From 2b0ed1832a4935591b9aa4dcb7db53c17b72cd50 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 31 Jul 2008 07:45:30 +1000 Subject: Update trustAuthInOutBlob in line with MS-ADTS 7.1.6.8.1 (This used to be commit 26c2a34dec26890230dfa86827804d8160061ce5) --- source4/librpc/idl/drsblobs.idl | 90 +++++++++++++++++++++++------------------ 1 file changed, 51 insertions(+), 39 deletions(-) diff --git a/source4/librpc/idl/drsblobs.idl b/source4/librpc/idl/drsblobs.idl index adfc010237..401f5e40bb 100644 --- a/source4/librpc/idl/drsblobs.idl +++ b/source4/librpc/idl/drsblobs.idl @@ -1,6 +1,6 @@ #include "idl_types.h" -import "drsuapi.idl", "misc.idl"; +import "drsuapi.idl", "misc.idl", "samr.idl"; [ uuid("12345778-1234-abcd-0001-00000001"), @@ -359,19 +359,6 @@ interface drsblobs { typedef struct { NTTIME time1; uint32 unknown1; - /* - * the secret value is encoded as UTF16 if it's a string - * but krb5 trusts have random bytes here, so converting to UTF16 - * mayfail... - * - * TODO: We should try handle the case of a random buffer in all places - * we deal with cleartext passwords from windows - * - * so we don't use this: - * - * uint32 value_len; - * [charset(UTF16)] uint8 value[value_len]; - */ DATA_BLOB value; [flag(NDR_ALIGN4)] DATA_BLOB _pad; } trustAuthInOutSecret1; @@ -380,41 +367,66 @@ interface drsblobs { [relative] trustAuthInOutSecret1 *value1; [relative] trustAuthInOutSecret1 *value2; } trustAuthInOutCtr1; + + typedef [v1_enum] enum { + TRUST_AUTH_TYPE_NONE = 0, + TRUST_AUTH_TYPE_NT4OWF = 1, + TRUST_AUTH_TYPE_CLEAR = 2, + TRUST_AUTH_TYPE_VERSION = 3 + } trustAuthType; typedef struct { - NTTIME time1; - uint32 unknown1; - DATA_BLOB value; - NTTIME time2; - uint32 unknown2; - uint32 unknown3; - uint32 unknown4; - [flag(NDR_ALIGN4)] DATA_BLOB _pad; - } trustAuthInOutSecret2V1; + [value(0)] uint32 size; + } AuthInfoNone; typedef struct { - NTTIME time1; - uint32 unknown1; - DATA_BLOB value; - NTTIME time2; - uint32 unknown2; - uint32 unknown3; - [flag(NDR_ALIGN4)] DATA_BLOB _pad; - } trustAuthInOutSecret2V2; + [value(16)] uint32 size; + samr_Password password; + } AuthInfoNT4Owf; + + typedef struct { + uint32 size; + [charset(UTF16)] uint8 password[size]; + } AuthInfoClear; typedef struct { - [relative] trustAuthInOutSecret2V1 *value1; - [relative] trustAuthInOutSecret2V2 *value2; - } trustAuthInOutCtr2; + [value(4)] uint32 size; + uint32 version; + } AuthInfoVersion; typedef [nodiscriminant] union { - [case(1)] trustAuthInOutCtr1 ctr1; - [case(2)] trustAuthInOutCtr2 ctr2; - } trustAuthInOutCtr; + [case(TRUST_AUTH_TYPE_NONE)] AuthInfoNone none; + [case(TRUST_AUTH_TYPE_NT4OWF)] AuthInfoNT4Owf nt4owf; + [case(TRUST_AUTH_TYPE_CLEAR)] AuthInfoClear clear; + [case(TRUST_AUTH_TYPE_VERSION)] AuthInfoVersion version; + } AuthInfo; + + typedef struct { + NTTIME LastUpdateTime; + trustAuthType AuthType; + + /* + * the secret value is encoded as UTF16 if it's a string + * but depending the AuthType, it might also be krb5 trusts have random bytes here, so converting to UTF16 + * mayfail... + * + * TODO: We should try handle the case of a random buffer in all places + * we deal with cleartext passwords from windows + * + * so we don't use this: + * + * uint32 value_len; + * [charset(UTF16)] uint8 value[value_len]; + */ + [switch_is(AuthType)] AuthInfo AuthInfo; + [flag(NDR_ALIGN4)] DATA_BLOB _pad; + } AuthenticationInformation; typedef [public] struct { - uint32 version; - [switch_is(version)] trustAuthInOutCtr ctr; + uint32 count; + [relative] AuthenticationInformation *authinfo[count]; + [relative] AuthenticationInformation *previous_authinfo[count]; + } trustAuthInOutBlob; void decode_trustAuthInOut( -- cgit