s4-auth Add auth.idl to encode auth subsystem structures in IDL

This is not only a useful way to encode stuff, it also allows python
to handle the structures, and natrually allows them to be NDR encoded.

Andrew Bartlett

librpc/idl/auth.idl

@@ -0,0 +1,70 @@
+#include "idl_types.h"
+
+/*
+  security IDL structures
+*/
+
+import "misc.idl", "security.idl", "lsa.idl", "krb5pac.idl";
+
+interface auth
+{
+	typedef [public] enum {
+		SEC_AUTH_METHOD_UNAUTHENTICATED = 0,
+		SEC_AUTH_METHOD_NTLM            = 1,
+		SEC_AUTH_METHOD_KERBEROS        = 2
+	} auth_method;
+
+	/* This is the parts of the session_info that don't change
+	 * during local privilage and group manipulations */
+	typedef [public] struct {
+		utf8string account_name;
+		utf8string domain_name;
+
+		utf8string full_name;
+		utf8string logon_script;
+		utf8string profile_path;
+		utf8string home_directory;
+		utf8string home_drive;
+		utf8string logon_server;
+
+		NTTIME last_logon;
+		NTTIME last_logoff;
+		NTTIME acct_expiry;
+		NTTIME last_password_change;
+		NTTIME allow_password_change;
+		NTTIME force_password_change;
+
+		uint16 logon_count;
+		uint16 bad_password_count;
+
+		uint32 acct_flags;
+
+		uint8 authenticated;
+	} auth_user_info;
+
+	/* This information is preserved only to assist torture tests */
+	typedef [public] struct {
+		/* Number SIDs from the DC netlogon validation info */
+		uint32 num_dc_sids;
+		[size_is(num_sids)] dom_sid dc_sids[*];
+		PAC_SIGNATURE_DATA *pac_srv_sig;
+		PAC_SIGNATURE_DATA *pac_kdc_sig;
+	} auth_user_info_torture;
+
+	/* This is the interim product of the auth subsystem, before
+	 * privileges and local groups are handled */
+	typedef [public] struct {
+		uint32 num_sids;
+		[size_is(num_sids)] dom_sid sids[*];
+		auth_user_info *info;
+		DATA_BLOB user_session_key;
+		DATA_BLOB lm_session_key;
+	} auth_user_info_dc;
+
+	typedef [public] struct {
+		security_token *security_token;
+		auth_user_info *info;
+		DATA_BLOB session_key;
+		DATA_BLOB exported_gssapi_credentials;
+	} auth_session_info_transport;
+}

librpc/idl/wscript_build

@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 bld.SAMBA_PIDL_LIST('PIDL',
-                    '''atsvc.idl drsuapi.idl epmapper.idl initshutdown.idl
+                    '''atsvc.idl auth.idl drsuapi.idl epmapper.idl initshutdown.idl
                        misc.idl ntlmssp.idl schannel.idl trkwks.idl
                        audiosrv.idl dfsblobs.idl dsbackup.idl eventlog.idl file_id.idl keysvc.idl
                        msgsvc.idl ntsvcs.idl remact.idl security.idl unixinfo.idl wzcsvc.idl

source4/auth/auth.h

@@ -22,6 +22,7 @@
 #define _SAMBA_AUTH_H
 
 #include "librpc/gen_ndr/ndr_krb5pac.h"
+#include "librpc/gen_ndr/auth.h"
 #include "../auth/common_auth.h"
 
 extern const char *krbtgt_attrs[];