#include "idl_types.h" import "drsuapi.idl"; [ uuid("12345778-1234-abcd-0001-00000001"), version(0.0), pointer_default(unique), helpstring("Active Directory Replication LDAP Blobs") ] interface drsblobs { declare bitmap drsuapi_DsReplicaSyncOptions; declare bitmap drsuapi_DsReplicaNeighbourFlags; declare [v1_enum] enum drsuapi_DsAttributeId; /* * replPropertyMetaData * w2k uses version 1 * w2k3 uses version 1 */ typedef struct { drsuapi_DsAttributeId attid; uint32 version; NTTIME_1sec orginating_time; GUID orginating_invocation_id; hyper orginating_usn; hyper local_usn; } replPropertyMetaData1; typedef struct { uint32 count; uint32 reserved; replPropertyMetaData1 array[count]; } replPropertyMetaDataCtr1; typedef [nodiscriminant] union { [case(1)] replPropertyMetaDataCtr1 ctr1; } replPropertyMetaDataCtr; typedef [public] struct { uint32 version; uint32 reserved; [switch_is(version)] replPropertyMetaDataCtr ctr; } replPropertyMetaDataBlob; void decode_replPropertyMetaData( [in] replPropertyMetaDataBlob blob ); /* * replUpToDateVector * w2k uses version 1 * w2k3 uses version 2 */ typedef struct { uint32 count; uint32 reserved; drsuapi_DsReplicaCursor cursors[count]; } replUpToDateVectorCtr1; typedef struct { uint32 count; uint32 reserved; drsuapi_DsReplicaCursor2 cursors[count]; } replUpToDateVectorCtr2; typedef [nodiscriminant] union { [case(1)] replUpToDateVectorCtr1 ctr1; [case(2)] replUpToDateVectorCtr2 ctr2; } replUpToDateVectorCtr; typedef [public] struct { uint32 version; uint32 reserved; [switch_is(version)] replUpToDateVectorCtr ctr; } replUpToDateVectorBlob; void decode_replUpToDateVector( [in] replUpToDateVectorBlob blob ); /* * repsFrom/repsTo * w2k uses version 1 * w2k3 uses version 1 */ typedef [public,gensize] struct { asclstr dns_name; } repsFromTo1OtherInfo; typedef [public,gensize,flag(NDR_PAHEX)] struct { /* this includes the 8 bytes of the repsFromToBlob header */ [value(ndr_size_repsFromTo1(r, ndr->flags)+8)] uint32 blobsize; uint32 consecutive_sync_failures; NTTIME_1sec last_success; NTTIME_1sec last_attempt; WERROR result_last_attempt; [relative] repsFromTo1OtherInfo *other_info; [value(ndr_size_repsFromTo1OtherInfo(other_info, ndr->flags))] uint32 other_info_length; drsuapi_DsReplicaNeighbourFlags replica_flags; uint8 schedule[84]; uint32 reserved; drsuapi_DsReplicaHighWaterMark highwatermark; GUID source_dsa_obj_guid; /* the 'objectGuid' field of the CN=NTDS Settings object */ GUID source_dsa_invocation_id; /* the 'invocationId' field of the CN=NTDS Settings object */ GUID transport_guid; } repsFromTo1; typedef [nodiscriminant] union { [case(1)] repsFromTo1 ctr1; } repsFromTo; typedef [public] struct { uint32 version; uint32 reserved; [switch_is(version)] repsFromTo ctr; } repsFromToBlob; void decode_repsFromTo( [in] repsFromToBlob blob ); /* * partialAttributeSet * w2k uses version 1 * w2k3 uses version 1 */ typedef struct { uint32 count; drsuapi_DsAttributeId array[count]; } partialAttributeSetCtr1; typedef [nodiscriminant] union { [case(1)] partialAttributeSetCtr1 ctr1; } partialAttributeSetCtr; typedef [public] struct { uint32 version; uint32 reserved; [switch_is(version)] partialAttributeSetCtr ctr; } partialAttributeSetBlob; void decode_partialAttributeSet( [in] partialAttributeSetBlob blob ); /* * prefixMap * w2k unknown * w2k3 unknown * samba4 uses 0x44544442 'DSDB' * * as we windows don't return the prefixMap attribute when you ask for * we don't know the format, but the attribute is not replicated * so that we can choose our own format... */ typedef [v1_enum] enum { PREFIX_MAP_VERSION_DSDB = 0x44544442 } prefixMapVersion; typedef [nodiscriminant] union { [case(PREFIX_MAP_VERSION_DSDB)] drsuapi_DsReplicaOIDMapping_Ctr dsdb; } prefixMapCtr; typedef [public] struct { prefixMapVersion version; uint32 reserved; [switch_is(version)] prefixMapCtr ctr; } prefixMapBlob; void decode_prefixMap( [in] prefixMapBlob blob ); /* * the cookie for the LDAP dirsync control */ typedef [nodiscriminant,gensize] union { [case(0)]; [default] replUpToDateVectorBlob uptodateness_vector; } ldapControlDirSyncExtra; typedef struct { [value(3)] uint32 u1; NTTIME time; uint32 u2; uint32 u3; [value(ndr_size_ldapControlDirSyncExtra(&extra, extra.uptodateness_vector.version, 0))] uint32 extra_length; drsuapi_DsReplicaHighWaterMark highwatermark; GUID guid1; [switch_is(extra_length)] ldapControlDirSyncExtra extra; } ldapControlDirSyncBlob; typedef [public,relative_base] struct { [charset(DOS),value("MSDS")] uint8 msds[4]; [subcontext(0)] ldapControlDirSyncBlob blob; } ldapControlDirSyncCookie; void decode_ldapControlDirSync( [in] ldapControlDirSyncCookie cookie ); typedef struct { uint16 name_len; uint16 data_len; uint16 unknown1; /* 2 for name = 'Packages', 1 for name = 'Primary:*' */ [charset(UTF16)] uint8 name[name_len]; /* * the data field contains data as HEX strings * * 'Packages': * it seems to contains HEX strings * of GUID's concatenated together. * w2k only has 'Primary:Kerberos' * and there's a 32 byte hex string. * w2k3 also has 'Primary:WDigest' * and there's a 64 byte hex string. * ...but this 'Primary:CLEARTEXT' * also there's a 104 byte hex string * (instead of 3 * (16*2) = 96 ). * * 'Primary:Kerberos': * ... * * 'Primary:WDigest': * ... * * 'Primary:CLEARTEXT': * data contains the cleartext password * as UTF16 string encoded as HEX string */ [charset(DOS)] uint8 data[data_len]; } supplementalCredentialsPackage; /* this are 0x30 (48) whitespaces (0x20) followed by 'P' (0x50) */ const string SUPPLEMENTAL_CREDENTIALS_PREFIX = " P"; typedef struct { [value(SUPPLEMENTAL_CREDENTIALS_PREFIX),charset(UTF16)] uint16 prefix[0x31]; uint16 num_packages; supplementalCredentialsPackage packages[num_packages]; } supplementalCredentialsSubBlob; typedef [public] struct { [value(0)] uint32 unknown1; uint32 __ndr_size; [value(0)] uint32 unknown2; [subcontext(0),subcontext_size(__ndr_size)] supplementalCredentialsSubBlob sub; [value(0)] uint8 unknown3; } supplementalCredentialsBlob; void decode_supplementalCredentials( [in] supplementalCredentialsBlob blob ); typedef struct { NTTIME time1; uint32 unknown1; /* * the secret value is encoded as UTF16 if it's a string * but krb5 trusts have random bytes here, so converting to UTF16 * mayfail... * * TODO: We should try handle the case of a random buffer in all places * we deal with cleartext passwords from windows * * so we don't use this: * * uint32 value_len; * [charset(UTF16)] uint8 value[value_len]; */ DATA_BLOB value; [flag(NDR_ALIGN4)] DATA_BLOB _pad; } trustAuthInOutSecret1; typedef struct { [relative] trustAuthInOutSecret1 *value1; [relative] trustAuthInOutSecret1 *value2; } trustAuthInOutCtr1; typedef struct { NTTIME time1; uint32 unknown1; DATA_BLOB value; NTTIME time2; uint32 unknown2; uint32 unknown3; uint32 unknown4; [flag(NDR_ALIGN4)] DATA_BLOB _pad; } trustAuthInOutSecret2V1; typedef struct { NTTIME time1; uint32 unknown1; DATA_BLOB value; NTTIME time2; uint32 unknown2; uint32 unknown3; [flag(NDR_ALIGN4)] DATA_BLOB _pad; } trustAuthInOutSecret2V2; typedef struct { [relative] trustAuthInOutSecret2V1 *value1; [relative] trustAuthInOutSecret2V2 *value2; } trustAuthInOutCtr2; typedef [nodiscriminant] union { [case(1)] trustAuthInOutCtr1 ctr1; [case(2)] trustAuthInOutCtr2 ctr2; } trustAuthInOutCtr; typedef [public] struct { uint32 version; [switch_is(version)] trustAuthInOutCtr ctr; } trustAuthInOutBlob; void decode_trustAuthInOut( [in] trustAuthInOutBlob blob ); typedef [public] struct { uint32 marker; DATA_BLOB data; } DsCompressedChunk; typedef [public] struct { DsCompressedChunk chunks[5]; } DsCompressedBlob; void decode_DsCompressed( [in] DsCompressedBlob blob ); }