3 import "drsuapi.idl", "misc.idl", "samr.idl", "lsa.idl", "security.idl";
6 uuid("12345778-1234-abcd-0001-00000001"),
8 pointer_default(unique),
9 helper("../librpc/ndr/ndr_drsblobs.h"),
10 helpstring("Active Directory Replication LDAP Blobs")
13 typedef bitmap drsuapi_DrsOptions drsuapi_DrsOptions;
14 typedef [v1_enum] enum drsuapi_DsAttributeId drsuapi_DsAttributeId;
15 typedef [v1_enum] enum lsa_TrustAuthType lsa_TrustAuthType;
17 * replPropertyMetaData
22 * MS-DRSR 4.1.10.2.22 PROPERTY_META_DATA
24 typedef [public] struct {
25 drsuapi_DsAttributeId attid;
27 NTTIME_1sec originating_change_time;
28 GUID originating_invocation_id;
29 hyper originating_usn;
31 } replPropertyMetaData1;
33 void decode_replPropertyMetaData1(
34 [in] replPropertyMetaData1 blob
39 [value(0)] uint32 reserved;
40 replPropertyMetaData1 array[count];
41 } replPropertyMetaDataCtr1;
43 typedef [nodiscriminant] union {
44 [case(1)] replPropertyMetaDataCtr1 ctr1;
45 } replPropertyMetaDataCtr;
47 typedef [public] struct {
49 [value(0)] uint32 reserved;
50 [switch_is(version)] replPropertyMetaDataCtr ctr;
51 } replPropertyMetaDataBlob;
53 void decode_replPropertyMetaData(
54 [in] replPropertyMetaDataBlob blob
64 [value(0)] uint32 reserved;
65 drsuapi_DsReplicaCursor cursors[count];
66 } replUpToDateVectorCtr1;
70 [value(0)] uint32 reserved;
71 drsuapi_DsReplicaCursor2 cursors[count];
72 } replUpToDateVectorCtr2;
74 typedef [nodiscriminant] union {
75 [case(1)] replUpToDateVectorCtr1 ctr1;
76 [case(2)] replUpToDateVectorCtr2 ctr2;
77 } replUpToDateVectorCtr;
79 typedef [public] struct {
81 [value(0)] uint32 reserved;
82 [switch_is(version)] replUpToDateVectorCtr ctr;
83 } replUpToDateVectorBlob;
85 void decode_replUpToDateVector(
86 [in] replUpToDateVectorBlob blob
95 typedef [public,gensize] struct {
96 [value(strlen(dns_name)+1)] uint32 __dns_name_size;
97 [charset(DOS)] uint8 dns_name[__dns_name_size];
98 } repsFromTo1OtherInfo;
100 typedef [public,gensize,flag(NDR_PAHEX)] struct {
101 /* this includes the 8 bytes of the repsFromToBlob header */
102 [value(ndr_size_repsFromTo1(this, ndr->flags)+8)] uint32 blobsize;
103 uint32 consecutive_sync_failures;
104 NTTIME_1sec last_success;
105 NTTIME_1sec last_attempt;
106 WERROR result_last_attempt;
107 [relative] repsFromTo1OtherInfo *other_info;
108 [value(ndr_size_repsFromTo1OtherInfo(other_info, ndr->flags))] uint32 other_info_length;
109 drsuapi_DrsOptions replica_flags;
111 [value(0)] uint32 reserved;
112 drsuapi_DsReplicaHighWaterMark highwatermark;
113 GUID source_dsa_obj_guid; /* the 'objectGuid' field of the CN=NTDS Settings object */
114 GUID source_dsa_invocation_id; /* the 'invocationId' field of the CN=NTDS Settings object */
118 typedef [public,relative_base,gensize] struct {
119 [value(ndr_size_repsFromTo2OtherInfo(this,ndr->flags))]
121 [relative] nstring *dns_name1;
123 [relative] nstring *dns_name2;
125 } repsFromTo2OtherInfo;
127 typedef [public,gensize,flag(NDR_PAHEX)] struct {
128 /* this includes the 8 bytes of the repsFromToBlob header */
129 [value(ndr_size_repsFromTo2(this, ndr->flags)+8)] uint32 blobsize;
130 uint32 consecutive_sync_failures;
131 NTTIME_1sec last_success;
132 NTTIME_1sec last_attempt;
133 WERROR result_last_attempt;
134 [relative] repsFromTo2OtherInfo *other_info;
135 [value(ndr_size_repsFromTo2OtherInfo(other_info, ndr->flags))] uint32 other_info_length;
136 drsuapi_DrsOptions replica_flags;
138 [value(0)] uint32 reserved;
139 drsuapi_DsReplicaHighWaterMark highwatermark;
140 GUID source_dsa_obj_guid; /* the 'objectGuid' field of the CN=NTDS Settings object */
141 GUID source_dsa_invocation_id; /* the 'invocationId' field of the CN=NTDS Settings object */
146 typedef [nodiscriminant] union {
147 [case(1)] repsFromTo1 ctr1;
148 [case(2)] repsFromTo2 ctr2;
151 typedef [public] struct {
153 [value(0)] uint32 reserved;
154 [switch_is(version)] repsFromTo ctr;
157 void decode_repsFromTo(
158 [in] repsFromToBlob blob
161 /* Replication schedule structures as defined in MS-ADTS 7.1.4.5
162 * Appears as attribute of NTDSConnection object
164 typedef [public] struct {
165 [value(0)] uint32 type; /* always 0 */
169 typedef [public] struct {
173 typedef [public] struct {
175 [value(0)] uint32 bandwidth; /* ignored */
176 [value(1)] uint32 numberOfSchedules; /* always 1 */
177 scheduleHeader headerArray[numberOfSchedules];
178 scheduleSlots dataArray[numberOfSchedules];
182 * partialAttributeSet
184 * w2k3 uses version 1
188 drsuapi_DsAttributeId array[count];
189 } partialAttributeSetCtr1;
191 typedef [nodiscriminant] union {
192 [case(1)] partialAttributeSetCtr1 ctr1;
193 } partialAttributeSetCtr;
195 typedef [public] struct {
197 [value(0)] uint32 reserved;
198 [switch_is(version)] partialAttributeSetCtr ctr;
199 } partialAttributeSetBlob;
201 void decode_partialAttributeSet(
202 [in] partialAttributeSetBlob blob
207 * schemaInfo attribute
209 * Used as an attribute on Schema.
210 * Also during replication as part of
211 * prefixMap to identify what revision
212 * of Schema source DC has
214 typedef [public,flag(NDR_NOALIGN)] struct {
215 [value(0xFF)] uint8 marker;
216 [flag(NDR_BIG_ENDIAN)] uint32 revision;
222 * MS w2k3 and w2k8 prefixMap format
223 * There is no version number. Format is:
224 * uint32 - number of entries in the map
225 * uint32 - total bytes that structure occupies
227 * uint16 - prefix ID (OID's last sub-id encoded. see prefixMap)
228 * uint16 - number of bytes in prefix N
229 * uint8[N] - BER encoded prefix
231 typedef [noprint,flag(NDR_NOALIGN)] struct {
234 uint8 binary_oid[length];
235 } drsuapi_MSPrefixMap_Entry;
237 typedef [public,gensize] struct {
239 [value(ndr_size_drsuapi_MSPrefixMap_Ctr(r, ndr->flags))] uint32 __ndr_size;
240 drsuapi_MSPrefixMap_Entry entries[num_entries];
241 } drsuapi_MSPrefixMap_Ctr;
247 * samba4 uses 0x44534442 'DSDB'
249 * as we windows don't return the prefixMap attribute when you ask for
250 * we don't know the format, but the attribute is not replicated
251 * so that we can choose our own format...
253 typedef [v1_enum] enum {
254 PREFIX_MAP_VERSION_DSDB = 0x44534442
257 typedef [nodiscriminant] union {
258 [case(PREFIX_MAP_VERSION_DSDB)] drsuapi_DsReplicaOIDMapping_Ctr dsdb;
261 typedef [public] struct {
262 prefixMapVersion version;
263 [value(0)] uint32 reserved;
264 [switch_is(version)] prefixMapCtr ctr;
267 void decode_prefixMap(
268 [in] prefixMapBlob blob
273 * the cookie for the LDAP dirsync control
275 typedef [nodiscriminant,gensize] union {
277 [default] replUpToDateVectorBlob uptodateness_vector;
278 } ldapControlDirSyncExtra;
281 [value(3)] uint32 u1;
285 [value(ndr_size_ldapControlDirSyncExtra(&extra, extra.uptodateness_vector.version, 0))]
287 drsuapi_DsReplicaHighWaterMark highwatermark;
289 [switch_is(extra_length)] ldapControlDirSyncExtra extra;
290 } ldapControlDirSyncBlob;
292 typedef [public,relative_base] struct {
293 [charset(DOS),value("MSDS")] uint8 msds[4];
294 [subcontext(0)] ldapControlDirSyncBlob blob;
295 } ldapControlDirSyncCookie;
297 void decode_ldapControlDirSync(
298 [in] ldapControlDirSyncCookie cookie
301 typedef [public] struct {
302 [value(2*strlen_m(name))] uint16 name_len;
303 [value(strlen(data))] uint16 data_len;
304 uint16 reserved; /* 2 for 'Packages', 1 for 'Primary:*', but should be ignored */
305 [charset(UTF16)] uint8 name[name_len];
307 * the data field contains data as HEX strings
310 * data contains the list of packages
311 * as non termiated UTF16 strings with
312 * a UTF16 NULL byte as separator
314 * 'Primary:Kerberos-Newer-Keys':
317 * 'Primary:Kerberos':
323 * 'Primary:CLEARTEXT':
324 * data contains the cleartext password
325 * as UTF16 string encoded as HEX string
327 [charset(DOS)] uint8 data[data_len];
328 } supplementalCredentialsPackage;
330 /* this are 0x30 (48) whitespaces (0x20) */
331 const string SUPPLEMENTAL_CREDENTIALS_PREFIX = " ";
333 typedef [flag(NDR_PAHEX),public] enum {
334 SUPPLEMENTAL_CREDENTIALS_SIGNATURE = 0x0050
335 } supplementalCredentialsSignature;
337 typedef [gensize,nopush,nopull] struct {
338 [value(SUPPLEMENTAL_CREDENTIALS_PREFIX),charset(UTF16)] uint16 prefix[0x30];
339 [value(SUPPLEMENTAL_CREDENTIALS_SIGNATURE)] supplementalCredentialsSignature signature;
341 supplementalCredentialsPackage packages[num_packages];
342 } supplementalCredentialsSubBlob;
344 typedef [public] struct {
345 [value(0)] uint32 unknown1;
346 [value(ndr_size_supplementalCredentialsSubBlob(&sub, ndr->flags))] uint32 __ndr_size;
347 [value(0)] uint32 unknown2;
348 [subcontext(0),subcontext_size(__ndr_size)] supplementalCredentialsSubBlob sub;
349 [value(0)] uint8 unknown3;
350 } supplementalCredentialsBlob;
352 void decode_supplementalCredentials(
353 [in] supplementalCredentialsBlob blob
356 typedef [public] struct {
357 [flag(STR_NOTERM|NDR_REMAINING)] string_array names;
358 } package_PackagesBlob;
360 void decode_Packages(
361 [in] package_PackagesBlob blob
365 [value(2*strlen_m(string))] uint16 length;
366 [value(2*strlen_m(string))] uint16 size;
367 [relative,subcontext(0),subcontext_size(size),flag(STR_NOTERM|NDR_REMAINING)] string *string;
368 } package_PrimaryKerberosString;
371 [value(0)] uint16 reserved1;
372 [value(0)] uint16 reserved2;
373 [value(0)] uint32 reserved3;
375 [value((value?value->length:0))] uint32 value_len;
376 [relative,subcontext(0),subcontext_size(value_len),flag(NDR_REMAINING)] DATA_BLOB *value;
377 } package_PrimaryKerberosKey3;
382 package_PrimaryKerberosString salt;
383 package_PrimaryKerberosKey3 keys[num_keys];
384 package_PrimaryKerberosKey3 old_keys[num_old_keys];
385 [value(0)] uint32 padding1;
386 [value(0)] uint32 padding2;
387 [value(0)] uint32 padding3;
388 [value(0)] uint32 padding4;
389 [value(0)] uint32 padding5;
390 } package_PrimaryKerberosCtr3;
393 [value(0)] uint16 reserved1;
394 [value(0)] uint16 reserved2;
395 [value(0)] uint32 reserved3;
396 uint32 iteration_count;
398 [value((value?value->length:0))] uint32 value_len;
399 [relative,subcontext(0),subcontext_size(value_len),flag(NDR_REMAINING)] DATA_BLOB *value;
400 } package_PrimaryKerberosKey4;
404 [value(0)] uint16 num_service_keys;
406 uint16 num_older_keys;
407 package_PrimaryKerberosString salt;
408 uint32 default_iteration_count;
409 package_PrimaryKerberosKey4 keys[num_keys];
410 package_PrimaryKerberosKey4 service_keys[num_service_keys];
411 package_PrimaryKerberosKey4 old_keys[num_old_keys];
412 package_PrimaryKerberosKey4 older_keys[num_older_keys];
413 } package_PrimaryKerberosCtr4;
415 typedef [nodiscriminant] union {
416 [case(3)] package_PrimaryKerberosCtr3 ctr3;
417 [case(4)] package_PrimaryKerberosCtr4 ctr4;
418 } package_PrimaryKerberosCtr;
420 typedef [public] struct {
422 [value(0)] uint16 flags;
423 [switch_is(version)] package_PrimaryKerberosCtr ctr;
424 } package_PrimaryKerberosBlob;
426 void decode_PrimaryKerberos(
427 [in] package_PrimaryKerberosBlob blob
430 typedef [public] struct {
431 [flag(NDR_REMAINING)] DATA_BLOB cleartext;
432 } package_PrimaryCLEARTEXTBlob;
434 void decode_PrimaryCLEARTEXT(
435 [in] package_PrimaryCLEARTEXTBlob blob
438 typedef [flag(NDR_PAHEX)] struct {
440 } package_PrimaryWDigestHash;
442 typedef [public] struct {
443 [value(0x31)] uint16 unknown1;
444 [value(0x01)] uint8 unknown2;
446 [value(0)] uint32 unknown3;
447 [value(0)] udlong uuknown4;
448 package_PrimaryWDigestHash hashes[num_hashes];
449 } package_PrimaryWDigestBlob;
451 void decode_PrimaryWDigest(
452 [in] package_PrimaryWDigestBlob blob
455 typedef [public] struct {
456 [flag(NDR_REMAINING)] DATA_BLOB gpg_blob;
457 } package_PrimarySambaGPGBlob;
459 void decode_PrimarySambaGPG(
460 [in] package_PrimarySambaGPGBlob blob
464 [value(0)] uint32 size;
468 [value(16)] uint32 size;
469 samr_Password password;
473 * the secret value is encoded as UTF16 if it's a string
474 * but depending the AuthType, it might also be krb5 trusts have random bytes here, so converting to UTF16
477 * TODO: We should try handle the case of a random buffer in all places
478 * we deal with cleartext passwords from windows
480 * so we don't use this:
483 * [charset(UTF16)] uint8 value[value_len];
488 uint8 password[size];
492 [value(4)] uint32 size;
496 typedef [nodiscriminant] union {
497 [case(TRUST_AUTH_TYPE_NONE)] AuthInfoNone none;
498 [case(TRUST_AUTH_TYPE_NT4OWF)] AuthInfoNT4Owf nt4owf;
499 [case(TRUST_AUTH_TYPE_CLEAR)] AuthInfoClear clear;
500 [case(TRUST_AUTH_TYPE_VERSION)] AuthInfoVersion version;
503 typedef [public] struct {
504 NTTIME LastUpdateTime;
505 lsa_TrustAuthType AuthType;
506 [switch_is(AuthType)] AuthInfo AuthInfo;
507 [flag(NDR_ALIGN4)] DATA_BLOB _pad;
508 } AuthenticationInformation;
510 /* count is not on the wire */
511 typedef [public,nopull,nopush,gensize] struct {
513 AuthenticationInformation array[count];
514 } AuthenticationInformationArray;
516 /* we cannot use [relative] pointers here because Windows expects the
517 * previous_offset to match the total size of the struct in case
518 * the previous array is empty, see MS-LSAD 2.2.7.16 - gd */
519 typedef [public,gensize,nopush] struct {
521 [value((count > 0) ? 12 : 0)] uint32 current_offset;
522 [value((count > 0) ? 12 + ndr_size_AuthenticationInformationArray(¤t, ndr->flags) : 0)] uint32 previous_offset;
523 [subcontext(0),subcontext_size((previous_offset)-(current_offset))] AuthenticationInformationArray current;
524 [subcontext(0)] [flag(NDR_REMAINING)] AuthenticationInformationArray previous;
525 } trustAuthInOutBlob;
527 [nopython] void decode_trustAuthInOut(
528 [in] trustAuthInOutBlob blob
531 typedef [public,nopull] struct {
532 uint8 confounder[512];
533 [subcontext(0),subcontext_size(outgoing_size)] trustAuthInOutBlob outgoing;
534 [subcontext(0),subcontext_size(incoming_size)] trustAuthInOutBlob incoming;
535 [value(ndr_size_trustAuthInOutBlob(&outgoing, ndr->flags))] uint32 outgoing_size;
536 [value(ndr_size_trustAuthInOutBlob(&incoming, ndr->flags))] uint32 incoming_size;
537 } trustDomainPasswords;
539 [nopython] void decode_trustDomainPasswords(
540 [in] trustDomainPasswords blob
543 typedef [public] struct {
550 [size_is(__size),charset(DOS)] uint8 *string;
551 } ExtendedErrorAString;
555 [size_is(__size),charset(UTF16)] uint16 *string;
556 } ExtendedErrorUString;
560 [size_is(length)] uint8 *data;
564 EXTENDED_ERROR_COMPUTER_NAME_PRESENT = 1,
565 EXTENDED_ERROR_COMPUTER_NAME_NOT_PRESENT= 2
566 } ExtendedErrorComputerNamePresent;
568 typedef [switch_type(ExtendedErrorComputerNamePresent)] union {
569 [case(EXTENDED_ERROR_COMPUTER_NAME_PRESENT)] ExtendedErrorUString name;
570 [case(EXTENDED_ERROR_COMPUTER_NAME_NOT_PRESENT)];
571 } ExtendedErrorComputerNameU;
574 ExtendedErrorComputerNamePresent present;
575 [switch_is(present)] ExtendedErrorComputerNameU n;
576 } ExtendedErrorComputerName;
579 EXTENDED_ERROR_PARAM_TYPE_ASCII_STRING = 1,
580 EXTENDED_ERROR_PARAM_TYPE_UNICODE_STRING = 2,
581 EXTENDED_ERROR_PARAM_TYPE_UINT32 = 3,
582 EXTENDED_ERROR_PARAM_TYPE_UINT16 = 4,
583 EXTENDED_ERROR_PARAM_TYPE_UINT64 = 5,
584 EXTENDED_ERROR_PARAM_TYPE_NONE = 6,
585 EXTENDED_ERROR_PARAM_TYPE_BLOB = 7
586 } ExtendedErrorParamType;
588 typedef [switch_type(ExtendedErrorParamType)] union {
589 [case(EXTENDED_ERROR_PARAM_TYPE_ASCII_STRING)] ExtendedErrorAString a_string;
590 [case(EXTENDED_ERROR_PARAM_TYPE_UNICODE_STRING)] ExtendedErrorUString u_string;
591 [case(EXTENDED_ERROR_PARAM_TYPE_UINT32)] uint32 uint32;
592 [case(EXTENDED_ERROR_PARAM_TYPE_UINT16)] uint16 uint16;
593 [case(EXTENDED_ERROR_PARAM_TYPE_UINT64)] hyper uint64;
594 [case(EXTENDED_ERROR_PARAM_TYPE_NONE)];
595 [case(EXTENDED_ERROR_PARAM_TYPE_BLOB)] ExtendedErrorBlob blob;
596 } ExtendedErrorParamU;
599 ExtendedErrorParamType type;
600 [switch_is(type)] ExtendedErrorParamU p;
601 } ExtendedErrorParam;
603 typedef [public] struct {
604 ExtendedErrorInfo *next;
605 ExtendedErrorComputerName computer_name;
608 uint32 generating_component;
610 uint16 detection_location;
613 [size_is(num_params)] ExtendedErrorParam params[];
617 [unique] ExtendedErrorInfo *info;
618 } ExtendedErrorInfoPtr;
620 [nopython] void decode_ExtendedErrorInfo (
621 [in,subcontext(0xFFFFFC01)] ExtendedErrorInfoPtr ptr
624 /* MS-ADTS 7.1.6.9.3 msDS-TrustForestTrustInfo Attribute */
627 [value(strlen_m(string))] uint32 size;
628 [charset(UTF8)] uint8 string[size];
631 typedef [flag(NDR_NOALIGN)] struct {
632 [value(ndr_size_dom_sid0(&sid, ndr->flags))] uint32 sid_size;
633 [subcontext(0),subcontext_size(sid_size)] dom_sid sid;
634 ForestTrustString dns_name;
635 ForestTrustString netbios_name;
636 } ForestTrustDataDomainInfo;
638 typedef [flag(NDR_NOALIGN)] struct {
641 } ForestTrustDataBinaryData;
643 typedef [nodiscriminant] union {
644 [case(FOREST_TRUST_TOP_LEVEL_NAME)] ForestTrustString name;
645 [case(FOREST_TRUST_TOP_LEVEL_NAME_EX)] ForestTrustString name;
646 [case(FOREST_TRUST_DOMAIN_INFO)] ForestTrustDataDomainInfo info;
647 [default] ForestTrustDataBinaryData data;
650 /* same as lsa_ForestTrustRecordType, but only 8 bit */
651 typedef [enum8bit] enum {
652 FOREST_TRUST_TOP_LEVEL_NAME = LSA_FOREST_TRUST_TOP_LEVEL_NAME,
653 FOREST_TRUST_TOP_LEVEL_NAME_EX = LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX,
654 FOREST_TRUST_DOMAIN_INFO = LSA_FOREST_TRUST_DOMAIN_INFO
655 } ForestTrustInfoRecordType;
657 /* meaning of flags depends on record type and values are
658 the same as in lsa.idl, see collision record types */
659 typedef [public,gensize,flag(NDR_NOALIGN)] struct {
660 lsa_ForestTrustRecordFlags flags;
662 ForestTrustInfoRecordType type;
663 [switch_is(type)] ForestTrustData data;
664 } ForestTrustInfoRecord;
666 typedef [flag(NDR_NOALIGN)] struct {
667 [value(ndr_size_ForestTrustInfoRecord(&record, ndr->flags))] uint32 record_size;
668 ForestTrustInfoRecord record;
669 } ForestTrustInfoRecordArmor;
671 typedef [public,flag(NDR_NOALIGN)] struct {
674 ForestTrustInfoRecordArmor records[count];
677 [nopython] void decode_ForestTrustInfo(
678 [in] ForestTrustInfo blob