Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test

(This used to be commit f008c3b6ee324056fd9b63f6151ad6849640c959)

6 files changed, 167 insertions, 71 deletions

diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk
index 09be67d5aa..b68d5e6a69 100644
--- a/source4/librpc/config.mk
+++ b/source4/librpc/config.mk
@@ -134,7 +134,7 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_COMPRESSION NDR_SECURITY NDR_SAMR ASN1_UTIL
 NDR_DRSUAPI_OBJ_FILES = $(gen_ndrsrcdir)/ndr_drsuapi.o $(ndrsrcdir)/ndr_drsuapi.o
 
 [SUBSYSTEM::NDR_DRSBLOBS]
-PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_DRSUAPI
+PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_DRSUAPI LIBCLI_DRSBLOBS
 
 NDR_DRSBLOBS_OBJ_FILES = $(gen_ndrsrcdir)/ndr_drsblobs.o
 
diff --git a/source4/librpc/idl/drsblobs.idl b/source4/librpc/idl/drsblobs.idl
index b0cddfcdf9..eb85989eda 100644
--- a/source4/librpc/idl/drsblobs.idl
+++ b/source4/librpc/idl/drsblobs.idl
@@ -401,7 +401,7 @@ interface drsblobs {
 		[case(TRUST_AUTH_TYPE_VERSION)] AuthInfoVersion version;
 	} AuthInfo;
 
-	typedef struct {
+	typedef [public] struct {
 		NTTIME LastUpdateTime;
 		trustAuthType AuthType;
 		
@@ -422,32 +422,15 @@ interface drsblobs {
 		[flag(NDR_ALIGN4)] DATA_BLOB _pad;
 	} AuthenticationInformation;
 
-	typedef struct {
-		AuthenticationInformation info[1];
-	} AuthenticationInformation1;
-
-	typedef struct {
-		AuthenticationInformation info[2];
-	} AuthenticationInformation2;
-
-	typedef struct {
-		[relative] AuthenticationInformation1 *current;
-		[relative] AuthenticationInformation1 *previous;
-	} AuthenticationInformationCtr1;
-
-	typedef struct {
-		[relative] AuthenticationInformation2 *current;
-		[relative] AuthenticationInformation2 *previous;
-	} AuthenticationInformationCtr2;
+	typedef [nopull,nopush,noprint] struct {
+		/* sizeis here is bogus, but this is here just for the structure */
+		[size_is(1)] AuthenticationInformation array[];
+	} AuthenticationInformationArray;
 
-	typedef [nodiscriminant] union {
-		[case(1)] AuthenticationInformationCtr1 info1;
-		[case(2)] AuthenticationInformationCtr2 info2;
-	} AuthenticationInformationCtr;
-
-	typedef [public] struct {
+	typedef [public,nopull,nopush,noprint] struct {
 		uint32 count;
-		[switch_is(count)] AuthenticationInformationCtr auth;
+		[relative] AuthenticationInformationArray *current;
+		[relative] AuthenticationInformationArray *previous;
 	} trustAuthInOutBlob;
 
 	void decode_trustAuthInOut(
diff --git a/source4/librpc/idl/krb5pac.idl b/source4/librpc/idl/krb5pac.idl
index ca0efaed3e..dcee280150 100644
--- a/source4/librpc/idl/krb5pac.idl
+++ b/source4/librpc/idl/krb5pac.idl
@@ -100,6 +100,16 @@ interface krb5pac
 		PAC_BUFFER_RAW buffers[num_buffers];
 	} PAC_DATA_RAW;
 
+	const int NETLOGON_GENERIC_KRB5_PAC_VALIDATE = 3;
+
+	typedef [public] struct {
+		[value(NETLOGON_GENERIC_KRB5_PAC_VALIDATE)] uint32 MessageType;
+		uint32 ChecksumLength;
+		uint32 SignatureType;
+		uint32 SignatureLength;
+		[flag(NDR_REMAINING)] DATA_BLOB ChecksumAndSignature;
+	} PAC_Validate;
+
 	void decode_pac(
 		[in] PAC_DATA pac
 		);
@@ -111,4 +121,10 @@ interface krb5pac
 	void decode_login_info(
 		[in] PAC_LOGON_INFO logon_info
 		);
+
+	void decode_pac_validate(
+		[in] PAC_Validate pac_validate
+		);
+
+
 }
diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl
index 93cfdee201..408956b3fa 100644
--- a/source4/librpc/idl/lsa.idl
+++ b/source4/librpc/idl/lsa.idl
@@ -14,6 +14,7 @@ import "misc.idl", "security.idl";
 ] interface lsarpc
 {
 	typedef bitmap security_secinfo security_secinfo;
+	typedef bitmap kerb_EncTypes kerb_EncTypes;
 
 	typedef [public,noejs] struct {
 		[value(2*strlen_m(string))] uint16 length;
@@ -507,22 +508,53 @@ import "misc.idl", "security.idl";
 	} lsa_DATA_BUF2;
 
 	typedef enum {
-		LSA_TRUSTED_DOMAIN_INFO_NAME             = 1,
-		LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS_INFO = 2,
-		LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET     = 3,
-		LSA_TRUSTED_DOMAIN_INFO_PASSWORD         = 4,
-		LSA_TRUSTED_DOMAIN_INFO_BASIC            = 5,
-		LSA_TRUSTED_DOMAIN_INFO_INFO_EX          = 6,
-		LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO        = 7,
-		LSA_TRUSTED_DOMAIN_INFO_FULL_INFO        = 8,
-		LSA_TRUSTED_DOMAIN_INFO_11               = 11,
-		LSA_TRUSTED_DOMAIN_INFO_INFO_ALL         = 12
+		LSA_TRUSTED_DOMAIN_INFO_NAME                  = 1,
+		LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS           = 2,
+		LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET          = 3,
+		LSA_TRUSTED_DOMAIN_INFO_PASSWORD              = 4,
+		LSA_TRUSTED_DOMAIN_INFO_BASIC                 = 5,
+		LSA_TRUSTED_DOMAIN_INFO_INFO_EX               = 6,
+		LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO             = 7,
+		LSA_TRUSTED_DOMAIN_INFO_FULL_INFO             = 8,
+		LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL    = 9,
+		LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL    = 10,
+		LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL     = 11,
+		LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL  = 12,
+		LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES = 13
 	} lsa_TrustDomInfoEnum;
 
+	typedef [public,bitmap32bit] bitmap {
+		LSA_TRUST_DIRECTION_INBOUND  = 0x00000001,
+		LSA_TRUST_DIRECTION_OUTBOUND = 0x00000002
+	} lsa_TrustDirection;
+
+	typedef [v1_enum] enum {
+		LSA_TRUST_TYPE_DOWNLEVEL  = 0x00000001,
+		LSA_TRUST_TYPE_UPLEVEL    = 0x00000002,
+		LSA_TRUST_TYPE_MIT        = 0x00000003
+	} lsa_TrustType;
+
+	typedef [public,bitmap32bit] bitmap {
+		LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE      = 0x00000001,
+		LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY        = 0x00000002,
+		LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN  = 0x00000004,
+		LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE   = 0x00000008,
+		LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION  = 0x00000010,
+		LSA_TRUST_ATTRIBUTE_WITHIN_FOREST       = 0x00000020,
+		LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL   = 0x00000040,
+		LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION = 0x00000080
+	} lsa_TrustAttributes;
+
 	typedef struct {
 		lsa_StringLarge  netbios_name;
 	} lsa_TrustDomainInfoName;
 
+
+	typedef struct {
+		uint32 entries;
+		[size_is(entries)] lsa_StringLarge  *netbios_names;
+	} lsa_TrustDomainInfoControllers;
+
 	typedef struct {
 		uint32         posix_offset;
 	} lsa_TrustDomainInfoPosixOffset;
@@ -540,10 +572,10 @@ import "misc.idl", "security.idl";
 	typedef struct {
 		lsa_StringLarge     domain_name;
 		lsa_StringLarge     netbios_name;
-		dom_sid2      *sid;
-		uint32         trust_direction;
-		uint32         trust_type;
-		uint32         trust_attributes;
+		dom_sid2           *sid;
+		lsa_TrustDirection  trust_direction;
+		lsa_TrustType       trust_type;
+		lsa_TrustAttributes trust_attributes;
 	} lsa_TrustDomainInfoInfoEx;
 
 	typedef struct {
@@ -570,25 +602,46 @@ import "misc.idl", "security.idl";
 	typedef struct {
 		lsa_TrustDomainInfoInfoEx      info_ex;
 		lsa_DATA_BUF2                  data1;
-	} lsa_TrustDomainInfo11;
+	} lsa_TrustDomainInfoInfoEx2Internal;
 
 	typedef struct {
 		lsa_TrustDomainInfoInfoEx      info_ex;
 		lsa_DATA_BUF2                  data1;
 		lsa_TrustDomainInfoPosixOffset posix_offset;
 		lsa_TrustDomainInfoAuthInfo    auth_info;
-	} lsa_TrustDomainInfoInfoAll;
+	} lsa_TrustDomainInfoInfo2Internal;
+
+	typedef struct {
+		kerb_EncTypes enc_types;
+	} lsa_TrustDomainInfoSupportedEncTypes;
 
 	typedef [switch_type(lsa_TrustDomInfoEnum)] union {
-		[case(LSA_TRUSTED_DOMAIN_INFO_NAME)]         lsa_TrustDomainInfoName        name;
-		[case(LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET)] lsa_TrustDomainInfoPosixOffset posix_offset;
-		[case(LSA_TRUSTED_DOMAIN_INFO_PASSWORD)]     lsa_TrustDomainInfoPassword    password;
-		[case(LSA_TRUSTED_DOMAIN_INFO_BASIC)]        lsa_TrustDomainInfoBasic       info_basic;
-		[case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX)]      lsa_TrustDomainInfoInfoEx      info_ex;
-		[case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO)]    lsa_TrustDomainInfoAuthInfo    auth_info;
-		[case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)]    lsa_TrustDomainInfoFullInfo    full_info;
-		[case(LSA_TRUSTED_DOMAIN_INFO_11)]           lsa_TrustDomainInfo11          info11;
-		[case(LSA_TRUSTED_DOMAIN_INFO_INFO_ALL)]     lsa_TrustDomainInfoInfoAll     info_all;
+		[case(LSA_TRUSTED_DOMAIN_INFO_NAME)]
+		        lsa_TrustDomainInfoName              name;
+		[case(LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS)]
+		        lsa_TrustDomainInfoControllers   controllers;
+		[case(LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET)]
+		        lsa_TrustDomainInfoPosixOffset       posix_offset;
+		[case(LSA_TRUSTED_DOMAIN_INFO_PASSWORD)]
+		        lsa_TrustDomainInfoPassword          password;
+		[case(LSA_TRUSTED_DOMAIN_INFO_BASIC)]
+		        lsa_TrustDomainInfoBasic             info_basic;
+		[case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX)]
+		        lsa_TrustDomainInfoInfoEx            info_ex;
+		[case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO)]
+		        lsa_TrustDomainInfoAuthInfo          auth_info;
+		[case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)]
+		        lsa_TrustDomainInfoFullInfo          full_info;
+		[case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL)]
+		        lsa_TrustDomainInfoAuthInfo          auth_info_internal;
+		[case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL)]
+		        lsa_TrustDomainInfoFullInfo          full_info_internal;
+		[case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL)]
+		        lsa_TrustDomainInfoInfoEx2Internal   info_ex2_internal;
+		[case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL)]
+		        lsa_TrustDomainInfoInfo2Internal     info2_internal;
+		[case(LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES)]
+		        lsa_TrustDomainInfoSupportedEncTypes enc_types;
 	} lsa_TrustedDomainInfo;
 
 	/* Function:       0x1a */
@@ -658,8 +711,12 @@ import "misc.idl", "security.idl";
 		[in]         uint16 unknown
 		);
 
-	/* Function:        0x22 */
-	[todo] NTSTATUS lsa_DeleteObject();
+	/*******************/
+	/* Function:  0x22 */
+	NTSTATUS lsa_DeleteObject (
+		[in,out]     policy_handle *handle
+		);
+
 
 	
 	/*******************/
diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index d8f7d2f7e6..2298106851 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -123,12 +123,31 @@ interface netlogon
 		netr_ChallengeResponse lm;
 	} netr_NetworkInfo;
 
-	typedef [public,switch_type(uint16)] union {
-		[case(1)] netr_PasswordInfo *password;
-		[case(2)] netr_NetworkInfo  *network;
-		[case(3)] netr_PasswordInfo *password;
-		[case(5)] netr_PasswordInfo *password;
-		[case(6)] netr_NetworkInfo  *network;
+	typedef [flag(NDR_PAHEX)] struct {
+		netr_IdentityInfo identity_info;
+		lsa_String  package_name;
+		uint32 length;
+		[size_is(length)] uint8 *data;
+	} netr_GenericInfo;
+
+	typedef enum {
+		NetlogonInteractiveInformation = 1,
+		NetlogonNetworkInformation = 2,
+		NetlogonServiceInformation = 3,
+		NetlogonGenericInformation = 4,
+		NetlogonInteractiveTransitiveInformation = 5,
+		NetlogonNetworkTransitiveInformation = 6,
+		NetlogonServiceTransitiveInformation = 7
+	} netr_LogonInfoClass;
+
+	typedef [public,switch_type(netr_LogonInfoClass)] union {
+		[case(NetlogonInteractiveInformation)]           netr_PasswordInfo *password;
+		[case(NetlogonNetworkInformation)]               netr_NetworkInfo  *network;
+ 		[case(NetlogonServiceInformation)]               netr_PasswordInfo *password;
+ 		[case(NetlogonGenericInformation)]               netr_GenericInfo  *generic;
+		[case(NetlogonInteractiveTransitiveInformation)] netr_PasswordInfo *password;
+		[case(NetlogonNetworkTransitiveInformation)]     netr_NetworkInfo  *network;
+ 		[case(NetlogonServiceTransitiveInformation)]     netr_PasswordInfo *password;
 	} netr_LogonLevel;
 
 	typedef [public,flag(NDR_PAHEX)] struct {
@@ -221,12 +240,25 @@ interface netlogon
 		lsa_String unknown4;
 	} netr_PacInfo;
 
+	typedef [flag(NDR_PAHEX)] struct {
+		uint32 length;
+		[size_is(length)] uint8 *data;
+	} netr_GenericInfo2;
+
+	typedef enum {
+		NetlogonValidationUasInfo = 1,
+		NetlogonValidationSamInfo = 2,
+		NetlogonValidationSamInfo2 = 3,
+		NetlogonValidationGenericInfo2 = 5,
+		NetlogonValidationSamInfo4 = 6
+	} netr_ValidationInfoClass;
+
 	typedef [public,switch_type(uint16)] union {
-		[case(2)] netr_SamInfo2 *sam2;
-		[case(3)] netr_SamInfo3 *sam3;
+		[case(NetlogonValidationSamInfo)] netr_SamInfo2 *sam2;
+		[case(NetlogonValidationSamInfo2)] netr_SamInfo3 *sam3;
 		[case(4)] netr_PacInfo  *pac;
-		[case(5)] netr_PacInfo  *pac;
-		[case(6)] netr_SamInfo6 *sam6;
+		[case(NetlogonValidationGenericInfo2)] netr_GenericInfo2  *generic;
+		[case(NetlogonValidationSamInfo4)] netr_SamInfo6 *sam6;
 	} netr_Validation;
 
 	typedef [public, flag(NDR_PAHEX)] struct {
@@ -239,15 +271,15 @@ interface netlogon
 	} netr_Authenticator;
 
 	NTSTATUS netr_LogonSamLogon(
-		[in,unique] [string,charset(UTF16)] uint16 *server_name,
-		[in,unique] [string,charset(UTF16)] uint16 *computer_name,
-		[in,unique] netr_Authenticator *credential,
-		[in,out,unique] netr_Authenticator *return_authenticator,
-		[in]  uint16 logon_level,
-		[in]  [switch_is(logon_level)] netr_LogonLevel logon,
-		[in]  uint16 validation_level,
+		[in,unique] [string,charset(UTF16)] uint16         *server_name,
+		[in,unique] [string,charset(UTF16)] uint16         *computer_name,
+		[in,unique] netr_Authenticator                     *credential,
+		[in,out,unique] netr_Authenticator                 *return_authenticator,
+		[in]  netr_LogonInfoClass                           logon_level,
+		[in]  [switch_is(logon_level)] netr_LogonLevel      logon,
+		[in]  uint16                                        validation_level,
 		[out] [switch_is(validation_level)] netr_Validation validation,
-		[out] uint8 authoritative
+		[out] uint8                                         authoritative
 		);
 
 
diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl
index f8e9e9e110..80efe46453 100644
--- a/source4/librpc/idl/security.idl
+++ b/source4/librpc/idl/security.idl
@@ -386,4 +386,12 @@ interface security
 		SECINFO_PROTECTED_SACL	     = 0x40000000,
 		SECINFO_PROTECTED_DACL	     = 0x80000000
 	} security_secinfo;
+
+	typedef [public,bitmap32bit] bitmap {
+		KERB_ENCTYPE_DES_CBC_CRC             = 0x00000001,
+		KERB_ENCTYPE_DES_CBC_MD5             = 0x00000002,
+		KERB_ENCTYPE_RC4_HMAC_MD5            = 0x00000004,
+		KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 = 0x00000008,
+		KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 = 0x00000010
+	} kerb_EncTypes;
 }