[PATCH] Log security descriptors coming in from clients

Jeremy Allison jra at samba.org
Thu Aug 7 13:27:03 MDT 2014 

On Thu, Aug 07, 2014 at 12:17:00PM -0700, Christof Schmitt wrote:
> On Thu, Aug 07, 2014 at 12:04:49PM -0700, Jeremy Allison wrote:
> > On Thu, Aug 07, 2014 at 01:44:00PM +0200, Volker Lendecke wrote:
> > > Hi!
> > > 
> > > Attached find a set of patches that make full_audit log
> > > incoming security descriptors in SDDL form when a client
> > > wants to set an ACL. A customer wants to diagnose problems
> > > with this, and I don't want to maintain this as a custom
> > > patch :-)
> > > 
> > > Review would be appreciated!
> > 
> > LGTM - pushed !
> 
> Here is a patch that adds the new vfs_full_audit options to the man
> page.

Good point. I'll add them too :-).

> >From 93d34602e92a7f1bd7def5fb888c54b9c066187e Mon Sep 17 00:00:00 2001
> From: Christof Schmitt <cs at samba.org>
> Date: Thu, 7 Aug 2014 12:01:56 -0700
> Subject: [PATCH] doc: Add new parameters to vfs_full_audit man page
> 
> Signed-off-by: Christof Schmitt <cs at samba.org>
> ---
>  docs-xml/manpages/vfs_full_audit.8.xml |   20 ++++++++++++++++++++
>  1 files changed, 20 insertions(+), 0 deletions(-)
> 
> diff --git a/docs-xml/manpages/vfs_full_audit.8.xml b/docs-xml/manpages/vfs_full_audit.8.xml
> index 2be26b0..40f2f7e 100644
> --- a/docs-xml/manpages/vfs_full_audit.8.xml
> +++ b/docs-xml/manpages/vfs_full_audit.8.xml
> @@ -202,6 +202,26 @@
>                  </listitem>
>                  </varlistentry>
>  
> +		<varlistentry>
> +		<term>full_audit:syslog = BOOL</term>
> +		<listitem>
> +		<para>If set to true, then send the audit messages to
> +		syslog. If set to false, the normal Samba log will be
> +		used with a debug level of 1. The default is true.
> +		</para>
> +		</listitem>
> +		</varlistentry>
> +
> +		<varlistentry>
> +		<term>full_audit:log_secdesc = BOOL</term>
> +		<listitem>
> +		<para>Log security descriptor changes. If set to true,
> +		also log security descriptor changes requested by
> +		clients. The default is false.
> +		</para>
> +		</listitem>
> +		</varlistentry>
> +
>  	</variablelist>
>  </refsect1>
>  
> -- 
> 1.7.1
>

More information about the samba-technical mailing list