[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Wed Jul 3 12:38:02 UTC 2019
The branch, master has been updated
via 9d5044fe97b s3:modules: Use hash_inode() in vfs_streams_xattr
via 10f828629bb s3:modules: Use hash_inode() in vfs_fruit
via 855540a8998 s3:modules: Allow SHA1 usage for file IDs in FIPS mode
via cf0442bff13 s3:modules: Add hash_inode() function based on SHA1
from fa2d5b3daa0 lib: Fix return of server_id_db_prune_name()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 9d5044fe97b16158260c504979a1fc808fa901d4
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 18 17:09:29 2019 +0200
s3:modules: Use hash_inode() in vfs_streams_xattr
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jul 3 12:37:12 UTC 2019 on sn-devel-184
commit 10f828629bb81a651b9e8aab002a84c053f37387
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 18 16:58:29 2019 +0200
s3:modules: Use hash_inode() in vfs_fruit
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 855540a8998630646477f2dce8911170e252e633
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jul 1 16:36:13 2019 +0200
s3:modules: Allow SHA1 usage for file IDs in FIPS mode
This is non-cryptographic use!
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit cf0442bff13e37507bc37455f2823d0179f783aa
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 18 16:56:43 2019 +0200
s3:modules: Add hash_inode() function based on SHA1
This should use SHA1 as modern CPUs have SHA NI instruction support.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/modules/hash_inode.c | 95 ++++++++++++++++++++++
.../modules/hash_inode.h | 16 ++--
source3/modules/vfs_fruit.c | 80 +++---------------
source3/modules/vfs_streams_xattr.c | 65 +--------------
source3/modules/wscript_build | 8 +-
5 files changed, 122 insertions(+), 142 deletions(-)
create mode 100644 source3/modules/hash_inode.c
copy lib/mscat/mscat_private.h => source3/modules/hash_inode.h (73%)
Changeset truncated at 500 lines:
diff --git a/source3/modules/hash_inode.c b/source3/modules/hash_inode.c
new file mode 100644
index 00000000000..231538c72cb
--- /dev/null
+++ b/source3/modules/hash_inode.c
@@ -0,0 +1,95 @@
+/*
+ * Unix SMB/Netbios implementation.
+ *
+ * Copyright (c) 2019 Andreas Schneider <asn at samba.org>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "hash_inode.h"
+
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
+/* Those macros are only available in GnuTLS >= 3.6.4 */
+#ifndef GNUTLS_FIPS140_SET_LAX_MODE
+#define GNUTLS_FIPS140_SET_LAX_MODE()
+#endif
+
+#ifndef GNUTLS_FIPS140_SET_STRICT_MODE
+#define GNUTLS_FIPS140_SET_STRICT_MODE()
+#endif
+
+SMB_INO_T hash_inode(const SMB_STRUCT_STAT *sbuf, const char *sname)
+{
+ gnutls_hash_hd_t hash_hnd = NULL;
+ uint8_t digest[gnutls_hash_get_len(GNUTLS_DIG_SHA1)];
+ char *upper_sname = NULL;
+ SMB_INO_T result = 0;
+ int rc;
+
+ DBG_DEBUG("hash_inode called for %ju/%ju [%s]\n",
+ (uintmax_t)sbuf->st_ex_dev,
+ (uintmax_t)sbuf->st_ex_ino,
+ sname);
+
+ upper_sname = talloc_strdup_upper(talloc_tos(), sname);
+ SMB_ASSERT(upper_sname != NULL);
+
+ GNUTLS_FIPS140_SET_LAX_MODE();
+
+ rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_SHA1);
+ if (rc < 0) {
+ goto out;
+ }
+
+ rc = gnutls_hash(hash_hnd,
+ &(sbuf->st_ex_dev),
+ sizeof(sbuf->st_ex_dev));
+ if (rc < 0) {
+ gnutls_hash_deinit(hash_hnd, NULL);
+ goto out;
+ }
+ rc = gnutls_hash(hash_hnd,
+ &(sbuf->st_ex_ino),
+ sizeof(sbuf->st_ex_ino));
+ if (rc < 0) {
+ gnutls_hash_deinit(hash_hnd, NULL);
+ goto out;
+ }
+ rc = gnutls_hash(hash_hnd,
+ upper_sname,
+ talloc_get_size(upper_sname) - 1);
+ if (rc < 0) {
+ gnutls_hash_deinit(hash_hnd, NULL);
+ goto out;
+ }
+
+ gnutls_hash_deinit(hash_hnd, digest);
+
+ memcpy(&result, digest, sizeof(result));
+ DBG_DEBUG("fruit_inode \"%s\": ino=%ju\n",
+ sname, (uintmax_t)result);
+
+out:
+ GNUTLS_FIPS140_SET_STRICT_MODE();
+ TALLOC_FREE(upper_sname);
+
+ DBG_DEBUG("hash_inode '%s': ino=%ju\n",
+ sname,
+ (uintmax_t)result);
+
+ return result;
+}
diff --git a/lib/mscat/mscat_private.h b/source3/modules/hash_inode.h
similarity index 73%
copy from lib/mscat/mscat_private.h
copy to source3/modules/hash_inode.h
index d79b364ceb0..e08fc48aa15 100644
--- a/lib/mscat/mscat_private.h
+++ b/source3/modules/hash_inode.h
@@ -1,5 +1,7 @@
/*
- * Copyright (c) 2016 Andreas Schneider <asn at samba.org>
+ * Unix SMB/Netbios implementation.
+ *
+ * Copyright (c) 2019 Andreas Schneider <asn at samba.org>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,13 +17,9 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#ifndef _MSCAT_PRIVATE_H
-#define _MSCAT_PRIVATE_H
-
-#include <gnutls/pkcs7.h>
+#ifndef _HASH_INODE_H
+#define _HASH_INODE_H
-struct mscat_pkcs7 {
- gnutls_pkcs7_t c;
-};
+SMB_INO_T hash_inode(const SMB_STRUCT_STAT *sbuf, const char *sname);
-#endif /* _MSCAT_PRIVATE_H */
+#endif /* _HASH_INODE_H */
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index 78ea5140464..b5b8538457e 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -32,9 +32,7 @@
#include "lib/util/tevent_unix.h"
#include "offload_token.h"
#include "string_replace.h"
-
-#include <gnutls/gnutls.h>
-#include <gnutls/crypto.h>
+#include "hash_inode.h"
/*
* Enhanced OS X and Netatalk compatibility
@@ -2364,64 +2362,6 @@ static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *data)
return ai;
}
-/**
- * Fake an inode number from the md5 hash of the (xattr) name
- **/
-static SMB_INO_T fruit_inode(const SMB_STRUCT_STAT *sbuf, const char *sname)
-{
- gnutls_hash_hd_t hash_hnd = NULL;
- unsigned char hash[16];
- SMB_INO_T result = 0;
- char *upper_sname;
- int rc;
-
- DBG_DEBUG("fruit_inode called for %ju/%ju [%s]\n",
- (uintmax_t)sbuf->st_ex_dev,
- (uintmax_t)sbuf->st_ex_ino, sname);
-
- upper_sname = talloc_strdup_upper(talloc_tos(), sname);
- SMB_ASSERT(upper_sname != NULL);
-
- rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
- if (rc < 0) {
- goto out;
- }
-
- rc = gnutls_hash(hash_hnd, &(sbuf->st_ex_dev), sizeof(sbuf->st_ex_dev));
- if (rc < 0) {
- gnutls_hash_deinit(hash_hnd, NULL);
- goto out;
- }
- rc = gnutls_hash(hash_hnd,
- &(sbuf->st_ex_ino),
- sizeof(sbuf->st_ex_ino));
- if (rc < 0) {
- gnutls_hash_deinit(hash_hnd, NULL);
- goto out;
- }
- rc = gnutls_hash(hash_hnd,
- upper_sname,
- talloc_get_size(upper_sname) - 1);
- if (rc < 0) {
- gnutls_hash_deinit(hash_hnd, NULL);
- goto out;
- }
-
- gnutls_hash_deinit(hash_hnd, hash);
-
- /* Hopefully all the variation is in the lower 4 (or 8) bytes! */
- memcpy(&result, hash, sizeof(result));
- ZERO_ARRAY(hash);
-
- DBG_DEBUG("fruit_inode \"%s\": ino=%ju\n",
- sname, (uintmax_t)result);
-
-out:
- TALLOC_FREE(upper_sname);
-
- return result;
-}
-
static bool add_fruit_stream(TALLOC_CTX *mem_ctx, unsigned int *num_streams,
struct stream_struct **streams,
const char *name, off_t size,
@@ -5013,7 +4953,7 @@ static int fruit_stat_meta_stream(vfs_handle_struct *handle,
return -1;
}
- ino = fruit_inode(&smb_fname->st, smb_fname->stream_name);
+ ino = hash_inode(&smb_fname->st, smb_fname->stream_name);
if (follow_links) {
ret = SMB_VFS_NEXT_STAT(handle, smb_fname);
@@ -5046,7 +4986,7 @@ static int fruit_stat_meta_netatalk(vfs_handle_struct *handle,
return -1;
}
smb_fname->st.st_ex_size = AFP_INFO_SIZE;
- smb_fname->st.st_ex_ino = fruit_inode(&smb_fname->st,
+ smb_fname->st.st_ex_ino = hash_inode(&smb_fname->st,
smb_fname->stream_name);
return 0;
}
@@ -5099,7 +5039,7 @@ static int fruit_stat_rsrc_netatalk(vfs_handle_struct *handle,
}
smb_fname->st.st_ex_size = ad_getentrylen(ad, ADEID_RFORK);
- smb_fname->st.st_ex_ino = fruit_inode(&smb_fname->st,
+ smb_fname->st.st_ex_ino = hash_inode(&smb_fname->st,
smb_fname->stream_name);
TALLOC_FREE(ad);
return 0;
@@ -5151,8 +5091,8 @@ static int fruit_stat_rsrc_xattr(vfs_handle_struct *handle,
close(fd);
fd = -1;
- smb_fname->st.st_ex_ino = fruit_inode(&smb_fname->st,
- smb_fname->stream_name);
+ smb_fname->st.st_ex_ino = hash_inode(&smb_fname->st,
+ smb_fname->stream_name);
return ret;
@@ -5293,7 +5233,7 @@ static int fruit_fstat_meta_stream(vfs_handle_struct *handle,
*sbuf = fsp->base_fsp->fsp_name->st;
sbuf->st_ex_size = AFP_INFO_SIZE;
- sbuf->st_ex_ino = fruit_inode(sbuf, fsp->fsp_name->stream_name);
+ sbuf->st_ex_ino = hash_inode(sbuf, fsp->fsp_name->stream_name);
return 0;
}
@@ -5307,7 +5247,7 @@ static int fruit_fstat_meta_stream(vfs_handle_struct *handle,
}
*sbuf = smb_fname.st;
- ino = fruit_inode(sbuf, fsp->fsp_name->stream_name);
+ ino = hash_inode(sbuf, fsp->fsp_name->stream_name);
ret = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
if (ret != 0) {
@@ -5331,7 +5271,7 @@ static int fruit_fstat_meta_netatalk(vfs_handle_struct *handle,
*sbuf = fsp->base_fsp->fsp_name->st;
sbuf->st_ex_size = AFP_INFO_SIZE;
- sbuf->st_ex_ino = fruit_inode(sbuf, fsp->fsp_name->stream_name);
+ sbuf->st_ex_ino = hash_inode(sbuf, fsp->fsp_name->stream_name);
return 0;
}
@@ -5401,7 +5341,7 @@ static int fruit_fstat_rsrc_adouble(vfs_handle_struct *handle,
*sbuf = fsp->base_fsp->fsp_name->st;
sbuf->st_ex_size = ad_getentrylen(ad, ADEID_RFORK);
- sbuf->st_ex_ino = fruit_inode(sbuf, fsp->fsp_name->stream_name);
+ sbuf->st_ex_ino = hash_inode(sbuf, fsp->fsp_name->stream_name);
TALLOC_FREE(ad);
return 0;
diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c
index 4050d9319fe..3e840d9535e 100644
--- a/source3/modules/vfs_streams_xattr.c
+++ b/source3/modules/vfs_streams_xattr.c
@@ -26,9 +26,7 @@
#include "system/filesys.h"
#include "lib/util/tevent_unix.h"
#include "librpc/gen_ndr/ioctl.h"
-
-#include <gnutls/gnutls.h>
-#include <gnutls/crypto.h>
+#include "hash_inode.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_VFS
@@ -47,61 +45,6 @@ struct stream_io {
vfs_handle_struct *handle;
};
-static SMB_INO_T stream_inode(const SMB_STRUCT_STAT *sbuf, const char *sname)
-{
- unsigned char hash[16];
- gnutls_hash_hd_t hash_hnd = NULL;
- SMB_INO_T result = 0;
- char *upper_sname;
- int rc;
-
- DEBUG(10, ("stream_inode called for %lu/%lu [%s]\n",
- (unsigned long)sbuf->st_ex_dev,
- (unsigned long)sbuf->st_ex_ino, sname));
-
- upper_sname = talloc_strdup_upper(talloc_tos(), sname);
- SMB_ASSERT(upper_sname != NULL);
-
- rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
- if (rc < 0) {
- goto out;
- }
-
- rc = gnutls_hash(hash_hnd, &(sbuf->st_ex_dev), sizeof(sbuf->st_ex_dev));
- if (rc < 0) {
- gnutls_hash_deinit(hash_hnd, NULL);
- goto out;
- }
- rc = gnutls_hash(hash_hnd,
- &(sbuf->st_ex_ino),
- sizeof(sbuf->st_ex_ino));
- if (rc < 0) {
- gnutls_hash_deinit(hash_hnd, NULL);
- goto out;
- }
- rc = gnutls_hash(hash_hnd,
- upper_sname,
- talloc_get_size(upper_sname) - 1);
- if (rc < 0) {
- gnutls_hash_deinit(hash_hnd, NULL);
- goto out;
- }
-
- gnutls_hash_deinit(hash_hnd, hash);
-
-
- /* Hopefully all the variation is in the lower 4 (or 8) bytes! */
- memcpy(&result, hash, sizeof(result));
- ZERO_ARRAY(hash);
-
- DEBUG(10, ("stream_inode returns %lu\n", (unsigned long)result));
-
-out:
- TALLOC_FREE(upper_sname);
-
- return result;
-}
-
static ssize_t get_xattr_size(connection_struct *conn,
const struct smb_filename *smb_fname,
const char *xattr_name)
@@ -304,7 +247,7 @@ static int streams_xattr_fstat(vfs_handle_struct *handle, files_struct *fsp,
DEBUG(10, ("sbuf->st_ex_size = %d\n", (int)sbuf->st_ex_size));
- sbuf->st_ex_ino = stream_inode(sbuf, io->xattr_name);
+ sbuf->st_ex_ino = hash_inode(sbuf, io->xattr_name);
sbuf->st_ex_mode &= ~S_IFMT;
sbuf->st_ex_mode &= ~S_IFDIR;
sbuf->st_ex_mode |= S_IFREG;
@@ -359,7 +302,7 @@ static int streams_xattr_stat(vfs_handle_struct *handle,
goto fail;
}
- smb_fname->st.st_ex_ino = stream_inode(&smb_fname->st, xattr_name);
+ smb_fname->st.st_ex_ino = hash_inode(&smb_fname->st, xattr_name);
smb_fname->st.st_ex_mode &= ~S_IFMT;
smb_fname->st.st_ex_mode &= ~S_IFDIR;
smb_fname->st.st_ex_mode |= S_IFREG;
@@ -412,7 +355,7 @@ static int streams_xattr_lstat(vfs_handle_struct *handle,
goto fail;
}
- smb_fname->st.st_ex_ino = stream_inode(&smb_fname->st, xattr_name);
+ smb_fname->st.st_ex_ino = hash_inode(&smb_fname->st, xattr_name);
smb_fname->st.st_ex_mode &= ~S_IFMT;
smb_fname->st.st_ex_mode |= S_IFREG;
smb_fname->st.st_ex_blocks =
diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build
index 35010bb0e3b..5e0047da917 100644
--- a/source3/modules/wscript_build
+++ b/source3/modules/wscript_build
@@ -36,6 +36,10 @@ bld.SAMBA3_SUBSYSTEM('OFFLOAD_TOKEN',
bld.SAMBA3_SUBSYSTEM('STRING_REPLACE',
source='string_replace.c')
+bld.SAMBA3_SUBSYSTEM('HASH_INODE',
+ source='hash_inode.c',
+ deps='gnutls')
+
#
# This is always be static, see
# source3/wscript: required_static_modules
@@ -119,7 +123,7 @@ bld.SAMBA3_MODULE('vfs_netatalk',
bld.SAMBA3_MODULE('vfs_fruit',
subsystem='vfs',
source='vfs_fruit.c',
- deps='samba-util OFFLOAD_TOKEN STRING_REPLACE',
+ deps='samba-util OFFLOAD_TOKEN STRING_REPLACE HASH_INODE',
init_function='',
internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_fruit'),
enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_fruit'))
@@ -311,7 +315,7 @@ bld.SAMBA3_MODULE('vfs_catia',
bld.SAMBA3_MODULE('vfs_streams_xattr',
subsystem='vfs',
source='vfs_streams_xattr.c',
- deps='samba-util',
+ deps='samba-util HASH_INODE',
init_function='',
internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_streams_xattr'),
enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_streams_xattr'))
--
Samba Shared Repository
More information about the samba-cvs
mailing list