From d322cc5027934b97d87876cbdfaa7e529e1a3db7 Mon Sep 17 00:00:00 2001 From: =?utf-8?q?G=C3=BCnther=20Deschner?= Date: Thu, 17 Jan 2008 09:41:58 +0100 Subject: [PATCH] Import recent netlogon and samr IDL from samba4. Guenther --- source/librpc/idl/netlogon.idl | 300 ++++++++++++++++++++++++++++------------ source/librpc/idl/samr.idl | 270 +++++++++++++++++++++++++++++------- 2 files changed, 432 insertions(+), 138 deletions(-) diff --git a/source/librpc/idl/netlogon.idl b/source/librpc/idl/netlogon.idl index 72feb2f..dcbb647 100644 --- a/source/librpc/idl/netlogon.idl +++ b/source/librpc/idl/netlogon.idl @@ -4,10 +4,9 @@ who contributed! */ -#include "idl_types.h" - -import "lsa.idl", "samr.idl", "security.idl"; +import "lsa.idl", "samr.idl", "security.idl", "nbt.idl"; +#include "idl_types.h" [ uuid("12345678-1234-abcd-ef00-01234567cffb"), @@ -63,7 +62,7 @@ interface netlogon [in] [string,charset(UTF16)] uint16 *server_name, [in] [string,charset(UTF16)] uint16 account_name[], [in] [string,charset(UTF16)] uint16 workstation[], - [out,ref] netr_UasLogoffInfo *info + [out] netr_UasLogoffInfo info ); @@ -247,8 +246,8 @@ interface netlogon [in] uint16 logon_level, [in] [switch_is(logon_level)] netr_LogonLevel logon, [in] uint16 validation_level, - [out,ref] [switch_is(validation_level)] netr_Validation *validation, - [out,ref] uint8 *authoritative + [out] [switch_is(validation_level)] netr_Validation validation, + [out] uint8 authoritative ); @@ -269,7 +268,7 @@ interface netlogon /*****************/ /* Function 0x04 */ - NTSTATUS netr_ServerReqChallenge( + [public] NTSTATUS netr_ServerReqChallenge( [in,string,charset(UTF16)] uint16 *server_name, [in,string,charset(UTF16)] uint16 computer_name[], [in,out,ref] netr_Credential *credentials @@ -300,7 +299,7 @@ interface netlogon [in] [string,charset(UTF16)] uint16 computer_name[], [in] netr_Authenticator credential, [in] samr_Password new_password, - [out,ref] netr_Authenticator *return_authenticator + [out] netr_Authenticator return_authenticator ); @@ -330,10 +329,10 @@ interface netlogon typedef struct { uint16 nt_length; - uint16 nt_size; + [value(nt_length)] uint16 nt_size; uint32 nt_flags; uint16 lm_length; - uint16 lm_size; + [value(lm_length)] uint16 lm_size; uint32 lm_flags; uint8 nt_history[nt_length]; uint8 lm_history[lm_length]; @@ -342,10 +341,10 @@ interface netlogon typedef struct { netr_USER_KEY16 lmpassword; netr_USER_KEY16 ntpassword; - netr_PasswordHistory lmhistory; + netr_PasswordHistory history; } netr_USER_KEYS2; - typedef struct { + typedef struct { /* TODO: make this a union! */ netr_USER_KEYS2 keys2; } netr_USER_KEY_UNION; @@ -681,9 +680,9 @@ interface netlogon [in] [string,charset(UTF16)] uint16 logon_server[], [in] [string,charset(UTF16)] uint16 computername[], [in] netr_Authenticator credential, - [in,out,ref] netr_Authenticator *return_authenticator, + [in,out] netr_Authenticator return_authenticator, [in] netr_SamDatabaseID database_id, - [in,out,ref] udlong *sequence_num, + [in,out] udlong sequence_num, [in] uint32 preferredmaximumlength, [out] netr_DELTA_ENUM_ARRAY *delta_enum_array ); @@ -696,9 +695,9 @@ interface netlogon [in] [string,charset(UTF16)] uint16 logon_server[], [in] [string,charset(UTF16)] uint16 computername[], [in] netr_Authenticator credential, - [in,out,ref] netr_Authenticator *return_authenticator, + [in,out] netr_Authenticator return_authenticator, [in] netr_SamDatabaseID database_id, - [in,out,ref] uint32 *sync_context, + [in,out] uint32 sync_context, [in] uint32 preferredmaximumlength, [out] netr_DELTA_ENUM_ARRAY *delta_enum_array ); @@ -723,15 +722,15 @@ interface netlogon [in] [string,charset(UTF16)] uint16 *logon_server, [in] [string,charset(UTF16)] uint16 computername[], [in] netr_Authenticator credential, - [in,out,ref] netr_Authenticator *return_authenticator, + [in,out] netr_Authenticator return_authenticator, [in] netr_UAS_INFO_0 uas, [in] uint32 count, [in] uint32 level, [in] uint32 buffersize, - [out,ref,subcontext(4)] netr_AccountBuffer *buffer, - [out,ref] uint32 *count_returned, - [out,ref] uint32 *total_entries, - [out,ref] netr_UAS_INFO_0 *recordid + [out,subcontext(4)] netr_AccountBuffer buffer, + [out] uint32 count_returned, + [out] uint32 total_entries, + [out] netr_UAS_INFO_0 recordid ); @@ -742,25 +741,25 @@ interface netlogon [in] [string,charset(UTF16)] uint16 *logon_server, [in] [string,charset(UTF16)] uint16 computername[], [in] netr_Authenticator credential, - [in,out,ref] netr_Authenticator *return_authenticator, + [in,out] netr_Authenticator return_authenticator, [in] uint32 reference, [in] uint32 level, [in] uint32 buffersize, - [out,ref,subcontext(4)] netr_AccountBuffer *buffer, - [out,ref] uint32 *count_returned, - [out,ref] uint32 *total_entries, - [out,ref] uint32 *next_reference, - [in,out,ref] netr_UAS_INFO_0 *recordid + [out,subcontext(4)] netr_AccountBuffer buffer, + [out] uint32 count_returned, + [out] uint32 total_entries, + [out] uint32 next_reference, + [in,out] netr_UAS_INFO_0 recordid ); /*****************/ /* Function 0x0B */ - NTSTATUS netr_GetDcName( + WERROR netr_GetDcName( [in] [string,charset(UTF16)] uint16 logon_server[], [in] [string,charset(UTF16)] uint16 *domainname, - [out,ref] [string,charset(UTF16)] uint16 **dcname + [out] [string,charset(UTF16)] uint16 *dcname ); /*****************/ @@ -806,7 +805,7 @@ interface netlogon [in] [string,charset(UTF16)] uint16 *logon_server, [in] netr_LogonControlCode function_code, [in] uint32 level, - [out,ref,switch_is(level)] netr_CONTROL_QUERY_INFORMATION *info + [out,switch_is(level)] netr_CONTROL_QUERY_INFORMATION info ); @@ -816,7 +815,7 @@ interface netlogon WERROR netr_GetAnyDCName( [in] [string,charset(UTF16)] uint16 *logon_server, [in] [string,charset(UTF16)] uint16 *domainname, - [out,ref] [string,charset(UTF16)] uint16 **dcname + [out] [string,charset(UTF16)] uint16 *dcname ); @@ -835,7 +834,7 @@ interface netlogon [in] uint32 function_code, [in] uint32 level, [in][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION data, - [out,ref][switch_is(level)] netr_CONTROL_QUERY_INFORMATION *query + [out][switch_is(level)] netr_CONTROL_QUERY_INFORMATION query ); @@ -866,10 +865,10 @@ interface netlogon [in] [string,charset(UTF16)] uint16 logon_server[], [in] [string,charset(UTF16)] uint16 computername[], [in] netr_Authenticator credential, - [in,out,ref] netr_Authenticator *return_authenticator, + [in,out] netr_Authenticator return_authenticator, [in] netr_SamDatabaseID database_id, [in] uint16 restart_state, - [in,out,ref] uint32 *sync_context, + [in,out] uint32 sync_context, [in] uint32 preferredmaximumlength, [out] netr_DELTA_ENUM_ARRAY *delta_enum_array ); @@ -884,7 +883,7 @@ interface netlogon [in] [string,charset(UTF16)] uint16 logon_server[], [in] [string,charset(UTF16)] uint16 computername[], [in] netr_Authenticator credential, - [in,out,ref] netr_Authenticator *return_authenticator, + [in,out] netr_Authenticator return_authenticator, [in][size_is(change_log_entry_size)] uint8 *change_log_entry, [in] uint32 change_log_entry_size, [out] netr_DELTA_ENUM_ARRAY *delta_enum_array @@ -899,23 +898,76 @@ interface netlogon [in] uint32 function_code, [in] uint32 level, [in][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION data, - [out,ref][switch_is(level)] netr_CONTROL_QUERY_INFORMATION *query + [out][switch_is(level)] netr_CONTROL_QUERY_INFORMATION query ); /*****************/ /* Function 0x13 */ - WERROR netr_NETRENUMERATETRUSTEDDOMAINS() ; + typedef struct { + uint32 length; + [size_is(length)] uint8 *data; + } netr_Blob; + + WERROR netr_NetrEnumerateTrustedDomains( + [in] [string,charset(UTF16)] uint16 *server_name, + [out,ref] netr_Blob *trusted_domains_blob + ); /*****************/ - /* Function 0x14 */ + /* Function 0x14 */ + + /* two unkown bits still: DS_IP_VERSION_AGNOSTIC and + * DS_TRY_NEXTCLOSEST_SITE - Guenther */ + + typedef [bitmap32bit] bitmap { + DS_FORCE_REDISCOVERY = 0x00000001, + DS_DIRECTORY_SERVICE_REQUIRED = 0x00000010, + DS_DIRECTORY_SERVICE_PREFERRED = 0x00000020, + DS_GC_SERVER_REQUIRED = 0x00000040, + DS_PDC_REQUIRED = 0x00000080, + DS_BACKGROUND_ONLY = 0x00000100, + DS_IP_REQUIRED = 0x00000200, + DS_KDC_REQUIRED = 0x00000400, + DS_TIMESERV_REQUIRED = 0x00000800, + DS_WRITABLE_REQUIRED = 0x00001000, + DS_GOOD_TIMESERV_PREFERRED = 0x00002000, + DS_AVOID_SELF = 0x00004000, + DS_ONLY_LDAP_NEEDED = 0x00008000, + DS_IS_FLAT_NAME = 0x00010000, + DS_IS_DNS_NAME = 0x00020000, + DS_RETURN_DNS_NAME = 0x40000000, + DS_RETURN_FLAT_NAME = 0x80000000 + } netr_DsRGetDCName_flags; + + typedef [v1_enum] enum { + DS_ADDRESS_TYPE_INET = 1, + DS_ADDRESS_TYPE_NETBIOS = 2 + } netr_DsRGetDCNameInfo_AddressType; + + typedef [bitmap32bit] bitmap { + DS_SERVER_PDC = NBT_SERVER_PDC, + DS_SERVER_GC = NBT_SERVER_GC, + DS_SERVER_LDAP = NBT_SERVER_LDAP, + DS_SERVER_DS = NBT_SERVER_DS, + DS_SERVER_KDC = NBT_SERVER_KDC, + DS_SERVER_TIMESERV = NBT_SERVER_TIMESERV, + DS_SERVER_CLOSEST = NBT_SERVER_CLOSEST, + DS_SERVER_WRITABLE = NBT_SERVER_WRITABLE, + DS_SERVER_GOOD_TIMESERV = NBT_SERVER_GOOD_TIMESERV, + DS_SERVER_NDNC = 0x00000400, + DS_DNS_CONTROLLER = 0x20000000, + DS_DNS_DOMAIN = 0x40000000, + DS_DNS_FOREST = 0x80000000 + } netr_DsR_DcFlags; + typedef struct { [string,charset(UTF16)] uint16 *dc_unc; [string,charset(UTF16)] uint16 *dc_address; - int32 dc_address_type; + netr_DsRGetDCNameInfo_AddressType dc_address_type; GUID domain_guid; [string,charset(UTF16)] uint16 *domain_name; [string,charset(UTF16)] uint16 *forest_name; - uint32 dc_flags; + netr_DsR_DcFlags dc_flags; [string,charset(UTF16)] uint16 *dc_site_name; [string,charset(UTF16)] uint16 *client_site_name; } netr_DsRGetDCNameInfo; @@ -925,7 +977,7 @@ interface netlogon [in] [string,charset(UTF16)] uint16 *domain_name, [in] GUID *domain_guid, [in] GUID *site_guid, - [in] uint32 flags, + [in] netr_DsRGetDCName_flags flags, [out] netr_DsRGetDCNameInfo *info ); @@ -951,7 +1003,7 @@ interface netlogon /****************/ /* Function 0x1a */ - NTSTATUS netr_ServerAuthenticate3( + [public] NTSTATUS netr_ServerAuthenticate3( [in] [string,charset(UTF16)] uint16 *server_name, [in] [string,charset(UTF16)] uint16 account_name[], [in] netr_SchannelType secure_channel_type, @@ -969,7 +1021,7 @@ interface netlogon [in] [string,charset(UTF16)] uint16 *domain_name, [in] GUID *domain_guid, [in] [string,charset(UTF16)] uint16 *site_name, - [in] uint32 flags, + [in] netr_DsRGetDCName_flags flags, [out] netr_DsRGetDCNameInfo *info ); @@ -977,17 +1029,12 @@ interface netlogon /* Function 0x1c */ WERROR netr_DsRGetSiteName( [in] [string,charset(UTF16)] uint16 *computer_name, - [out,ref] [string,charset(UTF16)] uint16 **site + [out] [string,charset(UTF16)] uint16 *site ); /****************/ /* Function 0x1d */ - typedef struct { - uint32 length; - [size_is(length)] uint8 *data; - } netr_Blob; - typedef [flag(NDR_PAHEX)] struct { uint16 length; uint16 size; @@ -1043,7 +1090,7 @@ interface netlogon [in,out,ref] netr_Authenticator *return_authenticator, [in] uint32 level, [in,switch_is(level)] netr_DomainQuery query, - [out,ref,switch_is(level)] netr_DomainInfo *info + [out,switch_is(level)] netr_DomainInfo info ); typedef [flag(NDR_PAHEX)] struct { @@ -1060,12 +1107,20 @@ interface netlogon [in] [string,charset(UTF16)] uint16 computer_name[], [in] netr_Authenticator credential, [in] netr_CryptPassword new_password, - [out,ref] netr_Authenticator *return_authenticator + [out] netr_Authenticator return_authenticator ); /****************/ /* Function 0x1f */ - WERROR netr_NETRSERVERPASSWORDGET(); + WERROR netr_ServerPasswordGet( + [in] [string,charset(UTF16)] uint16 *server_name, + [in] [string,charset(UTF16)] uint16 account_name[], + [in] netr_SchannelType secure_channel_type, + [in] [string,charset(UTF16)] uint16 computer_name[], + [in,ref] netr_Authenticator *credential, + [out,ref] netr_Authenticator *return_authenticator, + [out,ref] samr_Password *password + ); /****************/ /* Function 0x20 */ @@ -1073,18 +1128,33 @@ interface netlogon /****************/ /* Function 0x21 */ - WERROR netr_DSRADDRESSTOSITENAMESW(); + typedef struct { + uint32 count; + [size_is(count)] lsa_String *sitename; + } netr_DsRAddressToSitenamesWCtr; + + typedef struct { + [size_is(size)] uint8 *buffer; + uint32 size; + } netr_DsRAddress; + + WERROR netr_DsRAddressToSitenamesW( + [in] [string,charset(UTF16)] uint16 *server_name, + [in] [range(0,32000)] uint32 count, + [in] [size_is(count)] [ref] netr_DsRAddress *addresses, + [out] [ref] netr_DsRAddressToSitenamesWCtr **ctr + ); /****************/ /* Function 0x22 */ WERROR netr_DsRGetDCNameEx2( [in] [string,charset(UTF16)] uint16 *server_unc, [in] [string,charset(UTF16)] uint16 *client_account, - [in] uint32 mask, + [in] samr_AcctFlags mask, [in] [string,charset(UTF16)] uint16 *domain_name, [in] GUID *domain_guid, [in] [string,charset(UTF16)] uint16 *site_name, - [in] uint32 flags, + [in] netr_DsRGetDCName_flags flags, [out] netr_DsRGetDCNameInfo *info ); @@ -1094,32 +1164,6 @@ interface netlogon /****************/ /* Function 0x24 */ - WERROR netr_NETRENUMERATETRUSTEDDOMAINSEX(); - - /****************/ - /* Function 0x25 */ - WERROR netr_DSRADDRESSTOSITENAMESEXW(); - - /****************/ - /* Function 0x26 */ - WERROR netr_DSRGETDCSITECOVERAGEW(); - - /****************/ - /* Function 0x27 */ - NTSTATUS netr_LogonSamLogonEx( - [in] [string,charset(UTF16)] uint16 *server_name, - [in] [string,charset(UTF16)] uint16 *computer_name, - [in] uint16 logon_level, - [in] [switch_is(logon_level)] netr_LogonLevel logon, - [in] uint16 validation_level, - [out,ref] [switch_is(validation_level)] netr_Validation *validation, - [out,ref] uint8 *authoritative, - [in,out,ref] uint32 *flags - ); - - /****************/ - /* Function 0x28 */ - typedef [bitmap32bit] bitmap { NETR_TRUST_FLAG_IN_FOREST = 0x00000001, NETR_TRUST_FLAG_OUTBOUND = 0x00000002, @@ -1157,11 +1201,65 @@ interface netlogon GUID guid; } netr_DomainTrust; + typedef struct { + uint32 count; + [size_is(count)] netr_DomainTrust *array; + } netr_DomainTrustList; + + WERROR netr_NetrEnumerateTrustedDomainsEx( + [in] [string,charset(UTF16)] uint16 *server_name, + [out,ref] netr_DomainTrustList *dom_trust_list + ); + + /****************/ + /* Function 0x25 */ + typedef struct { + uint32 count; + [size_is(count)] lsa_String *sitename; + [size_is(count)] lsa_String *subnetname; + } netr_DsRAddressToSitenamesExWCtr; + + WERROR netr_DsRAddressToSitenamesExW( + [in] [string,charset(UTF16)] uint16 *server_name, + [in] [range(0,32000)] uint32 count, + [in] [size_is(count)] [ref] netr_DsRAddress *addresses, + [out] [ref] netr_DsRAddressToSitenamesExWCtr **ctr + ); + + /****************/ + /* Function 0x26 */ + + typedef struct { + uint32 num_sites; + [size_is(num_sites)] [unique] lsa_String *sites; + } DcSitesCtr; + + WERROR netr_DsrGetDcSiteCoverageW( + [in] [string,charset(UTF16)] uint16 *server_name, + [out] DcSitesCtr *ctr + ); + + /****************/ + /* Function 0x27 */ + NTSTATUS netr_LogonSamLogonEx( + [in] [string,charset(UTF16)] uint16 *server_name, + [in] [string,charset(UTF16)] uint16 *computer_name, + [in] uint16 logon_level, + [in] [switch_is(logon_level)] netr_LogonLevel logon, + [in] uint16 validation_level, + [out] [switch_is(validation_level)] netr_Validation validation, + [out] uint8 authoritative, + [in,out] uint32 flags + ); + + /****************/ + /* Function 0x28 */ + WERROR netr_DsrEnumerateDomainTrusts( [in] [string,charset(UTF16)] uint16 *server_name, [in] netr_TrustFlags trust_flags, - [out,ref] uint32 *count, - [out,ref,size_is(count)] netr_DomainTrust **trusts + [out] uint32 count, + [out,size_is(count)] netr_DomainTrust *trusts ); @@ -1171,15 +1269,39 @@ interface netlogon /****************/ /* Function 0x2a */ - WERROR netr_NETRSERVERTRUSTPASSWORDSGET(); + NTSTATUS netr_ServerTrustPasswordsGet( + [in] [string,charset(UTF16)] uint16 *server_name, + [in] [string,charset(UTF16)] uint16 account_name[], + [in] netr_SchannelType secure_channel_type, + [in] [string,charset(UTF16)] uint16 computer_name[], + [in,ref] netr_Authenticator *credential, + [out,ref] netr_Authenticator *return_authenticator, + [out,ref] samr_Password *password, + [out,ref] samr_Password *password2 + ); /****************/ /* Function 0x2b */ - WERROR netr_DSRGETFORESTTRUSTINFORMATION(); + + const int DS_GFTI_UPDATE_TDO = 0x1; + + WERROR netr_DsRGetForestTrustInformation( + [in] [string,charset(UTF16)] uint16 *server_name, + [in] [string,charset(UTF16)] uint16 *trusted_domain_name, + [in] uint32 flags, + [out,ref] lsa_ForestTrustInformation **forest_trust_info + ); /****************/ /* Function 0x2c */ - WERROR netr_NETRGETFORESTTRUSTINFORMATION(); + WERROR netr_GetForestTrustInformation( + [in] [string,charset(UTF16)] uint16 *server_name, + [in,ref] [string,charset(UTF16)] uint16 *trusted_domain_name, + [in,ref] netr_Authenticator *credential, + [out,ref] netr_Authenticator *return_authenticator, + [in] uint32 flags, + [out,ref] lsa_ForestTrustInformation **forest_trust_info + ); /****************/ /* Function 0x2d */ @@ -1193,9 +1315,9 @@ interface netlogon [in] uint16 logon_level, [in] [switch_is(logon_level)] netr_LogonLevel logon, [in] uint16 validation_level, - [out,ref] [switch_is(validation_level)] netr_Validation *validation, - [out,ref] uint8 *authoritative, - [in,out,ref] uint32 *flags + [out] [switch_is(validation_level)] netr_Validation validation, + [out] uint8 authoritative, + [in,out] uint32 flags ); /****************/ diff --git a/source/librpc/idl/samr.idl b/source/librpc/idl/samr.idl index afeca3e..b6d2b9f 100644 --- a/source/librpc/idl/samr.idl +++ b/source/librpc/idl/samr.idl @@ -3,6 +3,7 @@ /* samr interface definition */ +import "misc.idl", "lsa.idl", "security.idl"; /* Thanks to Todd Sabin for some information from his samr.idl in acltools @@ -12,8 +13,7 @@ version(1.0), endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"), pointer_default(unique), - pointer_default_top(unique), - depends(misc,lsa,security) + pointer_default_top(unique) ] interface samr { typedef bitmap security_secinfo security_secinfo; @@ -41,19 +41,72 @@ ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */ } samr_AcctFlags; + typedef [bitmap32bit] bitmap { + SAMR_ACCESS_CONNECT_TO_SERVER = 0x00000001, + SAMR_ACCESS_SHUTDOWN_SERVER = 0x00000002, + SAMR_ACCESS_INITIALIZE_SERVER = 0x00000004, + SAMR_ACCESS_CREATE_DOMAIN = 0x00000008, + SAMR_ACCESS_ENUM_DOMAINS = 0x00000010, + SAMR_ACCESS_OPEN_DOMAIN = 0x00000020 + } samr_ConnectAccessMask; + + typedef [bitmap32bit] bitmap { + USER_ACCESS_GET_NAME_ETC = 0x00000001, + USER_ACCESS_GET_LOCALE = 0x00000002, + USER_ACCESS_SET_LOC_COM = 0x00000004, + USER_ACCESS_GET_LOGONINFO = 0x00000008, + USER_ACCESS_GET_ATTRIBUTES = 0x00000010, + USER_ACCESS_SET_ATTRIBUTES = 0x00000020, + USER_ACCESS_CHANGE_PASSWORD = 0x00000040, + USER_ACCESS_SET_PASSWORD = 0x00000080, + USER_ACCESS_GET_GROUPS = 0x00000100, + USER_ACCESS_GET_GROUP_MEMBERSHIP = 0x00000200, + USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400 + } samr_UserAccessMask; + + typedef [bitmap32bit] bitmap { + DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001, + DOMAIN_ACCESS_SET_INFO_1 = 0x00000002, + DOMAIN_ACCESS_LOOKUP_INFO_2 = 0x00000004, + DOMAIN_ACCESS_SET_INFO_2 = 0x00000008, + DOMAIN_ACCESS_CREATE_USER = 0x00000010, + DOMAIN_ACCESS_CREATE_GROUP = 0x00000020, + DOMAIN_ACCESS_CREATE_ALIAS = 0x00000040, + DOMAIN_ACCESS_LOOKUP_ALIAS = 0x00000080, + DOMAIN_ACCESS_ENUM_ACCOUNTS = 0x00000100, + DOMAIN_ACCESS_OPEN_ACCOUNT = 0x00000200, + DOMAIN_ACCESS_SET_INFO_3 = 0x00000400 + } samr_DomainAccessMask; + + typedef [bitmap32bit] bitmap { + GROUP_ACCESS_LOOKUP_INFO = 0x00000001, + GROUP_ACCESS_SET_INFO = 0x00000002, + GROUP_ACCESS_ADD_MEMBER = 0x00000004, + GROUP_ACCESS_REMOVE_MEMBER = 0x00000008, + GROUP_ACCESS_GET_MEMBERS = 0x00000010 + } samr_GroupAccessMask; + + typedef [bitmap32bit] bitmap { + ALIAS_ACCESS_ADD_MEMBER = 0x00000001, + ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002, + ALIAS_ACCESS_GET_MEMBERS = 0x00000004, + ALIAS_ACCESS_LOOKUP_INFO = 0x00000008, + ALIAS_ACCESS_SET_INFO = 0x00000010 + } samr_AliasAccessMask; + /******************/ /* Function: 0x00 */ NTSTATUS samr_Connect ( /* notice the lack of [string] */ [in] uint16 *system_name, - [in] uint32 access_mask, + [in] samr_ConnectAccessMask access_mask, [out,ref] policy_handle *connect_handle ); /******************/ /* Function: 0x01 */ - NTSTATUS samr_Close ( + [public] NTSTATUS samr_Close ( [in,out,ref] policy_handle *handle ); @@ -118,9 +171,9 @@ /************************/ /* Function 0x07 */ - NTSTATUS samr_OpenDomain( + [public] NTSTATUS samr_OpenDomain( [in,ref] policy_handle *connect_handle, - [in] uint32 access_mask, + [in] samr_DomainAccessMask access_mask, [in,ref] dom_sid2 *sid, [out,ref] policy_handle *domain_handle ); @@ -129,10 +182,10 @@ /* Function 0x08 */ /* server roles */ typedef [v1_enum] enum { - ROLE_STANDALONE = 0, - ROLE_DOMAIN_MEMBER = 1, - ROLE_DOMAIN_BDC = 2, - ROLE_DOMAIN_PDC = 3 + SAMR_ROLE_STANDALONE = 0, + SAMR_ROLE_DOMAIN_MEMBER = 1, + SAMR_ROLE_DOMAIN_BDC = 2, + SAMR_ROLE_DOMAIN_PDC = 3 } samr_Role; /* password properties flags */ @@ -256,7 +309,7 @@ NTSTATUS samr_CreateDomainGroup( [in,ref] policy_handle *domain_handle, [in,ref] lsa_String *name, - [in] uint32 access_mask, + [in] samr_GroupAccessMask access_mask, [out,ref] policy_handle *group_handle, [out,ref] uint32 *rid ); @@ -277,7 +330,7 @@ NTSTATUS samr_CreateUser( [in,ref] policy_handle *domain_handle, [in,ref] lsa_String *account_name, - [in] uint32 access_mask, + [in] samr_UserAccessMask access_mask, [out,ref] policy_handle *user_handle, [out,ref] uint32 *rid ); @@ -305,7 +358,7 @@ NTSTATUS samr_CreateDomAlias( [in,ref] policy_handle *domain_handle, [in,ref] lsa_String *alias_name, - [in] uint32 access_mask, + [in] samr_AliasAccessMask access_mask, [out,ref] policy_handle *alias_handle, [out,ref] uint32 *rid ); @@ -337,7 +390,7 @@ /************************/ /* Function 0x11 */ - NTSTATUS samr_LookupNames( + [public] NTSTATUS samr_LookupNames( [in,ref] policy_handle *domain_handle, [in,range(0,1000)] uint32 num_names, [in,size_is(1000),length_is(num_names)] lsa_String names[], @@ -360,7 +413,7 @@ /* Function 0x13 */ NTSTATUS samr_OpenGroup( [in,ref] policy_handle *domain_handle, - [in] uint32 access_mask, + [in] samr_GroupAccessMask access_mask, [in] uint32 rid, [out,ref] policy_handle *group_handle ); @@ -480,7 +533,7 @@ /* Function 0x1b */ NTSTATUS samr_OpenAlias ( [in,ref] policy_handle *domain_handle, - [in] uint32 access_mask, + [in] samr_AliasAccessMask access_mask, [in] uint32 rid, [out,ref] policy_handle *alias_handle ); @@ -550,9 +603,9 @@ /************************/ /* Function 0x22 */ - NTSTATUS samr_OpenUser( + [public] NTSTATUS samr_OpenUser( [in,ref] policy_handle *domain_handle, - [in] uint32 access_mask, + [in] samr_UserAccessMask access_mask, [in] uint32 rid, [out,ref] policy_handle *user_handle ); @@ -684,20 +737,36 @@ /* this defines the bits used for fields_present in info21 */ typedef [bitmap32bit] bitmap { - SAMR_FIELD_ACCOUNT_NAME = 0x00000001, - SAMR_FIELD_FULL_NAME = 0x00000002, - SAMR_FIELD_DESCRIPTION = 0x00000010, - SAMR_FIELD_COMMENT = 0x00000020, - SAMR_FIELD_LOGON_SCRIPT = 0x00000100, - SAMR_FIELD_PROFILE_PATH = 0x00000200, - SAMR_FIELD_WORKSTATIONS = 0x00000400, - SAMR_FIELD_LOGON_HOURS = 0x00002000, - SAMR_FIELD_ACCT_FLAGS = 0x00100000, - SAMR_FIELD_PARAMETERS = 0x00200000, - SAMR_FIELD_COUNTRY_CODE = 0x00400000, - SAMR_FIELD_CODE_PAGE = 0x00800000, - SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */ - SAMR_FIELD_PASSWORD2 = 0x02000000 /* two bits seems to work */ + SAMR_FIELD_ACCOUNT_NAME = 0x00000001, + SAMR_FIELD_FULL_NAME = 0x00000002, + SAMR_FIELD_RID = 0x00000004, + SAMR_FIELD_PRIMARY_GID = 0x00000008, + SAMR_FIELD_DESCRIPTION = 0x00000010, + SAMR_FIELD_COMMENT = 0x00000020, + SAMR_FIELD_HOME_DIRECTORY = 0x00000040, + SAMR_FIELD_HOME_DRIVE = 0x00000080, + SAMR_FIELD_LOGON_SCRIPT = 0x00000100, + SAMR_FIELD_PROFILE_PATH = 0x00000200, + SAMR_FIELD_WORKSTATIONS = 0x00000400, + SAMR_FIELD_LAST_LOGON = 0x00000800, + SAMR_FIELD_LAST_LOGOFF = 0x00001000, + SAMR_FIELD_LOGON_HOURS = 0x00002000, + SAMR_FIELD_BAD_PWD_COUNT = 0x00004000, + SAMR_FIELD_NUM_LOGONS = 0x00008000, + SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000, + SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000, + SAMR_FIELD_LAST_PWD_CHANGE = 0x00040000, + SAMR_FIELD_ACCT_EXPIRY = 0x00080000, + SAMR_FIELD_ACCT_FLAGS = 0x00100000, + SAMR_FIELD_PARAMETERS = 0x00200000, + SAMR_FIELD_COUNTRY_CODE = 0x00400000, + SAMR_FIELD_CODE_PAGE = 0x00800000, + SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */ + SAMR_FIELD_PASSWORD2 = 0x02000000, /* two bits seems to work */ + SAMR_FIELD_PRIVATE_DATA = 0x04000000, + SAMR_FIELD_EXPIRED_FLAG = 0x08000000, + SAMR_FIELD_SEC_DESC = 0x10000000, + SAMR_FIELD_OWF_PWD = 0x20000000 } samr_FieldsPresent; typedef struct { @@ -790,7 +859,7 @@ [case(26)] samr_UserInfo26 info26; } samr_UserInfo; - NTSTATUS samr_QueryUserInfo( + [public] NTSTATUS samr_QueryUserInfo( [in,ref] policy_handle *user_handle, [in] uint16 level, [out,switch_is(level)] samr_UserInfo *info @@ -799,7 +868,7 @@ /************************/ /* Function 0x25 */ - NTSTATUS samr_SetUserInfo( + [public] NTSTATUS samr_SetUserInfo( [in,ref] policy_handle *user_handle, [in] uint16 level, [in,ref,switch_is(level)] samr_UserInfo *info @@ -855,8 +924,8 @@ uint32 rid; samr_AcctFlags acct_flags; lsa_String account_name; - lsa_String full_name; lsa_String description; + lsa_String full_name; } samr_DispEntryGeneral; typedef struct { @@ -879,6 +948,19 @@ typedef struct { uint32 idx; + uint32 rid; + samr_GroupAttrs acct_flags; + lsa_String account_name; + lsa_String description; + } samr_DispEntryFullGroup; + + typedef struct { + uint32 count; + [size_is(count)] samr_DispEntryFullGroup *entries; + } samr_DispInfoFullGroups; + + typedef struct { + uint32 idx; lsa_AsciiString account_name; } samr_DispEntryAscii; @@ -890,7 +972,7 @@ typedef [switch_type(uint16)] union { [case(1)] samr_DispInfoGeneral info1;/* users */ [case(2)] samr_DispInfoFull info2; /* trust accounts? */ - [case(3)] samr_DispInfoFull info3; /* groups */ + [case(3)] samr_DispInfoFullGroups info3; /* groups */ [case(4)] samr_DispInfoAscii info4; /* users */ [case(5)] samr_DispInfoAscii info5; /* groups */ } samr_DispInfo; @@ -958,7 +1040,7 @@ samr_PasswordProperties password_properties; } samr_PwInfo; - NTSTATUS samr_GetUserPwInfo( + [public] NTSTATUS samr_GetUserPwInfo( [in,ref] policy_handle *user_handle, [out] samr_PwInfo info ); @@ -1031,7 +1113,7 @@ [in,ref] policy_handle *domain_handle, [in,ref] lsa_String *account_name, [in] samr_AcctFlags acct_flags, - [in] uint32 access_mask, + [in] samr_UserAccessMask access_mask, [out,ref] policy_handle *user_handle, [out,ref] uint32 *access_granted, [out,ref] uint32 *rid @@ -1102,7 +1184,7 @@ /* Function 0x39 */ NTSTATUS samr_Connect2( [in,string,charset(UTF16)] uint16 *system_name, - [in] uint32 access_mask, + [in] samr_ConnectAccessMask access_mask, [out,ref] policy_handle *connect_handle ); @@ -1111,7 +1193,7 @@ /* seems to be an exact alias for samr_SetUserInfo() */ - NTSTATUS samr_SetUserInfo2( + [public] NTSTATUS samr_SetUserInfo2( [in,ref] policy_handle *user_handle, [in] uint16 level, [in,ref,switch_is(level)] samr_UserInfo *info @@ -1142,7 +1224,7 @@ [in,string,charset(UTF16)] uint16 *system_name, /* this unknown value seems to be completely ignored by w2k3 */ [in] uint32 unknown, - [in] uint32 access_mask, + [in] samr_ConnectAccessMask access_mask, [out,ref] policy_handle *connect_handle ); @@ -1151,7 +1233,7 @@ NTSTATUS samr_Connect4( [in,string,charset(UTF16)] uint16 *system_name, [in] uint32 unknown, - [in] uint32 access_mask, + [in] samr_ConnectAccessMask access_mask, [out,ref] policy_handle *connect_handle ); @@ -1191,9 +1273,9 @@ [case(1)] samr_ConnectInfo1 info1; } samr_ConnectInfo; - NTSTATUS samr_Connect5( + [public] NTSTATUS samr_Connect5( [in,string,charset(UTF16)] uint16 *system_name, - [in] uint32 access_mask, + [in] samr_ConnectAccessMask access_mask, [in,out] uint32 level, [in,out,switch_is(level),ref] samr_ConnectInfo *info, [out,ref] policy_handle *connect_handle @@ -1226,9 +1308,99 @@ /************************/ /* Function 0x43 */ - /* - I haven't been able to work out the format of this one yet. - Seems to start with a switch level for a union? - */ - NTSTATUS samr_ValidatePassword(); + /************************/ + typedef [bitmap32bit] bitmap { + SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET = 0x00000001, + SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME = 0x00000002, + SAMR_VALIDATE_FIELD_LOCKOUT_TIME = 0x00000004, + SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT = 0x00000008, + SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH = 0x00000010, + SAMR_VALIDATE_FIELD_PASSWORD_HISTORY = 0x00000020 + } samr_ValidateFieldsPresent; + + typedef enum { + NetValidateAuthentication = 1, + NetValidatePasswordChange= 2, + NetValidatePasswordReset = 3 + } samr_ValidatePasswordLevel; + + /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't + * identified the mapping of + * - NERR_PasswordFilterError + * - NERR_PasswordExpired and + * - NERR_PasswordCantChange + * yet - Guenther + */ + + typedef enum { + SAMR_VALIDATION_STATUS_SUCCESS = 0, + SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1, + SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2, + SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4, + SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5, + SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6, + SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7, + SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8, + SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9 + } samr_ValidationStatus; + + typedef struct { + uint32 length; + [size_is(length)] uint8 *data; + } samr_ValidationBlob; + + typedef struct { + samr_ValidateFieldsPresent fields_present; + NTTIME_hyper last_password_change; + NTTIME_hyper bad_password_time; + NTTIME_hyper lockout_time; + uint32 bad_pwd_count; + uint32 pwd_history_len; + [size_is(pwd_history_len)] samr_ValidationBlob *pwd_history; + } samr_ValidatePasswordInfo; + + typedef struct { + samr_ValidatePasswordInfo info; + samr_ValidationStatus status; + } samr_ValidatePasswordRepCtr; + + typedef [switch_type(uint16)] union { + [case(1)] samr_ValidatePasswordRepCtr ctr1; + [case(2)] samr_ValidatePasswordRepCtr ctr2; + [case(3)] samr_ValidatePasswordRepCtr ctr3; + } samr_ValidatePasswordRep; + + typedef struct { + samr_ValidatePasswordInfo info; + lsa_StringLarge password; + lsa_StringLarge account; + samr_ValidationBlob hash; + boolean8 pwd_must_change_at_next_logon; + boolean8 clear_lockout; + } samr_ValidatePasswordReq3; + + typedef struct { + samr_ValidatePasswordInfo info; + lsa_StringLarge password; + lsa_StringLarge account; + samr_ValidationBlob hash; + boolean8 password_matched; + } samr_ValidatePasswordReq2; + + typedef struct { + samr_ValidatePasswordInfo info; + boolean8 password_matched; + } samr_ValidatePasswordReq1; + + typedef [switch_type(uint16)] union { + [case(1)] samr_ValidatePasswordReq1 req1; + [case(2)] samr_ValidatePasswordReq2 req2; + [case(3)] samr_ValidatePasswordReq3 req3; + } samr_ValidatePasswordReq; + + NTSTATUS samr_ValidatePassword( + [in] samr_ValidatePasswordLevel level, + [in,switch_is(level)] samr_ValidatePasswordReq req, + [out,switch_is(level)] samr_ValidatePasswordRep *rep + ); } -- 1.5.3.7