1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 *
25 * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
26 */
27
28 #ifndef _MLSVC_NETR_NDL_
29 #define _MLSVC_NETR_NDL_
30
31 /*
32 ***********************************************************************
33 *
34 * NetLogon RPC (NETR) interface definition.
35 *
36 ***********************************************************************
37 */
38
39 #include <libmlrpc/ndrtypes.ndl>
40
41
42 #define NETR_OPNUM_UasLogon 0x00
43 #define NETR_OPNUM_UasLogoff 0x01
44 #define NETR_OPNUM_SamLogon 0x02
45 #define NETR_OPNUM_SamLogoff 0x03
46 #define NETR_OPNUM_ServerReqChallenge 0x04
47 #define NETR_OPNUM_ServerAuthenticate 0x05
48 #define NETR_OPNUM_ServerPasswordSet 0x06
49 #define NETR_OPNUM_DatabaseDeltas 0x07
50 #define NETR_OPNUM_DatabaseSync 0x08
51 #define NETR_OPNUM_AccountDeltas 0x09
52 #define NETR_OPNUM_AccountSync 0x0a
53 #define NETR_OPNUM_GetDCName 0x0b
54 #define NETR_OPNUM_LogonControl 0x0c
55 #define NETR_OPNUM_GetAnyDCName 0x0d
56 #define NETR_OPNUM_LogonControl2 0x0E
57 #define NETR_OPNUM_ServerAuthenticate2 0x0F
58 #define NETR_OPNUM_DatabaseSync2 0x10
59 #define NETR_OPNUM_DatabaseRedo 0x11
60 #define NETR_OPNUM_LogonControl2Ex 0x12
61 #define NETR_OPNUM_TrustDomainList 0x13
62 #define NETR_OPNUM_DsrGetDcName 0x14
63 #define NETR_OPNUM_LogonGetCapabilities 0x15
64 #define NETR_OPNUM_LogonSetServiceBits 0x16
65 #define NETR_OPNUM_LogonGetTrustRid 0x17
66 #define NETR_OPNUM_LogonComputeServerDigest 0x18
67 #define NETR_OPNUM_LogonComputeClientDigest 0x19
68 #define NETR_OPNUM_ServerAuthenticate3 0x1A
69 #define NETR_OPNUM_DsrGetDcNameEx 0x1B
70 #define NETR_OPNUM_DsrGetSiteName 0x1C
71 #define NETR_OPNUM_LogonGetDomainInfo 0x1D
72 #define NETR_OPNUM_ServerPasswordSet2 0x1E
73
74 /*
75 * This is not a real NETR OPNUM. It's used to unpack the
76 * struct krb5_validation_info found in the Kerberos PAC.
77 */
78 #define NETR_OPNUM_decode_krb5_pac 1000
79
80
81 struct netr_sid {
82 BYTE Revision;
83 BYTE SubAuthCount;
84 BYTE Authority[6];
85 SIZE_IS(SubAuthCount)
86 DWORD SubAuthority[ANY_SIZE_ARRAY];
87 };
88
89
90 struct netr_string {
91 WORD length;
92 WORD allosize;
93 LPTSTR str;
94 };
95 typedef struct netr_string netr_string_t;
96
97
98 /*
99 * Alternative varying/conformant string definition - for
100 * non-null terminated strings. This definition must match
101 * ndr_vcbuf_t.
102 */
103 struct netr_vcs {
104 /*
105 * size_is (actually a copy of length_is) will
106 * be inserted here by the marshalling library.
107 */
108 DWORD vc_first_is;
109 DWORD vc_length_is;
110 SIZE_IS(vc_length_is)
111 WORD buffer[ANY_SIZE_ARRAY];
112 };
113
114 struct netr_vcstr {
115 WORD wclen;
116 WORD wcsize;
117 struct netr_vcs *vcs;
118 };
119 typedef struct netr_vcstr netr_vcstr_t;
120
121 struct netr_vcb {
122 /*
123 * size_is (actually a copy of length_is) will
124 * be inserted here by the marshalling library.
125 */
126 DWORD vc_first_is;
127 DWORD vc_length_is;
128 SIZE_IS(vc_length_is)
129 BYTE buffer[ANY_SIZE_ARRAY];
130 };
131
132 struct netr_vcbuf {
133 WORD len;
134 WORD size;
135 struct netr_vcb *vcb;
136 };
137 typedef struct netr_vcbuf netr_vcbuf_t;
138
139 struct netr_credential {
140 BYTE data[8];
141 };
142
143 struct netr_authenticator {
144 struct netr_credential credential;
145 DWORD timestamp;
146 };
147 typedef struct netr_authenticator netr_auth_t;
148
149
150 struct OLD_LARGE_INTEGER {
151 DWORD LowPart;
152 DWORD HighPart;
153 };
154 typedef struct OLD_LARGE_INTEGER netr_int64_t;
155
156 struct CYPHER_BLOCK {
157 BYTE data[8];
158 };
159
160 struct OWF_PASSWORD {
161 BYTE data[16];
162 };
163 typedef struct OWF_PASSWORD netr_owf_password_t;
164
165 /*
166 * NL_TRUST_PASSWORD
167 * See also: samr_user_password
168 */
169 #define NETR_TRUST_PWLEN 256
170 struct netr_trust_password {
171 WORD Buffer[NETR_TRUST_PWLEN];
172 DWORD Length;
173 };
174 typedef struct netr_trust_password netr_trust_password_t;
175
176 struct USER_SESSION_KEY {
177 struct CYPHER_BLOCK data[2];
178 };
179
180
181
182
183 /*
184 ***********************************************************************
185 * ServerReqChallenge
186 ***********************************************************************
187 */
188 ALIGN(2)
189 OPERATION(NETR_OPNUM_ServerReqChallenge)
190 struct netr_ServerReqChallenge {
191 IN LPTSTR servername;
192 IN REFERENCE LPTSTR hostname;
193 IN struct netr_credential client_challenge;
194 OUT struct netr_credential server_challenge;
195 OUT DWORD status;
196 };
197
198
199 /*
200 ***********************************************************************
201 * ServerAuthenticate2
202 ***********************************************************************
203 */
204 ALIGN(2)
205 OPERATION(NETR_OPNUM_ServerAuthenticate2)
206 struct netr_ServerAuthenticate2 {
207 IN LPTSTR servername;
208 IN REFERENCE LPTSTR account_name;
209 IN WORD account_type;
210 IN REFERENCE LPTSTR hostname;
211 IN struct netr_credential client_credential;
212 OUT struct netr_credential server_credential;
213 INOUT DWORD negotiate_flags;
214 OUT DWORD status;
215 };
216
217
218 /*
219 ***********************************************************************
220 * ServerPasswordSet
221 ***********************************************************************
222 */
223 ALIGN(2)
224 OPERATION(NETR_OPNUM_ServerPasswordSet)
225 struct netr_PasswordSet {
226 IN LPTSTR servername;
227 IN REFERENCE LPTSTR account_name;
228 IN WORD sec_chan_type;
229 IN REFERENCE LPTSTR hostname;
230 INOUT struct netr_authenticator auth;
231 IN netr_owf_password_t owf_password;
232 OUT DWORD status;
233 };
234
235 OPERATION(NETR_OPNUM_ServerPasswordSet2)
236 struct netr_PasswordSet2 {
237 IN LPTSTR servername;
238 IN REFERENCE LPTSTR account_name;
239 IN WORD sec_chan_type;
240 IN REFERENCE LPTSTR hostname;
241 INOUT struct netr_authenticator auth;
242 IN netr_trust_password_t trust_password;
243 OUT DWORD status;
244 };
245
246
247 /*
248 ***********************************************************************
249 * SamLogon
250 ***********************************************************************
251 */
252
253 /*
254 * The challenge-response data should always be 24 bytes.
255 */
256 #define NETR_CR_PASSWORD_SIZE 24
257
258
259 struct lm_challenge {
260 BYTE data[8];
261 };
262 typedef struct lm_challenge lm_challenge_t;
263
264 /*
265 * Input data
266 */
267 struct netr_logon_identity_info {
268 netr_vcstr_t domain_name;
269 DWORD parameter_control;
270 struct OLD_LARGE_INTEGER logon_id;
271 netr_vcstr_t username;
272 netr_vcstr_t workstation;
273 };
274 typedef struct netr_logon_identity_info netr_logon_id_t;
275
276
277 /*
278 * Level 1: interactive logon
279 */
280 struct netr_logon_info1 {
281 netr_logon_id_t identity;
282 netr_owf_password_t lm_owf_password;
283 netr_owf_password_t nt_owf_password;
284 };
285
286
287 /*
288 * Level 2: network logon.
289 */
290 struct netr_logon_info2 {
291 netr_logon_id_t identity;
292 lm_challenge_t lm_challenge;
293 netr_vcbuf_t nt_response;
294 netr_vcbuf_t lm_response;
295 };
296
297
298 union netr_logon_info_u {
299 UNION_INFO_PTR(1,netr_logon_info);
300 UNION_INFO_PTR(2,netr_logon_info);
301 DEFAULT DWORD nothing;
302 };
303
304
305 struct netr_login_info {
306 WORD logon_level;
307 WORD switch_value;
308 SWITCH(switch_value)
309 union netr_logon_info_u ru;
310 };
311
312
313 /*
314 * Output data
315 */
316 struct netr_group_membership {
317 DWORD rid;
318 DWORD attributes;
319 };
320
321
322 struct netr_sid_and_attributes {
323 struct netr_sid *sid;
324 DWORD attributes;
325 };
326
327
328 struct netr_validation_info3 {
329 struct OLD_LARGE_INTEGER LogonTime;
330 struct OLD_LARGE_INTEGER LogoffTime;
331 struct OLD_LARGE_INTEGER KickOffTime;
332 struct OLD_LARGE_INTEGER PasswordLastSet;
333 struct OLD_LARGE_INTEGER PasswordCanChange;
334 struct OLD_LARGE_INTEGER PasswordMustChange;
335 netr_string_t EffectiveName;
336 netr_string_t FullName;
337 netr_string_t LogonScript;
338 netr_string_t ProfilePath;
339 netr_string_t HomeDirectory;
340 netr_string_t HomeDirectoryDrive;
341 WORD LogonCount;
342 WORD BadPasswordCount;
343 DWORD UserId;
344 DWORD PrimaryGroupId;
345 DWORD GroupCount;
346 SIZE_IS(GroupCount)
347 struct netr_group_membership *GroupIds;
348 DWORD UserFlags;
349 struct USER_SESSION_KEY UserSessionKey;
350 netr_string_t LogonServer;
351 netr_string_t LogonDomainName;
352 struct netr_sid *LogonDomainId;
353 DWORD ExpansionRoom[10];
354 DWORD SidCount;
355 SIZE_IS(SidCount)
356 struct netr_sid_and_attributes *ExtraSids;
357 };
358
359 /* NETR_OPNUM_decode_krb5_pac */
360 struct krb5_validation_info {
361 struct netr_validation_info3 info3;
362 /* Kerberos PAC "resource group" stuff. */
363 struct netr_sid *rg_dom_sid;
364 DWORD rg_rid_cnt;
365 SIZE_IS(rg_rid_cnt)
366 struct netr_group_membership *rg_rids;
367 };
368
369 union netr_validation_u {
370 CASE(3) struct netr_validation_info3 *info3;
371 DEFAULT DWORD nothing;
372 };
373
374
375 /*
376 * This structure needs to be declared, even though it can't be used
377 * in netr_SamLogon, in order to get the appropriate size to calculate
378 * the correct fixup offsets. If ndrgen did the right thing,
379 * netr_validation_info would be one of the out parameters. However,
380 * if we do it that way, the switch_value isn't known early enough to
381 * do the fixup calculation. So it all has to go in netr_SamLogon.
382 */
383 struct netr_validation_info {
384 WORD validation_level;
385 SWITCH(validation_level)
386 union netr_validation_u ru;
387 };
388
389
390 /*
391 * WARNING
392 *
393 * Validation_level is really a WORD and authoritative is really a
394 * BYTE. They are declared as DWORD here due to the way things are
395 * unmarshalled. NT does not clear out the unused bytes in the
396 * DWORD so they must be cast to get the correct value.
397 */
398 OPERATION(NETR_OPNUM_SamLogon)
399 struct netr_SamLogon {
400 IN LPTSTR servername;
401 IN LPTSTR hostname;
402 IN struct netr_authenticator *auth;
403 INOUT struct netr_authenticator *ret_auth;
404 IN struct netr_login_info logon_info;
405 INOUT WORD validation_level;
406 SWITCH(validation_level)
407 OUT union netr_validation_u ru;
408 OUT DWORD authoritative;
409 OUT DWORD status;
410 };
411
412
413 /*
414 ***********************************************************************
415 * SamLogoff
416 ***********************************************************************
417 */
418 OPERATION(NETR_OPNUM_SamLogoff)
419 struct netr_SamLogoff {
420 IN LPTSTR servername;
421 IN REFERENCE LPTSTR hostname;
422 IN struct netr_authenticator auth;
423 INOUT struct netr_authenticator ret_auth;
424 IN DWORD logon_level;
425 SWITCH(logon_level)
426 IN union netr_logon_info_u ru;
427 OUT DWORD status;
428 };
429
430
431 /*
432 ***********************************************************************
433 * The NETR interface definition.
434 ***********************************************************************
435 */
436 INTERFACE(0)
437 union netr_interface {
438 CASE(NETR_OPNUM_ServerReqChallenge)
439 struct netr_ServerReqChallenge ServerReqChallenge;
440 CASE(NETR_OPNUM_ServerAuthenticate2)
441 struct netr_ServerAuthenticate2 ServerAuthenticate2;
442 CASE(NETR_OPNUM_SamLogon)
443 struct netr_SamLogon SamLogon;
444 CASE(NETR_OPNUM_SamLogoff)
445 struct netr_SamLogoff SamLogoff;
446 CASE(NETR_OPNUM_ServerPasswordSet)
447 struct netr_PasswordSet PasswordSet;
448 CASE(NETR_OPNUM_ServerPasswordSet2)
449 struct netr_PasswordSet2 PasswordSet2;
450
451 /* Special, for smb_decode_krb5_pac() */
452 CASE(NETR_OPNUM_decode_krb5_pac)
453 struct krb5_validation_info krb5pac;
454 };
455 typedef union netr_interface netr_interface_t;
456 EXTERNTYPEINFO(netr_interface)
457
458 #endif /* _MLSVC_NETR_NDL_ */