1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
#include "idl_types.h"
import "misc.idl", "samr.idl", "lsa.idl", "netlogon.idl", "security.idl";
/*
IDL structures for secrets code
*/
[
pointer_default(unique)
]
interface secrets
{
/*
* s3 on-disc storage structure for trusted domains, do not change !
*/
typedef [flag(NDR_NOALIGN),public] struct {
[value(strlen_m_term(uni_name))] uint32 uni_name_len;
[charset(UTF16)] uint16 uni_name[32]; /* unicode domain name */
[value(strlen(pass))] uint32 pass_len;
astring pass; /* trust relationship's password */
time_t mod_time;
dom_sid domain_sid; /* remote domain's sid */
} TRUSTED_DOM_PASS;
/*
* s3 on-disc storage structure for lsa secrets, do not change !
*/
typedef [public] struct {
DATA_BLOB *secret_current;
NTTIME secret_current_lastchange;
DATA_BLOB *secret_old;
NTTIME secret_old_lastchange;
security_descriptor *sd;
} lsa_secret;
/*
* This is the on-disc format the workstation trust.
*
* DO NOT CHANGE
* without changing secrets_domain_info_version
* and adding glue code. Discuss on samba-technical
* first!
*/
typedef struct {
uint32 keytype;
uint32 iteration_count;
[flag(NDR_SECRET)] DATA_BLOB value;
} secrets_domain_info1_kerberos_key;
typedef struct {
NTTIME change_time;
[string,charset(UTF16)] uint16 change_server[];
[flag(NDR_SECRET)] DATA_BLOB cleartext_blob;
[flag(NDR_SECRET)] samr_Password nt_hash;
[string,charset(UTF16)] uint16 *salt_data;
uint32 default_iteration_count;
uint16 num_keys;
secrets_domain_info1_kerberos_key keys[num_keys];
} secrets_domain_info1_password;
typedef struct {
NTSTATUS local_status;
NTSTATUS remote_status;
NTTIME change_time;
[string,charset(UTF16)] uint16 change_server[];
[ref] secrets_domain_info1_password *password;
} secrets_domain_info1_change;
typedef [public] struct {
[value(0)] hyper reserved_flags;
NTTIME join_time;
[string,charset(UTF16)] uint16 computer_name[];
[string,charset(UTF16)] uint16 account_name[];
netr_SchannelType secure_channel_type;
lsa_DnsDomainInfo domain_info;
netr_TrustFlags trust_flags;
lsa_TrustType trust_type;
lsa_TrustAttributes trust_attributes;
/*
* This is unused currently, it might
* be useful to implement multi-tenancy (joining multiple domains)
* in future.
*
* Or we could use it to do other filtering of domains.
*/
[value(NULL)] lsa_ForestTrustInformation *reserved_routing;
kerb_EncTypes supported_enc_types;
[string,charset(UTF16)] uint16 *salt_principal;
NTTIME password_last_change;
hyper password_changes;
secrets_domain_info1_change *next_change;
[ref] secrets_domain_info1_password *password;
secrets_domain_info1_password *old_password;
secrets_domain_info1_password *older_password;
} secrets_domain_info1;
typedef [v1_enum] enum {
SECRETS_DOMAIN_INFO_VERSION_1 = 0x00000001
} secrets_domain_info_version;
/*
* If we ever need to change this we need to
* change secrets_domain_info into
* secrets_domain_info_v1
*/
typedef union {
[case(SECRETS_DOMAIN_INFO_VERSION_1)]
secrets_domain_info1 *info1;
[default];
} secrets_domain_infoU;
typedef [public] struct {
secrets_domain_info_version version;
[value(0)] uint32 reserved;
[switch_is(version)] secrets_domain_infoU info;
} secrets_domain_infoB;
}
|
