summaryrefslogtreecommitdiff
path: root/source4/librpc/idl/netlogon.idl
diff options
context:
space:
mode:
Diffstat (limited to 'source4/librpc/idl/netlogon.idl')
-rw-r--r--source4/librpc/idl/netlogon.idl230
1 files changed, 166 insertions, 64 deletions
diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index 2298106851..d78c507c15 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -46,7 +46,7 @@ interface netlogon
[in,unique] [string,charset(UTF16)] uint16 *server_name,
[in] [string,charset(UTF16)] uint16 account_name[],
[in] [string,charset(UTF16)] uint16 workstation[],
- [out,unique] netr_UasInfo *info
+ [out,ref] netr_UasInfo *info
);
@@ -62,7 +62,7 @@ interface netlogon
[in,unique] [string,charset(UTF16)] uint16 *server_name,
[in] [string,charset(UTF16)] uint16 account_name[],
[in] [string,charset(UTF16)] uint16 workstation[],
- [out] netr_UasLogoffInfo info
+ [out,ref] netr_UasLogoffInfo *info
);
@@ -80,12 +80,24 @@ interface netlogon
but it doesn't look as though this structure is reflected at the
NDR level. Maybe it is left to the application to decode the bindata array.
*/
- typedef struct {
- uint16 size;
- uint16 length;
- [size_is(size/2),length_is(length/2)] uint16 *bindata;
+ typedef [public] struct {
+ dlong lockout_duration;
+ udlong reset_count;
+ uint32 bad_attempt_lockout;
+ uint32 dummy;
} netr_AcctLockStr;
+ /* - MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
+ * sets the NETLOGON_SERVER_TRUST_ACCOUNT user_flag
+ * - MSV1_0_UPDATE_LOGON_STATISTICS
+ * sets the logon time on network logon
+ * - MSV1_0_RETURN_USER_PARAMETERS
+ * sets the user parameters in the driveletter
+ * - MSV1_0_RETURN_PROFILE_PATH
+ * returns the profilepath in the driveletter and
+ * sets LOGON_PROFILE_PATH_RETURNED user_flag
+ */
+
typedef [public,bitmap32bit] bitmap {
MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = 0x00000002,
MSV1_0_UPDATE_LOGON_STATISTICS = 0x00000004,
@@ -143,11 +155,11 @@ interface netlogon
typedef [public,switch_type(netr_LogonInfoClass)] union {
[case(NetlogonInteractiveInformation)] netr_PasswordInfo *password;
[case(NetlogonNetworkInformation)] netr_NetworkInfo *network;
- [case(NetlogonServiceInformation)] netr_PasswordInfo *password;
- [case(NetlogonGenericInformation)] netr_GenericInfo *generic;
+ [case(NetlogonServiceInformation)] netr_PasswordInfo *password;
+ [case(NetlogonGenericInformation)] netr_GenericInfo *generic;
[case(NetlogonInteractiveTransitiveInformation)] netr_PasswordInfo *password;
[case(NetlogonNetworkTransitiveInformation)] netr_NetworkInfo *network;
- [case(NetlogonServiceTransitiveInformation)] netr_PasswordInfo *password;
+ [case(NetlogonServiceTransitiveInformation)] netr_PasswordInfo *password;
} netr_LogonLevel;
typedef [public,flag(NDR_PAHEX)] struct {
@@ -160,16 +172,17 @@ interface netlogon
/* Flags for user_flags below */
typedef [public,bitmap32bit] bitmap {
- NETLOGON_GUEST = 0x0001,
- NETLOGON_NOENCRYPTION = 0x0002,
- NETLOGON_CACHED_ACCOUNT = 0x0004,
- NETLOGON_USED_LM_PASSWORD = 0x0008,
- NETLOGON_EXTRA_SIDS = 0x0020,
- NETLOGON_SUBAUTH_SESSION_KEY = 0x0040,
- NETLOGON_SERVER_TRUST_ACCOUNT = 0x0080,
- NETLOGON_NTLMV2_ENABLED = 0x0100,
- NETLOGON_RESOURCE_GROUPS = 0x0200,
- NETLOGON_PROFILE_PATH_RETURNED = 0x0400
+ NETLOGON_GUEST = 0x00000001,
+ NETLOGON_NOENCRYPTION = 0x00000002,
+ NETLOGON_CACHED_ACCOUNT = 0x00000004,
+ NETLOGON_USED_LM_PASSWORD = 0x00000008,
+ NETLOGON_EXTRA_SIDS = 0x00000020,
+ NETLOGON_SUBAUTH_SESSION_KEY = 0x00000040,
+ NETLOGON_SERVER_TRUST_ACCOUNT = 0x00000080,
+ NETLOGON_NTLMV2_ENABLED = 0x00000100,
+ NETLOGON_RESOURCE_GROUPS = 0x00000200,
+ NETLOGON_PROFILE_PATH_RETURNED = 0x00000400,
+ NETLOGON_GRACE_LOGON = 0x01000000
} netr_UserFlags;
typedef struct {
@@ -291,7 +304,7 @@ interface netlogon
[in,unique] [string,charset(UTF16)] uint16 *computer_name,
[in,unique] netr_Authenticator *credential,
[in,out,unique] netr_Authenticator *return_authenticator,
- [in] uint16 logon_level,
+ [in] netr_LogonInfoClass logon_level,
[in] [switch_is(logon_level)] netr_LogonLevel logon
);
@@ -446,7 +459,7 @@ interface netlogon
NTTIME domain_create_time;
uint32 SecurityInformation;
sec_desc_buf sdbuf;
- netr_AcctLockStr account_lockout;
+ lsa_BinaryString account_lockout;
lsa_String unknown2;
lsa_String unknown3;
lsa_String unknown4;
@@ -797,20 +810,26 @@ interface netlogon
/*****************/
/* Function 0x0C */
+ typedef [bitmap32bit] bitmap {
+ NETLOGON_CTRL_REPL_NEEDED = 0x0001,
+ NETLOGON_CTRL_REPL_IN_PROGRESS = 0x0002,
+ NETLOGON_CTRL_REPL_FULL_SYNC = 0x0004
+ } netr_InfoFlags;
+
typedef struct {
- uint32 flags;
+ netr_InfoFlags flags;
uint32 pdc_connection_status;
} netr_NETLOGON_INFO_1;
typedef struct {
- uint32 flags;
+ netr_InfoFlags flags;
uint32 pdc_connection_status;
[string,charset(UTF16)] uint16 trusted_dc_name[];
uint32 tc_connection_status;
} netr_NETLOGON_INFO_2;
typedef struct {
- uint32 flags;
+ netr_InfoFlags flags;
uint32 logon_attempts;
uint32 unknown1;
uint32 unknown2;
@@ -827,6 +846,7 @@ interface netlogon
/* function_code values */
typedef [v1_enum] enum {
+ NETLOGON_CONTROL_SYNC = 2,
NETLOGON_CONTROL_REDISCOVER = 5,
NETLOGON_CONTROL_TC_QUERY = 6,
NETLOGON_CONTROL_TRANSPORT_NOTIFY = 7,
@@ -863,30 +883,54 @@ interface netlogon
WERROR netr_LogonControl2(
[in,unique] [string,charset(UTF16)] uint16 *logon_server,
- [in] uint32 function_code,
+ [in] netr_LogonControlCode function_code,
[in] uint32 level,
[in][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION data,
[out][switch_is(level)] netr_CONTROL_QUERY_INFORMATION query
);
- /* If this flag is not set, then the passwords and LM session keys are
- * encrypted with DES calls. (And the user session key is
- * unencrypted) */
- const int NETLOGON_NEG_ARCFOUR = 0x00000004;
- const int NETLOGON_NEG_128BIT = 0x00004000;
- const int NETLOGON_NEG_SCHANNEL = 0x40000000;
+ /* If NETLOGON_NEG_ARCFOUR flag is not set, then the passwords and LM
+ * session keys are encrypted with DES calls. (And the user session key
+ * is unencrypted) */
/*****************/
/* Function 0x0F */
+ typedef [bitmap32bit] bitmap {
+ NETLOGON_NEG_ACCOUNT_LOCKOUT = 0x00000001,
+ NETLOGON_NEG_PERSISTENT_SAMREPL = 0x00000002,
+ NETLOGON_NEG_ARCFOUR = 0x00000004,
+ NETLOGON_NEG_PROMOTION_COUNT = 0x00000008,
+ NETLOGON_NEG_CHANGELOG_BDC = 0x00000010,
+ NETLOGON_NEG_FULL_SYNC_REPL = 0x00000020,
+ NETLOGON_NEG_MULTIPLE_SIDS = 0x00000040,
+ NETLOGON_NEG_REDO = 0x00000080,
+ NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL = 0x00000100,
+ NETLOGON_NEG_SEND_PASSWORD_INFO_PDC = 0x00000200,
+ NETLOGON_NEG_GENERIC_PASSTHROUGH = 0x00000400,
+ NETLOGON_NEG_CONCURRENT_RPC = 0x00000800,
+ NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL = 0x00001000,
+ NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL = 0x00002000,
+ NETLOGON_NEG_128BIT = 0x00004000, /* STRONG_KEYS */
+ NETLOGON_NEG_TRANSITIVE_TRUSTS = 0x00008000,
+ NETLOGON_NEG_DNS_DOMAIN_TRUSTS = 0x00010000,
+ NETLOGON_NEG_PASSWORD_SET2 = 0x00020000,
+ NETLOGON_NEG_GETDOMAININFO = 0x00040000,
+ NETLOGON_NEG_CROSS_FOREST_TRUSTS = 0x00080000,
+ NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION = 0x00100000,
+ NETLOGON_NEG_RODC_PASSTHROUGH = 0x00200000,
+ NETLOGON_NEG_AUTHENTICATED_RPC_LSASS = 0x20000000,
+ NETLOGON_NEG_SCHANNEL = 0x40000000 /* AUTHENTICATED_RPC */
+ } netr_NegotiateFlags;
+
NTSTATUS netr_ServerAuthenticate2(
[in,unique] [string,charset(UTF16)] uint16 *server_name,
[in] [string,charset(UTF16)] uint16 account_name[],
[in] netr_SchannelType secure_channel_type,
[in] [string,charset(UTF16)] uint16 computer_name[],
[in,out,ref] netr_Credential *credentials,
- [in,out,ref] uint32 *negotiate_flags
+ [in,out,ref] netr_NegotiateFlags *negotiate_flags
);
@@ -948,8 +992,25 @@ interface netlogon
/*****************/
/* Function 0x14 */
- /* two unkown bits still: DS_IP_VERSION_AGNOSTIC and
- * DS_TRY_NEXTCLOSEST_SITE - Guenther */
+ /* one unkown bit still: DS_IP_VERSION_AGNOSTIC - gd*/
+
+ const int DSGETDC_VALID_FLAGS = (DS_FORCE_REDISCOVERY |
+ DS_DIRECTORY_SERVICE_REQUIRED |
+ DS_DIRECTORY_SERVICE_PREFERRED |
+ DS_GC_SERVER_REQUIRED |
+ DS_PDC_REQUIRED |
+ DS_BACKGROUND_ONLY |
+ DS_IP_REQUIRED |
+ DS_KDC_REQUIRED |
+ DS_TIMESERV_REQUIRED |
+ DS_WRITABLE_REQUIRED |
+ DS_GOOD_TIMESERV_PREFERRED |
+ DS_AVOID_SELF |
+ DS_ONLY_LDAP_NEEDED |
+ DS_IS_FLAT_NAME |
+ DS_IS_DNS_NAME |
+ DS_RETURN_FLAT_NAME |
+ DS_RETURN_DNS_NAME);
typedef [bitmap32bit] bitmap {
DS_FORCE_REDISCOVERY = 0x00000001,
@@ -967,6 +1028,8 @@ interface netlogon
DS_ONLY_LDAP_NEEDED = 0x00008000,
DS_IS_FLAT_NAME = 0x00010000,
DS_IS_DNS_NAME = 0x00020000,
+ DS_TRY_NEXTCLOSEST_SITE = 0x00040000,
+ DS_DIRECTORY_SERVICE_6_REQUIRED = 0x00080000,
DS_RETURN_DNS_NAME = 0x40000000,
DS_RETURN_FLAT_NAME = 0x80000000
} netr_DsRGetDCName_flags;
@@ -977,19 +1040,21 @@ interface netlogon
} netr_DsRGetDCNameInfo_AddressType;
typedef [bitmap32bit] bitmap {
- DS_SERVER_PDC = NBT_SERVER_PDC,
- DS_SERVER_GC = NBT_SERVER_GC,
- DS_SERVER_LDAP = NBT_SERVER_LDAP,
- DS_SERVER_DS = NBT_SERVER_DS,
- DS_SERVER_KDC = NBT_SERVER_KDC,
- DS_SERVER_TIMESERV = NBT_SERVER_TIMESERV,
- DS_SERVER_CLOSEST = NBT_SERVER_CLOSEST,
- DS_SERVER_WRITABLE = NBT_SERVER_WRITABLE,
- DS_SERVER_GOOD_TIMESERV = NBT_SERVER_GOOD_TIMESERV,
- DS_SERVER_NDNC = 0x00000400,
- DS_DNS_CONTROLLER = 0x20000000,
- DS_DNS_DOMAIN = 0x40000000,
- DS_DNS_FOREST = 0x80000000
+ DS_SERVER_PDC = NBT_SERVER_PDC,
+ DS_SERVER_GC = NBT_SERVER_GC,
+ DS_SERVER_LDAP = NBT_SERVER_LDAP,
+ DS_SERVER_DS = NBT_SERVER_DS,
+ DS_SERVER_KDC = NBT_SERVER_KDC,
+ DS_SERVER_TIMESERV = NBT_SERVER_TIMESERV,
+ DS_SERVER_CLOSEST = NBT_SERVER_CLOSEST,
+ DS_SERVER_WRITABLE = NBT_SERVER_WRITABLE,
+ DS_SERVER_GOOD_TIMESERV = NBT_SERVER_GOOD_TIMESERV,
+ DS_SERVER_NDNC = NBT_SERVER_NDNC,
+ DS_SERVER_SELECT_SECRET_DOMAIN_6 = NBT_SERVER_SELECT_SECRET_DOMAIN_6,
+ DS_SERVER_FULL_SECRET_DOMAIN_6 = NBT_SERVER_FULL_SECRET_DOMAIN_6,
+ DS_DNS_CONTROLLER = 0x20000000,
+ DS_DNS_DOMAIN = 0x40000000,
+ DS_DNS_FOREST = 0x80000000
} netr_DsR_DcFlags;
typedef struct {
@@ -1040,12 +1105,12 @@ interface netlogon
/****************/
/* Function 0x1a */
[public] NTSTATUS netr_ServerAuthenticate3(
- [in,unique] [string,charset(UTF16)] uint16 *server_name,
+ [in,unique] [string,charset(UTF16)] uint16 *server_name,
[in] [string,charset(UTF16)] uint16 account_name[],
[in] netr_SchannelType secure_channel_type,
[in] [string,charset(UTF16)] uint16 computer_name[],
[in,out,ref] netr_Credential *credentials,
- [in,out,ref] uint32 *negotiate_flags,
+ [in,out,ref] netr_NegotiateFlags *negotiate_flags,
[out,ref] uint32 *rid
);
@@ -1070,6 +1135,16 @@ interface netlogon
/****************/
/* Function 0x1d */
+ typedef [bitmap32bit] bitmap {
+ NETR_TRUST_FLAG_IN_FOREST = 0x00000001,
+ NETR_TRUST_FLAG_OUTBOUND = 0x00000002,
+ NETR_TRUST_FLAG_TREEROOT = 0x00000004,
+ NETR_TRUST_FLAG_PRIMARY = 0x00000008,
+ NETR_TRUST_FLAG_NATIVE = 0x00000010,
+ NETR_TRUST_FLAG_INBOUND = 0x00000020,
+ NETR_TRUST_FLAG_MIT_KRB5 = 0x00000080,
+ NETR_TRUST_FLAG_AES = 0x00000100
+ } netr_TrustFlags;
typedef [flag(NDR_PAHEX)] struct {
uint16 length;
@@ -1098,25 +1173,60 @@ interface netlogon
} netr_DomainQuery;
typedef struct {
+ /* these first 3 values come from the fact windows
+ actually encodes this structure as a UNICODE_STRING
+ - see MS-NRPC section 2.2.1.3.9 */
+ [value(8)] uint32 length;
+ [value(0)] uint32 dummy;
+ [value(8)] uint32 size;
+ netr_TrustFlags flags;
+ uint32 parent_index;
+ uint32 trust_type;
+ uint32 trust_attributes;
+ } netr_trust_extension;
+
+ typedef struct {
+ uint16 length; /* value is 16 when info != NULL, otherwise 0 */
+ [value(length)] uint16 size; /* value is 16 when info != NULL, otherwise 0 */
+ netr_trust_extension *info;
+ } netr_trust_extension_container;
+
+ typedef struct {
lsa_String domainname;
lsa_String fulldomainname;
lsa_String forest;
GUID guid;
dom_sid2 *sid;
- netr_BinaryString unknown1[4];
- uint32 unknown[4];
+ netr_trust_extension_container trust_extension;
+ lsa_String dummystring[3];
+ uint32 dummy[4];
} netr_DomainTrustInfo;
typedef struct {
+ uint32 policy_size;
+ [size_is(policy_size)] uint8 *policy;
+ } netr_LsaPolicyInfo;
+
+ typedef [public,bitmap32bit] bitmap {
+ NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS = 0x00000001,
+ NETR_WS_FLAG_HANDLES_SPN_UPDATE = 0x00000002
+ } netr_WorkstationFlags;
+
+ typedef struct {
netr_DomainTrustInfo domaininfo;
uint32 num_trusts;
[size_is(num_trusts)] netr_DomainTrustInfo *trusts;
- uint32 unknown[14]; /* room for expansion? */
+ netr_LsaPolicyInfo lsa_policy;
+ lsa_String dns_hostname;
+ lsa_String dummystring[3];
+ netr_WorkstationFlags workstation_flags;
+ uint32 supported_enc_types;
+ uint32 dummy[2];
} netr_DomainInfo1;
typedef union {
[case(1)] netr_DomainInfo1 *info1;
- [case(2)] netr_DomainInfo1 *info1;
+ [case(2)] netr_DomainInfo1 *info2;
} netr_DomainInfo;
NTSTATUS netr_LogonGetDomainInfo(
@@ -1200,14 +1310,6 @@ interface netlogon
/****************/
/* Function 0x24 */
- typedef [bitmap32bit] bitmap {
- NETR_TRUST_FLAG_IN_FOREST = 0x00000001,
- NETR_TRUST_FLAG_OUTBOUND = 0x00000002,
- NETR_TRUST_FLAG_TREEROOT = 0x00000004,
- NETR_TRUST_FLAG_PRIMARY = 0x00000008,
- NETR_TRUST_FLAG_NATIVE = 0x00000010,
- NETR_TRUST_FLAG_INBOUND = 0x00000020
- } netr_TrustFlags;
typedef [v1_enum] enum {
NETR_TRUST_TYPE_DOWNLEVEL = 1,
@@ -1280,7 +1382,7 @@ interface netlogon
NTSTATUS netr_LogonSamLogonEx(
[in,unique] [string,charset(UTF16)] uint16 *server_name,
[in,unique] [string,charset(UTF16)] uint16 *computer_name,
- [in] uint16 logon_level,
+ [in] netr_LogonInfoClass logon_level,
[in] [switch_is(logon_level)] netr_LogonLevel logon,
[in] uint16 validation_level,
[out] [switch_is(validation_level)] netr_Validation validation,
@@ -1312,7 +1414,7 @@ interface netlogon
/****************/
/* Function 0x2a */
NTSTATUS netr_ServerTrustPasswordsGet(
- [in,unique] [string,charset(UTF16)] uint16 *server_name,
+ [in,unique] [string,charset(UTF16)] uint16 *server_name,
[in] [string,charset(UTF16)] uint16 account_name[],
[in] netr_SchannelType secure_channel_type,
[in] [string,charset(UTF16)] uint16 computer_name[],
@@ -1354,7 +1456,7 @@ interface netlogon
[in,unique] [string,charset(UTF16)] uint16 *computer_name,
[in,unique] netr_Authenticator *credential,
[in,out,unique] netr_Authenticator *return_authenticator,
- [in] uint16 logon_level,
+ [in] netr_LogonInfoClass logon_level,
[in] [switch_is(logon_level)] netr_LogonLevel logon,
[in] uint16 validation_level,
[out] [switch_is(validation_level)] netr_Validation validation,
generated by cgit (git 2.34.1) at 2025-03-02 00:01:34 +0000