diff options
author | Günther Deschner <gd@samba.org> | 2008-01-17 09:41:58 +0100 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2008-01-17 16:54:44 +0100 |
commit | d3373be7da601e09b94ed99b69f57332ccff8df6 (patch) | |
tree | 413d17f09193461403e1c1b2071e6256fba05e08 /source3/librpc/idl/samr.idl | |
parent | 32a8e740785147256c008730a69ae6d60a294884 (diff) | |
download | samba-d3373be7da601e09b94ed99b69f57332ccff8df6.tar.gz samba-d3373be7da601e09b94ed99b69f57332ccff8df6.tar.bz2 samba-d3373be7da601e09b94ed99b69f57332ccff8df6.zip |
Import recent netlogon and samr IDL from samba4.
Guenther
(This used to be commit f24dfaa8466b28416a7fdd941990948210a400c7)
Diffstat (limited to 'source3/librpc/idl/samr.idl')
-rw-r--r-- | source3/librpc/idl/samr.idl | 270 |
1 files changed, 221 insertions, 49 deletions
diff --git a/source3/librpc/idl/samr.idl b/source3/librpc/idl/samr.idl index afeca3edd6..b6d2b9f941 100644 --- a/source3/librpc/idl/samr.idl +++ b/source3/librpc/idl/samr.idl @@ -3,6 +3,7 @@ /* samr interface definition */ +import "misc.idl", "lsa.idl", "security.idl"; /* Thanks to Todd Sabin for some information from his samr.idl in acltools @@ -12,8 +13,7 @@ version(1.0), endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"), pointer_default(unique), - pointer_default_top(unique), - depends(misc,lsa,security) + pointer_default_top(unique) ] interface samr { typedef bitmap security_secinfo security_secinfo; @@ -41,19 +41,72 @@ ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */ } samr_AcctFlags; + typedef [bitmap32bit] bitmap { + SAMR_ACCESS_CONNECT_TO_SERVER = 0x00000001, + SAMR_ACCESS_SHUTDOWN_SERVER = 0x00000002, + SAMR_ACCESS_INITIALIZE_SERVER = 0x00000004, + SAMR_ACCESS_CREATE_DOMAIN = 0x00000008, + SAMR_ACCESS_ENUM_DOMAINS = 0x00000010, + SAMR_ACCESS_OPEN_DOMAIN = 0x00000020 + } samr_ConnectAccessMask; + + typedef [bitmap32bit] bitmap { + USER_ACCESS_GET_NAME_ETC = 0x00000001, + USER_ACCESS_GET_LOCALE = 0x00000002, + USER_ACCESS_SET_LOC_COM = 0x00000004, + USER_ACCESS_GET_LOGONINFO = 0x00000008, + USER_ACCESS_GET_ATTRIBUTES = 0x00000010, + USER_ACCESS_SET_ATTRIBUTES = 0x00000020, + USER_ACCESS_CHANGE_PASSWORD = 0x00000040, + USER_ACCESS_SET_PASSWORD = 0x00000080, + USER_ACCESS_GET_GROUPS = 0x00000100, + USER_ACCESS_GET_GROUP_MEMBERSHIP = 0x00000200, + USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400 + } samr_UserAccessMask; + + typedef [bitmap32bit] bitmap { + DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001, + DOMAIN_ACCESS_SET_INFO_1 = 0x00000002, + DOMAIN_ACCESS_LOOKUP_INFO_2 = 0x00000004, + DOMAIN_ACCESS_SET_INFO_2 = 0x00000008, + DOMAIN_ACCESS_CREATE_USER = 0x00000010, + DOMAIN_ACCESS_CREATE_GROUP = 0x00000020, + DOMAIN_ACCESS_CREATE_ALIAS = 0x00000040, + DOMAIN_ACCESS_LOOKUP_ALIAS = 0x00000080, + DOMAIN_ACCESS_ENUM_ACCOUNTS = 0x00000100, + DOMAIN_ACCESS_OPEN_ACCOUNT = 0x00000200, + DOMAIN_ACCESS_SET_INFO_3 = 0x00000400 + } samr_DomainAccessMask; + + typedef [bitmap32bit] bitmap { + GROUP_ACCESS_LOOKUP_INFO = 0x00000001, + GROUP_ACCESS_SET_INFO = 0x00000002, + GROUP_ACCESS_ADD_MEMBER = 0x00000004, + GROUP_ACCESS_REMOVE_MEMBER = 0x00000008, + GROUP_ACCESS_GET_MEMBERS = 0x00000010 + } samr_GroupAccessMask; + + typedef [bitmap32bit] bitmap { + ALIAS_ACCESS_ADD_MEMBER = 0x00000001, + ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002, + ALIAS_ACCESS_GET_MEMBERS = 0x00000004, + ALIAS_ACCESS_LOOKUP_INFO = 0x00000008, + ALIAS_ACCESS_SET_INFO = 0x00000010 + } samr_AliasAccessMask; + /******************/ /* Function: 0x00 */ NTSTATUS samr_Connect ( /* notice the lack of [string] */ [in] uint16 *system_name, - [in] uint32 access_mask, + [in] samr_ConnectAccessMask access_mask, [out,ref] policy_handle *connect_handle ); /******************/ /* Function: 0x01 */ - NTSTATUS samr_Close ( + [public] NTSTATUS samr_Close ( [in,out,ref] policy_handle *handle ); @@ -118,9 +171,9 @@ /************************/ /* Function 0x07 */ - NTSTATUS samr_OpenDomain( + [public] NTSTATUS samr_OpenDomain( [in,ref] policy_handle *connect_handle, - [in] uint32 access_mask, + [in] samr_DomainAccessMask access_mask, [in,ref] dom_sid2 *sid, [out,ref] policy_handle *domain_handle ); @@ -129,10 +182,10 @@ /* Function 0x08 */ /* server roles */ typedef [v1_enum] enum { - ROLE_STANDALONE = 0, - ROLE_DOMAIN_MEMBER = 1, - ROLE_DOMAIN_BDC = 2, - ROLE_DOMAIN_PDC = 3 + SAMR_ROLE_STANDALONE = 0, + SAMR_ROLE_DOMAIN_MEMBER = 1, + SAMR_ROLE_DOMAIN_BDC = 2, + SAMR_ROLE_DOMAIN_PDC = 3 } samr_Role; /* password properties flags */ @@ -256,7 +309,7 @@ NTSTATUS samr_CreateDomainGroup( [in,ref] policy_handle *domain_handle, [in,ref] lsa_String *name, - [in] uint32 access_mask, + [in] samr_GroupAccessMask access_mask, [out,ref] policy_handle *group_handle, [out,ref] uint32 *rid ); @@ -277,7 +330,7 @@ NTSTATUS samr_CreateUser( [in,ref] policy_handle *domain_handle, [in,ref] lsa_String *account_name, - [in] uint32 access_mask, + [in] samr_UserAccessMask access_mask, [out,ref] policy_handle *user_handle, [out,ref] uint32 *rid ); @@ -305,7 +358,7 @@ NTSTATUS samr_CreateDomAlias( [in,ref] policy_handle *domain_handle, [in,ref] lsa_String *alias_name, - [in] uint32 access_mask, + [in] samr_AliasAccessMask access_mask, [out,ref] policy_handle *alias_handle, [out,ref] uint32 *rid ); @@ -337,7 +390,7 @@ /************************/ /* Function 0x11 */ - NTSTATUS samr_LookupNames( + [public] NTSTATUS samr_LookupNames( [in,ref] policy_handle *domain_handle, [in,range(0,1000)] uint32 num_names, [in,size_is(1000),length_is(num_names)] lsa_String names[], @@ -360,7 +413,7 @@ /* Function 0x13 */ NTSTATUS samr_OpenGroup( [in,ref] policy_handle *domain_handle, - [in] uint32 access_mask, + [in] samr_GroupAccessMask access_mask, [in] uint32 rid, [out,ref] policy_handle *group_handle ); @@ -480,7 +533,7 @@ /* Function 0x1b */ NTSTATUS samr_OpenAlias ( [in,ref] policy_handle *domain_handle, - [in] uint32 access_mask, + [in] samr_AliasAccessMask access_mask, [in] uint32 rid, [out,ref] policy_handle *alias_handle ); @@ -550,9 +603,9 @@ /************************/ /* Function 0x22 */ - NTSTATUS samr_OpenUser( + [public] NTSTATUS samr_OpenUser( [in,ref] policy_handle *domain_handle, - [in] uint32 access_mask, + [in] samr_UserAccessMask access_mask, [in] uint32 rid, [out,ref] policy_handle *user_handle ); @@ -684,20 +737,36 @@ /* this defines the bits used for fields_present in info21 */ typedef [bitmap32bit] bitmap { - SAMR_FIELD_ACCOUNT_NAME = 0x00000001, - SAMR_FIELD_FULL_NAME = 0x00000002, - SAMR_FIELD_DESCRIPTION = 0x00000010, - SAMR_FIELD_COMMENT = 0x00000020, - SAMR_FIELD_LOGON_SCRIPT = 0x00000100, - SAMR_FIELD_PROFILE_PATH = 0x00000200, - SAMR_FIELD_WORKSTATIONS = 0x00000400, - SAMR_FIELD_LOGON_HOURS = 0x00002000, - SAMR_FIELD_ACCT_FLAGS = 0x00100000, - SAMR_FIELD_PARAMETERS = 0x00200000, - SAMR_FIELD_COUNTRY_CODE = 0x00400000, - SAMR_FIELD_CODE_PAGE = 0x00800000, - SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */ - SAMR_FIELD_PASSWORD2 = 0x02000000 /* two bits seems to work */ + SAMR_FIELD_ACCOUNT_NAME = 0x00000001, + SAMR_FIELD_FULL_NAME = 0x00000002, + SAMR_FIELD_RID = 0x00000004, + SAMR_FIELD_PRIMARY_GID = 0x00000008, + SAMR_FIELD_DESCRIPTION = 0x00000010, + SAMR_FIELD_COMMENT = 0x00000020, + SAMR_FIELD_HOME_DIRECTORY = 0x00000040, + SAMR_FIELD_HOME_DRIVE = 0x00000080, + SAMR_FIELD_LOGON_SCRIPT = 0x00000100, + SAMR_FIELD_PROFILE_PATH = 0x00000200, + SAMR_FIELD_WORKSTATIONS = 0x00000400, + SAMR_FIELD_LAST_LOGON = 0x00000800, + SAMR_FIELD_LAST_LOGOFF = 0x00001000, + SAMR_FIELD_LOGON_HOURS = 0x00002000, + SAMR_FIELD_BAD_PWD_COUNT = 0x00004000, + SAMR_FIELD_NUM_LOGONS = 0x00008000, + SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000, + SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000, + SAMR_FIELD_LAST_PWD_CHANGE = 0x00040000, + SAMR_FIELD_ACCT_EXPIRY = 0x00080000, + SAMR_FIELD_ACCT_FLAGS = 0x00100000, + SAMR_FIELD_PARAMETERS = 0x00200000, + SAMR_FIELD_COUNTRY_CODE = 0x00400000, + SAMR_FIELD_CODE_PAGE = 0x00800000, + SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */ + SAMR_FIELD_PASSWORD2 = 0x02000000, /* two bits seems to work */ + SAMR_FIELD_PRIVATE_DATA = 0x04000000, + SAMR_FIELD_EXPIRED_FLAG = 0x08000000, + SAMR_FIELD_SEC_DESC = 0x10000000, + SAMR_FIELD_OWF_PWD = 0x20000000 } samr_FieldsPresent; typedef struct { @@ -790,7 +859,7 @@ [case(26)] samr_UserInfo26 info26; } samr_UserInfo; - NTSTATUS samr_QueryUserInfo( + [public] NTSTATUS samr_QueryUserInfo( [in,ref] policy_handle *user_handle, [in] uint16 level, [out,switch_is(level)] samr_UserInfo *info @@ -799,7 +868,7 @@ /************************/ /* Function 0x25 */ - NTSTATUS samr_SetUserInfo( + [public] NTSTATUS samr_SetUserInfo( [in,ref] policy_handle *user_handle, [in] uint16 level, [in,ref,switch_is(level)] samr_UserInfo *info @@ -855,8 +924,8 @@ uint32 rid; samr_AcctFlags acct_flags; lsa_String account_name; - lsa_String full_name; lsa_String description; + lsa_String full_name; } samr_DispEntryGeneral; typedef struct { @@ -879,6 +948,19 @@ typedef struct { uint32 idx; + uint32 rid; + samr_GroupAttrs acct_flags; + lsa_String account_name; + lsa_String description; + } samr_DispEntryFullGroup; + + typedef struct { + uint32 count; + [size_is(count)] samr_DispEntryFullGroup *entries; + } samr_DispInfoFullGroups; + + typedef struct { + uint32 idx; lsa_AsciiString account_name; } samr_DispEntryAscii; @@ -890,7 +972,7 @@ typedef [switch_type(uint16)] union { [case(1)] samr_DispInfoGeneral info1;/* users */ [case(2)] samr_DispInfoFull info2; /* trust accounts? */ - [case(3)] samr_DispInfoFull info3; /* groups */ + [case(3)] samr_DispInfoFullGroups info3; /* groups */ [case(4)] samr_DispInfoAscii info4; /* users */ [case(5)] samr_DispInfoAscii info5; /* groups */ } samr_DispInfo; @@ -958,7 +1040,7 @@ samr_PasswordProperties password_properties; } samr_PwInfo; - NTSTATUS samr_GetUserPwInfo( + [public] NTSTATUS samr_GetUserPwInfo( [in,ref] policy_handle *user_handle, [out] samr_PwInfo info ); @@ -1031,7 +1113,7 @@ [in,ref] policy_handle *domain_handle, [in,ref] lsa_String *account_name, [in] samr_AcctFlags acct_flags, - [in] uint32 access_mask, + [in] samr_UserAccessMask access_mask, [out,ref] policy_handle *user_handle, [out,ref] uint32 *access_granted, [out,ref] uint32 *rid @@ -1102,7 +1184,7 @@ /* Function 0x39 */ NTSTATUS samr_Connect2( [in,string,charset(UTF16)] uint16 *system_name, - [in] uint32 access_mask, + [in] samr_ConnectAccessMask access_mask, [out,ref] policy_handle *connect_handle ); @@ -1111,7 +1193,7 @@ /* seems to be an exact alias for samr_SetUserInfo() */ - NTSTATUS samr_SetUserInfo2( + [public] NTSTATUS samr_SetUserInfo2( [in,ref] policy_handle *user_handle, [in] uint16 level, [in,ref,switch_is(level)] samr_UserInfo *info @@ -1142,7 +1224,7 @@ [in,string,charset(UTF16)] uint16 *system_name, /* this unknown value seems to be completely ignored by w2k3 */ [in] uint32 unknown, - [in] uint32 access_mask, + [in] samr_ConnectAccessMask access_mask, [out,ref] policy_handle *connect_handle ); @@ -1151,7 +1233,7 @@ NTSTATUS samr_Connect4( [in,string,charset(UTF16)] uint16 *system_name, [in] uint32 unknown, - [in] uint32 access_mask, + [in] samr_ConnectAccessMask access_mask, [out,ref] policy_handle *connect_handle ); @@ -1191,9 +1273,9 @@ [case(1)] samr_ConnectInfo1 info1; } samr_ConnectInfo; - NTSTATUS samr_Connect5( + [public] NTSTATUS samr_Connect5( [in,string,charset(UTF16)] uint16 *system_name, - [in] uint32 access_mask, + [in] samr_ConnectAccessMask access_mask, [in,out] uint32 level, [in,out,switch_is(level),ref] samr_ConnectInfo *info, [out,ref] policy_handle *connect_handle @@ -1226,9 +1308,99 @@ /************************/ /* Function 0x43 */ - /* - I haven't been able to work out the format of this one yet. - Seems to start with a switch level for a union? - */ - NTSTATUS samr_ValidatePassword(); + /************************/ + typedef [bitmap32bit] bitmap { + SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET = 0x00000001, + SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME = 0x00000002, + SAMR_VALIDATE_FIELD_LOCKOUT_TIME = 0x00000004, + SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT = 0x00000008, + SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH = 0x00000010, + SAMR_VALIDATE_FIELD_PASSWORD_HISTORY = 0x00000020 + } samr_ValidateFieldsPresent; + + typedef enum { + NetValidateAuthentication = 1, + NetValidatePasswordChange= 2, + NetValidatePasswordReset = 3 + } samr_ValidatePasswordLevel; + + /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't + * identified the mapping of + * - NERR_PasswordFilterError + * - NERR_PasswordExpired and + * - NERR_PasswordCantChange + * yet - Guenther + */ + + typedef enum { + SAMR_VALIDATION_STATUS_SUCCESS = 0, + SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1, + SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2, + SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4, + SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5, + SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6, + SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7, + SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8, + SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9 + } samr_ValidationStatus; + + typedef struct { + uint32 length; + [size_is(length)] uint8 *data; + } samr_ValidationBlob; + + typedef struct { + samr_ValidateFieldsPresent fields_present; + NTTIME_hyper last_password_change; + NTTIME_hyper bad_password_time; + NTTIME_hyper lockout_time; + uint32 bad_pwd_count; + uint32 pwd_history_len; + [size_is(pwd_history_len)] samr_ValidationBlob *pwd_history; + } samr_ValidatePasswordInfo; + + typedef struct { + samr_ValidatePasswordInfo info; + samr_ValidationStatus status; + } samr_ValidatePasswordRepCtr; + + typedef [switch_type(uint16)] union { + [case(1)] samr_ValidatePasswordRepCtr ctr1; + [case(2)] samr_ValidatePasswordRepCtr ctr2; + [case(3)] samr_ValidatePasswordRepCtr ctr3; + } samr_ValidatePasswordRep; + + typedef struct { + samr_ValidatePasswordInfo info; + lsa_StringLarge password; + lsa_StringLarge account; + samr_ValidationBlob hash; + boolean8 pwd_must_change_at_next_logon; + boolean8 clear_lockout; + } samr_ValidatePasswordReq3; + + typedef struct { + samr_ValidatePasswordInfo info; + lsa_StringLarge password; + lsa_StringLarge account; + samr_ValidationBlob hash; + boolean8 password_matched; + } samr_ValidatePasswordReq2; + + typedef struct { + samr_ValidatePasswordInfo info; + boolean8 password_matched; + } samr_ValidatePasswordReq1; + + typedef [switch_type(uint16)] union { + [case(1)] samr_ValidatePasswordReq1 req1; + [case(2)] samr_ValidatePasswordReq2 req2; + [case(3)] samr_ValidatePasswordReq3 req3; + } samr_ValidatePasswordReq; + + NTSTATUS samr_ValidatePassword( + [in] samr_ValidatePasswordLevel level, + [in,switch_is(level)] samr_ValidatePasswordReq req, + [out,switch_is(level)] samr_ValidatePasswordRep *rep + ); } |