summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2008-07-31 07:45:30 +1000
committerAndrew Bartlett <abartlet@samba.org>2008-07-31 07:45:30 +1000
commit2b0ed1832a4935591b9aa4dcb7db53c17b72cd50 (patch)
treee87f3ef0edded4d0c714a76065d7e72b508004af
parent72d2bea916c19405f4fa996b7f781d73e3ee87c8 (diff)
downloadsamba-2b0ed1832a4935591b9aa4dcb7db53c17b72cd50.tar.gz
samba-2b0ed1832a4935591b9aa4dcb7db53c17b72cd50.tar.bz2
samba-2b0ed1832a4935591b9aa4dcb7db53c17b72cd50.zip
Update trustAuthInOutBlob in line with MS-ADTS 7.1.6.8.1
(This used to be commit 26c2a34dec26890230dfa86827804d8160061ce5)
-rw-r--r--source4/librpc/idl/drsblobs.idl90
1 files changed, 51 insertions, 39 deletions
diff --git a/source4/librpc/idl/drsblobs.idl b/source4/librpc/idl/drsblobs.idl
index adfc010237..401f5e40bb 100644
--- a/source4/librpc/idl/drsblobs.idl
+++ b/source4/librpc/idl/drsblobs.idl
@@ -1,6 +1,6 @@
#include "idl_types.h"
-import "drsuapi.idl", "misc.idl";
+import "drsuapi.idl", "misc.idl", "samr.idl";
[
uuid("12345778-1234-abcd-0001-00000001"),
@@ -359,19 +359,6 @@ interface drsblobs {
typedef struct {
NTTIME time1;
uint32 unknown1;
- /*
- * the secret value is encoded as UTF16 if it's a string
- * but krb5 trusts have random bytes here, so converting to UTF16
- * mayfail...
- *
- * TODO: We should try handle the case of a random buffer in all places
- * we deal with cleartext passwords from windows
- *
- * so we don't use this:
- *
- * uint32 value_len;
- * [charset(UTF16)] uint8 value[value_len];
- */
DATA_BLOB value;
[flag(NDR_ALIGN4)] DATA_BLOB _pad;
} trustAuthInOutSecret1;
@@ -380,41 +367,66 @@ interface drsblobs {
[relative] trustAuthInOutSecret1 *value1;
[relative] trustAuthInOutSecret1 *value2;
} trustAuthInOutCtr1;
+
+ typedef [v1_enum] enum {
+ TRUST_AUTH_TYPE_NONE = 0,
+ TRUST_AUTH_TYPE_NT4OWF = 1,
+ TRUST_AUTH_TYPE_CLEAR = 2,
+ TRUST_AUTH_TYPE_VERSION = 3
+ } trustAuthType;
typedef struct {
- NTTIME time1;
- uint32 unknown1;
- DATA_BLOB value;
- NTTIME time2;
- uint32 unknown2;
- uint32 unknown3;
- uint32 unknown4;
- [flag(NDR_ALIGN4)] DATA_BLOB _pad;
- } trustAuthInOutSecret2V1;
+ [value(0)] uint32 size;
+ } AuthInfoNone;
typedef struct {
- NTTIME time1;
- uint32 unknown1;
- DATA_BLOB value;
- NTTIME time2;
- uint32 unknown2;
- uint32 unknown3;
- [flag(NDR_ALIGN4)] DATA_BLOB _pad;
- } trustAuthInOutSecret2V2;
+ [value(16)] uint32 size;
+ samr_Password password;
+ } AuthInfoNT4Owf;
+
+ typedef struct {
+ uint32 size;
+ [charset(UTF16)] uint8 password[size];
+ } AuthInfoClear;
typedef struct {
- [relative] trustAuthInOutSecret2V1 *value1;
- [relative] trustAuthInOutSecret2V2 *value2;
- } trustAuthInOutCtr2;
+ [value(4)] uint32 size;
+ uint32 version;
+ } AuthInfoVersion;
typedef [nodiscriminant] union {
- [case(1)] trustAuthInOutCtr1 ctr1;
- [case(2)] trustAuthInOutCtr2 ctr2;
- } trustAuthInOutCtr;
+ [case(TRUST_AUTH_TYPE_NONE)] AuthInfoNone none;
+ [case(TRUST_AUTH_TYPE_NT4OWF)] AuthInfoNT4Owf nt4owf;
+ [case(TRUST_AUTH_TYPE_CLEAR)] AuthInfoClear clear;
+ [case(TRUST_AUTH_TYPE_VERSION)] AuthInfoVersion version;
+ } AuthInfo;
+
+ typedef struct {
+ NTTIME LastUpdateTime;
+ trustAuthType AuthType;
+
+ /*
+ * the secret value is encoded as UTF16 if it's a string
+ * but depending the AuthType, it might also be krb5 trusts have random bytes here, so converting to UTF16
+ * mayfail...
+ *
+ * TODO: We should try handle the case of a random buffer in all places
+ * we deal with cleartext passwords from windows
+ *
+ * so we don't use this:
+ *
+ * uint32 value_len;
+ * [charset(UTF16)] uint8 value[value_len];
+ */
+ [switch_is(AuthType)] AuthInfo AuthInfo;
+ [flag(NDR_ALIGN4)] DATA_BLOB _pad;
+ } AuthenticationInformation;
typedef [public] struct {
- uint32 version;
- [switch_is(version)] trustAuthInOutCtr ctr;
+ uint32 count;
+ [relative] AuthenticationInformation *authinfo[count];
+ [relative] AuthenticationInformation *previous_authinfo[count];
+
} trustAuthInOutBlob;
void decode_trustAuthInOut(