samr.idl

samba最新软件

		lsa_String account_name;
		lsa_String description;
	} samr_DispEntryFull;

	typedef struct {
		uint32 count;
		[size_is(count)] samr_DispEntryFull *entries;
	} samr_DispInfoFull;

	typedef struct {
		uint32    idx;
		uint32    rid;
		samr_GroupAttrs acct_flags;
		lsa_String account_name;
		lsa_String description;
	} samr_DispEntryFullGroup;

	typedef struct {
		uint32 count;
		[size_is(count)] samr_DispEntryFullGroup *entries;
	} samr_DispInfoFullGroups;

	typedef struct {
		uint32    idx;
		lsa_AsciiStringLarge account_name;
	} samr_DispEntryAscii;

	typedef struct {
		uint32 count;
		[size_is(count)] samr_DispEntryAscii *entries;
	} samr_DispInfoAscii;

	typedef [switch_type(uint16)] union {
		[case(1)] samr_DispInfoGeneral info1;/* users */
		[case(2)] samr_DispInfoFull info2; /* trust accounts? */
		[case(3)] samr_DispInfoFullGroups info3; /* groups */
		[case(4)] samr_DispInfoAscii info4; /* users */
		[case(5)] samr_DispInfoAscii info5; /* groups */
	} samr_DispInfo;

	NTSTATUS samr_QueryDisplayInfo(
		[in,ref]    policy_handle *domain_handle,
		[in]        uint16 level,
		[in]        uint32 start_idx,
		[in]        uint32 max_entries,
		[in]        uint32 buf_size,
		[out]       uint32 total_size,
		[out]       uint32 returned_size,
		[out,switch_is(level)] samr_DispInfo info
		);


	/************************/
	/* Function    0x29     */

	/*
	  this seems to be an alphabetic search function. The returned index
	  is the index for samr_QueryDisplayInfo needed to get names occurring
	  after the specified name. The supplied name does not need to exist
	  in the database (for example you can supply just a first letter for 
	  searching starting at that letter)

	  The level corresponds to the samr_QueryDisplayInfo level
	*/
	NTSTATUS samr_GetDisplayEnumerationIndex(
		[in,ref]    policy_handle *domain_handle,
		[in]        uint16 level,
		[in]        lsa_String name,
		[out]       uint32 idx
		);



	/************************/
	/* Function    0x2a     */

	/*
	  w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
	*/
	NTSTATUS samr_TestPrivateFunctionsDomain(
		[in,ref]    policy_handle *domain_handle
		);


	/************************/
	/* Function    0x2b     */

	/*
	  w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this
	*/
	NTSTATUS samr_TestPrivateFunctionsUser(
		[in,ref]    policy_handle *user_handle
		);


	/************************/
	/* Function    0x2c     */

	typedef struct {
		uint16 min_password_length;
		samr_PasswordProperties password_properties;
	} samr_PwInfo;

	[public] NTSTATUS samr_GetUserPwInfo(
		[in,ref]    policy_handle *user_handle,
		[out]       samr_PwInfo info
		);

	/************************/
	/* Function    0x2d     */
	NTSTATUS samr_RemoveMemberFromForeignDomain(
		[in,ref]    policy_handle *domain_handle,
		[in,ref]    dom_sid2 *sid
		);

	/************************/
	/* Function    0x2e     */

	/*
	  how is this different from QueryDomainInfo ??
	*/
	NTSTATUS samr_QueryDomainInfo2(
		[in,ref]      policy_handle *domain_handle,
		[in]          uint16 level,
		[out,unique,switch_is(level)] samr_DomainInfo *info
		);

	/************************/
	/* Function    0x2f     */

	/*
	  how is this different from QueryUserInfo ??
	*/
	NTSTATUS samr_QueryUserInfo2(
		[in,ref]                  policy_handle *user_handle,
		[in]                      uint16 level,
		[out,unique,switch_is(level)]    samr_UserInfo *info
		);

	/************************/
	/* Function    0x30     */

	/*
	  how is this different from QueryDisplayInfo??
	*/
	NTSTATUS samr_QueryDisplayInfo2(
		[in,ref]    policy_handle *domain_handle,
		[in]        uint16 level,
		[in]        uint32 start_idx,
		[in]        uint32 max_entries,
		[in]        uint32 buf_size,
		[out]       uint32 total_size,
		[out]       uint32 returned_size,
		[out,switch_is(level)] samr_DispInfo info
		);

	/************************/
	/* Function    0x31     */

	/*
	  how is this different from GetDisplayEnumerationIndex ??
	*/
	NTSTATUS samr_GetDisplayEnumerationIndex2(
		[in,ref]    policy_handle *domain_handle,
		[in]        uint16 level,
		[in]        lsa_String name,
		[out]       uint32 idx
		);


	/************************/
	/* Function    0x32     */
	NTSTATUS samr_CreateUser2(
		[in,ref]      policy_handle *domain_handle,
		[in,ref]      lsa_String *account_name,
		[in]          samr_AcctFlags acct_flags,
		[in]          samr_UserAccessMask access_mask,
		[out,ref]     policy_handle *user_handle,
		[out,ref]     uint32 *access_granted,
		[out,ref]     uint32 *rid
		);


	/************************/
	/* Function    0x33     */

	/*
	  another duplicate. There must be a reason ....
	*/
	NTSTATUS samr_QueryDisplayInfo3(
		[in,ref]    policy_handle *domain_handle,
		[in]        uint16 level,
		[in]        uint32 start_idx,
		[in]        uint32 max_entries,
		[in]        uint32 buf_size,
		[out]       uint32 total_size,
		[out]       uint32 returned_size,
		[out,switch_is(level)] samr_DispInfo info
		);

	/************************/
	/* Function    0x34     */
	NTSTATUS samr_AddMultipleMembersToAlias(
		[in,ref]    policy_handle *alias_handle,
		[in,ref]    lsa_SidArray *sids
		);

	/************************/
	/* Function    0x35     */
	NTSTATUS samr_RemoveMultipleMembersFromAlias(
		[in,ref]    policy_handle *alias_handle,
		[in,ref]    lsa_SidArray *sids
		);

	/************************/
	/* Function    0x36     */

	NTSTATUS samr_OemChangePasswordUser2(
		[in,unique]       lsa_AsciiString *server,
		[in,ref]          lsa_AsciiString *account,
		[in,unique]       samr_CryptPassword *password,
		[in,unique]       samr_Password *hash
		);

	/************************/
	/* Function    0x37     */
	NTSTATUS samr_ChangePasswordUser2(
		[in,unique]       lsa_String *server,
		[in,ref]          lsa_String *account,
		[in,unique]       samr_CryptPassword *nt_password,
		[in,unique]       samr_Password *nt_verifier,
		[in]              boolean8 lm_change,
		[in,unique]       samr_CryptPassword *lm_password,
		[in,unique]       samr_Password *lm_verifier
		);

	/************************/
	/* Function    0x38     */
	NTSTATUS samr_GetDomPwInfo(
		[in,unique] lsa_String *domain_name,
		[out]       samr_PwInfo info
		);

	/************************/
	/* Function    0x39     */
	NTSTATUS samr_Connect2(
		[in,unique,string,charset(UTF16)] uint16 *system_name,
		[in] samr_ConnectAccessMask access_mask,
		[out,ref]  policy_handle *connect_handle
		);

	/************************/
	/* Function    0x3a     */
	/*
	  seems to be an exact alias for samr_SetUserInfo() 
	*/
	[public] NTSTATUS samr_SetUserInfo2(
		[in,ref]                   policy_handle *user_handle,
		[in]                       uint16 level,
		[in,ref,switch_is(level)]  samr_UserInfo *info
		);

	/************************/
	/* Function    0x3b     */
	/*
	  this one is mysterious. I have a few guesses, but nothing working yet
	*/
	NTSTATUS samr_SetBootKeyInformation(
		[in,ref]   policy_handle *connect_handle,
		[in]       uint32 unknown1,
		[in]       uint32 unknown2,
		[in]       uint32 unknown3
		);

	/************************/
	/* Function    0x3c     */
	NTSTATUS samr_GetBootKeyInformation(
		[in,ref]   policy_handle *domain_handle,
		[out]      uint32 unknown
		);

	/************************/
	/* Function    0x3d     */
	NTSTATUS samr_Connect3(
		[in,unique,string,charset(UTF16)] uint16 *system_name,
		/* this unknown value seems to be completely ignored by w2k3 */
		[in] uint32 unknown,
		[in] samr_ConnectAccessMask access_mask,
		[out,ref]  policy_handle *connect_handle
		);

	/************************/
	/* Function    0x3e     */
	NTSTATUS samr_Connect4(
		[in,unique,string,charset(UTF16)] uint16 *system_name,
		[in] uint32 unknown,
		[in] samr_ConnectAccessMask access_mask,
		[out,ref]  policy_handle *connect_handle
		);

	/************************/
	/* Function    0x3f     */

	typedef enum samr_RejectReason samr_RejectReason;

	typedef struct {
		samr_RejectReason reason;
		uint32 unknown1;
		uint32 unknown2;
	} samr_ChangeReject;

	NTSTATUS samr_ChangePasswordUser3(
		[in,unique]       lsa_String *server,
		[in,ref]          lsa_String *account,
		[in,unique]       samr_CryptPassword *nt_password,
		[in,unique]       samr_Password *nt_verifier,
		[in]              boolean8 lm_change,
		[in,unique]       samr_CryptPassword *lm_password,
		[in,unique]       samr_Password *lm_verifier,
		[in,unique]       samr_CryptPassword *password3,
		[out,unique]      samr_DomInfo1 *dominfo,
		[out,unique]      samr_ChangeReject *reject
		);

	/************************/
	/* Function    0x40      */

	typedef struct {
		uint32         unknown1; /* w2k3 gives 3 */
		uint32         unknown2; /* w2k3 gives 0 */
	} samr_ConnectInfo1;

	typedef union {
		[case(1)]  samr_ConnectInfo1 info1;
	} samr_ConnectInfo;

	[public] NTSTATUS samr_Connect5(
		[in,unique,string,charset(UTF16)] uint16 *system_name,
		[in]       samr_ConnectAccessMask  access_mask,
		[in,out]   uint32             level,
		[in,out,switch_is(level),ref] samr_ConnectInfo *info,
		[out,ref]  policy_handle      *connect_handle
		);

	/************************/
	/* Function    0x41     */
	NTSTATUS samr_RidToSid(
		[in,ref]    policy_handle *domain_handle,
		[in]        uint32        rid,
		[out,unique] dom_sid2      *sid
		);


	/************************/
	/* Function    0x42     */

	/*
	  this should set the DSRM password for the server, which is used
	  when booting into Directory Services Recovery Mode on a DC. Win2003
	  gives me NT_STATUS_NOT_SUPPORTED
	*/

	NTSTATUS samr_SetDsrmPassword(
		[in,unique] lsa_String *name,
		[in]       uint32 unknown,
		[in,unique] samr_Password *hash
		);


	/************************/
	/* Function    0x43     */
	/************************/
	typedef [bitmap32bit] bitmap {
		SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET		= 0x00000001,
		SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME		= 0x00000002,
		SAMR_VALIDATE_FIELD_LOCKOUT_TIME		= 0x00000004,
		SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT		= 0x00000008,
		SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH	= 0x00000010,
		SAMR_VALIDATE_FIELD_PASSWORD_HISTORY		= 0x00000020
	} samr_ValidateFieldsPresent;

	typedef enum {
		NetValidateAuthentication = 1,
		NetValidatePasswordChange= 2,
		NetValidatePasswordReset = 3
	} samr_ValidatePasswordLevel;

	/* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't
	 * identified the mapping of
	 * - NERR_PasswordFilterError
	 * - NERR_PasswordExpired and
	 * - NERR_PasswordCantChange
	 * yet - Guenther
	 */

	typedef enum {
		SAMR_VALIDATION_STATUS_SUCCESS = 0,
		SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1,
		SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2,
		SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4,
		SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5,
		SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6,
		SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7,
		SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8,
		SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9
	} samr_ValidationStatus;

	typedef struct {
		uint32 length;
		[size_is(length)] uint8 *data;
        } samr_ValidationBlob;

	typedef struct {
		samr_ValidateFieldsPresent fields_present;
		NTTIME_hyper last_password_change;
		NTTIME_hyper bad_password_time;
		NTTIME_hyper lockout_time;
		uint32 bad_pwd_count;
		uint32 pwd_history_len;
		[size_is(pwd_history_len)] samr_ValidationBlob *pwd_history;
	} samr_ValidatePasswordInfo;

	typedef struct {
		samr_ValidatePasswordInfo info;
		samr_ValidationStatus status;
	} samr_ValidatePasswordRepCtr;

	typedef [switch_type(uint16)] union {
		[case(1)] samr_ValidatePasswordRepCtr ctr1;
		[case(2)] samr_ValidatePasswordRepCtr ctr2;
		[case(3)] samr_ValidatePasswordRepCtr ctr3;
	} samr_ValidatePasswordRep;

	typedef struct {
		samr_ValidatePasswordInfo info;
		lsa_StringLarge password;
		lsa_StringLarge account;
		samr_ValidationBlob hash;
		boolean8 pwd_must_change_at_next_logon;
		boolean8 clear_lockout;
	} samr_ValidatePasswordReq3;

	typedef struct {
		samr_ValidatePasswordInfo info;
		lsa_StringLarge password;
		lsa_StringLarge account;
		samr_ValidationBlob hash;
		boolean8 password_matched;
	} samr_ValidatePasswordReq2;

	typedef struct {
		samr_ValidatePasswordInfo info;
		boolean8 password_matched;
	} samr_ValidatePasswordReq1;

	typedef [switch_type(uint16)] union {
		[case(1)] samr_ValidatePasswordReq1 req1;
		[case(2)] samr_ValidatePasswordReq2 req2;
		[case(3)] samr_ValidatePasswordReq3 req3;
	} samr_ValidatePasswordReq;

	NTSTATUS samr_ValidatePassword(
		[in] samr_ValidatePasswordLevel level,
		[in,switch_is(level)] samr_ValidatePasswordReq req,
		[out,unique,switch_is(level)] samr_ValidatePasswordRep *rep
		);
}