summaryrefslogtreecommitdiffstats
path: root/epan/dissectors/pidl/samr
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-09-19 04:14:53 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-09-19 04:14:53 +0000
commita86c5f7cae7ec9a3398300555a0b644689d946a1 (patch)
tree39fe4b107c71174fd1e8a8ceb9a4d2aa14116248 /epan/dissectors/pidl/samr
parentReleasing progress-linux version 4.2.6-1~progress7.99u1. (diff)
downloadwireshark-a86c5f7cae7ec9a3398300555a0b644689d946a1.tar.xz
wireshark-a86c5f7cae7ec9a3398300555a0b644689d946a1.zip
Merging upstream version 4.4.0.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'epan/dissectors/pidl/samr')
-rw-r--r--epan/dissectors/pidl/samr/samr.cnf53
-rw-r--r--epan/dissectors/pidl/samr/samr.idl230
2 files changed, 222 insertions, 61 deletions
diff --git a/epan/dissectors/pidl/samr/samr.cnf b/epan/dissectors/pidl/samr/samr.cnf
index 07ca73de..98cf86cd 100644
--- a/epan/dissectors/pidl/samr/samr.cnf
+++ b/epan/dissectors/pidl/samr/samr.cnf
@@ -154,6 +154,7 @@ TYPE lsa_String "offset=dissect_ndr_lsa_String(tvb, offset, pinfo, tree, di, dre
TYPE lsa_AsciiString "offset=cnf_dissect_lsa_AsciiString(tvb, offset, pinfo, tree, di, drep, @PARAM@, @HF@);" FT_STRING BASE_NONE 0 NULL 5
TYPE lsa_StringLarge "offset=dissect_ndr_lsa_String(tvb, offset, pinfo, tree, di, drep, @PARAM@, @HF@);" FT_STRING BASE_NONE 0 NULL 5
TYPE lsa_AsciiStringLarge "offset=cnf_dissect_lsa_AsciiString(tvb, offset, pinfo, tree, di, drep, @PARAM@, @HF@);" FT_STRING BASE_NONE 0 NULL 5
+TYPE lsa_BinaryString "offset=lsarpc_dissect_struct_lsa_BinaryString(tvb, offset, pinfo, tree, di, drep, @HF@, @PARAM@);" FT_STRING BASE_NONE 0 NULL 5
TYPE hyper "offset=cnf_dissect_hyper(tvb, offset, pinfo, tree, di, drep, @PARAM@, @HF@);" FT_UINT64 BASE_DEC 0 NULL 8
@@ -209,7 +210,7 @@ HF_RENAME hf_samr_samr_OpenAlias_access_mask hf_samr_alias_access_mask
CODE START
static void
-samr_connect_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
+samr_connect_specific_rights(tvbuff_t *tvb, int offset, proto_tree *tree, uint32_t access)
{
static int* const access_flags[] = {
&hf_samr_samr_ConnectAccessMask_SAMR_ACCESS_LOOKUP_DOMAIN,
@@ -224,7 +225,7 @@ samr_connect_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint
proto_tree_add_bitmask_list_value(tree, tvb, offset, 4, access_flags, access);
}
-struct access_mask_info samr_connect_access_mask_info = {
+static struct access_mask_info samr_connect_access_mask_info = {
"SAMR Connect", /* Name of specific rights */
samr_connect_specific_rights, /* Dissection function */
NULL, /* Generic mapping table */
@@ -232,7 +233,7 @@ struct access_mask_info samr_connect_access_mask_info = {
};
int
-samr_dissect_bitmap_ConnectAccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep, int hf_index _U_, guint32 param _U_)
+samr_dissect_bitmap_ConnectAccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep, int hf_index _U_, uint32_t param _U_)
{
offset = dissect_nt_access_mask(
tvb, offset, pinfo, tree, di, drep, hf_samr_connect_access_mask,
@@ -242,7 +243,7 @@ samr_dissect_bitmap_ConnectAccessMask(tvbuff_t *tvb, int offset, packet_info *pi
static void
-samr_alias_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
+samr_alias_specific_rights(tvbuff_t *tvb, int offset, proto_tree *tree, uint32_t access)
{
static int* const access_flags[] = {
&hf_samr_samr_AliasAccessMask_SAMR_ALIAS_ACCESS_ADD_MEMBER,
@@ -256,7 +257,7 @@ samr_alias_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32
proto_tree_add_bitmask_list_value(tree, tvb, offset, 4, access_flags, access);
}
-struct access_mask_info samr_alias_access_mask_info = {
+static struct access_mask_info samr_alias_access_mask_info = {
"SAMR Alias", /* Name of specific rights */
samr_alias_specific_rights, /* Dissection function */
NULL, /* Generic mapping table */
@@ -264,7 +265,7 @@ struct access_mask_info samr_alias_access_mask_info = {
};
int
-samr_dissect_bitmap_AliasAccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep, int hf_index _U_, guint32 param _U_)
+samr_dissect_bitmap_AliasAccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep, int hf_index _U_, uint32_t param _U_)
{
offset = dissect_nt_access_mask(
tvb, offset, pinfo, tree, di, drep, hf_samr_alias_access_mask,
@@ -274,7 +275,7 @@ samr_dissect_bitmap_AliasAccessMask(tvbuff_t *tvb, int offset, packet_info *pinf
static void
-samr_group_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
+samr_group_specific_rights(tvbuff_t *tvb, int offset, proto_tree *tree, uint32_t access)
{
static int* const access_flags[] = {
&hf_samr_samr_GroupAccessMask_SAMR_GROUP_ACCESS_GET_MEMBERS,
@@ -288,7 +289,7 @@ samr_group_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32
proto_tree_add_bitmask_list_value(tree, tvb, offset, 4, access_flags, access);
}
-struct access_mask_info samr_group_access_mask_info = {
+static struct access_mask_info samr_group_access_mask_info = {
"SAMR Group", /* Name of specific rights */
samr_group_specific_rights, /* Dissection function */
NULL, /* Generic mapping table */
@@ -296,7 +297,7 @@ struct access_mask_info samr_group_access_mask_info = {
};
int
-samr_dissect_bitmap_GroupAccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep, int hf_index _U_, guint32 param _U_)
+samr_dissect_bitmap_GroupAccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep, int hf_index _U_, uint32_t param _U_)
{
offset = dissect_nt_access_mask(
tvb, offset, pinfo, tree, di, drep, hf_samr_group_access_mask,
@@ -306,7 +307,7 @@ samr_dissect_bitmap_GroupAccessMask(tvbuff_t *tvb, int offset, packet_info *pinf
static void
-samr_domain_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
+samr_domain_specific_rights(tvbuff_t *tvb, int offset, proto_tree *tree, uint32_t access)
{
static int* const access_flags[] = {
&hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1,
@@ -326,7 +327,7 @@ samr_domain_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint3
proto_tree_add_bitmask_list_value(tree, tvb, offset, 4, access_flags, access);
}
-struct access_mask_info samr_domain_access_mask_info = {
+static struct access_mask_info samr_domain_access_mask_info = {
"SAMR Domain", /* Name of specific rights */
samr_domain_specific_rights, /* Dissection function */
NULL, /* Generic mapping table */
@@ -334,7 +335,7 @@ struct access_mask_info samr_domain_access_mask_info = {
};
int
-samr_dissect_bitmap_DomainAccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep, int hf_index _U_, guint32 param _U_)
+samr_dissect_bitmap_DomainAccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep, int hf_index _U_, uint32_t param _U_)
{
offset = dissect_nt_access_mask(
tvb, offset, pinfo, tree, di, drep, hf_samr_domain_access_mask,
@@ -344,7 +345,7 @@ samr_dissect_bitmap_DomainAccessMask(tvbuff_t *tvb, int offset, packet_info *pin
static void
-samr_user_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
+samr_user_specific_rights(tvbuff_t *tvb, int offset, proto_tree *tree, uint32_t access)
{
static int* const access_flags[] = {
&hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP,
@@ -364,7 +365,7 @@ samr_user_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32
proto_tree_add_bitmask_list_value(tree, tvb, offset, 4, access_flags, access);
}
-struct access_mask_info samr_user_access_mask_info = {
+static struct access_mask_info samr_user_access_mask_info = {
"SAMR User", /* Name of specific rights */
samr_user_specific_rights, /* Dissection function */
NULL, /* Generic mapping table */
@@ -372,7 +373,7 @@ struct access_mask_info samr_user_access_mask_info = {
};
int
-samr_dissect_bitmap_UserAccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep, int hf_index _U_, guint32 param _U_)
+samr_dissect_bitmap_UserAccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep, int hf_index _U_, uint32_t param _U_)
{
offset = dissect_nt_access_mask(
tvb, offset, pinfo, tree, di, drep, hf_samr_user_access_mask,
@@ -382,7 +383,7 @@ samr_dissect_bitmap_UserAccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo
static int
-cnf_dissect_lsa_AsciiString(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep, guint32 param _U_, int hfindex)
+cnf_dissect_lsa_AsciiString(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep, uint32_t param _U_, int hfindex)
{
offset = dissect_ndr_counted_ascii_string(tvb, offset, pinfo, tree, di, drep,
hfindex, 0);
@@ -391,7 +392,7 @@ cnf_dissect_lsa_AsciiString(tvbuff_t *tvb, int offset, packet_info *pinfo, proto
}
static int
-cnf_dissect_hyper(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep, guint32 param _U_, int hfindex)
+cnf_dissect_hyper(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep, uint32_t param _U_, int hfindex)
{
offset = dissect_ndr_uint64(tvb, offset, pinfo, tree, di, drep, hfindex, NULL);
@@ -402,12 +403,12 @@ cnf_dissect_hyper(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tre
static int
-cnf_dissect_sec_desc_buf_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep)
+cnf_dissect_sec_desc_buf_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep)
{
- guint64 len;
+ uint64_t len;
e_ctx_hnd *polhnd = NULL;
dcerpc_call_value *dcv = NULL;
- guint32 type=0;
+ uint32_t type=0;
struct access_mask_info *ami=NULL;
if(di->conformant_run){
@@ -444,7 +445,7 @@ cnf_dissect_sec_desc_buf_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_t
break;
}
- dissect_nt_sec_desc(tvb, offset, pinfo, tree, drep, TRUE, (int)len, ami);
+ dissect_nt_sec_desc(tvb, offset, pinfo, tree, drep, true, (int)len, ami);
offset += (int)len;
@@ -452,9 +453,9 @@ cnf_dissect_sec_desc_buf_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_t
}
static int
-cnf_dissect_sec_desc_buf(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep)
+cnf_dissect_sec_desc_buf(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep)
{
- guint64 len;
+ uint64_t len;
if(di->conformant_run){
/*just a run to handle conformant arrays, nothing to dissect */
@@ -474,7 +475,7 @@ cnf_dissect_sec_desc_buf(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tr
static int
-cnf_dissect_dom_sid2(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep)
+cnf_dissect_dom_sid2(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep)
{
offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, di, drep);
@@ -482,7 +483,7 @@ cnf_dissect_dom_sid2(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *
}
static int
-cnf_dissect_lsa_SidArray(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep)
+cnf_dissect_lsa_SidArray(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep)
{
offset = dissect_ndr_nt_PSID_ARRAY(tvb, offset, pinfo, tree, di, drep);
@@ -491,7 +492,7 @@ cnf_dissect_lsa_SidArray(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tr
static int
-cnf_dissect_samr_security_secinfo(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, guint8 *drep _U_)
+cnf_dissect_samr_security_secinfo(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, uint8_t *drep _U_)
{
offset = dissect_nt_security_information(tvb, offset, tree);
diff --git a/epan/dissectors/pidl/samr/samr.idl b/epan/dissectors/pidl/samr/samr.idl
index 18e3d601..f09fff01 100644
--- a/epan/dissectors/pidl/samr/samr.idl
+++ b/epan/dissectors/pidl/samr/samr.idl
@@ -4,6 +4,7 @@
samr interface definition
*/
/* import "misc.idl", "lsa.idl", "security.idl";*/
+import "misc.idl", "lsa.idl";
/*
Thanks to Todd Sabin for some information from his samr.idl in acltools
@@ -35,15 +36,6 @@
SID_NAME_COMPUTER = 9 /* machine */
} lsa_SidType;
- typedef [public,v1_enum] enum {
- SAMR_REJECT_OTHER = 0,
- SAMR_REJECT_TOO_SHORT = 1,
- SAMR_REJECT_IN_HISTORY = 2,
- SAMR_REJECT_COMPLEXITY = 5
- } samr_RejectReason;
-
-
-
/* account control (acct_flags) bits */
typedef [public,bitmap32bit] bitmap {
ACB_DISABLED = 0x00000001, /* 1 = User account disabled */
@@ -64,8 +56,10 @@
ACB_USE_DES_KEY_ONLY = 0x00008000, /* 1 = Use DES key only */
ACB_DONT_REQUIRE_PREAUTH = 0x00010000, /* 1 = Preauth not required */
ACB_PW_EXPIRED = 0x00020000, /* 1 = Password Expired */
- ACB_TRUST_AUTH_DELEGAT = 0x00040000, /* 1 = Trusted to authenticate for delegation */
- ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */
+ ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x00040000,
+ ACB_NO_AUTH_DATA_REQD = 0x00080000, /* 1 = No authorization data required */
+ ACB_PARTIAL_SECRETS_ACCOUNT = 0x00100000,
+ ACB_USE_AES_KEYS = 0x00200000
} samr_AcctFlags;
/* SAM server specific access rights */
@@ -116,6 +110,35 @@
SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400
} samr_UserAccessMask;
+ const int SAMR_USER_ACCESS_ALL_ACCESS = 0x000007FF;
+
+ const int GENERIC_RIGHTS_USER_ALL_ACCESS =
+ (STANDARD_RIGHTS_REQUIRED_ACCESS |
+ SAMR_USER_ACCESS_ALL_ACCESS); /* 0x000f07ff */
+
+ const int GENERIC_RIGHTS_USER_READ =
+ (STANDARD_RIGHTS_READ_ACCESS |
+ SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP |
+ SAMR_USER_ACCESS_GET_GROUPS |
+ SAMR_USER_ACCESS_GET_ATTRIBUTES |
+ SAMR_USER_ACCESS_GET_LOGONINFO |
+ SAMR_USER_ACCESS_GET_LOCALE); /* 0x0002031a */
+
+ const int GENERIC_RIGHTS_USER_WRITE =
+ (STANDARD_RIGHTS_WRITE_ACCESS |
+ SAMR_USER_ACCESS_CHANGE_PASSWORD |
+ SAMR_USER_ACCESS_SET_LOC_COM |
+ SAMR_USER_ACCESS_SET_ATTRIBUTES |
+ SAMR_USER_ACCESS_SET_PASSWORD |
+ SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP); /* 0x000204e4 */
+
+ const int GENERIC_RIGHTS_USER_EXECUTE =
+ (STANDARD_RIGHTS_EXECUTE_ACCESS |
+ SAMR_USER_ACCESS_CHANGE_PASSWORD |
+ SAMR_USER_ACCESS_GET_NAME_ETC); /* 0x00020041 */
+
+ /* Domain Object specific access rights */
+
typedef [bitmap32bit] bitmap {
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001,
SAMR_DOMAIN_ACCESS_SET_INFO_1 = 0x00000002,
@@ -130,6 +153,34 @@
SAMR_DOMAIN_ACCESS_SET_INFO_3 = 0x00000400
} samr_DomainAccessMask;
+ const int SAMR_DOMAIN_ACCESS_ALL_ACCESS = 0x000007FF;
+
+ const int GENERIC_RIGHTS_DOMAIN_ALL_ACCESS =
+ (STANDARD_RIGHTS_REQUIRED_ACCESS |
+ SAMR_DOMAIN_ACCESS_ALL_ACCESS);
+
+ const int GENERIC_RIGHTS_DOMAIN_READ =
+ (STANDARD_RIGHTS_READ_ACCESS |
+ SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS |
+ SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2);
+
+ const int GENERIC_RIGHTS_DOMAIN_WRITE =
+ (STANDARD_RIGHTS_WRITE_ACCESS |
+ SAMR_DOMAIN_ACCESS_SET_INFO_3 |
+ SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
+ SAMR_DOMAIN_ACCESS_CREATE_GROUP |
+ SAMR_DOMAIN_ACCESS_CREATE_USER |
+ SAMR_DOMAIN_ACCESS_SET_INFO_2 |
+ SAMR_DOMAIN_ACCESS_SET_INFO_1);
+
+ const int GENERIC_RIGHTS_DOMAIN_EXECUTE =
+ (STANDARD_RIGHTS_EXECUTE_ACCESS |
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
+ SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1);
+
+ /* Group Object specific access rights */
+
typedef [bitmap32bit] bitmap {
SAMR_GROUP_ACCESS_LOOKUP_INFO = 0x00000001,
SAMR_GROUP_ACCESS_SET_INFO = 0x00000002,
@@ -137,13 +188,28 @@
SAMR_GROUP_ACCESS_REMOVE_MEMBER = 0x00000008,
SAMR_GROUP_ACCESS_GET_MEMBERS = 0x00000010
} samr_GroupAccessMask;
- /* these bits are invalid and return ACCESS_DENIED */
- const int SAMR_GROUP_ACCESS_MASK_INVALID = 0x0000ffe0;
- /* generic access */
- const int SAMR_GROUP_ACCESS_ALL_ACCESS = 0x000f001f;
- const int SAMR_GROUP_ACCESS_ALL_READ = 0x00020010;
- const int SAMR_GROUP_ACCESS_ALL_WRITE = 0x0002000e;
- const int SAMR_GROUP_ACCESS_ALL_EXECUTE = 0x00020001;
+
+ const int SAMR_GROUP_ACCESS_ALL_ACCESS = 0x0000001F;
+
+ const int GENERIC_RIGHTS_GROUP_ALL_ACCESS =
+ (STANDARD_RIGHTS_REQUIRED_ACCESS |
+ SAMR_GROUP_ACCESS_ALL_ACCESS); /* 0x000f001f */
+
+ const int GENERIC_RIGHTS_GROUP_READ =
+ (STANDARD_RIGHTS_READ_ACCESS |
+ SAMR_GROUP_ACCESS_GET_MEMBERS); /* 0x00020010 */
+
+ const int GENERIC_RIGHTS_GROUP_WRITE =
+ (STANDARD_RIGHTS_WRITE_ACCESS |
+ SAMR_GROUP_ACCESS_REMOVE_MEMBER |
+ SAMR_GROUP_ACCESS_ADD_MEMBER |
+ SAMR_GROUP_ACCESS_SET_INFO); /* 0x0002000e */
+
+ const int GENERIC_RIGHTS_GROUP_EXECUTE =
+ (STANDARD_RIGHTS_EXECUTE_ACCESS |
+ SAMR_GROUP_ACCESS_LOOKUP_INFO); /* 0x00020001 */
+
+ /* Alias Object specific access rights */
typedef [bitmap32bit] bitmap {
SAMR_ALIAS_ACCESS_ADD_MEMBER = 0x00000001,
@@ -153,6 +219,26 @@
SAMR_ALIAS_ACCESS_SET_INFO = 0x00000010
} samr_AliasAccessMask;
+ const int SAMR_ALIAS_ACCESS_ALL_ACCESS = 0x0000001F;
+
+ const int GENERIC_RIGHTS_ALIAS_ALL_ACCESS =
+ (STANDARD_RIGHTS_REQUIRED_ACCESS |
+ SAMR_ALIAS_ACCESS_ALL_ACCESS); /* 0x000f001f */
+
+ const int GENERIC_RIGHTS_ALIAS_READ =
+ (STANDARD_RIGHTS_READ_ACCESS |
+ SAMR_ALIAS_ACCESS_GET_MEMBERS); /* 0x00020004 */
+
+ const int GENERIC_RIGHTS_ALIAS_WRITE =
+ (STANDARD_RIGHTS_WRITE_ACCESS |
+ SAMR_ALIAS_ACCESS_REMOVE_MEMBER |
+ SAMR_ALIAS_ACCESS_ADD_MEMBER |
+ SAMR_ALIAS_ACCESS_SET_INFO); /* 0x00020013 */
+
+ const int GENERIC_RIGHTS_ALIAS_EXECUTE =
+ (STANDARD_RIGHTS_EXECUTE_ACCESS |
+ SAMR_ALIAS_ACCESS_LOOKUP_INFO); /* 0x00020008 */
+
/******************/
/* Function: 0x00 */
NTSTATUS samr_Connect (
@@ -279,7 +365,7 @@
DOMAIN_SERVER_DISABLED = 2
} samr_DomainServerState;
- typedef struct {
+ typedef [public] struct {
uint16 min_password_length;
uint16 password_history_length;
samr_PasswordProperties password_properties;
@@ -473,7 +559,7 @@
[public] NTSTATUS samr_LookupNames(
[in,ref] policy_handle *domain_handle,
[in,range(0,1000)] uint32 num_names,
- [in,size_is(1000),length_is(num_names),ref] lsa_String *names,
+ [in,size_is(1000),length_is(num_names)] lsa_String names[],
[out,ref] samr_Ids *rids,
[out,ref] samr_Ids *types
);
@@ -722,7 +808,9 @@
UserInternal4Information = 23,
UserInternal5Information = 24,
UserInternal4InformationNew = 25,
- UserInternal5InformationNew = 26
+ UserInternal5InformationNew = 26,
+ UserInternal7InformationNew = 31,
+ UserInternal8InformationNew = 32
} samr_UserInfoLevel;
typedef struct {
@@ -735,7 +823,7 @@
typedef struct {
lsa_String comment;
- lsa_String unknown; /* settable, but doesn't stick. probably obsolete */
+ lsa_String reserved; /* settable, but doesn't stick. probably obsolete */
uint16 country_code;
uint16 code_page;
} samr_UserInfo2;
@@ -851,7 +939,7 @@
} samr_UserInfo18;
typedef struct {
- lsa_String parameters;
+ lsa_BinaryString parameters;
} samr_UserInfo20;
/* this defines the bits used for fields_present in info21 */
@@ -908,10 +996,10 @@
lsa_String description;
lsa_String workstations;
lsa_String comment;
- lsa_String parameters;
- lsa_String lm_password;
- lsa_String nt_password;
- lsa_String private;
+ lsa_BinaryString parameters;
+ lsa_BinaryString lm_owf_password;
+ lsa_BinaryString nt_owf_password;
+ lsa_String private_data;
uint32 buf_count;
[size_is(buf_count)] uint8 *buffer;
uint32 rid;
@@ -926,7 +1014,7 @@
uint8 lm_password_set;
uint8 nt_password_set;
uint8 password_expired;
- uint8 unknown4;
+ uint8 private_data_sensitive;
} samr_UserInfo21;
typedef [public, flag(NDR_PAHEX)] struct {
@@ -957,6 +1045,24 @@
uint8 password_expired;
} samr_UserInfo26;
+ typedef struct {
+ uint8 auth_data[64];
+ uint8 salt[16];
+ uint32 cipher_len;
+ [size_is(cipher_len)] uint8 *cipher;
+ hyper PBKDF2Iterations;
+ } samr_EncryptedPasswordAES;
+
+ typedef struct {
+ samr_EncryptedPasswordAES password;
+ uint8 password_expired;
+ } samr_UserInfo31;
+
+ typedef struct {
+ samr_UserInfo21 info;
+ samr_EncryptedPasswordAES password;
+ } samr_UserInfo32;
+
typedef [switch_type(uint16)] union {
[case(1)] samr_UserInfo1 info1;
[case(2)] samr_UserInfo2 info2;
@@ -981,6 +1087,8 @@
[case(24)] samr_UserInfo24 info24;
[case(25)] samr_UserInfo25 info25;
[case(26)] samr_UserInfo26 info26;
+ [case(31)] samr_UserInfo31 info31;
+ [case(32)] samr_UserInfo32 info32;
} samr_UserInfo;
[public] NTSTATUS samr_QueryUserInfo(
@@ -1375,13 +1483,24 @@
/************************/
/* Function 0x3f */
+ typedef [public,v1_enum] enum {
+ SAM_PWD_CHANGE_NO_ERROR = 0,
+ SAM_PWD_CHANGE_PASSWORD_TOO_SHORT = 1,
+ SAM_PWD_CHANGE_PWD_IN_HISTORY = 2,
+ SAM_PWD_CHANGE_USERNAME_IN_PASSWORD = 3,
+ SAM_PWD_CHANGE_FULLNAME_IN_PASSWORD = 4,
+ SAM_PWD_CHANGE_NOT_COMPLEX = 5,
+ SAM_PWD_CHANGE_MACHINE_NOT_DEFAULT = 6,
+ SAM_PWD_CHANGE_FAILED_BY_FILTER = 7,
+ SAM_PWD_CHANGE_PASSWORD_TOO_LONG = 8
+ } samPwdChangeReason;
+
typedef struct {
- samr_RejectReason reason;
- uint32 unknown1;
- uint32 unknown2;
- } samr_ChangeReject;
+ samPwdChangeReason extendedFailureReason;
+ lsa_String filterModuleName;
+ } userPwdChangeFailureInformation;
- NTSTATUS samr_ChangePasswordUser3(
+ [public] NTSTATUS samr_ChangePasswordUser3(
[in,unique] lsa_String *server,
[in,ref] lsa_String *account,
[in,unique] samr_CryptPassword *nt_password,
@@ -1391,15 +1510,22 @@
[in,unique] samr_Password *lm_verifier,
[in,unique] samr_CryptPassword *password3,
[out,ref] samr_DomInfo1 **dominfo,
- [out,ref] samr_ChangeReject **reject
+ [out,ref] userPwdChangeFailureInformation **reject
);
/************************/
/* Function 0x40 */
+ typedef [v1_enum] enum {
+ SAMR_CONNECT_FEATURE_RID_ONLY = 0x00000001,
+ SAMR_CONNECT_FEATURE_RESRVED1 = 0x00000002,
+ SAMR_CONNECT_FEATURE_RESRVED2 = 0x00000004,
+ SAMR_CONNECT_FEATURE_USE_AES = 0x00000010
+ } samr_SupportedFeatures;
+
typedef struct {
samr_ConnectVersion client_version; /* w2k3 gives 3 */
- uint32 unknown2; /* w2k3 gives 0 */
+ samr_SupportedFeatures supported_features;
} samr_ConnectInfo1;
typedef union {
@@ -1539,4 +1665,38 @@
[in,switch_is(level)] samr_ValidatePasswordReq *req,
[out,ref,switch_is(level)] samr_ValidatePasswordRep **rep
);
+
+ /************************/
+ /* Function 0x44 */
+ /************************/
+ [todo] void samr_Opnum68NotUsedOnWire(void);
+
+ /************************/
+ /* Function 0x45 */
+ /************************/
+ [todo] void samr_Opnum69NotUsedOnWire(void);
+
+ /************************/
+ /* Function 0x46 */
+ /************************/
+ [todo] void samr_Opnum70NotUsedOnWire(void);
+
+ /************************/
+ /* Function 0x47 */
+ /************************/
+ [todo] void samr_Opnum71NotUsedOnWire(void);
+
+ /************************/
+ /* Function 0x48 */
+ /************************/
+ [todo] void samr_Opnum72NotUsedOnWire(void);
+
+ /************************/
+ /* Function 0x49 */
+ /************************/
+ [public] NTSTATUS samr_ChangePasswordUser4(
+ [in,unique] lsa_String *server,
+ [in,ref] lsa_String *account,
+ [in,ref] samr_EncryptedPasswordAES *password
+ );
}