7b4556a6d7293bd2c9c9e9947e6e0a3a8a48f61f
[samba.git] / librpc / idl / auth.idl
1 #include "idl_types.h"
2
3 /*
4   security IDL structures
5 */
6
7 import "misc.idl", "security.idl", "lsa.idl", "krb5pac.idl";
8
9 interface auth
10 {
11         typedef [public] enum {
12                 SEC_AUTH_METHOD_UNAUTHENTICATED = 0,
13                 SEC_AUTH_METHOD_NTLM            = 1,
14                 SEC_AUTH_METHOD_KERBEROS        = 2
15         } auth_method;
16
17         /* This is the parts of the session_info that don't change
18          * during local privilage and group manipulations */
19         typedef [public] struct {
20                 utf8string account_name;
21                 utf8string domain_name;
22
23                 utf8string full_name;
24                 utf8string logon_script;
25                 utf8string profile_path;
26                 utf8string home_directory;
27                 utf8string home_drive;
28                 utf8string logon_server;
29
30                 NTTIME last_logon;
31                 NTTIME last_logoff;
32                 NTTIME acct_expiry;
33                 NTTIME last_password_change;
34                 NTTIME allow_password_change;
35                 NTTIME force_password_change;
36
37                 uint16 logon_count;
38                 uint16 bad_password_count;
39
40                 uint32 acct_flags;
41
42                 uint8 authenticated;
43         } auth_user_info;
44
45         /* This information is preserved only to assist torture tests */
46         typedef [public] struct {
47                 /* Number SIDs from the DC netlogon validation info */
48                 uint32 num_dc_sids;
49                 [size_is(num_dc_sids)] dom_sid dc_sids[*];
50                 PAC_SIGNATURE_DATA *pac_srv_sig;
51                 PAC_SIGNATURE_DATA *pac_kdc_sig;
52         } auth_user_info_torture;
53
54         typedef [public] struct {
55                 utf8string unix_name;
56
57                 /*
58                  * For performance reasons we keep an alpha_strcpy-sanitized version
59                  * of the username around as long as the global variable current_user
60                  * still exists. If we did not do keep this, we'd have to call
61                  * alpha_strcpy whenever we do a become_user(), potentially on every
62                  * smb request. See set_current_user_info in source3.
63                  */
64                 utf8string sanitized_username;
65         } auth_user_info_unix;
66
67         /* This is the interim product of the auth subsystem, before
68          * privileges and local groups are handled */
69         typedef [public] struct {
70                 uint32 num_sids;
71                 [size_is(num_sids)] dom_sid sids[*];
72                 auth_user_info *info;
73                 DATA_BLOB user_session_key;
74                 DATA_BLOB lm_session_key;
75         } auth_user_info_dc;
76
77         typedef [public] struct {
78                 security_token *security_token;
79                 security_unix_token *unix_token;
80                 auth_user_info *info;
81                 auth_user_info_unix *unix_info;
82                 DATA_BLOB session_key;
83                 DATA_BLOB exported_gssapi_credentials;
84         } auth_session_info_transport;
85 }