[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1199-g17829cb

Tim Prouty tprouty at samba.org
Wed Aug 26 11:59:24 MDT 2009 

The branch, master has been updated
       via  17829cbc82b8f647374712285492dbb3210fe346 (commit)
       via  3ad9d108a7404d625454efda0d000e4caa543e7a (commit)
       via  22ee1cd7dbcd07470c915343872ee83ae90e3511 (commit)
      from  d49ab9226f849d1f08f7cf83956d35cf4950906e (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 17829cbc82b8f647374712285492dbb3210fe346
Author: tprouty <tprouty at b72e2a10-2d34-0410-9a71-d3beadf02b57>
Date:   Wed Aug 26 01:38:17 2009 +0000

    s3 onefs: Canonicalize the ACL in the correct order

commit 3ad9d108a7404d625454efda0d000e4caa543e7a
Author: tprouty <tprouty at b72e2a10-2d34-0410-9a71-d3beadf02b57>
Date:   Wed Aug 26 01:38:14 2009 +0000

    s3: Allow full_audit to play nice with smbd if it's using syslog
    
    Explictly pass the facility from both smbd and full_audit to syslog.
    Really the only major change is to not call openlog() in full_audit if
    WITH_SYSLOG is defined, which implies that smbd is already using
    syslog.  This allows full audit to piggy-back on the same ident as
    smbd, while still differentiating the logging via the facility.

commit 22ee1cd7dbcd07470c915343872ee83ae90e3511
Author: tprouty <tprouty at b72e2a10-2d34-0410-9a71-d3beadf02b57>
Date:   Wed Aug 26 01:38:07 2009 +0000

    s3 audit: Change create_file in full_audit to print whether a directory or file was requested
    
    full_audit will now print out whether the createfile was requested for
    a file or directory.  The create disposition is also printed out.

-----------------------------------------------------------------------

Summary of changes:
 source3/lib/debug.c              |    6 +++++
 source3/modules/onefs_acl.c      |   12 +++++++---
 source3/modules/vfs_full_audit.c |   42 +++++++++++++++++++++++++++++++++++--
 3 files changed, 53 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/lib/debug.c b/source3/lib/debug.c
index e7dcfb4..2e19f89 100644
--- a/source3/lib/debug.c
+++ b/source3/lib/debug.c
@@ -856,6 +856,12 @@ void check_log_size( void )
 		else
 			priority = priority_map[syslog_level];
 
+		/*
+		 * Specify the facility to interoperate with other syslog
+		 * callers (vfs_full_audit for example).
+		 */
+		priority |= SYSLOG_FACILITY;
+
 		va_start(ap, format_str);
 		ret = vasprintf(&msgbuf, format_str, ap);
 		va_end(ap);
diff --git a/source3/modules/onefs_acl.c b/source3/modules/onefs_acl.c
index df4efd5..2593012 100644
--- a/source3/modules/onefs_acl.c
+++ b/source3/modules/onefs_acl.c
@@ -417,23 +417,27 @@ onefs_canon_acl(files_struct *fsp, struct ifs_security_descriptor *sd)
 	 * By walking down the list 3 separate times, we can avoid the need
 	 * to create multiple temp buffers and extra copies.
 	 */
-	for (cur = 0; cur < sd->dacl->num_aces; cur++)  {
-		if (sd->dacl->aces[cur].flags & IFS_ACE_FLAG_INHERITED_ACE)
-			new_aces[new_aces_count++] = sd->dacl->aces[cur];
-	}
 
+	/* Explict deny aces first */
 	for (cur = 0; cur < sd->dacl->num_aces; cur++)  {
 		if (!(sd->dacl->aces[cur].flags & IFS_ACE_FLAG_INHERITED_ACE) &&
 		    (sd->dacl->aces[cur].type == IFS_ACE_TYPE_ACCESS_DENIED))
 			new_aces[new_aces_count++] = sd->dacl->aces[cur];
 	}
 
+	/* Explict allow aces second */
 	for (cur = 0; cur < sd->dacl->num_aces; cur++)  {
 		if (!(sd->dacl->aces[cur].flags & IFS_ACE_FLAG_INHERITED_ACE) &&
 		    !(sd->dacl->aces[cur].type == IFS_ACE_TYPE_ACCESS_DENIED))
 			new_aces[new_aces_count++] = sd->dacl->aces[cur];
 	}
 
+	/* Inherited deny/allow aces third */
+	for (cur = 0; cur < sd->dacl->num_aces; cur++)  {
+		if ((sd->dacl->aces[cur].flags & IFS_ACE_FLAG_INHERITED_ACE))
+			new_aces[new_aces_count++] = sd->dacl->aces[cur];
+	}
+
 	SMB_ASSERT(new_aces_count == sd->dacl->num_aces);
 	DEBUG(10, ("Performed canonicalization of ACLs for file %s\n",
 		   fsp_str_dbg(fsp)));
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index 6930a55..0f6de79 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -510,6 +510,7 @@ static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
 	char *audit_pre = NULL;
 	va_list ap;
 	char *op_msg = NULL;
+	int priority;
 
 	if (success && (!log_success(handle, op)))
 		goto out;
@@ -530,8 +531,15 @@ static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
 		goto out;
 	}
 
+	/*
+	 * Specify the facility to interoperate with other syslog callers
+	 * (smbd for example).
+	 */
+	priority = audit_syslog_priority(handle) |
+	    audit_syslog_facility(handle);
+
 	audit_pre = audit_prefix(talloc_tos(), handle->conn);
-	syslog(audit_syslog_priority(handle), "%s|%s|%s|%s\n",
+	syslog(priority, "%s|%s|%s|%s\n",
 		audit_pre ? audit_pre : "",
 		audit_opname(op), err_msg, op_msg);
 
@@ -606,7 +614,9 @@ static int smb_full_audit_connect(vfs_handle_struct *handle,
 	}
 	ZERO_STRUCTP(pd);
 
+#ifndef WITH_SYSLOG
 	openlog("smbd_audit", 0, audit_syslog_facility(handle));
+#endif
 
 	init_bitmap(&pd->success_ops,
 		    lp_parm_string_list(SNUM(handle->conn), "full_audit", "success",
@@ -855,6 +865,30 @@ static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
 				      int *pinfo)
 {
 	NTSTATUS result;
+	const char* str_create_disposition;
+
+	switch (create_disposition) {
+	case FILE_SUPERSEDE:
+		str_create_disposition = "supersede";
+		break;
+	case FILE_OVERWRITE_IF:
+		str_create_disposition = "overwrite_if";
+		break;
+	case FILE_OPEN:
+		str_create_disposition = "open";
+		break;
+	case FILE_OVERWRITE:
+		str_create_disposition = "overwrite";
+		break;
+	case FILE_CREATE:
+		str_create_disposition = "create";
+		break;
+	case FILE_OPEN_IF:
+		str_create_disposition = "open_if";
+		break;
+	default:
+		str_create_disposition = "unknown";
+	}
 
 	result = SMB_VFS_NEXT_CREATE_FILE(
 		handle,					/* handle */
@@ -873,8 +907,10 @@ static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
 		result_fsp,				/* result */
 		pinfo);					/* pinfo */
 
-	do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle, "0x%x|%s",
-	       access_mask, smb_fname_str_do_log(smb_fname));
+	do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle,
+	       "0x%x|%s|%s|%s", access_mask,
+	       create_options & FILE_DIRECTORY_FILE ? "dir" : "file",
+	       str_create_disposition, smb_fname_str_do_log(smb_fname));
 
 	return result;
 }


-- 
Samba Shared Repository

More information about the samba-cvs mailing list