3 import "drsuapi.idl", "misc.idl", "samr.idl", "lsa.idl", "security.idl";
6 uuid("12345778-1234-abcd-0001-00000001"),
8 pointer_default(unique),
9 helper("../librpc/ndr/ndr_drsblobs.h"),
10 helpstring("Active Directory Replication LDAP Blobs")
13 typedef bitmap drsuapi_DrsOptions drsuapi_DrsOptions;
14 typedef [v1_enum] enum drsuapi_DsAttributeId drsuapi_DsAttributeId;
15 typedef [v1_enum] enum lsa_TrustAuthType lsa_TrustAuthType;
17 * replPropertyMetaData
22 drsuapi_DsAttributeId attid;
24 NTTIME_1sec originating_change_time;
25 GUID originating_invocation_id;
26 hyper originating_usn;
28 } replPropertyMetaData1;
32 [value(0)] uint32 reserved;
33 replPropertyMetaData1 array[count];
34 } replPropertyMetaDataCtr1;
36 typedef [nodiscriminant] union {
37 [case(1)] replPropertyMetaDataCtr1 ctr1;
38 } replPropertyMetaDataCtr;
40 typedef [public] struct {
42 [value(0)] uint32 reserved;
43 [switch_is(version)] replPropertyMetaDataCtr ctr;
44 } replPropertyMetaDataBlob;
46 void decode_replPropertyMetaData(
47 [in] replPropertyMetaDataBlob blob
57 [value(0)] uint32 reserved;
58 drsuapi_DsReplicaCursor cursors[count];
59 } replUpToDateVectorCtr1;
63 [value(0)] uint32 reserved;
64 drsuapi_DsReplicaCursor2 cursors[count];
65 } replUpToDateVectorCtr2;
67 typedef [nodiscriminant] union {
68 [case(1)] replUpToDateVectorCtr1 ctr1;
69 [case(2)] replUpToDateVectorCtr2 ctr2;
70 } replUpToDateVectorCtr;
72 typedef [public] struct {
74 [value(0)] uint32 reserved;
75 [switch_is(version)] replUpToDateVectorCtr ctr;
76 } replUpToDateVectorBlob;
78 void decode_replUpToDateVector(
79 [in] replUpToDateVectorBlob blob
88 typedef [public,gensize] struct {
89 [value(strlen(dns_name)+1)] uint32 __dns_name_size;
90 [charset(DOS)] uint8 dns_name[__dns_name_size];
91 } repsFromTo1OtherInfo;
93 typedef [public,gensize,flag(NDR_PAHEX)] struct {
94 /* this includes the 8 bytes of the repsFromToBlob header */
95 [value(ndr_size_repsFromTo1(this, ndr->iconv_convenience, ndr->flags)+8)] uint32 blobsize;
96 uint32 consecutive_sync_failures;
97 NTTIME_1sec last_success;
98 NTTIME_1sec last_attempt;
99 WERROR result_last_attempt;
100 [relative] repsFromTo1OtherInfo *other_info;
101 [value(ndr_size_repsFromTo1OtherInfo(other_info, ndr->iconv_convenience, ndr->flags))] uint32 other_info_length;
102 drsuapi_DrsOptions replica_flags;
104 [value(0)] uint32 reserved;
105 drsuapi_DsReplicaHighWaterMark highwatermark;
106 GUID source_dsa_obj_guid; /* the 'objectGuid' field of the CN=NTDS Settings object */
107 GUID source_dsa_invocation_id; /* the 'invocationId' field of the CN=NTDS Settings object */
111 typedef [public,relative_base,gensize] struct {
112 [value(ndr_size_repsFromTo2OtherInfo(this,ndr->iconv_convenience, ndr->flags))]
114 [relative] nstring *dns_name1;
116 [relative] nstring *dns_name2;
118 } repsFromTo2OtherInfo;
120 typedef [public,gensize,flag(NDR_PAHEX)] struct {
121 /* this includes the 8 bytes of the repsFromToBlob header */
122 [value(ndr_size_repsFromTo2(this, ndr->iconv_convenience, ndr->flags)+8)] uint32 blobsize;
123 uint32 consecutive_sync_failures;
124 NTTIME_1sec last_success;
125 NTTIME_1sec last_attempt;
126 WERROR result_last_attempt;
127 [relative] repsFromTo2OtherInfo *other_info;
128 [value(ndr_size_repsFromTo2OtherInfo(other_info, ndr->iconv_convenience, ndr->flags))] uint32 other_info_length;
129 drsuapi_DrsOptions replica_flags;
131 [value(0)] uint32 reserved;
132 drsuapi_DsReplicaHighWaterMark highwatermark;
133 GUID source_dsa_obj_guid; /* the 'objectGuid' field of the CN=NTDS Settings object */
134 GUID source_dsa_invocation_id; /* the 'invocationId' field of the CN=NTDS Settings object */
139 typedef [nodiscriminant] union {
140 [case(1)] repsFromTo1 ctr1;
141 [case(2)] repsFromTo2 ctr2;
144 typedef [public] struct {
146 [value(0)] uint32 reserved;
147 [switch_is(version)] repsFromTo ctr;
150 void decode_repsFromTo(
151 [in] repsFromToBlob blob
155 * partialAttributeSet
157 * w2k3 uses version 1
161 drsuapi_DsAttributeId array[count];
162 } partialAttributeSetCtr1;
164 typedef [nodiscriminant] union {
165 [case(1)] partialAttributeSetCtr1 ctr1;
166 } partialAttributeSetCtr;
168 typedef [public] struct {
170 [value(0)] uint32 reserved;
171 [switch_is(version)] partialAttributeSetCtr ctr;
172 } partialAttributeSetBlob;
174 void decode_partialAttributeSet(
175 [in] partialAttributeSetBlob blob
179 * MS w2k3 and w2k8 prefixMap format
180 * There is no version number. Format is:
181 * uint32 - number of entries in the map
182 * uint32 - total bytes that structure occupies
184 * uint16 - prefix ID (OID's last sub-id encoded. see prefixMap)
185 * uint16 - number of bytes in prefix N
186 * uint8[N] - BER encoded prefix
188 typedef [noprint,flag(NDR_NOALIGN)] struct {
191 uint8 binary_oid[length];
192 } drsuapi_MSPrefixMap_Entry;
194 typedef [public,gensize] struct {
196 [value(ndr_size_drsuapi_MSPrefixMap_Ctr(r, ndr->iconv_convenience, ndr->flags))] uint32 __ndr_size;
197 drsuapi_MSPrefixMap_Entry entries[num_entries];
198 } drsuapi_MSPrefixMap_Ctr;
204 * samba4 uses 0x44534442 'DSDB'
206 * as we windows don't return the prefixMap attribute when you ask for
207 * we don't know the format, but the attribute is not replicated
208 * so that we can choose our own format...
210 typedef [v1_enum] enum {
211 PREFIX_MAP_VERSION_DSDB = 0x44534442
214 typedef [nodiscriminant] union {
215 [case(PREFIX_MAP_VERSION_DSDB)] drsuapi_DsReplicaOIDMapping_Ctr dsdb;
218 typedef [public] struct {
219 prefixMapVersion version;
220 [value(0)] uint32 reserved;
221 [switch_is(version)] prefixMapCtr ctr;
224 void decode_prefixMap(
225 [in] prefixMapBlob blob
230 * the cookie for the LDAP dirsync control
232 typedef [nodiscriminant,gensize] union {
234 [default] replUpToDateVectorBlob uptodateness_vector;
235 } ldapControlDirSyncExtra;
238 [value(3)] uint32 u1;
242 [value(ndr_size_ldapControlDirSyncExtra(&extra, extra.uptodateness_vector.version, ndr->iconv_convenience, 0))]
244 drsuapi_DsReplicaHighWaterMark highwatermark;
246 [switch_is(extra_length)] ldapControlDirSyncExtra extra;
247 } ldapControlDirSyncBlob;
249 typedef [public,relative_base] struct {
250 [charset(DOS),value("MSDS")] uint8 msds[4];
251 [subcontext(0)] ldapControlDirSyncBlob blob;
252 } ldapControlDirSyncCookie;
254 void decode_ldapControlDirSync(
255 [in] ldapControlDirSyncCookie cookie
259 [value(2*strlen_m(name))] uint16 name_len;
260 [value(strlen(data))] uint16 data_len;
261 uint16 reserved; /* 2 for 'Packages', 1 for 'Primary:*', but should be ignored */
262 [charset(UTF16)] uint8 name[name_len];
264 * the data field contains data as HEX strings
267 * data contains the list of packages
268 * as non termiated UTF16 strings with
269 * a UTF16 NULL byte as separator
271 * 'Primary:Kerberos-Newer-Keys':
274 * 'Primary:Kerberos':
280 * 'Primary:CLEARTEXT':
281 * data contains the cleartext password
282 * as UTF16 string encoded as HEX string
284 [charset(DOS)] uint8 data[data_len];
285 } supplementalCredentialsPackage;
287 /* this are 0x30 (48) whitespaces (0x20) */
288 const string SUPPLEMENTAL_CREDENTIALS_PREFIX = " ";
290 typedef [flag(NDR_PAHEX)] enum {
291 SUPPLEMENTAL_CREDENTIALS_SIGNATURE = 0x0050
292 } supplementalCredentialsSignature;
294 typedef [gensize] struct {
295 [value(SUPPLEMENTAL_CREDENTIALS_PREFIX),charset(UTF16)] uint16 prefix[0x30];
296 [value(SUPPLEMENTAL_CREDENTIALS_SIGNATURE)] supplementalCredentialsSignature signature;
298 supplementalCredentialsPackage packages[num_packages];
299 } supplementalCredentialsSubBlob;
301 typedef [public] struct {
302 [value(0)] uint32 unknown1;
303 [value(ndr_size_supplementalCredentialsSubBlob(&sub, ndr->iconv_convenience, ndr->flags))] uint32 __ndr_size;
304 [value(0)] uint32 unknown2;
305 [subcontext(0),subcontext_size(__ndr_size)] supplementalCredentialsSubBlob sub;
306 [value(0)] uint8 unknown3;
307 } supplementalCredentialsBlob;
309 void decode_supplementalCredentials(
310 [in] supplementalCredentialsBlob blob
313 typedef [public] struct {
314 [flag(STR_NOTERM|NDR_REMAINING)] string_array names;
315 } package_PackagesBlob;
317 void decode_Packages(
318 [in] package_PackagesBlob blob
322 [value(2*strlen_m(string))] uint16 length;
323 [value(2*strlen_m(string))] uint16 size;
324 [relative,subcontext(0),subcontext_size(size),flag(STR_NOTERM|NDR_REMAINING)] string *string;
325 } package_PrimaryKerberosString;
328 [value(0)] uint16 reserved1;
329 [value(0)] uint16 reserved2;
330 [value(0)] uint32 reserved3;
332 [value((value?value->length:0))] uint32 value_len;
333 [relative,subcontext(0),subcontext_size(value_len),flag(NDR_REMAINING)] DATA_BLOB *value;
334 } package_PrimaryKerberosKey3;
339 package_PrimaryKerberosString salt;
340 package_PrimaryKerberosKey3 keys[num_keys];
341 package_PrimaryKerberosKey3 old_keys[num_old_keys];
342 [value(0)] uint32 padding1;
343 [value(0)] uint32 padding2;
344 [value(0)] uint32 padding3;
345 [value(0)] uint32 padding4;
346 [value(0)] uint32 padding5;
347 } package_PrimaryKerberosCtr3;
350 [value(0)] uint16 reserved1;
351 [value(0)] uint16 reserved2;
352 [value(0)] uint32 reserved3;
353 uint32 iteration_count;
355 [value((value?value->length:0))] uint32 value_len;
356 [relative,subcontext(0),subcontext_size(value_len),flag(NDR_REMAINING)] DATA_BLOB *value;
357 } package_PrimaryKerberosKey4;
361 [value(0)] uint16 num_service_keys;
363 uint16 num_older_keys;
364 package_PrimaryKerberosString salt;
365 uint32 default_iteration_count;
366 package_PrimaryKerberosKey4 keys[num_keys];
367 package_PrimaryKerberosKey4 service_keys[num_service_keys];
368 package_PrimaryKerberosKey4 old_keys[num_old_keys];
369 package_PrimaryKerberosKey4 older_keys[num_older_keys];
370 } package_PrimaryKerberosCtr4;
372 typedef [nodiscriminant] union {
373 [case(3)] package_PrimaryKerberosCtr3 ctr3;
374 [case(4)] package_PrimaryKerberosCtr4 ctr4;
375 } package_PrimaryKerberosCtr;
377 typedef [public] struct {
379 [value(0)] uint16 flags;
380 [switch_is(version)] package_PrimaryKerberosCtr ctr;
381 } package_PrimaryKerberosBlob;
383 void decode_PrimaryKerberos(
384 [in] package_PrimaryKerberosBlob blob
387 typedef [public] struct {
388 [flag(NDR_REMAINING)] DATA_BLOB cleartext;
389 } package_PrimaryCLEARTEXTBlob;
391 void decode_PrimaryCLEARTEXT(
392 [in] package_PrimaryCLEARTEXTBlob blob
395 typedef [flag(NDR_PAHEX)] struct {
397 } package_PrimaryWDigestHash;
399 typedef [public] struct {
400 [value(0x31)] uint16 unknown1;
401 [value(0x01)] uint8 unknown2;
403 [value(0)] uint32 unknown3;
404 [value(0)] udlong uuknown4;
405 package_PrimaryWDigestHash hashes[num_hashes];
406 } package_PrimaryWDigestBlob;
408 void decode_PrimaryWDigest(
409 [in] package_PrimaryWDigestBlob blob
413 [value(0)] uint32 size;
417 [value(16)] uint32 size;
418 samr_Password password;
422 * the secret value is encoded as UTF16 if it's a string
423 * but depending the AuthType, it might also be krb5 trusts have random bytes here, so converting to UTF16
426 * TODO: We should try handle the case of a random buffer in all places
427 * we deal with cleartext passwords from windows
429 * so we don't use this:
432 * [charset(UTF16)] uint8 value[value_len];
437 uint8 password[size];
441 [value(4)] uint32 size;
445 typedef [nodiscriminant] union {
446 [case(TRUST_AUTH_TYPE_NONE)] AuthInfoNone none;
447 [case(TRUST_AUTH_TYPE_NT4OWF)] AuthInfoNT4Owf nt4owf;
448 [case(TRUST_AUTH_TYPE_CLEAR)] AuthInfoClear clear;
449 [case(TRUST_AUTH_TYPE_VERSION)] AuthInfoVersion version;
452 typedef [public] struct {
453 NTTIME LastUpdateTime;
454 lsa_TrustAuthType AuthType;
456 [switch_is(AuthType)] AuthInfo AuthInfo;
457 [flag(NDR_ALIGN4)] DATA_BLOB _pad;
458 } AuthenticationInformation;
460 typedef [nopull,nopush,noprint] struct {
461 /* sizeis here is bogus, but this is here just for the structure */
462 [size_is(1)] AuthenticationInformation array[];
463 } AuthenticationInformationArray;
465 /* This is nopull,nopush because we pass count down to the
466 * manual parser of AuthenticationInformationArray */
467 typedef [public,nopull,nopush,noprint,gensize] struct {
469 [relative] AuthenticationInformationArray *current;
470 [relative] AuthenticationInformationArray *previous;
471 } trustAuthInOutBlob;
473 void decode_trustAuthInOut(
474 [in] trustAuthInOutBlob blob
477 typedef [public,gensize] struct {
479 [relative] AuthenticationInformation *current[count];
480 } trustCurrentPasswords;
482 typedef [public,nopull] struct {
483 uint8 confounder[512];
484 [subcontext(0),subcontext_size(outgoing_size)] trustCurrentPasswords outgoing;
485 [subcontext(0),subcontext_size(incoming_size)] trustCurrentPasswords incoming;
486 [value(ndr_size_trustCurrentPasswords(&outgoing, ndr->iconv_convenience, ndr->flags))] uint32 outgoing_size;
487 [value(ndr_size_trustCurrentPasswords(&incoming, ndr->iconv_convenience, ndr->flags))] uint32 incoming_size;
488 } trustDomainPasswords;
490 void decode_trustDomainPasswords(
491 [in] trustDomainPasswords blob
494 typedef [public] struct {
501 [size_is(__size),charset(DOS)] uint8 *string;
502 } ExtendedErrorAString;
506 [size_is(__size),charset(UTF16)] uint16 *string;
507 } ExtendedErrorUString;
511 [size_is(length)] uint8 *data;
515 EXTENDED_ERROR_COMPUTER_NAME_PRESENT = 1,
516 EXTENDED_ERROR_COMPUTER_NAME_NOT_PRESENT= 2
517 } ExtendedErrorComputerNamePresent;
519 typedef [switch_type(ExtendedErrorComputerNamePresent)] union {
520 [case(EXTENDED_ERROR_COMPUTER_NAME_PRESENT)] ExtendedErrorUString name;
521 [case(EXTENDED_ERROR_COMPUTER_NAME_NOT_PRESENT)];
522 } ExtendedErrorComputerNameU;
525 ExtendedErrorComputerNamePresent present;
526 [switch_is(present)] ExtendedErrorComputerNameU n;
527 } ExtendedErrorComputerName;
530 EXTENDED_ERROR_PARAM_TYPE_ASCII_STRING = 1,
531 EXTENDED_ERROR_PARAM_TYPE_UNICODE_STRING = 2,
532 EXTENDED_ERROR_PARAM_TYPE_UINT32 = 3,
533 EXTENDED_ERROR_PARAM_TYPE_UINT16 = 4,
534 EXTENDED_ERROR_PARAM_TYPE_UINT64 = 5,
535 EXTENDED_ERROR_PARAM_TYPE_NONE = 6,
536 EXTENDED_ERROR_PARAM_TYPE_BLOB = 7
537 } ExtendedErrorParamType;
539 typedef [switch_type(ExtendedErrorParamType)] union {
540 [case(EXTENDED_ERROR_PARAM_TYPE_ASCII_STRING)] ExtendedErrorAString a_string;
541 [case(EXTENDED_ERROR_PARAM_TYPE_UNICODE_STRING)] ExtendedErrorUString u_string;
542 [case(EXTENDED_ERROR_PARAM_TYPE_UINT32)] uint32 uint32;
543 [case(EXTENDED_ERROR_PARAM_TYPE_UINT16)] uint16 uint16;
544 [case(EXTENDED_ERROR_PARAM_TYPE_UINT64)] hyper uint64;
545 [case(EXTENDED_ERROR_PARAM_TYPE_NONE)];
546 [case(EXTENDED_ERROR_PARAM_TYPE_BLOB)] ExtendedErrorBlob blob;
547 } ExtendedErrorParamU;
550 ExtendedErrorParamType type;
551 [switch_is(type)] ExtendedErrorParamU p;
552 } ExtendedErrorParam;
554 typedef [public] struct {
555 ExtendedErrorInfo *next;
556 ExtendedErrorComputerName computer_name;
559 uint32 generating_component;
561 uint16 detection_location;
564 [size_is(num_params)] ExtendedErrorParam params[];
568 [unique] ExtendedErrorInfo *info;
569 } ExtendedErrorInfoPtr;
571 void decode_ExtendedErrorInfo (
572 [in,subcontext(0xFFFFFC01)] ExtendedErrorInfoPtr ptr
575 /* MS-ADTS 7.1.6.9.3 msDS-TrustForestTrustInfo Attribute */
578 [value(strlen_m(string))] uint32 size;
579 [charset(UTF8)] uint8 string[size];
582 typedef [flag(NDR_NOALIGN)] struct {
583 [value(ndr_size_dom_sid0(&sid, ndr->flags))] uint32 sid_size;
584 [subcontext(0),subcontext_size(sid_size)] dom_sid sid;
585 ForestTrustString dns_name;
586 ForestTrustString netbios_name;
587 } ForestTrustDataDomainInfo;
589 typedef [flag(NDR_NOALIGN)] struct {
592 } ForestTrustDataBinaryData;
594 typedef [nodiscriminant] union {
595 [case(FOREST_TRUST_TOP_LEVEL_NAME)] ForestTrustString name;
596 [case(FOREST_TRUST_TOP_LEVEL_NAME_EX)] ForestTrustString name;
597 [case(FOREST_TRUST_DOMAIN_INFO)] ForestTrustDataDomainInfo info;
598 [default] ForestTrustDataBinaryData data;
601 /* same as lsa_ForestTrustRecordType */
602 typedef [enum8bit] enum {
603 FOREST_TRUST_TOP_LEVEL_NAME = 0,
604 FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
605 FOREST_TRUST_DOMAIN_INFO = 2
606 } ForestTrustInfoRecordType;
608 /* meaning of flags depends on record type and values are
609 the same as in lsa.idl, see collision record types */
610 typedef [public,gensize,flag(NDR_NOALIGN)] struct {
613 ForestTrustInfoRecordType type;
614 [switch_is(type)] ForestTrustData data;
615 } ForestTrustInfoRecord;
617 typedef [flag(NDR_NOALIGN)] struct {
618 [value(ndr_size_ForestTrustInfoRecord(&record, ndr->iconv_convenience, ndr->flags))] uint32 record_size;
619 ForestTrustInfoRecord record;
620 } ForestTrustInfoRecordArmor;
622 typedef [public,flag(NDR_NOALIGN)] struct {
625 ForestTrustInfoRecordArmor records[count];
628 void decode_ForestTrustInfo(
629 [in] ForestTrustInfo blob
git.samba.org / samba.git / blob