summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-02-08 16:39:34 +1100
committerAndrew Bartlett <abartlet@samba.org>2011-02-09 01:11:06 +0100
commitf1c0e9532d8e3fb0d8942e4d4e1a122429266b16 (patch)
tree8366d73e93d90fa149887821787387c92ef8ca0a
parenta674a56a97c78a44bf43f1c175d106fbe70c7485 (diff)
downloadsamba-f1c0e9532d8e3fb0d8942e4d4e1a122429266b16.tar.gz
samba-f1c0e9532d8e3fb0d8942e4d4e1a122429266b16.tar.bz2
samba-f1c0e9532d8e3fb0d8942e4d4e1a122429266b16.zip
s4-auth Add auth.idl to encode auth subsystem structures in IDL
This is not only a useful way to encode stuff, it also allows python to handle the structures, and natrually allows them to be NDR encoded. Andrew Bartlett
-rw-r--r--librpc/idl/auth.idl70
-rw-r--r--librpc/idl/wscript_build2
-rw-r--r--source4/auth/auth.h1
3 files changed, 72 insertions, 1 deletions
diff --git a/librpc/idl/auth.idl b/librpc/idl/auth.idl
new file mode 100644
index 0000000000..525497df72
--- /dev/null
+++ b/librpc/idl/auth.idl
@@ -0,0 +1,70 @@
+#include "idl_types.h"
+
+/*
+ security IDL structures
+*/
+
+import "misc.idl", "security.idl", "lsa.idl", "krb5pac.idl";
+
+interface auth
+{
+ typedef [public] enum {
+ SEC_AUTH_METHOD_UNAUTHENTICATED = 0,
+ SEC_AUTH_METHOD_NTLM = 1,
+ SEC_AUTH_METHOD_KERBEROS = 2
+ } auth_method;
+
+ /* This is the parts of the session_info that don't change
+ * during local privilage and group manipulations */
+ typedef [public] struct {
+ utf8string account_name;
+ utf8string domain_name;
+
+ utf8string full_name;
+ utf8string logon_script;
+ utf8string profile_path;
+ utf8string home_directory;
+ utf8string home_drive;
+ utf8string logon_server;
+
+ NTTIME last_logon;
+ NTTIME last_logoff;
+ NTTIME acct_expiry;
+ NTTIME last_password_change;
+ NTTIME allow_password_change;
+ NTTIME force_password_change;
+
+ uint16 logon_count;
+ uint16 bad_password_count;
+
+ uint32 acct_flags;
+
+ uint8 authenticated;
+ } auth_user_info;
+
+ /* This information is preserved only to assist torture tests */
+ typedef [public] struct {
+ /* Number SIDs from the DC netlogon validation info */
+ uint32 num_dc_sids;
+ [size_is(num_sids)] dom_sid dc_sids[*];
+ PAC_SIGNATURE_DATA *pac_srv_sig;
+ PAC_SIGNATURE_DATA *pac_kdc_sig;
+ } auth_user_info_torture;
+
+ /* This is the interim product of the auth subsystem, before
+ * privileges and local groups are handled */
+ typedef [public] struct {
+ uint32 num_sids;
+ [size_is(num_sids)] dom_sid sids[*];
+ auth_user_info *info;
+ DATA_BLOB user_session_key;
+ DATA_BLOB lm_session_key;
+ } auth_user_info_dc;
+
+ typedef [public] struct {
+ security_token *security_token;
+ auth_user_info *info;
+ DATA_BLOB session_key;
+ DATA_BLOB exported_gssapi_credentials;
+ } auth_session_info_transport;
+}
diff --git a/librpc/idl/wscript_build b/librpc/idl/wscript_build
index 6fdd5f3bd7..52476c4192 100644
--- a/librpc/idl/wscript_build
+++ b/librpc/idl/wscript_build
@@ -1,7 +1,7 @@
#!/usr/bin/env python
bld.SAMBA_PIDL_LIST('PIDL',
- '''atsvc.idl drsuapi.idl epmapper.idl initshutdown.idl
+ '''atsvc.idl auth.idl drsuapi.idl epmapper.idl initshutdown.idl
misc.idl ntlmssp.idl schannel.idl trkwks.idl
audiosrv.idl dfsblobs.idl dsbackup.idl eventlog.idl file_id.idl keysvc.idl
msgsvc.idl ntsvcs.idl remact.idl security.idl unixinfo.idl wzcsvc.idl
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 21790c4d5c..0699ddb11d 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -22,6 +22,7 @@
#define _SAMBA_AUTH_H
#include "librpc/gen_ndr/ndr_krb5pac.h"
+#include "librpc/gen_ndr/auth.h"
#include "../auth/common_auth.h"
extern const char *krbtgt_attrs[];