summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2008-07-09 16:54:38 -0700
committerJeremy Allison <jra@samba.org>2008-07-09 16:54:38 -0700
commit0a0e18eeecc4d4e091c58109a8ddd9b3f28fa5cd (patch)
tree90ec7b53e13952f1e74016dba170d8be1c2eedc9
parentae923dbd4e4e5cba35b36ad353a943b826e2a2c5 (diff)
downloadsamba-0a0e18eeecc4d4e091c58109a8ddd9b3f28fa5cd.tar.gz
Add in the IDL to store a NT Security descriptor in
a blob. Use the same format as S4, but a new version as we'll need to store the timestamp to check for validity against the POSIX st_ctime. Jeremy. (This used to be commit 5c4ce1dac3769bfe533a4ea778c916d117603603)
-rw-r--r--source3/librpc/gen_ndr/ndr_xattr.c225
-rw-r--r--source3/librpc/gen_ndr/ndr_xattr.h7
-rw-r--r--source3/librpc/gen_ndr/xattr.h15
-rw-r--r--source3/librpc/idl/xattr.idl29
4 files changed, 276 insertions, 0 deletions
diff --git a/source3/librpc/gen_ndr/ndr_xattr.c b/source3/librpc/gen_ndr/ndr_xattr.c
index 46c4249d21a..9cde197444e 100644
--- a/source3/librpc/gen_ndr/ndr_xattr.c
+++ b/source3/librpc/gen_ndr/ndr_xattr.c
@@ -100,3 +100,228 @@ _PUBLIC_ void ndr_print_tdb_xattrs(struct ndr_print *ndr, const char *name, cons
ndr->depth--;
}
+_PUBLIC_ enum ndr_err_code ndr_push_security_descriptor_timestamp(struct ndr_push *ndr, int ndr_flags, const struct security_descriptor_timestamp *r)
+{
+ if (ndr_flags & NDR_SCALARS) {
+ NDR_CHECK(ndr_push_align(ndr, 4));
+ NDR_CHECK(ndr_push_unique_ptr(ndr, r->sd));
+ NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->last_changed));
+ }
+ if (ndr_flags & NDR_BUFFERS) {
+ if (r->sd) {
+ NDR_CHECK(ndr_push_security_descriptor(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd));
+ }
+ }
+ return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor_timestamp(struct ndr_pull *ndr, int ndr_flags, struct security_descriptor_timestamp *r)
+{
+ uint32_t _ptr_sd;
+ TALLOC_CTX *_mem_save_sd_0;
+ if (ndr_flags & NDR_SCALARS) {
+ NDR_CHECK(ndr_pull_align(ndr, 4));
+ NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sd));
+ if (_ptr_sd) {
+ NDR_PULL_ALLOC(ndr, r->sd);
+ } else {
+ r->sd = NULL;
+ }
+ NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->last_changed));
+ }
+ if (ndr_flags & NDR_BUFFERS) {
+ if (r->sd) {
+ _mem_save_sd_0 = NDR_PULL_GET_MEM_CTX(ndr);
+ NDR_PULL_SET_MEM_CTX(ndr, r->sd, 0);
+ NDR_CHECK(ndr_pull_security_descriptor(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd));
+ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sd_0, 0);
+ }
+ }
+ return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_security_descriptor_timestamp(struct ndr_print *ndr, const char *name, const struct security_descriptor_timestamp *r)
+{
+ ndr_print_struct(ndr, name, "security_descriptor_timestamp");
+ ndr->depth++;
+ ndr_print_ptr(ndr, "sd", r->sd);
+ ndr->depth++;
+ if (r->sd) {
+ ndr_print_security_descriptor(ndr, "sd", r->sd);
+ }
+ ndr->depth--;
+ ndr_print_NTTIME(ndr, "last_changed", r->last_changed);
+ ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_xattr_NTACL_Info(struct ndr_push *ndr, int ndr_flags, const union xattr_NTACL_Info *r)
+{
+ if (ndr_flags & NDR_SCALARS) {
+ int level = ndr_push_get_switch_value(ndr, r);
+ NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, level));
+ switch (level) {
+ case 1: {
+ NDR_CHECK(ndr_push_unique_ptr(ndr, r->sd));
+ break; }
+
+ case 2: {
+ NDR_CHECK(ndr_push_unique_ptr(ndr, r->sd_ts));
+ break; }
+
+ default:
+ return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+ }
+ }
+ if (ndr_flags & NDR_BUFFERS) {
+ int level = ndr_push_get_switch_value(ndr, r);
+ switch (level) {
+ case 1:
+ if (r->sd) {
+ NDR_CHECK(ndr_push_security_descriptor(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd));
+ }
+ break;
+
+ case 2:
+ if (r->sd_ts) {
+ NDR_CHECK(ndr_push_security_descriptor_timestamp(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd_ts));
+ }
+ break;
+
+ default:
+ return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+ }
+ }
+ return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_xattr_NTACL_Info(struct ndr_pull *ndr, int ndr_flags, union xattr_NTACL_Info *r)
+{
+ int level;
+ uint16_t _level;
+ TALLOC_CTX *_mem_save_sd_0;
+ TALLOC_CTX *_mem_save_sd_ts_0;
+ level = ndr_pull_get_switch_value(ndr, r);
+ if (ndr_flags & NDR_SCALARS) {
+ NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level));
+ if (_level != level) {
+ return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u for r", _level);
+ }
+ switch (level) {
+ case 1: {
+ uint32_t _ptr_sd;
+ NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sd));
+ if (_ptr_sd) {
+ NDR_PULL_ALLOC(ndr, r->sd);
+ } else {
+ r->sd = NULL;
+ }
+ break; }
+
+ case 2: {
+ uint32_t _ptr_sd_ts;
+ NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sd_ts));
+ if (_ptr_sd_ts) {
+ NDR_PULL_ALLOC(ndr, r->sd_ts);
+ } else {
+ r->sd_ts = NULL;
+ }
+ break; }
+
+ default:
+ return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+ }
+ }
+ if (ndr_flags & NDR_BUFFERS) {
+ switch (level) {
+ case 1:
+ if (r->sd) {
+ _mem_save_sd_0 = NDR_PULL_GET_MEM_CTX(ndr);
+ NDR_PULL_SET_MEM_CTX(ndr, r->sd, 0);
+ NDR_CHECK(ndr_pull_security_descriptor(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd));
+ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sd_0, 0);
+ }
+ break;
+
+ case 2:
+ if (r->sd_ts) {
+ _mem_save_sd_ts_0 = NDR_PULL_GET_MEM_CTX(ndr);
+ NDR_PULL_SET_MEM_CTX(ndr, r->sd_ts, 0);
+ NDR_CHECK(ndr_pull_security_descriptor_timestamp(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd_ts));
+ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sd_ts_0, 0);
+ }
+ break;
+
+ default:
+ return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+ }
+ }
+ return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_xattr_NTACL_Info(struct ndr_print *ndr, const char *name, const union xattr_NTACL_Info *r)
+{
+ int level;
+ level = ndr_print_get_switch_value(ndr, r);
+ ndr_print_union(ndr, name, level, "xattr_NTACL_Info");
+ switch (level) {
+ case 1:
+ ndr_print_ptr(ndr, "sd", r->sd);
+ ndr->depth++;
+ if (r->sd) {
+ ndr_print_security_descriptor(ndr, "sd", r->sd);
+ }
+ ndr->depth--;
+ break;
+
+ case 2:
+ ndr_print_ptr(ndr, "sd_ts", r->sd_ts);
+ ndr->depth++;
+ if (r->sd_ts) {
+ ndr_print_security_descriptor_timestamp(ndr, "sd_ts", r->sd_ts);
+ }
+ ndr->depth--;
+ break;
+
+ default:
+ ndr_print_bad_level(ndr, name, level);
+ }
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_xattr_NTACL(struct ndr_push *ndr, int ndr_flags, const struct xattr_NTACL *r)
+{
+ if (ndr_flags & NDR_SCALARS) {
+ NDR_CHECK(ndr_push_align(ndr, 4));
+ NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->version));
+ NDR_CHECK(ndr_push_set_switch_value(ndr, &r->info, r->version));
+ NDR_CHECK(ndr_push_xattr_NTACL_Info(ndr, NDR_SCALARS, &r->info));
+ }
+ if (ndr_flags & NDR_BUFFERS) {
+ NDR_CHECK(ndr_push_xattr_NTACL_Info(ndr, NDR_BUFFERS, &r->info));
+ }
+ return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_xattr_NTACL(struct ndr_pull *ndr, int ndr_flags, struct xattr_NTACL *r)
+{
+ if (ndr_flags & NDR_SCALARS) {
+ NDR_CHECK(ndr_pull_align(ndr, 4));
+ NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->version));
+ NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->info, r->version));
+ NDR_CHECK(ndr_pull_xattr_NTACL_Info(ndr, NDR_SCALARS, &r->info));
+ }
+ if (ndr_flags & NDR_BUFFERS) {
+ NDR_CHECK(ndr_pull_xattr_NTACL_Info(ndr, NDR_BUFFERS, &r->info));
+ }
+ return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_xattr_NTACL(struct ndr_print *ndr, const char *name, const struct xattr_NTACL *r)
+{
+ ndr_print_struct(ndr, name, "xattr_NTACL");
+ ndr->depth++;
+ ndr_print_uint16(ndr, "version", r->version);
+ ndr_print_set_switch_value(ndr, &r->info, r->version);
+ ndr_print_xattr_NTACL_Info(ndr, "info", &r->info);
+ ndr->depth--;
+}
+
diff --git a/source3/librpc/gen_ndr/ndr_xattr.h b/source3/librpc/gen_ndr/ndr_xattr.h
index a18477f3477..21c5ae03b58 100644
--- a/source3/librpc/gen_ndr/ndr_xattr.h
+++ b/source3/librpc/gen_ndr/ndr_xattr.h
@@ -13,4 +13,11 @@ void ndr_print_tdb_xattr(struct ndr_print *ndr, const char *name, const struct t
enum ndr_err_code ndr_push_tdb_xattrs(struct ndr_push *ndr, int ndr_flags, const struct tdb_xattrs *r);
enum ndr_err_code ndr_pull_tdb_xattrs(struct ndr_pull *ndr, int ndr_flags, struct tdb_xattrs *r);
void ndr_print_tdb_xattrs(struct ndr_print *ndr, const char *name, const struct tdb_xattrs *r);
+enum ndr_err_code ndr_push_security_descriptor_timestamp(struct ndr_push *ndr, int ndr_flags, const struct security_descriptor_timestamp *r);
+enum ndr_err_code ndr_pull_security_descriptor_timestamp(struct ndr_pull *ndr, int ndr_flags, struct security_descriptor_timestamp *r);
+void ndr_print_security_descriptor_timestamp(struct ndr_print *ndr, const char *name, const struct security_descriptor_timestamp *r);
+void ndr_print_xattr_NTACL_Info(struct ndr_print *ndr, const char *name, const union xattr_NTACL_Info *r);
+enum ndr_err_code ndr_push_xattr_NTACL(struct ndr_push *ndr, int ndr_flags, const struct xattr_NTACL *r);
+enum ndr_err_code ndr_pull_xattr_NTACL(struct ndr_pull *ndr, int ndr_flags, struct xattr_NTACL *r);
+void ndr_print_xattr_NTACL(struct ndr_print *ndr, const char *name, const struct xattr_NTACL *r);
#endif /* _HEADER_NDR_xattr */
diff --git a/source3/librpc/gen_ndr/xattr.h b/source3/librpc/gen_ndr/xattr.h
index ee30376be87..af1b633acb6 100644
--- a/source3/librpc/gen_ndr/xattr.h
+++ b/source3/librpc/gen_ndr/xattr.h
@@ -15,4 +15,19 @@ struct tdb_xattrs {
struct tdb_xattr *xattrs;
}/* [public] */;
+struct security_descriptor_timestamp {
+ struct security_descriptor *sd;/* [unique] */
+ NTTIME last_changed;
+}/* [public] */;
+
+union xattr_NTACL_Info {
+ struct security_descriptor *sd;/* [unique,case] */
+ struct security_descriptor_timestamp *sd_ts;/* [unique,case(2)] */
+}/* [switch_type(uint16)] */;
+
+struct xattr_NTACL {
+ uint16_t version;
+ union xattr_NTACL_Info info;/* [switch_is(version)] */
+}/* [public] */;
+
#endif /* _HEADER_xattr */
diff --git a/source3/librpc/idl/xattr.idl b/source3/librpc/idl/xattr.idl
index ec230a4efbb..e19e2f89d8a 100644
--- a/source3/librpc/idl/xattr.idl
+++ b/source3/librpc/idl/xattr.idl
@@ -20,4 +20,33 @@ interface xattr
uint32 num_xattrs;
tdb_xattr xattrs[num_xattrs];
} tdb_xattrs;
+
+ /* we store the NT ACL a NTACL xattr. It is versioned so we
+ can later add other acl attribs (such as posix acl mapping)
+
+ we put this xattr in the security namespace to ensure that
+ only trusted users can write to the ACL
+
+ stored in "security.NTACL"
+
+ Version 1. raw SD stored as Samba4 does it.
+ Version 2. raw SD + last changed timestamp so we
+ can discard if this doesn't match the POSIX st_ctime.
+ */
+
+ typedef [public] struct {
+ security_descriptor *sd;
+ NTTIME last_changed;
+ } security_descriptor_timestamp;
+
+ typedef [switch_type(uint16)] union {
+ [case(1)] security_descriptor *sd;
+ [case(2)] security_descriptor_timestamp *sd_ts;
+ } xattr_NTACL_Info;
+
+ typedef [public] struct {
+ uint16 version;
+ [switch_is(version)] xattr_NTACL_Info info;
+ } xattr_NTACL;
+
}