source: branches/samba-3.3.x/source/librpc/idl/samr.idl

Last change on this file was 274, checked in by Herwig Bauernfeind, 16 years ago

Update 3.3 branch to 3.3.5
File size: 43.4 KB
Line 
1#include "idl_types.h"
2
3/*
4 samr interface definition
5*/
6import "misc.idl", "lsa.idl", "security.idl";
7
8/*
9 Thanks to Todd Sabin for some information from his samr.idl in acltools
10*/
11
12[ uuid("12345778-1234-abcd-ef00-0123456789ac"),
13 version(1.0),
14 endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
15 pointer_default(unique)
16] interface samr
17{
18 typedef bitmap security_secinfo security_secinfo;
19
20 /* account control (acct_flags) bits */
21 typedef [public,bitmap32bit] bitmap {
22 ACB_DISABLED = 0x00000001, /* 1 = User account disabled */
23 ACB_HOMDIRREQ = 0x00000002, /* 1 = Home directory required */
24 ACB_PWNOTREQ = 0x00000004, /* 1 = User password not required */
25 ACB_TEMPDUP = 0x00000008, /* 1 = Temporary duplicate account */
26 ACB_NORMAL = 0x00000010, /* 1 = Normal user account */
27 ACB_MNS = 0x00000020, /* 1 = MNS logon user account */
28 ACB_DOMTRUST = 0x00000040, /* 1 = Interdomain trust account */
29 ACB_WSTRUST = 0x00000080, /* 1 = Workstation trust account */
30 ACB_SVRTRUST = 0x00000100, /* 1 = Server trust account */
31 ACB_PWNOEXP = 0x00000200, /* 1 = User password does not expire */
32 ACB_AUTOLOCK = 0x00000400, /* 1 = Account auto locked */
33 ACB_ENC_TXT_PWD_ALLOWED = 0x00000800, /* 1 = Encryped text password is allowed */
34 ACB_SMARTCARD_REQUIRED = 0x00001000, /* 1 = Smart Card required */
35 ACB_TRUSTED_FOR_DELEGATION = 0x00002000, /* 1 = Trusted for Delegation */
36 ACB_NOT_DELEGATED = 0x00004000, /* 1 = Not delegated */
37 ACB_USE_DES_KEY_ONLY = 0x00008000, /* 1 = Use DES key only */
38 ACB_DONT_REQUIRE_PREAUTH = 0x00010000, /* 1 = Preauth not required */
39 ACB_PW_EXPIRED = 0x00020000, /* 1 = Password Expired */
40 ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */
41 } samr_AcctFlags;
42
43 /* SAM server specific access rights */
44
45 typedef [bitmap32bit] bitmap {
46 SAMR_ACCESS_CONNECT_TO_SERVER = 0x00000001,
47 SAMR_ACCESS_SHUTDOWN_SERVER = 0x00000002,
48 SAMR_ACCESS_INITIALIZE_SERVER = 0x00000004,
49 SAMR_ACCESS_CREATE_DOMAIN = 0x00000008,
50 SAMR_ACCESS_ENUM_DOMAINS = 0x00000010,
51 SAMR_ACCESS_LOOKUP_DOMAIN = 0x00000020
52 } samr_ConnectAccessMask;
53
54 const int SAMR_ACCESS_ALL_ACCESS = 0x0000003F;
55
56 const int GENERIC_RIGHTS_SAM_ALL_ACCESS =
57 (STANDARD_RIGHTS_REQUIRED_ACCESS |
58 SAMR_ACCESS_ALL_ACCESS);
59
60 const int GENERIC_RIGHTS_SAM_READ =
61 (STANDARD_RIGHTS_READ_ACCESS |
62 SAMR_ACCESS_ENUM_DOMAINS);
63
64 const int GENERIC_RIGHTS_SAM_WRITE =
65 (STANDARD_RIGHTS_WRITE_ACCESS |
66 SAMR_ACCESS_CREATE_DOMAIN |
67 SAMR_ACCESS_INITIALIZE_SERVER |
68 SAMR_ACCESS_SHUTDOWN_SERVER);
69
70 const int GENERIC_RIGHTS_SAM_EXECUTE =
71 (STANDARD_RIGHTS_EXECUTE_ACCESS |
72 SAMR_ACCESS_LOOKUP_DOMAIN |
73 SAMR_ACCESS_CONNECT_TO_SERVER);
74
75 /* User Object specific access rights */
76
77 typedef [bitmap32bit] bitmap {
78 SAMR_USER_ACCESS_GET_NAME_ETC = 0x00000001,
79 SAMR_USER_ACCESS_GET_LOCALE = 0x00000002,
80 SAMR_USER_ACCESS_SET_LOC_COM = 0x00000004,
81 SAMR_USER_ACCESS_GET_LOGONINFO = 0x00000008,
82 SAMR_USER_ACCESS_GET_ATTRIBUTES = 0x00000010,
83 SAMR_USER_ACCESS_SET_ATTRIBUTES = 0x00000020,
84 SAMR_USER_ACCESS_CHANGE_PASSWORD = 0x00000040,
85 SAMR_USER_ACCESS_SET_PASSWORD = 0x00000080,
86 SAMR_USER_ACCESS_GET_GROUPS = 0x00000100,
87 SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP = 0x00000200,
88 SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400
89 } samr_UserAccessMask;
90
91 const int SAMR_USER_ACCESS_ALL_ACCESS = 0x000007FF;
92
93 const int GENERIC_RIGHTS_USER_ALL_ACCESS =
94 (STANDARD_RIGHTS_REQUIRED_ACCESS |
95 SAMR_USER_ACCESS_ALL_ACCESS); /* 0x000f07ff */
96
97 const int GENERIC_RIGHTS_USER_READ =
98 (STANDARD_RIGHTS_READ_ACCESS |
99 SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP |
100 SAMR_USER_ACCESS_GET_GROUPS |
101 SAMR_USER_ACCESS_GET_ATTRIBUTES |
102 SAMR_USER_ACCESS_GET_LOGONINFO |
103 SAMR_USER_ACCESS_GET_LOCALE); /* 0x0002031a */
104
105 const int GENERIC_RIGHTS_USER_WRITE =
106 (STANDARD_RIGHTS_WRITE_ACCESS |
107 SAMR_USER_ACCESS_CHANGE_PASSWORD |
108 SAMR_USER_ACCESS_SET_LOC_COM |
109 SAMR_USER_ACCESS_SET_ATTRIBUTES |
110 SAMR_USER_ACCESS_SET_PASSWORD |
111 SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP); /* 0x000204e4 */
112
113 const int GENERIC_RIGHTS_USER_EXECUTE =
114 (STANDARD_RIGHTS_EXECUTE_ACCESS |
115 SAMR_USER_ACCESS_CHANGE_PASSWORD |
116 SAMR_USER_ACCESS_GET_NAME_ETC); /* 0x00020041 */
117
118 /* Domain Object specific access rights */
119
120 typedef [bitmap32bit] bitmap {
121 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001,
122 SAMR_DOMAIN_ACCESS_SET_INFO_1 = 0x00000002,
123 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 = 0x00000004,
124 SAMR_DOMAIN_ACCESS_SET_INFO_2 = 0x00000008,
125 SAMR_DOMAIN_ACCESS_CREATE_USER = 0x00000010,
126 SAMR_DOMAIN_ACCESS_CREATE_GROUP = 0x00000020,
127 SAMR_DOMAIN_ACCESS_CREATE_ALIAS = 0x00000040,
128 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS = 0x00000080,
129 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS = 0x00000100,
130 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT = 0x00000200,
131 SAMR_DOMAIN_ACCESS_SET_INFO_3 = 0x00000400
132 } samr_DomainAccessMask;
133
134 const int SAMR_DOMAIN_ACCESS_ALL_ACCESS = 0x000007FF;
135
136 const int GENERIC_RIGHTS_DOMAIN_ALL_ACCESS =
137 (STANDARD_RIGHTS_REQUIRED_ACCESS |
138 SAMR_DOMAIN_ACCESS_ALL_ACCESS);
139
140 const int GENERIC_RIGHTS_DOMAIN_READ =
141 (STANDARD_RIGHTS_READ_ACCESS |
142 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS |
143 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2);
144
145 const int GENERIC_RIGHTS_DOMAIN_WRITE =
146 (STANDARD_RIGHTS_WRITE_ACCESS |
147 SAMR_DOMAIN_ACCESS_SET_INFO_3 |
148 SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
149 SAMR_DOMAIN_ACCESS_CREATE_GROUP |
150 SAMR_DOMAIN_ACCESS_CREATE_USER |
151 SAMR_DOMAIN_ACCESS_SET_INFO_2 |
152 SAMR_DOMAIN_ACCESS_SET_INFO_1);
153
154 const int GENERIC_RIGHTS_DOMAIN_EXECUTE =
155 (STANDARD_RIGHTS_EXECUTE_ACCESS |
156 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
157 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
158 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1);
159
160 /* Group Object specific access rights */
161
162 typedef [bitmap32bit] bitmap {
163 SAMR_GROUP_ACCESS_LOOKUP_INFO = 0x00000001,
164 SAMR_GROUP_ACCESS_SET_INFO = 0x00000002,
165 SAMR_GROUP_ACCESS_ADD_MEMBER = 0x00000004,
166 SAMR_GROUP_ACCESS_REMOVE_MEMBER = 0x00000008,
167 SAMR_GROUP_ACCESS_GET_MEMBERS = 0x00000010
168 } samr_GroupAccessMask;
169
170 const int SAMR_GROUP_ACCESS_ALL_ACCESS = 0x0000001F;
171
172 const int GENERIC_RIGHTS_GROUP_ALL_ACCESS =
173 (STANDARD_RIGHTS_REQUIRED_ACCESS |
174 SAMR_GROUP_ACCESS_ALL_ACCESS); /* 0x000f001f */
175
176 const int GENERIC_RIGHTS_GROUP_READ =
177 (STANDARD_RIGHTS_READ_ACCESS |
178 SAMR_GROUP_ACCESS_GET_MEMBERS); /* 0x00020010 */
179
180 const int GENERIC_RIGHTS_GROUP_WRITE =
181 (STANDARD_RIGHTS_WRITE_ACCESS |
182 SAMR_GROUP_ACCESS_REMOVE_MEMBER |
183 SAMR_GROUP_ACCESS_ADD_MEMBER |
184 SAMR_GROUP_ACCESS_SET_INFO); /* 0x0002000e */
185
186 const int GENERIC_RIGHTS_GROUP_EXECUTE =
187 (STANDARD_RIGHTS_EXECUTE_ACCESS |
188 SAMR_GROUP_ACCESS_LOOKUP_INFO); /* 0x00020001 */
189
190 /* Alias Object specific access rights */
191
192 typedef [bitmap32bit] bitmap {
193 SAMR_ALIAS_ACCESS_ADD_MEMBER = 0x00000001,
194 SAMR_ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002,
195 SAMR_ALIAS_ACCESS_GET_MEMBERS = 0x00000004,
196 SAMR_ALIAS_ACCESS_LOOKUP_INFO = 0x00000008,
197 SAMR_ALIAS_ACCESS_SET_INFO = 0x00000010
198 } samr_AliasAccessMask;
199
200 const int SAMR_ALIAS_ACCESS_ALL_ACCESS = 0x0000001F;
201
202 const int GENERIC_RIGHTS_ALIAS_ALL_ACCESS =
203 (STANDARD_RIGHTS_REQUIRED_ACCESS |
204 SAMR_ALIAS_ACCESS_ALL_ACCESS); /* 0x000f001f */
205
206 const int GENERIC_RIGHTS_ALIAS_READ =
207 (STANDARD_RIGHTS_READ_ACCESS |
208 SAMR_ALIAS_ACCESS_GET_MEMBERS); /* 0x00020004 */
209
210 const int GENERIC_RIGHTS_ALIAS_WRITE =
211 (STANDARD_RIGHTS_WRITE_ACCESS |
212 SAMR_ALIAS_ACCESS_REMOVE_MEMBER |
213 SAMR_ALIAS_ACCESS_ADD_MEMBER |
214 SAMR_ALIAS_ACCESS_SET_INFO); /* 0x00020013 */
215
216 const int GENERIC_RIGHTS_ALIAS_EXECUTE =
217 (STANDARD_RIGHTS_EXECUTE_ACCESS |
218 SAMR_ALIAS_ACCESS_LOOKUP_INFO); /* 0x00020008 */
219
220 /******************/
221 /* Function: 0x00 */
222 NTSTATUS samr_Connect (
223 /* notice the lack of [string] */
224 [in,unique] uint16 *system_name,
225 [in] samr_ConnectAccessMask access_mask,
226 [out,ref] policy_handle *connect_handle
227 );
228
229
230 /******************/
231 /* Function: 0x01 */
232 [public] NTSTATUS samr_Close (
233 [in,out,ref] policy_handle *handle
234 );
235
236 /******************/
237 /* Function: 0x02 */
238
239 NTSTATUS samr_SetSecurity (
240 [in,ref] policy_handle *handle,
241 [in] security_secinfo sec_info,
242 [in,ref] sec_desc_buf *sdbuf
243 );
244
245 /******************/
246 /* Function: 0x03 */
247
248 NTSTATUS samr_QuerySecurity (
249 [in,ref] policy_handle *handle,
250 [in] security_secinfo sec_info,
251 [out,ref] sec_desc_buf **sdbuf
252 );
253
254 /******************/
255 /* Function: 0x04 */
256
257 /*
258 shutdown the SAM - once you call this the SAM will be dead
259 */
260 NTSTATUS samr_Shutdown (
261 [in,ref] policy_handle *connect_handle
262 );
263
264 /******************/
265 /* Function: 0x05 */
266 NTSTATUS samr_LookupDomain (
267 [in,ref] policy_handle *connect_handle,
268 [in,ref] lsa_String *domain_name,
269 [out,ref] dom_sid2 **sid
270 );
271
272
273 /******************/
274 /* Function: 0x06 */
275
276 typedef struct {
277 uint32 idx;
278 lsa_String name;
279 } samr_SamEntry;
280
281 typedef struct {
282 uint32 count;
283 [size_is(count)] samr_SamEntry *entries;
284 } samr_SamArray;
285
286 NTSTATUS samr_EnumDomains (
287 [in] policy_handle *connect_handle,
288 [in,out,ref] uint32 *resume_handle,
289 [out,ref] samr_SamArray **sam,
290 [in] uint32 buf_size,
291 [out,ref] uint32 *num_entries
292 );
293
294
295 /************************/
296 /* Function 0x07 */
297 [public] NTSTATUS samr_OpenDomain(
298 [in,ref] policy_handle *connect_handle,
299 [in] samr_DomainAccessMask access_mask,
300 [in,ref] dom_sid2 *sid,
301 [out,ref] policy_handle *domain_handle
302 );
303
304 /************************/
305 /* Function 0x08 */
306 /* server roles */
307 typedef [v1_enum] enum {
308 SAMR_ROLE_STANDALONE = 0,
309 SAMR_ROLE_DOMAIN_MEMBER = 1,
310 SAMR_ROLE_DOMAIN_BDC = 2,
311 SAMR_ROLE_DOMAIN_PDC = 3
312 } samr_Role;
313
314 /* password properties flags */
315 typedef [public,bitmap32bit] bitmap {
316 DOMAIN_PASSWORD_COMPLEX = 0x00000001,
317 DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002,
318 DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004,
319 DOMAIN_PASSWORD_LOCKOUT_ADMINS = 0x00000008,
320 DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010,
321 DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020
322 } samr_PasswordProperties;
323
324 typedef struct {
325 uint16 min_password_length;
326 uint16 password_history_length;
327 samr_PasswordProperties password_properties;
328 /* yes, these are signed. They are in negative 100ns */
329 dlong max_password_age;
330 dlong min_password_age;
331 } samr_DomInfo1;
332
333 typedef struct {
334 NTTIME force_logoff_time;
335 lsa_String comment;
336 lsa_String domain_name;
337 lsa_String primary; /* PDC name if this is a BDC */
338 udlong sequence_num;
339 uint32 unknown2;
340 samr_Role role;
341 uint32 unknown3;
342 uint32 num_users;
343 uint32 num_groups;
344 uint32 num_aliases;
345 } samr_DomInfo2;
346
347 typedef struct {
348 NTTIME force_logoff_time;
349 } samr_DomInfo3;
350
351 typedef struct {
352 lsa_String comment;
353 } samr_DomInfo4;
354
355 typedef struct {
356 lsa_String domain_name;
357 } samr_DomInfo5;
358
359 typedef struct {
360 lsa_String primary;
361 } samr_DomInfo6;
362
363 typedef struct {
364 samr_Role role;
365 } samr_DomInfo7;
366
367 typedef struct {
368 hyper sequence_num;
369 NTTIME domain_create_time;
370 } samr_DomInfo8;
371
372 typedef struct {
373 uint32 unknown; /* w2k3 returns 1 */
374 } samr_DomInfo9;
375
376 typedef struct {
377 samr_DomInfo2 info2;
378 hyper lockout_duration;
379 hyper lockout_window;
380 uint16 lockout_threshold;
381 } samr_DomInfo11;
382
383 typedef struct {
384 hyper lockout_duration;
385 hyper lockout_window;
386 uint16 lockout_threshold;
387 } samr_DomInfo12;
388
389 typedef struct {
390 hyper sequence_num;
391 NTTIME domain_create_time;
392 hyper modified_count_at_last_promotion;
393 } samr_DomInfo13;
394
395 typedef [switch_type(uint16)] union {
396 [case(1)] samr_DomInfo1 info1;
397 [case(2)] samr_DomInfo2 info2;
398 [case(3)] samr_DomInfo3 info3;
399 [case(4)] samr_DomInfo4 info4;
400 [case(5)] samr_DomInfo5 info5;
401 [case(6)] samr_DomInfo6 info6;
402 [case(7)] samr_DomInfo7 info7;
403 [case(8)] samr_DomInfo8 info8;
404 [case(9)] samr_DomInfo9 info9;
405 [case(11)] samr_DomInfo11 info11;
406 [case(12)] samr_DomInfo12 info12;
407 [case(13)] samr_DomInfo13 info13;
408 } samr_DomainInfo;
409
410 NTSTATUS samr_QueryDomainInfo(
411 [in,ref] policy_handle *domain_handle,
412 [in] uint16 level,
413 [out,ref,switch_is(level)] samr_DomainInfo **info
414 );
415
416 /************************/
417 /* Function 0x09 */
418 /*
419 only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
420 call in w2k3
421 */
422 NTSTATUS samr_SetDomainInfo(
423 [in,ref] policy_handle *domain_handle,
424 [in] uint16 level,
425 [in,switch_is(level),ref] samr_DomainInfo *info
426 );
427
428
429 /************************/
430 /* Function 0x0a */
431 NTSTATUS samr_CreateDomainGroup(
432 [in,ref] policy_handle *domain_handle,
433 [in,ref] lsa_String *name,
434 [in] samr_GroupAccessMask access_mask,
435 [out,ref] policy_handle *group_handle,
436 [out,ref] uint32 *rid
437 );
438
439
440 /************************/
441 /* Function 0x0b */
442
443 const int MAX_SAM_ENTRIES_W2K = 0x400; /* 1024 */
444 const int MAX_SAM_ENTRIES_W95 = 50;
445
446 NTSTATUS samr_EnumDomainGroups(
447 [in] policy_handle *domain_handle,
448 [in,out,ref] uint32 *resume_handle,
449 [out,ref] samr_SamArray **sam,
450 [in] uint32 max_size,
451 [out,ref] uint32 *num_entries
452 );
453
454 /************************/
455 /* Function 0x0c */
456 NTSTATUS samr_CreateUser(
457 [in,ref] policy_handle *domain_handle,
458 [in,ref] lsa_String *account_name,
459 [in] samr_UserAccessMask access_mask,
460 [out,ref] policy_handle *user_handle,
461 [out,ref] uint32 *rid
462 );
463
464 /************************/
465 /* Function 0x0d */
466
467
468 /* w2k3 treats max_size as max_users*54 and sets the
469 resume_handle as the rid of the last user sent
470 */
471 const int SAMR_ENUM_USERS_MULTIPLIER = 54;
472
473 NTSTATUS samr_EnumDomainUsers(
474 [in] policy_handle *domain_handle,
475 [in,out,ref] uint32 *resume_handle,
476 [in] samr_AcctFlags acct_flags,
477 [out,ref] samr_SamArray **sam,
478 [in] uint32 max_size,
479 [out,ref] uint32 *num_entries
480 );
481
482 /************************/
483 /* Function 0x0e */
484 NTSTATUS samr_CreateDomAlias(
485 [in,ref] policy_handle *domain_handle,
486 [in,ref] lsa_String *alias_name,
487 [in] samr_AliasAccessMask access_mask,
488 [out,ref] policy_handle *alias_handle,
489 [out,ref] uint32 *rid
490 );
491
492 /************************/
493 /* Function 0x0f */
494 NTSTATUS samr_EnumDomainAliases(
495 [in] policy_handle *domain_handle,
496 [in,out,ref] uint32 *resume_handle,
497 [out,ref] samr_SamArray **sam,
498 [in] uint32 max_size,
499 [out,ref] uint32 *num_entries
500 );
501
502 /************************/
503 /* Function 0x10 */
504
505 typedef struct {
506 [range(0,1024)] uint32 count;
507 [size_is(count)] uint32 *ids;
508 } samr_Ids;
509
510 NTSTATUS samr_GetAliasMembership(
511 [in,ref] policy_handle *domain_handle,
512 [in,ref] lsa_SidArray *sids,
513 [out,ref] samr_Ids *rids
514 );
515
516 /************************/
517 /* Function 0x11 */
518
519 [public] NTSTATUS samr_LookupNames(
520 [in,ref] policy_handle *domain_handle,
521 [in,range(0,1000)] uint32 num_names,
522 [in,size_is(1000),length_is(num_names)] lsa_String names[],
523 [out,ref] samr_Ids *rids,
524 [out,ref] samr_Ids *types
525 );
526
527
528 /************************/
529 /* Function 0x12 */
530 NTSTATUS samr_LookupRids(
531 [in,ref] policy_handle *domain_handle,
532 [in,range(0,1000)] uint32 num_rids,
533 [in,size_is(1000),length_is(num_rids)] uint32 rids[],
534 [out,ref] lsa_Strings *names,
535 [out,ref] samr_Ids *types
536 );
537
538 /************************/
539 /* Function 0x13 */
540 NTSTATUS samr_OpenGroup(
541 [in,ref] policy_handle *domain_handle,
542 [in] samr_GroupAccessMask access_mask,
543 [in] uint32 rid,
544 [out,ref] policy_handle *group_handle
545 );
546
547 /* Group attributes */
548 typedef [public,bitmap32bit] bitmap {
549 SE_GROUP_MANDATORY = 0x00000001,
550 SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002,
551 SE_GROUP_ENABLED = 0x00000004,
552 SE_GROUP_OWNER = 0x00000008,
553 SE_GROUP_USE_FOR_DENY_ONLY = 0x00000010,
554 SE_GROUP_RESOURCE = 0x20000000,
555 SE_GROUP_LOGON_ID = 0xC0000000
556 } samr_GroupAttrs;
557
558 /************************/
559 /* Function 0x14 */
560
561 typedef struct {
562 lsa_String name;
563 samr_GroupAttrs attributes;
564 uint32 num_members;
565 lsa_String description;
566 } samr_GroupInfoAll;
567
568 typedef struct {
569 samr_GroupAttrs attributes;
570 } samr_GroupInfoAttributes;
571
572 typedef struct {
573 lsa_String description;
574 } samr_GroupInfoDescription;
575
576 typedef enum {
577 GROUPINFOALL = 1,
578 GROUPINFONAME = 2,
579 GROUPINFOATTRIBUTES = 3,
580 GROUPINFODESCRIPTION = 4,
581 GROUPINFOALL2 = 5
582 } samr_GroupInfoEnum;
583
584 typedef [switch_type(samr_GroupInfoEnum)] union {
585 [case(GROUPINFOALL)] samr_GroupInfoAll all;
586 [case(GROUPINFONAME)] lsa_String name;
587 [case(GROUPINFOATTRIBUTES)] samr_GroupInfoAttributes attributes;
588 [case(GROUPINFODESCRIPTION)] lsa_String description;
589 [case(GROUPINFOALL2)] samr_GroupInfoAll all2;
590 } samr_GroupInfo;
591
592 NTSTATUS samr_QueryGroupInfo(
593 [in,ref] policy_handle *group_handle,
594 [in] samr_GroupInfoEnum level,
595 [out,ref,switch_is(level)] samr_GroupInfo **info
596 );
597
598 /************************/
599 /* Function 0x15 */
600 NTSTATUS samr_SetGroupInfo(
601 [in,ref] policy_handle *group_handle,
602 [in] samr_GroupInfoEnum level,
603 [in,switch_is(level),ref] samr_GroupInfo *info
604 );
605
606 /************************/
607 /* Function 0x16 */
608 NTSTATUS samr_AddGroupMember(
609 [in,ref] policy_handle *group_handle,
610 [in] uint32 rid,
611 [in] uint32 flags
612 );
613
614 /************************/
615 /* Function 0x17 */
616 NTSTATUS samr_DeleteDomainGroup(
617 [in,out,ref] policy_handle *group_handle
618 );
619
620 /************************/
621 /* Function 0x18 */
622 NTSTATUS samr_DeleteGroupMember(
623 [in,ref] policy_handle *group_handle,
624 [in] uint32 rid
625 );
626
627
628 /************************/
629 /* Function 0x19 */
630 typedef struct {
631 uint32 count;
632 [size_is(count)] uint32 *rids;
633 [size_is(count)] uint32 *types;
634 } samr_RidTypeArray;
635
636 NTSTATUS samr_QueryGroupMember(
637 [in,ref] policy_handle *group_handle,
638 [out,ref] samr_RidTypeArray **rids
639 );
640
641
642 /************************/
643 /* Function 0x1a */
644
645 /*
646 win2003 seems to accept any data at all for the two integers
647 below, and doesn't seem to do anything with them that I can
648 see. Weird. I really expected the first integer to be a rid
649 and the second to be the attributes for that rid member.
650 */
651 NTSTATUS samr_SetMemberAttributesOfGroup(
652 [in,ref] policy_handle *group_handle,
653 [in] uint32 unknown1,
654 [in] uint32 unknown2
655 );
656
657
658 /************************/
659 /* Function 0x1b */
660 NTSTATUS samr_OpenAlias (
661 [in,ref] policy_handle *domain_handle,
662 [in] samr_AliasAccessMask access_mask,
663 [in] uint32 rid,
664 [out,ref] policy_handle *alias_handle
665 );
666
667
668 /************************/
669 /* Function 0x1c */
670
671 typedef struct {
672 lsa_String name;
673 uint32 num_members;
674 lsa_String description;
675 } samr_AliasInfoAll;
676
677 typedef enum {
678 ALIASINFOALL = 1,
679 ALIASINFONAME = 2,
680 ALIASINFODESCRIPTION = 3
681 } samr_AliasInfoEnum;
682
683 typedef [switch_type(samr_AliasInfoEnum)] union {
684 [case(ALIASINFOALL)] samr_AliasInfoAll all;
685 [case(ALIASINFONAME)] lsa_String name;
686 [case(ALIASINFODESCRIPTION)] lsa_String description;
687 } samr_AliasInfo;
688
689 NTSTATUS samr_QueryAliasInfo(
690 [in,ref] policy_handle *alias_handle,
691 [in] samr_AliasInfoEnum level,
692 [out,ref,switch_is(level)] samr_AliasInfo **info
693 );
694
695 /************************/
696 /* Function 0x1d */
697 NTSTATUS samr_SetAliasInfo(
698 [in,ref] policy_handle *alias_handle,
699 [in] samr_AliasInfoEnum level,
700 [in,switch_is(level),ref] samr_AliasInfo *info
701 );
702
703 /************************/
704 /* Function 0x1e */
705 NTSTATUS samr_DeleteDomAlias(
706 [in,out,ref] policy_handle *alias_handle
707 );
708
709 /************************/
710 /* Function 0x1f */
711 NTSTATUS samr_AddAliasMember(
712 [in,ref] policy_handle *alias_handle,
713 [in,ref] dom_sid2 *sid
714 );
715
716 /************************/
717 /* Function 0x20 */
718 NTSTATUS samr_DeleteAliasMember(
719 [in,ref] policy_handle *alias_handle,
720 [in,ref] dom_sid2 *sid
721 );
722
723 /************************/
724 /* Function 0x21 */
725 NTSTATUS samr_GetMembersInAlias(
726 [in,ref] policy_handle *alias_handle,
727 [out,ref] lsa_SidArray *sids
728 );
729
730 /************************/
731 /* Function 0x22 */
732 [public] NTSTATUS samr_OpenUser(
733 [in,ref] policy_handle *domain_handle,
734 [in] samr_UserAccessMask access_mask,
735 [in] uint32 rid,
736 [out,ref] policy_handle *user_handle
737 );
738
739 /************************/
740 /* Function 0x23 */
741 NTSTATUS samr_DeleteUser(
742 [in,out,ref] policy_handle *user_handle
743 );
744
745 /************************/
746 /* Function 0x24 */
747 typedef struct {
748 lsa_String account_name;
749 lsa_String full_name;
750 uint32 primary_gid;
751 lsa_String description;
752 lsa_String comment;
753 } samr_UserInfo1;
754
755 typedef struct {
756 lsa_String comment;
757 lsa_String unknown; /* settable, but doesn't stick. probably obsolete */
758 uint16 country_code;
759 uint16 code_page;
760 } samr_UserInfo2;
761
762 /* this is also used in samr and netlogon */
763 typedef [public, flag(NDR_PAHEX)] struct {
764 uint16 units_per_week;
765 [size_is(1260), length_is(units_per_week/8)] uint8 *bits;
766 } samr_LogonHours;
767
768 typedef struct {
769 lsa_String account_name;
770 lsa_String full_name;
771 uint32 rid;
772 uint32 primary_gid;
773 lsa_String home_directory;
774 lsa_String home_drive;
775 lsa_String logon_script;
776 lsa_String profile_path;
777 lsa_String workstations;
778 NTTIME last_logon;
779 NTTIME last_logoff;
780 NTTIME last_password_change;
781 NTTIME allow_password_change;
782 NTTIME force_password_change;
783 samr_LogonHours logon_hours;
784 uint16 bad_password_count;
785 uint16 logon_count;
786 samr_AcctFlags acct_flags;
787 } samr_UserInfo3;
788
789 typedef struct {
790 samr_LogonHours logon_hours;
791 } samr_UserInfo4;
792
793 typedef struct {
794 lsa_String account_name;
795 lsa_String full_name;
796 uint32 rid;
797 uint32 primary_gid;
798 lsa_String home_directory;
799 lsa_String home_drive;
800 lsa_String logon_script;
801 lsa_String profile_path;
802 lsa_String description;
803 lsa_String workstations;
804 NTTIME last_logon;
805 NTTIME last_logoff;
806 samr_LogonHours logon_hours;
807 uint16 bad_password_count;
808 uint16 logon_count;
809 NTTIME last_password_change;
810 NTTIME acct_expiry;
811 samr_AcctFlags acct_flags;
812 } samr_UserInfo5;
813
814 typedef struct {
815 lsa_String account_name;
816 lsa_String full_name;
817 } samr_UserInfo6;
818
819 typedef struct {
820 lsa_String account_name;
821 } samr_UserInfo7;
822
823 typedef struct {
824 lsa_String full_name;
825 } samr_UserInfo8;
826
827 typedef struct {
828 uint32 primary_gid;
829 } samr_UserInfo9;
830
831 typedef struct {
832 lsa_String home_directory;
833 lsa_String home_drive;
834 } samr_UserInfo10;
835
836 typedef struct {
837 lsa_String logon_script;
838 } samr_UserInfo11;
839
840 typedef struct {
841 lsa_String profile_path;
842 } samr_UserInfo12;
843
844 typedef struct {
845 lsa_String description;
846 } samr_UserInfo13;
847
848 typedef struct {
849 lsa_String workstations;
850 } samr_UserInfo14;
851
852 typedef struct {
853 samr_AcctFlags acct_flags;
854 } samr_UserInfo16;
855
856 typedef struct {
857 NTTIME acct_expiry;
858 } samr_UserInfo17;
859
860 typedef [public, flag(NDR_PAHEX)] struct {
861 uint8 hash[16];
862 } samr_Password;
863
864 typedef struct {
865 samr_Password nt_pwd;
866 samr_Password lm_pwd;
867 boolean8 nt_pwd_active;
868 boolean8 lm_pwd_active;
869 uint8 password_expired;
870 } samr_UserInfo18;
871
872 typedef struct {
873 lsa_BinaryString parameters;
874 } samr_UserInfo20;
875
876 /* this defines the bits used for fields_present in info21 */
877 typedef [bitmap32bit] bitmap {
878 SAMR_FIELD_ACCOUNT_NAME = 0x00000001,
879 SAMR_FIELD_FULL_NAME = 0x00000002,
880 SAMR_FIELD_RID = 0x00000004,
881 SAMR_FIELD_PRIMARY_GID = 0x00000008,
882 SAMR_FIELD_DESCRIPTION = 0x00000010,
883 SAMR_FIELD_COMMENT = 0x00000020,
884 SAMR_FIELD_HOME_DIRECTORY = 0x00000040,
885 SAMR_FIELD_HOME_DRIVE = 0x00000080,
886 SAMR_FIELD_LOGON_SCRIPT = 0x00000100,
887 SAMR_FIELD_PROFILE_PATH = 0x00000200,
888 SAMR_FIELD_WORKSTATIONS = 0x00000400,
889 SAMR_FIELD_LAST_LOGON = 0x00000800,
890 SAMR_FIELD_LAST_LOGOFF = 0x00001000,
891 SAMR_FIELD_LOGON_HOURS = 0x00002000,
892 SAMR_FIELD_BAD_PWD_COUNT = 0x00004000,
893 SAMR_FIELD_NUM_LOGONS = 0x00008000,
894 SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000,
895 SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000,
896 SAMR_FIELD_LAST_PWD_CHANGE = 0x00040000,
897 SAMR_FIELD_ACCT_EXPIRY = 0x00080000,
898 SAMR_FIELD_ACCT_FLAGS = 0x00100000,
899 SAMR_FIELD_PARAMETERS = 0x00200000,
900 SAMR_FIELD_COUNTRY_CODE = 0x00400000,
901 SAMR_FIELD_CODE_PAGE = 0x00800000,
902 SAMR_FIELD_NT_PASSWORD_PRESENT = 0x01000000, /* either of these */
903 SAMR_FIELD_LM_PASSWORD_PRESENT = 0x02000000, /* two bits seems to work */
904 SAMR_FIELD_PRIVATE_DATA = 0x04000000,
905 SAMR_FIELD_EXPIRED_FLAG = 0x08000000,
906 SAMR_FIELD_SEC_DESC = 0x10000000,
907 SAMR_FIELD_OWF_PWD = 0x20000000
908 } samr_FieldsPresent;
909
910 /* used for 'password_expired' in samr_UserInfo21 */
911 const int PASS_MUST_CHANGE_AT_NEXT_LOGON = 0x01;
912 const int PASS_DONT_CHANGE_AT_NEXT_LOGON = 0x00;
913
914 typedef struct {
915 NTTIME last_logon;
916 NTTIME last_logoff;
917 NTTIME last_password_change;
918 NTTIME acct_expiry;
919 NTTIME allow_password_change;
920 NTTIME force_password_change;
921 lsa_String account_name;
922 lsa_String full_name;
923 lsa_String home_directory;
924 lsa_String home_drive;
925 lsa_String logon_script;
926 lsa_String profile_path;
927 lsa_String description;
928 lsa_String workstations;
929 lsa_String comment;
930 lsa_BinaryString parameters;
931 lsa_BinaryString lm_owf_password;
932 lsa_BinaryString nt_owf_password;
933 lsa_String unknown3;
934 uint32 buf_count;
935 [size_is(buf_count)] uint8 *buffer;
936 uint32 rid;
937 uint32 primary_gid;
938 samr_AcctFlags acct_flags;
939 samr_FieldsPresent fields_present;
940 samr_LogonHours logon_hours;
941 uint16 bad_password_count;
942 uint16 logon_count;
943 uint16 country_code;
944 uint16 code_page;
945 uint8 lm_password_set;
946 uint8 nt_password_set;
947 uint8 password_expired;
948 uint8 unknown4;
949 } samr_UserInfo21;
950
951 typedef [public, flag(NDR_PAHEX)] struct {
952 uint8 data[516];
953 } samr_CryptPassword;
954
955 typedef struct {
956 samr_UserInfo21 info;
957 samr_CryptPassword password;
958 } samr_UserInfo23;
959
960 typedef struct {
961 samr_CryptPassword password;
962 uint8 password_expired;
963 } samr_UserInfo24;
964
965 typedef [flag(NDR_PAHEX)] struct {
966 uint8 data[532];
967 } samr_CryptPasswordEx;
968
969 typedef struct {
970 samr_UserInfo21 info;
971 samr_CryptPasswordEx password;
972 } samr_UserInfo25;
973
974 typedef struct {
975 samr_CryptPasswordEx password;
976 uint8 password_expired;
977 } samr_UserInfo26;
978
979 typedef [switch_type(uint16)] union {
980 [case(1)] samr_UserInfo1 info1;
981 [case(2)] samr_UserInfo2 info2;
982 [case(3)] samr_UserInfo3 info3;
983 [case(4)] samr_UserInfo4 info4;
984 [case(5)] samr_UserInfo5 info5;
985 [case(6)] samr_UserInfo6 info6;
986 [case(7)] samr_UserInfo7 info7;
987 [case(8)] samr_UserInfo8 info8;
988 [case(9)] samr_UserInfo9 info9;
989 [case(10)] samr_UserInfo10 info10;
990 [case(11)] samr_UserInfo11 info11;
991 [case(12)] samr_UserInfo12 info12;
992 [case(13)] samr_UserInfo13 info13;
993 [case(14)] samr_UserInfo14 info14;
994 [case(16)] samr_UserInfo16 info16;
995 [case(17)] samr_UserInfo17 info17;
996 [case(18)] samr_UserInfo18 info18;
997 [case(20)] samr_UserInfo20 info20;
998 [case(21)] samr_UserInfo21 info21;
999 [case(23)] samr_UserInfo23 info23;
1000 [case(24)] samr_UserInfo24 info24;
1001 [case(25)] samr_UserInfo25 info25;
1002 [case(26)] samr_UserInfo26 info26;
1003 } samr_UserInfo;
1004
1005 [public] NTSTATUS samr_QueryUserInfo(
1006 [in,ref] policy_handle *user_handle,
1007 [in] uint16 level,
1008 [out,ref,switch_is(level)] samr_UserInfo **info
1009 );
1010
1011
1012 /************************/
1013 /* Function 0x25 */
1014 [public] NTSTATUS samr_SetUserInfo(
1015 [in,ref] policy_handle *user_handle,
1016 [in] uint16 level,
1017 [in,ref,switch_is(level)] samr_UserInfo *info
1018 );
1019
1020 /************************/
1021 /* Function 0x26 */
1022 /*
1023 this is a password change interface that doesn't give
1024 the server the plaintext password. Depricated.
1025 */
1026 NTSTATUS samr_ChangePasswordUser(
1027 [in,ref] policy_handle *user_handle,
1028 [in] boolean8 lm_present,
1029 [in,unique] samr_Password *old_lm_crypted,
1030 [in,unique] samr_Password *new_lm_crypted,
1031 [in] boolean8 nt_present,
1032 [in,unique] samr_Password *old_nt_crypted,
1033 [in,unique] samr_Password *new_nt_crypted,
1034 [in] boolean8 cross1_present,
1035 [in,unique] samr_Password *nt_cross,
1036 [in] boolean8 cross2_present,
1037 [in,unique] samr_Password *lm_cross
1038 );
1039
1040 /************************/
1041 /* Function 0x27 */
1042
1043 typedef [public] struct {
1044 uint32 rid;
1045 samr_GroupAttrs attributes;
1046 } samr_RidWithAttribute;
1047
1048 typedef [public] struct {
1049 uint32 count;
1050 [size_is(count)] samr_RidWithAttribute *rids;
1051 } samr_RidWithAttributeArray;
1052
1053 NTSTATUS samr_GetGroupsForUser(
1054 [in,ref] policy_handle *user_handle,
1055 [out,ref] samr_RidWithAttributeArray **rids
1056 );
1057
1058 /************************/
1059 /* Function 0x28 */
1060
1061 typedef struct {
1062 uint32 idx;
1063 uint32 rid;
1064 samr_AcctFlags acct_flags;
1065 lsa_String account_name;
1066 lsa_String description;
1067 lsa_String full_name;
1068 } samr_DispEntryGeneral;
1069
1070 typedef struct {
1071 uint32 count;
1072 [size_is(count)] samr_DispEntryGeneral *entries;
1073 } samr_DispInfoGeneral;
1074
1075 typedef struct {
1076 uint32 idx;
1077 uint32 rid;
1078 samr_AcctFlags acct_flags;
1079 lsa_String account_name;
1080 lsa_String description;
1081 } samr_DispEntryFull;
1082
1083 typedef struct {
1084 uint32 count;
1085 [size_is(count)] samr_DispEntryFull *entries;
1086 } samr_DispInfoFull;
1087
1088 typedef struct {
1089 uint32 idx;
1090 uint32 rid;
1091 samr_GroupAttrs acct_flags;
1092 lsa_String account_name;
1093 lsa_String description;
1094 } samr_DispEntryFullGroup;
1095
1096 typedef struct {
1097 uint32 count;
1098 [size_is(count)] samr_DispEntryFullGroup *entries;
1099 } samr_DispInfoFullGroups;
1100
1101 typedef struct {
1102 uint32 idx;
1103 lsa_AsciiStringLarge account_name;
1104 } samr_DispEntryAscii;
1105
1106 typedef struct {
1107 uint32 count;
1108 [size_is(count)] samr_DispEntryAscii *entries;
1109 } samr_DispInfoAscii;
1110
1111 typedef [switch_type(uint16)] union {
1112 [case(1)] samr_DispInfoGeneral info1;/* users */
1113 [case(2)] samr_DispInfoFull info2; /* trust accounts? */
1114 [case(3)] samr_DispInfoFullGroups info3; /* groups */
1115 [case(4)] samr_DispInfoAscii info4; /* users */
1116 [case(5)] samr_DispInfoAscii info5; /* groups */
1117 } samr_DispInfo;
1118
1119 NTSTATUS samr_QueryDisplayInfo(
1120 [in,ref] policy_handle *domain_handle,
1121 [in] uint16 level,
1122 [in] uint32 start_idx,
1123 [in] uint32 max_entries,
1124 [in] uint32 buf_size,
1125 [out,ref] uint32 *total_size,
1126 [out,ref] uint32 *returned_size,
1127 [out,ref,switch_is(level)] samr_DispInfo *info
1128 );
1129
1130
1131 /************************/
1132 /* Function 0x29 */
1133
1134 /*
1135 this seems to be an alphabetic search function. The returned index
1136 is the index for samr_QueryDisplayInfo needed to get names occurring
1137 after the specified name. The supplied name does not need to exist
1138 in the database (for example you can supply just a first letter for
1139 searching starting at that letter)
1140
1141 The level corresponds to the samr_QueryDisplayInfo level
1142 */
1143 NTSTATUS samr_GetDisplayEnumerationIndex(
1144 [in,ref] policy_handle *domain_handle,
1145 [in] uint16 level,
1146 [in,ref] lsa_String *name,
1147 [out,ref] uint32 *idx
1148 );
1149
1150
1151
1152 /************************/
1153 /* Function 0x2a */
1154
1155 /*
1156 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
1157 */
1158 NTSTATUS samr_TestPrivateFunctionsDomain(
1159 [in,ref] policy_handle *domain_handle
1160 );
1161
1162
1163 /************************/
1164 /* Function 0x2b */
1165
1166 /*
1167 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
1168 */
1169 NTSTATUS samr_TestPrivateFunctionsUser(
1170 [in,ref] policy_handle *user_handle
1171 );
1172
1173
1174 /************************/
1175 /* Function 0x2c */
1176
1177 typedef struct {
1178 uint16 min_password_length;
1179 samr_PasswordProperties password_properties;
1180 } samr_PwInfo;
1181
1182 [public] NTSTATUS samr_GetUserPwInfo(
1183 [in,ref] policy_handle *user_handle,
1184 [out,ref] samr_PwInfo *info
1185 );
1186
1187 /************************/
1188 /* Function 0x2d */
1189 NTSTATUS samr_RemoveMemberFromForeignDomain(
1190 [in,ref] policy_handle *domain_handle,
1191 [in,ref] dom_sid2 *sid
1192 );
1193
1194 /************************/
1195 /* Function 0x2e */
1196
1197 /*
1198 how is this different from QueryDomainInfo ??
1199 */
1200 NTSTATUS samr_QueryDomainInfo2(
1201 [in,ref] policy_handle *domain_handle,
1202 [in] uint16 level,
1203 [out,ref,switch_is(level)] samr_DomainInfo **info
1204 );
1205
1206 /************************/
1207 /* Function 0x2f */
1208
1209 /*
1210 how is this different from QueryUserInfo ??
1211 */
1212 NTSTATUS samr_QueryUserInfo2(
1213 [in,ref] policy_handle *user_handle,
1214 [in] uint16 level,
1215 [out,ref,switch_is(level)] samr_UserInfo **info
1216 );
1217
1218 /************************/
1219 /* Function 0x30 */
1220
1221 /*
1222 how is this different from QueryDisplayInfo??
1223 */
1224 NTSTATUS samr_QueryDisplayInfo2(
1225 [in,ref] policy_handle *domain_handle,
1226 [in] uint16 level,
1227 [in] uint32 start_idx,
1228 [in] uint32 max_entries,
1229 [in] uint32 buf_size,
1230 [out,ref] uint32 *total_size,
1231 [out,ref] uint32 *returned_size,
1232 [out,ref,switch_is(level)] samr_DispInfo *info
1233 );
1234
1235 /************************/
1236 /* Function 0x31 */
1237
1238 /*
1239 how is this different from GetDisplayEnumerationIndex ??
1240 */
1241 NTSTATUS samr_GetDisplayEnumerationIndex2(
1242 [in,ref] policy_handle *domain_handle,
1243 [in] uint16 level,
1244 [in,ref] lsa_String *name,
1245 [out,ref] uint32 *idx
1246 );
1247
1248
1249 /************************/
1250 /* Function 0x32 */
1251 NTSTATUS samr_CreateUser2(
1252 [in,ref] policy_handle *domain_handle,
1253 [in,ref] lsa_String *account_name,
1254 [in] samr_AcctFlags acct_flags,
1255 [in] samr_UserAccessMask access_mask,
1256 [out,ref] policy_handle *user_handle,
1257 [out,ref] uint32 *access_granted,
1258 [out,ref] uint32 *rid
1259 );
1260
1261
1262 /************************/
1263 /* Function 0x33 */
1264
1265 /*
1266 another duplicate. There must be a reason ....
1267 */
1268 NTSTATUS samr_QueryDisplayInfo3(
1269 [in,ref] policy_handle *domain_handle,
1270 [in] uint16 level,
1271 [in] uint32 start_idx,
1272 [in] uint32 max_entries,
1273 [in] uint32 buf_size,
1274 [out,ref] uint32 *total_size,
1275 [out,ref] uint32 *returned_size,
1276 [out,ref,switch_is(level)] samr_DispInfo *info
1277 );
1278
1279 /************************/
1280 /* Function 0x34 */
1281 NTSTATUS samr_AddMultipleMembersToAlias(
1282 [in,ref] policy_handle *alias_handle,
1283 [in,ref] lsa_SidArray *sids
1284 );
1285
1286 /************************/
1287 /* Function 0x35 */
1288 NTSTATUS samr_RemoveMultipleMembersFromAlias(
1289 [in,ref] policy_handle *alias_handle,
1290 [in,ref] lsa_SidArray *sids
1291 );
1292
1293 /************************/
1294 /* Function 0x36 */
1295
1296 NTSTATUS samr_OemChangePasswordUser2(
1297 [in,unique] lsa_AsciiString *server,
1298 [in,ref] lsa_AsciiString *account,
1299 [in,unique] samr_CryptPassword *password,
1300 [in,unique] samr_Password *hash
1301 );
1302
1303 /************************/
1304 /* Function 0x37 */
1305 NTSTATUS samr_ChangePasswordUser2(
1306 [in,unique] lsa_String *server,
1307 [in,ref] lsa_String *account,
1308 [in,unique] samr_CryptPassword *nt_password,
1309 [in,unique] samr_Password *nt_verifier,
1310 [in] boolean8 lm_change,
1311 [in,unique] samr_CryptPassword *lm_password,
1312 [in,unique] samr_Password *lm_verifier
1313 );
1314
1315 /************************/
1316 /* Function 0x38 */
1317 NTSTATUS samr_GetDomPwInfo(
1318 [in,unique] lsa_String *domain_name,
1319 [out,ref] samr_PwInfo *info
1320 );
1321
1322 /************************/
1323 /* Function 0x39 */
1324 NTSTATUS samr_Connect2(
1325 [in,unique,string,charset(UTF16)] uint16 *system_name,
1326 [in] samr_ConnectAccessMask access_mask,
1327 [out,ref] policy_handle *connect_handle
1328 );
1329
1330 /************************/
1331 /* Function 0x3a */
1332 /*
1333 seems to be an exact alias for samr_SetUserInfo()
1334 */
1335 [public] NTSTATUS samr_SetUserInfo2(
1336 [in,ref] policy_handle *user_handle,
1337 [in] uint16 level,
1338 [in,ref,switch_is(level)] samr_UserInfo *info
1339 );
1340
1341 /************************/
1342 /* Function 0x3b */
1343 /*
1344 this one is mysterious. I have a few guesses, but nothing working yet
1345 */
1346 NTSTATUS samr_SetBootKeyInformation(
1347 [in,ref] policy_handle *connect_handle,
1348 [in] uint32 unknown1,
1349 [in] uint32 unknown2,
1350 [in] uint32 unknown3
1351 );
1352
1353 /************************/
1354 /* Function 0x3c */
1355 NTSTATUS samr_GetBootKeyInformation(
1356 [in,ref] policy_handle *domain_handle,
1357 [out,ref] uint32 *unknown
1358 );
1359
1360 /************************/
1361 /* Function 0x3d */
1362 NTSTATUS samr_Connect3(
1363 [in,unique,string,charset(UTF16)] uint16 *system_name,
1364 /* this unknown value seems to be completely ignored by w2k3 */
1365 [in] uint32 unknown,
1366 [in] samr_ConnectAccessMask access_mask,
1367 [out,ref] policy_handle *connect_handle
1368 );
1369
1370 /************************/
1371 /* Function 0x3e */
1372
1373 typedef [v1_enum] enum {
1374 SAMR_CONNECT_PRE_W2K = 1,
1375 SAMR_CONNECT_W2K = 2,
1376 SAMR_CONNECT_AFTER_W2K = 3
1377 } samr_ConnectVersion;
1378
1379 NTSTATUS samr_Connect4(
1380 [in,unique,string,charset(UTF16)] uint16 *system_name,
1381 [in] samr_ConnectVersion client_version,
1382 [in] samr_ConnectAccessMask access_mask,
1383 [out,ref] policy_handle *connect_handle
1384 );
1385
1386 /************************/
1387 /* Function 0x3f */
1388
1389 typedef enum samr_RejectReason samr_RejectReason;
1390
1391 typedef struct {
1392 samr_RejectReason reason;
1393 uint32 unknown1;
1394 uint32 unknown2;
1395 } samr_ChangeReject;
1396
1397 NTSTATUS samr_ChangePasswordUser3(
1398 [in,unique] lsa_String *server,
1399 [in,ref] lsa_String *account,
1400 [in,unique] samr_CryptPassword *nt_password,
1401 [in,unique] samr_Password *nt_verifier,
1402 [in] boolean8 lm_change,
1403 [in,unique] samr_CryptPassword *lm_password,
1404 [in,unique] samr_Password *lm_verifier,
1405 [in,unique] samr_CryptPassword *password3,
1406 [out,ref] samr_DomInfo1 **dominfo,
1407 [out,ref] samr_ChangeReject **reject
1408 );
1409
1410 /************************/
1411 /* Function 0x40 */
1412
1413 typedef struct {
1414 samr_ConnectVersion client_version; /* w2k3 gives 3 */
1415 uint32 unknown2; /* w2k3 gives 0 */
1416 } samr_ConnectInfo1;
1417
1418 typedef union {
1419 [case(1)] samr_ConnectInfo1 info1;
1420 } samr_ConnectInfo;
1421
1422 [public] NTSTATUS samr_Connect5(
1423 [in,unique,string,charset(UTF16)] uint16 *system_name,
1424 [in] samr_ConnectAccessMask access_mask,
1425 [in] uint32 level_in,
1426 [in,ref,switch_is(level_in)] samr_ConnectInfo *info_in,
1427 [out,ref] uint32 *level_out,
1428 [out,ref,switch_is(*level_out)] samr_ConnectInfo *info_out,
1429 [out,ref] policy_handle *connect_handle
1430 );
1431
1432 /************************/
1433 /* Function 0x41 */
1434 NTSTATUS samr_RidToSid(
1435 [in,ref] policy_handle *domain_handle,
1436 [in] uint32 rid,
1437 [out,ref] dom_sid2 *sid
1438 );
1439
1440
1441 /************************/
1442 /* Function 0x42 */
1443
1444 /*
1445 this should set the DSRM password for the server, which is used
1446 when booting into Directory Services Recovery Mode on a DC. Win2003
1447 gives me NT_STATUS_NOT_SUPPORTED
1448 */
1449
1450 NTSTATUS samr_SetDsrmPassword(
1451 [in,unique] lsa_String *name,
1452 [in] uint32 unknown,
1453 [in,unique] samr_Password *hash
1454 );
1455
1456
1457 /************************/
1458 /* Function 0x43 */
1459 /************************/
1460 typedef [bitmap32bit] bitmap {
1461 SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET = 0x00000001,
1462 SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME = 0x00000002,
1463 SAMR_VALIDATE_FIELD_LOCKOUT_TIME = 0x00000004,
1464 SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT = 0x00000008,
1465 SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH = 0x00000010,
1466 SAMR_VALIDATE_FIELD_PASSWORD_HISTORY = 0x00000020
1467 } samr_ValidateFieldsPresent;
1468
1469 typedef enum {
1470 NetValidateAuthentication = 1,
1471 NetValidatePasswordChange= 2,
1472 NetValidatePasswordReset = 3
1473 } samr_ValidatePasswordLevel;
1474
1475 /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't
1476 * identified the mapping of
1477 * - NERR_PasswordFilterError
1478 * - NERR_PasswordExpired and
1479 * - NERR_PasswordCantChange
1480 * yet - Guenther
1481 */
1482
1483 typedef enum {
1484 SAMR_VALIDATION_STATUS_SUCCESS = 0,
1485 SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1,
1486 SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2,
1487 SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4,
1488 SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5,
1489 SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6,
1490 SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7,
1491 SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8,
1492 SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9
1493 } samr_ValidationStatus;
1494
1495 typedef struct {
1496 uint32 length;
1497 [size_is(length)] uint8 *data;
1498 } samr_ValidationBlob;
1499
1500 typedef struct {
1501 samr_ValidateFieldsPresent fields_present;
1502 NTTIME_hyper last_password_change;
1503 NTTIME_hyper bad_password_time;
1504 NTTIME_hyper lockout_time;
1505 uint32 bad_pwd_count;
1506 uint32 pwd_history_len;
1507 [size_is(pwd_history_len)] samr_ValidationBlob *pwd_history;
1508 } samr_ValidatePasswordInfo;
1509
1510 typedef struct {
1511 samr_ValidatePasswordInfo info;
1512 samr_ValidationStatus status;
1513 } samr_ValidatePasswordRepCtr;
1514
1515 typedef [switch_type(uint16)] union {
1516 [case(1)] samr_ValidatePasswordRepCtr ctr1;
1517 [case(2)] samr_ValidatePasswordRepCtr ctr2;
1518 [case(3)] samr_ValidatePasswordRepCtr ctr3;
1519 } samr_ValidatePasswordRep;
1520
1521 typedef struct {
1522 samr_ValidatePasswordInfo info;
1523 lsa_StringLarge password;
1524 lsa_StringLarge account;
1525 samr_ValidationBlob hash;
1526 boolean8 pwd_must_change_at_next_logon;
1527 boolean8 clear_lockout;
1528 } samr_ValidatePasswordReq3;
1529
1530 typedef struct {
1531 samr_ValidatePasswordInfo info;
1532 lsa_StringLarge password;
1533 lsa_StringLarge account;
1534 samr_ValidationBlob hash;
1535 boolean8 password_matched;
1536 } samr_ValidatePasswordReq2;
1537
1538 typedef struct {
1539 samr_ValidatePasswordInfo info;
1540 boolean8 password_matched;
1541 } samr_ValidatePasswordReq1;
1542
1543 typedef [switch_type(uint16)] union {
1544 [case(1)] samr_ValidatePasswordReq1 req1;
1545 [case(2)] samr_ValidatePasswordReq2 req2;
1546 [case(3)] samr_ValidatePasswordReq3 req3;
1547 } samr_ValidatePasswordReq;
1548
1549 NTSTATUS samr_ValidatePassword(
1550 [in] samr_ValidatePasswordLevel level,
1551 [in,switch_is(level)] samr_ValidatePasswordReq *req,
1552 [out,ref,switch_is(level)] samr_ValidatePasswordRep **rep
1553 );
1554}
Note: See TracBrowser for help on using the repository browser.