4 samr interface definition
8 Thanks to Todd Sabin for some information from his samr.idl in acltools
11 [ uuid("12345778-1234-abcd-ef00-0123456789ac"),
13 endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
14 pointer_default(unique),
15 pointer_default_top
(unique),
16 depends
(misc
,lsa
,security
)
19 declare bitmap security_secinfo
;
21 /* account control (acct_flags) bits */
22 typedef [public,bitmap32bit
] bitmap
{
23 ACB_DISABLED
= 0x00000001, /* 1 = User account disabled */
24 ACB_HOMDIRREQ
= 0x00000002, /* 1 = Home directory required */
25 ACB_PWNOTREQ
= 0x00000004, /* 1 = User password not required */
26 ACB_TEMPDUP
= 0x00000008, /* 1 = Temporary duplicate account */
27 ACB_NORMAL
= 0x00000010, /* 1 = Normal user account */
28 ACB_MNS
= 0x00000020, /* 1 = MNS logon user account */
29 ACB_DOMTRUST
= 0x00000040, /* 1 = Interdomain trust account */
30 ACB_WSTRUST
= 0x00000080, /* 1 = Workstation trust account */
31 ACB_SVRTRUST
= 0x00000100, /* 1 = Server trust account */
32 ACB_PWNOEXP
= 0x00000200, /* 1 = User password does not expire */
33 ACB_AUTOLOCK
= 0x00000400, /* 1 = Account auto locked */
34 ACB_ENC_TXT_PWD_ALLOWED
= 0x00000800, /* 1 = Encryped text password is allowed */
35 ACB_SMARTCARD_REQUIRED
= 0x00001000, /* 1 = Smart Card required */
36 ACB_TRUSTED_FOR_DELEGATION
= 0x00002000, /* 1 = Trusted for Delegation */
37 ACB_NOT_DELEGATED
= 0x00004000, /* 1 = Not delegated */
38 ACB_USE_DES_KEY_ONLY
= 0x00008000, /* 1 = Use DES key only */
39 ACB_DONT_REQUIRE_PREAUTH
= 0x00010000, /* 1 = Preauth not required */
40 ACB_PW_EXPIRED
= 0x00020000, /* 1 = Password Expired */
41 ACB_NO_AUTH_DATA_REQD
= 0x00080000 /* 1 = No authorization data required */
46 NTSTATUS samr_Connect
(
47 /* notice the lack of [string] */
48 [in] uint16
*system_name
,
49 [in] uint32 access_mask
,
50 [out,ref] policy_handle
*connect_handle
57 [in,out,ref] policy_handle
*handle
63 NTSTATUS samr_SetSecurity
(
64 [in,ref] policy_handle
*handle,
65 [in] security_secinfo sec_info
,
66 [in,ref] sec_desc_buf
*sdbuf
72 NTSTATUS samr_QuerySecurity
(
73 [in,ref] policy_handle
*handle,
74 [in] security_secinfo sec_info
,
75 [out] sec_desc_buf
*sdbuf
82 shutdown the SAM - once you call this the SAM will be dead
84 NTSTATUS samr_Shutdown
(
85 [in,ref] policy_handle
*connect_handle
90 NTSTATUS samr_LookupDomain
(
91 [in,ref] policy_handle
*connect_handle
,
92 [in,ref] lsa_String
*domain_name
,
107 [size_is(count
)] samr_SamEntry
*entries
;
110 NTSTATUS samr_EnumDomains
(
111 [in,ref] policy_handle
*connect_handle
,
112 [in,out,ref] uint32
*resume_handle
,
113 [in] uint32 buf_size
,
114 [out] samr_SamArray
*sam
,
115 [out] uint32 num_entries
119 /************************/
121 NTSTATUS samr_OpenDomain
(
122 [in,ref] policy_handle
*connect_handle
,
123 [in] uint32 access_mask
,
124 [in,ref] dom_sid2
*sid
,
125 [out,ref] policy_handle
*domain_handle
128 /************************/
131 typedef [v1_enum] enum {
133 ROLE_DOMAIN_MEMBER
= 1,
138 /* password properties flags */
139 typedef [public,bitmap32bit
] bitmap
{
140 DOMAIN_PASSWORD_COMPLEX
= 0x00000001,
141 DOMAIN_PASSWORD_NO_ANON_CHANGE
= 0x00000002,
142 DOMAIN_PASSWORD_NO_CLEAR_CHANGE
= 0x00000004,
143 DOMAIN_PASSWORD_LOCKOUT_ADMINS
= 0x00000008,
144 DOMAIN_PASSWORD_STORE_CLEARTEXT
= 0x00000010,
145 DOMAIN_REFUSE_PASSWORD_CHANGE
= 0x00000020
146 } samr_PasswordProperties
;
149 uint16 min_password_length
;
150 uint16 password_history_length
;
151 samr_PasswordProperties password_properties
;
152 /* yes, these are signed. They are in negative 100ns */
153 dlong max_password_age
;
154 dlong min_password_age
;
158 NTTIME force_logoff_time
;
160 lsa_String domain_name
;
161 lsa_String primary
; /* PDC name if this is a BDC */
172 NTTIME force_logoff_time
;
180 lsa_String domain_name
;
193 NTTIME domain_create_time
;
197 uint32 unknown
; /* w2k3 returns 1 */
202 hyper lockout_duration
;
203 hyper lockout_window
;
204 uint16 lockout_threshold
;
208 hyper lockout_duration
;
209 hyper lockout_window
;
210 uint16 lockout_threshold
;
215 NTTIME domain_create_time
;
220 typedef [switch_type(uint16
)] union {
221 [case(1)] samr_DomInfo1 info1
;
222 [case(2)] samr_DomInfo2 info2
;
223 [case(3)] samr_DomInfo3 info3
;
224 [case(4)] samr_DomInfo4 info4
;
225 [case(5)] samr_DomInfo5 info5
;
226 [case(6)] samr_DomInfo6 info6
;
227 [case(7)] samr_DomInfo7 info7
;
228 [case(8)] samr_DomInfo8 info8
;
229 [case(9)] samr_DomInfo9 info9
;
230 [case(11)] samr_DomInfo11 info11
;
231 [case(12)] samr_DomInfo12 info12
;
232 [case(13)] samr_DomInfo13 info13
;
235 NTSTATUS samr_QueryDomainInfo
(
236 [in,ref] policy_handle
*domain_handle
,
238 [out,switch_is(level
)] samr_DomainInfo
*info
241 /************************/
244 only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
247 NTSTATUS samr_SetDomainInfo
(
248 [in,ref] policy_handle
*domain_handle
,
250 [in,switch_is(level
),ref] samr_DomainInfo
*info
254 /************************/
256 NTSTATUS samr_CreateDomainGroup
(
257 [in,ref] policy_handle
*domain_handle
,
258 [in,ref] lsa_String
*name
,
259 [in] uint32 access_mask
,
260 [out,ref] policy_handle
*group_handle
,
261 [out,ref] uint32
*rid
265 /************************/
267 NTSTATUS samr_EnumDomainGroups
(
268 [in,ref] policy_handle
*domain_handle
,
269 [in,out,ref] uint32
*resume_handle
,
270 [in] uint32 max_size
,
271 [out] samr_SamArray
*sam
,
272 [out] uint32 num_entries
275 /************************/
277 NTSTATUS samr_CreateUser
(
278 [in,ref] policy_handle
*domain_handle
,
279 [in,ref] lsa_String
*account_name
,
280 [in] uint32 access_mask
,
281 [out,ref] policy_handle
*user_handle
,
282 [out,ref] uint32
*rid
285 /************************/
289 /* w2k3 treats max_size as max_users*54 and sets the
290 resume_handle as the rid of the last user sent
292 const int SAMR_ENUM_USERS_MULTIPLIER
= 54;
294 NTSTATUS samr_EnumDomainUsers
(
295 [in,ref] policy_handle
*domain_handle
,
296 [in,out,ref] uint32
*resume_handle
,
297 [in] samr_AcctFlags acct_flags
,
298 [in] uint32 max_size
,
299 [out] samr_SamArray
*sam
,
300 [out] uint32 num_entries
303 /************************/
305 NTSTATUS samr_CreateDomAlias
(
306 [in,ref] policy_handle
*domain_handle
,
307 [in,ref] lsa_String
*alias_name
,
308 [in] uint32 access_mask
,
309 [out,ref] policy_handle
*alias_handle
,
310 [out,ref] uint32
*rid
313 /************************/
315 NTSTATUS samr_EnumDomainAliases
(
316 [in,ref] policy_handle
*domain_handle
,
317 [in,out,ref] uint32
*resume_handle
,
318 [in] samr_AcctFlags acct_flags
,
319 [out] samr_SamArray
*sam
,
320 [out] uint32 num_entries
323 /************************/
327 [range(0,1024)] uint32 count
;
328 [size_is(count
)] uint32
*ids
;
331 NTSTATUS samr_GetAliasMembership
(
332 [in,ref] policy_handle
*domain_handle
,
333 [in,ref] lsa_SidArray
*sids
,
334 [out,ref] samr_Ids
*rids
337 /************************/
340 NTSTATUS samr_LookupNames
(
341 [in,ref] policy_handle
*domain_handle
,
342 [in,range(0,1000)] uint32 num_names
,
343 [in,size_is(1000),length_is(num_names
)] lsa_String names
[],
349 /************************/
351 NTSTATUS samr_LookupRids
(
352 [in,ref] policy_handle
*domain_handle
,
353 [in,range(0,1000)] uint32 num_rids
,
354 [in,size_is(1000),length_is(num_rids
)] uint32 rids
[],
355 [out] lsa_Strings names
,
359 /************************/
361 NTSTATUS samr_OpenGroup
(
362 [in,ref] policy_handle
*domain_handle
,
363 [in] uint32 access_mask
,
365 [out,ref] policy_handle
*group_handle
368 /* Group attributes */
369 typedef [public,bitmap32bit
] bitmap
{
370 SE_GROUP_MANDATORY
= 0x00000001,
371 SE_GROUP_ENABLED_BY_DEFAULT
= 0x00000002,
372 SE_GROUP_ENABLED
= 0x00000004,
373 SE_GROUP_OWNER
= 0x00000008,
374 SE_GROUP_USE_FOR_DENY_ONLY
= 0x00000010,
375 SE_GROUP_RESOURCE
= 0x20000000,
376 SE_GROUP_LOGON_ID
= 0xC0000000
379 /************************/
384 samr_GroupAttrs attributes
;
386 lsa_String description
;
390 samr_GroupAttrs attributes
;
391 } samr_GroupInfoAttributes
;
394 lsa_String description
;
395 } samr_GroupInfoDescription
;
400 GROUPINFOATTRIBUTES
= 3,
401 GROUPINFODESCRIPTION
= 4,
403 } samr_GroupInfoEnum
;
405 typedef [switch_type(samr_GroupInfoEnum
)] union {
406 [case(GROUPINFOALL
)] samr_GroupInfoAll all
;
407 [case(GROUPINFONAME
)] lsa_String name
;
408 [case(GROUPINFOATTRIBUTES
)] samr_GroupInfoAttributes attributes
;
409 [case(GROUPINFODESCRIPTION
)] lsa_String description
;
410 [case(GROUPINFOALL2
)] samr_GroupInfoAll all2
;
413 NTSTATUS samr_QueryGroupInfo
(
414 [in,ref] policy_handle
*group_handle
,
415 [in] samr_GroupInfoEnum level
,
416 [out,switch_is(level
)] samr_GroupInfo
*info
419 /************************/
421 NTSTATUS samr_SetGroupInfo
(
422 [in,ref] policy_handle
*group_handle
,
423 [in] samr_GroupInfoEnum level
,
424 [in,switch_is(level
),ref] samr_GroupInfo
*info
427 /************************/
429 NTSTATUS samr_AddGroupMember
(
430 [in,ref] policy_handle
*group_handle
,
435 /************************/
437 NTSTATUS samr_DeleteDomainGroup
(
438 [in,out,ref] policy_handle
*group_handle
441 /************************/
443 NTSTATUS samr_DeleteGroupMember
(
444 [in,ref] policy_handle
*group_handle
,
449 /************************/
453 [size_is(count
)] uint32
*rids
;
454 [size_is(count
)] uint32
*types
;
457 NTSTATUS samr_QueryGroupMember
(
458 [in,ref] policy_handle
*group_handle
,
459 [out] samr_RidTypeArray
*rids
463 /************************/
467 win2003 seems to accept any data at all for the two integers
468 below, and doesn't seem to do anything with them that I can
469 see. Weird. I really expected the first integer to be a rid
470 and the second to be the attributes for that rid member.
472 NTSTATUS samr_SetMemberAttributesOfGroup
(
473 [in,ref] policy_handle
*group_handle
,
474 [in] uint32 unknown1
,
479 /************************/
481 NTSTATUS samr_OpenAlias
(
482 [in,ref] policy_handle
*domain_handle
,
483 [in] uint32 access_mask
,
485 [out,ref] policy_handle
*alias_handle
489 /************************/
495 lsa_String description
;
501 ALIASINFODESCRIPTION
= 3
502 } samr_AliasInfoEnum
;
504 typedef [switch_type(samr_AliasInfoEnum
)] union {
505 [case(ALIASINFOALL
)] samr_AliasInfoAll all
;
506 [case(ALIASINFONAME
)] lsa_String name
;
507 [case(ALIASINFODESCRIPTION
)] lsa_String description
;
510 NTSTATUS samr_QueryAliasInfo
(
511 [in,ref] policy_handle
*alias_handle
,
512 [in] samr_AliasInfoEnum level
,
513 [out,switch_is(level
)] samr_AliasInfo
*info
516 /************************/
518 NTSTATUS samr_SetAliasInfo
(
519 [in,ref] policy_handle
*alias_handle
,
520 [in] samr_AliasInfoEnum level
,
521 [in,switch_is(level
),ref] samr_AliasInfo
*info
524 /************************/
526 NTSTATUS samr_DeleteDomAlias
(
527 [in,out,ref] policy_handle
*alias_handle
530 /************************/
532 NTSTATUS samr_AddAliasMember
(
533 [in,ref] policy_handle
*alias_handle
,
534 [in,ref] dom_sid2
*sid
537 /************************/
539 NTSTATUS samr_DeleteAliasMember
(
540 [in,ref] policy_handle
*alias_handle
,
541 [in,ref] dom_sid2
*sid
544 /************************/
546 NTSTATUS samr_GetMembersInAlias
(
547 [in,ref] policy_handle
*alias_handle
,
548 [out,ref] lsa_SidArray
*sids
551 /************************/
553 NTSTATUS samr_OpenUser
(
554 [in,ref] policy_handle
*domain_handle
,
555 [in] uint32 access_mask
,
557 [out,ref] policy_handle
*user_handle
560 /************************/
562 NTSTATUS samr_DeleteUser
(
563 [in,out,ref] policy_handle
*user_handle
566 /************************/
569 lsa_String account_name
;
570 lsa_String full_name
;
572 lsa_String description
;
578 lsa_String unknown
; /* settable, but doesn't stick. probably obsolete */
583 /* this is also used in samr and netlogon */
584 typedef [public, flag
(NDR_PAHEX
)] struct {
585 uint16 units_per_week
;
586 [size_is(1260), length_is(units_per_week
/8)] uint8
*bits
;
590 lsa_String account_name
;
591 lsa_String full_name
;
594 lsa_String home_directory
;
595 lsa_String home_drive
;
596 lsa_String logon_script
;
597 lsa_String profile_path
;
598 lsa_String workstations
;
601 NTTIME last_password_change
;
602 NTTIME allow_password_change
;
603 NTTIME force_password_change
;
604 samr_LogonHours logon_hours
;
605 uint16 bad_password_count
;
607 samr_AcctFlags acct_flags
;
611 samr_LogonHours logon_hours
;
615 lsa_String account_name
;
616 lsa_String full_name
;
619 lsa_String home_directory
;
620 lsa_String home_drive
;
621 lsa_String logon_script
;
622 lsa_String profile_path
;
623 lsa_String description
;
624 lsa_String workstations
;
627 samr_LogonHours logon_hours
;
628 uint16 bad_password_count
;
630 NTTIME last_password_change
;
632 samr_AcctFlags acct_flags
;
636 lsa_String account_name
;
637 lsa_String full_name
;
641 lsa_String account_name
;
645 lsa_String full_name
;
653 lsa_String home_directory
;
654 lsa_String home_drive
;
658 lsa_String logon_script
;
662 lsa_String profile_path
;
666 lsa_String description
;
670 lsa_String workstations
;
674 samr_AcctFlags acct_flags
;
682 lsa_String parameters
;
685 /* this defines the bits used for fields_present in info21 */
686 typedef [bitmap32bit
] bitmap
{
687 SAMR_FIELD_ACCOUNT_NAME
= 0x00000001,
688 SAMR_FIELD_FULL_NAME
= 0x00000002,
689 SAMR_FIELD_DESCRIPTION
= 0x00000010,
690 SAMR_FIELD_COMMENT
= 0x00000020,
691 SAMR_FIELD_LOGON_SCRIPT
= 0x00000100,
692 SAMR_FIELD_PROFILE_PATH
= 0x00000200,
693 SAMR_FIELD_WORKSTATIONS
= 0x00000400,
694 SAMR_FIELD_LOGON_HOURS
= 0x00002000,
695 SAMR_FIELD_ACCT_FLAGS
= 0x00100000,
696 SAMR_FIELD_PARAMETERS
= 0x00200000,
697 SAMR_FIELD_COUNTRY_CODE
= 0x00400000,
698 SAMR_FIELD_CODE_PAGE
= 0x00800000,
699 SAMR_FIELD_PASSWORD
= 0x01000000, /* either of these */
700 SAMR_FIELD_PASSWORD2
= 0x02000000 /* two bits seems to work */
701 } samr_FieldsPresent
;
706 NTTIME last_password_change
;
708 NTTIME allow_password_change
;
709 NTTIME force_password_change
;
710 lsa_String account_name
;
711 lsa_String full_name
;
712 lsa_String home_directory
;
713 lsa_String home_drive
;
714 lsa_String logon_script
;
715 lsa_String profile_path
;
716 lsa_String description
;
717 lsa_String workstations
;
719 lsa_String parameters
;
724 [size_is(buf_count
)] uint8
*buffer
;
727 samr_AcctFlags acct_flags
;
728 samr_FieldsPresent fields_present
;
729 samr_LogonHours logon_hours
;
730 uint16 bad_password_count
;
734 uint8 nt_password_set
;
735 uint8 lm_password_set
;
736 uint8 password_expired
;
740 typedef [public, flag
(NDR_PAHEX
)] struct {
742 } samr_CryptPassword
;
745 samr_UserInfo21 info
;
746 samr_CryptPassword password
;
750 samr_CryptPassword password
;
754 typedef [flag
(NDR_PAHEX
)] struct {
756 } samr_CryptPasswordEx
;
759 samr_UserInfo21 info
;
760 samr_CryptPasswordEx password
;
764 samr_CryptPasswordEx password
;
768 typedef [switch_type(uint16
)] union {
769 [case(1)] samr_UserInfo1 info1
;
770 [case(2)] samr_UserInfo2 info2
;
771 [case(3)] samr_UserInfo3 info3
;
772 [case(4)] samr_UserInfo4 info4
;
773 [case(5)] samr_UserInfo5 info5
;
774 [case(6)] samr_UserInfo6 info6
;
775 [case(7)] samr_UserInfo7 info7
;
776 [case(8)] samr_UserInfo8 info8
;
777 [case(9)] samr_UserInfo9 info9
;
778 [case(10)] samr_UserInfo10 info10
;
779 [case(11)] samr_UserInfo11 info11
;
780 [case(12)] samr_UserInfo12 info12
;
781 [case(13)] samr_UserInfo13 info13
;
782 [case(14)] samr_UserInfo14 info14
;
783 [case(16)] samr_UserInfo16 info16
;
784 [case(17)] samr_UserInfo17 info17
;
785 [case(20)] samr_UserInfo20 info20
;
786 [case(21)] samr_UserInfo21 info21
;
787 [case(23)] samr_UserInfo23 info23
;
788 [case(24)] samr_UserInfo24 info24
;
789 [case(25)] samr_UserInfo25 info25
;
790 [case(26)] samr_UserInfo26 info26
;
793 NTSTATUS samr_QueryUserInfo
(
794 [in,ref] policy_handle
*user_handle
,
796 [out,switch_is(level
)] samr_UserInfo
*info
800 /************************/
802 NTSTATUS samr_SetUserInfo
(
803 [in,ref] policy_handle
*user_handle
,
805 [in,ref,switch_is(level
)] samr_UserInfo
*info
808 /************************/
810 typedef [public, flag
(NDR_PAHEX
)] struct {
815 this is a password change interface that doesn't give
816 the server the plaintext password. Depricated.
818 NTSTATUS samr_ChangePasswordUser
(
819 [in,ref] policy_handle
*user_handle
,
820 [in] boolean8 lm_present
,
821 [in] samr_Password
*old_lm_crypted
,
822 [in] samr_Password
*new_lm_crypted
,
823 [in] boolean8 nt_present
,
824 [in] samr_Password
*old_nt_crypted
,
825 [in] samr_Password
*new_nt_crypted
,
826 [in] boolean8 cross1_present
,
827 [in] samr_Password
*nt_cross
,
828 [in] boolean8 cross2_present
,
829 [in] samr_Password
*lm_cross
832 /************************/
835 typedef [public] struct {
837 samr_GroupAttrs attributes
;
838 } samr_RidWithAttribute
;
840 typedef [public] struct {
842 [size_is(count
)] samr_RidWithAttribute
*rids
;
843 } samr_RidWithAttributeArray
;
845 NTSTATUS samr_GetGroupsForUser
(
846 [in,ref] policy_handle
*user_handle
,
847 [out] samr_RidWithAttributeArray
*rids
850 /************************/
856 samr_AcctFlags acct_flags
;
857 lsa_String account_name
;
858 lsa_String full_name
;
859 lsa_String description
;
860 } samr_DispEntryGeneral
;
864 [size_is(count
)] samr_DispEntryGeneral
*entries
;
865 } samr_DispInfoGeneral
;
870 samr_AcctFlags acct_flags
;
871 lsa_String account_name
;
872 lsa_String description
;
873 } samr_DispEntryFull
;
877 [size_is(count
)] samr_DispEntryFull
*entries
;
882 lsa_AsciiString account_name
;
883 } samr_DispEntryAscii
;
887 [size_is(count
)] samr_DispEntryAscii
*entries
;
888 } samr_DispInfoAscii
;
890 typedef [switch_type(uint16
)] union {
891 [case(1)] samr_DispInfoGeneral info1
;/* users */
892 [case(2)] samr_DispInfoFull info2
; /* trust accounts? */
893 [case(3)] samr_DispInfoFull info3
; /* groups */
894 [case(4)] samr_DispInfoAscii info4
; /* users */
895 [case(5)] samr_DispInfoAscii info5
; /* groups */
898 NTSTATUS samr_QueryDisplayInfo
(
899 [in,ref] policy_handle
*domain_handle
,
901 [in] uint32 start_idx
,
902 [in] uint32 max_entries
,
903 [in] uint32 buf_size
,
904 [out] uint32 total_size
,
905 [out] uint32 returned_size
,
906 [out,switch_is(level
)] samr_DispInfo info
910 /************************/
914 this seems to be an alphabetic search function. The returned index
915 is the index for samr_QueryDisplayInfo needed to get names occurring
916 after the specified name. The supplied name does not need to exist
917 in the database (for example you can supply just a first letter for
918 searching starting at that letter)
920 The level corresponds to the samr_QueryDisplayInfo level
922 NTSTATUS samr_GetDisplayEnumerationIndex
(
923 [in,ref] policy_handle
*domain_handle
,
925 [in] lsa_String name
,
931 /************************/
935 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
937 NTSTATUS samr_TestPrivateFunctionsDomain
(
938 [in,ref] policy_handle
*domain_handle
942 /************************/
946 w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
948 NTSTATUS samr_TestPrivateFunctionsUser
(
949 [in,ref] policy_handle
*user_handle
953 /************************/
957 uint16 min_password_length
;
958 samr_PasswordProperties password_properties
;
961 NTSTATUS samr_GetUserPwInfo
(
962 [in,ref] policy_handle
*user_handle
,
963 [out] samr_PwInfo info
966 /************************/
968 NTSTATUS samr_RemoveMemberFromForeignDomain
(
969 [in,ref] policy_handle
*domain_handle
,
970 [in,ref] dom_sid2
*sid
973 /************************/
977 how is this different from QueryDomainInfo ??
979 NTSTATUS samr_QueryDomainInfo2
(
980 [in,ref] policy_handle
*domain_handle
,
982 [out,switch_is(level
)] samr_DomainInfo
*info
985 /************************/
989 how is this different from QueryUserInfo ??
991 NTSTATUS samr_QueryUserInfo2
(
992 [in,ref] policy_handle
*user_handle
,
994 [out,switch_is(level
)] samr_UserInfo
*info
997 /************************/
1001 how is this different from QueryDisplayInfo??
1003 NTSTATUS samr_QueryDisplayInfo2
(
1004 [in,ref] policy_handle
*domain_handle
,
1006 [in] uint32 start_idx
,
1007 [in] uint32 max_entries
,
1008 [in] uint32 buf_size
,
1009 [out] uint32 total_size
,
1010 [out] uint32 returned_size
,
1011 [out,switch_is(level
)] samr_DispInfo info
1014 /************************/
1018 how is this different from GetDisplayEnumerationIndex ??
1020 NTSTATUS samr_GetDisplayEnumerationIndex2
(
1021 [in,ref] policy_handle
*domain_handle
,
1023 [in] lsa_String name
,
1028 /************************/
1030 NTSTATUS samr_CreateUser2
(
1031 [in,ref] policy_handle
*domain_handle
,
1032 [in,ref] lsa_String
*account_name
,
1033 [in] samr_AcctFlags acct_flags
,
1034 [in] uint32 access_mask
,
1035 [out,ref] policy_handle
*user_handle
,
1036 [out,ref] uint32
*access_granted
,
1037 [out,ref] uint32
*rid
1041 /************************/
1045 another duplicate. There must be a reason ....
1047 NTSTATUS samr_QueryDisplayInfo3
(
1048 [in,ref] policy_handle
*domain_handle
,
1050 [in] uint32 start_idx
,
1051 [in] uint32 max_entries
,
1052 [in] uint32 buf_size
,
1053 [out] uint32 total_size
,
1054 [out] uint32 returned_size
,
1055 [out,switch_is(level
)] samr_DispInfo info
1058 /************************/
1060 NTSTATUS samr_AddMultipleMembersToAlias
(
1061 [in,ref] policy_handle
*alias_handle
,
1062 [in,ref] lsa_SidArray
*sids
1065 /************************/
1067 NTSTATUS samr_RemoveMultipleMembersFromAlias
(
1068 [in,ref] policy_handle
*alias_handle
,
1069 [in,ref] lsa_SidArray
*sids
1072 /************************/
1075 NTSTATUS samr_OemChangePasswordUser2
(
1076 [in] lsa_AsciiString
*server
,
1077 [in,ref] lsa_AsciiString
*account
,
1078 [in] samr_CryptPassword
*password
,
1079 [in] samr_Password
*hash
1082 /************************/
1084 NTSTATUS samr_ChangePasswordUser2
(
1085 [in] lsa_String
*server
,
1086 [in,ref] lsa_String
*account
,
1087 [in] samr_CryptPassword
*nt_password
,
1088 [in] samr_Password
*nt_verifier
,
1089 [in] boolean8 lm_change
,
1090 [in] samr_CryptPassword
*lm_password
,
1091 [in] samr_Password
*lm_verifier
1094 /************************/
1096 NTSTATUS samr_GetDomPwInfo
(
1097 [in] lsa_String
*domain_name
,
1098 [out] samr_PwInfo info
1101 /************************/
1103 NTSTATUS samr_Connect2
(
1104 [in,string,charset
(UTF16
)] uint16
*system_name
,
1105 [in] uint32 access_mask
,
1106 [out,ref] policy_handle
*connect_handle
1109 /************************/
1112 seems to be an exact alias for samr_SetUserInfo()
1114 NTSTATUS samr_SetUserInfo2
(
1115 [in,ref] policy_handle
*user_handle
,
1117 [in,ref,switch_is(level
)] samr_UserInfo
*info
1120 /************************/
1123 this one is mysterious. I have a few guesses, but nothing working yet
1125 NTSTATUS samr_SetBootKeyInformation
(
1126 [in,ref] policy_handle
*connect_handle
,
1127 [in] uint32 unknown1
,
1128 [in] uint32 unknown2
,
1129 [in] uint32 unknown3
1132 /************************/
1134 NTSTATUS samr_GetBootKeyInformation
(
1135 [in,ref] policy_handle
*domain_handle
,
1136 [out] uint32 unknown
1139 /************************/
1141 NTSTATUS samr_Connect3
(
1142 [in,string,charset
(UTF16
)] uint16
*system_name
,
1143 /* this unknown value seems to be completely ignored by w2k3 */
1144 [in] uint32 unknown
,
1145 [in] uint32 access_mask
,
1146 [out,ref] policy_handle
*connect_handle
1149 /************************/
1151 NTSTATUS samr_Connect4
(
1152 [in,string,charset
(UTF16
)] uint16
*system_name
,
1153 [in] uint32 unknown
,
1154 [in] uint32 access_mask
,
1155 [out,ref] policy_handle
*connect_handle
1158 /************************/
1161 declare
enum samr_RejectReason
;
1164 samr_RejectReason reason
;
1167 } samr_ChangeReject
;
1169 NTSTATUS samr_ChangePasswordUser3
(
1170 [in] lsa_String
*server
,
1171 [in,ref] lsa_String
*account
,
1172 [in] samr_CryptPassword
*nt_password
,
1173 [in] samr_Password
*nt_verifier
,
1174 [in] boolean8 lm_change
,
1175 [in] samr_CryptPassword
*lm_password
,
1176 [in] samr_Password
*lm_verifier
,
1177 [in] samr_CryptPassword
*password3
,
1178 [out] samr_DomInfo1
*dominfo
,
1179 [out] samr_ChangeReject
*reject
1182 /************************/
1186 uint32 unknown1
; /* w2k3 gives 3 */
1187 uint32 unknown2
; /* w2k3 gives 0 */
1188 } samr_ConnectInfo1
;
1191 [case(1)] samr_ConnectInfo1 info1
;
1194 NTSTATUS samr_Connect5
(
1195 [in,string,charset
(UTF16
)] uint16
*system_name
,
1196 [in] uint32 access_mask
,
1197 [in,out] uint32 level
,
1198 [in,out,switch_is(level
),ref] samr_ConnectInfo
*info
,
1199 [out,ref] policy_handle
*connect_handle
1202 /************************/
1204 NTSTATUS samr_RidToSid
(
1205 [in,ref] policy_handle
*domain_handle
,
1211 /************************/
1215 this should set the DSRM password for the server, which is used
1216 when booting into Directory Services Recovery Mode on a DC. Win2003
1217 gives me NT_STATUS_NOT_SUPPORTED
1220 NTSTATUS samr_SetDsrmPassword
(
1221 [in] lsa_String
*name
,
1222 [in] uint32 unknown
,
1223 [in] samr_Password
*hash
1227 /************************/
1230 I haven't been able to work out the format of this one yet.
1231 Seems to start with a switch level for a union?
1233 NTSTATUS samr_ValidatePassword
();