From f1c0e9532d8e3fb0d8942e4d4e1a122429266b16 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 8 Feb 2011 16:39:34 +1100 Subject: s4-auth Add auth.idl to encode auth subsystem structures in IDL This is not only a useful way to encode stuff, it also allows python to handle the structures, and natrually allows them to be NDR encoded. Andrew Bartlett --- librpc/idl/auth.idl | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 librpc/idl/auth.idl (limited to 'librpc/idl/auth.idl') diff --git a/librpc/idl/auth.idl b/librpc/idl/auth.idl new file mode 100644 index 0000000000..525497df72 --- /dev/null +++ b/librpc/idl/auth.idl @@ -0,0 +1,70 @@ +#include "idl_types.h" + +/* + security IDL structures +*/ + +import "misc.idl", "security.idl", "lsa.idl", "krb5pac.idl"; + +interface auth +{ + typedef [public] enum { + SEC_AUTH_METHOD_UNAUTHENTICATED = 0, + SEC_AUTH_METHOD_NTLM = 1, + SEC_AUTH_METHOD_KERBEROS = 2 + } auth_method; + + /* This is the parts of the session_info that don't change + * during local privilage and group manipulations */ + typedef [public] struct { + utf8string account_name; + utf8string domain_name; + + utf8string full_name; + utf8string logon_script; + utf8string profile_path; + utf8string home_directory; + utf8string home_drive; + utf8string logon_server; + + NTTIME last_logon; + NTTIME last_logoff; + NTTIME acct_expiry; + NTTIME last_password_change; + NTTIME allow_password_change; + NTTIME force_password_change; + + uint16 logon_count; + uint16 bad_password_count; + + uint32 acct_flags; + + uint8 authenticated; + } auth_user_info; + + /* This information is preserved only to assist torture tests */ + typedef [public] struct { + /* Number SIDs from the DC netlogon validation info */ + uint32 num_dc_sids; + [size_is(num_sids)] dom_sid dc_sids[*]; + PAC_SIGNATURE_DATA *pac_srv_sig; + PAC_SIGNATURE_DATA *pac_kdc_sig; + } auth_user_info_torture; + + /* This is the interim product of the auth subsystem, before + * privileges and local groups are handled */ + typedef [public] struct { + uint32 num_sids; + [size_is(num_sids)] dom_sid sids[*]; + auth_user_info *info; + DATA_BLOB user_session_key; + DATA_BLOB lm_session_key; + } auth_user_info_dc; + + typedef [public] struct { + security_token *security_token; + auth_user_info *info; + DATA_BLOB session_key; + DATA_BLOB exported_gssapi_credentials; + } auth_session_info_transport; +} -- cgit