import "security.idl";
[
+ version(0.0),
+ helper("../librpc/ndr/ndr_xattr.h"),
+ pyhelper("librpc/ndr/py_xattr.c"),
pointer_default(unique)
]
interface xattr
{
const char *XATTR_DOSATTRIB_NAME = "user.DosAttrib";
+ const char *XATTR_DOSATTRIB_NAME_S3 = "user.DOSATTRIB";
const int XATTR_DOSATTRIB_ESTIMATED_SIZE = 64;
/* we store basic dos attributes in a DosAttrib xattr. By
using a union we can cope with new version of this
structure more easily */
+ /*
+ * the FFFF level is never really used,
+ * it's used to pass the information from
+ * the old hex string attrib information
+ * we have a handwritten parser which converts
+ * the hex string to the xattr_DosInfoFFFFCompat strucure
+ */
+
+ typedef struct {
+ uint32 attrib;
+ } xattr_DosInfoFFFFCompat;
+
typedef struct {
uint32 attrib;
uint32 ea_size;
utf8string name;
} xattr_DosInfo2Old;
- typedef [switch_type(uint16)] union {
- [case(1)] xattr_DosInfo1 info1;
- [case(2)] xattr_DosInfo2Old oldinfo2;
- } xattr_DosInfo;
+ typedef [bitmap32bit] bitmap {
+ XATTR_DOSINFO_ATTRIB = 0x00000001,
+ XATTR_DOSINFO_EA_SIZE = 0x00000002,
+ XATTR_DOSINFO_SIZE = 0x00000004,
+ XATTR_DOSINFO_ALLOC_SIZE = 0x00000008,
+ XATTR_DOSINFO_CREATE_TIME = 0x00000010,
+ XATTR_DOSINFO_CHANGE_TIME = 0x00000020,
+ XATTR_DOSINFO_ITIME = 0x00000040
+ } xattr_DosInfoValidFlags;
+
+ typedef struct {
+ xattr_DosInfoValidFlags valid_flags;
+ uint32 attrib;
+ uint32 ea_size;
+ udlong size;
+ udlong alloc_size;
+ NTTIME create_time;
+ NTTIME change_time;
+ } xattr_DosInfo3;
+
+ typedef struct {
+ xattr_DosInfoValidFlags valid_flags;
+ uint32 attrib;
+ NTTIME itime;
+ NTTIME create_time;
+ } xattr_DosInfo4;
+
+ typedef struct {
+ xattr_DosInfoValidFlags valid_flags;
+ uint32 attrib;
+ NTTIME create_time;
+ } xattr_DosInfo5;
+
+ typedef [public,switch_type(uint16)] union {
+ [case(0xFFFF)] xattr_DosInfoFFFFCompat compatinfoFFFF;
+ [case(1)] xattr_DosInfo1 info1;
+ [case(2)] xattr_DosInfo2Old oldinfo2;
+ [case(3)] xattr_DosInfo3 info3;
+ [case(4)] xattr_DosInfo4 info4;
+ [case(5)] xattr_DosInfo5 info5;
+ } xattr_DosInfo;
typedef [public] struct {
uint16 version;
[switch_is(version)] xattr_DosInfo info;
} xattr_DosAttrib;
+ typedef [public,nopush,nopull,noprint] struct {
+ astring attrib_hex;
+ uint16 version;
+ [switch_is(version)] xattr_DosInfo info;
+ } xattr_DOSATTRIB;
/* we store DOS style extended attributes in a DosEAs xattr */
const char *XATTR_DOSEAS_NAME = "user.DosEAs";
stored in "security.NTACL"
Version 1. raw SD stored as Samba4 does it.
- Version 2. raw SD + last changed timestamp so we
- can discard if this doesn't match the POSIX st_ctime.
+ Version 2. raw SD + last changed hash so we
+ can discard if this doesn't match the underlying ACL hash.
*/
const char *XATTR_NTACL_NAME = "security.NTACL";
+ const int XATTR_SD_HASH_SIZE = 64;
+ const int XATTR_SD_HASH_TYPE_NONE = 0x0;
+ const int XATTR_SD_HASH_TYPE_SHA256 = 0x1;
+
typedef [public] struct {
security_descriptor *sd;
- NTTIME last_changed;
- } security_descriptor_timestamp;
+ uint8 hash[16];
+ } security_descriptor_hash_v2; /* Hash never used in this version. */
+
+ typedef [public] struct {
+ security_descriptor *sd;
+ uint16 hash_type;
+ uint8 hash[64]; /* 64 bytes hash. */
+ } security_descriptor_hash_v3;
+
+ typedef [public] struct {
+ security_descriptor *sd;
+ uint16 hash_type;
+ uint8 hash[64]; /* 64 bytes hash. */
+ utf8string description; /* description of what created
+ * this hash (to allow
+ * forensics later, if we have
+ * a bug in one codepath */
+ NTTIME time;
+ uint8 sys_acl_hash[64]; /* 64 bytes hash. */
+ } security_descriptor_hash_v4;
typedef [switch_type(uint16)] union {
[case(1)] security_descriptor *sd;
- [case(2)] security_descriptor_timestamp *sd_ts;
+ [case(2)] security_descriptor_hash_v2 *sd_hs2;
+ [case(3)] security_descriptor_hash_v3 *sd_hs3;
+ [case(4)] security_descriptor_hash_v4 *sd_hs4;
} xattr_NTACL_Info;
typedef [public] struct {
uint16 version;
[switch_is(version)] xattr_NTACL_Info info;
} xattr_NTACL;
+
+ /*
+ * A wrapper of the common information required to be in the
+ * hash of the ACL, for the acl_xattr and acl_tdb modules.
+ */
+ [public] typedef struct {
+ DATA_BLOB acl_as_blob;
+ uid_t owner;
+ gid_t group;
+ mode_t mode;
+ } xattr_sys_acl_hash_wrapper;
+
}