4 samr interface definition
6 import "misc.idl", "lsa.idl", "security.idl";
9 Thanks to Todd Sabin for some information from his samr.idl in acltools
12 [ uuid("12345778-1234-abcd-ef00-0123456789ac"),
14 endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
15 pointer_default(unique)
18 typedef bitmap security_secinfo security_secinfo;
20 /* account control (acct_flags) bits */
21 typedef [public,bitmap32bit] bitmap {
22 ACB_DISABLED = 0x00000001, /* 1 = User account disabled */
23 ACB_HOMDIRREQ = 0x00000002, /* 1 = Home directory required */
24 ACB_PWNOTREQ = 0x00000004, /* 1 = User password not required */
25 ACB_TEMPDUP = 0x00000008, /* 1 = Temporary duplicate account */
26 ACB_NORMAL = 0x00000010, /* 1 = Normal user account */
27 ACB_MNS = 0x00000020, /* 1 = MNS logon user account */
28 ACB_DOMTRUST = 0x00000040, /* 1 = Interdomain trust account */
29 ACB_WSTRUST = 0x00000080, /* 1 = Workstation trust account */
30 ACB_SVRTRUST = 0x00000100, /* 1 = Server trust account */
31 ACB_PWNOEXP = 0x00000200, /* 1 = User password does not expire */
32 ACB_AUTOLOCK = 0x00000400, /* 1 = Account auto locked */
33 ACB_ENC_TXT_PWD_ALLOWED = 0x00000800, /* 1 = Encryped text password is allowed */
34 ACB_SMARTCARD_REQUIRED = 0x00001000, /* 1 = Smart Card required */
35 ACB_TRUSTED_FOR_DELEGATION = 0x00002000, /* 1 = Trusted for Delegation */
36 ACB_NOT_DELEGATED = 0x00004000, /* 1 = Not delegated */
37 ACB_USE_DES_KEY_ONLY = 0x00008000, /* 1 = Use DES key only */
38 ACB_DONT_REQUIRE_PREAUTH = 0x00010000, /* 1 = Preauth not required */
39 ACB_PW_EXPIRED = 0x00020000, /* 1 = Password Expired */
40 ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */
43 /* SAM server specific access rights */
45 typedef [bitmap32bit] bitmap {
46 SAMR_ACCESS_CONNECT_TO_SERVER = 0x00000001,
47 SAMR_ACCESS_SHUTDOWN_SERVER = 0x00000002,
48 SAMR_ACCESS_INITIALIZE_SERVER = 0x00000004,
49 SAMR_ACCESS_CREATE_DOMAIN = 0x00000008,
50 SAMR_ACCESS_ENUM_DOMAINS = 0x00000010,
51 SAMR_ACCESS_OPEN_DOMAIN = 0x00000020
52 } samr_ConnectAccessMask;
54 const int SAMR_ACCESS_ALL_ACCESS = 0x0000003F;
56 const int GENERIC_RIGHTS_SAM_ALL_ACCESS =
57 (STANDARD_RIGHTS_REQUIRED_ACCESS |
58 SAMR_ACCESS_ALL_ACCESS);
60 const int GENERIC_RIGHTS_SAM_READ =
61 (STANDARD_RIGHTS_READ_ACCESS |
62 SAMR_ACCESS_ENUM_DOMAINS);
64 const int GENERIC_RIGHTS_SAM_WRITE =
65 (STANDARD_RIGHTS_WRITE_ACCESS |
66 SAMR_ACCESS_CREATE_DOMAIN |
67 SAMR_ACCESS_INITIALIZE_SERVER |
68 SAMR_ACCESS_SHUTDOWN_SERVER);
70 const int GENERIC_RIGHTS_SAM_EXECUTE =
71 (STANDARD_RIGHTS_EXECUTE_ACCESS |
72 SAMR_ACCESS_OPEN_DOMAIN |
73 SAMR_ACCESS_CONNECT_TO_SERVER);
75 typedef [bitmap32bit] bitmap {
76 SAMR_USER_ACCESS_GET_NAME_ETC = 0x00000001,
77 SAMR_USER_ACCESS_GET_LOCALE = 0x00000002,
78 SAMR_USER_ACCESS_SET_LOC_COM = 0x00000004,
79 SAMR_USER_ACCESS_GET_LOGONINFO = 0x00000008,
80 SAMR_USER_ACCESS_GET_ATTRIBUTES = 0x00000010,
81 SAMR_USER_ACCESS_SET_ATTRIBUTES = 0x00000020,
82 SAMR_USER_ACCESS_CHANGE_PASSWORD = 0x00000040,
83 SAMR_USER_ACCESS_SET_PASSWORD = 0x00000080,
84 SAMR_USER_ACCESS_GET_GROUPS = 0x00000100,
85 SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP = 0x00000200,
86 SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400
87 } samr_UserAccessMask;
89 typedef [bitmap32bit] bitmap {
90 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001,
91 SAMR_DOMAIN_ACCESS_SET_INFO_1 = 0x00000002,
92 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 = 0x00000004,
93 SAMR_DOMAIN_ACCESS_SET_INFO_2 = 0x00000008,
94 SAMR_DOMAIN_ACCESS_CREATE_USER = 0x00000010,
95 SAMR_DOMAIN_ACCESS_CREATE_GROUP = 0x00000020,
96 SAMR_DOMAIN_ACCESS_CREATE_ALIAS = 0x00000040,
97 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS = 0x00000080,
98 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS = 0x00000100,
99 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT = 0x00000200,
100 SAMR_DOMAIN_ACCESS_SET_INFO_3 = 0x00000400
101 } samr_DomainAccessMask;
103 typedef [bitmap32bit] bitmap {
104 SAMR_GROUP_ACCESS_LOOKUP_INFO = 0x00000001,
105 SAMR_GROUP_ACCESS_SET_INFO = 0x00000002,
106 SAMR_GROUP_ACCESS_ADD_MEMBER = 0x00000004,
107 SAMR_GROUP_ACCESS_REMOVE_MEMBER = 0x00000008,
108 SAMR_GROUP_ACCESS_GET_MEMBERS = 0x00000010
109 } samr_GroupAccessMask;
111 typedef [bitmap32bit] bitmap {
112 SAMR_ALIAS_ACCESS_ADD_MEMBER = 0x00000001,
113 SAMR_ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002,
114 SAMR_ALIAS_ACCESS_GET_MEMBERS = 0x00000004,
115 SAMR_ALIAS_ACCESS_LOOKUP_INFO = 0x00000008,
116 SAMR_ALIAS_ACCESS_SET_INFO = 0x00000010
117 } samr_AliasAccessMask;
121 NTSTATUS samr_Connect (
122 /* notice the lack of [string] */
123 [in,unique] uint16 *system_name,
124 [in] samr_ConnectAccessMask access_mask,
125 [out,ref] policy_handle *connect_handle
131 [public] NTSTATUS samr_Close (
132 [in,out,ref] policy_handle *handle
138 NTSTATUS samr_SetSecurity (
139 [in,ref] policy_handle *handle,
140 [in] security_secinfo sec_info,
141 [in,ref] sec_desc_buf *sdbuf
147 NTSTATUS samr_QuerySecurity (
148 [in,ref] policy_handle *handle,
149 [in] security_secinfo sec_info,
150 [out,ref] sec_desc_buf **sdbuf
157 shutdown the SAM - once you call this the SAM will be dead
159 NTSTATUS samr_Shutdown (
160 [in,ref] policy_handle *connect_handle
165 NTSTATUS samr_LookupDomain (
166 [in,ref] policy_handle *connect_handle,
167 [in,ref] lsa_String *domain_name,
168 [out,ref] dom_sid2 **sid
182 [size_is(count)] samr_SamEntry *entries;
185 NTSTATUS samr_EnumDomains (
186 [in] policy_handle *connect_handle,
187 [in,out,ref] uint32 *resume_handle,
188 [out,ref] samr_SamArray **sam,
189 [in] uint32 buf_size,
190 [out,ref] uint32 *num_entries
194 /************************/
196 [public] NTSTATUS samr_OpenDomain(
197 [in,ref] policy_handle *connect_handle,
198 [in] samr_DomainAccessMask access_mask,
199 [in,ref] dom_sid2 *sid,
200 [out,ref] policy_handle *domain_handle
203 /************************/
206 typedef [v1_enum] enum {
207 SAMR_ROLE_STANDALONE = 0,
208 SAMR_ROLE_DOMAIN_MEMBER = 1,
209 SAMR_ROLE_DOMAIN_BDC = 2,
210 SAMR_ROLE_DOMAIN_PDC = 3
213 /* password properties flags */
214 typedef [public,bitmap32bit] bitmap {
215 DOMAIN_PASSWORD_COMPLEX = 0x00000001,
216 DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002,
217 DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004,
218 DOMAIN_PASSWORD_LOCKOUT_ADMINS = 0x00000008,
219 DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010,
220 DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020
221 } samr_PasswordProperties;
224 uint16 min_password_length;
225 uint16 password_history_length;
226 samr_PasswordProperties password_properties;
227 /* yes, these are signed. They are in negative 100ns */
228 dlong max_password_age;
229 dlong min_password_age;
233 NTTIME force_logoff_time;
234 lsa_String oem_information; /* comment */
235 lsa_String domain_name;
236 lsa_String primary; /* PDC name if this is a BDC */
244 } samr_DomGeneralInformation;
247 NTTIME force_logoff_time;
251 lsa_String oem_information; /* comment */
252 } samr_DomOEMInformation;
255 lsa_String domain_name;
268 NTTIME domain_create_time;
272 uint32 unknown; /* w2k3 returns 1 */
276 samr_DomGeneralInformation general;
277 hyper lockout_duration;
278 hyper lockout_window;
279 uint16 lockout_threshold;
280 } samr_DomGeneralInformation2;
283 hyper lockout_duration;
284 hyper lockout_window;
285 uint16 lockout_threshold;
290 NTTIME domain_create_time;
295 typedef [switch_type(uint16)] union {
296 [case(1)] samr_DomInfo1 info1;
297 [case(2)] samr_DomGeneralInformation general;
298 [case(3)] samr_DomInfo3 info3;
299 [case(4)] samr_DomOEMInformation oem;
300 [case(5)] samr_DomInfo5 info5;
301 [case(6)] samr_DomInfo6 info6;
302 [case(7)] samr_DomInfo7 info7;
303 [case(8)] samr_DomInfo8 info8;
304 [case(9)] samr_DomInfo9 info9;
305 [case(11)] samr_DomGeneralInformation2 general2;
306 [case(12)] samr_DomInfo12 info12;
307 [case(13)] samr_DomInfo13 info13;
310 NTSTATUS samr_QueryDomainInfo(
311 [in,ref] policy_handle *domain_handle,
313 [out,ref,switch_is(level)] samr_DomainInfo **info
316 /************************/
319 only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
322 NTSTATUS samr_SetDomainInfo(
323 [in,ref] policy_handle *domain_handle,
325 [in,switch_is(level),ref] samr_DomainInfo *info
329 /************************/
331 NTSTATUS samr_CreateDomainGroup(
332 [in,ref] policy_handle *domain_handle,
333 [in,ref] lsa_String *name,
334 [in] samr_GroupAccessMask access_mask,
335 [out,ref] policy_handle *group_handle,
336 [out,ref] uint32 *rid
340 /************************/
343 const int MAX_SAM_ENTRIES_W2K = 0x400; /* 1024 */
344 const int MAX_SAM_ENTRIES_W95 = 50;
346 NTSTATUS samr_EnumDomainGroups(
347 [in] policy_handle *domain_handle,
348 [in,out,ref] uint32 *resume_handle,
349 [out,ref] samr_SamArray **sam,
350 [in] uint32 max_size,
351 [out,ref] uint32 *num_entries
354 /************************/
356 NTSTATUS samr_CreateUser(
357 [in,ref] policy_handle *domain_handle,
358 [in,ref] lsa_String *account_name,
359 [in] samr_UserAccessMask access_mask,
360 [out,ref] policy_handle *user_handle,
361 [out,ref] uint32 *rid
364 /************************/
368 /* w2k3 treats max_size as max_users*54 and sets the
369 resume_handle as the rid of the last user sent
371 const int SAMR_ENUM_USERS_MULTIPLIER = 54;
373 NTSTATUS samr_EnumDomainUsers(
374 [in] policy_handle *domain_handle,
375 [in,out,ref] uint32 *resume_handle,
376 [in] samr_AcctFlags acct_flags,
377 [out,ref] samr_SamArray **sam,
378 [in] uint32 max_size,
379 [out,ref] uint32 *num_entries
382 /************************/
384 NTSTATUS samr_CreateDomAlias(
385 [in,ref] policy_handle *domain_handle,
386 [in,ref] lsa_String *alias_name,
387 [in] samr_AliasAccessMask access_mask,
388 [out,ref] policy_handle *alias_handle,
389 [out,ref] uint32 *rid
392 /************************/
394 NTSTATUS samr_EnumDomainAliases(
395 [in] policy_handle *domain_handle,
396 [in,out,ref] uint32 *resume_handle,
397 [out,ref] samr_SamArray **sam,
398 [in] uint32 max_size,
399 [out,ref] uint32 *num_entries
402 /************************/
406 [range(0,1024)] uint32 count;
407 [size_is(count)] uint32 *ids;
410 NTSTATUS samr_GetAliasMembership(
411 [in,ref] policy_handle *domain_handle,
412 [in,ref] lsa_SidArray *sids,
413 [out,ref] samr_Ids *rids
416 /************************/
419 [public] NTSTATUS samr_LookupNames(
420 [in,ref] policy_handle *domain_handle,
421 [in,range(0,1000)] uint32 num_names,
422 [in,size_is(1000),length_is(num_names)] lsa_String names[],
423 [out,ref] samr_Ids *rids,
424 [out,ref] samr_Ids *types
428 /************************/
430 NTSTATUS samr_LookupRids(
431 [in,ref] policy_handle *domain_handle,
432 [in,range(0,1000)] uint32 num_rids,
433 [in,size_is(1000),length_is(num_rids)] uint32 rids[],
434 [out,ref] lsa_Strings *names,
435 [out,ref] samr_Ids *types
438 /************************/
440 NTSTATUS samr_OpenGroup(
441 [in,ref] policy_handle *domain_handle,
442 [in] samr_GroupAccessMask access_mask,
444 [out,ref] policy_handle *group_handle
447 /* Group attributes */
448 typedef [public,bitmap32bit] bitmap {
449 SE_GROUP_MANDATORY = 0x00000001,
450 SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002,
451 SE_GROUP_ENABLED = 0x00000004,
452 SE_GROUP_OWNER = 0x00000008,
453 SE_GROUP_USE_FOR_DENY_ONLY = 0x00000010,
454 SE_GROUP_RESOURCE = 0x20000000,
455 SE_GROUP_LOGON_ID = 0xC0000000
458 /************************/
463 samr_GroupAttrs attributes;
465 lsa_String description;
469 samr_GroupAttrs attributes;
470 } samr_GroupInfoAttributes;
473 lsa_String description;
474 } samr_GroupInfoDescription;
479 GROUPINFOATTRIBUTES = 3,
480 GROUPINFODESCRIPTION = 4,
482 } samr_GroupInfoEnum;
484 typedef [switch_type(samr_GroupInfoEnum)] union {
485 [case(GROUPINFOALL)] samr_GroupInfoAll all;
486 [case(GROUPINFONAME)] lsa_String name;
487 [case(GROUPINFOATTRIBUTES)] samr_GroupInfoAttributes attributes;
488 [case(GROUPINFODESCRIPTION)] lsa_String description;
489 [case(GROUPINFOALL2)] samr_GroupInfoAll all2;
492 NTSTATUS samr_QueryGroupInfo(
493 [in,ref] policy_handle *group_handle,
494 [in] samr_GroupInfoEnum level,
495 [out,ref,switch_is(level)] samr_GroupInfo **info
498 /************************/
500 NTSTATUS samr_SetGroupInfo(
501 [in,ref] policy_handle *group_handle,
502 [in] samr_GroupInfoEnum level,
503 [in,switch_is(level),ref] samr_GroupInfo *info
506 /************************/
508 NTSTATUS samr_AddGroupMember(
509 [in,ref] policy_handle *group_handle,
514 /************************/
516 NTSTATUS samr_DeleteDomainGroup(
517 [in,out,ref] policy_handle *group_handle
520 /************************/
522 NTSTATUS samr_DeleteGroupMember(
523 [in,ref] policy_handle *group_handle,
528 /************************/
532 [size_is(count)] uint32 *rids;
533 [size_is(count)] uint32 *types;
536 NTSTATUS samr_QueryGroupMember(
537 [in,ref] policy_handle *group_handle,
538 [out,ref] samr_RidTypeArray **rids
542 /************************/
546 win2003 seems to accept any data at all for the two integers
547 below, and doesn't seem to do anything with them that I can
548 see. Weird. I really expected the first integer to be a rid
549 and the second to be the attributes for that rid member.
551 NTSTATUS samr_SetMemberAttributesOfGroup(
552 [in,ref] policy_handle *group_handle,
553 [in] uint32 unknown1,
558 /************************/
560 NTSTATUS samr_OpenAlias (
561 [in,ref] policy_handle *domain_handle,
562 [in] samr_AliasAccessMask access_mask,
564 [out,ref] policy_handle *alias_handle
568 /************************/
574 lsa_String description;
580 ALIASINFODESCRIPTION = 3
581 } samr_AliasInfoEnum;
583 typedef [switch_type(samr_AliasInfoEnum)] union {
584 [case(ALIASINFOALL)] samr_AliasInfoAll all;
585 [case(ALIASINFONAME)] lsa_String name;
586 [case(ALIASINFODESCRIPTION)] lsa_String description;
589 NTSTATUS samr_QueryAliasInfo(
590 [in,ref] policy_handle *alias_handle,
591 [in] samr_AliasInfoEnum level,
592 [out,ref,switch_is(level)] samr_AliasInfo **info
595 /************************/
597 NTSTATUS samr_SetAliasInfo(
598 [in,ref] policy_handle *alias_handle,
599 [in] samr_AliasInfoEnum level,
600 [in,switch_is(level),ref] samr_AliasInfo *info
603 /************************/
605 NTSTATUS samr_DeleteDomAlias(
606 [in,out,ref] policy_handle *alias_handle
609 /************************/
611 NTSTATUS samr_AddAliasMember(
612 [in,ref] policy_handle *alias_handle,
613 [in,ref] dom_sid2 *sid
616 /************************/
618 NTSTATUS samr_DeleteAliasMember(
619 [in,ref] policy_handle *alias_handle,
620 [in,ref] dom_sid2 *sid
623 /************************/
625 NTSTATUS samr_GetMembersInAlias(
626 [in,ref] policy_handle *alias_handle,
627 [out,ref] lsa_SidArray *sids
630 /************************/
632 [public] NTSTATUS samr_OpenUser(
633 [in,ref] policy_handle *domain_handle,
634 [in] samr_UserAccessMask access_mask,
636 [out,ref] policy_handle *user_handle
639 /************************/
641 NTSTATUS samr_DeleteUser(
642 [in,out,ref] policy_handle *user_handle
645 /************************/
648 lsa_String account_name;
649 lsa_String full_name;
651 lsa_String description;
657 lsa_String unknown; /* settable, but doesn't stick. probably obsolete */
662 /* this is also used in samr and netlogon */
663 typedef [public, flag(NDR_PAHEX)] struct {
664 uint16 units_per_week;
665 [size_is(1260), length_is(units_per_week/8)] uint8 *bits;
669 lsa_String account_name;
670 lsa_String full_name;
673 lsa_String home_directory;
674 lsa_String home_drive;
675 lsa_String logon_script;
676 lsa_String profile_path;
677 lsa_String workstations;
680 NTTIME last_password_change;
681 NTTIME allow_password_change;
682 NTTIME force_password_change;
683 samr_LogonHours logon_hours;
684 uint16 bad_password_count;
686 samr_AcctFlags acct_flags;
690 samr_LogonHours logon_hours;
694 lsa_String account_name;
695 lsa_String full_name;
698 lsa_String home_directory;
699 lsa_String home_drive;
700 lsa_String logon_script;
701 lsa_String profile_path;
702 lsa_String description;
703 lsa_String workstations;
706 samr_LogonHours logon_hours;
707 uint16 bad_password_count;
709 NTTIME last_password_change;
711 samr_AcctFlags acct_flags;
715 lsa_String account_name;
716 lsa_String full_name;
720 lsa_String account_name;
724 lsa_String full_name;
732 lsa_String home_directory;
733 lsa_String home_drive;
737 lsa_String logon_script;
741 lsa_String profile_path;
745 lsa_String description;
749 lsa_String workstations;
753 samr_AcctFlags acct_flags;
760 typedef [public, flag(NDR_PAHEX)] struct {
765 samr_Password lm_pwd;
766 samr_Password nt_pwd;
767 boolean8 lm_pwd_active;
768 boolean8 nt_pwd_active;
772 lsa_BinaryString parameters;
775 /* this defines the bits used for fields_present in info21 */
776 typedef [bitmap32bit] bitmap {
777 SAMR_FIELD_ACCOUNT_NAME = 0x00000001,
778 SAMR_FIELD_FULL_NAME = 0x00000002,
779 SAMR_FIELD_RID = 0x00000004,
780 SAMR_FIELD_PRIMARY_GID = 0x00000008,
781 SAMR_FIELD_DESCRIPTION = 0x00000010,
782 SAMR_FIELD_COMMENT = 0x00000020,
783 SAMR_FIELD_HOME_DIRECTORY = 0x00000040,
784 SAMR_FIELD_HOME_DRIVE = 0x00000080,
785 SAMR_FIELD_LOGON_SCRIPT = 0x00000100,
786 SAMR_FIELD_PROFILE_PATH = 0x00000200,
787 SAMR_FIELD_WORKSTATIONS = 0x00000400,
788 SAMR_FIELD_LAST_LOGON = 0x00000800,
789 SAMR_FIELD_LAST_LOGOFF = 0x00001000,
790 SAMR_FIELD_LOGON_HOURS = 0x00002000,
791 SAMR_FIELD_BAD_PWD_COUNT = 0x00004000,
792 SAMR_FIELD_NUM_LOGONS = 0x00008000,
793 SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000,
794 SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000,
795 SAMR_FIELD_LAST_PWD_CHANGE = 0x00040000,
796 SAMR_FIELD_ACCT_EXPIRY = 0x00080000,
797 SAMR_FIELD_ACCT_FLAGS = 0x00100000,
798 SAMR_FIELD_PARAMETERS = 0x00200000,
799 SAMR_FIELD_COUNTRY_CODE = 0x00400000,
800 SAMR_FIELD_CODE_PAGE = 0x00800000,
801 SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */
802 SAMR_FIELD_PASSWORD2 = 0x02000000, /* two bits seems to work */
803 SAMR_FIELD_PRIVATE_DATA = 0x04000000,
804 SAMR_FIELD_EXPIRED_FLAG = 0x08000000,
805 SAMR_FIELD_SEC_DESC = 0x10000000,
806 SAMR_FIELD_OWF_PWD = 0x20000000
807 } samr_FieldsPresent;
809 /* used for 'password_expired' in samr_UserInfo21 */
810 const int PASS_MUST_CHANGE_AT_NEXT_LOGON = 0x01;
811 const int PASS_DONT_CHANGE_AT_NEXT_LOGON = 0x00;
816 NTTIME last_password_change;
818 NTTIME allow_password_change;
819 NTTIME force_password_change;
820 lsa_String account_name;
821 lsa_String full_name;
822 lsa_String home_directory;
823 lsa_String home_drive;
824 lsa_String logon_script;
825 lsa_String profile_path;
826 lsa_String description;
827 lsa_String workstations;
829 lsa_BinaryString parameters;
834 [size_is(buf_count)] uint8 *buffer;
837 samr_AcctFlags acct_flags;
838 samr_FieldsPresent fields_present;
839 samr_LogonHours logon_hours;
840 uint16 bad_password_count;
844 uint8 nt_password_set;
845 uint8 lm_password_set;
846 uint8 password_expired;
850 typedef [public, flag(NDR_PAHEX)] struct {
852 } samr_CryptPassword;
855 samr_UserInfo21 info;
856 samr_CryptPassword password;
860 samr_CryptPassword password;
864 typedef [flag(NDR_PAHEX)] struct {
866 } samr_CryptPasswordEx;
869 samr_UserInfo21 info;
870 samr_CryptPasswordEx password;
874 samr_CryptPasswordEx password;
878 typedef [switch_type(uint16)] union {
879 [case(1)] samr_UserInfo1 info1;
880 [case(2)] samr_UserInfo2 info2;
881 [case(3)] samr_UserInfo3 info3;
882 [case(4)] samr_UserInfo4 info4;
883 [case(5)] samr_UserInfo5 info5;
884 [case(6)] samr_UserInfo6 info6;
885 [case(7)] samr_UserInfo7 info7;
886 [case(8)] samr_UserInfo8 info8;
887 [case(9)] samr_UserInfo9 info9;
888 [case(10)] samr_UserInfo10 info10;
889 [case(11)] samr_UserInfo11 info11;
890 [case(12)] samr_UserInfo12 info12;
891 [case(13)] samr_UserInfo13 info13;
892 [case(14)] samr_UserInfo14 info14;
893 [case(16)] samr_UserInfo16 info16;
894 [case(17)] samr_UserInfo17 info17;
895 [case(18)] samr_UserInfo18 info18;
896 [case(20)] samr_UserInfo20 info20;
897 [case(21)] samr_UserInfo21 info21;
898 [case(23)] samr_UserInfo23 info23;
899 [case(24)] samr_UserInfo24 info24;
900 [case(25)] samr_UserInfo25 info25;
901 [case(26)] samr_UserInfo26 info26;
904 [public] NTSTATUS samr_QueryUserInfo(
905 [in,ref] policy_handle *user_handle,
907 [out,ref,switch_is(level)] samr_UserInfo **info
911 /************************/
913 [public] NTSTATUS samr_SetUserInfo(
914 [in,ref] policy_handle *user_handle,
916 [in,ref,switch_is(level)] samr_UserInfo *info
919 /************************/
922 this is a password change interface that doesn't give
923 the server the plaintext password. Depricated.
925 NTSTATUS samr_ChangePasswordUser(
926 [in,ref] policy_handle *user_handle,
927 [in] boolean8 lm_present,
928 [in,unique] samr_Password *old_lm_crypted,
929 [in,unique] samr_Password *new_lm_crypted,
930 [in] boolean8 nt_present,
931 [in,unique] samr_Password *old_nt_crypted,
932 [in,unique] samr_Password *new_nt_crypted,
933 [in] boolean8 cross1_present,
934 [in,unique] samr_Password *nt_cross,
935 [in] boolean8 cross2_present,
936 [in,unique] samr_Password *lm_cross
939 /************************/
942 typedef [public] struct {
944 samr_GroupAttrs attributes;
945 } samr_RidWithAttribute;
947 typedef [public] struct {
949 [size_is(count)] samr_RidWithAttribute *rids;
950 } samr_RidWithAttributeArray;
952 NTSTATUS samr_GetGroupsForUser(
953 [in,ref] policy_handle *user_handle,
954 [out,ref] samr_RidWithAttributeArray **rids
957 /************************/
963 samr_AcctFlags acct_flags;
964 lsa_String account_name;
965 lsa_String description;
966 lsa_String full_name;
967 } samr_DispEntryGeneral;
971 [size_is(count)] samr_DispEntryGeneral *entries;
972 } samr_DispInfoGeneral;
977 samr_AcctFlags acct_flags;
978 lsa_String account_name;
979 lsa_String description;
980 } samr_DispEntryFull;
984 [size_is(count)] samr_DispEntryFull *entries;
990 samr_GroupAttrs acct_flags;
991 lsa_String account_name;
992 lsa_String description;
993 } samr_DispEntryFullGroup;
997 [size_is(count)] samr_DispEntryFullGroup *entries;
998 } samr_DispInfoFullGroups;
1002 lsa_AsciiStringLarge account_name;
1003 } samr_DispEntryAscii;
1007 [size_is(count)] samr_DispEntryAscii *entries;
1008 } samr_DispInfoAscii;
1010 typedef [switch_type(uint16)] union {
1011 [case(1)] samr_DispInfoGeneral info1;/* users */
1012 [case(2)] samr_DispInfoFull info2; /* trust accounts? */
1013 [case(3)] samr_DispInfoFullGroups info3; /* groups */
1014 [case(4)] samr_DispInfoAscii info4; /* users */
1015 [case(5)] samr_DispInfoAscii info5; /* groups */
1018 NTSTATUS samr_QueryDisplayInfo(
1019 [in,ref] policy_handle *domain_handle,
1021 [in] uint32 start_idx,
1022 [in] uint32 max_entries,
1023 [in] uint32 buf_size,
1024 [out,ref] uint32 *total_size,
1025 [out,ref] uint32 *returned_size,
1026 [out,ref,switch_is(level)] samr_DispInfo *info
1030 /************************/
1034 this seems to be an alphabetic search function. The returned index
1035 is the index for samr_QueryDisplayInfo needed to get names occurring
1036 after the specified name. The supplied name does not need to exist
1037 in the database (for example you can supply just a first letter for
1038 searching starting at that letter)
1040 The level corresponds to the samr_QueryDisplayInfo level
1042 NTSTATUS samr_GetDisplayEnumerationIndex(
1043 [in,ref] policy_handle *domain_handle,
1045 [in,ref] lsa_String *name,
1046 [out,ref] uint32 *idx
1051 /************************/
1055 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
1057 NTSTATUS samr_TestPrivateFunctionsDomain(
1058 [in,ref] policy_handle *domain_handle
1062 /************************/
1066 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
1068 NTSTATUS samr_TestPrivateFunctionsUser(
1069 [in,ref] policy_handle *user_handle
1073 /************************/
1077 uint16 min_password_length;
1078 samr_PasswordProperties password_properties;
1081 [public] NTSTATUS samr_GetUserPwInfo(
1082 [in,ref] policy_handle *user_handle,
1083 [out,ref] samr_PwInfo *info
1086 /************************/
1088 NTSTATUS samr_RemoveMemberFromForeignDomain(
1089 [in,ref] policy_handle *domain_handle,
1090 [in,ref] dom_sid2 *sid
1093 /************************/
1097 how is this different from QueryDomainInfo ??
1099 NTSTATUS samr_QueryDomainInfo2(
1100 [in,ref] policy_handle *domain_handle,
1102 [out,ref,switch_is(level)] samr_DomainInfo **info
1105 /************************/
1109 how is this different from QueryUserInfo ??
1111 NTSTATUS samr_QueryUserInfo2(
1112 [in,ref] policy_handle *user_handle,
1114 [out,ref,switch_is(level)] samr_UserInfo *info
1117 /************************/
1121 how is this different from QueryDisplayInfo??
1123 NTSTATUS samr_QueryDisplayInfo2(
1124 [in,ref] policy_handle *domain_handle,
1126 [in] uint32 start_idx,
1127 [in] uint32 max_entries,
1128 [in] uint32 buf_size,
1129 [out,ref] uint32 *total_size,
1130 [out,ref] uint32 *returned_size,
1131 [out,ref,switch_is(level)] samr_DispInfo *info
1134 /************************/
1138 how is this different from GetDisplayEnumerationIndex ??
1140 NTSTATUS samr_GetDisplayEnumerationIndex2(
1141 [in,ref] policy_handle *domain_handle,
1143 [in,ref] lsa_String *name,
1144 [out,ref] uint32 *idx
1148 /************************/
1150 NTSTATUS samr_CreateUser2(
1151 [in,ref] policy_handle *domain_handle,
1152 [in,ref] lsa_String *account_name,
1153 [in] samr_AcctFlags acct_flags,
1154 [in] samr_UserAccessMask access_mask,
1155 [out,ref] policy_handle *user_handle,
1156 [out,ref] uint32 *access_granted,
1157 [out,ref] uint32 *rid
1161 /************************/
1165 another duplicate. There must be a reason ....
1167 NTSTATUS samr_QueryDisplayInfo3(
1168 [in,ref] policy_handle *domain_handle,
1170 [in] uint32 start_idx,
1171 [in] uint32 max_entries,
1172 [in] uint32 buf_size,
1173 [out,ref] uint32 *total_size,
1174 [out,ref] uint32 *returned_size,
1175 [out,ref,switch_is(level)] samr_DispInfo *info
1178 /************************/
1180 NTSTATUS samr_AddMultipleMembersToAlias(
1181 [in,ref] policy_handle *alias_handle,
1182 [in,ref] lsa_SidArray *sids
1185 /************************/
1187 NTSTATUS samr_RemoveMultipleMembersFromAlias(
1188 [in,ref] policy_handle *alias_handle,
1189 [in,ref] lsa_SidArray *sids
1192 /************************/
1195 NTSTATUS samr_OemChangePasswordUser2(
1196 [in,unique] lsa_AsciiString *server,
1197 [in,ref] lsa_AsciiString *account,
1198 [in,unique] samr_CryptPassword *password,
1199 [in,unique] samr_Password *hash
1202 /************************/
1204 NTSTATUS samr_ChangePasswordUser2(
1205 [in,unique] lsa_String *server,
1206 [in,ref] lsa_String *account,
1207 [in,unique] samr_CryptPassword *nt_password,
1208 [in,unique] samr_Password *nt_verifier,
1209 [in] boolean8 lm_change,
1210 [in,unique] samr_CryptPassword *lm_password,
1211 [in,unique] samr_Password *lm_verifier
1214 /************************/
1216 NTSTATUS samr_GetDomPwInfo(
1217 [in,unique] lsa_String *domain_name,
1218 [out,ref] samr_PwInfo *info
1221 /************************/
1223 NTSTATUS samr_Connect2(
1224 [in,unique,string,charset(UTF16)] uint16 *system_name,
1225 [in] samr_ConnectAccessMask access_mask,
1226 [out,ref] policy_handle *connect_handle
1229 /************************/
1232 seems to be an exact alias for samr_SetUserInfo()
1234 [public] NTSTATUS samr_SetUserInfo2(
1235 [in,ref] policy_handle *user_handle,
1237 [in,ref,switch_is(level)] samr_UserInfo *info
1240 /************************/
1243 this one is mysterious. I have a few guesses, but nothing working yet
1245 NTSTATUS samr_SetBootKeyInformation(
1246 [in,ref] policy_handle *connect_handle,
1247 [in] uint32 unknown1,
1248 [in] uint32 unknown2,
1249 [in] uint32 unknown3
1252 /************************/
1254 NTSTATUS samr_GetBootKeyInformation(
1255 [in,ref] policy_handle *domain_handle,
1256 [out,ref] uint32 *unknown
1259 /************************/
1261 NTSTATUS samr_Connect3(
1262 [in,unique,string,charset(UTF16)] uint16 *system_name,
1263 /* this unknown value seems to be completely ignored by w2k3 */
1264 [in] uint32 unknown,
1265 [in] samr_ConnectAccessMask access_mask,
1266 [out,ref] policy_handle *connect_handle
1269 /************************/
1273 SAMR_CONNECT_PRE_W2K = 1,
1274 SAMR_CONNECT_W2K = 2,
1275 SAMR_CONNECT_AFTER_W2K = 3
1276 } samr_ConnectVersion;
1278 NTSTATUS samr_Connect4(
1279 [in,unique,string,charset(UTF16)] uint16 *system_name,
1280 [in] samr_ConnectVersion client_version,
1281 [in] samr_ConnectAccessMask access_mask,
1282 [out,ref] policy_handle *connect_handle
1285 /************************/
1288 typedef enum samr_RejectReason samr_RejectReason;
1291 samr_RejectReason reason;
1294 } samr_ChangeReject;
1296 NTSTATUS samr_ChangePasswordUser3(
1297 [in,unique] lsa_String *server,
1298 [in,ref] lsa_String *account,
1299 [in,unique] samr_CryptPassword *nt_password,
1300 [in,unique] samr_Password *nt_verifier,
1301 [in] boolean8 lm_change,
1302 [in,unique] samr_CryptPassword *lm_password,
1303 [in,unique] samr_Password *lm_verifier,
1304 [in,unique] samr_CryptPassword *password3,
1305 [out,ref] samr_DomInfo1 **dominfo,
1306 [out,ref] samr_ChangeReject **reject
1309 /************************/
1313 samr_ConnectVersion client_version; /* w2k3 gives 3 */
1314 uint32 unknown2; /* w2k3 gives 0 */
1315 } samr_ConnectInfo1;
1318 [case(1)] samr_ConnectInfo1 info1;
1321 [public] NTSTATUS samr_Connect5(
1322 [in,unique,string,charset(UTF16)] uint16 *system_name,
1323 [in] samr_ConnectAccessMask access_mask,
1324 [in] uint32 level_in,
1325 [in,ref,switch_is(level_in)] samr_ConnectInfo *info_in,
1326 [out,ref] uint32 *level_out,
1327 [out,ref,switch_is(*level_out)] samr_ConnectInfo *info_out,
1328 [out,ref] policy_handle *connect_handle
1331 /************************/
1333 NTSTATUS samr_RidToSid(
1334 [in,ref] policy_handle *domain_handle,
1336 [out,ref] dom_sid2 *sid
1340 /************************/
1344 this should set the DSRM password for the server, which is used
1345 when booting into Directory Services Recovery Mode on a DC. Win2003
1346 gives me NT_STATUS_NOT_SUPPORTED
1349 NTSTATUS samr_SetDsrmPassword(
1350 [in,unique] lsa_String *name,
1351 [in] uint32 unknown,
1352 [in,unique] samr_Password *hash
1356 /************************/
1358 /************************/
1359 typedef [bitmap32bit] bitmap {
1360 SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET = 0x00000001,
1361 SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME = 0x00000002,
1362 SAMR_VALIDATE_FIELD_LOCKOUT_TIME = 0x00000004,
1363 SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT = 0x00000008,
1364 SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH = 0x00000010,
1365 SAMR_VALIDATE_FIELD_PASSWORD_HISTORY = 0x00000020
1366 } samr_ValidateFieldsPresent;
1369 NetValidateAuthentication = 1,
1370 NetValidatePasswordChange= 2,
1371 NetValidatePasswordReset = 3
1372 } samr_ValidatePasswordLevel;
1374 /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't
1375 * identified the mapping of
1376 * - NERR_PasswordFilterError
1377 * - NERR_PasswordExpired and
1378 * - NERR_PasswordCantChange
1383 SAMR_VALIDATION_STATUS_SUCCESS = 0,
1384 SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1,
1385 SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2,
1386 SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4,
1387 SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5,
1388 SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6,
1389 SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7,
1390 SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8,
1391 SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9
1392 } samr_ValidationStatus;
1396 [size_is(length)] uint8 *data;
1397 } samr_ValidationBlob;
1400 samr_ValidateFieldsPresent fields_present;
1401 NTTIME_hyper last_password_change;
1402 NTTIME_hyper bad_password_time;
1403 NTTIME_hyper lockout_time;
1404 uint32 bad_pwd_count;
1405 uint32 pwd_history_len;
1406 [size_is(pwd_history_len)] samr_ValidationBlob *pwd_history;
1407 } samr_ValidatePasswordInfo;
1410 samr_ValidatePasswordInfo info;
1411 samr_ValidationStatus status;
1412 } samr_ValidatePasswordRepCtr;
1414 typedef [switch_type(uint16)] union {
1415 [case(1)] samr_ValidatePasswordRepCtr ctr1;
1416 [case(2)] samr_ValidatePasswordRepCtr ctr2;
1417 [case(3)] samr_ValidatePasswordRepCtr ctr3;
1418 } samr_ValidatePasswordRep;
1421 samr_ValidatePasswordInfo info;
1422 lsa_StringLarge password;
1423 lsa_StringLarge account;
1424 samr_ValidationBlob hash;
1425 boolean8 pwd_must_change_at_next_logon;
1426 boolean8 clear_lockout;
1427 } samr_ValidatePasswordReq3;
1430 samr_ValidatePasswordInfo info;
1431 lsa_StringLarge password;
1432 lsa_StringLarge account;
1433 samr_ValidationBlob hash;
1434 boolean8 password_matched;
1435 } samr_ValidatePasswordReq2;
1438 samr_ValidatePasswordInfo info;
1439 boolean8 password_matched;
1440 } samr_ValidatePasswordReq1;
1442 typedef [switch_type(uint16)] union {
1443 [case(1)] samr_ValidatePasswordReq1 req1;
1444 [case(2)] samr_ValidatePasswordReq2 req2;
1445 [case(3)] samr_ValidatePasswordReq3 req3;
1446 } samr_ValidatePasswordReq;
1448 NTSTATUS samr_ValidatePassword(
1449 [in] samr_ValidatePasswordLevel level,
1450 [in,switch_is(level)] samr_ValidatePasswordReq req,
1451 [out,ref,switch_is(level)] samr_ValidatePasswordRep *rep
git.samba.org / ira / wip.git / blob