Add in a version2 of the NT security descriptor store

that can store a timestamp along with the SD. Allows
us to check for validity against the POSIX st_ctime.
Keeps the IDL consistent with Samba3.3 IDL.
Jeremy.
(This used to be commit 29843a6b339a581de714924219632390b156aa4f)

1 files changed, 13 insertions, 3 deletions

diff --git a/source4/librpc/idl/xattr.idl b/source4/librpc/idl/xattr.idl
index 520341e6aa..5b3ad3aa91 100644
--- a/source4/librpc/idl/xattr.idl
+++ b/source4/librpc/idl/xattr.idl
@@ -104,19 +104,29 @@ interface xattr
 
 	/* we store the NT ACL a NTACL xattr. It is versioned so we
 	   can later add other acl attribs (such as posix acl mapping)
-	   
+
 	   we put this xattr in the security namespace to ensure that
 	   only trusted users can write to the ACL
+
+	   stored in "security.NTACL"
+
+	   Version 1. raw SD stored as Samba4 does it.
+	   Version 2. raw SD + last changed timestamp so we
+		      can discard if this doesn't match the POSIX st_ctime.
 	*/
-	const char *XATTR_NTACL_NAME = "security.NTACL";
+
+	typedef [public] struct {
+		security_descriptor *sd;
+		NTTIME last_changed;
+	} security_descriptor_timestamp;
 
 	typedef [switch_type(uint16)] union {
 		[case(1)] security_descriptor *sd;
+		[case(2)] security_descriptor_timestamp *sd_ts;
 	} xattr_NTACL_Info;
 
 	typedef [public] struct {
 		uint16 version;
 		[switch_is(version)] xattr_NTACL_Info info;
 	} xattr_NTACL;
-
 }