lib: Annotate well known SID names

[metze/samba/wip.git] / librpc / idl / security.idl

diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index 381d6e5632efb8c8d9bc30048efc909159528af3..5930f448955a4f7c1470977c65094566773acb81 100644 (file)
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -278,6 +278,10 @@ interface security
        const string SID_BUILTIN_EVENT_LOG_READERS      = "S-1-5-32-573";
        const string SID_BUILTIN_CERT_SERV_DCOM_ACCESS  = "S-1-5-32-574";
 
+       /* UID/GID mapping Samba style */
+       const string SID_SAMBA_UNIX_USER_OWNER          = "S-1-22-1";
+       const string SID_SAMBA_UNIX_GROUP_OWNER         = "S-1-22-2";
+
        /* SECURITY_NT_SERVICE */
        const string NAME_NT_SERVICE            = "NT SERVICE";
 
@@ -285,6 +289,18 @@ interface security
        const string SID_NT_TRUSTED_INSTALLER =
                "S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464";
 
+       const string SID_AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY = "S-1-18-1";
+       const string SID_SERVICE_ASSERTED_IDENTITY = "S-1-18-2";
+
+       /*
+        * http://technet.microsoft.com/en-us/library/hh509017(v=ws.10).aspx
+        */
+       const string SID_NT_NFS_SUBSYSTEM         = "S-1-5-88";
+       const string SID_NT_NFS_USER              = "S-1-5-88-1";
+       const string SID_NT_NFS_GROUP             = "S-1-5-88-2";
+       const string SID_NT_NFS_MASK              = "S-1-5-88-3";
+       const string SID_NT_NFS_OTHERS            = "S-1-5-88-4";
+
        /* well-known domain RIDs */
        const int DOMAIN_RID_LOGON                   = 9;
        const int DOMAIN_RID_ENTERPRISE_READONLY_DCS = 498;
@@ -630,12 +646,46 @@ interface security
                SECINFO_PROTECTED_DACL       = 0x80000000
        } security_secinfo;
 
+       /*
+        * a SMB server should only support the following flags
+        * and ignore all others.
+        *
+        * See AdditionalInformation in [MS-SMB2] 2.2.37 SMB2 QUERY_INFO Request
+        * and 2.2.39 SMB2 SET_INFO Request.
+        */
+       const int SMB_SUPPORTED_SECINFO_FLAGS = (
+               SECINFO_OWNER           |
+               SECINFO_GROUP           |
+               SECINFO_DACL            |
+               SECINFO_SACL            |
+               SECINFO_LABEL           |
+               SECINFO_ATTRIBUTE       |
+               SECINFO_SCOPE           |
+               SECINFO_BACKUP          |
+               0);
+
+       /*
+        * See [MS-KILE] 2.2.5 LSAP_TOKEN_INFO_INTEGRITY
+        */
+       typedef [public,gensize,flag(NDR_PAHEX)] struct {
+               uint32 Flags;
+               uint32 TokenIL;
+               uint8 MachineId[32];
+       } LSAP_TOKEN_INFO_INTEGRITY;
+
+       /*
+        * See [MS-KILE] 2.2.6 Supported Encryption Types Bit Flags
+        */
        typedef [public,bitmap32bit] bitmap {
                KERB_ENCTYPE_DES_CBC_CRC             = 0x00000001,
                KERB_ENCTYPE_DES_CBC_MD5             = 0x00000002,
                KERB_ENCTYPE_RC4_HMAC_MD5            = 0x00000004,
                KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 = 0x00000008,
-               KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 = 0x00000010
+               KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 = 0x00000010,
+               KERB_ENCTYPE_FAST_SUPPORTED          = 0x00010000,
+               KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED = 0x00020000,
+               KERB_ENCTYPE_CLAIMS_SUPPORTED        = 0x00040000,
+               KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED = 0x00080000
        } kerb_EncTypes;
 
        typedef [public,bitmap32bit] bitmap {
@@ -656,14 +706,22 @@ interface security
        const string GUID_DRS_CHANGE_RID_MASTER       = "d58d5f36-0a98-11d1-adbb-00c04fd8d5cd";
        const string GUID_DRS_CHANGE_SCHEMA_MASTER    = "e12b56b6-0a95-11d1-adbb-00c04fd8d5cd";
        const string GUID_DRS_GET_CHANGES             = "1131f6aa-9c07-11d1-f79f-00c04fc2dcd2";
+       const string GUID_DRS_REPL_SYNCRONIZE         = "1131f6ab-9c07-11d1-f79f-00c04fc2dcd2";
+       const string GUID_DRS_MANAGE_TOPOLOGY         = "1131f6ac-9c07-11d1-f79f-00c04fc2dcd2";
        const string GUID_DRS_GET_ALL_CHANGES         = "1131f6ad-9c07-11d1-f79f-00c04fc2dcd2";
+       const string GUID_DRS_RO_REPL_SECRET_SYNC     = "1131f6ae-9c07-11d1-f79f-00c04fc2dcd2";
        const string GUID_DRS_GET_FILTERED_ATTRIBUTES = "89e95b76-444d-4c62-991a-0facbeda640c";
-       const string GUID_DRS_MANAGE_TOPOLOGY         = "1131f6ac-9c07-11d1-f79f-00c04fc2dcd2";
        const string GUID_DRS_MONITOR_TOPOLOGY        = "f98340fb-7c5b-4cdb-a00b-2ebdfa115a96";
-       const string GUID_DRS_REPL_SYNCRONIZE         = "1131f6ab-9c07-11d1-f79f-00c04fc2dcd2";
-       const string GUID_DRS_RO_REPL_SECRET_SYNC     = "1131f6ae-9c07-11d1-f79f-00c04fc2dcd2";
        const string GUID_DRS_USER_CHANGE_PASSWORD    = "ab721a53-1e2f-11d0-9819-00aa0040529b";
        const string GUID_DRS_FORCE_CHANGE_PASSWORD   = "00299570-246d-11d0-a768-00aa006e0529";
+        const string GUID_DRS_UPDATE_PASSWORD_NOT_REQUIRED_BIT
+                                                     = "280f369c-67c7-438e-ae98-1d46f3c6f541";
+        const string GUID_DRS_UNEXPIRE_PASSWORD       = "ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501";
+        const string GUID_DRS_ENABLE_PER_USER_REVERSIBLY_ENCRYPTED_PASSWORD
+                                                     = "05c74c5e-4deb-43b4-bd9f-86664c2a7fd5";
+        const string GUID_DRS_DS_INSTALL_REPLICA      = "9923a32a-3607-11d2-b9be-0000f87a36b2";
+       const string GUID_DRS_REANIMATE_TOMBSTONE     = "45ec5156-db7e-47bb-b53f-dbeb2d03c40f";
+
 
        /***************************************************************/
        /* validated writes guids */