librpc/idl/samr.idl

   1 #include "idl_types.h"
   2
   3 /*
   4   samr interface definition
   5 */
   6 import "misc.idl", "lsa.idl", "security.idl";
   7
   8 /*
   9   Thanks to Todd Sabin for some information from his samr.idl in acltools
  10 */
  11
  12 [ uuid("12345778-1234-abcd-ef00-0123456789ac"),
  13   version(1.0),
  14   endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
  15   pointer_default(unique)
  16 ] interface samr
  17 {
  18         typedef bitmap security_secinfo security_secinfo;
  19
  20         /* SAM database types */
  21         typedef [public,v1_enum] enum {
  22                 SAM_DATABASE_DOMAIN  = 0, /* Domain users and groups */
  23                 SAM_DATABASE_BUILTIN = 1, /* BUILTIN users and groups */
  24                 SAM_DATABASE_PRIVS   = 2 /* Privileges */
  25         } netr_SamDatabaseID;
  26
  27         typedef [public,v1_enum] enum {
  28                 SAMR_REJECT_OTHER      = 0,
  29                 SAMR_REJECT_TOO_SHORT  = 1,
  30                 SAMR_REJECT_IN_HISTORY = 2,
  31                 SAMR_REJECT_COMPLEXITY = 5
  32         } samr_RejectReason;
  33
  34
  35
  36         /* account control (acct_flags) bits */
  37         typedef [public,bitmap32bit] bitmap {
  38                 ACB_DISABLED                    = 0x00000001,  /* 1 = User account disabled */
  39                 ACB_HOMDIRREQ                   = 0x00000002,  /* 1 = Home directory required */
  40                 ACB_PWNOTREQ                    = 0x00000004,  /* 1 = User password not required */
  41                 ACB_TEMPDUP                     = 0x00000008,  /* 1 = Temporary duplicate account */
  42                 ACB_NORMAL                      = 0x00000010,  /* 1 = Normal user account */
  43                 ACB_MNS                         = 0x00000020,  /* 1 = MNS logon user account */
  44                 ACB_DOMTRUST                    = 0x00000040,  /* 1 = Interdomain trust account */
  45                 ACB_WSTRUST                     = 0x00000080,  /* 1 = Workstation trust account */
  46                 ACB_SVRTRUST                    = 0x00000100,  /* 1 = Server trust account */
  47                 ACB_PWNOEXP                     = 0x00000200,  /* 1 = User password does not expire */
  48                 ACB_AUTOLOCK                    = 0x00000400,  /* 1 = Account auto locked */
  49                 ACB_ENC_TXT_PWD_ALLOWED         = 0x00000800,  /* 1 = Encryped text password is allowed */
  50                 ACB_SMARTCARD_REQUIRED          = 0x00001000,  /* 1 = Smart Card required */
  51                 ACB_TRUSTED_FOR_DELEGATION      = 0x00002000,  /* 1 = Trusted for Delegation */
  52                 ACB_NOT_DELEGATED               = 0x00004000,  /* 1 = Not delegated */
  53                 ACB_USE_DES_KEY_ONLY            = 0x00008000,  /* 1 = Use DES key only */
  54                 ACB_DONT_REQUIRE_PREAUTH        = 0x00010000,  /* 1 = Preauth not required */
  55                 ACB_PW_EXPIRED                  = 0x00020000,  /* 1 = Password Expired */
  56                 ACB_NO_AUTH_DATA_REQD           = 0x00080000   /* 1 = No authorization data required */
  57         } samr_AcctFlags;
  58
  59         /* SAM server specific access rights */
  60
  61         typedef [bitmap32bit] bitmap {
  62                 SAMR_ACCESS_CONNECT_TO_SERVER   = 0x00000001,
  63                 SAMR_ACCESS_SHUTDOWN_SERVER     = 0x00000002,
  64                 SAMR_ACCESS_INITIALIZE_SERVER   = 0x00000004,
  65                 SAMR_ACCESS_CREATE_DOMAIN       = 0x00000008,
  66                 SAMR_ACCESS_ENUM_DOMAINS        = 0x00000010,
  67                 SAMR_ACCESS_OPEN_DOMAIN         = 0x00000020
  68         } samr_ConnectAccessMask;
  69
  70         const int SAMR_ACCESS_ALL_ACCESS = 0x0000003F;
  71
  72         const int GENERIC_RIGHTS_SAM_ALL_ACCESS =
  73                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
  74                  SAMR_ACCESS_ALL_ACCESS);
  75
  76         const int GENERIC_RIGHTS_SAM_READ =
  77                 (STANDARD_RIGHTS_READ_ACCESS            |
  78                  SAMR_ACCESS_ENUM_DOMAINS);
  79
  80         const int GENERIC_RIGHTS_SAM_WRITE =
  81                 (STANDARD_RIGHTS_WRITE_ACCESS           |
  82                  SAMR_ACCESS_CREATE_DOMAIN              |
  83                  SAMR_ACCESS_INITIALIZE_SERVER          |
  84                  SAMR_ACCESS_SHUTDOWN_SERVER);
  85
  86         const int GENERIC_RIGHTS_SAM_EXECUTE =
  87                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
  88                  SAMR_ACCESS_OPEN_DOMAIN                |
  89                  SAMR_ACCESS_CONNECT_TO_SERVER);
  90
  91         /* User Object specific access rights */
  92
  93         typedef [bitmap32bit] bitmap {
  94                 SAMR_USER_ACCESS_GET_NAME_ETC             = 0x00000001,
  95                 SAMR_USER_ACCESS_GET_LOCALE               = 0x00000002,
  96                 SAMR_USER_ACCESS_SET_LOC_COM              = 0x00000004,
  97                 SAMR_USER_ACCESS_GET_LOGONINFO            = 0x00000008,
  98                 SAMR_USER_ACCESS_GET_ATTRIBUTES           = 0x00000010,
  99                 SAMR_USER_ACCESS_SET_ATTRIBUTES           = 0x00000020,
 100                 SAMR_USER_ACCESS_CHANGE_PASSWORD          = 0x00000040,
 101                 SAMR_USER_ACCESS_SET_PASSWORD             = 0x00000080,
 102                 SAMR_USER_ACCESS_GET_GROUPS               = 0x00000100,
 103                 SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP     = 0x00000200,
 104                 SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP  = 0x00000400
 105         } samr_UserAccessMask;
 106
 107         const int SAMR_USER_ACCESS_ALL_ACCESS = 0x000007FF;
 108
 109         const int GENERIC_RIGHTS_USER_ALL_ACCESS =
 110                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
 111                  SAMR_USER_ACCESS_ALL_ACCESS);  /* 0x000f07ff */
 112
 113         const int GENERIC_RIGHTS_USER_READ =
 114                 (STANDARD_RIGHTS_READ_ACCESS            |
 115                  SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP  |
 116                  SAMR_USER_ACCESS_GET_GROUPS            |
 117                  SAMR_USER_ACCESS_GET_ATTRIBUTES        |
 118                  SAMR_USER_ACCESS_GET_LOGONINFO         |
 119                  SAMR_USER_ACCESS_GET_LOCALE);  /* 0x0002031a */
 120
 121         const int GENERIC_RIGHTS_USER_WRITE =
 122                 (STANDARD_RIGHTS_WRITE_ACCESS           |
 123                  SAMR_USER_ACCESS_CHANGE_PASSWORD       |
 124                  SAMR_USER_ACCESS_SET_LOC_COM           |
 125                  SAMR_USER_ACCESS_SET_ATTRIBUTES        |
 126                  SAMR_USER_ACCESS_SET_PASSWORD          |
 127                  SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP);     /* 0x000204e4 */
 128
 129         const int GENERIC_RIGHTS_USER_EXECUTE =
 130                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
 131                  SAMR_USER_ACCESS_CHANGE_PASSWORD       |
 132                  SAMR_USER_ACCESS_GET_NAME_ETC);        /* 0x00020041 */
 133
 134         /* Domain Object specific access rights */
 135
 136         typedef [bitmap32bit] bitmap {
 137                 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1  = 0x00000001,
 138                 SAMR_DOMAIN_ACCESS_SET_INFO_1     = 0x00000002,
 139                 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2  = 0x00000004,
 140                 SAMR_DOMAIN_ACCESS_SET_INFO_2     = 0x00000008,
 141                 SAMR_DOMAIN_ACCESS_CREATE_USER    = 0x00000010,
 142                 SAMR_DOMAIN_ACCESS_CREATE_GROUP   = 0x00000020,
 143                 SAMR_DOMAIN_ACCESS_CREATE_ALIAS   = 0x00000040,
 144                 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS   = 0x00000080,
 145                 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS  = 0x00000100,
 146                 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT   = 0x00000200,
 147                 SAMR_DOMAIN_ACCESS_SET_INFO_3     = 0x00000400
 148         } samr_DomainAccessMask;
 149
 150         const int SAMR_DOMAIN_ACCESS_ALL_ACCESS = 0x000007FF;
 151
 152         const int GENERIC_RIGHTS_DOMAIN_ALL_ACCESS =
 153                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
 154                  SAMR_DOMAIN_ACCESS_ALL_ACCESS);
 155
 156         const int GENERIC_RIGHTS_DOMAIN_READ =
 157                 (STANDARD_RIGHTS_READ_ACCESS            |
 158                  SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS        |
 159                  SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2);
 160
 161         const int GENERIC_RIGHTS_DOMAIN_WRITE =
 162                 (STANDARD_RIGHTS_WRITE_ACCESS           |
 163                  SAMR_DOMAIN_ACCESS_SET_INFO_3          |
 164                  SAMR_DOMAIN_ACCESS_CREATE_ALIAS        |
 165                  SAMR_DOMAIN_ACCESS_CREATE_GROUP        |
 166                  SAMR_DOMAIN_ACCESS_CREATE_USER         |
 167                  SAMR_DOMAIN_ACCESS_SET_INFO_2          |
 168                  SAMR_DOMAIN_ACCESS_SET_INFO_1);
 169
 170         const int GENERIC_RIGHTS_DOMAIN_EXECUTE =
 171                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
 172                  SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT        |
 173                  SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS       |
 174                  SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1);
 175
 176         /* Group Object specific access rights */
 177
 178         typedef [bitmap32bit] bitmap {
 179                 SAMR_GROUP_ACCESS_LOOKUP_INFO     = 0x00000001,
 180                 SAMR_GROUP_ACCESS_SET_INFO        = 0x00000002,
 181                 SAMR_GROUP_ACCESS_ADD_MEMBER      = 0x00000004,
 182                 SAMR_GROUP_ACCESS_REMOVE_MEMBER   = 0x00000008,
 183                 SAMR_GROUP_ACCESS_GET_MEMBERS     = 0x00000010
 184         } samr_GroupAccessMask;
 185
 186         const int SAMR_GROUP_ACCESS_ALL_ACCESS = 0x0000001F;
 187
 188         const int GENERIC_RIGHTS_GROUP_ALL_ACCESS =
 189                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
 190                  SAMR_GROUP_ACCESS_ALL_ACCESS); /* 0x000f001f */
 191
 192         const int GENERIC_RIGHTS_GROUP_READ =
 193                 (STANDARD_RIGHTS_READ_ACCESS            |
 194                  SAMR_GROUP_ACCESS_GET_MEMBERS);        /* 0x00020010 */
 195
 196         const int GENERIC_RIGHTS_GROUP_WRITE =
 197                 (STANDARD_RIGHTS_WRITE_ACCESS           |
 198                  SAMR_GROUP_ACCESS_REMOVE_MEMBER        |
 199                  SAMR_GROUP_ACCESS_ADD_MEMBER           |
 200                  SAMR_GROUP_ACCESS_SET_INFO);   /* 0x0002000e */
 201
 202         const int GENERIC_RIGHTS_GROUP_EXECUTE =
 203                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
 204                  SAMR_GROUP_ACCESS_LOOKUP_INFO);        /* 0x00020001 */
 205
 206         /* Alias Object specific access rights */
 207
 208         typedef [bitmap32bit] bitmap {
 209                 SAMR_ALIAS_ACCESS_ADD_MEMBER      = 0x00000001,
 210                 SAMR_ALIAS_ACCESS_REMOVE_MEMBER   = 0x00000002,
 211                 SAMR_ALIAS_ACCESS_GET_MEMBERS     = 0x00000004,
 212                 SAMR_ALIAS_ACCESS_LOOKUP_INFO     = 0x00000008,
 213                 SAMR_ALIAS_ACCESS_SET_INFO        = 0x00000010
 214         } samr_AliasAccessMask;
 215
 216         const int SAMR_ALIAS_ACCESS_ALL_ACCESS = 0x0000001F;
 217
 218         const int GENERIC_RIGHTS_ALIAS_ALL_ACCESS =
 219                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
 220                  SAMR_ALIAS_ACCESS_ALL_ACCESS); /* 0x000f001f */
 221
 222         const int GENERIC_RIGHTS_ALIAS_READ =
 223                 (STANDARD_RIGHTS_READ_ACCESS            |
 224                  SAMR_ALIAS_ACCESS_GET_MEMBERS);        /* 0x00020004 */
 225
 226         const int GENERIC_RIGHTS_ALIAS_WRITE =
 227                 (STANDARD_RIGHTS_WRITE_ACCESS           |
 228                  SAMR_ALIAS_ACCESS_REMOVE_MEMBER        |
 229                  SAMR_ALIAS_ACCESS_ADD_MEMBER           |
 230                  SAMR_ALIAS_ACCESS_SET_INFO);   /* 0x00020013 */
 231
 232         const int GENERIC_RIGHTS_ALIAS_EXECUTE =
 233                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
 234                  SAMR_ALIAS_ACCESS_LOOKUP_INFO);        /* 0x00020008 */
 235
 236         /******************/
 237         /* Function: 0x00 */
 238         NTSTATUS samr_Connect (
 239                 /* notice the lack of [string] */
 240                 [in,unique] uint16 *system_name,
 241                 [in]       samr_ConnectAccessMask access_mask,
 242                 [out,ref]  policy_handle *connect_handle
 243                 );
 244
 245
 246         /******************/
 247         /* Function: 0x01 */
 248         [public] NTSTATUS samr_Close (
 249                 [in,out,ref]  policy_handle *handle
 250                 );
 251
 252         /******************/
 253         /* Function: 0x02 */
 254
 255         NTSTATUS samr_SetSecurity (
 256                 [in,ref]          policy_handle *handle,
 257                 [in]              security_secinfo sec_info,
 258                 [in,ref]          sec_desc_buf *sdbuf
 259                 );
 260
 261         /******************/
 262         /* Function: 0x03 */
 263
 264         NTSTATUS samr_QuerySecurity (
 265                 [in,ref]          policy_handle *handle,
 266                 [in]              security_secinfo sec_info,
 267                 [out,ref]         sec_desc_buf **sdbuf
 268                 );
 269
 270         /******************/
 271         /* Function: 0x04 */
 272
 273         /*
 274           shutdown the SAM - once you call this the SAM will be dead
 275         */
 276         NTSTATUS samr_Shutdown (
 277                 [in,ref]   policy_handle *connect_handle
 278                 );
 279
 280         /******************/
 281         /* Function: 0x05 */
 282         NTSTATUS samr_LookupDomain (
 283                 [in,ref]  policy_handle *connect_handle,
 284                 [in,ref]  lsa_String *domain_name,
 285                 [out,ref] dom_sid2 **sid
 286                 );
 287
 288
 289         /******************/
 290         /* Function: 0x06 */
 291
 292         typedef struct {
 293                 uint32 idx;
 294                 lsa_String name;
 295         } samr_SamEntry;
 296
 297         typedef struct {
 298                 uint32 count;
 299                 [size_is(count)] samr_SamEntry *entries;
 300         } samr_SamArray;
 301
 302         NTSTATUS samr_EnumDomains (
 303                 [in]          policy_handle *connect_handle,
 304                 [in,out,ref]  uint32 *resume_handle,
 305                 [out,ref]     samr_SamArray **sam,
 306                 [in]          uint32 buf_size,
 307                 [out,ref]     uint32 *num_entries
 308                 );
 309
 310
 311         /************************/
 312         /* Function    0x07     */
 313         [public] NTSTATUS samr_OpenDomain(
 314                 [in,ref]      policy_handle *connect_handle,
 315                 [in]          samr_DomainAccessMask access_mask,
 316                 [in,ref]      dom_sid2 *sid,
 317                 [out,ref]     policy_handle *domain_handle
 318                 );
 319
 320         /************************/
 321         /* Function    0x08     */
 322         /* server roles */
 323         typedef [v1_enum] enum {
 324                 SAMR_ROLE_STANDALONE    = 0,
 325                 SAMR_ROLE_DOMAIN_MEMBER = 1,
 326                 SAMR_ROLE_DOMAIN_BDC    = 2,
 327                 SAMR_ROLE_DOMAIN_PDC    = 3
 328         } samr_Role;
 329
 330         /* password properties flags */
 331         typedef [public,bitmap32bit] bitmap {
 332                 DOMAIN_PASSWORD_COMPLEX         = 0x00000001,
 333                 DOMAIN_PASSWORD_NO_ANON_CHANGE  = 0x00000002,
 334                 DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004,
 335                 DOMAIN_PASSWORD_LOCKOUT_ADMINS  = 0x00000008,
 336                 DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010,
 337                 DOMAIN_REFUSE_PASSWORD_CHANGE   = 0x00000020
 338         } samr_PasswordProperties;
 339
 340         typedef struct {
 341                 uint16 min_password_length;
 342                 uint16 password_history_length;
 343                 samr_PasswordProperties password_properties;
 344                 /* yes, these are signed. They are in negative 100ns */
 345                 dlong  max_password_age;
 346                 dlong  min_password_age;
 347         } samr_DomInfo1;
 348
 349         typedef struct {
 350                 NTTIME force_logoff_time;
 351                 lsa_String oem_information; /* comment */
 352                 lsa_String domain_name;
 353                 lsa_String primary; /* PDC name if this is a BDC */
 354                 udlong sequence_num;
 355                 uint32 unknown2;
 356                 samr_Role role;
 357                 uint32 unknown3;
 358                 uint32 num_users;
 359                 uint32 num_groups;
 360                 uint32 num_aliases;
 361         } samr_DomGeneralInformation;
 362
 363         typedef struct {
 364                 NTTIME force_logoff_time;
 365         } samr_DomInfo3;
 366
 367         typedef struct {
 368                 lsa_String oem_information; /* comment */
 369         } samr_DomOEMInformation;
 370
 371         typedef struct {
 372                 lsa_String domain_name;
 373         } samr_DomInfo5;
 374
 375         typedef struct {
 376                 lsa_String primary;
 377         } samr_DomInfo6;
 378
 379         typedef struct {
 380                 samr_Role role;
 381         } samr_DomInfo7;
 382
 383         typedef struct {
 384                 hyper sequence_num;
 385                 NTTIME domain_create_time;
 386         } samr_DomInfo8;
 387
 388         typedef struct {
 389                 uint32 unknown; /* w2k3 returns 1 */
 390         } samr_DomInfo9;
 391
 392         typedef struct {
 393                 samr_DomGeneralInformation general;
 394                 hyper lockout_duration;
 395                 hyper lockout_window;
 396                 uint16 lockout_threshold;
 397         } samr_DomGeneralInformation2;
 398
 399         typedef struct {
 400                 hyper lockout_duration;
 401                 hyper lockout_window;
 402                 uint16 lockout_threshold;
 403         } samr_DomInfo12;
 404
 405         typedef struct {
 406                 hyper sequence_num;
 407                 NTTIME domain_create_time;
 408                 uint32 unknown1;
 409                 uint32 unknown2;
 410         } samr_DomInfo13;
 411
 412         typedef [switch_type(uint16)] union {
 413                 [case(1)] samr_DomInfo1 info1;
 414                 [case(2)] samr_DomGeneralInformation general;
 415                 [case(3)] samr_DomInfo3 info3;
 416                 [case(4)] samr_DomOEMInformation oem;
 417                 [case(5)] samr_DomInfo5 info5;
 418                 [case(6)] samr_DomInfo6 info6;
 419                 [case(7)] samr_DomInfo7 info7;
 420                 [case(8)] samr_DomInfo8 info8;
 421                 [case(9)] samr_DomInfo9 info9;
 422                 [case(11)] samr_DomGeneralInformation2 general2;
 423                 [case(12)] samr_DomInfo12 info12;
 424                 [case(13)] samr_DomInfo13 info13;
 425         } samr_DomainInfo;
 426
 427         NTSTATUS samr_QueryDomainInfo(
 428                 [in,ref]      policy_handle *domain_handle,
 429                 [in]          uint16 level,
 430                 [out,ref,switch_is(level)] samr_DomainInfo **info
 431                 );
 432
 433         /************************/
 434         /* Function    0x09     */
 435         /*
 436           only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
 437           call in w2k3
 438         */
 439         NTSTATUS samr_SetDomainInfo(
 440                 [in,ref]      policy_handle *domain_handle,
 441                 [in]          uint16 level,
 442                 [in,switch_is(level),ref] samr_DomainInfo *info
 443                 );
 444
 445
 446         /************************/
 447         /* Function    0x0a     */
 448         NTSTATUS samr_CreateDomainGroup(
 449                 [in,ref]      policy_handle *domain_handle,
 450                 [in,ref]      lsa_String *name,
 451                 [in]          samr_GroupAccessMask access_mask,
 452                 [out,ref]     policy_handle *group_handle,
 453                 [out,ref]     uint32 *rid
 454                 );
 455
 456
 457         /************************/
 458         /* Function    0x0b     */
 459         NTSTATUS samr_EnumDomainGroups(
 460                 [in]          policy_handle *domain_handle,
 461                 [in,out,ref]  uint32 *resume_handle,
 462                 [out,ref]     samr_SamArray **sam,
 463                 [in]          uint32 max_size,
 464                 [out,ref]     uint32 *num_entries
 465                 );
 466
 467         /************************/
 468         /* Function    0x0c     */
 469         NTSTATUS samr_CreateUser(
 470                 [in,ref]      policy_handle *domain_handle,
 471                 [in,ref]      lsa_String *account_name,
 472                 [in]          samr_UserAccessMask access_mask,
 473                 [out,ref]     policy_handle *user_handle,
 474                 [out,ref]     uint32 *rid
 475                 );
 476
 477         /************************/
 478         /* Function    0x0d     */
 479
 480
 481         /* w2k3 treats max_size as max_users*54 and sets the
 482            resume_handle as the rid of the last user sent
 483         */
 484         const int SAMR_ENUM_USERS_MULTIPLIER = 54;
 485
 486         NTSTATUS samr_EnumDomainUsers(
 487                 [in]          policy_handle *domain_handle,
 488                 [in,out,ref]  uint32 *resume_handle,
 489                 [in]          samr_AcctFlags acct_flags,
 490                 [out,ref]     samr_SamArray **sam,
 491                 [in]          uint32 max_size,
 492                 [out,ref]     uint32 *num_entries
 493                 );
 494
 495         /************************/
 496         /* Function    0x0e     */
 497         NTSTATUS samr_CreateDomAlias(
 498                 [in,ref]      policy_handle *domain_handle,
 499                 [in,ref]      lsa_String   *alias_name,
 500                 [in]          samr_AliasAccessMask access_mask,
 501                 [out,ref]     policy_handle *alias_handle,
 502                 [out,ref]     uint32        *rid
 503                 );
 504
 505         /************************/
 506         /* Function    0x0f     */
 507         NTSTATUS samr_EnumDomainAliases(
 508                 [in]          policy_handle *domain_handle,
 509                 [in,out,ref]  uint32 *resume_handle,
 510                 [out,ref]     samr_SamArray **sam,
 511                 [in]          uint32 max_size,
 512                 [out,ref]     uint32 *num_entries
 513                 );
 514
 515         /************************/
 516         /* Function    0x10     */
 517
 518         typedef struct {
 519                 [range(0,1024)]  uint32 count;
 520                 [size_is(count)] uint32 *ids;
 521         } samr_Ids;
 522
 523         NTSTATUS samr_GetAliasMembership(
 524                 [in,ref]      policy_handle *domain_handle,
 525                 [in,ref]      lsa_SidArray  *sids,
 526                 [out,ref]     samr_Ids *rids
 527                 );
 528
 529         /************************/
 530         /* Function    0x11     */
 531
 532         [public] NTSTATUS samr_LookupNames(
 533                 [in,ref]      policy_handle *domain_handle,
 534                 [in,range(0,1000)] uint32 num_names,
 535                 [in,size_is(1000),length_is(num_names)] lsa_String names[],
 536                 [out,ref]     samr_Ids *rids,
 537                 [out,ref]     samr_Ids *types
 538                 );
 539
 540
 541         /************************/
 542         /* Function    0x12     */
 543         NTSTATUS samr_LookupRids(
 544                 [in,ref]      policy_handle *domain_handle,
 545                 [in,range(0,1000)] uint32 num_rids,
 546                 [in,size_is(1000),length_is(num_rids)] uint32 rids[],
 547                 [out,ref]     lsa_Strings *names,
 548                 [out,ref]     samr_Ids *types
 549                 );
 550
 551         /************************/
 552         /* Function    0x13     */
 553         NTSTATUS samr_OpenGroup(
 554                 [in,ref]      policy_handle *domain_handle,
 555                 [in]          samr_GroupAccessMask access_mask,
 556                 [in]          uint32 rid,
 557                 [out,ref]     policy_handle *group_handle
 558                 );
 559
 560         /* Group attributes */
 561         typedef [public,bitmap32bit] bitmap {
 562                 SE_GROUP_MANDATORY              = 0x00000001,
 563                 SE_GROUP_ENABLED_BY_DEFAULT     = 0x00000002,
 564                 SE_GROUP_ENABLED                = 0x00000004,
 565                 SE_GROUP_OWNER                  = 0x00000008,
 566                 SE_GROUP_USE_FOR_DENY_ONLY      = 0x00000010,
 567                 SE_GROUP_RESOURCE               = 0x20000000,
 568                 SE_GROUP_LOGON_ID               = 0xC0000000
 569         } samr_GroupAttrs;
 570
 571         /************************/
 572         /* Function    0x14     */
 573
 574         typedef struct {
 575                 lsa_String name;
 576                 samr_GroupAttrs attributes;
 577                 uint32 num_members;
 578                 lsa_String description;
 579         } samr_GroupInfoAll;
 580
 581         typedef struct {
 582                 samr_GroupAttrs attributes;
 583         } samr_GroupInfoAttributes;
 584
 585         typedef struct {
 586                 lsa_String description;
 587         } samr_GroupInfoDescription;
 588
 589         typedef enum {
 590                 GROUPINFOALL          = 1,
 591                 GROUPINFONAME         = 2,
 592                 GROUPINFOATTRIBUTES   = 3,
 593                 GROUPINFODESCRIPTION  = 4,
 594                 GROUPINFOALL2         = 5
 595         } samr_GroupInfoEnum;
 596
 597         typedef [switch_type(samr_GroupInfoEnum)] union {
 598                 [case(GROUPINFOALL)]         samr_GroupInfoAll        all;
 599                 [case(GROUPINFONAME)]        lsa_String               name;
 600                 [case(GROUPINFOATTRIBUTES)]  samr_GroupInfoAttributes attributes;
 601                 [case(GROUPINFODESCRIPTION)] lsa_String               description;
 602                 [case(GROUPINFOALL2)]        samr_GroupInfoAll        all2;
 603         } samr_GroupInfo;
 604
 605         NTSTATUS samr_QueryGroupInfo(
 606                 [in,ref]                  policy_handle *group_handle,
 607                 [in]                      samr_GroupInfoEnum level,
 608                 [out,ref,switch_is(level)] samr_GroupInfo **info
 609                 );
 610
 611         /************************/
 612         /* Function    0x15     */
 613         NTSTATUS samr_SetGroupInfo(
 614                 [in,ref]                  policy_handle *group_handle,
 615                 [in]                      samr_GroupInfoEnum level,
 616                 [in,switch_is(level),ref] samr_GroupInfo *info
 617                 );
 618
 619         /************************/
 620         /* Function    0x16     */
 621         NTSTATUS samr_AddGroupMember(
 622                 [in,ref]                  policy_handle *group_handle,
 623                 [in]                      uint32 rid,
 624                 [in]                      uint32 flags
 625                 );
 626
 627         /************************/
 628         /* Function    0x17     */
 629         NTSTATUS samr_DeleteDomainGroup(
 630                 [in,out,ref]   policy_handle *group_handle
 631                 );
 632
 633         /************************/
 634         /* Function    0x18     */
 635         NTSTATUS samr_DeleteGroupMember(
 636                 [in,ref]                  policy_handle *group_handle,
 637                 [in]                      uint32 rid
 638                 );
 639
 640
 641         /************************/
 642         /* Function    0x19     */
 643         typedef struct {
 644                 uint32 count;
 645                 [size_is(count)] uint32 *rids;
 646                 [size_is(count)] uint32 *types;
 647         } samr_RidTypeArray;
 648
 649         NTSTATUS samr_QueryGroupMember(
 650                 [in,ref]  policy_handle *group_handle,
 651                 [out,ref] samr_RidTypeArray **rids
 652                 );
 653
 654
 655         /************************/
 656         /* Function    0x1a     */
 657
 658         /*
 659           win2003 seems to accept any data at all for the two integers
 660           below, and doesn't seem to do anything with them that I can
 661           see. Weird. I really expected the first integer to be a rid
 662           and the second to be the attributes for that rid member.
 663         */
 664         NTSTATUS samr_SetMemberAttributesOfGroup(
 665                 [in,ref]  policy_handle *group_handle,
 666                 [in]      uint32 unknown1,
 667                 [in]      uint32 unknown2
 668                 );
 669
 670
 671         /************************/
 672         /* Function    0x1b     */
 673         NTSTATUS samr_OpenAlias (
 674                 [in,ref]      policy_handle *domain_handle,
 675                 [in]          samr_AliasAccessMask access_mask,
 676                 [in]          uint32 rid,
 677                 [out,ref]     policy_handle *alias_handle
 678                 );
 679
 680
 681         /************************/
 682         /* Function    0x1c     */
 683
 684         typedef struct {
 685                 lsa_String name;
 686                 uint32 num_members;
 687                 lsa_String description;
 688         } samr_AliasInfoAll;
 689
 690         typedef enum {
 691                 ALIASINFOALL          = 1,
 692                 ALIASINFONAME         = 2,
 693                 ALIASINFODESCRIPTION  = 3
 694         } samr_AliasInfoEnum;
 695
 696         typedef [switch_type(samr_AliasInfoEnum)] union {
 697                 [case(ALIASINFOALL)] samr_AliasInfoAll all;
 698                 [case(ALIASINFONAME)] lsa_String name;
 699                 [case(ALIASINFODESCRIPTION)] lsa_String description;
 700         } samr_AliasInfo;
 701
 702         NTSTATUS samr_QueryAliasInfo(
 703                 [in,ref]                  policy_handle  *alias_handle,
 704                 [in]                      samr_AliasInfoEnum      level,
 705                 [out,ref,switch_is(level)] samr_AliasInfo **info
 706                 );
 707
 708         /************************/
 709         /* Function    0x1d     */
 710         NTSTATUS samr_SetAliasInfo(
 711                 [in,ref]                  policy_handle  *alias_handle,
 712                 [in]                      samr_AliasInfoEnum      level,
 713                 [in,switch_is(level),ref] samr_AliasInfo *info
 714                 );
 715
 716         /************************/
 717         /* Function    0x1e     */
 718         NTSTATUS samr_DeleteDomAlias(
 719                 [in,out,ref]  policy_handle *alias_handle
 720                 );
 721
 722         /************************/
 723         /* Function    0x1f     */
 724         NTSTATUS samr_AddAliasMember(
 725                 [in,ref]  policy_handle *alias_handle,
 726                 [in,ref]  dom_sid2      *sid
 727                 );
 728
 729         /************************/
 730         /* Function    0x20     */
 731         NTSTATUS samr_DeleteAliasMember(
 732                 [in,ref] policy_handle *alias_handle,
 733                 [in,ref] dom_sid2      *sid
 734                 );
 735
 736         /************************/
 737         /* Function    0x21     */
 738         NTSTATUS samr_GetMembersInAlias(
 739                 [in,ref]   policy_handle *alias_handle,
 740                 [out,ref]  lsa_SidArray    *sids
 741                 );
 742
 743         /************************/
 744         /* Function    0x22     */
 745         [public] NTSTATUS samr_OpenUser(
 746                 [in,ref]      policy_handle *domain_handle,
 747                 [in]          samr_UserAccessMask access_mask,
 748                 [in]          uint32 rid,
 749                 [out,ref]     policy_handle *user_handle
 750                 );
 751
 752         /************************/
 753         /* Function    0x23     */
 754         NTSTATUS samr_DeleteUser(
 755                 [in,out,ref]   policy_handle *user_handle
 756                 );
 757
 758         /************************/
 759         /* Function    0x24     */
 760         typedef struct {
 761                 lsa_String account_name;
 762                 lsa_String full_name;
 763                 uint32 primary_gid;
 764                 lsa_String description;
 765                 lsa_String comment;
 766         } samr_UserInfo1;
 767
 768         typedef struct {
 769                 lsa_String comment;
 770                 lsa_String unknown; /* settable, but doesn't stick. probably obsolete */
 771                 uint16 country_code;
 772                 uint16 code_page;
 773         } samr_UserInfo2;
 774
 775         /* this is also used in samr and netlogon */
 776         typedef [public, flag(NDR_PAHEX)] struct {
 777                 uint16 units_per_week;
 778                 [size_is(1260), length_is(units_per_week/8)] uint8 *bits;
 779         } samr_LogonHours;
 780
 781         typedef struct {
 782                 lsa_String account_name;
 783                 lsa_String full_name;
 784                 uint32 rid;
 785                 uint32 primary_gid;
 786                 lsa_String home_directory;
 787                 lsa_String home_drive;
 788                 lsa_String logon_script;
 789                 lsa_String profile_path;
 790                 lsa_String workstations;
 791                 NTTIME last_logon;
 792                 NTTIME last_logoff;
 793                 NTTIME last_password_change;
 794                 NTTIME allow_password_change;
 795                 NTTIME force_password_change;
 796                 samr_LogonHours logon_hours;
 797                 uint16 bad_password_count;
 798                 uint16 logon_count;
 799                 samr_AcctFlags acct_flags;
 800         } samr_UserInfo3;
 801
 802         typedef struct {
 803                 samr_LogonHours logon_hours;
 804         } samr_UserInfo4;
 805
 806         typedef struct {
 807                 lsa_String account_name;
 808                 lsa_String full_name;
 809                 uint32 rid;
 810                 uint32 primary_gid;
 811                 lsa_String home_directory;
 812                 lsa_String home_drive;
 813                 lsa_String logon_script;
 814                 lsa_String profile_path;
 815                 lsa_String description;
 816                 lsa_String workstations;
 817                 NTTIME last_logon;
 818                 NTTIME last_logoff;
 819                 samr_LogonHours logon_hours;
 820                 uint16 bad_password_count;
 821                 uint16 logon_count;
 822                 NTTIME last_password_change;
 823                 NTTIME acct_expiry;
 824                 samr_AcctFlags acct_flags;
 825         } samr_UserInfo5;
 826
 827         typedef struct {
 828                 lsa_String account_name;
 829                 lsa_String full_name;
 830         } samr_UserInfo6;
 831
 832         typedef struct {
 833                 lsa_String account_name;
 834         } samr_UserInfo7;
 835
 836         typedef struct {
 837                 lsa_String full_name;
 838         } samr_UserInfo8;
 839
 840         typedef struct {
 841                 uint32 primary_gid;
 842         } samr_UserInfo9;
 843
 844         typedef struct {
 845                 lsa_String home_directory;
 846                 lsa_String home_drive;
 847         } samr_UserInfo10;
 848
 849         typedef struct {
 850                 lsa_String logon_script;
 851         } samr_UserInfo11;
 852
 853         typedef struct {
 854                 lsa_String profile_path;
 855         } samr_UserInfo12;
 856
 857         typedef struct {
 858                 lsa_String description;
 859         } samr_UserInfo13;
 860
 861         typedef struct {
 862                 lsa_String workstations;
 863         } samr_UserInfo14;
 864
 865         typedef struct {
 866                 samr_AcctFlags acct_flags;
 867         } samr_UserInfo16;
 868
 869         typedef struct {
 870                 NTTIME acct_expiry;
 871         } samr_UserInfo17;
 872
 873         typedef [public, flag(NDR_PAHEX)] struct {
 874                 uint8 hash[16];
 875         } samr_Password;
 876
 877         typedef struct {
 878                 samr_Password lm_pwd;
 879                 samr_Password nt_pwd;
 880                 boolean8 lm_pwd_active;
 881                 boolean8 nt_pwd_active;
 882         } samr_UserInfo18;
 883
 884         typedef struct {
 885                 lsa_BinaryString parameters;
 886         } samr_UserInfo20;
 887
 888         /* this defines the bits used for fields_present in info21 */
 889         typedef [bitmap32bit] bitmap {
 890                 SAMR_FIELD_ACCOUNT_NAME     = 0x00000001,
 891                 SAMR_FIELD_FULL_NAME        = 0x00000002,
 892                 SAMR_FIELD_RID              = 0x00000004,
 893                 SAMR_FIELD_PRIMARY_GID      = 0x00000008,
 894                 SAMR_FIELD_DESCRIPTION      = 0x00000010,
 895                 SAMR_FIELD_COMMENT          = 0x00000020,
 896                 SAMR_FIELD_HOME_DIRECTORY   = 0x00000040,
 897                 SAMR_FIELD_HOME_DRIVE       = 0x00000080,
 898                 SAMR_FIELD_LOGON_SCRIPT     = 0x00000100,
 899                 SAMR_FIELD_PROFILE_PATH     = 0x00000200,
 900                 SAMR_FIELD_WORKSTATIONS     = 0x00000400,
 901                 SAMR_FIELD_LAST_LOGON       = 0x00000800,
 902                 SAMR_FIELD_LAST_LOGOFF      = 0x00001000,
 903                 SAMR_FIELD_LOGON_HOURS      = 0x00002000,
 904                 SAMR_FIELD_BAD_PWD_COUNT    = 0x00004000,
 905                 SAMR_FIELD_NUM_LOGONS       = 0x00008000,
 906                 SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000,
 907                 SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000,
 908                 SAMR_FIELD_LAST_PWD_CHANGE  = 0x00040000,
 909                 SAMR_FIELD_ACCT_EXPIRY      = 0x00080000,
 910                 SAMR_FIELD_ACCT_FLAGS       = 0x00100000,
 911                 SAMR_FIELD_PARAMETERS       = 0x00200000,
 912                 SAMR_FIELD_COUNTRY_CODE     = 0x00400000,
 913                 SAMR_FIELD_CODE_PAGE        = 0x00800000,
 914                 SAMR_FIELD_PASSWORD         = 0x01000000, /* either of these */
 915                 SAMR_FIELD_PASSWORD2        = 0x02000000, /* two bits seems to work */
 916                 SAMR_FIELD_PRIVATE_DATA     = 0x04000000,
 917                 SAMR_FIELD_EXPIRED_FLAG     = 0x08000000,
 918                 SAMR_FIELD_SEC_DESC         = 0x10000000,
 919                 SAMR_FIELD_OWF_PWD          = 0x20000000
 920         } samr_FieldsPresent;
 921
 922         /* used for 'password_expired' in samr_UserInfo21 */
 923         const int PASS_MUST_CHANGE_AT_NEXT_LOGON = 0x01;
 924         const int PASS_DONT_CHANGE_AT_NEXT_LOGON = 0x00;
 925
 926         typedef struct {
 927                 NTTIME last_logon;
 928                 NTTIME last_logoff;
 929                 NTTIME last_password_change;
 930                 NTTIME acct_expiry;
 931                 NTTIME allow_password_change;
 932                 NTTIME force_password_change;
 933                 lsa_String account_name;
 934                 lsa_String full_name;
 935                 lsa_String home_directory;
 936                 lsa_String home_drive;
 937                 lsa_String logon_script;
 938                 lsa_String profile_path;
 939                 lsa_String description;
 940                 lsa_String workstations;
 941                 lsa_String comment;
 942                 lsa_BinaryString parameters;
 943                 lsa_String unknown1;
 944                 lsa_String unknown2;
 945                 lsa_String unknown3;
 946                 uint32 buf_count;
 947                 [size_is(buf_count)] uint8 *buffer;
 948                 uint32 rid;
 949                 uint32 primary_gid;
 950                 samr_AcctFlags acct_flags;
 951                 samr_FieldsPresent fields_present;
 952                 samr_LogonHours logon_hours;
 953                 uint16 bad_password_count;
 954                 uint16 logon_count;
 955                 uint16 country_code;
 956                 uint16 code_page;
 957                 uint8  nt_password_set;
 958                 uint8  lm_password_set;
 959                 uint8  password_expired;
 960                 uint8  unknown4;
 961         } samr_UserInfo21;
 962
 963         typedef [public, flag(NDR_PAHEX)] struct {
 964                 uint8 data[516];
 965         } samr_CryptPassword;
 966
 967         typedef struct {
 968                 samr_UserInfo21 info;
 969                 samr_CryptPassword password;
 970         } samr_UserInfo23;
 971
 972         typedef struct {
 973                 samr_CryptPassword password;
 974                 uint8 password_expired;
 975         } samr_UserInfo24;
 976
 977         typedef [flag(NDR_PAHEX)] struct {
 978                 uint8 data[532];
 979         } samr_CryptPasswordEx;
 980
 981         typedef struct {
 982                 samr_UserInfo21 info;
 983                 samr_CryptPasswordEx password;
 984         } samr_UserInfo25;
 985
 986         typedef struct {
 987                 samr_CryptPasswordEx password;
 988                 uint8 password_expired;
 989         } samr_UserInfo26;
 990
 991         typedef [switch_type(uint16)] union {
 992                 [case(1)] samr_UserInfo1 info1;
 993                 [case(2)] samr_UserInfo2 info2;
 994                 [case(3)] samr_UserInfo3 info3;
 995                 [case(4)] samr_UserInfo4 info4;
 996                 [case(5)] samr_UserInfo5 info5;
 997                 [case(6)] samr_UserInfo6 info6;
 998                 [case(7)] samr_UserInfo7 info7;
 999                 [case(8)] samr_UserInfo8 info8;
1000                 [case(9)] samr_UserInfo9 info9;
1001                 [case(10)] samr_UserInfo10 info10;
1002                 [case(11)] samr_UserInfo11 info11;
1003                 [case(12)] samr_UserInfo12 info12;
1004                 [case(13)] samr_UserInfo13 info13;
1005                 [case(14)] samr_UserInfo14 info14;
1006                 [case(16)] samr_UserInfo16 info16;
1007                 [case(17)] samr_UserInfo17 info17;
1008                 [case(18)] samr_UserInfo18 info18;
1009                 [case(20)] samr_UserInfo20 info20;
1010                 [case(21)] samr_UserInfo21 info21;
1011                 [case(23)] samr_UserInfo23 info23;
1012                 [case(24)] samr_UserInfo24 info24;
1013                 [case(25)] samr_UserInfo25 info25;
1014                 [case(26)] samr_UserInfo26 info26;
1015         } samr_UserInfo;
1016
1017         [public] NTSTATUS samr_QueryUserInfo(
1018                 [in,ref]                  policy_handle *user_handle,
1019                 [in]                      uint16 level,
1020                 [out,ref,switch_is(level)] samr_UserInfo **info
1021                 );
1022
1023
1024         /************************/
1025         /* Function    0x25     */
1026         [public] NTSTATUS samr_SetUserInfo(
1027                 [in,ref]                   policy_handle *user_handle,
1028                 [in]                       uint16 level,
1029                 [in,ref,switch_is(level)]  samr_UserInfo *info
1030                 );
1031
1032         /************************/
1033         /* Function    0x26     */
1034         /*
1035           this is a password change interface that doesn't give
1036           the server the plaintext password. Depricated.
1037         */
1038         NTSTATUS samr_ChangePasswordUser(
1039                 [in,ref]    policy_handle *user_handle,
1040                 [in]        boolean8 lm_present,
1041                 [in,unique] samr_Password *old_lm_crypted,
1042                 [in,unique] samr_Password *new_lm_crypted,
1043                 [in]        boolean8 nt_present,
1044                 [in,unique] samr_Password *old_nt_crypted,
1045                 [in,unique] samr_Password *new_nt_crypted,
1046                 [in]        boolean8 cross1_present,
1047                 [in,unique] samr_Password *nt_cross,
1048                 [in]        boolean8 cross2_present,
1049                 [in,unique] samr_Password *lm_cross
1050                 );
1051
1052         /************************/
1053         /* Function    0x27     */
1054
1055         typedef [public] struct {
1056                 uint32 rid;
1057                 samr_GroupAttrs attributes;
1058         } samr_RidWithAttribute;
1059
1060         typedef [public] struct {
1061                 uint32     count;
1062                 [size_is(count)] samr_RidWithAttribute *rids;
1063         } samr_RidWithAttributeArray;
1064
1065         NTSTATUS samr_GetGroupsForUser(
1066                 [in,ref]   policy_handle *user_handle,
1067                 [out,ref]  samr_RidWithAttributeArray  **rids
1068                 );
1069
1070         /************************/
1071         /* Function    0x28     */
1072
1073         typedef struct {
1074                 uint32    idx;
1075                 uint32    rid;
1076                 samr_AcctFlags acct_flags;
1077                 lsa_String account_name;
1078                 lsa_String description;
1079                 lsa_String full_name;
1080         } samr_DispEntryGeneral;
1081
1082         typedef struct {
1083                 uint32 count;
1084                 [size_is(count)] samr_DispEntryGeneral *entries;
1085         } samr_DispInfoGeneral;
1086
1087         typedef struct {
1088                 uint32    idx;
1089                 uint32    rid;
1090                 samr_AcctFlags acct_flags;
1091                 lsa_String account_name;
1092                 lsa_String description;
1093         } samr_DispEntryFull;
1094
1095         typedef struct {
1096                 uint32 count;
1097                 [size_is(count)] samr_DispEntryFull *entries;
1098         } samr_DispInfoFull;
1099
1100         typedef struct {
1101                 uint32    idx;
1102                 uint32    rid;
1103                 samr_GroupAttrs acct_flags;
1104                 lsa_String account_name;
1105                 lsa_String description;
1106         } samr_DispEntryFullGroup;
1107
1108         typedef struct {
1109                 uint32 count;
1110                 [size_is(count)] samr_DispEntryFullGroup *entries;
1111         } samr_DispInfoFullGroups;
1112
1113         typedef struct {
1114                 uint32    idx;
1115                 lsa_AsciiStringLarge account_name;
1116         } samr_DispEntryAscii;
1117
1118         typedef struct {
1119                 uint32 count;
1120                 [size_is(count)] samr_DispEntryAscii *entries;
1121         } samr_DispInfoAscii;
1122
1123         typedef [switch_type(uint16)] union {
1124                 [case(1)] samr_DispInfoGeneral info1;/* users */
1125                 [case(2)] samr_DispInfoFull info2; /* trust accounts? */
1126                 [case(3)] samr_DispInfoFullGroups info3; /* groups */
1127                 [case(4)] samr_DispInfoAscii info4; /* users */
1128                 [case(5)] samr_DispInfoAscii info5; /* groups */
1129         } samr_DispInfo;
1130
1131         NTSTATUS samr_QueryDisplayInfo(
1132                 [in,ref]    policy_handle *domain_handle,
1133                 [in]        uint16 level,
1134                 [in]        uint32 start_idx,
1135                 [in]        uint32 max_entries,
1136                 [in]        uint32 buf_size,
1137                 [out,ref]   uint32 *total_size,
1138                 [out,ref]   uint32 *returned_size,
1139                 [out,ref,switch_is(level)] samr_DispInfo *info
1140                 );
1141
1142
1143         /************************/
1144         /* Function    0x29     */
1145
1146         /*
1147           this seems to be an alphabetic search function. The returned index
1148           is the index for samr_QueryDisplayInfo needed to get names occurring
1149           after the specified name. The supplied name does not need to exist
1150           in the database (for example you can supply just a first letter for
1151           searching starting at that letter)
1152
1153           The level corresponds to the samr_QueryDisplayInfo level
1154         */
1155         NTSTATUS samr_GetDisplayEnumerationIndex(
1156                 [in,ref]    policy_handle *domain_handle,
1157                 [in]        uint16 level,
1158                 [in,ref]    lsa_String *name,
1159                 [out,ref]   uint32 *idx
1160                 );
1161
1162
1163
1164         /************************/
1165         /* Function    0x2a     */
1166
1167         /*
1168           w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
1169         */
1170         NTSTATUS samr_TestPrivateFunctionsDomain(
1171                 [in,ref]    policy_handle *domain_handle
1172                 );
1173
1174
1175         /************************/
1176         /* Function    0x2b     */
1177
1178         /*
1179           w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
1180         */
1181         NTSTATUS samr_TestPrivateFunctionsUser(
1182                 [in,ref]    policy_handle *user_handle
1183                 );
1184
1185
1186         /************************/
1187         /* Function    0x2c     */
1188
1189         typedef struct {
1190                 uint16 min_password_length;
1191                 samr_PasswordProperties password_properties;
1192         } samr_PwInfo;
1193
1194         [public] NTSTATUS samr_GetUserPwInfo(
1195                 [in,ref]    policy_handle *user_handle,
1196                 [out,ref]   samr_PwInfo *info
1197                 );
1198
1199         /************************/
1200         /* Function    0x2d     */
1201         NTSTATUS samr_RemoveMemberFromForeignDomain(
1202                 [in,ref]    policy_handle *domain_handle,
1203                 [in,ref]    dom_sid2 *sid
1204                 );
1205
1206         /************************/
1207         /* Function    0x2e     */
1208
1209         /*
1210           how is this different from QueryDomainInfo ??
1211         */
1212         NTSTATUS samr_QueryDomainInfo2(
1213                 [in,ref]      policy_handle *domain_handle,
1214                 [in]          uint16 level,
1215                 [out,ref,switch_is(level)] samr_DomainInfo **info
1216                 );
1217
1218         /************************/
1219         /* Function    0x2f     */
1220
1221         /*
1222           how is this different from QueryUserInfo ??
1223         */
1224         NTSTATUS samr_QueryUserInfo2(
1225                 [in,ref]                  policy_handle *user_handle,
1226                 [in]                      uint16 level,
1227                 [out,ref,switch_is(level)]    samr_UserInfo **info
1228                 );
1229
1230         /************************/
1231         /* Function    0x30     */
1232
1233         /*
1234           how is this different from QueryDisplayInfo??
1235         */
1236         NTSTATUS samr_QueryDisplayInfo2(
1237                 [in,ref]    policy_handle *domain_handle,
1238                 [in]        uint16 level,
1239                 [in]        uint32 start_idx,
1240                 [in]        uint32 max_entries,
1241                 [in]        uint32 buf_size,
1242                 [out,ref]   uint32 *total_size,
1243                 [out,ref]   uint32 *returned_size,
1244                 [out,ref,switch_is(level)] samr_DispInfo *info
1245                 );
1246
1247         /************************/
1248         /* Function    0x31     */
1249
1250         /*
1251           how is this different from GetDisplayEnumerationIndex ??
1252         */
1253         NTSTATUS samr_GetDisplayEnumerationIndex2(
1254                 [in,ref]    policy_handle *domain_handle,
1255                 [in]        uint16 level,
1256                 [in,ref]    lsa_String *name,
1257                 [out,ref]   uint32 *idx
1258                 );
1259
1260
1261         /************************/
1262         /* Function    0x32     */
1263         NTSTATUS samr_CreateUser2(
1264                 [in,ref]      policy_handle *domain_handle,
1265                 [in,ref]      lsa_String *account_name,
1266                 [in]          samr_AcctFlags acct_flags,
1267                 [in]          samr_UserAccessMask access_mask,
1268                 [out,ref]     policy_handle *user_handle,
1269                 [out,ref]     uint32 *access_granted,
1270                 [out,ref]     uint32 *rid
1271                 );
1272
1273
1274         /************************/
1275         /* Function    0x33     */
1276
1277         /*
1278           another duplicate. There must be a reason ....
1279         */
1280         NTSTATUS samr_QueryDisplayInfo3(
1281                 [in,ref]    policy_handle *domain_handle,
1282                 [in]        uint16 level,
1283                 [in]        uint32 start_idx,
1284                 [in]        uint32 max_entries,
1285                 [in]        uint32 buf_size,
1286                 [out,ref]   uint32 *total_size,
1287                 [out,ref]   uint32 *returned_size,
1288                 [out,ref,switch_is(level)] samr_DispInfo *info
1289                 );
1290
1291         /************************/
1292         /* Function    0x34     */
1293         NTSTATUS samr_AddMultipleMembersToAlias(
1294                 [in,ref]    policy_handle *alias_handle,
1295                 [in,ref]    lsa_SidArray *sids
1296                 );
1297
1298         /************************/
1299         /* Function    0x35     */
1300         NTSTATUS samr_RemoveMultipleMembersFromAlias(
1301                 [in,ref]    policy_handle *alias_handle,
1302                 [in,ref]    lsa_SidArray *sids
1303                 );
1304
1305         /************************/
1306         /* Function    0x36     */
1307
1308         NTSTATUS samr_OemChangePasswordUser2(
1309                 [in,unique]       lsa_AsciiString *server,
1310                 [in,ref]          lsa_AsciiString *account,
1311                 [in,unique]       samr_CryptPassword *password,
1312                 [in,unique]       samr_Password *hash
1313                 );
1314
1315         /************************/
1316         /* Function    0x37     */
1317         NTSTATUS samr_ChangePasswordUser2(
1318                 [in,unique]       lsa_String *server,
1319                 [in,ref]          lsa_String *account,
1320                 [in,unique]       samr_CryptPassword *nt_password,
1321                 [in,unique]       samr_Password *nt_verifier,
1322                 [in]              boolean8 lm_change,
1323                 [in,unique]       samr_CryptPassword *lm_password,
1324                 [in,unique]       samr_Password *lm_verifier
1325                 );
1326
1327         /************************/
1328         /* Function    0x38     */
1329         NTSTATUS samr_GetDomPwInfo(
1330                 [in,unique] lsa_String *domain_name,
1331                 [out,ref]   samr_PwInfo *info
1332                 );
1333
1334         /************************/
1335         /* Function    0x39     */
1336         NTSTATUS samr_Connect2(
1337                 [in,unique,string,charset(UTF16)] uint16 *system_name,
1338                 [in] samr_ConnectAccessMask access_mask,
1339                 [out,ref]  policy_handle *connect_handle
1340                 );
1341
1342         /************************/
1343         /* Function    0x3a     */
1344         /*
1345           seems to be an exact alias for samr_SetUserInfo()
1346         */
1347         [public] NTSTATUS samr_SetUserInfo2(
1348                 [in,ref]                   policy_handle *user_handle,
1349                 [in]                       uint16 level,
1350                 [in,ref,switch_is(level)]  samr_UserInfo *info
1351                 );
1352
1353         /************************/
1354         /* Function    0x3b     */
1355         /*
1356           this one is mysterious. I have a few guesses, but nothing working yet
1357         */
1358         NTSTATUS samr_SetBootKeyInformation(
1359                 [in,ref]   policy_handle *connect_handle,
1360                 [in]       uint32 unknown1,
1361                 [in]       uint32 unknown2,
1362                 [in]       uint32 unknown3
1363                 );
1364
1365         /************************/
1366         /* Function    0x3c     */
1367         NTSTATUS samr_GetBootKeyInformation(
1368                 [in,ref]   policy_handle *domain_handle,
1369                 [out,ref]  uint32 *unknown
1370                 );
1371
1372         /************************/
1373         /* Function    0x3d     */
1374         NTSTATUS samr_Connect3(
1375                 [in,unique,string,charset(UTF16)] uint16 *system_name,
1376                 /* this unknown value seems to be completely ignored by w2k3 */
1377                 [in] uint32 unknown,
1378                 [in] samr_ConnectAccessMask access_mask,
1379                 [out,ref]  policy_handle *connect_handle
1380                 );
1381
1382         /************************/
1383         /* Function    0x3e     */
1384
1385         typedef enum {
1386                 SAMR_CONNECT_PRE_W2K    = 1,
1387                 SAMR_CONNECT_W2K        = 2,
1388                 SAMR_CONNECT_AFTER_W2K  = 3
1389         } samr_ConnectVersion;
1390
1391         NTSTATUS samr_Connect4(
1392                 [in,unique,string,charset(UTF16)] uint16 *system_name,
1393                 [in] samr_ConnectVersion client_version,
1394                 [in] samr_ConnectAccessMask access_mask,
1395                 [out,ref]  policy_handle *connect_handle
1396                 );
1397
1398         /************************/
1399         /* Function    0x3f     */
1400
1401         typedef enum samr_RejectReason samr_RejectReason;
1402
1403         typedef struct {
1404                 samr_RejectReason reason;
1405                 uint32 unknown1;
1406                 uint32 unknown2;
1407         } samr_ChangeReject;
1408
1409         NTSTATUS samr_ChangePasswordUser3(
1410                 [in,unique]       lsa_String *server,
1411                 [in,ref]          lsa_String *account,
1412                 [in,unique]       samr_CryptPassword *nt_password,
1413                 [in,unique]       samr_Password *nt_verifier,
1414                 [in]              boolean8 lm_change,
1415                 [in,unique]       samr_CryptPassword *lm_password,
1416                 [in,unique]       samr_Password *lm_verifier,
1417                 [in,unique]       samr_CryptPassword *password3,
1418                 [out,ref]         samr_DomInfo1 **dominfo,
1419                 [out,ref]         samr_ChangeReject **reject
1420                 );
1421
1422         /************************/
1423         /* Function    0x40      */
1424
1425         typedef struct {
1426                 samr_ConnectVersion client_version; /* w2k3 gives 3 */
1427                 uint32         unknown2; /* w2k3 gives 0 */
1428         } samr_ConnectInfo1;
1429
1430         typedef union {
1431                 [case(1)]  samr_ConnectInfo1 info1;
1432         } samr_ConnectInfo;
1433
1434         [public] NTSTATUS samr_Connect5(
1435                 [in,unique,string,charset(UTF16)] uint16 *system_name,
1436                 [in]       samr_ConnectAccessMask  access_mask,
1437                 [in]       uint32             level_in,
1438                 [in,ref,switch_is(level_in)] samr_ConnectInfo *info_in,
1439                 [out,ref]  uint32             *level_out,
1440                 [out,ref,switch_is(*level_out)] samr_ConnectInfo *info_out,
1441                 [out,ref]  policy_handle      *connect_handle
1442                 );
1443
1444         /************************/
1445         /* Function    0x41     */
1446         NTSTATUS samr_RidToSid(
1447                 [in,ref]    policy_handle *domain_handle,
1448                 [in]        uint32        rid,
1449                 [out,ref]   dom_sid2      **sid
1450                 );
1451
1452         /************************/
1453         /* Function    0x42     */
1454
1455         /*
1456           this should set the DSRM password for the server, which is used
1457           when booting into Directory Services Recovery Mode on a DC. Win2003
1458           gives me NT_STATUS_NOT_SUPPORTED
1459         */
1460
1461         NTSTATUS samr_SetDsrmPassword(
1462                 [in,unique] lsa_String *name,
1463                 [in]       uint32 unknown,
1464                 [in,unique] samr_Password *hash
1465                 );
1466
1467
1468         /************************/
1469         /* Function    0x43     */
1470         /************************/
1471         typedef [bitmap32bit] bitmap {
1472                 SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET           = 0x00000001,
1473                 SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME           = 0x00000002,
1474                 SAMR_VALIDATE_FIELD_LOCKOUT_TIME                = 0x00000004,
1475                 SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT          = 0x00000008,
1476                 SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH     = 0x00000010,
1477                 SAMR_VALIDATE_FIELD_PASSWORD_HISTORY            = 0x00000020
1478         } samr_ValidateFieldsPresent;
1479
1480         typedef enum {
1481                 NetValidateAuthentication = 1,
1482                 NetValidatePasswordChange= 2,
1483                 NetValidatePasswordReset = 3
1484         } samr_ValidatePasswordLevel;
1485
1486         /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't
1487          * identified the mapping of
1488          * - NERR_PasswordFilterError
1489          * - NERR_PasswordExpired and
1490          * - NERR_PasswordCantChange
1491          * yet - Guenther
1492          */
1493
1494         typedef enum {
1495                 SAMR_VALIDATION_STATUS_SUCCESS = 0,
1496                 SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1,
1497                 SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2,
1498                 SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4,
1499                 SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5,
1500                 SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6,
1501                 SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7,
1502                 SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8,
1503                 SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9
1504         } samr_ValidationStatus;
1505
1506         typedef struct {
1507                 uint32 length;
1508                 [size_is(length)] uint8 *data;
1509         } samr_ValidationBlob;
1510
1511         typedef struct {
1512                 samr_ValidateFieldsPresent fields_present;
1513                 NTTIME_hyper last_password_change;
1514                 NTTIME_hyper bad_password_time;
1515                 NTTIME_hyper lockout_time;
1516                 uint32 bad_pwd_count;
1517                 uint32 pwd_history_len;
1518                 [size_is(pwd_history_len)] samr_ValidationBlob *pwd_history;
1519         } samr_ValidatePasswordInfo;
1520
1521         typedef struct {
1522                 samr_ValidatePasswordInfo info;
1523                 samr_ValidationStatus status;
1524         } samr_ValidatePasswordRepCtr;
1525
1526         typedef [switch_type(uint16)] union {
1527                 [case(1)] samr_ValidatePasswordRepCtr ctr1;
1528                 [case(2)] samr_ValidatePasswordRepCtr ctr2;
1529                 [case(3)] samr_ValidatePasswordRepCtr ctr3;
1530         } samr_ValidatePasswordRep;
1531
1532         typedef struct {
1533                 samr_ValidatePasswordInfo info;
1534                 lsa_StringLarge password;
1535                 lsa_StringLarge account;
1536                 samr_ValidationBlob hash;
1537                 boolean8 pwd_must_change_at_next_logon;
1538                 boolean8 clear_lockout;
1539         } samr_ValidatePasswordReq3;
1540
1541         typedef struct {
1542                 samr_ValidatePasswordInfo info;
1543                 lsa_StringLarge password;
1544                 lsa_StringLarge account;
1545                 samr_ValidationBlob hash;
1546                 boolean8 password_matched;
1547         } samr_ValidatePasswordReq2;
1548
1549         typedef struct {
1550                 samr_ValidatePasswordInfo info;
1551                 boolean8 password_matched;
1552         } samr_ValidatePasswordReq1;
1553
1554         typedef [switch_type(uint16)] union {
1555                 [case(1)] samr_ValidatePasswordReq1 req1;
1556                 [case(2)] samr_ValidatePasswordReq2 req2;
1557                 [case(3)] samr_ValidatePasswordReq3 req3;
1558         } samr_ValidatePasswordReq;
1559
1560         NTSTATUS samr_ValidatePassword(
1561                 [in] samr_ValidatePasswordLevel level,
1562                 [in,switch_is(level)] samr_ValidatePasswordReq *req,
1563                 [out,ref,switch_is(level)] samr_ValidatePasswordRep **rep
1564                 );
1565 }