From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 23 Aug 2023 00:03:53 +0000 (+1200)
Subject: librpc:security.idl: add Resource Attribute claim types
X-Git-Tag: tevent-0.16.0~702
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7f57b5ed5b6300ed631033cff4f49a4e0cae5573;p=thirdparty%2Fsamba.git

librpc:security.idl: add Resource Attribute claim types

This will be used in Resource Attribute ACEs, and in security tokens
when security tokens become claim-aware.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index 101e021b3a3..b3bc834a94c 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -639,6 +639,24 @@ interface security
 		CLAIM_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING = 0x0010
 	} security_claim_value_type;
 
+	typedef [nodiscriminant,flag(NDR_NOALIGN)] union {
+		[case(CLAIM_SECURITY_ATTRIBUTE_TYPE_INT64),relative] int64 *int_value;
+		[case(CLAIM_SECURITY_ATTRIBUTE_TYPE_UINT64),relative] hyper *uint_value;
+		[case(CLAIM_SECURITY_ATTRIBUTE_TYPE_STRING),relative] nstring *string_value;
+		[case(CLAIM_SECURITY_ATTRIBUTE_TYPE_SID),relative] DATA_BLOB *sid_value;
+		[case(CLAIM_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING),relative] DATA_BLOB *octet_value;
+		[case(CLAIM_SECURITY_ATTRIBUTE_TYPE_BOOLEAN),relative] hyper *bool_value;
+	} claim_values;
+
+	typedef [public,gensize] struct {
+		[relative] nstring *name;
+		uint16 value_type;
+		uint16 _reserved;
+		uint32 flags;
+		uint32 value_count;
+		[switch_is(value_type)] claim_values values[value_count];
+	} CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1;
+
 	typedef [public,nodiscriminant] union {
 		[case(SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT)] security_ace_object object;
 		[case(SEC_ACE_TYPE_ACCESS_DENIED_OBJECT)] security_ace_object object;