librpc:security.idl: add conditional ace coda

Conditional ACEs go into a DATA_BLOB just like the default ignored
coda, but we add a union field with a different name to preserve
sanity.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index 033cc613e5fe256c902528e8c27c4388ba222b5c..de412f389d715412ef13e36a7e4ce66a192ebe6f 100644 (file)
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -663,6 +663,13 @@ interface security
        } security_ace_object_ctr;
 
        typedef [public,nodiscriminant,gensize] union {
+               [case(SEC_ACE_TYPE_ACCESS_ALLOWED_CALLBACK)] [flag(NDR_REMAINING)] DATA_BLOB conditions;
+               [case(SEC_ACE_TYPE_ACCESS_DENIED_CALLBACK)] [flag(NDR_REMAINING)] DATA_BLOB conditions;
+               [case(SEC_ACE_TYPE_ACCESS_ALLOWED_CALLBACK_OBJECT)] [flag(NDR_REMAINING)] DATA_BLOB conditions;
+               [case(SEC_ACE_TYPE_ACCESS_DENIED_CALLBACK_OBJECT)] [flag(NDR_REMAINING)] DATA_BLOB conditions;
+               [case(SEC_ACE_TYPE_SYSTEM_AUDIT_CALLBACK)] [flag(NDR_REMAINING)] DATA_BLOB conditions;
+               [case(SEC_ACE_TYPE_SYSTEM_AUDIT_CALLBACK_OBJECT)] [flag(NDR_REMAINING)] DATA_BLOB conditions;
+
                [case(SEC_ACE_TYPE_SYSTEM_RESOURCE_ATTRIBUTE)] CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 claim;
                [default][flag(NDR_REMAINING)] DATA_BLOB ignored;
        } security_ace_coda;