6 uuid("12345778-1234-abcd-0001-00000001"),
8 pointer_default(unique),
9 helpstring("Active Directory Replication LDAP Blobs")
12 declare bitmap drsuapi_DsReplicaSyncOptions;
13 declare bitmap drsuapi_DsReplicaNeighbourFlags;
14 declare [v1_enum] enum drsuapi_DsAttributeId;
17 * replPropertyMetaData
22 drsuapi_DsAttributeId attid;
24 NTTIME_1sec originating_change_time;
25 GUID originating_invocation_id;
26 hyper originating_usn;
28 } replPropertyMetaData1;
33 replPropertyMetaData1 array[count];
34 } replPropertyMetaDataCtr1;
36 typedef [nodiscriminant] union {
37 [case(1)] replPropertyMetaDataCtr1 ctr1;
38 } replPropertyMetaDataCtr;
40 typedef [public] struct {
43 [switch_is(version)] replPropertyMetaDataCtr ctr;
44 } replPropertyMetaDataBlob;
46 void decode_replPropertyMetaData(
47 [in] replPropertyMetaDataBlob blob
58 drsuapi_DsReplicaCursor cursors[count];
59 } replUpToDateVectorCtr1;
64 drsuapi_DsReplicaCursor2 cursors[count];
65 } replUpToDateVectorCtr2;
67 typedef [nodiscriminant] union {
68 [case(1)] replUpToDateVectorCtr1 ctr1;
69 [case(2)] replUpToDateVectorCtr2 ctr2;
70 } replUpToDateVectorCtr;
72 typedef [public] struct {
75 [switch_is(version)] replUpToDateVectorCtr ctr;
76 } replUpToDateVectorBlob;
78 void decode_replUpToDateVector(
79 [in] replUpToDateVectorBlob blob
87 typedef [public,gensize] struct {
89 } repsFromTo1OtherInfo;
91 typedef [public,gensize,flag(NDR_PAHEX)] struct {
92 /* this includes the 8 bytes of the repsFromToBlob header */
93 [value(ndr_size_repsFromTo1(r, ndr->flags)+8)] uint32 blobsize;
94 uint32 consecutive_sync_failures;
95 NTTIME_1sec last_success;
96 NTTIME_1sec last_attempt;
97 WERROR result_last_attempt;
98 [relative] repsFromTo1OtherInfo *other_info;
99 [value(ndr_size_repsFromTo1OtherInfo(other_info, ndr->flags))] uint32 other_info_length;
100 drsuapi_DsReplicaNeighbourFlags replica_flags;
103 drsuapi_DsReplicaHighWaterMark highwatermark;
104 GUID source_dsa_obj_guid; /* the 'objectGuid' field of the CN=NTDS Settings object */
105 GUID source_dsa_invocation_id; /* the 'invocationId' field of the CN=NTDS Settings object */
109 typedef [nodiscriminant] union {
110 [case(1)] repsFromTo1 ctr1;
113 typedef [public] struct {
116 [switch_is(version)] repsFromTo ctr;
119 void decode_repsFromTo(
120 [in] repsFromToBlob blob
124 * partialAttributeSet
126 * w2k3 uses version 1
130 drsuapi_DsAttributeId array[count];
131 } partialAttributeSetCtr1;
133 typedef [nodiscriminant] union {
134 [case(1)] partialAttributeSetCtr1 ctr1;
135 } partialAttributeSetCtr;
137 typedef [public] struct {
140 [switch_is(version)] partialAttributeSetCtr ctr;
141 } partialAttributeSetBlob;
143 void decode_partialAttributeSet(
144 [in] partialAttributeSetBlob blob
151 * samba4 uses 0x44534442 'DSDB'
153 * as we windows don't return the prefixMap attribute when you ask for
154 * we don't know the format, but the attribute is not replicated
155 * so that we can choose our own format...
157 typedef [v1_enum] enum {
158 PREFIX_MAP_VERSION_DSDB = 0x44534442
161 typedef [nodiscriminant] union {
162 [case(PREFIX_MAP_VERSION_DSDB)] drsuapi_DsReplicaOIDMapping_Ctr dsdb;
165 typedef [public] struct {
166 prefixMapVersion version;
168 [switch_is(version)] prefixMapCtr ctr;
171 void decode_prefixMap(
172 [in] prefixMapBlob blob
176 * the cookie for the LDAP dirsync control
178 typedef [nodiscriminant,gensize] union {
180 [default] replUpToDateVectorBlob uptodateness_vector;
181 } ldapControlDirSyncExtra;
184 [value(3)] uint32 u1;
188 [value(ndr_size_ldapControlDirSyncExtra(&extra, extra.uptodateness_vector.version, 0))]
190 drsuapi_DsReplicaHighWaterMark highwatermark;
192 [switch_is(extra_length)] ldapControlDirSyncExtra extra;
193 } ldapControlDirSyncBlob;
195 typedef [public,relative_base] struct {
196 [charset(DOS),value("MSDS")] uint8 msds[4];
197 [subcontext(0)] ldapControlDirSyncBlob blob;
198 } ldapControlDirSyncCookie;
200 void decode_ldapControlDirSync(
201 [in] ldapControlDirSyncCookie cookie
205 [value(2*strlen_m(name))] uint16 name_len;
206 [value(strlen(data))] uint16 data_len;
207 uint16 unknown1; /* 2 for name = 'Packages', 1 for name = 'Primary:*' */
208 [charset(UTF16)] uint8 name[name_len];
210 * the data field contains data as HEX strings
213 * data contains the list of packages
214 * as non termiated UTF16 strings with
215 * a UTF16 NULL byte as separator
217 * 'Primary:Kerberos':
223 * 'Primary:CLEARTEXT':
224 * data contains the cleartext password
225 * as UTF16 string encoded as HEX string
227 [charset(DOS)] uint8 data[data_len];
228 } supplementalCredentialsPackage;
230 /* this are 0x30 (48) whitespaces (0x20) followed by 'P' (0x50) */
231 const string SUPPLEMENTAL_CREDENTIALS_PREFIX = " P";
233 typedef [gensize] struct {
234 [value(SUPPLEMENTAL_CREDENTIALS_PREFIX),charset(UTF16)] uint16 prefix[0x31];
236 supplementalCredentialsPackage packages[num_packages];
237 } supplementalCredentialsSubBlob;
239 typedef [public] struct {
240 [value(0)] uint32 unknown1;
241 [value(ndr_size_supplementalCredentialsSubBlob(&sub, ndr->flags))] uint32 __ndr_size;
242 [value(0)] uint32 unknown2;
243 [subcontext(0),subcontext_size(__ndr_size)] supplementalCredentialsSubBlob sub;
244 [value(0)] uint8 unknown3;
245 } supplementalCredentialsBlob;
247 void decode_supplementalCredentials(
248 [in] supplementalCredentialsBlob blob
251 typedef [public] struct {
252 [flag(STR_NOTERM|NDR_REMAINING)] string_array names;
253 } package_PackagesBlob;
255 void decode_Packages(
256 [in] package_PackagesBlob blob
260 [value(2*strlen_m(string))] uint16 length;
261 [value(2*strlen_m(string))] uint16 size;
262 [relative,subcontext(0),subcontext_size(size),flag(STR_NOTERM|NDR_REMAINING)] string *string;
263 } package_PrimaryKerberosString;
267 [value((value?value->length:0))] uint32 value_len;
268 [relative,subcontext(0),subcontext_size(value_len),flag(NDR_REMAINING)] DATA_BLOB *value;
269 [value(0)] uint32 unknown1;
270 [value(0)] uint32 unknown2;
271 } package_PrimaryKerberosKey;
276 package_PrimaryKerberosString salt;
277 [value(0)] uint32 unknown1;
278 [value(0)] uint32 unknown2;
279 package_PrimaryKerberosKey keys[num_keys];
280 package_PrimaryKerberosKey old_keys[num_old_keys];
281 udlong unknown3[num_keys];
282 udlong unknown3_old[num_old_keys];
283 } package_PrimaryKerberosCtr3;
285 typedef [nodiscriminant] union {
286 [case(3)] package_PrimaryKerberosCtr3 ctr3;
287 } package_PrimaryKerberosCtr;
289 typedef [public] struct {
290 [value(3)] uint32 version;
291 [switch_is(version)] package_PrimaryKerberosCtr ctr;
292 } package_PrimaryKerberosBlob;
294 void decode_PrimaryKerberos(
295 [in] package_PrimaryKerberosBlob blob
298 typedef [public] struct {
299 [flag(STR_NOTERM|NDR_REMAINING)] string cleartext;
300 } package_PrimaryCLEARTEXTBlob;
302 void decode_PrimaryCLEARTEXT(
303 [in] package_PrimaryCLEARTEXTBlob blob
306 typedef [flag(NDR_PAHEX)] struct {
308 } package_PrimaryWDigestHash;
310 typedef [public] struct {
311 [value(0x31)] uint16 unknown1;
312 [value(0x01)] uint8 unknown2;
314 [value(0)] uint32 unknown3;
315 [value(0)] udlong uuknown4;
316 package_PrimaryWDigestHash hashes[num_hashes];
317 } package_PrimaryWDigestBlob;
319 void decode_PrimaryWDigest(
320 [in] package_PrimaryWDigestBlob blob
327 * the secret value is encoded as UTF16 if it's a string
328 * but krb5 trusts have random bytes here, so converting to UTF16
331 * TODO: We should try handle the case of a random buffer in all places
332 * we deal with cleartext passwords from windows
334 * so we don't use this:
337 * [charset(UTF16)] uint8 value[value_len];
340 [flag(NDR_ALIGN4)] DATA_BLOB _pad;
341 } trustAuthInOutSecret1;
344 [relative] trustAuthInOutSecret1 *value1;
345 [relative] trustAuthInOutSecret1 *value2;
346 } trustAuthInOutCtr1;
356 [flag(NDR_ALIGN4)] DATA_BLOB _pad;
357 } trustAuthInOutSecret2V1;
366 [flag(NDR_ALIGN4)] DATA_BLOB _pad;
367 } trustAuthInOutSecret2V2;
370 [relative] trustAuthInOutSecret2V1 *value1;
371 [relative] trustAuthInOutSecret2V2 *value2;
372 } trustAuthInOutCtr2;
374 typedef [nodiscriminant] union {
375 [case(1)] trustAuthInOutCtr1 ctr1;
376 [case(2)] trustAuthInOutCtr2 ctr2;
379 typedef [public] struct {
381 [switch_is(version)] trustAuthInOutCtr ctr;
382 } trustAuthInOutBlob;
384 void decode_trustAuthInOut(
385 [in] trustAuthInOutBlob blob
388 typedef [public] struct {
393 typedef [public] struct {
394 DsCompressedChunk chunks[5];
397 void decode_DsCompressed(
398 [in] DsCompressedBlob blob