5 files changed, 73 insertions, 35 deletions

diff --git a/librpc/idl/smb_acl.idl b/librpc/idl/smb_acl.idl
new file mode 100644
index 0000000000..9586958bc6
--- /dev/null
+++ b/librpc/idl/smb_acl.idl
@@ -0,0 +1,63 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Portable SMB ACL interface
+   Copyright (C) Jeremy Allison 2000
+   Copyright (C) Andrew Bartlett 2012
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+/* Allow the smb_acl interface to be pushed into an NDR blob and read/written in python */
+[
+	pointer_default(unique)
+]
+interface smb_acl
+{
+
+	const int SMB_ACL_READ 				= 4;
+	const int SMB_ACL_WRITE 			= 2;
+	const int SMB_ACL_EXECUTE			= 1;
+
+	/* Types of ACLs. */
+	typedef enum {
+		SMB_ACL_TAG_INVALID = 0,
+		SMB_ACL_USER        = 1,
+		SMB_ACL_USER_OBJ    = 2,
+		SMB_ACL_GROUP       = 3,
+		SMB_ACL_GROUP_OBJ   = 4,
+		SMB_ACL_OTHER       = 5,
+		SMB_ACL_MASK        = 6
+	} smb_acl_tag_t;
+	
+	typedef struct {
+		smb_acl_tag_t a_type;
+		mode_t a_perm;
+		uid_t uid;
+		gid_t gid;
+	} smb_acl_entry;
+	
+	typedef struct {
+		int	size;
+		int	count;
+		int	next;
+		smb_acl_entry *acl;
+	} smb_acl_t;
+	
+	const int SMB_ACL_FIRST_ENTRY		= 0;
+	const int SMB_ACL_NEXT_ENTRY		= 1;
+		
+	const int SMB_ACL_TYPE_ACCESS		= 0;
+	const int SMB_ACL_TYPE_DEFAULT		= 1;
+}
diff --git a/librpc/idl/wscript_build b/librpc/idl/wscript_build
index 58d3181cb5..2dbf1a3f83 100644
--- a/librpc/idl/wscript_build
+++ b/librpc/idl/wscript_build
@@ -4,7 +4,7 @@ bld.SAMBA_PIDL_LIST('PIDL',
                     '''atsvc.idl auth.idl drsuapi.idl epmapper.idl initshutdown.idl
                        misc.idl ntlmssp.idl schannel.idl trkwks.idl
                        audiosrv.idl dfsblobs.idl dsbackup.idl eventlog.idl file_id.idl keysvc.idl
-                       msgsvc.idl ntsvcs.idl remact.idl security.idl unixinfo.idl wzcsvc.idl
+                       msgsvc.idl ntsvcs.idl remact.idl security.idl smb_acl.idl unixinfo.idl wzcsvc.idl
                        browser.idl dfs.idl dssetup.idl frsapi.idl krb5pac.idl
                        named_pipe_auth.idl orpc.idl rot.idl spoolss.idl w32time.idl xattr.idl
                        dbgidl.idl dnsserver.idl echo.idl frsrpc.idl lsa.idl nbt.idl dns.idl
diff --git a/librpc/wscript_build b/librpc/wscript_build
index 1dd755eb30..8dbbe2de05 100644
--- a/librpc/wscript_build
+++ b/librpc/wscript_build
@@ -239,6 +239,11 @@ bld.SAMBA_SUBSYSTEM('NDR_SECURITY',
     header_path='gen_ndr'
     )
 
+bld.SAMBA_SUBSYSTEM('NDR_SMB_ACL',
+    source='gen_ndr/ndr_smb_acl.c',
+    deps='ndr',
+    )
+
 bld.SAMBA_SUBSYSTEM('NDR_SVCCTL',
     source='gen_ndr/ndr_svcctl.c ndr/ndr_svcctl.c',
     public_deps='ndr NDR_SECURITY'
diff --git a/source3/include/smb_acls.h b/source3/include/smb_acls.h
index 4998e4b07d..2a47661ede 100644
--- a/source3/include/smb_acls.h
+++ b/source3/include/smb_acls.h
@@ -20,51 +20,20 @@
 #ifndef _SMB_ACLS_H
 #define _SMB_ACLS_H
 
+#include "librpc/gen_ndr/smb_acl.h"
+
 struct vfs_handle_struct;
 struct files_struct;
 
 typedef int			SMB_ACL_TYPE_T;
 typedef mode_t			*SMB_ACL_PERMSET_T;
 typedef mode_t			SMB_ACL_PERM_T;
-#define SMB_ACL_READ 				4
-#define SMB_ACL_WRITE 				2
-#define SMB_ACL_EXECUTE				1
-
-/* Types of ACLs. */
-enum smb_acl_tag_t {
-	SMB_ACL_TAG_INVALID=0,
-	SMB_ACL_USER=1,
-	SMB_ACL_USER_OBJ,
-	SMB_ACL_GROUP,
-	SMB_ACL_GROUP_OBJ,
-	SMB_ACL_OTHER,
-	SMB_ACL_MASK
-};
 
 typedef enum smb_acl_tag_t SMB_ACL_TAG_T;
-
-struct smb_acl_entry {
-	enum smb_acl_tag_t a_type;
-	SMB_ACL_PERM_T a_perm;
-	uid_t uid;
-	gid_t gid;
-};
-
-typedef struct smb_acl_t {
-	int	size;
-	int	count;
-	int	next;
-	struct smb_acl_entry *acl;
-} *SMB_ACL_T;
+typedef struct smb_acl_t *SMB_ACL_T;
 
 typedef struct smb_acl_entry 	*SMB_ACL_ENTRY_T;
 
-#define SMB_ACL_FIRST_ENTRY			0
-#define SMB_ACL_NEXT_ENTRY			1
-
-#define SMB_ACL_TYPE_ACCESS			0
-#define SMB_ACL_TYPE_DEFAULT		1
-
 /* The following definitions come from lib/sysacls.c  */
 
 int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p);
diff --git a/source3/wscript_build b/source3/wscript_build
index 9c6c5aa6b1..2fc65550c9 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -932,6 +932,7 @@ bld.SAMBA3_LIBRARY('smbd_base',
                     NDR_SMBXSRV
 		    LIBASYS
                     ccan-hash
+                    NDR_SMB_ACL
                     ''',
                     private_library=True,
                     vars=locals())