[PATCHES] regarding new logging
Michael Adam
obnox at samba.org
Thu Mar 26 17:32:25 MDT 2015
On 2015-03-26 at 08:50 -0700, Christof Schmitt wrote:
> On Thu, Mar 26, 2015 at 03:11:49PM +0100, Michael Adam wrote:
> > Some more thoughts triggered by a discussion with Ira:
> >
> > it seems that the audit vfs modules are using syslog directly.
> > This is not a problem except for the illegal use of deprecated
> > lp_syslog() in the extd_audit module.
> >
> > Apart from lp_syslog being deprecated, this for controlling
> > the behaviour of our DEBUG() system and not for controlling
> > explicit use of syslog(). A module-specific parameter would
> > be more appropriate here, imho.
> >
> > Interestingly, a good patch was proposed in
> > https://bugzilla.samba.org/show_bug.cgi?id=3518
> > but it was turned down in favour of this wrong use in
> > https://bugzilla.samba.org/show_bug.cgi?id=5956
> >
> > :-)
> >
> > But already in 2006, Volker stated in
> > https://bugzilla.samba.org/show_bug.cgi?id=3518#c2
> > that:
> >
> > "... ext_audit is in kind of legacy mode. We now have full_audit
> > that potentially audits _all_ entries selectively on success and
> > failure. So I'd rather like to see effort put in there."
> >
> > So there are three ways to fix this illegal use of lp_syslog:
> >
> > 1. Remove vfs_extd_audit altogether.
> >
> > 2. Remove the calls of lp_syslog() from vfs_extd_audit.c
> > thereby making it behave like audit and full_audit.
> >
> > 3. Replace the use of lp_syslog() in vfs_extd_audit by
> > a new module specific parameter.
> >
> > What do people think?
> >
> > I kind of favour #1, but would propose #2 as fallback
> > if there is opposition to remove it, so as not to
> > put too much effort in the legacy module...
>
> I agree with the proposal. full_audit should be sufficient, so we should
> remove extd_audit.
Attached find two patches:
1. The first removes the use of lp_syslog() from the extd_audit module.
2. The second patch on top of the first removes the module and
all references.
If we would chose this, we would squash the first into it..
More thoughts?
Michael
-------------- next part --------------
From 6362f8fbd28bee23469674d93e76ed6cd39e7beb Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 26 Mar 2015 15:24:19 +0100
Subject: [PATCH 1/2] vfs: remove illegal use of lp_syslog from vfs_extd_audit.
Signed-off-by: Michael Adam <obnox at samba.org>
---
source3/modules/vfs_extd_audit.c | 126 ++++++++++++++++-----------------------
1 file changed, 50 insertions(+), 76 deletions(-)
diff --git a/source3/modules/vfs_extd_audit.c b/source3/modules/vfs_extd_audit.c
index fc23ea9..90da962 100644
--- a/source3/modules/vfs_extd_audit.c
+++ b/source3/modules/vfs_extd_audit.c
@@ -94,11 +94,9 @@ static int audit_connect(vfs_handle_struct *handle, const char *svc, const char
openlog("smbd_audit", LOG_PID, audit_syslog_facility(handle));
- if (lp_syslog() > 0) {
- syslog(audit_syslog_priority(handle),
- "connect to service %s by user %s\n",
- svc, user);
- }
+ syslog(audit_syslog_priority(handle),
+ "connect to service %s by user %s\n",
+ svc, user);
DEBUG(10, ("Connected to service %s as user %s\n",
svc, user));
@@ -107,9 +105,7 @@ static int audit_connect(vfs_handle_struct *handle, const char *svc, const char
static void audit_disconnect(vfs_handle_struct *handle)
{
- if (lp_syslog() > 0) {
- syslog(audit_syslog_priority(handle), "disconnected\n");
- }
+ syslog(audit_syslog_priority(handle), "disconnected\n");
DEBUG(10, ("Disconnected from VFS module extd_audit\n"));
SMB_VFS_NEXT_DISCONNECT(handle);
@@ -122,12 +118,10 @@ static DIR *audit_opendir(vfs_handle_struct *handle, const char *fname, const ch
result = SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
- if (lp_syslog() > 0) {
- syslog(audit_syslog_priority(handle), "opendir %s %s%s\n",
- fname,
- (result == NULL) ? "failed: " : "",
- (result == NULL) ? strerror(errno) : "");
- }
+ syslog(audit_syslog_priority(handle), "opendir %s %s%s\n",
+ fname,
+ (result == NULL) ? "failed: " : "",
+ (result == NULL) ? strerror(errno) : "");
DEBUG(1, ("vfs_extd_audit: opendir %s %s %s\n",
fname,
(result == NULL) ? "failed: " : "",
@@ -142,12 +136,10 @@ static int audit_mkdir(vfs_handle_struct *handle, const char *path, mode_t mode)
result = SMB_VFS_NEXT_MKDIR(handle, path, mode);
- if (lp_syslog() > 0) {
- syslog(audit_syslog_priority(handle), "mkdir %s %s%s\n",
- path,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : "");
- }
+ syslog(audit_syslog_priority(handle), "mkdir %s %s%s\n",
+ path,
+ (result < 0) ? "failed: " : "",
+ (result < 0) ? strerror(errno) : "");
DEBUG(0, ("vfs_extd_audit: mkdir %s %s %s\n",
path,
(result < 0) ? "failed: " : "",
@@ -162,12 +154,10 @@ static int audit_rmdir(vfs_handle_struct *handle, const char *path)
result = SMB_VFS_NEXT_RMDIR(handle, path);
- if (lp_syslog() > 0) {
- syslog(audit_syslog_priority(handle), "rmdir %s %s%s\n",
- path,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : "");
- }
+ syslog(audit_syslog_priority(handle), "rmdir %s %s%s\n",
+ path,
+ (result < 0) ? "failed: " : "",
+ (result < 0) ? strerror(errno) : "");
DEBUG(0, ("vfs_extd_audit: rmdir %s %s %s\n",
path,
(result < 0) ? "failed: " : "",
@@ -184,13 +174,11 @@ static int audit_open(vfs_handle_struct *handle,
result = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
- if (lp_syslog() > 0) {
- syslog(audit_syslog_priority(handle), "open %s (fd %d) %s%s%s\n",
- smb_fname->base_name, result,
- ((flags & O_WRONLY) || (flags & O_RDWR)) ? "for writing " : "",
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : "");
- }
+ syslog(audit_syslog_priority(handle), "open %s (fd %d) %s%s%s\n",
+ smb_fname->base_name, result,
+ ((flags & O_WRONLY) || (flags & O_RDWR)) ? "for writing " : "",
+ (result < 0) ? "failed: " : "",
+ (result < 0) ? strerror(errno) : "");
DEBUG(2, ("vfs_extd_audit: open %s %s %s\n",
smb_fname_str_dbg(smb_fname),
(result < 0) ? "failed: " : "",
@@ -205,12 +193,10 @@ static int audit_close(vfs_handle_struct *handle, files_struct *fsp)
result = SMB_VFS_NEXT_CLOSE(handle, fsp);
- if (lp_syslog() > 0) {
- syslog(audit_syslog_priority(handle), "close fd %d %s%s\n",
- fsp->fh->fd,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : "");
- }
+ syslog(audit_syslog_priority(handle), "close fd %d %s%s\n",
+ fsp->fh->fd,
+ (result < 0) ? "failed: " : "",
+ (result < 0) ? strerror(errno) : "");
DEBUG(2, ("vfs_extd_audit: close fd %d %s %s\n",
fsp->fh->fd,
(result < 0) ? "failed: " : "",
@@ -227,13 +213,11 @@ static int audit_rename(vfs_handle_struct *handle,
result = SMB_VFS_NEXT_RENAME(handle, smb_fname_src, smb_fname_dst);
- if (lp_syslog() > 0) {
- syslog(audit_syslog_priority(handle), "rename %s -> %s %s%s\n",
- smb_fname_src->base_name,
- smb_fname_dst->base_name,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : "");
- }
+ syslog(audit_syslog_priority(handle), "rename %s -> %s %s%s\n",
+ smb_fname_src->base_name,
+ smb_fname_dst->base_name,
+ (result < 0) ? "failed: " : "",
+ (result < 0) ? strerror(errno) : "");
DEBUG(1, ("vfs_extd_audit: rename old: %s newname: %s %s %s\n",
smb_fname_str_dbg(smb_fname_src),
smb_fname_str_dbg(smb_fname_dst),
@@ -250,12 +234,10 @@ static int audit_unlink(vfs_handle_struct *handle,
result = SMB_VFS_NEXT_UNLINK(handle, smb_fname);
- if (lp_syslog() > 0) {
- syslog(audit_syslog_priority(handle), "unlink %s %s%s\n",
- smb_fname->base_name,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : "");
- }
+ syslog(audit_syslog_priority(handle), "unlink %s %s%s\n",
+ smb_fname->base_name,
+ (result < 0) ? "failed: " : "",
+ (result < 0) ? strerror(errno) : "");
DEBUG(0, ("vfs_extd_audit: unlink %s %s %s\n",
smb_fname_str_dbg(smb_fname),
(result < 0) ? "failed: " : "",
@@ -270,12 +252,10 @@ static int audit_chmod(vfs_handle_struct *handle, const char *path, mode_t mode)
result = SMB_VFS_NEXT_CHMOD(handle, path, mode);
- if (lp_syslog() > 0) {
- syslog(audit_syslog_priority(handle), "chmod %s mode 0x%x %s%s\n",
- path, mode,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : "");
- }
+ syslog(audit_syslog_priority(handle), "chmod %s mode 0x%x %s%s\n",
+ path, mode,
+ (result < 0) ? "failed: " : "",
+ (result < 0) ? strerror(errno) : "");
DEBUG(1, ("vfs_extd_audit: chmod %s mode 0x%x %s %s\n",
path, (unsigned int)mode,
(result < 0) ? "failed: " : "",
@@ -290,12 +270,10 @@ static int audit_chmod_acl(vfs_handle_struct *handle, const char *path, mode_t m
result = SMB_VFS_NEXT_CHMOD_ACL(handle, path, mode);
- if (lp_syslog() > 0) {
- syslog(audit_syslog_priority(handle), "chmod_acl %s mode 0x%x %s%s\n",
- path, mode,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : "");
- }
+ syslog(audit_syslog_priority(handle), "chmod_acl %s mode 0x%x %s%s\n",
+ path, mode,
+ (result < 0) ? "failed: " : "",
+ (result < 0) ? strerror(errno) : "");
DEBUG(1, ("vfs_extd_audit: chmod_acl %s mode 0x%x %s %s\n",
path, (unsigned int)mode,
(result < 0) ? "failed: " : "",
@@ -310,12 +288,10 @@ static int audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t mod
result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
- if (lp_syslog() > 0) {
- syslog(audit_syslog_priority(handle), "fchmod %s mode 0x%x %s%s\n",
- fsp->fsp_name->base_name, mode,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : "");
- }
+ syslog(audit_syslog_priority(handle), "fchmod %s mode 0x%x %s%s\n",
+ fsp->fsp_name->base_name, mode,
+ (result < 0) ? "failed: " : "",
+ (result < 0) ? strerror(errno) : "");
DEBUG(1, ("vfs_extd_audit: fchmod %s mode 0x%x %s %s",
fsp_str_dbg(fsp), (unsigned int)mode,
(result < 0) ? "failed: " : "",
@@ -330,12 +306,10 @@ static int audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, mode_t
result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
- if (lp_syslog() > 0) {
- syslog(audit_syslog_priority(handle), "fchmod_acl %s mode 0x%x %s%s\n",
- fsp->fsp_name->base_name, mode,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : "");
- }
+ syslog(audit_syslog_priority(handle), "fchmod_acl %s mode 0x%x %s%s\n",
+ fsp->fsp_name->base_name, mode,
+ (result < 0) ? "failed: " : "",
+ (result < 0) ? strerror(errno) : "");
DEBUG(1, ("vfs_extd_audit: fchmod_acl %s mode 0x%x %s %s",
fsp_str_dbg(fsp), (unsigned int)mode,
(result < 0) ? "failed: " : "",
--
2.1.0
From c31fccc080bacc84bc4fe5f3c9a74350df436d92 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Fri, 27 Mar 2015 00:23:33 +0100
Subject: [PATCH 2/2] vfs: remove the deprecated extd_audit vfs module.
Signed-off-by: Michael Adam <obnox at samba.org>
---
docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml | 67 -------
docs-xml/Samba3-HOWTO/manpages.xml | 1 -
docs-xml/manpages/vfs_extd_audit.8.xml | 68 -------
docs-xml/smbdotconf/vfs/vfsobjects.xml | 2 +-
docs-xml/wscript_build | 1 -
packaging/RHEL-CTDB/samba.spec.tmpl | 1 -
packaging/Solaris/makepkg.sh | 2 +-
source3/include/vfs.h | 2 +-
source3/modules/vfs_extd_audit.c | 354 ---------------------------------
source3/modules/wscript_build | 8 -
source3/wscript | 2 +-
11 files changed, 4 insertions(+), 504 deletions(-)
delete mode 100644 docs-xml/manpages/vfs_extd_audit.8.xml
delete mode 100644 source3/modules/vfs_extd_audit.c
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml b/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml
index 8b3b835..aca26a2 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml
@@ -239,73 +239,6 @@ quotasettings: gid nolimit = no
</sect2>
- <sect2>
- <title>extd_audit</title>
-
- <para>
-<indexterm><primary>audit module</primary></indexterm>
-<indexterm><primary>extd_audit module</primary></indexterm>
-<indexterm><primary>smbd</primary></indexterm>
- This module is identical with the <command>audit</command> module above except
- that it sends audit logs to both syslog as well as the <command>smbd</command> log files. The
- <smbconfoption name="log level"/> for this module is set in the &smb.conf; file.
- </para>
-
- <para>
- Valid settings and the information that will be recorded are shown in <link linkend="xtdaudit">the next table</link>.
- </para>
-
- <table frame="all" id="xtdaudit">
- <title>Extended Auditing Log Information</title>
- <tgroup cols="2" align="center">
- <thead>
- <row><entry align="center">Log Level</entry><entry>Log Details - File and Directory Operations</entry></row>
- </thead>
- <tbody>
- <row><entry align="center">0</entry><entry align="left">Make Directory, Remove Directory, Unlink</entry></row>
- <row><entry align="center">1</entry><entry align="left">Open Directory, Rename File, Change Permissions/ACLs</entry></row>
- <row><entry align="center">2</entry><entry align="left">Open & Close File</entry></row>
- <row><entry align="center">10</entry><entry align="left">Maximum Debug Level</entry></row>
- </tbody>
- </tgroup>
- </table>
-
- <sect3>
- <title>Configuration of Auditing</title>
-
- <para>
-<indexterm><primary>logging</primary></indexterm>
- This auditing tool is more flexible than most people will readily recognize. There are a number of ways
- by which useful logging information can be recorded.
- </para>
-
- <itemizedlist>
- <listitem><para>Syslog can be used to record all transaction. This can be disabled by setting
- in the &smb.conf; file <parameter>syslog = 0</parameter>.</para></listitem>
- <listitem><para>Logging can take place to the default log file (<filename>log.smbd</filename>)
- for all loaded VFS modules just by setting in the &smb.conf; file
- <parameter>log level = 0 vfs:x</parameter>, where x is the log level.
- This will disable general logging while activating all logging of VFS
- module activity at the log level specified.</para></listitem>
- <listitem><para>Detailed logging can be obtained per user, per client machine, etc.
- This requires the above together with the creative use of the
- <parameter>log file</parameter> settings.</para>
- <para>An example of detailed per-user and per-machine logging can
- be obtained by setting
- <smbconfoption name="log file">/var/log/samba/%U.%m.log</smbconfoption>.
- </para></listitem>
- </itemizedlist>
-
- <para>
- Auditing information often must be preserved for a long time. So that the log files do not get rotated
- it is essential that the <smbconfoption name="max log size">0</smbconfoption> be set
- in the &smb.conf; file.
- </para>
-
- </sect3>
-
- </sect2>
-
<sect2 id="fakeperms">
<title>fake_perms</title>
diff --git a/docs-xml/Samba3-HOWTO/manpages.xml b/docs-xml/Samba3-HOWTO/manpages.xml
index 577ac8b..498ea30 100644
--- a/docs-xml/Samba3-HOWTO/manpages.xml
+++ b/docs-xml/Samba3-HOWTO/manpages.xml
@@ -53,7 +53,6 @@
<xi:include href="../manpages/vfs_catia.8.xml"/>
<xi:include href="../manpages/vfs_commit.8.xml"/>
<xi:include href="../manpages/vfs_default_quota.8.xml"/>
- <xi:include href="../manpages/vfs_extd_audit.8.xml"/>
<xi:include href="../manpages/vfs_fake_perms.8.xml"/>
<xi:include href="../manpages/vfs_full_audit.8.xml"/>
<xi:include href="../manpages/vfs_gpfs.8.xml"/>
diff --git a/docs-xml/manpages/vfs_extd_audit.8.xml b/docs-xml/manpages/vfs_extd_audit.8.xml
deleted file mode 100644
index e3153ee..0000000
--- a/docs-xml/manpages/vfs_extd_audit.8.xml
+++ /dev/null
@@ -1,68 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
-<refentry id="vfs_extd_audit.8">
-
-<refmeta>
- <refentrytitle>vfs_extd_audit</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="source">Samba</refmiscinfo>
- <refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">4.2</refmiscinfo>
-</refmeta>
-
-
-<refnamediv>
- <refname>vfs_extd_audit</refname>
- <refpurpose>record selected Samba VFS operations</refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
- <cmdsynopsis>
- <command>vfs objects = extd_audit</command>
- </cmdsynopsis>
-</refsynopsisdiv>
-
-<refsect1>
- <title>DESCRIPTION</title>
-
- <para>This VFS module is part of the
- <citerefentry><refentrytitle>samba</refentrytitle>
- <manvolnum>7</manvolnum></citerefentry> suite.</para>
-
- <para>The <command>extd_audit</command> VFS module records selected
- client operations to both the
- <citerefentry><refentrytitle>smbd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry> log and
- system log (using
- <citerefentry><refentrytitle>syslog</refentrytitle>
- <manvolnum>3</manvolnum></citerefentry>).</para>
-
- <para>Other than logging to the
- <citerefentry><refentrytitle>smbd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry> log,
- <command>vfs_extd_audit</command> is identical to
- <citerefentry><refentrytitle>vfs_audit</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry>.
- </para>
-
- <para>This module is stackable.</para>
-
-</refsect1>
-
-<refsect1>
- <title>VERSION</title>
- <para>This man page is correct for version 3.0.25 of the Samba suite.
- </para>
-</refsect1>
-
-<refsect1>
- <title>AUTHOR</title>
-
- <para>The original Samba software and related utilities
- were created by Andrew Tridgell. Samba is now developed
- by the Samba Team as an Open Source project similar
- to the way the Linux kernel is developed.</para>
-
-</refsect1>
-
-</refentry>
diff --git a/docs-xml/smbdotconf/vfs/vfsobjects.xml b/docs-xml/smbdotconf/vfs/vfsobjects.xml
index 09d41c7..677df22 100644
--- a/docs-xml/smbdotconf/vfs/vfsobjects.xml
+++ b/docs-xml/smbdotconf/vfs/vfsobjects.xml
@@ -11,5 +11,5 @@
</description>
<value type="default"/>
-<value type="example">extd_audit recycle</value>
+<value type="example">full_audit recycle</value>
</samba:parameter>
diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
index 66da399..b3ea02b 100644
--- a/docs-xml/wscript_build
+++ b/docs-xml/wscript_build
@@ -58,7 +58,6 @@ manpages='''
manpages/vfs_crossrename.8
manpages/vfs_default_quota.8
manpages/vfs_dirsort.8
- manpages/vfs_extd_audit.8
manpages/vfs_fake_perms.8
manpages/vfs_fileid.8
manpages/vfs_fruit.8
diff --git a/packaging/RHEL-CTDB/samba.spec.tmpl b/packaging/RHEL-CTDB/samba.spec.tmpl
index ad18826..9b7b4e5 100644
--- a/packaging/RHEL-CTDB/samba.spec.tmpl
+++ b/packaging/RHEL-CTDB/samba.spec.tmpl
@@ -405,7 +405,6 @@ exit 0
%{_libarchdir}/samba/vfs/default_quota.so
%{_libarchdir}/samba/vfs/dirsort.so
%{_libarchdir}/samba/vfs/expand_msdfs.so
-%{_libarchdir}/samba/vfs/extd_audit.so
%{_libarchdir}/samba/vfs/fake_acls.so
%{_libarchdir}/samba/vfs/fake_perms.so
%{_libarchdir}/samba/vfs/fileid.so
diff --git a/packaging/Solaris/makepkg.sh b/packaging/Solaris/makepkg.sh
index 8348413..bb80d81 100644
--- a/packaging/Solaris/makepkg.sh
+++ b/packaging/Solaris/makepkg.sh
@@ -11,7 +11,7 @@ INSTALL_BASE=/opt/samba
SBINPROGS="smbd nmbd winbindd swat"
BINPROGS="findsmb nmblookup eventlogadm pdbedit rpcclient smbclient smbcquotas smbspool smbtar tdbbackup testparm wbinfo net ntlm_auth profiles smbcacls smbcontrol smbpasswd smbstatus smbtree tdbdump"
MSGFILES="de.msg en.msg fi.msg fr.msg it.msg ja.msg nl.msg pl.msg tr.msg"
-VFSLIBS="audit.so default_quota.so extd_audit.so full_audit.so readonly.so shadow_copy.so cap.so expand_msdfs.so fake_perms.so netatalk.so recycle.so"
+VFSLIBS="audit.so default_quota.so full_audit.so readonly.so shadow_copy.so cap.so expand_msdfs.so fake_perms.so netatalk.so recycle.so"
CHARSETLIBS="CP437.so CP850.so"
AUTHLIBS="script.so"
diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index b2880b7..b7d5cbe 100644
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -169,7 +169,7 @@
/*
All intercepted VFS operations must be declared as static functions inside module source
- in order to keep smbd namespace unpolluted. See source of audit, extd_audit, fake_perms and recycle
+ in order to keep smbd namespace unpolluted. See source of audit, full_audit, fake_perms and recycle
example VFS modules for more details.
*/
diff --git a/source3/modules/vfs_extd_audit.c b/source3/modules/vfs_extd_audit.c
deleted file mode 100644
index 90da962..0000000
--- a/source3/modules/vfs_extd_audit.c
+++ /dev/null
@@ -1,354 +0,0 @@
-/*
- * Auditing VFS module for samba. Log selected file operations to syslog
- * facility.
- *
- * Copyright (C) Tim Potter, 1999-2000
- * Copyright (C) Alexander Bokovoy, 2002
- * Copyright (C) John H Terpstra, 2003
- * Copyright (C) Stefan (metze) Metzmacher, 2003
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-
-#include "includes.h"
-#include "system/filesys.h"
-#include "system/syslog.h"
-#include "smbd/smbd.h"
-#include "lib/param/loadparm.h"
-
-static int vfs_extd_audit_debug_level = DBGC_VFS;
-
-#undef DBGC_CLASS
-#define DBGC_CLASS vfs_extd_audit_debug_level
-
-static int audit_syslog_facility(vfs_handle_struct *handle)
-{
- static const struct enum_list enum_log_facilities[] = {
- { LOG_USER, "USER" },
- { LOG_LOCAL0, "LOCAL0" },
- { LOG_LOCAL1, "LOCAL1" },
- { LOG_LOCAL2, "LOCAL2" },
- { LOG_LOCAL3, "LOCAL3" },
- { LOG_LOCAL4, "LOCAL4" },
- { LOG_LOCAL5, "LOCAL5" },
- { LOG_LOCAL6, "LOCAL6" },
- { LOG_LOCAL7, "LOCAL7" },
- { -1, NULL}
- };
-
- int facility;
-
- facility = lp_parm_enum(SNUM(handle->conn), "extd_audit", "facility", enum_log_facilities, LOG_USER);
-
- return facility;
-}
-
-
-static int audit_syslog_priority(vfs_handle_struct *handle)
-{
- static const struct enum_list enum_log_priorities[] = {
- { LOG_EMERG, "EMERG" },
- { LOG_ALERT, "ALERT" },
- { LOG_CRIT, "CRIT" },
- { LOG_ERR, "ERR" },
- { LOG_WARNING, "WARNING" },
- { LOG_NOTICE, "NOTICE" },
- { LOG_INFO, "INFO" },
- { LOG_DEBUG, "DEBUG" },
- { -1, NULL}
- };
-
- int priority;
-
- priority = lp_parm_enum(SNUM(handle->conn), "extd_audit", "priority",
- enum_log_priorities, LOG_NOTICE);
- if (priority == -1) {
- priority = LOG_WARNING;
- }
-
- return priority;
-}
-
-/* Implementation of vfs_ops. Pass everything on to the default
- operation but log event first. */
-
-static int audit_connect(vfs_handle_struct *handle, const char *svc, const char *user)
-{
- int result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
-
- if (result < 0) {
- return result;
- }
-
- openlog("smbd_audit", LOG_PID, audit_syslog_facility(handle));
-
- syslog(audit_syslog_priority(handle),
- "connect to service %s by user %s\n",
- svc, user);
- DEBUG(10, ("Connected to service %s as user %s\n",
- svc, user));
-
- return 0;
-}
-
-static void audit_disconnect(vfs_handle_struct *handle)
-{
- syslog(audit_syslog_priority(handle), "disconnected\n");
- DEBUG(10, ("Disconnected from VFS module extd_audit\n"));
- SMB_VFS_NEXT_DISCONNECT(handle);
-
- return;
-}
-
-static DIR *audit_opendir(vfs_handle_struct *handle, const char *fname, const char *mask, uint32 attr)
-{
- DIR *result;
-
- result = SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
-
- syslog(audit_syslog_priority(handle), "opendir %s %s%s\n",
- fname,
- (result == NULL) ? "failed: " : "",
- (result == NULL) ? strerror(errno) : "");
- DEBUG(1, ("vfs_extd_audit: opendir %s %s %s\n",
- fname,
- (result == NULL) ? "failed: " : "",
- (result == NULL) ? strerror(errno) : ""));
-
- return result;
-}
-
-static int audit_mkdir(vfs_handle_struct *handle, const char *path, mode_t mode)
-{
- int result;
-
- result = SMB_VFS_NEXT_MKDIR(handle, path, mode);
-
- syslog(audit_syslog_priority(handle), "mkdir %s %s%s\n",
- path,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : "");
- DEBUG(0, ("vfs_extd_audit: mkdir %s %s %s\n",
- path,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : ""));
-
- return result;
-}
-
-static int audit_rmdir(vfs_handle_struct *handle, const char *path)
-{
- int result;
-
- result = SMB_VFS_NEXT_RMDIR(handle, path);
-
- syslog(audit_syslog_priority(handle), "rmdir %s %s%s\n",
- path,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : "");
- DEBUG(0, ("vfs_extd_audit: rmdir %s %s %s\n",
- path,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : ""));
-
- return result;
-}
-
-static int audit_open(vfs_handle_struct *handle,
- struct smb_filename *smb_fname, files_struct *fsp,
- int flags, mode_t mode)
-{
- int result;
-
- result = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
-
- syslog(audit_syslog_priority(handle), "open %s (fd %d) %s%s%s\n",
- smb_fname->base_name, result,
- ((flags & O_WRONLY) || (flags & O_RDWR)) ? "for writing " : "",
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : "");
- DEBUG(2, ("vfs_extd_audit: open %s %s %s\n",
- smb_fname_str_dbg(smb_fname),
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : ""));
-
- return result;
-}
-
-static int audit_close(vfs_handle_struct *handle, files_struct *fsp)
-{
- int result;
-
- result = SMB_VFS_NEXT_CLOSE(handle, fsp);
-
- syslog(audit_syslog_priority(handle), "close fd %d %s%s\n",
- fsp->fh->fd,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : "");
- DEBUG(2, ("vfs_extd_audit: close fd %d %s %s\n",
- fsp->fh->fd,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : ""));
-
- return result;
-}
-
-static int audit_rename(vfs_handle_struct *handle,
- const struct smb_filename *smb_fname_src,
- const struct smb_filename *smb_fname_dst)
-{
- int result;
-
- result = SMB_VFS_NEXT_RENAME(handle, smb_fname_src, smb_fname_dst);
-
- syslog(audit_syslog_priority(handle), "rename %s -> %s %s%s\n",
- smb_fname_src->base_name,
- smb_fname_dst->base_name,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : "");
- DEBUG(1, ("vfs_extd_audit: rename old: %s newname: %s %s %s\n",
- smb_fname_str_dbg(smb_fname_src),
- smb_fname_str_dbg(smb_fname_dst),
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : ""));
-
- return result;
-}
-
-static int audit_unlink(vfs_handle_struct *handle,
- const struct smb_filename *smb_fname)
-{
- int result;
-
- result = SMB_VFS_NEXT_UNLINK(handle, smb_fname);
-
- syslog(audit_syslog_priority(handle), "unlink %s %s%s\n",
- smb_fname->base_name,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : "");
- DEBUG(0, ("vfs_extd_audit: unlink %s %s %s\n",
- smb_fname_str_dbg(smb_fname),
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : ""));
-
- return result;
-}
-
-static int audit_chmod(vfs_handle_struct *handle, const char *path, mode_t mode)
-{
- int result;
-
- result = SMB_VFS_NEXT_CHMOD(handle, path, mode);
-
- syslog(audit_syslog_priority(handle), "chmod %s mode 0x%x %s%s\n",
- path, mode,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : "");
- DEBUG(1, ("vfs_extd_audit: chmod %s mode 0x%x %s %s\n",
- path, (unsigned int)mode,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : ""));
-
- return result;
-}
-
-static int audit_chmod_acl(vfs_handle_struct *handle, const char *path, mode_t mode)
-{
- int result;
-
- result = SMB_VFS_NEXT_CHMOD_ACL(handle, path, mode);
-
- syslog(audit_syslog_priority(handle), "chmod_acl %s mode 0x%x %s%s\n",
- path, mode,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : "");
- DEBUG(1, ("vfs_extd_audit: chmod_acl %s mode 0x%x %s %s\n",
- path, (unsigned int)mode,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : ""));
-
- return result;
-}
-
-static int audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t mode)
-{
- int result;
-
- result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
-
- syslog(audit_syslog_priority(handle), "fchmod %s mode 0x%x %s%s\n",
- fsp->fsp_name->base_name, mode,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : "");
- DEBUG(1, ("vfs_extd_audit: fchmod %s mode 0x%x %s %s",
- fsp_str_dbg(fsp), (unsigned int)mode,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : ""));
-
- return result;
-}
-
-static int audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, mode_t mode)
-{
- int result;
-
- result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
-
- syslog(audit_syslog_priority(handle), "fchmod_acl %s mode 0x%x %s%s\n",
- fsp->fsp_name->base_name, mode,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : "");
- DEBUG(1, ("vfs_extd_audit: fchmod_acl %s mode 0x%x %s %s",
- fsp_str_dbg(fsp), (unsigned int)mode,
- (result < 0) ? "failed: " : "",
- (result < 0) ? strerror(errno) : ""));
-
- return result;
-}
-
-static struct vfs_fn_pointers vfs_extd_audit_fns = {
- .connect_fn = audit_connect,
- .disconnect_fn = audit_disconnect,
- .opendir_fn = audit_opendir,
- .mkdir_fn = audit_mkdir,
- .rmdir_fn = audit_rmdir,
- .open_fn = audit_open,
- .close_fn = audit_close,
- .rename_fn = audit_rename,
- .unlink_fn = audit_unlink,
- .chmod_fn = audit_chmod,
- .fchmod_fn = audit_fchmod,
- .chmod_acl_fn = audit_chmod_acl,
- .fchmod_acl_fn = audit_fchmod_acl,
-};
-
-NTSTATUS vfs_extd_audit_init(void)
-{
- NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
- "extd_audit", &vfs_extd_audit_fns);
-
- if (!NT_STATUS_IS_OK(ret))
- return ret;
-
- vfs_extd_audit_debug_level = debug_add_class("extd_audit");
- if (vfs_extd_audit_debug_level == -1) {
- vfs_extd_audit_debug_level = DBGC_VFS;
- DEBUG(0, ("vfs_extd_audit: Couldn't register custom debugging class!\n"));
- } else {
- DEBUG(10, ("vfs_extd_audit: Debug class number of 'extd_audit': %d\n", vfs_extd_audit_debug_level));
- }
-
- return ret;
-}
diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build
index 018cbe9..520a3b2 100644
--- a/source3/modules/wscript_build
+++ b/source3/modules/wscript_build
@@ -33,14 +33,6 @@ bld.SAMBA3_MODULE('vfs_audit',
internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_audit'),
enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_audit'))
-bld.SAMBA3_MODULE('vfs_extd_audit',
- subsystem='vfs',
- source='vfs_extd_audit.c',
- deps='samba-util',
- init_function='',
- internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_extd_audit'),
- enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_extd_audit'))
-
bld.SAMBA3_MODULE('vfs_full_audit',
subsystem='vfs',
source='vfs_full_audit.c',
diff --git a/source3/wscript b/source3/wscript
index 818cdad..000a2a2 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -1576,7 +1576,7 @@ main() {
nss_info_template idmap_tdb idmap_passdb
idmap_nss'''))
- default_shared_modules.extend(TO_LIST('''vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk
+ default_shared_modules.extend(TO_LIST('''vfs_recycle vfs_audit vfs_full_audit vfs_netatalk
vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap
vfs_expand_msdfs vfs_shadow_copy vfs_shadow_copy2
auth_script vfs_readahead vfs_xattr_tdb vfs_posix_eadb
--
2.1.0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150327/3da5adbf/attachment.pgp>
More information about the samba-technical
mailing list