Wireshark  2.9.0-477-g68ec514b
The Wireshark network protocol analyzer
samr.idl
1 #include "idl_types.h"
2 
3 /*
4  samr interface definition
5 */
6 /* import "misc.idl", "lsa.idl", "security.idl";*/
7 
8 /*
9  Thanks to Todd Sabin for some information from his samr.idl in acltools
10 */
11 
12 [ uuid("12345778-1234-abcd-ef00-0123456789ac"),
13  version(1.0),
14  endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
15  pointer_default(unique)
16 ] interface samr
17 {
18 
19  typedef [public] struct {
20  uint32 count;
21  [size_is(count)] lsa_String *names;
22  } lsa_Strings;
23 
24 
25  typedef [v1_enum] enum {
26  SID_NAME_USE_NONE = 0,/* NOTUSED */
27  SID_NAME_USER = 1, /* user */
28  SID_NAME_DOM_GRP = 2, /* domain group */
29  SID_NAME_DOMAIN = 3, /* domain: don't know what this is */
30  SID_NAME_ALIAS = 4, /* local group */
31  SID_NAME_WKN_GRP = 5, /* well-known group */
32  SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating */
33  SID_NAME_INVALID = 7, /* invalid account */
34  SID_NAME_UNKNOWN = 8, /* oops. */
35  SID_NAME_COMPUTER = 9 /* machine */
36  } lsa_SidType;
37 
38  typedef [public,v1_enum] enum {
39  SAMR_REJECT_OTHER = 0,
40  SAMR_REJECT_TOO_SHORT = 1,
41  SAMR_REJECT_IN_HISTORY = 2,
42  SAMR_REJECT_COMPLEXITY = 5
43  } samr_RejectReason;
44 
45 
46 
47  /* account control (acct_flags) bits */
48  typedef [public,bitmap32bit] bitmap {
49  ACB_DISABLED = 0x00000001, /* 1 = User account disabled */
50  ACB_HOMDIRREQ = 0x00000002, /* 1 = Home directory required */
51  ACB_PWNOTREQ = 0x00000004, /* 1 = User password not required */
52  ACB_TEMPDUP = 0x00000008, /* 1 = Temporary duplicate account */
53  ACB_NORMAL = 0x00000010, /* 1 = Normal user account */
54  ACB_MNS = 0x00000020, /* 1 = MNS logon user account */
55  ACB_DOMTRUST = 0x00000040, /* 1 = Interdomain trust account */
56  ACB_WSTRUST = 0x00000080, /* 1 = Workstation trust account */
57  ACB_SVRTRUST = 0x00000100, /* 1 = Server trust account */
58  ACB_PWNOEXP = 0x00000200, /* 1 = User password does not expire */
59  ACB_AUTOLOCK = 0x00000400, /* 1 = Account auto locked */
60  ACB_ENC_TXT_PWD_ALLOWED = 0x00000800, /* 1 = Encryped text password is allowed */
61  ACB_SMARTCARD_REQUIRED = 0x00001000, /* 1 = Smart Card required */
62  ACB_TRUSTED_FOR_DELEGATION = 0x00002000, /* 1 = Trusted for Delegation */
63  ACB_NOT_DELEGATED = 0x00004000, /* 1 = Not delegated */
64  ACB_USE_DES_KEY_ONLY = 0x00008000, /* 1 = Use DES key only */
65  ACB_DONT_REQUIRE_PREAUTH = 0x00010000, /* 1 = Preauth not required */
66  ACB_PW_EXPIRED = 0x00020000, /* 1 = Password Expired */
67  ACB_TRUST_AUTH_DELEGAT = 0x00040000, /* 1 = Trusted to authenticate for delegation */
68  ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */
69  } samr_AcctFlags;
70 
71  /* SAM server specific access rights */
72 
73  typedef [bitmap32bit] bitmap {
74  SAMR_ACCESS_CONNECT_TO_SERVER = 0x00000001,
75  SAMR_ACCESS_SHUTDOWN_SERVER = 0x00000002,
76  SAMR_ACCESS_INITIALIZE_SERVER = 0x00000004,
77  SAMR_ACCESS_CREATE_DOMAIN = 0x00000008,
78  SAMR_ACCESS_ENUM_DOMAINS = 0x00000010,
79  SAMR_ACCESS_LOOKUP_DOMAIN = 0x00000020
80  } samr_ConnectAccessMask;
81 
82  const int SAMR_ACCESS_ALL_ACCESS = 0x0000003F;
83 
84  const int GENERIC_RIGHTS_SAM_ALL_ACCESS =
85  (STANDARD_RIGHTS_REQUIRED_ACCESS |
86  SAMR_ACCESS_ALL_ACCESS);
87 
88  const int GENERIC_RIGHTS_SAM_READ =
89  (STANDARD_RIGHTS_READ_ACCESS |
90  SAMR_ACCESS_ENUM_DOMAINS);
91 
92  const int GENERIC_RIGHTS_SAM_WRITE =
93  (STANDARD_RIGHTS_WRITE_ACCESS |
94  SAMR_ACCESS_CREATE_DOMAIN |
95  SAMR_ACCESS_INITIALIZE_SERVER |
96  SAMR_ACCESS_SHUTDOWN_SERVER);
97 
98  const int GENERIC_RIGHTS_SAM_EXECUTE =
99  (STANDARD_RIGHTS_EXECUTE_ACCESS |
100  SAMR_ACCESS_LOOKUP_DOMAIN |
101  SAMR_ACCESS_CONNECT_TO_SERVER);
102 
103  /* User Object specific access rights */
104 
105  typedef [bitmap32bit] bitmap {
106  SAMR_USER_ACCESS_GET_NAME_ETC = 0x00000001,
107  SAMR_USER_ACCESS_GET_LOCALE = 0x00000002,
108  SAMR_USER_ACCESS_SET_LOC_COM = 0x00000004,
109  SAMR_USER_ACCESS_GET_LOGONINFO = 0x00000008,
110  SAMR_USER_ACCESS_GET_ATTRIBUTES = 0x00000010,
111  SAMR_USER_ACCESS_SET_ATTRIBUTES = 0x00000020,
112  SAMR_USER_ACCESS_CHANGE_PASSWORD = 0x00000040,
113  SAMR_USER_ACCESS_SET_PASSWORD = 0x00000080,
114  SAMR_USER_ACCESS_GET_GROUPS = 0x00000100,
115  SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP = 0x00000200,
116  SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400
117  } samr_UserAccessMask;
118 
119  typedef [bitmap32bit] bitmap {
120  SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001,
121  SAMR_DOMAIN_ACCESS_SET_INFO_1 = 0x00000002,
122  SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 = 0x00000004,
123  SAMR_DOMAIN_ACCESS_SET_INFO_2 = 0x00000008,
124  SAMR_DOMAIN_ACCESS_CREATE_USER = 0x00000010,
125  SAMR_DOMAIN_ACCESS_CREATE_GROUP = 0x00000020,
126  SAMR_DOMAIN_ACCESS_CREATE_ALIAS = 0x00000040,
127  SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS = 0x00000080,
128  SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS = 0x00000100,
129  SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT = 0x00000200,
130  SAMR_DOMAIN_ACCESS_SET_INFO_3 = 0x00000400
131  } samr_DomainAccessMask;
132 
133  typedef [bitmap32bit] bitmap {
134  SAMR_GROUP_ACCESS_LOOKUP_INFO = 0x00000001,
135  SAMR_GROUP_ACCESS_SET_INFO = 0x00000002,
136  SAMR_GROUP_ACCESS_ADD_MEMBER = 0x00000004,
137  SAMR_GROUP_ACCESS_REMOVE_MEMBER = 0x00000008,
138  SAMR_GROUP_ACCESS_GET_MEMBERS = 0x00000010
139  } samr_GroupAccessMask;
140  /* these bits are invalid and return ACCESS_DENIED */
141  const int SAMR_GROUP_ACCESS_MASK_INVALID = 0x0000ffe0;
142  /* generic access */
143  const int SAMR_GROUP_ACCESS_ALL_ACCESS = 0x000f001f;
144  const int SAMR_GROUP_ACCESS_ALL_READ = 0x00020010;
145  const int SAMR_GROUP_ACCESS_ALL_WRITE = 0x0002000e;
146  const int SAMR_GROUP_ACCESS_ALL_EXECUTE = 0x00020001;
147 
148  typedef [bitmap32bit] bitmap {
149  SAMR_ALIAS_ACCESS_ADD_MEMBER = 0x00000001,
150  SAMR_ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002,
151  SAMR_ALIAS_ACCESS_GET_MEMBERS = 0x00000004,
152  SAMR_ALIAS_ACCESS_LOOKUP_INFO = 0x00000008,
153  SAMR_ALIAS_ACCESS_SET_INFO = 0x00000010
154  } samr_AliasAccessMask;
155 
156  /******************/
157  /* Function: 0x00 */
158  NTSTATUS samr_Connect (
159  /* notice the lack of [string] */
160  [in,unique] uint16 *system_name,
161  [in] samr_ConnectAccessMask access_mask,
162  [out,ref] policy_handle *connect_handle
163  );
164 
165 
166  /******************/
167  /* Function: 0x01 */
168  [public] NTSTATUS samr_Close (
169  [in,out,ref] policy_handle *handle
170  );
171 
172  /******************/
173  /* Function: 0x02 */
174 
175  NTSTATUS samr_SetSecurity (
176  [in,ref] policy_handle *handle,
177  [in] security_secinfo sec_info,
178  [in,ref] sec_desc_buf *sdbuf
179  );
180 
181  /******************/
182  /* Function: 0x03 */
183 
184  NTSTATUS samr_QuerySecurity (
185  [in,ref] policy_handle *handle,
186  [in] security_secinfo sec_info,
187  [out,ref] sec_desc_buf **sdbuf
188  );
189 
190  /******************/
191  /* Function: 0x04 */
192 
193  /*
194  shutdown the SAM - once you call this the SAM will be dead
195  */
196  NTSTATUS samr_Shutdown (
197  [in,ref] policy_handle *connect_handle
198  );
199 
200  /******************/
201  /* Function: 0x05 */
202  NTSTATUS samr_LookupDomain (
203  [in,ref] policy_handle *connect_handle,
204  [in,ref] lsa_String *domain_name,
205  [out,ref] dom_sid2 **sid
206  );
207 
208 
209  /******************/
210  /* Function: 0x06 */
211 
212  typedef struct {
213  uint32 idx;
214  lsa_String name;
215  } samr_SamEntry;
216 
217  typedef struct {
218  uint32 count;
219  [size_is(count)] samr_SamEntry *entries;
220  } samr_SamArray;
221 
222  NTSTATUS samr_EnumDomains (
223  [in,ref] policy_handle *connect_handle,
224  [in,out,ref] uint32 *resume_handle,
225  [out,ref] samr_SamArray **sam,
226  [in] uint32 buf_size,
227  [out,ref] uint32 *num_entries
228  );
229 
230 
231  /************************/
232  /* Function 0x07 */
233  [public] NTSTATUS samr_OpenDomain(
234  [in,ref] policy_handle *connect_handle,
235  [in] samr_DomainAccessMask access_mask,
236  [in,ref] dom_sid2 *sid,
237  [out,ref] policy_handle *domain_handle
238  );
239 
240  /************************/
241  /* Function 0x08 */
242 
243  typedef enum {
244  DomainPasswordInformation = 1,
245  DomainGeneralInformation = 2,
246  DomainLogoffInformation = 3,
247  DomainOemInformation = 4,
248  DomainNameInformation = 5,
249  DomainReplicationInformation = 6,
250  DomainServerRoleInformation = 7,
251  DomainModifiedInformation = 8,
252  DomainStateInformation = 9,
253  DomainUasInformation = 10,
254  DomainGeneralInformation2 = 11,
255  DomainLockoutInformation = 12,
256  DomainModifiedInformation2 = 13
257  } samr_DomainInfoClass;
258 
259  /* server roles */
260  typedef [v1_enum] enum {
261  SAMR_ROLE_STANDALONE = 0,
262  SAMR_ROLE_DOMAIN_MEMBER = 1,
263  SAMR_ROLE_DOMAIN_BDC = 2,
264  SAMR_ROLE_DOMAIN_PDC = 3
265  } samr_Role;
266 
267  /* password properties flags */
268  typedef [public,bitmap32bit] bitmap {
269  DOMAIN_PASSWORD_COMPLEX = 0x00000001,
270  DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002,
271  DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004,
272  DOMAIN_PASSWORD_LOCKOUT_ADMINS = 0x00000008,
273  DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010,
274  DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020
275  } samr_PasswordProperties;
276 
277  typedef [v1_enum] enum {
278  DOMAIN_SERVER_ENABLED = 1,
279  DOMAIN_SERVER_DISABLED = 2
280  } samr_DomainServerState;
281 
282  typedef struct {
283  uint16 min_password_length;
284  uint16 password_history_length;
285  samr_PasswordProperties password_properties;
286  /* yes, these are signed. They are in negative 100ns */
287  dlong max_password_age;
288  dlong min_password_age;
289  } samr_DomInfo1;
290 
291  typedef struct {
292  NTTIME force_logoff_time;
293  lsa_String oem_information; /* comment */
294  lsa_String domain_name;
295  lsa_String primary; /* PDC name if this is a BDC */
296  udlong sequence_num;
297  samr_DomainServerState domain_server_state;
298  samr_Role role;
299  uint32 unknown3;
300  uint32 num_users;
301  uint32 num_groups;
302  uint32 num_aliases;
303  } samr_DomGeneralInformation;
304 
305  typedef struct {
306  NTTIME force_logoff_time;
307  } samr_DomInfo3;
308 
309  typedef struct {
310  lsa_String oem_information; /* comment */
311  } samr_DomOEMInformation;
312 
313  typedef struct {
314  lsa_String domain_name;
315  } samr_DomInfo5;
316 
317  typedef struct {
318  lsa_String primary;
319  } samr_DomInfo6;
320 
321  typedef struct {
322  samr_Role role;
323  } samr_DomInfo7;
324 
325  typedef struct {
326  hyper sequence_num;
327  NTTIME domain_create_time;
328  } samr_DomInfo8;
329 
330  typedef struct {
331  samr_DomainServerState domain_server_state;
332  } samr_DomInfo9;
333 
334  typedef struct {
335  samr_DomGeneralInformation general;
336  hyper lockout_duration;
337  hyper lockout_window;
338  uint16 lockout_threshold;
339  } samr_DomGeneralInformation2;
340 
341  typedef struct {
342  hyper lockout_duration;
343  hyper lockout_window;
344  uint16 lockout_threshold;
345  } samr_DomInfo12;
346 
347  typedef struct {
348  hyper sequence_num;
349  NTTIME domain_create_time;
350  hyper modified_count_at_last_promotion;
351  } samr_DomInfo13;
352 
353  typedef [switch_type(uint16)] union {
354  [case(1)] samr_DomInfo1 info1;
355  [case(2)] samr_DomGeneralInformation general;
356  [case(3)] samr_DomInfo3 info3;
357  [case(4)] samr_DomOEMInformation oem;
358  [case(5)] samr_DomInfo5 info5;
359  [case(6)] samr_DomInfo6 info6;
360  [case(7)] samr_DomInfo7 info7;
361  [case(8)] samr_DomInfo8 info8;
362  [case(9)] samr_DomInfo9 info9;
363  [case(11)] samr_DomGeneralInformation2 general2;
364  [case(12)] samr_DomInfo12 info12;
365  [case(13)] samr_DomInfo13 info13;
366  } samr_DomainInfo;
367 
368  NTSTATUS samr_QueryDomainInfo(
369  [in,ref] policy_handle *domain_handle,
370  [in] samr_DomainInfoClass level,
371  [out,ref,switch_is(level)] samr_DomainInfo **info
372  );
373 
374  /************************/
375  /* Function 0x09 */
376  /*
377  only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
378  call in w2k3
379  */
380  NTSTATUS samr_SetDomainInfo(
381  [in,ref] policy_handle *domain_handle,
382  [in] samr_DomainInfoClass level,
383  [in,switch_is(level),ref] samr_DomainInfo *info
384  );
385 
386 
387  /************************/
388  /* Function 0x0a */
389  NTSTATUS samr_CreateDomainGroup(
390  [in,ref] policy_handle *domain_handle,
391  [in,ref] lsa_String *name,
392  [in] samr_GroupAccessMask access_mask,
393  [out,ref] policy_handle *group_handle,
394  [out,ref] uint32 *rid
395  );
396 
397 
398  /************************/
399  /* Function 0x0b */
400  NTSTATUS samr_EnumDomainGroups(
401  [in] policy_handle *domain_handle,
402  [in,out,ref] uint32 *resume_handle,
403  [out,ref] samr_SamArray **sam,
404  [in] uint32 max_size,
405  [out,ref] uint32 *num_entries
406  );
407 
408  /************************/
409  /* Function 0x0c */
410  NTSTATUS samr_CreateUser(
411  [in,ref] policy_handle *domain_handle,
412  [in,ref] lsa_String *account_name,
413  [in] samr_UserAccessMask access_mask,
414  [out,ref] policy_handle *user_handle,
415  [out,ref] uint32 *rid
416  );
417 
418  /************************/
419  /* Function 0x0d */
420 
421 
422  /* w2k3 treats max_size as max_users*54 and sets the
423  resume_handle as the rid of the last user sent
424  */
425  const int SAMR_ENUM_USERS_MULTIPLIER = 54;
426 
427  NTSTATUS samr_EnumDomainUsers(
428  [in] policy_handle *domain_handle,
429  [in,out,ref] uint32 *resume_handle,
430  [in] samr_AcctFlags acct_flags,
431  [out,ref] samr_SamArray **sam,
432  [in] uint32 max_size,
433  [out,ref] uint32 *num_entries
434  );
435 
436  /************************/
437  /* Function 0x0e */
438  NTSTATUS samr_CreateDomAlias(
439  [in,ref] policy_handle *domain_handle,
440  [in,ref] lsa_String *alias_name,
441  [in] samr_AliasAccessMask access_mask,
442  [out,ref] policy_handle *alias_handle,
443  [out,ref] uint32 *rid
444  );
445 
446  /************************/
447  /* Function 0x0f */
448  NTSTATUS samr_EnumDomainAliases(
449  [in] policy_handle *domain_handle,
450  [in,out,ref] uint32 *resume_handle,
451  [out,ref] samr_SamArray **sam,
452  [in] uint32 max_size,
453  [out,ref] uint32 *num_entries
454  );
455 
456  /************************/
457  /* Function 0x10 */
458 
459  typedef struct {
460  [range(0,1024)] uint32 count;
461  [size_is(count)] uint32 *ids;
462  } samr_Ids;
463 
464  NTSTATUS samr_GetAliasMembership(
465  [in,ref] policy_handle *domain_handle,
466  [in,ref] lsa_SidArray *sids,
467  [out,ref] samr_Ids *rids
468  );
469 
470  /************************/
471  /* Function 0x11 */
472 
473  [public] NTSTATUS samr_LookupNames(
474  [in,ref] policy_handle *domain_handle,
475  [in,range(0,1000)] uint32 num_names,
476  [in,size_is(1000),length_is(num_names),ref] lsa_String *names,
477  [out,ref] samr_Ids *rids,
478  [out,ref] samr_Ids *types
479  );
480 
481 
482  /************************/
483  /* Function 0x12 */
484  NTSTATUS samr_LookupRids(
485  [in,ref] policy_handle *domain_handle,
486  [in,range(0,1000)] uint32 num_rids,
487  [in,size_is(1000),length_is(num_rids)] uint32 rids[],
488  [out,ref] lsa_Strings *names,
489  [out,ref] samr_Ids *types
490  );
491 
492  /************************/
493  /* Function 0x13 */
494  NTSTATUS samr_OpenGroup(
495  [in,ref] policy_handle *domain_handle,
496  [in] samr_GroupAccessMask access_mask,
497  [in] uint32 rid,
498  [out,ref] policy_handle *group_handle
499  );
500 
501  /* Group attributes */
502  typedef [public,bitmap32bit] bitmap {
503  SE_GROUP_MANDATORY = 0x00000001,
504  SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002,
505  SE_GROUP_ENABLED = 0x00000004,
506  SE_GROUP_OWNER = 0x00000008,
507  SE_GROUP_USE_FOR_DENY_ONLY = 0x00000010,
508  SE_GROUP_RESOURCE = 0x20000000,
509  SE_GROUP_LOGON_ID = 0xC0000000
510  } samr_GroupAttrs;
511 
512  /************************/
513  /* Function 0x14 */
514 
515  typedef struct {
516  lsa_String name;
517  samr_GroupAttrs attributes;
518  uint32 num_members;
519  lsa_String description;
520  } samr_GroupInfoAll;
521 
522  typedef struct {
523  samr_GroupAttrs attributes;
524  } samr_GroupInfoAttributes;
525 
526  typedef struct {
527  lsa_String description;
528  } samr_GroupInfoDescription;
529 
530  typedef enum {
531  GROUPINFOALL = 1,
532  GROUPINFONAME = 2,
533  GROUPINFOATTRIBUTES = 3,
534  GROUPINFODESCRIPTION = 4,
535  GROUPINFOALL2 = 5
536  } samr_GroupInfoEnum;
537 
538  typedef [switch_type(samr_GroupInfoEnum)] union {
539  [case(GROUPINFOALL)] samr_GroupInfoAll all;
540  [case(GROUPINFONAME)] lsa_String name;
541  [case(GROUPINFOATTRIBUTES)] samr_GroupInfoAttributes attributes;
542  [case(GROUPINFODESCRIPTION)] lsa_String description;
543  [case(GROUPINFOALL2)] samr_GroupInfoAll all2;
544  } samr_GroupInfo;
545 
546  NTSTATUS samr_QueryGroupInfo(
547  [in,ref] policy_handle *group_handle,
548  [in] samr_GroupInfoEnum level,
549  [out,ref,switch_is(level)] samr_GroupInfo **info
550  );
551 
552  /************************/
553  /* Function 0x15 */
554  NTSTATUS samr_SetGroupInfo(
555  [in,ref] policy_handle *group_handle,
556  [in] samr_GroupInfoEnum level,
557  [in,switch_is(level),ref] samr_GroupInfo *info
558  );
559 
560  /************************/
561  /* Function 0x16 */
562  NTSTATUS samr_AddGroupMember(
563  [in,ref] policy_handle *group_handle,
564  [in] uint32 rid,
565  [in] uint32 flags
566  );
567 
568  /************************/
569  /* Function 0x17 */
570  NTSTATUS samr_DeleteDomainGroup(
571  [in,out,ref] policy_handle *group_handle
572  );
573 
574  /************************/
575  /* Function 0x18 */
576  NTSTATUS samr_DeleteGroupMember(
577  [in,ref] policy_handle *group_handle,
578  [in] uint32 rid
579  );
580 
581 
582  /************************/
583  /* Function 0x19 */
584  typedef struct {
585  uint32 count;
586  [size_is(count)] uint32 *rids;
587  [size_is(count)] uint32 *types;
588  } samr_RidTypeArray;
589 
590  NTSTATUS samr_QueryGroupMember(
591  [in,ref] policy_handle *group_handle,
592  [out,ref] samr_RidTypeArray **rids
593  );
594 
595 
596  /************************/
597  /* Function 0x1a */
598 
599  /*
600  win2003 seems to accept any data at all for the two integers
601  below, and doesn't seem to do anything with them that I can
602  see. Weird. I really expected the first integer to be a rid
603  and the second to be the attributes for that rid member.
604  */
605  NTSTATUS samr_SetMemberAttributesOfGroup(
606  [in,ref] policy_handle *group_handle,
607  [in] uint32 unknown1,
608  [in] uint32 unknown2
609  );
610 
611 
612  /************************/
613  /* Function 0x1b */
614  NTSTATUS samr_OpenAlias (
615  [in,ref] policy_handle *domain_handle,
616  [in] samr_AliasAccessMask access_mask,
617  [in] uint32 rid,
618  [out,ref] policy_handle *alias_handle
619  );
620 
621 
622  /************************/
623  /* Function 0x1c */
624 
625  typedef struct {
626  lsa_String name;
627  uint32 num_members;
628  lsa_String description;
629  } samr_AliasInfoAll;
630 
631  typedef enum {
632  ALIASINFOALL = 1,
633  ALIASINFONAME = 2,
634  ALIASINFODESCRIPTION = 3
635  } samr_AliasInfoEnum;
636 
637  typedef [switch_type(samr_AliasInfoEnum)] union {
638  [case(ALIASINFOALL)] samr_AliasInfoAll all;
639  [case(ALIASINFONAME)] lsa_String name;
640  [case(ALIASINFODESCRIPTION)] lsa_String description;
641  } samr_AliasInfo;
642 
643  NTSTATUS samr_QueryAliasInfo(
644  [in,ref] policy_handle *alias_handle,
645  [in] samr_AliasInfoEnum level,
646  [out,ref,switch_is(level)] samr_AliasInfo **info
647  );
648 
649  /************************/
650  /* Function 0x1d */
651  NTSTATUS samr_SetAliasInfo(
652  [in,ref] policy_handle *alias_handle,
653  [in] samr_AliasInfoEnum level,
654  [in,switch_is(level),ref] samr_AliasInfo *info
655  );
656 
657  /************************/
658  /* Function 0x1e */
659  NTSTATUS samr_DeleteDomAlias(
660  [in,out,ref] policy_handle *alias_handle
661  );
662 
663  /************************/
664  /* Function 0x1f */
665  NTSTATUS samr_AddAliasMember(
666  [in,ref] policy_handle *alias_handle,
667  [in,ref] dom_sid2 *sid
668  );
669 
670  /************************/
671  /* Function 0x20 */
672  NTSTATUS samr_DeleteAliasMember(
673  [in,ref] policy_handle *alias_handle,
674  [in,ref] dom_sid2 *sid
675  );
676 
677  /************************/
678  /* Function 0x21 */
679  NTSTATUS samr_GetMembersInAlias(
680  [in,ref] policy_handle *alias_handle,
681  [out,ref] lsa_SidArray *sids
682  );
683 
684  /************************/
685  /* Function 0x22 */
686  [public] NTSTATUS samr_OpenUser(
687  [in,ref] policy_handle *domain_handle,
688  [in] samr_UserAccessMask access_mask,
689  [in] uint32 rid,
690  [out,ref] policy_handle *user_handle
691  );
692 
693  /************************/
694  /* Function 0x23 */
695  NTSTATUS samr_DeleteUser(
696  [in,out,ref] policy_handle *user_handle
697  );
698 
699  /************************/
700  /* Function 0x24 */
701 
702  typedef enum {
703  UserGeneralInformation = 1,
704  UserPreferencesInformation = 2,
705  UserLogonInformation = 3,
706  UserLogonHoursInformation = 4,
707  UserAccountInformation = 5,
708  UserNameInformation = 6,
709  UserAccountNameInformation = 7,
710  UserFullNameInformation = 8,
711  UserPrimaryGroupInformation = 9,
712  UserHomeInformation = 10,
713  UserScriptInformation = 11,
714  UserProfileInformation = 12,
715  UserAdminCommentInformation = 13,
716  UserWorkStationsInformation = 14,
717  UserControlInformation = 16,
718  UserExpiresInformation = 17,
719  UserInternal1Information = 18,
720  UserParametersInformation = 20,
721  UserAllInformation = 21,
722  UserInternal4Information = 23,
723  UserInternal5Information = 24,
724  UserInternal4InformationNew = 25,
725  UserInternal5InformationNew = 26
726  } samr_UserInfoLevel;
727 
728  typedef struct {
729  lsa_String account_name;
730  lsa_String full_name;
731  uint32 primary_gid;
732  lsa_String description;
733  lsa_String comment;
734  } samr_UserInfo1;
735 
736  typedef struct {
737  lsa_String comment;
738  lsa_String unknown; /* settable, but doesn't stick. probably obsolete */
739  uint16 country_code;
740  uint16 code_page;
741  } samr_UserInfo2;
742 
743  /* this is also used in samr and netlogon */
744  typedef [public, flag(NDR_PAHEX)] struct {
745  uint16 units_per_week;
746  [size_is(1260), length_is(units_per_week/8)] uint8 *bits;
747  } samr_LogonHours;
748 
749  typedef struct {
750  lsa_String account_name;
751  lsa_String full_name;
752  uint32 rid;
753  uint32 primary_gid;
754  lsa_String home_directory;
755  lsa_String home_drive;
756  lsa_String logon_script;
757  lsa_String profile_path;
758  lsa_String workstations;
759  NTTIME last_logon;
760  NTTIME last_logoff;
761  NTTIME last_password_change;
762  NTTIME allow_password_change;
763  NTTIME force_password_change;
764  samr_LogonHours logon_hours;
765  uint16 bad_password_count;
766  uint16 logon_count;
767  samr_AcctFlags acct_flags;
768  } samr_UserInfo3;
769 
770  typedef struct {
771  samr_LogonHours logon_hours;
772  } samr_UserInfo4;
773 
774  typedef struct {
775  lsa_String account_name;
776  lsa_String full_name;
777  uint32 rid;
778  uint32 primary_gid;
779  lsa_String home_directory;
780  lsa_String home_drive;
781  lsa_String logon_script;
782  lsa_String profile_path;
783  lsa_String description;
784  lsa_String workstations;
785  NTTIME last_logon;
786  NTTIME last_logoff;
787  samr_LogonHours logon_hours;
788  uint16 bad_password_count;
789  uint16 logon_count;
790  NTTIME last_password_change;
791  NTTIME acct_expiry;
792  samr_AcctFlags acct_flags;
793  } samr_UserInfo5;
794 
795  typedef struct {
796  lsa_String account_name;
797  lsa_String full_name;
798  } samr_UserInfo6;
799 
800  typedef struct {
801  lsa_String account_name;
802  } samr_UserInfo7;
803 
804  typedef struct {
805  lsa_String full_name;
806  } samr_UserInfo8;
807 
808  typedef struct {
809  uint32 primary_gid;
810  } samr_UserInfo9;
811 
812  typedef struct {
813  lsa_String home_directory;
814  lsa_String home_drive;
815  } samr_UserInfo10;
816 
817  typedef struct {
818  lsa_String logon_script;
819  } samr_UserInfo11;
820 
821  typedef struct {
822  lsa_String profile_path;
823  } samr_UserInfo12;
824 
825  typedef struct {
826  lsa_String description;
827  } samr_UserInfo13;
828 
829  typedef struct {
830  lsa_String workstations;
831  } samr_UserInfo14;
832 
833  typedef struct {
834  samr_AcctFlags acct_flags;
835  } samr_UserInfo16;
836 
837  typedef struct {
838  NTTIME acct_expiry;
839  } samr_UserInfo17;
840 
841  typedef [public, flag(NDR_PAHEX)] struct {
842  uint8 hash[16];
843  } samr_Password;
844 
845  typedef struct {
846  samr_Password nt_pwd;
847  samr_Password lm_pwd;
848  boolean8 nt_pwd_active;
849  boolean8 lm_pwd_active;
850  uint8 password_expired;
851  } samr_UserInfo18;
852 
853  typedef struct {
854  lsa_String parameters;
855  } samr_UserInfo20;
856 
857  /* this defines the bits used for fields_present in info21 */
858  typedef [bitmap32bit] bitmap {
859  SAMR_FIELD_ACCOUNT_NAME = 0x00000001,
860  SAMR_FIELD_FULL_NAME = 0x00000002,
861  SAMR_FIELD_RID = 0x00000004,
862  SAMR_FIELD_PRIMARY_GID = 0x00000008,
863  SAMR_FIELD_DESCRIPTION = 0x00000010,
864  SAMR_FIELD_COMMENT = 0x00000020,
865  SAMR_FIELD_HOME_DIRECTORY = 0x00000040,
866  SAMR_FIELD_HOME_DRIVE = 0x00000080,
867  SAMR_FIELD_LOGON_SCRIPT = 0x00000100,
868  SAMR_FIELD_PROFILE_PATH = 0x00000200,
869  SAMR_FIELD_WORKSTATIONS = 0x00000400,
870  SAMR_FIELD_LAST_LOGON = 0x00000800,
871  SAMR_FIELD_LAST_LOGOFF = 0x00001000,
872  SAMR_FIELD_LOGON_HOURS = 0x00002000,
873  SAMR_FIELD_BAD_PWD_COUNT = 0x00004000,
874  SAMR_FIELD_NUM_LOGONS = 0x00008000,
875  SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000,
876  SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000,
877  SAMR_FIELD_LAST_PWD_CHANGE = 0x00040000,
878  SAMR_FIELD_ACCT_EXPIRY = 0x00080000,
879  SAMR_FIELD_ACCT_FLAGS = 0x00100000,
880  SAMR_FIELD_PARAMETERS = 0x00200000,
881  SAMR_FIELD_COUNTRY_CODE = 0x00400000,
882  SAMR_FIELD_CODE_PAGE = 0x00800000,
883  SAMR_FIELD_NT_PASSWORD_PRESENT = 0x01000000, /* either of these */
884  SAMR_FIELD_LM_PASSWORD_PRESENT = 0x02000000, /* two bits seems to work */
885  SAMR_FIELD_PRIVATE_DATA = 0x04000000,
886  SAMR_FIELD_EXPIRED_FLAG = 0x08000000,
887  SAMR_FIELD_SEC_DESC = 0x10000000,
888  SAMR_FIELD_OWF_PWD = 0x20000000
889  } samr_FieldsPresent;
890 
891  /* used for 'password_expired' in samr_UserInfo21 */
892  const int PASS_MUST_CHANGE_AT_NEXT_LOGON = 0x01;
893  const int PASS_DONT_CHANGE_AT_NEXT_LOGON = 0x00;
894 
895  typedef struct {
896  NTTIME last_logon;
897  NTTIME last_logoff;
898  NTTIME last_password_change;
899  NTTIME acct_expiry;
900  NTTIME allow_password_change;
901  NTTIME force_password_change;
902  lsa_String account_name;
903  lsa_String full_name;
904  lsa_String home_directory;
905  lsa_String home_drive;
906  lsa_String logon_script;
907  lsa_String profile_path;
908  lsa_String description;
909  lsa_String workstations;
910  lsa_String comment;
911  lsa_String parameters;
912  lsa_String lm_password;
913  lsa_String nt_password;
914  lsa_String private;
915  uint32 buf_count;
916  [size_is(buf_count)] uint8 *buffer;
917  uint32 rid;
918  uint32 primary_gid;
919  samr_AcctFlags acct_flags;
920  samr_FieldsPresent fields_present;
921  samr_LogonHours logon_hours;
922  uint16 bad_password_count;
923  uint16 logon_count;
924  uint16 country_code;
925  uint16 code_page;
926  uint8 lm_password_set;
927  uint8 nt_password_set;
928  uint8 password_expired;
929  uint8 unknown4;
930  } samr_UserInfo21;
931 
932  typedef [public, flag(NDR_PAHEX)] struct {
933  uint8 data[516];
934  } samr_CryptPassword;
935 
936  typedef struct {
937  samr_UserInfo21 info;
938  samr_CryptPassword password;
939  } samr_UserInfo23;
940 
941  typedef struct {
942  samr_CryptPassword password;
943  uint8 password_expired;
944  } samr_UserInfo24;
945 
946  typedef [flag(NDR_PAHEX)] struct {
947  uint8 data[532];
948  } samr_CryptPasswordEx;
949 
950  typedef struct {
951  samr_UserInfo21 info;
952  samr_CryptPasswordEx password;
953  } samr_UserInfo25;
954 
955  typedef struct {
956  samr_CryptPasswordEx password;
957  uint8 password_expired;
958  } samr_UserInfo26;
959 
960  typedef [switch_type(uint16)] union {
961  [case(1)] samr_UserInfo1 info1;
962  [case(2)] samr_UserInfo2 info2;
963  [case(3)] samr_UserInfo3 info3;
964  [case(4)] samr_UserInfo4 info4;
965  [case(5)] samr_UserInfo5 info5;
966  [case(6)] samr_UserInfo6 info6;
967  [case(7)] samr_UserInfo7 info7;
968  [case(8)] samr_UserInfo8 info8;
969  [case(9)] samr_UserInfo9 info9;
970  [case(10)] samr_UserInfo10 info10;
971  [case(11)] samr_UserInfo11 info11;
972  [case(12)] samr_UserInfo12 info12;
973  [case(13)] samr_UserInfo13 info13;
974  [case(14)] samr_UserInfo14 info14;
975  [case(16)] samr_UserInfo16 info16;
976  [case(17)] samr_UserInfo17 info17;
977  [case(18)] samr_UserInfo18 info18;
978  [case(20)] samr_UserInfo20 info20;
979  [case(21)] samr_UserInfo21 info21;
980  [case(23)] samr_UserInfo23 info23;
981  [case(24)] samr_UserInfo24 info24;
982  [case(25)] samr_UserInfo25 info25;
983  [case(26)] samr_UserInfo26 info26;
984  } samr_UserInfo;
985 
986  [public] NTSTATUS samr_QueryUserInfo(
987  [in,ref] policy_handle *user_handle,
988  [in] samr_UserInfoLevel level,
989  [out,ref,switch_is(level)] samr_UserInfo **info
990  );
991 
992 
993  /************************/
994  /* Function 0x25 */
995  [public] NTSTATUS samr_SetUserInfo(
996  [in,ref] policy_handle *user_handle,
997  [in] samr_UserInfoLevel level,
998  [in,ref,switch_is(level)] samr_UserInfo *info
999  );
1000 
1001  /************************/
1002  /* Function 0x26 */
1003  /*
1004  this is a password change interface that doesn't give
1005  the server the plaintext password. Depricated.
1006  */
1007  NTSTATUS samr_ChangePasswordUser(
1008  [in,ref] policy_handle *user_handle,
1009  [in] boolean8 lm_present,
1010  [in,unique] samr_Password *old_lm_crypted,
1011  [in,unique] samr_Password *new_lm_crypted,
1012  [in] boolean8 nt_present,
1013  [in,unique] samr_Password *old_nt_crypted,
1014  [in,unique] samr_Password *new_nt_crypted,
1015  [in] boolean8 cross1_present,
1016  [in,unique] samr_Password *nt_cross,
1017  [in] boolean8 cross2_present,
1018  [in,unique] samr_Password *lm_cross
1019  );
1020 
1021  /************************/
1022  /* Function 0x27 */
1023 
1024  typedef [public] struct {
1025  uint32 rid;
1026  samr_GroupAttrs attributes;
1027  } samr_RidWithAttribute;
1028 
1029  typedef [public] struct {
1030  uint32 count;
1031  [size_is(count)] samr_RidWithAttribute *rids;
1032  } samr_RidWithAttributeArray;
1033 
1034  NTSTATUS samr_GetGroupsForUser(
1035  [in,ref] policy_handle *user_handle,
1036  [out,ref] samr_RidWithAttributeArray **rids
1037  );
1038 
1039  /************************/
1040  /* Function 0x28 */
1041 
1042  typedef struct {
1043  uint32 idx;
1044  uint32 rid;
1045  samr_AcctFlags acct_flags;
1046  lsa_String account_name;
1047  lsa_String description;
1048  lsa_String full_name;
1049  } samr_DispEntryGeneral;
1050 
1051  typedef struct {
1052  uint32 count;
1053  [size_is(count)] samr_DispEntryGeneral *entries;
1054  } samr_DispInfoGeneral;
1055 
1056  typedef struct {
1057  uint32 idx;
1058  uint32 rid;
1059  samr_AcctFlags acct_flags;
1060  lsa_String account_name;
1061  lsa_String description;
1062  } samr_DispEntryFull;
1063 
1064  typedef struct {
1065  uint32 count;
1066  [size_is(count)] samr_DispEntryFull *entries;
1067  } samr_DispInfoFull;
1068 
1069  typedef struct {
1070  uint32 idx;
1071  uint32 rid;
1072  samr_GroupAttrs acct_flags;
1073  lsa_String account_name;
1074  lsa_String description;
1075  } samr_DispEntryFullGroup;
1076 
1077  typedef struct {
1078  uint32 count;
1079  [size_is(count)] samr_DispEntryFullGroup *entries;
1080  } samr_DispInfoFullGroups;
1081 
1082  typedef struct {
1083  uint32 idx;
1084  lsa_AsciiStringLarge account_name;
1085  } samr_DispEntryAscii;
1086 
1087  typedef struct {
1088  uint32 count;
1089  [size_is(count)] samr_DispEntryAscii *entries;
1090  } samr_DispInfoAscii;
1091 
1092  typedef enum {
1093  SAMR_DOMAIN_DISPLAY_USER = 1,
1094  SAMR_DOMAIN_DISPLAY_MACHINE = 2,
1095  SAMR_DOMAIN_DISPLAY_GROUP = 3,
1096  SAMR_DOMAIN_DISPLAY_OEM_USER = 4,
1097  SAMR_DOMAIN_DISPLAY_OEM_GROUP = 5
1098  } samr_DomainDisplayInformation;
1099 
1100  typedef [switch_type(uint16)] union {
1101  [case(SAMR_DOMAIN_DISPLAY_USER)] samr_DispInfoGeneral info1;/* users */
1102  [case(SAMR_DOMAIN_DISPLAY_MACHINE)] samr_DispInfoFull info2; /* trust accounts? */
1103  [case(SAMR_DOMAIN_DISPLAY_GROUP)] samr_DispInfoFullGroups info3; /* groups */
1104  [case(SAMR_DOMAIN_DISPLAY_OEM_USER)] samr_DispInfoAscii info4; /* users */
1105  [case(SAMR_DOMAIN_DISPLAY_OEM_GROUP)] samr_DispInfoAscii info5; /* groups */
1106  } samr_DispInfo;
1107 
1108  NTSTATUS samr_QueryDisplayInfo(
1109  [in,ref] policy_handle *domain_handle,
1110  [in] samr_DomainDisplayInformation level,
1111  [in] uint32 start_idx,
1112  [in] uint32 max_entries,
1113  [in] uint32 buf_size,
1114  [out,ref] uint32 *total_size,
1115  [out,ref] uint32 *returned_size,
1116  [out,ref,switch_is(level)] samr_DispInfo *info
1117  );
1118 
1119 
1120  /************************/
1121  /* Function 0x29 */
1122 
1123  /*
1124  this seems to be an alphabetic search function. The returned index
1125  is the index for samr_QueryDisplayInfo needed to get names occurring
1126  after the specified name. The supplied name does not need to exist
1127  in the database (for example you can supply just a first letter for
1128  searching starting at that letter)
1129 
1130  The level corresponds to the samr_QueryDisplayInfo level
1131  */
1132  NTSTATUS samr_GetDisplayEnumerationIndex(
1133  [in,ref] policy_handle *domain_handle,
1134  [in] uint16 level,
1135  [in,ref] lsa_String *name,
1136  [out,ref] uint32 *idx
1137  );
1138 
1139 
1140 
1141  /************************/
1142  /* Function 0x2a */
1143 
1144  /*
1145  w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
1146  */
1147  NTSTATUS samr_TestPrivateFunctionsDomain(
1148  [in,ref] policy_handle *domain_handle
1149  );
1150 
1151 
1152  /************************/
1153  /* Function 0x2b */
1154 
1155  /*
1156  w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
1157  */
1158  NTSTATUS samr_TestPrivateFunctionsUser(
1159  [in,ref] policy_handle *user_handle
1160  );
1161 
1162 
1163  /************************/
1164  /* Function 0x2c */
1165 
1166  typedef struct {
1167  uint16 min_password_length;
1168  samr_PasswordProperties password_properties;
1169  } samr_PwInfo;
1170 
1171  [public] NTSTATUS samr_GetUserPwInfo(
1172  [in,ref] policy_handle *user_handle,
1173  [out,ref] samr_PwInfo *info
1174  );
1175 
1176  /************************/
1177  /* Function 0x2d */
1178  NTSTATUS samr_RemoveMemberFromForeignDomain(
1179  [in,ref] policy_handle *domain_handle,
1180  [in,ref] dom_sid2 *sid
1181  );
1182 
1183  /************************/
1184  /* Function 0x2e */
1185 
1186  /*
1187  how is this different from QueryDomainInfo ??
1188  */
1189  NTSTATUS samr_QueryDomainInfo2(
1190  [in,ref] policy_handle *domain_handle,
1191  [in] samr_DomainInfoClass level,
1192  [out,ref,switch_is(level)] samr_DomainInfo **info
1193  );
1194 
1195  /************************/
1196  /* Function 0x2f */
1197 
1198  /*
1199  how is this different from QueryUserInfo ??
1200  */
1201  NTSTATUS samr_QueryUserInfo2(
1202  [in,ref] policy_handle *user_handle,
1203  [in] samr_UserInfoLevel level,
1204  [out,ref,switch_is(level)] samr_UserInfo **info
1205  );
1206 
1207  /************************/
1208  /* Function 0x30 */
1209 
1210  /*
1211  how is this different from QueryDisplayInfo??
1212  */
1213  NTSTATUS samr_QueryDisplayInfo2(
1214  [in,ref] policy_handle *domain_handle,
1215  [in] samr_DomainDisplayInformation level,
1216  [in] uint32 start_idx,
1217  [in] uint32 max_entries,
1218  [in] uint32 buf_size,
1219  [out,ref] uint32 *total_size,
1220  [out,ref] uint32 *returned_size,
1221  [out,ref,switch_is(level)] samr_DispInfo *info
1222  );
1223 
1224  /************************/
1225  /* Function 0x31 */
1226 
1227  /*
1228  how is this different from GetDisplayEnumerationIndex ??
1229  */
1230  NTSTATUS samr_GetDisplayEnumerationIndex2(
1231  [in,ref] policy_handle *domain_handle,
1232  [in] samr_DomainDisplayInformation level,
1233  [in,ref] lsa_String *name,
1234  [out,ref] uint32 *idx
1235  );
1236 
1237 
1238  /************************/
1239  /* Function 0x32 */
1240  NTSTATUS samr_CreateUser2(
1241  [in,ref] policy_handle *domain_handle,
1242  [in,ref] lsa_String *account_name,
1243  [in] samr_AcctFlags acct_flags,
1244  [in] samr_UserAccessMask access_mask,
1245  [out,ref] policy_handle *user_handle,
1246  [out,ref] uint32 *access_granted,
1247  [out,ref] uint32 *rid
1248  );
1249 
1250 
1251  /************************/
1252  /* Function 0x33 */
1253 
1254  /*
1255  another duplicate. There must be a reason ....
1256  */
1257  NTSTATUS samr_QueryDisplayInfo3(
1258  [in,ref] policy_handle *domain_handle,
1259  [in] samr_DomainDisplayInformation level,
1260  [in] uint32 start_idx,
1261  [in] uint32 max_entries,
1262  [in] uint32 buf_size,
1263  [out,ref] uint32 *total_size,
1264  [out,ref] uint32 *returned_size,
1265  [out,ref,switch_is(level)] samr_DispInfo *info
1266  );
1267 
1268  /************************/
1269  /* Function 0x34 */
1270  NTSTATUS samr_AddMultipleMembersToAlias(
1271  [in,ref] policy_handle *alias_handle,
1272  [in,ref] lsa_SidArray *sids
1273  );
1274 
1275  /************************/
1276  /* Function 0x35 */
1277  NTSTATUS samr_RemoveMultipleMembersFromAlias(
1278  [in,ref] policy_handle *alias_handle,
1279  [in,ref] lsa_SidArray *sids
1280  );
1281 
1282  /************************/
1283  /* Function 0x36 */
1284 
1285  NTSTATUS samr_OemChangePasswordUser2(
1286  [in,unique] lsa_AsciiString *server,
1287  [in,ref] lsa_AsciiString *account,
1288  [in,unique] samr_CryptPassword *password,
1289  [in,unique] samr_Password *hash
1290  );
1291 
1292  /************************/
1293  /* Function 0x37 */
1294  NTSTATUS samr_ChangePasswordUser2(
1295  [in,unique] lsa_String *server,
1296  [in,ref] lsa_String *account,
1297  [in,unique] samr_CryptPassword *nt_password,
1298  [in,unique] samr_Password *nt_verifier,
1299  [in] boolean8 lm_change,
1300  [in,unique] samr_CryptPassword *lm_password,
1301  [in,unique] samr_Password *lm_verifier
1302  );
1303 
1304  /************************/
1305  /* Function 0x38 */
1306  NTSTATUS samr_GetDomPwInfo(
1307  [in,unique] lsa_String *domain_name,
1308  [out,ref] samr_PwInfo *info
1309  );
1310 
1311  /************************/
1312  /* Function 0x39 */
1313  NTSTATUS samr_Connect2(
1314  [in,unique,string,charset(UTF16)] uint16 *system_name,
1315  [in] samr_ConnectAccessMask access_mask,
1316  [out,ref] policy_handle *connect_handle
1317  );
1318 
1319  /************************/
1320  /* Function 0x3a */
1321  /*
1322  seems to be an exact alias for samr_SetUserInfo()
1323  */
1324  [public] NTSTATUS samr_SetUserInfo2(
1325  [in,ref] policy_handle *user_handle,
1326  [in] samr_UserInfoLevel level,
1327  [in,ref,switch_is(level)] samr_UserInfo *info
1328  );
1329 
1330  /************************/
1331  /* Function 0x3b */
1332  /*
1333  this one is mysterious. I have a few guesses, but nothing working yet
1334  */
1335  NTSTATUS samr_SetBootKeyInformation(
1336  [in,ref] policy_handle *connect_handle,
1337  [in] uint32 unknown1,
1338  [in] uint32 unknown2,
1339  [in] uint32 unknown3
1340  );
1341 
1342  /************************/
1343  /* Function 0x3c */
1344  NTSTATUS samr_GetBootKeyInformation(
1345  [in,ref] policy_handle *domain_handle,
1346  [out,ref] uint32 *unknown
1347  );
1348 
1349  /************************/
1350  /* Function 0x3d */
1351  NTSTATUS samr_Connect3(
1352  [in,unique,string,charset(UTF16)] uint16 *system_name,
1353  /* this unknown value seems to be completely ignored by w2k3 */
1354  [in] uint32 unknown,
1355  [in] samr_ConnectAccessMask access_mask,
1356  [out,ref] policy_handle *connect_handle
1357  );
1358 
1359  /************************/
1360  /* Function 0x3e */
1361 
1362  typedef [v1_enum] enum {
1363  SAMR_CONNECT_PRE_W2K = 1,
1364  SAMR_CONNECT_W2K = 2,
1365  SAMR_CONNECT_AFTER_W2K = 3
1366  } samr_ConnectVersion;
1367 
1368  NTSTATUS samr_Connect4(
1369  [in,unique,string,charset(UTF16)] uint16 *system_name,
1370  [in] samr_ConnectVersion client_version,
1371  [in] samr_ConnectAccessMask access_mask,
1372  [out,ref] policy_handle *connect_handle
1373  );
1374 
1375  /************************/
1376  /* Function 0x3f */
1377 
1378  typedef struct {
1379  samr_RejectReason reason;
1380  uint32 unknown1;
1381  uint32 unknown2;
1382  } samr_ChangeReject;
1383 
1384  NTSTATUS samr_ChangePasswordUser3(
1385  [in,unique] lsa_String *server,
1386  [in,ref] lsa_String *account,
1387  [in,unique] samr_CryptPassword *nt_password,
1388  [in,unique] samr_Password *nt_verifier,
1389  [in] boolean8 lm_change,
1390  [in,unique] samr_CryptPassword *lm_password,
1391  [in,unique] samr_Password *lm_verifier,
1392  [in,unique] samr_CryptPassword *password3,
1393  [out,ref] samr_DomInfo1 **dominfo,
1394  [out,ref] samr_ChangeReject **reject
1395  );
1396 
1397  /************************/
1398  /* Function 0x40 */
1399 
1400  typedef struct {
1401  samr_ConnectVersion client_version; /* w2k3 gives 3 */
1402  uint32 unknown2; /* w2k3 gives 0 */
1403  } samr_ConnectInfo1;
1404 
1405  typedef union {
1406  [case(1)] samr_ConnectInfo1 info1;
1407  } samr_ConnectInfo;
1408 
1409  [public] NTSTATUS samr_Connect5(
1410  [in,unique,string,charset(UTF16)] uint16 *system_name,
1411  [in] samr_ConnectAccessMask access_mask,
1412  [in] uint32 level_in,
1413  [in,ref,switch_is(level_in)] samr_ConnectInfo *info_in,
1414  [out,ref] uint32 *level_out,
1415  [out,ref,switch_is(*level_out)] samr_ConnectInfo *info_out,
1416  [out,ref] policy_handle *connect_handle
1417  );
1418 
1419  /************************/
1420  /* Function 0x41 */
1421  NTSTATUS samr_RidToSid(
1422  [in,ref] policy_handle *domain_handle,
1423  [in] uint32 rid,
1424  [out,ref] dom_sid2 **sid
1425  );
1426 
1427  /************************/
1428  /* Function 0x42 */
1429 
1430  /*
1431  this should set the DSRM password for the server, which is used
1432  when booting into Directory Services Recovery Mode on a DC. Win2003
1433  gives me NT_STATUS_NOT_SUPPORTED
1434  */
1435 
1436  NTSTATUS samr_SetDsrmPassword(
1437  [in,unique] lsa_String *name,
1438  [in] uint32 unknown,
1439  [in,unique] samr_Password *hash
1440  );
1441 
1442 
1443  /************************/
1444  /* Function 0x43 */
1445  /************************/
1446  typedef [bitmap32bit] bitmap {
1447  SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET = 0x00000001,
1448  SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME = 0x00000002,
1449  SAMR_VALIDATE_FIELD_LOCKOUT_TIME = 0x00000004,
1450  SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT = 0x00000008,
1451  SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH = 0x00000010,
1452  SAMR_VALIDATE_FIELD_PASSWORD_HISTORY = 0x00000020
1453  } samr_ValidateFieldsPresent;
1454 
1455  typedef enum {
1456  NetValidateAuthentication = 1,
1457  NetValidatePasswordChange= 2,
1458  NetValidatePasswordReset = 3
1459  } samr_ValidatePasswordLevel;
1460 
1461  /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't
1462  * identified the mapping of
1463  * - NERR_PasswordFilterError
1464  * - NERR_PasswordExpired and
1465  * - NERR_PasswordCantChange
1466  * yet - Guenther
1467  */
1468 
1469  typedef enum {
1470  SAMR_VALIDATION_STATUS_SUCCESS = 0,
1471  SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1,
1472  SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2,
1473  SAMR_VALIDATION_STATUS_PASSWORD_EXPIRED = 3,
1474  SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4,
1475  SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5,
1476  SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6,
1477  SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7,
1478  SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8,
1479  SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9,
1480  SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR = 10
1481  } samr_ValidationStatus;
1482 
1483  typedef struct {
1484  uint32 length;
1485  [size_is(length)] uint8 *data;
1486  } samr_ValidationBlob;
1487 
1488  typedef struct {
1489  samr_ValidateFieldsPresent fields_present;
1490  NTTIME_hyper last_password_change;
1491  NTTIME_hyper bad_password_time;
1492  NTTIME_hyper lockout_time;
1493  uint32 bad_pwd_count;
1494  uint32 pwd_history_len;
1495  [size_is(pwd_history_len)] samr_ValidationBlob *pwd_history;
1496  } samr_ValidatePasswordInfo;
1497 
1498  typedef struct {
1499  samr_ValidatePasswordInfo info;
1500  samr_ValidationStatus status;
1501  } samr_ValidatePasswordRepCtr;
1502 
1503  typedef [switch_type(uint16)] union {
1504  [case(1)] samr_ValidatePasswordRepCtr ctr1;
1505  [case(2)] samr_ValidatePasswordRepCtr ctr2;
1506  [case(3)] samr_ValidatePasswordRepCtr ctr3;
1507  } samr_ValidatePasswordRep;
1508 
1509  typedef struct {
1510  samr_ValidatePasswordInfo info;
1511  lsa_StringLarge password;
1512  lsa_StringLarge account;
1513  samr_ValidationBlob hash;
1514  boolean8 pwd_must_change_at_next_logon;
1515  boolean8 clear_lockout;
1516  } samr_ValidatePasswordReq3;
1517 
1518  typedef struct {
1519  samr_ValidatePasswordInfo info;
1520  lsa_StringLarge password;
1521  lsa_StringLarge account;
1522  samr_ValidationBlob hash;
1523  boolean8 password_matched;
1524  } samr_ValidatePasswordReq2;
1525 
1526  typedef struct {
1527  samr_ValidatePasswordInfo info;
1528  boolean8 password_matched;
1529  } samr_ValidatePasswordReq1;
1530 
1531  typedef [switch_type(uint16)] union {
1532  [case(1)] samr_ValidatePasswordReq1 req1;
1533  [case(2)] samr_ValidatePasswordReq2 req2;
1534  [case(3)] samr_ValidatePasswordReq3 req3;
1535  } samr_ValidatePasswordReq;
1536 
1537  NTSTATUS samr_ValidatePassword(
1538  [in] samr_ValidatePasswordLevel level,
1539  [in,switch_is(level)] samr_ValidatePasswordReq *req,
1540  [out,ref,switch_is(level)] samr_ValidatePasswordRep **rep
1541  );
1542 }
Definition: file-pcapng.c:177
Definition: conversation.c:27
Definition: mcast_stream.h:30