librpc/idl/krb5pac.idl

   1 /*
   2   krb5 PAC
   3 */
   4
   5 #include "idl_types.h"
   6
   7 import "security.idl", "lsa.idl", "netlogon.idl", "samr.idl";
   8
   9 [
  10   uuid("12345778-1234-abcd-0000-00000000"),
  11   version(0.0),
  12   pointer_default(unique),
  13   helpstring("Active Directory KRB5 PAC")
  14 ]
  15 interface krb5pac
  16 {
  17         typedef struct {
  18                 NTTIME logon_time;
  19                 [value(2*strlen_m(account_name))] uint16 size;
  20                 [charset(UTF16)] uint8 account_name[size];
  21         } PAC_LOGON_NAME;
  22
  23         typedef [public,flag(NDR_PAHEX)] struct {
  24                 uint32 type;
  25                 [flag(NDR_REMAINING)] DATA_BLOB signature;
  26         } PAC_SIGNATURE_DATA;
  27
  28         typedef struct {
  29                 netr_SamInfo3 info3;
  30                 dom_sid2 *res_group_dom_sid;
  31                 samr_RidWithAttributeArray res_groups;
  32         } PAC_LOGON_INFO;
  33
  34         typedef struct {
  35                 lsa_String proxy_target;
  36                 uint32 num_transited_services;
  37                 [size_is(num_transited_services)] lsa_String *transited_services;
  38         } PAC_CONSTRAINED_DELEGATION;
  39
  40         typedef [public,bitmap32bit] bitmap {
  41                 UDI_ACCT_HAS_NO_UPN     = 0x00000001 /* 1= User account has no UPN */
  42         } upn_dns_info_flags;
  43
  44         typedef struct {
  45                 [value(2*strlen_m(upn_name))] uint16 upn_size;
  46                 uint16 upn_offset;
  47                 [value(2*strlen_m(domain_name))] uint16 domain_size;
  48                 uint16 domain_offset;
  49                 upn_dns_info_flags flags;
  50                 uint32 padding;
  51                 [charset(UTF16)] uint8 upn_name[upn_size+2];
  52                 [charset(UTF16)] uint8 domain_name[domain_size+2];
  53         } PAC_UPN_DNS_INFO;
  54
  55         typedef [public] struct {
  56                 PAC_LOGON_INFO *info;
  57         } PAC_LOGON_INFO_CTR;
  58
  59         typedef [public] struct {
  60                 PAC_CONSTRAINED_DELEGATION *info;
  61         } PAC_CONSTRAINED_DELEGATION_CTR;
  62
  63         typedef [public,v1_enum] enum {
  64                 PAC_TYPE_LOGON_INFO = 1,
  65                 PAC_TYPE_SRV_CHECKSUM = 6,
  66                 PAC_TYPE_KDC_CHECKSUM = 7,
  67                 PAC_TYPE_LOGON_NAME = 10,
  68                 PAC_TYPE_CONSTRAINED_DELEGATION = 11,
  69                 PAC_TYPE_UPN_DNS_INFO = 12
  70         } PAC_TYPE;
  71
  72         typedef struct {
  73                 [flag(NDR_REMAINING)] DATA_BLOB remaining;
  74         } DATA_BLOB_REM;
  75
  76         typedef [public,nodiscriminant,gensize] union {
  77                 [case(PAC_TYPE_LOGON_INFO)][subcontext(0xFFFFFC01)] PAC_LOGON_INFO_CTR logon_info;
  78                 [case(PAC_TYPE_SRV_CHECKSUM)]   PAC_SIGNATURE_DATA srv_cksum;
  79                 [case(PAC_TYPE_KDC_CHECKSUM)]   PAC_SIGNATURE_DATA kdc_cksum;
  80                 [case(PAC_TYPE_LOGON_NAME)]     PAC_LOGON_NAME logon_name;
  81                 [case(PAC_TYPE_CONSTRAINED_DELEGATION)][subcontext(0xFFFFFC01)]
  82                         PAC_CONSTRAINED_DELEGATION_CTR constrained_delegation;
  83                 [case(PAC_TYPE_UPN_DNS_INFO)]   PAC_UPN_DNS_INFO upn_dns_info;
  84                 /* when new PAC info types are added they are supposed to be done
  85                    in such a way that they are backwards compatible with existing
  86                    servers. This makes it safe to just use a [default] for
  87                    unknown types, which lets us ignore the data */
  88                 [default]       [subcontext(0)] DATA_BLOB_REM unknown;
  89         } PAC_INFO;
  90
  91         typedef [public,nopush,nopull,noprint] struct {
  92                 PAC_TYPE type;
  93                 [value(_ndr_size_PAC_INFO(info, type, 0))] uint32 _ndr_size;
  94                 [relative,switch_is(type),subcontext(0),subcontext_size(_subcontext_size_PAC_INFO(r, ndr->flags)),flag(NDR_ALIGN8)] PAC_INFO *info;
  95                 [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
  96         } PAC_BUFFER;
  97
  98         typedef [public] struct {
  99                 uint32 num_buffers;
 100                 uint32 version;
 101                 PAC_BUFFER buffers[num_buffers];
 102         } PAC_DATA;
 103
 104         typedef [public] struct {
 105                 PAC_TYPE type;
 106                 uint32 ndr_size;
 107                 [relative,subcontext(0),subcontext_size(NDR_ROUND(ndr_size,8)),flag(NDR_ALIGN8)] DATA_BLOB_REM *info;
 108                 [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
 109         } PAC_BUFFER_RAW;
 110
 111         typedef [public] struct {
 112                 uint32 num_buffers;
 113                 uint32 version;
 114                 PAC_BUFFER_RAW buffers[num_buffers];
 115         } PAC_DATA_RAW;
 116
 117         const int NETLOGON_GENERIC_KRB5_PAC_VALIDATE = 3;
 118
 119         typedef [public] struct {
 120                 [value(NETLOGON_GENERIC_KRB5_PAC_VALIDATE)] uint32 MessageType;
 121                 uint32 ChecksumLength;
 122                 int32 SignatureType;
 123                 uint32 SignatureLength;
 124                 [flag(NDR_REMAINING)] DATA_BLOB ChecksumAndSignature;
 125         } PAC_Validate;
 126
 127         [nopython] void decode_pac(
 128                 [in] PAC_DATA pac
 129                 );
 130
 131         [nopython] void decode_pac_raw(
 132                 [in] PAC_DATA_RAW pac
 133                 );
 134
 135         [nopython] void decode_login_info(
 136                 [in] PAC_LOGON_INFO logon_info
 137                 );
 138
 139         [nopython] void decode_login_info_ctr(
 140                 [in] PAC_LOGON_INFO_CTR logon_info_ctr
 141                 );
 142
 143         [nopython] void decode_pac_validate(
 144                 [in] PAC_Validate pac_validate
 145                 );
 146
 147         /* used for samba3 netsamlogon cache */
 148         typedef [public] struct {
 149                 time_t timestamp;
 150                 netr_SamInfo3 info3;
 151         } netsamlogoncache_entry;
 152 }