4 Authentication IDL structures
6 These are NOT public network structures, but it is helpful to define
7 these things in IDL. They may change without ABI breakage or
12 import
"misc.idl", "security.idl", "lsa.idl", "krb5pac.idl";
14 pyhelper
("librpc/ndr/py_auth.c"),
15 helper
("../librpc/ndr/ndr_auth.h"),
16 helpstring("internal Samba authentication structures")
21 typedef [public] enum {
22 SEC_AUTH_METHOD_UNAUTHENTICATED
= 0,
23 SEC_AUTH_METHOD_NTLM
= 1,
24 SEC_AUTH_METHOD_KERBEROS
= 2
27 /* This is the parts of the session_info that don't change
28 * during local privilage and group manipulations */
29 typedef [public] struct {
30 [unique,charset
(UTF8
),string] char *account_name
;
31 [unique,charset
(UTF8
),string] char *domain_name
;
33 [unique,charset
(UTF8
),string] char *full_name
;
34 [unique,charset
(UTF8
),string] char *logon_script
;
35 [unique,charset
(UTF8
),string] char *profile_path
;
36 [unique,charset
(UTF8
),string] char *home_directory
;
37 [unique,charset
(UTF8
),string] char *home_drive
;
38 [unique,charset
(UTF8
),string] char *logon_server
;
43 NTTIME last_password_change
;
44 NTTIME allow_password_change
;
45 NTTIME force_password_change
;
48 uint16 bad_password_count
;
55 /* This information is preserved only to assist torture tests */
56 typedef [public] struct {
57 /* Number SIDs from the DC netlogon validation info */
59 [size_is(num_dc_sids
)] dom_sid dc_sids
[*];
60 PAC_SIGNATURE_DATA
*pac_srv_sig
;
61 PAC_SIGNATURE_DATA
*pac_kdc_sig
;
62 } auth_user_info_torture
;
64 typedef [public] struct {
65 /* These match exactly the values from the
66 * auth_serversupplied_info, but should be changed to
67 * checks involving just the SIDs */
70 [unique,charset
(UTF8
),string] char *unix_name
;
73 * For performance reasons we keep an alpha_strcpy-sanitized version
74 * of the username around as long as the global variable current_user
75 * still exists. If we did not do keep this, we'd have to call
76 * alpha_strcpy whenever we do a become_user(), potentially on every
77 * smb request. See set_current_user_info in source3.
79 [unique,charset
(UTF8
),string] char *sanitized_username
;
80 } auth_user_info_unix
;
82 /* This is the interim product of the auth subsystem, before
83 * privileges and local groups are handled */
84 typedef [public] struct {
86 [size_is(num_sids
)] dom_sid sids
[*];
88 DATA_BLOB user_session_key
;
89 DATA_BLOB lm_session_key
;
92 typedef [public] struct {
93 security_token
*security_token
;
94 security_unix_token
*unix_token
;
96 auth_user_info_unix
*unix_info
;
97 [value
(NULL
), ignore] auth_user_info_torture
*torture
;
99 /* This is the final session key, as used by SMB signing, and
100 * (truncated to 16 bytes) encryption on the SAMR and LSA pipes
101 * when over ncacn_np.
102 * It is calculated by NTLMSSP from the session key in the info3,
103 * and is set from the Kerberos session key using
104 * krb5_auth_con_getremotesubkey().
106 * Bottom line, it is not the same as the session keys in info3.
109 DATA_BLOB session_key
;
111 [value
(NULL
), ignore] cli_credentials
*credentials
;
114 typedef [public] struct {
115 auth_session_info
*session_info
;
116 DATA_BLOB exported_gssapi_credentials
;
117 } auth_session_info_transport
;