search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-scripts: No longer load tunables via 00.ctdb.script setup event
[samba.git] / librpc / idl / krb5pac.idl
blobbbe4a253e3a24e7f8ad9950237c9ef058017b4c4
1 /*
2 krb5 PAC
3 */
4
5 #include "idl_types.h"
6
7 import "security.idl", "lsa.idl", "netlogon.idl", "samr.idl";
8
9 [
10 uuid("12345778-1234-abcd-0000-00000000"),
11 version(0.0),
12 pointer_default(unique),
13 helpstring("Active Directory KRB5 PAC"),
14 helper("../librpc/ndr/ndr_krb5pac.h")
15 ]
16 interface krb5pac
17 {
18 typedef struct {
19 NTTIME logon_time;
20 [value(2*strlen_m(account_name))] uint16 size;
21 [charset(UTF16)] uint8 account_name[size];
22 } PAC_LOGON_NAME;
23
24 typedef [public,flag(NDR_PAHEX)] struct {
25 uint32 type;
26 [flag(NDR_REMAINING)] DATA_BLOB signature;
27 } PAC_SIGNATURE_DATA;
28
29 typedef struct {
30 dom_sid2 *domain_sid;
31 samr_RidWithAttributeArray groups;
32 } PAC_DOMAIN_GROUP_MEMBERSHIP;
33
34 typedef struct {
35 netr_SamInfo3 info3;
36 /*
37 * On ndr_push:
38 * Pointers values of info3.sids[*].sid
39 * should be allocated before the following ones?
40 * (just the 0x30 0x00 0x02 0x00 value).
41 */
42 PAC_DOMAIN_GROUP_MEMBERSHIP resource_groups;
43 } PAC_LOGON_INFO;
44
45 typedef [bitmap32bit] bitmap {
46 PAC_CREDENTIAL_NTLM_HAS_LM_HASH = 0x00000001,
47 PAC_CREDENTIAL_NTLM_HAS_NT_HASH = 0x00000002
48 } PAC_CREDENTIAL_NTLM_FLAGS;
49
50 typedef [public] struct {
51 [value(0)] uint32 version;
52 PAC_CREDENTIAL_NTLM_FLAGS flags;
53 [noprint] samr_Password lm_password;
54 [noprint] samr_Password nt_password;
55 } PAC_CREDENTIAL_NTLM_SECPKG;
56
57 typedef [public] struct {
58 lsa_String package_name;
59 uint32 credential_size;
60 [size_is(credential_size), noprint] uint8 *credential;
61 } PAC_CREDENTIAL_SUPPLEMENTAL_SECPKG;
62
63 typedef [public] struct {
64 uint32 credential_count;
65 [size_is(credential_count)] PAC_CREDENTIAL_SUPPLEMENTAL_SECPKG credentials[*];
66 } PAC_CREDENTIAL_DATA;
67
68 typedef [public] struct {
69 PAC_CREDENTIAL_DATA *data;
70 } PAC_CREDENTIAL_DATA_CTR;
71
72 typedef [public] struct {
73 [subcontext(0xFFFFFC01)] PAC_CREDENTIAL_DATA_CTR ctr;
74 } PAC_CREDENTIAL_DATA_NDR;
75
76 typedef [public] struct {
77 [value(0)] uint32 version;
78 uint32 encryption_type;
79 [flag(NDR_REMAINING)] DATA_BLOB encrypted_data;
80 } PAC_CREDENTIAL_INFO;
81
82 typedef struct {
83 lsa_String proxy_target;
84 uint32 num_transited_services;
85 [size_is(num_transited_services)] lsa_String *transited_services;
86 } PAC_CONSTRAINED_DELEGATION;
87
88 typedef [bitmap32bit] bitmap {
89 PAC_UPN_DNS_FLAG_CONSTRUCTED = 0x00000001,
90 PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID = 0x00000002
91 } PAC_UPN_DNS_FLAGS;
92
93 typedef struct {
94 [value(2*strlen_m(samaccountname))] uint16 samaccountname_size;
95 [relative_short,subcontext(0),subcontext_size(samaccountname_size),flag(NDR_ALIGN8|STR_NOTERM|NDR_REMAINING)] string *samaccountname;
96 [value(ndr_size_dom_sid(objectsid, ndr->flags))] uint16 objectsid_size;
97 [relative_short,subcontext(0),subcontext_size(objectsid_size)] dom_sid *objectsid;
98 } PAC_UPN_DNS_INFO_SAM_NAME_AND_SID;
99
100 typedef [nodiscriminant] union {
101 [case(PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID)] PAC_UPN_DNS_INFO_SAM_NAME_AND_SID sam_name_and_sid;
102 [default];
103 } PAC_UPN_DNS_INFO_EX;
104
105 typedef struct {
106 [value(2*strlen_m(upn_name))] uint16 upn_name_size;
107 [relative_short,subcontext(0),subcontext_size(upn_name_size),flag(NDR_ALIGN8|STR_NOTERM|NDR_REMAINING)] string *upn_name;
108 [value(2*strlen_m(dns_domain_name))] uint16 dns_domain_name_size;
109 [relative_short,subcontext(0),subcontext_size(dns_domain_name_size),flag(NDR_ALIGN8|STR_NOTERM|NDR_REMAINING)] string *dns_domain_name;
110 PAC_UPN_DNS_FLAGS flags;
111 [switch_is(flags & PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID)] PAC_UPN_DNS_INFO_EX ex;
112 } PAC_UPN_DNS_INFO;
113
114 typedef [bitmap32bit] bitmap {
115 PAC_ATTRIBUTE_FLAG_PAC_WAS_REQUESTED = 0x00000001,
116 PAC_ATTRIBUTE_FLAG_PAC_WAS_GIVEN_IMPLICITLY = 0x00000002
117 } PAC_ATTRIBUTE_INFO_FLAGS;
118
119 typedef struct {
120 uint32 flags_length; /* length in bits */
121 PAC_ATTRIBUTE_INFO_FLAGS flags;
122 } PAC_ATTRIBUTES_INFO;
123
124 typedef struct {
125 dom_sid sid;
126 } PAC_REQUESTER_SID;
127
128 typedef [public] struct {
129 PAC_LOGON_INFO *info;
130 } PAC_LOGON_INFO_CTR;
131
132 typedef [public] struct {
133 PAC_CONSTRAINED_DELEGATION *info;
134 } PAC_CONSTRAINED_DELEGATION_CTR;
135
136 typedef [public,v1_enum] enum {
137 PAC_TYPE_LOGON_INFO = 1,
138 PAC_TYPE_CREDENTIAL_INFO = 2,
139 PAC_TYPE_SRV_CHECKSUM = 6,
140 PAC_TYPE_KDC_CHECKSUM = 7,
141 PAC_TYPE_LOGON_NAME = 10,
142 PAC_TYPE_CONSTRAINED_DELEGATION = 11,
143 PAC_TYPE_UPN_DNS_INFO = 12,
144 PAC_TYPE_CLIENT_CLAIMS_INFO = 13,
145 PAC_TYPE_DEVICE_INFO = 14,
146 PAC_TYPE_DEVICE_CLAIMS_INFO = 15,
147 PAC_TYPE_TICKET_CHECKSUM = 16,
148 PAC_TYPE_ATTRIBUTES_INFO = 17,
149 PAC_TYPE_REQUESTER_SID = 18
150 } PAC_TYPE;
151
152 typedef struct {
153 [flag(NDR_REMAINING)] DATA_BLOB remaining;
154 } DATA_BLOB_REM;
155
156 typedef [public,nodiscriminant,gensize] union {
157 [case(PAC_TYPE_LOGON_INFO)][subcontext(0xFFFFFC01)] PAC_LOGON_INFO_CTR logon_info;
158 [case(PAC_TYPE_CREDENTIAL_INFO)] PAC_CREDENTIAL_INFO credential_info;
159 [case(PAC_TYPE_SRV_CHECKSUM)] PAC_SIGNATURE_DATA srv_cksum;
160 [case(PAC_TYPE_KDC_CHECKSUM)] PAC_SIGNATURE_DATA kdc_cksum;
161 [case(PAC_TYPE_LOGON_NAME)] PAC_LOGON_NAME logon_name;
162 [case(PAC_TYPE_CONSTRAINED_DELEGATION)][subcontext(0xFFFFFC01)]
163 PAC_CONSTRAINED_DELEGATION_CTR constrained_delegation;
164 [case(PAC_TYPE_UPN_DNS_INFO)] PAC_UPN_DNS_INFO upn_dns_info;
165 [case(PAC_TYPE_TICKET_CHECKSUM)] PAC_SIGNATURE_DATA ticket_checksum;
166 [case(PAC_TYPE_ATTRIBUTES_INFO)] PAC_ATTRIBUTES_INFO attributes_info;
167 [case(PAC_TYPE_REQUESTER_SID)] PAC_REQUESTER_SID requester_sid;
168 /* when new PAC info types are added they are supposed to be done
169 in such a way that they are backwards compatible with existing
170 servers. This makes it safe to just use a [default] for
171 unknown types, which lets us ignore the data */
172 [default] [subcontext(0)] DATA_BLOB_REM unknown;
173 } PAC_INFO;
174
175 typedef [public,nopush,nopull] struct {
176 PAC_TYPE type;
177 [value(_ndr_size_PAC_INFO(info, type, LIBNDR_FLAG_ALIGN8))] uint32 _ndr_size;
178 /*
179 * We need to have two subcontexts to get the padding right,
180 * the outer subcontext uses NDR_ROUND(_ndr_size, 8), while
181 * the inner subcontext only uses _ndr_size.
182 *
183 * We do that in non-generated push/pull functions.
184 */
185 [relative,switch_is(type),subcontext(0),subcontext_size(NDR_ROUND(_ndr_size,8)),flag(NDR_ALIGN8)] PAC_INFO *info;
186 [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
187 } PAC_BUFFER;
188
189 typedef [public] struct {
190 uint32 num_buffers;
191 uint32 version;
192 PAC_BUFFER buffers[num_buffers];
193 } PAC_DATA;
194
195 typedef [public] struct {
196 PAC_TYPE type;
197 uint32 ndr_size;
198 [relative,subcontext(0),subcontext_size(NDR_ROUND(ndr_size,8)),flag(NDR_ALIGN8)] DATA_BLOB_REM *info;
199 [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
200 } PAC_BUFFER_RAW;
201
202 typedef [public] struct {
203 uint32 num_buffers;
204 uint32 version;
205 PAC_BUFFER_RAW buffers[num_buffers];
206 } PAC_DATA_RAW;
207
208 const int NETLOGON_GENERIC_KRB5_PAC_VALIDATE = 3;
209
210 typedef [public] struct {
211 [value(NETLOGON_GENERIC_KRB5_PAC_VALIDATE)] uint32 MessageType;
212 uint32 ChecksumLength;
213 int32 SignatureType;
214 uint32 SignatureLength;
215 [flag(NDR_REMAINING)] DATA_BLOB ChecksumAndSignature;
216 } PAC_Validate;
217
218 /* used for samba3 netsamlogon cache */
219 typedef [public] struct {
220 time_t timestamp;
221 netr_SamInfo3 info3;
222 } netsamlogoncache_entry;
223 }
Samba git mirror