s4-auth Add auth.idl to encode auth subsystem structures in IDL

This is not only a useful way to encode stuff, it also allows python
to handle the structures, and natrually allows them to be NDR encoded.

Andrew Bartlett

diff --git a/librpc/idl/auth.idl b/librpc/idl/auth.idl
new file mode 100644 (file)
index 0000000..525497d
--- /dev/null
+++ b/librpc/idl/auth.idl
@@ -0,0 +1,70 @@
+#include "idl_types.h"
+
+/*
+  security IDL structures
+*/
+
+import "misc.idl", "security.idl", "lsa.idl", "krb5pac.idl";
+
+interface auth
+{
+       typedef [public] enum {
+               SEC_AUTH_METHOD_UNAUTHENTICATED = 0,
+               SEC_AUTH_METHOD_NTLM            = 1,
+               SEC_AUTH_METHOD_KERBEROS        = 2
+       } auth_method;
+
+       /* This is the parts of the session_info that don't change
+        * during local privilage and group manipulations */
+       typedef [public] struct {
+               utf8string account_name;
+               utf8string domain_name;
+
+               utf8string full_name;
+               utf8string logon_script;
+               utf8string profile_path;
+               utf8string home_directory;
+               utf8string home_drive;
+               utf8string logon_server;
+
+               NTTIME last_logon;
+               NTTIME last_logoff;
+               NTTIME acct_expiry;
+               NTTIME last_password_change;
+               NTTIME allow_password_change;
+               NTTIME force_password_change;
+
+               uint16 logon_count;
+               uint16 bad_password_count;
+
+               uint32 acct_flags;
+
+               uint8 authenticated;
+       } auth_user_info;
+
+       /* This information is preserved only to assist torture tests */
+       typedef [public] struct {
+               /* Number SIDs from the DC netlogon validation info */
+               uint32 num_dc_sids;
+               [size_is(num_sids)] dom_sid dc_sids[*];
+               PAC_SIGNATURE_DATA *pac_srv_sig;
+               PAC_SIGNATURE_DATA *pac_kdc_sig;
+       } auth_user_info_torture;
+
+       /* This is the interim product of the auth subsystem, before
+        * privileges and local groups are handled */
+       typedef [public] struct {
+               uint32 num_sids;
+               [size_is(num_sids)] dom_sid sids[*];
+               auth_user_info *info;
+               DATA_BLOB user_session_key;
+               DATA_BLOB lm_session_key;
+       } auth_user_info_dc;
+
+       typedef [public] struct {
+               security_token *security_token;
+               auth_user_info *info;
+               DATA_BLOB session_key;
+               DATA_BLOB exported_gssapi_credentials;
+       } auth_session_info_transport;
+}

diff --git a/librpc/idl/wscript_build b/librpc/idl/wscript_build
index 6fdd5f3bd7b471a3c3298d3e57175437ffaef75a..52476c4192e16c6555c05312c2a001e6369fe801 100644 (file)
--- a/librpc/idl/wscript_build
+++ b/librpc/idl/wscript_build
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 bld.SAMBA_PIDL_LIST('PIDL',
-                    '''atsvc.idl drsuapi.idl epmapper.idl initshutdown.idl
+                    '''atsvc.idl auth.idl drsuapi.idl epmapper.idl initshutdown.idl
                        misc.idl ntlmssp.idl schannel.idl trkwks.idl
                        audiosrv.idl dfsblobs.idl dsbackup.idl eventlog.idl file_id.idl keysvc.idl
                        msgsvc.idl ntsvcs.idl remact.idl security.idl unixinfo.idl wzcsvc.idl

diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 21790c4d5cfff9975cd2e169ecfc06272a8b7941..0699ddb11dda3afb22521b644468cd7b2102b89b 100644 (file)
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -22,6 +22,7 @@
 #define _SAMBA_AUTH_H
 
 #include "librpc/gen_ndr/ndr_krb5pac.h"
+#include "librpc/gen_ndr/auth.h"
 #include "../auth/common_auth.h"
 
 extern const char *krbtgt_attrs[];