diff options
Diffstat (limited to 'source3/librpc/idl/samr.idl')
| -rw-r--r-- | source3/librpc/idl/samr.idl | 460 |
1 files changed, 328 insertions, 132 deletions
diff --git a/source3/librpc/idl/samr.idl b/source3/librpc/idl/samr.idl index afeca3edd6..c2449d3088 100644 --- a/source3/librpc/idl/samr.idl +++ b/source3/librpc/idl/samr.idl @@ -3,6 +3,7 @@ /* samr interface definition */ +import "misc.idl", "lsa.idl", "security.idl"; /* Thanks to Todd Sabin for some information from his samr.idl in acltools @@ -11,9 +12,7 @@ [ uuid("12345778-1234-abcd-ef00-0123456789ac"), version(1.0), endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"), - pointer_default(unique), - pointer_default_top(unique), - depends(misc,lsa,security) + pointer_default(unique) ] interface samr { typedef bitmap security_secinfo security_secinfo; @@ -41,19 +40,72 @@ ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */ } samr_AcctFlags; + typedef [bitmap32bit] bitmap { + SAMR_ACCESS_CONNECT_TO_SERVER = 0x00000001, + SAMR_ACCESS_SHUTDOWN_SERVER = 0x00000002, + SAMR_ACCESS_INITIALIZE_SERVER = 0x00000004, + SAMR_ACCESS_CREATE_DOMAIN = 0x00000008, + SAMR_ACCESS_ENUM_DOMAINS = 0x00000010, + SAMR_ACCESS_OPEN_DOMAIN = 0x00000020 + } samr_ConnectAccessMask; + + typedef [bitmap32bit] bitmap { + SAMR_USER_ACCESS_GET_NAME_ETC = 0x00000001, + SAMR_USER_ACCESS_GET_LOCALE = 0x00000002, + SAMR_USER_ACCESS_SET_LOC_COM = 0x00000004, + SAMR_USER_ACCESS_GET_LOGONINFO = 0x00000008, + SAMR_USER_ACCESS_GET_ATTRIBUTES = 0x00000010, + SAMR_USER_ACCESS_SET_ATTRIBUTES = 0x00000020, + SAMR_USER_ACCESS_CHANGE_PASSWORD = 0x00000040, + SAMR_USER_ACCESS_SET_PASSWORD = 0x00000080, + SAMR_USER_ACCESS_GET_GROUPS = 0x00000100, + SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP = 0x00000200, + SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400 + } samr_UserAccessMask; + + typedef [bitmap32bit] bitmap { + SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001, + SAMR_DOMAIN_ACCESS_SET_INFO_1 = 0x00000002, + SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 = 0x00000004, + SAMR_DOMAIN_ACCESS_SET_INFO_2 = 0x00000008, + SAMR_DOMAIN_ACCESS_CREATE_USER = 0x00000010, + SAMR_DOMAIN_ACCESS_CREATE_GROUP = 0x00000020, + SAMR_DOMAIN_ACCESS_CREATE_ALIAS = 0x00000040, + SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS = 0x00000080, + SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS = 0x00000100, + SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT = 0x00000200, + SAMR_DOMAIN_ACCESS_SET_INFO_3 = 0x00000400 + } samr_DomainAccessMask; + + typedef [bitmap32bit] bitmap { + SAMR_GROUP_ACCESS_LOOKUP_INFO = 0x00000001, + SAMR_GROUP_ACCESS_SET_INFO = 0x00000002, + SAMR_GROUP_ACCESS_ADD_MEMBER = 0x00000004, + SAMR_GROUP_ACCESS_REMOVE_MEMBER = 0x00000008, + SAMR_GROUP_ACCESS_GET_MEMBERS = 0x00000010 + } samr_GroupAccessMask; + + typedef [bitmap32bit] bitmap { + SAMR_ALIAS_ACCESS_ADD_MEMBER = 0x00000001, + SAMR_ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002, + SAMR_ALIAS_ACCESS_GET_MEMBERS = 0x00000004, + SAMR_ALIAS_ACCESS_LOOKUP_INFO = 0x00000008, + SAMR_ALIAS_ACCESS_SET_INFO = 0x00000010 + } samr_AliasAccessMask; + /******************/ /* Function: 0x00 */ NTSTATUS samr_Connect ( /* notice the lack of [string] */ - [in] uint16 *system_name, - [in] uint32 access_mask, + [in,unique] uint16 *system_name, + [in] samr_ConnectAccessMask access_mask, [out,ref] policy_handle *connect_handle ); /******************/ /* Function: 0x01 */ - NTSTATUS samr_Close ( + [public] NTSTATUS samr_Close ( [in,out,ref] policy_handle *handle ); @@ -72,7 +124,7 @@ NTSTATUS samr_QuerySecurity ( [in,ref] policy_handle *handle, [in] security_secinfo sec_info, - [out] sec_desc_buf *sdbuf + [out,ref] sec_desc_buf **sdbuf ); /******************/ @@ -88,9 +140,9 @@ /******************/ /* Function: 0x05 */ NTSTATUS samr_LookupDomain ( - [in,ref] policy_handle *connect_handle, + [in,ref] policy_handle *connect_handle, [in,ref] lsa_String *domain_name, - [out] dom_sid2 *sid + [out,ref] dom_sid2 **sid ); @@ -108,19 +160,19 @@ } samr_SamArray; NTSTATUS samr_EnumDomains ( - [in,ref] policy_handle *connect_handle, + [in] policy_handle *connect_handle, [in,out,ref] uint32 *resume_handle, + [out,ref] samr_SamArray **sam, [in] uint32 buf_size, - [out] samr_SamArray *sam, - [out] uint32 num_entries + [out,ref] uint32 *num_entries ); /************************/ /* Function 0x07 */ - NTSTATUS samr_OpenDomain( + [public] NTSTATUS samr_OpenDomain( [in,ref] policy_handle *connect_handle, - [in] uint32 access_mask, + [in] samr_DomainAccessMask access_mask, [in,ref] dom_sid2 *sid, [out,ref] policy_handle *domain_handle ); @@ -129,10 +181,10 @@ /* Function 0x08 */ /* server roles */ typedef [v1_enum] enum { - ROLE_STANDALONE = 0, - ROLE_DOMAIN_MEMBER = 1, - ROLE_DOMAIN_BDC = 2, - ROLE_DOMAIN_PDC = 3 + SAMR_ROLE_STANDALONE = 0, + SAMR_ROLE_DOMAIN_MEMBER = 1, + SAMR_ROLE_DOMAIN_BDC = 2, + SAMR_ROLE_DOMAIN_PDC = 3 } samr_Role; /* password properties flags */ @@ -235,7 +287,7 @@ NTSTATUS samr_QueryDomainInfo( [in,ref] policy_handle *domain_handle, [in] uint16 level, - [out,switch_is(level)] samr_DomainInfo *info + [out,ref,switch_is(level)] samr_DomainInfo **info ); /************************/ @@ -256,7 +308,7 @@ NTSTATUS samr_CreateDomainGroup( [in,ref] policy_handle *domain_handle, [in,ref] lsa_String *name, - [in] uint32 access_mask, + [in] samr_GroupAccessMask access_mask, [out,ref] policy_handle *group_handle, [out,ref] uint32 *rid ); @@ -264,12 +316,16 @@ /************************/ /* Function 0x0b */ + + const int MAX_SAM_ENTRIES_W2K = 0x400; /* 1024 */ + const int MAX_SAM_ENTRIES_W95 = 50; + NTSTATUS samr_EnumDomainGroups( - [in,ref] policy_handle *domain_handle, + [in] policy_handle *domain_handle, [in,out,ref] uint32 *resume_handle, + [out,ref] samr_SamArray **sam, [in] uint32 max_size, - [out] samr_SamArray *sam, - [out] uint32 num_entries + [out,ref] uint32 *num_entries ); /************************/ @@ -277,7 +333,7 @@ NTSTATUS samr_CreateUser( [in,ref] policy_handle *domain_handle, [in,ref] lsa_String *account_name, - [in] uint32 access_mask, + [in] samr_UserAccessMask access_mask, [out,ref] policy_handle *user_handle, [out,ref] uint32 *rid ); @@ -292,12 +348,12 @@ const int SAMR_ENUM_USERS_MULTIPLIER = 54; NTSTATUS samr_EnumDomainUsers( - [in,ref] policy_handle *domain_handle, + [in] policy_handle *domain_handle, [in,out,ref] uint32 *resume_handle, [in] samr_AcctFlags acct_flags, + [out,ref] samr_SamArray **sam, [in] uint32 max_size, - [out] samr_SamArray *sam, - [out] uint32 num_entries + [out,ref] uint32 *num_entries ); /************************/ @@ -305,7 +361,7 @@ NTSTATUS samr_CreateDomAlias( [in,ref] policy_handle *domain_handle, [in,ref] lsa_String *alias_name, - [in] uint32 access_mask, + [in] samr_AliasAccessMask access_mask, [out,ref] policy_handle *alias_handle, [out,ref] uint32 *rid ); @@ -313,11 +369,11 @@ /************************/ /* Function 0x0f */ NTSTATUS samr_EnumDomainAliases( - [in,ref] policy_handle *domain_handle, + [in] policy_handle *domain_handle, [in,out,ref] uint32 *resume_handle, - [in] samr_AcctFlags acct_flags, - [out] samr_SamArray *sam, - [out] uint32 num_entries + [out,ref] samr_SamArray **sam, + [in] uint32 max_size, + [out,ref] uint32 *num_entries ); /************************/ @@ -337,12 +393,12 @@ /************************/ /* Function 0x11 */ - NTSTATUS samr_LookupNames( + [public] NTSTATUS samr_LookupNames( [in,ref] policy_handle *domain_handle, [in,range(0,1000)] uint32 num_names, [in,size_is(1000),length_is(num_names)] lsa_String names[], - [out] samr_Ids rids, - [out] samr_Ids types + [out,ref] samr_Ids *rids, + [out,ref] samr_Ids *types ); @@ -352,15 +408,15 @@ [in,ref] policy_handle *domain_handle, [in,range(0,1000)] uint32 num_rids, [in,size_is(1000),length_is(num_rids)] uint32 rids[], - [out] lsa_Strings names, - [out] samr_Ids types + [out,ref] lsa_Strings *names, + [out,ref] samr_Ids *types ); /************************/ /* Function 0x13 */ NTSTATUS samr_OpenGroup( [in,ref] policy_handle *domain_handle, - [in] uint32 access_mask, + [in] samr_GroupAccessMask access_mask, [in] uint32 rid, [out,ref] policy_handle *group_handle ); @@ -413,7 +469,7 @@ NTSTATUS samr_QueryGroupInfo( [in,ref] policy_handle *group_handle, [in] samr_GroupInfoEnum level, - [out,switch_is(level)] samr_GroupInfo *info + [out,ref,switch_is(level)] samr_GroupInfo **info ); /************************/ @@ -456,7 +512,7 @@ NTSTATUS samr_QueryGroupMember( [in,ref] policy_handle *group_handle, - [out] samr_RidTypeArray *rids + [out,ref] samr_RidTypeArray **rids ); @@ -480,7 +536,7 @@ /* Function 0x1b */ NTSTATUS samr_OpenAlias ( [in,ref] policy_handle *domain_handle, - [in] uint32 access_mask, + [in] samr_AliasAccessMask access_mask, [in] uint32 rid, [out,ref] policy_handle *alias_handle ); @@ -510,7 +566,7 @@ NTSTATUS samr_QueryAliasInfo( [in,ref] policy_handle *alias_handle, [in] samr_AliasInfoEnum level, - [out,switch_is(level)] samr_AliasInfo *info + [out,ref,switch_is(level)] samr_AliasInfo **info ); /************************/ @@ -550,9 +606,9 @@ /************************/ /* Function 0x22 */ - NTSTATUS samr_OpenUser( + [public] NTSTATUS samr_OpenUser( [in,ref] policy_handle *domain_handle, - [in] uint32 access_mask, + [in] samr_UserAccessMask access_mask, [in] uint32 rid, [out,ref] policy_handle *user_handle ); @@ -678,28 +734,59 @@ NTTIME acct_expiry; } samr_UserInfo17; + typedef [public, flag(NDR_PAHEX)] struct { + uint8 hash[16]; + } samr_Password; + + typedef struct { + samr_Password lm_pwd; + samr_Password nt_pwd; + boolean8 lm_pwd_active; + boolean8 nt_pwd_active; + } samr_UserInfo18; + typedef struct { lsa_String parameters; } samr_UserInfo20; /* this defines the bits used for fields_present in info21 */ typedef [bitmap32bit] bitmap { - SAMR_FIELD_ACCOUNT_NAME = 0x00000001, - SAMR_FIELD_FULL_NAME = 0x00000002, - SAMR_FIELD_DESCRIPTION = 0x00000010, - SAMR_FIELD_COMMENT = 0x00000020, - SAMR_FIELD_LOGON_SCRIPT = 0x00000100, - SAMR_FIELD_PROFILE_PATH = 0x00000200, - SAMR_FIELD_WORKSTATIONS = 0x00000400, - SAMR_FIELD_LOGON_HOURS = 0x00002000, - SAMR_FIELD_ACCT_FLAGS = 0x00100000, - SAMR_FIELD_PARAMETERS = 0x00200000, - SAMR_FIELD_COUNTRY_CODE = 0x00400000, - SAMR_FIELD_CODE_PAGE = 0x00800000, - SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */ - SAMR_FIELD_PASSWORD2 = 0x02000000 /* two bits seems to work */ + SAMR_FIELD_ACCOUNT_NAME = 0x00000001, + SAMR_FIELD_FULL_NAME = 0x00000002, + SAMR_FIELD_RID = 0x00000004, + SAMR_FIELD_PRIMARY_GID = 0x00000008, + SAMR_FIELD_DESCRIPTION = 0x00000010, + SAMR_FIELD_COMMENT = 0x00000020, + SAMR_FIELD_HOME_DIRECTORY = 0x00000040, + SAMR_FIELD_HOME_DRIVE = 0x00000080, + SAMR_FIELD_LOGON_SCRIPT = 0x00000100, + SAMR_FIELD_PROFILE_PATH = 0x00000200, + SAMR_FIELD_WORKSTATIONS = 0x00000400, + SAMR_FIELD_LAST_LOGON = 0x00000800, + SAMR_FIELD_LAST_LOGOFF = 0x00001000, + SAMR_FIELD_LOGON_HOURS = 0x00002000, + SAMR_FIELD_BAD_PWD_COUNT = 0x00004000, + SAMR_FIELD_NUM_LOGONS = 0x00008000, + SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000, + SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000, + SAMR_FIELD_LAST_PWD_CHANGE = 0x00040000, + SAMR_FIELD_ACCT_EXPIRY = 0x00080000, + SAMR_FIELD_ACCT_FLAGS = 0x00100000, + SAMR_FIELD_PARAMETERS = 0x00200000, + SAMR_FIELD_COUNTRY_CODE = 0x00400000, + SAMR_FIELD_CODE_PAGE = 0x00800000, + SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */ + SAMR_FIELD_PASSWORD2 = 0x02000000, /* two bits seems to work */ + SAMR_FIELD_PRIVATE_DATA = 0x04000000, + SAMR_FIELD_EXPIRED_FLAG = 0x08000000, + SAMR_FIELD_SEC_DESC = 0x10000000, + SAMR_FIELD_OWF_PWD = 0x20000000 } samr_FieldsPresent; + /* used for 'password_expired' in samr_UserInfo21 */ + const int PASS_MUST_CHANGE_AT_NEXT_LOGON = 0x01; + const int PASS_DONT_CHANGE_AT_NEXT_LOGON = 0x00; + typedef struct { NTTIME last_logon; NTTIME last_logoff; @@ -782,6 +869,7 @@ [case(14)] samr_UserInfo14 info14; [case(16)] samr_UserInfo16 info16; [case(17)] samr_UserInfo17 info17; + [case(18)] samr_UserInfo18 info18; [case(20)] samr_UserInfo20 info20; [case(21)] samr_UserInfo21 info21; [case(23)] samr_UserInfo23 info23; @@ -790,16 +878,16 @@ [case(26)] samr_UserInfo26 info26; } samr_UserInfo; - NTSTATUS samr_QueryUserInfo( + [public] NTSTATUS samr_QueryUserInfo( [in,ref] policy_handle *user_handle, [in] uint16 level, - [out,switch_is(level)] samr_UserInfo *info + [out,ref,switch_is(level)] samr_UserInfo **info ); /************************/ /* Function 0x25 */ - NTSTATUS samr_SetUserInfo( + [public] NTSTATUS samr_SetUserInfo( [in,ref] policy_handle *user_handle, [in] uint16 level, [in,ref,switch_is(level)] samr_UserInfo *info @@ -807,10 +895,6 @@ /************************/ /* Function 0x26 */ - typedef [public, flag(NDR_PAHEX)] struct { - uint8 hash[16]; - } samr_Password; - /* this is a password change interface that doesn't give the server the plaintext password. Depricated. @@ -818,15 +902,15 @@ NTSTATUS samr_ChangePasswordUser( [in,ref] policy_handle *user_handle, [in] boolean8 lm_present, - [in] samr_Password *old_lm_crypted, - [in] samr_Password *new_lm_crypted, + [in,unique] samr_Password *old_lm_crypted, + [in,unique] samr_Password *new_lm_crypted, [in] boolean8 nt_present, - [in] samr_Password *old_nt_crypted, - [in] samr_Password *new_nt_crypted, + [in,unique] samr_Password *old_nt_crypted, + [in,unique] samr_Password *new_nt_crypted, [in] boolean8 cross1_present, - [in] samr_Password *nt_cross, + [in,unique] samr_Password *nt_cross, [in] boolean8 cross2_present, - [in] samr_Password *lm_cross + [in,unique] samr_Password *lm_cross ); /************************/ @@ -844,7 +928,7 @@ NTSTATUS samr_GetGroupsForUser( [in,ref] policy_handle *user_handle, - [out] samr_RidWithAttributeArray *rids + [out,ref] samr_RidWithAttributeArray **rids ); /************************/ @@ -855,8 +939,8 @@ uint32 rid; samr_AcctFlags acct_flags; lsa_String account_name; - lsa_String full_name; lsa_String description; + lsa_String full_name; } samr_DispEntryGeneral; typedef struct { @@ -879,7 +963,20 @@ typedef struct { uint32 idx; - lsa_AsciiString account_name; + uint32 rid; + samr_GroupAttrs acct_flags; + lsa_String account_name; + lsa_String description; + } samr_DispEntryFullGroup; + + typedef struct { + uint32 count; + [size_is(count)] samr_DispEntryFullGroup *entries; + } samr_DispInfoFullGroups; + + typedef struct { + uint32 idx; + lsa_AsciiStringLarge account_name; } samr_DispEntryAscii; typedef struct { @@ -890,7 +987,7 @@ typedef [switch_type(uint16)] union { [case(1)] samr_DispInfoGeneral info1;/* users */ [case(2)] samr_DispInfoFull info2; /* trust accounts? */ - [case(3)] samr_DispInfoFull info3; /* groups */ + [case(3)] samr_DispInfoFullGroups info3; /* groups */ [case(4)] samr_DispInfoAscii info4; /* users */ [case(5)] samr_DispInfoAscii info5; /* groups */ } samr_DispInfo; @@ -901,9 +998,9 @@ [in] uint32 start_idx, [in] uint32 max_entries, [in] uint32 buf_size, - [out] uint32 total_size, - [out] uint32 returned_size, - [out,switch_is(level)] samr_DispInfo info + [out,ref] uint32 *total_size, + [out,ref] uint32 *returned_size, + [out,ref,switch_is(level)] samr_DispInfo *info ); @@ -923,7 +1020,7 @@ [in,ref] policy_handle *domain_handle, [in] uint16 level, [in] lsa_String name, - [out] uint32 idx + [out,ref] uint32 *idx ); @@ -958,9 +1055,9 @@ samr_PasswordProperties password_properties; } samr_PwInfo; - NTSTATUS samr_GetUserPwInfo( + [public] NTSTATUS samr_GetUserPwInfo( [in,ref] policy_handle *user_handle, - [out] samr_PwInfo info + [out,ref] samr_PwInfo *info ); /************************/ @@ -979,7 +1076,7 @@ NTSTATUS samr_QueryDomainInfo2( [in,ref] policy_handle *domain_handle, [in] uint16 level, - [out,switch_is(level)] samr_DomainInfo *info + [out,ref,switch_is(level)] samr_DomainInfo **info ); /************************/ @@ -991,7 +1088,7 @@ NTSTATUS samr_QueryUserInfo2( [in,ref] policy_handle *user_handle, [in] uint16 level, - [out,switch_is(level)] samr_UserInfo *info + [out,ref,switch_is(level)] samr_UserInfo *info ); /************************/ @@ -1006,9 +1103,9 @@ [in] uint32 start_idx, [in] uint32 max_entries, [in] uint32 buf_size, - [out] uint32 total_size, - [out] uint32 returned_size, - [out,switch_is(level)] samr_DispInfo info + [out,ref] uint32 *total_size, + [out,ref] uint32 *returned_size, + [out,ref,switch_is(level)] samr_DispInfo *info ); /************************/ @@ -1021,7 +1118,7 @@ [in,ref] policy_handle *domain_handle, [in] uint16 level, [in] lsa_String name, - [out] uint32 idx + [out,ref] uint32 *idx ); @@ -1031,7 +1128,7 @@ [in,ref] policy_handle *domain_handle, [in,ref] lsa_String *account_name, [in] samr_AcctFlags acct_flags, - [in] uint32 access_mask, + [in] samr_UserAccessMask access_mask, [out,ref] policy_handle *user_handle, [out,ref] uint32 *access_granted, [out,ref] uint32 *rid @@ -1050,9 +1147,9 @@ [in] uint32 start_idx, [in] uint32 max_entries, [in] uint32 buf_size, - [out] uint32 total_size, - [out] uint32 returned_size, - [out,switch_is(level)] samr_DispInfo info + [out,ref] uint32 *total_size, + [out,ref] uint32 *returned_size, + [out,ref,switch_is(level)] samr_DispInfo *info ); /************************/ @@ -1073,36 +1170,36 @@ /* Function 0x36 */ NTSTATUS samr_OemChangePasswordUser2( - [in] lsa_AsciiString *server, + [in,unique] lsa_AsciiString *server, [in,ref] lsa_AsciiString *account, - [in] samr_CryptPassword *password, - [in] samr_Password *hash + [in,unique] samr_CryptPassword *password, + [in,unique] samr_Password *hash ); /************************/ /* Function 0x37 */ NTSTATUS samr_ChangePasswordUser2( - [in] lsa_String *server, + [in,unique] lsa_String *server, [in,ref] lsa_String *account, - [in] samr_CryptPassword *nt_password, - [in] samr_Password *nt_verifier, + [in,unique] samr_CryptPassword *nt_password, + [in,unique] samr_Password *nt_verifier, [in] boolean8 lm_change, - [in] samr_CryptPassword *lm_password, - [in] samr_Password *lm_verifier + [in,unique] samr_CryptPassword *lm_password, + [in,unique] samr_Password *lm_verifier ); /************************/ /* Function 0x38 */ NTSTATUS samr_GetDomPwInfo( - [in] lsa_String *domain_name, - [out] samr_PwInfo info + [in,unique] lsa_String *domain_name, + [out,ref] samr_PwInfo *info ); /************************/ /* Function 0x39 */ NTSTATUS samr_Connect2( - [in,string,charset(UTF16)] uint16 *system_name, - [in] uint32 access_mask, + [in,unique,string,charset(UTF16)] uint16 *system_name, + [in] samr_ConnectAccessMask access_mask, [out,ref] policy_handle *connect_handle ); @@ -1111,7 +1208,7 @@ /* seems to be an exact alias for samr_SetUserInfo() */ - NTSTATUS samr_SetUserInfo2( + [public] NTSTATUS samr_SetUserInfo2( [in,ref] policy_handle *user_handle, [in] uint16 level, [in,ref,switch_is(level)] samr_UserInfo *info @@ -1133,25 +1230,32 @@ /* Function 0x3c */ NTSTATUS samr_GetBootKeyInformation( [in,ref] policy_handle *domain_handle, - [out] uint32 unknown + [out,ref] uint32 *unknown ); /************************/ /* Function 0x3d */ NTSTATUS samr_Connect3( - [in,string,charset(UTF16)] uint16 *system_name, + [in,unique,string,charset(UTF16)] uint16 *system_name, /* this unknown value seems to be completely ignored by w2k3 */ [in] uint32 unknown, - [in] uint32 access_mask, + [in] samr_ConnectAccessMask access_mask, [out,ref] policy_handle *connect_handle ); /************************/ /* Function 0x3e */ + + typedef enum { + SAMR_CONNECT_PRE_W2K = 1, + SAMR_CONNECT_W2K = 2, + SAMR_CONNECT_AFTER_W2K = 3 + } samr_ConnectVersion; + NTSTATUS samr_Connect4( - [in,string,charset(UTF16)] uint16 *system_name, - [in] uint32 unknown, - [in] uint32 access_mask, + [in,unique,string,charset(UTF16)] uint16 *system_name, + [in] samr_ConnectVersion client_version, + [in] samr_ConnectAccessMask access_mask, [out,ref] policy_handle *connect_handle ); @@ -1167,23 +1271,23 @@ } samr_ChangeReject; NTSTATUS samr_ChangePasswordUser3( - [in] lsa_String *server, + [in,unique] lsa_String *server, [in,ref] lsa_String *account, - [in] samr_CryptPassword *nt_password, - [in] samr_Password *nt_verifier, + [in,unique] samr_CryptPassword *nt_password, + [in,unique] samr_Password *nt_verifier, [in] boolean8 lm_change, - [in] samr_CryptPassword *lm_password, - [in] samr_Password *lm_verifier, - [in] samr_CryptPassword *password3, - [out] samr_DomInfo1 *dominfo, - [out] samr_ChangeReject *reject + [in,unique] samr_CryptPassword *lm_password, + [in,unique] samr_Password *lm_verifier, + [in,unique] samr_CryptPassword *password3, + [out,ref] samr_DomInfo1 **dominfo, + [out,ref] samr_ChangeReject **reject ); /************************/ /* Function 0x40 */ typedef struct { - uint32 unknown1; /* w2k3 gives 3 */ + samr_ConnectVersion client_version; /* w2k3 gives 3 */ uint32 unknown2; /* w2k3 gives 0 */ } samr_ConnectInfo1; @@ -1191,11 +1295,13 @@ [case(1)] samr_ConnectInfo1 info1; } samr_ConnectInfo; - NTSTATUS samr_Connect5( - [in,string,charset(UTF16)] uint16 *system_name, - [in] uint32 access_mask, - [in,out] uint32 level, - [in,out,switch_is(level),ref] samr_ConnectInfo *info, + [public] NTSTATUS samr_Connect5( + [in,unique,string,charset(UTF16)] uint16 *system_name, + [in] samr_ConnectAccessMask access_mask, + [in] uint32 level_in, + [in,ref,switch_is(level_in)] samr_ConnectInfo *info_in, + [out,ref] uint32 *level_out, + [out,ref,switch_is(*level_out)] samr_ConnectInfo *info_out, [out,ref] policy_handle *connect_handle ); @@ -1204,7 +1310,7 @@ NTSTATUS samr_RidToSid( [in,ref] policy_handle *domain_handle, [in] uint32 rid, - [out] dom_sid2 *sid + [out,ref] dom_sid2 *sid ); @@ -1218,17 +1324,107 @@ */ NTSTATUS samr_SetDsrmPassword( - [in] lsa_String *name, + [in,unique] lsa_String *name, [in] uint32 unknown, - [in] samr_Password *hash + [in,unique] samr_Password *hash ); /************************/ /* Function 0x43 */ - /* - I haven't been able to work out the format of this one yet. - Seems to start with a switch level for a union? - */ - NTSTATUS samr_ValidatePassword(); + /************************/ + typedef [bitmap32bit] bitmap { + SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET = 0x00000001, + SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME = 0x00000002, + SAMR_VALIDATE_FIELD_LOCKOUT_TIME = 0x00000004, + SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT = 0x00000008, + SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH = 0x00000010, + SAMR_VALIDATE_FIELD_PASSWORD_HISTORY = 0x00000020 + } samr_ValidateFieldsPresent; + + typedef enum { + NetValidateAuthentication = 1, + NetValidatePasswordChange= 2, + NetValidatePasswordReset = 3 + } samr_ValidatePasswordLevel; + + /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't + * identified the mapping of + * - NERR_PasswordFilterError + * - NERR_PasswordExpired and + * - NERR_PasswordCantChange + * yet - Guenther + */ + + typedef enum { + SAMR_VALIDATION_STATUS_SUCCESS = 0, + SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1, + SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2, + SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4, + SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5, + SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6, + SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7, + SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8, + SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9 + } samr_ValidationStatus; + + typedef struct { + uint32 length; + [size_is(length)] uint8 *data; + } samr_ValidationBlob; + + typedef struct { + samr_ValidateFieldsPresent fields_present; + NTTIME_hyper last_password_change; + NTTIME_hyper bad_password_time; + NTTIME_hyper lockout_time; + uint32 bad_pwd_count; + uint32 pwd_history_len; + [size_is(pwd_history_len)] samr_ValidationBlob *pwd_history; + } samr_ValidatePasswordInfo; + + typedef struct { + samr_ValidatePasswordInfo info; + samr_ValidationStatus status; + } samr_ValidatePasswordRepCtr; + + typedef [switch_type(uint16)] union { + [case(1)] samr_ValidatePasswordRepCtr ctr1; + [case(2)] samr_ValidatePasswordRepCtr ctr2; + [case(3)] samr_ValidatePasswordRepCtr ctr3; + } samr_ValidatePasswordRep; + + typedef struct { + samr_ValidatePasswordInfo info; + lsa_StringLarge password; + lsa_StringLarge account; + samr_ValidationBlob hash; + boolean8 pwd_must_change_at_next_logon; + boolean8 clear_lockout; + } samr_ValidatePasswordReq3; + + typedef struct { + samr_ValidatePasswordInfo info; + lsa_StringLarge password; + lsa_StringLarge account; + samr_ValidationBlob hash; + boolean8 password_matched; + } samr_ValidatePasswordReq2; + + typedef struct { + samr_ValidatePasswordInfo info; + boolean8 password_matched; + } samr_ValidatePasswordReq1; + + typedef [switch_type(uint16)] union { + [case(1)] samr_ValidatePasswordReq1 req1; + [case(2)] samr_ValidatePasswordReq2 req2; + [case(3)] samr_ValidatePasswordReq3 req3; + } samr_ValidatePasswordReq; + + NTSTATUS samr_ValidatePassword( + [in] samr_ValidatePasswordLevel level, + [in,switch_is(level)] samr_ValidatePasswordReq req, + [out,ref,switch_is(level)] samr_ValidatePasswordRep *rep + ); } |