Implement NETLOGON PAC verfication on the server-side

[metze/samba/wip.git] / source / librpc / idl / irpc.idl

diff --git a/source/librpc/idl/irpc.idl b/source/librpc/idl/irpc.idl
index 2c659aa785002b363f6b5fcd758fa40b0d0d8542..e3ea7e55e1a8770e29edfe6a51616d1e980987f6 100644 (file)
--- a/source/librpc/idl/irpc.idl
+++ b/source/librpc/idl/irpc.idl
@@ -52,6 +52,9 @@ import "misc.idl", "security.idl", "nbt.idl";
                [out,switch_is(level)] nbtd_info info
                );
 
+       /* Send a GetDCName from the privilaged port (owned by nbtd),
+        * and await a reply */
+
        void nbtd_getdcname(
                [in] astring domainname,
                [in] astring ip_address,
@@ -78,6 +81,20 @@ import "misc.idl", "security.idl", "nbt.idl";
                [in] nbtd_proxy_wins_addr addrs[num_addrs]
                );
 
+       /*
+         Generic Kerberos package call (on the NETLOGON pipe, as a SamLogon)
+
+         The normal use for this call is to check the PAC signature in the KDC
+         
+         The KDC has the routines to check this, so it is easier to
+         proxy the request over by IRPC than set up the environment
+        */
+
+       void kdc_check_generic_kerberos(
+               [in] DATA_BLOB generic_request,
+               [out] DATA_BLOB generic_reply
+               );
+
        /******************************************************
          management calls for the smb server
        ******************************************************/