summaryrefslogtreecommitdiff
path: root/source3/librpc/idl
diff options
context:
space:
mode:
Diffstat (limited to 'source3/librpc/idl')
-rw-r--r--source3/librpc/idl/netlogon.idl296
-rw-r--r--source3/librpc/idl/samr.idl270
2 files changed, 430 insertions, 136 deletions
diff --git a/source3/librpc/idl/netlogon.idl b/source3/librpc/idl/netlogon.idl
index 395976c074..dcbb647ba0 100644
--- a/source3/librpc/idl/netlogon.idl
+++ b/source3/librpc/idl/netlogon.idl
@@ -4,10 +4,9 @@
who contributed!
*/
-#include "idl_types.h"
-
-import "lsa.idl", "samr.idl", "security.idl";
+import "lsa.idl", "samr.idl", "security.idl", "nbt.idl";
+#include "idl_types.h"
[
uuid("12345678-1234-abcd-ef00-01234567cffb"),
@@ -63,7 +62,7 @@ interface netlogon
[in] [string,charset(UTF16)] uint16 *server_name,
[in] [string,charset(UTF16)] uint16 account_name[],
[in] [string,charset(UTF16)] uint16 workstation[],
- [out,ref] netr_UasLogoffInfo *info
+ [out] netr_UasLogoffInfo info
);
@@ -247,8 +246,8 @@ interface netlogon
[in] uint16 logon_level,
[in] [switch_is(logon_level)] netr_LogonLevel logon,
[in] uint16 validation_level,
- [out,ref] [switch_is(validation_level)] netr_Validation *validation,
- [out,ref] uint8 *authoritative
+ [out] [switch_is(validation_level)] netr_Validation validation,
+ [out] uint8 authoritative
);
@@ -269,7 +268,7 @@ interface netlogon
/*****************/
/* Function 0x04 */
- NTSTATUS netr_ServerReqChallenge(
+ [public] NTSTATUS netr_ServerReqChallenge(
[in,string,charset(UTF16)] uint16 *server_name,
[in,string,charset(UTF16)] uint16 computer_name[],
[in,out,ref] netr_Credential *credentials
@@ -300,7 +299,7 @@ interface netlogon
[in] [string,charset(UTF16)] uint16 computer_name[],
[in] netr_Authenticator credential,
[in] samr_Password new_password,
- [out,ref] netr_Authenticator *return_authenticator
+ [out] netr_Authenticator return_authenticator
);
@@ -342,10 +341,10 @@ interface netlogon
typedef struct {
netr_USER_KEY16 lmpassword;
netr_USER_KEY16 ntpassword;
- netr_PasswordHistory lmhistory;
+ netr_PasswordHistory history;
} netr_USER_KEYS2;
- typedef struct {
+ typedef struct { /* TODO: make this a union! */
netr_USER_KEYS2 keys2;
} netr_USER_KEY_UNION;
@@ -681,9 +680,9 @@ interface netlogon
[in] [string,charset(UTF16)] uint16 logon_server[],
[in] [string,charset(UTF16)] uint16 computername[],
[in] netr_Authenticator credential,
- [in,out,ref] netr_Authenticator *return_authenticator,
+ [in,out] netr_Authenticator return_authenticator,
[in] netr_SamDatabaseID database_id,
- [in,out,ref] udlong *sequence_num,
+ [in,out] udlong sequence_num,
[in] uint32 preferredmaximumlength,
[out] netr_DELTA_ENUM_ARRAY *delta_enum_array
);
@@ -696,9 +695,9 @@ interface netlogon
[in] [string,charset(UTF16)] uint16 logon_server[],
[in] [string,charset(UTF16)] uint16 computername[],
[in] netr_Authenticator credential,
- [in,out,ref] netr_Authenticator *return_authenticator,
+ [in,out] netr_Authenticator return_authenticator,
[in] netr_SamDatabaseID database_id,
- [in,out,ref] uint32 *sync_context,
+ [in,out] uint32 sync_context,
[in] uint32 preferredmaximumlength,
[out] netr_DELTA_ENUM_ARRAY *delta_enum_array
);
@@ -723,15 +722,15 @@ interface netlogon
[in] [string,charset(UTF16)] uint16 *logon_server,
[in] [string,charset(UTF16)] uint16 computername[],
[in] netr_Authenticator credential,
- [in,out,ref] netr_Authenticator *return_authenticator,
+ [in,out] netr_Authenticator return_authenticator,
[in] netr_UAS_INFO_0 uas,
[in] uint32 count,
[in] uint32 level,
[in] uint32 buffersize,
- [out,ref,subcontext(4)] netr_AccountBuffer *buffer,
- [out,ref] uint32 *count_returned,
- [out,ref] uint32 *total_entries,
- [out,ref] netr_UAS_INFO_0 *recordid
+ [out,subcontext(4)] netr_AccountBuffer buffer,
+ [out] uint32 count_returned,
+ [out] uint32 total_entries,
+ [out] netr_UAS_INFO_0 recordid
);
@@ -742,25 +741,25 @@ interface netlogon
[in] [string,charset(UTF16)] uint16 *logon_server,
[in] [string,charset(UTF16)] uint16 computername[],
[in] netr_Authenticator credential,
- [in,out,ref] netr_Authenticator *return_authenticator,
+ [in,out] netr_Authenticator return_authenticator,
[in] uint32 reference,
[in] uint32 level,
[in] uint32 buffersize,
- [out,ref,subcontext(4)] netr_AccountBuffer *buffer,
- [out,ref] uint32 *count_returned,
- [out,ref] uint32 *total_entries,
- [out,ref] uint32 *next_reference,
- [in,out,ref] netr_UAS_INFO_0 *recordid
+ [out,subcontext(4)] netr_AccountBuffer buffer,
+ [out] uint32 count_returned,
+ [out] uint32 total_entries,
+ [out] uint32 next_reference,
+ [in,out] netr_UAS_INFO_0 recordid
);
/*****************/
/* Function 0x0B */
- NTSTATUS netr_GetDcName(
+ WERROR netr_GetDcName(
[in] [string,charset(UTF16)] uint16 logon_server[],
[in] [string,charset(UTF16)] uint16 *domainname,
- [out,ref] [string,charset(UTF16)] uint16 **dcname
+ [out] [string,charset(UTF16)] uint16 *dcname
);
/*****************/
@@ -806,7 +805,7 @@ interface netlogon
[in] [string,charset(UTF16)] uint16 *logon_server,
[in] netr_LogonControlCode function_code,
[in] uint32 level,
- [out,ref,switch_is(level)] netr_CONTROL_QUERY_INFORMATION *info
+ [out,switch_is(level)] netr_CONTROL_QUERY_INFORMATION info
);
@@ -816,7 +815,7 @@ interface netlogon
WERROR netr_GetAnyDCName(
[in] [string,charset(UTF16)] uint16 *logon_server,
[in] [string,charset(UTF16)] uint16 *domainname,
- [out,ref] [string,charset(UTF16)] uint16 **dcname
+ [out] [string,charset(UTF16)] uint16 *dcname
);
@@ -835,7 +834,7 @@ interface netlogon
[in] uint32 function_code,
[in] uint32 level,
[in][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION data,
- [out,ref][switch_is(level)] netr_CONTROL_QUERY_INFORMATION *query
+ [out][switch_is(level)] netr_CONTROL_QUERY_INFORMATION query
);
@@ -866,10 +865,10 @@ interface netlogon
[in] [string,charset(UTF16)] uint16 logon_server[],
[in] [string,charset(UTF16)] uint16 computername[],
[in] netr_Authenticator credential,
- [in,out,ref] netr_Authenticator *return_authenticator,
+ [in,out] netr_Authenticator return_authenticator,
[in] netr_SamDatabaseID database_id,
[in] uint16 restart_state,
- [in,out,ref] uint32 *sync_context,
+ [in,out] uint32 sync_context,
[in] uint32 preferredmaximumlength,
[out] netr_DELTA_ENUM_ARRAY *delta_enum_array
);
@@ -884,7 +883,7 @@ interface netlogon
[in] [string,charset(UTF16)] uint16 logon_server[],
[in] [string,charset(UTF16)] uint16 computername[],
[in] netr_Authenticator credential,
- [in,out,ref] netr_Authenticator *return_authenticator,
+ [in,out] netr_Authenticator return_authenticator,
[in][size_is(change_log_entry_size)] uint8 *change_log_entry,
[in] uint32 change_log_entry_size,
[out] netr_DELTA_ENUM_ARRAY *delta_enum_array
@@ -899,23 +898,76 @@ interface netlogon
[in] uint32 function_code,
[in] uint32 level,
[in][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION data,
- [out,ref][switch_is(level)] netr_CONTROL_QUERY_INFORMATION *query
+ [out][switch_is(level)] netr_CONTROL_QUERY_INFORMATION query
);
/*****************/
/* Function 0x13 */
- WERROR netr_NETRENUMERATETRUSTEDDOMAINS() ;
+ typedef struct {
+ uint32 length;
+ [size_is(length)] uint8 *data;
+ } netr_Blob;
+
+ WERROR netr_NetrEnumerateTrustedDomains(
+ [in] [string,charset(UTF16)] uint16 *server_name,
+ [out,ref] netr_Blob *trusted_domains_blob
+ );
/*****************/
- /* Function 0x14 */
+ /* Function 0x14 */
+
+ /* two unkown bits still: DS_IP_VERSION_AGNOSTIC and
+ * DS_TRY_NEXTCLOSEST_SITE - Guenther */
+
+ typedef [bitmap32bit] bitmap {
+ DS_FORCE_REDISCOVERY = 0x00000001,
+ DS_DIRECTORY_SERVICE_REQUIRED = 0x00000010,
+ DS_DIRECTORY_SERVICE_PREFERRED = 0x00000020,
+ DS_GC_SERVER_REQUIRED = 0x00000040,
+ DS_PDC_REQUIRED = 0x00000080,
+ DS_BACKGROUND_ONLY = 0x00000100,
+ DS_IP_REQUIRED = 0x00000200,
+ DS_KDC_REQUIRED = 0x00000400,
+ DS_TIMESERV_REQUIRED = 0x00000800,
+ DS_WRITABLE_REQUIRED = 0x00001000,
+ DS_GOOD_TIMESERV_PREFERRED = 0x00002000,
+ DS_AVOID_SELF = 0x00004000,
+ DS_ONLY_LDAP_NEEDED = 0x00008000,
+ DS_IS_FLAT_NAME = 0x00010000,
+ DS_IS_DNS_NAME = 0x00020000,
+ DS_RETURN_DNS_NAME = 0x40000000,
+ DS_RETURN_FLAT_NAME = 0x80000000
+ } netr_DsRGetDCName_flags;
+
+ typedef [v1_enum] enum {
+ DS_ADDRESS_TYPE_INET = 1,
+ DS_ADDRESS_TYPE_NETBIOS = 2
+ } netr_DsRGetDCNameInfo_AddressType;
+
+ typedef [bitmap32bit] bitmap {
+ DS_SERVER_PDC = NBT_SERVER_PDC,
+ DS_SERVER_GC = NBT_SERVER_GC,
+ DS_SERVER_LDAP = NBT_SERVER_LDAP,
+ DS_SERVER_DS = NBT_SERVER_DS,
+ DS_SERVER_KDC = NBT_SERVER_KDC,
+ DS_SERVER_TIMESERV = NBT_SERVER_TIMESERV,
+ DS_SERVER_CLOSEST = NBT_SERVER_CLOSEST,
+ DS_SERVER_WRITABLE = NBT_SERVER_WRITABLE,
+ DS_SERVER_GOOD_TIMESERV = NBT_SERVER_GOOD_TIMESERV,
+ DS_SERVER_NDNC = 0x00000400,
+ DS_DNS_CONTROLLER = 0x20000000,
+ DS_DNS_DOMAIN = 0x40000000,
+ DS_DNS_FOREST = 0x80000000
+ } netr_DsR_DcFlags;
+
typedef struct {
[string,charset(UTF16)] uint16 *dc_unc;
[string,charset(UTF16)] uint16 *dc_address;
- int32 dc_address_type;
+ netr_DsRGetDCNameInfo_AddressType dc_address_type;
GUID domain_guid;
[string,charset(UTF16)] uint16 *domain_name;
[string,charset(UTF16)] uint16 *forest_name;
- uint32 dc_flags;
+ netr_DsR_DcFlags dc_flags;
[string,charset(UTF16)] uint16 *dc_site_name;
[string,charset(UTF16)] uint16 *client_site_name;
} netr_DsRGetDCNameInfo;
@@ -925,7 +977,7 @@ interface netlogon
[in] [string,charset(UTF16)] uint16 *domain_name,
[in] GUID *domain_guid,
[in] GUID *site_guid,
- [in] uint32 flags,
+ [in] netr_DsRGetDCName_flags flags,
[out] netr_DsRGetDCNameInfo *info
);
@@ -951,7 +1003,7 @@ interface netlogon
/****************/
/* Function 0x1a */
- NTSTATUS netr_ServerAuthenticate3(
+ [public] NTSTATUS netr_ServerAuthenticate3(
[in] [string,charset(UTF16)] uint16 *server_name,
[in] [string,charset(UTF16)] uint16 account_name[],
[in] netr_SchannelType secure_channel_type,
@@ -969,7 +1021,7 @@ interface netlogon
[in] [string,charset(UTF16)] uint16 *domain_name,
[in] GUID *domain_guid,
[in] [string,charset(UTF16)] uint16 *site_name,
- [in] uint32 flags,
+ [in] netr_DsRGetDCName_flags flags,
[out] netr_DsRGetDCNameInfo *info
);
@@ -977,17 +1029,12 @@ interface netlogon
/* Function 0x1c */
WERROR netr_DsRGetSiteName(
[in] [string,charset(UTF16)] uint16 *computer_name,
- [out,ref] [string,charset(UTF16)] uint16 **site
+ [out] [string,charset(UTF16)] uint16 *site
);
/****************/
/* Function 0x1d */
- typedef struct {
- uint32 length;
- [size_is(length)] uint8 *data;
- } netr_Blob;
-
typedef [flag(NDR_PAHEX)] struct {
uint16 length;
uint16 size;
@@ -1043,7 +1090,7 @@ interface netlogon
[in,out,ref] netr_Authenticator *return_authenticator,
[in] uint32 level,
[in,switch_is(level)] netr_DomainQuery query,
- [out,ref,switch_is(level)] netr_DomainInfo *info
+ [out,switch_is(level)] netr_DomainInfo info
);
typedef [flag(NDR_PAHEX)] struct {
@@ -1060,12 +1107,20 @@ interface netlogon
[in] [string,charset(UTF16)] uint16 computer_name[],
[in] netr_Authenticator credential,
[in] netr_CryptPassword new_password,
- [out,ref] netr_Authenticator *return_authenticator
+ [out] netr_Authenticator return_authenticator
);
/****************/
/* Function 0x1f */
- WERROR netr_NETRSERVERPASSWORDGET();
+ WERROR netr_ServerPasswordGet(
+ [in] [string,charset(UTF16)] uint16 *server_name,
+ [in] [string,charset(UTF16)] uint16 account_name[],
+ [in] netr_SchannelType secure_channel_type,
+ [in] [string,charset(UTF16)] uint16 computer_name[],
+ [in,ref] netr_Authenticator *credential,
+ [out,ref] netr_Authenticator *return_authenticator,
+ [out,ref] samr_Password *password
+ );
/****************/
/* Function 0x20 */
@@ -1073,18 +1128,33 @@ interface netlogon
/****************/
/* Function 0x21 */
- WERROR netr_DSRADDRESSTOSITENAMESW();
+ typedef struct {
+ uint32 count;
+ [size_is(count)] lsa_String *sitename;
+ } netr_DsRAddressToSitenamesWCtr;
+
+ typedef struct {
+ [size_is(size)] uint8 *buffer;
+ uint32 size;
+ } netr_DsRAddress;
+
+ WERROR netr_DsRAddressToSitenamesW(
+ [in] [string,charset(UTF16)] uint16 *server_name,
+ [in] [range(0,32000)] uint32 count,
+ [in] [size_is(count)] [ref] netr_DsRAddress *addresses,
+ [out] [ref] netr_DsRAddressToSitenamesWCtr **ctr
+ );
/****************/
/* Function 0x22 */
WERROR netr_DsRGetDCNameEx2(
[in] [string,charset(UTF16)] uint16 *server_unc,
[in] [string,charset(UTF16)] uint16 *client_account,
- [in] uint32 mask,
+ [in] samr_AcctFlags mask,
[in] [string,charset(UTF16)] uint16 *domain_name,
[in] GUID *domain_guid,
[in] [string,charset(UTF16)] uint16 *site_name,
- [in] uint32 flags,
+ [in] netr_DsRGetDCName_flags flags,
[out] netr_DsRGetDCNameInfo *info
);
@@ -1094,32 +1164,6 @@ interface netlogon
/****************/
/* Function 0x24 */
- WERROR netr_NETRENUMERATETRUSTEDDOMAINSEX();
-
- /****************/
- /* Function 0x25 */
- WERROR netr_DSRADDRESSTOSITENAMESEXW();
-
- /****************/
- /* Function 0x26 */
- WERROR netr_DSRGETDCSITECOVERAGEW();
-
- /****************/
- /* Function 0x27 */
- NTSTATUS netr_LogonSamLogonEx(
- [in] [string,charset(UTF16)] uint16 *server_name,
- [in] [string,charset(UTF16)] uint16 *computer_name,
- [in] uint16 logon_level,
- [in] [switch_is(logon_level)] netr_LogonLevel logon,
- [in] uint16 validation_level,
- [out,ref] [switch_is(validation_level)] netr_Validation *validation,
- [out,ref] uint8 *authoritative,
- [in,out,ref] uint32 *flags
- );
-
- /****************/
- /* Function 0x28 */
-
typedef [bitmap32bit] bitmap {
NETR_TRUST_FLAG_IN_FOREST = 0x00000001,
NETR_TRUST_FLAG_OUTBOUND = 0x00000002,
@@ -1157,11 +1201,65 @@ interface netlogon
GUID guid;
} netr_DomainTrust;
+ typedef struct {
+ uint32 count;
+ [size_is(count)] netr_DomainTrust *array;
+ } netr_DomainTrustList;
+
+ WERROR netr_NetrEnumerateTrustedDomainsEx(
+ [in] [string,charset(UTF16)] uint16 *server_name,
+ [out,ref] netr_DomainTrustList *dom_trust_list
+ );
+
+ /****************/
+ /* Function 0x25 */
+ typedef struct {
+ uint32 count;
+ [size_is(count)] lsa_String *sitename;
+ [size_is(count)] lsa_String *subnetname;
+ } netr_DsRAddressToSitenamesExWCtr;
+
+ WERROR netr_DsRAddressToSitenamesExW(
+ [in] [string,charset(UTF16)] uint16 *server_name,
+ [in] [range(0,32000)] uint32 count,
+ [in] [size_is(count)] [ref] netr_DsRAddress *addresses,
+ [out] [ref] netr_DsRAddressToSitenamesExWCtr **ctr
+ );
+
+ /****************/
+ /* Function 0x26 */
+
+ typedef struct {
+ uint32 num_sites;
+ [size_is(num_sites)] [unique] lsa_String *sites;
+ } DcSitesCtr;
+
+ WERROR netr_DsrGetDcSiteCoverageW(
+ [in] [string,charset(UTF16)] uint16 *server_name,
+ [out] DcSitesCtr *ctr
+ );
+
+ /****************/
+ /* Function 0x27 */
+ NTSTATUS netr_LogonSamLogonEx(
+ [in] [string,charset(UTF16)] uint16 *server_name,
+ [in] [string,charset(UTF16)] uint16 *computer_name,
+ [in] uint16 logon_level,
+ [in] [switch_is(logon_level)] netr_LogonLevel logon,
+ [in] uint16 validation_level,
+ [out] [switch_is(validation_level)] netr_Validation validation,
+ [out] uint8 authoritative,
+ [in,out] uint32 flags
+ );
+
+ /****************/
+ /* Function 0x28 */
+
WERROR netr_DsrEnumerateDomainTrusts(
[in] [string,charset(UTF16)] uint16 *server_name,
[in] netr_TrustFlags trust_flags,
- [out,ref] uint32 *count,
- [out,ref,size_is(count)] netr_DomainTrust **trusts
+ [out] uint32 count,
+ [out,size_is(count)] netr_DomainTrust *trusts
);
@@ -1171,15 +1269,39 @@ interface netlogon
/****************/
/* Function 0x2a */
- WERROR netr_NETRSERVERTRUSTPASSWORDSGET();
+ NTSTATUS netr_ServerTrustPasswordsGet(
+ [in] [string,charset(UTF16)] uint16 *server_name,
+ [in] [string,charset(UTF16)] uint16 account_name[],
+ [in] netr_SchannelType secure_channel_type,
+ [in] [string,charset(UTF16)] uint16 computer_name[],
+ [in,ref] netr_Authenticator *credential,
+ [out,ref] netr_Authenticator *return_authenticator,
+ [out,ref] samr_Password *password,
+ [out,ref] samr_Password *password2
+ );
/****************/
/* Function 0x2b */
- WERROR netr_DSRGETFORESTTRUSTINFORMATION();
+
+ const int DS_GFTI_UPDATE_TDO = 0x1;
+
+ WERROR netr_DsRGetForestTrustInformation(
+ [in] [string,charset(UTF16)] uint16 *server_name,
+ [in] [string,charset(UTF16)] uint16 *trusted_domain_name,
+ [in] uint32 flags,
+ [out,ref] lsa_ForestTrustInformation **forest_trust_info
+ );
/****************/
/* Function 0x2c */
- WERROR netr_NETRGETFORESTTRUSTINFORMATION();
+ WERROR netr_GetForestTrustInformation(
+ [in] [string,charset(UTF16)] uint16 *server_name,
+ [in,ref] [string,charset(UTF16)] uint16 *trusted_domain_name,
+ [in,ref] netr_Authenticator *credential,
+ [out,ref] netr_Authenticator *return_authenticator,
+ [in] uint32 flags,
+ [out,ref] lsa_ForestTrustInformation **forest_trust_info
+ );
/****************/
/* Function 0x2d */
@@ -1193,9 +1315,9 @@ interface netlogon
[in] uint16 logon_level,
[in] [switch_is(logon_level)] netr_LogonLevel logon,
[in] uint16 validation_level,
- [out,ref] [switch_is(validation_level)] netr_Validation *validation,
- [out,ref] uint8 *authoritative,
- [in,out,ref] uint32 *flags
+ [out] [switch_is(validation_level)] netr_Validation validation,
+ [out] uint8 authoritative,
+ [in,out] uint32 flags
);
/****************/
diff --git a/source3/librpc/idl/samr.idl b/source3/librpc/idl/samr.idl
index afeca3edd6..b6d2b9f941 100644
--- a/source3/librpc/idl/samr.idl
+++ b/source3/librpc/idl/samr.idl
@@ -3,6 +3,7 @@
/*
samr interface definition
*/
+import "misc.idl", "lsa.idl", "security.idl";
/*
Thanks to Todd Sabin for some information from his samr.idl in acltools
@@ -12,8 +13,7 @@
version(1.0),
endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
pointer_default(unique),
- pointer_default_top(unique),
- depends(misc,lsa,security)
+ pointer_default_top(unique)
] interface samr
{
typedef bitmap security_secinfo security_secinfo;
@@ -41,19 +41,72 @@
ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */
} samr_AcctFlags;
+ typedef [bitmap32bit] bitmap {
+ SAMR_ACCESS_CONNECT_TO_SERVER = 0x00000001,
+ SAMR_ACCESS_SHUTDOWN_SERVER = 0x00000002,
+ SAMR_ACCESS_INITIALIZE_SERVER = 0x00000004,
+ SAMR_ACCESS_CREATE_DOMAIN = 0x00000008,
+ SAMR_ACCESS_ENUM_DOMAINS = 0x00000010,
+ SAMR_ACCESS_OPEN_DOMAIN = 0x00000020
+ } samr_ConnectAccessMask;
+
+ typedef [bitmap32bit] bitmap {
+ USER_ACCESS_GET_NAME_ETC = 0x00000001,
+ USER_ACCESS_GET_LOCALE = 0x00000002,
+ USER_ACCESS_SET_LOC_COM = 0x00000004,
+ USER_ACCESS_GET_LOGONINFO = 0x00000008,
+ USER_ACCESS_GET_ATTRIBUTES = 0x00000010,
+ USER_ACCESS_SET_ATTRIBUTES = 0x00000020,
+ USER_ACCESS_CHANGE_PASSWORD = 0x00000040,
+ USER_ACCESS_SET_PASSWORD = 0x00000080,
+ USER_ACCESS_GET_GROUPS = 0x00000100,
+ USER_ACCESS_GET_GROUP_MEMBERSHIP = 0x00000200,
+ USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400
+ } samr_UserAccessMask;
+
+ typedef [bitmap32bit] bitmap {
+ DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001,
+ DOMAIN_ACCESS_SET_INFO_1 = 0x00000002,
+ DOMAIN_ACCESS_LOOKUP_INFO_2 = 0x00000004,
+ DOMAIN_ACCESS_SET_INFO_2 = 0x00000008,
+ DOMAIN_ACCESS_CREATE_USER = 0x00000010,
+ DOMAIN_ACCESS_CREATE_GROUP = 0x00000020,
+ DOMAIN_ACCESS_CREATE_ALIAS = 0x00000040,
+ DOMAIN_ACCESS_LOOKUP_ALIAS = 0x00000080,
+ DOMAIN_ACCESS_ENUM_ACCOUNTS = 0x00000100,
+ DOMAIN_ACCESS_OPEN_ACCOUNT = 0x00000200,
+ DOMAIN_ACCESS_SET_INFO_3 = 0x00000400
+ } samr_DomainAccessMask;
+
+ typedef [bitmap32bit] bitmap {
+ GROUP_ACCESS_LOOKUP_INFO = 0x00000001,
+ GROUP_ACCESS_SET_INFO = 0x00000002,
+ GROUP_ACCESS_ADD_MEMBER = 0x00000004,
+ GROUP_ACCESS_REMOVE_MEMBER = 0x00000008,
+ GROUP_ACCESS_GET_MEMBERS = 0x00000010
+ } samr_GroupAccessMask;
+
+ typedef [bitmap32bit] bitmap {
+ ALIAS_ACCESS_ADD_MEMBER = 0x00000001,
+ ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002,
+ ALIAS_ACCESS_GET_MEMBERS = 0x00000004,
+ ALIAS_ACCESS_LOOKUP_INFO = 0x00000008,
+ ALIAS_ACCESS_SET_INFO = 0x00000010
+ } samr_AliasAccessMask;
+
/******************/
/* Function: 0x00 */
NTSTATUS samr_Connect (
/* notice the lack of [string] */
[in] uint16 *system_name,
- [in] uint32 access_mask,
+ [in] samr_ConnectAccessMask access_mask,
[out,ref] policy_handle *connect_handle
);
/******************/
/* Function: 0x01 */
- NTSTATUS samr_Close (
+ [public] NTSTATUS samr_Close (
[in,out,ref] policy_handle *handle
);
@@ -118,9 +171,9 @@
/************************/
/* Function 0x07 */
- NTSTATUS samr_OpenDomain(
+ [public] NTSTATUS samr_OpenDomain(
[in,ref] policy_handle *connect_handle,
- [in] uint32 access_mask,
+ [in] samr_DomainAccessMask access_mask,
[in,ref] dom_sid2 *sid,
[out,ref] policy_handle *domain_handle
);
@@ -129,10 +182,10 @@
/* Function 0x08 */
/* server roles */
typedef [v1_enum] enum {
- ROLE_STANDALONE = 0,
- ROLE_DOMAIN_MEMBER = 1,
- ROLE_DOMAIN_BDC = 2,
- ROLE_DOMAIN_PDC = 3
+ SAMR_ROLE_STANDALONE = 0,
+ SAMR_ROLE_DOMAIN_MEMBER = 1,
+ SAMR_ROLE_DOMAIN_BDC = 2,
+ SAMR_ROLE_DOMAIN_PDC = 3
} samr_Role;
/* password properties flags */
@@ -256,7 +309,7 @@
NTSTATUS samr_CreateDomainGroup(
[in,ref] policy_handle *domain_handle,
[in,ref] lsa_String *name,
- [in] uint32 access_mask,
+ [in] samr_GroupAccessMask access_mask,
[out,ref] policy_handle *group_handle,
[out,ref] uint32 *rid
);
@@ -277,7 +330,7 @@
NTSTATUS samr_CreateUser(
[in,ref] policy_handle *domain_handle,
[in,ref] lsa_String *account_name,
- [in] uint32 access_mask,
+ [in] samr_UserAccessMask access_mask,
[out,ref] policy_handle *user_handle,
[out,ref] uint32 *rid
);
@@ -305,7 +358,7 @@
NTSTATUS samr_CreateDomAlias(
[in,ref] policy_handle *domain_handle,
[in,ref] lsa_String *alias_name,
- [in] uint32 access_mask,
+ [in] samr_AliasAccessMask access_mask,
[out,ref] policy_handle *alias_handle,
[out,ref] uint32 *rid
);
@@ -337,7 +390,7 @@
/************************/
/* Function 0x11 */
- NTSTATUS samr_LookupNames(
+ [public] NTSTATUS samr_LookupNames(
[in,ref] policy_handle *domain_handle,
[in,range(0,1000)] uint32 num_names,
[in,size_is(1000),length_is(num_names)] lsa_String names[],
@@ -360,7 +413,7 @@
/* Function 0x13 */
NTSTATUS samr_OpenGroup(
[in,ref] policy_handle *domain_handle,
- [in] uint32 access_mask,
+ [in] samr_GroupAccessMask access_mask,
[in] uint32 rid,
[out,ref] policy_handle *group_handle
);
@@ -480,7 +533,7 @@
/* Function 0x1b */
NTSTATUS samr_OpenAlias (
[in,ref] policy_handle *domain_handle,
- [in] uint32 access_mask,
+ [in] samr_AliasAccessMask access_mask,
[in] uint32 rid,
[out,ref] policy_handle *alias_handle
);
@@ -550,9 +603,9 @@
/************************/
/* Function 0x22 */
- NTSTATUS samr_OpenUser(
+ [public] NTSTATUS samr_OpenUser(
[in,ref] policy_handle *domain_handle,
- [in] uint32 access_mask,
+ [in] samr_UserAccessMask access_mask,
[in] uint32 rid,
[out,ref] policy_handle *user_handle
);
@@ -684,20 +737,36 @@
/* this defines the bits used for fields_present in info21 */
typedef [bitmap32bit] bitmap {
- SAMR_FIELD_ACCOUNT_NAME = 0x00000001,
- SAMR_FIELD_FULL_NAME = 0x00000002,
- SAMR_FIELD_DESCRIPTION = 0x00000010,
- SAMR_FIELD_COMMENT = 0x00000020,
- SAMR_FIELD_LOGON_SCRIPT = 0x00000100,
- SAMR_FIELD_PROFILE_PATH = 0x00000200,
- SAMR_FIELD_WORKSTATIONS = 0x00000400,
- SAMR_FIELD_LOGON_HOURS = 0x00002000,
- SAMR_FIELD_ACCT_FLAGS = 0x00100000,
- SAMR_FIELD_PARAMETERS = 0x00200000,
- SAMR_FIELD_COUNTRY_CODE = 0x00400000,
- SAMR_FIELD_CODE_PAGE = 0x00800000,
- SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */
- SAMR_FIELD_PASSWORD2 = 0x02000000 /* two bits seems to work */
+ SAMR_FIELD_ACCOUNT_NAME = 0x00000001,
+ SAMR_FIELD_FULL_NAME = 0x00000002,
+ SAMR_FIELD_RID = 0x00000004,
+ SAMR_FIELD_PRIMARY_GID = 0x00000008,
+ SAMR_FIELD_DESCRIPTION = 0x00000010,
+ SAMR_FIELD_COMMENT = 0x00000020,
+ SAMR_FIELD_HOME_DIRECTORY = 0x00000040,
+ SAMR_FIELD_HOME_DRIVE = 0x00000080,
+ SAMR_FIELD_LOGON_SCRIPT = 0x00000100,
+ SAMR_FIELD_PROFILE_PATH = 0x00000200,
+ SAMR_FIELD_WORKSTATIONS = 0x00000400,
+ SAMR_FIELD_LAST_LOGON = 0x00000800,
+ SAMR_FIELD_LAST_LOGOFF = 0x00001000,
+ SAMR_FIELD_LOGON_HOURS = 0x00002000,
+ SAMR_FIELD_BAD_PWD_COUNT = 0x00004000,
+ SAMR_FIELD_NUM_LOGONS = 0x00008000,
+ SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000,
+ SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000,
+ SAMR_FIELD_LAST_PWD_CHANGE = 0x00040000,
+ SAMR_FIELD_ACCT_EXPIRY = 0x00080000,
+ SAMR_FIELD_ACCT_FLAGS = 0x00100000,
+ SAMR_FIELD_PARAMETERS = 0x00200000,
+ SAMR_FIELD_COUNTRY_CODE = 0x00400000,
+ SAMR_FIELD_CODE_PAGE = 0x00800000,
+ SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */
+ SAMR_FIELD_PASSWORD2 = 0x02000000, /* two bits seems to work */
+ SAMR_FIELD_PRIVATE_DATA = 0x04000000,
+ SAMR_FIELD_EXPIRED_FLAG = 0x08000000,
+ SAMR_FIELD_SEC_DESC = 0x10000000,
+ SAMR_FIELD_OWF_PWD = 0x20000000
} samr_FieldsPresent;
typedef struct {
@@ -790,7 +859,7 @@
[case(26)] samr_UserInfo26 info26;
} samr_UserInfo;
- NTSTATUS samr_QueryUserInfo(
+ [public] NTSTATUS samr_QueryUserInfo(
[in,ref] policy_handle *user_handle,
[in] uint16 level,
[out,switch_is(level)] samr_UserInfo *info
@@ -799,7 +868,7 @@
/************************/
/* Function 0x25 */
- NTSTATUS samr_SetUserInfo(
+ [public] NTSTATUS samr_SetUserInfo(
[in,ref] policy_handle *user_handle,
[in] uint16 level,
[in,ref,switch_is(level)] samr_UserInfo *info
@@ -855,8 +924,8 @@
uint32 rid;
samr_AcctFlags acct_flags;
lsa_String account_name;
- lsa_String full_name;
lsa_String description;
+ lsa_String full_name;
} samr_DispEntryGeneral;
typedef struct {
@@ -879,6 +948,19 @@
typedef struct {
uint32 idx;
+ uint32 rid;
+ samr_GroupAttrs acct_flags;
+ lsa_String account_name;
+ lsa_String description;
+ } samr_DispEntryFullGroup;
+
+ typedef struct {
+ uint32 count;
+ [size_is(count)] samr_DispEntryFullGroup *entries;
+ } samr_DispInfoFullGroups;
+
+ typedef struct {
+ uint32 idx;
lsa_AsciiString account_name;
} samr_DispEntryAscii;
@@ -890,7 +972,7 @@
typedef [switch_type(uint16)] union {
[case(1)] samr_DispInfoGeneral info1;/* users */
[case(2)] samr_DispInfoFull info2; /* trust accounts? */
- [case(3)] samr_DispInfoFull info3; /* groups */
+ [case(3)] samr_DispInfoFullGroups info3; /* groups */
[case(4)] samr_DispInfoAscii info4; /* users */
[case(5)] samr_DispInfoAscii info5; /* groups */
} samr_DispInfo;
@@ -958,7 +1040,7 @@
samr_PasswordProperties password_properties;
} samr_PwInfo;
- NTSTATUS samr_GetUserPwInfo(
+ [public] NTSTATUS samr_GetUserPwInfo(
[in,ref] policy_handle *user_handle,
[out] samr_PwInfo info
);
@@ -1031,7 +1113,7 @@
[in,ref] policy_handle *domain_handle,
[in,ref] lsa_String *account_name,
[in] samr_AcctFlags acct_flags,
- [in] uint32 access_mask,
+ [in] samr_UserAccessMask access_mask,
[out,ref] policy_handle *user_handle,
[out,ref] uint32 *access_granted,
[out,ref] uint32 *rid
@@ -1102,7 +1184,7 @@
/* Function 0x39 */
NTSTATUS samr_Connect2(
[in,string,charset(UTF16)] uint16 *system_name,
- [in] uint32 access_mask,
+ [in] samr_ConnectAccessMask access_mask,
[out,ref] policy_handle *connect_handle
);
@@ -1111,7 +1193,7 @@
/*
seems to be an exact alias for samr_SetUserInfo()
*/
- NTSTATUS samr_SetUserInfo2(
+ [public] NTSTATUS samr_SetUserInfo2(
[in,ref] policy_handle *user_handle,
[in] uint16 level,
[in,ref,switch_is(level)] samr_UserInfo *info
@@ -1142,7 +1224,7 @@
[in,string,charset(UTF16)] uint16 *system_name,
/* this unknown value seems to be completely ignored by w2k3 */
[in] uint32 unknown,
- [in] uint32 access_mask,
+ [in] samr_ConnectAccessMask access_mask,
[out,ref] policy_handle *connect_handle
);
@@ -1151,7 +1233,7 @@
NTSTATUS samr_Connect4(
[in,string,charset(UTF16)] uint16 *system_name,
[in] uint32 unknown,
- [in] uint32 access_mask,
+ [in] samr_ConnectAccessMask access_mask,
[out,ref] policy_handle *connect_handle
);
@@ -1191,9 +1273,9 @@
[case(1)] samr_ConnectInfo1 info1;
} samr_ConnectInfo;
- NTSTATUS samr_Connect5(
+ [public] NTSTATUS samr_Connect5(
[in,string,charset(UTF16)] uint16 *system_name,
- [in] uint32 access_mask,
+ [in] samr_ConnectAccessMask access_mask,
[in,out] uint32 level,
[in,out,switch_is(level),ref] samr_ConnectInfo *info,
[out,ref] policy_handle *connect_handle
@@ -1226,9 +1308,99 @@
/************************/
/* Function 0x43 */
- /*
- I haven't been able to work out the format of this one yet.
- Seems to start with a switch level for a union?
- */
- NTSTATUS samr_ValidatePassword();
+ /************************/
+ typedef [bitmap32bit] bitmap {
+ SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET = 0x00000001,
+ SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME = 0x00000002,
+ SAMR_VALIDATE_FIELD_LOCKOUT_TIME = 0x00000004,
+ SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT = 0x00000008,
+ SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH = 0x00000010,
+ SAMR_VALIDATE_FIELD_PASSWORD_HISTORY = 0x00000020
+ } samr_ValidateFieldsPresent;
+
+ typedef enum {
+ NetValidateAuthentication = 1,
+ NetValidatePasswordChange= 2,
+ NetValidatePasswordReset = 3
+ } samr_ValidatePasswordLevel;
+
+ /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't
+ * identified the mapping of
+ * - NERR_PasswordFilterError
+ * - NERR_PasswordExpired and
+ * - NERR_PasswordCantChange
+ * yet - Guenther
+ */
+
+ typedef enum {
+ SAMR_VALIDATION_STATUS_SUCCESS = 0,
+ SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1,
+ SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2,
+ SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4,
+ SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5,
+ SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6,
+ SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7,
+ SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8,
+ SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9
+ } samr_ValidationStatus;
+
+ typedef struct {
+ uint32 length;
+ [size_is(length)] uint8 *data;
+ } samr_ValidationBlob;
+
+ typedef struct {
+ samr_ValidateFieldsPresent fields_present;
+ NTTIME_hyper last_password_change;
+ NTTIME_hyper bad_password_time;
+ NTTIME_hyper lockout_time;
+ uint32 bad_pwd_count;
+ uint32 pwd_history_len;
+ [size_is(pwd_history_len)] samr_ValidationBlob *pwd_history;
+ } samr_ValidatePasswordInfo;
+
+ typedef struct {
+ samr_ValidatePasswordInfo info;
+ samr_ValidationStatus status;
+ } samr_ValidatePasswordRepCtr;
+
+ typedef [switch_type(uint16)] union {
+ [case(1)] samr_ValidatePasswordRepCtr ctr1;
+ [case(2)] samr_ValidatePasswordRepCtr ctr2;
+ [case(3)] samr_ValidatePasswordRepCtr ctr3;
+ } samr_ValidatePasswordRep;
+
+ typedef struct {
+ samr_ValidatePasswordInfo info;
+ lsa_StringLarge password;
+ lsa_StringLarge account;
+ samr_ValidationBlob hash;
+ boolean8 pwd_must_change_at_next_logon;
+ boolean8 clear_lockout;
+ } samr_ValidatePasswordReq3;
+
+ typedef struct {
+ samr_ValidatePasswordInfo info;
+ lsa_StringLarge password;
+ lsa_StringLarge account;
+ samr_ValidationBlob hash;
+ boolean8 password_matched;
+ } samr_ValidatePasswordReq2;
+
+ typedef struct {
+ samr_ValidatePasswordInfo info;
+ boolean8 password_matched;
+ } samr_ValidatePasswordReq1;
+
+ typedef [switch_type(uint16)] union {
+ [case(1)] samr_ValidatePasswordReq1 req1;
+ [case(2)] samr_ValidatePasswordReq2 req2;
+ [case(3)] samr_ValidatePasswordReq3 req3;
+ } samr_ValidatePasswordReq;
+
+ NTSTATUS samr_ValidatePassword(
+ [in] samr_ValidatePasswordLevel level,
+ [in,switch_is(level)] samr_ValidatePasswordReq req,
+ [out,switch_is(level)] samr_ValidatePasswordRep *rep
+ );
}