summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2005-03-17 04:24:35 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:11:05 -0500
commit85e0b90cf3de8f9cff68c0fdadd6c9b315d48d37 (patch)
treee9f51c1782be0c794477103488502c389f4d8092
parentc2875e51e85820b5114329f7c338c8de563f838d (diff)
downloadsamba-85e0b90cf3de8f9cff68c0fdadd6c9b315d48d37.tar.gz
samba-85e0b90cf3de8f9cff68c0fdadd6c9b315d48d37.tar.bz2
samba-85e0b90cf3de8f9cff68c0fdadd6c9b315d48d37.zip
r5850: enable parsing of revision 4 security acl's
metze (This used to be commit 2a6a075c7da2da7bb62fb42936252717bb9d0593)
-rw-r--r--source4/librpc/idl/drsuapi.idl2
-rw-r--r--source4/librpc/idl/security.idl54
2 files changed, 40 insertions, 16 deletions
diff --git a/source4/librpc/idl/drsuapi.idl b/source4/librpc/idl/drsuapi.idl
index 50706a1739..ab88fdfc51 100644
--- a/source4/librpc/idl/drsuapi.idl
+++ b/source4/librpc/idl/drsuapi.idl
@@ -384,9 +384,7 @@ interface drsuapi
[case(DRSUAPI_ATTRIBUTE_objectSid)] drsuapi_DsAttributeValueCtrSID sid;
/* SecurityDescriptor */
- /* we can't parse some ads specific security_descriptors yet
[case(DRSUAPI_ATTRIBUTE_ntSecurityDescriptor)] drsuapi_DsAttributeValueCtrSecurityDescriptor security_descriptor;
- */
/* UnicodeString */
[case(DRSUAPI_ATTRIBUTE_description)] drsuapi_DsAttributeValueCtrUnicodeString unicode_string;
diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl
index 691dd1d063..99afcc386c 100644
--- a/source4/librpc/idl/security.idl
+++ b/source4/librpc/idl/security.idl
@@ -214,28 +214,55 @@ interface security
SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT = 8
} security_ace_type;
+ typedef bitmap {
+ SEC_ACE_OBJECT_TYPE_PRESENT = 0x00000001,
+ SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT = 0x00000002
+ } security_ace_object_flags;
+
+ typedef [nodiscriminant] union {
+ /* this is the 'schemaIDGUID' attribute of the attribute object in the schema naming context */
+ [case(SEC_ACE_OBJECT_TYPE_PRESENT)] GUID type;
+ [default];
+ } security_ace_object_type;
+
+ typedef [nodiscriminant] union {
+ /* this is the 'schemaIDGUID' attribute of the objectclass object in the schema naming context
+ * (of the parent container)
+ */
+ [case(SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT)] GUID inherited_type;
+ [default];
+ } security_ace_object_inherited_type;
+
+ typedef struct {
+ security_ace_object_flags flags;
+ [switch_is(flags & SEC_ACE_OBJECT_TYPE_PRESENT)] security_ace_object_type type;
+ [switch_is(flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT)] security_ace_object_inherited_type inherited_type;
+ } security_ace_object;
+
+ typedef [nodiscriminant] union {
+ [case(SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT)] security_ace_object object;
+ [case(SEC_ACE_TYPE_ACCESS_DENIED_OBJECT)] security_ace_object object;
+ [case(SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT)] security_ace_object object;
+ [case(SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT)] security_ace_object object;
+ [default];
+ } security_ace_object_ctr;
+
typedef [public] struct {
security_ace_type type; /* SEC_ACE_TYPE_* */
security_ace_flags flags; /* SEC_ACE_FLAG_* */
[value(ndr_size_security_ace(r))] uint16 size;
uint32 access_mask;
-
-#if 0
- /* the 'obj' part is present when type is XXXX_TYPE_XXXX_OBJECT */
- struct {
- uint32 flags;
- GUID object_guid;
- GUID inherit_guid;
- } *obj;
-#endif
-
+ [switch_is(type)] security_ace_object_ctr object;
dom_sid trustee;
} security_ace;
typedef enum {
- NT4_ACL_REVISION = 2
+ SECURITY_ACL_REVISION_NT4 = 2,
+ SECURITY_ACL_REVISION_ADS = 4
} security_acl_revision;
+ const uint NT4_ACL_REVISION = SECURITY_ACL_REVISION_NT4;
+
typedef [public] struct {
security_acl_revision revision;
[value(ndr_size_security_acl(r))] uint16 size;
@@ -245,10 +272,10 @@ interface security
/* default revision for new ACLs */
typedef [enum8bit] enum {
- SEC_DESC_REVISION_1 = 1
+ SECURITY_DESCRIPTOR_REVISION_1 = 1
} security_descriptor_revision;
- const int SD_REVISION = SEC_DESC_REVISION_1;
+ const int SD_REVISION = SECURITY_DESCRIPTOR_REVISION_1;
/* security_descriptor->type bits */
typedef [bitmap16bit] bitmap {
@@ -277,7 +304,6 @@ interface security
const int SECINFO_DACL = 0x00000004;
const int SECINFO_SACL = 0x00000008;
-
typedef [public,flag(NDR_LITTLE_ENDIAN)] struct {
security_descriptor_revision revision;
security_descriptor_type type; /* SEC_DESC_xxxx flags */