4 samr interface definition
8 Thanks to Todd Sabin for some information from his samr.idl in acltools
11 [ uuid("12345778-1234-abcd-ef00-0123456789ac"),
13 endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
14 pointer_default(unique),
15 pointer_default_top(unique),
19 declare bitmap security_secinfo;
21 /* account control (acct_flags) bits */
22 typedef [public,bitmap32bit] bitmap {
23 ACB_DISABLED = 0x00000001, /* 1 = User account disabled */
24 ACB_HOMDIRREQ = 0x00000002, /* 1 = Home directory required */
25 ACB_PWNOTREQ = 0x00000004, /* 1 = User password not required */
26 ACB_TEMPDUP = 0x00000008, /* 1 = Temporary duplicate account */
27 ACB_NORMAL = 0x00000010, /* 1 = Normal user account */
28 ACB_MNS = 0x00000020, /* 1 = MNS logon user account */
29 ACB_DOMTRUST = 0x00000040, /* 1 = Interdomain trust account */
30 ACB_WSTRUST = 0x00000080, /* 1 = Workstation trust account */
31 ACB_SVRTRUST = 0x00000100, /* 1 = Server trust account */
32 ACB_PWNOEXP = 0x00000200, /* 1 = User password does not expire */
33 ACB_AUTOLOCK = 0x00000400, /* 1 = Account auto locked */
34 ACB_ENC_TXT_PWD_ALLOWED = 0x00000800, /* 1 = Encryped text password is allowed */
35 ACB_SMARTCARD_REQUIRED = 0x00001000, /* 1 = Smart Card required */
36 ACB_TRUSTED_FOR_DELEGATION = 0x00002000, /* 1 = Trusted for Delegation */
37 ACB_NOT_DELEGATED = 0x00004000, /* 1 = Not delegated */
38 ACB_USE_DES_KEY_ONLY = 0x00008000, /* 1 = Use DES key only */
39 ACB_DONT_REQUIRE_PREAUTH = 0x00010000 /* 1 = Preauth not required */
44 NTSTATUS samr_Connect (
45 /* notice the lack of [string] */
46 [in] uint16 *system_name,
47 [in] uint32 access_mask,
48 [out,ref] policy_handle *connect_handle
55 [in,out,ref] policy_handle *handle
61 NTSTATUS samr_SetSecurity (
62 [in,ref] policy_handle *handle,
63 [in] security_secinfo sec_info,
64 [in,ref] sec_desc_buf *sdbuf
70 NTSTATUS samr_QuerySecurity (
71 [in,ref] policy_handle *handle,
72 [in] security_secinfo sec_info,
73 [out] sec_desc_buf *sdbuf
80 shutdown the SAM - once you call this the SAM will be dead
82 NTSTATUS samr_Shutdown (
83 [in,ref] policy_handle *connect_handle
88 NTSTATUS samr_LookupDomain (
89 [in,ref] policy_handle *connect_handle,
90 [in,ref] lsa_String *domain_name,
105 [size_is(count)] samr_SamEntry *entries;
108 NTSTATUS samr_EnumDomains (
109 [in,ref] policy_handle *connect_handle,
110 [in,out,ref] uint32 *resume_handle,
111 [in] uint32 buf_size,
112 [out] samr_SamArray *sam,
113 [out] uint32 num_entries
117 /************************/
119 NTSTATUS samr_OpenDomain(
120 [in,ref] policy_handle *connect_handle,
121 [in] uint32 access_mask,
122 [in,ref] dom_sid2 *sid,
123 [out,ref] policy_handle *domain_handle
126 /************************/
129 typedef [v1_enum] enum {
131 ROLE_DOMAIN_MEMBER = 1,
137 uint16 min_password_length;
138 uint16 password_history_length;
139 uint32 password_properties;
140 /* yes, these are signed. They are in negative 100ns */
141 dlong max_password_age;
142 dlong min_password_age;
146 NTTIME force_logoff_time;
148 lsa_String domain_name;
149 lsa_String primary; /* PDC name if this is a BDC */
160 NTTIME force_logoff_time;
168 lsa_String domain_name;
181 NTTIME domain_create_time;
185 uint32 unknown; /* w2k3 returns 1 */
190 hyper lockout_duration;
191 hyper lockout_window;
192 uint16 lockout_threshold;
196 hyper lockout_duration;
197 hyper lockout_window;
198 uint16 lockout_threshold;
203 NTTIME domain_create_time;
208 typedef [switch_type(uint16)] union {
209 [case(1)] samr_DomInfo1 info1;
210 [case(2)] samr_DomInfo2 info2;
211 [case(3)] samr_DomInfo3 info3;
212 [case(4)] samr_DomInfo4 info4;
213 [case(5)] samr_DomInfo5 info5;
214 [case(6)] samr_DomInfo6 info6;
215 [case(7)] samr_DomInfo7 info7;
216 [case(8)] samr_DomInfo8 info8;
217 [case(9)] samr_DomInfo9 info9;
218 [case(11)] samr_DomInfo11 info11;
219 [case(12)] samr_DomInfo12 info12;
220 [case(13)] samr_DomInfo13 info13;
223 NTSTATUS samr_QueryDomainInfo(
224 [in,ref] policy_handle *domain_handle,
226 [out,switch_is(level)] samr_DomainInfo *info
229 /************************/
232 only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
235 NTSTATUS samr_SetDomainInfo(
236 [in,ref] policy_handle *domain_handle,
238 [in,switch_is(level),ref] samr_DomainInfo *info
242 /************************/
244 NTSTATUS samr_CreateDomainGroup(
245 [in,ref] policy_handle *domain_handle,
246 [in,ref] lsa_String *name,
247 [in] uint32 access_mask,
248 [out,ref] policy_handle *group_handle,
249 [out,ref] uint32 *rid
253 /************************/
255 NTSTATUS samr_EnumDomainGroups(
256 [in,ref] policy_handle *domain_handle,
257 [in,out,ref] uint32 *resume_handle,
258 [in] uint32 max_size,
259 [out] samr_SamArray *sam,
260 [out] uint32 num_entries
263 /************************/
265 NTSTATUS samr_CreateUser(
266 [in,ref] policy_handle *domain_handle,
267 [in,ref] lsa_String *account_name,
268 [in] uint32 access_mask,
269 [out,ref] policy_handle *user_handle,
270 [out,ref] uint32 *rid
273 /************************/
277 /* w2k3 treats max_size as max_users*54 and sets the
278 resume_handle as the rid of the last user sent
280 const int SAMR_ENUM_USERS_MULTIPLIER = 54;
282 NTSTATUS samr_EnumDomainUsers(
283 [in,ref] policy_handle *domain_handle,
284 [in,out,ref] uint32 *resume_handle,
285 [in] samr_AcctFlags acct_flags,
286 [in] uint32 max_size,
287 [out] samr_SamArray *sam,
288 [out] uint32 num_entries
291 /************************/
293 NTSTATUS samr_CreateDomAlias(
294 [in,ref] policy_handle *domain_handle,
295 [in,ref] lsa_String *alias_name,
296 [in] uint32 access_mask,
297 [out,ref] policy_handle *alias_handle,
298 [out,ref] uint32 *rid
301 /************************/
303 NTSTATUS samr_EnumDomainAliases(
304 [in,ref] policy_handle *domain_handle,
305 [in,out,ref] uint32 *resume_handle,
306 [in] samr_AcctFlags acct_flags,
307 [out] samr_SamArray *sam,
308 [out] uint32 num_entries
311 /************************/
315 [range(0,1024)] uint32 count;
316 [size_is(count)] uint32 *ids;
319 NTSTATUS samr_GetAliasMembership(
320 [in,ref] policy_handle *domain_handle,
321 [in,ref] lsa_SidArray *sids,
322 [out,ref] samr_Ids *rids
325 /************************/
328 NTSTATUS samr_LookupNames(
329 [in,ref] policy_handle *domain_handle,
330 [in,range(0,1000)] uint32 num_names,
331 [in,size_is(1000),length_is(num_names)] lsa_String names[],
337 /************************/
339 NTSTATUS samr_LookupRids(
340 [in,ref] policy_handle *domain_handle,
341 [in,range(0,1000)] uint32 num_rids,
342 [in,size_is(1000),length_is(num_rids)] uint32 rids[],
343 [out] lsa_Strings names,
347 /************************/
349 NTSTATUS samr_OpenGroup(
350 [in,ref] policy_handle *domain_handle,
351 [in] uint32 access_mask,
353 [out,ref] policy_handle *group_handle
356 /* Group attributes */
357 const int SE_GROUP_MANDATORY = 0x0001;
358 const int SE_GROUP_ENABLED_BY_DEFAULT = 0x0002;
359 const int SE_GROUP_ENABLED = 0x0004;
361 /************************/
368 lsa_String description;
376 lsa_String description;
377 } samr_GroupInfoDesciption;
383 GROUPINFODESCRIPTION = 4,
385 } samr_GroupInfoEnum;
387 typedef [switch_type(samr_GroupInfoEnum)] union {
388 [case(GROUPINFOALL)] samr_GroupInfoAll all;
389 [case(GROUPINFONAME)] lsa_String name;
390 [case(GROUPINFOX)] samr_GroupInfoX unknown;
391 [case(GROUPINFODESCRIPTION)] lsa_String description;
392 [case(GROUPINFOALL2)] samr_GroupInfoAll all2;
395 NTSTATUS samr_QueryGroupInfo(
396 [in,ref] policy_handle *group_handle,
397 [in] samr_GroupInfoEnum level,
398 [out,switch_is(level)] samr_GroupInfo *info
401 /************************/
403 NTSTATUS samr_SetGroupInfo(
404 [in,ref] policy_handle *group_handle,
405 [in] samr_GroupInfoEnum level,
406 [in,switch_is(level),ref] samr_GroupInfo *info
409 /************************/
411 NTSTATUS samr_AddGroupMember(
412 [in,ref] policy_handle *group_handle,
417 /************************/
419 NTSTATUS samr_DeleteDomainGroup(
420 [in,out,ref] policy_handle *group_handle
423 /************************/
425 NTSTATUS samr_DeleteGroupMember(
426 [in,ref] policy_handle *group_handle,
431 /************************/
435 [size_is(count)] uint32 *rids;
436 [size_is(count)] uint32 *types;
439 NTSTATUS samr_QueryGroupMember(
440 [in,ref] policy_handle *group_handle,
441 [out] samr_RidTypeArray *rids
445 /************************/
449 win2003 seems to accept any data at all for the two integers
450 below, and doesn't seem to do anything with them that I can
451 see. Weird. I really expected the first integer to be a rid
452 and the second to be the attributes for that rid member.
454 NTSTATUS samr_SetMemberAttributesOfGroup(
455 [in,ref] policy_handle *group_handle,
456 [in] uint32 unknown1,
461 /************************/
463 NTSTATUS samr_OpenAlias (
464 [in,ref] policy_handle *domain_handle,
465 [in] uint32 access_mask,
467 [out,ref] policy_handle *alias_handle
471 /************************/
477 lsa_String description;
483 ALIASINFODESCRIPTION = 3
484 } samr_AliasInfoEnum;
486 typedef [switch_type(samr_AliasInfoEnum)] union {
487 [case(ALIASINFOALL)] samr_AliasInfoAll all;
488 [case(ALIASINFONAME)] lsa_String name;
489 [case(ALIASINFODESCRIPTION)] lsa_String description;
492 NTSTATUS samr_QueryAliasInfo(
493 [in,ref] policy_handle *alias_handle,
494 [in] samr_AliasInfoEnum level,
495 [out,switch_is(level)] samr_AliasInfo *info
498 /************************/
500 NTSTATUS samr_SetAliasInfo(
501 [in,ref] policy_handle *alias_handle,
502 [in] samr_AliasInfoEnum level,
503 [in,switch_is(level),ref] samr_AliasInfo *info
506 /************************/
508 NTSTATUS samr_DeleteDomAlias(
509 [in,out,ref] policy_handle *alias_handle
512 /************************/
514 NTSTATUS samr_AddAliasMember(
515 [in,ref] policy_handle *alias_handle,
516 [in,ref] dom_sid2 *sid
519 /************************/
521 NTSTATUS samr_DeleteAliasMember(
522 [in,ref] policy_handle *alias_handle,
523 [in,ref] dom_sid2 *sid
526 /************************/
528 NTSTATUS samr_GetMembersInAlias(
529 [in,ref] policy_handle *alias_handle,
530 [out,ref] lsa_SidArray *sids
533 /************************/
535 NTSTATUS samr_OpenUser(
536 [in,ref] policy_handle *domain_handle,
537 [in] uint32 access_mask,
539 [out,ref] policy_handle *user_handle
542 /************************/
544 NTSTATUS samr_DeleteUser(
545 [in,out,ref] policy_handle *user_handle
548 /************************/
551 lsa_String account_name;
552 lsa_String full_name;
554 lsa_String description;
560 lsa_String unknown; /* settable, but doesn't stick. probably obsolete */
565 /* this is also used in samr and netlogon */
566 typedef [public, flag(NDR_PAHEX)] struct {
567 uint16 units_per_week;
568 [size_is(1260), length_is(units_per_week/8)] uint8 *bits;
572 lsa_String account_name;
573 lsa_String full_name;
576 lsa_String home_directory;
577 lsa_String home_drive;
578 lsa_String logon_script;
579 lsa_String profile_path;
580 lsa_String workstations;
583 NTTIME last_password_change;
584 NTTIME allow_password_change;
585 NTTIME force_password_change;
586 samr_LogonHours logon_hours;
587 uint16 bad_password_count;
589 samr_AcctFlags acct_flags;
593 samr_LogonHours logon_hours;
597 lsa_String account_name;
598 lsa_String full_name;
601 lsa_String home_directory;
602 lsa_String home_drive;
603 lsa_String logon_script;
604 lsa_String profile_path;
605 lsa_String description;
606 lsa_String workstations;
609 samr_LogonHours logon_hours;
610 uint16 bad_password_count;
612 NTTIME last_password_change;
614 samr_AcctFlags acct_flags;
618 lsa_String account_name;
619 lsa_String full_name;
623 lsa_String account_name;
627 lsa_String full_name;
635 lsa_String home_directory;
636 lsa_String home_drive;
640 lsa_String logon_script;
644 lsa_String profile_path;
648 lsa_String description;
652 lsa_String workstations;
656 samr_AcctFlags acct_flags;
664 lsa_String parameters;
667 /* this defines the bits used for fields_present in info21 */
668 typedef [bitmap32bit] bitmap {
669 SAMR_FIELD_ACCOUNT_NAME = 0x00000001,
670 SAMR_FIELD_FULL_NAME = 0x00000002,
671 SAMR_FIELD_DESCRIPTION = 0x00000010,
672 SAMR_FIELD_COMMENT = 0x00000020,
673 SAMR_FIELD_LOGON_SCRIPT = 0x00000100,
674 SAMR_FIELD_PROFILE_PATH = 0x00000200,
675 SAMR_FIELD_WORKSTATIONS = 0x00000400,
676 SAMR_FIELD_LOGON_HOURS = 0x00002000,
677 SAMR_FIELD_ACCT_FLAGS = 0x00100000,
678 SAMR_FIELD_PARAMETERS = 0x00200000,
679 SAMR_FIELD_COUNTRY_CODE = 0x00400000,
680 SAMR_FIELD_CODE_PAGE = 0x00800000,
681 SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */
682 SAMR_FIELD_PASSWORD2 = 0x02000000 /* two bits seems to work */
683 } samr_FieldsPresent;
688 NTTIME last_password_change;
690 NTTIME allow_password_change;
691 NTTIME force_password_change;
692 lsa_String account_name;
693 lsa_String full_name;
694 lsa_String home_directory;
695 lsa_String home_drive;
696 lsa_String logon_script;
697 lsa_String profile_path;
698 lsa_String description;
699 lsa_String workstations;
701 lsa_String parameters;
706 [size_is(buf_count)] uint8 *buffer;
709 samr_AcctFlags acct_flags;
710 samr_FieldsPresent fields_present;
711 samr_LogonHours logon_hours;
712 uint16 bad_password_count;
716 uint8 nt_password_set;
717 uint8 lm_password_set;
718 uint8 password_expired;
722 typedef [public, flag(NDR_PAHEX)] struct {
724 } samr_CryptPassword;
727 samr_UserInfo21 info;
728 samr_CryptPassword password;
732 samr_CryptPassword password;
736 typedef [flag(NDR_PAHEX)] struct {
738 } samr_CryptPasswordEx;
741 samr_UserInfo21 info;
742 samr_CryptPasswordEx password;
746 samr_CryptPasswordEx password;
750 typedef [switch_type(uint16)] union {
751 [case(1)] samr_UserInfo1 info1;
752 [case(2)] samr_UserInfo2 info2;
753 [case(3)] samr_UserInfo3 info3;
754 [case(4)] samr_UserInfo4 info4;
755 [case(5)] samr_UserInfo5 info5;
756 [case(6)] samr_UserInfo6 info6;
757 [case(7)] samr_UserInfo7 info7;
758 [case(8)] samr_UserInfo8 info8;
759 [case(9)] samr_UserInfo9 info9;
760 [case(10)] samr_UserInfo10 info10;
761 [case(11)] samr_UserInfo11 info11;
762 [case(12)] samr_UserInfo12 info12;
763 [case(13)] samr_UserInfo13 info13;
764 [case(14)] samr_UserInfo14 info14;
765 [case(16)] samr_UserInfo16 info16;
766 [case(17)] samr_UserInfo17 info17;
767 [case(20)] samr_UserInfo20 info20;
768 [case(21)] samr_UserInfo21 info21;
769 [case(23)] samr_UserInfo23 info23;
770 [case(24)] samr_UserInfo24 info24;
771 [case(25)] samr_UserInfo25 info25;
772 [case(26)] samr_UserInfo26 info26;
775 NTSTATUS samr_QueryUserInfo(
776 [in,ref] policy_handle *user_handle,
778 [out,switch_is(level)] samr_UserInfo *info
782 /************************/
784 NTSTATUS samr_SetUserInfo(
785 [in,ref] policy_handle *user_handle,
787 [in,ref,switch_is(level)] samr_UserInfo *info
790 /************************/
792 typedef [public, flag(NDR_PAHEX)] struct {
797 this is a password change interface that doesn't give
798 the server the plaintext password. Depricated.
800 NTSTATUS samr_ChangePasswordUser(
801 [in,ref] policy_handle *user_handle,
802 [in] bool8 lm_present,
803 [in] samr_Password *old_lm_crypted,
804 [in] samr_Password *new_lm_crypted,
805 [in] bool8 nt_present,
806 [in] samr_Password *old_nt_crypted,
807 [in] samr_Password *new_nt_crypted,
808 [in] bool8 cross1_present,
809 [in] samr_Password *nt_cross,
810 [in] bool8 cross2_present,
811 [in] samr_Password *lm_cross
814 /************************/
817 typedef [public] struct {
820 } samr_RidWithAttribute;
822 typedef [public] struct {
824 [size_is(count)] samr_RidWithAttribute *rids;
825 } samr_RidWithAttributeArray;
827 NTSTATUS samr_GetGroupsForUser(
828 [in,ref] policy_handle *user_handle,
829 [out] samr_RidWithAttributeArray *rids
832 /************************/
838 samr_AcctFlags acct_flags;
839 lsa_String account_name;
840 lsa_String full_name;
841 lsa_String description;
842 } samr_DispEntryGeneral;
846 [size_is(count)] samr_DispEntryGeneral *entries;
847 } samr_DispInfoGeneral;
852 samr_AcctFlags acct_flags;
853 lsa_String account_name;
854 lsa_String description;
855 } samr_DispEntryFull;
859 [size_is(count)] samr_DispEntryFull *entries;
864 lsa_AsciiString account_name;
865 } samr_DispEntryAscii;
869 [size_is(count)] samr_DispEntryAscii *entries;
870 } samr_DispInfoAscii;
872 typedef [switch_type(uint16)] union {
873 [case(1)] samr_DispInfoGeneral info1;/* users */
874 [case(2)] samr_DispInfoFull info2; /* trust accounts? */
875 [case(3)] samr_DispInfoFull info3; /* groups */
876 [case(4)] samr_DispInfoAscii info4; /* users */
877 [case(5)] samr_DispInfoAscii info5; /* groups */
880 NTSTATUS samr_QueryDisplayInfo(
881 [in,ref] policy_handle *domain_handle,
883 [in] uint32 start_idx,
884 [in] uint32 max_entries,
885 [in] uint32 buf_size,
886 [out] uint32 total_size,
887 [out] uint32 returned_size,
888 [out,switch_is(level)] samr_DispInfo info
892 /************************/
896 this seems to be an alphabetic search function. The returned index
897 is the index for samr_QueryDisplayInfo needed to get names occurring
898 after the specified name. The supplied name does not need to exist
899 in the database (for example you can supply just a first letter for
900 searching starting at that letter)
902 The level corresponds to the samr_QueryDisplayInfo level
904 NTSTATUS samr_GetDisplayEnumerationIndex(
905 [in,ref] policy_handle *domain_handle,
907 [in] lsa_String name,
913 /************************/
917 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
919 NTSTATUS samr_TestPrivateFunctionsDomain(
920 [in,ref] policy_handle *domain_handle
924 /************************/
928 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
930 NTSTATUS samr_TestPrivateFunctionsUser(
931 [in,ref] policy_handle *user_handle
935 /************************/
938 /* password properties flags */
939 const uint32 DOMAIN_PASSWORD_COMPLEX = 0x00000001;
940 const uint32 DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002;
941 const uint32 DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004;
942 const uint32 DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010;
943 const uint32 DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020;
946 uint16 min_password_length;
947 uint32 password_properties;
950 NTSTATUS samr_GetUserPwInfo(
951 [in,ref] policy_handle *user_handle,
952 [out] samr_PwInfo info
955 /************************/
957 NTSTATUS samr_RemoveMemberFromForeignDomain(
958 [in,ref] policy_handle *domain_handle,
959 [in,ref] dom_sid2 *sid
962 /************************/
966 how is this different from QueryDomainInfo ??
968 NTSTATUS samr_QueryDomainInfo2(
969 [in,ref] policy_handle *domain_handle,
971 [out,switch_is(level)] samr_DomainInfo *info
974 /************************/
978 how is this different from QueryUserInfo ??
980 NTSTATUS samr_QueryUserInfo2(
981 [in,ref] policy_handle *user_handle,
983 [out,switch_is(level)] samr_UserInfo *info
986 /************************/
990 how is this different from QueryDisplayInfo??
992 NTSTATUS samr_QueryDisplayInfo2(
993 [in,ref] policy_handle *domain_handle,
995 [in] uint32 start_idx,
996 [in] uint32 max_entries,
997 [in] uint32 buf_size,
998 [out] uint32 total_size,
999 [out] uint32 returned_size,
1000 [out,switch_is(level)] samr_DispInfo info
1003 /************************/
1007 how is this different from GetDisplayEnumerationIndex ??
1009 NTSTATUS samr_GetDisplayEnumerationIndex2(
1010 [in,ref] policy_handle *domain_handle,
1012 [in] lsa_String name,
1017 /************************/
1019 NTSTATUS samr_CreateUser2(
1020 [in,ref] policy_handle *domain_handle,
1021 [in,ref] lsa_String *account_name,
1022 [in] samr_AcctFlags acct_flags,
1023 [in] uint32 access_mask,
1024 [out,ref] policy_handle *user_handle,
1025 [out,ref] uint32 *access_granted,
1026 [out,ref] uint32 *rid
1030 /************************/
1034 another duplicate. There must be a reason ....
1036 NTSTATUS samr_QueryDisplayInfo3(
1037 [in,ref] policy_handle *domain_handle,
1039 [in] uint32 start_idx,
1040 [in] uint32 max_entries,
1041 [in] uint32 buf_size,
1042 [out] uint32 total_size,
1043 [out] uint32 returned_size,
1044 [out,switch_is(level)] samr_DispInfo info
1047 /************************/
1049 NTSTATUS samr_AddMultipleMembersToAlias(
1050 [in,ref] policy_handle *alias_handle,
1051 [in,ref] lsa_SidArray *sids
1054 /************************/
1056 NTSTATUS samr_RemoveMultipleMembersFromAlias(
1057 [in,ref] policy_handle *alias_handle,
1058 [in,ref] lsa_SidArray *sids
1061 /************************/
1064 NTSTATUS samr_OemChangePasswordUser2(
1065 [in] lsa_AsciiString *server,
1066 [in,ref] lsa_AsciiString *account,
1067 [in] samr_CryptPassword *password,
1068 [in] samr_Password *hash
1071 /************************/
1073 NTSTATUS samr_ChangePasswordUser2(
1074 [in] lsa_String *server,
1075 [in,ref] lsa_String *account,
1076 [in] samr_CryptPassword *nt_password,
1077 [in] samr_Password *nt_verifier,
1078 [in] bool8 lm_change,
1079 [in] samr_CryptPassword *lm_password,
1080 [in] samr_Password *lm_verifier
1083 /************************/
1085 NTSTATUS samr_GetDomPwInfo(
1086 [in] lsa_String *domain_name,
1087 [out] samr_PwInfo info
1090 /************************/
1092 NTSTATUS samr_Connect2(
1093 [in,string,charset(UTF16)] uint16 *system_name,
1094 [in] uint32 access_mask,
1095 [out,ref] policy_handle *connect_handle
1098 /************************/
1101 seems to be an exact alias for samr_SetUserInfo()
1103 NTSTATUS samr_SetUserInfo2(
1104 [in,ref] policy_handle *user_handle,
1106 [in,ref,switch_is(level)] samr_UserInfo *info
1109 /************************/
1112 this one is mysterious. I have a few guesses, but nothing working yet
1114 NTSTATUS samr_SetBootKeyInformation(
1115 [in,ref] policy_handle *connect_handle,
1116 [in] uint32 unknown1,
1117 [in] uint32 unknown2,
1118 [in] uint32 unknown3
1121 /************************/
1123 NTSTATUS samr_GetBootKeyInformation(
1124 [in,ref] policy_handle *domain_handle,
1125 [out] uint32 unknown
1128 /************************/
1130 NTSTATUS samr_Connect3(
1131 [in,string,charset(UTF16)] uint16 *system_name,
1132 /* this unknown value seems to be completely ignored by w2k3 */
1133 [in] uint32 unknown,
1134 [in] uint32 access_mask,
1135 [out,ref] policy_handle *connect_handle
1138 /************************/
1140 NTSTATUS samr_Connect4(
1141 [in,string,charset(UTF16)] uint16 *system_name,
1142 [in] uint32 unknown,
1143 [in] uint32 access_mask,
1144 [out,ref] policy_handle *connect_handle
1147 /************************/
1150 declare enum samr_RejectReason;
1153 samr_RejectReason reason;
1156 } samr_ChangeReject;
1158 NTSTATUS samr_ChangePasswordUser3(
1159 [in] lsa_String *server,
1160 [in,ref] lsa_String *account,
1161 [in] samr_CryptPassword *nt_password,
1162 [in] samr_Password *nt_verifier,
1163 [in] bool8 lm_change,
1164 [in] samr_CryptPassword *lm_password,
1165 [in] samr_Password *lm_verifier,
1166 [in] samr_CryptPassword *password3,
1167 [out] samr_DomInfo1 *dominfo,
1168 [out] samr_ChangeReject *reject
1171 /************************/
1175 uint32 unknown1; /* w2k3 gives 3 */
1176 uint32 unknown2; /* w2k3 gives 0 */
1177 } samr_ConnectInfo1;
1180 [case(1)] samr_ConnectInfo1 info1;
1183 NTSTATUS samr_Connect5(
1184 [in,string,charset(UTF16)] uint16 *system_name,
1185 [in] uint32 access_mask,
1186 [in,out] uint32 level,
1187 [in,out,switch_is(level),ref] samr_ConnectInfo *info,
1188 [out,ref] policy_handle *connect_handle
1191 /************************/
1193 NTSTATUS samr_RidToSid(
1194 [in,ref] policy_handle *domain_handle,
1200 /************************/
1204 this should set the DSRM password for the server, which is used
1205 when booting into Directory Services Recovery Mode on a DC. Win2003
1206 gives me NT_STATUS_NOT_SUPPORTED
1209 NTSTATUS samr_SetDsrmPassword(
1210 [in] lsa_String *name,
1211 [in] uint32 unknown,
1212 [in] samr_Password *hash
1216 /************************/
1219 I haven't been able to work out the format of this one yet.
1220 Seems to start with a switch level for a union?
1222 NTSTATUS samr_ValidatePassword();