diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-02-08 16:39:34 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-02-09 01:11:06 +0100 |
commit | f1c0e9532d8e3fb0d8942e4d4e1a122429266b16 (patch) | |
tree | 8366d73e93d90fa149887821787387c92ef8ca0a | |
parent | a674a56a97c78a44bf43f1c175d106fbe70c7485 (diff) | |
download | samba-f1c0e9532d8e3fb0d8942e4d4e1a122429266b16.tar.gz samba-f1c0e9532d8e3fb0d8942e4d4e1a122429266b16.tar.bz2 samba-f1c0e9532d8e3fb0d8942e4d4e1a122429266b16.zip |
s4-auth Add auth.idl to encode auth subsystem structures in IDL
This is not only a useful way to encode stuff, it also allows python
to handle the structures, and natrually allows them to be NDR encoded.
Andrew Bartlett
-rw-r--r-- | librpc/idl/auth.idl | 70 | ||||
-rw-r--r-- | librpc/idl/wscript_build | 2 | ||||
-rw-r--r-- | source4/auth/auth.h | 1 |
3 files changed, 72 insertions, 1 deletions
diff --git a/librpc/idl/auth.idl b/librpc/idl/auth.idl new file mode 100644 index 0000000000..525497df72 --- /dev/null +++ b/librpc/idl/auth.idl @@ -0,0 +1,70 @@ +#include "idl_types.h" + +/* + security IDL structures +*/ + +import "misc.idl", "security.idl", "lsa.idl", "krb5pac.idl"; + +interface auth +{ + typedef [public] enum { + SEC_AUTH_METHOD_UNAUTHENTICATED = 0, + SEC_AUTH_METHOD_NTLM = 1, + SEC_AUTH_METHOD_KERBEROS = 2 + } auth_method; + + /* This is the parts of the session_info that don't change + * during local privilage and group manipulations */ + typedef [public] struct { + utf8string account_name; + utf8string domain_name; + + utf8string full_name; + utf8string logon_script; + utf8string profile_path; + utf8string home_directory; + utf8string home_drive; + utf8string logon_server; + + NTTIME last_logon; + NTTIME last_logoff; + NTTIME acct_expiry; + NTTIME last_password_change; + NTTIME allow_password_change; + NTTIME force_password_change; + + uint16 logon_count; + uint16 bad_password_count; + + uint32 acct_flags; + + uint8 authenticated; + } auth_user_info; + + /* This information is preserved only to assist torture tests */ + typedef [public] struct { + /* Number SIDs from the DC netlogon validation info */ + uint32 num_dc_sids; + [size_is(num_sids)] dom_sid dc_sids[*]; + PAC_SIGNATURE_DATA *pac_srv_sig; + PAC_SIGNATURE_DATA *pac_kdc_sig; + } auth_user_info_torture; + + /* This is the interim product of the auth subsystem, before + * privileges and local groups are handled */ + typedef [public] struct { + uint32 num_sids; + [size_is(num_sids)] dom_sid sids[*]; + auth_user_info *info; + DATA_BLOB user_session_key; + DATA_BLOB lm_session_key; + } auth_user_info_dc; + + typedef [public] struct { + security_token *security_token; + auth_user_info *info; + DATA_BLOB session_key; + DATA_BLOB exported_gssapi_credentials; + } auth_session_info_transport; +} diff --git a/librpc/idl/wscript_build b/librpc/idl/wscript_build index 6fdd5f3bd7..52476c4192 100644 --- a/librpc/idl/wscript_build +++ b/librpc/idl/wscript_build @@ -1,7 +1,7 @@ #!/usr/bin/env python bld.SAMBA_PIDL_LIST('PIDL', - '''atsvc.idl drsuapi.idl epmapper.idl initshutdown.idl + '''atsvc.idl auth.idl drsuapi.idl epmapper.idl initshutdown.idl misc.idl ntlmssp.idl schannel.idl trkwks.idl audiosrv.idl dfsblobs.idl dsbackup.idl eventlog.idl file_id.idl keysvc.idl msgsvc.idl ntsvcs.idl remact.idl security.idl unixinfo.idl wzcsvc.idl diff --git a/source4/auth/auth.h b/source4/auth/auth.h index 21790c4d5c..0699ddb11d 100644 --- a/source4/auth/auth.h +++ b/source4/auth/auth.h @@ -22,6 +22,7 @@ #define _SAMBA_AUTH_H #include "librpc/gen_ndr/ndr_krb5pac.h" +#include "librpc/gen_ndr/auth.h" #include "../auth/common_auth.h" extern const char *krbtgt_attrs[]; |