From 57b22d9df223aad2aefb353cd3963e418de2b44e Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 14 Feb 2007 15:21:41 +0000
Subject: r21342: add parsing code for the trustAuthIncoming/trustAuthOutgoing
 attributes

not everything has a meaning yet, but it's a start and we know how to get
to the password in cleartext

metze
(This used to be commit 65641181f782349f1f0192d1c95254e80e2b3887)
---
 source4/librpc/idl/drsblobs.idl | 66 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)

(limited to 'source4/librpc')

diff --git a/source4/librpc/idl/drsblobs.idl b/source4/librpc/idl/drsblobs.idl
index 1847efacee..177ad5bc2d 100644
--- a/source4/librpc/idl/drsblobs.idl
+++ b/source4/librpc/idl/drsblobs.idl
@@ -254,6 +254,72 @@ interface drsblobs {
 		[in] supplementalCredentialsBlob blob
 		);
 
+
+	typedef struct {
+		NTTIME time1;
+		uint32 unknown1;
+		/* 
+		 * the secret value is encoded as UTF16 if it's a string
+		 * but krb5 trusts have random bytes here, so converting to UTF16
+		 * mayfail...
+		 *
+		 * TODO: We should try handle the case of a random buffer in all places
+		 *       we deal with cleartext passwords from windows
+		 *
+		 * so we don't use this:
+		 *
+		 * uint32 value_len;
+		 * [charset(UTF16)] uint8 value[value_len];
+		 */
+		DATA_BLOB value;
+		[flag(NDR_ALIGN4)] DATA_BLOB _pad;
+	} trustAuthInOutSecret1;
+
+	typedef struct {
+		[relative] trustAuthInOutSecret1 *value1;
+		[relative] trustAuthInOutSecret1 *value2;
+	} trustAuthInOutCtr1;
+
+	typedef struct {
+		NTTIME time1;
+		uint32 unknown1;
+		DATA_BLOB value;
+		NTTIME time2;
+		uint32 unknown2;
+		uint32 unknown3;
+		uint32 unknown4;
+		[flag(NDR_ALIGN4)] DATA_BLOB _pad;
+	} trustAuthInOutSecret2V1;
+
+	typedef struct {
+		NTTIME time1;
+		uint32 unknown1;
+		DATA_BLOB value;
+		NTTIME time2;
+		uint32 unknown2;
+		uint32 unknown3;
+		[flag(NDR_ALIGN4)] DATA_BLOB _pad;
+	} trustAuthInOutSecret2V2;
+
+	typedef struct {
+		[relative] trustAuthInOutSecret2V1 *value1;
+		[relative] trustAuthInOutSecret2V2 *value2;
+	} trustAuthInOutCtr2;
+
+	typedef [nodiscriminant] union {
+		[case(1)] trustAuthInOutCtr1 ctr1;
+		[case(2)] trustAuthInOutCtr2 ctr2;
+	} trustAuthInOutCtr;
+
+	typedef [public] struct {
+		uint32 version;
+		[switch_is(version)] trustAuthInOutCtr ctr;
+	} trustAuthInOutBlob;
+
+	void decode_trustAuthInOut(
+		[in] trustAuthInOutBlob blob
+		);
+
 	typedef [public] struct {
 		uint32 marker;
 		DATA_BLOB data;
-- 
cgit