librpc/idl/krb5pac.idl

   1 /*
   2   krb5 PAC
   3 */
   4
   5 #include "idl_types.h"
   6
   7 import "security.idl", "lsa.idl", "netlogon.idl", "samr.idl";
   8
   9 [
  10   uuid("12345778-1234-abcd-0000-00000000"),
  11   version(0.0),
  12   pointer_default(unique),
  13   helpstring("Active Directory KRB5 PAC")
  14 ]
  15 interface krb5pac
  16 {
  17         typedef struct {
  18                 NTTIME logon_time;
  19                 [value(2*strlen_m(account_name))] uint16 size;
  20                 [charset(UTF16)] uint8 account_name[size];
  21         } PAC_LOGON_NAME;
  22
  23         typedef [public,flag(NDR_PAHEX)] struct {
  24                 uint32 type;
  25                 [flag(NDR_REMAINING)] DATA_BLOB signature;
  26         } PAC_SIGNATURE_DATA;
  27
  28         typedef struct {
  29                 netr_SamInfo3 info3;
  30                 dom_sid2 *res_group_dom_sid;
  31                 samr_RidWithAttributeArray res_groups;
  32         } PAC_LOGON_INFO;
  33
  34         typedef struct {
  35                 lsa_String proxy_target;
  36                 uint32 num_transited_services;
  37                 [size_is(num_transited_services)] lsa_String *transited_services;
  38         } PAC_CONSTRAINED_DELEGATION;
  39
  40         typedef struct {
  41                 [value(2*strlen_m(upn_name))] uint16 upn_size;
  42                 uint16 upn_offset;
  43                 [value(2*strlen_m(domain_name))] uint16 domain_size;
  44                 uint16 domain_offset;
  45                 uint16 unknown3; /* 0x01 */
  46                 uint16 unknown4;
  47                 uint32 unknown5;
  48                 [charset(UTF16)] uint8 upn_name[upn_size+2];
  49                 [charset(UTF16)] uint8 domain_name[domain_size+2];
  50                 uint32 unknown6; /* padding */
  51         } PAC_UNKNOWN_12;
  52
  53         typedef [public] struct {
  54                 PAC_LOGON_INFO *info;
  55         } PAC_LOGON_INFO_CTR;
  56
  57         typedef [public] struct {
  58                 PAC_CONSTRAINED_DELEGATION *info;
  59         } PAC_CONSTRAINED_DELEGATION_CTR;
  60
  61         typedef [public,v1_enum] enum {
  62                 PAC_TYPE_LOGON_INFO = 1,
  63                 PAC_TYPE_SRV_CHECKSUM = 6,
  64                 PAC_TYPE_KDC_CHECKSUM = 7,
  65                 PAC_TYPE_LOGON_NAME = 10,
  66                 PAC_TYPE_CONSTRAINED_DELEGATION = 11,
  67                 PAC_TYPE_UNKNOWN_12 = 12
  68         } PAC_TYPE;
  69
  70         typedef struct {
  71                 [flag(NDR_REMAINING)] DATA_BLOB remaining;
  72         } DATA_BLOB_REM;
  73
  74         typedef [public,nodiscriminant,gensize] union {
  75                 [case(PAC_TYPE_LOGON_INFO)][subcontext(0xFFFFFC01)] PAC_LOGON_INFO_CTR logon_info;
  76                 [case(PAC_TYPE_SRV_CHECKSUM)]   PAC_SIGNATURE_DATA srv_cksum;
  77                 [case(PAC_TYPE_KDC_CHECKSUM)]   PAC_SIGNATURE_DATA kdc_cksum;
  78                 [case(PAC_TYPE_LOGON_NAME)]     PAC_LOGON_NAME logon_name;
  79                 [case(PAC_TYPE_CONSTRAINED_DELEGATION)][subcontext(0xFFFFFC01)]
  80                         PAC_CONSTRAINED_DELEGATION_CTR constrained_delegation;
  81                 /* when new PAC info types are added they are supposed to be done
  82                    in such a way that they are backwards compatible with existing
  83                    servers. This makes it safe to just use a [default] for
  84                    unknown types, which lets us ignore the data */
  85                 [default]       [subcontext(0)] DATA_BLOB_REM unknown;
  86                 /* [case(PAC_TYPE_UNKNOWN_12)]  PAC_UNKNOWN_12 unknown; */
  87         } PAC_INFO;
  88
  89         typedef [public,nopush,nopull,noprint] struct {
  90                 PAC_TYPE type;
  91                 [value(_ndr_size_PAC_INFO(info, type, 0))] uint32 _ndr_size;
  92                 [relative,switch_is(type),subcontext(0),subcontext_size(_subcontext_size_PAC_INFO(r, ndr->flags)),flag(NDR_ALIGN8)] PAC_INFO *info;
  93                 [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
  94         } PAC_BUFFER;
  95
  96         typedef [public] struct {
  97                 uint32 num_buffers;
  98                 uint32 version;
  99                 PAC_BUFFER buffers[num_buffers];
 100         } PAC_DATA;
 101
 102         typedef [public] struct {
 103                 PAC_TYPE type;
 104                 uint32 ndr_size;
 105                 [relative,subcontext(0),subcontext_size(NDR_ROUND(ndr_size,8)),flag(NDR_ALIGN8)] DATA_BLOB_REM *info;
 106                 [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
 107         } PAC_BUFFER_RAW;
 108
 109         typedef [public] struct {
 110                 uint32 num_buffers;
 111                 uint32 version;
 112                 PAC_BUFFER_RAW buffers[num_buffers];
 113         } PAC_DATA_RAW;
 114
 115         const int NETLOGON_GENERIC_KRB5_PAC_VALIDATE = 3;
 116
 117         typedef [public] struct {
 118                 [value(NETLOGON_GENERIC_KRB5_PAC_VALIDATE)] uint32 MessageType;
 119                 uint32 ChecksumLength;
 120                 int32 SignatureType;
 121                 uint32 SignatureLength;
 122                 [flag(NDR_REMAINING)] DATA_BLOB ChecksumAndSignature;
 123         } PAC_Validate;
 124
 125         [nopython] void decode_pac(
 126                 [in] PAC_DATA pac
 127                 );
 128
 129         [nopython] void decode_pac_raw(
 130                 [in] PAC_DATA_RAW pac
 131                 );
 132
 133         [nopython] void decode_login_info(
 134                 [in] PAC_LOGON_INFO logon_info
 135                 );
 136
 137         [nopython] void decode_login_info_ctr(
 138                 [in] PAC_LOGON_INFO_CTR logon_info_ctr
 139                 );
 140
 141         [nopython] void decode_pac_validate(
 142                 [in] PAC_Validate pac_validate
 143                 );
 144
 145         /* used for samba3 netsamlogon cache */
 146         typedef [public] struct {
 147                 time_t timestamp;
 148                 netr_SamInfo3 info3;
 149         } netsamlogoncache_entry;
 150 }