Add in the IDL to store a NT Security descriptor in

a blob. Use the same format as S4, but a new version
as we'll need to store the timestamp to check for
validity against the POSIX st_ctime.
Jeremy.
(This used to be commit 5c4ce1dac3769bfe533a4ea778c916d117603603)

1 files changed, 29 insertions, 0 deletions

diff --git a/source3/librpc/idl/xattr.idl b/source3/librpc/idl/xattr.idl
index ec230a4efb..e19e2f89d8 100644
--- a/source3/librpc/idl/xattr.idl
+++ b/source3/librpc/idl/xattr.idl
@@ -20,4 +20,33 @@ interface xattr
 		uint32 num_xattrs;
 		tdb_xattr xattrs[num_xattrs];
 	} tdb_xattrs;
+
+	/* we store the NT ACL a NTACL xattr. It is versioned so we
+	   can later add other acl attribs (such as posix acl mapping)
+
+	   we put this xattr in the security namespace to ensure that
+	   only trusted users can write to the ACL
+
+	   stored in "security.NTACL"
+
+	   Version 1. raw SD stored as Samba4 does it.
+	   Version 2. raw SD + last changed timestamp so we
+		      can discard if this doesn't match the POSIX st_ctime.
+        */
+
+	typedef [public] struct {
+		security_descriptor *sd;
+		NTTIME last_changed;
+	} security_descriptor_timestamp;
+
+        typedef [switch_type(uint16)] union {
+                [case(1)] security_descriptor *sd;
+		[case(2)] security_descriptor_timestamp *sd_ts;
+        } xattr_NTACL_Info;
+
+        typedef [public] struct {
+                uint16 version;
+                [switch_is(version)] xattr_NTACL_Info info;
+        } xattr_NTACL;
+
 }