github/Responder
1
0
Fork 0
mirror of https://github.com/lgandx/Responder.git synced 2024-10-18 05:00:39 -07:00
Code Issues Packages Projects Releases Wiki Activity
master
Responder/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/lsad.py

1666 lines
56 KiB
Python
Raw Permalink Blame History

# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
#
# This software is provided under under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# Author: Alberto Solino (@agsolino)
#
# Description:
# [MS-LSAD] Interface implementation
#
# Best way to learn how to use these calls is to grab the protocol standard
# so you understand what the call does, and then read the test case located
# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
#
# Some calls have helper functions, which makes it even easier to use.
# They are located at the end of this file.
# Helper functions start with "h"<name of the call>.
# There are test cases for them too.
#
from __future__ import division
from __future__ import print_function
from impacket.dcerpc.v5.ndr import NDRCALL, NDRENUM, NDRUNION, NDRUniConformantVaryingArray, NDRPOINTER, NDR, NDRSTRUCT, \
NDRUniConformantArray
from impacket.dcerpc.v5.dtypes import DWORD, LPWSTR, STR, LUID, LONG, ULONG, RPC_UNICODE_STRING, PRPC_SID, LPBYTE, \
LARGE_INTEGER, NTSTATUS, RPC_SID, ACCESS_MASK, UCHAR, PRPC_UNICODE_STRING, PLARGE_INTEGER, USHORT, \
SECURITY_INFORMATION, NULL, MAXIMUM_ALLOWED, GUID, SECURITY_DESCRIPTOR, OWNER_SECURITY_INFORMATION
from impacket import nt_errors
from impacket.uuid import uuidtup_to_bin
from impacket.dcerpc.v5.enum import Enum
from impacket.dcerpc.v5.rpcrt import DCERPCException
MSRPC_UUID_LSAD = uuidtup_to_bin(('12345778-1234-ABCD-EF00-0123456789AB','0.0'))
class DCERPCSessionError(DCERPCException):
def __init__(self, error_string=None, error_code=None, packet=None):
DCERPCException.__init__(self, error_string, error_code, packet)
def __str__( self ):
key = self.error_code
if key in nt_errors.ERROR_MESSAGES:
error_msg_short = nt_errors.ERROR_MESSAGES[key][0]
error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1]
return 'LSAD SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
else:
return 'LSAD SessionError: unknown error code: 0x%x' % self.error_code
################################################################################
# CONSTANTS
################################################################################
# 2.2.1.1.2 ACCESS_MASK for Policy Objects
POLICY_VIEW_LOCAL_INFORMATION = 0x00000001
POLICY_VIEW_AUDIT_INFORMATION = 0x00000002
POLICY_GET_PRIVATE_INFORMATION = 0x00000004
POLICY_TRUST_ADMIN = 0x00000008
POLICY_CREATE_ACCOUNT = 0x00000010
POLICY_CREATE_SECRET = 0x00000020
POLICY_CREATE_PRIVILEGE = 0x00000040
POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x00000080
POLICY_SET_AUDIT_REQUIREMENTS = 0x00000100
POLICY_AUDIT_LOG_ADMIN = 0x00000200
POLICY_SERVER_ADMIN = 0x00000400
POLICY_LOOKUP_NAMES = 0x00000800
POLICY_NOTIFICATION = 0x00001000
# 2.2.1.1.3 ACCESS_MASK for Account Objects
ACCOUNT_VIEW = 0x00000001
ACCOUNT_ADJUST_PRIVILEGES = 0x00000002
ACCOUNT_ADJUST_QUOTAS = 0x00000004
ACCOUNT_ADJUST_SYSTEM_ACCESS = 0x00000008
# 2.2.1.1.4 ACCESS_MASK for Secret Objects
SECRET_SET_VALUE = 0x00000001
SECRET_QUERY_VALUE = 0x00000002
# 2.2.1.1.5 ACCESS_MASK for Trusted Domain Objects
TRUSTED_QUERY_DOMAIN_NAME = 0x00000001
TRUSTED_QUERY_CONTROLLERS = 0x00000002
TRUSTED_SET_CONTROLLERS = 0x00000004
TRUSTED_QUERY_POSIX = 0x00000008
TRUSTED_SET_POSIX = 0x00000010
TRUSTED_SET_AUTH = 0x00000020
TRUSTED_QUERY_AUTH = 0x00000040
# 2.2.1.2 POLICY_SYSTEM_ACCESS_MODE
POLICY_MODE_INTERACTIVE = 0x00000001
POLICY_MODE_NETWORK = 0x00000002
POLICY_MODE_BATCH = 0x00000004
POLICY_MODE_SERVICE = 0x00000010
POLICY_MODE_DENY_INTERACTIVE = 0x00000040
POLICY_MODE_DENY_NETWORK = 0x00000080
POLICY_MODE_DENY_BATCH = 0x00000100
POLICY_MODE_DENY_SERVICE = 0x00000200
POLICY_MODE_REMOTE_INTERACTIVE = 0x00000400
POLICY_MODE_DENY_REMOTE_INTERACTIVE = 0x00000800
POLICY_MODE_ALL = 0x00000FF7
POLICY_MODE_ALL_NT4 = 0x00000037
# 2.2.4.4 LSAPR_POLICY_AUDIT_EVENTS_INFO
# EventAuditingOptions
POLICY_AUDIT_EVENT_UNCHANGED = 0x00000000
POLICY_AUDIT_EVENT_NONE = 0x00000004
POLICY_AUDIT_EVENT_SUCCESS = 0x00000001
POLICY_AUDIT_EVENT_FAILURE = 0x00000002
# 2.2.4.19 POLICY_DOMAIN_KERBEROS_TICKET_INFO
# AuthenticationOptions
POLICY_KERBEROS_VALIDATE_CLIENT = 0x00000080
# 2.2.7.21 LSA_FOREST_TRUST_RECORD
# Flags
LSA_TLN_DISABLED_NEW = 0x00000001
LSA_TLN_DISABLED_ADMIN = 0x00000002
LSA_TLN_DISABLED_CONFLICT = 0x00000004
LSA_SID_DISABLED_ADMIN = 0x00000001
LSA_SID_DISABLED_CONFLICT = 0x00000002
LSA_NB_DISABLED_ADMIN = 0x00000004
LSA_NB_DISABLED_CONFLICT = 0x00000008
LSA_FTRECORD_DISABLED_REASONS = 0x0000FFFF
################################################################################
# STRUCTURES
################################################################################
# 2.2.2.1 LSAPR_HANDLE
class LSAPR_HANDLE(NDRSTRUCT):
align = 1
structure = (
('Data','20s=""'),
)
# 2.2.2.3 LSA_UNICODE_STRING
LSA_UNICODE_STRING = RPC_UNICODE_STRING
# 2.2.3.1 STRING
class STRING(NDRSTRUCT):
commonHdr = (
('MaximumLength','<H=len(Data)-12'),
('Length','<H=len(Data)-12'),
('ReferentID','<L=0xff'),
)
commonHdr64 = (
('MaximumLength','<H=len(Data)-24'),
('Length','<H=len(Data)-24'),
('ReferentID','<Q=0xff'),
)
referent = (
('Data',STR),
)
def dump(self, msg = None, indent = 0):
if msg is None:
msg = self.__class__.__name__
if msg != '':
print("%s" % msg, end=' ')
# Here just print the data
print(" %r" % (self['Data']), end=' ')
def __setitem__(self, key, value):
if key == 'Data':
self.fields['MaximumLength'] = None
self.fields['Length'] = None
self.data = None # force recompute
return NDR.__setitem__(self, key, value)
# 2.2.3.2 LSAPR_ACL
class LSAPR_ACL(NDRSTRUCT):
structure = (
('AclRevision', UCHAR),
('Sbz1', UCHAR),
('AclSize', USHORT),
('Dummy1',NDRUniConformantArray),
)
# 2.2.3.4 LSAPR_SECURITY_DESCRIPTOR
LSAPR_SECURITY_DESCRIPTOR = SECURITY_DESCRIPTOR
class PLSAPR_SECURITY_DESCRIPTOR(NDRPOINTER):
referent = (
('Data', LSAPR_SECURITY_DESCRIPTOR),
)
# 2.2.3.5 SECURITY_IMPERSONATION_LEVEL
class SECURITY_IMPERSONATION_LEVEL(NDRENUM):
class enumItems(Enum):
SecurityAnonymous = 0
SecurityIdentification = 1
SecurityImpersonation = 2
SecurityDelegation = 3
# 2.2.3.6 SECURITY_CONTEXT_TRACKING_MODE
SECURITY_CONTEXT_TRACKING_MODE = UCHAR
# 2.2.3.7 SECURITY_QUALITY_OF_SERVICE
class SECURITY_QUALITY_OF_SERVICE(NDRSTRUCT):
structure = (
('Length', DWORD),
('ImpersonationLevel', SECURITY_IMPERSONATION_LEVEL),
('ContextTrackingMode', SECURITY_CONTEXT_TRACKING_MODE),
('EffectiveOnly', UCHAR),
)
class PSECURITY_QUALITY_OF_SERVICE(NDRPOINTER):
referent = (
('Data', SECURITY_QUALITY_OF_SERVICE),
)
# 2.2.2.4 LSAPR_OBJECT_ATTRIBUTES
class LSAPR_OBJECT_ATTRIBUTES(NDRSTRUCT):
structure = (
('Length', DWORD),
('RootDirectory', LPWSTR),
('ObjectName', LPWSTR),
('Attributes', DWORD),
('SecurityDescriptor', PLSAPR_SECURITY_DESCRIPTOR),
('SecurityQualityOfService', PSECURITY_QUALITY_OF_SERVICE),
)
# 2.2.2.5 LSAPR_SR_SECURITY_DESCRIPTOR
class LSAPR_SR_SECURITY_DESCRIPTOR(NDRSTRUCT):
structure = (
('Length', DWORD),
('SecurityDescriptor', LPBYTE),
)
class PLSAPR_SR_SECURITY_DESCRIPTOR(NDRPOINTER):
referent = (
('Data', LSAPR_SR_SECURITY_DESCRIPTOR),
)
# 2.2.3.3 SECURITY_DESCRIPTOR_CONTROL
SECURITY_DESCRIPTOR_CONTROL = ULONG
# 2.2.4.1 POLICY_INFORMATION_CLASS
class POLICY_INFORMATION_CLASS(NDRENUM):
class enumItems(Enum):
PolicyAuditLogInformation = 1
PolicyAuditEventsInformation = 2
PolicyPrimaryDomainInformation = 3
PolicyPdAccountInformation = 4
PolicyAccountDomainInformation = 5
PolicyLsaServerRoleInformation = 6
PolicyReplicaSourceInformation = 7
PolicyInformationNotUsedOnWire = 8
PolicyModificationInformation = 9
PolicyAuditFullSetInformation = 10
PolicyAuditFullQueryInformation = 11
PolicyDnsDomainInformation = 12
PolicyDnsDomainInformationInt = 13
PolicyLocalAccountDomainInformation = 14
PolicyLastEntry = 15
# 2.2.4.3 POLICY_AUDIT_LOG_INFO
class POLICY_AUDIT_LOG_INFO(NDRSTRUCT):
structure = (
('AuditLogPercentFull', DWORD),
('MaximumLogSize', DWORD),
('AuditRetentionPeriod', LARGE_INTEGER),
('AuditLogFullShutdownInProgress', UCHAR),
('TimeToShutdown', LARGE_INTEGER),
('NextAuditRecordId', DWORD),
)
# 2.2.4.4 LSAPR_POLICY_AUDIT_EVENTS_INFO
class DWORD_ARRAY(NDRUniConformantArray):
item = DWORD
class PDWORD_ARRAY(NDRPOINTER):
referent = (
('Data', DWORD_ARRAY),
)
class LSAPR_POLICY_AUDIT_EVENTS_INFO(NDRSTRUCT):
structure = (
('AuditingMode', UCHAR),
('EventAuditingOptions', PDWORD_ARRAY),
('MaximumAuditEventCount', DWORD),
)
# 2.2.4.5 LSAPR_POLICY_PRIMARY_DOM_INFO
class LSAPR_POLICY_PRIMARY_DOM_INFO(NDRSTRUCT):
structure = (
('Name', RPC_UNICODE_STRING),
('Sid', PRPC_SID),
)
# 2.2.4.6 LSAPR_POLICY_ACCOUNT_DOM_INFO
class LSAPR_POLICY_ACCOUNT_DOM_INFO(NDRSTRUCT):
structure = (
('DomainName', RPC_UNICODE_STRING),
('DomainSid', PRPC_SID),
)
# 2.2.4.7 LSAPR_POLICY_PD_ACCOUNT_INFO
class LSAPR_POLICY_PD_ACCOUNT_INFO(NDRSTRUCT):
structure = (
('Name', RPC_UNICODE_STRING),
)
# 2.2.4.8 POLICY_LSA_SERVER_ROLE
class POLICY_LSA_SERVER_ROLE(NDRENUM):
class enumItems(Enum):
PolicyServerRoleBackup = 2
PolicyServerRolePrimary = 3
# 2.2.4.9 POLICY_LSA_SERVER_ROLE_INFO
class POLICY_LSA_SERVER_ROLE_INFO(NDRSTRUCT):
structure = (
('LsaServerRole', POLICY_LSA_SERVER_ROLE),
)
# 2.2.4.10 LSAPR_POLICY_REPLICA_SRCE_INFO
class LSAPR_POLICY_REPLICA_SRCE_INFO(NDRSTRUCT):
structure = (
('ReplicaSource', RPC_UNICODE_STRING),
('ReplicaAccountName', RPC_UNICODE_STRING),
)
# 2.2.4.11 POLICY_MODIFICATION_INFO
class POLICY_MODIFICATION_INFO(NDRSTRUCT):
structure = (
('ModifiedId', LARGE_INTEGER),
('DatabaseCreationTime', LARGE_INTEGER),
)
# 2.2.4.12 POLICY_AUDIT_FULL_SET_INFO
class POLICY_AUDIT_FULL_SET_INFO(NDRSTRUCT):
structure = (
('ShutDownOnFull', UCHAR),
)
# 2.2.4.13 POLICY_AUDIT_FULL_QUERY_INFO
class POLICY_AUDIT_FULL_QUERY_INFO(NDRSTRUCT):
structure = (
('ShutDownOnFull', UCHAR),
('LogIsFull', UCHAR),
)
# 2.2.4.14 LSAPR_POLICY_DNS_DOMAIN_INFO
class LSAPR_POLICY_DNS_DOMAIN_INFO(NDRSTRUCT):
structure = (
('Name', RPC_UNICODE_STRING),
('DnsDomainName', RPC_UNICODE_STRING),
('DnsForestName', RPC_UNICODE_STRING),
('DomainGuid', GUID),
('Sid', PRPC_SID),
)
# 2.2.4.2 LSAPR_POLICY_INFORMATION
class LSAPR_POLICY_INFORMATION(NDRUNION):
union = {
POLICY_INFORMATION_CLASS.PolicyAuditLogInformation : ('PolicyAuditLogInfo', POLICY_AUDIT_LOG_INFO),
POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation : ('PolicyAuditEventsInfo', LSAPR_POLICY_AUDIT_EVENTS_INFO),
POLICY_INFORMATION_CLASS.PolicyPrimaryDomainInformation : ('PolicyPrimaryDomainInfo', LSAPR_POLICY_PRIMARY_DOM_INFO),
POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation : ('PolicyAccountDomainInfo', LSAPR_POLICY_ACCOUNT_DOM_INFO),
POLICY_INFORMATION_CLASS.PolicyPdAccountInformation : ('PolicyPdAccountInfo', LSAPR_POLICY_PD_ACCOUNT_INFO),
POLICY_INFORMATION_CLASS.PolicyLsaServerRoleInformation : ('PolicyServerRoleInfo', POLICY_LSA_SERVER_ROLE_INFO),
POLICY_INFORMATION_CLASS.PolicyReplicaSourceInformation : ('PolicyReplicaSourceInfo', LSAPR_POLICY_REPLICA_SRCE_INFO),
POLICY_INFORMATION_CLASS.PolicyModificationInformation : ('PolicyModificationInfo', POLICY_MODIFICATION_INFO),
POLICY_INFORMATION_CLASS.PolicyAuditFullSetInformation : ('PolicyAuditFullSetInfo', POLICY_AUDIT_FULL_SET_INFO),
POLICY_INFORMATION_CLASS.PolicyAuditFullQueryInformation : ('PolicyAuditFullQueryInfo', POLICY_AUDIT_FULL_QUERY_INFO),
POLICY_INFORMATION_CLASS.PolicyDnsDomainInformation : ('PolicyDnsDomainInfo', LSAPR_POLICY_DNS_DOMAIN_INFO),
POLICY_INFORMATION_CLASS.PolicyDnsDomainInformationInt : ('PolicyDnsDomainInfoInt', LSAPR_POLICY_DNS_DOMAIN_INFO),
POLICY_INFORMATION_CLASS.PolicyLocalAccountDomainInformation: ('PolicyLocalAccountDomainInfo', LSAPR_POLICY_ACCOUNT_DOM_INFO),
}
class PLSAPR_POLICY_INFORMATION(NDRPOINTER):
referent = (
('Data', LSAPR_POLICY_INFORMATION),
)
# 2.2.4.15 POLICY_DOMAIN_INFORMATION_CLASS
class POLICY_DOMAIN_INFORMATION_CLASS(NDRENUM):
class enumItems(Enum):
PolicyDomainQualityOfServiceInformation = 1
PolicyDomainEfsInformation = 2
PolicyDomainKerberosTicketInformation = 3
# 2.2.4.17 POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO
class POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO(NDRSTRUCT):
structure = (
('QualityOfService', DWORD),
)
# 2.2.4.18 LSAPR_POLICY_DOMAIN_EFS_INFO
class LSAPR_POLICY_DOMAIN_EFS_INFO(NDRSTRUCT):
structure = (
('InfoLength', DWORD),
('EfsBlob', LPBYTE),
)
# 2.2.4.19 POLICY_DOMAIN_KERBEROS_TICKET_INFO
class POLICY_DOMAIN_KERBEROS_TICKET_INFO(NDRSTRUCT):
structure = (
('AuthenticationOptions', DWORD),
('MaxServiceTicketAge', LARGE_INTEGER),
('MaxTicketAge', LARGE_INTEGER),
('MaxRenewAge', LARGE_INTEGER),
('MaxClockSkew', LARGE_INTEGER),
('Reserved', LARGE_INTEGER),
)
# 2.2.4.16 LSAPR_POLICY_DOMAIN_INFORMATION
class LSAPR_POLICY_DOMAIN_INFORMATION(NDRUNION):
union = {
POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainQualityOfServiceInformation : ('PolicyDomainQualityOfServiceInfo', POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO ),
POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainEfsInformation : ('PolicyDomainEfsInfo', LSAPR_POLICY_DOMAIN_EFS_INFO),
POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainKerberosTicketInformation : ('PolicyDomainKerbTicketInfo', POLICY_DOMAIN_KERBEROS_TICKET_INFO),
}
class PLSAPR_POLICY_DOMAIN_INFORMATION(NDRPOINTER):
referent = (
('Data', LSAPR_POLICY_DOMAIN_INFORMATION),
)
# 2.2.4.20 POLICY_AUDIT_EVENT_TYPE
class POLICY_AUDIT_EVENT_TYPE(NDRENUM):
class enumItems(Enum):
AuditCategorySystem = 0
AuditCategoryLogon = 1
AuditCategoryObjectAccess = 2
AuditCategoryPrivilegeUse = 3
AuditCategoryDetailedTracking = 4
AuditCategoryPolicyChange = 5
AuditCategoryAccountManagement = 6
AuditCategoryDirectoryServiceAccess = 7
AuditCategoryAccountLogon = 8
# 2.2.5.1 LSAPR_ACCOUNT_INFORMATION
class LSAPR_ACCOUNT_INFORMATION(NDRSTRUCT):
structure = (
('Sid', PRPC_SID),
)
# 2.2.5.2 LSAPR_ACCOUNT_ENUM_BUFFER
class LSAPR_ACCOUNT_INFORMATION_ARRAY(NDRUniConformantArray):
item = LSAPR_ACCOUNT_INFORMATION
class PLSAPR_ACCOUNT_INFORMATION_ARRAY(NDRPOINTER):
referent = (
('Data', LSAPR_ACCOUNT_INFORMATION_ARRAY),
)
class LSAPR_ACCOUNT_ENUM_BUFFER(NDRSTRUCT):
structure = (
('EntriesRead', ULONG),
('Information', PLSAPR_ACCOUNT_INFORMATION_ARRAY),
)
# 2.2.5.3 LSAPR_USER_RIGHT_SET
class RPC_UNICODE_STRING_ARRAY(NDRUniConformantArray):
item = RPC_UNICODE_STRING
class PRPC_UNICODE_STRING_ARRAY(NDRPOINTER):
referent = (
('Data', RPC_UNICODE_STRING_ARRAY),
)
class LSAPR_USER_RIGHT_SET(NDRSTRUCT):
structure = (
('EntriesRead', ULONG),
('UserRights', PRPC_UNICODE_STRING_ARRAY),
)
# 2.2.5.4 LSAPR_LUID_AND_ATTRIBUTES
class LSAPR_LUID_AND_ATTRIBUTES(NDRSTRUCT):
structure = (
('Luid', LUID),
('Attributes', ULONG),
)
# 2.2.5.5 LSAPR_PRIVILEGE_SET
class LSAPR_LUID_AND_ATTRIBUTES_ARRAY(NDRUniConformantArray):
item = LSAPR_LUID_AND_ATTRIBUTES
class LSAPR_PRIVILEGE_SET(NDRSTRUCT):
structure = (
('PrivilegeCount', ULONG),
('Control', ULONG),
('Privilege', LSAPR_LUID_AND_ATTRIBUTES_ARRAY),
)
class PLSAPR_PRIVILEGE_SET(NDRPOINTER):
referent = (
('Data', LSAPR_PRIVILEGE_SET),
)
# 2.2.6.1 LSAPR_CR_CIPHER_VALUE
class PCHAR_ARRAY(NDRPOINTER):
referent = (
('Data', NDRUniConformantVaryingArray),
)
class LSAPR_CR_CIPHER_VALUE(NDRSTRUCT):
structure = (
('Length', LONG),
('MaximumLength', LONG),
('Buffer', PCHAR_ARRAY),
)
class PLSAPR_CR_CIPHER_VALUE(NDRPOINTER):
referent = (
('Data', LSAPR_CR_CIPHER_VALUE),
)
class PPLSAPR_CR_CIPHER_VALUE(NDRPOINTER):
referent = (
('Data', PLSAPR_CR_CIPHER_VALUE),
)
# 2.2.7.1 LSAPR_TRUST_INFORMATION
class LSAPR_TRUST_INFORMATION(NDRSTRUCT):
structure = (
('Name', RPC_UNICODE_STRING),
('Sid', PRPC_SID),
)
# 2.2.7.2 TRUSTED_INFORMATION_CLASS
class TRUSTED_INFORMATION_CLASS(NDRENUM):
class enumItems(Enum):
TrustedDomainNameInformation = 1
TrustedControllersInformation = 2
TrustedPosixOffsetInformation = 3
TrustedPasswordInformation = 4
TrustedDomainInformationBasic = 5
TrustedDomainInformationEx = 6
TrustedDomainAuthInformation = 7
TrustedDomainFullInformation = 8
TrustedDomainAuthInformationInternal = 9
TrustedDomainFullInformationInternal = 10
TrustedDomainInformationEx2Internal = 11
TrustedDomainFullInformation2Internal = 12
TrustedDomainSupportedEncryptionTypes = 13
# 2.2.7.4 LSAPR_TRUSTED_DOMAIN_NAME_INFO
class LSAPR_TRUSTED_DOMAIN_NAME_INFO(NDRSTRUCT):
structure = (
('Name', RPC_UNICODE_STRING),
)
# 2.2.7.5 LSAPR_TRUSTED_CONTROLLERS_INFO
class LSAPR_TRUSTED_CONTROLLERS_INFO(NDRSTRUCT):
structure = (
('Entries', ULONG),
('Names', PRPC_UNICODE_STRING_ARRAY),
)
# 2.2.7.6 TRUSTED_POSIX_OFFSET_INFO
class TRUSTED_POSIX_OFFSET_INFO(NDRSTRUCT):
structure = (
('Offset', ULONG),
)
# 2.2.7.7 LSAPR_TRUSTED_PASSWORD_INFO
class LSAPR_TRUSTED_PASSWORD_INFO(NDRSTRUCT):
structure = (
('Password', PLSAPR_CR_CIPHER_VALUE),
('OldPassword', PLSAPR_CR_CIPHER_VALUE),
)
# 2.2.7.8 LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC
LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC = LSAPR_TRUST_INFORMATION
# 2.2.7.9 LSAPR_TRUSTED_DOMAIN_INFORMATION_EX
class LSAPR_TRUSTED_DOMAIN_INFORMATION_EX(NDRSTRUCT):
structure = (
('Name', RPC_UNICODE_STRING),
('FlatName', RPC_UNICODE_STRING),
('Sid', PRPC_SID),
('TrustDirection', ULONG),
('TrustType', ULONG),
('TrustAttributes', ULONG),
)
# 2.2.7.10 LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2
class LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2(NDRSTRUCT):
structure = (
('Name', RPC_UNICODE_STRING),
('FlatName', RPC_UNICODE_STRING),
('Sid', PRPC_SID),
('TrustDirection', ULONG),
('TrustType', ULONG),
('TrustAttributes', ULONG),
('ForestTrustLength', ULONG),
('ForestTrustInfo', LPBYTE),
)
# 2.2.7.17 LSAPR_AUTH_INFORMATION
class LSAPR_AUTH_INFORMATION(NDRSTRUCT):
structure = (
('LastUpdateTime', LARGE_INTEGER),
('AuthType', ULONG),
('AuthInfoLength', ULONG),
('AuthInfo', LPBYTE),
)
class PLSAPR_AUTH_INFORMATION(NDRPOINTER):
referent = (
('Data', LSAPR_AUTH_INFORMATION),
)
# 2.2.7.11 LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION
class LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION(NDRSTRUCT):
structure = (
('IncomingAuthInfos', ULONG),
('IncomingAuthenticationInformation', PLSAPR_AUTH_INFORMATION),
('IncomingPreviousAuthenticationInformation', PLSAPR_AUTH_INFORMATION),
('OutgoingAuthInfos', ULONG),
('OutgoingAuthenticationInformation', PLSAPR_AUTH_INFORMATION),
('OutgoingPreviousAuthenticationInformation', PLSAPR_AUTH_INFORMATION),
)
# 2.2.7.16 LSAPR_TRUSTED_DOMAIN_AUTH_BLOB
class LSAPR_TRUSTED_DOMAIN_AUTH_BLOB(NDRSTRUCT):
structure = (
('AuthSize', ULONG),
('AuthBlob', LPBYTE),
)
# 2.2.7.12 LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL
class LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL(NDRSTRUCT):
structure = (
('AuthBlob', LSAPR_TRUSTED_DOMAIN_AUTH_BLOB),
)
# 2.2.7.13 LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION
class LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION(NDRSTRUCT):
structure = (
('Information', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX),
('PosixOffset', TRUSTED_POSIX_OFFSET_INFO),
('AuthInformation', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION),
)
# 2.2.7.14 LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL
class LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL(NDRSTRUCT):
structure = (
('Information', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX),
('PosixOffset', TRUSTED_POSIX_OFFSET_INFO),
('AuthInformation', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL),
)
# 2.2.7.15 LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2
class LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2(NDRSTRUCT):
structure = (
('Information', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX),
('PosixOffset', TRUSTED_POSIX_OFFSET_INFO),
('AuthInformation', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION),
)
# 2.2.7.18 TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES
class TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES(NDRSTRUCT):
structure = (
('SupportedEncryptionTypes', ULONG),
)
# 2.2.7.3 LSAPR_TRUSTED_DOMAIN_INFO
class LSAPR_TRUSTED_DOMAIN_INFO(NDRUNION):
union = {
TRUSTED_INFORMATION_CLASS.TrustedDomainNameInformation : ('TrustedDomainNameInfo', LSAPR_TRUSTED_DOMAIN_NAME_INFO ),
TRUSTED_INFORMATION_CLASS.TrustedControllersInformation : ('TrustedControllersInfo', LSAPR_TRUSTED_CONTROLLERS_INFO),
TRUSTED_INFORMATION_CLASS.TrustedPosixOffsetInformation : ('TrustedPosixOffsetInfo', TRUSTED_POSIX_OFFSET_INFO),
TRUSTED_INFORMATION_CLASS.TrustedPasswordInformation : ('TrustedPasswordInfo', LSAPR_TRUSTED_PASSWORD_INFO ),
TRUSTED_INFORMATION_CLASS.TrustedDomainInformationBasic : ('TrustedDomainInfoBasic', LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC),
TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx : ('TrustedDomainInfoEx', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX),
TRUSTED_INFORMATION_CLASS.TrustedDomainAuthInformation : ('TrustedAuthInfo', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION),
TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation : ('TrustedFullInfo', LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION),
TRUSTED_INFORMATION_CLASS.TrustedDomainAuthInformationInternal : ('TrustedAuthInfoInternal', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL),
TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformationInternal : ('TrustedFullInfoInternal', LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL),
TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx2Internal : ('TrustedDomainInfoEx2', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2),
TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation2Internal : ('TrustedFullInfo2', LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2),
TRUSTED_INFORMATION_CLASS.TrustedDomainSupportedEncryptionTypes : ('TrustedDomainSETs', TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES),
}
# 2.2.7.19 LSAPR_TRUSTED_ENUM_BUFFER
class LSAPR_TRUST_INFORMATION_ARRAY(NDRUniConformantArray):
item = LSAPR_TRUST_INFORMATION
class PLSAPR_TRUST_INFORMATION_ARRAY(NDRPOINTER):
referent = (
('Data', LSAPR_TRUST_INFORMATION_ARRAY),
)
class LSAPR_TRUSTED_ENUM_BUFFER(NDRSTRUCT):
structure = (
('Entries', ULONG),
('Information', PLSAPR_TRUST_INFORMATION_ARRAY),
)
# 2.2.7.20 LSAPR_TRUSTED_ENUM_BUFFER_EX
class LSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY(NDRUniConformantArray):
item = LSAPR_TRUSTED_DOMAIN_INFORMATION_EX
class PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY(NDRPOINTER):
referent = (
('Data', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY),
)
class LSAPR_TRUSTED_ENUM_BUFFER_EX(NDRSTRUCT):
structure = (
('Entries', ULONG),
('EnumerationBuffer', PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY),
)
# 2.2.7.22 LSA_FOREST_TRUST_RECORD_TYPE
class LSA_FOREST_TRUST_RECORD_TYPE(NDRENUM):
class enumItems(Enum):
ForestTrustTopLevelName = 0
ForestTrustTopLevelNameEx = 1
ForestTrustDomainInfo = 2
# 2.2.7.24 LSA_FOREST_TRUST_DOMAIN_INFO
class LSA_FOREST_TRUST_DOMAIN_INFO(NDRSTRUCT):
structure = (
('Sid', PRPC_SID),
('DnsName', LSA_UNICODE_STRING),
('NetbiosName', LSA_UNICODE_STRING),
)
# 2.2.7.21 LSA_FOREST_TRUST_RECORD
class LSA_FOREST_TRUST_DATA_UNION(NDRUNION):
union = {
LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName : ('TopLevelName', LSA_UNICODE_STRING ),
LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx : ('TopLevelName', LSA_UNICODE_STRING),
LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo : ('DomainInfo', LSA_FOREST_TRUST_DOMAIN_INFO),
}
class LSA_FOREST_TRUST_RECORD(NDRSTRUCT):
structure = (
('Flags', ULONG),
('ForestTrustType', LSA_FOREST_TRUST_RECORD_TYPE),
('Time', LARGE_INTEGER),
('ForestTrustData', LSA_FOREST_TRUST_DATA_UNION),
)
class PLSA_FOREST_TRUST_RECORD(NDRPOINTER):
referent = (
('Data', LSA_FOREST_TRUST_RECORD),
)
# 2.2.7.23 LSA_FOREST_TRUST_BINARY_DATA
class LSA_FOREST_TRUST_BINARY_DATA(NDRSTRUCT):
structure = (
('Length', ULONG),
('Buffer', LPBYTE),
)
# 2.2.7.25 LSA_FOREST_TRUST_INFORMATION
class LSA_FOREST_TRUST_RECORD_ARRAY(NDRUniConformantArray):
item = PLSA_FOREST_TRUST_RECORD
class PLSA_FOREST_TRUST_RECORD_ARRAY(NDRPOINTER):
referent = (
('Data', LSA_FOREST_TRUST_RECORD_ARRAY),
)
class LSA_FOREST_TRUST_INFORMATION(NDRSTRUCT):
structure = (
('RecordCount', ULONG),
('Entries', PLSA_FOREST_TRUST_RECORD_ARRAY),
)
class PLSA_FOREST_TRUST_INFORMATION(NDRPOINTER):
referent = (
('Data', LSA_FOREST_TRUST_INFORMATION),
)
# 2.2.7.26 LSA_FOREST_TRUST_COLLISION_RECORD_TYPE
class LSA_FOREST_TRUST_COLLISION_RECORD_TYPE(NDRENUM):
class enumItems(Enum):
CollisionTdo = 0
CollisionXref = 1
CollisionOther = 2
# 2.2.7.27 LSA_FOREST_TRUST_COLLISION_RECORD
class LSA_FOREST_TRUST_COLLISION_RECORD(NDRSTRUCT):
structure = (
('Index', ULONG),
('Type', LSA_FOREST_TRUST_COLLISION_RECORD_TYPE),
('Flags', ULONG),
('Name', LSA_UNICODE_STRING),
)
# 2.2.8.1 LSAPR_POLICY_PRIVILEGE_DEF
class LSAPR_POLICY_PRIVILEGE_DEF(NDRSTRUCT):
structure = (
('Name', RPC_UNICODE_STRING),
('LocalValue', LUID),
)
# 2.2.8.2 LSAPR_PRIVILEGE_ENUM_BUFFER
class LSAPR_POLICY_PRIVILEGE_DEF_ARRAY(NDRUniConformantArray):
item = LSAPR_POLICY_PRIVILEGE_DEF
class PLSAPR_POLICY_PRIVILEGE_DEF_ARRAY(NDRPOINTER):
referent = (
('Data', LSAPR_POLICY_PRIVILEGE_DEF_ARRAY),
)
class LSAPR_PRIVILEGE_ENUM_BUFFER(NDRSTRUCT):
structure = (
('Entries', ULONG),
('Privileges', PLSAPR_POLICY_PRIVILEGE_DEF_ARRAY),
)
################################################################################
# RPC CALLS
################################################################################
# 3.1.4.4.1 LsarOpenPolicy2 (Opnum 44)
class LsarOpenPolicy2(NDRCALL):
opnum = 44
structure = (
('SystemName', LPWSTR),
('ObjectAttributes',LSAPR_OBJECT_ATTRIBUTES),
('DesiredAccess',ACCESS_MASK),
)
class LsarOpenPolicy2Response(NDRCALL):
structure = (
('PolicyHandle',LSAPR_HANDLE),
('ErrorCode', NTSTATUS),
)
# 3.1.4.4.2 LsarOpenPolicy (Opnum 6)
class LsarOpenPolicy(NDRCALL):
opnum = 6
structure = (
('SystemName', LPWSTR),
('ObjectAttributes',LSAPR_OBJECT_ATTRIBUTES),
('DesiredAccess',ACCESS_MASK),
)
class LsarOpenPolicyResponse(NDRCALL):
structure = (
('PolicyHandle',LSAPR_HANDLE),
('ErrorCode', NTSTATUS),
)
# 3.1.4.4.3 LsarQueryInformationPolicy2 (Opnum 46)
class LsarQueryInformationPolicy2(NDRCALL):
opnum = 46
structure = (
('PolicyHandle', LSAPR_HANDLE),
('InformationClass',POLICY_INFORMATION_CLASS),
)
class LsarQueryInformationPolicy2Response(NDRCALL):
structure = (
('PolicyInformation',PLSAPR_POLICY_INFORMATION),
('ErrorCode', NTSTATUS),
)
# 3.1.4.4.4 LsarQueryInformationPolicy (Opnum 7)
class LsarQueryInformationPolicy(NDRCALL):
opnum = 7
structure = (
('PolicyHandle', LSAPR_HANDLE),
('InformationClass',POLICY_INFORMATION_CLASS),
)
class LsarQueryInformationPolicyResponse(NDRCALL):
structure = (
('PolicyInformation',PLSAPR_POLICY_INFORMATION),
('ErrorCode', NTSTATUS),
)
# 3.1.4.4.5 LsarSetInformationPolicy2 (Opnum 47)
class LsarSetInformationPolicy2(NDRCALL):
opnum = 47
structure = (
('PolicyHandle', LSAPR_HANDLE),
('InformationClass',POLICY_INFORMATION_CLASS),
('PolicyInformation',LSAPR_POLICY_INFORMATION),
)
class LsarSetInformationPolicy2Response(NDRCALL):
structure = (
('ErrorCode', NTSTATUS),
)
# 3.1.4.4.6 LsarSetInformationPolicy (Opnum 8)
class LsarSetInformationPolicy(NDRCALL):
opnum = 8
structure = (
('PolicyHandle', LSAPR_HANDLE),
('InformationClass',POLICY_INFORMATION_CLASS),
('PolicyInformation',LSAPR_POLICY_INFORMATION),
)
class LsarSetInformationPolicyResponse(NDRCALL):
structure = (
('ErrorCode', NTSTATUS),
)
# 3.1.4.4.7 LsarQueryDomainInformationPolicy (Opnum 53)
class LsarQueryDomainInformationPolicy(NDRCALL):
opnum = 53
structure = (
('PolicyHandle', LSAPR_HANDLE),
('InformationClass',POLICY_DOMAIN_INFORMATION_CLASS),
)
class LsarQueryDomainInformationPolicyResponse(NDRCALL):
structure = (
('PolicyDomainInformation',PLSAPR_POLICY_DOMAIN_INFORMATION),
('ErrorCode', NTSTATUS),
)
# 3.1.4.4.8 LsarSetDomainInformationPolicy (Opnum 54)
# 3.1.4.5.1 LsarCreateAccount (Opnum 10)
class LsarCreateAccount(NDRCALL):
opnum = 10
structure = (
('PolicyHandle', LSAPR_HANDLE),
('AccountSid',RPC_SID),
('DesiredAccess',ACCESS_MASK),
)
class LsarCreateAccountResponse(NDRCALL):
structure = (
('AccountHandle',LSAPR_HANDLE),
('ErrorCode', NTSTATUS),
)
# 3.1.4.5.2 LsarEnumerateAccounts (Opnum 11)
class LsarEnumerateAccounts(NDRCALL):
opnum = 11
structure = (
('PolicyHandle', LSAPR_HANDLE),
('EnumerationContext',ULONG),
('PreferedMaximumLength',ULONG),
)
class LsarEnumerateAccountsResponse(NDRCALL):
structure = (
('EnumerationContext',ULONG),
('EnumerationBuffer',LSAPR_ACCOUNT_ENUM_BUFFER),
('ErrorCode', NTSTATUS),
)
# 3.1.4.5.3 LsarOpenAccount (Opnum 17)
class LsarOpenAccount(NDRCALL):
opnum = 17
structure = (
('PolicyHandle', LSAPR_HANDLE),
('AccountSid',RPC_SID),
('DesiredAccess',ACCESS_MASK),
)
class LsarOpenAccountResponse(NDRCALL):
structure = (
('AccountHandle',LSAPR_HANDLE),
('ErrorCode', NTSTATUS),
)
# 3.1.4.5.4 LsarEnumeratePrivilegesAccount (Opnum 18)
class LsarEnumeratePrivilegesAccount(NDRCALL):
opnum = 18
structure = (
('AccountHandle', LSAPR_HANDLE),
)
class LsarEnumeratePrivilegesAccountResponse(NDRCALL):
structure = (
('Privileges',PLSAPR_PRIVILEGE_SET),
('ErrorCode', NTSTATUS),
)
# 3.1.4.5.5 LsarAddPrivilegesToAccount (Opnum 19)
class LsarAddPrivilegesToAccount(NDRCALL):
opnum = 19
structure = (
('AccountHandle', LSAPR_HANDLE),
('Privileges', LSAPR_PRIVILEGE_SET),
)
class LsarAddPrivilegesToAccountResponse(NDRCALL):
structure = (
('ErrorCode', NTSTATUS),
)
# 3.1.4.5.6 LsarRemovePrivilegesFromAccount (Opnum 20)
class LsarRemovePrivilegesFromAccount(NDRCALL):
opnum = 20
structure = (
('AccountHandle', LSAPR_HANDLE),
('AllPrivileges', UCHAR),
('Privileges', PLSAPR_PRIVILEGE_SET),
)
class LsarRemovePrivilegesFromAccountResponse(NDRCALL):
structure = (
('ErrorCode', NTSTATUS),
)
# 3.1.4.5.7 LsarGetSystemAccessAccount (Opnum 23)
class LsarGetSystemAccessAccount(NDRCALL):
opnum = 23
structure = (
('AccountHandle', LSAPR_HANDLE),
)
class LsarGetSystemAccessAccountResponse(NDRCALL):
structure = (
('SystemAccess', ULONG),
('ErrorCode', NTSTATUS),
)
# 3.1.4.5.8 LsarSetSystemAccessAccount (Opnum 24)
class LsarSetSystemAccessAccount(NDRCALL):
opnum = 24
structure = (
('AccountHandle', LSAPR_HANDLE),
('SystemAccess', ULONG),
)
class LsarSetSystemAccessAccountResponse(NDRCALL):
structure = (
('ErrorCode', NTSTATUS),
)
# 3.1.4.5.9 LsarEnumerateAccountsWithUserRight (Opnum 35)
class LsarEnumerateAccountsWithUserRight(NDRCALL):
opnum = 35
structure = (
('PolicyHandle', LSAPR_HANDLE),
('UserRight', PRPC_UNICODE_STRING),
)
class LsarEnumerateAccountsWithUserRightResponse(NDRCALL):
structure = (
('EnumerationBuffer',LSAPR_ACCOUNT_ENUM_BUFFER),
('ErrorCode', NTSTATUS),
)
# 3.1.4.5.10 LsarEnumerateAccountRights (Opnum 36)
class LsarEnumerateAccountRights(NDRCALL):
opnum = 36
structure = (
('PolicyHandle', LSAPR_HANDLE),
('AccountSid', RPC_SID),
)
class LsarEnumerateAccountRightsResponse(NDRCALL):
structure = (
('UserRights',LSAPR_USER_RIGHT_SET),
('ErrorCode', NTSTATUS),
)
# 3.1.4.5.11 LsarAddAccountRights (Opnum 37)
class LsarAddAccountRights(NDRCALL):
opnum = 37
structure = (
('PolicyHandle', LSAPR_HANDLE),
('AccountSid', RPC_SID),
('UserRights',LSAPR_USER_RIGHT_SET),
)
class LsarAddAccountRightsResponse(NDRCALL):
structure = (
('ErrorCode', NTSTATUS),
)
# 3.1.4.5.12 LsarRemoveAccountRights (Opnum 38)
class LsarRemoveAccountRights(NDRCALL):
opnum = 38
structure = (
('PolicyHandle', LSAPR_HANDLE),
('AccountSid', RPC_SID),
('AllRights', UCHAR),
('UserRights',LSAPR_USER_RIGHT_SET),
)
class LsarRemoveAccountRightsResponse(NDRCALL):
structure = (
('ErrorCode', NTSTATUS),
)
# 3.1.4.6.1 LsarCreateSecret (Opnum 16)
class LsarCreateSecret(NDRCALL):
opnum = 16
structure = (
('PolicyHandle', LSAPR_HANDLE),
('SecretName', RPC_UNICODE_STRING),
('DesiredAccess', ACCESS_MASK),
)
class LsarCreateSecretResponse(NDRCALL):
structure = (
('SecretHandle', LSAPR_HANDLE),
('ErrorCode', NTSTATUS),
)
# 3.1.4.6.2 LsarOpenSecret (Opnum 28)
class LsarOpenSecret(NDRCALL):
opnum = 28
structure = (
('PolicyHandle', LSAPR_HANDLE),
('SecretName', RPC_UNICODE_STRING),
('DesiredAccess', ACCESS_MASK),
)
class LsarOpenSecretResponse(NDRCALL):
structure = (
('SecretHandle', LSAPR_HANDLE),
('ErrorCode', NTSTATUS),
)
# 3.1.4.6.3 LsarSetSecret (Opnum 29)
class LsarSetSecret(NDRCALL):
opnum = 29
structure = (
('SecretHandle', LSAPR_HANDLE),
('EncryptedCurrentValue', PLSAPR_CR_CIPHER_VALUE),
('EncryptedOldValue', PLSAPR_CR_CIPHER_VALUE),
)
class LsarSetSecretResponse(NDRCALL):
structure = (
('ErrorCode', NTSTATUS),
)
# 3.1.4.6.4 LsarQuerySecret (Opnum 30)
class LsarQuerySecret(NDRCALL):
opnum = 30
structure = (
('SecretHandle', LSAPR_HANDLE),
('EncryptedCurrentValue', PPLSAPR_CR_CIPHER_VALUE),
('CurrentValueSetTime', PLARGE_INTEGER),
('EncryptedOldValue', PPLSAPR_CR_CIPHER_VALUE),
('OldValueSetTime', PLARGE_INTEGER),
)
class LsarQuerySecretResponse(NDRCALL):
structure = (
('EncryptedCurrentValue', PPLSAPR_CR_CIPHER_VALUE),
('CurrentValueSetTime', PLARGE_INTEGER),
('EncryptedOldValue', PPLSAPR_CR_CIPHER_VALUE),
('OldValueSetTime', PLARGE_INTEGER),
('ErrorCode', NTSTATUS),
)
# 3.1.4.6.5 LsarStorePrivateData (Opnum 42)
class LsarStorePrivateData(NDRCALL):
opnum = 42
structure = (
('PolicyHandle', LSAPR_HANDLE),
('KeyName', RPC_UNICODE_STRING),
('EncryptedData', PLSAPR_CR_CIPHER_VALUE),
)
class LsarStorePrivateDataResponse(NDRCALL):
structure = (
('ErrorCode', NTSTATUS),
)
# 3.1.4.6.6 LsarRetrievePrivateData (Opnum 43)
class LsarRetrievePrivateData(NDRCALL):
opnum = 43
structure = (
('PolicyHandle', LSAPR_HANDLE),
('KeyName', RPC_UNICODE_STRING),
('EncryptedData', PLSAPR_CR_CIPHER_VALUE),
)
class LsarRetrievePrivateDataResponse(NDRCALL):
structure = (
('EncryptedData', PLSAPR_CR_CIPHER_VALUE),
('ErrorCode', NTSTATUS),
)
# 3.1.4.7.1 LsarOpenTrustedDomain (Opnum 25)
# 3.1.4.7.1 LsarQueryInfoTrustedDomain (Opnum 26)
# 3.1.4.7.2 LsarQueryTrustedDomainInfo (Opnum 39)
# 3.1.4.7.3 LsarSetTrustedDomainInfo (Opnum 40)
# 3.1.4.7.4 LsarDeleteTrustedDomain (Opnum 41)
# 3.1.4.7.5 LsarQueryTrustedDomainInfoByName (Opnum 48)
# 3.1.4.7.6 LsarSetTrustedDomainInfoByName (Opnum 49)
# 3.1.4.7.7 LsarEnumerateTrustedDomainsEx (Opnum 50)
class LsarEnumerateTrustedDomainsEx(NDRCALL):
opnum = 50
structure = (
('PolicyHandle', LSAPR_HANDLE),
('EnumerationContext', ULONG),
('PreferedMaximumLength', ULONG),
)
class LsarEnumerateTrustedDomainsExResponse(NDRCALL):
structure = (
('EnumerationContext', ULONG),
('EnumerationBuffer',LSAPR_TRUSTED_ENUM_BUFFER_EX),
('ErrorCode', NTSTATUS),
)
# 3.1.4.7.8 LsarEnumerateTrustedDomains (Opnum 13)
class LsarEnumerateTrustedDomains(NDRCALL):
opnum = 13
structure = (
('PolicyHandle', LSAPR_HANDLE),
('EnumerationContext', ULONG),
('PreferedMaximumLength', ULONG),
)
class LsarEnumerateTrustedDomainsResponse(NDRCALL):
structure = (
('EnumerationContext', ULONG),
('EnumerationBuffer',LSAPR_TRUSTED_ENUM_BUFFER),
('ErrorCode', NTSTATUS),
)
# 3.1.4.7.9 LsarOpenTrustedDomainByName (Opnum 55)
# 3.1.4.7.10 LsarCreateTrustedDomainEx2 (Opnum 59)
# 3.1.4.7.11 LsarCreateTrustedDomainEx (Opnum 51)
# 3.1.4.7.12 LsarCreateTrustedDomain (Opnum 12)
# 3.1.4.7.14 LsarSetInformationTrustedDomain (Opnum 27)
# 3.1.4.7.15 LsarQueryForestTrustInformation (Opnum 73)
class LsarQueryForestTrustInformation(NDRCALL):
opnum = 73
structure = (
('PolicyHandle', LSAPR_HANDLE),
('TrustedDomainName', LSA_UNICODE_STRING),
('HighestRecordType', LSA_FOREST_TRUST_RECORD_TYPE),
)
class LsarQueryForestTrustInformationResponse(NDRCALL):
structure = (
('ForestTrustInfo', PLSA_FOREST_TRUST_INFORMATION),
('ErrorCode', NTSTATUS),
)
# 3.1.4.7.16 LsarSetForestTrustInformation (Opnum 74)
# 3.1.4.8.1 LsarEnumeratePrivileges (Opnum 2)
class LsarEnumeratePrivileges(NDRCALL):
opnum = 2
structure = (
('PolicyHandle', LSAPR_HANDLE),
('EnumerationContext', ULONG),
('PreferedMaximumLength', ULONG),
)
class LsarEnumeratePrivilegesResponse(NDRCALL):
structure = (
('EnumerationContext', ULONG),
('EnumerationBuffer', LSAPR_PRIVILEGE_ENUM_BUFFER),
('ErrorCode', NTSTATUS),
)
# 3.1.4.8.2 LsarLookupPrivilegeValue (Opnum 31)
class LsarLookupPrivilegeValue(NDRCALL):
opnum = 31
structure = (
('PolicyHandle', LSAPR_HANDLE),
('Name', RPC_UNICODE_STRING),
)
class LsarLookupPrivilegeValueResponse(NDRCALL):
structure = (
('Value', LUID),
('ErrorCode', NTSTATUS),
)
# 3.1.4.8.3 LsarLookupPrivilegeName (Opnum 32)
class LsarLookupPrivilegeName(NDRCALL):
opnum = 32
structure = (
('PolicyHandle', LSAPR_HANDLE),
('Value', LUID),
)
class LsarLookupPrivilegeNameResponse(NDRCALL):
structure = (
('Name', PRPC_UNICODE_STRING),
('ErrorCode', NTSTATUS),
)
# 3.1.4.8.4 LsarLookupPrivilegeDisplayName (Opnum 33)
class LsarLookupPrivilegeDisplayName(NDRCALL):
opnum = 33
structure = (
('PolicyHandle', LSAPR_HANDLE),
('Name', RPC_UNICODE_STRING),
('ClientLanguage', USHORT),
('ClientSystemDefaultLanguage', USHORT),
)
class LsarLookupPrivilegeDisplayNameResponse(NDRCALL):
structure = (
('Name', PRPC_UNICODE_STRING),
('LanguageReturned', UCHAR),
('ErrorCode', NTSTATUS),
)
# 3.1.4.9.1 LsarQuerySecurityObject (Opnum 3)
class LsarQuerySecurityObject(NDRCALL):
opnum = 3
structure = (
('PolicyHandle', LSAPR_HANDLE),
('SecurityInformation', SECURITY_INFORMATION),
)
class LsarQuerySecurityObjectResponse(NDRCALL):
structure = (
('SecurityDescriptor', PLSAPR_SR_SECURITY_DESCRIPTOR),
('ErrorCode', NTSTATUS),
)
# 3.1.4.9.2 LsarSetSecurityObject (Opnum 4)
class LsarSetSecurityObject(NDRCALL):
opnum = 4
structure = (
('PolicyHandle', LSAPR_HANDLE),
('SecurityInformation', SECURITY_INFORMATION),
('SecurityDescriptor', LSAPR_SR_SECURITY_DESCRIPTOR),
)
class LsarSetSecurityObjectResponse(NDRCALL):
structure = (
('ErrorCode', NTSTATUS),
)
# 3.1.4.9.3 LsarDeleteObject (Opnum 34)
class LsarDeleteObject(NDRCALL):
opnum = 34
structure = (
('ObjectHandle', LSAPR_HANDLE),
)
class LsarDeleteObjectResponse(NDRCALL):
structure = (
('ObjectHandle', LSAPR_HANDLE),
('ErrorCode', NTSTATUS),
)
# 3.1.4.9.4 LsarClose (Opnum 0)
class LsarClose(NDRCALL):
opnum = 0
structure = (
('ObjectHandle', LSAPR_HANDLE),
)
class LsarCloseResponse(NDRCALL):
structure = (
('ObjectHandle', LSAPR_HANDLE),
('ErrorCode', NTSTATUS),
)
################################################################################
# OPNUMs and their corresponding structures
################################################################################
OPNUMS = {
0 : (LsarClose, LsarCloseResponse),
2 : (LsarEnumeratePrivileges, LsarEnumeratePrivilegesResponse),
3 : (LsarQuerySecurityObject, LsarQuerySecurityObjectResponse),
4 : (LsarSetSecurityObject, LsarSetSecurityObjectResponse),
6 : (LsarOpenPolicy, LsarOpenPolicyResponse),
7 : (LsarQueryInformationPolicy, LsarQueryInformationPolicyResponse),
8 : (LsarSetInformationPolicy, LsarSetInformationPolicyResponse),
10 : (LsarCreateAccount, LsarCreateAccountResponse),
11 : (LsarEnumerateAccounts, LsarEnumerateAccountsResponse),
#12 : (LsarCreateTrustedDomain, LsarCreateTrustedDomainResponse),
13 : (LsarEnumerateTrustedDomains, LsarEnumerateTrustedDomainsResponse),
16 : (LsarCreateSecret, LsarCreateSecretResponse),
17 : (LsarOpenAccount, LsarOpenAccountResponse),
18 : (LsarEnumeratePrivilegesAccount, LsarEnumeratePrivilegesAccountResponse),
19 : (LsarAddPrivilegesToAccount, LsarAddPrivilegesToAccountResponse),
20 : (LsarRemovePrivilegesFromAccount, LsarRemovePrivilegesFromAccountResponse),
23 : (LsarGetSystemAccessAccount, LsarGetSystemAccessAccountResponse),
24 : (LsarSetSystemAccessAccount, LsarSetSystemAccessAccountResponse),
#25 : (LsarOpenTrustedDomain, LsarOpenTrustedDomainResponse),
#26 : (LsarQueryInfoTrustedDomain, LsarQueryInfoTrustedDomainResponse),
#27 : (LsarSetInformationTrustedDomain, LsarSetInformationTrustedDomainResponse),
28 : (LsarOpenSecret, LsarOpenSecretResponse),
29 : (LsarSetSecret, LsarSetSecretResponse),
30 : (LsarQuerySecret, LsarQuerySecretResponse),
31 : (LsarLookupPrivilegeValue, LsarLookupPrivilegeValueResponse),
32 : (LsarLookupPrivilegeName, LsarLookupPrivilegeNameResponse),
33 : (LsarLookupPrivilegeDisplayName, LsarLookupPrivilegeDisplayNameResponse),
34 : (LsarDeleteObject, LsarDeleteObjectResponse),
35 : (LsarEnumerateAccountsWithUserRight, LsarEnumerateAccountsWithUserRightResponse),
36 : (LsarEnumerateAccountRights, LsarEnumerateAccountRightsResponse),
37 : (LsarAddAccountRights, LsarAddAccountRightsResponse),
38 : (LsarRemoveAccountRights, LsarRemoveAccountRightsResponse),
#39 : (LsarQueryTrustedDomainInfo, LsarQueryTrustedDomainInfoResponse),
#40 : (LsarSetTrustedDomainInfo, LsarSetTrustedDomainInfoResponse),
#41 : (LsarDeleteTrustedDomain, LsarDeleteTrustedDomainResponse),
42 : (LsarStorePrivateData, LsarStorePrivateDataResponse),
43 : (LsarRetrievePrivateData, LsarRetrievePrivateDataResponse),
44 : (LsarOpenPolicy2, LsarOpenPolicy2Response),
46 : (LsarQueryInformationPolicy2, LsarQueryInformationPolicy2Response),
47 : (LsarSetInformationPolicy2, LsarSetInformationPolicy2Response),
#48 : (LsarQueryTrustedDomainInfoByName, LsarQueryTrustedDomainInfoByNameResponse),
#49 : (LsarSetTrustedDomainInfoByName, LsarSetTrustedDomainInfoByNameResponse),
50 : (LsarEnumerateTrustedDomainsEx, LsarEnumerateTrustedDomainsExResponse),
#51 : (LsarCreateTrustedDomainEx, LsarCreateTrustedDomainExResponse),
53 : (LsarQueryDomainInformationPolicy, LsarQueryDomainInformationPolicyResponse),
#54 : (LsarSetDomainInformationPolicy, LsarSetDomainInformationPolicyResponse),
#55 : (LsarOpenTrustedDomainByName, LsarOpenTrustedDomainByNameResponse),
#59 : (LsarCreateTrustedDomainEx2, LsarCreateTrustedDomainEx2Response),
#73 : (LsarQueryForestTrustInformation, LsarQueryForestTrustInformationResponse),
#74 : (LsarSetForestTrustInformation, LsarSetForestTrustInformationResponse),
}
################################################################################
# HELPER FUNCTIONS
################################################################################
def hLsarOpenPolicy2(dce, desiredAccess = MAXIMUM_ALLOWED):
request = LsarOpenPolicy2()
request['SystemName'] = NULL
request['ObjectAttributes']['RootDirectory'] = NULL
request['ObjectAttributes']['ObjectName'] = NULL
request['ObjectAttributes']['SecurityDescriptor'] = NULL
request['ObjectAttributes']['SecurityQualityOfService'] = NULL
request['DesiredAccess'] = desiredAccess
return dce.request(request)
def hLsarOpenPolicy(dce, desiredAccess = MAXIMUM_ALLOWED):
request = LsarOpenPolicy()
request['SystemName'] = NULL
request['ObjectAttributes']['RootDirectory'] = NULL
request['ObjectAttributes']['ObjectName'] = NULL
request['ObjectAttributes']['SecurityDescriptor'] = NULL
request['ObjectAttributes']['SecurityQualityOfService'] = NULL
request['DesiredAccess'] = desiredAccess
return dce.request(request)
def hLsarQueryInformationPolicy2(dce, policyHandle, informationClass):
request = LsarQueryInformationPolicy2()
request['PolicyHandle'] = policyHandle
request['InformationClass'] = informationClass
return dce.request(request)
def hLsarQueryInformationPolicy(dce, policyHandle, informationClass):
request = LsarQueryInformationPolicy()
request['PolicyHandle'] = policyHandle
request['InformationClass'] = informationClass
return dce.request(request)
def hLsarQueryDomainInformationPolicy(dce, policyHandle, informationClass):
request = LsarQueryInformationPolicy()
request['PolicyHandle'] = policyHandle
request['InformationClass'] = informationClass
return dce.request(request)
def hLsarEnumerateAccounts(dce, policyHandle, preferedMaximumLength=0xffffffff):
request = LsarEnumerateAccounts()
request['PolicyHandle'] = policyHandle
request['PreferedMaximumLength'] = preferedMaximumLength
return dce.request(request)
def hLsarEnumerateAccountsWithUserRight(dce, policyHandle, UserRight):
request = LsarEnumerateAccountsWithUserRight()
request['PolicyHandle'] = policyHandle
request['UserRight'] = UserRight
return dce.request(request)
def hLsarEnumerateTrustedDomainsEx(dce, policyHandle, enumerationContext=0, preferedMaximumLength=0xffffffff):
request = LsarEnumerateTrustedDomainsEx()
request['PolicyHandle'] = policyHandle
request['EnumerationContext'] = enumerationContext
request['PreferedMaximumLength'] = preferedMaximumLength
return dce.request(request)
def hLsarEnumerateTrustedDomains(dce, policyHandle, enumerationContext=0, preferedMaximumLength=0xffffffff):
request = LsarEnumerateTrustedDomains()
request['PolicyHandle'] = policyHandle
request['EnumerationContext'] = enumerationContext
request['PreferedMaximumLength'] = preferedMaximumLength
return dce.request(request)
def hLsarOpenAccount(dce, policyHandle, accountSid, desiredAccess=MAXIMUM_ALLOWED):
request = LsarOpenAccount()
request['PolicyHandle'] = policyHandle
request['AccountSid'].fromCanonical(accountSid)
request['DesiredAccess'] = desiredAccess
return dce.request(request)
def hLsarClose(dce, objectHandle):
request = LsarClose()
request['ObjectHandle'] = objectHandle
return dce.request(request)
def hLsarCreateAccount(dce, policyHandle, accountSid, desiredAccess=MAXIMUM_ALLOWED):
request = LsarCreateAccount()
request['PolicyHandle'] = policyHandle
request['AccountSid'].fromCanonical(accountSid)
request['DesiredAccess'] = desiredAccess
return dce.request(request)
def hLsarDeleteObject(dce, objectHandle):
request = LsarDeleteObject()
request['ObjectHandle'] = objectHandle
return dce.request(request)
def hLsarEnumeratePrivilegesAccount(dce, accountHandle):
request = LsarEnumeratePrivilegesAccount()
request['AccountHandle'] = accountHandle
return dce.request(request)
def hLsarGetSystemAccessAccount(dce, accountHandle):
request = LsarGetSystemAccessAccount()
request['AccountHandle'] = accountHandle
return dce.request(request)
def hLsarSetSystemAccessAccount(dce, accountHandle, systemAccess):
request = LsarSetSystemAccessAccount()
request['AccountHandle'] = accountHandle
request['SystemAccess'] = systemAccess
return dce.request(request)
def hLsarAddPrivilegesToAccount(dce, accountHandle, privileges):
request = LsarAddPrivilegesToAccount()
request['AccountHandle'] = accountHandle
request['Privileges']['PrivilegeCount'] = len(privileges)
request['Privileges']['Control'] = 0
for priv in privileges:
request['Privileges']['Privilege'].append(priv)
return dce.request(request)
def hLsarRemovePrivilegesFromAccount(dce, accountHandle, privileges, allPrivileges = False):
request = LsarRemovePrivilegesFromAccount()
request['AccountHandle'] = accountHandle
request['Privileges']['Control'] = 0
if privileges != NULL:
request['Privileges']['PrivilegeCount'] = len(privileges)
for priv in privileges:
request['Privileges']['Privilege'].append(priv)
else:
request['Privileges']['PrivilegeCount'] = NULL
request['AllPrivileges'] = allPrivileges
return dce.request(request)
def hLsarEnumerateAccountRights(dce, policyHandle, accountSid):
request = LsarEnumerateAccountRights()
request['PolicyHandle'] = policyHandle
request['AccountSid'].fromCanonical(accountSid)
return dce.request(request)
def hLsarAddAccountRights(dce, policyHandle, accountSid, userRights):
request = LsarAddAccountRights()
request['PolicyHandle'] = policyHandle
request['AccountSid'].fromCanonical(accountSid)
request['UserRights']['EntriesRead'] = len(userRights)
for userRight in userRights:
right = RPC_UNICODE_STRING()
right['Data'] = userRight
request['UserRights']['UserRights'].append(right)
return dce.request(request)
def hLsarRemoveAccountRights(dce, policyHandle, accountSid, userRights):
request = LsarRemoveAccountRights()
request['PolicyHandle'] = policyHandle
request['AccountSid'].fromCanonical(accountSid)
request['UserRights']['EntriesRead'] = len(userRights)
for userRight in userRights:
right = RPC_UNICODE_STRING()
right['Data'] = userRight
request['UserRights']['UserRights'].append(right)
return dce.request(request)
def hLsarCreateSecret(dce, policyHandle, secretName, desiredAccess=MAXIMUM_ALLOWED):
request = LsarCreateSecret()
request['PolicyHandle'] = policyHandle
request['SecretName'] = secretName
request['DesiredAccess'] = desiredAccess
return dce.request(request)
def hLsarOpenSecret(dce, policyHandle, secretName, desiredAccess=MAXIMUM_ALLOWED):
request = LsarOpenSecret()
request['PolicyHandle'] = policyHandle
request['SecretName'] = secretName
request['DesiredAccess'] = desiredAccess
return dce.request(request)
def hLsarSetSecret(dce, secretHandle, encryptedCurrentValue, encryptedOldValue):
request = LsarOpenSecret()
request['SecretHandle'] = secretHandle
if encryptedCurrentValue != NULL:
request['EncryptedCurrentValue']['Length'] = len(encryptedCurrentValue)
request['EncryptedCurrentValue']['MaximumLength'] = len(encryptedCurrentValue)
request['EncryptedCurrentValue']['Buffer'] = list(encryptedCurrentValue)
if encryptedOldValue != NULL:
request['EncryptedOldValue']['Length'] = len(encryptedOldValue)
request['EncryptedOldValue']['MaximumLength'] = len(encryptedOldValue)
request['EncryptedOldValue']['Buffer'] = list(encryptedOldValue)
return dce.request(request)
def hLsarQuerySecret(dce, secretHandle):
request = LsarQuerySecret()
request['SecretHandle'] = secretHandle
request['EncryptedCurrentValue']['Buffer'] = NULL
request['EncryptedOldValue']['Buffer'] = NULL
request['OldValueSetTime'] = NULL
return dce.request(request)
def hLsarRetrievePrivateData(dce, policyHandle, keyName):
request = LsarRetrievePrivateData()
request['PolicyHandle'] = policyHandle
request['KeyName'] = keyName
retVal = dce.request(request)
return b''.join(retVal['EncryptedData']['Buffer'])
def hLsarStorePrivateData(dce, policyHandle, keyName, encryptedData):
request = LsarStorePrivateData()
request['PolicyHandle'] = policyHandle
request['KeyName'] = keyName
if encryptedData != NULL:
request['EncryptedData']['Length'] = len(encryptedData)
request['EncryptedData']['MaximumLength'] = len(encryptedData)
request['EncryptedData']['Buffer'] = list(encryptedData)
else:
request['EncryptedData'] = NULL
return dce.request(request)
def hLsarEnumeratePrivileges(dce, policyHandle, enumerationContext = 0, preferedMaximumLength = 0xffffffff):
request = LsarEnumeratePrivileges()
request['PolicyHandle'] = policyHandle
request['EnumerationContext'] = enumerationContext
request['PreferedMaximumLength'] = preferedMaximumLength
return dce.request(request)
def hLsarLookupPrivilegeValue(dce, policyHandle, name):
request = LsarLookupPrivilegeValue()
request['PolicyHandle'] = policyHandle
request['Name'] = name
return dce.request(request)
def hLsarLookupPrivilegeName(dce, policyHandle, luid):
request = LsarLookupPrivilegeName()
request['PolicyHandle'] = policyHandle
request['Value'] = luid
return dce.request(request)
def hLsarQuerySecurityObject(dce, policyHandle, securityInformation = OWNER_SECURITY_INFORMATION):
request = LsarQuerySecurityObject()
request['PolicyHandle'] = policyHandle
request['SecurityInformation'] = securityInformation
retVal = dce.request(request)
return b''.join(retVal['SecurityDescriptor']['SecurityDescriptor'])
def hLsarSetSecurityObject(dce, policyHandle, securityInformation, securityDescriptor):
request = LsarSetSecurityObject()
request['PolicyHandle'] = policyHandle
request['SecurityInformation'] = securityInformation
request['SecurityDescriptor']['Length'] = len(securityDescriptor)
request['SecurityDescriptor']['SecurityDescriptor'] = list(securityDescriptor)
return dce.request(request)
def hLsarSetInformationPolicy2(dce, policyHandle, informationClass, policyInformation):
request = LsarSetInformationPolicy2()
request['PolicyHandle'] = policyHandle
request['InformationClass'] = informationClass
request['PolicyInformation'] = policyInformation
return dce.request(request)
def hLsarSetInformationPolicy(dce, policyHandle, informationClass, policyInformation):
request = LsarSetInformationPolicy()
request['PolicyHandle'] = policyHandle
request['InformationClass'] = informationClass
request['PolicyInformation'] = policyInformation
return dce.request(request)
Reference in New Issue View Git Blame Copy Permalink