xref: /titanic_50/usr/src/uts/common/smbsrv/ndl/samrpc.ndl (revision 5c5f137104b2d56181283389fa902220f2023809)
1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22/*
23 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
25 */
26
27#ifndef _MLSVC_SAM_NDL_
28#define _MLSVC_SAM_NDL_
29
30/*
31 * Security Accounts Manager RPC (SAMR) interface definition.
32 */
33
34#include "ndrtypes.ndl"
35
36/* Windows NT */
37#define SAMR_OPNUM_Connect			0x00	/* SamrConnect */
38#define SAMR_OPNUM_CloseHandle			0x01
39#define SAMR_OPNUM_SetSecObject			0x02
40#define SAMR_OPNUM_QuerySecObject		0x03
41#define SAMR_OPNUM_ShutdownSamServer		0x04	/* NotUsedOnWire */
42#define SAMR_OPNUM_LookupDomain			0x05
43#define SAMR_OPNUM_EnumLocalDomains		0x06
44#define SAMR_OPNUM_OpenDomain			0x07
45#define SAMR_OPNUM_QueryDomainInfo		0x08
46#define SAMR_OPNUM_SetDomainInfo		0x09
47#define SAMR_OPNUM_CreateDomainGroup		0x0a
48#define SAMR_OPNUM_QueryDomainGroups		0x0b
49#define SAMR_OPNUM_CreateDomainUser		0x0c
50#define SAMR_OPNUM_EnumDomainUsers		0x0d
51#define SAMR_OPNUM_CreateDomainAlias		0x0e
52#define SAMR_OPNUM_EnumDomainAliases		0x0f
53#define SAMR_OPNUM_LookupIds			0x10	/* GetAliasMembership */
54#define SAMR_OPNUM_LookupNames			0x11
55#define SAMR_OPNUM_LookupDomainIds		0x12
56#define SAMR_OPNUM_OpenGroup			0x13
57#define SAMR_OPNUM_QueryGroupInfo		0x14
58#define SAMR_OPNUM_StoreGroupInfo		0x15
59#define SAMR_OPNUM_AddGroupMember		0x16
60#define SAMR_OPNUM_DeleteDomainGroup		0x17
61#define SAMR_OPNUM_DeleteGroupMember		0x18
62#define SAMR_OPNUM_ListGroupMembers		0x19
63#define SAMR_OPNUM_SetGroupMemberAttributes	0x1a
64#define SAMR_OPNUM_OpenAlias			0x1b
65#define SAMR_OPNUM_QueryAliasInfo		0x1c
66#define SAMR_OPNUM_SetAliasInfo			0x1d
67#define SAMR_OPNUM_DeleteDomainAlias		0x1e
68#define SAMR_OPNUM_AddAliasMember		0x1f
69#define SAMR_OPNUM_DeleteAliasMember		0x20
70#define SAMR_OPNUM_ListAliasMembers		0x21
71#define SAMR_OPNUM_OpenUser			0x22
72#define SAMR_OPNUM_DeleteUser			0x23
73#define SAMR_OPNUM_QueryUserInfo		0x24
74#define SAMR_OPNUM_SetUserInfo0			0x25	/* SetUserInfo */
75#define SAMR_OPNUM_ChangeUserPassword0		0x26	/* ChangeUserPassword */
76#define SAMR_OPNUM_QueryUserGroups		0x27
77#define SAMR_OPNUM_QueryDispInfo		0x28	/* QueryDispInfo1 */
78#define	SAMR_OPNUM_GetDisplayEnumIndex		0x29
79#define	SAMR_OPNUM_TestPrivateDomainFunctions	0x2a	/* NotUsedOnWire */
80#define	SAMR_OPNUM_TestPrivateUserFunctions	0x2b	/* NotUsedOnWire */
81#define SAMR_OPNUM_GetUserPwInfo		0x2c
82
83/* Windows 2000 */
84#define	SAMR_OPNUM_RemoveMemberFromForeignDomain        0x2d
85#define	SAMR_OPNUM_QueryInfoDomain2		0x2e
86#define	SAMR_OPNUM_QueryInfoUser2		0x2f
87#define	SAMR_OPNUM_EnumDomainGroups		0x30    /* QueryDispInfo2 */
88#define	SAMR_OPNUM_GetDisplayEnumIndex2		0x31
89#define	SAMR_OPNUM_CreateUser			0x32
90#define	SAMR_OPNUM_QueryDispInfo4		0x33
91#define	SAMR_OPNUM_AddMultipleAliasMembers	0x34
92#define	SAMR_OPNUM_RemoveMultipleAliasMembers	0x35
93#define	SAMR_OPNUM_ChangeUserOemPassword	0x36
94#define SAMR_OPNUM_ChangePasswordUser2		0x37	/* UnicodePasswd */
95#define SAMR_OPNUM_GetDomainPwInfo		0x38
96#define SAMR_OPNUM_Connect2                     0x39    /* SamrConnect2 */
97#define SAMR_OPNUM_SetUserInfo			0x3a	/* SetInfoUser2 */
98#define	SAMR_OPNUM_SetBootKeyInformation	0x3b
99#define	SAMR_OPNUM_GetBootKeyInformation	0x3c
100#define	SAMR_OPNUM_Connect3			0x3d	/* NotUsedOnWire */
101#define	SAMR_OPNUM_Connect4			0x3e	/* SamrConnect4 */
102#define	SAMR_OPNUM_ChangeUserUnicodePassword3	0x3f
103
104/* Windows XP and Windows Server 2003 */
105#define	SAMR_OPNUM_Connect5			0x40	/* SamrConnect5 */
106#define	SAMR_OPNUM_RidToSid                     0x41
107#define	SAMR_OPNUM_SetDSRMPassword              0x42
108#define	SAMR_OPNUM_ValidatePassword             0x43
109
110/* Windows Vista */
111#define SAMR_OPNUM_QueryLocalizableAccountsInDomain     0x44
112#define SAMR_OPNUM_PerformGenericOperation              0x45
113
114
115/*
116 * Sam account flags used when creating an account. These flags seem
117 * to be very similar to the USER_INFO_X flags (UF_XXX) in lmaccess.h
118 * but the values are different.
119 */
120#define SAMR_AF_ACCOUNTDISABLE			0x0001
121#define SAMR_AF_HOMEDIR_REQUIRED		0x0002
122#define SAMR_AF_PASSWD_NOTREQD			0x0004
123#define SAMR_AF_TEMP_DUPLICATE_ACCOUNT		0x0008
124#define SAMR_AF_NORMAL_ACCOUNT			0x0010
125#define SAMR_AF_MNS_LOGON_ACCOUNT		0x0020
126#define SAMR_AF_INTERDOMAIN_TRUST_ACCOUNT	0x0040
127#define SAMR_AF_WORKSTATION_TRUST_ACCOUNT	0x0080
128#define SAMR_AF_SERVER_TRUST_ACCOUNT		0x0100
129#define SAMR_AF_DONT_EXPIRE_PASSWD		0x0200
130#define SAMR_AF_ACCOUNT_AUTOLOCK		0x0400
131
132
133#define SAMR_AF_MACHINE_ACCOUNT_MASK	( \
134				SAMR_AF_INTERDOMAIN_TRUST_ACCOUNT \
135				| SAMR_AF_WORKSTATION_TRUST_ACCOUNT \
136				| SAMR_AF_SERVER_TRUST_ACCOUNT)
137
138#define SAMR_AF_ACCOUNT_TYPE_MASK	( \
139				SAMR_AF_TEMP_DUPLICATE_ACCOUNT \
140				| SAMR_AF_NORMAL_ACCOUNT \
141				| SAMR_AF_INTERDOMAIN_TRUST_ACCOUNT \
142				| SAMR_AF_WORKSTATION_TRUST_ACCOUNT \
143				| SAMR_AF_SERVER_TRUST_ACCOUNT)
144
145/*
146 * QueryUserInfo UserAllInformation WhichFields
147 */
148#define	SAMR_USER_ALL_USERNAME			0x00000001
149#define	SAMR_USER_ALL_FULLNAME			0x00000002
150#define	SAMR_USER_ALL_USERID			0x00000004
151#define	SAMR_USER_ALL_PRIMARYGROUPID		0x00000008
152#define	SAMR_USER_ALL_ADMINCOMMENT		0x00000010
153#define	SAMR_USER_ALL_USERCOMMENT		0x00000020
154#define	SAMR_USER_ALL_HOMEDIRECTORY		0x00000040
155#define	SAMR_USER_ALL_HOMEDIRECTORYDRIVE	0x00000080
156#define	SAMR_USER_ALL_SCRIPTPATH		0x00000100
157#define	SAMR_USER_ALL_PROFILEPATH		0x00000200
158#define	SAMR_USER_ALL_WORKSTATIONS		0x00000400
159#define	SAMR_USER_ALL_LASTLOGON			0x00000800
160#define	SAMR_USER_ALL_LASTLOGOFF		0x00001000
161#define	SAMR_USER_ALL_LOGONHOURS		0x00002000
162#define	SAMR_USER_ALL_BADPASSWORDCOUNT		0x00004000
163#define	SAMR_USER_ALL_LOGONCOUNT		0x00008000
164#define	SAMR_USER_ALL_PASSWORDCANCHANGE		0x00010000
165#define	SAMR_USER_ALL_PASSWORDMUSTCHANGE	0x00020000
166#define	SAMR_USER_ALL_PASSWORDLASTSET		0x00040000
167#define	SAMR_USER_ALL_ACCOUNTEXPIRES		0x00080000
168#define	SAMR_USER_ALL_USERACCOUNTCONTROL	0x00100000
169#define	SAMR_USER_ALL_PARAMETERS		0x00200000
170#define	SAMR_USER_ALL_COUNTRYCODE		0x00400000
171#define	SAMR_USER_ALL_CODEPAGE			0x00800000
172#define	SAMR_USER_ALL_NTPASSWORDPRESENT		0x01000000
173#define	SAMR_USER_ALL_LMPASSWORDPRESENT		0x02000000
174#define	SAMR_USER_ALL_PRIVATEDATA		0x04000000
175#define	SAMR_USER_ALL_PASSWORDEXPIRED		0x08000000
176#define	SAMR_USER_ALL_SECURITYDESCRIPTOR	0x10000000
177#define	SAMR_USER_ALL_OWF_PASSWORD		0x20000000
178#define	SAMR_USER_ALL_UNDEFINED_MASK		0xC0000000
179
180/*
181 * Alias Access Mask values for SAMR
182 * Section 2.2.1.6 of MS-SAMR
183 */
184#define SAMR_ALIAS_ACCESS_EXECUTE		0x00020008
185#define SAMR_ALIAS_ACCESS_WRITE			0x00020013
186#define SAMR_ALIAS_ACCESS_READ			0x00020004
187#define SAMR_ALIAS_ACCESS_ALL_ACCESS		0x000F001F
188#define SAMR_ALIAS_ACCESS_WRITE_ACCOUNT		0x00000010
189#define SAMR_ALIAS_ACCESS_READ_INFO		0x00000008
190#define SAMR_ALIAS_ACCESS_LIST_MEMBERS		0x00000004
191#define SAMR_ALIAS_ACCESS_REMOVE_MEMBER		0x00000002
192#define SAMR_ALIAS_ACCESS_ADD_MEMBER		0x00000001
193
194#define	SAMR_REVISION_1			1	/* Pre Windows 2000 */
195#define	SAMR_REVISION_2			2	/* Windows 2000 */
196#define	SAMR_REVISION_3			3	/* Post Windows 2000 */
197
198/*
199 * Definition for a SID. The ndl compiler does not allow a typedef of
200 * a structure containing variable size members.
201 * Note: cast compatible with smb_sid_t, and code depends on that.
202 */
203struct samr_sid {
204	BYTE		Revision;
205	BYTE		SubAuthCount;
206	BYTE		Authority[6];
207  SIZE_IS(SubAuthCount)
208	DWORD		SubAuthority[ANY_SIZE_ARRAY];
209};
210
211
212/*
213 * SAMR definition of a security_descriptor.
214 */
215struct samr_sec_desc {
216	BYTE Revision;
217	BYTE Sbz1;
218	WORD Control;
219	struct samr_sid *owner;
220	struct samr_sid *group;
221	struct samr_sid *sacl;
222	struct samr_sid *dacl;
223};
224
225struct samr_sd {
226	DWORD length;
227  SIZE_IS(length)
228	BYTE *data;
229};
230typedef struct samr_sd samr_sd_t;
231
232/*
233 * See RPC_STRING in the MS IDL.
234 * Definition for a string. The length and allosize should be set to
235 * twice the string length (i.e. strlen(str) * 2). The runtime code
236 * will perform the appropriate string to a wide-char conversions,
237 * so str should point to a regular char * string.
238 */
239struct samr_string {
240	WORD		length;
241	WORD		allosize;
242	LPTSTR		str;
243};
244typedef struct samr_string samr_string_t;
245
246
247/*
248 * Alternative varying/conformant string definition - for
249 * non-null terminated strings. This definition must match
250 * ndr_vcbuf_t.
251 */
252struct samr_vcb {
253	/*
254	 * size_is (actually a copy of length_is) will
255	 * be inserted here by the marshalling library.
256	 */
257	DWORD vc_first_is;
258	DWORD vc_length_is;
259  SIZE_IS(vc_length_is)
260	WORD buffer[ANY_SIZE_ARRAY];
261};
262
263struct samr_vcbuf {
264	WORD wclen;
265	WORD wcsize;
266	struct samr_vcb *vcb;
267};
268typedef struct samr_vcbuf samr_vcbuf_t;
269
270CONTEXT_HANDLE(samr_handle) samr_handle_t;
271
272/*
273 * OLD_LARGE_INTEGER: a 64-bit value.
274 */
275struct samr_quad {
276	DWORD low;
277	DWORD high;
278};
279typedef struct samr_quad samr_quad_t;
280
281/*
282 * Blob used for the NT and LM OWF passwords.
283 * The length and maxlen should be 16.
284 */
285struct samr_short_blob {
286	WORD	length;
287	WORD	maxlen;
288  SIZE_IS(length / 2)
289	WORD	*buf;
290};
291
292#define	DOMAIN_PASSWORD_COMPLEX			0x00000001
293#define	DOMAIN_PASSWORD_NO_ANON_CHANGE		0x00000002
294#define	DOMAIN_PASSWORD_NO_CLEAR_CHANGE		0x00000004
295#define	DOMAIN_LOCKOUT_ADMINS			0x00000008
296#define	DOMAIN_PASSWORD_STORE_CLEARTEXT		0x00000010
297#define	DOMAIN_REFUSE_PASSWORD_CHANGE		0x00000020
298
299struct samr_password_info {
300	WORD	min_length;
301	DWORD	properties;
302};
303typedef struct samr_password_info samr_password_info_t;
304
305/*
306 * There is some sort of logon bitmap structure in here, which I
307 * think is a varying and conformant array, i.e.
308 *
309 *	struct samr_logon_hours {
310 *      DWORD size_is;		(1260)
311 *      DWORD first_is;		(zero)
312 *      DWORD length_is;	(168)
313 *      BYTE bitmap[21];
314 *  };
315 *
316 *	struct samr_logon_info {
317 *		DWORD length;
318 *	SIZE_IS(length / 8)
319 *		struct samr_logon_hours *hours;
320 *	};
321 *
322 * There are 10080 minutes/week => 10080/8 = 1260 (0x04EC).
323 * So size_is is set as some sort of maximum.
324 *
325 * There are 168 hours/week => 168/8 = 21 (0xA8). Since there are 21
326 * bytes (all set to 0xFF), this is is probably the default setting.
327 */
328
329#define SAMR_MINS_PER_WEEK		10080
330#define SAMR_HOURS_PER_WEEK		168
331
332#define SAMR_HOURS_MAX_SIZE		(SAMR_MINS_PER_WEEK / 8)
333#define SAMR_HOURS_SET_LEN(LEN)		((LEN) / 8)
334#define SAMR_SET_USER_HOURS_SZ		21
335
336struct samr_logon_hours {
337	DWORD size;
338	DWORD first;
339	DWORD length;
340	BYTE bitmap[SAMR_SET_USER_HOURS_SZ];
341};
342
343struct samr_logon_info {
344	DWORD units;
345	DWORD hours;
346};
347
348struct samr_logon_hours_all {
349	WORD	units_per_week;
350  SIZE_IS(units_per_week / 8)
351	BYTE	*hours;
352};
353
354/*
355 * SAMPR_USER_PASSWORD (in the MS Net API) or
356 * struct samr_user_password (internal use) is
357 * the "clear" form of struct samr_encr_passwd
358 * (SAMPR_ENCRYPTED_USER_PASSWORD in MS Net).
359 * It's not used by ndrgen, but is declared here
360 * to help clarify the relationship between these,
361 * and for the benefit of our client-side code.
362 */
363#ifndef	NDRGEN
364#define SAMR_USER_PWLEN	256
365struct samr_user_password {
366	smb_wchar_t	Buffer[SAMR_USER_PWLEN];
367	DWORD Length;
368};
369#endif	/* NDRGEN */
370
371/* SAMPR_ENCRYPTED_USER_PASSWORD */
372#define	SAMR_ENCR_PWLEN 516	/* sizeof samr_user_password */
373struct samr_encr_passwd {
374	BYTE data[SAMR_ENCR_PWLEN];
375};
376
377/* ENCRYPTED_NT_OWF_PASSWORD */
378#define	SAMR_PWHASH_LEN	16
379struct samr_encr_hash {
380	BYTE data[SAMR_PWHASH_LEN];
381};
382
383/*
384 ***********************************************************************
385 * SamrConnect.
386 ***********************************************************************
387 */
388OPERATION(SAMR_OPNUM_Connect)
389struct samr_Connect {
390	IN	DWORD *servername;
391	IN	DWORD access_mask;
392	OUT	samr_handle_t handle;
393	OUT	DWORD status;
394};
395
396
397/*
398 ***********************************************************************
399 * SamrConnect2.
400 ***********************************************************************
401 */
402OPERATION(SAMR_OPNUM_Connect2)
403struct samr_Connect2 {
404	IN	LPTSTR servername;
405	IN	DWORD access_mask;
406	OUT	samr_handle_t handle;
407	OUT	DWORD status;
408};
409
410
411/*
412 ***********************************************************************
413 * SamrConnect4. A new form of connect first seen with Windows 2000.
414 * A new field has been added to the input request. Value: 0x00000002.
415 ***********************************************************************
416 */
417OPERATION(SAMR_OPNUM_Connect4)
418struct samr_Connect4 {
419	IN	LPTSTR servername;
420	IN	DWORD revision;
421	IN	DWORD access_mask;
422	OUT	samr_handle_t handle;
423	OUT	DWORD status;
424};
425
426
427/*
428 ***********************************************************************
429 * SamrConnect5. A new form of connect first seen with Windows XP.
430 * The server name is the fully qualified domain name, i.e.
431 *	\\server.sun.com.
432 *
433 * [in]  DWORD	 InVersion,
434 * [in]  [switch_is(InVersion)]    samr_revision_info *InRevisionInfo
435 * [out] DWORD	 *OutVersion
436 * [out] [switch_is(*OutVersion)] *samr_revision_info *OutRevisionInfo
437 *
438 * SupportedFeatures (see notes in [MS-SAMR]
439 *	0x00000001	RID values returned from the server must not be
440 *			concatenated with the domain SID.
441 *	0x00000002	Reserved
442 *	0x00000004	Reserved
443 ***********************************************************************
444 */
445struct samr_revision_info1 {
446	DWORD revision;
447	DWORD supported_features;
448};
449typedef struct samr_revision_info1 samr_revision_info1_t;
450
451union samr_revision_info {
452	UNION_INFO_ENT(1,samr_revision_info);
453	DEFAULT	char *nullptr;
454};
455
456OPERATION(SAMR_OPNUM_Connect5)
457struct samr_Connect5 {
458	IN		LPTSTR servername;
459	IN		DWORD access_mask;
460	/*
461	 * This should be a union, but instead this is
462	 * done this way because unions are hard to
463	 * express in this RPC implementation.
464	 */
465	INOUT	DWORD unknown2_00000001;	/* V1 */
466	INOUT	DWORD unknown3_00000001;	/* V1 */
467	/* SAMPR_REVISION_INFO_V1 */
468	INOUT	DWORD unknown4_00000003;	/* Revision */
469	INOUT	DWORD unknown5_00000000;	/* SupportedFeatures */
470	OUT		samr_handle_t handle;
471	OUT		DWORD status;
472};
473
474
475/*
476 ***********************************************************************
477 * CloseHandle closes an association with the SAM. Using the same
478 * structure as the LSA seems to work.
479 ***********************************************************************
480 */
481OPERATION(SAMR_OPNUM_CloseHandle)
482struct samr_CloseHandle {
483	IN	samr_handle_t handle;
484	OUT	samr_handle_t result_handle;
485	OUT	DWORD status;
486};
487
488
489/*
490 ***********************************************************************
491 * LookupDomain: lookup up the domain SID.
492 ***********************************************************************
493 */
494OPERATION(SAMR_OPNUM_LookupDomain)
495struct samr_LookupDomain {
496	IN	samr_handle_t handle;
497	IN	samr_string_t domain_name;
498	OUT struct samr_sid *sid;
499	OUT	DWORD status;
500};
501
502
503/*
504 ***********************************************************************
505 * EnumLocalDomain
506 *
507 * This looks like a request to get the local domains supported by a
508 * remote server. NT always seems to return 2 domains: the local
509 * domain (hostname) and the Builtin domain.
510 *
511 * The max_length field is set to 0x2000.
512 * Enum_context is set to 0 in the request and set to entries_read in
513 * the reply. Like most of these enums, total_entries is the same as
514 * entries_read.
515 ***********************************************************************
516 */
517struct samr_LocalDomainEntry {
518	DWORD unknown;
519	samr_string_t name;
520};
521
522struct samr_LocalDomainInfo {
523	DWORD entries_read;
524  SIZE_IS(entries_read)
525	struct samr_LocalDomainEntry *entry;
526};
527
528
529OPERATION(SAMR_OPNUM_EnumLocalDomains)
530struct samr_EnumLocalDomain {
531	IN		samr_handle_t handle;
532	INOUT	DWORD enum_context;
533	IN		DWORD max_length;
534	OUT		struct samr_LocalDomainInfo *info;
535	OUT		DWORD total_entries;
536	OUT		DWORD status;
537};
538
539
540/*
541 ***********************************************************************
542 * OpenDomain
543 *
544 * Open a specific domain within the SAM. From this I assume that each
545 * SAM can handle multiple domains so you need to identify the one with
546 * which you want to work. Working with a domain handle does appear to
547 * offer the benefit that you can then use RIDs instead of full SIDs,
548 * which simplifies things a bit. The domain handle can be used to get
549 * user and group handles.
550 ***********************************************************************
551 */
552OPERATION(SAMR_OPNUM_OpenDomain)
553struct samr_OpenDomain {
554	IN	samr_handle_t handle;
555	IN	DWORD access_mask;
556	IN REFERENCE struct samr_sid *sid;
557	OUT	samr_handle_t domain_handle;
558	OUT	DWORD status;
559};
560
561
562/*
563 ***********************************************************************
564 * QueryDomainInfo
565 *
566 * Windows 95 Server Manager sends requests for levels 6 and 7 when
567 * the services menu item is selected.
568 ***********************************************************************
569 */
570#define SAMR_QUERY_DOMAIN_INFO_2		2
571#define SAMR_QUERY_DOMAIN_INFO_6		6
572#define SAMR_QUERY_DOMAIN_INFO_7		7
573
574
575struct samr_QueryDomainInfo2 {
576	DWORD unknown1;			/* 00 00 00 00 */
577	DWORD unknown2;			/* 00 00 00 80 */
578	samr_string_t s1;
579	samr_string_t domain;
580	samr_string_t s2;
581	DWORD sequence_num;		/* 2B 00 00 00 */
582	DWORD unknown3;			/* 00 00 00 00 */
583	DWORD unknown4;			/* 01 00 00 00 */
584	DWORD unknown5;			/* 03 00 00 00 */
585	DWORD unknown6;			/* 01 */
586	DWORD num_users;
587	DWORD num_groups;
588	DWORD num_aliases;
589};
590
591
592struct samr_QueryDomainInfo6 {
593	DWORD unknown1;			/* 00 00 00 00 */
594	DWORD unknown2;			/* B0 7F 14 00 */
595	DWORD unknown3;			/* 00 00 00 00 */
596	DWORD unknown4;			/* 00 00 00 00 */
597	DWORD unknown5;			/* 00 00 00 00 */
598};
599
600
601struct samr_QueryDomainInfo7 {
602	DWORD unknown1;			/* 03 00 00 00 */
603};
604
605
606union samr_QueryDomainInfo_ru {
607	UNION_INFO_ENT(2,samr_QueryDomainInfo);
608	UNION_INFO_ENT(6,samr_QueryDomainInfo);
609	UNION_INFO_ENT(7,samr_QueryDomainInfo);
610	DEFAULT	char *nullptr;
611};
612
613struct samr_QueryDomainInfoRes {
614	WORD switch_value;
615	SWITCH(switch_value)
616		union samr_QueryDomainInfo_ru ru;
617};
618
619OPERATION(SAMR_OPNUM_QueryDomainInfo)
620struct samr_QueryDomainInfo {
621	IN	samr_handle_t domain_handle;
622	IN	WORD info_level;
623	OUT	struct samr_QueryDomainInfoRes *info;
624	OUT	DWORD status;
625};
626
627/*
628 * Identical to SAMR_OPNUM_QueryDomainInfo.
629 */
630OPERATION(SAMR_OPNUM_QueryInfoDomain2)
631struct samr_QueryInfoDomain2 {
632	IN	samr_handle_t	domain_handle;
633	IN	WORD		info_level;
634	OUT	struct samr_QueryDomainInfoRes *info;
635	OUT	DWORD		status;
636};
637
638#define SAMR_QUERY_ALIAS_INFO_GENERAL		1
639#define SAMR_QUERY_ALIAS_INFO_NAME		2
640#define SAMR_QUERY_ALIAS_INFO_COMMENT		3
641
642struct samr_QueryAliasInfoGeneral {
643	WORD level;
644	samr_string_t name;
645	DWORD member_count;
646	samr_string_t desc;
647};
648
649struct samr_QueryAliasInfoName {
650	WORD level;
651	samr_string_t name;
652};
653
654struct samr_QueryAliasInfoComment {
655	WORD level;
656	samr_string_t desc;
657};
658
659union samr_QueryAliasInfo_ru {
660	CASE(1) struct samr_QueryAliasInfoGeneral info1;
661	CASE(2) struct samr_QueryAliasInfoName    info2;
662	CASE(3) struct samr_QueryAliasInfoComment info3;
663	DEFAULT	char *nullptr;
664};
665
666struct samr_QueryAliasInfoRes {
667	DWORD address;
668	WORD switch_value;
669	SWITCH(switch_value)
670		union samr_QueryAliasInfo_ru ru;
671};
672
673OPERATION(SAMR_OPNUM_QueryAliasInfo)
674struct samr_QueryAliasInfo {
675	IN	samr_handle_t alias_handle;
676	IN	WORD level;
677	OUT DWORD address;
678  SWITCH (level)
679	OUT	union samr_QueryAliasInfo_ru ru;
680	OUT	DWORD status;
681};
682
683OPERATION(SAMR_OPNUM_CreateDomainAlias)
684struct samr_CreateDomainAlias {
685	IN	samr_handle_t domain_handle;
686	IN	samr_string_t alias_name;
687	IN	DWORD access_mask;
688	OUT samr_handle_t alias_handle;
689	OUT	DWORD rid;
690	OUT	DWORD status;
691};
692
693OPERATION(SAMR_OPNUM_SetAliasInfo)
694struct samr_SetAliasInfo {
695	IN	samr_handle_t alias_handle;
696	IN	WORD level;
697	/* TBD */
698	OUT	DWORD status;
699};
700
701OPERATION(SAMR_OPNUM_DeleteDomainAlias)
702struct samr_DeleteDomainAlias {
703	INOUT	samr_handle_t alias_handle;
704	OUT	DWORD status;
705};
706
707OPERATION(SAMR_OPNUM_OpenAlias)
708struct samr_OpenAlias {
709	IN	samr_handle_t domain_handle;
710	IN	DWORD access_mask;
711	IN	DWORD rid;
712	OUT samr_handle_t alias_handle;
713	OUT	DWORD status;
714};
715
716struct name_rid {
717	DWORD rid;
718	samr_string_t name;
719};
720
721struct aliases_info {
722	DWORD count;
723	DWORD address;
724	SIZE_IS(count)
725	struct name_rid info[ANY_SIZE_ARRAY];
726};
727
728OPERATION(SAMR_OPNUM_EnumDomainAliases)
729struct samr_EnumDomainAliases {
730	IN	samr_handle_t domain_handle;
731	IN	DWORD resume_handle;
732	IN	DWORD mask;
733	OUT	DWORD out_resume;
734	OUT struct aliases_info *aliases;
735	OUT DWORD entries;
736	OUT	DWORD status;
737};
738
739struct user_acct_info {
740	DWORD index;
741	DWORD rid;
742	DWORD ctrl;
743	samr_string_t name;
744	samr_string_t fullname;
745	samr_string_t desc;
746};
747
748struct user_disp_info {
749	OUT DWORD total_size;
750	OUT DWORD returned_size;
751	OUT WORD switch_value;
752	DWORD count;
753	SIZE_IS(count)
754	struct user_acct_info *acct;
755};
756
757OPERATION(SAMR_OPNUM_QueryDispInfo)
758struct samr_QueryDispInfo {
759	IN	samr_handle_t domain_handle;
760	IN	WORD level;
761	IN	DWORD start_idx;
762	IN	DWORD max_entries;
763	IN	DWORD pref_maxsize;
764	OUT struct user_disp_info users;
765	OUT	DWORD status;
766};
767
768struct group_acct_info {
769	DWORD index;
770	DWORD rid;
771	DWORD ctrl;
772	samr_string_t name;
773	samr_string_t desc;
774};
775
776struct group_disp_info {
777	DWORD count;
778	/* right now we just need one entry */
779	struct group_acct_info acct[1];
780};
781
782OPERATION(SAMR_OPNUM_EnumDomainGroups)
783struct samr_EnumDomainGroups {
784	IN	samr_handle_t domain_handle;
785	IN	WORD level;
786	IN	DWORD start_idx;
787	IN	DWORD max_entries;
788	IN	DWORD pref_maxsize;
789	OUT DWORD total_size;
790	OUT DWORD returned_size;
791	OUT WORD switch_value;
792	OUT DWORD count;
793	OUT struct group_disp_info *groups;
794	OUT	DWORD status;
795};
796
797/*
798 ***********************************************************************
799 * OpenUser
800 *
801 * Input must be a domain handle obtained via SAMR_OPNUM_OpenDomain,
802 * an access mask and the appropriate user rid. The output will be a
803 * handle for use with the specified user.
804 ***********************************************************************
805 */
806OPERATION(SAMR_OPNUM_OpenUser)
807struct samr_OpenUser {
808	IN	samr_handle_t handle;
809	IN	DWORD access_mask;
810	IN	DWORD rid;
811	OUT	samr_handle_t user_handle;
812	OUT	DWORD status;
813};
814
815
816/*
817 ***********************************************************************
818 * DeleteUser
819 ***********************************************************************
820 */
821OPERATION(SAMR_OPNUM_DeleteUser)
822struct samr_DeleteUser {
823	INOUT	samr_handle_t user_handle;
824	OUT	DWORD status;
825};
826
827
828/*
829 ***********************************************************************
830 * QueryUserInfo
831 *
832 * Provides various pieces of information on a specific user (see
833 * SAM_Q_QUERY_USERINFO and SAM_R_QUERY_USERINFO). The handle must
834 * be a valid SAM user handle.
835 *
836 * QueryUserInfo (
837 *	IN samr_handle_t user_handle,
838 *	IN WORD switch_value,
839 *	OUT union switch(switch_value) {
840 *		case 1: struct QueryUserInfo1 *info1;
841 *	} bufptr,
842 *	OUT DWORD status
843 * )
844 *
845 * typedef enum _USER_INFORMATION_CLASS {
846 *	UserGeneralInformation		= 1,
847 *	UserPreferencesInformation	= 2,
848 *	UserLogonInformation		= 3,
849 *	UserLogonHoursInformation	= 4,
850 *	UserAccountInformation		= 5,
851 *	UserNameInformation		= 6,
852 *	UserAccountNameInformation	= 7,
853 *	UserFullNameInformation		= 8,
854 *	UserPrimaryGroupInformation	= 9,
855 *	UserHomeInformation		= 10,
856 *	UserScriptInformation		= 11,
857 *	UserProfileInformation		= 12,
858 *	UserAdminCommentInformation	= 13,
859 *	UserWorkStationsInformation	= 14,
860 *	UserControlInformation		= 16,
861 *	UserExpiresInformation		= 17,
862 *	UserInternal1Information	= 18,
863 *	UserParametersInformation	= 20,
864 *	UserAllInformation		= 21,
865 *	UserInternal4Information	= 23,
866 *	UserInternal5Information	= 24,
867 *	UserInternal4InformationNew	= 25,
868 *	UserInternal5InformationNew	= 26,
869 * } USER_INFORMATION_CLASS;
870 *
871 * 1 = username, fullname, description and some other stuff.
872 * 3 = large structure containing user rid, group rid, username
873 *     and fullname.
874 * 5 = large structure (like 3) containing user rid, group rid,
875 *     username, fullname and description.
876 * 6 = username and fullname
877 * 7 = username
878 * 8 = fullname
879 * 9 = group rid
880 * 16 = used after creating a new account
881 *
882 * Due to an ndrgen bug, a function must be provided to to patch the
883 * offsets used by the unmarshalling code at runtime.  In order to
884 * simplify things it is useful to use a naming convention that
885 * indicates the switch value for each structure.
886 *
887 ***********************************************************************
888 */
889
890
891#define SAMR_QUERY_USER_INFO_1			1
892#define SAMR_QUERY_USER_UNAME_AND_FNAME		6
893#define SAMR_QUERY_USER_USERNAME		7
894#define SAMR_QUERY_USER_FULLNAME		8
895#define SAMR_QUERY_USER_GROUPRID		9
896#define SAMR_QUERY_USER_CONTROL_INFO		16
897#define SAMR_QUERY_USER_ALL_INFO		21
898
899
900struct samr_QueryUserInfo1 {
901	samr_string_t username;
902	samr_string_t fullname;
903	DWORD group_rid;
904	samr_string_t description;
905	samr_string_t unknown;
906};
907
908
909struct samr_QueryUserInfo6 {
910	samr_string_t username;
911	samr_string_t fullname;
912};
913
914struct samr_QueryUserInfo7 {
915	samr_string_t username;
916};
917
918
919struct samr_QueryUserInfo8 {
920	samr_string_t fullname;
921};
922
923
924struct samr_QueryUserInfo9 {
925	DWORD group_rid;
926};
927
928
929struct samr_QueryUserInfo16 {
930	DWORD UserAccountControl;
931};
932
933/*
934 * SAMR_USER_ALL_INFORMATION
935 */
936struct samr_QueryUserInfo21 {
937	samr_quad_t		LastLogon;
938	samr_quad_t		LastLogoff;
939	samr_quad_t		PasswordLastSet;
940	samr_quad_t		AccountExpires;
941	samr_quad_t		PasswordCanChange;
942	samr_quad_t		PasswordMustChange;
943	samr_string_t		UserName;
944	samr_string_t		FullName;
945	samr_string_t		HomeDirectory;
946	samr_string_t		HomeDirectoryDrive;
947	samr_string_t		ScriptPath;
948	samr_string_t		ProfilePath;
949	samr_string_t		AdminComment;
950	samr_string_t		WorkStations;
951	samr_string_t		UserComment;
952	samr_string_t		Parameters;
953	struct samr_short_blob	LmOwfPassword;
954	struct samr_short_blob	NtOwfPassword;
955	samr_string_t		PrivateData;
956	samr_sd_t		SecurityDescriptor;
957	DWORD			UserId;
958	DWORD			PrimaryGroupId;
959	DWORD			UserAccountControl;
960	DWORD			WhichFields;
961	struct samr_logon_hours_all	LogonHours;
962	WORD			BadPasswordCount;
963	WORD			LogonCount;
964	WORD			CountryCode;
965	WORD			CodePage;
966	BYTE			LmPasswordPresent;
967	BYTE			NtPasswordPresent;
968	BYTE			PasswordExpired;
969	BYTE			PrivateDataSensitive;
970};
971
972/* See also: fixup_samr_QueryUserInfo() */
973union QueryUserInfo_result_u {
974	UNION_INFO_ENT(1,samr_QueryUserInfo);
975	UNION_INFO_ENT(6,samr_QueryUserInfo);
976	UNION_INFO_ENT(7,samr_QueryUserInfo);
977	UNION_INFO_ENT(8,samr_QueryUserInfo);
978	UNION_INFO_ENT(9,samr_QueryUserInfo);
979	UNION_INFO_ENT(16,samr_QueryUserInfo);
980	UNION_INFO_ENT(21,samr_QueryUserInfo);
981	DEFAULT	char *nullptr;
982};
983
984
985/*
986 * This structure needs to be declared, even though it can't be used in
987 * samr_QueryUserInfo, in order to get the appropriate size to calculate
988 * the correct fixup offsets.  If ndrgen did the right thing,
989 * QueryUserInfo_result would be one of the out parameters.  However, if
990 * we do it that way, the switch_value isn't known early enough to do
991 * the fixup calculation.  So it all has to go in samr_QueryUserInfo.
992 */
993struct QueryUserInfo_result {
994	DWORD address;
995	WORD switch_value;
996	SWITCH(switch_value)
997		union QueryUserInfo_result_u ru;
998};
999
1000
1001OPERATION(SAMR_OPNUM_QueryUserInfo)
1002struct samr_QueryUserInfo {
1003	IN	samr_handle_t user_handle;
1004	IN	WORD switch_value;
1005	/*
1006	 * Can't use this form because we need to include members explicitly.
1007	 * OUT	struct QueryUserInfo_result result;
1008	 */
1009	OUT	DWORD address;
1010	OUT	WORD switch_index;
1011  SWITCH(switch_value)
1012	OUT	union QueryUserInfo_result_u ru;
1013	OUT	DWORD status;
1014};
1015
1016
1017/*
1018 ***********************************************************************
1019 * QueryUserGroups
1020 ***********************************************************************
1021 */
1022struct samr_UserGroups {
1023	DWORD rid;
1024	DWORD attr;
1025};
1026
1027
1028struct samr_UserGroupInfo {
1029	DWORD n_entry;
1030  SIZE_IS(n_entry)
1031	struct samr_UserGroups *groups;
1032};
1033
1034
1035OPERATION(SAMR_OPNUM_QueryUserGroups)
1036struct samr_QueryUserGroups {
1037	IN	samr_handle_t user_handle;
1038	OUT struct samr_UserGroupInfo *info;
1039	OUT	DWORD status;
1040};
1041
1042
1043/*
1044 ***********************************************************************
1045 * LookupName
1046 ***********************************************************************
1047 */
1048struct samr_LookupNameTable {
1049	DWORD n_entry;
1050  SIZE_IS(n_entry)
1051	samr_string_t names[ANY_SIZE_ARRAY];
1052};
1053
1054
1055struct samr_LookupRidTable {
1056	DWORD n_entry;
1057  SIZE_IS(n_entry)
1058	DWORD *rid;
1059};
1060
1061struct samr_RidType {
1062	DWORD n_entry;
1063  SIZE_IS(n_entry)
1064	DWORD *rid_type;
1065};
1066
1067
1068OPERATION(SAMR_OPNUM_LookupNames)
1069struct samr_LookupNames {
1070	IN	samr_handle_t handle;
1071	IN	DWORD n_entry;
1072	IN	DWORD max_n_entry;
1073	IN	DWORD index;
1074	IN	DWORD total;
1075	IN	samr_string_t name;
1076	OUT	struct samr_LookupRidTable rids;
1077	OUT	struct samr_RidType rid_types;
1078	OUT	DWORD status;
1079};
1080
1081
1082/*
1083 ***********************************************************************
1084 * OpenGroup
1085 *
1086 * Input must be a domain handle obtained via SAMR_OPNUM_OpenDomain,
1087 * an access mask and the appropriate group rid. The output will be a
1088 * handle for use with the specified group.
1089 ***********************************************************************
1090 */
1091OPERATION(SAMR_OPNUM_OpenGroup)
1092struct samr_OpenGroup {
1093	IN	samr_handle_t handle;
1094	IN	DWORD access_mask;
1095	IN	DWORD rid;
1096	OUT	samr_handle_t group_handle;
1097	OUT	DWORD status;
1098};
1099
1100
1101/*
1102 ***********************************************************************
1103 * QueryGroupInfo
1104 *
1105 * Input must be a group handle obtained via SAMR_OPNUM_OpenGroup,
1106 * an access mask and the appropriate group rid. The output will
1107 * be a handle for use with the specified group.
1108 ***********************************************************************
1109 */
1110struct samr_QueryGroupInfo1 {
1111	samr_string_t groupname;
1112};
1113
1114
1115union samr_QueryGroupInfo_result_u {
1116	UNION_INFO_ENT(1,samr_QueryGroupInfo);
1117	DEFAULT	char *nullptr;
1118};
1119
1120
1121struct samr_QueryGroupInfo_result {
1122	DWORD address;
1123	WORD switch_index;
1124  SWITCH(switch_index)
1125	union samr_QueryGroupInfo_result_u ru;
1126};
1127
1128
1129OPERATION(SAMR_OPNUM_QueryGroupInfo)
1130struct samr_QueryGroupInfo {
1131	IN	samr_handle_t group_handle;
1132	IN	DWORD switch_value;
1133	OUT	DWORD address;
1134	OUT	WORD switch_index;
1135  SWITCH(switch_index)
1136	OUT	union samr_QueryGroupInfo_result_u ru;
1137	OUT	DWORD status;
1138};
1139
1140
1141/*
1142 ***********************************************************************
1143 * StoreGroupInfo
1144 *
1145 * This definition is mostly just a place holder in case this is useful
1146 * in the future. Note that it may not be correct. The information is
1147 * from a netmon trace captured when I added a group description. I
1148 * haven't implemented it because we don't have to update anything on
1149 * the PDC. The description should almost certainly be in a separate
1150 * structure.
1151 ***********************************************************************
1152 */
1153OPERATION(SAMR_OPNUM_StoreGroupInfo)
1154struct samr_StoreGroupInfo {
1155	IN	samr_handle_t group_handle;
1156	IN	DWORD switch_value;
1157	IN	samr_string_t group_description;
1158	OUT	DWORD status;
1159};
1160
1161/*
1162 * AddAliasMember
1163 */
1164OPERATION(SAMR_OPNUM_AddAliasMember)
1165struct samr_AddAliasMember {
1166	IN		samr_handle_t alias_handle;
1167	IN REFERENCE	struct samr_sid *sid;
1168	OUT DWORD	status;
1169};
1170
1171/*
1172 * DeleteAliasMember
1173 */
1174OPERATION(SAMR_OPNUM_DeleteAliasMember)
1175struct samr_DeleteAliasMember {
1176	IN		samr_handle_t alias_handle;
1177	IN REFERENCE	struct samr_sid *sid;
1178	OUT DWORD	status;
1179};
1180
1181struct samr_SidList {
1182	struct samr_sid		*sid;
1183};
1184
1185struct samr_SidInfo {
1186	DWORD n_entry;
1187  SIZE_IS(n_entry)
1188	struct samr_SidList	*sidlist;
1189};
1190
1191/*
1192 * ListAliasMembers
1193 */
1194OPERATION(SAMR_OPNUM_ListAliasMembers)
1195struct samr_ListAliasMembers {
1196	IN		samr_handle_t alias_handle;
1197	OUT		struct samr_SidInfo info;
1198	OUT DWORD	status;
1199};
1200
1201/*
1202 ***********************************************************************
1203 * GetUserDomainPasswordInformation
1204 ***********************************************************************
1205 */
1206OPERATION(SAMR_OPNUM_GetUserPwInfo)
1207struct samr_GetUserPwInfo {
1208	IN		samr_handle_t		user_handle;
1209	OUT REFERENCE	samr_password_info_t	*pwinfo;
1210	OUT		DWORD			status;
1211};
1212
1213
1214/*
1215 ***********************************************************************
1216 * CreateUser
1217 *
1218 * Create a user in the domain specified by the domain handle. The
1219 * domain handle is obtained obtained via SAMR_OPNUM_OpenDomain.
1220 * DesiredAccess: 0xe00500b0.
1221 * The output will be a handle for use with the specified user and the
1222 * user's RID. I think the RID may be a unique pointer (it can be null).
1223 ***********************************************************************
1224 */
1225OPERATION(SAMR_OPNUM_CreateUser)
1226struct samr_CreateUser {
1227	IN	samr_handle_t handle;
1228	IN	samr_vcbuf_t username;
1229	IN	DWORD account_flags;
1230	IN	DWORD desired_access;
1231	OUT	samr_handle_t user_handle;
1232	OUT	DWORD maybe_ptr;
1233	OUT	DWORD rid;
1234	OUT	DWORD status;
1235};
1236
1237
1238/*
1239 ***********************************************************************
1240 * ChangePasswordUser2 - See:
1241 * SamrUnicodeChangePasswordUser2 [MS-SAMR 3.1.5.10.3]
1242 ***********************************************************************
1243 */
1244
1245OPERATION(SAMR_OPNUM_ChangePasswordUser2)
1246struct samr_ChangePasswordUser2 {
1247	IN	samr_string_t *servername;
1248	IN REF	samr_string_t *username;
1249	IN	struct samr_encr_passwd *nt_newpw;
1250	IN	struct samr_encr_hash *nt_oldpw;
1251	IN	BYTE lm_present;
1252	IN	struct samr_encr_passwd *lm_newpw;
1253	IN	struct samr_encr_hash *lm_oldpw;
1254	OUT	DWORD status;
1255};
1256
1257
1258/*
1259 ***********************************************************************
1260 * GetDomainPwInfo
1261 ***********************************************************************
1262 */
1263OPERATION(SAMR_OPNUM_GetDomainPwInfo)
1264struct samr_GetDomainPwInfo {
1265	IN		DWORD			unused;
1266	OUT REFERENCE	samr_password_info_t	*pwinfo;
1267	OUT		DWORD			status;
1268};
1269
1270
1271/*
1272 ***********************************************************************
1273 * SetUserInfo
1274 * [MS-SAMR] SamrSetInformationUser2
1275 ***********************************************************************
1276 */
1277
1278/* USER_CONTROL_INFORMATION */
1279struct samr_SetUserInfo16 {
1280	DWORD UserAccountControl;
1281};
1282
1283
1284/*
1285 * samr_SetUserInfo21, a.k.a
1286 * SAMR_USER_ALL_INFORMATION
1287 *
1288 * We now know this is the same as samr_QueryUserInfo21
1289 * Could merge, except for the samr_vcbuf_t mess.
1290 */
1291
1292#define SAMR_SET_USER_INFO_21		21
1293
1294struct samr_SetUserInfo21 {
1295	samr_quad_t		LastLogon;
1296	samr_quad_t		LastLogoff;
1297	samr_quad_t		PasswordLastSet;
1298	samr_quad_t		AccountExpires;
1299	samr_quad_t		PasswordCanChange;
1300	samr_quad_t		PasswordMustChange;
1301
1302	samr_vcbuf_t		UserName;
1303	samr_vcbuf_t		FullName;
1304	samr_vcbuf_t		HomeDirectory;
1305	samr_vcbuf_t		HomeDirectoryDrive;
1306	samr_vcbuf_t		ScriptPath;
1307	samr_vcbuf_t		ProfilePath;
1308	samr_vcbuf_t		AdminComment;
1309	samr_vcbuf_t		WorkStations;
1310	samr_vcbuf_t		UserComment;
1311	samr_vcbuf_t		Parameters;
1312
1313	struct samr_short_blob	LmOwfPassword;
1314	struct samr_short_blob	NtOwfPassword;
1315	samr_vcbuf_t		PrivateData;
1316	samr_sd_t		SecurityDescriptor;
1317
1318	DWORD			UserId;	/* RID */
1319	DWORD			PrimaryGroupId;
1320	DWORD			UserAccountControl;
1321	DWORD			WhichFields;
1322
1323	/*
1324	 * This should be samr_logon_hours_all, but apparently
1325	 * ndrgen doesn't get that quite right, so instead, the
1326	 * client-side code patches this up.
1327	 */
1328	struct samr_logon_info	LogonHours;
1329
1330	WORD			BadPasswordCount;
1331	WORD			LogonCount;
1332	WORD			CountryCode;
1333	WORD			CodePage;
1334	BYTE			LmPasswordPresent;
1335	BYTE			NtPasswordPresent;
1336	BYTE			PasswordExpired;
1337	BYTE			PrivateDataSensitive;
1338};
1339
1340/*
1341 *	SAMPR_USER_INTERNAL4_INFORMATION
1342 *	UserInternal4Information (23)
1343 */
1344#define SAMR_SET_USER_INFO_23		23
1345struct samr_SetUserInfo23 {
1346	struct samr_SetUserInfo21 info21;
1347	struct samr_encr_passwd encr_pw;
1348};
1349
1350/*
1351 *	SAMPR_USER_INTERNAL5_INFORMATION
1352 *	UserInternal5Information (24)
1353 */
1354#define SAMR_SET_USER_INFO_24		24
1355struct samr_SetUserInfo24 {
1356	struct samr_encr_passwd encr_pw;
1357	BYTE password_expired;
1358};
1359
1360
1361union samr_SetUserInfo_u {
1362	UNION_INFO_ENT(16,samr_SetUserInfo);
1363	UNION_INFO_ENT(21,samr_SetUserInfo);
1364	UNION_INFO_ENT(23,samr_SetUserInfo);
1365	UNION_INFO_ENT(24,samr_SetUserInfo);
1366	DEFAULT  DWORD nothing;
1367};
1368
1369struct samr_SetUserInfo_s {
1370	WORD info_level;
1371	WORD switch_value;
1372  SWITCH(switch_value)
1373	union samr_SetUserInfo_u ru;
1374};
1375
1376OPERATION(SAMR_OPNUM_SetUserInfo)
1377struct samr_SetUserInfo {
1378	IN	samr_handle_t user_handle;
1379	IN	struct samr_SetUserInfo_s info;
1380	OUT	DWORD status;
1381};
1382
1383
1384/*
1385 ***********************************************************************
1386 * The SAMR interface definition.
1387 ***********************************************************************
1388 */
1389INTERFACE(0)
1390union samr_interface {
1391	CASE(SAMR_OPNUM_Connect)
1392		struct samr_Connect		Connect;
1393	CASE(SAMR_OPNUM_CloseHandle)
1394		struct samr_CloseHandle		CloseHandle;
1395	CASE(SAMR_OPNUM_LookupDomain)
1396		struct samr_LookupDomain	LookupDomain;
1397	CASE(SAMR_OPNUM_EnumLocalDomains)
1398		struct samr_EnumLocalDomain	EnumLocalDomain;
1399	CASE(SAMR_OPNUM_OpenDomain)
1400		struct samr_OpenDomain		OpenDomain;
1401	CASE(SAMR_OPNUM_QueryDomainInfo)
1402		struct samr_QueryDomainInfo	QueryDomainInfo;
1403	CASE(SAMR_OPNUM_QueryInfoDomain2)
1404		struct samr_QueryInfoDomain2	QueryInfoDomain2;
1405	CASE(SAMR_OPNUM_LookupNames)
1406		struct samr_LookupNames		LookupNames;
1407	CASE(SAMR_OPNUM_OpenUser)
1408		struct samr_OpenUser		OpenUser;
1409	CASE(SAMR_OPNUM_DeleteUser)
1410		struct samr_DeleteUser		DeleteUser;
1411	CASE(SAMR_OPNUM_QueryUserInfo)
1412		struct samr_QueryUserInfo	QueryUserInfo;
1413	CASE(SAMR_OPNUM_QueryUserGroups)
1414		struct samr_QueryUserGroups	QueryUserGroups;
1415	CASE(SAMR_OPNUM_OpenGroup)
1416		struct samr_OpenGroup		OpenGroup;
1417	CASE(SAMR_OPNUM_AddAliasMember)
1418		struct samr_AddAliasMember	AddAliasMember;
1419	CASE(SAMR_OPNUM_DeleteAliasMember)
1420		struct samr_DeleteAliasMember	DeleteAliasMember;
1421	CASE(SAMR_OPNUM_ListAliasMembers)
1422		struct samr_ListAliasMembers	ListAliasMembers;
1423	CASE(SAMR_OPNUM_GetUserPwInfo)
1424		struct samr_GetUserPwInfo	GetUserPwInfo;
1425	CASE(SAMR_OPNUM_CreateUser)
1426		struct samr_CreateUser		CreateUser;
1427	CASE(SAMR_OPNUM_ChangePasswordUser2)
1428		struct samr_ChangePasswordUser2	ChangePasswordUser2;
1429	CASE(SAMR_OPNUM_GetDomainPwInfo)
1430		struct samr_GetDomainPwInfo	GetDomainPwInfo;
1431	CASE(SAMR_OPNUM_Connect2)
1432		struct samr_Connect2		Connect2;
1433	CASE(SAMR_OPNUM_SetUserInfo)
1434		struct samr_SetUserInfo		SetUserInfo;
1435	CASE(SAMR_OPNUM_Connect4)
1436		struct samr_Connect4		Connect4;
1437	CASE(SAMR_OPNUM_Connect5)
1438		struct samr_Connect5		Connect5;
1439	CASE(SAMR_OPNUM_QueryDispInfo)
1440		struct samr_QueryDispInfo	QueryDispInfo;
1441	CASE(SAMR_OPNUM_OpenAlias)
1442		struct samr_OpenAlias		OpenAlias;
1443	CASE(SAMR_OPNUM_CreateDomainAlias)
1444		struct samr_CreateDomainAlias	CreateDomainAlias;
1445	CASE(SAMR_OPNUM_SetAliasInfo)
1446		struct samr_SetAliasInfo	SetAliasInfo;
1447	CASE(SAMR_OPNUM_QueryAliasInfo)
1448		struct samr_QueryAliasInfo	QueryAliasInfo;
1449	CASE(SAMR_OPNUM_DeleteDomainAlias)
1450		struct samr_DeleteDomainAlias	DeleteDomainAlias;
1451	CASE(SAMR_OPNUM_EnumDomainAliases)
1452		struct samr_EnumDomainAliases	EnumDomainAliases;
1453	CASE(SAMR_OPNUM_EnumDomainGroups)
1454		struct samr_EnumDomainGroups	EnumDomainGroups;
1455};
1456typedef union samr_interface	samr_interface_t;
1457EXTERNTYPEINFO(samr_interface)
1458
1459#endif /* _MLSVC_SAM_NDL_ */
1460