gmsa.idl: Add definition for MANAGEDPASSWORD_BLOB

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

librpc/idl/gmsa.idl

@@ -0,0 +1,44 @@
+/*
+ * Type definitions for Group Managed Service Accounts
+ *
+ * Derived from [MS-ADTS] 2.2.19 MSDS-MANAGEDPASSWORD_BLOB.
+ */
+
+#include "idl_types.h"
+
+[
+  uuid("e43b8cf6-1ead-11ee-aed1-e3597136ce70"),
+  version(0.0),
+  pointer_default(unique),
+  helpstring("Active Directory Group Managed Service Accounts")
+]
+interface gmsa
+{
+	/* Public structures. */
+
+	typedef [gensize] struct {
+		[relative_short] secret_u16string *current;
+		[relative_short] secret_u16string *previous;
+		/*
+		 * MS-ADTS states that these fields must be placed on a 64‐bit
+		 * boundary, but samples obtained from Windows are found not to
+		 * be so. In practice, they’re offset by two bytes. That’s why
+		 * we need NOALIGN.
+		 */
+		[relative_short, flag(NDR_NOALIGN)] hyper *query_interval;
+		[relative_short, flag(NDR_NOALIGN)] hyper *unchanged_interval;
+	} MANAGEDPASSWORD_BLOB_PASSWORDS;
+
+	typedef [public] struct {
+		[value(1)] uint16 version;
+		[value(0)] uint16 reserved;
+		/*
+		 * The size of the entire blob. 8 bytes account for the
+		 * ‘version’ field, the ‘reserved’ field, and the ‘length’ field
+		 * itself.
+		 */
+		[value(8 + ndr_size_MANAGEDPASSWORD_BLOB_PASSWORDS(&passwords,
+								   ndr->flags))] uint32 length;
+		MANAGEDPASSWORD_BLOB_PASSWORDS passwords;
+	} MANAGEDPASSWORD_BLOB;
+}

librpc/idl/idl_types.h

@@ -31,6 +31,11 @@
 */
 #define raw8string	[flag(STR_RAW8|STR_NULLTERM)] string
 
+/*
+  a secret null terminated UTF‐16 string (null terminated word sequence)
+*/
+#define secret_u16string	[flag(NDR_SECRET|STR_NULLTERM)] u16string
+
 /*
   a null terminated UCS2 string
 */

librpc/idl/wscript_build

@@ -131,6 +131,7 @@ bld.SAMBA_PIDL_LIST('PIDL',
                     dns.idl
                     dnsp.idl
                     drsblobs.idl
+                    gmsa.idl
                     idmap.idl
                     krb5pac.idl
                     krb5ccache.idl

librpc/wscript_build

@@ -390,6 +390,10 @@ bld.SAMBA_SUBSYSTEM('NDR_CLAIMS',
     source='gen_ndr/ndr_claims.c ndr/ndr_claims.c',
     deps='ndr NDR_COMPRESSION LZXPRESS')
 
+bld.SAMBA_SUBSYSTEM('NDR_GMSA',
+    source='gen_ndr/ndr_gmsa.c',
+    deps='ndr')
+
 bld.SAMBA_LIBRARY('ndr-standard',
     source='',
     vnum='0.0.1',
@@ -634,7 +638,7 @@ bld.SAMBA_LIBRARY('ndr-samba',
     NDR_DNSSERVER NDR_EPMAPPER NDR_XATTR NDR_UNIXINFO NDR_NAMED_PIPE_AUTH
     NDR_NTPRINTING NDR_FSRVP NDR_WITNESS NDR_MDSSVC NDR_OPEN_FILES NDR_SMBXSRV
     NDR_SMB3POSIX
-    NDR_KRB5CCACHE NDR_WSP''',
+    NDR_KRB5CCACHE NDR_WSP NDR_GMSA''',
     private_library=True,
     grouping_library=True
     )

source4/librpc/wscript_build

@@ -268,6 +268,13 @@ bld.SAMBA_PYTHON('python_claims',
         cflags_end=gen_cflags
         )
 
+bld.SAMBA_PYTHON('python_gmsa',
+        source='../../librpc/gen_ndr/py_gmsa.c',
+        deps='NDR_GMSA %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/gmsa.so',
+        cflags_end=gen_cflags
+        )
+
 bld.SAMBA_PYTHON('python_netlogon',
         source='../../librpc/gen_ndr/py_netlogon.c',
         deps='RPC_NDR_NETLOGON %s %s' % (pytalloc_util, pyrpc_util),