From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Fri, 21 Jul 2023 02:36:20 +0000 (+1200)
Subject: libcli/security/create_descriptor: calc_inherited handles new types
X-Git-Tag: tevent-0.16.0~468
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2923898e88d5baa7cd056f75e7c7333b70197d2f;p=thirdparty%2Fsamba.git

libcli/security/create_descriptor: calc_inherited handles new types

*_CALLBACK_OBJECT types inherit like other _OBJECT types.
*_CALLBACK types do nothing, like other non-OBJECT types.

We also explicitly throw unused alarm callback types and
SEC_ACE_TYPE_SYSTEM_MANDATORY_LABEL and
SEC_ACE_TYPE_SYSTEM_SCOPED_POLICY_ID into the fire.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/libcli/security/create_descriptor.c b/libcli/security/create_descriptor.c
index ab304a59a1c..d9e1c05f31b 100644
--- a/libcli/security/create_descriptor.c
+++ b/libcli/security/create_descriptor.c
@@ -199,6 +199,9 @@ static struct security_acl *calculate_inherited_from_parent(TALLOC_CTX *mem_ctx,
 		case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
 		case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
 		case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
+		case SEC_ACE_TYPE_ACCESS_ALLOWED_CALLBACK_OBJECT:
+		case SEC_ACE_TYPE_ACCESS_DENIED_CALLBACK_OBJECT:
+		case SEC_ACE_TYPE_SYSTEM_AUDIT_CALLBACK_OBJECT:
 			if (ace->object.object.flags & SEC_ACE_OBJECT_TYPE_PRESENT) {
 				inherited_property = &ace->object.object.type.type;
 			}
@@ -216,6 +219,16 @@ static struct security_acl *calculate_inherited_from_parent(TALLOC_CTX *mem_ctx,
 
 			break;
 
+		case SEC_ACE_TYPE_ACCESS_DENIED_CALLBACK:
+		case SEC_ACE_TYPE_ACCESS_ALLOWED_CALLBACK:
+		case SEC_ACE_TYPE_SYSTEM_AUDIT_CALLBACK:
+			break;
+		case SEC_ACE_TYPE_SYSTEM_RESOURCE_ATTRIBUTE:
+			break;
+		case SEC_ACE_TYPE_SYSTEM_ALARM_CALLBACK:
+		case SEC_ACE_TYPE_SYSTEM_ALARM_CALLBACK_OBJECT:
+		case SEC_ACE_TYPE_SYSTEM_MANDATORY_LABEL:
+		case SEC_ACE_TYPE_SYSTEM_SCOPED_POLICY_ID:
 		default:
 			DBG_WARNING("ACE type %d is not handled\n", ace->type);
 			TALLOC_FREE(tmp_acl);