sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Code
693781db89
samba-mirror/librpc/idl/auth.idl
Andrew Bartlett 6622821063 s3-auth Remove seperate guest boolean 
Instead, we base our guest calculations on the presence or absense of the
authenticated users group in the token, ensuring that we have only
one canonical source of this important piece of authorization data

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:14 +10:00

119 lines
3.5 KiB
Plaintext
Raw Blame History

#include "idl_types.h"
/*
Authentication IDL structures
These are NOT public network structures, but it is helpful to define
these things in IDL. They may change without ABI breakage or
warning.
*/
import "misc.idl", "security.idl", "lsa.idl", "krb5pac.idl";
[
pyhelper("librpc/ndr/py_auth.c"),
helper("../librpc/ndr/ndr_auth.h"),
helpstring("internal Samba authentication structures")
]
interface auth
{
typedef [public] enum {
SEC_AUTH_METHOD_UNAUTHENTICATED = 0,
SEC_AUTH_METHOD_NTLM = 1,
SEC_AUTH_METHOD_KERBEROS = 2
} auth_method;
/* This is the parts of the session_info that don't change
* during local privilage and group manipulations */
typedef [public] struct {
[unique,charset(UTF8),string] char *account_name;
[unique,charset(UTF8),string] char *domain_name;
[unique,charset(UTF8),string] char *full_name;
[unique,charset(UTF8),string] char *logon_script;
[unique,charset(UTF8),string] char *profile_path;
[unique,charset(UTF8),string] char *home_directory;
[unique,charset(UTF8),string] char *home_drive;
[unique,charset(UTF8),string] char *logon_server;
NTTIME last_logon;
NTTIME last_logoff;
NTTIME acct_expiry;
NTTIME last_password_change;
NTTIME allow_password_change;
NTTIME force_password_change;
uint16 logon_count;
uint16 bad_password_count;
uint32 acct_flags;
uint8 authenticated;
} auth_user_info;
/* This information is preserved only to assist torture tests */
typedef [public] struct {
/* Number SIDs from the DC netlogon validation info */
uint32 num_dc_sids;
[size_is(num_dc_sids)] dom_sid dc_sids[*];
PAC_SIGNATURE_DATA *pac_srv_sig;
PAC_SIGNATURE_DATA *pac_kdc_sig;
} auth_user_info_torture;
typedef [public] struct {
/* These match exactly the values from the
* auth_serversupplied_info, but should be changed to
* checks involving just the SIDs */
boolean8 system;
[unique,charset(UTF8),string] char *unix_name;
/*
* For performance reasons we keep an alpha_strcpy-sanitized version
* of the username around as long as the global variable current_user
* still exists. If we did not do keep this, we'd have to call
* alpha_strcpy whenever we do a become_user(), potentially on every
* smb request. See set_current_user_info in source3.
*/
[unique,charset(UTF8),string] char *sanitized_username;
} auth_user_info_unix;
/* This is the interim product of the auth subsystem, before
* privileges and local groups are handled */
typedef [public] struct {
uint32 num_sids;
[size_is(num_sids)] dom_sid sids[*];
auth_user_info *info;
DATA_BLOB user_session_key;
DATA_BLOB lm_session_key;
} auth_user_info_dc;
typedef [public] struct {
security_token *security_token;
security_unix_token *unix_token;
auth_user_info *info;
auth_user_info_unix *unix_info;
[value(NULL), ignore] auth_user_info_torture *torture;
/* This is the final session key, as used by SMB signing, and
* (truncated to 16 bytes) encryption on the SAMR and LSA pipes
* when over ncacn_np.
* It is calculated by NTLMSSP from the session key in the info3,
* and is set from the Kerberos session key using
* krb5_auth_con_getremotesubkey().
*
* Bottom line, it is not the same as the session keys in info3.
*/
DATA_BLOB session_key;
[value(NULL), ignore] cli_credentials *credentials;
} auth_session_info;
typedef [public] struct {
auth_session_info *session_info;
DATA_BLOB exported_gssapi_credentials;
} auth_session_info_transport;
}
View Git Blame Copy Permalink