diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-10-10 16:42:38 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2012-10-11 12:25:10 +1100 |
commit | bb99cf1f729b789290202e573ea3dcedf2f253a0 (patch) | |
tree | 0456499fe3ff31d3dde89eab7531f147121c7c4a | |
parent | 5bb60df5136810c38a10daad152f1e744f38e976 (diff) | |
download | samba-bb99cf1f729b789290202e573ea3dcedf2f253a0.tar.gz samba-bb99cf1f729b789290202e573ea3dcedf2f253a0.tar.bz2 samba-bb99cf1f729b789290202e573ea3dcedf2f253a0.zip |
posixacls: Add IDL changes for vfs_acl_xattr using hash of the sys acl
This will isolate the hash of the ACL from any intermediate mapping that
the POSIX -> NT mapping subsystem might need to do, and which might
change if we need to correct that mapping.
Andrew Bartlett
-rw-r--r-- | librpc/idl/smb_acl.idl | 20 | ||||
-rw-r--r-- | librpc/idl/xattr.idl | 13 |
2 files changed, 32 insertions, 1 deletions
diff --git a/librpc/idl/smb_acl.idl b/librpc/idl/smb_acl.idl index f7332d9ac7..ffd1ee278f 100644 --- a/librpc/idl/smb_acl.idl +++ b/librpc/idl/smb_acl.idl @@ -19,7 +19,14 @@ */ -/* Allow the smb_acl interface to be pushed into an NDR blob and read/written in python */ +/* + * Allow the smb_acl interface to be pushed into an NDR blob and + * read/written in python. + * + * The exact layout of these stuctures is CRITICAL, as a SHA-256 hash is + * taken over these after they are pushed as NDR blobs, and stored in an + * xattr for ACL verification. + */ [ pointer_default(unique) ] @@ -75,4 +82,15 @@ interface smb_acl const int SMB_ACL_TYPE_ACCESS = 0; const int SMB_ACL_TYPE_DEFAULT = 1; + + /* A wrapper of all the information required to reproduce an + * ACL, so we can hash it for the acl_xattr and acl_tdb + * modules */ + [public] typedef struct { + smb_acl_t *access_acl; + smb_acl_t *default_acl; /* NULL on files */ + uid_t owner; + gid_t group; + mode_t mode; + } smb_acl_wrapper; } diff --git a/librpc/idl/xattr.idl b/librpc/idl/xattr.idl index bc8c20c9ea..f7e698429b 100644 --- a/librpc/idl/xattr.idl +++ b/librpc/idl/xattr.idl @@ -184,10 +184,23 @@ interface xattr uint8 hash[64]; /* 64 bytes hash. */ } security_descriptor_hash_v3; + typedef [public] struct { + security_descriptor *sd; + uint16 hash_type; + uint8 hash[64]; /* 64 bytes hash. */ + utf8string description; /* description of what created + * this hash (to allow + * foresnics later, if we have + * a bug in one codepath */ + NTTIME time; + uint8 sys_acl_hash[64]; /* 64 bytes hash. */ + } security_descriptor_hash_v4; + typedef [switch_type(uint16)] union { [case(1)] security_descriptor *sd; [case(2)] security_descriptor_hash_v2 *sd_hs2; [case(3)] security_descriptor_hash_v3 *sd_hs3; + [case(4)] security_descriptor_hash_v4 *sd_hs4; } xattr_NTACL_Info; typedef [public] struct { |