krb5pac.idl: add PAC_CREDENTIAL related structures

See [MS-PAC] 2.6 PAC Credentials.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/librpc/idl/krb5pac.idl b/librpc/idl/krb5pac.idl
index 8a6540c13b1e24128ce268e54ff3f75917fb8d49..1590dbf6adaa20e50cd5bc7f46d0cb2f7905f9cc 100644 (file)
--- a/librpc/idl/krb5pac.idl
+++ b/librpc/idl/krb5pac.idl
@@ -31,6 +31,43 @@ interface krb5pac
                samr_RidWithAttributeArray res_groups;
        } PAC_LOGON_INFO;
 
+       typedef [bitmap32bit] bitmap {
+               PAC_CREDENTIAL_NTLM_HAS_LM_HASH = 0x00000001,
+               PAC_CREDENTIAL_NTLM_HAS_NT_HASH = 0x00000002
+       } PAC_CREDENTIAL_NTLM_FLAGS;
+
+       typedef [public] struct {
+               [value(0)] uint32 version;
+               PAC_CREDENTIAL_NTLM_FLAGS flags;
+               [noprint] samr_Password lm_password;
+               [noprint] samr_Password nt_password;
+       } PAC_CREDENTIAL_NTLM_SECPKG;
+
+       typedef [public] struct {
+               lsa_String package_name;
+               uint32 credential_size;
+               [size_is(credential_size), noprint] uint8 *credential;
+       } PAC_CREDENTIAL_SUPPLEMENTAL_SECPKG;
+
+       typedef [public] struct {
+               uint32 credential_count;
+               [size_is(credential_count)] PAC_CREDENTIAL_SUPPLEMENTAL_SECPKG credentials[*];
+       } PAC_CREDENTIAL_DATA;
+
+       typedef [public] struct {
+               PAC_CREDENTIAL_DATA *data;
+       } PAC_CREDENTIAL_DATA_CTR;
+
+       typedef [public] struct {
+               [subcontext(0xFFFFFC01)] PAC_CREDENTIAL_DATA_CTR ctr;
+       } PAC_CREDENTIAL_DATA_NDR;
+
+       typedef [public] struct {
+               [value(0)] uint32 version;
+               uint32 encryption_type;
+               [flag(NDR_REMAINING)] DATA_BLOB encrypted_data;
+       } PAC_CREDENTIAL_INFO;
+
        typedef struct {
                lsa_String proxy_target;
                uint32 num_transited_services;
@@ -60,6 +97,7 @@ interface krb5pac
 
        typedef [public,v1_enum] enum {
                PAC_TYPE_LOGON_INFO = 1,
+               PAC_TYPE_CREDENTIAL_INFO = 2,
                PAC_TYPE_SRV_CHECKSUM = 6,
                PAC_TYPE_KDC_CHECKSUM = 7,
                PAC_TYPE_LOGON_NAME = 10,
@@ -73,6 +111,7 @@ interface krb5pac
 
        typedef [public,nodiscriminant,gensize] union {
                [case(PAC_TYPE_LOGON_INFO)][subcontext(0xFFFFFC01)] PAC_LOGON_INFO_CTR logon_info;
+               [case(PAC_TYPE_CREDENTIAL_INFO)]        PAC_CREDENTIAL_INFO credential_info;
                [case(PAC_TYPE_SRV_CHECKSUM)]   PAC_SIGNATURE_DATA srv_cksum;
                [case(PAC_TYPE_KDC_CHECKSUM)]   PAC_SIGNATURE_DATA kdc_cksum;
                [case(PAC_TYPE_LOGON_NAME)]     PAC_LOGON_NAME logon_name;
@@ -138,6 +177,10 @@ interface krb5pac
                [in] PAC_LOGON_INFO_CTR logon_info_ctr
                );
 
+       [nopython] void decode_credential_data_ndr(
+               [in] PAC_CREDENTIAL_DATA_NDR credential_data_ndr
+               );
+
        [nopython] void decode_pac_validate(
                [in] PAC_Validate pac_validate
                );