3.1.5.1.9 SamrOpenUser (Opnum 34)

  • [アーティクル]

The SamrOpenUser method obtains a handle to a user, given a RID.

 long SamrOpenUser(
   [in] SAMPR_HANDLE DomainHandle,
   [in] unsigned long DesiredAccess,
   [in] unsigned long UserId,
   [out] SAMPR_HANDLE* UserHandle
 );

DomainHandle: An RPC context handle, as specified in section 2.2.7.2, representing a domain object.

DesiredAccess: An ACCESS_MASK that indicates the requested access for the returned handle. See section 2.2.1.7 for a list of user access values.

UserId: A RID of a user account.

UserHandle: An RPC context handle, as specified in section 2.2.7.2.

This protocol asks the RPC runtime, via the strict_context_handle attribute, to reject the use of context handles created by a method of a different RPC interface than this one, as specified in [MS-RPCE] section 3.

Upon receiving this message, the server MUST process the data from the message according to the constraints in section 3.1.5.1.6, with the following values:

  • Target-Rid: UserId

  • Target-Object-Type: A user object (that is, a database with the objectClass user or derived from user).

  • Generic-Access-Mask-Mapping-Table:

    Incoming bit

    Translated bits

    GENERIC_READ

    USER_READ

    GENERIC_WRITE

    USER_WRITE

    GENERIC_EXECUTE

    USER_EXECUTE

    GENERIC_ALL

    USER_ALL_ACCESS

  • Desired-Access-Mapping-Table:

    DesiredAccess

    Access mask

    Object ACE type

    USER_READ_GENERAL

    ACTRL_DS_READ_PROP

    59ba2f42-79a2-11d0-9020-00c04fc2d3cf

    USER_READ_PREFERENCES

    ACTRL_DS_READ_PROP

    59ba2f42-79a2-11d0-9020-00c04fc2d3cf

    USER_READ_LOGON

    ACTRL_DS_READ_PROP

    5f202010-79a5-11d0-9020-00c04fc2d4cf

    USER_READ_ACCOUNT

    ACTRL_DS_READ_PROP

    4c164200-20c0-11d0-a768-00aa006e0529

    USER_WRITE_PREFERENCES

    ACTRL_DS_WRITE_PROP

    59ba2f42-79a2-11d0-9020-00c04fc2d3cf

    USER_WRITE_ACCOUNT

    ACTRL_DS_WRITE_PROP

    59ba2f42-79a2-11d0-9020-00c04fc2d3cf

    USER_WRITE_ACCOUNT

    ACTRL_DS_WRITE_PROP

    5f202010-79a5-11d0-9020-00c04fc2d4cf

    USER_WRITE_ACCOUNT

    ACTRL_DS_WRITE_PROP

    4c164200-20c0-11d0-a768-00aa006e0529

    USER_CHANGE_PASSWORD

    ACTRL_DS_CONTROL_ACCESS

    ab721a53-1e2f-11d0-9819-00aa0040529b

    USER_FORCE_PASSWORD_CHANGE

    ACTRL_DS_CONTROL_ACCESS

    00299570-246d-11d0-a768-00aa006e0529

    USER_LIST_GROUPS

    ACTRL_DS_READ_PROP

    bf967991-0de6-11d0-a285-00aa003049e2

    USER_READ_GROUP_INFORMATION

    ACTRL_DS_READ_PROP

    USER_WRITE_GROUP_INFORMATION

    ACTRL_DS_WRITE_PROP

    ACCESS_SYSTEM_SECURITY

    ACCESS_SYSTEM_SECURITY

    WRITE_OWNER

    WRITE_OWNER

    WRITE_DAC

    WRITE_DAC

    DELETE

    DELETE

  • Output-Handle: UserHandle