auth.idl: Add auth_SidAttr type

This type incorporates, alongside a SID, a group attributes member, through which attributes from a PAC or the AD database can be conveyed into the completed PAC. A useful benefit this provides is the ability to distinguish and exclude domain-local groups, which only belong in service tickets, from the PAC of a TGT. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
author: Joseph Sutton <josephsutton@catalyst.net.nz> 2022-09-27 15:12:19 +1300
committer: Andrew Bartlett <abartlet@samba.org> 2023-02-08 00:03:39 +0000
commit: c0011bcdc8dbe6495180268a13b95d1f5b64f525 (patch)
tree: 15d0fa6287a21f2bc99b96c67a7a44b9cf69430a /librpc
parent: 2debc39400118754eaf402def73dd4e9008f0f21 (diff)
download: samba-c0011bcdc8dbe6495180268a13b95d1f5b64f525.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/librpc/idl/auth.idl b/librpc/idl/auth.idl
index 59ed2c3c5ea..6d95fe84e93 100644
--- a/librpc/idl/auth.idl
+++ b/librpc/idl/auth.idl
@@ -95,6 +95,11 @@ interface auth
 		TICKET_TYPE_NON_TGT = 2
 	} ticket_type;
 
+	typedef [public] struct {
+		dom_sid sid;
+		security_GroupAttrs attrs;
+	} auth_SidAttr;
+
 	/* This is the interim product of the auth subsystem, before
 	 * privileges and local groups are handled */
 	typedef [public] struct {
author	Joseph Sutton <josephsutton@catalyst.net.nz>	2022-09-27 15:12:19 +1300
committer	Andrew Bartlett <abartlet@samba.org>	2023-02-08 00:03:39 +0000
commit	c0011bcdc8dbe6495180268a13b95d1f5b64f525 (patch)
tree	15d0fa6287a21f2bc99b96c67a7a44b9cf69430a /librpc
parent	2debc39400118754eaf402def73dd4e9008f0f21 (diff)
download	samba-c0011bcdc8dbe6495180268a13b95d1f5b64f525.tar.gz