search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
smbd: add flag NOTIFY_ACTION_DIRLEASE_BREAK for notify_fname()
[samba4-gss.git] / librpc / idl / drsblobs.idl
blob002c04f790369890aa331d895da8e4047a4e90d0
1 #include "idl_types.h"
2
3 import "drsuapi.idl", "misc.idl", "samr.idl", "lsa.idl", "security.idl";
4
5 [
6 uuid("12345778-1234-abcd-0001-00000001"),
7 version(0.0),
8 pointer_default(unique),
9 helper("../librpc/ndr/ndr_drsblobs.h"),
10 helpstring("Active Directory Replication LDAP Blobs")
11 ]
12 interface drsblobs {
13 typedef bitmap drsuapi_DrsOptions drsuapi_DrsOptions;
14 typedef [v1_enum] enum drsuapi_DsAttributeId drsuapi_DsAttributeId;
15 typedef [v1_enum] enum lsa_TrustAuthType lsa_TrustAuthType;
16 /*
17 * replPropertyMetaData
18 * w2k uses version 1
19 * w2k3 uses version 1
20 *
21 * Also equivalent to
22 * MS-DRSR 4.1.10.2.22 PROPERTY_META_DATA
23 */
24 typedef [public] struct {
25 drsuapi_DsAttributeId attid;
26 uint32 version;
27 NTTIME_1sec originating_change_time;
28 GUID originating_invocation_id;
29 hyper originating_usn;
30 hyper local_usn;
31 } replPropertyMetaData1;
32
33 typedef struct {
34 uint32 count;
35 [value(0)] uint32 reserved;
36 replPropertyMetaData1 array[count];
37 } replPropertyMetaDataCtr1;
38
39 typedef [nodiscriminant] union {
40 [case(1)] replPropertyMetaDataCtr1 ctr1;
41 } replPropertyMetaDataCtr;
42
43 typedef [public] struct {
44 uint32 version;
45 [value(0)] uint32 reserved;
46 [switch_is(version)] replPropertyMetaDataCtr ctr;
47 } replPropertyMetaDataBlob;
48
49 /*
50 * replUpToDateVector
51 * w2k uses version 1
52 * w2k3 uses version 2
53 */
54 typedef struct {
55 uint32 count;
56 [value(0)] uint32 reserved;
57 drsuapi_DsReplicaCursor cursors[count];
58 } replUpToDateVectorCtr1;
59
60 typedef struct {
61 uint32 count;
62 [value(0)] uint32 reserved;
63 drsuapi_DsReplicaCursor2 cursors[count];
64 } replUpToDateVectorCtr2;
65
66 typedef [nodiscriminant] union {
67 [case(1)] replUpToDateVectorCtr1 ctr1;
68 [case(2)] replUpToDateVectorCtr2 ctr2;
69 } replUpToDateVectorCtr;
70
71 typedef [public] struct {
72 uint32 version;
73 [value(0)] uint32 reserved;
74 [switch_is(version)] replUpToDateVectorCtr ctr;
75 } replUpToDateVectorBlob;
76
77 /*
78 * repsFrom/repsTo
79 * w2k uses version 1
80 * w2k3 uses version 1
81 * w2k8 uses version 2
82 */
83 typedef [public,gensize] struct {
84 [value(strlen(dns_name)+1)] uint32 __dns_name_size;
85 [charset(DOS)] uint8 dns_name[__dns_name_size];
86 } repsFromTo1OtherInfo;
87
88 typedef [public,gensize,flag(NDR_PAHEX)] struct {
89 /* this includes the 8 bytes of the repsFromToBlob header */
90 [value(ndr_size_repsFromTo1(this, ndr->flags)+8)] uint32 blobsize;
91 uint32 consecutive_sync_failures;
92 NTTIME_1sec last_success;
93 NTTIME_1sec last_attempt;
94 WERROR result_last_attempt;
95 [relative] repsFromTo1OtherInfo *other_info;
96 [value(ndr_size_repsFromTo1OtherInfo(other_info, ndr->flags))] uint32 other_info_length;
97 drsuapi_DrsOptions replica_flags;
98 uint8 schedule[84];
99 [value(0)] uint32 reserved;
100 drsuapi_DsReplicaHighWaterMark highwatermark;
101 GUID source_dsa_obj_guid; /* the 'objectGuid' field of the CN=NTDS Settings object */
102 GUID source_dsa_invocation_id; /* the 'invocationId' field of the CN=NTDS Settings object */
103 GUID transport_guid;
104 } repsFromTo1;
105
106 typedef [public,relative_base,gensize] struct {
107 [value(ndr_size_repsFromTo2OtherInfo(this,ndr->flags))]
108 uint32 __ndr_size;
109 [relative] nstring *dns_name1;
110 uint32 unknown1;
111 [relative] nstring *dns_name2;
112 hyper unknown2;
113 } repsFromTo2OtherInfo;
114
115 typedef [public,gensize,flag(NDR_PAHEX)] struct {
116 /* this includes the 8 bytes of the repsFromToBlob header */
117 [value(ndr_size_repsFromTo2(this, ndr->flags)+8)] uint32 blobsize;
118 uint32 consecutive_sync_failures;
119 NTTIME_1sec last_success;
120 NTTIME_1sec last_attempt;
121 WERROR result_last_attempt;
122 [relative] repsFromTo2OtherInfo *other_info;
123 [value(ndr_size_repsFromTo2OtherInfo(other_info, ndr->flags))] uint32 other_info_length;
124 drsuapi_DrsOptions replica_flags;
125 uint8 schedule[84];
126 [value(0)] uint32 reserved;
127 drsuapi_DsReplicaHighWaterMark highwatermark;
128 GUID source_dsa_obj_guid; /* the 'objectGuid' field of the CN=NTDS Settings object */
129 GUID source_dsa_invocation_id; /* the 'invocationId' field of the CN=NTDS Settings object */
130 GUID transport_guid;
131 hyper unknown1;
132 } repsFromTo2;
133
134 typedef [nodiscriminant] union {
135 [case(1)] repsFromTo1 ctr1;
136 [case(2)] repsFromTo2 ctr2;
137 } repsFromTo;
138
139 typedef [public] struct {
140 uint32 version;
141 [value(0)] uint32 reserved;
142 [switch_is(version)] repsFromTo ctr;
143 } repsFromToBlob;
144
145 /* Replication schedule structures as defined in MS-ADTS 7.1.4.5
146 * Appears as attribute of NTDSConnection object
147 */
148 typedef [public] struct {
149 [value(0)] uint32 type; /* always 0 */
150 uint32 offset;
151 } scheduleHeader;
152
153 typedef [public] struct {
154 uint8 slots[168];
155 } scheduleSlots;
156
157 typedef [public] struct {
158 uint32 size;
159 [value(0)] uint32 bandwidth; /* ignored */
160 uint32 numberOfSchedules; /* typically 1 */
161 scheduleHeader headerArray[numberOfSchedules];
162 scheduleSlots dataArray[numberOfSchedules];
163 } schedule;
164
165 /*
166 * partialAttributeSet
167 * w2k uses version 1
168 * w2k3 uses version 1
169 */
170 typedef struct {
171 uint32 count;
172 drsuapi_DsAttributeId array[count];
173 } partialAttributeSetCtr1;
174
175 typedef [nodiscriminant] union {
176 [case(1)] partialAttributeSetCtr1 ctr1;
177 } partialAttributeSetCtr;
178
179 typedef [public] struct {
180 uint32 version;
181 [value(0)] uint32 reserved;
182 [switch_is(version)] partialAttributeSetCtr ctr;
183 } partialAttributeSetBlob;
184
185 /*
186 * schemaInfo attribute
187 *
188 * Used as an attribute on Schema.
189 * Also during replication as part of
190 * prefixMap to identify what revision
191 * of Schema source DC has
192 */
193 typedef [public,flag(NDR_NOALIGN)] struct {
194 [value(0xFF)] uint8 marker;
195 [flag(NDR_BIG_ENDIAN)] uint32 revision;
196 GUID invocation_id;
197 } schemaInfoBlob;
198
199
200 /*
201 * MS w2k3 and w2k8 prefixMap format
202 * There is no version number. Format is:
203 * uint32 - number of entries in the map
204 * uint32 - total bytes that structure occupies
205 * ENTRIES:
206 * uint16 - prefix ID (OID's last sub-id encoded. see prefixMap)
207 * uint16 - number of bytes in prefix N
208 * uint8[N] - BER encoded prefix
209 */
210 typedef [noprint,flag(NDR_NOALIGN)] struct {
211 uint16 entryID;
212 uint16 length;
213 uint8 binary_oid[length];
214 } drsuapi_MSPrefixMap_Entry;
215
216 typedef [public,gensize] struct {
217 uint32 num_entries;
218 [value(ndr_size_drsuapi_MSPrefixMap_Ctr(r, ndr->flags))] uint32 __ndr_size;
219 drsuapi_MSPrefixMap_Entry entries[num_entries];
220 } drsuapi_MSPrefixMap_Ctr;
221
222 /*
223 * prefixMap
224 * w2k unknown
225 * w2k3 unknown
226 * samba4 uses 0x44534442 'DSDB'
227 *
228 * as we windows don't return the prefixMap attribute when you ask for
229 * we don't know the format, but the attribute is not replicated
230 * so that we can choose our own format...
231 */
232 typedef [v1_enum] enum {
233 PREFIX_MAP_VERSION_DSDB = 0x44534442
234 } prefixMapVersion;
235
236 typedef [nodiscriminant] union {
237 [case(PREFIX_MAP_VERSION_DSDB)] drsuapi_DsReplicaOIDMapping_Ctr dsdb;
238 } prefixMapCtr;
239
240 typedef [public] struct {
241 prefixMapVersion version;
242 [value(0)] uint32 reserved;
243 [switch_is(version)] prefixMapCtr ctr;
244 } prefixMapBlob;
245
246 /*
247 * the cookie for the LDAP dirsync control
248 */
249 typedef [nodiscriminant,gensize] union {
250 [case(0)];
251 [default] replUpToDateVectorBlob uptodateness_vector;
252 } ldapControlDirSyncExtra;
253
254 typedef struct {
255 [value(3)] uint32 u1;
256 NTTIME time;
257 uint32 u2;
258 uint32 u3;
259 [value(ndr_size_ldapControlDirSyncExtra(&extra, extra.uptodateness_vector.version, 0))]
260 uint32 extra_length;
261 drsuapi_DsReplicaHighWaterMark highwatermark;
262 GUID guid1;
263 [switch_is(extra_length)] ldapControlDirSyncExtra extra;
264 } ldapControlDirSyncBlob;
265
266 typedef [public,relative_base] struct {
267 [charset(DOS),value("MSDS")] uint8 msds[4];
268 [subcontext(0)] ldapControlDirSyncBlob blob;
269 } ldapControlDirSyncCookie;
270
271 typedef [public] struct {
272 [value(2*strlen_m(name))] uint16 name_len;
273 [value(strlen(data))] uint16 data_len;
274 uint16 reserved; /* 2 for 'Packages', 1 for 'Primary:*', but should be ignored */
275 [charset(UTF16)] uint8 name[name_len];
276 /*
277 * the data field contains data as HEX strings
278 *
279 * 'Packages':
280 * data contains the list of packages
281 * as non terminated UTF16 strings with
282 * a UTF16 NULL byte as separator
283 *
284 * 'Primary:Kerberos-Newer-Keys':
285 * ...
286 *
287 * 'Primary:Kerberos':
288 * ...
289 *
290 * 'Primary:WDigest':
291 * ...
292 *
293 * 'Primary:CLEARTEXT':
294 * data contains the cleartext password
295 * as UTF16 string encoded as HEX string
296 *
297 * 'Primary:userPassword':
298 * ...
299 *
300 * 'Primary:SambaGPG':
301 * ...
302 *
303 * 'Primary:NTLM-Strong-NTOWF':
304 * ... Not yet implemented.
305 *
306 */
307 [charset(DOS)] uint8 data[data_len];
308 } supplementalCredentialsPackage;
309
310 /* this are 0x30 (48) whitespaces (0x20) */
311 const string SUPPLEMENTAL_CREDENTIALS_PREFIX = " ";
312
313 typedef [flag(NDR_PAHEX),public] enum {
314 SUPPLEMENTAL_CREDENTIALS_SIGNATURE = 0x0050
315 } supplementalCredentialsSignature;
316
317 typedef [gensize,nopush,nopull] struct {
318 [value(SUPPLEMENTAL_CREDENTIALS_PREFIX),charset(UTF16)] uint16 prefix[0x30];
319 [value(SUPPLEMENTAL_CREDENTIALS_SIGNATURE)] supplementalCredentialsSignature signature;
320 uint16 num_packages;
321 supplementalCredentialsPackage packages[num_packages];
322 } supplementalCredentialsSubBlob;
323
324 typedef [public] struct {
325 [value(0)] uint32 unknown1;
326 [value(ndr_size_supplementalCredentialsSubBlob(&sub, ndr->flags))] uint32 __ndr_size;
327 [value(0)] uint32 unknown2;
328 [subcontext(0),subcontext_size(__ndr_size)] supplementalCredentialsSubBlob sub;
329 [value(0)] uint8 unknown3;
330 } supplementalCredentialsBlob;
331
332 typedef [public] struct {
333 [flag(STR_NOTERM|NDR_REMAINING)] string_array names;
334 } package_PackagesBlob;
335
336 typedef struct {
337 [value(2*strlen_m(string))] uint16 length;
338 [value(2*strlen_m(string))] uint16 size;
339 [relative,subcontext(0),subcontext_size(size),flag(STR_NOTERM|NDR_REMAINING)] string *string;
340 } package_PrimaryKerberosString;
341
342 typedef struct {
343 [value(0)] uint16 reserved1;
344 [value(0)] uint16 reserved2;
345 [value(0)] uint32 reserved3;
346 uint32 keytype;
347 [value((value?value->length:0))] uint32 value_len;
348 [relative,subcontext(0),subcontext_size(value_len),flag(NDR_REMAINING)] DATA_BLOB *value;
349 } package_PrimaryKerberosKey3;
350
351 typedef struct {
352 uint16 num_keys;
353 uint16 num_old_keys;
354 package_PrimaryKerberosString salt;
355 package_PrimaryKerberosKey3 keys[num_keys];
356 package_PrimaryKerberosKey3 old_keys[num_old_keys];
357 [value(0)] uint32 padding1;
358 [value(0)] uint32 padding2;
359 [value(0)] uint32 padding3;
360 [value(0)] uint32 padding4;
361 [value(0)] uint32 padding5;
362 } package_PrimaryKerberosCtr3;
363
364 typedef struct {
365 [value(0)] uint16 reserved1;
366 [value(0)] uint16 reserved2;
367 [value(0)] uint32 reserved3;
368 uint32 iteration_count;
369 uint32 keytype;
370 [value((value?value->length:0))] uint32 value_len;
371 [relative,subcontext(0),subcontext_size(value_len),flag(NDR_REMAINING)] DATA_BLOB *value;
372 } package_PrimaryKerberosKey4;
373
374 typedef struct {
375 uint16 num_keys;
376 [value(0)] uint16 num_service_keys;
377 uint16 num_old_keys;
378 uint16 num_older_keys;
379 package_PrimaryKerberosString salt;
380 uint32 default_iteration_count;
381 package_PrimaryKerberosKey4 keys[num_keys];
382 package_PrimaryKerberosKey4 service_keys[num_service_keys];
383 package_PrimaryKerberosKey4 old_keys[num_old_keys];
384 package_PrimaryKerberosKey4 older_keys[num_older_keys];
385 } package_PrimaryKerberosCtr4;
386
387 typedef [nodiscriminant] union {
388 [case(3)] package_PrimaryKerberosCtr3 ctr3;
389 [case(4)] package_PrimaryKerberosCtr4 ctr4;
390 } package_PrimaryKerberosCtr;
391
392 typedef [public] struct {
393 uint16 version;
394 [value(0)] uint16 flags;
395 [switch_is(version)] package_PrimaryKerberosCtr ctr;
396 } package_PrimaryKerberosBlob;
397
398 typedef [public] struct {
399 [flag(NDR_REMAINING)] DATA_BLOB cleartext;
400 } package_PrimaryCLEARTEXTBlob;
401
402 typedef [flag(NDR_PAHEX)] struct {
403 uint8 hash[16];
404 } package_PrimaryWDigestHash;
405
406 typedef [public] struct {
407 [value(0x31)] uint16 unknown1;
408 [value(0x01)] uint8 unknown2;
409 uint8 num_hashes;
410 [value(0)] uint32 unknown3;
411 [value(0)] udlong unknown4;
412 package_PrimaryWDigestHash hashes[num_hashes];
413 } package_PrimaryWDigestBlob;
414
415 typedef [public] struct {
416 [flag(NDR_REMAINING)] DATA_BLOB gpg_blob;
417 } package_PrimarySambaGPGBlob;
418
419 /*
420 * Password hashes stored in a scheme compatible with
421 * OpenLDAP's userPassword attribute. The Package is named
422 * Primary:userPassword each calculated hash,
423 * which is typically calculated via crypt(), the scheme is stored.
424 * The scheme name and the {scheme} format is re-used from OpenLDAP's
425 * use for userPassword to aid interoperability when exported.
426 *
427 * The currently supported scheme so far is {CRYPT}, which may
428 * be specified multiple times if both CryptSHA256 ($5$) and
429 * CryptSHA512 ($6$) are in use.
430 *
431 * current_nt_hash is either the unicodePwd or the
432 * NTLM-Strong-NTOWF, to allow us to prove this password is
433 * a valid element.
434 */
435 typedef struct {
436 [value(2*strlen_m(scheme))] uint16 scheme_len;
437 [charset(UTF16)] uint8 scheme[scheme_len];
438 [value((value?value->length:0))] uint32 value_len;
439 [relative,subcontext(0),subcontext_size(value_len),
440 flag(NDR_REMAINING)] DATA_BLOB *value;
441 } package_PrimaryUserPasswordValue;
442
443 typedef [public] struct {
444 samr_Password current_nt_hash;
445 uint16 num_hashes;
446 package_PrimaryUserPasswordValue hashes[num_hashes];
447 } package_PrimaryUserPasswordBlob;
448
449 typedef struct {
450 [value(0)] uint32 size;
451 } AuthInfoNone;
452
453 typedef struct {
454 [value(16)] uint32 size;
455 samr_Password password;
456 } AuthInfoNT4Owf;
457
458 /*
459 * the secret value is encoded as UTF16 if it's a string
460 * but depending the AuthType, it might also be krb5 trusts have random bytes here, so converting to UTF16
461 * may fail...
462 *
463 * TODO: We should try handle the case of a random buffer in all places
464 * we deal with cleartext passwords from windows
465 *
466 * so we don't use this:
467 *
468 * uint32 value_len;
469 * [charset(UTF16)] uint8 value[value_len];
470 */
471
472 typedef struct {
473 uint32 size;
474 uint8 password[size];
475 } AuthInfoClear;
476
477 typedef struct {
478 [value(4)] uint32 size;
479 uint32 version;
480 } AuthInfoVersion;
481
482 typedef [nodiscriminant] union {
483 [case(TRUST_AUTH_TYPE_NONE)] AuthInfoNone none;
484 [case(TRUST_AUTH_TYPE_NT4OWF)] AuthInfoNT4Owf nt4owf;
485 [case(TRUST_AUTH_TYPE_CLEAR)] AuthInfoClear clear;
486 [case(TRUST_AUTH_TYPE_VERSION)] AuthInfoVersion version;
487 } AuthInfo;
488
489 typedef [public] struct {
490 NTTIME LastUpdateTime;
491 lsa_TrustAuthType AuthType;
492 [switch_is(AuthType)] AuthInfo AuthInfo;
493 [flag(NDR_ALIGN4)] DATA_BLOB _pad;
494 } AuthenticationInformation;
495
496 /* count is not on the wire */
497 typedef [public,nopull,nopush,gensize] struct {
498 uint32 count;
499 AuthenticationInformation array[count];
500 } AuthenticationInformationArray;
501
502 /* we cannot use [relative] pointers here because Windows expects the
503 * previous_offset to match the total size of the struct in case
504 * the previous array is empty, see MS-LSAD 2.2.7.16 - gd */
505 typedef [public,gensize,nopush] struct {
506 uint32 count;
507 [value((count > 0) ? 12 : 0)] uint32 current_offset;
508 [value((count > 0) ? 12 + ndr_size_AuthenticationInformationArray(&current, ndr->flags) : 0)] uint32 previous_offset;
509 [subcontext(0),subcontext_size((previous_offset)-(current_offset))] AuthenticationInformationArray current;
510 [subcontext(0)] [flag(NDR_REMAINING)] AuthenticationInformationArray previous;
511 } trustAuthInOutBlob;
512
513 typedef [public,nopull] struct {
514 uint8 confounder[512];
515 [subcontext(0),subcontext_size(outgoing_size)] trustAuthInOutBlob outgoing;
516 [subcontext(0),subcontext_size(incoming_size)] trustAuthInOutBlob incoming;
517 [value(ndr_size_trustAuthInOutBlob(&outgoing, ndr->flags))] uint32 outgoing_size;
518 [value(ndr_size_trustAuthInOutBlob(&incoming, ndr->flags))] uint32 incoming_size;
519 } trustDomainPasswords;
520
521 typedef [public] struct {
522 uint32 marker;
523 DATA_BLOB data;
524 } DsCompressedChunk;
525
526 typedef struct {
527 uint16 __size;
528 [size_is(__size),charset(DOS)] uint8 *string;
529 } ExtendedErrorAString;
530
531 typedef struct {
532 uint16 __size;
533 [size_is(__size),charset(UTF16)] uint16 *string;
534 } ExtendedErrorUString;
535
536 typedef struct {
537 uint16 length;
538 [size_is(length)] uint8 *data;
539 } ExtendedErrorBlob;
540
541 typedef enum {
542 EXTENDED_ERROR_COMPUTER_NAME_PRESENT = 1,
543 EXTENDED_ERROR_COMPUTER_NAME_NOT_PRESENT= 2
544 } ExtendedErrorComputerNamePresent;
545
546 typedef [switch_type(ExtendedErrorComputerNamePresent)] union {
547 [case(EXTENDED_ERROR_COMPUTER_NAME_PRESENT)] ExtendedErrorUString name;
548 [case(EXTENDED_ERROR_COMPUTER_NAME_NOT_PRESENT)];
549 } ExtendedErrorComputerNameU;
550
551 typedef struct {
552 ExtendedErrorComputerNamePresent present;
553 [switch_is(present)] ExtendedErrorComputerNameU n;
554 } ExtendedErrorComputerName;
555
556 typedef enum {
557 EXTENDED_ERROR_PARAM_TYPE_ASCII_STRING = 1,
558 EXTENDED_ERROR_PARAM_TYPE_UNICODE_STRING = 2,
559 EXTENDED_ERROR_PARAM_TYPE_UINT32 = 3,
560 EXTENDED_ERROR_PARAM_TYPE_UINT16 = 4,
561 EXTENDED_ERROR_PARAM_TYPE_UINT64 = 5,
562 EXTENDED_ERROR_PARAM_TYPE_NONE = 6,
563 EXTENDED_ERROR_PARAM_TYPE_BLOB = 7
564 } ExtendedErrorParamType;
565
566 typedef [switch_type(ExtendedErrorParamType)] union {
567 [case(EXTENDED_ERROR_PARAM_TYPE_ASCII_STRING)] ExtendedErrorAString a_string;
568 [case(EXTENDED_ERROR_PARAM_TYPE_UNICODE_STRING)] ExtendedErrorUString u_string;
569 [case(EXTENDED_ERROR_PARAM_TYPE_UINT32)] uint32 uint32;
570 [case(EXTENDED_ERROR_PARAM_TYPE_UINT16)] uint16 uint16;
571 [case(EXTENDED_ERROR_PARAM_TYPE_UINT64)] hyper uint64;
572 [case(EXTENDED_ERROR_PARAM_TYPE_NONE)];
573 [case(EXTENDED_ERROR_PARAM_TYPE_BLOB)] ExtendedErrorBlob blob;
574 } ExtendedErrorParamU;
575
576 typedef struct {
577 ExtendedErrorParamType type;
578 [switch_is(type)] ExtendedErrorParamU p;
579 } ExtendedErrorParam;
580
581 typedef [public] struct {
582 [max_recursion(20000)] ExtendedErrorInfo *next;
583 ExtendedErrorComputerName computer_name;
584 hyper pid;
585 NTTIME time;
586 uint32 generating_component;
587 WERROR status;
588 uint16 detection_location;
589 uint16 flags;
590 uint16 num_params;
591 [size_is(num_params)] ExtendedErrorParam params[];
592 } ExtendedErrorInfo;
593
594 typedef struct {
595 [unique] ExtendedErrorInfo *info;
596 } ExtendedErrorInfoPtr;
597
598 /* MS-ADTS 7.1.6.9.3 msDS-TrustForestTrustInfo Attribute */
599
600 typedef struct {
601 [value(strlen_m(string))] uint32 size;
602 [charset(UTF8)] uint8 string[size];
603 } ForestTrustString;
604
605 typedef [flag(NDR_NOALIGN)] struct {
606 [value(ndr_size_dom_sid0(&sid, ndr->flags))] uint32 sid_size;
607 [subcontext(0),subcontext_size(sid_size)] dom_sid sid;
608 ForestTrustString dns_name;
609 ForestTrustString netbios_name;
610 } ForestTrustDataDomainInfo;
611
612 typedef [flag(NDR_NOALIGN)] struct {
613 uint32 size;
614 uint8 data[size];
615 } ForestTrustDataBinaryData;
616
617 typedef [nodiscriminant] union {
618 [case(FOREST_TRUST_TOP_LEVEL_NAME)] ForestTrustString name;
619 [case(FOREST_TRUST_TOP_LEVEL_NAME_EX)] ForestTrustString name;
620 [case(FOREST_TRUST_DOMAIN_INFO)] ForestTrustDataDomainInfo info;
621 [default] ForestTrustDataBinaryData data;
622 } ForestTrustData;
623
624 /* same as lsa_ForestTrustRecordType, but only 8 bit */
625 typedef [enum8bit] enum {
626 FOREST_TRUST_TOP_LEVEL_NAME = LSA_FOREST_TRUST_TOP_LEVEL_NAME,
627 FOREST_TRUST_TOP_LEVEL_NAME_EX = LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX,
628 FOREST_TRUST_DOMAIN_INFO = LSA_FOREST_TRUST_DOMAIN_INFO
629 } ForestTrustInfoRecordType;
630
631 /* meaning of flags depends on record type and values are
632 the same as in lsa.idl, see collision record types */
633 typedef [public,gensize,flag(NDR_NOALIGN)] struct {
634 lsa_ForestTrustRecordFlags flags;
635 NTTIME timestamp;
636 ForestTrustInfoRecordType type;
637 [switch_is(type)] ForestTrustData data;
638 } ForestTrustInfoRecord;
639
640 typedef [flag(NDR_NOALIGN)] struct {
641 [value(ndr_size_ForestTrustInfoRecord(&record, ndr->flags))] uint32 record_size;
642 ForestTrustInfoRecord record;
643 } ForestTrustInfoRecordArmor;
644
645 typedef [public,flag(NDR_NOALIGN)] struct {
646 uint32 version;
647 uint32 count;
648 ForestTrustInfoRecordArmor records[count];
649 } ForestTrustInfo;
650
651 typedef enum {
652 ENC_SECRET_AES_128_AEAD = 1
653 } EncryptedSecretAlgorithm;
654
655 const uint32 ENCRYPTED_SECRET_MAGIC_VALUE = 0xCA5CADED;
656
657 typedef [public] struct {
658 DATA_BLOB cleartext;
659 } PlaintextSecret;
660
661 /* The AEAD routines uses this as the additional authenticated data */
662 typedef [public] struct {
663 uint32 magic;
664 uint32 version;
665 uint32 algorithm;
666 uint32 flags;
667 } EncryptedSecretHeader;
668
669 typedef [public] struct {
670 /*
671 * The iv is before the header to ensure that the first bytes of
672 * the encrypted values are not predictable.
673 * We do this so that if the decryption gets disabled, we don't
674 * end up with predictable unicodePasswords.
675 */
676 DATA_BLOB iv;
677 EncryptedSecretHeader header;
678 [flag(NDR_REMAINING)] DATA_BLOB encrypted;
679 } EncryptedSecret;
680 }
GSS-enabled samba4