samrpc.ndl revision fe1c642d06e14b412cd83ae2179303186ab08972
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
* Security Accounts Manager RPC (SAMR) interface definition.
*/
#include "ndrtypes.ndl"
/* Windows NT */
/* Windows 2000 */
/* Windows XP and Windows Server 2003 */
/* Windows Vista */
/*
* UNION_INFO_ENT is intended to simplify adding new entries to a union.
* If the entry structures are named using the form samr_QueryUserInfoX,
* where X is the sitch_value, you can just add a single line. Note
* that you must also update the fixup function in mlsvc_sam.c.
*/
/*
* Sam account flags used when creating an account. These flags seem
* to be very similar to the USER_INFO_X flags (UF_XXX) in lmaccess.h
* but the values are different.
*/
/*
* QueryUserInfo UserAllInformation WhichFields
*/
/*
* specific access rights which can be used in OpenAlias.
* extracted from Ethereal network analyzer
*/
/*
* Definition for a SID. The ndl compiler does not allow a typedef of
* a structure containing variable size members.
*/
};
/*
* SAMR definition of a security_descriptor.
*/
};
};
/*
* Definition for a string. The length and allosize should be set to
* twice the string length (i.e. strlen(str) * 2). The runtime code
* will perform the appropriate string to a wide-char conversions,
* so str should point to a regular char * string.
*/
};
/*
* Alternative varying/conformant string definition - for
* non-null terminated strings. This definition must match
* ndr_vcbuf_t.
*/
/*
* size_is (actually a copy of length_is) will
* be inserted here by the marshalling library.
*/
};
};
/*
* OLD_LARGE_INTEGER: a 64-bit value.
*/
};
/*
* Blob used for the NT and LM OWF passwords.
* The length and maxlen should be 16.
*/
};
/*
* There is some sort of logon bitmap structure in here, which I
* think is a varying and conformant array, i.e.
*
* struct samr_logon_hours {
* DWORD size_is; (1260)
* DWORD first_is; (zero)
* DWORD length_is; (168)
* BYTE bitmap[21];
* };
*
* struct samr_logon_info {
* DWORD length;
* SIZE_IS(length / 8)
* struct samr_logon_hours *hours;
* };
*
* So size_is is set as some sort of maximum.
*
* bytes (all set to 0xFF), this is is probably the default setting.
*/
};
};
};
};
/*
***********************************************************************
* ConnectAnon. It looks like the SAM handle is identical to an LSA
* handle. See Connect.
***********************************************************************
*/
};
/*
***********************************************************************
* Connect. I'm not sure what the difference is between Connect and
* ConnectAnon but this call seems to work better than ConnectAnon.
***********************************************************************
*/
};
/*
***********************************************************************
* SamrConnect3. A new form of connect first seen with Windows 2000.
* A new field has been added to the input request. Value: 0x00000002.
* I haven't looked at the Win2K response yet to see if it differs
* from SAMR_OPNUM_Connect.
***********************************************************************
*/
};
/*
***********************************************************************
* SamrConnect4. A new form of connect first seen with Windows XP.
* The server name is the fully qualified domain name, i.e.
* \\server.sun.com.
*
* [in] DWORD InVersion,
* [in] [switch_is(InVersion)] samr_revision_info *InRevisionInfo
* [out] DWORD *OutVersion
* [out] [switch_is(*OutVersion)] *samr_revision_info *OutRevisionInfo
*
* SupportedFeatures (see notes in [MS-SAMR]
* 0x00000001 RID values returned from the server must not be
* concatenated with the domain SID.
* 0x00000002 Reserved
* 0x00000004 Reserved
***********************************************************************
*/
};
};
};
/*
***********************************************************************
* CloseHandle closes an association with the SAM. Using the same
* structure as the LSA seems to work.
***********************************************************************
*/
};
/*
***********************************************************************
* LookupDomain: lookup up the domain SID.
***********************************************************************
*/
};
/*
***********************************************************************
* EnumLocalDomain
*
* This looks like a request to get the local domains supported by a
* remote server. NT always seems to return 2 domains: the local
* domain (hostname) and the Builtin domain.
*
* The max_length field is set to 0x2000.
* Enum_context is set to 0 in the request and set to entries_read in
* the reply. Like most of these enums, total_entries is the same as
* entries_read.
***********************************************************************
*/
};
};
};
/*
***********************************************************************
* OpenDomain
*
* Open a specific domain within the SAM. From this I assume that each
* SAM can handle multiple domains so you need to identify the one with
* which you want to work. Working with a domain handle does appear to
* offer the benefit that you can then use RIDs instead of full SIDs,
* which simplifies things a bit. The domain handle can be used to get
* user and group handles.
***********************************************************************
*/
};
/*
***********************************************************************
* QueryDomainInfo
*
* Windows 95 Server Manager sends requests for levels 6 and 7 when
* the services menu item is selected.
***********************************************************************
*/
};
};
};
};
};
};
};
};
};
};
};
};
/* TBD */
};
};
};
};
};
};
};
};
};
};
/* right now we just need one entry */
};
};
/*
***********************************************************************
* OpenUser
*
* Input must be a domain handle obtained via SAMR_OPNUM_OpenDomain,
* an access mask and the appropriate user rid. The output will be a
* handle for use with the specified user.
***********************************************************************
*/
};
/*
***********************************************************************
* DeleteUser
***********************************************************************
*/
};
/*
***********************************************************************
* QueryUserInfo
*
* Provides various pieces of information on a specific user (see
* SAM_Q_QUERY_USERINFO and SAM_R_QUERY_USERINFO). The handle must
* be a valid SAM user handle.
*
* QueryUserInfo (
* IN samr_handle_t user_handle,
* IN WORD switch_value,
* OUT union switch(switch_value) {
* case 1: struct QueryUserInfo1 *info1;
* } bufptr,
* OUT DWORD status
* )
*
* typedef enum _USER_INFORMATION_CLASS {
* UserGeneralInformation = 1,
* UserPreferencesInformation = 2,
* UserLogonInformation = 3,
* UserLogonHoursInformation = 4,
* UserAccountInformation = 5,
* UserNameInformation = 6,
* UserAccountNameInformation = 7,
* UserFullNameInformation = 8,
* UserPrimaryGroupInformation = 9,
* UserHomeInformation = 10,
* UserScriptInformation = 11,
* UserProfileInformation = 12,
* UserAdminCommentInformation = 13,
* UserWorkStationsInformation = 14,
* UserControlInformation = 16,
* UserExpiresInformation = 17,
* UserInternal1Information = 18,
* UserParametersInformation = 20,
* UserAllInformation = 21,
* UserInternal4Information = 23,
* UserInternal5Information = 24,
* UserInternal4InformationNew = 25,
* UserInternal5InformationNew = 26,
* } USER_INFORMATION_CLASS;
*
* 1 = username, fullname, description and some other stuff.
* 3 = large structure containing user rid, group rid, username
* and fullname.
* 5 = large structure (like 3) containing user rid, group rid,
* username, fullname and description.
* 6 = username and fullname
* 7 = username
* 8 = fullname
* 9 = group rid
* 16 = used after creating a new account
*
* Due to an ndrgen bug, a function must be provided to to patch the
* offsets used by the unmarshalling code at runtime. In order to
* simplify things it is useful to use a naming convention that
* indicates the switch value for each structure.
*
***********************************************************************
*/
};
};
};
};
};
};
/*
* SAMR_USER_ALL_INFORMATION
*/
};
};
/*
* This structure needs to be declared, even though it can't be used in
* samr_QueryUserInfo, in order to get the appropriate size to calculate
* the correct fixup offsets. If ndrgen did the right thing,
* QueryUserInfo_result would be one of the out parameters. However, if
* we do it that way, the switch_value isn't known early enough to do
* the fixup calculation. So it all has to go in samr_QueryUserInfo.
*/
};
/*
* Can't use this form because we need to include members explicitly.
* OUT struct QueryUserInfo_result result;
*/
};
/*
***********************************************************************
* QueryUserGroups
***********************************************************************
*/
};
};
};
/*
***********************************************************************
* LookupName
***********************************************************************
*/
};
};
};
};
/*
***********************************************************************
* OpenGroup
*
* Input must be a domain handle obtained via SAMR_OPNUM_OpenDomain,
* an access mask and the appropriate group rid. The output will be a
* handle for use with the specified group.
***********************************************************************
*/
};
/*
***********************************************************************
* QueryGroupInfo
*
* Input must be a group handle obtained via SAMR_OPNUM_OpenGroup,
* an access mask and the appropriate group rid. The output will
* be a handle for use with the specified group.
***********************************************************************
*/
};
};
};
};
/*
***********************************************************************
* StoreGroupInfo
*
* This definition is mostly just a place holder in case this is useful
* in the future. Note that it may not be correct. The information is
* from a netmon trace captured when I added a group description. I
* haven't implemented it because we don't have to update anything on
* the PDC. The description should almost certainly be in a separate
* structure.
***********************************************************************
*/
};
/*
***********************************************************************
* Request 0x2c is a user request. The only parameter is a user handle.
* The response is 12 bytes of the form:
* unknown: 00 00 BB 01 (443)
* unknown: 00 00 00 00
* status: 00 00 00 00
* RPC book lists this as GetUsrDomPwInfo.
***********************************************************************
*/
};
};
/*
***********************************************************************
* CreateUser
*
* Create a user in the domain specified by the domain handle. The
* domain handle is obtained obtained via SAMR_OPNUM_OpenDomain.
* DesiredAccess: 0xe00500b0.
* The output will be a handle for use with the specified user and the
* user's RID. I think the RID may be a unique pointer (it can be null).
***********************************************************************
*/
};
/*
***********************************************************************
* ChangeUserPasswd
***********************************************************************
*/
};
};
};
/*
***********************************************************************
* GetDomainPwInfo
***********************************************************************
*/
};
/*
***********************************************************************
* SetUserInfo
*
* +++ 20 byte user handle and the union switch_value +++
* 00 00 00 00 77 F2 DD D5 66 48 D4 11 AD 5F D1 CD
* 18 43 7A DF 17 00 17 00
*
* +++ 14 dwords (56 bytes) of zeros +++
* 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
* 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
* 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
* 00 00 00 00 00 00 00 00
*
* +++ 9 sets of something - 72 bytes +++
* 00 00 02 00 D0 04 8A 77
* 00 00 02 00 D0 04 8A 77
* 00 00 02 00 D0 04 8A 77
* 00 00 02 00 D0 04 8A 77
* 00 00 02 00 D0 04 8A 77
* 00 00 02 00 D0 04 8A 77
* 00 00 02 00 D0 04 8A 77
* 00 00 02 00 D0 04 8A 77
* 00 00 02 00 D0 04 8A 77
*
* +++ 9 DWORD zeros +++
* 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
* 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
* 00 00 00 00
*
* +++ miscellaneous +++
* 01 02 00 00
* 80 00 00 00
* FA 27 F8 09
* A8 00 00 00 70 F1 14 00
* 00 00 00 00 00 00 00 00 00 00 00 00
*
* +++ encrypted password buffer - 512 bytes +++
* 76 68 E8 AA 23 4F 62 C4 81 4E 30 B8 92 29 66 B9
* 12 FF 3A 84 82 3A 55 0F C7 18 EA 56 86 50 D7 C5
* 43 BA 9C F8 32 D4 E0 15 74 A1 6F E1 59 C2 F2 95
* 53 A9 F2 68 9F 7F 29 B9 88 4C 65 A5 C1 DC 0B 44
* B8 3C ED 74 D1 6A F7 09 66 97 94 6B 2C 3A A5 88
* 39 34 C6 FE 24 59 30 2D CF 6D 7F D5 EC B1 9A 84
* E6 57 96 29 40 32 FB 62 9D 93 E2 BE D8 A3 74 88
* 8B 85 BC A0 76 D6 C9 DB 8C AF 81 BD 8A F0 08 8D
* 23 B0 52 FD 69 DE EF A1 36 E5 30 19 BD DA 67 A3
* 81 BD 3F D0 2A A2 8F 60 62 B0 8D 34 9E A4 4F 20
* 4E 79 93 82 58 A8 E5 6F 7A DC 12 13 33 E6 74 02
* 4C 32 F9 FC 1A E1 C5 0D E2 CC 36 8D FC 72 87 DD
* 6C 44 E3 6F 4B FD 46 10 08 89 E5 64 B8 27 14 83
* E7 08 DE CF 69 C7 E1 40 63 DF CB 67 95 73 03 1B
* CA 99 E1 1B 53 2A 89 6B 30 39 CD 5C DF A0 8A 1C
* 4E 50 74 7C 6D 3D E7 EA E9 B2 97 DD 38 7B DA EC
* 1A AD DA CE C4 58 9B 29 F3 6D 30 70 4E 63 6D 84
* DB DC 5B CD 9A 4E 57 9C E4 65 5D 4F 76 E3 C7 52
* 8B 3B 20 0A 3B 4C 4B B1 2E 5B 4D AB BA 2F 45 6A
* CA 17 AD 9F C0 B2 07 FB 56 7F E4 3F 9F D4 C6 8C
* A1 05 BF 53 42 1E 67 F4 57 54 E3 2C 38 CF E1 94
* 75 69 F7 4E 5C 74 CC B3 FD EF 73 3F D5 28 22 EC
* 9B 40 E1 1D 65 44 7C BB 69 88 57 10 05 3A C5 48
* 8E 4F 77 DB 1A 5C 49 9C D5 06 00 AC 79 BC 7E 89
* B0 01 66 70 88 A2 E5 DF 96 DC 75 98 10 12 45 02
* 33 35 6C DF 74 8B 14 2F 26 C6 FD 7A B4 D0 A6 7D
* DE 2B 13 44 EF 34 46 4D 9D 3E C3 75 BC 11 B4 41
* 27 58 25 1E AF AA F0 BB DA 27 7A 1E AE 81 1A 78
* 44 19 DE FC C4 7C 4E 32 44 F7 57 2A 41 A2 85 DC
* C0 AD 5D 6B 58 FD 2E 75 25 B9 F2 B6 19 82 E5 0E
* B6 69 0D C1 27 A9 B6 40 A6 50 49 E5 CB 17 98 65
* 88 18 CA E4 1D 2E 20 F7 DE 8E 7D F2 9D A5 6B CD
*
* D6 79 45 71
*
* +++ table of 9 things +++
* 01 00 00 00 00 00 00 00 00 00 00 00
* 01 00 00 00 00 00 00 00 00 00 00 00
* 01 00 00 00 00 00 00 00 00 00 00 00
* 01 00 00 00 00 00 00 00 00 00 00 00
* 01 00 00 00 00 00 00 00 00 00 00 00
* 01 00 00 00 00 00 00 00 00 00 00 00
* 01 00 00 00 00 00 00 00 00 00 00 00
* 01 00 00 00 00 00 00 00 00 00 00 00
* 01 00 00 00 00 00 00 00 00 00 00 00
*
* +++ miscellaneous +++
* EC 04 00 00 00 00 00 00 15 00 00 00
* FF FF FF FF FF FF FF FF FF FF FF FF
* FF FF FF FF FF FF FF FF FF
*
***********************************************************************
*/
/*
* The following 12 bytes are encoded in Ethereal as:
*
* WORD bad_pwd_count;
* WORD logon_count;
*
* WORD country; (default 0)
* WORD codepage;
*
* BYTE nt_pwd_set;
* BYTE lm_pwd_set;
* BYTE expired_flag;
* BYTE unknown_char;
*/
};
};
};
/*
IN DWORD unknown_04EC;
IN DWORD unknown_zero;
IN DWORD logon_bitmap_size;
IN BYTE logon_bitmap[SAMR_SET_USER_HOURS_SZ];
*/
};
/*
***********************************************************************
* The SAMR interface definition.
***********************************************************************
*/
INTERFACE(0)
};
#endif /* _MLSVC_SAM_NDL_ */