xref: /illumos-gate/usr/src/uts/common/smbsrv/ndl/netlogon.ndl (revision a33595abb743c413156e63834db73f4df0fdc485)
1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23 * Use is subject to license terms.
24 * Copyright 2012 Nexenta Systems, Inc.  All rights reserved.
25 */
26
27#ifndef _MLSVC_NETR_NDL_
28#define _MLSVC_NETR_NDL_
29
30/*
31 ***********************************************************************
32 *
33 * NetLogon RPC (NETR) interface definition.
34 *
35 ***********************************************************************
36 */
37
38#include "ndrtypes.ndl"
39
40
41#define NETR_OPNUM_UasLogon			0x00
42#define NETR_OPNUM_UasLogoff			0x01
43#define NETR_OPNUM_SamLogon			0x02
44#define NETR_OPNUM_SamLogoff			0x03
45#define NETR_OPNUM_ServerReqChallenge		0x04
46#define NETR_OPNUM_ServerAuthenticate		0x05
47#define NETR_OPNUM_ServerPasswordSet		0x06
48#define NETR_OPNUM_DatabaseDeltas		0x07
49#define NETR_OPNUM_DatabaseSync			0x08
50#define NETR_OPNUM_AccountDeltas		0x09
51#define NETR_OPNUM_AccountSync			0x0a
52#define NETR_OPNUM_GetDCName			0x0b
53#define NETR_OPNUM_LogonControl			0x0c
54#define NETR_OPNUM_GetAnyDCName			0x0d
55#define NETR_OPNUM_LogonControl2		0x0E
56#define NETR_OPNUM_ServerAuthenticate2		0x0F
57#define NETR_OPNUM_DatabaseSync2		0x10
58#define NETR_OPNUM_DatabaseRedo			0x11
59#define NETR_OPNUM_LogonControl2Ex		0x12
60#define NETR_OPNUM_TrustDomainList		0x13
61#define NETR_OPNUM_DsrGetDcName			0x14
62#define NETR_OPNUM_LogonGetCapabilities		0x15
63#define NETR_OPNUM_LogonSetServiceBits		0x16
64#define NETR_OPNUM_LogonGetTrustRid		0x17
65#define NETR_OPNUM_LogonComputeServerDigest	0x18
66#define NETR_OPNUM_LogonComputeClientDigest	0x19
67#define NETR_OPNUM_ServerAuthenticate3		0x1A
68#define NETR_OPNUM_DsrGetDcNameEx		0x1B
69#define NETR_OPNUM_DsrGetSiteName		0x1C
70#define NETR_OPNUM_LogonGetDomainInfo		0x1D
71#define NETR_OPNUM_ServerPasswordSet2		0x1E
72
73
74struct netr_sid {
75	BYTE		Revision;
76	BYTE		SubAuthCount;
77	BYTE		Authority[6];
78  SIZE_IS(SubAuthCount)
79	DWORD		SubAuthority[ANY_SIZE_ARRAY];
80};
81
82
83struct netr_string {
84	WORD		length;
85	WORD		allosize;
86	LPTSTR		str;
87};
88typedef struct netr_string netr_string_t;
89
90
91/*
92 * Alternative varying/conformant string definition - for
93 * non-null terminated strings. This definition must match
94 * ndr_vcbuf_t.
95 */
96struct netr_vcs {
97	/*
98	 * size_is (actually a copy of length_is) will
99	 * be inserted here by the marshalling library.
100	 */
101	DWORD vc_first_is;
102	DWORD vc_length_is;
103  SIZE_IS(vc_length_is)
104	WORD buffer[ANY_SIZE_ARRAY];
105};
106
107struct netr_vcstr {
108	WORD wclen;
109	WORD wcsize;
110	struct netr_vcs *vcs;
111};
112typedef struct netr_vcstr netr_vcstr_t;
113
114struct netr_vcb {
115	/*
116	 * size_is (actually a copy of length_is) will
117	 * be inserted here by the marshalling library.
118	 */
119	DWORD vc_first_is;
120	DWORD vc_length_is;
121  SIZE_IS(vc_length_is)
122	BYTE buffer[ANY_SIZE_ARRAY];
123};
124
125struct netr_vcbuf {
126	WORD len;
127	WORD size;
128	struct netr_vcb *vcb;
129};
130typedef struct netr_vcbuf netr_vcbuf_t;
131
132struct netr_credential {
133	BYTE data[8];
134};
135
136struct netr_authenticator {
137	struct netr_credential credential;
138	DWORD timestamp;
139};
140typedef struct netr_authenticator netr_auth_t;
141
142
143struct OLD_LARGE_INTEGER {
144	DWORD LowPart;
145	DWORD HighPart;
146};
147typedef struct OLD_LARGE_INTEGER netr_int64_t;
148
149struct CYPHER_BLOCK {
150	BYTE data[8];
151};
152
153struct OWF_PASSWORD {
154	BYTE data[16];
155};
156typedef struct OWF_PASSWORD netr_owf_password_t;
157
158/*
159 * NL_TRUST_PASSWORD
160 * See also: samr_user_password
161 */
162#define NETR_TRUST_PWLEN	256
163struct netr_trust_password {
164	WORD	Buffer[NETR_TRUST_PWLEN];
165	DWORD	Length;
166};
167typedef struct netr_trust_password netr_trust_password_t;
168
169struct USER_SESSION_KEY {
170	struct CYPHER_BLOCK data[2];
171};
172
173
174
175
176/*
177 ***********************************************************************
178 * ServerReqChallenge
179 ***********************************************************************
180 */
181ALIGN(2)
182OPERATION(NETR_OPNUM_ServerReqChallenge)
183struct netr_ServerReqChallenge {
184	IN		LPTSTR servername;
185	IN REFERENCE	LPTSTR hostname;
186	IN		struct netr_credential client_challenge;
187	OUT		struct netr_credential server_challenge;
188	OUT		DWORD status;
189};
190
191
192/*
193 ***********************************************************************
194 * ServerAuthenticate2
195 ***********************************************************************
196 */
197ALIGN(2)
198OPERATION(NETR_OPNUM_ServerAuthenticate2)
199struct netr_ServerAuthenticate2 {
200	IN		LPTSTR servername;
201	IN REFERENCE	LPTSTR account_name;
202	IN		WORD account_type;
203	IN REFERENCE	LPTSTR hostname;
204	IN		struct netr_credential client_credential;
205	OUT		struct netr_credential server_credential;
206	INOUT	DWORD negotiate_flags;
207	OUT		DWORD status;
208};
209
210
211/*
212 ***********************************************************************
213 * ServerPasswordSet
214 ***********************************************************************
215 */
216ALIGN(2)
217OPERATION(NETR_OPNUM_ServerPasswordSet)
218struct netr_PasswordSet {
219	IN		LPTSTR servername;
220	IN REFERENCE	LPTSTR account_name;
221	IN		WORD sec_chan_type;
222	IN REFERENCE	LPTSTR hostname;
223	INOUT	struct netr_authenticator auth;
224	IN		netr_owf_password_t owf_password;
225	OUT		DWORD status;
226};
227
228OPERATION(NETR_OPNUM_ServerPasswordSet2)
229struct netr_PasswordSet2 {
230	IN		LPTSTR servername;
231	IN REFERENCE	LPTSTR account_name;
232	IN		WORD sec_chan_type;
233	IN REFERENCE	LPTSTR hostname;
234	INOUT	struct netr_authenticator auth;
235	IN		netr_trust_password_t trust_password;
236	OUT		DWORD status;
237};
238
239
240/*
241 ***********************************************************************
242 * SamLogon
243 ***********************************************************************
244 */
245
246/*
247 * The challenge-response data should always be 24 bytes.
248 */
249#define NETR_CR_PASSWORD_SIZE			24
250
251
252struct lm_challenge {
253	BYTE data[8];
254};
255typedef struct lm_challenge lm_challenge_t;
256
257/*
258 * Input data
259 */
260struct netr_logon_identity_info {
261	netr_vcstr_t domain_name;
262	DWORD parameter_control;
263	struct OLD_LARGE_INTEGER logon_id;
264	netr_vcstr_t username;
265	netr_vcstr_t workstation;
266};
267typedef struct netr_logon_identity_info netr_logon_id_t;
268
269
270/*
271 * Level 1: interactive logon
272 */
273struct netr_logon_info1 {
274	netr_logon_id_t identity;
275	netr_owf_password_t lm_owf_password;
276	netr_owf_password_t nt_owf_password;
277};
278
279
280/*
281 * Level 2: network logon.
282 */
283struct netr_logon_info2 {
284	netr_logon_id_t identity;
285	lm_challenge_t lm_challenge;
286	netr_vcbuf_t nt_response;
287	netr_vcbuf_t lm_response;
288};
289
290
291union netr_logon_info_u {
292	UNION_INFO_PTR(1,netr_logon_info);
293	UNION_INFO_PTR(2,netr_logon_info);
294	DEFAULT	DWORD nothing;
295};
296
297
298struct netr_login_info {
299	WORD logon_level;
300	WORD switch_value;
301  SWITCH(switch_value)
302	union netr_logon_info_u ru;
303};
304
305
306/*
307 * Output data
308 */
309struct netr_group_membership {
310	DWORD rid;
311	DWORD attributes;
312};
313
314
315struct netr_sid_and_attributes {
316	struct netr_sid *sid;
317	DWORD attributes;
318};
319
320
321struct netr_validation_info3 {
322	struct OLD_LARGE_INTEGER LogonTime;
323	struct OLD_LARGE_INTEGER LogoffTime;
324	struct OLD_LARGE_INTEGER KickOffTime;
325	struct OLD_LARGE_INTEGER PasswordLastSet;
326	struct OLD_LARGE_INTEGER PasswordCanChange;
327	struct OLD_LARGE_INTEGER PasswordMustChange;
328	netr_string_t EffectiveName;
329	netr_string_t FullName;
330	netr_string_t LogonScript;
331	netr_string_t ProfilePath;
332	netr_string_t HomeDirectory;
333	netr_string_t HomeDirectoryDrive;
334	WORD LogonCount;
335	WORD BadPasswordCount;
336	DWORD UserId;
337	DWORD PrimaryGroupId;
338	DWORD GroupCount;
339  SIZE_IS(GroupCount)
340	struct netr_group_membership *GroupIds;
341	DWORD UserFlags;
342	struct USER_SESSION_KEY UserSessionKey;
343	netr_string_t LogonServer;
344	netr_string_t LogonDomainName;
345	struct netr_sid *LogonDomainId;
346	DWORD ExpansionRoom[10];
347	DWORD SidCount;
348  SIZE_IS(SidCount)
349	struct netr_sid_and_attributes *ExtraSids;
350};
351
352
353union netr_validation_u {
354	CASE(3) struct netr_validation_info3 *info3;
355	DEFAULT	DWORD nothing;
356};
357
358
359/*
360 * This structure needs to be declared, even though it can't be used
361 * in netr_SamLogon, in order to get the appropriate size to calculate
362 * the correct fixup offsets.  If ndrgen did the right thing,
363 * netr_validation_info would be one of the out parameters. However,
364 * if we do it that way, the switch_value isn't known early enough to
365 * do the fixup calculation. So it all has to go in netr_SamLogon.
366 */
367struct netr_validation_info {
368	WORD validation_level;
369  SWITCH(validation_level)
370	union netr_validation_u ru;
371};
372
373
374/*
375 * WARNING
376 *
377 * Validation_level is really a WORD and authoritative is really a
378 * BYTE. They are declared as DWORD here due to the way things are
379 * unmarshalled. NT does not clear out the unused bytes in the
380 * DWORD so they must be cast to get the correct value.
381 */
382OPERATION(NETR_OPNUM_SamLogon)
383struct netr_SamLogon {
384	IN		LPTSTR servername;
385	IN		LPTSTR hostname;
386	IN		struct netr_authenticator *auth;
387	INOUT	struct netr_authenticator *ret_auth;
388	IN		struct netr_login_info logon_info;
389	INOUT	WORD validation_level;
390  SWITCH(validation_level)
391	OUT		union netr_validation_u ru;
392	OUT		DWORD authoritative;
393	OUT		DWORD status;
394};
395
396
397/*
398 ***********************************************************************
399 * SamLogoff
400 ***********************************************************************
401 */
402OPERATION(NETR_OPNUM_SamLogoff)
403struct netr_SamLogoff {
404	IN		LPTSTR servername;
405	IN REFERENCE	LPTSTR hostname;
406	IN		struct netr_authenticator auth;
407	INOUT	struct netr_authenticator ret_auth;
408	IN		DWORD logon_level;
409  SWITCH(logon_level)
410	IN		union netr_logon_info_u ru;
411	OUT		DWORD status;
412};
413
414
415/*
416 ***********************************************************************
417 * The NETR interface definition.
418 ***********************************************************************
419 */
420INTERFACE(0)
421union netr_interface {
422	CASE(NETR_OPNUM_ServerReqChallenge)
423		struct netr_ServerReqChallenge		ServerReqChallenge;
424	CASE(NETR_OPNUM_ServerAuthenticate2)
425		struct netr_ServerAuthenticate2		ServerAuthenticate2;
426	CASE(NETR_OPNUM_SamLogon)
427		struct netr_SamLogon			SamLogon;
428	CASE(NETR_OPNUM_SamLogoff)
429		struct netr_SamLogoff			SamLogoff;
430	CASE(NETR_OPNUM_ServerPasswordSet)
431		struct netr_PasswordSet			PasswordSet;
432	CASE(NETR_OPNUM_ServerPasswordSet2)
433		struct netr_PasswordSet2		PasswordSet2;
434};
435typedef union netr_interface netr_interface_t;
436EXTERNTYPEINFO(netr_interface)
437
438#endif /* _MLSVC_NETR_NDL_ */
439