4 samr interface definition
8 Thanks to Todd Sabin for some information from his samr.idl in acltools
11 [ uuid(12345778-1234-abcd-ef00-0123456789ac),
13 endpoints(samr,TCP-0),
14 pointer_default(unique)
17 /* account control (acct_flags) bits */
18 const int ACB_DISABLED = 0x0001; /* 1 = User account disabled */
19 const int ACB_HOMDIRREQ = 0x0002; /* 1 = Home directory required */
20 const int ACB_PWNOTREQ = 0x0004; /* 1 = User password not required */
21 const int ACB_TEMPDUP = 0x0008; /* 1 = Temporary duplicate account */
22 const int ACB_NORMAL = 0x0010; /* 1 = Normal user account */
23 const int ACB_MNS = 0x0020; /* 1 = MNS logon user account */
24 const int ACB_DOMTRUST = 0x0040; /* 1 = Interdomain trust account */
25 const int ACB_WSTRUST = 0x0080; /* 1 = Workstation trust account */
26 const int ACB_SVRTRUST = 0x0100; /* 1 = Server trust account */
27 const int ACB_PWNOEXP = 0x0200; /* 1 = User password does not expire */
28 const int ACB_AUTOLOCK = 0x0400; /* 1 = Account auto locked */
33 NTSTATUS samr_Connect (
34 /* notice the lack of [string] */
35 [in] uint16 *system_name,
36 [in] uint32 access_mask,
37 [out,ref] policy_handle *connect_handle
44 [in,out,ref] policy_handle *handle
51 [value(ndr_size_security_descriptor(r->sd))] uint32 sd_size;
52 [subcontext(4)] security_descriptor *sd;
55 NTSTATUS samr_SetSecurity (
56 [in,ref] policy_handle *handle,
58 [in,ref] samr_SdBuf *sdbuf
64 NTSTATUS samr_QuerySecurity (
65 [in,ref] policy_handle *handle,
67 [out] samr_SdBuf *sdbuf
74 shutdown the SAM - once you call this the SAM will be dead
76 NTSTATUS samr_Shutdown (
77 [in,ref] policy_handle *connect_handle
83 [value(2*strlen_m(r->name))] uint16 name_len;
84 [value(r->name_len)] uint16 name_size;
88 NTSTATUS samr_LookupDomain (
89 [in,ref] policy_handle *connect_handle,
90 [in,ref] samr_Name *domain,
105 [size_is(count)] samr_SamEntry *entries;
108 NTSTATUS samr_EnumDomains (
109 [in,ref] policy_handle *connect_handle,
110 [in,out,ref] uint32 *resume_handle,
111 [in] uint32 buf_size,
112 [out] samr_SamArray *sam,
113 [out] uint32 num_entries
117 /************************/
119 NTSTATUS samr_OpenDomain(
120 [in,ref] policy_handle *connect_handle,
121 [in] uint32 access_mask,
122 [in,ref] dom_sid2 *sid,
123 [out,ref] policy_handle *domain_handle
126 /************************/
132 ROLE_DOMAIN_MEMBER = 1,
138 uint16 min_password_len;
139 uint16 password_history;
140 uint32 password_properties;
141 /* yes, these are signed. They are in negative 100ns */
142 int64 max_password_age;
143 int64 min_password_age;
147 uint64 force_logoff_time;
149 samr_Name domain; /* domain name */
150 samr_Name primary; /* PDC name if this is a BDC */
161 uint64 force_logoff_time;
165 /* I'm not entirely sure this is a comment. win2003
166 allows it to be set, and it seems harmless (like a
167 comment) but I haven't seen it show up anywhere */
184 HYPER_T sequence_num;
185 NTTIME last_xxx_time;
189 uint32 unknown; /* w2k3 returns 1 */
194 HYPER_T lockout_duration;
195 HYPER_T lockout_window;
196 uint16 lockout_threshold;
200 HYPER_T lockout_duration;
201 HYPER_T lockout_window;
202 uint16 lockout_threshold;
206 HYPER_T sequence_num;
207 NTTIME last_xxx_time;
213 [case(1)] samr_DomInfo1 info1;
214 [case(2)] samr_DomInfo2 info2;
215 [case(3)] samr_DomInfo3 info3;
216 [case(4)] samr_DomInfo4 info4;
217 [case(5)] samr_DomInfo5 info5;
218 [case(6)] samr_DomInfo6 info6;
219 [case(7)] samr_DomInfo7 info7;
220 [case(8)] samr_DomInfo8 info8;
221 [case(9)] samr_DomInfo9 info9;
222 [case(11)] samr_DomInfo11 info11;
223 [case(12)] samr_DomInfo12 info12;
224 [case(13)] samr_DomInfo13 info13;
227 NTSTATUS samr_QueryDomainInfo(
228 [in,ref] policy_handle *domain_handle,
230 [out,switch_is(level)] samr_DomainInfo *info
233 /************************/
236 only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
239 NTSTATUS samr_SetDomainInfo(
240 [in,ref] policy_handle *domain_handle,
242 [in,switch_is(level),ref] samr_DomainInfo *info
246 /************************/
248 NTSTATUS samr_CreateDomainGroup(
249 [in,ref] policy_handle *domain_handle,
250 [in,ref] samr_Name *name,
251 [in] uint32 access_mask,
252 [out,ref] policy_handle *group_handle,
253 [out,ref] uint32 *rid
257 /************************/
259 NTSTATUS samr_EnumDomainGroups(
260 [in,ref] policy_handle *domain_handle,
261 [in,out,ref] uint32 *resume_handle,
262 [in] uint32 max_size,
263 [out] samr_SamArray *sam,
264 [out] uint32 num_entries
267 /************************/
269 NTSTATUS samr_CreateUser(
270 [in,ref] policy_handle *domain_handle,
271 [in,ref] samr_Name *account_name,
272 [in] uint32 access_mask,
273 [out,ref] policy_handle *user_handle,
274 [out,ref] uint32 *rid
277 /************************/
281 /* w2k3 treats max_size as max_users*54 and sets the
282 resume_handle as the rid of the last user sent
284 const int SAMR_ENUM_USERS_MULTIPLIER = 54;
286 NTSTATUS samr_EnumDomainUsers(
287 [in,ref] policy_handle *domain_handle,
288 [in,out,ref] uint32 *resume_handle,
289 [in] uint32 acct_flags,
290 [in] uint32 max_size,
291 [out] samr_SamArray *sam,
292 [out] uint32 num_entries
295 /************************/
297 NTSTATUS samr_CreateDomAlias(
298 [in,ref] policy_handle *domain_handle,
299 [in,ref] samr_Name *aliasname,
300 [in] uint32 access_mask,
301 [out,ref] policy_handle *alias_handle,
302 [out,ref] uint32 *rid
305 /************************/
307 NTSTATUS samr_EnumDomainAliases(
308 [in,ref] policy_handle *domain_handle,
309 [in,out,ref] uint32 *resume_handle,
310 [in] uint32 acct_flags,
311 [out] samr_SamArray *sam,
312 [out] uint32 num_entries
315 /************************/
319 SID_NAME_USE_NONE = 0,/* NOTUSED */
320 SID_NAME_USER = 1, /* user */
321 SID_NAME_DOM_GRP = 2, /* domain group */
322 SID_NAME_DOMAIN = 3, /* domain: don't know what this is */
323 SID_NAME_ALIAS = 4, /* local group */
324 SID_NAME_WKN_GRP = 5, /* well-known group */
325 SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating */
326 SID_NAME_INVALID = 7, /* invalid account */
327 SID_NAME_UNKNOWN = 8 /* oops. */
332 [size_is(count)] uint32 *ids;
335 NTSTATUS samr_GetAliasMembership(
336 [in,ref] policy_handle *alias_handle,
337 [in,ref] lsa_SidArray *sids,
341 /************************/
344 NTSTATUS samr_LookupNames(
345 [in,ref] policy_handle *domain_handle,
346 [in] uint32 num_names,
347 [in,ref,size_is(1000),length_is(num_names)] samr_Name *names,
353 /************************/
358 [size_is(count)] samr_Name *names;
361 NTSTATUS samr_LookupRids(
362 [in,ref] policy_handle *domain_handle,
363 [in] uint32 num_rids,
364 [in,ref,size_is(1000),length_is(num_rids)] uint32 *rids,
365 [out] samr_Names names,
369 /************************/
371 NTSTATUS samr_OpenGroup(
372 [in,ref] policy_handle *domain_handle,
373 [in] uint32 access_mask,
375 [out,ref] policy_handle *group_handle
379 /************************/
386 samr_Name description;
394 samr_Name description;
395 } samr_GroupInfoDesciption;
401 GroupInfoDescription = 4,
406 [case(GroupInfoAll)] samr_GroupInfoAll all;
407 [case(GroupInfoName)] samr_Name name;
408 [case(GroupInfoX)] samr_GroupInfoX unknown;
409 [case(GroupInfoDescription)] samr_Name description;
410 [case(GroupInfoAll2)] samr_GroupInfoAll all2;
413 NTSTATUS samr_QueryGroupInfo(
414 [in,ref] policy_handle *group_handle,
416 [out,switch_is(level)] samr_GroupInfo *info
419 /************************/
421 NTSTATUS samr_SetGroupInfo(
422 [in,ref] policy_handle *group_handle,
424 [in,switch_is(level),ref] samr_GroupInfo *info
427 /************************/
429 NTSTATUS samr_AddGroupMember(
430 [in,ref] policy_handle *group_handle,
435 /************************/
437 NTSTATUS samr_DeleteDomainGroup(
438 [in,out,ref] policy_handle *group_handle
441 /************************/
443 NTSTATUS samr_DeleteGroupMember(
444 [in,ref] policy_handle *group_handle,
449 /************************/
453 [size_is(count)] uint32 *rids;
454 [size_is(count)] uint32 *unknown;
457 NTSTATUS samr_QueryGroupMember(
458 [in,ref] policy_handle *group_handle,
459 [out] samr_ridArray *rids
463 /************************/
467 win2003 seems to accept any data at all for the two integers
468 below, and doesn't seem to do anything with them that I can
469 see. Weird. I really expected the first integer to be a rid
470 and the second to be the attributes for that rid member.
472 NTSTATUS samr_SetMemberAttributesOfGroup(
473 [in,ref] policy_handle *group_handle,
474 [in] uint32 unknown1,
479 /************************/
481 NTSTATUS samr_OpenAlias (
482 [in,ref] policy_handle *domain_handle,
483 [in] uint32 access_mask,
485 [out,ref] policy_handle *alias_handle
489 /************************/
495 samr_Name description;
499 [case(1)] samr_AliasInfoAll all;
500 [case(2)] samr_Name name;
501 [case(3)] samr_Name description;
504 NTSTATUS samr_QueryAliasInfo(
505 [in,ref] policy_handle *alias_handle,
507 [out,switch_is(level)] samr_AliasInfo *info
510 /************************/
512 NTSTATUS samr_SetAliasInfo(
513 [in,ref] policy_handle *alias_handle,
515 [in,switch_is(level)] samr_AliasInfo info
518 /************************/
520 NTSTATUS samr_DeleteDomAlias(
521 [in,out,ref] policy_handle *alias_handle
524 /************************/
526 NTSTATUS samr_AddAliasMember(
527 [in,ref] policy_handle *alias_handle,
528 [in,ref] dom_sid2 *sid
531 /************************/
533 NTSTATUS samr_DeleteAliasMember(
534 [in,ref] policy_handle *alias_handle,
535 [in,ref] dom_sid2 *sid
538 /************************/
540 NTSTATUS samr_GetMembersInAlias(
541 [in,ref] policy_handle *alias_handle,
542 [out,ref] lsa_SidArray *sids
545 /************************/
547 NTSTATUS samr_OpenUser(
548 [in,ref] policy_handle *domain_handle,
549 [in] uint32 access_mask,
551 [out,ref] policy_handle *user_handle
554 /************************/
556 NTSTATUS samr_DeleteUser(
557 [in,out,ref] policy_handle *user_handle
560 /************************/
563 samr_Name account_name;
566 samr_Name description;
572 samr_Name unknown; /* settable, but doesn't stick. probably obsolete */
578 samr_Name account_name;
582 samr_Name home_directory;
583 samr_Name home_drive;
584 samr_Name logon_script;
585 samr_Name profile_path;
586 samr_Name workstations;
589 NTTIME last_password_change;
590 NTTIME allow_password_change;
591 NTTIME force_password_change;
592 samr_LogonHours logon_hours;
593 uint16 bad_password_count;
599 samr_LogonHours logon_hours;
603 samr_Name account_name;
607 samr_Name home_directory;
608 samr_Name home_drive;
609 samr_Name logon_script;
610 samr_Name profile_path;
611 samr_Name description;
612 samr_Name workstations;
615 samr_LogonHours logon_hours;
616 uint16 bad_password_count;
618 NTTIME last_password_change;
624 samr_Name account_name;
629 samr_Name account_name;
641 samr_Name home_directory;
642 samr_Name home_drive;
646 samr_Name logon_script;
650 samr_Name profile_path;
654 samr_Name description;
658 samr_Name workstations;
673 /* this defines the bits used for fields_present in info21 */
674 const int SAMR_FIELD_NAME = 0x00000002;
675 const int SAMR_FIELD_DESCRIPTION = 0x00000010;
676 const int SAMR_FIELD_COMMENT = 0x00000020;
677 const int SAMR_FIELD_LOGON_SCRIPT = 0x00000100;
678 const int SAMR_FIELD_PROFILE_PATH = 0x00000200;
679 const int SAMR_FIELD_WORKSTATION = 0x00000400;
680 const int SAMR_FIELD_LOGON_HOURS = 0x00002000;
681 const int SAMR_FIELD_CALLBACK = 0x00200000;
682 const int SAMR_FIELD_COUNTRY_CODE = 0x00400000;
683 const int SAMR_FIELD_CODE_PAGE = 0x00800000;
684 const int SAMR_FIELD_PASSWORD = 0x03000000; /* 2 bits!? */
689 NTTIME last_password_change;
691 NTTIME allow_password_change;
692 NTTIME force_password_change;
693 samr_Name account_name;
695 samr_Name home_directory;
696 samr_Name home_drive;
697 samr_Name logon_script;
698 samr_Name profile_path;
699 samr_Name description;
700 samr_Name workstations;
707 [size_is(buf_count)] uint8 *buffer;
711 uint32 fields_present;
712 samr_LogonHours logon_hours;
713 uint16 bad_password_count;
717 uint8 nt_password_set;
718 uint8 lm_password_set;
723 typedef [flag(NDR_PAHEX)] struct {
725 } samr_CryptPassword;
728 samr_UserInfo21 info;
729 samr_CryptPassword password;
733 samr_CryptPassword password;
737 typedef [flag(NDR_PAHEX)] struct {
739 } samr_CryptPasswordEx;
742 samr_UserInfo21 info;
743 samr_CryptPasswordEx password;
747 samr_CryptPasswordEx password;
752 [case(1)] samr_UserInfo1 info1;
753 [case(2)] samr_UserInfo2 info2;
754 [case(3)] samr_UserInfo3 info3;
755 [case(4)] samr_UserInfo4 info4;
756 [case(5)] samr_UserInfo5 info5;
757 [case(6)] samr_UserInfo6 info6;
758 [case(7)] samr_UserInfo7 info7;
759 [case(8)] samr_UserInfo8 info8;
760 [case(9)] samr_UserInfo9 info9;
761 [case(10)] samr_UserInfo10 info10;
762 [case(11)] samr_UserInfo11 info11;
763 [case(12)] samr_UserInfo12 info12;
764 [case(13)] samr_UserInfo13 info13;
765 [case(14)] samr_UserInfo14 info14;
766 [case(16)] samr_UserInfo16 info16;
767 [case(17)] samr_UserInfo17 info17;
768 [case(20)] samr_UserInfo20 info20;
769 [case(21)] samr_UserInfo21 info21;
770 [case(23)] samr_UserInfo23 info23;
771 [case(24)] samr_UserInfo24 info24;
772 [case(25)] samr_UserInfo25 info25;
773 [case(26)] samr_UserInfo26 info26;
776 NTSTATUS samr_QueryUserInfo(
777 [in,ref] policy_handle *user_handle,
779 [out,switch_is(level)] samr_UserInfo *info
783 /************************/
785 NTSTATUS samr_SetUserInfo(
786 [in,ref] policy_handle *user_handle,
788 [in,ref,switch_is(level)] samr_UserInfo *info
791 /************************/
795 this is a password change interface that doesn't give
796 the server the plaintext password. Depricated.
798 NTSTATUS samr_ChangePasswordUser(
799 [in,ref] policy_handle *user_handle,
800 [in] bool8 lm_present,
801 [in] samr_Password *old_lm_crypted,
802 [in] samr_Password *new_lm_crypted,
803 [in] bool8 nt_present,
804 [in] samr_Password *old_nt_crypted,
805 [in] samr_Password *new_nt_crypted,
806 [in] bool8 cross1_present,
807 [in] samr_Password *nt_cross,
808 [in] bool8 cross2_present,
809 [in] samr_Password *lm_cross
812 /************************/
822 [size_is(count)] samr_RidType *rid;
825 NTSTATUS samr_GetGroupsForUser(
826 [in,ref] policy_handle *user_handle,
827 [out] samr_RidArray *rids
830 /************************/
837 samr_Name account_name;
839 samr_Name description;
840 } samr_DispEntryGeneral;
844 [size_is(count)] samr_DispEntryGeneral *entries;
845 } samr_DispInfoGeneral;
851 samr_Name account_name;
852 samr_Name description;
853 } samr_DispEntryFull;
857 [size_is(count)] samr_DispEntryFull *entries;
861 [value(strlen_m(r->name))] uint16 name_len;
862 [value(strlen_m(r->name))] uint16 name_size;
868 samr_AsciiName account_name;
869 } samr_DispEntryAscii;
873 [size_is(count)] samr_DispEntryAscii *entries;
874 } samr_DispInfoAscii;
877 [case(1)] samr_DispInfoGeneral info1;/* users */
878 [case(2)] samr_DispInfoFull info2; /* trust accounts? */
879 [case(3)] samr_DispInfoFull info3; /* groups */
880 [case(4)] samr_DispInfoAscii info4; /* users */
881 [case(5)] samr_DispInfoAscii info5; /* groups */
884 NTSTATUS samr_QueryDisplayInfo(
885 [in,ref] policy_handle *domain_handle,
887 [in] uint32 start_idx,
888 [in] uint32 max_entries,
889 [in] uint32 buf_size,
890 [out] uint32 total_size,
891 [out] uint32 returned_size,
892 [out,switch_is(level)] samr_DispInfo info
896 /************************/
900 this seems to be an alphabetic search function. The returned index
901 is the index for samr_QueryDisplayInfo needed to get names occurring
902 after the specified name. The supplied name does not need to exist
903 in the database (for example you can supply just a first letter for
904 searching starting at that letter)
906 The level corresponds to the samr_QueryDisplayInfo level
908 NTSTATUS samr_GetDisplayEnumerationIndex(
909 [in,ref] policy_handle *domain_handle,
917 /************************/
921 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
923 NTSTATUS samr_TestPrivateFunctionsDomain(
924 [in,ref] policy_handle *domain_handle
928 /************************/
932 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
934 NTSTATUS samr_TestPrivateFunctionsUser(
935 [in,ref] policy_handle *user_handle
939 /************************/
942 /* password properties flags */
943 const uint32 DOMAIN_PASSWORD_COMPLEX = 0x00000001;
944 const uint32 DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002;
945 const uint32 DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004;
946 const uint32 DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010;
947 const uint32 DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020;
950 uint16 min_password_len;
951 uint32 password_properties;
954 NTSTATUS samr_GetUserPwInfo(
955 [in,ref] policy_handle *user_handle,
956 [out] samr_PwInfo info
959 /************************/
961 NTSTATUS samr_RemoveMemberFromForeignDomain(
962 [in,ref] policy_handle *domain_handle,
963 [in,ref] dom_sid2 *sid
966 /************************/
970 how is this different from QueryDomainInfo ??
972 NTSTATUS samr_QueryDomainInfo2(
973 [in,ref] policy_handle *domain_handle,
975 [out,switch_is(level)] samr_DomainInfo *info
978 /************************/
982 how is this different from QueryUserInfo ??
984 NTSTATUS samr_QueryUserInfo2(
985 [in,ref] policy_handle *user_handle,
987 [out,switch_is(level)] samr_UserInfo *info
990 /************************/
994 how is this different from QueryDisplayInfo??
996 NTSTATUS samr_QueryDisplayInfo2(
997 [in,ref] policy_handle *domain_handle,
999 [in] uint32 start_idx,
1000 [in] uint32 max_entries,
1001 [in] uint32 buf_size,
1002 [out] uint32 total_size,
1003 [out] uint32 returned_size,
1004 [out,switch_is(level)] samr_DispInfo info
1007 /************************/
1011 how is this different from GetDisplayEnumerationIndex ??
1013 NTSTATUS samr_GetDisplayEnumerationIndex2(
1014 [in,ref] policy_handle *domain_handle,
1016 [in] samr_Name name,
1021 /************************/
1023 NTSTATUS samr_CreateUser2(
1024 [in,ref] policy_handle *domain_handle,
1025 [in,ref] samr_Name *account_name,
1026 [in] uint32 acct_flags,
1027 [in] uint32 access_mask,
1028 [out,ref] policy_handle *user_handle,
1029 [out,ref] uint32 *access_granted,
1030 [out,ref] uint32 *rid
1034 /************************/
1038 another duplicate. There must be a reason ....
1040 NTSTATUS samr_QueryDisplayInfo3(
1041 [in,ref] policy_handle *domain_handle,
1043 [in] uint32 start_idx,
1044 [in] uint32 max_entries,
1045 [in] uint32 buf_size,
1046 [out] uint32 total_size,
1047 [out] uint32 returned_size,
1048 [out,switch_is(level)] samr_DispInfo info
1051 /************************/
1053 NTSTATUS samr_AddMultipleMembersToAlias(
1054 [in,ref] policy_handle *alias_handle,
1055 [in,ref] lsa_SidArray *sids
1058 /************************/
1060 NTSTATUS samr_RemoveMultipleMembersFromAlias(
1061 [in,ref] policy_handle *alias_handle,
1062 [in,ref] lsa_SidArray *sids
1065 /************************/
1068 NTSTATUS samr_OemChangePasswordUser2(
1069 [in] samr_AsciiName *server,
1070 [in,ref] samr_AsciiName *account,
1071 [in] samr_CryptPassword *password,
1072 [in] samr_Password *hash
1075 /************************/
1077 NTSTATUS samr_ChangePasswordUser2(
1078 [in] samr_Name *server,
1079 [in,ref] samr_Name *account,
1080 [in] samr_CryptPassword *nt_password,
1081 [in] samr_Password *nt_verifier,
1082 [in] bool8 lm_change,
1083 [in] samr_CryptPassword *lm_password,
1084 [in] samr_Password *lm_verifier
1087 /************************/
1089 NTSTATUS samr_GetDomPwInfo(
1090 [in] samr_Name *name,
1091 [out] samr_PwInfo info
1094 /************************/
1096 NTSTATUS samr_Connect2(
1097 [in] unistr *system_name,
1098 [in] uint32 access_mask,
1099 [out,ref] policy_handle *connect_handle
1102 /************************/
1105 seems to be an exact alias for samr_SetUserInfo()
1107 NTSTATUS samr_SetUserInfo2(
1108 [in,ref] policy_handle *user_handle,
1110 [in,ref,switch_is(level)] samr_UserInfo *info
1113 /************************/
1116 this one is mysterious. I have a few guesses, but nothing working yet
1118 NTSTATUS samr_SetBootKeyInformation(
1119 [in,ref] policy_handle *connect_handle,
1120 [in] uint32 unknown1,
1121 [in] uint32 unknown2,
1122 [in] uint32 unknown3
1125 /************************/
1127 NTSTATUS samr_GetBootKeyInformation(
1128 [in,ref] policy_handle *domain_handle,
1129 [out] uint32 unknown
1132 /************************/
1134 NTSTATUS samr_Connect3(
1135 [in] unistr *system_name,
1136 /* this unknown value seems to be completely ignored by w2k3 */
1137 [in] uint32 unknown,
1138 [in] uint32 access_mask,
1139 [out,ref] policy_handle *connect_handle
1142 /************************/
1144 NTSTATUS samr_Connect4(
1145 [in] unistr *system_name,
1146 [in] uint32 unknown,
1147 [in] uint32 access_mask,
1148 [out,ref] policy_handle *connect_handle
1151 /************************/
1154 const int SAMR_REJECT_OTHER = 0;
1155 const int SAMR_REJECT_TOO_SHORT = 1;
1156 const int SAMR_REJECT_COMPLEXITY = 2;
1162 } samr_ChangeReject;
1164 NTSTATUS samr_ChangePasswordUser3(
1165 [in] samr_Name *server,
1166 [in,ref] samr_Name *account,
1167 [in] samr_CryptPassword *nt_password,
1168 [in] samr_Password *nt_verifier,
1169 [in] bool8 lm_change,
1170 [in] samr_CryptPassword *lm_password,
1171 [in] samr_Password *lm_verifier,
1172 [in] samr_CryptPassword *password3,
1173 [out] samr_DomInfo1 *dominfo,
1174 [out] samr_ChangeReject *reject
1177 /************************/
1181 uint32 unknown1; /* w2k3 gives 3 */
1182 uint32 unknown2; /* w2k3 gives 0 */
1183 } samr_ConnectInfo1;
1186 [case(1)] samr_ConnectInfo1 info1;
1189 NTSTATUS samr_Connect5(
1190 [in] unistr *system_name,
1191 [in] uint32 access_mask,
1192 [in,out] uint32 level,
1193 [in,out,switch_is(level),ref] samr_ConnectInfo *info,
1194 [out,ref] policy_handle *connect_handle
1197 /************************/
1199 NTSTATUS samr_RidToSid(
1200 [in,ref] policy_handle *domain_handle,
1206 /************************/
1210 this should set the DSRM password for the server, which is used
1211 when booting into Directory Services Recovery Mode on a DC. Win2003
1212 gives me NT_STATUS_NOT_SUPPORTED
1215 NTSTATUS samr_SetDsrmPassword(
1216 [in] samr_Name *name,
1217 [in] uint32 unknown,
1218 [in] samr_Password *hash
1222 /************************/
1225 I haven't been able to work out the format of this one yet.
1226 Seems to start with a switch level for a union?
1228 NTSTATUS samr_ValidatePassword();