gmsa.idl: Add definition for MANAGEDPASSWORD_BLOB

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/librpc/idl/gmsa.idl b/librpc/idl/gmsa.idl
new file mode 100644 (file)
index 0000000..bad9030
--- /dev/null
+++ b/librpc/idl/gmsa.idl
@@ -0,0 +1,44 @@
+/*
+ * Type definitions for Group Managed Service Accounts
+ *
+ * Derived from [MS-ADTS] 2.2.19 MSDS-MANAGEDPASSWORD_BLOB.
+ */
+
+#include "idl_types.h"
+
+[
+  uuid("e43b8cf6-1ead-11ee-aed1-e3597136ce70"),
+  version(0.0),
+  pointer_default(unique),
+  helpstring("Active Directory Group Managed Service Accounts")
+]
+interface gmsa
+{
+       /* Public structures. */
+
+       typedef [gensize] struct {
+               [relative_short] secret_u16string *current;
+               [relative_short] secret_u16string *previous;
+               /*
+                * MS-ADTS states that these fields must be placed on a 64‐bit
+                * boundary, but samples obtained from Windows are found not to
+                * be so. In practice, they’re offset by two bytes. That’s why
+                * we need NOALIGN.
+                */
+               [relative_short, flag(NDR_NOALIGN)] hyper *query_interval;
+               [relative_short, flag(NDR_NOALIGN)] hyper *unchanged_interval;
+       } MANAGEDPASSWORD_BLOB_PASSWORDS;
+
+       typedef [public] struct {
+               [value(1)] uint16 version;
+               [value(0)] uint16 reserved;
+               /*
+                * The size of the entire blob. 8 bytes account for the
+                * ‘version’ field, the ‘reserved’ field, and the ‘length’ field
+                * itself.
+                */
+               [value(8 + ndr_size_MANAGEDPASSWORD_BLOB_PASSWORDS(&passwords,
+                                                                  ndr->flags))] uint32 length;
+               MANAGEDPASSWORD_BLOB_PASSWORDS passwords;
+       } MANAGEDPASSWORD_BLOB;
+}

diff --git a/librpc/idl/idl_types.h b/librpc/idl/idl_types.h
index a21893f6562bd486121eeb2f4655ad7b586aedc3..4f0e69b8d40f160f6d0618bcb8f7ce5f5f89e43a 100644 (file)
--- a/librpc/idl/idl_types.h
+++ b/librpc/idl/idl_types.h
@@ -31,6 +31,11 @@
 */
 #define raw8string     [flag(STR_RAW8|STR_NULLTERM)] string
 
+/*
+  a secret null terminated UTF‐16 string (null terminated word sequence)
+*/
+#define secret_u16string       [flag(NDR_SECRET|STR_NULLTERM)] u16string
+
 /*
   a null terminated UCS2 string
 */

diff --git a/librpc/idl/wscript_build b/librpc/idl/wscript_build
index 49b79a74f696026d7d4cadd61a4ca2b7a3cdc9f4..1f4d54c87de6db83814f827e288277489a2ea304 100644 (file)
--- a/librpc/idl/wscript_build
+++ b/librpc/idl/wscript_build
@@ -131,6 +131,7 @@ bld.SAMBA_PIDL_LIST('PIDL',
                     dns.idl
                     dnsp.idl
                     drsblobs.idl
+                    gmsa.idl
                     idmap.idl
                     krb5pac.idl
                     krb5ccache.idl

diff --git a/librpc/wscript_build b/librpc/wscript_build
index b69324477e67a88463f1a848c70e4009c7c0740a..dd86c44d83e78eed552915fd4adcf06684ab9213 100644 (file)
--- a/librpc/wscript_build
+++ b/librpc/wscript_build
@@ -390,6 +390,10 @@ bld.SAMBA_SUBSYSTEM('NDR_CLAIMS',
     source='gen_ndr/ndr_claims.c ndr/ndr_claims.c',
     deps='ndr NDR_COMPRESSION LZXPRESS')
 
+bld.SAMBA_SUBSYSTEM('NDR_GMSA',
+    source='gen_ndr/ndr_gmsa.c',
+    deps='ndr')
+
 bld.SAMBA_LIBRARY('ndr-standard',
     source='',
     vnum='0.0.1',
@@ -634,7 +638,7 @@ bld.SAMBA_LIBRARY('ndr-samba',
     NDR_DNSSERVER NDR_EPMAPPER NDR_XATTR NDR_UNIXINFO NDR_NAMED_PIPE_AUTH
     NDR_NTPRINTING NDR_FSRVP NDR_WITNESS NDR_MDSSVC NDR_OPEN_FILES NDR_SMBXSRV
     NDR_SMB3POSIX
-    NDR_KRB5CCACHE NDR_WSP''',
+    NDR_KRB5CCACHE NDR_WSP NDR_GMSA''',
     private_library=True,
     grouping_library=True
     )

diff --git a/source4/librpc/wscript_build b/source4/librpc/wscript_build
index 0d20cbb9349c99a9ba6f0dfa9b20fca5a61de4cc..0a08c524ea73df2cbf69418571b8fd30fda8cbf7 100644 (file)
--- a/source4/librpc/wscript_build
+++ b/source4/librpc/wscript_build
@@ -268,6 +268,13 @@ bld.SAMBA_PYTHON('python_claims',
         cflags_end=gen_cflags
         )
 
+bld.SAMBA_PYTHON('python_gmsa',
+        source='../../librpc/gen_ndr/py_gmsa.c',
+        deps='NDR_GMSA %s %s' % (pytalloc_util, pyrpc_util),
+        realname='samba/dcerpc/gmsa.so',
+        cflags_end=gen_cflags
+        )
+
 bld.SAMBA_PYTHON('python_netlogon',
         source='../../librpc/gen_ndr/py_netlogon.c',
         deps='RPC_NDR_NETLOGON %s %s' % (pytalloc_util, pyrpc_util),