{
typedef bitmap security_secinfo security_secinfo;
+ /* SAM database types */
+ typedef [public,v1_enum] enum {
+ SAM_DATABASE_DOMAIN = 0, /* Domain users and groups */
+ SAM_DATABASE_BUILTIN = 1, /* BUILTIN users and groups */
+ SAM_DATABASE_PRIVS = 2 /* Privileges */
+ } netr_SamDatabaseID;
+
/* account control (acct_flags) bits */
typedef [public,bitmap32bit] bitmap {
ACB_DISABLED = 0x00000001, /* 1 = User account disabled */
SAMR_ACCESS_INITIALIZE_SERVER = 0x00000004,
SAMR_ACCESS_CREATE_DOMAIN = 0x00000008,
SAMR_ACCESS_ENUM_DOMAINS = 0x00000010,
- SAMR_ACCESS_OPEN_DOMAIN = 0x00000020
+ SAMR_ACCESS_LOOKUP_DOMAIN = 0x00000020
} samr_ConnectAccessMask;
const int SAMR_ACCESS_ALL_ACCESS = 0x0000003F;
const int GENERIC_RIGHTS_SAM_EXECUTE =
(STANDARD_RIGHTS_EXECUTE_ACCESS |
- SAMR_ACCESS_OPEN_DOMAIN |
+ SAMR_ACCESS_LOOKUP_DOMAIN |
SAMR_ACCESS_CONNECT_TO_SERVER);
/* User Object specific access rights */
NTSTATUS samr_LookupDomain (
[in,ref] policy_handle *connect_handle,
[in,ref] lsa_String *domain_name,
- [out,unique] dom_sid2 *sid
+ [out,ref] dom_sid2 **sid
);
NTSTATUS samr_EnumDomains (
[in,ref] policy_handle *connect_handle,
[in,out,ref] uint32 *resume_handle,
+ [out,ref] samr_SamArray **sam,
[in] uint32 buf_size,
- [out,unique] samr_SamArray *sam,
- [out] uint32 num_entries
+ [out,ref] uint32 *num_entries
);
/************************/
/* Function 0x08 */
+
+ typedef enum {
+ DomainPasswordInformation = 1,
+ DomainGeneralInformation = 2,
+ DomainLogoffInformation = 3,
+ DomainOemInformation = 4,
+ DomainNameInformation = 5,
+ DomainReplicationInformation = 6,
+ DomainServerRoleInformation = 7,
+ DomainModifiedInformation = 8,
+ DomainStateInformation = 9,
+ DomainUasInformation = 10,
+ DomainGeneralInformation2 = 11,
+ DomainLockoutInformation = 12,
+ DomainModifiedInformation2 = 13
+ } samr_DomainInfoClass;
+
/* server roles */
typedef [v1_enum] enum {
SAMR_ROLE_STANDALONE = 0,
DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020
} samr_PasswordProperties;
+ typedef [v1_enum] enum {
+ DOMAIN_SERVER_ENABLED = 1,
+ DOMAIN_SERVER_DISABLED = 2
+ } samr_DomainServerState;
+
typedef struct {
uint16 min_password_length;
uint16 password_history_length;
lsa_String domain_name;
lsa_String primary; /* PDC name if this is a BDC */
udlong sequence_num;
- uint32 unknown2;
+ samr_DomainServerState domain_server_state;
samr_Role role;
uint32 unknown3;
uint32 num_users;
} samr_DomInfo8;
typedef struct {
- uint32 unknown; /* w2k3 returns 1 */
+ samr_DomainServerState domain_server_state;
} samr_DomInfo9;
typedef struct {
typedef struct {
hyper sequence_num;
NTTIME domain_create_time;
- uint32 unknown1;
- uint32 unknown2;
+ hyper modified_count_at_last_promotion;
} samr_DomInfo13;
typedef [switch_type(uint16)] union {
NTSTATUS samr_QueryDomainInfo(
[in,ref] policy_handle *domain_handle,
- [in] uint16 level,
+ [in] samr_DomainInfoClass level,
[out,ref,switch_is(level)] samr_DomainInfo **info
);
*/
NTSTATUS samr_SetDomainInfo(
[in,ref] policy_handle *domain_handle,
- [in] uint16 level,
+ [in] samr_DomainInfoClass level,
[in,switch_is(level),ref] samr_DomainInfo *info
);
/************************/
/* Function 0x0b */
NTSTATUS samr_EnumDomainGroups(
- [in,ref] policy_handle *domain_handle,
+ [in] policy_handle *domain_handle,
[in,out,ref] uint32 *resume_handle,
+ [out,ref] samr_SamArray **sam,
[in] uint32 max_size,
- [out,unique] samr_SamArray *sam,
- [out] uint32 num_entries
+ [out,ref] uint32 *num_entries
);
/************************/
const int SAMR_ENUM_USERS_MULTIPLIER = 54;
NTSTATUS samr_EnumDomainUsers(
- [in,ref] policy_handle *domain_handle,
+ [in] policy_handle *domain_handle,
[in,out,ref] uint32 *resume_handle,
[in] samr_AcctFlags acct_flags,
+ [out,ref] samr_SamArray **sam,
[in] uint32 max_size,
- [out,unique] samr_SamArray *sam,
- [out] uint32 num_entries
+ [out,ref] uint32 *num_entries
);
/************************/
/************************/
/* Function 0x0f */
NTSTATUS samr_EnumDomainAliases(
- [in,ref] policy_handle *domain_handle,
+ [in] policy_handle *domain_handle,
[in,out,ref] uint32 *resume_handle,
- [in] samr_AcctFlags acct_flags,
- [out,unique] samr_SamArray *sam,
- [out] uint32 num_entries
+ [out,ref] samr_SamArray **sam,
+ [in] uint32 max_size,
+ [out,ref] uint32 *num_entries
);
/************************/
[in,ref] policy_handle *domain_handle,
[in,range(0,1000)] uint32 num_names,
[in,size_is(1000),length_is(num_names)] lsa_String names[],
- [out] samr_Ids rids,
- [out] samr_Ids types
+ [out,ref] samr_Ids *rids,
+ [out,ref] samr_Ids *types
);
NTSTATUS samr_QueryGroupInfo(
[in,ref] policy_handle *group_handle,
[in] samr_GroupInfoEnum level,
- [out,switch_is(level),unique] samr_GroupInfo *info
+ [out,ref,switch_is(level)] samr_GroupInfo **info
);
/************************/
NTSTATUS samr_QueryAliasInfo(
[in,ref] policy_handle *alias_handle,
[in] samr_AliasInfoEnum level,
- [out,switch_is(level),unique] samr_AliasInfo *info
+ [out,ref,switch_is(level)] samr_AliasInfo **info
);
/************************/
/************************/
/* Function 0x24 */
+
+ typedef enum {
+ UserGeneralInformation = 1,
+ UserPreferencesInformation = 2,
+ UserLogonInformation = 3,
+ UserLogonHoursInformation = 4,
+ UserAccountInformation = 5,
+ UserNameInformation = 6,
+ UserAccountNameInformation = 7,
+ UserFullNameInformation = 8,
+ UserPrimaryGroupInformation = 9,
+ UserHomeInformation = 10,
+ UserScriptInformation = 11,
+ UserProfileInformation = 12,
+ UserAdminCommentInformation = 13,
+ UserWorkStationsInformation = 14,
+ UserControlInformation = 16,
+ UserExpiresInformation = 17,
+ UserInternal1Information = 18,
+ UserParametersInformation = 20,
+ UserAllInformation = 21,
+ UserInternal4Information = 23,
+ UserInternal5Information = 24,
+ UserInternal4InformationNew = 25,
+ UserInternal5InformationNew = 26
+ } samr_UserInfoLevel;
+
typedef struct {
lsa_String account_name;
lsa_String full_name;
} samr_Password;
typedef struct {
- samr_Password lm_pwd;
samr_Password nt_pwd;
- boolean8 lm_pwd_active;
+ samr_Password lm_pwd;
boolean8 nt_pwd_active;
+ boolean8 lm_pwd_active;
+ uint8 password_expired;
} samr_UserInfo18;
typedef struct {
SAMR_FIELD_PARAMETERS = 0x00200000,
SAMR_FIELD_COUNTRY_CODE = 0x00400000,
SAMR_FIELD_CODE_PAGE = 0x00800000,
- SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */
- SAMR_FIELD_PASSWORD2 = 0x02000000, /* two bits seems to work */
+ SAMR_FIELD_NT_PASSWORD_PRESENT = 0x01000000, /* either of these */
+ SAMR_FIELD_LM_PASSWORD_PRESENT = 0x02000000, /* two bits seems to work */
SAMR_FIELD_PRIVATE_DATA = 0x04000000,
SAMR_FIELD_EXPIRED_FLAG = 0x08000000,
SAMR_FIELD_SEC_DESC = 0x10000000,
lsa_String workstations;
lsa_String comment;
lsa_BinaryString parameters;
- lsa_String unknown1;
- lsa_String unknown2;
+ lsa_BinaryString lm_owf_password;
+ lsa_BinaryString nt_owf_password;
lsa_String unknown3;
uint32 buf_count;
[size_is(buf_count)] uint8 *buffer;
uint16 logon_count;
uint16 country_code;
uint16 code_page;
- uint8 nt_password_set;
uint8 lm_password_set;
+ uint8 nt_password_set;
uint8 password_expired;
uint8 unknown4;
} samr_UserInfo21;
typedef struct {
samr_CryptPassword password;
- uint8 pw_len;
+ uint8 password_expired;
} samr_UserInfo24;
typedef [flag(NDR_PAHEX)] struct {
typedef struct {
samr_CryptPasswordEx password;
- uint8 pw_len;
+ uint8 password_expired;
} samr_UserInfo26;
typedef [switch_type(uint16)] union {
[public] NTSTATUS samr_QueryUserInfo(
[in,ref] policy_handle *user_handle,
- [in] uint16 level,
- [out,unique,switch_is(level)] samr_UserInfo *info
+ [in] samr_UserInfoLevel level,
+ [out,ref,switch_is(level)] samr_UserInfo **info
);
/* Function 0x25 */
[public] NTSTATUS samr_SetUserInfo(
[in,ref] policy_handle *user_handle,
- [in] uint16 level,
+ [in] samr_UserInfoLevel level,
[in,ref,switch_is(level)] samr_UserInfo *info
);
NTSTATUS samr_GetGroupsForUser(
[in,ref] policy_handle *user_handle,
- [out,unique] samr_RidWithAttributeArray *rids
+ [out,ref] samr_RidWithAttributeArray **rids
);
/************************/
[in] uint32 start_idx,
[in] uint32 max_entries,
[in] uint32 buf_size,
- [out] uint32 total_size,
- [out] uint32 returned_size,
- [out,switch_is(level)] samr_DispInfo info
+ [out,ref] uint32 *total_size,
+ [out,ref] uint32 *returned_size,
+ [out,ref,switch_is(level)] samr_DispInfo *info
);
*/
NTSTATUS samr_QueryDomainInfo2(
[in,ref] policy_handle *domain_handle,
- [in] uint16 level,
+ [in] samr_DomainInfoClass level,
[out,ref,switch_is(level)] samr_DomainInfo **info
);
*/
NTSTATUS samr_QueryUserInfo2(
[in,ref] policy_handle *user_handle,
- [in] uint16 level,
- [out,unique,switch_is(level)] samr_UserInfo *info
+ [in] samr_UserInfoLevel level,
+ [out,ref,switch_is(level)] samr_UserInfo **info
);
/************************/
[in] uint32 start_idx,
[in] uint32 max_entries,
[in] uint32 buf_size,
- [out] uint32 total_size,
- [out] uint32 returned_size,
- [out,switch_is(level)] samr_DispInfo info
+ [out,ref] uint32 *total_size,
+ [out,ref] uint32 *returned_size,
+ [out,ref,switch_is(level)] samr_DispInfo *info
);
/************************/
[in] uint32 start_idx,
[in] uint32 max_entries,
[in] uint32 buf_size,
- [out] uint32 total_size,
- [out] uint32 returned_size,
- [out,switch_is(level)] samr_DispInfo info
+ [out,ref] uint32 *total_size,
+ [out,ref] uint32 *returned_size,
+ [out,ref,switch_is(level)] samr_DispInfo *info
);
/************************/
*/
[public] NTSTATUS samr_SetUserInfo2(
[in,ref] policy_handle *user_handle,
- [in] uint16 level,
+ [in] samr_UserInfoLevel level,
[in,ref,switch_is(level)] samr_UserInfo *info
);
/************************/
/* Function 0x3e */
- typedef enum {
+ typedef [v1_enum] enum {
SAMR_CONNECT_PRE_W2K = 1,
SAMR_CONNECT_W2K = 2,
SAMR_CONNECT_AFTER_W2K = 3
/************************/
/* Function 0x3f */
- typedef enum samr_RejectReason samr_RejectReason;
+ typedef [public,v1_enum] enum {
+ SAM_PWD_CHANGE_NO_ERROR = 0,
+ SAM_PWD_CHANGE_PASSWORD_TOO_SHORT = 1,
+ SAM_PWD_CHANGE_PWD_IN_HISTORY = 2,
+ SAM_PWD_CHANGE_USERNAME_IN_PASSWORD = 3,
+ SAM_PWD_CHANGE_FULLNAME_IN_PASSWORD = 4,
+ SAM_PWD_CHANGE_NOT_COMPLEX = 5,
+ SAM_PWD_CHANGE_MACHINE_NOT_DEFAULT = 6,
+ SAM_PWD_CHANGE_FAILED_BY_FILTER = 7,
+ SAM_PWD_CHANGE_PASSWORD_TOO_LONG = 8
+ } samPwdChangeReason;
typedef struct {
- samr_RejectReason reason;
- uint32 unknown1;
- uint32 unknown2;
- } samr_ChangeReject;
+ samPwdChangeReason extendedFailureReason;
+ [string,charset(UTF16)] uint16 *filterModuleName;
+ } userPwdChangeFailureInformation;
NTSTATUS samr_ChangePasswordUser3(
[in,unique] lsa_String *server,
[in,unique] samr_Password *lm_verifier,
[in,unique] samr_CryptPassword *password3,
[out,ref] samr_DomInfo1 **dominfo,
- [out,ref] samr_ChangeReject **reject
+ [out,ref] userPwdChangeFailureInformation **reject
);
/************************/
SAMR_VALIDATION_STATUS_SUCCESS = 0,
SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1,
SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2,
+ SAMR_VALIDATION_STATUS_PASSWORD_EXPIRED = 3,
SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4,
SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5,
SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6,
SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7,
SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8,
- SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9
+ SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9,
+ SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR = 10
} samr_ValidationStatus;
typedef struct {