Process Hacker
ntsam.h
Go to the documentation of this file.
1 #ifndef _NTSAM_H
2 #define _NTSAM_H
3 
4 #define SAM_MAXIMUM_LOOKUP_COUNT (1000)
5 #define SAM_MAXIMUM_LOOKUP_LENGTH (32000)
6 #define SAM_MAX_PASSWORD_LENGTH (256)
7 #define SAM_PASSWORD_ENCRYPTION_SALT_LEN (16)
8 
9 typedef PVOID SAM_HANDLE, *PSAM_HANDLE;
10 typedef ULONG SAM_ENUMERATE_HANDLE, *PSAM_ENUMERATE_HANDLE;
11 
12 typedef struct _SAM_RID_ENUMERATION
13 {
14  ULONG RelativeId;
15  UNICODE_STRING Name;
16 } SAM_RID_ENUMERATION, *PSAM_RID_ENUMERATION;
17 
18 typedef struct _SAM_SID_ENUMERATION
19 {
20  PSID Sid;
21  UNICODE_STRING Name;
22 } SAM_SID_ENUMERATION, *PSAM_SID_ENUMERATION;
23 
24 typedef struct _SAM_BYTE_ARRAY
25 {
26  ULONG Size;
27  _Field_size_bytes_(Size) PUCHAR Data;
28 } SAM_BYTE_ARRAY, *PSAM_BYTE_ARRAY;
29 
30 typedef struct _SAM_BYTE_ARRAY_32K
31 {
32  ULONG Size;
33  _Field_size_bytes_(Size) PUCHAR Data;
34 } SAM_BYTE_ARRAY_32K, *PSAM_BYTE_ARRAY_32K;
35 
36 typedef SAM_BYTE_ARRAY_32K SAM_SHELL_OBJECT_PROPERTIES, *PSAM_SHELL_OBJECT_PROPERTIES;
37 
38 // Basic
39 
40 NTSTATUS
41 NTAPI
42 SamFreeMemory(
43  _In_ PVOID Buffer
44  );
45 
46 NTSTATUS
47 NTAPI
48 SamCloseHandle(
49  _In_ SAM_HANDLE SamHandle
50  );
51 
52 _Check_return_
53 NTSTATUS
54 NTAPI
55 SamSetSecurityObject(
56  _In_ SAM_HANDLE ObjectHandle,
57  _In_ SECURITY_INFORMATION SecurityInformation,
58  _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
59  );
60 
61 _Check_return_
62 NTSTATUS
63 NTAPI
64 SamQuerySecurityObject(
65  _In_ SAM_HANDLE ObjectHandle,
66  _In_ SECURITY_INFORMATION SecurityInformation,
67  _Outptr_ PSECURITY_DESCRIPTOR *SecurityDescriptor
68  );
69 
70 _Check_return_
71 NTSTATUS
72 NTAPI
73 SamRidToSid(
74  _In_ SAM_HANDLE ObjectHandle,
75  _In_ ULONG Rid,
76  _Outptr_ PSID *Sid
77  );
78 
79 // Server
80 
81 #define SAM_SERVER_CONNECT 0x0001
82 #define SAM_SERVER_SHUTDOWN 0x0002
83 #define SAM_SERVER_INITIALIZE 0x0004
84 #define SAM_SERVER_CREATE_DOMAIN 0x0008
85 #define SAM_SERVER_ENUMERATE_DOMAINS 0x0010
86 #define SAM_SERVER_LOOKUP_DOMAIN 0x0020
87 
88 #define SAM_SERVER_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
89  SAM_SERVER_CONNECT | \
90  SAM_SERVER_INITIALIZE | \
91  SAM_SERVER_CREATE_DOMAIN | \
92  SAM_SERVER_SHUTDOWN | \
93  SAM_SERVER_ENUMERATE_DOMAINS | \
94  SAM_SERVER_LOOKUP_DOMAIN)
95 
96 #define SAM_SERVER_READ (STANDARD_RIGHTS_READ | \
97  SAM_SERVER_ENUMERATE_DOMAINS)
98 
99 #define SAM_SERVER_WRITE (STANDARD_RIGHTS_WRITE | \
100  SAM_SERVER_INITIALIZE | \
101  SAM_SERVER_CREATE_DOMAIN | \
102  SAM_SERVER_SHUTDOWN)
103 
104 #define SAM_SERVER_EXECUTE (STANDARD_RIGHTS_EXECUTE | \
105  SAM_SERVER_CONNECT | \
106  SAM_SERVER_LOOKUP_DOMAIN)
107 
108 // Functions
109 
110 _Check_return_
111 NTSTATUS
112 NTAPI
113 SamConnect(
114  _In_opt_ PUNICODE_STRING ServerName,
115  _Out_ PSAM_HANDLE ServerHandle,
116  _In_ ACCESS_MASK DesiredAccess,
117  _In_ POBJECT_ATTRIBUTES ObjectAttributes
118  );
119 
120 _Check_return_
121 NTSTATUS
122 NTAPI
123 SamShutdownSamServer(
124  _In_ SAM_HANDLE ServerHandle
125  );
126 
127 // Domain
128 
129 #define DOMAIN_READ_PASSWORD_PARAMETERS 0x0001
130 #define DOMAIN_WRITE_PASSWORD_PARAMS 0x0002
131 #define DOMAIN_READ_OTHER_PARAMETERS 0x0004
132 #define DOMAIN_WRITE_OTHER_PARAMETERS 0x0008
133 #define DOMAIN_CREATE_USER 0x0010
134 #define DOMAIN_CREATE_GROUP 0x0020
135 #define DOMAIN_CREATE_ALIAS 0x0040
136 #define DOMAIN_GET_ALIAS_MEMBERSHIP 0x0080
137 #define DOMAIN_LIST_ACCOUNTS 0x0100
138 #define DOMAIN_LOOKUP 0x0200
139 #define DOMAIN_ADMINISTER_SERVER 0x0400
140 
141 #define DOMAIN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
142  DOMAIN_READ_OTHER_PARAMETERS | \
143  DOMAIN_WRITE_OTHER_PARAMETERS | \
144  DOMAIN_WRITE_PASSWORD_PARAMS | \
145  DOMAIN_CREATE_USER | \
146  DOMAIN_CREATE_GROUP | \
147  DOMAIN_CREATE_ALIAS | \
148  DOMAIN_GET_ALIAS_MEMBERSHIP | \
149  DOMAIN_LIST_ACCOUNTS | \
150  DOMAIN_READ_PASSWORD_PARAMETERS | \
151  DOMAIN_LOOKUP | \
152  DOMAIN_ADMINISTER_SERVER)
153 
154 #define DOMAIN_READ (STANDARD_RIGHTS_READ | \
155  DOMAIN_GET_ALIAS_MEMBERSHIP | \
156  DOMAIN_READ_OTHER_PARAMETERS)
157 
158 #define DOMAIN_WRITE (STANDARD_RIGHTS_WRITE | \
159  DOMAIN_WRITE_OTHER_PARAMETERS | \
160  DOMAIN_WRITE_PASSWORD_PARAMS | \
161  DOMAIN_CREATE_USER | \
162  DOMAIN_CREATE_GROUP | \
163  DOMAIN_CREATE_ALIAS | \
164  DOMAIN_ADMINISTER_SERVER)
165 
166 #define DOMAIN_EXECUTE (STANDARD_RIGHTS_EXECUTE | \
167  DOMAIN_READ_PASSWORD_PARAMETERS | \
168  DOMAIN_LIST_ACCOUNTS | \
169  DOMAIN_LOOKUP)
170 
171 #define DOMAIN_PROMOTION_INCREMENT { 0x0, 0x10 }
172 #define DOMAIN_PROMOTION_MASK { 0x0, 0xfffffff0 }
173 
174 // SamQueryInformationDomain/SamSetInformationDomain types
175 
176 typedef enum _DOMAIN_INFORMATION_CLASS
177 {
178  DomainPasswordInformation = 1,
179  DomainGeneralInformation,
180  DomainLogoffInformation,
181  DomainOemInformation,
182  DomainNameInformation,
183  DomainReplicationInformation,
184  DomainServerRoleInformation,
185  DomainModifiedInformation,
186  DomainStateInformation,
187  DomainUasInformation,
188  DomainGeneralInformation2,
189  DomainLockoutInformation,
190  DomainModifiedInformation2
191 } DOMAIN_INFORMATION_CLASS;
192 
193 typedef enum _DOMAIN_SERVER_ENABLE_STATE
194 {
195  DomainServerEnabled = 1,
196  DomainServerDisabled
197 } DOMAIN_SERVER_ENABLE_STATE, *PDOMAIN_SERVER_ENABLE_STATE;
198 
199 typedef enum _DOMAIN_SERVER_ROLE
200 {
201  DomainServerRoleBackup = 2,
202  DomainServerRolePrimary
203 } DOMAIN_SERVER_ROLE, *PDOMAIN_SERVER_ROLE;
204 
205 #include <pshpack4.h>
206 typedef struct _DOMAIN_GENERAL_INFORMATION
207 {
208  LARGE_INTEGER ForceLogoff;
209  UNICODE_STRING OemInformation;
210  UNICODE_STRING DomainName;
211  UNICODE_STRING ReplicaSourceNodeName;
212  LARGE_INTEGER DomainModifiedCount;
213  DOMAIN_SERVER_ENABLE_STATE DomainServerState;
214  DOMAIN_SERVER_ROLE DomainServerRole;
215  BOOLEAN UasCompatibilityRequired;
216  ULONG UserCount;
217  ULONG GroupCount;
218  ULONG AliasCount;
219 } DOMAIN_GENERAL_INFORMATION, *PDOMAIN_GENERAL_INFORMATION;
220 #include <poppack.h>
221 
222 #include <pshpack4.h>
223 typedef struct _DOMAIN_GENERAL_INFORMATION2
224 {
225  DOMAIN_GENERAL_INFORMATION I1;
226  LARGE_INTEGER LockoutDuration; // delta time
227  LARGE_INTEGER LockoutObservationWindow; // delta time
228  USHORT LockoutThreshold;
229 } DOMAIN_GENERAL_INFORMATION2, *PDOMAIN_GENERAL_INFORMATION2;
230 #include <poppack.h>
231 
232 typedef struct _DOMAIN_UAS_INFORMATION
233 {
234  BOOLEAN UasCompatibilityRequired;
235 } DOMAIN_UAS_INFORMATION;
236 
237 #ifndef _DOMAIN_PASSWORD_INFORMATION_DEFINED // defined in ntsecapi.h
238 #define _DOMAIN_PASSWORD_INFORMATION_DEFINED
239 
240 typedef struct _DOMAIN_PASSWORD_INFORMATION
241 {
242  USHORT MinPasswordLength;
243  USHORT PasswordHistoryLength;
244  ULONG PasswordProperties;
245  LARGE_INTEGER MaxPasswordAge;
246  LARGE_INTEGER MinPasswordAge;
247 } DOMAIN_PASSWORD_INFORMATION, *PDOMAIN_PASSWORD_INFORMATION;
248 
249 // PasswordProperties flags
250 
251 #define DOMAIN_PASSWORD_COMPLEX 0x00000001L
252 #define DOMAIN_PASSWORD_NO_ANON_CHANGE 0x00000002L
253 #define DOMAIN_PASSWORD_NO_CLEAR_CHANGE 0x00000004L
254 #define DOMAIN_LOCKOUT_ADMINS 0x00000008L
255 #define DOMAIN_PASSWORD_STORE_CLEARTEXT 0x00000010L
256 #define DOMAIN_REFUSE_PASSWORD_CHANGE 0x00000020L
257 #define DOMAIN_NO_LM_OWF_CHANGE 0x00000040L
258 
259 #endif
260 
261 typedef enum _DOMAIN_PASSWORD_CONSTRUCTION
262 {
263  DomainPasswordSimple = 1,
264  DomainPasswordComplex
265 } DOMAIN_PASSWORD_CONSTRUCTION;
266 
267 typedef struct _DOMAIN_LOGOFF_INFORMATION
268 {
269  LARGE_INTEGER ForceLogoff;
270 } DOMAIN_LOGOFF_INFORMATION, *PDOMAIN_LOGOFF_INFORMATION;
271 
272 typedef struct _DOMAIN_OEM_INFORMATION
273 {
274  UNICODE_STRING OemInformation;
275 } DOMAIN_OEM_INFORMATION, *PDOMAIN_OEM_INFORMATION;
276 
277 typedef struct _DOMAIN_NAME_INFORMATION
278 {
279  UNICODE_STRING DomainName;
280 } DOMAIN_NAME_INFORMATION, *PDOMAIN_NAME_INFORMATION;
281 
282 typedef struct _DOMAIN_SERVER_ROLE_INFORMATION
283 {
284  DOMAIN_SERVER_ROLE DomainServerRole;
285 } DOMAIN_SERVER_ROLE_INFORMATION, *PDOMAIN_SERVER_ROLE_INFORMATION;
286 
287 typedef struct _DOMAIN_REPLICATION_INFORMATION
288 {
289  UNICODE_STRING ReplicaSourceNodeName;
290 } DOMAIN_REPLICATION_INFORMATION, *PDOMAIN_REPLICATION_INFORMATION;
291 
292 typedef struct _DOMAIN_MODIFIED_INFORMATION
293 {
294  LARGE_INTEGER DomainModifiedCount;
295  LARGE_INTEGER CreationTime;
296 } DOMAIN_MODIFIED_INFORMATION, *PDOMAIN_MODIFIED_INFORMATION;
297 
298 typedef struct _DOMAIN_MODIFIED_INFORMATION2
299 {
300  LARGE_INTEGER DomainModifiedCount;
301  LARGE_INTEGER CreationTime;
302  LARGE_INTEGER ModifiedCountAtLastPromotion;
303 } DOMAIN_MODIFIED_INFORMATION2, *PDOMAIN_MODIFIED_INFORMATION2;
304 
305 typedef struct _DOMAIN_STATE_INFORMATION
306 {
307  DOMAIN_SERVER_ENABLE_STATE DomainServerState;
308 } DOMAIN_STATE_INFORMATION, *PDOMAIN_STATE_INFORMATION;
309 
310 typedef struct _DOMAIN_LOCKOUT_INFORMATION
311 {
312  LARGE_INTEGER LockoutDuration; // delta time
313  LARGE_INTEGER LockoutObservationWindow; // delta time
314  USHORT LockoutThreshold; // zero means no lockout
315 } DOMAIN_LOCKOUT_INFORMATION, *PDOMAIN_LOCKOUT_INFORMATION;
316 
317 // SamQueryDisplayInformation types
318 
319 typedef enum _DOMAIN_DISPLAY_INFORMATION
320 {
321  DomainDisplayUser = 1,
322  DomainDisplayMachine,
323  DomainDisplayGroup,
324  DomainDisplayOemUser,
325  DomainDisplayOemGroup,
326  DomainDisplayServer
327 } DOMAIN_DISPLAY_INFORMATION, *PDOMAIN_DISPLAY_INFORMATION;
328 
329 typedef struct _DOMAIN_DISPLAY_USER
330 {
331  ULONG Index;
332  ULONG Rid;
333  ULONG AccountControl;
334  UNICODE_STRING LogonName;
335  UNICODE_STRING AdminComment;
336  UNICODE_STRING FullName;
337 } DOMAIN_DISPLAY_USER, *PDOMAIN_DISPLAY_USER;
338 
339 typedef struct _DOMAIN_DISPLAY_MACHINE
340 {
341  ULONG Index;
342  ULONG Rid;
343  ULONG AccountControl;
344  UNICODE_STRING Machine;
345  UNICODE_STRING Comment;
346 } DOMAIN_DISPLAY_MACHINE, *PDOMAIN_DISPLAY_MACHINE;
347 
348 typedef struct _DOMAIN_DISPLAY_GROUP
349 {
350  ULONG Index;
351  ULONG Rid;
352  ULONG Attributes;
353  UNICODE_STRING Group;
354  UNICODE_STRING Comment;
355 } DOMAIN_DISPLAY_GROUP, *PDOMAIN_DISPLAY_GROUP;
356 
357 typedef struct _DOMAIN_DISPLAY_OEM_USER
358 {
359  ULONG Index;
360  OEM_STRING User;
361 } DOMAIN_DISPLAY_OEM_USER, *PDOMAIN_DISPLAY_OEM_USER;
362 
363 typedef struct _DOMAIN_DISPLAY_OEM_GROUP
364 {
365  ULONG Index;
366  OEM_STRING Group;
367 } DOMAIN_DISPLAY_OEM_GROUP, *PDOMAIN_DISPLAY_OEM_GROUP;
368 
369 // SamQueryLocalizableAccountsInDomain types
370 
371 typedef enum _DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION
372 {
373  DomainLocalizableAccountsBasic = 1,
374 } DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION, *PDOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION;
375 
376 typedef struct _DOMAIN_LOCALIZABLE_ACCOUNTS_ENTRY
377 {
378  ULONG Rid;
379  SID_NAME_USE Use;
380  UNICODE_STRING Name;
381  UNICODE_STRING AdminComment;
382 } DOMAIN_LOCALIZABLE_ACCOUNT_ENTRY, *PDOMAIN_LOCALIZABLE_ACCOUNT_ENTRY;
383 
384 typedef struct _DOMAIN_LOCALIZABLE_ACCOUNTS
385 {
386  ULONG Count;
387  _Field_size_(Count) DOMAIN_LOCALIZABLE_ACCOUNT_ENTRY *Entries;
388 } DOMAIN_LOCALIZABLE_ACCOUNTS_BASIC, *PDOMAIN_LOCALIZABLE_ACCOUNTS_BASIC;
389 
390 typedef union _DOMAIN_LOCALIZABLE_INFO_BUFFER
391 {
392  DOMAIN_LOCALIZABLE_ACCOUNTS_BASIC Basic;
393 } DOMAIN_LOCALIZABLE_ACCOUNTS_INFO_BUFFER, *PDOMAIN_LOCALIZABLE_ACCOUNTS_INFO_BUFFER;
394 
395 // Functions
396 
397 _Check_return_
398 NTSTATUS
399 NTAPI
400 SamLookupDomainInSamServer(
401  _In_ SAM_HANDLE ServerHandle,
402  _In_ PUNICODE_STRING Name,
403  _Outptr_ PSID *DomainId
404  );
405 
406 _Check_return_
407 NTSTATUS
408 NTAPI
409 SamEnumerateDomainsInSamServer(
410  _In_ SAM_HANDLE ServerHandle,
411  _Inout_ PSAM_ENUMERATE_HANDLE EnumerationContext,
412  _Outptr_ PVOID *Buffer, // PSAM_SID_ENUMERATION *Buffer
413  _In_ ULONG PreferedMaximumLength,
414  _Out_ PULONG CountReturned
415  );
416 
417 _Check_return_
418 NTSTATUS
419 NTAPI
420 SamOpenDomain(
421  _In_ SAM_HANDLE ServerHandle,
422  _In_ ACCESS_MASK DesiredAccess,
423  _In_ PSID DomainId,
424  _Out_ PSAM_HANDLE DomainHandle
425  );
426 
427 _Check_return_
428 NTSTATUS
429 NTAPI
430 SamQueryInformationDomain(
431  _In_ SAM_HANDLE DomainHandle,
432  _In_ DOMAIN_INFORMATION_CLASS DomainInformationClass,
433  _Outptr_ PVOID *Buffer
434  );
435 
436 _Check_return_
437 NTSTATUS
438 NTAPI
439 SamSetInformationDomain(
440  _In_ SAM_HANDLE DomainHandle,
441  _In_ DOMAIN_INFORMATION_CLASS DomainInformationClass,
442  _In_ PVOID DomainInformation
443  );
444 
445 _Check_return_
446 NTSTATUS
447 NTAPI
448 SamLookupNamesInDomain(
449  _In_ SAM_HANDLE DomainHandle,
450  _In_ ULONG Count,
451  _In_reads_(Count) PUNICODE_STRING Names,
452  _Out_ _Deref_post_count_(Count) PULONG *RelativeIds,
453  _Out_ _Deref_post_count_(Count) PSID_NAME_USE *Use
454  );
455 
456 _Check_return_
457 NTSTATUS
458 NTAPI
459 SamLookupIdsInDomain(
460  _In_ SAM_HANDLE DomainHandle,
461  _In_ ULONG Count,
462  _In_reads_(Count) PULONG RelativeIds,
463  _Out_ _Deref_post_count_(Count) PUNICODE_STRING *Names,
464  _Out_ _Deref_post_opt_count_(Count) PSID_NAME_USE *Use
465  );
466 
467 _Check_return_
468 NTSTATUS
469 NTAPI
470 SamRemoveMemberFromForeignDomain(
471  _In_ SAM_HANDLE DomainHandle,
472  _In_ PSID MemberId
473  );
474 
475 _Check_return_
476 NTSTATUS
477 NTAPI
478 SamQueryLocalizableAccountsInDomain(
479  _In_ SAM_HANDLE Domain,
480  _In_ ULONG Flags,
481  _In_ ULONG LanguageId,
482  _In_ DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION Class,
483  _Outptr_ PVOID *Buffer
484  );
485 
486 // Group
487 
488 #define GROUP_READ_INFORMATION 0x0001
489 #define GROUP_WRITE_ACCOUNT 0x0002
490 #define GROUP_ADD_MEMBER 0x0004
491 #define GROUP_REMOVE_MEMBER 0x0008
492 #define GROUP_LIST_MEMBERS 0x0010
493 
494 #define GROUP_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
495  GROUP_LIST_MEMBERS | \
496  GROUP_WRITE_ACCOUNT | \
497  GROUP_ADD_MEMBER | \
498  GROUP_REMOVE_MEMBER | \
499  GROUP_READ_INFORMATION)
500 
501 #define GROUP_READ (STANDARD_RIGHTS_READ | \
502  GROUP_LIST_MEMBERS)
503 
504 #define GROUP_WRITE (STANDARD_RIGHTS_WRITE | \
505  GROUP_WRITE_ACCOUNT | \
506  GROUP_ADD_MEMBER | \
507  GROUP_REMOVE_MEMBER)
508 
509 #define GROUP_EXECUTE (STANDARD_RIGHTS_EXECUTE | \
510  GROUP_READ_INFORMATION)
511 
512 typedef struct _GROUP_MEMBERSHIP
513 {
514  ULONG RelativeId;
515  ULONG Attributes;
516 } GROUP_MEMBERSHIP, *PGROUP_MEMBERSHIP;
517 
518 // SamQueryInformationGroup/SamSetInformationGroup types
519 
520 typedef enum _GROUP_INFORMATION_CLASS
521 {
522  GroupGeneralInformation = 1,
523  GroupNameInformation,
524  GroupAttributeInformation,
525  GroupAdminCommentInformation,
526  GroupReplicationInformation
527 } GROUP_INFORMATION_CLASS;
528 
529 typedef struct _GROUP_GENERAL_INFORMATION
530 {
531  UNICODE_STRING Name;
532  ULONG Attributes;
533  ULONG MemberCount;
534  UNICODE_STRING AdminComment;
535 } GROUP_GENERAL_INFORMATION, *PGROUP_GENERAL_INFORMATION;
536 
537 typedef struct _GROUP_NAME_INFORMATION
538 {
539  UNICODE_STRING Name;
540 } GROUP_NAME_INFORMATION, *PGROUP_NAME_INFORMATION;
541 
542 typedef struct _GROUP_ATTRIBUTE_INFORMATION
543 {
544  ULONG Attributes;
545 } GROUP_ATTRIBUTE_INFORMATION, *PGROUP_ATTRIBUTE_INFORMATION;
546 
547 typedef struct _GROUP_ADM_COMMENT_INFORMATION
548 {
549  UNICODE_STRING AdminComment;
550 } GROUP_ADM_COMMENT_INFORMATION, *PGROUP_ADM_COMMENT_INFORMATION;
551 
552 // Functions
553 
554 _Check_return_
555 NTSTATUS
556 NTAPI
557 SamEnumerateGroupsInDomain(
558  _In_ SAM_HANDLE DomainHandle,
559  _Inout_ PSAM_ENUMERATE_HANDLE EnumerationContext,
560  _Outptr_ PVOID *Buffer, // PSAM_RID_ENUMERATION *
561  _In_ ULONG PreferedMaximumLength,
562  _Out_ PULONG CountReturned
563  );
564 
565 _Check_return_
566 NTSTATUS
567 NTAPI
568 SamCreateGroupInDomain(
569  _In_ SAM_HANDLE DomainHandle,
570  _In_ PUNICODE_STRING AccountName,
571  _In_ ACCESS_MASK DesiredAccess,
572  _Out_ PSAM_HANDLE GroupHandle,
573  _Out_ PULONG RelativeId
574  );
575 
576 _Check_return_
577 NTSTATUS
578 NTAPI
579 SamOpenGroup(
580  _In_ SAM_HANDLE DomainHandle,
581  _In_ ACCESS_MASK DesiredAccess,
582  _In_ ULONG GroupId,
583  _Out_ PSAM_HANDLE GroupHandle
584  );
585 
586 _Check_return_
587 NTSTATUS
588 NTAPI
589 SamDeleteGroup(
590  _In_ SAM_HANDLE GroupHandle
591  );
592 
593 _Check_return_
594 NTSTATUS
595 NTAPI
596 SamQueryInformationGroup(
597  _In_ SAM_HANDLE GroupHandle,
598  _In_ GROUP_INFORMATION_CLASS GroupInformationClass,
599  _Outptr_ PVOID *Buffer
600  );
601 
602 _Check_return_
603 NTSTATUS
604 NTAPI
605 SamSetInformationGroup(
606  _In_ SAM_HANDLE GroupHandle,
607  _In_ GROUP_INFORMATION_CLASS GroupInformationClass,
608  _In_ PVOID Buffer
609  );
610 
611 _Check_return_
612 NTSTATUS
613 NTAPI
614 SamAddMemberToGroup(
615  _In_ SAM_HANDLE GroupHandle,
616  _In_ ULONG MemberId,
617  _In_ ULONG Attributes
618  );
619 
620 _Check_return_
621 NTSTATUS
622 NTAPI
623 SamRemoveMemberFromGroup(
624  _In_ SAM_HANDLE GroupHandle,
625  _In_ ULONG MemberId
626  );
627 
628 _Check_return_
629 NTSTATUS
630 NTAPI
631 SamGetMembersInGroup(
632  _In_ SAM_HANDLE GroupHandle,
633  _Out_ _Deref_post_count_(*MemberCount) PULONG *MemberIds,
634  _Out_ _Deref_post_count_(*MemberCount) PULONG *Attributes,
635  _Out_ PULONG MemberCount
636  );
637 
638 _Check_return_
639 NTSTATUS
640 NTAPI
641 SamSetMemberAttributesOfGroup(
642  _In_ SAM_HANDLE GroupHandle,
643  _In_ ULONG MemberId,
644  _In_ ULONG Attributes
645  );
646 
647 // Alias
648 
649 #define ALIAS_ADD_MEMBER 0x0001
650 #define ALIAS_REMOVE_MEMBER 0x0002
651 #define ALIAS_LIST_MEMBERS 0x0004
652 #define ALIAS_READ_INFORMATION 0x0008
653 #define ALIAS_WRITE_ACCOUNT 0x0010
654 
655 #define ALIAS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
656  ALIAS_READ_INFORMATION | \
657  ALIAS_WRITE_ACCOUNT | \
658  ALIAS_LIST_MEMBERS | \
659  ALIAS_ADD_MEMBER | \
660  ALIAS_REMOVE_MEMBER)
661 
662 #define ALIAS_READ (STANDARD_RIGHTS_READ | \
663  ALIAS_LIST_MEMBERS)
664 
665 #define ALIAS_WRITE (STANDARD_RIGHTS_WRITE | \
666  ALIAS_WRITE_ACCOUNT | \
667  ALIAS_ADD_MEMBER | \
668  ALIAS_REMOVE_MEMBER)
669 
670 #define ALIAS_EXECUTE (STANDARD_RIGHTS_EXECUTE | \
671  ALIAS_READ_INFORMATION)
672 
673 // SamQueryInformationAlias/SamSetInformationAlias types
674 
675 typedef enum _ALIAS_INFORMATION_CLASS
676 {
677  AliasGeneralInformation = 1,
678  AliasNameInformation,
679  AliasAdminCommentInformation,
680  AliasReplicationInformation,
681  AliasExtendedInformation,
682 } ALIAS_INFORMATION_CLASS;
683 
684 typedef struct _ALIAS_GENERAL_INFORMATION
685 {
686  UNICODE_STRING Name;
687  ULONG MemberCount;
688  UNICODE_STRING AdminComment;
689 } ALIAS_GENERAL_INFORMATION, *PALIAS_GENERAL_INFORMATION;
690 
691 typedef struct _ALIAS_NAME_INFORMATION
692 {
693  UNICODE_STRING Name;
694 } ALIAS_NAME_INFORMATION, *PALIAS_NAME_INFORMATION;
695 
696 typedef struct _ALIAS_ADM_COMMENT_INFORMATION
697 {
698  UNICODE_STRING AdminComment;
699 } ALIAS_ADM_COMMENT_INFORMATION, *PALIAS_ADM_COMMENT_INFORMATION;
700 
701 #define ALIAS_ALL_NAME (0x00000001L)
702 #define ALIAS_ALL_MEMBER_COUNT (0x00000002L)
703 #define ALIAS_ALL_ADMIN_COMMENT (0x00000004L)
704 #define ALIAS_ALL_SHELL_ADMIN_OBJECT_PROPERTIES (0x00000008L)
705 
706 typedef struct _ALIAS_EXTENDED_INFORMATION
707 {
708  ULONG WhichFields;
709  SAM_SHELL_OBJECT_PROPERTIES ShellAdminObjectProperties;
710 } ALIAS_EXTENDED_INFORMATION, *PALIAS_EXTENDED_INFORMATION;
711 
712 // Functions
713 
714 _Check_return_
715 NTSTATUS
716 NTAPI
717 SamEnumerateAliasesInDomain(
718  _In_ SAM_HANDLE DomainHandle,
719  _Inout_ PSAM_ENUMERATE_HANDLE EnumerationContext,
720  _Outptr_ PVOID *Buffer, // PSAM_RID_ENUMERATION *Buffer
721  _In_ ULONG PreferedMaximumLength,
722  _Out_ PULONG CountReturned
723  );
724 
725 _Check_return_
726 NTSTATUS
727 NTAPI
728 SamCreateAliasInDomain(
729  _In_ SAM_HANDLE DomainHandle,
730  _In_ PUNICODE_STRING AccountName,
731  _In_ ACCESS_MASK DesiredAccess,
732  _Out_ PSAM_HANDLE AliasHandle,
733  _Out_ PULONG RelativeId
734  );
735 
736 _Check_return_
737 NTSTATUS
738 NTAPI
739 SamOpenAlias(
740  _In_ SAM_HANDLE DomainHandle,
741  _In_ ACCESS_MASK DesiredAccess,
742  _In_ ULONG AliasId,
743  _Out_ PSAM_HANDLE AliasHandle
744  );
745 
746 _Check_return_
747 NTSTATUS
748 NTAPI
749 SamDeleteAlias(
750  _In_ SAM_HANDLE AliasHandle
751  );
752 
753 _Check_return_
754 NTSTATUS
755 NTAPI
756 SamQueryInformationAlias(
757  _In_ SAM_HANDLE AliasHandle,
758  _In_ ALIAS_INFORMATION_CLASS AliasInformationClass,
759  _Outptr_ PVOID *Buffer
760  );
761 
762 _Check_return_
763 NTSTATUS
764 NTAPI
765 SamSetInformationAlias(
766  _In_ SAM_HANDLE AliasHandle,
767  _In_ ALIAS_INFORMATION_CLASS AliasInformationClass,
768  _In_ PVOID Buffer
769  );
770 
771 _Check_return_
772 NTSTATUS
773 NTAPI
774 SamAddMemberToAlias(
775  _In_ SAM_HANDLE AliasHandle,
776  _In_ PSID MemberId
777  );
778 
779 _Check_return_
780 NTSTATUS
781 NTAPI
782 SamAddMultipleMembersToAlias(
783  _In_ SAM_HANDLE AliasHandle,
784  _In_reads_(MemberCount) PSID *MemberIds,
785  _In_ ULONG MemberCount
786  );
787 
788 _Check_return_
789 NTSTATUS
790 NTAPI
791 SamRemoveMemberFromAlias(
792  _In_ SAM_HANDLE AliasHandle,
793  _In_ PSID MemberId
794  );
795 
796 _Check_return_
797 NTSTATUS
798 NTAPI
799 SamRemoveMultipleMembersFromAlias(
800  _In_ SAM_HANDLE AliasHandle,
801  _In_reads_(MemberCount) PSID *MemberIds,
802  _In_ ULONG MemberCount
803  );
804 
805 _Check_return_
806 NTSTATUS
807 NTAPI
808 SamGetMembersInAlias(
809  _In_ SAM_HANDLE AliasHandle,
810  _Out_ _Deref_post_count_(*MemberCount) PSID **MemberIds,
811  _Out_ PULONG MemberCount
812  );
813 
814 _Check_return_
815 NTSTATUS
816 NTAPI
817 SamGetAliasMembership(
818  _In_ SAM_HANDLE DomainHandle,
819  _In_ ULONG PassedCount,
820  _In_reads_(PassedCount) PSID *Sids,
821  _Out_ PULONG MembershipCount,
822  _Out_ _Deref_post_count_(*MembershipCount) PULONG *Aliases
823  );
824 
825 // Group types
826 
827 #define GROUP_TYPE_BUILTIN_LOCAL_GROUP 0x00000001
828 #define GROUP_TYPE_ACCOUNT_GROUP 0x00000002
829 #define GROUP_TYPE_RESOURCE_GROUP 0x00000004
830 #define GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
831 #define GROUP_TYPE_APP_BASIC_GROUP 0x00000010
832 #define GROUP_TYPE_APP_QUERY_GROUP 0x00000020
833 #define GROUP_TYPE_SECURITY_ENABLED 0x80000000
834 
835 #define GROUP_TYPE_RESOURCE_BEHAVOIR (GROUP_TYPE_RESOURCE_GROUP | \
836  GROUP_TYPE_APP_BASIC_GROUP | \
837  GROUP_TYPE_APP_QUERY_GROUP)
838 
839 // User
840 
841 #define USER_READ_GENERAL 0x0001
842 #define USER_READ_PREFERENCES 0x0002
843 #define USER_WRITE_PREFERENCES 0x0004
844 #define USER_READ_LOGON 0x0008
845 #define USER_READ_ACCOUNT 0x0010
846 #define USER_WRITE_ACCOUNT 0x0020
847 #define USER_CHANGE_PASSWORD 0x0040
848 #define USER_FORCE_PASSWORD_CHANGE 0x0080
849 #define USER_LIST_GROUPS 0x0100
850 #define USER_READ_GROUP_INFORMATION 0x0200
851 #define USER_WRITE_GROUP_INFORMATION 0x0400
852 
853 #define USER_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
854  USER_READ_PREFERENCES | \
855  USER_READ_LOGON | \
856  USER_LIST_GROUPS | \
857  USER_READ_GROUP_INFORMATION | \
858  USER_WRITE_PREFERENCES | \
859  USER_CHANGE_PASSWORD | \
860  USER_FORCE_PASSWORD_CHANGE | \
861  USER_READ_GENERAL | \
862  USER_READ_ACCOUNT | \
863  USER_WRITE_ACCOUNT | \
864  USER_WRITE_GROUP_INFORMATION)
865 
866 #define USER_READ (STANDARD_RIGHTS_READ | \
867  USER_READ_PREFERENCES | \
868  USER_READ_LOGON | \
869  USER_READ_ACCOUNT | \
870  USER_LIST_GROUPS | \
871  USER_READ_GROUP_INFORMATION)
872 
873 #define USER_WRITE (STANDARD_RIGHTS_WRITE | \
874  USER_WRITE_PREFERENCES | \
875  USER_CHANGE_PASSWORD)
876 
877 #define USER_EXECUTE (STANDARD_RIGHTS_EXECUTE | \
878  USER_READ_GENERAL | \
879  USER_CHANGE_PASSWORD)
880 
881 // User account control flags
882 
883 #define USER_ACCOUNT_DISABLED (0x00000001)
884 #define USER_HOME_DIRECTORY_REQUIRED (0x00000002)
885 #define USER_PASSWORD_NOT_REQUIRED (0x00000004)
886 #define USER_TEMP_DUPLICATE_ACCOUNT (0x00000008)
887 #define USER_NORMAL_ACCOUNT (0x00000010)
888 #define USER_MNS_LOGON_ACCOUNT (0x00000020)
889 #define USER_INTERDOMAIN_TRUST_ACCOUNT (0x00000040)
890 #define USER_WORKSTATION_TRUST_ACCOUNT (0x00000080)
891 #define USER_SERVER_TRUST_ACCOUNT (0x00000100)
892 #define USER_DONT_EXPIRE_PASSWORD (0x00000200)
893 #define USER_ACCOUNT_AUTO_LOCKED (0x00000400)
894 #define USER_ENCRYPTED_TEXT_PASSWORD_ALLOWED (0x00000800)
895 #define USER_SMARTCARD_REQUIRED (0x00001000)
896 #define USER_TRUSTED_FOR_DELEGATION (0x00002000)
897 #define USER_NOT_DELEGATED (0x00004000)
898 #define USER_USE_DES_KEY_ONLY (0x00008000)
899 #define USER_DONT_REQUIRE_PREAUTH (0x00010000)
900 #define USER_PASSWORD_EXPIRED (0x00020000)
901 #define USER_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (0x00040000)
902 #define USER_NO_AUTH_DATA_REQUIRED (0x00080000)
903 #define USER_PARTIAL_SECRETS_ACCOUNT (0x00100000)
904 #define USER_USE_AES_KEYS (0x00200000) // not used
905 
906 #define NEXT_FREE_ACCOUNT_CONTROL_BIT (USER_USE_AES_KEYS << 1)
907 
908 #define USER_MACHINE_ACCOUNT_MASK ( \
909  USER_INTERDOMAIN_TRUST_ACCOUNT | \
910  USER_WORKSTATION_TRUST_ACCOUNT | \
911  USER_SERVER_TRUST_ACCOUNT \
912  )
913 
914 #define USER_ACCOUNT_TYPE_MASK ( \
915  USER_TEMP_DUPLICATE_ACCOUNT | \
916  USER_NORMAL_ACCOUNT | \
917  USER_MACHINE_ACCOUNT_MASK \
918  )
919 
920 #define USER_COMPUTED_ACCOUNT_CONTROL_BITS ( \
921  USER_ACCOUNT_AUTO_LOCKED | \
922  USER_PASSWORD_EXPIRED \
923  )
924 
925 // Logon times may be expressed in day, hour, or minute granularity.
926 
927 #define SAM_DAYS_PER_WEEK (7)
928 #define SAM_HOURS_PER_WEEK (24 * SAM_DAYS_PER_WEEK)
929 #define SAM_MINUTES_PER_WEEK (60 * SAM_HOURS_PER_WEEK)
930 
931 typedef struct _LOGON_HOURS
932 {
933  USHORT UnitsPerWeek;
934 
935  // UnitsPerWeek is the number of equal length time units the week is
936  // divided into. This value is used to compute the length of the bit
937  // string in logon_hours. Must be less than or equal to
938  // SAM_UNITS_PER_WEEK (10080) for this release.
939  //
940  // LogonHours is a bit map of valid logon times. Each bit represents
941  // a unique division in a week. The largest bit map supported is 1260
942  // bytes (10080 bits), which represents minutes per week. In this case
943  // the first bit (bit 0, byte 0) is Sunday, 00:00:00 - 00-00:59; bit 1,
944  // byte 0 is Sunday, 00:01:00 - 00:01:59, etc. A NULL pointer means
945  // DONT_CHANGE for SamSetInformationUser() calls.
946 
947  PUCHAR LogonHours;
948 } LOGON_HOURS, *PLOGON_HOURS;
949 
950 typedef struct _SR_SECURITY_DESCRIPTOR
951 {
952  ULONG Length;
953  PUCHAR SecurityDescriptor;
954 } SR_SECURITY_DESCRIPTOR, *PSR_SECURITY_DESCRIPTOR;
955 
956 // SamQueryInformationUser/SamSetInformationUser types
957 
958 typedef enum _USER_INFORMATION_CLASS
959 {
960  UserGeneralInformation = 1,
961  UserPreferencesInformation,
962  UserLogonInformation,
963  UserLogonHoursInformation,
964  UserAccountInformation,
965  UserNameInformation,
966  UserAccountNameInformation,
967  UserFullNameInformation,
968  UserPrimaryGroupInformation,
969  UserHomeInformation,
970  UserScriptInformation,
971  UserProfileInformation,
972  UserAdminCommentInformation,
973  UserWorkStationsInformation,
974  UserSetPasswordInformation,
975  UserControlInformation,
976  UserExpiresInformation,
977  UserInternal1Information,
978  UserInternal2Information,
979  UserParametersInformation,
980  UserAllInformation,
981  UserInternal3Information,
982  UserInternal4Information,
983  UserInternal5Information,
984  UserInternal4InformationNew,
985  UserInternal5InformationNew,
986  UserInternal6Information,
987  UserExtendedInformation,
988  UserLogonUIInformation
989 } USER_INFORMATION_CLASS, *PUSER_INFORMATION_CLASS;
990 
991 #include <pshpack4.h>
992 typedef struct _USER_ALL_INFORMATION
993 {
994  LARGE_INTEGER LastLogon;
995  LARGE_INTEGER LastLogoff;
996  LARGE_INTEGER PasswordLastSet;
997  LARGE_INTEGER AccountExpires;
998  LARGE_INTEGER PasswordCanChange;
999  LARGE_INTEGER PasswordMustChange;
1000  UNICODE_STRING UserName;
1001  UNICODE_STRING FullName;
1002  UNICODE_STRING HomeDirectory;
1003  UNICODE_STRING HomeDirectoryDrive;
1004  UNICODE_STRING ScriptPath;
1005  UNICODE_STRING ProfilePath;
1006  UNICODE_STRING AdminComment;
1007  UNICODE_STRING WorkStations;
1008  UNICODE_STRING UserComment;
1009  UNICODE_STRING Parameters;
1010  UNICODE_STRING LmPassword;
1011  UNICODE_STRING NtPassword;
1012  UNICODE_STRING PrivateData;
1013  SR_SECURITY_DESCRIPTOR SecurityDescriptor;
1014  ULONG UserId;
1015  ULONG PrimaryGroupId;
1016  ULONG UserAccountControl;
1017  ULONG WhichFields;
1018  LOGON_HOURS LogonHours;
1019  USHORT BadPasswordCount;
1020  USHORT LogonCount;
1021  USHORT CountryCode;
1022  USHORT CodePage;
1023  BOOLEAN LmPasswordPresent;
1024  BOOLEAN NtPasswordPresent;
1025  BOOLEAN PasswordExpired;
1026  BOOLEAN PrivateDataSensitive;
1027 } USER_ALL_INFORMATION, *PUSER_ALL_INFORMATION;
1028 #include <poppack.h>
1029 
1030 // Flags for WhichFields in USER_ALL_INFORMATION
1031 
1032 #define USER_ALL_USERNAME 0x00000001
1033 #define USER_ALL_FULLNAME 0x00000002
1034 #define USER_ALL_USERID 0x00000004
1035 #define USER_ALL_PRIMARYGROUPID 0x00000008
1036 #define USER_ALL_ADMINCOMMENT 0x00000010
1037 #define USER_ALL_USERCOMMENT 0x00000020
1038 #define USER_ALL_HOMEDIRECTORY 0x00000040
1039 #define USER_ALL_HOMEDIRECTORYDRIVE 0x00000080
1040 #define USER_ALL_SCRIPTPATH 0x00000100
1041 #define USER_ALL_PROFILEPATH 0x00000200
1042 #define USER_ALL_WORKSTATIONS 0x00000400
1043 #define USER_ALL_LASTLOGON 0x00000800
1044 #define USER_ALL_LASTLOGOFF 0x00001000
1045 #define USER_ALL_LOGONHOURS 0x00002000
1046 #define USER_ALL_BADPASSWORDCOUNT 0x00004000
1047 #define USER_ALL_LOGONCOUNT 0x00008000
1048 #define USER_ALL_PASSWORDCANCHANGE 0x00010000
1049 #define USER_ALL_PASSWORDMUSTCHANGE 0x00020000
1050 #define USER_ALL_PASSWORDLASTSET 0x00040000
1051 #define USER_ALL_ACCOUNTEXPIRES 0x00080000
1052 #define USER_ALL_USERACCOUNTCONTROL 0x00100000
1053 #define USER_ALL_PARAMETERS 0x00200000
1054 #define USER_ALL_COUNTRYCODE 0x00400000
1055 #define USER_ALL_CODEPAGE 0x00800000
1056 #define USER_ALL_NTPASSWORDPRESENT 0x01000000 // field AND boolean
1057 #define USER_ALL_LMPASSWORDPRESENT 0x02000000 // field AND boolean
1058 #define USER_ALL_PRIVATEDATA 0x04000000 // field AND boolean
1059 #define USER_ALL_PASSWORDEXPIRED 0x08000000
1060 #define USER_ALL_SECURITYDESCRIPTOR 0x10000000
1061 #define USER_ALL_OWFPASSWORD 0x20000000 // boolean
1062 
1063 #define USER_ALL_UNDEFINED_MASK 0xc0000000
1064 
1065 // Fields that require USER_READ_GENERAL access to read.
1066 
1067 #define USER_ALL_READ_GENERAL_MASK (USER_ALL_USERNAME | \
1068  USER_ALL_FULLNAME | \
1069  USER_ALL_USERID | \
1070  USER_ALL_PRIMARYGROUPID | \
1071  USER_ALL_ADMINCOMMENT | \
1072  USER_ALL_USERCOMMENT)
1073 
1074 // Fields that require USER_READ_LOGON access to read.
1075 
1076 #define USER_ALL_READ_LOGON_MASK (USER_ALL_HOMEDIRECTORY | \
1077  USER_ALL_HOMEDIRECTORYDRIVE | \
1078  USER_ALL_SCRIPTPATH | \
1079  USER_ALL_PROFILEPATH | \
1080  USER_ALL_WORKSTATIONS | \
1081  USER_ALL_LASTLOGON | \
1082  USER_ALL_LASTLOGOFF | \
1083  USER_ALL_LOGONHOURS | \
1084  USER_ALL_BADPASSWORDCOUNT | \
1085  USER_ALL_LOGONCOUNT | \
1086  USER_ALL_PASSWORDCANCHANGE | \
1087  USER_ALL_PASSWORDMUSTCHANGE)
1088 
1089 // Fields that require USER_READ_ACCOUNT access to read.
1090 
1091 #define USER_ALL_READ_ACCOUNT_MASK (USER_ALL_PASSWORDLASTSET | \
1092  USER_ALL_ACCOUNTEXPIRES | \
1093  USER_ALL_USERACCOUNTCONTROL | \
1094  USER_ALL_PARAMETERS)
1095 
1096 // Fields that require USER_READ_PREFERENCES access to read.
1097 
1098 #define USER_ALL_READ_PREFERENCES_MASK (USER_ALL_COUNTRYCODE | \
1099  USER_ALL_CODEPAGE)
1100 
1101 // Fields that can only be read by trusted clients.
1102 
1103 #define USER_ALL_READ_TRUSTED_MASK (USER_ALL_NTPASSWORDPRESENT | \
1104  USER_ALL_LMPASSWORDPRESENT | \
1105  USER_ALL_PASSWORDEXPIRED | \
1106  USER_ALL_SECURITYDESCRIPTOR | \
1107  USER_ALL_PRIVATEDATA)
1108 
1109 // Fields that can't be read.
1110 
1111 #define USER_ALL_READ_CANT_MASK USER_ALL_UNDEFINED_MASK
1112 
1113 // Fields that require USER_WRITE_ACCOUNT access to write.
1114 
1115 #define USER_ALL_WRITE_ACCOUNT_MASK (USER_ALL_USERNAME | \
1116  USER_ALL_FULLNAME | \
1117  USER_ALL_PRIMARYGROUPID | \
1118  USER_ALL_HOMEDIRECTORY | \
1119  USER_ALL_HOMEDIRECTORYDRIVE | \
1120  USER_ALL_SCRIPTPATH | \
1121  USER_ALL_PROFILEPATH | \
1122  USER_ALL_ADMINCOMMENT | \
1123  USER_ALL_WORKSTATIONS | \
1124  USER_ALL_LOGONHOURS | \
1125  USER_ALL_ACCOUNTEXPIRES | \
1126  USER_ALL_USERACCOUNTCONTROL | \
1127  USER_ALL_PARAMETERS)
1128 
1129 // Fields that require USER_WRITE_PREFERENCES access to write.
1130 
1131 #define USER_ALL_WRITE_PREFERENCES_MASK (USER_ALL_USERCOMMENT | \
1132  USER_ALL_COUNTRYCODE | \
1133  USER_ALL_CODEPAGE)
1134 
1135 // Fields that require USER_FORCE_PASSWORD_CHANGE access to write.
1136 //
1137 // Note that non-trusted clients only set the NT password as a
1138 // UNICODE string. The wrapper will convert it to an LM password,
1139 // OWF and encrypt both versions. Trusted clients can pass in OWF
1140 // versions of either or both.
1141 
1142 #define USER_ALL_WRITE_FORCE_PASSWORD_CHANGE_MASK \
1143  (USER_ALL_NTPASSWORDPRESENT | \
1144  USER_ALL_LMPASSWORDPRESENT | \
1145  USER_ALL_PASSWORDEXPIRED)
1146 
1147 // Fields that can only be written by trusted clients.
1148 
1149 #define USER_ALL_WRITE_TRUSTED_MASK (USER_ALL_LASTLOGON | \
1150  USER_ALL_LASTLOGOFF | \
1151  USER_ALL_BADPASSWORDCOUNT | \
1152  USER_ALL_LOGONCOUNT | \
1153  USER_ALL_PASSWORDLASTSET | \
1154  USER_ALL_SECURITYDESCRIPTOR | \
1155  USER_ALL_PRIVATEDATA)
1156 
1157 // Fields that can't be written.
1158 
1159 #define USER_ALL_WRITE_CANT_MASK (USER_ALL_USERID | \
1160  USER_ALL_PASSWORDCANCHANGE | \
1161  USER_ALL_PASSWORDMUSTCHANGE | \
1162  USER_ALL_UNDEFINED_MASK)
1163 
1164 typedef struct _USER_GENERAL_INFORMATION
1165 {
1166  UNICODE_STRING UserName;
1167  UNICODE_STRING FullName;
1168  ULONG PrimaryGroupId;
1169  UNICODE_STRING AdminComment;
1170  UNICODE_STRING UserComment;
1171 } USER_GENERAL_INFORMATION, *PUSER_GENERAL_INFORMATION;
1172 
1173 typedef struct _USER_PREFERENCES_INFORMATION
1174 {
1175  UNICODE_STRING UserComment;
1176  UNICODE_STRING Reserved1;
1177  USHORT CountryCode;
1178  USHORT CodePage;
1179 } USER_PREFERENCES_INFORMATION, *PUSER_PREFERENCES_INFORMATION;
1180 
1181 typedef struct _USER_PARAMETERS_INFORMATION
1182 {
1183  UNICODE_STRING Parameters;
1184 } USER_PARAMETERS_INFORMATION, *PUSER_PARAMETERS_INFORMATION;
1185 
1186 #include <pshpack4.h>
1187 typedef struct _USER_LOGON_INFORMATION
1188 {
1189  UNICODE_STRING UserName;
1190  UNICODE_STRING FullName;
1191  ULONG UserId;
1192  ULONG PrimaryGroupId;
1193  UNICODE_STRING HomeDirectory;
1194  UNICODE_STRING HomeDirectoryDrive;
1195  UNICODE_STRING ScriptPath;
1196  UNICODE_STRING ProfilePath;
1197  UNICODE_STRING WorkStations;
1198  LARGE_INTEGER LastLogon;
1199  LARGE_INTEGER LastLogoff;
1200  LARGE_INTEGER PasswordLastSet;
1201  LARGE_INTEGER PasswordCanChange;
1202  LARGE_INTEGER PasswordMustChange;
1203  LOGON_HOURS LogonHours;
1204  USHORT BadPasswordCount;
1205  USHORT LogonCount;
1206  ULONG UserAccountControl;
1207 } USER_LOGON_INFORMATION, *PUSER_LOGON_INFORMATION;
1208 #include <poppack.h>
1209 
1210 #include <pshpack4.h>
1211 typedef struct _USER_ACCOUNT_INFORMATION
1212 {
1213  UNICODE_STRING UserName;
1214  UNICODE_STRING FullName;
1215  ULONG UserId;
1216  ULONG PrimaryGroupId;
1217  UNICODE_STRING HomeDirectory;
1218  UNICODE_STRING HomeDirectoryDrive;
1219  UNICODE_STRING ScriptPath;
1220  UNICODE_STRING ProfilePath;
1221  UNICODE_STRING AdminComment;
1222  UNICODE_STRING WorkStations;
1223  LARGE_INTEGER LastLogon;
1224  LARGE_INTEGER LastLogoff;
1225  LOGON_HOURS LogonHours;
1226  USHORT BadPasswordCount;
1227  USHORT LogonCount;
1228  LARGE_INTEGER PasswordLastSet;
1229  LARGE_INTEGER AccountExpires;
1230  ULONG UserAccountControl;
1231 } USER_ACCOUNT_INFORMATION, *PUSER_ACCOUNT_INFORMATION;
1232 #include <poppack.h>
1233 
1234 typedef struct _USER_ACCOUNT_NAME_INFORMATION
1235 {
1236  UNICODE_STRING UserName;
1237 } USER_ACCOUNT_NAME_INFORMATION, *PUSER_ACCOUNT_NAME_INFORMATION;
1238 
1239 typedef struct _USER_FULL_NAME_INFORMATION
1240 {
1241  UNICODE_STRING FullName;
1242 } USER_FULL_NAME_INFORMATION, *PUSER_FULL_NAME_INFORMATION;
1243 
1244 typedef struct _USER_NAME_INFORMATION
1245 {
1246  UNICODE_STRING UserName;
1247  UNICODE_STRING FullName;
1248 } USER_NAME_INFORMATION, *PUSER_NAME_INFORMATION;
1249 
1250 typedef struct _USER_PRIMARY_GROUP_INFORMATION
1251 {
1252  ULONG PrimaryGroupId;
1253 } USER_PRIMARY_GROUP_INFORMATION, *PUSER_PRIMARY_GROUP_INFORMATION;
1254 
1255 typedef struct _USER_HOME_INFORMATION
1256 {
1257  UNICODE_STRING HomeDirectory;
1258  UNICODE_STRING HomeDirectoryDrive;
1259 } USER_HOME_INFORMATION, *PUSER_HOME_INFORMATION;
1260 
1261 typedef struct _USER_SCRIPT_INFORMATION
1262 {
1263  UNICODE_STRING ScriptPath;
1264 } USER_SCRIPT_INFORMATION, *PUSER_SCRIPT_INFORMATION;
1265 
1266 typedef struct _USER_PROFILE_INFORMATION
1267 {
1268  UNICODE_STRING ProfilePath;
1269 } USER_PROFILE_INFORMATION, *PUSER_PROFILE_INFORMATION;
1270 
1271 typedef struct _USER_ADMIN_COMMENT_INFORMATION
1272 {
1273  UNICODE_STRING AdminComment;
1274 } USER_ADMIN_COMMENT_INFORMATION, *PUSER_ADMIN_COMMENT_INFORMATION;
1275 
1276 typedef struct _USER_WORKSTATIONS_INFORMATION
1277 {
1278  UNICODE_STRING WorkStations;
1279 } USER_WORKSTATIONS_INFORMATION, *PUSER_WORKSTATIONS_INFORMATION;
1280 
1281 typedef struct _USER_SET_PASSWORD_INFORMATION
1282 {
1283  UNICODE_STRING Password;
1284  BOOLEAN PasswordExpired;
1285 } USER_SET_PASSWORD_INFORMATION, *PUSER_SET_PASSWORD_INFORMATION;
1286 
1287 typedef struct _USER_CONTROL_INFORMATION
1288 {
1289  ULONG UserAccountControl;
1290 } USER_CONTROL_INFORMATION, *PUSER_CONTROL_INFORMATION;
1291 
1292 typedef struct _USER_EXPIRES_INFORMATION
1293 {
1294  LARGE_INTEGER AccountExpires;
1295 } USER_EXPIRES_INFORMATION, *PUSER_EXPIRES_INFORMATION;
1296 
1297 typedef struct _USER_LOGON_HOURS_INFORMATION
1298 {
1299  LOGON_HOURS LogonHours;
1300 } USER_LOGON_HOURS_INFORMATION, *PUSER_LOGON_HOURS_INFORMATION;
1301 
1302 typedef SAM_BYTE_ARRAY_32K SAM_USER_TILE, *PSAM_USER_TILE;
1303 
1304 // 0xff000fff is reserved for internal callers and implementation.
1305 
1306 #define USER_EXTENDED_FIELD_USER_TILE (0x00001000L)
1307 #define USER_EXTENDED_FIELD_PASSWORD_HINT (0x00002000L)
1308 #define USER_EXTENDED_FIELD_DONT_SHOW_IN_LOGON_UI (0x00004000L)
1309 #define USER_EXTENDED_FIELD_SHELL_ADMIN_OBJECT_PROPERTIES (0x00008000L)
1310 
1311 typedef struct _USER_EXTENDED_INFORMATION
1312 {
1313  ULONG ExtendedWhichFields;
1314  SAM_USER_TILE UserTile;
1315  UNICODE_STRING PasswordHint;
1316  BOOLEAN DontShowInLogonUI;
1317  SAM_SHELL_OBJECT_PROPERTIES ShellAdminObjectProperties;
1318 } USER_EXTENDED_INFORMATION, *PUSER_EXTENDED_INFORMATION;
1319 
1320 // For local callers only.
1321 typedef struct _USER_LOGON_UI_INFORMATION
1322 {
1323  BOOLEAN PasswordIsBlank;
1324  BOOLEAN AccountIsDisabled;
1325 } USER_LOGON_UI_INFORMATION, *PUSER_LOGON_UI_INFORMATION;
1326 
1327 // SamChangePasswordUser3 types
1328 
1329 // Error values:
1330 // * SAM_PWD_CHANGE_NO_ERROR
1331 // * SAM_PWD_CHANGE_PASSWORD_TOO_SHORT
1332 // * SAM_PWD_CHANGE_PWD_IN_HISTORY
1333 // * SAM_PWD_CHANGE_USERNAME_IN_PASSWORD
1334 // * SAM_PWD_CHANGE_FULLNAME_IN_PASSWORD
1335 // * SAM_PWD_CHANGE_MACHINE_PASSWORD_NOT_DEFAULT
1336 // * SAM_PWD_CHANGE_FAILED_BY_FILTER
1337 
1338 typedef struct _USER_PWD_CHANGE_FAILURE_INFORMATION
1339 {
1340  ULONG ExtendedFailureReason;
1341  UNICODE_STRING FilterModuleName;
1342 } USER_PWD_CHANGE_FAILURE_INFORMATION,*PUSER_PWD_CHANGE_FAILURE_INFORMATION;
1343 
1344 // ExtendedFailureReason values
1345 
1346 #define SAM_PWD_CHANGE_NO_ERROR 0
1347 #define SAM_PWD_CHANGE_PASSWORD_TOO_SHORT 1
1348 #define SAM_PWD_CHANGE_PWD_IN_HISTORY 2
1349 #define SAM_PWD_CHANGE_USERNAME_IN_PASSWORD 3
1350 #define SAM_PWD_CHANGE_FULLNAME_IN_PASSWORD 4
1351 #define SAM_PWD_CHANGE_NOT_COMPLEX 5
1352 #define SAM_PWD_CHANGE_MACHINE_PASSWORD_NOT_DEFAULT 6
1353 #define SAM_PWD_CHANGE_FAILED_BY_FILTER 7
1354 #define SAM_PWD_CHANGE_PASSWORD_TOO_LONG 8
1355 #define SAM_PWD_CHANGE_FAILURE_REASON_MAX 8
1356 
1357 // Functions
1358 
1359 _Check_return_
1360 NTSTATUS
1361 NTAPI
1362 SamEnumerateUsersInDomain(
1363  _In_ SAM_HANDLE DomainHandle,
1364  _Inout_ PSAM_ENUMERATE_HANDLE EnumerationContext,
1365  _In_ ULONG UserAccountControl,
1366  _Outptr_ PVOID *Buffer, // PSAM_RID_ENUMERATION *
1367  _In_ ULONG PreferedMaximumLength,
1368  _Out_ PULONG CountReturned
1369  );
1370 
1371 _Check_return_
1372 NTSTATUS
1373 NTAPI
1374 SamCreateUserInDomain(
1375  _In_ SAM_HANDLE DomainHandle,
1376  _In_ PUNICODE_STRING AccountName,
1377  _In_ ACCESS_MASK DesiredAccess,
1378  _Out_ PSAM_HANDLE UserHandle,
1379  _Out_ PULONG RelativeId
1380  );
1381 
1382 _Check_return_
1383 NTSTATUS
1384 NTAPI
1385 SamCreateUser2InDomain(
1386  _In_ SAM_HANDLE DomainHandle,
1387  _In_ PUNICODE_STRING AccountName,
1388  _In_ ULONG AccountType,
1389  _In_ ACCESS_MASK DesiredAccess,
1390  _Out_ PSAM_HANDLE UserHandle,
1391  _Out_ PULONG GrantedAccess,
1392  _Out_ PULONG RelativeId
1393  );
1394 
1395 _Check_return_
1396 NTSTATUS
1397 NTAPI
1398 SamOpenUser(
1399  _In_ SAM_HANDLE DomainHandle,
1400  _In_ ACCESS_MASK DesiredAccess,
1401  _In_ ULONG UserId,
1402  _Out_ PSAM_HANDLE UserHandle
1403  );
1404 
1405 _Check_return_
1406 NTSTATUS
1407 NTAPI
1408 SamDeleteUser(
1409  _In_ SAM_HANDLE UserHandle
1410  );
1411 
1412 _Check_return_
1413 NTSTATUS
1414 NTAPI
1415 SamQueryInformationUser(
1416  _In_ SAM_HANDLE UserHandle,
1417  _In_ USER_INFORMATION_CLASS UserInformationClass,
1418  _Outptr_ PVOID *Buffer
1419  );
1420 
1421 _Check_return_
1422 NTSTATUS
1423 NTAPI
1424 SamSetInformationUser(
1425  _In_ SAM_HANDLE UserHandle,
1426  _In_ USER_INFORMATION_CLASS UserInformationClass,
1427  _In_ PVOID Buffer
1428  );
1429 
1430 _Check_return_
1431 NTSTATUS
1432 NTAPI
1433 SamGetGroupsForUser(
1434  _In_ SAM_HANDLE UserHandle,
1435  _Out_ _Deref_post_count_(*MembershipCount) PGROUP_MEMBERSHIP *Groups,
1436  _Out_ PULONG MembershipCount
1437  );
1438 
1439 _Check_return_
1440 NTSTATUS
1441 NTAPI
1442 SamChangePasswordUser(
1443  _In_ SAM_HANDLE UserHandle,
1444  _In_ PUNICODE_STRING OldPassword,
1445  _In_ PUNICODE_STRING NewPassword
1446  );
1447 
1448 _Check_return_
1449 NTSTATUS
1450 NTAPI
1451 SamChangePasswordUser2(
1452  _In_ PUNICODE_STRING ServerName,
1453  _In_ PUNICODE_STRING UserName,
1454  _In_ PUNICODE_STRING OldPassword,
1455  _In_ PUNICODE_STRING NewPassword
1456  );
1457 
1458 _Check_return_
1459 NTSTATUS
1460 NTAPI
1461 SamChangePasswordUser3(
1462  _In_ PUNICODE_STRING ServerName,
1463  _In_ PUNICODE_STRING UserName,
1464  _In_ PUNICODE_STRING OldPassword,
1465  _In_ PUNICODE_STRING NewPassword,
1466  _Outptr_ PDOMAIN_PASSWORD_INFORMATION *EffectivePasswordPolicy,
1467  _Outptr_ PUSER_PWD_CHANGE_FAILURE_INFORMATION *PasswordChangeFailureInfo
1468  );
1469 
1470 _Check_return_
1471 NTSTATUS
1472 NTAPI
1473 SamQueryDisplayInformation(
1474  _In_ SAM_HANDLE DomainHandle,
1475  _In_ DOMAIN_DISPLAY_INFORMATION DisplayInformation,
1476  _In_ ULONG Index,
1477  _In_ ULONG EntryCount,
1478  _In_ ULONG PreferredMaximumLength,
1479  _In_ PULONG TotalAvailable,
1480  _Out_ PULONG TotalReturned,
1481  _Out_ PULONG ReturnedEntryCount,
1482  _Outptr_ PVOID *SortedBuffer
1483  );
1484 
1485 _Check_return_
1486 NTSTATUS
1487 NTAPI
1488 SamGetDisplayEnumerationIndex(
1489  _In_ SAM_HANDLE DomainHandle,
1490  _In_ DOMAIN_DISPLAY_INFORMATION DisplayInformation,
1491  _In_ PUNICODE_STRING Prefix,
1492  _Out_ PULONG Index
1493  );
1494 
1495 // Database replication
1496 
1497 typedef enum _SECURITY_DB_DELTA_TYPE
1498 {
1499  SecurityDbNew = 1,
1500  SecurityDbRename,
1501  SecurityDbDelete,
1502  SecurityDbChangeMemberAdd,
1503  SecurityDbChangeMemberSet,
1504  SecurityDbChangeMemberDel,
1505  SecurityDbChange,
1506  SecurityDbChangePassword
1507 } SECURITY_DB_DELTA_TYPE, *PSECURITY_DB_DELTA_TYPE;
1508 
1509 typedef enum _SECURITY_DB_OBJECT_TYPE
1510 {
1511  SecurityDbObjectSamDomain = 1,
1512  SecurityDbObjectSamUser,
1513  SecurityDbObjectSamGroup,
1514  SecurityDbObjectSamAlias,
1515  SecurityDbObjectLsaPolicy,
1516  SecurityDbObjectLsaTDomain,
1517  SecurityDbObjectLsaAccount,
1518  SecurityDbObjectLsaSecret
1519 } SECURITY_DB_OBJECT_TYPE, *PSECURITY_DB_OBJECT_TYPE;
1520 
1521 typedef enum _SAM_ACCOUNT_TYPE
1522 {
1523  SamObjectUser = 1,
1524  SamObjectGroup,
1525  SamObjectAlias
1526 } SAM_ACCOUNT_TYPE, *PSAM_ACCOUNT_TYPE;
1527 
1528 #define SAM_USER_ACCOUNT (0x00000001)
1529 #define SAM_GLOBAL_GROUP_ACCOUNT (0x00000002)
1530 #define SAM_LOCAL_GROUP_ACCOUNT (0x00000004)
1531 
1532 typedef struct _SAM_GROUP_MEMBER_ID
1533 {
1534  ULONG MemberRid;
1535 } SAM_GROUP_MEMBER_ID, *PSAM_GROUP_MEMBER_ID;
1536 
1537 typedef struct _SAM_ALIAS_MEMBER_ID
1538 {
1539  PSID MemberSid;
1540 } SAM_ALIAS_MEMBER_ID, *PSAM_ALIAS_MEMBER_ID;
1541 
1542 typedef union _SAM_DELTA_DATA
1543 {
1544  SAM_GROUP_MEMBER_ID GroupMemberId;
1545  SAM_ALIAS_MEMBER_ID AliasMemberId;
1546  ULONG AccountControl;
1547 } SAM_DELTA_DATA, *PSAM_DELTA_DATA;
1548 
1549 typedef NTSTATUS (NTAPI *PSAM_DELTA_NOTIFICATION_ROUTINE)(
1550  _In_ PSID DomainSid,
1551  _In_ SECURITY_DB_DELTA_TYPE DeltaType,
1552  _In_ SECURITY_DB_OBJECT_TYPE ObjectType,
1553  _In_ ULONG ObjectRid,
1554  _In_opt_ PUNICODE_STRING ObjectName,
1555  _In_ PLARGE_INTEGER ModifiedCount,
1556  _In_opt_ PSAM_DELTA_DATA DeltaData
1557  );
1558 
1559 #define SAM_DELTA_NOTIFY_ROUTINE "DeltaNotify"
1560 
1561 _Check_return_
1562 NTSTATUS
1563 NTAPI
1564 SamRegisterObjectChangeNotification(
1565  _In_ SECURITY_DB_OBJECT_TYPE ObjectType,
1566  _In_ HANDLE NotificationEventHandle
1567  );
1568 
1569 NTSTATUS
1570 NTAPI
1571 SamUnregisterObjectChangeNotification(
1572  _In_ SECURITY_DB_OBJECT_TYPE ObjectType,
1573  _In_ HANDLE NotificationEventHandle
1574  );
1575 
1576 // Compatibility mode
1577 
1578 #define SAM_SID_COMPATIBILITY_ALL 0
1579 #define SAM_SID_COMPATIBILITY_LAX 1
1580 #define SAM_SID_COMPATIBILITY_STRICT 2
1581 
1582 _Check_return_
1583 NTSTATUS
1584 NTAPI
1585 SamGetCompatibilityMode(
1586  _In_ SAM_HANDLE ObjectHandle,
1587  _Out_ ULONG *Mode
1588  );
1589 
1590 // Password validation
1591 
1592 typedef enum _PASSWORD_POLICY_VALIDATION_TYPE
1593 {
1594  SamValidateAuthentication = 1,
1595  SamValidatePasswordChange,
1596  SamValidatePasswordReset
1597 } PASSWORD_POLICY_VALIDATION_TYPE;
1598 
1599 typedef struct _SAM_VALIDATE_PASSWORD_HASH
1600 {
1601  ULONG Length;
1602  _Field_size_bytes_(Length) PUCHAR Hash;
1603 } SAM_VALIDATE_PASSWORD_HASH, *PSAM_VALIDATE_PASSWORD_HASH;
1604 
1605 // Flags for PresentFields in SAM_VALIDATE_PERSISTED_FIELDS
1606 
1607 #define SAM_VALIDATE_PASSWORD_LAST_SET 0x00000001
1608 #define SAM_VALIDATE_BAD_PASSWORD_TIME 0x00000002
1609 #define SAM_VALIDATE_LOCKOUT_TIME 0x00000004
1610 #define SAM_VALIDATE_BAD_PASSWORD_COUNT 0x00000008
1611 #define SAM_VALIDATE_PASSWORD_HISTORY_LENGTH 0x00000010
1612 #define SAM_VALIDATE_PASSWORD_HISTORY 0x00000020
1613 
1614 typedef struct _SAM_VALIDATE_PERSISTED_FIELDS
1615 {
1616  ULONG PresentFields;
1617  LARGE_INTEGER PasswordLastSet;
1618  LARGE_INTEGER BadPasswordTime;
1619  LARGE_INTEGER LockoutTime;
1620  ULONG BadPasswordCount;
1621  ULONG PasswordHistoryLength;
1622  _Field_size_bytes_(PasswordHistoryLength) PSAM_VALIDATE_PASSWORD_HASH PasswordHistory;
1623 } SAM_VALIDATE_PERSISTED_FIELDS, *PSAM_VALIDATE_PERSISTED_FIELDS;
1624 
1625 typedef enum _SAM_VALIDATE_VALIDATION_STATUS
1626 {
1627  SamValidateSuccess = 0,
1628  SamValidatePasswordMustChange,
1629  SamValidateAccountLockedOut,
1630  SamValidatePasswordExpired,
1631  SamValidatePasswordIncorrect,
1632  SamValidatePasswordIsInHistory,
1633  SamValidatePasswordTooShort,
1634  SamValidatePasswordTooLong,
1635  SamValidatePasswordNotComplexEnough,
1636  SamValidatePasswordTooRecent,
1637  SamValidatePasswordFilterError
1638 } SAM_VALIDATE_VALIDATION_STATUS, *PSAM_VALIDATE_VALIDATION_STATUS;
1639 
1640 typedef struct _SAM_VALIDATE_STANDARD_OUTPUT_ARG
1641 {
1642  SAM_VALIDATE_PERSISTED_FIELDS ChangedPersistedFields;
1643  SAM_VALIDATE_VALIDATION_STATUS ValidationStatus;
1644 } SAM_VALIDATE_STANDARD_OUTPUT_ARG, *PSAM_VALIDATE_STANDARD_OUTPUT_ARG;
1645 
1646 typedef struct _SAM_VALIDATE_AUTHENTICATION_INPUT_ARG
1647 {
1648  SAM_VALIDATE_PERSISTED_FIELDS InputPersistedFields;
1649  BOOLEAN PasswordMatched;
1650 } SAM_VALIDATE_AUTHENTICATION_INPUT_ARG, *PSAM_VALIDATE_AUTHENTICATION_INPUT_ARG;
1651 
1652 typedef struct _SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG
1653 {
1654  SAM_VALIDATE_PERSISTED_FIELDS InputPersistedFields;
1655  UNICODE_STRING ClearPassword;
1656  UNICODE_STRING UserAccountName;
1657  SAM_VALIDATE_PASSWORD_HASH HashedPassword;
1658  BOOLEAN PasswordMatch; // denotes if the old password supplied by user matched or not
1659 } SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG, *PSAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG;
1660 
1661 typedef struct _SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG
1662 {
1663  SAM_VALIDATE_PERSISTED_FIELDS InputPersistedFields;
1664  UNICODE_STRING ClearPassword;
1665  UNICODE_STRING UserAccountName;
1666  SAM_VALIDATE_PASSWORD_HASH HashedPassword;
1667  BOOLEAN PasswordMustChangeAtNextLogon; // looked at only for password reset
1668  BOOLEAN ClearLockout; // can be used clear user account lockout
1669 }SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG, *PSAM_VALIDATE_PASSWORD_RESET_INPUT_ARG;
1670 
1671 typedef union _SAM_VALIDATE_INPUT_ARG
1672 {
1673  SAM_VALIDATE_AUTHENTICATION_INPUT_ARG ValidateAuthenticationInput;
1674  SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG ValidatePasswordChangeInput;
1675  SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG ValidatePasswordResetInput;
1676 } SAM_VALIDATE_INPUT_ARG, *PSAM_VALIDATE_INPUT_ARG;
1677 
1678 typedef union _SAM_VALIDATE_OUTPUT_ARG
1679 {
1680  SAM_VALIDATE_STANDARD_OUTPUT_ARG ValidateAuthenticationOutput;
1681  SAM_VALIDATE_STANDARD_OUTPUT_ARG ValidatePasswordChangeOutput;
1682  SAM_VALIDATE_STANDARD_OUTPUT_ARG ValidatePasswordResetOutput;
1683 } SAM_VALIDATE_OUTPUT_ARG, *PSAM_VALIDATE_OUTPUT_ARG;
1684 
1685 _Check_return_
1686 NTSTATUS
1687 NTAPI
1688 SamValidatePassword(
1689  _In_opt_ PUNICODE_STRING ServerName,
1690  _In_ PASSWORD_POLICY_VALIDATION_TYPE ValidationType,
1691  _In_ PSAM_VALIDATE_INPUT_ARG InputArg,
1692  _Out_ PSAM_VALIDATE_OUTPUT_ARG *OutputArg
1693  );
1694 
1695 // Generic operation
1696 
1697 typedef enum _SAM_GENERIC_OPERATION_TYPE
1698 {
1699  SamObjectChangeNotificationOperation
1700 } SAM_GENERIC_OPERATION_TYPE, *PSAM_GENERIC_OPERATION_TYPE;
1701 
1702 typedef struct _SAM_OPERATION_OBJCHG_INPUT
1703 {
1704  BOOLEAN Register;
1705  ULONG64 EventHandle;
1706  SECURITY_DB_OBJECT_TYPE ObjectType;
1707  ULONG ProcessID;
1708 } SAM_OPERATION_OBJCHG_INPUT, *PSAM_OPERATION_OBJCHG_INPUT;
1709 
1710 typedef struct _SAM_OPERATION_OBJCHG_OUTPUT
1711 {
1712  ULONG Reserved;
1713 } SAM_OPERATION_OBJCHG_OUTPUT, *PSAM_OPERATION_OBJCHG_OUTPUT;
1714 
1715 typedef union _SAM_GENERIC_OPERATION_INPUT
1716 {
1717  SAM_OPERATION_OBJCHG_INPUT ObjChangeIn;
1718 } SAM_GENERIC_OPERATION_INPUT, *PSAM_GENERIC_OPERATION_INPUT;
1719 
1720 typedef union _SAM_GENERIC_OPERATION_OUTPUT
1721 {
1722  SAM_OPERATION_OBJCHG_OUTPUT ObjChangeOut;
1723 } SAM_GENERIC_OPERATION_OUTPUT, *PSAM_GENERIC_OPERATION_OUTPUT;
1724 
1725 _Check_return_
1726 NTSTATUS
1727 NTAPI
1728 SamPerformGenericOperation(
1729  _In_opt_ PWSTR ServerName,
1730  _In_ SAM_GENERIC_OPERATION_TYPE OperationType,
1731  _In_ PSAM_GENERIC_OPERATION_INPUT OperationIn,
1732  _Out_ PSAM_GENERIC_OPERATION_OUTPUT *OperationOut
1733  );
1734 
1735 #endif