1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 * 25 * Copyright 2014 Nexenta Systems, Inc. All rights reserved. 26 */ 27 28 #ifndef _MLSVC_NETR_NDL_ 29 #define _MLSVC_NETR_NDL_ 30 31 /* 32 *********************************************************************** 33 * 34 * NetLogon RPC (NETR) interface definition. 35 * 36 *********************************************************************** 37 */ 38 39 #include "ndrtypes.ndl" 40 41 42 #define NETR_OPNUM_UasLogon 0x00 43 #define NETR_OPNUM_UasLogoff 0x01 44 #define NETR_OPNUM_SamLogon 0x02 45 #define NETR_OPNUM_SamLogoff 0x03 46 #define NETR_OPNUM_ServerReqChallenge 0x04 47 #define NETR_OPNUM_ServerAuthenticate 0x05 48 #define NETR_OPNUM_ServerPasswordSet 0x06 49 #define NETR_OPNUM_DatabaseDeltas 0x07 50 #define NETR_OPNUM_DatabaseSync 0x08 51 #define NETR_OPNUM_AccountDeltas 0x09 52 #define NETR_OPNUM_AccountSync 0x0a 53 #define NETR_OPNUM_GetDCName 0x0b 54 #define NETR_OPNUM_LogonControl 0x0c 55 #define NETR_OPNUM_GetAnyDCName 0x0d 56 #define NETR_OPNUM_LogonControl2 0x0E 57 #define NETR_OPNUM_ServerAuthenticate2 0x0F 58 #define NETR_OPNUM_DatabaseSync2 0x10 59 #define NETR_OPNUM_DatabaseRedo 0x11 60 #define NETR_OPNUM_LogonControl2Ex 0x12 61 #define NETR_OPNUM_TrustDomainList 0x13 62 #define NETR_OPNUM_DsrGetDcName 0x14 63 #define NETR_OPNUM_LogonGetCapabilities 0x15 64 #define NETR_OPNUM_LogonSetServiceBits 0x16 65 #define NETR_OPNUM_LogonGetTrustRid 0x17 66 #define NETR_OPNUM_LogonComputeServerDigest 0x18 67 #define NETR_OPNUM_LogonComputeClientDigest 0x19 68 #define NETR_OPNUM_ServerAuthenticate3 0x1A 69 #define NETR_OPNUM_DsrGetDcNameEx 0x1B 70 #define NETR_OPNUM_DsrGetSiteName 0x1C 71 #define NETR_OPNUM_LogonGetDomainInfo 0x1D 72 #define NETR_OPNUM_ServerPasswordSet2 0x1E 73 74 /* 75 * This is not a real NETR OPNUM. It's used to unpack the 76 * struct krb5_validation_info found in the Kerberos PAC. 77 */ 78 #define NETR_OPNUM_decode_krb5_pac 1000 79 80 81 struct netr_sid { 82 BYTE Revision; 83 BYTE SubAuthCount; 84 BYTE Authority[6]; 85 SIZE_IS(SubAuthCount) 86 DWORD SubAuthority[ANY_SIZE_ARRAY]; 87 }; 88 89 90 struct netr_string { 91 WORD length; 92 WORD allosize; 93 LPTSTR str; 94 }; 95 typedef struct netr_string netr_string_t; 96 97 98 /* 99 * Alternative varying/conformant string definition - for 100 * non-null terminated strings. This definition must match 101 * ndr_vcbuf_t. 102 */ 103 struct netr_vcs { 104 /* 105 * size_is (actually a copy of length_is) will 106 * be inserted here by the marshalling library. 107 */ 108 DWORD vc_first_is; 109 DWORD vc_length_is; 110 SIZE_IS(vc_length_is) 111 WORD buffer[ANY_SIZE_ARRAY]; 112 }; 113 114 struct netr_vcstr { 115 WORD wclen; 116 WORD wcsize; 117 struct netr_vcs *vcs; 118 }; 119 typedef struct netr_vcstr netr_vcstr_t; 120 121 struct netr_vcb { 122 /* 123 * size_is (actually a copy of length_is) will 124 * be inserted here by the marshalling library. 125 */ 126 DWORD vc_first_is; 127 DWORD vc_length_is; 128 SIZE_IS(vc_length_is) 129 BYTE buffer[ANY_SIZE_ARRAY]; 130 }; 131 132 struct netr_vcbuf { 133 WORD len; 134 WORD size; 135 struct netr_vcb *vcb; 136 }; 137 typedef struct netr_vcbuf netr_vcbuf_t; 138 139 struct netr_credential { 140 BYTE data[8]; 141 }; 142 143 struct netr_authenticator { 144 struct netr_credential credential; 145 DWORD timestamp; 146 }; 147 typedef struct netr_authenticator netr_auth_t; 148 149 150 struct OLD_LARGE_INTEGER { 151 DWORD LowPart; 152 DWORD HighPart; 153 }; 154 typedef struct OLD_LARGE_INTEGER netr_int64_t; 155 156 struct CYPHER_BLOCK { 157 BYTE data[8]; 158 }; 159 160 struct OWF_PASSWORD { 161 BYTE data[16]; 162 }; 163 typedef struct OWF_PASSWORD netr_owf_password_t; 164 165 /* 166 * NL_TRUST_PASSWORD 167 * See also: samr_user_password 168 */ 169 #define NETR_TRUST_PWLEN 256 170 struct netr_trust_password { 171 WORD Buffer[NETR_TRUST_PWLEN]; 172 DWORD Length; 173 }; 174 typedef struct netr_trust_password netr_trust_password_t; 175 176 struct USER_SESSION_KEY { 177 struct CYPHER_BLOCK data[2]; 178 }; 179 180 181 182 183 /* 184 *********************************************************************** 185 * ServerReqChallenge 186 *********************************************************************** 187 */ 188 ALIGN(2) 189 OPERATION(NETR_OPNUM_ServerReqChallenge) 190 struct netr_ServerReqChallenge { 191 IN LPTSTR servername; 192 IN REFERENCE LPTSTR hostname; 193 IN struct netr_credential client_challenge; 194 OUT struct netr_credential server_challenge; 195 OUT DWORD status; 196 }; 197 198 199 /* 200 *********************************************************************** 201 * ServerAuthenticate2 202 *********************************************************************** 203 */ 204 ALIGN(2) 205 OPERATION(NETR_OPNUM_ServerAuthenticate2) 206 struct netr_ServerAuthenticate2 { 207 IN LPTSTR servername; 208 IN REFERENCE LPTSTR account_name; 209 IN WORD account_type; 210 IN REFERENCE LPTSTR hostname; 211 IN struct netr_credential client_credential; 212 OUT struct netr_credential server_credential; 213 INOUT DWORD negotiate_flags; 214 OUT DWORD status; 215 }; 216 217 218 /* 219 *********************************************************************** 220 * ServerPasswordSet 221 *********************************************************************** 222 */ 223 ALIGN(2) 224 OPERATION(NETR_OPNUM_ServerPasswordSet) 225 struct netr_PasswordSet { 226 IN LPTSTR servername; 227 IN REFERENCE LPTSTR account_name; 228 IN WORD sec_chan_type; 229 IN REFERENCE LPTSTR hostname; 230 INOUT struct netr_authenticator auth; 231 IN netr_owf_password_t owf_password; 232 OUT DWORD status; 233 }; 234 235 OPERATION(NETR_OPNUM_ServerPasswordSet2) 236 struct netr_PasswordSet2 { 237 IN LPTSTR servername; 238 IN REFERENCE LPTSTR account_name; 239 IN WORD sec_chan_type; 240 IN REFERENCE LPTSTR hostname; 241 INOUT struct netr_authenticator auth; 242 IN netr_trust_password_t trust_password; 243 OUT DWORD status; 244 }; 245 246 247 /* 248 *********************************************************************** 249 * SamLogon 250 *********************************************************************** 251 */ 252 253 /* 254 * The challenge-response data should always be 24 bytes. 255 */ 256 #define NETR_CR_PASSWORD_SIZE 24 257 258 259 struct lm_challenge { 260 BYTE data[8]; 261 }; 262 typedef struct lm_challenge lm_challenge_t; 263 264 /* 265 * Input data 266 */ 267 struct netr_logon_identity_info { 268 netr_vcstr_t domain_name; 269 DWORD parameter_control; 270 struct OLD_LARGE_INTEGER logon_id; 271 netr_vcstr_t username; 272 netr_vcstr_t workstation; 273 }; 274 typedef struct netr_logon_identity_info netr_logon_id_t; 275 276 277 /* 278 * Level 1: interactive logon 279 */ 280 struct netr_logon_info1 { 281 netr_logon_id_t identity; 282 netr_owf_password_t lm_owf_password; 283 netr_owf_password_t nt_owf_password; 284 }; 285 286 287 /* 288 * Level 2: network logon. 289 */ 290 struct netr_logon_info2 { 291 netr_logon_id_t identity; 292 lm_challenge_t lm_challenge; 293 netr_vcbuf_t nt_response; 294 netr_vcbuf_t lm_response; 295 }; 296 297 298 union netr_logon_info_u { 299 UNION_INFO_PTR(1,netr_logon_info); 300 UNION_INFO_PTR(2,netr_logon_info); 301 DEFAULT DWORD nothing; 302 }; 303 304 305 struct netr_login_info { 306 WORD logon_level; 307 WORD switch_value; 308 SWITCH(switch_value) 309 union netr_logon_info_u ru; 310 }; 311 312 313 /* 314 * Output data 315 */ 316 struct netr_group_membership { 317 DWORD rid; 318 DWORD attributes; 319 }; 320 321 322 struct netr_sid_and_attributes { 323 struct netr_sid *sid; 324 DWORD attributes; 325 }; 326 327 328 struct netr_validation_info3 { 329 struct OLD_LARGE_INTEGER LogonTime; 330 struct OLD_LARGE_INTEGER LogoffTime; 331 struct OLD_LARGE_INTEGER KickOffTime; 332 struct OLD_LARGE_INTEGER PasswordLastSet; 333 struct OLD_LARGE_INTEGER PasswordCanChange; 334 struct OLD_LARGE_INTEGER PasswordMustChange; 335 netr_string_t EffectiveName; 336 netr_string_t FullName; 337 netr_string_t LogonScript; 338 netr_string_t ProfilePath; 339 netr_string_t HomeDirectory; 340 netr_string_t HomeDirectoryDrive; 341 WORD LogonCount; 342 WORD BadPasswordCount; 343 DWORD UserId; 344 DWORD PrimaryGroupId; 345 DWORD GroupCount; 346 SIZE_IS(GroupCount) 347 struct netr_group_membership *GroupIds; 348 DWORD UserFlags; 349 struct USER_SESSION_KEY UserSessionKey; 350 netr_string_t LogonServer; 351 netr_string_t LogonDomainName; 352 struct netr_sid *LogonDomainId; 353 DWORD ExpansionRoom[10]; 354 DWORD SidCount; 355 SIZE_IS(SidCount) 356 struct netr_sid_and_attributes *ExtraSids; 357 }; 358 359 /* NETR_OPNUM_decode_krb5_pac */ 360 struct krb5_validation_info { 361 struct netr_validation_info3 info3; 362 /* Kerberos PAC "resource group" stuff. */ 363 struct netr_sid *rg_dom_sid; 364 DWORD rg_rid_cnt; 365 SIZE_IS(rg_rid_cnt) 366 struct netr_group_membership *rg_rids; 367 }; 368 369 union netr_validation_u { 370 CASE(3) struct netr_validation_info3 *info3; 371 DEFAULT DWORD nothing; 372 }; 373 374 375 /* 376 * This structure needs to be declared, even though it can't be used 377 * in netr_SamLogon, in order to get the appropriate size to calculate 378 * the correct fixup offsets. If ndrgen did the right thing, 379 * netr_validation_info would be one of the out parameters. However, 380 * if we do it that way, the switch_value isn't known early enough to 381 * do the fixup calculation. So it all has to go in netr_SamLogon. 382 */ 383 struct netr_validation_info { 384 WORD validation_level; 385 SWITCH(validation_level) 386 union netr_validation_u ru; 387 }; 388 389 390 /* 391 * WARNING 392 * 393 * Validation_level is really a WORD and authoritative is really a 394 * BYTE. They are declared as DWORD here due to the way things are 395 * unmarshalled. NT does not clear out the unused bytes in the 396 * DWORD so they must be cast to get the correct value. 397 */ 398 OPERATION(NETR_OPNUM_SamLogon) 399 struct netr_SamLogon { 400 IN LPTSTR servername; 401 IN LPTSTR hostname; 402 IN struct netr_authenticator *auth; 403 INOUT struct netr_authenticator *ret_auth; 404 IN struct netr_login_info logon_info; 405 INOUT WORD validation_level; 406 SWITCH(validation_level) 407 OUT union netr_validation_u ru; 408 OUT DWORD authoritative; 409 OUT DWORD status; 410 }; 411 412 413 /* 414 *********************************************************************** 415 * SamLogoff 416 *********************************************************************** 417 */ 418 OPERATION(NETR_OPNUM_SamLogoff) 419 struct netr_SamLogoff { 420 IN LPTSTR servername; 421 IN REFERENCE LPTSTR hostname; 422 IN struct netr_authenticator auth; 423 INOUT struct netr_authenticator ret_auth; 424 IN DWORD logon_level; 425 SWITCH(logon_level) 426 IN union netr_logon_info_u ru; 427 OUT DWORD status; 428 }; 429 430 431 /* 432 *********************************************************************** 433 * The NETR interface definition. 434 *********************************************************************** 435 */ 436 INTERFACE(0) 437 union netr_interface { 438 CASE(NETR_OPNUM_ServerReqChallenge) 439 struct netr_ServerReqChallenge ServerReqChallenge; 440 CASE(NETR_OPNUM_ServerAuthenticate2) 441 struct netr_ServerAuthenticate2 ServerAuthenticate2; 442 CASE(NETR_OPNUM_SamLogon) 443 struct netr_SamLogon SamLogon; 444 CASE(NETR_OPNUM_SamLogoff) 445 struct netr_SamLogoff SamLogoff; 446 CASE(NETR_OPNUM_ServerPasswordSet) 447 struct netr_PasswordSet PasswordSet; 448 CASE(NETR_OPNUM_ServerPasswordSet2) 449 struct netr_PasswordSet2 PasswordSet2; 450 451 /* Special, for smb_decode_krb5_pac() */ 452 CASE(NETR_OPNUM_decode_krb5_pac) 453 struct krb5_validation_info krb5pac; 454 }; 455 typedef union netr_interface netr_interface_t; 456 EXTERNTYPEINFO(netr_interface) 457 458 #endif /* _MLSVC_NETR_NDL_ */