4 samr interface definition
8 Thanks to Todd Sabin for some information from his samr.idl in acltools
11 [ uuid(12345778-1234-abcd-ef00-0123456789ac),
13 endpoints(samr,TCP-0),
14 pointer_default(unique)
17 /* account control (acct_flags) bits */
18 const int ACB_DISABLED = 0x0001; /* 1 = User account disabled */
19 const int ACB_HOMDIRREQ = 0x0002; /* 1 = Home directory required */
20 const int ACB_PWNOTREQ = 0x0004; /* 1 = User password not required */
21 const int ACB_TEMPDUP = 0x0008; /* 1 = Temporary duplicate account */
22 const int ACB_NORMAL = 0x0010; /* 1 = Normal user account */
23 const int ACB_MNS = 0x0020; /* 1 = MNS logon user account */
24 const int ACB_DOMTRUST = 0x0040; /* 1 = Interdomain trust account */
25 const int ACB_WSTRUST = 0x0080; /* 1 = Workstation trust account */
26 const int ACB_SVRTRUST = 0x0100; /* 1 = Server trust account */
27 const int ACB_PWNOEXP = 0x0200; /* 1 = User password does not expire */
28 const int ACB_AUTOLOCK = 0x0400; /* 1 = Account auto locked */
33 NTSTATUS samr_Connect (
34 /* notice the lack of [string] */
35 [in] uint16 *system_name,
36 [in] uint32 access_mask,
37 [out,ref] policy_handle *handle
44 [in,out,ref] policy_handle *handle
51 [value(ndr_size_security_descriptor(r->sd))] uint32 sd_size;
52 [subcontext(4)] security_descriptor *sd;
55 NTSTATUS samr_SetSecurity (
56 [in,ref] policy_handle *handle,
58 [in,ref] samr_SdBuf *sdbuf
64 NTSTATUS samr_QuerySecurity (
65 [in,ref] policy_handle *handle,
67 [out] samr_SdBuf *sdbuf
74 shutdown the SAM - once you call this the SAM will be dead
76 NTSTATUS samr_Shutdown (
77 [in,ref] policy_handle *handle
83 [value(2*strlen_m(r->name))] uint16 name_len;
84 [value(r->name_len)] uint16 name_size;
88 NTSTATUS samr_LookupDomain (
89 [in,ref] policy_handle *handle,
90 [in,ref] samr_Name *domain,
105 [size_is(count)] samr_SamEntry *entries;
108 NTSTATUS samr_EnumDomains (
109 [in,ref] policy_handle *handle,
110 [in,out,ref] uint32 *resume_handle,
111 [in] uint32 buf_size,
112 [out] samr_SamArray *sam,
113 [out] uint32 num_entries
117 /************************/
119 NTSTATUS samr_OpenDomain(
120 [in,ref] policy_handle *handle,
121 [in] uint32 access_mask,
122 [in,ref] dom_sid2 *sid,
123 [out,ref] policy_handle *domain_handle
126 /************************/
132 ROLE_DOMAIN_MEMBER = 1,
139 uint16 password_history;
140 uint32 password_properties;
141 /* yes, these are signed. They are in negative 100ns */
142 int64 max_password_age;
143 int64 min_password_age;
147 uint64 force_logoff_time;
149 samr_Name domain; /* domain name */
150 samr_Name primary; /* PDC name if this is a BDC */
151 HYPER_T sequence_num;
161 uint64 force_logoff_time;
165 /* I'm not entirely sure this is a comment. win2003
166 allows it to be set, and it seems harmless (like a
167 comment) but I haven't seen it show up anywhere */
184 HYPER_T sequence_num;
185 NTTIME last_xxx_time;
189 uint32 unknown; /* w2k3 returns 1 */
193 uint64 force_logoff_time;
197 HYPER_T sequence_num;
198 uint32 unknown2; /* w2k3 returns 1 */
200 uint32 unknown3; /* w2k3 returns 1 */
204 HYPER_T lockout_duration;
205 HYPER_T lockout_window;
206 uint16 lockout_threshold;
210 HYPER_T lockout_duration;
211 HYPER_T lockout_window;
212 uint16 lockout_threshold;
216 HYPER_T sequence_num;
217 NTTIME last_xxx_time;
223 [case(1)] samr_DomInfo1 info1;
224 [case(2)] samr_DomInfo2 info2;
225 [case(3)] samr_DomInfo3 info3;
226 [case(4)] samr_DomInfo4 info4;
227 [case(5)] samr_DomInfo5 info5;
228 [case(6)] samr_DomInfo6 info6;
229 [case(7)] samr_DomInfo7 info7;
230 [case(8)] samr_DomInfo8 info8;
231 [case(9)] samr_DomInfo9 info9;
232 [case(11)] samr_DomInfo11 info11;
233 [case(12)] samr_DomInfo12 info12;
234 [case(13)] samr_DomInfo13 info13;
237 NTSTATUS samr_QueryDomainInfo(
238 [in,ref] policy_handle *handle,
240 [out,switch_is(level)] samr_DomainInfo *info
243 /************************/
246 only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
249 NTSTATUS samr_SetDomainInfo(
250 [in,ref] policy_handle *handle,
252 [in,switch_is(level),ref] samr_DomainInfo *info
256 /************************/
258 NTSTATUS samr_CreateDomainGroup(
259 [in,ref] policy_handle *handle,
260 [in,ref] samr_Name *name,
261 [in] uint32 access_mask,
262 [out,ref] policy_handle *group_handle,
263 [out,ref] uint32 *rid
267 /************************/
269 NTSTATUS samr_EnumDomainGroups(
270 [in,ref] policy_handle *handle,
271 [in,out,ref] uint32 *resume_handle,
272 [in] uint32 max_size,
273 [out] samr_SamArray *sam,
274 [out] uint32 num_entries
277 /************************/
279 NTSTATUS samr_CreateUser(
280 [in,ref] policy_handle *handle,
281 [in,ref] samr_Name *username,
282 [in] uint32 access_mask,
283 [out,ref] policy_handle *acct_handle,
284 [out,ref] uint32 *rid
287 /************************/
291 /* w2k3 treats max_size as max_users*54 and sets the
292 resume_handle as the rid of the last user sent
294 const int SAMR_ENUM_USERS_MULTIPLIER = 54;
296 NTSTATUS samr_EnumDomainUsers(
297 [in,ref] policy_handle *handle,
298 [in,out,ref] uint32 *resume_handle,
299 [in] uint32 acct_flags,
300 [in] uint32 max_size,
301 [out] samr_SamArray *sam,
302 [out] uint32 num_entries
305 /************************/
307 NTSTATUS samr_CreateDomAlias(
308 [in,ref] policy_handle *handle,
309 [in,ref] samr_Name *aliasname,
310 [in] uint32 access_mask,
311 [out,ref] policy_handle *acct_handle,
312 [out,ref] uint32 *rid
315 /************************/
317 NTSTATUS samr_EnumDomainAliases(
318 [in,ref] policy_handle *handle,
319 [in,out,ref] uint32 *resume_handle,
320 [in] uint32 account_flags,
321 [out] samr_SamArray *sam,
322 [out] uint32 num_entries
325 /************************/
329 SID_NAME_USE_NONE = 0,/* NOTUSED */
330 SID_NAME_USER = 1, /* user */
331 SID_NAME_DOM_GRP = 2, /* domain group */
332 SID_NAME_DOMAIN = 3, /* domain: don't know what this is */
333 SID_NAME_ALIAS = 4, /* local group */
334 SID_NAME_WKN_GRP = 5, /* well-known group */
335 SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating */
336 SID_NAME_INVALID = 7, /* invalid account */
337 SID_NAME_UNKNOWN = 8 /* oops. */
342 [size_is(count)] uint32 *ids;
345 NTSTATUS samr_GetAliasMembership(
346 [in,ref] policy_handle *handle,
347 [in,ref] lsa_SidArray *sids,
351 /************************/
354 NTSTATUS samr_LookupNames(
355 [in,ref] policy_handle *handle,
356 [in] uint32 num_names,
357 [in,ref,size_is(1000),length_is(num_names)] samr_Name *names,
363 /************************/
368 [size_is(count)] samr_Name *names;
371 NTSTATUS samr_LookupRids(
372 [in,ref] policy_handle *handle,
373 [in] uint32 num_rids,
374 [in,ref,size_is(1000),length_is(num_rids)] uint32 *rids,
375 [out] samr_Names names,
379 /************************/
381 NTSTATUS samr_OpenGroup(
382 [in,ref] policy_handle *handle,
383 [in] uint32 access_mask,
385 [out,ref] policy_handle *acct_handle
389 /************************/
396 samr_Name description;
404 samr_Name description;
405 } samr_GroupInfoDesciption;
415 [case(GroupInfoAll)] samr_GroupInfoAll all;
416 [case(GroupInfoName)] samr_Name name;
417 [case(GroupInfoX)] samr_GroupInfoX unknown;
418 [case(GroupInfoDescription)] samr_Name description;
421 NTSTATUS samr_QueryGroupInfo(
422 [in,ref] policy_handle *handle,
424 [out,switch_is(level)] samr_GroupInfo *info
427 /************************/
429 NTSTATUS samr_SetGroupInfo(
430 [in,ref] policy_handle *handle,
432 [in,switch_is(level),ref] samr_GroupInfo *info
435 /************************/
437 NTSTATUS samr_AddGroupMember(
438 [in,ref] policy_handle *handle,
443 /************************/
445 NTSTATUS samr_DeleteDomainGroup(
446 [in,out,ref] policy_handle *handle
449 /************************/
451 NTSTATUS samr_DeleteGroupMember(
452 [in,ref] policy_handle *handle,
457 /************************/
460 this isn't really valid IDL, but it does work. I suspect
461 I need to do some more pidl work to get this really right
470 samr_intArray *unknown7;
473 NTSTATUS samr_QueryGroupMember(
474 [in,ref] policy_handle *handle,
476 [out] samr_ridArray rids
480 /************************/
484 win2003 seems to accept any data at all for the two integers
485 below, and doesn't seem to do anything with them that I can
486 see. Weird. I really expected the first integer to be a rid
487 and the second to be the attributes for that rid member.
489 NTSTATUS samr_SetMemberAttributesOfGroup(
490 [in,ref] policy_handle *handle,
491 [in] uint32 unknown1,
496 /************************/
498 NTSTATUS samr_OpenAlias (
499 [in,ref] policy_handle *handle,
500 [in] uint32 access_mask,
502 [out,ref] policy_handle *acct_handle
506 /************************/
512 samr_Name description;
516 [case(1)] samr_AliasInfoAll all;
517 [case(2)] samr_Name name;
518 [case(3)] samr_Name description;
521 NTSTATUS samr_QueryAliasInfo(
522 [in,ref] policy_handle *handle,
524 [out,switch_is(level)] samr_AliasInfo *info
527 /************************/
529 NTSTATUS samr_SetAliasInfo(
530 [in,ref] policy_handle *handle,
532 [in,switch_is(level)] samr_AliasInfo info
535 /************************/
537 NTSTATUS samr_DeleteDomAlias(
538 [in,out,ref] policy_handle *handle
541 /************************/
543 NTSTATUS samr_AddAliasMember(
544 [in,ref] policy_handle *handle,
545 [in,ref] dom_sid2 *sid
548 /************************/
550 NTSTATUS samr_DeleteAliasMember(
551 [in,ref] policy_handle *handle,
552 [in,ref] dom_sid2 *sid
555 /************************/
557 NTSTATUS samr_GetMembersInAlias(
558 [in,ref] policy_handle *handle,
559 [out,ref] lsa_SidArray *sids
562 /************************/
564 NTSTATUS samr_OpenUser(
565 [in,ref] policy_handle *handle,
566 [in] uint32 access_mask,
568 [out,ref] policy_handle *acct_handle
571 /************************/
573 NTSTATUS samr_DeleteUser(
574 [in,out,ref] policy_handle *handle
577 /************************/
583 samr_Name description;
589 samr_Name unknown; /* settable, but doesn't stick. probably obsolete */
599 samr_Name home_directory;
600 samr_Name home_drive;
601 samr_Name logon_script;
603 samr_Name workstations;
606 NTTIME last_pwd_change;
607 NTTIME allow_pwd_change;
608 NTTIME force_pwd_change;
609 samr_LogonHours logon_hours;
610 uint16 bad_pwd_count;
616 samr_LogonHours logon_hours;
624 samr_Name home_directory;
625 samr_Name home_drive;
626 samr_Name logon_script;
628 samr_Name description;
629 samr_Name workstations;
632 samr_LogonHours logon_hours;
633 uint16 bad_pwd_count;
635 NTTIME last_pwd_change;
658 samr_Name home_directory;
659 samr_Name home_drive;
663 samr_Name logon_script;
671 samr_Name description;
675 samr_Name workstations;
690 /* this defines the bits used for fields_present in info21 */
691 const int SAMR_FIELD_NAME = 0x00000002;
692 const int SAMR_FIELD_DESCRIPTION = 0x00000010;
693 const int SAMR_FIELD_COMMENT = 0x00000020;
694 const int SAMR_FIELD_LOGON_SCRIPT = 0x00000100;
695 const int SAMR_FIELD_PROFILE = 0x00000200;
696 const int SAMR_FIELD_WORKSTATION = 0x00000400;
697 const int SAMR_FIELD_LOGON_HOURS = 0x00002000;
698 const int SAMR_FIELD_CALLBACK = 0x00200000;
699 const int SAMR_FIELD_COUNTRY_CODE = 0x00400000;
700 const int SAMR_FIELD_CODE_PAGE = 0x00800000;
701 const int SAMR_FIELD_PASSWORD = 0x03000000; /* 2 bits!? */
706 NTTIME last_pwd_change;
708 NTTIME allow_pwd_change;
709 NTTIME force_pwd_change;
712 samr_Name home_directory;
713 samr_Name home_drive;
714 samr_Name logon_script;
716 samr_Name description;
717 samr_Name workstations;
724 [size_is(buf_count)] uint8 *buffer;
728 uint32 fields_present;
729 samr_LogonHours logon_hours;
730 uint16 bad_pwd_count;
740 typedef [flag(NDR_PAHEX)] struct {
742 } samr_CryptPassword;
745 samr_UserInfo21 info;
746 samr_CryptPassword password;
750 samr_CryptPassword password;
754 typedef [flag(NDR_PAHEX)] struct {
756 } samr_CryptPasswordEx;
759 samr_UserInfo21 info;
760 samr_CryptPasswordEx password;
764 samr_CryptPasswordEx password;
769 [case(1)] samr_UserInfo1 info1;
770 [case(2)] samr_UserInfo2 info2;
771 [case(3)] samr_UserInfo3 info3;
772 [case(4)] samr_UserInfo4 info4;
773 [case(5)] samr_UserInfo5 info5;
774 [case(6)] samr_UserInfo6 info6;
775 [case(7)] samr_UserInfo7 info7;
776 [case(8)] samr_UserInfo8 info8;
777 [case(9)] samr_UserInfo9 info9;
778 [case(10)] samr_UserInfo10 info10;
779 [case(11)] samr_UserInfo11 info11;
780 [case(12)] samr_UserInfo12 info12;
781 [case(13)] samr_UserInfo13 info13;
782 [case(14)] samr_UserInfo14 info14;
783 [case(16)] samr_UserInfo16 info16;
784 [case(17)] samr_UserInfo17 info17;
785 [case(20)] samr_UserInfo20 info20;
786 [case(21)] samr_UserInfo21 info21;
787 [case(23)] samr_UserInfo23 info23;
788 [case(24)] samr_UserInfo24 info24;
789 [case(25)] samr_UserInfo25 info25;
790 [case(26)] samr_UserInfo26 info26;
793 NTSTATUS samr_QueryUserInfo(
794 [in,ref] policy_handle *handle,
796 [out,switch_is(level)] samr_UserInfo *info
800 /************************/
802 NTSTATUS samr_SetUserInfo(
803 [in,ref] policy_handle *handle,
805 [in,ref,switch_is(level)] samr_UserInfo *info
808 /************************/
811 typedef [flag(NDR_PAHEX)] struct {
816 this is a password change interface that doesn't give
817 the server the plaintext password. Depricated.
819 NTSTATUS samr_ChangePasswordUser(
820 [in,ref] policy_handle *handle,
821 [in] bool8 lm_present,
822 [in] samr_Hash *old_lm_crypted,
823 [in] samr_Hash *new_lm_crypted,
824 [in] bool8 nt_present,
825 [in] samr_Hash *old_nt_crypted,
826 [in] samr_Hash *new_nt_crypted,
827 [in] bool8 cross1_present,
828 [in] samr_Hash *nt_cross,
829 [in] bool8 cross2_present,
830 [in] samr_Hash *lm_cross
833 /************************/
843 [size_is(count)] samr_RidType *rid;
846 NTSTATUS samr_GetGroupsForUser(
847 [in,ref] policy_handle *handle,
848 [out] samr_RidArray *rids
851 /************************/
858 samr_Name account_name;
860 samr_Name description;
861 } samr_DispEntryGeneral;
865 [size_is(count)] samr_DispEntryGeneral *entries;
866 } samr_DispInfoGeneral;
872 samr_Name account_name;
873 samr_Name description;
874 } samr_DispEntryFull;
878 [size_is(count)] samr_DispEntryFull *entries;
882 [value(strlen_m(r->name))] uint16 name_len;
883 [value(strlen_m(r->name))] uint16 name_size;
889 samr_AsciiName account_name;
890 } samr_DispEntryAscii;
894 [size_is(count)] samr_DispEntryAscii *entries;
895 } samr_DispInfoAscii;
898 [case(1)] samr_DispInfoGeneral info1;/* users */
899 [case(2)] samr_DispInfoFull info2; /* trust accounts? */
900 [case(3)] samr_DispInfoFull info3; /* groups */
901 [case(4)] samr_DispInfoAscii info4; /* users */
902 [case(5)] samr_DispInfoAscii info5; /* groups */
905 NTSTATUS samr_QueryDisplayInfo(
906 [in,ref] policy_handle *handle,
908 [in] uint32 start_idx,
909 [in] uint32 max_entries,
910 [in] uint32 buf_size,
911 [out] uint32 total_size,
912 [out] uint32 returned_size,
913 [out,switch_is(level)] samr_DispInfo info
917 /************************/
921 this seems to be an alphabetic search function. The returned index
922 is the index for samr_QueryDisplayInfo needed to get names occurring
923 after the specified name. The supplied name does not need to exist
924 in the database (for example you can supply just a first letter for
925 searching starting at that letter)
927 The level corresponds to the samr_QueryDisplayInfo level
929 NTSTATUS samr_GetDisplayEnumerationIndex(
930 [in,ref] policy_handle *handle,
938 /************************/
942 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
944 NTSTATUS samr_TestPrivateFunctionsDomain(
945 [in,ref] policy_handle *handle
949 /************************/
953 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
955 NTSTATUS samr_TestPrivateFunctionsUser(
956 [in,ref] policy_handle *handle
960 /************************/
963 /* password properties flags */
964 const uint32 DOMAIN_PASSWORD_COMPLEX = 0x00000001;
965 const uint32 DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002;
966 const uint32 DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004;
967 const uint32 DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010;
968 const uint32 DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020;
972 uint32 password_properties;
975 NTSTATUS samr_GetUserPwInfo(
976 [in,ref] policy_handle *handle,
977 [out] samr_PwInfo info
980 /************************/
982 NTSTATUS samr_RemoveMemberFromForeignDomain(
983 [in,ref] policy_handle *handle,
984 [in,ref] dom_sid2 *sid
987 /************************/
991 how is this different from QueryDomainInfo ??
993 NTSTATUS samr_QueryDomainInfo2(
994 [in,ref] policy_handle *handle,
996 [out,switch_is(level)] samr_DomainInfo *info
999 /************************/
1003 how is this different from QueryUserInfo ??
1005 NTSTATUS samr_QueryUserInfo2(
1006 [in,ref] policy_handle *handle,
1008 [out,switch_is(level)] samr_UserInfo *info
1011 /************************/
1015 how is this different from QueryDisplayInfo??
1017 NTSTATUS samr_QueryDisplayInfo2(
1018 [in,ref] policy_handle *handle,
1020 [in] uint32 start_idx,
1021 [in] uint32 max_entries,
1022 [in] uint32 buf_size,
1023 [out] uint32 total_size,
1024 [out] uint32 returned_size,
1025 [out,switch_is(level)] samr_DispInfo info
1028 /************************/
1032 how is this different from GetDisplayEnumerationIndex ??
1034 NTSTATUS samr_GetDisplayEnumerationIndex2(
1035 [in,ref] policy_handle *handle,
1037 [in] samr_Name name,
1042 /************************/
1044 NTSTATUS samr_CreateUser2(
1045 [in,ref] policy_handle *handle,
1046 [in,ref] samr_Name *username,
1047 [in] uint32 acct_flags,
1048 [in] uint32 access_mask,
1049 [out,ref] policy_handle *acct_handle,
1050 [out,ref] uint32 *access_granted,
1051 [out,ref] uint32 *rid
1055 /************************/
1059 another duplicate. There must be a reason ....
1061 NTSTATUS samr_QueryDisplayInfo3(
1062 [in,ref] policy_handle *handle,
1064 [in] uint32 start_idx,
1065 [in] uint32 max_entries,
1066 [in] uint32 buf_size,
1067 [out] uint32 total_size,
1068 [out] uint32 returned_size,
1069 [out,switch_is(level)] samr_DispInfo info
1072 /************************/
1074 NTSTATUS samr_AddMultipleMembersToAlias(
1075 [in,ref] policy_handle *handle,
1076 [in,ref] lsa_SidArray *sids
1079 /************************/
1081 NTSTATUS samr_RemoveMultipleMembersFromAlias(
1082 [in,ref] policy_handle *handle,
1083 [in,ref] lsa_SidArray *sids
1086 /************************/
1089 NTSTATUS samr_OemChangePasswordUser2(
1090 [in] samr_AsciiName *server,
1091 [in,ref] samr_AsciiName *account,
1092 [in] samr_CryptPassword *password,
1093 [in] samr_Hash *hash
1096 /************************/
1098 NTSTATUS samr_ChangePasswordUser2(
1099 [in] samr_Name *server,
1100 [in,ref] samr_Name *account,
1101 [in] samr_CryptPassword *nt_password,
1102 [in] samr_Hash *nt_verifier,
1103 [in] bool8 lm_change,
1104 [in] samr_CryptPassword *lm_password,
1105 [in] samr_Hash *lm_verifier
1108 /************************/
1110 NTSTATUS samr_GetDomPwInfo(
1111 [in] samr_Name *name,
1112 [out] samr_PwInfo info
1115 /************************/
1117 NTSTATUS samr_Connect2(
1118 [in] unistr *system_name,
1119 [in] uint32 access_mask,
1120 [out,ref] policy_handle *handle
1123 /************************/
1126 seems to be an exact alias for samr_SetUserInfo()
1128 NTSTATUS samr_SetUserInfo2(
1129 [in,ref] policy_handle *handle,
1131 [in,ref,switch_is(level)] samr_UserInfo *info
1134 /************************/
1137 this one is mysterious. I have a few guesses, but nothing working yet
1139 NTSTATUS samr_SetBootKeyInformation(
1140 [in,ref] policy_handle *handle,
1141 [in] uint32 unknown1,
1142 [in] uint32 unknown2,
1143 [in] uint32 unknown3
1146 /************************/
1148 NTSTATUS samr_GetBootKeyInformation(
1149 [in,ref] policy_handle *handle,
1150 [out] uint32 unknown
1153 /************************/
1155 NTSTATUS samr_Connect3(
1156 [in] unistr *system_name,
1157 /* this unknown value seems to be completely ignored by w2k3 */
1158 [in] uint32 unknown,
1159 [in] uint32 access_mask,
1160 [out,ref] policy_handle *handle
1163 /************************/
1165 NTSTATUS samr_Connect4(
1166 [in] unistr *system_name,
1167 [in] uint32 unknown,
1168 [in] uint32 access_mask,
1169 [out,ref] policy_handle *handle
1172 /************************/
1175 const int SAMR_REJECT_OTHER = 0;
1176 const int SAMR_REJECT_TOO_SHORT = 1;
1177 const int SAMR_REJECT_COMPLEXITY = 2;
1183 } samr_ChangeReject;
1185 NTSTATUS samr_ChangePasswordUser3(
1186 [in] samr_Name *server,
1187 [in,ref] samr_Name *account,
1188 [in] samr_CryptPassword *nt_password,
1189 [in] samr_Hash *nt_verifier,
1190 [in] bool8 lm_change,
1191 [in] samr_CryptPassword *lm_password,
1192 [in] samr_Hash *lm_verifier,
1193 [in] samr_CryptPassword *password3,
1194 [out] samr_DomInfo1 *dominfo,
1195 [out] samr_ChangeReject *reject
1198 /************************/
1202 uint32 unknown1; /* w2k3 gives 3 */
1203 uint32 unknown2; /* w2k3 gives 0 */
1204 } samr_ConnectInfo1;
1207 [case(1)] samr_ConnectInfo1 info1;
1210 NTSTATUS samr_Connect5(
1211 [in] unistr *system_name,
1212 [in] uint32 access_mask,
1213 [in,out] uint32 level,
1214 [in,out,switch_is(level),ref] samr_ConnectInfo *info,
1215 [out,ref] policy_handle *handle
1218 /************************/
1220 NTSTATUS samr_RidToSid(
1221 [in,ref] policy_handle *handle,
1227 /************************/
1231 this should set the DSRM password for the server, which is used
1232 when booting into Directory Services Recovery Mode on a DC. Win2003
1233 gives me NT_STATUS_NOT_SUPPORTED
1236 NTSTATUS samr_SetDsrmPassword(
1237 [in] samr_Name *name,
1238 [in] uint32 unknown,
1239 [in] samr_Hash *hash
1243 /************************/
1246 I haven't been able to work out the format of this one yet.
1247 Seems to start with a switch level for a union?
1249 NTSTATUS samr_ValidatePassword();