github/Responder
1
0
Fork 0
mirror of https://github.com/lgandx/Responder.git synced 2024-10-18 05:00:39 -07:00
Code Issues Packages Projects Releases Wiki Activity
master
Responder/tools/MultiRelay/impacket-dev/impacket/dcerpc/v5/samr.py

2930 lines
95 KiB
Python
Raw Permalink Blame History

# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
#
# This software is provided under under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# Author: Alberto Solino (@agsolino)
#
# Description:
# [MS-SAMR] Interface implementation
#
# Best way to learn how to use these calls is to grab the protocol standard
# so you understand what the call does, and then read the test case located
# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
#
# Some calls have helper functions, which makes it even easier to use.
# They are located at the end of this file.
# Helper functions start with "h"<name of the call>.
# There are test cases for them too.
#
from __future__ import division
from __future__ import print_function
from binascii import unhexlify
from impacket.dcerpc.v5.ndr import NDRCALL, NDR, NDRSTRUCT, NDRUNION, NDRPOINTER, NDRUniConformantArray, \
NDRUniConformantVaryingArray, NDRENUM
from impacket.dcerpc.v5.dtypes import NULL, RPC_UNICODE_STRING, ULONG, USHORT, UCHAR, LARGE_INTEGER, RPC_SID, LONG, STR, \
LPBYTE, SECURITY_INFORMATION, PRPC_SID, PRPC_UNICODE_STRING, LPWSTR
from impacket.dcerpc.v5.rpcrt import DCERPCException
from impacket import nt_errors, LOG
from impacket.uuid import uuidtup_to_bin
from impacket.dcerpc.v5.enum import Enum
from impacket.structure import Structure
import struct
import os
from hashlib import md5
from Cryptodome.Cipher import ARC4
MSRPC_UUID_SAMR = uuidtup_to_bin(('12345778-1234-ABCD-EF00-0123456789AC', '1.0'))
class DCERPCSessionError(DCERPCException):
def __init__(self, error_string=None, error_code=None, packet=None):
DCERPCException.__init__(self, error_string, error_code, packet)
def __str__( self ):
key = self.error_code
if key in nt_errors.ERROR_MESSAGES:
error_msg_short = nt_errors.ERROR_MESSAGES[key][0]
error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1]
return 'SAMR SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
else:
return 'SAMR SessionError: unknown error code: 0x%x' % self.error_code
################################################################################
# CONSTANTS
################################################################################
PSAMPR_SERVER_NAME = LPWSTR
# 2.2.1.1 Common ACCESS_MASK Values
DELETE = 0x00010000
READ_CONTROL = 0x00020000
WRITE_DAC = 0x00040000
WRITE_OWNER = 0x00080000
ACCESS_SYSTEM_SECURITY = 0x01000000
MAXIMUM_ALLOWED = 0x02000000
# 2.2.1.2 Generic ACCESS_MASK Values
GENERIC_READ = 0x80000000
GENERIC_WRITE = 0x40000000
GENERIC_EXECUTE = 0x20000000
GENERIC_ALL = 0x10000000
# 2.2.1.3 Server ACCESS_MASK Values
SAM_SERVER_CONNECT = 0x00000001
SAM_SERVER_SHUTDOWN = 0x00000002
SAM_SERVER_INITIALIZE = 0x00000004
SAM_SERVER_CREATE_DOMAIN = 0x00000008
SAM_SERVER_ENUMERATE_DOMAINS = 0x00000010
SAM_SERVER_LOOKUP_DOMAIN = 0x00000020
SAM_SERVER_ALL_ACCESS = 0x000F003F
SAM_SERVER_READ = 0x00020010
SAM_SERVER_WRITE = 0x0002000E
SAM_SERVER_EXECUTE = 0x00020021
# 2.2.1.4 Domain ACCESS_MASK Values
DOMAIN_READ_PASSWORD_PARAMETERS = 0x00000001
DOMAIN_WRITE_PASSWORD_PARAMS = 0x00000002
DOMAIN_READ_OTHER_PARAMETERS = 0x00000004
DOMAIN_WRITE_OTHER_PARAMETERS = 0x00000008
DOMAIN_CREATE_USER = 0x00000010
DOMAIN_CREATE_GROUP = 0x00000020
DOMAIN_CREATE_ALIAS = 0x00000040
DOMAIN_GET_ALIAS_MEMBERSHIP = 0x00000080
DOMAIN_LIST_ACCOUNTS = 0x00000100
DOMAIN_LOOKUP = 0x00000200
DOMAIN_ADMINISTER_SERVER = 0x00000400
DOMAIN_ALL_ACCESS = 0x000F07FF
DOMAIN_READ = 0x00020084
DOMAIN_WRITE = 0x0002047A
DOMAIN_EXECUTE = 0x00020301
# 2.2.1.5 Group ACCESS_MASK Values
GROUP_READ_INFORMATION = 0x00000001
GROUP_WRITE_ACCOUNT = 0x00000002
GROUP_ADD_MEMBER = 0x00000004
GROUP_REMOVE_MEMBER = 0x00000008
GROUP_LIST_MEMBERS = 0x00000010
GROUP_ALL_ACCESS = 0x000F001F
GROUP_READ = 0x00020010
GROUP_WRITE = 0x0002000E
GROUP_EXECUTE = 0x00020001
# 2.2.1.6 Alias ACCESS_MASK Values
ALIAS_ADD_MEMBER = 0x00000001
ALIAS_REMOVE_MEMBER = 0x00000002
ALIAS_LIST_MEMBERS = 0x00000004
ALIAS_READ_INFORMATION = 0x00000008
ALIAS_WRITE_ACCOUNT = 0x00000010
ALIAS_ALL_ACCESS = 0x000F001F
ALIAS_READ = 0x00020004
ALIAS_WRITE = 0x00020013
ALIAS_EXECUTE = 0x00020008
# 2.2.1.7 User ACCESS_MASK Values
USER_READ_GENERAL = 0x00000001
USER_READ_PREFERENCES = 0x00000002
USER_WRITE_PREFERENCES = 0x00000004
USER_READ_LOGON = 0x00000008
USER_READ_ACCOUNT = 0x00000010
USER_WRITE_ACCOUNT = 0x00000020
USER_CHANGE_PASSWORD = 0x00000040
USER_FORCE_PASSWORD_CHANGE = 0x00000080
USER_LIST_GROUPS = 0x00000100
USER_READ_GROUP_INFORMATION = 0x00000200
USER_WRITE_GROUP_INFORMATION = 0x00000400
USER_ALL_ACCESS = 0x000F07FF
USER_READ = 0x0002031A
USER_WRITE = 0x00020044
USER_EXECUTE = 0x00020041
# 2.2.1.8 USER_ALL Values
USER_ALL_USERNAME = 0x00000001
USER_ALL_FULLNAME = 0x00000002
USER_ALL_USERID = 0x00000004
USER_ALL_PRIMARYGROUPID = 0x00000008
USER_ALL_ADMINCOMMENT = 0x00000010
USER_ALL_USERCOMMENT = 0x00000020
USER_ALL_HOMEDIRECTORY = 0x00000040
USER_ALL_HOMEDIRECTORYDRIVE = 0x00000080
USER_ALL_SCRIPTPATH = 0x00000100
USER_ALL_PROFILEPATH = 0x00000200
USER_ALL_WORKSTATIONS = 0x00000400
USER_ALL_LASTLOGON = 0x00000800
USER_ALL_LASTLOGOFF = 0x00001000
USER_ALL_LOGONHOURS = 0x00002000
USER_ALL_BADPASSWORDCOUNT = 0x00004000
USER_ALL_LOGONCOUNT = 0x00008000
USER_ALL_PASSWORDCANCHANGE = 0x00010000
USER_ALL_PASSWORDMUSTCHANGE = 0x00020000
USER_ALL_PASSWORDLASTSET = 0x00040000
USER_ALL_ACCOUNTEXPIRES = 0x00080000
USER_ALL_USERACCOUNTCONTROL = 0x00100000
USER_ALL_PARAMETERS = 0x00200000
USER_ALL_COUNTRYCODE = 0x00400000
USER_ALL_CODEPAGE = 0x00800000
USER_ALL_NTPASSWORDPRESENT = 0x01000000
USER_ALL_LMPASSWORDPRESENT = 0x02000000
USER_ALL_PRIVATEDATA = 0x04000000
USER_ALL_PASSWORDEXPIRED = 0x08000000
USER_ALL_SECURITYDESCRIPTOR = 0x10000000
USER_ALL_UNDEFINED_MASK = 0xC0000000
# 2.2.1.9 ACCOUNT_TYPE Values
SAM_DOMAIN_OBJECT = 0x00000000
SAM_GROUP_OBJECT = 0x10000000
SAM_NON_SECURITY_GROUP_OBJECT = 0x10000001
SAM_ALIAS_OBJECT = 0x20000000
SAM_NON_SECURITY_ALIAS_OBJECT = 0x20000001
SAM_USER_OBJECT = 0x30000000
SAM_MACHINE_ACCOUNT = 0x30000001
SAM_TRUST_ACCOUNT = 0x30000002
SAM_APP_BASIC_GROUP = 0x40000000
SAM_APP_QUERY_GROUP = 0x40000001
# 2.2.1.10 SE_GROUP Attributes
SE_GROUP_MANDATORY = 0x00000001
SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002
SE_GROUP_ENABLED = 0x00000004
# 2.2.1.11 GROUP_TYPE Codes
GROUP_TYPE_ACCOUNT_GROUP = 0x00000002
GROUP_TYPE_RESOURCE_GROUP = 0x00000004
GROUP_TYPE_UNIVERSAL_GROUP = 0x00000008
GROUP_TYPE_SECURITY_ENABLED = 0x80000000
GROUP_TYPE_SECURITY_ACCOUNT = 0x80000002
GROUP_TYPE_SECURITY_RESOURCE = 0x80000004
GROUP_TYPE_SECURITY_UNIVERSAL = 0x80000008
# 2.2.1.12 USER_ACCOUNT Codes
USER_ACCOUNT_DISABLED = 0x00000001
USER_HOME_DIRECTORY_REQUIRED = 0x00000002
USER_PASSWORD_NOT_REQUIRED = 0x00000004
USER_TEMP_DUPLICATE_ACCOUNT = 0x00000008
USER_NORMAL_ACCOUNT = 0x00000010
USER_MNS_LOGON_ACCOUNT = 0x00000020
USER_INTERDOMAIN_TRUST_ACCOUNT = 0x00000040
USER_WORKSTATION_TRUST_ACCOUNT = 0x00000080
USER_SERVER_TRUST_ACCOUNT = 0x00000100
USER_DONT_EXPIRE_PASSWORD = 0x00000200
USER_ACCOUNT_AUTO_LOCKED = 0x00000400
USER_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0x00000800
USER_SMARTCARD_REQUIRED = 0x00001000
USER_TRUSTED_FOR_DELEGATION = 0x00002000
USER_NOT_DELEGATED = 0x00004000
USER_USE_DES_KEY_ONLY = 0x00008000
USER_DONT_REQUIRE_PREAUTH = 0x00010000
USER_PASSWORD_EXPIRED = 0x00020000
USER_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x00040000
USER_NO_AUTH_DATA_REQUIRED = 0x00080000
USER_PARTIAL_SECRETS_ACCOUNT = 0x00100000
USER_USE_AES_KEYS = 0x00200000
# 2.2.1.13 UF_FLAG Codes
UF_SCRIPT = 0x00000001
UF_ACCOUNTDISABLE = 0x00000002
UF_HOMEDIR_REQUIRED = 0x00000008
UF_LOCKOUT = 0x00000010
UF_PASSWD_NOTREQD = 0x00000020
UF_PASSWD_CANT_CHANGE = 0x00000040
UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0x00000080
UF_TEMP_DUPLICATE_ACCOUNT = 0x00000100
UF_NORMAL_ACCOUNT = 0x00000200
UF_INTERDOMAIN_TRUST_ACCOUNT = 0x00000800
UF_WORKSTATION_TRUST_ACCOUNT = 0x00001000
UF_SERVER_TRUST_ACCOUNT = 0x00002000
UF_DONT_EXPIRE_PASSWD = 0x00010000
UF_MNS_LOGON_ACCOUNT = 0x00020000
UF_SMARTCARD_REQUIRED = 0x00040000
UF_TRUSTED_FOR_DELEGATION = 0x00080000
UF_NOT_DELEGATED = 0x00100000
UF_USE_DES_KEY_ONLY = 0x00200000
UF_DONT_REQUIRE_PREAUTH = 0x00400000
UF_PASSWORD_EXPIRED = 0x00800000
UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x01000000
UF_NO_AUTH_DATA_REQUIRED = 0x02000000
UF_PARTIAL_SECRETS_ACCOUNT = 0x04000000
UF_USE_AES_KEYS = 0x08000000
# 2.2.1.14 Predefined RIDs
DOMAIN_USER_RID_ADMIN = 0x000001F4
DOMAIN_USER_RID_GUEST = 0x000001F5
DOMAIN_USER_RID_KRBTGT = 0x000001F6
DOMAIN_GROUP_RID_ADMINS = 0x00000200
DOMAIN_GROUP_RID_USERS = 0x00000201
DOMAIN_GROUP_RID_COMPUTERS = 0x00000203
DOMAIN_GROUP_RID_CONTROLLERS = 0x00000204
DOMAIN_ALIAS_RID_ADMINS = 0x00000220
DOMAIN_GROUP_RID_READONLY_CONTROLLERS = 0x00000209
# 2.2.4.1 Domain Fields
DOMAIN_PASSWORD_COMPLEX = 0x00000001
DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002
DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004
DOMAIN_LOCKOUT_ADMINS = 0x00000008
DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010
DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020
# 2.2.9.2 SAM_VALIDATE_PERSISTED_FIELDS PresentFields
SAM_VALIDATE_PASSWORD_LAST_SET = 0x00000001
SAM_VALIDATE_BAD_PASSWORD_TIME = 0x00000002
SAM_VALIDATE_LOCKOUT_TIME = 0x00000004
SAM_VALIDATE_BAD_PASSWORD_COUNT = 0x00000008
SAM_VALIDATE_PASSWORD_HISTORY_LENGTH = 0x00000010
SAM_VALIDATE_PASSWORD_HISTORY = 0x00000020
################################################################################
# STRUCTURES
################################################################################
class RPC_UNICODE_STRING_ARRAY(NDRUniConformantVaryingArray):
item = RPC_UNICODE_STRING
class RPC_UNICODE_STRING_ARRAY_C(NDRUniConformantArray):
item = RPC_UNICODE_STRING
class PRPC_UNICODE_STRING_ARRAY(NDRPOINTER):
referent = (
('Data',RPC_UNICODE_STRING_ARRAY_C),
)
# 2.2.2.1 RPC_STRING, PRPC_STRING
class RPC_STRING(NDRSTRUCT):
commonHdr = (
('MaximumLength','<H=len(Data)-12'),
('Length','<H=len(Data)-12'),
('ReferentID','<L=0xff'),
)
commonHdr64 = (
('MaximumLength','<H=len(Data)-24'),
('Length','<H=len(Data)-24'),
('ReferentID','<Q=0xff'),
)
referent = (
('Data',STR),
)
def dump(self, msg = None, indent = 0):
if msg is None:
msg = self.__class__.__name__
if msg != '':
print("%s" % msg, end=' ')
# Here just print the data
print(" %r" % (self['Data']), end=' ')
class PRPC_STRING(NDRPOINTER):
referent = (
('Data', RPC_STRING),
)
# 2.2.2.2 OLD_LARGE_INTEGER
class OLD_LARGE_INTEGER(NDRSTRUCT):
structure = (
('LowPart',ULONG),
('HighPart',LONG),
)
# 2.2.2.3 SID_NAME_USE
class SID_NAME_USE(NDRENUM):
class enumItems(Enum):
SidTypeUser = 1
SidTypeGroup = 2
SidTypeDomain = 3
SidTypeAlias = 4
SidTypeWellKnownGroup = 5
SidTypeDeletedAccount = 6
SidTypeInvalid = 7
SidTypeUnknown = 8
SidTypeComputer = 9
SidTypeLabel = 10
# 2.2.2.4 RPC_SHORT_BLOB
class USHORT_ARRAY(NDRUniConformantVaryingArray):
item = '<H'
pass
class PUSHORT_ARRAY(NDRPOINTER):
referent = (
('Data', USHORT_ARRAY),
)
class RPC_SHORT_BLOB(NDRSTRUCT):
structure = (
('Length', USHORT),
('MaximumLength', USHORT),
('Buffer',PUSHORT_ARRAY),
)
# 2.2.3.2 SAMPR_HANDLE
class SAMPR_HANDLE(NDRSTRUCT):
structure = (
('Data','20s=b""'),
)
def getAlignment(self):
if self._isNDR64 is True:
return 8
else:
return 4
# 2.2.3.3 ENCRYPTED_LM_OWF_PASSWORD, ENCRYPTED_NT_OWF_PASSWORD
class ENCRYPTED_LM_OWF_PASSWORD(NDRSTRUCT):
structure = (
('Data', '16s=b""'),
)
def getAlignment(self):
return 1
ENCRYPTED_NT_OWF_PASSWORD = ENCRYPTED_LM_OWF_PASSWORD
class PENCRYPTED_LM_OWF_PASSWORD(NDRPOINTER):
referent = (
('Data', ENCRYPTED_LM_OWF_PASSWORD),
)
PENCRYPTED_NT_OWF_PASSWORD = PENCRYPTED_LM_OWF_PASSWORD
# 2.2.3.4 SAMPR_ULONG_ARRAY
#class SAMPR_ULONG_ARRAY(NDRUniConformantVaryingArray):
# item = '<L'
class ULONG_ARRAY(NDRUniConformantArray):
item = ULONG
class PULONG_ARRAY(NDRPOINTER):
referent = (
('Data', ULONG_ARRAY),
)
class ULONG_ARRAY_CV(NDRUniConformantVaryingArray):
item = ULONG
class SAMPR_ULONG_ARRAY(NDRSTRUCT):
structure = (
('Count', ULONG),
('Element', PULONG_ARRAY),
)
# 2.2.3.5 SAMPR_SID_INFORMATION
class SAMPR_SID_INFORMATION(NDRSTRUCT):
structure = (
('SidPointer', RPC_SID),
)
class PSAMPR_SID_INFORMATION(NDRPOINTER):
referent = (
('Data', SAMPR_SID_INFORMATION),
)
class SAMPR_SID_INFORMATION_ARRAY(NDRUniConformantArray):
item = PSAMPR_SID_INFORMATION
class PSAMPR_SID_INFORMATION_ARRAY(NDRPOINTER):
referent = (
('Data', SAMPR_SID_INFORMATION_ARRAY),
)
# 2.2.3.6 SAMPR_PSID_ARRAY
class SAMPR_PSID_ARRAY(NDRSTRUCT):
structure = (
('Count', ULONG),
('Sids', PSAMPR_SID_INFORMATION_ARRAY),
)
# 2.2.3.7 SAMPR_PSID_ARRAY_OUT
class SAMPR_PSID_ARRAY_OUT(NDRSTRUCT):
structure = (
('Count', ULONG),
('Sids', PSAMPR_SID_INFORMATION_ARRAY),
)
# 2.2.3.8 SAMPR_RETURNED_USTRING_ARRAY
class SAMPR_RETURNED_USTRING_ARRAY(NDRSTRUCT):
structure = (
('Count', ULONG),
('Element', PRPC_UNICODE_STRING_ARRAY),
)
# 2.2.3.9 SAMPR_RID_ENUMERATION
class SAMPR_RID_ENUMERATION(NDRSTRUCT):
structure = (
('RelativeId',ULONG),
('Name',RPC_UNICODE_STRING),
)
class SAMPR_RID_ENUMERATION_ARRAY(NDRUniConformantArray):
item = SAMPR_RID_ENUMERATION
class PSAMPR_RID_ENUMERATION_ARRAY(NDRPOINTER):
referent = (
('Data', SAMPR_RID_ENUMERATION_ARRAY),
)
# 2.2.3.10 SAMPR_ENUMERATION_BUFFER
class SAMPR_ENUMERATION_BUFFER(NDRSTRUCT):
structure = (
('EntriesRead',ULONG ),
('Buffer',PSAMPR_RID_ENUMERATION_ARRAY ),
)
class PSAMPR_ENUMERATION_BUFFER(NDRPOINTER):
referent = (
('Data',SAMPR_ENUMERATION_BUFFER),
)
# 2.2.3.11 SAMPR_SR_SECURITY_DESCRIPTOR
class CHAR_ARRAY(NDRUniConformantArray):
pass
class PCHAR_ARRAY(NDRPOINTER):
referent = (
('Data', CHAR_ARRAY),
)
class SAMPR_SR_SECURITY_DESCRIPTOR(NDRSTRUCT):
structure = (
('Length', ULONG),
('SecurityDescriptor', PCHAR_ARRAY),
)
class PSAMPR_SR_SECURITY_DESCRIPTOR(NDRPOINTER):
referent = (
('Data', SAMPR_SR_SECURITY_DESCRIPTOR),
)
# 2.2.3.12 GROUP_MEMBERSHIP
class GROUP_MEMBERSHIP(NDRSTRUCT):
structure = (
('RelativeId',ULONG),
('Attributes',ULONG),
)
class GROUP_MEMBERSHIP_ARRAY(NDRUniConformantArray):
item = GROUP_MEMBERSHIP
class PGROUP_MEMBERSHIP_ARRAY(NDRPOINTER):
referent = (
('Data',GROUP_MEMBERSHIP_ARRAY),
)
# 2.2.3.13 SAMPR_GET_GROUPS_BUFFER
class SAMPR_GET_GROUPS_BUFFER(NDRSTRUCT):
structure = (
('MembershipCount',ULONG),
('Groups',PGROUP_MEMBERSHIP_ARRAY),
)
class PSAMPR_GET_GROUPS_BUFFER(NDRPOINTER):
referent = (
('Data',SAMPR_GET_GROUPS_BUFFER),
)
# 2.2.3.14 SAMPR_GET_MEMBERS_BUFFER
class SAMPR_GET_MEMBERS_BUFFER(NDRSTRUCT):
structure = (
('MemberCount', ULONG),
('Members', PULONG_ARRAY),
('Attributes', PULONG_ARRAY),
)
class PSAMPR_GET_MEMBERS_BUFFER(NDRPOINTER):
referent = (
('Data', SAMPR_GET_MEMBERS_BUFFER),
)
# 2.2.3.15 SAMPR_REVISION_INFO_V1
class SAMPR_REVISION_INFO_V1(NDRSTRUCT):
structure = (
('Revision',ULONG),
('SupportedFeatures',ULONG),
)
# 2.2.3.16 SAMPR_REVISION_INFO
class SAMPR_REVISION_INFO(NDRUNION):
commonHdr = (
('tag', ULONG),
)
union = {
1: ('V1', SAMPR_REVISION_INFO_V1),
}
# 2.2.3.17 USER_DOMAIN_PASSWORD_INFORMATION
class USER_DOMAIN_PASSWORD_INFORMATION(NDRSTRUCT):
structure = (
('MinPasswordLength', USHORT),
('PasswordProperties', ULONG),
)
# 2.2.4.2 DOMAIN_SERVER_ENABLE_STATE
class DOMAIN_SERVER_ENABLE_STATE(NDRENUM):
class enumItems(Enum):
DomainServerEnabled = 1
DomainServerDisabled = 2
# 2.2.4.3 DOMAIN_STATE_INFORMATION
class DOMAIN_STATE_INFORMATION(NDRSTRUCT):
structure = (
('DomainServerState', DOMAIN_SERVER_ENABLE_STATE),
)
# 2.2.4.4 DOMAIN_SERVER_ROLE
class DOMAIN_SERVER_ROLE(NDRENUM):
class enumItems(Enum):
DomainServerRoleBackup = 2
DomainServerRolePrimary = 3
# 2.2.4.5 DOMAIN_PASSWORD_INFORMATION
class DOMAIN_PASSWORD_INFORMATION(NDRSTRUCT):
structure = (
('MinPasswordLength', USHORT),
('PasswordHistoryLength', USHORT),
('PasswordProperties', ULONG),
('MaxPasswordAge', OLD_LARGE_INTEGER),
('MinPasswordAge', OLD_LARGE_INTEGER),
)
# 2.2.4.6 DOMAIN_LOGOFF_INFORMATION
class DOMAIN_LOGOFF_INFORMATION(NDRSTRUCT):
structure = (
('ForceLogoff', OLD_LARGE_INTEGER),
)
# 2.2.4.7 DOMAIN_SERVER_ROLE_INFORMATION
class DOMAIN_SERVER_ROLE_INFORMATION(NDRSTRUCT):
structure = (
('DomainServerRole', DOMAIN_SERVER_ROLE),
)
# 2.2.4.8 DOMAIN_MODIFIED_INFORMATION
class DOMAIN_MODIFIED_INFORMATION(NDRSTRUCT):
structure = (
('DomainModifiedCount', OLD_LARGE_INTEGER),
('CreationTime', OLD_LARGE_INTEGER),
)
# 2.2.4.9 DOMAIN_MODIFIED_INFORMATION2
class DOMAIN_MODIFIED_INFORMATION2(NDRSTRUCT):
structure = (
('DomainModifiedCount', OLD_LARGE_INTEGER),
('CreationTime', OLD_LARGE_INTEGER),
('ModifiedCountAtLastPromotion', OLD_LARGE_INTEGER),
)
# 2.2.4.10 SAMPR_DOMAIN_GENERAL_INFORMATION
class SAMPR_DOMAIN_GENERAL_INFORMATION(NDRSTRUCT):
structure = (
('ForceLogoff', OLD_LARGE_INTEGER),
('OemInformation', RPC_UNICODE_STRING),
('DomainName', RPC_UNICODE_STRING),
('ReplicaSourceNodeName', RPC_UNICODE_STRING),
('DomainModifiedCount', OLD_LARGE_INTEGER),
('DomainServerState', ULONG),
('DomainServerRole', ULONG),
('UasCompatibilityRequired', UCHAR),
('UserCount', ULONG),
('GroupCount', ULONG),
('AliasCount', ULONG),
)
# 2.2.4.11 SAMPR_DOMAIN_GENERAL_INFORMATION2
class SAMPR_DOMAIN_GENERAL_INFORMATION2(NDRSTRUCT):
structure = (
('I1', SAMPR_DOMAIN_GENERAL_INFORMATION),
('LockoutDuration', LARGE_INTEGER),
('LockoutObservationWindow', LARGE_INTEGER),
('LockoutThreshold', USHORT),
)
# 2.2.4.12 SAMPR_DOMAIN_OEM_INFORMATION
class SAMPR_DOMAIN_OEM_INFORMATION(NDRSTRUCT):
structure = (
('OemInformation', RPC_UNICODE_STRING),
)
# 2.2.4.13 SAMPR_DOMAIN_NAME_INFORMATION
class SAMPR_DOMAIN_NAME_INFORMATION(NDRSTRUCT):
structure = (
('DomainName', RPC_UNICODE_STRING),
)
# 2.2.4.14 SAMPR_DOMAIN_REPLICATION_INFORMATION
class SAMPR_DOMAIN_REPLICATION_INFORMATION(NDRSTRUCT):
structure = (
('ReplicaSourceNodeName', RPC_UNICODE_STRING),
)
# 2.2.4.15 SAMPR_DOMAIN_LOCKOUT_INFORMATION
class SAMPR_DOMAIN_LOCKOUT_INFORMATION(NDRSTRUCT):
structure = (
('LockoutDuration', LARGE_INTEGER),
('LockoutObservationWindow', LARGE_INTEGER),
('LockoutThreshold', USHORT),
)
# 2.2.4.16 DOMAIN_INFORMATION_CLASS
class DOMAIN_INFORMATION_CLASS(NDRENUM):
class enumItems(Enum):
DomainPasswordInformation = 1
DomainGeneralInformation = 2
DomainLogoffInformation = 3
DomainOemInformation = 4
DomainNameInformation = 5
DomainReplicationInformation = 6
DomainServerRoleInformation = 7
DomainModifiedInformation = 8
DomainStateInformation = 9
DomainGeneralInformation2 = 11
DomainLockoutInformation = 12
DomainModifiedInformation2 = 13
# 2.2.4.17 SAMPR_DOMAIN_INFO_BUFFER
class SAMPR_DOMAIN_INFO_BUFFER(NDRUNION):
union = {
DOMAIN_INFORMATION_CLASS.DomainPasswordInformation : ('Password', DOMAIN_PASSWORD_INFORMATION),
DOMAIN_INFORMATION_CLASS.DomainGeneralInformation : ('General', SAMPR_DOMAIN_GENERAL_INFORMATION),
DOMAIN_INFORMATION_CLASS.DomainLogoffInformation : ('Logoff', DOMAIN_LOGOFF_INFORMATION),
DOMAIN_INFORMATION_CLASS.DomainOemInformation : ('Oem', SAMPR_DOMAIN_OEM_INFORMATION),
DOMAIN_INFORMATION_CLASS.DomainNameInformation : ('Name', SAMPR_DOMAIN_NAME_INFORMATION),
DOMAIN_INFORMATION_CLASS.DomainServerRoleInformation : ('Role', DOMAIN_SERVER_ROLE_INFORMATION),
DOMAIN_INFORMATION_CLASS.DomainReplicationInformation : ('Replication', SAMPR_DOMAIN_REPLICATION_INFORMATION),
DOMAIN_INFORMATION_CLASS.DomainModifiedInformation : ('Modified', DOMAIN_MODIFIED_INFORMATION),
DOMAIN_INFORMATION_CLASS.DomainStateInformation : ('State', DOMAIN_STATE_INFORMATION),
DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2 : ('General2', SAMPR_DOMAIN_GENERAL_INFORMATION2),
DOMAIN_INFORMATION_CLASS.DomainLockoutInformation : ('Lockout', SAMPR_DOMAIN_LOCKOUT_INFORMATION),
DOMAIN_INFORMATION_CLASS.DomainModifiedInformation2 : ('Modified2', DOMAIN_MODIFIED_INFORMATION2),
}
class PSAMPR_DOMAIN_INFO_BUFFER(NDRPOINTER):
referent = (
('Data', SAMPR_DOMAIN_INFO_BUFFER),
)
# 2.2.5.2 GROUP_ATTRIBUTE_INFORMATION
class GROUP_ATTRIBUTE_INFORMATION(NDRSTRUCT):
structure = (
('Attributes', ULONG),
)
# 2.2.5.3 SAMPR_GROUP_GENERAL_INFORMATION
class SAMPR_GROUP_GENERAL_INFORMATION(NDRSTRUCT):
structure = (
('Name', RPC_UNICODE_STRING),
('Attributes', ULONG),
('MemberCount', ULONG),
('AdminComment', RPC_UNICODE_STRING),
)
# 2.2.5.4 SAMPR_GROUP_NAME_INFORMATION
class SAMPR_GROUP_NAME_INFORMATION(NDRSTRUCT):
structure = (
('Name', RPC_UNICODE_STRING),
)
# 2.2.5.5 SAMPR_GROUP_ADM_COMMENT_INFORMATION
class SAMPR_GROUP_ADM_COMMENT_INFORMATION(NDRSTRUCT):
structure = (
('AdminComment', RPC_UNICODE_STRING),
)
# 2.2.5.6 GROUP_INFORMATION_CLASS
class GROUP_INFORMATION_CLASS(NDRENUM):
class enumItems(Enum):
GroupGeneralInformation = 1
GroupNameInformation = 2
GroupAttributeInformation = 3
GroupAdminCommentInformation = 4
GroupReplicationInformation = 5
# 2.2.5.7 SAMPR_GROUP_INFO_BUFFER
class SAMPR_GROUP_INFO_BUFFER(NDRUNION):
union = {
GROUP_INFORMATION_CLASS.GroupGeneralInformation : ('General', SAMPR_GROUP_GENERAL_INFORMATION),
GROUP_INFORMATION_CLASS.GroupNameInformation : ('Name', SAMPR_GROUP_NAME_INFORMATION),
GROUP_INFORMATION_CLASS.GroupAttributeInformation : ('Attribute', GROUP_ATTRIBUTE_INFORMATION),
GROUP_INFORMATION_CLASS.GroupAdminCommentInformation : ('AdminComment', SAMPR_GROUP_ADM_COMMENT_INFORMATION),
GROUP_INFORMATION_CLASS.GroupReplicationInformation : ('DoNotUse', SAMPR_GROUP_GENERAL_INFORMATION),
}
class PSAMPR_GROUP_INFO_BUFFER(NDRPOINTER):
referent = (
('Data', SAMPR_GROUP_INFO_BUFFER),
)
# 2.2.6.2 SAMPR_ALIAS_GENERAL_INFORMATION
class SAMPR_ALIAS_GENERAL_INFORMATION(NDRSTRUCT):
structure = (
('Name', RPC_UNICODE_STRING),
('MemberCount', ULONG),
('AdminComment', RPC_UNICODE_STRING),
)
# 2.2.6.3 SAMPR_ALIAS_NAME_INFORMATION
class SAMPR_ALIAS_NAME_INFORMATION(NDRSTRUCT):
structure = (
('Name', RPC_UNICODE_STRING),
)
# 2.2.6.4 SAMPR_ALIAS_ADM_COMMENT_INFORMATION
class SAMPR_ALIAS_ADM_COMMENT_INFORMATION(NDRSTRUCT):
structure = (
('AdminComment', RPC_UNICODE_STRING),
)
# 2.2.6.5 ALIAS_INFORMATION_CLASS
class ALIAS_INFORMATION_CLASS(NDRENUM):
class enumItems(Enum):
AliasGeneralInformation = 1
AliasNameInformation = 2
AliasAdminCommentInformation = 3
# 2.2.6.6 SAMPR_ALIAS_INFO_BUFFER
class SAMPR_ALIAS_INFO_BUFFER(NDRUNION):
union = {
ALIAS_INFORMATION_CLASS.AliasGeneralInformation : ('General', SAMPR_ALIAS_GENERAL_INFORMATION),
ALIAS_INFORMATION_CLASS.AliasNameInformation : ('Name', SAMPR_ALIAS_NAME_INFORMATION),
ALIAS_INFORMATION_CLASS.AliasAdminCommentInformation : ('AdminComment', SAMPR_ALIAS_ADM_COMMENT_INFORMATION),
}
class PSAMPR_ALIAS_INFO_BUFFER(NDRPOINTER):
referent = (
('Data', SAMPR_ALIAS_INFO_BUFFER),
)
# 2.2.7.2 USER_PRIMARY_GROUP_INFORMATION
class USER_PRIMARY_GROUP_INFORMATION(NDRSTRUCT):
structure = (
('PrimaryGroupId', ULONG),
)
# 2.2.7.3 USER_CONTROL_INFORMATION
class USER_CONTROL_INFORMATION(NDRSTRUCT):
structure = (
('UserAccountControl', ULONG),
)
# 2.2.7.4 USER_EXPIRES_INFORMATION
class USER_EXPIRES_INFORMATION(NDRSTRUCT):
structure = (
('AccountExpires', OLD_LARGE_INTEGER),
)
# 2.2.7.5 SAMPR_LOGON_HOURS
class LOGON_HOURS_ARRAY(NDRUniConformantVaryingArray):
pass
class PLOGON_HOURS_ARRAY(NDRPOINTER):
referent = (
('Data', LOGON_HOURS_ARRAY),
)
class SAMPR_LOGON_HOURS(NDRSTRUCT):
structure = (
#('UnitsPerWeek', NDRSHORT),
('UnitsPerWeek', ULONG),
('LogonHours', PLOGON_HOURS_ARRAY),
)
def getData(self, soFar = 0):
if self['LogonHours'] != 0:
self['UnitsPerWeek'] = len(self['LogonHours']) * 8
return NDR.getData(self, soFar)
# 2.2.7.6 SAMPR_USER_ALL_INFORMATION
class SAMPR_USER_ALL_INFORMATION(NDRSTRUCT):
structure = (
('LastLogon', OLD_LARGE_INTEGER),
('LastLogoff', OLD_LARGE_INTEGER),
('PasswordLastSet', OLD_LARGE_INTEGER),
('AccountExpires', OLD_LARGE_INTEGER),
('PasswordCanChange', OLD_LARGE_INTEGER),
('PasswordMustChange', OLD_LARGE_INTEGER),
('UserName', RPC_UNICODE_STRING),
('FullName', RPC_UNICODE_STRING),
('HomeDirectory', RPC_UNICODE_STRING),
('HomeDirectoryDrive', RPC_UNICODE_STRING),
('ScriptPath', RPC_UNICODE_STRING),
('ProfilePath', RPC_UNICODE_STRING),
('AdminComment', RPC_UNICODE_STRING),
('WorkStations', RPC_UNICODE_STRING),
('UserComment', RPC_UNICODE_STRING),
('Parameters', RPC_UNICODE_STRING),
('LmOwfPassword', RPC_SHORT_BLOB),
('NtOwfPassword', RPC_SHORT_BLOB),
('PrivateData', RPC_UNICODE_STRING),
('SecurityDescriptor', SAMPR_SR_SECURITY_DESCRIPTOR),
('UserId', ULONG),
('PrimaryGroupId', ULONG),
('UserAccountControl', ULONG),
('WhichFields', ULONG),
('LogonHours', SAMPR_LOGON_HOURS),
('BadPasswordCount', USHORT),
('LogonCount', USHORT),
('CountryCode', USHORT),
('CodePage', USHORT),
('LmPasswordPresent', UCHAR),
('NtPasswordPresent', UCHAR),
('PasswordExpired', UCHAR),
('PrivateDataSensitive', UCHAR),
)
# 2.2.7.7 SAMPR_USER_GENERAL_INFORMATION
class SAMPR_USER_GENERAL_INFORMATION(NDRSTRUCT):
structure = (
('UserName', RPC_UNICODE_STRING),
('FullName', RPC_UNICODE_STRING),
('PrimaryGroupId', ULONG),
('AdminComment', RPC_UNICODE_STRING),
('UserComment', RPC_UNICODE_STRING),
)
# 2.2.7.8 SAMPR_USER_PREFERENCES_INFORMATION
class SAMPR_USER_PREFERENCES_INFORMATION(NDRSTRUCT):
structure = (
('UserComment', RPC_UNICODE_STRING),
('Reserved1', RPC_UNICODE_STRING),
('CountryCode', USHORT),
('CodePage', USHORT),
)
# 2.2.7.9 SAMPR_USER_PARAMETERS_INFORMATION
class SAMPR_USER_PARAMETERS_INFORMATION(NDRSTRUCT):
structure = (
('Parameters', RPC_UNICODE_STRING),
)
# 2.2.7.10 SAMPR_USER_LOGON_INFORMATION
class SAMPR_USER_LOGON_INFORMATION(NDRSTRUCT):
structure = (
('UserName', RPC_UNICODE_STRING),
('FullName', RPC_UNICODE_STRING),
('UserId', ULONG),
('PrimaryGroupId', ULONG),
('HomeDirectory', RPC_UNICODE_STRING),
('HomeDirectoryDrive', RPC_UNICODE_STRING),
('ScriptPath', RPC_UNICODE_STRING),
('ProfilePath', RPC_UNICODE_STRING),
('WorkStations', RPC_UNICODE_STRING),
('LastLogon', OLD_LARGE_INTEGER),
('LastLogoff', OLD_LARGE_INTEGER),
('PasswordLastSet', OLD_LARGE_INTEGER),
('PasswordCanChange', OLD_LARGE_INTEGER),
('PasswordMustChange', OLD_LARGE_INTEGER),
('LogonHours', SAMPR_LOGON_HOURS),
('BadPasswordCount', USHORT),
('LogonCount', USHORT),
('UserAccountControl', ULONG),
)
# 2.2.7.11 SAMPR_USER_ACCOUNT_INFORMATION
class SAMPR_USER_ACCOUNT_INFORMATION(NDRSTRUCT):
structure = (
('UserName', RPC_UNICODE_STRING),
('FullName', RPC_UNICODE_STRING),
('UserId', ULONG),
('PrimaryGroupId', ULONG),
('HomeDirectory', RPC_UNICODE_STRING),
('HomeDirectoryDrive', RPC_UNICODE_STRING),
('ScriptPath', RPC_UNICODE_STRING),
('ProfilePath', RPC_UNICODE_STRING),
('AdminComment', RPC_UNICODE_STRING),
('WorkStations', RPC_UNICODE_STRING),
('LastLogon', OLD_LARGE_INTEGER),
('LastLogoff', OLD_LARGE_INTEGER),
('LogonHours', SAMPR_LOGON_HOURS),
('BadPasswordCount', USHORT),
('LogonCount', USHORT),
('PasswordLastSet', OLD_LARGE_INTEGER),
('AccountExpires', OLD_LARGE_INTEGER),
('UserAccountControl', ULONG)
)
# 2.2.7.12 SAMPR_USER_A_NAME_INFORMATION
class SAMPR_USER_A_NAME_INFORMATION(NDRSTRUCT):
structure = (
('UserName', RPC_UNICODE_STRING),
)
# 2.2.7.13 SAMPR_USER_F_NAME_INFORMATION
class SAMPR_USER_F_NAME_INFORMATION(NDRSTRUCT):
structure = (
('FullName', RPC_UNICODE_STRING),
)
# 2.2.7.14 SAMPR_USER_NAME_INFORMATION
class SAMPR_USER_NAME_INFORMATION(NDRSTRUCT):
structure = (
('UserName', RPC_UNICODE_STRING),
('FullName', RPC_UNICODE_STRING),
)
# 2.2.7.15 SAMPR_USER_HOME_INFORMATION
class SAMPR_USER_HOME_INFORMATION(NDRSTRUCT):
structure = (
('HomeDirectory', RPC_UNICODE_STRING),
('HomeDirectoryDrive', RPC_UNICODE_STRING),
)
# 2.2.7.16 SAMPR_USER_SCRIPT_INFORMATION
class SAMPR_USER_SCRIPT_INFORMATION(NDRSTRUCT):
structure = (
('ScriptPath', RPC_UNICODE_STRING),
)
# 2.2.7.17 SAMPR_USER_PROFILE_INFORMATION
class SAMPR_USER_PROFILE_INFORMATION(NDRSTRUCT):
structure = (
('ProfilePath', RPC_UNICODE_STRING),
)
# 2.2.7.18 SAMPR_USER_ADMIN_COMMENT_INFORMATION
class SAMPR_USER_ADMIN_COMMENT_INFORMATION(NDRSTRUCT):
structure = (
('AdminComment', RPC_UNICODE_STRING),
)
# 2.2.7.19 SAMPR_USER_WORKSTATIONS_INFORMATION
class SAMPR_USER_WORKSTATIONS_INFORMATION(NDRSTRUCT):
structure = (
('WorkStations', RPC_UNICODE_STRING),
)
# 2.2.7.20 SAMPR_USER_LOGON_HOURS_INFORMATION
class SAMPR_USER_LOGON_HOURS_INFORMATION(NDRSTRUCT):
structure = (
('LogonHours', SAMPR_LOGON_HOURS),
)
# 2.2.7.21 SAMPR_ENCRYPTED_USER_PASSWORD
class SAMPR_USER_PASSWORD(NDRSTRUCT):
structure = (
('Buffer', '512s=b""'),
('Length', ULONG),
)
def getAlignment(self):
return 4
class SAMPR_ENCRYPTED_USER_PASSWORD(NDRSTRUCT):
structure = (
('Buffer', '516s=b""'),
)
def getAlignment(self):
return 1
class PSAMPR_ENCRYPTED_USER_PASSWORD(NDRPOINTER):
referent = (
('Data', SAMPR_ENCRYPTED_USER_PASSWORD),
)
# 2.2.7.22 SAMPR_ENCRYPTED_USER_PASSWORD_NEW
class SAMPR_ENCRYPTED_USER_PASSWORD_NEW(NDRSTRUCT):
structure = (
('Buffer', '532s=b""'),
)
def getAlignment(self):
return 1
# 2.2.7.23 SAMPR_USER_INTERNAL1_INFORMATION
class SAMPR_USER_INTERNAL1_INFORMATION(NDRSTRUCT):
structure = (
('EncryptedNtOwfPassword', ENCRYPTED_NT_OWF_PASSWORD),
('EncryptedLmOwfPassword', ENCRYPTED_LM_OWF_PASSWORD),
('NtPasswordPresent', UCHAR),
('LmPasswordPresent', UCHAR),
('PasswordExpired', UCHAR),
)
# 2.2.7.24 SAMPR_USER_INTERNAL4_INFORMATION
class SAMPR_USER_INTERNAL4_INFORMATION(NDRSTRUCT):
structure = (
('I1', SAMPR_USER_ALL_INFORMATION),
('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD),
)
# 2.2.7.25 SAMPR_USER_INTERNAL4_INFORMATION_NEW
class SAMPR_USER_INTERNAL4_INFORMATION_NEW(NDRSTRUCT):
structure = (
('I1', SAMPR_USER_ALL_INFORMATION),
('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD_NEW),
)
# 2.2.7.26 SAMPR_USER_INTERNAL5_INFORMATION
class SAMPR_USER_INTERNAL5_INFORMATION(NDRSTRUCT):
structure = (
('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD),
('PasswordExpired', UCHAR),
)
# 2.2.7.27 SAMPR_USER_INTERNAL5_INFORMATION_NEW
class SAMPR_USER_INTERNAL5_INFORMATION_NEW(NDRSTRUCT):
structure = (
('UserPassword', SAMPR_ENCRYPTED_USER_PASSWORD_NEW),
('PasswordExpired', UCHAR),
)
# 2.2.7.28 USER_INFORMATION_CLASS
class USER_INFORMATION_CLASS(NDRENUM):
class enumItems(Enum):
UserGeneralInformation = 1
UserPreferencesInformation = 2
UserLogonInformation = 3
UserLogonHoursInformation = 4
UserAccountInformation = 5
UserNameInformation = 6
UserAccountNameInformation = 7
UserFullNameInformation = 8
UserPrimaryGroupInformation = 9
UserHomeInformation = 10
UserScriptInformation = 11
UserProfileInformation = 12
UserAdminCommentInformation = 13
UserWorkStationsInformation = 14
UserControlInformation = 16
UserExpiresInformation = 17
UserInternal1Information = 18
UserParametersInformation = 20
UserAllInformation = 21
UserInternal4Information = 23
UserInternal5Information = 24
UserInternal4InformationNew = 25
UserInternal5InformationNew = 26
# 2.2.7.29 SAMPR_USER_INFO_BUFFER
class SAMPR_USER_INFO_BUFFER(NDRUNION):
union = {
USER_INFORMATION_CLASS.UserGeneralInformation : ('General', SAMPR_USER_GENERAL_INFORMATION),
USER_INFORMATION_CLASS.UserPreferencesInformation : ('Preferences', SAMPR_USER_PREFERENCES_INFORMATION),
USER_INFORMATION_CLASS.UserLogonInformation : ('Logon', SAMPR_USER_LOGON_INFORMATION),
USER_INFORMATION_CLASS.UserLogonHoursInformation : ('LogonHours', SAMPR_USER_LOGON_HOURS_INFORMATION),
USER_INFORMATION_CLASS.UserAccountInformation : ('Account', SAMPR_USER_ACCOUNT_INFORMATION),
USER_INFORMATION_CLASS.UserNameInformation : ('Name', SAMPR_USER_NAME_INFORMATION),
USER_INFORMATION_CLASS.UserAccountNameInformation : ('AccountName', SAMPR_USER_A_NAME_INFORMATION),
USER_INFORMATION_CLASS.UserFullNameInformation : ('FullName', SAMPR_USER_F_NAME_INFORMATION),
USER_INFORMATION_CLASS.UserPrimaryGroupInformation: ('PrimaryGroup', USER_PRIMARY_GROUP_INFORMATION),
USER_INFORMATION_CLASS.UserHomeInformation : ('Home', SAMPR_USER_HOME_INFORMATION),
USER_INFORMATION_CLASS.UserScriptInformation : ('Script', SAMPR_USER_SCRIPT_INFORMATION),
USER_INFORMATION_CLASS.UserProfileInformation : ('Profile', SAMPR_USER_PROFILE_INFORMATION),
USER_INFORMATION_CLASS.UserAdminCommentInformation: ('AdminComment', SAMPR_USER_ADMIN_COMMENT_INFORMATION),
USER_INFORMATION_CLASS.UserWorkStationsInformation: ('WorkStations', SAMPR_USER_WORKSTATIONS_INFORMATION),
USER_INFORMATION_CLASS.UserControlInformation : ('Control', USER_CONTROL_INFORMATION),
USER_INFORMATION_CLASS.UserExpiresInformation : ('Expires', USER_EXPIRES_INFORMATION),
USER_INFORMATION_CLASS.UserInternal1Information : ('Internal1', SAMPR_USER_INTERNAL1_INFORMATION),
USER_INFORMATION_CLASS.UserParametersInformation : ('Parameters', SAMPR_USER_PARAMETERS_INFORMATION ),
USER_INFORMATION_CLASS.UserAllInformation : ('All', SAMPR_USER_ALL_INFORMATION),
USER_INFORMATION_CLASS.UserInternal4Information : ('Internal4', SAMPR_USER_INTERNAL4_INFORMATION),
USER_INFORMATION_CLASS.UserInternal5Information : ('Internal5', SAMPR_USER_INTERNAL5_INFORMATION),
USER_INFORMATION_CLASS.UserInternal4InformationNew: ('Internal4New', SAMPR_USER_INTERNAL4_INFORMATION_NEW),
USER_INFORMATION_CLASS.UserInternal5InformationNew: ('Internal5New', SAMPR_USER_INTERNAL5_INFORMATION_NEW),
}
class PSAMPR_USER_INFO_BUFFER(NDRPOINTER):
referent = (
('Data', SAMPR_USER_INFO_BUFFER),
)
class PSAMPR_SERVER_NAME2(NDRPOINTER):
referent = (
('Data', '4s=b""'),
)
# 2.2.8.2 SAMPR_DOMAIN_DISPLAY_USER
class SAMPR_DOMAIN_DISPLAY_USER(NDRSTRUCT):
structure = (
('Index',ULONG),
('Rid',ULONG),
('AccountControl',ULONG),
('AccountName',RPC_UNICODE_STRING),
('AdminComment',RPC_UNICODE_STRING),
('FullName',RPC_UNICODE_STRING),
)
class SAMPR_DOMAIN_DISPLAY_USER_ARRAY(NDRUniConformantArray):
item = SAMPR_DOMAIN_DISPLAY_USER
class PSAMPR_DOMAIN_DISPLAY_USER_ARRAY(NDRPOINTER):
referent = (
('Data',SAMPR_DOMAIN_DISPLAY_USER_ARRAY),
)
# 2.2.8.3 SAMPR_DOMAIN_DISPLAY_MACHINE
class SAMPR_DOMAIN_DISPLAY_MACHINE(NDRSTRUCT):
structure = (
('Index',ULONG),
('Rid',ULONG),
('AccountControl',ULONG),
('AccountName',RPC_UNICODE_STRING),
('AdminComment',RPC_UNICODE_STRING),
)
class SAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY(NDRUniConformantArray):
item = SAMPR_DOMAIN_DISPLAY_MACHINE
class PSAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY(NDRPOINTER):
referent = (
('Data',SAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY),
)
# 2.2.8.4 SAMPR_DOMAIN_DISPLAY_GROUP
class SAMPR_DOMAIN_DISPLAY_GROUP(NDRSTRUCT):
structure = (
('Index',ULONG),
('Rid',ULONG),
('AccountControl',ULONG),
('AccountName',RPC_UNICODE_STRING),
('AdminComment',RPC_UNICODE_STRING),
)
class SAMPR_DOMAIN_DISPLAY_GROUP_ARRAY(NDRUniConformantArray):
item = SAMPR_DOMAIN_DISPLAY_GROUP
class PSAMPR_DOMAIN_DISPLAY_GROUP_ARRAY(NDRPOINTER):
referent = (
('Data',SAMPR_DOMAIN_DISPLAY_GROUP_ARRAY),
)
# 2.2.8.5 SAMPR_DOMAIN_DISPLAY_OEM_USER
class SAMPR_DOMAIN_DISPLAY_OEM_USER(NDRSTRUCT):
structure = (
('Index',ULONG),
('OemAccountName',RPC_STRING),
)
class SAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY(NDRUniConformantArray):
item = SAMPR_DOMAIN_DISPLAY_OEM_USER
class PSAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY(NDRPOINTER):
referent = (
('Data',SAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY),
)
# 2.2.8.6 SAMPR_DOMAIN_DISPLAY_OEM_GROUP
class SAMPR_DOMAIN_DISPLAY_OEM_GROUP(NDRSTRUCT):
structure = (
('Index',ULONG),
('OemAccountName',RPC_STRING),
)
class SAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY(NDRUniConformantArray):
item = SAMPR_DOMAIN_DISPLAY_OEM_GROUP
class PSAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY(NDRPOINTER):
referent = (
('Data',SAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY),
)
#2.2.8.7 SAMPR_DOMAIN_DISPLAY_USER_BUFFER
class SAMPR_DOMAIN_DISPLAY_USER_BUFFER(NDRSTRUCT):
structure = (
('EntriesRead', ULONG),
('Buffer', PSAMPR_DOMAIN_DISPLAY_USER_ARRAY),
)
# 2.2.8.8 SAMPR_DOMAIN_DISPLAY_MACHINE_BUFFER
class SAMPR_DOMAIN_DISPLAY_MACHINE_BUFFER(NDRSTRUCT):
structure = (
('EntriesRead', ULONG),
('Buffer', PSAMPR_DOMAIN_DISPLAY_MACHINE_ARRAY),
)
# 2.2.8.9 SAMPR_DOMAIN_DISPLAY_GROUP_BUFFER
class SAMPR_DOMAIN_DISPLAY_GROUP_BUFFER(NDRSTRUCT):
structure = (
('EntriesRead', ULONG),
('Buffer', PSAMPR_DOMAIN_DISPLAY_GROUP_ARRAY),
)
# 2.2.8.10 SAMPR_DOMAIN_DISPLAY_OEM_USER_BUFFER
class SAMPR_DOMAIN_DISPLAY_OEM_USER_BUFFER(NDRSTRUCT):
structure = (
('EntriesRead', ULONG),
('Buffer', PSAMPR_DOMAIN_DISPLAY_OEM_USER_ARRAY),
)
# 2.2.8.11 SAMPR_DOMAIN_DISPLAY_OEM_GROUP_BUFFER
class SAMPR_DOMAIN_DISPLAY_OEM_GROUP_BUFFER(NDRSTRUCT):
structure = (
('EntriesRead', ULONG),
('Buffer', PSAMPR_DOMAIN_DISPLAY_OEM_GROUP_ARRAY),
)
# 2.2.8.12 DOMAIN_DISPLAY_INFORMATION
class DOMAIN_DISPLAY_INFORMATION(NDRENUM):
class enumItems(Enum):
DomainDisplayUser = 1
DomainDisplayMachine = 2
DomainDisplayGroup = 3
DomainDisplayOemUser = 4
DomainDisplayOemGroup = 5
# 2.2.8.13 SAMPR_DISPLAY_INFO_BUFFER
class SAMPR_DISPLAY_INFO_BUFFER(NDRUNION):
union = {
DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser : ('UserInformation', SAMPR_DOMAIN_DISPLAY_USER_BUFFER),
DOMAIN_DISPLAY_INFORMATION.DomainDisplayMachine : ('MachineInformation', SAMPR_DOMAIN_DISPLAY_MACHINE_BUFFER),
DOMAIN_DISPLAY_INFORMATION.DomainDisplayGroup : ('GroupInformation', SAMPR_DOMAIN_DISPLAY_GROUP_BUFFER),
DOMAIN_DISPLAY_INFORMATION.DomainDisplayOemUser : ('OemUserInformation', SAMPR_DOMAIN_DISPLAY_OEM_USER_BUFFER),
DOMAIN_DISPLAY_INFORMATION.DomainDisplayOemGroup : ('OemGroupInformation', SAMPR_DOMAIN_DISPLAY_OEM_GROUP_BUFFER),
}
# 2.2.9.1 SAM_VALIDATE_PASSWORD_HASH
class SAM_VALIDATE_PASSWORD_HASH(NDRSTRUCT):
structure = (
('Length', ULONG),
('Hash', LPBYTE),
)
class PSAM_VALIDATE_PASSWORD_HASH(NDRPOINTER):
referent = (
('Data', SAM_VALIDATE_PASSWORD_HASH),
)
# 2.2.9.2 SAM_VALIDATE_PERSISTED_FIELDS
class SAM_VALIDATE_PERSISTED_FIELDS(NDRSTRUCT):
structure = (
('PresentFields', ULONG),
('PasswordLastSet', LARGE_INTEGER),
('BadPasswordTime', LARGE_INTEGER),
('LockoutTime', LARGE_INTEGER),
('BadPasswordCount', ULONG),
('PasswordHistoryLength', ULONG),
('PasswordHistory', PSAM_VALIDATE_PASSWORD_HASH),
)
# 2.2.9.3 SAM_VALIDATE_VALIDATION_STATUS
class SAM_VALIDATE_VALIDATION_STATUS(NDRENUM):
class enumItems(Enum):
SamValidateSuccess = 0
SamValidatePasswordMustChange = 1
SamValidateAccountLockedOut = 2
SamValidatePasswordExpired = 3
SamValidatePasswordIncorrect = 4
SamValidatePasswordIsInHistory = 5
SamValidatePasswordTooShort = 6
SamValidatePasswordTooLong = 7
SamValidatePasswordNotComplexEnough = 8
SamValidatePasswordTooRecent = 9
SamValidatePasswordFilterError = 10
# 2.2.9.4 SAM_VALIDATE_STANDARD_OUTPUT_ARG
class SAM_VALIDATE_STANDARD_OUTPUT_ARG(NDRSTRUCT):
structure = (
('ChangedPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS),
('ValidationStatus', SAM_VALIDATE_VALIDATION_STATUS),
)
class PSAM_VALIDATE_STANDARD_OUTPUT_ARG(NDRPOINTER):
referent = (
('Data', SAM_VALIDATE_STANDARD_OUTPUT_ARG),
)
# 2.2.9.5 SAM_VALIDATE_AUTHENTICATION_INPUT_ARG
class SAM_VALIDATE_AUTHENTICATION_INPUT_ARG(NDRSTRUCT):
structure = (
('InputPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS),
('PasswordMatched', UCHAR),
)
# 2.2.9.6 SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG
class SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG(NDRSTRUCT):
structure = (
('InputPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS),
('ClearPassword', RPC_UNICODE_STRING),
('UserAccountName', RPC_UNICODE_STRING),
('HashedPassword', SAM_VALIDATE_PASSWORD_HASH),
('PasswordMatch', UCHAR),
)
# 2.2.9.7 SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG
class SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG(NDRSTRUCT):
structure = (
('InputPersistedFields', SAM_VALIDATE_PERSISTED_FIELDS),
('ClearPassword', RPC_UNICODE_STRING),
('UserAccountName', RPC_UNICODE_STRING),
('HashedPassword', SAM_VALIDATE_PASSWORD_HASH),
('PasswordMustChangeAtNextLogon', UCHAR),
('ClearLockout', UCHAR),
)
# 2.2.9.8 PASSWORD_POLICY_VALIDATION_TYPE
class PASSWORD_POLICY_VALIDATION_TYPE(NDRENUM):
class enumItems(Enum):
SamValidateAuthentication = 1
SamValidatePasswordChange = 2
SamValidatePasswordReset = 3
# 2.2.9.9 SAM_VALIDATE_INPUT_ARG
class SAM_VALIDATE_INPUT_ARG(NDRUNION):
union = {
PASSWORD_POLICY_VALIDATION_TYPE.SamValidateAuthentication : ('ValidateAuthenticationInput', SAM_VALIDATE_AUTHENTICATION_INPUT_ARG),
PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordChange : ('ValidatePasswordChangeInput', SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG),
PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordReset : ('ValidatePasswordResetInput', SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG),
}
# 2.2.9.10 SAM_VALIDATE_OUTPUT_ARG
class SAM_VALIDATE_OUTPUT_ARG(NDRUNION):
union = {
PASSWORD_POLICY_VALIDATION_TYPE.SamValidateAuthentication : ('ValidateAuthenticationOutput', SAM_VALIDATE_STANDARD_OUTPUT_ARG),
PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordChange : ('ValidatePasswordChangeOutput', SAM_VALIDATE_STANDARD_OUTPUT_ARG),
PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordReset : ('ValidatePasswordResetOutput', SAM_VALIDATE_STANDARD_OUTPUT_ARG),
}
class PSAM_VALIDATE_OUTPUT_ARG(NDRPOINTER):
referent = (
('Data', SAM_VALIDATE_OUTPUT_ARG),
)
# 2.2.10 Supplemental Credentials Structures
# 2.2.10.1 USER_PROPERTIES
class USER_PROPERTIES(Structure):
structure = (
('Reserved1','<L=0'),
('Length','<L=0'),
('Reserved2','<H=0'),
('Reserved3','<H=0'),
('Reserved4','96s=""'),
('PropertySignature','<H=0x50'),
('PropertyCount','<H=0'),
('UserProperties',':'),
)
# 2.2.10.2 USER_PROPERTY
class USER_PROPERTY(Structure):
structure = (
('NameLength','<H=0'),
('ValueLength','<H=0'),
('Reserved','<H=0'),
('_PropertyName','_-PropertyName', "self['NameLength']"),
('PropertyName',':'),
('_PropertyValue','_-PropertyValue', "self['ValueLength']"),
('PropertyValue',':'),
)
# 2.2.10.3 Primary:WDigest - WDIGEST_CREDENTIALS
class WDIGEST_CREDENTIALS(Structure):
structure = (
('Reserved1','B=0'),
('Reserved2','B=0'),
('Version','B=1'),
('NumberOfHashes','B=29'),
('Reserved3','12s=""'),
('Hash1', '16s=""'),
('Hash2', '16s=""'),
('Hash3', '16s=""'),
('Hash4', '16s=""'),
('Hash5', '16s=""'),
('Hash6', '16s=""'),
('Hash7', '16s=""'),
('Hash8', '16s=""'),
('Hash9', '16s=""'),
('Hash10', '16s=""'),
('Hash11', '16s=""'),
('Hash12', '16s=""'),
('Hash13', '16s=""'),
('Hash14', '16s=""'),
('Hash15', '16s=""'),
('Hash16', '16s=""'),
('Hash17', '16s=""'),
('Hash18', '16s=""'),
('Hash19', '16s=""'),
('Hash20', '16s=""'),
('Hash21', '16s=""'),
('Hash22', '16s=""'),
('Hash23', '16s=""'),
('Hash24', '16s=""'),
('Hash25', '16s=""'),
('Hash26', '16s=""'),
('Hash27', '16s=""'),
('Hash28', '16s=""'),
('Hash29', '16s=""'),
)
# 2.2.10.5 KERB_KEY_DATA
class KERB_KEY_DATA(Structure):
structure = (
('Reserved1','<H=0'),
('Reserved2','<H=0'),
('Reserved3','<H=0'),
('KeyType','<L=0'),
('KeyLength','<L=0'),
('KeyOffset','<L=0'),
)
# 2.2.10.4 Primary:Kerberos - KERB_STORED_CREDENTIAL
class KERB_STORED_CREDENTIAL(Structure):
structure = (
('Revision','<H=3'),
('Flags','<H=0'),
('CredentialCount','<H=0'),
('OldCredentialCount','<H=0'),
('DefaultSaltLength','<H=0'),
('DefaultSaltMaximumLength','<H=0'),
('DefaultSaltOffset','<L=0'),
#('Credentials',':'),
#('OldCredentials',':'),
#('DefaultSalt',':'),
#('KeyValues',':'),
# All the preceding stuff inside this Buffer
('Buffer',':'),
)
# 2.2.10.7 KERB_KEY_DATA_NEW
class KERB_KEY_DATA_NEW(Structure):
structure = (
('Reserved1','<H=0'),
('Reserved2','<H=0'),
('Reserved3','<L=0'),
('IterationCount','<L=0'),
('KeyType','<L=0'),
('KeyLength','<L=0'),
('KeyOffset','<L=0'),
)
# 2.2.10.6 Primary:Kerberos-Newer-Keys - KERB_STORED_CREDENTIAL_NEW
class KERB_STORED_CREDENTIAL_NEW(Structure):
structure = (
('Revision','<H=4'),
('Flags','<H=0'),
('CredentialCount','<H=0'),
('ServiceCredentialCount','<H=0'),
('OldCredentialCount','<H=0'),
('OlderCredentialCount','<H=0'),
('DefaultSaltLength','<H=0'),
('DefaultSaltMaximumLength','<H=0'),
('DefaultSaltOffset','<L=0'),
('DefaultIterationCount','<L=0'),
#('Credentials',':'),
#('ServiceCredentials',':'),
#('OldCredentials',':'),
#('OlderCredentials',':'),
#('DefaultSalt',':'),
#('KeyValues',':'),
# All the preceding stuff inside this Buffer
('Buffer',':'),
)
################################################################################
# RPC CALLS
################################################################################
class SamrConnect(NDRCALL):
opnum = 0
structure = (
('ServerName',PSAMPR_SERVER_NAME2),
('DesiredAccess', ULONG),
)
class SamrConnectResponse(NDRCALL):
structure = (
('ServerHandle',SAMPR_HANDLE),
('ErrorCode',ULONG),
)
class SamrCloseHandle(NDRCALL):
opnum = 1
structure = (
('SamHandle',SAMPR_HANDLE),
('DesiredAccess', LONG),
)
class SamrCloseHandleResponse(NDRCALL):
structure = (
('SamHandle',SAMPR_HANDLE),
('ErrorCode',ULONG),
)
class SamrSetSecurityObject(NDRCALL):
opnum = 2
structure = (
('ObjectHandle',SAMPR_HANDLE),
('SecurityInformation', SECURITY_INFORMATION),
('SecurityDescriptor', SAMPR_SR_SECURITY_DESCRIPTOR),
)
class SamrSetSecurityObjectResponse(NDRCALL):
structure = (
('ErrorCode',ULONG),
)
class SamrQuerySecurityObject(NDRCALL):
opnum = 3
structure = (
('ObjectHandle',SAMPR_HANDLE),
('SecurityInformation', SECURITY_INFORMATION),
)
class SamrQuerySecurityObjectResponse(NDRCALL):
structure = (
('SecurityDescriptor',PSAMPR_SR_SECURITY_DESCRIPTOR),
('ErrorCode',ULONG),
)
class SamrLookupDomainInSamServer(NDRCALL):
opnum = 5
structure = (
('ServerHandle',SAMPR_HANDLE),
('Name', RPC_UNICODE_STRING),
)
class SamrLookupDomainInSamServerResponse(NDRCALL):
structure = (
('DomainId',PRPC_SID),
('ErrorCode',ULONG),
)
class SamrEnumerateDomainsInSamServer(NDRCALL):
opnum = 6
structure = (
('ServerHandle',SAMPR_HANDLE),
('EnumerationContext', ULONG),
('PreferedMaximumLength', ULONG),
)
class SamrEnumerateDomainsInSamServerResponse(NDRCALL):
structure = (
('EnumerationContext',ULONG),
('Buffer',PSAMPR_ENUMERATION_BUFFER),
('CountReturned',ULONG),
('ErrorCode',ULONG),
)
class SamrOpenDomain(NDRCALL):
opnum = 7
structure = (
('ServerHandle',SAMPR_HANDLE),
('DesiredAccess', ULONG),
('DomainId', RPC_SID),
)
class SamrOpenDomainResponse(NDRCALL):
structure = (
('DomainHandle',SAMPR_HANDLE),
('ErrorCode',ULONG),
)
class SamrQueryInformationDomain(NDRCALL):
opnum = 8
structure = (
('DomainHandle',SAMPR_HANDLE),
('DomainInformationClass', DOMAIN_INFORMATION_CLASS),
)
class SamrQueryInformationDomainResponse(NDRCALL):
structure = (
('Buffer',PSAMPR_DOMAIN_INFO_BUFFER),
('ErrorCode',ULONG),
)
class SamrSetInformationDomain(NDRCALL):
opnum = 9
structure = (
('DomainHandle',SAMPR_HANDLE),
('DomainInformationClass', DOMAIN_INFORMATION_CLASS),
('DomainInformation', SAMPR_DOMAIN_INFO_BUFFER),
)
class SamrSetInformationDomainResponse(NDRCALL):
structure = (
('ErrorCode',ULONG),
)
class SamrCreateGroupInDomain(NDRCALL):
opnum = 10
structure = (
('DomainHandle',SAMPR_HANDLE),
('Name', RPC_UNICODE_STRING),
('DesiredAccess', ULONG),
)
class SamrCreateGroupInDomainResponse(NDRCALL):
structure = (
('GroupHandle',SAMPR_HANDLE),
('RelativeId',ULONG),
('ErrorCode',ULONG),
)
class SamrEnumerateGroupsInDomain(NDRCALL):
opnum = 11
structure = (
('DomainHandle',SAMPR_HANDLE),
('EnumerationContext', ULONG),
('PreferedMaximumLength', ULONG),
)
class SamrCreateUserInDomain(NDRCALL):
opnum = 12
structure = (
('DomainHandle',SAMPR_HANDLE),
('Name', RPC_UNICODE_STRING),
('DesiredAccess', ULONG),
)
class SamrCreateUserInDomainResponse(NDRCALL):
structure = (
('UserHandle',SAMPR_HANDLE),
('RelativeId',ULONG),
('ErrorCode',ULONG),
)
class SamrEnumerateGroupsInDomainResponse(NDRCALL):
structure = (
('EnumerationContext',ULONG),
('Buffer',PSAMPR_ENUMERATION_BUFFER),
('CountReturned',ULONG),
('ErrorCode',ULONG),
)
class SamrEnumerateUsersInDomain(NDRCALL):
opnum = 13
structure = (
('DomainHandle',SAMPR_HANDLE),
('EnumerationContext', ULONG),
('UserAccountControl', ULONG),
('PreferedMaximumLength', ULONG),
)
class SamrEnumerateUsersInDomainResponse(NDRCALL):
structure = (
('EnumerationContext',ULONG),
('Buffer',PSAMPR_ENUMERATION_BUFFER),
('CountReturned',ULONG),
('ErrorCode',ULONG),
)
class SamrCreateAliasInDomain(NDRCALL):
opnum = 14
structure = (
('DomainHandle',SAMPR_HANDLE),
('AccountName', RPC_UNICODE_STRING),
('DesiredAccess', ULONG),
)
class SamrCreateAliasInDomainResponse(NDRCALL):
structure = (
('AliasHandle',SAMPR_HANDLE),
('RelativeId',ULONG),
('ErrorCode',ULONG),
)
class SamrEnumerateAliasesInDomain(NDRCALL):
opnum = 15
structure = (
('DomainHandle',SAMPR_HANDLE),
('EnumerationContext', ULONG),
('PreferedMaximumLength', ULONG),
)
class SamrEnumerateAliasesInDomainResponse(NDRCALL):
structure = (
('EnumerationContext',ULONG),
('Buffer',PSAMPR_ENUMERATION_BUFFER),
('CountReturned',ULONG),
('ErrorCode',ULONG),
)
class SamrGetAliasMembership(NDRCALL):
opnum = 16
structure = (
('DomainHandle',SAMPR_HANDLE),
('SidArray',SAMPR_PSID_ARRAY),
)
class SamrGetAliasMembershipResponse(NDRCALL):
structure = (
('Membership',SAMPR_ULONG_ARRAY),
('ErrorCode',ULONG),
)
class SamrLookupNamesInDomain(NDRCALL):
opnum = 17
structure = (
('DomainHandle',SAMPR_HANDLE),
('Count',ULONG),
('Names',RPC_UNICODE_STRING_ARRAY),
)
class SamrLookupNamesInDomainResponse(NDRCALL):
structure = (
('RelativeIds',SAMPR_ULONG_ARRAY),
('Use',SAMPR_ULONG_ARRAY),
('ErrorCode',ULONG),
)
class SamrLookupIdsInDomain(NDRCALL):
opnum = 18
structure = (
('DomainHandle',SAMPR_HANDLE),
('Count',ULONG),
('RelativeIds',ULONG_ARRAY_CV),
)
class SamrLookupIdsInDomainResponse(NDRCALL):
structure = (
('Names',SAMPR_RETURNED_USTRING_ARRAY),
('Use',SAMPR_ULONG_ARRAY),
('ErrorCode',ULONG),
)
class SamrOpenGroup(NDRCALL):
opnum = 19
structure = (
('DomainHandle',SAMPR_HANDLE),
('DesiredAccess', ULONG),
('GroupId', ULONG),
)
class SamrOpenGroupResponse(NDRCALL):
structure = (
('GroupHandle',SAMPR_HANDLE),
('ErrorCode',ULONG),
)
class SamrQueryInformationGroup(NDRCALL):
opnum = 20
structure = (
('GroupHandle',SAMPR_HANDLE),
('GroupInformationClass', GROUP_INFORMATION_CLASS),
)
class SamrQueryInformationGroupResponse(NDRCALL):
structure = (
('Buffer',PSAMPR_GROUP_INFO_BUFFER),
('ErrorCode',ULONG),
)
class SamrSetInformationGroup(NDRCALL):
opnum = 21
structure = (
('GroupHandle',SAMPR_HANDLE),
('GroupInformationClass', GROUP_INFORMATION_CLASS),
('Buffer', SAMPR_GROUP_INFO_BUFFER),
)
class SamrSetInformationGroupResponse(NDRCALL):
structure = (
('ErrorCode',ULONG),
)
class SamrAddMemberToGroup(NDRCALL):
opnum = 22
structure = (
('GroupHandle',SAMPR_HANDLE),
('MemberId', ULONG),
('Attributes', ULONG),
)
class SamrAddMemberToGroupResponse(NDRCALL):
structure = (
('ErrorCode',ULONG),
)
class SamrDeleteGroup(NDRCALL):
opnum = 23
structure = (
('GroupHandle',SAMPR_HANDLE),
)
class SamrDeleteGroupResponse(NDRCALL):
structure = (
('GroupHandle',SAMPR_HANDLE),
('ErrorCode',ULONG),
)
class SamrRemoveMemberFromGroup(NDRCALL):
opnum = 24
structure = (
('GroupHandle',SAMPR_HANDLE),
('MemberId', ULONG),
)
class SamrRemoveMemberFromGroupResponse(NDRCALL):
structure = (
('ErrorCode',ULONG),
)
class SamrGetMembersInGroup(NDRCALL):
opnum = 25
structure = (
('GroupHandle',SAMPR_HANDLE),
)
class SamrGetMembersInGroupResponse(NDRCALL):
structure = (
('Members',PSAMPR_GET_MEMBERS_BUFFER),
('ErrorCode',ULONG),
)
class SamrSetMemberAttributesOfGroup(NDRCALL):
opnum = 26
structure = (
('GroupHandle',SAMPR_HANDLE),
('MemberId',ULONG),
('Attributes',ULONG),
)
class SamrSetMemberAttributesOfGroupResponse(NDRCALL):
structure = (
('ErrorCode',ULONG),
)
class SamrOpenAlias(NDRCALL):
opnum = 27
structure = (
('DomainHandle',SAMPR_HANDLE),
('DesiredAccess', ULONG),
('AliasId', ULONG),
)
class SamrOpenAliasResponse(NDRCALL):
structure = (
('AliasHandle',SAMPR_HANDLE),
('ErrorCode',ULONG),
)
class SamrQueryInformationAlias(NDRCALL):
opnum = 28
structure = (
('AliasHandle',SAMPR_HANDLE),
('AliasInformationClass', ALIAS_INFORMATION_CLASS),
)
class SamrQueryInformationAliasResponse(NDRCALL):
structure = (
('Buffer',PSAMPR_ALIAS_INFO_BUFFER),
('ErrorCode',ULONG),
)
class SamrSetInformationAlias(NDRCALL):
opnum = 29
structure = (
('AliasHandle',SAMPR_HANDLE),
('AliasInformationClass', ALIAS_INFORMATION_CLASS),
('Buffer',SAMPR_ALIAS_INFO_BUFFER),
)
class SamrSetInformationAliasResponse(NDRCALL):
structure = (
('ErrorCode',ULONG),
)
class SamrDeleteAlias(NDRCALL):
opnum = 30
structure = (
('AliasHandle',SAMPR_HANDLE),
)
class SamrDeleteAliasResponse(NDRCALL):
structure = (
('AliasHandle',SAMPR_HANDLE),
('ErrorCode',ULONG),
)
class SamrAddMemberToAlias(NDRCALL):
opnum = 31
structure = (
('AliasHandle',SAMPR_HANDLE),
('MemberId', RPC_SID),
)
class SamrAddMemberToAliasResponse(NDRCALL):
structure = (
('ErrorCode',ULONG),
)
class SamrRemoveMemberFromAlias(NDRCALL):
opnum = 32
structure = (
('AliasHandle',SAMPR_HANDLE),
('MemberId', RPC_SID),
)
class SamrRemoveMemberFromAliasResponse(NDRCALL):
structure = (
('ErrorCode',ULONG),
)
class SamrGetMembersInAlias(NDRCALL):
opnum = 33
structure = (
('AliasHandle',SAMPR_HANDLE),
)
class SamrGetMembersInAliasResponse(NDRCALL):
structure = (
('Members',SAMPR_PSID_ARRAY_OUT),
('ErrorCode',ULONG),
)
class SamrOpenUser(NDRCALL):
opnum = 34
structure = (
('DomainHandle',SAMPR_HANDLE),
('DesiredAccess', ULONG),
('UserId', ULONG),
)
class SamrOpenUserResponse(NDRCALL):
structure = (
('UserHandle',SAMPR_HANDLE),
('ErrorCode',ULONG),
)
class SamrDeleteUser(NDRCALL):
opnum = 35
structure = (
('UserHandle',SAMPR_HANDLE),
)
class SamrDeleteUserResponse(NDRCALL):
structure = (
('UserHandle',SAMPR_HANDLE),
('ErrorCode',ULONG),
)
class SamrQueryInformationUser(NDRCALL):
opnum = 36
structure = (
('UserHandle',SAMPR_HANDLE),
('UserInformationClass', USER_INFORMATION_CLASS ),
)
class SamrQueryInformationUserResponse(NDRCALL):
structure = (
('Buffer',PSAMPR_USER_INFO_BUFFER),
('ErrorCode',ULONG),
)
class SamrSetInformationUser(NDRCALL):
opnum = 37
structure = (
('UserHandle',SAMPR_HANDLE),
('UserInformationClass', USER_INFORMATION_CLASS ),
('Buffer',SAMPR_USER_INFO_BUFFER),
)
class SamrSetInformationUserResponse(NDRCALL):
structure = (
('ErrorCode',ULONG),
)
class SamrChangePasswordUser(NDRCALL):
opnum = 38
structure = (
('UserHandle',SAMPR_HANDLE),
('LmPresent', UCHAR ),
('OldLmEncryptedWithNewLm',PENCRYPTED_LM_OWF_PASSWORD),
('NewLmEncryptedWithOldLm',PENCRYPTED_LM_OWF_PASSWORD),
('NtPresent', UCHAR),
('OldNtEncryptedWithNewNt',PENCRYPTED_NT_OWF_PASSWORD),
('NewNtEncryptedWithOldNt',PENCRYPTED_NT_OWF_PASSWORD),
('NtCrossEncryptionPresent',UCHAR),
('NewNtEncryptedWithNewLm',PENCRYPTED_NT_OWF_PASSWORD),
('LmCrossEncryptionPresent',UCHAR),
('NewLmEncryptedWithNewNt',PENCRYPTED_NT_OWF_PASSWORD),
)
class SamrChangePasswordUserResponse(NDRCALL):
structure = (
('ErrorCode',ULONG),
)
class SamrGetGroupsForUser(NDRCALL):
opnum = 39
structure = (
('UserHandle',SAMPR_HANDLE),
)
class SamrGetGroupsForUserResponse(NDRCALL):
structure = (
('Groups',PSAMPR_GET_GROUPS_BUFFER),
('ErrorCode',ULONG),
)
class SamrQueryDisplayInformation(NDRCALL):
opnum = 40
structure = (
('DomainHandle',SAMPR_HANDLE),
('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION),
('Index', ULONG),
('EntryCount',ULONG),
('PreferredMaximumLength',ULONG),
)
class SamrQueryDisplayInformationResponse(NDRCALL):
structure = (
('TotalAvailable',ULONG),
('TotalReturned',ULONG),
('Buffer',SAMPR_DISPLAY_INFO_BUFFER),
('ErrorCode',ULONG),
)
class SamrGetDisplayEnumerationIndex(NDRCALL):
opnum = 41
structure = (
('DomainHandle',SAMPR_HANDLE),
('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION),
('Prefix', RPC_UNICODE_STRING),
)
class SamrGetDisplayEnumerationIndexResponse(NDRCALL):
structure = (
('Index',ULONG),
('ErrorCode',ULONG),
)
class SamrGetUserDomainPasswordInformation(NDRCALL):
opnum = 44
structure = (
('UserHandle',SAMPR_HANDLE),
)
class SamrGetUserDomainPasswordInformationResponse(NDRCALL):
structure = (
('PasswordInformation',USER_DOMAIN_PASSWORD_INFORMATION),
('ErrorCode',ULONG),
)
class SamrRemoveMemberFromForeignDomain(NDRCALL):
opnum = 45
structure = (
('DomainHandle',SAMPR_HANDLE),
('MemberSid', RPC_SID),
)
class SamrRemoveMemberFromForeignDomainResponse(NDRCALL):
structure = (
('ErrorCode',ULONG),
)
class SamrQueryInformationDomain2(NDRCALL):
opnum = 46
structure = (
('DomainHandle',SAMPR_HANDLE),
('DomainInformationClass', DOMAIN_INFORMATION_CLASS),
)
class SamrQueryInformationDomain2Response(NDRCALL):
structure = (
('Buffer',PSAMPR_DOMAIN_INFO_BUFFER),
('ErrorCode',ULONG),
)
class SamrQueryInformationUser2(NDRCALL):
opnum = 47
structure = (
('UserHandle',SAMPR_HANDLE),
('UserInformationClass', USER_INFORMATION_CLASS ),
)
class SamrQueryInformationUser2Response(NDRCALL):
structure = (
('Buffer',PSAMPR_USER_INFO_BUFFER),
('ErrorCode',ULONG),
)
class SamrQueryDisplayInformation2(NDRCALL):
opnum = 48
structure = (
('DomainHandle',SAMPR_HANDLE),
('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION),
('Index', ULONG),
('EntryCount',ULONG),
('PreferredMaximumLength',ULONG),
)
class SamrQueryDisplayInformation2Response(NDRCALL):
structure = (
('TotalAvailable',ULONG),
('TotalReturned',ULONG),
('Buffer',SAMPR_DISPLAY_INFO_BUFFER),
('ErrorCode',ULONG),
)
class SamrGetDisplayEnumerationIndex2(NDRCALL):
opnum = 49
structure = (
('DomainHandle',SAMPR_HANDLE),
('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION),
('Prefix', RPC_UNICODE_STRING),
)
class SamrGetDisplayEnumerationIndex2Response(NDRCALL):
structure = (
('Index',ULONG),
('ErrorCode',ULONG),
)
class SamrCreateUser2InDomain(NDRCALL):
opnum = 50
structure = (
('DomainHandle',SAMPR_HANDLE),
('Name', RPC_UNICODE_STRING),
('AccountType', ULONG),
('DesiredAccess', ULONG),
)
class SamrCreateUser2InDomainResponse(NDRCALL):
structure = (
('UserHandle',SAMPR_HANDLE),
('GrantedAccess',ULONG),
('RelativeId',ULONG),
('ErrorCode',ULONG),
)
class SamrQueryDisplayInformation3(NDRCALL):
opnum = 51
structure = (
('DomainHandle',SAMPR_HANDLE),
('DisplayInformationClass', DOMAIN_DISPLAY_INFORMATION),
('Index', ULONG),
('EntryCount',ULONG),
('PreferredMaximumLength',ULONG),
)
class SamrQueryDisplayInformation3Response(NDRCALL):
structure = (
('TotalAvailable',ULONG),
('TotalReturned',ULONG),
('Buffer',SAMPR_DISPLAY_INFO_BUFFER),
('ErrorCode',ULONG),
)
class SamrAddMultipleMembersToAlias(NDRCALL):
opnum = 52
structure = (
('AliasHandle',SAMPR_HANDLE),
('MembersBuffer', SAMPR_PSID_ARRAY),
)
class SamrAddMultipleMembersToAliasResponse(NDRCALL):
structure = (
('ErrorCode',ULONG),
)
class SamrRemoveMultipleMembersFromAlias(NDRCALL):
opnum = 53
structure = (
('AliasHandle',SAMPR_HANDLE),
('MembersBuffer', SAMPR_PSID_ARRAY),
)
class SamrRemoveMultipleMembersFromAliasResponse(NDRCALL):
structure = (
('ErrorCode',ULONG),
)
class SamrOemChangePasswordUser2(NDRCALL):
opnum = 54
structure = (
('ServerName', PRPC_STRING),
('UserName', RPC_STRING),
('NewPasswordEncryptedWithOldLm', PSAMPR_ENCRYPTED_USER_PASSWORD),
('OldLmOwfPasswordEncryptedWithNewLm', PENCRYPTED_LM_OWF_PASSWORD),
)
class SamrOemChangePasswordUser2Response(NDRCALL):
structure = (
('ErrorCode',ULONG),
)
class SamrUnicodeChangePasswordUser2(NDRCALL):
opnum = 55
structure = (
('ServerName', PRPC_UNICODE_STRING),
('UserName', RPC_UNICODE_STRING),
('NewPasswordEncryptedWithOldNt',PSAMPR_ENCRYPTED_USER_PASSWORD),
('OldNtOwfPasswordEncryptedWithNewNt',PENCRYPTED_NT_OWF_PASSWORD),
('LmPresent',UCHAR),
('NewPasswordEncryptedWithOldLm',PSAMPR_ENCRYPTED_USER_PASSWORD),
('OldLmOwfPasswordEncryptedWithNewNt',PENCRYPTED_LM_OWF_PASSWORD),
)
class SamrUnicodeChangePasswordUser2Response(NDRCALL):
structure = (
('ErrorCode',ULONG),
)
class SamrGetDomainPasswordInformation(NDRCALL):
opnum = 56
structure = (
#('BindingHandle',SAMPR_HANDLE),
('Unused', PRPC_UNICODE_STRING),
)
class SamrGetDomainPasswordInformationResponse(NDRCALL):
structure = (
('PasswordInformation',USER_DOMAIN_PASSWORD_INFORMATION),
('ErrorCode',ULONG),
)
class SamrConnect2(NDRCALL):
opnum = 57
structure = (
('ServerName',PSAMPR_SERVER_NAME),
('DesiredAccess', ULONG),
)
class SamrConnect2Response(NDRCALL):
structure = (
('ServerHandle',SAMPR_HANDLE),
('ErrorCode',ULONG),
)
class SamrSetInformationUser2(NDRCALL):
opnum = 58
structure = (
('UserHandle',SAMPR_HANDLE),
('UserInformationClass', USER_INFORMATION_CLASS),
('Buffer', SAMPR_USER_INFO_BUFFER),
)
class SamrSetInformationUser2Response(NDRCALL):
structure = (
('ErrorCode',ULONG),
)
class SamrConnect4(NDRCALL):
opnum = 62
structure = (
('ServerName',PSAMPR_SERVER_NAME),
('ClientRevision', ULONG),
('DesiredAccess', ULONG),
)
class SamrConnect4Response(NDRCALL):
structure = (
('ServerHandle',SAMPR_HANDLE),
('ErrorCode',ULONG),
)
class SamrConnect5(NDRCALL):
opnum = 64
structure = (
('ServerName',PSAMPR_SERVER_NAME),
('DesiredAccess', ULONG),
('InVersion', ULONG),
('InRevisionInfo',SAMPR_REVISION_INFO),
)
class SamrConnect5Response(NDRCALL):
structure = (
('OutVersion',ULONG),
('OutRevisionInfo',SAMPR_REVISION_INFO),
('ServerHandle',SAMPR_HANDLE),
('ErrorCode',ULONG),
)
class SamrRidToSid(NDRCALL):
opnum = 65
structure = (
('ObjectHandle',SAMPR_HANDLE),
('Rid', ULONG),
)
class SamrRidToSidResponse(NDRCALL):
structure = (
('Sid',PRPC_SID),
('ErrorCode',ULONG),
)
class SamrSetDSRMPassword(NDRCALL):
opnum = 66
structure = (
('Unused', PRPC_UNICODE_STRING),
('UserId',ULONG),
('EncryptedNtOwfPassword',PENCRYPTED_NT_OWF_PASSWORD),
)
class SamrSetDSRMPasswordResponse(NDRCALL):
structure = (
('ErrorCode',ULONG),
)
class SamrValidatePassword(NDRCALL):
opnum = 67
structure = (
('ValidationType', PASSWORD_POLICY_VALIDATION_TYPE),
('InputArg',SAM_VALIDATE_INPUT_ARG),
)
class SamrValidatePasswordResponse(NDRCALL):
structure = (
('OutputArg',PSAM_VALIDATE_OUTPUT_ARG),
('ErrorCode',ULONG),
)
################################################################################
# OPNUMs and their corresponding structures
################################################################################
OPNUMS = {
0 : (SamrConnect, SamrConnectResponse),
1 : (SamrCloseHandle, SamrCloseHandleResponse),
2 : (SamrSetSecurityObject, SamrSetSecurityObjectResponse),
3 : (SamrQuerySecurityObject, SamrQuerySecurityObjectResponse),
5 : (SamrLookupDomainInSamServer, SamrLookupDomainInSamServerResponse),
6 : (SamrEnumerateDomainsInSamServer, SamrEnumerateDomainsInSamServerResponse),
7 : (SamrOpenDomain, SamrOpenDomainResponse),
8 : (SamrQueryInformationDomain, SamrQueryInformationDomainResponse),
9 : (SamrSetInformationDomain, SamrSetInformationDomainResponse),
10 : (SamrCreateGroupInDomain, SamrCreateGroupInDomainResponse),
11 : (SamrEnumerateGroupsInDomain, SamrEnumerateGroupsInDomainResponse),
12 : (SamrCreateUserInDomain, SamrCreateUserInDomainResponse),
13 : (SamrEnumerateUsersInDomain, SamrEnumerateUsersInDomainResponse),
14 : (SamrCreateAliasInDomain, SamrCreateAliasInDomainResponse),
15 : (SamrEnumerateAliasesInDomain, SamrEnumerateAliasesInDomainResponse),
16 : (SamrGetAliasMembership, SamrGetAliasMembershipResponse),
17 : (SamrLookupNamesInDomain, SamrLookupNamesInDomainResponse),
18 : (SamrLookupIdsInDomain, SamrLookupIdsInDomainResponse),
19 : (SamrOpenGroup, SamrOpenGroupResponse),
20 : (SamrQueryInformationGroup, SamrQueryInformationGroupResponse),
21 : (SamrSetInformationGroup, SamrSetInformationGroupResponse),
22 : (SamrAddMemberToGroup, SamrAddMemberToGroupResponse),
23 : (SamrDeleteGroup, SamrDeleteGroupResponse),
24 : (SamrRemoveMemberFromGroup, SamrRemoveMemberFromGroupResponse),
25 : (SamrGetMembersInGroup, SamrGetMembersInGroupResponse),
26 : (SamrSetMemberAttributesOfGroup, SamrSetMemberAttributesOfGroupResponse),
27 : (SamrOpenAlias, SamrOpenAliasResponse),
28 : (SamrQueryInformationAlias, SamrQueryInformationAliasResponse),
29 : (SamrSetInformationAlias, SamrSetInformationAliasResponse),
30 : (SamrDeleteAlias, SamrDeleteAliasResponse),
31 : (SamrAddMemberToAlias, SamrAddMemberToAliasResponse),
32 : (SamrRemoveMemberFromAlias, SamrRemoveMemberFromAliasResponse),
33 : (SamrGetMembersInAlias, SamrGetMembersInAliasResponse),
34 : (SamrOpenUser, SamrOpenUserResponse),
35 : (SamrDeleteUser, SamrDeleteUserResponse),
36 : (SamrQueryInformationUser, SamrQueryInformationUserResponse),
37 : (SamrSetInformationUser, SamrSetInformationUserResponse),
38 : (SamrChangePasswordUser, SamrChangePasswordUserResponse),
39 : (SamrGetGroupsForUser, SamrGetGroupsForUserResponse),
40 : (SamrQueryDisplayInformation, SamrQueryDisplayInformationResponse),
41 : (SamrGetDisplayEnumerationIndex, SamrGetDisplayEnumerationIndexResponse),
44 : (SamrGetUserDomainPasswordInformation, SamrGetUserDomainPasswordInformationResponse),
45 : (SamrRemoveMemberFromForeignDomain, SamrRemoveMemberFromForeignDomainResponse),
46 : (SamrQueryInformationDomain2, SamrQueryInformationDomain2Response),
47 : (SamrQueryInformationUser2, SamrQueryInformationUser2Response),
48 : (SamrQueryDisplayInformation2, SamrQueryDisplayInformation2Response),
49 : (SamrGetDisplayEnumerationIndex2, SamrGetDisplayEnumerationIndex2Response),
50 : (SamrCreateUser2InDomain, SamrCreateUser2InDomainResponse),
51 : (SamrQueryDisplayInformation3, SamrQueryDisplayInformation3Response),
52 : (SamrAddMultipleMembersToAlias, SamrAddMultipleMembersToAliasResponse),
53 : (SamrRemoveMultipleMembersFromAlias, SamrRemoveMultipleMembersFromAliasResponse),
54 : (SamrOemChangePasswordUser2, SamrOemChangePasswordUser2Response),
55 : (SamrUnicodeChangePasswordUser2, SamrUnicodeChangePasswordUser2Response),
56 : (SamrGetDomainPasswordInformation, SamrGetDomainPasswordInformationResponse),
57 : (SamrConnect2, SamrConnect2Response),
58 : (SamrSetInformationUser2, SamrSetInformationUser2Response),
62 : (SamrConnect4, SamrConnect4Response),
64 : (SamrConnect5, SamrConnect5Response),
65 : (SamrRidToSid, SamrRidToSidResponse),
66 : (SamrSetDSRMPassword, SamrSetDSRMPasswordResponse),
67 : (SamrValidatePassword, SamrValidatePasswordResponse),
}
################################################################################
# HELPER FUNCTIONS
################################################################################
def hSamrConnect5(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED, inVersion=1, revision=3):
request = SamrConnect5()
request['ServerName'] = serverName
request['DesiredAccess'] = desiredAccess
request['InVersion'] = inVersion
request['InRevisionInfo']['tag'] = inVersion
request['InRevisionInfo']['V1']['Revision'] = revision
return dce.request(request)
def hSamrConnect4(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED, clientRevision=2):
request = SamrConnect4()
request['ServerName'] = serverName
request['DesiredAccess'] = desiredAccess
request['ClientRevision'] = clientRevision
return dce.request(request)
def hSamrConnect2(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED):
request = SamrConnect2()
request['ServerName'] = serverName
request['DesiredAccess'] = desiredAccess
return dce.request(request)
def hSamrConnect(dce, serverName='\x00', desiredAccess=MAXIMUM_ALLOWED):
request = SamrConnect()
request['ServerName'] = serverName
request['DesiredAccess'] = desiredAccess
return dce.request(request)
def hSamrOpenDomain(dce, serverHandle, desiredAccess=MAXIMUM_ALLOWED, domainId=NULL):
request = SamrOpenDomain()
request['ServerHandle'] = serverHandle
request['DesiredAccess'] = desiredAccess
request['DomainId'] = domainId
return dce.request(request)
def hSamrOpenGroup(dce, domainHandle, desiredAccess=MAXIMUM_ALLOWED, groupId=0):
request = SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = desiredAccess
request['GroupId'] = groupId
return dce.request(request)
def hSamrOpenAlias(dce, domainHandle, desiredAccess=MAXIMUM_ALLOWED, aliasId=0):
request = SamrOpenAlias()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = desiredAccess
request['AliasId'] = aliasId
return dce.request(request)
def hSamrOpenUser(dce, domainHandle, desiredAccess=MAXIMUM_ALLOWED, userId=0):
request = SamrOpenUser()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = desiredAccess
request['UserId'] = userId
return dce.request(request)
def hSamrEnumerateDomainsInSamServer(dce, serverHandle, enumerationContext=0, preferedMaximumLength=0xffffffff):
request = SamrEnumerateDomainsInSamServer()
request['ServerHandle'] = serverHandle
request['EnumerationContext'] = enumerationContext
request['PreferedMaximumLength'] = preferedMaximumLength
return dce.request(request)
def hSamrEnumerateGroupsInDomain(dce, domainHandle, enumerationContext=0, preferedMaximumLength=0xffffffff):
request = SamrEnumerateGroupsInDomain()
request['DomainHandle'] = domainHandle
request['EnumerationContext'] = enumerationContext
request['PreferedMaximumLength'] = preferedMaximumLength
return dce.request(request)
def hSamrEnumerateAliasesInDomain(dce, domainHandle, enumerationContext=0, preferedMaximumLength=0xffffffff):
request = SamrEnumerateAliasesInDomain()
request['DomainHandle'] = domainHandle
request['EnumerationContext'] = enumerationContext
request['PreferedMaximumLength'] = preferedMaximumLength
return dce.request(request)
def hSamrEnumerateUsersInDomain(dce, domainHandle, userAccountControl=USER_NORMAL_ACCOUNT, enumerationContext=0, preferedMaximumLength=0xffffffff):
request = SamrEnumerateUsersInDomain()
request['DomainHandle'] = domainHandle
request['UserAccountControl'] = userAccountControl
request['EnumerationContext'] = enumerationContext
request['PreferedMaximumLength'] = preferedMaximumLength
return dce.request(request)
def hSamrQueryDisplayInformation3(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, index=0, entryCount=0xffffffff, preferedMaximumLength=0xffffffff):
request = SamrQueryDisplayInformation3()
request['DomainHandle'] = domainHandle
request['DisplayInformationClass'] = displayInformationClass
request['Index'] = index
request['EntryCount'] = entryCount
request['PreferredMaximumLength'] = preferedMaximumLength
return dce.request(request)
def hSamrQueryDisplayInformation2(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, index=0, entryCount=0xffffffff, preferedMaximumLength=0xffffffff):
request = SamrQueryDisplayInformation2()
request['DomainHandle'] = domainHandle
request['DisplayInformationClass'] = displayInformationClass
request['Index'] = index
request['EntryCount'] = entryCount
request['PreferredMaximumLength'] = preferedMaximumLength
return dce.request(request)
def hSamrQueryDisplayInformation(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, index=0, entryCount=0xffffffff, preferedMaximumLength=0xffffffff):
request = SamrQueryDisplayInformation()
request['DomainHandle'] = domainHandle
request['DisplayInformationClass'] = displayInformationClass
request['Index'] = index
request['EntryCount'] = entryCount
request['PreferredMaximumLength'] = preferedMaximumLength
return dce.request(request)
def hSamrGetDisplayEnumerationIndex2(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, prefix=''):
request = SamrGetDisplayEnumerationIndex2()
request['DomainHandle'] = domainHandle
request['DisplayInformationClass'] = displayInformationClass
request['Prefix'] = prefix
return dce.request(request)
def hSamrGetDisplayEnumerationIndex(dce, domainHandle, displayInformationClass=DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, prefix=''):
request = SamrGetDisplayEnumerationIndex()
request['DomainHandle'] = domainHandle
request['DisplayInformationClass'] = displayInformationClass
request['Prefix'] = prefix
return dce.request(request)
def hSamrCreateGroupInDomain(dce, domainHandle, name, desiredAccess=GROUP_ALL_ACCESS):
request = SamrCreateGroupInDomain()
request['DomainHandle'] = domainHandle
request['Name'] = name
request['DesiredAccess'] = desiredAccess
return dce.request(request)
def hSamrCreateAliasInDomain(dce, domainHandle, accountName, desiredAccess=GROUP_ALL_ACCESS):
request = SamrCreateAliasInDomain()
request['DomainHandle'] = domainHandle
request['AccountName'] = accountName
request['DesiredAccess'] = desiredAccess
return dce.request(request)
def hSamrCreateUser2InDomain(dce, domainHandle, name, accountType=USER_NORMAL_ACCOUNT, desiredAccess=GROUP_ALL_ACCESS):
request = SamrCreateUser2InDomain()
request['DomainHandle'] = domainHandle
request['Name'] = name
request['AccountType'] = accountType
request['DesiredAccess'] = desiredAccess
return dce.request(request)
def hSamrCreateUserInDomain(dce, domainHandle, name, desiredAccess=GROUP_ALL_ACCESS):
request = SamrCreateUserInDomain()
request['DomainHandle'] = domainHandle
request['Name'] = name
request['DesiredAccess'] = desiredAccess
return dce.request(request)
def hSamrQueryInformationDomain(dce, domainHandle, domainInformationClass=DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2):
request = SamrQueryInformationDomain()
request['DomainHandle'] = domainHandle
request['DomainInformationClass'] = domainInformationClass
return dce.request(request)
def hSamrQueryInformationDomain2(dce, domainHandle, domainInformationClass=DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2):
request = SamrQueryInformationDomain2()
request['DomainHandle'] = domainHandle
request['DomainInformationClass'] = domainInformationClass
return dce.request(request)
def hSamrQueryInformationGroup(dce, groupHandle, groupInformationClass=GROUP_INFORMATION_CLASS.GroupGeneralInformation):
request = SamrQueryInformationGroup()
request['GroupHandle'] = groupHandle
request['GroupInformationClass'] = groupInformationClass
return dce.request(request)
def hSamrQueryInformationAlias(dce, aliasHandle, aliasInformationClass=ALIAS_INFORMATION_CLASS.AliasGeneralInformation):
request = SamrQueryInformationAlias()
request['AliasHandle'] = aliasHandle
request['AliasInformationClass'] = aliasInformationClass
return dce.request(request)
def hSamrQueryInformationUser2(dce, userHandle, userInformationClass=USER_INFORMATION_CLASS.UserGeneralInformation):
request = SamrQueryInformationUser2()
request['UserHandle'] = userHandle
request['UserInformationClass'] = userInformationClass
return dce.request(request)
def hSamrQueryInformationUser(dce, userHandle, userInformationClass=USER_INFORMATION_CLASS.UserGeneralInformation):
request = SamrQueryInformationUser()
request['UserHandle'] = userHandle
request['UserInformationClass'] = userInformationClass
return dce.request(request)
def hSamrSetInformationDomain(dce, domainHandle, domainInformation):
request = SamrSetInformationDomain()
request['DomainHandle'] = domainHandle
request['DomainInformationClass'] = domainInformation['tag']
request['DomainInformation'] = domainInformation
return dce.request(request)
def hSamrSetInformationGroup(dce, groupHandle, buffer):
request = SamrSetInformationGroup()
request['GroupHandle'] = groupHandle
request['GroupInformationClass'] = buffer['tag']
request['Buffer'] = buffer
return dce.request(request)
def hSamrSetInformationAlias(dce, aliasHandle, buffer):
request = SamrSetInformationAlias()
request['AliasHandle'] = aliasHandle
request['AliasInformationClass'] = buffer['tag']
request['Buffer'] = buffer
return dce.request(request)
def hSamrSetInformationUser2(dce, userHandle, buffer):
request = SamrSetInformationUser2()
request['UserHandle'] = userHandle
request['UserInformationClass'] = buffer['tag']
request['Buffer'] = buffer
return dce.request(request)
def hSamrSetInformationUser(dce, userHandle, buffer):
request = SamrSetInformationUser()
request['UserHandle'] = userHandle
request['UserInformationClass'] = buffer['tag']
request['Buffer'] = buffer
return dce.request(request)
def hSamrDeleteGroup(dce, groupHandle):
request = SamrDeleteGroup()
request['GroupHandle'] = groupHandle
return dce.request(request)
def hSamrDeleteAlias(dce, aliasHandle):
request = SamrDeleteAlias()
request['AliasHandle'] = aliasHandle
return dce.request(request)
def hSamrDeleteUser(dce, userHandle):
request = SamrDeleteUser()
request['UserHandle'] = userHandle
return dce.request(request)
def hSamrAddMemberToGroup(dce, groupHandle, memberId, attributes):
request = SamrAddMemberToGroup()
request['GroupHandle'] = groupHandle
request['MemberId'] = memberId
request['Attributes'] = attributes
return dce.request(request)
def hSamrRemoveMemberFromGroup(dce, groupHandle, memberId):
request = SamrRemoveMemberFromGroup()
request['GroupHandle'] = groupHandle
request['MemberId'] = memberId
return dce.request(request)
def hSamrGetMembersInGroup(dce, groupHandle):
request = SamrGetMembersInGroup()
request['GroupHandle'] = groupHandle
return dce.request(request)
def hSamrAddMemberToAlias(dce, aliasHandle, memberId):
request = SamrAddMemberToAlias()
request['AliasHandle'] = aliasHandle
request['MemberId'] = memberId
return dce.request(request)
def hSamrRemoveMemberFromAlias(dce, aliasHandle, memberId):
request = SamrRemoveMemberFromAlias()
request['AliasHandle'] = aliasHandle
request['MemberId'] = memberId
return dce.request(request)
def hSamrGetMembersInAlias(dce, aliasHandle):
request = SamrGetMembersInAlias()
request['AliasHandle'] = aliasHandle
return dce.request(request)
def hSamrRemoveMemberFromForeignDomain(dce, domainHandle, memberSid):
request = SamrRemoveMemberFromForeignDomain()
request['DomainHandle'] = domainHandle
request['MemberSid'] = memberSid
return dce.request(request)
def hSamrAddMultipleMembersToAlias(dce, aliasHandle, membersBuffer):
request = SamrAddMultipleMembersToAlias()
request['AliasHandle'] = aliasHandle
request['MembersBuffer'] = membersBuffer
request['MembersBuffer']['Count'] = len(membersBuffer['Sids'])
return dce.request(request)
def hSamrRemoveMultipleMembersFromAlias(dce, aliasHandle, membersBuffer):
request = SamrRemoveMultipleMembersFromAlias()
request['AliasHandle'] = aliasHandle
request['MembersBuffer'] = membersBuffer
request['MembersBuffer']['Count'] = len(membersBuffer['Sids'])
return dce.request(request)
def hSamrGetGroupsForUser(dce, userHandle):
request = SamrGetGroupsForUser()
request['UserHandle'] = userHandle
return dce.request(request)
def hSamrGetAliasMembership(dce, domainHandle, sidArray):
request = SamrGetAliasMembership()
request['DomainHandle'] = domainHandle
request['SidArray'] = sidArray
request['SidArray']['Count'] = len(sidArray['Sids'])
return dce.request(request)
def hSamrChangePasswordUser(dce, userHandle, oldPassword, newPassword):
request = SamrChangePasswordUser()
request['UserHandle'] = userHandle
from impacket import crypto, ntlm
oldPwdHashNT = ntlm.NTOWFv1(oldPassword)
newPwdHashNT = ntlm.NTOWFv1(newPassword)
newPwdHashLM = ntlm.LMOWFv1(newPassword)
request['LmPresent'] = 0
request['OldLmEncryptedWithNewLm'] = NULL
request['NewLmEncryptedWithOldLm'] = NULL
request['NtPresent'] = 1
request['OldNtEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(oldPwdHashNT, newPwdHashNT)
request['NewNtEncryptedWithOldNt'] = crypto.SamEncryptNTLMHash(newPwdHashNT, oldPwdHashNT)
request['NtCrossEncryptionPresent'] = 0
request['NewNtEncryptedWithNewLm'] = NULL
request['LmCrossEncryptionPresent'] = 1
request['NewLmEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(newPwdHashLM, newPwdHashNT)
return dce.request(request)
def hSamrUnicodeChangePasswordUser2(dce, serverName='\x00', userName='', oldPassword='', newPassword='', oldPwdHashLM = '', oldPwdHashNT = ''):
request = SamrUnicodeChangePasswordUser2()
request['ServerName'] = serverName
request['UserName'] = userName
try:
from Cryptodome.Cipher import ARC4
except Exception:
LOG.critical("Warning: You don't have any crypto installed. You need pycryptodomex")
LOG.critical("See https://pypi.org/project/pycryptodomex/")
from impacket import crypto, ntlm
if oldPwdHashLM == '' and oldPwdHashNT == '':
oldPwdHashLM = ntlm.LMOWFv1(oldPassword)
oldPwdHashNT = ntlm.NTOWFv1(oldPassword)
else:
# Let's convert the hashes to binary form, if not yet
try:
oldPwdHashLM = unhexlify(oldPwdHashLM)
except:
pass
try:
oldPwdHashNT = unhexlify(oldPwdHashNT)
except:
pass
newPwdHashNT = ntlm.NTOWFv1(newPassword)
samUser = SAMPR_USER_PASSWORD()
try:
samUser['Buffer'] = b'A'*(512-len(newPassword)*2) + newPassword.encode('utf-16le')
except UnicodeDecodeError:
import sys
samUser['Buffer'] = b'A'*(512-len(newPassword)*2) + newPassword.decode(sys.getfilesystemencoding()).encode('utf-16le')
samUser['Length'] = len(newPassword)*2
pwdBuff = samUser.getData()
rc4 = ARC4.new(oldPwdHashNT)
encBuf = rc4.encrypt(pwdBuff)
request['NewPasswordEncryptedWithOldNt']['Buffer'] = encBuf
request['OldNtOwfPasswordEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(oldPwdHashNT, newPwdHashNT)
request['LmPresent'] = 0
request['NewPasswordEncryptedWithOldLm'] = NULL
request['OldLmOwfPasswordEncryptedWithNewNt'] = NULL
return dce.request(request)
def hSamrLookupDomainInSamServer(dce, serverHandle, name):
request = SamrLookupDomainInSamServer()
request['ServerHandle'] = serverHandle
request['Name'] = name
return dce.request(request)
def hSamrSetSecurityObject(dce, objectHandle, securityInformation, securityDescriptor):
request = SamrSetSecurityObject()
request['ObjectHandle'] = objectHandle
request['SecurityInformation'] = securityInformation
request['SecurityDescriptor'] = securityDescriptor
return dce.request(request)
def hSamrQuerySecurityObject(dce, objectHandle, securityInformation):
request = SamrQuerySecurityObject()
request['ObjectHandle'] = objectHandle
request['SecurityInformation'] = securityInformation
return dce.request(request)
def hSamrCloseHandle(dce, samHandle):
request = SamrCloseHandle()
request['SamHandle'] = samHandle
return dce.request(request)
def hSamrSetMemberAttributesOfGroup(dce, groupHandle, memberId, attributes):
request = SamrSetMemberAttributesOfGroup()
request['GroupHandle'] = groupHandle
request['MemberId'] = memberId
request['Attributes'] = attributes
return dce.request(request)
def hSamrGetUserDomainPasswordInformation(dce, userHandle):
request = SamrGetUserDomainPasswordInformation()
request['UserHandle'] = userHandle
return dce.request(request)
def hSamrGetDomainPasswordInformation(dce):
request = SamrGetDomainPasswordInformation()
request['Unused'] = NULL
return dce.request(request)
def hSamrRidToSid(dce, objectHandle, rid):
request = SamrRidToSid()
request['ObjectHandle'] = objectHandle
request['Rid'] = rid
return dce.request(request)
def hSamrValidatePassword(dce, inputArg):
request = SamrValidatePassword()
request['ValidationType'] = inputArg['tag']
request['InputArg'] = inputArg
return dce.request(request)
def hSamrLookupNamesInDomain(dce, domainHandle, names):
request = SamrLookupNamesInDomain()
request['DomainHandle'] = domainHandle
request['Count'] = len(names)
for name in names:
entry = RPC_UNICODE_STRING()
entry['Data'] = name
request['Names'].append(entry)
request.fields['Names'].fields['MaximumCount'] = 1000
return dce.request(request)
def hSamrLookupIdsInDomain(dce, domainHandle, ids):
request = SamrLookupIdsInDomain()
request['DomainHandle'] = domainHandle
request['Count'] = len(ids)
for dId in ids:
entry = ULONG()
entry['Data'] = dId
request['RelativeIds'].append(entry)
request.fields['RelativeIds'].fields['MaximumCount'] = 1000
return dce.request(request)
def hSamrSetPasswordInternal4New(dce, userHandle, password):
request = SamrSetInformationUser2()
request['UserHandle'] = userHandle
request['UserInformationClass'] = USER_INFORMATION_CLASS.UserInternal4InformationNew
request['Buffer']['tag'] = USER_INFORMATION_CLASS.UserInternal4InformationNew
request['Buffer']['Internal4New']['I1']['WhichFields'] = 0x01000000 | 0x08000000
request['Buffer']['Internal4New']['I1']['UserName'] = NULL
request['Buffer']['Internal4New']['I1']['FullName'] = NULL
request['Buffer']['Internal4New']['I1']['HomeDirectory'] = NULL
request['Buffer']['Internal4New']['I1']['HomeDirectoryDrive'] = NULL
request['Buffer']['Internal4New']['I1']['ScriptPath'] = NULL
request['Buffer']['Internal4New']['I1']['ProfilePath'] = NULL
request['Buffer']['Internal4New']['I1']['AdminComment'] = NULL
request['Buffer']['Internal4New']['I1']['WorkStations'] = NULL
request['Buffer']['Internal4New']['I1']['UserComment'] = NULL
request['Buffer']['Internal4New']['I1']['Parameters'] = NULL
request['Buffer']['Internal4New']['I1']['LmOwfPassword']['Buffer'] = NULL
request['Buffer']['Internal4New']['I1']['NtOwfPassword']['Buffer'] = NULL
request['Buffer']['Internal4New']['I1']['PrivateData'] = NULL
request['Buffer']['Internal4New']['I1']['SecurityDescriptor']['SecurityDescriptor'] = NULL
request['Buffer']['Internal4New']['I1']['LogonHours']['LogonHours'] = NULL
request['Buffer']['Internal4New']['I1']['PasswordExpired'] = 1
#crypto
pwdbuff = password.encode("utf-16le")
bufflen = len(pwdbuff)
pwdbuff = pwdbuff.rjust(512, b'\0')
pwdbuff += struct.pack('<I', bufflen)
salt = os.urandom(16)
session_key = dce.get_rpc_transport().get_smb_connection().getSessionKey()
keymd = md5()
keymd.update(salt)
keymd.update(session_key)
key = keymd.digest()
cipher = ARC4.new(key)
buffercrypt = cipher.encrypt(pwdbuff) + salt
request['Buffer']['Internal4New']['UserPassword']['Buffer'] = buffercrypt
return dce.request(request)
Reference in New Issue View Git Blame Copy Permalink