xref: /illumos-gate/usr/src/uts/common/smbsrv/ndl/netlogon.ndl (revision 5328fc53d11d7151861fa272e4fb0248b8f0e145)
1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23 * Use is subject to license terms.
24 *
25 * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
26 */
27
28#ifndef _MLSVC_NETR_NDL_
29#define _MLSVC_NETR_NDL_
30
31/*
32 ***********************************************************************
33 *
34 * NetLogon RPC (NETR) interface definition.
35 *
36 ***********************************************************************
37 */
38
39#include <libmlrpc/ndrtypes.ndl>
40
41
42#define NETR_OPNUM_UasLogon			0x00
43#define NETR_OPNUM_UasLogoff			0x01
44#define NETR_OPNUM_SamLogon			0x02
45#define NETR_OPNUM_SamLogoff			0x03
46#define NETR_OPNUM_ServerReqChallenge		0x04
47#define NETR_OPNUM_ServerAuthenticate		0x05
48#define NETR_OPNUM_ServerPasswordSet		0x06
49#define NETR_OPNUM_DatabaseDeltas		0x07
50#define NETR_OPNUM_DatabaseSync			0x08
51#define NETR_OPNUM_AccountDeltas		0x09
52#define NETR_OPNUM_AccountSync			0x0a
53#define NETR_OPNUM_GetDCName			0x0b
54#define NETR_OPNUM_LogonControl			0x0c
55#define NETR_OPNUM_GetAnyDCName			0x0d
56#define NETR_OPNUM_LogonControl2		0x0E
57#define NETR_OPNUM_ServerAuthenticate2		0x0F
58#define NETR_OPNUM_DatabaseSync2		0x10
59#define NETR_OPNUM_DatabaseRedo			0x11
60#define NETR_OPNUM_LogonControl2Ex		0x12
61#define NETR_OPNUM_TrustDomainList		0x13
62#define NETR_OPNUM_DsrGetDcName			0x14
63#define NETR_OPNUM_LogonGetCapabilities		0x15
64#define NETR_OPNUM_LogonSetServiceBits		0x16
65#define NETR_OPNUM_LogonGetTrustRid		0x17
66#define NETR_OPNUM_LogonComputeServerDigest	0x18
67#define NETR_OPNUM_LogonComputeClientDigest	0x19
68#define NETR_OPNUM_ServerAuthenticate3		0x1A
69#define NETR_OPNUM_DsrGetDcNameEx		0x1B
70#define NETR_OPNUM_DsrGetSiteName		0x1C
71#define NETR_OPNUM_LogonGetDomainInfo		0x1D
72#define NETR_OPNUM_ServerPasswordSet2		0x1E
73
74/*
75 * This is not a real NETR OPNUM.  It's used to unpack the
76 * struct krb5_validation_info found in the Kerberos PAC.
77 */
78#define	NETR_OPNUM_decode_krb5_pac		1000
79
80
81struct netr_sid {
82	BYTE		Revision;
83	BYTE		SubAuthCount;
84	BYTE		Authority[6];
85  SIZE_IS(SubAuthCount)
86	DWORD		SubAuthority[ANY_SIZE_ARRAY];
87};
88
89
90struct netr_string {
91	WORD		length;
92	WORD		allosize;
93	LPTSTR		str;
94};
95typedef struct netr_string netr_string_t;
96
97
98/*
99 * Alternative varying/conformant string definition - for
100 * non-null terminated strings. This definition must match
101 * ndr_vcbuf_t.
102 */
103struct netr_vcs {
104	/*
105	 * size_is (actually a copy of length_is) will
106	 * be inserted here by the marshalling library.
107	 */
108	DWORD vc_first_is;
109	DWORD vc_length_is;
110  SIZE_IS(vc_length_is)
111	WORD buffer[ANY_SIZE_ARRAY];
112};
113
114struct netr_vcstr {
115	WORD wclen;
116	WORD wcsize;
117	struct netr_vcs *vcs;
118};
119typedef struct netr_vcstr netr_vcstr_t;
120
121struct netr_vcb {
122	/*
123	 * size_is (actually a copy of length_is) will
124	 * be inserted here by the marshalling library.
125	 */
126	DWORD vc_first_is;
127	DWORD vc_length_is;
128  SIZE_IS(vc_length_is)
129	BYTE buffer[ANY_SIZE_ARRAY];
130};
131
132struct netr_vcbuf {
133	WORD len;
134	WORD size;
135	struct netr_vcb *vcb;
136};
137typedef struct netr_vcbuf netr_vcbuf_t;
138
139struct netr_credential {
140	BYTE data[8];
141};
142
143struct netr_authenticator {
144	struct netr_credential credential;
145	DWORD timestamp;
146};
147typedef struct netr_authenticator netr_auth_t;
148
149
150struct OLD_LARGE_INTEGER {
151	DWORD LowPart;
152	DWORD HighPart;
153};
154typedef struct OLD_LARGE_INTEGER netr_int64_t;
155
156struct CYPHER_BLOCK {
157	BYTE data[8];
158};
159
160struct OWF_PASSWORD {
161	BYTE data[16];
162};
163typedef struct OWF_PASSWORD netr_owf_password_t;
164
165/*
166 * NL_TRUST_PASSWORD
167 * See also: samr_user_password
168 */
169#define NETR_TRUST_PWLEN	256
170struct netr_trust_password {
171	WORD	Buffer[NETR_TRUST_PWLEN];
172	DWORD	Length;
173};
174typedef struct netr_trust_password netr_trust_password_t;
175
176struct USER_SESSION_KEY {
177	struct CYPHER_BLOCK data[2];
178};
179
180
181
182
183/*
184 ***********************************************************************
185 * ServerReqChallenge
186 ***********************************************************************
187 */
188ALIGN(2)
189OPERATION(NETR_OPNUM_ServerReqChallenge)
190struct netr_ServerReqChallenge {
191	IN		LPTSTR servername;
192	IN REFERENCE	LPTSTR hostname;
193	IN		struct netr_credential client_challenge;
194	OUT		struct netr_credential server_challenge;
195	OUT		DWORD status;
196};
197
198
199/*
200 ***********************************************************************
201 * ServerAuthenticate2
202 ***********************************************************************
203 */
204ALIGN(2)
205OPERATION(NETR_OPNUM_ServerAuthenticate2)
206struct netr_ServerAuthenticate2 {
207	IN		LPTSTR servername;
208	IN REFERENCE	LPTSTR account_name;
209	IN		WORD account_type;
210	IN REFERENCE	LPTSTR hostname;
211	IN		struct netr_credential client_credential;
212	OUT		struct netr_credential server_credential;
213	INOUT	DWORD negotiate_flags;
214	OUT		DWORD status;
215};
216
217
218/*
219 ***********************************************************************
220 * ServerPasswordSet
221 ***********************************************************************
222 */
223ALIGN(2)
224OPERATION(NETR_OPNUM_ServerPasswordSet)
225struct netr_PasswordSet {
226	IN		LPTSTR servername;
227	IN REFERENCE	LPTSTR account_name;
228	IN		WORD sec_chan_type;
229	IN REFERENCE	LPTSTR hostname;
230	INOUT	struct netr_authenticator auth;
231	IN		netr_owf_password_t owf_password;
232	OUT		DWORD status;
233};
234
235OPERATION(NETR_OPNUM_ServerPasswordSet2)
236struct netr_PasswordSet2 {
237	IN		LPTSTR servername;
238	IN REFERENCE	LPTSTR account_name;
239	IN		WORD sec_chan_type;
240	IN REFERENCE	LPTSTR hostname;
241	INOUT	struct netr_authenticator auth;
242	IN		netr_trust_password_t trust_password;
243	OUT		DWORD status;
244};
245
246
247/*
248 ***********************************************************************
249 * SamLogon
250 ***********************************************************************
251 */
252
253/*
254 * The challenge-response data should always be 24 bytes.
255 */
256#define NETR_CR_PASSWORD_SIZE			24
257
258
259struct lm_challenge {
260	BYTE data[8];
261};
262typedef struct lm_challenge lm_challenge_t;
263
264/*
265 * Input data
266 */
267struct netr_logon_identity_info {
268	netr_vcstr_t domain_name;
269	DWORD parameter_control;
270	struct OLD_LARGE_INTEGER logon_id;
271	netr_vcstr_t username;
272	netr_vcstr_t workstation;
273};
274typedef struct netr_logon_identity_info netr_logon_id_t;
275
276
277/*
278 * Level 1: interactive logon
279 */
280struct netr_logon_info1 {
281	netr_logon_id_t identity;
282	netr_owf_password_t lm_owf_password;
283	netr_owf_password_t nt_owf_password;
284};
285
286
287/*
288 * Level 2: network logon.
289 */
290struct netr_logon_info2 {
291	netr_logon_id_t identity;
292	lm_challenge_t lm_challenge;
293	netr_vcbuf_t nt_response;
294	netr_vcbuf_t lm_response;
295};
296
297
298union netr_logon_info_u {
299	UNION_INFO_PTR(1,netr_logon_info);
300	UNION_INFO_PTR(2,netr_logon_info);
301	DEFAULT	DWORD nothing;
302};
303
304
305struct netr_login_info {
306	WORD logon_level;
307	WORD switch_value;
308  SWITCH(switch_value)
309	union netr_logon_info_u ru;
310};
311
312
313/*
314 * Output data
315 */
316struct netr_group_membership {
317	DWORD rid;
318	DWORD attributes;
319};
320
321
322struct netr_sid_and_attributes {
323	struct netr_sid *sid;
324	DWORD attributes;
325};
326
327
328struct netr_validation_info3 {
329	struct OLD_LARGE_INTEGER LogonTime;
330	struct OLD_LARGE_INTEGER LogoffTime;
331	struct OLD_LARGE_INTEGER KickOffTime;
332	struct OLD_LARGE_INTEGER PasswordLastSet;
333	struct OLD_LARGE_INTEGER PasswordCanChange;
334	struct OLD_LARGE_INTEGER PasswordMustChange;
335	netr_string_t EffectiveName;
336	netr_string_t FullName;
337	netr_string_t LogonScript;
338	netr_string_t ProfilePath;
339	netr_string_t HomeDirectory;
340	netr_string_t HomeDirectoryDrive;
341	WORD LogonCount;
342	WORD BadPasswordCount;
343	DWORD UserId;
344	DWORD PrimaryGroupId;
345	DWORD GroupCount;
346  SIZE_IS(GroupCount)
347	struct netr_group_membership *GroupIds;
348	DWORD UserFlags;
349	struct USER_SESSION_KEY UserSessionKey;
350	netr_string_t LogonServer;
351	netr_string_t LogonDomainName;
352	struct netr_sid *LogonDomainId;
353	DWORD ExpansionRoom[10];
354	DWORD SidCount;
355  SIZE_IS(SidCount)
356	struct netr_sid_and_attributes *ExtraSids;
357};
358
359/* NETR_OPNUM_decode_krb5_pac */
360struct krb5_validation_info {
361	struct netr_validation_info3 info3;
362	/* Kerberos PAC "resource group" stuff. */
363	struct netr_sid *rg_dom_sid;
364	DWORD rg_rid_cnt;
365  SIZE_IS(rg_rid_cnt)
366	struct netr_group_membership *rg_rids;
367};
368
369union netr_validation_u {
370	CASE(3) struct netr_validation_info3 *info3;
371	DEFAULT	DWORD nothing;
372};
373
374
375/*
376 * This structure needs to be declared, even though it can't be used
377 * in netr_SamLogon, in order to get the appropriate size to calculate
378 * the correct fixup offsets.  If ndrgen did the right thing,
379 * netr_validation_info would be one of the out parameters. However,
380 * if we do it that way, the switch_value isn't known early enough to
381 * do the fixup calculation. So it all has to go in netr_SamLogon.
382 */
383struct netr_validation_info {
384	WORD validation_level;
385  SWITCH(validation_level)
386	union netr_validation_u ru;
387};
388
389
390/*
391 * WARNING
392 *
393 * Validation_level is really a WORD and authoritative is really a
394 * BYTE. They are declared as DWORD here due to the way things are
395 * unmarshalled. NT does not clear out the unused bytes in the
396 * DWORD so they must be cast to get the correct value.
397 */
398ALIGN(2)
399OPERATION(NETR_OPNUM_SamLogon)
400struct netr_SamLogon {
401	IN		LPTSTR servername;
402	IN		LPTSTR hostname;
403	IN		struct netr_authenticator *auth;
404	INOUT	struct netr_authenticator *ret_auth;
405	IN		struct netr_login_info logon_info;
406	INOUT	WORD validation_level;
407  SWITCH(validation_level)
408	OUT		union netr_validation_u ru;
409	OUT		DWORD authoritative;
410	OUT		DWORD status;
411};
412
413
414/*
415 ***********************************************************************
416 * SamLogoff
417 ***********************************************************************
418 */
419OPERATION(NETR_OPNUM_SamLogoff)
420struct netr_SamLogoff {
421	IN		LPTSTR servername;
422	IN REFERENCE	LPTSTR hostname;
423	IN		struct netr_authenticator auth;
424	INOUT	struct netr_authenticator ret_auth;
425	IN		DWORD logon_level;
426  SWITCH(logon_level)
427	IN		union netr_logon_info_u ru;
428	OUT		DWORD status;
429};
430
431
432/*
433 ***********************************************************************
434 * The NETR interface definition.
435 ***********************************************************************
436 */
437INTERFACE(0)
438union netr_interface {
439	CASE(NETR_OPNUM_ServerReqChallenge)
440		struct netr_ServerReqChallenge		ServerReqChallenge;
441	CASE(NETR_OPNUM_ServerAuthenticate2)
442		struct netr_ServerAuthenticate2		ServerAuthenticate2;
443	CASE(NETR_OPNUM_SamLogon)
444		struct netr_SamLogon			SamLogon;
445	CASE(NETR_OPNUM_SamLogoff)
446		struct netr_SamLogoff			SamLogoff;
447	CASE(NETR_OPNUM_ServerPasswordSet)
448		struct netr_PasswordSet			PasswordSet;
449	CASE(NETR_OPNUM_ServerPasswordSet2)
450		struct netr_PasswordSet2		PasswordSet2;
451
452	/* Special, for smb_decode_krb5_pac() */
453	CASE(NETR_OPNUM_decode_krb5_pac)
454		struct krb5_validation_info		krb5pac;
455};
456typedef union netr_interface netr_interface_t;
457EXTERNTYPEINFO(netr_interface)
458
459#endif /* _MLSVC_NETR_NDL_ */
460