1 files changed, 29 insertions, 0 deletions

diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index 3f70e2c36e..d88931fc69 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -7,12 +7,40 @@
 import "misc.idl";
 import "dom_sid.idl";
 
+/*
+   use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really
+   just a dom sid, but with the sub_auths represented as a conformant
+   array. As with all in-structure conformant arrays, the array length
+   is placed before the start of the structure. That's what gives rise
+   to the extra num_auths elemenent. We don't want the Samba code to
+   have to bother with such esoteric NDR details, so its easier to just
+   define it as a dom_sid and use pidl magic to make it all work. It
+   just means you need to mark a sid as a "dom_sid2" in the IDL when you
+   know it is of the conformant array variety
+*/
+cpp_quote("#define dom_sid2 dom_sid")
+
+/* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */
+cpp_quote("#define dom_sid28 dom_sid")
+
+/* same struct as dom_sid but in a variable byte buffer, which is maybe empty in NDR */
+cpp_quote("#define dom_sid0 dom_sid")
+
+
+
 [
 	helper("librpc/gen_ndr/ndr_dom_sid.h"),
 	pointer_default(unique)
 ]
 interface security
 {
+
+	typedef [public,gensize,noprint,nosize,nopull,nopush] struct {
+		uint8  sid_rev_num;             /**< SID revision number */
+		[range(0,15)] int8  num_auths;  /**< Number of sub-authorities */
+		uint8  id_auth[6];              /**< Identifier Authority */
+		uint32 sub_auths[15];
+	} dom_sid;
 	/*
 	  access masks are divided up like this:
                 0xabccdddd
@@ -388,4 +416,5 @@ interface security
 		KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 = 0x00000008,
 		KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 = 0x00000010
 	} kerb_EncTypes;
+
 }