librpc/idl/auth.idl

   1 #include "idl_types.h"
   2
   3 /*
   4   security IDL structures
   5 */
   6
   7 import "misc.idl", "security.idl", "lsa.idl", "krb5pac.idl";
   8
   9 interface auth
  10 {
  11         typedef [public] enum {
  12                 SEC_AUTH_METHOD_UNAUTHENTICATED = 0,
  13                 SEC_AUTH_METHOD_NTLM            = 1,
  14                 SEC_AUTH_METHOD_KERBEROS        = 2
  15         } auth_method;
  16
  17         /* This is the parts of the session_info that don't change
  18          * during local privilage and group manipulations */
  19         typedef [public] struct {
  20                 utf8string account_name;
  21                 utf8string domain_name;
  22
  23                 utf8string full_name;
  24                 utf8string logon_script;
  25                 utf8string profile_path;
  26                 utf8string home_directory;
  27                 utf8string home_drive;
  28                 utf8string logon_server;
  29
  30                 NTTIME last_logon;
  31                 NTTIME last_logoff;
  32                 NTTIME acct_expiry;
  33                 NTTIME last_password_change;
  34                 NTTIME allow_password_change;
  35                 NTTIME force_password_change;
  36
  37                 uint16 logon_count;
  38                 uint16 bad_password_count;
  39
  40                 uint32 acct_flags;
  41
  42                 uint8 authenticated;
  43         } auth_user_info;
  44
  45         /* This information is preserved only to assist torture tests */
  46         typedef [public] struct {
  47                 /* Number SIDs from the DC netlogon validation info */
  48                 uint32 num_dc_sids;
  49                 [size_is(num_dc_sids)] dom_sid dc_sids[*];
  50                 PAC_SIGNATURE_DATA *pac_srv_sig;
  51                 PAC_SIGNATURE_DATA *pac_kdc_sig;
  52         } auth_user_info_torture;
  53
  54         typedef [public] struct {
  55                 utf8string unix_name;
  56
  57                 /*
  58                  * For performance reasons we keep an alpha_strcpy-sanitized version
  59                  * of the username around as long as the global variable current_user
  60                  * still exists. If we did not do keep this, we'd have to call
  61                  * alpha_strcpy whenever we do a become_user(), potentially on every
  62                  * smb request. See set_current_user_info in source3.
  63                  */
  64                 utf8string sanitized_username;
  65         } auth_user_info_unix;
  66
  67         /* This is the interim product of the auth subsystem, before
  68          * privileges and local groups are handled */
  69         typedef [public] struct {
  70                 uint32 num_sids;
  71                 [size_is(num_sids)] dom_sid sids[*];
  72                 auth_user_info *info;
  73                 DATA_BLOB user_session_key;
  74                 DATA_BLOB lm_session_key;
  75         } auth_user_info_dc;
  76
  77         typedef [public] struct {
  78                 security_token *security_token;
  79                 security_unix_token *unix_token;
  80                 auth_user_info *info;
  81                 auth_user_info_unix *unix_info;
  82                 DATA_BLOB session_key;
  83                 DATA_BLOB exported_gssapi_credentials;
  84         } auth_session_info_transport;
  85 }