Coverage for /private/tmp/im/impacket/impacket/dcerpc/v5/lsad.py : 93%

Hot-keys on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved. # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # Author: Alberto Solino (@agsolino) # # Description: # [MS-LSAD] Interface implementation # # Best way to learn how to use these calls is to grab the protocol standard # so you understand what the call does, and then read the test case located # at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC # # Some calls have helper functions, which makes it even easier to use. # They are located at the end of this file. # Helper functions start with "h"<name of the call>. # There are test cases for them too. # NDRUniConformantArray LARGE_INTEGER, NTSTATUS, RPC_SID, ACCESS_MASK, UCHAR, PRPC_UNICODE_STRING, PLARGE_INTEGER, USHORT, \ SECURITY_INFORMATION, NULL, MAXIMUM_ALLOWED, GUID, SECURITY_DESCRIPTOR, OWNER_SECURITY_INFORMATION
else: return 'LSAD SessionError: unknown error code: 0x%x' % self.error_code
################################################################################ # CONSTANTS ################################################################################ # 2.2.1.1.2 ACCESS_MASK for Policy Objects
# 2.2.1.1.3 ACCESS_MASK for Account Objects
# 2.2.1.1.4 ACCESS_MASK for Secret Objects
# 2.2.1.1.5 ACCESS_MASK for Trusted Domain Objects
# 2.2.1.2 POLICY_SYSTEM_ACCESS_MODE
# 2.2.4.4 LSAPR_POLICY_AUDIT_EVENTS_INFO # EventAuditingOptions
# 2.2.4.19 POLICY_DOMAIN_KERBEROS_TICKET_INFO # AuthenticationOptions
# 2.2.7.21 LSA_FOREST_TRUST_RECORD # Flags
################################################################################ # STRUCTURES ################################################################################ # 2.2.2.1 LSAPR_HANDLE ('Data','20s=""'), )
# 2.2.2.3 LSA_UNICODE_STRING
# 2.2.3.1 STRING ('MaximumLength','<H=len(Data)-12'), ('Length','<H=len(Data)-12'), ('ReferentID','<L=0xff'), ) ('MaximumLength','<H=len(Data)-24'), ('Length','<H=len(Data)-24'), ('ReferentID','<Q=0xff'), )
('Data',STR), )
if msg is None: msg = self.__class__.__name__ if msg != '': print("%s" % msg, end=' ') # Here just print the data print(" %r" % (self['Data']), end=' ')
if key == 'Data': self.fields['MaximumLength'] = None self.fields['Length'] = None self.data = None # force recompute return NDR.__setitem__(self, key, value)
# 2.2.3.2 LSAPR_ACL ('AclRevision', UCHAR), ('Sbz1', UCHAR), ('AclSize', USHORT), ('Dummy1',NDRUniConformantArray), )
# 2.2.3.4 LSAPR_SECURITY_DESCRIPTOR
('Data', LSAPR_SECURITY_DESCRIPTOR), )
# 2.2.3.5 SECURITY_IMPERSONATION_LEVEL
# 2.2.3.6 SECURITY_CONTEXT_TRACKING_MODE
# 2.2.3.7 SECURITY_QUALITY_OF_SERVICE ('Length', DWORD), ('ImpersonationLevel', SECURITY_IMPERSONATION_LEVEL), ('ContextTrackingMode', SECURITY_CONTEXT_TRACKING_MODE), ('EffectiveOnly', UCHAR), )
('Data', SECURITY_QUALITY_OF_SERVICE), )
# 2.2.2.4 LSAPR_OBJECT_ATTRIBUTES ('Length', DWORD), ('RootDirectory', LPWSTR), ('ObjectName', LPWSTR), ('Attributes', DWORD), ('SecurityDescriptor', PLSAPR_SECURITY_DESCRIPTOR), ('SecurityQualityOfService', PSECURITY_QUALITY_OF_SERVICE), )
# 2.2.2.5 LSAPR_SR_SECURITY_DESCRIPTOR ('Length', DWORD), ('SecurityDescriptor', LPBYTE), )
('Data', LSAPR_SR_SECURITY_DESCRIPTOR), )
# 2.2.3.3 SECURITY_DESCRIPTOR_CONTROL
# 2.2.4.1 POLICY_INFORMATION_CLASS
# 2.2.4.3 POLICY_AUDIT_LOG_INFO ('AuditLogPercentFull', DWORD), ('MaximumLogSize', DWORD), ('AuditRetentionPeriod', LARGE_INTEGER), ('AuditLogFullShutdownInProgress', UCHAR), ('TimeToShutdown', LARGE_INTEGER), ('NextAuditRecordId', DWORD), )
# 2.2.4.4 LSAPR_POLICY_AUDIT_EVENTS_INFO
('Data', DWORD_ARRAY), )
('AuditingMode', UCHAR), ('EventAuditingOptions', PDWORD_ARRAY), ('MaximumAuditEventCount', DWORD), )
# 2.2.4.5 LSAPR_POLICY_PRIMARY_DOM_INFO ('Name', RPC_UNICODE_STRING), ('Sid', PRPC_SID), )
# 2.2.4.6 LSAPR_POLICY_ACCOUNT_DOM_INFO ('DomainName', RPC_UNICODE_STRING), ('DomainSid', PRPC_SID), )
# 2.2.4.7 LSAPR_POLICY_PD_ACCOUNT_INFO ('Name', RPC_UNICODE_STRING), )
# 2.2.4.8 POLICY_LSA_SERVER_ROLE
# 2.2.4.9 POLICY_LSA_SERVER_ROLE_INFO ('LsaServerRole', POLICY_LSA_SERVER_ROLE), )
# 2.2.4.10 LSAPR_POLICY_REPLICA_SRCE_INFO ('ReplicaSource', RPC_UNICODE_STRING), ('ReplicaAccountName', RPC_UNICODE_STRING), )
# 2.2.4.11 POLICY_MODIFICATION_INFO ('ModifiedId', LARGE_INTEGER), ('DatabaseCreationTime', LARGE_INTEGER), )
# 2.2.4.12 POLICY_AUDIT_FULL_SET_INFO ('ShutDownOnFull', UCHAR), )
# 2.2.4.13 POLICY_AUDIT_FULL_QUERY_INFO ('ShutDownOnFull', UCHAR), ('LogIsFull', UCHAR), )
# 2.2.4.14 LSAPR_POLICY_DNS_DOMAIN_INFO ('Name', RPC_UNICODE_STRING), ('DnsDomainName', RPC_UNICODE_STRING), ('DnsForestName', RPC_UNICODE_STRING), ('DomainGuid', GUID), ('Sid', PRPC_SID), )
# 2.2.4.2 LSAPR_POLICY_INFORMATION POLICY_INFORMATION_CLASS.PolicyAuditLogInformation : ('PolicyAuditLogInfo', POLICY_AUDIT_LOG_INFO), POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation : ('PolicyAuditEventsInfo', LSAPR_POLICY_AUDIT_EVENTS_INFO), POLICY_INFORMATION_CLASS.PolicyPrimaryDomainInformation : ('PolicyPrimaryDomainInfo', LSAPR_POLICY_PRIMARY_DOM_INFO), POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation : ('PolicyAccountDomainInfo', LSAPR_POLICY_ACCOUNT_DOM_INFO), POLICY_INFORMATION_CLASS.PolicyPdAccountInformation : ('PolicyPdAccountInfo', LSAPR_POLICY_PD_ACCOUNT_INFO), POLICY_INFORMATION_CLASS.PolicyLsaServerRoleInformation : ('PolicyServerRoleInfo', POLICY_LSA_SERVER_ROLE_INFO), POLICY_INFORMATION_CLASS.PolicyReplicaSourceInformation : ('PolicyReplicaSourceInfo', LSAPR_POLICY_REPLICA_SRCE_INFO), POLICY_INFORMATION_CLASS.PolicyModificationInformation : ('PolicyModificationInfo', POLICY_MODIFICATION_INFO), POLICY_INFORMATION_CLASS.PolicyAuditFullSetInformation : ('PolicyAuditFullSetInfo', POLICY_AUDIT_FULL_SET_INFO), POLICY_INFORMATION_CLASS.PolicyAuditFullQueryInformation : ('PolicyAuditFullQueryInfo', POLICY_AUDIT_FULL_QUERY_INFO), POLICY_INFORMATION_CLASS.PolicyDnsDomainInformation : ('PolicyDnsDomainInfo', LSAPR_POLICY_DNS_DOMAIN_INFO), POLICY_INFORMATION_CLASS.PolicyDnsDomainInformationInt : ('PolicyDnsDomainInfoInt', LSAPR_POLICY_DNS_DOMAIN_INFO), POLICY_INFORMATION_CLASS.PolicyLocalAccountDomainInformation: ('PolicyLocalAccountDomainInfo', LSAPR_POLICY_ACCOUNT_DOM_INFO), }
('Data', LSAPR_POLICY_INFORMATION), )
# 2.2.4.15 POLICY_DOMAIN_INFORMATION_CLASS
# 2.2.4.17 POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO ('QualityOfService', DWORD), )
# 2.2.4.18 LSAPR_POLICY_DOMAIN_EFS_INFO ('InfoLength', DWORD), ('EfsBlob', LPBYTE), )
# 2.2.4.19 POLICY_DOMAIN_KERBEROS_TICKET_INFO ('AuthenticationOptions', DWORD), ('MaxServiceTicketAge', LARGE_INTEGER), ('MaxTicketAge', LARGE_INTEGER), ('MaxRenewAge', LARGE_INTEGER), ('MaxClockSkew', LARGE_INTEGER), ('Reserved', LARGE_INTEGER), )
# 2.2.4.16 LSAPR_POLICY_DOMAIN_INFORMATION POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainQualityOfServiceInformation : ('PolicyDomainQualityOfServiceInfo', POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO ), POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainEfsInformation : ('PolicyDomainEfsInfo', LSAPR_POLICY_DOMAIN_EFS_INFO), POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainKerberosTicketInformation : ('PolicyDomainKerbTicketInfo', POLICY_DOMAIN_KERBEROS_TICKET_INFO), }
('Data', LSAPR_POLICY_DOMAIN_INFORMATION), )
# 2.2.4.20 POLICY_AUDIT_EVENT_TYPE
# 2.2.5.1 LSAPR_ACCOUNT_INFORMATION ('Sid', PRPC_SID), )
# 2.2.5.2 LSAPR_ACCOUNT_ENUM_BUFFER
('Data', LSAPR_ACCOUNT_INFORMATION_ARRAY), )
('EntriesRead', ULONG), ('Information', PLSAPR_ACCOUNT_INFORMATION_ARRAY), )
# 2.2.5.3 LSAPR_USER_RIGHT_SET
('Data', RPC_UNICODE_STRING_ARRAY), )
('EntriesRead', ULONG), ('UserRights', PRPC_UNICODE_STRING_ARRAY), )
# 2.2.5.4 LSAPR_LUID_AND_ATTRIBUTES ('Luid', LUID), ('Attributes', ULONG), )
# 2.2.5.5 LSAPR_PRIVILEGE_SET
('PrivilegeCount', ULONG), ('Control', ULONG), ('Privilege', LSAPR_LUID_AND_ATTRIBUTES_ARRAY), )
('Data', LSAPR_PRIVILEGE_SET), )
# 2.2.6.1 LSAPR_CR_CIPHER_VALUE ('Data', NDRUniConformantVaryingArray), )
('Length', LONG), ('MaximumLength', LONG), ('Buffer', PCHAR_ARRAY), )
('Data', LSAPR_CR_CIPHER_VALUE), )
('Data', PLSAPR_CR_CIPHER_VALUE), )
# 2.2.7.1 LSAPR_TRUST_INFORMATION ('Name', RPC_UNICODE_STRING), ('Sid', PRPC_SID), )
# 2.2.7.2 TRUSTED_INFORMATION_CLASS
# 2.2.7.4 LSAPR_TRUSTED_DOMAIN_NAME_INFO ('Name', RPC_UNICODE_STRING), )
# 2.2.7.5 LSAPR_TRUSTED_CONTROLLERS_INFO ('Entries', ULONG), ('Names', PRPC_UNICODE_STRING_ARRAY), )
# 2.2.7.6 TRUSTED_POSIX_OFFSET_INFO ('Offset', ULONG), )
# 2.2.7.7 LSAPR_TRUSTED_PASSWORD_INFO ('Password', PLSAPR_CR_CIPHER_VALUE), ('OldPassword', PLSAPR_CR_CIPHER_VALUE), )
# 2.2.7.8 LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC
# 2.2.7.9 LSAPR_TRUSTED_DOMAIN_INFORMATION_EX ('Name', RPC_UNICODE_STRING), ('FlatName', RPC_UNICODE_STRING), ('Sid', PRPC_SID), ('TrustDirection', ULONG), ('TrustType', ULONG), ('TrustAttributes', ULONG), )
# 2.2.7.10 LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2 ('Name', RPC_UNICODE_STRING), ('FlatName', RPC_UNICODE_STRING), ('Sid', PRPC_SID), ('TrustDirection', ULONG), ('TrustType', ULONG), ('TrustAttributes', ULONG), ('ForestTrustLength', ULONG), ('ForestTrustInfo', LPBYTE), )
# 2.2.7.17 LSAPR_AUTH_INFORMATION ('LastUpdateTime', LARGE_INTEGER), ('AuthType', ULONG), ('AuthInfoLength', ULONG), ('AuthInfo', LPBYTE), )
('Data', LSAPR_AUTH_INFORMATION), )
# 2.2.7.11 LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION ('IncomingAuthInfos', ULONG), ('IncomingAuthenticationInformation', PLSAPR_AUTH_INFORMATION), ('IncomingPreviousAuthenticationInformation', PLSAPR_AUTH_INFORMATION), ('OutgoingAuthInfos', ULONG), ('OutgoingAuthenticationInformation', PLSAPR_AUTH_INFORMATION), ('OutgoingPreviousAuthenticationInformation', PLSAPR_AUTH_INFORMATION), )
# 2.2.7.16 LSAPR_TRUSTED_DOMAIN_AUTH_BLOB ('AuthSize', ULONG), ('AuthBlob', LPBYTE), )
# 2.2.7.12 LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL ('AuthBlob', LSAPR_TRUSTED_DOMAIN_AUTH_BLOB), )
# 2.2.7.13 LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION ('Information', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX), ('PosixOffset', TRUSTED_POSIX_OFFSET_INFO), ('AuthInformation', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION), )
# 2.2.7.14 LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL ('Information', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX), ('PosixOffset', TRUSTED_POSIX_OFFSET_INFO), ('AuthInformation', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL), )
# 2.2.7.15 LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2 ('Information', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX), ('PosixOffset', TRUSTED_POSIX_OFFSET_INFO), ('AuthInformation', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION), )
# 2.2.7.18 TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES ('SupportedEncryptionTypes', ULONG), )
# 2.2.7.3 LSAPR_TRUSTED_DOMAIN_INFO TRUSTED_INFORMATION_CLASS.TrustedDomainNameInformation : ('TrustedDomainNameInfo', LSAPR_TRUSTED_DOMAIN_NAME_INFO ), TRUSTED_INFORMATION_CLASS.TrustedControllersInformation : ('TrustedControllersInfo', LSAPR_TRUSTED_CONTROLLERS_INFO), TRUSTED_INFORMATION_CLASS.TrustedPosixOffsetInformation : ('TrustedPosixOffsetInfo', TRUSTED_POSIX_OFFSET_INFO), TRUSTED_INFORMATION_CLASS.TrustedPasswordInformation : ('TrustedPasswordInfo', LSAPR_TRUSTED_PASSWORD_INFO ), TRUSTED_INFORMATION_CLASS.TrustedDomainInformationBasic : ('TrustedDomainInfoBasic', LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC), TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx : ('TrustedDomainInfoEx', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX), TRUSTED_INFORMATION_CLASS.TrustedDomainAuthInformation : ('TrustedAuthInfo', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION), TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation : ('TrustedFullInfo', LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION), TRUSTED_INFORMATION_CLASS.TrustedDomainAuthInformationInternal : ('TrustedAuthInfoInternal', LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL), TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformationInternal : ('TrustedFullInfoInternal', LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL), TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx2Internal : ('TrustedDomainInfoEx2', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2), TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation2Internal : ('TrustedFullInfo2', LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2), TRUSTED_INFORMATION_CLASS.TrustedDomainSupportedEncryptionTypes : ('TrustedDomainSETs', TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES), }
# 2.2.7.19 LSAPR_TRUSTED_ENUM_BUFFER
('Data', LSAPR_TRUST_INFORMATION_ARRAY), )
('Entries', ULONG), ('Information', PLSAPR_TRUST_INFORMATION_ARRAY), )
# 2.2.7.20 LSAPR_TRUSTED_ENUM_BUFFER_EX
('Data', LSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY), )
('Entries', ULONG), ('EnumerationBuffer', PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX_ARRAY), )
# 2.2.7.22 LSA_FOREST_TRUST_RECORD_TYPE
# 2.2.7.24 LSA_FOREST_TRUST_DOMAIN_INFO ('Sid', PRPC_SID), ('DnsName', LSA_UNICODE_STRING), ('NetbiosName', LSA_UNICODE_STRING), )
# 2.2.7.21 LSA_FOREST_TRUST_RECORD LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName : ('TopLevelName', LSA_UNICODE_STRING ), LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx : ('TopLevelName', LSA_UNICODE_STRING), LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo : ('DomainInfo', LSA_FOREST_TRUST_DOMAIN_INFO), }
('Flags', ULONG), ('ForestTrustType', LSA_FOREST_TRUST_RECORD_TYPE), ('Time', LARGE_INTEGER), ('ForestTrustData', LSA_FOREST_TRUST_DATA_UNION), )
('Data', LSA_FOREST_TRUST_RECORD), )
# 2.2.7.23 LSA_FOREST_TRUST_BINARY_DATA ('Length', ULONG), ('Buffer', LPBYTE), )
# 2.2.7.25 LSA_FOREST_TRUST_INFORMATION
('Data', LSA_FOREST_TRUST_RECORD_ARRAY), )
('RecordCount', ULONG), ('Entries', PLSA_FOREST_TRUST_RECORD_ARRAY), )
('Data', LSA_FOREST_TRUST_INFORMATION), )
# 2.2.7.26 LSA_FOREST_TRUST_COLLISION_RECORD_TYPE
# 2.2.7.27 LSA_FOREST_TRUST_COLLISION_RECORD ('Index', ULONG), ('Type', LSA_FOREST_TRUST_COLLISION_RECORD_TYPE), ('Flags', ULONG), ('Name', LSA_UNICODE_STRING), )
# 2.2.8.1 LSAPR_POLICY_PRIVILEGE_DEF ('Name', RPC_UNICODE_STRING), ('LocalValue', LUID), )
# 2.2.8.2 LSAPR_PRIVILEGE_ENUM_BUFFER
('Data', LSAPR_POLICY_PRIVILEGE_DEF_ARRAY), )
('Entries', ULONG), ('Privileges', PLSAPR_POLICY_PRIVILEGE_DEF_ARRAY), )
################################################################################ # RPC CALLS ################################################################################ # 3.1.4.4.1 LsarOpenPolicy2 (Opnum 44) ('SystemName', LPWSTR), ('ObjectAttributes',LSAPR_OBJECT_ATTRIBUTES), ('DesiredAccess',ACCESS_MASK), )
('PolicyHandle',LSAPR_HANDLE), ('ErrorCode', NTSTATUS), )
# 3.1.4.4.2 LsarOpenPolicy (Opnum 6) ('SystemName', LPWSTR), ('ObjectAttributes',LSAPR_OBJECT_ATTRIBUTES), ('DesiredAccess',ACCESS_MASK), )
('PolicyHandle',LSAPR_HANDLE), ('ErrorCode', NTSTATUS), )
# 3.1.4.4.3 LsarQueryInformationPolicy2 (Opnum 46) ('PolicyHandle', LSAPR_HANDLE), ('InformationClass',POLICY_INFORMATION_CLASS), )
('PolicyInformation',PLSAPR_POLICY_INFORMATION), ('ErrorCode', NTSTATUS), )
# 3.1.4.4.4 LsarQueryInformationPolicy (Opnum 7) ('PolicyHandle', LSAPR_HANDLE), ('InformationClass',POLICY_INFORMATION_CLASS), )
('PolicyInformation',PLSAPR_POLICY_INFORMATION), ('ErrorCode', NTSTATUS), )
# 3.1.4.4.5 LsarSetInformationPolicy2 (Opnum 47) ('PolicyHandle', LSAPR_HANDLE), ('InformationClass',POLICY_INFORMATION_CLASS), ('PolicyInformation',LSAPR_POLICY_INFORMATION), )
('ErrorCode', NTSTATUS), )
# 3.1.4.4.6 LsarSetInformationPolicy (Opnum 8) ('PolicyHandle', LSAPR_HANDLE), ('InformationClass',POLICY_INFORMATION_CLASS), ('PolicyInformation',LSAPR_POLICY_INFORMATION), )
('ErrorCode', NTSTATUS), )
# 3.1.4.4.7 LsarQueryDomainInformationPolicy (Opnum 53) ('PolicyHandle', LSAPR_HANDLE), ('InformationClass',POLICY_DOMAIN_INFORMATION_CLASS), )
('PolicyDomainInformation',PLSAPR_POLICY_DOMAIN_INFORMATION), ('ErrorCode', NTSTATUS), )
# 3.1.4.4.8 LsarSetDomainInformationPolicy (Opnum 54) # 3.1.4.5.1 LsarCreateAccount (Opnum 10) ('PolicyHandle', LSAPR_HANDLE), ('AccountSid',RPC_SID), ('DesiredAccess',ACCESS_MASK), )
('AccountHandle',LSAPR_HANDLE), ('ErrorCode', NTSTATUS), )
# 3.1.4.5.2 LsarEnumerateAccounts (Opnum 11) ('PolicyHandle', LSAPR_HANDLE), ('EnumerationContext',ULONG), ('PreferedMaximumLength',ULONG), )
('EnumerationContext',ULONG), ('EnumerationBuffer',LSAPR_ACCOUNT_ENUM_BUFFER), ('ErrorCode', NTSTATUS), )
# 3.1.4.5.3 LsarOpenAccount (Opnum 17) ('PolicyHandle', LSAPR_HANDLE), ('AccountSid',RPC_SID), ('DesiredAccess',ACCESS_MASK), )
('AccountHandle',LSAPR_HANDLE), ('ErrorCode', NTSTATUS), )
# 3.1.4.5.4 LsarEnumeratePrivilegesAccount (Opnum 18) ('AccountHandle', LSAPR_HANDLE), )
('Privileges',PLSAPR_PRIVILEGE_SET), ('ErrorCode', NTSTATUS), )
# 3.1.4.5.5 LsarAddPrivilegesToAccount (Opnum 19) ('AccountHandle', LSAPR_HANDLE), ('Privileges', LSAPR_PRIVILEGE_SET), )
('ErrorCode', NTSTATUS), )
# 3.1.4.5.6 LsarRemovePrivilegesFromAccount (Opnum 20) ('AccountHandle', LSAPR_HANDLE), ('AllPrivileges', UCHAR), ('Privileges', PLSAPR_PRIVILEGE_SET), )
('ErrorCode', NTSTATUS), )
# 3.1.4.5.7 LsarGetSystemAccessAccount (Opnum 23) ('AccountHandle', LSAPR_HANDLE), )
('SystemAccess', ULONG), ('ErrorCode', NTSTATUS), )
# 3.1.4.5.8 LsarSetSystemAccessAccount (Opnum 24) ('AccountHandle', LSAPR_HANDLE), ('SystemAccess', ULONG), )
('ErrorCode', NTSTATUS), )
# 3.1.4.5.9 LsarEnumerateAccountsWithUserRight (Opnum 35) ('PolicyHandle', LSAPR_HANDLE), ('UserRight', PRPC_UNICODE_STRING), )
('EnumerationBuffer',LSAPR_ACCOUNT_ENUM_BUFFER), ('ErrorCode', NTSTATUS), )
# 3.1.4.5.10 LsarEnumerateAccountRights (Opnum 36) ('PolicyHandle', LSAPR_HANDLE), ('AccountSid', RPC_SID), )
('UserRights',LSAPR_USER_RIGHT_SET), ('ErrorCode', NTSTATUS), )
# 3.1.4.5.11 LsarAddAccountRights (Opnum 37) ('PolicyHandle', LSAPR_HANDLE), ('AccountSid', RPC_SID), ('UserRights',LSAPR_USER_RIGHT_SET), )
('ErrorCode', NTSTATUS), )
# 3.1.4.5.12 LsarRemoveAccountRights (Opnum 38) ('PolicyHandle', LSAPR_HANDLE), ('AccountSid', RPC_SID), ('AllRights', UCHAR), ('UserRights',LSAPR_USER_RIGHT_SET), )
('ErrorCode', NTSTATUS), )
# 3.1.4.6.1 LsarCreateSecret (Opnum 16) ('PolicyHandle', LSAPR_HANDLE), ('SecretName', RPC_UNICODE_STRING), ('DesiredAccess', ACCESS_MASK), )
('SecretHandle', LSAPR_HANDLE), ('ErrorCode', NTSTATUS), )
# 3.1.4.6.2 LsarOpenSecret (Opnum 28) ('PolicyHandle', LSAPR_HANDLE), ('SecretName', RPC_UNICODE_STRING), ('DesiredAccess', ACCESS_MASK), )
('SecretHandle', LSAPR_HANDLE), ('ErrorCode', NTSTATUS), )
# 3.1.4.6.3 LsarSetSecret (Opnum 29) ('SecretHandle', LSAPR_HANDLE), ('EncryptedCurrentValue', PLSAPR_CR_CIPHER_VALUE), ('EncryptedOldValue', PLSAPR_CR_CIPHER_VALUE), )
('ErrorCode', NTSTATUS), )
# 3.1.4.6.4 LsarQuerySecret (Opnum 30) ('SecretHandle', LSAPR_HANDLE), ('EncryptedCurrentValue', PPLSAPR_CR_CIPHER_VALUE), ('CurrentValueSetTime', PLARGE_INTEGER), ('EncryptedOldValue', PPLSAPR_CR_CIPHER_VALUE), ('OldValueSetTime', PLARGE_INTEGER), )
('EncryptedCurrentValue', PPLSAPR_CR_CIPHER_VALUE), ('CurrentValueSetTime', PLARGE_INTEGER), ('EncryptedOldValue', PPLSAPR_CR_CIPHER_VALUE), ('OldValueSetTime', PLARGE_INTEGER), ('ErrorCode', NTSTATUS), )
# 3.1.4.6.5 LsarStorePrivateData (Opnum 42) ('PolicyHandle', LSAPR_HANDLE), ('KeyName', RPC_UNICODE_STRING), ('EncryptedData', PLSAPR_CR_CIPHER_VALUE), )
('ErrorCode', NTSTATUS), )
# 3.1.4.6.6 LsarRetrievePrivateData (Opnum 43) ('PolicyHandle', LSAPR_HANDLE), ('KeyName', RPC_UNICODE_STRING), ('EncryptedData', PLSAPR_CR_CIPHER_VALUE), )
('EncryptedData', PLSAPR_CR_CIPHER_VALUE), ('ErrorCode', NTSTATUS), )
# 3.1.4.7.1 LsarOpenTrustedDomain (Opnum 25) # 3.1.4.7.1 LsarQueryInfoTrustedDomain (Opnum 26) # 3.1.4.7.2 LsarQueryTrustedDomainInfo (Opnum 39) # 3.1.4.7.3 LsarSetTrustedDomainInfo (Opnum 40) # 3.1.4.7.4 LsarDeleteTrustedDomain (Opnum 41) # 3.1.4.7.5 LsarQueryTrustedDomainInfoByName (Opnum 48) # 3.1.4.7.6 LsarSetTrustedDomainInfoByName (Opnum 49) # 3.1.4.7.7 LsarEnumerateTrustedDomainsEx (Opnum 50) ('PolicyHandle', LSAPR_HANDLE), ('EnumerationContext', ULONG), ('PreferedMaximumLength', ULONG), )
('EnumerationContext', ULONG), ('EnumerationBuffer',LSAPR_TRUSTED_ENUM_BUFFER_EX), ('ErrorCode', NTSTATUS), )
# 3.1.4.7.8 LsarEnumerateTrustedDomains (Opnum 13) ('PolicyHandle', LSAPR_HANDLE), ('EnumerationContext', ULONG), ('PreferedMaximumLength', ULONG), )
('EnumerationContext', ULONG), ('EnumerationBuffer',LSAPR_TRUSTED_ENUM_BUFFER), ('ErrorCode', NTSTATUS), )
# 3.1.4.7.9 LsarOpenTrustedDomainByName (Opnum 55) # 3.1.4.7.10 LsarCreateTrustedDomainEx2 (Opnum 59) # 3.1.4.7.11 LsarCreateTrustedDomainEx (Opnum 51) # 3.1.4.7.12 LsarCreateTrustedDomain (Opnum 12) # 3.1.4.7.14 LsarSetInformationTrustedDomain (Opnum 27) # 3.1.4.7.15 LsarQueryForestTrustInformation (Opnum 73) ('PolicyHandle', LSAPR_HANDLE), ('TrustedDomainName', LSA_UNICODE_STRING), ('HighestRecordType', LSA_FOREST_TRUST_RECORD_TYPE), )
('ForestTrustInfo', PLSA_FOREST_TRUST_INFORMATION), ('ErrorCode', NTSTATUS), )
# 3.1.4.7.16 LsarSetForestTrustInformation (Opnum 74)
# 3.1.4.8.1 LsarEnumeratePrivileges (Opnum 2) ('PolicyHandle', LSAPR_HANDLE), ('EnumerationContext', ULONG), ('PreferedMaximumLength', ULONG), )
('EnumerationContext', ULONG), ('EnumerationBuffer', LSAPR_PRIVILEGE_ENUM_BUFFER), ('ErrorCode', NTSTATUS), )
# 3.1.4.8.2 LsarLookupPrivilegeValue (Opnum 31) ('PolicyHandle', LSAPR_HANDLE), ('Name', RPC_UNICODE_STRING), )
('Value', LUID), ('ErrorCode', NTSTATUS), )
# 3.1.4.8.3 LsarLookupPrivilegeName (Opnum 32) ('PolicyHandle', LSAPR_HANDLE), ('Value', LUID), )
('Name', PRPC_UNICODE_STRING), ('ErrorCode', NTSTATUS), )
# 3.1.4.8.4 LsarLookupPrivilegeDisplayName (Opnum 33) ('PolicyHandle', LSAPR_HANDLE), ('Name', RPC_UNICODE_STRING), ('ClientLanguage', USHORT), ('ClientSystemDefaultLanguage', USHORT), )
('Name', PRPC_UNICODE_STRING), ('LanguageReturned', UCHAR), ('ErrorCode', NTSTATUS), )
# 3.1.4.9.1 LsarQuerySecurityObject (Opnum 3) ('PolicyHandle', LSAPR_HANDLE), ('SecurityInformation', SECURITY_INFORMATION), )
('SecurityDescriptor', PLSAPR_SR_SECURITY_DESCRIPTOR), ('ErrorCode', NTSTATUS), )
# 3.1.4.9.2 LsarSetSecurityObject (Opnum 4) ('PolicyHandle', LSAPR_HANDLE), ('SecurityInformation', SECURITY_INFORMATION), ('SecurityDescriptor', LSAPR_SR_SECURITY_DESCRIPTOR), )
('ErrorCode', NTSTATUS), )
# 3.1.4.9.3 LsarDeleteObject (Opnum 34) ('ObjectHandle', LSAPR_HANDLE), )
('ObjectHandle', LSAPR_HANDLE), ('ErrorCode', NTSTATUS), )
# 3.1.4.9.4 LsarClose (Opnum 0) ('ObjectHandle', LSAPR_HANDLE), )
('ObjectHandle', LSAPR_HANDLE), ('ErrorCode', NTSTATUS), )
################################################################################ # OPNUMs and their corresponding structures ################################################################################ 0 : (LsarClose, LsarCloseResponse), 2 : (LsarEnumeratePrivileges, LsarEnumeratePrivilegesResponse), 3 : (LsarQuerySecurityObject, LsarQuerySecurityObjectResponse), 4 : (LsarSetSecurityObject, LsarSetSecurityObjectResponse), 6 : (LsarOpenPolicy, LsarOpenPolicyResponse), 7 : (LsarQueryInformationPolicy, LsarQueryInformationPolicyResponse), 8 : (LsarSetInformationPolicy, LsarSetInformationPolicyResponse), 10 : (LsarCreateAccount, LsarCreateAccountResponse), 11 : (LsarEnumerateAccounts, LsarEnumerateAccountsResponse), #12 : (LsarCreateTrustedDomain, LsarCreateTrustedDomainResponse), 13 : (LsarEnumerateTrustedDomains, LsarEnumerateTrustedDomainsResponse), 16 : (LsarCreateSecret, LsarCreateSecretResponse), 17 : (LsarOpenAccount, LsarOpenAccountResponse), 18 : (LsarEnumeratePrivilegesAccount, LsarEnumeratePrivilegesAccountResponse), 19 : (LsarAddPrivilegesToAccount, LsarAddPrivilegesToAccountResponse), 20 : (LsarRemovePrivilegesFromAccount, LsarRemovePrivilegesFromAccountResponse), 23 : (LsarGetSystemAccessAccount, LsarGetSystemAccessAccountResponse), 24 : (LsarSetSystemAccessAccount, LsarSetSystemAccessAccountResponse), #25 : (LsarOpenTrustedDomain, LsarOpenTrustedDomainResponse), #26 : (LsarQueryInfoTrustedDomain, LsarQueryInfoTrustedDomainResponse), #27 : (LsarSetInformationTrustedDomain, LsarSetInformationTrustedDomainResponse), 28 : (LsarOpenSecret, LsarOpenSecretResponse), 29 : (LsarSetSecret, LsarSetSecretResponse), 30 : (LsarQuerySecret, LsarQuerySecretResponse), 31 : (LsarLookupPrivilegeValue, LsarLookupPrivilegeValueResponse), 32 : (LsarLookupPrivilegeName, LsarLookupPrivilegeNameResponse), 33 : (LsarLookupPrivilegeDisplayName, LsarLookupPrivilegeDisplayNameResponse), 34 : (LsarDeleteObject, LsarDeleteObjectResponse), 35 : (LsarEnumerateAccountsWithUserRight, LsarEnumerateAccountsWithUserRightResponse), 36 : (LsarEnumerateAccountRights, LsarEnumerateAccountRightsResponse), 37 : (LsarAddAccountRights, LsarAddAccountRightsResponse), 38 : (LsarRemoveAccountRights, LsarRemoveAccountRightsResponse), #39 : (LsarQueryTrustedDomainInfo, LsarQueryTrustedDomainInfoResponse), #40 : (LsarSetTrustedDomainInfo, LsarSetTrustedDomainInfoResponse), #41 : (LsarDeleteTrustedDomain, LsarDeleteTrustedDomainResponse), 42 : (LsarStorePrivateData, LsarStorePrivateDataResponse), 43 : (LsarRetrievePrivateData, LsarRetrievePrivateDataResponse), 44 : (LsarOpenPolicy2, LsarOpenPolicy2Response), 46 : (LsarQueryInformationPolicy2, LsarQueryInformationPolicy2Response), 47 : (LsarSetInformationPolicy2, LsarSetInformationPolicy2Response), #48 : (LsarQueryTrustedDomainInfoByName, LsarQueryTrustedDomainInfoByNameResponse), #49 : (LsarSetTrustedDomainInfoByName, LsarSetTrustedDomainInfoByNameResponse), 50 : (LsarEnumerateTrustedDomainsEx, LsarEnumerateTrustedDomainsExResponse), #51 : (LsarCreateTrustedDomainEx, LsarCreateTrustedDomainExResponse), 53 : (LsarQueryDomainInformationPolicy, LsarQueryDomainInformationPolicyResponse), #54 : (LsarSetDomainInformationPolicy, LsarSetDomainInformationPolicyResponse), #55 : (LsarOpenTrustedDomainByName, LsarOpenTrustedDomainByNameResponse), #59 : (LsarCreateTrustedDomainEx2, LsarCreateTrustedDomainEx2Response), #73 : (LsarQueryForestTrustInformation, LsarQueryForestTrustInformationResponse), #74 : (LsarSetForestTrustInformation, LsarSetForestTrustInformationResponse), }
################################################################################ # HELPER FUNCTIONS ################################################################################
request = LsarRemovePrivilegesFromAccount() request['AccountHandle'] = accountHandle request['Privileges']['Control'] = 0 if privileges != NULL: request['Privileges']['PrivilegeCount'] = len(privileges) for priv in privileges: request['Privileges']['Privilege'].append(priv) else: request['Privileges']['PrivilegeCount'] = NULL request['AllPrivileges'] = allPrivileges
return dce.request(request)
if encryptedCurrentValue != NULL: request['EncryptedCurrentValue']['Length'] = len(encryptedCurrentValue) request['EncryptedCurrentValue']['MaximumLength'] = len(encryptedCurrentValue) request['EncryptedCurrentValue']['Buffer'] = list(encryptedCurrentValue) if encryptedOldValue != NULL: request['EncryptedOldValue']['Length'] = len(encryptedOldValue) request['EncryptedOldValue']['MaximumLength'] = len(encryptedOldValue) request['EncryptedOldValue']['Buffer'] = list(encryptedOldValue) return dce.request(request)
else:
request = LsarSetInformationPolicy() request['PolicyHandle'] = policyHandle request['InformationClass'] = informationClass request['PolicyInformation'] = policyInformation return dce.request(request) |