mirror of
https://github.com/samba-team/samba.git
synced 2025-02-01 05:47:28 +03:00
aa1815519c
This field is supposed to be aligned to eight bytes, but the ‘dlong’ type is aligned to only four bytes. This discrepancy resulted in claims being encoded and decoded incorrectly. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15452 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
149 lines
4.1 KiB
Plaintext
149 lines
4.1 KiB
Plaintext
/*
|
|
claims
|
|
|
|
claim: An assertion about a security principal
|
|
|
|
From MS-ADTS:
|
|
|
|
For ease of implementation, the full IDL for the data types used for
|
|
claims is provided
|
|
|
|
The below was initially obtained from MS-ADTS which is
|
|
Copyright © 2022 Microsoft Corporation as permitted
|
|
by the Open Specifications terms reproduced in IDL_LICENCE.txt
|
|
*/
|
|
|
|
#include "idl_types.h"
|
|
|
|
[
|
|
uuid("bba9cb76-eb0c-462c-aa1b-5d8c34415701"),
|
|
version(1.0),
|
|
pointer_default(unique),
|
|
helpstring("Active Directory Claims"),
|
|
helper("../librpc/ndr/ndr_claims.h")
|
|
]
|
|
interface claims
|
|
{
|
|
#define wchar_t uint16
|
|
#define CLAIM_ID [string, charset(UTF16)] wchar_t *
|
|
|
|
const int CLAIM_MINIMUM_BYTES_TO_COMPRESS = 384;
|
|
|
|
typedef enum {
|
|
CLAIM_TYPE_INT64 = 1,
|
|
CLAIM_TYPE_UINT64 = 2,
|
|
CLAIM_TYPE_STRING = 3,
|
|
CLAIM_TYPE_BOOLEAN = 6
|
|
} CLAIM_TYPE;
|
|
|
|
typedef enum {
|
|
CLAIMS_SOURCE_TYPE_AD = 1,
|
|
CLAIMS_SOURCE_TYPE_CERTIFICATE = 2
|
|
} CLAIMS_SOURCE_TYPE;
|
|
|
|
typedef enum {
|
|
CLAIMS_COMPRESSION_FORMAT_NONE = 0,
|
|
CLAIMS_COMPRESSION_FORMAT_LZNT1 = 2,
|
|
CLAIMS_COMPRESSION_FORMAT_XPRESS = 3,
|
|
CLAIMS_COMPRESSION_FORMAT_XPRESS_HUFF = 4
|
|
} CLAIMS_COMPRESSION_FORMAT;
|
|
|
|
typedef struct {
|
|
[range(1, 10*1024*1024)] uint32 value_count;
|
|
[size_is(value_count)] int64 *values;
|
|
} CLAIM_INT64;
|
|
|
|
typedef struct {
|
|
[range(1, 10*1024*1024)] uint32 value_count;
|
|
[size_is(value_count)] hyper *values;
|
|
} CLAIM_UINT64;
|
|
|
|
typedef struct {
|
|
[range(1, 10*1024*1024)] uint32 value_count;
|
|
[size_is(value_count), string, charset(UTF16)] wchar_t **values;
|
|
} CLAIM_STRING;
|
|
|
|
typedef [switch_type(CLAIM_TYPE),flag(NDR_ALIGN8)] union {
|
|
[case(CLAIM_TYPE_INT64)] CLAIM_INT64 claim_int64;
|
|
[case(CLAIM_TYPE_UINT64)] CLAIM_UINT64 claim_uint64;
|
|
[case(CLAIM_TYPE_STRING)] CLAIM_STRING claim_string;
|
|
[case(CLAIM_TYPE_BOOLEAN)] CLAIM_UINT64 claim_boolean;
|
|
[default];
|
|
} CLAIM_ENTRY_VALUES;
|
|
|
|
typedef struct {
|
|
CLAIM_ID id;
|
|
CLAIM_TYPE type;
|
|
[switch_is(type)] CLAIM_ENTRY_VALUES values;
|
|
} CLAIM_ENTRY;
|
|
|
|
typedef struct {
|
|
CLAIMS_SOURCE_TYPE claims_source_type;
|
|
uint32 claims_count;
|
|
[size_is(claims_count)] CLAIM_ENTRY *claim_entries;
|
|
} CLAIMS_ARRAY;
|
|
|
|
typedef struct {
|
|
CLAIMS_SET_METADATA *metadata;
|
|
} CLAIMS_SET_METADATA_CTR;
|
|
|
|
typedef struct {
|
|
CLAIMS_SET *claims;
|
|
} CLAIMS_SET_CTR;
|
|
|
|
/* Public structures. */
|
|
|
|
typedef [public] struct {
|
|
uint32 claims_array_count;
|
|
[size_is(claims_array_count)] CLAIMS_ARRAY *claims_arrays;
|
|
uint16 reserved_type;
|
|
uint32 reserved_field_size;
|
|
[size_is(reserved_field_size)] uint8 *reserved_field;
|
|
} CLAIMS_SET;
|
|
|
|
typedef [public, gensize] struct {
|
|
[subcontext(0xFFFFFC01)] CLAIMS_SET_CTR claims;
|
|
} CLAIMS_SET_NDR;
|
|
|
|
typedef [public] struct {
|
|
[subcontext(0xFFFFFC01)] CLAIMS_SET_METADATA_CTR claims;
|
|
} CLAIMS_SET_METADATA_NDR;
|
|
|
|
typedef [public] struct {
|
|
[value(ndr_claims_compressed_size(claims_set,
|
|
r->compression_format,
|
|
ndr->flags))] uint32 claims_set_size;
|
|
[subcontext(4),
|
|
compression(ndr_claims_compression_alg(compression_format),
|
|
claims_set_size,
|
|
uncompressed_claims_set_size)
|
|
] CLAIMS_SET_NDR *claims_set;
|
|
/*
|
|
* The second argument to
|
|
* ndr_claims_actual_wire_compression_alg() in the
|
|
* value() below should be
|
|
* uncompressed_claims_set_size but the value()
|
|
* handling isn't recursive (enough) so we have to
|
|
* specify that manually otherwise the
|
|
* compression_format in the above includes the struct
|
|
* member, not the value()
|
|
*
|
|
* The caller should set compression_format to
|
|
* CLAIMS_COMPRESSION_FORMAT_XPRESS_HUFF and this will
|
|
* be reset to CLAIMS_COMPRESSION_FORMAT_NONE if the
|
|
* buffer is not large enough to compress.
|
|
*
|
|
* Otherwise setting CLAIMS_COMPRESSION_FORMAT_NONE
|
|
* disabled compression entirely.
|
|
*/
|
|
[value(ndr_claims_actual_wire_compression_alg(r->compression_format,
|
|
ndr_size_CLAIMS_SET_NDR(claims_set,
|
|
ndr->flags)))] CLAIMS_COMPRESSION_FORMAT compression_format;
|
|
[value(ndr_size_CLAIMS_SET_NDR(claims_set,
|
|
ndr->flags))] uint32 uncompressed_claims_set_size;
|
|
uint16 reserved_type;
|
|
uint32 reserved_field_size;
|
|
[size_is(reserved_field_size)] uint8 *reserved_field;
|
|
} CLAIMS_SET_METADATA;
|
|
}
|