Merge branch 'candidate-5.6.0' into candidate-6.0.0

Signed-off-by: Richard Chapman <rchapman@hpccsystems.com>

esp/services/ws_access/ws_accessService.cpp

@@ -1941,7 +1941,7 @@ bool Cws_accessEx::onResourceAdd(IEspContext &context, IEspResourceAddRequest &r
 
             ISecResource* r = rlist->addResource(namebuf.str());
             r->setDescription(req.getDescription());
-            secmgr->addResourcesEx(rtype, *usr, rlist, PT_DEFAULT, req.getBasedn());
+            secmgr->addResourcesEx(rtype, *usr, rlist, PT_ADMINISTRATORS_ONLY, req.getBasedn());
 
             if(str2type(req.getRtype()) == RT_FILE_SCOPE && newResources.ordinality())
             {

plugins/workunitservices/workunitservices.ipp

@@ -78,6 +78,42 @@ inline void varAppendMax(MemoryBuffer &mb,unsigned w,const char *str, size32_t l
 
 // This is use by sasha - it's a real mess
 
+inline void convertTimestampToStr(unsigned __int64 timestamp, StringBuffer& timeStr, bool formatTZ)
+{
+    formatStatistic(timeStr, timestamp, SMeasureTimestampUs);
+    if (formatTZ)
+    {
+        timeStr.setCharAt(19, 'Z'); //Match with old timestamp
+        timeStr.setLength(20); //Match with old timestamp
+    }
+}
+
+inline const char* readCreateTime(IPropertyTree& pt, StringBuffer& time, bool formatTZ)
+{
+    time.clear();
+    unsigned __int64 value = pt.getPropInt64("Statistics/Statistic[@s='global'][@kind='WhenCreated']/@value", 0);
+    if (value > 0)
+        convertTimestampToStr(value, time, formatTZ);
+    return time.str();
+}
+
+inline const char* readModifyTime(IPropertyTree& pt, StringBuffer& time, bool formatTZ)
+{
+    time.clear();
+    unsigned __int64 value = 0;
+    Owned<IPropertyTreeIterator> stats = pt.getElements("Statistics/Statistic[@s='global'][@kind='WhenWorkunitModified']");
+    ForEach(*stats)
+    {
+        IPropertyTree& stat = stats->query();
+        unsigned __int64 val = stat.getPropInt64("@value", 0);
+        if (val > value)
+            value = val;
+    }
+    if (value > 0)
+        convertTimestampToStr(value, time, formatTZ);
+    return time.str();
+}
+
 inline bool serializeWUSrow(IPropertyTree &pt,MemoryBuffer &mb, bool isonline)
 {
     mb.setEndian(__LITTLE_ENDIAN);
@@ -91,13 +127,27 @@ inline bool serializeWUSrow(IPropertyTree &pt,MemoryBuffer &mb, bool isonline)
     short int prioritylevel = calcPriorityValue(&pt);
     mb.appendEndian(sizeof(prioritylevel), &prioritylevel);
 
-    const char *mod = "TimeStamps/TimeStamp[@application=\"workunit\"]/Modified";
-    const char *crt = "TimeStamps/TimeStamp[@application=\"workunit\"]/Created";
-    fixedAppend(mb,20,pt,crt);
-    if (pt.hasProp(mod))
-        fixedAppend(mb,20,pt,mod);
+    StringBuffer crtTime, modTime;
+    readModifyTime(pt, modTime, true);
+    readCreateTime(pt, crtTime, true);
+    if (crtTime.length())
+    {
+        fixedAppend(mb, 20, crtTime.str(), crtTime.length());
+        if (modTime.length())
+            fixedAppend(mb, 20, modTime.str(), modTime.length());
+        else
+            fixedAppend(mb, 20, crtTime.str(), crtTime.length());
+    }
     else
+    {
+        const char *mod = "TimeStamps/TimeStamp[@application=\"workunit\"]/Modified";
+        const char *crt = "TimeStamps/TimeStamp[@application=\"workunit\"]/Created";
         fixedAppend(mb,20,pt,crt);
+        if (pt.hasProp(mod))
+            fixedAppend(mb,20,pt,mod);
+        else
+            fixedAppend(mb,20,pt,crt);
+    }
     byte online = isonline?1:0;
     mb.append(online);
     byte prot = pt.getPropBool("@protected")?1:0;

system/security/LdapSecurity/ldapconnection.cpp

@@ -1350,13 +1350,13 @@ public:
             {
             }
         }
-        createLdapBasedn(NULL, m_ldapconfig->getResourceBasedn(RT_DEFAULT), PT_DEFAULT);
-        createLdapBasedn(NULL, m_ldapconfig->getResourceBasedn(RT_FILE_SCOPE), PT_DEFAULT);
-        createLdapBasedn(NULL, m_ldapconfig->getResourceBasedn(RT_WORKUNIT_SCOPE), PT_DEFAULT);
-        createLdapBasedn(NULL, m_ldapconfig->getResourceBasedn(RT_SUDOERS), PT_DEFAULT);
+        createLdapBasedn(NULL, m_ldapconfig->getResourceBasedn(RT_DEFAULT), PT_ADMINISTRATORS_ONLY);
+        createLdapBasedn(NULL, m_ldapconfig->getResourceBasedn(RT_FILE_SCOPE), PT_ADMINISTRATORS_ONLY);
+        createLdapBasedn(NULL, m_ldapconfig->getResourceBasedn(RT_WORKUNIT_SCOPE), PT_ADMINISTRATORS_ONLY);
+        createLdapBasedn(NULL, m_ldapconfig->getResourceBasedn(RT_SUDOERS), PT_ADMINISTRATORS_ONLY);
 
-        createLdapBasedn(NULL, m_ldapconfig->getUserBasedn(), PT_DEFAULT);
-        createLdapBasedn(NULL, m_ldapconfig->getGroupBasedn(), PT_DEFAULT);
+        createLdapBasedn(NULL, m_ldapconfig->getUserBasedn(), PT_ADMINISTRATORS_ONLY);
+        createLdapBasedn(NULL, m_ldapconfig->getGroupBasedn(), PT_ADMINISTRATORS_ONLY);
     }
 
     virtual LdapServerType getServerType()
@@ -1372,7 +1372,7 @@ public:
     virtual void setResourceBasedn(const char* rbasedn, SecResourceType rtype)
     {
         m_ldapconfig->setResourceBasedn(rbasedn, rtype);
-        createLdapBasedn(NULL, m_ldapconfig->getResourceBasedn(rtype), PT_DEFAULT);
+        createLdapBasedn(NULL, m_ldapconfig->getResourceBasedn(rtype), PT_ADMINISTRATORS_ONLY);
     }
 
     void calcPWExpiry(CDateTime &dt, unsigned len, char * val)
@@ -4194,7 +4194,7 @@ public:
         
         ISecUser* user = NULL;
         CLdapSecResource resource(newname);
-        addResource(rtype, *user, &resource, PT_DEFAULT, basedn, sd.get(), false);
+        addResource(rtype, *user, &resource, PT_ADMINISTRATORS_ONLY, basedn, sd.get(), false);
     }
 
     void normalizeDn(const char* dn, StringBuffer& ndn)

system/security/LdapSecurity/ldapsecurity.ipp

@@ -363,8 +363,8 @@ public:
     virtual bool authorizeWorkunitScope(ISecUser & user, ISecResourceList * resources);
     virtual bool addResources(ISecUser& sec_user, ISecResourceList * resources);
     virtual int getAccessFlagsEx(SecResourceType rtype, ISecUser & user, const char * resourcename);
-    virtual bool addResourcesEx(SecResourceType rtype, ISecUser &user, ISecResourceList* resources, SecPermissionType ptype = PT_DEFAULT, const char* basedn = NULL);
-    virtual bool addResourceEx(SecResourceType rtype, ISecUser& user, const char* resourcename, SecPermissionType ptype = PT_DEFAULT, const char* basedn = NULL);
+    virtual bool addResourcesEx(SecResourceType rtype, ISecUser &user, ISecResourceList* resources, SecPermissionType ptype = PT_ADMINISTRATORS_ONLY, const char* basedn = NULL);
+    virtual bool addResourceEx(SecResourceType rtype, ISecUser& user, const char* resourcename, SecPermissionType ptype = PT_ADMINISTRATORS_ONLY, const char* basedn = NULL);
     virtual bool updateResources(ISecUser& sec_user, ISecResourceList * resources){return false;}
     virtual bool addUser(ISecUser & user);
     virtual ISecUser * lookupUser(unsigned uid);

system/security/shared/basesecurity.hpp

@@ -184,11 +184,11 @@ public:
     {
         return true;
     }
-    bool addResourcesEx(SecResourceType rtype, ISecUser& sec_user, ISecResourceList * resources, SecPermissionType ptype = PT_DEFAULT, const char* basedn=NULL)
+    bool addResourcesEx(SecResourceType rtype, ISecUser& sec_user, ISecResourceList * resources, SecPermissionType ptype = PT_ADMINISTRATORS_ONLY, const char* basedn=NULL)
     {
         return addResources(sec_user, resources);
     }
-    bool addResourceEx(SecResourceType rtype, ISecUser& user, const char* resourcename, SecPermissionType ptype = PT_DEFAULT, const char* basedn=NULL)
+    bool addResourceEx(SecResourceType rtype, ISecUser& user, const char* resourcename, SecPermissionType ptype = PT_ADMINISTRATORS_ONLY, const char* basedn=NULL)
     {
         Owned<ISecResourceList> rlist;
         rlist.setown(createResourceList("resources"));

system/security/test/ldapsecuritytest/ldapsecuritytest.cpp

@@ -350,7 +350,7 @@ int main(int argc, char* argv[])
             if(username != NULL && *username != '\0')
                 usr.setown(secmgr->createUser(username));
 
-            bool ok = secmgr->addResourceEx(rtype, *usr, resource, PT_DEFAULT, NULL);
+            bool ok = secmgr->addResourceEx(rtype, *usr, resource, PT_ADMINISTRATORS_ONLY, NULL);
             if(!ok)
                 printf("resource not added\n");
             else