search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:include: change current_user->vuid to uint64_t
[Samba/gebeck_regimport.git] / librpc / idl / auth.idl
blob2451d2bab77eff6e5723adbe3b065145dc550019
1 #include "idl_types.h"
2
3 /*
4 Authentication IDL structures
5
6 These are NOT public network structures, but it is helpful to define
7 these things in IDL. They may change without ABI breakage or
8 warning.
9
10 */
11
12 import "misc.idl", "security.idl", "lsa.idl", "krb5pac.idl";
13 [
14 pyhelper("librpc/ndr/py_auth.c"),
15 helper("../librpc/ndr/ndr_auth.h"),
16 helpstring("internal Samba authentication structures")
17 ]
18
19 interface auth
20 {
21 typedef [public] enum {
22 SEC_AUTH_METHOD_UNAUTHENTICATED = 0,
23 SEC_AUTH_METHOD_NTLM = 1,
24 SEC_AUTH_METHOD_KERBEROS = 2
25 } auth_method;
26
27 /* This is the parts of the session_info that don't change
28 * during local privilage and group manipulations */
29 typedef [public] struct {
30 [unique,charset(UTF8),string] char *account_name;
31 [unique,charset(UTF8),string] char *domain_name;
32
33 [unique,charset(UTF8),string] char *full_name;
34 [unique,charset(UTF8),string] char *logon_script;
35 [unique,charset(UTF8),string] char *profile_path;
36 [unique,charset(UTF8),string] char *home_directory;
37 [unique,charset(UTF8),string] char *home_drive;
38 [unique,charset(UTF8),string] char *logon_server;
39
40 NTTIME last_logon;
41 NTTIME last_logoff;
42 NTTIME acct_expiry;
43 NTTIME last_password_change;
44 NTTIME allow_password_change;
45 NTTIME force_password_change;
46
47 uint16 logon_count;
48 uint16 bad_password_count;
49
50 uint32 acct_flags;
51
52 uint8 authenticated;
53 } auth_user_info;
54
55 /* This information is preserved only to assist torture tests */
56 typedef [public] struct {
57 /* Number SIDs from the DC netlogon validation info */
58 uint32 num_dc_sids;
59 [size_is(num_dc_sids)] dom_sid dc_sids[*];
60 } auth_user_info_torture;
61
62 typedef [public] struct {
63 /* These match exactly the values from the
64 * auth_serversupplied_info, but should be changed to
65 * checks involving just the SIDs */
66 boolean8 system;
67
68 [unique,charset(UTF8),string] char *unix_name;
69
70 /*
71 * For performance reasons we keep an alpha_strcpy-sanitized version
72 * of the username around as long as the global variable current_user
73 * still exists. If we did not do keep this, we'd have to call
74 * alpha_strcpy whenever we do a become_user(), potentially on every
75 * smb request. See set_current_user_info in source3.
76 */
77 [unique,charset(UTF8),string] char *sanitized_username;
78 } auth_user_info_unix;
79
80 /* This is the interim product of the auth subsystem, before
81 * privileges and local groups are handled */
82 typedef [public] struct {
83 uint32 num_sids;
84 [size_is(num_sids)] dom_sid sids[*];
85 auth_user_info *info;
86 DATA_BLOB user_session_key;
87 DATA_BLOB lm_session_key;
88 } auth_user_info_dc;
89
90 typedef [public] struct {
91 security_token *security_token;
92 security_unix_token *unix_token;
93 auth_user_info *info;
94 auth_user_info_unix *unix_info;
95 [value(NULL), ignore] auth_user_info_torture *torture;
96
97 /* This is the final session key, as used by SMB signing, and
98 * (truncated to 16 bytes) encryption on the SAMR and LSA pipes
99 * when over ncacn_np.
100 * It is calculated by NTLMSSP from the session key in the info3,
101 * and is set from the Kerberos session key using
102 * krb5_auth_con_getremotesubkey().
103 *
104 * Bottom line, it is not the same as the session keys in info3.
105 */
106
107 DATA_BLOB session_key;
108
109 [value(NULL), ignore] cli_credentials *credentials;
110 } auth_session_info;
111
112 typedef [public] struct {
113 auth_session_info *session_info;
114 DATA_BLOB exported_gssapi_credentials;
115 } auth_session_info_transport;
116 }
reg import