4 samr interface definition
8 Thanks to Todd Sabin for some information from his samr.idl in acltools
11 [ uuid(12345778-1234-abcd-ef00-0123456789ac),
13 pointer_default(unique)
18 NTSTATUS samr_Connect (
19 /* notice the lack of [string] */
20 [in] uint16 *system_name,
21 [in] uint32 access_mask,
22 [out,ref] policy_handle *handle
29 [in,out,ref] policy_handle *handle
36 [value(ndr_size_security_descriptor(r->sd))] uint32 sd_size;
37 [subcontext(4)] security_descriptor *sd;
40 NTSTATUS samr_SetSecurity (
41 [in,ref] policy_handle *handle,
43 [in,ref] samr_SdBuf *sdbuf
49 NTSTATUS samr_QuerySecurity (
50 [in,ref] policy_handle *handle,
52 [out] samr_SdBuf *sdbuf
57 NTSTATUS samr_Shutdown ();
62 [value(2*strlen_m(r->name))] uint16 name_len;
63 [value(r->name_len)] uint16 name_size;
67 NTSTATUS samr_LookupDomain (
68 [in,ref] policy_handle *handle,
69 [in,ref] samr_Name *domain,
84 [size_is(count)] samr_SamEntry *entries;
87 NTSTATUS samr_EnumDomains (
88 [in,ref] policy_handle *handle,
89 [in,out,ref] uint32 *resume_handle,
91 [out] samr_SamArray *sam,
92 [out] uint32 num_entries
96 /************************/
98 NTSTATUS samr_OpenDomain(
99 [in,ref] policy_handle *handle,
100 [in] uint32 access_mask,
101 [in,ref] dom_sid2 *sid,
102 [out,ref] policy_handle *domain_handle
105 /************************/
109 uint16 min_length_password;
110 uint16 password_history;
113 NTTIME min_passwordage;
117 ULONG8 force_logoff_time;
119 samr_Name domain; /* domain name */
120 samr_Name primary; /* PDC name if this is a BDC */
121 HYPER_T sequence_num;
131 ULONG8 force_logoff_time;
151 HYPER_T sequence_num;
152 NTTIME last_xxx_time;
160 ULONG8 force_logoff_time;
164 HYPER_T sequence_num;
171 HYPER_T lockout_duration;
172 HYPER_T lockout_window;
173 uint16 lockout_threshold;
177 HYPER_T lockout_duration;
178 HYPER_T lockout_window;
179 uint16 lockout_threshold;
183 HYPER_T sequence_num;
184 NTTIME last_xxx_time;
190 [case(1)] samr_DomInfo1 info1;
191 [case(2)] samr_DomInfo2 info2;
192 [case(3)] samr_DomInfo3 info3;
193 [case(4)] samr_DomInfo4 info4;
194 [case(5)] samr_DomInfo5 info5;
195 [case(6)] samr_DomInfo6 info6;
196 [case(7)] samr_DomInfo7 info7;
197 [case(8)] samr_DomInfo8 info8;
198 [case(9)] samr_DomInfo9 info9;
199 [case(11)] samr_DomInfo11 info11;
200 [case(12)] samr_DomInfo12 info12;
201 [case(13)] samr_DomInfo13 info13;
204 NTSTATUS samr_QueryDomainInfo(
205 [in,ref] policy_handle *handle,
207 [out,switch_is(level)] samr_DomainInfo *info
210 /************************/
213 only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
216 NTSTATUS samr_SetDomainInfo(
217 [in,ref] policy_handle *handle,
219 [in,switch_is(level),ref] samr_DomainInfo *info
223 /************************/
225 NTSTATUS samr_CreateDomainGroup(
226 [in,ref] policy_handle *handle,
227 [in,ref] samr_Name *name,
228 [in] uint32 access_mask,
229 [out,ref] policy_handle *group_handle,
230 [out,ref] uint32 *rid
234 /************************/
236 NTSTATUS samr_EnumDomainGroups(
237 [in,ref] policy_handle *handle,
238 [in,out,ref] uint32 *resume_handle,
239 [in] uint32 max_size,
240 [out] samr_SamArray *sam,
241 [out] uint32 num_entries
244 /************************/
246 NTSTATUS samr_CreateUser(
247 [in,ref] policy_handle *handle,
248 [in,ref] samr_Name *username,
249 [in] uint32 access_mask,
250 [out,ref] policy_handle *acct_handle,
251 [out,ref] uint32 *rid
254 /************************/
256 NTSTATUS samr_EnumDomainUsers(
257 [in,ref] policy_handle *handle,
258 [in,out,ref] uint32 *resume_handle,
259 [in] uint32 acct_flags,
260 [in] uint32 max_size,
261 [out] samr_SamArray *sam,
262 [out] uint32 num_entries
265 /************************/
267 NTSTATUS samr_CreateDomAlias(
268 [in,ref] policy_handle *handle,
269 [in,ref] samr_Name *aliasname,
270 [in] uint32 access_mask,
271 [out,ref] policy_handle *acct_handle,
272 [out,ref] uint32 *rid
275 /************************/
277 NTSTATUS samr_EnumDomainAliases(
278 [in,ref] policy_handle *handle,
279 [in,out,ref] uint32 *resume_handle,
280 [in] uint32 max_size,
281 [out] samr_SamArray *sam,
282 [out] uint32 num_entries
285 /************************/
290 [size_is(count)] uint32 *ids;
293 NTSTATUS samr_GetAliasMembership(
294 [in,ref] policy_handle *handle,
295 [in,ref] lsa_SidArray *sids,
299 /************************/
302 NTSTATUS samr_LookupNames(
303 [in,ref] policy_handle *handle,
304 [in] uint32 num_names,
305 [in,ref,size_is(1000),length_is(num_names)] samr_Name *names,
311 /************************/
316 [size_is(count)] samr_Name *names;
319 NTSTATUS samr_LookupRids(
320 [in,ref] policy_handle *handle,
321 [in] uint32 num_rids,
322 [in,ref,size_is(1000),length_is(num_rids)] uint32 *rids,
323 [out] samr_Names names,
327 /************************/
329 NTSTATUS samr_OpenGroup(
330 [in,ref] policy_handle *handle,
331 [in] uint32 access_mask,
333 [out,ref] policy_handle *acct_handle
337 /************************/
344 samr_Name description;
352 samr_Name description;
353 } samr_GroupInfoDesciption;
363 [case(GroupInfoAll)] samr_GroupInfoAll all;
364 [case(GroupInfoName)] samr_Name name;
365 [case(GroupInfoX)] samr_GroupInfoX unknown;
366 [case(GroupInfoDescription)] samr_Name description;
369 NTSTATUS samr_QueryGroupInfo(
370 [in,ref] policy_handle *handle,
372 [out,switch_is(level)] samr_GroupInfo *info
375 /************************/
377 NTSTATUS samr_SetGroupInfo(
378 [in,ref] policy_handle *handle,
380 [in,switch_is(level),ref] samr_GroupInfo *info
383 /************************/
385 NTSTATUS samr_AddGroupMember(
386 [in,ref] policy_handle *handle,
391 /************************/
393 NTSTATUS samr_DeleteDomainGroup(
394 [in,out,ref] policy_handle *handle
397 /************************/
399 NTSTATUS samr_DeleteGroupMember(
400 [in,ref] policy_handle *handle,
404 /************************/
406 NTSTATUS samr_QUERY_GROUPMEM();
408 /************************/
410 NTSTATUS samr_SET_MEMBER_ATTRIBUTES_OF_GROUP();
413 /************************/
415 NTSTATUS samr_OpenAlias (
416 [in,ref] policy_handle *handle,
417 [in] uint32 access_mask,
419 [out,ref] policy_handle *acct_handle
423 /************************/
429 samr_Name description;
433 [case(1)] samr_AliasInfoAll all;
434 [case(2)] samr_Name name;
435 [case(3)] samr_Name description;
438 NTSTATUS samr_QueryAliasInfo(
439 [in,ref] policy_handle *handle,
441 [out,switch_is(level)] samr_AliasInfo *info
444 /************************/
446 NTSTATUS samr_SetAliasInfo(
447 [in,ref] policy_handle *handle,
449 [in,switch_is(level)] samr_AliasInfo info
452 /************************/
454 NTSTATUS samr_DeleteDomAlias(
455 [in,out,ref] policy_handle *handle
458 /************************/
460 NTSTATUS samr_AddAliasMem(
461 [in,ref] policy_handle *handle,
462 [in,ref] dom_sid2 *sid
465 /************************/
467 NTSTATUS samr_DelAliasMem(
468 [in,ref] policy_handle *handle,
469 [in,ref] dom_sid2 *sid
472 /************************/
474 NTSTATUS samr_GetMembersInAlias(
475 [in,ref] policy_handle *handle,
476 [out,ref] lsa_SidArray *sids
479 /************************/
481 NTSTATUS samr_OpenUser(
482 [in,ref] policy_handle *handle,
483 [in] uint32 access_mask,
485 [out,ref] policy_handle *acct_handle
488 /************************/
490 NTSTATUS samr_DeleteUser(
491 [in,out,ref] policy_handle *handle
494 /************************/
500 samr_Name description;
506 samr_Name unknown; /* settable, but doesn't stick. probably obsolete */
516 samr_Name home_directory;
517 samr_Name home_drive;
518 samr_Name logon_script;
520 samr_Name workstations;
523 NTTIME last_pwd_change;
524 NTTIME allow_pwd_change;
525 NTTIME force_pwd_change;
526 samr_LogonHours logon_hours;
527 uint16 bad_pwd_count;
533 samr_LogonHours logon_hours;
541 samr_Name home_directory;
542 samr_Name home_drive;
543 samr_Name logon_script;
545 samr_Name description;
546 samr_Name workstations;
549 samr_LogonHours logon_hours;
550 uint16 bad_pwd_count;
552 NTTIME last_pwd_change;
576 samr_Name home_drive;
580 samr_Name logon_script;
588 samr_Name description;
592 samr_Name workstations;
610 NTTIME last_pwd_change;
612 NTTIME allow_pwd_change;
613 NTTIME force_pwd_change;
617 samr_Name home_drive;
618 samr_Name logon_script;
620 samr_Name description;
621 samr_Name workstations;
628 [size_is(buf_count)] uint8 *buffer;
632 uint32 fields_present;
633 samr_LogonHours logon_hours;
634 uint16 bad_pwd_count;
644 typedef [flag(NDR_PAHEX)] struct {
646 } samr_CryptPassword;
649 samr_CryptPassword password;
654 [case(1)] samr_UserInfo1 info1;
655 [case(2)] samr_UserInfo2 info2;
656 [case(3)] samr_UserInfo3 info3;
657 [case(4)] samr_UserInfo4 info4;
658 [case(5)] samr_UserInfo5 info5;
659 [case(6)] samr_UserInfo6 info6;
660 [case(7)] samr_UserInfo7 info7;
661 [case(8)] samr_UserInfo8 info8;
662 [case(9)] samr_UserInfo9 info9;
663 [case(10)] samr_UserInfo10 info10;
664 [case(11)] samr_UserInfo11 info11;
665 [case(12)] samr_UserInfo12 info12;
666 [case(13)] samr_UserInfo13 info13;
667 [case(14)] samr_UserInfo14 info14;
668 [case(16)] samr_UserInfo16 info16;
669 [case(17)] samr_UserInfo17 info17;
670 [case(20)] samr_UserInfo20 info20;
671 [case(21)] samr_UserInfo21 info21;
672 [case(24)] samr_UserInfo24 info24;
675 NTSTATUS samr_QueryUserInfo(
676 [in,ref] policy_handle *handle,
678 [out,switch_is(level)] samr_UserInfo *info
682 /************************/
684 NTSTATUS samr_SetUserInfo(
685 [in,ref] policy_handle *handle,
687 [in,ref,switch_is(level)] samr_UserInfo *info
690 /************************/
693 typedef [flag(NDR_PAHEX)] struct {
698 this interface is quite mysterious. I can make w2k3 give me
699 NT_STATUS_PASSWORD_RESTRICTION and NT_STATUS_WRONG_PASSWORD
700 with various options, but so far I haven't managed a successful
701 password change. Perhaps this interface is disabled now?
702 Needs testing against NT4
704 NTSTATUS samr_ChangePasswordUser(
705 [in,ref] policy_handle *handle,
707 [in] samr_Hash *hash1,
708 [in] samr_Hash *hash2,
710 [in] samr_Hash *hash3,
711 [in] samr_Hash *hash4,
713 [in] samr_Hash *hash5,
715 [in] samr_Hash *hash6
718 /************************/
728 [size_is(count)] samr_RidType *rid;
731 NTSTATUS samr_GetGroupsForUser(
732 [in,ref] policy_handle *handle,
733 [out] samr_RidArray *rids
736 /************************/
743 samr_Name account_name;
745 samr_Name description;
746 } samr_DispEntryGeneral;
750 [size_is(count)] samr_DispEntryGeneral *entries;
751 } samr_DispInfoGeneral;
757 samr_Name account_name;
758 samr_Name description;
759 } samr_DispEntryFull;
763 [size_is(count)] samr_DispEntryFull *entries;
767 [value(strlen_m(r->name))] uint16 name_len;
768 [value(strlen_m(r->name))] uint16 name_size;
774 samr_AsciiName account_name;
775 } samr_DispEntryAscii;
779 [size_is(count)] samr_DispEntryAscii *entries;
780 } samr_DispInfoAscii;
783 [case(1)] samr_DispInfoGeneral info1;/* users */
784 [case(2)] samr_DispInfoFull info2; /* trust accounts? */
785 [case(3)] samr_DispInfoFull info3; /* groups */
786 [case(4)] samr_DispInfoAscii info4; /* users */
787 [case(5)] samr_DispInfoAscii info5; /* groups */
790 NTSTATUS samr_QueryDisplayInfo(
791 [in,ref] policy_handle *handle,
793 [in] uint32 start_idx,
794 [in] uint32 max_entries,
795 [in] uint32 buf_size,
796 [out] uint32 total_size,
797 [out] uint32 returned_size,
798 [out,switch_is(level)] samr_DispInfo info
802 /************************/
806 this seems to be an alphabetic search function. The returned index
807 is the index for samr_QueryDisplayInfo needed to get names occurring
808 after the specified name. The supplied name does not need to exist
809 in the database (for example you can supply just a first letter for
810 searching starting at that letter)
812 The level corresponds to the samr_QueryDisplayInfo level
814 NTSTATUS samr_GetDisplayEnumerationIndex(
815 [in,ref] policy_handle *handle,
823 /************************/
827 w2k3 return NT_STATUS_NOT_IMPLEMENTED for this
829 NTSTATUS samr_TestPrivateFunctionsDomain(
830 [in,ref] policy_handle *handle
834 /************************/
838 w2k3 return NT_STATUS_NOT_IMPLEMENTED for this
840 NTSTATUS samr_TestPrivateFunctionsUser(
841 [in,ref] policy_handle *handle
845 /************************/
848 /* password properties flags */
849 const uint32 DOMAIN_PASSWORD_COMPLEX = 0x00000001;
850 const uint32 DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002;
851 const uint32 DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004;
852 const uint32 DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010;
853 const uint32 DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020;
857 uint32 password_properties;
860 NTSTATUS samr_GetUserPwInfo(
861 [in,ref] policy_handle *handle,
862 [out] samr_PwInfo info
865 /************************/
867 NTSTATUS samr_RemoveMemberFromForeignDomain(
868 [in,ref] policy_handle *handle,
869 [in,ref] dom_sid2 *sid
872 /************************/
876 how is this different from QueryDomainInfo ??
878 NTSTATUS samr_QueryDomainInfo2(
879 [in,ref] policy_handle *handle,
881 [out,switch_is(level)] samr_DomainInfo *info
884 /************************/
888 how is this different from QueryUserInfo ??
890 NTSTATUS samr_QueryUserInfo2(
891 [in,ref] policy_handle *handle,
893 [out,switch_is(level)] samr_UserInfo *info
896 /************************/
900 how is this different from QueryDisplayInfo??
902 NTSTATUS samr_QueryDisplayInfo2(
903 [in,ref] policy_handle *handle,
905 [in] uint32 start_idx,
906 [in] uint32 max_entries,
907 [in] uint32 buf_size,
908 [out] uint32 total_size,
909 [out] uint32 returned_size,
910 [out,switch_is(level)] samr_DispInfo info
913 /************************/
917 how is this different from GetDisplayEnumerationIndex ??
919 NTSTATUS samr_GetDisplayEnumerationIndex2(
920 [in,ref] policy_handle *handle,
927 /************************/
929 NTSTATUS samr_CreateUser2(
930 /************************/
931 [in,ref] policy_handle *handle,
932 [in,ref] samr_Name *username,
933 [in] uint32 acct_flags,
934 [in] uint32 access_mask,
935 [out,ref] policy_handle *acct_handle,
936 [out,ref] uint32 *access_granted,
937 [out,ref] uint32 *rid
941 /************************/
945 another duplicate. There must be a reason ....
947 NTSTATUS samr_QueryDisplayInfo3(
948 [in,ref] policy_handle *handle,
950 [in] uint32 start_idx,
951 [in] uint32 max_entries,
952 [in] uint32 buf_size,
953 [out] uint32 total_size,
954 [out] uint32 returned_size,
955 [out,switch_is(level)] samr_DispInfo info
958 /************************/
960 NTSTATUS samr_AddMultipleMembersToAlias(
961 [in,ref] policy_handle *handle,
962 [in,ref] lsa_SidArray *sids
965 /************************/
967 NTSTATUS samr_RemoveMultipleMembersFromAlias(
968 [in,ref] policy_handle *handle,
969 [in,ref] lsa_SidArray *sids
972 /************************/
975 NTSTATUS samr_OemChangePasswordUser2(
976 [in] samr_AsciiName *server,
977 [in,ref] samr_AsciiName *account,
978 [in] samr_CryptPassword *password,
982 /************************/
984 NTSTATUS samr_ChangePasswordUser2(
985 [in] samr_Name *server,
986 [in,ref] samr_Name *account,
987 [in] samr_CryptPassword *nt_password,
988 [in] samr_Hash *nt_verifier,
989 [in] bool8 lm_change,
990 [in] samr_CryptPassword *lm_password,
991 [in] samr_Hash *lm_verifier
994 /************************/
996 NTSTATUS samr_GetDomPwInfo(
997 [in] samr_Name *name,
998 [out] samr_PwInfo info
1001 /************************/
1003 NTSTATUS samr_Connect2(
1004 [in] unistr *system_name,
1005 [in] uint32 access_mask,
1006 [out,ref] policy_handle *handle
1009 /************************/
1012 seems to be an exact alias for samr_SetUserInfo()
1014 NTSTATUS samr_SetUserInfo2(
1015 [in,ref] policy_handle *handle,
1017 [in,ref,switch_is(level)] samr_UserInfo *info
1020 /************************/
1023 this one is mysterious. I have a few guesses, but nothing working yet
1025 NTSTATUS samr_SetBootKeyInformation(
1026 [in,ref] policy_handle *handle
1027 [in] uint32 unknown1,
1028 [in] uint32 unknown2,
1029 [in] uint32 unknown3
1032 /************************/
1034 NTSTATUS samr_GetBootKeyInformation(
1035 [in,ref] policy_handle *handle,
1036 [out] uint32 unknown
1039 /************************/
1041 NTSTATUS samr_Connect3(
1042 [in] unistr *system_name,
1043 [in] uint32 unknown,
1044 [in] uint32 access_mask,
1045 [out,ref] policy_handle *handle
1048 /************************/
1050 NTSTATUS samr_Connect4(
1051 [in] unistr *system_name,
1052 [in] uint32 unknown,
1053 [in] uint32 access_mask,
1054 [out,ref] policy_handle *handle
1057 /************************/
1059 NTSTATUS samr_UNICODE_CHANGE_PASSWORD_USER3();
1061 /************************/
1063 NTSTATUS samr_Connect5(
1064 [in] unistr *system_name,
1065 [in] uint32 access_mask,
1066 [in] uint32 unknown0,
1067 [in] uint32 unknown1,
1068 [in] uint32 unknown2,
1069 [in] uint32 unknown3,
1070 [out] uint32 unknown4,
1071 [out] uint32 unknown5,
1072 [out] uint32 unknown6,
1073 [out] uint32 unknown7,
1074 [out,ref] policy_handle *handle
1077 /************************/
1079 NTSTATUS samr_RidToSid(
1080 [in,ref] policy_handle *handle,
1085 /************************/
1087 NTSTATUS samr_SET_DSRM_PASSWORD();
1089 /************************/
1091 NTSTATUS samr_VALIDATE_PASSWORD();