/*++ Copyright (c) 1990 Microsoft Corporation Module Name: LOGON.IDL Abstract: Contains the Netr (Net Remote) RPC interface specification for the API associated with the Netlogon Service. Also contains the RPC specific data structures for these API. Author: Cliff Van Dyke (CliffV) 25-Jun-1991 Environment: User Mode - Win32 Revision History: 25-Jun-1991 CliffV created 04-Apr-1992 MadanA Added support for LSA replication. --*/ // // Interface Attributes // [ uuid(12345678-1234-ABCD-EF00-01234567CFFB), version(1.0), #ifdef __midl ms_union, #endif // __midl pointer_default(unique) ] // // Interface Keyword // interface logon // // Interface Body // { #define _RPC_ import "imports.idl"; // import all the include files #include // Needed for prototype below #define NL_MAX_RPC_ENTRY_COUNT 32000 // max number of entries that the server should allocate memory for // // FunctionCode values for I_NetLogonControl. // #define NETLOGON_CONTROL_QUERY 1 // No-op: just query #define NETLOGON_CONTROL_REPLICATE 2 // Force replicate on BDC #define NETLOGON_CONTROL_SYNCHRONIZE 3 // Force synchronize on BDC #define NETLOGON_CONTROL_PDC_REPLICATE 4 // Force PDC to broadcast change #define NETLOGON_CONTROL_REDISCOVER 5 // Force to re-discover trusted domain DCs #define NETLOGON_CONTROL_TC_QUERY 6 // Query status of specified trusted channel status #define NETLOGON_CONTROL_TRANSPORT_NOTIFY 7 // Notify netlogon that a new transport has come online #define NETLOGON_CONTROL_FIND_USER 8 // Find named user in a trusted domain #define NETLOGON_CONTROL_CHANGE_PASSWORD 9 // Change machine password on a secure channel to a trusted domain #define NETLOGON_CONTROL_TC_VERIFY 10 // Verify status of specified trusted channel #define NETLOGON_CONTROL_FORCE_DNS_REG 11 // Force DNS re-registration of all registered records #define NETLOGON_CONTROL_QUERY_DNS_REG 12 // Query the status of DNS updates // Debug function codes #define NETLOGON_CONTROL_BACKUP_CHANGE_LOG 0xFFFC #define NETLOGON_CONTROL_TRUNCATE_LOG 0xFFFD #define NETLOGON_CONTROL_SET_DBFLAG 0xFFFE #define NETLOGON_CONTROL_BREAKPOINT 0xFFFF typedef [handle] wchar_t * LOGONSRV_HANDLE; // // Data types for rpc stubs. // // ?? the following data types should come from LSA or SAM idl definitions // // We must hide the PSID in a structure to avoid too many *'s in a // field that uses size_is - otherwise MIDL has a fit. // typedef struct _NLPR_SID_INFORMATION { PISID SidPointer; } NLPR_SID_INFORMATION, *PNLPR_SID_INFORMATION; // // Define an array of pointers to SIDs // typedef struct _NLPR_SID_ARRAY { // // Indicates the number of Elements in the array. // ULONG Count; // // Points to the array of sid-pointers // [size_is(Count)] PNLPR_SID_INFORMATION Sids; } NLPR_SID_ARRAY, *PNLPR_SID_ARRAY; // // Two-way encrypted value structure in Self-relative form. This // is just like a String. // typedef struct _NLPR_CR_CIPHER_VALUE { ULONG Length; ULONG MaximumLength; [size_is(MaximumLength), length_is(Length)] PUCHAR Buffer; } NLPR_CR_CIPHER_VALUE, *PNLPR_CR_CIPHER_VALUE; typedef struct _NLPR_LOGON_HOURS { USHORT UnitsPerWeek; // // Points to an array of bitmask. The bits represent either days, // hours or minutes in the week depending upon the value of // UnitsPerWeek. (Technically, they could represent any division of // time not finer than minute granularity). // Day granularity is specified by specifying SAM_DAYS_PER_WEEK. // Hours granularity is specified by specifying SAM_HOURS_PER_WEEK. // Minute granularity is specified by specifying // SAM_MINUTES_PER_WEEK. The number of bytes pointed to by this // field is ((UnitsPerWeek + 7) / 8) and may not exceed // ((SAM_MINUTES_PER_WEEK+7)/8 == 1260). // [size_is(1260), length_is((UnitsPerWeek+7)/8)] PUCHAR LogonHours; } NLPR_LOGON_HOURS, *PNLPR_LOGON_HOURS; typedef struct _NLPR_USER_PRIVATE_INFO { BOOLEAN SensitiveData; // // If SesitiveData is TRUE then the data is encrypted using // sessionkey across wire. // ULONG DataLength; [size_is(DataLength)] PUCHAR Data; } NLPR_USER_PRIVATE_INFO, *PNLPR_USER_PRIVATE_INFO; typedef struct _NLPR_MODIFIED_COUNT { OLD_LARGE_INTEGER ModifiedCount; } NLPR_MODIFIED_COUNT, *PNLPR_MODIFIED_COUNT; typedef struct _NLPR_QUOTA_LIMITS { ULONG PagedPoolLimit; ULONG NonPagedPoolLimit; ULONG MinimumWorkingSetSize; ULONG MaximumWorkingSetSize; ULONG PagefileLimit; OLD_LARGE_INTEGER TimeLimit; } NLPR_QUOTA_LIMITS, *PNLPR_QUOTA_LIMITS; // // Enumeration structure returned from I_NetSamDeltas and I_NetSamSync // // // Structure to completely describe a user. // typedef struct _NETLOGON_DELTA_USER { UNICODE_STRING UserName; UNICODE_STRING FullName; ULONG UserId; ULONG PrimaryGroupId; UNICODE_STRING HomeDirectory; UNICODE_STRING HomeDirectoryDrive; UNICODE_STRING ScriptPath; UNICODE_STRING AdminComment; UNICODE_STRING WorkStations; OLD_LARGE_INTEGER LastLogon; OLD_LARGE_INTEGER LastLogoff; NLPR_LOGON_HOURS LogonHours; USHORT BadPasswordCount; USHORT LogonCount; OLD_LARGE_INTEGER PasswordLastSet; OLD_LARGE_INTEGER AccountExpires; ULONG UserAccountControl; // // The following fields are duplicates of information already in // the Private data. Starting in NT 3.51, these fields are zeroed. // ENCRYPTED_NT_OWF_PASSWORD EncryptedNtOwfPassword; ENCRYPTED_LM_OWF_PASSWORD EncryptedLmOwfPassword; BOOLEAN NtPasswordPresent; BOOLEAN LmPasswordPresent; BOOLEAN PasswordExpired; UNICODE_STRING UserComment; UNICODE_STRING Parameters; USHORT CountryCode; USHORT CodePage; NLPR_USER_PRIVATE_INFO PrivateData; // password history SECURITY_INFORMATION SecurityInformation; ULONG SecuritySize; [size_is(SecuritySize)] PUCHAR SecurityDescriptor; UNICODE_STRING DummyString1; // used for profile path. UNICODE_STRING DummyString2; UNICODE_STRING DummyString3; UNICODE_STRING DummyString4; ULONG DummyLong1; // used for LastBadPasswordTime.HighPart ULONG DummyLong2; // used for LastBadPasswordTime.LowPart ULONG DummyLong3; ULONG DummyLong4; } NETLOGON_DELTA_USER, *PNETLOGON_DELTA_USER; // // Structure to completely describe a group. // typedef struct _NETLOGON_DELTA_GROUP { UNICODE_STRING Name; ULONG RelativeId; ULONG Attributes; UNICODE_STRING AdminComment; SECURITY_INFORMATION SecurityInformation; ULONG SecuritySize; [size_is(SecuritySize)] PUCHAR SecurityDescriptor; UNICODE_STRING DummyString1; UNICODE_STRING DummyString2; UNICODE_STRING DummyString3; UNICODE_STRING DummyString4; ULONG DummyLong1; ULONG DummyLong2; ULONG DummyLong3; ULONG DummyLong4; } NETLOGON_DELTA_GROUP, *PNETLOGON_DELTA_GROUP; // // Structure to completely describe all the members of a group. // typedef struct _NETLOGON_DELTA_GROUP_MEMBER { [size_is(MemberCount)] PULONG MemberIds; [size_is(MemberCount)] PULONG Attributes; ULONG MemberCount; ULONG DummyLong1; ULONG DummyLong2; ULONG DummyLong3; ULONG DummyLong4; } NETLOGON_DELTA_GROUP_MEMBER, *PNETLOGON_DELTA_GROUP_MEMBER; // // Structure to completely describe a alias. // typedef struct _NETLOGON_DELTA_ALIAS { UNICODE_STRING Name; ULONG RelativeId; // UNICODE_STRING AdminComment; SECURITY_INFORMATION SecurityInformation; ULONG SecuritySize; [size_is(SecuritySize)] PUCHAR SecurityDescriptor; UNICODE_STRING DummyString1; // used for admin comment UNICODE_STRING DummyString2; UNICODE_STRING DummyString3; UNICODE_STRING DummyString4; ULONG DummyLong1; ULONG DummyLong2; ULONG DummyLong3; ULONG DummyLong4; } NETLOGON_DELTA_ALIAS, *PNETLOGON_DELTA_ALIAS; // // Structure to completely describe all the members of a alias. // typedef struct _NETLOGON_DELTA_ALIAS_MEMBER { NLPR_SID_ARRAY Members; ULONG DummyLong1; ULONG DummyLong2; ULONG DummyLong3; ULONG DummyLong4; } NETLOGON_DELTA_ALIAS_MEMBER, *PNETLOGON_DELTA_ALIAS_MEMBER; // // Structure to completely describe a domain. // typedef struct _NETLOGON_DELTA_DOMAIN { UNICODE_STRING DomainName; UNICODE_STRING OemInformation; OLD_LARGE_INTEGER ForceLogoff; USHORT MinPasswordLength; USHORT PasswordHistoryLength; OLD_LARGE_INTEGER MaxPasswordAge; OLD_LARGE_INTEGER MinPasswordAge; OLD_LARGE_INTEGER DomainModifiedCount; OLD_LARGE_INTEGER DomainCreationTime; // All this information is maintained separately on each system. #ifdef notdef UNICODE_STRING ReplicaSourceNodeName; DOMAIN_SERVER_ENABLE_STATE DomainServerState; DOMAIN_SERVER_ROLE DomainServerRole; #endif // notdef SECURITY_INFORMATION SecurityInformation; ULONG SecuritySize; [size_is(SecuritySize)] PUCHAR SecurityDescriptor; UNICODE_STRING DummyString1; // used to replicate DOMAIN_LOCKOUT_INFORMATION UNICODE_STRING DummyString2; UNICODE_STRING DummyString3; UNICODE_STRING DummyString4; ULONG DummyLong1; // used to replicate PasswordProperties ULONG DummyLong2; ULONG DummyLong3; ULONG DummyLong4; } NETLOGON_DELTA_DOMAIN, *PNETLOGON_DELTA_DOMAIN; typedef struct _NETLOGON_DELTA_RENAME { UNICODE_STRING OldName; UNICODE_STRING NewName; UNICODE_STRING DummyString1; UNICODE_STRING DummyString2; UNICODE_STRING DummyString3; UNICODE_STRING DummyString4; ULONG DummyLong1; ULONG DummyLong2; ULONG DummyLong3; ULONG DummyLong4; } NETLOGON_RENAME_GROUP, *PNETLOGON_DELTA_RENAME_GROUP, NETLOGON_RENAME_USER, *PNETLOGON_DELTA_RENAME_USER, NETLOGON_RENAME_ALIAS, *PNETLOGON_DELTA_RENAME_ALIAS; typedef struct _NETLOGON_DELTA_POLICY { ULONG MaximumLogSize; OLD_LARGE_INTEGER AuditRetentionPeriod; BOOLEAN AuditingMode; ULONG MaximumAuditEventCount; [size_is(MaximumAuditEventCount + 1)] PULONG EventAuditingOptions; UNICODE_STRING PrimaryDomainName; PISID PrimaryDomainSid; NLPR_QUOTA_LIMITS QuotaLimits; OLD_LARGE_INTEGER ModifiedId; OLD_LARGE_INTEGER DatabaseCreationTime; SECURITY_INFORMATION SecurityInformation; ULONG SecuritySize; [size_is(SecuritySize)] PUCHAR SecurityDescriptor; UNICODE_STRING DummyString1; UNICODE_STRING DummyString2; UNICODE_STRING DummyString3; UNICODE_STRING DummyString4; ULONG DummyLong1; ULONG DummyLong2; ULONG DummyLong3; ULONG DummyLong4; } NETLOGON_DELTA_POLICY, *PNETLOGON_DELTA_POLICY; typedef struct _NETLOGON_DELTA_TRUSTED_DOMAINS { UNICODE_STRING DomainName; ULONG NumControllerEntries; [size_is(NumControllerEntries)] PUNICODE_STRING ControllerNames; SECURITY_INFORMATION SecurityInformation; ULONG SecuritySize; [size_is(SecuritySize)] PUCHAR SecurityDescriptor; UNICODE_STRING DummyString1; UNICODE_STRING DummyString2; UNICODE_STRING DummyString3; UNICODE_STRING DummyString4; ULONG DummyLong1; // used for posix offset. ULONG DummyLong2; ULONG DummyLong3; ULONG DummyLong4; } NETLOGON_DELTA_TRUSTED_DOMAINS, *PNETLOGON_DELTA_TRUSTED_DOMAINS; typedef struct _NETLOGON_DELTA_ACCOUNTS { ULONG PrivilegeEntries; ULONG PrivilegeControl; [size_is(PrivilegeEntries)] PULONG PrivilegeAttributes; [size_is(PrivilegeEntries)] PUNICODE_STRING PrivilegeNames; NLPR_QUOTA_LIMITS QuotaLimits; ULONG SystemAccessFlags; SECURITY_INFORMATION SecurityInformation; ULONG SecuritySize; [size_is(SecuritySize)] PUCHAR SecurityDescriptor; UNICODE_STRING DummyString1; UNICODE_STRING DummyString2; UNICODE_STRING DummyString3; UNICODE_STRING DummyString4; ULONG DummyLong1; ULONG DummyLong2; ULONG DummyLong3; ULONG DummyLong4; } NETLOGON_DELTA_ACCOUNTS, *PNETLOGON_DELTA_ACCOUNTS; typedef struct _NETLOGON_DELTA_SECRET { NLPR_CR_CIPHER_VALUE CurrentValue; OLD_LARGE_INTEGER CurrentValueSetTime; NLPR_CR_CIPHER_VALUE OldValue; OLD_LARGE_INTEGER OldValueSetTime; SECURITY_INFORMATION SecurityInformation; ULONG SecuritySize; [size_is(SecuritySize)] PUCHAR SecurityDescriptor; UNICODE_STRING DummyString1; UNICODE_STRING DummyString2; UNICODE_STRING DummyString3; UNICODE_STRING DummyString4; ULONG DummyLong1; ULONG DummyLong2; ULONG DummyLong3; ULONG DummyLong4; } NETLOGON_DELTA_SECRET, *PNETLOGON_DELTA_SECRET; typedef struct _NETLOGON_DELTA_DELETE { [string] wchar_t * AccountName; UNICODE_STRING DummyString1; UNICODE_STRING DummyString2; UNICODE_STRING DummyString3; UNICODE_STRING DummyString4; ULONG DummyLong1; ULONG DummyLong2; ULONG DummyLong3; ULONG DummyLong4; } NETLOGON_DELTA_DELETE_GROUP, *PNETLOGON_DELTA_DELETE_GROUP, NETLOGON_DELTA_DELETE_USER, *PNETLOGON_DELTA_DELETE_USER; // // A Union of each of the above types. // typedef [switch_type(NETLOGON_DELTA_TYPE)] union _NETLOGON_DELTA_UNION { [case(AddOrChangeDomain)] PNETLOGON_DELTA_DOMAIN DeltaDomain; [case(AddOrChangeGroup)] PNETLOGON_DELTA_GROUP DeltaGroup; [case(RenameGroup)] PNETLOGON_DELTA_RENAME_GROUP DeltaRenameGroup; [case(AddOrChangeUser)] PNETLOGON_DELTA_USER DeltaUser; [case(RenameUser)] PNETLOGON_DELTA_RENAME_USER DeltaRenameUser; [case(ChangeGroupMembership)] PNETLOGON_DELTA_GROUP_MEMBER DeltaGroupMember; [case(AddOrChangeAlias)] PNETLOGON_DELTA_ALIAS DeltaAlias; [case(RenameAlias)] PNETLOGON_DELTA_RENAME_ALIAS DeltaRenameAlias; [case(ChangeAliasMembership)] PNETLOGON_DELTA_ALIAS_MEMBER DeltaAliasMember; [case(AddOrChangeLsaPolicy)] PNETLOGON_DELTA_POLICY DeltaPolicy; [case(AddOrChangeLsaTDomain)] PNETLOGON_DELTA_TRUSTED_DOMAINS DeltaTDomains; [case(AddOrChangeLsaAccount)] PNETLOGON_DELTA_ACCOUNTS DeltaAccounts; [case(AddOrChangeLsaSecret)] PNETLOGON_DELTA_SECRET DeltaSecret; [case(DeleteGroupByName)] PNETLOGON_DELTA_DELETE_GROUP DeltaDeleteGroup; [case(DeleteUserByName)] PNETLOGON_DELTA_DELETE_USER DeltaDeleteUser; [case(SerialNumberSkip)] PNLPR_MODIFIED_COUNT DeltaSerialNumberSkip; [default] ; // Ship nothing for Delete Cases } NETLOGON_DELTA_UNION, *PNETLOGON_DELTA_UNION; typedef [switch_type(NETLOGON_DELTA_TYPE)] union _NETLOGON_DELTA_ID_UNION { [case(AddOrChangeDomain, AddOrChangeGroup, DeleteGroup, RenameGroup, AddOrChangeUser, DeleteUser, RenameUser, ChangeGroupMembership, AddOrChangeAlias, DeleteAlias, RenameAlias, ChangeAliasMembership, DeleteGroupByName, DeleteUserByName )] ULONG Rid; [case(AddOrChangeLsaPolicy, AddOrChangeLsaTDomain, DeleteLsaTDomain, AddOrChangeLsaAccount, DeleteLsaAccount)] PISID Sid; [case(AddOrChangeLsaSecret, DeleteLsaSecret)] [string] wchar_t * Name; [default] ; } NETLOGON_DELTA_ID_UNION, *PNETLOGON_DELTA_ID_UNION; // // A common structure to describe a single enumerated object. // typedef struct _NETLOGON_DELTA_ENUM { NETLOGON_DELTA_TYPE DeltaType; [switch_is(DeltaType)] NETLOGON_DELTA_ID_UNION DeltaID; [switch_is(DeltaType)] NETLOGON_DELTA_UNION DeltaUnion; } NETLOGON_DELTA_ENUM, *PNETLOGON_DELTA_ENUM; // // Structure that defines the array of enumerated objects. // typedef struct _NETLOGON_DELTA_ENUM_ARRAY { DWORD CountReturned; [size_is(CountReturned)] PNETLOGON_DELTA_ENUM Deltas; } NETLOGON_DELTA_ENUM_ARRAY, *PNETLOGON_DELTA_ENUM_ARRAY; // // Function Prototypes - Logon Service // NET_API_STATUS NetrLogonUasLogon ( [in,unique,string] LOGONSRV_HANDLE ServerName, [in, string] wchar_t * UserName, [in, string] wchar_t * Workstation, [out] PNETLOGON_VALIDATION_UAS_INFO *ValidationInformation ); NET_API_STATUS NetrLogonUasLogoff ( [in,unique,string] LOGONSRV_HANDLE ServerName, [in, string] wchar_t * UserName, [in, string] wchar_t * Workstation, [out] PNETLOGON_LOGOFF_UAS_INFO LogoffInformation ); // // NetrLogonSam routines // typedef [switch_type(enum _NETLOGON_LOGON_INFO_CLASS)] union _NETLOGON_LEVEL { [case(NetlogonInteractiveInformation)] PNETLOGON_INTERACTIVE_INFO LogonInteractive; [case(NetlogonInteractiveTransitiveInformation)] PNETLOGON_INTERACTIVE_INFO LogonInteractiveTransitive; [case(NetlogonServiceInformation)] PNETLOGON_SERVICE_INFO LogonService; [case(NetlogonServiceTransitiveInformation)] PNETLOGON_SERVICE_INFO LogonServiceTransitive; [case(NetlogonNetworkInformation)] PNETLOGON_NETWORK_INFO LogonNetwork; [case(NetlogonNetworkTransitiveInformation)] PNETLOGON_NETWORK_INFO LogonNetworkTransitive; [case(NetlogonGenericInformation)] PNETLOGON_GENERIC_INFO LogonGeneric; [default] ; } NETLOGON_LEVEL, * PNETLOGON_LEVEL; typedef [switch_type(enum _NETLOGON_VALIDATION_INFO_CLASS)] union _NETLOGON_VALIDATION { [case(NetlogonValidationSamInfo)] PNETLOGON_VALIDATION_SAM_INFO ValidationSam; [case(NetlogonValidationSamInfo2)] PNETLOGON_VALIDATION_SAM_INFO2 ValidationSam2; [case(NetlogonValidationGenericInfo)] PNETLOGON_VALIDATION_GENERIC_INFO ValidationGeneric; [case(NetlogonValidationGenericInfo2)] PNETLOGON_VALIDATION_GENERIC_INFO2 ValidationGeneric2; [case(NetlogonValidationSamInfo4)] PNETLOGON_VALIDATION_SAM_INFO4 ValidationSam4; [default] ; } NETLOGON_VALIDATION, * PNETLOGON_VALIDATION; NTSTATUS NetrLogonSamLogon ( [in,unique,string] LOGONSRV_HANDLE LogonServer, [in,string,unique] wchar_t * ComputerName, [in,unique] PNETLOGON_AUTHENTICATOR Authenticator, [in,out,unique] PNETLOGON_AUTHENTICATOR ReturnAuthenticator, [in] NETLOGON_LOGON_INFO_CLASS LogonLevel, [in,switch_is(LogonLevel)] PNETLOGON_LEVEL LogonInformation, [in] NETLOGON_VALIDATION_INFO_CLASS ValidationLevel, [out,switch_is(ValidationLevel)] PNETLOGON_VALIDATION ValidationInformation, [out] PBOOLEAN Authoritative ); NTSTATUS NetrLogonSamLogoff ( [in,unique,string] LOGONSRV_HANDLE LogonServer, [in,string,unique] wchar_t * ComputerName, [in,unique] PNETLOGON_AUTHENTICATOR Authenticator, [in,out,unique] PNETLOGON_AUTHENTICATOR ReturnAuthenticator, [in] NETLOGON_LOGON_INFO_CLASS LogonLevel, [in,switch_is(LogonLevel)] PNETLOGON_LEVEL LogonInformation ); NTSTATUS NetrServerReqChallenge ( [in,unique,string] LOGONSRV_HANDLE PrimaryName, [in, string] wchar_t * ComputerName, [in] PNETLOGON_CREDENTIAL ClientChallenge, [out] PNETLOGON_CREDENTIAL ServerChallenge ); NTSTATUS NetrServerAuthenticate ( [in,unique,string] LOGONSRV_HANDLE PrimaryName, [in,string] wchar_t * AccountName, [in] NETLOGON_SECURE_CHANNEL_TYPE AccountType, [in, string] wchar_t * ComputerName, [in] PNETLOGON_CREDENTIAL ClientCredential, [out] PNETLOGON_CREDENTIAL ServerCredential ); NTSTATUS NetrServerPasswordSet ( [in,unique,string] LOGONSRV_HANDLE PrimaryName, [in,string] wchar_t * AccountName, [in] NETLOGON_SECURE_CHANNEL_TYPE AccountType, [in, string] wchar_t * ComputerName, [in] PNETLOGON_AUTHENTICATOR Authenticator, [out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator, [in] PENCRYPTED_LM_OWF_PASSWORD UasNewPassword ); // // Replication Routines // NTSTATUS NetrDatabaseDeltas ( [in, string] LOGONSRV_HANDLE primaryname, [in, string] wchar_t * computername, [in] PNETLOGON_AUTHENTICATOR authenticator, [in,out] PNETLOGON_AUTHENTICATOR ret_auth, [in] DWORD DatabaseID, [in, out] PNLPR_MODIFIED_COUNT DomainModifiedCount, [out] PNETLOGON_DELTA_ENUM_ARRAY *DeltaArray, [in] DWORD PreferredMaximumLength ); NTSTATUS NetrDatabaseSync ( [in, string] LOGONSRV_HANDLE PrimaryName, [in, string] wchar_t * ComputerName, [in] PNETLOGON_AUTHENTICATOR Authenticator, [in,out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator, [in] DWORD DatabaseID, [in, out] PULONG SyncContext, [out] PNETLOGON_DELTA_ENUM_ARRAY *DeltaArray, [in] DWORD PreferredMaximumLength ); NTSTATUS NetrAccountDeltas ( [in, unique, string] LOGONSRV_HANDLE PrimaryName, [in, string] wchar_t * ComputerName, [in] PNETLOGON_AUTHENTICATOR Authenticator, [in,out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator, [in] PUAS_INFO_0 RecordId, [in] DWORD Count, [in] DWORD Level, [out, size_is(BufferSize)] LPBYTE Buffer, [in] DWORD BufferSize, [out] PULONG CountReturned, [out] PULONG TotalEntries, [out] PUAS_INFO_0 NextRecordId ); NTSTATUS NetrAccountSync ( [in, unique, string] LOGONSRV_HANDLE PrimaryName, [in, string] wchar_t * ComputerName, [in] PNETLOGON_AUTHENTICATOR Authenticator, [in,out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator, [in] DWORD Reference, [in] DWORD Level, [out, size_is(BufferSize) ] LPBYTE Buffer, [in] DWORD BufferSize, [out] PULONG CountReturned, [out] PULONG TotalEntries, [out] PULONG NextReference, [out] PUAS_INFO_0 LastRecordId ); NET_API_STATUS NetrGetDCName ( [in, string] LOGONSRV_HANDLE ServerName, [in, unique, string] wchar_t *DomainName, [out, string] wchar_t **Buffer ); // // I_NetLogonControl // typedef [switch_type(DWORD)] union _NETLOGON_CONTROL_DATA_INFORMATION { [case(NETLOGON_CONTROL_REDISCOVER, NETLOGON_CONTROL_TC_QUERY, NETLOGON_CONTROL_CHANGE_PASSWORD, NETLOGON_CONTROL_TC_VERIFY)] [string] wchar_t * TrustedDomainName; [case(NETLOGON_CONTROL_SET_DBFLAG)] DWORD DebugFlag; [case(NETLOGON_CONTROL_FIND_USER)] [string] wchar_t * UserName; [default] ; } NETLOGON_CONTROL_DATA_INFORMATION, * PNETLOGON_CONTROL_DATA_INFORMATION; typedef [switch_type(DWORD)] union _NETLOGON_CONTROL_QUERY_INFORMATION { [case(1)] PNETLOGON_INFO_1 NetlogonInfo1; [case(2)] PNETLOGON_INFO_2 NetlogonInfo2; [case(3)] PNETLOGON_INFO_3 NetlogonInfo3; [case(4)] PNETLOGON_INFO_4 NetlogonInfo4; [default] ; } NETLOGON_CONTROL_QUERY_INFORMATION, * PNETLOGON_CONTROL_QUERY_INFORMATION; NET_API_STATUS NetrLogonControl( [in, unique, string] LOGONSRV_HANDLE ServerName, [in] DWORD FunctionCode, [in] DWORD QueryLevel, [out,switch_is(QueryLevel)] PNETLOGON_CONTROL_QUERY_INFORMATION Buffer ); NET_API_STATUS NetrGetAnyDCName ( [in, unique, string] LOGONSRV_HANDLE ServerName, [in, unique, string] wchar_t *DomainName, [out, string] wchar_t **Buffer ); NET_API_STATUS NetrLogonControl2( [in, unique, string] LOGONSRV_HANDLE ServerName, [in] DWORD FunctionCode, [in] DWORD QueryLevel, [in,switch_is(FunctionCode)] PNETLOGON_CONTROL_DATA_INFORMATION Data, [out,switch_is(QueryLevel)] PNETLOGON_CONTROL_QUERY_INFORMATION Buffer ); NTSTATUS NetrServerAuthenticate2 ( [in,unique,string] LOGONSRV_HANDLE PrimaryName, [in,string] wchar_t * AccountName, [in] NETLOGON_SECURE_CHANNEL_TYPE AccountType, [in, string] wchar_t * ComputerName, [in] PNETLOGON_CREDENTIAL ClientCredential, [out] PNETLOGON_CREDENTIAL ServerCredential, [in,out] PULONG NegotiateFlags ); // // The Sync state indicates tracks the progression of the sync. // NlSynchronize() depends on these being in order. // typedef enum _SYNC_STATE { NormalState, DomainState, GroupState, UasBuiltinGroupState, UserState, GroupMemberState, AliasState, AliasMemberState, SamDoneState } SYNC_STATE, *PSYNC_STATE; NTSTATUS NetrDatabaseSync2 ( [in, string] LOGONSRV_HANDLE PrimaryName, [in, string] wchar_t * ComputerName, [in] PNETLOGON_AUTHENTICATOR Authenticator, [in,out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator, [in] DWORD DatabaseID, [in] SYNC_STATE RestartState, [in, out] PULONG SyncContext, [out] PNETLOGON_DELTA_ENUM_ARRAY *DeltaArray, [in] DWORD PreferredMaximumLength ); NTSTATUS NetrDatabaseRedo( [in, string] LOGONSRV_HANDLE PrimaryName, [in, string] wchar_t * ComputerName, [in] PNETLOGON_AUTHENTICATOR Authenticator, [in,out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator, [in, size_is(ChangeLogEntrySize)] PUCHAR ChangeLogEntry, [in] DWORD ChangeLogEntrySize, [out] PNETLOGON_DELTA_ENUM_ARRAY *DeltaArray ); // Same as NetrLogonControl2, but support QueryLevel of 4 // and function code of NETLOGON_CONTROL_FIND_USER NET_API_STATUS NetrLogonControl2Ex( [in, unique, string] LOGONSRV_HANDLE ServerName, [in] DWORD FunctionCode, [in] DWORD QueryLevel, [in,switch_is(FunctionCode)] PNETLOGON_CONTROL_DATA_INFORMATION Data, [out,switch_is(QueryLevel)] PNETLOGON_CONTROL_QUERY_INFORMATION Buffer ); // // Routine to enumerate trusted domains. // typedef struct _DOMAIN_NAME_BUFFER { ULONG DomainNameByteCount; [unique, size_is(DomainNameByteCount)] PUCHAR DomainNames; } DOMAIN_NAME_BUFFER, *PDOMAIN_NAME_BUFFER; NTSTATUS NetrEnumerateTrustedDomains ( [in, unique, string] LOGONSRV_HANDLE ServerName, [out] PDOMAIN_NAME_BUFFER DomainNameBuffer ); // // Routine to find a DC. // NET_API_STATUS DsrGetDcName( [in, unique, string ] LOGONSRV_HANDLE ComputerName, [in, unique, string] wchar_t * DomainName, [in, unique] GUID *DomainGuid, [in, unique] GUID *SiteGuid, [in] ULONG Flags, [out] PDOMAIN_CONTROLLER_INFOW *DomainControllerInfo ); // // Routine used between NT 4.0 and NT 5.0 beta 1 // typedef [switch_type(DWORD)] union _NETLOGON_DUMMY1 { [case(1)] ULONG Dummy; } NETLOGON_DUMMY1, *PNETLOGON_DUMMY1; NTSTATUS NetrLogonDummyRoutine1( [in, string] LOGONSRV_HANDLE ServerName, [in,string,unique] wchar_t * ComputerName, [in] PNETLOGON_AUTHENTICATOR Authenticator, [in,out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator, [in] DWORD QueryLevel, [out,switch_is(QueryLevel)] PNETLOGON_DUMMY1 Buffer ); NTSTATUS NetrLogonSetServiceBits( [in, unique, string] LOGONSRV_HANDLE ServerName, [in] DWORD ServiceBitsOfInterest, [in] DWORD ServiceBits ); // // Routines to compute a digest for a specified message using the machine trust account. // NET_API_STATUS NetrLogonGetTrustRid( [in, unique, string] LOGONSRV_HANDLE ServerName, [in,string,unique] wchar_t * DomainName, [out] PULONG Rid ); #define NL_DIGEST_SIZE 16 NET_API_STATUS NetrLogonComputeServerDigest( [in, unique, string] LOGONSRV_HANDLE ServerName, [in] ULONG Rid, [in, size_is(MessageSize)] LPBYTE Message, [in] ULONG MessageSize, [out] CHAR NewMessageDigest[NL_DIGEST_SIZE], [out] CHAR OldMessageDigest[NL_DIGEST_SIZE] ); NET_API_STATUS NetrLogonComputeClientDigest( [in, unique, string] LOGONSRV_HANDLE ServerName, [in,string,unique] wchar_t * DomainName, [in, size_is(MessageSize)] LPBYTE Message, [in] ULONG MessageSize, [out] CHAR NewMessageDigest[NL_DIGEST_SIZE], [out] CHAR OldMessageDigest[NL_DIGEST_SIZE] ); NTSTATUS NetrServerAuthenticate3 ( [in,unique,string] LOGONSRV_HANDLE PrimaryName, [in,string] wchar_t * AccountName, [in] NETLOGON_SECURE_CHANNEL_TYPE AccountType, [in, string] wchar_t * ComputerName, [in] PNETLOGON_CREDENTIAL ClientCredential, [out] PNETLOGON_CREDENTIAL ServerCredential, [in,out] PULONG NegotiateFlags, [out] PULONG AccountRid ); // // Routine to find a DC. // NET_API_STATUS DsrGetDcNameEx( [in, unique, string ] LOGONSRV_HANDLE ComputerName, [in, unique, string] wchar_t * DomainName, [in, unique] GUID *DomainGuid, [in, unique, string] wchar_t * SiteName, [in] ULONG Flags, [out] PDOMAIN_CONTROLLER_INFOW *DomainControllerInfo ); NET_API_STATUS DsrGetSiteName( [in, unique, string ] LOGONSRV_HANDLE ComputerName, [out, string] wchar_t **SiteName ); // // Routine to return information about the domain to a workstaion. // // // Values of QueryLevel #define NETLOGON_QUERY_DOMAIN_INFO 1 #define NETLOGON_QUERY_LSA_POLICY_INFO 2 typedef struct _NETLOGON_LSA_POLICY_INFO { // // LSA Policy // ULONG LsaPolicySize; [size_is(LsaPolicySize)] PUCHAR LsaPolicy; } NETLOGON_LSA_POLICY_INFO, *PNETLOGON_LSA_POLICY_INFO; typedef struct _NETLOGON_ONE_DOMAIN_INFO { UNICODE_STRING DomainName; UNICODE_STRING DnsDomainName; UNICODE_STRING DnsForestName; GUID DomainGuid; PISID DomainSid; // Passes NL_TRUST_EXTENSION structure starting after NT 5 beta 2 UNICODE_STRING TrustExtension; UNICODE_STRING DummyString2; UNICODE_STRING DummyString3; UNICODE_STRING DummyString4; ULONG DummyLong1; ULONG DummyLong2; ULONG DummyLong3; ULONG DummyLong4; } NETLOGON_ONE_DOMAIN_INFO, *PNETLOGON_ONE_DOMAIN_INFO; typedef struct _NETLOGON_DOMAIN_INFO { // // Information about the domain we're a member of. // NETLOGON_ONE_DOMAIN_INFO PrimaryDomain; // // Information about the domains trusted by the domain we're a member of. // ULONG TrustedDomainCount; [size_is(TrustedDomainCount)] PNETLOGON_ONE_DOMAIN_INFO TrustedDomains; // // LSA Policy // NETLOGON_LSA_POLICY_INFO LsaPolicy; // // Room for expansion. // UNICODE_STRING DnsHostNameInDs; UNICODE_STRING DummyString2; UNICODE_STRING DummyString3; UNICODE_STRING DummyString4; ULONG WorkstationFlags; ULONG DummyLong2; ULONG DummyLong3; ULONG DummyLong4; } NETLOGON_DOMAIN_INFO, *PNETLOGON_DOMAIN_INFO; typedef [switch_type(DWORD)] union _NETLOGON_DOMAIN_INFORMATION { [case(NETLOGON_QUERY_DOMAIN_INFO)] PNETLOGON_DOMAIN_INFO DomainInfo; [case(NETLOGON_QUERY_LSA_POLICY_INFO)] PNETLOGON_LSA_POLICY_INFO LsaPolicyInfo; } NETLOGON_DOMAIN_INFORMATION, *PNETLOGON_DOMAIN_INFORMATION; typedef struct _NETLOGON_WORKSTATION_INFO { // // LSA Policy // NETLOGON_LSA_POLICY_INFO LsaPolicy; // // Information describing the workstation. // [string] wchar_t * DnsHostName; [string] wchar_t * SiteName; [string] wchar_t * Dummy1; [string] wchar_t * Dummy2; [string] wchar_t * Dummy3; [string] wchar_t * Dummy4; UNICODE_STRING OsVersion; UNICODE_STRING OsName; UNICODE_STRING DummyString3; UNICODE_STRING DummyString4; ULONG WorkstationFlags; ULONG DummyLong2; ULONG DummyLong3; ULONG DummyLong4; } NETLOGON_WORKSTATION_INFO, *PNETLOGON_WORKSTATION_INFO; typedef [switch_type(DWORD)] union _NETLOGON_WORKSTATION_INFORMATION { [case(NETLOGON_QUERY_DOMAIN_INFO)] PNETLOGON_WORKSTATION_INFO WorkstationInfo; [case(NETLOGON_QUERY_LSA_POLICY_INFO)] PNETLOGON_WORKSTATION_INFO LsaPolicyInfo; } NETLOGON_WORKSTATION_INFORMATION, *PNETLOGON_WORKSTATION_INFORMATION; NTSTATUS NetrLogonGetDomainInfo( [in, string] LOGONSRV_HANDLE ServerName, [in,string,unique] wchar_t * ComputerName, [in] PNETLOGON_AUTHENTICATOR Authenticator, [in,out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator, [in] DWORD Level, [in,switch_is(Level)] PNETLOGON_WORKSTATION_INFORMATION WkstaBuffer, [out,switch_is(Level)] PNETLOGON_DOMAIN_INFORMATION DomBuffer ); NTSTATUS NetrServerPasswordSet2 ( [in,unique,string] LOGONSRV_HANDLE PrimaryName, [in,string] wchar_t * AccountName, [in] NETLOGON_SECURE_CHANNEL_TYPE AccountType, [in, string] wchar_t * ComputerName, [in] PNETLOGON_AUTHENTICATOR Authenticator, [out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator, [in] PNL_TRUST_PASSWORD ClearNewPassword ); NTSTATUS NetrServerPasswordGet ( [in,unique,string] LOGONSRV_HANDLE PrimaryName, [in,string] wchar_t * AccountName, [in] NETLOGON_SECURE_CHANNEL_TYPE AccountType, [in, string] wchar_t * ComputerName, [in] PNETLOGON_AUTHENTICATOR Authenticator, [out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator, [out] PENCRYPTED_NT_OWF_PASSWORD EncryptedNtOwfPassword ); NTSTATUS NetrLogonSendToSam ( [in,unique,string] LOGONSRV_HANDLE PrimaryName, [in, string] wchar_t * ComputerName, [in] PNETLOGON_AUTHENTICATOR Authenticator, [out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator, [in,size_is(OpaqueBufferSize)] PUCHAR OpaqueBuffer, [in] ULONG OpaqueBufferSize ); typedef struct _NL_SOCKET_ADDRESS { [size_is(iSockaddrLength)] PUCHAR lpSockaddr; ULONG iSockaddrLength; } NL_SOCKET_ADDRESS, *PNL_SOCKET_ADDRESS; typedef struct _NL_SITE_NAME_ARRAY { ULONG EntryCount; [size_is(EntryCount)] PUNICODE_STRING SiteNames; } NL_SITE_NAME_ARRAY, *PNL_SITE_NAME_ARRAY; NET_API_STATUS DsrAddressToSiteNamesW( [in,unique,string] LOGONSRV_HANDLE ComputerName, [in, range(0,NL_MAX_RPC_ENTRY_COUNT)] DWORD EntryCount, [in,size_is(EntryCount)] PNL_SOCKET_ADDRESS SocketAddresses, [out] PNL_SITE_NAME_ARRAY *SiteNames ); NET_API_STATUS DsrGetDcNameEx2( [in, unique, string ] LOGONSRV_HANDLE ComputerName, [in, unique, string] wchar_t * AccountName, [in] ULONG AllowableAccountControlBits, [in, unique, string] wchar_t * DomainName, [in, unique] GUID *DomainGuid, [in, unique, string] wchar_t * SiteName, [in] ULONG Flags, [out] PDOMAIN_CONTROLLER_INFOW *DomainControllerInfo ); NET_API_STATUS NetrLogonGetTimeServiceParentDomain( [in, unique, string] LOGONSRV_HANDLE ServerName, [out, string] wchar_t **DomainName, [out] PBOOL PdcSameSite ); typedef struct _NETLOGON_TRUSTED_DOMAIN_ARRAY { DWORD DomainCount; [size_is(DomainCount)] PDS_DOMAIN_TRUSTSW Domains; } NETLOGON_TRUSTED_DOMAIN_ARRAY, *PNETLOGON_TRUSTED_DOMAIN_ARRAY; NET_API_STATUS NetrEnumerateTrustedDomainsEx ( [in, unique, string] LOGONSRV_HANDLE ServerName, [out] PNETLOGON_TRUSTED_DOMAIN_ARRAY Domains ); typedef struct _NL_SITE_NAME_EX_ARRAY { ULONG EntryCount; [size_is(EntryCount)] PUNICODE_STRING SiteNames; [size_is(EntryCount)] PUNICODE_STRING SubnetNames; } NL_SITE_NAME_EX_ARRAY, *PNL_SITE_NAME_EX_ARRAY; NET_API_STATUS DsrAddressToSiteNamesExW( [in,unique,string] LOGONSRV_HANDLE ComputerName, [in, range(0,NL_MAX_RPC_ENTRY_COUNT)] DWORD EntryCount, [in,size_is(EntryCount)] PNL_SOCKET_ADDRESS SocketAddresses, [out] PNL_SITE_NAME_EX_ARRAY *SiteNames ); NET_API_STATUS DsrGetDcSiteCoverageW( [in,unique,string] LOGONSRV_HANDLE ServerName, [out] PNL_SITE_NAME_ARRAY *SiteNames ); // // Define a logon routine that uses a passed in RPC handle. // This will allow us to do multiple simultaneous RPCs over a secure channel. // NTSTATUS NetrLogonSamLogonEx ( [in] handle_t ContextHandle, [in,unique,string] wchar_t * LogonServer, [in,unique,string] wchar_t * ComputerName, [in] NETLOGON_LOGON_INFO_CLASS LogonLevel, [in,switch_is(LogonLevel)] PNETLOGON_LEVEL LogonInformation, [in] NETLOGON_VALIDATION_INFO_CLASS ValidationLevel, [out,switch_is(ValidationLevel)] PNETLOGON_VALIDATION ValidationInformation, [out] PBOOLEAN Authoritative, [in,out] PULONG ExtraFlags ); NET_API_STATUS DsrEnumerateDomainTrusts ( [in, unique, string] LOGONSRV_HANDLE ServerName, [in] ULONG Flags, [out] PNETLOGON_TRUSTED_DOMAIN_ARRAY Domains ); NET_API_STATUS DsrDeregisterDnsHostRecords ( [in, unique, string] LOGONSRV_HANDLE ServerName, [in, unique, string] wchar_t * DnsDomainName, [in, unique] GUID *DomainGuid, [in, unique] GUID *DsaGuid, [in, string] wchar_t * DnsHostName ); NTSTATUS NetrServerTrustPasswordsGet ( [in,unique,string] LOGONSRV_HANDLE TrustedDcName, [in,string] wchar_t * AccountName, [in] NETLOGON_SECURE_CHANNEL_TYPE AccountType, [in, string] wchar_t * ComputerName, [in] PNETLOGON_AUTHENTICATOR Authenticator, [out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator, [out] PENCRYPTED_NT_OWF_PASSWORD EncryptedNewOwfPassword, [out] PENCRYPTED_NT_OWF_PASSWORD EncryptedOldOwfPassword ); NET_API_STATUS DsrGetForestTrustInformation ( [in, unique, string] LOGONSRV_HANDLE ServerName, [in, unique, string] wchar_t * TrustedDomainName, [in] DWORD Flags, [out] PLSA_FOREST_TRUST_INFORMATION * ForestTrustInfo ); NTSTATUS NetrGetForestTrustInformation ( [in,unique,string] LOGONSRV_HANDLE ServerName, [in, string] wchar_t * ComputerName, [in] PNETLOGON_AUTHENTICATOR Authenticator, [out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator, [in] DWORD Flags, [out] PLSA_FOREST_TRUST_INFORMATION * ForestTrustInfo ); // This is the non-Ex version but with Flags NTSTATUS NetrLogonSamLogonWithFlags ( [in,unique,string] LOGONSRV_HANDLE LogonServer, [in,string,unique] wchar_t * ComputerName, [in,unique] PNETLOGON_AUTHENTICATOR Authenticator, [in,out,unique] PNETLOGON_AUTHENTICATOR ReturnAuthenticator, [in] NETLOGON_LOGON_INFO_CLASS LogonLevel, [in,switch_is(LogonLevel)] PNETLOGON_LEVEL LogonInformation, [in] NETLOGON_VALIDATION_INFO_CLASS ValidationLevel, [out,switch_is(ValidationLevel)] PNETLOGON_VALIDATION ValidationInformation, [out] PBOOLEAN Authoritative, [in,out] PULONG ExtraFlags ); // // Generic data sent over netlogon RPC interfaces. // // The following data structure can be used to send generic data // from the server to teh client. Suppose the client requests // an info about some property from the server over an RPC interface. // Suppose that property has several attributes (which can be // generically represented as ULONGs and/or UNICODE_STRINGS) and // suppose that the property has several versions where older versions // have more attributes. Using this generic data structure, the server // will send all N attributes for the version the server supports. Here // N is the number of attributes for the version teh server supports. // If the client is older than the server, the client will be able to // understand the first M attributes and the client will ignore the rest // of attributes. Here M is the number of attributes the client version // supports. If the client is newer than the server, the client will be // able to understand all N attributes from the server and the client // will realize that the server supports an old version of the property. // This scheme works provided the attributes are ordered by their creation // time. This technique avoids new RPC interfaces as property gets new // attributes and avoids special case coding. // typedef struct _NL_GENERIC_RPC_DATA { ULONG UlongEntryCount; [size_is(UlongEntryCount)] PULONG UlongData; ULONG UnicodeStringEntryCount; [size_is(UnicodeStringEntryCount)] PUNICODE_STRING UnicodeStringData; } NL_GENERIC_RPC_DATA, *PNL_GENERIC_RPC_DATA; NTSTATUS NetrServerGetTrustInfo ( [in,unique,string] LOGONSRV_HANDLE TrustedDcName, [in,string] wchar_t * AccountName, [in] NETLOGON_SECURE_CHANNEL_TYPE AccountType, [in, string] wchar_t * ComputerName, [in] PNETLOGON_AUTHENTICATOR Authenticator, [out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator, [out] PENCRYPTED_NT_OWF_PASSWORD EncryptedNewOwfPassword, [out] PENCRYPTED_NT_OWF_PASSWORD EncryptedOldOwfPassword, [out] PNL_GENERIC_RPC_DATA *TrustInfo ); }