s4-samr: merge samr_GetBootKeyInformation from s3 idl. (fixme: python)
[jra/samba/.git] / librpc / idl / samr.idl
1 #include "idl_types.h"
2
3 /*
4   samr interface definition
5 */
6 import "misc.idl", "lsa.idl", "security.idl";
7
8 /*
9   Thanks to Todd Sabin for some information from his samr.idl in acltools
10 */
11
12 [ uuid("12345778-1234-abcd-ef00-0123456789ac"),
13   version(1.0),
14   endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
15   pointer_default(unique)
16 ] interface samr
17 {
18         typedef bitmap security_secinfo security_secinfo;
19
20         /* account control (acct_flags) bits */
21         typedef [public,bitmap32bit] bitmap {
22                 ACB_DISABLED                    = 0x00000001,  /* 1 = User account disabled */
23                 ACB_HOMDIRREQ                   = 0x00000002,  /* 1 = Home directory required */
24                 ACB_PWNOTREQ                    = 0x00000004,  /* 1 = User password not required */
25                 ACB_TEMPDUP                     = 0x00000008,  /* 1 = Temporary duplicate account */
26                 ACB_NORMAL                      = 0x00000010,  /* 1 = Normal user account */
27                 ACB_MNS                         = 0x00000020,  /* 1 = MNS logon user account */
28                 ACB_DOMTRUST                    = 0x00000040,  /* 1 = Interdomain trust account */
29                 ACB_WSTRUST                     = 0x00000080,  /* 1 = Workstation trust account */
30                 ACB_SVRTRUST                    = 0x00000100,  /* 1 = Server trust account */
31                 ACB_PWNOEXP                     = 0x00000200,  /* 1 = User password does not expire */
32                 ACB_AUTOLOCK                    = 0x00000400,  /* 1 = Account auto locked */
33                 ACB_ENC_TXT_PWD_ALLOWED         = 0x00000800,  /* 1 = Encryped text password is allowed */
34                 ACB_SMARTCARD_REQUIRED          = 0x00001000,  /* 1 = Smart Card required */
35                 ACB_TRUSTED_FOR_DELEGATION      = 0x00002000,  /* 1 = Trusted for Delegation */
36                 ACB_NOT_DELEGATED               = 0x00004000,  /* 1 = Not delegated */
37                 ACB_USE_DES_KEY_ONLY            = 0x00008000,  /* 1 = Use DES key only */
38                 ACB_DONT_REQUIRE_PREAUTH        = 0x00010000,  /* 1 = Preauth not required */
39                 ACB_PW_EXPIRED                  = 0x00020000,  /* 1 = Password Expired */
40                 ACB_NO_AUTH_DATA_REQD           = 0x00080000   /* 1 = No authorization data required */
41         } samr_AcctFlags;
42
43         /* SAM server specific access rights */
44
45         typedef [bitmap32bit] bitmap {
46                 SAMR_ACCESS_CONNECT_TO_SERVER   = 0x00000001,
47                 SAMR_ACCESS_SHUTDOWN_SERVER     = 0x00000002,
48                 SAMR_ACCESS_INITIALIZE_SERVER   = 0x00000004,
49                 SAMR_ACCESS_CREATE_DOMAIN       = 0x00000008,
50                 SAMR_ACCESS_ENUM_DOMAINS        = 0x00000010,
51                 SAMR_ACCESS_OPEN_DOMAIN         = 0x00000020
52         } samr_ConnectAccessMask;
53
54         const int SAMR_ACCESS_ALL_ACCESS = 0x0000003F;
55
56         const int GENERIC_RIGHTS_SAM_ALL_ACCESS =
57                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
58                  SAMR_ACCESS_ALL_ACCESS);
59
60         const int GENERIC_RIGHTS_SAM_READ =
61                 (STANDARD_RIGHTS_READ_ACCESS            |
62                  SAMR_ACCESS_ENUM_DOMAINS);
63
64         const int GENERIC_RIGHTS_SAM_WRITE =
65                 (STANDARD_RIGHTS_WRITE_ACCESS           |
66                  SAMR_ACCESS_CREATE_DOMAIN              |
67                  SAMR_ACCESS_INITIALIZE_SERVER          |
68                  SAMR_ACCESS_SHUTDOWN_SERVER);
69
70         const int GENERIC_RIGHTS_SAM_EXECUTE =
71                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
72                  SAMR_ACCESS_OPEN_DOMAIN                |
73                  SAMR_ACCESS_CONNECT_TO_SERVER);
74
75         /* User Object specific access rights */
76
77         typedef [bitmap32bit] bitmap {
78                 SAMR_USER_ACCESS_GET_NAME_ETC             = 0x00000001,
79                 SAMR_USER_ACCESS_GET_LOCALE               = 0x00000002,
80                 SAMR_USER_ACCESS_SET_LOC_COM              = 0x00000004,
81                 SAMR_USER_ACCESS_GET_LOGONINFO            = 0x00000008,
82                 SAMR_USER_ACCESS_GET_ATTRIBUTES           = 0x00000010,
83                 SAMR_USER_ACCESS_SET_ATTRIBUTES           = 0x00000020,
84                 SAMR_USER_ACCESS_CHANGE_PASSWORD          = 0x00000040,
85                 SAMR_USER_ACCESS_SET_PASSWORD             = 0x00000080,
86                 SAMR_USER_ACCESS_GET_GROUPS               = 0x00000100,
87                 SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP     = 0x00000200,
88                 SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP  = 0x00000400
89         } samr_UserAccessMask;
90
91         const int SAMR_USER_ACCESS_ALL_ACCESS = 0x000007FF;
92
93         const int GENERIC_RIGHTS_USER_ALL_ACCESS =
94                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
95                  SAMR_USER_ACCESS_ALL_ACCESS);  /* 0x000f07ff */
96
97         const int GENERIC_RIGHTS_USER_READ =
98                 (STANDARD_RIGHTS_READ_ACCESS            |
99                  SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP  |
100                  SAMR_USER_ACCESS_GET_GROUPS            |
101                  SAMR_USER_ACCESS_GET_ATTRIBUTES        |
102                  SAMR_USER_ACCESS_GET_LOGONINFO         |
103                  SAMR_USER_ACCESS_GET_LOCALE);  /* 0x0002031a */
104
105         const int GENERIC_RIGHTS_USER_WRITE =
106                 (STANDARD_RIGHTS_WRITE_ACCESS           |
107                  SAMR_USER_ACCESS_CHANGE_PASSWORD       |
108                  SAMR_USER_ACCESS_SET_LOC_COM           |
109                  SAMR_USER_ACCESS_SET_ATTRIBUTES        |
110                  SAMR_USER_ACCESS_SET_PASSWORD          |
111                  SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP);     /* 0x000204e4 */
112
113         const int GENERIC_RIGHTS_USER_EXECUTE =
114                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
115                  SAMR_USER_ACCESS_CHANGE_PASSWORD       |
116                  SAMR_USER_ACCESS_GET_NAME_ETC);        /* 0x00020041 */
117
118         /* Domain Object specific access rights */
119
120         typedef [bitmap32bit] bitmap {
121                 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1  = 0x00000001,
122                 SAMR_DOMAIN_ACCESS_SET_INFO_1     = 0x00000002,
123                 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2  = 0x00000004,
124                 SAMR_DOMAIN_ACCESS_SET_INFO_2     = 0x00000008,
125                 SAMR_DOMAIN_ACCESS_CREATE_USER    = 0x00000010,
126                 SAMR_DOMAIN_ACCESS_CREATE_GROUP   = 0x00000020,
127                 SAMR_DOMAIN_ACCESS_CREATE_ALIAS   = 0x00000040,
128                 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS   = 0x00000080,
129                 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS  = 0x00000100,
130                 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT   = 0x00000200,
131                 SAMR_DOMAIN_ACCESS_SET_INFO_3     = 0x00000400
132         } samr_DomainAccessMask;
133
134         const int SAMR_DOMAIN_ACCESS_ALL_ACCESS = 0x000007FF;
135
136         const int GENERIC_RIGHTS_DOMAIN_ALL_ACCESS =
137                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
138                  SAMR_DOMAIN_ACCESS_ALL_ACCESS);
139
140         const int GENERIC_RIGHTS_DOMAIN_READ =
141                 (STANDARD_RIGHTS_READ_ACCESS            |
142                  SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS        |
143                  SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2);
144
145         const int GENERIC_RIGHTS_DOMAIN_WRITE =
146                 (STANDARD_RIGHTS_WRITE_ACCESS           |
147                  SAMR_DOMAIN_ACCESS_SET_INFO_3          |
148                  SAMR_DOMAIN_ACCESS_CREATE_ALIAS        |
149                  SAMR_DOMAIN_ACCESS_CREATE_GROUP        |
150                  SAMR_DOMAIN_ACCESS_CREATE_USER         |
151                  SAMR_DOMAIN_ACCESS_SET_INFO_2          |
152                  SAMR_DOMAIN_ACCESS_SET_INFO_1);
153
154         const int GENERIC_RIGHTS_DOMAIN_EXECUTE =
155                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
156                  SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT        |
157                  SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS       |
158                  SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1);
159
160         /* Group Object specific access rights */
161
162         typedef [bitmap32bit] bitmap {
163                 SAMR_GROUP_ACCESS_LOOKUP_INFO     = 0x00000001,
164                 SAMR_GROUP_ACCESS_SET_INFO        = 0x00000002,
165                 SAMR_GROUP_ACCESS_ADD_MEMBER      = 0x00000004,
166                 SAMR_GROUP_ACCESS_REMOVE_MEMBER   = 0x00000008,
167                 SAMR_GROUP_ACCESS_GET_MEMBERS     = 0x00000010
168         } samr_GroupAccessMask;
169
170         const int SAMR_GROUP_ACCESS_ALL_ACCESS = 0x0000001F;
171
172         const int GENERIC_RIGHTS_GROUP_ALL_ACCESS =
173                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
174                  SAMR_GROUP_ACCESS_ALL_ACCESS); /* 0x000f001f */
175
176         const int GENERIC_RIGHTS_GROUP_READ =
177                 (STANDARD_RIGHTS_READ_ACCESS            |
178                  SAMR_GROUP_ACCESS_GET_MEMBERS);        /* 0x00020010 */
179
180         const int GENERIC_RIGHTS_GROUP_WRITE =
181                 (STANDARD_RIGHTS_WRITE_ACCESS           |
182                  SAMR_GROUP_ACCESS_REMOVE_MEMBER        |
183                  SAMR_GROUP_ACCESS_ADD_MEMBER           |
184                  SAMR_GROUP_ACCESS_SET_INFO);   /* 0x0002000e */
185
186         const int GENERIC_RIGHTS_GROUP_EXECUTE =
187                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
188                  SAMR_GROUP_ACCESS_LOOKUP_INFO);        /* 0x00020001 */
189
190         /* Alias Object specific access rights */
191
192         typedef [bitmap32bit] bitmap {
193                 SAMR_ALIAS_ACCESS_ADD_MEMBER      = 0x00000001,
194                 SAMR_ALIAS_ACCESS_REMOVE_MEMBER   = 0x00000002,
195                 SAMR_ALIAS_ACCESS_GET_MEMBERS     = 0x00000004,
196                 SAMR_ALIAS_ACCESS_LOOKUP_INFO     = 0x00000008,
197                 SAMR_ALIAS_ACCESS_SET_INFO        = 0x00000010
198         } samr_AliasAccessMask;
199
200         const int SAMR_ALIAS_ACCESS_ALL_ACCESS = 0x0000001F;
201
202         const int GENERIC_RIGHTS_ALIAS_ALL_ACCESS =
203                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
204                  SAMR_ALIAS_ACCESS_ALL_ACCESS); /* 0x000f001f */
205
206         const int GENERIC_RIGHTS_ALIAS_READ =
207                 (STANDARD_RIGHTS_READ_ACCESS            |
208                  SAMR_ALIAS_ACCESS_GET_MEMBERS);        /* 0x00020004 */
209
210         const int GENERIC_RIGHTS_ALIAS_WRITE =
211                 (STANDARD_RIGHTS_WRITE_ACCESS           |
212                  SAMR_ALIAS_ACCESS_REMOVE_MEMBER        |
213                  SAMR_ALIAS_ACCESS_ADD_MEMBER           |
214                  SAMR_ALIAS_ACCESS_SET_INFO);   /* 0x00020013 */
215
216         const int GENERIC_RIGHTS_ALIAS_EXECUTE =
217                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
218                  SAMR_ALIAS_ACCESS_LOOKUP_INFO);        /* 0x00020008 */
219
220         /******************/
221         /* Function: 0x00 */
222         NTSTATUS samr_Connect (
223                 /* notice the lack of [string] */
224                 [in,unique] uint16 *system_name,
225                 [in]       samr_ConnectAccessMask access_mask,
226                 [out,ref]  policy_handle *connect_handle
227                 );
228
229
230         /******************/
231         /* Function: 0x01 */
232         [public] NTSTATUS samr_Close (
233                 [in,out,ref]  policy_handle *handle
234                 );
235
236         /******************/
237         /* Function: 0x02 */
238
239         NTSTATUS samr_SetSecurity (
240                 [in,ref]          policy_handle *handle,
241                 [in]              security_secinfo sec_info,
242                 [in,ref]          sec_desc_buf *sdbuf
243                 );
244
245         /******************/
246         /* Function: 0x03 */
247
248         NTSTATUS samr_QuerySecurity (
249                 [in,ref]          policy_handle *handle,
250                 [in]              security_secinfo sec_info,
251                 [out,ref]         sec_desc_buf **sdbuf
252                 );
253
254         /******************/
255         /* Function: 0x04 */
256
257         /*
258           shutdown the SAM - once you call this the SAM will be dead
259         */
260         NTSTATUS samr_Shutdown (
261                 [in,ref]   policy_handle *connect_handle
262                 );
263
264         /******************/
265         /* Function: 0x05 */
266         NTSTATUS samr_LookupDomain (
267                 [in,ref]  policy_handle *connect_handle,
268                 [in,ref]  lsa_String *domain_name,
269                 [out,unique] dom_sid2 *sid
270                 );
271
272
273         /******************/
274         /* Function: 0x06 */
275
276         typedef struct {
277                 uint32 idx;
278                 lsa_String name;
279         } samr_SamEntry;
280
281         typedef struct {
282                 uint32 count;
283                 [size_is(count)] samr_SamEntry *entries;
284         } samr_SamArray;
285
286         NTSTATUS samr_EnumDomains (
287                 [in,ref]      policy_handle *connect_handle,
288                 [in,out,ref]  uint32 *resume_handle,
289                 [in]          uint32 buf_size,
290                 [out,unique]  samr_SamArray *sam,
291                 [out]         uint32 num_entries
292                 );
293
294
295         /************************/
296         /* Function    0x07     */
297         [public] NTSTATUS samr_OpenDomain(
298                 [in,ref]      policy_handle *connect_handle,
299                 [in]          samr_DomainAccessMask access_mask,
300                 [in,ref]      dom_sid2 *sid,
301                 [out,ref]     policy_handle *domain_handle
302                 );
303
304         /************************/
305         /* Function    0x08     */
306         /* server roles */
307         typedef [v1_enum] enum {
308                 SAMR_ROLE_STANDALONE    = 0,
309                 SAMR_ROLE_DOMAIN_MEMBER = 1,
310                 SAMR_ROLE_DOMAIN_BDC    = 2,
311                 SAMR_ROLE_DOMAIN_PDC    = 3
312         } samr_Role;
313
314         /* password properties flags */
315         typedef [public,bitmap32bit] bitmap {
316                 DOMAIN_PASSWORD_COMPLEX         = 0x00000001,
317                 DOMAIN_PASSWORD_NO_ANON_CHANGE  = 0x00000002,
318                 DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004,
319                 DOMAIN_PASSWORD_LOCKOUT_ADMINS  = 0x00000008,
320                 DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010,
321                 DOMAIN_REFUSE_PASSWORD_CHANGE   = 0x00000020
322         } samr_PasswordProperties;
323
324         typedef struct {
325                 uint16 min_password_length;
326                 uint16 password_history_length;
327                 samr_PasswordProperties password_properties;
328                 /* yes, these are signed. They are in negative 100ns */
329                 dlong  max_password_age;
330                 dlong  min_password_age;
331         } samr_DomInfo1;
332
333         typedef struct {
334                 NTTIME force_logoff_time;
335                 lsa_String oem_information; /* comment */
336                 lsa_String domain_name;
337                 lsa_String primary; /* PDC name if this is a BDC */
338                 udlong sequence_num;
339                 uint32 unknown2;
340                 samr_Role role;
341                 uint32 unknown3;
342                 uint32 num_users;
343                 uint32 num_groups;
344                 uint32 num_aliases;
345         } samr_DomGeneralInformation;
346
347         typedef struct {
348                 NTTIME force_logoff_time;
349         } samr_DomInfo3;
350
351         typedef struct {
352                 lsa_String oem_information; /* comment */
353         } samr_DomOEMInformation;
354
355         typedef struct {
356                 lsa_String domain_name;
357         } samr_DomInfo5;
358
359         typedef struct {
360                 lsa_String primary;
361         } samr_DomInfo6;
362
363         typedef struct {
364                 samr_Role role;
365         } samr_DomInfo7;
366
367         typedef struct {
368                 hyper sequence_num;
369                 NTTIME domain_create_time;
370         } samr_DomInfo8;
371
372         typedef struct {
373                 uint32 unknown; /* w2k3 returns 1 */
374         } samr_DomInfo9;
375
376         typedef struct {
377                 samr_DomGeneralInformation general;
378                 hyper lockout_duration;
379                 hyper lockout_window;
380                 uint16 lockout_threshold;
381         } samr_DomGeneralInformation2;
382
383         typedef struct {
384                 hyper lockout_duration;
385                 hyper lockout_window;
386                 uint16 lockout_threshold;
387         } samr_DomInfo12;
388
389         typedef struct {
390                 hyper sequence_num;
391                 NTTIME domain_create_time;
392                 uint32 unknown1;
393                 uint32 unknown2;
394         } samr_DomInfo13;
395
396         typedef [switch_type(uint16)] union {
397                 [case(1)] samr_DomInfo1 info1;
398                 [case(2)] samr_DomGeneralInformation general;
399                 [case(3)] samr_DomInfo3 info3;
400                 [case(4)] samr_DomOEMInformation oem;
401                 [case(5)] samr_DomInfo5 info5;
402                 [case(6)] samr_DomInfo6 info6;
403                 [case(7)] samr_DomInfo7 info7;
404                 [case(8)] samr_DomInfo8 info8;
405                 [case(9)] samr_DomInfo9 info9;
406                 [case(11)] samr_DomGeneralInformation2 general2;
407                 [case(12)] samr_DomInfo12 info12;
408                 [case(13)] samr_DomInfo13 info13;
409         } samr_DomainInfo;
410
411         NTSTATUS samr_QueryDomainInfo(
412                 [in,ref]      policy_handle *domain_handle,
413                 [in]          uint16 level,
414                 [out,switch_is(level),unique] samr_DomainInfo *info
415                 );
416
417         /************************/
418         /* Function    0x09     */
419         /*
420           only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
421           call in w2k3
422         */
423         NTSTATUS samr_SetDomainInfo(
424                 [in,ref]      policy_handle *domain_handle,
425                 [in]          uint16 level,
426                 [in,switch_is(level),ref] samr_DomainInfo *info
427                 );
428
429
430         /************************/
431         /* Function    0x0a     */
432         NTSTATUS samr_CreateDomainGroup(
433                 [in,ref]      policy_handle *domain_handle,
434                 [in,ref]      lsa_String *name,
435                 [in]          samr_GroupAccessMask access_mask,
436                 [out,ref]     policy_handle *group_handle,
437                 [out,ref]     uint32 *rid
438                 );
439
440
441         /************************/
442         /* Function    0x0b     */
443         NTSTATUS samr_EnumDomainGroups(
444                 [in,ref]      policy_handle *domain_handle,
445                 [in,out,ref]  uint32 *resume_handle,
446                 [in]          uint32 max_size,
447                 [out,unique]  samr_SamArray *sam,
448                 [out]         uint32 num_entries
449                 );
450
451         /************************/
452         /* Function    0x0c     */
453         NTSTATUS samr_CreateUser(
454                 [in,ref]      policy_handle *domain_handle,
455                 [in,ref]      lsa_String *account_name,
456                 [in]          samr_UserAccessMask access_mask,
457                 [out,ref]     policy_handle *user_handle,
458                 [out,ref]     uint32 *rid
459                 );
460
461         /************************/
462         /* Function    0x0d     */
463
464
465         /* w2k3 treats max_size as max_users*54 and sets the
466            resume_handle as the rid of the last user sent
467         */
468         const int SAMR_ENUM_USERS_MULTIPLIER = 54;
469
470         NTSTATUS samr_EnumDomainUsers(
471                 [in,ref]      policy_handle *domain_handle,
472                 [in,out,ref]  uint32 *resume_handle,
473                 [in]          samr_AcctFlags acct_flags,
474                 [in]          uint32 max_size,
475                 [out,unique]  samr_SamArray *sam,
476                 [out]         uint32 num_entries
477                 );
478
479         /************************/
480         /* Function    0x0e     */
481         NTSTATUS samr_CreateDomAlias(
482                 [in,ref]      policy_handle *domain_handle,
483                 [in,ref]      lsa_String   *alias_name,
484                 [in]          samr_AliasAccessMask access_mask,
485                 [out,ref]     policy_handle *alias_handle,
486                 [out,ref]     uint32        *rid
487                 );
488
489         /************************/
490         /* Function    0x0f     */
491         NTSTATUS samr_EnumDomainAliases(
492                 [in,ref]      policy_handle *domain_handle,
493                 [in,out,ref]  uint32 *resume_handle,
494                 [in]          samr_AcctFlags acct_flags,
495                 [out,unique]  samr_SamArray *sam,
496                 [out]         uint32 num_entries
497                 );
498
499         /************************/
500         /* Function    0x10     */
501
502         typedef struct {
503                 [range(0,1024)]  uint32 count;
504                 [size_is(count)] uint32 *ids;
505         } samr_Ids;
506
507         NTSTATUS samr_GetAliasMembership(
508                 [in,ref]      policy_handle *domain_handle,
509                 [in,ref]      lsa_SidArray  *sids,
510                 [out,ref]     samr_Ids *rids
511                 );
512
513         /************************/
514         /* Function    0x11     */
515
516         [public] NTSTATUS samr_LookupNames(
517                 [in,ref]      policy_handle *domain_handle,
518                 [in,range(0,1000)] uint32 num_names,
519                 [in,size_is(1000),length_is(num_names)] lsa_String names[],
520                 [out]         samr_Ids rids,
521                 [out]         samr_Ids types
522                 );
523
524
525         /************************/
526         /* Function    0x12     */
527         NTSTATUS samr_LookupRids(
528                 [in,ref]      policy_handle *domain_handle,
529                 [in,range(0,1000)] uint32 num_rids,
530                 [in,size_is(1000),length_is(num_rids)] uint32 rids[],
531                 [out,ref]     lsa_Strings *names,
532                 [out,ref]     samr_Ids *types
533                 );
534
535         /************************/
536         /* Function    0x13     */
537         NTSTATUS samr_OpenGroup(
538                 [in,ref]      policy_handle *domain_handle,
539                 [in]          samr_GroupAccessMask access_mask,
540                 [in]          uint32 rid,
541                 [out,ref]     policy_handle *group_handle
542                 );
543
544         /* Group attributes */
545         typedef [public,bitmap32bit] bitmap {
546                 SE_GROUP_MANDATORY              = 0x00000001,
547                 SE_GROUP_ENABLED_BY_DEFAULT     = 0x00000002,
548                 SE_GROUP_ENABLED                = 0x00000004,
549                 SE_GROUP_OWNER                  = 0x00000008,
550                 SE_GROUP_USE_FOR_DENY_ONLY      = 0x00000010,
551                 SE_GROUP_RESOURCE               = 0x20000000,
552                 SE_GROUP_LOGON_ID               = 0xC0000000
553         } samr_GroupAttrs;
554
555         /************************/
556         /* Function    0x14     */
557
558         typedef struct {
559                 lsa_String name;
560                 samr_GroupAttrs attributes;
561                 uint32 num_members;
562                 lsa_String description;
563         } samr_GroupInfoAll;
564
565         typedef struct {
566                 samr_GroupAttrs attributes;
567         } samr_GroupInfoAttributes;
568
569         typedef struct {
570                 lsa_String description;
571         } samr_GroupInfoDescription;
572
573         typedef enum {
574                 GROUPINFOALL          = 1,
575                 GROUPINFONAME         = 2,
576                 GROUPINFOATTRIBUTES   = 3,
577                 GROUPINFODESCRIPTION  = 4,
578                 GROUPINFOALL2         = 5
579         } samr_GroupInfoEnum;
580
581         typedef [switch_type(samr_GroupInfoEnum)] union {
582                 [case(GROUPINFOALL)]         samr_GroupInfoAll        all;
583                 [case(GROUPINFONAME)]        lsa_String               name;
584                 [case(GROUPINFOATTRIBUTES)]  samr_GroupInfoAttributes attributes;
585                 [case(GROUPINFODESCRIPTION)] lsa_String               description;
586                 [case(GROUPINFOALL2)]        samr_GroupInfoAll        all2;
587         } samr_GroupInfo;
588
589         NTSTATUS samr_QueryGroupInfo(
590                 [in,ref]                  policy_handle *group_handle,
591                 [in]                      samr_GroupInfoEnum level,
592                 [out,switch_is(level),unique] samr_GroupInfo *info
593                 );
594
595         /************************/
596         /* Function    0x15     */
597         NTSTATUS samr_SetGroupInfo(
598                 [in,ref]                  policy_handle *group_handle,
599                 [in]                      samr_GroupInfoEnum level,
600                 [in,switch_is(level),ref] samr_GroupInfo *info
601                 );
602
603         /************************/
604         /* Function    0x16     */
605         NTSTATUS samr_AddGroupMember(
606                 [in,ref]                  policy_handle *group_handle,
607                 [in]                      uint32 rid,
608                 [in]                      uint32 flags
609                 );
610
611         /************************/
612         /* Function    0x17     */
613         NTSTATUS samr_DeleteDomainGroup(
614                 [in,out,ref]   policy_handle *group_handle
615                 );
616
617         /************************/
618         /* Function    0x18     */
619         NTSTATUS samr_DeleteGroupMember(
620                 [in,ref]                  policy_handle *group_handle,
621                 [in]                      uint32 rid
622                 );
623
624
625         /************************/
626         /* Function    0x19     */
627         typedef struct {
628                 uint32 count;
629                 [size_is(count)] uint32 *rids;
630                 [size_is(count)] uint32 *types;
631         } samr_RidTypeArray;
632
633         NTSTATUS samr_QueryGroupMember(
634                 [in,ref]  policy_handle *group_handle,
635                 [out,unique] samr_RidTypeArray *rids
636                 );
637
638
639         /************************/
640         /* Function    0x1a     */
641
642         /*
643           win2003 seems to accept any data at all for the two integers
644           below, and doesn't seem to do anything with them that I can
645           see. Weird. I really expected the first integer to be a rid
646           and the second to be the attributes for that rid member.
647         */
648         NTSTATUS samr_SetMemberAttributesOfGroup(
649                 [in,ref]  policy_handle *group_handle,
650                 [in]      uint32 unknown1,
651                 [in]      uint32 unknown2
652                 );
653
654
655         /************************/
656         /* Function    0x1b     */
657         NTSTATUS samr_OpenAlias (
658                 [in,ref]      policy_handle *domain_handle,
659                 [in]          samr_AliasAccessMask access_mask,
660                 [in]          uint32 rid,
661                 [out,ref]     policy_handle *alias_handle
662                 );
663
664
665         /************************/
666         /* Function    0x1c     */
667
668         typedef struct {
669                 lsa_String name;
670                 uint32 num_members;
671                 lsa_String description;
672         } samr_AliasInfoAll;
673
674         typedef enum {
675                 ALIASINFOALL          = 1,
676                 ALIASINFONAME         = 2,
677                 ALIASINFODESCRIPTION  = 3
678         } samr_AliasInfoEnum;
679
680         typedef [switch_type(samr_AliasInfoEnum)] union {
681                 [case(ALIASINFOALL)] samr_AliasInfoAll all;
682                 [case(ALIASINFONAME)] lsa_String name;
683                 [case(ALIASINFODESCRIPTION)] lsa_String description;
684         } samr_AliasInfo;
685
686         NTSTATUS samr_QueryAliasInfo(
687                 [in,ref]                  policy_handle  *alias_handle,
688                 [in]                      samr_AliasInfoEnum      level,
689                 [out,switch_is(level),unique] samr_AliasInfo *info
690                 );
691
692         /************************/
693         /* Function    0x1d     */
694         NTSTATUS samr_SetAliasInfo(
695                 [in,ref]                  policy_handle  *alias_handle,
696                 [in]                      samr_AliasInfoEnum      level,
697                 [in,switch_is(level),ref] samr_AliasInfo *info
698                 );
699
700         /************************/
701         /* Function    0x1e     */
702         NTSTATUS samr_DeleteDomAlias(
703                 [in,out,ref]  policy_handle *alias_handle
704                 );
705
706         /************************/
707         /* Function    0x1f     */
708         NTSTATUS samr_AddAliasMember(
709                 [in,ref]  policy_handle *alias_handle,
710                 [in,ref]  dom_sid2      *sid
711                 );
712
713         /************************/
714         /* Function    0x20     */
715         NTSTATUS samr_DeleteAliasMember(
716                 [in,ref] policy_handle *alias_handle,
717                 [in,ref] dom_sid2      *sid
718                 );
719
720         /************************/
721         /* Function    0x21     */
722         NTSTATUS samr_GetMembersInAlias(
723                 [in,ref]   policy_handle *alias_handle,
724                 [out,ref]  lsa_SidArray    *sids
725                 );
726
727         /************************/
728         /* Function    0x22     */
729         [public] NTSTATUS samr_OpenUser(
730                 [in,ref]      policy_handle *domain_handle,
731                 [in]          samr_UserAccessMask access_mask,
732                 [in]          uint32 rid,
733                 [out,ref]     policy_handle *user_handle
734                 );
735
736         /************************/
737         /* Function    0x23     */
738         NTSTATUS samr_DeleteUser(
739                 [in,out,ref]   policy_handle *user_handle
740                 );
741
742         /************************/
743         /* Function    0x24     */
744         typedef struct {
745                 lsa_String account_name;
746                 lsa_String full_name;
747                 uint32 primary_gid;
748                 lsa_String description;
749                 lsa_String comment;
750         } samr_UserInfo1;
751
752         typedef struct {
753                 lsa_String comment;
754                 lsa_String unknown; /* settable, but doesn't stick. probably obsolete */
755                 uint16 country_code;
756                 uint16 code_page;
757         } samr_UserInfo2;
758
759         /* this is also used in samr and netlogon */
760         typedef [public, flag(NDR_PAHEX)] struct {
761                 uint16 units_per_week;
762                 [size_is(1260), length_is(units_per_week/8)] uint8 *bits;
763         } samr_LogonHours;
764
765         typedef struct {
766                 lsa_String account_name;
767                 lsa_String full_name;
768                 uint32 rid;
769                 uint32 primary_gid;
770                 lsa_String home_directory;
771                 lsa_String home_drive;
772                 lsa_String logon_script;
773                 lsa_String profile_path;
774                 lsa_String workstations;
775                 NTTIME last_logon;
776                 NTTIME last_logoff;
777                 NTTIME last_password_change;
778                 NTTIME allow_password_change;
779                 NTTIME force_password_change;
780                 samr_LogonHours logon_hours;
781                 uint16 bad_password_count;
782                 uint16 logon_count;
783                 samr_AcctFlags acct_flags;
784         } samr_UserInfo3;
785
786         typedef struct {
787                 samr_LogonHours logon_hours;
788         } samr_UserInfo4;
789
790         typedef struct {
791                 lsa_String account_name;
792                 lsa_String full_name;
793                 uint32 rid;
794                 uint32 primary_gid;
795                 lsa_String home_directory;
796                 lsa_String home_drive;
797                 lsa_String logon_script;
798                 lsa_String profile_path;
799                 lsa_String description;
800                 lsa_String workstations;
801                 NTTIME last_logon;
802                 NTTIME last_logoff;
803                 samr_LogonHours logon_hours;
804                 uint16 bad_password_count;
805                 uint16 logon_count;
806                 NTTIME last_password_change;
807                 NTTIME acct_expiry;
808                 samr_AcctFlags acct_flags;
809         } samr_UserInfo5;
810
811         typedef struct {
812                 lsa_String account_name;
813                 lsa_String full_name;
814         } samr_UserInfo6;
815
816         typedef struct {
817                 lsa_String account_name;
818         } samr_UserInfo7;
819
820         typedef struct {
821                 lsa_String full_name;
822         } samr_UserInfo8;
823
824         typedef struct {
825                 uint32 primary_gid;
826         } samr_UserInfo9;
827
828         typedef struct {
829                 lsa_String home_directory;
830                 lsa_String home_drive;
831         } samr_UserInfo10;
832
833         typedef struct {
834                 lsa_String logon_script;
835         } samr_UserInfo11;
836
837         typedef struct {
838                 lsa_String profile_path;
839         } samr_UserInfo12;
840
841         typedef struct {
842                 lsa_String description;
843         } samr_UserInfo13;
844
845         typedef struct {
846                 lsa_String workstations;
847         } samr_UserInfo14;
848
849         typedef struct {
850                 samr_AcctFlags acct_flags;
851         } samr_UserInfo16;
852
853         typedef struct {
854                 NTTIME acct_expiry;
855         } samr_UserInfo17;
856
857         typedef [public, flag(NDR_PAHEX)] struct {
858                 uint8 hash[16];
859         } samr_Password;
860
861         typedef struct {
862                 samr_Password lm_pwd;
863                 samr_Password nt_pwd;
864                 boolean8 lm_pwd_active;
865                 boolean8 nt_pwd_active;
866         } samr_UserInfo18;
867
868         typedef struct {
869                 lsa_BinaryString parameters;
870         } samr_UserInfo20;
871
872         /* this defines the bits used for fields_present in info21 */
873         typedef [bitmap32bit] bitmap {
874                 SAMR_FIELD_ACCOUNT_NAME     = 0x00000001,
875                 SAMR_FIELD_FULL_NAME        = 0x00000002,
876                 SAMR_FIELD_RID              = 0x00000004,
877                 SAMR_FIELD_PRIMARY_GID      = 0x00000008,
878                 SAMR_FIELD_DESCRIPTION      = 0x00000010,
879                 SAMR_FIELD_COMMENT          = 0x00000020,
880                 SAMR_FIELD_HOME_DIRECTORY   = 0x00000040,
881                 SAMR_FIELD_HOME_DRIVE       = 0x00000080,
882                 SAMR_FIELD_LOGON_SCRIPT     = 0x00000100,
883                 SAMR_FIELD_PROFILE_PATH     = 0x00000200,
884                 SAMR_FIELD_WORKSTATIONS     = 0x00000400,
885                 SAMR_FIELD_LAST_LOGON       = 0x00000800,
886                 SAMR_FIELD_LAST_LOGOFF      = 0x00001000,
887                 SAMR_FIELD_LOGON_HOURS      = 0x00002000,
888                 SAMR_FIELD_BAD_PWD_COUNT    = 0x00004000,
889                 SAMR_FIELD_NUM_LOGONS       = 0x00008000,
890                 SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000,
891                 SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000,
892                 SAMR_FIELD_LAST_PWD_CHANGE  = 0x00040000,
893                 SAMR_FIELD_ACCT_EXPIRY      = 0x00080000,
894                 SAMR_FIELD_ACCT_FLAGS       = 0x00100000,
895                 SAMR_FIELD_PARAMETERS       = 0x00200000,
896                 SAMR_FIELD_COUNTRY_CODE     = 0x00400000,
897                 SAMR_FIELD_CODE_PAGE        = 0x00800000,
898                 SAMR_FIELD_PASSWORD         = 0x01000000, /* either of these */
899                 SAMR_FIELD_PASSWORD2        = 0x02000000, /* two bits seems to work */
900                 SAMR_FIELD_PRIVATE_DATA     = 0x04000000,
901                 SAMR_FIELD_EXPIRED_FLAG     = 0x08000000,
902                 SAMR_FIELD_SEC_DESC         = 0x10000000,
903                 SAMR_FIELD_OWF_PWD          = 0x20000000
904         } samr_FieldsPresent;
905
906         /* used for 'password_expired' in samr_UserInfo21 */
907         const int PASS_MUST_CHANGE_AT_NEXT_LOGON = 0x01;
908         const int PASS_DONT_CHANGE_AT_NEXT_LOGON = 0x00;
909
910         typedef struct {
911                 NTTIME last_logon;
912                 NTTIME last_logoff;
913                 NTTIME last_password_change;
914                 NTTIME acct_expiry;
915                 NTTIME allow_password_change;
916                 NTTIME force_password_change;
917                 lsa_String account_name;
918                 lsa_String full_name;
919                 lsa_String home_directory;
920                 lsa_String home_drive;
921                 lsa_String logon_script;
922                 lsa_String profile_path;
923                 lsa_String description;
924                 lsa_String workstations;
925                 lsa_String comment;
926                 lsa_BinaryString parameters;
927                 lsa_String unknown1;
928                 lsa_String unknown2;
929                 lsa_String unknown3;
930                 uint32 buf_count;
931                 [size_is(buf_count)] uint8 *buffer;
932                 uint32 rid;
933                 uint32 primary_gid;
934                 samr_AcctFlags acct_flags;
935                 samr_FieldsPresent fields_present;
936                 samr_LogonHours logon_hours;
937                 uint16 bad_password_count;
938                 uint16 logon_count;
939                 uint16 country_code;
940                 uint16 code_page;
941                 uint8  nt_password_set;
942                 uint8  lm_password_set;
943                 uint8  password_expired;
944                 uint8  unknown4;
945         } samr_UserInfo21;
946
947         typedef [public, flag(NDR_PAHEX)] struct {
948                 uint8 data[516];
949         } samr_CryptPassword;
950
951         typedef struct {
952                 samr_UserInfo21 info;
953                 samr_CryptPassword password;
954         } samr_UserInfo23;
955
956         typedef struct {
957                 samr_CryptPassword password;
958                 uint8 pw_len;
959         } samr_UserInfo24;
960
961         typedef [flag(NDR_PAHEX)] struct {
962                 uint8 data[532];
963         } samr_CryptPasswordEx;
964
965         typedef struct {
966                 samr_UserInfo21 info;
967                 samr_CryptPasswordEx password;
968         } samr_UserInfo25;
969
970         typedef struct {
971                 samr_CryptPasswordEx password;
972                 uint8 pw_len;
973         } samr_UserInfo26;
974
975         typedef [switch_type(uint16)] union {
976                 [case(1)] samr_UserInfo1 info1;
977                 [case(2)] samr_UserInfo2 info2;
978                 [case(3)] samr_UserInfo3 info3;
979                 [case(4)] samr_UserInfo4 info4;
980                 [case(5)] samr_UserInfo5 info5;
981                 [case(6)] samr_UserInfo6 info6;
982                 [case(7)] samr_UserInfo7 info7;
983                 [case(8)] samr_UserInfo8 info8;
984                 [case(9)] samr_UserInfo9 info9;
985                 [case(10)] samr_UserInfo10 info10;
986                 [case(11)] samr_UserInfo11 info11;
987                 [case(12)] samr_UserInfo12 info12;
988                 [case(13)] samr_UserInfo13 info13;
989                 [case(14)] samr_UserInfo14 info14;
990                 [case(16)] samr_UserInfo16 info16;
991                 [case(17)] samr_UserInfo17 info17;
992                 [case(18)] samr_UserInfo18 info18;
993                 [case(20)] samr_UserInfo20 info20;
994                 [case(21)] samr_UserInfo21 info21;
995                 [case(23)] samr_UserInfo23 info23;
996                 [case(24)] samr_UserInfo24 info24;
997                 [case(25)] samr_UserInfo25 info25;
998                 [case(26)] samr_UserInfo26 info26;
999         } samr_UserInfo;
1000
1001         [public] NTSTATUS samr_QueryUserInfo(
1002                 [in,ref]                  policy_handle *user_handle,
1003                 [in]                      uint16 level,
1004                 [out,unique,switch_is(level)] samr_UserInfo *info
1005                 );
1006
1007
1008         /************************/
1009         /* Function    0x25     */
1010         [public] NTSTATUS samr_SetUserInfo(
1011                 [in,ref]                   policy_handle *user_handle,
1012                 [in]                       uint16 level,
1013                 [in,ref,switch_is(level)]  samr_UserInfo *info
1014                 );
1015
1016         /************************/
1017         /* Function    0x26     */
1018         /*
1019           this is a password change interface that doesn't give
1020           the server the plaintext password. Depricated.
1021         */
1022         NTSTATUS samr_ChangePasswordUser(
1023                 [in,ref]    policy_handle *user_handle,
1024                 [in]        boolean8 lm_present,
1025                 [in,unique] samr_Password *old_lm_crypted,
1026                 [in,unique] samr_Password *new_lm_crypted,
1027                 [in]        boolean8 nt_present,
1028                 [in,unique] samr_Password *old_nt_crypted,
1029                 [in,unique] samr_Password *new_nt_crypted,
1030                 [in]        boolean8 cross1_present,
1031                 [in,unique] samr_Password *nt_cross,
1032                 [in]        boolean8 cross2_present,
1033                 [in,unique] samr_Password *lm_cross
1034                 );
1035
1036         /************************/
1037         /* Function    0x27     */
1038
1039         typedef [public] struct {
1040                 uint32 rid;
1041                 samr_GroupAttrs attributes;
1042         } samr_RidWithAttribute;
1043
1044         typedef [public] struct {
1045                 uint32     count;
1046                 [size_is(count)] samr_RidWithAttribute *rids;
1047         } samr_RidWithAttributeArray;
1048
1049         NTSTATUS samr_GetGroupsForUser(
1050                 [in,ref]   policy_handle *user_handle,
1051                 [out,unique] samr_RidWithAttributeArray  *rids
1052                 );
1053
1054         /************************/
1055         /* Function    0x28     */
1056
1057         typedef struct {
1058                 uint32    idx;
1059                 uint32    rid;
1060                 samr_AcctFlags acct_flags;
1061                 lsa_String account_name;
1062                 lsa_String description;
1063                 lsa_String full_name;
1064         } samr_DispEntryGeneral;
1065
1066         typedef struct {
1067                 uint32 count;
1068                 [size_is(count)] samr_DispEntryGeneral *entries;
1069         } samr_DispInfoGeneral;
1070
1071         typedef struct {
1072                 uint32    idx;
1073                 uint32    rid;
1074                 samr_AcctFlags acct_flags;
1075                 lsa_String account_name;
1076                 lsa_String description;
1077         } samr_DispEntryFull;
1078
1079         typedef struct {
1080                 uint32 count;
1081                 [size_is(count)] samr_DispEntryFull *entries;
1082         } samr_DispInfoFull;
1083
1084         typedef struct {
1085                 uint32    idx;
1086                 uint32    rid;
1087                 samr_GroupAttrs acct_flags;
1088                 lsa_String account_name;
1089                 lsa_String description;
1090         } samr_DispEntryFullGroup;
1091
1092         typedef struct {
1093                 uint32 count;
1094                 [size_is(count)] samr_DispEntryFullGroup *entries;
1095         } samr_DispInfoFullGroups;
1096
1097         typedef struct {
1098                 uint32    idx;
1099                 lsa_AsciiStringLarge account_name;
1100         } samr_DispEntryAscii;
1101
1102         typedef struct {
1103                 uint32 count;
1104                 [size_is(count)] samr_DispEntryAscii *entries;
1105         } samr_DispInfoAscii;
1106
1107         typedef [switch_type(uint16)] union {
1108                 [case(1)] samr_DispInfoGeneral info1;/* users */
1109                 [case(2)] samr_DispInfoFull info2; /* trust accounts? */
1110                 [case(3)] samr_DispInfoFullGroups info3; /* groups */
1111                 [case(4)] samr_DispInfoAscii info4; /* users */
1112                 [case(5)] samr_DispInfoAscii info5; /* groups */
1113         } samr_DispInfo;
1114
1115         NTSTATUS samr_QueryDisplayInfo(
1116                 [in,ref]    policy_handle *domain_handle,
1117                 [in]        uint16 level,
1118                 [in]        uint32 start_idx,
1119                 [in]        uint32 max_entries,
1120                 [in]        uint32 buf_size,
1121                 [out]       uint32 total_size,
1122                 [out]       uint32 returned_size,
1123                 [out,switch_is(level)] samr_DispInfo info
1124                 );
1125
1126
1127         /************************/
1128         /* Function    0x29     */
1129
1130         /*
1131           this seems to be an alphabetic search function. The returned index
1132           is the index for samr_QueryDisplayInfo needed to get names occurring
1133           after the specified name. The supplied name does not need to exist
1134           in the database (for example you can supply just a first letter for
1135           searching starting at that letter)
1136
1137           The level corresponds to the samr_QueryDisplayInfo level
1138         */
1139         NTSTATUS samr_GetDisplayEnumerationIndex(
1140                 [in,ref]    policy_handle *domain_handle,
1141                 [in]        uint16 level,
1142                 [in,ref]    lsa_String *name,
1143                 [out,ref]   uint32 *idx
1144                 );
1145
1146
1147
1148         /************************/
1149         /* Function    0x2a     */
1150
1151         /*
1152           w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
1153         */
1154         NTSTATUS samr_TestPrivateFunctionsDomain(
1155                 [in,ref]    policy_handle *domain_handle
1156                 );
1157
1158
1159         /************************/
1160         /* Function    0x2b     */
1161
1162         /*
1163           w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
1164         */
1165         NTSTATUS samr_TestPrivateFunctionsUser(
1166                 [in,ref]    policy_handle *user_handle
1167                 );
1168
1169
1170         /************************/
1171         /* Function    0x2c     */
1172
1173         typedef struct {
1174                 uint16 min_password_length;
1175                 samr_PasswordProperties password_properties;
1176         } samr_PwInfo;
1177
1178         [public] NTSTATUS samr_GetUserPwInfo(
1179                 [in,ref]    policy_handle *user_handle,
1180                 [out,ref]   samr_PwInfo *info
1181                 );
1182
1183         /************************/
1184         /* Function    0x2d     */
1185         NTSTATUS samr_RemoveMemberFromForeignDomain(
1186                 [in,ref]    policy_handle *domain_handle,
1187                 [in,ref]    dom_sid2 *sid
1188                 );
1189
1190         /************************/
1191         /* Function    0x2e     */
1192
1193         /*
1194           how is this different from QueryDomainInfo ??
1195         */
1196         NTSTATUS samr_QueryDomainInfo2(
1197                 [in,ref]      policy_handle *domain_handle,
1198                 [in]          uint16 level,
1199                 [out,unique,switch_is(level)] samr_DomainInfo *info
1200                 );
1201
1202         /************************/
1203         /* Function    0x2f     */
1204
1205         /*
1206           how is this different from QueryUserInfo ??
1207         */
1208         NTSTATUS samr_QueryUserInfo2(
1209                 [in,ref]                  policy_handle *user_handle,
1210                 [in]                      uint16 level,
1211                 [out,unique,switch_is(level)]    samr_UserInfo *info
1212                 );
1213
1214         /************************/
1215         /* Function    0x30     */
1216
1217         /*
1218           how is this different from QueryDisplayInfo??
1219         */
1220         NTSTATUS samr_QueryDisplayInfo2(
1221                 [in,ref]    policy_handle *domain_handle,
1222                 [in]        uint16 level,
1223                 [in]        uint32 start_idx,
1224                 [in]        uint32 max_entries,
1225                 [in]        uint32 buf_size,
1226                 [out]       uint32 total_size,
1227                 [out]       uint32 returned_size,
1228                 [out,switch_is(level)] samr_DispInfo info
1229                 );
1230
1231         /************************/
1232         /* Function    0x31     */
1233
1234         /*
1235           how is this different from GetDisplayEnumerationIndex ??
1236         */
1237         NTSTATUS samr_GetDisplayEnumerationIndex2(
1238                 [in,ref]    policy_handle *domain_handle,
1239                 [in]        uint16 level,
1240                 [in,ref]    lsa_String *name,
1241                 [out,ref]   uint32 *idx
1242                 );
1243
1244
1245         /************************/
1246         /* Function    0x32     */
1247         NTSTATUS samr_CreateUser2(
1248                 [in,ref]      policy_handle *domain_handle,
1249                 [in,ref]      lsa_String *account_name,
1250                 [in]          samr_AcctFlags acct_flags,
1251                 [in]          samr_UserAccessMask access_mask,
1252                 [out,ref]     policy_handle *user_handle,
1253                 [out,ref]     uint32 *access_granted,
1254                 [out,ref]     uint32 *rid
1255                 );
1256
1257
1258         /************************/
1259         /* Function    0x33     */
1260
1261         /*
1262           another duplicate. There must be a reason ....
1263         */
1264         NTSTATUS samr_QueryDisplayInfo3(
1265                 [in,ref]    policy_handle *domain_handle,
1266                 [in]        uint16 level,
1267                 [in]        uint32 start_idx,
1268                 [in]        uint32 max_entries,
1269                 [in]        uint32 buf_size,
1270                 [out]       uint32 total_size,
1271                 [out]       uint32 returned_size,
1272                 [out,switch_is(level)] samr_DispInfo info
1273                 );
1274
1275         /************************/
1276         /* Function    0x34     */
1277         NTSTATUS samr_AddMultipleMembersToAlias(
1278                 [in,ref]    policy_handle *alias_handle,
1279                 [in,ref]    lsa_SidArray *sids
1280                 );
1281
1282         /************************/
1283         /* Function    0x35     */
1284         NTSTATUS samr_RemoveMultipleMembersFromAlias(
1285                 [in,ref]    policy_handle *alias_handle,
1286                 [in,ref]    lsa_SidArray *sids
1287                 );
1288
1289         /************************/
1290         /* Function    0x36     */
1291
1292         NTSTATUS samr_OemChangePasswordUser2(
1293                 [in,unique]       lsa_AsciiString *server,
1294                 [in,ref]          lsa_AsciiString *account,
1295                 [in,unique]       samr_CryptPassword *password,
1296                 [in,unique]       samr_Password *hash
1297                 );
1298
1299         /************************/
1300         /* Function    0x37     */
1301         NTSTATUS samr_ChangePasswordUser2(
1302                 [in,unique]       lsa_String *server,
1303                 [in,ref]          lsa_String *account,
1304                 [in,unique]       samr_CryptPassword *nt_password,
1305                 [in,unique]       samr_Password *nt_verifier,
1306                 [in]              boolean8 lm_change,
1307                 [in,unique]       samr_CryptPassword *lm_password,
1308                 [in,unique]       samr_Password *lm_verifier
1309                 );
1310
1311         /************************/
1312         /* Function    0x38     */
1313         NTSTATUS samr_GetDomPwInfo(
1314                 [in,unique] lsa_String *domain_name,
1315                 [out,ref]   samr_PwInfo *info
1316                 );
1317
1318         /************************/
1319         /* Function    0x39     */
1320         NTSTATUS samr_Connect2(
1321                 [in,unique,string,charset(UTF16)] uint16 *system_name,
1322                 [in] samr_ConnectAccessMask access_mask,
1323                 [out,ref]  policy_handle *connect_handle
1324                 );
1325
1326         /************************/
1327         /* Function    0x3a     */
1328         /*
1329           seems to be an exact alias for samr_SetUserInfo()
1330         */
1331         [public] NTSTATUS samr_SetUserInfo2(
1332                 [in,ref]                   policy_handle *user_handle,
1333                 [in]                       uint16 level,
1334                 [in,ref,switch_is(level)]  samr_UserInfo *info
1335                 );
1336
1337         /************************/
1338         /* Function    0x3b     */
1339         /*
1340           this one is mysterious. I have a few guesses, but nothing working yet
1341         */
1342         NTSTATUS samr_SetBootKeyInformation(
1343                 [in,ref]   policy_handle *connect_handle,
1344                 [in]       uint32 unknown1,
1345                 [in]       uint32 unknown2,
1346                 [in]       uint32 unknown3
1347                 );
1348
1349         /************************/
1350         /* Function    0x3c     */
1351         NTSTATUS samr_GetBootKeyInformation(
1352                 [in,ref]   policy_handle *domain_handle,
1353                 [out,ref]  uint32 *unknown
1354                 );
1355
1356         /************************/
1357         /* Function    0x3d     */
1358         NTSTATUS samr_Connect3(
1359                 [in,unique,string,charset(UTF16)] uint16 *system_name,
1360                 /* this unknown value seems to be completely ignored by w2k3 */
1361                 [in] uint32 unknown,
1362                 [in] samr_ConnectAccessMask access_mask,
1363                 [out,ref]  policy_handle *connect_handle
1364                 );
1365
1366         /************************/
1367         /* Function    0x3e     */
1368
1369         typedef enum {
1370                 SAMR_CONNECT_PRE_W2K    = 1,
1371                 SAMR_CONNECT_W2K        = 2,
1372                 SAMR_CONNECT_AFTER_W2K  = 3
1373         } samr_ConnectVersion;
1374
1375         NTSTATUS samr_Connect4(
1376                 [in,unique,string,charset(UTF16)] uint16 *system_name,
1377                 [in] samr_ConnectVersion client_version,
1378                 [in] samr_ConnectAccessMask access_mask,
1379                 [out,ref]  policy_handle *connect_handle
1380                 );
1381
1382         /************************/
1383         /* Function    0x3f     */
1384
1385         typedef enum samr_RejectReason samr_RejectReason;
1386
1387         typedef struct {
1388                 samr_RejectReason reason;
1389                 uint32 unknown1;
1390                 uint32 unknown2;
1391         } samr_ChangeReject;
1392
1393         NTSTATUS samr_ChangePasswordUser3(
1394                 [in,unique]       lsa_String *server,
1395                 [in,ref]          lsa_String *account,
1396                 [in,unique]       samr_CryptPassword *nt_password,
1397                 [in,unique]       samr_Password *nt_verifier,
1398                 [in]              boolean8 lm_change,
1399                 [in,unique]       samr_CryptPassword *lm_password,
1400                 [in,unique]       samr_Password *lm_verifier,
1401                 [in,unique]       samr_CryptPassword *password3,
1402                 [out,ref]         samr_DomInfo1 **dominfo,
1403                 [out,ref]         samr_ChangeReject **reject
1404                 );
1405
1406         /************************/
1407         /* Function    0x40      */
1408
1409         typedef struct {
1410                 samr_ConnectVersion client_version; /* w2k3 gives 3 */
1411                 uint32         unknown2; /* w2k3 gives 0 */
1412         } samr_ConnectInfo1;
1413
1414         typedef union {
1415                 [case(1)]  samr_ConnectInfo1 info1;
1416         } samr_ConnectInfo;
1417
1418         [public] NTSTATUS samr_Connect5(
1419                 [in,unique,string,charset(UTF16)] uint16 *system_name,
1420                 [in]       samr_ConnectAccessMask  access_mask,
1421                 [in,out]   uint32             level,
1422                 [in,out,switch_is(level),ref] samr_ConnectInfo *info,
1423                 [out,ref]  policy_handle      *connect_handle
1424                 );
1425
1426         /************************/
1427         /* Function    0x41     */
1428         NTSTATUS samr_RidToSid(
1429                 [in,ref]    policy_handle *domain_handle,
1430                 [in]        uint32        rid,
1431                 [out,ref]   dom_sid2      **sid
1432                 );
1433
1434         /************************/
1435         /* Function    0x42     */
1436
1437         /*
1438           this should set the DSRM password for the server, which is used
1439           when booting into Directory Services Recovery Mode on a DC. Win2003
1440           gives me NT_STATUS_NOT_SUPPORTED
1441         */
1442
1443         NTSTATUS samr_SetDsrmPassword(
1444                 [in,unique] lsa_String *name,
1445                 [in]       uint32 unknown,
1446                 [in,unique] samr_Password *hash
1447                 );
1448
1449
1450         /************************/
1451         /* Function    0x43     */
1452         /************************/
1453         typedef [bitmap32bit] bitmap {
1454                 SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET           = 0x00000001,
1455                 SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME           = 0x00000002,
1456                 SAMR_VALIDATE_FIELD_LOCKOUT_TIME                = 0x00000004,
1457                 SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT          = 0x00000008,
1458                 SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH     = 0x00000010,
1459                 SAMR_VALIDATE_FIELD_PASSWORD_HISTORY            = 0x00000020
1460         } samr_ValidateFieldsPresent;
1461
1462         typedef enum {
1463                 NetValidateAuthentication = 1,
1464                 NetValidatePasswordChange= 2,
1465                 NetValidatePasswordReset = 3
1466         } samr_ValidatePasswordLevel;
1467
1468         /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't
1469          * identified the mapping of
1470          * - NERR_PasswordFilterError
1471          * - NERR_PasswordExpired and
1472          * - NERR_PasswordCantChange
1473          * yet - Guenther
1474          */
1475
1476         typedef enum {
1477                 SAMR_VALIDATION_STATUS_SUCCESS = 0,
1478                 SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1,
1479                 SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2,
1480                 SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4,
1481                 SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5,
1482                 SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6,
1483                 SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7,
1484                 SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8,
1485                 SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9
1486         } samr_ValidationStatus;
1487
1488         typedef struct {
1489                 uint32 length;
1490                 [size_is(length)] uint8 *data;
1491         } samr_ValidationBlob;
1492
1493         typedef struct {
1494                 samr_ValidateFieldsPresent fields_present;
1495                 NTTIME_hyper last_password_change;
1496                 NTTIME_hyper bad_password_time;
1497                 NTTIME_hyper lockout_time;
1498                 uint32 bad_pwd_count;
1499                 uint32 pwd_history_len;
1500                 [size_is(pwd_history_len)] samr_ValidationBlob *pwd_history;
1501         } samr_ValidatePasswordInfo;
1502
1503         typedef struct {
1504                 samr_ValidatePasswordInfo info;
1505                 samr_ValidationStatus status;
1506         } samr_ValidatePasswordRepCtr;
1507
1508         typedef [switch_type(uint16)] union {
1509                 [case(1)] samr_ValidatePasswordRepCtr ctr1;
1510                 [case(2)] samr_ValidatePasswordRepCtr ctr2;
1511                 [case(3)] samr_ValidatePasswordRepCtr ctr3;
1512         } samr_ValidatePasswordRep;
1513
1514         typedef struct {
1515                 samr_ValidatePasswordInfo info;
1516                 lsa_StringLarge password;
1517                 lsa_StringLarge account;
1518                 samr_ValidationBlob hash;
1519                 boolean8 pwd_must_change_at_next_logon;
1520                 boolean8 clear_lockout;
1521         } samr_ValidatePasswordReq3;
1522
1523         typedef struct {
1524                 samr_ValidatePasswordInfo info;
1525                 lsa_StringLarge password;
1526                 lsa_StringLarge account;
1527                 samr_ValidationBlob hash;
1528                 boolean8 password_matched;
1529         } samr_ValidatePasswordReq2;
1530
1531         typedef struct {
1532                 samr_ValidatePasswordInfo info;
1533                 boolean8 password_matched;
1534         } samr_ValidatePasswordReq1;
1535
1536         typedef [switch_type(uint16)] union {
1537                 [case(1)] samr_ValidatePasswordReq1 req1;
1538                 [case(2)] samr_ValidatePasswordReq2 req2;
1539                 [case(3)] samr_ValidatePasswordReq3 req3;
1540         } samr_ValidatePasswordReq;
1541
1542         NTSTATUS samr_ValidatePassword(
1543                 [in] samr_ValidatePasswordLevel level,
1544                 [in,switch_is(level)] samr_ValidatePasswordReq *req,
1545                 [out,ref,switch_is(level)] samr_ValidatePasswordRep **rep
1546                 );
1547 }