3 import "drsuapi.idl", "misc.idl", "samr.idl", "lsa.idl";
6 uuid("12345778-1234-abcd-0001-00000001"),
8 pointer_default(unique),
9 helper("../librpc/ndr/ndr_drsblobs.h"),
10 helpstring("Active Directory Replication LDAP Blobs")
13 typedef bitmap drsuapi_DsReplicaSyncOptions drsuapi_DsReplicaSyncOptions;
14 typedef bitmap drsuapi_DrsOptions drsuapi_DrsOptions;
15 typedef [v1_enum] enum drsuapi_DsAttributeId drsuapi_DsAttributeId;
16 typedef [v1_enum] enum lsa_TrustAuthType lsa_TrustAuthType;
18 * replPropertyMetaData
23 drsuapi_DsAttributeId attid;
25 NTTIME_1sec originating_change_time;
26 GUID originating_invocation_id;
27 hyper originating_usn;
29 } replPropertyMetaData1;
33 [value(0)] uint32 reserved;
34 replPropertyMetaData1 array[count];
35 } replPropertyMetaDataCtr1;
37 typedef [nodiscriminant] union {
38 [case(1)] replPropertyMetaDataCtr1 ctr1;
39 } replPropertyMetaDataCtr;
41 typedef [public] struct {
43 [value(0)] uint32 reserved;
44 [switch_is(version)] replPropertyMetaDataCtr ctr;
45 } replPropertyMetaDataBlob;
47 void decode_replPropertyMetaData(
48 [in] replPropertyMetaDataBlob blob
58 [value(0)] uint32 reserved;
59 drsuapi_DsReplicaCursor cursors[count];
60 } replUpToDateVectorCtr1;
64 [value(0)] uint32 reserved;
65 drsuapi_DsReplicaCursor2 cursors[count];
66 } replUpToDateVectorCtr2;
68 typedef [nodiscriminant] union {
69 [case(1)] replUpToDateVectorCtr1 ctr1;
70 [case(2)] replUpToDateVectorCtr2 ctr2;
71 } replUpToDateVectorCtr;
73 typedef [public] struct {
75 [value(0)] uint32 reserved;
76 [switch_is(version)] replUpToDateVectorCtr ctr;
77 } replUpToDateVectorBlob;
79 void decode_replUpToDateVector(
80 [in] replUpToDateVectorBlob blob
89 typedef [public,gensize] struct {
90 [value(strlen(dns_name)+1)] uint32 __dns_name_size;
91 [charset(DOS)] uint8 dns_name[__dns_name_size];
92 } repsFromTo1OtherInfo;
94 typedef [public,gensize,flag(NDR_PAHEX)] struct {
95 /* this includes the 8 bytes of the repsFromToBlob header */
96 [value(ndr_size_repsFromTo1(this, ndr->iconv_convenience, ndr->flags)+8)] uint32 blobsize;
97 uint32 consecutive_sync_failures;
98 NTTIME_1sec last_success;
99 NTTIME_1sec last_attempt;
100 WERROR result_last_attempt;
101 [relative] repsFromTo1OtherInfo *other_info;
102 [value(ndr_size_repsFromTo1OtherInfo(other_info, ndr->iconv_convenience, ndr->flags))] uint32 other_info_length;
103 drsuapi_DrsOptions replica_flags;
105 [value(0)] uint32 reserved;
106 drsuapi_DsReplicaHighWaterMark highwatermark;
107 GUID source_dsa_obj_guid; /* the 'objectGuid' field of the CN=NTDS Settings object */
108 GUID source_dsa_invocation_id; /* the 'invocationId' field of the CN=NTDS Settings object */
112 typedef [public,relative_base,gensize] struct {
113 [value(ndr_size_repsFromTo2OtherInfo(this,ndr->iconv_convenience, ndr->flags))]
115 [relative] nstring *dns_name1;
117 [relative] nstring *dns_name2;
119 } repsFromTo2OtherInfo;
121 typedef [public,gensize,flag(NDR_PAHEX)] struct {
122 /* this includes the 8 bytes of the repsFromToBlob header */
123 [value(ndr_size_repsFromTo2(this, ndr->iconv_convenience, ndr->flags)+8)] uint32 blobsize;
124 uint32 consecutive_sync_failures;
125 NTTIME_1sec last_success;
126 NTTIME_1sec last_attempt;
127 WERROR result_last_attempt;
128 [relative] repsFromTo2OtherInfo *other_info;
129 [value(ndr_size_repsFromTo2OtherInfo(other_info, ndr->iconv_convenience, ndr->flags))] uint32 other_info_length;
130 drsuapi_DrsOptions replica_flags;
132 [value(0)] uint32 reserved;
133 drsuapi_DsReplicaHighWaterMark highwatermark;
134 GUID source_dsa_obj_guid; /* the 'objectGuid' field of the CN=NTDS Settings object */
135 GUID source_dsa_invocation_id; /* the 'invocationId' field of the CN=NTDS Settings object */
140 typedef [nodiscriminant] union {
141 [case(1)] repsFromTo1 ctr1;
142 [case(2)] repsFromTo2 ctr2;
145 typedef [public] struct {
147 [value(0)] uint32 reserved;
148 [switch_is(version)] repsFromTo ctr;
151 void decode_repsFromTo(
152 [in] repsFromToBlob blob
156 * partialAttributeSet
158 * w2k3 uses version 1
162 drsuapi_DsAttributeId array[count];
163 } partialAttributeSetCtr1;
165 typedef [nodiscriminant] union {
166 [case(1)] partialAttributeSetCtr1 ctr1;
167 } partialAttributeSetCtr;
169 typedef [public] struct {
171 [value(0)] uint32 reserved;
172 [switch_is(version)] partialAttributeSetCtr ctr;
173 } partialAttributeSetBlob;
175 void decode_partialAttributeSet(
176 [in] partialAttributeSetBlob blob
180 * MS w2k3 and w2k8 prefixMap format
181 * There is no version number. Format is:
182 * uint32 - number of entries in the map
183 * uint32 - total bytes that structure occupies
185 * uint16 - prefix ID (OID's last sub-id encoded. see prefixMap)
186 * uint16 - number of bytes in prefix N
187 * uint8[N] - BER encoded prefix
189 typedef [noprint,flag(NDR_NOALIGN)] struct {
192 uint8 binary_oid[length];
193 } drsuapi_MSPrefixMap_Entry;
195 typedef [public,gensize] struct {
197 [value(ndr_size_drsuapi_MSPrefixMap_Ctr(r, ndr->iconv_convenience, ndr->flags))] uint32 __ndr_size;
198 drsuapi_MSPrefixMap_Entry entries[num_entries];
199 } drsuapi_MSPrefixMap_Ctr;
205 * samba4 uses 0x44534442 'DSDB'
207 * as we windows don't return the prefixMap attribute when you ask for
208 * we don't know the format, but the attribute is not replicated
209 * so that we can choose our own format...
211 typedef [v1_enum] enum {
212 PREFIX_MAP_VERSION_DSDB = 0x44534442
215 typedef [nodiscriminant] union {
216 [case(PREFIX_MAP_VERSION_DSDB)] drsuapi_DsReplicaOIDMapping_Ctr dsdb;
219 typedef [public] struct {
220 prefixMapVersion version;
221 [value(0)] uint32 reserved;
222 [switch_is(version)] prefixMapCtr ctr;
225 void decode_prefixMap(
226 [in] prefixMapBlob blob
231 * the cookie for the LDAP dirsync control
233 typedef [nodiscriminant,gensize] union {
235 [default] replUpToDateVectorBlob uptodateness_vector;
236 } ldapControlDirSyncExtra;
239 [value(3)] uint32 u1;
243 [value(ndr_size_ldapControlDirSyncExtra(&extra, extra.uptodateness_vector.version, ndr->iconv_convenience, 0))]
245 drsuapi_DsReplicaHighWaterMark highwatermark;
247 [switch_is(extra_length)] ldapControlDirSyncExtra extra;
248 } ldapControlDirSyncBlob;
250 typedef [public,relative_base] struct {
251 [charset(DOS),value("MSDS")] uint8 msds[4];
252 [subcontext(0)] ldapControlDirSyncBlob blob;
253 } ldapControlDirSyncCookie;
255 void decode_ldapControlDirSync(
256 [in] ldapControlDirSyncCookie cookie
260 [value(2*strlen_m(name))] uint16 name_len;
261 [value(strlen(data))] uint16 data_len;
262 uint16 reserved; /* 2 for 'Packages', 1 for 'Primary:*', but should be ignored */
263 [charset(UTF16)] uint8 name[name_len];
265 * the data field contains data as HEX strings
268 * data contains the list of packages
269 * as non termiated UTF16 strings with
270 * a UTF16 NULL byte as separator
272 * 'Primary:Kerberos-Newer-Keys':
275 * 'Primary:Kerberos':
281 * 'Primary:CLEARTEXT':
282 * data contains the cleartext password
283 * as UTF16 string encoded as HEX string
285 [charset(DOS)] uint8 data[data_len];
286 } supplementalCredentialsPackage;
288 /* this are 0x30 (48) whitespaces (0x20) */
289 const string SUPPLEMENTAL_CREDENTIALS_PREFIX = " ";
291 typedef [flag(NDR_PAHEX)] enum {
292 SUPPLEMENTAL_CREDENTIALS_SIGNATURE = 0x0050
293 } supplementalCredentialsSignature;
295 typedef [gensize] struct {
296 [value(SUPPLEMENTAL_CREDENTIALS_PREFIX),charset(UTF16)] uint16 prefix[0x30];
297 [value(SUPPLEMENTAL_CREDENTIALS_SIGNATURE)] supplementalCredentialsSignature signature;
299 supplementalCredentialsPackage packages[num_packages];
300 } supplementalCredentialsSubBlob;
302 typedef [public] struct {
303 [value(0)] uint32 unknown1;
304 [value(ndr_size_supplementalCredentialsSubBlob(&sub, ndr->iconv_convenience, ndr->flags))] uint32 __ndr_size;
305 [value(0)] uint32 unknown2;
306 [subcontext(0),subcontext_size(__ndr_size)] supplementalCredentialsSubBlob sub;
307 [value(0)] uint8 unknown3;
308 } supplementalCredentialsBlob;
310 void decode_supplementalCredentials(
311 [in] supplementalCredentialsBlob blob
314 typedef [public] struct {
315 [flag(STR_NOTERM|NDR_REMAINING)] string_array names;
316 } package_PackagesBlob;
318 void decode_Packages(
319 [in] package_PackagesBlob blob
323 [value(2*strlen_m(string))] uint16 length;
324 [value(2*strlen_m(string))] uint16 size;
325 [relative,subcontext(0),subcontext_size(size),flag(STR_NOTERM|NDR_REMAINING)] string *string;
326 } package_PrimaryKerberosString;
329 [value(0)] uint16 reserved1;
330 [value(0)] uint16 reserved2;
331 [value(0)] uint32 reserved3;
333 [value((value?value->length:0))] uint32 value_len;
334 [relative,subcontext(0),subcontext_size(value_len),flag(NDR_REMAINING)] DATA_BLOB *value;
335 } package_PrimaryKerberosKey3;
340 package_PrimaryKerberosString salt;
341 package_PrimaryKerberosKey3 keys[num_keys];
342 package_PrimaryKerberosKey3 old_keys[num_old_keys];
343 [value(0)] uint32 padding1;
344 [value(0)] uint32 padding2;
345 [value(0)] uint32 padding3;
346 [value(0)] uint32 padding4;
347 [value(0)] uint32 padding5;
348 } package_PrimaryKerberosCtr3;
351 [value(0)] uint16 reserved1;
352 [value(0)] uint16 reserved2;
353 [value(0)] uint32 reserved3;
354 uint32 iteration_count;
356 [value((value?value->length:0))] uint32 value_len;
357 [relative,subcontext(0),subcontext_size(value_len),flag(NDR_REMAINING)] DATA_BLOB *value;
358 } package_PrimaryKerberosKey4;
362 [value(0)] uint16 num_service_keys;
364 uint16 num_older_keys;
365 package_PrimaryKerberosString salt;
366 uint32 default_iteration_count;
367 package_PrimaryKerberosKey4 keys[num_keys];
368 package_PrimaryKerberosKey4 service_keys[num_service_keys];
369 package_PrimaryKerberosKey4 old_keys[num_old_keys];
370 package_PrimaryKerberosKey4 older_keys[num_older_keys];
371 } package_PrimaryKerberosCtr4;
373 typedef [nodiscriminant] union {
374 [case(3)] package_PrimaryKerberosCtr3 ctr3;
375 [case(4)] package_PrimaryKerberosCtr4 ctr4;
376 } package_PrimaryKerberosCtr;
378 typedef [public] struct {
380 [value(0)] uint16 flags;
381 [switch_is(version)] package_PrimaryKerberosCtr ctr;
382 } package_PrimaryKerberosBlob;
384 void decode_PrimaryKerberos(
385 [in] package_PrimaryKerberosBlob blob
388 typedef [public] struct {
389 [flag(NDR_REMAINING)] DATA_BLOB cleartext;
390 } package_PrimaryCLEARTEXTBlob;
392 void decode_PrimaryCLEARTEXT(
393 [in] package_PrimaryCLEARTEXTBlob blob
396 typedef [flag(NDR_PAHEX)] struct {
398 } package_PrimaryWDigestHash;
400 typedef [public] struct {
401 [value(0x31)] uint16 unknown1;
402 [value(0x01)] uint8 unknown2;
404 [value(0)] uint32 unknown3;
405 [value(0)] udlong uuknown4;
406 package_PrimaryWDigestHash hashes[num_hashes];
407 } package_PrimaryWDigestBlob;
409 void decode_PrimaryWDigest(
410 [in] package_PrimaryWDigestBlob blob
414 [value(0)] uint32 size;
418 [value(16)] uint32 size;
419 samr_Password password;
423 * the secret value is encoded as UTF16 if it's a string
424 * but depending the AuthType, it might also be krb5 trusts have random bytes here, so converting to UTF16
427 * TODO: We should try handle the case of a random buffer in all places
428 * we deal with cleartext passwords from windows
430 * so we don't use this:
433 * [charset(UTF16)] uint8 value[value_len];
438 uint8 password[size];
442 [value(4)] uint32 size;
446 typedef [nodiscriminant] union {
447 [case(TRUST_AUTH_TYPE_NONE)] AuthInfoNone none;
448 [case(TRUST_AUTH_TYPE_NT4OWF)] AuthInfoNT4Owf nt4owf;
449 [case(TRUST_AUTH_TYPE_CLEAR)] AuthInfoClear clear;
450 [case(TRUST_AUTH_TYPE_VERSION)] AuthInfoVersion version;
453 typedef [public] struct {
454 NTTIME LastUpdateTime;
455 lsa_TrustAuthType AuthType;
457 [switch_is(AuthType)] AuthInfo AuthInfo;
458 [flag(NDR_ALIGN4)] DATA_BLOB _pad;
459 } AuthenticationInformation;
461 typedef [nopull,nopush,noprint] struct {
462 /* sizeis here is bogus, but this is here just for the structure */
463 [size_is(1)] AuthenticationInformation array[];
464 } AuthenticationInformationArray;
466 /* This is nopull,nopush because we pass count down to the
467 * manual parser of AuthenticationInformationArray */
468 typedef [public,nopull,nopush,noprint,gensize] struct {
470 [relative] AuthenticationInformationArray *current;
471 [relative] AuthenticationInformationArray *previous;
472 } trustAuthInOutBlob;
474 void decode_trustAuthInOut(
475 [in] trustAuthInOutBlob blob
478 typedef [public,gensize] struct {
480 [relative] AuthenticationInformation *current[count];
481 } trustCurrentPasswords;
483 typedef [public,nopull] struct {
484 uint8 confounder[512];
485 [subcontext(0),subcontext_size(outgoing_size)] trustCurrentPasswords outgoing;
486 [subcontext(0),subcontext_size(incoming_size)] trustCurrentPasswords incoming;
487 [value(ndr_size_trustCurrentPasswords(&outgoing, ndr->iconv_convenience, ndr->flags))] uint32 outgoing_size;
488 [value(ndr_size_trustCurrentPasswords(&incoming, ndr->iconv_convenience, ndr->flags))] uint32 incoming_size;
489 } trustDomainPasswords;
491 void decode_trustDomainPasswords(
492 [in] trustDomainPasswords blob
495 typedef [public] struct {
502 [size_is(__size),charset(DOS)] uint8 *string;
503 } ExtendedErrorAString;
507 [size_is(__size),charset(UTF16)] uint16 *string;
508 } ExtendedErrorUString;
512 [size_is(length)] uint8 *data;
516 EXTENDED_ERROR_COMPUTER_NAME_PRESENT = 1,
517 EXTENDED_ERROR_COMPUTER_NAME_NOT_PRESENT= 2
518 } ExtendedErrorComputerNamePresent;
520 typedef [switch_type(ExtendedErrorComputerNamePresent)] union {
521 [case(EXTENDED_ERROR_COMPUTER_NAME_PRESENT)] ExtendedErrorUString name;
522 [case(EXTENDED_ERROR_COMPUTER_NAME_NOT_PRESENT)];
523 } ExtendedErrorComputerNameU;
526 ExtendedErrorComputerNamePresent present;
527 [switch_is(present)] ExtendedErrorComputerNameU n;
528 } ExtendedErrorComputerName;
531 EXTENDED_ERROR_PARAM_TYPE_ASCII_STRING = 1,
532 EXTENDED_ERROR_PARAM_TYPE_UNICODE_STRING = 2,
533 EXTENDED_ERROR_PARAM_TYPE_UINT32 = 3,
534 EXTENDED_ERROR_PARAM_TYPE_UINT16 = 4,
535 EXTENDED_ERROR_PARAM_TYPE_UINT64 = 5,
536 EXTENDED_ERROR_PARAM_TYPE_NONE = 6,
537 EXTENDED_ERROR_PARAM_TYPE_BLOB = 7
538 } ExtendedErrorParamType;
540 typedef [switch_type(ExtendedErrorParamType)] union {
541 [case(EXTENDED_ERROR_PARAM_TYPE_ASCII_STRING)] ExtendedErrorAString a_string;
542 [case(EXTENDED_ERROR_PARAM_TYPE_UNICODE_STRING)] ExtendedErrorUString u_string;
543 [case(EXTENDED_ERROR_PARAM_TYPE_UINT32)] uint32 uint32;
544 [case(EXTENDED_ERROR_PARAM_TYPE_UINT16)] uint16 uint16;
545 [case(EXTENDED_ERROR_PARAM_TYPE_UINT64)] hyper uint64;
546 [case(EXTENDED_ERROR_PARAM_TYPE_NONE)];
547 [case(EXTENDED_ERROR_PARAM_TYPE_BLOB)] ExtendedErrorBlob blob;
548 } ExtendedErrorParamU;
551 ExtendedErrorParamType type;
552 [switch_is(type)] ExtendedErrorParamU p;
553 } ExtendedErrorParam;
555 typedef [public] struct {
556 ExtendedErrorInfo *next;
557 ExtendedErrorComputerName computer_name;
560 uint32 generating_component;
562 uint16 detection_location;
565 [size_is(num_params)] ExtendedErrorParam params[];
569 [unique] ExtendedErrorInfo *info;
570 } ExtendedErrorInfoPtr;
572 void decode_ExtendedErrorInfo (
573 [in,subcontext(0xFFFFFC01)] ExtendedErrorInfoPtr ptr