summaryrefslogtreecommitdiff
path: root/source4/librpc
diff options
context:
space:
mode:
Diffstat (limited to 'source4/librpc')
-rw-r--r--source4/librpc/idl/krb5pac.idl130
-rw-r--r--source4/librpc/idl/lsa.idl32
2 files changed, 25 insertions, 137 deletions
diff --git a/source4/librpc/idl/krb5pac.idl b/source4/librpc/idl/krb5pac.idl
deleted file mode 100644
index bddba04165..0000000000
--- a/source4/librpc/idl/krb5pac.idl
+++ /dev/null
@@ -1,130 +0,0 @@
-/*
- krb5 PAC
-*/
-
-#include "idl_types.h"
-
-import "security.idl", "netlogon.idl", "samr.idl";
-
-[
- uuid("12345778-1234-abcd-0000-00000000"),
- version(0.0),
- pointer_default(unique),
- helpstring("Active Directory KRB5 PAC")
-]
-interface krb5pac
-{
- typedef struct {
- NTTIME logon_time;
- [value(2*strlen_m(account_name))] uint16 size;
- [charset(UTF16)] uint8 account_name[size];
- } PAC_LOGON_NAME;
-
- typedef [public,flag(NDR_PAHEX)] struct {
- uint32 type;
- [flag(NDR_REMAINING)] DATA_BLOB signature;
- } PAC_SIGNATURE_DATA;
-
- typedef [gensize] struct {
- netr_SamInfo3 info3;
- dom_sid2 *res_group_dom_sid;
- samr_RidWithAttributeArray res_groups;
- } PAC_LOGON_INFO;
-
- typedef struct {
- [value(2*strlen_m(upn_name))] uint16 upn_size;
- uint16 upn_offset;
- [value(2*strlen_m(domain_name))] uint16 domain_size;
- uint16 domain_offset;
- uint16 unknown3; /* 0x01 */
- uint16 unknown4;
- uint32 unknown5;
- [charset(UTF16)] uint8 upn_name[upn_size+2];
- [charset(UTF16)] uint8 domain_name[domain_size+2];
- uint32 unknown6; /* padding */
- } PAC_UNKNOWN_12;
-
- typedef [public] struct {
- PAC_LOGON_INFO *info;
- } PAC_LOGON_INFO_CTR;
-
- typedef [public,v1_enum] enum {
- PAC_TYPE_LOGON_INFO = 1,
- PAC_TYPE_SRV_CHECKSUM = 6,
- PAC_TYPE_KDC_CHECKSUM = 7,
- PAC_TYPE_LOGON_NAME = 10,
- PAC_TYPE_CONSTRAINED_DELEGATION = 11,
- PAC_TYPE_UNKNOWN_12 = 12
- } PAC_TYPE;
-
- typedef struct {
- [flag(NDR_REMAINING)] DATA_BLOB remaining;
- } DATA_BLOB_REM;
-
- typedef [public,nodiscriminant,gensize] union {
- [case(PAC_TYPE_LOGON_INFO)][subcontext(0xFFFFFC01)] PAC_LOGON_INFO_CTR logon_info;
- [case(PAC_TYPE_SRV_CHECKSUM)] PAC_SIGNATURE_DATA srv_cksum;
- [case(PAC_TYPE_KDC_CHECKSUM)] PAC_SIGNATURE_DATA kdc_cksum;
- [case(PAC_TYPE_LOGON_NAME)] PAC_LOGON_NAME logon_name;
- /* when new PAC info types are added they are supposed to be done
- in such a way that they are backwards compatible with existing
- servers. This makes it safe to just use a [default] for
- unknown types, which lets us ignore the data */
- [default] [subcontext(0)] DATA_BLOB_REM unknown;
- /* [case(PAC_TYPE_UNKNOWN_12)] PAC_UNKNOWN_12 unknown; */
- } PAC_INFO;
-
- typedef [public,nopush,nopull,noprint] struct {
- PAC_TYPE type;
- [value(_ndr_size_PAC_INFO(info, type, 0))] uint32 _ndr_size;
- [relative,switch_is(type),subcontext(0),subcontext_size(_subcontext_size_PAC_INFO(r, ndr->flags)),flag(NDR_ALIGN8)] PAC_INFO *info;
- [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
- } PAC_BUFFER;
-
- typedef [public] struct {
- uint32 num_buffers;
- uint32 version;
- PAC_BUFFER buffers[num_buffers];
- } PAC_DATA;
-
- typedef [public] struct {
- PAC_TYPE type;
- uint32 ndr_size;
- [relative,subcontext(0),subcontext_size(NDR_ROUND(ndr_size,8)),flag(NDR_ALIGN8)] DATA_BLOB_REM *info;
- [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
- } PAC_BUFFER_RAW;
-
- typedef [public] struct {
- uint32 num_buffers;
- uint32 version;
- PAC_BUFFER_RAW buffers[num_buffers];
- } PAC_DATA_RAW;
-
- const int NETLOGON_GENERIC_KRB5_PAC_VALIDATE = 3;
-
- typedef [public] struct {
- [value(NETLOGON_GENERIC_KRB5_PAC_VALIDATE)] uint32 MessageType;
- uint32 ChecksumLength;
- int32 SignatureType;
- uint32 SignatureLength;
- [flag(NDR_REMAINING)] DATA_BLOB ChecksumAndSignature;
- } PAC_Validate;
-
- void decode_pac(
- [in] PAC_DATA pac
- );
-
- void decode_pac_raw(
- [in] PAC_DATA_RAW pac
- );
-
- void decode_login_info(
- [in] PAC_LOGON_INFO logon_info
- );
-
- void decode_pac_validate(
- [in] PAC_Validate pac_validate
- );
-
-
-}
diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl
index dd9791d894..8745385a10 100644
--- a/source4/librpc/idl/lsa.idl
+++ b/source4/librpc/idl/lsa.idl
@@ -263,11 +263,12 @@ import "misc.idl", "security.idl";
LSA_POLICY_INFO_ROLE=6,
LSA_POLICY_INFO_REPLICA=7,
LSA_POLICY_INFO_QUOTA=8,
- LSA_POLICY_INFO_DB=9,
+ LSA_POLICY_INFO_MOD=9,
LSA_POLICY_INFO_AUDIT_FULL_SET=10,
LSA_POLICY_INFO_AUDIT_FULL_QUERY=11,
LSA_POLICY_INFO_DNS=12,
- LSA_POLICY_INFO_DNS_INT=13
+ LSA_POLICY_INFO_DNS_INT=13,
+ LSA_POLICY_INFO_L_ACCOUNT_DOMAIN=14
} lsa_PolicyInfo;
typedef [switch_type(uint16)] union {
@@ -279,11 +280,12 @@ import "misc.idl", "security.idl";
[case(LSA_POLICY_INFO_ROLE)] lsa_ServerRole role;
[case(LSA_POLICY_INFO_REPLICA)] lsa_ReplicaSourceInfo replica;
[case(LSA_POLICY_INFO_QUOTA)] lsa_DefaultQuotaInfo quota;
- [case(LSA_POLICY_INFO_DB)] lsa_ModificationInfo db;
+ [case(LSA_POLICY_INFO_MOD)] lsa_ModificationInfo mod;
[case(LSA_POLICY_INFO_AUDIT_FULL_SET)] lsa_AuditFullSetInfo auditfullset;
[case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery;
[case(LSA_POLICY_INFO_DNS)] lsa_DnsDomainInfo dns;
[case(LSA_POLICY_INFO_DNS_INT)] lsa_DnsDomainInfo dns;
+ [case(LSA_POLICY_INFO_L_ACCOUNT_DOMAIN)] lsa_DomainInfo l_account_domain;
} lsa_PolicyInformation;
NTSTATUS lsa_QueryInfoPolicy (
@@ -512,23 +514,39 @@ import "misc.idl", "security.idl";
/* Function: 0x16 */
[todo] NTSTATUS lsa_SetQuotasForAccount();
+ typedef [bitmap32bit] bitmap {
+ LSA_POLICY_MODE_INTERACTIVE = 0x00000001,
+ LSA_POLICY_MODE_NETWORK = 0x00000002,
+ LSA_POLICY_MODE_BATCH = 0x00000004,
+ LSA_POLICY_MODE_SERVICE = 0x00000010,
+ LSA_POLICY_MODE_PROXY = 0x00000020,
+ LSA_POLICY_MODE_DENY_INTERACTIVE = 0x00000040,
+ LSA_POLICY_MODE_DENY_NETWORK = 0x00000080,
+ LSA_POLICY_MODE_DENY_BATCH = 0x00000100,
+ LSA_POLICY_MODE_DENY_SERVICE = 0x00000200,
+ LSA_POLICY_MODE_REMOTE_INTERACTIVE = 0x00000400,
+ LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE = 0x00000800,
+ LSA_POLICY_MODE_ALL = 0x00000FF7,
+ LSA_POLICY_MODE_ALL_NT4 = 0x00000037
+ } lsa_SystemAccessModeFlags;
+
/* Function: 0x17 */
NTSTATUS lsa_GetSystemAccessAccount(
- [in] policy_handle *handle,
+ [in] policy_handle *handle,
[out,ref] uint32 *access_mask
);
/* Function: 0x18 */
NTSTATUS lsa_SetSystemAccessAccount(
- [in] policy_handle *handle,
- [in] uint32 access_mask
+ [in] policy_handle *handle,
+ [in] uint32 access_mask
);
/* Function: 0x19 */
NTSTATUS lsa_OpenTrustedDomain(
[in] policy_handle *handle,
[in] dom_sid2 *sid,
- [in] uint32 access_mask,
+ [in] uint32 access_mask,
[out] policy_handle *trustdom_handle
);