summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-10-10 16:42:38 +1100
committerAndrew Bartlett <abartlet@samba.org>2012-10-11 12:25:10 +1100
commitbb99cf1f729b789290202e573ea3dcedf2f253a0 (patch)
tree0456499fe3ff31d3dde89eab7531f147121c7c4a
parent5bb60df5136810c38a10daad152f1e744f38e976 (diff)
downloadsamba-bb99cf1f729b789290202e573ea3dcedf2f253a0.tar.gz
samba-bb99cf1f729b789290202e573ea3dcedf2f253a0.tar.bz2
samba-bb99cf1f729b789290202e573ea3dcedf2f253a0.zip
posixacls: Add IDL changes for vfs_acl_xattr using hash of the sys acl
This will isolate the hash of the ACL from any intermediate mapping that the POSIX -> NT mapping subsystem might need to do, and which might change if we need to correct that mapping. Andrew Bartlett
-rw-r--r--librpc/idl/smb_acl.idl20
-rw-r--r--librpc/idl/xattr.idl13
2 files changed, 32 insertions, 1 deletions
diff --git a/librpc/idl/smb_acl.idl b/librpc/idl/smb_acl.idl
index f7332d9ac7..ffd1ee278f 100644
--- a/librpc/idl/smb_acl.idl
+++ b/librpc/idl/smb_acl.idl
@@ -19,7 +19,14 @@
*/
-/* Allow the smb_acl interface to be pushed into an NDR blob and read/written in python */
+/*
+ * Allow the smb_acl interface to be pushed into an NDR blob and
+ * read/written in python.
+ *
+ * The exact layout of these stuctures is CRITICAL, as a SHA-256 hash is
+ * taken over these after they are pushed as NDR blobs, and stored in an
+ * xattr for ACL verification.
+ */
[
pointer_default(unique)
]
@@ -75,4 +82,15 @@ interface smb_acl
const int SMB_ACL_TYPE_ACCESS = 0;
const int SMB_ACL_TYPE_DEFAULT = 1;
+
+ /* A wrapper of all the information required to reproduce an
+ * ACL, so we can hash it for the acl_xattr and acl_tdb
+ * modules */
+ [public] typedef struct {
+ smb_acl_t *access_acl;
+ smb_acl_t *default_acl; /* NULL on files */
+ uid_t owner;
+ gid_t group;
+ mode_t mode;
+ } smb_acl_wrapper;
}
diff --git a/librpc/idl/xattr.idl b/librpc/idl/xattr.idl
index bc8c20c9ea..f7e698429b 100644
--- a/librpc/idl/xattr.idl
+++ b/librpc/idl/xattr.idl
@@ -184,10 +184,23 @@ interface xattr
uint8 hash[64]; /* 64 bytes hash. */
} security_descriptor_hash_v3;
+ typedef [public] struct {
+ security_descriptor *sd;
+ uint16 hash_type;
+ uint8 hash[64]; /* 64 bytes hash. */
+ utf8string description; /* description of what created
+ * this hash (to allow
+ * foresnics later, if we have
+ * a bug in one codepath */
+ NTTIME time;
+ uint8 sys_acl_hash[64]; /* 64 bytes hash. */
+ } security_descriptor_hash_v4;
+
typedef [switch_type(uint16)] union {
[case(1)] security_descriptor *sd;
[case(2)] security_descriptor_hash_v2 *sd_hs2;
[case(3)] security_descriptor_hash_v3 *sd_hs3;
+ [case(4)] security_descriptor_hash_v4 *sd_hs4;
} xattr_NTACL_Info;
typedef [public] struct {