/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2015 Nexenta Systems, Inc. All rights reserved.
*/
/*
* Security Accounts Manager RPC (SAMR) interface definition.
*/
#include "ndrtypes.ndl"
/* Windows NT */
/* Windows 2000 */
/* Windows XP and Windows Server 2003 */
/* Windows Vista */
/*
* Sam account flags used when creating an account. These flags seem
* to be very similar to the USER_INFO_X flags (UF_XXX) in lmaccess.h
* but the values are different.
*/
/*
* QueryUserInfo UserAllInformation WhichFields
*/
/*
* Alias Access Mask values for SAMR
* Section 2.2.1.6 of MS-SAMR
*/
/*
* Definition for a SID. The ndl compiler does not allow a typedef of
* a structure containing variable size members.
* Note: cast compatible with smb_sid_t, and code depends on that.
*/
};
/*
* SAMR definition of a security_descriptor.
*/
};
};
/*
* See RPC_STRING in the MS IDL.
* Definition for a string. The length and allosize should be set to
* twice the string length (i.e. strlen(str) * 2). The runtime code
* will perform the appropriate string to a wide-char conversions,
* so str should point to a regular char * string.
*/
};
/*
* Alternative varying/conformant string definition - for
* non-null terminated strings. This definition must match
* ndr_vcbuf_t.
*/
/*
* size_is (actually a copy of length_is) will
* be inserted here by the marshalling library.
*/
};
};
/*
* OLD_LARGE_INTEGER: a 64-bit value.
*/
};
/*
* Blob used for the NT and LM OWF passwords.
* The length and maxlen should be 16.
*/
};
};
/*
* There is some sort of logon bitmap structure in here, which I
* think is a varying and conformant array, i.e.
*
* struct samr_logon_hours {
* DWORD size_is; (1260)
* DWORD first_is; (zero)
* DWORD length_is; (168)
* BYTE bitmap[21];
* };
*
* struct samr_logon_info {
* DWORD length;
* SIZE_IS(length / 8)
* struct samr_logon_hours *hours;
* };
*
* So size_is is set as some sort of maximum.
*
* bytes (all set to 0xFF), this is is probably the default setting.
*/
};
};
};
/*
* SAMPR_USER_PASSWORD (in the MS Net API) or
* struct samr_user_password (internal use) is
* the "clear" form of struct samr_encr_passwd
* (SAMPR_ENCRYPTED_USER_PASSWORD in MS Net).
* It's not used by ndrgen, but is declared here
* to help clarify the relationship between these,
* and for the benefit of our client-side code.
*/
};
#endif /* NDRGEN */
/* SAMPR_ENCRYPTED_USER_PASSWORD */
};
/* ENCRYPTED_NT_OWF_PASSWORD */
};
/*
***********************************************************************
* SamrConnect.
***********************************************************************
*/
};
/*
***********************************************************************
* SamrConnect2.
***********************************************************************
*/
};
/*
***********************************************************************
* SamrConnect4. A new form of connect first seen with Windows 2000.
* A new field has been added to the input request. Value: 0x00000002.
***********************************************************************
*/
};
/*
***********************************************************************
* SamrConnect5. A new form of connect first seen with Windows XP.
* The server name is the fully qualified domain name, i.e.
* \\server.sun.com.
*
* [in] DWORD InVersion,
* [in] [switch_is(InVersion)] samr_revision_info *InRevisionInfo
* [out] DWORD *OutVersion
* [out] [switch_is(*OutVersion)] *samr_revision_info *OutRevisionInfo
*
* SupportedFeatures (see notes in [MS-SAMR]
* 0x00000001 RID values returned from the server must not be
* concatenated with the domain SID.
* 0x00000002 Reserved
* 0x00000004 Reserved
***********************************************************************
*/
};
};
/*
* This should be a union, but instead this is
* done this way because unions are hard to
* express in this RPC implementation.
*/
/* SAMPR_REVISION_INFO_V1 */
};
/*
***********************************************************************
* CloseHandle closes an association with the SAM. Using the same
* structure as the LSA seems to work.
***********************************************************************
*/
};
/*
***********************************************************************
* LookupDomain: lookup up the domain SID.
***********************************************************************
*/
};
/*
***********************************************************************
* EnumLocalDomain
*
* This looks like a request to get the local domains supported by a
* remote server. NT always seems to return 2 domains: the local
* domain (hostname) and the Builtin domain.
*
* The max_length field is set to 0x2000.
* Enum_context is set to 0 in the request and set to entries_read in
* the reply. Like most of these enums, total_entries is the same as
* entries_read.
***********************************************************************
*/
};
};
};
/*
***********************************************************************
* OpenDomain
*
* Open a specific domain within the SAM. From this I assume that each
* SAM can handle multiple domains so you need to identify the one with
* which you want to work. Working with a domain handle does appear to
* offer the benefit that you can then use RIDs instead of full SIDs,
* which simplifies things a bit. The domain handle can be used to get
* user and group handles.
***********************************************************************
*/
};
/*
***********************************************************************
* QueryDomainInfo
*
* Windows 95 Server Manager sends requests for levels 6 and 7 when
* the services menu item is selected.
***********************************************************************
*/
};
};
};
};
};
};
/*
* Identical to SAMR_OPNUM_QueryDomainInfo.
*/
};
};
};
};
};
};
};
};
/* TBD */
};
};
};
};
};
};
};
};
};
};
/* right now we just need one entry */
};
};
/*
***********************************************************************
* OpenUser
*
* Input must be a domain handle obtained via SAMR_OPNUM_OpenDomain,
* an access mask and the appropriate user rid. The output will be a
* handle for use with the specified user.
***********************************************************************
*/
};
/*
***********************************************************************
* DeleteUser
***********************************************************************
*/
};
/*
***********************************************************************
* QueryUserInfo
*
* Provides various pieces of information on a specific user (see
* SAM_Q_QUERY_USERINFO and SAM_R_QUERY_USERINFO). The handle must
* be a valid SAM user handle.
*
* QueryUserInfo (
* IN samr_handle_t user_handle,
* IN WORD switch_value,
* OUT union switch(switch_value) {
* case 1: struct QueryUserInfo1 *info1;
* } bufptr,
* OUT DWORD status
* )
*
* typedef enum _USER_INFORMATION_CLASS {
* UserGeneralInformation = 1,
* UserPreferencesInformation = 2,
* UserLogonInformation = 3,
* UserLogonHoursInformation = 4,
* UserAccountInformation = 5,
* UserNameInformation = 6,
* UserAccountNameInformation = 7,
* UserFullNameInformation = 8,
* UserPrimaryGroupInformation = 9,
* UserHomeInformation = 10,
* UserScriptInformation = 11,
* UserProfileInformation = 12,
* UserAdminCommentInformation = 13,
* UserWorkStationsInformation = 14,
* UserControlInformation = 16,
* UserExpiresInformation = 17,
* UserInternal1Information = 18,
* UserParametersInformation = 20,
* UserAllInformation = 21,
* UserInternal4Information = 23,
* UserInternal5Information = 24,
* UserInternal4InformationNew = 25,
* UserInternal5InformationNew = 26,
* } USER_INFORMATION_CLASS;
*
* 1 = username, fullname, description and some other stuff.
* 3 = large structure containing user rid, group rid, username
* and fullname.
* 5 = large structure (like 3) containing user rid, group rid,
* username, fullname and description.
* 6 = username and fullname
* 7 = username
* 8 = fullname
* 9 = group rid
* 16 = used after creating a new account
*
* Due to an ndrgen bug, a function must be provided to to patch the
* offsets used by the unmarshalling code at runtime. In order to
* simplify things it is useful to use a naming convention that
* indicates the switch value for each structure.
*
***********************************************************************
*/
};
};
};
};
};
};
/*
* SAMR_USER_ALL_INFORMATION
*/
};
/* See also: fixup_samr_QueryUserInfo() */
};
/*
* This structure needs to be declared, even though it can't be used in
* samr_QueryUserInfo, in order to get the appropriate size to calculate
* the correct fixup offsets. If ndrgen did the right thing,
* QueryUserInfo_result would be one of the out parameters. However, if
* we do it that way, the switch_value isn't known early enough to do
* the fixup calculation. So it all has to go in samr_QueryUserInfo.
*/
};
/*
* Can't use this form because we need to include members explicitly.
* OUT struct QueryUserInfo_result result;
*/
};
/*
***********************************************************************
* QueryUserGroups
***********************************************************************
*/
};
};
};
/*
***********************************************************************
* LookupName
***********************************************************************
*/
};
};
};
};
/*
***********************************************************************
* OpenGroup
*
* Input must be a domain handle obtained via SAMR_OPNUM_OpenDomain,
* an access mask and the appropriate group rid. The output will be a
* handle for use with the specified group.
***********************************************************************
*/
};
/*
***********************************************************************
* QueryGroupInfo
*
* Input must be a group handle obtained via SAMR_OPNUM_OpenGroup,
* an access mask and the appropriate group rid. The output will
* be a handle for use with the specified group.
***********************************************************************
*/
};
};
};
};
/*
***********************************************************************
* StoreGroupInfo
*
* This definition is mostly just a place holder in case this is useful
* in the future. Note that it may not be correct. The information is
* from a netmon trace captured when I added a group description. I
* haven't implemented it because we don't have to update anything on
* the PDC. The description should almost certainly be in a separate
* structure.
***********************************************************************
*/
};
/*
* AddAliasMember
*/
};
/*
* DeleteAliasMember
*/
};
};
};
/*
* ListAliasMembers
*/
};
/*
***********************************************************************
* GetUserDomainPasswordInformation
***********************************************************************
*/
};
/*
***********************************************************************
* CreateUser
*
* Create a user in the domain specified by the domain handle. The
* domain handle is obtained obtained via SAMR_OPNUM_OpenDomain.
* DesiredAccess: 0xe00500b0.
* The output will be a handle for use with the specified user and the
* user's RID. I think the RID may be a unique pointer (it can be null).
***********************************************************************
*/
};
/*
***********************************************************************
* ChangePasswordUser2 - See:
* SamrUnicodeChangePasswordUser2 [MS-SAMR 3.1.5.10.3]
***********************************************************************
*/
};
/*
***********************************************************************
* GetDomainPwInfo
***********************************************************************
*/
};
/*
***********************************************************************
* SetUserInfo
* [MS-SAMR] SamrSetInformationUser2
***********************************************************************
*/
/* USER_CONTROL_INFORMATION */
};
/*
* samr_SetUserInfo21, a.k.a
* SAMR_USER_ALL_INFORMATION
*
* We now know this is the same as samr_QueryUserInfo21
* Could merge, except for the samr_vcbuf_t mess.
*/
/*
* This should be samr_logon_hours_all, but apparently
* ndrgen doesn't get that quite right, so instead, the
* client-side code patches this up.
*/
};
/*
* SAMPR_USER_INTERNAL4_INFORMATION
* UserInternal4Information (23)
*/
};
/*
* SAMPR_USER_INTERNAL5_INFORMATION
* UserInternal5Information (24)
*/
};
};
};
};
/*
***********************************************************************
* The SAMR interface definition.
***********************************************************************
*/
INTERFACE(0)
};
#endif /* _MLSVC_SAM_NDL_ */