4 samr interface definition
6 import "misc.idl", "lsa.idl", "security.idl";
9 Thanks to Todd Sabin for some information from his samr.idl in acltools
12 [ uuid("12345778-1234-abcd-ef00-0123456789ac"),
14 endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
15 pointer_default(unique)
18 typedef bitmap security_secinfo security_secinfo;
20 /* SAM database types */
21 typedef [public,v1_enum] enum {
22 SAM_DATABASE_DOMAIN = 0, /* Domain users and groups */
23 SAM_DATABASE_BUILTIN = 1, /* BUILTIN users and groups */
24 SAM_DATABASE_PRIVS = 2 /* Privileges */
27 typedef [public,v1_enum] enum {
28 SAMR_REJECT_OTHER = 0,
29 SAMR_REJECT_TOO_SHORT = 1,
30 SAMR_REJECT_IN_HISTORY = 2,
31 SAMR_REJECT_COMPLEXITY = 5
36 /* account control (acct_flags) bits */
37 typedef [public,bitmap32bit] bitmap {
38 ACB_DISABLED = 0x00000001, /* 1 = User account disabled */
39 ACB_HOMDIRREQ = 0x00000002, /* 1 = Home directory required */
40 ACB_PWNOTREQ = 0x00000004, /* 1 = User password not required */
41 ACB_TEMPDUP = 0x00000008, /* 1 = Temporary duplicate account */
42 ACB_NORMAL = 0x00000010, /* 1 = Normal user account */
43 ACB_MNS = 0x00000020, /* 1 = MNS logon user account */
44 ACB_DOMTRUST = 0x00000040, /* 1 = Interdomain trust account */
45 ACB_WSTRUST = 0x00000080, /* 1 = Workstation trust account */
46 ACB_SVRTRUST = 0x00000100, /* 1 = Server trust account */
47 ACB_PWNOEXP = 0x00000200, /* 1 = User password does not expire */
48 ACB_AUTOLOCK = 0x00000400, /* 1 = Account auto locked */
49 ACB_ENC_TXT_PWD_ALLOWED = 0x00000800, /* 1 = Encryped text password is allowed */
50 ACB_SMARTCARD_REQUIRED = 0x00001000, /* 1 = Smart Card required */
51 ACB_TRUSTED_FOR_DELEGATION = 0x00002000, /* 1 = Trusted for Delegation */
52 ACB_NOT_DELEGATED = 0x00004000, /* 1 = Not delegated */
53 ACB_USE_DES_KEY_ONLY = 0x00008000, /* 1 = Use DES key only */
54 ACB_DONT_REQUIRE_PREAUTH = 0x00010000, /* 1 = Preauth not required */
55 ACB_PW_EXPIRED = 0x00020000, /* 1 = Password Expired */
56 ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */
59 /* SAM server specific access rights */
61 typedef [bitmap32bit] bitmap {
62 SAMR_ACCESS_CONNECT_TO_SERVER = 0x00000001,
63 SAMR_ACCESS_SHUTDOWN_SERVER = 0x00000002,
64 SAMR_ACCESS_INITIALIZE_SERVER = 0x00000004,
65 SAMR_ACCESS_CREATE_DOMAIN = 0x00000008,
66 SAMR_ACCESS_ENUM_DOMAINS = 0x00000010,
67 SAMR_ACCESS_OPEN_DOMAIN = 0x00000020
68 } samr_ConnectAccessMask;
70 const int SAMR_ACCESS_ALL_ACCESS = 0x0000003F;
72 const int GENERIC_RIGHTS_SAM_ALL_ACCESS =
73 (STANDARD_RIGHTS_REQUIRED_ACCESS |
74 SAMR_ACCESS_ALL_ACCESS);
76 const int GENERIC_RIGHTS_SAM_READ =
77 (STANDARD_RIGHTS_READ_ACCESS |
78 SAMR_ACCESS_ENUM_DOMAINS);
80 const int GENERIC_RIGHTS_SAM_WRITE =
81 (STANDARD_RIGHTS_WRITE_ACCESS |
82 SAMR_ACCESS_CREATE_DOMAIN |
83 SAMR_ACCESS_INITIALIZE_SERVER |
84 SAMR_ACCESS_SHUTDOWN_SERVER);
86 const int GENERIC_RIGHTS_SAM_EXECUTE =
87 (STANDARD_RIGHTS_EXECUTE_ACCESS |
88 SAMR_ACCESS_OPEN_DOMAIN |
89 SAMR_ACCESS_CONNECT_TO_SERVER);
91 /* User Object specific access rights */
93 typedef [bitmap32bit] bitmap {
94 SAMR_USER_ACCESS_GET_NAME_ETC = 0x00000001,
95 SAMR_USER_ACCESS_GET_LOCALE = 0x00000002,
96 SAMR_USER_ACCESS_SET_LOC_COM = 0x00000004,
97 SAMR_USER_ACCESS_GET_LOGONINFO = 0x00000008,
98 SAMR_USER_ACCESS_GET_ATTRIBUTES = 0x00000010,
99 SAMR_USER_ACCESS_SET_ATTRIBUTES = 0x00000020,
100 SAMR_USER_ACCESS_CHANGE_PASSWORD = 0x00000040,
101 SAMR_USER_ACCESS_SET_PASSWORD = 0x00000080,
102 SAMR_USER_ACCESS_GET_GROUPS = 0x00000100,
103 SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP = 0x00000200,
104 SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400
105 } samr_UserAccessMask;
107 const int SAMR_USER_ACCESS_ALL_ACCESS = 0x000007FF;
109 const int GENERIC_RIGHTS_USER_ALL_ACCESS =
110 (STANDARD_RIGHTS_REQUIRED_ACCESS |
111 SAMR_USER_ACCESS_ALL_ACCESS); /* 0x000f07ff */
113 const int GENERIC_RIGHTS_USER_READ =
114 (STANDARD_RIGHTS_READ_ACCESS |
115 SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP |
116 SAMR_USER_ACCESS_GET_GROUPS |
117 SAMR_USER_ACCESS_GET_ATTRIBUTES |
118 SAMR_USER_ACCESS_GET_LOGONINFO |
119 SAMR_USER_ACCESS_GET_LOCALE); /* 0x0002031a */
121 const int GENERIC_RIGHTS_USER_WRITE =
122 (STANDARD_RIGHTS_WRITE_ACCESS |
123 SAMR_USER_ACCESS_CHANGE_PASSWORD |
124 SAMR_USER_ACCESS_SET_LOC_COM |
125 SAMR_USER_ACCESS_SET_ATTRIBUTES |
126 SAMR_USER_ACCESS_SET_PASSWORD |
127 SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP); /* 0x000204e4 */
129 const int GENERIC_RIGHTS_USER_EXECUTE =
130 (STANDARD_RIGHTS_EXECUTE_ACCESS |
131 SAMR_USER_ACCESS_CHANGE_PASSWORD |
132 SAMR_USER_ACCESS_GET_NAME_ETC); /* 0x00020041 */
134 /* Domain Object specific access rights */
136 typedef [bitmap32bit] bitmap {
137 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001,
138 SAMR_DOMAIN_ACCESS_SET_INFO_1 = 0x00000002,
139 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 = 0x00000004,
140 SAMR_DOMAIN_ACCESS_SET_INFO_2 = 0x00000008,
141 SAMR_DOMAIN_ACCESS_CREATE_USER = 0x00000010,
142 SAMR_DOMAIN_ACCESS_CREATE_GROUP = 0x00000020,
143 SAMR_DOMAIN_ACCESS_CREATE_ALIAS = 0x00000040,
144 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS = 0x00000080,
145 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS = 0x00000100,
146 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT = 0x00000200,
147 SAMR_DOMAIN_ACCESS_SET_INFO_3 = 0x00000400
148 } samr_DomainAccessMask;
150 const int SAMR_DOMAIN_ACCESS_ALL_ACCESS = 0x000007FF;
152 const int GENERIC_RIGHTS_DOMAIN_ALL_ACCESS =
153 (STANDARD_RIGHTS_REQUIRED_ACCESS |
154 SAMR_DOMAIN_ACCESS_ALL_ACCESS);
156 const int GENERIC_RIGHTS_DOMAIN_READ =
157 (STANDARD_RIGHTS_READ_ACCESS |
158 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS |
159 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2);
161 const int GENERIC_RIGHTS_DOMAIN_WRITE =
162 (STANDARD_RIGHTS_WRITE_ACCESS |
163 SAMR_DOMAIN_ACCESS_SET_INFO_3 |
164 SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
165 SAMR_DOMAIN_ACCESS_CREATE_GROUP |
166 SAMR_DOMAIN_ACCESS_CREATE_USER |
167 SAMR_DOMAIN_ACCESS_SET_INFO_2 |
168 SAMR_DOMAIN_ACCESS_SET_INFO_1);
170 const int GENERIC_RIGHTS_DOMAIN_EXECUTE =
171 (STANDARD_RIGHTS_EXECUTE_ACCESS |
172 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
173 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
174 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1);
176 /* Group Object specific access rights */
178 typedef [bitmap32bit] bitmap {
179 SAMR_GROUP_ACCESS_LOOKUP_INFO = 0x00000001,
180 SAMR_GROUP_ACCESS_SET_INFO = 0x00000002,
181 SAMR_GROUP_ACCESS_ADD_MEMBER = 0x00000004,
182 SAMR_GROUP_ACCESS_REMOVE_MEMBER = 0x00000008,
183 SAMR_GROUP_ACCESS_GET_MEMBERS = 0x00000010
184 } samr_GroupAccessMask;
186 const int SAMR_GROUP_ACCESS_ALL_ACCESS = 0x0000001F;
188 const int GENERIC_RIGHTS_GROUP_ALL_ACCESS =
189 (STANDARD_RIGHTS_REQUIRED_ACCESS |
190 SAMR_GROUP_ACCESS_ALL_ACCESS); /* 0x000f001f */
192 const int GENERIC_RIGHTS_GROUP_READ =
193 (STANDARD_RIGHTS_READ_ACCESS |
194 SAMR_GROUP_ACCESS_GET_MEMBERS); /* 0x00020010 */
196 const int GENERIC_RIGHTS_GROUP_WRITE =
197 (STANDARD_RIGHTS_WRITE_ACCESS |
198 SAMR_GROUP_ACCESS_REMOVE_MEMBER |
199 SAMR_GROUP_ACCESS_ADD_MEMBER |
200 SAMR_GROUP_ACCESS_SET_INFO); /* 0x0002000e */
202 const int GENERIC_RIGHTS_GROUP_EXECUTE =
203 (STANDARD_RIGHTS_EXECUTE_ACCESS |
204 SAMR_GROUP_ACCESS_LOOKUP_INFO); /* 0x00020001 */
206 /* Alias Object specific access rights */
208 typedef [bitmap32bit] bitmap {
209 SAMR_ALIAS_ACCESS_ADD_MEMBER = 0x00000001,
210 SAMR_ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002,
211 SAMR_ALIAS_ACCESS_GET_MEMBERS = 0x00000004,
212 SAMR_ALIAS_ACCESS_LOOKUP_INFO = 0x00000008,
213 SAMR_ALIAS_ACCESS_SET_INFO = 0x00000010
214 } samr_AliasAccessMask;
216 const int SAMR_ALIAS_ACCESS_ALL_ACCESS = 0x0000001F;
218 const int GENERIC_RIGHTS_ALIAS_ALL_ACCESS =
219 (STANDARD_RIGHTS_REQUIRED_ACCESS |
220 SAMR_ALIAS_ACCESS_ALL_ACCESS); /* 0x000f001f */
222 const int GENERIC_RIGHTS_ALIAS_READ =
223 (STANDARD_RIGHTS_READ_ACCESS |
224 SAMR_ALIAS_ACCESS_GET_MEMBERS); /* 0x00020004 */
226 const int GENERIC_RIGHTS_ALIAS_WRITE =
227 (STANDARD_RIGHTS_WRITE_ACCESS |
228 SAMR_ALIAS_ACCESS_REMOVE_MEMBER |
229 SAMR_ALIAS_ACCESS_ADD_MEMBER |
230 SAMR_ALIAS_ACCESS_SET_INFO); /* 0x00020013 */
232 const int GENERIC_RIGHTS_ALIAS_EXECUTE =
233 (STANDARD_RIGHTS_EXECUTE_ACCESS |
234 SAMR_ALIAS_ACCESS_LOOKUP_INFO); /* 0x00020008 */
238 NTSTATUS samr_Connect (
239 /* notice the lack of [string] */
240 [in,unique] uint16 *system_name,
241 [in] samr_ConnectAccessMask access_mask,
242 [out,ref] policy_handle *connect_handle
248 [public] NTSTATUS samr_Close (
249 [in,out,ref] policy_handle *handle
255 NTSTATUS samr_SetSecurity (
256 [in,ref] policy_handle *handle,
257 [in] security_secinfo sec_info,
258 [in,ref] sec_desc_buf *sdbuf
264 NTSTATUS samr_QuerySecurity (
265 [in,ref] policy_handle *handle,
266 [in] security_secinfo sec_info,
267 [out,ref] sec_desc_buf **sdbuf
274 shutdown the SAM - once you call this the SAM will be dead
276 NTSTATUS samr_Shutdown (
277 [in,ref] policy_handle *connect_handle
282 NTSTATUS samr_LookupDomain (
283 [in,ref] policy_handle *connect_handle,
284 [in,ref] lsa_String *domain_name,
285 [out,ref] dom_sid2 **sid
299 [size_is(count)] samr_SamEntry *entries;
302 NTSTATUS samr_EnumDomains (
303 [in] policy_handle *connect_handle,
304 [in,out,ref] uint32 *resume_handle,
305 [out,ref] samr_SamArray **sam,
306 [in] uint32 buf_size,
307 [out,ref] uint32 *num_entries
311 /************************/
313 [public] NTSTATUS samr_OpenDomain(
314 [in,ref] policy_handle *connect_handle,
315 [in] samr_DomainAccessMask access_mask,
316 [in,ref] dom_sid2 *sid,
317 [out,ref] policy_handle *domain_handle
320 /************************/
323 typedef [v1_enum] enum {
324 SAMR_ROLE_STANDALONE = 0,
325 SAMR_ROLE_DOMAIN_MEMBER = 1,
326 SAMR_ROLE_DOMAIN_BDC = 2,
327 SAMR_ROLE_DOMAIN_PDC = 3
330 /* password properties flags */
331 typedef [public,bitmap32bit] bitmap {
332 DOMAIN_PASSWORD_COMPLEX = 0x00000001,
333 DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002,
334 DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004,
335 DOMAIN_PASSWORD_LOCKOUT_ADMINS = 0x00000008,
336 DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010,
337 DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020
338 } samr_PasswordProperties;
341 uint16 min_password_length;
342 uint16 password_history_length;
343 samr_PasswordProperties password_properties;
344 /* yes, these are signed. They are in negative 100ns */
345 dlong max_password_age;
346 dlong min_password_age;
350 NTTIME force_logoff_time;
351 lsa_String oem_information; /* comment */
352 lsa_String domain_name;
353 lsa_String primary; /* PDC name if this is a BDC */
361 } samr_DomGeneralInformation;
364 NTTIME force_logoff_time;
368 lsa_String oem_information; /* comment */
369 } samr_DomOEMInformation;
372 lsa_String domain_name;
385 NTTIME domain_create_time;
389 uint32 unknown; /* w2k3 returns 1 */
393 samr_DomGeneralInformation general;
394 hyper lockout_duration;
395 hyper lockout_window;
396 uint16 lockout_threshold;
397 } samr_DomGeneralInformation2;
400 hyper lockout_duration;
401 hyper lockout_window;
402 uint16 lockout_threshold;
407 NTTIME domain_create_time;
412 typedef [switch_type(uint16)] union {
413 [case(1)] samr_DomInfo1 info1;
414 [case(2)] samr_DomGeneralInformation general;
415 [case(3)] samr_DomInfo3 info3;
416 [case(4)] samr_DomOEMInformation oem;
417 [case(5)] samr_DomInfo5 info5;
418 [case(6)] samr_DomInfo6 info6;
419 [case(7)] samr_DomInfo7 info7;
420 [case(8)] samr_DomInfo8 info8;
421 [case(9)] samr_DomInfo9 info9;
422 [case(11)] samr_DomGeneralInformation2 general2;
423 [case(12)] samr_DomInfo12 info12;
424 [case(13)] samr_DomInfo13 info13;
427 NTSTATUS samr_QueryDomainInfo(
428 [in,ref] policy_handle *domain_handle,
430 [out,ref,switch_is(level)] samr_DomainInfo **info
433 /************************/
436 only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
439 NTSTATUS samr_SetDomainInfo(
440 [in,ref] policy_handle *domain_handle,
442 [in,switch_is(level),ref] samr_DomainInfo *info
446 /************************/
448 NTSTATUS samr_CreateDomainGroup(
449 [in,ref] policy_handle *domain_handle,
450 [in,ref] lsa_String *name,
451 [in] samr_GroupAccessMask access_mask,
452 [out,ref] policy_handle *group_handle,
453 [out,ref] uint32 *rid
457 /************************/
459 NTSTATUS samr_EnumDomainGroups(
460 [in] policy_handle *domain_handle,
461 [in,out,ref] uint32 *resume_handle,
462 [out,ref] samr_SamArray **sam,
463 [in] uint32 max_size,
464 [out,ref] uint32 *num_entries
467 /************************/
469 NTSTATUS samr_CreateUser(
470 [in,ref] policy_handle *domain_handle,
471 [in,ref] lsa_String *account_name,
472 [in] samr_UserAccessMask access_mask,
473 [out,ref] policy_handle *user_handle,
474 [out,ref] uint32 *rid
477 /************************/
481 /* w2k3 treats max_size as max_users*54 and sets the
482 resume_handle as the rid of the last user sent
484 const int SAMR_ENUM_USERS_MULTIPLIER = 54;
486 NTSTATUS samr_EnumDomainUsers(
487 [in] policy_handle *domain_handle,
488 [in,out,ref] uint32 *resume_handle,
489 [in] samr_AcctFlags acct_flags,
490 [out,ref] samr_SamArray **sam,
491 [in] uint32 max_size,
492 [out,ref] uint32 *num_entries
495 /************************/
497 NTSTATUS samr_CreateDomAlias(
498 [in,ref] policy_handle *domain_handle,
499 [in,ref] lsa_String *alias_name,
500 [in] samr_AliasAccessMask access_mask,
501 [out,ref] policy_handle *alias_handle,
502 [out,ref] uint32 *rid
505 /************************/
507 NTSTATUS samr_EnumDomainAliases(
508 [in] policy_handle *domain_handle,
509 [in,out,ref] uint32 *resume_handle,
510 [out,ref] samr_SamArray **sam,
511 [in] uint32 max_size,
512 [out,ref] uint32 *num_entries
515 /************************/
519 [range(0,1024)] uint32 count;
520 [size_is(count)] uint32 *ids;
523 NTSTATUS samr_GetAliasMembership(
524 [in,ref] policy_handle *domain_handle,
525 [in,ref] lsa_SidArray *sids,
526 [out,ref] samr_Ids *rids
529 /************************/
532 [public] NTSTATUS samr_LookupNames(
533 [in,ref] policy_handle *domain_handle,
534 [in,range(0,1000)] uint32 num_names,
535 [in,size_is(1000),length_is(num_names)] lsa_String names[],
536 [out,ref] samr_Ids *rids,
537 [out,ref] samr_Ids *types
541 /************************/
543 NTSTATUS samr_LookupRids(
544 [in,ref] policy_handle *domain_handle,
545 [in,range(0,1000)] uint32 num_rids,
546 [in,size_is(1000),length_is(num_rids)] uint32 rids[],
547 [out,ref] lsa_Strings *names,
548 [out,ref] samr_Ids *types
551 /************************/
553 NTSTATUS samr_OpenGroup(
554 [in,ref] policy_handle *domain_handle,
555 [in] samr_GroupAccessMask access_mask,
557 [out,ref] policy_handle *group_handle
560 /* Group attributes */
561 typedef [public,bitmap32bit] bitmap {
562 SE_GROUP_MANDATORY = 0x00000001,
563 SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002,
564 SE_GROUP_ENABLED = 0x00000004,
565 SE_GROUP_OWNER = 0x00000008,
566 SE_GROUP_USE_FOR_DENY_ONLY = 0x00000010,
567 SE_GROUP_RESOURCE = 0x20000000,
568 SE_GROUP_LOGON_ID = 0xC0000000
571 /************************/
576 samr_GroupAttrs attributes;
578 lsa_String description;
582 samr_GroupAttrs attributes;
583 } samr_GroupInfoAttributes;
586 lsa_String description;
587 } samr_GroupInfoDescription;
592 GROUPINFOATTRIBUTES = 3,
593 GROUPINFODESCRIPTION = 4,
595 } samr_GroupInfoEnum;
597 typedef [switch_type(samr_GroupInfoEnum)] union {
598 [case(GROUPINFOALL)] samr_GroupInfoAll all;
599 [case(GROUPINFONAME)] lsa_String name;
600 [case(GROUPINFOATTRIBUTES)] samr_GroupInfoAttributes attributes;
601 [case(GROUPINFODESCRIPTION)] lsa_String description;
602 [case(GROUPINFOALL2)] samr_GroupInfoAll all2;
605 NTSTATUS samr_QueryGroupInfo(
606 [in,ref] policy_handle *group_handle,
607 [in] samr_GroupInfoEnum level,
608 [out,ref,switch_is(level)] samr_GroupInfo **info
611 /************************/
613 NTSTATUS samr_SetGroupInfo(
614 [in,ref] policy_handle *group_handle,
615 [in] samr_GroupInfoEnum level,
616 [in,switch_is(level),ref] samr_GroupInfo *info
619 /************************/
621 NTSTATUS samr_AddGroupMember(
622 [in,ref] policy_handle *group_handle,
627 /************************/
629 NTSTATUS samr_DeleteDomainGroup(
630 [in,out,ref] policy_handle *group_handle
633 /************************/
635 NTSTATUS samr_DeleteGroupMember(
636 [in,ref] policy_handle *group_handle,
641 /************************/
645 [size_is(count)] uint32 *rids;
646 [size_is(count)] uint32 *types;
649 NTSTATUS samr_QueryGroupMember(
650 [in,ref] policy_handle *group_handle,
651 [out,ref] samr_RidTypeArray **rids
655 /************************/
659 win2003 seems to accept any data at all for the two integers
660 below, and doesn't seem to do anything with them that I can
661 see. Weird. I really expected the first integer to be a rid
662 and the second to be the attributes for that rid member.
664 NTSTATUS samr_SetMemberAttributesOfGroup(
665 [in,ref] policy_handle *group_handle,
666 [in] uint32 unknown1,
671 /************************/
673 NTSTATUS samr_OpenAlias (
674 [in,ref] policy_handle *domain_handle,
675 [in] samr_AliasAccessMask access_mask,
677 [out,ref] policy_handle *alias_handle
681 /************************/
687 lsa_String description;
693 ALIASINFODESCRIPTION = 3
694 } samr_AliasInfoEnum;
696 typedef [switch_type(samr_AliasInfoEnum)] union {
697 [case(ALIASINFOALL)] samr_AliasInfoAll all;
698 [case(ALIASINFONAME)] lsa_String name;
699 [case(ALIASINFODESCRIPTION)] lsa_String description;
702 NTSTATUS samr_QueryAliasInfo(
703 [in,ref] policy_handle *alias_handle,
704 [in] samr_AliasInfoEnum level,
705 [out,ref,switch_is(level)] samr_AliasInfo **info
708 /************************/
710 NTSTATUS samr_SetAliasInfo(
711 [in,ref] policy_handle *alias_handle,
712 [in] samr_AliasInfoEnum level,
713 [in,switch_is(level),ref] samr_AliasInfo *info
716 /************************/
718 NTSTATUS samr_DeleteDomAlias(
719 [in,out,ref] policy_handle *alias_handle
722 /************************/
724 NTSTATUS samr_AddAliasMember(
725 [in,ref] policy_handle *alias_handle,
726 [in,ref] dom_sid2 *sid
729 /************************/
731 NTSTATUS samr_DeleteAliasMember(
732 [in,ref] policy_handle *alias_handle,
733 [in,ref] dom_sid2 *sid
736 /************************/
738 NTSTATUS samr_GetMembersInAlias(
739 [in,ref] policy_handle *alias_handle,
740 [out,ref] lsa_SidArray *sids
743 /************************/
745 [public] NTSTATUS samr_OpenUser(
746 [in,ref] policy_handle *domain_handle,
747 [in] samr_UserAccessMask access_mask,
749 [out,ref] policy_handle *user_handle
752 /************************/
754 NTSTATUS samr_DeleteUser(
755 [in,out,ref] policy_handle *user_handle
758 /************************/
761 lsa_String account_name;
762 lsa_String full_name;
764 lsa_String description;
770 lsa_String unknown; /* settable, but doesn't stick. probably obsolete */
775 /* this is also used in samr and netlogon */
776 typedef [public, flag(NDR_PAHEX)] struct {
777 uint16 units_per_week;
778 [size_is(1260), length_is(units_per_week/8)] uint8 *bits;
782 lsa_String account_name;
783 lsa_String full_name;
786 lsa_String home_directory;
787 lsa_String home_drive;
788 lsa_String logon_script;
789 lsa_String profile_path;
790 lsa_String workstations;
793 NTTIME last_password_change;
794 NTTIME allow_password_change;
795 NTTIME force_password_change;
796 samr_LogonHours logon_hours;
797 uint16 bad_password_count;
799 samr_AcctFlags acct_flags;
803 samr_LogonHours logon_hours;
807 lsa_String account_name;
808 lsa_String full_name;
811 lsa_String home_directory;
812 lsa_String home_drive;
813 lsa_String logon_script;
814 lsa_String profile_path;
815 lsa_String description;
816 lsa_String workstations;
819 samr_LogonHours logon_hours;
820 uint16 bad_password_count;
822 NTTIME last_password_change;
824 samr_AcctFlags acct_flags;
828 lsa_String account_name;
829 lsa_String full_name;
833 lsa_String account_name;
837 lsa_String full_name;
845 lsa_String home_directory;
846 lsa_String home_drive;
850 lsa_String logon_script;
854 lsa_String profile_path;
858 lsa_String description;
862 lsa_String workstations;
866 samr_AcctFlags acct_flags;
873 typedef [public, flag(NDR_PAHEX)] struct {
878 samr_Password lm_pwd;
879 samr_Password nt_pwd;
880 boolean8 lm_pwd_active;
881 boolean8 nt_pwd_active;
885 lsa_BinaryString parameters;
888 /* this defines the bits used for fields_present in info21 */
889 typedef [bitmap32bit] bitmap {
890 SAMR_FIELD_ACCOUNT_NAME = 0x00000001,
891 SAMR_FIELD_FULL_NAME = 0x00000002,
892 SAMR_FIELD_RID = 0x00000004,
893 SAMR_FIELD_PRIMARY_GID = 0x00000008,
894 SAMR_FIELD_DESCRIPTION = 0x00000010,
895 SAMR_FIELD_COMMENT = 0x00000020,
896 SAMR_FIELD_HOME_DIRECTORY = 0x00000040,
897 SAMR_FIELD_HOME_DRIVE = 0x00000080,
898 SAMR_FIELD_LOGON_SCRIPT = 0x00000100,
899 SAMR_FIELD_PROFILE_PATH = 0x00000200,
900 SAMR_FIELD_WORKSTATIONS = 0x00000400,
901 SAMR_FIELD_LAST_LOGON = 0x00000800,
902 SAMR_FIELD_LAST_LOGOFF = 0x00001000,
903 SAMR_FIELD_LOGON_HOURS = 0x00002000,
904 SAMR_FIELD_BAD_PWD_COUNT = 0x00004000,
905 SAMR_FIELD_NUM_LOGONS = 0x00008000,
906 SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000,
907 SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000,
908 SAMR_FIELD_LAST_PWD_CHANGE = 0x00040000,
909 SAMR_FIELD_ACCT_EXPIRY = 0x00080000,
910 SAMR_FIELD_ACCT_FLAGS = 0x00100000,
911 SAMR_FIELD_PARAMETERS = 0x00200000,
912 SAMR_FIELD_COUNTRY_CODE = 0x00400000,
913 SAMR_FIELD_CODE_PAGE = 0x00800000,
914 SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */
915 SAMR_FIELD_PASSWORD2 = 0x02000000, /* two bits seems to work */
916 SAMR_FIELD_PRIVATE_DATA = 0x04000000,
917 SAMR_FIELD_EXPIRED_FLAG = 0x08000000,
918 SAMR_FIELD_SEC_DESC = 0x10000000,
919 SAMR_FIELD_OWF_PWD = 0x20000000
920 } samr_FieldsPresent;
922 /* used for 'password_expired' in samr_UserInfo21 */
923 const int PASS_MUST_CHANGE_AT_NEXT_LOGON = 0x01;
924 const int PASS_DONT_CHANGE_AT_NEXT_LOGON = 0x00;
929 NTTIME last_password_change;
931 NTTIME allow_password_change;
932 NTTIME force_password_change;
933 lsa_String account_name;
934 lsa_String full_name;
935 lsa_String home_directory;
936 lsa_String home_drive;
937 lsa_String logon_script;
938 lsa_String profile_path;
939 lsa_String description;
940 lsa_String workstations;
942 lsa_BinaryString parameters;
947 [size_is(buf_count)] uint8 *buffer;
950 samr_AcctFlags acct_flags;
951 samr_FieldsPresent fields_present;
952 samr_LogonHours logon_hours;
953 uint16 bad_password_count;
957 uint8 nt_password_set;
958 uint8 lm_password_set;
959 uint8 password_expired;
963 typedef [public, flag(NDR_PAHEX)] struct {
965 } samr_CryptPassword;
968 samr_UserInfo21 info;
969 samr_CryptPassword password;
973 samr_CryptPassword password;
974 uint8 password_expired;
977 typedef [flag(NDR_PAHEX)] struct {
979 } samr_CryptPasswordEx;
982 samr_UserInfo21 info;
983 samr_CryptPasswordEx password;
987 samr_CryptPasswordEx password;
988 uint8 password_expired;
991 typedef [switch_type(uint16)] union {
992 [case(1)] samr_UserInfo1 info1;
993 [case(2)] samr_UserInfo2 info2;
994 [case(3)] samr_UserInfo3 info3;
995 [case(4)] samr_UserInfo4 info4;
996 [case(5)] samr_UserInfo5 info5;
997 [case(6)] samr_UserInfo6 info6;
998 [case(7)] samr_UserInfo7 info7;
999 [case(8)] samr_UserInfo8 info8;
1000 [case(9)] samr_UserInfo9 info9;
1001 [case(10)] samr_UserInfo10 info10;
1002 [case(11)] samr_UserInfo11 info11;
1003 [case(12)] samr_UserInfo12 info12;
1004 [case(13)] samr_UserInfo13 info13;
1005 [case(14)] samr_UserInfo14 info14;
1006 [case(16)] samr_UserInfo16 info16;
1007 [case(17)] samr_UserInfo17 info17;
1008 [case(18)] samr_UserInfo18 info18;
1009 [case(20)] samr_UserInfo20 info20;
1010 [case(21)] samr_UserInfo21 info21;
1011 [case(23)] samr_UserInfo23 info23;
1012 [case(24)] samr_UserInfo24 info24;
1013 [case(25)] samr_UserInfo25 info25;
1014 [case(26)] samr_UserInfo26 info26;
1017 [public] NTSTATUS samr_QueryUserInfo(
1018 [in,ref] policy_handle *user_handle,
1020 [out,ref,switch_is(level)] samr_UserInfo **info
1024 /************************/
1026 [public] NTSTATUS samr_SetUserInfo(
1027 [in,ref] policy_handle *user_handle,
1029 [in,ref,switch_is(level)] samr_UserInfo *info
1032 /************************/
1035 this is a password change interface that doesn't give
1036 the server the plaintext password. Depricated.
1038 NTSTATUS samr_ChangePasswordUser(
1039 [in,ref] policy_handle *user_handle,
1040 [in] boolean8 lm_present,
1041 [in,unique] samr_Password *old_lm_crypted,
1042 [in,unique] samr_Password *new_lm_crypted,
1043 [in] boolean8 nt_present,
1044 [in,unique] samr_Password *old_nt_crypted,
1045 [in,unique] samr_Password *new_nt_crypted,
1046 [in] boolean8 cross1_present,
1047 [in,unique] samr_Password *nt_cross,
1048 [in] boolean8 cross2_present,
1049 [in,unique] samr_Password *lm_cross
1052 /************************/
1055 typedef [public] struct {
1057 samr_GroupAttrs attributes;
1058 } samr_RidWithAttribute;
1060 typedef [public] struct {
1062 [size_is(count)] samr_RidWithAttribute *rids;
1063 } samr_RidWithAttributeArray;
1065 NTSTATUS samr_GetGroupsForUser(
1066 [in,ref] policy_handle *user_handle,
1067 [out,ref] samr_RidWithAttributeArray **rids
1070 /************************/
1076 samr_AcctFlags acct_flags;
1077 lsa_String account_name;
1078 lsa_String description;
1079 lsa_String full_name;
1080 } samr_DispEntryGeneral;
1084 [size_is(count)] samr_DispEntryGeneral *entries;
1085 } samr_DispInfoGeneral;
1090 samr_AcctFlags acct_flags;
1091 lsa_String account_name;
1092 lsa_String description;
1093 } samr_DispEntryFull;
1097 [size_is(count)] samr_DispEntryFull *entries;
1098 } samr_DispInfoFull;
1103 samr_GroupAttrs acct_flags;
1104 lsa_String account_name;
1105 lsa_String description;
1106 } samr_DispEntryFullGroup;
1110 [size_is(count)] samr_DispEntryFullGroup *entries;
1111 } samr_DispInfoFullGroups;
1115 lsa_AsciiStringLarge account_name;
1116 } samr_DispEntryAscii;
1120 [size_is(count)] samr_DispEntryAscii *entries;
1121 } samr_DispInfoAscii;
1123 typedef [switch_type(uint16)] union {
1124 [case(1)] samr_DispInfoGeneral info1;/* users */
1125 [case(2)] samr_DispInfoFull info2; /* trust accounts? */
1126 [case(3)] samr_DispInfoFullGroups info3; /* groups */
1127 [case(4)] samr_DispInfoAscii info4; /* users */
1128 [case(5)] samr_DispInfoAscii info5; /* groups */
1131 NTSTATUS samr_QueryDisplayInfo(
1132 [in,ref] policy_handle *domain_handle,
1134 [in] uint32 start_idx,
1135 [in] uint32 max_entries,
1136 [in] uint32 buf_size,
1137 [out,ref] uint32 *total_size,
1138 [out,ref] uint32 *returned_size,
1139 [out,ref,switch_is(level)] samr_DispInfo *info
1143 /************************/
1147 this seems to be an alphabetic search function. The returned index
1148 is the index for samr_QueryDisplayInfo needed to get names occurring
1149 after the specified name. The supplied name does not need to exist
1150 in the database (for example you can supply just a first letter for
1151 searching starting at that letter)
1153 The level corresponds to the samr_QueryDisplayInfo level
1155 NTSTATUS samr_GetDisplayEnumerationIndex(
1156 [in,ref] policy_handle *domain_handle,
1158 [in,ref] lsa_String *name,
1159 [out,ref] uint32 *idx
1164 /************************/
1168 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
1170 NTSTATUS samr_TestPrivateFunctionsDomain(
1171 [in,ref] policy_handle *domain_handle
1175 /************************/
1179 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
1181 NTSTATUS samr_TestPrivateFunctionsUser(
1182 [in,ref] policy_handle *user_handle
1186 /************************/
1190 uint16 min_password_length;
1191 samr_PasswordProperties password_properties;
1194 [public] NTSTATUS samr_GetUserPwInfo(
1195 [in,ref] policy_handle *user_handle,
1196 [out,ref] samr_PwInfo *info
1199 /************************/
1201 NTSTATUS samr_RemoveMemberFromForeignDomain(
1202 [in,ref] policy_handle *domain_handle,
1203 [in,ref] dom_sid2 *sid
1206 /************************/
1210 how is this different from QueryDomainInfo ??
1212 NTSTATUS samr_QueryDomainInfo2(
1213 [in,ref] policy_handle *domain_handle,
1215 [out,ref,switch_is(level)] samr_DomainInfo **info
1218 /************************/
1222 how is this different from QueryUserInfo ??
1224 NTSTATUS samr_QueryUserInfo2(
1225 [in,ref] policy_handle *user_handle,
1227 [out,ref,switch_is(level)] samr_UserInfo **info
1230 /************************/
1234 how is this different from QueryDisplayInfo??
1236 NTSTATUS samr_QueryDisplayInfo2(
1237 [in,ref] policy_handle *domain_handle,
1239 [in] uint32 start_idx,
1240 [in] uint32 max_entries,
1241 [in] uint32 buf_size,
1242 [out,ref] uint32 *total_size,
1243 [out,ref] uint32 *returned_size,
1244 [out,ref,switch_is(level)] samr_DispInfo *info
1247 /************************/
1251 how is this different from GetDisplayEnumerationIndex ??
1253 NTSTATUS samr_GetDisplayEnumerationIndex2(
1254 [in,ref] policy_handle *domain_handle,
1256 [in,ref] lsa_String *name,
1257 [out,ref] uint32 *idx
1261 /************************/
1263 NTSTATUS samr_CreateUser2(
1264 [in,ref] policy_handle *domain_handle,
1265 [in,ref] lsa_String *account_name,
1266 [in] samr_AcctFlags acct_flags,
1267 [in] samr_UserAccessMask access_mask,
1268 [out,ref] policy_handle *user_handle,
1269 [out,ref] uint32 *access_granted,
1270 [out,ref] uint32 *rid
1274 /************************/
1278 another duplicate. There must be a reason ....
1280 NTSTATUS samr_QueryDisplayInfo3(
1281 [in,ref] policy_handle *domain_handle,
1283 [in] uint32 start_idx,
1284 [in] uint32 max_entries,
1285 [in] uint32 buf_size,
1286 [out,ref] uint32 *total_size,
1287 [out,ref] uint32 *returned_size,
1288 [out,ref,switch_is(level)] samr_DispInfo *info
1291 /************************/
1293 NTSTATUS samr_AddMultipleMembersToAlias(
1294 [in,ref] policy_handle *alias_handle,
1295 [in,ref] lsa_SidArray *sids
1298 /************************/
1300 NTSTATUS samr_RemoveMultipleMembersFromAlias(
1301 [in,ref] policy_handle *alias_handle,
1302 [in,ref] lsa_SidArray *sids
1305 /************************/
1308 NTSTATUS samr_OemChangePasswordUser2(
1309 [in,unique] lsa_AsciiString *server,
1310 [in,ref] lsa_AsciiString *account,
1311 [in,unique] samr_CryptPassword *password,
1312 [in,unique] samr_Password *hash
1315 /************************/
1317 NTSTATUS samr_ChangePasswordUser2(
1318 [in,unique] lsa_String *server,
1319 [in,ref] lsa_String *account,
1320 [in,unique] samr_CryptPassword *nt_password,
1321 [in,unique] samr_Password *nt_verifier,
1322 [in] boolean8 lm_change,
1323 [in,unique] samr_CryptPassword *lm_password,
1324 [in,unique] samr_Password *lm_verifier
1327 /************************/
1329 NTSTATUS samr_GetDomPwInfo(
1330 [in,unique] lsa_String *domain_name,
1331 [out,ref] samr_PwInfo *info
1334 /************************/
1336 NTSTATUS samr_Connect2(
1337 [in,unique,string,charset(UTF16)] uint16 *system_name,
1338 [in] samr_ConnectAccessMask access_mask,
1339 [out,ref] policy_handle *connect_handle
1342 /************************/
1345 seems to be an exact alias for samr_SetUserInfo()
1347 [public] NTSTATUS samr_SetUserInfo2(
1348 [in,ref] policy_handle *user_handle,
1350 [in,ref,switch_is(level)] samr_UserInfo *info
1353 /************************/
1356 this one is mysterious. I have a few guesses, but nothing working yet
1358 NTSTATUS samr_SetBootKeyInformation(
1359 [in,ref] policy_handle *connect_handle,
1360 [in] uint32 unknown1,
1361 [in] uint32 unknown2,
1362 [in] uint32 unknown3
1365 /************************/
1367 NTSTATUS samr_GetBootKeyInformation(
1368 [in,ref] policy_handle *domain_handle,
1369 [out,ref] uint32 *unknown
1372 /************************/
1374 NTSTATUS samr_Connect3(
1375 [in,unique,string,charset(UTF16)] uint16 *system_name,
1376 /* this unknown value seems to be completely ignored by w2k3 */
1377 [in] uint32 unknown,
1378 [in] samr_ConnectAccessMask access_mask,
1379 [out,ref] policy_handle *connect_handle
1382 /************************/
1386 SAMR_CONNECT_PRE_W2K = 1,
1387 SAMR_CONNECT_W2K = 2,
1388 SAMR_CONNECT_AFTER_W2K = 3
1389 } samr_ConnectVersion;
1391 NTSTATUS samr_Connect4(
1392 [in,unique,string,charset(UTF16)] uint16 *system_name,
1393 [in] samr_ConnectVersion client_version,
1394 [in] samr_ConnectAccessMask access_mask,
1395 [out,ref] policy_handle *connect_handle
1398 /************************/
1401 typedef enum samr_RejectReason samr_RejectReason;
1404 samr_RejectReason reason;
1407 } samr_ChangeReject;
1409 NTSTATUS samr_ChangePasswordUser3(
1410 [in,unique] lsa_String *server,
1411 [in,ref] lsa_String *account,
1412 [in,unique] samr_CryptPassword *nt_password,
1413 [in,unique] samr_Password *nt_verifier,
1414 [in] boolean8 lm_change,
1415 [in,unique] samr_CryptPassword *lm_password,
1416 [in,unique] samr_Password *lm_verifier,
1417 [in,unique] samr_CryptPassword *password3,
1418 [out,ref] samr_DomInfo1 **dominfo,
1419 [out,ref] samr_ChangeReject **reject
1422 /************************/
1426 samr_ConnectVersion client_version; /* w2k3 gives 3 */
1427 uint32 unknown2; /* w2k3 gives 0 */
1428 } samr_ConnectInfo1;
1431 [case(1)] samr_ConnectInfo1 info1;
1434 [public] NTSTATUS samr_Connect5(
1435 [in,unique,string,charset(UTF16)] uint16 *system_name,
1436 [in] samr_ConnectAccessMask access_mask,
1437 [in] uint32 level_in,
1438 [in,ref,switch_is(level_in)] samr_ConnectInfo *info_in,
1439 [out,ref] uint32 *level_out,
1440 [out,ref,switch_is(*level_out)] samr_ConnectInfo *info_out,
1441 [out,ref] policy_handle *connect_handle
1444 /************************/
1446 NTSTATUS samr_RidToSid(
1447 [in,ref] policy_handle *domain_handle,
1449 [out,ref] dom_sid2 **sid
1452 /************************/
1456 this should set the DSRM password for the server, which is used
1457 when booting into Directory Services Recovery Mode on a DC. Win2003
1458 gives me NT_STATUS_NOT_SUPPORTED
1461 NTSTATUS samr_SetDsrmPassword(
1462 [in,unique] lsa_String *name,
1463 [in] uint32 unknown,
1464 [in,unique] samr_Password *hash
1468 /************************/
1470 /************************/
1471 typedef [bitmap32bit] bitmap {
1472 SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET = 0x00000001,
1473 SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME = 0x00000002,
1474 SAMR_VALIDATE_FIELD_LOCKOUT_TIME = 0x00000004,
1475 SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT = 0x00000008,
1476 SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH = 0x00000010,
1477 SAMR_VALIDATE_FIELD_PASSWORD_HISTORY = 0x00000020
1478 } samr_ValidateFieldsPresent;
1481 NetValidateAuthentication = 1,
1482 NetValidatePasswordChange= 2,
1483 NetValidatePasswordReset = 3
1484 } samr_ValidatePasswordLevel;
1486 /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't
1487 * identified the mapping of
1488 * - NERR_PasswordFilterError
1489 * - NERR_PasswordExpired and
1490 * - NERR_PasswordCantChange
1495 SAMR_VALIDATION_STATUS_SUCCESS = 0,
1496 SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1,
1497 SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2,
1498 SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4,
1499 SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5,
1500 SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6,
1501 SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7,
1502 SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8,
1503 SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9
1504 } samr_ValidationStatus;
1508 [size_is(length)] uint8 *data;
1509 } samr_ValidationBlob;
1512 samr_ValidateFieldsPresent fields_present;
1513 NTTIME_hyper last_password_change;
1514 NTTIME_hyper bad_password_time;
1515 NTTIME_hyper lockout_time;
1516 uint32 bad_pwd_count;
1517 uint32 pwd_history_len;
1518 [size_is(pwd_history_len)] samr_ValidationBlob *pwd_history;
1519 } samr_ValidatePasswordInfo;
1522 samr_ValidatePasswordInfo info;
1523 samr_ValidationStatus status;
1524 } samr_ValidatePasswordRepCtr;
1526 typedef [switch_type(uint16)] union {
1527 [case(1)] samr_ValidatePasswordRepCtr ctr1;
1528 [case(2)] samr_ValidatePasswordRepCtr ctr2;
1529 [case(3)] samr_ValidatePasswordRepCtr ctr3;
1530 } samr_ValidatePasswordRep;
1533 samr_ValidatePasswordInfo info;
1534 lsa_StringLarge password;
1535 lsa_StringLarge account;
1536 samr_ValidationBlob hash;
1537 boolean8 pwd_must_change_at_next_logon;
1538 boolean8 clear_lockout;
1539 } samr_ValidatePasswordReq3;
1542 samr_ValidatePasswordInfo info;
1543 lsa_StringLarge password;
1544 lsa_StringLarge account;
1545 samr_ValidationBlob hash;
1546 boolean8 password_matched;
1547 } samr_ValidatePasswordReq2;
1550 samr_ValidatePasswordInfo info;
1551 boolean8 password_matched;
1552 } samr_ValidatePasswordReq1;
1554 typedef [switch_type(uint16)] union {
1555 [case(1)] samr_ValidatePasswordReq1 req1;
1556 [case(2)] samr_ValidatePasswordReq2 req2;
1557 [case(3)] samr_ValidatePasswordReq3 req3;
1558 } samr_ValidatePasswordReq;
1560 NTSTATUS samr_ValidatePassword(
1561 [in] samr_ValidatePasswordLevel level,
1562 [in,switch_is(level)] samr_ValidatePasswordReq *req,
1563 [out,ref,switch_is(level)] samr_ValidatePasswordRep **rep