librpc/idl/samr.idl

   1 #include "idl_types.h"
   2
   3 /*
   4   samr interface definition
   5 */
   6 import "misc.idl", "lsa.idl", "security.idl";
   7
   8 /*
   9   Thanks to Todd Sabin for some information from his samr.idl in acltools
  10 */
  11
  12 [ uuid("12345778-1234-abcd-ef00-0123456789ac"),
  13   version(1.0),
  14   endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
  15   pointer_default(unique)
  16 ] interface samr
  17 {
  18         typedef bitmap security_secinfo security_secinfo;
  19
  20         /* account control (acct_flags) bits */
  21         typedef [public,bitmap32bit] bitmap {
  22                 ACB_DISABLED                    = 0x00000001,  /* 1 = User account disabled */
  23                 ACB_HOMDIRREQ                   = 0x00000002,  /* 1 = Home directory required */
  24                 ACB_PWNOTREQ                    = 0x00000004,  /* 1 = User password not required */
  25                 ACB_TEMPDUP                     = 0x00000008,  /* 1 = Temporary duplicate account */
  26                 ACB_NORMAL                      = 0x00000010,  /* 1 = Normal user account */
  27                 ACB_MNS                         = 0x00000020,  /* 1 = MNS logon user account */
  28                 ACB_DOMTRUST                    = 0x00000040,  /* 1 = Interdomain trust account */
  29                 ACB_WSTRUST                     = 0x00000080,  /* 1 = Workstation trust account */
  30                 ACB_SVRTRUST                    = 0x00000100,  /* 1 = Server trust account */
  31                 ACB_PWNOEXP                     = 0x00000200,  /* 1 = User password does not expire */
  32                 ACB_AUTOLOCK                    = 0x00000400,  /* 1 = Account auto locked */
  33                 ACB_ENC_TXT_PWD_ALLOWED         = 0x00000800,  /* 1 = Encryped text password is allowed */
  34                 ACB_SMARTCARD_REQUIRED          = 0x00001000,  /* 1 = Smart Card required */
  35                 ACB_TRUSTED_FOR_DELEGATION      = 0x00002000,  /* 1 = Trusted for Delegation */
  36                 ACB_NOT_DELEGATED               = 0x00004000,  /* 1 = Not delegated */
  37                 ACB_USE_DES_KEY_ONLY            = 0x00008000,  /* 1 = Use DES key only */
  38                 ACB_DONT_REQUIRE_PREAUTH        = 0x00010000,  /* 1 = Preauth not required */
  39                 ACB_PW_EXPIRED                  = 0x00020000,  /* 1 = Password Expired */
  40                 ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x00040000,
  41                 ACB_NO_AUTH_DATA_REQD           = 0x00080000,  /* 1 = No authorization data required */
  42                 ACB_PARTIAL_SECRETS_ACCOUNT     = 0x00100000,
  43                 ACB_USE_AES_KEYS                = 0x00200000
  44         } samr_AcctFlags;
  45
  46         /* SAM server specific access rights */
  47
  48         typedef [bitmap32bit] bitmap {
  49                 SAMR_ACCESS_CONNECT_TO_SERVER   = 0x00000001,
  50                 SAMR_ACCESS_SHUTDOWN_SERVER     = 0x00000002,
  51                 SAMR_ACCESS_INITIALIZE_SERVER   = 0x00000004,
  52                 SAMR_ACCESS_CREATE_DOMAIN       = 0x00000008,
  53                 SAMR_ACCESS_ENUM_DOMAINS        = 0x00000010,
  54                 SAMR_ACCESS_LOOKUP_DOMAIN         = 0x00000020
  55         } samr_ConnectAccessMask;
  56
  57         const int SAMR_ACCESS_ALL_ACCESS = 0x0000003F;
  58
  59         const int GENERIC_RIGHTS_SAM_ALL_ACCESS =
  60                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
  61                  SAMR_ACCESS_ALL_ACCESS);
  62
  63         const int GENERIC_RIGHTS_SAM_READ =
  64                 (STANDARD_RIGHTS_READ_ACCESS            |
  65                  SAMR_ACCESS_ENUM_DOMAINS);
  66
  67         const int GENERIC_RIGHTS_SAM_WRITE =
  68                 (STANDARD_RIGHTS_WRITE_ACCESS           |
  69                  SAMR_ACCESS_CREATE_DOMAIN              |
  70                  SAMR_ACCESS_INITIALIZE_SERVER          |
  71                  SAMR_ACCESS_SHUTDOWN_SERVER);
  72
  73         const int GENERIC_RIGHTS_SAM_EXECUTE =
  74                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
  75                  SAMR_ACCESS_LOOKUP_DOMAIN              |
  76                  SAMR_ACCESS_CONNECT_TO_SERVER);
  77
  78         /* User Object specific access rights */
  79
  80         typedef [bitmap32bit] bitmap {
  81                 SAMR_USER_ACCESS_GET_NAME_ETC             = 0x00000001,
  82                 SAMR_USER_ACCESS_GET_LOCALE               = 0x00000002,
  83                 SAMR_USER_ACCESS_SET_LOC_COM              = 0x00000004,
  84                 SAMR_USER_ACCESS_GET_LOGONINFO            = 0x00000008,
  85                 SAMR_USER_ACCESS_GET_ATTRIBUTES           = 0x00000010,
  86                 SAMR_USER_ACCESS_SET_ATTRIBUTES           = 0x00000020,
  87                 SAMR_USER_ACCESS_CHANGE_PASSWORD          = 0x00000040,
  88                 SAMR_USER_ACCESS_SET_PASSWORD             = 0x00000080,
  89                 SAMR_USER_ACCESS_GET_GROUPS               = 0x00000100,
  90                 SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP     = 0x00000200,
  91                 SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP  = 0x00000400
  92         } samr_UserAccessMask;
  93
  94         const int SAMR_USER_ACCESS_ALL_ACCESS = 0x000007FF;
  95
  96         const int GENERIC_RIGHTS_USER_ALL_ACCESS =
  97                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
  98                  SAMR_USER_ACCESS_ALL_ACCESS);  /* 0x000f07ff */
  99
 100         const int GENERIC_RIGHTS_USER_READ =
 101                 (STANDARD_RIGHTS_READ_ACCESS            |
 102                  SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP  |
 103                  SAMR_USER_ACCESS_GET_GROUPS            |
 104                  SAMR_USER_ACCESS_GET_ATTRIBUTES        |
 105                  SAMR_USER_ACCESS_GET_LOGONINFO         |
 106                  SAMR_USER_ACCESS_GET_LOCALE);  /* 0x0002031a */
 107
 108         const int GENERIC_RIGHTS_USER_WRITE =
 109                 (STANDARD_RIGHTS_WRITE_ACCESS           |
 110                  SAMR_USER_ACCESS_CHANGE_PASSWORD       |
 111                  SAMR_USER_ACCESS_SET_LOC_COM           |
 112                  SAMR_USER_ACCESS_SET_ATTRIBUTES        |
 113                  SAMR_USER_ACCESS_SET_PASSWORD          |
 114                  SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP);     /* 0x000204e4 */
 115
 116         const int GENERIC_RIGHTS_USER_EXECUTE =
 117                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
 118                  SAMR_USER_ACCESS_CHANGE_PASSWORD       |
 119                  SAMR_USER_ACCESS_GET_NAME_ETC);        /* 0x00020041 */
 120
 121         /* Domain Object specific access rights */
 122
 123         typedef [bitmap32bit] bitmap {
 124                 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1  = 0x00000001,
 125                 SAMR_DOMAIN_ACCESS_SET_INFO_1     = 0x00000002,
 126                 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2  = 0x00000004,
 127                 SAMR_DOMAIN_ACCESS_SET_INFO_2     = 0x00000008,
 128                 SAMR_DOMAIN_ACCESS_CREATE_USER    = 0x00000010,
 129                 SAMR_DOMAIN_ACCESS_CREATE_GROUP   = 0x00000020,
 130                 SAMR_DOMAIN_ACCESS_CREATE_ALIAS   = 0x00000040,
 131                 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS   = 0x00000080,
 132                 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS  = 0x00000100,
 133                 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT   = 0x00000200,
 134                 SAMR_DOMAIN_ACCESS_SET_INFO_3     = 0x00000400
 135         } samr_DomainAccessMask;
 136
 137         const int SAMR_DOMAIN_ACCESS_ALL_ACCESS = 0x000007FF;
 138
 139         const int GENERIC_RIGHTS_DOMAIN_ALL_ACCESS =
 140                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
 141                  SAMR_DOMAIN_ACCESS_ALL_ACCESS);
 142
 143         const int GENERIC_RIGHTS_DOMAIN_READ =
 144                 (STANDARD_RIGHTS_READ_ACCESS            |
 145                  SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS        |
 146                  SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2);
 147
 148         const int GENERIC_RIGHTS_DOMAIN_WRITE =
 149                 (STANDARD_RIGHTS_WRITE_ACCESS           |
 150                  SAMR_DOMAIN_ACCESS_SET_INFO_3          |
 151                  SAMR_DOMAIN_ACCESS_CREATE_ALIAS        |
 152                  SAMR_DOMAIN_ACCESS_CREATE_GROUP        |
 153                  SAMR_DOMAIN_ACCESS_CREATE_USER         |
 154                  SAMR_DOMAIN_ACCESS_SET_INFO_2          |
 155                  SAMR_DOMAIN_ACCESS_SET_INFO_1);
 156
 157         const int GENERIC_RIGHTS_DOMAIN_EXECUTE =
 158                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
 159                  SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT        |
 160                  SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS       |
 161                  SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1);
 162
 163         /* Group Object specific access rights */
 164
 165         typedef [bitmap32bit] bitmap {
 166                 SAMR_GROUP_ACCESS_LOOKUP_INFO     = 0x00000001,
 167                 SAMR_GROUP_ACCESS_SET_INFO        = 0x00000002,
 168                 SAMR_GROUP_ACCESS_ADD_MEMBER      = 0x00000004,
 169                 SAMR_GROUP_ACCESS_REMOVE_MEMBER   = 0x00000008,
 170                 SAMR_GROUP_ACCESS_GET_MEMBERS     = 0x00000010
 171         } samr_GroupAccessMask;
 172
 173         const int SAMR_GROUP_ACCESS_ALL_ACCESS = 0x0000001F;
 174
 175         const int GENERIC_RIGHTS_GROUP_ALL_ACCESS =
 176                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
 177                  SAMR_GROUP_ACCESS_ALL_ACCESS); /* 0x000f001f */
 178
 179         const int GENERIC_RIGHTS_GROUP_READ =
 180                 (STANDARD_RIGHTS_READ_ACCESS            |
 181                  SAMR_GROUP_ACCESS_GET_MEMBERS);        /* 0x00020010 */
 182
 183         const int GENERIC_RIGHTS_GROUP_WRITE =
 184                 (STANDARD_RIGHTS_WRITE_ACCESS           |
 185                  SAMR_GROUP_ACCESS_REMOVE_MEMBER        |
 186                  SAMR_GROUP_ACCESS_ADD_MEMBER           |
 187                  SAMR_GROUP_ACCESS_SET_INFO);   /* 0x0002000e */
 188
 189         const int GENERIC_RIGHTS_GROUP_EXECUTE =
 190                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
 191                  SAMR_GROUP_ACCESS_LOOKUP_INFO);        /* 0x00020001 */
 192
 193         /* Alias Object specific access rights */
 194
 195         typedef [bitmap32bit] bitmap {
 196                 SAMR_ALIAS_ACCESS_ADD_MEMBER      = 0x00000001,
 197                 SAMR_ALIAS_ACCESS_REMOVE_MEMBER   = 0x00000002,
 198                 SAMR_ALIAS_ACCESS_GET_MEMBERS     = 0x00000004,
 199                 SAMR_ALIAS_ACCESS_LOOKUP_INFO     = 0x00000008,
 200                 SAMR_ALIAS_ACCESS_SET_INFO        = 0x00000010
 201         } samr_AliasAccessMask;
 202
 203         const int SAMR_ALIAS_ACCESS_ALL_ACCESS = 0x0000001F;
 204
 205         const int GENERIC_RIGHTS_ALIAS_ALL_ACCESS =
 206                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
 207                  SAMR_ALIAS_ACCESS_ALL_ACCESS); /* 0x000f001f */
 208
 209         const int GENERIC_RIGHTS_ALIAS_READ =
 210                 (STANDARD_RIGHTS_READ_ACCESS            |
 211                  SAMR_ALIAS_ACCESS_GET_MEMBERS);        /* 0x00020004 */
 212
 213         const int GENERIC_RIGHTS_ALIAS_WRITE =
 214                 (STANDARD_RIGHTS_WRITE_ACCESS           |
 215                  SAMR_ALIAS_ACCESS_REMOVE_MEMBER        |
 216                  SAMR_ALIAS_ACCESS_ADD_MEMBER           |
 217                  SAMR_ALIAS_ACCESS_SET_INFO);   /* 0x00020013 */
 218
 219         const int GENERIC_RIGHTS_ALIAS_EXECUTE =
 220                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
 221                  SAMR_ALIAS_ACCESS_LOOKUP_INFO);        /* 0x00020008 */
 222
 223         /******************/
 224         /* Function: 0x00 */
 225         NTSTATUS samr_Connect (
 226                 /* notice the lack of [string] */
 227                 [in,unique] uint16 *system_name,
 228                 [in]       samr_ConnectAccessMask access_mask,
 229                 [out,ref]  policy_handle *connect_handle
 230                 );
 231
 232
 233         /******************/
 234         /* Function: 0x01 */
 235         [public] NTSTATUS samr_Close (
 236                 [in,out,ref]  policy_handle *handle
 237                 );
 238
 239         /******************/
 240         /* Function: 0x02 */
 241
 242         NTSTATUS samr_SetSecurity (
 243                 [in,ref]          policy_handle *handle,
 244                 [in]              security_secinfo sec_info,
 245                 [in,ref]          sec_desc_buf *sdbuf
 246                 );
 247
 248         /******************/
 249         /* Function: 0x03 */
 250
 251         NTSTATUS samr_QuerySecurity (
 252                 [in,ref]          policy_handle *handle,
 253                 [in]              security_secinfo sec_info,
 254                 [out,ref]         sec_desc_buf **sdbuf
 255                 );
 256
 257         /******************/
 258         /* Function: 0x04 */
 259
 260         /*
 261           shutdown the SAM - once you call this the SAM will be dead
 262         */
 263         NTSTATUS samr_Shutdown (
 264                 [in,ref]   policy_handle *connect_handle
 265                 );
 266
 267         /******************/
 268         /* Function: 0x05 */
 269         NTSTATUS samr_LookupDomain (
 270                 [in,ref]  policy_handle *connect_handle,
 271                 [in,ref]  lsa_String *domain_name,
 272                 [out,ref] dom_sid2 **sid
 273                 );
 274
 275
 276         /******************/
 277         /* Function: 0x06 */
 278
 279         typedef struct {
 280                 uint32 idx;
 281                 lsa_String name;
 282         } samr_SamEntry;
 283
 284         typedef struct {
 285                 uint32 count;
 286                 [size_is(count)] samr_SamEntry *entries;
 287         } samr_SamArray;
 288
 289         NTSTATUS samr_EnumDomains (
 290                 [in,ref]      policy_handle *connect_handle,
 291                 [in,out,ref]  uint32 *resume_handle,
 292                 [out,ref]     samr_SamArray **sam,
 293                 [in]          uint32 buf_size,
 294                 [out,ref]     uint32 *num_entries
 295                 );
 296
 297
 298         /************************/
 299         /* Function    0x07     */
 300         [public] NTSTATUS samr_OpenDomain(
 301                 [in,ref]      policy_handle *connect_handle,
 302                 [in]          samr_DomainAccessMask access_mask,
 303                 [in,ref]      dom_sid2 *sid,
 304                 [out,ref]     policy_handle *domain_handle
 305                 );
 306
 307         /************************/
 308         /* Function    0x08     */
 309
 310         typedef enum {
 311                 DomainPasswordInformation       = 1,
 312                 DomainGeneralInformation        = 2,
 313                 DomainLogoffInformation         = 3,
 314                 DomainOemInformation            = 4,
 315                 DomainNameInformation           = 5,
 316                 DomainReplicationInformation    = 6,
 317                 DomainServerRoleInformation     = 7,
 318                 DomainModifiedInformation       = 8,
 319                 DomainStateInformation          = 9,
 320                 DomainUasInformation            = 10,
 321                 DomainGeneralInformation2       = 11,
 322                 DomainLockoutInformation        = 12,
 323                 DomainModifiedInformation2      = 13
 324         } samr_DomainInfoClass;
 325
 326         /* server roles */
 327         typedef [v1_enum] enum {
 328                 SAMR_ROLE_STANDALONE    = 0,
 329                 SAMR_ROLE_DOMAIN_MEMBER = 1,
 330                 SAMR_ROLE_DOMAIN_BDC    = 2,
 331                 SAMR_ROLE_DOMAIN_PDC    = 3
 332         } samr_Role;
 333
 334         /* password properties flags */
 335         typedef [public,bitmap32bit] bitmap {
 336                 DOMAIN_PASSWORD_COMPLEX         = 0x00000001,
 337                 DOMAIN_PASSWORD_NO_ANON_CHANGE  = 0x00000002,
 338                 DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004,
 339                 DOMAIN_PASSWORD_LOCKOUT_ADMINS  = 0x00000008,
 340                 DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010,
 341                 DOMAIN_REFUSE_PASSWORD_CHANGE   = 0x00000020
 342         } samr_PasswordProperties;
 343
 344         typedef [v1_enum] enum {
 345                 DOMAIN_SERVER_ENABLED = 1,
 346                 DOMAIN_SERVER_DISABLED = 2
 347         } samr_DomainServerState;
 348
 349         typedef struct {
 350                 uint16 min_password_length;
 351                 uint16 password_history_length;
 352                 samr_PasswordProperties password_properties;
 353                 /* yes, these are signed. They are in negative 100ns */
 354                 dlong  max_password_age;
 355                 dlong  min_password_age;
 356         } samr_DomInfo1;
 357
 358         typedef struct {
 359                 NTTIME force_logoff_time;
 360                 lsa_String oem_information; /* comment */
 361                 lsa_String domain_name;
 362                 lsa_String primary; /* PDC name if this is a BDC */
 363                 udlong sequence_num;
 364                 samr_DomainServerState domain_server_state;
 365                 samr_Role role;
 366                 uint32 unknown3;
 367                 uint32 num_users;
 368                 uint32 num_groups;
 369                 uint32 num_aliases;
 370         } samr_DomGeneralInformation;
 371
 372         typedef struct {
 373                 NTTIME force_logoff_time;
 374         } samr_DomInfo3;
 375
 376         typedef struct {
 377                 lsa_String oem_information; /* comment */
 378         } samr_DomOEMInformation;
 379
 380         typedef struct {
 381                 lsa_String domain_name;
 382         } samr_DomInfo5;
 383
 384         typedef struct {
 385                 lsa_String primary;
 386         } samr_DomInfo6;
 387
 388         typedef struct {
 389                 samr_Role role;
 390         } samr_DomInfo7;
 391
 392         typedef struct {
 393                 hyper sequence_num;
 394                 NTTIME domain_create_time;
 395         } samr_DomInfo8;
 396
 397         typedef struct {
 398                 samr_DomainServerState domain_server_state;
 399         } samr_DomInfo9;
 400
 401         typedef struct {
 402                 samr_DomGeneralInformation general;
 403                 hyper lockout_duration;
 404                 hyper lockout_window;
 405                 uint16 lockout_threshold;
 406         } samr_DomGeneralInformation2;
 407
 408         typedef struct {
 409                 hyper lockout_duration;
 410                 hyper lockout_window;
 411                 uint16 lockout_threshold;
 412         } samr_DomInfo12;
 413
 414         typedef struct {
 415                 hyper sequence_num;
 416                 NTTIME domain_create_time;
 417                 hyper modified_count_at_last_promotion;
 418         } samr_DomInfo13;
 419
 420         typedef [switch_type(uint16)] union {
 421                 [case(1)] samr_DomInfo1 info1;
 422                 [case(2)] samr_DomGeneralInformation general;
 423                 [case(3)] samr_DomInfo3 info3;
 424                 [case(4)] samr_DomOEMInformation oem;
 425                 [case(5)] samr_DomInfo5 info5;
 426                 [case(6)] samr_DomInfo6 info6;
 427                 [case(7)] samr_DomInfo7 info7;
 428                 [case(8)] samr_DomInfo8 info8;
 429                 [case(9)] samr_DomInfo9 info9;
 430                 [case(11)] samr_DomGeneralInformation2 general2;
 431                 [case(12)] samr_DomInfo12 info12;
 432                 [case(13)] samr_DomInfo13 info13;
 433         } samr_DomainInfo;
 434
 435         NTSTATUS samr_QueryDomainInfo(
 436                 [in,ref]      policy_handle *domain_handle,
 437                 [in]          samr_DomainInfoClass level,
 438                 [out,ref,switch_is(level)] samr_DomainInfo **info
 439                 );
 440
 441         /************************/
 442         /* Function    0x09     */
 443         /*
 444           only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
 445           call in w2k3
 446         */
 447         NTSTATUS samr_SetDomainInfo(
 448                 [in,ref]      policy_handle *domain_handle,
 449                 [in]          samr_DomainInfoClass level,
 450                 [in,switch_is(level),ref] samr_DomainInfo *info
 451                 );
 452
 453
 454         /************************/
 455         /* Function    0x0a     */
 456         NTSTATUS samr_CreateDomainGroup(
 457                 [in,ref]      policy_handle *domain_handle,
 458                 [in,ref]      lsa_String *name,
 459                 [in]          samr_GroupAccessMask access_mask,
 460                 [out,ref]     policy_handle *group_handle,
 461                 [out,ref]     uint32 *rid
 462                 );
 463
 464
 465         /************************/
 466         /* Function    0x0b     */
 467         NTSTATUS samr_EnumDomainGroups(
 468                 [in]          policy_handle *domain_handle,
 469                 [in,out,ref]  uint32 *resume_handle,
 470                 [out,ref]     samr_SamArray **sam,
 471                 [in]          uint32 max_size,
 472                 [out,ref]     uint32 *num_entries
 473                 );
 474
 475         /************************/
 476         /* Function    0x0c     */
 477         NTSTATUS samr_CreateUser(
 478                 [in,ref]      policy_handle *domain_handle,
 479                 [in,ref]      lsa_String *account_name,
 480                 [in]          samr_UserAccessMask access_mask,
 481                 [out,ref]     policy_handle *user_handle,
 482                 [out,ref]     uint32 *rid
 483                 );
 484
 485         /************************/
 486         /* Function    0x0d     */
 487
 488
 489         /* w2k3 treats max_size as max_users*54 and sets the
 490            resume_handle as the rid of the last user sent
 491         */
 492         const int SAMR_ENUM_USERS_MULTIPLIER = 54;
 493
 494         NTSTATUS samr_EnumDomainUsers(
 495                 [in]          policy_handle *domain_handle,
 496                 [in,out,ref]  uint32 *resume_handle,
 497                 [in]          samr_AcctFlags acct_flags,
 498                 [out,ref]     samr_SamArray **sam,
 499                 [in]          uint32 max_size,
 500                 [out,ref]     uint32 *num_entries
 501                 );
 502
 503         /************************/
 504         /* Function    0x0e     */
 505         NTSTATUS samr_CreateDomAlias(
 506                 [in,ref]      policy_handle *domain_handle,
 507                 [in,ref]      lsa_String   *alias_name,
 508                 [in]          samr_AliasAccessMask access_mask,
 509                 [out,ref]     policy_handle *alias_handle,
 510                 [out,ref]     uint32        *rid
 511                 );
 512
 513         /************************/
 514         /* Function    0x0f     */
 515         NTSTATUS samr_EnumDomainAliases(
 516                 [in]          policy_handle *domain_handle,
 517                 [in,out,ref]  uint32 *resume_handle,
 518                 [out,ref]     samr_SamArray **sam,
 519                 [in]          uint32 max_size,
 520                 [out,ref]     uint32 *num_entries
 521                 );
 522
 523         /************************/
 524         /* Function    0x10     */
 525
 526         typedef struct {
 527                 [range(0,1024)]  uint32 count;
 528                 [size_is(count)] uint32 *ids;
 529         } samr_Ids;
 530
 531         NTSTATUS samr_GetAliasMembership(
 532                 [in,ref]      policy_handle *domain_handle,
 533                 [in,ref]      lsa_SidArray  *sids,
 534                 [out,ref]     samr_Ids *rids
 535                 );
 536
 537         /************************/
 538         /* Function    0x11     */
 539
 540         [public] NTSTATUS samr_LookupNames(
 541                 [in,ref]      policy_handle *domain_handle,
 542                 [in,range(0,1000)] uint32 num_names,
 543                 [in,size_is(1000),length_is(num_names)] lsa_String names[],
 544                 [out,ref]     samr_Ids *rids,
 545                 [out,ref]     samr_Ids *types
 546                 );
 547
 548
 549         /************************/
 550         /* Function    0x12     */
 551         NTSTATUS samr_LookupRids(
 552                 [in,ref]      policy_handle *domain_handle,
 553                 [in,range(0,1000)] uint32 num_rids,
 554                 [in,size_is(1000),length_is(num_rids)] uint32 rids[],
 555                 [out,ref]     lsa_Strings *names,
 556                 [out,ref]     samr_Ids *types
 557                 );
 558
 559         /************************/
 560         /* Function    0x13     */
 561         NTSTATUS samr_OpenGroup(
 562                 [in,ref]      policy_handle *domain_handle,
 563                 [in]          samr_GroupAccessMask access_mask,
 564                 [in]          uint32 rid,
 565                 [out,ref]     policy_handle *group_handle
 566                 );
 567
 568         /* Group attributes */
 569         typedef [public,bitmap32bit] bitmap {
 570                 SE_GROUP_MANDATORY              = 0x00000001,
 571                 SE_GROUP_ENABLED_BY_DEFAULT     = 0x00000002,
 572                 SE_GROUP_ENABLED                = 0x00000004,
 573                 SE_GROUP_OWNER                  = 0x00000008,
 574                 SE_GROUP_USE_FOR_DENY_ONLY      = 0x00000010,
 575                 SE_GROUP_RESOURCE               = 0x20000000,
 576                 SE_GROUP_LOGON_ID               = 0xC0000000
 577         } samr_GroupAttrs;
 578
 579         /************************/
 580         /* Function    0x14     */
 581
 582         typedef struct {
 583                 lsa_String name;
 584                 samr_GroupAttrs attributes;
 585                 uint32 num_members;
 586                 lsa_String description;
 587         } samr_GroupInfoAll;
 588
 589         typedef struct {
 590                 samr_GroupAttrs attributes;
 591         } samr_GroupInfoAttributes;
 592
 593         typedef struct {
 594                 lsa_String description;
 595         } samr_GroupInfoDescription;
 596
 597         typedef enum {
 598                 GROUPINFOALL          = 1,
 599                 GROUPINFONAME         = 2,
 600                 GROUPINFOATTRIBUTES   = 3,
 601                 GROUPINFODESCRIPTION  = 4,
 602                 GROUPINFOALL2         = 5
 603         } samr_GroupInfoEnum;
 604
 605         typedef [switch_type(samr_GroupInfoEnum)] union {
 606                 [case(GROUPINFOALL)]         samr_GroupInfoAll        all;
 607                 [case(GROUPINFONAME)]        lsa_String               name;
 608                 [case(GROUPINFOATTRIBUTES)]  samr_GroupInfoAttributes attributes;
 609                 [case(GROUPINFODESCRIPTION)] lsa_String               description;
 610                 [case(GROUPINFOALL2)]        samr_GroupInfoAll        all2;
 611         } samr_GroupInfo;
 612
 613         NTSTATUS samr_QueryGroupInfo(
 614                 [in,ref]                  policy_handle *group_handle,
 615                 [in]                      samr_GroupInfoEnum level,
 616                 [out,ref,switch_is(level)] samr_GroupInfo **info
 617                 );
 618
 619         /************************/
 620         /* Function    0x15     */
 621         NTSTATUS samr_SetGroupInfo(
 622                 [in,ref]                  policy_handle *group_handle,
 623                 [in]                      samr_GroupInfoEnum level,
 624                 [in,switch_is(level),ref] samr_GroupInfo *info
 625                 );
 626
 627         /************************/
 628         /* Function    0x16     */
 629         NTSTATUS samr_AddGroupMember(
 630                 [in,ref]                  policy_handle *group_handle,
 631                 [in]                      uint32 rid,
 632                 [in]                      uint32 flags
 633                 );
 634
 635         /************************/
 636         /* Function    0x17     */
 637         NTSTATUS samr_DeleteDomainGroup(
 638                 [in,out,ref]   policy_handle *group_handle
 639                 );
 640
 641         /************************/
 642         /* Function    0x18     */
 643         NTSTATUS samr_DeleteGroupMember(
 644                 [in,ref]                  policy_handle *group_handle,
 645                 [in]                      uint32 rid
 646                 );
 647
 648
 649         /************************/
 650         /* Function    0x19     */
 651         typedef struct {
 652                 uint32 count;
 653                 [size_is(count)] uint32 *rids;
 654                 [size_is(count)] samr_GroupAttrs *attributes;
 655         } samr_RidAttrArray;
 656
 657         NTSTATUS samr_QueryGroupMember(
 658                 [in,ref]  policy_handle *group_handle,
 659                 [out,ref] samr_RidAttrArray **rids
 660                 );
 661
 662
 663         /************************/
 664         /* Function    0x1a     */
 665
 666         /*
 667           win2003 seems to accept any data at all for the two integers
 668           below, and doesn't seem to do anything with them that I can
 669           see. Weird. I really expected the first integer to be a rid
 670           and the second to be the attributes for that rid member.
 671         */
 672         NTSTATUS samr_SetMemberAttributesOfGroup(
 673                 [in,ref]  policy_handle *group_handle,
 674                 [in]      uint32 unknown1,
 675                 [in]      uint32 unknown2
 676                 );
 677
 678
 679         /************************/
 680         /* Function    0x1b     */
 681         NTSTATUS samr_OpenAlias (
 682                 [in,ref]      policy_handle *domain_handle,
 683                 [in]          samr_AliasAccessMask access_mask,
 684                 [in]          uint32 rid,
 685                 [out,ref]     policy_handle *alias_handle
 686                 );
 687
 688
 689         /************************/
 690         /* Function    0x1c     */
 691
 692         typedef struct {
 693                 lsa_String name;
 694                 uint32 num_members;
 695                 lsa_String description;
 696         } samr_AliasInfoAll;
 697
 698         typedef enum {
 699                 ALIASINFOALL          = 1,
 700                 ALIASINFONAME         = 2,
 701                 ALIASINFODESCRIPTION  = 3
 702         } samr_AliasInfoEnum;
 703
 704         typedef [switch_type(samr_AliasInfoEnum)] union {
 705                 [case(ALIASINFOALL)] samr_AliasInfoAll all;
 706                 [case(ALIASINFONAME)] lsa_String name;
 707                 [case(ALIASINFODESCRIPTION)] lsa_String description;
 708         } samr_AliasInfo;
 709
 710         NTSTATUS samr_QueryAliasInfo(
 711                 [in,ref]                  policy_handle  *alias_handle,
 712                 [in]                      samr_AliasInfoEnum      level,
 713                 [out,ref,switch_is(level)] samr_AliasInfo **info
 714                 );
 715
 716         /************************/
 717         /* Function    0x1d     */
 718         NTSTATUS samr_SetAliasInfo(
 719                 [in,ref]                  policy_handle  *alias_handle,
 720                 [in]                      samr_AliasInfoEnum      level,
 721                 [in,switch_is(level),ref] samr_AliasInfo *info
 722                 );
 723
 724         /************************/
 725         /* Function    0x1e     */
 726         NTSTATUS samr_DeleteDomAlias(
 727                 [in,out,ref]  policy_handle *alias_handle
 728                 );
 729
 730         /************************/
 731         /* Function    0x1f     */
 732         NTSTATUS samr_AddAliasMember(
 733                 [in,ref]  policy_handle *alias_handle,
 734                 [in,ref]  dom_sid2      *sid
 735                 );
 736
 737         /************************/
 738         /* Function    0x20     */
 739         NTSTATUS samr_DeleteAliasMember(
 740                 [in,ref] policy_handle *alias_handle,
 741                 [in,ref] dom_sid2      *sid
 742                 );
 743
 744         /************************/
 745         /* Function    0x21     */
 746         NTSTATUS samr_GetMembersInAlias(
 747                 [in,ref]   policy_handle *alias_handle,
 748                 [out,ref]  lsa_SidArray    *sids
 749                 );
 750
 751         /************************/
 752         /* Function    0x22     */
 753         [public] NTSTATUS samr_OpenUser(
 754                 [in,ref]      policy_handle *domain_handle,
 755                 [in]          samr_UserAccessMask access_mask,
 756                 [in]          uint32 rid,
 757                 [out,ref]     policy_handle *user_handle
 758                 );
 759
 760         /************************/
 761         /* Function    0x23     */
 762         NTSTATUS samr_DeleteUser(
 763                 [in,out,ref]   policy_handle *user_handle
 764                 );
 765
 766         /************************/
 767         /* Function    0x24     */
 768
 769         typedef enum {
 770                 UserGeneralInformation          = 1,
 771                 UserPreferencesInformation      = 2,
 772                 UserLogonInformation            = 3,
 773                 UserLogonHoursInformation       = 4,
 774                 UserAccountInformation          = 5,
 775                 UserNameInformation             = 6,
 776                 UserAccountNameInformation      = 7,
 777                 UserFullNameInformation         = 8,
 778                 UserPrimaryGroupInformation     = 9,
 779                 UserHomeInformation             = 10,
 780                 UserScriptInformation           = 11,
 781                 UserProfileInformation          = 12,
 782                 UserAdminCommentInformation     = 13,
 783                 UserWorkStationsInformation     = 14,
 784                 UserControlInformation          = 16,
 785                 UserExpiresInformation          = 17,
 786                 UserInternal1Information        = 18,
 787                 UserParametersInformation       = 20,
 788                 UserAllInformation              = 21,
 789                 UserInternal4Information        = 23,
 790                 UserInternal5Information        = 24,
 791                 UserInternal4InformationNew     = 25,
 792                 UserInternal5InformationNew     = 26
 793         } samr_UserInfoLevel;
 794
 795         typedef struct {
 796                 lsa_String account_name;
 797                 lsa_String full_name;
 798                 uint32 primary_gid;
 799                 lsa_String description;
 800                 lsa_String comment;
 801         } samr_UserInfo1;
 802
 803         typedef struct {
 804                 lsa_String comment;
 805                 lsa_String reserved; /* settable, but doesn't stick. probably obsolete */
 806                 uint16 country_code;
 807                 uint16 code_page;
 808         } samr_UserInfo2;
 809
 810         /* this is also used in samr and netlogon */
 811         typedef [public, flag(NDR_PAHEX)] struct {
 812                 uint16 units_per_week;
 813                 [size_is(1260), length_is(units_per_week/8)] uint8 *bits;
 814         } samr_LogonHours;
 815
 816         typedef struct {
 817                 lsa_String account_name;
 818                 lsa_String full_name;
 819                 uint32 rid;
 820                 uint32 primary_gid;
 821                 lsa_String home_directory;
 822                 lsa_String home_drive;
 823                 lsa_String logon_script;
 824                 lsa_String profile_path;
 825                 lsa_String workstations;
 826                 NTTIME last_logon;
 827                 NTTIME last_logoff;
 828                 NTTIME last_password_change;
 829                 NTTIME allow_password_change;
 830                 NTTIME force_password_change;
 831                 samr_LogonHours logon_hours;
 832                 uint16 bad_password_count;
 833                 uint16 logon_count;
 834                 samr_AcctFlags acct_flags;
 835         } samr_UserInfo3;
 836
 837         typedef struct {
 838                 samr_LogonHours logon_hours;
 839         } samr_UserInfo4;
 840
 841         typedef struct {
 842                 lsa_String account_name;
 843                 lsa_String full_name;
 844                 uint32 rid;
 845                 uint32 primary_gid;
 846                 lsa_String home_directory;
 847                 lsa_String home_drive;
 848                 lsa_String logon_script;
 849                 lsa_String profile_path;
 850                 lsa_String description;
 851                 lsa_String workstations;
 852                 NTTIME last_logon;
 853                 NTTIME last_logoff;
 854                 samr_LogonHours logon_hours;
 855                 uint16 bad_password_count;
 856                 uint16 logon_count;
 857                 NTTIME last_password_change;
 858                 NTTIME acct_expiry;
 859                 samr_AcctFlags acct_flags;
 860         } samr_UserInfo5;
 861
 862         typedef struct {
 863                 lsa_String account_name;
 864                 lsa_String full_name;
 865         } samr_UserInfo6;
 866
 867         typedef struct {
 868                 lsa_String account_name;
 869         } samr_UserInfo7;
 870
 871         typedef struct {
 872                 lsa_String full_name;
 873         } samr_UserInfo8;
 874
 875         typedef struct {
 876                 uint32 primary_gid;
 877         } samr_UserInfo9;
 878
 879         typedef struct {
 880                 lsa_String home_directory;
 881                 lsa_String home_drive;
 882         } samr_UserInfo10;
 883
 884         typedef struct {
 885                 lsa_String logon_script;
 886         } samr_UserInfo11;
 887
 888         typedef struct {
 889                 lsa_String profile_path;
 890         } samr_UserInfo12;
 891
 892         typedef struct {
 893                 lsa_String description;
 894         } samr_UserInfo13;
 895
 896         typedef struct {
 897                 lsa_String workstations;
 898         } samr_UserInfo14;
 899
 900         typedef struct {
 901                 samr_AcctFlags acct_flags;
 902         } samr_UserInfo16;
 903
 904         typedef struct {
 905                 NTTIME acct_expiry;
 906         } samr_UserInfo17;
 907
 908         typedef [public, flag(NDR_PAHEX)] struct {
 909                 uint8 hash[16];
 910         } samr_Password;
 911
 912         typedef struct {
 913                 samr_Password nt_pwd;
 914                 samr_Password lm_pwd;
 915                 boolean8 nt_pwd_active;
 916                 boolean8 lm_pwd_active;
 917                 uint8 password_expired;
 918         } samr_UserInfo18;
 919
 920         typedef struct {
 921                 lsa_BinaryString parameters;
 922         } samr_UserInfo20;
 923
 924         /* this defines the bits used for fields_present in info21 */
 925         typedef [bitmap32bit] bitmap {
 926                 SAMR_FIELD_ACCOUNT_NAME     = 0x00000001,
 927                 SAMR_FIELD_FULL_NAME        = 0x00000002,
 928                 SAMR_FIELD_RID              = 0x00000004,
 929                 SAMR_FIELD_PRIMARY_GID      = 0x00000008,
 930                 SAMR_FIELD_DESCRIPTION      = 0x00000010,
 931                 SAMR_FIELD_COMMENT          = 0x00000020,
 932                 SAMR_FIELD_HOME_DIRECTORY   = 0x00000040,
 933                 SAMR_FIELD_HOME_DRIVE       = 0x00000080,
 934                 SAMR_FIELD_LOGON_SCRIPT     = 0x00000100,
 935                 SAMR_FIELD_PROFILE_PATH     = 0x00000200,
 936                 SAMR_FIELD_WORKSTATIONS     = 0x00000400,
 937                 SAMR_FIELD_LAST_LOGON       = 0x00000800,
 938                 SAMR_FIELD_LAST_LOGOFF      = 0x00001000,
 939                 SAMR_FIELD_LOGON_HOURS      = 0x00002000,
 940                 SAMR_FIELD_BAD_PWD_COUNT    = 0x00004000,
 941                 SAMR_FIELD_NUM_LOGONS       = 0x00008000,
 942                 SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000,
 943                 SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000,
 944                 SAMR_FIELD_LAST_PWD_CHANGE  = 0x00040000,
 945                 SAMR_FIELD_ACCT_EXPIRY      = 0x00080000,
 946                 SAMR_FIELD_ACCT_FLAGS       = 0x00100000,
 947                 SAMR_FIELD_PARAMETERS       = 0x00200000,
 948                 SAMR_FIELD_COUNTRY_CODE     = 0x00400000,
 949                 SAMR_FIELD_CODE_PAGE        = 0x00800000,
 950                 SAMR_FIELD_NT_PASSWORD_PRESENT = 0x01000000, /* either of these */
 951                 SAMR_FIELD_LM_PASSWORD_PRESENT = 0x02000000, /* two bits seems to work */
 952                 SAMR_FIELD_PRIVATE_DATA     = 0x04000000,
 953                 SAMR_FIELD_EXPIRED_FLAG     = 0x08000000,
 954                 SAMR_FIELD_SEC_DESC         = 0x10000000,
 955                 SAMR_FIELD_OWF_PWD          = 0x20000000
 956         } samr_FieldsPresent;
 957
 958         /* used for 'password_expired' in samr_UserInfo21 */
 959         const int PASS_MUST_CHANGE_AT_NEXT_LOGON = 0x01;
 960         const int PASS_DONT_CHANGE_AT_NEXT_LOGON = 0x00;
 961
 962         typedef struct {
 963                 NTTIME last_logon;
 964                 NTTIME last_logoff;
 965                 NTTIME last_password_change;
 966                 NTTIME acct_expiry;
 967                 NTTIME allow_password_change;
 968                 NTTIME force_password_change;
 969                 lsa_String account_name;
 970                 lsa_String full_name;
 971                 lsa_String home_directory;
 972                 lsa_String home_drive;
 973                 lsa_String logon_script;
 974                 lsa_String profile_path;
 975                 lsa_String description;
 976                 lsa_String workstations;
 977                 lsa_String comment;
 978                 lsa_BinaryString parameters;
 979                 lsa_BinaryString lm_owf_password;
 980                 lsa_BinaryString nt_owf_password;
 981                 lsa_String private_data;
 982                 uint32 buf_count;
 983                 [size_is(buf_count)] uint8 *buffer;
 984                 uint32 rid;
 985                 uint32 primary_gid;
 986                 samr_AcctFlags acct_flags;
 987                 samr_FieldsPresent fields_present;
 988                 samr_LogonHours logon_hours;
 989                 uint16 bad_password_count;
 990                 uint16 logon_count;
 991                 uint16 country_code;
 992                 uint16 code_page;
 993                 uint8  lm_password_set;
 994                 uint8  nt_password_set;
 995                 uint8  password_expired;
 996                 uint8  private_data_sensitive;
 997         } samr_UserInfo21;
 998
 999         typedef [public, flag(NDR_PAHEX)] struct {
1000                 uint8 data[516];
1001         } samr_CryptPassword;
1002
1003         typedef struct {
1004                 samr_UserInfo21 info;
1005                 samr_CryptPassword password;
1006         } samr_UserInfo23;
1007
1008         typedef struct {
1009                 samr_CryptPassword password;
1010                 uint8 password_expired;
1011         } samr_UserInfo24;
1012
1013         typedef [flag(NDR_PAHEX)] struct {
1014                 uint8 data[532];
1015         } samr_CryptPasswordEx;
1016
1017         typedef struct {
1018                 samr_UserInfo21 info;
1019                 samr_CryptPasswordEx password;
1020         } samr_UserInfo25;
1021
1022         typedef struct {
1023                 samr_CryptPasswordEx password;
1024                 uint8 password_expired;
1025         } samr_UserInfo26;
1026
1027         typedef [switch_type(uint16)] union {
1028                 [case(1)] samr_UserInfo1 info1;
1029                 [case(2)] samr_UserInfo2 info2;
1030                 [case(3)] samr_UserInfo3 info3;
1031                 [case(4)] samr_UserInfo4 info4;
1032                 [case(5)] samr_UserInfo5 info5;
1033                 [case(6)] samr_UserInfo6 info6;
1034                 [case(7)] samr_UserInfo7 info7;
1035                 [case(8)] samr_UserInfo8 info8;
1036                 [case(9)] samr_UserInfo9 info9;
1037                 [case(10)] samr_UserInfo10 info10;
1038                 [case(11)] samr_UserInfo11 info11;
1039                 [case(12)] samr_UserInfo12 info12;
1040                 [case(13)] samr_UserInfo13 info13;
1041                 [case(14)] samr_UserInfo14 info14;
1042                 [case(16)] samr_UserInfo16 info16;
1043                 [case(17)] samr_UserInfo17 info17;
1044                 [case(18)] samr_UserInfo18 info18;
1045                 [case(20)] samr_UserInfo20 info20;
1046                 [case(21)] samr_UserInfo21 info21;
1047                 [case(23)] samr_UserInfo23 info23;
1048                 [case(24)] samr_UserInfo24 info24;
1049                 [case(25)] samr_UserInfo25 info25;
1050                 [case(26)] samr_UserInfo26 info26;
1051         } samr_UserInfo;
1052
1053         [public] NTSTATUS samr_QueryUserInfo(
1054                 [in,ref]                  policy_handle *user_handle,
1055                 [in]                      samr_UserInfoLevel level,
1056                 [out,ref,switch_is(level)] samr_UserInfo **info
1057                 );
1058
1059
1060         /************************/
1061         /* Function    0x25     */
1062         [public] NTSTATUS samr_SetUserInfo(
1063                 [in,ref]                   policy_handle *user_handle,
1064                 [in]                       samr_UserInfoLevel level,
1065                 [in,ref,switch_is(level)]  samr_UserInfo *info
1066                 );
1067
1068         /************************/
1069         /* Function    0x26     */
1070         /*
1071           this is a password change interface that doesn't give
1072           the server the plaintext password. Depricated.
1073         */
1074         NTSTATUS samr_ChangePasswordUser(
1075                 [in,ref]    policy_handle *user_handle,
1076                 [in]        boolean8 lm_present,
1077                 [in,unique] samr_Password *old_lm_crypted,
1078                 [in,unique] samr_Password *new_lm_crypted,
1079                 [in]        boolean8 nt_present,
1080                 [in,unique] samr_Password *old_nt_crypted,
1081                 [in,unique] samr_Password *new_nt_crypted,
1082                 [in]        boolean8 cross1_present,
1083                 [in,unique] samr_Password *nt_cross,
1084                 [in]        boolean8 cross2_present,
1085                 [in,unique] samr_Password *lm_cross
1086                 );
1087
1088         /************************/
1089         /* Function    0x27     */
1090
1091         typedef [public] struct {
1092                 uint32 rid;
1093                 samr_GroupAttrs attributes;
1094         } samr_RidWithAttribute;
1095
1096         typedef [public] struct {
1097                 uint32     count;
1098                 [size_is(count)] samr_RidWithAttribute *rids;
1099         } samr_RidWithAttributeArray;
1100
1101         NTSTATUS samr_GetGroupsForUser(
1102                 [in,ref]   policy_handle *user_handle,
1103                 [out,ref]  samr_RidWithAttributeArray  **rids
1104                 );
1105
1106         /************************/
1107         /* Function    0x28     */
1108
1109         typedef struct {
1110                 uint32    idx;
1111                 uint32    rid;
1112                 samr_AcctFlags acct_flags;
1113                 lsa_String account_name;
1114                 lsa_String description;
1115                 lsa_String full_name;
1116         } samr_DispEntryGeneral;
1117
1118         typedef struct {
1119                 uint32 count;
1120                 [size_is(count)] samr_DispEntryGeneral *entries;
1121         } samr_DispInfoGeneral;
1122
1123         typedef struct {
1124                 uint32    idx;
1125                 uint32    rid;
1126                 samr_AcctFlags acct_flags;
1127                 lsa_String account_name;
1128                 lsa_String description;
1129         } samr_DispEntryFull;
1130
1131         typedef struct {
1132                 uint32 count;
1133                 [size_is(count)] samr_DispEntryFull *entries;
1134         } samr_DispInfoFull;
1135
1136         typedef struct {
1137                 uint32    idx;
1138                 uint32    rid;
1139                 samr_GroupAttrs acct_flags;
1140                 lsa_String account_name;
1141                 lsa_String description;
1142         } samr_DispEntryFullGroup;
1143
1144         typedef struct {
1145                 uint32 count;
1146                 [size_is(count)] samr_DispEntryFullGroup *entries;
1147         } samr_DispInfoFullGroups;
1148
1149         typedef struct {
1150                 uint32    idx;
1151                 lsa_AsciiStringLarge account_name;
1152         } samr_DispEntryAscii;
1153
1154         typedef struct {
1155                 uint32 count;
1156                 [size_is(count)] samr_DispEntryAscii *entries;
1157         } samr_DispInfoAscii;
1158
1159         typedef [switch_type(uint16)] union {
1160                 [case(1)] samr_DispInfoGeneral info1;/* users */
1161                 [case(2)] samr_DispInfoFull info2; /* trust accounts? */
1162                 [case(3)] samr_DispInfoFullGroups info3; /* groups */
1163                 [case(4)] samr_DispInfoAscii info4; /* users */
1164                 [case(5)] samr_DispInfoAscii info5; /* groups */
1165         } samr_DispInfo;
1166
1167         NTSTATUS samr_QueryDisplayInfo(
1168                 [in,ref]    policy_handle *domain_handle,
1169                 [in]        uint16 level,
1170                 [in]        uint32 start_idx,
1171                 [in]        uint32 max_entries,
1172                 [in]        uint32 buf_size,
1173                 [out,ref]   uint32 *total_size,
1174                 [out,ref]   uint32 *returned_size,
1175                 [out,ref,switch_is(level)] samr_DispInfo *info
1176                 );
1177
1178
1179         /************************/
1180         /* Function    0x29     */
1181
1182         /*
1183           this seems to be an alphabetic search function. The returned index
1184           is the index for samr_QueryDisplayInfo needed to get names occurring
1185           after the specified name. The supplied name does not need to exist
1186           in the database (for example you can supply just a first letter for
1187           searching starting at that letter)
1188
1189           The level corresponds to the samr_QueryDisplayInfo level
1190         */
1191         NTSTATUS samr_GetDisplayEnumerationIndex(
1192                 [in,ref]    policy_handle *domain_handle,
1193                 [in]        uint16 level,
1194                 [in,ref]    lsa_String *name,
1195                 [out,ref]   uint32 *idx
1196                 );
1197
1198
1199
1200         /************************/
1201         /* Function    0x2a     */
1202
1203         /*
1204           w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
1205         */
1206         NTSTATUS samr_TestPrivateFunctionsDomain(
1207                 [in,ref]    policy_handle *domain_handle
1208                 );
1209
1210
1211         /************************/
1212         /* Function    0x2b     */
1213
1214         /*
1215           w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
1216         */
1217         NTSTATUS samr_TestPrivateFunctionsUser(
1218                 [in,ref]    policy_handle *user_handle
1219                 );
1220
1221
1222         /************************/
1223         /* Function    0x2c     */
1224
1225         typedef struct {
1226                 uint16 min_password_length;
1227                 samr_PasswordProperties password_properties;
1228         } samr_PwInfo;
1229
1230         [public] NTSTATUS samr_GetUserPwInfo(
1231                 [in,ref]    policy_handle *user_handle,
1232                 [out,ref]   samr_PwInfo *info
1233                 );
1234
1235         /************************/
1236         /* Function    0x2d     */
1237         NTSTATUS samr_RemoveMemberFromForeignDomain(
1238                 [in,ref]    policy_handle *domain_handle,
1239                 [in,ref]    dom_sid2 *sid
1240                 );
1241
1242         /************************/
1243         /* Function    0x2e     */
1244
1245         /*
1246           how is this different from QueryDomainInfo ??
1247         */
1248         NTSTATUS samr_QueryDomainInfo2(
1249                 [in,ref]      policy_handle *domain_handle,
1250                 [in]          samr_DomainInfoClass level,
1251                 [out,ref,switch_is(level)] samr_DomainInfo **info
1252                 );
1253
1254         /************************/
1255         /* Function    0x2f     */
1256
1257         /*
1258           how is this different from QueryUserInfo ??
1259         */
1260         NTSTATUS samr_QueryUserInfo2(
1261                 [in,ref]                  policy_handle *user_handle,
1262                 [in]                      samr_UserInfoLevel level,
1263                 [out,ref,switch_is(level)]    samr_UserInfo **info
1264                 );
1265
1266         /************************/
1267         /* Function    0x30     */
1268
1269         /*
1270           how is this different from QueryDisplayInfo??
1271         */
1272         NTSTATUS samr_QueryDisplayInfo2(
1273                 [in,ref]    policy_handle *domain_handle,
1274                 [in]        uint16 level,
1275                 [in]        uint32 start_idx,
1276                 [in]        uint32 max_entries,
1277                 [in]        uint32 buf_size,
1278                 [out,ref]   uint32 *total_size,
1279                 [out,ref]   uint32 *returned_size,
1280                 [out,ref,switch_is(level)] samr_DispInfo *info
1281                 );
1282
1283         /************************/
1284         /* Function    0x31     */
1285
1286         /*
1287           how is this different from GetDisplayEnumerationIndex ??
1288         */
1289         NTSTATUS samr_GetDisplayEnumerationIndex2(
1290                 [in,ref]    policy_handle *domain_handle,
1291                 [in]        uint16 level,
1292                 [in,ref]    lsa_String *name,
1293                 [out,ref]   uint32 *idx
1294                 );
1295
1296
1297         /************************/
1298         /* Function    0x32     */
1299         NTSTATUS samr_CreateUser2(
1300                 [in,ref]      policy_handle *domain_handle,
1301                 [in,ref]      lsa_String *account_name,
1302                 [in]          samr_AcctFlags acct_flags,
1303                 [in]          samr_UserAccessMask access_mask,
1304                 [out,ref]     policy_handle *user_handle,
1305                 [out,ref]     uint32 *access_granted,
1306                 [out,ref]     uint32 *rid
1307                 );
1308
1309
1310         /************************/
1311         /* Function    0x33     */
1312
1313         /*
1314           another duplicate. There must be a reason ....
1315         */
1316         NTSTATUS samr_QueryDisplayInfo3(
1317                 [in,ref]    policy_handle *domain_handle,
1318                 [in]        uint16 level,
1319                 [in]        uint32 start_idx,
1320                 [in]        uint32 max_entries,
1321                 [in]        uint32 buf_size,
1322                 [out,ref]   uint32 *total_size,
1323                 [out,ref]   uint32 *returned_size,
1324                 [out,ref,switch_is(level)] samr_DispInfo *info
1325                 );
1326
1327         /************************/
1328         /* Function    0x34     */
1329         NTSTATUS samr_AddMultipleMembersToAlias(
1330                 [in,ref]    policy_handle *alias_handle,
1331                 [in,ref]    lsa_SidArray *sids
1332                 );
1333
1334         /************************/
1335         /* Function    0x35     */
1336         NTSTATUS samr_RemoveMultipleMembersFromAlias(
1337                 [in,ref]    policy_handle *alias_handle,
1338                 [in,ref]    lsa_SidArray *sids
1339                 );
1340
1341         /************************/
1342         /* Function    0x36     */
1343
1344         NTSTATUS samr_OemChangePasswordUser2(
1345                 [in,unique]       lsa_AsciiString *server,
1346                 [in,ref]          lsa_AsciiString *account,
1347                 [in,unique]       samr_CryptPassword *password,
1348                 [in,unique]       samr_Password *hash
1349                 );
1350
1351         /************************/
1352         /* Function    0x37     */
1353         NTSTATUS samr_ChangePasswordUser2(
1354                 [in,unique]       lsa_String *server,
1355                 [in,ref]          lsa_String *account,
1356                 [in,unique]       samr_CryptPassword *nt_password,
1357                 [in,unique]       samr_Password *nt_verifier,
1358                 [in]              boolean8 lm_change,
1359                 [in,unique]       samr_CryptPassword *lm_password,
1360                 [in,unique]       samr_Password *lm_verifier
1361                 );
1362
1363         /************************/
1364         /* Function    0x38     */
1365         NTSTATUS samr_GetDomPwInfo(
1366                 [in,unique] lsa_String *domain_name,
1367                 [out,ref]   samr_PwInfo *info
1368                 );
1369
1370         /************************/
1371         /* Function    0x39     */
1372         NTSTATUS samr_Connect2(
1373                 [in,unique,string,charset(UTF16)] uint16 *system_name,
1374                 [in] samr_ConnectAccessMask access_mask,
1375                 [out,ref]  policy_handle *connect_handle
1376                 );
1377
1378         /************************/
1379         /* Function    0x3a     */
1380         /*
1381           seems to be an exact alias for samr_SetUserInfo()
1382         */
1383         [public] NTSTATUS samr_SetUserInfo2(
1384                 [in,ref]                   policy_handle *user_handle,
1385                 [in]                       samr_UserInfoLevel level,
1386                 [in,ref,switch_is(level)]  samr_UserInfo *info
1387                 );
1388
1389         /************************/
1390         /* Function    0x3b     */
1391         /*
1392           this one is mysterious. I have a few guesses, but nothing working yet
1393         */
1394         NTSTATUS samr_SetBootKeyInformation(
1395                 [in,ref]   policy_handle *connect_handle,
1396                 [in]       uint32 unknown1,
1397                 [in]       uint32 unknown2,
1398                 [in]       uint32 unknown3
1399                 );
1400
1401         /************************/
1402         /* Function    0x3c     */
1403         NTSTATUS samr_GetBootKeyInformation(
1404                 [in,ref]   policy_handle *domain_handle,
1405                 [out,ref]  uint32 *unknown
1406                 );
1407
1408         /************************/
1409         /* Function    0x3d     */
1410         NTSTATUS samr_Connect3(
1411                 [in,unique,string,charset(UTF16)] uint16 *system_name,
1412                 /* this unknown value seems to be completely ignored by w2k3 */
1413                 [in] uint32 unknown,
1414                 [in] samr_ConnectAccessMask access_mask,
1415                 [out,ref]  policy_handle *connect_handle
1416                 );
1417
1418         /************************/
1419         /* Function    0x3e     */
1420
1421         typedef [v1_enum] enum {
1422                 SAMR_CONNECT_PRE_W2K    = 1,
1423                 SAMR_CONNECT_W2K        = 2,
1424                 SAMR_CONNECT_AFTER_W2K  = 3
1425         } samr_ConnectVersion;
1426
1427         NTSTATUS samr_Connect4(
1428                 [in,unique,string,charset(UTF16)] uint16 *system_name,
1429                 [in] samr_ConnectVersion client_version,
1430                 [in] samr_ConnectAccessMask access_mask,
1431                 [out,ref]  policy_handle *connect_handle
1432                 );
1433
1434         /************************/
1435         /* Function    0x3f     */
1436
1437         typedef [public,v1_enum] enum {
1438                 SAM_PWD_CHANGE_NO_ERROR             = 0,
1439                 SAM_PWD_CHANGE_PASSWORD_TOO_SHORT   = 1,
1440                 SAM_PWD_CHANGE_PWD_IN_HISTORY       = 2,
1441                 SAM_PWD_CHANGE_USERNAME_IN_PASSWORD = 3,
1442                 SAM_PWD_CHANGE_FULLNAME_IN_PASSWORD = 4,
1443                 SAM_PWD_CHANGE_NOT_COMPLEX          = 5,
1444                 SAM_PWD_CHANGE_MACHINE_NOT_DEFAULT  = 6,
1445                 SAM_PWD_CHANGE_FAILED_BY_FILTER     = 7,
1446                 SAM_PWD_CHANGE_PASSWORD_TOO_LONG    = 8
1447         } samPwdChangeReason;
1448
1449         typedef struct {
1450                 samPwdChangeReason extendedFailureReason;
1451                 lsa_String filterModuleName;
1452         } userPwdChangeFailureInformation;
1453
1454         [public] NTSTATUS samr_ChangePasswordUser3(
1455                 [in,unique]       lsa_String *server,
1456                 [in,ref]          lsa_String *account,
1457                 [in,unique]       samr_CryptPassword *nt_password,
1458                 [in,unique]       samr_Password *nt_verifier,
1459                 [in]              boolean8 lm_change,
1460                 [in,unique]       samr_CryptPassword *lm_password,
1461                 [in,unique]       samr_Password *lm_verifier,
1462                 [in,unique]       samr_CryptPassword *password3,
1463                 [out,ref]         samr_DomInfo1 **dominfo,
1464                 [out,ref]         userPwdChangeFailureInformation **reject
1465                 );
1466
1467         /************************/
1468         /* Function    0x40      */
1469
1470         typedef struct {
1471                 samr_ConnectVersion client_version; /* w2k3 gives 3 */
1472                 uint32         unknown2; /* w2k3 gives 0 */
1473         } samr_ConnectInfo1;
1474
1475         typedef union {
1476                 [case(1)]  samr_ConnectInfo1 info1;
1477         } samr_ConnectInfo;
1478
1479         [public] NTSTATUS samr_Connect5(
1480                 [in,unique,string,charset(UTF16)] uint16 *system_name,
1481                 [in]       samr_ConnectAccessMask  access_mask,
1482                 [in]       uint32             level_in,
1483                 [in,ref,switch_is(level_in)] samr_ConnectInfo *info_in,
1484                 [out,ref]  uint32             *level_out,
1485                 [out,ref,switch_is(*level_out)] samr_ConnectInfo *info_out,
1486                 [out,ref]  policy_handle      *connect_handle
1487                 );
1488
1489         /************************/
1490         /* Function    0x41     */
1491         NTSTATUS samr_RidToSid(
1492                 [in,ref]    policy_handle *domain_handle,
1493                 [in]        uint32        rid,
1494                 [out,ref]   dom_sid2      **sid
1495                 );
1496
1497         /************************/
1498         /* Function    0x42     */
1499
1500         /*
1501           this should set the DSRM password for the server, which is used
1502           when booting into Directory Services Recovery Mode on a DC. Win2003
1503           gives me NT_STATUS_NOT_SUPPORTED
1504         */
1505
1506         NTSTATUS samr_SetDsrmPassword(
1507                 [in,unique] lsa_String *name,
1508                 [in]       uint32 unknown,
1509                 [in,unique] samr_Password *hash
1510                 );
1511
1512
1513         /************************/
1514         /* Function    0x43     */
1515         /************************/
1516         typedef [bitmap32bit] bitmap {
1517                 SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET           = 0x00000001,
1518                 SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME           = 0x00000002,
1519                 SAMR_VALIDATE_FIELD_LOCKOUT_TIME                = 0x00000004,
1520                 SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT          = 0x00000008,
1521                 SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH     = 0x00000010,
1522                 SAMR_VALIDATE_FIELD_PASSWORD_HISTORY            = 0x00000020
1523         } samr_ValidateFieldsPresent;
1524
1525         typedef enum {
1526                 NetValidateAuthentication = 1,
1527                 NetValidatePasswordChange= 2,
1528                 NetValidatePasswordReset = 3
1529         } samr_ValidatePasswordLevel;
1530
1531         /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't
1532          * identified the mapping of
1533          * - NERR_PasswordFilterError
1534          * - NERR_PasswordExpired and
1535          * - NERR_PasswordCantChange
1536          * yet - Guenther
1537          */
1538
1539         typedef enum {
1540                 SAMR_VALIDATION_STATUS_SUCCESS = 0,
1541                 SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1,
1542                 SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2,
1543                 SAMR_VALIDATION_STATUS_PASSWORD_EXPIRED = 3,
1544                 SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4,
1545                 SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5,
1546                 SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6,
1547                 SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7,
1548                 SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8,
1549                 SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9,
1550                 SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR = 10
1551         } samr_ValidationStatus;
1552
1553         typedef struct {
1554                 uint32 length;
1555                 [size_is(length)] uint8 *data;
1556         } samr_ValidationBlob;
1557
1558         typedef struct {
1559                 samr_ValidateFieldsPresent fields_present;
1560                 NTTIME_hyper last_password_change;
1561                 NTTIME_hyper bad_password_time;
1562                 NTTIME_hyper lockout_time;
1563                 uint32 bad_pwd_count;
1564                 uint32 pwd_history_len;
1565                 [size_is(pwd_history_len)] samr_ValidationBlob *pwd_history;
1566         } samr_ValidatePasswordInfo;
1567
1568         typedef struct {
1569                 samr_ValidatePasswordInfo info;
1570                 samr_ValidationStatus status;
1571         } samr_ValidatePasswordRepCtr;
1572
1573         typedef [switch_type(uint16)] union {
1574                 [case(1)] samr_ValidatePasswordRepCtr ctr1;
1575                 [case(2)] samr_ValidatePasswordRepCtr ctr2;
1576                 [case(3)] samr_ValidatePasswordRepCtr ctr3;
1577         } samr_ValidatePasswordRep;
1578
1579         typedef struct {
1580                 samr_ValidatePasswordInfo info;
1581                 lsa_StringLarge password;
1582                 lsa_StringLarge account;
1583                 samr_ValidationBlob hash;
1584                 boolean8 pwd_must_change_at_next_logon;
1585                 boolean8 clear_lockout;
1586         } samr_ValidatePasswordReq3;
1587
1588         typedef struct {
1589                 samr_ValidatePasswordInfo info;
1590                 lsa_StringLarge password;
1591                 lsa_StringLarge account;
1592                 samr_ValidationBlob hash;
1593                 boolean8 password_matched;
1594         } samr_ValidatePasswordReq2;
1595
1596         typedef struct {
1597                 samr_ValidatePasswordInfo info;
1598                 boolean8 password_matched;
1599         } samr_ValidatePasswordReq1;
1600
1601         typedef [switch_type(uint16)] union {
1602                 [case(1)] samr_ValidatePasswordReq1 req1;
1603                 [case(2)] samr_ValidatePasswordReq2 req2;
1604                 [case(3)] samr_ValidatePasswordReq3 req3;
1605         } samr_ValidatePasswordReq;
1606
1607         NTSTATUS samr_ValidatePassword(
1608                 [in] samr_ValidatePasswordLevel level,
1609                 [in,switch_is(level)] samr_ValidatePasswordReq *req,
1610                 [out,ref,switch_is(level)] samr_ValidatePasswordRep **rep
1611                 );
1612 }