Update trustAuthInOutBlob in line with MS-ADTS 7.1.6.8.1

(This used to be commit 26c2a34dec26890230dfa86827804d8160061ce5)

1 files changed, 51 insertions, 39 deletions

diff --git a/source4/librpc/idl/drsblobs.idl b/source4/librpc/idl/drsblobs.idl
index adfc010237..401f5e40bb 100644
--- a/source4/librpc/idl/drsblobs.idl
+++ b/source4/librpc/idl/drsblobs.idl
@@ -1,6 +1,6 @@
 #include "idl_types.h"
 
-import "drsuapi.idl", "misc.idl";
+import "drsuapi.idl", "misc.idl", "samr.idl";
 
 [
   uuid("12345778-1234-abcd-0001-00000001"),
@@ -359,19 +359,6 @@ interface drsblobs {
 	typedef struct {
 		NTTIME time1;
 		uint32 unknown1;
-		/* 
-		 * the secret value is encoded as UTF16 if it's a string
-		 * but krb5 trusts have random bytes here, so converting to UTF16
-		 * mayfail...
-		 *
-		 * TODO: We should try handle the case of a random buffer in all places
-		 *       we deal with cleartext passwords from windows
-		 *
-		 * so we don't use this:
-		 *
-		 * uint32 value_len;
-		 * [charset(UTF16)] uint8 value[value_len];
-		 */
 		DATA_BLOB value;
 		[flag(NDR_ALIGN4)] DATA_BLOB _pad;
 	} trustAuthInOutSecret1;
@@ -380,41 +367,66 @@ interface drsblobs {
 		[relative] trustAuthInOutSecret1 *value1;
 		[relative] trustAuthInOutSecret1 *value2;
 	} trustAuthInOutCtr1;
+	
+	typedef [v1_enum] enum {
+		TRUST_AUTH_TYPE_NONE = 0,
+		TRUST_AUTH_TYPE_NT4OWF = 1,
+		TRUST_AUTH_TYPE_CLEAR = 2,
+		TRUST_AUTH_TYPE_VERSION = 3
+	} trustAuthType;
 
 	typedef struct {
-		NTTIME time1;
-		uint32 unknown1;
-		DATA_BLOB value;
-		NTTIME time2;
-		uint32 unknown2;
-		uint32 unknown3;
-		uint32 unknown4;
-		[flag(NDR_ALIGN4)] DATA_BLOB _pad;
-	} trustAuthInOutSecret2V1;
+		[value(0)] uint32 size;
+	} AuthInfoNone;
 
 	typedef struct {
-		NTTIME time1;
-		uint32 unknown1;
-		DATA_BLOB value;
-		NTTIME time2;
-		uint32 unknown2;
-		uint32 unknown3;
-		[flag(NDR_ALIGN4)] DATA_BLOB _pad;
-	} trustAuthInOutSecret2V2;
+		[value(16)] uint32 size;
+		samr_Password password;
+	} AuthInfoNT4Owf;
+
+	typedef struct {
+		uint32 size;
+		[charset(UTF16)] uint8 password[size];
+	} AuthInfoClear;
 
 	typedef struct {
-		[relative] trustAuthInOutSecret2V1 *value1;
-		[relative] trustAuthInOutSecret2V2 *value2;
-	} trustAuthInOutCtr2;
+		[value(4)] uint32 size;
+		 uint32 version;
+	} AuthInfoVersion;
 
 	typedef [nodiscriminant] union {
-		[case(1)] trustAuthInOutCtr1 ctr1;
-		[case(2)] trustAuthInOutCtr2 ctr2;
-	} trustAuthInOutCtr;
+		[case(TRUST_AUTH_TYPE_NONE)] AuthInfoNone none;
+		[case(TRUST_AUTH_TYPE_NT4OWF)] AuthInfoNT4Owf nt4owf;
+		[case(TRUST_AUTH_TYPE_CLEAR)] AuthInfoClear clear;
+		[case(TRUST_AUTH_TYPE_VERSION)] AuthInfoVersion version;
+	} AuthInfo;
+
+	typedef struct {
+		NTTIME LastUpdateTime;
+		trustAuthType AuthType;
+		
+		/* 
+		 * the secret value is encoded as UTF16 if it's a string
+		 * but depending the AuthType, it might also be krb5 trusts have random bytes here, so converting to UTF16
+		 * mayfail...
+		 *
+		 * TODO: We should try handle the case of a random buffer in all places
+		 *       we deal with cleartext passwords from windows
+		 *
+		 * so we don't use this:
+		 *
+		 * uint32 value_len;
+		 * [charset(UTF16)] uint8 value[value_len];
+		 */
+		[switch_is(AuthType)] AuthInfo AuthInfo;
+		[flag(NDR_ALIGN4)] DATA_BLOB _pad;
+	} AuthenticationInformation;
 
 	typedef [public] struct {
-		uint32 version;
-		[switch_is(version)] trustAuthInOutCtr ctr;
+		uint32 count;
+		[relative] AuthenticationInformation *authinfo[count];
+		[relative] AuthenticationInformation *previous_authinfo[count];
+		
 	} trustAuthInOutBlob;
 
 	void decode_trustAuthInOut(