librpc/idl/krb5pac.idl

   1 /*
   2   krb5 PAC
   3 */
   4
   5 #include "idl_types.h"
   6
   7 import "security.idl", "netlogon.idl", "samr.idl";
   8
   9 [
  10   uuid("12345778-1234-abcd-0000-00000000"),
  11   version(0.0),
  12   pointer_default(unique),
  13   helpstring("Active Directory KRB5 PAC")
  14 ]
  15 interface krb5pac
  16 {
  17         typedef struct {
  18                 NTTIME logon_time;
  19                 [value(2*strlen_m(account_name))] uint16 size;
  20                 [charset(UTF16)] uint8 account_name[size];
  21         } PAC_LOGON_NAME;
  22
  23         typedef [public,flag(NDR_PAHEX)] struct {
  24                 uint32 type;
  25                 [flag(NDR_REMAINING)] DATA_BLOB signature;
  26         } PAC_SIGNATURE_DATA;
  27
  28         typedef struct {
  29                 netr_SamInfo3 info3;
  30                 dom_sid2 *res_group_dom_sid;
  31                 samr_RidWithAttributeArray res_groups;
  32         } PAC_LOGON_INFO;
  33
  34         typedef struct {
  35                 [value(2*strlen_m(upn_name))] uint16 upn_size;
  36                 uint16 upn_offset;
  37                 [value(2*strlen_m(domain_name))] uint16 domain_size;
  38                 uint16 domain_offset;
  39                 uint16 unknown3; /* 0x01 */
  40                 uint16 unknown4;
  41                 uint32 unknown5;
  42                 [charset(UTF16)] uint8 upn_name[upn_size+2];
  43                 [charset(UTF16)] uint8 domain_name[domain_size+2];
  44                 uint32 unknown6; /* padding */
  45         } PAC_UNKNOWN_12;
  46
  47         typedef [public] struct {
  48                 PAC_LOGON_INFO *info;
  49         } PAC_LOGON_INFO_CTR;
  50
  51         typedef [public,v1_enum] enum {
  52                 PAC_TYPE_LOGON_INFO = 1,
  53                 PAC_TYPE_SRV_CHECKSUM = 6,
  54                 PAC_TYPE_KDC_CHECKSUM = 7,
  55                 PAC_TYPE_LOGON_NAME = 10,
  56                 PAC_TYPE_CONSTRAINED_DELEGATION = 11,
  57                 PAC_TYPE_UNKNOWN_12 = 12
  58         } PAC_TYPE;
  59
  60         typedef struct {
  61                 [flag(NDR_REMAINING)] DATA_BLOB remaining;
  62         } DATA_BLOB_REM;
  63
  64         typedef [public,nodiscriminant,gensize] union {
  65                 [case(PAC_TYPE_LOGON_INFO)][subcontext(0xFFFFFC01)] PAC_LOGON_INFO_CTR logon_info;
  66                 [case(PAC_TYPE_SRV_CHECKSUM)]   PAC_SIGNATURE_DATA srv_cksum;
  67                 [case(PAC_TYPE_KDC_CHECKSUM)]   PAC_SIGNATURE_DATA kdc_cksum;
  68                 [case(PAC_TYPE_LOGON_NAME)]     PAC_LOGON_NAME logon_name;
  69                 /* when new PAC info types are added they are supposed to be done
  70                    in such a way that they are backwards compatible with existing
  71                    servers. This makes it safe to just use a [default] for
  72                    unknown types, which lets us ignore the data */
  73                 [default]       [subcontext(0)] DATA_BLOB_REM unknown;
  74                 /* [case(PAC_TYPE_UNKNOWN_12)]  PAC_UNKNOWN_12 unknown; */
  75         } PAC_INFO;
  76
  77         typedef [public,nopush,nopull,noprint] struct {
  78                 PAC_TYPE type;
  79                 [value(_ndr_size_PAC_INFO(info, type, 0))] uint32 _ndr_size;
  80                 [relative,switch_is(type),subcontext(0),subcontext_size(_subcontext_size_PAC_INFO(r, ndr->flags)),flag(NDR_ALIGN8)] PAC_INFO *info;
  81                 [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
  82         } PAC_BUFFER;
  83
  84         typedef [public] struct {
  85                 uint32 num_buffers;
  86                 uint32 version;
  87                 PAC_BUFFER buffers[num_buffers];
  88         } PAC_DATA;
  89
  90         typedef [public] struct {
  91                 PAC_TYPE type;
  92                 uint32 ndr_size;
  93                 [relative,subcontext(0),subcontext_size(NDR_ROUND(ndr_size,8)),flag(NDR_ALIGN8)] DATA_BLOB_REM *info;
  94                 [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
  95         } PAC_BUFFER_RAW;
  96
  97         typedef [public] struct {
  98                 uint32 num_buffers;
  99                 uint32 version;
 100                 PAC_BUFFER_RAW buffers[num_buffers];
 101         } PAC_DATA_RAW;
 102
 103         const int NETLOGON_GENERIC_KRB5_PAC_VALIDATE = 3;
 104
 105         typedef [public] struct {
 106                 [value(NETLOGON_GENERIC_KRB5_PAC_VALIDATE)] uint32 MessageType;
 107                 uint32 ChecksumLength;
 108                 int32 SignatureType;
 109                 uint32 SignatureLength;
 110                 [flag(NDR_REMAINING)] DATA_BLOB ChecksumAndSignature;
 111         } PAC_Validate;
 112
 113         void decode_pac(
 114                 [in] PAC_DATA pac
 115                 );
 116
 117         void decode_pac_raw(
 118                 [in] PAC_DATA_RAW pac
 119                 );
 120
 121         void decode_login_info(
 122                 [in] PAC_LOGON_INFO logon_info
 123                 );
 124
 125         void decode_pac_validate(
 126                 [in] PAC_Validate pac_validate
 127                 );
 128
 129         /* used for samba3 netsamlogon cache */
 130         typedef [public] struct {
 131                 time_t timestamp;
 132                 netr_SamInfo3 info3;
 133         } netsamlogoncache_entry;
 134 }