ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */
} samr_AcctFlags;
+ /* SAM server specific access rights */
+
typedef [bitmap32bit] bitmap {
SAMR_ACCESS_CONNECT_TO_SERVER = 0x00000001,
SAMR_ACCESS_SHUTDOWN_SERVER = 0x00000002,
SAMR_ACCESS_OPEN_DOMAIN = 0x00000020
} samr_ConnectAccessMask;
+ const int SAMR_ACCESS_ALL_ACCESS = 0x0000003F;
+
+ const int GENERIC_RIGHTS_SAM_ALL_ACCESS =
+ (STANDARD_RIGHTS_REQUIRED_ACCESS |
+ SAMR_ACCESS_ALL_ACCESS);
+
+ const int GENERIC_RIGHTS_SAM_READ =
+ (STANDARD_RIGHTS_READ_ACCESS |
+ SAMR_ACCESS_ENUM_DOMAINS);
+
+ const int GENERIC_RIGHTS_SAM_WRITE =
+ (STANDARD_RIGHTS_WRITE_ACCESS |
+ SAMR_ACCESS_CREATE_DOMAIN |
+ SAMR_ACCESS_INITIALIZE_SERVER |
+ SAMR_ACCESS_SHUTDOWN_SERVER);
+
+ const int GENERIC_RIGHTS_SAM_EXECUTE =
+ (STANDARD_RIGHTS_EXECUTE_ACCESS |
+ SAMR_ACCESS_OPEN_DOMAIN |
+ SAMR_ACCESS_CONNECT_TO_SERVER);
+
+ /* User Object specific access rights */
+
typedef [bitmap32bit] bitmap {
SAMR_USER_ACCESS_GET_NAME_ETC = 0x00000001,
SAMR_USER_ACCESS_GET_LOCALE = 0x00000002,
SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400
} samr_UserAccessMask;
+ const int SAMR_USER_ACCESS_ALL_ACCESS = 0x000007FF;
+
+ const int GENERIC_RIGHTS_USER_ALL_ACCESS =
+ (STANDARD_RIGHTS_REQUIRED_ACCESS |
+ SAMR_USER_ACCESS_ALL_ACCESS); /* 0x000f07ff */
+
+ const int GENERIC_RIGHTS_USER_READ =
+ (STANDARD_RIGHTS_READ_ACCESS |
+ SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP |
+ SAMR_USER_ACCESS_GET_GROUPS |
+ SAMR_USER_ACCESS_GET_ATTRIBUTES |
+ SAMR_USER_ACCESS_GET_LOGONINFO |
+ SAMR_USER_ACCESS_GET_LOCALE); /* 0x0002031a */
+
+ const int GENERIC_RIGHTS_USER_WRITE =
+ (STANDARD_RIGHTS_WRITE_ACCESS |
+ SAMR_USER_ACCESS_CHANGE_PASSWORD |
+ SAMR_USER_ACCESS_SET_LOC_COM |
+ SAMR_USER_ACCESS_SET_ATTRIBUTES |
+ SAMR_USER_ACCESS_SET_PASSWORD |
+ SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP); /* 0x000204e4 */
+
+ const int GENERIC_RIGHTS_USER_EXECUTE =
+ (STANDARD_RIGHTS_EXECUTE_ACCESS |
+ SAMR_USER_ACCESS_CHANGE_PASSWORD |
+ SAMR_USER_ACCESS_GET_NAME_ETC); /* 0x00020041 */
+
+ /* Domain Object specific access rights */
+
typedef [bitmap32bit] bitmap {
SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001,
SAMR_DOMAIN_ACCESS_SET_INFO_1 = 0x00000002,
SAMR_DOMAIN_ACCESS_SET_INFO_3 = 0x00000400
} samr_DomainAccessMask;
+ const int SAMR_DOMAIN_ACCESS_ALL_ACCESS = 0x000007FF;
+
+ const int GENERIC_RIGHTS_DOMAIN_ALL_ACCESS =
+ (STANDARD_RIGHTS_REQUIRED_ACCESS |
+ SAMR_DOMAIN_ACCESS_ALL_ACCESS);
+
+ const int GENERIC_RIGHTS_DOMAIN_READ =
+ (STANDARD_RIGHTS_READ_ACCESS |
+ SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS |
+ SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2);
+
+ const int GENERIC_RIGHTS_DOMAIN_WRITE =
+ (STANDARD_RIGHTS_WRITE_ACCESS |
+ SAMR_DOMAIN_ACCESS_SET_INFO_3 |
+ SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
+ SAMR_DOMAIN_ACCESS_CREATE_GROUP |
+ SAMR_DOMAIN_ACCESS_CREATE_USER |
+ SAMR_DOMAIN_ACCESS_SET_INFO_2 |
+ SAMR_DOMAIN_ACCESS_SET_INFO_1);
+
+ const int GENERIC_RIGHTS_DOMAIN_EXECUTE =
+ (STANDARD_RIGHTS_EXECUTE_ACCESS |
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
+ SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1);
+
typedef [bitmap32bit] bitmap {
SAMR_GROUP_ACCESS_LOOKUP_INFO = 0x00000001,
SAMR_GROUP_ACCESS_SET_INFO = 0x00000002,
} samr_SamArray;
NTSTATUS samr_EnumDomains (
- [in,ref] policy_handle *connect_handle,
+ [in] policy_handle *connect_handle,
[in,out,ref] uint32 *resume_handle,
+ [out,ref] samr_SamArray **sam,
[in] uint32 buf_size,
- [out,ref] samr_SamArray *sam,
[out,ref] uint32 *num_entries
);
typedef struct {
NTTIME force_logoff_time;
- lsa_String comment;
+ lsa_String oem_information; /* comment */
lsa_String domain_name;
lsa_String primary; /* PDC name if this is a BDC */
udlong sequence_num;
uint32 num_users;
uint32 num_groups;
uint32 num_aliases;
- } samr_DomInfo2;
+ } samr_DomGeneralInformation;
typedef struct {
NTTIME force_logoff_time;
} samr_DomInfo3;
typedef struct {
- lsa_String comment;
- } samr_DomInfo4;
+ lsa_String oem_information; /* comment */
+ } samr_DomOEMInformation;
typedef struct {
lsa_String domain_name;
} samr_DomInfo9;
typedef struct {
- samr_DomInfo2 info2;
+ samr_DomGeneralInformation general;
hyper lockout_duration;
hyper lockout_window;
uint16 lockout_threshold;
- } samr_DomInfo11;
+ } samr_DomGeneralInformation2;
typedef struct {
hyper lockout_duration;
typedef [switch_type(uint16)] union {
[case(1)] samr_DomInfo1 info1;
- [case(2)] samr_DomInfo2 info2;
+ [case(2)] samr_DomGeneralInformation general;
[case(3)] samr_DomInfo3 info3;
- [case(4)] samr_DomInfo4 info4;
+ [case(4)] samr_DomOEMInformation oem;
[case(5)] samr_DomInfo5 info5;
[case(6)] samr_DomInfo6 info6;
[case(7)] samr_DomInfo7 info7;
[case(8)] samr_DomInfo8 info8;
[case(9)] samr_DomInfo9 info9;
- [case(11)] samr_DomInfo11 info11;
+ [case(11)] samr_DomGeneralInformation2 general2;
[case(12)] samr_DomInfo12 info12;
[case(13)] samr_DomInfo13 info13;
} samr_DomainInfo;
/************************/
/* Function 0x0b */
+
+ const int MAX_SAM_ENTRIES_W2K = 0x400; /* 1024 */
+ const int MAX_SAM_ENTRIES_W95 = 50;
+
NTSTATUS samr_EnumDomainGroups(
- [in,ref] policy_handle *domain_handle,
+ [in] policy_handle *domain_handle,
[in,out,ref] uint32 *resume_handle,
+ [out,ref] samr_SamArray **sam,
[in] uint32 max_size,
- [out,ref] samr_SamArray *sam,
[out,ref] uint32 *num_entries
);
const int SAMR_ENUM_USERS_MULTIPLIER = 54;
NTSTATUS samr_EnumDomainUsers(
- [in,ref] policy_handle *domain_handle,
+ [in] policy_handle *domain_handle,
[in,out,ref] uint32 *resume_handle,
[in] samr_AcctFlags acct_flags,
+ [out,ref] samr_SamArray **sam,
[in] uint32 max_size,
- [out,unique] samr_SamArray *sam,
[out,ref] uint32 *num_entries
);
/************************/
/* Function 0x0f */
NTSTATUS samr_EnumDomainAliases(
- [in,ref] policy_handle *domain_handle,
+ [in] policy_handle *domain_handle,
[in,out,ref] uint32 *resume_handle,
- [in] samr_AcctFlags acct_flags,
- [out,ref] samr_SamArray *sam,
+ [out,ref] samr_SamArray **sam,
+ [in] uint32 max_size,
[out,ref] uint32 *num_entries
);
NTTIME acct_expiry;
} samr_UserInfo17;
+ typedef [public, flag(NDR_PAHEX)] struct {
+ uint8 hash[16];
+ } samr_Password;
+
typedef struct {
- lsa_String parameters;
+ samr_Password lm_pwd;
+ samr_Password nt_pwd;
+ boolean8 lm_pwd_active;
+ boolean8 nt_pwd_active;
+ } samr_UserInfo18;
+
+ typedef struct {
+ lsa_BinaryString parameters;
} samr_UserInfo20;
/* this defines the bits used for fields_present in info21 */
SAMR_FIELD_OWF_PWD = 0x20000000
} samr_FieldsPresent;
+ /* used for 'password_expired' in samr_UserInfo21 */
+ const int PASS_MUST_CHANGE_AT_NEXT_LOGON = 0x01;
+ const int PASS_DONT_CHANGE_AT_NEXT_LOGON = 0x00;
+
typedef struct {
NTTIME last_logon;
NTTIME last_logoff;
lsa_String description;
lsa_String workstations;
lsa_String comment;
- lsa_String parameters;
+ lsa_BinaryString parameters;
lsa_String unknown1;
lsa_String unknown2;
lsa_String unknown3;
[case(14)] samr_UserInfo14 info14;
[case(16)] samr_UserInfo16 info16;
[case(17)] samr_UserInfo17 info17;
+ [case(18)] samr_UserInfo18 info18;
[case(20)] samr_UserInfo20 info20;
[case(21)] samr_UserInfo21 info21;
[case(23)] samr_UserInfo23 info23;
[public] NTSTATUS samr_QueryUserInfo(
[in,ref] policy_handle *user_handle,
[in] uint16 level,
- [out,ref,switch_is(level)] samr_UserInfo *info
+ [out,ref,switch_is(level)] samr_UserInfo **info
);
/************************/
/* Function 0x26 */
- typedef [public, flag(NDR_PAHEX)] struct {
- uint8 hash[16];
- } samr_Password;
-
/*
this is a password change interface that doesn't give
the server the plaintext password. Depricated.
typedef struct {
uint32 idx;
- lsa_AsciiString account_name;
+ lsa_AsciiStringLarge account_name;
} samr_DispEntryAscii;
typedef struct {
NTSTATUS samr_GetDisplayEnumerationIndex(
[in,ref] policy_handle *domain_handle,
[in] uint16 level,
- [in] lsa_String name,
+ [in,ref] lsa_String *name,
[out,ref] uint32 *idx
);
NTSTATUS samr_GetDisplayEnumerationIndex2(
[in,ref] policy_handle *domain_handle,
[in] uint16 level,
- [in] lsa_String name,
+ [in,ref] lsa_String *name,
[out,ref] uint32 *idx
);