ('GroupInformation', SAMPR_DOMAIN_DISPLAY_GROUP_BUFFER), 1258 DOMAIN_DISPLAY_INFORMATION.DomainDisplayOemUser : ('OemUserInformation', SAMPR_DOMAIN_DISPLAY_OEM_USER_BUFFER), 1259 DOMAIN_DISPLAY_INFORMATION.DomainDisplayOemGroup : ('OemGroupInformation', SAMPR_DOMAIN_DISPLAY_OEM_GROUP_BUFFER), 1260 } 1261 1262# 2.2.9.1 SAM_VALIDATE_PASSWORD_HASH 1263class SAM_VALIDATE_PASSWORD_HASH(NDRSTRUCT): 1264 structure = ( 1265 ('Length', ULONG), 1266 ('Hash', LPBYTE), 1267 ) 1268 1269class PSAM_VALIDATE_PASSWORD_HASH(NDRPOINTER): 1270 referent = ( 1271 ('Data', SAM_VALIDATE_PASSWORD_HASH), 1272 ) 1273 1274# 2.2.9.2 SAM_VALIDATE_PERSISTED_FIELDS 1275class SAM_VALIDATE_PERSISTED_FIELDS(NDRSTRUCT): 1276 structure = ( 1277 ('PresentFields', ULONG), 1278 ('PasswordLastSet', LARGE_INTEGER), 1279 ('BadPasswordTime', LARGE_INTEGER), 1280 ('LockoutTime', LARGE_INTEGER), 1281 ('BadPasswordCount', ULONG), 1282 ('PasswordHistoryLength', ULONG), 1283 ('PasswordHistory', PSAM_VALIDATE_PASSWORD_HASH), 1284 ) 1285 1286# 2.2.9.3 SAM_VALIDATE_VALIDATION_STATUS 1287class SAM_VALIDATE_VALIDATION_STATUS(NDRENUM): 1288 class enumItems(Enum): 1289 SamValidateSuccess = 0 1290 SamValidatePasswordMustChange = 1 1291 SamValidateAccountLockedOut = 2 1292 SamValidatePasswordExpired = 3 1293 SamValidatePasswordIncorrect = 4 1294 SamValidatePasswordIsInHistory = 5 1295 SamValidatePasswordTooShort = 6 1296 SamValidatePasswordTooLong = 7 1297 SamValidatePasswordNotComplexEnough = 8 1298 SamValidatePasswordTooRecent = 9 1299 SamValidatePasswordFilterError = 10 1300 1301# 2.2.9.4 SAM_VALIDATE_STANDARD_OUTPUT_ARG 1302class SAM_VALIDATE_STANDARD_OUTPUT_ARG(NDRSTRUCT): 1303 structure = ( 1304 ('ChangedPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS), 1305 ('ValidationStatus', SAM_VALIDATE_VALIDATION_STATUS), 1306 ) 1307 1308class PSAM_VALIDATE_STANDARD_OUTPUT_ARG(NDRPOINTER): 1309 referent = ( 1310 ('Data', SAM_VALIDATE_STANDARD_OUTPUT_ARG), 1311 ) 1312 1313# 2.2.9.5 SAM_VALIDATE_AUTHENTICATION_INPUT_ARG 1314class SAM_VALIDATE_AUTHENTICATION_INPUT_ARG(NDRSTRUCT): 1315 structure = ( 1316 ('InputPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS), 1317 ('PasswordMatched', UCHAR), 1318 ) 1319 1320# 2.2.9.6 SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG 1321class SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG(NDRSTRUCT): 1322 structure = ( 1323 ('InputPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS), 1324 ('ClearPassword', RPC_UNICODE_STRING), 1325 ('UserAccountName', RPC_UNICODE_STRING), 1326 ('HashedPassword', SAM_VALIDATE_PASSWORD_HASH), 1327 ('PasswordMatch', UCHAR), 1328 ) 1329 1330# 2.2.9.7 SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG 1331class SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG(NDRSTRUCT): 1332 structure = ( 1333 ('InputPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS), 1334 ('ClearPassword', RPC_UNICODE_STRING), 1335 ('UserAccountName', RPC_UNICODE_STRING), 1336 ('HashedPassword', SAM_VALIDATE_PASSWORD_HASH), 1337 ('PasswordMustChangeAtNextLogon', UCHAR), 1338 ('ClearLockout', UCHAR), 1339 ) 1340 1341# 2.2.9.8 PASSWORD_POLICY_VALIDATION_TYPE 1342class PASSWORD_POLICY_VALIDATION_TYPE(NDRENUM): 1343 class enumItems(Enum): 1344 SamValidateAuthentication = 1 1345 SamValidatePasswordChange = 2 1346 SamValidatePasswordReset = 3 1347 1348# 2.2.9.9 SAM_VALIDATE_INPUT_ARG 1349class SAM_VALIDATE_INPUT_ARG(NDRUNION): 1350 union = { 1351 PASSWORD_POLICY_VALIDATION_TYPE.SamValidateAuthentication : ('ValidateAuthenticationInput', SAM_VALIDATE_AUTHENTICATION_INPUT_ARG), 1352 PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordChange : ('ValidatePasswordChangeInput', SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG), 1353 PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordReset : ('ValidatePasswordResetInput', SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG), 1354 } 1355 1356# 2.2.9.10 SAM_VALIDATE_OUTPUT_ARG 1357class SAM_VALIDATE_OUTPUT_ARG(NDRUNION): 1358 union = { 1359 PASSWORD_POLICY_VALIDATION_TYPE.SamValidateAuthentication : ('ValidateAuthenticationOutput', SAM_VALIDATE_STANDARD_OUTPUT_ARG), 1360 PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordChange : ('ValidatePasswordChangeOutput', SAM_VALIDATE_STANDARD_OUTPUT_ARG), 1361 PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordReset : ('ValidatePasswordResetOutput', SAM_VALIDATE_STANDARD_OUTPUT_ARG), 1362 } 1363 1364class PSAM_VALIDATE_OUTPUT_ARG(NDRPOINTER): 1365 referent = ( 1366 ('Data', SAM_VALIDATE_OUTPUT_ARG), 1367 ) 1368 1369# 2.2.10 Supplemental Credentials Structures 1370 1371# 2.2.10.1 USER_PROPERTIES 1372class USER_PROPERTIES(Structure): 1373 structure = ( 1374 ('Reserved1','<L=0'), 1375 ('Length','<L=0'), 1376 ('Reserved2','<H=0'), 1377 ('Reserved3','<H=0'), 1378 ('Reserved4','96s=""'), 1379 ('PropertySignature','<H=0x50'), 1380 ('PropertyCount','<H=0'), 1381 ('UserProperties',':'), 1382 ) 1383 1384# 2.2.10.2 USER_PROPERTY 1385class USER_PROPERTY(Structure): 1386 structure = ( 1387 ('NameLength','<H=0'), 1388 ('ValueLength','<H=0'), 1389 ('Reserved','<H=0'), 1390 ('_PropertyName','_-PropertyName', "self['NameLength']"), 1391 ('PropertyName',':'), 1392 ('_PropertyValue','_-PropertyValue', "self['ValueLength']"), 1393 ('PropertyValue',':'), 1394 ) 1395 1396# 2.2.10.3 Primary:WDigest - WDIGEST_CREDENTIALS 1397class WDIGEST_CREDENTIALS(Structure): 1398 structure = ( 1399 ('Reserved1','B=0'), 1400 ('Reserved2','B=0'), 1401 ('Version','B=1'), 1402 ('NumberOfHashes','B=29'), 1403 ('Reserved3','12s=""'), 1404 ('Hash1', '16s=""'), 1405 ('Hash2', '16s=""'), 1406 ('Hash3', '16s=""'), 1407 ('Hash4', '16s=""'), 1408 ('Hash5', '16s=""'), 1409 ('Hash6', '16s=""'), 1410 ('Hash7', '16s=""'), 1411 ('Hash8', '16s=""'), 1412 ('Hash9', '16s=""'), 1413 ('Hash10', '16s=""'), 1414 ('Hash11', '16s=""'), 1415 ('Hash12', '16s=""'), 1416 ('Hash13', '16s=""'), 1417 ('Hash14', '16s=""'), 1418 ('Hash15', '16s=""'), 1419 ('Hash16', '16s=""'), 1420 ('Hash17', '16s=""'), 1421 ('Hash18', '16s=""'), 1422 ('Hash19', '16s=""'), 1423 ('Hash20', '16s=""'), 1424 ('Hash21', '16s=""'), 1425 ('Hash22', '16s=""'), 1426 ('Hash23', '16s=""'), 1427 ('Hash24', '16s=""'), 1428 ('Hash25', '16s=""'), 1429 ('Hash26', '16s=""'), 1430 ('Hash27', '16s=""'), 1431 ('Hash28', '16s=""'), 1432 ('Hash29', '16s=""'), 1433 ) 1434 1435# 2.2.10.5 KERB_KEY_DATA 1436class KERB_KEY_DATA(Structure): 1437 structure = ( 1438 ('Reserved1','<H=0'), 1439 ('Reserved2','<H=0'), 1440 ('Reserved3','<H=0'), 1441 ('KeyType','<L=0'), 1442 ('KeyLength','<L=0'), 1443 ('KeyOffset','<L=0'), 1444 ) 1445 1446# 2.2.10.4 Primary:Kerberos - KERB_STORED_CREDENTIAL 1447class KERB_STORED_CREDENTIAL(Structure): 1448 structure = ( 1449 ('Revision','<H=3'), 1450 ('Flags','<H=0'), 1451 ('CredentialCount','<H=0'), 1452 ('OldCredentialCount','<H=0'), 1453 ('DefaultSaltLength','<H=0'), 1454 ('DefaultSaltMaximumLength','<H=0'), 1455 ('DefaultSaltOffset','<L=0'), 1456 #('Credentials',':'), 1457 #('OldCredentials',':'), 1458 #('DefaultSalt',':'), 1459 #('KeyValues',':'), 1460 # All the preceding stuff inside this Buffer 1461 ('Buffer',':'), 1462 ) 1463 1464# 2.2.10.7 KERB_KEY_DATA_NEW 1465class KERB_KEY_DATA_NEW(Structure): 1466 structure = ( 1467 ('Reserved1','<H=0'), 1468 ('Reserved2','<H=0'), 1469 ('Reserved3','<L=0'), 1470 ('IterationCount','<L=0'), 1471 ('KeyType','<L=0'), 1472 ('KeyLength','<L=0'), 1473 ('KeyOffset','<L=0'), 1474 ) 1475 1476# 2.2.10.6 Primary:Kerberos-Newer-Keys - KERB_STORED_CREDENTIAL_NEW 1477class KERB_STORED_CREDENTIAL_NEW(Structure): 1478 structure = ( 1479 ('Revision','<H=4'), 1480 ('Flags','<H=0'), 1481 ('CredentialCount','<H=0'), 1482 ('ServiceCredentialCount','<H=0'), 1483 ('OldCredentialCount','<H=0'), 1484 ('OlderCredentialCount','<H=0'), 1485 ('DefaultSaltLength','<H=0'), 1486 ('DefaultSaltMaximumLength','<H=0'), 1487 ('DefaultSaltOffset','<L=0'), 1488 ('DefaultIterationCount','<L=0'), 1489 #('Credentials',':'), 1490 #('ServiceCredentials',':'), 1491 #('OldCredentials',':'), 1492 #('OlderCredentials',':'), 1493 #('DefaultSalt',':'), 1494 #('KeyValues',':'), 1495 # All the preceding stuff inside this Buffer 1496 ('Buffer',':'), 1497 ) 1498 1499################################################################################ 1500# RPC CALLS 1501################################################################################ 1502 1503class SamrConnect(NDRCALL): 1504 opnum = 0 1505 structure = ( 1506 ('ServerName',PSAMPR_SERVER_NAME2), 1507 ('DesiredAccess', ULONG), 1508 ) 1509 1510class SamrConnectResponse(NDRCALL): 1511 structure = ( 1512 ('ServerHandle',SAMPR_HANDLE), 1513 ('ErrorCode',ULONG), 1514 ) 1515 1516class SamrCloseHandle(NDRCALL): 1517 opnum = 1 1518 structure = ( 1519 ('SamHandle',SAMPR_HANDLE), 1520 ('DesiredAccess', LONG), 1521 ) 1522 1523class SamrCloseHandleResponse(NDRCALL): 1524 structure = ( 1525 ('SamHandle',SAMPR_HANDLE), 1526 ('ErrorCode',ULONG), 1527 ) 1528 1529class SamrSetSecurityObject(NDRCALL): 1530 opnum = 2 1531 structure = ( 1532 ('ObjectHandle',SAMPR_HANDLE), 1533 ('SecurityInformation', SECURITY_INFORMATION), 1534 ('SecurityDescriptor', SAMPR_SR_SECURITY_DESCRIPTOR), 1535 ) 1536 1537class SamrSetSecurityObjectResponse(NDRCALL): 1538 structure = ( 1539 ('ErrorCode',ULONG), 1540 ) 1541 1542class SamrQuerySecurityObject(NDRCALL): 1543 opnum = 3 1544 structure = ( 1545 ('ObjectHandle',SAMPR_HANDLE), 1546 ('SecurityInformation', SECURITY_INFORMATION), 1547 ) 1548 1549class SamrQuerySecurityObjectResponse(NDRCALL): 1550 structure = ( 1551 ('SecurityDescriptor',PSAMPR_SR_SECURITY_DESCRIPTOR), 1552 ('ErrorCode',ULONG), 1553 ) 1554 1555class SamrLookupDomainInSamServer(NDRCALL): 1556 opnum = 5 1557 structure = ( 1558 ('ServerHandle',SAMPR_HANDLE), 1559 ('Name', RPC_UNICODE_STRING), 1560 ) 1561 1562class SamrLookupDomainInSamServerResponse(NDRCALL): 1563 structure = ( 1564 ('DomainId',PRPC_SID), 1565 ('ErrorCode',ULONG), 1566 ) 1567 1568class SamrEnumerateDomainsInSamServer(NDRCALL): 1569 opnum = 6 1570 structure = ( 1571 ('ServerHandle',SAMPR_HANDLE), 1572 ('EnumerationContext', ULONG), 1573 ('PreferedMaximumLength', ULONG), 1574 ) 1575 1576class SamrEnumerateDomainsInSamServerResponse(NDRCALL): 1577 structure = ( 1578 ('EnumerationContext',ULONG), 1579 ('Buffer',PSAMPR_ENUMERATION_BUFFER), 1580 ('CountReturned',ULONG), 1581 ('ErrorCode',ULONG), 1582 ) 1583 1584class SamrOpenDomain(NDRCALL): 1585 opnum = 7 1586 structure = ( 1587 ('ServerHandle',SAMPR_HANDLE), 1588 ('DesiredAccess', ULONG), 1589 ('DomainId', RPC_SID), 1590 ) 1591 1592class SamrOpenDomainResponse(NDRCALL): 1593 structure = ( 1594 ('DomainHandle',SAMPR_HANDLE), 1595 ('ErrorCode',ULONG), 1596 ) 1597 1598class SamrQueryInformationDomain(NDRCALL): 1599 opnum = 8 1600 structure = ( 1601 ('DomainHandle',SAMPR_HANDLE), 1602 ('DomainInformationClass', DOMAIN_INFORMATION_CLASS), 1603 ) 1604 1605class SamrQueryInformationDomainResponse(NDRCALL): 1606 structure = ( 1607 ('Buffer',PSAMPR_DOMAIN_INFO_BUFFER), 1608 ('ErrorCode',ULONG), 1609 ) 1610 1611class SamrSetInformationDomain(NDRCALL): 1612 opnum = 9 1613 structure = ( 1614 ('DomainHandle',SAMPR_HANDLE), 1615 ('DomainInformationClass', DOMAIN_INFORMATION_CLASS), 1616 ('DomainInformation', SAMPR_DOMAIN_INFO_BUFFER), 1617 ) 1618 1619class SamrSetInformationDomainResponse(NDRCALL): 1620 structure = ( 1621 ('ErrorCode',ULONG), 1622 ) 1623 1624class SamrCreateGroupInDomain(NDRCALL): 1625 opnum = 10 1626 structure = ( 1627 ('DomainHandle',SAMPR_HANDLE), 1628 ('Name', RPC_UNICODE_STRING), 1629 ('DesiredAccess', ULONG), 1630 ) 1631 1632class SamrCreateGroupInDomainResponse(NDRCALL): 1633 structure = ( 1634 ('GroupHandle',SAMPR_HANDLE), 1635 ('RelativeId',ULONG), 1636 ('ErrorCode',ULONG), 1637 ) 1638 1639class SamrEnumerateGroupsInDomain(NDRCALL): 1640 opnum = 11 1641 structure = ( 1642 ('DomainHandle',SAMPR_HANDLE), 1643 ('EnumerationContext', ULONG), 1644 ('PreferedMaximumLength', ULONG), 1645 ) 1646 1647class SamrCreateUserInDomain(NDRCALL): 1648 opnum = 12 1649 structure = ( 1650 ('DomainHandle',SAMPR_HANDLE), 1651 ('Name', RPC_UNICODE_STRING), 1652 ('DesiredAccess', ULONG), 1653 ) 1654 1655class SamrCreateUserInDomainResponse(NDRCALL): 1656 structure = ( 1657 ('UserHandle',SAMPR_HANDLE), 1658 ('RelativeId',ULONG), 1659 ('ErrorCode',ULONG), 1660 ) 1661 1662class SamrEnumerateGroupsInDomainResponse(NDRCALL): 1663 structure = ( 1664 ('EnumerationContext',ULONG), 1665 ('Buffer',PSAMPR_ENUMERATION_BUFFER), 1666 ('CountReturned',ULONG), 1667 ('ErrorCode',ULONG), 1668 ) 1669 1670class SamrEnumerateUsersInDomain(NDRCALL): 1671 opnum = 13 1672 structure = ( 1673 ('DomainHandle',SAMPR_HANDLE), 1674 ('EnumerationContext', ULONG), 1675 ('UserAccountControl', ULONG), 1676 ('PreferedMaximumLength', ULONG), 1677 ) 1678 1679class SamrEnumerateUsersInDomainResponse(NDRCALL): 1680 structure = ( 1681 ('EnumerationContext',ULONG), 1682 ('Buffer',PSAMPR_ENUMERATION_BUFFER), 1683 ('CountReturned',ULONG), 1684 ('ErrorCode',ULONG), 1685 ) 1686 1687class SamrCreateAliasInDomain(NDRCALL): 1688 opnum = 14 1689 structure = ( 1690 ('DomainHandle',SAMPR_HANDLE), 1691 ('AccountName', RPC_UNICODE_STRING), 1692 ('DesiredAccess', ULONG), 1693 ) 1694 1695class SamrCreateAliasInDomainResponse(NDRCALL): 1696 structure = ( 1697 ('AliasHandle',SAMPR_HANDLE), 1698 ('RelativeId',ULONG), 1699 ('ErrorCode',ULONG), 1700 ) 1701 1702 1703class SamrEnumerateAliasesInDomain(NDRCALL): 1704 opnum = 15 1705 structure = ( 1706 ('DomainHandle',SAMPR_HANDLE), 1707 ('EnumerationContext', ULONG), 1708 ('PreferedMaximumLength', ULONG), 1709 ) 1710 1711class SamrEnumerateAliasesInDomainResponse(NDRCALL): 1712 structure = ( 1713 ('EnumerationContext',ULONG), 1714 ('Buffer',PSAMPR_ENUMERATION_BUFFER), 1715 ('CountReturned',ULONG), 1716 ('ErrorCode',ULONG), 1717 ) 1718 1719class SamrGetAliasMembership(NDRCALL): 1720 opnum = 16 1721 structure = ( 1722 ('DomainHandle',SAMPR_HANDLE), 1723 ('SidArray',SAMPR_PSID_ARRAY), 1724 ) 1725 1726class SamrGetAliasMembershipResponse(NDRCALL): 1727 structure = ( 1728 ('Membership',SAMPR_ULONG_ARRAY), 1729 ('ErrorCode',ULONG), 1730 ) 1731 1732class SamrLookupNamesInDomain(NDRCALL): 1733 opnum = 17 1734 structure = ( 1735 ('DomainHandle',SAMPR_HANDLE), 1736 ('Count',ULONG), 1737 ('Names',RPC_UNICODE_STRING_ARRAY), 1738 ) 1739 1740class SamrLookupNamesInDomainResponse(NDRCALL): 1741 structure = ( 1742 ('RelativeIds',SAMPR_ULONG_ARRAY), 1743 ('Use',SAMPR_ULONG_ARRAY), 1744 ('ErrorCode',ULONG), 1745 ) 1746 1747class SamrLookupIdsInDomain(NDRCALL): 1748 opnum = 18 1749 structure = ( 1750 ('DomainHandle',SAMPR_HANDLE), 1751 ('Count',ULONG), 1752 ('RelativeIds',ULONG_ARRAY_CV), 1753 ) 1754 1755class SamrLookupIdsInDomainResponse(NDRCALL): 1756 structure = ( 1757 ('Names',SAMPR_RETURNED_USTRING_ARRAY), 1758 ('Use',SAMPR_ULONG_ARRAY), 1759 ('ErrorCode',ULONG), 1760 ) 1761 1762class SamrOpenGroup(NDRCALL): 1763 opnum = 19 1764 structure = ( 1765 ('DomainHandle',SAMPR_HANDLE), 1766 ('DesiredAccess', ULONG), 1767 ('GroupId', ULONG), 1768 ) 1769 1770class SamrOpenGroupResponse(NDRCALL): 1771 structure = ( 1772 ('GroupHandle',SAMPR_HANDLE), 1773 ('ErrorCode',ULONG), 1774 ) 1775 1776class SamrQueryInformationGroup(NDRCALL): 1777 opnum = 20 1778 structure = ( 1779 ('GroupHandle',SAMPR_HANDLE), 1780 ('GroupInformationClass', GROUP_INFORMATION_CLASS), 1781 ) 1782 1783class SamrQueryInformationGroupResponse(NDRCALL): 1784 structure = ( 1785 ('Buffer',PSAMPR_GROUP_INFO_BUFFER), 1786 ('ErrorCode',ULONG), 1787 ) 1788 1789class SamrSetInformationGroup(NDRCALL): 1790 opnum = 21 1791 structure = ( 1792 ('GroupHandle',SAMPR_HANDLE), 1793 ('GroupInformationClass', GROUP_INFORMATION_CLASS), 1794 ('Buffer', SAMPR_GROUP_INFO_BUFFER), 1795 ) 1796 1797class SamrSetInformationGroupResponse(NDRCALL): 1798 structure = ( 1799 ('ErrorCode',ULONG), 1800 ) 1801 1802class SamrAddMemberToGroup(NDRCALL): 1803 opnum = 22 1804 structure = ( 1805 ('GroupHandle',SAMPR_HANDLE), 1806 ('MemberId', ULONG), 1807 ('Attributes', ULONG), 1808 ) 1809 1810class SamrAddMemberToGroupResponse(NDRCALL): 1811 structure = ( 1812 ('ErrorCode',ULONG), 1813 ) 1814 1815class SamrDeleteGroup(NDRCALL): 1816 opnum = 23 1817 structure = ( 1818 ('GroupHandle',SAMPR_HANDLE), 1819 ) 1820 1821class SamrDeleteGroupResponse(NDRCALL): 1822 structure = ( 1823 ('GroupHandle',SAMPR_HANDLE), 1824 ('ErrorCode',ULONG), 1825 ) 1826 1827class SamrRemoveMemberFromGroup(NDRCALL): 1828 opnum = 24 1829 structure = ( 1830 ('GroupHandle',SAMPR_HANDLE), 1831 ('MemberId', ULONG), 1832 ) 1833 1834class SamrRemoveMemberFromGroupResponse(NDRCALL): 1835 structure = ( 1836 ('ErrorCode',ULONG), 1837 ) 1838 1839class SamrGetMembersInGroup(NDRCALL): 1840 opnum = 25 1841 structure = ( 1842 ('GroupHandle',SAMPR_HANDLE), 1843 ) 1844 1845class SamrGetMembersInGroupResponse(NDRCALL): 1846 structure = ( 1847 ('Members',PSAMPR_GET_MEMBERS_BUFFER), 1848 ('ErrorCode',ULONG), 1849 ) 1850 1851class SamrSetMemberAttributesOfGroup(NDRCALL): 1852 opnum = 26 1853 structure = ( 1854 ('GroupHandle',SAMPR_HANDLE), 1855 ('MemberId',ULONG), 1856 ('Attributes',ULONG), 1857 ) 1858 1859class SamrSetMemberAttributesOfGroupResponse(NDRCALL): 1860 structure = ( 1861 ('ErrorCode',ULONG), 1862 ) 1863 1864class SamrOpenAlias(NDRCALL): 1865 opnum = 27 1866 structure = ( 1867 ('DomainHandle',SAMPR_HANDLE), 1868 ('DesiredAccess', ULONG), 1869 ('AliasId', ULONG), 1870 ) 1871 1872class SamrOpenAliasResponse(NDRCALL): 1873 structure = ( 1874 ('AliasHandle',SAMPR_HANDLE), 1875 ('ErrorCode',ULONG), 1876 ) 1877 1878class SamrQueryInformationAlias(NDRCALL): 1879 opnum = 28 1880 structure = ( 1881 ('AliasHandle',SAMPR_HANDLE), 1882 ('AliasInformationClass', ALIAS_INFORMATION_CLASS), 1883 ) 1884 1885class SamrQueryInformationAliasResponse(NDRCALL): 1886 structure = ( 1887 ('Buffer',PSAMPR_ALIAS_INFO_BUFFER), 1888 ('ErrorCode',ULONG), 1889 ) 1890 1891class SamrSetInformationAlias(NDRCALL): 1892 opnum = 29 1893 structure = ( 1894 ('AliasHandle',SAMPR_HANDLE), 1895 ('AliasInformationClass', ALIAS_INFORMATION_CLASS), 1896 ('Buffer',SAMPR_ALIAS_INFO_BUFFER), 1897 ) 1898 1899class SamrSetInformationAliasResponse(NDRCALL): 1900 structure = ( 1901 ('ErrorCode',ULONG), 1902 ) 1903 1904class SamrDeleteAlias(NDRCALL): 1905 opnum = 30 1906 structure = ( 1907 ('AliasHandle',SAMPR_HANDLE), 1908 ) 1909 1910class SamrDeleteAliasResponse(NDRCALL): 1911 structure = ( 1912 ('AliasHandle',SAMPR_HANDLE), 1913 ('ErrorCode',ULONG), 1914 ) 1915 1916class SamrAddMemberToAlias(NDRCALL): 1917 opnum = 31 1918 structure = ( 1919 ('AliasHandle',SAMPR_HANDLE), 1920 ('MemberId', RPC_SID), 1921 ) 1922 1923class SamrAddMemberToAliasResponse(NDRCALL): 1924 structure = ( 1925 ('ErrorCode',ULONG), 1926 ) 1927 1928class SamrRemoveMemberFromAlias(NDRCALL): 1929 opnum = 32 1930 structure = ( 1931 ('AliasHandle',SAMPR_HANDLE), 1932 ('MemberId', RPC_SID), 1933 ) 1934 1935class SamrRemoveMemberFromAliasResponse(NDRCALL): 1936 structure = ( 1937 ('ErrorCode',ULONG), 1938 ) 1939 1940class SamrGetMembersInAlias(NDRCALL): 1941 opnum = 33 1942 structure = ( 1943 ('AliasHandle',SAMPR_HANDLE), 1944 ) 1945 1946class SamrGetMembersInAliasResponse(NDRCALL): 1947 structure = ( 1948 ('Members',SAMPR_PSID_ARRAY_OUT), 1949 ('ErrorCode',ULONG), 1950 ) 1951 1952class SamrOpenUser(NDRCALL): 1953 opnum = 34 1954 structure = ( 1955 ('DomainHandle',SAMPR_HANDLE), 1956 ('DesiredAccess', ULONG), 1957 ('UserId', ULONG), 1958 ) 1959 1960class SamrOpenUserResponse(NDRCALL): 1961 structure = ( 1962 ('UserHandle',SAMPR_HANDLE), 1963 ('ErrorCode',ULONG), 1964 ) 1965 1966class SamrDeleteUser(NDRCALL): 1967 opnum = 35 1968 structure = ( 1969 ('UserHandle',SAMPR_HANDLE), 1970 ) 1971 1972class SamrDeleteUserResponse(NDRCALL): 1973 structure = ( 1974 ('UserHandle',SAMPR_HANDLE), 1975 ('ErrorCode',ULONG), 1976 ) 1977 1978class SamrQueryInformationUser(NDRCALL): 1979 opnum = 36 1980 structure = ( 1981 ('UserHandle',SAMPR_HANDLE), 1982 ('UserInformationClass', USER_INFORMATION_CLASS ), 1983 ) 1984 1985class SamrQueryInformationUserResponse(NDRCALL): 1986 structure = ( 1987 ('Buffer',PSAMPR_USER_INFO_BUFFER), 1988 ('ErrorCode',ULONG), 1989 ) 1990 1991class SamrSetInformationUser(NDRCALL): 1992 opnum = 37 1993 structure = ( 1994 ('UserHandle',SAMPR_HANDLE), 1995 ('UserInformationClass', USER_INFORMATION_CLASS ), 1996 ('Buffer',SAMPR_USER_INFO_BUFFER), 1997 ) 1998 1999class SamrSetInformationUserResponse(NDRCALL): 2000 structure = ( 2001 ('ErrorCode',ULONG), 2002 ) 2003 2004class SamrChangePasswordUser(NDRCALL): 2005 opnum = 38 2006 structure = ( 2007 ('UserHandle',SAMPR_HANDLE), 2008 ('LmPresent', UCHAR ), 2009 ('OldLmEncryptedWithNewLm',PENCRYPTED_LM_OWF_PASSWORD), 2010 ('NewLmEncryptedWithOldLm',PENCRYPTED_LM_OWF_PASSWORD), 2011 ('NtPresent', UCHAR), 2012 ('OldNtEncryptedWithNewNt',PENCRYPTED_NT_OWF_PASSWORD), 2013 ('NewNtEncryptedWithOldNt',PENCRYPTED_NT_OWF_PASSWORD), 2014 ('NtCrossEncryptionPresent',UCHAR), 2015 ('NewNtEncryptedWithNewLm',PENCRYPTED_NT_OWF_PASSWORD), 2016 ('LmCrossEncryptionPresent',UCHAR), 2017 ('NewLmEncryptedWithNewNt',PENCRYPTED_NT_OWF_PASSWORD), 2018 ) 2019 2020class SamrChangePasswordUserResponse(NDRCALL): 2021 structure = ( 2022 ('ErrorCode',ULONG), 2023 ) 2024 2025class SamrGetGroupsForUser(NDRCALL): 2026 opnum = 39 2027 structure = ( 2028 ('UserHandle',SAMPR_HANDLE), 2029 ) 2030 2031class SamrGetGroupsForUserResponse(NDRCALL): 2032 structure = ( 2033 ('Groups',PSAMPR_GET_GROUPS_BUFFER), 2034 ('ErrorCode',ULONG), 2035 ) 2036 2037class SamrQueryDisplayInformation(NDRCALL): 2038 opnum = 40 2039 structure = ( 2040 ('DomainHandle',SAMPR_HANDLE), 2041 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION), 2042 ('Index', ULONG), 2043 ('EntryCount',ULONG), 2044 ('PreferredMaximumLength',ULONG), 2045 ) 2046 2047class SamrQueryDisplayInformationResponse(NDRCALL): 2048 structure = ( 2049 ('TotalAvailable',ULONG), 2050 ('TotalReturned',ULONG), 2051 ('Buffer',SAMPR_DISPLAY_INFO_BUFFER), 2052 ('ErrorCode',ULONG), 2053 ) 2054 2055class SamrGetDisplayEnumerationIndex(NDRCALL): 2056 opnum = 41 2057 structure = ( 2058 ('DomainHandle',SAMPR_HANDLE), 2059 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION), 2060 ('Prefix', RPC_UNICODE_STRING), 2061 ) 2062 2063class SamrGetDisplayEnumerationIndexResponse(NDRCALL): 2064 structure = ( 2065 ('Index',ULONG), 2066 ('ErrorCode',ULONG), 2067 ) 2068 2069class SamrGetUserDomainPasswordInformation(NDRCALL): 2070 opnum = 44 2071 structure = ( 2072 ('UserHandle',SAMPR_HANDLE), 2073 ) 2074 2075class SamrGetUserDomainPasswordInformationResponse(NDRCALL): 2076 structure = ( 2077 ('PasswordInformation',USER_DOMAIN_PASSWORD_INFORMATION), 2078 ('ErrorCode',ULONG), 2079 ) 2080 2081class SamrRemoveMemberFromForeignDomain(NDRCALL): 2082 opnum = 45 2083 structure = ( 2084 ('DomainHandle',SAMPR_HANDLE), 2085 ('MemberSid', RPC_SID), 2086 ) 2087 2088class SamrRemoveMemberFromForeignDomainResponse(NDRCALL): 2089 structure = ( 2090 ('ErrorCode',ULONG), 2091 ) 2092 2093class SamrQueryInformationDomain2(NDRCALL): 2094 opnum = 46 2095 structure = ( 2096 ('DomainHandle',SAMPR_HANDLE), 2097 ('DomainInformationClass', DOMAIN_INFORMATION_CLASS), 2098 ) 2099 2100class SamrQueryInformationDomain2Response(NDRCALL): 2101 structure = ( 2102 ('Buffer',PSAMPR_DOMAIN_INFO_BUFFER), 2103 ('ErrorCode',ULONG), 2104 ) 2105 2106class SamrQueryInformationUser2(NDRCALL): 2107 opnum = 47 2108 structure = ( 2109 ('UserHandle',SAMPR_HANDLE), 2110 ('UserInformationClass', USER_INFORMATION_CLASS ), 2111 ) 2112 2113class SamrQueryInformationUser2Response(NDRCALL): 2114 structure = ( 2115 ('Buffer',PSAMPR_USER_INFO_BUFFER), 2116 ('ErrorCode',ULONG), 2117 ) 2118 2119class SamrQueryDisplayInformation2(NDRCALL): 2120 opnum = 48 2121 structure = ( 2122 ('DomainHandle',SAMPR_HANDLE), 2123 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION), 2124 ('Index', ULONG), 2125 ('EntryCount',ULONG), 2126 ('PreferredMaximumLength',ULONG), 2127 ) 2128 2129class SamrQueryDisplayInformation2Response(NDRCALL): 2130 structure = ( 2131 ('TotalAvailable',ULONG), 2132 ('TotalReturned',ULONG), 2133 ('Buffer',SAMPR_DISPLAY_INFO_BUFFER), 2134 ('ErrorCode',ULONG), 2135 ) 2136 2137class SamrGetDisplayEnumerationIndex2(NDRCALL): 2138 opnum = 49 2139 structure = ( 2140 ('DomainHandle',SAMPR_HANDLE), 2141 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION), 2142 ('Prefix', RPC_UNICODE_STRING), 2143 ) 2144 2145class SamrGetDisplayEnumerationIndex2Response(NDRCALL): 2146 structure = ( 2147 ('Index',ULONG), 2148 ('ErrorCode',ULONG), 2149 ) 2150 2151class SamrCreateUser2InDomain(NDRCALL): 2152 opnum = 50 2153 structure = ( 2154 ('DomainHandle',SAMPR_HANDLE), 2155 ('Name', RPC_UNICODE_STRING), 2156 ('AccountType', ULONG), 2157 ('DesiredAccess', ULONG), 2158 ) 2159 2160class SamrCreateUser2InDomainResponse(NDRCALL): 2161 structure = ( 2162 ('UserHandle',SAMPR_HANDLE), 2163 ('GrantedAccess',ULONG), 2164 ('RelativeId',ULONG), 2165 ('ErrorCode',ULONG), 2166 ) 2167 2168class SamrQueryDisplayInformation3(NDRCALL): 2169 opnum = 51 2170 structure = ( 2171 ('DomainHandle',SAMPR_HANDLE), 2172 ('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION), 2173 ('Index', ULONG), 2174 ('EntryCount',ULONG), 2175 ('PreferredMaximumLength',ULONG), 2176 ) 2177 2178class SamrQueryDisplayInformation3Response(NDRCALL): 2179 structure = ( 2180 ('TotalAvailable',ULONG), 2181 ('TotalReturned',ULONG), 2182 ('Buffer',SAMPR_DISPLAY_INFO_BUFFER), 2183 ('ErrorCode',ULONG), 2184 ) 2185 2186class SamrAddMultipleMembersToAlias(NDRCALL): 2187 opnum = 52 2188 structure = ( 2189 ('AliasHandle',SAMPR_HANDLE), 2190 ('MembersBuffer', SAMPR_PSID_ARRAY), 2191 ) 2192 2193class SamrAddMultipleMembersToAliasResponse(NDRCALL): 2194 structure = ( 2195 ('ErrorCode',ULONG), 2196 ) 2197 2198class SamrRemoveMultipleMembersFromAlias(NDRCALL): 2199 opnum = 53 2200 structure = ( 2201 ('AliasHandle',SAMPR_HANDLE), 2202 ('MembersBuffer', SAMPR_PSID_ARRAY), 2203 ) 2204 2205class SamrRemoveMultipleMembersFromAliasResponse(NDRCALL): 2206 structure = ( 2207 ('ErrorCode',ULONG), 2208 ) 2209 2210class SamrOemChangePasswordUser2(NDRCALL): 2211 opnum = 54 2212 structure = ( 2213 ('ServerName', PRPC_STRING), 2214 ('UserName', RPC_STRING), 2215 ('NewPasswordEncryptedWithOldLm', PSAMPR_ENCRYPTED_USER_PASSWORD), 2216 ('OldLmOwfPasswordEncryptedWithNewLm', PENCRYPTED_LM_OWF_PASSWORD), 2217 ) 2218 2219class SamrOemChangePasswordUser2Response(NDRCALL): 2220 structure = ( 2221 ('ErrorCode',ULONG), 2222 ) 2223 2224class SamrUnicodeChangePasswordUser2(NDRCALL): 2225 opnum = 55 2226 structure = ( 2227 ('ServerName', PRPC_UNICODE_STRING), 2228 ('UserName', RPC_UNICODE_STRING), 2229 ('NewPasswordEncryptedWithOldNt',PSAMPR_ENCRYPTED_USER_PASSWORD), 2230 ('OldNtOwfPasswordEncryptedWithNewNt',PENCRYPTED_NT_OWF_PASSWORD), 2231 ('LmPresent',UCHAR), 2232 ('NewPasswordEncryptedWithOldLm',PSAMPR_ENCRYPTED_USER_PASSWORD), 2233 ('OldLmOwfPasswordEncryptedWithNewNt',PENCRYPTED_LM_OWF_PASSWORD), 2234 ) 2235 2236class SamrUnicodeChangePasswordUser2Response(NDRCALL): 2237 structure = ( 2238 ('ErrorCode',ULONG), 2239 ) 2240 2241class SamrGetDomainPasswordInformation(NDRCALL): 2242 opnum = 56 2243 structure = ( 2244 #('BindingHandle',SAMPR_HANDLE), 2245 ('Unused', PRPC_UNICODE_STRING), 2246 ) 2247 2248class SamrGetDomainPasswordInformationResponse(NDRCALL): 2249 structure = ( 2250 ('PasswordInformation',USER_DOMAIN_PASSWORD_INFORMATION), 2251 ('ErrorCode',ULONG), 2252 ) 2253 2254class SamrConnect2(NDRCALL): 2255 opnum = 57 2256 structure = ( 2257 ('ServerName',PSAMPR_SERVER_NAME), 2258 ('DesiredAccess', ULONG), 2259 ) 2260 2261class SamrConnect2Response(NDRCALL): 2262 structure = ( 2263 ('ServerHandle',SAMPR_HANDLE), 2264 ('ErrorCode',ULONG), 2265 ) 2266 2267class SamrSetInformationUser2(NDRCALL): 2268 opnum = 58 2269 structure = ( 2270 ('UserHandle',SAMPR_HANDLE), 2271 ('UserInformationClass', USER_INFORMATION_CLASS), 2272 ('Buffer', SAMPR_USER_INFO_BUFFER), 2273 ) 2274 2275class SamrSetInformationUser2Response(NDRCALL): 2276 structure = ( 2277 ('ErrorCode',ULONG), 2278 ) 2279 2280class SamrConnect4(NDRCALL): 2281 opnum = 62 2282 structure = ( 2283 ('ServerName',PSAMPR_SERVER_NAME), 2284 ('ClientRevision', ULONG), 2285 ('DesiredAccess', ULONG), 2286 ) 2287 2288class SamrConnect4Response(NDRCALL): 2289 structure = ( 2290 ('ServerHandle',SAMPR_HANDLE), 2291 ('ErrorCode',ULONG), 2292 ) 2293 2294class SamrConnect5(NDRCALL): 2295 opnum = 64 2296 structure = ( 2297 ('ServerName',PSAMPR_SERVER_NAME), 2298 ('DesiredAccess', ULONG), 2299 ('InVersion', ULONG), 2300 ('InRevisionInfo',SAMPR_REVISION_INFO), 2301 ) 2302 2303class SamrConnect5Response(NDRCALL): 2304 structure = ( 2305 ('OutVersion',ULONG), 2306 ('OutRevisionInfo',SAMPR_REVISION_INFO), 2307 ('ServerHandle',SAMPR_HANDLE), 2308 ('ErrorCode',ULONG), 2309 ) 2310 2311class SamrRidToSid(NDRCALL): 2312 opnum = 65 2313 structure = ( 2314 ('ObjectHandle',SAMPR_HANDLE), 2315 ('Rid', ULONG), 2316 ) 2317 2318class SamrRidToSidResponse(NDRCALL): 2319 structure = ( 2320 ('Sid',PRPC_SID), 2321 ('ErrorCode',ULONG), 2322 ) 2323 2324class SamrSetDSRMPassword(NDRCALL): 2325 opnum = 66 2326 structure = ( 2327 ('Unused', PRPC_UNICODE_STRING), 2328 ('UserId',ULONG), 2329 ('EncryptedNtOwfPassword',PENCRYPTED_NT_OWF_PASSWORD), 2330 ) 2331 2332class SamrSetDSRMPasswordResponse(NDRCALL): 2333 structure = ( 2334 ('ErrorCode',ULONG), 2335 ) 2336 2337class SamrValidatePassword(NDRCALL): 2338 opnum = 67 2339 structure = ( 2340 ('ValidationType', PASSWORD_POLICY_VALIDATION_TYPE), 2341 ('InputArg',SAM_VALIDATE_INPUT_ARG), 2342 ) 2343 2344class SamrValidatePasswordResponse(NDRCALL): 2345 structure = ( 2346 ('OutputArg',PSAM_VALIDATE_OUTPUT_ARG), 2347 ('ErrorCode',ULONG), 2348 ) 2349 2350################################################################################ 2351# OPNUMs and their corresponding structures 2352################################################################################ 2353OPNUMS = { 2354 0 : (SamrConnect, SamrConnectResponse), 2355 1 : (SamrCloseHandle, SamrCloseHandleResponse), 2356 2 : (SamrSetSecurityObject, SamrSetSecurityObjectResponse), 2357 3 : (SamrQuerySecurityObject, SamrQuerySecurityObjectResponse), 2358 5 : (SamrLookupDomainInSamServer, SamrLookupDomainInSamServerResponse), 2359 6 : (SamrEnumerateDomainsInSamServer, SamrEnumerateDomainsInSamServerResponse), 2360 7 : (SamrOpenDomain, SamrOpenDomainResponse), 2361 8 : (SamrQueryInformationDomain, SamrQueryInformationDomainResponse), 2362 9 : (SamrSetInformationDomain, SamrSetInformationDomainResponse), 236310 : (SamrCreateGroupInDomain, SamrCreateGroupInDomainResponse), 236411 : (SamrEnumerateGroupsInDomain, SamrEnumerateGroupsInDomainResponse), 236512 : (SamrCreateUserInDomain, SamrCreateUserInDomainResponse), 236613 : (SamrEnumerateUsersInDomain, SamrEnumerateUsersInDomainResponse), 236714 : (SamrCreateAliasInDomain, SamrCreateAliasInDomainResponse), 236815 : (SamrEnumerateAliasesInDomain, SamrEnumerateAliasesInDomainResponse), 236916 : (SamrGetAliasMembership, SamrGetAliasMembershipResponse), 237017 : (SamrLookupNamesInDomain, SamrLookupNamesInDomainResponse), 237118 : (SamrLookupIdsInDomain, SamrLookupIdsInDomainResponse), 237219 : (SamrOpenGroup, SamrOpenGroupResponse), 237320 : (SamrQueryInformationGroup, SamrQueryInformationGroupResponse), 237421 : (SamrSetInformationGroup, SamrSetInformationGroupResponse), 237522 : (SamrAddMemberToGroup, SamrAddMemberToGroupResponse), 237623 : (SamrDeleteGroup, SamrDeleteGroupResponse), 237724 : (SamrRemoveMemberFromGroup, SamrRemoveMemberFromGroupResponse), 237825 : (SamrGetMembersInGroup, SamrGetMembersInGroupResponse), 237926 : (SamrSetMemberAttributesOfGroup, SamrSetMemberAttributesOfGroupResponse), 238027 : (SamrOpenAlias, SamrOpenAliasResponse), 238128 : (SamrQueryInformationAlias, SamrQueryInformationAliasResponse), 238229 : (SamrSetInformationAlias, SamrSetInformationAliasResponse), 238330 : (SamrDeleteAlias, SamrDeleteAliasResponse), 238431 : (SamrAddMemberToAlias, SamrAddMemberToAliasResponse), 238532 : (SamrRemoveMemberFromAlias, SamrRemoveMemberFromAliasResponse), 238633 : (SamrGetMembersInAlias, SamrGetMembersInAliasResponse), 238734 : (SamrOpenUser, SamrOpenUserResponse), 238835 : (SamrDeleteUser, SamrDeleteUserResponse), 238936 : (SamrQueryInformationUser, SamrQueryInformationUserResponse), 239037 : (SamrSetInformationUser, SamrSetInformationUserResponse), 239138 : (SamrChangePasswordUser, SamrChangePasswordUserResponse), 239239 : (SamrGetGroupsForUser, SamrGetGroupsForUserResponse), 239340 : (SamrQueryDisplayInformation, SamrQueryDisplayInformationResponse), 239441 : (SamrGetDisplayEnumerationIndex, SamrGetDisplayEnumerationIndexResponse), 239544 : (SamrGetUserDomainPasswordInformation, SamrGetUserDomainPasswordInformationResponse), 239645 : (SamrRemoveMemberFromForeignDomain, SamrRemoveMemberFromForeignDomainResponse), 239746 : (SamrQueryInformationDomain2, SamrQueryInformationDomain2Response), 239847 : (SamrQueryInformationUser2, SamrQueryInformationUser2Response), 239948 : (SamrQueryDisplayInformation2, SamrQueryDisplayInformation2Response), 240049 : (SamrGetDisplayEnumerationIndex2, SamrGetDisplayEnumerationIndex2Response), 240150 : (SamrCreateUser2InDomain, SamrCreateUser2InDomainResponse), 240251 : (SamrQueryDisplayInformation3, SamrQueryDisplayInformation3Response), 240352 : (SamrAddMultipleMembersToAlias, SamrAddMultipleMembersToAliasResponse), 240453 : (SamrRemoveMultipleMembersFromAlias, SamrRemoveMultipleMembersFromAliasResponse), 240554 : (SamrOemChangePasswordUser2, SamrOemChangePasswordUser2Response), 240655 : (SamrUnicodeChangePasswordUser2, SamrUnicodeChangePasswordUser2Response), 240756 : (SamrGetDomainPasswordInformation, SamrGetDomainPasswordInformationResponse), 240857 : (SamrConnect2, SamrConnect2Response), 240958 : (SamrSetInformationUser2, SamrSetInformationUser2Response), 241062 : (SamrConnect4, SamrConnect4Response), 241164 : (SamrConnect5, SamrConnect5Response), 241265 : (SamrRidToSid, SamrRidToSidResponse), 241366 : (SamrSetDSRMPassword, SamrSetDSRMPasswordResponse), 241467 : (SamrValidatePassword, SamrValidatePasswordResponse), 2415} 2416 2417################################################################################ 2418# HELPER FUNCTIONS 2419################################################################################ 2420 2421def hSamrConnect5(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED, inVersion=1): 2422 request = SamrConnect5() 2423 request['ServerName'] = serverName 2424 request['DesiredAccess'] = desiredAccess 2425 request['InVersion'] = inVersion 2426 request['InRevisionInfo']['tag'] = inVersion 2427 return dce.request(request) 2428 2429def hSamrConnect4(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED, clientRevision=2): 2430 request = SamrConnect4() 2431 request['ServerName'] = serverName 2432 request['DesiredAccess'] = desiredAccess 2433 request['ClientRevision'] = clientRevision 2434 return dce.request(request) 2435 2436def hSamrConnect2(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED): 2437 request = SamrConnect2() 2438 request['ServerName'] = serverName 2439 request['DesiredAccess'] = desiredAccess 2440 return dce.request(request) 2441 2442def hSamrConnect(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED): 2443 request = SamrConnect() 2444 request['ServerName'] = serverName 2445 request['DesiredAccess'] = desiredAccess 2446 return dce.request(request) 2447 2448def hSamrOpenDomain(dce, serverHandle, desiredAccess=MAXIMUM_ALLOWED, domainId=NULL): 2449 request = SamrOpenDomain() 2450 request['ServerHandle'] = serverHandle 2451 request['DesiredAccess'] = desiredAccess 2452 request['DomainId'] = domainId 2453 return dce.request(request) 2454 2455def hSamrOpenGroup(dce, domainHandle, desiredAccess=MAXIMUM_ALLOWED, groupId=0): 2456 request = SamrOpenGroup() 2457 request['DomainHandle'] = domainHandle 2458 request['DesiredAccess'] = desiredAccess 2459 request['GroupId'] = groupId 2460 return dce.request(request) 2461 2462def hSamrOpenAlias(dce, domainHandle, desiredAccess=MAXIMUM_ALLOWED, aliasId=0): 2463 request = SamrOpenAlias() 2464 request['DomainHandle'] = domainHandle 2465 request['DesiredAccess'] = desiredAccess 2466 request['AliasId'] = aliasId 2467 return dce.request(request) 2468 2469def hSamrOpenUser(dce, domainHandle, desiredAccess=MAXIMUM_ALLOWED, userId=0): 2470 request = SamrOpenUser() 2471 request['DomainHandle'] = domainHandle 2472 request['DesiredAccess'] = desiredAccess 2473 request['UserId'] = userId 2474 return dce.request(request) 2475 2476def hSamrEnumerateDomainsInSamServer(dce, serverHandle, enumerationContext=0, preferedMaximumLength=0xffffffff): 2477 request = SamrEnumerateDomainsInSamServer() 2478 request['ServerHandle'] = serverHandle 2479 request['EnumerationContext'] = enumerationContext 2480 request['PreferedMaximumLength'] = preferedMaximumLength 2481 return dce.request(request) 2482 2483def hSamrEnumerateGroupsInDomain(dce, domainHandle, enumerationContext=0, preferedMaximumLength=0xffffffff): 2484 request = SamrEnumerateGroupsInDomain() 2485 request['DomainHandle'] = domainHandle 2486 request['EnumerationContext'] = enumerationContext 2487 request['PreferedMaximumLength'] = preferedMaximumLength 2488 return dce.request(request) 2489 2490def hSamrEnumerateAliasesInDomain(dce, domainHandle, enumerationContext=0, preferedMaximumLength=0xffffffff): 2491 request = SamrEnumerateAliasesInDomain() 2492 request['DomainHandle'] = domainHandle 2493 request['EnumerationContext'] = enumerationContext 2494 request['PreferedMaximumLength'] = preferedMaximumLength 2495 return dce.request(request) 2496 2497def hSamrEnumerateUsersInDomain(dce, domainHandle, userAccountControl=USER_NORMAL_ACCOUNT, enumerationContext=0, preferedMaximumLength=0xffffffff): 2498 request = SamrEnumerateUsersInDomain() 2499 request['DomainHandle'] = domainHandle 2500 request['UserAccountControl'] = userAccountControl 2501 request['EnumerationContext'] = enumerationContext 2502 request['PreferedMaximumLength'] = preferedMaximumLength 2503 return dce.request(request) 2504 2505def hSamrQueryDisplayInformation3(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, index=0, entryCount=0xffffffff, preferedMaximumLength=0xffffffff): 2506 request = SamrQueryDisplayInformation3() 2507 request['DomainHandle'] = domainHandle 2508 request['DisplayInformationClass'] = displayInformationClass 2509 request['Index'] = index 2510 request['EntryCount'] = entryCount 2511 request['PreferredMaximumLength'] = preferedMaximumLength 2512 return dce.request(request) 2513 2514def hSamrQueryDisplayInformation2(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, index=0, entryCount=0xffffffff, preferedMaximumLength=0xffffffff): 2515 request = SamrQueryDisplayInformation2() 2516 request['DomainHandle'] = domainHandle 2517 request['DisplayInformationClass'] = displayInformationClass 2518 request['Index'] = index 2519 request['EntryCount'] = entryCount 2520 request['PreferredMaximumLength'] = preferedMaximumLength 2521 return dce.request(request) 2522 2523def hSamrQueryDisplayInformation(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, index=0, entryCount=0xffffffff, preferedMaximumLength=0xffffffff): 2524 request = SamrQueryDisplayInformation() 2525 request['DomainHandle'] = domainHandle 2526 request['DisplayInformationClass'] = displayInformationClass 2527 request['Index'] = index 2528 request['EntryCount'] = entryCount 2529 request['PreferredMaximumLength'] = preferedMaximumLength 2530 return dce.request(request) 2531 2532def hSamrGetDisplayEnumerationIndex2(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, prefix=''): 2533 request = SamrGetDisplayEnumerationIndex2() 2534 request['DomainHandle'] = domainHandle 2535 request['DisplayInformationClass'] = displayInformationClass 2536 request['Prefix'] = prefix 2537 return dce.request(request) 2538 2539def hSamrGetDisplayEnumerationIndex(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, prefix=''): 2540 request = SamrGetDisplayEnumerationIndex() 2541 request['DomainHandle'] = domainHandle 2542 request['DisplayInformationClass'] = displayInformationClass 2543 request['Prefix'] = prefix 2544 return dce.request(request) 2545 2546def hSamrCreateGroupInDomain(dce, domainHandle, name, desiredAccess=GROUP_ALL_ACCESS): 2547 request = SamrCreateGroupInDomain() 2548 request['DomainHandle'] = domainHandle 2549 request['Name'] = name 2550 request['DesiredAccess'] = desiredAccess 2551 return dce.request(request) 2552 2553def hSamrCreateAliasInDomain(dce, domainHandle, accountName, desiredAccess=GROUP_ALL_ACCESS): 2554 request = SamrCreateAliasInDomain() 2555 request['DomainHandle'] = domainHandle 2556 request['AccountName'] = accountName 2557 request['DesiredAccess'] = desiredAccess 2558 return dce.request(request) 2559 2560def hSamrCreateUser2InDomain(dce, domainHandle, name, accountType=USER_NORMAL_ACCOUNT, desiredAccess=GROUP_ALL_ACCESS): 2561 request = SamrCreateUser2InDomain() 2562 request['DomainHandle'] = domainHandle 2563 request['Name'] = name 2564 request['AccountType'] = accountType 2565 request['DesiredAccess'] = desiredAccess 2566 return dce.request(request) 2567 2568def hSamrCreateUserInDomain(dce, domainHandle, name, desiredAccess=GROUP_ALL_ACCESS): 2569 request = SamrCreateUserInDomain() 2570 request['DomainHandle'] = domainHandle 2571 request['Name'] = name 2572 request['DesiredAccess'] = desiredAccess 2573 return dce.request(request) 2574 2575def hSamrQueryInformationDomain(dce, domainHandle, domainInformationClass=DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2): 2576 request = SamrQueryInformationDomain() 2577 request['DomainHandle'] = domainHandle 2578 request['DomainInformationClass'] = domainInformationClass 2579 return dce.request(request) 2580 2581def hSamrQueryInformationDomain2(dce, domainHandle, domainInformationClass=DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2): 2582 request = SamrQueryInformationDomain2() 2583 request['DomainHandle'] = domainHandle 2584 request['DomainInformationClass'] = domainInformationClass 2585 return dce.request(request) 2586 2587def hSamrQueryInformationGroup(dce, groupHandle, groupInformationClass=GROUP_INFORMATION_CLASS.GroupGeneralInformation): 2588 request = SamrQueryInformationGroup() 2589 request['GroupHandle'] = groupHandle 2590 request['GroupInformationClass'] = groupInformationClass 2591 return dce.request(request) 2592 2593def hSamrQueryInformationAlias(dce, aliasHandle, aliasInformationClass=ALIAS_INFORMATION_CLASS.AliasGeneralInformation): 2594 request = SamrQueryInformationAlias() 2595 request['AliasHandle'] = aliasHandle 2596 request['AliasInformationClass'] = aliasInformationClass 2597 return dce.request(request) 2598 2599def hSamrQueryInformationUser2(dce, userHandle, userInformationClass=USER_INFORMATION_CLASS.UserGeneralInformation): 2600 request = SamrQueryInformationUser2() 2601 request['UserHandle'] = userHandle 2602 request['UserInformationClass'] = userInformationClass 2603 return dce.request(request) 2604 2605def hSamrQueryInformationUser(dce, userHandle, userInformationClass=USER_INFORMATION_CLASS.UserGeneralInformation): 2606 request = SamrQueryInformationUser() 2607 request['UserHandle'] = userHandle 2608 request['UserInformationClass'] = userInformationClass 2609 return dce.request(request) 2610 2611def hSamrSetInformationDomain(dce, domainHandle, domainInformation): 2612 request = SamrSetInformationDomain() 2613 request['DomainHandle'] = domainHandle 2614 request['DomainInformationClass'] = domainInformation['tag'] 2615 request['DomainInformation'] = domainInformation 2616 return dce.request(request) 2617 2618def hSamrSetInformationGroup(dce, groupHandle, buffer): 2619 request = SamrSetInformationGroup() 2620 request['GroupHandle'] = groupHandle 2621 request['GroupInformationClass'] = buffer['tag'] 2622 request['Buffer'] = buffer 2623 return dce.request(request) 2624 2625def hSamrSetInformationAlias(dce, aliasHandle, buffer): 2626 request = SamrSetInformationAlias() 2627 request['AliasHandle'] = aliasHandle 2628 request['AliasInformationClass'] = buffer['tag'] 2629 request['Buffer'] = buffer 2630 return dce.request(request) 2631 2632def hSamrSetInformationUser2(dce, userHandle, buffer): 2633 request = SamrSetInformationUser2() 2634 request['UserHandle'] = userHandle 2635 request['UserInformationClass'] = buffer['tag'] 2636 request['Buffer'] = buffer 2637 return dce.request(request) 2638 2639def hSamrSetInformationUser(dce, userHandle, buffer): 2640 request = SamrSetInformationUser() 2641 request['UserHandle'] = userHandle 2642 request['UserInformationClass'] = buffer['tag'] 2643 request['Buffer'] = buffer 2644 return dce.request(request) 2645 2646def hSamrDeleteGroup(dce, groupHandle): 2647 request = SamrDeleteGroup() 2648 request['GroupHandle'] = groupHandle 2649 return dce.request(request) 2650 2651def hSamrDeleteAlias(dce, aliasHandle): 2652 request = SamrDeleteAlias() 2653 request['AliasHandle'] = aliasHandle 2654 return dce.request(request) 2655 2656def hSamrDeleteUser(dce, userHandle): 2657 request = SamrDeleteUser() 2658 request['UserHandle'] = userHandle 2659 return dce.request(request) 2660 2661def hSamrAddMemberToGroup(dce, groupHandle, memberId, attributes): 2662 request = SamrAddMemberToGroup() 2663 request['GroupHandle'] = groupHandle 2664 request['MemberId'] = memberId 2665 request['Attributes'] = attributes 2666 return dce.request(request) 2667 2668def hSamrRemoveMemberFromGroup(dce, groupHandle, memberId): 2669 request = SamrRemoveMemberFromGroup() 2670 request['GroupHandle'] = groupHandle 2671 request['MemberId'] = memberId 2672 return dce.request(request) 2673 2674def hSamrGetMembersInGroup(dce, groupHandle): 2675 request = SamrGetMembersInGroup() 2676 request['GroupHandle'] = groupHandle 2677 return dce.request(request) 2678 2679def hSamrAddMemberToAlias(dce, aliasHandle, memberId): 2680 request = SamrAddMemberToAlias() 2681 request['AliasHandle'] = aliasHandle 2682 request['MemberId'] = memberId 2683 return dce.request(request) 2684 2685def hSamrRemoveMemberFromAlias(dce, aliasHandle, memberId): 2686 request = SamrRemoveMemberFromAlias() 2687 request['AliasHandle'] = aliasHandle 2688 request['MemberId'] = memberId 2689 return dce.request(request) 2690 2691def hSamrGetMembersInAlias(dce, aliasHandle): 2692 request = SamrGetMembersInAlias() 2693 request['AliasHandle'] = aliasHandle 2694 return dce.request(request) 2695 2696def hSamrRemoveMemberFromForeignDomain(dce, domainHandle, memberSid): 2697 request = SamrRemoveMemberFromForeignDomain() 2698 request['DomainHandle'] = domainHandle 2699 request['MemberSid'] = memberSid 2700 return dce.request(request) 2701 2702def hSamrAddMultipleMembersToAlias(dce, aliasHandle, membersBuffer): 2703 request = SamrAddMultipleMembersToAlias() 2704 request['AliasHandle'] = aliasHandle 2705 request['MembersBuffer'] = membersBuffer 2706 request['MembersBuffer']['Count'] = len(membersBuffer['Sids']) 2707 return dce.request(request) 2708 2709def hSamrRemoveMultipleMembersFromAlias(dce, aliasHandle, membersBuffer): 2710 request = SamrRemoveMultipleMembersFromAlias() 2711 request['AliasHandle'] = aliasHandle 2712 request['MembersBuffer'] = membersBuffer 2713 request['MembersBuffer']['Count'] = len(membersBuffer['Sids']) 2714 return dce.request(request) 2715 2716def hSamrGetGroupsForUser(dce, userHandle): 2717 request = SamrGetGroupsForUser() 2718 request['UserHandle'] = userHandle 2719 return dce.request(request) 2720 2721def hSamrGetAliasMembership(dce, domainHandle, sidArray): 2722 request = SamrGetAliasMembership() 2723 request['DomainHandle'] = domainHandle 2724 request['SidArray'] = sidArray 2725 request['SidArray']['Count'] = len(sidArray['Sids']) 2726 return dce.request(request) 2727 2728def hSamrChangePasswordUser(dce, userHandle, oldPassword, newPassword): 2729 request = SamrChangePasswordUser() 2730 request['UserHandle'] = userHandle 2731 2732 from impacket import crypto, ntlm 2733 2734 oldPwdHashNT = ntlm.NTOWFv1(oldPassword) 2735 newPwdHashNT = ntlm.NTOWFv1(newPassword) 2736 newPwdHashLM = ntlm.LMOWFv1(newPassword) 2737 2738 request['LmPresent'] = 0 2739 request['OldLmEncryptedWithNewLm'] = NULL 2740 request['NewLmEncryptedWithOldLm'] = NULL 2741 request['NtPresent'] = 1 2742 request['OldNtEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(oldPwdHashNT, newPwdHashNT) 2743 request['NewNtEncryptedWithOldNt'] = crypto.SamEncryptNTLMHash(newPwdHashNT, oldPwdHashNT) 2744 request['NtCrossEncryptionPresent'] = 0 2745 request['NewNtEncryptedWithNewLm'] = NULL 2746 request['LmCrossEncryptionPresent'] = 1 2747 request['NewLmEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(newPwdHashLM, newPwdHashNT) 2748 2749 return dce.request(request) 2750 2751def hSamrUnicodeChangePasswordUser2(dce, serverName='\x00', userName='', oldPassword='', newPassword='', oldPwdHashLM = '', oldPwdHashNT = ''): 2752 request = SamrUnicodeChangePasswordUser2() 2753 request['ServerName'] = serverName 2754 request['UserName'] = userName 2755 2756 try: 2757 from Crypto.Cipher import ARC4 2758 except Exception: 2759 LOG.critical("Warning: You don't have any crypto installed. You need PyCrypto") 2760 LOG.critical("See http://www.pycrypto.org/") 2761 from impacket import crypto, ntlm 2762 2763 if oldPwdHashLM == '' and oldPwdHashNT == '': 2764 oldPwdHashLM = ntlm.LMOWFv1(oldPassword) 2765 oldPwdHashNT = ntlm.NTOWFv1(oldPassword) 2766 else: 2767 # Let's convert the hashes to binary form, if not yet 2768 try: 2769 oldPwdHashLM = unhexlify(oldPwdHashLM) 2770 except: 2771 pass 2772 try: 2773 oldPwdHashNT = unhexlify(oldPwdHashNT) 2774 except: 2775 pass 2776 2777 newPwdHashNT = ntlm.NTOWFv1(newPassword) 2778 newPwdHashLM = ntlm.LMOWFv1(newPassword) 2779 2780 2781 samUser = SAMPR_USER_PASSWORD() 2782 try: 2783 samUser['Buffer'] = 'A'*(512-len(newPassword)*2) + newPassword.encode('utf-16le') 2784 except UnicodeDecodeError: 2785 import sys 2786 samUser['Buffer'] = 'A'*(512-len(newPassword)*2) + newPassword.decode(sys.getfilesystemencoding()).encode('utf-16le') 2787 2788 samUser['Length'] = len(newPassword)*2 2789 pwdBuff = str(samUser) 2790 2791 rc4 = ARC4.new(oldPwdHashNT) 2792 encBuf = rc4.encrypt(pwdBuff) 2793 request['NewPasswordEncryptedWithOldNt']['Buffer'] = encBuf 2794 request['OldNtOwfPasswordEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(oldPwdHashNT, newPwdHashNT) 2795 request['LmPresent'] = 0 2796 request['NewPasswordEncryptedWithOldLm'] = NULL 2797 request['OldLmOwfPasswordEncryptedWithNewNt'] = NULL 2798 2799 return dce.request(request) 2800 2801def hSamrLookupDomainInSamServer(dce, serverHandle, name): 2802 request = SamrLookupDomainInSamServer() 2803 request['ServerHandle'] = serverHandle 2804 request['Name'] = name 2805 return dce.request(request) 2806 2807def hSamrSetSecurityObject(dce, objectHandle, securityInformation, securityDescriptor): 2808 request = SamrSetSecurityObject() 2809 request['ObjectHandle'] = objectHandle 2810 request['SecurityInformation'] = securityInformation 2811 request['SecurityDescriptor'] = securityDescriptor 2812 return dce.request(request) 2813 2814def hSamrQuerySecurityObject(dce, objectHandle, securityInformation): 2815 request = SamrQuerySecurityObject() 2816 request['ObjectHandle'] = objectHandle 2817 request['SecurityInformation'] = securityInformation 2818 return dce.request(request) 2819 2820def hSamrCloseHandle(dce, samHandle): 2821 request = SamrCloseHandle() 2822 request['SamHandle'] = samHandle 2823 return dce.request(request) 2824 2825def hSamrSetMemberAttributesOfGroup(dce, groupHandle, memberId, attributes): 2826 request = SamrSetMemberAttributesOfGroup() 2827 request['GroupHandle'] = groupHandle 2828 request['MemberId'] = memberId 2829 request['Attributes'] = attributes 2830 return dce.request(request) 2831 2832def hSamrGetUserDomainPasswordInformation(dce, userHandle): 2833 request = SamrGetUserDomainPasswordInformation() 2834 request['UserHandle'] = userHandle 2835 return dce.request(request) 2836 2837def hSamrGetDomainPasswordInformation(dce): 2838 request = SamrGetDomainPasswordInformation() 2839 request['Unused'] = NULL 2840 return dce.request(request) 2841 2842def hSamrRidToSid(dce, objectHandle, rid): 2843 request = SamrRidToSid() 2844 request['ObjectHandle'] = objectHandle 2845 request['Rid'] = rid 2846 return dce.request(request) 2847 2848def hSamrValidatePassword(dce, inputArg): 2849 request = SamrValidatePassword() 2850 request['ValidationType'] = inputArg['tag'] 2851 request['InputArg'] = inputArg 2852 return dce.request(request) 2853 2854def hSamrLookupNamesInDomain(dce, domainHandle, names): 2855 request = SamrLookupNamesInDomain() 2856 request['DomainHandle'] = domainHandle 2857 request['Count'] = len(names) 2858 for name in names: 2859 entry = RPC_UNICODE_STRING() 2860 entry['Data'] = name 2861 request['Names'].append(entry) 2862 2863 request.fields['Names'].fields['MaximumCount'] = 1000 2864 2865 return dce.request(request) 2866 2867def hSamrLookupIdsInDomain(dce, domainHandle, ids): 2868 request = SamrLookupIdsInDomain() 2869 request['DomainHandle'] = domainHandle 2870 request['Count'] = len(ids) 2871 for dId in ids: 2872 entry = ULONG() 2873 entry['Data'] = dId 2874 request['RelativeIds'].append(entry) 2875 2876 request.fields['RelativeIds'].fields['MaximumCount'] = 1000 2877 2878 return dce.request(request) 2879 2880