2004-07-21 00:30:29 +04:00
/*
krb5 PAC
*/
#include "idl_types.h"
2011-06-28 16:47:56 +04:00
import "security.idl", "lsa.idl", "netlogon.idl", "samr.idl";
2006-11-07 01:54:49 +03:00
2004-07-21 00:30:29 +04:00
[
2006-04-25 00:15:35 +04:00
uuid("12345778-1234-abcd-0000-00000000"),
2004-07-21 00:30:29 +04:00
version(0.0),
2004-11-17 17:35:29 +03:00
pointer_default(unique),
krb5pac: no need for a noprint PAC_BUFFER.
Guenther
@@ -1,6 +1,7 @@
_PUBLIC_ void ndr_print_PAC_BUFFER(struct ndr_print *ndr, const char *name, const struct PAC_BUFFER *r)
{
ndr_print_struct(ndr, name, "PAC_BUFFER");
+ if (r == NULL) { ndr_print_null(ndr); return; }
ndr->depth++;
ndr_print_PAC_TYPE(ndr, "type", r->type);
ndr_print_uint32(ndr, "_ndr_size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?_ndr_size_PAC_INFO(r->info,r->type,0):r->_ndr_size);
@@ -11,7 +12,7 @@
ndr_print_PAC_INFO(ndr, "info", r->info);
}
ndr->depth--;
- ndr_print_uint32(ndr, "_pad", r->_pad);
+ ndr_print_uint32(ndr, "_pad", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?0:r->_pad);
ndr->depth--;
}
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-18 19:25:06 +04:00
helpstring("Active Directory KRB5 PAC"),
helper("../librpc/ndr/ndr_krb5pac.h")
2004-07-21 00:30:29 +04:00
]
interface krb5pac
{
typedef struct {
2004-07-21 13:57:39 +04:00
NTTIME logon_time;
2008-02-13 19:31:17 +03:00
[value(2*strlen_m(account_name))] uint16 size;
[charset(UTF16)] uint8 account_name[size];
2005-06-29 17:55:09 +04:00
} PAC_LOGON_NAME;
2004-07-21 00:30:29 +04:00
2005-09-13 01:10:40 +04:00
typedef [public,flag(NDR_PAHEX)] struct {
2004-07-21 00:30:29 +04:00
uint32 type;
2005-09-10 14:39:45 +04:00
[flag(NDR_REMAINING)] DATA_BLOB signature;
2004-07-21 00:30:29 +04:00
} PAC_SIGNATURE_DATA;
2016-05-20 15:16:35 +03:00
typedef struct {
dom_sid2 *domain_sid;
samr_RidWithAttributeArray groups;
} PAC_DOMAIN_GROUP_MEMBERSHIP;
2008-10-24 00:41:44 +04:00
typedef struct {
2004-12-23 05:23:42 +03:00
netr_SamInfo3 info3;
2016-07-14 10:34:43 +03:00
/*
* On ndr_push:
* Pointers values of info3.sids[*].sid
* should be allocated before the following ones?
* (just the 0x30 0x00 0x02 0x00 value).
*/
2016-05-20 15:16:35 +03:00
PAC_DOMAIN_GROUP_MEMBERSHIP resource_groups;
2008-10-20 13:11:19 +04:00
} PAC_LOGON_INFO;
2004-07-21 00:30:29 +04:00
2016-05-02 09:36:39 +03:00
typedef [bitmap32bit] bitmap {
PAC_CREDENTIAL_NTLM_HAS_LM_HASH = 0x00000001,
PAC_CREDENTIAL_NTLM_HAS_NT_HASH = 0x00000002
} PAC_CREDENTIAL_NTLM_FLAGS;
typedef [public] struct {
[value(0)] uint32 version;
PAC_CREDENTIAL_NTLM_FLAGS flags;
[noprint] samr_Password lm_password;
[noprint] samr_Password nt_password;
} PAC_CREDENTIAL_NTLM_SECPKG;
typedef [public] struct {
lsa_String package_name;
uint32 credential_size;
[size_is(credential_size), noprint] uint8 *credential;
} PAC_CREDENTIAL_SUPPLEMENTAL_SECPKG;
typedef [public] struct {
uint32 credential_count;
[size_is(credential_count)] PAC_CREDENTIAL_SUPPLEMENTAL_SECPKG credentials[*];
} PAC_CREDENTIAL_DATA;
typedef [public] struct {
PAC_CREDENTIAL_DATA *data;
} PAC_CREDENTIAL_DATA_CTR;
typedef [public] struct {
[subcontext(0xFFFFFC01)] PAC_CREDENTIAL_DATA_CTR ctr;
} PAC_CREDENTIAL_DATA_NDR;
typedef [public] struct {
[value(0)] uint32 version;
uint32 encryption_type;
[flag(NDR_REMAINING)] DATA_BLOB encrypted_data;
} PAC_CREDENTIAL_INFO;
2011-06-28 16:47:56 +04:00
typedef struct {
lsa_String proxy_target;
uint32 num_transited_services;
[size_is(num_transited_services)] lsa_String *transited_services;
} PAC_CONSTRAINED_DELEGATION;
2016-01-06 15:27:21 +03:00
typedef [bitmap32bit] bitmap {
2021-09-27 01:20:19 +03:00
PAC_UPN_DNS_FLAG_CONSTRUCTED = 0x00000001,
PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID = 0x00000002
2016-01-06 15:27:21 +03:00
} PAC_UPN_DNS_FLAGS;
2021-09-27 01:20:19 +03:00
typedef struct {
[value(2*strlen_m(samaccountname))] uint16 samaccountname_size;
[relative_short,subcontext(0),subcontext_size(samaccountname_size),flag(NDR_ALIGN8|STR_NOTERM|NDR_REMAINING)] string *samaccountname;
[value(ndr_size_dom_sid(objectsid, ndr->flags))] uint16 objectsid_size;
[relative_short,subcontext(0),subcontext_size(objectsid_size)] dom_sid *objectsid;
} PAC_UPN_DNS_INFO_SAM_NAME_AND_SID;
typedef [nodiscriminant] union {
[case(PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID)] PAC_UPN_DNS_INFO_SAM_NAME_AND_SID sam_name_and_sid;
[default];
} PAC_UPN_DNS_INFO_EX;
2008-03-04 14:26:05 +03:00
typedef struct {
2016-01-06 15:27:21 +03:00
[value(2*strlen_m(upn_name))] uint16 upn_name_size;
[relative_short,subcontext(0),subcontext_size(upn_name_size),flag(NDR_ALIGN8|STR_NOTERM|NDR_REMAINING)] string *upn_name;
[value(2*strlen_m(dns_domain_name))] uint16 dns_domain_name_size;
[relative_short,subcontext(0),subcontext_size(dns_domain_name_size),flag(NDR_ALIGN8|STR_NOTERM|NDR_REMAINING)] string *dns_domain_name;
PAC_UPN_DNS_FLAGS flags;
2021-09-27 01:20:19 +03:00
[switch_is(flags & PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID)] PAC_UPN_DNS_INFO_EX ex;
2016-01-06 15:27:21 +03:00
} PAC_UPN_DNS_INFO;
2008-03-04 14:26:05 +03:00
2007-01-10 04:51:35 +03:00
typedef [public] struct {
2005-07-05 10:13:12 +04:00
PAC_LOGON_INFO *info;
2008-10-20 13:11:19 +04:00
} PAC_LOGON_INFO_CTR;
2005-07-04 19:42:08 +04:00
2011-06-28 16:47:56 +04:00
typedef [public] struct {
PAC_CONSTRAINED_DELEGATION *info;
} PAC_CONSTRAINED_DELEGATION_CTR;
2005-07-04 19:42:08 +04:00
typedef [public,v1_enum] enum {
PAC_TYPE_LOGON_INFO = 1,
2016-05-02 09:36:39 +03:00
PAC_TYPE_CREDENTIAL_INFO = 2,
2005-07-04 19:42:08 +04:00
PAC_TYPE_SRV_CHECKSUM = 6,
PAC_TYPE_KDC_CHECKSUM = 7,
2007-03-13 02:39:00 +03:00
PAC_TYPE_LOGON_NAME = 10,
2008-03-04 14:26:05 +03:00
PAC_TYPE_CONSTRAINED_DELEGATION = 11,
2021-09-01 06:39:19 +03:00
PAC_TYPE_UPN_DNS_INFO = 12,
2021-09-29 06:15:26 +03:00
PAC_TYPE_CLIENT_CLAIMS_INFO = 13,
PAC_TYPE_DEVICE_INFO = 14,
PAC_TYPE_DEVICE_CLAIMS_INFO = 15,
2021-09-01 06:39:19 +03:00
PAC_TYPE_TICKET_CHECKSUM = 16
2005-07-04 19:42:08 +04:00
} PAC_TYPE;
2004-07-21 00:30:29 +04:00
2008-03-06 18:41:24 +03:00
typedef struct {
[flag(NDR_REMAINING)] DATA_BLOB remaining;
} DATA_BLOB_REM;
2005-07-04 19:42:08 +04:00
typedef [public,nodiscriminant,gensize] union {
2008-08-19 10:51:45 +04:00
[case(PAC_TYPE_LOGON_INFO)][subcontext(0xFFFFFC01)] PAC_LOGON_INFO_CTR logon_info;
2016-05-02 09:36:39 +03:00
[case(PAC_TYPE_CREDENTIAL_INFO)] PAC_CREDENTIAL_INFO credential_info;
2004-08-12 11:37:49 +04:00
[case(PAC_TYPE_SRV_CHECKSUM)] PAC_SIGNATURE_DATA srv_cksum;
[case(PAC_TYPE_KDC_CHECKSUM)] PAC_SIGNATURE_DATA kdc_cksum;
2005-06-29 17:55:09 +04:00
[case(PAC_TYPE_LOGON_NAME)] PAC_LOGON_NAME logon_name;
2011-06-28 16:47:56 +04:00
[case(PAC_TYPE_CONSTRAINED_DELEGATION)][subcontext(0xFFFFFC01)]
PAC_CONSTRAINED_DELEGATION_CTR constrained_delegation;
2016-01-06 15:27:21 +03:00
[case(PAC_TYPE_UPN_DNS_INFO)] PAC_UPN_DNS_INFO upn_dns_info;
2021-09-01 06:39:19 +03:00
[case(PAC_TYPE_TICKET_CHECKSUM)] PAC_SIGNATURE_DATA ticket_checksum;
2008-08-14 09:27:48 +04:00
/* when new PAC info types are added they are supposed to be done
in such a way that they are backwards compatible with existing
servers. This makes it safe to just use a [default] for
unknown types, which lets us ignore the data */
[default] [subcontext(0)] DATA_BLOB_REM unknown;
2004-07-21 00:30:29 +04:00
} PAC_INFO;
krb5pac: no need for a noprint PAC_BUFFER.
Guenther
@@ -1,6 +1,7 @@
_PUBLIC_ void ndr_print_PAC_BUFFER(struct ndr_print *ndr, const char *name, const struct PAC_BUFFER *r)
{
ndr_print_struct(ndr, name, "PAC_BUFFER");
+ if (r == NULL) { ndr_print_null(ndr); return; }
ndr->depth++;
ndr_print_PAC_TYPE(ndr, "type", r->type);
ndr_print_uint32(ndr, "_ndr_size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?_ndr_size_PAC_INFO(r->info,r->type,0):r->_ndr_size);
@@ -11,7 +12,7 @@
ndr_print_PAC_INFO(ndr, "info", r->info);
}
ndr->depth--;
- ndr_print_uint32(ndr, "_pad", r->_pad);
+ ndr_print_uint32(ndr, "_pad", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?0:r->_pad);
ndr->depth--;
}
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-18 19:25:06 +04:00
typedef [public,nopush,nopull] struct {
2005-07-04 19:42:08 +04:00
PAC_TYPE type;
2021-09-27 01:20:19 +03:00
[value(_ndr_size_PAC_INFO(info, type, LIBNDR_FLAG_ALIGN8))] uint32 _ndr_size;
2013-02-06 19:44:12 +04:00
/*
* We need to have two subcontexts to get the padding right,
* the outer subcontext uses NDR_ROUND(_ndr_size, 8), while
* the inner subcontext only uses _ndr_size.
*
* We do that in non-generated push/pull functions.
*/
[relative,switch_is(type),subcontext(0),subcontext_size(NDR_ROUND(_ndr_size,8)),flag(NDR_ALIGN8)] PAC_INFO *info;
2005-07-04 19:42:08 +04:00
[value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
2004-08-12 11:37:49 +04:00
} PAC_BUFFER;
2004-07-21 00:30:29 +04:00
2005-07-04 06:36:16 +04:00
typedef [public] struct {
2004-07-21 00:30:29 +04:00
uint32 num_buffers;
uint32 version;
2004-08-12 11:37:49 +04:00
PAC_BUFFER buffers[num_buffers];
2004-07-21 00:30:29 +04:00
} PAC_DATA;
2005-09-12 17:16:56 +04:00
typedef [public] struct {
PAC_TYPE type;
uint32 ndr_size;
2007-01-05 23:51:19 +03:00
[relative,subcontext(0),subcontext_size(NDR_ROUND(ndr_size,8)),flag(NDR_ALIGN8)] DATA_BLOB_REM *info;
2005-09-12 17:16:56 +04:00
[value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
} PAC_BUFFER_RAW;
typedef [public] struct {
uint32 num_buffers;
uint32 version;
PAC_BUFFER_RAW buffers[num_buffers];
} PAC_DATA_RAW;
2008-08-29 09:06:30 +04:00
const int NETLOGON_GENERIC_KRB5_PAC_VALIDATE = 3;
2008-08-27 15:36:27 +04:00
typedef [public] struct {
2008-08-29 09:06:30 +04:00
[value(NETLOGON_GENERIC_KRB5_PAC_VALIDATE)] uint32 MessageType;
2008-08-27 15:36:27 +04:00
uint32 ChecksumLength;
2008-09-03 09:30:17 +04:00
int32 SignatureType;
2008-08-27 15:36:27 +04:00
uint32 SignatureLength;
2008-08-28 10:30:17 +04:00
[flag(NDR_REMAINING)] DATA_BLOB ChecksumAndSignature;
2008-08-27 15:36:27 +04:00
} PAC_Validate;
2008-10-20 13:11:19 +04:00
/* used for samba3 netsamlogon cache */
typedef [public] struct {
time_t timestamp;
netr_SamInfo3 info3;
} netsamlogoncache_entry;
2004-07-21 00:30:29 +04:00
}