4 samr interface definition
8 Thanks to Todd Sabin for some information from his samr.idl in acltools
11 [ uuid(12345778-1234-abcd-ef00-0123456789ac),
13 endpoints(samr,TCP-0),
14 pointer_default(unique)
17 /* account control (acct_flags) bits */
18 const int ACB_DISABLED = 0x0001; /* 1 = User account disabled */
19 const int ACB_HOMDIRREQ = 0x0002; /* 1 = Home directory required */
20 const int ACB_PWNOTREQ = 0x0004; /* 1 = User password not required */
21 const int ACB_TEMPDUP = 0x0008; /* 1 = Temporary duplicate account */
22 const int ACB_NORMAL = 0x0010; /* 1 = Normal user account */
23 const int ACB_MNS = 0x0020; /* 1 = MNS logon user account */
24 const int ACB_DOMTRUST = 0x0040; /* 1 = Interdomain trust account */
25 const int ACB_WSTRUST = 0x0080; /* 1 = Workstation trust account */
26 const int ACB_SVRTRUST = 0x0100; /* 1 = Server trust account */
27 const int ACB_PWNOEXP = 0x0200; /* 1 = User password does not expire */
28 const int ACB_AUTOLOCK = 0x0400; /* 1 = Account auto locked */
33 NTSTATUS samr_Connect (
34 /* notice the lack of [string] */
35 [in] uint16 *system_name,
36 [in] uint32 access_mask,
37 [out,ref] policy_handle *connect_handle
44 [in,out,ref] policy_handle *handle
51 [value(ndr_size_security_descriptor(r->sd))] uint32 sd_size;
52 [subcontext(4)] security_descriptor *sd;
55 NTSTATUS samr_SetSecurity (
56 [in,ref] policy_handle *handle,
58 [in,ref] samr_SdBuf *sdbuf
64 NTSTATUS samr_QuerySecurity (
65 [in,ref] policy_handle *handle,
67 [out] samr_SdBuf *sdbuf
74 shutdown the SAM - once you call this the SAM will be dead
76 NTSTATUS samr_Shutdown (
77 [in,ref] policy_handle *connect_handle
83 [value(2*strlen_m(r->name))] uint16 name_len;
84 [value(r->name_len)] uint16 name_size;
88 NTSTATUS samr_LookupDomain (
89 [in,ref] policy_handle *connect_handle,
90 [in,ref] samr_Name *domain,
105 [size_is(count)] samr_SamEntry *entries;
108 NTSTATUS samr_EnumDomains (
109 [in,ref] policy_handle *connect_handle,
110 [in,out,ref] uint32 *resume_handle,
111 [in] uint32 buf_size,
112 [out] samr_SamArray *sam,
113 [out] uint32 num_entries
117 /************************/
119 NTSTATUS samr_OpenDomain(
120 [in,ref] policy_handle *connect_handle,
121 [in] uint32 access_mask,
122 [in,ref] dom_sid2 *sid,
123 [out,ref] policy_handle *domain_handle
126 /************************/
132 ROLE_DOMAIN_MEMBER = 1,
138 uint16 min_password_len;
139 uint16 password_history;
140 uint32 password_properties;
141 /* yes, these are signed. They are in negative 100ns */
142 int64 max_password_age;
143 int64 min_password_age;
147 uint64 force_logoff_time;
149 samr_Name domain; /* domain name */
150 samr_Name primary; /* PDC name if this is a BDC */
151 HYPER_T sequence_num;
161 uint64 force_logoff_time;
165 /* I'm not entirely sure this is a comment. win2003
166 allows it to be set, and it seems harmless (like a
167 comment) but I haven't seen it show up anywhere */
184 HYPER_T sequence_num;
185 NTTIME last_xxx_time;
189 uint32 unknown; /* w2k3 returns 1 */
193 uint64 force_logoff_time;
197 HYPER_T sequence_num;
198 uint32 unknown2; /* w2k3 returns 1 */
200 uint32 unknown3; /* w2k3 returns 1 */
204 HYPER_T lockout_duration;
205 HYPER_T lockout_window;
206 uint16 lockout_threshold;
210 HYPER_T lockout_duration;
211 HYPER_T lockout_window;
212 uint16 lockout_threshold;
216 HYPER_T sequence_num;
217 NTTIME last_xxx_time;
223 [case(1)] samr_DomInfo1 info1;
224 [case(2)] samr_DomInfo2 info2;
225 [case(3)] samr_DomInfo3 info3;
226 [case(4)] samr_DomInfo4 info4;
227 [case(5)] samr_DomInfo5 info5;
228 [case(6)] samr_DomInfo6 info6;
229 [case(7)] samr_DomInfo7 info7;
230 [case(8)] samr_DomInfo8 info8;
231 [case(9)] samr_DomInfo9 info9;
232 [case(11)] samr_DomInfo11 info11;
233 [case(12)] samr_DomInfo12 info12;
234 [case(13)] samr_DomInfo13 info13;
237 NTSTATUS samr_QueryDomainInfo(
238 [in,ref] policy_handle *domain_handle,
240 [out,switch_is(level)] samr_DomainInfo *info
243 /************************/
246 only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
249 NTSTATUS samr_SetDomainInfo(
250 [in,ref] policy_handle *domain_handle,
252 [in,switch_is(level),ref] samr_DomainInfo *info
256 /************************/
258 NTSTATUS samr_CreateDomainGroup(
259 [in,ref] policy_handle *domain_handle,
260 [in,ref] samr_Name *name,
261 [in] uint32 access_mask,
262 [out,ref] policy_handle *group_handle,
263 [out,ref] uint32 *rid
267 /************************/
269 NTSTATUS samr_EnumDomainGroups(
270 [in,ref] policy_handle *domain_handle,
271 [in,out,ref] uint32 *resume_handle,
272 [in] uint32 max_size,
273 [out] samr_SamArray *sam,
274 [out] uint32 num_entries
277 /************************/
279 NTSTATUS samr_CreateUser(
280 [in,ref] policy_handle *domain_handle,
281 [in,ref] samr_Name *account_name,
282 [in] uint32 access_mask,
283 [out,ref] policy_handle *user_handle,
284 [out,ref] uint32 *rid
287 /************************/
291 /* w2k3 treats max_size as max_users*54 and sets the
292 resume_handle as the rid of the last user sent
294 const int SAMR_ENUM_USERS_MULTIPLIER = 54;
296 NTSTATUS samr_EnumDomainUsers(
297 [in,ref] policy_handle *domain_handle,
298 [in,out,ref] uint32 *resume_handle,
299 [in] uint32 acct_flags,
300 [in] uint32 max_size,
301 [out] samr_SamArray *sam,
302 [out] uint32 num_entries
305 /************************/
307 NTSTATUS samr_CreateDomAlias(
308 [in,ref] policy_handle *domain_handle,
309 [in,ref] samr_Name *aliasname,
310 [in] uint32 access_mask,
311 [out,ref] policy_handle *alias_handle,
312 [out,ref] uint32 *rid
315 /************************/
317 NTSTATUS samr_EnumDomainAliases(
318 [in,ref] policy_handle *domain_handle,
319 [in,out,ref] uint32 *resume_handle,
320 [in] uint32 account_flags,
321 [out] samr_SamArray *sam,
322 [out] uint32 num_entries
325 /************************/
329 SID_NAME_USE_NONE = 0,/* NOTUSED */
330 SID_NAME_USER = 1, /* user */
331 SID_NAME_DOM_GRP = 2, /* domain group */
332 SID_NAME_DOMAIN = 3, /* domain: don't know what this is */
333 SID_NAME_ALIAS = 4, /* local group */
334 SID_NAME_WKN_GRP = 5, /* well-known group */
335 SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating */
336 SID_NAME_INVALID = 7, /* invalid account */
337 SID_NAME_UNKNOWN = 8 /* oops. */
342 [size_is(count)] uint32 *ids;
345 NTSTATUS samr_GetAliasMembership(
346 [in,ref] policy_handle *alias_handle,
347 [in,ref] lsa_SidArray *sids,
351 /************************/
354 NTSTATUS samr_LookupNames(
355 [in,ref] policy_handle *domain_handle,
356 [in] uint32 num_names,
357 [in,ref,size_is(1000),length_is(num_names)] samr_Name *names,
363 /************************/
368 [size_is(count)] samr_Name *names;
371 NTSTATUS samr_LookupRids(
372 [in,ref] policy_handle *domain_handle,
373 [in] uint32 num_rids,
374 [in,ref,size_is(1000),length_is(num_rids)] uint32 *rids,
375 [out] samr_Names names,
379 /************************/
381 NTSTATUS samr_OpenGroup(
382 [in,ref] policy_handle *domain_handle,
383 [in] uint32 access_mask,
385 [out,ref] policy_handle *group_handle
389 /************************/
396 samr_Name description;
404 samr_Name description;
405 } samr_GroupInfoDesciption;
415 [case(GroupInfoAll)] samr_GroupInfoAll all;
416 [case(GroupInfoName)] samr_Name name;
417 [case(GroupInfoX)] samr_GroupInfoX unknown;
418 [case(GroupInfoDescription)] samr_Name description;
421 NTSTATUS samr_QueryGroupInfo(
422 [in,ref] policy_handle *group_handle,
424 [out,switch_is(level)] samr_GroupInfo *info
427 /************************/
429 NTSTATUS samr_SetGroupInfo(
430 [in,ref] policy_handle *group_handle,
432 [in,switch_is(level),ref] samr_GroupInfo *info
435 /************************/
437 NTSTATUS samr_AddGroupMember(
438 [in,ref] policy_handle *group_handle,
443 /************************/
445 NTSTATUS samr_DeleteDomainGroup(
446 [in,out,ref] policy_handle *group_handle
449 /************************/
451 NTSTATUS samr_DeleteGroupMember(
452 [in,ref] policy_handle *group_handle,
457 /************************/
460 this isn't really valid IDL, but it does work. I suspect
461 I need to do some more pidl work to get this really right
470 samr_intArray *unknown7;
473 NTSTATUS samr_QueryGroupMember(
474 [in,ref] policy_handle *group_handle,
476 [out] samr_ridArray rids
480 /************************/
484 win2003 seems to accept any data at all for the two integers
485 below, and doesn't seem to do anything with them that I can
486 see. Weird. I really expected the first integer to be a rid
487 and the second to be the attributes for that rid member.
489 NTSTATUS samr_SetMemberAttributesOfGroup(
490 [in,ref] policy_handle *group_handle,
491 [in] uint32 unknown1,
496 /************************/
498 NTSTATUS samr_OpenAlias (
499 [in,ref] policy_handle *domain_handle,
500 [in] uint32 access_mask,
502 [out,ref] policy_handle *alias_handle
506 /************************/
512 samr_Name description;
516 [case(1)] samr_AliasInfoAll all;
517 [case(2)] samr_Name name;
518 [case(3)] samr_Name description;
521 NTSTATUS samr_QueryAliasInfo(
522 [in,ref] policy_handle *alias_handle,
524 [out,switch_is(level)] samr_AliasInfo *info
527 /************************/
529 NTSTATUS samr_SetAliasInfo(
530 [in,ref] policy_handle *alias_handle,
532 [in,switch_is(level)] samr_AliasInfo info
535 /************************/
537 NTSTATUS samr_DeleteDomAlias(
538 [in,out,ref] policy_handle *alias_handle
541 /************************/
543 NTSTATUS samr_AddAliasMember(
544 [in,ref] policy_handle *alias_handle,
545 [in,ref] dom_sid2 *sid
548 /************************/
550 NTSTATUS samr_DeleteAliasMember(
551 [in,ref] policy_handle *alias_handle,
552 [in,ref] dom_sid2 *sid
555 /************************/
557 NTSTATUS samr_GetMembersInAlias(
558 [in,ref] policy_handle *alias_handle,
559 [out,ref] lsa_SidArray *sids
562 /************************/
564 NTSTATUS samr_OpenUser(
565 [in,ref] policy_handle *domain_handle,
566 [in] uint32 access_mask,
568 [out,ref] policy_handle *user_handle
571 /************************/
573 NTSTATUS samr_DeleteUser(
574 [in,out,ref] policy_handle *user_handle
577 /************************/
580 samr_Name account_name;
583 samr_Name description;
589 samr_Name unknown; /* settable, but doesn't stick. probably obsolete */
595 samr_Name account_name;
599 samr_Name home_directory;
600 samr_Name home_drive;
601 samr_Name logon_script;
602 samr_Name profile_path;
603 samr_Name workstations;
606 NTTIME last_password_change;
607 NTTIME allow_password_change;
608 NTTIME force_password_change;
609 samr_LogonHours logon_hours;
610 uint16 bad_password_count;
616 samr_LogonHours logon_hours;
620 samr_Name account_name;
624 samr_Name home_directory;
625 samr_Name home_drive;
626 samr_Name logon_script;
627 samr_Name profile_path;
628 samr_Name description;
629 samr_Name workstations;
632 samr_LogonHours logon_hours;
633 uint16 bad_password_count;
635 NTTIME last_password_change;
641 samr_Name account_name;
646 samr_Name account_name;
658 samr_Name home_directory;
659 samr_Name home_drive;
663 samr_Name logon_script;
667 samr_Name profile_path;
671 samr_Name description;
675 samr_Name workstations;
690 /* this defines the bits used for fields_present in info21 */
691 const int SAMR_FIELD_NAME = 0x00000002;
692 const int SAMR_FIELD_DESCRIPTION = 0x00000010;
693 const int SAMR_FIELD_COMMENT = 0x00000020;
694 const int SAMR_FIELD_LOGON_SCRIPT = 0x00000100;
695 const int SAMR_FIELD_PROFILE_PATH = 0x00000200;
696 const int SAMR_FIELD_WORKSTATION = 0x00000400;
697 const int SAMR_FIELD_LOGON_HOURS = 0x00002000;
698 const int SAMR_FIELD_CALLBACK = 0x00200000;
699 const int SAMR_FIELD_COUNTRY_CODE = 0x00400000;
700 const int SAMR_FIELD_CODE_PAGE = 0x00800000;
701 const int SAMR_FIELD_PASSWORD = 0x03000000; /* 2 bits!? */
706 NTTIME last_password_change;
708 NTTIME allow_password_change;
709 NTTIME force_password_change;
710 samr_Name account_name;
712 samr_Name home_directory;
713 samr_Name home_drive;
714 samr_Name logon_script;
715 samr_Name profile_path;
716 samr_Name description;
717 samr_Name workstations;
724 [size_is(buf_count)] uint8 *buffer;
728 uint32 fields_present;
729 samr_LogonHours logon_hours;
730 uint16 bad_password_count;
734 uint8 nt_password_set;
735 uint8 lm_password_set;
740 typedef [flag(NDR_PAHEX)] struct {
742 } samr_CryptPassword;
745 samr_UserInfo21 info;
746 samr_CryptPassword password;
750 samr_CryptPassword password;
754 typedef [flag(NDR_PAHEX)] struct {
756 } samr_CryptPasswordEx;
759 samr_UserInfo21 info;
760 samr_CryptPasswordEx password;
764 samr_CryptPasswordEx password;
769 [case(1)] samr_UserInfo1 info1;
770 [case(2)] samr_UserInfo2 info2;
771 [case(3)] samr_UserInfo3 info3;
772 [case(4)] samr_UserInfo4 info4;
773 [case(5)] samr_UserInfo5 info5;
774 [case(6)] samr_UserInfo6 info6;
775 [case(7)] samr_UserInfo7 info7;
776 [case(8)] samr_UserInfo8 info8;
777 [case(9)] samr_UserInfo9 info9;
778 [case(10)] samr_UserInfo10 info10;
779 [case(11)] samr_UserInfo11 info11;
780 [case(12)] samr_UserInfo12 info12;
781 [case(13)] samr_UserInfo13 info13;
782 [case(14)] samr_UserInfo14 info14;
783 [case(16)] samr_UserInfo16 info16;
784 [case(17)] samr_UserInfo17 info17;
785 [case(20)] samr_UserInfo20 info20;
786 [case(21)] samr_UserInfo21 info21;
787 [case(23)] samr_UserInfo23 info23;
788 [case(24)] samr_UserInfo24 info24;
789 [case(25)] samr_UserInfo25 info25;
790 [case(26)] samr_UserInfo26 info26;
793 NTSTATUS samr_QueryUserInfo(
794 [in,ref] policy_handle *user_handle,
796 [out,switch_is(level)] samr_UserInfo *info
800 /************************/
802 NTSTATUS samr_SetUserInfo(
803 [in,ref] policy_handle *user_handle,
805 [in,ref,switch_is(level)] samr_UserInfo *info
808 /************************/
812 this is a password change interface that doesn't give
813 the server the plaintext password. Depricated.
815 NTSTATUS samr_ChangePasswordUser(
816 [in,ref] policy_handle *user_handle,
817 [in] bool8 lm_present,
818 [in] samr_Password *old_lm_crypted,
819 [in] samr_Password *new_lm_crypted,
820 [in] bool8 nt_present,
821 [in] samr_Password *old_nt_crypted,
822 [in] samr_Password *new_nt_crypted,
823 [in] bool8 cross1_present,
824 [in] samr_Password *nt_cross,
825 [in] bool8 cross2_present,
826 [in] samr_Password *lm_cross
829 /************************/
839 [size_is(count)] samr_RidType *rid;
842 NTSTATUS samr_GetGroupsForUser(
843 [in,ref] policy_handle *user_handle,
844 [out] samr_RidArray *rids
847 /************************/
854 samr_Name account_name;
856 samr_Name description;
857 } samr_DispEntryGeneral;
861 [size_is(count)] samr_DispEntryGeneral *entries;
862 } samr_DispInfoGeneral;
868 samr_Name account_name;
869 samr_Name description;
870 } samr_DispEntryFull;
874 [size_is(count)] samr_DispEntryFull *entries;
878 [value(strlen_m(r->name))] uint16 name_len;
879 [value(strlen_m(r->name))] uint16 name_size;
885 samr_AsciiName account_name;
886 } samr_DispEntryAscii;
890 [size_is(count)] samr_DispEntryAscii *entries;
891 } samr_DispInfoAscii;
894 [case(1)] samr_DispInfoGeneral info1;/* users */
895 [case(2)] samr_DispInfoFull info2; /* trust accounts? */
896 [case(3)] samr_DispInfoFull info3; /* groups */
897 [case(4)] samr_DispInfoAscii info4; /* users */
898 [case(5)] samr_DispInfoAscii info5; /* groups */
901 NTSTATUS samr_QueryDisplayInfo(
902 [in,ref] policy_handle *domain_handle,
904 [in] uint32 start_idx,
905 [in] uint32 max_entries,
906 [in] uint32 buf_size,
907 [out] uint32 total_size,
908 [out] uint32 returned_size,
909 [out,switch_is(level)] samr_DispInfo info
913 /************************/
917 this seems to be an alphabetic search function. The returned index
918 is the index for samr_QueryDisplayInfo needed to get names occurring
919 after the specified name. The supplied name does not need to exist
920 in the database (for example you can supply just a first letter for
921 searching starting at that letter)
923 The level corresponds to the samr_QueryDisplayInfo level
925 NTSTATUS samr_GetDisplayEnumerationIndex(
926 [in,ref] policy_handle *domain_handle,
934 /************************/
938 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
940 NTSTATUS samr_TestPrivateFunctionsDomain(
941 [in,ref] policy_handle *domain_handle
945 /************************/
949 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
951 NTSTATUS samr_TestPrivateFunctionsUser(
952 [in,ref] policy_handle *user_handle
956 /************************/
959 /* password properties flags */
960 const uint32 DOMAIN_PASSWORD_COMPLEX = 0x00000001;
961 const uint32 DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002;
962 const uint32 DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004;
963 const uint32 DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010;
964 const uint32 DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020;
967 uint16 min_password_len;
968 uint32 password_properties;
971 NTSTATUS samr_GetUserPwInfo(
972 [in,ref] policy_handle *user_handle,
973 [out] samr_PwInfo info
976 /************************/
978 NTSTATUS samr_RemoveMemberFromForeignDomain(
979 [in,ref] policy_handle *domain_handle,
980 [in,ref] dom_sid2 *sid
983 /************************/
987 how is this different from QueryDomainInfo ??
989 NTSTATUS samr_QueryDomainInfo2(
990 [in,ref] policy_handle *domain_handle,
992 [out,switch_is(level)] samr_DomainInfo *info
995 /************************/
999 how is this different from QueryUserInfo ??
1001 NTSTATUS samr_QueryUserInfo2(
1002 [in,ref] policy_handle *user_handle,
1004 [out,switch_is(level)] samr_UserInfo *info
1007 /************************/
1011 how is this different from QueryDisplayInfo??
1013 NTSTATUS samr_QueryDisplayInfo2(
1014 [in,ref] policy_handle *domain_handle,
1016 [in] uint32 start_idx,
1017 [in] uint32 max_entries,
1018 [in] uint32 buf_size,
1019 [out] uint32 total_size,
1020 [out] uint32 returned_size,
1021 [out,switch_is(level)] samr_DispInfo info
1024 /************************/
1028 how is this different from GetDisplayEnumerationIndex ??
1030 NTSTATUS samr_GetDisplayEnumerationIndex2(
1031 [in,ref] policy_handle *domain_handle,
1033 [in] samr_Name name,
1038 /************************/
1040 NTSTATUS samr_CreateUser2(
1041 [in,ref] policy_handle *domain_handle,
1042 [in,ref] samr_Name *account_name,
1043 [in] uint32 acct_flags,
1044 [in] uint32 access_mask,
1045 [out,ref] policy_handle *user_handle,
1046 [out,ref] uint32 *access_granted,
1047 [out,ref] uint32 *rid
1051 /************************/
1055 another duplicate. There must be a reason ....
1057 NTSTATUS samr_QueryDisplayInfo3(
1058 [in,ref] policy_handle *domain_handle,
1060 [in] uint32 start_idx,
1061 [in] uint32 max_entries,
1062 [in] uint32 buf_size,
1063 [out] uint32 total_size,
1064 [out] uint32 returned_size,
1065 [out,switch_is(level)] samr_DispInfo info
1068 /************************/
1070 NTSTATUS samr_AddMultipleMembersToAlias(
1071 [in,ref] policy_handle *alias_handle,
1072 [in,ref] lsa_SidArray *sids
1075 /************************/
1077 NTSTATUS samr_RemoveMultipleMembersFromAlias(
1078 [in,ref] policy_handle *alias_handle,
1079 [in,ref] lsa_SidArray *sids
1082 /************************/
1085 NTSTATUS samr_OemChangePasswordUser2(
1086 [in] samr_AsciiName *server,
1087 [in,ref] samr_AsciiName *account,
1088 [in] samr_CryptPassword *password,
1089 [in] samr_Password *hash
1092 /************************/
1094 NTSTATUS samr_ChangePasswordUser2(
1095 [in] samr_Name *server,
1096 [in,ref] samr_Name *account,
1097 [in] samr_CryptPassword *nt_password,
1098 [in] samr_Password *nt_verifier,
1099 [in] bool8 lm_change,
1100 [in] samr_CryptPassword *lm_password,
1101 [in] samr_Password *lm_verifier
1104 /************************/
1106 NTSTATUS samr_GetDomPwInfo(
1107 [in] samr_Name *name,
1108 [out] samr_PwInfo info
1111 /************************/
1113 NTSTATUS samr_Connect2(
1114 [in] unistr *system_name,
1115 [in] uint32 access_mask,
1116 [out,ref] policy_handle *connect_handle
1119 /************************/
1122 seems to be an exact alias for samr_SetUserInfo()
1124 NTSTATUS samr_SetUserInfo2(
1125 [in,ref] policy_handle *user_handle,
1127 [in,ref,switch_is(level)] samr_UserInfo *info
1130 /************************/
1133 this one is mysterious. I have a few guesses, but nothing working yet
1135 NTSTATUS samr_SetBootKeyInformation(
1136 [in,ref] policy_handle *connect_handle,
1137 [in] uint32 unknown1,
1138 [in] uint32 unknown2,
1139 [in] uint32 unknown3
1142 /************************/
1144 NTSTATUS samr_GetBootKeyInformation(
1145 [in,ref] policy_handle *domain_handle,
1146 [out] uint32 unknown
1149 /************************/
1151 NTSTATUS samr_Connect3(
1152 [in] unistr *system_name,
1153 /* this unknown value seems to be completely ignored by w2k3 */
1154 [in] uint32 unknown,
1155 [in] uint32 access_mask,
1156 [out,ref] policy_handle *connect_handle
1159 /************************/
1161 NTSTATUS samr_Connect4(
1162 [in] unistr *system_name,
1163 [in] uint32 unknown,
1164 [in] uint32 access_mask,
1165 [out,ref] policy_handle *connect_handle
1168 /************************/
1171 const int SAMR_REJECT_OTHER = 0;
1172 const int SAMR_REJECT_TOO_SHORT = 1;
1173 const int SAMR_REJECT_COMPLEXITY = 2;
1179 } samr_ChangeReject;
1181 NTSTATUS samr_ChangePasswordUser3(
1182 [in] samr_Name *server,
1183 [in,ref] samr_Name *account,
1184 [in] samr_CryptPassword *nt_password,
1185 [in] samr_Password *nt_verifier,
1186 [in] bool8 lm_change,
1187 [in] samr_CryptPassword *lm_password,
1188 [in] samr_Password *lm_verifier,
1189 [in] samr_CryptPassword *password3,
1190 [out] samr_DomInfo1 *dominfo,
1191 [out] samr_ChangeReject *reject
1194 /************************/
1198 uint32 unknown1; /* w2k3 gives 3 */
1199 uint32 unknown2; /* w2k3 gives 0 */
1200 } samr_ConnectInfo1;
1203 [case(1)] samr_ConnectInfo1 info1;
1206 NTSTATUS samr_Connect5(
1207 [in] unistr *system_name,
1208 [in] uint32 access_mask,
1209 [in,out] uint32 level,
1210 [in,out,switch_is(level),ref] samr_ConnectInfo *info,
1211 [out,ref] policy_handle *connect_handle
1214 /************************/
1216 NTSTATUS samr_RidToSid(
1217 [in,ref] policy_handle *domain_handle,
1223 /************************/
1227 this should set the DSRM password for the server, which is used
1228 when booting into Directory Services Recovery Mode on a DC. Win2003
1229 gives me NT_STATUS_NOT_SUPPORTED
1232 NTSTATUS samr_SetDsrmPassword(
1233 [in] samr_Name *name,
1234 [in] uint32 unknown,
1235 [in] samr_Password *hash
1239 /************************/
1242 I haven't been able to work out the format of this one yet.
1243 Seems to start with a switch level for a union?
1245 NTSTATUS samr_ValidatePassword();