4 samr interface definition
8 Thanks to Todd Sabin for some information from his samr.idl in acltools
11 [ uuid("12345778-1234-abcd-ef00-0123456789ac"),
13 endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
14 pointer_default(unique),
18 /* account control (acct_flags) bits */
19 const int ACB_DISABLED = 0x0001; /* 1 = User account disabled */
20 const int ACB_HOMDIRREQ = 0x0002; /* 1 = Home directory required */
21 const int ACB_PWNOTREQ = 0x0004; /* 1 = User password not required */
22 const int ACB_TEMPDUP = 0x0008; /* 1 = Temporary duplicate account */
23 const int ACB_NORMAL = 0x0010; /* 1 = Normal user account */
24 const int ACB_MNS = 0x0020; /* 1 = MNS logon user account */
25 const int ACB_DOMTRUST = 0x0040; /* 1 = Interdomain trust account */
26 const int ACB_WSTRUST = 0x0080; /* 1 = Workstation trust account */
27 const int ACB_SVRTRUST = 0x0100; /* 1 = Server trust account */
28 const int ACB_PWNOEXP = 0x0200; /* 1 = User password does not expire */
29 const int ACB_AUTOLOCK = 0x0400; /* 1 = Account auto locked */
34 NTSTATUS samr_Connect (
35 /* notice the lack of [string] */
36 [in] uint16 *system_name,
37 [in] uint32 access_mask,
38 [out,ref] policy_handle *connect_handle
45 [in,out,ref] policy_handle *handle
51 NTSTATUS samr_SetSecurity (
52 [in,ref] policy_handle *handle,
54 [in,ref] sec_desc_buf *sdbuf
60 NTSTATUS samr_QuerySecurity (
61 [in,ref] policy_handle *handle,
63 [out] sec_desc_buf *sdbuf
70 shutdown the SAM - once you call this the SAM will be dead
72 NTSTATUS samr_Shutdown (
73 [in,ref] policy_handle *connect_handle
79 [value(2*strlen_m(r->string))] uint16 length;
80 [value(r->length)] uint16 size;
81 unistr_noterm *string;
84 NTSTATUS samr_LookupDomain (
85 [in,ref] policy_handle *connect_handle,
86 [in,ref] samr_String *domain,
101 [size_is(count)] samr_SamEntry *entries;
104 NTSTATUS samr_EnumDomains (
105 [in,ref] policy_handle *connect_handle,
106 [in,out,ref] uint32 *resume_handle,
107 [in] uint32 buf_size,
108 [out] samr_SamArray *sam,
109 [out] uint32 num_entries
113 /************************/
115 NTSTATUS samr_OpenDomain(
116 [in,ref] policy_handle *connect_handle,
117 [in] uint32 access_mask,
118 [in,ref] dom_sid2 *sid,
119 [out,ref] policy_handle *domain_handle
122 /************************/
126 uint16 min_password_length;
127 uint16 password_history_length;
128 uint32 password_properties;
129 /* yes, these are signed. They are in negative 100ns */
130 int64 max_password_age;
131 int64 min_password_age;
135 NTTIME force_logoff_time;
137 samr_String domain; /* domain name */
138 samr_String primary; /* PDC name if this is a BDC */
149 NTTIME force_logoff_time;
157 samr_String domain_name;
169 HYPER_T sequence_num;
170 NTTIME domain_create_time;
174 uint32 unknown; /* w2k3 returns 1 */
179 HYPER_T lockout_duration;
180 HYPER_T lockout_window;
181 uint16 lockout_threshold;
185 HYPER_T lockout_duration;
186 HYPER_T lockout_window;
187 uint16 lockout_threshold;
191 HYPER_T sequence_num;
192 NTTIME domain_create_time;
198 [case(1)] samr_DomInfo1 info1;
199 [case(2)] samr_DomInfo2 info2;
200 [case(3)] samr_DomInfo3 info3;
201 [case(4)] samr_DomInfo4 info4;
202 [case(5)] samr_DomInfo5 info5;
203 [case(6)] samr_DomInfo6 info6;
204 [case(7)] samr_DomInfo7 info7;
205 [case(8)] samr_DomInfo8 info8;
206 [case(9)] samr_DomInfo9 info9;
207 [case(11)] samr_DomInfo11 info11;
208 [case(12)] samr_DomInfo12 info12;
209 [case(13)] samr_DomInfo13 info13;
212 NTSTATUS samr_QueryDomainInfo(
213 [in,ref] policy_handle *domain_handle,
215 [out,switch_is(level)] samr_DomainInfo *info
218 /************************/
221 only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
224 NTSTATUS samr_SetDomainInfo(
225 [in,ref] policy_handle *domain_handle,
227 [in,switch_is(level),ref] samr_DomainInfo *info
231 /************************/
233 NTSTATUS samr_CreateDomainGroup(
234 [in,ref] policy_handle *domain_handle,
235 [in,ref] samr_String *name,
236 [in] uint32 access_mask,
237 [out,ref] policy_handle *group_handle,
238 [out,ref] uint32 *rid
242 /************************/
244 NTSTATUS samr_EnumDomainGroups(
245 [in,ref] policy_handle *domain_handle,
246 [in,out,ref] uint32 *resume_handle,
247 [in] uint32 max_size,
248 [out] samr_SamArray *sam,
249 [out] uint32 num_entries
252 /************************/
254 NTSTATUS samr_CreateUser(
255 [in,ref] policy_handle *domain_handle,
256 [in,ref] samr_String *account_name,
257 [in] uint32 access_mask,
258 [out,ref] policy_handle *user_handle,
259 [out,ref] uint32 *rid
262 /************************/
266 /* w2k3 treats max_size as max_users*54 and sets the
267 resume_handle as the rid of the last user sent
269 const int SAMR_ENUM_USERS_MULTIPLIER = 54;
271 NTSTATUS samr_EnumDomainUsers(
272 [in,ref] policy_handle *domain_handle,
273 [in,out,ref] uint32 *resume_handle,
274 [in] uint32 acct_flags,
275 [in] uint32 max_size,
276 [out] samr_SamArray *sam,
277 [out] uint32 num_entries
280 /************************/
282 NTSTATUS samr_CreateDomAlias(
283 [in,ref] policy_handle *domain_handle,
284 [in,ref] samr_String *aliasname,
285 [in] uint32 access_mask,
286 [out,ref] policy_handle *alias_handle,
287 [out,ref] uint32 *rid
290 /************************/
292 NTSTATUS samr_EnumDomainAliases(
293 [in,ref] policy_handle *domain_handle,
294 [in,out,ref] uint32 *resume_handle,
295 [in] uint32 acct_flags,
296 [out] samr_SamArray *sam,
297 [out] uint32 num_entries
300 /************************/
304 SID_NAME_USE_NONE = 0,/* NOTUSED */
305 SID_NAME_USER = 1, /* user */
306 SID_NAME_DOM_GRP = 2, /* domain group */
307 SID_NAME_DOMAIN = 3, /* domain: don't know what this is */
308 SID_NAME_ALIAS = 4, /* local group */
309 SID_NAME_WKN_GRP = 5, /* well-known group */
310 SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating */
311 SID_NAME_INVALID = 7, /* invalid account */
312 SID_NAME_UNKNOWN = 8 /* oops. */
316 [range(0,1024)] uint32 count;
317 [size_is(count)] uint32 *ids;
320 NTSTATUS samr_GetAliasMembership(
321 [in,ref] policy_handle *alias_handle,
322 [in,ref] lsa_SidArray *sids,
326 /************************/
329 NTSTATUS samr_LookupNames(
330 [in,ref] policy_handle *domain_handle,
331 [in,range(0,1000)] uint32 num_names,
332 [in,ref,size_is(1000),length_is(num_names)] samr_String *names,
338 /************************/
343 [size_is(count)] samr_String *names;
346 NTSTATUS samr_LookupRids(
347 [in,ref] policy_handle *domain_handle,
348 [in,range(0,1000)] uint32 num_rids,
349 [in,ref,size_is(1000),length_is(num_rids)] uint32 *rids,
350 [out] samr_Strings names,
354 /************************/
356 NTSTATUS samr_OpenGroup(
357 [in,ref] policy_handle *domain_handle,
358 [in] uint32 access_mask,
360 [out,ref] policy_handle *group_handle
364 /************************/
371 samr_String description;
379 samr_String description;
380 } samr_GroupInfoDesciption;
386 GroupInfoDescription = 4,
391 [case(GroupInfoAll)] samr_GroupInfoAll all;
392 [case(GroupInfoName)] samr_String name;
393 [case(GroupInfoX)] samr_GroupInfoX unknown;
394 [case(GroupInfoDescription)] samr_String description;
395 [case(GroupInfoAll2)] samr_GroupInfoAll all2;
398 NTSTATUS samr_QueryGroupInfo(
399 [in,ref] policy_handle *group_handle,
401 [out,switch_is(level)] samr_GroupInfo *info
404 /************************/
406 NTSTATUS samr_SetGroupInfo(
407 [in,ref] policy_handle *group_handle,
409 [in,switch_is(level),ref] samr_GroupInfo *info
412 /************************/
414 NTSTATUS samr_AddGroupMember(
415 [in,ref] policy_handle *group_handle,
420 /************************/
422 NTSTATUS samr_DeleteDomainGroup(
423 [in,out,ref] policy_handle *group_handle
426 /************************/
428 NTSTATUS samr_DeleteGroupMember(
429 [in,ref] policy_handle *group_handle,
434 /************************/
438 [size_is(count)] uint32 *rids;
439 [size_is(count)] uint32 *unknown;
442 NTSTATUS samr_QueryGroupMember(
443 [in,ref] policy_handle *group_handle,
444 [out] samr_ridArray *rids
448 /************************/
452 win2003 seems to accept any data at all for the two integers
453 below, and doesn't seem to do anything with them that I can
454 see. Weird. I really expected the first integer to be a rid
455 and the second to be the attributes for that rid member.
457 NTSTATUS samr_SetMemberAttributesOfGroup(
458 [in,ref] policy_handle *group_handle,
459 [in] uint32 unknown1,
464 /************************/
466 NTSTATUS samr_OpenAlias (
467 [in,ref] policy_handle *domain_handle,
468 [in] uint32 access_mask,
470 [out,ref] policy_handle *alias_handle
474 /************************/
480 samr_String description;
484 [case(1)] samr_AliasInfoAll all;
485 [case(2)] samr_String name;
486 [case(3)] samr_String description;
489 NTSTATUS samr_QueryAliasInfo(
490 [in,ref] policy_handle *alias_handle,
492 [out,switch_is(level)] samr_AliasInfo *info
495 /************************/
497 NTSTATUS samr_SetAliasInfo(
498 [in,ref] policy_handle *alias_handle,
500 [in,switch_is(level)] samr_AliasInfo info
503 /************************/
505 NTSTATUS samr_DeleteDomAlias(
506 [in,out,ref] policy_handle *alias_handle
509 /************************/
511 NTSTATUS samr_AddAliasMember(
512 [in,ref] policy_handle *alias_handle,
513 [in,ref] dom_sid2 *sid
516 /************************/
518 NTSTATUS samr_DeleteAliasMember(
519 [in,ref] policy_handle *alias_handle,
520 [in,ref] dom_sid2 *sid
523 /************************/
525 NTSTATUS samr_GetMembersInAlias(
526 [in,ref] policy_handle *alias_handle,
527 [out,ref] lsa_SidArray *sids
530 /************************/
532 NTSTATUS samr_OpenUser(
533 [in,ref] policy_handle *domain_handle,
534 [in] uint32 access_mask,
536 [out,ref] policy_handle *user_handle
539 /************************/
541 NTSTATUS samr_DeleteUser(
542 [in,out,ref] policy_handle *user_handle
545 /************************/
548 samr_String account_name;
549 samr_String full_name;
551 samr_String description;
557 samr_String unknown; /* settable, but doesn't stick. probably obsolete */
562 /* this is also used in samr and netlogon */
563 typedef [public, flag(NDR_PAHEX)] struct {
564 uint16 units_per_week;
565 [size_is(1260), length_is(units_per_week/8)] uint8 *bitmap;
569 samr_String account_name;
570 samr_String full_name;
573 samr_String home_directory;
574 samr_String home_drive;
575 samr_String logon_script;
576 samr_String profile_path;
577 samr_String workstations;
580 NTTIME last_password_change;
581 NTTIME allow_password_change;
582 NTTIME force_password_change;
583 samr_LogonHours logon_hours;
584 uint16 bad_password_count;
590 samr_LogonHours logon_hours;
594 samr_String account_name;
595 samr_String full_name;
598 samr_String home_directory;
599 samr_String home_drive;
600 samr_String logon_script;
601 samr_String profile_path;
602 samr_String description;
603 samr_String workstations;
606 samr_LogonHours logon_hours;
607 uint16 bad_password_count;
609 NTTIME last_password_change;
615 samr_String account_name;
616 samr_String full_name;
620 samr_String account_name;
624 samr_String full_name;
632 samr_String home_directory;
633 samr_String home_drive;
637 samr_String logon_script;
641 samr_String profile_path;
645 samr_String description;
649 samr_String workstations;
661 samr_String parameters;
664 /* this defines the bits used for fields_present in info21 */
665 const int SAMR_FIELD_NAME = 0x00000002;
666 const int SAMR_FIELD_DESCRIPTION = 0x00000010;
667 const int SAMR_FIELD_COMMENT = 0x00000020;
668 const int SAMR_FIELD_LOGON_SCRIPT = 0x00000100;
669 const int SAMR_FIELD_PROFILE_PATH = 0x00000200;
670 const int SAMR_FIELD_WORKSTATION = 0x00000400;
671 const int SAMR_FIELD_LOGON_HOURS = 0x00002000;
672 const int SAMR_FIELD_ACCT_FLAGS = 0x00100000;
673 const int SAMR_FIELD_PARAMETERS = 0x00200000;
674 const int SAMR_FIELD_COUNTRY_CODE = 0x00400000;
675 const int SAMR_FIELD_CODE_PAGE = 0x00800000;
676 const int SAMR_FIELD_PASSWORD = 0x01000000; /* either of these */
677 const int SAMR_FIELD_PASSWORD2 = 0x02000000; /* two bits seems to work */
682 NTTIME last_password_change;
684 NTTIME allow_password_change;
685 NTTIME force_password_change;
686 samr_String account_name;
687 samr_String full_name;
688 samr_String home_directory;
689 samr_String home_drive;
690 samr_String logon_script;
691 samr_String profile_path;
692 samr_String description;
693 samr_String workstations;
695 samr_String parameters;
696 samr_String unknown1;
697 samr_String unknown2;
698 samr_String unknown3;
700 [size_is(buf_count)] uint8 *buffer;
704 uint32 fields_present;
705 samr_LogonHours logon_hours;
706 uint16 bad_password_count;
710 uint8 nt_password_set;
711 uint8 lm_password_set;
712 uint8 password_expired;
716 typedef [flag(NDR_PAHEX)] struct {
718 } samr_CryptPassword;
721 samr_UserInfo21 info;
722 samr_CryptPassword password;
726 samr_CryptPassword password;
730 typedef [flag(NDR_PAHEX)] struct {
732 } samr_CryptPasswordEx;
735 samr_UserInfo21 info;
736 samr_CryptPasswordEx password;
740 samr_CryptPasswordEx password;
745 [case(1)] samr_UserInfo1 info1;
746 [case(2)] samr_UserInfo2 info2;
747 [case(3)] samr_UserInfo3 info3;
748 [case(4)] samr_UserInfo4 info4;
749 [case(5)] samr_UserInfo5 info5;
750 [case(6)] samr_UserInfo6 info6;
751 [case(7)] samr_UserInfo7 info7;
752 [case(8)] samr_UserInfo8 info8;
753 [case(9)] samr_UserInfo9 info9;
754 [case(10)] samr_UserInfo10 info10;
755 [case(11)] samr_UserInfo11 info11;
756 [case(12)] samr_UserInfo12 info12;
757 [case(13)] samr_UserInfo13 info13;
758 [case(14)] samr_UserInfo14 info14;
759 [case(16)] samr_UserInfo16 info16;
760 [case(17)] samr_UserInfo17 info17;
761 [case(20)] samr_UserInfo20 info20;
762 [case(21)] samr_UserInfo21 info21;
763 [case(23)] samr_UserInfo23 info23;
764 [case(24)] samr_UserInfo24 info24;
765 [case(25)] samr_UserInfo25 info25;
766 [case(26)] samr_UserInfo26 info26;
769 NTSTATUS samr_QueryUserInfo(
770 [in,ref] policy_handle *user_handle,
772 [out,switch_is(level)] samr_UserInfo *info
776 /************************/
778 NTSTATUS samr_SetUserInfo(
779 [in,ref] policy_handle *user_handle,
781 [in,ref,switch_is(level)] samr_UserInfo *info
784 /************************/
788 this is a password change interface that doesn't give
789 the server the plaintext password. Depricated.
791 NTSTATUS samr_ChangePasswordUser(
792 [in,ref] policy_handle *user_handle,
793 [in] bool8 lm_present,
794 [in] samr_Password *old_lm_crypted,
795 [in] samr_Password *new_lm_crypted,
796 [in] bool8 nt_present,
797 [in] samr_Password *old_nt_crypted,
798 [in] samr_Password *new_nt_crypted,
799 [in] bool8 cross1_present,
800 [in] samr_Password *nt_cross,
801 [in] bool8 cross2_present,
802 [in] samr_Password *lm_cross
805 /************************/
815 [size_is(count)] samr_RidType *rid;
818 NTSTATUS samr_GetGroupsForUser(
819 [in,ref] policy_handle *user_handle,
820 [out] samr_RidArray *rids
823 /************************/
830 samr_String account_name;
831 samr_String full_name;
832 samr_String description;
833 } samr_DispEntryGeneral;
837 [size_is(count)] samr_DispEntryGeneral *entries;
838 } samr_DispInfoGeneral;
844 samr_String account_name;
845 samr_String description;
846 } samr_DispEntryFull;
850 [size_is(count)] samr_DispEntryFull *entries;
854 [value(strlen_m(r->string))] uint16 length;
855 [value(strlen_m(r->string))] uint16 size;
856 ascstr_noterm *string;
861 samr_AsciiName account_name;
862 } samr_DispEntryAscii;
866 [size_is(count)] samr_DispEntryAscii *entries;
867 } samr_DispInfoAscii;
870 [case(1)] samr_DispInfoGeneral info1;/* users */
871 [case(2)] samr_DispInfoFull info2; /* trust accounts? */
872 [case(3)] samr_DispInfoFull info3; /* groups */
873 [case(4)] samr_DispInfoAscii info4; /* users */
874 [case(5)] samr_DispInfoAscii info5; /* groups */
877 NTSTATUS samr_QueryDisplayInfo(
878 [in,ref] policy_handle *domain_handle,
880 [in] uint32 start_idx,
881 [in] uint32 max_entries,
882 [in] uint32 buf_size,
883 [out] uint32 total_size,
884 [out] uint32 returned_size,
885 [out,switch_is(level)] samr_DispInfo info
889 /************************/
893 this seems to be an alphabetic search function. The returned index
894 is the index for samr_QueryDisplayInfo needed to get names occurring
895 after the specified name. The supplied name does not need to exist
896 in the database (for example you can supply just a first letter for
897 searching starting at that letter)
899 The level corresponds to the samr_QueryDisplayInfo level
901 NTSTATUS samr_GetDisplayEnumerationIndex(
902 [in,ref] policy_handle *domain_handle,
904 [in] samr_String name,
910 /************************/
914 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
916 NTSTATUS samr_TestPrivateFunctionsDomain(
917 [in,ref] policy_handle *domain_handle
921 /************************/
925 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
927 NTSTATUS samr_TestPrivateFunctionsUser(
928 [in,ref] policy_handle *user_handle
932 /************************/
935 /* password properties flags */
936 const uint32 DOMAIN_PASSWORD_COMPLEX = 0x00000001;
937 const uint32 DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002;
938 const uint32 DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004;
939 const uint32 DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010;
940 const uint32 DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020;
943 uint16 min_password_length;
944 uint32 password_properties;
947 NTSTATUS samr_GetUserPwInfo(
948 [in,ref] policy_handle *user_handle,
949 [out] samr_PwInfo info
952 /************************/
954 NTSTATUS samr_RemoveMemberFromForeignDomain(
955 [in,ref] policy_handle *domain_handle,
956 [in,ref] dom_sid2 *sid
959 /************************/
963 how is this different from QueryDomainInfo ??
965 NTSTATUS samr_QueryDomainInfo2(
966 [in,ref] policy_handle *domain_handle,
968 [out,switch_is(level)] samr_DomainInfo *info
971 /************************/
975 how is this different from QueryUserInfo ??
977 NTSTATUS samr_QueryUserInfo2(
978 [in,ref] policy_handle *user_handle,
980 [out,switch_is(level)] samr_UserInfo *info
983 /************************/
987 how is this different from QueryDisplayInfo??
989 NTSTATUS samr_QueryDisplayInfo2(
990 [in,ref] policy_handle *domain_handle,
992 [in] uint32 start_idx,
993 [in] uint32 max_entries,
994 [in] uint32 buf_size,
995 [out] uint32 total_size,
996 [out] uint32 returned_size,
997 [out,switch_is(level)] samr_DispInfo info
1000 /************************/
1004 how is this different from GetDisplayEnumerationIndex ??
1006 NTSTATUS samr_GetDisplayEnumerationIndex2(
1007 [in,ref] policy_handle *domain_handle,
1009 [in] samr_String name,
1014 /************************/
1016 NTSTATUS samr_CreateUser2(
1017 [in,ref] policy_handle *domain_handle,
1018 [in,ref] samr_String *account_name,
1019 [in] uint32 acct_flags,
1020 [in] uint32 access_mask,
1021 [out,ref] policy_handle *user_handle,
1022 [out,ref] uint32 *access_granted,
1023 [out,ref] uint32 *rid
1027 /************************/
1031 another duplicate. There must be a reason ....
1033 NTSTATUS samr_QueryDisplayInfo3(
1034 [in,ref] policy_handle *domain_handle,
1036 [in] uint32 start_idx,
1037 [in] uint32 max_entries,
1038 [in] uint32 buf_size,
1039 [out] uint32 total_size,
1040 [out] uint32 returned_size,
1041 [out,switch_is(level)] samr_DispInfo info
1044 /************************/
1046 NTSTATUS samr_AddMultipleMembersToAlias(
1047 [in,ref] policy_handle *alias_handle,
1048 [in,ref] lsa_SidArray *sids
1051 /************************/
1053 NTSTATUS samr_RemoveMultipleMembersFromAlias(
1054 [in,ref] policy_handle *alias_handle,
1055 [in,ref] lsa_SidArray *sids
1058 /************************/
1061 NTSTATUS samr_OemChangePasswordUser2(
1062 [in] samr_AsciiName *server,
1063 [in,ref] samr_AsciiName *account,
1064 [in] samr_CryptPassword *password,
1065 [in] samr_Password *hash
1068 /************************/
1070 NTSTATUS samr_ChangePasswordUser2(
1071 [in] samr_String *server,
1072 [in,ref] samr_String *account,
1073 [in] samr_CryptPassword *nt_password,
1074 [in] samr_Password *nt_verifier,
1075 [in] bool8 lm_change,
1076 [in] samr_CryptPassword *lm_password,
1077 [in] samr_Password *lm_verifier
1080 /************************/
1082 NTSTATUS samr_GetDomPwInfo(
1083 [in] samr_String *name,
1084 [out] samr_PwInfo info
1087 /************************/
1089 NTSTATUS samr_Connect2(
1090 [in] unistr *system_name,
1091 [in] uint32 access_mask,
1092 [out,ref] policy_handle *connect_handle
1095 /************************/
1098 seems to be an exact alias for samr_SetUserInfo()
1100 NTSTATUS samr_SetUserInfo2(
1101 [in,ref] policy_handle *user_handle,
1103 [in,ref,switch_is(level)] samr_UserInfo *info
1106 /************************/
1109 this one is mysterious. I have a few guesses, but nothing working yet
1111 NTSTATUS samr_SetBootKeyInformation(
1112 [in,ref] policy_handle *connect_handle,
1113 [in] uint32 unknown1,
1114 [in] uint32 unknown2,
1115 [in] uint32 unknown3
1118 /************************/
1120 NTSTATUS samr_GetBootKeyInformation(
1121 [in,ref] policy_handle *domain_handle,
1122 [out] uint32 unknown
1125 /************************/
1127 NTSTATUS samr_Connect3(
1128 [in] unistr *system_name,
1129 /* this unknown value seems to be completely ignored by w2k3 */
1130 [in] uint32 unknown,
1131 [in] uint32 access_mask,
1132 [out,ref] policy_handle *connect_handle
1135 /************************/
1137 NTSTATUS samr_Connect4(
1138 [in] unistr *system_name,
1139 [in] uint32 unknown,
1140 [in] uint32 access_mask,
1141 [out,ref] policy_handle *connect_handle
1144 /************************/
1147 const int SAMR_REJECT_OTHER = 0;
1148 const int SAMR_REJECT_TOO_SHORT = 1;
1149 const int SAMR_REJECT_COMPLEXITY = 2;
1155 } samr_ChangeReject;
1157 NTSTATUS samr_ChangePasswordUser3(
1158 [in] samr_String *server,
1159 [in,ref] samr_String *account,
1160 [in] samr_CryptPassword *nt_password,
1161 [in] samr_Password *nt_verifier,
1162 [in] bool8 lm_change,
1163 [in] samr_CryptPassword *lm_password,
1164 [in] samr_Password *lm_verifier,
1165 [in] samr_CryptPassword *password3,
1166 [out] samr_DomInfo1 *dominfo,
1167 [out] samr_ChangeReject *reject
1170 /************************/
1174 uint32 unknown1; /* w2k3 gives 3 */
1175 uint32 unknown2; /* w2k3 gives 0 */
1176 } samr_ConnectInfo1;
1179 [case(1)] samr_ConnectInfo1 info1;
1182 NTSTATUS samr_Connect5(
1183 [in] unistr *system_name,
1184 [in] uint32 access_mask,
1185 [in,out] uint32 level,
1186 [in,out,switch_is(level),ref] samr_ConnectInfo *info,
1187 [out,ref] policy_handle *connect_handle
1190 /************************/
1192 NTSTATUS samr_RidToSid(
1193 [in,ref] policy_handle *domain_handle,
1199 /************************/
1203 this should set the DSRM password for the server, which is used
1204 when booting into Directory Services Recovery Mode on a DC. Win2003
1205 gives me NT_STATUS_NOT_SUPPORTED
1208 NTSTATUS samr_SetDsrmPassword(
1209 [in] samr_String *name,
1210 [in] uint32 unknown,
1211 [in] samr_Password *hash
1215 /************************/
1218 I haven't been able to work out the format of this one yet.
1219 Seems to start with a switch level for a union?
1221 NTSTATUS samr_ValidatePassword();