#include "idl_types.h"
-import "drsuapi.idl";
+import "drsuapi.idl", "misc.idl", "samr.idl", "lsa.idl";
[
uuid("12345778-1234-abcd-0001-00000001"),
helpstring("Active Directory Replication LDAP Blobs")
]
interface drsblobs {
- declare bitmap drsuapi_DsReplicaSyncOptions;
- declare bitmap drsuapi_DsReplicaNeighbourFlags;
- declare [v1_enum] enum drsuapi_DsAttributeId;
-
+ typedef bitmap drsuapi_DsReplicaSyncOptions drsuapi_DsReplicaSyncOptions;
+ typedef bitmap drsuapi_DsReplicaNeighbourFlags drsuapi_DsReplicaNeighbourFlags;
+ typedef [v1_enum] enum drsuapi_DsAttributeId drsuapi_DsAttributeId;
+ typedef [v1_enum] enum lsa_TrustAuthType lsa_TrustAuthType;
/*
* replPropertyMetaData
* w2k uses version 1
typedef struct {
drsuapi_DsAttributeId attid;
uint32 version;
- NTTIME_1sec orginating_time;
- GUID orginating_invocation_id;
- hyper orginating_usn;
+ NTTIME_1sec originating_change_time;
+ GUID originating_invocation_id;
+ hyper originating_usn;
hyper local_usn;
} replPropertyMetaData1;
* w2k3 uses version 1
*/
typedef [public,gensize] struct {
- asclstr dns_name;
+ [value(strlen(dns_name)+1)] uint32 __dns_name_size;
+ [charset(DOS)] uint8 dns_name[__dns_name_size];
} repsFromTo1OtherInfo;
typedef [public,gensize,flag(NDR_PAHEX)] struct {
/* this includes the 8 bytes of the repsFromToBlob header */
- [value(ndr_size_repsFromTo1(r, ndr->flags)+8)] uint32 blobsize;
+ [value(ndr_size_repsFromTo1(this, ndr->flags)+8)] uint32 blobsize;
uint32 consecutive_sync_failures;
NTTIME_1sec last_success;
NTTIME_1sec last_attempt;
* prefixMap
* w2k unknown
* w2k3 unknown
- * samba4 uses 0x44544442 'DSDB'
+ * samba4 uses 0x44534442 'DSDB'
*
* as we windows don't return the prefixMap attribute when you ask for
* we don't know the format, but the attribute is not replicated
* so that we can choose our own format...
*/
typedef [v1_enum] enum {
- PREFIX_MAP_VERSION_DSDB = 0x44544442
+ PREFIX_MAP_VERSION_DSDB = 0x44534442
} prefixMapVersion;
typedef [nodiscriminant] union {
[in] ldapControlDirSyncCookie cookie
);
- typedef [public] struct {
- uint16 name_len;
- uint16 data_len;
- uint16 id;
+ typedef struct {
+ [value(2*strlen_m(name))] uint16 name_len;
+ [value(strlen(data))] uint16 data_len;
+ uint16 reserved; /* 2 for 'Packages', 1 for 'Primary:*', but should be ignored */
[charset(UTF16)] uint8 name[name_len];
- uint8 data[data_len];
+ /*
+ * the data field contains data as HEX strings
+ *
+ * 'Packages':
+ * data contains the list of packages
+ * as non termiated UTF16 strings with
+ * a UTF16 NULL byte as separator
+ *
+ * 'Primary:Kerberos-Newer-Keys':
+ * ...
+ *
+ * 'Primary:Kerberos':
+ * ...
+ *
+ * 'Primary:WDigest':
+ * ...
+ *
+ * 'Primary:CLEARTEXT':
+ * data contains the cleartext password
+ * as UTF16 string encoded as HEX string
+ */
+ [charset(DOS)] uint8 data[data_len];
} supplementalCredentialsPackage;
- typedef [public] struct {
- uint32 unknown1;
- [charset(UTF16)] uint16 unknown2[0x30];
- uint16 unknown3;
+ /* this are 0x30 (48) whitespaces (0x20) */
+ const string SUPPLEMENTAL_CREDENTIALS_PREFIX = " ";
+
+ typedef [flag(NDR_PAHEX)] enum {
+ SUPPLEMENTAL_CREDENTIALS_SIGNATURE = 0x0050
+ } supplementalCredentialsSignature;
+
+ typedef [gensize] struct {
+ [value(SUPPLEMENTAL_CREDENTIALS_PREFIX),charset(UTF16)] uint16 prefix[0x30];
+ [value(SUPPLEMENTAL_CREDENTIALS_SIGNATURE)] supplementalCredentialsSignature signature;
uint16 num_packages;
supplementalCredentialsPackage packages[num_packages];
} supplementalCredentialsSubBlob;
typedef [public] struct {
- [value(0)] uint32 version;
- [subcontext(4)] supplementalCredentialsSubBlob sub;
+ [value(0)] uint32 unknown1;
+ [value(ndr_size_supplementalCredentialsSubBlob(&sub, ndr->flags))] uint32 __ndr_size;
+ [value(0)] uint32 unknown2;
+ [subcontext(0),subcontext_size(__ndr_size)] supplementalCredentialsSubBlob sub;
+ [value(0)] uint8 unknown3;
} supplementalCredentialsBlob;
void decode_supplementalCredentials(
[in] supplementalCredentialsBlob blob
);
+ typedef [public] struct {
+ [flag(STR_NOTERM|NDR_REMAINING)] string_array names;
+ } package_PackagesBlob;
+
+ void decode_Packages(
+ [in] package_PackagesBlob blob
+ );
+
+ typedef struct {
+ [value(2*strlen_m(string))] uint16 length;
+ [value(2*strlen_m(string))] uint16 size;
+ [relative,subcontext(0),subcontext_size(size),flag(STR_NOTERM|NDR_REMAINING)] string *string;
+ } package_PrimaryKerberosString;
+
+ typedef struct {
+ [value(0)] uint16 reserved1;
+ [value(0)] uint16 reserved2;
+ [value(0)] uint32 reserved3;
+ uint32 keytype;
+ [value((value?value->length:0))] uint32 value_len;
+ [relative,subcontext(0),subcontext_size(value_len),flag(NDR_REMAINING)] DATA_BLOB *value;
+ } package_PrimaryKerberosKey3;
+
+ typedef struct {
+ uint16 num_keys;
+ uint16 num_old_keys;
+ package_PrimaryKerberosString salt;
+ package_PrimaryKerberosKey3 keys[num_keys];
+ package_PrimaryKerberosKey3 old_keys[num_old_keys];
+ [value(0)] uint32 padding1;
+ [value(0)] uint32 padding2;
+ [value(0)] uint32 padding3;
+ [value(0)] uint32 padding4;
+ [value(0)] uint32 padding5;
+ } package_PrimaryKerberosCtr3;
+
+ typedef struct {
+ [value(0)] uint16 reserved1;
+ [value(0)] uint16 reserved2;
+ [value(0)] uint32 reserved3;
+ uint32 iteration_count;
+ uint32 keytype;
+ [value((value?value->length:0))] uint32 value_len;
+ [relative,subcontext(0),subcontext_size(value_len),flag(NDR_REMAINING)] DATA_BLOB *value;
+ } package_PrimaryKerberosKey4;
+
+ typedef struct {
+ uint16 num_keys;
+ [value(0)] uint16 num_service_keys;
+ uint16 num_old_keys;
+ uint16 num_older_keys;
+ package_PrimaryKerberosString salt;
+ uint32 default_iteration_count;
+ package_PrimaryKerberosKey4 keys[num_keys];
+ package_PrimaryKerberosKey4 service_keys[num_service_keys];
+ package_PrimaryKerberosKey4 old_keys[num_old_keys];
+ package_PrimaryKerberosKey4 older_keys[num_older_keys];
+ } package_PrimaryKerberosCtr4;
+
+ typedef [nodiscriminant] union {
+ [case(3)] package_PrimaryKerberosCtr3 ctr3;
+ [case(4)] package_PrimaryKerberosCtr4 ctr4;
+ } package_PrimaryKerberosCtr;
+
+ typedef [public] struct {
+ uint16 version;
+ [value(0)] uint16 flags;
+ [switch_is(version)] package_PrimaryKerberosCtr ctr;
+ } package_PrimaryKerberosBlob;
+
+ void decode_PrimaryKerberos(
+ [in] package_PrimaryKerberosBlob blob
+ );
+
+ typedef [public] struct {
+ [flag(STR_NOTERM|NDR_REMAINING)] string cleartext;
+ } package_PrimaryCLEARTEXTBlob;
+
+ void decode_PrimaryCLEARTEXT(
+ [in] package_PrimaryCLEARTEXTBlob blob
+ );
+
+ typedef [flag(NDR_PAHEX)] struct {
+ uint8 hash[16];
+ } package_PrimaryWDigestHash;
+
+ typedef [public] struct {
+ [value(0x31)] uint16 unknown1;
+ [value(0x01)] uint8 unknown2;
+ uint8 num_hashes;
+ [value(0)] uint32 unknown3;
+ [value(0)] udlong uuknown4;
+ package_PrimaryWDigestHash hashes[num_hashes];
+ } package_PrimaryWDigestBlob;
+
+ void decode_PrimaryWDigest(
+ [in] package_PrimaryWDigestBlob blob
+ );
+
+ typedef struct {
+ [value(0)] uint32 size;
+ } AuthInfoNone;
+
+ typedef struct {
+ [value(16)] uint32 size;
+ samr_Password password;
+ } AuthInfoNT4Owf;
+
+ /*
+ * the secret value is encoded as UTF16 if it's a string
+ * but depending the AuthType, it might also be krb5 trusts have random bytes here, so converting to UTF16
+ * mayfail...
+ *
+ * TODO: We should try handle the case of a random buffer in all places
+ * we deal with cleartext passwords from windows
+ *
+ * so we don't use this:
+ *
+ * uint32 value_len;
+ * [charset(UTF16)] uint8 value[value_len];
+ */
+
+ typedef struct {
+ uint32 size;
+ uint8 password[size];
+ } AuthInfoClear;
+
+ typedef struct {
+ [value(4)] uint32 size;
+ uint32 version;
+ } AuthInfoVersion;
+
+ typedef [nodiscriminant] union {
+ [case(TRUST_AUTH_TYPE_NONE)] AuthInfoNone none;
+ [case(TRUST_AUTH_TYPE_NT4OWF)] AuthInfoNT4Owf nt4owf;
+ [case(TRUST_AUTH_TYPE_CLEAR)] AuthInfoClear clear;
+ [case(TRUST_AUTH_TYPE_VERSION)] AuthInfoVersion version;
+ } AuthInfo;
+
+ typedef [public] struct {
+ NTTIME LastUpdateTime;
+ lsa_TrustAuthType AuthType;
+
+ [switch_is(AuthType)] AuthInfo AuthInfo;
+ [flag(NDR_ALIGN4)] DATA_BLOB _pad;
+ } AuthenticationInformation;
+
+ typedef [nopull,nopush,noprint] struct {
+ /* sizeis here is bogus, but this is here just for the structure */
+ [size_is(1)] AuthenticationInformation array[];
+ } AuthenticationInformationArray;
+
+ /* This is nopull,nopush because we pass count down to the
+ * manual parser of AuthenticationInformationArray */
+ typedef [public,nopull,nopush,noprint,gensize] struct {
+ uint32 count;
+ [relative] AuthenticationInformationArray *current;
+ [relative] AuthenticationInformationArray *previous;
+ } trustAuthInOutBlob;
+
+ void decode_trustAuthInOut(
+ [in] trustAuthInOutBlob blob
+ );
+
+ typedef [public,gensize] struct {
+ uint32 count;
+ [relative] AuthenticationInformation *current[count];
+ } trustCurrentPasswords;
+
+ typedef [public,nopull] struct {
+ uint8 confounder[512];
+ [subcontext(0),subcontext_size(outgoing_size)] trustCurrentPasswords outgoing;
+ [subcontext(0),subcontext_size(incoming_size)] trustCurrentPasswords incoming;
+ [value(ndr_size_trustCurrentPasswords(&outgoing, ndr->flags))] uint32 outgoing_size;
+ [value(ndr_size_trustCurrentPasswords(&incoming, ndr->flags))] uint32 incoming_size;
+ } trustDomainPasswords;
+
+ void decode_trustDomainPasswords(
+ [in] trustDomainPasswords blob
+ );
+
typedef [public] struct {
uint32 marker;
DATA_BLOB data;
} DsCompressedChunk;
+ typedef struct {
+ uint16 __size;
+ [size_is(__size),charset(DOS)] uint8 *string;
+ } ExtendedErrorAString;
+
+ typedef struct {
+ uint16 __size;
+ [size_is(__size),charset(UTF16)] uint16 *string;
+ } ExtendedErrorUString;
+
+ typedef struct {
+ uint16 length;
+ [size_is(length)] uint8 *data;
+ } ExtendedErrorBlob;
+
+ typedef enum {
+ EXTENDED_ERROR_COMPUTER_NAME_PRESENT = 1,
+ EXTENDED_ERROR_COMPUTER_NAME_NOT_PRESENT= 2
+ } ExtendedErrorComputerNamePresent;
+
+ typedef [switch_type(ExtendedErrorComputerNamePresent)] union {
+ [case(EXTENDED_ERROR_COMPUTER_NAME_PRESENT)] ExtendedErrorUString name;
+ [case(EXTENDED_ERROR_COMPUTER_NAME_NOT_PRESENT)];
+ } ExtendedErrorComputerNameU;
+
+ typedef struct {
+ ExtendedErrorComputerNamePresent present;
+ [switch_is(present)] ExtendedErrorComputerNameU n;
+ } ExtendedErrorComputerName;
+
+ typedef enum {
+ EXTENDED_ERROR_PARAM_TYPE_ASCII_STRING = 1,
+ EXTENDED_ERROR_PARAM_TYPE_UNICODE_STRING = 2,
+ EXTENDED_ERROR_PARAM_TYPE_UINT32 = 3,
+ EXTENDED_ERROR_PARAM_TYPE_UINT16 = 4,
+ EXTENDED_ERROR_PARAM_TYPE_UINT64 = 5,
+ EXTENDED_ERROR_PARAM_TYPE_NONE = 6,
+ EXTENDED_ERROR_PARAM_TYPE_BLOB = 7
+ } ExtendedErrorParamType;
+
+ typedef [switch_type(ExtendedErrorParamType)] union {
+ [case(EXTENDED_ERROR_PARAM_TYPE_ASCII_STRING)] ExtendedErrorAString a_string;
+ [case(EXTENDED_ERROR_PARAM_TYPE_UNICODE_STRING)] ExtendedErrorUString u_string;
+ [case(EXTENDED_ERROR_PARAM_TYPE_UINT32)] uint32 uint32;
+ [case(EXTENDED_ERROR_PARAM_TYPE_UINT16)] uint16 uint16;
+ [case(EXTENDED_ERROR_PARAM_TYPE_UINT64)] hyper uint64;
+ [case(EXTENDED_ERROR_PARAM_TYPE_NONE)];
+ [case(EXTENDED_ERROR_PARAM_TYPE_BLOB)] ExtendedErrorBlob blob;
+ } ExtendedErrorParamU;
+
+ typedef struct {
+ ExtendedErrorParamType type;
+ [switch_is(type)] ExtendedErrorParamU p;
+ } ExtendedErrorParam;
+
typedef [public] struct {
- DsCompressedChunk chunks[5];
- } DsCompressedBlob;
+ ExtendedErrorInfo *next;
+ ExtendedErrorComputerName computer_name;
+ hyper pid;
+ NTTIME time;
+ uint32 generating_component;
+ WERROR status;
+ uint16 detection_location;
+ uint16 flags;
+ uint16 num_params;
+ [size_is(num_params)] ExtendedErrorParam params[];
+ } ExtendedErrorInfo;
+
+ typedef struct {
+ [unique] ExtendedErrorInfo *info;
+ } ExtendedErrorInfoPtr;
- void decode_DsCompressed(
- [in] DsCompressedBlob blob
+ void decode_ExtendedErrorInfo (
+ [in,subcontext(0xFFFFFC01)] ExtendedErrorInfoPtr ptr
);
}