idl: Add IDL for remote key backup protocol (rkbp)

Signed-off-by: Stefan Metzmacher <metze@samba.org>

2 files changed, 121 insertions, 1 deletions

diff --git a/librpc/idl/backupkey.idl b/librpc/idl/backupkey.idl
new file mode 100644
index 0000000000..e21030bb69
--- /dev/null
+++ b/librpc/idl/backupkey.idl
@@ -0,0 +1,120 @@
+#include "idl_types.h"
+
+import "misc.idl", "security.idl";
+[
+  uuid("3dde7c30-165d-11d1-ab8f-00805f14db40"),
+  version(1.0),
+  endpoint("ncacn_np:[\\pipe\\protected_storage]","ncacn_np:[\\pipe\\ntsvcs]" ,"ncacn_ip_tcp:"),
+  helpstring("Remote Backup Key Storage"),
+  helper("../librpc/ndr/ndr_backupkey.h"),
+  pointer_default(unique)
+]
+interface backupkey
+{
+	const string BACKUPKEY_RESTORE_GUID		= "47270C64-2FC7-499B-AC5B-0E37CDCE899A";
+	const string BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID	= "018FF48A-EABA-40C6-8F6D-72370240E967";
+
+	const string BACKUPKEY_RESTORE_GUID_WIN2K	= "7FE94D50-178E-11D1-AB8F-00805F14DB40";
+	const string BACKUPKEY_BACKUP_GUID		= "7F752B10-178E-11D1-AB8F-00805F14DB40";
+
+	/*
+	 * The magic values are really what they are there is no name it's just remarkable values
+	 * that are here to check that what is transmited or decoded is really what the client or
+	 * the server expect.
+	 */
+	[public] typedef struct {
+		[value(0x00000002)] uint32 header1;
+		[value(0x00000494)] uint32 header2;
+		uint32 certificate_len;
+		[value(0x00000207)] uint32 magic1;
+		[value(0x0000A400)] uint32 magic2;
+		[value(0x32415352)] uint32 magic3;
+		[value(0x00000800)] uint32 magic4;
+		[subcontext(0),subcontext_size(4),flag(NDR_REMAINING)] DATA_BLOB public_exponent;
+
+		[subcontext(0),subcontext_size(256),flag(NDR_REMAINING)] DATA_BLOB modulus;
+		[subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB prime1;
+		[subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB prime2;
+		[subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB exponent1;
+		[subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB exponent2;
+		[subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB coefficient;
+		[subcontext(0),subcontext_size(256),flag(NDR_REMAINING)] DATA_BLOB private_exponent;
+		[subcontext(0),subcontext_size(certificate_len),flag(NDR_REMAINING)] DATA_BLOB cert;
+	} bkrp_exported_RSA_key_pair;
+
+	[public] typedef struct {
+		[value(0x00000001)] uint32 magic;
+		uint8 key[256];
+	} bkrp_dc_serverwrap_key;
+
+	[public,gensize] typedef struct {
+		uint32 version;
+		uint32 encrypted_secret_len;
+		uint32 access_check_len;
+		GUID guid;
+		uint8  encrypted_secret[encrypted_secret_len];
+		uint8  access_check[access_check_len];
+	} bkrp_client_side_wrapped;
+
+	[public] typedef struct {
+		[value(0x00000000)] uint32 magic;
+		[subcontext(0),flag(NDR_REMAINING)] DATA_BLOB secret;
+	} bkrp_client_side_unwrapped;
+
+	[public] typedef struct {
+		uint32 secret_len;
+		[value(0x00000020)] uint32 magic;
+		uint8 secret[secret_len];
+		uint8 payload_key[32];
+	} bkrp_encrypted_secret_v2;
+
+	[public] typedef struct {
+		uint32 secret_len;
+		[value(0x00000030)] uint32 magic1;
+		[value(0x00006610)] uint32 magic2;
+		[value(0x0000800e)] uint32 magic3;
+		uint8 secret[secret_len];
+		uint8 payload_key[48];
+	} bkrp_encrypted_secret_v3;
+
+	/* Due to alignement constraint we can generate the structure only via pidl*/
+	[public, nopush, nopull] typedef struct {
+		[value(0x00000001)] uint32 magic;
+		uint32 nonce_len;
+		uint8 nonce[nonce_len];
+		dom_sid sid;
+		uint8 hash[20];
+	} bkrp_access_check_v2;
+
+	/* Due to alignement constraint we can generate the structure only via pidl*/
+	[public,nopush,nopull] typedef struct {
+		[value(0x00000001)] uint32 magic;
+		uint32 nonce_len;
+		uint8 nonce[nonce_len];
+		dom_sid sid;
+		uint8 hash[64];
+	} bkrp_access_check_v3;
+
+	typedef enum {
+		BACKUPKEY_INVALID_GUID_INTEGER = 0xFFFF,
+		BACKUPKEY_RESTORE_GUID_INTEGER = 0x0000,
+		BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID_INTEGER = 0x0001
+	} bkrp_guid_to_integer;
+
+	[public] typedef [nodiscriminant] union {
+		[case(BACKUPKEY_RESTORE_GUID_INTEGER)] bkrp_client_side_wrapped restore_req;
+		[case(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID_INTEGER)] bkrp_client_side_wrapped cert_req;
+	} bkrp_data_in_blob;
+
+	/******************/
+	/* Function: 0x00 */
+
+	[public, noprint] WERROR bkrp_BackupKey (
+		[in,ref]  GUID *guidActionAgent,
+		[in,ref]  [size_is(data_in_len)] uint8 *data_in,
+		[in]      uint32 data_in_len,
+		[out,ref] [size_is(,*data_out_len)] uint8 **data_out,
+		[out,ref] uint32 *data_out_len,
+		[in]      uint32 param
+	);
+}
diff --git a/librpc/idl/wscript_build b/librpc/idl/wscript_build
index 78f174f6d1..2d65d748ee 100644
--- a/librpc/idl/wscript_build
+++ b/librpc/idl/wscript_build
@@ -10,7 +10,7 @@ bld.SAMBA_PIDL_LIST('PIDL',
                        dbgidl.idl dnsserver.idl echo.idl frsrpc.idl lsa.idl nbt.idl dns.idl
                        oxidresolver.idl samr.idl srvsvc.idl winreg.idl dcerpc.idl
                        drsblobs.idl efs.idl frstrans.idl mgmt.idl netlogon.idl
-                       policyagent.idl scerpc.idl svcctl.idl wkssvc.idl eventlog6.idl''',
+                       policyagent.idl scerpc.idl svcctl.idl wkssvc.idl eventlog6.idl backupkey.idl''',
                     options='--header --ndr-parser --samba3-ndr-server --samba3-ndr-client --server --client --python',
                     output_dir='../gen_ndr')