4 samr interface definition
8 Thanks to Todd Sabin for some information from his samr.idl in acltools
11 [ uuid("12345778-1234-abcd-ef00-0123456789ac"),
13 endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
14 pointer_default(unique),
15 pointer_default_top(unique),
19 /* account control (acct_flags) bits */
20 typedef [public,bitmap32bit] bitmap {
21 ACB_DISABLED = 0x00000001, /* 1 = User account disabled */
22 ACB_HOMDIRREQ = 0x00000002, /* 1 = Home directory required */
23 ACB_PWNOTREQ = 0x00000004, /* 1 = User password not required */
24 ACB_TEMPDUP = 0x00000008, /* 1 = Temporary duplicate account */
25 ACB_NORMAL = 0x00000010, /* 1 = Normal user account */
26 ACB_MNS = 0x00000020, /* 1 = MNS logon user account */
27 ACB_DOMTRUST = 0x00000040, /* 1 = Interdomain trust account */
28 ACB_WSTRUST = 0x00000080, /* 1 = Workstation trust account */
29 ACB_SVRTRUST = 0x00000100, /* 1 = Server trust account */
30 ACB_PWNOEXP = 0x00000200, /* 1 = User password does not expire */
31 ACB_AUTOLOCK = 0x00000400 /* 1 = Account auto locked */
36 NTSTATUS samr_Connect (
37 /* notice the lack of [string] */
38 [in] uint16 *system_name,
39 [in] uint32 access_mask,
40 [out,ref] policy_handle *connect_handle
47 [in,out,ref] policy_handle *handle
53 NTSTATUS samr_SetSecurity (
54 [in,ref] policy_handle *handle,
56 [in,ref] sec_desc_buf *sdbuf
62 NTSTATUS samr_QuerySecurity (
63 [in,ref] policy_handle *handle,
65 [out] sec_desc_buf *sdbuf
72 shutdown the SAM - once you call this the SAM will be dead
74 NTSTATUS samr_Shutdown (
75 [in,ref] policy_handle *connect_handle
81 [value(2*strlen_m(string))] uint16 length;
82 [value(2*strlen_m(string))] uint16 size;
83 unistr_noterm *string;
86 NTSTATUS samr_LookupDomain (
87 [in,ref] policy_handle *connect_handle,
88 [in,ref] samr_String *domain_name,
103 [size_is(count)] samr_SamEntry *entries;
106 NTSTATUS samr_EnumDomains (
107 [in,ref] policy_handle *connect_handle,
108 [in,out,ref] uint32 *resume_handle,
109 [in] uint32 buf_size,
110 [out] samr_SamArray *sam,
111 [out] uint32 num_entries
115 /************************/
117 NTSTATUS samr_OpenDomain(
118 [in,ref] policy_handle *connect_handle,
119 [in] uint32 access_mask,
120 [in,ref] dom_sid2 *sid,
121 [out,ref] policy_handle *domain_handle
124 /************************/
127 typedef [v1_enum] enum {
129 ROLE_DOMAIN_MEMBER = 1,
135 uint16 min_password_length;
136 uint16 password_history_length;
137 uint32 password_properties;
138 /* yes, these are signed. They are in negative 100ns */
139 dlong max_password_age;
140 dlong min_password_age;
144 NTTIME force_logoff_time;
146 samr_String domain_name;
147 samr_String primary; /* PDC name if this is a BDC */
158 NTTIME force_logoff_time;
166 samr_String domain_name;
179 NTTIME domain_create_time;
183 uint32 unknown; /* w2k3 returns 1 */
188 hyper lockout_duration;
189 hyper lockout_window;
190 uint16 lockout_threshold;
194 hyper lockout_duration;
195 hyper lockout_window;
196 uint16 lockout_threshold;
201 NTTIME domain_create_time;
206 typedef [switch_type(uint16)] union {
207 [case(1)] samr_DomInfo1 info1;
208 [case(2)] samr_DomInfo2 info2;
209 [case(3)] samr_DomInfo3 info3;
210 [case(4)] samr_DomInfo4 info4;
211 [case(5)] samr_DomInfo5 info5;
212 [case(6)] samr_DomInfo6 info6;
213 [case(7)] samr_DomInfo7 info7;
214 [case(8)] samr_DomInfo8 info8;
215 [case(9)] samr_DomInfo9 info9;
216 [case(11)] samr_DomInfo11 info11;
217 [case(12)] samr_DomInfo12 info12;
218 [case(13)] samr_DomInfo13 info13;
221 NTSTATUS samr_QueryDomainInfo(
222 [in,ref] policy_handle *domain_handle,
224 [out,switch_is(level)] samr_DomainInfo *info
227 /************************/
230 only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
233 NTSTATUS samr_SetDomainInfo(
234 [in,ref] policy_handle *domain_handle,
236 [in,switch_is(level),ref] samr_DomainInfo *info
240 /************************/
242 NTSTATUS samr_CreateDomainGroup(
243 [in,ref] policy_handle *domain_handle,
244 [in,ref] samr_String *name,
245 [in] uint32 access_mask,
246 [out,ref] policy_handle *group_handle,
247 [out,ref] uint32 *rid
251 /************************/
253 NTSTATUS samr_EnumDomainGroups(
254 [in,ref] policy_handle *domain_handle,
255 [in,out,ref] uint32 *resume_handle,
256 [in] uint32 max_size,
257 [out] samr_SamArray *sam,
258 [out] uint32 num_entries
261 /************************/
263 NTSTATUS samr_CreateUser(
264 [in,ref] policy_handle *domain_handle,
265 [in,ref] samr_String *account_name,
266 [in] uint32 access_mask,
267 [out,ref] policy_handle *user_handle,
268 [out,ref] uint32 *rid
271 /************************/
275 /* w2k3 treats max_size as max_users*54 and sets the
276 resume_handle as the rid of the last user sent
278 const int SAMR_ENUM_USERS_MULTIPLIER = 54;
280 NTSTATUS samr_EnumDomainUsers(
281 [in,ref] policy_handle *domain_handle,
282 [in,out,ref] uint32 *resume_handle,
283 [in] samr_AcctFlags acct_flags,
284 [in] uint32 max_size,
285 [out] samr_SamArray *sam,
286 [out] uint32 num_entries
289 /************************/
291 NTSTATUS samr_CreateDomAlias(
292 [in,ref] policy_handle *domain_handle,
293 [in,ref] samr_String *alias_name,
294 [in] uint32 access_mask,
295 [out,ref] policy_handle *alias_handle,
296 [out,ref] uint32 *rid
299 /************************/
301 NTSTATUS samr_EnumDomainAliases(
302 [in,ref] policy_handle *domain_handle,
303 [in,out,ref] uint32 *resume_handle,
304 [in] samr_AcctFlags acct_flags,
305 [out] samr_SamArray *sam,
306 [out] uint32 num_entries
309 /************************/
313 [range(0,1024)] uint32 count;
314 [size_is(count)] uint32 *ids;
317 NTSTATUS samr_GetAliasMembership(
318 [in,ref] policy_handle *domain_handle,
319 [in,ref] lsa_SidArray *sids,
320 [out,ref] samr_Ids *rids
323 /************************/
326 NTSTATUS samr_LookupNames(
327 [in,ref] policy_handle *domain_handle,
328 [in,range(0,1000)] uint32 num_names,
329 [in,size_is(1000),length_is(num_names)] samr_String names[],
335 /************************/
340 [size_is(count)] samr_String *names;
343 NTSTATUS samr_LookupRids(
344 [in,ref] policy_handle *domain_handle,
345 [in,range(0,1000)] uint32 num_rids,
346 [in,size_is(1000),length_is(num_rids)] uint32 rids[],
347 [out] samr_Strings names,
351 /************************/
353 NTSTATUS samr_OpenGroup(
354 [in,ref] policy_handle *domain_handle,
355 [in] uint32 access_mask,
357 [out,ref] policy_handle *group_handle
360 /* Group attributes */
361 const int SE_GROUP_MANDATORY = 0x0001;
362 const int SE_GROUP_ENABLED_BY_DEFAULT = 0x0002;
363 const int SE_GROUP_ENABLED = 0x0004;
365 /************************/
372 samr_String description;
380 samr_String description;
381 } samr_GroupInfoDesciption;
387 GROUPINFODESCRIPTION = 4,
389 } samr_GroupInfoEnum;
391 typedef [switch_type(samr_GroupInfoEnum)] union {
392 [case(GROUPINFOALL)] samr_GroupInfoAll all;
393 [case(GROUPINFONAME)] samr_String name;
394 [case(GROUPINFOX)] samr_GroupInfoX unknown;
395 [case(GROUPINFODESCRIPTION)] samr_String description;
396 [case(GROUPINFOALL2)] samr_GroupInfoAll all2;
399 NTSTATUS samr_QueryGroupInfo(
400 [in,ref] policy_handle *group_handle,
401 [in] samr_GroupInfoEnum level,
402 [out,switch_is(level)] samr_GroupInfo *info
405 /************************/
407 NTSTATUS samr_SetGroupInfo(
408 [in,ref] policy_handle *group_handle,
409 [in] samr_GroupInfoEnum level,
410 [in,switch_is(level),ref] samr_GroupInfo *info
413 /************************/
415 NTSTATUS samr_AddGroupMember(
416 [in,ref] policy_handle *group_handle,
421 /************************/
423 NTSTATUS samr_DeleteDomainGroup(
424 [in,out,ref] policy_handle *group_handle
427 /************************/
429 NTSTATUS samr_DeleteGroupMember(
430 [in,ref] policy_handle *group_handle,
435 /************************/
439 [size_is(count)] uint32 *rids;
440 [size_is(count)] uint32 *types;
443 NTSTATUS samr_QueryGroupMember(
444 [in,ref] policy_handle *group_handle,
445 [out] samr_RidTypeArray *rids
449 /************************/
453 win2003 seems to accept any data at all for the two integers
454 below, and doesn't seem to do anything with them that I can
455 see. Weird. I really expected the first integer to be a rid
456 and the second to be the attributes for that rid member.
458 NTSTATUS samr_SetMemberAttributesOfGroup(
459 [in,ref] policy_handle *group_handle,
460 [in] uint32 unknown1,
465 /************************/
467 NTSTATUS samr_OpenAlias (
468 [in,ref] policy_handle *domain_handle,
469 [in] uint32 access_mask,
471 [out,ref] policy_handle *alias_handle
475 /************************/
481 samr_String description;
487 ALIASINFODESCRIPTION = 3
488 } samr_AliasInfoEnum;
490 typedef [switch_type(samr_AliasInfoEnum)] union {
491 [case(ALIASINFOALL)] samr_AliasInfoAll all;
492 [case(ALIASINFONAME)] samr_String name;
493 [case(ALIASINFODESCRIPTION)] samr_String description;
496 NTSTATUS samr_QueryAliasInfo(
497 [in,ref] policy_handle *alias_handle,
498 [in] samr_AliasInfoEnum level,
499 [out,switch_is(level)] samr_AliasInfo *info
502 /************************/
504 NTSTATUS samr_SetAliasInfo(
505 [in,ref] policy_handle *alias_handle,
506 [in] samr_AliasInfoEnum level,
507 [in,switch_is(level),ref] samr_AliasInfo *info
510 /************************/
512 NTSTATUS samr_DeleteDomAlias(
513 [in,out,ref] policy_handle *alias_handle
516 /************************/
518 NTSTATUS samr_AddAliasMember(
519 [in,ref] policy_handle *alias_handle,
520 [in,ref] dom_sid2 *sid
523 /************************/
525 NTSTATUS samr_DeleteAliasMember(
526 [in,ref] policy_handle *alias_handle,
527 [in,ref] dom_sid2 *sid
530 /************************/
532 NTSTATUS samr_GetMembersInAlias(
533 [in,ref] policy_handle *alias_handle,
534 [out,ref] lsa_SidArray *sids
537 /************************/
539 NTSTATUS samr_OpenUser(
540 [in,ref] policy_handle *domain_handle,
541 [in] uint32 access_mask,
543 [out,ref] policy_handle *user_handle
546 /************************/
548 NTSTATUS samr_DeleteUser(
549 [in,out,ref] policy_handle *user_handle
552 /************************/
555 samr_String account_name;
556 samr_String full_name;
558 samr_String description;
564 samr_String unknown; /* settable, but doesn't stick. probably obsolete */
569 /* this is also used in samr and netlogon */
570 typedef [public, flag(NDR_PAHEX)] struct {
571 uint16 units_per_week;
572 [size_is(1260), length_is(units_per_week/8)] uint8 *bits;
576 samr_String account_name;
577 samr_String full_name;
580 samr_String home_directory;
581 samr_String home_drive;
582 samr_String logon_script;
583 samr_String profile_path;
584 samr_String workstations;
587 NTTIME last_password_change;
588 NTTIME allow_password_change;
589 NTTIME force_password_change;
590 samr_LogonHours logon_hours;
591 uint16 bad_password_count;
593 samr_AcctFlags acct_flags;
597 samr_LogonHours logon_hours;
601 samr_String account_name;
602 samr_String full_name;
605 samr_String home_directory;
606 samr_String home_drive;
607 samr_String logon_script;
608 samr_String profile_path;
609 samr_String description;
610 samr_String workstations;
613 samr_LogonHours logon_hours;
614 uint16 bad_password_count;
616 NTTIME last_password_change;
618 samr_AcctFlags acct_flags;
622 samr_String account_name;
623 samr_String full_name;
627 samr_String account_name;
631 samr_String full_name;
639 samr_String home_directory;
640 samr_String home_drive;
644 samr_String logon_script;
648 samr_String profile_path;
652 samr_String description;
656 samr_String workstations;
660 samr_AcctFlags acct_flags;
668 samr_String parameters;
671 /* this defines the bits used for fields_present in info21 */
672 typedef [bitmap32bit] bitmap {
673 SAMR_FIELD_ACCOUNT_NAME = 0x00000001,
674 SAMR_FIELD_FULL_NAME = 0x00000002,
675 SAMR_FIELD_DESCRIPTION = 0x00000010,
676 SAMR_FIELD_COMMENT = 0x00000020,
677 SAMR_FIELD_LOGON_SCRIPT = 0x00000100,
678 SAMR_FIELD_PROFILE_PATH = 0x00000200,
679 SAMR_FIELD_WORKSTATIONS = 0x00000400,
680 SAMR_FIELD_LOGON_HOURS = 0x00002000,
681 SAMR_FIELD_ACCT_FLAGS = 0x00100000,
682 SAMR_FIELD_PARAMETERS = 0x00200000,
683 SAMR_FIELD_COUNTRY_CODE = 0x00400000,
684 SAMR_FIELD_CODE_PAGE = 0x00800000,
685 SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */
686 SAMR_FIELD_PASSWORD2 = 0x02000000 /* two bits seems to work */
687 } samr_FieldsPresent;
692 NTTIME last_password_change;
694 NTTIME allow_password_change;
695 NTTIME force_password_change;
696 samr_String account_name;
697 samr_String full_name;
698 samr_String home_directory;
699 samr_String home_drive;
700 samr_String logon_script;
701 samr_String profile_path;
702 samr_String description;
703 samr_String workstations;
705 samr_String parameters;
706 samr_String unknown1;
707 samr_String unknown2;
708 samr_String unknown3;
710 [size_is(buf_count)] uint8 *buffer;
713 samr_AcctFlags acct_flags;
714 samr_FieldsPresent fields_present;
715 samr_LogonHours logon_hours;
716 uint16 bad_password_count;
720 uint8 nt_password_set;
721 uint8 lm_password_set;
722 uint8 password_expired;
726 typedef [public, flag(NDR_PAHEX)] struct {
728 } samr_CryptPassword;
731 samr_UserInfo21 info;
732 samr_CryptPassword password;
736 samr_CryptPassword password;
740 typedef [flag(NDR_PAHEX)] struct {
742 } samr_CryptPasswordEx;
745 samr_UserInfo21 info;
746 samr_CryptPasswordEx password;
750 samr_CryptPasswordEx password;
754 typedef [switch_type(uint16)] union {
755 [case(1)] samr_UserInfo1 info1;
756 [case(2)] samr_UserInfo2 info2;
757 [case(3)] samr_UserInfo3 info3;
758 [case(4)] samr_UserInfo4 info4;
759 [case(5)] samr_UserInfo5 info5;
760 [case(6)] samr_UserInfo6 info6;
761 [case(7)] samr_UserInfo7 info7;
762 [case(8)] samr_UserInfo8 info8;
763 [case(9)] samr_UserInfo9 info9;
764 [case(10)] samr_UserInfo10 info10;
765 [case(11)] samr_UserInfo11 info11;
766 [case(12)] samr_UserInfo12 info12;
767 [case(13)] samr_UserInfo13 info13;
768 [case(14)] samr_UserInfo14 info14;
769 [case(16)] samr_UserInfo16 info16;
770 [case(17)] samr_UserInfo17 info17;
771 [case(20)] samr_UserInfo20 info20;
772 [case(21)] samr_UserInfo21 info21;
773 [case(23)] samr_UserInfo23 info23;
774 [case(24)] samr_UserInfo24 info24;
775 [case(25)] samr_UserInfo25 info25;
776 [case(26)] samr_UserInfo26 info26;
779 NTSTATUS samr_QueryUserInfo(
780 [in,ref] policy_handle *user_handle,
782 [out,switch_is(level)] samr_UserInfo *info
786 /************************/
788 NTSTATUS samr_SetUserInfo(
789 [in,ref] policy_handle *user_handle,
791 [in,ref,switch_is(level)] samr_UserInfo *info
794 /************************/
796 typedef [public, flag(NDR_PAHEX)] struct {
801 this is a password change interface that doesn't give
802 the server the plaintext password. Depricated.
804 NTSTATUS samr_ChangePasswordUser(
805 [in,ref] policy_handle *user_handle,
806 [in] bool8 lm_present,
807 [in] samr_Password *old_lm_crypted,
808 [in] samr_Password *new_lm_crypted,
809 [in] bool8 nt_present,
810 [in] samr_Password *old_nt_crypted,
811 [in] samr_Password *new_nt_crypted,
812 [in] bool8 cross1_present,
813 [in] samr_Password *nt_cross,
814 [in] bool8 cross2_present,
815 [in] samr_Password *lm_cross
818 /************************/
821 typedef [public] struct {
824 } samr_RidWithAttribute;
826 typedef [public] struct {
828 [size_is(count)] samr_RidWithAttribute *rids;
829 } samr_RidWithAttributeArray;
831 NTSTATUS samr_GetGroupsForUser(
832 [in,ref] policy_handle *user_handle,
833 [out] samr_RidWithAttributeArray *rids
836 /************************/
842 samr_AcctFlags acct_flags;
843 samr_String account_name;
844 samr_String full_name;
845 samr_String description;
846 } samr_DispEntryGeneral;
850 [size_is(count)] samr_DispEntryGeneral *entries;
851 } samr_DispInfoGeneral;
856 samr_AcctFlags acct_flags;
857 samr_String account_name;
858 samr_String description;
859 } samr_DispEntryFull;
863 [size_is(count)] samr_DispEntryFull *entries;
867 [value(strlen_m(string))] uint16 length;
868 [value(strlen_m(string))] uint16 size;
869 ascstr_noterm *string;
874 samr_AsciiName account_name;
875 } samr_DispEntryAscii;
879 [size_is(count)] samr_DispEntryAscii *entries;
880 } samr_DispInfoAscii;
882 typedef [switch_type(uint16)] union {
883 [case(1)] samr_DispInfoGeneral info1;/* users */
884 [case(2)] samr_DispInfoFull info2; /* trust accounts? */
885 [case(3)] samr_DispInfoFull info3; /* groups */
886 [case(4)] samr_DispInfoAscii info4; /* users */
887 [case(5)] samr_DispInfoAscii info5; /* groups */
890 NTSTATUS samr_QueryDisplayInfo(
891 [in,ref] policy_handle *domain_handle,
893 [in] uint32 start_idx,
894 [in] uint32 max_entries,
895 [in] uint32 buf_size,
896 [out] uint32 total_size,
897 [out] uint32 returned_size,
898 [out,switch_is(level)] samr_DispInfo info
902 /************************/
906 this seems to be an alphabetic search function. The returned index
907 is the index for samr_QueryDisplayInfo needed to get names occurring
908 after the specified name. The supplied name does not need to exist
909 in the database (for example you can supply just a first letter for
910 searching starting at that letter)
912 The level corresponds to the samr_QueryDisplayInfo level
914 NTSTATUS samr_GetDisplayEnumerationIndex(
915 [in,ref] policy_handle *domain_handle,
917 [in] samr_String name,
923 /************************/
927 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
929 NTSTATUS samr_TestPrivateFunctionsDomain(
930 [in,ref] policy_handle *domain_handle
934 /************************/
938 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
940 NTSTATUS samr_TestPrivateFunctionsUser(
941 [in,ref] policy_handle *user_handle
945 /************************/
948 /* password properties flags */
949 const uint32 DOMAIN_PASSWORD_COMPLEX = 0x00000001;
950 const uint32 DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002;
951 const uint32 DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004;
952 const uint32 DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010;
953 const uint32 DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020;
956 uint16 min_password_length;
957 uint32 password_properties;
960 NTSTATUS samr_GetUserPwInfo(
961 [in,ref] policy_handle *user_handle,
962 [out] samr_PwInfo info
965 /************************/
967 NTSTATUS samr_RemoveMemberFromForeignDomain(
968 [in,ref] policy_handle *domain_handle,
969 [in,ref] dom_sid2 *sid
972 /************************/
976 how is this different from QueryDomainInfo ??
978 NTSTATUS samr_QueryDomainInfo2(
979 [in,ref] policy_handle *domain_handle,
981 [out,switch_is(level)] samr_DomainInfo *info
984 /************************/
988 how is this different from QueryUserInfo ??
990 NTSTATUS samr_QueryUserInfo2(
991 [in,ref] policy_handle *user_handle,
993 [out,switch_is(level)] samr_UserInfo *info
996 /************************/
1000 how is this different from QueryDisplayInfo??
1002 NTSTATUS samr_QueryDisplayInfo2(
1003 [in,ref] policy_handle *domain_handle,
1005 [in] uint32 start_idx,
1006 [in] uint32 max_entries,
1007 [in] uint32 buf_size,
1008 [out] uint32 total_size,
1009 [out] uint32 returned_size,
1010 [out,switch_is(level)] samr_DispInfo info
1013 /************************/
1017 how is this different from GetDisplayEnumerationIndex ??
1019 NTSTATUS samr_GetDisplayEnumerationIndex2(
1020 [in,ref] policy_handle *domain_handle,
1022 [in] samr_String name,
1027 /************************/
1029 NTSTATUS samr_CreateUser2(
1030 [in,ref] policy_handle *domain_handle,
1031 [in,ref] samr_String *account_name,
1032 [in] samr_AcctFlags acct_flags,
1033 [in] uint32 access_mask,
1034 [out,ref] policy_handle *user_handle,
1035 [out,ref] uint32 *access_granted,
1036 [out,ref] uint32 *rid
1040 /************************/
1044 another duplicate. There must be a reason ....
1046 NTSTATUS samr_QueryDisplayInfo3(
1047 [in,ref] policy_handle *domain_handle,
1049 [in] uint32 start_idx,
1050 [in] uint32 max_entries,
1051 [in] uint32 buf_size,
1052 [out] uint32 total_size,
1053 [out] uint32 returned_size,
1054 [out,switch_is(level)] samr_DispInfo info
1057 /************************/
1059 NTSTATUS samr_AddMultipleMembersToAlias(
1060 [in,ref] policy_handle *alias_handle,
1061 [in,ref] lsa_SidArray *sids
1064 /************************/
1066 NTSTATUS samr_RemoveMultipleMembersFromAlias(
1067 [in,ref] policy_handle *alias_handle,
1068 [in,ref] lsa_SidArray *sids
1071 /************************/
1074 NTSTATUS samr_OemChangePasswordUser2(
1075 [in] samr_AsciiName *server,
1076 [in,ref] samr_AsciiName *account,
1077 [in] samr_CryptPassword *password,
1078 [in] samr_Password *hash
1081 /************************/
1083 NTSTATUS samr_ChangePasswordUser2(
1084 [in] samr_String *server,
1085 [in,ref] samr_String *account,
1086 [in] samr_CryptPassword *nt_password,
1087 [in] samr_Password *nt_verifier,
1088 [in] bool8 lm_change,
1089 [in] samr_CryptPassword *lm_password,
1090 [in] samr_Password *lm_verifier
1093 /************************/
1095 NTSTATUS samr_GetDomPwInfo(
1096 [in] samr_String *domain_name,
1097 [out] samr_PwInfo info
1100 /************************/
1102 NTSTATUS samr_Connect2(
1103 [in] unistr *system_name,
1104 [in] uint32 access_mask,
1105 [out,ref] policy_handle *connect_handle
1108 /************************/
1111 seems to be an exact alias for samr_SetUserInfo()
1113 NTSTATUS samr_SetUserInfo2(
1114 [in,ref] policy_handle *user_handle,
1116 [in,ref,switch_is(level)] samr_UserInfo *info
1119 /************************/
1122 this one is mysterious. I have a few guesses, but nothing working yet
1124 NTSTATUS samr_SetBootKeyInformation(
1125 [in,ref] policy_handle *connect_handle,
1126 [in] uint32 unknown1,
1127 [in] uint32 unknown2,
1128 [in] uint32 unknown3
1131 /************************/
1133 NTSTATUS samr_GetBootKeyInformation(
1134 [in,ref] policy_handle *domain_handle,
1135 [out] uint32 unknown
1138 /************************/
1140 NTSTATUS samr_Connect3(
1141 [in] unistr *system_name,
1142 /* this unknown value seems to be completely ignored by w2k3 */
1143 [in] uint32 unknown,
1144 [in] uint32 access_mask,
1145 [out,ref] policy_handle *connect_handle
1148 /************************/
1150 NTSTATUS samr_Connect4(
1151 [in] unistr *system_name,
1152 [in] uint32 unknown,
1153 [in] uint32 access_mask,
1154 [out,ref] policy_handle *connect_handle
1157 /************************/
1160 typedef [v1_enum] enum {
1161 SAMR_REJECT_OTHER = 0,
1162 SAMR_REJECT_TOO_SHORT = 1,
1163 SAMR_REJECT_COMPLEXITY = 2
1164 } samr_RejectReason;
1167 samr_RejectReason reason;
1170 } samr_ChangeReject;
1172 NTSTATUS samr_ChangePasswordUser3(
1173 [in] samr_String *server,
1174 [in,ref] samr_String *account,
1175 [in] samr_CryptPassword *nt_password,
1176 [in] samr_Password *nt_verifier,
1177 [in] bool8 lm_change,
1178 [in] samr_CryptPassword *lm_password,
1179 [in] samr_Password *lm_verifier,
1180 [in] samr_CryptPassword *password3,
1181 [out] samr_DomInfo1 *dominfo,
1182 [out] samr_ChangeReject *reject
1185 /************************/
1189 uint32 unknown1; /* w2k3 gives 3 */
1190 uint32 unknown2; /* w2k3 gives 0 */
1191 } samr_ConnectInfo1;
1194 [case(1)] samr_ConnectInfo1 info1;
1197 NTSTATUS samr_Connect5(
1198 [in] unistr *system_name,
1199 [in] uint32 access_mask,
1200 [in,out] uint32 level,
1201 [in,out,switch_is(level),ref] samr_ConnectInfo *info,
1202 [out,ref] policy_handle *connect_handle
1205 /************************/
1207 NTSTATUS samr_RidToSid(
1208 [in,ref] policy_handle *domain_handle,
1214 /************************/
1218 this should set the DSRM password for the server, which is used
1219 when booting into Directory Services Recovery Mode on a DC. Win2003
1220 gives me NT_STATUS_NOT_SUPPORTED
1223 NTSTATUS samr_SetDsrmPassword(
1224 [in] samr_String *name,
1225 [in] uint32 unknown,
1226 [in] samr_Password *hash
1230 /************************/
1233 I haven't been able to work out the format of this one yet.
1234 Seems to start with a switch level for a union?
1236 NTSTATUS samr_ValidatePassword();