diff options
Diffstat (limited to 'source4/librpc')
-rw-r--r-- | source4/librpc/idl/drsblobs.idl | 64 | ||||
-rw-r--r-- | source4/librpc/idl/drsuapi.idl | 22 | ||||
-rw-r--r-- | source4/librpc/idl/netlogon.idl | 2 | ||||
-rw-r--r-- | source4/librpc/idl/samr.idl | 18 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_util.c | 14 |
5 files changed, 95 insertions, 25 deletions
diff --git a/source4/librpc/idl/drsblobs.idl b/source4/librpc/idl/drsblobs.idl index f8cbdac8c5..c876ae7fed 100644 --- a/source4/librpc/idl/drsblobs.idl +++ b/source4/librpc/idl/drsblobs.idl @@ -205,7 +205,7 @@ interface drsblobs { typedef struct { [value(2*strlen_m(name))] uint16 name_len; [value(strlen(data))] uint16 data_len; - uint16 unknown1; /* 2 for name = 'Packages', 1 for name = 'Primary:*' */ + uint16 reserved; /* 2 for 'Packages', 1 for 'Primary:*', but should be ignored */ [charset(UTF16)] uint8 name[name_len]; /* * the data field contains data as HEX strings @@ -215,6 +215,9 @@ interface drsblobs { * as non termiated UTF16 strings with * a UTF16 NULL byte as separator * + * 'Primary:Kerberos-Newer-Keys': + * ... + * * 'Primary:Kerberos': * ... * @@ -228,11 +231,16 @@ interface drsblobs { [charset(DOS)] uint8 data[data_len]; } supplementalCredentialsPackage; - /* this are 0x30 (48) whitespaces (0x20) followed by 'P' (0x50) */ - const string SUPPLEMENTAL_CREDENTIALS_PREFIX = " P"; + /* this are 0x30 (48) whitespaces (0x20) */ + const string SUPPLEMENTAL_CREDENTIALS_PREFIX = " "; + + typedef [flag(NDR_PAHEX)] enum { + SUPPLEMENTAL_CREDENTIALS_SIGNATURE = 0x0050 + } supplementalCredentialsSignature; typedef [gensize] struct { - [value(SUPPLEMENTAL_CREDENTIALS_PREFIX),charset(UTF16)] uint16 prefix[0x31]; + [value(SUPPLEMENTAL_CREDENTIALS_PREFIX),charset(UTF16)] uint16 prefix[0x30]; + [value(SUPPLEMENTAL_CREDENTIALS_SIGNATURE)] supplementalCredentialsSignature signature; uint16 num_packages; supplementalCredentialsPackage packages[num_packages]; } supplementalCredentialsSubBlob; @@ -264,23 +272,25 @@ interface drsblobs { } package_PrimaryKerberosString; typedef struct { + [value(0)] uint16 reserved1; + [value(0)] uint16 reserved2; + [value(0)] uint32 reserved3; uint32 keytype; [value((value?value->length:0))] uint32 value_len; [relative,subcontext(0),subcontext_size(value_len),flag(NDR_REMAINING)] DATA_BLOB *value; - [value(0)] uint32 unknown1; - [value(0)] uint32 unknown2; } package_PrimaryKerberosKey; typedef struct { uint16 num_keys; uint16 num_old_keys; package_PrimaryKerberosString salt; - [value(0)] uint32 unknown1; - [value(0)] uint32 unknown2; package_PrimaryKerberosKey keys[num_keys]; package_PrimaryKerberosKey old_keys[num_old_keys]; - udlong unknown3[num_keys]; - udlong unknown3_old[num_old_keys]; + [value(0)] uint32 padding1; + [value(0)] uint32 padding2; + [value(0)] uint32 padding3; + [value(0)] uint32 padding4; + [value(0)] uint32 padding5; } package_PrimaryKerberosCtr3; typedef [nodiscriminant] union { @@ -296,6 +306,40 @@ interface drsblobs { [in] package_PrimaryKerberosBlob blob ); + typedef struct { + [value(0)] uint32 unknown1; + [value(0)] uint32 unknown2; + [value(0x00001000)] uint32 unknown3; /* could the the iterator for the AES key creation */ + uint32 keytype; + [value((value?value->length:0))] uint32 value_len; + [relative,subcontext(0),subcontext_size(value_len),flag(NDR_REMAINING)] DATA_BLOB *value; + } package_PrimaryKerberosNewerKey; + + typedef struct { + uint16 num_keys; + [value(0)] uint16 unknown1; + uint16 num_old_keys1; + uint16 num_old_keys2; + package_PrimaryKerberosString salt; + [value(0x00001000)] uint32 unknown2; /* could the the iterator for the AES key creation */ + package_PrimaryKerberosNewerKey keys[num_keys]; + package_PrimaryKerberosNewerKey old_keys1[num_old_keys1]; + package_PrimaryKerberosNewerKey old_keys2[num_old_keys2]; + } package_PrimaryKerberosNewerCtr4; + + typedef [nodiscriminant] union { + [case(4)] package_PrimaryKerberosNewerCtr4 ctr4; + } package_PrimaryKerberosNewerCtr; + + typedef [public] struct { + [value(4)] uint32 version; + [switch_is(version)] package_PrimaryKerberosNewerCtr ctr; + } package_PrimaryKerberosNewerBlob; + + void decode_PrimaryKerberosNewer( + [in] package_PrimaryKerberosNewerBlob blob + ); + typedef [public] struct { [flag(STR_NOTERM|NDR_REMAINING)] string cleartext; } package_PrimaryCLEARTEXTBlob; diff --git a/source4/librpc/idl/drsuapi.idl b/source4/librpc/idl/drsuapi.idl index b9cff5d11d..c19da4fa19 100644 --- a/source4/librpc/idl/drsuapi.idl +++ b/source4/librpc/idl/drsuapi.idl @@ -58,21 +58,36 @@ interface drsuapi DRSUAPI_SUPPORTED_EXTENSION_80000000 = 0x80000000 } drsuapi_SupportedExtensions; + typedef [bitmap32bit] bitmap { + DRSUAPI_SUPPORTED_EXTENSION_ADAM = 0x00000001, + DRSUAPI_SUPPORTED_EXTENSION_LH_BETA2 = 0x00000002 + } drsuapi_SupportedExtensionsExt; + /* this is used by w2k */ typedef struct { drsuapi_SupportedExtensions supported_extensions; GUID site_guid; - uint32 u1; + uint32 pid; } drsuapi_DsBindInfo24; /* this is used by w2k3 */ typedef struct { drsuapi_SupportedExtensions supported_extensions; GUID site_guid; - uint32 u1; + uint32 pid; uint32 repl_epoch; } drsuapi_DsBindInfo28; + /* this is used by w2k8 */ + typedef struct { + drsuapi_SupportedExtensions supported_extensions; + GUID site_guid; + uint32 pid; + uint32 repl_epoch; + drsuapi_SupportedExtensionsExt supported_extensions_ext; + GUID config_dn_guid; + } drsuapi_DsBindInfo48; + typedef struct { [flag(NDR_REMAINING)] DATA_BLOB info; } drsuapi_DsBindInfoFallBack; @@ -80,6 +95,7 @@ interface drsuapi typedef [nodiscriminant] union { [case(24)][subcontext(4)] drsuapi_DsBindInfo24 info24; [case(28)][subcontext(4)] drsuapi_DsBindInfo28 info28; + [case(48)][subcontext(4)] drsuapi_DsBindInfo48 info48; [default][subcontext(4)] drsuapi_DsBindInfoFallBack FallBack; } drsuapi_DsBindInfo; @@ -1409,7 +1425,7 @@ interface drsuapi GUID bind_guid; NTTIME_1sec bind_time; [flag(NDR_BIG_ENDIAN)] ipv4address client_ip_address; - uint32 u5; /* this is the same value the client used as u1 in the DsBindInfoX struct */ + uint32 u5; /* this is the same value the client used as pid in the DsBindInfoX struct */ } drsuapi_DsReplicaConnection04; typedef struct { diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl index 6da496a486..d8f7d2f7e6 100644 --- a/source4/librpc/idl/netlogon.idl +++ b/source4/librpc/idl/netlogon.idl @@ -403,7 +403,7 @@ interface netlogon typedef struct { lsa_String domain_name; - lsa_String comment; + lsa_String oem_information; /* comment */ dlong force_logoff_time; uint16 min_password_length; uint16 password_history_length; diff --git a/source4/librpc/idl/samr.idl b/source4/librpc/idl/samr.idl index 3a11ab752c..b6cce38196 100644 --- a/source4/librpc/idl/samr.idl +++ b/source4/librpc/idl/samr.idl @@ -208,7 +208,7 @@ import "misc.idl", "lsa.idl", "security.idl"; typedef struct { NTTIME force_logoff_time; - lsa_String comment; + lsa_String oem_information; /* comment */ lsa_String domain_name; lsa_String primary; /* PDC name if this is a BDC */ udlong sequence_num; @@ -218,15 +218,15 @@ import "misc.idl", "lsa.idl", "security.idl"; uint32 num_users; uint32 num_groups; uint32 num_aliases; - } samr_DomInfo2; + } samr_DomGeneralInformation; typedef struct { NTTIME force_logoff_time; } samr_DomInfo3; typedef struct { - lsa_String comment; - } samr_DomInfo4; + lsa_String oem_information; /* comment */ + } samr_DomOEMInformation; typedef struct { lsa_String domain_name; @@ -250,11 +250,11 @@ import "misc.idl", "lsa.idl", "security.idl"; } samr_DomInfo9; typedef struct { - samr_DomInfo2 info2; + samr_DomGeneralInformation general; hyper lockout_duration; hyper lockout_window; uint16 lockout_threshold; - } samr_DomInfo11; + } samr_DomGeneralInformation2; typedef struct { hyper lockout_duration; @@ -271,15 +271,15 @@ import "misc.idl", "lsa.idl", "security.idl"; typedef [switch_type(uint16)] union { [case(1)] samr_DomInfo1 info1; - [case(2)] samr_DomInfo2 info2; + [case(2)] samr_DomGeneralInformation general; [case(3)] samr_DomInfo3 info3; - [case(4)] samr_DomInfo4 info4; + [case(4)] samr_DomOEMInformation oem; [case(5)] samr_DomInfo5 info5; [case(6)] samr_DomInfo6 info6; [case(7)] samr_DomInfo7 info7; [case(8)] samr_DomInfo8 info8; [case(9)] samr_DomInfo9 info9; - [case(11)] samr_DomInfo11 info11; + [case(11)] samr_DomGeneralInformation2 general2; [case(12)] samr_DomInfo12 info12; [case(13)] samr_DomInfo13 info13; } samr_DomainInfo; diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index 71c6d5f2cc..32646e85b0 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -647,11 +647,21 @@ NTSTATUS dcerpc_generic_session_key(struct dcerpc_connection *c, /* fetch the user session key - may be default (above) or the SMB session key + + The key is always truncated to 16 bytes */ _PUBLIC_ NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p, - DATA_BLOB *session_key) + DATA_BLOB *session_key) { - return p->conn->security_state.session_key(p->conn, session_key); + NTSTATUS status; + status = p->conn->security_state.session_key(p->conn, session_key); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + session_key->length = MIN(session_key->length, 16); + + return NT_STATUS_OK; } |