| 1 | #include "idl_types.h"
|
|---|
| 2 |
|
|---|
| 3 | /*
|
|---|
| 4 | security IDL structures
|
|---|
| 5 | */
|
|---|
| 6 |
|
|---|
| 7 | import "misc.idl", "security.idl", "lsa.idl", "krb5pac.idl";
|
|---|
| 8 |
|
|---|
| 9 | interface auth
|
|---|
| 10 | {
|
|---|
| 11 | typedef [public] enum {
|
|---|
| 12 | SEC_AUTH_METHOD_UNAUTHENTICATED = 0,
|
|---|
| 13 | SEC_AUTH_METHOD_NTLM = 1,
|
|---|
| 14 | SEC_AUTH_METHOD_KERBEROS = 2
|
|---|
| 15 | } auth_method;
|
|---|
| 16 |
|
|---|
| 17 | /* This is the parts of the session_info that don't change
|
|---|
| 18 | * during local privilage and group manipulations */
|
|---|
| 19 | typedef [public] struct {
|
|---|
| 20 | utf8string account_name;
|
|---|
| 21 | utf8string domain_name;
|
|---|
| 22 |
|
|---|
| 23 | utf8string full_name;
|
|---|
| 24 | utf8string logon_script;
|
|---|
| 25 | utf8string profile_path;
|
|---|
| 26 | utf8string home_directory;
|
|---|
| 27 | utf8string home_drive;
|
|---|
| 28 | utf8string logon_server;
|
|---|
| 29 |
|
|---|
| 30 | NTTIME last_logon;
|
|---|
| 31 | NTTIME last_logoff;
|
|---|
| 32 | NTTIME acct_expiry;
|
|---|
| 33 | NTTIME last_password_change;
|
|---|
| 34 | NTTIME allow_password_change;
|
|---|
| 35 | NTTIME force_password_change;
|
|---|
| 36 |
|
|---|
| 37 | uint16 logon_count;
|
|---|
| 38 | uint16 bad_password_count;
|
|---|
| 39 |
|
|---|
| 40 | uint32 acct_flags;
|
|---|
| 41 |
|
|---|
| 42 | uint8 authenticated;
|
|---|
| 43 | } auth_user_info;
|
|---|
| 44 |
|
|---|
| 45 | /* This information is preserved only to assist torture tests */
|
|---|
| 46 | typedef [public] struct {
|
|---|
| 47 | /* Number SIDs from the DC netlogon validation info */
|
|---|
| 48 | uint32 num_dc_sids;
|
|---|
| 49 | [size_is(num_dc_sids)] dom_sid dc_sids[*];
|
|---|
| 50 | PAC_SIGNATURE_DATA *pac_srv_sig;
|
|---|
| 51 | PAC_SIGNATURE_DATA *pac_kdc_sig;
|
|---|
| 52 | } auth_user_info_torture;
|
|---|
| 53 |
|
|---|
| 54 | typedef [public] struct {
|
|---|
| 55 | utf8string unix_name;
|
|---|
| 56 |
|
|---|
| 57 | /*
|
|---|
| 58 | * For performance reasons we keep an alpha_strcpy-sanitized version
|
|---|
| 59 | * of the username around as long as the global variable current_user
|
|---|
| 60 | * still exists. If we did not do keep this, we'd have to call
|
|---|
| 61 | * alpha_strcpy whenever we do a become_user(), potentially on every
|
|---|
| 62 | * smb request. See set_current_user_info in source3.
|
|---|
| 63 | */
|
|---|
| 64 | utf8string sanitized_username;
|
|---|
| 65 | } auth_user_info_unix;
|
|---|
| 66 |
|
|---|
| 67 | /* This is the interim product of the auth subsystem, before
|
|---|
| 68 | * privileges and local groups are handled */
|
|---|
| 69 | typedef [public] struct {
|
|---|
| 70 | uint32 num_sids;
|
|---|
| 71 | [size_is(num_sids)] dom_sid sids[*];
|
|---|
| 72 | auth_user_info *info;
|
|---|
| 73 | DATA_BLOB user_session_key;
|
|---|
| 74 | DATA_BLOB lm_session_key;
|
|---|
| 75 | } auth_user_info_dc;
|
|---|
| 76 |
|
|---|
| 77 | typedef [public] struct {
|
|---|
| 78 | security_token *security_token;
|
|---|
| 79 | security_unix_token *unix_token;
|
|---|
| 80 | auth_user_info *info;
|
|---|
| 81 | auth_user_info_unix *unix_info;
|
|---|
| 82 | DATA_BLOB session_key;
|
|---|
| 83 | DATA_BLOB exported_gssapi_credentials;
|
|---|
| 84 | } auth_session_info_transport;
|
|---|
| 85 | }
|
|---|
