claims.idl: Add claim type definitions

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

4 files changed, 201 insertions, 2 deletions

diff --git a/librpc/idl/IDL_LICENSE.txt b/librpc/idl/IDL_LICENSE.txt
index 01ae670b69b..a2d87ecb044 100644
--- a/librpc/idl/IDL_LICENSE.txt
+++ b/librpc/idl/IDL_LICENSE.txt
@@ -7,3 +7,79 @@ under the following license:
   This work is distributed in the hope that it will be useful, but
   WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+
+The following relates to IDL obtained from Open Specifications Documentation
+
+  Intellectual Property Rights Notice for Open Specifications Documentation
+
+  * Technical Documentation. Microsoft publishes Open Specifications
+    documentation (“this documentation”) for protocols, file formats,
+    data portability, computer languages, and standards
+    support. Additionally, overview documents cover inter-protocol
+    relationships and interactions.
+
+  * Copyrights. This documentation is covered by Microsoft
+    copyrights. Regardless of any other terms that are contained in
+    the terms of use for the Microsoft website that hosts this
+    documentation, you can make copies of it in order to develop
+    implementations of the technologies that are described in this
+    documentation and can distribute portions of it in your
+    implementations that use these technologies or in your
+    documentation as necessary to properly document the
+    implementation. You can also distribute in your implementation,
+    with or without modification, any schemas, IDLs, or code samples
+    that are included in the documentation. This permission also
+    applies to any documents that are referenced in the Open
+    Specifications documentation.
+
+  * No Trade Secrets. Microsoft does not claim any trade secret rights
+    in this documentation.
+
+  * Patents. Microsoft has patents that might cover your
+    implementations of the technologies described in the Open
+    Specifications documentation. Neither this notice nor Microsoft's
+    delivery of this documentation grants any licenses under those
+    patents or any other Microsoft patents.  However, a given Open
+    Specifications document might be covered by the Microsoft Open
+    Specifications Promise or the Microsoft Community Promise. If you
+    would prefer a written license, or if the technologies described
+    in this documentation are not covered by the Open Specifications
+    Promise or Community Promise, as applicable, patent licenses are
+    available by contacting iplg@microsoft.com.
+
+  * License Programs. To see all of the protocols in scope under a
+    specific license program and the associated patents, visit the
+    Patent Map.
+
+  * Trademarks. The names of companies and products contained in this
+    documentation might be covered by trademarks or similar
+    intellectual property rights. This notice does not grant any
+    licenses under those rights. For a list of Microsoft trademarks,
+    visit www.microsoft.com/trademarks.
+
+  * Fictitious Names. The example companies, organizations, products,
+    domain names, email addresses, logos, people, places, and events
+    that are depicted in this documentation are fictitious.  No
+    association with any real company, organization, product, domain
+    name, email address, logo, person, place, or event is intended or
+    should be inferred.
+
+  Reservation of Rights. All other rights are reserved, and this notice
+  does not grant any rights other than as specifically described above,
+  whether by implication, estoppel, or otherwise.
+
+  Tools. The Open Specifications documentation does not require the use
+  of Microsoft programming tools or programming environments in order
+  for you to develop an implementation. If you have access to Microsoft
+  programming tools and environments, you are free to take advantage of
+  them. Certain Open Specifications documents are intended for use in
+  conjunction with publicly available standards specifications and
+  network programming art and, as such, assume that the reader either
+  is familiar with the aforementioned material or has immediate access
+  to it.
+
+  Support. For questions and support, please contact dochelp@microsoft.com
+
+
+  The above is the IPR notice from MS-KILE
diff --git a/librpc/idl/claims.idl b/librpc/idl/claims.idl
new file mode 100644
index 00000000000..ed84cd772c1
--- /dev/null
+++ b/librpc/idl/claims.idl
@@ -0,0 +1,118 @@
+/*
+  claims
+
+  claim: An assertion about a security principal
+
+  From MS-ADTS:
+
+   For ease of implementation, the full IDL for the data types used for
+   claims is provided
+
+  The below was intially obtained from MS-ADTS which is
+  Copyright © 2022 Microsoft Corporation as permitted
+  by the Open Specifications terms reproduced in IDL_LICENCE.txt
+*/
+
+#include "idl_types.h"
+
+[
+  uuid("bba9cb76-eb0c-462c-aa1b-5d8c34415701"),
+  version(1.0),
+  pointer_default(unique),
+  helpstring("Active Directory Claims")
+]
+interface claims
+{
+#define wchar_t uint16
+#define CLAIM_ID [string, charset(UTF16)] wchar_t *
+
+	typedef enum {
+		CLAIM_TYPE_INT64 = 1,
+		CLAIM_TYPE_UINT64 = 2,
+		CLAIM_TYPE_STRING = 3,
+		CLAIM_TYPE_BOOLEAN = 6
+	} CLAIM_TYPE;
+
+	typedef enum {
+		CLAIMS_SOURCE_TYPE_AD = 1,
+		CLAIMS_SOURCE_TYPE_CERTIFICATE = 2
+	} CLAIMS_SOURCE_TYPE;
+
+	typedef enum {
+		CLAIMS_COMPRESSION_FORMAT_NONE = 0,
+		CLAIMS_COMPRESSION_FORMAT_LZNT1 = 2,
+		CLAIMS_COMPRESSION_FORMAT_XPRESS = 3,
+		CLAIMS_COMPRESSION_FORMAT_XPRESS_HUFF = 4
+	} CLAIMS_COMPRESSION_FORMAT;
+
+	typedef struct {
+		[range(1, 10*1024*1024)] uint32 value_count;
+		[size_is(value_count)] dlong *values;
+	} CLAIM_INT64;
+
+	typedef struct {
+		[range(1, 10*1024*1024)] uint32 value_count;
+		[size_is(value_count)] hyper *values;
+	} CLAIM_UINT64;
+
+	typedef struct {
+		[range(1, 10*1024*1024)] uint32 value_count;
+		[size_is(value_count), string, charset(UTF16)] wchar_t **values;
+	} CLAIM_STRING;
+
+	typedef [switch_type(CLAIM_TYPE),nodiscriminant,flag(NDR_ALIGN8)] union {
+		[case(CLAIM_TYPE_INT64)] CLAIM_INT64 claim_int64;
+		[case(CLAIM_TYPE_UINT64)] CLAIM_UINT64 claim_uint64;
+		[case(CLAIM_TYPE_STRING)] CLAIM_STRING claim_string;
+		[case(CLAIM_TYPE_BOOLEAN)] CLAIM_UINT64 claim_boolean;
+		[default];
+	} CLAIM_ENTRY_VALUES;
+
+	typedef struct {
+		CLAIM_ID id;
+		CLAIM_TYPE type;
+		[switch_is(type)] CLAIM_ENTRY_VALUES values;
+	} CLAIM_ENTRY;
+
+	typedef struct {
+		CLAIMS_SOURCE_TYPE claims_source_type;
+		uint32 claims_count;
+		[size_is(claims_count)] CLAIM_ENTRY *claim_entries;
+	} CLAIMS_ARRAY;
+
+	typedef struct {
+		CLAIMS_SET_METADATA *metadata;
+	} CLAIMS_SET_METADATA_CTR;
+
+	typedef struct {
+		CLAIMS_SET *claims;
+	} CLAIMS_SET_CTR;
+
+	/* Public structures. */
+
+	typedef [public] struct {
+		uint32 claims_array_count;
+		[size_is(claims_array_count)] CLAIMS_ARRAY *claims_arrays;
+		uint16 reserved_type;
+		uint32 reserved_field_size;
+		[size_is(reserved_field_size)] uint8 *reserved_field;
+	} CLAIMS_SET;
+
+	typedef [public] struct {
+		[subcontext(0xFFFFFC01)] CLAIMS_SET_CTR claims;
+	} CLAIMS_SET_NDR;
+
+	typedef [public] struct {
+		[subcontext(0xFFFFFC01)] CLAIMS_SET_METADATA_CTR claims;
+	} CLAIMS_SET_METADATA_NDR;
+
+	typedef [public] struct {
+		uint32 claims_set_size;
+		[size_is(claims_set_size)] uint8 *claims_set;
+		CLAIMS_COMPRESSION_FORMAT compression_format;
+		uint32 uncompressed_claims_set_size;
+		uint16 reserved_type;
+		uint32 reserved_field_size;
+		[size_is(reserved_field_size)] uint8 *reserved_field;
+	} CLAIMS_SET_METADATA;
+}
diff --git a/librpc/idl/wscript_build b/librpc/idl/wscript_build
index 1e53eec7dc0..e05e4795921 100644
--- a/librpc/idl/wscript_build
+++ b/librpc/idl/wscript_build
@@ -141,6 +141,7 @@ bld.SAMBA_PIDL_LIST('PIDL',
 bld.SAMBA_PIDL_LIST('PIDL',
 		    '''
                     auth.idl
+                    claims.idl
                     dcerpc.idl
                     dfsblobs.idl
                     dns.idl
diff --git a/librpc/wscript_build b/librpc/wscript_build
index cf9085c0884..698ccddd093 100644
--- a/librpc/wscript_build
+++ b/librpc/wscript_build
@@ -372,7 +372,7 @@ bld.SAMBA_SUBSYSTEM('NDR_KRB5PAC',
 
 bld.SAMBA_LIBRARY('ndr-krb5pac',
     source='ndr/ndr_krb5pac.c gen_ndr/ndr_krb5pac.c',
-    public_deps='ndr ndr-standard NDR_SECURITY',
+    public_deps='ndr ndr-standard NDR_SECURITY NDR_CLAIMS',
     public_headers='gen_ndr/krb5pac.h gen_ndr/ndr_krb5pac.h ndr/ndr_krb5pac.h',
     header_path=[ ('gen_ndr*', 'gen_ndr'), ('ndr*', 'ndr')],
     pc_files='ndr_krb5pac.pc',
@@ -384,6 +384,10 @@ bld.SAMBA_SUBSYSTEM('NDR_KRB5CCACHE',
     deps='ndr NDR_COMPRESSION NDR_SECURITY ndr-standard asn1util'
     )
 
+bld.SAMBA_SUBSYSTEM('NDR_CLAIMS',
+    source='gen_ndr/ndr_claims.c',
+    deps='ndr')
+
 bld.SAMBA_LIBRARY('ndr-standard',
     source='',
     vnum='0.0.1',
@@ -394,7 +398,7 @@ bld.SAMBA_LIBRARY('ndr-standard',
     NDR_ECHO security NDR_DNS NDR_DNSP NDR_ATSVC NDR_SPOOLSS NDR_DSSETUP
     NDR_SERVER_ID NDR_NOTIFY''',
     public_deps='ndr',
-    public_headers='gen_ndr/samr.h gen_ndr/ndr_samr.h gen_ndr/lsa.h gen_ndr/netlogon.h gen_ndr/atsvc.h gen_ndr/ndr_atsvc.h gen_ndr/ndr_svcctl.h gen_ndr/svcctl.h',
+    public_headers='gen_ndr/samr.h gen_ndr/ndr_samr.h gen_ndr/lsa.h gen_ndr/netlogon.h gen_ndr/atsvc.h gen_ndr/ndr_atsvc.h gen_ndr/ndr_svcctl.h gen_ndr/svcctl.h gen_ndr/claims.h',
     header_path='gen_ndr'
     )