sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code
9f96ede6f5
samba-mirror/librpc/idl/krb5pac.idl
Stefan Metzmacher 0e201ecdc5 krb5pac/netlogon: add a comment regarding PAC_LOGON_INFO unique pointers on push 
This difference is the reason why we can't fully (ndr)validate some
PAC blobs.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-07-20 21:27:19 +02:00

215 lines
6.0 KiB
Plaintext
Raw Blame History

/*
krb5 PAC
*/
#include "idl_types.h"
import "security.idl", "lsa.idl", "netlogon.idl", "samr.idl";
[
uuid("12345778-1234-abcd-0000-00000000"),
version(0.0),
pointer_default(unique),
helpstring("Active Directory KRB5 PAC"),
helper("../librpc/ndr/ndr_krb5pac.h")
]
interface krb5pac
{
typedef struct {
NTTIME logon_time;
[value(2*strlen_m(account_name))] uint16 size;
[charset(UTF16)] uint8 account_name[size];
} PAC_LOGON_NAME;
typedef [public,flag(NDR_PAHEX)] struct {
uint32 type;
[flag(NDR_REMAINING)] DATA_BLOB signature;
} PAC_SIGNATURE_DATA;
typedef struct {
dom_sid2 *domain_sid;
samr_RidWithAttributeArray groups;
} PAC_DOMAIN_GROUP_MEMBERSHIP;
typedef struct {
netr_SamInfo3 info3;
/*
* On ndr_push:
* Pointers values of info3.sids[*].sid
* should be allocated before the following ones?
* (just the 0x30 0x00 0x02 0x00 value).
*/
PAC_DOMAIN_GROUP_MEMBERSHIP resource_groups;
} PAC_LOGON_INFO;
typedef [bitmap32bit] bitmap {
PAC_CREDENTIAL_NTLM_HAS_LM_HASH = 0x00000001,
PAC_CREDENTIAL_NTLM_HAS_NT_HASH = 0x00000002
} PAC_CREDENTIAL_NTLM_FLAGS;
typedef [public] struct {
[value(0)] uint32 version;
PAC_CREDENTIAL_NTLM_FLAGS flags;
[noprint] samr_Password lm_password;
[noprint] samr_Password nt_password;
} PAC_CREDENTIAL_NTLM_SECPKG;
typedef [public] struct {
lsa_String package_name;
uint32 credential_size;
[size_is(credential_size), noprint] uint8 *credential;
} PAC_CREDENTIAL_SUPPLEMENTAL_SECPKG;
typedef [public] struct {
uint32 credential_count;
[size_is(credential_count)] PAC_CREDENTIAL_SUPPLEMENTAL_SECPKG credentials[*];
} PAC_CREDENTIAL_DATA;
typedef [public] struct {
PAC_CREDENTIAL_DATA *data;
} PAC_CREDENTIAL_DATA_CTR;
typedef [public] struct {
[subcontext(0xFFFFFC01)] PAC_CREDENTIAL_DATA_CTR ctr;
} PAC_CREDENTIAL_DATA_NDR;
typedef [public] struct {
[value(0)] uint32 version;
uint32 encryption_type;
[flag(NDR_REMAINING)] DATA_BLOB encrypted_data;
} PAC_CREDENTIAL_INFO;
typedef struct {
lsa_String proxy_target;
uint32 num_transited_services;
[size_is(num_transited_services)] lsa_String *transited_services;
} PAC_CONSTRAINED_DELEGATION;
typedef [bitmap32bit] bitmap {
PAC_UPN_DNS_FLAG_CONSTRUCTED = 0x00000001
} PAC_UPN_DNS_FLAGS;
typedef struct {
[value(2*strlen_m(upn_name))] uint16 upn_name_size;
[relative_short,subcontext(0),subcontext_size(upn_name_size),flag(NDR_ALIGN8|STR_NOTERM|NDR_REMAINING)] string *upn_name;
[value(2*strlen_m(dns_domain_name))] uint16 dns_domain_name_size;
[relative_short,subcontext(0),subcontext_size(dns_domain_name_size),flag(NDR_ALIGN8|STR_NOTERM|NDR_REMAINING)] string *dns_domain_name;
PAC_UPN_DNS_FLAGS flags;
} PAC_UPN_DNS_INFO;
typedef [public] struct {
PAC_LOGON_INFO *info;
} PAC_LOGON_INFO_CTR;
typedef [public] struct {
PAC_CONSTRAINED_DELEGATION *info;
} PAC_CONSTRAINED_DELEGATION_CTR;
typedef [public,v1_enum] enum {
PAC_TYPE_LOGON_INFO = 1,
PAC_TYPE_CREDENTIAL_INFO = 2,
PAC_TYPE_SRV_CHECKSUM = 6,
PAC_TYPE_KDC_CHECKSUM = 7,
PAC_TYPE_LOGON_NAME = 10,
PAC_TYPE_CONSTRAINED_DELEGATION = 11,
PAC_TYPE_UPN_DNS_INFO = 12
} PAC_TYPE;
typedef struct {
[flag(NDR_REMAINING)] DATA_BLOB remaining;
} DATA_BLOB_REM;
typedef [public,nodiscriminant,gensize] union {
[case(PAC_TYPE_LOGON_INFO)][subcontext(0xFFFFFC01)] PAC_LOGON_INFO_CTR logon_info;
[case(PAC_TYPE_CREDENTIAL_INFO)] PAC_CREDENTIAL_INFO credential_info;
[case(PAC_TYPE_SRV_CHECKSUM)] PAC_SIGNATURE_DATA srv_cksum;
[case(PAC_TYPE_KDC_CHECKSUM)] PAC_SIGNATURE_DATA kdc_cksum;
[case(PAC_TYPE_LOGON_NAME)] PAC_LOGON_NAME logon_name;
[case(PAC_TYPE_CONSTRAINED_DELEGATION)][subcontext(0xFFFFFC01)]
PAC_CONSTRAINED_DELEGATION_CTR constrained_delegation;
[case(PAC_TYPE_UPN_DNS_INFO)] PAC_UPN_DNS_INFO upn_dns_info;
/* when new PAC info types are added they are supposed to be done
in such a way that they are backwards compatible with existing
servers. This makes it safe to just use a [default] for
unknown types, which lets us ignore the data */
[default] [subcontext(0)] DATA_BLOB_REM unknown;
} PAC_INFO;
typedef [public,nopush,nopull] struct {
PAC_TYPE type;
[value(_ndr_size_PAC_INFO(info, type, 0))] uint32 _ndr_size;
/*
* We need to have two subcontexts to get the padding right,
* the outer subcontext uses NDR_ROUND(_ndr_size, 8), while
* the inner subcontext only uses _ndr_size.
*
* We do that in non-generated push/pull functions.
*/
[relative,switch_is(type),subcontext(0),subcontext_size(NDR_ROUND(_ndr_size,8)),flag(NDR_ALIGN8)] PAC_INFO *info;
[value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
} PAC_BUFFER;
typedef [public] struct {
uint32 num_buffers;
uint32 version;
PAC_BUFFER buffers[num_buffers];
} PAC_DATA;
typedef [public] struct {
PAC_TYPE type;
uint32 ndr_size;
[relative,subcontext(0),subcontext_size(NDR_ROUND(ndr_size,8)),flag(NDR_ALIGN8)] DATA_BLOB_REM *info;
[value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
} PAC_BUFFER_RAW;
typedef [public] struct {
uint32 num_buffers;
uint32 version;
PAC_BUFFER_RAW buffers[num_buffers];
} PAC_DATA_RAW;
const int NETLOGON_GENERIC_KRB5_PAC_VALIDATE = 3;
typedef [public] struct {
[value(NETLOGON_GENERIC_KRB5_PAC_VALIDATE)] uint32 MessageType;
uint32 ChecksumLength;
int32 SignatureType;
uint32 SignatureLength;
[flag(NDR_REMAINING)] DATA_BLOB ChecksumAndSignature;
} PAC_Validate;
[nopython] void decode_pac(
[in] PAC_DATA pac
);
[nopython] void decode_pac_raw(
[in] PAC_DATA_RAW pac
);
[nopython] void decode_login_info(
[in] PAC_LOGON_INFO logon_info
);
[nopython] void decode_login_info_ctr(
[in] PAC_LOGON_INFO_CTR logon_info_ctr
);
[nopython] void decode_credential_data_ndr(
[in] PAC_CREDENTIAL_DATA_NDR credential_data_ndr
);
[nopython] void decode_upn_dns_info(
[in] PAC_UPN_DNS_INFO upn_dns_info
);
[nopython] void decode_pac_validate(
[in] PAC_Validate pac_validate
);
/* used for samba3 netsamlogon cache */
typedef [public] struct {
time_t timestamp;
netr_SamInfo3 info3;
} netsamlogoncache_entry;
}
View Git Blame Copy Permalink