security IDL structures
*/
+import "misc.idl";
+
+/*
+ use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really
+ just a dom sid, but with the sub_auths represented as a conformant
+ array. As with all in-structure conformant arrays, the array length
+ is placed before the start of the structure. That's what gives rise
+ to the extra num_auths elemenent. We don't want the Samba code to
+ have to bother with such esoteric NDR details, so its easier to just
+ define it as a dom_sid and use pidl magic to make it all work. It
+ just means you need to mark a sid as a "dom_sid2" in the IDL when you
+ know it is of the conformant array variety
+*/
+cpp_quote("#define dom_sid2 dom_sid")
+
+/* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */
+cpp_quote("#define dom_sid28 dom_sid")
+
+/* same struct as dom_sid but in a variable byte buffer, which is maybe empty in NDR */
+cpp_quote("#define dom_sid0 dom_sid")
+
[
- pointer_default(unique),
- depends(misc,security)
+ pointer_default(unique)
]
interface security
{
const string SID_NULL = "S-1-0-0";
/* the world domain */
+ const string NAME_WORLD = "WORLD";
+
const string SID_WORLD_DOMAIN = "S-1-1";
const string SID_WORLD = "S-1-1-0";
const string SID_CREATOR_GROUP = "S-1-3-1";
/* SECURITY_NT_AUTHORITY */
+ const string NAME_NT_AUTHORITY = "NT AUTHORITY";
+
const string SID_NT_AUTHORITY = "S-1-5";
const string SID_NT_DIALUP = "S-1-5-1";
const string SID_NT_NETWORK = "S-1-5-2";
const string SID_NT_NETWORK_SERVICE = "S-1-5-20";
/* SECURITY_BUILTIN_DOMAIN_RID */
+ const string NAME_BUILTIN = "BUILTIN";
+
const string SID_BUILTIN = "S-1-5-32";
const string SID_BUILTIN_ADMINISTRATORS = "S-1-5-32-544";
const string SID_BUILTIN_USERS = "S-1-5-32-545";
const int DOMAIN_RID_GUEST = 501;
const int DOMAIN_RID_ADMINS = 512;
const int DOMAIN_RID_USERS = 513;
+ const int DOMAIN_RID_DOMAIN_MEMBERS = 515;
const int DOMAIN_RID_DCS = 516;
const int DOMAIN_RID_CERT_ADMINS = 517;
const int DOMAIN_RID_SCHEMA_ADMINS = 518;
SEC_PRIV_REMOTE_INTERACTIVE_LOGON = 24
} sec_privilege;
-
- /* a domain SID. Note that unlike Samba3 this contains a pointer,
- so you can't copy them using assignment */
- typedef [public,gensize,noprint,noejs,nosize] struct {
- uint8 sid_rev_num; /**< SID revision number */
- [range(0,15)] int8 num_auths; /**< Number of sub-authorities */
- uint8 id_auth[6]; /**< Identifier Authority */
- uint32 sub_auths[num_auths];
- } dom_sid;
-
typedef [bitmap8bit] bitmap {
SEC_ACE_FLAG_OBJECT_INHERIT = 0x01,
SEC_ACE_FLAG_CONTAINER_INHERIT = 0x02,
SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT = 8
} security_ace_type;
- typedef bitmap {
+ typedef [bitmap32bit] bitmap {
SEC_ACE_OBJECT_TYPE_PRESENT = 0x00000001,
SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT = 0x00000002
} security_ace_object_flags;
git.samba.org / kai / samba-autobuild / .git / blobdiff