From 279ca744933a94de62273961aeb3f7c4cae33e65 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 2 Sep 2008 11:31:17 +1000 Subject: Share IDL between the LSA and drsblob representations of trusts (This used to be commit e5520706c88911c66b3ce5817e371900212ca083) --- source4/librpc/idl/drsblobs.idl | 52 ++++++++++++++--------------------------- source4/librpc/idl/lsa.idl | 40 ++++++++++++++++++++++++++----- 2 files changed, 51 insertions(+), 41 deletions(-) diff --git a/source4/librpc/idl/drsblobs.idl b/source4/librpc/idl/drsblobs.idl index eb85989eda..39c9680bdb 100644 --- a/source4/librpc/idl/drsblobs.idl +++ b/source4/librpc/idl/drsblobs.idl @@ -1,6 +1,6 @@ #include "idl_types.h" -import "drsuapi.idl", "misc.idl", "samr.idl"; +import "drsuapi.idl", "misc.idl", "samr.idl", "lsa.idl"; [ uuid("12345778-1234-abcd-0001-00000001"), @@ -12,7 +12,7 @@ interface drsblobs { typedef bitmap drsuapi_DsReplicaSyncOptions drsuapi_DsReplicaSyncOptions; typedef bitmap drsuapi_DsReplicaNeighbourFlags drsuapi_DsReplicaNeighbourFlags; typedef [v1_enum] enum drsuapi_DsAttributeId drsuapi_DsAttributeId; - + typedef [v1_enum] enum lsa_TrustAuthType lsa_TrustAuthType; /* * replPropertyMetaData * w2k uses version 1 @@ -356,25 +356,6 @@ interface drsblobs { [in] package_PrimaryWDigestBlob blob ); - typedef struct { - NTTIME time1; - uint32 unknown1; - DATA_BLOB value; - [flag(NDR_ALIGN4)] DATA_BLOB _pad; - } trustAuthInOutSecret1; - - typedef struct { - [relative] trustAuthInOutSecret1 *value1; - [relative] trustAuthInOutSecret1 *value2; - } trustAuthInOutCtr1; - - typedef [v1_enum] enum { - TRUST_AUTH_TYPE_NONE = 0, - TRUST_AUTH_TYPE_NT4OWF = 1, - TRUST_AUTH_TYPE_CLEAR = 2, - TRUST_AUTH_TYPE_VERSION = 3 - } trustAuthType; - typedef struct { [value(0)] uint32 size; } AuthInfoNone; @@ -384,6 +365,20 @@ interface drsblobs { samr_Password password; } AuthInfoNT4Owf; + /* + * the secret value is encoded as UTF16 if it's a string + * but depending the AuthType, it might also be krb5 trusts have random bytes here, so converting to UTF16 + * mayfail... + * + * TODO: We should try handle the case of a random buffer in all places + * we deal with cleartext passwords from windows + * + * so we don't use this: + * + * uint32 value_len; + * [charset(UTF16)] uint8 value[value_len]; + */ + typedef struct { uint32 size; uint8 password[size]; @@ -403,21 +398,8 @@ interface drsblobs { typedef [public] struct { NTTIME LastUpdateTime; - trustAuthType AuthType; + lsa_TrustAuthType AuthType; - /* - * the secret value is encoded as UTF16 if it's a string - * but depending the AuthType, it might also be krb5 trusts have random bytes here, so converting to UTF16 - * mayfail... - * - * TODO: We should try handle the case of a random buffer in all places - * we deal with cleartext passwords from windows - * - * so we don't use this: - * - * uint32 value_len; - * [charset(UTF16)] uint8 value[value_len]; - */ [switch_is(AuthType)] AuthInfo AuthInfo; [flag(NDR_ALIGN4)] DATA_BLOB _pad; } AuthenticationInformation; diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl index 408956b3fa..81931ae02a 100644 --- a/source4/librpc/idl/lsa.idl +++ b/source4/librpc/idl/lsa.idl @@ -578,9 +578,16 @@ import "misc.idl", "security.idl"; lsa_TrustAttributes trust_attributes; } lsa_TrustDomainInfoInfoEx; + typedef [public,v1_enum] enum { + TRUST_AUTH_TYPE_NONE = 0, + TRUST_AUTH_TYPE_NT4OWF = 1, + TRUST_AUTH_TYPE_CLEAR = 2, + TRUST_AUTH_TYPE_VERSION = 3 + } lsa_TrustAuthType; + typedef struct { NTTIME_hyper last_update_time; - uint32 secret_type; + lsa_TrustAuthType AuthType; lsa_DATA_BUF2 data; } lsa_TrustDomainInfoBuffer; @@ -652,7 +659,11 @@ import "misc.idl", "security.idl"; ); /* Function: 0x1b */ - [todo] NTSTATUS lsa_SetInformationTrustedDomain(); + NTSTATUS lsa_SetInformationTrustedDomain( + [in] policy_handle *trustdom_handle, + [in] lsa_TrustDomInfoEnum level, + [in,switch_is(level)] lsa_TrustedDomainInfo *info + ); /* Function: 0x1c */ [public] NTSTATUS lsa_OpenSecret( @@ -770,7 +781,12 @@ import "misc.idl", "security.idl"; ); /* Function: 0x28 */ - [todo] NTSTATUS lsa_SetTrustedDomainInfo(); + NTSTATUS lsa_SetTrustedDomainInfo( + [in] policy_handle *handle, + [in] dom_sid2 *dom_sid, + [in] lsa_TrustDomInfoEnum level, + [in,switch_is(level)] lsa_TrustedDomainInfo *info + ); /* Function: 0x29 */ NTSTATUS lsa_DeleteTrustedDomain( [in] policy_handle *handle, @@ -855,9 +871,15 @@ import "misc.idl", "security.idl"; [in] uint32 max_size ); - /* Function 0x33 */ - [todo] NTSTATUS lsa_CreateTrustedDomainEx(); + NTSTATUS lsa_CreateTrustedDomainEx( + [in] policy_handle *policy_handle, + [in] lsa_TrustDomainInfoInfoEx *info, + [in] lsa_TrustDomainInfoAuthInfo *auth_info, + [in] uint32 access_mask, + [out] policy_handle *trustdom_handle + ); + /* Function 0x34 */ NTSTATUS lsa_CloseTrustedDomainEx( @@ -971,7 +993,13 @@ import "misc.idl", "security.idl"; ); /* Function 0x3b */ - [todo] NTSTATUS lsa_CreateTrustedDomainEx2(); + NTSTATUS lsa_CreateTrustedDomainEx2( + [in] policy_handle *policy_handle, + [in] lsa_TrustDomainInfoInfoEx *info, + [in] lsa_TrustDomainInfoAuthInfo *auth_info, + [in] uint32 access_mask, + [out] policy_handle *trustdom_handle + ); /* Function 0x3c */ [todo] NTSTATUS lsa_CREDRWRITE(); -- cgit