From 526eaeb1e037e175ce26dec6cbe33378de2c5d68 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 9 Jul 2008 16:55:51 -0700 Subject: Add in a version2 of the NT security descriptor store that can store a timestamp along with the SD. Allows us to check for validity against the POSIX st_ctime. Keeps the IDL consistent with Samba3.3 IDL. Jeremy. (This used to be commit 29843a6b339a581de714924219632390b156aa4f) --- source4/librpc/idl/xattr.idl | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/librpc/idl/xattr.idl b/source4/librpc/idl/xattr.idl index 520341e6aa..5b3ad3aa91 100644 --- a/source4/librpc/idl/xattr.idl +++ b/source4/librpc/idl/xattr.idl @@ -104,19 +104,29 @@ interface xattr /* we store the NT ACL a NTACL xattr. It is versioned so we can later add other acl attribs (such as posix acl mapping) - + we put this xattr in the security namespace to ensure that only trusted users can write to the ACL + + stored in "security.NTACL" + + Version 1. raw SD stored as Samba4 does it. + Version 2. raw SD + last changed timestamp so we + can discard if this doesn't match the POSIX st_ctime. */ - const char *XATTR_NTACL_NAME = "security.NTACL"; + + typedef [public] struct { + security_descriptor *sd; + NTTIME last_changed; + } security_descriptor_timestamp; typedef [switch_type(uint16)] union { [case(1)] security_descriptor *sd; + [case(2)] security_descriptor_timestamp *sd_ts; } xattr_NTACL_Info; typedef [public] struct { uint16 version; [switch_is(version)] xattr_NTACL_Info info; } xattr_NTACL; - } -- cgit From 87f1a6c151aa9c4fd61dda30653b3d7acebbfc5d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 9 Jul 2008 17:46:11 -0700 Subject: (Hopefully) fix the build by re-adding security.NTACL const char. The deletion earlier was a typo. Jeremy. (This used to be commit aa27344b96929c925b30965a1cd20e69c3dbd515) --- source4/librpc/idl/xattr.idl | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4') diff --git a/source4/librpc/idl/xattr.idl b/source4/librpc/idl/xattr.idl index 5b3ad3aa91..ba0123aed0 100644 --- a/source4/librpc/idl/xattr.idl +++ b/source4/librpc/idl/xattr.idl @@ -115,6 +115,8 @@ interface xattr can discard if this doesn't match the POSIX st_ctime. */ + const char *XATTR_NTACL_NAME = "security.NTACL"; + typedef [public] struct { security_descriptor *sd; NTTIME last_changed; -- cgit