1#include "idl_types.h" 2 3/* 4 samr interface definition 5*/ 6/* import "misc.idl", "lsa.idl", "security.idl";*/ 7 8/* 9 Thanks to Todd Sabin for some information from his samr.idl in acltools 10*/ 11 12[ uuid("12345778-1234-abcd-ef00-0123456789ac"), 13 version(1.0), 14 endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"), 15 pointer_default(unique) 16] interface samr 17{ 18 19 typedef [public] struct { 20 uint32 count; 21 [size_is(count)] lsa_String *names; 22 } lsa_Strings; 23 24 25 typedef [v1_enum] enum { 26 SID_NAME_USE_NONE = 0,/* NOTUSED */ 27 SID_NAME_USER = 1, /* user */ 28 SID_NAME_DOM_GRP = 2, /* domain group */ 29 SID_NAME_DOMAIN = 3, /* domain: don't know what this is */ 30 SID_NAME_ALIAS = 4, /* local group */ 31 SID_NAME_WKN_GRP = 5, /* well-known group */ 32 SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating */ 33 SID_NAME_INVALID = 7, /* invalid account */ 34 SID_NAME_UNKNOWN = 8, /* oops. */ 35 SID_NAME_COMPUTER = 9 /* machine */ 36 } lsa_SidType; 37 38 typedef [public,v1_enum] enum { 39 SAMR_REJECT_OTHER = 0, 40 SAMR_REJECT_TOO_SHORT = 1, 41 SAMR_REJECT_IN_HISTORY = 2, 42 SAMR_REJECT_COMPLEXITY = 5 43 } samr_RejectReason; 44 45 46 47 /* account control (acct_flags) bits */ 48 typedef [public,bitmap32bit] bitmap { 49 ACB_DISABLED = 0x00000001, /* 1 = User account disabled */ 50 ACB_HOMDIRREQ = 0x00000002, /* 1 = Home directory required */ 51 ACB_PWNOTREQ = 0x00000004, /* 1 = User password not required */ 52 ACB_TEMPDUP = 0x00000008, /* 1 = Temporary duplicate account */ 53 ACB_NORMAL = 0x00000010, /* 1 = Normal user account */ 54 ACB_MNS = 0x00000020, /* 1 = MNS logon user account */ 55 ACB_DOMTRUST = 0x00000040, /* 1 = Interdomain trust account */ 56 ACB_WSTRUST = 0x00000080, /* 1 = Workstation trust account */ 57 ACB_SVRTRUST = 0x00000100, /* 1 = Server trust account */ 58 ACB_PWNOEXP = 0x00000200, /* 1 = User password does not expire */ 59 ACB_AUTOLOCK = 0x00000400, /* 1 = Account auto locked */ 60 ACB_ENC_TXT_PWD_ALLOWED = 0x00000800, /* 1 = Encryped text password is allowed */ 61 ACB_SMARTCARD_REQUIRED = 0x00001000, /* 1 = Smart Card required */ 62 ACB_TRUSTED_FOR_DELEGATION = 0x00002000, /* 1 = Trusted for Delegation */ 63 ACB_NOT_DELEGATED = 0x00004000, /* 1 = Not delegated */ 64 ACB_USE_DES_KEY_ONLY = 0x00008000, /* 1 = Use DES key only */ 65 ACB_DONT_REQUIRE_PREAUTH = 0x00010000, /* 1 = Preauth not required */ 66 ACB_PW_EXPIRED = 0x00020000, /* 1 = Password Expired */ 67 ACB_TRUST_AUTH_DELEGAT = 0x00040000, /* 1 = Trusted to authenticate for delegation */ 68 ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */ 69 } samr_AcctFlags; 70 71 /* SAM server specific access rights */ 72 73 typedef [bitmap32bit] bitmap { 74 SAMR_ACCESS_CONNECT_TO_SERVER = 0x00000001, 75 SAMR_ACCESS_SHUTDOWN_SERVER = 0x00000002, 76 SAMR_ACCESS_INITIALIZE_SERVER = 0x00000004, 77 SAMR_ACCESS_CREATE_DOMAIN = 0x00000008, 78 SAMR_ACCESS_ENUM_DOMAINS = 0x00000010, 79 SAMR_ACCESS_LOOKUP_DOMAIN = 0x00000020 80 } samr_ConnectAccessMask; 81 82 const int SAMR_ACCESS_ALL_ACCESS = 0x0000003F; 83 84 const int GENERIC_RIGHTS_SAM_ALL_ACCESS = 85 (STANDARD_RIGHTS_REQUIRED_ACCESS | 86 SAMR_ACCESS_ALL_ACCESS); 87 88 const int GENERIC_RIGHTS_SAM_READ = 89 (STANDARD_RIGHTS_READ_ACCESS | 90 SAMR_ACCESS_ENUM_DOMAINS); 91 92 const int GENERIC_RIGHTS_SAM_WRITE = 93 (STANDARD_RIGHTS_WRITE_ACCESS | 94 SAMR_ACCESS_CREATE_DOMAIN | 95 SAMR_ACCESS_INITIALIZE_SERVER | 96 SAMR_ACCESS_SHUTDOWN_SERVER); 97 98 const int GENERIC_RIGHTS_SAM_EXECUTE = 99 (STANDARD_RIGHTS_EXECUTE_ACCESS | 100 SAMR_ACCESS_LOOKUP_DOMAIN | 101 SAMR_ACCESS_CONNECT_TO_SERVER); 102 103 /* User Object specific access rights */ 104 105 typedef [bitmap32bit] bitmap { 106 SAMR_USER_ACCESS_GET_NAME_ETC = 0x00000001, 107 SAMR_USER_ACCESS_GET_LOCALE = 0x00000002, 108 SAMR_USER_ACCESS_SET_LOC_COM = 0x00000004, 109 SAMR_USER_ACCESS_GET_LOGONINFO = 0x00000008, 110 SAMR_USER_ACCESS_GET_ATTRIBUTES = 0x00000010, 111 SAMR_USER_ACCESS_SET_ATTRIBUTES = 0x00000020, 112 SAMR_USER_ACCESS_CHANGE_PASSWORD = 0x00000040, 113 SAMR_USER_ACCESS_SET_PASSWORD = 0x00000080, 114 SAMR_USER_ACCESS_GET_GROUPS = 0x00000100, 115 SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP = 0x00000200, 116 SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400 117 } samr_UserAccessMask; 118 119 typedef [bitmap32bit] bitmap { 120 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001, 121 SAMR_DOMAIN_ACCESS_SET_INFO_1 = 0x00000002, 122 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 = 0x00000004, 123 SAMR_DOMAIN_ACCESS_SET_INFO_2 = 0x00000008, 124 SAMR_DOMAIN_ACCESS_CREATE_USER = 0x00000010, 125 SAMR_DOMAIN_ACCESS_CREATE_GROUP = 0x00000020, 126 SAMR_DOMAIN_ACCESS_CREATE_ALIAS = 0x00000040, 127 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS = 0x00000080, 128 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS = 0x00000100, 129 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT = 0x00000200, 130 SAMR_DOMAIN_ACCESS_SET_INFO_3 = 0x00000400 131 } samr_DomainAccessMask; 132 133 typedef [bitmap32bit] bitmap { 134 SAMR_GROUP_ACCESS_LOOKUP_INFO = 0x00000001, 135 SAMR_GROUP_ACCESS_SET_INFO = 0x00000002, 136 SAMR_GROUP_ACCESS_ADD_MEMBER = 0x00000004, 137 SAMR_GROUP_ACCESS_REMOVE_MEMBER = 0x00000008, 138 SAMR_GROUP_ACCESS_GET_MEMBERS = 0x00000010 139 } samr_GroupAccessMask; 140 /* these bits are invalid and return ACCESS_DENIED */ 141 const int SAMR_GROUP_ACCESS_MASK_INVALID = 0x0000ffe0; 142 /* generic access */ 143 const int SAMR_GROUP_ACCESS_ALL_ACCESS = 0x000f001f; 144 const int SAMR_GROUP_ACCESS_ALL_READ = 0x00020010; 145 const int SAMR_GROUP_ACCESS_ALL_WRITE = 0x0002000e; 146 const int SAMR_GROUP_ACCESS_ALL_EXECUTE = 0x00020001; 147 148 typedef [bitmap32bit] bitmap { 149 SAMR_ALIAS_ACCESS_ADD_MEMBER = 0x00000001, 150 SAMR_ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002, 151 SAMR_ALIAS_ACCESS_GET_MEMBERS = 0x00000004, 152 SAMR_ALIAS_ACCESS_LOOKUP_INFO = 0x00000008, 153 SAMR_ALIAS_ACCESS_SET_INFO = 0x00000010 154 } samr_AliasAccessMask; 155 156 /******************/ 157 /* Function: 0x00 */ 158 NTSTATUS samr_Connect ( 159 /* notice the lack of [string] */ 160 [in,unique] uint16 *system_name, 161 [in] samr_ConnectAccessMask access_mask, 162 [out,ref] policy_handle *connect_handle 163 ); 164 165 166 /******************/ 167 /* Function: 0x01 */ 168 [public] NTSTATUS samr_Close ( 169 [in,out,ref] policy_handle *handle 170 ); 171 172 /******************/ 173 /* Function: 0x02 */ 174 175 NTSTATUS samr_SetSecurity ( 176 [in,ref] policy_handle *handle, 177 [in] security_secinfo sec_info, 178 [in,ref] sec_desc_buf *sdbuf 179 ); 180 181 /******************/ 182 /* Function: 0x03 */ 183 184 NTSTATUS samr_QuerySecurity ( 185 [in,ref] policy_handle *handle, 186 [in] security_secinfo sec_info, 187 [out,ref] sec_desc_buf **sdbuf 188 ); 189 190 /******************/ 191 /* Function: 0x04 */ 192 193 /* 194 shutdown the SAM - once you call this the SAM will be dead 195 */ 196 NTSTATUS samr_Shutdown ( 197 [in,ref] policy_handle *connect_handle 198 ); 199 200 /******************/ 201 /* Function: 0x05 */ 202 NTSTATUS samr_LookupDomain ( 203 [in,ref] policy_handle *connect_handle, 204 [in,ref] lsa_String *domain_name, 205 [out,ref] dom_sid2 **sid 206 ); 207 208 209 /******************/ 210 /* Function: 0x06 */ 211 212 typedef struct { 213 uint32 idx; 214 lsa_String name; 215 } samr_SamEntry; 216 217 typedef struct { 218 uint32 count; 219 [size_is(count)] samr_SamEntry *entries; 220 } samr_SamArray; 221 222 NTSTATUS samr_EnumDomains ( 223 [in,ref] policy_handle *connect_handle, 224 [in,out,ref] uint32 *resume_handle, 225 [out,ref] samr_SamArray **sam, 226 [in] uint32 buf_size, 227 [out,ref] uint32 *num_entries 228 ); 229 230 231 /************************/ 232 /* Function 0x07 */ 233 [public] NTSTATUS samr_OpenDomain( 234 [in,ref] policy_handle *connect_handle, 235 [in] samr_DomainAccessMask access_mask, 236 [in,ref] dom_sid2 *sid, 237 [out,ref] policy_handle *domain_handle 238 ); 239 240 /************************/ 241 /* Function 0x08 */ 242 243 typedef enum { 244 DomainPasswordInformation = 1, 245 DomainGeneralInformation = 2, 246 DomainLogoffInformation = 3, 247 DomainOemInformation = 4, 248 DomainNameInformation = 5, 249 DomainReplicationInformation = 6, 250 DomainServerRoleInformation = 7, 251 DomainModifiedInformation = 8, 252 DomainStateInformation = 9, 253 DomainUasInformation = 10, 254 DomainGeneralInformation2 = 11, 255 DomainLockoutInformation = 12, 256 DomainModifiedInformation2 = 13 257 } samr_DomainInfoClass; 258 259 /* server roles */ 260 typedef [v1_enum] enum { 261 SAMR_ROLE_STANDALONE = 0, 262 SAMR_ROLE_DOMAIN_MEMBER = 1, 263 SAMR_ROLE_DOMAIN_BDC = 2, 264 SAMR_ROLE_DOMAIN_PDC = 3 265 } samr_Role; 266 267 /* password properties flags */ 268 typedef [public,bitmap32bit] bitmap { 269 DOMAIN_PASSWORD_COMPLEX = 0x00000001, 270 DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002, 271 DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004, 272 DOMAIN_PASSWORD_LOCKOUT_ADMINS = 0x00000008, 273 DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010, 274 DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020 275 } samr_PasswordProperties; 276 277 typedef [v1_enum] enum { 278 DOMAIN_SERVER_ENABLED = 1, 279 DOMAIN_SERVER_DISABLED = 2 280 } samr_DomainServerState; 281 282 typedef struct { 283 uint16 min_password_length; 284 uint16 password_history_length; 285 samr_PasswordProperties password_properties; 286 /* yes, these are signed. They are in negative 100ns */ 287 dlong max_password_age; 288 dlong min_password_age; 289 } samr_DomInfo1; 290 291 typedef struct { 292 NTTIME force_logoff_time; 293 lsa_String oem_information; /* comment */ 294 lsa_String domain_name; 295 lsa_String primary; /* PDC name if this is a BDC */ 296 udlong sequence_num; 297 samr_DomainServerState domain_server_state; 298 samr_Role role; 299 uint32 unknown3; 300 uint32 num_users; 301 uint32 num_groups; 302 uint32 num_aliases; 303 } samr_DomGeneralInformation; 304 305 typedef struct { 306 NTTIME force_logoff_time; 307 } samr_DomInfo3; 308 309 typedef struct { 310 lsa_String oem_information; /* comment */ 311 } samr_DomOEMInformation; 312 313 typedef struct { 314 lsa_String domain_name; 315 } samr_DomInfo5; 316 317 typedef struct { 318 lsa_String primary; 319 } samr_DomInfo6; 320 321 typedef struct { 322 samr_Role role; 323 } samr_DomInfo7; 324 325 typedef struct { 326 hyper sequence_num; 327 NTTIME domain_create_time; 328 } samr_DomInfo8; 329 330 typedef struct { 331 samr_DomainServerState domain_server_state; 332 } samr_DomInfo9; 333 334 typedef struct { 335 samr_DomGeneralInformation general; 336 hyper lockout_duration; 337 hyper lockout_window; 338 uint16 lockout_threshold; 339 } samr_DomGeneralInformation2; 340 341 typedef struct { 342 hyper lockout_duration; 343 hyper lockout_window; 344 uint16 lockout_threshold; 345 } samr_DomInfo12; 346 347 typedef struct { 348 hyper sequence_num; 349 NTTIME domain_create_time; 350 hyper modified_count_at_last_promotion; 351 } samr_DomInfo13; 352 353 typedef [switch_type(uint16)] union { 354 [case(1)] samr_DomInfo1 info1; 355 [case(2)] samr_DomGeneralInformation general; 356 [case(3)] samr_DomInfo3 info3; 357 [case(4)] samr_DomOEMInformation oem; 358 [case(5)] samr_DomInfo5 info5; 359 [case(6)] samr_DomInfo6 info6; 360 [case(7)] samr_DomInfo7 info7; 361 [case(8)] samr_DomInfo8 info8; 362 [case(9)] samr_DomInfo9 info9; 363 [case(11)] samr_DomGeneralInformation2 general2; 364 [case(12)] samr_DomInfo12 info12; 365 [case(13)] samr_DomInfo13 info13; 366 } samr_DomainInfo; 367 368 NTSTATUS samr_QueryDomainInfo( 369 [in,ref] policy_handle *domain_handle, 370 [in] samr_DomainInfoClass level, 371 [out,ref,switch_is(level)] samr_DomainInfo **info 372 ); 373 374 /************************/ 375 /* Function 0x09 */ 376 /* 377 only levels 1, 3, 4, 6, 7, 9, 12 are valid for this 378 call in w2k3 379 */ 380 NTSTATUS samr_SetDomainInfo( 381 [in,ref] policy_handle *domain_handle, 382 [in] samr_DomainInfoClass level, 383 [in,switch_is(level),ref] samr_DomainInfo *info 384 ); 385 386 387 /************************/ 388 /* Function 0x0a */ 389 NTSTATUS samr_CreateDomainGroup( 390 [in,ref] policy_handle *domain_handle, 391 [in,ref] lsa_String *name, 392 [in] samr_GroupAccessMask access_mask, 393 [out,ref] policy_handle *group_handle, 394 [out,ref] uint32 *rid 395 ); 396 397 398 /************************/ 399 /* Function 0x0b */ 400 NTSTATUS samr_EnumDomainGroups( 401 [in] policy_handle *domain_handle, 402 [in,out,ref] uint32 *resume_handle, 403 [out,ref] samr_SamArray **sam, 404 [in] uint32 max_size, 405 [out,ref] uint32 *num_entries 406 ); 407 408 /************************/ 409 /* Function 0x0c */ 410 NTSTATUS samr_CreateUser( 411 [in,ref] policy_handle *domain_handle, 412 [in,ref] lsa_String *account_name, 413 [in] samr_UserAccessMask access_mask, 414 [out,ref] policy_handle *user_handle, 415 [out,ref] uint32 *rid 416 ); 417 418 /************************/ 419 /* Function 0x0d */ 420 421 422 /* w2k3 treats max_size as max_users*54 and sets the 423 resume_handle as the rid of the last user sent 424 */ 425 const int SAMR_ENUM_USERS_MULTIPLIER = 54; 426 427 NTSTATUS samr_EnumDomainUsers( 428 [in] policy_handle *domain_handle, 429 [in,out,ref] uint32 *resume_handle, 430 [in] samr_AcctFlags acct_flags, 431 [out,ref] samr_SamArray **sam, 432 [in] uint32 max_size, 433 [out,ref] uint32 *num_entries 434 ); 435 436 /************************/ 437 /* Function 0x0e */ 438 NTSTATUS samr_CreateDomAlias( 439 [in,ref] policy_handle *domain_handle, 440 [in,ref] lsa_String *alias_name, 441 [in] samr_AliasAccessMask access_mask, 442 [out,ref] policy_handle *alias_handle, 443 [out,ref] uint32 *rid 444 ); 445 446 /************************/ 447 /* Function 0x0f */ 448 NTSTATUS samr_EnumDomainAliases( 449 [in] policy_handle *domain_handle, 450 [in,out,ref] uint32 *resume_handle, 451 [out,ref] samr_SamArray **sam, 452 [in] uint32 max_size, 453 [out,ref] uint32 *num_entries 454 ); 455 456 /************************/ 457 /* Function 0x10 */ 458 459 typedef struct { 460 [range(0,1024)] uint32 count; 461 [size_is(count)] uint32 *ids; 462 } samr_Ids; 463 464 NTSTATUS samr_GetAliasMembership( 465 [in,ref] policy_handle *domain_handle, 466 [in,ref] lsa_SidArray *sids, 467 [out,ref] samr_Ids *rids 468 ); 469 470 /************************/ 471 /* Function 0x11 */ 472 473 [public] NTSTATUS samr_LookupNames( 474 [in,ref] policy_handle *domain_handle, 475 [in,range(0,1000)] uint32 num_names, 476 [in,size_is(1000),length_is(num_names),ref] lsa_String *names, 477 [out,ref] samr_Ids *rids, 478 [out,ref] samr_Ids *types 479 ); 480 481 482 /************************/ 483 /* Function 0x12 */ 484 NTSTATUS samr_LookupRids( 485 [in,ref] policy_handle *domain_handle, 486 [in,range(0,1000)] uint32 num_rids, 487 [in,size_is(1000),length_is(num_rids)] uint32 rids[], 488 [out,ref] lsa_Strings *names, 489 [out,ref] samr_Ids *types 490 ); 491 492 /************************/ 493 /* Function 0x13 */ 494 NTSTATUS samr_OpenGroup( 495 [in,ref] policy_handle *domain_handle, 496 [in] samr_GroupAccessMask access_mask, 497 [in] uint32 rid, 498 [out,ref] policy_handle *group_handle 499 ); 500 501 /* Group attributes */ 502 typedef [public,bitmap32bit] bitmap { 503 SE_GROUP_MANDATORY = 0x00000001, 504 SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002, 505 SE_GROUP_ENABLED = 0x00000004, 506 SE_GROUP_OWNER = 0x00000008, 507 SE_GROUP_USE_FOR_DENY_ONLY = 0x00000010, 508 SE_GROUP_RESOURCE = 0x20000000, 509 SE_GROUP_LOGON_ID = 0xC0000000 510 } samr_GroupAttrs; 511 512 /************************/ 513 /* Function 0x14 */ 514 515 typedef struct { 516 lsa_String name; 517 samr_GroupAttrs attributes; 518 uint32 num_members; 519 lsa_String description; 520 } samr_GroupInfoAll; 521 522 typedef struct { 523 samr_GroupAttrs attributes; 524 } samr_GroupInfoAttributes; 525 526 typedef struct { 527 lsa_String description; 528 } samr_GroupInfoDescription; 529 530 typedef enum { 531 GROUPINFOALL = 1, 532 GROUPINFONAME = 2, 533 GROUPINFOATTRIBUTES = 3, 534 GROUPINFODESCRIPTION = 4, 535 GROUPINFOALL2 = 5 536 } samr_GroupInfoEnum; 537 538 typedef [switch_type(samr_GroupInfoEnum)] union { 539 [case(GROUPINFOALL)] samr_GroupInfoAll all; 540 [case(GROUPINFONAME)] lsa_String name; 541 [case(GROUPINFOATTRIBUTES)] samr_GroupInfoAttributes attributes; 542 [case(GROUPINFODESCRIPTION)] lsa_String description; 543 [case(GROUPINFOALL2)] samr_GroupInfoAll all2; 544 } samr_GroupInfo; 545 546 NTSTATUS samr_QueryGroupInfo( 547 [in,ref] policy_handle *group_handle, 548 [in] samr_GroupInfoEnum level, 549 [out,ref,switch_is(level)] samr_GroupInfo **info 550 ); 551 552 /************************/ 553 /* Function 0x15 */ 554 NTSTATUS samr_SetGroupInfo( 555 [in,ref] policy_handle *group_handle, 556 [in] samr_GroupInfoEnum level, 557 [in,switch_is(level),ref] samr_GroupInfo *info 558 ); 559 560 /************************/ 561 /* Function 0x16 */ 562 NTSTATUS samr_AddGroupMember( 563 [in,ref] policy_handle *group_handle, 564 [in] uint32 rid, 565 [in] uint32 flags 566 ); 567 568 /************************/ 569 /* Function 0x17 */ 570 NTSTATUS samr_DeleteDomainGroup( 571 [in,out,ref] policy_handle *group_handle 572 ); 573 574 /************************/ 575 /* Function 0x18 */ 576 NTSTATUS samr_DeleteGroupMember( 577 [in,ref] policy_handle *group_handle, 578 [in] uint32 rid 579 ); 580 581 582 /************************/ 583 /* Function 0x19 */ 584 typedef struct { 585 uint32 count; 586 [size_is(count)] uint32 *rids; 587 [size_is(count)] uint32 *types; 588 } samr_RidTypeArray; 589 590 NTSTATUS samr_QueryGroupMember( 591 [in,ref] policy_handle *group_handle, 592 [out,ref] samr_RidTypeArray **rids 593 ); 594 595 596 /************************/ 597 /* Function 0x1a */ 598 599 /* 600 win2003 seems to accept any data at all for the two integers 601 below, and doesn't seem to do anything with them that I can 602 see. Weird. I really expected the first integer to be a rid 603 and the second to be the attributes for that rid member. 604 */ 605 NTSTATUS samr_SetMemberAttributesOfGroup( 606 [in,ref] policy_handle *group_handle, 607 [in] uint32 unknown1, 608 [in] uint32 unknown2 609 ); 610 611 612 /************************/ 613 /* Function 0x1b */ 614 NTSTATUS samr_OpenAlias ( 615 [in,ref] policy_handle *domain_handle, 616 [in] samr_AliasAccessMask access_mask, 617 [in] uint32 rid, 618 [out,ref] policy_handle *alias_handle 619 ); 620 621 622 /************************/ 623 /* Function 0x1c */ 624 625 typedef struct { 626 lsa_String name; 627 uint32 num_members; 628 lsa_String description; 629 } samr_AliasInfoAll; 630 631 typedef enum { 632 ALIASINFOALL = 1, 633 ALIASINFONAME = 2, 634 ALIASINFODESCRIPTION = 3 635 } samr_AliasInfoEnum; 636 637 typedef [switch_type(samr_AliasInfoEnum)] union { 638 [case(ALIASINFOALL)] samr_AliasInfoAll all; 639 [case(ALIASINFONAME)] lsa_String name; 640 [case(ALIASINFODESCRIPTION)] lsa_String description; 641 } samr_AliasInfo; 642 643 NTSTATUS samr_QueryAliasInfo( 644 [in,ref] policy_handle *alias_handle, 645 [in] samr_AliasInfoEnum level, 646 [out,ref,switch_is(level)] samr_AliasInfo **info 647 ); 648 649 /************************/ 650 /* Function 0x1d */ 651 NTSTATUS samr_SetAliasInfo( 652 [in,ref] policy_handle *alias_handle, 653 [in] samr_AliasInfoEnum level, 654 [in,switch_is(level),ref] samr_AliasInfo *info 655 ); 656 657 /************************/ 658 /* Function 0x1e */ 659 NTSTATUS samr_DeleteDomAlias( 660 [in,out,ref] policy_handle *alias_handle 661 ); 662 663 /************************/ 664 /* Function 0x1f */ 665 NTSTATUS samr_AddAliasMember( 666 [in,ref] policy_handle *alias_handle, 667 [in,ref] dom_sid2 *sid 668 ); 669 670 /************************/ 671 /* Function 0x20 */ 672 NTSTATUS samr_DeleteAliasMember( 673 [in,ref] policy_handle *alias_handle, 674 [in,ref] dom_sid2 *sid 675 ); 676 677 /************************/ 678 /* Function 0x21 */ 679 NTSTATUS samr_GetMembersInAlias( 680 [in,ref] policy_handle *alias_handle, 681 [out,ref] lsa_SidArray *sids 682 ); 683 684 /************************/ 685 /* Function 0x22 */ 686 [public] NTSTATUS samr_OpenUser( 687 [in,ref] policy_handle *domain_handle, 688 [in] samr_UserAccessMask access_mask, 689 [in] uint32 rid, 690 [out,ref] policy_handle *user_handle 691 ); 692 693 /************************/ 694 /* Function 0x23 */ 695 NTSTATUS samr_DeleteUser( 696 [in,out,ref] policy_handle *user_handle 697 ); 698 699 /************************/ 700 /* Function 0x24 */ 701 702 typedef enum { 703 UserGeneralInformation = 1, 704 UserPreferencesInformation = 2, 705 UserLogonInformation = 3, 706 UserLogonHoursInformation = 4, 707 UserAccountInformation = 5, 708 UserNameInformation = 6, 709 UserAccountNameInformation = 7, 710 UserFullNameInformation = 8, 711 UserPrimaryGroupInformation = 9, 712 UserHomeInformation = 10, 713 UserScriptInformation = 11, 714 UserProfileInformation = 12, 715 UserAdminCommentInformation = 13, 716 UserWorkStationsInformation = 14, 717 UserControlInformation = 16, 718 UserExpiresInformation = 17, 719 UserInternal1Information = 18, 720 UserParametersInformation = 20, 721 UserAllInformation = 21, 722 UserInternal4Information = 23, 723 UserInternal5Information = 24, 724 UserInternal4InformationNew = 25, 725 UserInternal5InformationNew = 26 726 } samr_UserInfoLevel; 727 728 typedef struct { 729 lsa_String account_name; 730 lsa_String full_name; 731 uint32 primary_gid; 732 lsa_String description; 733 lsa_String comment; 734 } samr_UserInfo1; 735 736 typedef struct { 737 lsa_String comment; 738 lsa_String unknown; /* settable, but doesn't stick. probably obsolete */ 739 uint16 country_code; 740 uint16 code_page; 741 } samr_UserInfo2; 742 743 /* this is also used in samr and netlogon */ 744 typedef [public, flag(NDR_PAHEX)] struct { 745 uint16 units_per_week; 746 [size_is(1260), length_is(units_per_week/8)] uint8 *bits; 747 } samr_LogonHours; 748 749 typedef struct { 750 lsa_String account_name; 751 lsa_String full_name; 752 uint32 rid; 753 uint32 primary_gid; 754 lsa_String home_directory; 755 lsa_String home_drive; 756 lsa_String logon_script; 757 lsa_String profile_path; 758 lsa_String workstations; 759 NTTIME last_logon; 760 NTTIME last_logoff; 761 NTTIME last_password_change; 762 NTTIME allow_password_change; 763 NTTIME force_password_change; 764 samr_LogonHours logon_hours; 765 uint16 bad_password_count; 766 uint16 logon_count; 767 samr_AcctFlags acct_flags; 768 } samr_UserInfo3; 769 770 typedef struct { 771 samr_LogonHours logon_hours; 772 } samr_UserInfo4; 773 774 typedef struct { 775 lsa_String account_name; 776 lsa_String full_name; 777 uint32 rid; 778 uint32 primary_gid; 779 lsa_String home_directory; 780 lsa_String home_drive; 781 lsa_String logon_script; 782 lsa_String profile_path; 783 lsa_String description; 784 lsa_String workstations; 785 NTTIME last_logon; 786 NTTIME last_logoff; 787 samr_LogonHours logon_hours; 788 uint16 bad_password_count; 789 uint16 logon_count; 790 NTTIME last_password_change; 791 NTTIME acct_expiry; 792 samr_AcctFlags acct_flags; 793 } samr_UserInfo5; 794 795 typedef struct { 796 lsa_String account_name; 797 lsa_String full_name; 798 } samr_UserInfo6; 799 800 typedef struct { 801 lsa_String account_name; 802 } samr_UserInfo7; 803 804 typedef struct { 805 lsa_String full_name; 806 } samr_UserInfo8; 807 808 typedef struct { 809 uint32 primary_gid; 810 } samr_UserInfo9; 811 812 typedef struct { 813 lsa_String home_directory; 814 lsa_String home_drive; 815 } samr_UserInfo10; 816 817 typedef struct { 818 lsa_String logon_script; 819 } samr_UserInfo11; 820 821 typedef struct { 822 lsa_String profile_path; 823 } samr_UserInfo12; 824 825 typedef struct { 826 lsa_String description; 827 } samr_UserInfo13; 828 829 typedef struct { 830 lsa_String workstations; 831 } samr_UserInfo14; 832 833 typedef struct { 834 samr_AcctFlags acct_flags; 835 } samr_UserInfo16; 836 837 typedef struct { 838 NTTIME acct_expiry; 839 } samr_UserInfo17; 840 841 typedef [public, flag(NDR_PAHEX)] struct { 842 uint8 hash[16]; 843 } samr_Password; 844 845 typedef struct { 846 samr_Password nt_pwd; 847 samr_Password lm_pwd; 848 boolean8 nt_pwd_active; 849 boolean8 lm_pwd_active; 850 uint8 password_expired; 851 } samr_UserInfo18; 852 853 typedef struct { 854 lsa_String parameters; 855 } samr_UserInfo20; 856 857 /* this defines the bits used for fields_present in info21 */ 858 typedef [bitmap32bit] bitmap { 859 SAMR_FIELD_ACCOUNT_NAME = 0x00000001, 860 SAMR_FIELD_FULL_NAME = 0x00000002, 861 SAMR_FIELD_RID = 0x00000004, 862 SAMR_FIELD_PRIMARY_GID = 0x00000008, 863 SAMR_FIELD_DESCRIPTION = 0x00000010, 864 SAMR_FIELD_COMMENT = 0x00000020, 865 SAMR_FIELD_HOME_DIRECTORY = 0x00000040, 866 SAMR_FIELD_HOME_DRIVE = 0x00000080, 867 SAMR_FIELD_LOGON_SCRIPT = 0x00000100, 868 SAMR_FIELD_PROFILE_PATH = 0x00000200, 869 SAMR_FIELD_WORKSTATIONS = 0x00000400, 870 SAMR_FIELD_LAST_LOGON = 0x00000800, 871 SAMR_FIELD_LAST_LOGOFF = 0x00001000, 872 SAMR_FIELD_LOGON_HOURS = 0x00002000, 873 SAMR_FIELD_BAD_PWD_COUNT = 0x00004000, 874 SAMR_FIELD_NUM_LOGONS = 0x00008000, 875 SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000, 876 SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000, 877 SAMR_FIELD_LAST_PWD_CHANGE = 0x00040000, 878 SAMR_FIELD_ACCT_EXPIRY = 0x00080000, 879 SAMR_FIELD_ACCT_FLAGS = 0x00100000, 880 SAMR_FIELD_PARAMETERS = 0x00200000, 881 SAMR_FIELD_COUNTRY_CODE = 0x00400000, 882 SAMR_FIELD_CODE_PAGE = 0x00800000, 883 SAMR_FIELD_NT_PASSWORD_PRESENT = 0x01000000, /* either of these */ 884 SAMR_FIELD_LM_PASSWORD_PRESENT = 0x02000000, /* two bits seems to work */ 885 SAMR_FIELD_PRIVATE_DATA = 0x04000000, 886 SAMR_FIELD_EXPIRED_FLAG = 0x08000000, 887 SAMR_FIELD_SEC_DESC = 0x10000000, 888 SAMR_FIELD_OWF_PWD = 0x20000000 889 } samr_FieldsPresent; 890 891 /* used for 'password_expired' in samr_UserInfo21 */ 892 const int PASS_MUST_CHANGE_AT_NEXT_LOGON = 0x01; 893 const int PASS_DONT_CHANGE_AT_NEXT_LOGON = 0x00; 894 895 typedef struct { 896 NTTIME last_logon; 897 NTTIME last_logoff; 898 NTTIME last_password_change; 899 NTTIME acct_expiry; 900 NTTIME allow_password_change; 901 NTTIME force_password_change; 902 lsa_String account_name; 903 lsa_String full_name; 904 lsa_String home_directory; 905 lsa_String home_drive; 906 lsa_String logon_script; 907 lsa_String profile_path; 908 lsa_String description; 909 lsa_String workstations; 910 lsa_String comment; 911 lsa_String parameters; 912 lsa_String lm_password; 913 lsa_String nt_password; 914 lsa_String private; 915 uint32 buf_count; 916 [size_is(buf_count)] uint8 *buffer; 917 uint32 rid; 918 uint32 primary_gid; 919 samr_AcctFlags acct_flags; 920 samr_FieldsPresent fields_present; 921 samr_LogonHours logon_hours; 922 uint16 bad_password_count; 923 uint16 logon_count; 924 uint16 country_code; 925 uint16 code_page; 926 uint8 lm_password_set; 927 uint8 nt_password_set; 928 uint8 password_expired; 929 uint8 unknown4; 930 } samr_UserInfo21; 931 932 typedef [public, flag(NDR_PAHEX)] struct { 933 uint8 data[516]; 934 } samr_CryptPassword; 935 936 typedef struct { 937 samr_UserInfo21 info; 938 samr_CryptPassword password; 939 } samr_UserInfo23; 940 941 typedef struct { 942 samr_CryptPassword password; 943 uint8 password_expired; 944 } samr_UserInfo24; 945 946 typedef [flag(NDR_PAHEX)] struct { 947 uint8 data[532]; 948 } samr_CryptPasswordEx; 949 950 typedef struct { 951 samr_UserInfo21 info; 952 samr_CryptPasswordEx password; 953 } samr_UserInfo25; 954 955 typedef struct { 956 samr_CryptPasswordEx password; 957 uint8 password_expired; 958 } samr_UserInfo26; 959 960 typedef [switch_type(uint16)] union { 961 [case(1)] samr_UserInfo1 info1; 962 [case(2)] samr_UserInfo2 info2; 963 [case(3)] samr_UserInfo3 info3; 964 [case(4)] samr_UserInfo4 info4; 965 [case(5)] samr_UserInfo5 info5; 966 [case(6)] samr_UserInfo6 info6; 967 [case(7)] samr_UserInfo7 info7; 968 [case(8)] samr_UserInfo8 info8; 969 [case(9)] samr_UserInfo9 info9; 970 [case(10)] samr_UserInfo10 info10; 971 [case(11)] samr_UserInfo11 info11; 972 [case(12)] samr_UserInfo12 info12; 973 [case(13)] samr_UserInfo13 info13; 974 [case(14)] samr_UserInfo14 info14; 975 [case(16)] samr_UserInfo16 info16; 976 [case(17)] samr_UserInfo17 info17; 977 [case(18)] samr_UserInfo18 info18; 978 [case(20)] samr_UserInfo20 info20; 979 [case(21)] samr_UserInfo21 info21; 980 [case(23)] samr_UserInfo23 info23; 981 [case(24)] samr_UserInfo24 info24; 982 [case(25)] samr_UserInfo25 info25; 983 [case(26)] samr_UserInfo26 info26; 984 } samr_UserInfo; 985 986 [public] NTSTATUS samr_QueryUserInfo( 987 [in,ref] policy_handle *user_handle, 988 [in] samr_UserInfoLevel level, 989 [out,ref,switch_is(level)] samr_UserInfo **info 990 ); 991 992 993 /************************/ 994 /* Function 0x25 */ 995 [public] NTSTATUS samr_SetUserInfo( 996 [in,ref] policy_handle *user_handle, 997 [in] samr_UserInfoLevel level, 998 [in,ref,switch_is(level)] samr_UserInfo *info 999 ); 1000 1001 /************************/ 1002 /* Function 0x26 */ 1003 /* 1004 this is a password change interface that doesn't give 1005 the server the plaintext password. Depricated. 1006 */ 1007 NTSTATUS samr_ChangePasswordUser( 1008 [in,ref] policy_handle *user_handle, 1009 [in] boolean8 lm_present, 1010 [in,unique] samr_Password *old_lm_crypted, 1011 [in,unique] samr_Password *new_lm_crypted, 1012 [in] boolean8 nt_present, 1013 [in,unique] samr_Password *old_nt_crypted, 1014 [in,unique] samr_Password *new_nt_crypted, 1015 [in] boolean8 cross1_present, 1016 [in,unique] samr_Password *nt_cross, 1017 [in] boolean8 cross2_present, 1018 [in,unique] samr_Password *lm_cross 1019 ); 1020 1021 /************************/ 1022 /* Function 0x27 */ 1023 1024 typedef [public] struct { 1025 uint32 rid; 1026 samr_GroupAttrs attributes; 1027 } samr_RidWithAttribute; 1028 1029 typedef [public] struct { 1030 uint32 count; 1031 [size_is(count)] samr_RidWithAttribute *rids; 1032 } samr_RidWithAttributeArray; 1033 1034 NTSTATUS samr_GetGroupsForUser( 1035 [in,ref] policy_handle *user_handle, 1036 [out,ref] samr_RidWithAttributeArray **rids 1037 ); 1038 1039 /************************/ 1040 /* Function 0x28 */ 1041 1042 typedef struct { 1043 uint32 idx; 1044 uint32 rid; 1045 samr_AcctFlags acct_flags; 1046 lsa_String account_name; 1047 lsa_String description; 1048 lsa_String full_name; 1049 } samr_DispEntryGeneral; 1050 1051 typedef struct { 1052 uint32 count; 1053 [size_is(count)] samr_DispEntryGeneral *entries; 1054 } samr_DispInfoGeneral; 1055 1056 typedef struct { 1057 uint32 idx; 1058 uint32 rid; 1059 samr_AcctFlags acct_flags; 1060 lsa_String account_name; 1061 lsa_String description; 1062 } samr_DispEntryFull; 1063 1064 typedef struct { 1065 uint32 count; 1066 [size_is(count)] samr_DispEntryFull *entries; 1067 } samr_DispInfoFull; 1068 1069 typedef struct { 1070 uint32 idx; 1071 uint32 rid; 1072 samr_GroupAttrs acct_flags; 1073 lsa_String account_name; 1074 lsa_String description; 1075 } samr_DispEntryFullGroup; 1076 1077 typedef struct { 1078 uint32 count; 1079 [size_is(count)] samr_DispEntryFullGroup *entries; 1080 } samr_DispInfoFullGroups; 1081 1082 typedef struct { 1083 uint32 idx; 1084 lsa_AsciiStringLarge account_name; 1085 } samr_DispEntryAscii; 1086 1087 typedef struct { 1088 uint32 count; 1089 [size_is(count)] samr_DispEntryAscii *entries; 1090 } samr_DispInfoAscii; 1091 1092 typedef enum { 1093 SAMR_DOMAIN_DISPLAY_USER = 1, 1094 SAMR_DOMAIN_DISPLAY_MACHINE = 2, 1095 SAMR_DOMAIN_DISPLAY_GROUP = 3, 1096 SAMR_DOMAIN_DISPLAY_OEM_USER = 4, 1097 SAMR_DOMAIN_DISPLAY_OEM_GROUP = 5 1098 } samr_DomainDisplayInformation; 1099 1100 typedef [switch_type(uint16)] union { 1101 [case(SAMR_DOMAIN_DISPLAY_USER)] samr_DispInfoGeneral info1;/* users */ 1102 [case(SAMR_DOMAIN_DISPLAY_MACHINE)] samr_DispInfoFull info2; /* trust accounts? */ 1103 [case(SAMR_DOMAIN_DISPLAY_GROUP)] samr_DispInfoFullGroups info3; /* groups */ 1104 [case(SAMR_DOMAIN_DISPLAY_OEM_USER)] samr_DispInfoAscii info4; /* users */ 1105 [case(SAMR_DOMAIN_DISPLAY_OEM_GROUP)] samr_DispInfoAscii info5; /* groups */ 1106 } samr_DispInfo; 1107 1108 NTSTATUS samr_QueryDisplayInfo( 1109 [in,ref] policy_handle *domain_handle, 1110 [in] samr_DomainDisplayInformation level, 1111 [in] uint32 start_idx, 1112 [in] uint32 max_entries, 1113 [in] uint32 buf_size, 1114 [out,ref] uint32 *total_size, 1115 [out,ref] uint32 *returned_size, 1116 [out,ref,switch_is(level)] samr_DispInfo *info 1117 ); 1118 1119 1120 /************************/ 1121 /* Function 0x29 */ 1122 1123 /* 1124 this seems to be an alphabetic search function. The returned index 1125 is the index for samr_QueryDisplayInfo needed to get names occurring 1126 after the specified name. The supplied name does not need to exist 1127 in the database (for example you can supply just a first letter for 1128 searching starting at that letter) 1129 1130 The level corresponds to the samr_QueryDisplayInfo level 1131 */ 1132 NTSTATUS samr_GetDisplayEnumerationIndex( 1133 [in,ref] policy_handle *domain_handle, 1134 [in] uint16 level, 1135 [in,ref] lsa_String *name, 1136 [out,ref] uint32 *idx 1137 ); 1138 1139 1140 1141 /************************/ 1142 /* Function 0x2a */ 1143 1144 /* 1145 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this 1146 */ 1147 NTSTATUS samr_TestPrivateFunctionsDomain( 1148 [in,ref] policy_handle *domain_handle 1149 ); 1150 1151 1152 /************************/ 1153 /* Function 0x2b */ 1154 1155 /* 1156 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this 1157 */ 1158 NTSTATUS samr_TestPrivateFunctionsUser( 1159 [in,ref] policy_handle *user_handle 1160 ); 1161 1162 1163 /************************/ 1164 /* Function 0x2c */ 1165 1166 typedef struct { 1167 uint16 min_password_length; 1168 samr_PasswordProperties password_properties; 1169 } samr_PwInfo; 1170 1171 [public] NTSTATUS samr_GetUserPwInfo( 1172 [in,ref] policy_handle *user_handle, 1173 [out,ref] samr_PwInfo *info 1174 ); 1175 1176 /************************/ 1177 /* Function 0x2d */ 1178 NTSTATUS samr_RemoveMemberFromForeignDomain( 1179 [in,ref] policy_handle *domain_handle, 1180 [in,ref] dom_sid2 *sid 1181 ); 1182 1183 /************************/ 1184 /* Function 0x2e */ 1185 1186 /* 1187 how is this different from QueryDomainInfo ?? 1188 */ 1189 NTSTATUS samr_QueryDomainInfo2( 1190 [in,ref] policy_handle *domain_handle, 1191 [in] samr_DomainInfoClass level, 1192 [out,ref,switch_is(level)] samr_DomainInfo **info 1193 ); 1194 1195 /************************/ 1196 /* Function 0x2f */ 1197 1198 /* 1199 how is this different from QueryUserInfo ?? 1200 */ 1201 NTSTATUS samr_QueryUserInfo2( 1202 [in,ref] policy_handle *user_handle, 1203 [in] samr_UserInfoLevel level, 1204 [out,ref,switch_is(level)] samr_UserInfo **info 1205 ); 1206 1207 /************************/ 1208 /* Function 0x30 */ 1209 1210 /* 1211 how is this different from QueryDisplayInfo?? 1212 */ 1213 NTSTATUS samr_QueryDisplayInfo2( 1214 [in,ref] policy_handle *domain_handle, 1215 [in] samr_DomainDisplayInformation level, 1216 [in] uint32 start_idx, 1217 [in] uint32 max_entries, 1218 [in] uint32 buf_size, 1219 [out,ref] uint32 *total_size, 1220 [out,ref] uint32 *returned_size, 1221 [out,ref,switch_is(level)] samr_DispInfo *info 1222 ); 1223 1224 /************************/ 1225 /* Function 0x31 */ 1226 1227 /* 1228 how is this different from GetDisplayEnumerationIndex ?? 1229 */ 1230 NTSTATUS samr_GetDisplayEnumerationIndex2( 1231 [in,ref] policy_handle *domain_handle, 1232 [in] samr_DomainDisplayInformation level, 1233 [in,ref] lsa_String *name, 1234 [out,ref] uint32 *idx 1235 ); 1236 1237 1238 /************************/ 1239 /* Function 0x32 */ 1240 NTSTATUS samr_CreateUser2( 1241 [in,ref] policy_handle *domain_handle, 1242 [in,ref] lsa_String *account_name, 1243 [in] samr_AcctFlags acct_flags, 1244 [in] samr_UserAccessMask access_mask, 1245 [out,ref] policy_handle *user_handle, 1246 [out,ref] uint32 *access_granted, 1247 [out,ref] uint32 *rid 1248 ); 1249 1250 1251 /************************/ 1252 /* Function 0x33 */ 1253 1254 /* 1255 another duplicate. There must be a reason .... 1256 */ 1257 NTSTATUS samr_QueryDisplayInfo3( 1258 [in,ref] policy_handle *domain_handle, 1259 [in] samr_DomainDisplayInformation level, 1260 [in] uint32 start_idx, 1261 [in] uint32 max_entries, 1262 [in] uint32 buf_size, 1263 [out,ref] uint32 *total_size, 1264 [out,ref] uint32 *returned_size, 1265 [out,ref,switch_is(level)] samr_DispInfo *info 1266 ); 1267 1268 /************************/ 1269 /* Function 0x34 */ 1270 NTSTATUS samr_AddMultipleMembersToAlias( 1271 [in,ref] policy_handle *alias_handle, 1272 [in,ref] lsa_SidArray *sids 1273 ); 1274 1275 /************************/ 1276 /* Function 0x35 */ 1277 NTSTATUS samr_RemoveMultipleMembersFromAlias( 1278 [in,ref] policy_handle *alias_handle, 1279 [in,ref] lsa_SidArray *sids 1280 ); 1281 1282 /************************/ 1283 /* Function 0x36 */ 1284 1285 NTSTATUS samr_OemChangePasswordUser2( 1286 [in,unique] lsa_AsciiString *server, 1287 [in,ref] lsa_AsciiString *account, 1288 [in,unique] samr_CryptPassword *password, 1289 [in,unique] samr_Password *hash 1290 ); 1291 1292 /************************/ 1293 /* Function 0x37 */ 1294 NTSTATUS samr_ChangePasswordUser2( 1295 [in,unique] lsa_String *server, 1296 [in,ref] lsa_String *account, 1297 [in,unique] samr_CryptPassword *nt_password, 1298 [in,unique] samr_Password *nt_verifier, 1299 [in] boolean8 lm_change, 1300 [in,unique] samr_CryptPassword *lm_password, 1301 [in,unique] samr_Password *lm_verifier 1302 ); 1303 1304 /************************/ 1305 /* Function 0x38 */ 1306 NTSTATUS samr_GetDomPwInfo( 1307 [in,unique] lsa_String *domain_name, 1308 [out,ref] samr_PwInfo *info 1309 ); 1310 1311 /************************/ 1312 /* Function 0x39 */ 1313 NTSTATUS samr_Connect2( 1314 [in,unique,string,charset(UTF16)] uint16 *system_name, 1315 [in] samr_ConnectAccessMask access_mask, 1316 [out,ref] policy_handle *connect_handle 1317 ); 1318 1319 /************************/ 1320 /* Function 0x3a */ 1321 /* 1322 seems to be an exact alias for samr_SetUserInfo() 1323 */ 1324 [public] NTSTATUS samr_SetUserInfo2( 1325 [in,ref] policy_handle *user_handle, 1326 [in] samr_UserInfoLevel level, 1327 [in,ref,switch_is(level)] samr_UserInfo *info 1328 ); 1329 1330 /************************/ 1331 /* Function 0x3b */ 1332 /* 1333 this one is mysterious. I have a few guesses, but nothing working yet 1334 */ 1335 NTSTATUS samr_SetBootKeyInformation( 1336 [in,ref] policy_handle *connect_handle, 1337 [in] uint32 unknown1, 1338 [in] uint32 unknown2, 1339 [in] uint32 unknown3 1340 ); 1341 1342 /************************/ 1343 /* Function 0x3c */ 1344 NTSTATUS samr_GetBootKeyInformation( 1345 [in,ref] policy_handle *domain_handle, 1346 [out,ref] uint32 *unknown 1347 ); 1348 1349 /************************/ 1350 /* Function 0x3d */ 1351 NTSTATUS samr_Connect3( 1352 [in,unique,string,charset(UTF16)] uint16 *system_name, 1353 /* this unknown value seems to be completely ignored by w2k3 */ 1354 [in] uint32 unknown, 1355 [in] samr_ConnectAccessMask access_mask, 1356 [out,ref] policy_handle *connect_handle 1357 ); 1358 1359 /************************/ 1360 /* Function 0x3e */ 1361 1362 typedef [v1_enum] enum { 1363 SAMR_CONNECT_PRE_W2K = 1, 1364 SAMR_CONNECT_W2K = 2, 1365 SAMR_CONNECT_AFTER_W2K = 3 1366 } samr_ConnectVersion; 1367 1368 NTSTATUS samr_Connect4( 1369 [in,unique,string,charset(UTF16)] uint16 *system_name, 1370 [in] samr_ConnectVersion client_version, 1371 [in] samr_ConnectAccessMask access_mask, 1372 [out,ref] policy_handle *connect_handle 1373 ); 1374 1375 /************************/ 1376 /* Function 0x3f */ 1377 1378 typedef struct { 1379 samr_RejectReason reason; 1380 uint32 unknown1; 1381 uint32 unknown2; 1382 } samr_ChangeReject; 1383 1384 NTSTATUS samr_ChangePasswordUser3( 1385 [in,unique] lsa_String *server, 1386 [in,ref] lsa_String *account, 1387 [in,unique] samr_CryptPassword *nt_password, 1388 [in,unique] samr_Password *nt_verifier, 1389 [in] boolean8 lm_change, 1390 [in,unique] samr_CryptPassword *lm_password, 1391 [in,unique] samr_Password *lm_verifier, 1392 [in,unique] samr_CryptPassword *password3, 1393 [out,ref] samr_DomInfo1 **dominfo, 1394 [out,ref] samr_ChangeReject **reject 1395 ); 1396 1397 /************************/ 1398 /* Function 0x40 */ 1399 1400 typedef struct { 1401 samr_ConnectVersion client_version; /* w2k3 gives 3 */ 1402 uint32 unknown2; /* w2k3 gives 0 */ 1403 } samr_ConnectInfo1; 1404 1405 typedef union { 1406 [case(1)] samr_ConnectInfo1 info1; 1407 } samr_ConnectInfo; 1408 1409 [public] NTSTATUS samr_Connect5( 1410 [in,unique,string,charset(UTF16)] uint16 *system_name, 1411 [in] samr_ConnectAccessMask access_mask, 1412 [in] uint32 level_in, 1413 [in,ref,switch_is(level_in)] samr_ConnectInfo *info_in, 1414 [out,ref] uint32 *level_out, 1415 [out,ref,switch_is(*level_out)] samr_ConnectInfo *info_out, 1416 [out,ref] policy_handle *connect_handle 1417 ); 1418 1419 /************************/ 1420 /* Function 0x41 */ 1421 NTSTATUS samr_RidToSid( 1422 [in,ref] policy_handle *domain_handle, 1423 [in] uint32 rid, 1424 [out,ref] dom_sid2 **sid 1425 ); 1426 1427 /************************/ 1428 /* Function 0x42 */ 1429 1430 /* 1431 this should set the DSRM password for the server, which is used 1432 when booting into Directory Services Recovery Mode on a DC. Win2003 1433 gives me NT_STATUS_NOT_SUPPORTED 1434 */ 1435 1436 NTSTATUS samr_SetDsrmPassword( 1437 [in,unique] lsa_String *name, 1438 [in] uint32 unknown, 1439 [in,unique] samr_Password *hash 1440 ); 1441 1442 1443 /************************/ 1444 /* Function 0x43 */ 1445 /************************/ 1446 typedef [bitmap32bit] bitmap { 1447 SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET = 0x00000001, 1448 SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME = 0x00000002, 1449 SAMR_VALIDATE_FIELD_LOCKOUT_TIME = 0x00000004, 1450 SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT = 0x00000008, 1451 SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH = 0x00000010, 1452 SAMR_VALIDATE_FIELD_PASSWORD_HISTORY = 0x00000020 1453 } samr_ValidateFieldsPresent; 1454 1455 typedef enum { 1456 NetValidateAuthentication = 1, 1457 NetValidatePasswordChange= 2, 1458 NetValidatePasswordReset = 3 1459 } samr_ValidatePasswordLevel; 1460 1461 /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't 1462 * identified the mapping of 1463 * - NERR_PasswordFilterError 1464 * - NERR_PasswordExpired and 1465 * - NERR_PasswordCantChange 1466 * yet - Guenther 1467 */ 1468 1469 typedef enum { 1470 SAMR_VALIDATION_STATUS_SUCCESS = 0, 1471 SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1, 1472 SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2, 1473 SAMR_VALIDATION_STATUS_PASSWORD_EXPIRED = 3, 1474 SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4, 1475 SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5, 1476 SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6, 1477 SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7, 1478 SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8, 1479 SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9, 1480 SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR = 10 1481 } samr_ValidationStatus; 1482 1483 typedef struct { 1484 uint32 length; 1485 [size_is(length)] uint8 *data; 1486 } samr_ValidationBlob; 1487 1488 typedef struct { 1489 samr_ValidateFieldsPresent fields_present; 1490 NTTIME_hyper last_password_change; 1491 NTTIME_hyper bad_password_time; 1492 NTTIME_hyper lockout_time; 1493 uint32 bad_pwd_count; 1494 uint32 pwd_history_len; 1495 [size_is(pwd_history_len)] samr_ValidationBlob *pwd_history; 1496 } samr_ValidatePasswordInfo; 1497 1498 typedef struct { 1499 samr_ValidatePasswordInfo info; 1500 samr_ValidationStatus status; 1501 } samr_ValidatePasswordRepCtr; 1502 1503 typedef [switch_type(uint16)] union { 1504 [case(1)] samr_ValidatePasswordRepCtr ctr1; 1505 [case(2)] samr_ValidatePasswordRepCtr ctr2; 1506 [case(3)] samr_ValidatePasswordRepCtr ctr3; 1507 } samr_ValidatePasswordRep; 1508 1509 typedef struct { 1510 samr_ValidatePasswordInfo info; 1511 lsa_StringLarge password; 1512 lsa_StringLarge account; 1513 samr_ValidationBlob hash; 1514 boolean8 pwd_must_change_at_next_logon; 1515 boolean8 clear_lockout; 1516 } samr_ValidatePasswordReq3; 1517 1518 typedef struct { 1519 samr_ValidatePasswordInfo info; 1520 lsa_StringLarge password; 1521 lsa_StringLarge account; 1522 samr_ValidationBlob hash; 1523 boolean8 password_matched; 1524 } samr_ValidatePasswordReq2; 1525 1526 typedef struct { 1527 samr_ValidatePasswordInfo info; 1528 boolean8 password_matched; 1529 } samr_ValidatePasswordReq1; 1530 1531 typedef [switch_type(uint16)] union { 1532 [case(1)] samr_ValidatePasswordReq1 req1; 1533 [case(2)] samr_ValidatePasswordReq2 req2; 1534 [case(3)] samr_ValidatePasswordReq3 req3; 1535 } samr_ValidatePasswordReq; 1536 1537 NTSTATUS samr_ValidatePassword( 1538 [in] samr_ValidatePasswordLevel level, 1539 [in,switch_is(level)] samr_ValidatePasswordReq *req, 1540 [out,ref,switch_is(level)] samr_ValidatePasswordRep **rep 1541 ); 1542} 1543