git.samba.org / gd / samba / .git / blob
? search:


d107cc235739d03c687803c20af56400cf1bb019
[gd/samba/.git] / librpc / idl / krb5pac.idl
1 /*
2   krb5 PAC
3 */
4
5 #include "idl_types.h"
6
7 import "security.idl", "lsa.idl", "netlogon.idl", "samr.idl";
8
9 [
10   uuid("12345778-1234-abcd-0000-00000000"),
11   version(0.0),
12   pointer_default(unique),
13   helpstring("Active Directory KRB5 PAC")
14 ]
15 interface krb5pac
16 {
17         typedef struct {
18                 NTTIME logon_time;
19                 [value(2*strlen_m(account_name))] uint16 size;
20                 [charset(UTF16)] uint8 account_name[size];
21         } PAC_LOGON_NAME;
22
23         typedef [public,flag(NDR_PAHEX)] struct {
24                 uint32 type;
25                 [flag(NDR_REMAINING)] DATA_BLOB signature;
26         } PAC_SIGNATURE_DATA;
27
28         typedef struct {
29                 dom_sid2 *domain_sid;
30                 samr_RidWithAttributeArray groups;
31         } PAC_DOMAIN_GROUP_MEMBERSHIP;
32
33         typedef struct {
34                 netr_SamInfo3 info3;
35                 PAC_DOMAIN_GROUP_MEMBERSHIP resource_groups;
36         } PAC_LOGON_INFO;
37
38         typedef [bitmap32bit] bitmap {
39                 PAC_CREDENTIAL_NTLM_HAS_LM_HASH = 0x00000001,
40                 PAC_CREDENTIAL_NTLM_HAS_NT_HASH = 0x00000002
41         } PAC_CREDENTIAL_NTLM_FLAGS;
42
43         typedef [public] struct {
44                 [value(0)] uint32 version;
45                 PAC_CREDENTIAL_NTLM_FLAGS flags;
46                 [noprint] samr_Password lm_password;
47                 [noprint] samr_Password nt_password;
48         } PAC_CREDENTIAL_NTLM_SECPKG;
49
50         typedef [public] struct {
51                 lsa_String package_name;
52                 uint32 credential_size;
53                 [size_is(credential_size), noprint] uint8 *credential;
54         } PAC_CREDENTIAL_SUPPLEMENTAL_SECPKG;
55
56         typedef [public] struct {
57                 uint32 credential_count;
58                 [size_is(credential_count)] PAC_CREDENTIAL_SUPPLEMENTAL_SECPKG credentials[*];
59         } PAC_CREDENTIAL_DATA;
60
61         typedef [public] struct {
62                 PAC_CREDENTIAL_DATA *data;
63         } PAC_CREDENTIAL_DATA_CTR;
64
65         typedef [public] struct {
66                 [subcontext(0xFFFFFC01)] PAC_CREDENTIAL_DATA_CTR ctr;
67         } PAC_CREDENTIAL_DATA_NDR;
68
69         typedef [public] struct {
70                 [value(0)] uint32 version;
71                 uint32 encryption_type;
72                 [flag(NDR_REMAINING)] DATA_BLOB encrypted_data;
73         } PAC_CREDENTIAL_INFO;
74
75         typedef struct {
76                 lsa_String proxy_target;
77                 uint32 num_transited_services;
78                 [size_is(num_transited_services)] lsa_String *transited_services;
79         } PAC_CONSTRAINED_DELEGATION;
80
81         typedef [public,bitmap32bit] bitmap {
82                 UDI_ACCT_HAS_NO_UPN     = 0x00000001 /* 1= User account has no UPN */
83         } upn_dns_info_flags;
84
85         typedef struct {
86                 [value(2*strlen_m(upn_name))] uint16 upn_size;
87                 [relative_short] [subcontext(0),subcontext_size(upn_size)] [flag(NDR_REMAINING|STR_NOTERM)] string *upn_name;
88                 [value(2*strlen_m(domain_name))] uint16 domain_size;
89                 [relative_short] [subcontext(0),subcontext_size(domain_size)] [flag(NDR_REMAINING|STR_NOTERM)] string *domain_name;
90                 upn_dns_info_flags flags;
91         } PAC_UPN_DNS_INFO;
92
93         typedef [public] struct {
94                 PAC_LOGON_INFO *info;
95         } PAC_LOGON_INFO_CTR;
96
97         typedef [public] struct {
98                 PAC_CONSTRAINED_DELEGATION *info;
99         } PAC_CONSTRAINED_DELEGATION_CTR;
100
101         typedef [public,v1_enum] enum {
102                 PAC_TYPE_LOGON_INFO = 1,
103                 PAC_TYPE_CREDENTIAL_INFO = 2,
104                 PAC_TYPE_SRV_CHECKSUM = 6,
105                 PAC_TYPE_KDC_CHECKSUM = 7,
106                 PAC_TYPE_LOGON_NAME = 10,
107                 PAC_TYPE_CONSTRAINED_DELEGATION = 11,
108                 PAC_TYPE_UPN_DNS_INFO = 12
109         } PAC_TYPE;
110
111         typedef struct {
112                 [flag(NDR_REMAINING)] DATA_BLOB remaining;
113         } DATA_BLOB_REM;
114
115         typedef [public,nodiscriminant,gensize] union {
116                 [case(PAC_TYPE_LOGON_INFO)][subcontext(0xFFFFFC01)] PAC_LOGON_INFO_CTR logon_info;
117                 [case(PAC_TYPE_CREDENTIAL_INFO)]        PAC_CREDENTIAL_INFO credential_info;
118                 [case(PAC_TYPE_SRV_CHECKSUM)]   PAC_SIGNATURE_DATA srv_cksum;
119                 [case(PAC_TYPE_KDC_CHECKSUM)]   PAC_SIGNATURE_DATA kdc_cksum;
120                 [case(PAC_TYPE_LOGON_NAME)]     PAC_LOGON_NAME logon_name;
121                 [case(PAC_TYPE_CONSTRAINED_DELEGATION)][subcontext(0xFFFFFC01)]
122                         PAC_CONSTRAINED_DELEGATION_CTR constrained_delegation;
123                 [case(PAC_TYPE_UPN_DNS_INFO)]   PAC_UPN_DNS_INFO upn_dns_info;
124                 /* when new PAC info types are added they are supposed to be done
125                    in such a way that they are backwards compatible with existing
126                    servers. This makes it safe to just use a [default] for
127                    unknown types, which lets us ignore the data */
128                 [default]       [subcontext(0)] DATA_BLOB_REM unknown;
129         } PAC_INFO;
130
131         typedef [public,nopush,noprint] struct {
132                 PAC_TYPE type;
133                 [value(_ndr_size_PAC_INFO(info, type, 0))] uint32 _ndr_size;
134                 [relative,switch_is(type),subcontext(0),subcontext_size(NDR_ROUND(_ndr_size,8)),flag(NDR_ALIGN8)] PAC_INFO *info;
135                 [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
136         } PAC_BUFFER;
137
138         typedef [public] struct {
139                 uint32 num_buffers;
140                 uint32 version;
141                 PAC_BUFFER buffers[num_buffers];
142         } PAC_DATA;
143
144         typedef [public] struct {
145                 PAC_TYPE type;
146                 uint32 ndr_size;
147                 [relative,subcontext(0),subcontext_size(NDR_ROUND(ndr_size,8)),flag(NDR_ALIGN8)] DATA_BLOB_REM *info;
148                 [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
149         } PAC_BUFFER_RAW;
150
151         typedef [public] struct {
152                 uint32 num_buffers;
153                 uint32 version;
154                 PAC_BUFFER_RAW buffers[num_buffers];
155         } PAC_DATA_RAW;
156
157         const int NETLOGON_GENERIC_KRB5_PAC_VALIDATE = 3;
158
159         typedef [public] struct {
160                 [value(NETLOGON_GENERIC_KRB5_PAC_VALIDATE)] uint32 MessageType;
161                 uint32 ChecksumLength;
162                 int32 SignatureType;
163                 uint32 SignatureLength;
164                 [flag(NDR_REMAINING)] DATA_BLOB ChecksumAndSignature;
165         } PAC_Validate;
166
167         [nopython] void decode_pac(
168                 [in] PAC_DATA pac
169                 );
170
171         [nopython] void decode_pac_raw(
172                 [in] PAC_DATA_RAW pac
173                 );
174
175         [nopython] void decode_login_info(
176                 [in] PAC_LOGON_INFO logon_info
177                 );
178
179         [nopython] void decode_login_info_ctr(
180                 [in] PAC_LOGON_INFO_CTR logon_info_ctr
181                 );
182
183         [nopython] void decode_credential_data_ndr(
184                 [in] PAC_CREDENTIAL_DATA_NDR credential_data_ndr
185                 );
186
187         [nopython] void decode_pac_validate(
188                 [in] PAC_Validate pac_validate
189                 );
190
191         /* used for samba3 netsamlogon cache */
192         typedef [public] struct {
193                 time_t timestamp;
194                 netr_SamInfo3 info3;
195         } netsamlogoncache_entry;
196 }
Samba Development trees