/// <summary> /// The NetrDatabaseSync method is a predecessor to the NetrDatabaseSync2 method, /// as specified in section 3.5.5.5.2. All parameters of this method have the same /// meanings as the identically named parameters of the NetrDatabaseSync2 method. /// Opnum: 8 /// </summary> /// <param name="PrimaryName"> /// The custom RPC binding handle, as specified in section /// , representing the connection to the PDC. /// </param> /// <param name="ComputerName"> /// The null-terminated Unicode string that contains the /// NetBIOS name of the BDC calling this method. /// </param> /// <param name="Authenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, as /// specified in section , that contains the client authenticator. /// </param> /// <param name="ReturnAuthenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, as /// specified in section , that contains the server return /// authenticator. /// </param> /// <param name="DatabaseID"> /// The identifier for a specific database for which the /// changes are requested. It MUST be one of the following /// values. /// </param> /// <param name="SyncContext"> /// Specifies context needed to continue the operation. /// The value MUST be set to zero on the first call. The /// caller MUST treat this as an opaque value, unless this /// call is a restart of the series of synchronization /// calls. The value returned is to be used on input for /// the next call in the series of synchronization calls. If /// this call is the restart of the series, the values /// of the RestartState and the SyncContext parameters /// are dependent on the DeltaType value received on the /// last call before the restart and MUST be set as follows. /// Find the last NETLOGON_DELTA_ENUM structure in the /// DeltaArray parameter of the call. The DeltaType field /// of this NETLOGON_DELTA_ENUM structure, as specified /// in section , is the DeltaType needed for the restart. /// The values of RestartState and SyncContext are then /// determined from the following table. DeltaTypeRestartStateSyncContextAddOrChangeGroupGroupStateThe /// value of the RID field of the last element AddOrChangeUserUserStateThe /// value of the RID field of the last element ChangeGroupMembershipGroupMemberStateThe /// value of the RID field of the last element AddOrChangeAliasAliasState0x00000000ChangeAliasMembershipAliasMemberState0x00000000Any /// other value not previously listedNormalState0x00000000 /// </param> /// <param name="DeltaArray"> /// A pointer to a NETLOGON_DELTA_ENUM_ARRAY structure, /// as specified in section , that contains an array of /// enumerated changes (deltas) to the specified database. /// </param> /// <param name="PreferredMaximumLength"> /// The value that specifies the preferred maximum size, /// in bytes, of data referenced in the DeltaArray parameter. /// This is not a hard upper limit, but serves as a guide /// to the server. The server SHOULDwindows stops including /// elements in the returned DeltaArray once the size of /// the returned data equals or exceeds the value of the /// PreferredMaximumLength parameter. The server SHOULD stop including elements /// in the returned DeltaArray once the size of the returned /// data equals or exceeds the value of the PreferredMaximumLength /// parameter. It is up to the client implementation to /// choose the value for this parameter. /// </param> public NtStatus NetrDatabaseSync( string PrimaryName, string ComputerName, _NETLOGON_AUTHENTICATOR? Authenticator, ref _NETLOGON_AUTHENTICATOR? ReturnAuthenticator, DatabaseID_Values DatabaseID, ref uint? SyncContext, out _NETLOGON_DELTA_ENUM_ARRAY? DeltaArray, uint PreferredMaximumLength) { NtStatus status = rpc.NetrDatabaseSync( PrimaryName, ComputerName, Authenticator, ref ReturnAuthenticator, DatabaseID, ref SyncContext, out DeltaArray, PreferredMaximumLength); context.ConnectionStatus = status; return status; }
/// <summary> /// The NetrLogonGetDomainInfo method Supported in windows_2000_server, /// windows_xp, windows_server_2003, windows_vista, and /// windows_server_2008, windows_7, and windows_server_7. /// returns information that describes the current domain /// to which the specified client belongs. Opnum: 29 /// </summary> /// <param name="ServerName"> /// The custom RPC binding handle, as specified in section /// . /// </param> /// <param name="ComputerName"> /// The null-terminated Unicode string that contains the /// name of the client computer issuing the request. /// </param> /// <param name="Authenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, as /// specified in section , that contains the client authenticator. /// </param> /// <param name="ReturnAuthenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, as /// specified in section , that contains the server return /// authenticator. /// </param> /// <param name="Level"> /// The information level requested by the client. The buffer /// contains one of the following structures, based on /// the value of this field. /// </param> /// <param name="WkstaBuffer"> /// A pointer to a NETLOGON_WORKSTATION_INFORMATION structure, /// as specified in section , that contains information /// about the client workstation. /// </param> /// <param name="DomBuffer"> /// A pointer to a NETLOGON_DOMAIN_INFORMATION structure, /// as specified in section , that contains information /// about the domain or policy information. /// </param> public NtStatus NetrLogonGetDomainInfo( string ServerName, string ComputerName, _NETLOGON_AUTHENTICATOR? Authenticator, ref _NETLOGON_AUTHENTICATOR? ReturnAuthenticator, Level_Values Level, _NETLOGON_WORKSTATION_INFORMATION? WkstaBuffer, out _NETLOGON_DOMAIN_INFORMATION? DomBuffer) { const ushort opnum = 29; byte[] requestStub; byte[] responseStub; Int3264[] paramList; int retVal; SafeIntPtr pServerName = Marshal.StringToHGlobalUni(ServerName); SafeIntPtr pComputerName = Marshal.StringToHGlobalUni(ComputerName); SafeIntPtr pAuthenticator = TypeMarshal.ToIntPtr(Authenticator); SafeIntPtr pReturnAuthenticatorIn = TypeMarshal.ToIntPtr(ReturnAuthenticator); SafeIntPtr pWkstaBuffer = TypeMarshal.ToIntPtr(WkstaBuffer, Level, null, null); paramList = new Int3264[] { pServerName, pComputerName, pAuthenticator, pReturnAuthenticatorIn, (uint)Level, pWkstaBuffer, IntPtr.Zero, 0 // retVal }; requestStub = RpceStubEncoder.ToBytes( RpceStubHelper.GetPlatform(), NrpcRpcStubFormatString.TypeFormatString, new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) }, NrpcRpcStubFormatString.ProcFormatString, NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum], true, paramList); rpceClientTransport.Call(opnum, requestStub, rpceTimeout, out responseStub); using (RpceInt3264Collection outParamList = RpceStubDecoder.ToParamList( RpceStubHelper.GetPlatform(), NrpcRpcStubFormatString.TypeFormatString, new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) }, NrpcRpcStubFormatString.ProcFormatString, NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum], true, responseStub, paramList)) { IntPtr pReturnAuthenticatorOut = outParamList[3]; ReturnAuthenticator = TypeMarshal.ToNullableStruct<_NETLOGON_AUTHENTICATOR>(pReturnAuthenticatorOut); IntPtr pDomBuffer = outParamList[6]; DomBuffer = TypeMarshal.ToNullableStruct<_NETLOGON_DOMAIN_INFORMATION>( pDomBuffer, Level, null, null); retVal = outParamList[7].ToInt32(); } pServerName.Dispose(); pComputerName.Dispose(); pAuthenticator.Dispose(); pReturnAuthenticatorIn.Dispose(); pWkstaBuffer.Dispose(); return (NtStatus)retVal; }
/// <summary> /// The NetrLogonSendToSamSupported in windows_2000_server, /// windows_xp, windows_server_2003, and windows_server_2008windows_server_2008, /// windows_7, and windows_server_7. method allows a BDC /// to forward user account password changes to the PDC. /// It is used by the client to deliver an opaque buffer /// to the SAM database ([MS-SAMR]) on the server side. /// Opnum: 32 /// </summary> /// <param name="PrimaryName"> /// The custom RPC binding handle. /// </param> /// <param name="ComputerName"> /// A null-terminated Unicode string that contains the NetBIOS /// name of the client computer making the call. /// </param> /// <param name="Authenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, as /// specified in section , that contains the client authenticator. /// </param> /// <param name="ReturnAuthenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, as /// specified in section , that contains the server return /// authenticator. /// </param> /// <param name="OpaqueBuffer"> /// A buffer to be passed to the Security Account Manager /// (SAM) service on the PDC. The buffer is encrypted on /// the wire. /// </param> /// <param name="OpaqueBufferSize"> /// The size, in bytes, of the OpaqueBuffer parameter. /// </param> public NtStatus NetrLogonSendToSam( string PrimaryName, string ComputerName, _NETLOGON_AUTHENTICATOR? Authenticator, out _NETLOGON_AUTHENTICATOR? ReturnAuthenticator, byte[] OpaqueBuffer, uint OpaqueBufferSize) { const ushort opnum = 32; byte[] requestStub; byte[] responseStub; Int3264[] paramList; int retVal; SafeIntPtr pPrimaryName = Marshal.StringToHGlobalUni(PrimaryName); SafeIntPtr pComputerName = Marshal.StringToHGlobalUni(ComputerName); SafeIntPtr pAuthenticator = TypeMarshal.ToIntPtr(Authenticator); SafeIntPtr pOpaqueBuffer = IntPtrUtility.ArrayToPtr(OpaqueBuffer); paramList = new Int3264[] { pPrimaryName, pComputerName, pAuthenticator, IntPtr.Zero, pOpaqueBuffer, OpaqueBufferSize, 0 // retVal }; requestStub = RpceStubEncoder.ToBytes( RpceStubHelper.GetPlatform(), NrpcRpcStubFormatString.TypeFormatString, new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) }, NrpcRpcStubFormatString.ProcFormatString, NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum], true, paramList); rpceClientTransport.Call(opnum, requestStub, rpceTimeout, out responseStub); using (RpceInt3264Collection outParamList = RpceStubDecoder.ToParamList( RpceStubHelper.GetPlatform(), NrpcRpcStubFormatString.TypeFormatString, new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) }, NrpcRpcStubFormatString.ProcFormatString, NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum], true, responseStub, paramList)) { IntPtr pReturnAuthenticator = outParamList[3]; ReturnAuthenticator = TypeMarshal.ToNullableStruct<_NETLOGON_AUTHENTICATOR>(pReturnAuthenticator); retVal = outParamList[6].ToInt32(); } pPrimaryName.Dispose(); pComputerName.Dispose(); pAuthenticator.Dispose(); pOpaqueBuffer.Dispose(); return (NtStatus)retVal; }
/// <summary> /// The NetrDatabaseRedo method is used by a BDC to request /// information about a single account from the PDC. Opnum /// : 17 /// </summary> /// <param name="PrimaryName"> /// The custom RPC binding handle, as specified in section /// , representing the connection to the PDC. /// </param> /// <param name="ComputerName"> /// The null-terminated Unicode string that contains the /// NetBIOS name of the BDC calling this method. /// </param> /// <param name="Authenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, as /// specified in section , that contains the client authenticator. /// </param> /// <param name="ReturnAuthenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, as /// specified in section , that contains the server return /// authenticator. /// </param> /// <param name="ChangeLogEntry"> /// A pointer to a buffer that contains a CHANGELOG_ENTRY /// structure, specified as follows, for the account being /// queried. /// </param> /// <param name="ChangeLogEntrySize"> /// The size, in bytes, of the buffer pointed to by the /// ChangeLogEntry parameter. /// </param> /// <param name="DeltaArray"> /// A pointer to a NETLOGON_DELTA_ENUM_ARRAY structure, /// as specified in section , that contains an array of /// enumerated database changes for the account being queried. /// </param> public NtStatus NetrDatabaseRedo( string PrimaryName, string ComputerName, _NETLOGON_AUTHENTICATOR? Authenticator, ref _NETLOGON_AUTHENTICATOR? ReturnAuthenticator, byte[] ChangeLogEntry, uint ChangeLogEntrySize, out _NETLOGON_DELTA_ENUM_ARRAY? DeltaArray) { const ushort opnum = 17; byte[] requestStub; byte[] responseStub; Int3264[] paramList; int retVal; SafeIntPtr pPrimaryName = Marshal.StringToHGlobalUni(PrimaryName); SafeIntPtr pComputerName = Marshal.StringToHGlobalUni(ComputerName); SafeIntPtr pAuthenticator = TypeMarshal.ToIntPtr(Authenticator); SafeIntPtr pReturnAuthenticatorIn = TypeMarshal.ToIntPtr(ReturnAuthenticator); SafeIntPtr pChangeLogEntry = IntPtrUtility.ArrayToPtr(ChangeLogEntry); paramList = new Int3264[] { pPrimaryName, pComputerName, pAuthenticator, pReturnAuthenticatorIn, pChangeLogEntry, ChangeLogEntrySize, IntPtr.Zero, 0 // retVal }; requestStub = RpceStubEncoder.ToBytes( RpceStubHelper.GetPlatform(), NrpcRpcStubFormatString.TypeFormatString, new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) }, NrpcRpcStubFormatString.ProcFormatString, NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum], true, paramList); rpceClientTransport.Call(opnum, requestStub, rpceTimeout, out responseStub); using (RpceInt3264Collection outParamList = RpceStubDecoder.ToParamList( RpceStubHelper.GetPlatform(), NrpcRpcStubFormatString.TypeFormatString, new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) }, NrpcRpcStubFormatString.ProcFormatString, NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum], true, responseStub, paramList)) { IntPtr pReturnAuthenticatorOut = outParamList[3]; ReturnAuthenticator = TypeMarshal.ToNullableStruct<_NETLOGON_AUTHENTICATOR>(pReturnAuthenticatorOut); IntPtr pDeltaArray = outParamList[6]; pDeltaArray = Marshal.ReadIntPtr(pDeltaArray); DeltaArray = TypeMarshal.ToNullableStruct<_NETLOGON_DELTA_ENUM_ARRAY>(pDeltaArray); retVal = outParamList[7].ToInt32(); } pPrimaryName.Dispose(); pComputerName.Dispose(); pAuthenticator.Dispose(); pReturnAuthenticatorIn.Dispose(); pChangeLogEntry.Dispose(); return (NtStatus)retVal; }
/// <summary> /// The NetrGetForestTrustInformationSupported in windows_2000_server, /// windows_xp, windows_server_2003, windows_vista, and /// windows_server_2008, windows_7, and windows_server_7. /// method retrieves the trust information for the forest /// of which the member's domain is itself a member. Opnum /// : 44 /// </summary> /// <param name="ServerName"> /// The custom RPC binding handle, as specified in section /// . /// </param> /// <param name="ComputerName"> /// The null-terminated Unicode string that contains the /// client computer NetBIOS name. /// </param> /// <param name="Authenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, as /// specified in section , that contains the client authenticator. /// </param> /// <param name="ReturnAuthenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, as /// specified in section , that contains the server return /// authenticator. /// </param> /// <param name="Flags"> /// MUST be set to zero and MUST be ignored on receipt. /// </param> /// <param name="ForestTrustInfo"> /// A pointer to an LSA_FOREST_TRUST_INFORMATION structure, /// as specified in [MS-LSAD] section , that contains data /// for each foresttrust. /// </param> public NtStatus NetrGetForestTrustInformation( string ServerName, string ComputerName, _NETLOGON_AUTHENTICATOR? Authenticator, out _NETLOGON_AUTHENTICATOR? ReturnAuthenticator, uint Flags, out _LSA_FOREST_TRUST_INFORMATION? ForestTrustInfo) { const ushort opnum = 44; byte[] requestStub; byte[] responseStub; Int3264[] paramList; int retVal; SafeIntPtr pServerName = Marshal.StringToHGlobalUni(ServerName); SafeIntPtr pComputerName = Marshal.StringToHGlobalUni(ComputerName); SafeIntPtr pAuthenticator = TypeMarshal.ToIntPtr(Authenticator); paramList = new Int3264[] { pServerName, pComputerName, pAuthenticator, IntPtr.Zero, Flags, IntPtr.Zero, 0 // retVal }; requestStub = RpceStubEncoder.ToBytes( RpceStubHelper.GetPlatform(), NrpcRpcStubFormatString.TypeFormatString, new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) }, NrpcRpcStubFormatString.ProcFormatString, NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum], true, paramList); rpceClientTransport.Call(opnum, requestStub, rpceTimeout, out responseStub); using (RpceInt3264Collection outParamList = RpceStubDecoder.ToParamList( RpceStubHelper.GetPlatform(), NrpcRpcStubFormatString.TypeFormatString, new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) }, NrpcRpcStubFormatString.ProcFormatString, NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum], true, responseStub, paramList)) { IntPtr pReturnAuthenticator = outParamList[3]; ReturnAuthenticator = TypeMarshal.ToNullableStruct<_NETLOGON_AUTHENTICATOR>(pReturnAuthenticator); IntPtr pForestTrustInfo = outParamList[5]; pForestTrustInfo = Marshal.ReadIntPtr(pForestTrustInfo); ForestTrustInfo = TypeMarshal.ToNullableStruct<_LSA_FOREST_TRUST_INFORMATION>(pForestTrustInfo); retVal = outParamList[6].ToInt32(); } pServerName.Dispose(); pComputerName.Dispose(); pAuthenticator.Dispose(); return (NtStatus)retVal; }
/// <summary> /// Validates the client Netlogon authenticator by incrementing the Netlogon credential /// in the Netlogon authenticator by one, performs the computation described in section /// 3.1.4.4, Netlogon Credential Computation, and stores the new Netlogon credential. /// The server returns a Netlogon authenticator that contains the new Netlogon credential /// to the client. /// </summary> /// <param name="clientAuthenticator"> /// Authenticator from client to validate. /// </param> /// <param name="algorithm"> /// Algorithm to validate the authenticator. /// </param> /// <param name="serverStoredCredential"> /// A byte array containing the credential that is maintained by /// the server and that is used during computation and /// verification of the Netlogon authenticator. /// </param> /// <param name="sessionKey">Session Key</param> /// <returns>Return true if validate successfully; otherwise, false.</returns> /// <exception cref="ArgumentNullException"> /// Thrown when serverStoredCredential or sessionKey is null. /// </exception> /// <exception cref="ArgumentException"> /// Thrown when Credential.data field of clientAuthenticator is null. /// Thrown when session key length is incorrect. /// </exception> public static bool ValidateClientNetlogonAuthenticator( _NETLOGON_AUTHENTICATOR clientAuthenticator, NrpcComputeNetlogonCredentialAlgorithm algorithm, ref byte[] serverStoredCredential, byte[] sessionKey) { if (serverStoredCredential == null) { throw new ArgumentNullException("serverStoredCredential"); } if (sessionKey == null) { throw new ArgumentNullException("sessionKey"); } if (sessionKey.Length != NETLOGON_SESSION_KEY_LENGTH) { throw new ArgumentException("Session key length is incorrect.", "sessionKey"); } if (clientAuthenticator.Credential.data == null) { throw new ArgumentException("clientAuthenticator is invalid.", "clientAuthenticator"); } //SET ServerStoredCredential = ServerStoredCredential + // ClientAuthenticator.Timestamp; //CALL ComputeNetlogonCredential(ServerStoredCredential, // Session-Key, TempCredential); //IF TempCredential != ClientAuthenticator.Credential //THEN return access denied error //In each of the addition operations previously performed, //the least-significant 4 bytes of the credential are added //with the 4-byte time stamp value (or the constant 1), //and overflow is ignored. This leaves the most-significant //4 bytes of the credential unmodified. uint credential = BitConverter.ToUInt32(serverStoredCredential, 0); credential += clientAuthenticator.Timestamp; byte[] buf = BitConverter.GetBytes(credential); Array.Copy(buf, serverStoredCredential, buf.Length); byte[] tempCredential = ComputeNetlogonCredential( algorithm, serverStoredCredential, sessionKey); return ArrayUtility.CompareArrays(tempCredential, clientAuthenticator.Credential.data); }
/// <summary> /// NetrAccountSync IDL method. Opnum: 10 /// </summary> /// <param name="PrimaryName"> /// PrimaryName parameter. /// </param> /// <param name="ComputerName"> /// ComputerName parameter. /// </param> /// <param name="Authenticator"> /// Authenticator parameter. /// </param> /// <param name="ReturnAuthenticator"> /// ReturnAuthenticator parameter. /// </param> /// <param name="Reference"> /// Reference parameter. /// </param> /// <param name="Level"> /// Level parameter. /// </param> /// <param name="Buffer"> /// Buffer parameter. /// </param> /// <param name="BufferSize"> /// BufferSize parameter. /// </param> /// <param name="CountReturned"> /// CountReturned parameter. /// </param> /// <param name="TotalEntries"> /// TotalEntries parameter. /// </param> /// <param name="NextReference"> /// NextReference parameter. /// </param> /// <param name="LastRecordId"> /// LastRecordId parameter. /// </param> public NtStatus NetrAccountSync( string PrimaryName, string ComputerName, _NETLOGON_AUTHENTICATOR? Authenticator, ref _NETLOGON_AUTHENTICATOR? ReturnAuthenticator, uint Reference, uint Level, out byte[] Buffer, uint BufferSize, out uint? CountReturned, out uint? TotalEntries, out uint? NextReference, out _UAS_INFO_0? LastRecordId) { const ushort opnum = 10; byte[] requestStub; byte[] responseStub; Int3264[] paramList; int retVal; SafeIntPtr pPrimaryName = Marshal.StringToHGlobalUni(PrimaryName); SafeIntPtr pComputerName = Marshal.StringToHGlobalUni(ComputerName); SafeIntPtr pAuthenticator = TypeMarshal.ToIntPtr(Authenticator); SafeIntPtr pReturnAuthenticatorIn = TypeMarshal.ToIntPtr(ReturnAuthenticator); paramList = new Int3264[] { pPrimaryName, pComputerName, pAuthenticator, pReturnAuthenticatorIn, Reference, Level, IntPtr.Zero, BufferSize, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, 0 // retVal }; requestStub = RpceStubEncoder.ToBytes( RpceStubHelper.GetPlatform(), NrpcRpcStubFormatString.TypeFormatString, new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) }, NrpcRpcStubFormatString.ProcFormatString, NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum], true, paramList); rpceClientTransport.Call(opnum, requestStub, rpceTimeout, out responseStub); using (RpceInt3264Collection outParamList = RpceStubDecoder.ToParamList( RpceStubHelper.GetPlatform(), NrpcRpcStubFormatString.TypeFormatString, new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) }, NrpcRpcStubFormatString.ProcFormatString, NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum], true, responseStub, paramList)) { IntPtr pReturnAuthenticatorOut = outParamList[3]; ReturnAuthenticator = TypeMarshal.ToNullableStruct<_NETLOGON_AUTHENTICATOR>(pReturnAuthenticatorOut); IntPtr pBuffer = outParamList[6]; Buffer = IntPtrUtility.PtrToArray<byte>(pBuffer, BufferSize); CountReturned = TypeMarshal.ToNullableStruct<uint>(outParamList[8]); TotalEntries = TypeMarshal.ToNullableStruct<uint>(outParamList[9]); NextReference = TypeMarshal.ToNullableStruct<uint>(outParamList[10]); IntPtr pLastRecordId = outParamList[11]; LastRecordId = TypeMarshal.ToNullableStruct<_UAS_INFO_0>(pLastRecordId); retVal = outParamList[12].ToInt32(); } pPrimaryName.Dispose(); pComputerName.Dispose(); pAuthenticator.Dispose(); pReturnAuthenticatorIn.Dispose(); return (NtStatus)retVal; }
/// <summary> /// The NetrLogonSamLogoff method handles logoff requests /// for the SAM accounts. Opnum: 3 /// </summary> /// <param name="logonServer"> /// The custom RPC binding handle. /// </param> /// <param name="computerName"> /// The Unicode string that contains the NetBIOS name of /// the client computer calling this method. /// </param> /// <param name="authenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, /// that contains the client authenticator. /// </param> /// <param name="returnAuthenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, /// that contains the server return /// authenticator. /// </param> /// <param name="logonLevel"> /// A NETLOGON_LOGON_INFO_CLASS structure, /// that identifies the type of logon information /// in the LogonInformation union. /// </param> /// <param name="logonInformation"> /// A pointer to a NETLOGON_LEVEL structure, /// that describes the logon information. /// </param> /// <returns> /// The method returns 0x00000000 on success; /// otherwise, it returns a nonzero error code. /// </returns> public NtStatus NetrLogonSamLogoff( string logonServer, string computerName, _NETLOGON_AUTHENTICATOR? authenticator, ref _NETLOGON_AUTHENTICATOR? returnAuthenticator, _NETLOGON_LOGON_INFO_CLASS logonLevel, _NETLOGON_LEVEL? logonInformation) { NtStatus status = rpc.NetrLogonSamLogoff( logonServer, computerName, authenticator, ref returnAuthenticator, logonLevel, logonInformation); context.ConnectionStatus = status; return status; }
/// <summary> /// The NetrLogonSamLogon method This method was used in /// windows_nt_4_0. It was superseded by the NetrLogonSamLogonWithFlags /// method in windows_2000_server, windows_xp, /// windows_server_2003, windows_vista, and windows_server_2008, /// windows_7, and windows_server_7. is a predecessor to /// the NetrLogonSamLogonWithFlags method. All /// parameters of this method have the same meanings as /// the identically named parameters of the NetrLogonSamLogonWithFlags /// method. Opnum: 2 /// </summary> /// <param name="logonServer"> /// LogonServer parameter. /// </param> /// <param name="computerName"> /// ComputerName parameter. /// </param> /// <param name="authenticator"> /// Authenticator parameter. /// </param> /// <param name="returnAuthenticator"> /// ReturnAuthenticator parameter. /// </param> /// <param name="logonLevel"> /// LogonLevel parameter. /// </param> /// <param name="logonInformation"> /// LogonInformation parameter. /// </param> /// <param name="validationLevel"> /// ValidationLevel parameter. /// </param> /// <param name="validationInformation"> /// ValidationInformation parameter. /// </param> /// <param name="authoritative"> /// Authoritative parameter. /// </param> /// <returns> /// The method returns 0x00000000 on success; /// otherwise, it returns a nonzero error code. /// </returns> public NtStatus NetrLogonSamLogon( string logonServer, string computerName, _NETLOGON_AUTHENTICATOR? authenticator, ref _NETLOGON_AUTHENTICATOR? returnAuthenticator, _NETLOGON_LOGON_INFO_CLASS logonLevel, _NETLOGON_LEVEL? logonInformation, _NETLOGON_VALIDATION_INFO_CLASS validationLevel, out _NETLOGON_VALIDATION? validationInformation, out byte? authoritative) { NtStatus status = rpc.NetrLogonSamLogon( logonServer, computerName, authenticator, ref returnAuthenticator, logonLevel, logonInformation, validationLevel, out validationInformation, out authoritative); //ConnectionStatus: A 4-byte value that contains the most recent //connection status return value (section 3.4.5.3.1) last returned //during secure channel establishment or by a method requiring //session key establishment (section 3.1.4.6). context.ConnectionStatus = status; return status; }
/// <summary> /// The NetrLogonGetDomainInfo method Supported in windows_2000_server, /// windows_xp, windows_server_2003, windows_vista, and /// windows_server_2008, windows_7, and windows_server_7. /// returns information that describes the current domain /// to which the specified client belongs. Opnum: 29 /// </summary> /// <param name="serverName"> /// The custom RPC binding handle. /// </param> /// <param name="computerName"> /// The null-terminated Unicode string that contains the /// name of the client computer issuing the request. /// </param> /// <param name="authenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, /// that contains the client authenticator. /// </param> /// <param name="returnAuthenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, /// that contains the server return /// authenticator. /// </param> /// <param name="level"> /// The information level requested by the client. The buffer /// contains one of the following structures, based on /// the value of this field. /// </param> /// <param name="wkstaBuffer"> /// A pointer to a NETLOGON_WORKSTATION_INFORMATION structure, /// that contains information /// about the client workstation. /// </param> /// <param name="domBuffer"> /// A pointer to a NETLOGON_DOMAIN_INFORMATION structure, /// that contains information /// about the domain or policy information. /// </param> /// <returns> /// The method returns 0x00000000 on success; /// otherwise, it returns a nonzero error code. /// </returns> public NtStatus NetrLogonGetDomainInfo( string serverName, string computerName, _NETLOGON_AUTHENTICATOR? authenticator, ref _NETLOGON_AUTHENTICATOR? returnAuthenticator, Level_Values level, _NETLOGON_WORKSTATION_INFORMATION? wkstaBuffer, out _NETLOGON_DOMAIN_INFORMATION? domBuffer) { NtStatus status = rpc.NetrLogonGetDomainInfo( serverName, computerName, authenticator, ref returnAuthenticator, level, wkstaBuffer, out domBuffer); context.ConnectionStatus = status; return status; }
public _NETLOGON_AUTHENTICATOR CreateEmptyNetlogonAuthenticator() { _NETLOGON_AUTHENTICATOR authenticator = new _NETLOGON_AUTHENTICATOR(); authenticator.Timestamp = 0; authenticator.Credential = new _NETLOGON_CREDENTIAL(); authenticator.Credential.data = new byte[NrpcUtility.NL_CREDENTIAL_LENGTH]; return authenticator; }
/// <summary> /// The NetrLogonGetCapabilities method is used by clients /// to confirm the server capabilities after a secure channel /// has been established. Opnum: 21 /// </summary> /// <param name="serverName"> /// A LOGONSRV_HANDLE Unicode string handle of the server /// that is handling the request. /// </param> /// <param name="computerName"> /// A string that contains the name of the computer. /// </param> /// <param name="authenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure that /// contains the client authenticator. /// </param> /// <param name="returnAuthenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure that /// contains the server return authenticator. /// </param> /// <param name="queryLevel"> /// Specifies the level of information to return from the /// domain controller being queried. A value of 0x00000001 /// causes a NETLOGON_DOMAIN_INFO structure that contains /// information about the DC to be returned. /// </param> /// <param name="serverCapabilities"> /// A pointer to a 32-bit set of bit flags that identify /// the server's capabilities. /// </param> /// <returns> /// The method returns 0x00000000 on success; /// otherwise, it returns a nonzero error code. /// </returns> public NtStatus NetrLogonGetCapabilities( string serverName, string computerName, _NETLOGON_AUTHENTICATOR? authenticator, ref _NETLOGON_AUTHENTICATOR? returnAuthenticator, uint queryLevel, out _NETLOGON_CAPABILITIES? serverCapabilities) { context.PrimaryName = serverName; context.ClientComputerName = computerName; NtStatus status = rpc.NetrLogonGetCapabilities( serverName, computerName, authenticator, ref returnAuthenticator, queryLevel, out serverCapabilities); //ConnectionStatus: A 4-byte value that contains the most recent //connection status return value (section 3.4.5.3.1) last returned //during secure channel establishment or by a method requiring //session key establishment (section 3.1.4.6). context.ConnectionStatus = status; if (status == NtStatus.STATUS_SUCCESS && queryLevel == 1 && serverCapabilities != null) { context.NegotiateFlags = (NrpcNegotiateFlags)serverCapabilities.Value.ServerCapabilities; } return status; }
/// <summary> /// The NetrGetForestTrustInformationSupported in windows_2000_server, /// windows_xp, windows_server_2003, windows_vista, and /// windows_server_2008, windows_7, and windows_server_7. /// method retrieves the trust information for the forest /// of which the member's domain is itself a member. Opnum: 44 /// </summary> /// <param name="serverName"> /// The custom RPC binding handle. /// </param> /// <param name="computerName"> /// The null-terminated Unicode string that contains the /// client computer NetBIOS name. /// </param> /// <param name="authenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, /// that contains the client authenticator. /// </param> /// <param name="returnAuthenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, /// that contains the server return /// authenticator. /// </param> /// <param name="flags"> /// MUST be set to zero and MUST be ignored on receipt. /// </param> /// <param name="forestTrustInfo"> /// A pointer to an LSA_FOREST_TRUST_INFORMATION structure, /// as specified in [MS-LSAD], that contains data /// for each foresttrust. /// </param> /// <returns> /// The method returns 0x00000000 on success; /// otherwise, it returns a nonzero error code. /// </returns> public NtStatus NetrGetForestTrustInformation( string serverName, string computerName, _NETLOGON_AUTHENTICATOR? authenticator, out _NETLOGON_AUTHENTICATOR? returnAuthenticator, uint flags, out _LSA_FOREST_TRUST_INFORMATION? forestTrustInfo) { return rpc.NetrGetForestTrustInformation( serverName, computerName, authenticator, out returnAuthenticator, flags, out forestTrustInfo); }
/// <summary> /// The NetrDatabaseSync2 method returns a set of all changes /// applied to the specified database since its creation. /// It provides an interface for a BDC to fully synchronize /// its databases to those of the PDC. Because returning /// all changes in one call might be prohibitively expensive /// due to a large amount of data being returned, this /// method supports retrieving portions of the database /// changes in a series of calls using a continuation context /// until all changes are received. It is possible for /// the series of calls to be terminated prematurely due /// to external events, such as system restarts. For that /// reason, the method also supports restarting the series /// of calls at a particular point specified by the caller. /// The caller MUST keep track of synchronization progress /// during the series of calls. /// Opnum: 16 /// </summary> /// <param name="primaryName"> /// The custom RPC binding handle, /// that represents the connection to the PDC. /// </param> /// <param name="computerName"> /// The null-terminated Unicode string that contains the /// NetBIOS name of the BDC calling this method. /// </param> /// <param name="authenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, /// that contains the client authenticator. /// </param> /// <param name="returnAuthenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, /// that contains the server return /// authenticator. /// </param> /// <param name="databaseID"> /// The identifier for a specific database for which the /// changes are requested. It MUST be one of the following /// values. /// </param> /// <param name="restartState"> /// Specifies whether this is a restart of the series of /// the synchronization calls and how to interpret SyncContext. /// This value MUST be NormalState unless this is the restart, /// in which case the value MUST be set as specified in /// the description of the SyncContext parameter. /// </param> /// <param name="syncContext"> /// Specifies context needed to continue the operation. /// The value MUST be set to zero on the first call. The /// caller MUST treat this as an opaque value, unless this /// call is a restart of the series of synchronization /// calls. The value returned is to be used on input for /// the next call in the series of synchronization calls. If /// this call is the restart of the series, the values /// of the RestartState and the SyncContext parameters /// are dependent on the DeltaType value received on the /// last call before the restart and MUST be set as follows. /// Find the last NETLOGON_DELTA_ENUM structure in the /// DeltaArray parameter of the call. The DeltaType field /// of this NETLOGON_DELTA_ENUM structure /// is the DeltaType needed for the restart. /// The values of RestartState and SyncContext are then /// determined from the following table.<para/> /// DeltaType RestartState SyncContext<para/> /// AddOrChangeGroup GroupState The value of the RID field of the last element<para/> /// AddOrChangeUser UserState The value of the RID field of the last element<para/> /// ChangeGroupMembership GroupMemberState The value of the RID field of the last element<para/> /// AddOrChangeAlias AliasState 0x00000000<para/> /// ChangeAliasMembership AliasMemberState 0x00000000<para/> /// Any other value not previously listed NormalState 0x00000000 /// </param> /// <param name="deltaArray"> /// A pointer to a NETLOGON_DELTA_ENUM_ARRAY structure, /// that contains an array of /// enumerated changes (deltas) to the specified database. /// </param> /// <param name="preferredMaximumLength"> /// The value that specifies the preferred maximum size, /// in bytes, of data referenced in the DeltaArray parameter. /// This is not a hard upper limit, but serves as a guide /// to the server. The server SHOULDwindows stops including /// elements in the returned DeltaArray once the size of /// the returned data equals or exceeds the value of the /// PreferredMaximumLength parameter. The server SHOULD stop including elements /// in the returned DeltaArray once the size of the returned /// data equals or exceeds the value of the PreferredMaximumLength /// parameter. It is up to the client implementation to /// choose the value for this parameter. /// </param> /// <returns> /// The method returns 0x00000000 on success; /// otherwise, it returns a nonzero error code. /// </returns> public NtStatus NetrDatabaseSync2( string primaryName, string computerName, _NETLOGON_AUTHENTICATOR? authenticator, ref _NETLOGON_AUTHENTICATOR? returnAuthenticator, DatabaseID_Values databaseID, _SYNC_STATE restartState, ref uint? syncContext, out _NETLOGON_DELTA_ENUM_ARRAY? deltaArray, uint preferredMaximumLength) { NtStatus status = rpc.NetrDatabaseSync2( primaryName, computerName, authenticator, ref returnAuthenticator, databaseID, restartState, ref syncContext, out deltaArray, preferredMaximumLength); context.ConnectionStatus = status; return status; }
/// <summary> /// Compute the Netlogon Authenticator at client-side. /// </summary> /// <param name="algorithm"> /// Algorithm to compute the authenticator. /// </param> /// <param name="time"> /// Current time on client. /// </param> /// <param name="clientStoredCredential"> /// A byte array containing the credential that is created by the client and /// received by the server and that is used during computation and /// verification of the Netlogon authenticator. /// </param> /// <param name="sessionKey"> /// Session Key. /// </param> /// <returns>Netlogon Authenticator</returns> /// <exception cref="ArgumentNullException"> /// Thrown when clientStoredCredential or sessionKey is null. /// </exception> /// <exception cref="ArgumentException"> /// Thrown when session key length is incorrect. /// </exception> public static _NETLOGON_AUTHENTICATOR ComputeClientNetlogonAuthenticator( NrpcComputeNetlogonCredentialAlgorithm algorithm, DateTime time, ref byte[] clientStoredCredential, byte[] sessionKey) { if (clientStoredCredential == null) { throw new ArgumentNullException("clientStoredCredential"); } if (sessionKey == null) { throw new ArgumentNullException("sessionKey"); } if (sessionKey.Length != NETLOGON_SESSION_KEY_LENGTH) { throw new ArgumentException("Session key length is incorrect.", "sessionKey"); } //SET TimeNow = current time; //SET ClientAuthenticator.Timestamp = TimeNow; //SET ClientStoredCredential = ClientStoredCredential + TimeNow; //CALL ComputeNetlogonCredential(ClientStoredCredential, Session-Key, ClientAuthenticator.Credential); //Timestamp is an integer value that contains the time of day at //which the client constructed this authentication credential, //represented as the number of elapsed seconds since 00:00:00 of January 1, 1970 (UTC). DateTime time19700101 = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); _NETLOGON_AUTHENTICATOR authenticator = new _NETLOGON_AUTHENTICATOR(); authenticator.Timestamp = (uint)( (time.ToUniversalTime() - time19700101).Ticks / TimeSpan.TicksPerSecond); //In each of the addition operations previously performed, //the least-significant 4 bytes of the credential are added //with the 4-byte time stamp value (or the constant 1), //and overflow is ignored. This leaves the most-significant //4 bytes of the credential unmodified. uint credential = BitConverter.ToUInt32(clientStoredCredential, 0); credential += authenticator.Timestamp; byte[] buf = BitConverter.GetBytes(credential); Array.Copy(buf, clientStoredCredential, buf.Length); authenticator.Credential = new _NETLOGON_CREDENTIAL(); authenticator.Credential.data = ComputeNetlogonCredential( algorithm, clientStoredCredential, sessionKey); return authenticator; }
/// <summary> /// The NetrLogonSamLogonWithFlags method Supported in windows_xpwindows_server_2003, /// windows_vista, windows_server_2008, windows_7, and /// windows_server_7. handles logon requests for the SAM /// accounts. Opnum: 45 /// </summary> /// <param name="logonServer"> /// The custom RPC binding handle. /// </param> /// <param name="computerName"> /// The Unicode string that contains the NetBIOS name of /// the client computer calling this method. /// </param> /// <param name="authenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, /// that contains the client authenticator. /// </param> /// <param name="returnAuthenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, /// that contains the server return /// authenticator. /// </param> /// <param name="logonLevel"> /// A NETLOGON_LOGON_INFO_CLASS structure, /// that specifies the type of logon information /// passed in the LogonInformation parameter. /// </param> /// <param name="logonInformation"> /// A pointer to a NETLOGON_LEVEL structure, /// that describes the logon request information. /// </param> /// <param name="validationLevel"> /// A NETLOGON_VALIDATION_INFO_CLASS enumerated type, /// that contains the validation /// level requested by the client. /// </param> /// <param name="validationInformation"> /// A pointer to a NETLOGON_VALIDATION structure, /// that describes the user validation information /// returned to the client. The type of the NETLOGON_VALIDATION /// used is determined by the value of the ValidationLevel /// parameter. /// </param> /// <param name="authoritative"> /// A pointer to a char value representing a Boolean condition. /// FALSE is indicated by the value 0x00; TRUE SHOULD be /// indicated by the value 0x01 and MAY also be indicated /// by any nonzero value. Windows uses the value of 0x01 /// as the representation of TRUE and 0x00 for FALSE. This /// Boolean value indicates whether the validation information /// is final. This field is necessary because the request /// might be forwarded through multiple servers. A value /// of TRUE indicates that the validation information is /// final and MUST remain unchanged. /// </param> /// <param name="extraFlags"> /// A pointer to a set of bit flags that specify delivery /// settings. A flag is TRUE (or set) if its value is equal /// to 1. The value is constructed from zero or more bit /// flags from the following table. /// </param> /// <returns> /// The method returns 0x00000000 on success; /// otherwise, it returns a nonzero error code. /// </returns> public NtStatus NetrLogonSamLogonWithFlags( string logonServer, string computerName, _NETLOGON_AUTHENTICATOR? authenticator, ref _NETLOGON_AUTHENTICATOR? returnAuthenticator, _NETLOGON_LOGON_INFO_CLASS logonLevel, _NETLOGON_LEVEL? logonInformation, _NETLOGON_VALIDATION_INFO_CLASS validationLevel, out _NETLOGON_VALIDATION? validationInformation, out byte? authoritative, ref NrpcNetrLogonSamLogonExtraFlags? extraFlags) { uint? flags = (uint?)extraFlags; NtStatus status = rpc.NetrLogonSamLogonWithFlags( logonServer, computerName, authenticator, ref returnAuthenticator, logonLevel, logonInformation, validationLevel, out validationInformation, out authoritative, ref flags); context.ConnectionStatus = status; extraFlags = (NrpcNetrLogonSamLogonExtraFlags?)flags; return status; }
/// <summary> /// Compute the Netlogon Authenticator at server-side. /// </summary> /// <param name="algorithm"> /// Algorithm to compute the authenticator. /// </param> /// <param name="serverStoredCredential"> /// A byte array containing the credential that is created by the server and /// received by the client and that is used during computation and /// verification of the Netlogon authenticator. /// </param> /// <param name="sessionKey"> /// Session Key. /// </param> /// <returns>Netlogon Authenticator</returns> /// <exception cref="ArgumentNullException"> /// Thrown when serverStoredCredential or sessionKey is null. /// </exception> /// <exception cref="ArgumentException"> /// Thrown when session key length is incorrect. /// </exception> public static _NETLOGON_AUTHENTICATOR ComputeServerNetlogonAuthenticator( NrpcComputeNetlogonCredentialAlgorithm algorithm, ref byte[] serverStoredCredential, byte[] sessionKey) { if (serverStoredCredential == null) { throw new ArgumentNullException("serverStoredCredential"); } if (sessionKey == null) { throw new ArgumentNullException("sessionKey"); } if (sessionKey.Length != NETLOGON_SESSION_KEY_LENGTH) { throw new ArgumentException("Session key length is incorrect.", "sessionKey"); } //SET ServerStoredCredential = ServerStoredCredential + 1; //CALL ComputeNetlogonCredential(ServerStoredCredential, //Session-Key, ServerAuthenticator.Credential); _NETLOGON_AUTHENTICATOR authenticator = new _NETLOGON_AUTHENTICATOR(); //In each of the addition operations previously performed, //the least-significant 4 bytes of the credential are added //with the 4-byte time stamp value (or the constant 1), //and overflow is ignored. This leaves the most-significant //4 bytes of the credential unmodified. uint credential = BitConverter.ToUInt32(serverStoredCredential, 0); credential += 1; byte[] buf = BitConverter.GetBytes(credential); Array.Copy(buf, serverStoredCredential, buf.Length); authenticator.Credential = new _NETLOGON_CREDENTIAL(); authenticator.Credential.data = ComputeNetlogonCredential( algorithm, serverStoredCredential, sessionKey); return authenticator; }
/// <summary> /// The NetrLogonSendToSamSupported in windows_2000_server, /// windows_xp, windows_server_2003, and windows_server_2008windows_server_2008, /// windows_7, and windows_server_7. method allows a BDC /// to forward user account password changes to the PDC. /// It is used by the client to deliver an opaque buffer /// to the SAM database ([MS-SAMR]) on the server side. /// Opnum: 32 /// </summary> /// <param name="primaryName"> /// The custom RPC binding handle. /// </param> /// <param name="computerName"> /// A null-terminated Unicode string that contains the NetBIOS /// name of the client computer making the call. /// </param> /// <param name="authenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, /// that contains the client authenticator. /// </param> /// <param name="returnAuthenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, /// that contains the server return /// authenticator. /// </param> /// <param name="opaqueBuffer"> /// A buffer to be passed to the Security Account Manager /// (SAM) service on the PDC. The buffer is encrypted on /// the wire. /// </param> /// <param name="opaqueBufferSize"> /// The size, in bytes, of the OpaqueBuffer parameter. /// </param> /// <returns> /// The method returns 0x00000000 on success; /// otherwise, it returns a nonzero error code. /// </returns> public NtStatus NetrLogonSendToSam( string primaryName, string computerName, _NETLOGON_AUTHENTICATOR? authenticator, out _NETLOGON_AUTHENTICATOR? returnAuthenticator, byte[] opaqueBuffer, uint opaqueBufferSize) { NtStatus status = rpc.NetrLogonSendToSam( primaryName, computerName, authenticator, out returnAuthenticator, opaqueBuffer, opaqueBufferSize); context.ConnectionStatus = status; return status; }
/// <summary> /// The DsrUpdateReadOnlyServerDnsRecords method will allow an RODC to send a control /// command to a normal (writable) DC for site-specific and CName types of DNS records /// update. For registration, site-specific records should be for the site in which /// RODC resides. For the types of DNS records, see [MS-ADTS] section 7.3.2. Opnum: 48 /// </summary> /// <param name="ServerName"> /// The custom RPC binding handle (as specified in section 3.5.5.1) that represents /// the connection to the normal (writable) DC. /// </param> /// <param name="ComputerName"> /// A null-terminated Unicode string that contains the client computer NetBIOS name. /// </param> /// <param name="Authenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure (as specified in section 2.2.1.1.5) /// that contains the client authenticator that will be used to authenticate the client. /// </param> /// <param name="ReturnAuthenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure that contains the server return /// authenticator. /// </param> /// <param name="SiteName"> /// A pointer to a null-terminated Unicode string that contains the site name where /// the RODC resides. /// </param> /// <param name="DnsTtl"> /// The Time To Live value, in seconds, for DNS records. /// </param> /// <param name="DnsNames"> /// A pointer to an NL_DNS_NAME_INFO_ARRAY (section 2.2.1.2.6) structure that contains /// an array of NL_DNS_NAME_INFO structures. /// </param> public NtStatus DsrUpdateReadOnlyServerDnsRecords( string ServerName, string ComputerName, _NETLOGON_AUTHENTICATOR? Authenticator, out _NETLOGON_AUTHENTICATOR? ReturnAuthenticator, string SiteName, uint DnsTtl, ref _NL_DNS_NAME_INFO_ARRAY? DnsNames) { const ushort opnum = 48; byte[] requestStub; byte[] responseStub; Int3264[] paramList; int retVal; SafeIntPtr pServerName = Marshal.StringToHGlobalUni(ServerName); SafeIntPtr pComputerName = Marshal.StringToHGlobalUni(ComputerName); SafeIntPtr pAuthenticator = TypeMarshal.ToIntPtr(Authenticator); SafeIntPtr pSiteName = Marshal.StringToHGlobalUni(SiteName); SafeIntPtr pDnsNamesIn = TypeMarshal.ToIntPtr(DnsNames); paramList = new Int3264[] { pServerName, pComputerName, pAuthenticator, IntPtr.Zero, pSiteName, DnsTtl, pDnsNamesIn, 0 // retVal }; requestStub = RpceStubEncoder.ToBytes( RpceStubHelper.GetPlatform(), NrpcRpcStubFormatString.TypeFormatString, new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) }, NrpcRpcStubFormatString.ProcFormatString, NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum], true, paramList); rpceClientTransport.Call(opnum, requestStub, rpceTimeout, out responseStub); using (RpceInt3264Collection outParamList = RpceStubDecoder.ToParamList( RpceStubHelper.GetPlatform(), NrpcRpcStubFormatString.TypeFormatString, new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) }, NrpcRpcStubFormatString.ProcFormatString, NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum], true, responseStub, paramList)) { IntPtr pReturnAuthenticator = outParamList[3]; ReturnAuthenticator = TypeMarshal.ToNullableStruct<_NETLOGON_AUTHENTICATOR>(pReturnAuthenticator); IntPtr pDnsNamesOut = outParamList[6]; DnsNames = TypeMarshal.ToNullableStruct<_NL_DNS_NAME_INFO_ARRAY>(pDnsNamesOut); retVal = outParamList[7].ToInt32(); } pServerName.Dispose(); pComputerName.Dispose(); pAuthenticator.Dispose(); pSiteName.Dispose(); pDnsNamesIn.Dispose(); return (NtStatus)retVal; }
/// <summary> /// The NetrServerPasswordGet method Supported in windows_2000_server, /// windows_xp, windows_server_2003, windows_vista, windows_server_2008, /// windows_7, and windows_server_7. allows a domain controller /// to get a machine account password from the DC with /// the PDC role in the domain. Opnum: 31 /// </summary> /// <param name="primaryName"> /// The custom RPC binding handle. /// </param> /// <param name="accountName"> /// A null-terminated Unicode string that contains the name /// of the account to retrieve the password for. For machine /// accounts, the account name is the machine name appended /// with a "$" character. /// </param> /// <param name="accountType"> /// A NETLOGON_SECURE_CHANNEL_TYPE enumerated value, /// that describes the secure channel /// to be used for authentication. /// </param> /// <param name="computerName"> /// A null-terminated Unicode string that contains the NetBIOS /// name of the BDC making the call. /// </param> /// <param name="authenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, /// that contains the encrypted /// logon credential and a time stamp. /// </param> /// <param name="returnAuthenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, /// that contains the server return /// authenticator. /// </param> /// <param name="encryptedNtOwfPassword"> /// A pointer to an ENCRYPTED_NT_OWF_PASSWORD structure, /// as specified in [MS-SAMR], that contains the /// OWF password of the account. /// </param> /// <returns> /// The method returns 0x00000000 on success; /// otherwise, it returns a nonzero error code. /// </returns> public NtStatus NetrServerPasswordGet( string primaryName, string accountName, _NETLOGON_SECURE_CHANNEL_TYPE accountType, string computerName, _NETLOGON_AUTHENTICATOR? authenticator, out _NETLOGON_AUTHENTICATOR? returnAuthenticator, out _NT_OWF_PASSWORD? encryptedNtOwfPassword) { NtStatus status = rpc.NetrServerPasswordGet( primaryName, accountName, accountType, computerName, authenticator, out returnAuthenticator, out encryptedNtOwfPassword); context.ConnectionStatus = status; return status; }
/// <summary> /// When an RODC receives either the NetrServerAuthenticate3 method or the /// NetrLogonGetDomainInfo method with updates requested, it invokes this method /// on a normal (writable) DC to update to a client's computer account object in /// Active Directory. /// </summary> /// <param name="PrimaryName"> /// The custom RPC binding handle, as specified in section 3.5.5.1. /// </param> /// <param name="ChainedFromServerName"> /// The null-terminated Unicode string that contains the name of the read-only /// DC that issues the request. /// </param> /// <param name="ChainedForClientName"> /// The null-terminated Unicode string that contains the name of the client /// computer that called NetrServerAuthenticate3 or NetrLogonGetDomainInfo on /// the RODC. /// </param> /// <param name="Authenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure that contains the client /// authenticator. /// </param> /// <param name="ReturnAuthenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure that contains the server /// return authenticator. /// </param> /// <param name="dwInVersion"> /// One of the NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES union types selected based on /// the value of the pmsgIn field. The value MUST be 1. /// </param> /// <param name="pmsgIn"> /// A pointer to an NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES_V1 structure that contains /// the values to update on the client's computer account object in Active /// Directory on the normal (writable) DC. /// </param> /// <param name="pdwOutVersion"> /// A pointer to one of the NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES union types selected /// based on the value of the pmsgIn field. The value MUST be 1. /// </param> /// <param name="pmsgOut"> /// A pointer to an NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES_V1 structure that contains /// information on the client workstation and the writable domain controller. For /// how it is populated by the server, see below. /// </param> public NtStatus NetrChainSetClientAttributes( string PrimaryName, string ChainedFromServerName, string ChainedForClientName, _NETLOGON_AUTHENTICATOR? Authenticator, ref _NETLOGON_AUTHENTICATOR? ReturnAuthenticator, uint dwInVersion, NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES? pmsgIn, ref uint? pdwOutVersion, ref NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES? pmsgOut) { const ushort opnum = 49; byte[] requestStub; byte[] responseStub; Int3264[] paramList; int retVal; SafeIntPtr pPrimaryName = Marshal.StringToHGlobalUni(PrimaryName); SafeIntPtr pChainedFromServerName = Marshal.StringToHGlobalUni(ChainedFromServerName); SafeIntPtr pChainedForClientName = Marshal.StringToHGlobalUni(ChainedForClientName); SafeIntPtr pAuthenticator = TypeMarshal.ToIntPtr(Authenticator); SafeIntPtr pReturnAuthenticatorIn = TypeMarshal.ToIntPtr(ReturnAuthenticator); SafeIntPtr ppMsgIn = TypeMarshal.ToIntPtr(pmsgIn, dwInVersion, null, null); SafeIntPtr ppdwOutVersion = TypeMarshal.ToIntPtr(pdwOutVersion); SafeIntPtr ppMsgOutIn = TypeMarshal.ToIntPtr(pmsgOut, pdwOutVersion.Value, null, null); paramList = new Int3264[] { pPrimaryName, pChainedFromServerName, pChainedForClientName, pAuthenticator, pReturnAuthenticatorIn, dwInVersion, ppMsgIn, ppdwOutVersion, ppMsgOutIn, 0 // retVal }; requestStub = RpceStubEncoder.ToBytes( RpceStubHelper.GetPlatform(), NrpcRpcStubFormatString.TypeFormatString, new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) }, NrpcRpcStubFormatString.ProcFormatString, NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum], true, paramList); rpceClientTransport.Call(opnum, requestStub, rpceTimeout, out responseStub); using (RpceInt3264Collection outParamList = RpceStubDecoder.ToParamList( RpceStubHelper.GetPlatform(), NrpcRpcStubFormatString.TypeFormatString, new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) }, NrpcRpcStubFormatString.ProcFormatString, NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum], true, responseStub, paramList)) { IntPtr pReturnAuthenticatorOut = outParamList[4]; ReturnAuthenticator = TypeMarshal.ToNullableStruct<_NETLOGON_AUTHENTICATOR>(pReturnAuthenticatorOut); pdwOutVersion = TypeMarshal.ToNullableStruct<uint>(outParamList[7]); IntPtr ppMsgOutOut = outParamList[8]; pmsgOut = TypeMarshal.ToNullableStruct<NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES>( ppMsgOutOut, pdwOutVersion.Value, null, null); retVal = outParamList[9].ToInt32(); } pPrimaryName.Dispose(); pChainedFromServerName.Dispose(); pChainedForClientName.Dispose(); pAuthenticator.Dispose(); pReturnAuthenticatorIn.Dispose(); ppMsgIn.Dispose(); ppdwOutVersion.Dispose(); ppMsgOutIn.Dispose(); return (NtStatus)retVal; }
/// <summary> /// The NetrServerPasswordSet2 method Supported in windows_2000_server, /// windows_xp, windows_server_2003, windows_vista, windows_server_2008, /// windows_7, and windows_server_7. allows the client /// to set a new clear text password for an account used /// by the domain controller /// for setting up the secure channel from the client. A /// domain member uses this function to periodically change /// its machine account password. A PDC uses this function /// to periodically change the trust password for all directly /// trusted domains. By default, the period is 30 days /// in windows_2000_server, windows_xp, windows_server_2003, /// windows_vista, windows_server_2008, windows_7, and /// windows_server_7. Opnum: 30 /// </summary> /// <param name="primaryName"> /// The custom RPC binding handle. /// </param> /// <param name="accountName"> /// The null-terminated Unicode string that contains the /// name of the account whose password is being changed. In /// windows, all machine account names are the name of /// the machine with a $ (dollar sign) appended. /// </param> /// <param name="secureChannelType"> /// An enumerated value that describes the secure channel /// to be used for authentication. /// </param> /// <param name="computerName"> /// The null-terminated Unicode string that contains the /// NetBIOS name of the computer making the request. /// </param> /// <param name="authenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, /// that contains the encrypted /// logon credential and a time stamp. /// </param> /// <param name="returnAuthenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, /// that contains the server return /// authenticator. /// </param> /// <param name="clearNewPassword"> /// A pointer to an NL_TRUST_PASSWORD structure, /// that contains the new password encrypted /// as specified in Calling NetrServerPasswordSet2. /// </param> /// <returns> /// The method returns 0x00000000 on success; /// otherwise, it returns a nonzero error code. /// </returns> public NtStatus NetrServerPasswordSet2( string primaryName, string accountName, _NETLOGON_SECURE_CHANNEL_TYPE secureChannelType, string computerName, _NETLOGON_AUTHENTICATOR? authenticator, out _NETLOGON_AUTHENTICATOR? returnAuthenticator, _NL_TRUST_PASSWORD? clearNewPassword) { NtStatus status = rpc.NetrServerPasswordSet2( primaryName, accountName, secureChannelType, computerName, authenticator, out returnAuthenticator, clearNewPassword); context.ConnectionStatus = status; return status; }
/// <summary> /// The NetrDatabaseSync2 method returns a set of all changes /// applied to the specified database since its creation. /// It provides an interface for a BDC to fully synchronize /// its databases to those of the PDC. Because returning /// all changes in one call might be prohibitively expensive /// due to a large amount of data being returned, this /// method supports retrieving portions of the database /// changes in a series of calls using a continuation context /// until all changes are received. It is possible for /// the series of calls to be terminated prematurely due /// to external events, such as system restarts. For that /// reason, the method also supports restarting the series /// of calls at a particular point specified by the caller. /// The caller MUST keep track of synchronization progress /// during the series of calls as detailed in this section. /// Opnum: 16 /// </summary> /// <param name="PrimaryName"> /// The custom RPC binding handle, as specified in section /// , that represents the connection to the PDC. /// </param> /// <param name="ComputerName"> /// The null-terminated Unicode string that contains the /// NetBIOS name of the BDC calling this method. /// </param> /// <param name="Authenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, as /// specified in section , that contains the client authenticator. /// </param> /// <param name="ReturnAuthenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, as /// specified in section , that contains the server return /// authenticator. /// </param> /// <param name="DatabaseID"> /// The identifier for a specific database for which the /// changes are requested. It MUST be one of the following /// values. /// </param> /// <param name="RestartState"> /// Specifies whether this is a restart of the series of /// the synchronization calls and how to interpret SyncContext. /// This value MUST be NormalState unless this is the restart, /// in which case the value MUST be set as specified in /// the description of the SyncContext parameter. /// </param> /// <param name="SyncContext"> /// Specifies context needed to continue the operation. /// The value MUST be set to zero on the first call. The /// caller MUST treat this as an opaque value, unless this /// call is a restart of the series of synchronization /// calls. The value returned is to be used on input for /// the next call in the series of synchronization calls. If /// this call is the restart of the series, the values /// of the RestartState and the SyncContext parameters /// are dependent on the DeltaType value received on the /// last call before the restart and MUST be set as follows. /// Find the last NETLOGON_DELTA_ENUM structure in the /// DeltaArray parameter of the call. The DeltaType field /// of this NETLOGON_DELTA_ENUM structure, as specified /// in section , is the DeltaType needed for the restart. /// The values of RestartState and SyncContext are then /// determined from the following table. DeltaTypeRestartStateSyncContextAddOrChangeGroupGroupStateThe /// value of the RID field of the last element AddOrChangeUserUserStateThe /// value of the RID field of the last element ChangeGroupMembershipGroupMemberStateThe /// value of the RID field of the last element AddOrChangeAliasAliasState0x00000000ChangeAliasMembershipAliasMemberState0x00000000Any /// other value not previously listedNormalState0x00000000 /// </param> /// <param name="DeltaArray"> /// A pointer to a NETLOGON_DELTA_ENUM_ARRAY structure, /// as specified in section , that contains an array of /// enumerated changes (deltas) to the specified database. /// </param> /// <param name="PreferredMaximumLength"> /// The value that specifies the preferred maximum size, /// in bytes, of data referenced in the DeltaArray parameter. /// This is not a hard upper limit, but serves as a guide /// to the server. The server SHOULDwindows stops including /// elements in the returned DeltaArray once the size of /// the returned data equals or exceeds the value of the /// PreferredMaximumLength parameter. The server SHOULD stop including elements /// in the returned DeltaArray once the size of the returned /// data equals or exceeds the value of the PreferredMaximumLength /// parameter. It is up to the client implementation to /// choose the value for this parameter. /// </param> public NtStatus NetrDatabaseSync2( string PrimaryName, string ComputerName, _NETLOGON_AUTHENTICATOR? Authenticator, ref _NETLOGON_AUTHENTICATOR? ReturnAuthenticator, DatabaseID_Values DatabaseID, _SYNC_STATE RestartState, ref uint? SyncContext, out _NETLOGON_DELTA_ENUM_ARRAY? DeltaArray, uint PreferredMaximumLength) { const ushort opnum = 16; byte[] requestStub; byte[] responseStub; Int3264[] paramList; int retVal; SafeIntPtr pPrimaryName = Marshal.StringToHGlobalUni(PrimaryName); SafeIntPtr pComputerName = Marshal.StringToHGlobalUni(ComputerName); SafeIntPtr pAuthenticator = TypeMarshal.ToIntPtr(Authenticator); SafeIntPtr pReturnAuthenticatorIn = TypeMarshal.ToIntPtr(ReturnAuthenticator); SafeIntPtr pSyncContext = TypeMarshal.ToIntPtr(SyncContext); paramList = new Int3264[] { pPrimaryName, pComputerName, pAuthenticator, pReturnAuthenticatorIn, (uint)DatabaseID, (uint)RestartState, pSyncContext, IntPtr.Zero, PreferredMaximumLength, 0 // retVal }; requestStub = RpceStubEncoder.ToBytes( RpceStubHelper.GetPlatform(), NrpcRpcStubFormatString.TypeFormatString, new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) }, NrpcRpcStubFormatString.ProcFormatString, NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum], true, paramList); rpceClientTransport.Call(opnum, requestStub, rpceTimeout, out responseStub); using (RpceInt3264Collection outParamList = RpceStubDecoder.ToParamList( RpceStubHelper.GetPlatform(), NrpcRpcStubFormatString.TypeFormatString, new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) }, NrpcRpcStubFormatString.ProcFormatString, NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum], true, responseStub, paramList)) { IntPtr pReturnAuthenticatorOut = outParamList[3]; ReturnAuthenticator = TypeMarshal.ToNullableStruct<_NETLOGON_AUTHENTICATOR>(pReturnAuthenticatorOut); SyncContext = TypeMarshal.ToNullableStruct<uint>(outParamList[6]); IntPtr pDeltaArray = outParamList[7]; pDeltaArray = Marshal.ReadIntPtr(pDeltaArray); DeltaArray = TypeMarshal.ToNullableStruct<_NETLOGON_DELTA_ENUM_ARRAY>(pDeltaArray); retVal = outParamList[9].ToInt32(); } pPrimaryName.Dispose(); pComputerName.Dispose(); pAuthenticator.Dispose(); pReturnAuthenticatorIn.Dispose(); pSyncContext.Dispose(); return (NtStatus)retVal; }
/// <summary> /// The NetrServerTrustPasswordsGet method Supported in windows_2000_server_sp4, /// windows_xp, and windows_server_2003, windows_vista, /// windows_server_2008, windows_7, and windows_server_7. /// returns the encrypted current and previous passwords /// for an account in the domain. This method is called /// by a client to retrieve the current and previous account /// passwords from a domain controller. The account name /// requested MUST be the name used when the secure channel /// was created, unless the method is called on a PDC by /// a DC, in which case it can be any valid account name. /// Opnum: 42 /// </summary> /// <param name="trustedDcName"> /// The custom RPC binding handle. /// </param> /// <param name="accountName"> /// The null-terminated Unicode string that contains the /// name of the client account in the domain for which /// the trust password MUST be returned. In windows, all /// machine account names are the name of the machine with /// a $ (dollar sign) appended. /// </param> /// <param name="secureChannelType"> /// A NETLOGON_SECURE_CHANNEL_TYPE enumerated value, /// that indicates the type of the /// secure channel being established by this call. /// </param> /// <param name="computerName"> /// The null-terminated Unicode string that contains the /// NetBIOS name of the client computer. /// </param> /// <param name="authenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, /// that contains the client authenticator. /// </param> /// <param name="returnAuthenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, /// that contains the server return /// authenticator. /// </param> /// <param name="encryptedNewOwfPassword"> /// A pointer to an ENCRYPTED_NT_OWF_PASSWORD structure, /// that contains the NTOWFv1 /// (as specified in NTLM v1 Authentication in [MS-NLMP]) /// of the current password, encrypted as specified /// in [MS-SAMR], Encrypting an NT Hash or LM /// Hash Value with a Specified Key. The session key is /// the specified 16-byte key that is used to derive the /// password's keys. The specified 16-byte key uses the /// 16-byte value process, as specified in [MS-SAMR]. /// </param> /// <param name="encryptedOldOwfPassword"> /// A pointer to an ENCRYPTED_NT_OWF_PASSWORD structure, /// that contains the NTOWFv1 /// (as specified in NTLM v1 Authentication in [MS-NLMP]) /// of the previous password, encrypted as specified /// in [MS-SAMR], Encrypting an NT Hash or LM /// Hash Value with a Specified Key. The session key is /// the specified 16-byte key that is used to derive the /// password's keys. The specified 16-byte key uses the /// 16-byte value process, as specified in [MS-SAMR]. /// </param> /// <returns> /// The method returns 0x00000000 on success; /// otherwise, it returns a nonzero error code. /// </returns> public NtStatus NetrServerTrustPasswordsGet( string trustedDcName, string accountName, _NETLOGON_SECURE_CHANNEL_TYPE secureChannelType, string computerName, _NETLOGON_AUTHENTICATOR? authenticator, out _NETLOGON_AUTHENTICATOR? returnAuthenticator, out _NT_OWF_PASSWORD? encryptedNewOwfPassword, out _NT_OWF_PASSWORD? encryptedOldOwfPassword) { NtStatus status = rpc.NetrServerTrustPasswordsGet( trustedDcName, accountName, secureChannelType, computerName, authenticator, out returnAuthenticator, out encryptedNewOwfPassword, out encryptedOldOwfPassword); context.ConnectionStatus = status; return status; }
/// <summary> /// The NetrLogonDummyRoutine1 method is no longer supported. /// It serves as a placeholder in the IDL file for the /// RPC opnum value 21.The NetrLogonDummyRoutine1 method /// is deprecated by NetrLogonGetCapabilities. It serves /// as a placeholder in the IDL file for the RPC opnum value /// 21.Supported in windows_nt, windows_2000, windows_xp, /// windows_server_2003, windows_vista, windows_server_2008, /// windows_7, and windows_server_7. Opnum: 21 /// </summary> /// <param name="ServerName"> /// A LOGONSRV_HANDLE Unicode string handle of the server /// that is handling the request. /// </param> /// <param name="ComputerName"> /// A string that contains the name of the computer. /// </param> /// <param name="Authenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure that /// contains the client authenticator. /// </param> /// <param name="ReturnAuthenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure that /// contains the server return authenticator. /// </param> /// <param name="QueryLevel"> /// Specifies the level of information to return from the /// domain controller being queried. A value of 0x00000001 /// causes a NETLOGON_DOMAIN_INFO structure that contains /// information about the DC to be returned. /// </param> /// <param name="serverCapabilities"> /// A pointer to a 32-bit set of bit flags that identify /// the server's capabilities. /// </param> public NtStatus NetrLogonGetCapabilities( string ServerName, string ComputerName, _NETLOGON_AUTHENTICATOR? Authenticator, ref _NETLOGON_AUTHENTICATOR? ReturnAuthenticator, uint QueryLevel, out _NETLOGON_CAPABILITIES? serverCapabilities) { const ushort opnum = 21; byte[] requestStub; byte[] responseStub; Int3264[] paramList; int retVal; SafeIntPtr pServerName = Marshal.StringToHGlobalUni(ServerName); SafeIntPtr pComputerName = Marshal.StringToHGlobalUni(ComputerName); SafeIntPtr pAuthenticator = TypeMarshal.ToIntPtr(Authenticator); SafeIntPtr pReturnAuthenticatorIn = TypeMarshal.ToIntPtr(ReturnAuthenticator); paramList = new Int3264[] { pServerName, pComputerName, pAuthenticator, pReturnAuthenticatorIn, QueryLevel, IntPtr.Zero, 0 // retVal }; requestStub = RpceStubEncoder.ToBytes( RpceStubHelper.GetPlatform(), NrpcRpcStubFormatString.TypeFormatString, new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) }, NrpcRpcStubFormatString.ProcFormatString, NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum], true, paramList); rpceClientTransport.Call(opnum, requestStub, rpceTimeout, out responseStub); using (RpceInt3264Collection outParamList = RpceStubDecoder.ToParamList( RpceStubHelper.GetPlatform(), NrpcRpcStubFormatString.TypeFormatString, new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) }, NrpcRpcStubFormatString.ProcFormatString, NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum], true, responseStub, paramList)) { IntPtr pReturnAuthenticatorOut = outParamList[3]; ReturnAuthenticator = TypeMarshal.ToNullableStruct<_NETLOGON_AUTHENTICATOR>(pReturnAuthenticatorOut); IntPtr pServerCapabilities = outParamList[5]; serverCapabilities = TypeMarshal.ToNullableStruct<_NETLOGON_CAPABILITIES>( pServerCapabilities, QueryLevel, null, null); retVal = outParamList[6].ToInt32(); } pServerName.Dispose(); pComputerName.Dispose(); pAuthenticator.Dispose(); pReturnAuthenticatorIn.Dispose(); return (NtStatus)retVal; }
/// <summary> /// Validates the returned Netlogon authenticator. /// </summary> /// <param name="serverAuthenticator"> /// Netlogon authenticator returned from server. /// </param> /// <returns>Return true if validate successfully; otherwise, false.</returns> /// <exception cref="InvalidOperationException"> /// Thrown when the method is called before establishing a NRPC secure channel. /// </exception> public bool ValidateServerNetlogonAuthenticator( _NETLOGON_AUTHENTICATOR serverAuthenticator) { ValidateSecureChannelExists(); byte[] clientStoredCredential; bool result; if ((context.NegotiateFlags & NrpcNegotiateFlags.SupportsAESAndSHA2) == NrpcNegotiateFlags.SupportsAESAndSHA2) { clientStoredCredential = context.StoredCredential; result = NrpcUtility.ValidateServerNetlogonAuthenticator( serverAuthenticator, NrpcComputeNetlogonCredentialAlgorithm.AES128, ref clientStoredCredential, context.SessionKey); context.StoredCredential = clientStoredCredential; } else { clientStoredCredential = context.StoredCredential; result = NrpcUtility.ValidateServerNetlogonAuthenticator( serverAuthenticator, NrpcComputeNetlogonCredentialAlgorithm.DESECB, ref clientStoredCredential, context.SessionKey); context.StoredCredential = clientStoredCredential; } return result; }
/// <summary> /// The NetrLogonSamLogonWithFlags method Supported in windows_xpwindows_server_2003, /// windows_vista, windows_server_2008, windows_7, and /// windows_server_7. handles logon requests for the SAM /// accounts. Opnum: 45 /// </summary> /// <param name="LogonServer"> /// The custom RPC binding handle, as specified in section /// . /// </param> /// <param name="ComputerName"> /// The Unicode string that contains the NetBIOS name of /// the client computer calling this method. /// </param> /// <param name="Authenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, as /// specified in section , that contains the client authenticator. /// </param> /// <param name="ReturnAuthenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, as /// specified in section , that contains the server return /// authenticator. /// </param> /// <param name="LogonLevel"> /// A NETLOGON_LOGON_INFO_CLASS structure, as specified /// in section , that specifies the type of logon information /// passed in the LogonInformation parameter. /// </param> /// <param name="LogonInformation"> /// A pointer to a NETLOGON_LEVEL structure, as specified /// in section , that describes the logon request information. /// </param> /// <param name="ValidationLevel"> /// A NETLOGON_VALIDATION_INFO_CLASS enumerated type, as /// specified in section , that contains the validation /// level requested by the client. /// </param> /// <param name="ValidationInformation"> /// A pointer to a NETLOGON_VALIDATION structure, as specified /// in section , that describes the user validation information /// returned to the client. The type of the NETLOGON_VALIDATION /// used is determined by the value of the ValidationLevel /// parameter. /// </param> /// <param name="Authoritative"> /// A pointer to a char value representing a Boolean condition. /// FALSE is indicated by the value 0x00; TRUE SHOULD be /// indicated by the value 0x01 and MAY also be indicated /// by any nonzero value. Windows uses the value of 0x01 /// as the representation of TRUE and 0x00 for FALSE. This /// Boolean value indicates whether the validation information /// is final. This field is necessary because the request /// might be forwarded through multiple servers. A value /// of TRUE indicates that the validation information is /// final and MUST remain unchanged. /// </param> /// <param name="ExtraFlags"> /// A pointer to a set of bit flags that specify delivery /// settings. A flag is TRUE (or set) if its value is equal /// to 1. The value is constructed from zero or more bit /// flags from the following table. /// </param> public NtStatus NetrLogonSamLogonWithFlags( string LogonServer, string ComputerName, _NETLOGON_AUTHENTICATOR? Authenticator, ref _NETLOGON_AUTHENTICATOR? ReturnAuthenticator, _NETLOGON_LOGON_INFO_CLASS LogonLevel, _NETLOGON_LEVEL? LogonInformation, _NETLOGON_VALIDATION_INFO_CLASS ValidationLevel, out _NETLOGON_VALIDATION? ValidationInformation, out byte? Authoritative, ref uint? ExtraFlags) { const ushort opnum = 45; byte[] requestStub; byte[] responseStub; Int3264[] paramList; int retVal; SafeIntPtr pLogonServer = Marshal.StringToHGlobalUni(LogonServer); SafeIntPtr pComputerName = Marshal.StringToHGlobalUni(ComputerName); SafeIntPtr pAuthenticator = TypeMarshal.ToIntPtr(Authenticator); SafeIntPtr pReturnAuthenticatorIn = TypeMarshal.ToIntPtr(ReturnAuthenticator); SafeIntPtr pLogonInformation = TypeMarshal.ToIntPtr(LogonInformation, LogonLevel, null, null); SafeIntPtr pExtraFlags = TypeMarshal.ToIntPtr(ExtraFlags); paramList = new Int3264[] { pLogonServer, pComputerName, pAuthenticator, pReturnAuthenticatorIn, (uint)LogonLevel, pLogonInformation, (uint)ValidationLevel, IntPtr.Zero, IntPtr.Zero, pExtraFlags, 0 // retVal }; requestStub = RpceStubEncoder.ToBytes( RpceStubHelper.GetPlatform(), NrpcRpcStubFormatString.TypeFormatString, new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) }, NrpcRpcStubFormatString.ProcFormatString, NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum], true, paramList); rpceClientTransport.Call(opnum, requestStub, rpceTimeout, out responseStub); using (RpceInt3264Collection outParamList = RpceStubDecoder.ToParamList( RpceStubHelper.GetPlatform(), NrpcRpcStubFormatString.TypeFormatString, new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) }, NrpcRpcStubFormatString.ProcFormatString, NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum], true, responseStub, paramList)) { IntPtr pReturnAuthenticatorOut = outParamList[3]; ReturnAuthenticator = TypeMarshal.ToNullableStruct<_NETLOGON_AUTHENTICATOR>(pReturnAuthenticatorOut); IntPtr pValidationInformation = outParamList[7]; ValidationInformation = TypeMarshal.ToNullableStruct<_NETLOGON_VALIDATION>( pValidationInformation, ValidationLevel, null, null); Authoritative = TypeMarshal.ToNullableStruct<byte>(outParamList[8]); ExtraFlags = TypeMarshal.ToNullableStruct<uint>(outParamList[9]); retVal = outParamList[10].ToInt32(); } pLogonServer.Dispose(); pComputerName.Dispose(); pAuthenticator.Dispose(); pReturnAuthenticatorIn.Dispose(); pLogonInformation.Dispose(); pExtraFlags.Dispose(); return (NtStatus)retVal; }
/// <summary> /// Validates the client authenticator /// </summary> /// <param name="clientAuthenticator">the client authenticator</param> private void ValidateNetlogonAuthenticator(_NETLOGON_AUTHENTICATOR? clientAuthenticator) { if (SessionKey == null || StoredCredential == null) { throw new InvalidOperationException("Unable to validate client authenticator"); } if (!clientAuthenticator.HasValue) { return; } NrpcComputeNetlogonCredentialAlgorithm algorithm; if ((NegotiateFlags & NrpcNegotiateFlags.SupportsAESAndSHA2) != 0) { algorithm = NrpcComputeNetlogonCredentialAlgorithm.AES128; } else { algorithm = NrpcComputeNetlogonCredentialAlgorithm.DESECB; } byte[] serverStoredCredential = StoredCredential; if (!NrpcUtility.ValidateClientNetlogonAuthenticator( clientAuthenticator.Value, algorithm, ref serverStoredCredential, SessionKey)) { throw new InvalidOperationException("Client authenticator isn't correct"); } StoredCredential = serverStoredCredential; }
/// <summary> /// The NetrServerTrustPasswordsGet method Supported in windows_2000_server_sp4, /// windows_xp, and windows_server_2003, windows_vista, /// windows_server_2008, windows_7, and windows_server_7. /// returns the encrypted current and previous passwords /// for an account in the domain. This method is called /// by a client to retrieve the current and previous account /// passwords from a domain controller. The account name /// requested MUST be the name used when the secure channel /// was created, unless the method is called on a PDC by /// a DC, in which case it can be any valid account name. /// Opnum: 42 /// </summary> /// <param name="TrustedDcName"> /// The custom RPC binding handle, as specified in section /// . /// </param> /// <param name="AccountName"> /// The null-terminated Unicode string that contains the /// name of the client account in the domain for which /// the trust password MUST be returned. In windows, all /// machine account names are the name of the machine with /// a $ (dollar sign) appended. /// </param> /// <param name="SecureChannelType"> /// A NETLOGON_SECURE_CHANNEL_TYPE enumerated value, as /// specified in section , that indicates the type of the /// secure channel being established by this call. /// </param> /// <param name="ComputerName"> /// The null-terminated Unicode string that contains the /// NetBIOS name of the client computer. /// </param> /// <param name="Authenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, as /// specified in section , that contains the client authenticator. /// </param> /// <param name="ReturnAuthenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, as /// specified in section , that contains the server return /// authenticator. /// </param> /// <param name="EncryptedNewOwfPassword"> /// A pointer to an ENCRYPTED_NT_OWF_PASSWORD structure, /// as specified in section , that contains the NTOWFv1 /// (as specified in NTLM v1 Authentication in [MS-NLMP] /// section) of the current password, encrypted as specified /// in [MS-SAMR] section , Encrypting an NT Hash or LM /// Hash Value with a Specified Key. The session key is /// the specified 16-byte key that is used to derive the /// password's keys. The specified 16-byte key uses the /// 16-byte value process, as specified in [MS-SAMR] section /// . /// </param> /// <param name="EncryptedOldOwfPassword"> /// A pointer to an ENCRYPTED_NT_OWF_PASSWORD structure, /// as specified in section , that contains the NTOWFv1 /// (as specified in NTLM v1 Authentication in [MS-NLMP] /// section) of the previous password, encrypted as specified /// in [MS-SAMR] section , Encrypting an NT Hash or LM /// Hash Value with a Specified Key. The session key is /// the specified 16-byte key that is used to derive the /// password's keys. The specified 16-byte key uses the /// 16-byte value process, as specified in [MS-SAMR] section /// . /// </param> public NtStatus NetrServerTrustPasswordsGet( string TrustedDcName, string AccountName, _NETLOGON_SECURE_CHANNEL_TYPE SecureChannelType, string ComputerName, _NETLOGON_AUTHENTICATOR? Authenticator, out _NETLOGON_AUTHENTICATOR? ReturnAuthenticator, out _NT_OWF_PASSWORD? EncryptedNewOwfPassword, out _NT_OWF_PASSWORD? EncryptedOldOwfPassword) { const ushort opnum = 42; byte[] requestStub; byte[] responseStub; Int3264[] paramList; int retVal; SafeIntPtr pTrustedDcName = Marshal.StringToHGlobalUni(TrustedDcName); SafeIntPtr pAccountName = Marshal.StringToHGlobalUni(AccountName); SafeIntPtr pComputerName = Marshal.StringToHGlobalUni(ComputerName); SafeIntPtr pAuthenticator = TypeMarshal.ToIntPtr(Authenticator); paramList = new Int3264[] { pTrustedDcName, pAccountName, (uint)SecureChannelType, pComputerName, pAuthenticator, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, 0 // retVal }; requestStub = RpceStubEncoder.ToBytes( RpceStubHelper.GetPlatform(), NrpcRpcStubFormatString.TypeFormatString, new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) }, NrpcRpcStubFormatString.ProcFormatString, NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum], true, paramList); rpceClientTransport.Call(opnum, requestStub, rpceTimeout, out responseStub); using (RpceInt3264Collection outParamList = RpceStubDecoder.ToParamList( RpceStubHelper.GetPlatform(), NrpcRpcStubFormatString.TypeFormatString, new RpceStubExprEval[] { new RpceStubExprEval(logon__NETLOGON_DELTA_USERExprEval_0000) }, NrpcRpcStubFormatString.ProcFormatString, NrpcRpcStubFormatString.ProcFormatStringOffsetTable[opnum], true, responseStub, paramList)) { IntPtr pReturnAuthenticator = outParamList[5]; ReturnAuthenticator = TypeMarshal.ToNullableStruct<_NETLOGON_AUTHENTICATOR>(pReturnAuthenticator); IntPtr pEncryptedNewOwfPassword = outParamList[6]; EncryptedNewOwfPassword = TypeMarshal.ToNullableStruct<_NT_OWF_PASSWORD>(pEncryptedNewOwfPassword); IntPtr pEncryptedOldOwfPassword = outParamList[7]; EncryptedOldOwfPassword = TypeMarshal.ToNullableStruct<_NT_OWF_PASSWORD>(pEncryptedOldOwfPassword); retVal = outParamList[8].ToInt32(); } pTrustedDcName.Dispose(); pAccountName.Dispose(); pComputerName.Dispose(); pAuthenticator.Dispose(); return (NtStatus)retVal; }
/// <summary> /// The NetrDatabaseRedo method is used by a BDC to request /// information about a single account from the PDC. Opnum: 17 /// </summary> /// <param name="primaryName"> /// The custom RPC binding handle /// representing the connection to the PDC. /// </param> /// <param name="computerName"> /// The null-terminated Unicode string that contains the /// NetBIOS name of the BDC calling this method. /// </param> /// <param name="authenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, /// that contains the client authenticator. /// </param> /// <param name="returnAuthenticator"> /// A pointer to a NETLOGON_AUTHENTICATOR structure, /// that contains the server return /// authenticator. /// </param> /// <param name="changeLogEntry"> /// A pointer to a buffer that contains a CHANGELOG_ENTRY /// structure, specified as follows, for the account being /// queried. /// </param> /// <param name="changeLogEntrySize"> /// The size, in bytes, of the buffer pointed to by the /// ChangeLogEntry parameter. /// </param> /// <param name="deltaArray"> /// A pointer to a NETLOGON_DELTA_ENUM_ARRAY structure, /// that contains an array of /// enumerated database changes for the account being queried. /// </param> /// <returns> /// The method returns 0x00000000 on success; /// otherwise, it returns a nonzero error code. /// </returns> public NtStatus NetrDatabaseRedo( string primaryName, string computerName, _NETLOGON_AUTHENTICATOR? authenticator, ref _NETLOGON_AUTHENTICATOR? returnAuthenticator, byte[] changeLogEntry, uint changeLogEntrySize, out _NETLOGON_DELTA_ENUM_ARRAY? deltaArray) { NtStatus status = rpc.NetrDatabaseRedo( primaryName, computerName, authenticator, ref returnAuthenticator, changeLogEntry, changeLogEntrySize, out deltaArray); context.ConnectionStatus = status; return status; }