4 samr interface definition
6 import
"misc.idl", "lsa.idl", "security.idl";
9 Thanks to Todd Sabin for some information from his samr.idl in acltools
12 [ uuid("12345778-1234-abcd-ef00-0123456789ac"),
14 endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
15 pointer_default(unique)
18 typedef bitmap security_secinfo security_secinfo
;
20 /* account control (acct_flags) bits */
21 typedef [public,bitmap32bit
] bitmap
{
22 ACB_DISABLED
= 0x00000001, /* 1 = User account disabled */
23 ACB_HOMDIRREQ
= 0x00000002, /* 1 = Home directory required */
24 ACB_PWNOTREQ
= 0x00000004, /* 1 = User password not required */
25 ACB_TEMPDUP
= 0x00000008, /* 1 = Temporary duplicate account */
26 ACB_NORMAL
= 0x00000010, /* 1 = Normal user account */
27 ACB_MNS
= 0x00000020, /* 1 = MNS logon user account */
28 ACB_DOMTRUST
= 0x00000040, /* 1 = Interdomain trust account */
29 ACB_WSTRUST
= 0x00000080, /* 1 = Workstation trust account */
30 ACB_SVRTRUST
= 0x00000100, /* 1 = Server trust account */
31 ACB_PWNOEXP
= 0x00000200, /* 1 = User password does not expire */
32 ACB_AUTOLOCK
= 0x00000400, /* 1 = Account auto locked */
33 ACB_ENC_TXT_PWD_ALLOWED
= 0x00000800, /* 1 = Encryped text password is allowed */
34 ACB_SMARTCARD_REQUIRED
= 0x00001000, /* 1 = Smart Card required */
35 ACB_TRUSTED_FOR_DELEGATION
= 0x00002000, /* 1 = Trusted for Delegation */
36 ACB_NOT_DELEGATED
= 0x00004000, /* 1 = Not delegated */
37 ACB_USE_DES_KEY_ONLY
= 0x00008000, /* 1 = Use DES key only */
38 ACB_DONT_REQUIRE_PREAUTH
= 0x00010000, /* 1 = Preauth not required */
39 ACB_PW_EXPIRED
= 0x00020000, /* 1 = Password Expired */
40 ACB_NO_AUTH_DATA_REQD
= 0x00080000 /* 1 = No authorization data required */
43 /* SAM server specific access rights */
45 typedef [bitmap32bit
] bitmap
{
46 SAMR_ACCESS_CONNECT_TO_SERVER
= 0x00000001,
47 SAMR_ACCESS_SHUTDOWN_SERVER
= 0x00000002,
48 SAMR_ACCESS_INITIALIZE_SERVER
= 0x00000004,
49 SAMR_ACCESS_CREATE_DOMAIN
= 0x00000008,
50 SAMR_ACCESS_ENUM_DOMAINS
= 0x00000010,
51 SAMR_ACCESS_OPEN_DOMAIN
= 0x00000020
52 } samr_ConnectAccessMask
;
54 const int SAMR_ACCESS_ALL_ACCESS
= 0x0000003F;
56 const int GENERIC_RIGHTS_SAM_ALL_ACCESS
=
57 (STANDARD_RIGHTS_REQUIRED_ACCESS |
58 SAMR_ACCESS_ALL_ACCESS
);
60 const int GENERIC_RIGHTS_SAM_READ
=
61 (STANDARD_RIGHTS_READ_ACCESS |
62 SAMR_ACCESS_ENUM_DOMAINS
);
64 const int GENERIC_RIGHTS_SAM_WRITE
=
65 (STANDARD_RIGHTS_WRITE_ACCESS |
66 SAMR_ACCESS_CREATE_DOMAIN |
67 SAMR_ACCESS_INITIALIZE_SERVER |
68 SAMR_ACCESS_SHUTDOWN_SERVER
);
70 const int GENERIC_RIGHTS_SAM_EXECUTE
=
71 (STANDARD_RIGHTS_EXECUTE_ACCESS |
72 SAMR_ACCESS_OPEN_DOMAIN |
73 SAMR_ACCESS_CONNECT_TO_SERVER
);
75 /* User Object specific access rights */
77 typedef [bitmap32bit
] bitmap
{
78 SAMR_USER_ACCESS_GET_NAME_ETC
= 0x00000001,
79 SAMR_USER_ACCESS_GET_LOCALE
= 0x00000002,
80 SAMR_USER_ACCESS_SET_LOC_COM
= 0x00000004,
81 SAMR_USER_ACCESS_GET_LOGONINFO
= 0x00000008,
82 SAMR_USER_ACCESS_GET_ATTRIBUTES
= 0x00000010,
83 SAMR_USER_ACCESS_SET_ATTRIBUTES
= 0x00000020,
84 SAMR_USER_ACCESS_CHANGE_PASSWORD
= 0x00000040,
85 SAMR_USER_ACCESS_SET_PASSWORD
= 0x00000080,
86 SAMR_USER_ACCESS_GET_GROUPS
= 0x00000100,
87 SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP
= 0x00000200,
88 SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP
= 0x00000400
89 } samr_UserAccessMask
;
91 const int SAMR_USER_ACCESS_ALL_ACCESS
= 0x000007FF;
93 const int GENERIC_RIGHTS_USER_ALL_ACCESS
=
94 (STANDARD_RIGHTS_REQUIRED_ACCESS |
95 SAMR_USER_ACCESS_ALL_ACCESS
); /* 0x000f07ff */
97 const int GENERIC_RIGHTS_USER_READ
=
98 (STANDARD_RIGHTS_READ_ACCESS |
99 SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP |
100 SAMR_USER_ACCESS_GET_GROUPS |
101 SAMR_USER_ACCESS_GET_ATTRIBUTES |
102 SAMR_USER_ACCESS_GET_LOGONINFO |
103 SAMR_USER_ACCESS_GET_LOCALE
); /* 0x0002031a */
105 const int GENERIC_RIGHTS_USER_WRITE
=
106 (STANDARD_RIGHTS_WRITE_ACCESS |
107 SAMR_USER_ACCESS_CHANGE_PASSWORD |
108 SAMR_USER_ACCESS_SET_LOC_COM |
109 SAMR_USER_ACCESS_SET_ATTRIBUTES |
110 SAMR_USER_ACCESS_SET_PASSWORD |
111 SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP
); /* 0x000204e4 */
113 const int GENERIC_RIGHTS_USER_EXECUTE
=
114 (STANDARD_RIGHTS_EXECUTE_ACCESS |
115 SAMR_USER_ACCESS_CHANGE_PASSWORD |
116 SAMR_USER_ACCESS_GET_NAME_ETC
); /* 0x00020041 */
118 /* Domain Object specific access rights */
120 typedef [bitmap32bit
] bitmap
{
121 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
= 0x00000001,
122 SAMR_DOMAIN_ACCESS_SET_INFO_1
= 0x00000002,
123 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2
= 0x00000004,
124 SAMR_DOMAIN_ACCESS_SET_INFO_2
= 0x00000008,
125 SAMR_DOMAIN_ACCESS_CREATE_USER
= 0x00000010,
126 SAMR_DOMAIN_ACCESS_CREATE_GROUP
= 0x00000020,
127 SAMR_DOMAIN_ACCESS_CREATE_ALIAS
= 0x00000040,
128 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS
= 0x00000080,
129 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS
= 0x00000100,
130 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
= 0x00000200,
131 SAMR_DOMAIN_ACCESS_SET_INFO_3
= 0x00000400
132 } samr_DomainAccessMask
;
134 const int SAMR_DOMAIN_ACCESS_ALL_ACCESS
= 0x000007FF;
136 const int GENERIC_RIGHTS_DOMAIN_ALL_ACCESS
=
137 (STANDARD_RIGHTS_REQUIRED_ACCESS |
138 SAMR_DOMAIN_ACCESS_ALL_ACCESS
);
140 const int GENERIC_RIGHTS_DOMAIN_READ
=
141 (STANDARD_RIGHTS_READ_ACCESS |
142 SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS |
143 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2
);
145 const int GENERIC_RIGHTS_DOMAIN_WRITE
=
146 (STANDARD_RIGHTS_WRITE_ACCESS |
147 SAMR_DOMAIN_ACCESS_SET_INFO_3 |
148 SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
149 SAMR_DOMAIN_ACCESS_CREATE_GROUP |
150 SAMR_DOMAIN_ACCESS_CREATE_USER |
151 SAMR_DOMAIN_ACCESS_SET_INFO_2 |
152 SAMR_DOMAIN_ACCESS_SET_INFO_1
);
154 const int GENERIC_RIGHTS_DOMAIN_EXECUTE
=
155 (STANDARD_RIGHTS_EXECUTE_ACCESS |
156 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
157 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
158 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
);
160 /* Group Object specific access rights */
162 typedef [bitmap32bit
] bitmap
{
163 SAMR_GROUP_ACCESS_LOOKUP_INFO
= 0x00000001,
164 SAMR_GROUP_ACCESS_SET_INFO
= 0x00000002,
165 SAMR_GROUP_ACCESS_ADD_MEMBER
= 0x00000004,
166 SAMR_GROUP_ACCESS_REMOVE_MEMBER
= 0x00000008,
167 SAMR_GROUP_ACCESS_GET_MEMBERS
= 0x00000010
168 } samr_GroupAccessMask
;
170 const int SAMR_GROUP_ACCESS_ALL_ACCESS
= 0x0000001F;
172 const int GENERIC_RIGHTS_GROUP_ALL_ACCESS
=
173 (STANDARD_RIGHTS_REQUIRED_ACCESS |
174 SAMR_GROUP_ACCESS_ALL_ACCESS
); /* 0x000f001f */
176 const int GENERIC_RIGHTS_GROUP_READ
=
177 (STANDARD_RIGHTS_READ_ACCESS |
178 SAMR_GROUP_ACCESS_GET_MEMBERS
); /* 0x00020010 */
180 const int GENERIC_RIGHTS_GROUP_WRITE
=
181 (STANDARD_RIGHTS_WRITE_ACCESS |
182 SAMR_GROUP_ACCESS_REMOVE_MEMBER |
183 SAMR_GROUP_ACCESS_ADD_MEMBER |
184 SAMR_GROUP_ACCESS_SET_INFO
); /* 0x0002000e */
186 const int GENERIC_RIGHTS_GROUP_EXECUTE
=
187 (STANDARD_RIGHTS_EXECUTE_ACCESS |
188 SAMR_GROUP_ACCESS_LOOKUP_INFO
); /* 0x00020001 */
190 typedef [bitmap32bit
] bitmap
{
191 SAMR_ALIAS_ACCESS_ADD_MEMBER
= 0x00000001,
192 SAMR_ALIAS_ACCESS_REMOVE_MEMBER
= 0x00000002,
193 SAMR_ALIAS_ACCESS_GET_MEMBERS
= 0x00000004,
194 SAMR_ALIAS_ACCESS_LOOKUP_INFO
= 0x00000008,
195 SAMR_ALIAS_ACCESS_SET_INFO
= 0x00000010
196 } samr_AliasAccessMask
;
200 NTSTATUS samr_Connect
(
201 /* notice the lack of [string] */
202 [in,unique] uint16
*system_name
,
203 [in] samr_ConnectAccessMask access_mask
,
204 [out,ref] policy_handle
*connect_handle
210 [public] NTSTATUS samr_Close
(
211 [in,out,ref] policy_handle
*handle
217 NTSTATUS samr_SetSecurity
(
218 [in,ref] policy_handle
*handle,
219 [in] security_secinfo sec_info
,
220 [in,ref] sec_desc_buf
*sdbuf
226 NTSTATUS samr_QuerySecurity
(
227 [in,ref] policy_handle
*handle,
228 [in] security_secinfo sec_info
,
229 [out,ref] sec_desc_buf
**sdbuf
236 shutdown the SAM - once you call this the SAM will be dead
238 NTSTATUS samr_Shutdown
(
239 [in,ref] policy_handle
*connect_handle
244 NTSTATUS samr_LookupDomain
(
245 [in,ref] policy_handle
*connect_handle
,
246 [in,ref] lsa_String
*domain_name
,
247 [out,ref] dom_sid2
**sid
261 [size_is(count
)] samr_SamEntry
*entries
;
264 NTSTATUS samr_EnumDomains
(
265 [in] policy_handle
*connect_handle
,
266 [in,out,ref] uint32
*resume_handle
,
267 [out,ref] samr_SamArray
**sam
,
268 [in] uint32 buf_size
,
269 [out,ref] uint32
*num_entries
273 /************************/
275 [public] NTSTATUS samr_OpenDomain
(
276 [in,ref] policy_handle
*connect_handle
,
277 [in] samr_DomainAccessMask access_mask
,
278 [in,ref] dom_sid2
*sid
,
279 [out,ref] policy_handle
*domain_handle
282 /************************/
285 typedef [v1_enum] enum {
286 SAMR_ROLE_STANDALONE
= 0,
287 SAMR_ROLE_DOMAIN_MEMBER
= 1,
288 SAMR_ROLE_DOMAIN_BDC
= 2,
289 SAMR_ROLE_DOMAIN_PDC
= 3
292 /* password properties flags */
293 typedef [public,bitmap32bit
] bitmap
{
294 DOMAIN_PASSWORD_COMPLEX
= 0x00000001,
295 DOMAIN_PASSWORD_NO_ANON_CHANGE
= 0x00000002,
296 DOMAIN_PASSWORD_NO_CLEAR_CHANGE
= 0x00000004,
297 DOMAIN_PASSWORD_LOCKOUT_ADMINS
= 0x00000008,
298 DOMAIN_PASSWORD_STORE_CLEARTEXT
= 0x00000010,
299 DOMAIN_REFUSE_PASSWORD_CHANGE
= 0x00000020
300 } samr_PasswordProperties
;
303 uint16 min_password_length
;
304 uint16 password_history_length
;
305 samr_PasswordProperties password_properties
;
306 /* yes, these are signed. They are in negative 100ns */
307 dlong max_password_age
;
308 dlong min_password_age
;
312 NTTIME force_logoff_time
;
314 lsa_String domain_name
;
315 lsa_String primary
; /* PDC name if this is a BDC */
326 NTTIME force_logoff_time
;
334 lsa_String domain_name
;
347 NTTIME domain_create_time
;
351 uint32 unknown
; /* w2k3 returns 1 */
356 hyper lockout_duration
;
357 hyper lockout_window
;
358 uint16 lockout_threshold
;
362 hyper lockout_duration
;
363 hyper lockout_window
;
364 uint16 lockout_threshold
;
369 NTTIME domain_create_time
;
374 typedef [switch_type(uint16
)] union {
375 [case(1)] samr_DomInfo1 info1
;
376 [case(2)] samr_DomInfo2 info2
;
377 [case(3)] samr_DomInfo3 info3
;
378 [case(4)] samr_DomInfo4 info4
;
379 [case(5)] samr_DomInfo5 info5
;
380 [case(6)] samr_DomInfo6 info6
;
381 [case(7)] samr_DomInfo7 info7
;
382 [case(8)] samr_DomInfo8 info8
;
383 [case(9)] samr_DomInfo9 info9
;
384 [case(11)] samr_DomInfo11 info11
;
385 [case(12)] samr_DomInfo12 info12
;
386 [case(13)] samr_DomInfo13 info13
;
389 NTSTATUS samr_QueryDomainInfo
(
390 [in,ref] policy_handle
*domain_handle
,
392 [out,ref,switch_is(level
)] samr_DomainInfo
**info
395 /************************/
398 only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
401 NTSTATUS samr_SetDomainInfo
(
402 [in,ref] policy_handle
*domain_handle
,
404 [in,switch_is(level
),ref] samr_DomainInfo
*info
408 /************************/
410 NTSTATUS samr_CreateDomainGroup
(
411 [in,ref] policy_handle
*domain_handle
,
412 [in,ref] lsa_String
*name
,
413 [in] samr_GroupAccessMask access_mask
,
414 [out,ref] policy_handle
*group_handle
,
415 [out,ref] uint32
*rid
419 /************************/
422 const int MAX_SAM_ENTRIES_W2K
= 0x400; /* 1024 */
423 const int MAX_SAM_ENTRIES_W95
= 50;
425 NTSTATUS samr_EnumDomainGroups
(
426 [in] policy_handle
*domain_handle
,
427 [in,out,ref] uint32
*resume_handle
,
428 [out,ref] samr_SamArray
**sam
,
429 [in] uint32 max_size
,
430 [out,ref] uint32
*num_entries
433 /************************/
435 NTSTATUS samr_CreateUser
(
436 [in,ref] policy_handle
*domain_handle
,
437 [in,ref] lsa_String
*account_name
,
438 [in] samr_UserAccessMask access_mask
,
439 [out,ref] policy_handle
*user_handle
,
440 [out,ref] uint32
*rid
443 /************************/
447 /* w2k3 treats max_size as max_users*54 and sets the
448 resume_handle as the rid of the last user sent
450 const int SAMR_ENUM_USERS_MULTIPLIER
= 54;
452 NTSTATUS samr_EnumDomainUsers
(
453 [in] policy_handle
*domain_handle
,
454 [in,out,ref] uint32
*resume_handle
,
455 [in] samr_AcctFlags acct_flags
,
456 [out,ref] samr_SamArray
**sam
,
457 [in] uint32 max_size
,
458 [out,ref] uint32
*num_entries
461 /************************/
463 NTSTATUS samr_CreateDomAlias
(
464 [in,ref] policy_handle
*domain_handle
,
465 [in,ref] lsa_String
*alias_name
,
466 [in] samr_AliasAccessMask access_mask
,
467 [out,ref] policy_handle
*alias_handle
,
468 [out,ref] uint32
*rid
471 /************************/
473 NTSTATUS samr_EnumDomainAliases
(
474 [in] policy_handle
*domain_handle
,
475 [in,out,ref] uint32
*resume_handle
,
476 [out,ref] samr_SamArray
**sam
,
477 [in] uint32 max_size
,
478 [out,ref] uint32
*num_entries
481 /************************/
485 [range(0,1024)] uint32 count
;
486 [size_is(count
)] uint32
*ids
;
489 NTSTATUS samr_GetAliasMembership
(
490 [in,ref] policy_handle
*domain_handle
,
491 [in,ref] lsa_SidArray
*sids
,
492 [out,ref] samr_Ids
*rids
495 /************************/
498 [public] NTSTATUS samr_LookupNames
(
499 [in,ref] policy_handle
*domain_handle
,
500 [in,range(0,1000)] uint32 num_names
,
501 [in,size_is(1000),length_is(num_names
)] lsa_String names
[],
502 [out,ref] samr_Ids
*rids
,
503 [out,ref] samr_Ids
*types
507 /************************/
509 NTSTATUS samr_LookupRids
(
510 [in,ref] policy_handle
*domain_handle
,
511 [in,range(0,1000)] uint32 num_rids
,
512 [in,size_is(1000),length_is(num_rids
)] uint32 rids
[],
513 [out,ref] lsa_Strings
*names
,
514 [out,ref] samr_Ids
*types
517 /************************/
519 NTSTATUS samr_OpenGroup
(
520 [in,ref] policy_handle
*domain_handle
,
521 [in] samr_GroupAccessMask access_mask
,
523 [out,ref] policy_handle
*group_handle
526 /* Group attributes */
527 typedef [public,bitmap32bit
] bitmap
{
528 SE_GROUP_MANDATORY
= 0x00000001,
529 SE_GROUP_ENABLED_BY_DEFAULT
= 0x00000002,
530 SE_GROUP_ENABLED
= 0x00000004,
531 SE_GROUP_OWNER
= 0x00000008,
532 SE_GROUP_USE_FOR_DENY_ONLY
= 0x00000010,
533 SE_GROUP_RESOURCE
= 0x20000000,
534 SE_GROUP_LOGON_ID
= 0xC0000000
537 /************************/
542 samr_GroupAttrs attributes
;
544 lsa_String description
;
548 samr_GroupAttrs attributes
;
549 } samr_GroupInfoAttributes
;
552 lsa_String description
;
553 } samr_GroupInfoDescription
;
558 GROUPINFOATTRIBUTES
= 3,
559 GROUPINFODESCRIPTION
= 4,
561 } samr_GroupInfoEnum
;
563 typedef [switch_type(samr_GroupInfoEnum
)] union {
564 [case(GROUPINFOALL
)] samr_GroupInfoAll all
;
565 [case(GROUPINFONAME
)] lsa_String name
;
566 [case(GROUPINFOATTRIBUTES
)] samr_GroupInfoAttributes attributes
;
567 [case(GROUPINFODESCRIPTION
)] lsa_String description
;
568 [case(GROUPINFOALL2
)] samr_GroupInfoAll all2
;
571 NTSTATUS samr_QueryGroupInfo
(
572 [in,ref] policy_handle
*group_handle
,
573 [in] samr_GroupInfoEnum level
,
574 [out,ref,switch_is(level
)] samr_GroupInfo
**info
577 /************************/
579 NTSTATUS samr_SetGroupInfo
(
580 [in,ref] policy_handle
*group_handle
,
581 [in] samr_GroupInfoEnum level
,
582 [in,switch_is(level
),ref] samr_GroupInfo
*info
585 /************************/
587 NTSTATUS samr_AddGroupMember
(
588 [in,ref] policy_handle
*group_handle
,
593 /************************/
595 NTSTATUS samr_DeleteDomainGroup
(
596 [in,out,ref] policy_handle
*group_handle
599 /************************/
601 NTSTATUS samr_DeleteGroupMember
(
602 [in,ref] policy_handle
*group_handle
,
607 /************************/
611 [size_is(count
)] uint32
*rids
;
612 [size_is(count
)] uint32
*types
;
615 NTSTATUS samr_QueryGroupMember
(
616 [in,ref] policy_handle
*group_handle
,
617 [out,ref] samr_RidTypeArray
**rids
621 /************************/
625 win2003 seems to accept any data at all for the two integers
626 below, and doesn't seem to do anything with them that I can
627 see. Weird. I really expected the first integer to be a rid
628 and the second to be the attributes for that rid member.
630 NTSTATUS samr_SetMemberAttributesOfGroup
(
631 [in,ref] policy_handle
*group_handle
,
632 [in] uint32 unknown1
,
637 /************************/
639 NTSTATUS samr_OpenAlias
(
640 [in,ref] policy_handle
*domain_handle
,
641 [in] samr_AliasAccessMask access_mask
,
643 [out,ref] policy_handle
*alias_handle
647 /************************/
653 lsa_String description
;
659 ALIASINFODESCRIPTION
= 3
660 } samr_AliasInfoEnum
;
662 typedef [switch_type(samr_AliasInfoEnum
)] union {
663 [case(ALIASINFOALL
)] samr_AliasInfoAll all
;
664 [case(ALIASINFONAME
)] lsa_String name
;
665 [case(ALIASINFODESCRIPTION
)] lsa_String description
;
668 NTSTATUS samr_QueryAliasInfo
(
669 [in,ref] policy_handle
*alias_handle
,
670 [in] samr_AliasInfoEnum level
,
671 [out,ref,switch_is(level
)] samr_AliasInfo
**info
674 /************************/
676 NTSTATUS samr_SetAliasInfo
(
677 [in,ref] policy_handle
*alias_handle
,
678 [in] samr_AliasInfoEnum level
,
679 [in,switch_is(level
),ref] samr_AliasInfo
*info
682 /************************/
684 NTSTATUS samr_DeleteDomAlias
(
685 [in,out,ref] policy_handle
*alias_handle
688 /************************/
690 NTSTATUS samr_AddAliasMember
(
691 [in,ref] policy_handle
*alias_handle
,
692 [in,ref] dom_sid2
*sid
695 /************************/
697 NTSTATUS samr_DeleteAliasMember
(
698 [in,ref] policy_handle
*alias_handle
,
699 [in,ref] dom_sid2
*sid
702 /************************/
704 NTSTATUS samr_GetMembersInAlias
(
705 [in,ref] policy_handle
*alias_handle
,
706 [out,ref] lsa_SidArray
*sids
709 /************************/
711 [public] NTSTATUS samr_OpenUser
(
712 [in,ref] policy_handle
*domain_handle
,
713 [in] samr_UserAccessMask access_mask
,
715 [out,ref] policy_handle
*user_handle
718 /************************/
720 NTSTATUS samr_DeleteUser
(
721 [in,out,ref] policy_handle
*user_handle
724 /************************/
727 lsa_String account_name
;
728 lsa_String full_name
;
730 lsa_String description
;
736 lsa_String unknown
; /* settable, but doesn't stick. probably obsolete */
741 /* this is also used in samr and netlogon */
742 typedef [public, flag
(NDR_PAHEX
)] struct {
743 uint16 units_per_week
;
744 [size_is(1260), length_is(units_per_week
/8)] uint8
*bits
;
748 lsa_String account_name
;
749 lsa_String full_name
;
752 lsa_String home_directory
;
753 lsa_String home_drive
;
754 lsa_String logon_script
;
755 lsa_String profile_path
;
756 lsa_String workstations
;
759 NTTIME last_password_change
;
760 NTTIME allow_password_change
;
761 NTTIME force_password_change
;
762 samr_LogonHours logon_hours
;
763 uint16 bad_password_count
;
765 samr_AcctFlags acct_flags
;
769 samr_LogonHours logon_hours
;
773 lsa_String account_name
;
774 lsa_String full_name
;
777 lsa_String home_directory
;
778 lsa_String home_drive
;
779 lsa_String logon_script
;
780 lsa_String profile_path
;
781 lsa_String description
;
782 lsa_String workstations
;
785 samr_LogonHours logon_hours
;
786 uint16 bad_password_count
;
788 NTTIME last_password_change
;
790 samr_AcctFlags acct_flags
;
794 lsa_String account_name
;
795 lsa_String full_name
;
799 lsa_String account_name
;
803 lsa_String full_name
;
811 lsa_String home_directory
;
812 lsa_String home_drive
;
816 lsa_String logon_script
;
820 lsa_String profile_path
;
824 lsa_String description
;
828 lsa_String workstations
;
832 samr_AcctFlags acct_flags
;
839 typedef [public, flag
(NDR_PAHEX
)] struct {
844 samr_Password lm_pwd
;
845 samr_Password nt_pwd
;
846 boolean8 lm_pwd_active
;
847 boolean8 nt_pwd_active
;
851 lsa_BinaryString parameters
;
854 /* this defines the bits used for fields_present in info21 */
855 typedef [bitmap32bit
] bitmap
{
856 SAMR_FIELD_ACCOUNT_NAME
= 0x00000001,
857 SAMR_FIELD_FULL_NAME
= 0x00000002,
858 SAMR_FIELD_RID
= 0x00000004,
859 SAMR_FIELD_PRIMARY_GID
= 0x00000008,
860 SAMR_FIELD_DESCRIPTION
= 0x00000010,
861 SAMR_FIELD_COMMENT
= 0x00000020,
862 SAMR_FIELD_HOME_DIRECTORY
= 0x00000040,
863 SAMR_FIELD_HOME_DRIVE
= 0x00000080,
864 SAMR_FIELD_LOGON_SCRIPT
= 0x00000100,
865 SAMR_FIELD_PROFILE_PATH
= 0x00000200,
866 SAMR_FIELD_WORKSTATIONS
= 0x00000400,
867 SAMR_FIELD_LAST_LOGON
= 0x00000800,
868 SAMR_FIELD_LAST_LOGOFF
= 0x00001000,
869 SAMR_FIELD_LOGON_HOURS
= 0x00002000,
870 SAMR_FIELD_BAD_PWD_COUNT
= 0x00004000,
871 SAMR_FIELD_NUM_LOGONS
= 0x00008000,
872 SAMR_FIELD_ALLOW_PWD_CHANGE
= 0x00010000,
873 SAMR_FIELD_FORCE_PWD_CHANGE
= 0x00020000,
874 SAMR_FIELD_LAST_PWD_CHANGE
= 0x00040000,
875 SAMR_FIELD_ACCT_EXPIRY
= 0x00080000,
876 SAMR_FIELD_ACCT_FLAGS
= 0x00100000,
877 SAMR_FIELD_PARAMETERS
= 0x00200000,
878 SAMR_FIELD_COUNTRY_CODE
= 0x00400000,
879 SAMR_FIELD_CODE_PAGE
= 0x00800000,
880 SAMR_FIELD_PASSWORD
= 0x01000000, /* either of these */
881 SAMR_FIELD_PASSWORD2
= 0x02000000, /* two bits seems to work */
882 SAMR_FIELD_PRIVATE_DATA
= 0x04000000,
883 SAMR_FIELD_EXPIRED_FLAG
= 0x08000000,
884 SAMR_FIELD_SEC_DESC
= 0x10000000,
885 SAMR_FIELD_OWF_PWD
= 0x20000000
886 } samr_FieldsPresent
;
888 /* used for 'password_expired' in samr_UserInfo21 */
889 const int PASS_MUST_CHANGE_AT_NEXT_LOGON
= 0x01;
890 const int PASS_DONT_CHANGE_AT_NEXT_LOGON
= 0x00;
895 NTTIME last_password_change
;
897 NTTIME allow_password_change
;
898 NTTIME force_password_change
;
899 lsa_String account_name
;
900 lsa_String full_name
;
901 lsa_String home_directory
;
902 lsa_String home_drive
;
903 lsa_String logon_script
;
904 lsa_String profile_path
;
905 lsa_String description
;
906 lsa_String workstations
;
908 lsa_BinaryString parameters
;
913 [size_is(buf_count
)] uint8
*buffer
;
916 samr_AcctFlags acct_flags
;
917 samr_FieldsPresent fields_present
;
918 samr_LogonHours logon_hours
;
919 uint16 bad_password_count
;
923 uint8 nt_password_set
;
924 uint8 lm_password_set
;
925 uint8 password_expired
;
929 typedef [public, flag
(NDR_PAHEX
)] struct {
931 } samr_CryptPassword
;
934 samr_UserInfo21 info
;
935 samr_CryptPassword password
;
939 samr_CryptPassword password
;
943 typedef [flag
(NDR_PAHEX
)] struct {
945 } samr_CryptPasswordEx
;
948 samr_UserInfo21 info
;
949 samr_CryptPasswordEx password
;
953 samr_CryptPasswordEx password
;
957 typedef [switch_type(uint16
)] union {
958 [case(1)] samr_UserInfo1 info1
;
959 [case(2)] samr_UserInfo2 info2
;
960 [case(3)] samr_UserInfo3 info3
;
961 [case(4)] samr_UserInfo4 info4
;
962 [case(5)] samr_UserInfo5 info5
;
963 [case(6)] samr_UserInfo6 info6
;
964 [case(7)] samr_UserInfo7 info7
;
965 [case(8)] samr_UserInfo8 info8
;
966 [case(9)] samr_UserInfo9 info9
;
967 [case(10)] samr_UserInfo10 info10
;
968 [case(11)] samr_UserInfo11 info11
;
969 [case(12)] samr_UserInfo12 info12
;
970 [case(13)] samr_UserInfo13 info13
;
971 [case(14)] samr_UserInfo14 info14
;
972 [case(16)] samr_UserInfo16 info16
;
973 [case(17)] samr_UserInfo17 info17
;
974 [case(18)] samr_UserInfo18 info18
;
975 [case(20)] samr_UserInfo20 info20
;
976 [case(21)] samr_UserInfo21 info21
;
977 [case(23)] samr_UserInfo23 info23
;
978 [case(24)] samr_UserInfo24 info24
;
979 [case(25)] samr_UserInfo25 info25
;
980 [case(26)] samr_UserInfo26 info26
;
983 [public] NTSTATUS samr_QueryUserInfo
(
984 [in,ref] policy_handle
*user_handle
,
986 [out,ref,switch_is(level
)] samr_UserInfo
**info
990 /************************/
992 [public] NTSTATUS samr_SetUserInfo
(
993 [in,ref] policy_handle
*user_handle
,
995 [in,ref,switch_is(level
)] samr_UserInfo
*info
998 /************************/
1001 this is a password change interface that doesn't give
1002 the server the plaintext password. Depricated.
1004 NTSTATUS samr_ChangePasswordUser
(
1005 [in,ref] policy_handle
*user_handle
,
1006 [in] boolean8 lm_present
,
1007 [in,unique] samr_Password
*old_lm_crypted
,
1008 [in,unique] samr_Password
*new_lm_crypted
,
1009 [in] boolean8 nt_present
,
1010 [in,unique] samr_Password
*old_nt_crypted
,
1011 [in,unique] samr_Password
*new_nt_crypted
,
1012 [in] boolean8 cross1_present
,
1013 [in,unique] samr_Password
*nt_cross
,
1014 [in] boolean8 cross2_present
,
1015 [in,unique] samr_Password
*lm_cross
1018 /************************/
1021 typedef [public] struct {
1023 samr_GroupAttrs attributes
;
1024 } samr_RidWithAttribute
;
1026 typedef [public] struct {
1028 [size_is(count
)] samr_RidWithAttribute
*rids
;
1029 } samr_RidWithAttributeArray
;
1031 NTSTATUS samr_GetGroupsForUser
(
1032 [in,ref] policy_handle
*user_handle
,
1033 [out,ref] samr_RidWithAttributeArray
**rids
1036 /************************/
1042 samr_AcctFlags acct_flags
;
1043 lsa_String account_name
;
1044 lsa_String description
;
1045 lsa_String full_name
;
1046 } samr_DispEntryGeneral
;
1050 [size_is(count
)] samr_DispEntryGeneral
*entries
;
1051 } samr_DispInfoGeneral
;
1056 samr_AcctFlags acct_flags
;
1057 lsa_String account_name
;
1058 lsa_String description
;
1059 } samr_DispEntryFull
;
1063 [size_is(count
)] samr_DispEntryFull
*entries
;
1064 } samr_DispInfoFull
;
1069 samr_GroupAttrs acct_flags
;
1070 lsa_String account_name
;
1071 lsa_String description
;
1072 } samr_DispEntryFullGroup
;
1076 [size_is(count
)] samr_DispEntryFullGroup
*entries
;
1077 } samr_DispInfoFullGroups
;
1081 lsa_AsciiStringLarge account_name
;
1082 } samr_DispEntryAscii
;
1086 [size_is(count
)] samr_DispEntryAscii
*entries
;
1087 } samr_DispInfoAscii
;
1089 typedef [switch_type(uint16
)] union {
1090 [case(1)] samr_DispInfoGeneral info1
;/* users */
1091 [case(2)] samr_DispInfoFull info2
; /* trust accounts? */
1092 [case(3)] samr_DispInfoFullGroups info3
; /* groups */
1093 [case(4)] samr_DispInfoAscii info4
; /* users */
1094 [case(5)] samr_DispInfoAscii info5
; /* groups */
1097 NTSTATUS samr_QueryDisplayInfo
(
1098 [in,ref] policy_handle
*domain_handle
,
1100 [in] uint32 start_idx
,
1101 [in] uint32 max_entries
,
1102 [in] uint32 buf_size
,
1103 [out,ref] uint32
*total_size
,
1104 [out,ref] uint32
*returned_size
,
1105 [out,ref,switch_is(level
)] samr_DispInfo
*info
1109 /************************/
1113 this seems to be an alphabetic search function. The returned index
1114 is the index for samr_QueryDisplayInfo needed to get names occurring
1115 after the specified name. The supplied name does not need to exist
1116 in the database (for example you can supply just a first letter for
1117 searching starting at that letter)
1119 The level corresponds to the samr_QueryDisplayInfo level
1121 NTSTATUS samr_GetDisplayEnumerationIndex
(
1122 [in,ref] policy_handle
*domain_handle
,
1124 [in,ref] lsa_String
*name
,
1125 [out,ref] uint32
*idx
1130 /************************/
1134 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
1136 NTSTATUS samr_TestPrivateFunctionsDomain
(
1137 [in,ref] policy_handle
*domain_handle
1141 /************************/
1145 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
1147 NTSTATUS samr_TestPrivateFunctionsUser
(
1148 [in,ref] policy_handle
*user_handle
1152 /************************/
1156 uint16 min_password_length
;
1157 samr_PasswordProperties password_properties
;
1160 [public] NTSTATUS samr_GetUserPwInfo
(
1161 [in,ref] policy_handle
*user_handle
,
1162 [out,ref] samr_PwInfo
*info
1165 /************************/
1167 NTSTATUS samr_RemoveMemberFromForeignDomain
(
1168 [in,ref] policy_handle
*domain_handle
,
1169 [in,ref] dom_sid2
*sid
1172 /************************/
1176 how is this different from QueryDomainInfo ??
1178 NTSTATUS samr_QueryDomainInfo2
(
1179 [in,ref] policy_handle
*domain_handle
,
1181 [out,ref,switch_is(level
)] samr_DomainInfo
**info
1184 /************************/
1188 how is this different from QueryUserInfo ??
1190 NTSTATUS samr_QueryUserInfo2
(
1191 [in,ref] policy_handle
*user_handle
,
1193 [out,ref,switch_is(level
)] samr_UserInfo
*info
1196 /************************/
1200 how is this different from QueryDisplayInfo??
1202 NTSTATUS samr_QueryDisplayInfo2
(
1203 [in,ref] policy_handle
*domain_handle
,
1205 [in] uint32 start_idx
,
1206 [in] uint32 max_entries
,
1207 [in] uint32 buf_size
,
1208 [out,ref] uint32
*total_size
,
1209 [out,ref] uint32
*returned_size
,
1210 [out,ref,switch_is(level
)] samr_DispInfo
*info
1213 /************************/
1217 how is this different from GetDisplayEnumerationIndex ??
1219 NTSTATUS samr_GetDisplayEnumerationIndex2
(
1220 [in,ref] policy_handle
*domain_handle
,
1222 [in,ref] lsa_String
*name
,
1223 [out,ref] uint32
*idx
1227 /************************/
1229 NTSTATUS samr_CreateUser2
(
1230 [in,ref] policy_handle
*domain_handle
,
1231 [in,ref] lsa_String
*account_name
,
1232 [in] samr_AcctFlags acct_flags
,
1233 [in] samr_UserAccessMask access_mask
,
1234 [out,ref] policy_handle
*user_handle
,
1235 [out,ref] uint32
*access_granted
,
1236 [out,ref] uint32
*rid
1240 /************************/
1244 another duplicate. There must be a reason ....
1246 NTSTATUS samr_QueryDisplayInfo3
(
1247 [in,ref] policy_handle
*domain_handle
,
1249 [in] uint32 start_idx
,
1250 [in] uint32 max_entries
,
1251 [in] uint32 buf_size
,
1252 [out,ref] uint32
*total_size
,
1253 [out,ref] uint32
*returned_size
,
1254 [out,ref,switch_is(level
)] samr_DispInfo
*info
1257 /************************/
1259 NTSTATUS samr_AddMultipleMembersToAlias
(
1260 [in,ref] policy_handle
*alias_handle
,
1261 [in,ref] lsa_SidArray
*sids
1264 /************************/
1266 NTSTATUS samr_RemoveMultipleMembersFromAlias
(
1267 [in,ref] policy_handle
*alias_handle
,
1268 [in,ref] lsa_SidArray
*sids
1271 /************************/
1274 NTSTATUS samr_OemChangePasswordUser2
(
1275 [in,unique] lsa_AsciiString
*server
,
1276 [in,ref] lsa_AsciiString
*account
,
1277 [in,unique] samr_CryptPassword
*password
,
1278 [in,unique] samr_Password
*hash
1281 /************************/
1283 NTSTATUS samr_ChangePasswordUser2
(
1284 [in,unique] lsa_String
*server
,
1285 [in,ref] lsa_String
*account
,
1286 [in,unique] samr_CryptPassword
*nt_password
,
1287 [in,unique] samr_Password
*nt_verifier
,
1288 [in] boolean8 lm_change
,
1289 [in,unique] samr_CryptPassword
*lm_password
,
1290 [in,unique] samr_Password
*lm_verifier
1293 /************************/
1295 NTSTATUS samr_GetDomPwInfo
(
1296 [in,unique] lsa_String
*domain_name
,
1297 [out,ref] samr_PwInfo
*info
1300 /************************/
1302 NTSTATUS samr_Connect2
(
1303 [in,unique,string,charset
(UTF16
)] uint16
*system_name
,
1304 [in] samr_ConnectAccessMask access_mask
,
1305 [out,ref] policy_handle
*connect_handle
1308 /************************/
1311 seems to be an exact alias for samr_SetUserInfo()
1313 [public] NTSTATUS samr_SetUserInfo2
(
1314 [in,ref] policy_handle
*user_handle
,
1316 [in,ref,switch_is(level
)] samr_UserInfo
*info
1319 /************************/
1322 this one is mysterious. I have a few guesses, but nothing working yet
1324 NTSTATUS samr_SetBootKeyInformation
(
1325 [in,ref] policy_handle
*connect_handle
,
1326 [in] uint32 unknown1
,
1327 [in] uint32 unknown2
,
1328 [in] uint32 unknown3
1331 /************************/
1333 NTSTATUS samr_GetBootKeyInformation
(
1334 [in,ref] policy_handle
*domain_handle
,
1335 [out,ref] uint32
*unknown
1338 /************************/
1340 NTSTATUS samr_Connect3
(
1341 [in,unique,string,charset
(UTF16
)] uint16
*system_name
,
1342 /* this unknown value seems to be completely ignored by w2k3 */
1343 [in] uint32 unknown
,
1344 [in] samr_ConnectAccessMask access_mask
,
1345 [out,ref] policy_handle
*connect_handle
1348 /************************/
1352 SAMR_CONNECT_PRE_W2K
= 1,
1353 SAMR_CONNECT_W2K
= 2,
1354 SAMR_CONNECT_AFTER_W2K
= 3
1355 } samr_ConnectVersion
;
1357 NTSTATUS samr_Connect4
(
1358 [in,unique,string,charset
(UTF16
)] uint16
*system_name
,
1359 [in] samr_ConnectVersion client_version
,
1360 [in] samr_ConnectAccessMask access_mask
,
1361 [out,ref] policy_handle
*connect_handle
1364 /************************/
1367 typedef enum samr_RejectReason samr_RejectReason
;
1370 samr_RejectReason reason
;
1373 } samr_ChangeReject
;
1375 NTSTATUS samr_ChangePasswordUser3
(
1376 [in,unique] lsa_String
*server
,
1377 [in,ref] lsa_String
*account
,
1378 [in,unique] samr_CryptPassword
*nt_password
,
1379 [in,unique] samr_Password
*nt_verifier
,
1380 [in] boolean8 lm_change
,
1381 [in,unique] samr_CryptPassword
*lm_password
,
1382 [in,unique] samr_Password
*lm_verifier
,
1383 [in,unique] samr_CryptPassword
*password3
,
1384 [out,ref] samr_DomInfo1
**dominfo
,
1385 [out,ref] samr_ChangeReject
**reject
1388 /************************/
1392 samr_ConnectVersion client_version
; /* w2k3 gives 3 */
1393 uint32 unknown2
; /* w2k3 gives 0 */
1394 } samr_ConnectInfo1
;
1397 [case(1)] samr_ConnectInfo1 info1
;
1400 [public] NTSTATUS samr_Connect5
(
1401 [in,unique,string,charset
(UTF16
)] uint16
*system_name
,
1402 [in] samr_ConnectAccessMask access_mask
,
1403 [in] uint32 level_in
,
1404 [in,ref,switch_is(level_in
)] samr_ConnectInfo
*info_in
,
1405 [out,ref] uint32
*level_out
,
1406 [out,ref,switch_is(*level_out
)] samr_ConnectInfo
*info_out
,
1407 [out,ref] policy_handle
*connect_handle
1410 /************************/
1412 NTSTATUS samr_RidToSid
(
1413 [in,ref] policy_handle
*domain_handle
,
1415 [out,ref] dom_sid2
*sid
1419 /************************/
1423 this should set the DSRM password for the server, which is used
1424 when booting into Directory Services Recovery Mode on a DC. Win2003
1425 gives me NT_STATUS_NOT_SUPPORTED
1428 NTSTATUS samr_SetDsrmPassword
(
1429 [in,unique] lsa_String
*name
,
1430 [in] uint32 unknown
,
1431 [in,unique] samr_Password
*hash
1435 /************************/
1437 /************************/
1438 typedef [bitmap32bit
] bitmap
{
1439 SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET
= 0x00000001,
1440 SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME
= 0x00000002,
1441 SAMR_VALIDATE_FIELD_LOCKOUT_TIME
= 0x00000004,
1442 SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT
= 0x00000008,
1443 SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH
= 0x00000010,
1444 SAMR_VALIDATE_FIELD_PASSWORD_HISTORY
= 0x00000020
1445 } samr_ValidateFieldsPresent
;
1448 NetValidateAuthentication
= 1,
1449 NetValidatePasswordChange
= 2,
1450 NetValidatePasswordReset
= 3
1451 } samr_ValidatePasswordLevel
;
1453 /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't
1454 * identified the mapping of
1455 * - NERR_PasswordFilterError
1456 * - NERR_PasswordExpired and
1457 * - NERR_PasswordCantChange
1462 SAMR_VALIDATION_STATUS_SUCCESS
= 0,
1463 SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE
= 1,
1464 SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT
= 2,
1465 SAMR_VALIDATION_STATUS_BAD_PASSWORD
= 4,
1466 SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT
= 5,
1467 SAMR_VALIDATION_STATUS_PWD_TOO_SHORT
= 6,
1468 SAMR_VALIDATION_STATUS_PWD_TOO_LONG
= 7,
1469 SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH
= 8,
1470 SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT
= 9
1471 } samr_ValidationStatus
;
1475 [size_is(length
)] uint8
*data
;
1476 } samr_ValidationBlob
;
1479 samr_ValidateFieldsPresent fields_present
;
1480 NTTIME_hyper last_password_change
;
1481 NTTIME_hyper bad_password_time
;
1482 NTTIME_hyper lockout_time
;
1483 uint32 bad_pwd_count
;
1484 uint32 pwd_history_len
;
1485 [size_is(pwd_history_len
)] samr_ValidationBlob
*pwd_history
;
1486 } samr_ValidatePasswordInfo
;
1489 samr_ValidatePasswordInfo info
;
1490 samr_ValidationStatus status
;
1491 } samr_ValidatePasswordRepCtr
;
1493 typedef [switch_type(uint16
)] union {
1494 [case(1)] samr_ValidatePasswordRepCtr ctr1
;
1495 [case(2)] samr_ValidatePasswordRepCtr ctr2
;
1496 [case(3)] samr_ValidatePasswordRepCtr ctr3
;
1497 } samr_ValidatePasswordRep
;
1500 samr_ValidatePasswordInfo info
;
1501 lsa_StringLarge password
;
1502 lsa_StringLarge account
;
1503 samr_ValidationBlob hash
;
1504 boolean8 pwd_must_change_at_next_logon
;
1505 boolean8 clear_lockout
;
1506 } samr_ValidatePasswordReq3
;
1509 samr_ValidatePasswordInfo info
;
1510 lsa_StringLarge password
;
1511 lsa_StringLarge account
;
1512 samr_ValidationBlob hash
;
1513 boolean8 password_matched
;
1514 } samr_ValidatePasswordReq2
;
1517 samr_ValidatePasswordInfo info
;
1518 boolean8 password_matched
;
1519 } samr_ValidatePasswordReq1
;
1521 typedef [switch_type(uint16
)] union {
1522 [case(1)] samr_ValidatePasswordReq1 req1
;
1523 [case(2)] samr_ValidatePasswordReq2 req2
;
1524 [case(3)] samr_ValidatePasswordReq3 req3
;
1525 } samr_ValidatePasswordReq
;
1527 NTSTATUS samr_ValidatePassword
(
1528 [in] samr_ValidatePasswordLevel level
,
1529 [in,switch_is(level
)] samr_ValidatePasswordReq req
,
1530 [out,ref,switch_is(level
)] samr_ValidatePasswordRep
*rep