4 samr interface definition
8 Thanks to Todd Sabin for some information from his samr.idl in acltools
11 [ uuid("12345778-1234-abcd-ef00-0123456789ac"),
13 endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
14 pointer_default(unique),
18 /* account control (acct_flags) bits */
19 typedef [public] bitmap {
20 ACB_DISABLED = 0x00000001, /* 1 = User account disabled */
21 ACB_HOMDIRREQ = 0x00000002, /* 1 = Home directory required */
22 ACB_PWNOTREQ = 0x00000004, /* 1 = User password not required */
23 ACB_TEMPDUP = 0x00000008, /* 1 = Temporary duplicate account */
24 ACB_NORMAL = 0x00000010, /* 1 = Normal user account */
25 ACB_MNS = 0x00000020, /* 1 = MNS logon user account */
26 ACB_DOMTRUST = 0x00000040, /* 1 = Interdomain trust account */
27 ACB_WSTRUST = 0x00000080, /* 1 = Workstation trust account */
28 ACB_SVRTRUST = 0x00000100, /* 1 = Server trust account */
29 ACB_PWNOEXP = 0x00000200, /* 1 = User password does not expire */
30 ACB_AUTOLOCK = 0x00000400 /* 1 = Account auto locked */
35 NTSTATUS samr_Connect (
36 /* notice the lack of [string] */
37 [in] uint16 *system_name,
38 [in] uint32 access_mask,
39 [out,ref] policy_handle *connect_handle
46 [in,out,ref] policy_handle *handle
52 NTSTATUS samr_SetSecurity (
53 [in,ref] policy_handle *handle,
55 [in,ref] sec_desc_buf *sdbuf
61 NTSTATUS samr_QuerySecurity (
62 [in,ref] policy_handle *handle,
64 [out] sec_desc_buf *sdbuf
71 shutdown the SAM - once you call this the SAM will be dead
73 NTSTATUS samr_Shutdown (
74 [in,ref] policy_handle *connect_handle
80 [value(2*strlen_m(r->string))] uint16 length;
81 [value(r->length)] uint16 size;
82 unistr_noterm *string;
85 NTSTATUS samr_LookupDomain (
86 [in,ref] policy_handle *connect_handle,
87 [in,ref] samr_String *domain,
102 [size_is(count)] samr_SamEntry *entries;
105 NTSTATUS samr_EnumDomains (
106 [in,ref] policy_handle *connect_handle,
107 [in,out,ref] uint32 *resume_handle,
108 [in] uint32 buf_size,
109 [out] samr_SamArray *sam,
110 [out] uint32 num_entries
114 /************************/
116 NTSTATUS samr_OpenDomain(
117 [in,ref] policy_handle *connect_handle,
118 [in] uint32 access_mask,
119 [in,ref] dom_sid2 *sid,
120 [out,ref] policy_handle *domain_handle
123 /************************/
127 uint16 min_password_length;
128 uint16 password_history_length;
129 uint32 password_properties;
130 /* yes, these are signed. They are in negative 100ns */
131 int64 max_password_age;
132 int64 min_password_age;
136 NTTIME force_logoff_time;
138 samr_String domain; /* domain name */
139 samr_String primary; /* PDC name if this is a BDC */
150 NTTIME force_logoff_time;
158 samr_String domain_name;
170 HYPER_T sequence_num;
171 NTTIME domain_create_time;
175 uint32 unknown; /* w2k3 returns 1 */
180 HYPER_T lockout_duration;
181 HYPER_T lockout_window;
182 uint16 lockout_threshold;
186 HYPER_T lockout_duration;
187 HYPER_T lockout_window;
188 uint16 lockout_threshold;
192 HYPER_T sequence_num;
193 NTTIME domain_create_time;
199 [case(1)] samr_DomInfo1 info1;
200 [case(2)] samr_DomInfo2 info2;
201 [case(3)] samr_DomInfo3 info3;
202 [case(4)] samr_DomInfo4 info4;
203 [case(5)] samr_DomInfo5 info5;
204 [case(6)] samr_DomInfo6 info6;
205 [case(7)] samr_DomInfo7 info7;
206 [case(8)] samr_DomInfo8 info8;
207 [case(9)] samr_DomInfo9 info9;
208 [case(11)] samr_DomInfo11 info11;
209 [case(12)] samr_DomInfo12 info12;
210 [case(13)] samr_DomInfo13 info13;
213 NTSTATUS samr_QueryDomainInfo(
214 [in,ref] policy_handle *domain_handle,
216 [out,switch_is(level)] samr_DomainInfo *info
219 /************************/
222 only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
225 NTSTATUS samr_SetDomainInfo(
226 [in,ref] policy_handle *domain_handle,
228 [in,switch_is(level),ref] samr_DomainInfo *info
232 /************************/
234 NTSTATUS samr_CreateDomainGroup(
235 [in,ref] policy_handle *domain_handle,
236 [in,ref] samr_String *name,
237 [in] uint32 access_mask,
238 [out,ref] policy_handle *group_handle,
239 [out,ref] uint32 *rid
243 /************************/
245 NTSTATUS samr_EnumDomainGroups(
246 [in,ref] policy_handle *domain_handle,
247 [in,out,ref] uint32 *resume_handle,
248 [in] uint32 max_size,
249 [out] samr_SamArray *sam,
250 [out] uint32 num_entries
253 /************************/
255 NTSTATUS samr_CreateUser(
256 [in,ref] policy_handle *domain_handle,
257 [in,ref] samr_String *account_name,
258 [in] uint32 access_mask,
259 [out,ref] policy_handle *user_handle,
260 [out,ref] uint32 *rid
263 /************************/
267 /* w2k3 treats max_size as max_users*54 and sets the
268 resume_handle as the rid of the last user sent
270 const int SAMR_ENUM_USERS_MULTIPLIER = 54;
272 NTSTATUS samr_EnumDomainUsers(
273 [in,ref] policy_handle *domain_handle,
274 [in,out,ref] uint32 *resume_handle,
275 [in] samr_AcctFlags acct_flags,
276 [in] uint32 max_size,
277 [out] samr_SamArray *sam,
278 [out] uint32 num_entries
281 /************************/
283 NTSTATUS samr_CreateDomAlias(
284 [in,ref] policy_handle *domain_handle,
285 [in,ref] samr_String *aliasname,
286 [in] uint32 access_mask,
287 [out,ref] policy_handle *alias_handle,
288 [out,ref] uint32 *rid
291 /************************/
293 NTSTATUS samr_EnumDomainAliases(
294 [in,ref] policy_handle *domain_handle,
295 [in,out,ref] uint32 *resume_handle,
296 [in] samr_AcctFlags acct_flags,
297 [out] samr_SamArray *sam,
298 [out] uint32 num_entries
301 /************************/
305 SID_NAME_USE_NONE = 0,/* NOTUSED */
306 SID_NAME_USER = 1, /* user */
307 SID_NAME_DOM_GRP = 2, /* domain group */
308 SID_NAME_DOMAIN = 3, /* domain: don't know what this is */
309 SID_NAME_ALIAS = 4, /* local group */
310 SID_NAME_WKN_GRP = 5, /* well-known group */
311 SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating */
312 SID_NAME_INVALID = 7, /* invalid account */
313 SID_NAME_UNKNOWN = 8 /* oops. */
317 [range(0,1024)] uint32 count;
318 [size_is(count)] uint32 *ids;
321 NTSTATUS samr_GetAliasMembership(
322 [in,ref] policy_handle *domain_handle,
323 [in,ref] lsa_SidArray *sids,
324 [out,ref] samr_Ids *rids
327 /************************/
330 NTSTATUS samr_LookupNames(
331 [in,ref] policy_handle *domain_handle,
332 [in,range(0,1000)] uint32 num_names,
333 [in,ref,size_is(1000),length_is(num_names)] samr_String *names,
339 /************************/
344 [size_is(count)] samr_String *names;
347 NTSTATUS samr_LookupRids(
348 [in,ref] policy_handle *domain_handle,
349 [in,range(0,1000)] uint32 num_rids,
350 [in,ref,size_is(1000),length_is(num_rids)] uint32 *rids,
351 [out] samr_Strings names,
355 /************************/
357 NTSTATUS samr_OpenGroup(
358 [in,ref] policy_handle *domain_handle,
359 [in] uint32 access_mask,
361 [out,ref] policy_handle *group_handle
365 /************************/
372 samr_String description;
380 samr_String description;
381 } samr_GroupInfoDesciption;
387 GroupInfoDescription = 4,
392 [case(GroupInfoAll)] samr_GroupInfoAll all;
393 [case(GroupInfoName)] samr_String name;
394 [case(GroupInfoX)] samr_GroupInfoX unknown;
395 [case(GroupInfoDescription)] samr_String description;
396 [case(GroupInfoAll2)] samr_GroupInfoAll all2;
399 NTSTATUS samr_QueryGroupInfo(
400 [in,ref] policy_handle *group_handle,
401 [in] GroupInfo level,
402 [out,switch_is(level)] samr_GroupInfo *info
405 /************************/
407 NTSTATUS samr_SetGroupInfo(
408 [in,ref] policy_handle *group_handle,
409 [in] GroupInfo level,
410 [in,switch_is(level),ref] samr_GroupInfo *info
413 /************************/
415 NTSTATUS samr_AddGroupMember(
416 [in,ref] policy_handle *group_handle,
421 /************************/
423 NTSTATUS samr_DeleteDomainGroup(
424 [in,out,ref] policy_handle *group_handle
427 /************************/
429 NTSTATUS samr_DeleteGroupMember(
430 [in,ref] policy_handle *group_handle,
435 /************************/
439 [size_is(count)] uint32 *rids;
440 [size_is(count)] uint32 *unknown;
443 NTSTATUS samr_QueryGroupMember(
444 [in,ref] policy_handle *group_handle,
445 [out] samr_ridArray *rids
449 /************************/
453 win2003 seems to accept any data at all for the two integers
454 below, and doesn't seem to do anything with them that I can
455 see. Weird. I really expected the first integer to be a rid
456 and the second to be the attributes for that rid member.
458 NTSTATUS samr_SetMemberAttributesOfGroup(
459 [in,ref] policy_handle *group_handle,
460 [in] uint32 unknown1,
465 /************************/
467 NTSTATUS samr_OpenAlias (
468 [in,ref] policy_handle *domain_handle,
469 [in] uint32 access_mask,
471 [out,ref] policy_handle *alias_handle
475 /************************/
481 samr_String description;
487 AliasInfoDescription = 3
491 [case(AliasInfoAll)] samr_AliasInfoAll all;
492 [case(AliasInfoName)] samr_String name;
493 [case(AliasInfoDescription)] samr_String description;
496 NTSTATUS samr_QueryAliasInfo(
497 [in,ref] policy_handle *alias_handle,
498 [in] AliasInfo level,
499 [out,switch_is(level)] samr_AliasInfo *info
502 /************************/
504 NTSTATUS samr_SetAliasInfo(
505 [in,ref] policy_handle *alias_handle,
506 [in] AliasInfo level,
507 [in,switch_is(level),ref] samr_AliasInfo *info
510 /************************/
512 NTSTATUS samr_DeleteDomAlias(
513 [in,out,ref] policy_handle *alias_handle
516 /************************/
518 NTSTATUS samr_AddAliasMember(
519 [in,ref] policy_handle *alias_handle,
520 [in,ref] dom_sid2 *sid
523 /************************/
525 NTSTATUS samr_DeleteAliasMember(
526 [in,ref] policy_handle *alias_handle,
527 [in,ref] dom_sid2 *sid
530 /************************/
532 NTSTATUS samr_GetMembersInAlias(
533 [in,ref] policy_handle *alias_handle,
534 [out,ref] lsa_SidArray *sids
537 /************************/
539 NTSTATUS samr_OpenUser(
540 [in,ref] policy_handle *domain_handle,
541 [in] uint32 access_mask,
543 [out,ref] policy_handle *user_handle
546 /************************/
548 NTSTATUS samr_DeleteUser(
549 [in,out,ref] policy_handle *user_handle
552 /************************/
555 samr_String account_name;
556 samr_String full_name;
558 samr_String description;
564 samr_String unknown; /* settable, but doesn't stick. probably obsolete */
569 /* this is also used in samr and netlogon */
570 typedef [public, flag(NDR_PAHEX)] struct {
571 uint16 units_per_week;
572 [size_is(1260), length_is(units_per_week/8)] uint8 *bits;
576 samr_String account_name;
577 samr_String full_name;
580 samr_String home_directory;
581 samr_String home_drive;
582 samr_String logon_script;
583 samr_String profile_path;
584 samr_String workstations;
587 NTTIME last_password_change;
588 NTTIME allow_password_change;
589 NTTIME force_password_change;
590 samr_LogonHours logon_hours;
591 uint16 bad_password_count;
593 samr_AcctFlags acct_flags;
597 samr_LogonHours logon_hours;
601 samr_String account_name;
602 samr_String full_name;
605 samr_String home_directory;
606 samr_String home_drive;
607 samr_String logon_script;
608 samr_String profile_path;
609 samr_String description;
610 samr_String workstations;
613 samr_LogonHours logon_hours;
614 uint16 bad_password_count;
616 NTTIME last_password_change;
618 samr_AcctFlags acct_flags;
622 samr_String account_name;
623 samr_String full_name;
627 samr_String account_name;
631 samr_String full_name;
639 samr_String home_directory;
640 samr_String home_drive;
644 samr_String logon_script;
648 samr_String profile_path;
652 samr_String description;
656 samr_String workstations;
660 samr_AcctFlags acct_flags;
668 samr_String parameters;
671 /* this defines the bits used for fields_present in info21 */
673 SAMR_FIELD_NAME = 0x00000002,
674 SAMR_FIELD_DESCRIPTION = 0x00000010,
675 SAMR_FIELD_COMMENT = 0x00000020,
676 SAMR_FIELD_LOGON_SCRIPT = 0x00000100,
677 SAMR_FIELD_PROFILE_PATH = 0x00000200,
678 SAMR_FIELD_WORKSTATION = 0x00000400,
679 SAMR_FIELD_LOGON_HOURS = 0x00002000,
680 SAMR_FIELD_ACCT_FLAGS = 0x00100000,
681 SAMR_FIELD_PARAMETERS = 0x00200000,
682 SAMR_FIELD_COUNTRY_CODE = 0x00400000,
683 SAMR_FIELD_CODE_PAGE = 0x00800000,
684 SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */
685 SAMR_FIELD_PASSWORD2 = 0x02000000 /* two bits seems to work */
686 } samr_FieldsPresent;
691 NTTIME last_password_change;
693 NTTIME allow_password_change;
694 NTTIME force_password_change;
695 samr_String account_name;
696 samr_String full_name;
697 samr_String home_directory;
698 samr_String home_drive;
699 samr_String logon_script;
700 samr_String profile_path;
701 samr_String description;
702 samr_String workstations;
704 samr_String parameters;
705 samr_String unknown1;
706 samr_String unknown2;
707 samr_String unknown3;
709 [size_is(buf_count)] uint8 *buffer;
712 samr_AcctFlags acct_flags;
713 samr_FieldsPresent fields_present;
714 samr_LogonHours logon_hours;
715 uint16 bad_password_count;
719 uint8 nt_password_set;
720 uint8 lm_password_set;
721 uint8 password_expired;
725 typedef [flag(NDR_PAHEX)] struct {
727 } samr_CryptPassword;
730 samr_UserInfo21 info;
731 samr_CryptPassword password;
735 samr_CryptPassword password;
739 typedef [flag(NDR_PAHEX)] struct {
741 } samr_CryptPasswordEx;
744 samr_UserInfo21 info;
745 samr_CryptPasswordEx password;
749 samr_CryptPasswordEx password;
754 [case(1)] samr_UserInfo1 info1;
755 [case(2)] samr_UserInfo2 info2;
756 [case(3)] samr_UserInfo3 info3;
757 [case(4)] samr_UserInfo4 info4;
758 [case(5)] samr_UserInfo5 info5;
759 [case(6)] samr_UserInfo6 info6;
760 [case(7)] samr_UserInfo7 info7;
761 [case(8)] samr_UserInfo8 info8;
762 [case(9)] samr_UserInfo9 info9;
763 [case(10)] samr_UserInfo10 info10;
764 [case(11)] samr_UserInfo11 info11;
765 [case(12)] samr_UserInfo12 info12;
766 [case(13)] samr_UserInfo13 info13;
767 [case(14)] samr_UserInfo14 info14;
768 [case(16)] samr_UserInfo16 info16;
769 [case(17)] samr_UserInfo17 info17;
770 [case(20)] samr_UserInfo20 info20;
771 [case(21)] samr_UserInfo21 info21;
772 [case(23)] samr_UserInfo23 info23;
773 [case(24)] samr_UserInfo24 info24;
774 [case(25)] samr_UserInfo25 info25;
775 [case(26)] samr_UserInfo26 info26;
778 NTSTATUS samr_QueryUserInfo(
779 [in,ref] policy_handle *user_handle,
781 [out,switch_is(level)] samr_UserInfo *info
785 /************************/
787 NTSTATUS samr_SetUserInfo(
788 [in,ref] policy_handle *user_handle,
790 [in,ref,switch_is(level)] samr_UserInfo *info
793 /************************/
797 this is a password change interface that doesn't give
798 the server the plaintext password. Depricated.
800 NTSTATUS samr_ChangePasswordUser(
801 [in,ref] policy_handle *user_handle,
802 [in] bool8 lm_present,
803 [in] samr_Password *old_lm_crypted,
804 [in] samr_Password *new_lm_crypted,
805 [in] bool8 nt_present,
806 [in] samr_Password *old_nt_crypted,
807 [in] samr_Password *new_nt_crypted,
808 [in] bool8 cross1_present,
809 [in] samr_Password *nt_cross,
810 [in] bool8 cross2_present,
811 [in] samr_Password *lm_cross
814 /************************/
824 [size_is(count)] samr_RidType *rid;
827 NTSTATUS samr_GetGroupsForUser(
828 [in,ref] policy_handle *user_handle,
829 [out] samr_RidArray *rids
832 /************************/
838 samr_AcctFlags acct_flags;
839 samr_String account_name;
840 samr_String full_name;
841 samr_String description;
842 } samr_DispEntryGeneral;
846 [size_is(count)] samr_DispEntryGeneral *entries;
847 } samr_DispInfoGeneral;
852 samr_AcctFlags acct_flags;
853 samr_String account_name;
854 samr_String description;
855 } samr_DispEntryFull;
859 [size_is(count)] samr_DispEntryFull *entries;
863 [value(strlen_m(r->string))] uint16 length;
864 [value(strlen_m(r->string))] uint16 size;
865 ascstr_noterm *string;
870 samr_AsciiName account_name;
871 } samr_DispEntryAscii;
875 [size_is(count)] samr_DispEntryAscii *entries;
876 } samr_DispInfoAscii;
879 [case(1)] samr_DispInfoGeneral info1;/* users */
880 [case(2)] samr_DispInfoFull info2; /* trust accounts? */
881 [case(3)] samr_DispInfoFull info3; /* groups */
882 [case(4)] samr_DispInfoAscii info4; /* users */
883 [case(5)] samr_DispInfoAscii info5; /* groups */
886 NTSTATUS samr_QueryDisplayInfo(
887 [in,ref] policy_handle *domain_handle,
889 [in] uint32 start_idx,
890 [in] uint32 max_entries,
891 [in] uint32 buf_size,
892 [out] uint32 total_size,
893 [out] uint32 returned_size,
894 [out,switch_is(level)] samr_DispInfo info
898 /************************/
902 this seems to be an alphabetic search function. The returned index
903 is the index for samr_QueryDisplayInfo needed to get names occurring
904 after the specified name. The supplied name does not need to exist
905 in the database (for example you can supply just a first letter for
906 searching starting at that letter)
908 The level corresponds to the samr_QueryDisplayInfo level
910 NTSTATUS samr_GetDisplayEnumerationIndex(
911 [in,ref] policy_handle *domain_handle,
913 [in] samr_String name,
919 /************************/
923 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
925 NTSTATUS samr_TestPrivateFunctionsDomain(
926 [in,ref] policy_handle *domain_handle
930 /************************/
934 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
936 NTSTATUS samr_TestPrivateFunctionsUser(
937 [in,ref] policy_handle *user_handle
941 /************************/
944 /* password properties flags */
945 const uint32 DOMAIN_PASSWORD_COMPLEX = 0x00000001;
946 const uint32 DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002;
947 const uint32 DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004;
948 const uint32 DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010;
949 const uint32 DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020;
952 uint16 min_password_length;
953 uint32 password_properties;
956 NTSTATUS samr_GetUserPwInfo(
957 [in,ref] policy_handle *user_handle,
958 [out] samr_PwInfo info
961 /************************/
963 NTSTATUS samr_RemoveMemberFromForeignDomain(
964 [in,ref] policy_handle *domain_handle,
965 [in,ref] dom_sid2 *sid
968 /************************/
972 how is this different from QueryDomainInfo ??
974 NTSTATUS samr_QueryDomainInfo2(
975 [in,ref] policy_handle *domain_handle,
977 [out,switch_is(level)] samr_DomainInfo *info
980 /************************/
984 how is this different from QueryUserInfo ??
986 NTSTATUS samr_QueryUserInfo2(
987 [in,ref] policy_handle *user_handle,
989 [out,switch_is(level)] samr_UserInfo *info
992 /************************/
996 how is this different from QueryDisplayInfo??
998 NTSTATUS samr_QueryDisplayInfo2(
999 [in,ref] policy_handle *domain_handle,
1001 [in] uint32 start_idx,
1002 [in] uint32 max_entries,
1003 [in] uint32 buf_size,
1004 [out] uint32 total_size,
1005 [out] uint32 returned_size,
1006 [out,switch_is(level)] samr_DispInfo info
1009 /************************/
1013 how is this different from GetDisplayEnumerationIndex ??
1015 NTSTATUS samr_GetDisplayEnumerationIndex2(
1016 [in,ref] policy_handle *domain_handle,
1018 [in] samr_String name,
1023 /************************/
1025 NTSTATUS samr_CreateUser2(
1026 [in,ref] policy_handle *domain_handle,
1027 [in,ref] samr_String *account_name,
1028 [in] samr_AcctFlags acct_flags,
1029 [in] uint32 access_mask,
1030 [out,ref] policy_handle *user_handle,
1031 [out,ref] uint32 *access_granted,
1032 [out,ref] uint32 *rid
1036 /************************/
1040 another duplicate. There must be a reason ....
1042 NTSTATUS samr_QueryDisplayInfo3(
1043 [in,ref] policy_handle *domain_handle,
1045 [in] uint32 start_idx,
1046 [in] uint32 max_entries,
1047 [in] uint32 buf_size,
1048 [out] uint32 total_size,
1049 [out] uint32 returned_size,
1050 [out,switch_is(level)] samr_DispInfo info
1053 /************************/
1055 NTSTATUS samr_AddMultipleMembersToAlias(
1056 [in,ref] policy_handle *alias_handle,
1057 [in,ref] lsa_SidArray *sids
1060 /************************/
1062 NTSTATUS samr_RemoveMultipleMembersFromAlias(
1063 [in,ref] policy_handle *alias_handle,
1064 [in,ref] lsa_SidArray *sids
1067 /************************/
1070 NTSTATUS samr_OemChangePasswordUser2(
1071 [in] samr_AsciiName *server,
1072 [in,ref] samr_AsciiName *account,
1073 [in] samr_CryptPassword *password,
1074 [in] samr_Password *hash
1077 /************************/
1079 NTSTATUS samr_ChangePasswordUser2(
1080 [in] samr_String *server,
1081 [in,ref] samr_String *account,
1082 [in] samr_CryptPassword *nt_password,
1083 [in] samr_Password *nt_verifier,
1084 [in] bool8 lm_change,
1085 [in] samr_CryptPassword *lm_password,
1086 [in] samr_Password *lm_verifier
1089 /************************/
1091 NTSTATUS samr_GetDomPwInfo(
1092 [in] samr_String *name,
1093 [out] samr_PwInfo info
1096 /************************/
1098 NTSTATUS samr_Connect2(
1099 [in] unistr *system_name,
1100 [in] uint32 access_mask,
1101 [out,ref] policy_handle *connect_handle
1104 /************************/
1107 seems to be an exact alias for samr_SetUserInfo()
1109 NTSTATUS samr_SetUserInfo2(
1110 [in,ref] policy_handle *user_handle,
1112 [in,ref,switch_is(level)] samr_UserInfo *info
1115 /************************/
1118 this one is mysterious. I have a few guesses, but nothing working yet
1120 NTSTATUS samr_SetBootKeyInformation(
1121 [in,ref] policy_handle *connect_handle,
1122 [in] uint32 unknown1,
1123 [in] uint32 unknown2,
1124 [in] uint32 unknown3
1127 /************************/
1129 NTSTATUS samr_GetBootKeyInformation(
1130 [in,ref] policy_handle *domain_handle,
1131 [out] uint32 unknown
1134 /************************/
1136 NTSTATUS samr_Connect3(
1137 [in] unistr *system_name,
1138 /* this unknown value seems to be completely ignored by w2k3 */
1139 [in] uint32 unknown,
1140 [in] uint32 access_mask,
1141 [out,ref] policy_handle *connect_handle
1144 /************************/
1146 NTSTATUS samr_Connect4(
1147 [in] unistr *system_name,
1148 [in] uint32 unknown,
1149 [in] uint32 access_mask,
1150 [out,ref] policy_handle *connect_handle
1153 /************************/
1156 const int SAMR_REJECT_OTHER = 0;
1157 const int SAMR_REJECT_TOO_SHORT = 1;
1158 const int SAMR_REJECT_COMPLEXITY = 2;
1164 } samr_ChangeReject;
1166 NTSTATUS samr_ChangePasswordUser3(
1167 [in] samr_String *server,
1168 [in,ref] samr_String *account,
1169 [in] samr_CryptPassword *nt_password,
1170 [in] samr_Password *nt_verifier,
1171 [in] bool8 lm_change,
1172 [in] samr_CryptPassword *lm_password,
1173 [in] samr_Password *lm_verifier,
1174 [in] samr_CryptPassword *password3,
1175 [out] samr_DomInfo1 *dominfo,
1176 [out] samr_ChangeReject *reject
1179 /************************/
1183 uint32 unknown1; /* w2k3 gives 3 */
1184 uint32 unknown2; /* w2k3 gives 0 */
1185 } samr_ConnectInfo1;
1188 [case(1)] samr_ConnectInfo1 info1;
1191 NTSTATUS samr_Connect5(
1192 [in] unistr *system_name,
1193 [in] uint32 access_mask,
1194 [in,out] uint32 level,
1195 [in,out,switch_is(level),ref] samr_ConnectInfo *info,
1196 [out,ref] policy_handle *connect_handle
1199 /************************/
1201 NTSTATUS samr_RidToSid(
1202 [in,ref] policy_handle *domain_handle,
1208 /************************/
1212 this should set the DSRM password for the server, which is used
1213 when booting into Directory Services Recovery Mode on a DC. Win2003
1214 gives me NT_STATUS_NOT_SUPPORTED
1217 NTSTATUS samr_SetDsrmPassword(
1218 [in] samr_String *name,
1219 [in] uint32 unknown,
1220 [in] samr_Password *hash
1224 /************************/
1227 I haven't been able to work out the format of this one yet.
1228 Seems to start with a switch level for a union?
1230 NTSTATUS samr_ValidatePassword();