diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/Makefile.in | 2 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/krb5pac.h | 23 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/ndr_krb5pac.c | 131 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/ndr_krb5pac.h | 8 | ||||
-rw-r--r-- | source3/librpc/idl/krb5pac.idl | 120 |
5 files changed, 140 insertions, 144 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index eef22fe500..eddcaaac42 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1213,7 +1213,7 @@ samba3-idl:: ../librpc/idl/eventlog.idl ../librpc/idl/wkssvc.idl librpc/idl/netlogon.idl \ ../librpc/idl/notify.idl ../librpc/idl/epmapper.idl librpc/idl/messaging.idl \ ../librpc/idl/xattr.idl ../librpc/idl/misc.idl librpc/idl/samr.idl \ - ../librpc/idl/security.idl ../librpc/idl/dssetup.idl librpc/idl/krb5pac.idl \ + ../librpc/idl/security.idl ../librpc/idl/dssetup.idl ../librpc/idl/krb5pac.idl \ ../librpc/idl/ntsvcs.idl librpc/idl/libnetapi.idl ../librpc/idl/drsuapi.idl \ ../librpc/idl/drsblobs.idl ../librpc/idl/nbt.idl diff --git a/source3/librpc/gen_ndr/krb5pac.h b/source3/librpc/gen_ndr/krb5pac.h index b3b29e5b2f..7ec3e95d70 100644 --- a/source3/librpc/gen_ndr/krb5pac.h +++ b/source3/librpc/gen_ndr/krb5pac.h @@ -8,6 +8,7 @@ #ifndef _HEADER_krb5pac #define _HEADER_krb5pac +#define NETLOGON_GENERIC_KRB5_PAC_VALIDATE ( 3 ) struct PAC_LOGON_NAME { NTTIME logon_time; uint16_t size;/* [value(2*strlen_m(account_name))] */ @@ -39,10 +40,6 @@ struct PAC_UNKNOWN_12 { }; struct PAC_LOGON_INFO_CTR { - uint32_t unknown1;/* [value(0x00081001)] */ - uint32_t unknown2;/* [value(0xCCCCCCCC)] */ - uint32_t _ndr_size;/* [value(NDR_ROUND(ndr_size_PAC_LOGON_INFO(info,ndr->flags)+4,8))] */ - uint32_t unknown3;/* [value(0x00000000)] */ struct PAC_LOGON_INFO *info;/* [unique] */ }/* [public] */; @@ -72,7 +69,7 @@ struct DATA_BLOB_REM { }; union PAC_INFO { - struct PAC_LOGON_INFO_CTR logon_info;/* [case(PAC_TYPE_LOGON_INFO)] */ + struct PAC_LOGON_INFO_CTR logon_info;/* [subcontext(0xFFFFFC01),case(PAC_TYPE_LOGON_INFO)] */ struct PAC_SIGNATURE_DATA srv_cksum;/* [case(PAC_TYPE_SRV_CHECKSUM)] */ struct PAC_SIGNATURE_DATA kdc_cksum;/* [case(PAC_TYPE_KDC_CHECKSUM)] */ struct PAC_LOGON_NAME logon_name;/* [case(PAC_TYPE_LOGON_NAME)] */ @@ -105,6 +102,14 @@ struct PAC_DATA_RAW { struct PAC_BUFFER_RAW *buffers; }/* [public] */; +struct PAC_Validate { + uint32_t MessageType;/* [value(NETLOGON_GENERIC_KRB5_PAC_VALIDATE)] */ + uint32_t ChecksumLength; + int32_t SignatureType; + uint32_t SignatureLength; + DATA_BLOB ChecksumAndSignature;/* [flag(LIBNDR_FLAG_REMAINING)] */ +}/* [public] */; + struct netsamlogoncache_entry { time_t timestamp; struct netr_SamInfo3 info3; @@ -134,4 +139,12 @@ struct decode_login_info { }; + +struct decode_pac_validate { + struct { + struct PAC_Validate pac_validate; + } in; + +}; + #endif /* _HEADER_krb5pac */ diff --git a/source3/librpc/gen_ndr/ndr_krb5pac.c b/source3/librpc/gen_ndr/ndr_krb5pac.c index 6e06f90a68..f9e93e5210 100644 --- a/source3/librpc/gen_ndr/ndr_krb5pac.c +++ b/source3/librpc/gen_ndr/ndr_krb5pac.c @@ -170,10 +170,6 @@ _PUBLIC_ enum ndr_err_code ndr_push_PAC_LOGON_INFO_CTR(struct ndr_push *ndr, int { if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_push_align(ndr, 4)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0x00081001)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0xCCCCCCCC)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, NDR_ROUND(ndr_size_PAC_LOGON_INFO(r->info, ndr->flags) + 4, 8))); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0x00000000)); NDR_CHECK(ndr_push_unique_ptr(ndr, r->info)); } if (ndr_flags & NDR_BUFFERS) { @@ -190,10 +186,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_PAC_LOGON_INFO_CTR(struct ndr_pull *ndr, int TALLOC_CTX *_mem_save_info_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown1)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown2)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->_ndr_size)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown3)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info)); if (_ptr_info) { NDR_PULL_ALLOC(ndr, r->info); @@ -216,10 +208,6 @@ _PUBLIC_ void ndr_print_PAC_LOGON_INFO_CTR(struct ndr_print *ndr, const char *na { ndr_print_struct(ndr, name, "PAC_LOGON_INFO_CTR"); ndr->depth++; - ndr_print_uint32(ndr, "unknown1", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?0x00081001:r->unknown1); - ndr_print_uint32(ndr, "unknown2", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?0xCCCCCCCC:r->unknown2); - ndr_print_uint32(ndr, "_ndr_size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?NDR_ROUND(ndr_size_PAC_LOGON_INFO(r->info, ndr->flags) + 4, 8):r->_ndr_size); - ndr_print_uint32(ndr, "unknown3", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?0x00000000:r->unknown3); ndr_print_ptr(ndr, "info", r->info); ndr->depth++; if (r->info) { @@ -304,7 +292,12 @@ _PUBLIC_ enum ndr_err_code ndr_push_PAC_INFO(struct ndr_push *ndr, int ndr_flags int level = ndr_push_get_switch_value(ndr, r); switch (level) { case PAC_TYPE_LOGON_INFO: { - NDR_CHECK(ndr_push_PAC_LOGON_INFO_CTR(ndr, NDR_SCALARS, &r->logon_info)); + { + struct ndr_push *_ndr_logon_info; + NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_logon_info, 0xFFFFFC01, -1)); + NDR_CHECK(ndr_push_PAC_LOGON_INFO_CTR(_ndr_logon_info, NDR_SCALARS|NDR_BUFFERS, &r->logon_info)); + NDR_CHECK(ndr_push_subcontext_end(ndr, _ndr_logon_info, 0xFFFFFC01, -1)); + } break; } case PAC_TYPE_SRV_CHECKSUM: { @@ -334,7 +327,6 @@ _PUBLIC_ enum ndr_err_code ndr_push_PAC_INFO(struct ndr_push *ndr, int ndr_flags int level = ndr_push_get_switch_value(ndr, r); switch (level) { case PAC_TYPE_LOGON_INFO: - NDR_CHECK(ndr_push_PAC_LOGON_INFO_CTR(ndr, NDR_BUFFERS, &r->logon_info)); break; case PAC_TYPE_SRV_CHECKSUM: @@ -361,7 +353,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_PAC_INFO(struct ndr_pull *ndr, int ndr_flags if (ndr_flags & NDR_SCALARS) { switch (level) { case PAC_TYPE_LOGON_INFO: { - NDR_CHECK(ndr_pull_PAC_LOGON_INFO_CTR(ndr, NDR_SCALARS, &r->logon_info)); + { + struct ndr_pull *_ndr_logon_info; + NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_logon_info, 0xFFFFFC01, -1)); + NDR_CHECK(ndr_pull_PAC_LOGON_INFO_CTR(_ndr_logon_info, NDR_SCALARS|NDR_BUFFERS, &r->logon_info)); + NDR_CHECK(ndr_pull_subcontext_end(ndr, _ndr_logon_info, 0xFFFFFC01, -1)); + } break; } case PAC_TYPE_SRV_CHECKSUM: { @@ -390,7 +387,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_PAC_INFO(struct ndr_pull *ndr, int ndr_flags if (ndr_flags & NDR_BUFFERS) { switch (level) { case PAC_TYPE_LOGON_INFO: - NDR_CHECK(ndr_pull_PAC_LOGON_INFO_CTR(ndr, NDR_BUFFERS, &r->logon_info)); break; case PAC_TYPE_SRV_CHECKSUM: @@ -672,6 +668,58 @@ _PUBLIC_ void ndr_print_PAC_DATA_RAW(struct ndr_print *ndr, const char *name, co ndr->depth--; } +_PUBLIC_ enum ndr_err_code ndr_push_PAC_Validate(struct ndr_push *ndr, int ndr_flags, const struct PAC_Validate *r) +{ + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_push_align(ndr, 4)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, NETLOGON_GENERIC_KRB5_PAC_VALIDATE)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->ChecksumLength)); + NDR_CHECK(ndr_push_int32(ndr, NDR_SCALARS, r->SignatureType)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->SignatureLength)); + { + uint32_t _flags_save_DATA_BLOB = ndr->flags; + ndr_set_flags(&ndr->flags, LIBNDR_FLAG_REMAINING); + NDR_CHECK(ndr_push_DATA_BLOB(ndr, NDR_SCALARS, r->ChecksumAndSignature)); + ndr->flags = _flags_save_DATA_BLOB; + } + } + if (ndr_flags & NDR_BUFFERS) { + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_PAC_Validate(struct ndr_pull *ndr, int ndr_flags, struct PAC_Validate *r) +{ + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_align(ndr, 4)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->MessageType)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->ChecksumLength)); + NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &r->SignatureType)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->SignatureLength)); + { + uint32_t _flags_save_DATA_BLOB = ndr->flags; + ndr_set_flags(&ndr->flags, LIBNDR_FLAG_REMAINING); + NDR_CHECK(ndr_pull_DATA_BLOB(ndr, NDR_SCALARS, &r->ChecksumAndSignature)); + ndr->flags = _flags_save_DATA_BLOB; + } + } + if (ndr_flags & NDR_BUFFERS) { + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_PAC_Validate(struct ndr_print *ndr, const char *name, const struct PAC_Validate *r) +{ + ndr_print_struct(ndr, name, "PAC_Validate"); + ndr->depth++; + ndr_print_uint32(ndr, "MessageType", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?NETLOGON_GENERIC_KRB5_PAC_VALIDATE:r->MessageType); + ndr_print_uint32(ndr, "ChecksumLength", r->ChecksumLength); + ndr_print_int32(ndr, "SignatureType", r->SignatureType); + ndr_print_uint32(ndr, "SignatureLength", r->SignatureLength); + ndr_print_DATA_BLOB(ndr, "ChecksumAndSignature", r->ChecksumAndSignature); + ndr->depth--; +} + _PUBLIC_ enum ndr_err_code ndr_push_netsamlogoncache_entry(struct ndr_push *ndr, int ndr_flags, const struct netsamlogoncache_entry *r) { if (ndr_flags & NDR_SCALARS) { @@ -830,6 +878,47 @@ _PUBLIC_ void ndr_print_decode_login_info(struct ndr_print *ndr, const char *nam ndr->depth--; } +static enum ndr_err_code ndr_push_decode_pac_validate(struct ndr_push *ndr, int flags, const struct decode_pac_validate *r) +{ + if (flags & NDR_IN) { + NDR_CHECK(ndr_push_PAC_Validate(ndr, NDR_SCALARS, &r->in.pac_validate)); + } + if (flags & NDR_OUT) { + } + return NDR_ERR_SUCCESS; +} + +static enum ndr_err_code ndr_pull_decode_pac_validate(struct ndr_pull *ndr, int flags, struct decode_pac_validate *r) +{ + if (flags & NDR_IN) { + NDR_CHECK(ndr_pull_PAC_Validate(ndr, NDR_SCALARS, &r->in.pac_validate)); + } + if (flags & NDR_OUT) { + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_decode_pac_validate(struct ndr_print *ndr, const char *name, int flags, const struct decode_pac_validate *r) +{ + ndr_print_struct(ndr, name, "decode_pac_validate"); + ndr->depth++; + if (flags & NDR_SET_VALUES) { + ndr->flags |= LIBNDR_PRINT_SET_VALUES; + } + if (flags & NDR_IN) { + ndr_print_struct(ndr, "in", "decode_pac_validate"); + ndr->depth++; + ndr_print_PAC_Validate(ndr, "pac_validate", &r->in.pac_validate); + ndr->depth--; + } + if (flags & NDR_OUT) { + ndr_print_struct(ndr, "out", "decode_pac_validate"); + ndr->depth++; + ndr->depth--; + } + ndr->depth--; +} + static const struct ndr_interface_call krb5pac_calls[] = { { "decode_pac", @@ -855,6 +944,14 @@ static const struct ndr_interface_call krb5pac_calls[] = { (ndr_print_function_t) ndr_print_decode_login_info, false, }, + { + "decode_pac_validate", + sizeof(struct decode_pac_validate), + (ndr_push_flags_fn_t) ndr_push_decode_pac_validate, + (ndr_pull_flags_fn_t) ndr_pull_decode_pac_validate, + (ndr_print_function_t) ndr_print_decode_pac_validate, + false, + }, { NULL, 0, NULL, NULL, NULL, false } }; @@ -884,7 +981,7 @@ const struct ndr_interface_table ndr_table_krb5pac = { NDR_KRB5PAC_VERSION }, .helpstring = NDR_KRB5PAC_HELPSTRING, - .num_calls = 3, + .num_calls = 4, .calls = krb5pac_calls, .endpoints = &krb5pac_endpoints, .authservices = &krb5pac_authservices diff --git a/source3/librpc/gen_ndr/ndr_krb5pac.h b/source3/librpc/gen_ndr/ndr_krb5pac.h index 7f03106879..bf09e3fad5 100644 --- a/source3/librpc/gen_ndr/ndr_krb5pac.h +++ b/source3/librpc/gen_ndr/ndr_krb5pac.h @@ -17,7 +17,9 @@ extern const struct ndr_interface_table ndr_table_krb5pac; #define NDR_DECODE_LOGIN_INFO (0x02) -#define NDR_KRB5PAC_CALL_COUNT (3) +#define NDR_DECODE_PAC_VALIDATE (0x03) + +#define NDR_KRB5PAC_CALL_COUNT (4) void ndr_print_PAC_LOGON_NAME(struct ndr_print *ndr, const char *name, const struct PAC_LOGON_NAME *r); enum ndr_err_code ndr_push_PAC_SIGNATURE_DATA(struct ndr_push *ndr, int ndr_flags, const struct PAC_SIGNATURE_DATA *r); enum ndr_err_code ndr_pull_PAC_SIGNATURE_DATA(struct ndr_pull *ndr, int ndr_flags, struct PAC_SIGNATURE_DATA *r); @@ -46,10 +48,14 @@ void ndr_print_PAC_BUFFER_RAW(struct ndr_print *ndr, const char *name, const str enum ndr_err_code ndr_push_PAC_DATA_RAW(struct ndr_push *ndr, int ndr_flags, const struct PAC_DATA_RAW *r); enum ndr_err_code ndr_pull_PAC_DATA_RAW(struct ndr_pull *ndr, int ndr_flags, struct PAC_DATA_RAW *r); void ndr_print_PAC_DATA_RAW(struct ndr_print *ndr, const char *name, const struct PAC_DATA_RAW *r); +enum ndr_err_code ndr_push_PAC_Validate(struct ndr_push *ndr, int ndr_flags, const struct PAC_Validate *r); +enum ndr_err_code ndr_pull_PAC_Validate(struct ndr_pull *ndr, int ndr_flags, struct PAC_Validate *r); +void ndr_print_PAC_Validate(struct ndr_print *ndr, const char *name, const struct PAC_Validate *r); enum ndr_err_code ndr_push_netsamlogoncache_entry(struct ndr_push *ndr, int ndr_flags, const struct netsamlogoncache_entry *r); enum ndr_err_code ndr_pull_netsamlogoncache_entry(struct ndr_pull *ndr, int ndr_flags, struct netsamlogoncache_entry *r); void ndr_print_netsamlogoncache_entry(struct ndr_print *ndr, const char *name, const struct netsamlogoncache_entry *r); void ndr_print_decode_pac(struct ndr_print *ndr, const char *name, int flags, const struct decode_pac *r); void ndr_print_decode_pac_raw(struct ndr_print *ndr, const char *name, int flags, const struct decode_pac_raw *r); void ndr_print_decode_login_info(struct ndr_print *ndr, const char *name, int flags, const struct decode_login_info *r); +void ndr_print_decode_pac_validate(struct ndr_print *ndr, const char *name, int flags, const struct decode_pac_validate *r); #endif /* _HEADER_NDR_krb5pac */ diff --git a/source3/librpc/idl/krb5pac.idl b/source3/librpc/idl/krb5pac.idl deleted file mode 100644 index c039502d23..0000000000 --- a/source3/librpc/idl/krb5pac.idl +++ /dev/null @@ -1,120 +0,0 @@ -/* - krb5 PAC -*/ - -#include "idl_types.h" - -import "security.idl", "netlogon.idl", "samr.idl"; - -[ - uuid("12345778-1234-abcd-0000-00000000"), - version(0.0), - pointer_default(unique), - helpstring("Active Directory KRB5 PAC") -] -interface krb5pac -{ - typedef struct { - NTTIME logon_time; - [value(2*strlen_m(account_name))] uint16 size; - [charset(UTF16)] uint8 account_name[size]; - } PAC_LOGON_NAME; - - typedef [public,flag(NDR_PAHEX)] struct { - uint32 type; - [flag(NDR_REMAINING)] DATA_BLOB signature; - } PAC_SIGNATURE_DATA; - - typedef [gensize] struct { - netr_SamInfo3 info3; - dom_sid2 *res_group_dom_sid; - samr_RidWithAttributeArray res_groups; - } PAC_LOGON_INFO; - - typedef struct { - [value(2*strlen_m(upn_name))] uint16 upn_size; - uint16 upn_offset; - [value(2*strlen_m(domain_name))] uint16 domain_size; - uint16 domain_offset; - uint16 unknown3; /* 0x01 */ - uint16 unknown4; - uint32 unknown5; - [charset(UTF16)] uint8 upn_name[upn_size+2]; - [charset(UTF16)] uint8 domain_name[domain_size+2]; - uint32 unknown6; /* padding */ - } PAC_UNKNOWN_12; - - typedef [public] struct { - [value(0x00081001)] uint32 unknown1; - [value(0xCCCCCCCC)] uint32 unknown2; - [value(NDR_ROUND(ndr_size_PAC_LOGON_INFO(info, ndr->flags)+4,8))] uint32 _ndr_size; - [value(0x00000000)] uint32 unknown3; - PAC_LOGON_INFO *info; - } PAC_LOGON_INFO_CTR; - - typedef [public,v1_enum] enum { - PAC_TYPE_LOGON_INFO = 1, - PAC_TYPE_SRV_CHECKSUM = 6, - PAC_TYPE_KDC_CHECKSUM = 7, - PAC_TYPE_LOGON_NAME = 10, - PAC_TYPE_CONSTRAINED_DELEGATION = 11, - PAC_TYPE_UNKNOWN_12 = 12 - } PAC_TYPE; - - typedef struct { - [flag(NDR_REMAINING)] DATA_BLOB remaining; - } DATA_BLOB_REM; - - typedef [public,nodiscriminant,gensize] union { - [case(PAC_TYPE_LOGON_INFO)] PAC_LOGON_INFO_CTR logon_info; - [case(PAC_TYPE_SRV_CHECKSUM)] PAC_SIGNATURE_DATA srv_cksum; - [case(PAC_TYPE_KDC_CHECKSUM)] PAC_SIGNATURE_DATA kdc_cksum; - [case(PAC_TYPE_LOGON_NAME)] PAC_LOGON_NAME logon_name; - [default] [subcontext(0)] DATA_BLOB_REM unknown; - /* [case(PAC_TYPE_UNKNOWN_12)] PAC_UNKNOWN_12 unknown; */ - } PAC_INFO; - - typedef [public,nopush,nopull,noprint] struct { - PAC_TYPE type; - [value(_ndr_size_PAC_INFO(info, type, 0))] uint32 _ndr_size; - [relative,switch_is(type),subcontext(0),subcontext_size(_subcontext_size_PAC_INFO(r, ndr->flags)),flag(NDR_ALIGN8)] PAC_INFO *info; - [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */ - } PAC_BUFFER; - - typedef [public] struct { - uint32 num_buffers; - uint32 version; - PAC_BUFFER buffers[num_buffers]; - } PAC_DATA; - - typedef [public] struct { - PAC_TYPE type; - uint32 ndr_size; - [relative,subcontext(0),subcontext_size(NDR_ROUND(ndr_size,8)),flag(NDR_ALIGN8)] DATA_BLOB_REM *info; - [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */ - } PAC_BUFFER_RAW; - - typedef [public] struct { - uint32 num_buffers; - uint32 version; - PAC_BUFFER_RAW buffers[num_buffers]; - } PAC_DATA_RAW; - - void decode_pac( - [in] PAC_DATA pac - ); - - void decode_pac_raw( - [in] PAC_DATA_RAW pac - ); - - void decode_login_info( - [in] PAC_LOGON_INFO logon_info - ); - - /* used for samba3 netsamlogon cache */ - typedef [public] struct { - time_t timestamp; - netr_SamInfo3 info3; - } netsamlogoncache_entry; -} |