diff options
| author | Gary Lockyer <gary@catalyst.net.nz> | 2017-04-04 16:00:20 +1200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2017-05-25 02:25:12 +0200 |
| commit | 826e50a5f62146bae5827736eecdea63726ab996 (patch) | |
| tree | f7dc3d803fb010f6abcefcf4bbb3ae91534251ad /librpc/idl | |
| parent | d4bc91a964725c0a0fb8f8c3aa48fcb13f4a998e (diff) | |
| download | samba-826e50a5f62146bae5827736eecdea63726ab996.tar.gz | |
idl drsblobs: add the blobs required for Primary:userPassword
Add the blobs required to allow the storing of an sha256 or sha512 hash of
the password in supplemental credentials
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'librpc/idl')
| -rw-r--r-- | librpc/idl/drsblobs.idl | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/librpc/idl/drsblobs.idl b/librpc/idl/drsblobs.idl index 44f5fda1848..9fca2cb8b1f 100644 --- a/librpc/idl/drsblobs.idl +++ b/librpc/idl/drsblobs.idl @@ -323,6 +323,16 @@ interface drsblobs { * 'Primary:CLEARTEXT': * data contains the cleartext password * as UTF16 string encoded as HEX string + * + * 'Primary:userPassword': + * ... + * + * 'Primary:SambaGPG': + * ... + * + * 'Primary:NTLM-Strong-NTOWF': + * ... Not yet implemented. + * */ [charset(DOS)] uint8 data[data_len]; } supplementalCredentialsPackage; @@ -460,6 +470,40 @@ interface drsblobs { [in] package_PrimarySambaGPGBlob blob ); + /* + * Password hashes stored in a scheme compatible with + * OpenLDAP's userPassword attribute. The Package is named + * Primary:userPassword each calculated hash, + * which is typically caclulated via crypt(), the scheme is stored. + * The scheme name and the {scheme} format is re-used from OpenLDAP's + * use for userPassword to aid interopability when exported. + * + * The currently supported scheme so far is {CRYPT}, which may + * be specified multiple times if both CryptSHA256 ($5$) and + * CryptSHA512 ($6$) are in use. + * + * current_nt_hash is either the unicodePwd or the + * NTLM-Strong-NTOWF, to allow us to prove this password is + * a valid element. + */ + typedef struct { + [value(2*strlen_m(scheme))] uint16 scheme_len; + [charset(UTF16)] uint8 scheme[scheme_len]; + [value((value?value->length:0))] uint32 value_len; + [relative,subcontext(0),subcontext_size(value_len), + flag(NDR_REMAINING)] DATA_BLOB *value; + } package_PrimaryUserPasswordValue; + + typedef [public] struct { + samr_Password current_nt_hash; + uint16 num_hashes; + package_PrimaryUserPasswordValue hashes[num_hashes]; + } package_PrimaryUserPasswordBlob; + + void decode_PrimaryUserPasswordBlob( + [in] package_PrimaryUserPasswordBlob blob + ); + typedef struct { [value(0)] uint32 size; } AuthInfoNone; |