It turns out that the Netlogon PAC verification is encrypted.
[kai/samba.git] / source4 / librpc / idl / krb5pac.idl
1 /*
2   krb5 PAC
3 */
4
5 #include "idl_types.h"
6
7 import "security.idl", "netlogon.idl", "samr.idl";
8
9 [
10   uuid("12345778-1234-abcd-0000-00000000"),
11   version(0.0),
12   pointer_default(unique),
13   helpstring("Active Directory KRB5 PAC")
14 ]
15 interface krb5pac
16 {
17         typedef struct {
18                 NTTIME logon_time;
19                 [value(2*strlen_m(account_name))] uint16 size;
20                 [charset(UTF16)] uint8 account_name[size];
21         } PAC_LOGON_NAME;
22
23         typedef [public,flag(NDR_PAHEX)] struct {
24                 uint32 type;
25                 [flag(NDR_REMAINING)] DATA_BLOB signature;
26         } PAC_SIGNATURE_DATA;
27
28         typedef [gensize] struct {
29                 netr_SamInfo3 info3;
30                 dom_sid2 *res_group_dom_sid;
31                 samr_RidWithAttributeArray res_groups;
32         } PAC_LOGON_INFO;
33
34         typedef struct {
35                 [value(2*strlen_m(upn_name))] uint16 upn_size;
36                 uint16 upn_offset;
37                 [value(2*strlen_m(domain_name))] uint16 domain_size;
38                 uint16 domain_offset;
39                 uint16 unknown3; /* 0x01 */
40                 uint16 unknown4;
41                 uint32 unknown5;
42                 [charset(UTF16)] uint8 upn_name[upn_size+2];
43                 [charset(UTF16)] uint8 domain_name[domain_size+2];
44                 uint32 unknown6; /* padding */
45         } PAC_UNKNOWN_12;
46
47         typedef [public] struct {
48                 PAC_LOGON_INFO *info;
49         } PAC_LOGON_INFO_CTR;
50
51         typedef [public,v1_enum] enum {
52                 PAC_TYPE_LOGON_INFO = 1,
53                 PAC_TYPE_SRV_CHECKSUM = 6,
54                 PAC_TYPE_KDC_CHECKSUM = 7,
55                 PAC_TYPE_LOGON_NAME = 10,
56                 PAC_TYPE_CONSTRAINED_DELEGATION = 11,
57                 PAC_TYPE_UNKNOWN_12 = 12
58         } PAC_TYPE;
59
60         typedef struct {
61                 [flag(NDR_REMAINING)] DATA_BLOB remaining;
62         } DATA_BLOB_REM;
63
64         typedef [public,nodiscriminant,gensize] union {
65                 [case(PAC_TYPE_LOGON_INFO)][subcontext(0xFFFFFC01)] PAC_LOGON_INFO_CTR logon_info;
66                 [case(PAC_TYPE_SRV_CHECKSUM)]   PAC_SIGNATURE_DATA srv_cksum;
67                 [case(PAC_TYPE_KDC_CHECKSUM)]   PAC_SIGNATURE_DATA kdc_cksum;
68                 [case(PAC_TYPE_LOGON_NAME)]     PAC_LOGON_NAME logon_name;
69                 /* when new PAC info types are added they are supposed to be done
70                    in such a way that they are backwards compatible with existing
71                    servers. This makes it safe to just use a [default] for
72                    unknown types, which lets us ignore the data */
73                 [default]       [subcontext(0)] DATA_BLOB_REM unknown;
74                 /* [case(PAC_TYPE_UNKNOWN_12)]  PAC_UNKNOWN_12 unknown; */
75         } PAC_INFO;
76
77         typedef [public,nopush,nopull,noprint] struct {
78                 PAC_TYPE type;
79                 [value(_ndr_size_PAC_INFO(info, type, 0))] uint32 _ndr_size;
80                 [relative,switch_is(type),subcontext(0),subcontext_size(_subcontext_size_PAC_INFO(r, ndr->flags)),flag(NDR_ALIGN8)] PAC_INFO *info;
81                 [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
82         } PAC_BUFFER;
83
84         typedef [public] struct {
85                 uint32 num_buffers;
86                 uint32 version;
87                 PAC_BUFFER buffers[num_buffers];
88         } PAC_DATA;
89
90         typedef [public] struct {
91                 PAC_TYPE type;
92                 uint32 ndr_size;
93                 [relative,subcontext(0),subcontext_size(NDR_ROUND(ndr_size,8)),flag(NDR_ALIGN8)] DATA_BLOB_REM *info;
94                 [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
95         } PAC_BUFFER_RAW;
96
97         typedef [public] struct {
98                 uint32 num_buffers;
99                 uint32 version;
100                 PAC_BUFFER_RAW buffers[num_buffers];
101         } PAC_DATA_RAW;
102
103         const int NETLOGON_GENERIC_KRB5_PAC_VALIDATE = 3;
104
105         typedef [public] struct {
106                 [value(NETLOGON_GENERIC_KRB5_PAC_VALIDATE)] uint32 MessageType;
107                 uint32 ChecksumLength;
108                 uint32 SignatureType;
109                 uint32 SignatureLength;
110                 [flag(NDR_REMAINING)] DATA_BLOB ChecksumAndSignature;
111         } PAC_Validate;
112
113         void decode_pac(
114                 [in] PAC_DATA pac
115                 );
116
117         void decode_pac_raw(
118                 [in] PAC_DATA_RAW pac
119                 );
120
121         void decode_login_info(
122                 [in] PAC_LOGON_INFO logon_info
123                 );
124
125         void decode_pac_validate(
126                 [in] PAC_Validate pac_validate
127                 );
128
129
130 }