2 files changed, 23 insertions, 0 deletions

diff --git a/librpc/idl/auth.idl b/librpc/idl/auth.idl
index 6b2cb56eea..7b4556a6d7 100644
--- a/librpc/idl/auth.idl
+++ b/librpc/idl/auth.idl
@@ -51,6 +51,19 @@ interface auth
 		PAC_SIGNATURE_DATA *pac_kdc_sig;
 	} auth_user_info_torture;
 
+	typedef [public] struct {
+		utf8string unix_name;
+
+		/*
+		 * For performance reasons we keep an alpha_strcpy-sanitized version
+		 * of the username around as long as the global variable current_user
+		 * still exists. If we did not do keep this, we'd have to call
+		 * alpha_strcpy whenever we do a become_user(), potentially on every
+		 * smb request. See set_current_user_info in source3.
+		 */
+		utf8string sanitized_username;
+	} auth_user_info_unix;
+
 	/* This is the interim product of the auth subsystem, before
 	 * privileges and local groups are handled */
 	typedef [public] struct {
@@ -63,7 +76,9 @@ interface auth
 
 	typedef [public] struct {
 		security_token *security_token;
+		security_unix_token *unix_token;
 		auth_user_info *info;
+		auth_user_info_unix *unix_info;
 		DATA_BLOB session_key;
 		DATA_BLOB exported_gssapi_credentials;
 	} auth_session_info_transport;
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index 266af49caa..2f633ab0ef 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -577,6 +577,14 @@ interface security
 		lsa_SystemAccessModeFlags rights_mask;
 	} security_token;
 
+	/* This is not yet sent over the network, but is simply defined in IDL */
+	typedef [public] struct {
+		uid_t uid;
+		uid_t gid;
+		uint32 ngroups;
+		[size_is(ngroups)] gid_t groups[*];
+	} security_unix_token;
+
 	/* bits that determine which parts of a security descriptor
 	   are being queried/set */
 	typedef [public,bitmap32bit] bitmap {