r3832: added NT ACL query/set to the posix NTVFS backend. The default ACL is

based on the current nttoken, which is completely wrong, but works as a start.

The ACL is stored in the xattr system.DosAcl, using a NDR encoded IDL
union with a version number to allow for future expansion.

pvfs does not yet check the ACL for file access. At the moment the ACL
is just query/set.

We also need to do some RPC work to allow the windows ACL editor to be
used. At the moment is queries the ACL fine, but displays an error
when it fails to map the SIDs via rpc.
(This used to be commit 3a1f20d874ab2d8b2a2f2485b7a705847abf1263)

1 files changed, 23 insertions, 0 deletions

diff --git a/source4/librpc/idl/xattr.idl b/source4/librpc/idl/xattr.idl
index 703fb2325b..153561ac1a 100644
--- a/source4/librpc/idl/xattr.idl
+++ b/source4/librpc/idl/xattr.idl
@@ -8,6 +8,9 @@
    about a file in a architecture independent manner
 */
 
+[
+  depends(security)
+]
 interface xattr
 {
 	const string XATTR_DOSATTRIB_NAME = "user.DosAttrib";
@@ -72,4 +75,24 @@ interface xattr
 		uint32 num_streams;
 		[size_is(num_streams)] xattr_DosStream *streams;
 	} xattr_DosStreams;
+
+
+	/* we store the NT ACL a DosAcl xattr. It is versioned so we
+	   can later add other acl attribs (such as posix acl
+	   mapping) 
+	   
+	   we put this xattr in the security namespace to ensure that
+	   only trusted users can write to the ACL
+	*/
+	const string XATTR_DOSACL_NAME = "security.DosAcl";
+
+	typedef union {
+		[case(1)] security_descriptor *sd;
+	} xattr_DosAclInfo;
+
+	typedef [public] struct {
+		uint16 version;
+		[switch_is(version)] xattr_DosAclInfo info;
+	} xattr_DosAcl;
+
 }