sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00
Code
samba-mirror/librpc/idl/xattr.idl

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

240 lines
6.2 KiB
Plaintext
Raw Normal View History

r3545: initial support for using extended attributes to hold extended dos attributes of files. I decided to use IDL/NDR to encode the attribute, as it gives us a simple way to describe and extend the saved attributes. The xattr code needs to hook into quite a few more places in the pvfs code, but this at least gets the basics done. I will start encoding alternate data streams streams, DOS EAs etc soon using the same basic mechanism. I'll probably stick to "version 1" for the xattr.idl for quite a while even though it will be changing, as I don't expect anyone to be deploying this in production just yet. Once we have production users we will need to keep compatibility by supporting all the old version numbers in xattr.idl. (This used to be commit c54253ed1b7dce1d14f43e747da61089aea87094)
2004-11-05 07:29:02 +00:00
#include "idl_types.h"
/*
IDL structures for xattr file attributes
this has nothing to do with RPC, we are just using our NDR/IDL
infrastructure as a convenient way to store linearised information
about a file in a architecture independent manner
*/
r19588: Use include and import statements rather than depends() and helper(). (This used to be commit 347ae9628202ca4de4318ef8156999239aad9192)
2006-11-06 22:54:49 +00:00
import "security.idl";
r3832: added NT ACL query/set to the posix NTVFS backend. The default ACL is based on the current nttoken, which is completely wrong, but works as a start. The ACL is stored in the xattr system.DosAcl, using a NDR encoded IDL union with a version number to allow for future expansion. pvfs does not yet check the ACL for file access. At the moment the ACL is just query/set. We also need to do some RPC work to allow the windows ACL editor to be used. At the moment is queries the ACL fine, but displays an error when it fails to map the SIDs via rpc. (This used to be commit 3a1f20d874ab2d8b2a2f2485b7a705847abf1263)
2004-11-18 03:31:35 +00:00
[
Add in Metze's new code to ndr encode the user.DOSATTRIB blobs. Next I'll change the create timestamp and dos attribute code to use this.
2009-10-28 15:42:47 -07:00
version(0.0),
helper("../librpc/ndr/ndr_xattr.h"),
s4: allow python code to dump NTACL object as well
2010-01-11 02:19:22 +03:00
pyhelper("librpc/ndr/py_xattr.c"),
r5362: Add pointer_default() support to pidl. pointer_default() is assumed to be "ptr" if not specified (just like midl). The validator will warn when "ptr" is used at the moment, because pidl only supports unique, ref and relative at the moment. (This used to be commit 31bed62a9a6f7830f523d509b67970648d40aaef)
2005-02-12 23:03:26 +00:00
pointer_default(unique)
r3832: added NT ACL query/set to the posix NTVFS backend. The default ACL is based on the current nttoken, which is completely wrong, but works as a start. The ACL is stored in the xattr system.DosAcl, using a NDR encoded IDL union with a version number to allow for future expansion. pvfs does not yet check the ACL for file access. At the moment the ACL is just query/set. We also need to do some RPC work to allow the windows ACL editor to be used. At the moment is queries the ACL fine, but displays an error when it fails to map the SIDs via rpc. (This used to be commit 3a1f20d874ab2d8b2a2f2485b7a705847abf1263)
2004-11-18 03:31:35 +00:00
]
r3545: initial support for using extended attributes to hold extended dos attributes of files. I decided to use IDL/NDR to encode the attribute, as it gives us a simple way to describe and extend the saved attributes. The xattr code needs to hook into quite a few more places in the pvfs code, but this at least gets the basics done. I will start encoding alternate data streams streams, DOS EAs etc soon using the same basic mechanism. I'll probably stick to "version 1" for the xattr.idl for quite a while even though it will be changing, as I don't expect anyone to be deploying this in production just yet. Once we have production users we will need to keep compatibility by supporting all the old version numbers in xattr.idl. (This used to be commit c54253ed1b7dce1d14f43e747da61089aea87094)
2004-11-05 07:29:02 +00:00
interface xattr
{
r11098: Replace string with [string] (This used to be commit 1ac8c96349c1241f75f7a133cfefa0df5aaae18e)
2005-10-16 17:17:57 +00:00
const char *XATTR_DOSATTRIB_NAME = "user.DosAttrib";
samba-tool: add command to dump dosinfo xattr from a file Add a new command "getdosinfo" to samba-tool to dump dosinfo xattr from a file. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Sep 29 06:00:49 CEST 2015 on sn-devel-104
2015-09-26 01:16:50 +02:00
const char *XATTR_DOSATTRIB_NAME_S3 = "user.DOSATTRIB";
r11098: Replace string with [string] (This used to be commit 1ac8c96349c1241f75f7a133cfefa0df5aaae18e)
2005-10-16 17:17:57 +00:00
const int XATTR_DOSATTRIB_ESTIMATED_SIZE = 64;
r3545: initial support for using extended attributes to hold extended dos attributes of files. I decided to use IDL/NDR to encode the attribute, as it gives us a simple way to describe and extend the saved attributes. The xattr code needs to hook into quite a few more places in the pvfs code, but this at least gets the basics done. I will start encoding alternate data streams streams, DOS EAs etc soon using the same basic mechanism. I'll probably stick to "version 1" for the xattr.idl for quite a while even though it will be changing, as I don't expect anyone to be deploying this in production just yet. Once we have production users we will need to keep compatibility by supporting all the old version numbers in xattr.idl. (This used to be commit c54253ed1b7dce1d14f43e747da61089aea87094)
2004-11-05 07:29:02 +00:00
r3549: added support for DOS extended attribute lists (name/value pairs) stored in posix xattrs (This used to be commit bad6a88371264cffce2bf5d6ce904b7b357081de)
2004-11-05 11:31:35 +00:00
/* we store basic dos attributes in a DosAttrib xattr. By
using a union we can cope with new version of this
structure more easily */
r3939: - added "posix:fakeoplocks" option for testing with oplocks forced on - added support for sticky write times after a setfileinfo, by using a write_time field in the DosAttrib xattr structure. (This used to be commit 4a52fae82d8305e999f94f1947daa21dab54cdfd)
2004-11-24 06:09:14 +00:00
Add in Metze's new code to ndr encode the user.DOSATTRIB blobs. Next I'll change the create timestamp and dos attribute code to use this.
2009-10-28 15:42:47 -07:00
/*
* the FFFF level is never really used,
* it's used to pass the information from
* the old hex string attrib information
* we have a handwritten parser which converts
librpc:idl: Fix code spelling Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-06 12:58:34 +02:00
* the hex string to the xattr_DosInfoFFFFCompat structure
Add in Metze's new code to ndr encode the user.DOSATTRIB blobs. Next I'll change the create timestamp and dos attribute code to use this.
2009-10-28 15:42:47 -07:00
*/
typedef struct {
uint32 attrib;
} xattr_DosInfoFFFFCompat;
r3545: initial support for using extended attributes to hold extended dos attributes of files. I decided to use IDL/NDR to encode the attribute, as it gives us a simple way to describe and extend the saved attributes. The xattr code needs to hook into quite a few more places in the pvfs code, but this at least gets the basics done. I will start encoding alternate data streams streams, DOS EAs etc soon using the same basic mechanism. I'll probably stick to "version 1" for the xattr.idl for quite a while even though it will be changing, as I don't expect anyone to be deploying this in production just yet. Once we have production users we will need to keep compatibility by supporting all the old version numbers in xattr.idl. (This used to be commit c54253ed1b7dce1d14f43e747da61089aea87094)
2004-11-05 07:29:02 +00:00
typedef struct {
uint32 attrib;
uint32 ea_size;
r5034: - added a type mapping function in pidl, so the type names in our IDL files don't need to match the type names in the generated headers - with this type mapping we no longer need definitions for the deprecated "int32", "uint8" etc form of types. We can now force everyone to use the standard types int32_t, uint8_t etc. - fixed all the code that used the deprecated types - converted the IDL types "int64" and "uint64" to "dlong" and "udlong". These are the 4 byte aligned 64 bit integers that Microsoft internally define as two 32 bit integers in a structure. After discussions with Ronnie Sahlberg we decided that calling these "int64" was confusing, as it implied a true 8 byte aligned type - fixed all the cases where we incorrectly used things like "NTTIME_hyper" in our C code. The generated API now uses a NTTIME for those. The fact that it is hyper-aligned on the wire is not relevant to the API, and should remain just a IDL property (This used to be commit f86521677d7ff16bdc4815f9524e5286026f10f3)
2005-01-27 06:16:59 +00:00
udlong size;
udlong alloc_size;
r3545: initial support for using extended attributes to hold extended dos attributes of files. I decided to use IDL/NDR to encode the attribute, as it gives us a simple way to describe and extend the saved attributes. The xattr code needs to hook into quite a few more places in the pvfs code, but this at least gets the basics done. I will start encoding alternate data streams streams, DOS EAs etc soon using the same basic mechanism. I'll probably stick to "version 1" for the xattr.idl for quite a while even though it will be changing, as I don't expect anyone to be deploying this in production just yet. Once we have production users we will need to keep compatibility by supporting all the old version numbers in xattr.idl. (This used to be commit c54253ed1b7dce1d14f43e747da61089aea87094)
2004-11-05 07:29:02 +00:00
NTTIME create_time;
NTTIME change_time;
} xattr_DosInfo1;
pvfs: remove XATTR_ATTRIB_FLAG_STICKY_WRITE_TIME code I'll fix this more correctly very soon, so that we'll pass the BASE-DELAYWRITE test. metze (This used to be commit b09dd6b65d533832a025a51509dcc84f84b048aa)
2008-05-07 15:46:22 +02:00
/*
We use xattrDosInfo1 again when we store values.
Because the sticky write time is now stored in the opendb
and xattr_DosInfo2Old is only present to parse existing
values from disk.
r3939: - added "posix:fakeoplocks" option for testing with oplocks forced on - added support for sticky write times after a setfileinfo, by using a write_time field in the DosAttrib xattr structure. (This used to be commit 4a52fae82d8305e999f94f1947daa21dab54cdfd)
2004-11-24 06:09:14 +00:00
pvfs: remove XATTR_ATTRIB_FLAG_STICKY_WRITE_TIME code I'll fix this more correctly very soon, so that we'll pass the BASE-DELAYWRITE test. metze (This used to be commit b09dd6b65d533832a025a51509dcc84f84b048aa)
2008-05-07 15:46:22 +02:00
const int XATTR_ATTRIB_FLAG_STICKY_WRITE_TIME = 0x1;
*/
r3939: - added "posix:fakeoplocks" option for testing with oplocks forced on - added support for sticky write times after a setfileinfo, by using a write_time field in the DosAttrib xattr structure. (This used to be commit 4a52fae82d8305e999f94f1947daa21dab54cdfd)
2004-11-24 06:09:14 +00:00
typedef struct {
uint32 flags;
uint32 attrib;
uint32 ea_size;
r5034: - added a type mapping function in pidl, so the type names in our IDL files don't need to match the type names in the generated headers - with this type mapping we no longer need definitions for the deprecated "int32", "uint8" etc form of types. We can now force everyone to use the standard types int32_t, uint8_t etc. - fixed all the code that used the deprecated types - converted the IDL types "int64" and "uint64" to "dlong" and "udlong". These are the 4 byte aligned 64 bit integers that Microsoft internally define as two 32 bit integers in a structure. After discussions with Ronnie Sahlberg we decided that calling these "int64" was confusing, as it implied a true 8 byte aligned type - fixed all the cases where we incorrectly used things like "NTTIME_hyper" in our C code. The generated API now uses a NTTIME for those. The fact that it is hyper-aligned on the wire is not relevant to the API, and should remain just a IDL property (This used to be commit f86521677d7ff16bdc4815f9524e5286026f10f3)
2005-01-27 06:16:59 +00:00
udlong size;
udlong alloc_size;
r3939: - added "posix:fakeoplocks" option for testing with oplocks forced on - added support for sticky write times after a setfileinfo, by using a write_time field in the DosAttrib xattr structure. (This used to be commit 4a52fae82d8305e999f94f1947daa21dab54cdfd)
2004-11-24 06:09:14 +00:00
NTTIME create_time;
NTTIME change_time;
NTTIME write_time; /* only used when sticky write time is set */
r12086: reverted the utf8string change in xattr.idl. See the discussion on samba-technical on why this should stay as a simple null terminated string (basically to make hand-written parsers easier) (This used to be commit 0f1de4b1db7f0035e2b31f967d86de9306558968)
2005-12-06 05:25:03 +00:00
utf8string name;
pvfs: remove XATTR_ATTRIB_FLAG_STICKY_WRITE_TIME code I'll fix this more correctly very soon, so that we'll pass the BASE-DELAYWRITE test. metze (This used to be commit b09dd6b65d533832a025a51509dcc84f84b048aa)
2008-05-07 15:46:22 +02:00
} xattr_DosInfo2Old;
r3939: - added "posix:fakeoplocks" option for testing with oplocks forced on - added support for sticky write times after a setfileinfo, by using a write_time field in the DosAttrib xattr structure. (This used to be commit 4a52fae82d8305e999f94f1947daa21dab54cdfd)
2004-11-24 06:09:14 +00:00
Add in Metze's new code to ndr encode the user.DOSATTRIB blobs. Next I'll change the create timestamp and dos attribute code to use this.
2009-10-28 15:42:47 -07:00
typedef [bitmap32bit] bitmap {
XATTR_DOSINFO_ATTRIB = 0x00000001,
XATTR_DOSINFO_EA_SIZE = 0x00000002,
XATTR_DOSINFO_SIZE = 0x00000004,
XATTR_DOSINFO_ALLOC_SIZE = 0x00000008,
XATTR_DOSINFO_CREATE_TIME = 0x00000010,
idl: add xattr_DosInfo4 to xattr_DosInfo in xattr.idl Adding itime, removing unused ea_size, size, alloc_size and change_time. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2019-06-30 14:43:28 +02:00
XATTR_DOSINFO_CHANGE_TIME = 0x00000020,
XATTR_DOSINFO_ITIME = 0x00000040
Add in Metze's new code to ndr encode the user.DOSATTRIB blobs. Next I'll change the create timestamp and dos attribute code to use this.
2009-10-28 15:42:47 -07:00
} xattr_DosInfoValidFlags;
typedef struct {
xattr_DosInfoValidFlags valid_flags;
uint32 attrib;
uint32 ea_size;
udlong size;
udlong alloc_size;
NTTIME create_time;
NTTIME change_time;
} xattr_DosInfo3;
idl: add xattr_DosInfo4 to xattr_DosInfo in xattr.idl Adding itime, removing unused ea_size, size, alloc_size and change_time. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2019-06-30 14:43:28 +02:00
typedef struct {
xattr_DosInfoValidFlags valid_flags;
uint32 attrib;
NTTIME itime;
NTTIME create_time;
} xattr_DosInfo4;
smbd: remove itime and file_id logic and code This bases File-Ids on the inode numbers again. The whole stuff was added because at that time Apple clients 1. would be upset by inode number reusage and 2. had a client side bug in their fallback implemetentation that assigns File-Ids on the client side in case the server provides File-Ids of 0. After discussion with folks at Apple it should be safe these days to rely on the Mac to generate its own File-Ids and let Samba return 0 File-Ids. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-03-28 11:48:37 +02:00
typedef struct {
xattr_DosInfoValidFlags valid_flags;
uint32 attrib;
NTTIME create_time;
} xattr_DosInfo5;
Add in Metze's new code to ndr encode the user.DOSATTRIB blobs. Next I'll change the create timestamp and dos attribute code to use this.
2009-10-28 15:42:47 -07:00
typedef [public,switch_type(uint16)] union {
[case(0xFFFF)] xattr_DosInfoFFFFCompat compatinfoFFFF;
[case(1)] xattr_DosInfo1 info1;
[case(2)] xattr_DosInfo2Old oldinfo2;
[case(3)] xattr_DosInfo3 info3;
idl: add xattr_DosInfo4 to xattr_DosInfo in xattr.idl Adding itime, removing unused ea_size, size, alloc_size and change_time. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2019-06-30 14:43:28 +02:00
[case(4)] xattr_DosInfo4 info4;
smbd: remove itime and file_id logic and code This bases File-Ids on the inode numbers again. The whole stuff was added because at that time Apple clients 1. would be upset by inode number reusage and 2. had a client side bug in their fallback implemetentation that assigns File-Ids on the client side in case the server provides File-Ids of 0. After discussion with folks at Apple it should be safe these days to rely on the Mac to generate its own File-Ids and let Samba return 0 File-Ids. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-03-28 11:48:37 +02:00
[case(5)] xattr_DosInfo5 info5;
Add in Metze's new code to ndr encode the user.DOSATTRIB blobs. Next I'll change the create timestamp and dos attribute code to use this.
2009-10-28 15:42:47 -07:00
} xattr_DosInfo;
r3545: initial support for using extended attributes to hold extended dos attributes of files. I decided to use IDL/NDR to encode the attribute, as it gives us a simple way to describe and extend the saved attributes. The xattr code needs to hook into quite a few more places in the pvfs code, but this at least gets the basics done. I will start encoding alternate data streams streams, DOS EAs etc soon using the same basic mechanism. I'll probably stick to "version 1" for the xattr.idl for quite a while even though it will be changing, as I don't expect anyone to be deploying this in production just yet. Once we have production users we will need to keep compatibility by supporting all the old version numbers in xattr.idl. (This used to be commit c54253ed1b7dce1d14f43e747da61089aea87094)
2004-11-05 07:29:02 +00:00
typedef [public] struct {
uint16 version;
[switch_is(version)] xattr_DosInfo info;
} xattr_DosAttrib;
r3549: added support for DOS extended attribute lists (name/value pairs) stored in posix xattrs (This used to be commit bad6a88371264cffce2bf5d6ce904b7b357081de)
2004-11-05 11:31:35 +00:00
Add in Metze's new code to ndr encode the user.DOSATTRIB blobs. Next I'll change the create timestamp and dos attribute code to use this.
2009-10-28 15:42:47 -07:00
typedef [public,nopush,nopull,noprint] struct {
astring attrib_hex;
uint16 version;
[switch_is(version)] xattr_DosInfo info;
} xattr_DOSATTRIB;
r3549: added support for DOS extended attribute lists (name/value pairs) stored in posix xattrs (This used to be commit bad6a88371264cffce2bf5d6ce904b7b357081de)
2004-11-05 11:31:35 +00:00
/* we store DOS style extended attributes in a DosEAs xattr */
r11098: Replace string with [string] (This used to be commit 1ac8c96349c1241f75f7a133cfefa0df5aaae18e)
2005-10-16 17:17:57 +00:00
const char *XATTR_DOSEAS_NAME = "user.DosEAs";
r3549: added support for DOS extended attribute lists (name/value pairs) stored in posix xattrs (This used to be commit bad6a88371264cffce2bf5d6ce904b7b357081de)
2004-11-05 11:31:35 +00:00
typedef struct {
r12086: reverted the utf8string change in xattr.idl. See the discussion on samba-technical on why this should stay as a simple null terminated string (basically to make hand-written parsers easier) (This used to be commit 0f1de4b1db7f0035e2b31f967d86de9306558968)
2005-12-06 05:25:03 +00:00
utf8string name;
r3549: added support for DOS extended attribute lists (name/value pairs) stored in posix xattrs (This used to be commit bad6a88371264cffce2bf5d6ce904b7b357081de)
2004-11-05 11:31:35 +00:00
DATA_BLOB value;
} xattr_EA;
typedef [public] struct {
uint16 num_eas;
r7029: Make array support in pidl similar to that in other IDL compilers. We should now able to use constructions like these: [size_is(20)] int *x; -> Pointer to array of 20 ints [size_is(20)] int x[]; -> Array of 20 ints [size_is(20)] int *x[]; -> Array of 20 pointers to ints [size_is(20,)] int *x[] -> Array of 20 pointers to ints [size_is(,20)] int *x[]; -> Pointer to array of 20 ints [size_is(,20)] int **x; -> Pointer to pointer to array of 20 ints [size_is(20)] int x[][30]; -> 20 blocks of 30 ints (This used to be commit ecf583da71c2f80be124c17fccdcb284b47e0695)
2005-05-27 15:49:15 +00:00
[size_is(num_eas)] xattr_EA *eas;
r3549: added support for DOS extended attribute lists (name/value pairs) stored in posix xattrs (This used to be commit bad6a88371264cffce2bf5d6ce904b7b357081de)
2004-11-05 11:31:35 +00:00
} xattr_DosEAs;
r3747: - added some of the infrastructure needed for streams support in pvfs (the IDL, and the load/save meta-data logic) - changed pvfs_resolve_name() to default to non-wildcard, needing PVFS_RESOLVE_WILDCARD to enable wildcards. Most callers don't want wildcards, so defaulting this way makes more sense. - fixed deletion of EAs (This used to be commit e7afd4403cc1b7e0928776929f8988aa6f15640b)
2004-11-15 06:57:26 +00:00
Share xattr implementation.
2008-10-15 15:57:39 +02:00
/* Slightly different version, used by the vfs_xattr_tdb module */
typedef [public] struct {
uint32 num_eas;
xattr_EA eas[num_eas];
} tdb_xattrs;
r3747: - added some of the infrastructure needed for streams support in pvfs (the IDL, and the load/save meta-data logic) - changed pvfs_resolve_name() to default to non-wildcard, needing PVFS_RESOLVE_WILDCARD to enable wildcards. Most callers don't want wildcards, so defaulting this way makes more sense. - fixed deletion of EAs (This used to be commit e7afd4403cc1b7e0928776929f8988aa6f15640b)
2004-11-15 06:57:26 +00:00
/* we store stream information in this xattr structure. Then
the streams themselves are stored in
user.DosStream.STREAMNAME or in external files, according
to the flags */
r11098: Replace string with [string] (This used to be commit 1ac8c96349c1241f75f7a133cfefa0df5aaae18e)
2005-10-16 17:17:57 +00:00
const char *XATTR_DOSSTREAMS_NAME = "user.DosStreams";
r3747: - added some of the infrastructure needed for streams support in pvfs (the IDL, and the load/save meta-data logic) - changed pvfs_resolve_name() to default to non-wildcard, needing PVFS_RESOLVE_WILDCARD to enable wildcards. Most callers don't want wildcards, so defaulting this way makes more sense. - fixed deletion of EAs (This used to be commit e7afd4403cc1b7e0928776929f8988aa6f15640b)
2004-11-15 06:57:26 +00:00
const int XATTR_STREAM_FLAG_INTERNAL = 0x00000001;
r3798: added support for alternate data streams in xattrs into pvfs. The trickiest part about this was getting the sharing and locking rules right, as alternate streams are separate locking spaces from the main file for the purposes of byte range locking, and separate for most share violation rules. I suspect there are still problems with delete on close with alternate data streams. I'll look at that next. (This used to be commit b6452c4a2068cf7e837778559da002ae191b508a)
2004-11-17 05:58:04 +00:00
/* stream data is stored in attributes with the given prefix */
r11098: Replace string with [string] (This used to be commit 1ac8c96349c1241f75f7a133cfefa0df5aaae18e)
2005-10-16 17:17:57 +00:00
const char *XATTR_DOSSTREAM_PREFIX = "user.DosStream.";
r3798: added support for alternate data streams in xattrs into pvfs. The trickiest part about this was getting the sharing and locking rules right, as alternate streams are separate locking spaces from the main file for the purposes of byte range locking, and separate for most share violation rules. I suspect there are still problems with delete on close with alternate data streams. I'll look at that next. (This used to be commit b6452c4a2068cf7e837778559da002ae191b508a)
2004-11-17 05:58:04 +00:00
allow larger streams using the TDB backend (This used to be commit 8c0d756eb887477da867e069dbde3a7ad98d4ae0)
2008-05-26 14:59:58 +10:00
const int XATTR_MAX_STREAM_SIZE = 0x4000;
const int XATTR_MAX_STREAM_SIZE_TDB = 0x100000;
r3806: added support to smb_server and pvfs for the NTTRANS Create call. This call has an optional sec_desc and ea_list. (This used to be commit 8379ad14e3d51a848a99865d9ce8d56a301e8a3c)
2004-11-17 12:36:14 +00:00
r3747: - added some of the infrastructure needed for streams support in pvfs (the IDL, and the load/save meta-data logic) - changed pvfs_resolve_name() to default to non-wildcard, needing PVFS_RESOLVE_WILDCARD to enable wildcards. Most callers don't want wildcards, so defaulting this way makes more sense. - fixed deletion of EAs (This used to be commit e7afd4403cc1b7e0928776929f8988aa6f15640b)
2004-11-15 06:57:26 +00:00
typedef struct {
uint32 flags;
r5034: - added a type mapping function in pidl, so the type names in our IDL files don't need to match the type names in the generated headers - with this type mapping we no longer need definitions for the deprecated "int32", "uint8" etc form of types. We can now force everyone to use the standard types int32_t, uint8_t etc. - fixed all the code that used the deprecated types - converted the IDL types "int64" and "uint64" to "dlong" and "udlong". These are the 4 byte aligned 64 bit integers that Microsoft internally define as two 32 bit integers in a structure. After discussions with Ronnie Sahlberg we decided that calling these "int64" was confusing, as it implied a true 8 byte aligned type - fixed all the cases where we incorrectly used things like "NTTIME_hyper" in our C code. The generated API now uses a NTTIME for those. The fact that it is hyper-aligned on the wire is not relevant to the API, and should remain just a IDL property (This used to be commit f86521677d7ff16bdc4815f9524e5286026f10f3)
2005-01-27 06:16:59 +00:00
udlong size;
udlong alloc_size;
r12086: reverted the utf8string change in xattr.idl. See the discussion on samba-technical on why this should stay as a simple null terminated string (basically to make hand-written parsers easier) (This used to be commit 0f1de4b1db7f0035e2b31f967d86de9306558968)
2005-12-06 05:25:03 +00:00
utf8string name;
r3747: - added some of the infrastructure needed for streams support in pvfs (the IDL, and the load/save meta-data logic) - changed pvfs_resolve_name() to default to non-wildcard, needing PVFS_RESOLVE_WILDCARD to enable wildcards. Most callers don't want wildcards, so defaulting this way makes more sense. - fixed deletion of EAs (This used to be commit e7afd4403cc1b7e0928776929f8988aa6f15640b)
2004-11-15 06:57:26 +00:00
} xattr_DosStream;
typedef [public] struct {
uint32 num_streams;
r7029: Make array support in pidl similar to that in other IDL compilers. We should now able to use constructions like these: [size_is(20)] int *x; -> Pointer to array of 20 ints [size_is(20)] int x[]; -> Array of 20 ints [size_is(20)] int *x[]; -> Array of 20 pointers to ints [size_is(20,)] int *x[] -> Array of 20 pointers to ints [size_is(,20)] int *x[]; -> Pointer to array of 20 ints [size_is(,20)] int **x; -> Pointer to pointer to array of 20 ints [size_is(20)] int x[][30]; -> 20 blocks of 30 ints (This used to be commit ecf583da71c2f80be124c17fccdcb284b47e0695)
2005-05-27 15:49:15 +00:00
[size_is(num_streams)] xattr_DosStream *streams;
r3747: - added some of the infrastructure needed for streams support in pvfs (the IDL, and the load/save meta-data logic) - changed pvfs_resolve_name() to default to non-wildcard, needing PVFS_RESOLVE_WILDCARD to enable wildcards. Most callers don't want wildcards, so defaulting this way makes more sense. - fixed deletion of EAs (This used to be commit e7afd4403cc1b7e0928776929f8988aa6f15640b)
2004-11-15 06:57:26 +00:00
} xattr_DosStreams;
r3832: added NT ACL query/set to the posix NTVFS backend. The default ACL is based on the current nttoken, which is completely wrong, but works as a start. The ACL is stored in the xattr system.DosAcl, using a NDR encoded IDL union with a version number to allow for future expansion. pvfs does not yet check the ACL for file access. At the moment the ACL is just query/set. We also need to do some RPC work to allow the windows ACL editor to be used. At the moment is queries the ACL fine, but displays an error when it fails to map the SIDs via rpc. (This used to be commit 3a1f20d874ab2d8b2a2f2485b7a705847abf1263)
2004-11-18 03:31:35 +00:00
r3939: - added "posix:fakeoplocks" option for testing with oplocks forced on - added support for sticky write times after a setfileinfo, by using a write_time field in the DosAttrib xattr structure. (This used to be commit 4a52fae82d8305e999f94f1947daa21dab54cdfd)
2004-11-24 06:09:14 +00:00
/* we store the NT ACL a NTACL xattr. It is versioned so we
r3833: NTACL is a better xattr name than DosAcl (tpot suggested this) (This used to be commit 17911eea5995c12a2300dd3928612c77f8f0883e)
2004-11-18 03:41:50 +00:00
can later add other acl attribs (such as posix acl mapping)
Add in a version2 of the NT security descriptor store that can store a timestamp along with the SD. Allows us to check for validity against the POSIX st_ctime. Keeps the IDL consistent with Samba3.3 IDL. Jeremy. (This used to be commit 29843a6b339a581de714924219632390b156aa4f)
2008-07-09 16:55:51 -07:00
r3832: added NT ACL query/set to the posix NTVFS backend. The default ACL is based on the current nttoken, which is completely wrong, but works as a start. The ACL is stored in the xattr system.DosAcl, using a NDR encoded IDL union with a version number to allow for future expansion. pvfs does not yet check the ACL for file access. At the moment the ACL is just query/set. We also need to do some RPC work to allow the windows ACL editor to be used. At the moment is queries the ACL fine, but displays an error when it fails to map the SIDs via rpc. (This used to be commit 3a1f20d874ab2d8b2a2f2485b7a705847abf1263)
2004-11-18 03:31:35 +00:00
we put this xattr in the security namespace to ensure that
only trusted users can write to the ACL
Add in a version2 of the NT security descriptor store that can store a timestamp along with the SD. Allows us to check for validity against the POSIX st_ctime. Keeps the IDL consistent with Samba3.3 IDL. Jeremy. (This used to be commit 29843a6b339a581de714924219632390b156aa4f)
2008-07-09 16:55:51 -07:00
stored in "security.NTACL"
Version 1. raw SD stored as Samba4 does it.
Move v2 from timestamp to 16-byte hash. Got the change in before on disk format is fixed. Jeremy.
2008-11-13 17:18:41 -08:00
Version 2. raw SD + last changed hash so we
can discard if this doesn't match the underlying ACL hash.
r3832: added NT ACL query/set to the posix NTVFS backend. The default ACL is based on the current nttoken, which is completely wrong, but works as a start. The ACL is stored in the xattr system.DosAcl, using a NDR encoded IDL union with a version number to allow for future expansion. pvfs does not yet check the ACL for file access. At the moment the ACL is just query/set. We also need to do some RPC work to allow the windows ACL editor to be used. At the moment is queries the ACL fine, but displays an error when it fails to map the SIDs via rpc. (This used to be commit 3a1f20d874ab2d8b2a2f2485b7a705847abf1263)
2004-11-18 03:31:35 +00:00
*/
Add in a version2 of the NT security descriptor store that can store a timestamp along with the SD. Allows us to check for validity against the POSIX st_ctime. Keeps the IDL consistent with Samba3.3 IDL. Jeremy. (This used to be commit 29843a6b339a581de714924219632390b156aa4f)
2008-07-09 16:55:51 -07:00
(Hopefully) fix the build by re-adding security.NTACL const char. The deletion earlier was a typo. Jeremy. (This used to be commit aa27344b96929c925b30965a1cd20e69c3dbd515)
2008-07-09 17:46:11 -07:00
const char *XATTR_NTACL_NAME = "security.NTACL";
Fix hash function in acl_xattr to be SHA256, make the hash function selectable. Upgrade version. Compiles but not fully tested yet (coming). Make vfs_acl_tdb.c compile - this needs updating to match acl_xattr (also coming soon). Jeremy.
2009-07-24 14:09:42 -07:00
const int XATTR_SD_HASH_SIZE = 64;
const int XATTR_SD_HASH_TYPE_NONE = 0x0;
const int XATTR_SD_HASH_TYPE_SHA256 = 0x1;
Add in a version2 of the NT security descriptor store that can store a timestamp along with the SD. Allows us to check for validity against the POSIX st_ctime. Keeps the IDL consistent with Samba3.3 IDL. Jeremy. (This used to be commit 29843a6b339a581de714924219632390b156aa4f)
2008-07-09 16:55:51 -07:00
typedef [public] struct {
security_descriptor *sd;
Move v2 from timestamp to 16-byte hash. Got the change in before on disk format is fixed. Jeremy.
2008-11-13 17:18:41 -08:00
uint8 hash[16];
Fix hash function in acl_xattr to be SHA256, make the hash function selectable. Upgrade version. Compiles but not fully tested yet (coming). Make vfs_acl_tdb.c compile - this needs updating to match acl_xattr (also coming soon). Jeremy.
2009-07-24 14:09:42 -07:00
} security_descriptor_hash_v2; /* Hash never used in this version. */
typedef [public] struct {
security_descriptor *sd;
uint16 hash_type;
For some strange reason using : uint8 hash[XATTR_SD_HASH_SIZE]; doesn't have the same effect as : uint8 hash[64]; Jeremy.
2009-07-24 14:13:42 -07:00
uint8 hash[64]; /* 64 bytes hash. */
Fix hash function in acl_xattr to be SHA256, make the hash function selectable. Upgrade version. Compiles but not fully tested yet (coming). Make vfs_acl_tdb.c compile - this needs updating to match acl_xattr (also coming soon). Jeremy.
2009-07-24 14:09:42 -07:00
} security_descriptor_hash_v3;
r3832: added NT ACL query/set to the posix NTVFS backend. The default ACL is based on the current nttoken, which is completely wrong, but works as a start. The ACL is stored in the xattr system.DosAcl, using a NDR encoded IDL union with a version number to allow for future expansion. pvfs does not yet check the ACL for file access. At the moment the ACL is just query/set. We also need to do some RPC work to allow the windows ACL editor to be used. At the moment is queries the ACL fine, but displays an error when it fails to map the SIDs via rpc. (This used to be commit 3a1f20d874ab2d8b2a2f2485b7a705847abf1263)
2004-11-18 03:31:35 +00:00
posixacls: Add IDL changes for vfs_acl_xattr using hash of the sys acl This will isolate the hash of the ACL from any intermediate mapping that the POSIX -> NT mapping subsystem might need to do, and which might change if we need to correct that mapping. Andrew Bartlett
2012-10-10 16:42:38 +11:00
typedef [public] struct {
security_descriptor *sd;
uint16 hash_type;
uint8 hash[64]; /* 64 bytes hash. */
utf8string description; /* description of what created
* this hash (to allow
xattr.id: Fix a typo Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Aug 18 20:49:42 CEST 2017 on sn-devel-144
2017-08-18 14:59:58 +02:00
* forensics later, if we have
posixacls: Add IDL changes for vfs_acl_xattr using hash of the sys acl This will isolate the hash of the ACL from any intermediate mapping that the POSIX -> NT mapping subsystem might need to do, and which might change if we need to correct that mapping. Andrew Bartlett
2012-10-10 16:42:38 +11:00
* a bug in one codepath */
smbd: Don't set security_descriptor_hash_v4->time This prevents de-duplication of xattrs in the backend file system where otherwise ACLs are often very similar. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Wed Jun 21 07:11:56 UTC 2023 on atb-devel-224
2023-06-20 09:56:22 +02:00
/*
* "time" is always set to 0. Left here to avoid
* bumping the union versions. Remove in case a v5 is
* necessary.
*/
posixacls: Add IDL changes for vfs_acl_xattr using hash of the sys acl This will isolate the hash of the ACL from any intermediate mapping that the POSIX -> NT mapping subsystem might need to do, and which might change if we need to correct that mapping. Andrew Bartlett
2012-10-10 16:42:38 +11:00
NTTIME time;
uint8 sys_acl_hash[64]; /* 64 bytes hash. */
} security_descriptor_hash_v4;
r5672: Use switch_type() and the token storage mechanism for unions: - Makes union handling less special - Allows unions in arrays, etc - Compatible with midl - Pidl will warn about switch_type() and the type of the switch_is() variable being different (This used to be commit dc6b4ffc82a191631bc16a4b93a4916a39183ec6)
2005-03-06 17:02:14 +00:00
typedef [switch_type(uint16)] union {
r3832: added NT ACL query/set to the posix NTVFS backend. The default ACL is based on the current nttoken, which is completely wrong, but works as a start. The ACL is stored in the xattr system.DosAcl, using a NDR encoded IDL union with a version number to allow for future expansion. pvfs does not yet check the ACL for file access. At the moment the ACL is just query/set. We also need to do some RPC work to allow the windows ACL editor to be used. At the moment is queries the ACL fine, but displays an error when it fails to map the SIDs via rpc. (This used to be commit 3a1f20d874ab2d8b2a2f2485b7a705847abf1263)
2004-11-18 03:31:35 +00:00
[case(1)] security_descriptor *sd;
Fix hash function in acl_xattr to be SHA256, make the hash function selectable. Upgrade version. Compiles but not fully tested yet (coming). Make vfs_acl_tdb.c compile - this needs updating to match acl_xattr (also coming soon). Jeremy.
2009-07-24 14:09:42 -07:00
[case(2)] security_descriptor_hash_v2 *sd_hs2;
[case(3)] security_descriptor_hash_v3 *sd_hs3;
posixacls: Add IDL changes for vfs_acl_xattr using hash of the sys acl This will isolate the hash of the ACL from any intermediate mapping that the POSIX -> NT mapping subsystem might need to do, and which might change if we need to correct that mapping. Andrew Bartlett
2012-10-10 16:42:38 +11:00
[case(4)] security_descriptor_hash_v4 *sd_hs4;
r3833: NTACL is a better xattr name than DosAcl (tpot suggested this) (This used to be commit 17911eea5995c12a2300dd3928612c77f8f0883e)
2004-11-18 03:41:50 +00:00
} xattr_NTACL_Info;
r3832: added NT ACL query/set to the posix NTVFS backend. The default ACL is based on the current nttoken, which is completely wrong, but works as a start. The ACL is stored in the xattr system.DosAcl, using a NDR encoded IDL union with a version number to allow for future expansion. pvfs does not yet check the ACL for file access. At the moment the ACL is just query/set. We also need to do some RPC work to allow the windows ACL editor to be used. At the moment is queries the ACL fine, but displays an error when it fails to map the SIDs via rpc. (This used to be commit 3a1f20d874ab2d8b2a2f2485b7a705847abf1263)
2004-11-18 03:31:35 +00:00
typedef [public] struct {
uint16 version;
r3833: NTACL is a better xattr name than DosAcl (tpot suggested this) (This used to be commit 17911eea5995c12a2300dd3928612c77f8f0883e)
2004-11-18 03:41:50 +00:00
[switch_is(version)] xattr_NTACL_Info info;
} xattr_NTACL;
idl: Provide a common wrapper for the data to hash for a non-POSIX ACL Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2012-10-24 17:06:33 +11:00
/*
* A wrapper of the common information required to be in the
* hash of the ACL, for the acl_xattr and acl_tdb modules.
*/
[public] typedef struct {
DATA_BLOB acl_as_blob;
uid_t owner;
gid_t group;
mode_t mode;
} xattr_sys_acl_hash_wrapper;
r3545: initial support for using extended attributes to hold extended dos attributes of files. I decided to use IDL/NDR to encode the attribute, as it gives us a simple way to describe and extend the saved attributes. The xattr code needs to hook into quite a few more places in the pvfs code, but this at least gets the basics done. I will start encoding alternate data streams streams, DOS EAs etc soon using the same basic mechanism. I'll probably stick to "version 1" for the xattr.idl for quite a while even though it will be changing, as I don't expect anyone to be deploying this in production just yet. Once we have production users we will need to keep compatibility by supporting all the old version numbers in xattr.idl. (This used to be commit c54253ed1b7dce1d14f43e747da61089aea87094)
2004-11-05 07:29:02 +00:00
}
Copy Permalink