librpc/idl/samr.idl

   1 #include "idl_types.h"
   2
   3 /*
   4   samr interface definition
   5 */
   6 import "misc.idl", "lsa.idl", "security.idl";
   7
   8 /*
   9   Thanks to Todd Sabin for some information from his samr.idl in acltools
  10 */
  11
  12 [ uuid("12345778-1234-abcd-ef00-0123456789ac"),
  13   version(1.0),
  14   endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
  15   pointer_default(unique)
  16 ] interface samr
  17 {
  18         typedef bitmap security_secinfo security_secinfo;
  19
  20         /* SAM database types */
  21         typedef [public,v1_enum] enum {
  22                 SAM_DATABASE_DOMAIN  = 0, /* Domain users and groups */
  23                 SAM_DATABASE_BUILTIN = 1, /* BUILTIN users and groups */
  24                 SAM_DATABASE_PRIVS   = 2 /* Privileges */
  25         } netr_SamDatabaseID;
  26
  27         /* account control (acct_flags) bits */
  28         typedef [public,bitmap32bit] bitmap {
  29                 ACB_DISABLED                    = 0x00000001,  /* 1 = User account disabled */
  30                 ACB_HOMDIRREQ                   = 0x00000002,  /* 1 = Home directory required */
  31                 ACB_PWNOTREQ                    = 0x00000004,  /* 1 = User password not required */
  32                 ACB_TEMPDUP                     = 0x00000008,  /* 1 = Temporary duplicate account */
  33                 ACB_NORMAL                      = 0x00000010,  /* 1 = Normal user account */
  34                 ACB_MNS                         = 0x00000020,  /* 1 = MNS logon user account */
  35                 ACB_DOMTRUST                    = 0x00000040,  /* 1 = Interdomain trust account */
  36                 ACB_WSTRUST                     = 0x00000080,  /* 1 = Workstation trust account */
  37                 ACB_SVRTRUST                    = 0x00000100,  /* 1 = Server trust account */
  38                 ACB_PWNOEXP                     = 0x00000200,  /* 1 = User password does not expire */
  39                 ACB_AUTOLOCK                    = 0x00000400,  /* 1 = Account auto locked */
  40                 ACB_ENC_TXT_PWD_ALLOWED         = 0x00000800,  /* 1 = Encryped text password is allowed */
  41                 ACB_SMARTCARD_REQUIRED          = 0x00001000,  /* 1 = Smart Card required */
  42                 ACB_TRUSTED_FOR_DELEGATION      = 0x00002000,  /* 1 = Trusted for Delegation */
  43                 ACB_NOT_DELEGATED               = 0x00004000,  /* 1 = Not delegated */
  44                 ACB_USE_DES_KEY_ONLY            = 0x00008000,  /* 1 = Use DES key only */
  45                 ACB_DONT_REQUIRE_PREAUTH        = 0x00010000,  /* 1 = Preauth not required */
  46                 ACB_PW_EXPIRED                  = 0x00020000,  /* 1 = Password Expired */
  47                 ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x00040000,
  48                 ACB_NO_AUTH_DATA_REQD           = 0x00080000,  /* 1 = No authorization data required */
  49                 ACB_PARTIAL_SECRETS_ACCOUNT     = 0x00100000,
  50                 ACB_USE_AES_KEYS                = 0x00200000
  51         } samr_AcctFlags;
  52
  53         /* SAM server specific access rights */
  54
  55         typedef [bitmap32bit] bitmap {
  56                 SAMR_ACCESS_CONNECT_TO_SERVER   = 0x00000001,
  57                 SAMR_ACCESS_SHUTDOWN_SERVER     = 0x00000002,
  58                 SAMR_ACCESS_INITIALIZE_SERVER   = 0x00000004,
  59                 SAMR_ACCESS_CREATE_DOMAIN       = 0x00000008,
  60                 SAMR_ACCESS_ENUM_DOMAINS        = 0x00000010,
  61                 SAMR_ACCESS_LOOKUP_DOMAIN         = 0x00000020
  62         } samr_ConnectAccessMask;
  63
  64         const int SAMR_ACCESS_ALL_ACCESS = 0x0000003F;
  65
  66         const int GENERIC_RIGHTS_SAM_ALL_ACCESS =
  67                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
  68                  SAMR_ACCESS_ALL_ACCESS);
  69
  70         const int GENERIC_RIGHTS_SAM_READ =
  71                 (STANDARD_RIGHTS_READ_ACCESS            |
  72                  SAMR_ACCESS_ENUM_DOMAINS);
  73
  74         const int GENERIC_RIGHTS_SAM_WRITE =
  75                 (STANDARD_RIGHTS_WRITE_ACCESS           |
  76                  SAMR_ACCESS_CREATE_DOMAIN              |
  77                  SAMR_ACCESS_INITIALIZE_SERVER          |
  78                  SAMR_ACCESS_SHUTDOWN_SERVER);
  79
  80         const int GENERIC_RIGHTS_SAM_EXECUTE =
  81                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
  82                  SAMR_ACCESS_LOOKUP_DOMAIN              |
  83                  SAMR_ACCESS_CONNECT_TO_SERVER);
  84
  85         /* User Object specific access rights */
  86
  87         typedef [bitmap32bit] bitmap {
  88                 SAMR_USER_ACCESS_GET_NAME_ETC             = 0x00000001,
  89                 SAMR_USER_ACCESS_GET_LOCALE               = 0x00000002,
  90                 SAMR_USER_ACCESS_SET_LOC_COM              = 0x00000004,
  91                 SAMR_USER_ACCESS_GET_LOGONINFO            = 0x00000008,
  92                 SAMR_USER_ACCESS_GET_ATTRIBUTES           = 0x00000010,
  93                 SAMR_USER_ACCESS_SET_ATTRIBUTES           = 0x00000020,
  94                 SAMR_USER_ACCESS_CHANGE_PASSWORD          = 0x00000040,
  95                 SAMR_USER_ACCESS_SET_PASSWORD             = 0x00000080,
  96                 SAMR_USER_ACCESS_GET_GROUPS               = 0x00000100,
  97                 SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP     = 0x00000200,
  98                 SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP  = 0x00000400
  99         } samr_UserAccessMask;
 100
 101         const int SAMR_USER_ACCESS_ALL_ACCESS = 0x000007FF;
 102
 103         const int GENERIC_RIGHTS_USER_ALL_ACCESS =
 104                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
 105                  SAMR_USER_ACCESS_ALL_ACCESS);  /* 0x000f07ff */
 106
 107         const int GENERIC_RIGHTS_USER_READ =
 108                 (STANDARD_RIGHTS_READ_ACCESS            |
 109                  SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP  |
 110                  SAMR_USER_ACCESS_GET_GROUPS            |
 111                  SAMR_USER_ACCESS_GET_ATTRIBUTES        |
 112                  SAMR_USER_ACCESS_GET_LOGONINFO         |
 113                  SAMR_USER_ACCESS_GET_LOCALE);  /* 0x0002031a */
 114
 115         const int GENERIC_RIGHTS_USER_WRITE =
 116                 (STANDARD_RIGHTS_WRITE_ACCESS           |
 117                  SAMR_USER_ACCESS_CHANGE_PASSWORD       |
 118                  SAMR_USER_ACCESS_SET_LOC_COM           |
 119                  SAMR_USER_ACCESS_SET_ATTRIBUTES        |
 120                  SAMR_USER_ACCESS_SET_PASSWORD          |
 121                  SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP);     /* 0x000204e4 */
 122
 123         const int GENERIC_RIGHTS_USER_EXECUTE =
 124                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
 125                  SAMR_USER_ACCESS_CHANGE_PASSWORD       |
 126                  SAMR_USER_ACCESS_GET_NAME_ETC);        /* 0x00020041 */
 127
 128         /* Domain Object specific access rights */
 129
 130         typedef [bitmap32bit] bitmap {
 131                 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1  = 0x00000001,
 132                 SAMR_DOMAIN_ACCESS_SET_INFO_1     = 0x00000002,
 133                 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2  = 0x00000004,
 134                 SAMR_DOMAIN_ACCESS_SET_INFO_2     = 0x00000008,
 135                 SAMR_DOMAIN_ACCESS_CREATE_USER    = 0x00000010,
 136                 SAMR_DOMAIN_ACCESS_CREATE_GROUP   = 0x00000020,
 137                 SAMR_DOMAIN_ACCESS_CREATE_ALIAS   = 0x00000040,
 138                 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS   = 0x00000080,
 139                 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS  = 0x00000100,
 140                 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT   = 0x00000200,
 141                 SAMR_DOMAIN_ACCESS_SET_INFO_3     = 0x00000400
 142         } samr_DomainAccessMask;
 143
 144         const int SAMR_DOMAIN_ACCESS_ALL_ACCESS = 0x000007FF;
 145
 146         const int GENERIC_RIGHTS_DOMAIN_ALL_ACCESS =
 147                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
 148                  SAMR_DOMAIN_ACCESS_ALL_ACCESS);
 149
 150         const int GENERIC_RIGHTS_DOMAIN_READ =
 151                 (STANDARD_RIGHTS_READ_ACCESS            |
 152                  SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS        |
 153                  SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2);
 154
 155         const int GENERIC_RIGHTS_DOMAIN_WRITE =
 156                 (STANDARD_RIGHTS_WRITE_ACCESS           |
 157                  SAMR_DOMAIN_ACCESS_SET_INFO_3          |
 158                  SAMR_DOMAIN_ACCESS_CREATE_ALIAS        |
 159                  SAMR_DOMAIN_ACCESS_CREATE_GROUP        |
 160                  SAMR_DOMAIN_ACCESS_CREATE_USER         |
 161                  SAMR_DOMAIN_ACCESS_SET_INFO_2          |
 162                  SAMR_DOMAIN_ACCESS_SET_INFO_1);
 163
 164         const int GENERIC_RIGHTS_DOMAIN_EXECUTE =
 165                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
 166                  SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT        |
 167                  SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS       |
 168                  SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1);
 169
 170         /* Group Object specific access rights */
 171
 172         typedef [bitmap32bit] bitmap {
 173                 SAMR_GROUP_ACCESS_LOOKUP_INFO     = 0x00000001,
 174                 SAMR_GROUP_ACCESS_SET_INFO        = 0x00000002,
 175                 SAMR_GROUP_ACCESS_ADD_MEMBER      = 0x00000004,
 176                 SAMR_GROUP_ACCESS_REMOVE_MEMBER   = 0x00000008,
 177                 SAMR_GROUP_ACCESS_GET_MEMBERS     = 0x00000010
 178         } samr_GroupAccessMask;
 179
 180         const int SAMR_GROUP_ACCESS_ALL_ACCESS = 0x0000001F;
 181
 182         const int GENERIC_RIGHTS_GROUP_ALL_ACCESS =
 183                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
 184                  SAMR_GROUP_ACCESS_ALL_ACCESS); /* 0x000f001f */
 185
 186         const int GENERIC_RIGHTS_GROUP_READ =
 187                 (STANDARD_RIGHTS_READ_ACCESS            |
 188                  SAMR_GROUP_ACCESS_GET_MEMBERS);        /* 0x00020010 */
 189
 190         const int GENERIC_RIGHTS_GROUP_WRITE =
 191                 (STANDARD_RIGHTS_WRITE_ACCESS           |
 192                  SAMR_GROUP_ACCESS_REMOVE_MEMBER        |
 193                  SAMR_GROUP_ACCESS_ADD_MEMBER           |
 194                  SAMR_GROUP_ACCESS_SET_INFO);   /* 0x0002000e */
 195
 196         const int GENERIC_RIGHTS_GROUP_EXECUTE =
 197                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
 198                  SAMR_GROUP_ACCESS_LOOKUP_INFO);        /* 0x00020001 */
 199
 200         /* Alias Object specific access rights */
 201
 202         typedef [bitmap32bit] bitmap {
 203                 SAMR_ALIAS_ACCESS_ADD_MEMBER      = 0x00000001,
 204                 SAMR_ALIAS_ACCESS_REMOVE_MEMBER   = 0x00000002,
 205                 SAMR_ALIAS_ACCESS_GET_MEMBERS     = 0x00000004,
 206                 SAMR_ALIAS_ACCESS_LOOKUP_INFO     = 0x00000008,
 207                 SAMR_ALIAS_ACCESS_SET_INFO        = 0x00000010
 208         } samr_AliasAccessMask;
 209
 210         const int SAMR_ALIAS_ACCESS_ALL_ACCESS = 0x0000001F;
 211
 212         const int GENERIC_RIGHTS_ALIAS_ALL_ACCESS =
 213                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
 214                  SAMR_ALIAS_ACCESS_ALL_ACCESS); /* 0x000f001f */
 215
 216         const int GENERIC_RIGHTS_ALIAS_READ =
 217                 (STANDARD_RIGHTS_READ_ACCESS            |
 218                  SAMR_ALIAS_ACCESS_GET_MEMBERS);        /* 0x00020004 */
 219
 220         const int GENERIC_RIGHTS_ALIAS_WRITE =
 221                 (STANDARD_RIGHTS_WRITE_ACCESS           |
 222                  SAMR_ALIAS_ACCESS_REMOVE_MEMBER        |
 223                  SAMR_ALIAS_ACCESS_ADD_MEMBER           |
 224                  SAMR_ALIAS_ACCESS_SET_INFO);   /* 0x00020013 */
 225
 226         const int GENERIC_RIGHTS_ALIAS_EXECUTE =
 227                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
 228                  SAMR_ALIAS_ACCESS_LOOKUP_INFO);        /* 0x00020008 */
 229
 230         /******************/
 231         /* Function: 0x00 */
 232         NTSTATUS samr_Connect (
 233                 /* notice the lack of [string] */
 234                 [in,unique] uint16 *system_name,
 235                 [in]       samr_ConnectAccessMask access_mask,
 236                 [out,ref]  policy_handle *connect_handle
 237                 );
 238
 239
 240         /******************/
 241         /* Function: 0x01 */
 242         [public] NTSTATUS samr_Close (
 243                 [in,out,ref]  policy_handle *handle
 244                 );
 245
 246         /******************/
 247         /* Function: 0x02 */
 248
 249         NTSTATUS samr_SetSecurity (
 250                 [in,ref]          policy_handle *handle,
 251                 [in]              security_secinfo sec_info,
 252                 [in,ref]          sec_desc_buf *sdbuf
 253                 );
 254
 255         /******************/
 256         /* Function: 0x03 */
 257
 258         NTSTATUS samr_QuerySecurity (
 259                 [in,ref]          policy_handle *handle,
 260                 [in]              security_secinfo sec_info,
 261                 [out,ref]         sec_desc_buf **sdbuf
 262                 );
 263
 264         /******************/
 265         /* Function: 0x04 */
 266
 267         /*
 268           shutdown the SAM - once you call this the SAM will be dead
 269         */
 270         NTSTATUS samr_Shutdown (
 271                 [in,ref]   policy_handle *connect_handle
 272                 );
 273
 274         /******************/
 275         /* Function: 0x05 */
 276         NTSTATUS samr_LookupDomain (
 277                 [in,ref]  policy_handle *connect_handle,
 278                 [in,ref]  lsa_String *domain_name,
 279                 [out,ref] dom_sid2 **sid
 280                 );
 281
 282
 283         /******************/
 284         /* Function: 0x06 */
 285
 286         typedef struct {
 287                 uint32 idx;
 288                 lsa_String name;
 289         } samr_SamEntry;
 290
 291         typedef struct {
 292                 uint32 count;
 293                 [size_is(count)] samr_SamEntry *entries;
 294         } samr_SamArray;
 295
 296         NTSTATUS samr_EnumDomains (
 297                 [in,ref]      policy_handle *connect_handle,
 298                 [in,out,ref]  uint32 *resume_handle,
 299                 [out,ref]     samr_SamArray **sam,
 300                 [in]          uint32 buf_size,
 301                 [out,ref]     uint32 *num_entries
 302                 );
 303
 304
 305         /************************/
 306         /* Function    0x07     */
 307         [public] NTSTATUS samr_OpenDomain(
 308                 [in,ref]      policy_handle *connect_handle,
 309                 [in]          samr_DomainAccessMask access_mask,
 310                 [in,ref]      dom_sid2 *sid,
 311                 [out,ref]     policy_handle *domain_handle
 312                 );
 313
 314         /************************/
 315         /* Function    0x08     */
 316
 317         typedef enum {
 318                 DomainPasswordInformation       = 1,
 319                 DomainGeneralInformation        = 2,
 320                 DomainLogoffInformation         = 3,
 321                 DomainOemInformation            = 4,
 322                 DomainNameInformation           = 5,
 323                 DomainReplicationInformation    = 6,
 324                 DomainServerRoleInformation     = 7,
 325                 DomainModifiedInformation       = 8,
 326                 DomainStateInformation          = 9,
 327                 DomainUasInformation            = 10,
 328                 DomainGeneralInformation2       = 11,
 329                 DomainLockoutInformation        = 12,
 330                 DomainModifiedInformation2      = 13
 331         } samr_DomainInfoClass;
 332
 333         /* server roles */
 334         typedef [v1_enum] enum {
 335                 SAMR_ROLE_STANDALONE    = 0,
 336                 SAMR_ROLE_DOMAIN_MEMBER = 1,
 337                 SAMR_ROLE_DOMAIN_BDC    = 2,
 338                 SAMR_ROLE_DOMAIN_PDC    = 3
 339         } samr_Role;
 340
 341         /* password properties flags */
 342         typedef [public,bitmap32bit] bitmap {
 343                 DOMAIN_PASSWORD_COMPLEX         = 0x00000001,
 344                 DOMAIN_PASSWORD_NO_ANON_CHANGE  = 0x00000002,
 345                 DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004,
 346                 DOMAIN_PASSWORD_LOCKOUT_ADMINS  = 0x00000008,
 347                 DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010,
 348                 DOMAIN_REFUSE_PASSWORD_CHANGE   = 0x00000020
 349         } samr_PasswordProperties;
 350
 351         typedef [v1_enum] enum {
 352                 DOMAIN_SERVER_ENABLED = 1,
 353                 DOMAIN_SERVER_DISABLED = 2
 354         } samr_DomainServerState;
 355
 356         typedef struct {
 357                 uint16 min_password_length;
 358                 uint16 password_history_length;
 359                 samr_PasswordProperties password_properties;
 360                 /* yes, these are signed. They are in negative 100ns */
 361                 dlong  max_password_age;
 362                 dlong  min_password_age;
 363         } samr_DomInfo1;
 364
 365         typedef struct {
 366                 NTTIME force_logoff_time;
 367                 lsa_String oem_information; /* comment */
 368                 lsa_String domain_name;
 369                 lsa_String primary; /* PDC name if this is a BDC */
 370                 udlong sequence_num;
 371                 samr_DomainServerState domain_server_state;
 372                 samr_Role role;
 373                 uint32 unknown3;
 374                 uint32 num_users;
 375                 uint32 num_groups;
 376                 uint32 num_aliases;
 377         } samr_DomGeneralInformation;
 378
 379         typedef struct {
 380                 NTTIME force_logoff_time;
 381         } samr_DomInfo3;
 382
 383         typedef struct {
 384                 lsa_String oem_information; /* comment */
 385         } samr_DomOEMInformation;
 386
 387         typedef struct {
 388                 lsa_String domain_name;
 389         } samr_DomInfo5;
 390
 391         typedef struct {
 392                 lsa_String primary;
 393         } samr_DomInfo6;
 394
 395         typedef struct {
 396                 samr_Role role;
 397         } samr_DomInfo7;
 398
 399         typedef struct {
 400                 hyper sequence_num;
 401                 NTTIME domain_create_time;
 402         } samr_DomInfo8;
 403
 404         typedef struct {
 405                 samr_DomainServerState domain_server_state;
 406         } samr_DomInfo9;
 407
 408         typedef struct {
 409                 samr_DomGeneralInformation general;
 410                 hyper lockout_duration;
 411                 hyper lockout_window;
 412                 uint16 lockout_threshold;
 413         } samr_DomGeneralInformation2;
 414
 415         typedef struct {
 416                 hyper lockout_duration;
 417                 hyper lockout_window;
 418                 uint16 lockout_threshold;
 419         } samr_DomInfo12;
 420
 421         typedef struct {
 422                 hyper sequence_num;
 423                 NTTIME domain_create_time;
 424                 hyper modified_count_at_last_promotion;
 425         } samr_DomInfo13;
 426
 427         typedef [switch_type(uint16)] union {
 428                 [case(1)] samr_DomInfo1 info1;
 429                 [case(2)] samr_DomGeneralInformation general;
 430                 [case(3)] samr_DomInfo3 info3;
 431                 [case(4)] samr_DomOEMInformation oem;
 432                 [case(5)] samr_DomInfo5 info5;
 433                 [case(6)] samr_DomInfo6 info6;
 434                 [case(7)] samr_DomInfo7 info7;
 435                 [case(8)] samr_DomInfo8 info8;
 436                 [case(9)] samr_DomInfo9 info9;
 437                 [case(11)] samr_DomGeneralInformation2 general2;
 438                 [case(12)] samr_DomInfo12 info12;
 439                 [case(13)] samr_DomInfo13 info13;
 440         } samr_DomainInfo;
 441
 442         NTSTATUS samr_QueryDomainInfo(
 443                 [in,ref]      policy_handle *domain_handle,
 444                 [in]          samr_DomainInfoClass level,
 445                 [out,ref,switch_is(level)] samr_DomainInfo **info
 446                 );
 447
 448         /************************/
 449         /* Function    0x09     */
 450         /*
 451           only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
 452           call in w2k3
 453         */
 454         NTSTATUS samr_SetDomainInfo(
 455                 [in,ref]      policy_handle *domain_handle,
 456                 [in]          samr_DomainInfoClass level,
 457                 [in,switch_is(level),ref] samr_DomainInfo *info
 458                 );
 459
 460
 461         /************************/
 462         /* Function    0x0a     */
 463         NTSTATUS samr_CreateDomainGroup(
 464                 [in,ref]      policy_handle *domain_handle,
 465                 [in,ref]      lsa_String *name,
 466                 [in]          samr_GroupAccessMask access_mask,
 467                 [out,ref]     policy_handle *group_handle,
 468                 [out,ref]     uint32 *rid
 469                 );
 470
 471
 472         /************************/
 473         /* Function    0x0b     */
 474         NTSTATUS samr_EnumDomainGroups(
 475                 [in]          policy_handle *domain_handle,
 476                 [in,out,ref]  uint32 *resume_handle,
 477                 [out,ref]     samr_SamArray **sam,
 478                 [in]          uint32 max_size,
 479                 [out,ref]     uint32 *num_entries
 480                 );
 481
 482         /************************/
 483         /* Function    0x0c     */
 484         NTSTATUS samr_CreateUser(
 485                 [in,ref]      policy_handle *domain_handle,
 486                 [in,ref]      lsa_String *account_name,
 487                 [in]          samr_UserAccessMask access_mask,
 488                 [out,ref]     policy_handle *user_handle,
 489                 [out,ref]     uint32 *rid
 490                 );
 491
 492         /************************/
 493         /* Function    0x0d     */
 494
 495
 496         /* w2k3 treats max_size as max_users*54 and sets the
 497            resume_handle as the rid of the last user sent
 498         */
 499         const int SAMR_ENUM_USERS_MULTIPLIER = 54;
 500
 501         NTSTATUS samr_EnumDomainUsers(
 502                 [in]          policy_handle *domain_handle,
 503                 [in,out,ref]  uint32 *resume_handle,
 504                 [in]          samr_AcctFlags acct_flags,
 505                 [out,ref]     samr_SamArray **sam,
 506                 [in]          uint32 max_size,
 507                 [out,ref]     uint32 *num_entries
 508                 );
 509
 510         /************************/
 511         /* Function    0x0e     */
 512         NTSTATUS samr_CreateDomAlias(
 513                 [in,ref]      policy_handle *domain_handle,
 514                 [in,ref]      lsa_String   *alias_name,
 515                 [in]          samr_AliasAccessMask access_mask,
 516                 [out,ref]     policy_handle *alias_handle,
 517                 [out,ref]     uint32        *rid
 518                 );
 519
 520         /************************/
 521         /* Function    0x0f     */
 522         NTSTATUS samr_EnumDomainAliases(
 523                 [in]          policy_handle *domain_handle,
 524                 [in,out,ref]  uint32 *resume_handle,
 525                 [out,ref]     samr_SamArray **sam,
 526                 [in]          uint32 max_size,
 527                 [out,ref]     uint32 *num_entries
 528                 );
 529
 530         /************************/
 531         /* Function    0x10     */
 532
 533         typedef struct {
 534                 [range(0,1024)]  uint32 count;
 535                 [size_is(count)] uint32 *ids;
 536         } samr_Ids;
 537
 538         NTSTATUS samr_GetAliasMembership(
 539                 [in,ref]      policy_handle *domain_handle,
 540                 [in,ref]      lsa_SidArray  *sids,
 541                 [out,ref]     samr_Ids *rids
 542                 );
 543
 544         /************************/
 545         /* Function    0x11     */
 546
 547         [public] NTSTATUS samr_LookupNames(
 548                 [in,ref]      policy_handle *domain_handle,
 549                 [in,range(0,1000)] uint32 num_names,
 550                 [in,size_is(1000),length_is(num_names)] lsa_String names[],
 551                 [out,ref]     samr_Ids *rids,
 552                 [out,ref]     samr_Ids *types
 553                 );
 554
 555
 556         /************************/
 557         /* Function    0x12     */
 558         NTSTATUS samr_LookupRids(
 559                 [in,ref]      policy_handle *domain_handle,
 560                 [in,range(0,1000)] uint32 num_rids,
 561                 [in,size_is(1000),length_is(num_rids)] uint32 rids[],
 562                 [out,ref]     lsa_Strings *names,
 563                 [out,ref]     samr_Ids *types
 564                 );
 565
 566         /************************/
 567         /* Function    0x13     */
 568         NTSTATUS samr_OpenGroup(
 569                 [in,ref]      policy_handle *domain_handle,
 570                 [in]          samr_GroupAccessMask access_mask,
 571                 [in]          uint32 rid,
 572                 [out,ref]     policy_handle *group_handle
 573                 );
 574
 575         /* Group attributes */
 576         typedef [public,bitmap32bit] bitmap {
 577                 SE_GROUP_MANDATORY              = 0x00000001,
 578                 SE_GROUP_ENABLED_BY_DEFAULT     = 0x00000002,
 579                 SE_GROUP_ENABLED                = 0x00000004,
 580                 SE_GROUP_OWNER                  = 0x00000008,
 581                 SE_GROUP_USE_FOR_DENY_ONLY      = 0x00000010,
 582                 SE_GROUP_RESOURCE               = 0x20000000,
 583                 SE_GROUP_LOGON_ID               = 0xC0000000
 584         } samr_GroupAttrs;
 585
 586         /************************/
 587         /* Function    0x14     */
 588
 589         typedef struct {
 590                 lsa_String name;
 591                 samr_GroupAttrs attributes;
 592                 uint32 num_members;
 593                 lsa_String description;
 594         } samr_GroupInfoAll;
 595
 596         typedef struct {
 597                 samr_GroupAttrs attributes;
 598         } samr_GroupInfoAttributes;
 599
 600         typedef struct {
 601                 lsa_String description;
 602         } samr_GroupInfoDescription;
 603
 604         typedef enum {
 605                 GROUPINFOALL          = 1,
 606                 GROUPINFONAME         = 2,
 607                 GROUPINFOATTRIBUTES   = 3,
 608                 GROUPINFODESCRIPTION  = 4,
 609                 GROUPINFOALL2         = 5
 610         } samr_GroupInfoEnum;
 611
 612         typedef [switch_type(samr_GroupInfoEnum)] union {
 613                 [case(GROUPINFOALL)]         samr_GroupInfoAll        all;
 614                 [case(GROUPINFONAME)]        lsa_String               name;
 615                 [case(GROUPINFOATTRIBUTES)]  samr_GroupInfoAttributes attributes;
 616                 [case(GROUPINFODESCRIPTION)] lsa_String               description;
 617                 [case(GROUPINFOALL2)]        samr_GroupInfoAll        all2;
 618         } samr_GroupInfo;
 619
 620         NTSTATUS samr_QueryGroupInfo(
 621                 [in,ref]                  policy_handle *group_handle,
 622                 [in]                      samr_GroupInfoEnum level,
 623                 [out,ref,switch_is(level)] samr_GroupInfo **info
 624                 );
 625
 626         /************************/
 627         /* Function    0x15     */
 628         NTSTATUS samr_SetGroupInfo(
 629                 [in,ref]                  policy_handle *group_handle,
 630                 [in]                      samr_GroupInfoEnum level,
 631                 [in,switch_is(level),ref] samr_GroupInfo *info
 632                 );
 633
 634         /************************/
 635         /* Function    0x16     */
 636         NTSTATUS samr_AddGroupMember(
 637                 [in,ref]                  policy_handle *group_handle,
 638                 [in]                      uint32 rid,
 639                 [in]                      uint32 flags
 640                 );
 641
 642         /************************/
 643         /* Function    0x17     */
 644         NTSTATUS samr_DeleteDomainGroup(
 645                 [in,out,ref]   policy_handle *group_handle
 646                 );
 647
 648         /************************/
 649         /* Function    0x18     */
 650         NTSTATUS samr_DeleteGroupMember(
 651                 [in,ref]                  policy_handle *group_handle,
 652                 [in]                      uint32 rid
 653                 );
 654
 655
 656         /************************/
 657         /* Function    0x19     */
 658         typedef struct {
 659                 uint32 count;
 660                 [size_is(count)] uint32 *rids;
 661                 [size_is(count)] samr_GroupAttrs *attributes;
 662         } samr_RidAttrArray;
 663
 664         NTSTATUS samr_QueryGroupMember(
 665                 [in,ref]  policy_handle *group_handle,
 666                 [out,ref] samr_RidAttrArray **rids
 667                 );
 668
 669
 670         /************************/
 671         /* Function    0x1a     */
 672
 673         /*
 674           win2003 seems to accept any data at all for the two integers
 675           below, and doesn't seem to do anything with them that I can
 676           see. Weird. I really expected the first integer to be a rid
 677           and the second to be the attributes for that rid member.
 678         */
 679         NTSTATUS samr_SetMemberAttributesOfGroup(
 680                 [in,ref]  policy_handle *group_handle,
 681                 [in]      uint32 unknown1,
 682                 [in]      uint32 unknown2
 683                 );
 684
 685
 686         /************************/
 687         /* Function    0x1b     */
 688         NTSTATUS samr_OpenAlias (
 689                 [in,ref]      policy_handle *domain_handle,
 690                 [in]          samr_AliasAccessMask access_mask,
 691                 [in]          uint32 rid,
 692                 [out,ref]     policy_handle *alias_handle
 693                 );
 694
 695
 696         /************************/
 697         /* Function    0x1c     */
 698
 699         typedef struct {
 700                 lsa_String name;
 701                 uint32 num_members;
 702                 lsa_String description;
 703         } samr_AliasInfoAll;
 704
 705         typedef enum {
 706                 ALIASINFOALL          = 1,
 707                 ALIASINFONAME         = 2,
 708                 ALIASINFODESCRIPTION  = 3
 709         } samr_AliasInfoEnum;
 710
 711         typedef [switch_type(samr_AliasInfoEnum)] union {
 712                 [case(ALIASINFOALL)] samr_AliasInfoAll all;
 713                 [case(ALIASINFONAME)] lsa_String name;
 714                 [case(ALIASINFODESCRIPTION)] lsa_String description;
 715         } samr_AliasInfo;
 716
 717         NTSTATUS samr_QueryAliasInfo(
 718                 [in,ref]                  policy_handle  *alias_handle,
 719                 [in]                      samr_AliasInfoEnum      level,
 720                 [out,ref,switch_is(level)] samr_AliasInfo **info
 721                 );
 722
 723         /************************/
 724         /* Function    0x1d     */
 725         NTSTATUS samr_SetAliasInfo(
 726                 [in,ref]                  policy_handle  *alias_handle,
 727                 [in]                      samr_AliasInfoEnum      level,
 728                 [in,switch_is(level),ref] samr_AliasInfo *info
 729                 );
 730
 731         /************************/
 732         /* Function    0x1e     */
 733         NTSTATUS samr_DeleteDomAlias(
 734                 [in,out,ref]  policy_handle *alias_handle
 735                 );
 736
 737         /************************/
 738         /* Function    0x1f     */
 739         NTSTATUS samr_AddAliasMember(
 740                 [in,ref]  policy_handle *alias_handle,
 741                 [in,ref]  dom_sid2      *sid
 742                 );
 743
 744         /************************/
 745         /* Function    0x20     */
 746         NTSTATUS samr_DeleteAliasMember(
 747                 [in,ref] policy_handle *alias_handle,
 748                 [in,ref] dom_sid2      *sid
 749                 );
 750
 751         /************************/
 752         /* Function    0x21     */
 753         NTSTATUS samr_GetMembersInAlias(
 754                 [in,ref]   policy_handle *alias_handle,
 755                 [out,ref]  lsa_SidArray    *sids
 756                 );
 757
 758         /************************/
 759         /* Function    0x22     */
 760         [public] NTSTATUS samr_OpenUser(
 761                 [in,ref]      policy_handle *domain_handle,
 762                 [in]          samr_UserAccessMask access_mask,
 763                 [in]          uint32 rid,
 764                 [out,ref]     policy_handle *user_handle
 765                 );
 766
 767         /************************/
 768         /* Function    0x23     */
 769         NTSTATUS samr_DeleteUser(
 770                 [in,out,ref]   policy_handle *user_handle
 771                 );
 772
 773         /************************/
 774         /* Function    0x24     */
 775
 776         typedef enum {
 777                 UserGeneralInformation          = 1,
 778                 UserPreferencesInformation      = 2,
 779                 UserLogonInformation            = 3,
 780                 UserLogonHoursInformation       = 4,
 781                 UserAccountInformation          = 5,
 782                 UserNameInformation             = 6,
 783                 UserAccountNameInformation      = 7,
 784                 UserFullNameInformation         = 8,
 785                 UserPrimaryGroupInformation     = 9,
 786                 UserHomeInformation             = 10,
 787                 UserScriptInformation           = 11,
 788                 UserProfileInformation          = 12,
 789                 UserAdminCommentInformation     = 13,
 790                 UserWorkStationsInformation     = 14,
 791                 UserControlInformation          = 16,
 792                 UserExpiresInformation          = 17,
 793                 UserInternal1Information        = 18,
 794                 UserParametersInformation       = 20,
 795                 UserAllInformation              = 21,
 796                 UserInternal4Information        = 23,
 797                 UserInternal5Information        = 24,
 798                 UserInternal4InformationNew     = 25,
 799                 UserInternal5InformationNew     = 26
 800         } samr_UserInfoLevel;
 801
 802         typedef struct {
 803                 lsa_String account_name;
 804                 lsa_String full_name;
 805                 uint32 primary_gid;
 806                 lsa_String description;
 807                 lsa_String comment;
 808         } samr_UserInfo1;
 809
 810         typedef struct {
 811                 lsa_String comment;
 812                 lsa_String reserved; /* settable, but doesn't stick. probably obsolete */
 813                 uint16 country_code;
 814                 uint16 code_page;
 815         } samr_UserInfo2;
 816
 817         /* this is also used in samr and netlogon */
 818         typedef [public, flag(NDR_PAHEX)] struct {
 819                 uint16 units_per_week;
 820                 [size_is(1260), length_is(units_per_week/8)] uint8 *bits;
 821         } samr_LogonHours;
 822
 823         typedef struct {
 824                 lsa_String account_name;
 825                 lsa_String full_name;
 826                 uint32 rid;
 827                 uint32 primary_gid;
 828                 lsa_String home_directory;
 829                 lsa_String home_drive;
 830                 lsa_String logon_script;
 831                 lsa_String profile_path;
 832                 lsa_String workstations;
 833                 NTTIME last_logon;
 834                 NTTIME last_logoff;
 835                 NTTIME last_password_change;
 836                 NTTIME allow_password_change;
 837                 NTTIME force_password_change;
 838                 samr_LogonHours logon_hours;
 839                 uint16 bad_password_count;
 840                 uint16 logon_count;
 841                 samr_AcctFlags acct_flags;
 842         } samr_UserInfo3;
 843
 844         typedef struct {
 845                 samr_LogonHours logon_hours;
 846         } samr_UserInfo4;
 847
 848         typedef struct {
 849                 lsa_String account_name;
 850                 lsa_String full_name;
 851                 uint32 rid;
 852                 uint32 primary_gid;
 853                 lsa_String home_directory;
 854                 lsa_String home_drive;
 855                 lsa_String logon_script;
 856                 lsa_String profile_path;
 857                 lsa_String description;
 858                 lsa_String workstations;
 859                 NTTIME last_logon;
 860                 NTTIME last_logoff;
 861                 samr_LogonHours logon_hours;
 862                 uint16 bad_password_count;
 863                 uint16 logon_count;
 864                 NTTIME last_password_change;
 865                 NTTIME acct_expiry;
 866                 samr_AcctFlags acct_flags;
 867         } samr_UserInfo5;
 868
 869         typedef struct {
 870                 lsa_String account_name;
 871                 lsa_String full_name;
 872         } samr_UserInfo6;
 873
 874         typedef struct {
 875                 lsa_String account_name;
 876         } samr_UserInfo7;
 877
 878         typedef struct {
 879                 lsa_String full_name;
 880         } samr_UserInfo8;
 881
 882         typedef struct {
 883                 uint32 primary_gid;
 884         } samr_UserInfo9;
 885
 886         typedef struct {
 887                 lsa_String home_directory;
 888                 lsa_String home_drive;
 889         } samr_UserInfo10;
 890
 891         typedef struct {
 892                 lsa_String logon_script;
 893         } samr_UserInfo11;
 894
 895         typedef struct {
 896                 lsa_String profile_path;
 897         } samr_UserInfo12;
 898
 899         typedef struct {
 900                 lsa_String description;
 901         } samr_UserInfo13;
 902
 903         typedef struct {
 904                 lsa_String workstations;
 905         } samr_UserInfo14;
 906
 907         typedef struct {
 908                 samr_AcctFlags acct_flags;
 909         } samr_UserInfo16;
 910
 911         typedef struct {
 912                 NTTIME acct_expiry;
 913         } samr_UserInfo17;
 914
 915         typedef [public, flag(NDR_PAHEX)] struct {
 916                 uint8 hash[16];
 917         } samr_Password;
 918
 919         typedef struct {
 920                 samr_Password nt_pwd;
 921                 samr_Password lm_pwd;
 922                 boolean8 nt_pwd_active;
 923                 boolean8 lm_pwd_active;
 924                 uint8 password_expired;
 925         } samr_UserInfo18;
 926
 927         typedef struct {
 928                 lsa_BinaryString parameters;
 929         } samr_UserInfo20;
 930
 931         /* this defines the bits used for fields_present in info21 */
 932         typedef [bitmap32bit] bitmap {
 933                 SAMR_FIELD_ACCOUNT_NAME     = 0x00000001,
 934                 SAMR_FIELD_FULL_NAME        = 0x00000002,
 935                 SAMR_FIELD_RID              = 0x00000004,
 936                 SAMR_FIELD_PRIMARY_GID      = 0x00000008,
 937                 SAMR_FIELD_DESCRIPTION      = 0x00000010,
 938                 SAMR_FIELD_COMMENT          = 0x00000020,
 939                 SAMR_FIELD_HOME_DIRECTORY   = 0x00000040,
 940                 SAMR_FIELD_HOME_DRIVE       = 0x00000080,
 941                 SAMR_FIELD_LOGON_SCRIPT     = 0x00000100,
 942                 SAMR_FIELD_PROFILE_PATH     = 0x00000200,
 943                 SAMR_FIELD_WORKSTATIONS     = 0x00000400,
 944                 SAMR_FIELD_LAST_LOGON       = 0x00000800,
 945                 SAMR_FIELD_LAST_LOGOFF      = 0x00001000,
 946                 SAMR_FIELD_LOGON_HOURS      = 0x00002000,
 947                 SAMR_FIELD_BAD_PWD_COUNT    = 0x00004000,
 948                 SAMR_FIELD_NUM_LOGONS       = 0x00008000,
 949                 SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000,
 950                 SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000,
 951                 SAMR_FIELD_LAST_PWD_CHANGE  = 0x00040000,
 952                 SAMR_FIELD_ACCT_EXPIRY      = 0x00080000,
 953                 SAMR_FIELD_ACCT_FLAGS       = 0x00100000,
 954                 SAMR_FIELD_PARAMETERS       = 0x00200000,
 955                 SAMR_FIELD_COUNTRY_CODE     = 0x00400000,
 956                 SAMR_FIELD_CODE_PAGE        = 0x00800000,
 957                 SAMR_FIELD_NT_PASSWORD_PRESENT = 0x01000000, /* either of these */
 958                 SAMR_FIELD_LM_PASSWORD_PRESENT = 0x02000000, /* two bits seems to work */
 959                 SAMR_FIELD_PRIVATE_DATA     = 0x04000000,
 960                 SAMR_FIELD_EXPIRED_FLAG     = 0x08000000,
 961                 SAMR_FIELD_SEC_DESC         = 0x10000000,
 962                 SAMR_FIELD_OWF_PWD          = 0x20000000
 963         } samr_FieldsPresent;
 964
 965         /* used for 'password_expired' in samr_UserInfo21 */
 966         const int PASS_MUST_CHANGE_AT_NEXT_LOGON = 0x01;
 967         const int PASS_DONT_CHANGE_AT_NEXT_LOGON = 0x00;
 968
 969         typedef struct {
 970                 NTTIME last_logon;
 971                 NTTIME last_logoff;
 972                 NTTIME last_password_change;
 973                 NTTIME acct_expiry;
 974                 NTTIME allow_password_change;
 975                 NTTIME force_password_change;
 976                 lsa_String account_name;
 977                 lsa_String full_name;
 978                 lsa_String home_directory;
 979                 lsa_String home_drive;
 980                 lsa_String logon_script;
 981                 lsa_String profile_path;
 982                 lsa_String description;
 983                 lsa_String workstations;
 984                 lsa_String comment;
 985                 lsa_BinaryString parameters;
 986                 lsa_BinaryString lm_owf_password;
 987                 lsa_BinaryString nt_owf_password;
 988                 lsa_String private_data;
 989                 uint32 buf_count;
 990                 [size_is(buf_count)] uint8 *buffer;
 991                 uint32 rid;
 992                 uint32 primary_gid;
 993                 samr_AcctFlags acct_flags;
 994                 samr_FieldsPresent fields_present;
 995                 samr_LogonHours logon_hours;
 996                 uint16 bad_password_count;
 997                 uint16 logon_count;
 998                 uint16 country_code;
 999                 uint16 code_page;
1000                 uint8  lm_password_set;
1001                 uint8  nt_password_set;
1002                 uint8  password_expired;
1003                 uint8  private_data_sensitive;
1004         } samr_UserInfo21;
1005
1006         typedef [public, flag(NDR_PAHEX)] struct {
1007                 uint8 data[516];
1008         } samr_CryptPassword;
1009
1010         typedef struct {
1011                 samr_UserInfo21 info;
1012                 samr_CryptPassword password;
1013         } samr_UserInfo23;
1014
1015         typedef struct {
1016                 samr_CryptPassword password;
1017                 uint8 password_expired;
1018         } samr_UserInfo24;
1019
1020         typedef [flag(NDR_PAHEX)] struct {
1021                 uint8 data[532];
1022         } samr_CryptPasswordEx;
1023
1024         typedef struct {
1025                 samr_UserInfo21 info;
1026                 samr_CryptPasswordEx password;
1027         } samr_UserInfo25;
1028
1029         typedef struct {
1030                 samr_CryptPasswordEx password;
1031                 uint8 password_expired;
1032         } samr_UserInfo26;
1033
1034         typedef [switch_type(uint16)] union {
1035                 [case(1)] samr_UserInfo1 info1;
1036                 [case(2)] samr_UserInfo2 info2;
1037                 [case(3)] samr_UserInfo3 info3;
1038                 [case(4)] samr_UserInfo4 info4;
1039                 [case(5)] samr_UserInfo5 info5;
1040                 [case(6)] samr_UserInfo6 info6;
1041                 [case(7)] samr_UserInfo7 info7;
1042                 [case(8)] samr_UserInfo8 info8;
1043                 [case(9)] samr_UserInfo9 info9;
1044                 [case(10)] samr_UserInfo10 info10;
1045                 [case(11)] samr_UserInfo11 info11;
1046                 [case(12)] samr_UserInfo12 info12;
1047                 [case(13)] samr_UserInfo13 info13;
1048                 [case(14)] samr_UserInfo14 info14;
1049                 [case(16)] samr_UserInfo16 info16;
1050                 [case(17)] samr_UserInfo17 info17;
1051                 [case(18)] samr_UserInfo18 info18;
1052                 [case(20)] samr_UserInfo20 info20;
1053                 [case(21)] samr_UserInfo21 info21;
1054                 [case(23)] samr_UserInfo23 info23;
1055                 [case(24)] samr_UserInfo24 info24;
1056                 [case(25)] samr_UserInfo25 info25;
1057                 [case(26)] samr_UserInfo26 info26;
1058         } samr_UserInfo;
1059
1060         [public] NTSTATUS samr_QueryUserInfo(
1061                 [in,ref]                  policy_handle *user_handle,
1062                 [in]                      samr_UserInfoLevel level,
1063                 [out,ref,switch_is(level)] samr_UserInfo **info
1064                 );
1065
1066
1067         /************************/
1068         /* Function    0x25     */
1069         [public] NTSTATUS samr_SetUserInfo(
1070                 [in,ref]                   policy_handle *user_handle,
1071                 [in]                       samr_UserInfoLevel level,
1072                 [in,ref,switch_is(level)]  samr_UserInfo *info
1073                 );
1074
1075         /************************/
1076         /* Function    0x26     */
1077         /*
1078           this is a password change interface that doesn't give
1079           the server the plaintext password. Depricated.
1080         */
1081         NTSTATUS samr_ChangePasswordUser(
1082                 [in,ref]    policy_handle *user_handle,
1083                 [in]        boolean8 lm_present,
1084                 [in,unique] samr_Password *old_lm_crypted,
1085                 [in,unique] samr_Password *new_lm_crypted,
1086                 [in]        boolean8 nt_present,
1087                 [in,unique] samr_Password *old_nt_crypted,
1088                 [in,unique] samr_Password *new_nt_crypted,
1089                 [in]        boolean8 cross1_present,
1090                 [in,unique] samr_Password *nt_cross,
1091                 [in]        boolean8 cross2_present,
1092                 [in,unique] samr_Password *lm_cross
1093                 );
1094
1095         /************************/
1096         /* Function    0x27     */
1097
1098         typedef [public] struct {
1099                 uint32 rid;
1100                 samr_GroupAttrs attributes;
1101         } samr_RidWithAttribute;
1102
1103         typedef [public] struct {
1104                 uint32     count;
1105                 [size_is(count)] samr_RidWithAttribute *rids;
1106         } samr_RidWithAttributeArray;
1107
1108         NTSTATUS samr_GetGroupsForUser(
1109                 [in,ref]   policy_handle *user_handle,
1110                 [out,ref]  samr_RidWithAttributeArray  **rids
1111                 );
1112
1113         /************************/
1114         /* Function    0x28     */
1115
1116         typedef struct {
1117                 uint32    idx;
1118                 uint32    rid;
1119                 samr_AcctFlags acct_flags;
1120                 lsa_String account_name;
1121                 lsa_String description;
1122                 lsa_String full_name;
1123         } samr_DispEntryGeneral;
1124
1125         typedef struct {
1126                 uint32 count;
1127                 [size_is(count)] samr_DispEntryGeneral *entries;
1128         } samr_DispInfoGeneral;
1129
1130         typedef struct {
1131                 uint32    idx;
1132                 uint32    rid;
1133                 samr_AcctFlags acct_flags;
1134                 lsa_String account_name;
1135                 lsa_String description;
1136         } samr_DispEntryFull;
1137
1138         typedef struct {
1139                 uint32 count;
1140                 [size_is(count)] samr_DispEntryFull *entries;
1141         } samr_DispInfoFull;
1142
1143         typedef struct {
1144                 uint32    idx;
1145                 uint32    rid;
1146                 samr_GroupAttrs acct_flags;
1147                 lsa_String account_name;
1148                 lsa_String description;
1149         } samr_DispEntryFullGroup;
1150
1151         typedef struct {
1152                 uint32 count;
1153                 [size_is(count)] samr_DispEntryFullGroup *entries;
1154         } samr_DispInfoFullGroups;
1155
1156         typedef struct {
1157                 uint32    idx;
1158                 lsa_AsciiStringLarge account_name;
1159         } samr_DispEntryAscii;
1160
1161         typedef struct {
1162                 uint32 count;
1163                 [size_is(count)] samr_DispEntryAscii *entries;
1164         } samr_DispInfoAscii;
1165
1166         typedef [switch_type(uint16)] union {
1167                 [case(1)] samr_DispInfoGeneral info1;/* users */
1168                 [case(2)] samr_DispInfoFull info2; /* trust accounts? */
1169                 [case(3)] samr_DispInfoFullGroups info3; /* groups */
1170                 [case(4)] samr_DispInfoAscii info4; /* users */
1171                 [case(5)] samr_DispInfoAscii info5; /* groups */
1172         } samr_DispInfo;
1173
1174         NTSTATUS samr_QueryDisplayInfo(
1175                 [in,ref]    policy_handle *domain_handle,
1176                 [in]        uint16 level,
1177                 [in]        uint32 start_idx,
1178                 [in]        uint32 max_entries,
1179                 [in]        uint32 buf_size,
1180                 [out,ref]   uint32 *total_size,
1181                 [out,ref]   uint32 *returned_size,
1182                 [out,ref,switch_is(level)] samr_DispInfo *info
1183                 );
1184
1185
1186         /************************/
1187         /* Function    0x29     */
1188
1189         /*
1190           this seems to be an alphabetic search function. The returned index
1191           is the index for samr_QueryDisplayInfo needed to get names occurring
1192           after the specified name. The supplied name does not need to exist
1193           in the database (for example you can supply just a first letter for
1194           searching starting at that letter)
1195
1196           The level corresponds to the samr_QueryDisplayInfo level
1197         */
1198         NTSTATUS samr_GetDisplayEnumerationIndex(
1199                 [in,ref]    policy_handle *domain_handle,
1200                 [in]        uint16 level,
1201                 [in,ref]    lsa_String *name,
1202                 [out,ref]   uint32 *idx
1203                 );
1204
1205
1206
1207         /************************/
1208         /* Function    0x2a     */
1209
1210         /*
1211           w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
1212         */
1213         NTSTATUS samr_TestPrivateFunctionsDomain(
1214                 [in,ref]    policy_handle *domain_handle
1215                 );
1216
1217
1218         /************************/
1219         /* Function    0x2b     */
1220
1221         /*
1222           w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
1223         */
1224         NTSTATUS samr_TestPrivateFunctionsUser(
1225                 [in,ref]    policy_handle *user_handle
1226                 );
1227
1228
1229         /************************/
1230         /* Function    0x2c     */
1231
1232         typedef struct {
1233                 uint16 min_password_length;
1234                 samr_PasswordProperties password_properties;
1235         } samr_PwInfo;
1236
1237         [public] NTSTATUS samr_GetUserPwInfo(
1238                 [in,ref]    policy_handle *user_handle,
1239                 [out,ref]   samr_PwInfo *info
1240                 );
1241
1242         /************************/
1243         /* Function    0x2d     */
1244         NTSTATUS samr_RemoveMemberFromForeignDomain(
1245                 [in,ref]    policy_handle *domain_handle,
1246                 [in,ref]    dom_sid2 *sid
1247                 );
1248
1249         /************************/
1250         /* Function    0x2e     */
1251
1252         /*
1253           how is this different from QueryDomainInfo ??
1254         */
1255         NTSTATUS samr_QueryDomainInfo2(
1256                 [in,ref]      policy_handle *domain_handle,
1257                 [in]          samr_DomainInfoClass level,
1258                 [out,ref,switch_is(level)] samr_DomainInfo **info
1259                 );
1260
1261         /************************/
1262         /* Function    0x2f     */
1263
1264         /*
1265           how is this different from QueryUserInfo ??
1266         */
1267         NTSTATUS samr_QueryUserInfo2(
1268                 [in,ref]                  policy_handle *user_handle,
1269                 [in]                      samr_UserInfoLevel level,
1270                 [out,ref,switch_is(level)]    samr_UserInfo **info
1271                 );
1272
1273         /************************/
1274         /* Function    0x30     */
1275
1276         /*
1277           how is this different from QueryDisplayInfo??
1278         */
1279         NTSTATUS samr_QueryDisplayInfo2(
1280                 [in,ref]    policy_handle *domain_handle,
1281                 [in]        uint16 level,
1282                 [in]        uint32 start_idx,
1283                 [in]        uint32 max_entries,
1284                 [in]        uint32 buf_size,
1285                 [out,ref]   uint32 *total_size,
1286                 [out,ref]   uint32 *returned_size,
1287                 [out,ref,switch_is(level)] samr_DispInfo *info
1288                 );
1289
1290         /************************/
1291         /* Function    0x31     */
1292
1293         /*
1294           how is this different from GetDisplayEnumerationIndex ??
1295         */
1296         NTSTATUS samr_GetDisplayEnumerationIndex2(
1297                 [in,ref]    policy_handle *domain_handle,
1298                 [in]        uint16 level,
1299                 [in,ref]    lsa_String *name,
1300                 [out,ref]   uint32 *idx
1301                 );
1302
1303
1304         /************************/
1305         /* Function    0x32     */
1306         NTSTATUS samr_CreateUser2(
1307                 [in,ref]      policy_handle *domain_handle,
1308                 [in,ref]      lsa_String *account_name,
1309                 [in]          samr_AcctFlags acct_flags,
1310                 [in]          samr_UserAccessMask access_mask,
1311                 [out,ref]     policy_handle *user_handle,
1312                 [out,ref]     uint32 *access_granted,
1313                 [out,ref]     uint32 *rid
1314                 );
1315
1316
1317         /************************/
1318         /* Function    0x33     */
1319
1320         /*
1321           another duplicate. There must be a reason ....
1322         */
1323         NTSTATUS samr_QueryDisplayInfo3(
1324                 [in,ref]    policy_handle *domain_handle,
1325                 [in]        uint16 level,
1326                 [in]        uint32 start_idx,
1327                 [in]        uint32 max_entries,
1328                 [in]        uint32 buf_size,
1329                 [out,ref]   uint32 *total_size,
1330                 [out,ref]   uint32 *returned_size,
1331                 [out,ref,switch_is(level)] samr_DispInfo *info
1332                 );
1333
1334         /************************/
1335         /* Function    0x34     */
1336         NTSTATUS samr_AddMultipleMembersToAlias(
1337                 [in,ref]    policy_handle *alias_handle,
1338                 [in,ref]    lsa_SidArray *sids
1339                 );
1340
1341         /************************/
1342         /* Function    0x35     */
1343         NTSTATUS samr_RemoveMultipleMembersFromAlias(
1344                 [in,ref]    policy_handle *alias_handle,
1345                 [in,ref]    lsa_SidArray *sids
1346                 );
1347
1348         /************************/
1349         /* Function    0x36     */
1350
1351         NTSTATUS samr_OemChangePasswordUser2(
1352                 [in,unique]       lsa_AsciiString *server,
1353                 [in,ref]          lsa_AsciiString *account,
1354                 [in,unique]       samr_CryptPassword *password,
1355                 [in,unique]       samr_Password *hash
1356                 );
1357
1358         /************************/
1359         /* Function    0x37     */
1360         NTSTATUS samr_ChangePasswordUser2(
1361                 [in,unique]       lsa_String *server,
1362                 [in,ref]          lsa_String *account,
1363                 [in,unique]       samr_CryptPassword *nt_password,
1364                 [in,unique]       samr_Password *nt_verifier,
1365                 [in]              boolean8 lm_change,
1366                 [in,unique]       samr_CryptPassword *lm_password,
1367                 [in,unique]       samr_Password *lm_verifier
1368                 );
1369
1370         /************************/
1371         /* Function    0x38     */
1372         NTSTATUS samr_GetDomPwInfo(
1373                 [in,unique] lsa_String *domain_name,
1374                 [out,ref]   samr_PwInfo *info
1375                 );
1376
1377         /************************/
1378         /* Function    0x39     */
1379         NTSTATUS samr_Connect2(
1380                 [in,unique,string,charset(UTF16)] uint16 *system_name,
1381                 [in] samr_ConnectAccessMask access_mask,
1382                 [out,ref]  policy_handle *connect_handle
1383                 );
1384
1385         /************************/
1386         /* Function    0x3a     */
1387         /*
1388           seems to be an exact alias for samr_SetUserInfo()
1389         */
1390         [public] NTSTATUS samr_SetUserInfo2(
1391                 [in,ref]                   policy_handle *user_handle,
1392                 [in]                       samr_UserInfoLevel level,
1393                 [in,ref,switch_is(level)]  samr_UserInfo *info
1394                 );
1395
1396         /************************/
1397         /* Function    0x3b     */
1398         /*
1399           this one is mysterious. I have a few guesses, but nothing working yet
1400         */
1401         NTSTATUS samr_SetBootKeyInformation(
1402                 [in,ref]   policy_handle *connect_handle,
1403                 [in]       uint32 unknown1,
1404                 [in]       uint32 unknown2,
1405                 [in]       uint32 unknown3
1406                 );
1407
1408         /************************/
1409         /* Function    0x3c     */
1410         NTSTATUS samr_GetBootKeyInformation(
1411                 [in,ref]   policy_handle *domain_handle,
1412                 [out,ref]  uint32 *unknown
1413                 );
1414
1415         /************************/
1416         /* Function    0x3d     */
1417         NTSTATUS samr_Connect3(
1418                 [in,unique,string,charset(UTF16)] uint16 *system_name,
1419                 /* this unknown value seems to be completely ignored by w2k3 */
1420                 [in] uint32 unknown,
1421                 [in] samr_ConnectAccessMask access_mask,
1422                 [out,ref]  policy_handle *connect_handle
1423                 );
1424
1425         /************************/
1426         /* Function    0x3e     */
1427
1428         typedef [v1_enum] enum {
1429                 SAMR_CONNECT_PRE_W2K    = 1,
1430                 SAMR_CONNECT_W2K        = 2,
1431                 SAMR_CONNECT_AFTER_W2K  = 3
1432         } samr_ConnectVersion;
1433
1434         NTSTATUS samr_Connect4(
1435                 [in,unique,string,charset(UTF16)] uint16 *system_name,
1436                 [in] samr_ConnectVersion client_version,
1437                 [in] samr_ConnectAccessMask access_mask,
1438                 [out,ref]  policy_handle *connect_handle
1439                 );
1440
1441         /************************/
1442         /* Function    0x3f     */
1443
1444         typedef [public,v1_enum] enum {
1445                 SAM_PWD_CHANGE_NO_ERROR             = 0,
1446                 SAM_PWD_CHANGE_PASSWORD_TOO_SHORT   = 1,
1447                 SAM_PWD_CHANGE_PWD_IN_HISTORY       = 2,
1448                 SAM_PWD_CHANGE_USERNAME_IN_PASSWORD = 3,
1449                 SAM_PWD_CHANGE_FULLNAME_IN_PASSWORD = 4,
1450                 SAM_PWD_CHANGE_NOT_COMPLEX          = 5,
1451                 SAM_PWD_CHANGE_MACHINE_NOT_DEFAULT  = 6,
1452                 SAM_PWD_CHANGE_FAILED_BY_FILTER     = 7,
1453                 SAM_PWD_CHANGE_PASSWORD_TOO_LONG    = 8
1454         } samPwdChangeReason;
1455
1456         typedef struct {
1457                 samPwdChangeReason extendedFailureReason;
1458                 [string,charset(UTF16)] uint16 *filterModuleName;
1459         } userPwdChangeFailureInformation;
1460
1461         NTSTATUS samr_ChangePasswordUser3(
1462                 [in,unique]       lsa_String *server,
1463                 [in,ref]          lsa_String *account,
1464                 [in,unique]       samr_CryptPassword *nt_password,
1465                 [in,unique]       samr_Password *nt_verifier,
1466                 [in]              boolean8 lm_change,
1467                 [in,unique]       samr_CryptPassword *lm_password,
1468                 [in,unique]       samr_Password *lm_verifier,
1469                 [in,unique]       samr_CryptPassword *password3,
1470                 [out,ref]         samr_DomInfo1 **dominfo,
1471                 [out,ref]         userPwdChangeFailureInformation **reject
1472                 );
1473
1474         /************************/
1475         /* Function    0x40      */
1476
1477         typedef struct {
1478                 samr_ConnectVersion client_version; /* w2k3 gives 3 */
1479                 uint32         unknown2; /* w2k3 gives 0 */
1480         } samr_ConnectInfo1;
1481
1482         typedef union {
1483                 [case(1)]  samr_ConnectInfo1 info1;
1484         } samr_ConnectInfo;
1485
1486         [public] NTSTATUS samr_Connect5(
1487                 [in,unique,string,charset(UTF16)] uint16 *system_name,
1488                 [in]       samr_ConnectAccessMask  access_mask,
1489                 [in]       uint32             level_in,
1490                 [in,ref,switch_is(level_in)] samr_ConnectInfo *info_in,
1491                 [out,ref]  uint32             *level_out,
1492                 [out,ref,switch_is(*level_out)] samr_ConnectInfo *info_out,
1493                 [out,ref]  policy_handle      *connect_handle
1494                 );
1495
1496         /************************/
1497         /* Function    0x41     */
1498         NTSTATUS samr_RidToSid(
1499                 [in,ref]    policy_handle *domain_handle,
1500                 [in]        uint32        rid,
1501                 [out,ref]   dom_sid2      **sid
1502                 );
1503
1504         /************************/
1505         /* Function    0x42     */
1506
1507         /*
1508           this should set the DSRM password for the server, which is used
1509           when booting into Directory Services Recovery Mode on a DC. Win2003
1510           gives me NT_STATUS_NOT_SUPPORTED
1511         */
1512
1513         NTSTATUS samr_SetDsrmPassword(
1514                 [in,unique] lsa_String *name,
1515                 [in]       uint32 unknown,
1516                 [in,unique] samr_Password *hash
1517                 );
1518
1519
1520         /************************/
1521         /* Function    0x43     */
1522         /************************/
1523         typedef [bitmap32bit] bitmap {
1524                 SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET           = 0x00000001,
1525                 SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME           = 0x00000002,
1526                 SAMR_VALIDATE_FIELD_LOCKOUT_TIME                = 0x00000004,
1527                 SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT          = 0x00000008,
1528                 SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH     = 0x00000010,
1529                 SAMR_VALIDATE_FIELD_PASSWORD_HISTORY            = 0x00000020
1530         } samr_ValidateFieldsPresent;
1531
1532         typedef enum {
1533                 NetValidateAuthentication = 1,
1534                 NetValidatePasswordChange= 2,
1535                 NetValidatePasswordReset = 3
1536         } samr_ValidatePasswordLevel;
1537
1538         /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't
1539          * identified the mapping of
1540          * - NERR_PasswordFilterError
1541          * - NERR_PasswordExpired and
1542          * - NERR_PasswordCantChange
1543          * yet - Guenther
1544          */
1545
1546         typedef enum {
1547                 SAMR_VALIDATION_STATUS_SUCCESS = 0,
1548                 SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1,
1549                 SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2,
1550                 SAMR_VALIDATION_STATUS_PASSWORD_EXPIRED = 3,
1551                 SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4,
1552                 SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5,
1553                 SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6,
1554                 SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7,
1555                 SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8,
1556                 SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9,
1557                 SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR = 10
1558         } samr_ValidationStatus;
1559
1560         typedef struct {
1561                 uint32 length;
1562                 [size_is(length)] uint8 *data;
1563         } samr_ValidationBlob;
1564
1565         typedef struct {
1566                 samr_ValidateFieldsPresent fields_present;
1567                 NTTIME_hyper last_password_change;
1568                 NTTIME_hyper bad_password_time;
1569                 NTTIME_hyper lockout_time;
1570                 uint32 bad_pwd_count;
1571                 uint32 pwd_history_len;
1572                 [size_is(pwd_history_len)] samr_ValidationBlob *pwd_history;
1573         } samr_ValidatePasswordInfo;
1574
1575         typedef struct {
1576                 samr_ValidatePasswordInfo info;
1577                 samr_ValidationStatus status;
1578         } samr_ValidatePasswordRepCtr;
1579
1580         typedef [switch_type(uint16)] union {
1581                 [case(1)] samr_ValidatePasswordRepCtr ctr1;
1582                 [case(2)] samr_ValidatePasswordRepCtr ctr2;
1583                 [case(3)] samr_ValidatePasswordRepCtr ctr3;
1584         } samr_ValidatePasswordRep;
1585
1586         typedef struct {
1587                 samr_ValidatePasswordInfo info;
1588                 lsa_StringLarge password;
1589                 lsa_StringLarge account;
1590                 samr_ValidationBlob hash;
1591                 boolean8 pwd_must_change_at_next_logon;
1592                 boolean8 clear_lockout;
1593         } samr_ValidatePasswordReq3;
1594
1595         typedef struct {
1596                 samr_ValidatePasswordInfo info;
1597                 lsa_StringLarge password;
1598                 lsa_StringLarge account;
1599                 samr_ValidationBlob hash;
1600                 boolean8 password_matched;
1601         } samr_ValidatePasswordReq2;
1602
1603         typedef struct {
1604                 samr_ValidatePasswordInfo info;
1605                 boolean8 password_matched;
1606         } samr_ValidatePasswordReq1;
1607
1608         typedef [switch_type(uint16)] union {
1609                 [case(1)] samr_ValidatePasswordReq1 req1;
1610                 [case(2)] samr_ValidatePasswordReq2 req2;
1611                 [case(3)] samr_ValidatePasswordReq3 req3;
1612         } samr_ValidatePasswordReq;
1613
1614         NTSTATUS samr_ValidatePassword(
1615                 [in] samr_ValidatePasswordLevel level,
1616                 [in,switch_is(level)] samr_ValidatePasswordReq *req,
1617                 [out,ref,switch_is(level)] samr_ValidatePasswordRep **rep
1618                 );
1619 }