diff options
Diffstat (limited to 'source4/librpc')
-rw-r--r-- | source4/librpc/idl/drsblobs.idl | 62 | ||||
-rw-r--r-- | source4/librpc/idl/lsa.idl | 66 |
2 files changed, 78 insertions, 50 deletions
diff --git a/source4/librpc/idl/drsblobs.idl b/source4/librpc/idl/drsblobs.idl index eb85989eda..196423c7dd 100644 --- a/source4/librpc/idl/drsblobs.idl +++ b/source4/librpc/idl/drsblobs.idl @@ -1,6 +1,6 @@ #include "idl_types.h" -import "drsuapi.idl", "misc.idl", "samr.idl"; +import "drsuapi.idl", "misc.idl", "samr.idl", "lsa.idl"; [ uuid("12345778-1234-abcd-0001-00000001"), @@ -12,7 +12,7 @@ interface drsblobs { typedef bitmap drsuapi_DsReplicaSyncOptions drsuapi_DsReplicaSyncOptions; typedef bitmap drsuapi_DsReplicaNeighbourFlags drsuapi_DsReplicaNeighbourFlags; typedef [v1_enum] enum drsuapi_DsAttributeId drsuapi_DsAttributeId; - + typedef [v1_enum] enum lsa_TrustAuthType lsa_TrustAuthType; /* * replPropertyMetaData * w2k uses version 1 @@ -357,25 +357,6 @@ interface drsblobs { ); typedef struct { - NTTIME time1; - uint32 unknown1; - DATA_BLOB value; - [flag(NDR_ALIGN4)] DATA_BLOB _pad; - } trustAuthInOutSecret1; - - typedef struct { - [relative] trustAuthInOutSecret1 *value1; - [relative] trustAuthInOutSecret1 *value2; - } trustAuthInOutCtr1; - - typedef [v1_enum] enum { - TRUST_AUTH_TYPE_NONE = 0, - TRUST_AUTH_TYPE_NT4OWF = 1, - TRUST_AUTH_TYPE_CLEAR = 2, - TRUST_AUTH_TYPE_VERSION = 3 - } trustAuthType; - - typedef struct { [value(0)] uint32 size; } AuthInfoNone; @@ -384,6 +365,20 @@ interface drsblobs { samr_Password password; } AuthInfoNT4Owf; + /* + * the secret value is encoded as UTF16 if it's a string + * but depending the AuthType, it might also be krb5 trusts have random bytes here, so converting to UTF16 + * mayfail... + * + * TODO: We should try handle the case of a random buffer in all places + * we deal with cleartext passwords from windows + * + * so we don't use this: + * + * uint32 value_len; + * [charset(UTF16)] uint8 value[value_len]; + */ + typedef struct { uint32 size; uint8 password[size]; @@ -403,21 +398,8 @@ interface drsblobs { typedef [public] struct { NTTIME LastUpdateTime; - trustAuthType AuthType; + lsa_TrustAuthType AuthType; - /* - * the secret value is encoded as UTF16 if it's a string - * but depending the AuthType, it might also be krb5 trusts have random bytes here, so converting to UTF16 - * mayfail... - * - * TODO: We should try handle the case of a random buffer in all places - * we deal with cleartext passwords from windows - * - * so we don't use this: - * - * uint32 value_len; - * [charset(UTF16)] uint8 value[value_len]; - */ [switch_is(AuthType)] AuthInfo AuthInfo; [flag(NDR_ALIGN4)] DATA_BLOB _pad; } AuthenticationInformation; @@ -427,12 +409,20 @@ interface drsblobs { [size_is(1)] AuthenticationInformation array[]; } AuthenticationInformationArray; - typedef [public,nopull,nopush,noprint] struct { + typedef [public,nopull,nopush,noprint,gensize] struct { uint32 count; [relative] AuthenticationInformationArray *current; [relative] AuthenticationInformationArray *previous; } trustAuthInOutBlob; + typedef [public] struct { + uint8 confounder[512]; + trustAuthInOutBlob outgoing; + trustAuthInOutBlob incoming; + [value(ndr_size_trustAuthInOutBlob(&outgoing, ndr->flags))] uint32 outgoing_size; + [value(ndr_size_trustAuthInOutBlob(&incoming, ndr->flags))] uint32 incoming_size; + } trustAuthInAndOutBlob; + void decode_trustAuthInOut( [in] trustAuthInOutBlob blob ); diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl index 408956b3fa..b26d50c173 100644 --- a/source4/librpc/idl/lsa.idl +++ b/source4/librpc/idl/lsa.idl @@ -311,7 +311,7 @@ import "misc.idl", "security.idl"; /* Function: 0x0c */ [public] NTSTATUS lsa_CreateTrustedDomain( - [in] policy_handle *handle, + [in] policy_handle *policy_handle, [in] lsa_DomainInfo *info, [in] uint32 access_mask, [out] policy_handle *trustdom_handle @@ -578,9 +578,16 @@ import "misc.idl", "security.idl"; lsa_TrustAttributes trust_attributes; } lsa_TrustDomainInfoInfoEx; + typedef [public,v1_enum] enum { + TRUST_AUTH_TYPE_NONE = 0, + TRUST_AUTH_TYPE_NT4OWF = 1, + TRUST_AUTH_TYPE_CLEAR = 2, + TRUST_AUTH_TYPE_VERSION = 3 + } lsa_TrustAuthType; + typedef struct { NTTIME_hyper last_update_time; - uint32 secret_type; + lsa_TrustAuthType AuthType; lsa_DATA_BUF2 data; } lsa_TrustDomainInfoBuffer; @@ -600,16 +607,26 @@ import "misc.idl", "security.idl"; } lsa_TrustDomainInfoFullInfo; typedef struct { + lsa_DATA_BUF2 auth_blob; + } lsa_TrustDomainInfoAuthInfoInternal; + + typedef struct { + lsa_TrustDomainInfoInfoEx info_ex; + lsa_TrustDomainInfoPosixOffset posix_offset; + lsa_TrustDomainInfoAuthInfoInternal auth_info; + } lsa_TrustDomainInfoFullInfoInternal; + + typedef struct { lsa_TrustDomainInfoInfoEx info_ex; - lsa_DATA_BUF2 data1; + uint32 forest_trust_length; + [size_is(forest_trust_length)] uint8 *forest_trust_data; } lsa_TrustDomainInfoInfoEx2Internal; typedef struct { - lsa_TrustDomainInfoInfoEx info_ex; - lsa_DATA_BUF2 data1; + lsa_TrustDomainInfoInfoEx2Internal info; lsa_TrustDomainInfoPosixOffset posix_offset; lsa_TrustDomainInfoAuthInfo auth_info; - } lsa_TrustDomainInfoInfo2Internal; + } lsa_TrustDomainInfoFullInfo2Internal; typedef struct { kerb_EncTypes enc_types; @@ -633,13 +650,13 @@ import "misc.idl", "security.idl"; [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)] lsa_TrustDomainInfoFullInfo full_info; [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL)] - lsa_TrustDomainInfoAuthInfo auth_info_internal; + lsa_TrustDomainInfoAuthInfoInternal auth_info_internal; [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL)] - lsa_TrustDomainInfoFullInfo full_info_internal; + lsa_TrustDomainInfoFullInfoInternal full_info_internal; [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL)] lsa_TrustDomainInfoInfoEx2Internal info_ex2_internal; [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL)] - lsa_TrustDomainInfoInfo2Internal info2_internal; + lsa_TrustDomainInfoFullInfo2Internal full_info2_internal; [case(LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES)] lsa_TrustDomainInfoSupportedEncTypes enc_types; } lsa_TrustedDomainInfo; @@ -652,7 +669,11 @@ import "misc.idl", "security.idl"; ); /* Function: 0x1b */ - [todo] NTSTATUS lsa_SetInformationTrustedDomain(); + NTSTATUS lsa_SetInformationTrustedDomain( + [in] policy_handle *trustdom_handle, + [in] lsa_TrustDomInfoEnum level, + [in,switch_is(level)] lsa_TrustedDomainInfo *info + ); /* Function: 0x1c */ [public] NTSTATUS lsa_OpenSecret( @@ -770,7 +791,12 @@ import "misc.idl", "security.idl"; ); /* Function: 0x28 */ - [todo] NTSTATUS lsa_SetTrustedDomainInfo(); + NTSTATUS lsa_SetTrustedDomainInfo( + [in] policy_handle *handle, + [in] dom_sid2 *dom_sid, + [in] lsa_TrustDomInfoEnum level, + [in,switch_is(level)] lsa_TrustedDomainInfo *info + ); /* Function: 0x29 */ NTSTATUS lsa_DeleteTrustedDomain( [in] policy_handle *handle, @@ -855,9 +881,15 @@ import "misc.idl", "security.idl"; [in] uint32 max_size ); - /* Function 0x33 */ - [todo] NTSTATUS lsa_CreateTrustedDomainEx(); + NTSTATUS lsa_CreateTrustedDomainEx( + [in] policy_handle *policy_handle, + [in] lsa_TrustDomainInfoInfoEx *info, + [in] lsa_TrustDomainInfoAuthInfoInternal *auth_info, + [in] uint32 access_mask, + [out] policy_handle *trustdom_handle + ); + /* Function 0x34 */ NTSTATUS lsa_CloseTrustedDomainEx( @@ -971,7 +1003,13 @@ import "misc.idl", "security.idl"; ); /* Function 0x3b */ - [todo] NTSTATUS lsa_CreateTrustedDomainEx2(); + NTSTATUS lsa_CreateTrustedDomainEx2( + [in] policy_handle *policy_handle, + [in] lsa_TrustDomainInfoInfoEx *info, + [in] lsa_TrustDomainInfoAuthInfoInternal *auth_info, + [in] uint32 access_mask, + [out] policy_handle *trustdom_handle + ); /* Function 0x3c */ [todo] NTSTATUS lsa_CREDRWRITE(); |