xref: /titanic_51/usr/src/uts/common/smbsrv/ndl/samrpc.ndl (revision c029eafbb040b81649027c5ae5a38e92d214461b)
1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22/*
23 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright 2012 Nexenta Systems, Inc.  All rights reserved.
25 */
26
27#ifndef _MLSVC_SAM_NDL_
28#define _MLSVC_SAM_NDL_
29
30/*
31 * Security Accounts Manager RPC (SAMR) interface definition.
32 */
33
34#include "ndrtypes.ndl"
35
36/* Windows NT */
37#define SAMR_OPNUM_Connect			0x00	/* SamrConnect */
38#define SAMR_OPNUM_CloseHandle			0x01
39#define SAMR_OPNUM_SetSecObject			0x02
40#define SAMR_OPNUM_QuerySecObject		0x03
41#define SAMR_OPNUM_ShutdownSamServer		0x04	/* NotUsedOnWire */
42#define SAMR_OPNUM_LookupDomain			0x05
43#define SAMR_OPNUM_EnumLocalDomains		0x06
44#define SAMR_OPNUM_OpenDomain			0x07
45#define SAMR_OPNUM_QueryDomainInfo		0x08
46#define SAMR_OPNUM_SetDomainInfo		0x09
47#define SAMR_OPNUM_CreateDomainGroup		0x0a
48#define SAMR_OPNUM_QueryDomainGroups		0x0b
49#define SAMR_OPNUM_CreateDomainUser		0x0c
50#define SAMR_OPNUM_EnumDomainUsers		0x0d
51#define SAMR_OPNUM_CreateDomainAlias		0x0e
52#define SAMR_OPNUM_EnumDomainAliases		0x0f
53#define SAMR_OPNUM_LookupIds			0x10	/* GetAliasMembership */
54#define SAMR_OPNUM_LookupNames			0x11
55#define SAMR_OPNUM_LookupDomainIds		0x12
56#define SAMR_OPNUM_OpenGroup			0x13
57#define SAMR_OPNUM_QueryGroupInfo		0x14
58#define SAMR_OPNUM_StoreGroupInfo		0x15
59#define SAMR_OPNUM_AddGroupMember		0x16
60#define SAMR_OPNUM_DeleteDomainGroup		0x17
61#define SAMR_OPNUM_DeleteGroupMember		0x18
62#define SAMR_OPNUM_ListGroupMembers		0x19
63#define SAMR_OPNUM_SetGroupMemberAttributes	0x1a
64#define SAMR_OPNUM_OpenAlias			0x1b
65#define SAMR_OPNUM_QueryAliasInfo		0x1c
66#define SAMR_OPNUM_SetAliasInfo			0x1d
67#define SAMR_OPNUM_DeleteDomainAlias		0x1e
68#define SAMR_OPNUM_AddAliasMember		0x1f
69#define SAMR_OPNUM_DeleteAliasMember		0x20
70#define SAMR_OPNUM_ListAliasMembers		0x21
71#define SAMR_OPNUM_OpenUser			0x22
72#define SAMR_OPNUM_DeleteUser			0x23
73#define SAMR_OPNUM_QueryUserInfo		0x24
74#define SAMR_OPNUM_SetUserInfo0			0x25	/* SetUserInfo */
75#define SAMR_OPNUM_ChangeUserPassword0		0x26	/* ChangeUserPassword */
76#define SAMR_OPNUM_QueryUserGroups		0x27
77#define SAMR_OPNUM_QueryDispInfo		0x28	/* QueryDispInfo1 */
78#define	SAMR_OPNUM_GetDisplayEnumIndex		0x29
79#define	SAMR_OPNUM_TestPrivateDomainFunctions	0x2a	/* NotUsedOnWire */
80#define	SAMR_OPNUM_TestPrivateUserFunctions	0x2b	/* NotUsedOnWire */
81#define SAMR_OPNUM_GetUserPwInfo		0x2c
82
83/* Windows 2000 */
84#define	SAMR_OPNUM_RemoveMemberFromForeignDomain        0x2d
85#define	SAMR_OPNUM_QueryInfoDomain2		0x2e
86#define	SAMR_OPNUM_QueryInfoUser2		0x2f
87#define	SAMR_OPNUM_EnumDomainGroups		0x30    /* QueryDispInfo2 */
88#define	SAMR_OPNUM_GetDisplayEnumIndex2		0x31
89#define	SAMR_OPNUM_CreateUser			0x32
90#define	SAMR_OPNUM_QueryDispInfo4		0x33
91#define	SAMR_OPNUM_AddMultipleAliasMembers	0x34
92#define	SAMR_OPNUM_RemoveMultipleAliasMembers	0x35
93#define	SAMR_OPNUM_ChangeUserOemPassword	0x36
94#define SAMR_OPNUM_ChangePasswordUser2		0x37	/* UnicodePasswd */
95#define SAMR_OPNUM_GetDomainPwInfo		0x38
96#define SAMR_OPNUM_Connect2                     0x39    /* SamrConnect2 */
97#define SAMR_OPNUM_SetUserInfo			0x3a	/* SetInfoUser2 */
98#define	SAMR_OPNUM_SetBootKeyInformation	0x3b
99#define	SAMR_OPNUM_GetBootKeyInformation	0x3c
100#define	SAMR_OPNUM_Connect3			0x3d	/* NotUsedOnWire */
101#define	SAMR_OPNUM_Connect4			0x3e	/* SamrConnect4 */
102#define	SAMR_OPNUM_ChangeUserUnicodePassword3	0x3f
103
104/* Windows XP and Windows Server 2003 */
105#define	SAMR_OPNUM_Connect5			0x40	/* SamrConnect5 */
106#define	SAMR_OPNUM_RidToSid                     0x41
107#define	SAMR_OPNUM_SetDSRMPassword              0x42
108#define	SAMR_OPNUM_ValidatePassword             0x43
109
110/* Windows Vista */
111#define SAMR_OPNUM_QueryLocalizableAccountsInDomain     0x44
112#define SAMR_OPNUM_PerformGenericOperation              0x45
113
114
115/*
116 * Sam account flags used when creating an account. These flags seem
117 * to be very similar to the USER_INFO_X flags (UF_XXX) in lmaccess.h
118 * but the values are different.
119 */
120#define SAMR_AF_ACCOUNTDISABLE			0x0001
121#define SAMR_AF_HOMEDIR_REQUIRED		0x0002
122#define SAMR_AF_PASSWD_NOTREQD			0x0004
123#define SAMR_AF_TEMP_DUPLICATE_ACCOUNT		0x0008
124#define SAMR_AF_NORMAL_ACCOUNT			0x0010
125#define SAMR_AF_MNS_LOGON_ACCOUNT		0x0020
126#define SAMR_AF_INTERDOMAIN_TRUST_ACCOUNT	0x0040
127#define SAMR_AF_WORKSTATION_TRUST_ACCOUNT	0x0080
128#define SAMR_AF_SERVER_TRUST_ACCOUNT		0x0100
129#define SAMR_AF_DONT_EXPIRE_PASSWD		0x0200
130#define SAMR_AF_ACCOUNT_AUTOLOCK		0x0400
131
132
133#define SAMR_AF_MACHINE_ACCOUNT_MASK	( \
134				SAMR_AF_INTERDOMAIN_TRUST_ACCOUNT \
135				| SAMR_AF_WORKSTATION_TRUST_ACCOUNT \
136				| SAMR_AF_SERVER_TRUST_ACCOUNT)
137
138#define SAMR_AF_ACCOUNT_TYPE_MASK	( \
139				SAMR_AF_TEMP_DUPLICATE_ACCOUNT \
140				| SAMR_AF_NORMAL_ACCOUNT \
141				| SAMR_AF_INTERDOMAIN_TRUST_ACCOUNT \
142				| SAMR_AF_WORKSTATION_TRUST_ACCOUNT \
143				| SAMR_AF_SERVER_TRUST_ACCOUNT)
144
145/*
146 * QueryUserInfo UserAllInformation WhichFields
147 */
148#define	SAMR_USER_ALL_USERNAME			0x00000001
149#define	SAMR_USER_ALL_FULLNAME			0x00000002
150#define	SAMR_USER_ALL_USERID			0x00000004
151#define	SAMR_USER_ALL_PRIMARYGROUPID		0x00000008
152#define	SAMR_USER_ALL_ADMINCOMMENT		0x00000010
153#define	SAMR_USER_ALL_USERCOMMENT		0x00000020
154#define	SAMR_USER_ALL_HOMEDIRECTORY		0x00000040
155#define	SAMR_USER_ALL_HOMEDIRECTORYDRIVE	0x00000080
156#define	SAMR_USER_ALL_SCRIPTPATH		0x00000100
157#define	SAMR_USER_ALL_PROFILEPATH		0x00000200
158#define	SAMR_USER_ALL_WORKSTATIONS		0x00000400
159#define	SAMR_USER_ALL_LASTLOGON			0x00000800
160#define	SAMR_USER_ALL_LASTLOGOFF		0x00001000
161#define	SAMR_USER_ALL_LOGONHOURS		0x00002000
162#define	SAMR_USER_ALL_BADPASSWORDCOUNT		0x00004000
163#define	SAMR_USER_ALL_LOGONCOUNT		0x00008000
164#define	SAMR_USER_ALL_PASSWORDCANCHANGE		0x00010000
165#define	SAMR_USER_ALL_PASSWORDMUSTCHANGE	0x00020000
166#define	SAMR_USER_ALL_PASSWORDLASTSET		0x00040000
167#define	SAMR_USER_ALL_ACCOUNTEXPIRES		0x00080000
168#define	SAMR_USER_ALL_USERACCOUNTCONTROL	0x00100000
169#define	SAMR_USER_ALL_PARAMETERS		0x00200000
170#define	SAMR_USER_ALL_COUNTRYCODE		0x00400000
171#define	SAMR_USER_ALL_CODEPAGE			0x00800000
172#define	SAMR_USER_ALL_NTPASSWORDPRESENT		0x01000000
173#define	SAMR_USER_ALL_LMPASSWORDPRESENT		0x02000000
174#define	SAMR_USER_ALL_PRIVATEDATA		0x04000000
175#define	SAMR_USER_ALL_PASSWORDEXPIRED		0x08000000
176#define	SAMR_USER_ALL_SECURITYDESCRIPTOR	0x10000000
177#define	SAMR_USER_ALL_OWF_PASSWORD		0x20000000
178#define	SAMR_USER_ALL_UNDEFINED_MASK		0xC0000000
179
180/*
181 * Alias Access Mask values for SAMR
182 * Section 2.2.1.6 of MS-SAMR
183 */
184#define SAMR_ALIAS_ACCESS_EXECUTE		0x00020008
185#define SAMR_ALIAS_ACCESS_WRITE			0x00020013
186#define SAMR_ALIAS_ACCESS_READ			0x00020004
187#define SAMR_ALIAS_ACCESS_ALL_ACCESS		0x000F001F
188#define SAMR_ALIAS_ACCESS_WRITE_ACCOUNT		0x00000010
189#define SAMR_ALIAS_ACCESS_READ_INFO		0x00000008
190#define SAMR_ALIAS_ACCESS_LIST_MEMBERS		0x00000004
191#define SAMR_ALIAS_ACCESS_REMOVE_MEMBER		0x00000002
192#define SAMR_ALIAS_ACCESS_ADD_MEMBER		0x00000001
193
194#define	SAMR_REVISION_1			1	/* Pre Windows 2000 */
195#define	SAMR_REVISION_2			2	/* Windows 2000 */
196#define	SAMR_REVISION_3			3	/* Post Windows 2000 */
197
198/*
199 * Definition for a SID. The ndl compiler does not allow a typedef of
200 * a structure containing variable size members.
201 * Note: cast compatible with smb_sid_t, and code depends on that.
202 */
203struct samr_sid {
204	BYTE		Revision;
205	BYTE		SubAuthCount;
206	BYTE		Authority[6];
207  SIZE_IS(SubAuthCount)
208	DWORD		SubAuthority[ANY_SIZE_ARRAY];
209};
210
211
212/*
213 * SAMR definition of a security_descriptor.
214 */
215struct samr_sec_desc {
216	BYTE Revision;
217	BYTE Sbz1;
218	WORD Control;
219	struct samr_sid *owner;
220	struct samr_sid *group;
221	struct samr_sid *sacl;
222	struct samr_sid *dacl;
223};
224
225struct samr_sd {
226	DWORD length;
227  SIZE_IS(length)
228	BYTE *data;
229};
230typedef struct samr_sd samr_sd_t;
231
232/*
233 * See RPC_STRING in the MS IDL.
234 * Definition for a string. The length and allosize should be set to
235 * twice the string length (i.e. strlen(str) * 2). The runtime code
236 * will perform the appropriate string to a wide-char conversions,
237 * so str should point to a regular char * string.
238 */
239struct samr_string {
240	WORD		length;
241	WORD		allosize;
242	LPTSTR		str;
243};
244typedef struct samr_string samr_string_t;
245
246
247/*
248 * Alternative varying/conformant string definition - for
249 * non-null terminated strings. This definition must match
250 * ndr_vcbuf_t.
251 */
252struct samr_vcb {
253	/*
254	 * size_is (actually a copy of length_is) will
255	 * be inserted here by the marshalling library.
256	 */
257	DWORD vc_first_is;
258	DWORD vc_length_is;
259  SIZE_IS(vc_length_is)
260	WORD buffer[ANY_SIZE_ARRAY];
261};
262
263struct samr_vcbuf {
264	WORD wclen;
265	WORD wcsize;
266	struct samr_vcb *vcb;
267};
268typedef struct samr_vcbuf samr_vcbuf_t;
269
270CONTEXT_HANDLE(samr_handle) samr_handle_t;
271
272/*
273 * OLD_LARGE_INTEGER: a 64-bit value.
274 */
275struct samr_quad {
276	DWORD low;
277	DWORD high;
278};
279typedef struct samr_quad samr_quad_t;
280
281/*
282 * Blob used for the NT and LM OWF passwords.
283 * The length and maxlen should be 16.
284 */
285struct samr_short_blob {
286	WORD	length;
287	WORD	maxlen;
288  SIZE_IS(length / 2)
289	WORD	*buf;
290};
291
292#define	DOMAIN_PASSWORD_COMPLEX			0x00000001
293#define	DOMAIN_PASSWORD_NO_ANON_CHANGE		0x00000002
294#define	DOMAIN_PASSWORD_NO_CLEAR_CHANGE		0x00000004
295#define	DOMAIN_LOCKOUT_ADMINS			0x00000008
296#define	DOMAIN_PASSWORD_STORE_CLEARTEXT		0x00000010
297#define	DOMAIN_REFUSE_PASSWORD_CHANGE		0x00000020
298
299struct samr_password_info {
300	WORD	min_length;
301	DWORD	properties;
302};
303typedef struct samr_password_info samr_password_info_t;
304
305/*
306 * There is some sort of logon bitmap structure in here, which I
307 * think is a varying and conformant array, i.e.
308 *
309 *	struct samr_logon_hours {
310 *      DWORD size_is;		(1260)
311 *      DWORD first_is;		(zero)
312 *      DWORD length_is;	(168)
313 *      BYTE bitmap[21];
314 *  };
315 *
316 *	struct samr_logon_info {
317 *		DWORD length;
318 *	SIZE_IS(length / 8)
319 *		struct samr_logon_hours *hours;
320 *	};
321 *
322 * There are 10080 minutes/week => 10080/8 = 1260 (0x04EC).
323 * So size_is is set as some sort of maximum.
324 *
325 * There are 168 hours/week => 168/8 = 21 (0xA8). Since there are 21
326 * bytes (all set to 0xFF), this is is probably the default setting.
327 */
328
329#define SAMR_MINS_PER_WEEK		10080
330#define SAMR_HOURS_PER_WEEK		168
331
332#define SAMR_HOURS_MAX_SIZE		(SAMR_MINS_PER_WEEK / 8)
333#define SAMR_HOURS_SET_LEN(LEN)		((LEN) / 8)
334#define SAMR_SET_USER_HOURS_SZ		21
335
336struct samr_logon_hours {
337	DWORD size;
338	DWORD first;
339	DWORD length;
340	BYTE bitmap[SAMR_SET_USER_HOURS_SZ];
341};
342
343struct samr_logon_info {
344	DWORD units;
345	DWORD hours;
346};
347
348struct samr_logon_hours_all {
349	WORD	units_per_week;
350  SIZE_IS(units_per_week / 8)
351	BYTE	*hours;
352};
353
354/*
355 * SAMPR_USER_PASSWORD (in the MS Net API) or
356 * struct samr_user_password (internal use) is
357 * the "clear" form of struct samr_encr_passwd
358 * (SAMPR_ENCRYPTED_USER_PASSWORD in MS Net).
359 * It's not used by ndrgen, but is declared here
360 * to help clarify the relationship between these,
361 * and for the benefit of our client-side code.
362 */
363#ifndef	NDRGEN
364#define SAMR_USER_PWLEN	256
365struct samr_user_password {
366	smb_wchar_t	Buffer[SAMR_USER_PWLEN];
367	DWORD Length;
368};
369#endif	/* NDRGEN */
370
371/* SAMPR_ENCRYPTED_USER_PASSWORD */
372#define	SAMR_ENCR_PWLEN 516	/* sizeof samr_user_password */
373struct samr_encr_passwd {
374	BYTE data[SAMR_ENCR_PWLEN];
375};
376
377/* ENCRYPTED_NT_OWF_PASSWORD */
378#define	SAMR_PWHASH_LEN	16
379struct samr_encr_hash {
380	BYTE data[SAMR_PWHASH_LEN];
381};
382
383/*
384 ***********************************************************************
385 * SamrConnect.
386 ***********************************************************************
387 */
388OPERATION(SAMR_OPNUM_Connect)
389struct samr_Connect {
390	IN	DWORD *servername;
391	IN	DWORD access_mask;
392	OUT	samr_handle_t handle;
393	OUT	DWORD status;
394};
395
396
397/*
398 ***********************************************************************
399 * SamrConnect2.
400 ***********************************************************************
401 */
402OPERATION(SAMR_OPNUM_Connect2)
403struct samr_Connect2 {
404	IN	LPTSTR servername;
405	IN	DWORD access_mask;
406	OUT	samr_handle_t handle;
407	OUT	DWORD status;
408};
409
410
411/*
412 ***********************************************************************
413 * SamrConnect4. A new form of connect first seen with Windows 2000.
414 * A new field has been added to the input request. Value: 0x00000002.
415 ***********************************************************************
416 */
417OPERATION(SAMR_OPNUM_Connect4)
418struct samr_Connect4 {
419	IN	LPTSTR servername;
420	IN	DWORD revision;
421	IN	DWORD access_mask;
422	OUT	samr_handle_t handle;
423	OUT	DWORD status;
424};
425
426
427/*
428 ***********************************************************************
429 * SamrConnect5. A new form of connect first seen with Windows XP.
430 * The server name is the fully qualified domain name, i.e.
431 *	\\server.sun.com.
432 *
433 * [in]  DWORD	 InVersion,
434 * [in]  [switch_is(InVersion)]    samr_revision_info *InRevisionInfo
435 * [out] DWORD	 *OutVersion
436 * [out] [switch_is(*OutVersion)] *samr_revision_info *OutRevisionInfo
437 *
438 * SupportedFeatures (see notes in [MS-SAMR]
439 *	0x00000001	RID values returned from the server must not be
440 *			concatenated with the domain SID.
441 *	0x00000002	Reserved
442 *	0x00000004	Reserved
443 ***********************************************************************
444 */
445struct samr_revision_info1 {
446	DWORD revision;
447	DWORD supported_features;
448};
449typedef struct samr_revision_info1 samr_revision_info1_t;
450
451union samr_revision_info {
452	UNION_INFO_ENT(1,samr_revision_info);
453	DEFAULT	char *nullptr;
454};
455
456OPERATION(SAMR_OPNUM_Connect5)
457struct samr_Connect5 {
458	IN		LPTSTR servername;
459	IN		DWORD access_mask;
460	/*
461	 * This should be a union, but instead this is
462	 * done this way because unions are hard to
463	 * express in this RPC implementation.
464	 */
465	INOUT	DWORD unknown2_00000001;	/* V1 */
466	INOUT	DWORD unknown3_00000001;	/* V1 */
467	/* SAMPR_REVISION_INFO_V1 */
468	INOUT	DWORD unknown4_00000003;	/* Revision */
469	INOUT	DWORD unknown5_00000000;	/* SupportedFeatures */
470	OUT		samr_handle_t handle;
471	OUT		DWORD status;
472};
473
474
475/*
476 ***********************************************************************
477 * CloseHandle closes an association with the SAM. Using the same
478 * structure as the LSA seems to work.
479 ***********************************************************************
480 */
481OPERATION(SAMR_OPNUM_CloseHandle)
482struct samr_CloseHandle {
483	IN	samr_handle_t handle;
484	OUT	samr_handle_t result_handle;
485	OUT	DWORD status;
486};
487
488
489/*
490 ***********************************************************************
491 * LookupDomain: lookup up the domain SID.
492 ***********************************************************************
493 */
494OPERATION(SAMR_OPNUM_LookupDomain)
495struct samr_LookupDomain {
496	IN	samr_handle_t handle;
497	IN	samr_string_t domain_name;
498	OUT struct samr_sid *sid;
499	OUT	DWORD status;
500};
501
502
503/*
504 ***********************************************************************
505 * EnumLocalDomain
506 *
507 * This looks like a request to get the local domains supported by a
508 * remote server. NT always seems to return 2 domains: the local
509 * domain (hostname) and the Builtin domain.
510 *
511 * The max_length field is set to 0x2000.
512 * Enum_context is set to 0 in the request and set to entries_read in
513 * the reply. Like most of these enums, total_entries is the same as
514 * entries_read.
515 ***********************************************************************
516 */
517struct samr_LocalDomainEntry {
518	DWORD unknown;
519	samr_string_t name;
520};
521
522struct samr_LocalDomainInfo {
523	DWORD entries_read;
524  SIZE_IS(entries_read)
525	struct samr_LocalDomainEntry *entry;
526};
527
528
529OPERATION(SAMR_OPNUM_EnumLocalDomains)
530struct samr_EnumLocalDomain {
531	IN		samr_handle_t handle;
532	INOUT	DWORD enum_context;
533	IN		DWORD max_length;
534	OUT		struct samr_LocalDomainInfo *info;
535	OUT		DWORD total_entries;
536	OUT		DWORD status;
537};
538
539
540/*
541 ***********************************************************************
542 * OpenDomain
543 *
544 * Open a specific domain within the SAM. From this I assume that each
545 * SAM can handle multiple domains so you need to identify the one with
546 * which you want to work. Working with a domain handle does appear to
547 * offer the benefit that you can then use RIDs instead of full SIDs,
548 * which simplifies things a bit. The domain handle can be used to get
549 * user and group handles.
550 ***********************************************************************
551 */
552OPERATION(SAMR_OPNUM_OpenDomain)
553struct samr_OpenDomain {
554	IN	samr_handle_t handle;
555	IN	DWORD access_mask;
556	IN REFERENCE struct samr_sid *sid;
557	OUT	samr_handle_t domain_handle;
558	OUT	DWORD status;
559};
560
561
562/*
563 ***********************************************************************
564 * QueryDomainInfo
565 *
566 * Windows 95 Server Manager sends requests for levels 6 and 7 when
567 * the services menu item is selected.
568 ***********************************************************************
569 */
570#define SAMR_QUERY_DOMAIN_INFO_2		2
571#define SAMR_QUERY_DOMAIN_INFO_6		6
572#define SAMR_QUERY_DOMAIN_INFO_7		7
573
574
575struct samr_QueryDomainInfo2 {
576	DWORD unknown1;			/* 00 00 00 00 */
577	DWORD unknown2;			/* 00 00 00 80 */
578	samr_string_t s1;
579	samr_string_t domain;
580	samr_string_t s2;
581	DWORD sequence_num;		/* 2B 00 00 00 */
582	DWORD unknown3;			/* 00 00 00 00 */
583	DWORD unknown4;			/* 01 00 00 00 */
584	DWORD unknown5;			/* 03 00 00 00 */
585	DWORD unknown6;			/* 01 */
586	DWORD num_users;
587	DWORD num_groups;
588	DWORD num_aliases;
589};
590
591
592struct samr_QueryDomainInfo6 {
593	DWORD unknown1;			/* 00 00 00 00 */
594	DWORD unknown2;			/* B0 7F 14 00 */
595	DWORD unknown3;			/* 00 00 00 00 */
596	DWORD unknown4;			/* 00 00 00 00 */
597	DWORD unknown5;			/* 00 00 00 00 */
598};
599
600
601struct samr_QueryDomainInfo7 {
602	DWORD unknown1;			/* 03 00 00 00 */
603};
604
605
606union samr_QueryDomainInfo_ru {
607	UNION_INFO_ENT(2,samr_QueryDomainInfo);
608	UNION_INFO_ENT(6,samr_QueryDomainInfo);
609	UNION_INFO_ENT(7,samr_QueryDomainInfo);
610	DEFAULT	char *nullptr;
611};
612
613struct samr_QueryDomainInfoRes {
614	WORD switch_value;
615	SWITCH(switch_value)
616		union samr_QueryDomainInfo_ru ru;
617};
618
619OPERATION(SAMR_OPNUM_QueryDomainInfo)
620struct samr_QueryDomainInfo {
621	IN	samr_handle_t domain_handle;
622	IN	WORD info_level;
623	OUT	struct samr_QueryDomainInfoRes *info;
624	OUT	DWORD status;
625};
626
627/*
628 * Identical to SAMR_OPNUM_QueryDomainInfo.
629 */
630OPERATION(SAMR_OPNUM_QueryInfoDomain2)
631struct samr_QueryInfoDomain2 {
632	IN	samr_handle_t	domain_handle;
633	IN	WORD		info_level;
634	OUT	struct samr_QueryDomainInfoRes *info;
635	OUT	DWORD		status;
636};
637
638#define SAMR_QUERY_ALIAS_INFO_1			1
639#define SAMR_QUERY_ALIAS_INFO_3			3
640
641
642struct samr_QueryAliasInfo1 {
643	WORD level;
644	samr_string_t name;
645	DWORD unknown;
646	samr_string_t desc;
647};
648
649struct samr_QueryAliasInfo3 {
650	WORD level;
651	samr_string_t desc;
652};
653
654union samr_QueryAliasInfo_ru {
655	UNION_INFO_ENT(1,samr_QueryAliasInfo);
656	UNION_INFO_ENT(3,samr_QueryAliasInfo);
657	DEFAULT	char *nullptr;
658};
659
660struct samr_QueryAliasInfoRes {
661	DWORD address;
662	WORD switch_value;
663	SWITCH(switch_value)
664		union samr_QueryAliasInfo_ru ru;
665};
666
667OPERATION(SAMR_OPNUM_QueryAliasInfo)
668struct samr_QueryAliasInfo {
669	IN	samr_handle_t alias_handle;
670	IN	WORD level;
671	OUT DWORD address;
672  SWITCH (level)
673	OUT	union samr_QueryAliasInfo_ru ru;
674	OUT	DWORD status;
675};
676
677OPERATION(SAMR_OPNUM_CreateDomainAlias)
678struct samr_CreateDomainAlias {
679	IN	samr_handle_t domain_handle;
680	IN	samr_string_t alias_name;
681	IN	DWORD access_mask;
682	OUT samr_handle_t alias_handle;
683	OUT	DWORD rid;
684	OUT	DWORD status;
685};
686
687OPERATION(SAMR_OPNUM_SetAliasInfo)
688struct samr_SetAliasInfo {
689	IN	samr_handle_t alias_handle;
690	IN	WORD level;
691	/* TBD */
692	OUT	DWORD status;
693};
694
695OPERATION(SAMR_OPNUM_DeleteDomainAlias)
696struct samr_DeleteDomainAlias {
697	INOUT	samr_handle_t alias_handle;
698	OUT	DWORD status;
699};
700
701OPERATION(SAMR_OPNUM_OpenAlias)
702struct samr_OpenAlias {
703	IN	samr_handle_t domain_handle;
704	IN	DWORD access_mask;
705	IN	DWORD rid;
706	OUT samr_handle_t alias_handle;
707	OUT	DWORD status;
708};
709
710struct name_rid {
711	DWORD rid;
712	samr_string_t name;
713};
714
715struct aliases_info {
716	DWORD count;
717	DWORD address;
718	SIZE_IS(count)
719	struct name_rid info[ANY_SIZE_ARRAY];
720};
721
722OPERATION(SAMR_OPNUM_EnumDomainAliases)
723struct samr_EnumDomainAliases {
724	IN	samr_handle_t domain_handle;
725	IN	DWORD resume_handle;
726	IN	DWORD mask;
727	OUT	DWORD out_resume;
728	OUT struct aliases_info *aliases;
729	OUT DWORD entries;
730	OUT	DWORD status;
731};
732
733struct user_acct_info {
734	DWORD index;
735	DWORD rid;
736	DWORD ctrl;
737	samr_string_t name;
738	samr_string_t fullname;
739	samr_string_t desc;
740};
741
742struct user_disp_info {
743	OUT DWORD total_size;
744	OUT DWORD returned_size;
745	OUT WORD switch_value;
746	DWORD count;
747	SIZE_IS(count)
748	struct user_acct_info *acct;
749};
750
751OPERATION(SAMR_OPNUM_QueryDispInfo)
752struct samr_QueryDispInfo {
753	IN	samr_handle_t domain_handle;
754	IN	WORD level;
755	IN	DWORD start_idx;
756	IN	DWORD max_entries;
757	IN	DWORD pref_maxsize;
758	OUT struct user_disp_info users;
759	OUT	DWORD status;
760};
761
762struct group_acct_info {
763	DWORD index;
764	DWORD rid;
765	DWORD ctrl;
766	samr_string_t name;
767	samr_string_t desc;
768};
769
770struct group_disp_info {
771	DWORD count;
772	/* right now we just need one entry */
773	struct group_acct_info acct[1];
774};
775
776OPERATION(SAMR_OPNUM_EnumDomainGroups)
777struct samr_EnumDomainGroups {
778	IN	samr_handle_t domain_handle;
779	IN	WORD level;
780	IN	DWORD start_idx;
781	IN	DWORD max_entries;
782	IN	DWORD pref_maxsize;
783	OUT DWORD total_size;
784	OUT DWORD returned_size;
785	OUT WORD switch_value;
786	OUT DWORD count;
787	OUT struct group_disp_info *groups;
788	OUT	DWORD status;
789};
790
791/*
792 ***********************************************************************
793 * OpenUser
794 *
795 * Input must be a domain handle obtained via SAMR_OPNUM_OpenDomain,
796 * an access mask and the appropriate user rid. The output will be a
797 * handle for use with the specified user.
798 ***********************************************************************
799 */
800OPERATION(SAMR_OPNUM_OpenUser)
801struct samr_OpenUser {
802	IN	samr_handle_t handle;
803	IN	DWORD access_mask;
804	IN	DWORD rid;
805	OUT	samr_handle_t user_handle;
806	OUT	DWORD status;
807};
808
809
810/*
811 ***********************************************************************
812 * DeleteUser
813 ***********************************************************************
814 */
815OPERATION(SAMR_OPNUM_DeleteUser)
816struct samr_DeleteUser {
817	INOUT	samr_handle_t user_handle;
818	OUT	DWORD status;
819};
820
821
822/*
823 ***********************************************************************
824 * QueryUserInfo
825 *
826 * Provides various pieces of information on a specific user (see
827 * SAM_Q_QUERY_USERINFO and SAM_R_QUERY_USERINFO). The handle must
828 * be a valid SAM user handle.
829 *
830 * QueryUserInfo (
831 *	IN samr_handle_t user_handle,
832 *	IN WORD switch_value,
833 *	OUT union switch(switch_value) {
834 *		case 1: struct QueryUserInfo1 *info1;
835 *	} bufptr,
836 *	OUT DWORD status
837 * )
838 *
839 * typedef enum _USER_INFORMATION_CLASS {
840 *	UserGeneralInformation		= 1,
841 *	UserPreferencesInformation	= 2,
842 *	UserLogonInformation		= 3,
843 *	UserLogonHoursInformation	= 4,
844 *	UserAccountInformation		= 5,
845 *	UserNameInformation		= 6,
846 *	UserAccountNameInformation	= 7,
847 *	UserFullNameInformation		= 8,
848 *	UserPrimaryGroupInformation	= 9,
849 *	UserHomeInformation		= 10,
850 *	UserScriptInformation		= 11,
851 *	UserProfileInformation		= 12,
852 *	UserAdminCommentInformation	= 13,
853 *	UserWorkStationsInformation	= 14,
854 *	UserControlInformation		= 16,
855 *	UserExpiresInformation		= 17,
856 *	UserInternal1Information	= 18,
857 *	UserParametersInformation	= 20,
858 *	UserAllInformation		= 21,
859 *	UserInternal4Information	= 23,
860 *	UserInternal5Information	= 24,
861 *	UserInternal4InformationNew	= 25,
862 *	UserInternal5InformationNew	= 26,
863 * } USER_INFORMATION_CLASS;
864 *
865 * 1 = username, fullname, description and some other stuff.
866 * 3 = large structure containing user rid, group rid, username
867 *     and fullname.
868 * 5 = large structure (like 3) containing user rid, group rid,
869 *     username, fullname and description.
870 * 6 = username and fullname
871 * 7 = username
872 * 8 = fullname
873 * 9 = group rid
874 * 16 = used after creating a new account
875 *
876 * Due to an ndrgen bug, a function must be provided to to patch the
877 * offsets used by the unmarshalling code at runtime.  In order to
878 * simplify things it is useful to use a naming convention that
879 * indicates the switch value for each structure.
880 *
881 ***********************************************************************
882 */
883
884
885#define SAMR_QUERY_USER_INFO_1			1
886#define SAMR_QUERY_USER_UNAME_AND_FNAME		6
887#define SAMR_QUERY_USER_USERNAME		7
888#define SAMR_QUERY_USER_FULLNAME		8
889#define SAMR_QUERY_USER_GROUPRID		9
890#define SAMR_QUERY_USER_CONTROL_INFO		16
891#define SAMR_QUERY_USER_ALL_INFO		21
892
893
894struct samr_QueryUserInfo1 {
895	samr_string_t username;
896	samr_string_t fullname;
897	DWORD group_rid;
898	samr_string_t description;
899	samr_string_t unknown;
900};
901
902
903struct samr_QueryUserInfo6 {
904	samr_string_t username;
905	samr_string_t fullname;
906};
907
908struct samr_QueryUserInfo7 {
909	samr_string_t username;
910};
911
912
913struct samr_QueryUserInfo8 {
914	samr_string_t fullname;
915};
916
917
918struct samr_QueryUserInfo9 {
919	DWORD group_rid;
920};
921
922
923struct samr_QueryUserInfo16 {
924	DWORD UserAccountControl;
925};
926
927/*
928 * SAMR_USER_ALL_INFORMATION
929 */
930struct samr_QueryUserInfo21 {
931	samr_quad_t		LastLogon;
932	samr_quad_t		LastLogoff;
933	samr_quad_t		PasswordLastSet;
934	samr_quad_t		AccountExpires;
935	samr_quad_t		PasswordCanChange;
936	samr_quad_t		PasswordMustChange;
937	samr_string_t		UserName;
938	samr_string_t		FullName;
939	samr_string_t		HomeDirectory;
940	samr_string_t		HomeDirectoryDrive;
941	samr_string_t		ScriptPath;
942	samr_string_t		ProfilePath;
943	samr_string_t		AdminComment;
944	samr_string_t		WorkStations;
945	samr_string_t		UserComment;
946	samr_string_t		Parameters;
947	struct samr_short_blob	LmOwfPassword;
948	struct samr_short_blob	NtOwfPassword;
949	samr_string_t		PrivateData;
950	samr_sd_t		SecurityDescriptor;
951	DWORD			UserId;
952	DWORD			PrimaryGroupId;
953	DWORD			UserAccountControl;
954	DWORD			WhichFields;
955	struct samr_logon_hours_all	LogonHours;
956	WORD			BadPasswordCount;
957	WORD			LogonCount;
958	WORD			CountryCode;
959	WORD			CodePage;
960	BYTE			LmPasswordPresent;
961	BYTE			NtPasswordPresent;
962	BYTE			PasswordExpired;
963	BYTE			PrivateDataSensitive;
964};
965
966/* See also: fixup_samr_QueryUserInfo() */
967union QueryUserInfo_result_u {
968	UNION_INFO_ENT(1,samr_QueryUserInfo);
969	UNION_INFO_ENT(6,samr_QueryUserInfo);
970	UNION_INFO_ENT(7,samr_QueryUserInfo);
971	UNION_INFO_ENT(8,samr_QueryUserInfo);
972	UNION_INFO_ENT(9,samr_QueryUserInfo);
973	UNION_INFO_ENT(16,samr_QueryUserInfo);
974	UNION_INFO_ENT(21,samr_QueryUserInfo);
975	DEFAULT	char *nullptr;
976};
977
978
979/*
980 * This structure needs to be declared, even though it can't be used in
981 * samr_QueryUserInfo, in order to get the appropriate size to calculate
982 * the correct fixup offsets.  If ndrgen did the right thing,
983 * QueryUserInfo_result would be one of the out parameters.  However, if
984 * we do it that way, the switch_value isn't known early enough to do
985 * the fixup calculation.  So it all has to go in samr_QueryUserInfo.
986 */
987struct QueryUserInfo_result {
988	DWORD address;
989	WORD switch_value;
990	SWITCH(switch_value)
991		union QueryUserInfo_result_u ru;
992};
993
994
995OPERATION(SAMR_OPNUM_QueryUserInfo)
996struct samr_QueryUserInfo {
997	IN	samr_handle_t user_handle;
998	IN	WORD switch_value;
999	/*
1000	 * Can't use this form because we need to include members explicitly.
1001	 * OUT	struct QueryUserInfo_result result;
1002	 */
1003	OUT	DWORD address;
1004	OUT	WORD switch_index;
1005  SWITCH(switch_value)
1006	OUT	union QueryUserInfo_result_u ru;
1007	OUT	DWORD status;
1008};
1009
1010
1011/*
1012 ***********************************************************************
1013 * QueryUserGroups
1014 ***********************************************************************
1015 */
1016struct samr_UserGroups {
1017	DWORD rid;
1018	DWORD attr;
1019};
1020
1021
1022struct samr_UserGroupInfo {
1023	DWORD n_entry;
1024  SIZE_IS(n_entry)
1025	struct samr_UserGroups *groups;
1026};
1027
1028
1029OPERATION(SAMR_OPNUM_QueryUserGroups)
1030struct samr_QueryUserGroups {
1031	IN	samr_handle_t user_handle;
1032	OUT struct samr_UserGroupInfo *info;
1033	OUT	DWORD status;
1034};
1035
1036
1037/*
1038 ***********************************************************************
1039 * LookupName
1040 ***********************************************************************
1041 */
1042struct samr_LookupNameTable {
1043	DWORD n_entry;
1044  SIZE_IS(n_entry)
1045	samr_string_t names[ANY_SIZE_ARRAY];
1046};
1047
1048
1049struct samr_LookupRidTable {
1050	DWORD n_entry;
1051  SIZE_IS(n_entry)
1052	DWORD *rid;
1053};
1054
1055struct samr_RidType {
1056	DWORD n_entry;
1057  SIZE_IS(n_entry)
1058	DWORD *rid_type;
1059};
1060
1061
1062OPERATION(SAMR_OPNUM_LookupNames)
1063struct samr_LookupNames {
1064	IN	samr_handle_t handle;
1065	IN	DWORD n_entry;
1066	IN	DWORD max_n_entry;
1067	IN	DWORD index;
1068	IN	DWORD total;
1069	IN	samr_string_t name;
1070	OUT	struct samr_LookupRidTable rids;
1071	OUT	struct samr_RidType rid_types;
1072	OUT	DWORD status;
1073};
1074
1075
1076/*
1077 ***********************************************************************
1078 * OpenGroup
1079 *
1080 * Input must be a domain handle obtained via SAMR_OPNUM_OpenDomain,
1081 * an access mask and the appropriate group rid. The output will be a
1082 * handle for use with the specified group.
1083 ***********************************************************************
1084 */
1085OPERATION(SAMR_OPNUM_OpenGroup)
1086struct samr_OpenGroup {
1087	IN	samr_handle_t handle;
1088	IN	DWORD access_mask;
1089	IN	DWORD rid;
1090	OUT	samr_handle_t group_handle;
1091	OUT	DWORD status;
1092};
1093
1094
1095/*
1096 ***********************************************************************
1097 * QueryGroupInfo
1098 *
1099 * Input must be a group handle obtained via SAMR_OPNUM_OpenGroup,
1100 * an access mask and the appropriate group rid. The output will
1101 * be a handle for use with the specified group.
1102 ***********************************************************************
1103 */
1104struct samr_QueryGroupInfo1 {
1105	samr_string_t groupname;
1106};
1107
1108
1109union samr_QueryGroupInfo_result_u {
1110	UNION_INFO_ENT(1,samr_QueryGroupInfo);
1111	DEFAULT	char *nullptr;
1112};
1113
1114
1115struct samr_QueryGroupInfo_result {
1116	DWORD address;
1117	WORD switch_index;
1118  SWITCH(switch_index)
1119	union samr_QueryGroupInfo_result_u ru;
1120};
1121
1122
1123OPERATION(SAMR_OPNUM_QueryGroupInfo)
1124struct samr_QueryGroupInfo {
1125	IN	samr_handle_t group_handle;
1126	IN	DWORD switch_value;
1127	OUT	DWORD address;
1128	OUT	WORD switch_index;
1129  SWITCH(switch_index)
1130	OUT	union samr_QueryGroupInfo_result_u ru;
1131	OUT	DWORD status;
1132};
1133
1134
1135/*
1136 ***********************************************************************
1137 * StoreGroupInfo
1138 *
1139 * This definition is mostly just a place holder in case this is useful
1140 * in the future. Note that it may not be correct. The information is
1141 * from a netmon trace captured when I added a group description. I
1142 * haven't implemented it because we don't have to update anything on
1143 * the PDC. The description should almost certainly be in a separate
1144 * structure.
1145 ***********************************************************************
1146 */
1147OPERATION(SAMR_OPNUM_StoreGroupInfo)
1148struct samr_StoreGroupInfo {
1149	IN	samr_handle_t group_handle;
1150	IN	DWORD switch_value;
1151	IN	samr_string_t group_description;
1152	OUT	DWORD status;
1153};
1154
1155/*
1156 * AddAliasMember
1157 */
1158OPERATION(SAMR_OPNUM_AddAliasMember)
1159struct samr_AddAliasMember {
1160	IN		samr_handle_t alias_handle;
1161	IN REFERENCE	struct samr_sid *sid;
1162	OUT DWORD	status;
1163};
1164
1165/*
1166 * DeleteAliasMember
1167 */
1168OPERATION(SAMR_OPNUM_DeleteAliasMember)
1169struct samr_DeleteAliasMember {
1170	IN		samr_handle_t alias_handle;
1171	IN REFERENCE	struct samr_sid *sid;
1172	OUT DWORD	status;
1173};
1174
1175struct samr_SidList {
1176	struct samr_sid		*sid;
1177};
1178
1179struct samr_SidInfo {
1180	DWORD n_entry;
1181  SIZE_IS(n_entry)
1182	struct samr_SidList	*sidlist;
1183};
1184
1185/*
1186 * ListAliasMembers
1187 */
1188OPERATION(SAMR_OPNUM_ListAliasMembers)
1189struct samr_ListAliasMembers {
1190	IN		samr_handle_t alias_handle;
1191	OUT		struct samr_SidInfo info;
1192	OUT DWORD	status;
1193};
1194
1195/*
1196 ***********************************************************************
1197 * GetUserDomainPasswordInformation
1198 ***********************************************************************
1199 */
1200OPERATION(SAMR_OPNUM_GetUserPwInfo)
1201struct samr_GetUserPwInfo {
1202	IN		samr_handle_t		user_handle;
1203	OUT REFERENCE	samr_password_info_t	*pwinfo;
1204	OUT		DWORD			status;
1205};
1206
1207
1208/*
1209 ***********************************************************************
1210 * CreateUser
1211 *
1212 * Create a user in the domain specified by the domain handle. The
1213 * domain handle is obtained obtained via SAMR_OPNUM_OpenDomain.
1214 * DesiredAccess: 0xe00500b0.
1215 * The output will be a handle for use with the specified user and the
1216 * user's RID. I think the RID may be a unique pointer (it can be null).
1217 ***********************************************************************
1218 */
1219OPERATION(SAMR_OPNUM_CreateUser)
1220struct samr_CreateUser {
1221	IN	samr_handle_t handle;
1222	IN	samr_vcbuf_t username;
1223	IN	DWORD account_flags;
1224	IN	DWORD desired_access;
1225	OUT	samr_handle_t user_handle;
1226	OUT	DWORD maybe_ptr;
1227	OUT	DWORD rid;
1228	OUT	DWORD status;
1229};
1230
1231
1232/*
1233 ***********************************************************************
1234 * ChangePasswordUser2 - See:
1235 * SamrUnicodeChangePasswordUser2 [MS-SAMR 3.1.5.10.3]
1236 ***********************************************************************
1237 */
1238
1239OPERATION(SAMR_OPNUM_ChangePasswordUser2)
1240struct samr_ChangePasswordUser2 {
1241	IN	samr_string_t *servername;
1242	IN REF	samr_string_t *username;
1243	IN	struct samr_encr_passwd *nt_newpw;
1244	IN	struct samr_encr_hash *nt_oldpw;
1245	IN	BYTE lm_present;
1246	IN	struct samr_encr_passwd *lm_newpw;
1247	IN	struct samr_encr_hash *lm_oldpw;
1248	OUT	DWORD status;
1249};
1250
1251
1252/*
1253 ***********************************************************************
1254 * GetDomainPwInfo
1255 ***********************************************************************
1256 */
1257OPERATION(SAMR_OPNUM_GetDomainPwInfo)
1258struct samr_GetDomainPwInfo {
1259	IN		DWORD			unused;
1260	OUT REFERENCE	samr_password_info_t	*pwinfo;
1261	OUT		DWORD			status;
1262};
1263
1264
1265/*
1266 ***********************************************************************
1267 * SetUserInfo
1268 * [MS-SAMR] SamrSetInformationUser2
1269 ***********************************************************************
1270 */
1271
1272/* USER_CONTROL_INFORMATION */
1273struct samr_SetUserInfo16 {
1274	DWORD UserAccountControl;
1275};
1276
1277
1278/*
1279 * samr_SetUserInfo21, a.k.a
1280 * SAMR_USER_ALL_INFORMATION
1281 *
1282 * We now know this is the same as samr_QueryUserInfo21
1283 * Could merge, except for the samr_vcbuf_t mess.
1284 */
1285
1286#define SAMR_SET_USER_INFO_21		21
1287
1288struct samr_SetUserInfo21 {
1289	samr_quad_t		LastLogon;
1290	samr_quad_t		LastLogoff;
1291	samr_quad_t		PasswordLastSet;
1292	samr_quad_t		AccountExpires;
1293	samr_quad_t		PasswordCanChange;
1294	samr_quad_t		PasswordMustChange;
1295
1296	samr_vcbuf_t		UserName;
1297	samr_vcbuf_t		FullName;
1298	samr_vcbuf_t		HomeDirectory;
1299	samr_vcbuf_t		HomeDirectoryDrive;
1300	samr_vcbuf_t		ScriptPath;
1301	samr_vcbuf_t		ProfilePath;
1302	samr_vcbuf_t		AdminComment;
1303	samr_vcbuf_t		WorkStations;
1304	samr_vcbuf_t		UserComment;
1305	samr_vcbuf_t		Parameters;
1306
1307	struct samr_short_blob	LmOwfPassword;
1308	struct samr_short_blob	NtOwfPassword;
1309	samr_vcbuf_t		PrivateData;
1310	samr_sd_t		SecurityDescriptor;
1311
1312	DWORD			UserId;	/* RID */
1313	DWORD			PrimaryGroupId;
1314	DWORD			UserAccountControl;
1315	DWORD			WhichFields;
1316
1317	/*
1318	 * This should be samr_logon_hours_all, but apparently
1319	 * ndrgen doesn't get that quite right, so instead, the
1320	 * client-side code patches this up.
1321	 */
1322	struct samr_logon_info	LogonHours;
1323
1324	WORD			BadPasswordCount;
1325	WORD			LogonCount;
1326	WORD			CountryCode;
1327	WORD			CodePage;
1328	BYTE			LmPasswordPresent;
1329	BYTE			NtPasswordPresent;
1330	BYTE			PasswordExpired;
1331	BYTE			PrivateDataSensitive;
1332};
1333
1334/*
1335 *	SAMPR_USER_INTERNAL4_INFORMATION
1336 *	UserInternal4Information (23)
1337 */
1338#define SAMR_SET_USER_INFO_23		23
1339struct samr_SetUserInfo23 {
1340	struct samr_SetUserInfo21 info21;
1341	struct samr_encr_passwd encr_pw;
1342};
1343
1344/*
1345 *	SAMPR_USER_INTERNAL5_INFORMATION
1346 *	UserInternal5Information (24)
1347 */
1348#define SAMR_SET_USER_INFO_24		24
1349struct samr_SetUserInfo24 {
1350	struct samr_encr_passwd encr_pw;
1351	BYTE password_expired;
1352};
1353
1354
1355union samr_SetUserInfo_u {
1356	UNION_INFO_ENT(16,samr_SetUserInfo);
1357	UNION_INFO_ENT(21,samr_SetUserInfo);
1358	UNION_INFO_ENT(23,samr_SetUserInfo);
1359	UNION_INFO_ENT(24,samr_SetUserInfo);
1360	DEFAULT  DWORD nothing;
1361};
1362
1363struct samr_SetUserInfo_s {
1364	WORD info_level;
1365	WORD switch_value;
1366  SWITCH(switch_value)
1367	union samr_SetUserInfo_u ru;
1368};
1369
1370OPERATION(SAMR_OPNUM_SetUserInfo)
1371struct samr_SetUserInfo {
1372	IN	samr_handle_t user_handle;
1373	IN	struct samr_SetUserInfo_s info;
1374	OUT	DWORD status;
1375};
1376
1377
1378/*
1379 ***********************************************************************
1380 * The SAMR interface definition.
1381 ***********************************************************************
1382 */
1383INTERFACE(0)
1384union samr_interface {
1385	CASE(SAMR_OPNUM_Connect)
1386		struct samr_Connect		Connect;
1387	CASE(SAMR_OPNUM_CloseHandle)
1388		struct samr_CloseHandle		CloseHandle;
1389	CASE(SAMR_OPNUM_LookupDomain)
1390		struct samr_LookupDomain	LookupDomain;
1391	CASE(SAMR_OPNUM_EnumLocalDomains)
1392		struct samr_EnumLocalDomain	EnumLocalDomain;
1393	CASE(SAMR_OPNUM_OpenDomain)
1394		struct samr_OpenDomain		OpenDomain;
1395	CASE(SAMR_OPNUM_QueryDomainInfo)
1396		struct samr_QueryDomainInfo	QueryDomainInfo;
1397	CASE(SAMR_OPNUM_QueryInfoDomain2)
1398		struct samr_QueryInfoDomain2	QueryInfoDomain2;
1399	CASE(SAMR_OPNUM_LookupNames)
1400		struct samr_LookupNames		LookupNames;
1401	CASE(SAMR_OPNUM_OpenUser)
1402		struct samr_OpenUser		OpenUser;
1403	CASE(SAMR_OPNUM_DeleteUser)
1404		struct samr_DeleteUser		DeleteUser;
1405	CASE(SAMR_OPNUM_QueryUserInfo)
1406		struct samr_QueryUserInfo	QueryUserInfo;
1407	CASE(SAMR_OPNUM_QueryUserGroups)
1408		struct samr_QueryUserGroups	QueryUserGroups;
1409	CASE(SAMR_OPNUM_OpenGroup)
1410		struct samr_OpenGroup		OpenGroup;
1411	CASE(SAMR_OPNUM_AddAliasMember)
1412		struct samr_AddAliasMember	AddAliasMember;
1413	CASE(SAMR_OPNUM_DeleteAliasMember)
1414		struct samr_DeleteAliasMember	DeleteAliasMember;
1415	CASE(SAMR_OPNUM_ListAliasMembers)
1416		struct samr_ListAliasMembers	ListAliasMembers;
1417	CASE(SAMR_OPNUM_GetUserPwInfo)
1418		struct samr_GetUserPwInfo	GetUserPwInfo;
1419	CASE(SAMR_OPNUM_CreateUser)
1420		struct samr_CreateUser		CreateUser;
1421	CASE(SAMR_OPNUM_ChangePasswordUser2)
1422		struct samr_ChangePasswordUser2	ChangePasswordUser2;
1423	CASE(SAMR_OPNUM_GetDomainPwInfo)
1424		struct samr_GetDomainPwInfo	GetDomainPwInfo;
1425	CASE(SAMR_OPNUM_Connect2)
1426		struct samr_Connect2		Connect2;
1427	CASE(SAMR_OPNUM_SetUserInfo)
1428		struct samr_SetUserInfo		SetUserInfo;
1429	CASE(SAMR_OPNUM_Connect4)
1430		struct samr_Connect4		Connect4;
1431	CASE(SAMR_OPNUM_Connect5)
1432		struct samr_Connect5		Connect5;
1433	CASE(SAMR_OPNUM_QueryDispInfo)
1434		struct samr_QueryDispInfo	QueryDispInfo;
1435	CASE(SAMR_OPNUM_OpenAlias)
1436		struct samr_OpenAlias		OpenAlias;
1437	CASE(SAMR_OPNUM_CreateDomainAlias)
1438		struct samr_CreateDomainAlias	CreateDomainAlias;
1439	CASE(SAMR_OPNUM_SetAliasInfo)
1440		struct samr_SetAliasInfo	SetAliasInfo;
1441	CASE(SAMR_OPNUM_QueryAliasInfo)
1442		struct samr_QueryAliasInfo	QueryAliasInfo;
1443	CASE(SAMR_OPNUM_DeleteDomainAlias)
1444		struct samr_DeleteDomainAlias	DeleteDomainAlias;
1445	CASE(SAMR_OPNUM_EnumDomainAliases)
1446		struct samr_EnumDomainAliases	EnumDomainAliases;
1447	CASE(SAMR_OPNUM_EnumDomainGroups)
1448		struct samr_EnumDomainGroups	EnumDomainGroups;
1449};
1450typedef union samr_interface	samr_interface_t;
1451EXTERNTYPEINFO(samr_interface)
1452
1453#endif /* _MLSVC_SAM_NDL_ */
1454