idl: finally share krb5_pac.idl.

Guenther

1 files changed, 134 insertions, 0 deletions

diff --git a/librpc/idl/krb5pac.idl b/librpc/idl/krb5pac.idl
new file mode 100644
index 00000000000..a498b795f8e
--- /dev/null
+++ b/librpc/idl/krb5pac.idl
@@ -0,0 +1,134 @@
+/*
+  krb5 PAC
+*/
+
+#include "idl_types.h"
+
+import "security.idl", "netlogon.idl", "samr.idl";
+
+[
+  uuid("12345778-1234-abcd-0000-00000000"),
+  version(0.0),
+  pointer_default(unique),
+  helpstring("Active Directory KRB5 PAC")
+]
+interface krb5pac
+{
+	typedef struct {
+		NTTIME logon_time;
+		[value(2*strlen_m(account_name))] uint16 size;
+		[charset(UTF16)] uint8 account_name[size];
+	} PAC_LOGON_NAME;
+
+	typedef [public,flag(NDR_PAHEX)] struct {
+		uint32 type;
+		[flag(NDR_REMAINING)] DATA_BLOB signature;
+	} PAC_SIGNATURE_DATA;
+
+	typedef [gensize] struct {
+		netr_SamInfo3 info3;
+		dom_sid2 *res_group_dom_sid;
+		samr_RidWithAttributeArray res_groups;
+	} PAC_LOGON_INFO;
+
+	typedef struct {
+		[value(2*strlen_m(upn_name))] uint16 upn_size;
+		uint16 upn_offset;
+		[value(2*strlen_m(domain_name))] uint16 domain_size;
+		uint16 domain_offset;
+		uint16 unknown3; /* 0x01 */
+		uint16 unknown4;
+		uint32 unknown5;
+		[charset(UTF16)] uint8 upn_name[upn_size+2];
+		[charset(UTF16)] uint8 domain_name[domain_size+2];
+		uint32 unknown6; /* padding */
+	} PAC_UNKNOWN_12;
+
+	typedef [public] struct {
+		PAC_LOGON_INFO *info;
+	} PAC_LOGON_INFO_CTR;
+
+	typedef [public,v1_enum] enum {
+		PAC_TYPE_LOGON_INFO = 1,
+		PAC_TYPE_SRV_CHECKSUM = 6,
+		PAC_TYPE_KDC_CHECKSUM = 7,
+		PAC_TYPE_LOGON_NAME = 10,
+		PAC_TYPE_CONSTRAINED_DELEGATION = 11,
+		PAC_TYPE_UNKNOWN_12 = 12
+	} PAC_TYPE;
+
+	typedef struct {
+		[flag(NDR_REMAINING)] DATA_BLOB remaining;
+	} DATA_BLOB_REM;
+
+	typedef [public,nodiscriminant,gensize] union {
+		[case(PAC_TYPE_LOGON_INFO)][subcontext(0xFFFFFC01)] PAC_LOGON_INFO_CTR logon_info;
+		[case(PAC_TYPE_SRV_CHECKSUM)]	PAC_SIGNATURE_DATA srv_cksum;
+		[case(PAC_TYPE_KDC_CHECKSUM)]	PAC_SIGNATURE_DATA kdc_cksum;
+		[case(PAC_TYPE_LOGON_NAME)]	PAC_LOGON_NAME logon_name;
+		/* when new PAC info types are added they are supposed to be done
+		   in such a way that they are backwards compatible with existing
+		   servers. This makes it safe to just use a [default] for
+		   unknown types, which lets us ignore the data */
+		[default]	[subcontext(0)] DATA_BLOB_REM unknown;
+		/* [case(PAC_TYPE_UNKNOWN_12)]	PAC_UNKNOWN_12 unknown; */
+	} PAC_INFO;
+
+	typedef [public,nopush,nopull,noprint] struct {
+		PAC_TYPE type;
+		[value(_ndr_size_PAC_INFO(info, type, 0))] uint32 _ndr_size;
+		[relative,switch_is(type),subcontext(0),subcontext_size(_subcontext_size_PAC_INFO(r, ndr->flags)),flag(NDR_ALIGN8)] PAC_INFO *info;
+		[value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
+	} PAC_BUFFER;
+
+	typedef [public] struct {
+		uint32 num_buffers;
+		uint32 version;
+		PAC_BUFFER buffers[num_buffers];
+	} PAC_DATA;
+
+	typedef [public] struct {
+		PAC_TYPE type;
+		uint32 ndr_size;
+		[relative,subcontext(0),subcontext_size(NDR_ROUND(ndr_size,8)),flag(NDR_ALIGN8)] DATA_BLOB_REM *info;
+		[value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
+	} PAC_BUFFER_RAW;
+
+	typedef [public] struct {
+		uint32 num_buffers;
+		uint32 version;
+		PAC_BUFFER_RAW buffers[num_buffers];
+	} PAC_DATA_RAW;
+
+	const int NETLOGON_GENERIC_KRB5_PAC_VALIDATE = 3;
+
+	typedef [public] struct {
+		[value(NETLOGON_GENERIC_KRB5_PAC_VALIDATE)] uint32 MessageType;
+		uint32 ChecksumLength;
+		int32 SignatureType;
+		uint32 SignatureLength;
+		[flag(NDR_REMAINING)] DATA_BLOB ChecksumAndSignature;
+	} PAC_Validate;
+
+	void decode_pac(
+		[in] PAC_DATA pac
+		);
+
+	void decode_pac_raw(
+		[in] PAC_DATA_RAW pac
+		);
+
+	void decode_login_info(
+		[in] PAC_LOGON_INFO logon_info
+		);
+
+	void decode_pac_validate(
+		[in] PAC_Validate pac_validate
+		);
+
+	/* used for samba3 netsamlogon cache */
+	typedef [public] struct {
+		time_t timestamp;
+		netr_SamInfo3 info3;
+	} netsamlogoncache_entry;
+}