1#include "idl_types.h" 2 3/* 4 samr interface definition 5*/ 6import "misc.idl", "lsa.idl", "security.idl"; 7 8/* 9 Thanks to Todd Sabin for some information from his samr.idl in acltools 10*/ 11 12[ uuid("12345778-1234-abcd-ef00-0123456789ac"), 13 version(1.0), 14 endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"), 15 pointer_default(unique) 16] interface samr 17{ 18 typedef bitmap security_secinfo security_secinfo; 19 typedef bitmap security_GroupAttrs security_GroupAttrs; 20 21 /* account control (acct_flags) bits */ 22 typedef [public,bitmap32bit] bitmap { 23 ACB_DISABLED = 0x00000001, /* 1 = User account disabled */ 24 ACB_HOMDIRREQ = 0x00000002, /* 1 = Home directory required */ 25 ACB_PWNOTREQ = 0x00000004, /* 1 = User password not required */ 26 ACB_TEMPDUP = 0x00000008, /* 1 = Temporary duplicate account */ 27 ACB_NORMAL = 0x00000010, /* 1 = Normal user account */ 28 ACB_MNS = 0x00000020, /* 1 = MNS logon user account */ 29 ACB_DOMTRUST = 0x00000040, /* 1 = Interdomain trust account */ 30 ACB_WSTRUST = 0x00000080, /* 1 = Workstation trust account */ 31 ACB_SVRTRUST = 0x00000100, /* 1 = Server trust account */ 32 ACB_PWNOEXP = 0x00000200, /* 1 = User password does not expire */ 33 ACB_AUTOLOCK = 0x00000400, /* 1 = Account auto locked */ 34 ACB_ENC_TXT_PWD_ALLOWED = 0x00000800, /* 1 = Encryped text password is allowed */ 35 ACB_SMARTCARD_REQUIRED = 0x00001000, /* 1 = Smart Card required */ 36 ACB_TRUSTED_FOR_DELEGATION = 0x00002000, /* 1 = Trusted for Delegation */ 37 ACB_NOT_DELEGATED = 0x00004000, /* 1 = Not delegated */ 38 ACB_USE_DES_KEY_ONLY = 0x00008000, /* 1 = Use DES key only */ 39 ACB_DONT_REQUIRE_PREAUTH = 0x00010000, /* 1 = Preauth not required */ 40 ACB_PW_EXPIRED = 0x00020000, /* 1 = Password Expired */ 41 ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x00040000, 42 ACB_NO_AUTH_DATA_REQD = 0x00080000, /* 1 = No authorization data required */ 43 ACB_PARTIAL_SECRETS_ACCOUNT = 0x00100000, 44 ACB_USE_AES_KEYS = 0x00200000 45 } samr_AcctFlags; 46 47 /* SAM server specific access rights */ 48 49 typedef [bitmap32bit] bitmap { 50 SAMR_ACCESS_CONNECT_TO_SERVER = 0x00000001, 51 SAMR_ACCESS_SHUTDOWN_SERVER = 0x00000002, 52 SAMR_ACCESS_INITIALIZE_SERVER = 0x00000004, 53 SAMR_ACCESS_CREATE_DOMAIN = 0x00000008, 54 SAMR_ACCESS_ENUM_DOMAINS = 0x00000010, 55 SAMR_ACCESS_LOOKUP_DOMAIN = 0x00000020 56 } samr_ConnectAccessMask; 57 58 const int SAMR_ACCESS_ALL_ACCESS = 0x0000003F; 59 60 const int GENERIC_RIGHTS_SAM_ALL_ACCESS = 61 (STANDARD_RIGHTS_REQUIRED_ACCESS | 62 SAMR_ACCESS_ALL_ACCESS); 63 64 const int GENERIC_RIGHTS_SAM_READ = 65 (STANDARD_RIGHTS_READ_ACCESS | 66 SAMR_ACCESS_ENUM_DOMAINS); 67 68 const int GENERIC_RIGHTS_SAM_WRITE = 69 (STANDARD_RIGHTS_WRITE_ACCESS | 70 SAMR_ACCESS_CREATE_DOMAIN | 71 SAMR_ACCESS_INITIALIZE_SERVER | 72 SAMR_ACCESS_SHUTDOWN_SERVER); 73 74 const int GENERIC_RIGHTS_SAM_EXECUTE = 75 (STANDARD_RIGHTS_EXECUTE_ACCESS | 76 SAMR_ACCESS_LOOKUP_DOMAIN | 77 SAMR_ACCESS_CONNECT_TO_SERVER); 78 79 /* User Object specific access rights */ 80 81 typedef [bitmap32bit] bitmap { 82 SAMR_USER_ACCESS_GET_NAME_ETC = 0x00000001, 83 SAMR_USER_ACCESS_GET_LOCALE = 0x00000002, 84 SAMR_USER_ACCESS_SET_LOC_COM = 0x00000004, 85 SAMR_USER_ACCESS_GET_LOGONINFO = 0x00000008, 86 SAMR_USER_ACCESS_GET_ATTRIBUTES = 0x00000010, 87 SAMR_USER_ACCESS_SET_ATTRIBUTES = 0x00000020, 88 SAMR_USER_ACCESS_CHANGE_PASSWORD = 0x00000040, 89 SAMR_USER_ACCESS_SET_PASSWORD = 0x00000080, 90 SAMR_USER_ACCESS_GET_GROUPS = 0x00000100, 91 SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP = 0x00000200, 92 SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400 93 } samr_UserAccessMask; 94 95 const int SAMR_USER_ACCESS_ALL_ACCESS = 0x000007FF; 96 97 const int GENERIC_RIGHTS_USER_ALL_ACCESS = 98 (STANDARD_RIGHTS_REQUIRED_ACCESS | 99 SAMR_USER_ACCESS_ALL_ACCESS); /* 0x000f07ff */ 100 101 const int GENERIC_RIGHTS_USER_READ = 102 (STANDARD_RIGHTS_READ_ACCESS | 103 SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP | 104 SAMR_USER_ACCESS_GET_GROUPS | 105 SAMR_USER_ACCESS_GET_ATTRIBUTES | 106 SAMR_USER_ACCESS_GET_LOGONINFO | 107 SAMR_USER_ACCESS_GET_LOCALE); /* 0x0002031a */ 108 109 const int GENERIC_RIGHTS_USER_WRITE = 110 (STANDARD_RIGHTS_WRITE_ACCESS | 111 SAMR_USER_ACCESS_CHANGE_PASSWORD | 112 SAMR_USER_ACCESS_SET_LOC_COM | 113 SAMR_USER_ACCESS_SET_ATTRIBUTES | 114 SAMR_USER_ACCESS_SET_PASSWORD | 115 SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP); /* 0x000204e4 */ 116 117 const int GENERIC_RIGHTS_USER_EXECUTE = 118 (STANDARD_RIGHTS_EXECUTE_ACCESS | 119 SAMR_USER_ACCESS_CHANGE_PASSWORD | 120 SAMR_USER_ACCESS_GET_NAME_ETC); /* 0x00020041 */ 121 122 /* Domain Object specific access rights */ 123 124 typedef [bitmap32bit] bitmap { 125 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001, 126 SAMR_DOMAIN_ACCESS_SET_INFO_1 = 0x00000002, 127 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 = 0x00000004, 128 SAMR_DOMAIN_ACCESS_SET_INFO_2 = 0x00000008, 129 SAMR_DOMAIN_ACCESS_CREATE_USER = 0x00000010, 130 SAMR_DOMAIN_ACCESS_CREATE_GROUP = 0x00000020, 131 SAMR_DOMAIN_ACCESS_CREATE_ALIAS = 0x00000040, 132 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS = 0x00000080, 133 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS = 0x00000100, 134 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT = 0x00000200, 135 SAMR_DOMAIN_ACCESS_SET_INFO_3 = 0x00000400 136 } samr_DomainAccessMask; 137 138 const int SAMR_DOMAIN_ACCESS_ALL_ACCESS = 0x000007FF; 139 140 const int GENERIC_RIGHTS_DOMAIN_ALL_ACCESS = 141 (STANDARD_RIGHTS_REQUIRED_ACCESS | 142 SAMR_DOMAIN_ACCESS_ALL_ACCESS); 143 144 const int GENERIC_RIGHTS_DOMAIN_READ = 145 (STANDARD_RIGHTS_READ_ACCESS | 146 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS | 147 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2); 148 149 const int GENERIC_RIGHTS_DOMAIN_WRITE = 150 (STANDARD_RIGHTS_WRITE_ACCESS | 151 SAMR_DOMAIN_ACCESS_SET_INFO_3 | 152 SAMR_DOMAIN_ACCESS_CREATE_ALIAS | 153 SAMR_DOMAIN_ACCESS_CREATE_GROUP | 154 SAMR_DOMAIN_ACCESS_CREATE_USER | 155 SAMR_DOMAIN_ACCESS_SET_INFO_2 | 156 SAMR_DOMAIN_ACCESS_SET_INFO_1); 157 158 const int GENERIC_RIGHTS_DOMAIN_EXECUTE = 159 (STANDARD_RIGHTS_EXECUTE_ACCESS | 160 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT | 161 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS | 162 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1); 163 164 /* Group Object specific access rights */ 165 166 typedef [bitmap32bit] bitmap { 167 SAMR_GROUP_ACCESS_LOOKUP_INFO = 0x00000001, 168 SAMR_GROUP_ACCESS_SET_INFO = 0x00000002, 169 SAMR_GROUP_ACCESS_ADD_MEMBER = 0x00000004, 170 SAMR_GROUP_ACCESS_REMOVE_MEMBER = 0x00000008, 171 SAMR_GROUP_ACCESS_GET_MEMBERS = 0x00000010 172 } samr_GroupAccessMask; 173 174 const int SAMR_GROUP_ACCESS_ALL_ACCESS = 0x0000001F; 175 176 const int GENERIC_RIGHTS_GROUP_ALL_ACCESS = 177 (STANDARD_RIGHTS_REQUIRED_ACCESS | 178 SAMR_GROUP_ACCESS_ALL_ACCESS); /* 0x000f001f */ 179 180 const int GENERIC_RIGHTS_GROUP_READ = 181 (STANDARD_RIGHTS_READ_ACCESS | 182 SAMR_GROUP_ACCESS_GET_MEMBERS); /* 0x00020010 */ 183 184 const int GENERIC_RIGHTS_GROUP_WRITE = 185 (STANDARD_RIGHTS_WRITE_ACCESS | 186 SAMR_GROUP_ACCESS_REMOVE_MEMBER | 187 SAMR_GROUP_ACCESS_ADD_MEMBER | 188 SAMR_GROUP_ACCESS_SET_INFO); /* 0x0002000e */ 189 190 const int GENERIC_RIGHTS_GROUP_EXECUTE = 191 (STANDARD_RIGHTS_EXECUTE_ACCESS | 192 SAMR_GROUP_ACCESS_LOOKUP_INFO); /* 0x00020001 */ 193 194 /* Alias Object specific access rights */ 195 196 typedef [bitmap32bit] bitmap { 197 SAMR_ALIAS_ACCESS_ADD_MEMBER = 0x00000001, 198 SAMR_ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002, 199 SAMR_ALIAS_ACCESS_GET_MEMBERS = 0x00000004, 200 SAMR_ALIAS_ACCESS_LOOKUP_INFO = 0x00000008, 201 SAMR_ALIAS_ACCESS_SET_INFO = 0x00000010 202 } samr_AliasAccessMask; 203 204 const int SAMR_ALIAS_ACCESS_ALL_ACCESS = 0x0000001F; 205 206 const int GENERIC_RIGHTS_ALIAS_ALL_ACCESS = 207 (STANDARD_RIGHTS_REQUIRED_ACCESS | 208 SAMR_ALIAS_ACCESS_ALL_ACCESS); /* 0x000f001f */ 209 210 const int GENERIC_RIGHTS_ALIAS_READ = 211 (STANDARD_RIGHTS_READ_ACCESS | 212 SAMR_ALIAS_ACCESS_GET_MEMBERS); /* 0x00020004 */ 213 214 const int GENERIC_RIGHTS_ALIAS_WRITE = 215 (STANDARD_RIGHTS_WRITE_ACCESS | 216 SAMR_ALIAS_ACCESS_REMOVE_MEMBER | 217 SAMR_ALIAS_ACCESS_ADD_MEMBER | 218 SAMR_ALIAS_ACCESS_SET_INFO); /* 0x00020013 */ 219 220 const int GENERIC_RIGHTS_ALIAS_EXECUTE = 221 (STANDARD_RIGHTS_EXECUTE_ACCESS | 222 SAMR_ALIAS_ACCESS_LOOKUP_INFO); /* 0x00020008 */ 223 224 /******************/ 225 /* Function: 0x00 */ 226 NTSTATUS samr_Connect ( 227 /* notice the lack of [string] */ 228 [in,unique] uint16 *system_name, 229 [in] samr_ConnectAccessMask access_mask, 230 [out,ref] policy_handle *connect_handle 231 ); 232 233 234 /******************/ 235 /* Function: 0x01 */ 236 [public] NTSTATUS samr_Close ( 237 [in,out,ref] policy_handle *handle 238 ); 239 240 /******************/ 241 /* Function: 0x02 */ 242 243 NTSTATUS samr_SetSecurity ( 244 [in,ref] policy_handle *handle, 245 [in] security_secinfo sec_info, 246 [in,ref] sec_desc_buf *sdbuf 247 ); 248 249 /******************/ 250 /* Function: 0x03 */ 251 252 NTSTATUS samr_QuerySecurity ( 253 [in,ref] policy_handle *handle, 254 [in] security_secinfo sec_info, 255 [out,ref] sec_desc_buf **sdbuf 256 ); 257 258 /******************/ 259 /* Function: 0x04 */ 260 261 /* 262 shutdown the SAM - once you call this the SAM will be dead 263 */ 264 NTSTATUS samr_Shutdown ( 265 [in,ref] policy_handle *connect_handle 266 ); 267 268 /******************/ 269 /* Function: 0x05 */ 270 NTSTATUS samr_LookupDomain ( 271 [in,ref] policy_handle *connect_handle, 272 [in,ref] lsa_String *domain_name, 273 [out,ref] dom_sid2 **sid 274 ); 275 276 277 /******************/ 278 /* Function: 0x06 */ 279 280 typedef struct { 281 uint32 idx; 282 lsa_String name; 283 } samr_SamEntry; 284 285 typedef struct { 286 uint32 count; 287 [size_is(count)] samr_SamEntry *entries; 288 } samr_SamArray; 289 290 NTSTATUS samr_EnumDomains ( 291 [in,ref] policy_handle *connect_handle, 292 [in,out,ref] uint32 *resume_handle, 293 [out,ref] samr_SamArray **sam, 294 [in] uint32 buf_size, 295 [out,ref] uint32 *num_entries 296 ); 297 298 299 /************************/ 300 /* Function 0x07 */ 301 [public] NTSTATUS samr_OpenDomain( 302 [in,ref] policy_handle *connect_handle, 303 [in] samr_DomainAccessMask access_mask, 304 [in,ref] dom_sid2 *sid, 305 [out,ref] policy_handle *domain_handle 306 ); 307 308 /************************/ 309 /* Function 0x08 */ 310 311 typedef enum { 312 DomainPasswordInformation = 1, 313 DomainGeneralInformation = 2, 314 DomainLogoffInformation = 3, 315 DomainOemInformation = 4, 316 DomainNameInformation = 5, 317 DomainReplicationInformation = 6, 318 DomainServerRoleInformation = 7, 319 DomainModifiedInformation = 8, 320 DomainStateInformation = 9, 321 DomainUasInformation = 10, 322 DomainGeneralInformation2 = 11, 323 DomainLockoutInformation = 12, 324 DomainModifiedInformation2 = 13 325 } samr_DomainInfoClass; 326 327 /* server roles */ 328 typedef [v1_enum] enum { 329 SAMR_ROLE_STANDALONE = 0, 330 SAMR_ROLE_DOMAIN_MEMBER = 1, 331 SAMR_ROLE_DOMAIN_BDC = 2, 332 SAMR_ROLE_DOMAIN_PDC = 3 333 } samr_Role; 334 335 /* password properties flags */ 336 typedef [public,bitmap32bit] bitmap { 337 DOMAIN_PASSWORD_COMPLEX = 0x00000001, 338 DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002, 339 DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004, 340 DOMAIN_PASSWORD_LOCKOUT_ADMINS = 0x00000008, 341 DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010, 342 DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020 343 } samr_PasswordProperties; 344 345 typedef [v1_enum] enum { 346 DOMAIN_SERVER_ENABLED = 1, 347 DOMAIN_SERVER_DISABLED = 2 348 } samr_DomainServerState; 349 350 typedef struct { 351 uint16 min_password_length; 352 uint16 password_history_length; 353 samr_PasswordProperties password_properties; 354 /* yes, these are signed. They are in negative 100ns */ 355 dlong max_password_age; 356 dlong min_password_age; 357 } samr_DomInfo1; 358 359 typedef struct { 360 NTTIME force_logoff_time; 361 lsa_String oem_information; /* comment */ 362 lsa_String domain_name; 363 lsa_String primary; /* PDC name if this is a BDC */ 364 udlong sequence_num; 365 samr_DomainServerState domain_server_state; 366 samr_Role role; 367 uint32 unknown3; 368 uint32 num_users; 369 uint32 num_groups; 370 uint32 num_aliases; 371 } samr_DomGeneralInformation; 372 373 typedef struct { 374 NTTIME force_logoff_time; 375 } samr_DomInfo3; 376 377 typedef struct { 378 lsa_String oem_information; /* comment */ 379 } samr_DomOEMInformation; 380 381 typedef struct { 382 lsa_String domain_name; 383 } samr_DomInfo5; 384 385 typedef struct { 386 lsa_String primary; 387 } samr_DomInfo6; 388 389 typedef struct { 390 samr_Role role; 391 } samr_DomInfo7; 392 393 typedef struct { 394 hyper sequence_num; 395 NTTIME domain_create_time; 396 } samr_DomInfo8; 397 398 typedef struct { 399 samr_DomainServerState domain_server_state; 400 } samr_DomInfo9; 401 402 typedef struct { 403 samr_DomGeneralInformation general; 404 hyper lockout_duration; 405 hyper lockout_window; 406 uint16 lockout_threshold; 407 } samr_DomGeneralInformation2; 408 409 typedef struct { 410 hyper lockout_duration; 411 hyper lockout_window; 412 uint16 lockout_threshold; 413 } samr_DomInfo12; 414 415 typedef struct { 416 hyper sequence_num; 417 NTTIME domain_create_time; 418 hyper modified_count_at_last_promotion; 419 } samr_DomInfo13; 420 421 typedef [switch_type(uint16)] union { 422 [case(1)] samr_DomInfo1 info1; 423 [case(2)] samr_DomGeneralInformation general; 424 [case(3)] samr_DomInfo3 info3; 425 [case(4)] samr_DomOEMInformation oem; 426 [case(5)] samr_DomInfo5 info5; 427 [case(6)] samr_DomInfo6 info6; 428 [case(7)] samr_DomInfo7 info7; 429 [case(8)] samr_DomInfo8 info8; 430 [case(9)] samr_DomInfo9 info9; 431 [case(11)] samr_DomGeneralInformation2 general2; 432 [case(12)] samr_DomInfo12 info12; 433 [case(13)] samr_DomInfo13 info13; 434 } samr_DomainInfo; 435 436 NTSTATUS samr_QueryDomainInfo( 437 [in,ref] policy_handle *domain_handle, 438 [in] samr_DomainInfoClass level, 439 [out,ref,switch_is(level)] samr_DomainInfo **info 440 ); 441 442 /************************/ 443 /* Function 0x09 */ 444 /* 445 only levels 1, 3, 4, 6, 7, 9, 12 are valid for this 446 call in w2k3 447 */ 448 NTSTATUS samr_SetDomainInfo( 449 [in,ref] policy_handle *domain_handle, 450 [in] samr_DomainInfoClass level, 451 [in,switch_is(level),ref] samr_DomainInfo *info 452 ); 453 454 455 /************************/ 456 /* Function 0x0a */ 457 NTSTATUS samr_CreateDomainGroup( 458 [in,ref] policy_handle *domain_handle, 459 [in,ref] lsa_String *name, 460 [in] samr_GroupAccessMask access_mask, 461 [out,ref] policy_handle *group_handle, 462 [out,ref] uint32 *rid 463 ); 464 465 466 /************************/ 467 /* Function 0x0b */ 468 NTSTATUS samr_EnumDomainGroups( 469 [in] policy_handle *domain_handle, 470 [in,out,ref] uint32 *resume_handle, 471 [out,ref] samr_SamArray **sam, 472 [in] uint32 max_size, 473 [out,ref] uint32 *num_entries 474 ); 475 476 /************************/ 477 /* Function 0x0c */ 478 NTSTATUS samr_CreateUser( 479 [in,ref] policy_handle *domain_handle, 480 [in,ref] lsa_String *account_name, 481 [in] samr_UserAccessMask access_mask, 482 [out,ref] policy_handle *user_handle, 483 [out,ref] uint32 *rid 484 ); 485 486 /************************/ 487 /* Function 0x0d */ 488 489 490 /* w2k3 treats max_size as max_users*54 and sets the 491 resume_handle as the rid of the last user sent 492 */ 493 const int SAMR_ENUM_USERS_MULTIPLIER = 54; 494 495 NTSTATUS samr_EnumDomainUsers( 496 [in] policy_handle *domain_handle, 497 [in,out,ref] uint32 *resume_handle, 498 [in] samr_AcctFlags acct_flags, 499 [out,ref] samr_SamArray **sam, 500 [in] uint32 max_size, 501 [out,ref] uint32 *num_entries 502 ); 503 504 /************************/ 505 /* Function 0x0e */ 506 NTSTATUS samr_CreateDomAlias( 507 [in,ref] policy_handle *domain_handle, 508 [in,ref] lsa_String *alias_name, 509 [in] samr_AliasAccessMask access_mask, 510 [out,ref] policy_handle *alias_handle, 511 [out,ref] uint32 *rid 512 ); 513 514 /************************/ 515 /* Function 0x0f */ 516 NTSTATUS samr_EnumDomainAliases( 517 [in] policy_handle *domain_handle, 518 [in,out,ref] uint32 *resume_handle, 519 [out,ref] samr_SamArray **sam, 520 [in] uint32 max_size, 521 [out,ref] uint32 *num_entries 522 ); 523 524 /************************/ 525 /* Function 0x10 */ 526 527 typedef struct { 528 [range(0,1024)] uint32 count; 529 [size_is(count)] uint32 *ids; 530 } samr_Ids; 531 532 NTSTATUS samr_GetAliasMembership( 533 [in,ref] policy_handle *domain_handle, 534 [in,ref] lsa_SidArray *sids, 535 [out,ref] samr_Ids *rids 536 ); 537 538 /************************/ 539 /* Function 0x11 */ 540 541 [public] NTSTATUS samr_LookupNames( 542 [in,ref] policy_handle *domain_handle, 543 [in,range(0,1000)] uint32 num_names, 544 [in,size_is(1000),length_is(num_names)] lsa_String names[], 545 [out,ref] samr_Ids *rids, 546 [out,ref] samr_Ids *types 547 ); 548 549 550 /************************/ 551 /* Function 0x12 */ 552 NTSTATUS samr_LookupRids( 553 [in,ref] policy_handle *domain_handle, 554 [in,range(0,1000)] uint32 num_rids, 555 [in,size_is(1000),length_is(num_rids)] uint32 rids[], 556 [out,ref] lsa_Strings *names, 557 [out,ref] samr_Ids *types 558 ); 559 560 /************************/ 561 /* Function 0x13 */ 562 NTSTATUS samr_OpenGroup( 563 [in,ref] policy_handle *domain_handle, 564 [in] samr_GroupAccessMask access_mask, 565 [in] uint32 rid, 566 [out,ref] policy_handle *group_handle 567 ); 568 569 /************************/ 570 /* Function 0x14 */ 571 572 typedef struct { 573 lsa_String name; 574 security_GroupAttrs attributes; 575 uint32 num_members; 576 lsa_String description; 577 } samr_GroupInfoAll; 578 579 typedef struct { 580 security_GroupAttrs attributes; 581 } samr_GroupInfoAttributes; 582 583 typedef struct { 584 lsa_String description; 585 } samr_GroupInfoDescription; 586 587 typedef enum { 588 GROUPINFOALL = 1, 589 GROUPINFONAME = 2, 590 GROUPINFOATTRIBUTES = 3, 591 GROUPINFODESCRIPTION = 4, 592 GROUPINFOALL2 = 5 593 } samr_GroupInfoEnum; 594 595 typedef [switch_type(samr_GroupInfoEnum)] union { 596 [case(GROUPINFOALL)] samr_GroupInfoAll all; 597 [case(GROUPINFONAME)] lsa_String name; 598 [case(GROUPINFOATTRIBUTES)] samr_GroupInfoAttributes attributes; 599 [case(GROUPINFODESCRIPTION)] lsa_String description; 600 [case(GROUPINFOALL2)] samr_GroupInfoAll all2; 601 } samr_GroupInfo; 602 603 NTSTATUS samr_QueryGroupInfo( 604 [in,ref] policy_handle *group_handle, 605 [in] samr_GroupInfoEnum level, 606 [out,ref,switch_is(level)] samr_GroupInfo **info 607 ); 608 609 /************************/ 610 /* Function 0x15 */ 611 NTSTATUS samr_SetGroupInfo( 612 [in,ref] policy_handle *group_handle, 613 [in] samr_GroupInfoEnum level, 614 [in,switch_is(level),ref] samr_GroupInfo *info 615 ); 616 617 /************************/ 618 /* Function 0x16 */ 619 NTSTATUS samr_AddGroupMember( 620 [in,ref] policy_handle *group_handle, 621 [in] uint32 rid, 622 [in] uint32 flags 623 ); 624 625 /************************/ 626 /* Function 0x17 */ 627 NTSTATUS samr_DeleteDomainGroup( 628 [in,out,ref] policy_handle *group_handle 629 ); 630 631 /************************/ 632 /* Function 0x18 */ 633 NTSTATUS samr_DeleteGroupMember( 634 [in,ref] policy_handle *group_handle, 635 [in] uint32 rid 636 ); 637 638 639 /************************/ 640 /* Function 0x19 */ 641 typedef struct { 642 uint32 count; 643 [size_is(count)] uint32 *rids; 644 [size_is(count)] security_GroupAttrs *attributes; 645 } samr_RidAttrArray; 646 647 NTSTATUS samr_QueryGroupMember( 648 [in,ref] policy_handle *group_handle, 649 [out,ref] samr_RidAttrArray **rids 650 ); 651 652 653 /************************/ 654 /* Function 0x1a */ 655 656 /* 657 win2003 seems to accept any data at all for the two integers 658 below, and doesn't seem to do anything with them that I can 659 see. Weird. I really expected the first integer to be a rid 660 and the second to be the attributes for that rid member. 661 */ 662 NTSTATUS samr_SetMemberAttributesOfGroup( 663 [in,ref] policy_handle *group_handle, 664 [in] uint32 unknown1, 665 [in] uint32 unknown2 666 ); 667 668 669 /************************/ 670 /* Function 0x1b */ 671 NTSTATUS samr_OpenAlias ( 672 [in,ref] policy_handle *domain_handle, 673 [in] samr_AliasAccessMask access_mask, 674 [in] uint32 rid, 675 [out,ref] policy_handle *alias_handle 676 ); 677 678 679 /************************/ 680 /* Function 0x1c */ 681 682 typedef struct { 683 lsa_String name; 684 uint32 num_members; 685 lsa_String description; 686 } samr_AliasInfoAll; 687 688 typedef enum { 689 ALIASINFOALL = 1, 690 ALIASINFONAME = 2, 691 ALIASINFODESCRIPTION = 3 692 } samr_AliasInfoEnum; 693 694 typedef [switch_type(samr_AliasInfoEnum)] union { 695 [case(ALIASINFOALL)] samr_AliasInfoAll all; 696 [case(ALIASINFONAME)] lsa_String name; 697 [case(ALIASINFODESCRIPTION)] lsa_String description; 698 } samr_AliasInfo; 699 700 NTSTATUS samr_QueryAliasInfo( 701 [in,ref] policy_handle *alias_handle, 702 [in] samr_AliasInfoEnum level, 703 [out,ref,switch_is(level)] samr_AliasInfo **info 704 ); 705 706 /************************/ 707 /* Function 0x1d */ 708 NTSTATUS samr_SetAliasInfo( 709 [in,ref] policy_handle *alias_handle, 710 [in] samr_AliasInfoEnum level, 711 [in,switch_is(level),ref] samr_AliasInfo *info 712 ); 713 714 /************************/ 715 /* Function 0x1e */ 716 NTSTATUS samr_DeleteDomAlias( 717 [in,out,ref] policy_handle *alias_handle 718 ); 719 720 /************************/ 721 /* Function 0x1f */ 722 NTSTATUS samr_AddAliasMember( 723 [in,ref] policy_handle *alias_handle, 724 [in,ref] dom_sid2 *sid 725 ); 726 727 /************************/ 728 /* Function 0x20 */ 729 NTSTATUS samr_DeleteAliasMember( 730 [in,ref] policy_handle *alias_handle, 731 [in,ref] dom_sid2 *sid 732 ); 733 734 /************************/ 735 /* Function 0x21 */ 736 NTSTATUS samr_GetMembersInAlias( 737 [in,ref] policy_handle *alias_handle, 738 [out,ref] lsa_SidArray *sids 739 ); 740 741 /************************/ 742 /* Function 0x22 */ 743 [public] NTSTATUS samr_OpenUser( 744 [in,ref] policy_handle *domain_handle, 745 [in] samr_UserAccessMask access_mask, 746 [in] uint32 rid, 747 [out,ref] policy_handle *user_handle 748 ); 749 750 /************************/ 751 /* Function 0x23 */ 752 NTSTATUS samr_DeleteUser( 753 [in,out,ref] policy_handle *user_handle 754 ); 755 756 /************************/ 757 /* Function 0x24 */ 758 759 typedef enum { 760 UserGeneralInformation = 1, 761 UserPreferencesInformation = 2, 762 UserLogonInformation = 3, 763 UserLogonHoursInformation = 4, 764 UserAccountInformation = 5, 765 UserNameInformation = 6, 766 UserAccountNameInformation = 7, 767 UserFullNameInformation = 8, 768 UserPrimaryGroupInformation = 9, 769 UserHomeInformation = 10, 770 UserScriptInformation = 11, 771 UserProfileInformation = 12, 772 UserAdminCommentInformation = 13, 773 UserWorkStationsInformation = 14, 774 UserControlInformation = 16, 775 UserExpiresInformation = 17, 776 UserInternal1Information = 18, 777 UserParametersInformation = 20, 778 UserAllInformation = 21, 779 UserInternal4Information = 23, 780 UserInternal5Information = 24, 781 UserInternal4InformationNew = 25, 782 UserInternal5InformationNew = 26 783 } samr_UserInfoLevel; 784 785 typedef struct { 786 lsa_String account_name; 787 lsa_String full_name; 788 uint32 primary_gid; 789 lsa_String description; 790 lsa_String comment; 791 } samr_UserInfo1; 792 793 typedef struct { 794 lsa_String comment; 795 lsa_String reserved; /* settable, but doesn't stick. probably obsolete */ 796 uint16 country_code; 797 uint16 code_page; 798 } samr_UserInfo2; 799 800 /* this is also used in samr and netlogon */ 801 typedef [public, flag(NDR_PAHEX)] struct { 802 uint16 units_per_week; 803 [size_is(1260), length_is(units_per_week/8)] uint8 *bits; 804 } samr_LogonHours; 805 806 typedef struct { 807 lsa_String account_name; 808 lsa_String full_name; 809 uint32 rid; 810 uint32 primary_gid; 811 lsa_String home_directory; 812 lsa_String home_drive; 813 lsa_String logon_script; 814 lsa_String profile_path; 815 lsa_String workstations; 816 NTTIME last_logon; 817 NTTIME last_logoff; 818 NTTIME last_password_change; 819 NTTIME allow_password_change; 820 NTTIME force_password_change; 821 samr_LogonHours logon_hours; 822 uint16 bad_password_count; 823 uint16 logon_count; 824 samr_AcctFlags acct_flags; 825 } samr_UserInfo3; 826 827 typedef struct { 828 samr_LogonHours logon_hours; 829 } samr_UserInfo4; 830 831 typedef struct { 832 lsa_String account_name; 833 lsa_String full_name; 834 uint32 rid; 835 uint32 primary_gid; 836 lsa_String home_directory; 837 lsa_String home_drive; 838 lsa_String logon_script; 839 lsa_String profile_path; 840 lsa_String description; 841 lsa_String workstations; 842 NTTIME last_logon; 843 NTTIME last_logoff; 844 samr_LogonHours logon_hours; 845 uint16 bad_password_count; 846 uint16 logon_count; 847 NTTIME last_password_change; 848 NTTIME acct_expiry; 849 samr_AcctFlags acct_flags; 850 } samr_UserInfo5; 851 852 typedef struct { 853 lsa_String account_name; 854 lsa_String full_name; 855 } samr_UserInfo6; 856 857 typedef struct { 858 lsa_String account_name; 859 } samr_UserInfo7; 860 861 typedef struct { 862 lsa_String full_name; 863 } samr_UserInfo8; 864 865 typedef struct { 866 uint32 primary_gid; 867 } samr_UserInfo9; 868 869 typedef struct { 870 lsa_String home_directory; 871 lsa_String home_drive; 872 } samr_UserInfo10; 873 874 typedef struct { 875 lsa_String logon_script; 876 } samr_UserInfo11; 877 878 typedef struct { 879 lsa_String profile_path; 880 } samr_UserInfo12; 881 882 typedef struct { 883 lsa_String description; 884 } samr_UserInfo13; 885 886 typedef struct { 887 lsa_String workstations; 888 } samr_UserInfo14; 889 890 typedef struct { 891 samr_AcctFlags acct_flags; 892 } samr_UserInfo16; 893 894 typedef struct { 895 NTTIME acct_expiry; 896 } samr_UserInfo17; 897 898 typedef [public, flag(NDR_PAHEX)] struct { 899 uint8 hash[16]; 900 } samr_Password; 901 902 typedef struct { 903 samr_Password nt_pwd; 904 samr_Password lm_pwd; 905 boolean8 nt_pwd_active; 906 boolean8 lm_pwd_active; 907 uint8 password_expired; 908 } samr_UserInfo18; 909 910 typedef struct { 911 lsa_BinaryString parameters; 912 } samr_UserInfo20; 913 914 /* this defines the bits used for fields_present in info21 */ 915 typedef [bitmap32bit] bitmap { 916 SAMR_FIELD_ACCOUNT_NAME = 0x00000001, 917 SAMR_FIELD_FULL_NAME = 0x00000002, 918 SAMR_FIELD_RID = 0x00000004, 919 SAMR_FIELD_PRIMARY_GID = 0x00000008, 920 SAMR_FIELD_DESCRIPTION = 0x00000010, 921 SAMR_FIELD_COMMENT = 0x00000020, 922 SAMR_FIELD_HOME_DIRECTORY = 0x00000040, 923 SAMR_FIELD_HOME_DRIVE = 0x00000080, 924 SAMR_FIELD_LOGON_SCRIPT = 0x00000100, 925 SAMR_FIELD_PROFILE_PATH = 0x00000200, 926 SAMR_FIELD_WORKSTATIONS = 0x00000400, 927 SAMR_FIELD_LAST_LOGON = 0x00000800, 928 SAMR_FIELD_LAST_LOGOFF = 0x00001000, 929 SAMR_FIELD_LOGON_HOURS = 0x00002000, 930 SAMR_FIELD_BAD_PWD_COUNT = 0x00004000, 931 SAMR_FIELD_NUM_LOGONS = 0x00008000, 932 SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000, 933 SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000, 934 SAMR_FIELD_LAST_PWD_CHANGE = 0x00040000, 935 SAMR_FIELD_ACCT_EXPIRY = 0x00080000, 936 SAMR_FIELD_ACCT_FLAGS = 0x00100000, 937 SAMR_FIELD_PARAMETERS = 0x00200000, 938 SAMR_FIELD_COUNTRY_CODE = 0x00400000, 939 SAMR_FIELD_CODE_PAGE = 0x00800000, 940 SAMR_FIELD_NT_PASSWORD_PRESENT = 0x01000000, /* either of these */ 941 SAMR_FIELD_LM_PASSWORD_PRESENT = 0x02000000, /* two bits seems to work */ 942 SAMR_FIELD_PRIVATE_DATA = 0x04000000, 943 SAMR_FIELD_EXPIRED_FLAG = 0x08000000, 944 SAMR_FIELD_SEC_DESC = 0x10000000, 945 SAMR_FIELD_OWF_PWD = 0x20000000 946 } samr_FieldsPresent; 947 948 /* used for 'password_expired' in samr_UserInfo21 */ 949 const int PASS_MUST_CHANGE_AT_NEXT_LOGON = 0x01; 950 const int PASS_DONT_CHANGE_AT_NEXT_LOGON = 0x00; 951 952 typedef struct { 953 NTTIME last_logon; 954 NTTIME last_logoff; 955 NTTIME last_password_change; 956 NTTIME acct_expiry; 957 NTTIME allow_password_change; 958 NTTIME force_password_change; 959 lsa_String account_name; 960 lsa_String full_name; 961 lsa_String home_directory; 962 lsa_String home_drive; 963 lsa_String logon_script; 964 lsa_String profile_path; 965 lsa_String description; 966 lsa_String workstations; 967 lsa_String comment; 968 lsa_BinaryString parameters; 969 lsa_BinaryString lm_owf_password; 970 lsa_BinaryString nt_owf_password; 971 lsa_String private_data; 972 uint32 buf_count; 973 [size_is(buf_count)] uint8 *buffer; 974 uint32 rid; 975 uint32 primary_gid; 976 samr_AcctFlags acct_flags; 977 samr_FieldsPresent fields_present; 978 samr_LogonHours logon_hours; 979 uint16 bad_password_count; 980 uint16 logon_count; 981 uint16 country_code; 982 uint16 code_page; 983 uint8 lm_password_set; 984 uint8 nt_password_set; 985 uint8 password_expired; 986 uint8 private_data_sensitive; 987 } samr_UserInfo21; 988 989 typedef [public, flag(NDR_PAHEX)] struct { 990 uint8 data[516]; 991 } samr_CryptPassword; 992 993 typedef struct { 994 samr_UserInfo21 info; 995 samr_CryptPassword password; 996 } samr_UserInfo23; 997 998 typedef struct { 999 samr_CryptPassword password; 1000 uint8 password_expired; 1001 } samr_UserInfo24; 1002 1003 typedef [flag(NDR_PAHEX)] struct { 1004 uint8 data[532]; 1005 } samr_CryptPasswordEx; 1006 1007 typedef struct { 1008 samr_UserInfo21 info; 1009 samr_CryptPasswordEx password; 1010 } samr_UserInfo25; 1011 1012 typedef struct { 1013 samr_CryptPasswordEx password; 1014 uint8 password_expired; 1015 } samr_UserInfo26; 1016 1017 typedef [switch_type(uint16)] union { 1018 [case(1)] samr_UserInfo1 info1; 1019 [case(2)] samr_UserInfo2 info2; 1020 [case(3)] samr_UserInfo3 info3; 1021 [case(4)] samr_UserInfo4 info4; 1022 [case(5)] samr_UserInfo5 info5; 1023 [case(6)] samr_UserInfo6 info6; 1024 [case(7)] samr_UserInfo7 info7; 1025 [case(8)] samr_UserInfo8 info8; 1026 [case(9)] samr_UserInfo9 info9; 1027 [case(10)] samr_UserInfo10 info10; 1028 [case(11)] samr_UserInfo11 info11; 1029 [case(12)] samr_UserInfo12 info12; 1030 [case(13)] samr_UserInfo13 info13; 1031 [case(14)] samr_UserInfo14 info14; 1032 [case(16)] samr_UserInfo16 info16; 1033 [case(17)] samr_UserInfo17 info17; 1034 [case(18)] samr_UserInfo18 info18; 1035 [case(20)] samr_UserInfo20 info20; 1036 [case(21)] samr_UserInfo21 info21; 1037 [case(23)] samr_UserInfo23 info23; 1038 [case(24)] samr_UserInfo24 info24; 1039 [case(25)] samr_UserInfo25 info25; 1040 [case(26)] samr_UserInfo26 info26; 1041 } samr_UserInfo; 1042 1043 [public] NTSTATUS samr_QueryUserInfo( 1044 [in,ref] policy_handle *user_handle, 1045 [in] samr_UserInfoLevel level, 1046 [out,ref,switch_is(level)] samr_UserInfo **info 1047 ); 1048 1049 1050 /************************/ 1051 /* Function 0x25 */ 1052 [public] NTSTATUS samr_SetUserInfo( 1053 [in,ref] policy_handle *user_handle, 1054 [in] samr_UserInfoLevel level, 1055 [in,ref,switch_is(level)] samr_UserInfo *info 1056 ); 1057 1058 /************************/ 1059 /* Function 0x26 */ 1060 /* 1061 this is a password change interface that doesn't give 1062 the server the plaintext password. Depricated. 1063 */ 1064 NTSTATUS samr_ChangePasswordUser( 1065 [in,ref] policy_handle *user_handle, 1066 [in] boolean8 lm_present, 1067 [in,unique] samr_Password *old_lm_crypted, 1068 [in,unique] samr_Password *new_lm_crypted, 1069 [in] boolean8 nt_present, 1070 [in,unique] samr_Password *old_nt_crypted, 1071 [in,unique] samr_Password *new_nt_crypted, 1072 [in] boolean8 cross1_present, 1073 [in,unique] samr_Password *nt_cross, 1074 [in] boolean8 cross2_present, 1075 [in,unique] samr_Password *lm_cross 1076 ); 1077 1078 /************************/ 1079 /* Function 0x27 */ 1080 1081 typedef [public] struct { 1082 uint32 rid; 1083 security_GroupAttrs attributes; 1084 } samr_RidWithAttribute; 1085 1086 typedef [public] struct { 1087 uint32 count; 1088 [size_is(count)] samr_RidWithAttribute *rids; 1089 } samr_RidWithAttributeArray; 1090 1091 NTSTATUS samr_GetGroupsForUser( 1092 [in,ref] policy_handle *user_handle, 1093 [out,ref] samr_RidWithAttributeArray **rids 1094 ); 1095 1096 /************************/ 1097 /* Function 0x28 */ 1098 1099 typedef struct { 1100 uint32 idx; 1101 uint32 rid; 1102 samr_AcctFlags acct_flags; 1103 lsa_String account_name; 1104 lsa_String description; 1105 lsa_String full_name; 1106 } samr_DispEntryGeneral; 1107 1108 typedef struct { 1109 uint32 count; 1110 [size_is(count)] samr_DispEntryGeneral *entries; 1111 } samr_DispInfoGeneral; 1112 1113 typedef struct { 1114 uint32 idx; 1115 uint32 rid; 1116 samr_AcctFlags acct_flags; 1117 lsa_String account_name; 1118 lsa_String description; 1119 } samr_DispEntryFull; 1120 1121 typedef struct { 1122 uint32 count; 1123 [size_is(count)] samr_DispEntryFull *entries; 1124 } samr_DispInfoFull; 1125 1126 typedef struct { 1127 uint32 idx; 1128 uint32 rid; 1129 security_GroupAttrs acct_flags; 1130 lsa_String account_name; 1131 lsa_String description; 1132 } samr_DispEntryFullGroup; 1133 1134 typedef struct { 1135 uint32 count; 1136 [size_is(count)] samr_DispEntryFullGroup *entries; 1137 } samr_DispInfoFullGroups; 1138 1139 typedef struct { 1140 uint32 idx; 1141 lsa_AsciiStringLarge account_name; 1142 } samr_DispEntryAscii; 1143 1144 typedef struct { 1145 uint32 count; 1146 [size_is(count)] samr_DispEntryAscii *entries; 1147 } samr_DispInfoAscii; 1148 1149 typedef [switch_type(uint16)] union { 1150 [case(1)] samr_DispInfoGeneral info1;/* users */ 1151 [case(2)] samr_DispInfoFull info2; /* trust accounts? */ 1152 [case(3)] samr_DispInfoFullGroups info3; /* groups */ 1153 [case(4)] samr_DispInfoAscii info4; /* users */ 1154 [case(5)] samr_DispInfoAscii info5; /* groups */ 1155 } samr_DispInfo; 1156 1157 NTSTATUS samr_QueryDisplayInfo( 1158 [in,ref] policy_handle *domain_handle, 1159 [in] uint16 level, 1160 [in] uint32 start_idx, 1161 [in] uint32 max_entries, 1162 [in] uint32 buf_size, 1163 [out,ref] uint32 *total_size, 1164 [out,ref] uint32 *returned_size, 1165 [out,ref,switch_is(level)] samr_DispInfo *info 1166 ); 1167 1168 1169 /************************/ 1170 /* Function 0x29 */ 1171 1172 /* 1173 this seems to be an alphabetic search function. The returned index 1174 is the index for samr_QueryDisplayInfo needed to get names occurring 1175 after the specified name. The supplied name does not need to exist 1176 in the database (for example you can supply just a first letter for 1177 searching starting at that letter) 1178 1179 The level corresponds to the samr_QueryDisplayInfo level 1180 */ 1181 NTSTATUS samr_GetDisplayEnumerationIndex( 1182 [in,ref] policy_handle *domain_handle, 1183 [in] uint16 level, 1184 [in,ref] lsa_String *name, 1185 [out,ref] uint32 *idx 1186 ); 1187 1188 1189 1190 /************************/ 1191 /* Function 0x2a */ 1192 1193 /* 1194 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this 1195 */ 1196 NTSTATUS samr_TestPrivateFunctionsDomain( 1197 [in,ref] policy_handle *domain_handle 1198 ); 1199 1200 1201 /************************/ 1202 /* Function 0x2b */ 1203 1204 /* 1205 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this 1206 */ 1207 NTSTATUS samr_TestPrivateFunctionsUser( 1208 [in,ref] policy_handle *user_handle 1209 ); 1210 1211 1212 /************************/ 1213 /* Function 0x2c */ 1214 1215 typedef struct { 1216 uint16 min_password_length; 1217 samr_PasswordProperties password_properties; 1218 } samr_PwInfo; 1219 1220 [public] NTSTATUS samr_GetUserPwInfo( 1221 [in,ref] policy_handle *user_handle, 1222 [out,ref] samr_PwInfo *info 1223 ); 1224 1225 /************************/ 1226 /* Function 0x2d */ 1227 NTSTATUS samr_RemoveMemberFromForeignDomain( 1228 [in,ref] policy_handle *domain_handle, 1229 [in,ref] dom_sid2 *sid 1230 ); 1231 1232 /************************/ 1233 /* Function 0x2e */ 1234 1235 /* 1236 how is this different from QueryDomainInfo ?? 1237 */ 1238 NTSTATUS samr_QueryDomainInfo2( 1239 [in,ref] policy_handle *domain_handle, 1240 [in] samr_DomainInfoClass level, 1241 [out,ref,switch_is(level)] samr_DomainInfo **info 1242 ); 1243 1244 /************************/ 1245 /* Function 0x2f */ 1246 1247 /* 1248 how is this different from QueryUserInfo ?? 1249 */ 1250 NTSTATUS samr_QueryUserInfo2( 1251 [in,ref] policy_handle *user_handle, 1252 [in] samr_UserInfoLevel level, 1253 [out,ref,switch_is(level)] samr_UserInfo **info 1254 ); 1255 1256 /************************/ 1257 /* Function 0x30 */ 1258 1259 /* 1260 how is this different from QueryDisplayInfo?? 1261 */ 1262 NTSTATUS samr_QueryDisplayInfo2( 1263 [in,ref] policy_handle *domain_handle, 1264 [in] uint16 level, 1265 [in] uint32 start_idx, 1266 [in] uint32 max_entries, 1267 [in] uint32 buf_size, 1268 [out,ref] uint32 *total_size, 1269 [out,ref] uint32 *returned_size, 1270 [out,ref,switch_is(level)] samr_DispInfo *info 1271 ); 1272 1273 /************************/ 1274 /* Function 0x31 */ 1275 1276 /* 1277 how is this different from GetDisplayEnumerationIndex ?? 1278 */ 1279 NTSTATUS samr_GetDisplayEnumerationIndex2( 1280 [in,ref] policy_handle *domain_handle, 1281 [in] uint16 level, 1282 [in,ref] lsa_String *name, 1283 [out,ref] uint32 *idx 1284 ); 1285 1286 1287 /************************/ 1288 /* Function 0x32 */ 1289 NTSTATUS samr_CreateUser2( 1290 [in,ref] policy_handle *domain_handle, 1291 [in,ref] lsa_String *account_name, 1292 [in] samr_AcctFlags acct_flags, 1293 [in] samr_UserAccessMask access_mask, 1294 [out,ref] policy_handle *user_handle, 1295 [out,ref] uint32 *access_granted, 1296 [out,ref] uint32 *rid 1297 ); 1298 1299 1300 /************************/ 1301 /* Function 0x33 */ 1302 1303 /* 1304 another duplicate. There must be a reason .... 1305 */ 1306 NTSTATUS samr_QueryDisplayInfo3( 1307 [in,ref] policy_handle *domain_handle, 1308 [in] uint16 level, 1309 [in] uint32 start_idx, 1310 [in] uint32 max_entries, 1311 [in] uint32 buf_size, 1312 [out,ref] uint32 *total_size, 1313 [out,ref] uint32 *returned_size, 1314 [out,ref,switch_is(level)] samr_DispInfo *info 1315 ); 1316 1317 /************************/ 1318 /* Function 0x34 */ 1319 NTSTATUS samr_AddMultipleMembersToAlias( 1320 [in,ref] policy_handle *alias_handle, 1321 [in,ref] lsa_SidArray *sids 1322 ); 1323 1324 /************************/ 1325 /* Function 0x35 */ 1326 NTSTATUS samr_RemoveMultipleMembersFromAlias( 1327 [in,ref] policy_handle *alias_handle, 1328 [in,ref] lsa_SidArray *sids 1329 ); 1330 1331 /************************/ 1332 /* Function 0x36 */ 1333 1334 NTSTATUS samr_OemChangePasswordUser2( 1335 [in,unique] lsa_AsciiString *server, 1336 [in,ref] lsa_AsciiString *account, 1337 [in,unique] samr_CryptPassword *password, 1338 [in,unique] samr_Password *hash 1339 ); 1340 1341 /************************/ 1342 /* Function 0x37 */ 1343 NTSTATUS samr_ChangePasswordUser2( 1344 [in,unique] lsa_String *server, 1345 [in,ref] lsa_String *account, 1346 [in,unique] samr_CryptPassword *nt_password, 1347 [in,unique] samr_Password *nt_verifier, 1348 [in] boolean8 lm_change, 1349 [in,unique] samr_CryptPassword *lm_password, 1350 [in,unique] samr_Password *lm_verifier 1351 ); 1352 1353 /************************/ 1354 /* Function 0x38 */ 1355 NTSTATUS samr_GetDomPwInfo( 1356 [in,unique] lsa_String *domain_name, 1357 [out,ref] samr_PwInfo *info 1358 ); 1359 1360 /************************/ 1361 /* Function 0x39 */ 1362 NTSTATUS samr_Connect2( 1363 [in,unique,string,charset(UTF16)] uint16 *system_name, 1364 [in] samr_ConnectAccessMask access_mask, 1365 [out,ref] policy_handle *connect_handle 1366 ); 1367 1368 /************************/ 1369 /* Function 0x3a */ 1370 /* 1371 seems to be an exact alias for samr_SetUserInfo() 1372 */ 1373 [public] NTSTATUS samr_SetUserInfo2( 1374 [in,ref] policy_handle *user_handle, 1375 [in] samr_UserInfoLevel level, 1376 [in,ref,switch_is(level)] samr_UserInfo *info 1377 ); 1378 1379 /************************/ 1380 /* Function 0x3b */ 1381 /* 1382 this one is mysterious. I have a few guesses, but nothing working yet 1383 */ 1384 NTSTATUS samr_SetBootKeyInformation( 1385 [in,ref] policy_handle *connect_handle, 1386 [in] uint32 unknown1, 1387 [in] uint32 unknown2, 1388 [in] uint32 unknown3 1389 ); 1390 1391 /************************/ 1392 /* Function 0x3c */ 1393 NTSTATUS samr_GetBootKeyInformation( 1394 [in,ref] policy_handle *domain_handle, 1395 [out,ref] uint32 *unknown 1396 ); 1397 1398 /************************/ 1399 /* Function 0x3d */ 1400 NTSTATUS samr_Connect3( 1401 [in,unique,string,charset(UTF16)] uint16 *system_name, 1402 /* this unknown value seems to be completely ignored by w2k3 */ 1403 [in] uint32 unknown, 1404 [in] samr_ConnectAccessMask access_mask, 1405 [out,ref] policy_handle *connect_handle 1406 ); 1407 1408 /************************/ 1409 /* Function 0x3e */ 1410 1411 typedef [v1_enum] enum { 1412 SAMR_CONNECT_PRE_W2K = 1, 1413 SAMR_CONNECT_W2K = 2, 1414 SAMR_CONNECT_AFTER_W2K = 3 1415 } samr_ConnectVersion; 1416 1417 NTSTATUS samr_Connect4( 1418 [in,unique,string,charset(UTF16)] uint16 *system_name, 1419 [in] samr_ConnectVersion client_version, 1420 [in] samr_ConnectAccessMask access_mask, 1421 [out,ref] policy_handle *connect_handle 1422 ); 1423 1424 /************************/ 1425 /* Function 0x3f */ 1426 1427 typedef [public,v1_enum] enum { 1428 SAM_PWD_CHANGE_NO_ERROR = 0, 1429 SAM_PWD_CHANGE_PASSWORD_TOO_SHORT = 1, 1430 SAM_PWD_CHANGE_PWD_IN_HISTORY = 2, 1431 SAM_PWD_CHANGE_USERNAME_IN_PASSWORD = 3, 1432 SAM_PWD_CHANGE_FULLNAME_IN_PASSWORD = 4, 1433 SAM_PWD_CHANGE_NOT_COMPLEX = 5, 1434 SAM_PWD_CHANGE_MACHINE_NOT_DEFAULT = 6, 1435 SAM_PWD_CHANGE_FAILED_BY_FILTER = 7, 1436 SAM_PWD_CHANGE_PASSWORD_TOO_LONG = 8 1437 } samPwdChangeReason; 1438 1439 typedef struct { 1440 samPwdChangeReason extendedFailureReason; 1441 lsa_String filterModuleName; 1442 } userPwdChangeFailureInformation; 1443 1444 [public] NTSTATUS samr_ChangePasswordUser3( 1445 [in,unique] lsa_String *server, 1446 [in,ref] lsa_String *account, 1447 [in,unique] samr_CryptPassword *nt_password, 1448 [in,unique] samr_Password *nt_verifier, 1449 [in] boolean8 lm_change, 1450 [in,unique] samr_CryptPassword *lm_password, 1451 [in,unique] samr_Password *lm_verifier, 1452 [in,unique] samr_CryptPassword *password3, 1453 [out,ref] samr_DomInfo1 **dominfo, 1454 [out,ref] userPwdChangeFailureInformation **reject 1455 ); 1456 1457 /************************/ 1458 /* Function 0x40 */ 1459 1460 typedef struct { 1461 samr_ConnectVersion client_version; /* w2k3 gives 3 */ 1462 uint32 unknown2; /* w2k3 gives 0 */ 1463 } samr_ConnectInfo1; 1464 1465 typedef union { 1466 [case(1)] samr_ConnectInfo1 info1; 1467 } samr_ConnectInfo; 1468 1469 [public] NTSTATUS samr_Connect5( 1470 [in,unique,string,charset(UTF16)] uint16 *system_name, 1471 [in] samr_ConnectAccessMask access_mask, 1472 [in] uint32 level_in, 1473 [in,ref,switch_is(level_in)] samr_ConnectInfo *info_in, 1474 [out,ref] uint32 *level_out, 1475 [out,ref,switch_is(*level_out)] samr_ConnectInfo *info_out, 1476 [out,ref] policy_handle *connect_handle 1477 ); 1478 1479 /************************/ 1480 /* Function 0x41 */ 1481 NTSTATUS samr_RidToSid( 1482 [in,ref] policy_handle *domain_handle, 1483 [in] uint32 rid, 1484 [out,ref] dom_sid2 **sid 1485 ); 1486 1487 /************************/ 1488 /* Function 0x42 */ 1489 1490 /* 1491 this should set the DSRM password for the server, which is used 1492 when booting into Directory Services Recovery Mode on a DC. Win2003 1493 gives me NT_STATUS_NOT_SUPPORTED 1494 */ 1495 1496 NTSTATUS samr_SetDsrmPassword( 1497 [in,unique] lsa_String *name, 1498 [in] uint32 unknown, 1499 [in,unique] samr_Password *hash 1500 ); 1501 1502 1503 /************************/ 1504 /* Function 0x43 */ 1505 /************************/ 1506 typedef [bitmap32bit] bitmap { 1507 SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET = 0x00000001, 1508 SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME = 0x00000002, 1509 SAMR_VALIDATE_FIELD_LOCKOUT_TIME = 0x00000004, 1510 SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT = 0x00000008, 1511 SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH = 0x00000010, 1512 SAMR_VALIDATE_FIELD_PASSWORD_HISTORY = 0x00000020 1513 } samr_ValidateFieldsPresent; 1514 1515 typedef enum { 1516 NetValidateAuthentication = 1, 1517 NetValidatePasswordChange= 2, 1518 NetValidatePasswordReset = 3 1519 } samr_ValidatePasswordLevel; 1520 1521 /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't 1522 * identified the mapping of 1523 * - NERR_PasswordFilterError 1524 * - NERR_PasswordExpired and 1525 * - NERR_PasswordCantChange 1526 * yet - Guenther 1527 */ 1528 1529 typedef enum { 1530 SAMR_VALIDATION_STATUS_SUCCESS = 0, 1531 SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1, 1532 SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2, 1533 SAMR_VALIDATION_STATUS_PASSWORD_EXPIRED = 3, 1534 SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4, 1535 SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5, 1536 SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6, 1537 SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7, 1538 SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8, 1539 SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9, 1540 SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR = 10 1541 } samr_ValidationStatus; 1542 1543 typedef struct { 1544 uint32 length; 1545 [size_is(length)] uint8 *data; 1546 } samr_ValidationBlob; 1547 1548 typedef struct { 1549 samr_ValidateFieldsPresent fields_present; 1550 NTTIME_hyper last_password_change; 1551 NTTIME_hyper bad_password_time; 1552 NTTIME_hyper lockout_time; 1553 uint32 bad_pwd_count; 1554 uint32 pwd_history_len; 1555 [size_is(pwd_history_len)] samr_ValidationBlob *pwd_history; 1556 } samr_ValidatePasswordInfo; 1557 1558 typedef struct { 1559 samr_ValidatePasswordInfo info; 1560 samr_ValidationStatus status; 1561 } samr_ValidatePasswordRepCtr; 1562 1563 typedef [switch_type(uint16)] union { 1564 [case(1)] samr_ValidatePasswordRepCtr ctr1; 1565 [case(2)] samr_ValidatePasswordRepCtr ctr2; 1566 [case(3)] samr_ValidatePasswordRepCtr ctr3; 1567 } samr_ValidatePasswordRep; 1568 1569 typedef struct { 1570 samr_ValidatePasswordInfo info; 1571 lsa_StringLarge password; 1572 lsa_StringLarge account; 1573 samr_ValidationBlob hash; 1574 boolean8 pwd_must_change_at_next_logon; 1575 boolean8 clear_lockout; 1576 } samr_ValidatePasswordReq3; 1577 1578 typedef struct { 1579 samr_ValidatePasswordInfo info; 1580 lsa_StringLarge password; 1581 lsa_StringLarge account; 1582 samr_ValidationBlob hash; 1583 boolean8 password_matched; 1584 } samr_ValidatePasswordReq2; 1585 1586 typedef struct { 1587 samr_ValidatePasswordInfo info; 1588 boolean8 password_matched; 1589 } samr_ValidatePasswordReq1; 1590 1591 typedef [switch_type(uint16)] union { 1592 [case(1)] samr_ValidatePasswordReq1 req1; 1593 [case(2)] samr_ValidatePasswordReq2 req2; 1594 [case(3)] samr_ValidatePasswordReq3 req3; 1595 } samr_ValidatePasswordReq; 1596 1597 NTSTATUS samr_ValidatePassword( 1598 [in] samr_ValidatePasswordLevel level, 1599 [in,switch_is(level)] samr_ValidatePasswordReq *req, 1600 [out,ref,switch_is(level)] samr_ValidatePasswordRep **rep 1601 ); 1602} 1603