3 import "drsuapi.idl", "misc.idl", "samr.idl", "lsa.idl", "security.idl";
6 uuid("12345778-1234-abcd-0001-00000001"),
8 pointer_default(unique),
9 helper("../librpc/ndr/ndr_drsblobs.h"),
10 helpstring("Active Directory Replication LDAP Blobs")
13 typedef bitmap drsuapi_DrsOptions drsuapi_DrsOptions;
14 typedef [v1_enum] enum drsuapi_DsAttributeId drsuapi_DsAttributeId;
15 typedef [v1_enum] enum lsa_TrustAuthType lsa_TrustAuthType;
17 * replPropertyMetaData
22 drsuapi_DsAttributeId attid;
24 NTTIME_1sec originating_change_time;
25 GUID originating_invocation_id;
26 hyper originating_usn;
28 } replPropertyMetaData1;
32 [value(0)] uint32 reserved;
33 replPropertyMetaData1 array[count];
34 } replPropertyMetaDataCtr1;
36 typedef [nodiscriminant] union {
37 [case(1)] replPropertyMetaDataCtr1 ctr1;
38 } replPropertyMetaDataCtr;
40 typedef [public] struct {
42 [value(0)] uint32 reserved;
43 [switch_is(version)] replPropertyMetaDataCtr ctr;
44 } replPropertyMetaDataBlob;
46 void decode_replPropertyMetaData(
47 [in] replPropertyMetaDataBlob blob
57 [value(0)] uint32 reserved;
58 drsuapi_DsReplicaCursor cursors[count];
59 } replUpToDateVectorCtr1;
63 [value(0)] uint32 reserved;
64 drsuapi_DsReplicaCursor2 cursors[count];
65 } replUpToDateVectorCtr2;
67 typedef [nodiscriminant] union {
68 [case(1)] replUpToDateVectorCtr1 ctr1;
69 [case(2)] replUpToDateVectorCtr2 ctr2;
70 } replUpToDateVectorCtr;
72 typedef [public] struct {
74 [value(0)] uint32 reserved;
75 [switch_is(version)] replUpToDateVectorCtr ctr;
76 } replUpToDateVectorBlob;
78 void decode_replUpToDateVector(
79 [in] replUpToDateVectorBlob blob
88 typedef [public,gensize] struct {
89 [value(strlen(dns_name)+1)] uint32 __dns_name_size;
90 [charset(DOS)] uint8 dns_name[__dns_name_size];
91 } repsFromTo1OtherInfo;
93 typedef [public,gensize,flag(NDR_PAHEX)] struct {
94 /* this includes the 8 bytes of the repsFromToBlob header */
95 [value(ndr_size_repsFromTo1(this, ndr->iconv_convenience, ndr->flags)+8)] uint32 blobsize;
96 uint32 consecutive_sync_failures;
97 NTTIME_1sec last_success;
98 NTTIME_1sec last_attempt;
99 WERROR result_last_attempt;
100 [relative] repsFromTo1OtherInfo *other_info;
101 [value(ndr_size_repsFromTo1OtherInfo(other_info, ndr->iconv_convenience, ndr->flags))] uint32 other_info_length;
102 drsuapi_DrsOptions replica_flags;
104 [value(0)] uint32 reserved;
105 drsuapi_DsReplicaHighWaterMark highwatermark;
106 GUID source_dsa_obj_guid; /* the 'objectGuid' field of the CN=NTDS Settings object */
107 GUID source_dsa_invocation_id; /* the 'invocationId' field of the CN=NTDS Settings object */
111 typedef [public,relative_base,gensize] struct {
112 [value(ndr_size_repsFromTo2OtherInfo(this,ndr->iconv_convenience, ndr->flags))]
114 [relative] nstring *dns_name1;
116 [relative] nstring *dns_name2;
118 } repsFromTo2OtherInfo;
120 typedef [public,gensize,flag(NDR_PAHEX)] struct {
121 /* this includes the 8 bytes of the repsFromToBlob header */
122 [value(ndr_size_repsFromTo2(this, ndr->iconv_convenience, ndr->flags)+8)] uint32 blobsize;
123 uint32 consecutive_sync_failures;
124 NTTIME_1sec last_success;
125 NTTIME_1sec last_attempt;
126 WERROR result_last_attempt;
127 [relative] repsFromTo2OtherInfo *other_info;
128 [value(ndr_size_repsFromTo2OtherInfo(other_info, ndr->iconv_convenience, ndr->flags))] uint32 other_info_length;
129 drsuapi_DrsOptions replica_flags;
131 [value(0)] uint32 reserved;
132 drsuapi_DsReplicaHighWaterMark highwatermark;
133 GUID source_dsa_obj_guid; /* the 'objectGuid' field of the CN=NTDS Settings object */
134 GUID source_dsa_invocation_id; /* the 'invocationId' field of the CN=NTDS Settings object */
139 typedef [nodiscriminant] union {
140 [case(1)] repsFromTo1 ctr1;
141 [case(2)] repsFromTo2 ctr2;
144 typedef [public] struct {
146 [value(0)] uint32 reserved;
147 [switch_is(version)] repsFromTo ctr;
150 void decode_repsFromTo(
151 [in] repsFromToBlob blob
155 * partialAttributeSet
157 * w2k3 uses version 1
161 drsuapi_DsAttributeId array[count];
162 } partialAttributeSetCtr1;
164 typedef [nodiscriminant] union {
165 [case(1)] partialAttributeSetCtr1 ctr1;
166 } partialAttributeSetCtr;
168 typedef [public] struct {
170 [value(0)] uint32 reserved;
171 [switch_is(version)] partialAttributeSetCtr ctr;
172 } partialAttributeSetBlob;
174 void decode_partialAttributeSet(
175 [in] partialAttributeSetBlob blob
180 * schemaInfo attribute
182 * Used as an attribute on Schema.
183 * Also during replication as part of
184 * prefixMap to identify what revision
185 * of Schema source DC has
187 typedef [public,flag(NDR_NOALIGN)] struct {
188 [value(0xFF)] uint8 marker;
189 [flag(NDR_BIG_ENDIAN)] uint32 revision;
195 * MS w2k3 and w2k8 prefixMap format
196 * There is no version number. Format is:
197 * uint32 - number of entries in the map
198 * uint32 - total bytes that structure occupies
200 * uint16 - prefix ID (OID's last sub-id encoded. see prefixMap)
201 * uint16 - number of bytes in prefix N
202 * uint8[N] - BER encoded prefix
204 typedef [noprint,flag(NDR_NOALIGN)] struct {
207 uint8 binary_oid[length];
208 } drsuapi_MSPrefixMap_Entry;
210 typedef [public,gensize] struct {
212 [value(ndr_size_drsuapi_MSPrefixMap_Ctr(r, ndr->iconv_convenience, ndr->flags))] uint32 __ndr_size;
213 drsuapi_MSPrefixMap_Entry entries[num_entries];
214 } drsuapi_MSPrefixMap_Ctr;
220 * samba4 uses 0x44534442 'DSDB'
222 * as we windows don't return the prefixMap attribute when you ask for
223 * we don't know the format, but the attribute is not replicated
224 * so that we can choose our own format...
226 typedef [v1_enum] enum {
227 PREFIX_MAP_VERSION_DSDB = 0x44534442
230 typedef [nodiscriminant] union {
231 [case(PREFIX_MAP_VERSION_DSDB)] drsuapi_DsReplicaOIDMapping_Ctr dsdb;
234 typedef [public] struct {
235 prefixMapVersion version;
236 [value(0)] uint32 reserved;
237 [switch_is(version)] prefixMapCtr ctr;
240 void decode_prefixMap(
241 [in] prefixMapBlob blob
246 * the cookie for the LDAP dirsync control
248 typedef [nodiscriminant,gensize] union {
250 [default] replUpToDateVectorBlob uptodateness_vector;
251 } ldapControlDirSyncExtra;
254 [value(3)] uint32 u1;
258 [value(ndr_size_ldapControlDirSyncExtra(&extra, extra.uptodateness_vector.version, ndr->iconv_convenience, 0))]
260 drsuapi_DsReplicaHighWaterMark highwatermark;
262 [switch_is(extra_length)] ldapControlDirSyncExtra extra;
263 } ldapControlDirSyncBlob;
265 typedef [public,relative_base] struct {
266 [charset(DOS),value("MSDS")] uint8 msds[4];
267 [subcontext(0)] ldapControlDirSyncBlob blob;
268 } ldapControlDirSyncCookie;
270 void decode_ldapControlDirSync(
271 [in] ldapControlDirSyncCookie cookie
275 [value(2*strlen_m(name))] uint16 name_len;
276 [value(strlen(data))] uint16 data_len;
277 uint16 reserved; /* 2 for 'Packages', 1 for 'Primary:*', but should be ignored */
278 [charset(UTF16)] uint8 name[name_len];
280 * the data field contains data as HEX strings
283 * data contains the list of packages
284 * as non termiated UTF16 strings with
285 * a UTF16 NULL byte as separator
287 * 'Primary:Kerberos-Newer-Keys':
290 * 'Primary:Kerberos':
296 * 'Primary:CLEARTEXT':
297 * data contains the cleartext password
298 * as UTF16 string encoded as HEX string
300 [charset(DOS)] uint8 data[data_len];
301 } supplementalCredentialsPackage;
303 /* this are 0x30 (48) whitespaces (0x20) */
304 const string SUPPLEMENTAL_CREDENTIALS_PREFIX = " ";
306 typedef [flag(NDR_PAHEX)] enum {
307 SUPPLEMENTAL_CREDENTIALS_SIGNATURE = 0x0050
308 } supplementalCredentialsSignature;
310 typedef [gensize] struct {
311 [value(SUPPLEMENTAL_CREDENTIALS_PREFIX),charset(UTF16)] uint16 prefix[0x30];
312 [value(SUPPLEMENTAL_CREDENTIALS_SIGNATURE)] supplementalCredentialsSignature signature;
314 supplementalCredentialsPackage packages[num_packages];
315 } supplementalCredentialsSubBlob;
317 typedef [public] struct {
318 [value(0)] uint32 unknown1;
319 [value(ndr_size_supplementalCredentialsSubBlob(&sub, ndr->iconv_convenience, ndr->flags))] uint32 __ndr_size;
320 [value(0)] uint32 unknown2;
321 [subcontext(0),subcontext_size(__ndr_size)] supplementalCredentialsSubBlob sub;
322 [value(0)] uint8 unknown3;
323 } supplementalCredentialsBlob;
325 void decode_supplementalCredentials(
326 [in] supplementalCredentialsBlob blob
329 typedef [public] struct {
330 [flag(STR_NOTERM|NDR_REMAINING)] string_array names;
331 } package_PackagesBlob;
333 void decode_Packages(
334 [in] package_PackagesBlob blob
337 typedef [nopython] struct {
338 [value(2*strlen_m(string))] uint16 length;
339 [value(2*strlen_m(string))] uint16 size;
340 [relative,subcontext(0),subcontext_size(size),flag(STR_NOTERM|NDR_REMAINING)] string *string;
341 } package_PrimaryKerberosString;
343 typedef [nopython] struct {
344 [value(0)] uint16 reserved1;
345 [value(0)] uint16 reserved2;
346 [value(0)] uint32 reserved3;
348 [value((value?value->length:0))] uint32 value_len;
349 [relative,subcontext(0),subcontext_size(value_len),flag(NDR_REMAINING)] DATA_BLOB *value;
350 } package_PrimaryKerberosKey3;
352 typedef [nopython] struct {
355 package_PrimaryKerberosString salt;
356 package_PrimaryKerberosKey3 keys[num_keys];
357 package_PrimaryKerberosKey3 old_keys[num_old_keys];
358 [value(0)] uint32 padding1;
359 [value(0)] uint32 padding2;
360 [value(0)] uint32 padding3;
361 [value(0)] uint32 padding4;
362 [value(0)] uint32 padding5;
363 } package_PrimaryKerberosCtr3;
365 typedef [nopython] struct {
366 [value(0)] uint16 reserved1;
367 [value(0)] uint16 reserved2;
368 [value(0)] uint32 reserved3;
369 uint32 iteration_count;
371 [value((value?value->length:0))] uint32 value_len;
372 [relative,subcontext(0),subcontext_size(value_len),flag(NDR_REMAINING)] DATA_BLOB *value;
373 } package_PrimaryKerberosKey4;
375 typedef [nopython] struct {
377 [value(0)] uint16 num_service_keys;
379 uint16 num_older_keys;
380 package_PrimaryKerberosString salt;
381 uint32 default_iteration_count;
382 package_PrimaryKerberosKey4 keys[num_keys];
383 package_PrimaryKerberosKey4 service_keys[num_service_keys];
384 package_PrimaryKerberosKey4 old_keys[num_old_keys];
385 package_PrimaryKerberosKey4 older_keys[num_older_keys];
386 } package_PrimaryKerberosCtr4;
388 typedef [nodiscriminant,nopython] union {
389 [case(3)] package_PrimaryKerberosCtr3 ctr3;
390 [case(4)] package_PrimaryKerberosCtr4 ctr4;
391 } package_PrimaryKerberosCtr;
393 typedef [public,nopython] struct {
395 [value(0)] uint16 flags;
396 [switch_is(version)] package_PrimaryKerberosCtr ctr;
397 } package_PrimaryKerberosBlob;
399 [nopython] void decode_PrimaryKerberos(
400 [in] package_PrimaryKerberosBlob blob
403 typedef [public] struct {
404 [flag(NDR_REMAINING)] DATA_BLOB cleartext;
405 } package_PrimaryCLEARTEXTBlob;
407 void decode_PrimaryCLEARTEXT(
408 [in] package_PrimaryCLEARTEXTBlob blob
411 typedef [flag(NDR_PAHEX)] struct {
413 } package_PrimaryWDigestHash;
415 typedef [public] struct {
416 [value(0x31)] uint16 unknown1;
417 [value(0x01)] uint8 unknown2;
419 [value(0)] uint32 unknown3;
420 [value(0)] udlong uuknown4;
421 package_PrimaryWDigestHash hashes[num_hashes];
422 } package_PrimaryWDigestBlob;
424 void decode_PrimaryWDigest(
425 [in] package_PrimaryWDigestBlob blob
429 [value(0)] uint32 size;
433 [value(16)] uint32 size;
434 samr_Password password;
438 * the secret value is encoded as UTF16 if it's a string
439 * but depending the AuthType, it might also be krb5 trusts have random bytes here, so converting to UTF16
442 * TODO: We should try handle the case of a random buffer in all places
443 * we deal with cleartext passwords from windows
445 * so we don't use this:
448 * [charset(UTF16)] uint8 value[value_len];
453 uint8 password[size];
457 [value(4)] uint32 size;
461 typedef [nodiscriminant] union {
462 [case(TRUST_AUTH_TYPE_NONE)] AuthInfoNone none;
463 [case(TRUST_AUTH_TYPE_NT4OWF)] AuthInfoNT4Owf nt4owf;
464 [case(TRUST_AUTH_TYPE_CLEAR)] AuthInfoClear clear;
465 [case(TRUST_AUTH_TYPE_VERSION)] AuthInfoVersion version;
468 typedef [public] struct {
469 NTTIME LastUpdateTime;
470 lsa_TrustAuthType AuthType;
472 [switch_is(AuthType)] AuthInfo AuthInfo;
473 [flag(NDR_ALIGN4)] DATA_BLOB _pad;
474 } AuthenticationInformation;
476 typedef [nopull,nopush,noprint] struct {
477 /* sizeis here is bogus, but this is here just for the structure */
478 [size_is(1)] AuthenticationInformation array[];
479 } AuthenticationInformationArray;
481 /* This is nopull,nopush because we pass count down to the
482 * manual parser of AuthenticationInformationArray */
483 typedef [public,nopull,nopush,noprint,gensize] struct {
485 [relative] AuthenticationInformationArray *current;
486 [relative] AuthenticationInformationArray *previous;
487 } trustAuthInOutBlob;
489 [nopython] void decode_trustAuthInOut(
490 [in] trustAuthInOutBlob blob
493 typedef [public,gensize] struct {
495 [relative] AuthenticationInformation *current[count];
496 } trustCurrentPasswords;
498 typedef [public,nopull] struct {
499 uint8 confounder[512];
500 [subcontext(0),subcontext_size(outgoing_size)] trustCurrentPasswords outgoing;
501 [subcontext(0),subcontext_size(incoming_size)] trustCurrentPasswords incoming;
502 [value(ndr_size_trustCurrentPasswords(&outgoing, ndr->iconv_convenience, ndr->flags))] uint32 outgoing_size;
503 [value(ndr_size_trustCurrentPasswords(&incoming, ndr->iconv_convenience, ndr->flags))] uint32 incoming_size;
504 } trustDomainPasswords;
506 [nopython] void decode_trustDomainPasswords(
507 [in] trustDomainPasswords blob
510 typedef [public] struct {
517 [size_is(__size),charset(DOS)] uint8 *string;
518 } ExtendedErrorAString;
522 [size_is(__size),charset(UTF16)] uint16 *string;
523 } ExtendedErrorUString;
527 [size_is(length)] uint8 *data;
531 EXTENDED_ERROR_COMPUTER_NAME_PRESENT = 1,
532 EXTENDED_ERROR_COMPUTER_NAME_NOT_PRESENT= 2
533 } ExtendedErrorComputerNamePresent;
535 typedef [switch_type(ExtendedErrorComputerNamePresent)] union {
536 [case(EXTENDED_ERROR_COMPUTER_NAME_PRESENT)] ExtendedErrorUString name;
537 [case(EXTENDED_ERROR_COMPUTER_NAME_NOT_PRESENT)];
538 } ExtendedErrorComputerNameU;
541 ExtendedErrorComputerNamePresent present;
542 [switch_is(present)] ExtendedErrorComputerNameU n;
543 } ExtendedErrorComputerName;
546 EXTENDED_ERROR_PARAM_TYPE_ASCII_STRING = 1,
547 EXTENDED_ERROR_PARAM_TYPE_UNICODE_STRING = 2,
548 EXTENDED_ERROR_PARAM_TYPE_UINT32 = 3,
549 EXTENDED_ERROR_PARAM_TYPE_UINT16 = 4,
550 EXTENDED_ERROR_PARAM_TYPE_UINT64 = 5,
551 EXTENDED_ERROR_PARAM_TYPE_NONE = 6,
552 EXTENDED_ERROR_PARAM_TYPE_BLOB = 7
553 } ExtendedErrorParamType;
555 typedef [switch_type(ExtendedErrorParamType)] union {
556 [case(EXTENDED_ERROR_PARAM_TYPE_ASCII_STRING)] ExtendedErrorAString a_string;
557 [case(EXTENDED_ERROR_PARAM_TYPE_UNICODE_STRING)] ExtendedErrorUString u_string;
558 [case(EXTENDED_ERROR_PARAM_TYPE_UINT32)] uint32 uint32;
559 [case(EXTENDED_ERROR_PARAM_TYPE_UINT16)] uint16 uint16;
560 [case(EXTENDED_ERROR_PARAM_TYPE_UINT64)] hyper uint64;
561 [case(EXTENDED_ERROR_PARAM_TYPE_NONE)];
562 [case(EXTENDED_ERROR_PARAM_TYPE_BLOB)] ExtendedErrorBlob blob;
563 } ExtendedErrorParamU;
566 ExtendedErrorParamType type;
567 [switch_is(type)] ExtendedErrorParamU p;
568 } ExtendedErrorParam;
570 typedef [public] struct {
571 ExtendedErrorInfo *next;
572 ExtendedErrorComputerName computer_name;
575 uint32 generating_component;
577 uint16 detection_location;
580 [size_is(num_params)] ExtendedErrorParam params[];
584 [unique] ExtendedErrorInfo *info;
585 } ExtendedErrorInfoPtr;
587 [nopython] void decode_ExtendedErrorInfo (
588 [in,subcontext(0xFFFFFC01)] ExtendedErrorInfoPtr ptr
591 /* MS-ADTS 7.1.6.9.3 msDS-TrustForestTrustInfo Attribute */
594 [value(strlen_m(string))] uint32 size;
595 [charset(UTF8)] uint8 string[size];
598 typedef [flag(NDR_NOALIGN)] struct {
599 [value(ndr_size_dom_sid0(&sid, ndr->flags))] uint32 sid_size;
600 [subcontext(0),subcontext_size(sid_size)] dom_sid sid;
601 ForestTrustString dns_name;
602 ForestTrustString netbios_name;
603 } ForestTrustDataDomainInfo;
605 typedef [flag(NDR_NOALIGN)] struct {
608 } ForestTrustDataBinaryData;
610 typedef [nodiscriminant] union {
611 [case(FOREST_TRUST_TOP_LEVEL_NAME)] ForestTrustString name;
612 [case(FOREST_TRUST_TOP_LEVEL_NAME_EX)] ForestTrustString name;
613 [case(FOREST_TRUST_DOMAIN_INFO)] ForestTrustDataDomainInfo info;
614 [default] ForestTrustDataBinaryData data;
617 /* same as lsa_ForestTrustRecordType */
618 typedef [enum8bit] enum {
619 FOREST_TRUST_TOP_LEVEL_NAME = 0,
620 FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
621 FOREST_TRUST_DOMAIN_INFO = 2
622 } ForestTrustInfoRecordType;
624 /* meaning of flags depends on record type and values are
625 the same as in lsa.idl, see collision record types */
626 typedef [public,gensize,flag(NDR_NOALIGN)] struct {
629 ForestTrustInfoRecordType type;
630 [switch_is(type)] ForestTrustData data;
631 } ForestTrustInfoRecord;
633 typedef [flag(NDR_NOALIGN)] struct {
634 [value(ndr_size_ForestTrustInfoRecord(&record, ndr->iconv_convenience, ndr->flags))] uint32 record_size;
635 ForestTrustInfoRecord record;
636 } ForestTrustInfoRecordArmor;
638 typedef [public,flag(NDR_NOALIGN)] struct {
641 ForestTrustInfoRecordArmor records[count];
644 [nopython] void decode_ForestTrustInfo(
645 [in] ForestTrustInfo blob
git.samba.org / amitay / samba.git / blob