From 85e0b90cf3de8f9cff68c0fdadd6c9b315d48d37 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 17 Mar 2005 04:24:35 +0000 Subject: r5850: enable parsing of revision 4 security acl's metze (This used to be commit 2a6a075c7da2da7bb62fb42936252717bb9d0593) --- source4/librpc/idl/drsuapi.idl | 2 -- source4/librpc/idl/security.idl | 54 ++++++++++++++++++++++++++++++----------- 2 files changed, 40 insertions(+), 16 deletions(-) (limited to 'source4') diff --git a/source4/librpc/idl/drsuapi.idl b/source4/librpc/idl/drsuapi.idl index 50706a1739..ab88fdfc51 100644 --- a/source4/librpc/idl/drsuapi.idl +++ b/source4/librpc/idl/drsuapi.idl @@ -384,9 +384,7 @@ interface drsuapi [case(DRSUAPI_ATTRIBUTE_objectSid)] drsuapi_DsAttributeValueCtrSID sid; /* SecurityDescriptor */ - /* we can't parse some ads specific security_descriptors yet [case(DRSUAPI_ATTRIBUTE_ntSecurityDescriptor)] drsuapi_DsAttributeValueCtrSecurityDescriptor security_descriptor; - */ /* UnicodeString */ [case(DRSUAPI_ATTRIBUTE_description)] drsuapi_DsAttributeValueCtrUnicodeString unicode_string; diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl index 691dd1d063..99afcc386c 100644 --- a/source4/librpc/idl/security.idl +++ b/source4/librpc/idl/security.idl @@ -214,28 +214,55 @@ interface security SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT = 8 } security_ace_type; + typedef bitmap { + SEC_ACE_OBJECT_TYPE_PRESENT = 0x00000001, + SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT = 0x00000002 + } security_ace_object_flags; + + typedef [nodiscriminant] union { + /* this is the 'schemaIDGUID' attribute of the attribute object in the schema naming context */ + [case(SEC_ACE_OBJECT_TYPE_PRESENT)] GUID type; + [default]; + } security_ace_object_type; + + typedef [nodiscriminant] union { + /* this is the 'schemaIDGUID' attribute of the objectclass object in the schema naming context + * (of the parent container) + */ + [case(SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT)] GUID inherited_type; + [default]; + } security_ace_object_inherited_type; + + typedef struct { + security_ace_object_flags flags; + [switch_is(flags & SEC_ACE_OBJECT_TYPE_PRESENT)] security_ace_object_type type; + [switch_is(flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT)] security_ace_object_inherited_type inherited_type; + } security_ace_object; + + typedef [nodiscriminant] union { + [case(SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT)] security_ace_object object; + [case(SEC_ACE_TYPE_ACCESS_DENIED_OBJECT)] security_ace_object object; + [case(SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT)] security_ace_object object; + [case(SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT)] security_ace_object object; + [default]; + } security_ace_object_ctr; + typedef [public] struct { security_ace_type type; /* SEC_ACE_TYPE_* */ security_ace_flags flags; /* SEC_ACE_FLAG_* */ [value(ndr_size_security_ace(r))] uint16 size; uint32 access_mask; - -#if 0 - /* the 'obj' part is present when type is XXXX_TYPE_XXXX_OBJECT */ - struct { - uint32 flags; - GUID object_guid; - GUID inherit_guid; - } *obj; -#endif - + [switch_is(type)] security_ace_object_ctr object; dom_sid trustee; } security_ace; typedef enum { - NT4_ACL_REVISION = 2 + SECURITY_ACL_REVISION_NT4 = 2, + SECURITY_ACL_REVISION_ADS = 4 } security_acl_revision; + const uint NT4_ACL_REVISION = SECURITY_ACL_REVISION_NT4; + typedef [public] struct { security_acl_revision revision; [value(ndr_size_security_acl(r))] uint16 size; @@ -245,10 +272,10 @@ interface security /* default revision for new ACLs */ typedef [enum8bit] enum { - SEC_DESC_REVISION_1 = 1 + SECURITY_DESCRIPTOR_REVISION_1 = 1 } security_descriptor_revision; - const int SD_REVISION = SEC_DESC_REVISION_1; + const int SD_REVISION = SECURITY_DESCRIPTOR_REVISION_1; /* security_descriptor->type bits */ typedef [bitmap16bit] bitmap { @@ -277,7 +304,6 @@ interface security const int SECINFO_DACL = 0x00000004; const int SECINFO_SACL = 0x00000008; - typedef [public,flag(NDR_LITTLE_ENDIAN)] struct { security_descriptor_revision revision; security_descriptor_type type; /* SEC_DESC_xxxx flags */ -- cgit