[SCM] Samba Shared Repository - branch v4-9-test updated
Karolin Seeger
kseeger at samba.org
Fri Feb 1 14:19:02 UTC 2019
The branch, v4-9-test has been updated
via d1428435b52 ctdb: Print locks latency in machinereadable stats
via bb3e0c5c829 vfs_fileid: fix get_connectpath_ino
via 4588c1c704a lib/audit_logging: actually create talloc
via 3b19257a7d3 s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection
via 5cbce550a76 libcli: Add error log if insufficient SMB2 credits
via 833505239e3 s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list()
via 0493165a22b s3:libsmb: Honor disable_netbios option in smbsock_connect_send
via 8e2514a1b1c s3:utils:net: Print debug message about Netbios
via c824d35f36c s3:smbpasswd: Print debug message about Netbios
via fc3f516a41d s3:libsmb: Print debug message about Netbios
via f13c5a9c1fd s3:libsmb: Check disable_netbios in socket connect
via 3145dae212c audit_logging: Remove debug log header and JSON Authentication: prefix
via 2cebe0b84f5 json: Modify API to use return codes
from 76bcdecae23 ldb: Bump ldb version to 1.4.4
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test
- Log -----------------------------------------------------------------
commit d1428435b528f8c6e3b8a38a2160f551aea5f33c
Author: Volker Lendecke <vl at samba.org>
Date: Mon Jan 14 15:04:59 2019 +0100
ctdb: Print locks latency in machinereadable stats
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13742
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Jan 16 05:34:17 CET 2019 on sn-devel-144
(cherry picked from commit 193a0d6f01372604b925d1972591062a0bb2400f)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Fri Feb 1 15:18:15 CET 2019 on sn-devel-144
commit bb3e0c5c8290575331b636720dbc59d7cf90c65c
Author: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Date: Thu Jan 10 14:28:14 2019 +0100
vfs_fileid: fix get_connectpath_ino
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13741
Signed-off-by: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Jan 15 04:13:15 CET 2019 on sn-devel-144
(cherry picked from commit 12398a2d1ddcd326e02e5d8b0749e0e796145165)
commit 4588c1c704ae29f924c2c0d45aa55c1e0afc0055
Author: Philipp Gesang <philipp.gesang at intra2net.com>
Date: Tue Dec 18 16:09:19 2018 +0100
lib/audit_logging: actually create talloc
Heal damage of 79f494e51e..
That context is being passed around and freed but is never
actually allocated on that stack.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13737
Signed-off-by: Philipp Gesang <philipp.gesang at intra2net.com>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 5c928d7cd1d0ac994fe95892eec235b939ad2ec9)
commit 3b19257a7d31e525c2246c6c8c158d86cccb99a5
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Mon Jan 7 15:28:12 2019 +1300
s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection
cli_smb2_list() appears to be a slightly unique SMB operation in that it
specifies the max transaction size for the response buffer size. The
Python bindings highlighted a problem where if cli_smb2_list() were one
of the first operations performed on the SMBv2 connection, it would fail
due to insufficient credits. Because the response buffer size is
(potentially) so much larger, it requires more credits (128) compared
with other SMB operations.
When talking to a samba DC, the connection credits seem to start off at
1, then increase by 32 for every SMB reply we receive back from the
server. After cli_full_connection(), the connection has 65 credits. The
cli_smb2_create_fnum() in cli_smb2_list() adds another 32 credits, but
this is still less than the 128 that smb2cli_query_directory() requires.
This problem doesn't happen for smbclient because the cli_cm_open() API
it uses ends up sending more messages, and so the connection has more
credits.
This patch changes cli_smb2_list(), so it requests a smaller response
buffer size if it doesn't have enough credits available for the max
transaction size. smb2cli_query_directory() is already in a loop, so it
can span multiple SMB messages if for some reason the transaction size
isn't big enough for the listings.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13736
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Jan 10 02:40:16 CET 2019 on sn-devel-144
(cherry picked from commit fd355dff906f5f4832901bce76544f1a4e50c33d)
commit 5cbce550a7683ad8d62ab0029e283ede5650a3d2
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Mon Jan 7 12:06:15 2019 +1300
libcli: Add error log if insufficient SMB2 credits
Although it's unusual to hit this case, I was seeing it happen while
working on the SMB python bindings. Even with debug level 10, there was
nothing coming out to help pin down the source of the
NT_STATUS_INTERNAL_ERROR.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13736
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit bf229de7926f12e329cdb3201f68f20ae776fe32)
commit 833505239e38778db55b89537d2025b08d8f8e40
Author: Ralph Boehme <slow at samba.org>
Date: Tue Mar 20 15:27:44 2018 +0100
s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13736
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 580ff206431969dc2924d520053b956b7169ca07)
commit 0493165a22bfe9f65605a0fe8c7dba837d588985
Author: Justin Stephenson <jstephen at redhat.com>
Date: Mon Jan 14 10:36:47 2019 -0500
s3:libsmb: Honor disable_netbios option in smbsock_connect_send
If disable_netbios is set, return before the tevent timer is triggered
to prevent outgoing netbios connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13727
Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit c324f84a2fa25e29d2f7879fbcd35ce0e76a78f8)
commit 8e2514a1b1c75ad11b34e988e5c130ffc2ee363e
Author: Justin Stephenson <jstephen at redhat.com>
Date: Mon Dec 17 15:17:24 2018 -0500
s3:utils:net: Print debug message about Netbios
With a preceding patch, cli_connect_nb() will return
NT_STATUS_NOT_SUPPORTED when 'disable netbios' is set in smb.conf.
Print an informative error message to indicate Netbios is disabled
if this occurs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13727
Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Noel Power <nopower at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 08867de2efde05e4730b41a335d13f775e44e397)
commit c824d35f36cb60d3548770b16597af45618f9448
Author: Justin Stephenson <jstephen at redhat.com>
Date: Mon Dec 17 14:57:59 2018 -0500
s3:smbpasswd: Print debug message about Netbios
With a preceding patch, cli_connect_nb() will return
NT_STATUS_NOT_SUPPORTED when 'disable netbios' is set in smb.conf.
Print an informative error message to indicate Netbios is disabled
if this occurs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13727
Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Noel Power <nopower at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit ecbb2f78cec6d9e6f5180c8ba274a1da2152f098)
commit fc3f516a41db5d58e7222567633f07feb8efe314
Author: Justin Stephenson <jstephen at redhat.com>
Date: Mon Dec 17 14:40:33 2018 -0500
s3:libsmb: Print debug message about Netbios
With a preceding patch, cli_connect_nb() will return
NT_STATUS_NOT_SUPPORTED when 'disable netbios' is set in smb.conf.
Print an informative error message to indicate Netbios is disabled
if this occurs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13727
Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Noel Power <nopower at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 499f051c9d527a14f9712365f8403a1ee0662c5b)
commit f13c5a9c1fdc1ae6bdbebd4a8c0dab0bcf394c3e
Author: Justin Stephenson <jstephen at redhat.com>
Date: Thu Jan 3 12:07:01 2019 -0500
s3:libsmb: Check disable_netbios in socket connect
If the disable_netbios option is set then return NT_STATUS_NOT_SUPPORTED
for a port 139 connection in the low level socket connection code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13727
Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Noel Power <nopower at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 78f51a1d3c53248159c1e7643364b62e52457bb9)
commit 3145dae212c82b9e766e2ab406115b56cc3cd879
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Dec 13 13:53:08 2018 +1300
audit_logging: Remove debug log header and JSON Authentication: prefix
Feedback from real-world users is that they really want raw JSON
strings in the log.
We can not easily remove the leading " " but the other strings above
and before the JSON are really annoying to strip back off
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13714
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
(cherry-picked from edab1318f9138c0d87de7cc7cfa5da8e29c906f8 and modified
for v4-9 by Gary Lockyer)
commit 2cebe0b84f58f6796cc587fdfd581edbe983a9a8
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Fri Jul 13 09:14:09 2018 +1200
json: Modify API to use return codes
Modify the auditing JSON API to return a response code, as the consensus
was that the existing error handling was aesthetically displeasing.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
cherry picked from commit 79f494e51eabb5176747fcf3b9f2efad10ec7f97 and
adapted to compile on 4.9 by Gary Lockyer)
-----------------------------------------------------------------------
Summary of changes:
auth/auth_log.c | 320 ++++++++----
ctdb/tools/ctdb.c | 5 +
lib/audit_logging/audit_logging.c | 546 ++++++++++++++-------
lib/audit_logging/audit_logging.h | 64 +--
lib/audit_logging/tests/audit_logging_test.c | 252 ++++++++--
libcli/smb/smbXcli_base.c | 3 +
source3/libsmb/cli_smb2_fnum.c | 15 +-
source3/libsmb/clidfs.c | 10 +-
source3/libsmb/libsmb_server.c | 4 +
source3/libsmb/passchange.c | 16 +-
source3/libsmb/smbsock_connect.c | 12 +
source3/modules/vfs_fileid.c | 4 +-
source3/utils/net_rpc.c | 3 +
source3/utils/net_time.c | 9 +-
source4/dsdb/samdb/ldb_modules/audit_log.c | 441 +++++++++++++----
source4/dsdb/samdb/ldb_modules/audit_util.c | 148 +++++-
source4/dsdb/samdb/ldb_modules/group_audit.c | 93 +++-
.../samdb/ldb_modules/tests/test_group_audit.c | 5 +-
18 files changed, 1440 insertions(+), 510 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/auth_log.c b/auth/auth_log.c
index 38d29db4396..1df112d9a8b 100644
--- a/auth/auth_log.c
+++ b/auth/auth_log.c
@@ -78,11 +78,10 @@ static const char* get_password_type(const struct auth_usersupplied_info *ui);
static void log_json(struct imessaging_context *msg_ctx,
struct loadparm_context *lp_ctx,
struct json_object *object,
- const char *type,
int debug_class,
int debug_level)
{
- audit_log_json(type, object, debug_class, debug_level);
+ audit_log_json(object, debug_class, debug_level);
if (msg_ctx && lp_ctx && lpcfg_auth_event_notification(lp_ctx)) {
audit_message_send(msg_ctx,
AUTH_EVENT_NAME,
@@ -102,9 +101,8 @@ static void log_json(struct imessaging_context *msg_ctx,
* To process the resulting log lines from the commend line use jq to
* parse the json.
*
- * grep "JSON Authentication" log file |
- * sed 's;^[^{]*;;' |
- * jq -rc '"\(.timestamp)\t\(.Authentication.status)\t
+ * grep "^ {" log file |
+ * jq -rc '"\(.timestamp)\t\(.Authentication.status)\t
* \(.Authentication.clientDomain)\t
* \(.Authentication.clientAccount)
* \t\(.Authentication.workstation)
@@ -123,63 +121,134 @@ static void log_authentication_event_json(
struct dom_sid *sid,
int debug_level)
{
- struct json_object wrapper = json_new_object();
- struct json_object authentication;
+ struct json_object wrapper = json_empty_object;
+ struct json_object authentication = json_empty_object;
char negotiate_flags[11];
-
- json_add_timestamp(&wrapper);
- json_add_string(&wrapper, "type", AUTH_JSON_TYPE);
+ int rc = 0;
authentication = json_new_object();
- json_add_version(&authentication, AUTH_MAJOR, AUTH_MINOR);
- json_add_string(&authentication, "status", nt_errstr(status));
- json_add_address(&authentication, "localAddress", ui->local_host);
- json_add_address(&authentication, "remoteAddress", ui->remote_host);
- json_add_string(&authentication,
- "serviceDescription",
- ui->service_description);
- json_add_string(&authentication,
- "authDescription",
- ui->auth_description);
- json_add_string(&authentication,
- "clientDomain",
- ui->client.domain_name);
- json_add_string(&authentication,
- "clientAccount",
- ui->client.account_name);
- json_add_string(&authentication,
- "workstation",
- ui->workstation_name);
- json_add_string(&authentication, "becameAccount", account_name);
- json_add_string(&authentication, "becameDomain", domain_name);
- json_add_sid(&authentication, "becameSid", sid);
- json_add_string(&authentication,
- "mappedAccount",
- ui->mapped.account_name);
- json_add_string(&authentication,
- "mappedDomain",
- ui->mapped.domain_name);
- json_add_string(&authentication,
- "netlogonComputer",
- ui->netlogon_trust_account.computer_name);
- json_add_string(&authentication,
- "netlogonTrustAccount",
- ui->netlogon_trust_account.account_name);
+ if (json_is_invalid(&authentication)) {
+ goto failure;
+ }
+ rc = json_add_version(&authentication, AUTH_MAJOR, AUTH_MINOR);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_string(&authentication, "status", nt_errstr(status));
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_address(&authentication, "localAddress", ui->local_host);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc =
+ json_add_address(&authentication, "remoteAddress", ui->remote_host);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_string(
+ &authentication, "serviceDescription", ui->service_description);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_string(
+ &authentication, "authDescription", ui->auth_description);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_string(
+ &authentication, "clientDomain", ui->client.domain_name);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_string(
+ &authentication, "clientAccount", ui->client.account_name);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_string(
+ &authentication, "workstation", ui->workstation_name);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_string(&authentication, "becameAccount", account_name);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_string(&authentication, "becameDomain", domain_name);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_sid(&authentication, "becameSid", sid);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_string(
+ &authentication, "mappedAccount", ui->mapped.account_name);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_string(
+ &authentication, "mappedDomain", ui->mapped.domain_name);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_string(&authentication,
+ "netlogonComputer",
+ ui->netlogon_trust_account.computer_name);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_string(&authentication,
+ "netlogonTrustAccount",
+ ui->netlogon_trust_account.account_name);
+ if (rc != 0) {
+ goto failure;
+ }
snprintf(negotiate_flags,
sizeof( negotiate_flags),
"0x%08X",
ui->netlogon_trust_account.negotiate_flags);
- json_add_string(&authentication,
- "netlogonNegotiateFlags",
- negotiate_flags);
- json_add_int(&authentication,
- "netlogonSecureChannelType",
- ui->netlogon_trust_account.secure_channel_type);
- json_add_sid(&authentication,
- "netlogonTrustAccountSid",
- ui->netlogon_trust_account.sid);
- json_add_string(&authentication, "passwordType", get_password_type(ui));
- json_add_object(&wrapper, AUTH_JSON_TYPE, &authentication);
+ rc = json_add_string(
+ &authentication, "netlogonNegotiateFlags", negotiate_flags);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_int(&authentication,
+ "netlogonSecureChannelType",
+ ui->netlogon_trust_account.secure_channel_type);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_sid(&authentication,
+ "netlogonTrustAccountSid",
+ ui->netlogon_trust_account.sid);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_string(
+ &authentication, "passwordType", get_password_type(ui));
+ if (rc != 0) {
+ goto failure;
+ }
+
+ wrapper = json_new_object();
+ if (json_is_invalid(&wrapper)) {
+ goto failure;
+ }
+ rc = json_add_timestamp(&wrapper);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_string(&wrapper, "type", AUTH_JSON_TYPE);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_object(&wrapper, AUTH_JSON_TYPE, &authentication);
+ if (rc != 0) {
+ goto failure;
+ }
/*
* While not a general-purpose profiling solution this will
@@ -192,18 +261,28 @@ static void log_authentication_event_json(
struct timeval current_time = timeval_current();
uint64_t duration = usec_time_diff(¤t_time,
start_time);
- json_add_int(&authentication,
- "duration",
- duration);
+ rc = json_add_int(&authentication, "duration", duration);
+ if (rc != 0) {
+ goto failure;
+ }
}
log_json(msg_ctx,
lp_ctx,
&wrapper,
- AUTH_JSON_TYPE,
DBGC_AUTH_AUDIT_JSON,
debug_level);
json_free(&wrapper);
+ return;
+failure:
+ /*
+ * On a failure authentication will not have been added to wrapper so it
+ * needs to be freed to avoid a leak.
+ *
+ */
+ json_free(&authentication);
+ json_free(&wrapper);
+ DBG_ERR("Failed to write authentication event JSON log message\n");
}
/*
@@ -218,8 +297,7 @@ static void log_authentication_event_json(
* To process the resulting log lines from the commend line use jq to
* parse the json.
*
- * grep "JSON Authentication" log_file |\
- * sed "s;^[^{]*;;" |\
+ * grep "^ {" log_file |\
* jq -rc '"\(.timestamp)\t
* \(.Authorization.domain)\t
* \(.Authorization.account)\t
@@ -237,53 +315,109 @@ static void log_successful_authz_event_json(
struct auth_session_info *session_info,
int debug_level)
{
- struct json_object wrapper = json_new_object();
- struct json_object authorization;
+ struct json_object wrapper = json_empty_object;
+ struct json_object authorization = json_empty_object;
char account_flags[11];
+ int rc = 0;
- json_add_timestamp(&wrapper);
- json_add_string(&wrapper, "type", AUTHZ_JSON_TYPE);
authorization = json_new_object();
- json_add_version(&authorization, AUTHZ_MAJOR, AUTHZ_MINOR);
- json_add_address(&authorization, "localAddress", local);
- json_add_address(&authorization, "remoteAddress", remote);
- json_add_string(&authorization,
- "serviceDescription",
- service_description);
- json_add_string(&authorization, "authType", auth_type);
- json_add_string(&authorization,
- "domain",
- session_info->info->domain_name);
- json_add_string(&authorization,
- "account",
- session_info->info->account_name);
- json_add_sid(&authorization,
- "sid",
- &session_info->security_token->sids[0]);
- json_add_guid(&authorization,
- "sessionId",
- &session_info->unique_session_token);
- json_add_string(&authorization,
- "logonServer",
- session_info->info->logon_server);
- json_add_string(&authorization,
- "transportProtection",
- transport_protection);
+ if (json_is_invalid(&authorization)) {
+ goto failure;
+ }
+ rc = json_add_version(&authorization, AUTHZ_MAJOR, AUTHZ_MINOR);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_address(&authorization, "localAddress", local);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_address(&authorization, "remoteAddress", remote);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_string(
+ &authorization, "serviceDescription", service_description);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_string(&authorization, "authType", auth_type);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_string(
+ &authorization, "domain", session_info->info->domain_name);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_string(
+ &authorization, "account", session_info->info->account_name);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_sid(
+ &authorization, "sid", &session_info->security_token->sids[0]);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_guid(
+ &authorization, "sessionId", &session_info->unique_session_token);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_string(
+ &authorization, "logonServer", session_info->info->logon_server);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_string(
+ &authorization, "transportProtection", transport_protection);
+ if (rc != 0) {
+ goto failure;
+ }
snprintf(account_flags,
sizeof(account_flags),
"0x%08X",
session_info->info->acct_flags);
- json_add_string(&authorization, "accountFlags", account_flags);
- json_add_object(&wrapper, AUTHZ_JSON_TYPE, &authorization);
+ rc = json_add_string(&authorization, "accountFlags", account_flags);
+ if (rc != 0) {
+ goto failure;
+ }
+
+ wrapper = json_new_object();
+ if (json_is_invalid(&wrapper)) {
+ goto failure;
+ }
+ rc = json_add_timestamp(&wrapper);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_string(&wrapper, "type", AUTHZ_JSON_TYPE);
+ if (rc != 0) {
+ goto failure;
+ }
+ rc = json_add_object(&wrapper, AUTHZ_JSON_TYPE, &authorization);
+ if (rc != 0) {
+ goto failure;
+ }
log_json(msg_ctx,
lp_ctx,
&wrapper,
- AUTHZ_JSON_TYPE,
DBGC_AUTH_AUDIT_JSON,
debug_level);
json_free(&wrapper);
+ return;
+failure:
+ /*
+ * On a failure authorization will not have been added to wrapper so it
+ * needs to be freed to avoid a leak.
+ *
+ */
+ json_free(&authorization);
+ json_free(&wrapper);
+ DBG_ERR("Unable to log Authentication event JSON audit message\n");
}
#else
diff --git a/ctdb/tools/ctdb.c b/ctdb/tools/ctdb.c
index 4c0bcaf26ff..352881a62fe 100644
--- a/ctdb/tools/ctdb.c
+++ b/ctdb/tools/ctdb.c
@@ -1233,6 +1233,11 @@ static void print_statistics_machine(struct ctdb_statistics *s,
printf("%.6f%s", LATENCY_AVG(s->call_latency), options.sep);
printf("%.6f%s", s->call_latency.max, options.sep);
+ printf("%u%s", s->locks.latency.num, options.sep);
+ printf("%.6f%s", s->locks.latency.min, options.sep);
+ printf("%.6f%s", LATENCY_AVG(s->locks.latency), options.sep);
+ printf("%.6f%s", s->locks.latency.max, options.sep);
+
printf("%d%s", s->childwrite_latency.num, options.sep);
printf("%.6f%s", s->childwrite_latency.min, options.sep);
printf("%.6f%s", LATENCY_AVG(s->childwrite_latency), options.sep);
diff --git a/lib/audit_logging/audit_logging.c b/lib/audit_logging/audit_logging.c
index f94f2c2a839..3bb49f7cfc3 100644
--- a/lib/audit_logging/audit_logging.c
+++ b/lib/audit_logging/audit_logging.c
@@ -20,31 +20,6 @@
/*
* Error handling:
*
- * The json_object structure contains a boolean 'error'. This is set whenever
- * an error is detected. All the library functions check this flag and return
- * immediately if it is set.
- *
- * if (object->error) {
- * return;
- * }
- *
- * This allows the operations to be sequenced naturally with out the clutter
- * of error status checks.
- *
- * audit = json_new_object();
- * json_add_version(&audit, OPERATION_MAJOR, OPERATION_MINOR);
- * json_add_int(&audit, "statusCode", ret);
- * json_add_string(&audit, "status", ldb_strerror(ret));
- * json_add_string(&audit, "operation", operation);
- * json_add_address(&audit, "remoteAddress", remote);
- * json_add_sid(&audit, "userSid", sid);
- * json_add_string(&audit, "dn", dn);
- * json_add_guid(&audit, "transactionId", &ac->transaction_guid);
- * json_add_guid(&audit, "sessionId", unique_session_token);
- *
- * The assumptions are that errors will be rare, and that the audit logging
- * code should not cause failures. So errors are logged but processing
- * continues on a best effort basis.
*/
#include "includes.h"
@@ -67,7 +42,7 @@
*
* @param mem_ctx talloc memory context that owns the returned string.
*
- * @return a human readable time stamp.
+ * @return a human readable time stamp, or NULL in the event of an error.
*
*/
char* audit_get_timestamp(TALLOC_CTX *frame)
@@ -76,11 +51,11 @@ char* audit_get_timestamp(TALLOC_CTX *frame)
char tz[10]; /* formatted time zone */
struct tm* tm_info; /* current local time */
struct timeval tv; /* current system time */
- int r; /* response code from gettimeofday */
+ int ret; /* response code */
char * ts; /* formatted time stamp */
- r = gettimeofday(&tv, NULL);
- if (r) {
+ ret = gettimeofday(&tv, NULL);
+ if (ret != 0) {
DBG_ERR("Unable to get time of day: (%d) %s\n",
errno,
strerror(errno));
@@ -121,24 +96,48 @@ void audit_log_human_text(const char* prefix,
}
#ifdef HAVE_JANSSON
+/*
+ * Constant for empty json object initialisation
+ */
+const struct json_object json_empty_object = {.valid = false, .root = NULL};
/*
* @brief write a json object to the samba audit logs.
*
* Write the json object to the audit logs as a formatted string
*
- * @param prefix Text to be printed at the start of the log line
* @param message The content of the log line.
* @param debub_class The debug class to log the message with.
* @param debug_level The debug level to log the message with.
*/
-void audit_log_json(const char* prefix,
- struct json_object* message,
+void audit_log_json(struct json_object* message,
int debug_class,
int debug_level)
{
- TALLOC_CTX *ctx = talloc_new(NULL);
--
Samba Shared Repository
More information about the samba-cvs
mailing list