diff options
-rw-r--r-- | source3/librpc/idl/secrets.idl | 92 | ||||
-rw-r--r-- | source3/librpc/wscript_build | 2 |
2 files changed, 92 insertions, 2 deletions
diff --git a/source3/librpc/idl/secrets.idl b/source3/librpc/idl/secrets.idl index 1d0ba1940ab..2c06fa6990d 100644 --- a/source3/librpc/idl/secrets.idl +++ b/source3/librpc/idl/secrets.idl @@ -1,6 +1,6 @@ #include "idl_types.h" -import "security.idl"; +import "misc.idl", "samr.idl", "lsa.idl", "netlogon.idl", "security.idl"; /* IDL structures for secrets code @@ -37,5 +37,95 @@ import "security.idl"; security_descriptor *sd; } lsa_secret; + /* + * This is the on-disc format the workstation trust. + * + * DO NOT CHANGE + * without changing secrets_domain_info_version + * and adding glue code. Discuss on samba-technical + * first! + */ + typedef struct { + uint32 keytype; + uint32 iteration_count; + [flag(NDR_SECRET)] DATA_BLOB value; + } secrets_domain_info1_kerberos_key; + + typedef struct { + NTTIME change_time; + [string,charset(UTF16)] uint16 change_server[]; + + [flag(NDR_SECRET)] DATA_BLOB cleartext_blob; + [flag(NDR_SECRET)] samr_Password nt_hash; + + [string,charset(UTF16)] uint16 *salt_data; + uint32 default_iteration_count; + uint16 num_keys; + secrets_domain_info1_kerberos_key keys[num_keys]; + } secrets_domain_info1_password; + + typedef struct { + NTSTATUS local_status; + NTSTATUS remote_status; + NTTIME change_time; + [string,charset(UTF16)] uint16 change_server[]; + [ref] secrets_domain_info1_password *password; + } secrets_domain_info1_change; + + typedef [public] struct { + [value(0)] hyper reserved_flags; + + NTTIME join_time; + + [string,charset(UTF16)] uint16 computer_name[]; + [string,charset(UTF16)] uint16 account_name[]; + netr_SchannelType secure_channel_type; + + lsa_DnsDomainInfo domain_info; + netr_TrustFlags trust_flags; + lsa_TrustType trust_type; + lsa_TrustAttributes trust_attributes; + + /* + * This is unused currently, it might + * be useful to implement multi-tenancy (joining multiple domains) + * in future. + * + * Or we could use it to do other filtering of domains. + */ + [value(NULL)] lsa_ForestTrustInformation *reserved_routing; + + kerb_EncTypes supported_enc_types; + [string,charset(UTF16)] uint16 *salt_principal; + + NTTIME password_last_change; + hyper password_changes; + secrets_domain_info1_change *next_change; + + [ref] secrets_domain_info1_password *password; + secrets_domain_info1_password *old_password; + secrets_domain_info1_password *older_password; + } secrets_domain_info1; + + typedef [v1_enum] enum { + SECRETS_DOMAIN_INFO_VERSION_1 = 0x00000001 + } secrets_domain_info_version; + + /* + * If we ever need to change this we need to + * change secrets_domain_info into + * secrets_domain_info_v1 + */ + typedef union { + [case(SECRETS_DOMAIN_INFO_VERSION_1)] + secrets_domain_info1 *info1; + [default]; + } secrets_domain_infoU; + + typedef [public] struct { + secrets_domain_info_version version; + [value(0)] uint32 reserved; + [switch_is(version)] secrets_domain_infoU info; + } secrets_domain_infoB; } diff --git a/source3/librpc/wscript_build b/source3/librpc/wscript_build index 1d8c17b0c7f..92603509311 100644 --- a/source3/librpc/wscript_build +++ b/source3/librpc/wscript_build @@ -27,7 +27,7 @@ bld.SAMBA3_SUBSYSTEM('NDR_LEASES_DB', bld.SAMBA3_SUBSYSTEM('NDR_SECRETS', source='gen_ndr/ndr_secrets.c', - public_deps='ndr NDR_SECURITY' + public_deps='ndr NDR_SAMR NDR_LSA NDR_NETLOGON NDR_SECURITY' ) bld.SAMBA3_SUBSYSTEM('NDR_PERFCOUNT', |