From 0a0e18eeecc4d4e091c58109a8ddd9b3f28fa5cd Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 9 Jul 2008 16:54:38 -0700
Subject: Add in the IDL to store a NT Security descriptor in a blob. Use the
 same format as S4, but a new version as we'll need to store the timestamp to
 check for validity against the POSIX st_ctime. Jeremy. (This used to be
 commit 5c4ce1dac3769bfe533a4ea778c916d117603603)

---
 source3/librpc/idl/xattr.idl | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

(limited to 'source3/librpc/idl')

diff --git a/source3/librpc/idl/xattr.idl b/source3/librpc/idl/xattr.idl
index ec230a4efb..e19e2f89d8 100644
--- a/source3/librpc/idl/xattr.idl
+++ b/source3/librpc/idl/xattr.idl
@@ -20,4 +20,33 @@ interface xattr
 		uint32 num_xattrs;
 		tdb_xattr xattrs[num_xattrs];
 	} tdb_xattrs;
+
+	/* we store the NT ACL a NTACL xattr. It is versioned so we
+	   can later add other acl attribs (such as posix acl mapping)
+
+	   we put this xattr in the security namespace to ensure that
+	   only trusted users can write to the ACL
+
+	   stored in "security.NTACL"
+
+	   Version 1. raw SD stored as Samba4 does it.
+	   Version 2. raw SD + last changed timestamp so we
+		      can discard if this doesn't match the POSIX st_ctime.
+        */
+
+	typedef [public] struct {
+		security_descriptor *sd;
+		NTTIME last_changed;
+	} security_descriptor_timestamp;
+
+        typedef [switch_type(uint16)] union {
+                [case(1)] security_descriptor *sd;
+		[case(2)] security_descriptor_timestamp *sd_ts;
+        } xattr_NTACL_Info;
+
+        typedef [public] struct {
+                uint16 version;
+                [switch_is(version)] xattr_NTACL_Info info;
+        } xattr_NTACL;
+
 }
-- 
cgit