summaryrefslogtreecommitdiffstats
path: root/source3/librpc/idl/secrets.idl
diff options
context:
space:
mode:
Diffstat (limited to 'source3/librpc/idl/secrets.idl')
-rw-r--r--source3/librpc/idl/secrets.idl131
1 files changed, 131 insertions, 0 deletions
diff --git a/source3/librpc/idl/secrets.idl b/source3/librpc/idl/secrets.idl
new file mode 100644
index 0000000..2c06fa6
--- /dev/null
+++ b/source3/librpc/idl/secrets.idl
@@ -0,0 +1,131 @@
+#include "idl_types.h"
+
+import "misc.idl", "samr.idl", "lsa.idl", "netlogon.idl", "security.idl";
+
+/*
+ IDL structures for secrets code
+*/
+
+[
+ pointer_default(unique)
+]
+ interface secrets
+{
+
+ /*
+ * s3 on-disc storage structure for trusted domains, do not change !
+ */
+
+ typedef [flag(NDR_NOALIGN),public] struct {
+ [value(strlen_m_term(uni_name))] uint32 uni_name_len;
+ [charset(UTF16)] uint16 uni_name[32]; /* unicode domain name */
+ [value(strlen(pass))] uint32 pass_len;
+ astring pass; /* trust relationship's password */
+ time_t mod_time;
+ dom_sid domain_sid; /* remote domain's sid */
+ } TRUSTED_DOM_PASS;
+
+ /*
+ * s3 on-disc storage structure for lsa secrets, do not change !
+ */
+
+ typedef [public] struct {
+ DATA_BLOB *secret_current;
+ NTTIME secret_current_lastchange;
+ DATA_BLOB *secret_old;
+ NTTIME secret_old_lastchange;
+ security_descriptor *sd;
+ } lsa_secret;
+
+ /*
+ * This is the on-disc format the workstation trust.
+ *
+ * DO NOT CHANGE
+ * without changing secrets_domain_info_version
+ * and adding glue code. Discuss on samba-technical
+ * first!
+ */
+ typedef struct {
+ uint32 keytype;
+ uint32 iteration_count;
+ [flag(NDR_SECRET)] DATA_BLOB value;
+ } secrets_domain_info1_kerberos_key;
+
+ typedef struct {
+ NTTIME change_time;
+ [string,charset(UTF16)] uint16 change_server[];
+
+ [flag(NDR_SECRET)] DATA_BLOB cleartext_blob;
+ [flag(NDR_SECRET)] samr_Password nt_hash;
+
+ [string,charset(UTF16)] uint16 *salt_data;
+ uint32 default_iteration_count;
+ uint16 num_keys;
+ secrets_domain_info1_kerberos_key keys[num_keys];
+ } secrets_domain_info1_password;
+
+ typedef struct {
+ NTSTATUS local_status;
+ NTSTATUS remote_status;
+ NTTIME change_time;
+ [string,charset(UTF16)] uint16 change_server[];
+ [ref] secrets_domain_info1_password *password;
+ } secrets_domain_info1_change;
+
+ typedef [public] struct {
+ [value(0)] hyper reserved_flags;
+
+ NTTIME join_time;
+
+ [string,charset(UTF16)] uint16 computer_name[];
+ [string,charset(UTF16)] uint16 account_name[];
+ netr_SchannelType secure_channel_type;
+
+ lsa_DnsDomainInfo domain_info;
+ netr_TrustFlags trust_flags;
+ lsa_TrustType trust_type;
+ lsa_TrustAttributes trust_attributes;
+
+ /*
+ * This is unused currently, it might
+ * be useful to implement multi-tenancy (joining multiple domains)
+ * in future.
+ *
+ * Or we could use it to do other filtering of domains.
+ */
+ [value(NULL)] lsa_ForestTrustInformation *reserved_routing;
+
+ kerb_EncTypes supported_enc_types;
+ [string,charset(UTF16)] uint16 *salt_principal;
+
+ NTTIME password_last_change;
+ hyper password_changes;
+ secrets_domain_info1_change *next_change;
+
+ [ref] secrets_domain_info1_password *password;
+ secrets_domain_info1_password *old_password;
+ secrets_domain_info1_password *older_password;
+ } secrets_domain_info1;
+
+ typedef [v1_enum] enum {
+ SECRETS_DOMAIN_INFO_VERSION_1 = 0x00000001
+ } secrets_domain_info_version;
+
+ /*
+ * If we ever need to change this we need to
+ * change secrets_domain_info into
+ * secrets_domain_info_v1
+ */
+ typedef union {
+ [case(SECRETS_DOMAIN_INFO_VERSION_1)]
+ secrets_domain_info1 *info1;
+ [default];
+ } secrets_domain_infoU;
+
+ typedef [public] struct {
+ secrets_domain_info_version version;
+ [value(0)] uint32 reserved;
+ [switch_is(version)] secrets_domain_infoU info;
+ } secrets_domain_infoB;
+}
+