pointer_default_top(unique)
] interface samr
{
- declare bitmap security_secinfo;
+ typedef bitmap security_secinfo security_secinfo;
/* account control (acct_flags) bits */
typedef [public,bitmap32bit] bitmap {
SAMR_ACCESS_OPEN_DOMAIN = 0x00000020
} samr_ConnectAccessMask;
+ typedef [bitmap32bit] bitmap {
+ USER_ACCESS_GET_NAME_ETC = 0x00000001,
+ USER_ACCESS_GET_LOCALE = 0x00000002,
+ USER_ACCESS_SET_LOC_COM = 0x00000004,
+ USER_ACCESS_GET_LOGONINFO = 0x00000008,
+ USER_ACCESS_GET_ATTRIBUTES = 0x00000010,
+ USER_ACCESS_SET_ATTRIBUTES = 0x00000020,
+ USER_ACCESS_CHANGE_PASSWORD = 0x00000040,
+ USER_ACCESS_SET_PASSWORD = 0x00000080,
+ USER_ACCESS_GET_GROUPS = 0x00000100,
+ USER_ACCESS_GET_GROUP_MEMBERSHIP = 0x00000200,
+ USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400
+ } samr_UserAccessMask;
+
+ typedef [bitmap32bit] bitmap {
+ DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001,
+ DOMAIN_ACCESS_SET_INFO_1 = 0x00000002,
+ DOMAIN_ACCESS_LOOKUP_INFO_2 = 0x00000004,
+ DOMAIN_ACCESS_SET_INFO_2 = 0x00000008,
+ DOMAIN_ACCESS_CREATE_USER = 0x00000010,
+ DOMAIN_ACCESS_CREATE_GROUP = 0x00000020,
+ DOMAIN_ACCESS_CREATE_ALIAS = 0x00000040,
+ DOMAIN_ACCESS_LOOKUP_ALIAS = 0x00000080,
+ DOMAIN_ACCESS_ENUM_ACCOUNTS = 0x00000100,
+ DOMAIN_ACCESS_OPEN_ACCOUNT = 0x00000200,
+ DOMAIN_ACCESS_SET_INFO_3 = 0x00000400
+ } samr_DomainAccessMask;
+
typedef [bitmap32bit] bitmap {
GROUP_ACCESS_LOOKUP_INFO = 0x00000001,
GROUP_ACCESS_SET_INFO = 0x00000002,
/* Function 0x07 */
[public] NTSTATUS samr_OpenDomain(
[in,ref] policy_handle *connect_handle,
- [in] uint32 access_mask,
+ [in] samr_DomainAccessMask access_mask,
[in,ref] dom_sid2 *sid,
[out,ref] policy_handle *domain_handle
);
NTSTATUS samr_CreateUser(
[in,ref] policy_handle *domain_handle,
[in,ref] lsa_String *account_name,
- [in] uint32 access_mask,
+ [in] samr_UserAccessMask access_mask,
[out,ref] policy_handle *user_handle,
[out,ref] uint32 *rid
);
/* Function 0x22 */
[public] NTSTATUS samr_OpenUser(
[in,ref] policy_handle *domain_handle,
- [in] uint32 access_mask,
+ [in] samr_UserAccessMask access_mask,
[in] uint32 rid,
[out,ref] policy_handle *user_handle
);
[in,ref] policy_handle *domain_handle,
[in,ref] lsa_String *account_name,
[in] samr_AcctFlags acct_flags,
- [in] uint32 access_mask,
+ [in] samr_UserAccessMask access_mask,
[out,ref] policy_handle *user_handle,
[out,ref] uint32 *access_granted,
[out,ref] uint32 *rid
/************************/
/* Function 0x3f */
- declare enum samr_RejectReason;
+ typedef enum samr_RejectReason samr_RejectReason;
typedef struct {
samr_RejectReason reason;
/************************/
/* Function 0x43 */
- /*
- I haven't been able to work out the format of this one yet.
- Seems to start with a switch level for a union?
- */
- NTSTATUS samr_ValidatePassword();
+ /************************/
+ typedef [bitmap32bit] bitmap {
+ SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET = 0x00000001,
+ SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME = 0x00000002,
+ SAMR_VALIDATE_FIELD_LOCKOUT_TIME = 0x00000004,
+ SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT = 0x00000008,
+ SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH = 0x00000010,
+ SAMR_VALIDATE_FIELD_PASSWORD_HISTORY = 0x00000020
+ } samr_ValidateFieldsPresent;
+
+ typedef enum {
+ NetValidateAuthentication = 1,
+ NetValidatePasswordChange= 2,
+ NetValidatePasswordReset = 3
+ } samr_ValidatePasswordLevel;
+
+ /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't
+ * identified the mapping of
+ * - NERR_PasswordFilterError
+ * - NERR_PasswordExpired and
+ * - NERR_PasswordCantChange
+ * yet - Guenther
+ */
+
+ typedef enum {
+ SAMR_VALIDATION_STATUS_SUCCESS = 0,
+ SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1,
+ SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2,
+ SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4,
+ SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5,
+ SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6,
+ SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7,
+ SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8,
+ SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9
+ } samr_ValidationStatus;
+
+ typedef struct {
+ uint32 length;
+ [size_is(length)] uint8 *data;
+ } samr_ValidationBlob;
+
+ typedef struct {
+ samr_ValidateFieldsPresent fields_present;
+ NTTIME_hyper last_password_change;
+ NTTIME_hyper bad_password_time;
+ NTTIME_hyper lockout_time;
+ uint32 bad_pwd_count;
+ uint32 pwd_history_len;
+ [size_is(pwd_history_len)] samr_ValidationBlob *pwd_history;
+ } samr_ValidatePasswordInfo;
+
+ typedef struct {
+ samr_ValidatePasswordInfo info;
+ samr_ValidationStatus status;
+ } samr_ValidatePasswordRepCtr;
+
+ typedef [switch_type(uint16)] union {
+ [case(1)] samr_ValidatePasswordRepCtr ctr1;
+ [case(2)] samr_ValidatePasswordRepCtr ctr2;
+ [case(3)] samr_ValidatePasswordRepCtr ctr3;
+ } samr_ValidatePasswordRep;
+
+ typedef struct {
+ samr_ValidatePasswordInfo info;
+ lsa_StringLarge password;
+ lsa_StringLarge account;
+ samr_ValidationBlob hash;
+ boolean8 pwd_must_change_at_next_logon;
+ boolean8 clear_lockout;
+ } samr_ValidatePasswordReq3;
+
+ typedef struct {
+ samr_ValidatePasswordInfo info;
+ lsa_StringLarge password;
+ lsa_StringLarge account;
+ samr_ValidationBlob hash;
+ boolean8 password_matched;
+ } samr_ValidatePasswordReq2;
+
+ typedef struct {
+ samr_ValidatePasswordInfo info;
+ boolean8 password_matched;
+ } samr_ValidatePasswordReq1;
+
+ typedef [switch_type(uint16)] union {
+ [case(1)] samr_ValidatePasswordReq1 req1;
+ [case(2)] samr_ValidatePasswordReq2 req2;
+ [case(3)] samr_ValidatePasswordReq3 req3;
+ } samr_ValidatePasswordReq;
+
+ NTSTATUS samr_ValidatePassword(
+ [in] samr_ValidatePasswordLevel level,
+ [in,switch_is(level)] samr_ValidatePasswordReq req,
+ [out,switch_is(level)] samr_ValidatePasswordRep *rep
+ );
}