r5850: enable parsing of revision 4 security acl's

metze
(This used to be commit 2a6a075c7da2da7bb62fb42936252717bb9d0593)

diff --git a/source4/librpc/idl/drsuapi.idl b/source4/librpc/idl/drsuapi.idl
index 50706a17391c9d1defd5a7ec6843132a096880a9..ab88fdfc511e829bfa58fa40fde04fdfd83f4905 100644 (file)
--- a/source4/librpc/idl/drsuapi.idl
+++ b/source4/librpc/idl/drsuapi.idl
@@ -384,9 +384,7 @@ interface drsuapi
                [case(DRSUAPI_ATTRIBUTE_objectSid)] drsuapi_DsAttributeValueCtrSID sid;
 
                /* SecurityDescriptor */
-               /* we can't parse some ads specific security_descriptors yet
                [case(DRSUAPI_ATTRIBUTE_ntSecurityDescriptor)] drsuapi_DsAttributeValueCtrSecurityDescriptor security_descriptor;
-               */
 
                /* UnicodeString */
                [case(DRSUAPI_ATTRIBUTE_description)]           drsuapi_DsAttributeValueCtrUnicodeString unicode_string;

diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl
index 691dd1d063de10b519738f209df0c32ae96cbbd7..99afcc386c302148cb9fda198878d42dc3130c0a 100644 (file)
--- a/source4/librpc/idl/security.idl
+++ b/source4/librpc/idl/security.idl
@@ -214,28 +214,55 @@ interface security
                SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT        = 8
        } security_ace_type;
 
+       typedef bitmap {
+               SEC_ACE_OBJECT_TYPE_PRESENT             = 0x00000001,
+               SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT   = 0x00000002
+       } security_ace_object_flags;
+
+       typedef [nodiscriminant] union {
+               /* this is the 'schemaIDGUID' attribute of the attribute object in the schema naming context */
+               [case(SEC_ACE_OBJECT_TYPE_PRESENT)] GUID type;
+               [default];
+       } security_ace_object_type;
+
+       typedef [nodiscriminant] union {
+               /* this is the 'schemaIDGUID' attribute of the objectclass object in the schema naming context
+                * (of the parent container)
+                */
+               [case(SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT)] GUID inherited_type;
+               [default];
+       } security_ace_object_inherited_type;
+
+       typedef struct {
+               security_ace_object_flags flags;
+               [switch_is(flags & SEC_ACE_OBJECT_TYPE_PRESENT)] security_ace_object_type type;
+               [switch_is(flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT)] security_ace_object_inherited_type inherited_type;
+       } security_ace_object;
+
+       typedef [nodiscriminant] union {
+               [case(SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT)] security_ace_object object;
+               [case(SEC_ACE_TYPE_ACCESS_DENIED_OBJECT)] security_ace_object object;
+               [case(SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT)] security_ace_object object;
+               [case(SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT)] security_ace_object object;
+               [default];
+       } security_ace_object_ctr;
+
        typedef [public] struct {
                security_ace_type type;  /* SEC_ACE_TYPE_* */
                security_ace_flags flags; /* SEC_ACE_FLAG_* */
                [value(ndr_size_security_ace(r))] uint16 size;
                uint32 access_mask;
-
-#if 0
-               /* the 'obj' part is present when type is XXXX_TYPE_XXXX_OBJECT */
-               struct {
-                       uint32 flags;
-                       GUID object_guid;
-                       GUID inherit_guid;
-               } *obj;
-#endif
-
+               [switch_is(type)] security_ace_object_ctr object;
                dom_sid trustee;
        } security_ace;
 
        typedef enum {
-               NT4_ACL_REVISION  = 2
+               SECURITY_ACL_REVISION_NT4       = 2,
+               SECURITY_ACL_REVISION_ADS       = 4
        } security_acl_revision;
 
+       const uint NT4_ACL_REVISION     = SECURITY_ACL_REVISION_NT4;
+
        typedef [public] struct {
                security_acl_revision revision;
                [value(ndr_size_security_acl(r))] uint16 size;
@@ -245,10 +272,10 @@ interface security
 
        /* default revision for new ACLs */
        typedef [enum8bit] enum {
-               SEC_DESC_REVISION_1 = 1
+               SECURITY_DESCRIPTOR_REVISION_1 = 1
        } security_descriptor_revision;
 
-       const int SD_REVISION                    = SEC_DESC_REVISION_1;
+       const int SD_REVISION                    = SECURITY_DESCRIPTOR_REVISION_1;
 
        /* security_descriptor->type bits */
        typedef [bitmap16bit] bitmap {
@@ -277,7 +304,6 @@ interface security
        const int SECINFO_DACL                 = 0x00000004;
        const int SECINFO_SACL                 = 0x00000008;
 
-
        typedef [public,flag(NDR_LITTLE_ENDIAN)] struct {
                security_descriptor_revision revision;
                security_descriptor_type type;     /* SEC_DESC_xxxx flags */