SoC - Admin Log Project Status

Michael Krax mk-samba at krax.net
Sun Aug 20 16:11:43 GMT 2006 

Jerry,

a short mail to sum up things just before the last deadline.

For those interested in my changes, code is at:
http://people.samba.org/bzr/mkrax/samba-soc/

This code does two things:
1. Administrative logging support.  I have sent some information
concerning that some days ago (see
http://lists.samba.org/archive/samba-technical/2006-August/048817.html
and
http://lists.samba.org/archive/samba-technical/2006-August/048641.html)

The basic code for this is complete, but I could add further calls to
the admin_log-function, if there are requests.

2. Support for logging user file accesses (configured by SACLs).

A windows user with SeSecurityPrivilege can add, change or delete
Security ACLs with the advanced security dialog (tab "audit"); a vfs
module logs access to the files marked as such.  Syslog looks like this:

> Aug 20 17:50:15 carmen smbd_audit: mkdom|192.168.18.66|Read Control|ok|./test
> Aug 20 17:50:17 carmen smbd_audit: mkdom|192.168.18.66|Read Control|ok|test
> Aug 20 17:50:17 carmen smbd_audit: mkdom|192.168.18.66|Read Control|ok|.//test
> Aug 20 17:50:20 carmen smbd_audit: mkdom|192.168.18.66|Read Control|ok|test
> Aug 20 17:50:26 carmen smbd_audit: mkdom|192.168.18.66|Read Control|ok|test/.
> Aug 20 17:50:26 carmen smbd_audit: mkdom|192.168.18.66|Read Control|ok|test/text.txt
> Aug 20 17:50:37 carmen smbd_audit: mkdom|192.168.18.66|Read Data / Dir List|ok|test/text.txt

(access with smbclient, with Windows similar but with more entries)

Code is far more experimental.  It avoids double entries to syslog by
storing the last request, it implements a cache for SACLs (which are,
BTW, stored in extended attributes) and avoids reentrances by marking
some files as being in progress.

Some work has to be done to get this in a useful state.  The types of
events to log, the mapping of Windows access bits and Samba VFS
functions and the inheritance of SACLs come to mind.

As said, I would like to continue working on this stuff after the SoC
deadline.  It has been a nice experience to finally (again) write some
code, and it especially feels good to see that this code can be used
in a larger project.  And does not disappear on one of my disks ...

Ciao,
Michael

-- 
Michael Krax
Phone +49(0)30.76765923  Mobile +49(0)163.7325923

More information about the samba-technical mailing list