#include "idl_types.h"

import "misc.idl", "samr.idl", "lsa.idl", "netlogon.idl", "security.idl";

/*
   IDL structures for secrets code
*/

[
	pointer_default(unique)
]
	interface secrets
{

	/*
	 * s3 on-disc storage structure for trusted domains, do not change !
	 */

	typedef [flag(NDR_NOALIGN),public] struct {
		[value(strlen_m_term(uni_name))] uint32 uni_name_len;
		[charset(UTF16)] uint16 uni_name[32]; /* unicode domain name */
		[value(strlen(pass))] uint32 pass_len;
		astring pass;		/* trust relationship's password */
		time_t mod_time;
		dom_sid domain_sid;	/* remote domain's sid */
	} TRUSTED_DOM_PASS;

	/*
	 * s3 on-disc storage structure for lsa secrets, do not change !
	 */

	typedef [public] struct {
		DATA_BLOB *secret_current;
		NTTIME secret_current_lastchange;
		DATA_BLOB *secret_old;
		NTTIME secret_old_lastchange;
		security_descriptor *sd;
	} lsa_secret;

	/*
	 * This is the on-disc format the workstation trust.
	 *
	 * DO NOT CHANGE
	 * without changing secrets_domain_info_version
	 * and adding glue code. Discuss on samba-technical
	 * first!
	 */
	typedef struct {
		uint32 keytype;
		uint32 iteration_count;
		[flag(NDR_SECRET)] DATA_BLOB value;
	} secrets_domain_info1_kerberos_key;

	typedef struct {
		NTTIME change_time;
		[string,charset(UTF16)] uint16 change_server[];

		[flag(NDR_SECRET)] DATA_BLOB cleartext_blob;
		[flag(NDR_SECRET)] samr_Password nt_hash;

		[string,charset(UTF16)] uint16 *salt_data;
		uint32 default_iteration_count;
		uint16 num_keys;
		secrets_domain_info1_kerberos_key keys[num_keys];
	} secrets_domain_info1_password;

	typedef struct {
		NTSTATUS local_status;
		NTSTATUS remote_status;
		NTTIME change_time;
		[string,charset(UTF16)] uint16 change_server[];
		[ref] secrets_domain_info1_password *password;
	} secrets_domain_info1_change;

	typedef [public] struct {
		[value(0)] hyper reserved_flags;

		NTTIME join_time;

		[string,charset(UTF16)] uint16 computer_name[];
		[string,charset(UTF16)] uint16 account_name[];
		netr_SchannelType secure_channel_type;

		lsa_DnsDomainInfo domain_info;
		netr_TrustFlags trust_flags;
		lsa_TrustType trust_type;
		lsa_TrustAttributes trust_attributes;

		/*
		 * This is unused currently, it might
		 * be useful to implement multi-tenancy (joining multiple domains)
		 * in future.
		 *
		 * Or we could use it to do other filtering of domains.
		 */
		[value(NULL)] lsa_ForestTrustInformation *reserved_routing;

		kerb_EncTypes supported_enc_types;
		[string,charset(UTF16)] uint16 *salt_principal;

		NTTIME password_last_change;
		hyper password_changes;
		secrets_domain_info1_change *next_change;

		[ref] secrets_domain_info1_password *password;
		secrets_domain_info1_password *old_password;
		secrets_domain_info1_password *older_password;
	} secrets_domain_info1;

	typedef [v1_enum] enum {
		SECRETS_DOMAIN_INFO_VERSION_1 = 0x00000001
	} secrets_domain_info_version;

	/*
	 * If we ever need to change this we need to
	 * change secrets_domain_info into
	 * secrets_domain_info_v1
	 */
	typedef union {
		[case(SECRETS_DOMAIN_INFO_VERSION_1)]
			secrets_domain_info1 *info1;
		[default];
	} secrets_domain_infoU;

	typedef [public] struct {
		secrets_domain_info_version version;
		[value(0)] uint32 reserved;
		[switch_is(version)] secrets_domain_infoU info;
	} secrets_domain_infoB;
}