From 2a5ac56742db2830a3c8e644d3f0e2681f58c4ac Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 11 Feb 2011 18:47:21 +1100 Subject: librpc/idl Add helper structures for use by samba3 in auth_session_info The unix info and in particular unix token needs to be preserved into the struct auth_session_info. Andrew Bartlett --- librpc/idl/auth.idl | 15 +++++++++++++++ librpc/idl/security.idl | 8 ++++++++ 2 files changed, 23 insertions(+) (limited to 'librpc') diff --git a/librpc/idl/auth.idl b/librpc/idl/auth.idl index 6b2cb56eea..7b4556a6d7 100644 --- a/librpc/idl/auth.idl +++ b/librpc/idl/auth.idl @@ -51,6 +51,19 @@ interface auth PAC_SIGNATURE_DATA *pac_kdc_sig; } auth_user_info_torture; + typedef [public] struct { + utf8string unix_name; + + /* + * For performance reasons we keep an alpha_strcpy-sanitized version + * of the username around as long as the global variable current_user + * still exists. If we did not do keep this, we'd have to call + * alpha_strcpy whenever we do a become_user(), potentially on every + * smb request. See set_current_user_info in source3. + */ + utf8string sanitized_username; + } auth_user_info_unix; + /* This is the interim product of the auth subsystem, before * privileges and local groups are handled */ typedef [public] struct { @@ -63,7 +76,9 @@ interface auth typedef [public] struct { security_token *security_token; + security_unix_token *unix_token; auth_user_info *info; + auth_user_info_unix *unix_info; DATA_BLOB session_key; DATA_BLOB exported_gssapi_credentials; } auth_session_info_transport; diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl index 266af49caa..2f633ab0ef 100644 --- a/librpc/idl/security.idl +++ b/librpc/idl/security.idl @@ -577,6 +577,14 @@ interface security lsa_SystemAccessModeFlags rights_mask; } security_token; + /* This is not yet sent over the network, but is simply defined in IDL */ + typedef [public] struct { + uid_t uid; + uid_t gid; + uint32 ngroups; + [size_is(ngroups)] gid_t groups[*]; + } security_unix_token; + /* bits that determine which parts of a security descriptor are being queried/set */ typedef [public,bitmap32bit] bitmap { -- cgit