librpc/idl/samr.idl

   1 #include "idl_types.h"
   2
   3 /*
   4   samr interface definition
   5 */
   6 import "misc.idl", "lsa.idl", "security.idl";
   7
   8 /*
   9   Thanks to Todd Sabin for some information from his samr.idl in acltools
  10 */
  11
  12 [ uuid("12345778-1234-abcd-ef00-0123456789ac"),
  13   version(1.0),
  14   endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
  15   pointer_default(unique)
  16 ] interface samr
  17 {
  18         typedef bitmap security_secinfo security_secinfo;
  19
  20         /* SAM database types */
  21         typedef [public,v1_enum] enum {
  22                 SAM_DATABASE_DOMAIN  = 0, /* Domain users and groups */
  23                 SAM_DATABASE_BUILTIN = 1, /* BUILTIN users and groups */
  24                 SAM_DATABASE_PRIVS   = 2 /* Privileges */
  25         } netr_SamDatabaseID;
  26
  27         typedef [public,v1_enum] enum {
  28                 SAMR_REJECT_OTHER      = 0,
  29                 SAMR_REJECT_TOO_SHORT  = 1,
  30                 SAMR_REJECT_IN_HISTORY = 2,
  31                 SAMR_REJECT_COMPLEXITY = 5
  32         } samr_RejectReason;
  33
  34
  35
  36         /* account control (acct_flags) bits */
  37         typedef [public,bitmap32bit] bitmap {
  38                 ACB_DISABLED                    = 0x00000001,  /* 1 = User account disabled */
  39                 ACB_HOMDIRREQ                   = 0x00000002,  /* 1 = Home directory required */
  40                 ACB_PWNOTREQ                    = 0x00000004,  /* 1 = User password not required */
  41                 ACB_TEMPDUP                     = 0x00000008,  /* 1 = Temporary duplicate account */
  42                 ACB_NORMAL                      = 0x00000010,  /* 1 = Normal user account */
  43                 ACB_MNS                         = 0x00000020,  /* 1 = MNS logon user account */
  44                 ACB_DOMTRUST                    = 0x00000040,  /* 1 = Interdomain trust account */
  45                 ACB_WSTRUST                     = 0x00000080,  /* 1 = Workstation trust account */
  46                 ACB_SVRTRUST                    = 0x00000100,  /* 1 = Server trust account */
  47                 ACB_PWNOEXP                     = 0x00000200,  /* 1 = User password does not expire */
  48                 ACB_AUTOLOCK                    = 0x00000400,  /* 1 = Account auto locked */
  49                 ACB_ENC_TXT_PWD_ALLOWED         = 0x00000800,  /* 1 = Encryped text password is allowed */
  50                 ACB_SMARTCARD_REQUIRED          = 0x00001000,  /* 1 = Smart Card required */
  51                 ACB_TRUSTED_FOR_DELEGATION      = 0x00002000,  /* 1 = Trusted for Delegation */
  52                 ACB_NOT_DELEGATED               = 0x00004000,  /* 1 = Not delegated */
  53                 ACB_USE_DES_KEY_ONLY            = 0x00008000,  /* 1 = Use DES key only */
  54                 ACB_DONT_REQUIRE_PREAUTH        = 0x00010000,  /* 1 = Preauth not required */
  55                 ACB_PW_EXPIRED                  = 0x00020000,  /* 1 = Password Expired */
  56                 ACB_NO_AUTH_DATA_REQD           = 0x00080000   /* 1 = No authorization data required */
  57         } samr_AcctFlags;
  58
  59         /* SAM server specific access rights */
  60
  61         typedef [bitmap32bit] bitmap {
  62                 SAMR_ACCESS_CONNECT_TO_SERVER   = 0x00000001,
  63                 SAMR_ACCESS_SHUTDOWN_SERVER     = 0x00000002,
  64                 SAMR_ACCESS_INITIALIZE_SERVER   = 0x00000004,
  65                 SAMR_ACCESS_CREATE_DOMAIN       = 0x00000008,
  66                 SAMR_ACCESS_ENUM_DOMAINS        = 0x00000010,
  67                 SAMR_ACCESS_OPEN_DOMAIN         = 0x00000020
  68         } samr_ConnectAccessMask;
  69
  70         const int SAMR_ACCESS_ALL_ACCESS = 0x0000003F;
  71
  72         const int GENERIC_RIGHTS_SAM_ALL_ACCESS =
  73                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
  74                  SAMR_ACCESS_ALL_ACCESS);
  75
  76         const int GENERIC_RIGHTS_SAM_READ =
  77                 (STANDARD_RIGHTS_READ_ACCESS            |
  78                  SAMR_ACCESS_ENUM_DOMAINS);
  79
  80         const int GENERIC_RIGHTS_SAM_WRITE =
  81                 (STANDARD_RIGHTS_WRITE_ACCESS           |
  82                  SAMR_ACCESS_CREATE_DOMAIN              |
  83                  SAMR_ACCESS_INITIALIZE_SERVER          |
  84                  SAMR_ACCESS_SHUTDOWN_SERVER);
  85
  86         const int GENERIC_RIGHTS_SAM_EXECUTE =
  87                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
  88                  SAMR_ACCESS_OPEN_DOMAIN                |
  89                  SAMR_ACCESS_CONNECT_TO_SERVER);
  90
  91         /* User Object specific access rights */
  92
  93         typedef [bitmap32bit] bitmap {
  94                 SAMR_USER_ACCESS_GET_NAME_ETC             = 0x00000001,
  95                 SAMR_USER_ACCESS_GET_LOCALE               = 0x00000002,
  96                 SAMR_USER_ACCESS_SET_LOC_COM              = 0x00000004,
  97                 SAMR_USER_ACCESS_GET_LOGONINFO            = 0x00000008,
  98                 SAMR_USER_ACCESS_GET_ATTRIBUTES           = 0x00000010,
  99                 SAMR_USER_ACCESS_SET_ATTRIBUTES           = 0x00000020,
 100                 SAMR_USER_ACCESS_CHANGE_PASSWORD          = 0x00000040,
 101                 SAMR_USER_ACCESS_SET_PASSWORD             = 0x00000080,
 102                 SAMR_USER_ACCESS_GET_GROUPS               = 0x00000100,
 103                 SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP     = 0x00000200,
 104                 SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP  = 0x00000400
 105         } samr_UserAccessMask;
 106
 107         const int SAMR_USER_ACCESS_ALL_ACCESS = 0x000007FF;
 108
 109         const int GENERIC_RIGHTS_USER_ALL_ACCESS =
 110                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
 111                  SAMR_USER_ACCESS_ALL_ACCESS);  /* 0x000f07ff */
 112
 113         const int GENERIC_RIGHTS_USER_READ =
 114                 (STANDARD_RIGHTS_READ_ACCESS            |
 115                  SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP  |
 116                  SAMR_USER_ACCESS_GET_GROUPS            |
 117                  SAMR_USER_ACCESS_GET_ATTRIBUTES        |
 118                  SAMR_USER_ACCESS_GET_LOGONINFO         |
 119                  SAMR_USER_ACCESS_GET_LOCALE);  /* 0x0002031a */
 120
 121         const int GENERIC_RIGHTS_USER_WRITE =
 122                 (STANDARD_RIGHTS_WRITE_ACCESS           |
 123                  SAMR_USER_ACCESS_CHANGE_PASSWORD       |
 124                  SAMR_USER_ACCESS_SET_LOC_COM           |
 125                  SAMR_USER_ACCESS_SET_ATTRIBUTES        |
 126                  SAMR_USER_ACCESS_SET_PASSWORD          |
 127                  SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP);     /* 0x000204e4 */
 128
 129         const int GENERIC_RIGHTS_USER_EXECUTE =
 130                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
 131                  SAMR_USER_ACCESS_CHANGE_PASSWORD       |
 132                  SAMR_USER_ACCESS_GET_NAME_ETC);        /* 0x00020041 */
 133
 134         /* Domain Object specific access rights */
 135
 136         typedef [bitmap32bit] bitmap {
 137                 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1  = 0x00000001,
 138                 SAMR_DOMAIN_ACCESS_SET_INFO_1     = 0x00000002,
 139                 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2  = 0x00000004,
 140                 SAMR_DOMAIN_ACCESS_SET_INFO_2     = 0x00000008,
 141                 SAMR_DOMAIN_ACCESS_CREATE_USER    = 0x00000010,
 142                 SAMR_DOMAIN_ACCESS_CREATE_GROUP   = 0x00000020,
 143                 SAMR_DOMAIN_ACCESS_CREATE_ALIAS   = 0x00000040,
 144                 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS   = 0x00000080,
 145                 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS  = 0x00000100,
 146                 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT   = 0x00000200,
 147                 SAMR_DOMAIN_ACCESS_SET_INFO_3     = 0x00000400
 148         } samr_DomainAccessMask;
 149
 150         const int SAMR_DOMAIN_ACCESS_ALL_ACCESS = 0x000007FF;
 151
 152         const int GENERIC_RIGHTS_DOMAIN_ALL_ACCESS =
 153                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
 154                  SAMR_DOMAIN_ACCESS_ALL_ACCESS);
 155
 156         const int GENERIC_RIGHTS_DOMAIN_READ =
 157                 (STANDARD_RIGHTS_READ_ACCESS            |
 158                  SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS        |
 159                  SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2);
 160
 161         const int GENERIC_RIGHTS_DOMAIN_WRITE =
 162                 (STANDARD_RIGHTS_WRITE_ACCESS           |
 163                  SAMR_DOMAIN_ACCESS_SET_INFO_3          |
 164                  SAMR_DOMAIN_ACCESS_CREATE_ALIAS        |
 165                  SAMR_DOMAIN_ACCESS_CREATE_GROUP        |
 166                  SAMR_DOMAIN_ACCESS_CREATE_USER         |
 167                  SAMR_DOMAIN_ACCESS_SET_INFO_2          |
 168                  SAMR_DOMAIN_ACCESS_SET_INFO_1);
 169
 170         const int GENERIC_RIGHTS_DOMAIN_EXECUTE =
 171                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
 172                  SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT        |
 173                  SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS       |
 174                  SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1);
 175
 176         /* Group Object specific access rights */
 177
 178         typedef [bitmap32bit] bitmap {
 179                 SAMR_GROUP_ACCESS_LOOKUP_INFO     = 0x00000001,
 180                 SAMR_GROUP_ACCESS_SET_INFO        = 0x00000002,
 181                 SAMR_GROUP_ACCESS_ADD_MEMBER      = 0x00000004,
 182                 SAMR_GROUP_ACCESS_REMOVE_MEMBER   = 0x00000008,
 183                 SAMR_GROUP_ACCESS_GET_MEMBERS     = 0x00000010
 184         } samr_GroupAccessMask;
 185
 186         const int SAMR_GROUP_ACCESS_ALL_ACCESS = 0x0000001F;
 187
 188         const int GENERIC_RIGHTS_GROUP_ALL_ACCESS =
 189                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
 190                  SAMR_GROUP_ACCESS_ALL_ACCESS); /* 0x000f001f */
 191
 192         const int GENERIC_RIGHTS_GROUP_READ =
 193                 (STANDARD_RIGHTS_READ_ACCESS            |
 194                  SAMR_GROUP_ACCESS_GET_MEMBERS);        /* 0x00020010 */
 195
 196         const int GENERIC_RIGHTS_GROUP_WRITE =
 197                 (STANDARD_RIGHTS_WRITE_ACCESS           |
 198                  SAMR_GROUP_ACCESS_REMOVE_MEMBER        |
 199                  SAMR_GROUP_ACCESS_ADD_MEMBER           |
 200                  SAMR_GROUP_ACCESS_SET_INFO);   /* 0x0002000e */
 201
 202         const int GENERIC_RIGHTS_GROUP_EXECUTE =
 203                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
 204                  SAMR_GROUP_ACCESS_LOOKUP_INFO);        /* 0x00020001 */
 205
 206         /* Alias Object specific access rights */
 207
 208         typedef [bitmap32bit] bitmap {
 209                 SAMR_ALIAS_ACCESS_ADD_MEMBER      = 0x00000001,
 210                 SAMR_ALIAS_ACCESS_REMOVE_MEMBER   = 0x00000002,
 211                 SAMR_ALIAS_ACCESS_GET_MEMBERS     = 0x00000004,
 212                 SAMR_ALIAS_ACCESS_LOOKUP_INFO     = 0x00000008,
 213                 SAMR_ALIAS_ACCESS_SET_INFO        = 0x00000010
 214         } samr_AliasAccessMask;
 215
 216         const int SAMR_ALIAS_ACCESS_ALL_ACCESS = 0x0000001F;
 217
 218         const int GENERIC_RIGHTS_ALIAS_ALL_ACCESS =
 219                 (STANDARD_RIGHTS_REQUIRED_ACCESS        |
 220                  SAMR_ALIAS_ACCESS_ALL_ACCESS); /* 0x000f001f */
 221
 222         const int GENERIC_RIGHTS_ALIAS_READ =
 223                 (STANDARD_RIGHTS_READ_ACCESS            |
 224                  SAMR_ALIAS_ACCESS_GET_MEMBERS);        /* 0x00020004 */
 225
 226         const int GENERIC_RIGHTS_ALIAS_WRITE =
 227                 (STANDARD_RIGHTS_WRITE_ACCESS           |
 228                  SAMR_ALIAS_ACCESS_REMOVE_MEMBER        |
 229                  SAMR_ALIAS_ACCESS_ADD_MEMBER           |
 230                  SAMR_ALIAS_ACCESS_SET_INFO);   /* 0x00020013 */
 231
 232         const int GENERIC_RIGHTS_ALIAS_EXECUTE =
 233                 (STANDARD_RIGHTS_EXECUTE_ACCESS         |
 234                  SAMR_ALIAS_ACCESS_LOOKUP_INFO);        /* 0x00020008 */
 235
 236         /******************/
 237         /* Function: 0x00 */
 238         NTSTATUS samr_Connect (
 239                 /* notice the lack of [string] */
 240                 [in,unique] uint16 *system_name,
 241                 [in]       samr_ConnectAccessMask access_mask,
 242                 [out,ref]  policy_handle *connect_handle
 243                 );
 244
 245
 246         /******************/
 247         /* Function: 0x01 */
 248         [public] NTSTATUS samr_Close (
 249                 [in,out,ref]  policy_handle *handle
 250                 );
 251
 252         /******************/
 253         /* Function: 0x02 */
 254
 255         NTSTATUS samr_SetSecurity (
 256                 [in,ref]          policy_handle *handle,
 257                 [in]              security_secinfo sec_info,
 258                 [in,ref]          sec_desc_buf *sdbuf
 259                 );
 260
 261         /******************/
 262         /* Function: 0x03 */
 263
 264         NTSTATUS samr_QuerySecurity (
 265                 [in,ref]          policy_handle *handle,
 266                 [in]              security_secinfo sec_info,
 267                 [out,ref]         sec_desc_buf **sdbuf
 268                 );
 269
 270         /******************/
 271         /* Function: 0x04 */
 272
 273         /*
 274           shutdown the SAM - once you call this the SAM will be dead
 275         */
 276         NTSTATUS samr_Shutdown (
 277                 [in,ref]   policy_handle *connect_handle
 278                 );
 279
 280         /******************/
 281         /* Function: 0x05 */
 282         NTSTATUS samr_LookupDomain (
 283                 [in,ref]  policy_handle *connect_handle,
 284                 [in,ref]  lsa_String *domain_name,
 285                 [out,ref] dom_sid2 **sid
 286                 );
 287
 288
 289         /******************/
 290         /* Function: 0x06 */
 291
 292         typedef struct {
 293                 uint32 idx;
 294                 lsa_String name;
 295         } samr_SamEntry;
 296
 297         typedef struct {
 298                 uint32 count;
 299                 [size_is(count)] samr_SamEntry *entries;
 300         } samr_SamArray;
 301
 302         NTSTATUS samr_EnumDomains (
 303                 [in]          policy_handle *connect_handle,
 304                 [in,out,ref]  uint32 *resume_handle,
 305                 [out,ref]     samr_SamArray **sam,
 306                 [in]          uint32 buf_size,
 307                 [out,ref]     uint32 *num_entries
 308                 );
 309
 310
 311         /************************/
 312         /* Function    0x07     */
 313         [public] NTSTATUS samr_OpenDomain(
 314                 [in,ref]      policy_handle *connect_handle,
 315                 [in]          samr_DomainAccessMask access_mask,
 316                 [in,ref]      dom_sid2 *sid,
 317                 [out,ref]     policy_handle *domain_handle
 318                 );
 319
 320         /************************/
 321         /* Function    0x08     */
 322         /* server roles */
 323         typedef [v1_enum] enum {
 324                 SAMR_ROLE_STANDALONE    = 0,
 325                 SAMR_ROLE_DOMAIN_MEMBER = 1,
 326                 SAMR_ROLE_DOMAIN_BDC    = 2,
 327                 SAMR_ROLE_DOMAIN_PDC    = 3
 328         } samr_Role;
 329
 330         /* password properties flags */
 331         typedef [public,bitmap32bit] bitmap {
 332                 DOMAIN_PASSWORD_COMPLEX         = 0x00000001,
 333                 DOMAIN_PASSWORD_NO_ANON_CHANGE  = 0x00000002,
 334                 DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004,
 335                 DOMAIN_PASSWORD_LOCKOUT_ADMINS  = 0x00000008,
 336                 DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010,
 337                 DOMAIN_REFUSE_PASSWORD_CHANGE   = 0x00000020
 338         } samr_PasswordProperties;
 339
 340         typedef [v1_enum] enum {
 341                 DOMAIN_SERVER_ENABLED = 1,
 342                 DOMAIN_SERVER_DISABLED = 2
 343         } samr_DomainServerState;
 344
 345         typedef struct {
 346                 uint16 min_password_length;
 347                 uint16 password_history_length;
 348                 samr_PasswordProperties password_properties;
 349                 /* yes, these are signed. They are in negative 100ns */
 350                 dlong  max_password_age;
 351                 dlong  min_password_age;
 352         } samr_DomInfo1;
 353
 354         typedef struct {
 355                 NTTIME force_logoff_time;
 356                 lsa_String oem_information; /* comment */
 357                 lsa_String domain_name;
 358                 lsa_String primary; /* PDC name if this is a BDC */
 359                 udlong sequence_num;
 360                 samr_DomainServerState domain_server_state;
 361                 samr_Role role;
 362                 uint32 unknown3;
 363                 uint32 num_users;
 364                 uint32 num_groups;
 365                 uint32 num_aliases;
 366         } samr_DomGeneralInformation;
 367
 368         typedef struct {
 369                 NTTIME force_logoff_time;
 370         } samr_DomInfo3;
 371
 372         typedef struct {
 373                 lsa_String oem_information; /* comment */
 374         } samr_DomOEMInformation;
 375
 376         typedef struct {
 377                 lsa_String domain_name;
 378         } samr_DomInfo5;
 379
 380         typedef struct {
 381                 lsa_String primary;
 382         } samr_DomInfo6;
 383
 384         typedef struct {
 385                 samr_Role role;
 386         } samr_DomInfo7;
 387
 388         typedef struct {
 389                 hyper sequence_num;
 390                 NTTIME domain_create_time;
 391         } samr_DomInfo8;
 392
 393         typedef struct {
 394                 samr_DomainServerState domain_server_state;
 395         } samr_DomInfo9;
 396
 397         typedef struct {
 398                 samr_DomGeneralInformation general;
 399                 hyper lockout_duration;
 400                 hyper lockout_window;
 401                 uint16 lockout_threshold;
 402         } samr_DomGeneralInformation2;
 403
 404         typedef struct {
 405                 hyper lockout_duration;
 406                 hyper lockout_window;
 407                 uint16 lockout_threshold;
 408         } samr_DomInfo12;
 409
 410         typedef struct {
 411                 hyper sequence_num;
 412                 NTTIME domain_create_time;
 413                 uint32 unknown1;
 414                 uint32 unknown2;
 415         } samr_DomInfo13;
 416
 417         typedef [switch_type(uint16)] union {
 418                 [case(1)] samr_DomInfo1 info1;
 419                 [case(2)] samr_DomGeneralInformation general;
 420                 [case(3)] samr_DomInfo3 info3;
 421                 [case(4)] samr_DomOEMInformation oem;
 422                 [case(5)] samr_DomInfo5 info5;
 423                 [case(6)] samr_DomInfo6 info6;
 424                 [case(7)] samr_DomInfo7 info7;
 425                 [case(8)] samr_DomInfo8 info8;
 426                 [case(9)] samr_DomInfo9 info9;
 427                 [case(11)] samr_DomGeneralInformation2 general2;
 428                 [case(12)] samr_DomInfo12 info12;
 429                 [case(13)] samr_DomInfo13 info13;
 430         } samr_DomainInfo;
 431
 432         NTSTATUS samr_QueryDomainInfo(
 433                 [in,ref]      policy_handle *domain_handle,
 434                 [in]          uint16 level,
 435                 [out,ref,switch_is(level)] samr_DomainInfo **info
 436                 );
 437
 438         /************************/
 439         /* Function    0x09     */
 440         /*
 441           only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
 442           call in w2k3
 443         */
 444         NTSTATUS samr_SetDomainInfo(
 445                 [in,ref]      policy_handle *domain_handle,
 446                 [in]          uint16 level,
 447                 [in,switch_is(level),ref] samr_DomainInfo *info
 448                 );
 449
 450
 451         /************************/
 452         /* Function    0x0a     */
 453         NTSTATUS samr_CreateDomainGroup(
 454                 [in,ref]      policy_handle *domain_handle,
 455                 [in,ref]      lsa_String *name,
 456                 [in]          samr_GroupAccessMask access_mask,
 457                 [out,ref]     policy_handle *group_handle,
 458                 [out,ref]     uint32 *rid
 459                 );
 460
 461
 462         /************************/
 463         /* Function    0x0b     */
 464         NTSTATUS samr_EnumDomainGroups(
 465                 [in]          policy_handle *domain_handle,
 466                 [in,out,ref]  uint32 *resume_handle,
 467                 [out,ref]     samr_SamArray **sam,
 468                 [in]          uint32 max_size,
 469                 [out,ref]     uint32 *num_entries
 470                 );
 471
 472         /************************/
 473         /* Function    0x0c     */
 474         NTSTATUS samr_CreateUser(
 475                 [in,ref]      policy_handle *domain_handle,
 476                 [in,ref]      lsa_String *account_name,
 477                 [in]          samr_UserAccessMask access_mask,
 478                 [out,ref]     policy_handle *user_handle,
 479                 [out,ref]     uint32 *rid
 480                 );
 481
 482         /************************/
 483         /* Function    0x0d     */
 484
 485
 486         /* w2k3 treats max_size as max_users*54 and sets the
 487            resume_handle as the rid of the last user sent
 488         */
 489         const int SAMR_ENUM_USERS_MULTIPLIER = 54;
 490
 491         NTSTATUS samr_EnumDomainUsers(
 492                 [in]          policy_handle *domain_handle,
 493                 [in,out,ref]  uint32 *resume_handle,
 494                 [in]          samr_AcctFlags acct_flags,
 495                 [out,ref]     samr_SamArray **sam,
 496                 [in]          uint32 max_size,
 497                 [out,ref]     uint32 *num_entries
 498                 );
 499
 500         /************************/
 501         /* Function    0x0e     */
 502         NTSTATUS samr_CreateDomAlias(
 503                 [in,ref]      policy_handle *domain_handle,
 504                 [in,ref]      lsa_String   *alias_name,
 505                 [in]          samr_AliasAccessMask access_mask,
 506                 [out,ref]     policy_handle *alias_handle,
 507                 [out,ref]     uint32        *rid
 508                 );
 509
 510         /************************/
 511         /* Function    0x0f     */
 512         NTSTATUS samr_EnumDomainAliases(
 513                 [in]          policy_handle *domain_handle,
 514                 [in,out,ref]  uint32 *resume_handle,
 515                 [out,ref]     samr_SamArray **sam,
 516                 [in]          uint32 max_size,
 517                 [out,ref]     uint32 *num_entries
 518                 );
 519
 520         /************************/
 521         /* Function    0x10     */
 522
 523         typedef struct {
 524                 [range(0,1024)]  uint32 count;
 525                 [size_is(count)] uint32 *ids;
 526         } samr_Ids;
 527
 528         NTSTATUS samr_GetAliasMembership(
 529                 [in,ref]      policy_handle *domain_handle,
 530                 [in,ref]      lsa_SidArray  *sids,
 531                 [out,ref]     samr_Ids *rids
 532                 );
 533
 534         /************************/
 535         /* Function    0x11     */
 536
 537         [public] NTSTATUS samr_LookupNames(
 538                 [in,ref]      policy_handle *domain_handle,
 539                 [in,range(0,1000)] uint32 num_names,
 540                 [in,size_is(1000),length_is(num_names)] lsa_String names[],
 541                 [out,ref]     samr_Ids *rids,
 542                 [out,ref]     samr_Ids *types
 543                 );
 544
 545
 546         /************************/
 547         /* Function    0x12     */
 548         NTSTATUS samr_LookupRids(
 549                 [in,ref]      policy_handle *domain_handle,
 550                 [in,range(0,1000)] uint32 num_rids,
 551                 [in,size_is(1000),length_is(num_rids)] uint32 rids[],
 552                 [out,ref]     lsa_Strings *names,
 553                 [out,ref]     samr_Ids *types
 554                 );
 555
 556         /************************/
 557         /* Function    0x13     */
 558         NTSTATUS samr_OpenGroup(
 559                 [in,ref]      policy_handle *domain_handle,
 560                 [in]          samr_GroupAccessMask access_mask,
 561                 [in]          uint32 rid,
 562                 [out,ref]     policy_handle *group_handle
 563                 );
 564
 565         /* Group attributes */
 566         typedef [public,bitmap32bit] bitmap {
 567                 SE_GROUP_MANDATORY              = 0x00000001,
 568                 SE_GROUP_ENABLED_BY_DEFAULT     = 0x00000002,
 569                 SE_GROUP_ENABLED                = 0x00000004,
 570                 SE_GROUP_OWNER                  = 0x00000008,
 571                 SE_GROUP_USE_FOR_DENY_ONLY      = 0x00000010,
 572                 SE_GROUP_RESOURCE               = 0x20000000,
 573                 SE_GROUP_LOGON_ID               = 0xC0000000
 574         } samr_GroupAttrs;
 575
 576         /************************/
 577         /* Function    0x14     */
 578
 579         typedef struct {
 580                 lsa_String name;
 581                 samr_GroupAttrs attributes;
 582                 uint32 num_members;
 583                 lsa_String description;
 584         } samr_GroupInfoAll;
 585
 586         typedef struct {
 587                 samr_GroupAttrs attributes;
 588         } samr_GroupInfoAttributes;
 589
 590         typedef struct {
 591                 lsa_String description;
 592         } samr_GroupInfoDescription;
 593
 594         typedef enum {
 595                 GROUPINFOALL          = 1,
 596                 GROUPINFONAME         = 2,
 597                 GROUPINFOATTRIBUTES   = 3,
 598                 GROUPINFODESCRIPTION  = 4,
 599                 GROUPINFOALL2         = 5
 600         } samr_GroupInfoEnum;
 601
 602         typedef [switch_type(samr_GroupInfoEnum)] union {
 603                 [case(GROUPINFOALL)]         samr_GroupInfoAll        all;
 604                 [case(GROUPINFONAME)]        lsa_String               name;
 605                 [case(GROUPINFOATTRIBUTES)]  samr_GroupInfoAttributes attributes;
 606                 [case(GROUPINFODESCRIPTION)] lsa_String               description;
 607                 [case(GROUPINFOALL2)]        samr_GroupInfoAll        all2;
 608         } samr_GroupInfo;
 609
 610         NTSTATUS samr_QueryGroupInfo(
 611                 [in,ref]                  policy_handle *group_handle,
 612                 [in]                      samr_GroupInfoEnum level,
 613                 [out,ref,switch_is(level)] samr_GroupInfo **info
 614                 );
 615
 616         /************************/
 617         /* Function    0x15     */
 618         NTSTATUS samr_SetGroupInfo(
 619                 [in,ref]                  policy_handle *group_handle,
 620                 [in]                      samr_GroupInfoEnum level,
 621                 [in,switch_is(level),ref] samr_GroupInfo *info
 622                 );
 623
 624         /************************/
 625         /* Function    0x16     */
 626         NTSTATUS samr_AddGroupMember(
 627                 [in,ref]                  policy_handle *group_handle,
 628                 [in]                      uint32 rid,
 629                 [in]                      uint32 flags
 630                 );
 631
 632         /************************/
 633         /* Function    0x17     */
 634         NTSTATUS samr_DeleteDomainGroup(
 635                 [in,out,ref]   policy_handle *group_handle
 636                 );
 637
 638         /************************/
 639         /* Function    0x18     */
 640         NTSTATUS samr_DeleteGroupMember(
 641                 [in,ref]                  policy_handle *group_handle,
 642                 [in]                      uint32 rid
 643                 );
 644
 645
 646         /************************/
 647         /* Function    0x19     */
 648         typedef struct {
 649                 uint32 count;
 650                 [size_is(count)] uint32 *rids;
 651                 [size_is(count)] uint32 *types;
 652         } samr_RidTypeArray;
 653
 654         NTSTATUS samr_QueryGroupMember(
 655                 [in,ref]  policy_handle *group_handle,
 656                 [out,ref] samr_RidTypeArray **rids
 657                 );
 658
 659
 660         /************************/
 661         /* Function    0x1a     */
 662
 663         /*
 664           win2003 seems to accept any data at all for the two integers
 665           below, and doesn't seem to do anything with them that I can
 666           see. Weird. I really expected the first integer to be a rid
 667           and the second to be the attributes for that rid member.
 668         */
 669         NTSTATUS samr_SetMemberAttributesOfGroup(
 670                 [in,ref]  policy_handle *group_handle,
 671                 [in]      uint32 unknown1,
 672                 [in]      uint32 unknown2
 673                 );
 674
 675
 676         /************************/
 677         /* Function    0x1b     */
 678         NTSTATUS samr_OpenAlias (
 679                 [in,ref]      policy_handle *domain_handle,
 680                 [in]          samr_AliasAccessMask access_mask,
 681                 [in]          uint32 rid,
 682                 [out,ref]     policy_handle *alias_handle
 683                 );
 684
 685
 686         /************************/
 687         /* Function    0x1c     */
 688
 689         typedef struct {
 690                 lsa_String name;
 691                 uint32 num_members;
 692                 lsa_String description;
 693         } samr_AliasInfoAll;
 694
 695         typedef enum {
 696                 ALIASINFOALL          = 1,
 697                 ALIASINFONAME         = 2,
 698                 ALIASINFODESCRIPTION  = 3
 699         } samr_AliasInfoEnum;
 700
 701         typedef [switch_type(samr_AliasInfoEnum)] union {
 702                 [case(ALIASINFOALL)] samr_AliasInfoAll all;
 703                 [case(ALIASINFONAME)] lsa_String name;
 704                 [case(ALIASINFODESCRIPTION)] lsa_String description;
 705         } samr_AliasInfo;
 706
 707         NTSTATUS samr_QueryAliasInfo(
 708                 [in,ref]                  policy_handle  *alias_handle,
 709                 [in]                      samr_AliasInfoEnum      level,
 710                 [out,ref,switch_is(level)] samr_AliasInfo **info
 711                 );
 712
 713         /************************/
 714         /* Function    0x1d     */
 715         NTSTATUS samr_SetAliasInfo(
 716                 [in,ref]                  policy_handle  *alias_handle,
 717                 [in]                      samr_AliasInfoEnum      level,
 718                 [in,switch_is(level),ref] samr_AliasInfo *info
 719                 );
 720
 721         /************************/
 722         /* Function    0x1e     */
 723         NTSTATUS samr_DeleteDomAlias(
 724                 [in,out,ref]  policy_handle *alias_handle
 725                 );
 726
 727         /************************/
 728         /* Function    0x1f     */
 729         NTSTATUS samr_AddAliasMember(
 730                 [in,ref]  policy_handle *alias_handle,
 731                 [in,ref]  dom_sid2      *sid
 732                 );
 733
 734         /************************/
 735         /* Function    0x20     */
 736         NTSTATUS samr_DeleteAliasMember(
 737                 [in,ref] policy_handle *alias_handle,
 738                 [in,ref] dom_sid2      *sid
 739                 );
 740
 741         /************************/
 742         /* Function    0x21     */
 743         NTSTATUS samr_GetMembersInAlias(
 744                 [in,ref]   policy_handle *alias_handle,
 745                 [out,ref]  lsa_SidArray    *sids
 746                 );
 747
 748         /************************/
 749         /* Function    0x22     */
 750         [public] NTSTATUS samr_OpenUser(
 751                 [in,ref]      policy_handle *domain_handle,
 752                 [in]          samr_UserAccessMask access_mask,
 753                 [in]          uint32 rid,
 754                 [out,ref]     policy_handle *user_handle
 755                 );
 756
 757         /************************/
 758         /* Function    0x23     */
 759         NTSTATUS samr_DeleteUser(
 760                 [in,out,ref]   policy_handle *user_handle
 761                 );
 762
 763         /************************/
 764         /* Function    0x24     */
 765         typedef struct {
 766                 lsa_String account_name;
 767                 lsa_String full_name;
 768                 uint32 primary_gid;
 769                 lsa_String description;
 770                 lsa_String comment;
 771         } samr_UserInfo1;
 772
 773         typedef struct {
 774                 lsa_String comment;
 775                 lsa_String unknown; /* settable, but doesn't stick. probably obsolete */
 776                 uint16 country_code;
 777                 uint16 code_page;
 778         } samr_UserInfo2;
 779
 780         /* this is also used in samr and netlogon */
 781         typedef [public, flag(NDR_PAHEX)] struct {
 782                 uint16 units_per_week;
 783                 [size_is(1260), length_is(units_per_week/8)] uint8 *bits;
 784         } samr_LogonHours;
 785
 786         typedef struct {
 787                 lsa_String account_name;
 788                 lsa_String full_name;
 789                 uint32 rid;
 790                 uint32 primary_gid;
 791                 lsa_String home_directory;
 792                 lsa_String home_drive;
 793                 lsa_String logon_script;
 794                 lsa_String profile_path;
 795                 lsa_String workstations;
 796                 NTTIME last_logon;
 797                 NTTIME last_logoff;
 798                 NTTIME last_password_change;
 799                 NTTIME allow_password_change;
 800                 NTTIME force_password_change;
 801                 samr_LogonHours logon_hours;
 802                 uint16 bad_password_count;
 803                 uint16 logon_count;
 804                 samr_AcctFlags acct_flags;
 805         } samr_UserInfo3;
 806
 807         typedef struct {
 808                 samr_LogonHours logon_hours;
 809         } samr_UserInfo4;
 810
 811         typedef struct {
 812                 lsa_String account_name;
 813                 lsa_String full_name;
 814                 uint32 rid;
 815                 uint32 primary_gid;
 816                 lsa_String home_directory;
 817                 lsa_String home_drive;
 818                 lsa_String logon_script;
 819                 lsa_String profile_path;
 820                 lsa_String description;
 821                 lsa_String workstations;
 822                 NTTIME last_logon;
 823                 NTTIME last_logoff;
 824                 samr_LogonHours logon_hours;
 825                 uint16 bad_password_count;
 826                 uint16 logon_count;
 827                 NTTIME last_password_change;
 828                 NTTIME acct_expiry;
 829                 samr_AcctFlags acct_flags;
 830         } samr_UserInfo5;
 831
 832         typedef struct {
 833                 lsa_String account_name;
 834                 lsa_String full_name;
 835         } samr_UserInfo6;
 836
 837         typedef struct {
 838                 lsa_String account_name;
 839         } samr_UserInfo7;
 840
 841         typedef struct {
 842                 lsa_String full_name;
 843         } samr_UserInfo8;
 844
 845         typedef struct {
 846                 uint32 primary_gid;
 847         } samr_UserInfo9;
 848
 849         typedef struct {
 850                 lsa_String home_directory;
 851                 lsa_String home_drive;
 852         } samr_UserInfo10;
 853
 854         typedef struct {
 855                 lsa_String logon_script;
 856         } samr_UserInfo11;
 857
 858         typedef struct {
 859                 lsa_String profile_path;
 860         } samr_UserInfo12;
 861
 862         typedef struct {
 863                 lsa_String description;
 864         } samr_UserInfo13;
 865
 866         typedef struct {
 867                 lsa_String workstations;
 868         } samr_UserInfo14;
 869
 870         typedef struct {
 871                 samr_AcctFlags acct_flags;
 872         } samr_UserInfo16;
 873
 874         typedef struct {
 875                 NTTIME acct_expiry;
 876         } samr_UserInfo17;
 877
 878         typedef [public, flag(NDR_PAHEX)] struct {
 879                 uint8 hash[16];
 880         } samr_Password;
 881
 882         typedef struct {
 883                 samr_Password lm_pwd;
 884                 samr_Password nt_pwd;
 885                 boolean8 lm_pwd_active;
 886                 boolean8 nt_pwd_active;
 887         } samr_UserInfo18;
 888
 889         typedef struct {
 890                 lsa_BinaryString parameters;
 891         } samr_UserInfo20;
 892
 893         /* this defines the bits used for fields_present in info21 */
 894         typedef [bitmap32bit] bitmap {
 895                 SAMR_FIELD_ACCOUNT_NAME     = 0x00000001,
 896                 SAMR_FIELD_FULL_NAME        = 0x00000002,
 897                 SAMR_FIELD_RID              = 0x00000004,
 898                 SAMR_FIELD_PRIMARY_GID      = 0x00000008,
 899                 SAMR_FIELD_DESCRIPTION      = 0x00000010,
 900                 SAMR_FIELD_COMMENT          = 0x00000020,
 901                 SAMR_FIELD_HOME_DIRECTORY   = 0x00000040,
 902                 SAMR_FIELD_HOME_DRIVE       = 0x00000080,
 903                 SAMR_FIELD_LOGON_SCRIPT     = 0x00000100,
 904                 SAMR_FIELD_PROFILE_PATH     = 0x00000200,
 905                 SAMR_FIELD_WORKSTATIONS     = 0x00000400,
 906                 SAMR_FIELD_LAST_LOGON       = 0x00000800,
 907                 SAMR_FIELD_LAST_LOGOFF      = 0x00001000,
 908                 SAMR_FIELD_LOGON_HOURS      = 0x00002000,
 909                 SAMR_FIELD_BAD_PWD_COUNT    = 0x00004000,
 910                 SAMR_FIELD_NUM_LOGONS       = 0x00008000,
 911                 SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000,
 912                 SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000,
 913                 SAMR_FIELD_LAST_PWD_CHANGE  = 0x00040000,
 914                 SAMR_FIELD_ACCT_EXPIRY      = 0x00080000,
 915                 SAMR_FIELD_ACCT_FLAGS       = 0x00100000,
 916                 SAMR_FIELD_PARAMETERS       = 0x00200000,
 917                 SAMR_FIELD_COUNTRY_CODE     = 0x00400000,
 918                 SAMR_FIELD_CODE_PAGE        = 0x00800000,
 919                 SAMR_FIELD_PASSWORD         = 0x01000000, /* either of these */
 920                 SAMR_FIELD_PASSWORD2        = 0x02000000, /* two bits seems to work */
 921                 SAMR_FIELD_PRIVATE_DATA     = 0x04000000,
 922                 SAMR_FIELD_EXPIRED_FLAG     = 0x08000000,
 923                 SAMR_FIELD_SEC_DESC         = 0x10000000,
 924                 SAMR_FIELD_OWF_PWD          = 0x20000000
 925         } samr_FieldsPresent;
 926
 927         /* used for 'password_expired' in samr_UserInfo21 */
 928         const int PASS_MUST_CHANGE_AT_NEXT_LOGON = 0x01;
 929         const int PASS_DONT_CHANGE_AT_NEXT_LOGON = 0x00;
 930
 931         typedef struct {
 932                 NTTIME last_logon;
 933                 NTTIME last_logoff;
 934                 NTTIME last_password_change;
 935                 NTTIME acct_expiry;
 936                 NTTIME allow_password_change;
 937                 NTTIME force_password_change;
 938                 lsa_String account_name;
 939                 lsa_String full_name;
 940                 lsa_String home_directory;
 941                 lsa_String home_drive;
 942                 lsa_String logon_script;
 943                 lsa_String profile_path;
 944                 lsa_String description;
 945                 lsa_String workstations;
 946                 lsa_String comment;
 947                 lsa_BinaryString parameters;
 948                 lsa_String unknown1;
 949                 lsa_String unknown2;
 950                 lsa_String unknown3;
 951                 uint32 buf_count;
 952                 [size_is(buf_count)] uint8 *buffer;
 953                 uint32 rid;
 954                 uint32 primary_gid;
 955                 samr_AcctFlags acct_flags;
 956                 samr_FieldsPresent fields_present;
 957                 samr_LogonHours logon_hours;
 958                 uint16 bad_password_count;
 959                 uint16 logon_count;
 960                 uint16 country_code;
 961                 uint16 code_page;
 962                 uint8  nt_password_set;
 963                 uint8  lm_password_set;
 964                 uint8  password_expired;
 965                 uint8  unknown4;
 966         } samr_UserInfo21;
 967
 968         typedef [public, flag(NDR_PAHEX)] struct {
 969                 uint8 data[516];
 970         } samr_CryptPassword;
 971
 972         typedef struct {
 973                 samr_UserInfo21 info;
 974                 samr_CryptPassword password;
 975         } samr_UserInfo23;
 976
 977         typedef struct {
 978                 samr_CryptPassword password;
 979                 uint8 password_expired;
 980         } samr_UserInfo24;
 981
 982         typedef [flag(NDR_PAHEX)] struct {
 983                 uint8 data[532];
 984         } samr_CryptPasswordEx;
 985
 986         typedef struct {
 987                 samr_UserInfo21 info;
 988                 samr_CryptPasswordEx password;
 989         } samr_UserInfo25;
 990
 991         typedef struct {
 992                 samr_CryptPasswordEx password;
 993                 uint8 password_expired;
 994         } samr_UserInfo26;
 995
 996         typedef [switch_type(uint16)] union {
 997                 [case(1)] samr_UserInfo1 info1;
 998                 [case(2)] samr_UserInfo2 info2;
 999                 [case(3)] samr_UserInfo3 info3;
1000                 [case(4)] samr_UserInfo4 info4;
1001                 [case(5)] samr_UserInfo5 info5;
1002                 [case(6)] samr_UserInfo6 info6;
1003                 [case(7)] samr_UserInfo7 info7;
1004                 [case(8)] samr_UserInfo8 info8;
1005                 [case(9)] samr_UserInfo9 info9;
1006                 [case(10)] samr_UserInfo10 info10;
1007                 [case(11)] samr_UserInfo11 info11;
1008                 [case(12)] samr_UserInfo12 info12;
1009                 [case(13)] samr_UserInfo13 info13;
1010                 [case(14)] samr_UserInfo14 info14;
1011                 [case(16)] samr_UserInfo16 info16;
1012                 [case(17)] samr_UserInfo17 info17;
1013                 [case(18)] samr_UserInfo18 info18;
1014                 [case(20)] samr_UserInfo20 info20;
1015                 [case(21)] samr_UserInfo21 info21;
1016                 [case(23)] samr_UserInfo23 info23;
1017                 [case(24)] samr_UserInfo24 info24;
1018                 [case(25)] samr_UserInfo25 info25;
1019                 [case(26)] samr_UserInfo26 info26;
1020         } samr_UserInfo;
1021
1022         [public] NTSTATUS samr_QueryUserInfo(
1023                 [in,ref]                  policy_handle *user_handle,
1024                 [in]                      uint16 level,
1025                 [out,ref,switch_is(level)] samr_UserInfo **info
1026                 );
1027
1028
1029         /************************/
1030         /* Function    0x25     */
1031         [public] NTSTATUS samr_SetUserInfo(
1032                 [in,ref]                   policy_handle *user_handle,
1033                 [in]                       uint16 level,
1034                 [in,ref,switch_is(level)]  samr_UserInfo *info
1035                 );
1036
1037         /************************/
1038         /* Function    0x26     */
1039         /*
1040           this is a password change interface that doesn't give
1041           the server the plaintext password. Depricated.
1042         */
1043         NTSTATUS samr_ChangePasswordUser(
1044                 [in,ref]    policy_handle *user_handle,
1045                 [in]        boolean8 lm_present,
1046                 [in,unique] samr_Password *old_lm_crypted,
1047                 [in,unique] samr_Password *new_lm_crypted,
1048                 [in]        boolean8 nt_present,
1049                 [in,unique] samr_Password *old_nt_crypted,
1050                 [in,unique] samr_Password *new_nt_crypted,
1051                 [in]        boolean8 cross1_present,
1052                 [in,unique] samr_Password *nt_cross,
1053                 [in]        boolean8 cross2_present,
1054                 [in,unique] samr_Password *lm_cross
1055                 );
1056
1057         /************************/
1058         /* Function    0x27     */
1059
1060         typedef [public] struct {
1061                 uint32 rid;
1062                 samr_GroupAttrs attributes;
1063         } samr_RidWithAttribute;
1064
1065         typedef [public] struct {
1066                 uint32     count;
1067                 [size_is(count)] samr_RidWithAttribute *rids;
1068         } samr_RidWithAttributeArray;
1069
1070         NTSTATUS samr_GetGroupsForUser(
1071                 [in,ref]   policy_handle *user_handle,
1072                 [out,ref]  samr_RidWithAttributeArray  **rids
1073                 );
1074
1075         /************************/
1076         /* Function    0x28     */
1077
1078         typedef struct {
1079                 uint32    idx;
1080                 uint32    rid;
1081                 samr_AcctFlags acct_flags;
1082                 lsa_String account_name;
1083                 lsa_String description;
1084                 lsa_String full_name;
1085         } samr_DispEntryGeneral;
1086
1087         typedef struct {
1088                 uint32 count;
1089                 [size_is(count)] samr_DispEntryGeneral *entries;
1090         } samr_DispInfoGeneral;
1091
1092         typedef struct {
1093                 uint32    idx;
1094                 uint32    rid;
1095                 samr_AcctFlags acct_flags;
1096                 lsa_String account_name;
1097                 lsa_String description;
1098         } samr_DispEntryFull;
1099
1100         typedef struct {
1101                 uint32 count;
1102                 [size_is(count)] samr_DispEntryFull *entries;
1103         } samr_DispInfoFull;
1104
1105         typedef struct {
1106                 uint32    idx;
1107                 uint32    rid;
1108                 samr_GroupAttrs acct_flags;
1109                 lsa_String account_name;
1110                 lsa_String description;
1111         } samr_DispEntryFullGroup;
1112
1113         typedef struct {
1114                 uint32 count;
1115                 [size_is(count)] samr_DispEntryFullGroup *entries;
1116         } samr_DispInfoFullGroups;
1117
1118         typedef struct {
1119                 uint32    idx;
1120                 lsa_AsciiStringLarge account_name;
1121         } samr_DispEntryAscii;
1122
1123         typedef struct {
1124                 uint32 count;
1125                 [size_is(count)] samr_DispEntryAscii *entries;
1126         } samr_DispInfoAscii;
1127
1128         typedef [switch_type(uint16)] union {
1129                 [case(1)] samr_DispInfoGeneral info1;/* users */
1130                 [case(2)] samr_DispInfoFull info2; /* trust accounts? */
1131                 [case(3)] samr_DispInfoFullGroups info3; /* groups */
1132                 [case(4)] samr_DispInfoAscii info4; /* users */
1133                 [case(5)] samr_DispInfoAscii info5; /* groups */
1134         } samr_DispInfo;
1135
1136         NTSTATUS samr_QueryDisplayInfo(
1137                 [in,ref]    policy_handle *domain_handle,
1138                 [in]        uint16 level,
1139                 [in]        uint32 start_idx,
1140                 [in]        uint32 max_entries,
1141                 [in]        uint32 buf_size,
1142                 [out,ref]   uint32 *total_size,
1143                 [out,ref]   uint32 *returned_size,
1144                 [out,ref,switch_is(level)] samr_DispInfo *info
1145                 );
1146
1147
1148         /************************/
1149         /* Function    0x29     */
1150
1151         /*
1152           this seems to be an alphabetic search function. The returned index
1153           is the index for samr_QueryDisplayInfo needed to get names occurring
1154           after the specified name. The supplied name does not need to exist
1155           in the database (for example you can supply just a first letter for
1156           searching starting at that letter)
1157
1158           The level corresponds to the samr_QueryDisplayInfo level
1159         */
1160         NTSTATUS samr_GetDisplayEnumerationIndex(
1161                 [in,ref]    policy_handle *domain_handle,
1162                 [in]        uint16 level,
1163                 [in,ref]    lsa_String *name,
1164                 [out,ref]   uint32 *idx
1165                 );
1166
1167
1168
1169         /************************/
1170         /* Function    0x2a     */
1171
1172         /*
1173           w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
1174         */
1175         NTSTATUS samr_TestPrivateFunctionsDomain(
1176                 [in,ref]    policy_handle *domain_handle
1177                 );
1178
1179
1180         /************************/
1181         /* Function    0x2b     */
1182
1183         /*
1184           w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
1185         */
1186         NTSTATUS samr_TestPrivateFunctionsUser(
1187                 [in,ref]    policy_handle *user_handle
1188                 );
1189
1190
1191         /************************/
1192         /* Function    0x2c     */
1193
1194         typedef struct {
1195                 uint16 min_password_length;
1196                 samr_PasswordProperties password_properties;
1197         } samr_PwInfo;
1198
1199         [public] NTSTATUS samr_GetUserPwInfo(
1200                 [in,ref]    policy_handle *user_handle,
1201                 [out,ref]   samr_PwInfo *info
1202                 );
1203
1204         /************************/
1205         /* Function    0x2d     */
1206         NTSTATUS samr_RemoveMemberFromForeignDomain(
1207                 [in,ref]    policy_handle *domain_handle,
1208                 [in,ref]    dom_sid2 *sid
1209                 );
1210
1211         /************************/
1212         /* Function    0x2e     */
1213
1214         /*
1215           how is this different from QueryDomainInfo ??
1216         */
1217         NTSTATUS samr_QueryDomainInfo2(
1218                 [in,ref]      policy_handle *domain_handle,
1219                 [in]          uint16 level,
1220                 [out,ref,switch_is(level)] samr_DomainInfo **info
1221                 );
1222
1223         /************************/
1224         /* Function    0x2f     */
1225
1226         /*
1227           how is this different from QueryUserInfo ??
1228         */
1229         NTSTATUS samr_QueryUserInfo2(
1230                 [in,ref]                  policy_handle *user_handle,
1231                 [in]                      uint16 level,
1232                 [out,ref,switch_is(level)]    samr_UserInfo **info
1233                 );
1234
1235         /************************/
1236         /* Function    0x30     */
1237
1238         /*
1239           how is this different from QueryDisplayInfo??
1240         */
1241         NTSTATUS samr_QueryDisplayInfo2(
1242                 [in,ref]    policy_handle *domain_handle,
1243                 [in]        uint16 level,
1244                 [in]        uint32 start_idx,
1245                 [in]        uint32 max_entries,
1246                 [in]        uint32 buf_size,
1247                 [out,ref]   uint32 *total_size,
1248                 [out,ref]   uint32 *returned_size,
1249                 [out,ref,switch_is(level)] samr_DispInfo *info
1250                 );
1251
1252         /************************/
1253         /* Function    0x31     */
1254
1255         /*
1256           how is this different from GetDisplayEnumerationIndex ??
1257         */
1258         NTSTATUS samr_GetDisplayEnumerationIndex2(
1259                 [in,ref]    policy_handle *domain_handle,
1260                 [in]        uint16 level,
1261                 [in,ref]    lsa_String *name,
1262                 [out,ref]   uint32 *idx
1263                 );
1264
1265
1266         /************************/
1267         /* Function    0x32     */
1268         NTSTATUS samr_CreateUser2(
1269                 [in,ref]      policy_handle *domain_handle,
1270                 [in,ref]      lsa_String *account_name,
1271                 [in]          samr_AcctFlags acct_flags,
1272                 [in]          samr_UserAccessMask access_mask,
1273                 [out,ref]     policy_handle *user_handle,
1274                 [out,ref]     uint32 *access_granted,
1275                 [out,ref]     uint32 *rid
1276                 );
1277
1278
1279         /************************/
1280         /* Function    0x33     */
1281
1282         /*
1283           another duplicate. There must be a reason ....
1284         */
1285         NTSTATUS samr_QueryDisplayInfo3(
1286                 [in,ref]    policy_handle *domain_handle,
1287                 [in]        uint16 level,
1288                 [in]        uint32 start_idx,
1289                 [in]        uint32 max_entries,
1290                 [in]        uint32 buf_size,
1291                 [out,ref]   uint32 *total_size,
1292                 [out,ref]   uint32 *returned_size,
1293                 [out,ref,switch_is(level)] samr_DispInfo *info
1294                 );
1295
1296         /************************/
1297         /* Function    0x34     */
1298         NTSTATUS samr_AddMultipleMembersToAlias(
1299                 [in,ref]    policy_handle *alias_handle,
1300                 [in,ref]    lsa_SidArray *sids
1301                 );
1302
1303         /************************/
1304         /* Function    0x35     */
1305         NTSTATUS samr_RemoveMultipleMembersFromAlias(
1306                 [in,ref]    policy_handle *alias_handle,
1307                 [in,ref]    lsa_SidArray *sids
1308                 );
1309
1310         /************************/
1311         /* Function    0x36     */
1312
1313         NTSTATUS samr_OemChangePasswordUser2(
1314                 [in,unique]       lsa_AsciiString *server,
1315                 [in,ref]          lsa_AsciiString *account,
1316                 [in,unique]       samr_CryptPassword *password,
1317                 [in,unique]       samr_Password *hash
1318                 );
1319
1320         /************************/
1321         /* Function    0x37     */
1322         NTSTATUS samr_ChangePasswordUser2(
1323                 [in,unique]       lsa_String *server,
1324                 [in,ref]          lsa_String *account,
1325                 [in,unique]       samr_CryptPassword *nt_password,
1326                 [in,unique]       samr_Password *nt_verifier,
1327                 [in]              boolean8 lm_change,
1328                 [in,unique]       samr_CryptPassword *lm_password,
1329                 [in,unique]       samr_Password *lm_verifier
1330                 );
1331
1332         /************************/
1333         /* Function    0x38     */
1334         NTSTATUS samr_GetDomPwInfo(
1335                 [in,unique] lsa_String *domain_name,
1336                 [out,ref]   samr_PwInfo *info
1337                 );
1338
1339         /************************/
1340         /* Function    0x39     */
1341         NTSTATUS samr_Connect2(
1342                 [in,unique,string,charset(UTF16)] uint16 *system_name,
1343                 [in] samr_ConnectAccessMask access_mask,
1344                 [out,ref]  policy_handle *connect_handle
1345                 );
1346
1347         /************************/
1348         /* Function    0x3a     */
1349         /*
1350           seems to be an exact alias for samr_SetUserInfo()
1351         */
1352         [public] NTSTATUS samr_SetUserInfo2(
1353                 [in,ref]                   policy_handle *user_handle,
1354                 [in]                       uint16 level,
1355                 [in,ref,switch_is(level)]  samr_UserInfo *info
1356                 );
1357
1358         /************************/
1359         /* Function    0x3b     */
1360         /*
1361           this one is mysterious. I have a few guesses, but nothing working yet
1362         */
1363         NTSTATUS samr_SetBootKeyInformation(
1364                 [in,ref]   policy_handle *connect_handle,
1365                 [in]       uint32 unknown1,
1366                 [in]       uint32 unknown2,
1367                 [in]       uint32 unknown3
1368                 );
1369
1370         /************************/
1371         /* Function    0x3c     */
1372         NTSTATUS samr_GetBootKeyInformation(
1373                 [in,ref]   policy_handle *domain_handle,
1374                 [out,ref]  uint32 *unknown
1375                 );
1376
1377         /************************/
1378         /* Function    0x3d     */
1379         NTSTATUS samr_Connect3(
1380                 [in,unique,string,charset(UTF16)] uint16 *system_name,
1381                 /* this unknown value seems to be completely ignored by w2k3 */
1382                 [in] uint32 unknown,
1383                 [in] samr_ConnectAccessMask access_mask,
1384                 [out,ref]  policy_handle *connect_handle
1385                 );
1386
1387         /************************/
1388         /* Function    0x3e     */
1389
1390         typedef enum {
1391                 SAMR_CONNECT_PRE_W2K    = 1,
1392                 SAMR_CONNECT_W2K        = 2,
1393                 SAMR_CONNECT_AFTER_W2K  = 3
1394         } samr_ConnectVersion;
1395
1396         NTSTATUS samr_Connect4(
1397                 [in,unique,string,charset(UTF16)] uint16 *system_name,
1398                 [in] samr_ConnectVersion client_version,
1399                 [in] samr_ConnectAccessMask access_mask,
1400                 [out,ref]  policy_handle *connect_handle
1401                 );
1402
1403         /************************/
1404         /* Function    0x3f     */
1405
1406         typedef enum samr_RejectReason samr_RejectReason;
1407
1408         typedef struct {
1409                 samr_RejectReason reason;
1410                 uint32 unknown1;
1411                 uint32 unknown2;
1412         } samr_ChangeReject;
1413
1414         NTSTATUS samr_ChangePasswordUser3(
1415                 [in,unique]       lsa_String *server,
1416                 [in,ref]          lsa_String *account,
1417                 [in,unique]       samr_CryptPassword *nt_password,
1418                 [in,unique]       samr_Password *nt_verifier,
1419                 [in]              boolean8 lm_change,
1420                 [in,unique]       samr_CryptPassword *lm_password,
1421                 [in,unique]       samr_Password *lm_verifier,
1422                 [in,unique]       samr_CryptPassword *password3,
1423                 [out,ref]         samr_DomInfo1 **dominfo,
1424                 [out,ref]         samr_ChangeReject **reject
1425                 );
1426
1427         /************************/
1428         /* Function    0x40      */
1429
1430         typedef struct {
1431                 samr_ConnectVersion client_version; /* w2k3 gives 3 */
1432                 uint32         unknown2; /* w2k3 gives 0 */
1433         } samr_ConnectInfo1;
1434
1435         typedef union {
1436                 [case(1)]  samr_ConnectInfo1 info1;
1437         } samr_ConnectInfo;
1438
1439         [public] NTSTATUS samr_Connect5(
1440                 [in,unique,string,charset(UTF16)] uint16 *system_name,
1441                 [in]       samr_ConnectAccessMask  access_mask,
1442                 [in]       uint32             level_in,
1443                 [in,ref,switch_is(level_in)] samr_ConnectInfo *info_in,
1444                 [out,ref]  uint32             *level_out,
1445                 [out,ref,switch_is(*level_out)] samr_ConnectInfo *info_out,
1446                 [out,ref]  policy_handle      *connect_handle
1447                 );
1448
1449         /************************/
1450         /* Function    0x41     */
1451         NTSTATUS samr_RidToSid(
1452                 [in,ref]    policy_handle *domain_handle,
1453                 [in]        uint32        rid,
1454                 [out,ref]   dom_sid2      **sid
1455                 );
1456
1457         /************************/
1458         /* Function    0x42     */
1459
1460         /*
1461           this should set the DSRM password for the server, which is used
1462           when booting into Directory Services Recovery Mode on a DC. Win2003
1463           gives me NT_STATUS_NOT_SUPPORTED
1464         */
1465
1466         NTSTATUS samr_SetDsrmPassword(
1467                 [in,unique] lsa_String *name,
1468                 [in]       uint32 unknown,
1469                 [in,unique] samr_Password *hash
1470                 );
1471
1472
1473         /************************/
1474         /* Function    0x43     */
1475         /************************/
1476         typedef [bitmap32bit] bitmap {
1477                 SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET           = 0x00000001,
1478                 SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME           = 0x00000002,
1479                 SAMR_VALIDATE_FIELD_LOCKOUT_TIME                = 0x00000004,
1480                 SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT          = 0x00000008,
1481                 SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH     = 0x00000010,
1482                 SAMR_VALIDATE_FIELD_PASSWORD_HISTORY            = 0x00000020
1483         } samr_ValidateFieldsPresent;
1484
1485         typedef enum {
1486                 NetValidateAuthentication = 1,
1487                 NetValidatePasswordChange= 2,
1488                 NetValidatePasswordReset = 3
1489         } samr_ValidatePasswordLevel;
1490
1491         /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't
1492          * identified the mapping of
1493          * - NERR_PasswordFilterError
1494          * - NERR_PasswordExpired and
1495          * - NERR_PasswordCantChange
1496          * yet - Guenther
1497          */
1498
1499         typedef enum {
1500                 SAMR_VALIDATION_STATUS_SUCCESS = 0,
1501                 SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1,
1502                 SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2,
1503                 SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4,
1504                 SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5,
1505                 SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6,
1506                 SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7,
1507                 SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8,
1508                 SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9
1509         } samr_ValidationStatus;
1510
1511         typedef struct {
1512                 uint32 length;
1513                 [size_is(length)] uint8 *data;
1514         } samr_ValidationBlob;
1515
1516         typedef struct {
1517                 samr_ValidateFieldsPresent fields_present;
1518                 NTTIME_hyper last_password_change;
1519                 NTTIME_hyper bad_password_time;
1520                 NTTIME_hyper lockout_time;
1521                 uint32 bad_pwd_count;
1522                 uint32 pwd_history_len;
1523                 [size_is(pwd_history_len)] samr_ValidationBlob *pwd_history;
1524         } samr_ValidatePasswordInfo;
1525
1526         typedef struct {
1527                 samr_ValidatePasswordInfo info;
1528                 samr_ValidationStatus status;
1529         } samr_ValidatePasswordRepCtr;
1530
1531         typedef [switch_type(uint16)] union {
1532                 [case(1)] samr_ValidatePasswordRepCtr ctr1;
1533                 [case(2)] samr_ValidatePasswordRepCtr ctr2;
1534                 [case(3)] samr_ValidatePasswordRepCtr ctr3;
1535         } samr_ValidatePasswordRep;
1536
1537         typedef struct {
1538                 samr_ValidatePasswordInfo info;
1539                 lsa_StringLarge password;
1540                 lsa_StringLarge account;
1541                 samr_ValidationBlob hash;
1542                 boolean8 pwd_must_change_at_next_logon;
1543                 boolean8 clear_lockout;
1544         } samr_ValidatePasswordReq3;
1545
1546         typedef struct {
1547                 samr_ValidatePasswordInfo info;
1548                 lsa_StringLarge password;
1549                 lsa_StringLarge account;
1550                 samr_ValidationBlob hash;
1551                 boolean8 password_matched;
1552         } samr_ValidatePasswordReq2;
1553
1554         typedef struct {
1555                 samr_ValidatePasswordInfo info;
1556                 boolean8 password_matched;
1557         } samr_ValidatePasswordReq1;
1558
1559         typedef [switch_type(uint16)] union {
1560                 [case(1)] samr_ValidatePasswordReq1 req1;
1561                 [case(2)] samr_ValidatePasswordReq2 req2;
1562                 [case(3)] samr_ValidatePasswordReq3 req3;
1563         } samr_ValidatePasswordReq;
1564
1565         NTSTATUS samr_ValidatePassword(
1566                 [in] samr_ValidatePasswordLevel level,
1567                 [in,switch_is(level)] samr_ValidatePasswordReq *req,
1568                 [out,ref,switch_is(level)] samr_ValidatePasswordRep **rep
1569                 );
1570 }