#include "idl_types.h"

/*
  security IDL structures
*/

import "misc.idl", "security.idl", "lsa.idl", "krb5pac.idl";

interface auth
{
	typedef [public] enum {
		SEC_AUTH_METHOD_UNAUTHENTICATED = 0,
		SEC_AUTH_METHOD_NTLM            = 1,
		SEC_AUTH_METHOD_KERBEROS        = 2
	} auth_method;

	/* This is the parts of the session_info that don't change
	 * during local privilage and group manipulations */
	typedef [public] struct {
		utf8string account_name;
		utf8string domain_name;

		utf8string full_name;
		utf8string logon_script;
		utf8string profile_path;
		utf8string home_directory;
		utf8string home_drive;
		utf8string logon_server;

		NTTIME last_logon;
		NTTIME last_logoff;
		NTTIME acct_expiry;
		NTTIME last_password_change;
		NTTIME allow_password_change;
		NTTIME force_password_change;

		uint16 logon_count;
		uint16 bad_password_count;

		uint32 acct_flags;

		uint8 authenticated;
	} auth_user_info;

	/* This information is preserved only to assist torture tests */
	typedef [public] struct {
		/* Number SIDs from the DC netlogon validation info */
		uint32 num_dc_sids;
		[size_is(num_dc_sids)] dom_sid dc_sids[*];
		PAC_SIGNATURE_DATA *pac_srv_sig;
		PAC_SIGNATURE_DATA *pac_kdc_sig;
	} auth_user_info_torture;

	/* This is the interim product of the auth subsystem, before
	 * privileges and local groups are handled */
	typedef [public] struct {
		uint32 num_sids;
		[size_is(num_sids)] dom_sid sids[*];
		auth_user_info *info;
		DATA_BLOB user_session_key;
		DATA_BLOB lm_session_key;
	} auth_user_info_dc;

	typedef [public] struct {
		security_token *security_token;
		auth_user_info *info;
		DATA_BLOB session_key;
		DATA_BLOB exported_gssapi_credentials;
	} auth_session_info_transport;
}