librpc/idl/krb5ccache.idl

   1 /*
   2   krb5 credentials cache (version 3 or 4)
   3   specification: https://web.mit.edu/kerberos/krb5-devel/doc/formats/ccache_file_format.html
   4
   5   krb5 keytab (version 2)
   6   specification: https://web.mit.edu/kerberos/krb5-devel/doc/formats/keytab_file_format.html
   7 */
   8
   9 #include "idl_types.h"
  10
  11 [
  12   uuid("1702b695-99ca-4f32-93e4-1e1c4d5ddb53"),
  13   version(0.0),
  14   pointer_default(unique),
  15   helpstring("KRB5 credentials cache")
  16 ]
  17 interface krb5ccache
  18 {
  19         typedef struct {
  20                 uint32 name_type;
  21                 uint32 component_count;
  22                 [flag(STR_SIZE4|STR_NOTERM|STR_UTF8)] string realm;
  23                 [flag(STR_SIZE4|STR_NOTERM|STR_UTF8)] string components[component_count];
  24         } PRINCIPAL;
  25
  26         typedef struct {
  27                 uint16 enctype;
  28                 DATA_BLOB data;
  29         } KEYBLOCK;
  30
  31         typedef struct {
  32                 uint16 addrtype;
  33                 DATA_BLOB data;
  34         } ADDRESS;
  35
  36         typedef struct {
  37                 uint32 count;
  38                 ADDRESS data[count];
  39         } ADDRESSES;
  40
  41         typedef struct {
  42                 uint16 ad_type;
  43                 DATA_BLOB data;
  44         } AUTHDATUM;
  45
  46         typedef struct {
  47                 uint32 count;
  48                 AUTHDATUM data[count];
  49         } AUTHDATA;
  50
  51         typedef struct {
  52                 PRINCIPAL client;
  53                 PRINCIPAL server;
  54                 KEYBLOCK keyblock;
  55                 uint32 authtime;
  56                 uint32 starttime;
  57                 uint32 endtime;
  58                 uint32 renew_till;
  59                 uint8 is_skey;
  60                 uint32 ticket_flags;
  61                 ADDRESSES addresses;
  62                 AUTHDATA authdata;
  63                 DATA_BLOB ticket;
  64                 DATA_BLOB second_ticket;
  65         } CREDENTIAL;
  66
  67         typedef struct {
  68                 [value(0)] int32 kdc_sec_offset;
  69                 [value(0)] int32 kdc_usec_offset;
  70         } DELTATIME_TAG;
  71
  72         typedef [nodiscriminant] union {
  73                 [case(1)] DELTATIME_TAG deltatime_tag;
  74         } FIELD;
  75
  76         typedef struct {
  77                 [value(1)] uint16 tag;
  78                 [subcontext(2),switch_is(tag)] FIELD field;
  79         } V4TAG;
  80
  81         typedef struct {
  82                 V4TAG tag;
  83                 /*
  84                  * We should allow for more than one tag to be properly parsed, but that
  85                  * would require manual parsing.
  86                  */
  87                 [flag(NDR_REMAINING)] DATA_BLOB further_tags;
  88         } V4TAGS;
  89
  90         typedef struct {
  91                 [subcontext(2)] V4TAGS v4tags;
  92         } V4HEADER;
  93
  94         typedef [nodiscriminant] union {
  95                 /*
  96                  * We don't attempt to support file format versions 1 and 2 as they
  97                  * assume native CPU byte order, which makes no sense in PIDL.
  98                  */
  99                 [case(3)] ;
 100                 [case(4)] V4HEADER v4header;
 101         } OPTIONAL_HEADER;
 102
 103         /* Public structures. */
 104
 105         typedef [flag(NDR_NOALIGN|NDR_BIG_ENDIAN|NDR_PAHEX),public] struct {
 106                 [value(5),range(5,5)] uint8 pvno;
 107                 [value(4)] uint8 version;
 108                 [switch_is(version)] OPTIONAL_HEADER optional_header;
 109                 PRINCIPAL principal;
 110                 CREDENTIAL cred;
 111                 [flag(NDR_REMAINING)] DATA_BLOB further_creds;
 112         } CCACHE;
 113
 114         typedef [flag(NDR_NOALIGN|NDR_BIG_ENDIAN|NDR_PAHEX),public] struct {
 115                 CREDENTIAL cred;
 116                 [flag(NDR_REMAINING)] DATA_BLOB further_creds;
 117         } MULTIPLE_CREDENTIALS;
 118
 119         typedef struct {
 120                 uint16 length;
 121                 uint8 data[length];
 122         } KEYTAB_KEYBLOCK;
 123
 124         typedef struct {
 125                 uint16 component_count;
 126                 [flag(STR_SIZE2|STR_NOTERM|STR_UTF8)] string realm;
 127                 [flag(STR_SIZE2|STR_NOTERM|STR_UTF8)] string components[component_count];
 128                 uint32 name_type;
 129         } KEYTAB_PRINCIPAL;
 130
 131         typedef struct {
 132                 KEYTAB_PRINCIPAL principal;
 133                 uint32 timestamp;
 134                 uint8 key_version;
 135                 uint16 enctype;
 136                 KEYTAB_KEYBLOCK key;
 137                 uint32 full_key_version; /* We assume modern Heimdal or MIT 1.14 or later */
 138         } KEYTAB_ENTRY;
 139
 140         /*
 141          * This parser assumes a fresh keytab without negative lengths
 142          * to indicate holes generated by MIT krb5 1.14
 143          */
 144         typedef [flag(NDR_NOALIGN|NDR_BIG_ENDIAN|NDR_PAHEX),public] struct {
 145                 [value(5),range(5,5)] uint8 pvno;
 146                 [value(2),range(2,2)] uint8 version;
 147                 [subcontext(4)] KEYTAB_ENTRY entry;
 148                 [flag(NDR_REMAINING)] DATA_BLOB further_entry;
 149         } KEYTAB;
 150
 151         typedef [flag(NDR_NOALIGN|NDR_BIG_ENDIAN|NDR_PAHEX),public] struct {
 152                 [subcontext(4)] KEYTAB_ENTRY entry;
 153                 [flag(NDR_REMAINING)] DATA_BLOB further_entry;
 154         } MULTIPLE_KEYTAB_ENTRIES;
 155 }