samr.idl

samba最新软件

#include "idl_types.h"

/*
  samr interface definition
*/
import "misc.idl", "lsa.idl", "security.idl";

/*
  Thanks to Todd Sabin for some information from his samr.idl in acltools
*/

[ uuid("12345778-1234-abcd-ef00-0123456789ac"),
  version(1.0),
  endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
  pointer_default(unique)
] interface samr
{
	typedef bitmap security_secinfo security_secinfo;

	/* account control (acct_flags) bits */
	typedef [public,bitmap32bit] bitmap {
		ACB_DISABLED			= 0x00000001,  /* 1 = User account disabled */
		ACB_HOMDIRREQ			= 0x00000002,  /* 1 = Home directory required */
		ACB_PWNOTREQ			= 0x00000004,  /* 1 = User password not required */
		ACB_TEMPDUP			= 0x00000008,  /* 1 = Temporary duplicate account */
		ACB_NORMAL			= 0x00000010,  /* 1 = Normal user account */
		ACB_MNS				= 0x00000020,  /* 1 = MNS logon user account */
		ACB_DOMTRUST			= 0x00000040,  /* 1 = Interdomain trust account */
		ACB_WSTRUST			= 0x00000080,  /* 1 = Workstation trust account */
		ACB_SVRTRUST			= 0x00000100,  /* 1 = Server trust account */
		ACB_PWNOEXP			= 0x00000200,  /* 1 = User password does not expire */
		ACB_AUTOLOCK			= 0x00000400,  /* 1 = Account auto locked */
		ACB_ENC_TXT_PWD_ALLOWED		= 0x00000800,  /* 1 = Encryped text password is allowed */
		ACB_SMARTCARD_REQUIRED		= 0x00001000,  /* 1 = Smart Card required */
		ACB_TRUSTED_FOR_DELEGATION	= 0x00002000,  /* 1 = Trusted for Delegation */
		ACB_NOT_DELEGATED		= 0x00004000,  /* 1 = Not delegated */
		ACB_USE_DES_KEY_ONLY		= 0x00008000,  /* 1 = Use DES key only */
		ACB_DONT_REQUIRE_PREAUTH	= 0x00010000,  /* 1 = Preauth not required */
		ACB_PW_EXPIRED                  = 0x00020000,  /* 1 = Password Expired */
		ACB_NO_AUTH_DATA_REQD		= 0x00080000   /* 1 = No authorization data required */
	} samr_AcctFlags;

	typedef [bitmap32bit] bitmap {
		SAMR_ACCESS_CONNECT_TO_SERVER   = 0x00000001,
		SAMR_ACCESS_SHUTDOWN_SERVER     = 0x00000002,
		SAMR_ACCESS_INITIALIZE_SERVER   = 0x00000004,
		SAMR_ACCESS_CREATE_DOMAIN       = 0x00000008,
		SAMR_ACCESS_ENUM_DOMAINS        = 0x00000010,
		SAMR_ACCESS_OPEN_DOMAIN         = 0x00000020
	} samr_ConnectAccessMask;

	typedef [bitmap32bit] bitmap {
		SAMR_USER_ACCESS_GET_NAME_ETC             = 0x00000001,
		SAMR_USER_ACCESS_GET_LOCALE               = 0x00000002,
		SAMR_USER_ACCESS_SET_LOC_COM              = 0x00000004,
		SAMR_USER_ACCESS_GET_LOGONINFO            = 0x00000008,
		SAMR_USER_ACCESS_GET_ATTRIBUTES           = 0x00000010,
		SAMR_USER_ACCESS_SET_ATTRIBUTES           = 0x00000020,
		SAMR_USER_ACCESS_CHANGE_PASSWORD          = 0x00000040,
		SAMR_USER_ACCESS_SET_PASSWORD             = 0x00000080,
		SAMR_USER_ACCESS_GET_GROUPS               = 0x00000100,
		SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP     = 0x00000200,
		SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP  = 0x00000400
	} samr_UserAccessMask;

	typedef [bitmap32bit] bitmap {
		SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1  = 0x00000001,
		SAMR_DOMAIN_ACCESS_SET_INFO_1     = 0x00000002,
		SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2  = 0x00000004,
		SAMR_DOMAIN_ACCESS_SET_INFO_2     = 0x00000008,
		SAMR_DOMAIN_ACCESS_CREATE_USER    = 0x00000010,
		SAMR_DOMAIN_ACCESS_CREATE_GROUP   = 0x00000020,
		SAMR_DOMAIN_ACCESS_CREATE_ALIAS   = 0x00000040,
		SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS   = 0x00000080,
		SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS  = 0x00000100,
		SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT   = 0x00000200,
		SAMR_DOMAIN_ACCESS_SET_INFO_3     = 0x00000400
	} samr_DomainAccessMask;

	typedef [bitmap32bit] bitmap {
		SAMR_GROUP_ACCESS_LOOKUP_INFO     = 0x00000001,
		SAMR_GROUP_ACCESS_SET_INFO        = 0x00000002,
		SAMR_GROUP_ACCESS_ADD_MEMBER      = 0x00000004,
		SAMR_GROUP_ACCESS_REMOVE_MEMBER   = 0x00000008,
		SAMR_GROUP_ACCESS_GET_MEMBERS     = 0x00000010
	} samr_GroupAccessMask;

	typedef [bitmap32bit] bitmap {
		SAMR_ALIAS_ACCESS_ADD_MEMBER      = 0x00000001,
		SAMR_ALIAS_ACCESS_REMOVE_MEMBER   = 0x00000002,
		SAMR_ALIAS_ACCESS_GET_MEMBERS     = 0x00000004,
		SAMR_ALIAS_ACCESS_LOOKUP_INFO     = 0x00000008,
		SAMR_ALIAS_ACCESS_SET_INFO        = 0x00000010
	} samr_AliasAccessMask;

	/******************/
	/* Function: 0x00 */
	NTSTATUS samr_Connect (
		/* notice the lack of [string] */
		[in,unique] uint16 *system_name,
		[in]       samr_ConnectAccessMask access_mask,
		[out,ref]  policy_handle *connect_handle
		);


	/******************/
	/* Function: 0x01 */
	[public] NTSTATUS samr_Close (
		[in,out,ref]  policy_handle *handle
		);

	/******************/
	/* Function: 0x02 */

	NTSTATUS samr_SetSecurity (
		[in,ref]          policy_handle *handle,
		[in]              security_secinfo sec_info,
		[in,ref]          sec_desc_buf *sdbuf
		);

	/******************/
	/* Function: 0x03 */

	NTSTATUS samr_QuerySecurity (
		[in,ref]          policy_handle *handle,
		[in]              security_secinfo sec_info,
		[out,unique]      sec_desc_buf *sdbuf
		);

	/******************/
	/* Function: 0x04 */

	/*
	  shutdown the SAM - once you call this the SAM will be dead
	*/
	NTSTATUS samr_Shutdown (
		[in,ref]   policy_handle *connect_handle
		);

	/******************/
	/* Function: 0x05 */
	NTSTATUS samr_LookupDomain (
		[in,ref]  policy_handle *connect_handle,		
		[in,ref]  lsa_String *domain_name,
		[out,unique] dom_sid2 *sid
		);


	/******************/
	/* Function: 0x06 */

	typedef struct {
		uint32 idx;
		lsa_String name;
	} samr_SamEntry;

	typedef struct {
		uint32 count;
		[size_is(count)] samr_SamEntry *entries;
	} samr_SamArray;

	NTSTATUS samr_EnumDomains (
		[in,ref]      policy_handle *connect_handle,
		[in,out,ref]  uint32 *resume_handle,
		[in]          uint32 buf_size,
		[out,unique]  samr_SamArray *sam,
		[out]         uint32 num_entries
		);


	/************************/
	/* Function    0x07     */
	[public] NTSTATUS samr_OpenDomain(
		[in,ref]      policy_handle *connect_handle,
		[in]          samr_DomainAccessMask access_mask,
		[in,ref]      dom_sid2 *sid,
		[out,ref]     policy_handle *domain_handle
		);

	/************************/
	/* Function    0x08     */
	/* server roles */
	typedef [v1_enum] enum {
		SAMR_ROLE_STANDALONE    = 0,
		SAMR_ROLE_DOMAIN_MEMBER = 1,
		SAMR_ROLE_DOMAIN_BDC    = 2,
		SAMR_ROLE_DOMAIN_PDC    = 3
	} samr_Role;

	/* password properties flags */
	typedef [public,bitmap32bit] bitmap {
		DOMAIN_PASSWORD_COMPLEX		= 0x00000001,
		DOMAIN_PASSWORD_NO_ANON_CHANGE  = 0x00000002,
		DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004,
		DOMAIN_PASSWORD_LOCKOUT_ADMINS  = 0x00000008,
		DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010,
		DOMAIN_REFUSE_PASSWORD_CHANGE   = 0x00000020
	} samr_PasswordProperties;

	typedef struct {
		uint16 min_password_length;
		uint16 password_history_length;
		samr_PasswordProperties password_properties;
		/* yes, these are signed. They are in negative 100ns */
		dlong  max_password_age;
		dlong  min_password_age;
	} samr_DomInfo1;

	typedef struct {
		NTTIME force_logoff_time;
		lsa_String comment;
		lsa_String domain_name;
		lsa_String primary; /* PDC name if this is a BDC */
		udlong sequence_num;
		uint32 unknown2;
		samr_Role role;
		uint32 unknown3;
		uint32 num_users;
		uint32 num_groups;
		uint32 num_aliases;
	} samr_DomInfo2;

	typedef struct {
		NTTIME force_logoff_time;
	} samr_DomInfo3;

	typedef struct {
		lsa_String comment;
	} samr_DomInfo4;

	typedef struct {
		lsa_String domain_name;
	} samr_DomInfo5;

	typedef struct {
		lsa_String primary;
	} samr_DomInfo6;

	typedef struct {
		samr_Role role;
	} samr_DomInfo7;

	typedef struct {
		hyper sequence_num;
		NTTIME domain_create_time;
	} samr_DomInfo8;

	typedef struct {
		uint32 unknown; /* w2k3 returns 1 */
	} samr_DomInfo9;

	typedef struct {
		samr_DomInfo2 info2;
		hyper lockout_duration;
		hyper lockout_window;
		uint16 lockout_threshold;
	} samr_DomInfo11;

	typedef struct {
		hyper lockout_duration;
		hyper lockout_window;
		uint16 lockout_threshold;
	} samr_DomInfo12;

	typedef struct {
		hyper sequence_num;
		NTTIME domain_create_time;
		uint32 unknown1;
		uint32 unknown2;
	} samr_DomInfo13;

	typedef [switch_type(uint16)] union {
		[case(1)] samr_DomInfo1 info1;
		[case(2)] samr_DomInfo2 info2;
		[case(3)] samr_DomInfo3 info3;
		[case(4)] samr_DomInfo4 info4;
		[case(5)] samr_DomInfo5 info5;
		[case(6)] samr_DomInfo6 info6;
		[case(7)] samr_DomInfo7 info7;
		[case(8)] samr_DomInfo8 info8;
		[case(9)] samr_DomInfo9 info9;
		[case(11)] samr_DomInfo11 info11;
		[case(12)] samr_DomInfo12 info12;
		[case(13)] samr_DomInfo13 info13;
	} samr_DomainInfo;

	NTSTATUS samr_QueryDomainInfo(
		[in,ref]      policy_handle *domain_handle,
		[in]          uint16 level,
		[out,switch_is(level),unique] samr_DomainInfo *info
		);

	/************************/
	/* Function    0x09     */
	/*
	  only levels 1, 3, 4, 6, 7, 9, 12 are valid for this 
	  call in w2k3
	*/
	NTSTATUS samr_SetDomainInfo(
		[in,ref]      policy_handle *domain_handle,
		[in]          uint16 level,
		[in,switch_is(level),ref] samr_DomainInfo *info
		);


	/************************/
	/* Function    0x0a     */
	NTSTATUS samr_CreateDomainGroup(
		[in,ref]      policy_handle *domain_handle,
		[in,ref]      lsa_String *name,
		[in]          samr_GroupAccessMask access_mask,
		[out,ref]     policy_handle *group_handle,
		[out,ref]     uint32 *rid
		);
		

	/************************/
	/* Function    0x0b     */
	NTSTATUS samr_EnumDomainGroups(
		[in,ref]      policy_handle *domain_handle,
		[in,out,ref]  uint32 *resume_handle,
		[in]          uint32 max_size,
		[out,unique]  samr_SamArray *sam,
		[out]         uint32 num_entries
		);

	/************************/
	/* Function    0x0c     */
	NTSTATUS samr_CreateUser(
		[in,ref]      policy_handle *domain_handle,
		[in,ref]      lsa_String *account_name,
		[in]          samr_UserAccessMask access_mask,
		[out,ref]     policy_handle *user_handle,
		[out,ref]     uint32 *rid
		);

	/************************/
	/* Function    0x0d     */


	/* w2k3 treats max_size as max_users*54 and sets the
	   resume_handle as the rid of the last user sent
	*/
	const int SAMR_ENUM_USERS_MULTIPLIER = 54;

	NTSTATUS samr_EnumDomainUsers(
		[in,ref]      policy_handle *domain_handle,
		[in,out,ref]  uint32 *resume_handle,
		[in]          samr_AcctFlags acct_flags,
		[in]          uint32 max_size,
		[out,unique]  samr_SamArray *sam,
		[out]         uint32 num_entries
		);

	/************************/
	/* Function    0x0e     */
	NTSTATUS samr_CreateDomAlias(
		[in,ref]      policy_handle *domain_handle,
		[in,ref]      lsa_String   *alias_name,
		[in]          samr_AliasAccessMask access_mask,
		[out,ref]     policy_handle *alias_handle,
		[out,ref]     uint32        *rid
		);

	/************************/
	/* Function    0x0f     */
	NTSTATUS samr_EnumDomainAliases(
		[in,ref]      policy_handle *domain_handle,
		[in,out,ref]  uint32 *resume_handle,
		[in]          samr_AcctFlags acct_flags,
		[out,unique]  samr_SamArray *sam,
		[out]         uint32 num_entries
		);

	/************************/
	/* Function    0x10     */

	typedef struct {
		[range(0,1024)]  uint32 count;
		[size_is(count)] uint32 *ids;
	} samr_Ids;

	NTSTATUS samr_GetAliasMembership(
		[in,ref]      policy_handle *domain_handle,
		[in,ref]      lsa_SidArray  *sids,
		[out,ref]     samr_Ids *rids
		);

	/************************/
	/* Function    0x11     */

	[public] NTSTATUS samr_LookupNames(
		[in,ref]      policy_handle *domain_handle,
		[in,range(0,1000)] uint32 num_names,
		[in,size_is(1000),length_is(num_names)] lsa_String names[],
		[out]         samr_Ids rids,
		[out]         samr_Ids types
		);


	/************************/
	/* Function    0x12     */
	NTSTATUS samr_LookupRids(
		[in,ref]      policy_handle *domain_handle,
		[in,range(0,1000)] uint32 num_rids,
		[in,size_is(1000),length_is(num_rids)] uint32 rids[],
		[out]         lsa_Strings names,
		[out]         samr_Ids types
		);

	/************************/
	/* Function    0x13     */
	NTSTATUS samr_OpenGroup(
		[in,ref]      policy_handle *domain_handle,
		[in]          samr_GroupAccessMask access_mask,
		[in]          uint32 rid,
		[out,ref]     policy_handle *group_handle
		);

	/* Group attributes */
	typedef [public,bitmap32bit] bitmap {
		SE_GROUP_MANDATORY		= 0x00000001,
		SE_GROUP_ENABLED_BY_DEFAULT 	= 0x00000002,
		SE_GROUP_ENABLED 		= 0x00000004,
		SE_GROUP_OWNER 			= 0x00000008,
		SE_GROUP_USE_FOR_DENY_ONLY 	= 0x00000010,
		SE_GROUP_RESOURCE 		= 0x20000000,
		SE_GROUP_LOGON_ID 		= 0xC0000000
	} samr_GroupAttrs;

	/************************/
	/* Function    0x14     */

	typedef struct {
		lsa_String name;
		samr_GroupAttrs attributes;
		uint32 num_members;
		lsa_String description;
	} samr_GroupInfoAll;

	typedef struct {
		samr_GroupAttrs attributes;
	} samr_GroupInfoAttributes;

	typedef struct {
		lsa_String description;
	} samr_GroupInfoDescription;

	typedef enum {
		GROUPINFOALL          = 1,
		GROUPINFONAME         = 2,
		GROUPINFOATTRIBUTES   = 3,
		GROUPINFODESCRIPTION  = 4,
		GROUPINFOALL2         = 5
	} samr_GroupInfoEnum;

	typedef [switch_type(samr_GroupInfoEnum)] union {
		[case(GROUPINFOALL)]         samr_GroupInfoAll        all;
		[case(GROUPINFONAME)]        lsa_String               name;
		[case(GROUPINFOATTRIBUTES)]  samr_GroupInfoAttributes attributes;
		[case(GROUPINFODESCRIPTION)] lsa_String               description;
		[case(GROUPINFOALL2)]        samr_GroupInfoAll        all2;
	} samr_GroupInfo;

	NTSTATUS samr_QueryGroupInfo(
		[in,ref]                  policy_handle *group_handle,
		[in]                      samr_GroupInfoEnum level,
		[out,switch_is(level),unique] samr_GroupInfo *info
		);