samr: for correctness, rename samr_RidTypeArray to samr_RidAttrArray.

[mat/samba.git] / librpc / idl / samr.idl
diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl

index 5a017e3175b6591167e33d72c6f997a05cdbe263..ee9ab7995de5055019d3051134e28c0525a55a50 100644 (file)
--- a/librpc/idl/samr.idl
+++ b/librpc/idl/samr.idl
@@ -17,6 +17,13 @@ import "misc.idl", "lsa.idl", "security.idl";
  {
         typedef bitmap security_secinfo security_secinfo;
  
+       /* SAM database types */
+       typedef [public,v1_enum] enum {
+               SAM_DATABASE_DOMAIN  = 0, /* Domain users and groups */
+               SAM_DATABASE_BUILTIN = 1, /* BUILTIN users and groups */
+               SAM_DATABASE_PRIVS   = 2 /* Privileges */
+       } netr_SamDatabaseID;
+
         /* account control (acct_flags) bits */
         typedef [public,bitmap32bit] bitmap {
                 ACB_DISABLED                    = 0x00000001,  /* 1 = User account disabled */
@@ -37,18 +44,46 @@ import "misc.idl", "lsa.idl", "security.idl";
                 ACB_USE_DES_KEY_ONLY            = 0x00008000,  /* 1 = Use DES key only */
                 ACB_DONT_REQUIRE_PREAUTH        = 0x00010000,  /* 1 = Preauth not required */
                 ACB_PW_EXPIRED                  = 0x00020000,  /* 1 = Password Expired */
-               ACB_NO_AUTH_DATA_REQD           = 0x00080000   /* 1 = No authorization data required */
+               ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x00040000,
+               ACB_NO_AUTH_DATA_REQD           = 0x00080000,  /* 1 = No authorization data required */
+               ACB_PARTIAL_SECRETS_ACCOUNT     = 0x00100000,
+               ACB_USE_AES_KEYS                = 0x00200000
         } samr_AcctFlags;
  
+       /* SAM server specific access rights */
+
         typedef [bitmap32bit] bitmap {
                 SAMR_ACCESS_CONNECT_TO_SERVER   = 0x00000001,
                 SAMR_ACCESS_SHUTDOWN_SERVER     = 0x00000002,
                 SAMR_ACCESS_INITIALIZE_SERVER   = 0x00000004,
                 SAMR_ACCESS_CREATE_DOMAIN       = 0x00000008,
                 SAMR_ACCESS_ENUM_DOMAINS        = 0x00000010,
-               SAMR_ACCESS_OPEN_DOMAIN         = 0x00000020
+               SAMR_ACCESS_LOOKUP_DOMAIN         = 0x00000020
         } samr_ConnectAccessMask;
  
+       const int SAMR_ACCESS_ALL_ACCESS = 0x0000003F;
+
+       const int GENERIC_RIGHTS_SAM_ALL_ACCESS =
+               (STANDARD_RIGHTS_REQUIRED_ACCESS        |
+                SAMR_ACCESS_ALL_ACCESS);
+
+       const int GENERIC_RIGHTS_SAM_READ =
+               (STANDARD_RIGHTS_READ_ACCESS            |
+                SAMR_ACCESS_ENUM_DOMAINS);
+
+       const int GENERIC_RIGHTS_SAM_WRITE =
+               (STANDARD_RIGHTS_WRITE_ACCESS           |
+                SAMR_ACCESS_CREATE_DOMAIN              |
+                SAMR_ACCESS_INITIALIZE_SERVER          |
+                SAMR_ACCESS_SHUTDOWN_SERVER);
+
+       const int GENERIC_RIGHTS_SAM_EXECUTE =
+               (STANDARD_RIGHTS_EXECUTE_ACCESS         |
+                SAMR_ACCESS_LOOKUP_DOMAIN              |
+                SAMR_ACCESS_CONNECT_TO_SERVER);
+
+       /* User Object specific access rights */
+
         typedef [bitmap32bit] bitmap {
                 SAMR_USER_ACCESS_GET_NAME_ETC             = 0x00000001,
                 SAMR_USER_ACCESS_GET_LOCALE               = 0x00000002,
@@ -63,6 +98,35 @@ import "misc.idl", "lsa.idl", "security.idl";
                 SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP  = 0x00000400
         } samr_UserAccessMask;
  
+       const int SAMR_USER_ACCESS_ALL_ACCESS = 0x000007FF;
+
+       const int GENERIC_RIGHTS_USER_ALL_ACCESS =
+               (STANDARD_RIGHTS_REQUIRED_ACCESS        |
+                SAMR_USER_ACCESS_ALL_ACCESS);  /* 0x000f07ff */
+
+       const int GENERIC_RIGHTS_USER_READ =
+               (STANDARD_RIGHTS_READ_ACCESS            |
+                SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP  |
+                SAMR_USER_ACCESS_GET_GROUPS            |
+                SAMR_USER_ACCESS_GET_ATTRIBUTES        |
+                SAMR_USER_ACCESS_GET_LOGONINFO         |
+                SAMR_USER_ACCESS_GET_LOCALE);  /* 0x0002031a */
+
+       const int GENERIC_RIGHTS_USER_WRITE =
+               (STANDARD_RIGHTS_WRITE_ACCESS           |
+                SAMR_USER_ACCESS_CHANGE_PASSWORD       |
+                SAMR_USER_ACCESS_SET_LOC_COM           |
+                SAMR_USER_ACCESS_SET_ATTRIBUTES        |
+                SAMR_USER_ACCESS_SET_PASSWORD          |
+                SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP);     /* 0x000204e4 */
+
+       const int GENERIC_RIGHTS_USER_EXECUTE =
+               (STANDARD_RIGHTS_EXECUTE_ACCESS         |
+                SAMR_USER_ACCESS_CHANGE_PASSWORD       |
+                SAMR_USER_ACCESS_GET_NAME_ETC);        /* 0x00020041 */
+
+       /* Domain Object specific access rights */
+
         typedef [bitmap32bit] bitmap {
                 SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1  = 0x00000001,
                 SAMR_DOMAIN_ACCESS_SET_INFO_1     = 0x00000002,
@@ -77,6 +141,34 @@ import "misc.idl", "lsa.idl", "security.idl";
                 SAMR_DOMAIN_ACCESS_SET_INFO_3     = 0x00000400
         } samr_DomainAccessMask;
  
+       const int SAMR_DOMAIN_ACCESS_ALL_ACCESS = 0x000007FF;
+
+       const int GENERIC_RIGHTS_DOMAIN_ALL_ACCESS =
+               (STANDARD_RIGHTS_REQUIRED_ACCESS        |
+                SAMR_DOMAIN_ACCESS_ALL_ACCESS);
+
+       const int GENERIC_RIGHTS_DOMAIN_READ =
+               (STANDARD_RIGHTS_READ_ACCESS            |
+                SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS        |
+                SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2);
+
+       const int GENERIC_RIGHTS_DOMAIN_WRITE =
+               (STANDARD_RIGHTS_WRITE_ACCESS           |
+                SAMR_DOMAIN_ACCESS_SET_INFO_3          |
+                SAMR_DOMAIN_ACCESS_CREATE_ALIAS        |
+                SAMR_DOMAIN_ACCESS_CREATE_GROUP        |
+                SAMR_DOMAIN_ACCESS_CREATE_USER         |
+                SAMR_DOMAIN_ACCESS_SET_INFO_2          |
+                SAMR_DOMAIN_ACCESS_SET_INFO_1);
+
+       const int GENERIC_RIGHTS_DOMAIN_EXECUTE =
+               (STANDARD_RIGHTS_EXECUTE_ACCESS         |
+                SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT        |
+                SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS       |
+                SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1);
+
+       /* Group Object specific access rights */
+
         typedef [bitmap32bit] bitmap {
                 SAMR_GROUP_ACCESS_LOOKUP_INFO     = 0x00000001,
                 SAMR_GROUP_ACCESS_SET_INFO        = 0x00000002,
@@ -85,6 +177,28 @@ import "misc.idl", "lsa.idl", "security.idl";
                 SAMR_GROUP_ACCESS_GET_MEMBERS     = 0x00000010
         } samr_GroupAccessMask;
  
+       const int SAMR_GROUP_ACCESS_ALL_ACCESS = 0x0000001F;
+
+       const int GENERIC_RIGHTS_GROUP_ALL_ACCESS =
+               (STANDARD_RIGHTS_REQUIRED_ACCESS        |
+                SAMR_GROUP_ACCESS_ALL_ACCESS); /* 0x000f001f */
+
+       const int GENERIC_RIGHTS_GROUP_READ =
+               (STANDARD_RIGHTS_READ_ACCESS            |
+                SAMR_GROUP_ACCESS_GET_MEMBERS);        /* 0x00020010 */
+
+       const int GENERIC_RIGHTS_GROUP_WRITE =
+               (STANDARD_RIGHTS_WRITE_ACCESS           |
+                SAMR_GROUP_ACCESS_REMOVE_MEMBER        |
+                SAMR_GROUP_ACCESS_ADD_MEMBER           |
+                SAMR_GROUP_ACCESS_SET_INFO);   /* 0x0002000e */
+
+       const int GENERIC_RIGHTS_GROUP_EXECUTE =
+               (STANDARD_RIGHTS_EXECUTE_ACCESS         |
+                SAMR_GROUP_ACCESS_LOOKUP_INFO);        /* 0x00020001 */
+
+       /* Alias Object specific access rights */
+
         typedef [bitmap32bit] bitmap {
                 SAMR_ALIAS_ACCESS_ADD_MEMBER      = 0x00000001,
                 SAMR_ALIAS_ACCESS_REMOVE_MEMBER   = 0x00000002,
@@ -93,6 +207,26 @@ import "misc.idl", "lsa.idl", "security.idl";
                 SAMR_ALIAS_ACCESS_SET_INFO        = 0x00000010
         } samr_AliasAccessMask;
  
+       const int SAMR_ALIAS_ACCESS_ALL_ACCESS = 0x0000001F;
+
+       const int GENERIC_RIGHTS_ALIAS_ALL_ACCESS =
+               (STANDARD_RIGHTS_REQUIRED_ACCESS        |
+                SAMR_ALIAS_ACCESS_ALL_ACCESS); /* 0x000f001f */
+
+       const int GENERIC_RIGHTS_ALIAS_READ =
+               (STANDARD_RIGHTS_READ_ACCESS            |
+                SAMR_ALIAS_ACCESS_GET_MEMBERS);        /* 0x00020004 */
+
+       const int GENERIC_RIGHTS_ALIAS_WRITE =
+               (STANDARD_RIGHTS_WRITE_ACCESS           |
+                SAMR_ALIAS_ACCESS_REMOVE_MEMBER        |
+                SAMR_ALIAS_ACCESS_ADD_MEMBER           |
+                SAMR_ALIAS_ACCESS_SET_INFO);   /* 0x00020013 */
+
+       const int GENERIC_RIGHTS_ALIAS_EXECUTE =
+               (STANDARD_RIGHTS_EXECUTE_ACCESS         |
+                SAMR_ALIAS_ACCESS_LOOKUP_INFO);        /* 0x00020008 */
+
         /******************/
         /* Function: 0x00 */
         NTSTATUS samr_Connect (
@@ -124,7 +258,7 @@ import "misc.idl", "lsa.idl", "security.idl";
         NTSTATUS samr_QuerySecurity (
                 [in,ref]          policy_handle *handle,
                 [in]              security_secinfo sec_info,
-               [out,unique]      sec_desc_buf *sdbuf
+               [out,ref]         sec_desc_buf **sdbuf
                 );
  
         /******************/
@@ -142,7 +276,7 @@ import "misc.idl", "lsa.idl", "security.idl";
         NTSTATUS samr_LookupDomain (
                 [in,ref]  policy_handle *connect_handle,
                 [in,ref]  lsa_String *domain_name,
-               [out,unique] dom_sid2 *sid
+               [out,ref] dom_sid2 **sid
                 );
  
  
@@ -162,9 +296,9 @@ import "misc.idl", "lsa.idl", "security.idl";
         NTSTATUS samr_EnumDomains (
                 [in,ref]      policy_handle *connect_handle,
                 [in,out,ref]  uint32 *resume_handle,
+               [out,ref]     samr_SamArray **sam,
                 [in]          uint32 buf_size,
-               [out,unique]  samr_SamArray *sam,
-               [out]         uint32 num_entries
+               [out,ref]     uint32 *num_entries
                 );
  
  
@@ -179,6 +313,23 @@ import "misc.idl", "lsa.idl", "security.idl";
  
         /************************/
         /* Function    0x08     */
+
+       typedef enum {
+               DomainPasswordInformation       = 1,
+               DomainGeneralInformation        = 2,
+               DomainLogoffInformation         = 3,
+               DomainOemInformation            = 4,
+               DomainNameInformation           = 5,
+               DomainReplicationInformation    = 6,
+               DomainServerRoleInformation     = 7,
+               DomainModifiedInformation       = 8,
+               DomainStateInformation          = 9,
+               DomainUasInformation            = 10,
+               DomainGeneralInformation2       = 11,
+               DomainLockoutInformation        = 12,
+               DomainModifiedInformation2      = 13
+       } samr_DomainInfoClass;
+
         /* server roles */
         typedef [v1_enum] enum {
                 SAMR_ROLE_STANDALONE    = 0,
@@ -197,6 +348,11 @@ import "misc.idl", "lsa.idl", "security.idl";
                 DOMAIN_REFUSE_PASSWORD_CHANGE   = 0x00000020
         } samr_PasswordProperties;
  
+       typedef [v1_enum] enum {
+               DOMAIN_SERVER_ENABLED = 1,
+               DOMAIN_SERVER_DISABLED = 2
+       } samr_DomainServerState;
+
         typedef struct {
                 uint16 min_password_length;
                 uint16 password_history_length;
@@ -212,7 +368,7 @@ import "misc.idl", "lsa.idl", "security.idl";
                 lsa_String domain_name;
                 lsa_String primary; /* PDC name if this is a BDC */
                 udlong sequence_num;
-               uint32 unknown2;
+               samr_DomainServerState domain_server_state;
                 samr_Role role;
                 uint32 unknown3;
                 uint32 num_users;
@@ -246,7 +402,7 @@ import "misc.idl", "lsa.idl", "security.idl";
         } samr_DomInfo8;
  
         typedef struct {
-               uint32 unknown; /* w2k3 returns 1 */
+               samr_DomainServerState domain_server_state;
         } samr_DomInfo9;
  
         typedef struct {
@@ -265,8 +421,7 @@ import "misc.idl", "lsa.idl", "security.idl";
         typedef struct {
                 hyper sequence_num;
                 NTTIME domain_create_time;
-               uint32 unknown1;
-               uint32 unknown2;
+               hyper modified_count_at_last_promotion;
         } samr_DomInfo13;
  
         typedef [switch_type(uint16)] union {
@@ -286,8 +441,8 @@ import "misc.idl", "lsa.idl", "security.idl";
  
         NTSTATUS samr_QueryDomainInfo(
                 [in,ref]      policy_handle *domain_handle,
-               [in]          uint16 level,
-               [out,switch_is(level),unique] samr_DomainInfo *info
+               [in]          samr_DomainInfoClass level,
+               [out,ref,switch_is(level)] samr_DomainInfo **info
                 );
  
         /************************/
@@ -298,7 +453,7 @@ import "misc.idl", "lsa.idl", "security.idl";
         */
         NTSTATUS samr_SetDomainInfo(
                 [in,ref]      policy_handle *domain_handle,
-               [in]          uint16 level,
+               [in]          samr_DomainInfoClass level,
                 [in,switch_is(level),ref] samr_DomainInfo *info
                 );
  
@@ -317,11 +472,11 @@ import "misc.idl", "lsa.idl", "security.idl";
         /************************/
         /* Function    0x0b     */
         NTSTATUS samr_EnumDomainGroups(
-               [in,ref]      policy_handle *domain_handle,
+               [in]          policy_handle *domain_handle,
                 [in,out,ref]  uint32 *resume_handle,
+               [out,ref]     samr_SamArray **sam,
                 [in]          uint32 max_size,
-               [out,unique]  samr_SamArray *sam,
-               [out]         uint32 num_entries
+               [out,ref]     uint32 *num_entries
                 );
  
         /************************/
@@ -344,12 +499,12 @@ import "misc.idl", "lsa.idl", "security.idl";
         const int SAMR_ENUM_USERS_MULTIPLIER = 54;
  
         NTSTATUS samr_EnumDomainUsers(
-               [in,ref]      policy_handle *domain_handle,
+               [in]          policy_handle *domain_handle,
                 [in,out,ref]  uint32 *resume_handle,
                 [in]          samr_AcctFlags acct_flags,
+               [out,ref]     samr_SamArray **sam,
                 [in]          uint32 max_size,
-               [out,unique]  samr_SamArray *sam,
-               [out]         uint32 num_entries
+               [out,ref]     uint32 *num_entries
                 );
  
         /************************/
@@ -365,11 +520,11 @@ import "misc.idl", "lsa.idl", "security.idl";
         /************************/
         /* Function    0x0f     */
         NTSTATUS samr_EnumDomainAliases(
-               [in,ref]      policy_handle *domain_handle,
+               [in]          policy_handle *domain_handle,
                 [in,out,ref]  uint32 *resume_handle,
-               [in]          samr_AcctFlags acct_flags,
-               [out,unique]  samr_SamArray *sam,
-               [out]         uint32 num_entries
+               [out,ref]     samr_SamArray **sam,
+               [in]          uint32 max_size,
+               [out,ref]     uint32 *num_entries
                 );
  
         /************************/
@@ -393,8 +548,8 @@ import "misc.idl", "lsa.idl", "security.idl";
                 [in,ref]      policy_handle *domain_handle,
                 [in,range(0,1000)] uint32 num_names,
                 [in,size_is(1000),length_is(num_names)] lsa_String names[],
-               [out]         samr_Ids rids,
-               [out]         samr_Ids types
+               [out,ref]     samr_Ids *rids,
+               [out,ref]     samr_Ids *types
                 );
  
  
@@ -404,8 +559,8 @@ import "misc.idl", "lsa.idl", "security.idl";
                 [in,ref]      policy_handle *domain_handle,
                 [in,range(0,1000)] uint32 num_rids,
                 [in,size_is(1000),length_is(num_rids)] uint32 rids[],
-               [out]         lsa_Strings names,
-               [out]         samr_Ids types
+               [out,ref]     lsa_Strings *names,
+               [out,ref]     samr_Ids *types
                 );
  
         /************************/
@@ -465,7 +620,7 @@ import "misc.idl", "lsa.idl", "security.idl";
         NTSTATUS samr_QueryGroupInfo(
                 [in,ref]                  policy_handle *group_handle,
                 [in]                      samr_GroupInfoEnum level,
-               [out,switch_is(level),unique] samr_GroupInfo *info
+               [out,ref,switch_is(level)] samr_GroupInfo **info
                 );
  
         /************************/
@@ -503,12 +658,12 @@ import "misc.idl", "lsa.idl", "security.idl";
         typedef struct {
                 uint32 count;
                 [size_is(count)] uint32 *rids;
-               [size_is(count)] uint32 *types;
-       } samr_RidTypeArray;
+               [size_is(count)] samr_GroupAttrs *attributes;
+       } samr_RidAttrArray;
  
         NTSTATUS samr_QueryGroupMember(
                 [in,ref]  policy_handle *group_handle,
-               [out,unique] samr_RidTypeArray *rids
+               [out,ref] samr_RidAttrArray **rids
                 );
  
  
@@ -562,7 +717,7 @@ import "misc.idl", "lsa.idl", "security.idl";
         NTSTATUS samr_QueryAliasInfo(
                 [in,ref]                  policy_handle  *alias_handle,
                 [in]                      samr_AliasInfoEnum      level,
-               [out,switch_is(level),unique] samr_AliasInfo *info
+               [out,ref,switch_is(level)] samr_AliasInfo **info
                 );
  
         /************************/
@@ -617,6 +772,33 @@ import "misc.idl", "lsa.idl", "security.idl";
  
         /************************/
         /* Function    0x24     */
+
+       typedef enum {
+               UserGeneralInformation          = 1,
+               UserPreferencesInformation      = 2,
+               UserLogonInformation            = 3,
+               UserLogonHoursInformation       = 4,
+               UserAccountInformation          = 5,
+               UserNameInformation             = 6,
+               UserAccountNameInformation      = 7,
+               UserFullNameInformation         = 8,
+               UserPrimaryGroupInformation     = 9,
+               UserHomeInformation             = 10,
+               UserScriptInformation           = 11,
+               UserProfileInformation          = 12,
+               UserAdminCommentInformation     = 13,
+               UserWorkStationsInformation     = 14,
+               UserControlInformation          = 16,
+               UserExpiresInformation          = 17,
+               UserInternal1Information        = 18,
+               UserParametersInformation       = 20,
+               UserAllInformation              = 21,
+               UserInternal4Information        = 23,
+               UserInternal5Information        = 24,
+               UserInternal4InformationNew     = 25,
+               UserInternal5InformationNew     = 26
+       } samr_UserInfoLevel;
+
         typedef struct {
                 lsa_String account_name;
                 lsa_String full_name;
@@ -627,7 +809,7 @@ import "misc.idl", "lsa.idl", "security.idl";
  
         typedef struct {
                 lsa_String comment;
-               lsa_String unknown; /* settable, but doesn't stick. probably obsolete */
+               lsa_String reserved; /* settable, but doesn't stick. probably obsolete */
                 uint16 country_code;
                 uint16 code_page;
         } samr_UserInfo2;
@@ -735,10 +917,11 @@ import "misc.idl", "lsa.idl", "security.idl";
         } samr_Password;
  
         typedef struct {
-               samr_Password lm_pwd;
                 samr_Password nt_pwd;
-               boolean8 lm_pwd_active;
+               samr_Password lm_pwd;
                 boolean8 nt_pwd_active;
+               boolean8 lm_pwd_active;
+               uint8 password_expired;
         } samr_UserInfo18;
  
         typedef struct {
@@ -771,8 +954,8 @@ import "misc.idl", "lsa.idl", "security.idl";
                 SAMR_FIELD_PARAMETERS       = 0x00200000,
                 SAMR_FIELD_COUNTRY_CODE     = 0x00400000,
                 SAMR_FIELD_CODE_PAGE        = 0x00800000,
-               SAMR_FIELD_PASSWORD         = 0x01000000, /* either of these */
-               SAMR_FIELD_PASSWORD2        = 0x02000000, /* two bits seems to work */
+               SAMR_FIELD_NT_PASSWORD_PRESENT = 0x01000000, /* either of these */
+               SAMR_FIELD_LM_PASSWORD_PRESENT = 0x02000000, /* two bits seems to work */
                 SAMR_FIELD_PRIVATE_DATA     = 0x04000000,
                 SAMR_FIELD_EXPIRED_FLAG     = 0x08000000,
                 SAMR_FIELD_SEC_DESC         = 0x10000000,
@@ -800,9 +983,9 @@ import "misc.idl", "lsa.idl", "security.idl";
                 lsa_String workstations;
                 lsa_String comment;
                 lsa_BinaryString parameters;
-               lsa_String unknown1;
-               lsa_String unknown2;
-               lsa_String unknown3;
+               lsa_BinaryString lm_owf_password;
+               lsa_BinaryString nt_owf_password;
+               lsa_String private_data;
                 uint32 buf_count;
                 [size_is(buf_count)] uint8 *buffer;
                 uint32 rid;
@@ -814,10 +997,10 @@ import "misc.idl", "lsa.idl", "security.idl";
                 uint16 logon_count;
                 uint16 country_code;
                 uint16 code_page;
-               uint8  nt_password_set;
                 uint8  lm_password_set;
+               uint8  nt_password_set;
                 uint8  password_expired;
-               uint8  unknown4;
+               uint8  private_data_sensitive;
         } samr_UserInfo21;
  
         typedef [public, flag(NDR_PAHEX)] struct {
@@ -831,7 +1014,7 @@ import "misc.idl", "lsa.idl", "security.idl";
  
         typedef struct {
                 samr_CryptPassword password;
-               uint8 pw_len;
+               uint8 password_expired;
         } samr_UserInfo24;
  
         typedef [flag(NDR_PAHEX)] struct {
@@ -845,7 +1028,7 @@ import "misc.idl", "lsa.idl", "security.idl";
  
         typedef struct {
                 samr_CryptPasswordEx password;
-               uint8 pw_len;
+               uint8 password_expired;
         } samr_UserInfo26;
  
         typedef [switch_type(uint16)] union {
@@ -876,8 +1059,8 @@ import "misc.idl", "lsa.idl", "security.idl";
  
         [public] NTSTATUS samr_QueryUserInfo(
                 [in,ref]                  policy_handle *user_handle,
-               [in]                      uint16 level,
-               [out,unique,switch_is(level)] samr_UserInfo *info
+               [in]                      samr_UserInfoLevel level,
+               [out,ref,switch_is(level)] samr_UserInfo **info
                 );
  
  
@@ -885,7 +1068,7 @@ import "misc.idl", "lsa.idl", "security.idl";
         /* Function    0x25     */
         [public] NTSTATUS samr_SetUserInfo(
                 [in,ref]                   policy_handle *user_handle,
-               [in]                       uint16 level,
+               [in]                       samr_UserInfoLevel level,
                 [in,ref,switch_is(level)]  samr_UserInfo *info
                 );
  
@@ -924,7 +1107,7 @@ import "misc.idl", "lsa.idl", "security.idl";
  
         NTSTATUS samr_GetGroupsForUser(
                 [in,ref]   policy_handle *user_handle,
-               [out,unique] samr_RidWithAttributeArray  *rids
+               [out,ref]  samr_RidWithAttributeArray  **rids
                 );
  
         /************************/
@@ -994,9 +1177,9 @@ import "misc.idl", "lsa.idl", "security.idl";
                 [in]        uint32 start_idx,
                 [in]        uint32 max_entries,
                 [in]        uint32 buf_size,
-               [out]       uint32 total_size,
-               [out]       uint32 returned_size,
-               [out,switch_is(level)] samr_DispInfo info
+               [out,ref]   uint32 *total_size,
+               [out,ref]   uint32 *returned_size,
+               [out,ref,switch_is(level)] samr_DispInfo *info
                 );
  
  
@@ -1015,8 +1198,8 @@ import "misc.idl", "lsa.idl", "security.idl";
         NTSTATUS samr_GetDisplayEnumerationIndex(
                 [in,ref]    policy_handle *domain_handle,
                 [in]        uint16 level,
-               [in]        lsa_String name,
-               [out]       uint32 idx
+               [in,ref]    lsa_String *name,
+               [out,ref]   uint32 *idx
                 );
  
  
@@ -1053,7 +1236,7 @@ import "misc.idl", "lsa.idl", "security.idl";
  
         [public] NTSTATUS samr_GetUserPwInfo(
                 [in,ref]    policy_handle *user_handle,
-               [out]       samr_PwInfo info
+               [out,ref]   samr_PwInfo *info
                 );
  
         /************************/
@@ -1071,8 +1254,8 @@ import "misc.idl", "lsa.idl", "security.idl";
         */
         NTSTATUS samr_QueryDomainInfo2(
                 [in,ref]      policy_handle *domain_handle,
-               [in]          uint16 level,
-               [out,unique,switch_is(level)] samr_DomainInfo *info
+               [in]          samr_DomainInfoClass level,
+               [out,ref,switch_is(level)] samr_DomainInfo **info
                 );
  
         /************************/
@@ -1083,8 +1266,8 @@ import "misc.idl", "lsa.idl", "security.idl";
         */
         NTSTATUS samr_QueryUserInfo2(
                 [in,ref]                  policy_handle *user_handle,
-               [in]                      uint16 level,
-               [out,unique,switch_is(level)]    samr_UserInfo *info
+               [in]                      samr_UserInfoLevel level,
+               [out,ref,switch_is(level)]    samr_UserInfo **info
                 );
  
         /************************/
@@ -1099,9 +1282,9 @@ import "misc.idl", "lsa.idl", "security.idl";
                 [in]        uint32 start_idx,
                 [in]        uint32 max_entries,
                 [in]        uint32 buf_size,
-               [out]       uint32 total_size,
-               [out]       uint32 returned_size,
-               [out,switch_is(level)] samr_DispInfo info
+               [out,ref]   uint32 *total_size,
+               [out,ref]   uint32 *returned_size,
+               [out,ref,switch_is(level)] samr_DispInfo *info
                 );
  
         /************************/
@@ -1113,8 +1296,8 @@ import "misc.idl", "lsa.idl", "security.idl";
         NTSTATUS samr_GetDisplayEnumerationIndex2(
                 [in,ref]    policy_handle *domain_handle,
                 [in]        uint16 level,
-               [in]        lsa_String name,
-               [out]       uint32 idx
+               [in,ref]    lsa_String *name,
+               [out,ref]   uint32 *idx
                 );
  
  
@@ -1143,9 +1326,9 @@ import "misc.idl", "lsa.idl", "security.idl";
                 [in]        uint32 start_idx,
                 [in]        uint32 max_entries,
                 [in]        uint32 buf_size,
-               [out]       uint32 total_size,
-               [out]       uint32 returned_size,
-               [out,switch_is(level)] samr_DispInfo info
+               [out,ref]   uint32 *total_size,
+               [out,ref]   uint32 *returned_size,
+               [out,ref,switch_is(level)] samr_DispInfo *info
                 );
  
         /************************/
@@ -1188,7 +1371,7 @@ import "misc.idl", "lsa.idl", "security.idl";
         /* Function    0x38     */
         NTSTATUS samr_GetDomPwInfo(
                 [in,unique] lsa_String *domain_name,
-               [out]       samr_PwInfo info
+               [out,ref]   samr_PwInfo *info
                 );
  
         /************************/
@@ -1206,7 +1389,7 @@ import "misc.idl", "lsa.idl", "security.idl";
         */
         [public] NTSTATUS samr_SetUserInfo2(
                 [in,ref]                   policy_handle *user_handle,
-               [in]                       uint16 level,
+               [in]                       samr_UserInfoLevel level,
                 [in,ref,switch_is(level)]  samr_UserInfo *info
                 );
  
@@ -1226,7 +1409,7 @@ import "misc.idl", "lsa.idl", "security.idl";
         /* Function    0x3c     */
         NTSTATUS samr_GetBootKeyInformation(
                 [in,ref]   policy_handle *domain_handle,
-               [out]      uint32 unknown
+               [out,ref]  uint32 *unknown
                 );
  
         /************************/
@@ -1242,7 +1425,7 @@ import "misc.idl", "lsa.idl", "security.idl";
         /************************/
         /* Function    0x3e     */
  
-       typedef enum {
+       typedef [v1_enum] enum {
                 SAMR_CONNECT_PRE_W2K    = 1,
                 SAMR_CONNECT_W2K        = 2,
                 SAMR_CONNECT_AFTER_W2K  = 3
@@ -1258,13 +1441,22 @@ import "misc.idl", "lsa.idl", "security.idl";
         /************************/
         /* Function    0x3f     */
  
-       typedef enum samr_RejectReason samr_RejectReason;
+       typedef [public,v1_enum] enum {
+               SAM_PWD_CHANGE_NO_ERROR             = 0,
+               SAM_PWD_CHANGE_PASSWORD_TOO_SHORT   = 1,
+               SAM_PWD_CHANGE_PWD_IN_HISTORY       = 2,
+               SAM_PWD_CHANGE_USERNAME_IN_PASSWORD = 3,
+               SAM_PWD_CHANGE_FULLNAME_IN_PASSWORD = 4,
+               SAM_PWD_CHANGE_NOT_COMPLEX          = 5,
+               SAM_PWD_CHANGE_MACHINE_NOT_DEFAULT  = 6,
+               SAM_PWD_CHANGE_FAILED_BY_FILTER     = 7,
+               SAM_PWD_CHANGE_PASSWORD_TOO_LONG    = 8
+       } samPwdChangeReason;
  
         typedef struct {
-               samr_RejectReason reason;
-               uint32 unknown1;
-               uint32 unknown2;
-       } samr_ChangeReject;
+               samPwdChangeReason extendedFailureReason;
+               [string,charset(UTF16)] uint16 *filterModuleName;
+       } userPwdChangeFailureInformation;
  
         NTSTATUS samr_ChangePasswordUser3(
                 [in,unique]       lsa_String *server,
@@ -1275,8 +1467,8 @@ import "misc.idl", "lsa.idl", "security.idl";
                 [in,unique]       samr_CryptPassword *lm_password,
                 [in,unique]       samr_Password *lm_verifier,
                 [in,unique]       samr_CryptPassword *password3,
-               [out,unique]      samr_DomInfo1 *dominfo,
-               [out,unique]      samr_ChangeReject *reject
+               [out,ref]         samr_DomInfo1 **dominfo,
+               [out,ref]         userPwdChangeFailureInformation **reject
                 );
  
         /************************/
@@ -1294,8 +1486,10 @@ import "misc.idl", "lsa.idl", "security.idl";
         [public] NTSTATUS samr_Connect5(
                 [in,unique,string,charset(UTF16)] uint16 *system_name,
                 [in]       samr_ConnectAccessMask  access_mask,
-               [in,out]   uint32             level,
-               [in,out,switch_is(level),ref] samr_ConnectInfo *info,
+               [in]       uint32             level_in,
+               [in,ref,switch_is(level_in)] samr_ConnectInfo *info_in,
+               [out,ref]  uint32             *level_out,
+               [out,ref,switch_is(*level_out)] samr_ConnectInfo *info_out,
                 [out,ref]  policy_handle      *connect_handle
                 );
  
@@ -1304,10 +1498,9 @@ import "misc.idl", "lsa.idl", "security.idl";
         NTSTATUS samr_RidToSid(
                 [in,ref]    policy_handle *domain_handle,
                 [in]        uint32        rid,
-               [out,unique] dom_sid2      *sid
+               [out,ref]   dom_sid2      **sid
                 );
  
-
         /************************/
         /* Function    0x42     */
  
@@ -1354,12 +1547,14 @@ import "misc.idl", "lsa.idl", "security.idl";
                 SAMR_VALIDATION_STATUS_SUCCESS = 0,
                 SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1,
                 SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2,
+               SAMR_VALIDATION_STATUS_PASSWORD_EXPIRED = 3,
                 SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4,
                 SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5,
                 SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6,
                 SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7,
                 SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8,
-               SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9
+               SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9,
+               SAMR_VALIDATION_STATUS_PASSWORD_FILTER_ERROR = 10
         } samr_ValidationStatus;
  
         typedef struct {
@@ -1418,7 +1613,7 @@ import "misc.idl", "lsa.idl", "security.idl";
  
         NTSTATUS samr_ValidatePassword(
                 [in] samr_ValidatePasswordLevel level,
-               [in,switch_is(level)] samr_ValidatePasswordReq req,
-               [out,unique,switch_is(level)] samr_ValidatePasswordRep *rep
+               [in,switch_is(level)] samr_ValidatePasswordReq *req,
+               [out,ref,switch_is(level)] samr_ValidatePasswordRep **rep
                 );
  }