/*
krb5 credentials cache (version 3 or 4)
specification: https://web.mit.edu/kerberos/krb5-devel/doc/formats/ccache_file_format.html
+
+ krb5 keytab (version 2)
+ specification: https://web.mit.edu/kerberos/krb5-devel/doc/formats/keytab_file_format.html
*/
#include "idl_types.h"
CREDENTIAL cred;
[flag(NDR_REMAINING)] DATA_BLOB further_creds;
} MULTIPLE_CREDENTIALS;
+
+ typedef struct {
+ uint16 length;
+ uint8 data[length];
+ } KEYTAB_KEYBLOCK;
+
+ typedef struct {
+ uint16 component_count;
+ [flag(STR_SIZE2|STR_NOTERM|STR_UTF8)] string realm;
+ [flag(STR_SIZE2|STR_NOTERM|STR_UTF8)] string components[component_count];
+ uint32 name_type;
+ } KEYTAB_PRINCIPAL;
+
+ typedef struct {
+ KEYTAB_PRINCIPAL principal;
+ uint32 timestamp;
+ uint8 key_version;
+ uint16 enctype;
+ KEYTAB_KEYBLOCK key;
+ uint32 full_key_version; /* We assume modern Heimdal or MIT 1.14 or later */
+ } KEYTAB_ENTRY;
+
+ /*
+ * This parser assumes a fresh keytab without negative lengths
+ * to indicate holes generated by MIT krb5 1.14
+ */
+ typedef [flag(NDR_NOALIGN|NDR_BIG_ENDIAN|NDR_PAHEX),public] struct {
+ [value(5)] uint8 pvno;
+ [value(2)] uint8 version;
+ [subcontext(4)] KEYTAB_ENTRY entry;
+ [flag(NDR_REMAINING)] DATA_BLOB further_entry;
+ } KEYTAB;
+
+ typedef [flag(NDR_NOALIGN|NDR_BIG_ENDIAN|NDR_PAHEX),public] struct {
+ [subcontext(4)] KEYTAB_ENTRY entry;
+ [flag(NDR_REMAINING)] DATA_BLOB further_entry;
+ } MULTIPLE_KEYTAB_ENTRIES;
}