mirror of
https://github.com/samba-team/samba.git
synced 2025-01-20 14:03:59 +03:00
ae42636167
that simplifies the code a lot... also add a note: we should fail the krb5 auth if there's no PAC present (when heimdal is ready for that:-) metze (This used to be commit 532641a7003d23b034a253d166482f18c2de6191)
66 lines
1.4 KiB
Plaintext
66 lines
1.4 KiB
Plaintext
/*
|
|
krb5 PAC
|
|
*/
|
|
|
|
#include "idl_types.h"
|
|
|
|
[
|
|
uuid("46746756-7567-7567-5677-756756756756"),
|
|
version(0.0),
|
|
pointer_default(unique),
|
|
depends(security,netlogon)
|
|
]
|
|
interface krb5pac
|
|
{
|
|
typedef struct {
|
|
NTTIME logon_time;
|
|
[flag(STR_SIZE2|STR_NOTERM|STR_BYTESIZE)] string account_name;
|
|
} PAC_UNKNOWN_10;
|
|
|
|
typedef [flag(NDR_PAHEX)] struct {
|
|
uint32 type;
|
|
uint8 signature[16];
|
|
} PAC_SIGNATURE_DATA;
|
|
|
|
typedef struct {
|
|
uint32 unknown[5];
|
|
netr_SamInfo3 info3;
|
|
dom_sid2 *res_group_dom_sid;
|
|
uint32 res_groups_count;
|
|
[size_is(res_groups_count)] netr_GroupMembership *res_groups;
|
|
} PAC_LOGON_INFO;
|
|
|
|
const uint8 PAC_TYPE_LOGON_INFO = 1;
|
|
const uint8 PAC_TYPE_SRV_CHECKSUM = 6;
|
|
const uint8 PAC_TYPE_KDC_CHECKSUM = 7;
|
|
const uint8 PAC_TYPE_UNKNOWN_10 = 10;
|
|
|
|
typedef [nodiscriminant] union {
|
|
[case(PAC_TYPE_LOGON_INFO)] PAC_LOGON_INFO logon_info;
|
|
[case(PAC_TYPE_SRV_CHECKSUM)] PAC_SIGNATURE_DATA srv_cksum;
|
|
[case(PAC_TYPE_KDC_CHECKSUM)] PAC_SIGNATURE_DATA kdc_cksum;
|
|
[case(PAC_TYPE_UNKNOWN_10)] PAC_UNKNOWN_10 type_10;
|
|
} PAC_INFO;
|
|
|
|
typedef struct {
|
|
uint32 type;
|
|
uint32 size;
|
|
[relative,switch_is(type)] PAC_INFO *info;
|
|
uint32 _pad;
|
|
} PAC_BUFFER;
|
|
|
|
typedef [public,flag(NDR_ALIGN8)] struct {
|
|
uint32 num_buffers;
|
|
uint32 version;
|
|
PAC_BUFFER buffers[num_buffers];
|
|
} PAC_DATA;
|
|
|
|
void decode_pac(
|
|
[in] PAC_DATA pac
|
|
);
|
|
|
|
void decode_login_info(
|
|
[in] PAC_LOGON_INFO logon_info
|
|
);
|
|
}
|