From 25ae380fabfd2d7e5141dadb48b8e30b5b723c1f Mon Sep 17 00:00:00 2001 From: Matthieu Patou Date: Sat, 20 Nov 2010 18:19:06 +0300 Subject: idl: Add IDL for remote key backup protocol (rkbp) Signed-off-by: Stefan Metzmacher --- librpc/idl/backupkey.idl | 120 +++++++++++++++++++++++++++++++++++++++++++++++ librpc/idl/wscript_build | 2 +- 2 files changed, 121 insertions(+), 1 deletion(-) create mode 100644 librpc/idl/backupkey.idl (limited to 'librpc/idl') diff --git a/librpc/idl/backupkey.idl b/librpc/idl/backupkey.idl new file mode 100644 index 0000000000..e21030bb69 --- /dev/null +++ b/librpc/idl/backupkey.idl @@ -0,0 +1,120 @@ +#include "idl_types.h" + +import "misc.idl", "security.idl"; +[ + uuid("3dde7c30-165d-11d1-ab8f-00805f14db40"), + version(1.0), + endpoint("ncacn_np:[\\pipe\\protected_storage]","ncacn_np:[\\pipe\\ntsvcs]" ,"ncacn_ip_tcp:"), + helpstring("Remote Backup Key Storage"), + helper("../librpc/ndr/ndr_backupkey.h"), + pointer_default(unique) +] +interface backupkey +{ + const string BACKUPKEY_RESTORE_GUID = "47270C64-2FC7-499B-AC5B-0E37CDCE899A"; + const string BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID = "018FF48A-EABA-40C6-8F6D-72370240E967"; + + const string BACKUPKEY_RESTORE_GUID_WIN2K = "7FE94D50-178E-11D1-AB8F-00805F14DB40"; + const string BACKUPKEY_BACKUP_GUID = "7F752B10-178E-11D1-AB8F-00805F14DB40"; + + /* + * The magic values are really what they are there is no name it's just remarkable values + * that are here to check that what is transmited or decoded is really what the client or + * the server expect. + */ + [public] typedef struct { + [value(0x00000002)] uint32 header1; + [value(0x00000494)] uint32 header2; + uint32 certificate_len; + [value(0x00000207)] uint32 magic1; + [value(0x0000A400)] uint32 magic2; + [value(0x32415352)] uint32 magic3; + [value(0x00000800)] uint32 magic4; + [subcontext(0),subcontext_size(4),flag(NDR_REMAINING)] DATA_BLOB public_exponent; + + [subcontext(0),subcontext_size(256),flag(NDR_REMAINING)] DATA_BLOB modulus; + [subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB prime1; + [subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB prime2; + [subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB exponent1; + [subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB exponent2; + [subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB coefficient; + [subcontext(0),subcontext_size(256),flag(NDR_REMAINING)] DATA_BLOB private_exponent; + [subcontext(0),subcontext_size(certificate_len),flag(NDR_REMAINING)] DATA_BLOB cert; + } bkrp_exported_RSA_key_pair; + + [public] typedef struct { + [value(0x00000001)] uint32 magic; + uint8 key[256]; + } bkrp_dc_serverwrap_key; + + [public,gensize] typedef struct { + uint32 version; + uint32 encrypted_secret_len; + uint32 access_check_len; + GUID guid; + uint8 encrypted_secret[encrypted_secret_len]; + uint8 access_check[access_check_len]; + } bkrp_client_side_wrapped; + + [public] typedef struct { + [value(0x00000000)] uint32 magic; + [subcontext(0),flag(NDR_REMAINING)] DATA_BLOB secret; + } bkrp_client_side_unwrapped; + + [public] typedef struct { + uint32 secret_len; + [value(0x00000020)] uint32 magic; + uint8 secret[secret_len]; + uint8 payload_key[32]; + } bkrp_encrypted_secret_v2; + + [public] typedef struct { + uint32 secret_len; + [value(0x00000030)] uint32 magic1; + [value(0x00006610)] uint32 magic2; + [value(0x0000800e)] uint32 magic3; + uint8 secret[secret_len]; + uint8 payload_key[48]; + } bkrp_encrypted_secret_v3; + + /* Due to alignement constraint we can generate the structure only via pidl*/ + [public, nopush, nopull] typedef struct { + [value(0x00000001)] uint32 magic; + uint32 nonce_len; + uint8 nonce[nonce_len]; + dom_sid sid; + uint8 hash[20]; + } bkrp_access_check_v2; + + /* Due to alignement constraint we can generate the structure only via pidl*/ + [public,nopush,nopull] typedef struct { + [value(0x00000001)] uint32 magic; + uint32 nonce_len; + uint8 nonce[nonce_len]; + dom_sid sid; + uint8 hash[64]; + } bkrp_access_check_v3; + + typedef enum { + BACKUPKEY_INVALID_GUID_INTEGER = 0xFFFF, + BACKUPKEY_RESTORE_GUID_INTEGER = 0x0000, + BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID_INTEGER = 0x0001 + } bkrp_guid_to_integer; + + [public] typedef [nodiscriminant] union { + [case(BACKUPKEY_RESTORE_GUID_INTEGER)] bkrp_client_side_wrapped restore_req; + [case(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID_INTEGER)] bkrp_client_side_wrapped cert_req; + } bkrp_data_in_blob; + + /******************/ + /* Function: 0x00 */ + + [public, noprint] WERROR bkrp_BackupKey ( + [in,ref] GUID *guidActionAgent, + [in,ref] [size_is(data_in_len)] uint8 *data_in, + [in] uint32 data_in_len, + [out,ref] [size_is(,*data_out_len)] uint8 **data_out, + [out,ref] uint32 *data_out_len, + [in] uint32 param + ); +} diff --git a/librpc/idl/wscript_build b/librpc/idl/wscript_build index 78f174f6d1..2d65d748ee 100644 --- a/librpc/idl/wscript_build +++ b/librpc/idl/wscript_build @@ -10,7 +10,7 @@ bld.SAMBA_PIDL_LIST('PIDL', dbgidl.idl dnsserver.idl echo.idl frsrpc.idl lsa.idl nbt.idl dns.idl oxidresolver.idl samr.idl srvsvc.idl winreg.idl dcerpc.idl drsblobs.idl efs.idl frstrans.idl mgmt.idl netlogon.idl - policyagent.idl scerpc.idl svcctl.idl wkssvc.idl eventlog6.idl''', + policyagent.idl scerpc.idl svcctl.idl wkssvc.idl eventlog6.idl backupkey.idl''', options='--header --ndr-parser --samba3-ndr-server --samba3-ndr-client --server --client --python', output_dir='../gen_ndr') -- cgit