diff options
author | Jeremy Allison <jra@samba.org> | 2008-07-09 16:54:38 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2008-07-09 16:54:38 -0700 |
commit | 0a0e18eeecc4d4e091c58109a8ddd9b3f28fa5cd (patch) | |
tree | 90ec7b53e13952f1e74016dba170d8be1c2eedc9 | |
parent | ae923dbd4e4e5cba35b36ad353a943b826e2a2c5 (diff) | |
download | samba-0a0e18eeecc4d4e091c58109a8ddd9b3f28fa5cd.tar.gz |
Add in the IDL to store a NT Security descriptor in
a blob. Use the same format as S4, but a new version
as we'll need to store the timestamp to check for
validity against the POSIX st_ctime.
Jeremy.
(This used to be commit 5c4ce1dac3769bfe533a4ea778c916d117603603)
-rw-r--r-- | source3/librpc/gen_ndr/ndr_xattr.c | 225 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/ndr_xattr.h | 7 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/xattr.h | 15 | ||||
-rw-r--r-- | source3/librpc/idl/xattr.idl | 29 |
4 files changed, 276 insertions, 0 deletions
diff --git a/source3/librpc/gen_ndr/ndr_xattr.c b/source3/librpc/gen_ndr/ndr_xattr.c index 46c4249d21a..9cde197444e 100644 --- a/source3/librpc/gen_ndr/ndr_xattr.c +++ b/source3/librpc/gen_ndr/ndr_xattr.c @@ -100,3 +100,228 @@ _PUBLIC_ void ndr_print_tdb_xattrs(struct ndr_print *ndr, const char *name, cons ndr->depth--; } +_PUBLIC_ enum ndr_err_code ndr_push_security_descriptor_timestamp(struct ndr_push *ndr, int ndr_flags, const struct security_descriptor_timestamp *r) +{ + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_push_align(ndr, 4)); + NDR_CHECK(ndr_push_unique_ptr(ndr, r->sd)); + NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->last_changed)); + } + if (ndr_flags & NDR_BUFFERS) { + if (r->sd) { + NDR_CHECK(ndr_push_security_descriptor(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd)); + } + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor_timestamp(struct ndr_pull *ndr, int ndr_flags, struct security_descriptor_timestamp *r) +{ + uint32_t _ptr_sd; + TALLOC_CTX *_mem_save_sd_0; + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_align(ndr, 4)); + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sd)); + if (_ptr_sd) { + NDR_PULL_ALLOC(ndr, r->sd); + } else { + r->sd = NULL; + } + NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->last_changed)); + } + if (ndr_flags & NDR_BUFFERS) { + if (r->sd) { + _mem_save_sd_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->sd, 0); + NDR_CHECK(ndr_pull_security_descriptor(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sd_0, 0); + } + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_security_descriptor_timestamp(struct ndr_print *ndr, const char *name, const struct security_descriptor_timestamp *r) +{ + ndr_print_struct(ndr, name, "security_descriptor_timestamp"); + ndr->depth++; + ndr_print_ptr(ndr, "sd", r->sd); + ndr->depth++; + if (r->sd) { + ndr_print_security_descriptor(ndr, "sd", r->sd); + } + ndr->depth--; + ndr_print_NTTIME(ndr, "last_changed", r->last_changed); + ndr->depth--; +} + +static enum ndr_err_code ndr_push_xattr_NTACL_Info(struct ndr_push *ndr, int ndr_flags, const union xattr_NTACL_Info *r) +{ + if (ndr_flags & NDR_SCALARS) { + int level = ndr_push_get_switch_value(ndr, r); + NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, level)); + switch (level) { + case 1: { + NDR_CHECK(ndr_push_unique_ptr(ndr, r->sd)); + break; } + + case 2: { + NDR_CHECK(ndr_push_unique_ptr(ndr, r->sd_ts)); + break; } + + default: + return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level); + } + } + if (ndr_flags & NDR_BUFFERS) { + int level = ndr_push_get_switch_value(ndr, r); + switch (level) { + case 1: + if (r->sd) { + NDR_CHECK(ndr_push_security_descriptor(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd)); + } + break; + + case 2: + if (r->sd_ts) { + NDR_CHECK(ndr_push_security_descriptor_timestamp(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd_ts)); + } + break; + + default: + return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level); + } + } + return NDR_ERR_SUCCESS; +} + +static enum ndr_err_code ndr_pull_xattr_NTACL_Info(struct ndr_pull *ndr, int ndr_flags, union xattr_NTACL_Info *r) +{ + int level; + uint16_t _level; + TALLOC_CTX *_mem_save_sd_0; + TALLOC_CTX *_mem_save_sd_ts_0; + level = ndr_pull_get_switch_value(ndr, r); + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level)); + if (_level != level) { + return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u for r", _level); + } + switch (level) { + case 1: { + uint32_t _ptr_sd; + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sd)); + if (_ptr_sd) { + NDR_PULL_ALLOC(ndr, r->sd); + } else { + r->sd = NULL; + } + break; } + + case 2: { + uint32_t _ptr_sd_ts; + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sd_ts)); + if (_ptr_sd_ts) { + NDR_PULL_ALLOC(ndr, r->sd_ts); + } else { + r->sd_ts = NULL; + } + break; } + + default: + return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level); + } + } + if (ndr_flags & NDR_BUFFERS) { + switch (level) { + case 1: + if (r->sd) { + _mem_save_sd_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->sd, 0); + NDR_CHECK(ndr_pull_security_descriptor(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sd_0, 0); + } + break; + + case 2: + if (r->sd_ts) { + _mem_save_sd_ts_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->sd_ts, 0); + NDR_CHECK(ndr_pull_security_descriptor_timestamp(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd_ts)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sd_ts_0, 0); + } + break; + + default: + return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level); + } + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_xattr_NTACL_Info(struct ndr_print *ndr, const char *name, const union xattr_NTACL_Info *r) +{ + int level; + level = ndr_print_get_switch_value(ndr, r); + ndr_print_union(ndr, name, level, "xattr_NTACL_Info"); + switch (level) { + case 1: + ndr_print_ptr(ndr, "sd", r->sd); + ndr->depth++; + if (r->sd) { + ndr_print_security_descriptor(ndr, "sd", r->sd); + } + ndr->depth--; + break; + + case 2: + ndr_print_ptr(ndr, "sd_ts", r->sd_ts); + ndr->depth++; + if (r->sd_ts) { + ndr_print_security_descriptor_timestamp(ndr, "sd_ts", r->sd_ts); + } + ndr->depth--; + break; + + default: + ndr_print_bad_level(ndr, name, level); + } +} + +_PUBLIC_ enum ndr_err_code ndr_push_xattr_NTACL(struct ndr_push *ndr, int ndr_flags, const struct xattr_NTACL *r) +{ + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_push_align(ndr, 4)); + NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->version)); + NDR_CHECK(ndr_push_set_switch_value(ndr, &r->info, r->version)); + NDR_CHECK(ndr_push_xattr_NTACL_Info(ndr, NDR_SCALARS, &r->info)); + } + if (ndr_flags & NDR_BUFFERS) { + NDR_CHECK(ndr_push_xattr_NTACL_Info(ndr, NDR_BUFFERS, &r->info)); + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_xattr_NTACL(struct ndr_pull *ndr, int ndr_flags, struct xattr_NTACL *r) +{ + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_align(ndr, 4)); + NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->version)); + NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->info, r->version)); + NDR_CHECK(ndr_pull_xattr_NTACL_Info(ndr, NDR_SCALARS, &r->info)); + } + if (ndr_flags & NDR_BUFFERS) { + NDR_CHECK(ndr_pull_xattr_NTACL_Info(ndr, NDR_BUFFERS, &r->info)); + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_xattr_NTACL(struct ndr_print *ndr, const char *name, const struct xattr_NTACL *r) +{ + ndr_print_struct(ndr, name, "xattr_NTACL"); + ndr->depth++; + ndr_print_uint16(ndr, "version", r->version); + ndr_print_set_switch_value(ndr, &r->info, r->version); + ndr_print_xattr_NTACL_Info(ndr, "info", &r->info); + ndr->depth--; +} + diff --git a/source3/librpc/gen_ndr/ndr_xattr.h b/source3/librpc/gen_ndr/ndr_xattr.h index a18477f3477..21c5ae03b58 100644 --- a/source3/librpc/gen_ndr/ndr_xattr.h +++ b/source3/librpc/gen_ndr/ndr_xattr.h @@ -13,4 +13,11 @@ void ndr_print_tdb_xattr(struct ndr_print *ndr, const char *name, const struct t enum ndr_err_code ndr_push_tdb_xattrs(struct ndr_push *ndr, int ndr_flags, const struct tdb_xattrs *r); enum ndr_err_code ndr_pull_tdb_xattrs(struct ndr_pull *ndr, int ndr_flags, struct tdb_xattrs *r); void ndr_print_tdb_xattrs(struct ndr_print *ndr, const char *name, const struct tdb_xattrs *r); +enum ndr_err_code ndr_push_security_descriptor_timestamp(struct ndr_push *ndr, int ndr_flags, const struct security_descriptor_timestamp *r); +enum ndr_err_code ndr_pull_security_descriptor_timestamp(struct ndr_pull *ndr, int ndr_flags, struct security_descriptor_timestamp *r); +void ndr_print_security_descriptor_timestamp(struct ndr_print *ndr, const char *name, const struct security_descriptor_timestamp *r); +void ndr_print_xattr_NTACL_Info(struct ndr_print *ndr, const char *name, const union xattr_NTACL_Info *r); +enum ndr_err_code ndr_push_xattr_NTACL(struct ndr_push *ndr, int ndr_flags, const struct xattr_NTACL *r); +enum ndr_err_code ndr_pull_xattr_NTACL(struct ndr_pull *ndr, int ndr_flags, struct xattr_NTACL *r); +void ndr_print_xattr_NTACL(struct ndr_print *ndr, const char *name, const struct xattr_NTACL *r); #endif /* _HEADER_NDR_xattr */ diff --git a/source3/librpc/gen_ndr/xattr.h b/source3/librpc/gen_ndr/xattr.h index ee30376be87..af1b633acb6 100644 --- a/source3/librpc/gen_ndr/xattr.h +++ b/source3/librpc/gen_ndr/xattr.h @@ -15,4 +15,19 @@ struct tdb_xattrs { struct tdb_xattr *xattrs; }/* [public] */; +struct security_descriptor_timestamp { + struct security_descriptor *sd;/* [unique] */ + NTTIME last_changed; +}/* [public] */; + +union xattr_NTACL_Info { + struct security_descriptor *sd;/* [unique,case] */ + struct security_descriptor_timestamp *sd_ts;/* [unique,case(2)] */ +}/* [switch_type(uint16)] */; + +struct xattr_NTACL { + uint16_t version; + union xattr_NTACL_Info info;/* [switch_is(version)] */ +}/* [public] */; + #endif /* _HEADER_xattr */ diff --git a/source3/librpc/idl/xattr.idl b/source3/librpc/idl/xattr.idl index ec230a4efbb..e19e2f89d8a 100644 --- a/source3/librpc/idl/xattr.idl +++ b/source3/librpc/idl/xattr.idl @@ -20,4 +20,33 @@ interface xattr uint32 num_xattrs; tdb_xattr xattrs[num_xattrs]; } tdb_xattrs; + + /* we store the NT ACL a NTACL xattr. It is versioned so we + can later add other acl attribs (such as posix acl mapping) + + we put this xattr in the security namespace to ensure that + only trusted users can write to the ACL + + stored in "security.NTACL" + + Version 1. raw SD stored as Samba4 does it. + Version 2. raw SD + last changed timestamp so we + can discard if this doesn't match the POSIX st_ctime. + */ + + typedef [public] struct { + security_descriptor *sd; + NTTIME last_changed; + } security_descriptor_timestamp; + + typedef [switch_type(uint16)] union { + [case(1)] security_descriptor *sd; + [case(2)] security_descriptor_timestamp *sd_ts; + } xattr_NTACL_Info; + + typedef [public] struct { + uint16 version; + [switch_is(version)] xattr_NTACL_Info info; + } xattr_NTACL; + } |