From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 23 Aug 2023 00:09:11 +0000 (+1200)
Subject: librpc:security.idl: add conditional ace coda
X-Git-Tag: tevent-0.16.0~485
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=df8eec384fe3fa36249ac28f99787e3387eb9063;p=thirdparty%2Fsamba.git

librpc:security.idl: add conditional ace coda

Conditional ACEs go into a DATA_BLOB just like the default ignored
coda, but we add a union field with a different name to preserve
sanity.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index 033cc613e5f..de412f389d7 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -663,6 +663,13 @@ interface security
 	} security_ace_object_ctr;
 
 	typedef [public,nodiscriminant,gensize] union {
+		[case(SEC_ACE_TYPE_ACCESS_ALLOWED_CALLBACK)] [flag(NDR_REMAINING)] DATA_BLOB conditions;
+		[case(SEC_ACE_TYPE_ACCESS_DENIED_CALLBACK)] [flag(NDR_REMAINING)] DATA_BLOB conditions;
+		[case(SEC_ACE_TYPE_ACCESS_ALLOWED_CALLBACK_OBJECT)] [flag(NDR_REMAINING)] DATA_BLOB conditions;
+		[case(SEC_ACE_TYPE_ACCESS_DENIED_CALLBACK_OBJECT)] [flag(NDR_REMAINING)] DATA_BLOB conditions;
+		[case(SEC_ACE_TYPE_SYSTEM_AUDIT_CALLBACK)] [flag(NDR_REMAINING)] DATA_BLOB conditions;
+		[case(SEC_ACE_TYPE_SYSTEM_AUDIT_CALLBACK_OBJECT)] [flag(NDR_REMAINING)] DATA_BLOB conditions;
+
 		[case(SEC_ACE_TYPE_SYSTEM_RESOURCE_ATTRIBUTE)] CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 claim;
 		[default][flag(NDR_REMAINING)] DATA_BLOB ignored;
 	} security_ace_coda;