aboutsummaryrefslogtreecommitdiffstats
path: root/epan/dissectors/pidl
diff options
context:
space:
mode:
authorRonnie Sahlberg <ronnie_sahlberg@ozemail.com.au>2008-10-02 00:07:54 +0000
committerRonnie Sahlberg <ronnie_sahlberg@ozemail.com.au>2008-10-02 00:07:54 +0000
commit8f8f84f6ae86c06af27d2545e5147aa8b888b6ae (patch)
tree0932c16665fa324f65752e65496a3527c2d6281f /epan/dissectors/pidl
parentbc7779c4c4471eee1184e5c5b188bc2dbe5876fb (diff)
update to SAMR
svn path=/trunk/; revision=26330
Diffstat (limited to 'epan/dissectors/pidl')
-rw-r--r--epan/dissectors/pidl/samr.cnf78
-rw-r--r--epan/dissectors/pidl/samr.idl387
2 files changed, 300 insertions, 165 deletions
diff --git a/epan/dissectors/pidl/samr.cnf b/epan/dissectors/pidl/samr.cnf
index 4c00ef9b5e..d63c1b94c7 100644
--- a/epan/dissectors/pidl/samr.cnf
+++ b/epan/dissectors/pidl/samr.cnf
@@ -157,6 +157,8 @@ PARAM_VALUE samr_dissect_element_CreateUser2_account_name_ 3|PIDL_SET_COL_INFO|P
TYPE lsa_String "offset=cnf_dissect_lsa_String(tvb, offset, pinfo, tree, drep, @PARAM@, @HF@);" FT_STRING BASE_NONE 0 NULL 4
TYPE lsa_AsciiString "offset=cnf_dissect_lsa_AsciiString(tvb, offset, pinfo, tree, drep, @PARAM@, @HF@);" FT_STRING BASE_NONE 0 NULL 4
+TYPE lsa_StringLarge "offset=cnf_dissect_lsa_String(tvb, offset, pinfo, tree, drep, @PARAM@, @HF@);" FT_STRING BASE_NONE 0 NULL 4
+TYPE lsa_AsciiStringLarge "offset=cnf_dissect_lsa_AsciiString(tvb, offset, pinfo, tree, drep, @PARAM@, @HF@);" FT_STRING BASE_NONE 0 NULL 4
TYPE hyper "offset=cnf_dissect_hyper(tvb, offset, pinfo, tree, drep, @PARAM@, @HF@);" FT_UINT64 BASE_DEC 0 NULL 8
@@ -213,12 +215,12 @@ CODE START
static void
samr_connect_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
{
- proto_tree_add_boolean(tree, hf_samr_samr_ConnectAccessMask_SAMR_ACCESS_OPEN_DOMAIN, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_ConnectAccessMask_SAMR_ACCESS_ENUM_DOMAINS, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_ConnectAccessMask_SAMR_ACCESS_CREATE_DOMAIN, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_ConnectAccessMask_SAMR_ACCESS_INITIALIZE_SERVER, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_ConnectAccessMask_SAMR_ACCESS_SHUTDOWN_SERVER, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_ConnectAccessMask_SAMR_ACCESS_CONNECT_TO_SERVER, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_ServerAccessMask_SAMR_SERVER_ACCESS_OPEN_DOMAIN, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_ServerAccessMask_SAMR_SERVER_ACCESS_ENUM_DOMAINS, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_ServerAccessMask_SAMR_SERVER_ACCESS_CREATE_DOMAIN, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_ServerAccessMask_SAMR_SERVER_ACCESS_INITIALIZE_SERVER, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_ServerAccessMask_SAMR_SERVER_ACCESS_SHUTDOWN_SERVER, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_ServerAccessMask_SAMR_SERVER_ACCESS_CONNECT_TO_SERVER, tvb, offset, 4, access);
}
struct access_mask_info samr_connect_access_mask_info = {
@@ -241,11 +243,11 @@ samr_dissect_bitmap_ConnectAccessMask(tvbuff_t *tvb, int offset, packet_info *pi
static void
samr_alias_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
{
- proto_tree_add_boolean(tree, hf_samr_samr_AliasAccessMask_ALIAS_ACCESS_ADD_MEMBER, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_AliasAccessMask_ALIAS_ACCESS_REMOVE_MEMBER, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_AliasAccessMask_ALIAS_ACCESS_GET_MEMBERS, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_AliasAccessMask_ALIAS_ACCESS_LOOKUP_INFO, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_AliasAccessMask_ALIAS_ACCESS_SET_INFO, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_AliasAccessMask_SAMR_ALIAS_ACCESS_ADD_MEMBER, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_AliasAccessMask_SAMR_ALIAS_ACCESS_REMOVE_MEMBER, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_AliasAccessMask_SAMR_ALIAS_ACCESS_GET_MEMBERS, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_AliasAccessMask_SAMR_ALIAS_ACCESS_LOOKUP_INFO, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_AliasAccessMask_SAMR_ALIAS_ACCESS_SET_INFO, tvb, offset, 4, access);
}
struct access_mask_info samr_alias_access_mask_info = {
@@ -268,11 +270,11 @@ samr_dissect_bitmap_AliasAccessMask(tvbuff_t *tvb, int offset, packet_info *pinf
static void
samr_group_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
{
- proto_tree_add_boolean(tree, hf_samr_samr_GroupAccessMask_GROUP_ACCESS_GET_MEMBERS, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_GroupAccessMask_GROUP_ACCESS_REMOVE_MEMBER, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_GroupAccessMask_GROUP_ACCESS_ADD_MEMBER, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_GroupAccessMask_GROUP_ACCESS_SET_INFO, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_GroupAccessMask_GROUP_ACCESS_LOOKUP_INFO, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_GroupAccessMask_SAMR_GROUP_ACCESS_GET_MEMBERS, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_GroupAccessMask_SAMR_GROUP_ACCESS_REMOVE_MEMBER, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_GroupAccessMask_SAMR_GROUP_ACCESS_ADD_MEMBER, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_GroupAccessMask_SAMR_GROUP_ACCESS_SET_INFO, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_GroupAccessMask_SAMR_GROUP_ACCESS_LOOKUP_INFO, tvb, offset, 4, access);
}
struct access_mask_info samr_group_access_mask_info = {
@@ -295,17 +297,17 @@ samr_dissect_bitmap_GroupAccessMask(tvbuff_t *tvb, int offset, packet_info *pinf
static void
samr_domain_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
{
- proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_DOMAIN_ACCESS_LOOKUP_INFO_1, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_DOMAIN_ACCESS_SET_INFO_1, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_DOMAIN_ACCESS_LOOKUP_INFO_2, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_DOMAIN_ACCESS_SET_INFO_2, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_DOMAIN_ACCESS_CREATE_USER, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_DOMAIN_ACCESS_CREATE_GROUP, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_DOMAIN_ACCESS_CREATE_ALIAS, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_DOMAIN_ACCESS_LOOKUP_ALIAS, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_DOMAIN_ACCESS_ENUM_ACCOUNTS, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_DOMAIN_ACCESS_OPEN_ACCOUNT, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_DOMAIN_ACCESS_SET_INFO_3, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_SET_INFO_1, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_SET_INFO_2, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_CREATE_USER, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_CREATE_GROUP, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_CREATE_ALIAS, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_DomainAccessMask_SAMR_DOMAIN_ACCESS_SET_INFO_3, tvb, offset, 4, access);
}
struct access_mask_info samr_domain_access_mask_info = {
@@ -328,17 +330,17 @@ samr_dissect_bitmap_DomainAccessMask(tvbuff_t *tvb, int offset, packet_info *pin
static void
samr_user_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
{
- proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_USER_ACCESS_GET_GROUP_MEMBERSHIP, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_USER_ACCESS_GET_GROUPS, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_USER_ACCESS_SET_PASSWORD, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_USER_ACCESS_CHANGE_PASSWORD, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_USER_ACCESS_SET_ATTRIBUTES, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_USER_ACCESS_GET_ATTRIBUTES, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_USER_ACCESS_GET_LOGONINFO, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_USER_ACCESS_SET_LOC_COM, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_USER_ACCESS_GET_LOCALE, tvb, offset, 4, access);
- proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_USER_ACCESS_GET_NAME_ETC, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_GET_GROUPS, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_SET_PASSWORD, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_CHANGE_PASSWORD, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_SET_ATTRIBUTES, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_GET_ATTRIBUTES, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_GET_LOGONINFO, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_SET_LOC_COM, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_GET_LOCALE, tvb, offset, 4, access);
+ proto_tree_add_boolean(tree, hf_samr_samr_UserAccessMask_SAMR_USER_ACCESS_GET_NAME_ETC, tvb, offset, 4, access);
}
struct access_mask_info samr_user_access_mask_info = {
diff --git a/epan/dissectors/pidl/samr.idl b/epan/dissectors/pidl/samr.idl
index eea39fb673..1790b69eb0 100644
--- a/epan/dissectors/pidl/samr.idl
+++ b/epan/dissectors/pidl/samr.idl
@@ -12,11 +12,9 @@
[ uuid("12345778-1234-abcd-ef00-0123456789ac"),
version(1.0),
endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
- pointer_default(unique),
- pointer_default_top(unique)
+ pointer_default(unique)
] interface samr
{
- declare bitmap security_secinfo;
typedef [public,noejs] struct {
[value(strlen_m_term(name)*2)] uint16 name_len;
@@ -67,64 +65,78 @@
} samr_AcctFlags;
typedef [bitmap32bit] bitmap {
- SAMR_ACCESS_CONNECT_TO_SERVER = 0x00000001,
- SAMR_ACCESS_SHUTDOWN_SERVER = 0x00000002,
- SAMR_ACCESS_INITIALIZE_SERVER = 0x00000004,
- SAMR_ACCESS_CREATE_DOMAIN = 0x00000008,
- SAMR_ACCESS_ENUM_DOMAINS = 0x00000010,
- SAMR_ACCESS_OPEN_DOMAIN = 0x00000020
- } samr_ConnectAccessMask;
+ SAMR_SERVER_ACCESS_CONNECT_TO_SERVER = 0x00000001,
+ SAMR_SERVER_ACCESS_SHUTDOWN_SERVER = 0x00000002,
+ SAMR_SERVER_ACCESS_INITIALIZE_SERVER = 0x00000004,
+ SAMR_SERVER_ACCESS_CREATE_DOMAIN = 0x00000008,
+ SAMR_SERVER_ACCESS_ENUM_DOMAINS = 0x00000010,
+ SAMR_SERVER_ACCESS_OPEN_DOMAIN = 0x00000020
+ } samr_ServerAccessMask;
+ // these bits are invalid and return ACCESS_DENIED
+ const int SAMR_SERVER_ACCESS_MASK_INVALID = 0x0000ffc0;
+ // generic access
+ const int SAMR_SERVER_ACCESS_ALL_ACCESS = 0x000f003f;
+ const int SAMR_SERVER_ACCESS_ALL_READ = 0x00020010;
+ const int SAMR_SERVER_ACCESS_ALL_WRITE = 0x0002000e;
+ const int SAMR_SERVER_ACCESS_ALL_EXECUTE = 0x00020021;
typedef [bitmap32bit] bitmap {
- USER_ACCESS_GET_NAME_ETC = 0x00000001,
- USER_ACCESS_GET_LOCALE = 0x00000002,
- USER_ACCESS_SET_LOC_COM = 0x00000004,
- USER_ACCESS_GET_LOGONINFO = 0x00000008,
- USER_ACCESS_GET_ATTRIBUTES = 0x00000010,
- USER_ACCESS_SET_ATTRIBUTES = 0x00000020,
- USER_ACCESS_CHANGE_PASSWORD = 0x00000040,
- USER_ACCESS_SET_PASSWORD = 0x00000080,
- USER_ACCESS_GET_GROUPS = 0x00000100,
- USER_ACCESS_GET_GROUP_MEMBERSHIP = 0x00000200,
- USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400
+ SAMR_USER_ACCESS_GET_NAME_ETC = 0x00000001,
+ SAMR_USER_ACCESS_GET_LOCALE = 0x00000002,
+ SAMR_USER_ACCESS_SET_LOC_COM = 0x00000004,
+ SAMR_USER_ACCESS_GET_LOGONINFO = 0x00000008,
+ SAMR_USER_ACCESS_GET_ATTRIBUTES = 0x00000010,
+ SAMR_USER_ACCESS_SET_ATTRIBUTES = 0x00000020,
+ SAMR_USER_ACCESS_CHANGE_PASSWORD = 0x00000040,
+ SAMR_USER_ACCESS_SET_PASSWORD = 0x00000080,
+ SAMR_USER_ACCESS_GET_GROUPS = 0x00000100,
+ SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP = 0x00000200,
+ SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400
} samr_UserAccessMask;
typedef [bitmap32bit] bitmap {
- DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001,
- DOMAIN_ACCESS_SET_INFO_1 = 0x00000002,
- DOMAIN_ACCESS_LOOKUP_INFO_2 = 0x00000004,
- DOMAIN_ACCESS_SET_INFO_2 = 0x00000008,
- DOMAIN_ACCESS_CREATE_USER = 0x00000010,
- DOMAIN_ACCESS_CREATE_GROUP = 0x00000020,
- DOMAIN_ACCESS_CREATE_ALIAS = 0x00000040,
- DOMAIN_ACCESS_LOOKUP_ALIAS = 0x00000080,
- DOMAIN_ACCESS_ENUM_ACCOUNTS = 0x00000100,
- DOMAIN_ACCESS_OPEN_ACCOUNT = 0x00000200,
- DOMAIN_ACCESS_SET_INFO_3 = 0x00000400
+ SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001,
+ SAMR_DOMAIN_ACCESS_SET_INFO_1 = 0x00000002,
+ SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 = 0x00000004,
+ SAMR_DOMAIN_ACCESS_SET_INFO_2 = 0x00000008,
+ SAMR_DOMAIN_ACCESS_CREATE_USER = 0x00000010,
+ SAMR_DOMAIN_ACCESS_CREATE_GROUP = 0x00000020,
+ SAMR_DOMAIN_ACCESS_CREATE_ALIAS = 0x00000040,
+ SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS = 0x00000080,
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS = 0x00000100,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT = 0x00000200,
+ SAMR_DOMAIN_ACCESS_SET_INFO_3 = 0x00000400
} samr_DomainAccessMask;
typedef [bitmap32bit] bitmap {
- GROUP_ACCESS_LOOKUP_INFO = 0x00000001,
- GROUP_ACCESS_SET_INFO = 0x00000002,
- GROUP_ACCESS_ADD_MEMBER = 0x00000004,
- GROUP_ACCESS_REMOVE_MEMBER = 0x00000008,
- GROUP_ACCESS_GET_MEMBERS = 0x00000010
+ SAMR_GROUP_ACCESS_LOOKUP_INFO = 0x00000001,
+ SAMR_GROUP_ACCESS_SET_INFO = 0x00000002,
+ SAMR_GROUP_ACCESS_ADD_MEMBER = 0x00000004,
+ SAMR_GROUP_ACCESS_REMOVE_MEMBER = 0x00000008,
+ SAMR_GROUP_ACCESS_GET_MEMBERS = 0x00000010
} samr_GroupAccessMask;
+ // these bits are invalid and return ACCESS_DENIED
+ const int SAMR_GROUP_ACCESS_MASK_INVALID = 0x0000ffe0;
+ // generic access
+ const int SAMR_GROUP_ACCESS_ALL_ACCESS = 0x000f001f;
+ const int SAMR_GROUP_ACCESS_ALL_READ = 0x00020010;
+ const int SAMR_GROUP_ACCESS_ALL_WRITE = 0x0002000e;
+ const int SAMR_GROUP_ACCESS_ALL_EXECUTE = 0x00020001;
typedef [bitmap32bit] bitmap {
- ALIAS_ACCESS_ADD_MEMBER = 0x00000001,
- ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002,
- ALIAS_ACCESS_GET_MEMBERS = 0x00000004,
- ALIAS_ACCESS_LOOKUP_INFO = 0x00000008,
- ALIAS_ACCESS_SET_INFO = 0x00000010
+ SAMR_ALIAS_ACCESS_ADD_MEMBER = 0x00000001,
+ SAMR_ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002,
+ SAMR_ALIAS_ACCESS_GET_MEMBERS = 0x00000004,
+ SAMR_ALIAS_ACCESS_LOOKUP_INFO = 0x00000008,
+ SAMR_ALIAS_ACCESS_SET_INFO = 0x00000010
} samr_AliasAccessMask;
/******************/
/* Function: 0x00 */
NTSTATUS samr_Connect (
/* notice the lack of [string] */
- [in] uint16 *system_name,
- [in] samr_ConnectAccessMask access_mask,
+ [in,unique] uint16 *system_name,
+ [in] samr_ServerAccessMask access_mask,
[out,ref] policy_handle *connect_handle
);
@@ -150,7 +162,7 @@
NTSTATUS samr_QuerySecurity (
[in,ref] policy_handle *handle,
[in] security_secinfo sec_info,
- [out] sec_desc_buf *sdbuf
+ [out,unique] sec_desc_buf *sdbuf
);
/******************/
@@ -168,7 +180,7 @@
NTSTATUS samr_LookupDomain (
[in,ref] policy_handle *connect_handle,
[in,ref] lsa_String *domain_name,
- [out] dom_sid2 *sid
+ [out,unique] dom_sid2 *sid
);
@@ -189,7 +201,7 @@
[in,ref] policy_handle *connect_handle,
[in,out,ref] uint32 *resume_handle,
[in] uint32 buf_size,
- [out] samr_SamArray *sam,
+ [out,unique] samr_SamArray *sam,
[out] uint32 num_entries
);
@@ -313,7 +325,7 @@
NTSTATUS samr_QueryDomainInfo(
[in,ref] policy_handle *domain_handle,
[in] uint16 level,
- [out,switch_is(level)] samr_DomainInfo *info
+ [out,switch_is(level),unique] samr_DomainInfo *info
);
/************************/
@@ -346,7 +358,7 @@
[in,ref] policy_handle *domain_handle,
[in,out,ref] uint32 *resume_handle,
[in] uint32 max_size,
- [out] samr_SamArray *sam,
+ [out,unique] samr_SamArray *sam,
[out] uint32 num_entries
);
@@ -374,18 +386,18 @@
[in,out,ref] uint32 *resume_handle,
[in] samr_AcctFlags acct_flags,
[in] uint32 max_size,
- [out] samr_SamArray *sam,
+ [out,unique] samr_SamArray *sam,
[out] uint32 num_entries
);
/************************/
/* Function 0x0e */
NTSTATUS samr_CreateDomAlias(
- [in,ref] policy_handle *domain_handle,
- [in,ref] lsa_String *alias_name,
+ [in,ref] policy_handle *domain_handle,
+ [in,ref] lsa_String *alias_name,
[in] samr_AliasAccessMask access_mask,
- [out,ref] policy_handle *alias_handle,
- [out,ref] uint32 *rid
+ [out,ref] policy_handle *alias_handle,
+ [out,ref] uint32 *rid
);
/************************/
@@ -394,7 +406,7 @@
[in,ref] policy_handle *domain_handle,
[in,out,ref] uint32 *resume_handle,
[in] samr_AcctFlags acct_flags,
- [out] samr_SamArray *sam,
+ [out,unique] samr_SamArray *sam,
[out] uint32 num_entries
);
@@ -496,7 +508,7 @@
NTSTATUS samr_QueryGroupInfo(
[in,ref] policy_handle *group_handle,
[in] samr_GroupInfoEnum level,
- [out,switch_is(level)] samr_GroupInfo *info
+ [out,switch_is(level),unique] samr_GroupInfo *info
);
/************************/
@@ -539,7 +551,7 @@
NTSTATUS samr_QueryGroupMember(
[in,ref] policy_handle *group_handle,
- [out] samr_RidTypeArray *rids
+ [out,unique] samr_RidTypeArray *rids
);
@@ -593,7 +605,7 @@
NTSTATUS samr_QueryAliasInfo(
[in,ref] policy_handle *alias_handle,
[in] samr_AliasInfoEnum level,
- [out,switch_is(level)] samr_AliasInfo *info
+ [out,switch_is(level),unique] samr_AliasInfo *info
);
/************************/
@@ -601,7 +613,7 @@
NTSTATUS samr_SetAliasInfo(
[in,ref] policy_handle *alias_handle,
[in] samr_AliasInfoEnum level,
- [in,switch_is(level)] samr_AliasInfo info
+ [in,switch_is(level),ref] samr_AliasInfo *info
);
/************************/
@@ -767,23 +779,36 @@
/* this defines the bits used for fields_present in info21 */
typedef [bitmap32bit] bitmap {
- SAMR_FIELD_ACCOUNT_NAME = 0x00000001,
- SAMR_FIELD_FULL_NAME = 0x00000002,
- SAMR_FIELD_PRIMARY_GID = 0x00000008,
- SAMR_FIELD_DESCRIPTION = 0x00000010,
- SAMR_FIELD_COMMENT = 0x00000020,
- SAMR_FIELD_HOME_DIRECTORY = 0x00000040,
- SAMR_FIELD_HOME_DRIVE = 0x00000080,
- SAMR_FIELD_LOGON_SCRIPT = 0x00000100,
- SAMR_FIELD_PROFILE_PATH = 0x00000200,
- SAMR_FIELD_WORKSTATIONS = 0x00000400,
- SAMR_FIELD_LOGON_HOURS = 0x00002000,
- SAMR_FIELD_ACCT_FLAGS = 0x00100000,
- SAMR_FIELD_PARAMETERS = 0x00200000,
- SAMR_FIELD_COUNTRY_CODE = 0x00400000,
- SAMR_FIELD_CODE_PAGE = 0x00800000,
- SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */
- SAMR_FIELD_PASSWORD2 = 0x02000000 /* two bits seems to work */
+ SAMR_FIELD_ACCOUNT_NAME = 0x00000001,
+ SAMR_FIELD_FULL_NAME = 0x00000002,
+ SAMR_FIELD_RID = 0x00000004,
+ SAMR_FIELD_PRIMARY_GID = 0x00000008,
+ SAMR_FIELD_DESCRIPTION = 0x00000010,
+ SAMR_FIELD_COMMENT = 0x00000020,
+ SAMR_FIELD_HOME_DIRECTORY = 0x00000040,
+ SAMR_FIELD_HOME_DRIVE = 0x00000080,
+ SAMR_FIELD_LOGON_SCRIPT = 0x00000100,
+ SAMR_FIELD_PROFILE_PATH = 0x00000200,
+ SAMR_FIELD_WORKSTATIONS = 0x00000400,
+ SAMR_FIELD_LAST_LOGON = 0x00000800,
+ SAMR_FIELD_LAST_LOGOFF = 0x00001000,
+ SAMR_FIELD_LOGON_HOURS = 0x00002000,
+ SAMR_FIELD_BAD_PWD_COUNT = 0x00004000,
+ SAMR_FIELD_NUM_LOGONS = 0x00008000,
+ SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000,
+ SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000,
+ SAMR_FIELD_LAST_PWD_CHANGE = 0x00040000,
+ SAMR_FIELD_ACCT_EXPIRY = 0x00080000,
+ SAMR_FIELD_ACCT_FLAGS = 0x00100000,
+ SAMR_FIELD_PARAMETERS = 0x00200000,
+ SAMR_FIELD_COUNTRY_CODE = 0x00400000,
+ SAMR_FIELD_CODE_PAGE = 0x00800000,
+ SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */
+ SAMR_FIELD_PASSWORD2 = 0x02000000, /* two bits seems to work */
+ SAMR_FIELD_PRIVATE_DATA = 0x04000000,
+ SAMR_FIELD_EXPIRED_FLAG = 0x08000000,
+ SAMR_FIELD_SEC_DESC = 0x10000000,
+ SAMR_FIELD_OWF_PWD = 0x20000000
} samr_FieldsPresent;
typedef struct {
@@ -879,7 +904,7 @@
[public] NTSTATUS samr_QueryUserInfo(
[in,ref] policy_handle *user_handle,
[in] uint16 level,
- [out,switch_is(level)] samr_UserInfo *info
+ [out,unique,switch_is(level)] samr_UserInfo *info
);
@@ -904,15 +929,15 @@
NTSTATUS samr_ChangePasswordUser(
[in,ref] policy_handle *user_handle,
[in] boolean8 lm_present,
- [in] samr_Password *old_lm_crypted,
- [in] samr_Password *new_lm_crypted,
+ [in,unique] samr_Password *old_lm_crypted,
+ [in,unique] samr_Password *new_lm_crypted,
[in] boolean8 nt_present,
- [in] samr_Password *old_nt_crypted,
- [in] samr_Password *new_nt_crypted,
+ [in,unique] samr_Password *old_nt_crypted,
+ [in,unique] samr_Password *new_nt_crypted,
[in] boolean8 cross1_present,
- [in] samr_Password *nt_cross,
+ [in,unique] samr_Password *nt_cross,
[in] boolean8 cross2_present,
- [in] samr_Password *lm_cross
+ [in,unique] samr_Password *lm_cross
);
/************************/
@@ -930,7 +955,7 @@
NTSTATUS samr_GetGroupsForUser(
[in,ref] policy_handle *user_handle,
- [out] samr_RidWithAttributeArray *rids
+ [out,unique] samr_RidWithAttributeArray *rids
);
/************************/
@@ -941,8 +966,8 @@
uint32 rid;
samr_AcctFlags acct_flags;
lsa_String account_name;
- lsa_String full_name;
lsa_String description;
+ lsa_String full_name;
} samr_DispEntryGeneral;
typedef struct {
@@ -978,7 +1003,7 @@
typedef struct {
uint32 idx;
- lsa_AsciiString account_name;
+ lsa_AsciiStringLarge account_name;
} samr_DispEntryAscii;
typedef struct {
@@ -1078,7 +1103,7 @@
NTSTATUS samr_QueryDomainInfo2(
[in,ref] policy_handle *domain_handle,
[in] uint16 level,
- [out,switch_is(level)] samr_DomainInfo *info
+ [out,unique,switch_is(level)] samr_DomainInfo *info
);
/************************/
@@ -1090,7 +1115,7 @@
NTSTATUS samr_QueryUserInfo2(
[in,ref] policy_handle *user_handle,
[in] uint16 level,
- [out,switch_is(level)] samr_UserInfo *info
+ [out,unique,switch_is(level)] samr_UserInfo *info
);
/************************/
@@ -1172,36 +1197,36 @@
/* Function 0x36 */
NTSTATUS samr_OemChangePasswordUser2(
- [in] lsa_AsciiString *server,
+ [in,unique] lsa_AsciiString *server,
[in,ref] lsa_AsciiString *account,
- [in] samr_CryptPassword *password,
- [in] samr_Password *hash
+ [in,unique] samr_CryptPassword *password,
+ [in,unique] samr_Password *hash
);
/************************/
/* Function 0x37 */
NTSTATUS samr_ChangePasswordUser2(
- [in] lsa_String *server,
+ [in,unique] lsa_String *server,
[in,ref] lsa_String *account,
- [in] samr_CryptPassword *nt_password,
- [in] samr_Password *nt_verifier,
+ [in,unique] samr_CryptPassword *nt_password,
+ [in,unique] samr_Password *nt_verifier,
[in] boolean8 lm_change,
- [in] samr_CryptPassword *lm_password,
- [in] samr_Password *lm_verifier
+ [in,unique] samr_CryptPassword *lm_password,
+ [in,unique] samr_Password *lm_verifier
);
/************************/
/* Function 0x38 */
NTSTATUS samr_GetDomPwInfo(
- [in] lsa_String *domain_name,
+ [in,unique] lsa_String *domain_name,
[out] samr_PwInfo info
);
/************************/
/* Function 0x39 */
NTSTATUS samr_Connect2(
- [in,string,charset(UTF16)] uint16 *system_name,
- [in] samr_ConnectAccessMask access_mask,
+ [in,unique,string,charset(UTF16)] uint16 *system_name,
+ [in] samr_ServerAccessMask access_mask,
[out,ref] policy_handle *connect_handle
);
@@ -1238,54 +1263,72 @@
/************************/
/* Function 0x3d */
NTSTATUS samr_Connect3(
- [in,string,charset(UTF16)] uint16 *system_name,
+ [in,unique,string,charset(UTF16)] uint16 *system_name,
/* this unknown value seems to be completely ignored by w2k3 */
[in] uint32 unknown,
- [in] samr_ConnectAccessMask access_mask,
+ [in] samr_ServerAccessMask access_mask,
[out,ref] policy_handle *connect_handle
);
/************************/
/* Function 0x3e */
NTSTATUS samr_Connect4(
- [in,string,charset(UTF16)] uint16 *system_name,
+ [in,unique,string,charset(UTF16)] uint16 *system_name,
[in] uint32 unknown,
- [in] samr_ConnectAccessMask access_mask,
+ [in] samr_ServerAccessMask access_mask,
[out,ref] policy_handle *connect_handle
);
/************************/
/* Function 0x3f */
- typedef enum {
- DUMMY_ENTRY_KEEP_PIDL_HAPPY = 999
- } samr_RejectReason;
+ typedef [v1_enum] enum {
+ SAMR_PWD_CHANGE_NO_ERROR = 0,
+ SAMR_PWD_CHANGE_PASSWORD_TOO_SHORT = 1,
+ SAMR_PWD_CHANGE_PWD_IN_HISTORY = 2,
+ SAMR_PWD_CHANGE_USERNAME_IN_PASSWORD = 3,
+ SAMR_PWD_CHANGE_FULLNAME_IN_PASSWORD = 4,
+ SAMR_PWD_CHANGE_NOT_COMPLEX = 5,
+ SAMR_PWD_CHANGE_MACHINE_PASSWORD_NOT_DEFAULT = 6,
+ SAMR_PWD_CHANGE_FAILED_BY_FILTER = 7,
+ SAMR_PWD_CHANGE_PASSWORD_TOO_LONG = 8
+ } samr_ExtendedFailureReason;
typedef struct {
- samr_RejectReason reason;
+ samr_ExtendedFailureReason reason;
uint32 unknown1;
uint32 unknown2;
} samr_ChangeReject;
NTSTATUS samr_ChangePasswordUser3(
- [in] lsa_String *server,
+ [in,unique] lsa_String *server,
[in,ref] lsa_String *account,
- [in] samr_CryptPassword *nt_password,
- [in] samr_Password *nt_verifier,
+ [in,unique] samr_CryptPassword *nt_password,
+ [in,unique] samr_Password *nt_verifier,
[in] boolean8 lm_change,
- [in] samr_CryptPassword *lm_password,
- [in] samr_Password *lm_verifier,
- [in] samr_CryptPassword *password3,
- [out] samr_DomInfo1 *dominfo,
- [out] samr_ChangeReject *reject
+ [in,unique] samr_CryptPassword *lm_password,
+ [in,unique] samr_Password *lm_verifier,
+ [in,unique] samr_CryptPassword *password3,
+ [out,unique] samr_DomInfo1 *dominfo,
+ [out,unique] samr_ChangeReject *reject
);
/************************/
/* Function 0x40 */
+ typedef [v1_enum] enum {
+ CONNECTION_REVISION_PRE_W2K = 1,
+ CONNECTION_REVISION_W2K = 2,
+ CONNECTION_REVISION_XP = 3
+ } samr_ConnectRevision;
+
+ typedef [bitmap32bit] bitmap {
+ SAMR_FEATURES_DONT_CONCAT_RIDS = 0x00000001
+ } samr_SupportedFeatures;
+
typedef struct {
- uint32 unknown1; /* w2k3 gives 3 */
- uint32 unknown2; /* w2k3 gives 0 */
+ samr_ConnectRevision revision;
+ samr_SupportedFeatures features;
} samr_ConnectInfo1;
typedef union {
@@ -1293,8 +1336,8 @@
} samr_ConnectInfo;
[public] NTSTATUS samr_Connect5(
- [in,string,charset(UTF16)] uint16 *system_name,
- [in] samr_ConnectAccessMask access_mask,
+ [in,unique,string,charset(UTF16)] uint16 *system_name,
+ [in] samr_ServerAccessMask access_mask,
[in,out] uint32 level,
[in,out,switch_is(level),ref] samr_ConnectInfo *info,
[out,ref] policy_handle *connect_handle
@@ -1305,7 +1348,7 @@
NTSTATUS samr_RidToSid(
[in,ref] policy_handle *domain_handle,
[in] uint32 rid,
- [out] dom_sid2 *sid
+ [out,unique] dom_sid2 *sid
);
@@ -1319,17 +1362,107 @@
*/
NTSTATUS samr_SetDsrmPassword(
- [in] lsa_String *name,
+ [in,unique] lsa_String *name,
[in] uint32 unknown,
- [in] samr_Password *hash
+ [in,unique] samr_Password *hash
);
/************************/
/* Function 0x43 */
- /*
- I haven't been able to work out the format of this one yet.
- Seems to start with a switch level for a union?
- */
- NTSTATUS samr_ValidatePassword();
+ /************************/
+ typedef [bitmap32bit] bitmap {
+ SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET = 0x00000001,
+ SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME = 0x00000002,
+ SAMR_VALIDATE_FIELD_LOCKOUT_TIME = 0x00000004,
+ SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT = 0x00000008,
+ SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH = 0x00000010,
+ SAMR_VALIDATE_FIELD_PASSWORD_HISTORY = 0x00000020
+ } samr_ValidateFieldsPresent;
+
+ typedef enum {
+ NetValidateAuthentication = 1,
+ NetValidatePasswordChange= 2,
+ NetValidatePasswordReset = 3
+ } samr_ValidatePasswordLevel;
+
+ /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't
+ * identified the mapping of
+ * - NERR_PasswordFilterError
+ * - NERR_PasswordExpired and
+ * - NERR_PasswordCantChange
+ * yet - Guenther
+ */
+
+ typedef enum {
+ SAMR_VALIDATION_STATUS_SUCCESS = 0,
+ SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1,
+ SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2,
+ SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4,
+ SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5,
+ SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6,
+ SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7,
+ SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8,
+ SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9
+ } samr_ValidationStatus;
+
+ typedef struct {
+ uint32 length;
+ [size_is(length)] uint8 *data;
+ } samr_ValidationBlob;
+
+ typedef struct {
+ samr_ValidateFieldsPresent fields_present;
+ NTTIME_hyper last_password_change;
+ NTTIME_hyper bad_password_time;
+ NTTIME_hyper lockout_time;
+ uint32 bad_pwd_count;
+ uint32 pwd_history_len;
+ [size_is(pwd_history_len)] samr_ValidationBlob *pwd_history;
+ } samr_ValidatePasswordInfo;
+
+ typedef struct {
+ samr_ValidatePasswordInfo info;
+ samr_ValidationStatus status;
+ } samr_ValidatePasswordRepCtr;
+
+ typedef [switch_type(uint16)] union {
+ [case(1)] samr_ValidatePasswordRepCtr ctr1;
+ [case(2)] samr_ValidatePasswordRepCtr ctr2;
+ [case(3)] samr_ValidatePasswordRepCtr ctr3;
+ } samr_ValidatePasswordRep;
+
+ typedef struct {
+ samr_ValidatePasswordInfo info;
+ lsa_StringLarge password;
+ lsa_StringLarge account;
+ samr_ValidationBlob hash;
+ boolean8 pwd_must_change_at_next_logon;
+ boolean8 clear_lockout;
+ } samr_ValidatePasswordReq3;
+
+ typedef struct {
+ samr_ValidatePasswordInfo info;
+ lsa_StringLarge password;
+ lsa_StringLarge account;
+ samr_ValidationBlob hash;
+ boolean8 password_matched;
+ } samr_ValidatePasswordReq2;
+
+ typedef struct {
+ samr_ValidatePasswordInfo info;
+ boolean8 password_matched;
+ } samr_ValidatePasswordReq1;
+
+ typedef [switch_type(uint16)] union {
+ [case(1)] samr_ValidatePasswordReq1 req1;
+ [case(2)] samr_ValidatePasswordReq2 req2;
+ [case(3)] samr_ValidatePasswordReq3 req3;
+ } samr_ValidatePasswordReq;
+
+ NTSTATUS samr_ValidatePassword(
+ [in] samr_ValidatePasswordLevel level,
+ [in,switch_is(level)] samr_ValidatePasswordReq req,
+ [out,unique,switch_is(level)] samr_ValidatePasswordRep *rep
+ );
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 21:57:06 +0000