From b08093ed9d25c2ad6f0b253c19be970214ec78c1 Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 20 Sep 2023 11:12:42 +1200
Subject: [PATCH] lbcli/security: callback object ACES fall back with no GUID

As with other object ACEs, if there is not a GUID to refer to the ACE
becomes the corresponding non-object ACE.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 libcli/security/create_descriptor.c | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/libcli/security/create_descriptor.c b/libcli/security/create_descriptor.c
index d9e1c05f31b..4db23bede18 100644
--- a/libcli/security/create_descriptor.c
+++ b/libcli/security/create_descriptor.c
@@ -345,9 +345,21 @@ static struct security_acl *calculate_inherited_from_parent(TALLOC_CTX *mem_ctx,
 				case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
 					tmp_ace->type = SEC_ACE_TYPE_SYSTEM_AUDIT;
 					break;
-                                default:
-                                        /* all the _CALLBACK types */
-                                        break;
+				case SEC_ACE_TYPE_ACCESS_ALLOWED_CALLBACK_OBJECT:
+					tmp_ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED_CALLBACK;
+					break;
+				case SEC_ACE_TYPE_ACCESS_DENIED_CALLBACK_OBJECT:
+					tmp_ace->type = SEC_ACE_TYPE_ACCESS_DENIED_CALLBACK;
+					break;
+				case SEC_ACE_TYPE_SYSTEM_AUDIT_CALLBACK_OBJECT:
+					tmp_ace->type = SEC_ACE_TYPE_SYSTEM_AUDIT_CALLBACK;
+					break;
+				default:
+					/*
+					 * SEC_ACE_TYPE_SYSTEM_ALARM_CALLBACK_OBJECT
+					 * is reserved.
+					 */
+					break;
 				}
 			}