diff options
Diffstat (limited to 'source3/librpc/idl')
-rw-r--r-- | source3/librpc/idl/dfs.idl | 34 | ||||
-rw-r--r-- | source3/librpc/idl/dssetup.idl | 101 | ||||
-rw-r--r-- | source3/librpc/idl/echo.idl | 8 | ||||
-rw-r--r-- | source3/librpc/idl/eventlog.idl | 7 | ||||
-rw-r--r-- | source3/librpc/idl/initshutdown.idl | 4 | ||||
-rw-r--r-- | source3/librpc/idl/libnet_join.idl | 60 | ||||
-rw-r--r-- | source3/librpc/idl/lsa.idl | 147 | ||||
-rw-r--r-- | source3/librpc/idl/misc.idl | 5 | ||||
-rw-r--r-- | source3/librpc/idl/netlogon.idl | 310 | ||||
-rw-r--r-- | source3/librpc/idl/samr.idl | 356 | ||||
-rw-r--r-- | source3/librpc/idl/security.idl | 40 | ||||
-rw-r--r-- | source3/librpc/idl/srvsvc.idl | 4 | ||||
-rw-r--r-- | source3/librpc/idl/winreg.idl | 2 | ||||
-rw-r--r-- | source3/librpc/idl/wkssvc.idl | 2 | ||||
-rw-r--r-- | source3/librpc/idl/xattr.idl | 23 |
15 files changed, 860 insertions, 243 deletions
diff --git a/source3/librpc/idl/dfs.idl b/source3/librpc/idl/dfs.idl index 2b519b15d5..d4c05f9936 100644 --- a/source3/librpc/idl/dfs.idl +++ b/source3/librpc/idl/dfs.idl @@ -5,7 +5,8 @@ [ uuid("4fc742e0-4a10-11cf-8273-00aa004ae673"), version(3.0), pointer_default(unique), - helpstring("Settings for Microsoft Distributed File System") + helpstring("Settings for Microsoft Distributed File System"), + endpoint("ncacn_np:[\\pipe\\netdfs]", "ncacn_ip_tcp:", "ncalrpc:") ] interface netdfs { /******************/ @@ -49,12 +50,11 @@ [string,charset(UTF16)] uint16 *path; } dfs_Info1; - /* first 4 bits unverified yet */ typedef [public,bitmap32bit] bitmap { DFS_VOLUME_STATE_OK = 0x1, DFS_VOLUME_STATE_INCONSISTENT = 0x2, - DFS_VOLUME_STATE_OFFLINE = 0x4, - DFS_VOLUME_STATE_ONLINE = 0x8, + DFS_VOLUME_STATE_OFFLINE = 0x3, + DFS_VOLUME_STATE_ONLINE = 0x4, DFS_VOLUME_STATE_STANDALONE = DFS_VOLUME_FLAVOR_STANDALONE, DFS_VOLUME_STATE_AD_BLOB = DFS_VOLUME_FLAVOR_AD_BLOB } dfs_VolumeState; @@ -263,6 +263,16 @@ typedef struct { uint32 count; + [size_is(count)] dfs_Info5 *s; + } dfs_EnumArray5; + + typedef struct { + uint32 count; + [size_is(count)] dfs_Info6 *s; + } dfs_EnumArray6; + + typedef struct { + uint32 count; [size_is(count)] dfs_Info200 *s; } dfs_EnumArray200; @@ -277,6 +287,8 @@ [case(2)] dfs_EnumArray2 *info2; [case(3)] dfs_EnumArray3 *info3; [case(4)] dfs_EnumArray4 *info4; + [case(5)] dfs_EnumArray5 *info5; + [case(6)] dfs_EnumArray6 *info6; [case(200)] dfs_EnumArray200 *info200; [case(300)] dfs_EnumArray300 *info300; } dfs_EnumInfo; @@ -363,10 +375,20 @@ ); /* Function 0x10 */ - WERROR dfs_GetDcAddress(); + WERROR dfs_GetDcAddress( + [in] [string,charset(UTF16)] uint16 servername[], + [in,out,ref] [string,charset(UTF16)] uint16 **server_fullname, + [in,out,ref] boolean8 *is_root, + [in,out,ref] uint32 *ttl + ); /* Function 0x11 */ - WERROR dfs_SetDcAddress(); + WERROR dfs_SetDcAddress( + [in] [string,charset(UTF16)] uint16 servername[], + [in] [string,charset(UTF16)] uint16 server_fullname[], + [in] uint32 flags, + [in] uint32 ttl + ); /* Function 0x12 */ WERROR dfs_FlushFtTable( diff --git a/source3/librpc/idl/dssetup.idl b/source3/librpc/idl/dssetup.idl new file mode 100644 index 0000000000..af6350cc43 --- /dev/null +++ b/source3/librpc/idl/dssetup.idl @@ -0,0 +1,101 @@ +/* + dssetup interface definition +*/ + +import "misc.idl"; + +[ + uuid("3919286a-b10c-11d0-9ba8-00c04fd92ef5"), + version(0.0), + endpoint("ncacn_np:[\\pipe\\lsarpc]", "ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:", "ncalrpc:"), + pointer_default(unique), + helpstring("Active Directory Setup") +] interface dssetup +{ + /**********************************************/ + /* Function 0x00 */ + + typedef enum { + DS_ROLE_STANDALONE_WORKSTATION = 0, + DS_ROLE_MEMBER_WORKSTATION = 1, + DS_ROLE_STANDALONE_SERVER = 2, + DS_ROLE_MEMBER_SERVER = 3, + DS_ROLE_BACKUP_DC = 4, + DS_ROLE_PRIMARY_DC = 5 + } dssetup_DsRole; + + typedef [bitmap32bit] bitmap { + DS_ROLE_PRIMARY_DS_RUNNING = 0x00000001, + DS_ROLE_PRIMARY_DS_MIXED_MODE = 0x00000002, + DS_ROLE_UPGRADE_IN_PROGRESS = 0x00000004, + DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT = 0x01000000 + } dssetup_DsRoleFlags; + + typedef struct { + dssetup_DsRole role; + dssetup_DsRoleFlags flags; + [charset(UTF16),string] uint16 *domain; + [charset(UTF16),string] uint16 *dns_domain; + [charset(UTF16),string] uint16 *forest; + GUID domain_guid; + } dssetup_DsRolePrimaryDomInfoBasic; + + typedef [v1_enum] enum { + DS_ROLE_NOT_UPGRADING = 0, + DS_ROLE_UPGRADING = 1 + } dssetup_DsUpgrade; + + typedef enum { + DS_ROLE_PREVIOUS_UNKNOWN = 0, + DS_ROLE_PREVIOUS_PRIMARY = 1, + DS_ROLE_PREVIOUS_BACKUP = 2 + } dssetup_DsPrevious; + + typedef struct { + dssetup_DsUpgrade upgrading; + dssetup_DsPrevious previous_role; + } dssetup_DsRoleUpgradeStatus; + + typedef enum { + DS_ROLE_OP_IDLE = 0, + DS_ROLE_OP_ACTIVE = 1, + DS_ROLE_OP_NEEDS_REBOOT = 2 + } dssetup_DsRoleOp; + + typedef struct { + dssetup_DsRoleOp status; + } dssetup_DsRoleOpStatus; + + typedef enum { + DS_ROLE_BASIC_INFORMATION = 1, + DS_ROLE_UPGRADE_STATUS = 2, + DS_ROLE_OP_STATUS = 3 + } dssetup_DsRoleInfoLevel; + + typedef [switch_type(dssetup_DsRoleInfoLevel)] union { + [case(DS_ROLE_BASIC_INFORMATION)] dssetup_DsRolePrimaryDomInfoBasic basic; + [case(DS_ROLE_UPGRADE_STATUS)] dssetup_DsRoleUpgradeStatus upgrade; + [case(DS_ROLE_OP_STATUS)] dssetup_DsRoleOpStatus opstatus; + } dssetup_DsRoleInfo; + + WERROR dssetup_DsRoleGetPrimaryDomainInformation( + [in] dssetup_DsRoleInfoLevel level, + [out,switch_is(level),unique] dssetup_DsRoleInfo *info + ); + + /* + w2k3 has removed all the calls below from their implementation. + These stubs are left here only as a way of documenting the names + of the calls in case they ever turn up on the wire. + */ + WERROR dssetup_DsRoleDnsNameToFlatName(); + WERROR dssetup_DsRoleDcAsDc(); + WERROR dssetup_DsRoleDcAsReplica(); + WERROR dssetup_DsRoleDemoteDc(); + WERROR dssetup_DsRoleGetDcOperationProgress(); + WERROR dssetup_DsRoleGetDcOperationResults(); + WERROR dssetup_DsRoleCancel(); + WERROR dssetup_DsRoleServerSaveStateForUpgrade(); + WERROR dssetup_DsRoleUpgradeDownlevelServer(); + WERROR dssetup_DsRoleAbortDownlevelServerUpgrade(); +} diff --git a/source3/librpc/idl/echo.idl b/source3/librpc/idl/echo.idl index fa030be761..5ea37f1ac1 100644 --- a/source3/librpc/idl/echo.idl +++ b/source3/librpc/idl/echo.idl @@ -50,9 +50,9 @@ interface rpcecho uint32 v; } echo_info3; - typedef struct { + struct echo_info4 { hyper v; - } echo_info4; + }; typedef struct { uint8 v1; @@ -66,14 +66,14 @@ interface rpcecho typedef struct { uint8 v1; - echo_info4 info4; + struct echo_info4 info4; } echo_info7; typedef [switch_type(uint16)] union { [case(1)] echo_info1 info1; [case(2)] echo_info2 info2; [case(3)] echo_info3 info3; - [case(4)] echo_info4 info4; + [case(4)] struct echo_info4 info4; [case(5)] echo_info5 info5; [case(6)] echo_info6 info6; [case(7)] echo_info7 info7; diff --git a/source3/librpc/idl/eventlog.idl b/source3/librpc/idl/eventlog.idl index e088137ccf..3defd99400 100644 --- a/source3/librpc/idl/eventlog.idl +++ b/source3/librpc/idl/eventlog.idl @@ -3,6 +3,7 @@ /* eventlog interface definition */ + import "lsa.idl", "security.idl"; [ uuid("82273fdc-e32a-18c3-3f78-827929dc23ea"), @@ -80,7 +81,7 @@ import "lsa.idl", "security.idl"; /* Function: 0x04 */ NTSTATUS eventlog_GetNumRecords( [in] policy_handle *handle, - [out,ref] uint32 *number + [out] uint32 *number ); /******************/ @@ -118,8 +119,8 @@ import "lsa.idl", "security.idl"; [in] uint32 offset, [in] uint32 number_of_bytes, [out,size_is(number_of_bytes)] uint8 *data, - [out,ref] uint32 *sent_size, - [out,ref] uint32 *real_size + [out] uint32 *sent_size, + [out] uint32 *real_size ); /*****************/ diff --git a/source3/librpc/idl/initshutdown.idl b/source3/librpc/idl/initshutdown.idl index 50d49637c2..868e48e28a 100644 --- a/source3/librpc/idl/initshutdown.idl +++ b/source3/librpc/idl/initshutdown.idl @@ -18,8 +18,8 @@ } initshutdown_String_sub; typedef [public] struct { - [value(strlen_m(r->name->name)*2)] uint16 name_len; - [value(strlen_m_term(r->name->name)*2)] uint16 name_size; + [value(strlen_m(name->name)*2)] uint16 name_len; + [value(strlen_m_term(name->name)*2)] uint16 name_size; initshutdown_String_sub *name; } initshutdown_String; diff --git a/source3/librpc/idl/libnet_join.idl b/source3/librpc/idl/libnet_join.idl new file mode 100644 index 0000000000..2741b7bd7b --- /dev/null +++ b/source3/librpc/idl/libnet_join.idl @@ -0,0 +1,60 @@ +#include "idl_types.h" + +import "wkssvc.idl", "security.idl"; + +/* + libnetjoin interface definition +*/ + +[ + pointer_default(unique) +] +interface libnetjoin +{ + typedef bitmap wkssvc_joinflags wkssvc_joinflags; + + [nopush,nopull] WERROR libnet_JoinCtx( + [in] string dc_name, + [in] string machine_name, + [in,ref] string *domain_name, + [in] string account_ou, + [in] string admin_account, + [in] string admin_password, + [in] string machine_password, + [in] wkssvc_joinflags join_flags, + [in] string os_version, + [in] string os_name, + [in] boolean8 create_upn, + [in] string upn, + [in] boolean8 modify_config, + [in] ads_struct *ads, + [in] boolean8 debug, + [out] string account_name, + [out] string netbios_domain_name, + [out] string dns_domain_name, + [out] string dn, + [out] dom_sid *domain_sid, + [out] boolean8 modified_config, + [out] string error_string, + [out] boolean8 domain_is_ad + ); + + [nopush,nopull] WERROR libnet_UnjoinCtx( + [in] string dc_name, + [in] string machine_name, + [in] string domain_name, + [in] string account_ou, + [in] string admin_account, + [in] string admin_password, + [in] string machine_password, + [in] wkssvc_joinflags unjoin_flags, + [in] boolean8 modify_config, + [in] dom_sid *domain_sid, + [in] ads_struct *ads, + [in] boolean8 debug, + [out] string netbios_domain_name, + [out] string dns_domain_name, + [out] boolean8 modified_config, + [out] string error_string + ); +} diff --git a/source3/librpc/idl/lsa.idl b/source3/librpc/idl/lsa.idl index 556ab21af4..8d26ec0aad 100644 --- a/source3/librpc/idl/lsa.idl +++ b/source3/librpc/idl/lsa.idl @@ -13,7 +13,7 @@ import "security.idl"; helpstring("Local Security Authority") ] interface lsarpc { - declare bitmap security_secinfo; + typedef bitmap security_secinfo security_secinfo; typedef [public,noejs] struct { [value(2*strlen_m(string))] uint16 length; @@ -47,7 +47,7 @@ import "security.idl"; /******************/ /* Function: 0x01 */ - NTSTATUS lsa_Delete ( + [public] NTSTATUS lsa_Delete ( [in] policy_handle *handle ); @@ -69,7 +69,7 @@ import "security.idl"; [size_is(count)] lsa_PrivEntry *privs; } lsa_PrivArray; - NTSTATUS lsa_EnumPrivs ( + [public] NTSTATUS lsa_EnumPrivs ( [in] policy_handle *handle, [in,out] uint32 *resume_handle, [in] uint32 max_count, @@ -116,7 +116,7 @@ import "security.idl"; /* notice the screwup with the system_name - thats why MS created OpenPolicy2 */ - NTSTATUS lsa_OpenPolicy ( + [public] NTSTATUS lsa_OpenPolicy ( [in,unique] uint16 *system_name, [in] lsa_ObjectAttribute *attr, [in] uint32 access_mask, @@ -138,9 +138,29 @@ import "security.idl"; uint32 unknown; } lsa_AuditLogInfo; + typedef [v1_enum] enum { + LSA_AUDIT_POLICY_NONE=0, + LSA_AUDIT_POLICY_SUCCESS=1, + LSA_AUDIT_POLICY_FAILURE=2, + LSA_AUDIT_POLICY_ALL=(LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE), + LSA_AUDIT_POLICY_CLEAR=4 + } lsa_PolicyAuditPolicy; + + typedef enum { + LSA_AUDIT_CATEGORY_SYSTEM = 0, + LSA_AUDIT_CATEGORY_LOGON = 1, + LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS = 2, + LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS = 3, + LSA_AUDIT_CATEGORY_PROCCESS_TRACKING = 4, + LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES = 5, + LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT = 6, + LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS = 7, /* only in win2k/2k3 */ + LSA_AUDIT_CATEGORY_ACCOUNT_LOGON = 8 /* only in win2k/2k3 */ + } lsa_PolicyAuditEventType; + typedef struct { uint32 auditing_mode; - [size_is(count)] uint32 *settings; + [size_is(count)] lsa_PolicyAuditPolicy *settings; uint32 count; } lsa_AuditEventsInfo; @@ -214,7 +234,7 @@ import "security.idl"; LSA_POLICY_INFO_AUDIT_FULL_SET=10, LSA_POLICY_INFO_AUDIT_FULL_QUERY=11, LSA_POLICY_INFO_DNS=12 - } lsaPolicyInfo; + } lsa_PolicyInfo; typedef [switch_type(uint16)] union { [case(LSA_POLICY_INFO_AUDIT_LOG)] lsa_AuditLogInfo audit_log; @@ -233,13 +253,17 @@ import "security.idl"; NTSTATUS lsa_QueryInfoPolicy ( [in] policy_handle *handle, - [in] uint16 level, + [in] lsa_PolicyInfo level, [out,unique,switch_is(level)] lsa_PolicyInformation *info ); /******************/ /* Function: 0x08 */ - NTSTATUS lsa_SetInfoPolicy (); + NTSTATUS lsa_SetInfoPolicy ( + [in] policy_handle *handle, + [in] lsa_PolicyInfo level, + [in,switch_is(level)] lsa_PolicyInformation *info + ); /******************/ /* Function: 0x09 */ @@ -247,7 +271,7 @@ import "security.idl"; /******************/ /* Function: 0x0a */ - NTSTATUS lsa_CreateAccount ( + [public] NTSTATUS lsa_CreateAccount ( [in] policy_handle *handle, [in] dom_sid2 *sid, [in] uint32 access_mask, @@ -268,7 +292,7 @@ import "security.idl"; [size_is(num_sids)] lsa_SidPtr *sids; } lsa_SidArray; - NTSTATUS lsa_EnumAccounts ( + [public] NTSTATUS lsa_EnumAccounts ( [in] policy_handle *handle, [in,out] uint32 *resume_handle, [in,range(0,8192)] uint32 num_entries, @@ -279,7 +303,7 @@ import "security.idl"; /*************************************************/ /* Function: 0x0c */ - NTSTATUS lsa_CreateTrustedDomain( + [public] NTSTATUS lsa_CreateTrustedDomain( [in] policy_handle *handle, [in] lsa_DomainInfo *info, [in] uint32 access_mask, @@ -301,7 +325,7 @@ import "security.idl"; NTSTATUS lsa_EnumTrustDom ( [in] policy_handle *handle, [in,out] uint32 *resume_handle, - [in,range(0,1000)] uint32 max_size, + [in] uint32 max_size, [out] lsa_DomainList *domains ); @@ -339,13 +363,30 @@ import "security.idl"; uint32 max_size; } lsa_RefDomainList; - NTSTATUS lsa_LookupNames ( + /* Level 1: Ask everywhere + * Level 2: Ask domain and trusted domains, no builtin and wkn + * Level 3: Only ask domain + * Level 4: W2k3ad: Only ask AD trusts + * Level 5: Only ask transitive forest trusts + * Level 6: Like 4 + */ + + typedef enum { + LSA_LOOKUP_NAMES_ALL = 1, + LSA_LOOKUP_NAMES_DOMAINS_ONLY = 2, + LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3, + LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY = 4, + LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY = 5, + LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6 + } lsa_LookupNamesLevel; + + [public] NTSTATUS lsa_LookupNames ( [in] policy_handle *handle, [in,range(0,1000)] uint32 num_names, [in,size_is(num_names)] lsa_String names[], [out,unique] lsa_RefDomainList *domains, [in,out] lsa_TransSidArray *sids, - [in] uint16 level, + [in] lsa_LookupNamesLevel level, [in,out] uint32 *count ); @@ -364,7 +405,7 @@ import "security.idl"; [size_is(count)] lsa_TranslatedName *names; } lsa_TransNameArray; - NTSTATUS lsa_LookupSids ( + [public] NTSTATUS lsa_LookupSids ( [in] policy_handle *handle, [in] lsa_SidArray *sids, [out,unique] lsa_RefDomainList *domains, @@ -375,7 +416,7 @@ import "security.idl"; /* Function: 0x10 */ - NTSTATUS lsa_CreateSecret( + [public] NTSTATUS lsa_CreateSecret( [in] policy_handle *handle, [in] lsa_String name, [in] uint32 access_mask, @@ -555,7 +596,7 @@ import "security.idl"; NTSTATUS lsa_SetInformationTrustedDomain(); /* Function: 0x1c */ - NTSTATUS lsa_OpenSecret( + [public] NTSTATUS lsa_OpenSecret( [in] policy_handle *handle, [in] lsa_String name, [in] uint32 access_mask, @@ -564,7 +605,7 @@ import "security.idl"; /* Function: 0x1d */ - NTSTATUS lsa_SetSecret( + [public] NTSTATUS lsa_SetSecret( [in] policy_handle *sec_handle, [in,unique] lsa_DATA_BUF *new_val, [in,unique] lsa_DATA_BUF *old_val @@ -575,7 +616,7 @@ import "security.idl"; } lsa_DATA_BUF_PTR; /* Function: 0x1e */ - NTSTATUS lsa_QuerySecret ( + [public] NTSTATUS lsa_QuerySecret ( [in] policy_handle *sec_handle, [in,out,unique] lsa_DATA_BUF_PTR *new_val, [in,out,unique] NTTIME_hyper *new_mtime, @@ -681,7 +722,7 @@ import "security.idl"; /**********************/ /* Function: 0x2c */ - NTSTATUS lsa_OpenPolicy2 ( + [public] NTSTATUS lsa_OpenPolicy2 ( [in,unique] [string,charset(UTF16)] uint16 *system_name, [in] lsa_ObjectAttribute *attr, [in] uint32 access_mask, @@ -705,12 +746,16 @@ import "security.idl"; NTSTATUS lsa_QueryInfoPolicy2( [in] policy_handle *handle, - [in] uint16 level, + [in] lsa_PolicyInfo level, [out,unique,switch_is(level)] lsa_PolicyInformation *info ); /* Function 0x2f */ - NTSTATUS lsa_SetInfoPolicy2(); + NTSTATUS lsa_SetInfoPolicy2( + [in] policy_handle *handle, + [in] lsa_PolicyInfo level, + [in,switch_is(level)] lsa_PolicyInformation *info + ); /**********************/ /* Function 0x30 */ @@ -824,7 +869,7 @@ import "security.idl"; [size_is(count)] lsa_TranslatedName2 *names; } lsa_TransNameArray2; - NTSTATUS lsa_LookupSids2( + [public] NTSTATUS lsa_LookupSids2( [in] policy_handle *handle, [in] lsa_SidArray *sids, [out,unique] lsa_RefDomainList *domains, @@ -850,13 +895,13 @@ import "security.idl"; [size_is(count)] lsa_TranslatedSid2 *sids; } lsa_TransSidArray2; - NTSTATUS lsa_LookupNames2 ( + [public] NTSTATUS lsa_LookupNames2 ( [in] policy_handle *handle, [in,range(0,1000)] uint32 num_names, [in,size_is(num_names)] lsa_String names[], [out,unique] lsa_RefDomainList *domains, [in,out] lsa_TransSidArray2 *sids, - [in] uint16 level, + [in] lsa_LookupNamesLevel level, [in,out] uint32 *count, [in] uint32 unknown1, [in] uint32 unknown2 @@ -903,13 +948,13 @@ import "security.idl"; [size_is(count)] lsa_TranslatedSid3 *sids; } lsa_TransSidArray3; - NTSTATUS lsa_LookupNames3 ( + [public] NTSTATUS lsa_LookupNames3 ( [in] policy_handle *handle, [in,range(0,1000)] uint32 num_names, [in,size_is(num_names)] lsa_String names[], [out,unique] lsa_RefDomainList *domains, [in,out] lsa_TransSidArray3 *sids, - [in] uint16 level, + [in] lsa_LookupNamesLevel level, [in,out] uint32 *count, [in] uint32 unknown1, [in] uint32 unknown2 @@ -928,7 +973,49 @@ import "security.idl"; NTSTATUS lsa_LSARUNREGISTERAUDITEVENT(); /* Function 0x49 */ - NTSTATUS lsa_LSARQUERYFORESTTRUSTINFORMATION(); + typedef struct { + [range(0,131072)] uint32 length; + [size_is(length)] uint8 *data; + } lsa_ForestTrustBinaryData; + + typedef struct { + dom_sid2 *domain_sid; + lsa_StringLarge dns_domain_name; + lsa_StringLarge netbios_domain_name; + } lsa_ForestTrustDomainInfo; + + typedef [switch_type(uint32)] union { + [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_String top_level_name; + [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex; + [case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info; + [default] lsa_ForestTrustBinaryData data; + } lsa_ForestTrustData; + + typedef [v1_enum] enum { + LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0, + LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1, + LSA_FOREST_TRUST_DOMAIN_INFO = 2, + LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3 + } lsa_ForestTrustRecordType; + + typedef struct { + uint32 flags; + lsa_ForestTrustRecordType level; + hyper unknown; + [switch_is(level)] lsa_ForestTrustData forest_trust_data; + } lsa_ForestTrustRecord; + + typedef [public] struct { + [range(0,4000)] uint32 count; + [size_is(count)] lsa_ForestTrustRecord **entries; + } lsa_ForestTrustInformation; + + NTSTATUS lsa_lsaRQueryForestTrustInformation( + [in] policy_handle *handle, + [in,ref] lsa_String *trusted_domain_name, + [in] uint16 unknown, /* level ? */ + [out,ref] lsa_ForestTrustInformation **forest_trust_info + ); /* Function 0x4a */ NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION(); @@ -939,7 +1026,7 @@ import "security.idl"; /*****************/ /* Function 0x4c */ - NTSTATUS lsa_LookupSids3( + [public] NTSTATUS lsa_LookupSids3( [in] lsa_SidArray *sids, [out,unique] lsa_RefDomainList *domains, [in,out] lsa_TransNameArray2 *names, @@ -955,7 +1042,7 @@ import "security.idl"; [in,size_is(num_names)] lsa_String names[], [out,unique] lsa_RefDomainList *domains, [in,out] lsa_TransSidArray3 *sids, - [in] uint16 level, + [in] lsa_LookupNamesLevel level, [in,out] uint32 *count, [in] uint32 unknown1, [in] uint32 unknown2 diff --git a/source3/librpc/idl/misc.idl b/source3/librpc/idl/misc.idl index ae098d09ac..132a81f138 100644 --- a/source3/librpc/idl/misc.idl +++ b/source3/librpc/idl/misc.idl @@ -45,8 +45,7 @@ interface misc typedef [public,v1_enum] enum { SAMR_REJECT_OTHER = 0, SAMR_REJECT_TOO_SHORT = 1, - SAMR_REJECT_COMPLEXITY = 2 + SAMR_REJECT_IN_HISTORY = 2, + SAMR_REJECT_COMPLEXITY = 5 } samr_RejectReason; - - } diff --git a/source3/librpc/idl/netlogon.idl b/source3/librpc/idl/netlogon.idl index 139975fe12..4eb1bff94f 100644 --- a/source3/librpc/idl/netlogon.idl +++ b/source3/librpc/idl/netlogon.idl @@ -4,10 +4,9 @@ who contributed! */ -#include "idl_types.h" - import "lsa.idl", "samr.idl", "security.idl"; +#include "idl_types.h" [ uuid("12345678-1234-abcd-ef00-01234567cffb"), @@ -19,7 +18,8 @@ import "lsa.idl", "samr.idl", "security.idl"; interface netlogon { - declare bitmap samr_AcctFlags; + typedef bitmap samr_AcctFlags samr_AcctFlags; + typedef bitmap samr_GroupAttrs samr_GroupAttrs; /*****************/ /* Function 0x00 */ @@ -47,7 +47,7 @@ interface netlogon [in] [string,charset(UTF16)] uint16 *server_name, [in] [string,charset(UTF16)] uint16 account_name[], [in] [string,charset(UTF16)] uint16 workstation[], - [out] netr_UasInfo *info + [out,ref] netr_UasInfo *info ); @@ -87,13 +87,18 @@ interface netlogon [size_is(size/2),length_is(length/2)] uint16 *bindata; } netr_AcctLockStr; - const int MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = 0x002; - const int MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT = 0x020; - const int MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT = 0x800; + typedef [public,bitmap32bit] bitmap { + MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = 0x00000002, + MSV1_0_UPDATE_LOGON_STATISTICS = 0x00000004, + MSV1_0_RETURN_USER_PARAMETERS = 0x00000008, + MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT = 0x00000020, + MSV1_0_RETURN_PROFILE_PATH = 0x00000200, + MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT = 0x00000800 + } netr_LogonParameterControl; typedef struct { lsa_String domain_name; - uint32 parameter_control; /* see MSV1_0_* */ + netr_LogonParameterControl parameter_control; /* see MSV1_0_* */ uint32 logon_id_low; uint32 logon_id_high; lsa_String account_name; @@ -127,11 +132,6 @@ interface netlogon [case(6)] netr_NetworkInfo *network; } netr_LogonLevel; - typedef [public] struct { - uint32 rid; - uint32 attributes; - } netr_GroupMembership; - typedef [public,flag(NDR_PAHEX)] struct { uint8 key[16]; } netr_UserSessionKey; @@ -142,16 +142,17 @@ interface netlogon /* Flags for user_flags below */ typedef [public,bitmap32bit] bitmap { - NETLOGON_GUEST = 0x0001, - NETLOGON_NOENCRYPTION = 0x0002, - NETLOGON_CACHED_ACCOUNT = 0x0004, - NETLOGON_USED_LM_PASSWORD = 0x0008, - NETLOGON_EXTRA_SIDS = 0x0020, - NETLOGON_SUBAUTH_SESSION_KEY = 0x0040, - NETLOGON_SERVER_TRUST_ACCOUNT = 0x0080, - NETLOGON_NTLMV2_ENABLED = 0x0100, - NETLOGON_RESOURCE_GROUPS = 0x0200, - NETLOGON_PROFILE_PATH_RETURNED = 0x0400 + NETLOGON_GUEST = 0x00000001, + NETLOGON_NOENCRYPTION = 0x00000002, + NETLOGON_CACHED_ACCOUNT = 0x00000004, + NETLOGON_USED_LM_PASSWORD = 0x00000008, + NETLOGON_EXTRA_SIDS = 0x00000020, + NETLOGON_SUBAUTH_SESSION_KEY = 0x00000040, + NETLOGON_SERVER_TRUST_ACCOUNT = 0x00000080, + NETLOGON_NTLMV2_ENABLED = 0x00000100, + NETLOGON_RESOURCE_GROUPS = 0x00000200, + NETLOGON_PROFILE_PATH_RETURNED = 0x00000400, + NETLOGON_GRACE_LOGON = 0x01000000 } netr_UserFlags; typedef struct { @@ -188,7 +189,7 @@ interface netlogon typedef struct { dom_sid2 *sid; - uint32 attribute; + samr_GroupAttrs attributes; } netr_SidAttr; typedef [public] struct { @@ -279,7 +280,7 @@ interface netlogon /*****************/ /* Function 0x05 */ - declare enum netr_SchannelType; + typedef enum netr_SchannelType netr_SchannelType; NTSTATUS netr_ServerAuthenticate( [in,string,charset(UTF16)] uint16 *server_name, @@ -307,7 +308,7 @@ interface netlogon /*****************/ /* Function 0x07 */ - declare enum netr_SamDatabaseID; + typedef enum netr_SamDatabaseID netr_SamDatabaseID; typedef struct { [string,charset(UTF16)] uint16 *account_name; @@ -330,10 +331,10 @@ interface netlogon typedef struct { uint16 nt_length; - uint16 nt_size; + [value(nt_length)] uint16 nt_size; uint32 nt_flags; uint16 lm_length; - uint16 lm_size; + [value(lm_length)] uint16 lm_size; uint32 lm_flags; uint8 nt_history[nt_length]; uint8 lm_history[lm_length]; @@ -342,10 +343,10 @@ interface netlogon typedef struct { netr_USER_KEY16 lmpassword; netr_USER_KEY16 ntpassword; - netr_PasswordHistory lmhistory; + netr_PasswordHistory history; } netr_USER_KEYS2; - typedef struct { + typedef struct { /* TODO: make this a union! */ netr_USER_KEYS2 keys2; } netr_USER_KEY_UNION; @@ -685,7 +686,7 @@ interface netlogon [in] netr_SamDatabaseID database_id, [in,out,ref] udlong *sequence_num, [in] uint32 preferredmaximumlength, - [out] netr_DELTA_ENUM_ARRAY *delta_enum_array + [out,ref] netr_DELTA_ENUM_ARRAY *delta_enum_array ); @@ -700,7 +701,7 @@ interface netlogon [in] netr_SamDatabaseID database_id, [in,out,ref] uint32 *sync_context, [in] uint32 preferredmaximumlength, - [out] netr_DELTA_ENUM_ARRAY *delta_enum_array + [out,ref] netr_DELTA_ENUM_ARRAY *delta_enum_array ); @@ -757,7 +758,7 @@ interface netlogon /*****************/ /* Function 0x0B */ - NTSTATUS netr_GetDcName( + WERROR netr_GetDcName( [in] [string,charset(UTF16)] uint16 logon_server[], [in] [string,charset(UTF16)] uint16 *domainname, [out,ref] [string,charset(UTF16)] uint16 **dcname @@ -871,7 +872,7 @@ interface netlogon [in] uint16 restart_state, [in,out,ref] uint32 *sync_context, [in] uint32 preferredmaximumlength, - [out] netr_DELTA_ENUM_ARRAY *delta_enum_array + [out,ref] netr_DELTA_ENUM_ARRAY *delta_enum_array ); @@ -887,7 +888,7 @@ interface netlogon [in,out,ref] netr_Authenticator *return_authenticator, [in][size_is(change_log_entry_size)] uint8 *change_log_entry, [in] uint32 change_log_entry_size, - [out] netr_DELTA_ENUM_ARRAY *delta_enum_array + [out,ref] netr_DELTA_ENUM_ARRAY *delta_enum_array ); @@ -899,23 +900,79 @@ interface netlogon [in] uint32 function_code, [in] uint32 level, [in][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION data, - [out,ref][switch_is(level)] netr_CONTROL_QUERY_INFORMATION *query + [out,ref][switch_is(level)] netr_CONTROL_QUERY_INFORMATION *query ); /*****************/ /* Function 0x13 */ - WERROR netr_NETRENUMERATETRUSTEDDOMAINS() ; + typedef struct { + uint32 length; + [size_is(length)] uint8 *data; + } netr_Blob; + + WERROR netr_NetrEnumerateTrustedDomains( + [in] [string,charset(UTF16)] uint16 *server_name, + [out,ref] netr_Blob *trusted_domains_blob + ); /*****************/ - /* Function 0x14 */ + /* Function 0x14 */ + + /* one unkown bit still: DS_IP_VERSION_AGNOSTIC - gd*/ + + typedef [bitmap32bit] bitmap { + DS_FORCE_REDISCOVERY = 0x00000001, + DS_DIRECTORY_SERVICE_REQUIRED = 0x00000010, + DS_DIRECTORY_SERVICE_PREFERRED = 0x00000020, + DS_GC_SERVER_REQUIRED = 0x00000040, + DS_PDC_REQUIRED = 0x00000080, + DS_BACKGROUND_ONLY = 0x00000100, + DS_IP_REQUIRED = 0x00000200, + DS_KDC_REQUIRED = 0x00000400, + DS_TIMESERV_REQUIRED = 0x00000800, + DS_WRITABLE_REQUIRED = 0x00001000, + DS_GOOD_TIMESERV_PREFERRED = 0x00002000, + DS_AVOID_SELF = 0x00004000, + DS_ONLY_LDAP_NEEDED = 0x00008000, + DS_IS_FLAT_NAME = 0x00010000, + DS_IS_DNS_NAME = 0x00020000, + DS_TRY_NEXTCLOSEST_SITE = 0x00040000, + DS_DIRECTORY_SERVICE_6_REQUIRED = 0x00080000, + DS_RETURN_DNS_NAME = 0x40000000, + DS_RETURN_FLAT_NAME = 0x80000000 + } netr_DsRGetDCName_flags; + + typedef [v1_enum] enum { + DS_ADDRESS_TYPE_INET = 1, + DS_ADDRESS_TYPE_NETBIOS = 2 + } netr_DsRGetDCNameInfo_AddressType; + + typedef [bitmap32bit] bitmap { + DS_SERVER_PDC = 0x00000001 /* NBT_SERVER_PDC */, + DS_SERVER_GC = 0x00000004 /* NBT_SERVER_GC */, + DS_SERVER_LDAP = 0x00000008 /* NBT_SERVER_LDAP */, + DS_SERVER_DS = 0x00000010 /* NBT_SERVER_DS */, + DS_SERVER_KDC = 0x00000020 /* NBT_SERVER_KDC */, + DS_SERVER_TIMESERV = 0x00000040 /* NBT_SERVER_TIMESERV */, + DS_SERVER_CLOSEST = 0x00000080 /* NBT_SERVER_CLOSEST */, + DS_SERVER_WRITABLE = 0x00000100 /* NBT_SERVER_WRITABLE */, + DS_SERVER_GOOD_TIMESERV = 0x00000200 /* NBT_SERVER_GOOD_TIMESERV */, + DS_SERVER_NDNC = 0x00000400, + DS_SERVER_SELECT_SECRET_DOMAIN_6 = 0x00000800, + DS_SERVER_FULL_SECRET_DOMAIN_6 = 0x00001000, + DS_DNS_CONTROLLER = 0x20000000, + DS_DNS_DOMAIN = 0x40000000, + DS_DNS_FOREST = 0x80000000 + } netr_DsR_DcFlags; + typedef struct { [string,charset(UTF16)] uint16 *dc_unc; [string,charset(UTF16)] uint16 *dc_address; - int32 dc_address_type; + netr_DsRGetDCNameInfo_AddressType dc_address_type; GUID domain_guid; [string,charset(UTF16)] uint16 *domain_name; [string,charset(UTF16)] uint16 *forest_name; - uint32 dc_flags; + netr_DsR_DcFlags dc_flags; [string,charset(UTF16)] uint16 *dc_site_name; [string,charset(UTF16)] uint16 *client_site_name; } netr_DsRGetDCNameInfo; @@ -925,8 +982,8 @@ interface netlogon [in] [string,charset(UTF16)] uint16 *domain_name, [in] GUID *domain_guid, [in] GUID *site_guid, - [in] uint32 flags, - [out] netr_DsRGetDCNameInfo *info + [in] netr_DsRGetDCName_flags flags, + [out,ref] netr_DsRGetDCNameInfo *info ); /*****************/ @@ -939,7 +996,11 @@ interface netlogon /****************/ /* Function 0x17 */ - WERROR netr_NETRLOGONGETTRUSTRID(); + WERROR netr_LogonGetTrustRid( + [in] [string,charset(UTF16)] uint16 *server_name, + [in] [string,charset(UTF16)] uint16 *domain_name, + [out,ref] uint32 *rid + ); /****************/ /* Function 0x18 */ @@ -969,8 +1030,8 @@ interface netlogon [in] [string,charset(UTF16)] uint16 *domain_name, [in] GUID *domain_guid, [in] [string,charset(UTF16)] uint16 *site_name, - [in] uint32 flags, - [out] netr_DsRGetDCNameInfo *info + [in] netr_DsRGetDCName_flags flags, + [out,ref] netr_DsRGetDCNameInfo **info ); /****************/ @@ -983,11 +1044,6 @@ interface netlogon /****************/ /* Function 0x1d */ - typedef struct { - uint32 length; - [size_is(length)] uint8 *data; - } netr_Blob; - typedef [flag(NDR_PAHEX)] struct { uint16 length; uint16 size; @@ -1065,7 +1121,15 @@ interface netlogon /****************/ /* Function 0x1f */ - WERROR netr_NETRSERVERPASSWORDGET(); + WERROR netr_ServerPasswordGet( + [in] [string,charset(UTF16)] uint16 *server_name, + [in] [string,charset(UTF16)] uint16 account_name[], + [in] netr_SchannelType secure_channel_type, + [in] [string,charset(UTF16)] uint16 computer_name[], + [in,ref] netr_Authenticator *credential, + [out,ref] netr_Authenticator *return_authenticator, + [out,ref] samr_Password *password + ); /****************/ /* Function 0x20 */ @@ -1073,19 +1137,34 @@ interface netlogon /****************/ /* Function 0x21 */ - WERROR netr_DSRADDRESSTOSITENAMESW(); + typedef struct { + uint32 count; + [size_is(count)] lsa_String *sitename; + } netr_DsRAddressToSitenamesWCtr; + + typedef struct { + [size_is(size)] uint8 *buffer; + uint32 size; + } netr_DsRAddress; + + WERROR netr_DsRAddressToSitenamesW( + [in] [string,charset(UTF16)] uint16 *server_name, + [in] [range(0,32000)] uint32 count, + [in] [size_is(count)] [ref] netr_DsRAddress *addresses, + [out] [ref] netr_DsRAddressToSitenamesWCtr **ctr + ); /****************/ /* Function 0x22 */ WERROR netr_DsRGetDCNameEx2( [in] [string,charset(UTF16)] uint16 *server_unc, [in] [string,charset(UTF16)] uint16 *client_account, - [in] uint32 mask, + [in] samr_AcctFlags mask, [in] [string,charset(UTF16)] uint16 *domain_name, [in] GUID *domain_guid, [in] [string,charset(UTF16)] uint16 *site_name, - [in] uint32 flags, - [out] netr_DsRGetDCNameInfo *info + [in] netr_DsRGetDCName_flags flags, + [out,ref] netr_DsRGetDCNameInfo **info ); /****************/ @@ -1094,32 +1173,6 @@ interface netlogon /****************/ /* Function 0x24 */ - WERROR netr_NETRENUMERATETRUSTEDDOMAINSEX(); - - /****************/ - /* Function 0x25 */ - WERROR netr_DSRADDRESSTOSITENAMESEXW(); - - /****************/ - /* Function 0x26 */ - WERROR netr_DSRGETDCSITECOVERAGEW(); - - /****************/ - /* Function 0x27 */ - NTSTATUS netr_LogonSamLogonEx( - [in] [string,charset(UTF16)] uint16 *server_name, - [in] [string,charset(UTF16)] uint16 *computer_name, - [in] uint16 logon_level, - [in] [switch_is(logon_level)] netr_LogonLevel logon, - [in] uint16 validation_level, - [out,ref] [switch_is(validation_level)] netr_Validation *validation, - [out,ref] uint8 *authoritative, - [in,out,ref] uint32 *flags - ); - - /****************/ - /* Function 0x28 */ - typedef [bitmap32bit] bitmap { NETR_TRUST_FLAG_IN_FOREST = 0x00000001, NETR_TRUST_FLAG_OUTBOUND = 0x00000002, @@ -1157,29 +1210,112 @@ interface netlogon GUID guid; } netr_DomainTrust; + typedef struct { + uint32 count; + [size_is(count)] netr_DomainTrust *array; + } netr_DomainTrustList; + + WERROR netr_NetrEnumerateTrustedDomainsEx( + [in] [string,charset(UTF16)] uint16 *server_name, + [out,ref] netr_DomainTrustList *dom_trust_list + ); + + /****************/ + /* Function 0x25 */ + typedef struct { + uint32 count; + [size_is(count)] lsa_String *sitename; + [size_is(count)] lsa_String *subnetname; + } netr_DsRAddressToSitenamesExWCtr; + + WERROR netr_DsRAddressToSitenamesExW( + [in] [string,charset(UTF16)] uint16 *server_name, + [in] [range(0,32000)] uint32 count, + [in] [size_is(count)] [ref] netr_DsRAddress *addresses, + [out] [ref] netr_DsRAddressToSitenamesExWCtr **ctr + ); + + /****************/ + /* Function 0x26 */ + + typedef struct { + uint32 num_sites; + [size_is(num_sites)] [unique] lsa_String *sites; + } DcSitesCtr; + + WERROR netr_DsrGetDcSiteCoverageW( + [in] [string,charset(UTF16)] uint16 *server_name, + [out,ref] DcSitesCtr *ctr + ); + + /****************/ + /* Function 0x27 */ + NTSTATUS netr_LogonSamLogonEx( + [in] [string,charset(UTF16)] uint16 *server_name, + [in] [string,charset(UTF16)] uint16 *computer_name, + [in] uint16 logon_level, + [in] [switch_is(logon_level)] netr_LogonLevel logon, + [in] uint16 validation_level, + [out,ref] [switch_is(validation_level)] netr_Validation *validation, + [out,ref] uint8 *authoritative, + [in,out,ref] uint32 *flags + ); + + /****************/ + /* Function 0x28 */ + WERROR netr_DsrEnumerateDomainTrusts( [in] [string,charset(UTF16)] uint16 *server_name, [in] netr_TrustFlags trust_flags, - [out,ref] uint32 *count, - [out,ref,size_is(count)] netr_DomainTrust **trusts + [out,ref] netr_DomainTrustList *trusts ); /****************/ /* Function 0x29 */ - WERROR netr_DSRDEREGISTERDNSHOSTRECORDS(); + WERROR netr_DsrDeregisterDNSHostRecords( + [in] [string,charset(UTF16)] uint16 *server_name, + [in] [string,charset(UTF16)] uint16 *domain, + [in] GUID *domain_guid, + [in] GUID *dsa_guid, + [in,ref] [string,charset(UTF16)] uint16 *dns_host + ); /****************/ /* Function 0x2a */ - WERROR netr_NETRSERVERTRUSTPASSWORDSGET(); + NTSTATUS netr_ServerTrustPasswordsGet( + [in] [string,charset(UTF16)] uint16 *server_name, + [in] [string,charset(UTF16)] uint16 account_name[], + [in] netr_SchannelType secure_channel_type, + [in] [string,charset(UTF16)] uint16 computer_name[], + [in,ref] netr_Authenticator *credential, + [out,ref] netr_Authenticator *return_authenticator, + [out,ref] samr_Password *password, + [out,ref] samr_Password *password2 + ); /****************/ /* Function 0x2b */ - WERROR netr_DSRGETFORESTTRUSTINFORMATION(); + + const int DS_GFTI_UPDATE_TDO = 0x1; + + WERROR netr_DsRGetForestTrustInformation( + [in] [string,charset(UTF16)] uint16 *server_name, + [in] [string,charset(UTF16)] uint16 *trusted_domain_name, + [in] uint32 flags, + [out,ref] lsa_ForestTrustInformation **forest_trust_info + ); /****************/ /* Function 0x2c */ - WERROR netr_NETRGETFORESTTRUSTINFORMATION(); + WERROR netr_GetForestTrustInformation( + [in] [string,charset(UTF16)] uint16 *server_name, + [in,ref] [string,charset(UTF16)] uint16 *trusted_domain_name, + [in,ref] netr_Authenticator *credential, + [out,ref] netr_Authenticator *return_authenticator, + [in] uint32 flags, + [out,ref] lsa_ForestTrustInformation **forest_trust_info + ); /****************/ /* Function 0x2d */ diff --git a/source3/librpc/idl/samr.idl b/source3/librpc/idl/samr.idl index 74081a7bf3..2c4fef5a7d 100644 --- a/source3/librpc/idl/samr.idl +++ b/source3/librpc/idl/samr.idl @@ -3,6 +3,7 @@ /* samr interface definition */ +import "misc.idl", "lsa.idl", "security.idl"; /* Thanks to Todd Sabin for some information from his samr.idl in acltools @@ -12,11 +13,10 @@ version(1.0), endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"), pointer_default(unique), - pointer_default_top(unique), - depends(misc,lsa,security) + pointer_default_top(unique) ] interface samr { - declare bitmap security_secinfo; + typedef bitmap security_secinfo security_secinfo; /* account control (acct_flags) bits */ typedef [public,bitmap32bit] bitmap { @@ -41,19 +41,72 @@ ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */ } samr_AcctFlags; + typedef [bitmap32bit] bitmap { + SAMR_ACCESS_CONNECT_TO_SERVER = 0x00000001, + SAMR_ACCESS_SHUTDOWN_SERVER = 0x00000002, + SAMR_ACCESS_INITIALIZE_SERVER = 0x00000004, + SAMR_ACCESS_CREATE_DOMAIN = 0x00000008, + SAMR_ACCESS_ENUM_DOMAINS = 0x00000010, + SAMR_ACCESS_OPEN_DOMAIN = 0x00000020 + } samr_ConnectAccessMask; + + typedef [bitmap32bit] bitmap { + SAMR_USER_ACCESS_GET_NAME_ETC = 0x00000001, + SAMR_USER_ACCESS_GET_LOCALE = 0x00000002, + SAMR_USER_ACCESS_SET_LOC_COM = 0x00000004, + SAMR_USER_ACCESS_GET_LOGONINFO = 0x00000008, + SAMR_USER_ACCESS_GET_ATTRIBUTES = 0x00000010, + SAMR_USER_ACCESS_SET_ATTRIBUTES = 0x00000020, + SAMR_USER_ACCESS_CHANGE_PASSWORD = 0x00000040, + SAMR_USER_ACCESS_SET_PASSWORD = 0x00000080, + SAMR_USER_ACCESS_GET_GROUPS = 0x00000100, + SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP = 0x00000200, + SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400 + } samr_UserAccessMask; + + typedef [bitmap32bit] bitmap { + SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001, + SAMR_DOMAIN_ACCESS_SET_INFO_1 = 0x00000002, + SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 = 0x00000004, + SAMR_DOMAIN_ACCESS_SET_INFO_2 = 0x00000008, + SAMR_DOMAIN_ACCESS_CREATE_USER = 0x00000010, + SAMR_DOMAIN_ACCESS_CREATE_GROUP = 0x00000020, + SAMR_DOMAIN_ACCESS_CREATE_ALIAS = 0x00000040, + SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS = 0x00000080, + SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS = 0x00000100, + SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT = 0x00000200, + SAMR_DOMAIN_ACCESS_SET_INFO_3 = 0x00000400 + } samr_DomainAccessMask; + + typedef [bitmap32bit] bitmap { + SAMR_GROUP_ACCESS_LOOKUP_INFO = 0x00000001, + SAMR_GROUP_ACCESS_SET_INFO = 0x00000002, + SAMR_GROUP_ACCESS_ADD_MEMBER = 0x00000004, + SAMR_GROUP_ACCESS_REMOVE_MEMBER = 0x00000008, + SAMR_GROUP_ACCESS_GET_MEMBERS = 0x00000010 + } samr_GroupAccessMask; + + typedef [bitmap32bit] bitmap { + SAMR_ALIAS_ACCESS_ADD_MEMBER = 0x00000001, + SAMR_ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002, + SAMR_ALIAS_ACCESS_GET_MEMBERS = 0x00000004, + SAMR_ALIAS_ACCESS_LOOKUP_INFO = 0x00000008, + SAMR_ALIAS_ACCESS_SET_INFO = 0x00000010 + } samr_AliasAccessMask; + /******************/ /* Function: 0x00 */ NTSTATUS samr_Connect ( /* notice the lack of [string] */ [in] uint16 *system_name, - [in] uint32 access_mask, + [in] samr_ConnectAccessMask access_mask, [out,ref] policy_handle *connect_handle ); /******************/ /* Function: 0x01 */ - NTSTATUS samr_Close ( + [public] NTSTATUS samr_Close ( [in,out,ref] policy_handle *handle ); @@ -72,7 +125,7 @@ NTSTATUS samr_QuerySecurity ( [in,ref] policy_handle *handle, [in] security_secinfo sec_info, - [out] sec_desc_buf *sdbuf + [out,ref] sec_desc_buf *sdbuf ); /******************/ @@ -90,7 +143,7 @@ NTSTATUS samr_LookupDomain ( [in,ref] policy_handle *connect_handle, [in,ref] lsa_String *domain_name, - [out] dom_sid2 *sid + [out,ref] dom_sid2 *sid ); @@ -111,16 +164,16 @@ [in,ref] policy_handle *connect_handle, [in,out,ref] uint32 *resume_handle, [in] uint32 buf_size, - [out] samr_SamArray *sam, - [out] uint32 num_entries + [out,ref] samr_SamArray *sam, + [out,ref] uint32 *num_entries ); /************************/ /* Function 0x07 */ - NTSTATUS samr_OpenDomain( + [public] NTSTATUS samr_OpenDomain( [in,ref] policy_handle *connect_handle, - [in] uint32 access_mask, + [in] samr_DomainAccessMask access_mask, [in,ref] dom_sid2 *sid, [out,ref] policy_handle *domain_handle ); @@ -129,10 +182,10 @@ /* Function 0x08 */ /* server roles */ typedef [v1_enum] enum { - ROLE_STANDALONE = 0, - ROLE_DOMAIN_MEMBER = 1, - ROLE_DOMAIN_BDC = 2, - ROLE_DOMAIN_PDC = 3 + SAMR_ROLE_STANDALONE = 0, + SAMR_ROLE_DOMAIN_MEMBER = 1, + SAMR_ROLE_DOMAIN_BDC = 2, + SAMR_ROLE_DOMAIN_PDC = 3 } samr_Role; /* password properties flags */ @@ -235,7 +288,7 @@ NTSTATUS samr_QueryDomainInfo( [in,ref] policy_handle *domain_handle, [in] uint16 level, - [out,switch_is(level)] samr_DomainInfo *info + [out,ref,switch_is(level)] samr_DomainInfo *info ); /************************/ @@ -256,7 +309,7 @@ NTSTATUS samr_CreateDomainGroup( [in,ref] policy_handle *domain_handle, [in,ref] lsa_String *name, - [in] uint32 access_mask, + [in] samr_GroupAccessMask access_mask, [out,ref] policy_handle *group_handle, [out,ref] uint32 *rid ); @@ -268,8 +321,8 @@ [in,ref] policy_handle *domain_handle, [in,out,ref] uint32 *resume_handle, [in] uint32 max_size, - [out] samr_SamArray *sam, - [out] uint32 num_entries + [out,ref] samr_SamArray *sam, + [out,ref] uint32 *num_entries ); /************************/ @@ -277,7 +330,7 @@ NTSTATUS samr_CreateUser( [in,ref] policy_handle *domain_handle, [in,ref] lsa_String *account_name, - [in] uint32 access_mask, + [in] samr_UserAccessMask access_mask, [out,ref] policy_handle *user_handle, [out,ref] uint32 *rid ); @@ -297,7 +350,7 @@ [in] samr_AcctFlags acct_flags, [in] uint32 max_size, [out] samr_SamArray *sam, - [out] uint32 num_entries + [out,ref] uint32 *num_entries ); /************************/ @@ -305,7 +358,7 @@ NTSTATUS samr_CreateDomAlias( [in,ref] policy_handle *domain_handle, [in,ref] lsa_String *alias_name, - [in] uint32 access_mask, + [in] samr_AliasAccessMask access_mask, [out,ref] policy_handle *alias_handle, [out,ref] uint32 *rid ); @@ -316,8 +369,8 @@ [in,ref] policy_handle *domain_handle, [in,out,ref] uint32 *resume_handle, [in] samr_AcctFlags acct_flags, - [out] samr_SamArray *sam, - [out] uint32 num_entries + [out,ref] samr_SamArray *sam, + [out,ref] uint32 *num_entries ); /************************/ @@ -337,12 +390,12 @@ /************************/ /* Function 0x11 */ - NTSTATUS samr_LookupNames( + [public] NTSTATUS samr_LookupNames( [in,ref] policy_handle *domain_handle, [in,range(0,1000)] uint32 num_names, [in,size_is(1000),length_is(num_names)] lsa_String names[], - [out] samr_Ids rids, - [out] samr_Ids types + [out,ref] samr_Ids *rids, + [out,ref] samr_Ids *types ); @@ -352,15 +405,15 @@ [in,ref] policy_handle *domain_handle, [in,range(0,1000)] uint32 num_rids, [in,size_is(1000),length_is(num_rids)] uint32 rids[], - [out] lsa_Strings names, - [out] samr_Ids types + [out,ref] lsa_Strings *names, + [out,ref] samr_Ids *types ); /************************/ /* Function 0x13 */ NTSTATUS samr_OpenGroup( [in,ref] policy_handle *domain_handle, - [in] uint32 access_mask, + [in] samr_GroupAccessMask access_mask, [in] uint32 rid, [out,ref] policy_handle *group_handle ); @@ -413,7 +466,7 @@ NTSTATUS samr_QueryGroupInfo( [in,ref] policy_handle *group_handle, [in] samr_GroupInfoEnum level, - [out,switch_is(level)] samr_GroupInfo *info + [out,ref,switch_is(level)] samr_GroupInfo *info ); /************************/ @@ -456,7 +509,7 @@ NTSTATUS samr_QueryGroupMember( [in,ref] policy_handle *group_handle, - [out] samr_RidTypeArray *rids + [out,ref] samr_RidTypeArray *rids ); @@ -480,7 +533,7 @@ /* Function 0x1b */ NTSTATUS samr_OpenAlias ( [in,ref] policy_handle *domain_handle, - [in] uint32 access_mask, + [in] samr_AliasAccessMask access_mask, [in] uint32 rid, [out,ref] policy_handle *alias_handle ); @@ -510,7 +563,7 @@ NTSTATUS samr_QueryAliasInfo( [in,ref] policy_handle *alias_handle, [in] samr_AliasInfoEnum level, - [out,switch_is(level)] samr_AliasInfo *info + [out,ref,switch_is(level)] samr_AliasInfo *info ); /************************/ @@ -550,9 +603,9 @@ /************************/ /* Function 0x22 */ - NTSTATUS samr_OpenUser( + [public] NTSTATUS samr_OpenUser( [in,ref] policy_handle *domain_handle, - [in] uint32 access_mask, + [in] samr_UserAccessMask access_mask, [in] uint32 rid, [out,ref] policy_handle *user_handle ); @@ -684,20 +737,36 @@ /* this defines the bits used for fields_present in info21 */ typedef [bitmap32bit] bitmap { - SAMR_FIELD_ACCOUNT_NAME = 0x00000001, - SAMR_FIELD_FULL_NAME = 0x00000002, - SAMR_FIELD_DESCRIPTION = 0x00000010, - SAMR_FIELD_COMMENT = 0x00000020, - SAMR_FIELD_LOGON_SCRIPT = 0x00000100, - SAMR_FIELD_PROFILE_PATH = 0x00000200, - SAMR_FIELD_WORKSTATIONS = 0x00000400, - SAMR_FIELD_LOGON_HOURS = 0x00002000, - SAMR_FIELD_ACCT_FLAGS = 0x00100000, - SAMR_FIELD_PARAMETERS = 0x00200000, - SAMR_FIELD_COUNTRY_CODE = 0x00400000, - SAMR_FIELD_CODE_PAGE = 0x00800000, - SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */ - SAMR_FIELD_PASSWORD2 = 0x02000000 /* two bits seems to work */ + SAMR_FIELD_ACCOUNT_NAME = 0x00000001, + SAMR_FIELD_FULL_NAME = 0x00000002, + SAMR_FIELD_RID = 0x00000004, + SAMR_FIELD_PRIMARY_GID = 0x00000008, + SAMR_FIELD_DESCRIPTION = 0x00000010, + SAMR_FIELD_COMMENT = 0x00000020, + SAMR_FIELD_HOME_DIRECTORY = 0x00000040, + SAMR_FIELD_HOME_DRIVE = 0x00000080, + SAMR_FIELD_LOGON_SCRIPT = 0x00000100, + SAMR_FIELD_PROFILE_PATH = 0x00000200, + SAMR_FIELD_WORKSTATIONS = 0x00000400, + SAMR_FIELD_LAST_LOGON = 0x00000800, + SAMR_FIELD_LAST_LOGOFF = 0x00001000, + SAMR_FIELD_LOGON_HOURS = 0x00002000, + SAMR_FIELD_BAD_PWD_COUNT = 0x00004000, + SAMR_FIELD_NUM_LOGONS = 0x00008000, + SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000, + SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000, + SAMR_FIELD_LAST_PWD_CHANGE = 0x00040000, + SAMR_FIELD_ACCT_EXPIRY = 0x00080000, + SAMR_FIELD_ACCT_FLAGS = 0x00100000, + SAMR_FIELD_PARAMETERS = 0x00200000, + SAMR_FIELD_COUNTRY_CODE = 0x00400000, + SAMR_FIELD_CODE_PAGE = 0x00800000, + SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */ + SAMR_FIELD_PASSWORD2 = 0x02000000, /* two bits seems to work */ + SAMR_FIELD_PRIVATE_DATA = 0x04000000, + SAMR_FIELD_EXPIRED_FLAG = 0x08000000, + SAMR_FIELD_SEC_DESC = 0x10000000, + SAMR_FIELD_OWF_PWD = 0x20000000 } samr_FieldsPresent; typedef struct { @@ -790,16 +859,16 @@ [case(26)] samr_UserInfo26 info26; } samr_UserInfo; - NTSTATUS samr_QueryUserInfo( + [public] NTSTATUS samr_QueryUserInfo( [in,ref] policy_handle *user_handle, [in] uint16 level, - [out,switch_is(level)] samr_UserInfo *info + [out,ref,switch_is(level)] samr_UserInfo *info ); /************************/ /* Function 0x25 */ - NTSTATUS samr_SetUserInfo( + [public] NTSTATUS samr_SetUserInfo( [in,ref] policy_handle *user_handle, [in] uint16 level, [in,ref,switch_is(level)] samr_UserInfo *info @@ -844,7 +913,7 @@ NTSTATUS samr_GetGroupsForUser( [in,ref] policy_handle *user_handle, - [out] samr_RidWithAttributeArray *rids + [out,ref] samr_RidWithAttributeArray *rids ); /************************/ @@ -855,8 +924,8 @@ uint32 rid; samr_AcctFlags acct_flags; lsa_String account_name; - lsa_String full_name; lsa_String description; + lsa_String full_name; } samr_DispEntryGeneral; typedef struct { @@ -879,6 +948,19 @@ typedef struct { uint32 idx; + uint32 rid; + samr_GroupAttrs acct_flags; + lsa_String account_name; + lsa_String description; + } samr_DispEntryFullGroup; + + typedef struct { + uint32 count; + [size_is(count)] samr_DispEntryFullGroup *entries; + } samr_DispInfoFullGroups; + + typedef struct { + uint32 idx; lsa_AsciiString account_name; } samr_DispEntryAscii; @@ -890,7 +972,7 @@ typedef [switch_type(uint16)] union { [case(1)] samr_DispInfoGeneral info1;/* users */ [case(2)] samr_DispInfoFull info2; /* trust accounts? */ - [case(3)] samr_DispInfoFull info3; /* groups */ + [case(3)] samr_DispInfoFullGroups info3; /* groups */ [case(4)] samr_DispInfoAscii info4; /* users */ [case(5)] samr_DispInfoAscii info5; /* groups */ } samr_DispInfo; @@ -901,9 +983,9 @@ [in] uint32 start_idx, [in] uint32 max_entries, [in] uint32 buf_size, - [out] uint32 total_size, - [out] uint32 returned_size, - [out,switch_is(level)] samr_DispInfo info + [out,ref] uint32 *total_size, + [out,ref] uint32 *returned_size, + [out,ref,switch_is(level)] samr_DispInfo *info ); @@ -923,7 +1005,7 @@ [in,ref] policy_handle *domain_handle, [in] uint16 level, [in] lsa_String name, - [out] uint32 idx + [out,ref] uint32 *idx ); @@ -958,9 +1040,9 @@ samr_PasswordProperties password_properties; } samr_PwInfo; - NTSTATUS samr_GetUserPwInfo( + [public] NTSTATUS samr_GetUserPwInfo( [in,ref] policy_handle *user_handle, - [out] samr_PwInfo info + [out,ref] samr_PwInfo *info ); /************************/ @@ -979,7 +1061,7 @@ NTSTATUS samr_QueryDomainInfo2( [in,ref] policy_handle *domain_handle, [in] uint16 level, - [out,switch_is(level)] samr_DomainInfo *info + [out,ref,switch_is(level)] samr_DomainInfo *info ); /************************/ @@ -991,7 +1073,7 @@ NTSTATUS samr_QueryUserInfo2( [in,ref] policy_handle *user_handle, [in] uint16 level, - [out,switch_is(level)] samr_UserInfo *info + [out,ref,switch_is(level)] samr_UserInfo *info ); /************************/ @@ -1006,9 +1088,9 @@ [in] uint32 start_idx, [in] uint32 max_entries, [in] uint32 buf_size, - [out] uint32 total_size, - [out] uint32 returned_size, - [out,switch_is(level)] samr_DispInfo info + [out,ref] uint32 *total_size, + [out,ref] uint32 *returned_size, + [out,ref,switch_is(level)] samr_DispInfo *info ); /************************/ @@ -1021,7 +1103,7 @@ [in,ref] policy_handle *domain_handle, [in] uint16 level, [in] lsa_String name, - [out] uint32 idx + [out,ref] uint32 *idx ); @@ -1031,7 +1113,7 @@ [in,ref] policy_handle *domain_handle, [in,ref] lsa_String *account_name, [in] samr_AcctFlags acct_flags, - [in] uint32 access_mask, + [in] samr_UserAccessMask access_mask, [out,ref] policy_handle *user_handle, [out,ref] uint32 *access_granted, [out,ref] uint32 *rid @@ -1050,9 +1132,9 @@ [in] uint32 start_idx, [in] uint32 max_entries, [in] uint32 buf_size, - [out] uint32 total_size, - [out] uint32 returned_size, - [out,switch_is(level)] samr_DispInfo info + [out,ref] uint32 *total_size, + [out,ref] uint32 *returned_size, + [out,ref,switch_is(level)] samr_DispInfo *info ); /************************/ @@ -1095,14 +1177,14 @@ /* Function 0x38 */ NTSTATUS samr_GetDomPwInfo( [in] lsa_String *domain_name, - [out] samr_PwInfo info + [out,ref] samr_PwInfo *info ); /************************/ /* Function 0x39 */ NTSTATUS samr_Connect2( [in,string,charset(UTF16)] uint16 *system_name, - [in] uint32 access_mask, + [in] samr_ConnectAccessMask access_mask, [out,ref] policy_handle *connect_handle ); @@ -1111,7 +1193,7 @@ /* seems to be an exact alias for samr_SetUserInfo() */ - NTSTATUS samr_SetUserInfo2( + [public] NTSTATUS samr_SetUserInfo2( [in,ref] policy_handle *user_handle, [in] uint16 level, [in,ref,switch_is(level)] samr_UserInfo *info @@ -1133,7 +1215,7 @@ /* Function 0x3c */ NTSTATUS samr_GetBootKeyInformation( [in,ref] policy_handle *domain_handle, - [out] uint32 unknown + [out,ref] uint32 *unknown ); /************************/ @@ -1142,7 +1224,7 @@ [in,string,charset(UTF16)] uint16 *system_name, /* this unknown value seems to be completely ignored by w2k3 */ [in] uint32 unknown, - [in] uint32 access_mask, + [in] samr_ConnectAccessMask access_mask, [out,ref] policy_handle *connect_handle ); @@ -1151,14 +1233,14 @@ NTSTATUS samr_Connect4( [in,string,charset(UTF16)] uint16 *system_name, [in] uint32 unknown, - [in] uint32 access_mask, + [in] samr_ConnectAccessMask access_mask, [out,ref] policy_handle *connect_handle ); /************************/ /* Function 0x3f */ - declare enum samr_RejectReason; + typedef enum samr_RejectReason samr_RejectReason; typedef struct { samr_RejectReason reason; @@ -1175,8 +1257,8 @@ [in] samr_CryptPassword *lm_password, [in] samr_Password *lm_verifier, [in] samr_CryptPassword *password3, - [out] samr_DomInfo1 *dominfo, - [out] samr_ChangeReject *reject + [out,ref] samr_DomInfo1 *dominfo, + [out,ref] samr_ChangeReject *reject ); /************************/ @@ -1191,11 +1273,13 @@ [case(1)] samr_ConnectInfo1 info1; } samr_ConnectInfo; - NTSTATUS samr_Connect5( + [public] NTSTATUS samr_Connect5( [in,string,charset(UTF16)] uint16 *system_name, - [in] uint32 access_mask, - [in,out] uint32 level, - [in,out,switch_is(level),ref] samr_ConnectInfo *info, + [in] samr_ConnectAccessMask access_mask, + [in] uint32 level_in, + [in,ref,switch_is(level_in)] samr_ConnectInfo *info_in, + [out,ref] uint32 *level_out, + [out,ref,switch_is(*level_out)] samr_ConnectInfo *info_out, [out,ref] policy_handle *connect_handle ); @@ -1204,7 +1288,7 @@ NTSTATUS samr_RidToSid( [in,ref] policy_handle *domain_handle, [in] uint32 rid, - [out] dom_sid2 *sid + [out,ref] dom_sid2 *sid ); @@ -1226,9 +1310,99 @@ /************************/ /* Function 0x43 */ - /* - I haven't been able to work out the format of this one yet. - Seems to start with a switch level for a union? - */ - NTSTATUS samr_ValidatePassword(); + /************************/ + typedef [bitmap32bit] bitmap { + SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET = 0x00000001, + SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME = 0x00000002, + SAMR_VALIDATE_FIELD_LOCKOUT_TIME = 0x00000004, + SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT = 0x00000008, + SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH = 0x00000010, + SAMR_VALIDATE_FIELD_PASSWORD_HISTORY = 0x00000020 + } samr_ValidateFieldsPresent; + + typedef enum { + NetValidateAuthentication = 1, + NetValidatePasswordChange= 2, + NetValidatePasswordReset = 3 + } samr_ValidatePasswordLevel; + + /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't + * identified the mapping of + * - NERR_PasswordFilterError + * - NERR_PasswordExpired and + * - NERR_PasswordCantChange + * yet - Guenther + */ + + typedef enum { + SAMR_VALIDATION_STATUS_SUCCESS = 0, + SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1, + SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2, + SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4, + SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5, + SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6, + SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7, + SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8, + SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9 + } samr_ValidationStatus; + + typedef struct { + uint32 length; + [size_is(length)] uint8 *data; + } samr_ValidationBlob; + + typedef struct { + samr_ValidateFieldsPresent fields_present; + NTTIME_hyper last_password_change; + NTTIME_hyper bad_password_time; + NTTIME_hyper lockout_time; + uint32 bad_pwd_count; + uint32 pwd_history_len; + [size_is(pwd_history_len)] samr_ValidationBlob *pwd_history; + } samr_ValidatePasswordInfo; + + typedef struct { + samr_ValidatePasswordInfo info; + samr_ValidationStatus status; + } samr_ValidatePasswordRepCtr; + + typedef [switch_type(uint16)] union { + [case(1)] samr_ValidatePasswordRepCtr ctr1; + [case(2)] samr_ValidatePasswordRepCtr ctr2; + [case(3)] samr_ValidatePasswordRepCtr ctr3; + } samr_ValidatePasswordRep; + + typedef struct { + samr_ValidatePasswordInfo info; + lsa_StringLarge password; + lsa_StringLarge account; + samr_ValidationBlob hash; + boolean8 pwd_must_change_at_next_logon; + boolean8 clear_lockout; + } samr_ValidatePasswordReq3; + + typedef struct { + samr_ValidatePasswordInfo info; + lsa_StringLarge password; + lsa_StringLarge account; + samr_ValidationBlob hash; + boolean8 password_matched; + } samr_ValidatePasswordReq2; + + typedef struct { + samr_ValidatePasswordInfo info; + boolean8 password_matched; + } samr_ValidatePasswordReq1; + + typedef [switch_type(uint16)] union { + [case(1)] samr_ValidatePasswordReq1 req1; + [case(2)] samr_ValidatePasswordReq2 req2; + [case(3)] samr_ValidatePasswordReq3 req3; + } samr_ValidatePasswordReq; + + NTSTATUS samr_ValidatePassword( + [in] samr_ValidatePasswordLevel level, + [in,switch_is(level)] samr_ValidatePasswordReq req, + [out,ref,switch_is(level)] samr_ValidatePasswordRep *rep + ); } diff --git a/source3/librpc/idl/security.idl b/source3/librpc/idl/security.idl index 8a0d36a696..c4c30e9b5a 100644 --- a/source3/librpc/idl/security.idl +++ b/source3/librpc/idl/security.idl @@ -4,9 +4,26 @@ security IDL structures */ +import "misc.idl"; + +/* + use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really + just a dom sid, but with the sub_auths represented as a conformant + array. As with all in-structure conformant arrays, the array length + is placed before the start of the structure. That's what gives rise + to the extra num_auths elemenent. We don't want the Samba code to + have to bother with such esoteric NDR details, so its easier to just + define it as a dom_sid and use pidl magic to make it all work. It + just means you need to mark a sid as a "dom_sid2" in the IDL when you + know it is of the conformant array variety +*/ +cpp_quote("#define dom_sid2 dom_sid") + +/* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */ +cpp_quote("#define dom_sid28 dom_sid") + [ - pointer_default(unique), - depends(misc,security) + pointer_default(unique) ] interface security { @@ -121,6 +138,8 @@ interface security const string SID_NULL = "S-1-0-0"; /* the world domain */ + const string NAME_WORLD = "WORLD"; + const string SID_WORLD_DOMAIN = "S-1-1"; const string SID_WORLD = "S-1-1-0"; @@ -130,6 +149,8 @@ interface security const string SID_CREATOR_GROUP = "S-1-3-1"; /* SECURITY_NT_AUTHORITY */ + const string NAME_NT_AUTHORITY = "NT AUTHORITY"; + const string SID_NT_AUTHORITY = "S-1-5"; const string SID_NT_DIALUP = "S-1-5-1"; const string SID_NT_NETWORK = "S-1-5-2"; @@ -150,6 +171,8 @@ interface security const string SID_NT_NETWORK_SERVICE = "S-1-5-20"; /* SECURITY_BUILTIN_DOMAIN_RID */ + const string NAME_BUILTIN = "BUILTIN"; + const string SID_BUILTIN = "S-1-5-32"; const string SID_BUILTIN_ADMINISTRATORS = "S-1-5-32-544"; const string SID_BUILTIN_USERS = "S-1-5-32-545"; @@ -169,6 +192,7 @@ interface security const int DOMAIN_RID_GUEST = 501; const int DOMAIN_RID_ADMINS = 512; const int DOMAIN_RID_USERS = 513; + const int DOMAIN_RID_DOMAIN_MEMBERS = 515; const int DOMAIN_RID_DCS = 516; const int DOMAIN_RID_CERT_ADMINS = 517; const int DOMAIN_RID_SCHEMA_ADMINS = 518; @@ -206,16 +230,6 @@ interface security SEC_PRIV_REMOTE_INTERACTIVE_LOGON = 24 } sec_privilege; - - /* a domain SID. Note that unlike Samba3 this contains a pointer, - so you can't copy them using assignment */ - typedef [public,gensize,noprint,noejs,nosize] struct { - uint8 sid_rev_num; /**< SID revision number */ - [range(0,15)] int8 num_auths; /**< Number of sub-authorities */ - uint8 id_auth[6]; /**< Identifier Authority */ - uint32 sub_auths[num_auths]; - } dom_sid; - typedef [bitmap8bit] bitmap { SEC_ACE_FLAG_OBJECT_INHERIT = 0x01, SEC_ACE_FLAG_CONTAINER_INHERIT = 0x02, @@ -239,7 +253,7 @@ interface security SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT = 8 } security_ace_type; - typedef bitmap { + typedef [bitmap32bit] bitmap { SEC_ACE_OBJECT_TYPE_PRESENT = 0x00000001, SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT = 0x00000002 } security_ace_object_flags; diff --git a/source3/librpc/idl/srvsvc.idl b/source3/librpc/idl/srvsvc.idl index c054dfdb45..c66486b29c 100644 --- a/source3/librpc/idl/srvsvc.idl +++ b/source3/librpc/idl/srvsvc.idl @@ -14,8 +14,8 @@ import "security.idl", "svcctl.idl"; helpstring("Server Service") ] interface srvsvc { - declare bitmap svcctl_ServerType; - declare bitmap security_secinfo; + typedef bitmap svcctl_ServerType svcctl_ServerType; + typedef bitmap security_secinfo security_secinfo; /**************************/ /* srvsvc_NetCharDev */ diff --git a/source3/librpc/idl/winreg.idl b/source3/librpc/idl/winreg.idl index a0d4323268..9f316ab39b 100644 --- a/source3/librpc/idl/winreg.idl +++ b/source3/librpc/idl/winreg.idl @@ -13,7 +13,7 @@ import "lsa.idl", "initshutdown.idl", "security.idl"; helpstring("Remote Registry Service") ] interface winreg { - declare bitmap security_secinfo; + typedef bitmap security_secinfo security_secinfo; typedef [bitmap32bit] bitmap { KEY_QUERY_VALUE = 0x00001, diff --git a/source3/librpc/idl/wkssvc.idl b/source3/librpc/idl/wkssvc.idl index dfb18e7ea8..9829379eef 100644 --- a/source3/librpc/idl/wkssvc.idl +++ b/source3/librpc/idl/wkssvc.idl @@ -14,7 +14,7 @@ import "srvsvc.idl", "lsa.idl"; endpoint("ncacn_np:[\\pipe\\wkssvc]","ncacn_ip_tcp:","ncalrpc:") ] interface wkssvc { - declare [v1_enum] enum srvsvc_PlatformId; + typedef [v1_enum] enum srvsvc_PlatformId srvsvc_PlatformId; #define BOOL uint32 diff --git a/source3/librpc/idl/xattr.idl b/source3/librpc/idl/xattr.idl new file mode 100644 index 0000000000..ec230a4efb --- /dev/null +++ b/source3/librpc/idl/xattr.idl @@ -0,0 +1,23 @@ +#include "idl_types.h" + +/* + IDL structures for xattrs +*/ + +[ + pointer_default(unique) +] +interface xattr +{ + /* xattrs for file systems that don't have any */ + + typedef [public] struct { + utf8string name; + DATA_BLOB value; + } tdb_xattr; + + typedef [public] struct { + uint32 num_xattrs; + tdb_xattr xattrs[num_xattrs]; + } tdb_xattrs; +} |