diff options
Diffstat (limited to 'source3/librpc/idl/security.idl')
| -rw-r--r-- | source3/librpc/idl/security.idl | 40 |
1 files changed, 27 insertions, 13 deletions
diff --git a/source3/librpc/idl/security.idl b/source3/librpc/idl/security.idl index 8a0d36a696..c4c30e9b5a 100644 --- a/source3/librpc/idl/security.idl +++ b/source3/librpc/idl/security.idl @@ -4,9 +4,26 @@ security IDL structures */ +import "misc.idl"; + +/* + use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really + just a dom sid, but with the sub_auths represented as a conformant + array. As with all in-structure conformant arrays, the array length + is placed before the start of the structure. That's what gives rise + to the extra num_auths elemenent. We don't want the Samba code to + have to bother with such esoteric NDR details, so its easier to just + define it as a dom_sid and use pidl magic to make it all work. It + just means you need to mark a sid as a "dom_sid2" in the IDL when you + know it is of the conformant array variety +*/ +cpp_quote("#define dom_sid2 dom_sid") + +/* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */ +cpp_quote("#define dom_sid28 dom_sid") + [ - pointer_default(unique), - depends(misc,security) + pointer_default(unique) ] interface security { @@ -121,6 +138,8 @@ interface security const string SID_NULL = "S-1-0-0"; /* the world domain */ + const string NAME_WORLD = "WORLD"; + const string SID_WORLD_DOMAIN = "S-1-1"; const string SID_WORLD = "S-1-1-0"; @@ -130,6 +149,8 @@ interface security const string SID_CREATOR_GROUP = "S-1-3-1"; /* SECURITY_NT_AUTHORITY */ + const string NAME_NT_AUTHORITY = "NT AUTHORITY"; + const string SID_NT_AUTHORITY = "S-1-5"; const string SID_NT_DIALUP = "S-1-5-1"; const string SID_NT_NETWORK = "S-1-5-2"; @@ -150,6 +171,8 @@ interface security const string SID_NT_NETWORK_SERVICE = "S-1-5-20"; /* SECURITY_BUILTIN_DOMAIN_RID */ + const string NAME_BUILTIN = "BUILTIN"; + const string SID_BUILTIN = "S-1-5-32"; const string SID_BUILTIN_ADMINISTRATORS = "S-1-5-32-544"; const string SID_BUILTIN_USERS = "S-1-5-32-545"; @@ -169,6 +192,7 @@ interface security const int DOMAIN_RID_GUEST = 501; const int DOMAIN_RID_ADMINS = 512; const int DOMAIN_RID_USERS = 513; + const int DOMAIN_RID_DOMAIN_MEMBERS = 515; const int DOMAIN_RID_DCS = 516; const int DOMAIN_RID_CERT_ADMINS = 517; const int DOMAIN_RID_SCHEMA_ADMINS = 518; @@ -206,16 +230,6 @@ interface security SEC_PRIV_REMOTE_INTERACTIVE_LOGON = 24 } sec_privilege; - - /* a domain SID. Note that unlike Samba3 this contains a pointer, - so you can't copy them using assignment */ - typedef [public,gensize,noprint,noejs,nosize] struct { - uint8 sid_rev_num; /**< SID revision number */ - [range(0,15)] int8 num_auths; /**< Number of sub-authorities */ - uint8 id_auth[6]; /**< Identifier Authority */ - uint32 sub_auths[num_auths]; - } dom_sid; - typedef [bitmap8bit] bitmap { SEC_ACE_FLAG_OBJECT_INHERIT = 0x01, SEC_ACE_FLAG_CONTAINER_INHERIT = 0x02, @@ -239,7 +253,7 @@ interface security SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT = 8 } security_ace_type; - typedef bitmap { + typedef [bitmap32bit] bitmap { SEC_ACE_OBJECT_TYPE_PRESENT = 0x00000001, SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT = 0x00000002 } security_ace_object_flags; |