1 files changed, 131 insertions, 0 deletions
diff --git a/source3/librpc/idl/secrets.idl b/source3/librpc/idl/secrets.idl
new file mode 100644
index 0000000..2c06fa6
--- /dev/null
+++ b/source3/librpc/idl/secrets.idl
@@ -0,0 +1,131 @@
+#include "idl_types.h"
+
+import "misc.idl", "samr.idl", "lsa.idl", "netlogon.idl", "security.idl";
+
+/*
+   IDL structures for secrets code
+*/
+
+[
+	pointer_default(unique)
+]
+	interface secrets
+{
+
+	/*
+	 * s3 on-disc storage structure for trusted domains, do not change !
+	 */
+
+	typedef [flag(NDR_NOALIGN),public] struct {
+		[value(strlen_m_term(uni_name))] uint32 uni_name_len;
+		[charset(UTF16)] uint16 uni_name[32]; /* unicode domain name */
+		[value(strlen(pass))] uint32 pass_len;
+		astring pass;		/* trust relationship's password */
+		time_t mod_time;
+		dom_sid domain_sid;	/* remote domain's sid */
+	} TRUSTED_DOM_PASS;
+
+	/*
+	 * s3 on-disc storage structure for lsa secrets, do not change !
+	 */
+
+	typedef [public] struct {
+		DATA_BLOB *secret_current;
+		NTTIME secret_current_lastchange;
+		DATA_BLOB *secret_old;
+		NTTIME secret_old_lastchange;
+		security_descriptor *sd;
+	} lsa_secret;
+
+	/*
+	 * This is the on-disc format the workstation trust.
+	 *
+	 * DO NOT CHANGE
+	 * without changing secrets_domain_info_version
+	 * and adding glue code. Discuss on samba-technical
+	 * first!
+	 */
+	typedef struct {
+		uint32 keytype;
+		uint32 iteration_count;
+		[flag(NDR_SECRET)] DATA_BLOB value;
+	} secrets_domain_info1_kerberos_key;
+
+	typedef struct {
+		NTTIME change_time;
+		[string,charset(UTF16)] uint16 change_server[];
+
+		[flag(NDR_SECRET)] DATA_BLOB cleartext_blob;
+		[flag(NDR_SECRET)] samr_Password nt_hash;
+
+		[string,charset(UTF16)] uint16 *salt_data;
+		uint32 default_iteration_count;
+		uint16 num_keys;
+		secrets_domain_info1_kerberos_key keys[num_keys];
+	} secrets_domain_info1_password;
+
+	typedef struct {
+		NTSTATUS local_status;
+		NTSTATUS remote_status;
+		NTTIME change_time;
+		[string,charset(UTF16)] uint16 change_server[];
+		[ref] secrets_domain_info1_password *password;
+	} secrets_domain_info1_change;
+
+	typedef [public] struct {
+		[value(0)] hyper reserved_flags;
+
+		NTTIME join_time;
+
+		[string,charset(UTF16)] uint16 computer_name[];
+		[string,charset(UTF16)] uint16 account_name[];
+		netr_SchannelType secure_channel_type;
+
+		lsa_DnsDomainInfo domain_info;
+		netr_TrustFlags trust_flags;
+		lsa_TrustType trust_type;
+		lsa_TrustAttributes trust_attributes;
+
+		/*
+		 * This is unused currently, it might
+		 * be useful to implement multi-tenancy (joining multiple domains)
+		 * in future.
+		 *
+		 * Or we could use it to do other filtering of domains.
+		 */
+		[value(NULL)] lsa_ForestTrustInformation *reserved_routing;
+
+		kerb_EncTypes supported_enc_types;
+		[string,charset(UTF16)] uint16 *salt_principal;
+
+		NTTIME password_last_change;
+		hyper password_changes;
+		secrets_domain_info1_change *next_change;
+
+		[ref] secrets_domain_info1_password *password;
+		secrets_domain_info1_password *old_password;
+		secrets_domain_info1_password *older_password;
+	} secrets_domain_info1;
+
+	typedef [v1_enum] enum {
+		SECRETS_DOMAIN_INFO_VERSION_1 = 0x00000001
+	} secrets_domain_info_version;
+
+	/*
+	 * If we ever need to change this we need to
+	 * change secrets_domain_info into
+	 * secrets_domain_info_v1
+	 */
+	typedef union {
+		[case(SECRETS_DOMAIN_INFO_VERSION_1)]
+			secrets_domain_info1 *info1;
+		[default];
+	} secrets_domain_infoU;
+
+	typedef [public] struct {
+		secrets_domain_info_version version;
+		[value(0)] uint32 reserved;
+		[switch_is(version)] secrets_domain_infoU info;
+	} secrets_domain_infoB;
+}
+