*/
-/* Allow the smb_acl interface to be pushed into an NDR blob and read/written in python */
+/*
+ * Allow the smb_acl interface to be pushed into an NDR blob and
+ * read/written in python.
+ *
+ * The exact layout of these stuctures is CRITICAL, as a SHA-256 hash is
+ * taken over these after they are pushed as NDR blobs, and stored in an
+ * xattr for ACL verification.
+ */
[
pointer_default(unique)
]
const int SMB_ACL_TYPE_ACCESS = 0;
const int SMB_ACL_TYPE_DEFAULT = 1;
+
+ /* A wrapper of all the information required to reproduce an
+ * ACL, so we can hash it for the acl_xattr and acl_tdb
+ * modules */
+ [public] typedef struct {
+ smb_acl_t *access_acl;
+ smb_acl_t *default_acl; /* NULL on files */
+ uid_t owner;
+ gid_t group;
+ mode_t mode;
+ } smb_acl_wrapper;
}
uint8 hash[64]; /* 64 bytes hash. */
} security_descriptor_hash_v3;
+ typedef [public] struct {
+ security_descriptor *sd;
+ uint16 hash_type;
+ uint8 hash[64]; /* 64 bytes hash. */
+ utf8string description; /* description of what created
+ * this hash (to allow
+ * foresnics later, if we have
+ * a bug in one codepath */
+ NTTIME time;
+ uint8 sys_acl_hash[64]; /* 64 bytes hash. */
+ } security_descriptor_hash_v4;
+
typedef [switch_type(uint16)] union {
[case(1)] security_descriptor *sd;
[case(2)] security_descriptor_hash_v2 *sd_hs2;
[case(3)] security_descriptor_hash_v3 *sd_hs3;
+ [case(4)] security_descriptor_hash_v4 *sd_hs4;
} xattr_NTACL_Info;
typedef [public] struct {