4 samr interface definition
6 /* import "misc.idl", "lsa.idl", "security.idl";*/
9 Thanks to Todd Sabin for some information from his samr.idl in acltools
12 [ uuid("12345778-1234-abcd-ef00-0123456789ac"),
14 endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
15 pointer_default(unique),
16 pointer_default_top(unique)
19 declare bitmap security_secinfo;
21 typedef [public,noejs] struct {
22 [value(strlen_m_term(name)*2)] uint16 name_len;
23 [value(strlen_m_term(name)*2)] uint16 name_size;
24 [string,charset(UTF16)] uint16 *name;
27 typedef [public] struct {
29 [size_is(count)] lsa_String *names;
33 typedef [v1_enum] enum {
34 SID_NAME_USE_NONE = 0,/* NOTUSED */
35 SID_NAME_USER = 1, /* user */
36 SID_NAME_DOM_GRP = 2, /* domain group */
37 SID_NAME_DOMAIN = 3, /* domain: don't know what this is */
38 SID_NAME_ALIAS = 4, /* local group */
39 SID_NAME_WKN_GRP = 5, /* well-known group */
40 SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating */
41 SID_NAME_INVALID = 7, /* invalid account */
42 SID_NAME_UNKNOWN = 8, /* oops. */
43 SID_NAME_COMPUTER = 9 /* machine */
46 /* account control (acct_flags) bits */
47 typedef [public,bitmap32bit] bitmap {
48 ACB_DISABLED = 0x00000001, /* 1 = User account disabled */
49 ACB_HOMDIRREQ = 0x00000002, /* 1 = Home directory required */
50 ACB_PWNOTREQ = 0x00000004, /* 1 = User password not required */
51 ACB_TEMPDUP = 0x00000008, /* 1 = Temporary duplicate account */
52 ACB_NORMAL = 0x00000010, /* 1 = Normal user account */
53 ACB_MNS = 0x00000020, /* 1 = MNS logon user account */
54 ACB_DOMTRUST = 0x00000040, /* 1 = Interdomain trust account */
55 ACB_WSTRUST = 0x00000080, /* 1 = Workstation trust account */
56 ACB_SVRTRUST = 0x00000100, /* 1 = Server trust account */
57 ACB_PWNOEXP = 0x00000200, /* 1 = User password does not expire */
58 ACB_AUTOLOCK = 0x00000400, /* 1 = Account auto locked */
59 ACB_ENC_TXT_PWD_ALLOWED = 0x00000800, /* 1 = Encryped text password is allowed */
60 ACB_SMARTCARD_REQUIRED = 0x00001000, /* 1 = Smart Card required */
61 ACB_TRUSTED_FOR_DELEGATION = 0x00002000, /* 1 = Trusted for Delegation */
62 ACB_NOT_DELEGATED = 0x00004000, /* 1 = Not delegated */
63 ACB_USE_DES_KEY_ONLY = 0x00008000, /* 1 = Use DES key only */
64 ACB_DONT_REQUIRE_PREAUTH = 0x00010000, /* 1 = Preauth not required */
65 ACB_PW_EXPIRED = 0x00020000, /* 1 = Password Expired */
66 ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */
69 typedef [bitmap32bit] bitmap {
70 SAMR_ACCESS_CONNECT_TO_SERVER = 0x00000001,
71 SAMR_ACCESS_SHUTDOWN_SERVER = 0x00000002,
72 SAMR_ACCESS_INITIALIZE_SERVER = 0x00000004,
73 SAMR_ACCESS_CREATE_DOMAIN = 0x00000008,
74 SAMR_ACCESS_ENUM_DOMAINS = 0x00000010,
75 SAMR_ACCESS_OPEN_DOMAIN = 0x00000020
76 } samr_ConnectAccessMask;
78 typedef [bitmap32bit] bitmap {
79 USER_ACCESS_GET_NAME_ETC = 0x00000001,
80 USER_ACCESS_GET_LOCALE = 0x00000002,
81 USER_ACCESS_SET_LOC_COM = 0x00000004,
82 USER_ACCESS_GET_LOGONINFO = 0x00000008,
83 USER_ACCESS_GET_ATTRIBUTES = 0x00000010,
84 USER_ACCESS_SET_ATTRIBUTES = 0x00000020,
85 USER_ACCESS_CHANGE_PASSWORD = 0x00000040,
86 USER_ACCESS_SET_PASSWORD = 0x00000080,
87 USER_ACCESS_GET_GROUPS = 0x00000100,
88 USER_ACCESS_GET_GROUP_MEMBERSHIP = 0x00000200,
89 USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400
90 } samr_UserAccessMask;
92 typedef [bitmap32bit] bitmap {
93 DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001,
94 DOMAIN_ACCESS_SET_INFO_1 = 0x00000002,
95 DOMAIN_ACCESS_LOOKUP_INFO_2 = 0x00000004,
96 DOMAIN_ACCESS_SET_INFO_2 = 0x00000008,
97 DOMAIN_ACCESS_CREATE_USER = 0x00000010,
98 DOMAIN_ACCESS_CREATE_GROUP = 0x00000020,
99 DOMAIN_ACCESS_CREATE_ALIAS = 0x00000040,
100 DOMAIN_ACCESS_LOOKUP_ALIAS = 0x00000080,
101 DOMAIN_ACCESS_ENUM_ACCOUNTS = 0x00000100,
102 DOMAIN_ACCESS_OPEN_ACCOUNT = 0x00000200,
103 DOMAIN_ACCESS_SET_INFO_3 = 0x00000400
104 } samr_DomainAccessMask;
106 typedef [bitmap32bit] bitmap {
107 GROUP_ACCESS_LOOKUP_INFO = 0x00000001,
108 GROUP_ACCESS_SET_INFO = 0x00000002,
109 GROUP_ACCESS_ADD_MEMBER = 0x00000004,
110 GROUP_ACCESS_REMOVE_MEMBER = 0x00000008,
111 GROUP_ACCESS_GET_MEMBERS = 0x00000010
112 } samr_GroupAccessMask;
114 typedef [bitmap32bit] bitmap {
115 ALIAS_ACCESS_ADD_MEMBER = 0x00000001,
116 ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002,
117 ALIAS_ACCESS_GET_MEMBERS = 0x00000004,
118 ALIAS_ACCESS_LOOKUP_INFO = 0x00000008,
119 ALIAS_ACCESS_SET_INFO = 0x00000010
120 } samr_AliasAccessMask;
124 NTSTATUS samr_Connect (
125 /* notice the lack of [string] */
126 [in] uint16 *system_name,
127 [in] samr_ConnectAccessMask access_mask,
128 [out,ref] policy_handle *connect_handle
134 [public] NTSTATUS samr_Close (
135 [in,out,ref] policy_handle *handle
141 NTSTATUS samr_SetSecurity (
142 [in,ref] policy_handle *handle,
143 [in] security_secinfo sec_info,
144 [in,ref] sec_desc_buf *sdbuf
150 NTSTATUS samr_QuerySecurity (
151 [in,ref] policy_handle *handle,
152 [in] security_secinfo sec_info,
153 [out] sec_desc_buf *sdbuf
160 shutdown the SAM - once you call this the SAM will be dead
162 NTSTATUS samr_Shutdown (
163 [in,ref] policy_handle *connect_handle
168 NTSTATUS samr_LookupDomain (
169 [in,ref] policy_handle *connect_handle,
170 [in,ref] lsa_String *domain_name,
185 [size_is(count)] samr_SamEntry *entries;
188 NTSTATUS samr_EnumDomains (
189 [in,ref] policy_handle *connect_handle,
190 [in,out,ref] uint32 *resume_handle,
191 [in] uint32 buf_size,
192 [out] samr_SamArray *sam,
193 [out] uint32 num_entries
197 /************************/
199 [public] NTSTATUS samr_OpenDomain(
200 [in,ref] policy_handle *connect_handle,
201 [in] samr_DomainAccessMask access_mask,
202 [in,ref] dom_sid2 *sid,
203 [out,ref] policy_handle *domain_handle
206 /************************/
209 typedef [v1_enum] enum {
210 SAMR_ROLE_STANDALONE = 0,
211 SAMR_ROLE_DOMAIN_MEMBER = 1,
212 SAMR_ROLE_DOMAIN_BDC = 2,
213 SAMR_ROLE_DOMAIN_PDC = 3
216 /* password properties flags */
217 typedef [public,bitmap32bit] bitmap {
218 DOMAIN_PASSWORD_COMPLEX = 0x00000001,
219 DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002,
220 DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004,
221 DOMAIN_PASSWORD_LOCKOUT_ADMINS = 0x00000008,
222 DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010,
223 DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020
224 } samr_PasswordProperties;
227 uint16 min_password_length;
228 uint16 password_history_length;
229 samr_PasswordProperties password_properties;
230 /* yes, these are signed. They are in negative 100ns */
231 dlong max_password_age;
232 dlong min_password_age;
236 NTTIME force_logoff_time;
238 lsa_String domain_name;
239 lsa_String primary; /* PDC name if this is a BDC */
250 NTTIME force_logoff_time;
258 lsa_String domain_name;
271 NTTIME domain_create_time;
275 uint32 unknown; /* w2k3 returns 1 */
280 hyper lockout_duration;
281 hyper lockout_window;
282 uint16 lockout_threshold;
286 hyper lockout_duration;
287 hyper lockout_window;
288 uint16 lockout_threshold;
293 NTTIME domain_create_time;
298 typedef [switch_type(uint16)] union {
299 [case(1)] samr_DomInfo1 info1;
300 [case(2)] samr_DomInfo2 info2;
301 [case(3)] samr_DomInfo3 info3;
302 [case(4)] samr_DomInfo4 info4;
303 [case(5)] samr_DomInfo5 info5;
304 [case(6)] samr_DomInfo6 info6;
305 [case(7)] samr_DomInfo7 info7;
306 [case(8)] samr_DomInfo8 info8;
307 [case(9)] samr_DomInfo9 info9;
308 [case(11)] samr_DomInfo11 info11;
309 [case(12)] samr_DomInfo12 info12;
310 [case(13)] samr_DomInfo13 info13;
313 NTSTATUS samr_QueryDomainInfo(
314 [in,ref] policy_handle *domain_handle,
316 [out,switch_is(level)] samr_DomainInfo *info
319 /************************/
322 only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
325 NTSTATUS samr_SetDomainInfo(
326 [in,ref] policy_handle *domain_handle,
328 [in,switch_is(level),ref] samr_DomainInfo *info
332 /************************/
334 NTSTATUS samr_CreateDomainGroup(
335 [in,ref] policy_handle *domain_handle,
336 [in,ref] lsa_String *name,
337 [in] samr_GroupAccessMask access_mask,
338 [out,ref] policy_handle *group_handle,
339 [out,ref] uint32 *rid
343 /************************/
345 NTSTATUS samr_EnumDomainGroups(
346 [in,ref] policy_handle *domain_handle,
347 [in,out,ref] uint32 *resume_handle,
348 [in] uint32 max_size,
349 [out] samr_SamArray *sam,
350 [out] uint32 num_entries
353 /************************/
355 NTSTATUS samr_CreateUser(
356 [in,ref] policy_handle *domain_handle,
357 [in,ref] lsa_String *account_name,
358 [in] samr_UserAccessMask access_mask,
359 [out,ref] policy_handle *user_handle,
360 [out,ref] uint32 *rid
363 /************************/
367 /* w2k3 treats max_size as max_users*54 and sets the
368 resume_handle as the rid of the last user sent
370 const int SAMR_ENUM_USERS_MULTIPLIER = 54;
372 NTSTATUS samr_EnumDomainUsers(
373 [in,ref] policy_handle *domain_handle,
374 [in,out,ref] uint32 *resume_handle,
375 [in] samr_AcctFlags acct_flags,
376 [in] uint32 max_size,
377 [out] samr_SamArray *sam,
378 [out] uint32 num_entries
381 /************************/
383 NTSTATUS samr_CreateDomAlias(
384 [in,ref] policy_handle *domain_handle,
385 [in,ref] lsa_String *alias_name,
386 [in] samr_AliasAccessMask access_mask,
387 [out,ref] policy_handle *alias_handle,
388 [out,ref] uint32 *rid
391 /************************/
393 NTSTATUS samr_EnumDomainAliases(
394 [in,ref] policy_handle *domain_handle,
395 [in,out,ref] uint32 *resume_handle,
396 [in] samr_AcctFlags acct_flags,
397 [out] samr_SamArray *sam,
398 [out] uint32 num_entries
401 /************************/
405 [range(0,1024)] uint32 count;
406 [size_is(count)] uint32 *ids;
410 [range(0,1024)] uint32 count;
411 [size_is(count)] lsa_SidType *types;
414 NTSTATUS samr_GetAliasMembership(
415 [in,ref] policy_handle *domain_handle,
416 [in,ref] lsa_SidArray *sids,
417 [out,ref] samr_Ids *rids
420 /************************/
423 [public] NTSTATUS samr_LookupNames(
424 [in,ref] policy_handle *domain_handle,
425 [in,range(0,1000)] uint32 num_names,
426 [in,size_is(1000),length_is(num_names), ref] lsa_String *names,
428 [out] samr_Types types
432 /************************/
434 NTSTATUS samr_LookupRids(
435 [in,ref] policy_handle *domain_handle,
436 [in,range(0,1000)] uint32 num_rids,
437 [in,size_is(1000),length_is(num_rids),ref] uint32 *rids,
438 [out] lsa_Strings names,
439 [out] samr_Types types
442 /************************/
444 NTSTATUS samr_OpenGroup(
445 [in,ref] policy_handle *domain_handle,
446 [in] samr_GroupAccessMask access_mask,
448 [out,ref] policy_handle *group_handle
451 /* Group attributes */
452 typedef [public,bitmap32bit] bitmap {
453 SE_GROUP_MANDATORY = 0x00000001,
454 SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002,
455 SE_GROUP_ENABLED = 0x00000004,
456 SE_GROUP_OWNER = 0x00000008,
457 SE_GROUP_USE_FOR_DENY_ONLY = 0x00000010,
458 SE_GROUP_RESOURCE = 0x20000000,
459 SE_GROUP_LOGON_ID = 0xC0000000
462 /************************/
467 samr_GroupAttrs attributes;
469 lsa_String description;
473 samr_GroupAttrs attributes;
474 } samr_GroupInfoAttributes;
477 lsa_String description;
478 } samr_GroupInfoDescription;
483 GROUPINFOATTRIBUTES = 3,
484 GROUPINFODESCRIPTION = 4,
486 } samr_GroupInfoEnum;
488 typedef [switch_type(samr_GroupInfoEnum)] union {
489 [case(GROUPINFOALL)] samr_GroupInfoAll all;
490 [case(GROUPINFONAME)] lsa_String name;
491 [case(GROUPINFOATTRIBUTES)] samr_GroupInfoAttributes attributes;
492 [case(GROUPINFODESCRIPTION)] lsa_String description;
493 [case(GROUPINFOALL2)] samr_GroupInfoAll all2;
496 NTSTATUS samr_QueryGroupInfo(
497 [in,ref] policy_handle *group_handle,
498 [in] samr_GroupInfoEnum level,
499 [out,switch_is(level)] samr_GroupInfo *info
502 /************************/
504 NTSTATUS samr_SetGroupInfo(
505 [in,ref] policy_handle *group_handle,
506 [in] samr_GroupInfoEnum level,
507 [in,switch_is(level),ref] samr_GroupInfo *info
510 /************************/
512 NTSTATUS samr_AddGroupMember(
513 [in,ref] policy_handle *group_handle,
518 /************************/
520 NTSTATUS samr_DeleteDomainGroup(
521 [in,out,ref] policy_handle *group_handle
524 /************************/
526 NTSTATUS samr_DeleteGroupMember(
527 [in,ref] policy_handle *group_handle,
532 /************************/
536 [size_is(count)] uint32 *rids;
537 [size_is(count)] lsa_SidType *types;
540 NTSTATUS samr_QueryGroupMember(
541 [in,ref] policy_handle *group_handle,
542 [out] samr_RidTypeArray *rids
546 /************************/
550 win2003 seems to accept any data at all for the two integers
551 below, and doesn't seem to do anything with them that I can
552 see. Weird. I really expected the first integer to be a rid
553 and the second to be the attributes for that rid member.
555 NTSTATUS samr_SetMemberAttributesOfGroup(
556 [in,ref] policy_handle *group_handle,
557 [in] uint32 unknown1,
562 /************************/
564 NTSTATUS samr_OpenAlias (
565 [in,ref] policy_handle *domain_handle,
566 [in] samr_AliasAccessMask access_mask,
568 [out,ref] policy_handle *alias_handle
572 /************************/
578 lsa_String description;
584 ALIASINFODESCRIPTION = 3
585 } samr_AliasInfoEnum;
587 typedef [switch_type(samr_AliasInfoEnum)] union {
588 [case(ALIASINFOALL)] samr_AliasInfoAll all;
589 [case(ALIASINFONAME)] lsa_String name;
590 [case(ALIASINFODESCRIPTION)] lsa_String description;
593 NTSTATUS samr_QueryAliasInfo(
594 [in,ref] policy_handle *alias_handle,
595 [in] samr_AliasInfoEnum level,
596 [out,switch_is(level)] samr_AliasInfo *info
599 /************************/
601 NTSTATUS samr_SetAliasInfo(
602 [in,ref] policy_handle *alias_handle,
603 [in] samr_AliasInfoEnum level,
604 [in,switch_is(level)] samr_AliasInfo info
607 /************************/
609 NTSTATUS samr_DeleteDomAlias(
610 [in,out,ref] policy_handle *alias_handle
613 /************************/
615 NTSTATUS samr_AddAliasMember(
616 [in,ref] policy_handle *alias_handle,
617 [in,ref] dom_sid2 *sid
620 /************************/
622 NTSTATUS samr_DeleteAliasMember(
623 [in,ref] policy_handle *alias_handle,
624 [in,ref] dom_sid2 *sid
627 /************************/
629 NTSTATUS samr_GetMembersInAlias(
630 [in,ref] policy_handle *alias_handle,
631 [out,ref] lsa_SidArray *sids
634 /************************/
636 [public] NTSTATUS samr_OpenUser(
637 [in,ref] policy_handle *domain_handle,
638 [in] samr_UserAccessMask access_mask,
640 [out,ref] policy_handle *user_handle
643 /************************/
645 NTSTATUS samr_DeleteUser(
646 [in,out,ref] policy_handle *user_handle
649 /************************/
652 lsa_String account_name;
653 lsa_String full_name;
655 lsa_String description;
661 lsa_String unknown; /* settable, but doesn't stick. probably obsolete */
666 /* this is also used in samr and netlogon */
667 typedef [public, flag(NDR_PAHEX)] struct {
668 uint16 units_per_week;
669 [size_is(1260), length_is(units_per_week/8)] uint8 *bits;
673 lsa_String account_name;
674 lsa_String full_name;
677 lsa_String home_directory;
678 lsa_String home_drive;
679 lsa_String logon_script;
680 lsa_String profile_path;
681 lsa_String workstations;
684 NTTIME last_password_change;
685 NTTIME allow_password_change;
686 NTTIME force_password_change;
687 samr_LogonHours logon_hours;
688 uint16 bad_password_count;
690 samr_AcctFlags acct_flags;
694 samr_LogonHours logon_hours;
698 lsa_String account_name;
699 lsa_String full_name;
702 lsa_String home_directory;
703 lsa_String home_drive;
704 lsa_String logon_script;
705 lsa_String profile_path;
706 lsa_String description;
707 lsa_String workstations;
710 samr_LogonHours logon_hours;
711 uint16 bad_password_count;
713 NTTIME last_password_change;
715 samr_AcctFlags acct_flags;
719 lsa_String account_name;
720 lsa_String full_name;
724 lsa_String account_name;
728 lsa_String full_name;
736 lsa_String home_directory;
737 lsa_String home_drive;
741 lsa_String logon_script;
745 lsa_String profile_path;
749 lsa_String description;
753 lsa_String workstations;
757 samr_AcctFlags acct_flags;
765 lsa_String parameters;
768 /* this defines the bits used for fields_present in info21 */
769 typedef [bitmap32bit] bitmap {
770 SAMR_FIELD_ACCOUNT_NAME = 0x00000001,
771 SAMR_FIELD_FULL_NAME = 0x00000002,
772 SAMR_FIELD_PRIMARY_GID = 0x00000008,
773 SAMR_FIELD_DESCRIPTION = 0x00000010,
774 SAMR_FIELD_COMMENT = 0x00000020,
775 SAMR_FIELD_HOME_DIRECTORY = 0x00000040,
776 SAMR_FIELD_HOME_DRIVE = 0x00000080,
777 SAMR_FIELD_LOGON_SCRIPT = 0x00000100,
778 SAMR_FIELD_PROFILE_PATH = 0x00000200,
779 SAMR_FIELD_WORKSTATIONS = 0x00000400,
780 SAMR_FIELD_LOGON_HOURS = 0x00002000,
781 SAMR_FIELD_ACCT_FLAGS = 0x00100000,
782 SAMR_FIELD_PARAMETERS = 0x00200000,
783 SAMR_FIELD_COUNTRY_CODE = 0x00400000,
784 SAMR_FIELD_CODE_PAGE = 0x00800000,
785 SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */
786 SAMR_FIELD_PASSWORD2 = 0x02000000 /* two bits seems to work */
787 } samr_FieldsPresent;
792 NTTIME last_password_change;
794 NTTIME allow_password_change;
795 NTTIME force_password_change;
796 lsa_String account_name;
797 lsa_String full_name;
798 lsa_String home_directory;
799 lsa_String home_drive;
800 lsa_String logon_script;
801 lsa_String profile_path;
802 lsa_String description;
803 lsa_String workstations;
805 lsa_String parameters;
810 [size_is(buf_count)] uint8 *buffer;
813 samr_AcctFlags acct_flags;
814 samr_FieldsPresent fields_present;
815 samr_LogonHours logon_hours;
816 uint16 bad_password_count;
820 uint8 nt_password_set;
821 uint8 lm_password_set;
822 uint8 password_expired;
826 typedef [public, flag(NDR_PAHEX)] struct {
828 } samr_CryptPassword;
831 samr_UserInfo21 info;
832 samr_CryptPassword password;
836 samr_CryptPassword password;
840 typedef [flag(NDR_PAHEX)] struct {
842 } samr_CryptPasswordEx;
845 samr_UserInfo21 info;
846 samr_CryptPasswordEx password;
850 samr_CryptPasswordEx password;
854 typedef [switch_type(uint16)] union {
855 [case(1)] samr_UserInfo1 info1;
856 [case(2)] samr_UserInfo2 info2;
857 [case(3)] samr_UserInfo3 info3;
858 [case(4)] samr_UserInfo4 info4;
859 [case(5)] samr_UserInfo5 info5;
860 [case(6)] samr_UserInfo6 info6;
861 [case(7)] samr_UserInfo7 info7;
862 [case(8)] samr_UserInfo8 info8;
863 [case(9)] samr_UserInfo9 info9;
864 [case(10)] samr_UserInfo10 info10;
865 [case(11)] samr_UserInfo11 info11;
866 [case(12)] samr_UserInfo12 info12;
867 [case(13)] samr_UserInfo13 info13;
868 [case(14)] samr_UserInfo14 info14;
869 [case(16)] samr_UserInfo16 info16;
870 [case(17)] samr_UserInfo17 info17;
871 [case(20)] samr_UserInfo20 info20;
872 [case(21)] samr_UserInfo21 info21;
873 [case(23)] samr_UserInfo23 info23;
874 [case(24)] samr_UserInfo24 info24;
875 [case(25)] samr_UserInfo25 info25;
876 [case(26)] samr_UserInfo26 info26;
879 [public] NTSTATUS samr_QueryUserInfo(
880 [in,ref] policy_handle *user_handle,
882 [out,switch_is(level)] samr_UserInfo *info
886 /************************/
888 [public] NTSTATUS samr_SetUserInfo(
889 [in,ref] policy_handle *user_handle,
891 [in,ref,switch_is(level)] samr_UserInfo *info
894 /************************/
896 typedef [public, flag(NDR_PAHEX)] struct {
901 this is a password change interface that doesn't give
902 the server the plaintext password. Depricated.
904 NTSTATUS samr_ChangePasswordUser(
905 [in,ref] policy_handle *user_handle,
906 [in] boolean8 lm_present,
907 [in] samr_Password *old_lm_crypted,
908 [in] samr_Password *new_lm_crypted,
909 [in] boolean8 nt_present,
910 [in] samr_Password *old_nt_crypted,
911 [in] samr_Password *new_nt_crypted,
912 [in] boolean8 cross1_present,
913 [in] samr_Password *nt_cross,
914 [in] boolean8 cross2_present,
915 [in] samr_Password *lm_cross
918 /************************/
921 typedef [public] struct {
923 samr_GroupAttrs attributes;
924 } samr_RidWithAttribute;
926 typedef [public] struct {
928 [size_is(count)] samr_RidWithAttribute *rids;
929 } samr_RidWithAttributeArray;
931 NTSTATUS samr_GetGroupsForUser(
932 [in,ref] policy_handle *user_handle,
933 [out] samr_RidWithAttributeArray *rids
936 /************************/
942 samr_AcctFlags acct_flags;
943 lsa_String account_name;
944 lsa_String full_name;
945 lsa_String description;
946 } samr_DispEntryGeneral;
950 [size_is(count)] samr_DispEntryGeneral *entries;
951 } samr_DispInfoGeneral;
956 samr_AcctFlags acct_flags;
957 lsa_String account_name;
958 lsa_String description;
959 } samr_DispEntryFull;
963 [size_is(count)] samr_DispEntryFull *entries;
969 samr_GroupAttrs acct_flags;
970 lsa_String account_name;
971 lsa_String description;
972 } samr_DispEntryFullGroup;
976 [size_is(count)] samr_DispEntryFullGroup *entries;
977 } samr_DispInfoFullGroups;
981 lsa_AsciiString account_name;
982 } samr_DispEntryAscii;
986 [size_is(count)] samr_DispEntryAscii *entries;
987 } samr_DispInfoAscii;
989 typedef [switch_type(uint16)] union {
990 [case(1)] samr_DispInfoGeneral info1;/* users */
991 [case(2)] samr_DispInfoFull info2; /* trust accounts? */
992 [case(3)] samr_DispInfoFullGroups info3; /* groups */
993 [case(4)] samr_DispInfoAscii info4; /* users */
994 [case(5)] samr_DispInfoAscii info5; /* groups */
997 NTSTATUS samr_QueryDisplayInfo(
998 [in,ref] policy_handle *domain_handle,
1000 [in] uint32 start_idx,
1001 [in] uint32 max_entries,
1002 [in] uint32 buf_size,
1003 [out] uint32 total_size,
1004 [out] uint32 returned_size,
1005 [out,switch_is(level)] samr_DispInfo info
1009 /************************/
1013 this seems to be an alphabetic search function. The returned index
1014 is the index for samr_QueryDisplayInfo needed to get names occurring
1015 after the specified name. The supplied name does not need to exist
1016 in the database (for example you can supply just a first letter for
1017 searching starting at that letter)
1019 The level corresponds to the samr_QueryDisplayInfo level
1021 NTSTATUS samr_GetDisplayEnumerationIndex(
1022 [in,ref] policy_handle *domain_handle,
1024 [in] lsa_String name,
1030 /************************/
1034 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
1036 NTSTATUS samr_TestPrivateFunctionsDomain(
1037 [in,ref] policy_handle *domain_handle
1041 /************************/
1045 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
1047 NTSTATUS samr_TestPrivateFunctionsUser(
1048 [in,ref] policy_handle *user_handle
1052 /************************/
1056 uint16 min_password_length;
1057 samr_PasswordProperties password_properties;
1060 [public] NTSTATUS samr_GetUserPwInfo(
1061 [in,ref] policy_handle *user_handle,
1062 [out] samr_PwInfo info
1065 /************************/
1067 NTSTATUS samr_RemoveMemberFromForeignDomain(
1068 [in,ref] policy_handle *domain_handle,
1069 [in,ref] dom_sid2 *sid
1072 /************************/
1076 how is this different from QueryDomainInfo ??
1078 NTSTATUS samr_QueryDomainInfo2(
1079 [in,ref] policy_handle *domain_handle,
1081 [out,switch_is(level)] samr_DomainInfo *info
1084 /************************/
1088 how is this different from QueryUserInfo ??
1090 NTSTATUS samr_QueryUserInfo2(
1091 [in,ref] policy_handle *user_handle,
1093 [out,switch_is(level)] samr_UserInfo *info
1096 /************************/
1100 how is this different from QueryDisplayInfo??
1102 NTSTATUS samr_QueryDisplayInfo2(
1103 [in,ref] policy_handle *domain_handle,
1105 [in] uint32 start_idx,
1106 [in] uint32 max_entries,
1107 [in] uint32 buf_size,
1108 [out] uint32 total_size,
1109 [out] uint32 returned_size,
1110 [out,switch_is(level)] samr_DispInfo info
1113 /************************/
1117 how is this different from GetDisplayEnumerationIndex ??
1119 NTSTATUS samr_GetDisplayEnumerationIndex2(
1120 [in,ref] policy_handle *domain_handle,
1122 [in] lsa_String name,
1127 /************************/
1129 NTSTATUS samr_CreateUser2(
1130 [in,ref] policy_handle *domain_handle,
1131 [in,ref] lsa_String *account_name,
1132 [in] samr_AcctFlags acct_flags,
1133 [in] samr_UserAccessMask access_mask,
1134 [out,ref] policy_handle *user_handle,
1135 [out,ref] uint32 *access_granted,
1136 [out,ref] uint32 *rid
1140 /************************/
1144 another duplicate. There must be a reason ....
1146 NTSTATUS samr_QueryDisplayInfo3(
1147 [in,ref] policy_handle *domain_handle,
1149 [in] uint32 start_idx,
1150 [in] uint32 max_entries,
1151 [in] uint32 buf_size,
1152 [out] uint32 total_size,
1153 [out] uint32 returned_size,
1154 [out,switch_is(level)] samr_DispInfo info
1157 /************************/
1159 NTSTATUS samr_AddMultipleMembersToAlias(
1160 [in,ref] policy_handle *alias_handle,
1161 [in,ref] lsa_SidArray *sids
1164 /************************/
1166 NTSTATUS samr_RemoveMultipleMembersFromAlias(
1167 [in,ref] policy_handle *alias_handle,
1168 [in,ref] lsa_SidArray *sids
1171 /************************/
1174 NTSTATUS samr_OemChangePasswordUser2(
1175 [in] lsa_AsciiString *server,
1176 [in,ref] lsa_AsciiString *account,
1177 [in] samr_CryptPassword *password,
1178 [in] samr_Password *hash
1181 /************************/
1183 NTSTATUS samr_ChangePasswordUser2(
1184 [in] lsa_String *server,
1185 [in,ref] lsa_String *account,
1186 [in] samr_CryptPassword *nt_password,
1187 [in] samr_Password *nt_verifier,
1188 [in] boolean8 lm_change,
1189 [in] samr_CryptPassword *lm_password,
1190 [in] samr_Password *lm_verifier
1193 /************************/
1195 NTSTATUS samr_GetDomPwInfo(
1196 [in] lsa_String *domain_name,
1197 [out] samr_PwInfo info
1200 /************************/
1202 NTSTATUS samr_Connect2(
1203 [in,string,charset(UTF16)] uint16 *system_name,
1204 [in] samr_ConnectAccessMask access_mask,
1205 [out,ref] policy_handle *connect_handle
1208 /************************/
1211 seems to be an exact alias for samr_SetUserInfo()
1213 [public] NTSTATUS samr_SetUserInfo2(
1214 [in,ref] policy_handle *user_handle,
1216 [in,ref,switch_is(level)] samr_UserInfo *info
1219 /************************/
1222 this one is mysterious. I have a few guesses, but nothing working yet
1224 NTSTATUS samr_SetBootKeyInformation(
1225 [in,ref] policy_handle *connect_handle,
1226 [in] uint32 unknown1,
1227 [in] uint32 unknown2,
1228 [in] uint32 unknown3
1231 /************************/
1233 NTSTATUS samr_GetBootKeyInformation(
1234 [in,ref] policy_handle *domain_handle,
1235 [out] uint32 unknown
1238 /************************/
1240 NTSTATUS samr_Connect3(
1241 [in,string,charset(UTF16)] uint16 *system_name,
1242 /* this unknown value seems to be completely ignored by w2k3 */
1243 [in] uint32 unknown,
1244 [in] samr_ConnectAccessMask access_mask,
1245 [out,ref] policy_handle *connect_handle
1248 /************************/
1250 NTSTATUS samr_Connect4(
1251 [in,string,charset(UTF16)] uint16 *system_name,
1252 [in] uint32 unknown,
1253 [in] samr_ConnectAccessMask access_mask,
1254 [out,ref] policy_handle *connect_handle
1257 /************************/
1261 DUMMY_ENTRY_KEEP_PIDL_HAPPY = 999
1262 } samr_RejectReason;
1265 samr_RejectReason reason;
1268 } samr_ChangeReject;
1270 NTSTATUS samr_ChangePasswordUser3(
1271 [in] lsa_String *server,
1272 [in,ref] lsa_String *account,
1273 [in] samr_CryptPassword *nt_password,
1274 [in] samr_Password *nt_verifier,
1275 [in] boolean8 lm_change,
1276 [in] samr_CryptPassword *lm_password,
1277 [in] samr_Password *lm_verifier,
1278 [in] samr_CryptPassword *password3,
1279 [out] samr_DomInfo1 *dominfo,
1280 [out] samr_ChangeReject *reject
1283 /************************/
1287 uint32 unknown1; /* w2k3 gives 3 */
1288 uint32 unknown2; /* w2k3 gives 0 */
1289 } samr_ConnectInfo1;
1292 [case(1)] samr_ConnectInfo1 info1;
1295 [public] NTSTATUS samr_Connect5(
1296 [in,string,charset(UTF16)] uint16 *system_name,
1297 [in] samr_ConnectAccessMask access_mask,
1298 [in,out] uint32 level,
1299 [in,out,switch_is(level),ref] samr_ConnectInfo *info,
1300 [out,ref] policy_handle *connect_handle
1303 /************************/
1305 NTSTATUS samr_RidToSid(
1306 [in,ref] policy_handle *domain_handle,
1312 /************************/
1316 this should set the DSRM password for the server, which is used
1317 when booting into Directory Services Recovery Mode on a DC. Win2003
1318 gives me NT_STATUS_NOT_SUPPORTED
1321 NTSTATUS samr_SetDsrmPassword(
1322 [in] lsa_String *name,
1323 [in] uint32 unknown,
1324 [in] samr_Password *hash
1328 /************************/
1331 I haven't been able to work out the format of this one yet.
1332 Seems to start with a switch level for a union?
1334 NTSTATUS samr_ValidatePassword();