blob: 7b4556a6d7293bd2c9c9e9947e6e0a3a8a48f61f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
#include "idl_types.h"
/*
security IDL structures
*/
import "misc.idl", "security.idl", "lsa.idl", "krb5pac.idl";
interface auth
{
typedef [public] enum {
SEC_AUTH_METHOD_UNAUTHENTICATED = 0,
SEC_AUTH_METHOD_NTLM = 1,
SEC_AUTH_METHOD_KERBEROS = 2
} auth_method;
/* This is the parts of the session_info that don't change
* during local privilage and group manipulations */
typedef [public] struct {
utf8string account_name;
utf8string domain_name;
utf8string full_name;
utf8string logon_script;
utf8string profile_path;
utf8string home_directory;
utf8string home_drive;
utf8string logon_server;
NTTIME last_logon;
NTTIME last_logoff;
NTTIME acct_expiry;
NTTIME last_password_change;
NTTIME allow_password_change;
NTTIME force_password_change;
uint16 logon_count;
uint16 bad_password_count;
uint32 acct_flags;
uint8 authenticated;
} auth_user_info;
/* This information is preserved only to assist torture tests */
typedef [public] struct {
/* Number SIDs from the DC netlogon validation info */
uint32 num_dc_sids;
[size_is(num_dc_sids)] dom_sid dc_sids[*];
PAC_SIGNATURE_DATA *pac_srv_sig;
PAC_SIGNATURE_DATA *pac_kdc_sig;
} auth_user_info_torture;
typedef [public] struct {
utf8string unix_name;
/*
* For performance reasons we keep an alpha_strcpy-sanitized version
* of the username around as long as the global variable current_user
* still exists. If we did not do keep this, we'd have to call
* alpha_strcpy whenever we do a become_user(), potentially on every
* smb request. See set_current_user_info in source3.
*/
utf8string sanitized_username;
} auth_user_info_unix;
/* This is the interim product of the auth subsystem, before
* privileges and local groups are handled */
typedef [public] struct {
uint32 num_sids;
[size_is(num_sids)] dom_sid sids[*];
auth_user_info *info;
DATA_BLOB user_session_key;
DATA_BLOB lm_session_key;
} auth_user_info_dc;
typedef [public] struct {
security_token *security_token;
security_unix_token *unix_token;
auth_user_info *info;
auth_user_info_unix *unix_info;
DATA_BLOB session_key;
DATA_BLOB exported_gssapi_credentials;
} auth_session_info_transport;
}
|
