4 samr interface definition
6 import "misc.idl", "lsa.idl", "security.idl";
9 Thanks to Todd Sabin for some information from his samr.idl in acltools
12 [ uuid("12345778-1234-abcd-ef00-0123456789ac"),
14 endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
15 pointer_default(unique),
16 pointer_default_top(unique)
19 declare bitmap security_secinfo;
21 /* account control (acct_flags) bits */
22 typedef [public,bitmap32bit] bitmap {
23 ACB_DISABLED = 0x00000001, /* 1 = User account disabled */
24 ACB_HOMDIRREQ = 0x00000002, /* 1 = Home directory required */
25 ACB_PWNOTREQ = 0x00000004, /* 1 = User password not required */
26 ACB_TEMPDUP = 0x00000008, /* 1 = Temporary duplicate account */
27 ACB_NORMAL = 0x00000010, /* 1 = Normal user account */
28 ACB_MNS = 0x00000020, /* 1 = MNS logon user account */
29 ACB_DOMTRUST = 0x00000040, /* 1 = Interdomain trust account */
30 ACB_WSTRUST = 0x00000080, /* 1 = Workstation trust account */
31 ACB_SVRTRUST = 0x00000100, /* 1 = Server trust account */
32 ACB_PWNOEXP = 0x00000200, /* 1 = User password does not expire */
33 ACB_AUTOLOCK = 0x00000400, /* 1 = Account auto locked */
34 ACB_ENC_TXT_PWD_ALLOWED = 0x00000800, /* 1 = Encryped text password is allowed */
35 ACB_SMARTCARD_REQUIRED = 0x00001000, /* 1 = Smart Card required */
36 ACB_TRUSTED_FOR_DELEGATION = 0x00002000, /* 1 = Trusted for Delegation */
37 ACB_NOT_DELEGATED = 0x00004000, /* 1 = Not delegated */
38 ACB_USE_DES_KEY_ONLY = 0x00008000, /* 1 = Use DES key only */
39 ACB_DONT_REQUIRE_PREAUTH = 0x00010000, /* 1 = Preauth not required */
40 ACB_PW_EXPIRED = 0x00020000, /* 1 = Password Expired */
41 ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */
44 typedef [bitmap32bit] bitmap {
45 SAMR_ACCESS_CONNECT_TO_SERVER = 0x00000001,
46 SAMR_ACCESS_SHUTDOWN_SERVER = 0x00000002,
47 SAMR_ACCESS_INITIALIZE_SERVER = 0x00000004,
48 SAMR_ACCESS_CREATE_DOMAIN = 0x00000008,
49 SAMR_ACCESS_ENUM_DOMAINS = 0x00000010,
50 SAMR_ACCESS_OPEN_DOMAIN = 0x00000020
51 } samr_ConnectAccessMask;
53 typedef [bitmap32bit] bitmap {
54 ALIAS_ACCESS_ADD_MEMBER = 0x00000001,
55 ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002,
56 ALIAS_ACCESS_GET_MEMBERS = 0x00000004,
57 ALIAS_ACCESS_LOOKUP_INFO = 0x00000008,
58 ALIAS_ACCESS_SET_INFO = 0x00000010
59 } samr_AliasAccessMask;
63 NTSTATUS samr_Connect (
64 /* notice the lack of [string] */
65 [in] uint16 *system_name,
66 [in] samr_ConnectAccessMask access_mask,
67 [out,ref] policy_handle *connect_handle
73 [public] NTSTATUS samr_Close (
74 [in,out,ref] policy_handle *handle
80 NTSTATUS samr_SetSecurity (
81 [in,ref] policy_handle *handle,
82 [in] security_secinfo sec_info,
83 [in,ref] sec_desc_buf *sdbuf
89 NTSTATUS samr_QuerySecurity (
90 [in,ref] policy_handle *handle,
91 [in] security_secinfo sec_info,
92 [out] sec_desc_buf *sdbuf
99 shutdown the SAM - once you call this the SAM will be dead
101 NTSTATUS samr_Shutdown (
102 [in,ref] policy_handle *connect_handle
107 NTSTATUS samr_LookupDomain (
108 [in,ref] policy_handle *connect_handle,
109 [in,ref] lsa_String *domain_name,
124 [size_is(count)] samr_SamEntry *entries;
127 NTSTATUS samr_EnumDomains (
128 [in,ref] policy_handle *connect_handle,
129 [in,out,ref] uint32 *resume_handle,
130 [in] uint32 buf_size,
131 [out] samr_SamArray *sam,
132 [out] uint32 num_entries
136 /************************/
138 [public] NTSTATUS samr_OpenDomain(
139 [in,ref] policy_handle *connect_handle,
140 [in] uint32 access_mask,
141 [in,ref] dom_sid2 *sid,
142 [out,ref] policy_handle *domain_handle
145 /************************/
148 typedef [v1_enum] enum {
149 SAMR_ROLE_STANDALONE = 0,
150 SAMR_ROLE_DOMAIN_MEMBER = 1,
151 SAMR_ROLE_DOMAIN_BDC = 2,
152 SAMR_ROLE_DOMAIN_PDC = 3
155 /* password properties flags */
156 typedef [public,bitmap32bit] bitmap {
157 DOMAIN_PASSWORD_COMPLEX = 0x00000001,
158 DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002,
159 DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004,
160 DOMAIN_PASSWORD_LOCKOUT_ADMINS = 0x00000008,
161 DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010,
162 DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020
163 } samr_PasswordProperties;
166 uint16 min_password_length;
167 uint16 password_history_length;
168 samr_PasswordProperties password_properties;
169 /* yes, these are signed. They are in negative 100ns */
170 dlong max_password_age;
171 dlong min_password_age;
175 NTTIME force_logoff_time;
177 lsa_String domain_name;
178 lsa_String primary; /* PDC name if this is a BDC */
189 NTTIME force_logoff_time;
197 lsa_String domain_name;
210 NTTIME domain_create_time;
214 uint32 unknown; /* w2k3 returns 1 */
219 hyper lockout_duration;
220 hyper lockout_window;
221 uint16 lockout_threshold;
225 hyper lockout_duration;
226 hyper lockout_window;
227 uint16 lockout_threshold;
232 NTTIME domain_create_time;
237 typedef [switch_type(uint16)] union {
238 [case(1)] samr_DomInfo1 info1;
239 [case(2)] samr_DomInfo2 info2;
240 [case(3)] samr_DomInfo3 info3;
241 [case(4)] samr_DomInfo4 info4;
242 [case(5)] samr_DomInfo5 info5;
243 [case(6)] samr_DomInfo6 info6;
244 [case(7)] samr_DomInfo7 info7;
245 [case(8)] samr_DomInfo8 info8;
246 [case(9)] samr_DomInfo9 info9;
247 [case(11)] samr_DomInfo11 info11;
248 [case(12)] samr_DomInfo12 info12;
249 [case(13)] samr_DomInfo13 info13;
252 NTSTATUS samr_QueryDomainInfo(
253 [in,ref] policy_handle *domain_handle,
255 [out,switch_is(level)] samr_DomainInfo *info
258 /************************/
261 only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
264 NTSTATUS samr_SetDomainInfo(
265 [in,ref] policy_handle *domain_handle,
267 [in,switch_is(level),ref] samr_DomainInfo *info
271 /************************/
273 NTSTATUS samr_CreateDomainGroup(
274 [in,ref] policy_handle *domain_handle,
275 [in,ref] lsa_String *name,
276 [in] uint32 access_mask,
277 [out,ref] policy_handle *group_handle,
278 [out,ref] uint32 *rid
282 /************************/
284 NTSTATUS samr_EnumDomainGroups(
285 [in,ref] policy_handle *domain_handle,
286 [in,out,ref] uint32 *resume_handle,
287 [in] uint32 max_size,
288 [out] samr_SamArray *sam,
289 [out] uint32 num_entries
292 /************************/
294 NTSTATUS samr_CreateUser(
295 [in,ref] policy_handle *domain_handle,
296 [in,ref] lsa_String *account_name,
297 [in] uint32 access_mask,
298 [out,ref] policy_handle *user_handle,
299 [out,ref] uint32 *rid
302 /************************/
306 /* w2k3 treats max_size as max_users*54 and sets the
307 resume_handle as the rid of the last user sent
309 const int SAMR_ENUM_USERS_MULTIPLIER = 54;
311 NTSTATUS samr_EnumDomainUsers(
312 [in,ref] policy_handle *domain_handle,
313 [in,out,ref] uint32 *resume_handle,
314 [in] samr_AcctFlags acct_flags,
315 [in] uint32 max_size,
316 [out] samr_SamArray *sam,
317 [out] uint32 num_entries
320 /************************/
322 NTSTATUS samr_CreateDomAlias(
323 [in,ref] policy_handle *domain_handle,
324 [in,ref] lsa_String *alias_name,
325 [in] samr_AliasAccessMask access_mask,
326 [out,ref] policy_handle *alias_handle,
327 [out,ref] uint32 *rid
330 /************************/
332 NTSTATUS samr_EnumDomainAliases(
333 [in,ref] policy_handle *domain_handle,
334 [in,out,ref] uint32 *resume_handle,
335 [in] samr_AcctFlags acct_flags,
336 [out] samr_SamArray *sam,
337 [out] uint32 num_entries
340 /************************/
344 [range(0,1024)] uint32 count;
345 [size_is(count)] uint32 *ids;
348 NTSTATUS samr_GetAliasMembership(
349 [in,ref] policy_handle *domain_handle,
350 [in,ref] lsa_SidArray *sids,
351 [out,ref] samr_Ids *rids
354 /************************/
357 [public] NTSTATUS samr_LookupNames(
358 [in,ref] policy_handle *domain_handle,
359 [in,range(0,1000)] uint32 num_names,
360 [in,size_is(1000),length_is(num_names)] lsa_String names[],
366 /************************/
368 NTSTATUS samr_LookupRids(
369 [in,ref] policy_handle *domain_handle,
370 [in,range(0,1000)] uint32 num_rids,
371 [in,size_is(1000),length_is(num_rids)] uint32 rids[],
372 [out] lsa_Strings names,
376 /************************/
378 NTSTATUS samr_OpenGroup(
379 [in,ref] policy_handle *domain_handle,
380 [in] uint32 access_mask,
382 [out,ref] policy_handle *group_handle
385 /* Group attributes */
386 typedef [public,bitmap32bit] bitmap {
387 SE_GROUP_MANDATORY = 0x00000001,
388 SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002,
389 SE_GROUP_ENABLED = 0x00000004,
390 SE_GROUP_OWNER = 0x00000008,
391 SE_GROUP_USE_FOR_DENY_ONLY = 0x00000010,
392 SE_GROUP_RESOURCE = 0x20000000,
393 SE_GROUP_LOGON_ID = 0xC0000000
396 /************************/
401 samr_GroupAttrs attributes;
403 lsa_String description;
407 samr_GroupAttrs attributes;
408 } samr_GroupInfoAttributes;
411 lsa_String description;
412 } samr_GroupInfoDescription;
417 GROUPINFOATTRIBUTES = 3,
418 GROUPINFODESCRIPTION = 4,
420 } samr_GroupInfoEnum;
422 typedef [switch_type(samr_GroupInfoEnum)] union {
423 [case(GROUPINFOALL)] samr_GroupInfoAll all;
424 [case(GROUPINFONAME)] lsa_String name;
425 [case(GROUPINFOATTRIBUTES)] samr_GroupInfoAttributes attributes;
426 [case(GROUPINFODESCRIPTION)] lsa_String description;
427 [case(GROUPINFOALL2)] samr_GroupInfoAll all2;
430 NTSTATUS samr_QueryGroupInfo(
431 [in,ref] policy_handle *group_handle,
432 [in] samr_GroupInfoEnum level,
433 [out,switch_is(level)] samr_GroupInfo *info
436 /************************/
438 NTSTATUS samr_SetGroupInfo(
439 [in,ref] policy_handle *group_handle,
440 [in] samr_GroupInfoEnum level,
441 [in,switch_is(level),ref] samr_GroupInfo *info
444 /************************/
446 NTSTATUS samr_AddGroupMember(
447 [in,ref] policy_handle *group_handle,
452 /************************/
454 NTSTATUS samr_DeleteDomainGroup(
455 [in,out,ref] policy_handle *group_handle
458 /************************/
460 NTSTATUS samr_DeleteGroupMember(
461 [in,ref] policy_handle *group_handle,
466 /************************/
470 [size_is(count)] uint32 *rids;
471 [size_is(count)] uint32 *types;
474 NTSTATUS samr_QueryGroupMember(
475 [in,ref] policy_handle *group_handle,
476 [out] samr_RidTypeArray *rids
480 /************************/
484 win2003 seems to accept any data at all for the two integers
485 below, and doesn't seem to do anything with them that I can
486 see. Weird. I really expected the first integer to be a rid
487 and the second to be the attributes for that rid member.
489 NTSTATUS samr_SetMemberAttributesOfGroup(
490 [in,ref] policy_handle *group_handle,
491 [in] uint32 unknown1,
496 /************************/
498 NTSTATUS samr_OpenAlias (
499 [in,ref] policy_handle *domain_handle,
500 [in] samr_AliasAccessMask access_mask,
502 [out,ref] policy_handle *alias_handle
506 /************************/
512 lsa_String description;
518 ALIASINFODESCRIPTION = 3
519 } samr_AliasInfoEnum;
521 typedef [switch_type(samr_AliasInfoEnum)] union {
522 [case(ALIASINFOALL)] samr_AliasInfoAll all;
523 [case(ALIASINFONAME)] lsa_String name;
524 [case(ALIASINFODESCRIPTION)] lsa_String description;
527 NTSTATUS samr_QueryAliasInfo(
528 [in,ref] policy_handle *alias_handle,
529 [in] samr_AliasInfoEnum level,
530 [out,switch_is(level)] samr_AliasInfo *info
533 /************************/
535 NTSTATUS samr_SetAliasInfo(
536 [in,ref] policy_handle *alias_handle,
537 [in] samr_AliasInfoEnum level,
538 [in,switch_is(level),ref] samr_AliasInfo *info
541 /************************/
543 NTSTATUS samr_DeleteDomAlias(
544 [in,out,ref] policy_handle *alias_handle
547 /************************/
549 NTSTATUS samr_AddAliasMember(
550 [in,ref] policy_handle *alias_handle,
551 [in,ref] dom_sid2 *sid
554 /************************/
556 NTSTATUS samr_DeleteAliasMember(
557 [in,ref] policy_handle *alias_handle,
558 [in,ref] dom_sid2 *sid
561 /************************/
563 NTSTATUS samr_GetMembersInAlias(
564 [in,ref] policy_handle *alias_handle,
565 [out,ref] lsa_SidArray *sids
568 /************************/
570 [public] NTSTATUS samr_OpenUser(
571 [in,ref] policy_handle *domain_handle,
572 [in] uint32 access_mask,
574 [out,ref] policy_handle *user_handle
577 /************************/
579 NTSTATUS samr_DeleteUser(
580 [in,out,ref] policy_handle *user_handle
583 /************************/
586 lsa_String account_name;
587 lsa_String full_name;
589 lsa_String description;
595 lsa_String unknown; /* settable, but doesn't stick. probably obsolete */
600 /* this is also used in samr and netlogon */
601 typedef [public, flag(NDR_PAHEX)] struct {
602 uint16 units_per_week;
603 [size_is(1260), length_is(units_per_week/8)] uint8 *bits;
607 lsa_String account_name;
608 lsa_String full_name;
611 lsa_String home_directory;
612 lsa_String home_drive;
613 lsa_String logon_script;
614 lsa_String profile_path;
615 lsa_String workstations;
618 NTTIME last_password_change;
619 NTTIME allow_password_change;
620 NTTIME force_password_change;
621 samr_LogonHours logon_hours;
622 uint16 bad_password_count;
624 samr_AcctFlags acct_flags;
628 samr_LogonHours logon_hours;
632 lsa_String account_name;
633 lsa_String full_name;
636 lsa_String home_directory;
637 lsa_String home_drive;
638 lsa_String logon_script;
639 lsa_String profile_path;
640 lsa_String description;
641 lsa_String workstations;
644 samr_LogonHours logon_hours;
645 uint16 bad_password_count;
647 NTTIME last_password_change;
649 samr_AcctFlags acct_flags;
653 lsa_String account_name;
654 lsa_String full_name;
658 lsa_String account_name;
662 lsa_String full_name;
670 lsa_String home_directory;
671 lsa_String home_drive;
675 lsa_String logon_script;
679 lsa_String profile_path;
683 lsa_String description;
687 lsa_String workstations;
691 samr_AcctFlags acct_flags;
699 lsa_String parameters;
702 /* this defines the bits used for fields_present in info21 */
703 typedef [bitmap32bit] bitmap {
704 SAMR_FIELD_ACCOUNT_NAME = 0x00000001,
705 SAMR_FIELD_FULL_NAME = 0x00000002,
706 SAMR_FIELD_RID = 0x00000004,
707 SAMR_FIELD_PRIMARY_GID = 0x00000008,
708 SAMR_FIELD_DESCRIPTION = 0x00000010,
709 SAMR_FIELD_COMMENT = 0x00000020,
710 SAMR_FIELD_HOME_DIRECTORY = 0x00000040,
711 SAMR_FIELD_HOME_DRIVE = 0x00000080,
712 SAMR_FIELD_LOGON_SCRIPT = 0x00000100,
713 SAMR_FIELD_PROFILE_PATH = 0x00000200,
714 SAMR_FIELD_WORKSTATIONS = 0x00000400,
715 SAMR_FIELD_LAST_LOGON = 0x00000800,
716 SAMR_FIELD_LAST_LOGOFF = 0x00001000,
717 SAMR_FIELD_LOGON_HOURS = 0x00002000,
718 SAMR_FIELD_BAD_PWD_COUNT = 0x00004000,
719 SAMR_FIELD_NUM_LOGONS = 0x00008000,
720 SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000,
721 SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000,
722 SAMR_FIELD_LAST_PWD_CHANGE = 0x00040000,
723 SAMR_FIELD_ACCT_EXPIRY = 0x00080000,
724 SAMR_FIELD_ACCT_FLAGS = 0x00100000,
725 SAMR_FIELD_PARAMETERS = 0x00200000,
726 SAMR_FIELD_COUNTRY_CODE = 0x00400000,
727 SAMR_FIELD_CODE_PAGE = 0x00800000,
728 SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */
729 SAMR_FIELD_PASSWORD2 = 0x02000000, /* two bits seems to work */
730 SAMR_FIELD_PRIVATE_DATA = 0x04000000,
731 SAMR_FIELD_EXPIRED_FLAG = 0x08000000,
732 SAMR_FIELD_SEC_DESC = 0x10000000,
733 SAMR_FIELD_OWF_PWD = 0x20000000
734 } samr_FieldsPresent;
739 NTTIME last_password_change;
741 NTTIME allow_password_change;
742 NTTIME force_password_change;
743 lsa_String account_name;
744 lsa_String full_name;
745 lsa_String home_directory;
746 lsa_String home_drive;
747 lsa_String logon_script;
748 lsa_String profile_path;
749 lsa_String description;
750 lsa_String workstations;
752 lsa_String parameters;
757 [size_is(buf_count)] uint8 *buffer;
760 samr_AcctFlags acct_flags;
761 samr_FieldsPresent fields_present;
762 samr_LogonHours logon_hours;
763 uint16 bad_password_count;
767 uint8 nt_password_set;
768 uint8 lm_password_set;
769 uint8 password_expired;
773 typedef [public, flag(NDR_PAHEX)] struct {
775 } samr_CryptPassword;
778 samr_UserInfo21 info;
779 samr_CryptPassword password;
783 samr_CryptPassword password;
787 typedef [flag(NDR_PAHEX)] struct {
789 } samr_CryptPasswordEx;
792 samr_UserInfo21 info;
793 samr_CryptPasswordEx password;
797 samr_CryptPasswordEx password;
801 typedef [switch_type(uint16)] union {
802 [case(1)] samr_UserInfo1 info1;
803 [case(2)] samr_UserInfo2 info2;
804 [case(3)] samr_UserInfo3 info3;
805 [case(4)] samr_UserInfo4 info4;
806 [case(5)] samr_UserInfo5 info5;
807 [case(6)] samr_UserInfo6 info6;
808 [case(7)] samr_UserInfo7 info7;
809 [case(8)] samr_UserInfo8 info8;
810 [case(9)] samr_UserInfo9 info9;
811 [case(10)] samr_UserInfo10 info10;
812 [case(11)] samr_UserInfo11 info11;
813 [case(12)] samr_UserInfo12 info12;
814 [case(13)] samr_UserInfo13 info13;
815 [case(14)] samr_UserInfo14 info14;
816 [case(16)] samr_UserInfo16 info16;
817 [case(17)] samr_UserInfo17 info17;
818 [case(20)] samr_UserInfo20 info20;
819 [case(21)] samr_UserInfo21 info21;
820 [case(23)] samr_UserInfo23 info23;
821 [case(24)] samr_UserInfo24 info24;
822 [case(25)] samr_UserInfo25 info25;
823 [case(26)] samr_UserInfo26 info26;
826 [public] NTSTATUS samr_QueryUserInfo(
827 [in,ref] policy_handle *user_handle,
829 [out,switch_is(level)] samr_UserInfo *info
833 /************************/
835 [public] NTSTATUS samr_SetUserInfo(
836 [in,ref] policy_handle *user_handle,
838 [in,ref,switch_is(level)] samr_UserInfo *info
841 /************************/
843 typedef [public, flag(NDR_PAHEX)] struct {
848 this is a password change interface that doesn't give
849 the server the plaintext password. Depricated.
851 NTSTATUS samr_ChangePasswordUser(
852 [in,ref] policy_handle *user_handle,
853 [in] boolean8 lm_present,
854 [in] samr_Password *old_lm_crypted,
855 [in] samr_Password *new_lm_crypted,
856 [in] boolean8 nt_present,
857 [in] samr_Password *old_nt_crypted,
858 [in] samr_Password *new_nt_crypted,
859 [in] boolean8 cross1_present,
860 [in] samr_Password *nt_cross,
861 [in] boolean8 cross2_present,
862 [in] samr_Password *lm_cross
865 /************************/
868 typedef [public] struct {
870 samr_GroupAttrs attributes;
871 } samr_RidWithAttribute;
873 typedef [public] struct {
875 [size_is(count)] samr_RidWithAttribute *rids;
876 } samr_RidWithAttributeArray;
878 NTSTATUS samr_GetGroupsForUser(
879 [in,ref] policy_handle *user_handle,
880 [out] samr_RidWithAttributeArray *rids
883 /************************/
889 samr_AcctFlags acct_flags;
890 lsa_String account_name;
891 lsa_String description;
892 lsa_String full_name;
893 } samr_DispEntryGeneral;
897 [size_is(count)] samr_DispEntryGeneral *entries;
898 } samr_DispInfoGeneral;
903 samr_AcctFlags acct_flags;
904 lsa_String account_name;
905 lsa_String description;
906 } samr_DispEntryFull;
910 [size_is(count)] samr_DispEntryFull *entries;
916 samr_GroupAttrs acct_flags;
917 lsa_String account_name;
918 lsa_String description;
919 } samr_DispEntryFullGroup;
923 [size_is(count)] samr_DispEntryFullGroup *entries;
924 } samr_DispInfoFullGroups;
928 lsa_AsciiString account_name;
929 } samr_DispEntryAscii;
933 [size_is(count)] samr_DispEntryAscii *entries;
934 } samr_DispInfoAscii;
936 typedef [switch_type(uint16)] union {
937 [case(1)] samr_DispInfoGeneral info1;/* users */
938 [case(2)] samr_DispInfoFull info2; /* trust accounts? */
939 [case(3)] samr_DispInfoFullGroups info3; /* groups */
940 [case(4)] samr_DispInfoAscii info4; /* users */
941 [case(5)] samr_DispInfoAscii info5; /* groups */
944 NTSTATUS samr_QueryDisplayInfo(
945 [in,ref] policy_handle *domain_handle,
947 [in] uint32 start_idx,
948 [in] uint32 max_entries,
949 [in] uint32 buf_size,
950 [out] uint32 total_size,
951 [out] uint32 returned_size,
952 [out,switch_is(level)] samr_DispInfo info
956 /************************/
960 this seems to be an alphabetic search function. The returned index
961 is the index for samr_QueryDisplayInfo needed to get names occurring
962 after the specified name. The supplied name does not need to exist
963 in the database (for example you can supply just a first letter for
964 searching starting at that letter)
966 The level corresponds to the samr_QueryDisplayInfo level
968 NTSTATUS samr_GetDisplayEnumerationIndex(
969 [in,ref] policy_handle *domain_handle,
971 [in] lsa_String name,
977 /************************/
981 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
983 NTSTATUS samr_TestPrivateFunctionsDomain(
984 [in,ref] policy_handle *domain_handle
988 /************************/
992 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
994 NTSTATUS samr_TestPrivateFunctionsUser(
995 [in,ref] policy_handle *user_handle
999 /************************/
1003 uint16 min_password_length;
1004 samr_PasswordProperties password_properties;
1007 [public] NTSTATUS samr_GetUserPwInfo(
1008 [in,ref] policy_handle *user_handle,
1009 [out] samr_PwInfo info
1012 /************************/
1014 NTSTATUS samr_RemoveMemberFromForeignDomain(
1015 [in,ref] policy_handle *domain_handle,
1016 [in,ref] dom_sid2 *sid
1019 /************************/
1023 how is this different from QueryDomainInfo ??
1025 NTSTATUS samr_QueryDomainInfo2(
1026 [in,ref] policy_handle *domain_handle,
1028 [out,switch_is(level)] samr_DomainInfo *info
1031 /************************/
1035 how is this different from QueryUserInfo ??
1037 NTSTATUS samr_QueryUserInfo2(
1038 [in,ref] policy_handle *user_handle,
1040 [out,switch_is(level)] samr_UserInfo *info
1043 /************************/
1047 how is this different from QueryDisplayInfo??
1049 NTSTATUS samr_QueryDisplayInfo2(
1050 [in,ref] policy_handle *domain_handle,
1052 [in] uint32 start_idx,
1053 [in] uint32 max_entries,
1054 [in] uint32 buf_size,
1055 [out] uint32 total_size,
1056 [out] uint32 returned_size,
1057 [out,switch_is(level)] samr_DispInfo info
1060 /************************/
1064 how is this different from GetDisplayEnumerationIndex ??
1066 NTSTATUS samr_GetDisplayEnumerationIndex2(
1067 [in,ref] policy_handle *domain_handle,
1069 [in] lsa_String name,
1074 /************************/
1076 NTSTATUS samr_CreateUser2(
1077 [in,ref] policy_handle *domain_handle,
1078 [in,ref] lsa_String *account_name,
1079 [in] samr_AcctFlags acct_flags,
1080 [in] uint32 access_mask,
1081 [out,ref] policy_handle *user_handle,
1082 [out,ref] uint32 *access_granted,
1083 [out,ref] uint32 *rid
1087 /************************/
1091 another duplicate. There must be a reason ....
1093 NTSTATUS samr_QueryDisplayInfo3(
1094 [in,ref] policy_handle *domain_handle,
1096 [in] uint32 start_idx,
1097 [in] uint32 max_entries,
1098 [in] uint32 buf_size,
1099 [out] uint32 total_size,
1100 [out] uint32 returned_size,
1101 [out,switch_is(level)] samr_DispInfo info
1104 /************************/
1106 NTSTATUS samr_AddMultipleMembersToAlias(
1107 [in,ref] policy_handle *alias_handle,
1108 [in,ref] lsa_SidArray *sids
1111 /************************/
1113 NTSTATUS samr_RemoveMultipleMembersFromAlias(
1114 [in,ref] policy_handle *alias_handle,
1115 [in,ref] lsa_SidArray *sids
1118 /************************/
1121 NTSTATUS samr_OemChangePasswordUser2(
1122 [in] lsa_AsciiString *server,
1123 [in,ref] lsa_AsciiString *account,
1124 [in] samr_CryptPassword *password,
1125 [in] samr_Password *hash
1128 /************************/
1130 NTSTATUS samr_ChangePasswordUser2(
1131 [in] lsa_String *server,
1132 [in,ref] lsa_String *account,
1133 [in] samr_CryptPassword *nt_password,
1134 [in] samr_Password *nt_verifier,
1135 [in] boolean8 lm_change,
1136 [in] samr_CryptPassword *lm_password,
1137 [in] samr_Password *lm_verifier
1140 /************************/
1142 NTSTATUS samr_GetDomPwInfo(
1143 [in] lsa_String *domain_name,
1144 [out] samr_PwInfo info
1147 /************************/
1149 NTSTATUS samr_Connect2(
1150 [in,string,charset(UTF16)] uint16 *system_name,
1151 [in] samr_ConnectAccessMask access_mask,
1152 [out,ref] policy_handle *connect_handle
1155 /************************/
1158 seems to be an exact alias for samr_SetUserInfo()
1160 [public] NTSTATUS samr_SetUserInfo2(
1161 [in,ref] policy_handle *user_handle,
1163 [in,ref,switch_is(level)] samr_UserInfo *info
1166 /************************/
1169 this one is mysterious. I have a few guesses, but nothing working yet
1171 NTSTATUS samr_SetBootKeyInformation(
1172 [in,ref] policy_handle *connect_handle,
1173 [in] uint32 unknown1,
1174 [in] uint32 unknown2,
1175 [in] uint32 unknown3
1178 /************************/
1180 NTSTATUS samr_GetBootKeyInformation(
1181 [in,ref] policy_handle *domain_handle,
1182 [out] uint32 unknown
1185 /************************/
1187 NTSTATUS samr_Connect3(
1188 [in,string,charset(UTF16)] uint16 *system_name,
1189 /* this unknown value seems to be completely ignored by w2k3 */
1190 [in] uint32 unknown,
1191 [in] samr_ConnectAccessMask access_mask,
1192 [out,ref] policy_handle *connect_handle
1195 /************************/
1197 NTSTATUS samr_Connect4(
1198 [in,string,charset(UTF16)] uint16 *system_name,
1199 [in] uint32 unknown,
1200 [in] samr_ConnectAccessMask access_mask,
1201 [out,ref] policy_handle *connect_handle
1204 /************************/
1207 declare enum samr_RejectReason;
1210 samr_RejectReason reason;
1213 } samr_ChangeReject;
1215 NTSTATUS samr_ChangePasswordUser3(
1216 [in] lsa_String *server,
1217 [in,ref] lsa_String *account,
1218 [in] samr_CryptPassword *nt_password,
1219 [in] samr_Password *nt_verifier,
1220 [in] boolean8 lm_change,
1221 [in] samr_CryptPassword *lm_password,
1222 [in] samr_Password *lm_verifier,
1223 [in] samr_CryptPassword *password3,
1224 [out] samr_DomInfo1 *dominfo,
1225 [out] samr_ChangeReject *reject
1228 /************************/
1232 uint32 unknown1; /* w2k3 gives 3 */
1233 uint32 unknown2; /* w2k3 gives 0 */
1234 } samr_ConnectInfo1;
1237 [case(1)] samr_ConnectInfo1 info1;
1240 [public] NTSTATUS samr_Connect5(
1241 [in,string,charset(UTF16)] uint16 *system_name,
1242 [in] samr_ConnectAccessMask access_mask,
1243 [in,out] uint32 level,
1244 [in,out,switch_is(level),ref] samr_ConnectInfo *info,
1245 [out,ref] policy_handle *connect_handle
1248 /************************/
1250 NTSTATUS samr_RidToSid(
1251 [in,ref] policy_handle *domain_handle,
1257 /************************/
1261 this should set the DSRM password for the server, which is used
1262 when booting into Directory Services Recovery Mode on a DC. Win2003
1263 gives me NT_STATUS_NOT_SUPPORTED
1266 NTSTATUS samr_SetDsrmPassword(
1267 [in] lsa_String *name,
1268 [in] uint32 unknown,
1269 [in] samr_Password *hash
1273 /************************/
1276 I haven't been able to work out the format of this one yet.
1277 Seems to start with a switch level for a union?
1279 NTSTATUS samr_ValidatePassword();