summaryrefslogtreecommitdiff
path: root/librpc/idl
diff options
context:
space:
mode:
Diffstat (limited to 'librpc/idl')
-rw-r--r--librpc/idl/krb5pac.idl134
1 files changed, 134 insertions, 0 deletions
diff --git a/librpc/idl/krb5pac.idl b/librpc/idl/krb5pac.idl
new file mode 100644
index 0000000000..a498b795f8
--- /dev/null
+++ b/librpc/idl/krb5pac.idl
@@ -0,0 +1,134 @@
+/*
+ krb5 PAC
+*/
+
+#include "idl_types.h"
+
+import "security.idl", "netlogon.idl", "samr.idl";
+
+[
+ uuid("12345778-1234-abcd-0000-00000000"),
+ version(0.0),
+ pointer_default(unique),
+ helpstring("Active Directory KRB5 PAC")
+]
+interface krb5pac
+{
+ typedef struct {
+ NTTIME logon_time;
+ [value(2*strlen_m(account_name))] uint16 size;
+ [charset(UTF16)] uint8 account_name[size];
+ } PAC_LOGON_NAME;
+
+ typedef [public,flag(NDR_PAHEX)] struct {
+ uint32 type;
+ [flag(NDR_REMAINING)] DATA_BLOB signature;
+ } PAC_SIGNATURE_DATA;
+
+ typedef [gensize] struct {
+ netr_SamInfo3 info3;
+ dom_sid2 *res_group_dom_sid;
+ samr_RidWithAttributeArray res_groups;
+ } PAC_LOGON_INFO;
+
+ typedef struct {
+ [value(2*strlen_m(upn_name))] uint16 upn_size;
+ uint16 upn_offset;
+ [value(2*strlen_m(domain_name))] uint16 domain_size;
+ uint16 domain_offset;
+ uint16 unknown3; /* 0x01 */
+ uint16 unknown4;
+ uint32 unknown5;
+ [charset(UTF16)] uint8 upn_name[upn_size+2];
+ [charset(UTF16)] uint8 domain_name[domain_size+2];
+ uint32 unknown6; /* padding */
+ } PAC_UNKNOWN_12;
+
+ typedef [public] struct {
+ PAC_LOGON_INFO *info;
+ } PAC_LOGON_INFO_CTR;
+
+ typedef [public,v1_enum] enum {
+ PAC_TYPE_LOGON_INFO = 1,
+ PAC_TYPE_SRV_CHECKSUM = 6,
+ PAC_TYPE_KDC_CHECKSUM = 7,
+ PAC_TYPE_LOGON_NAME = 10,
+ PAC_TYPE_CONSTRAINED_DELEGATION = 11,
+ PAC_TYPE_UNKNOWN_12 = 12
+ } PAC_TYPE;
+
+ typedef struct {
+ [flag(NDR_REMAINING)] DATA_BLOB remaining;
+ } DATA_BLOB_REM;
+
+ typedef [public,nodiscriminant,gensize] union {
+ [case(PAC_TYPE_LOGON_INFO)][subcontext(0xFFFFFC01)] PAC_LOGON_INFO_CTR logon_info;
+ [case(PAC_TYPE_SRV_CHECKSUM)] PAC_SIGNATURE_DATA srv_cksum;
+ [case(PAC_TYPE_KDC_CHECKSUM)] PAC_SIGNATURE_DATA kdc_cksum;
+ [case(PAC_TYPE_LOGON_NAME)] PAC_LOGON_NAME logon_name;
+ /* when new PAC info types are added they are supposed to be done
+ in such a way that they are backwards compatible with existing
+ servers. This makes it safe to just use a [default] for
+ unknown types, which lets us ignore the data */
+ [default] [subcontext(0)] DATA_BLOB_REM unknown;
+ /* [case(PAC_TYPE_UNKNOWN_12)] PAC_UNKNOWN_12 unknown; */
+ } PAC_INFO;
+
+ typedef [public,nopush,nopull,noprint] struct {
+ PAC_TYPE type;
+ [value(_ndr_size_PAC_INFO(info, type, 0))] uint32 _ndr_size;
+ [relative,switch_is(type),subcontext(0),subcontext_size(_subcontext_size_PAC_INFO(r, ndr->flags)),flag(NDR_ALIGN8)] PAC_INFO *info;
+ [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
+ } PAC_BUFFER;
+
+ typedef [public] struct {
+ uint32 num_buffers;
+ uint32 version;
+ PAC_BUFFER buffers[num_buffers];
+ } PAC_DATA;
+
+ typedef [public] struct {
+ PAC_TYPE type;
+ uint32 ndr_size;
+ [relative,subcontext(0),subcontext_size(NDR_ROUND(ndr_size,8)),flag(NDR_ALIGN8)] DATA_BLOB_REM *info;
+ [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
+ } PAC_BUFFER_RAW;
+
+ typedef [public] struct {
+ uint32 num_buffers;
+ uint32 version;
+ PAC_BUFFER_RAW buffers[num_buffers];
+ } PAC_DATA_RAW;
+
+ const int NETLOGON_GENERIC_KRB5_PAC_VALIDATE = 3;
+
+ typedef [public] struct {
+ [value(NETLOGON_GENERIC_KRB5_PAC_VALIDATE)] uint32 MessageType;
+ uint32 ChecksumLength;
+ int32 SignatureType;
+ uint32 SignatureLength;
+ [flag(NDR_REMAINING)] DATA_BLOB ChecksumAndSignature;
+ } PAC_Validate;
+
+ void decode_pac(
+ [in] PAC_DATA pac
+ );
+
+ void decode_pac_raw(
+ [in] PAC_DATA_RAW pac
+ );
+
+ void decode_login_info(
+ [in] PAC_LOGON_INFO logon_info
+ );
+
+ void decode_pac_validate(
+ [in] PAC_Validate pac_validate
+ );
+
+ /* used for samba3 netsamlogon cache */
+ typedef [public] struct {
+ time_t timestamp;
+ netr_SamInfo3 info3;
+ } netsamlogoncache_entry;
+}