Print this page
1575 untangle libmlrpc from SMB server
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Toomas Soome <tsoome@me.com>
Approved by: Richard Lowe <richlowe@richlowe.net>
NEX-15052 Need a way to add appliance local user/group ACE from Windows
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-15052 Need a way to add appliance local user/group ACE from Windows
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-3106 ACL editor crash in Windows 2012 R2
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Alek Pinchuk <alek.pinchuk@nexenta.com>
re #12435 rb3958 r10 is added 2 times to panic info
re #12393 rb3935 Kerberos and smbd disagree about who is our AD server
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/smbsrv/ndl/samrpc.ndl
+++ new/usr/src/uts/common/smbsrv/ndl/samrpc.ndl
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
24 - * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
24 + * Copyright 2017 Nexenta Systems, Inc. All rights reserved.
25 25 */
26 26
27 27 #ifndef _MLSVC_SAM_NDL_
28 28 #define _MLSVC_SAM_NDL_
29 29
30 30 /*
31 31 * Security Accounts Manager RPC (SAMR) interface definition.
32 32 */
33 33
34 -#include "ndrtypes.ndl"
34 +#include <libmlrpc/ndrtypes.ndl>
35 35
36 36 /* Windows NT */
37 37 #define SAMR_OPNUM_Connect 0x00 /* SamrConnect */
38 38 #define SAMR_OPNUM_CloseHandle 0x01
39 39 #define SAMR_OPNUM_SetSecObject 0x02
40 40 #define SAMR_OPNUM_QuerySecObject 0x03
41 41 #define SAMR_OPNUM_ShutdownSamServer 0x04 /* NotUsedOnWire */
42 42 #define SAMR_OPNUM_LookupDomain 0x05
43 43 #define SAMR_OPNUM_EnumLocalDomains 0x06
44 44 #define SAMR_OPNUM_OpenDomain 0x07
45 45 #define SAMR_OPNUM_QueryDomainInfo 0x08
46 46 #define SAMR_OPNUM_SetDomainInfo 0x09
47 47 #define SAMR_OPNUM_CreateDomainGroup 0x0a
48 48 #define SAMR_OPNUM_QueryDomainGroups 0x0b
49 49 #define SAMR_OPNUM_CreateDomainUser 0x0c
50 50 #define SAMR_OPNUM_EnumDomainUsers 0x0d
51 51 #define SAMR_OPNUM_CreateDomainAlias 0x0e
52 52 #define SAMR_OPNUM_EnumDomainAliases 0x0f
53 53 #define SAMR_OPNUM_LookupIds 0x10 /* GetAliasMembership */
54 54 #define SAMR_OPNUM_LookupNames 0x11
55 55 #define SAMR_OPNUM_LookupDomainIds 0x12
56 56 #define SAMR_OPNUM_OpenGroup 0x13
57 57 #define SAMR_OPNUM_QueryGroupInfo 0x14
58 58 #define SAMR_OPNUM_StoreGroupInfo 0x15
59 59 #define SAMR_OPNUM_AddGroupMember 0x16
60 60 #define SAMR_OPNUM_DeleteDomainGroup 0x17
61 61 #define SAMR_OPNUM_DeleteGroupMember 0x18
62 62 #define SAMR_OPNUM_ListGroupMembers 0x19
63 63 #define SAMR_OPNUM_SetGroupMemberAttributes 0x1a
64 64 #define SAMR_OPNUM_OpenAlias 0x1b
65 65 #define SAMR_OPNUM_QueryAliasInfo 0x1c
66 66 #define SAMR_OPNUM_SetAliasInfo 0x1d
67 67 #define SAMR_OPNUM_DeleteDomainAlias 0x1e
68 68 #define SAMR_OPNUM_AddAliasMember 0x1f
69 69 #define SAMR_OPNUM_DeleteAliasMember 0x20
70 70 #define SAMR_OPNUM_ListAliasMembers 0x21
71 71 #define SAMR_OPNUM_OpenUser 0x22
72 72 #define SAMR_OPNUM_DeleteUser 0x23
73 73 #define SAMR_OPNUM_QueryUserInfo 0x24
74 74 #define SAMR_OPNUM_SetUserInfo0 0x25 /* SetUserInfo */
75 75 #define SAMR_OPNUM_ChangeUserPassword0 0x26 /* ChangeUserPassword */
76 76 #define SAMR_OPNUM_QueryUserGroups 0x27
77 77 #define SAMR_OPNUM_QueryDispInfo 0x28 /* QueryDispInfo1 */
78 78 #define SAMR_OPNUM_GetDisplayEnumIndex 0x29
79 79 #define SAMR_OPNUM_TestPrivateDomainFunctions 0x2a /* NotUsedOnWire */
80 80 #define SAMR_OPNUM_TestPrivateUserFunctions 0x2b /* NotUsedOnWire */
81 81 #define SAMR_OPNUM_GetUserPwInfo 0x2c
82 82
83 83 /* Windows 2000 */
84 84 #define SAMR_OPNUM_RemoveMemberFromForeignDomain 0x2d
85 85 #define SAMR_OPNUM_QueryInfoDomain2 0x2e
86 86 #define SAMR_OPNUM_QueryInfoUser2 0x2f
87 87 #define SAMR_OPNUM_EnumDomainGroups 0x30 /* QueryDispInfo2 */
88 88 #define SAMR_OPNUM_GetDisplayEnumIndex2 0x31
89 89 #define SAMR_OPNUM_CreateUser 0x32
90 90 #define SAMR_OPNUM_QueryDispInfo4 0x33
91 91 #define SAMR_OPNUM_AddMultipleAliasMembers 0x34
92 92 #define SAMR_OPNUM_RemoveMultipleAliasMembers 0x35
93 93 #define SAMR_OPNUM_ChangeUserOemPassword 0x36
94 94 #define SAMR_OPNUM_ChangePasswordUser2 0x37 /* UnicodePasswd */
95 95 #define SAMR_OPNUM_GetDomainPwInfo 0x38
96 96 #define SAMR_OPNUM_Connect2 0x39 /* SamrConnect2 */
97 97 #define SAMR_OPNUM_SetUserInfo 0x3a /* SetInfoUser2 */
98 98 #define SAMR_OPNUM_SetBootKeyInformation 0x3b
99 99 #define SAMR_OPNUM_GetBootKeyInformation 0x3c
100 100 #define SAMR_OPNUM_Connect3 0x3d /* NotUsedOnWire */
101 101 #define SAMR_OPNUM_Connect4 0x3e /* SamrConnect4 */
102 102 #define SAMR_OPNUM_ChangeUserUnicodePassword3 0x3f
103 103
104 104 /* Windows XP and Windows Server 2003 */
105 105 #define SAMR_OPNUM_Connect5 0x40 /* SamrConnect5 */
106 106 #define SAMR_OPNUM_RidToSid 0x41
107 107 #define SAMR_OPNUM_SetDSRMPassword 0x42
108 108 #define SAMR_OPNUM_ValidatePassword 0x43
109 109
110 110 /* Windows Vista */
111 111 #define SAMR_OPNUM_QueryLocalizableAccountsInDomain 0x44
112 112 #define SAMR_OPNUM_PerformGenericOperation 0x45
113 113
114 114
115 115 /*
116 116 * Sam account flags used when creating an account. These flags seem
117 117 * to be very similar to the USER_INFO_X flags (UF_XXX) in lmaccess.h
118 118 * but the values are different.
119 119 */
120 120 #define SAMR_AF_ACCOUNTDISABLE 0x0001
121 121 #define SAMR_AF_HOMEDIR_REQUIRED 0x0002
122 122 #define SAMR_AF_PASSWD_NOTREQD 0x0004
123 123 #define SAMR_AF_TEMP_DUPLICATE_ACCOUNT 0x0008
124 124 #define SAMR_AF_NORMAL_ACCOUNT 0x0010
125 125 #define SAMR_AF_MNS_LOGON_ACCOUNT 0x0020
126 126 #define SAMR_AF_INTERDOMAIN_TRUST_ACCOUNT 0x0040
127 127 #define SAMR_AF_WORKSTATION_TRUST_ACCOUNT 0x0080
128 128 #define SAMR_AF_SERVER_TRUST_ACCOUNT 0x0100
129 129 #define SAMR_AF_DONT_EXPIRE_PASSWD 0x0200
130 130 #define SAMR_AF_ACCOUNT_AUTOLOCK 0x0400
131 131
132 132
133 133 #define SAMR_AF_MACHINE_ACCOUNT_MASK ( \
134 134 SAMR_AF_INTERDOMAIN_TRUST_ACCOUNT \
135 135 | SAMR_AF_WORKSTATION_TRUST_ACCOUNT \
136 136 | SAMR_AF_SERVER_TRUST_ACCOUNT)
137 137
138 138 #define SAMR_AF_ACCOUNT_TYPE_MASK ( \
139 139 SAMR_AF_TEMP_DUPLICATE_ACCOUNT \
140 140 | SAMR_AF_NORMAL_ACCOUNT \
141 141 | SAMR_AF_INTERDOMAIN_TRUST_ACCOUNT \
142 142 | SAMR_AF_WORKSTATION_TRUST_ACCOUNT \
143 143 | SAMR_AF_SERVER_TRUST_ACCOUNT)
144 144
145 145 /*
146 146 * QueryUserInfo UserAllInformation WhichFields
147 147 */
148 148 #define SAMR_USER_ALL_USERNAME 0x00000001
149 149 #define SAMR_USER_ALL_FULLNAME 0x00000002
150 150 #define SAMR_USER_ALL_USERID 0x00000004
151 151 #define SAMR_USER_ALL_PRIMARYGROUPID 0x00000008
152 152 #define SAMR_USER_ALL_ADMINCOMMENT 0x00000010
153 153 #define SAMR_USER_ALL_USERCOMMENT 0x00000020
154 154 #define SAMR_USER_ALL_HOMEDIRECTORY 0x00000040
155 155 #define SAMR_USER_ALL_HOMEDIRECTORYDRIVE 0x00000080
156 156 #define SAMR_USER_ALL_SCRIPTPATH 0x00000100
157 157 #define SAMR_USER_ALL_PROFILEPATH 0x00000200
158 158 #define SAMR_USER_ALL_WORKSTATIONS 0x00000400
159 159 #define SAMR_USER_ALL_LASTLOGON 0x00000800
160 160 #define SAMR_USER_ALL_LASTLOGOFF 0x00001000
161 161 #define SAMR_USER_ALL_LOGONHOURS 0x00002000
162 162 #define SAMR_USER_ALL_BADPASSWORDCOUNT 0x00004000
163 163 #define SAMR_USER_ALL_LOGONCOUNT 0x00008000
164 164 #define SAMR_USER_ALL_PASSWORDCANCHANGE 0x00010000
165 165 #define SAMR_USER_ALL_PASSWORDMUSTCHANGE 0x00020000
166 166 #define SAMR_USER_ALL_PASSWORDLASTSET 0x00040000
167 167 #define SAMR_USER_ALL_ACCOUNTEXPIRES 0x00080000
168 168 #define SAMR_USER_ALL_USERACCOUNTCONTROL 0x00100000
169 169 #define SAMR_USER_ALL_PARAMETERS 0x00200000
170 170 #define SAMR_USER_ALL_COUNTRYCODE 0x00400000
171 171 #define SAMR_USER_ALL_CODEPAGE 0x00800000
172 172 #define SAMR_USER_ALL_NTPASSWORDPRESENT 0x01000000
173 173 #define SAMR_USER_ALL_LMPASSWORDPRESENT 0x02000000
174 174 #define SAMR_USER_ALL_PRIVATEDATA 0x04000000
175 175 #define SAMR_USER_ALL_PASSWORDEXPIRED 0x08000000
176 176 #define SAMR_USER_ALL_SECURITYDESCRIPTOR 0x10000000
177 177 #define SAMR_USER_ALL_OWF_PASSWORD 0x20000000
178 178 #define SAMR_USER_ALL_UNDEFINED_MASK 0xC0000000
179 179
180 180 /*
181 181 * Alias Access Mask values for SAMR
182 182 * Section 2.2.1.6 of MS-SAMR
183 183 */
184 184 #define SAMR_ALIAS_ACCESS_EXECUTE 0x00020008
185 185 #define SAMR_ALIAS_ACCESS_WRITE 0x00020013
186 186 #define SAMR_ALIAS_ACCESS_READ 0x00020004
187 187 #define SAMR_ALIAS_ACCESS_ALL_ACCESS 0x000F001F
188 188 #define SAMR_ALIAS_ACCESS_WRITE_ACCOUNT 0x00000010
189 189 #define SAMR_ALIAS_ACCESS_READ_INFO 0x00000008
190 190 #define SAMR_ALIAS_ACCESS_LIST_MEMBERS 0x00000004
191 191 #define SAMR_ALIAS_ACCESS_REMOVE_MEMBER 0x00000002
192 192 #define SAMR_ALIAS_ACCESS_ADD_MEMBER 0x00000001
193 193
194 194 #define SAMR_REVISION_1 1 /* Pre Windows 2000 */
195 195 #define SAMR_REVISION_2 2 /* Windows 2000 */
196 196 #define SAMR_REVISION_3 3 /* Post Windows 2000 */
197 197
198 198 /*
199 199 * Definition for a SID. The ndl compiler does not allow a typedef of
200 200 * a structure containing variable size members.
201 201 * Note: cast compatible with smb_sid_t, and code depends on that.
202 202 */
203 203 struct samr_sid {
204 204 BYTE Revision;
205 205 BYTE SubAuthCount;
206 206 BYTE Authority[6];
207 207 SIZE_IS(SubAuthCount)
208 208 DWORD SubAuthority[ANY_SIZE_ARRAY];
209 209 };
210 210
211 211
212 212 /*
213 213 * SAMR definition of a security_descriptor.
214 214 */
215 215 struct samr_sec_desc {
216 216 BYTE Revision;
217 217 BYTE Sbz1;
218 218 WORD Control;
219 219 struct samr_sid *owner;
220 220 struct samr_sid *group;
221 221 struct samr_sid *sacl;
222 222 struct samr_sid *dacl;
223 223 };
224 224
225 225 struct samr_sd {
226 226 DWORD length;
227 227 SIZE_IS(length)
228 228 BYTE *data;
229 229 };
230 230 typedef struct samr_sd samr_sd_t;
231 231
232 232 /*
233 233 * See RPC_STRING in the MS IDL.
234 234 * Definition for a string. The length and allosize should be set to
235 235 * twice the string length (i.e. strlen(str) * 2). The runtime code
236 236 * will perform the appropriate string to a wide-char conversions,
237 237 * so str should point to a regular char * string.
238 238 */
239 239 struct samr_string {
240 240 WORD length;
241 241 WORD allosize;
242 242 LPTSTR str;
243 243 };
244 244 typedef struct samr_string samr_string_t;
245 245
246 246
247 247 /*
248 248 * Alternative varying/conformant string definition - for
249 249 * non-null terminated strings. This definition must match
250 250 * ndr_vcbuf_t.
251 251 */
252 252 struct samr_vcb {
253 253 /*
254 254 * size_is (actually a copy of length_is) will
255 255 * be inserted here by the marshalling library.
256 256 */
257 257 DWORD vc_first_is;
258 258 DWORD vc_length_is;
259 259 SIZE_IS(vc_length_is)
260 260 WORD buffer[ANY_SIZE_ARRAY];
261 261 };
262 262
263 263 struct samr_vcbuf {
264 264 WORD wclen;
265 265 WORD wcsize;
266 266 struct samr_vcb *vcb;
267 267 };
268 268 typedef struct samr_vcbuf samr_vcbuf_t;
269 269
270 270 CONTEXT_HANDLE(samr_handle) samr_handle_t;
271 271
272 272 /*
273 273 * OLD_LARGE_INTEGER: a 64-bit value.
274 274 */
275 275 struct samr_quad {
276 276 DWORD low;
277 277 DWORD high;
278 278 };
279 279 typedef struct samr_quad samr_quad_t;
280 280
281 281 /*
282 282 * Blob used for the NT and LM OWF passwords.
283 283 * The length and maxlen should be 16.
284 284 */
285 285 struct samr_short_blob {
286 286 WORD length;
287 287 WORD maxlen;
288 288 SIZE_IS(length / 2)
289 289 WORD *buf;
290 290 };
291 291
292 292 #define DOMAIN_PASSWORD_COMPLEX 0x00000001
293 293 #define DOMAIN_PASSWORD_NO_ANON_CHANGE 0x00000002
294 294 #define DOMAIN_PASSWORD_NO_CLEAR_CHANGE 0x00000004
295 295 #define DOMAIN_LOCKOUT_ADMINS 0x00000008
296 296 #define DOMAIN_PASSWORD_STORE_CLEARTEXT 0x00000010
297 297 #define DOMAIN_REFUSE_PASSWORD_CHANGE 0x00000020
298 298
299 299 struct samr_password_info {
300 300 WORD min_length;
301 301 DWORD properties;
302 302 };
303 303 typedef struct samr_password_info samr_password_info_t;
304 304
305 305 /*
306 306 * There is some sort of logon bitmap structure in here, which I
307 307 * think is a varying and conformant array, i.e.
308 308 *
309 309 * struct samr_logon_hours {
310 310 * DWORD size_is; (1260)
311 311 * DWORD first_is; (zero)
312 312 * DWORD length_is; (168)
313 313 * BYTE bitmap[21];
314 314 * };
315 315 *
316 316 * struct samr_logon_info {
317 317 * DWORD length;
318 318 * SIZE_IS(length / 8)
319 319 * struct samr_logon_hours *hours;
320 320 * };
321 321 *
322 322 * There are 10080 minutes/week => 10080/8 = 1260 (0x04EC).
323 323 * So size_is is set as some sort of maximum.
324 324 *
325 325 * There are 168 hours/week => 168/8 = 21 (0xA8). Since there are 21
326 326 * bytes (all set to 0xFF), this is is probably the default setting.
327 327 */
328 328
329 329 #define SAMR_MINS_PER_WEEK 10080
330 330 #define SAMR_HOURS_PER_WEEK 168
331 331
332 332 #define SAMR_HOURS_MAX_SIZE (SAMR_MINS_PER_WEEK / 8)
333 333 #define SAMR_HOURS_SET_LEN(LEN) ((LEN) / 8)
334 334 #define SAMR_SET_USER_HOURS_SZ 21
335 335
336 336 struct samr_logon_hours {
337 337 DWORD size;
338 338 DWORD first;
339 339 DWORD length;
340 340 BYTE bitmap[SAMR_SET_USER_HOURS_SZ];
341 341 };
342 342
343 343 struct samr_logon_info {
344 344 DWORD units;
345 345 DWORD hours;
346 346 };
347 347
348 348 struct samr_logon_hours_all {
349 349 WORD units_per_week;
350 350 SIZE_IS(units_per_week / 8)
351 351 BYTE *hours;
352 352 };
353 353
354 354 /*
355 355 * SAMPR_USER_PASSWORD (in the MS Net API) or
|
↓ open down ↓ |
311 lines elided |
↑ open up ↑ |
356 356 * struct samr_user_password (internal use) is
357 357 * the "clear" form of struct samr_encr_passwd
358 358 * (SAMPR_ENCRYPTED_USER_PASSWORD in MS Net).
359 359 * It's not used by ndrgen, but is declared here
360 360 * to help clarify the relationship between these,
361 361 * and for the benefit of our client-side code.
362 362 */
363 363 #ifndef NDRGEN
364 364 #define SAMR_USER_PWLEN 256
365 365 struct samr_user_password {
366 - smb_wchar_t Buffer[SAMR_USER_PWLEN];
366 + ndr_wchar_t Buffer[SAMR_USER_PWLEN];
367 367 DWORD Length;
368 368 };
369 369 #endif /* NDRGEN */
370 370
371 371 /* SAMPR_ENCRYPTED_USER_PASSWORD */
372 372 #define SAMR_ENCR_PWLEN 516 /* sizeof samr_user_password */
373 373 struct samr_encr_passwd {
374 374 BYTE data[SAMR_ENCR_PWLEN];
375 375 };
376 376
377 377 /* ENCRYPTED_NT_OWF_PASSWORD */
378 378 #define SAMR_PWHASH_LEN 16
379 379 struct samr_encr_hash {
380 380 BYTE data[SAMR_PWHASH_LEN];
381 381 };
382 382
383 383 /*
384 384 ***********************************************************************
385 385 * SamrConnect.
386 386 ***********************************************************************
387 387 */
388 388 OPERATION(SAMR_OPNUM_Connect)
389 389 struct samr_Connect {
390 390 IN DWORD *servername;
391 391 IN DWORD access_mask;
392 392 OUT samr_handle_t handle;
393 393 OUT DWORD status;
394 394 };
395 395
396 396
397 397 /*
398 398 ***********************************************************************
399 399 * SamrConnect2.
400 400 ***********************************************************************
401 401 */
402 402 OPERATION(SAMR_OPNUM_Connect2)
403 403 struct samr_Connect2 {
404 404 IN LPTSTR servername;
405 405 IN DWORD access_mask;
406 406 OUT samr_handle_t handle;
407 407 OUT DWORD status;
408 408 };
409 409
410 410
411 411 /*
412 412 ***********************************************************************
413 413 * SamrConnect4. A new form of connect first seen with Windows 2000.
414 414 * A new field has been added to the input request. Value: 0x00000002.
415 415 ***********************************************************************
416 416 */
417 417 OPERATION(SAMR_OPNUM_Connect4)
418 418 struct samr_Connect4 {
419 419 IN LPTSTR servername;
420 420 IN DWORD revision;
421 421 IN DWORD access_mask;
422 422 OUT samr_handle_t handle;
423 423 OUT DWORD status;
424 424 };
425 425
426 426
427 427 /*
428 428 ***********************************************************************
429 429 * SamrConnect5. A new form of connect first seen with Windows XP.
430 430 * The server name is the fully qualified domain name, i.e.
431 431 * \\server.sun.com.
432 432 *
433 433 * [in] DWORD InVersion,
434 434 * [in] [switch_is(InVersion)] samr_revision_info *InRevisionInfo
435 435 * [out] DWORD *OutVersion
436 436 * [out] [switch_is(*OutVersion)] *samr_revision_info *OutRevisionInfo
437 437 *
438 438 * SupportedFeatures (see notes in [MS-SAMR]
439 439 * 0x00000001 RID values returned from the server must not be
440 440 * concatenated with the domain SID.
441 441 * 0x00000002 Reserved
442 442 * 0x00000004 Reserved
443 443 ***********************************************************************
444 444 */
445 445 struct samr_revision_info1 {
446 446 DWORD revision;
447 447 DWORD supported_features;
448 448 };
449 449 typedef struct samr_revision_info1 samr_revision_info1_t;
450 450
451 451 union samr_revision_info {
452 452 UNION_INFO_ENT(1,samr_revision_info);
453 453 DEFAULT char *nullptr;
454 454 };
455 455
456 456 OPERATION(SAMR_OPNUM_Connect5)
457 457 struct samr_Connect5 {
458 458 IN LPTSTR servername;
459 459 IN DWORD access_mask;
460 460 /*
461 461 * This should be a union, but instead this is
462 462 * done this way because unions are hard to
463 463 * express in this RPC implementation.
464 464 */
465 465 INOUT DWORD unknown2_00000001; /* V1 */
466 466 INOUT DWORD unknown3_00000001; /* V1 */
467 467 /* SAMPR_REVISION_INFO_V1 */
468 468 INOUT DWORD unknown4_00000003; /* Revision */
469 469 INOUT DWORD unknown5_00000000; /* SupportedFeatures */
470 470 OUT samr_handle_t handle;
471 471 OUT DWORD status;
472 472 };
473 473
474 474
475 475 /*
476 476 ***********************************************************************
477 477 * CloseHandle closes an association with the SAM. Using the same
478 478 * structure as the LSA seems to work.
479 479 ***********************************************************************
480 480 */
|
↓ open down ↓ |
104 lines elided |
↑ open up ↑ |
481 481 OPERATION(SAMR_OPNUM_CloseHandle)
482 482 struct samr_CloseHandle {
483 483 IN samr_handle_t handle;
484 484 OUT samr_handle_t result_handle;
485 485 OUT DWORD status;
486 486 };
487 487
488 488
489 489 /*
490 490 ***********************************************************************
491 + * QuerySecObject
492 + *
493 + * Returns the SecurityDescriptor of the object. Support not complete.
494 + *
495 + * QuerySecObject (
496 + * IN samr_handle_t obj_handle,
497 + * IN SECURITY_INFO secinfo,
498 + * OUT samr_sd_t *sd,
499 + * OUT DWORD status
500 + * )
501 + *
502 + ***********************************************************************
503 + */
504 +
505 +typedef DWORD SECURITY_INFO;
506 +
507 +OPERATION(SAMR_OPNUM_QuerySecObject)
508 +struct samr_QuerySecObject {
509 + IN samr_handle_t obj_handle;
510 + IN SECURITY_INFO secinfo;
511 + OUT samr_sd_t *sd;
512 + OUT DWORD status;
513 +};
514 +
515 +
516 +/*
517 + ***********************************************************************
491 518 * LookupDomain: lookup up the domain SID.
492 519 ***********************************************************************
493 520 */
494 521 OPERATION(SAMR_OPNUM_LookupDomain)
495 522 struct samr_LookupDomain {
496 523 IN samr_handle_t handle;
497 524 IN samr_string_t domain_name;
498 525 OUT struct samr_sid *sid;
499 526 OUT DWORD status;
500 527 };
501 528
502 529
503 530 /*
504 531 ***********************************************************************
505 532 * EnumLocalDomain
506 533 *
507 534 * This looks like a request to get the local domains supported by a
508 535 * remote server. NT always seems to return 2 domains: the local
509 536 * domain (hostname) and the Builtin domain.
510 537 *
511 538 * The max_length field is set to 0x2000.
512 539 * Enum_context is set to 0 in the request and set to entries_read in
513 540 * the reply. Like most of these enums, total_entries is the same as
514 541 * entries_read.
515 542 ***********************************************************************
516 543 */
517 544 struct samr_LocalDomainEntry {
518 545 DWORD unknown;
519 546 samr_string_t name;
520 547 };
521 548
522 549 struct samr_LocalDomainInfo {
523 550 DWORD entries_read;
524 551 SIZE_IS(entries_read)
525 552 struct samr_LocalDomainEntry *entry;
526 553 };
527 554
528 555
529 556 OPERATION(SAMR_OPNUM_EnumLocalDomains)
530 557 struct samr_EnumLocalDomain {
531 558 IN samr_handle_t handle;
532 559 INOUT DWORD enum_context;
533 560 IN DWORD max_length;
534 561 OUT struct samr_LocalDomainInfo *info;
535 562 OUT DWORD total_entries;
536 563 OUT DWORD status;
537 564 };
538 565
539 566
540 567 /*
541 568 ***********************************************************************
542 569 * OpenDomain
543 570 *
544 571 * Open a specific domain within the SAM. From this I assume that each
545 572 * SAM can handle multiple domains so you need to identify the one with
546 573 * which you want to work. Working with a domain handle does appear to
547 574 * offer the benefit that you can then use RIDs instead of full SIDs,
548 575 * which simplifies things a bit. The domain handle can be used to get
549 576 * user and group handles.
550 577 ***********************************************************************
551 578 */
552 579 OPERATION(SAMR_OPNUM_OpenDomain)
553 580 struct samr_OpenDomain {
554 581 IN samr_handle_t handle;
555 582 IN DWORD access_mask;
556 583 IN REFERENCE struct samr_sid *sid;
557 584 OUT samr_handle_t domain_handle;
558 585 OUT DWORD status;
559 586 };
560 587
561 588
562 589 /*
563 590 ***********************************************************************
564 591 * QueryDomainInfo
565 592 *
566 593 * Windows 95 Server Manager sends requests for levels 6 and 7 when
567 594 * the services menu item is selected.
568 595 ***********************************************************************
569 596 */
570 597 #define SAMR_QUERY_DOMAIN_INFO_2 2
571 598 #define SAMR_QUERY_DOMAIN_INFO_6 6
572 599 #define SAMR_QUERY_DOMAIN_INFO_7 7
573 600
574 601
575 602 struct samr_QueryDomainInfo2 {
576 603 DWORD unknown1; /* 00 00 00 00 */
577 604 DWORD unknown2; /* 00 00 00 80 */
578 605 samr_string_t s1;
579 606 samr_string_t domain;
580 607 samr_string_t s2;
581 608 DWORD sequence_num; /* 2B 00 00 00 */
582 609 DWORD unknown3; /* 00 00 00 00 */
583 610 DWORD unknown4; /* 01 00 00 00 */
584 611 DWORD unknown5; /* 03 00 00 00 */
585 612 DWORD unknown6; /* 01 */
586 613 DWORD num_users;
587 614 DWORD num_groups;
588 615 DWORD num_aliases;
589 616 };
590 617
591 618
592 619 struct samr_QueryDomainInfo6 {
593 620 DWORD unknown1; /* 00 00 00 00 */
594 621 DWORD unknown2; /* B0 7F 14 00 */
595 622 DWORD unknown3; /* 00 00 00 00 */
596 623 DWORD unknown4; /* 00 00 00 00 */
597 624 DWORD unknown5; /* 00 00 00 00 */
598 625 };
599 626
600 627
601 628 struct samr_QueryDomainInfo7 {
602 629 DWORD unknown1; /* 03 00 00 00 */
603 630 };
604 631
605 632
606 633 union samr_QueryDomainInfo_ru {
607 634 UNION_INFO_ENT(2,samr_QueryDomainInfo);
608 635 UNION_INFO_ENT(6,samr_QueryDomainInfo);
609 636 UNION_INFO_ENT(7,samr_QueryDomainInfo);
610 637 DEFAULT char *nullptr;
611 638 };
612 639
613 640 struct samr_QueryDomainInfoRes {
614 641 WORD switch_value;
615 642 SWITCH(switch_value)
616 643 union samr_QueryDomainInfo_ru ru;
617 644 };
618 645
619 646 OPERATION(SAMR_OPNUM_QueryDomainInfo)
620 647 struct samr_QueryDomainInfo {
621 648 IN samr_handle_t domain_handle;
622 649 IN WORD info_level;
623 650 OUT struct samr_QueryDomainInfoRes *info;
624 651 OUT DWORD status;
625 652 };
626 653
627 654 /*
628 655 * Identical to SAMR_OPNUM_QueryDomainInfo.
629 656 */
630 657 OPERATION(SAMR_OPNUM_QueryInfoDomain2)
631 658 struct samr_QueryInfoDomain2 {
632 659 IN samr_handle_t domain_handle;
633 660 IN WORD info_level;
634 661 OUT struct samr_QueryDomainInfoRes *info;
635 662 OUT DWORD status;
636 663 };
637 664
638 665 #define SAMR_QUERY_ALIAS_INFO_GENERAL 1
639 666 #define SAMR_QUERY_ALIAS_INFO_NAME 2
640 667 #define SAMR_QUERY_ALIAS_INFO_COMMENT 3
641 668
642 669 struct samr_QueryAliasInfoGeneral {
643 670 WORD level;
644 671 samr_string_t name;
645 672 DWORD member_count;
646 673 samr_string_t desc;
647 674 };
648 675
649 676 struct samr_QueryAliasInfoName {
650 677 WORD level;
651 678 samr_string_t name;
652 679 };
653 680
654 681 struct samr_QueryAliasInfoComment {
655 682 WORD level;
656 683 samr_string_t desc;
657 684 };
658 685
659 686 union samr_QueryAliasInfo_ru {
660 687 CASE(1) struct samr_QueryAliasInfoGeneral info1;
661 688 CASE(2) struct samr_QueryAliasInfoName info2;
662 689 CASE(3) struct samr_QueryAliasInfoComment info3;
663 690 DEFAULT char *nullptr;
664 691 };
665 692
666 693 struct samr_QueryAliasInfoRes {
667 694 DWORD address;
668 695 WORD switch_value;
669 696 SWITCH(switch_value)
670 697 union samr_QueryAliasInfo_ru ru;
671 698 };
672 699
673 700 OPERATION(SAMR_OPNUM_QueryAliasInfo)
674 701 struct samr_QueryAliasInfo {
675 702 IN samr_handle_t alias_handle;
676 703 IN WORD level;
677 704 OUT DWORD address;
678 705 SWITCH (level)
679 706 OUT union samr_QueryAliasInfo_ru ru;
680 707 OUT DWORD status;
681 708 };
682 709
683 710 OPERATION(SAMR_OPNUM_CreateDomainAlias)
684 711 struct samr_CreateDomainAlias {
685 712 IN samr_handle_t domain_handle;
686 713 IN samr_string_t alias_name;
687 714 IN DWORD access_mask;
688 715 OUT samr_handle_t alias_handle;
689 716 OUT DWORD rid;
690 717 OUT DWORD status;
691 718 };
692 719
693 720 OPERATION(SAMR_OPNUM_SetAliasInfo)
694 721 struct samr_SetAliasInfo {
695 722 IN samr_handle_t alias_handle;
696 723 IN WORD level;
697 724 /* TBD */
698 725 OUT DWORD status;
699 726 };
700 727
701 728 OPERATION(SAMR_OPNUM_DeleteDomainAlias)
702 729 struct samr_DeleteDomainAlias {
703 730 INOUT samr_handle_t alias_handle;
704 731 OUT DWORD status;
705 732 };
706 733
707 734 OPERATION(SAMR_OPNUM_OpenAlias)
708 735 struct samr_OpenAlias {
709 736 IN samr_handle_t domain_handle;
710 737 IN DWORD access_mask;
711 738 IN DWORD rid;
712 739 OUT samr_handle_t alias_handle;
713 740 OUT DWORD status;
714 741 };
715 742
716 743 struct name_rid {
717 744 DWORD rid;
718 745 samr_string_t name;
719 746 };
720 747
721 748 struct aliases_info {
722 749 DWORD count;
723 750 DWORD address;
724 751 SIZE_IS(count)
725 752 struct name_rid info[ANY_SIZE_ARRAY];
726 753 };
727 754
728 755 OPERATION(SAMR_OPNUM_EnumDomainAliases)
729 756 struct samr_EnumDomainAliases {
730 757 IN samr_handle_t domain_handle;
731 758 IN DWORD resume_handle;
732 759 IN DWORD mask;
733 760 OUT DWORD out_resume;
734 761 OUT struct aliases_info *aliases;
735 762 OUT DWORD entries;
736 763 OUT DWORD status;
737 764 };
738 765
739 766 struct user_acct_info {
740 767 DWORD index;
741 768 DWORD rid;
742 769 DWORD ctrl;
743 770 samr_string_t name;
744 771 samr_string_t fullname;
745 772 samr_string_t desc;
746 773 };
747 774
748 775 struct user_disp_info {
749 776 OUT DWORD total_size;
750 777 OUT DWORD returned_size;
751 778 OUT WORD switch_value;
752 779 DWORD count;
753 780 SIZE_IS(count)
754 781 struct user_acct_info *acct;
755 782 };
756 783
757 784 OPERATION(SAMR_OPNUM_QueryDispInfo)
758 785 struct samr_QueryDispInfo {
759 786 IN samr_handle_t domain_handle;
760 787 IN WORD level;
761 788 IN DWORD start_idx;
762 789 IN DWORD max_entries;
763 790 IN DWORD pref_maxsize;
764 791 OUT struct user_disp_info users;
765 792 OUT DWORD status;
766 793 };
767 794
768 795 struct group_acct_info {
769 796 DWORD index;
770 797 DWORD rid;
771 798 DWORD ctrl;
772 799 samr_string_t name;
773 800 samr_string_t desc;
774 801 };
775 802
776 803 struct group_disp_info {
777 804 DWORD count;
778 805 /* right now we just need one entry */
779 806 struct group_acct_info acct[1];
780 807 };
781 808
782 809 OPERATION(SAMR_OPNUM_EnumDomainGroups)
783 810 struct samr_EnumDomainGroups {
784 811 IN samr_handle_t domain_handle;
785 812 IN WORD level;
786 813 IN DWORD start_idx;
787 814 IN DWORD max_entries;
788 815 IN DWORD pref_maxsize;
789 816 OUT DWORD total_size;
790 817 OUT DWORD returned_size;
791 818 OUT WORD switch_value;
792 819 OUT DWORD count;
793 820 OUT struct group_disp_info *groups;
794 821 OUT DWORD status;
795 822 };
796 823
797 824 /*
798 825 ***********************************************************************
799 826 * OpenUser
800 827 *
801 828 * Input must be a domain handle obtained via SAMR_OPNUM_OpenDomain,
802 829 * an access mask and the appropriate user rid. The output will be a
803 830 * handle for use with the specified user.
804 831 ***********************************************************************
805 832 */
806 833 OPERATION(SAMR_OPNUM_OpenUser)
807 834 struct samr_OpenUser {
808 835 IN samr_handle_t handle;
809 836 IN DWORD access_mask;
810 837 IN DWORD rid;
811 838 OUT samr_handle_t user_handle;
812 839 OUT DWORD status;
813 840 };
814 841
815 842
816 843 /*
817 844 ***********************************************************************
818 845 * DeleteUser
819 846 ***********************************************************************
820 847 */
821 848 OPERATION(SAMR_OPNUM_DeleteUser)
822 849 struct samr_DeleteUser {
823 850 INOUT samr_handle_t user_handle;
824 851 OUT DWORD status;
825 852 };
826 853
827 854
828 855 /*
829 856 ***********************************************************************
830 857 * QueryUserInfo
831 858 *
832 859 * Provides various pieces of information on a specific user (see
833 860 * SAM_Q_QUERY_USERINFO and SAM_R_QUERY_USERINFO). The handle must
834 861 * be a valid SAM user handle.
835 862 *
836 863 * QueryUserInfo (
837 864 * IN samr_handle_t user_handle,
838 865 * IN WORD switch_value,
839 866 * OUT union switch(switch_value) {
840 867 * case 1: struct QueryUserInfo1 *info1;
841 868 * } bufptr,
842 869 * OUT DWORD status
843 870 * )
844 871 *
845 872 * typedef enum _USER_INFORMATION_CLASS {
846 873 * UserGeneralInformation = 1,
847 874 * UserPreferencesInformation = 2,
848 875 * UserLogonInformation = 3,
849 876 * UserLogonHoursInformation = 4,
850 877 * UserAccountInformation = 5,
851 878 * UserNameInformation = 6,
852 879 * UserAccountNameInformation = 7,
853 880 * UserFullNameInformation = 8,
854 881 * UserPrimaryGroupInformation = 9,
855 882 * UserHomeInformation = 10,
856 883 * UserScriptInformation = 11,
857 884 * UserProfileInformation = 12,
858 885 * UserAdminCommentInformation = 13,
859 886 * UserWorkStationsInformation = 14,
860 887 * UserControlInformation = 16,
861 888 * UserExpiresInformation = 17,
862 889 * UserInternal1Information = 18,
863 890 * UserParametersInformation = 20,
864 891 * UserAllInformation = 21,
865 892 * UserInternal4Information = 23,
866 893 * UserInternal5Information = 24,
867 894 * UserInternal4InformationNew = 25,
868 895 * UserInternal5InformationNew = 26,
869 896 * } USER_INFORMATION_CLASS;
870 897 *
871 898 * 1 = username, fullname, description and some other stuff.
872 899 * 3 = large structure containing user rid, group rid, username
873 900 * and fullname.
874 901 * 5 = large structure (like 3) containing user rid, group rid,
875 902 * username, fullname and description.
876 903 * 6 = username and fullname
877 904 * 7 = username
878 905 * 8 = fullname
879 906 * 9 = group rid
880 907 * 16 = used after creating a new account
881 908 *
882 909 * Due to an ndrgen bug, a function must be provided to to patch the
883 910 * offsets used by the unmarshalling code at runtime. In order to
884 911 * simplify things it is useful to use a naming convention that
885 912 * indicates the switch value for each structure.
886 913 *
887 914 ***********************************************************************
888 915 */
889 916
890 917
891 918 #define SAMR_QUERY_USER_INFO_1 1
892 919 #define SAMR_QUERY_USER_UNAME_AND_FNAME 6
893 920 #define SAMR_QUERY_USER_USERNAME 7
894 921 #define SAMR_QUERY_USER_FULLNAME 8
895 922 #define SAMR_QUERY_USER_GROUPRID 9
896 923 #define SAMR_QUERY_USER_CONTROL_INFO 16
897 924 #define SAMR_QUERY_USER_ALL_INFO 21
898 925
899 926
900 927 struct samr_QueryUserInfo1 {
901 928 samr_string_t username;
902 929 samr_string_t fullname;
903 930 DWORD group_rid;
904 931 samr_string_t description;
905 932 samr_string_t unknown;
906 933 };
907 934
908 935
909 936 struct samr_QueryUserInfo6 {
910 937 samr_string_t username;
911 938 samr_string_t fullname;
912 939 };
913 940
914 941 struct samr_QueryUserInfo7 {
915 942 samr_string_t username;
916 943 };
917 944
918 945
919 946 struct samr_QueryUserInfo8 {
920 947 samr_string_t fullname;
921 948 };
922 949
923 950
924 951 struct samr_QueryUserInfo9 {
925 952 DWORD group_rid;
926 953 };
927 954
928 955
929 956 struct samr_QueryUserInfo16 {
930 957 DWORD UserAccountControl;
931 958 };
932 959
933 960 /*
934 961 * SAMR_USER_ALL_INFORMATION
935 962 */
936 963 struct samr_QueryUserInfo21 {
937 964 samr_quad_t LastLogon;
938 965 samr_quad_t LastLogoff;
939 966 samr_quad_t PasswordLastSet;
940 967 samr_quad_t AccountExpires;
941 968 samr_quad_t PasswordCanChange;
942 969 samr_quad_t PasswordMustChange;
943 970 samr_string_t UserName;
944 971 samr_string_t FullName;
945 972 samr_string_t HomeDirectory;
946 973 samr_string_t HomeDirectoryDrive;
947 974 samr_string_t ScriptPath;
948 975 samr_string_t ProfilePath;
949 976 samr_string_t AdminComment;
950 977 samr_string_t WorkStations;
951 978 samr_string_t UserComment;
952 979 samr_string_t Parameters;
953 980 struct samr_short_blob LmOwfPassword;
954 981 struct samr_short_blob NtOwfPassword;
955 982 samr_string_t PrivateData;
956 983 samr_sd_t SecurityDescriptor;
957 984 DWORD UserId;
958 985 DWORD PrimaryGroupId;
959 986 DWORD UserAccountControl;
960 987 DWORD WhichFields;
961 988 struct samr_logon_hours_all LogonHours;
962 989 WORD BadPasswordCount;
963 990 WORD LogonCount;
964 991 WORD CountryCode;
965 992 WORD CodePage;
966 993 BYTE LmPasswordPresent;
967 994 BYTE NtPasswordPresent;
968 995 BYTE PasswordExpired;
969 996 BYTE PrivateDataSensitive;
970 997 };
971 998
972 999 /* See also: fixup_samr_QueryUserInfo() */
973 1000 union QueryUserInfo_result_u {
974 1001 UNION_INFO_ENT(1,samr_QueryUserInfo);
975 1002 UNION_INFO_ENT(6,samr_QueryUserInfo);
976 1003 UNION_INFO_ENT(7,samr_QueryUserInfo);
977 1004 UNION_INFO_ENT(8,samr_QueryUserInfo);
978 1005 UNION_INFO_ENT(9,samr_QueryUserInfo);
979 1006 UNION_INFO_ENT(16,samr_QueryUserInfo);
980 1007 UNION_INFO_ENT(21,samr_QueryUserInfo);
981 1008 DEFAULT char *nullptr;
982 1009 };
983 1010
984 1011
985 1012 /*
986 1013 * This structure needs to be declared, even though it can't be used in
987 1014 * samr_QueryUserInfo, in order to get the appropriate size to calculate
988 1015 * the correct fixup offsets. If ndrgen did the right thing,
989 1016 * QueryUserInfo_result would be one of the out parameters. However, if
990 1017 * we do it that way, the switch_value isn't known early enough to do
991 1018 * the fixup calculation. So it all has to go in samr_QueryUserInfo.
992 1019 */
993 1020 struct QueryUserInfo_result {
994 1021 DWORD address;
995 1022 WORD switch_value;
996 1023 SWITCH(switch_value)
997 1024 union QueryUserInfo_result_u ru;
998 1025 };
999 1026
1000 1027
1001 1028 OPERATION(SAMR_OPNUM_QueryUserInfo)
1002 1029 struct samr_QueryUserInfo {
1003 1030 IN samr_handle_t user_handle;
1004 1031 IN WORD switch_value;
1005 1032 /*
1006 1033 * Can't use this form because we need to include members explicitly.
1007 1034 * OUT struct QueryUserInfo_result result;
1008 1035 */
1009 1036 OUT DWORD address;
1010 1037 OUT WORD switch_index;
1011 1038 SWITCH(switch_value)
1012 1039 OUT union QueryUserInfo_result_u ru;
1013 1040 OUT DWORD status;
1014 1041 };
1015 1042
1016 1043
1017 1044 /*
1018 1045 ***********************************************************************
1019 1046 * QueryUserGroups
1020 1047 ***********************************************************************
1021 1048 */
1022 1049 struct samr_UserGroups {
1023 1050 DWORD rid;
1024 1051 DWORD attr;
1025 1052 };
1026 1053
1027 1054
1028 1055 struct samr_UserGroupInfo {
1029 1056 DWORD n_entry;
1030 1057 SIZE_IS(n_entry)
1031 1058 struct samr_UserGroups *groups;
1032 1059 };
1033 1060
1034 1061
1035 1062 OPERATION(SAMR_OPNUM_QueryUserGroups)
1036 1063 struct samr_QueryUserGroups {
1037 1064 IN samr_handle_t user_handle;
1038 1065 OUT struct samr_UserGroupInfo *info;
1039 1066 OUT DWORD status;
1040 1067 };
1041 1068
1042 1069
1043 1070 /*
1044 1071 ***********************************************************************
1045 1072 * LookupName
1046 1073 ***********************************************************************
1047 1074 */
1048 1075 struct samr_LookupNameTable {
1049 1076 DWORD n_entry;
1050 1077 SIZE_IS(n_entry)
1051 1078 samr_string_t names[ANY_SIZE_ARRAY];
1052 1079 };
1053 1080
1054 1081
1055 1082 struct samr_LookupRidTable {
1056 1083 DWORD n_entry;
1057 1084 SIZE_IS(n_entry)
1058 1085 DWORD *rid;
1059 1086 };
1060 1087
1061 1088 struct samr_RidType {
1062 1089 DWORD n_entry;
1063 1090 SIZE_IS(n_entry)
1064 1091 DWORD *rid_type;
1065 1092 };
1066 1093
1067 1094
1068 1095 OPERATION(SAMR_OPNUM_LookupNames)
1069 1096 struct samr_LookupNames {
1070 1097 IN samr_handle_t handle;
1071 1098 IN DWORD n_entry;
1072 1099 IN DWORD max_n_entry;
1073 1100 IN DWORD index;
1074 1101 IN DWORD total;
1075 1102 IN samr_string_t name;
1076 1103 OUT struct samr_LookupRidTable rids;
1077 1104 OUT struct samr_RidType rid_types;
1078 1105 OUT DWORD status;
1079 1106 };
1080 1107
1081 1108
1082 1109 /*
1083 1110 ***********************************************************************
1084 1111 * OpenGroup
1085 1112 *
1086 1113 * Input must be a domain handle obtained via SAMR_OPNUM_OpenDomain,
1087 1114 * an access mask and the appropriate group rid. The output will be a
1088 1115 * handle for use with the specified group.
1089 1116 ***********************************************************************
1090 1117 */
1091 1118 OPERATION(SAMR_OPNUM_OpenGroup)
1092 1119 struct samr_OpenGroup {
1093 1120 IN samr_handle_t handle;
1094 1121 IN DWORD access_mask;
1095 1122 IN DWORD rid;
1096 1123 OUT samr_handle_t group_handle;
1097 1124 OUT DWORD status;
1098 1125 };
1099 1126
1100 1127
1101 1128 /*
1102 1129 ***********************************************************************
1103 1130 * QueryGroupInfo
1104 1131 *
1105 1132 * Input must be a group handle obtained via SAMR_OPNUM_OpenGroup,
1106 1133 * an access mask and the appropriate group rid. The output will
1107 1134 * be a handle for use with the specified group.
1108 1135 ***********************************************************************
1109 1136 */
1110 1137 struct samr_QueryGroupInfo1 {
1111 1138 samr_string_t groupname;
1112 1139 };
1113 1140
1114 1141
1115 1142 union samr_QueryGroupInfo_result_u {
1116 1143 UNION_INFO_ENT(1,samr_QueryGroupInfo);
1117 1144 DEFAULT char *nullptr;
1118 1145 };
1119 1146
1120 1147
1121 1148 struct samr_QueryGroupInfo_result {
1122 1149 DWORD address;
1123 1150 WORD switch_index;
1124 1151 SWITCH(switch_index)
1125 1152 union samr_QueryGroupInfo_result_u ru;
1126 1153 };
1127 1154
1128 1155
1129 1156 OPERATION(SAMR_OPNUM_QueryGroupInfo)
1130 1157 struct samr_QueryGroupInfo {
1131 1158 IN samr_handle_t group_handle;
1132 1159 IN DWORD switch_value;
1133 1160 OUT DWORD address;
1134 1161 OUT WORD switch_index;
1135 1162 SWITCH(switch_index)
1136 1163 OUT union samr_QueryGroupInfo_result_u ru;
1137 1164 OUT DWORD status;
1138 1165 };
1139 1166
1140 1167
1141 1168 /*
1142 1169 ***********************************************************************
1143 1170 * StoreGroupInfo
1144 1171 *
1145 1172 * This definition is mostly just a place holder in case this is useful
1146 1173 * in the future. Note that it may not be correct. The information is
1147 1174 * from a netmon trace captured when I added a group description. I
1148 1175 * haven't implemented it because we don't have to update anything on
1149 1176 * the PDC. The description should almost certainly be in a separate
1150 1177 * structure.
1151 1178 ***********************************************************************
1152 1179 */
1153 1180 OPERATION(SAMR_OPNUM_StoreGroupInfo)
1154 1181 struct samr_StoreGroupInfo {
1155 1182 IN samr_handle_t group_handle;
1156 1183 IN DWORD switch_value;
1157 1184 IN samr_string_t group_description;
1158 1185 OUT DWORD status;
1159 1186 };
1160 1187
1161 1188 /*
1162 1189 * AddAliasMember
1163 1190 */
1164 1191 OPERATION(SAMR_OPNUM_AddAliasMember)
1165 1192 struct samr_AddAliasMember {
1166 1193 IN samr_handle_t alias_handle;
1167 1194 IN REFERENCE struct samr_sid *sid;
1168 1195 OUT DWORD status;
1169 1196 };
1170 1197
1171 1198 /*
1172 1199 * DeleteAliasMember
1173 1200 */
1174 1201 OPERATION(SAMR_OPNUM_DeleteAliasMember)
1175 1202 struct samr_DeleteAliasMember {
1176 1203 IN samr_handle_t alias_handle;
1177 1204 IN REFERENCE struct samr_sid *sid;
1178 1205 OUT DWORD status;
1179 1206 };
1180 1207
1181 1208 struct samr_SidList {
1182 1209 struct samr_sid *sid;
1183 1210 };
1184 1211
1185 1212 struct samr_SidInfo {
1186 1213 DWORD n_entry;
1187 1214 SIZE_IS(n_entry)
1188 1215 struct samr_SidList *sidlist;
1189 1216 };
1190 1217
1191 1218 /*
1192 1219 * ListAliasMembers
1193 1220 */
1194 1221 OPERATION(SAMR_OPNUM_ListAliasMembers)
1195 1222 struct samr_ListAliasMembers {
1196 1223 IN samr_handle_t alias_handle;
1197 1224 OUT struct samr_SidInfo info;
1198 1225 OUT DWORD status;
1199 1226 };
1200 1227
1201 1228 /*
1202 1229 ***********************************************************************
1203 1230 * GetUserDomainPasswordInformation
1204 1231 ***********************************************************************
1205 1232 */
1206 1233 OPERATION(SAMR_OPNUM_GetUserPwInfo)
1207 1234 struct samr_GetUserPwInfo {
1208 1235 IN samr_handle_t user_handle;
1209 1236 OUT REFERENCE samr_password_info_t *pwinfo;
1210 1237 OUT DWORD status;
1211 1238 };
1212 1239
1213 1240
1214 1241 /*
1215 1242 ***********************************************************************
1216 1243 * CreateUser
1217 1244 *
1218 1245 * Create a user in the domain specified by the domain handle. The
1219 1246 * domain handle is obtained obtained via SAMR_OPNUM_OpenDomain.
1220 1247 * DesiredAccess: 0xe00500b0.
1221 1248 * The output will be a handle for use with the specified user and the
1222 1249 * user's RID. I think the RID may be a unique pointer (it can be null).
1223 1250 ***********************************************************************
1224 1251 */
1225 1252 OPERATION(SAMR_OPNUM_CreateUser)
1226 1253 struct samr_CreateUser {
1227 1254 IN samr_handle_t handle;
1228 1255 IN samr_vcbuf_t username;
1229 1256 IN DWORD account_flags;
1230 1257 IN DWORD desired_access;
1231 1258 OUT samr_handle_t user_handle;
1232 1259 OUT DWORD maybe_ptr;
1233 1260 OUT DWORD rid;
1234 1261 OUT DWORD status;
1235 1262 };
1236 1263
1237 1264
1238 1265 /*
1239 1266 ***********************************************************************
1240 1267 * ChangePasswordUser2 - See:
1241 1268 * SamrUnicodeChangePasswordUser2 [MS-SAMR 3.1.5.10.3]
1242 1269 ***********************************************************************
1243 1270 */
1244 1271
1245 1272 OPERATION(SAMR_OPNUM_ChangePasswordUser2)
1246 1273 struct samr_ChangePasswordUser2 {
1247 1274 IN samr_string_t *servername;
1248 1275 IN REF samr_string_t *username;
1249 1276 IN struct samr_encr_passwd *nt_newpw;
1250 1277 IN struct samr_encr_hash *nt_oldpw;
1251 1278 IN BYTE lm_present;
1252 1279 IN struct samr_encr_passwd *lm_newpw;
1253 1280 IN struct samr_encr_hash *lm_oldpw;
1254 1281 OUT DWORD status;
1255 1282 };
1256 1283
1257 1284
1258 1285 /*
1259 1286 ***********************************************************************
1260 1287 * GetDomainPwInfo
1261 1288 ***********************************************************************
1262 1289 */
1263 1290 OPERATION(SAMR_OPNUM_GetDomainPwInfo)
1264 1291 struct samr_GetDomainPwInfo {
1265 1292 IN DWORD unused;
1266 1293 OUT REFERENCE samr_password_info_t *pwinfo;
1267 1294 OUT DWORD status;
1268 1295 };
1269 1296
1270 1297
1271 1298 /*
1272 1299 ***********************************************************************
1273 1300 * SetUserInfo
1274 1301 * [MS-SAMR] SamrSetInformationUser2
1275 1302 ***********************************************************************
1276 1303 */
1277 1304
1278 1305 /* USER_CONTROL_INFORMATION */
1279 1306 struct samr_SetUserInfo16 {
1280 1307 DWORD UserAccountControl;
1281 1308 };
1282 1309
1283 1310
1284 1311 /*
1285 1312 * samr_SetUserInfo21, a.k.a
1286 1313 * SAMR_USER_ALL_INFORMATION
1287 1314 *
1288 1315 * We now know this is the same as samr_QueryUserInfo21
1289 1316 * Could merge, except for the samr_vcbuf_t mess.
1290 1317 */
1291 1318
1292 1319 #define SAMR_SET_USER_INFO_21 21
1293 1320
1294 1321 struct samr_SetUserInfo21 {
1295 1322 samr_quad_t LastLogon;
1296 1323 samr_quad_t LastLogoff;
1297 1324 samr_quad_t PasswordLastSet;
1298 1325 samr_quad_t AccountExpires;
1299 1326 samr_quad_t PasswordCanChange;
1300 1327 samr_quad_t PasswordMustChange;
1301 1328
1302 1329 samr_vcbuf_t UserName;
1303 1330 samr_vcbuf_t FullName;
1304 1331 samr_vcbuf_t HomeDirectory;
1305 1332 samr_vcbuf_t HomeDirectoryDrive;
1306 1333 samr_vcbuf_t ScriptPath;
1307 1334 samr_vcbuf_t ProfilePath;
1308 1335 samr_vcbuf_t AdminComment;
1309 1336 samr_vcbuf_t WorkStations;
1310 1337 samr_vcbuf_t UserComment;
1311 1338 samr_vcbuf_t Parameters;
1312 1339
1313 1340 struct samr_short_blob LmOwfPassword;
1314 1341 struct samr_short_blob NtOwfPassword;
1315 1342 samr_vcbuf_t PrivateData;
1316 1343 samr_sd_t SecurityDescriptor;
1317 1344
1318 1345 DWORD UserId; /* RID */
1319 1346 DWORD PrimaryGroupId;
1320 1347 DWORD UserAccountControl;
1321 1348 DWORD WhichFields;
1322 1349
1323 1350 /*
1324 1351 * This should be samr_logon_hours_all, but apparently
1325 1352 * ndrgen doesn't get that quite right, so instead, the
1326 1353 * client-side code patches this up.
1327 1354 */
1328 1355 struct samr_logon_info LogonHours;
1329 1356
1330 1357 WORD BadPasswordCount;
1331 1358 WORD LogonCount;
1332 1359 WORD CountryCode;
1333 1360 WORD CodePage;
1334 1361 BYTE LmPasswordPresent;
1335 1362 BYTE NtPasswordPresent;
1336 1363 BYTE PasswordExpired;
1337 1364 BYTE PrivateDataSensitive;
1338 1365 };
1339 1366
1340 1367 /*
1341 1368 * SAMPR_USER_INTERNAL4_INFORMATION
1342 1369 * UserInternal4Information (23)
1343 1370 */
1344 1371 #define SAMR_SET_USER_INFO_23 23
1345 1372 struct samr_SetUserInfo23 {
1346 1373 struct samr_SetUserInfo21 info21;
1347 1374 struct samr_encr_passwd encr_pw;
1348 1375 };
1349 1376
1350 1377 /*
1351 1378 * SAMPR_USER_INTERNAL5_INFORMATION
1352 1379 * UserInternal5Information (24)
1353 1380 */
1354 1381 #define SAMR_SET_USER_INFO_24 24
1355 1382 struct samr_SetUserInfo24 {
1356 1383 struct samr_encr_passwd encr_pw;
1357 1384 BYTE password_expired;
1358 1385 };
1359 1386
1360 1387
1361 1388 union samr_SetUserInfo_u {
1362 1389 UNION_INFO_ENT(16,samr_SetUserInfo);
1363 1390 UNION_INFO_ENT(21,samr_SetUserInfo);
1364 1391 UNION_INFO_ENT(23,samr_SetUserInfo);
1365 1392 UNION_INFO_ENT(24,samr_SetUserInfo);
1366 1393 DEFAULT DWORD nothing;
1367 1394 };
1368 1395
1369 1396 struct samr_SetUserInfo_s {
1370 1397 WORD info_level;
1371 1398 WORD switch_value;
1372 1399 SWITCH(switch_value)
1373 1400 union samr_SetUserInfo_u ru;
1374 1401 };
1375 1402
1376 1403 OPERATION(SAMR_OPNUM_SetUserInfo)
1377 1404 struct samr_SetUserInfo {
1378 1405 IN samr_handle_t user_handle;
1379 1406 IN struct samr_SetUserInfo_s info;
1380 1407 OUT DWORD status;
1381 1408 };
1382 1409
1383 1410
1384 1411 /*
|
↓ open down ↓ |
884 lines elided |
↑ open up ↑ |
1385 1412 ***********************************************************************
1386 1413 * The SAMR interface definition.
1387 1414 ***********************************************************************
1388 1415 */
1389 1416 INTERFACE(0)
1390 1417 union samr_interface {
1391 1418 CASE(SAMR_OPNUM_Connect)
1392 1419 struct samr_Connect Connect;
1393 1420 CASE(SAMR_OPNUM_CloseHandle)
1394 1421 struct samr_CloseHandle CloseHandle;
1422 + CASE(SAMR_OPNUM_QuerySecObject)
1423 + struct samr_QuerySecObject QuerySecObject;
1395 1424 CASE(SAMR_OPNUM_LookupDomain)
1396 1425 struct samr_LookupDomain LookupDomain;
1397 1426 CASE(SAMR_OPNUM_EnumLocalDomains)
1398 1427 struct samr_EnumLocalDomain EnumLocalDomain;
1399 1428 CASE(SAMR_OPNUM_OpenDomain)
1400 1429 struct samr_OpenDomain OpenDomain;
1401 1430 CASE(SAMR_OPNUM_QueryDomainInfo)
1402 1431 struct samr_QueryDomainInfo QueryDomainInfo;
1403 1432 CASE(SAMR_OPNUM_QueryInfoDomain2)
1404 1433 struct samr_QueryInfoDomain2 QueryInfoDomain2;
1405 1434 CASE(SAMR_OPNUM_LookupNames)
1406 1435 struct samr_LookupNames LookupNames;
1407 1436 CASE(SAMR_OPNUM_OpenUser)
1408 1437 struct samr_OpenUser OpenUser;
1409 1438 CASE(SAMR_OPNUM_DeleteUser)
1410 1439 struct samr_DeleteUser DeleteUser;
1411 1440 CASE(SAMR_OPNUM_QueryUserInfo)
1412 1441 struct samr_QueryUserInfo QueryUserInfo;
1413 1442 CASE(SAMR_OPNUM_QueryUserGroups)
1414 1443 struct samr_QueryUserGroups QueryUserGroups;
1415 1444 CASE(SAMR_OPNUM_OpenGroup)
1416 1445 struct samr_OpenGroup OpenGroup;
1417 1446 CASE(SAMR_OPNUM_AddAliasMember)
1418 1447 struct samr_AddAliasMember AddAliasMember;
1419 1448 CASE(SAMR_OPNUM_DeleteAliasMember)
1420 1449 struct samr_DeleteAliasMember DeleteAliasMember;
1421 1450 CASE(SAMR_OPNUM_ListAliasMembers)
1422 1451 struct samr_ListAliasMembers ListAliasMembers;
1423 1452 CASE(SAMR_OPNUM_GetUserPwInfo)
1424 1453 struct samr_GetUserPwInfo GetUserPwInfo;
1425 1454 CASE(SAMR_OPNUM_CreateUser)
1426 1455 struct samr_CreateUser CreateUser;
1427 1456 CASE(SAMR_OPNUM_ChangePasswordUser2)
1428 1457 struct samr_ChangePasswordUser2 ChangePasswordUser2;
1429 1458 CASE(SAMR_OPNUM_GetDomainPwInfo)
1430 1459 struct samr_GetDomainPwInfo GetDomainPwInfo;
1431 1460 CASE(SAMR_OPNUM_Connect2)
1432 1461 struct samr_Connect2 Connect2;
1433 1462 CASE(SAMR_OPNUM_SetUserInfo)
1434 1463 struct samr_SetUserInfo SetUserInfo;
1435 1464 CASE(SAMR_OPNUM_Connect4)
1436 1465 struct samr_Connect4 Connect4;
1437 1466 CASE(SAMR_OPNUM_Connect5)
1438 1467 struct samr_Connect5 Connect5;
1439 1468 CASE(SAMR_OPNUM_QueryDispInfo)
1440 1469 struct samr_QueryDispInfo QueryDispInfo;
1441 1470 CASE(SAMR_OPNUM_OpenAlias)
1442 1471 struct samr_OpenAlias OpenAlias;
1443 1472 CASE(SAMR_OPNUM_CreateDomainAlias)
1444 1473 struct samr_CreateDomainAlias CreateDomainAlias;
1445 1474 CASE(SAMR_OPNUM_SetAliasInfo)
1446 1475 struct samr_SetAliasInfo SetAliasInfo;
1447 1476 CASE(SAMR_OPNUM_QueryAliasInfo)
1448 1477 struct samr_QueryAliasInfo QueryAliasInfo;
1449 1478 CASE(SAMR_OPNUM_DeleteDomainAlias)
1450 1479 struct samr_DeleteDomainAlias DeleteDomainAlias;
1451 1480 CASE(SAMR_OPNUM_EnumDomainAliases)
1452 1481 struct samr_EnumDomainAliases EnumDomainAliases;
1453 1482 CASE(SAMR_OPNUM_EnumDomainGroups)
1454 1483 struct samr_EnumDomainGroups EnumDomainGroups;
1455 1484 };
1456 1485 typedef union samr_interface samr_interface_t;
1457 1486 EXTERNTYPEINFO(samr_interface)
1458 1487
1459 1488 #endif /* _MLSVC_SAM_NDL_ */
|
↓ open down ↓ |
55 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX