1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  *
  25  * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
  26  */
  27 
  28 #ifndef _MLSVC_NETR_NDL_
  29 #define _MLSVC_NETR_NDL_
  30 
  31 /*
  32  ***********************************************************************
  33  *
  34  * NetLogon RPC (NETR) interface definition.
  35  *
  36  ***********************************************************************
  37  */
  38 
  39 #include "ndrtypes.ndl"
  40 
  41 
  42 #define NETR_OPNUM_UasLogon                     0x00
  43 #define NETR_OPNUM_UasLogoff                    0x01
  44 #define NETR_OPNUM_SamLogon                     0x02
  45 #define NETR_OPNUM_SamLogoff                    0x03
  46 #define NETR_OPNUM_ServerReqChallenge           0x04
  47 #define NETR_OPNUM_ServerAuthenticate           0x05
  48 #define NETR_OPNUM_ServerPasswordSet            0x06
  49 #define NETR_OPNUM_DatabaseDeltas               0x07
  50 #define NETR_OPNUM_DatabaseSync                 0x08
  51 #define NETR_OPNUM_AccountDeltas                0x09
  52 #define NETR_OPNUM_AccountSync                  0x0a
  53 #define NETR_OPNUM_GetDCName                    0x0b
  54 #define NETR_OPNUM_LogonControl                 0x0c
  55 #define NETR_OPNUM_GetAnyDCName                 0x0d
  56 #define NETR_OPNUM_LogonControl2                0x0E
  57 #define NETR_OPNUM_ServerAuthenticate2          0x0F
  58 #define NETR_OPNUM_DatabaseSync2                0x10
  59 #define NETR_OPNUM_DatabaseRedo                 0x11
  60 #define NETR_OPNUM_LogonControl2Ex              0x12
  61 #define NETR_OPNUM_TrustDomainList              0x13
  62 #define NETR_OPNUM_DsrGetDcName                 0x14
  63 #define NETR_OPNUM_LogonGetCapabilities         0x15
  64 #define NETR_OPNUM_LogonSetServiceBits          0x16
  65 #define NETR_OPNUM_LogonGetTrustRid             0x17
  66 #define NETR_OPNUM_LogonComputeServerDigest     0x18
  67 #define NETR_OPNUM_LogonComputeClientDigest     0x19
  68 #define NETR_OPNUM_ServerAuthenticate3          0x1A
  69 #define NETR_OPNUM_DsrGetDcNameEx               0x1B
  70 #define NETR_OPNUM_DsrGetSiteName               0x1C
  71 #define NETR_OPNUM_LogonGetDomainInfo           0x1D
  72 #define NETR_OPNUM_ServerPasswordSet2           0x1E
  73 
  74 /*
  75  * This is not a real NETR OPNUM.  It's used to unpack the
  76  * struct krb5_validation_info found in the Kerberos PAC.
  77  */
  78 #define NETR_OPNUM_decode_krb5_pac              1000
  79 
  80 
  81 struct netr_sid {
  82         BYTE            Revision;
  83         BYTE            SubAuthCount;
  84         BYTE            Authority[6];
  85   SIZE_IS(SubAuthCount)
  86         DWORD           SubAuthority[ANY_SIZE_ARRAY];
  87 };
  88 
  89 
  90 struct netr_string {
  91         WORD            length;
  92         WORD            allosize;
  93         LPTSTR          str;
  94 };
  95 typedef struct netr_string netr_string_t;
  96 
  97 
  98 /*
  99  * Alternative varying/conformant string definition - for
 100  * non-null terminated strings. This definition must match
 101  * ndr_vcbuf_t.
 102  */
 103 struct netr_vcs {
 104         /*
 105          * size_is (actually a copy of length_is) will
 106          * be inserted here by the marshalling library.
 107          */
 108         DWORD vc_first_is;
 109         DWORD vc_length_is;
 110   SIZE_IS(vc_length_is)
 111         WORD buffer[ANY_SIZE_ARRAY];
 112 };
 113 
 114 struct netr_vcstr {
 115         WORD wclen;
 116         WORD wcsize;
 117         struct netr_vcs *vcs;
 118 };
 119 typedef struct netr_vcstr netr_vcstr_t;
 120 
 121 struct netr_vcb {
 122         /*
 123          * size_is (actually a copy of length_is) will
 124          * be inserted here by the marshalling library.
 125          */
 126         DWORD vc_first_is;
 127         DWORD vc_length_is;
 128   SIZE_IS(vc_length_is)
 129         BYTE buffer[ANY_SIZE_ARRAY];
 130 };
 131 
 132 struct netr_vcbuf {
 133         WORD len;
 134         WORD size;
 135         struct netr_vcb *vcb;
 136 };
 137 typedef struct netr_vcbuf netr_vcbuf_t;
 138 
 139 struct netr_credential {
 140         BYTE data[8];
 141 };
 142 
 143 struct netr_authenticator {
 144         struct netr_credential credential;
 145         DWORD timestamp;
 146 };
 147 typedef struct netr_authenticator netr_auth_t;
 148 
 149 
 150 struct OLD_LARGE_INTEGER {
 151         DWORD LowPart;
 152         DWORD HighPart;
 153 };
 154 typedef struct OLD_LARGE_INTEGER netr_int64_t;
 155 
 156 struct CYPHER_BLOCK {
 157         BYTE data[8];
 158 };
 159 
 160 struct OWF_PASSWORD {
 161         BYTE data[16];
 162 };
 163 typedef struct OWF_PASSWORD netr_owf_password_t;
 164 
 165 /*
 166  * NL_TRUST_PASSWORD
 167  * See also: samr_user_password
 168  */
 169 #define NETR_TRUST_PWLEN        256
 170 struct netr_trust_password {
 171         WORD    Buffer[NETR_TRUST_PWLEN];
 172         DWORD   Length;
 173 };
 174 typedef struct netr_trust_password netr_trust_password_t;
 175 
 176 struct USER_SESSION_KEY {
 177         struct CYPHER_BLOCK data[2];
 178 };
 179 
 180 
 181 
 182 
 183 /*
 184  ***********************************************************************
 185  * ServerReqChallenge
 186  ***********************************************************************
 187  */
 188 ALIGN(2)
 189 OPERATION(NETR_OPNUM_ServerReqChallenge)
 190 struct netr_ServerReqChallenge {
 191         IN              LPTSTR servername;
 192         IN REFERENCE    LPTSTR hostname;
 193         IN              struct netr_credential client_challenge;
 194         OUT             struct netr_credential server_challenge;
 195         OUT             DWORD status;
 196 };
 197 
 198 
 199 /*
 200  ***********************************************************************
 201  * ServerAuthenticate2
 202  ***********************************************************************
 203  */
 204 ALIGN(2)
 205 OPERATION(NETR_OPNUM_ServerAuthenticate2)
 206 struct netr_ServerAuthenticate2 {
 207         IN              LPTSTR servername;
 208         IN REFERENCE    LPTSTR account_name;
 209         IN              WORD account_type;
 210         IN REFERENCE    LPTSTR hostname;
 211         IN              struct netr_credential client_credential;
 212         OUT             struct netr_credential server_credential;
 213         INOUT   DWORD negotiate_flags;
 214         OUT             DWORD status;
 215 };
 216 
 217 
 218 /*
 219  ***********************************************************************
 220  * ServerPasswordSet
 221  ***********************************************************************
 222  */
 223 ALIGN(2)
 224 OPERATION(NETR_OPNUM_ServerPasswordSet)
 225 struct netr_PasswordSet {
 226         IN              LPTSTR servername;
 227         IN REFERENCE    LPTSTR account_name;
 228         IN              WORD sec_chan_type;
 229         IN REFERENCE    LPTSTR hostname;
 230         INOUT   struct netr_authenticator auth;
 231         IN              netr_owf_password_t owf_password;
 232         OUT             DWORD status;
 233 };
 234 
 235 OPERATION(NETR_OPNUM_ServerPasswordSet2)
 236 struct netr_PasswordSet2 {
 237         IN              LPTSTR servername;
 238         IN REFERENCE    LPTSTR account_name;
 239         IN              WORD sec_chan_type;
 240         IN REFERENCE    LPTSTR hostname;
 241         INOUT   struct netr_authenticator auth;
 242         IN              netr_trust_password_t trust_password;
 243         OUT             DWORD status;
 244 };
 245 
 246 
 247 /*
 248  ***********************************************************************
 249  * SamLogon
 250  ***********************************************************************
 251  */
 252 
 253 /*
 254  * The challenge-response data should always be 24 bytes.
 255  */
 256 #define NETR_CR_PASSWORD_SIZE                   24
 257 
 258 
 259 struct lm_challenge {
 260         BYTE data[8];
 261 };
 262 typedef struct lm_challenge lm_challenge_t;
 263 
 264 /*
 265  * Input data
 266  */
 267 struct netr_logon_identity_info {
 268         netr_vcstr_t domain_name;
 269         DWORD parameter_control;
 270         struct OLD_LARGE_INTEGER logon_id;
 271         netr_vcstr_t username;
 272         netr_vcstr_t workstation;
 273 };
 274 typedef struct netr_logon_identity_info netr_logon_id_t;
 275 
 276 
 277 /*
 278  * Level 1: interactive logon
 279  */
 280 struct netr_logon_info1 {
 281         netr_logon_id_t identity;
 282         netr_owf_password_t lm_owf_password;
 283         netr_owf_password_t nt_owf_password;
 284 };
 285 
 286 
 287 /*
 288  * Level 2: network logon.
 289  */
 290 struct netr_logon_info2 {
 291         netr_logon_id_t identity;
 292         lm_challenge_t lm_challenge;
 293         netr_vcbuf_t nt_response;
 294         netr_vcbuf_t lm_response;
 295 };
 296 
 297 
 298 union netr_logon_info_u {
 299         UNION_INFO_PTR(1,netr_logon_info);
 300         UNION_INFO_PTR(2,netr_logon_info);
 301         DEFAULT DWORD nothing;
 302 };
 303 
 304 
 305 struct netr_login_info {
 306         WORD logon_level;
 307         WORD switch_value;
 308   SWITCH(switch_value)
 309         union netr_logon_info_u ru;
 310 };
 311 
 312 
 313 /*
 314  * Output data
 315  */
 316 struct netr_group_membership {
 317         DWORD rid;
 318         DWORD attributes;
 319 };
 320 
 321 
 322 struct netr_sid_and_attributes {
 323         struct netr_sid *sid;
 324         DWORD attributes;
 325 };
 326 
 327 
 328 struct netr_validation_info3 {
 329         struct OLD_LARGE_INTEGER LogonTime;
 330         struct OLD_LARGE_INTEGER LogoffTime;
 331         struct OLD_LARGE_INTEGER KickOffTime;
 332         struct OLD_LARGE_INTEGER PasswordLastSet;
 333         struct OLD_LARGE_INTEGER PasswordCanChange;
 334         struct OLD_LARGE_INTEGER PasswordMustChange;
 335         netr_string_t EffectiveName;
 336         netr_string_t FullName;
 337         netr_string_t LogonScript;
 338         netr_string_t ProfilePath;
 339         netr_string_t HomeDirectory;
 340         netr_string_t HomeDirectoryDrive;
 341         WORD LogonCount;
 342         WORD BadPasswordCount;
 343         DWORD UserId;
 344         DWORD PrimaryGroupId;
 345         DWORD GroupCount;
 346   SIZE_IS(GroupCount)
 347         struct netr_group_membership *GroupIds;
 348         DWORD UserFlags;
 349         struct USER_SESSION_KEY UserSessionKey;
 350         netr_string_t LogonServer;
 351         netr_string_t LogonDomainName;
 352         struct netr_sid *LogonDomainId;
 353         DWORD ExpansionRoom[10];
 354         DWORD SidCount;
 355   SIZE_IS(SidCount)
 356         struct netr_sid_and_attributes *ExtraSids;
 357 };
 358 
 359 /* NETR_OPNUM_decode_krb5_pac */
 360 struct krb5_validation_info {
 361         struct netr_validation_info3 info3;
 362         /* Kerberos PAC "resource group" stuff. */
 363         struct netr_sid *rg_dom_sid;
 364         DWORD rg_rid_cnt;
 365   SIZE_IS(rg_rid_cnt)
 366         struct netr_group_membership *rg_rids;
 367 };
 368 
 369 union netr_validation_u {
 370         CASE(3) struct netr_validation_info3 *info3;
 371         DEFAULT DWORD nothing;
 372 };
 373 
 374 
 375 /*
 376  * This structure needs to be declared, even though it can't be used
 377  * in netr_SamLogon, in order to get the appropriate size to calculate
 378  * the correct fixup offsets.  If ndrgen did the right thing,
 379  * netr_validation_info would be one of the out parameters. However,
 380  * if we do it that way, the switch_value isn't known early enough to
 381  * do the fixup calculation. So it all has to go in netr_SamLogon.
 382  */
 383 struct netr_validation_info {
 384         WORD validation_level;
 385   SWITCH(validation_level)
 386         union netr_validation_u ru;
 387 };
 388 
 389 
 390 /*
 391  * WARNING
 392  *
 393  * Validation_level is really a WORD and authoritative is really a
 394  * BYTE. They are declared as DWORD here due to the way things are
 395  * unmarshalled. NT does not clear out the unused bytes in the
 396  * DWORD so they must be cast to get the correct value.
 397  */
 398 OPERATION(NETR_OPNUM_SamLogon)
 399 struct netr_SamLogon {
 400         IN              LPTSTR servername;
 401         IN              LPTSTR hostname;
 402         IN              struct netr_authenticator *auth;
 403         INOUT   struct netr_authenticator *ret_auth;
 404         IN              struct netr_login_info logon_info;
 405         INOUT   WORD validation_level;
 406   SWITCH(validation_level)
 407         OUT             union netr_validation_u ru;
 408         OUT             DWORD authoritative;
 409         OUT             DWORD status;
 410 };
 411 
 412 
 413 /*
 414  ***********************************************************************
 415  * SamLogoff
 416  ***********************************************************************
 417  */
 418 OPERATION(NETR_OPNUM_SamLogoff)
 419 struct netr_SamLogoff {
 420         IN              LPTSTR servername;
 421         IN REFERENCE    LPTSTR hostname;
 422         IN              struct netr_authenticator auth;
 423         INOUT   struct netr_authenticator ret_auth;
 424         IN              DWORD logon_level;
 425   SWITCH(logon_level)
 426         IN              union netr_logon_info_u ru;
 427         OUT             DWORD status;
 428 };
 429 
 430 
 431 /*
 432  ***********************************************************************
 433  * The NETR interface definition.
 434  ***********************************************************************
 435  */
 436 INTERFACE(0)
 437 union netr_interface {
 438         CASE(NETR_OPNUM_ServerReqChallenge)
 439                 struct netr_ServerReqChallenge          ServerReqChallenge;
 440         CASE(NETR_OPNUM_ServerAuthenticate2)
 441                 struct netr_ServerAuthenticate2         ServerAuthenticate2;
 442         CASE(NETR_OPNUM_SamLogon)
 443                 struct netr_SamLogon                    SamLogon;
 444         CASE(NETR_OPNUM_SamLogoff)
 445                 struct netr_SamLogoff                   SamLogoff;
 446         CASE(NETR_OPNUM_ServerPasswordSet)
 447                 struct netr_PasswordSet                 PasswordSet;
 448         CASE(NETR_OPNUM_ServerPasswordSet2)
 449                 struct netr_PasswordSet2                PasswordSet2;
 450 
 451         /* Special, for smb_decode_krb5_pac() */
 452         CASE(NETR_OPNUM_decode_krb5_pac)
 453                 struct krb5_validation_info             krb5pac;
 454 };
 455 typedef union netr_interface netr_interface_t;
 456 EXTERNTYPEINFO(netr_interface)
 457 
 458 #endif /* _MLSVC_NETR_NDL_ */