summaryrefslogtreecommitdiff
path: root/source4/librpc
diff options
context:
space:
mode:
Diffstat (limited to 'source4/librpc')
-rw-r--r--source4/librpc/config.mk69
-rw-r--r--source4/librpc/idl/dom_sid.idl42
-rw-r--r--source4/librpc/idl/samr.idl1424
-rw-r--r--source4/librpc/idl/security.cnf1
-rw-r--r--source4/librpc/idl/security.idl410
-rw-r--r--source4/librpc/ndr/ndr_dom_sid.c (renamed from source4/librpc/ndr/ndr_sec_helper.c)63
6 files changed, 82 insertions, 1927 deletions
diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk
index b2b9f2e7a7..97da760832 100644
--- a/source4/librpc/config.mk
+++ b/source4/librpc/config.mk
@@ -8,7 +8,7 @@ dcerpcsrcdir = $(librpcsrcdir)/rpc
PUBLIC_DEPENDENCIES = LIBSAMBA-ERRORS LIBTALLOC LIBSAMBA-UTIL CHARSET \
LIBSAMBA-HOSTCONFIG
-LIBNDR_OBJ_FILES = $(addprefix $(ndrsrcdir)/, ndr_string.o) ../librpc/ndr/ndr_basic.o ../librpc/ndr/uuid.o ../librpc/ndr/ndr.o
+LIBNDR_OBJ_FILES = $(addprefix $(ndrsrcdir)/, ndr_string.o) ../librpc/ndr/ndr_basic.o ../librpc/ndr/uuid.o ../librpc/ndr/ndr.o $(gen_ndrsrcdir)/ndr_misc.o ../librpc/ndr/ndr_misc.o
PC_FILES += ../librpc/ndr.pc
LIBNDR_VERSION = 0.0.1
@@ -18,6 +18,7 @@ LIBNDR_SOVERSION = 0
################################################
PUBLIC_HEADERS += ../librpc/ndr/libndr.h
+PUBLIC_HEADERS += $(gen_ndrsrcdir)/misc.h $(gen_ndrsrcdir)/ndr_misc.h
#################################
# Start BINARY ndrdump
@@ -49,17 +50,26 @@ PUBLIC_DEPENDENCIES = LIBSAMBA-ERRORS LIBNDR
NDR_COMPRESSION_OBJ_FILES = ../librpc/ndr/ndr_compression.o
[SUBSYSTEM::NDR_SECURITY]
-PUBLIC_DEPENDENCIES = NDR_MISC LIBSECURITY
+PUBLIC_DEPENDENCIES = LIBNDR LIBSECURITY
+
+NDR_SECURITY_OBJ_FILES = $(gen_ndrsrcdir)/ndr_security.o \
+ ../librpc/ndr/ndr_sec_helper.o \
+ $(gen_ndrsrcdir)/ndr_dom_sid.o \
+ $(ndrsrcdir)/ndr_dom_sid.o
-NDR_SECURITY_OBJ_FILES = $(gen_ndrsrcdir)/ndr_security.o $(ndrsrcdir)/ndr_sec_helper.o
+PUBLIC_HEADERS += $(addprefix $(gen_ndrsrcdir)/, security.h dom_sid.h)
-PUBLIC_HEADERS += $(gen_ndrsrcdir)/security.h
[SUBSYSTEM::NDR_AUDIOSRV]
PUBLIC_DEPENDENCIES = LIBNDR
NDR_AUDIOSRV_OBJ_FILES = $(gen_ndrsrcdir)/ndr_audiosrv.o
+[SUBSYSTEM::NDR_NAMED_PIPE_AUTH]
+PUBLIC_DEPENDENCIES = LIBNDR
+
+NDR_NAMED_PIPE_AUTH_OBJ_FILES = $(gen_ndrsrcdir)/ndr_named_pipe_auth.o
+
[SUBSYSTEM::NDR_DNSSERVER]
PUBLIC_DEPENDENCIES = LIBNDR
@@ -100,13 +110,6 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_SECURITY
NDR_EFS_OBJ_FILES = $(gen_ndrsrcdir)/ndr_efs.o
-[SUBSYSTEM::NDR_MISC]
-PUBLIC_DEPENDENCIES = LIBNDR
-
-NDR_MISC_OBJ_FILES = $(gen_ndrsrcdir)/ndr_misc.o ../librpc/ndr/ndr_misc.o
-
-PUBLIC_HEADERS += $(gen_ndrsrcdir)/misc.h $(gen_ndrsrcdir)/ndr_misc.h
-
[SUBSYSTEM::NDR_ROT]
PUBLIC_DEPENDENCIES = LIBNDR NDR_ORPC
@@ -120,7 +123,7 @@ NDR_LSA_OBJ_FILES = $(gen_ndrsrcdir)/ndr_lsa.o
PUBLIC_HEADERS += $(gen_ndrsrcdir)/lsa.h
[SUBSYSTEM::NDR_DFS]
-PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC
+PUBLIC_DEPENDENCIES = LIBNDR
NDR_DFS_OBJ_FILES = $(gen_ndrsrcdir)/ndr_dfs.o
@@ -140,7 +143,7 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_COMPRESSION NDR_SECURITY NDR_SAMR ASN1_UTIL
NDR_DRSUAPI_OBJ_FILES = $(gen_ndrsrcdir)/ndr_drsuapi.o ../librpc/ndr/ndr_drsuapi.o
[SUBSYSTEM::NDR_DRSBLOBS]
-PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_DRSUAPI
+PUBLIC_DEPENDENCIES = LIBNDR NDR_DRSUAPI
NDR_DRSBLOBS_OBJ_FILES = $(gen_ndrsrcdir)/ndr_drsblobs.o ../librpc/ndr/ndr_drsblobs.o
@@ -160,14 +163,14 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_SECURITY
NDR_UNIXINFO_OBJ_FILES = $(gen_ndrsrcdir)/ndr_unixinfo.o
[SUBSYSTEM::NDR_SAMR]
-PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_LSA NDR_SECURITY
+PUBLIC_DEPENDENCIES = LIBNDR NDR_LSA NDR_SECURITY
NDR_SAMR_OBJ_FILES = $(gen_ndrsrcdir)/ndr_samr.o
PUBLIC_HEADERS += $(addprefix $(librpcsrcdir)/, gen_ndr/samr.h gen_ndr/ndr_samr.h gen_ndr/ndr_samr_c.h)
[SUBSYSTEM::NDR_NFS4ACL]
-PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_SECURITY
+PUBLIC_DEPENDENCIES = LIBNDR NDR_SECURITY
NDR_NFS4ACL_OBJ_FILES = $(gen_ndrsrcdir)/ndr_nfs4acl.o
@@ -183,7 +186,7 @@ NDR_SPOOLSS_BUF_OBJ_FILES = $(ndrsrcdir)/ndr_spoolss_buf.o
$(eval $(call proto_header_template,$(ndrsrcdir)/ndr_spoolss_buf.h,$(NDR_SPOOLSS_BUF_OBJ_FILES:.o=.c)))
[SUBSYSTEM::NDR_WKSSVC]
-PUBLIC_DEPENDENCIES = LIBNDR NDR_SRVSVC NDR_MISC NDR_SECURITY
+PUBLIC_DEPENDENCIES = LIBNDR NDR_SRVSVC NDR_SECURITY
NDR_WKSSVC_OBJ_FILES = $(gen_ndrsrcdir)/ndr_wkssvc.o
@@ -193,7 +196,7 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_SVCCTL NDR_SECURITY
NDR_SRVSVC_OBJ_FILES = $(gen_ndrsrcdir)/ndr_srvsvc.o
[SUBSYSTEM::NDR_SVCCTL]
-PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC
+PUBLIC_DEPENDENCIES = LIBNDR
NDR_SVCCTL_OBJ_FILES = $(gen_ndrsrcdir)/ndr_svcctl.o
@@ -212,7 +215,7 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_LSA
NDR_EVENTLOG_OBJ_FILES = $(gen_ndrsrcdir)/ndr_eventlog.o
[SUBSYSTEM::NDR_EPMAPPER]
-PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC
+PUBLIC_DEPENDENCIES = LIBNDR
NDR_EPMAPPER_OBJ_FILES = $(gen_ndrsrcdir)/ndr_epmapper.o
@@ -222,7 +225,7 @@ PUBLIC_DEPENDENCIES = LIBNDR
NDR_DBGIDL_OBJ_FILES = $(gen_ndrsrcdir)/ndr_dbgidl.o
[SUBSYSTEM::NDR_DSSETUP]
-PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC
+PUBLIC_DEPENDENCIES = LIBNDR
NDR_DSSETUP_OBJ_FILES = $(gen_ndrsrcdir)/ndr_dssetup.o
@@ -237,7 +240,7 @@ PUBLIC_DEPENDENCIES = LIBNDR
NDR_WINS_OBJ_FILES = $(gen_ndrsrcdir)/ndr_wins.o
[SUBSYSTEM::NDR_WINREG]
-PUBLIC_DEPENDENCIES = LIBNDR NDR_INITSHUTDOWN NDR_SECURITY NDR_MISC
+PUBLIC_DEPENDENCIES = LIBNDR NDR_INITSHUTDOWN NDR_SECURITY
NDR_WINREG_OBJ_FILES = $(gen_ndrsrcdir)/ndr_winreg.o
@@ -262,12 +265,12 @@ PUBLIC_DEPENDENCIES = LIBNDR
NDR_ORPC_OBJ_FILES = $(gen_ndrsrcdir)/ndr_orpc.o ../librpc/ndr/ndr_orpc.o
[SUBSYSTEM::NDR_OXIDRESOLVER]
-PUBLIC_DEPENDENCIES = LIBNDR NDR_ORPC NDR_MISC
+PUBLIC_DEPENDENCIES = LIBNDR NDR_ORPC
NDR_OXIDRESOLVER_OBJ_FILES = $(gen_ndrsrcdir)/ndr_oxidresolver.o
[SUBSYSTEM::NDR_REMACT]
-PUBLIC_DEPENDENCIES = LIBNDR NDR_ORPC NDR_MISC
+PUBLIC_DEPENDENCIES = LIBNDR NDR_ORPC
NDR_REMACT_OBJ_FILES = $(gen_ndrsrcdir)/ndr_remact.o
@@ -299,7 +302,7 @@ NDR_NTSVCS_OBJ_FILES = $(gen_ndrsrcdir)/ndr_ntsvcs.o
[SUBSYSTEM::NDR_NETLOGON]
PUBLIC_DEPENDENCIES = LIBNDR NDR_SAMR NDR_LSA NDR_SECURITY
-NDR_NETLOGON_OBJ_FILES = $(gen_ndrsrcdir)/ndr_netlogon.o
+NDR_NETLOGON_OBJ_FILES = $(gen_ndrsrcdir)/ndr_netlogon.o ../librpc/ndr/ndr_netlogon.o
PUBLIC_HEADERS += $(addprefix $(librpcsrcdir)/, gen_ndr/netlogon.h)
@@ -339,7 +342,7 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_NBT
NDR_SCHANNEL_OBJ_FILES = $(gen_ndrsrcdir)/ndr_schannel.o
[SUBSYSTEM::NDR_NBT]
-PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_NBT_BUF NDR_SVCCTL NDR_SECURITY NDR_SAMR LIBCLI_NDR_NETLOGON
+PUBLIC_DEPENDENCIES = LIBNDR NDR_NBT_BUF NDR_SVCCTL NDR_SECURITY NDR_SAMR LIBCLI_NDR_NETLOGON
NDR_NBT_OBJ_FILES = $(gen_ndrsrcdir)/ndr_nbt.o
@@ -362,7 +365,7 @@ NDR_WINBIND_OBJ_FILES = $(gen_ndrsrcdir)/ndr_winbind.o
#PUBLIC_HEADERS += $(gen_ndrsrcdir)/winbind.h
$(librpcsrcdir)/idl-deps:
- $(PERL) $(librpcsrcdir)/idl-deps.pl $(filter-out ../librpc/idl/security.idl,$(wildcard $(librpcsrcdir)/idl/*.idl ../librpc/idl/*.idl)) >$@
+ $(PERL) $(librpcsrcdir)/idl-deps.pl $(wildcard $(librpcsrcdir)/idl/*.idl ../librpc/idl/*.idl) >$@
clean::
rm -f $(librpcsrcdir)/idl-deps
@@ -377,7 +380,7 @@ $(gen_ndrsrcdir)/tables.c: $(IDL_NDR_PARSE_H_FILES)
[SUBSYSTEM::NDR_TABLE]
PUBLIC_DEPENDENCIES = \
NDR_AUDIOSRV NDR_ECHO NDR_DCERPC \
- NDR_DSBACKUP NDR_EFS NDR_MISC NDR_LSA NDR_DFS NDR_DRSUAPI \
+ NDR_DSBACKUP NDR_EFS NDR_LSA NDR_DFS NDR_DRSUAPI \
NDR_POLICYAGENT NDR_UNIXINFO NDR_SAMR NDR_SPOOLSS NDR_WKSSVC NDR_SRVSVC NDR_ATSVC \
NDR_EVENTLOG NDR_EPMAPPER NDR_DBGIDL NDR_DSSETUP NDR_MSGSVC NDR_WINS \
NDR_WINREG NDR_MGMT NDR_PROTECTED_STORAGE NDR_OXIDRESOLVER \
@@ -386,7 +389,7 @@ PUBLIC_DEPENDENCIES = \
NDR_ROT NDR_DRSBLOBS NDR_SVCCTL NDR_NBT NDR_WINSREPL NDR_SECURITY \
NDR_INITSHUTDOWN NDR_DNSSERVER NDR_WINSTATION NDR_IRPC NDR_OPENDB \
NDR_SASL_HELPERS NDR_NOTIFY NDR_WINBIND NDR_FRSRPC NDR_FRSAPI NDR_NFS4ACL NDR_NTP_SIGND \
- NDR_DCOM NDR_WMI
+ NDR_DCOM NDR_WMI NDR_NAMED_PIPE_AUTH
NDR_TABLE_OBJ_FILES = ../librpc/ndr/ndr_table.o $(gen_ndrsrcdir)/tables.o
@@ -588,7 +591,7 @@ PUBLIC_DEPENDENCIES = dcerpc NDR_KEYSVC
RPC_NDR_KEYSVC_OBJ_FILES = $(gen_ndrsrcdir)/ndr_keysvc_c.o
[SUBSYSTEM::NDR_DCERPC]
-PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC
+PUBLIC_DEPENDENCIES = LIBNDR
NDR_DCERPC_OBJ_FILES = $(gen_ndrsrcdir)/ndr_dcerpc.o
@@ -626,7 +629,7 @@ PUBLIC_HEADERS += $(addprefix $(librpcsrcdir)/, rpc/dcerpc.h \
[PYTHON::python_dcerpc]
LIBRARY_REALNAME = samba/dcerpc/base.$(SHLIBEXT)
-PUBLIC_DEPENDENCIES = LIBCLI_SMB NDR_MISC LIBSAMBA-UTIL LIBSAMBA-HOSTCONFIG dcerpc_samr RPC_NDR_LSA DYNCONFIG swig_credentials param
+PUBLIC_DEPENDENCIES = LIBCLI_SMB LIBSAMBA-UTIL LIBSAMBA-HOSTCONFIG dcerpc_samr RPC_NDR_LSA DYNCONFIG swig_credentials param
python_dcerpc_OBJ_FILES = $(dcerpcsrcdir)/pyrpc.o
@@ -729,9 +732,15 @@ PRIVATE_DEPENDENCIES = RPC_NDR_DRSUAPI PYTALLOC param swig_credentials python_dc
python_drsuapi_OBJ_FILES = $(gen_ndrsrcdir)/py_drsuapi.o
+[PYTHON::python_dcerpc_dom_sid]
+LIBRARY_REALNAME = samba/dcerpc/dom_sid.$(SHLIBEXT)
+PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc
+
+python_dcerpc_dom_sid_OBJ_FILES = $(gen_ndrsrcdir)/py_dom_sid.o
+
[PYTHON::python_dcerpc_security]
LIBRARY_REALNAME = samba/dcerpc/security.$(SHLIBEXT)
-PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc
+PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc_dom_sid python_dcerpc
python_dcerpc_security_OBJ_FILES = $(gen_ndrsrcdir)/py_security.o
diff --git a/source4/librpc/idl/dom_sid.idl b/source4/librpc/idl/dom_sid.idl
new file mode 100644
index 0000000000..80df11dbfe
--- /dev/null
+++ b/source4/librpc/idl/dom_sid.idl
@@ -0,0 +1,42 @@
+/*
+ use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really
+ just a dom sid, but with the sub_auths represented as a conformant
+ array. As with all in-structure conformant arrays, the array length
+ is placed before the start of the structure. That's what gives rise
+ to the extra num_auths elemenent. We don't want the Samba code to
+ have to bother with such esoteric NDR details, so its easier to just
+ define it as a dom_sid and use pidl magic to make it all work. It
+ just means you need to mark a sid as a "dom_sid2" in the IDL when you
+ know it is of the conformant array variety
+*/
+cpp_quote("#define dom_sid2 dom_sid")
+
+/* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */
+cpp_quote("#define dom_sid28 dom_sid")
+
+/* same struct as dom_sid but in a variable byte buffer, which is maybe empty in NDR */
+cpp_quote("#define dom_sid0 dom_sid")
+
+[
+ pointer_default(unique)
+]
+interface dom_sid
+{
+ /* a domain SID. Note that unlike Samba3 this contains a pointer,
+ so you can't copy them using assignment */
+ typedef [public,gensize,noprint,noejs,nosize] struct {
+ uint8 sid_rev_num; /**< SID revision number */
+ [range(0,15)] int8 num_auths; /**< Number of sub-authorities */
+ uint8 id_auth[6]; /**< Identifier Authority */
+ uint32 sub_auths[num_auths];
+ } dom_sid;
+
+ /* id used to identify a endpoint, possibly in a cluster */
+ typedef [public] struct {
+ hyper id;
+ uint32 id2;
+ uint32 node;
+ } server_id;
+
+}
+
diff --git a/source4/librpc/idl/samr.idl b/source4/librpc/idl/samr.idl
deleted file mode 100644
index 47882dfb84..0000000000
--- a/source4/librpc/idl/samr.idl
+++ /dev/null
@@ -1,1424 +0,0 @@
-#include "idl_types.h"
-
-/*
- samr interface definition
-*/
-import "misc.idl", "lsa.idl", "security.idl";
-
-/*
- Thanks to Todd Sabin for some information from his samr.idl in acltools
-*/
-
-[ uuid("12345778-1234-abcd-ef00-0123456789ac"),
- version(1.0),
- endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
- pointer_default(unique)
-] interface samr
-{
- typedef bitmap security_secinfo security_secinfo;
-
- /* account control (acct_flags) bits */
- typedef [public,bitmap32bit] bitmap {
- ACB_DISABLED = 0x00000001, /* 1 = User account disabled */
- ACB_HOMDIRREQ = 0x00000002, /* 1 = Home directory required */
- ACB_PWNOTREQ = 0x00000004, /* 1 = User password not required */
- ACB_TEMPDUP = 0x00000008, /* 1 = Temporary duplicate account */
- ACB_NORMAL = 0x00000010, /* 1 = Normal user account */
- ACB_MNS = 0x00000020, /* 1 = MNS logon user account */
- ACB_DOMTRUST = 0x00000040, /* 1 = Interdomain trust account */
- ACB_WSTRUST = 0x00000080, /* 1 = Workstation trust account */
- ACB_SVRTRUST = 0x00000100, /* 1 = Server trust account */
- ACB_PWNOEXP = 0x00000200, /* 1 = User password does not expire */
- ACB_AUTOLOCK = 0x00000400, /* 1 = Account auto locked */
- ACB_ENC_TXT_PWD_ALLOWED = 0x00000800, /* 1 = Encryped text password is allowed */
- ACB_SMARTCARD_REQUIRED = 0x00001000, /* 1 = Smart Card required */
- ACB_TRUSTED_FOR_DELEGATION = 0x00002000, /* 1 = Trusted for Delegation */
- ACB_NOT_DELEGATED = 0x00004000, /* 1 = Not delegated */
- ACB_USE_DES_KEY_ONLY = 0x00008000, /* 1 = Use DES key only */
- ACB_DONT_REQUIRE_PREAUTH = 0x00010000, /* 1 = Preauth not required */
- ACB_PW_EXPIRED = 0x00020000, /* 1 = Password Expired */
- ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */
- } samr_AcctFlags;
-
- typedef [bitmap32bit] bitmap {
- SAMR_ACCESS_CONNECT_TO_SERVER = 0x00000001,
- SAMR_ACCESS_SHUTDOWN_SERVER = 0x00000002,
- SAMR_ACCESS_INITIALIZE_SERVER = 0x00000004,
- SAMR_ACCESS_CREATE_DOMAIN = 0x00000008,
- SAMR_ACCESS_ENUM_DOMAINS = 0x00000010,
- SAMR_ACCESS_OPEN_DOMAIN = 0x00000020
- } samr_ConnectAccessMask;
-
- typedef [bitmap32bit] bitmap {
- SAMR_USER_ACCESS_GET_NAME_ETC = 0x00000001,
- SAMR_USER_ACCESS_GET_LOCALE = 0x00000002,
- SAMR_USER_ACCESS_SET_LOC_COM = 0x00000004,
- SAMR_USER_ACCESS_GET_LOGONINFO = 0x00000008,
- SAMR_USER_ACCESS_GET_ATTRIBUTES = 0x00000010,
- SAMR_USER_ACCESS_SET_ATTRIBUTES = 0x00000020,
- SAMR_USER_ACCESS_CHANGE_PASSWORD = 0x00000040,
- SAMR_USER_ACCESS_SET_PASSWORD = 0x00000080,
- SAMR_USER_ACCESS_GET_GROUPS = 0x00000100,
- SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP = 0x00000200,
- SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400
- } samr_UserAccessMask;
-
- typedef [bitmap32bit] bitmap {
- SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001,
- SAMR_DOMAIN_ACCESS_SET_INFO_1 = 0x00000002,
- SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 = 0x00000004,
- SAMR_DOMAIN_ACCESS_SET_INFO_2 = 0x00000008,
- SAMR_DOMAIN_ACCESS_CREATE_USER = 0x00000010,
- SAMR_DOMAIN_ACCESS_CREATE_GROUP = 0x00000020,
- SAMR_DOMAIN_ACCESS_CREATE_ALIAS = 0x00000040,
- SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS = 0x00000080,
- SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS = 0x00000100,
- SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT = 0x00000200,
- SAMR_DOMAIN_ACCESS_SET_INFO_3 = 0x00000400
- } samr_DomainAccessMask;
-
- typedef [bitmap32bit] bitmap {
- SAMR_GROUP_ACCESS_LOOKUP_INFO = 0x00000001,
- SAMR_GROUP_ACCESS_SET_INFO = 0x00000002,
- SAMR_GROUP_ACCESS_ADD_MEMBER = 0x00000004,
- SAMR_GROUP_ACCESS_REMOVE_MEMBER = 0x00000008,
- SAMR_GROUP_ACCESS_GET_MEMBERS = 0x00000010
- } samr_GroupAccessMask;
-
- typedef [bitmap32bit] bitmap {
- SAMR_ALIAS_ACCESS_ADD_MEMBER = 0x00000001,
- SAMR_ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002,
- SAMR_ALIAS_ACCESS_GET_MEMBERS = 0x00000004,
- SAMR_ALIAS_ACCESS_LOOKUP_INFO = 0x00000008,
- SAMR_ALIAS_ACCESS_SET_INFO = 0x00000010
- } samr_AliasAccessMask;
-
- /******************/
- /* Function: 0x00 */
- NTSTATUS samr_Connect (
- /* notice the lack of [string] */
- [in,unique] uint16 *system_name,
- [in] samr_ConnectAccessMask access_mask,
- [out,ref] policy_handle *connect_handle
- );
-
-
- /******************/
- /* Function: 0x01 */
- [public] NTSTATUS samr_Close (
- [in,out,ref] policy_handle *handle
- );
-
- /******************/
- /* Function: 0x02 */
-
- NTSTATUS samr_SetSecurity (
- [in,ref] policy_handle *handle,
- [in] security_secinfo sec_info,
- [in,ref] sec_desc_buf *sdbuf
- );
-
- /******************/
- /* Function: 0x03 */
-
- NTSTATUS samr_QuerySecurity (
- [in,ref] policy_handle *handle,
- [in] security_secinfo sec_info,
- [out,unique] sec_desc_buf *sdbuf
- );
-
- /******************/
- /* Function: 0x04 */
-
- /*
- shutdown the SAM - once you call this the SAM will be dead
- */
- NTSTATUS samr_Shutdown (
- [in,ref] policy_handle *connect_handle
- );
-
- /******************/
- /* Function: 0x05 */
- NTSTATUS samr_LookupDomain (
- [in,ref] policy_handle *connect_handle,
- [in,ref] lsa_String *domain_name,
- [out,unique] dom_sid2 *sid
- );
-
-
- /******************/
- /* Function: 0x06 */
-
- typedef struct {
- uint32 idx;
- lsa_String name;
- } samr_SamEntry;
-
- typedef struct {
- uint32 count;
- [size_is(count)] samr_SamEntry *entries;
- } samr_SamArray;
-
- NTSTATUS samr_EnumDomains (
- [in,ref] policy_handle *connect_handle,
- [in,out,ref] uint32 *resume_handle,
- [in] uint32 buf_size,
- [out,unique] samr_SamArray *sam,
- [out] uint32 num_entries
- );
-
-
- /************************/
- /* Function 0x07 */
- [public] NTSTATUS samr_OpenDomain(
- [in,ref] policy_handle *connect_handle,
- [in] samr_DomainAccessMask access_mask,
- [in,ref] dom_sid2 *sid,
- [out,ref] policy_handle *domain_handle
- );
-
- /************************/
- /* Function 0x08 */
- /* server roles */
- typedef [v1_enum] enum {
- SAMR_ROLE_STANDALONE = 0,
- SAMR_ROLE_DOMAIN_MEMBER = 1,
- SAMR_ROLE_DOMAIN_BDC = 2,
- SAMR_ROLE_DOMAIN_PDC = 3
- } samr_Role;
-
- /* password properties flags */
- typedef [public,bitmap32bit] bitmap {
- DOMAIN_PASSWORD_COMPLEX = 0x00000001,
- DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002,
- DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004,
- DOMAIN_PASSWORD_LOCKOUT_ADMINS = 0x00000008,
- DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010,
- DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020
- } samr_PasswordProperties;
-
- typedef struct {
- uint16 min_password_length;
- uint16 password_history_length;
- samr_PasswordProperties password_properties;
- /* yes, these are signed. They are in negative 100ns */
- dlong max_password_age;
- dlong min_password_age;
- } samr_DomInfo1;
-
- typedef struct {
- NTTIME force_logoff_time;
- lsa_String oem_information; /* comment */
- lsa_String domain_name;
- lsa_String primary; /* PDC name if this is a BDC */
- udlong sequence_num;
- uint32 unknown2;
- samr_Role role;
- uint32 unknown3;
- uint32 num_users;
- uint32 num_groups;
- uint32 num_aliases;
- } samr_DomGeneralInformation;
-
- typedef struct {
- NTTIME force_logoff_time;
- } samr_DomInfo3;
-
- typedef struct {
- lsa_String oem_information; /* comment */
- } samr_DomOEMInformation;
-
- typedef struct {
- lsa_String domain_name;
- } samr_DomInfo5;
-
- typedef struct {
- lsa_String primary;
- } samr_DomInfo6;
-
- typedef struct {
- samr_Role role;
- } samr_DomInfo7;
-
- typedef struct {
- hyper sequence_num;
- NTTIME domain_create_time;
- } samr_DomInfo8;
-
- typedef struct {
- uint32 unknown; /* w2k3 returns 1 */
- } samr_DomInfo9;
-
- typedef struct {
- samr_DomGeneralInformation general;
- hyper lockout_duration;
- hyper lockout_window;
- uint16 lockout_threshold;
- } samr_DomGeneralInformation2;
-
- typedef struct {
- hyper lockout_duration;
- hyper lockout_window;
- uint16 lockout_threshold;
- } samr_DomInfo12;
-
- typedef struct {
- hyper sequence_num;
- NTTIME domain_create_time;
- uint32 unknown1;
- uint32 unknown2;
- } samr_DomInfo13;
-
- typedef [switch_type(uint16)] union {
- [case(1)] samr_DomInfo1 info1;
- [case(2)] samr_DomGeneralInformation general;
- [case(3)] samr_DomInfo3 info3;
- [case(4)] samr_DomOEMInformation oem;
- [case(5)] samr_DomInfo5 info5;
- [case(6)] samr_DomInfo6 info6;
- [case(7)] samr_DomInfo7 info7;
- [case(8)] samr_DomInfo8 info8;
- [case(9)] samr_DomInfo9 info9;
- [case(11)] samr_DomGeneralInformation2 general2;
- [case(12)] samr_DomInfo12 info12;
- [case(13)] samr_DomInfo13 info13;
- } samr_DomainInfo;
-
- NTSTATUS samr_QueryDomainInfo(
- [in,ref] policy_handle *domain_handle,
- [in] uint16 level,
- [out,switch_is(level),unique] samr_DomainInfo *info
- );
-
- /************************/
- /* Function 0x09 */
- /*
- only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
- call in w2k3
- */
- NTSTATUS samr_SetDomainInfo(
- [in,ref] policy_handle *domain_handle,
- [in] uint16 level,
- [in,switch_is(level),ref] samr_DomainInfo *info
- );
-
-
- /************************/
- /* Function 0x0a */
- NTSTATUS samr_CreateDomainGroup(
- [in,ref] policy_handle *domain_handle,
- [in,ref] lsa_String *name,
- [in] samr_GroupAccessMask access_mask,
- [out,ref] policy_handle *group_handle,
- [out,ref] uint32 *rid
- );
-
-
- /************************/
- /* Function 0x0b */
- NTSTATUS samr_EnumDomainGroups(
- [in,ref] policy_handle *domain_handle,
- [in,out,ref] uint32 *resume_handle,
- [in] uint32 max_size,
- [out,unique] samr_SamArray *sam,
- [out] uint32 num_entries
- );
-
- /************************/
- /* Function 0x0c */
- NTSTATUS samr_CreateUser(
- [in,ref] policy_handle *domain_handle,
- [in,ref] lsa_String *account_name,
- [in] samr_UserAccessMask access_mask,
- [out,ref] policy_handle *user_handle,
- [out,ref] uint32 *rid
- );
-
- /************************/
- /* Function 0x0d */
-
-
- /* w2k3 treats max_size as max_users*54 and sets the
- resume_handle as the rid of the last user sent
- */
- const int SAMR_ENUM_USERS_MULTIPLIER = 54;
-
- NTSTATUS samr_EnumDomainUsers(
- [in,ref] policy_handle *domain_handle,
- [in,out,ref] uint32 *resume_handle,
- [in] samr_AcctFlags acct_flags,
- [in] uint32 max_size,
- [out,unique] samr_SamArray *sam,
- [out] uint32 num_entries
- );
-
- /************************/
- /* Function 0x0e */
- NTSTATUS samr_CreateDomAlias(
- [in,ref] policy_handle *domain_handle,
- [in,ref] lsa_String *alias_name,
- [in] samr_AliasAccessMask access_mask,
- [out,ref] policy_handle *alias_handle,
- [out,ref] uint32 *rid
- );
-
- /************************/
- /* Function 0x0f */
- NTSTATUS samr_EnumDomainAliases(
- [in,ref] policy_handle *domain_handle,
- [in,out,ref] uint32 *resume_handle,
- [in] samr_AcctFlags acct_flags,
- [out,unique] samr_SamArray *sam,
- [out] uint32 num_entries
- );
-
- /************************/
- /* Function 0x10 */
-
- typedef struct {
- [range(0,1024)] uint32 count;
- [size_is(count)] uint32 *ids;
- } samr_Ids;
-
- NTSTATUS samr_GetAliasMembership(
- [in,ref] policy_handle *domain_handle,
- [in,ref] lsa_SidArray *sids,
- [out,ref] samr_Ids *rids
- );
-
- /************************/
- /* Function 0x11 */
-
- [public] NTSTATUS samr_LookupNames(
- [in,ref] policy_handle *domain_handle,
- [in,range(0,1000)] uint32 num_names,
- [in,size_is(1000),length_is(num_names)] lsa_String names[],
- [out] samr_Ids rids,
- [out] samr_Ids types
- );
-
-
- /************************/
- /* Function 0x12 */
- NTSTATUS samr_LookupRids(
- [in,ref] policy_handle *domain_handle,
- [in,range(0,1000)] uint32 num_rids,
- [in,size_is(1000),length_is(num_rids)] uint32 rids[],
- [out] lsa_Strings names,
- [out] samr_Ids types
- );
-
- /************************/
- /* Function 0x13 */
- NTSTATUS samr_OpenGroup(
- [in,ref] policy_handle *domain_handle,
- [in] samr_GroupAccessMask access_mask,
- [in] uint32 rid,
- [out,ref] policy_handle *group_handle
- );
-
- /* Group attributes */
- typedef [public,bitmap32bit] bitmap {
- SE_GROUP_MANDATORY = 0x00000001,
- SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002,
- SE_GROUP_ENABLED = 0x00000004,
- SE_GROUP_OWNER = 0x00000008,
- SE_GROUP_USE_FOR_DENY_ONLY = 0x00000010,
- SE_GROUP_RESOURCE = 0x20000000,
- SE_GROUP_LOGON_ID = 0xC0000000
- } samr_GroupAttrs;
-
- /************************/
- /* Function 0x14 */
-
- typedef struct {
- lsa_String name;
- samr_GroupAttrs attributes;
- uint32 num_members;
- lsa_String description;
- } samr_GroupInfoAll;
-
- typedef struct {
- samr_GroupAttrs attributes;
- } samr_GroupInfoAttributes;
-
- typedef struct {
- lsa_String description;
- } samr_GroupInfoDescription;
-
- typedef enum {
- GROUPINFOALL = 1,
- GROUPINFONAME = 2,
- GROUPINFOATTRIBUTES = 3,
- GROUPINFODESCRIPTION = 4,
- GROUPINFOALL2 = 5
- } samr_GroupInfoEnum;
-
- typedef [switch_type(samr_GroupInfoEnum)] union {
- [case(GROUPINFOALL)] samr_GroupInfoAll all;
- [case(GROUPINFONAME)] lsa_String name;
- [case(GROUPINFOATTRIBUTES)] samr_GroupInfoAttributes attributes;
- [case(GROUPINFODESCRIPTION)] lsa_String description;
- [case(GROUPINFOALL2)] samr_GroupInfoAll all2;
- } samr_GroupInfo;
-
- NTSTATUS samr_QueryGroupInfo(
- [in,ref] policy_handle *group_handle,
- [in] samr_GroupInfoEnum level,
- [out,switch_is(level),unique] samr_GroupInfo *info
- );
-
- /************************/
- /* Function 0x15 */
- NTSTATUS samr_SetGroupInfo(
- [in,ref] policy_handle *group_handle,
- [in] samr_GroupInfoEnum level,
- [in,switch_is(level),ref] samr_GroupInfo *info
- );
-
- /************************/
- /* Function 0x16 */
- NTSTATUS samr_AddGroupMember(
- [in,ref] policy_handle *group_handle,
- [in] uint32 rid,
- [in] uint32 flags
- );
-
- /************************/
- /* Function 0x17 */
- NTSTATUS samr_DeleteDomainGroup(
- [in,out,ref] policy_handle *group_handle
- );
-
- /************************/
- /* Function 0x18 */
- NTSTATUS samr_DeleteGroupMember(
- [in,ref] policy_handle *group_handle,
- [in] uint32 rid
- );
-
-
- /************************/
- /* Function 0x19 */
- typedef struct {
- uint32 count;
- [size_is(count)] uint32 *rids;
- [size_is(count)] uint32 *types;
- } samr_RidTypeArray;
-
- NTSTATUS samr_QueryGroupMember(
- [in,ref] policy_handle *group_handle,
- [out,unique] samr_RidTypeArray *rids
- );
-
-
- /************************/
- /* Function 0x1a */
-
- /*
- win2003 seems to accept any data at all for the two integers
- below, and doesn't seem to do anything with them that I can
- see. Weird. I really expected the first integer to be a rid
- and the second to be the attributes for that rid member.
- */
- NTSTATUS samr_SetMemberAttributesOfGroup(
- [in,ref] policy_handle *group_handle,
- [in] uint32 unknown1,
- [in] uint32 unknown2
- );
-
-
- /************************/
- /* Function 0x1b */
- NTSTATUS samr_OpenAlias (
- [in,ref] policy_handle *domain_handle,
- [in] samr_AliasAccessMask access_mask,
- [in] uint32 rid,
- [out,ref] policy_handle *alias_handle
- );
-
-
- /************************/
- /* Function 0x1c */
-
- typedef struct {
- lsa_String name;
- uint32 num_members;
- lsa_String description;
- } samr_AliasInfoAll;
-
- typedef enum {
- ALIASINFOALL = 1,
- ALIASINFONAME = 2,
- ALIASINFODESCRIPTION = 3
- } samr_AliasInfoEnum;
-
- typedef [switch_type(samr_AliasInfoEnum)] union {
- [case(ALIASINFOALL)] samr_AliasInfoAll all;
- [case(ALIASINFONAME)] lsa_String name;
- [case(ALIASINFODESCRIPTION)] lsa_String description;
- } samr_AliasInfo;
-
- NTSTATUS samr_QueryAliasInfo(
- [in,ref] policy_handle *alias_handle,
- [in] samr_AliasInfoEnum level,
- [out,switch_is(level),unique] samr_AliasInfo *info
- );
-
- /************************/
- /* Function 0x1d */
- NTSTATUS samr_SetAliasInfo(
- [in,ref] policy_handle *alias_handle,
- [in] samr_AliasInfoEnum level,
- [in,switch_is(level),ref] samr_AliasInfo *info
- );
-
- /************************/
- /* Function 0x1e */
- NTSTATUS samr_DeleteDomAlias(
- [in,out,ref] policy_handle *alias_handle
- );
-
- /************************/
- /* Function 0x1f */
- NTSTATUS samr_AddAliasMember(
- [in,ref] policy_handle *alias_handle,
- [in,ref] dom_sid2 *sid
- );
-
- /************************/
- /* Function 0x20 */
- NTSTATUS samr_DeleteAliasMember(
- [in,ref] policy_handle *alias_handle,
- [in,ref] dom_sid2 *sid
- );
-
- /************************/
- /* Function 0x21 */
- NTSTATUS samr_GetMembersInAlias(
- [in,ref] policy_handle *alias_handle,
- [out,ref] lsa_SidArray *sids
- );
-
- /************************/
- /* Function 0x22 */
- [public] NTSTATUS samr_OpenUser(
- [in,ref] policy_handle *domain_handle,
- [in] samr_UserAccessMask access_mask,
- [in] uint32 rid,
- [out,ref] policy_handle *user_handle
- );
-
- /************************/
- /* Function 0x23 */
- NTSTATUS samr_DeleteUser(
- [in,out,ref] policy_handle *user_handle
- );
-
- /************************/
- /* Function 0x24 */
- typedef struct {
- lsa_String account_name;
- lsa_String full_name;
- uint32 primary_gid;
- lsa_String description;
- lsa_String comment;
- } samr_UserInfo1;
-
- typedef struct {
- lsa_String comment;
- lsa_String unknown; /* settable, but doesn't stick. probably obsolete */
- uint16 country_code;
- uint16 code_page;
- } samr_UserInfo2;
-
- /* this is also used in samr and netlogon */
- typedef [public, flag(NDR_PAHEX)] struct {
- uint16 units_per_week;
- [size_is(1260), length_is(units_per_week/8)] uint8 *bits;
- } samr_LogonHours;
-
- typedef struct {
- lsa_String account_name;
- lsa_String full_name;
- uint32 rid;
- uint32 primary_gid;
- lsa_String home_directory;
- lsa_String home_drive;
- lsa_String logon_script;
- lsa_String profile_path;
- lsa_String workstations;
- NTTIME last_logon;
- NTTIME last_logoff;
- NTTIME last_password_change;
- NTTIME allow_password_change;
- NTTIME force_password_change;
- samr_LogonHours logon_hours;
- uint16 bad_password_count;
- uint16 logon_count;
- samr_AcctFlags acct_flags;
- } samr_UserInfo3;
-
- typedef struct {
- samr_LogonHours logon_hours;
- } samr_UserInfo4;
-
- typedef struct {
- lsa_String account_name;
- lsa_String full_name;
- uint32 rid;
- uint32 primary_gid;
- lsa_String home_directory;
- lsa_String home_drive;
- lsa_String logon_script;
- lsa_String profile_path;
- lsa_String description;
- lsa_String workstations;
- NTTIME last_logon;
- NTTIME last_logoff;
- samr_LogonHours logon_hours;
- uint16 bad_password_count;
- uint16 logon_count;
- NTTIME last_password_change;
- NTTIME acct_expiry;
- samr_AcctFlags acct_flags;
- } samr_UserInfo5;
-
- typedef struct {
- lsa_String account_name;
- lsa_String full_name;
- } samr_UserInfo6;
-
- typedef struct {
- lsa_String account_name;
- } samr_UserInfo7;
-
- typedef struct {
- lsa_String full_name;
- } samr_UserInfo8;
-
- typedef struct {
- uint32 primary_gid;
- } samr_UserInfo9;
-
- typedef struct {
- lsa_String home_directory;
- lsa_String home_drive;
- } samr_UserInfo10;
-
- typedef struct {
- lsa_String logon_script;
- } samr_UserInfo11;
-
- typedef struct {
- lsa_String profile_path;
- } samr_UserInfo12;
-
- typedef struct {
- lsa_String description;
- } samr_UserInfo13;
-
- typedef struct {
- lsa_String workstations;
- } samr_UserInfo14;
-
- typedef struct {
- samr_AcctFlags acct_flags;
- } samr_UserInfo16;
-
- typedef struct {
- NTTIME acct_expiry;
- } samr_UserInfo17;
-
- typedef [public, flag(NDR_PAHEX)] struct {
- uint8 hash[16];
- } samr_Password;
-
- typedef struct {
- samr_Password lm_pwd;
- samr_Password nt_pwd;
- boolean8 lm_pwd_active;
- boolean8 nt_pwd_active;
- } samr_UserInfo18;
-
- typedef struct {
- lsa_String parameters;
- } samr_UserInfo20;
-
- /* this defines the bits used for fields_present in info21 */
- typedef [bitmap32bit] bitmap {
- SAMR_FIELD_ACCOUNT_NAME = 0x00000001,
- SAMR_FIELD_FULL_NAME = 0x00000002,
- SAMR_FIELD_RID = 0x00000004,
- SAMR_FIELD_PRIMARY_GID = 0x00000008,
- SAMR_FIELD_DESCRIPTION = 0x00000010,
- SAMR_FIELD_COMMENT = 0x00000020,
- SAMR_FIELD_HOME_DIRECTORY = 0x00000040,
- SAMR_FIELD_HOME_DRIVE = 0x00000080,
- SAMR_FIELD_LOGON_SCRIPT = 0x00000100,
- SAMR_FIELD_PROFILE_PATH = 0x00000200,
- SAMR_FIELD_WORKSTATIONS = 0x00000400,
- SAMR_FIELD_LAST_LOGON = 0x00000800,
- SAMR_FIELD_LAST_LOGOFF = 0x00001000,
- SAMR_FIELD_LOGON_HOURS = 0x00002000,
- SAMR_FIELD_BAD_PWD_COUNT = 0x00004000,
- SAMR_FIELD_NUM_LOGONS = 0x00008000,
- SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000,
- SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000,
- SAMR_FIELD_LAST_PWD_CHANGE = 0x00040000,
- SAMR_FIELD_ACCT_EXPIRY = 0x00080000,
- SAMR_FIELD_ACCT_FLAGS = 0x00100000,
- SAMR_FIELD_PARAMETERS = 0x00200000,
- SAMR_FIELD_COUNTRY_CODE = 0x00400000,
- SAMR_FIELD_CODE_PAGE = 0x00800000,
- SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */
- SAMR_FIELD_PASSWORD2 = 0x02000000, /* two bits seems to work */
- SAMR_FIELD_PRIVATE_DATA = 0x04000000,
- SAMR_FIELD_EXPIRED_FLAG = 0x08000000,
- SAMR_FIELD_SEC_DESC = 0x10000000,
- SAMR_FIELD_OWF_PWD = 0x20000000
- } samr_FieldsPresent;
-
- /* used for 'password_expired' in samr_UserInfo21 */
- const int PASS_MUST_CHANGE_AT_NEXT_LOGON = 0x01;
- const int PASS_DONT_CHANGE_AT_NEXT_LOGON = 0x00;
-
- typedef struct {
- NTTIME last_logon;
- NTTIME last_logoff;
- NTTIME last_password_change;
- NTTIME acct_expiry;
- NTTIME allow_password_change;
- NTTIME force_password_change;
- lsa_String account_name;
- lsa_String full_name;
- lsa_String home_directory;
- lsa_String home_drive;
- lsa_String logon_script;
- lsa_String profile_path;
- lsa_String description;
- lsa_String workstations;
- lsa_String comment;
- lsa_String parameters;
- lsa_String unknown1;
- lsa_String unknown2;
- lsa_String unknown3;
- uint32 buf_count;
- [size_is(buf_count)] uint8 *buffer;
- uint32 rid;
- uint32 primary_gid;
- samr_AcctFlags acct_flags;
- samr_FieldsPresent fields_present;
- samr_LogonHours logon_hours;
- uint16 bad_password_count;
- uint16 logon_count;
- uint16 country_code;
- uint16 code_page;
- uint8 nt_password_set;
- uint8 lm_password_set;
- uint8 password_expired;
- uint8 unknown4;
- } samr_UserInfo21;
-
- typedef [public, flag(NDR_PAHEX)] struct {
- uint8 data[516];
- } samr_CryptPassword;
-
- typedef struct {
- samr_UserInfo21 info;
- samr_CryptPassword password;
- } samr_UserInfo23;
-
- typedef struct {
- samr_CryptPassword password;
- uint8 pw_len;
- } samr_UserInfo24;
-
- typedef [flag(NDR_PAHEX)] struct {
- uint8 data[532];
- } samr_CryptPasswordEx;
-
- typedef struct {
- samr_UserInfo21 info;
- samr_CryptPasswordEx password;
- } samr_UserInfo25;
-
- typedef struct {
- samr_CryptPasswordEx password;
- uint8 pw_len;
- } samr_UserInfo26;
-
- typedef [switch_type(uint16)] union {
- [case(1)] samr_UserInfo1 info1;
- [case(2)] samr_UserInfo2 info2;
- [case(3)] samr_UserInfo3 info3;
- [case(4)] samr_UserInfo4 info4;
- [case(5)] samr_UserInfo5 info5;
- [case(6)] samr_UserInfo6 info6;
- [case(7)] samr_UserInfo7 info7;
- [case(8)] samr_UserInfo8 info8;
- [case(9)] samr_UserInfo9 info9;
- [case(10)] samr_UserInfo10 info10;
- [case(11)] samr_UserInfo11 info11;
- [case(12)] samr_UserInfo12 info12;
- [case(13)] samr_UserInfo13 info13;
- [case(14)] samr_UserInfo14 info14;
- [case(16)] samr_UserInfo16 info16;
- [case(17)] samr_UserInfo17 info17;
- [case(18)] samr_UserInfo18 info18;
- [case(20)] samr_UserInfo20 info20;
- [case(21)] samr_UserInfo21 info21;
- [case(23)] samr_UserInfo23 info23;
- [case(24)] samr_UserInfo24 info24;
- [case(25)] samr_UserInfo25 info25;
- [case(26)] samr_UserInfo26 info26;
- } samr_UserInfo;
-
- [public] NTSTATUS samr_QueryUserInfo(
- [in,ref] policy_handle *user_handle,
- [in] uint16 level,
- [out,unique,switch_is(level)] samr_UserInfo *info
- );
-
-
- /************************/
- /* Function 0x25 */
- [public] NTSTATUS samr_SetUserInfo(
- [in,ref] policy_handle *user_handle,
- [in] uint16 level,
- [in,ref,switch_is(level)] samr_UserInfo *info
- );
-
- /************************/
- /* Function 0x26 */
- /*
- this is a password change interface that doesn't give
- the server the plaintext password. Depricated.
- */
- NTSTATUS samr_ChangePasswordUser(
- [in,ref] policy_handle *user_handle,
- [in] boolean8 lm_present,
- [in,unique] samr_Password *old_lm_crypted,
- [in,unique] samr_Password *new_lm_crypted,
- [in] boolean8 nt_present,
- [in,unique] samr_Password *old_nt_crypted,
- [in,unique] samr_Password *new_nt_crypted,
- [in] boolean8 cross1_present,
- [in,unique] samr_Password *nt_cross,
- [in] boolean8 cross2_present,
- [in,unique] samr_Password *lm_cross
- );
-
- /************************/
- /* Function 0x27 */
-
- typedef [public] struct {
- uint32 rid;
- samr_GroupAttrs attributes;
- } samr_RidWithAttribute;
-
- typedef [public] struct {
- uint32 count;
- [size_is(count)] samr_RidWithAttribute *rids;
- } samr_RidWithAttributeArray;
-
- NTSTATUS samr_GetGroupsForUser(
- [in,ref] policy_handle *user_handle,
- [out,unique] samr_RidWithAttributeArray *rids
- );
-
- /************************/
- /* Function 0x28 */
-
- typedef struct {
- uint32 idx;
- uint32 rid;
- samr_AcctFlags acct_flags;
- lsa_String account_name;
- lsa_String description;
- lsa_String full_name;
- } samr_DispEntryGeneral;
-
- typedef struct {
- uint32 count;
- [size_is(count)] samr_DispEntryGeneral *entries;
- } samr_DispInfoGeneral;
-
- typedef struct {
- uint32 idx;
- uint32 rid;
- samr_AcctFlags acct_flags;
- lsa_String account_name;
- lsa_String description;
- } samr_DispEntryFull;
-
- typedef struct {
- uint32 count;
- [size_is(count)] samr_DispEntryFull *entries;
- } samr_DispInfoFull;
-
- typedef struct {
- uint32 idx;
- uint32 rid;
- samr_GroupAttrs acct_flags;
- lsa_String account_name;
- lsa_String description;
- } samr_DispEntryFullGroup;
-
- typedef struct {
- uint32 count;
- [size_is(count)] samr_DispEntryFullGroup *entries;
- } samr_DispInfoFullGroups;
-
- typedef struct {
- uint32 idx;
- lsa_AsciiStringLarge account_name;
- } samr_DispEntryAscii;
-
- typedef struct {
- uint32 count;
- [size_is(count)] samr_DispEntryAscii *entries;
- } samr_DispInfoAscii;
-
- typedef [switch_type(uint16)] union {
- [case(1)] samr_DispInfoGeneral info1;/* users */
- [case(2)] samr_DispInfoFull info2; /* trust accounts? */
- [case(3)] samr_DispInfoFullGroups info3; /* groups */
- [case(4)] samr_DispInfoAscii info4; /* users */
- [case(5)] samr_DispInfoAscii info5; /* groups */
- } samr_DispInfo;
-
- NTSTATUS samr_QueryDisplayInfo(
- [in,ref] policy_handle *domain_handle,
- [in] uint16 level,
- [in] uint32 start_idx,
- [in] uint32 max_entries,
- [in] uint32 buf_size,
- [out] uint32 total_size,
- [out] uint32 returned_size,
- [out,switch_is(level)] samr_DispInfo info
- );
-
-
- /************************/
- /* Function 0x29 */
-
- /*
- this seems to be an alphabetic search function. The returned index
- is the index for samr_QueryDisplayInfo needed to get names occurring
- after the specified name. The supplied name does not need to exist
- in the database (for example you can supply just a first letter for
- searching starting at that letter)
-
- The level corresponds to the samr_QueryDisplayInfo level
- */
- NTSTATUS samr_GetDisplayEnumerationIndex(
- [in,ref] policy_handle *domain_handle,
- [in] uint16 level,
- [in] lsa_String name,
- [out] uint32 idx
- );
-
-
-
- /************************/
- /* Function 0x2a */
-
- /*
- w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
- */
- NTSTATUS samr_TestPrivateFunctionsDomain(
- [in,ref] policy_handle *domain_handle
- );
-
-
- /************************/
- /* Function 0x2b */
-
- /*
- w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
- */
- NTSTATUS samr_TestPrivateFunctionsUser(
- [in,ref] policy_handle *user_handle
- );
-
-
- /************************/
- /* Function 0x2c */
-
- typedef struct {
- uint16 min_password_length;
- samr_PasswordProperties password_properties;
- } samr_PwInfo;
-
- [public] NTSTATUS samr_GetUserPwInfo(
- [in,ref] policy_handle *user_handle,
- [out] samr_PwInfo info
- );
-
- /************************/
- /* Function 0x2d */
- NTSTATUS samr_RemoveMemberFromForeignDomain(
- [in,ref] policy_handle *domain_handle,
- [in,ref] dom_sid2 *sid
- );
-
- /************************/
- /* Function 0x2e */
-
- /*
- how is this different from QueryDomainInfo ??
- */
- NTSTATUS samr_QueryDomainInfo2(
- [in,ref] policy_handle *domain_handle,
- [in] uint16 level,
- [out,unique,switch_is(level)] samr_DomainInfo *info
- );
-
- /************************/
- /* Function 0x2f */
-
- /*
- how is this different from QueryUserInfo ??
- */
- NTSTATUS samr_QueryUserInfo2(
- [in,ref] policy_handle *user_handle,
- [in] uint16 level,
- [out,unique,switch_is(level)] samr_UserInfo *info
- );
-
- /************************/
- /* Function 0x30 */
-
- /*
- how is this different from QueryDisplayInfo??
- */
- NTSTATUS samr_QueryDisplayInfo2(
- [in,ref] policy_handle *domain_handle,
- [in] uint16 level,
- [in] uint32 start_idx,
- [in] uint32 max_entries,
- [in] uint32 buf_size,
- [out] uint32 total_size,
- [out] uint32 returned_size,
- [out,switch_is(level)] samr_DispInfo info
- );
-
- /************************/
- /* Function 0x31 */
-
- /*
- how is this different from GetDisplayEnumerationIndex ??
- */
- NTSTATUS samr_GetDisplayEnumerationIndex2(
- [in,ref] policy_handle *domain_handle,
- [in] uint16 level,
- [in] lsa_String name,
- [out] uint32 idx
- );
-
-
- /************************/
- /* Function 0x32 */
- NTSTATUS samr_CreateUser2(
- [in,ref] policy_handle *domain_handle,
- [in,ref] lsa_String *account_name,
- [in] samr_AcctFlags acct_flags,
- [in] samr_UserAccessMask access_mask,
- [out,ref] policy_handle *user_handle,
- [out,ref] uint32 *access_granted,
- [out,ref] uint32 *rid
- );
-
-
- /************************/
- /* Function 0x33 */
-
- /*
- another duplicate. There must be a reason ....
- */
- NTSTATUS samr_QueryDisplayInfo3(
- [in,ref] policy_handle *domain_handle,
- [in] uint16 level,
- [in] uint32 start_idx,
- [in] uint32 max_entries,
- [in] uint32 buf_size,
- [out] uint32 total_size,
- [out] uint32 returned_size,
- [out,switch_is(level)] samr_DispInfo info
- );
-
- /************************/
- /* Function 0x34 */
- NTSTATUS samr_AddMultipleMembersToAlias(
- [in,ref] policy_handle *alias_handle,
- [in,ref] lsa_SidArray *sids
- );
-
- /************************/
- /* Function 0x35 */
- NTSTATUS samr_RemoveMultipleMembersFromAlias(
- [in,ref] policy_handle *alias_handle,
- [in,ref] lsa_SidArray *sids
- );
-
- /************************/
- /* Function 0x36 */
-
- NTSTATUS samr_OemChangePasswordUser2(
- [in,unique] lsa_AsciiString *server,
- [in,ref] lsa_AsciiString *account,
- [in,unique] samr_CryptPassword *password,
- [in,unique] samr_Password *hash
- );
-
- /************************/
- /* Function 0x37 */
- NTSTATUS samr_ChangePasswordUser2(
- [in,unique] lsa_String *server,
- [in,ref] lsa_String *account,
- [in,unique] samr_CryptPassword *nt_password,
- [in,unique] samr_Password *nt_verifier,
- [in] boolean8 lm_change,
- [in,unique] samr_CryptPassword *lm_password,
- [in,unique] samr_Password *lm_verifier
- );
-
- /************************/
- /* Function 0x38 */
- NTSTATUS samr_GetDomPwInfo(
- [in,unique] lsa_String *domain_name,
- [out] samr_PwInfo info
- );
-
- /************************/
- /* Function 0x39 */
- NTSTATUS samr_Connect2(
- [in,unique,string,charset(UTF16)] uint16 *system_name,
- [in] samr_ConnectAccessMask access_mask,
- [out,ref] policy_handle *connect_handle
- );
-
- /************************/
- /* Function 0x3a */
- /*
- seems to be an exact alias for samr_SetUserInfo()
- */
- [public] NTSTATUS samr_SetUserInfo2(
- [in,ref] policy_handle *user_handle,
- [in] uint16 level,
- [in,ref,switch_is(level)] samr_UserInfo *info
- );
-
- /************************/
- /* Function 0x3b */
- /*
- this one is mysterious. I have a few guesses, but nothing working yet
- */
- NTSTATUS samr_SetBootKeyInformation(
- [in,ref] policy_handle *connect_handle,
- [in] uint32 unknown1,
- [in] uint32 unknown2,
- [in] uint32 unknown3
- );
-
- /************************/
- /* Function 0x3c */
- NTSTATUS samr_GetBootKeyInformation(
- [in,ref] policy_handle *domain_handle,
- [out] uint32 unknown
- );
-
- /************************/
- /* Function 0x3d */
- NTSTATUS samr_Connect3(
- [in,unique,string,charset(UTF16)] uint16 *system_name,
- /* this unknown value seems to be completely ignored by w2k3 */
- [in] uint32 unknown,
- [in] samr_ConnectAccessMask access_mask,
- [out,ref] policy_handle *connect_handle
- );
-
- /************************/
- /* Function 0x3e */
-
- typedef enum {
- SAMR_CONNECT_PRE_W2K = 1,
- SAMR_CONNECT_W2K = 2,
- SAMR_CONNECT_AFTER_W2K = 3
- } samr_ConnectVersion;
-
- NTSTATUS samr_Connect4(
- [in,unique,string,charset(UTF16)] uint16 *system_name,
- [in] samr_ConnectVersion client_version,
- [in] samr_ConnectAccessMask access_mask,
- [out,ref] policy_handle *connect_handle
- );
-
- /************************/
- /* Function 0x3f */
-
- typedef enum samr_RejectReason samr_RejectReason;
-
- typedef struct {
- samr_RejectReason reason;
- uint32 unknown1;
- uint32 unknown2;
- } samr_ChangeReject;
-
- NTSTATUS samr_ChangePasswordUser3(
- [in,unique] lsa_String *server,
- [in,ref] lsa_String *account,
- [in,unique] samr_CryptPassword *nt_password,
- [in,unique] samr_Password *nt_verifier,
- [in] boolean8 lm_change,
- [in,unique] samr_CryptPassword *lm_password,
- [in,unique] samr_Password *lm_verifier,
- [in,unique] samr_CryptPassword *password3,
- [out,unique] samr_DomInfo1 *dominfo,
- [out,unique] samr_ChangeReject *reject
- );
-
- /************************/
- /* Function 0x40 */
-
- typedef struct {
- samr_ConnectVersion client_version; /* w2k3 gives 3 */
- uint32 unknown2; /* w2k3 gives 0 */
- } samr_ConnectInfo1;
-
- typedef union {
- [case(1)] samr_ConnectInfo1 info1;
- } samr_ConnectInfo;
-
- [public] NTSTATUS samr_Connect5(
- [in,unique,string,charset(UTF16)] uint16 *system_name,
- [in] samr_ConnectAccessMask access_mask,
- [in,out] uint32 level,
- [in,out,switch_is(level),ref] samr_ConnectInfo *info,
- [out,ref] policy_handle *connect_handle
- );
-
- /************************/
- /* Function 0x41 */
- NTSTATUS samr_RidToSid(
- [in,ref] policy_handle *domain_handle,
- [in] uint32 rid,
- [out,unique] dom_sid2 *sid
- );
-
-
- /************************/
- /* Function 0x42 */
-
- /*
- this should set the DSRM password for the server, which is used
- when booting into Directory Services Recovery Mode on a DC. Win2003
- gives me NT_STATUS_NOT_SUPPORTED
- */
-
- NTSTATUS samr_SetDsrmPassword(
- [in,unique] lsa_String *name,
- [in] uint32 unknown,
- [in,unique] samr_Password *hash
- );
-
-
- /************************/
- /* Function 0x43 */
- /************************/
- typedef [bitmap32bit] bitmap {
- SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET = 0x00000001,
- SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME = 0x00000002,
- SAMR_VALIDATE_FIELD_LOCKOUT_TIME = 0x00000004,
- SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT = 0x00000008,
- SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH = 0x00000010,
- SAMR_VALIDATE_FIELD_PASSWORD_HISTORY = 0x00000020
- } samr_ValidateFieldsPresent;
-
- typedef enum {
- NetValidateAuthentication = 1,
- NetValidatePasswordChange= 2,
- NetValidatePasswordReset = 3
- } samr_ValidatePasswordLevel;
-
- /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't
- * identified the mapping of
- * - NERR_PasswordFilterError
- * - NERR_PasswordExpired and
- * - NERR_PasswordCantChange
- * yet - Guenther
- */
-
- typedef enum {
- SAMR_VALIDATION_STATUS_SUCCESS = 0,
- SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1,
- SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2,
- SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4,
- SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5,
- SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6,
- SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7,
- SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8,
- SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9
- } samr_ValidationStatus;
-
- typedef struct {
- uint32 length;
- [size_is(length)] uint8 *data;
- } samr_ValidationBlob;
-
- typedef struct {
- samr_ValidateFieldsPresent fields_present;
- NTTIME_hyper last_password_change;
- NTTIME_hyper bad_password_time;
- NTTIME_hyper lockout_time;
- uint32 bad_pwd_count;
- uint32 pwd_history_len;
- [size_is(pwd_history_len)] samr_ValidationBlob *pwd_history;
- } samr_ValidatePasswordInfo;
-
- typedef struct {
- samr_ValidatePasswordInfo info;
- samr_ValidationStatus status;
- } samr_ValidatePasswordRepCtr;
-
- typedef [switch_type(uint16)] union {
- [case(1)] samr_ValidatePasswordRepCtr ctr1;
- [case(2)] samr_ValidatePasswordRepCtr ctr2;
- [case(3)] samr_ValidatePasswordRepCtr ctr3;
- } samr_ValidatePasswordRep;
-
- typedef struct {
- samr_ValidatePasswordInfo info;
- lsa_StringLarge password;
- lsa_StringLarge account;
- samr_ValidationBlob hash;
- boolean8 pwd_must_change_at_next_logon;
- boolean8 clear_lockout;
- } samr_ValidatePasswordReq3;
-
- typedef struct {
- samr_ValidatePasswordInfo info;
- lsa_StringLarge password;
- lsa_StringLarge account;
- samr_ValidationBlob hash;
- boolean8 password_matched;
- } samr_ValidatePasswordReq2;
-
- typedef struct {
- samr_ValidatePasswordInfo info;
- boolean8 password_matched;
- } samr_ValidatePasswordReq1;
-
- typedef [switch_type(uint16)] union {
- [case(1)] samr_ValidatePasswordReq1 req1;
- [case(2)] samr_ValidatePasswordReq2 req2;
- [case(3)] samr_ValidatePasswordReq3 req3;
- } samr_ValidatePasswordReq;
-
- NTSTATUS samr_ValidatePassword(
- [in] samr_ValidatePasswordLevel level,
- [in,switch_is(level)] samr_ValidatePasswordReq req,
- [out,unique,switch_is(level)] samr_ValidatePasswordRep *rep
- );
-}
diff --git a/source4/librpc/idl/security.cnf b/source4/librpc/idl/security.cnf
deleted file mode 100644
index 37da8c7423..0000000000
--- a/source4/librpc/idl/security.cnf
+++ /dev/null
@@ -1 +0,0 @@
-NOEMIT
diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl
deleted file mode 100644
index 40aa698176..0000000000
--- a/source4/librpc/idl/security.idl
+++ /dev/null
@@ -1,410 +0,0 @@
-#include "idl_types.h"
-
-/*
- security IDL structures
-*/
-
-import "misc.idl";
-
-/*
- use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really
- just a dom sid, but with the sub_auths represented as a conformant
- array. As with all in-structure conformant arrays, the array length
- is placed before the start of the structure. That's what gives rise
- to the extra num_auths elemenent. We don't want the Samba code to
- have to bother with such esoteric NDR details, so its easier to just
- define it as a dom_sid and use pidl magic to make it all work. It
- just means you need to mark a sid as a "dom_sid2" in the IDL when you
- know it is of the conformant array variety
-*/
-cpp_quote("#define dom_sid2 dom_sid")
-
-/* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */
-cpp_quote("#define dom_sid28 dom_sid")
-
-/* same struct as dom_sid but in a variable byte buffer, which is maybe empty in NDR */
-cpp_quote("#define dom_sid0 dom_sid")
-
-[
- pointer_default(unique)
-]
-interface security
-{
- /*
- access masks are divided up like this:
- 0xabccdddd
- where
- a = generic rights bits SEC_GENERIC_
- b = flags SEC_FLAG_
- c = standard rights bits SEC_STD_
- d = object type specific bits SEC_{FILE,DIR,REG,xxx}_
-
- common combinations of bits are prefixed with SEC_RIGHTS_
- */
- const int SEC_MASK_GENERIC = 0xF0000000;
- const int SEC_MASK_FLAGS = 0x0F000000;
- const int SEC_MASK_STANDARD = 0x00FF0000;
- const int SEC_MASK_SPECIFIC = 0x0000FFFF;
-
- /* generic bits */
- const int SEC_GENERIC_ALL = 0x10000000;
- const int SEC_GENERIC_EXECUTE = 0x20000000;
- const int SEC_GENERIC_WRITE = 0x40000000;
- const int SEC_GENERIC_READ = 0x80000000;
-
- /* flag bits */
- const int SEC_FLAG_SYSTEM_SECURITY = 0x01000000;
- const int SEC_FLAG_MAXIMUM_ALLOWED = 0x02000000;
-
- /* standard bits */
- const int SEC_STD_DELETE = 0x00010000;
- const int SEC_STD_READ_CONTROL = 0x00020000;
- const int SEC_STD_WRITE_DAC = 0x00040000;
- const int SEC_STD_WRITE_OWNER = 0x00080000;
- const int SEC_STD_SYNCHRONIZE = 0x00100000;
- const int SEC_STD_REQUIRED = 0x000F0000;
- const int SEC_STD_ALL = 0x001F0000;
-
- /* file specific bits */
- const int SEC_FILE_READ_DATA = 0x00000001;
- const int SEC_FILE_WRITE_DATA = 0x00000002;
- const int SEC_FILE_APPEND_DATA = 0x00000004;
- const int SEC_FILE_READ_EA = 0x00000008;
- const int SEC_FILE_WRITE_EA = 0x00000010;
- const int SEC_FILE_EXECUTE = 0x00000020;
- const int SEC_FILE_READ_ATTRIBUTE = 0x00000080;
- const int SEC_FILE_WRITE_ATTRIBUTE = 0x00000100;
- const int SEC_FILE_ALL = 0x000001ff;
-
- /* directory specific bits */
- const int SEC_DIR_LIST = 0x00000001;
- const int SEC_DIR_ADD_FILE = 0x00000002;
- const int SEC_DIR_ADD_SUBDIR = 0x00000004;
- const int SEC_DIR_READ_EA = 0x00000008;
- const int SEC_DIR_WRITE_EA = 0x00000010;
- const int SEC_DIR_TRAVERSE = 0x00000020;
- const int SEC_DIR_DELETE_CHILD = 0x00000040;
- const int SEC_DIR_READ_ATTRIBUTE = 0x00000080;
- const int SEC_DIR_WRITE_ATTRIBUTE = 0x00000100;
-
- /* registry entry specific bits */
- const int SEC_REG_QUERY_VALUE = 0x00000001;
- const int SEC_REG_SET_VALUE = 0x00000002;
- const int SEC_REG_CREATE_SUBKEY = 0x00000004;
- const int SEC_REG_ENUM_SUBKEYS = 0x00000008;
- const int SEC_REG_NOTIFY = 0x00000010;
- const int SEC_REG_CREATE_LINK = 0x00000020;
-
- /* ldap specific access bits */
- const int SEC_ADS_CREATE_CHILD = 0x00000001;
- const int SEC_ADS_DELETE_CHILD = 0x00000002;
- const int SEC_ADS_LIST = 0x00000004;
- const int SEC_ADS_SELF_WRITE = 0x00000008;
- const int SEC_ADS_READ_PROP = 0x00000010;
- const int SEC_ADS_WRITE_PROP = 0x00000020;
- const int SEC_ADS_DELETE_TREE = 0x00000040;
- const int SEC_ADS_LIST_OBJECT = 0x00000080;
- const int SEC_ADS_CONTROL_ACCESS = 0x00000100;
-
- /* invalid bits */
- const int SEC_MASK_INVALID = 0x0ce0fe00;
-
- /* generic->specific mappings for files */
- const int SEC_RIGHTS_FILE_READ = SEC_STD_READ_CONTROL |
- SEC_STD_SYNCHRONIZE |
- SEC_FILE_READ_DATA |
- SEC_FILE_READ_ATTRIBUTE |
- SEC_FILE_READ_EA;
-
- const int SEC_RIGHTS_FILE_WRITE = SEC_STD_READ_CONTROL |
- SEC_STD_SYNCHRONIZE |
- SEC_FILE_WRITE_DATA |
- SEC_FILE_WRITE_ATTRIBUTE |
- SEC_FILE_WRITE_EA |
- SEC_FILE_APPEND_DATA;
-
- const int SEC_RIGHTS_FILE_EXECUTE = SEC_STD_SYNCHRONIZE |
- SEC_STD_READ_CONTROL |
- SEC_FILE_READ_ATTRIBUTE |
- SEC_FILE_EXECUTE;
-
- const int SEC_RIGHTS_FILE_ALL = SEC_STD_ALL | SEC_FILE_ALL;
-
- /* generic->specific mappings for directories (same as files) */
- const int SEC_RIGHTS_DIR_READ = SEC_RIGHTS_FILE_READ;
- const int SEC_RIGHTS_DIR_WRITE = SEC_RIGHTS_FILE_WRITE;
- const int SEC_RIGHTS_DIR_EXECUTE = SEC_RIGHTS_FILE_EXECUTE;
- const int SEC_RIGHTS_DIR_ALL = SEC_RIGHTS_FILE_ALL;
-
-
- /***************************************************************/
- /* WELL KNOWN SIDS */
-
- /* a NULL sid */
- const string SID_NULL = "S-1-0-0";
-
- /* the world domain */
- const string NAME_WORLD = "WORLD";
-
- const string SID_WORLD_DOMAIN = "S-1-1";
- const string SID_WORLD = "S-1-1-0";
-
- /* SECURITY_CREATOR_SID_AUTHORITY */
- const string SID_CREATOR_OWNER_DOMAIN = "S-1-3";
- const string SID_CREATOR_OWNER = "S-1-3-0";
- const string SID_CREATOR_GROUP = "S-1-3-1";
- const string SID_OWNER_RIGHTS = "S-1-3-4";
-
- /* SECURITY_NT_AUTHORITY */
- const string NAME_NT_AUTHORITY = "NT AUTHORITY";
-
- const string SID_NT_AUTHORITY = "S-1-5";
- const string SID_NT_DIALUP = "S-1-5-1";
- const string SID_NT_NETWORK = "S-1-5-2";
- const string SID_NT_BATCH = "S-1-5-3";
- const string SID_NT_INTERACTIVE = "S-1-5-4";
- const string SID_NT_SERVICE = "S-1-5-6";
- const string SID_NT_ANONYMOUS = "S-1-5-7";
- const string SID_NT_PROXY = "S-1-5-8";
- const string SID_NT_ENTERPRISE_DCS = "S-1-5-9";
- const string SID_NT_SELF = "S-1-5-10";
- const string SID_NT_AUTHENTICATED_USERS = "S-1-5-11";
- const string SID_NT_RESTRICTED = "S-1-5-12";
- const string SID_NT_TERMINAL_SERVER_USERS = "S-1-5-13";
- const string SID_NT_REMOTE_INTERACTIVE = "S-1-5-14";
- const string SID_NT_THIS_ORGANISATION = "S-1-5-15";
- const string SID_NT_IUSR = "S-1-5-17";
- const string SID_NT_SYSTEM = "S-1-5-18";
- const string SID_NT_LOCAL_SERVICE = "S-1-5-19";
- const string SID_NT_NETWORK_SERVICE = "S-1-5-20";
- const string SID_NT_DIGEST_AUTHENTICATION = "S-1-5-64-21";
- const string SID_NT_NTLM_AUTHENTICATION = "S-1-5-64-10";
- const string SID_NT_SCHANNEL_AUTHENTICATION = "S-1-5-64-14";
- const string SID_NT_OTHER_ORGANISATION = "S-1-5-1000";
-
- /* SECURITY_BUILTIN_DOMAIN_RID */
- const string NAME_BUILTIN = "BUILTIN";
-
- const string SID_BUILTIN = "S-1-5-32";
- const string SID_BUILTIN_ADMINISTRATORS = "S-1-5-32-544";
- const string SID_BUILTIN_USERS = "S-1-5-32-545";
- const string SID_BUILTIN_GUESTS = "S-1-5-32-546";
- const string SID_BUILTIN_POWER_USERS = "S-1-5-32-547";
- const string SID_BUILTIN_ACCOUNT_OPERATORS = "S-1-5-32-548";
- const string SID_BUILTIN_SERVER_OPERATORS = "S-1-5-32-549";
- const string SID_BUILTIN_PRINT_OPERATORS = "S-1-5-32-550";
- const string SID_BUILTIN_BACKUP_OPERATORS = "S-1-5-32-551";
- const string SID_BUILTIN_REPLICATOR = "S-1-5-32-552";
- const string SID_BUILTIN_RAS_SERVERS = "S-1-5-32-553";
- const string SID_BUILTIN_PREW2K = "S-1-5-32-554";
-
- /* well-known domain RIDs */
- const int DOMAIN_RID_LOGON = 9;
- const int DOMAIN_RID_ADMINISTRATOR = 500;
- const int DOMAIN_RID_GUEST = 501;
- const int DOMAIN_RID_ADMINS = 512;
- const int DOMAIN_RID_USERS = 513;
- const int DOMAIN_RID_DOMAIN_MEMBERS = 515;
- const int DOMAIN_RID_DCS = 516;
- const int DOMAIN_RID_CERT_ADMINS = 517;
- const int DOMAIN_RID_SCHEMA_ADMINS = 518;
- const int DOMAIN_RID_ENTERPRISE_ADMINS = 519;
-
-
- /*
- privilege IDs. Please keep the IDs below 64. If we get more
- than 64 then we need to change security_token
- */
- typedef enum {
- SEC_PRIV_SECURITY = 1,
- SEC_PRIV_BACKUP = 2,
- SEC_PRIV_RESTORE = 3,
- SEC_PRIV_SYSTEMTIME = 4,
- SEC_PRIV_SHUTDOWN = 5,
- SEC_PRIV_REMOTE_SHUTDOWN = 6,
- SEC_PRIV_TAKE_OWNERSHIP = 7,
- SEC_PRIV_DEBUG = 8,
- SEC_PRIV_SYSTEM_ENVIRONMENT = 9,
- SEC_PRIV_SYSTEM_PROFILE = 10,
- SEC_PRIV_PROFILE_SINGLE_PROCESS = 11,
- SEC_PRIV_INCREASE_BASE_PRIORITY = 12,
- SEC_PRIV_LOAD_DRIVER = 13,
- SEC_PRIV_CREATE_PAGEFILE = 14,
- SEC_PRIV_INCREASE_QUOTA = 15,
- SEC_PRIV_CHANGE_NOTIFY = 16,
- SEC_PRIV_UNDOCK = 17,
- SEC_PRIV_MANAGE_VOLUME = 18,
- SEC_PRIV_IMPERSONATE = 19,
- SEC_PRIV_CREATE_GLOBAL = 20,
- SEC_PRIV_ENABLE_DELEGATION = 21,
- SEC_PRIV_INTERACTIVE_LOGON = 22,
- SEC_PRIV_NETWORK_LOGON = 23,
- SEC_PRIV_REMOTE_INTERACTIVE_LOGON = 24
- } sec_privilege;
-
-
- /* a domain SID. Note that unlike Samba3 this contains a pointer,
- so you can't copy them using assignment */
- typedef [public,gensize,noprint,noejs,nosize] struct {
- uint8 sid_rev_num; /**< SID revision number */
- [range(0,15)] int8 num_auths; /**< Number of sub-authorities */
- uint8 id_auth[6]; /**< Identifier Authority */
- uint32 sub_auths[num_auths];
- } dom_sid;
-
- /* id used to identify a endpoint, possibly in a cluster */
- typedef [public] struct {
- hyper id;
- uint32 id2;
- uint32 node;
- } server_id;
-
- typedef [bitmap8bit] bitmap {
- SEC_ACE_FLAG_OBJECT_INHERIT = 0x01,
- SEC_ACE_FLAG_CONTAINER_INHERIT = 0x02,
- SEC_ACE_FLAG_NO_PROPAGATE_INHERIT = 0x04,
- SEC_ACE_FLAG_INHERIT_ONLY = 0x08,
- SEC_ACE_FLAG_INHERITED_ACE = 0x10,
- SEC_ACE_FLAG_VALID_INHERIT = 0x0f,
- SEC_ACE_FLAG_SUCCESSFUL_ACCESS = 0x40,
- SEC_ACE_FLAG_FAILED_ACCESS = 0x80
- } security_ace_flags;
-
- typedef [enum8bit] enum {
- SEC_ACE_TYPE_ACCESS_ALLOWED = 0,
- SEC_ACE_TYPE_ACCESS_DENIED = 1,
- SEC_ACE_TYPE_SYSTEM_AUDIT = 2,
- SEC_ACE_TYPE_SYSTEM_ALARM = 3,
- SEC_ACE_TYPE_ALLOWED_COMPOUND = 4,
- SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT = 5,
- SEC_ACE_TYPE_ACCESS_DENIED_OBJECT = 6,
- SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT = 7,
- SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT = 8
- } security_ace_type;
-
- typedef [bitmap32bit] bitmap {
- SEC_ACE_OBJECT_TYPE_PRESENT = 0x00000001,
- SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT = 0x00000002
- } security_ace_object_flags;
-
- typedef [nodiscriminant] union {
- /* this is the 'schemaIDGUID' attribute of the attribute object in the schema naming context */
- [case(SEC_ACE_OBJECT_TYPE_PRESENT)] GUID type;
- [default];
- } security_ace_object_type;
-
- typedef [nodiscriminant] union {
- /* this is the 'schemaIDGUID' attribute of the objectclass object in the schema naming context
- * (of the parent container)
- */
- [case(SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT)] GUID inherited_type;
- [default];
- } security_ace_object_inherited_type;
-
- typedef struct {
- security_ace_object_flags flags;
- [switch_is(flags & SEC_ACE_OBJECT_TYPE_PRESENT)] security_ace_object_type type;
- [switch_is(flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT)] security_ace_object_inherited_type inherited_type;
- } security_ace_object;
-
- typedef [nodiscriminant] union {
- [case(SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT)] security_ace_object object;
- [case(SEC_ACE_TYPE_ACCESS_DENIED_OBJECT)] security_ace_object object;
- [case(SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT)] security_ace_object object;
- [case(SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT)] security_ace_object object;
- [default];
- } security_ace_object_ctr;
-
- typedef [public,gensize,nosize] struct {
- security_ace_type type; /* SEC_ACE_TYPE_* */
- security_ace_flags flags; /* SEC_ACE_FLAG_* */
- [value(ndr_size_security_ace(r,ndr->flags))] uint16 size;
- uint32 access_mask;
- [switch_is(type)] security_ace_object_ctr object;
- dom_sid trustee;
- } security_ace;
-
- typedef enum {
- SECURITY_ACL_REVISION_NT4 = 2,
- SECURITY_ACL_REVISION_ADS = 4
- } security_acl_revision;
-
- const uint NT4_ACL_REVISION = SECURITY_ACL_REVISION_NT4;
-
- typedef [public,gensize,nosize] struct {
- security_acl_revision revision;
- [value(ndr_size_security_acl(r,ndr->flags))] uint16 size;
- [range(0,1000)] uint32 num_aces;
- security_ace aces[num_aces];
- } security_acl;
-
- /* default revision for new ACLs */
- typedef [enum8bit] enum {
- SECURITY_DESCRIPTOR_REVISION_1 = 1
- } security_descriptor_revision;
-
- const int SD_REVISION = SECURITY_DESCRIPTOR_REVISION_1;
-
- /* security_descriptor->type bits */
- typedef [bitmap16bit] bitmap {
- SEC_DESC_OWNER_DEFAULTED = 0x0001,
- SEC_DESC_GROUP_DEFAULTED = 0x0002,
- SEC_DESC_DACL_PRESENT = 0x0004,
- SEC_DESC_DACL_DEFAULTED = 0x0008,
- SEC_DESC_SACL_PRESENT = 0x0010,
- SEC_DESC_SACL_DEFAULTED = 0x0020,
- SEC_DESC_DACL_TRUSTED = 0x0040,
- SEC_DESC_SERVER_SECURITY = 0x0080,
- SEC_DESC_DACL_AUTO_INHERIT_REQ = 0x0100,
- SEC_DESC_SACL_AUTO_INHERIT_REQ = 0x0200,
- SEC_DESC_DACL_AUTO_INHERITED = 0x0400,
- SEC_DESC_SACL_AUTO_INHERITED = 0x0800,
- SEC_DESC_DACL_PROTECTED = 0x1000,
- SEC_DESC_SACL_PROTECTED = 0x2000,
- SEC_DESC_RM_CONTROL_VALID = 0x4000,
- SEC_DESC_SELF_RELATIVE = 0x8000
- } security_descriptor_type;
-
- typedef [gensize,nosize,public,flag(NDR_LITTLE_ENDIAN)] struct {
- security_descriptor_revision revision;
- security_descriptor_type type; /* SEC_DESC_xxxx flags */
- [relative] dom_sid *owner_sid;
- [relative] dom_sid *group_sid;
- [relative] security_acl *sacl; /* system ACL */
- [relative] security_acl *dacl; /* user (discretionary) ACL */
- } security_descriptor;
-
- typedef [public] struct {
- [range(0,0x40000),value(ndr_size_security_descriptor(sd,ndr->flags))] uint32 sd_size;
- [subcontext(4)] security_descriptor *sd;
- } sec_desc_buf;
-
- typedef [public] struct {
- dom_sid *user_sid;
- dom_sid *group_sid;
- uint32 num_sids;
- [size_is(num_sids)] dom_sid *sids[*];
- udlong privilege_mask;
- } security_token;
-
- /* bits that determine which parts of a security descriptor
- are being queried/set */
- typedef [public,bitmap32bit] bitmap {
- SECINFO_OWNER = 0x00000001,
- SECINFO_GROUP = 0x00000002,
- SECINFO_DACL = 0x00000004,
- SECINFO_SACL = 0x00000008,
- SECINFO_UNPROTECTED_SACL = 0x10000000,
- SECINFO_UNPROTECTED_DACL = 0x20000000,
- SECINFO_PROTECTED_SACL = 0x40000000,
- SECINFO_PROTECTED_DACL = 0x80000000
- } security_secinfo;
-
- typedef [public,bitmap32bit] bitmap {
- KERB_ENCTYPE_DES_CBC_CRC = 0x00000001,
- KERB_ENCTYPE_DES_CBC_MD5 = 0x00000002,
- KERB_ENCTYPE_RC4_HMAC_MD5 = 0x00000004,
- KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 = 0x00000008,
- KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 = 0x00000010
- } kerb_EncTypes;
-}
diff --git a/source4/librpc/ndr/ndr_sec_helper.c b/source4/librpc/ndr/ndr_dom_sid.c
index 1256d7dd2d..b986231b4f 100644
--- a/source4/librpc/ndr/ndr_sec_helper.c
+++ b/source4/librpc/ndr/ndr_dom_sid.c
@@ -4,6 +4,7 @@
fast routines for getting the wire size of security objects
Copyright (C) Andrew Tridgell 2003
+ Copyright (C) Stefan Metzmacher 2006-2008
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -54,68 +55,6 @@ size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags)
}
/*
- return the wire size of a security_ace
-*/
-size_t ndr_size_security_ace(const struct security_ace *ace, int flags)
-{
- size_t ret;
-
- if (!ace) return 0;
-
- ret = 8 + ndr_size_dom_sid(&ace->trustee, flags);
-
- switch (ace->type) {
- case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
- case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
- case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
- case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
- ret += 4; /* uint32 bitmap ace->object.object.flags */
- if (ace->object.object.flags & SEC_ACE_OBJECT_TYPE_PRESENT) {
- ret += 16; /* GUID ace->object.object.type.type */
- }
- if (ace->object.object.flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) {
- ret += 16; /* GUID ace->object.object.inherited_typeinherited_type */
- }
- break;
- default:
- break;
- }
-
- return ret;
-}
-
-/*
- return the wire size of a security_acl
-*/
-size_t ndr_size_security_acl(const struct security_acl *acl, int flags)
-{
- size_t ret;
- int i;
- if (!acl) return 0;
- ret = 8;
- for (i=0;i<acl->num_aces;i++) {
- ret += ndr_size_security_ace(&acl->aces[i], flags);
- }
- return ret;
-}
-
-/*
- return the wire size of a security descriptor
-*/
-size_t ndr_size_security_descriptor(const struct security_descriptor *sd, int flags)
-{
- size_t ret;
- if (!sd) return 0;
-
- ret = 20;
- ret += ndr_size_dom_sid(sd->owner_sid, flags);
- ret += ndr_size_dom_sid(sd->group_sid, flags);
- ret += ndr_size_security_acl(sd->dacl, flags);
- ret += ndr_size_security_acl(sd->sacl, flags);
- return ret;
-}
-
-/*
print a dom_sid
*/
void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)