drsuapi.idl

samba最新软件

#include "idl_types.h"

import "security.idl", "misc.idl", "samr.idl";

[ 
  uuid("e3514235-4b06-11d1-ab04-00c04fc2dcd2"),
  version(4.0),
  endpoint("ncacn_np:[\\pipe\\lsass]","ncacn_np:[\\pipe\\protected_storage]", "ncacn_ip_tcp:", "ncalrpc:"),
  authservice("ldap"),
  helpstring("Active Directory Replication"),
  helper("librpc/ndr/ndr_drsuapi.h"),
  pointer_default(unique)
]
interface drsuapi
{
	typedef bitmap samr_GroupAttrs samr_GroupAttrs;

	/*****************/
        /* Function 0x00 */
        typedef [bitmap32bit] bitmap {
		DRSUAPI_SUPPORTED_EXTENSION_BASE			= 0x00000001,
		DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION		= 0x00000002,
		DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI			= 0x00000004,
		DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2			= 0x00000008,
		DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS		= 0x00000010,
		DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1			= 0x00000020,
		DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION	= 0x00000040,
		DRSUAPI_SUPPORTED_EXTENSION_00000080			= 0x00000080,
		DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE			= 0x00000100,
		DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2			= 0x00000200,
		DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION	= 0x00000400,
		DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2			= 0x00000800,
		DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD= 0x00001000,
		DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND			= 0x00002000,
		DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO		= 0x00004000,
		DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION		= 0x00008000,
		DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01			= 0x00010000,
		DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP	= 0x00020000,
		DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY		= 0x00040000,
		DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3			= 0x00080000,
		DRSUAPI_SUPPORTED_EXTENSION_00100000			= 0x00100000,
		DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2		= 0x00200000,
		DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6		= 0x00400000,
		DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS		= 0x00800000,
		DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8		= 0x01000000,
		DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5		= 0x02000000,
		DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6		= 0x04000000,
		/*
		 * the following 3 have the same value
		 * repadmin.exe /bind says that
		 */
		DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3		= 0x08000000,
		DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7		= 0x08000000,
		DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT		= 0x08000000,
		DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS		= 0x10000000,
		DRSUAPI_SUPPORTED_EXTENSION_20000000			= 0x20000000,
		DRSUAPI_SUPPORTED_EXTENSION_40000000			= 0x40000000,
		DRSUAPI_SUPPORTED_EXTENSION_80000000			= 0x80000000
	} drsuapi_SupportedExtensions;

	/* this is used by w2k */
	typedef struct {
		drsuapi_SupportedExtensions supported_extensions;
		GUID site_guid;
		uint32 u1;
	} drsuapi_DsBindInfo24;

	/* this is used by w2k3 */
	typedef struct {
		drsuapi_SupportedExtensions supported_extensions;
		GUID site_guid;
		uint32 u1;
		uint32 repl_epoch;
	} drsuapi_DsBindInfo28;

	typedef struct {
		[flag(NDR_REMAINING)] DATA_BLOB info;
	} drsuapi_DsBindInfoFallBack;

	typedef [nodiscriminant] union {
		[case(24)][subcontext(4)] drsuapi_DsBindInfo24 info24;
		[case(28)][subcontext(4)] drsuapi_DsBindInfo28 info28;
		[default][subcontext(4)] drsuapi_DsBindInfoFallBack FallBack;
	} drsuapi_DsBindInfo;

	/* the drsuapi_DsBindInfoCtr was this before
	 * typedef [flag(NDR_PAHEX)] struct {
	 *	[range(1,10000)] uint32 length;
	 *	[size_is(length)] uint8 data[];
	 * } drsuapi_DsBindInfo;
	 *
	 * but we don't want the caller to manually decode this blob,
	 * so we're doing it here
	 */

	typedef struct {
		[range(1,10000)] uint32 length;
		[switch_is(length)] drsuapi_DsBindInfo info;
	} drsuapi_DsBindInfoCtr;

	/* this is a magic guid you need to pass to DsBind to make drsuapi_DsWriteAccountSpn() work
	 * 
	 * maybe the bind_guid could also be the invocation_id see drsuapi_DsReplicaConnection04
	 */
	const char *DRSUAPI_DS_BIND_GUID = "e24d201a-4fd6-11d1-a3da-0000f875ae0d";
	/* 
	 * this magic guid are needed to fetch the whole tree with drsuapi_DsGetNCChanges()
	 * as administrator and this values are also used in the destination_dsa_guid field
	 * of drsuapi_DsGetNCChangesReq5/8 and the source_dsa_guid is zero.
	 */
	const char *DRSUAPI_DS_BIND_GUID_W2K	= "6abec3d1-3054-41c8-a362-5a0c5b7d5d71";
	const char *DRSUAPI_DS_BIND_GUID_W2K3	= "6afab99c-6e26-464a-975f-f58f105218bc";

	[public] WERROR drsuapi_DsBind(
		[in,unique]	    GUID *bind_guid,
		[in,out,unique]    drsuapi_DsBindInfoCtr *bind_info,
		[out]   policy_handle *bind_handle
		);

	/*****************/
        /* Function 0x01 */
	WERROR drsuapi_DsUnbind(
		[in,out] policy_handle *bind_handle
		);

	/*****************/
	/* Function 0x02 */
	typedef [public,gensize] struct {
		[value(ndr_size_drsuapi_DsReplicaObjectIdentifier(r, ndr->flags)-4)] uint32 __ndr_size;
		[value(ndr_size_dom_sid28(&sid, ndr->flags))]  uint32 __ndr_size_sid;
		GUID guid;
		dom_sid28 sid;
		[value(strlen_m(dn))] uint32 __ndr_size_dn;
		[charset(UTF16),size_is(__ndr_size_dn+1)] uint16 dn[];
	} drsuapi_DsReplicaObjectIdentifier;

	typedef [public] bitmap {
		DRSUAPI_DS_REPLICA_SYNC_ASYNCHRONOUS_OPERATION	= 0x00000001,
		DRSUAPI_DS_REPLICA_SYNC_WRITEABLE		= 0x00000002,
		DRSUAPI_DS_REPLICA_SYNC_PERIODIC		= 0x00000004,
		DRSUAPI_DS_REPLICA_SYNC_INTERSITE_MESSAGING	= 0x00000008,
		DRSUAPI_DS_REPLICA_SYNC_ALL_SOURCES		= 0x00000010,
		DRSUAPI_DS_REPLICA_SYNC_FULL			= 0x00000020,
		DRSUAPI_DS_REPLICA_SYNC_URGENT			= 0x00000040,
		DRSUAPI_DS_REPLICA_SYNC_NO_DISCARD		= 0x00000080,
		DRSUAPI_DS_REPLICA_SYNC_FORCE			= 0x00000100,
		DRSUAPI_DS_REPLICA_SYNC_ADD_REFERENCE		= 0x00000200,
		DRSUAPI_DS_REPLICA_SYNC_NEVER_COMPLETED		= 0x00000400,
		DRSUAPI_DS_REPLICA_SYNC_TWO_WAY			= 0x00000800,
		DRSUAPI_DS_REPLICA_SYNC_NEVER_NOTIFY		= 0x00001000,
		DRSUAPI_DS_REPLICA_SYNC_INITIAL			= 0x00002000,
		DRSUAPI_DS_REPLICA_SYNC_USE_COMPRESSION		= 0x00004000,
		DRSUAPI_DS_REPLICA_SYNC_ABANDONED		= 0x00008000,
		DRSUAPI_DS_REPLICA_SYNC_INITIAL_IN_PROGRESS	= 0x00010000,
		DRSUAPI_DS_REPLICA_SYNC_PARTIAL_ATTRIBUTE_SET	= 0x00020000,
		DRSUAPI_DS_REPLICA_SYNC_REQUEUE			= 0x00040000,
		DRSUAPI_DS_REPLICA_SYNC_NOTIFICATION		= 0x00080000,
		DRSUAPI_DS_REPLICA_SYNC_ASYNCHRONOUS_REPLICA	= 0x00100000,
		DRSUAPI_DS_REPLICA_SYNC_CRITICAL		= 0x00200000,
		DRSUAPI_DS_REPLICA_SYNC_FULL_IN_PROGRESS	= 0x00400000,
		DRSUAPI_DS_REPLICA_SYNC_PREEMPTED		= 0x00800000
	} drsuapi_DsReplicaSyncOptions;

	typedef struct {
		drsuapi_DsReplicaObjectIdentifier *naming_context;
		GUID source_dsa_guid;
		astring *other_info; /* I assume this is related to the repsFromTo1OtherInfo dns_name */
		drsuapi_DsReplicaSyncOptions options;
	} drsuapi_DsReplicaSyncRequest1;

	typedef [switch_type(int32)] union {
		[case(1)] drsuapi_DsReplicaSyncRequest1 req1;
	} drsuapi_DsReplicaSyncRequest;

	WERROR drsuapi_DsReplicaSync(
		[in] policy_handle *bind_handle,
		[in] int32 level,
		[in,switch_is(level)] drsuapi_DsReplicaSyncRequest req
		);

	/*****************/
	/* Function 0x03 */
	typedef [public] struct {
		hyper tmp_highest_usn; /* updated after each object update */
		hyper reserved_usn;
		hyper highest_usn; /* updated after a full replication cycle */
	} drsuapi_DsReplicaHighWaterMark;

	typedef [public] struct {
		GUID source_dsa_invocation_id; /* the 'invocationId' field of the CN=NTDS Settings object */
		hyper highest_usn;  /* updated after a full replication cycle */
	} drsuapi_DsReplicaCursor;

	typedef struct {
		uint32 u1;
		uint32 u2;
		[range(0,0x100000)] uint32 count;
		uint32 u3;
		[size_is(count)] drsuapi_DsReplicaCursor cursors[];
	} drsuapi_DsReplicaCursorCtrEx;

	typedef [public] bitmap {
		/* the _WRITEABLE flag indicates a replication with all attributes
		 *
		 * --metze
		 */
		DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE				= 0x00000010,
		DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP			= 0x00000020,
		DRSUAPI_DS_REPLICA_NEIGHBOUR_DO_SCHEDULED_SYNCS			= 0x00000040,
		DRSUAPI_DS_REPLICA_NEIGHBOUR_USE_ASYNC_INTERSIDE_TRANSPORT	= 0x00000080,
		DRSUAPI_DS_REPLICA_NEIGHBOUR_TWO_WAY_SYNC			= 0x00000200,
		DRSUAPI_DS_REPLICA_NEIGHBOUR_RETURN_OBJECT_PARENTS		= 0x00000800,
		DRSUAPI_DS_REPLICA_NEIGHBOUR_FULL_IN_PROGRESS			= 0x00001000, /* was 0x00010000, */
		DRSUAPI_DS_REPLICA_NEIGHBOUR_FULL_NEXT_PACKET			= 0x00002000, /* was 0x00020000, */
		DRSUAPI_DS_REPLICA_NEIGHBOUR_NEVER_SYNCED			= 0x00200000,
		DRSUAPI_DS_REPLICA_NEIGHBOUR_PREEMPTED				= 0x01000000,
		DRSUAPI_DS_REPLICA_NEIGHBOUR_IGNORE_CHANGE_NOTIFICATIONS	= 0x04000000,
		DRSUAPI_DS_REPLICA_NEIGHBOUR_DISABLE_SCHEDULED_SYNC		= 0x08000000,
		/* 
		 * the following NOTE applies to DsGetNCChangesRequest5:
		 *  - the data is only compressed when 10 or more objects are replicated
		 *  - but there could also be a size limit of 35 KBytes or something like that
		 *  - the reply is DsGetNCChangesCtr2
		 *  - maybe the same applies to DsGetNCChangesRequest8...
		 *
		 *  --metze
		 */
		DRSUAPI_DS_REPLICA_NEIGHBOUR_COMPRESS_CHANGES			= 0x10000000,
		DRSUAPI_DS_REPLICA_NEIGHBOUR_NO_CHANGE_NOTIFICATIONS		= 0x20000000,
		DRSUAPI_DS_REPLICA_NEIGHBOUR_PARTIAL_ATTRIBUTE_SET		= 0x40000000
	} drsuapi_DsReplicaNeighbourFlags;

	typedef struct {
		GUID destination_dsa_guid;
		GUID source_dsa_invocation_id; /* the 'invocationId' field of the CN=NTDS Settings object */
		[ref] drsuapi_DsReplicaObjectIdentifier *naming_context;
		drsuapi_DsReplicaHighWaterMark highwatermark;
		drsuapi_DsReplicaCursorCtrEx *uptodateness_vector;
		drsuapi_DsReplicaNeighbourFlags replica_flags;
		uint32 max_object_count; /* w2k3 uses min(133,max(100,max_object_count)) */
		uint32 max_ndr_size; /* w2k3 seems to ignore this */
		uint32 unknown4;
		hyper h1;
	} drsuapi_DsGetNCChangesRequest5;

	/*
	 * In DRSUAPI all attributes with syntax 2.5.5.2
	 * are identified by uint32 values
	 *
	 * the following table shows the mapping used between the two representations
	 * e.g. - objectClass 'nTDSDSA' has governsID: 1.2.840.113556.1.5.7000.47
	 *        and a UINT32-ID of '0x0017002F'.
	 *      - so the OID 1.2.840.113556.1.5.7000.47 is splitted into a
	 *        OID-prefix: 1.2.840.113556.1.5.7000
	 *	  and a value: 47 => 0x2F
	 *      - the mapping table gives a UINT32-prefix: 0x00170000
	 *      - and the UINT32-ID is 0x0017002F = 0x00170000 | 0x2F
	 *
	 * This prefix mapping table is replied in the drsuapi_DsReplicaOIDMapping_Ctr
	 * array. The following are the default mappings of w2k3
	 *
	 * OID-prefix			=> UINT32-Id prefix
	 *
	 * 2.5.4.*			=> 0x00000000 (standard attributes RFC2256 core.schema)
	 * 2.5.6.*			=> 0x00010000 (standard object classes RFC2256 core.schema)
	 * 1.2.840.113556.1.2.*   	=> 0x00020000
	 * 1.2.840.113556.1.3.*		=> 0x00030000
	 * 2.5.5.*			=> 0x00080000 (attributeSyntax OID's)
	 * 1.2.840.113556.1.4.*		=> 0x00090000
	 * 1.2.840.113556.1.5.*		=> 0x000A0000
	 * 2.16.840.1.113730.3.*	=> 0x00140000
	 * 0.9.2342.19200300.100.1.*	=> 0x00150000
	 * 2.16.840.1.113730.3.1.*	=> 0x00160000
	 * 1.2.840.113556.1.5.7000.*	=> 0x00170000
	 * 2.5.21.*			=> 0x00180000 (attrs for SubSchema)
	 * 2.5.18.*			=> 0x00190000 (createTimeStamp,modifyTimeStamp, SubSchema)
	 * 2.5.20.*			=> 0x001A0000
	 * 1.3.6.1.4.1.1466.101.119.*	=> 0x001B0000 (dynamicObject, entryTTL)
	 * 2.16.840.1.113730.3.2.*	=> 0x001C0000
	 * 1.3.6.1.4.1.250.1.*		=> 0x001D0000
	 * 1.2.840.113549.1.9.*   	=> 0x001E0000 (unstructuredAddress,unstructuredName)
	 * 0.9.2342.19200300.100.4.*	=> 0x001F0000
	 *
	 * Here's a list of used 'attributeSyntax' OID's
	 *
	 * 2.5.5.1	=> Object(DS-DN) string
	 *		   struct drsuapi_DsObjectIdentifier3
	 *
	 * 2.5.5.2	=> OID-string
	 *		=> all values are represented as uint32 values in drsuapi
	 *		=> governsID, attributeID and attributeSyntax returned as OID-Strings in LDAP
	 *		=> mayContain, mustContain and all other attributes with 2.5.5.2 syntax
	 *		   are returned as attribute names
	 *
	 * 2.5.5.4	=> String(Teletex) case-insensitive string with teletex charset
	 *
	 * 2.5.5.5	=> String(IA5) case-sensitive string
	 *
	 * 2.5.5.6	=> String(Numeric)
	 *		=> eg. internationalISDNNumber
	 *
	 * 2.5.5.7	=> Object(DN-Binary) B:<byte count>:<bytes>:<object DN>
	 *		=> e.g. wellKnownObjects
	 *
	 * 2.5.5.8	=> BOOL
	 *
	 * 2.5.5.9	=> int32
	 *
	 * 2.5.5.10	=> DATA_BLOB
	 *		=> struct GUID
	 *
	 * 2.5.5.11	=> LDAP timestring
	 *		=> NTTIME_1sec
	 *
	 * 2.5.5.12	=> String(Unicode) case-insensitive string
	 *		=> 'standard strings'
	 *
	 * 2.5.5.13	=> Object(Presentation-Address) string
	 *		=> used in objectClass applicationEntity
	 *
	 * 2.5.5.14	=> Object(DN-String) S:<char count>:<string>:<object DN>
	 *		=> not used
	 *
	 * 2.5.5.15	=> ntSecurityDescriptor
	 *
	 * 2.5.5.16	=> int64
	 *
	 * 2.5.5.17	=> dom_sid
	 */
	typedef [nopush,nopull] struct {
		[range(0,10000),value(ndr_size_drsuapi_DsReplicaOID_oid(oid, 0))] uint32 __ndr_size;
		[size_is(__ndr_size),charset(DOS)] uint8 *oid; /* it's encoded with asn1_write_OID_String() */
	} drsuapi_DsReplicaOID;

	typedef struct {
		uint32 id_prefix;
		drsuapi_DsReplicaOID oid;
	} drsuapi_DsReplicaOIDMapping;

	typedef [public] struct {
		[range(0,0x100000)] uint32 num_mappings;
		[size_is(num_mappings)] drsuapi_DsReplicaOIDMapping *mappings;
	} drsuapi_DsReplicaOIDMapping_Ctr;

	typedef [flag(NDR_PAHEX),v1_enum] enum {
		DRSUAPI_OBJECTCLASS_top			= 0x00010000,
		DRSUAPI_OBJECTCLASS_classSchema		= 0x0003000d,
		DRSUAPI_OBJECTCLASS_attributeSchema	= 0x0003000e
	} drsuapi_DsObjectClassId;

	typedef [flag(NDR_PAHEX),v1_enum,public] enum {
		DRSUAPI_ATTRIBUTE_objectClass			= 0x00000000,
		DRSUAPI_ATTRIBUTE_description			= 0x0000000d,
		DRSUAPI_ATTRIBUTE_member			= 0x0000001f,
		DRSUAPI_ATTRIBUTE_instanceType			= 0x00020001,
		DRSUAPI_ATTRIBUTE_whenCreated			= 0x00020002,
		DRSUAPI_ATTRIBUTE_hasMasterNCs			= 0x0002000e,
		DRSUAPI_ATTRIBUTE_governsID			= 0x00020016,
		DRSUAPI_ATTRIBUTE_attributeID			= 0x0002001e,
		DRSUAPI_ATTRIBUTE_attributeSyntax		= 0x00020020,
		DRSUAPI_ATTRIBUTE_isSingleValued		= 0x00020021,
		DRSUAPI_ATTRIBUTE_rangeLower			= 0x00020022,
		DRSUAPI_ATTRIBUTE_rangeUpper			= 0x00020023,
		DRSUAPI_ATTRIBUTE_dMDLocation			= 0x00020024,
		DRSUAPI_ATTRIBUTE_objectVersion			= 0x0002004c,
		DRSUAPI_ATTRIBUTE_invocationId			= 0x00020073,
		DRSUAPI_ATTRIBUTE_showInAdvancedViewOnly	= 0x000200a9,
		DRSUAPI_ATTRIBUTE_adminDisplayName		= 0x000200c2,
		DRSUAPI_ATTRIBUTE_adminDescription		= 0x000200e2,
		DRSUAPI_ATTRIBUTE_oMSyntax			= 0x000200e7,
		DRSUAPI_ATTRIBUTE_ntSecurityDescriptor		= 0x00020119,
		DRSUAPI_ATTRIBUTE_searchFlags			= 0x0002014e,
		DRSUAPI_ATTRIBUTE_lDAPDisplayName		= 0x000201cc,
		DRSUAPI_ATTRIBUTE_name				= 0x00090001,
		DRSUAPI_ATTRIBUTE_currentValue			= 0x0009001b,