1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 * 25 * Copyright 2014 Nexenta Systems, Inc. All rights reserved. 26 */ 27 28#ifndef _MLSVC_NETR_NDL_ 29#define _MLSVC_NETR_NDL_ 30 31/* 32 *********************************************************************** 33 * 34 * NetLogon RPC (NETR) interface definition. 35 * 36 *********************************************************************** 37 */ 38 39#include "ndrtypes.ndl" 40 41 42#define NETR_OPNUM_UasLogon 0x00 43#define NETR_OPNUM_UasLogoff 0x01 44#define NETR_OPNUM_SamLogon 0x02 45#define NETR_OPNUM_SamLogoff 0x03 46#define NETR_OPNUM_ServerReqChallenge 0x04 47#define NETR_OPNUM_ServerAuthenticate 0x05 48#define NETR_OPNUM_ServerPasswordSet 0x06 49#define NETR_OPNUM_DatabaseDeltas 0x07 50#define NETR_OPNUM_DatabaseSync 0x08 51#define NETR_OPNUM_AccountDeltas 0x09 52#define NETR_OPNUM_AccountSync 0x0a 53#define NETR_OPNUM_GetDCName 0x0b 54#define NETR_OPNUM_LogonControl 0x0c 55#define NETR_OPNUM_GetAnyDCName 0x0d 56#define NETR_OPNUM_LogonControl2 0x0E 57#define NETR_OPNUM_ServerAuthenticate2 0x0F 58#define NETR_OPNUM_DatabaseSync2 0x10 59#define NETR_OPNUM_DatabaseRedo 0x11 60#define NETR_OPNUM_LogonControl2Ex 0x12 61#define NETR_OPNUM_TrustDomainList 0x13 62#define NETR_OPNUM_DsrGetDcName 0x14 63#define NETR_OPNUM_LogonGetCapabilities 0x15 64#define NETR_OPNUM_LogonSetServiceBits 0x16 65#define NETR_OPNUM_LogonGetTrustRid 0x17 66#define NETR_OPNUM_LogonComputeServerDigest 0x18 67#define NETR_OPNUM_LogonComputeClientDigest 0x19 68#define NETR_OPNUM_ServerAuthenticate3 0x1A 69#define NETR_OPNUM_DsrGetDcNameEx 0x1B 70#define NETR_OPNUM_DsrGetSiteName 0x1C 71#define NETR_OPNUM_LogonGetDomainInfo 0x1D 72#define NETR_OPNUM_ServerPasswordSet2 0x1E 73 74/* 75 * This is not a real NETR OPNUM. It's used to unpack the 76 * struct krb5_validation_info found in the Kerberos PAC. 77 */ 78#define NETR_OPNUM_decode_krb5_pac 1000 79 80 81struct netr_sid { 82 BYTE Revision; 83 BYTE SubAuthCount; 84 BYTE Authority[6]; 85 SIZE_IS(SubAuthCount) 86 DWORD SubAuthority[ANY_SIZE_ARRAY]; 87}; 88 89 90struct netr_string { 91 WORD length; 92 WORD allosize; 93 LPTSTR str; 94}; 95typedef struct netr_string netr_string_t; 96 97 98/* 99 * Alternative varying/conformant string definition - for 100 * non-null terminated strings. This definition must match 101 * ndr_vcbuf_t. 102 */ 103struct netr_vcs { 104 /* 105 * size_is (actually a copy of length_is) will 106 * be inserted here by the marshalling library. 107 */ 108 DWORD vc_first_is; 109 DWORD vc_length_is; 110 SIZE_IS(vc_length_is) 111 WORD buffer[ANY_SIZE_ARRAY]; 112}; 113 114struct netr_vcstr { 115 WORD wclen; 116 WORD wcsize; 117 struct netr_vcs *vcs; 118}; 119typedef struct netr_vcstr netr_vcstr_t; 120 121struct netr_vcb { 122 /* 123 * size_is (actually a copy of length_is) will 124 * be inserted here by the marshalling library. 125 */ 126 DWORD vc_first_is; 127 DWORD vc_length_is; 128 SIZE_IS(vc_length_is) 129 BYTE buffer[ANY_SIZE_ARRAY]; 130}; 131 132struct netr_vcbuf { 133 WORD len; 134 WORD size; 135 struct netr_vcb *vcb; 136}; 137typedef struct netr_vcbuf netr_vcbuf_t; 138 139struct netr_credential { 140 BYTE data[8]; 141}; 142 143struct netr_authenticator { 144 struct netr_credential credential; 145 DWORD timestamp; 146}; 147typedef struct netr_authenticator netr_auth_t; 148 149 150struct OLD_LARGE_INTEGER { 151 DWORD LowPart; 152 DWORD HighPart; 153}; 154typedef struct OLD_LARGE_INTEGER netr_int64_t; 155 156struct CYPHER_BLOCK { 157 BYTE data[8]; 158}; 159 160struct OWF_PASSWORD { 161 BYTE data[16]; 162}; 163typedef struct OWF_PASSWORD netr_owf_password_t; 164 165/* 166 * NL_TRUST_PASSWORD 167 * See also: samr_user_password 168 */ 169#define NETR_TRUST_PWLEN 256 170struct netr_trust_password { 171 WORD Buffer[NETR_TRUST_PWLEN]; 172 DWORD Length; 173}; 174typedef struct netr_trust_password netr_trust_password_t; 175 176struct USER_SESSION_KEY { 177 struct CYPHER_BLOCK data[2]; 178}; 179 180 181 182 183/* 184 *********************************************************************** 185 * ServerReqChallenge 186 *********************************************************************** 187 */ 188ALIGN(2) 189OPERATION(NETR_OPNUM_ServerReqChallenge) 190struct netr_ServerReqChallenge { 191 IN LPTSTR servername; 192 IN REFERENCE LPTSTR hostname; 193 IN struct netr_credential client_challenge; 194 OUT struct netr_credential server_challenge; 195 OUT DWORD status; 196}; 197 198 199/* 200 *********************************************************************** 201 * ServerAuthenticate2 202 *********************************************************************** 203 */ 204ALIGN(2) 205OPERATION(NETR_OPNUM_ServerAuthenticate2) 206struct netr_ServerAuthenticate2 { 207 IN LPTSTR servername; 208 IN REFERENCE LPTSTR account_name; 209 IN WORD account_type; 210 IN REFERENCE LPTSTR hostname; 211 IN struct netr_credential client_credential; 212 OUT struct netr_credential server_credential; 213 INOUT DWORD negotiate_flags; 214 OUT DWORD status; 215}; 216 217 218/* 219 *********************************************************************** 220 * ServerPasswordSet 221 *********************************************************************** 222 */ 223ALIGN(2) 224OPERATION(NETR_OPNUM_ServerPasswordSet) 225struct netr_PasswordSet { 226 IN LPTSTR servername; 227 IN REFERENCE LPTSTR account_name; 228 IN WORD sec_chan_type; 229 IN REFERENCE LPTSTR hostname; 230 INOUT struct netr_authenticator auth; 231 IN netr_owf_password_t owf_password; 232 OUT DWORD status; 233}; 234 235OPERATION(NETR_OPNUM_ServerPasswordSet2) 236struct netr_PasswordSet2 { 237 IN LPTSTR servername; 238 IN REFERENCE LPTSTR account_name; 239 IN WORD sec_chan_type; 240 IN REFERENCE LPTSTR hostname; 241 INOUT struct netr_authenticator auth; 242 IN netr_trust_password_t trust_password; 243 OUT DWORD status; 244}; 245 246 247/* 248 *********************************************************************** 249 * SamLogon 250 *********************************************************************** 251 */ 252 253/* 254 * The challenge-response data should always be 24 bytes. 255 */ 256#define NETR_CR_PASSWORD_SIZE 24 257 258 259struct lm_challenge { 260 BYTE data[8]; 261}; 262typedef struct lm_challenge lm_challenge_t; 263 264/* 265 * Input data 266 */ 267struct netr_logon_identity_info { 268 netr_vcstr_t domain_name; 269 DWORD parameter_control; 270 struct OLD_LARGE_INTEGER logon_id; 271 netr_vcstr_t username; 272 netr_vcstr_t workstation; 273}; 274typedef struct netr_logon_identity_info netr_logon_id_t; 275 276 277/* 278 * Level 1: interactive logon 279 */ 280struct netr_logon_info1 { 281 netr_logon_id_t identity; 282 netr_owf_password_t lm_owf_password; 283 netr_owf_password_t nt_owf_password; 284}; 285 286 287/* 288 * Level 2: network logon. 289 */ 290struct netr_logon_info2 { 291 netr_logon_id_t identity; 292 lm_challenge_t lm_challenge; 293 netr_vcbuf_t nt_response; 294 netr_vcbuf_t lm_response; 295}; 296 297 298union netr_logon_info_u { 299 UNION_INFO_PTR(1,netr_logon_info); 300 UNION_INFO_PTR(2,netr_logon_info); 301 DEFAULT DWORD nothing; 302}; 303 304 305struct netr_login_info { 306 WORD logon_level; 307 WORD switch_value; 308 SWITCH(switch_value) 309 union netr_logon_info_u ru; 310}; 311 312 313/* 314 * Output data 315 */ 316struct netr_group_membership { 317 DWORD rid; 318 DWORD attributes; 319}; 320 321 322struct netr_sid_and_attributes { 323 struct netr_sid *sid; 324 DWORD attributes; 325}; 326 327 328struct netr_validation_info3 { 329 struct OLD_LARGE_INTEGER LogonTime; 330 struct OLD_LARGE_INTEGER LogoffTime; 331 struct OLD_LARGE_INTEGER KickOffTime; 332 struct OLD_LARGE_INTEGER PasswordLastSet; 333 struct OLD_LARGE_INTEGER PasswordCanChange; 334 struct OLD_LARGE_INTEGER PasswordMustChange; 335 netr_string_t EffectiveName; 336 netr_string_t FullName; 337 netr_string_t LogonScript; 338 netr_string_t ProfilePath; 339 netr_string_t HomeDirectory; 340 netr_string_t HomeDirectoryDrive; 341 WORD LogonCount; 342 WORD BadPasswordCount; 343 DWORD UserId; 344 DWORD PrimaryGroupId; 345 DWORD GroupCount; 346 SIZE_IS(GroupCount) 347 struct netr_group_membership *GroupIds; 348 DWORD UserFlags; 349 struct USER_SESSION_KEY UserSessionKey; 350 netr_string_t LogonServer; 351 netr_string_t LogonDomainName; 352 struct netr_sid *LogonDomainId; 353 DWORD ExpansionRoom[10]; 354 DWORD SidCount; 355 SIZE_IS(SidCount) 356 struct netr_sid_and_attributes *ExtraSids; 357}; 358 359/* NETR_OPNUM_decode_krb5_pac */ 360struct krb5_validation_info { 361 struct netr_validation_info3 info3; 362 /* Kerberos PAC "resource group" stuff. */ 363 struct netr_sid *rg_dom_sid; 364 DWORD rg_rid_cnt; 365 SIZE_IS(rg_rid_cnt) 366 struct netr_group_membership *rg_rids; 367}; 368 369union netr_validation_u { 370 CASE(3) struct netr_validation_info3 *info3; 371 DEFAULT DWORD nothing; 372}; 373 374 375/* 376 * This structure needs to be declared, even though it can't be used 377 * in netr_SamLogon, in order to get the appropriate size to calculate 378 * the correct fixup offsets. If ndrgen did the right thing, 379 * netr_validation_info would be one of the out parameters. However, 380 * if we do it that way, the switch_value isn't known early enough to 381 * do the fixup calculation. So it all has to go in netr_SamLogon. 382 */ 383struct netr_validation_info { 384 WORD validation_level; 385 SWITCH(validation_level) 386 union netr_validation_u ru; 387}; 388 389 390/* 391 * WARNING 392 * 393 * Validation_level is really a WORD and authoritative is really a 394 * BYTE. They are declared as DWORD here due to the way things are 395 * unmarshalled. NT does not clear out the unused bytes in the 396 * DWORD so they must be cast to get the correct value. 397 */ 398OPERATION(NETR_OPNUM_SamLogon) 399struct netr_SamLogon { 400 IN LPTSTR servername; 401 IN LPTSTR hostname; 402 IN struct netr_authenticator *auth; 403 INOUT struct netr_authenticator *ret_auth; 404 IN struct netr_login_info logon_info; 405 INOUT WORD validation_level; 406 SWITCH(validation_level) 407 OUT union netr_validation_u ru; 408 OUT DWORD authoritative; 409 OUT DWORD status; 410}; 411 412 413/* 414 *********************************************************************** 415 * SamLogoff 416 *********************************************************************** 417 */ 418OPERATION(NETR_OPNUM_SamLogoff) 419struct netr_SamLogoff { 420 IN LPTSTR servername; 421 IN REFERENCE LPTSTR hostname; 422 IN struct netr_authenticator auth; 423 INOUT struct netr_authenticator ret_auth; 424 IN DWORD logon_level; 425 SWITCH(logon_level) 426 IN union netr_logon_info_u ru; 427 OUT DWORD status; 428}; 429 430 431/* 432 *********************************************************************** 433 * The NETR interface definition. 434 *********************************************************************** 435 */ 436INTERFACE(0) 437union netr_interface { 438 CASE(NETR_OPNUM_ServerReqChallenge) 439 struct netr_ServerReqChallenge ServerReqChallenge; 440 CASE(NETR_OPNUM_ServerAuthenticate2) 441 struct netr_ServerAuthenticate2 ServerAuthenticate2; 442 CASE(NETR_OPNUM_SamLogon) 443 struct netr_SamLogon SamLogon; 444 CASE(NETR_OPNUM_SamLogoff) 445 struct netr_SamLogoff SamLogoff; 446 CASE(NETR_OPNUM_ServerPasswordSet) 447 struct netr_PasswordSet PasswordSet; 448 CASE(NETR_OPNUM_ServerPasswordSet2) 449 struct netr_PasswordSet2 PasswordSet2; 450 451 /* Special, for smb_decode_krb5_pac() */ 452 CASE(NETR_OPNUM_decode_krb5_pac) 453 struct krb5_validation_info krb5pac; 454}; 455typedef union netr_interface netr_interface_t; 456EXTERNTYPEINFO(netr_interface) 457 458#endif /* _MLSVC_NETR_NDL_ */ 459