diff options
author | Andrew Bartlett <abartlet@samba.org> | 2008-09-03 15:30:17 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2008-09-03 15:30:17 +1000 |
commit | a35263e1ab81cac7855158012157769e3e9000f7 (patch) | |
tree | e0130c48ed4b58f0544d875d094272e5a58d2e3a /source4/librpc/idl | |
parent | baf0b360812dc8532f9420e224bf3ee3a51fb04a (diff) | |
download | samba-a35263e1ab81cac7855158012157769e3e9000f7.tar.gz samba-a35263e1ab81cac7855158012157769e3e9000f7.tar.bz2 samba-a35263e1ab81cac7855158012157769e3e9000f7.zip |
Implement NETLOGON PAC verfication on the server-side
This is implemented by means of a message to the KDC, to avoid having
to link most of the KDC into netlogon.
Andrew Bartlett
(This used to be commit 82fcd7941f5c54da2d994c8bd99dd8d86299a296)
Diffstat (limited to 'source4/librpc/idl')
-rw-r--r-- | source4/librpc/idl/irpc.idl | 17 | ||||
-rw-r--r-- | source4/librpc/idl/krb5pac.idl | 2 |
2 files changed, 18 insertions, 1 deletions
diff --git a/source4/librpc/idl/irpc.idl b/source4/librpc/idl/irpc.idl index 2c659aa785..e3ea7e55e1 100644 --- a/source4/librpc/idl/irpc.idl +++ b/source4/librpc/idl/irpc.idl @@ -52,6 +52,9 @@ import "misc.idl", "security.idl", "nbt.idl"; [out,switch_is(level)] nbtd_info info ); + /* Send a GetDCName from the privilaged port (owned by nbtd), + * and await a reply */ + void nbtd_getdcname( [in] astring domainname, [in] astring ip_address, @@ -78,6 +81,20 @@ import "misc.idl", "security.idl", "nbt.idl"; [in] nbtd_proxy_wins_addr addrs[num_addrs] ); + /* + Generic Kerberos package call (on the NETLOGON pipe, as a SamLogon) + + The normal use for this call is to check the PAC signature in the KDC + + The KDC has the routines to check this, so it is easier to + proxy the request over by IRPC than set up the environment + */ + + void kdc_check_generic_kerberos( + [in] DATA_BLOB generic_request, + [out] DATA_BLOB generic_reply + ); + /****************************************************** management calls for the smb server ******************************************************/ diff --git a/source4/librpc/idl/krb5pac.idl b/source4/librpc/idl/krb5pac.idl index dcee280150..bddba04165 100644 --- a/source4/librpc/idl/krb5pac.idl +++ b/source4/librpc/idl/krb5pac.idl @@ -105,7 +105,7 @@ interface krb5pac typedef [public] struct { [value(NETLOGON_GENERIC_KRB5_PAC_VALIDATE)] uint32 MessageType; uint32 ChecksumLength; - uint32 SignatureType; + int32 SignatureType; uint32 SignatureLength; [flag(NDR_REMAINING)] DATA_BLOB ChecksumAndSignature; } PAC_Validate; |