4 samr interface definition
8 Thanks to Todd Sabin for some information from his samr.idl in acltools
11 [ uuid("12345778-1234-abcd-ef00-0123456789ac"),
13 endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
14 pointer_default(unique),
18 /* account control (acct_flags) bits */
19 const int ACB_DISABLED
= 0x0001; /* 1 = User account disabled */
20 const int ACB_HOMDIRREQ
= 0x0002; /* 1 = Home directory required */
21 const int ACB_PWNOTREQ
= 0x0004; /* 1 = User password not required */
22 const int ACB_TEMPDUP
= 0x0008; /* 1 = Temporary duplicate account */
23 const int ACB_NORMAL
= 0x0010; /* 1 = Normal user account */
24 const int ACB_MNS
= 0x0020; /* 1 = MNS logon user account */
25 const int ACB_DOMTRUST
= 0x0040; /* 1 = Interdomain trust account */
26 const int ACB_WSTRUST
= 0x0080; /* 1 = Workstation trust account */
27 const int ACB_SVRTRUST
= 0x0100; /* 1 = Server trust account */
28 const int ACB_PWNOEXP
= 0x0200; /* 1 = User password does not expire */
29 const int ACB_AUTOLOCK
= 0x0400; /* 1 = Account auto locked */
34 NTSTATUS samr_Connect
(
35 /* notice the lack of [string] */
36 [in] uint16
*system_name
,
37 [in] uint32 access_mask
,
38 [out,ref] policy_handle
*connect_handle
45 [in,out,ref] policy_handle
*handle
51 NTSTATUS samr_SetSecurity
(
52 [in,ref] policy_handle
*handle,
54 [in,ref] sec_desc_buf
*sdbuf
60 NTSTATUS samr_QuerySecurity
(
61 [in,ref] policy_handle
*handle,
63 [out] sec_desc_buf
*sdbuf
70 shutdown the SAM - once you call this the SAM will be dead
72 NTSTATUS samr_Shutdown
(
73 [in,ref] policy_handle
*connect_handle
79 [value
(2*strlen_m
(r
->string))] uint16 length
;
80 [value
(r
->length
)] uint16 size
;
81 unistr_noterm
*string;
84 NTSTATUS samr_LookupDomain
(
85 [in,ref] policy_handle
*connect_handle
,
86 [in,ref] samr_String
*domain
,
101 [size_is(count
)] samr_SamEntry
*entries
;
104 NTSTATUS samr_EnumDomains
(
105 [in,ref] policy_handle
*connect_handle
,
106 [in,out,ref] uint32
*resume_handle
,
107 [in] uint32 buf_size
,
108 [out] samr_SamArray
*sam
,
109 [out] uint32 num_entries
113 /************************/
115 NTSTATUS samr_OpenDomain
(
116 [in,ref] policy_handle
*connect_handle
,
117 [in] uint32 access_mask
,
118 [in,ref] dom_sid2
*sid
,
119 [out,ref] policy_handle
*domain_handle
122 /************************/
126 uint16 min_password_length
;
127 uint16 password_history_length
;
128 uint32 password_properties
;
129 /* yes, these are signed. They are in negative 100ns */
130 int64 max_password_age
;
131 int64 min_password_age
;
135 NTTIME force_logoff_time
;
137 samr_String domain
; /* domain name */
138 samr_String primary
; /* PDC name if this is a BDC */
149 NTTIME force_logoff_time
;
157 samr_String domain_name
;
169 HYPER_T sequence_num
;
170 NTTIME domain_create_time
;
174 uint32 unknown
; /* w2k3 returns 1 */
179 HYPER_T lockout_duration
;
180 HYPER_T lockout_window
;
181 uint16 lockout_threshold
;
185 HYPER_T lockout_duration
;
186 HYPER_T lockout_window
;
187 uint16 lockout_threshold
;
191 HYPER_T sequence_num
;
192 NTTIME domain_create_time
;
198 [case(1)] samr_DomInfo1 info1
;
199 [case(2)] samr_DomInfo2 info2
;
200 [case(3)] samr_DomInfo3 info3
;
201 [case(4)] samr_DomInfo4 info4
;
202 [case(5)] samr_DomInfo5 info5
;
203 [case(6)] samr_DomInfo6 info6
;
204 [case(7)] samr_DomInfo7 info7
;
205 [case(8)] samr_DomInfo8 info8
;
206 [case(9)] samr_DomInfo9 info9
;
207 [case(11)] samr_DomInfo11 info11
;
208 [case(12)] samr_DomInfo12 info12
;
209 [case(13)] samr_DomInfo13 info13
;
212 NTSTATUS samr_QueryDomainInfo
(
213 [in,ref] policy_handle
*domain_handle
,
215 [out,switch_is(level
)] samr_DomainInfo
*info
218 /************************/
221 only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
224 NTSTATUS samr_SetDomainInfo
(
225 [in,ref] policy_handle
*domain_handle
,
227 [in,switch_is(level
),ref] samr_DomainInfo
*info
231 /************************/
233 NTSTATUS samr_CreateDomainGroup
(
234 [in,ref] policy_handle
*domain_handle
,
235 [in,ref] samr_String
*name
,
236 [in] uint32 access_mask
,
237 [out,ref] policy_handle
*group_handle
,
238 [out,ref] uint32
*rid
242 /************************/
244 NTSTATUS samr_EnumDomainGroups
(
245 [in,ref] policy_handle
*domain_handle
,
246 [in,out,ref] uint32
*resume_handle
,
247 [in] uint32 max_size
,
248 [out] samr_SamArray
*sam
,
249 [out] uint32 num_entries
252 /************************/
254 NTSTATUS samr_CreateUser
(
255 [in,ref] policy_handle
*domain_handle
,
256 [in,ref] samr_String
*account_name
,
257 [in] uint32 access_mask
,
258 [out,ref] policy_handle
*user_handle
,
259 [out,ref] uint32
*rid
262 /************************/
266 /* w2k3 treats max_size as max_users*54 and sets the
267 resume_handle as the rid of the last user sent
269 const int SAMR_ENUM_USERS_MULTIPLIER
= 54;
271 NTSTATUS samr_EnumDomainUsers
(
272 [in,ref] policy_handle
*domain_handle
,
273 [in,out,ref] uint32
*resume_handle
,
274 [in] uint32 acct_flags
,
275 [in] uint32 max_size
,
276 [out] samr_SamArray
*sam
,
277 [out] uint32 num_entries
280 /************************/
282 NTSTATUS samr_CreateDomAlias
(
283 [in,ref] policy_handle
*domain_handle
,
284 [in,ref] samr_String
*aliasname
,
285 [in] uint32 access_mask
,
286 [out,ref] policy_handle
*alias_handle
,
287 [out,ref] uint32
*rid
290 /************************/
292 NTSTATUS samr_EnumDomainAliases
(
293 [in,ref] policy_handle
*domain_handle
,
294 [in,out,ref] uint32
*resume_handle
,
295 [in] uint32 acct_flags
,
296 [out] samr_SamArray
*sam
,
297 [out] uint32 num_entries
300 /************************/
304 SID_NAME_USE_NONE
= 0,/* NOTUSED */
305 SID_NAME_USER
= 1, /* user */
306 SID_NAME_DOM_GRP
= 2, /* domain group */
307 SID_NAME_DOMAIN
= 3, /* domain: don't know what this is */
308 SID_NAME_ALIAS
= 4, /* local group */
309 SID_NAME_WKN_GRP
= 5, /* well-known group */
310 SID_NAME_DELETED
= 6, /* deleted account: needed for c2 rating */
311 SID_NAME_INVALID
= 7, /* invalid account */
312 SID_NAME_UNKNOWN
= 8 /* oops. */
316 [range(0,1024)] uint32 count
;
317 [size_is(count
)] uint32
*ids
;
320 NTSTATUS samr_GetAliasMembership
(
321 [in,ref] policy_handle
*domain_handle
,
322 [in,ref] lsa_SidArray
*sids
,
323 [out,ref] samr_Ids
*rids
326 /************************/
329 NTSTATUS samr_LookupNames
(
330 [in,ref] policy_handle
*domain_handle
,
331 [in,range(0,1000)] uint32 num_names
,
332 [in,ref,size_is(1000),length_is(num_names
)] samr_String
*names
,
338 /************************/
343 [size_is(count
)] samr_String
*names
;
346 NTSTATUS samr_LookupRids
(
347 [in,ref] policy_handle
*domain_handle
,
348 [in,range(0,1000)] uint32 num_rids
,
349 [in,ref,size_is(1000),length_is(num_rids
)] uint32
*rids
,
350 [out] samr_Strings names
,
354 /************************/
356 NTSTATUS samr_OpenGroup
(
357 [in,ref] policy_handle
*domain_handle
,
358 [in] uint32 access_mask
,
360 [out,ref] policy_handle
*group_handle
364 /************************/
371 samr_String description
;
379 samr_String description
;
380 } samr_GroupInfoDesciption
;
386 GroupInfoDescription
= 4,
391 [case(GroupInfoAll
)] samr_GroupInfoAll all
;
392 [case(GroupInfoName
)] samr_String name
;
393 [case(GroupInfoX
)] samr_GroupInfoX unknown
;
394 [case(GroupInfoDescription
)] samr_String description
;
395 [case(GroupInfoAll2
)] samr_GroupInfoAll all2
;
398 NTSTATUS samr_QueryGroupInfo
(
399 [in,ref] policy_handle
*group_handle
,
400 [in] GroupInfo level
,
401 [out,switch_is(level
)] samr_GroupInfo
*info
404 /************************/
406 NTSTATUS samr_SetGroupInfo
(
407 [in,ref] policy_handle
*group_handle
,
408 [in] GroupInfo level
,
409 [in,switch_is(level
),ref] samr_GroupInfo
*info
412 /************************/
414 NTSTATUS samr_AddGroupMember
(
415 [in,ref] policy_handle
*group_handle
,
420 /************************/
422 NTSTATUS samr_DeleteDomainGroup
(
423 [in,out,ref] policy_handle
*group_handle
426 /************************/
428 NTSTATUS samr_DeleteGroupMember
(
429 [in,ref] policy_handle
*group_handle
,
434 /************************/
438 [size_is(count
)] uint32
*rids
;
439 [size_is(count
)] uint32
*unknown
;
442 NTSTATUS samr_QueryGroupMember
(
443 [in,ref] policy_handle
*group_handle
,
444 [out] samr_ridArray
*rids
448 /************************/
452 win2003 seems to accept any data at all for the two integers
453 below, and doesn't seem to do anything with them that I can
454 see. Weird. I really expected the first integer to be a rid
455 and the second to be the attributes for that rid member.
457 NTSTATUS samr_SetMemberAttributesOfGroup
(
458 [in,ref] policy_handle
*group_handle
,
459 [in] uint32 unknown1
,
464 /************************/
466 NTSTATUS samr_OpenAlias
(
467 [in,ref] policy_handle
*domain_handle
,
468 [in] uint32 access_mask
,
470 [out,ref] policy_handle
*alias_handle
474 /************************/
480 samr_String description
;
486 AliasInfoDescription
= 3
490 [case(AliasInfoAll
)] samr_AliasInfoAll all
;
491 [case(AliasInfoName
)] samr_String name
;
492 [case(AliasInfoDescription
)] samr_String description
;
495 NTSTATUS samr_QueryAliasInfo
(
496 [in,ref] policy_handle
*alias_handle
,
497 [in] AliasInfo level
,
498 [out,switch_is(level
)] samr_AliasInfo
*info
501 /************************/
503 NTSTATUS samr_SetAliasInfo
(
504 [in,ref] policy_handle
*alias_handle
,
505 [in] AliasInfo level
,
506 [in,switch_is(level
),ref] samr_AliasInfo
*info
509 /************************/
511 NTSTATUS samr_DeleteDomAlias
(
512 [in,out,ref] policy_handle
*alias_handle
515 /************************/
517 NTSTATUS samr_AddAliasMember
(
518 [in,ref] policy_handle
*alias_handle
,
519 [in,ref] dom_sid2
*sid
522 /************************/
524 NTSTATUS samr_DeleteAliasMember
(
525 [in,ref] policy_handle
*alias_handle
,
526 [in,ref] dom_sid2
*sid
529 /************************/
531 NTSTATUS samr_GetMembersInAlias
(
532 [in,ref] policy_handle
*alias_handle
,
533 [out,ref] lsa_SidArray
*sids
536 /************************/
538 NTSTATUS samr_OpenUser
(
539 [in,ref] policy_handle
*domain_handle
,
540 [in] uint32 access_mask
,
542 [out,ref] policy_handle
*user_handle
545 /************************/
547 NTSTATUS samr_DeleteUser
(
548 [in,out,ref] policy_handle
*user_handle
551 /************************/
554 samr_String account_name
;
555 samr_String full_name
;
557 samr_String description
;
563 samr_String unknown
; /* settable, but doesn't stick. probably obsolete */
568 /* this is also used in samr and netlogon */
569 typedef [public, flag
(NDR_PAHEX
)] struct {
570 uint16 units_per_week
;
571 [size_is(1260), length_is(units_per_week
/8)] uint8
*bits
;
575 samr_String account_name
;
576 samr_String full_name
;
579 samr_String home_directory
;
580 samr_String home_drive
;
581 samr_String logon_script
;
582 samr_String profile_path
;
583 samr_String workstations
;
586 NTTIME last_password_change
;
587 NTTIME allow_password_change
;
588 NTTIME force_password_change
;
589 samr_LogonHours logon_hours
;
590 uint16 bad_password_count
;
596 samr_LogonHours logon_hours
;
600 samr_String account_name
;
601 samr_String full_name
;
604 samr_String home_directory
;
605 samr_String home_drive
;
606 samr_String logon_script
;
607 samr_String profile_path
;
608 samr_String description
;
609 samr_String workstations
;
612 samr_LogonHours logon_hours
;
613 uint16 bad_password_count
;
615 NTTIME last_password_change
;
621 samr_String account_name
;
622 samr_String full_name
;
626 samr_String account_name
;
630 samr_String full_name
;
638 samr_String home_directory
;
639 samr_String home_drive
;
643 samr_String logon_script
;
647 samr_String profile_path
;
651 samr_String description
;
655 samr_String workstations
;
667 samr_String parameters
;
670 /* this defines the bits used for fields_present in info21 */
671 const int SAMR_FIELD_NAME
= 0x00000002;
672 const int SAMR_FIELD_DESCRIPTION
= 0x00000010;
673 const int SAMR_FIELD_COMMENT
= 0x00000020;
674 const int SAMR_FIELD_LOGON_SCRIPT
= 0x00000100;
675 const int SAMR_FIELD_PROFILE_PATH
= 0x00000200;
676 const int SAMR_FIELD_WORKSTATION
= 0x00000400;
677 const int SAMR_FIELD_LOGON_HOURS
= 0x00002000;
678 const int SAMR_FIELD_ACCT_FLAGS
= 0x00100000;
679 const int SAMR_FIELD_PARAMETERS
= 0x00200000;
680 const int SAMR_FIELD_COUNTRY_CODE
= 0x00400000;
681 const int SAMR_FIELD_CODE_PAGE
= 0x00800000;
682 const int SAMR_FIELD_PASSWORD
= 0x01000000; /* either of these */
683 const int SAMR_FIELD_PASSWORD2
= 0x02000000; /* two bits seems to work */
688 NTTIME last_password_change
;
690 NTTIME allow_password_change
;
691 NTTIME force_password_change
;
692 samr_String account_name
;
693 samr_String full_name
;
694 samr_String home_directory
;
695 samr_String home_drive
;
696 samr_String logon_script
;
697 samr_String profile_path
;
698 samr_String description
;
699 samr_String workstations
;
701 samr_String parameters
;
702 samr_String unknown1
;
703 samr_String unknown2
;
704 samr_String unknown3
;
706 [size_is(buf_count
)] uint8
*buffer
;
710 uint32 fields_present
;
711 samr_LogonHours logon_hours
;
712 uint16 bad_password_count
;
716 uint8 nt_password_set
;
717 uint8 lm_password_set
;
718 uint8 password_expired
;
722 typedef [flag
(NDR_PAHEX
)] struct {
724 } samr_CryptPassword
;
727 samr_UserInfo21 info
;
728 samr_CryptPassword password
;
732 samr_CryptPassword password
;
736 typedef [flag
(NDR_PAHEX
)] struct {
738 } samr_CryptPasswordEx
;
741 samr_UserInfo21 info
;
742 samr_CryptPasswordEx password
;
746 samr_CryptPasswordEx password
;
751 [case(1)] samr_UserInfo1 info1
;
752 [case(2)] samr_UserInfo2 info2
;
753 [case(3)] samr_UserInfo3 info3
;
754 [case(4)] samr_UserInfo4 info4
;
755 [case(5)] samr_UserInfo5 info5
;
756 [case(6)] samr_UserInfo6 info6
;
757 [case(7)] samr_UserInfo7 info7
;
758 [case(8)] samr_UserInfo8 info8
;
759 [case(9)] samr_UserInfo9 info9
;
760 [case(10)] samr_UserInfo10 info10
;
761 [case(11)] samr_UserInfo11 info11
;
762 [case(12)] samr_UserInfo12 info12
;
763 [case(13)] samr_UserInfo13 info13
;
764 [case(14)] samr_UserInfo14 info14
;
765 [case(16)] samr_UserInfo16 info16
;
766 [case(17)] samr_UserInfo17 info17
;
767 [case(20)] samr_UserInfo20 info20
;
768 [case(21)] samr_UserInfo21 info21
;
769 [case(23)] samr_UserInfo23 info23
;
770 [case(24)] samr_UserInfo24 info24
;
771 [case(25)] samr_UserInfo25 info25
;
772 [case(26)] samr_UserInfo26 info26
;
775 NTSTATUS samr_QueryUserInfo
(
776 [in,ref] policy_handle
*user_handle
,
778 [out,switch_is(level
)] samr_UserInfo
*info
782 /************************/
784 NTSTATUS samr_SetUserInfo
(
785 [in,ref] policy_handle
*user_handle
,
787 [in,ref,switch_is(level
)] samr_UserInfo
*info
790 /************************/
794 this is a password change interface that doesn't give
795 the server the plaintext password. Depricated.
797 NTSTATUS samr_ChangePasswordUser
(
798 [in,ref] policy_handle
*user_handle
,
799 [in] bool8 lm_present
,
800 [in] samr_Password
*old_lm_crypted
,
801 [in] samr_Password
*new_lm_crypted
,
802 [in] bool8 nt_present
,
803 [in] samr_Password
*old_nt_crypted
,
804 [in] samr_Password
*new_nt_crypted
,
805 [in] bool8 cross1_present
,
806 [in] samr_Password
*nt_cross
,
807 [in] bool8 cross2_present
,
808 [in] samr_Password
*lm_cross
811 /************************/
821 [size_is(count
)] samr_RidType
*rid
;
824 NTSTATUS samr_GetGroupsForUser
(
825 [in,ref] policy_handle
*user_handle
,
826 [out] samr_RidArray
*rids
829 /************************/
836 samr_String account_name
;
837 samr_String full_name
;
838 samr_String description
;
839 } samr_DispEntryGeneral
;
843 [size_is(count
)] samr_DispEntryGeneral
*entries
;
844 } samr_DispInfoGeneral
;
850 samr_String account_name
;
851 samr_String description
;
852 } samr_DispEntryFull
;
856 [size_is(count
)] samr_DispEntryFull
*entries
;
860 [value
(strlen_m
(r
->string))] uint16 length
;
861 [value
(strlen_m
(r
->string))] uint16 size
;
862 ascstr_noterm
*string;
867 samr_AsciiName account_name
;
868 } samr_DispEntryAscii
;
872 [size_is(count
)] samr_DispEntryAscii
*entries
;
873 } samr_DispInfoAscii
;
876 [case(1)] samr_DispInfoGeneral info1
;/* users */
877 [case(2)] samr_DispInfoFull info2
; /* trust accounts? */
878 [case(3)] samr_DispInfoFull info3
; /* groups */
879 [case(4)] samr_DispInfoAscii info4
; /* users */
880 [case(5)] samr_DispInfoAscii info5
; /* groups */
883 NTSTATUS samr_QueryDisplayInfo
(
884 [in,ref] policy_handle
*domain_handle
,
886 [in] uint32 start_idx
,
887 [in] uint32 max_entries
,
888 [in] uint32 buf_size
,
889 [out] uint32 total_size
,
890 [out] uint32 returned_size
,
891 [out,switch_is(level
)] samr_DispInfo info
895 /************************/
899 this seems to be an alphabetic search function. The returned index
900 is the index for samr_QueryDisplayInfo needed to get names occurring
901 after the specified name. The supplied name does not need to exist
902 in the database (for example you can supply just a first letter for
903 searching starting at that letter)
905 The level corresponds to the samr_QueryDisplayInfo level
907 NTSTATUS samr_GetDisplayEnumerationIndex
(
908 [in,ref] policy_handle
*domain_handle
,
910 [in] samr_String name
,
916 /************************/
920 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
922 NTSTATUS samr_TestPrivateFunctionsDomain
(
923 [in,ref] policy_handle
*domain_handle
927 /************************/
931 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
933 NTSTATUS samr_TestPrivateFunctionsUser
(
934 [in,ref] policy_handle
*user_handle
938 /************************/
941 /* password properties flags */
942 const uint32 DOMAIN_PASSWORD_COMPLEX
= 0x00000001;
943 const uint32 DOMAIN_PASSWORD_NO_ANON_CHANGE
= 0x00000002;
944 const uint32 DOMAIN_PASSWORD_NO_CLEAR_CHANGE
= 0x00000004;
945 const uint32 DOMAIN_PASSWORD_STORE_CLEARTEXT
= 0x00000010;
946 const uint32 DOMAIN_REFUSE_PASSWORD_CHANGE
= 0x00000020;
949 uint16 min_password_length
;
950 uint32 password_properties
;
953 NTSTATUS samr_GetUserPwInfo
(
954 [in,ref] policy_handle
*user_handle
,
955 [out] samr_PwInfo info
958 /************************/
960 NTSTATUS samr_RemoveMemberFromForeignDomain
(
961 [in,ref] policy_handle
*domain_handle
,
962 [in,ref] dom_sid2
*sid
965 /************************/
969 how is this different from QueryDomainInfo ??
971 NTSTATUS samr_QueryDomainInfo2
(
972 [in,ref] policy_handle
*domain_handle
,
974 [out,switch_is(level
)] samr_DomainInfo
*info
977 /************************/
981 how is this different from QueryUserInfo ??
983 NTSTATUS samr_QueryUserInfo2
(
984 [in,ref] policy_handle
*user_handle
,
986 [out,switch_is(level
)] samr_UserInfo
*info
989 /************************/
993 how is this different from QueryDisplayInfo??
995 NTSTATUS samr_QueryDisplayInfo2
(
996 [in,ref] policy_handle
*domain_handle
,
998 [in] uint32 start_idx
,
999 [in] uint32 max_entries
,
1000 [in] uint32 buf_size
,
1001 [out] uint32 total_size
,
1002 [out] uint32 returned_size
,
1003 [out,switch_is(level
)] samr_DispInfo info
1006 /************************/
1010 how is this different from GetDisplayEnumerationIndex ??
1012 NTSTATUS samr_GetDisplayEnumerationIndex2
(
1013 [in,ref] policy_handle
*domain_handle
,
1015 [in] samr_String name
,
1020 /************************/
1022 NTSTATUS samr_CreateUser2
(
1023 [in,ref] policy_handle
*domain_handle
,
1024 [in,ref] samr_String
*account_name
,
1025 [in] uint32 acct_flags
,
1026 [in] uint32 access_mask
,
1027 [out,ref] policy_handle
*user_handle
,
1028 [out,ref] uint32
*access_granted
,
1029 [out,ref] uint32
*rid
1033 /************************/
1037 another duplicate. There must be a reason ....
1039 NTSTATUS samr_QueryDisplayInfo3
(
1040 [in,ref] policy_handle
*domain_handle
,
1042 [in] uint32 start_idx
,
1043 [in] uint32 max_entries
,
1044 [in] uint32 buf_size
,
1045 [out] uint32 total_size
,
1046 [out] uint32 returned_size
,
1047 [out,switch_is(level
)] samr_DispInfo info
1050 /************************/
1052 NTSTATUS samr_AddMultipleMembersToAlias
(
1053 [in,ref] policy_handle
*alias_handle
,
1054 [in,ref] lsa_SidArray
*sids
1057 /************************/
1059 NTSTATUS samr_RemoveMultipleMembersFromAlias
(
1060 [in,ref] policy_handle
*alias_handle
,
1061 [in,ref] lsa_SidArray
*sids
1064 /************************/
1067 NTSTATUS samr_OemChangePasswordUser2
(
1068 [in] samr_AsciiName
*server
,
1069 [in,ref] samr_AsciiName
*account
,
1070 [in] samr_CryptPassword
*password
,
1071 [in] samr_Password
*hash
1074 /************************/
1076 NTSTATUS samr_ChangePasswordUser2
(
1077 [in] samr_String
*server
,
1078 [in,ref] samr_String
*account
,
1079 [in] samr_CryptPassword
*nt_password
,
1080 [in] samr_Password
*nt_verifier
,
1081 [in] bool8 lm_change
,
1082 [in] samr_CryptPassword
*lm_password
,
1083 [in] samr_Password
*lm_verifier
1086 /************************/
1088 NTSTATUS samr_GetDomPwInfo
(
1089 [in] samr_String
*name
,
1090 [out] samr_PwInfo info
1093 /************************/
1095 NTSTATUS samr_Connect2
(
1096 [in] unistr
*system_name
,
1097 [in] uint32 access_mask
,
1098 [out,ref] policy_handle
*connect_handle
1101 /************************/
1104 seems to be an exact alias for samr_SetUserInfo()
1106 NTSTATUS samr_SetUserInfo2
(
1107 [in,ref] policy_handle
*user_handle
,
1109 [in,ref,switch_is(level
)] samr_UserInfo
*info
1112 /************************/
1115 this one is mysterious. I have a few guesses, but nothing working yet
1117 NTSTATUS samr_SetBootKeyInformation
(
1118 [in,ref] policy_handle
*connect_handle
,
1119 [in] uint32 unknown1
,
1120 [in] uint32 unknown2
,
1121 [in] uint32 unknown3
1124 /************************/
1126 NTSTATUS samr_GetBootKeyInformation
(
1127 [in,ref] policy_handle
*domain_handle
,
1128 [out] uint32 unknown
1131 /************************/
1133 NTSTATUS samr_Connect3
(
1134 [in] unistr
*system_name
,
1135 /* this unknown value seems to be completely ignored by w2k3 */
1136 [in] uint32 unknown
,
1137 [in] uint32 access_mask
,
1138 [out,ref] policy_handle
*connect_handle
1141 /************************/
1143 NTSTATUS samr_Connect4
(
1144 [in] unistr
*system_name
,
1145 [in] uint32 unknown
,
1146 [in] uint32 access_mask
,
1147 [out,ref] policy_handle
*connect_handle
1150 /************************/
1153 const int SAMR_REJECT_OTHER
= 0;
1154 const int SAMR_REJECT_TOO_SHORT
= 1;
1155 const int SAMR_REJECT_COMPLEXITY
= 2;
1161 } samr_ChangeReject
;
1163 NTSTATUS samr_ChangePasswordUser3
(
1164 [in] samr_String
*server
,
1165 [in,ref] samr_String
*account
,
1166 [in] samr_CryptPassword
*nt_password
,
1167 [in] samr_Password
*nt_verifier
,
1168 [in] bool8 lm_change
,
1169 [in] samr_CryptPassword
*lm_password
,
1170 [in] samr_Password
*lm_verifier
,
1171 [in] samr_CryptPassword
*password3
,
1172 [out] samr_DomInfo1
*dominfo
,
1173 [out] samr_ChangeReject
*reject
1176 /************************/
1180 uint32 unknown1
; /* w2k3 gives 3 */
1181 uint32 unknown2
; /* w2k3 gives 0 */
1182 } samr_ConnectInfo1
;
1185 [case(1)] samr_ConnectInfo1 info1
;
1188 NTSTATUS samr_Connect5
(
1189 [in] unistr
*system_name
,
1190 [in] uint32 access_mask
,
1191 [in,out] uint32 level
,
1192 [in,out,switch_is(level
),ref] samr_ConnectInfo
*info
,
1193 [out,ref] policy_handle
*connect_handle
1196 /************************/
1198 NTSTATUS samr_RidToSid
(
1199 [in,ref] policy_handle
*domain_handle
,
1205 /************************/
1209 this should set the DSRM password for the server, which is used
1210 when booting into Directory Services Recovery Mode on a DC. Win2003
1211 gives me NT_STATUS_NOT_SUPPORTED
1214 NTSTATUS samr_SetDsrmPassword
(
1215 [in] samr_String
*name
,
1216 [in] uint32 unknown
,
1217 [in] samr_Password
*hash
1221 /************************/
1224 I haven't been able to work out the format of this one yet.
1225 Seems to start with a switch level for a union?
1227 NTSTATUS samr_ValidatePassword
();