7 import "security.idl", "lsa.idl", "netlogon.idl", "samr.idl";
10 uuid("12345778-1234-abcd-0000-00000000"),
12 pointer_default(unique),
13 helpstring("Active Directory KRB5 PAC")
19 [value(2*strlen_m(account_name))] uint16 size;
20 [charset(UTF16)] uint8 account_name[size];
23 typedef [public,flag(NDR_PAHEX)] struct {
25 [flag(NDR_REMAINING)] DATA_BLOB signature;
30 samr_RidWithAttributeArray groups;
31 } PAC_DOMAIN_GROUP_MEMBERSHIP;
35 PAC_DOMAIN_GROUP_MEMBERSHIP resource_groups;
38 typedef [bitmap32bit] bitmap {
39 PAC_CREDENTIAL_NTLM_HAS_LM_HASH = 0x00000001,
40 PAC_CREDENTIAL_NTLM_HAS_NT_HASH = 0x00000002
41 } PAC_CREDENTIAL_NTLM_FLAGS;
43 typedef [public] struct {
44 [value(0)] uint32 version;
45 PAC_CREDENTIAL_NTLM_FLAGS flags;
46 [noprint] samr_Password lm_password;
47 [noprint] samr_Password nt_password;
48 } PAC_CREDENTIAL_NTLM_SECPKG;
50 typedef [public] struct {
51 lsa_String package_name;
52 uint32 credential_size;
53 [size_is(credential_size), noprint] uint8 *credential;
54 } PAC_CREDENTIAL_SUPPLEMENTAL_SECPKG;
56 typedef [public] struct {
57 uint32 credential_count;
58 [size_is(credential_count)] PAC_CREDENTIAL_SUPPLEMENTAL_SECPKG credentials[*];
59 } PAC_CREDENTIAL_DATA;
61 typedef [public] struct {
62 PAC_CREDENTIAL_DATA *data;
63 } PAC_CREDENTIAL_DATA_CTR;
65 typedef [public] struct {
66 [subcontext(0xFFFFFC01)] PAC_CREDENTIAL_DATA_CTR ctr;
67 } PAC_CREDENTIAL_DATA_NDR;
69 typedef [public] struct {
70 [value(0)] uint32 version;
71 uint32 encryption_type;
72 [flag(NDR_REMAINING)] DATA_BLOB encrypted_data;
73 } PAC_CREDENTIAL_INFO;
76 lsa_String proxy_target;
77 uint32 num_transited_services;
78 [size_is(num_transited_services)] lsa_String *transited_services;
79 } PAC_CONSTRAINED_DELEGATION;
81 typedef [public,bitmap32bit] bitmap {
82 UDI_ACCT_HAS_NO_UPN = 0x00000001 /* 1= User account has no UPN */
86 [value(2*strlen_m(upn_name))] uint16 upn_size;
87 [relative_short] [subcontext(0),subcontext_size(upn_size)] [flag(NDR_REMAINING|STR_NOTERM)] string *upn_name;
88 [value(2*strlen_m(domain_name))] uint16 domain_size;
89 [relative_short] [subcontext(0),subcontext_size(domain_size)] [flag(NDR_REMAINING|STR_NOTERM)] string *domain_name;
90 upn_dns_info_flags flags;
93 typedef [public] struct {
97 typedef [public] struct {
98 PAC_CONSTRAINED_DELEGATION *info;
99 } PAC_CONSTRAINED_DELEGATION_CTR;
101 typedef [public,v1_enum] enum {
102 PAC_TYPE_LOGON_INFO = 1,
103 PAC_TYPE_CREDENTIAL_INFO = 2,
104 PAC_TYPE_SRV_CHECKSUM = 6,
105 PAC_TYPE_KDC_CHECKSUM = 7,
106 PAC_TYPE_LOGON_NAME = 10,
107 PAC_TYPE_CONSTRAINED_DELEGATION = 11,
108 PAC_TYPE_UPN_DNS_INFO = 12
112 [flag(NDR_REMAINING)] DATA_BLOB remaining;
115 typedef [public,nodiscriminant,gensize] union {
116 [case(PAC_TYPE_LOGON_INFO)][subcontext(0xFFFFFC01)] PAC_LOGON_INFO_CTR logon_info;
117 [case(PAC_TYPE_CREDENTIAL_INFO)] PAC_CREDENTIAL_INFO credential_info;
118 [case(PAC_TYPE_SRV_CHECKSUM)] PAC_SIGNATURE_DATA srv_cksum;
119 [case(PAC_TYPE_KDC_CHECKSUM)] PAC_SIGNATURE_DATA kdc_cksum;
120 [case(PAC_TYPE_LOGON_NAME)] PAC_LOGON_NAME logon_name;
121 [case(PAC_TYPE_CONSTRAINED_DELEGATION)][subcontext(0xFFFFFC01)]
122 PAC_CONSTRAINED_DELEGATION_CTR constrained_delegation;
123 [case(PAC_TYPE_UPN_DNS_INFO)] PAC_UPN_DNS_INFO upn_dns_info;
124 /* when new PAC info types are added they are supposed to be done
125 in such a way that they are backwards compatible with existing
126 servers. This makes it safe to just use a [default] for
127 unknown types, which lets us ignore the data */
128 [default] [subcontext(0)] DATA_BLOB_REM unknown;
131 typedef [public,nopush,noprint] struct {
133 [value(_ndr_size_PAC_INFO(info, type, 0))] uint32 _ndr_size;
134 [relative,switch_is(type),subcontext(0),subcontext_size(NDR_ROUND(_ndr_size,8)),flag(NDR_ALIGN8)] PAC_INFO *info;
135 [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
138 typedef [public] struct {
141 PAC_BUFFER buffers[num_buffers];
144 typedef [public] struct {
147 [relative,subcontext(0),subcontext_size(NDR_ROUND(ndr_size,8)),flag(NDR_ALIGN8)] DATA_BLOB_REM *info;
148 [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
151 typedef [public] struct {
154 PAC_BUFFER_RAW buffers[num_buffers];
157 const int NETLOGON_GENERIC_KRB5_PAC_VALIDATE = 3;
159 typedef [public] struct {
160 [value(NETLOGON_GENERIC_KRB5_PAC_VALIDATE)] uint32 MessageType;
161 uint32 ChecksumLength;
163 uint32 SignatureLength;
164 [flag(NDR_REMAINING)] DATA_BLOB ChecksumAndSignature;
167 [nopython] void decode_pac(
171 [nopython] void decode_pac_raw(
172 [in] PAC_DATA_RAW pac
175 [nopython] void decode_login_info(
176 [in] PAC_LOGON_INFO logon_info
179 [nopython] void decode_login_info_ctr(
180 [in] PAC_LOGON_INFO_CTR logon_info_ctr
183 [nopython] void decode_credential_data_ndr(
184 [in] PAC_CREDENTIAL_DATA_NDR credential_data_ndr
187 [nopython] void decode_pac_validate(
188 [in] PAC_Validate pac_validate
191 /* used for samba3 netsamlogon cache */
192 typedef [public] struct {
195 } netsamlogoncache_entry;