[SCM] Samba Shared Repository - branch v3-3-test updated -
release-3-2-0pre2-4368-g9393c99
Jeremy Allison
jra at samba.org
Fri Nov 14 01:19:08 GMT 2008
The branch, v3-3-test has been updated
via 9393c99a834724d66b027e73adaa82cfedb97185 (commit)
from 86deff8d6e6b8e094b15a4e5392098d9b23e5ff5 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit 9393c99a834724d66b027e73adaa82cfedb97185
Author: Jeremy Allison <jra at samba.org>
Date: Thu Nov 13 17:18:06 2008 -0800
Move v2 from timestamp to 16-byte hash. Got the change in before on disk format is fixed.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source/librpc/gen_ndr/ndr_xattr.c | 48 ++++++++++++++++++------------------
source/librpc/gen_ndr/ndr_xattr.h | 6 ++--
source/librpc/gen_ndr/xattr.h | 6 ++--
source/librpc/idl/xattr.idl | 10 ++++----
source/modules/vfs_acl_tdb.c | 30 +++++++---------------
source/modules/vfs_acl_xattr.c | 30 +++++++---------------
6 files changed, 55 insertions(+), 75 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/librpc/gen_ndr/ndr_xattr.c b/source/librpc/gen_ndr/ndr_xattr.c
index 9236983..2574716 100644
--- a/source/librpc/gen_ndr/ndr_xattr.c
+++ b/source/librpc/gen_ndr/ndr_xattr.c
@@ -100,12 +100,12 @@ _PUBLIC_ void ndr_print_tdb_xattrs(struct ndr_print *ndr, const char *name, cons
ndr->depth--;
}
-_PUBLIC_ enum ndr_err_code ndr_push_security_descriptor_timestamp(struct ndr_push *ndr, int ndr_flags, const struct security_descriptor_timestamp *r)
+_PUBLIC_ enum ndr_err_code ndr_push_security_descriptor_hash(struct ndr_push *ndr, int ndr_flags, const struct security_descriptor_hash *r)
{
if (ndr_flags & NDR_SCALARS) {
NDR_CHECK(ndr_push_align(ndr, 4));
NDR_CHECK(ndr_push_unique_ptr(ndr, r->sd));
- NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->last_changed));
+ NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->hash, 16));
}
if (ndr_flags & NDR_BUFFERS) {
if (r->sd) {
@@ -115,7 +115,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_descriptor_timestamp(struct ndr_pus
return NDR_ERR_SUCCESS;
}
-_PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor_timestamp(struct ndr_pull *ndr, int ndr_flags, struct security_descriptor_timestamp *r)
+_PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor_hash(struct ndr_pull *ndr, int ndr_flags, struct security_descriptor_hash *r)
{
uint32_t _ptr_sd;
TALLOC_CTX *_mem_save_sd_0;
@@ -127,7 +127,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor_timestamp(struct ndr_pul
} else {
r->sd = NULL;
}
- NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->last_changed));
+ NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->hash, 16));
}
if (ndr_flags & NDR_BUFFERS) {
if (r->sd) {
@@ -140,9 +140,9 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor_timestamp(struct ndr_pul
return NDR_ERR_SUCCESS;
}
-_PUBLIC_ void ndr_print_security_descriptor_timestamp(struct ndr_print *ndr, const char *name, const struct security_descriptor_timestamp *r)
+_PUBLIC_ void ndr_print_security_descriptor_hash(struct ndr_print *ndr, const char *name, const struct security_descriptor_hash *r)
{
- ndr_print_struct(ndr, name, "security_descriptor_timestamp");
+ ndr_print_struct(ndr, name, "security_descriptor_hash");
ndr->depth++;
ndr_print_ptr(ndr, "sd", r->sd);
ndr->depth++;
@@ -150,7 +150,7 @@ _PUBLIC_ void ndr_print_security_descriptor_timestamp(struct ndr_print *ndr, con
ndr_print_security_descriptor(ndr, "sd", r->sd);
}
ndr->depth--;
- ndr_print_NTTIME(ndr, "last_changed", r->last_changed);
+ ndr_print_array_uint8(ndr, "hash", r->hash, 16);
ndr->depth--;
}
@@ -165,7 +165,7 @@ static enum ndr_err_code ndr_push_xattr_NTACL_Info(struct ndr_push *ndr, int ndr
break; }
case 2: {
- NDR_CHECK(ndr_push_unique_ptr(ndr, r->sd_ts));
+ NDR_CHECK(ndr_push_unique_ptr(ndr, r->sd_hs));
break; }
default:
@@ -182,8 +182,8 @@ static enum ndr_err_code ndr_push_xattr_NTACL_Info(struct ndr_push *ndr, int ndr
break;
case 2:
- if (r->sd_ts) {
- NDR_CHECK(ndr_push_security_descriptor_timestamp(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd_ts));
+ if (r->sd_hs) {
+ NDR_CHECK(ndr_push_security_descriptor_hash(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd_hs));
}
break;
@@ -199,7 +199,7 @@ static enum ndr_err_code ndr_pull_xattr_NTACL_Info(struct ndr_pull *ndr, int ndr
int level;
uint16_t _level;
TALLOC_CTX *_mem_save_sd_0;
- TALLOC_CTX *_mem_save_sd_ts_0;
+ TALLOC_CTX *_mem_save_sd_hs_0;
level = ndr_pull_get_switch_value(ndr, r);
if (ndr_flags & NDR_SCALARS) {
NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level));
@@ -218,12 +218,12 @@ static enum ndr_err_code ndr_pull_xattr_NTACL_Info(struct ndr_pull *ndr, int ndr
break; }
case 2: {
- uint32_t _ptr_sd_ts;
- NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sd_ts));
- if (_ptr_sd_ts) {
- NDR_PULL_ALLOC(ndr, r->sd_ts);
+ uint32_t _ptr_sd_hs;
+ NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sd_hs));
+ if (_ptr_sd_hs) {
+ NDR_PULL_ALLOC(ndr, r->sd_hs);
} else {
- r->sd_ts = NULL;
+ r->sd_hs = NULL;
}
break; }
@@ -243,11 +243,11 @@ static enum ndr_err_code ndr_pull_xattr_NTACL_Info(struct ndr_pull *ndr, int ndr
break;
case 2:
- if (r->sd_ts) {
- _mem_save_sd_ts_0 = NDR_PULL_GET_MEM_CTX(ndr);
- NDR_PULL_SET_MEM_CTX(ndr, r->sd_ts, 0);
- NDR_CHECK(ndr_pull_security_descriptor_timestamp(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd_ts));
- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sd_ts_0, 0);
+ if (r->sd_hs) {
+ _mem_save_sd_hs_0 = NDR_PULL_GET_MEM_CTX(ndr);
+ NDR_PULL_SET_MEM_CTX(ndr, r->sd_hs, 0);
+ NDR_CHECK(ndr_pull_security_descriptor_hash(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd_hs));
+ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sd_hs_0, 0);
}
break;
@@ -274,10 +274,10 @@ _PUBLIC_ void ndr_print_xattr_NTACL_Info(struct ndr_print *ndr, const char *name
break;
case 2:
- ndr_print_ptr(ndr, "sd_ts", r->sd_ts);
+ ndr_print_ptr(ndr, "sd_hs", r->sd_hs);
ndr->depth++;
- if (r->sd_ts) {
- ndr_print_security_descriptor_timestamp(ndr, "sd_ts", r->sd_ts);
+ if (r->sd_hs) {
+ ndr_print_security_descriptor_hash(ndr, "sd_hs", r->sd_hs);
}
ndr->depth--;
break;
diff --git a/source/librpc/gen_ndr/ndr_xattr.h b/source/librpc/gen_ndr/ndr_xattr.h
index 21c5ae0..add61b9 100644
--- a/source/librpc/gen_ndr/ndr_xattr.h
+++ b/source/librpc/gen_ndr/ndr_xattr.h
@@ -13,9 +13,9 @@ void ndr_print_tdb_xattr(struct ndr_print *ndr, const char *name, const struct t
enum ndr_err_code ndr_push_tdb_xattrs(struct ndr_push *ndr, int ndr_flags, const struct tdb_xattrs *r);
enum ndr_err_code ndr_pull_tdb_xattrs(struct ndr_pull *ndr, int ndr_flags, struct tdb_xattrs *r);
void ndr_print_tdb_xattrs(struct ndr_print *ndr, const char *name, const struct tdb_xattrs *r);
-enum ndr_err_code ndr_push_security_descriptor_timestamp(struct ndr_push *ndr, int ndr_flags, const struct security_descriptor_timestamp *r);
-enum ndr_err_code ndr_pull_security_descriptor_timestamp(struct ndr_pull *ndr, int ndr_flags, struct security_descriptor_timestamp *r);
-void ndr_print_security_descriptor_timestamp(struct ndr_print *ndr, const char *name, const struct security_descriptor_timestamp *r);
+enum ndr_err_code ndr_push_security_descriptor_hash(struct ndr_push *ndr, int ndr_flags, const struct security_descriptor_hash *r);
+enum ndr_err_code ndr_pull_security_descriptor_hash(struct ndr_pull *ndr, int ndr_flags, struct security_descriptor_hash *r);
+void ndr_print_security_descriptor_hash(struct ndr_print *ndr, const char *name, const struct security_descriptor_hash *r);
void ndr_print_xattr_NTACL_Info(struct ndr_print *ndr, const char *name, const union xattr_NTACL_Info *r);
enum ndr_err_code ndr_push_xattr_NTACL(struct ndr_push *ndr, int ndr_flags, const struct xattr_NTACL *r);
enum ndr_err_code ndr_pull_xattr_NTACL(struct ndr_pull *ndr, int ndr_flags, struct xattr_NTACL *r);
diff --git a/source/librpc/gen_ndr/xattr.h b/source/librpc/gen_ndr/xattr.h
index b0b9db9..e2bdfb3 100644
--- a/source/librpc/gen_ndr/xattr.h
+++ b/source/librpc/gen_ndr/xattr.h
@@ -16,14 +16,14 @@ struct tdb_xattrs {
struct tdb_xattr *xattrs;
}/* [public] */;
-struct security_descriptor_timestamp {
+struct security_descriptor_hash {
struct security_descriptor *sd;/* [unique] */
- NTTIME last_changed;
+ uint8_t hash[16];
}/* [public] */;
union xattr_NTACL_Info {
struct security_descriptor *sd;/* [unique,case] */
- struct security_descriptor_timestamp *sd_ts;/* [unique,case(2)] */
+ struct security_descriptor_hash *sd_hs;/* [unique,case(2)] */
}/* [switch_type(uint16)] */;
struct xattr_NTACL {
diff --git a/source/librpc/idl/xattr.idl b/source/librpc/idl/xattr.idl
index 23af2df..41b6479 100644
--- a/source/librpc/idl/xattr.idl
+++ b/source/librpc/idl/xattr.idl
@@ -30,20 +30,20 @@ interface xattr
stored in "security.NTACL"
Version 1. raw SD stored as Samba4 does it.
- Version 2. raw SD + last changed timestamp so we
- can discard if this doesn't match the POSIX st_ctime.
+ Version 2. raw SD + last changed hash so we
+ can discard if this doesn't match the underlying ACL hash.
*/
const char *XATTR_NTACL_NAME = "security.NTACL";
typedef [public] struct {
security_descriptor *sd;
- NTTIME last_changed;
- } security_descriptor_timestamp;
+ uint8 hash[16];
+ } security_descriptor_hash;
typedef [switch_type(uint16)] union {
[case(1)] security_descriptor *sd;
- [case(2)] security_descriptor_timestamp *sd_ts;
+ [case(2)] security_descriptor_hash *sd_hs;
} xattr_NTACL_Info;
typedef [public] struct {
diff --git a/source/modules/vfs_acl_tdb.c b/source/modules/vfs_acl_tdb.c
index be49bb7..7eb7c94 100644
--- a/source/modules/vfs_acl_tdb.c
+++ b/source/modules/vfs_acl_tdb.c
@@ -125,15 +125,15 @@ static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob,
return NT_STATUS_REVISION_MISMATCH;
}
- *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION, xacl.info.sd_ts->sd->type | SEC_DESC_SELF_RELATIVE,
+ *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION, xacl.info.sd_hs->sd->type | SEC_DESC_SELF_RELATIVE,
(security_info & OWNER_SECURITY_INFORMATION)
- ? xacl.info.sd_ts->sd->owner_sid : NULL,
+ ? xacl.info.sd_hs->sd->owner_sid : NULL,
(security_info & GROUP_SECURITY_INFORMATION)
- ? xacl.info.sd_ts->sd->group_sid : NULL,
+ ? xacl.info.sd_hs->sd->group_sid : NULL,
(security_info & SACL_SECURITY_INFORMATION)
- ? xacl.info.sd_ts->sd->sacl : NULL,
+ ? xacl.info.sd_hs->sd->sacl : NULL,
(security_info & DACL_SECURITY_INFORMATION)
- ? xacl.info.sd_ts->sd->dacl : NULL,
+ ? xacl.info.sd_hs->sd->dacl : NULL,
&sd_size);
TALLOC_FREE(xacl.info.sd);
@@ -199,27 +199,17 @@ static NTSTATUS get_acl_blob(TALLOC_CTX *ctx,
static NTSTATUS create_acl_blob(const struct security_descriptor *psd, DATA_BLOB *pblob)
{
struct xattr_NTACL xacl;
- struct security_descriptor_timestamp sd_ts;
+ struct security_descriptor_hash sd_hs;
enum ndr_err_code ndr_err;
TALLOC_CTX *ctx = talloc_tos();
- struct timespec curr = timespec_current();
ZERO_STRUCT(xacl);
- ZERO_STRUCT(sd_ts);
-
- /* Horrid hack as setting an xattr changes the ctime
- * on Linux. This gives a race of 1 second during
- * which we would not see a POSIX ACL set.
- */
- curr.tv_sec += 1;
+ ZERO_STRUCT(sd_hs);
xacl.version = 2;
- xacl.info.sd_ts = &sd_ts;
- xacl.info.sd_ts->sd = CONST_DISCARD(struct security_descriptor *, psd);
- unix_timespec_to_nt_time(&xacl.info.sd_ts->last_changed, curr);
-
- DEBUG(10, ("create_acl_blob: timestamp stored as %s\n",
- timestring(ctx, curr.tv_sec) ));
+ xacl.info.sd_hs = &sd_hs;
+ xacl.info.sd_hs->sd = CONST_DISCARD(struct security_descriptor *, psd);
+ memset(&xacl.info.sd_hs->hash[0], '\0', 16);
ndr_err = ndr_push_struct_blob(
pblob, ctx, &xacl,
diff --git a/source/modules/vfs_acl_xattr.c b/source/modules/vfs_acl_xattr.c
index 7a1cbe0..75ae165 100644
--- a/source/modules/vfs_acl_xattr.c
+++ b/source/modules/vfs_acl_xattr.c
@@ -53,15 +53,15 @@ static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob,
return NT_STATUS_REVISION_MISMATCH;
}
- *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION, xacl.info.sd_ts->sd->type | SEC_DESC_SELF_RELATIVE,
+ *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION, xacl.info.sd_hs->sd->type | SEC_DESC_SELF_RELATIVE,
(security_info & OWNER_SECURITY_INFORMATION)
- ? xacl.info.sd_ts->sd->owner_sid : NULL,
+ ? xacl.info.sd_hs->sd->owner_sid : NULL,
(security_info & GROUP_SECURITY_INFORMATION)
- ? xacl.info.sd_ts->sd->group_sid : NULL,
+ ? xacl.info.sd_hs->sd->group_sid : NULL,
(security_info & SACL_SECURITY_INFORMATION)
- ? xacl.info.sd_ts->sd->sacl : NULL,
+ ? xacl.info.sd_hs->sd->sacl : NULL,
(security_info & DACL_SECURITY_INFORMATION)
- ? xacl.info.sd_ts->sd->dacl : NULL,
+ ? xacl.info.sd_hs->sd->dacl : NULL,
&sd_size);
TALLOC_FREE(xacl.info.sd);
@@ -134,27 +134,17 @@ static NTSTATUS get_acl_blob(TALLOC_CTX *ctx,
static NTSTATUS create_acl_blob(const struct security_descriptor *psd, DATA_BLOB *pblob)
{
struct xattr_NTACL xacl;
- struct security_descriptor_timestamp sd_ts;
+ struct security_descriptor_hash sd_hs;
enum ndr_err_code ndr_err;
TALLOC_CTX *ctx = talloc_tos();
- struct timespec curr = timespec_current();
ZERO_STRUCT(xacl);
- ZERO_STRUCT(sd_ts);
-
- /* Horrid hack as setting an xattr changes the ctime
- * on Linux. This gives a race of 1 second during
- * which we would not see a POSIX ACL set.
- */
- curr.tv_sec += 1;
+ ZERO_STRUCT(sd_hs);
xacl.version = 2;
- xacl.info.sd_ts = &sd_ts;
- xacl.info.sd_ts->sd = CONST_DISCARD(struct security_descriptor *, psd);
- unix_timespec_to_nt_time(&xacl.info.sd_ts->last_changed, curr);
-
- DEBUG(10, ("create_acl_blob: timestamp stored as %s\n",
- timestring(ctx, curr.tv_sec) ));
+ xacl.info.sd_hs = &sd_hs;
+ xacl.info.sd_hs->sd = CONST_DISCARD(struct security_descriptor *, psd);
+ memset(&xacl.info.sd_hs->hash[0], '\0', 16);
ndr_err = ndr_push_struct_blob(
pblob, ctx, &xacl,
--
Samba Shared Repository
More information about the samba-cvs
mailing list