[PATCHES] regarding new logging
Ira Cooper
ira at samba.org
Fri Mar 27 11:21:21 MDT 2015
Agreed. Removal of dead code is good thing.
-Ira
On Fri, Mar 27, 2015 at 12:02 PM, Christof Schmitt <cs at samba.org> wrote:
> On Fri, Mar 27, 2015 at 12:32:25AM +0100, Michael Adam wrote:
> > On 2015-03-26 at 08:50 -0700, Christof Schmitt wrote:
> > > On Thu, Mar 26, 2015 at 03:11:49PM +0100, Michael Adam wrote:
> > > > Some more thoughts triggered by a discussion with Ira:
> > > >
> > > > it seems that the audit vfs modules are using syslog directly.
> > > > This is not a problem except for the illegal use of deprecated
> > > > lp_syslog() in the extd_audit module.
> > > >
> > > > Apart from lp_syslog being deprecated, this for controlling
> > > > the behaviour of our DEBUG() system and not for controlling
> > > > explicit use of syslog(). A module-specific parameter would
> > > > be more appropriate here, imho.
> > > >
> > > > Interestingly, a good patch was proposed in
> > > > https://bugzilla.samba.org/show_bug.cgi?id=3518
> > > > but it was turned down in favour of this wrong use in
> > > > https://bugzilla.samba.org/show_bug.cgi?id=5956
> > > >
> > > > :-)
> > > >
> > > > But already in 2006, Volker stated in
> > > > https://bugzilla.samba.org/show_bug.cgi?id=3518#c2
> > > > that:
> > > >
> > > > "... ext_audit is in kind of legacy mode. We now have full_audit
> > > > that potentially audits _all_ entries selectively on success and
> > > > failure. So I'd rather like to see effort put in there."
> > > >
> > > > So there are three ways to fix this illegal use of lp_syslog:
> > > >
> > > > 1. Remove vfs_extd_audit altogether.
> > > >
> > > > 2. Remove the calls of lp_syslog() from vfs_extd_audit.c
> > > > thereby making it behave like audit and full_audit.
> > > >
> > > > 3. Replace the use of lp_syslog() in vfs_extd_audit by
> > > > a new module specific parameter.
> > > >
> > > > What do people think?
> > > >
> > > > I kind of favour #1, but would propose #2 as fallback
> > > > if there is opposition to remove it, so as not to
> > > > put too much effort in the legacy module...
> > >
> > > I agree with the proposal. full_audit should be sufficient, so we
> should
> > > remove extd_audit.
> >
> > Attached find two patches:
> >
> > 1. The first removes the use of lp_syslog() from the extd_audit module.
> > 2. The second patch on top of the first removes the module and
> > all references.
> > If we would chose this, we would squash the first into it..
> >
> > More thoughts?
>
> Reviewed-by: Christof Schmitt <cs at samba.org>
>
> I would vote for removing the extd_audit module, since it can be
> replaced with the full_audit module.
>
> Christof
>
> > From 6362f8fbd28bee23469674d93e76ed6cd39e7beb Mon Sep 17 00:00:00 2001
> > From: Michael Adam <obnox at samba.org>
> > Date: Thu, 26 Mar 2015 15:24:19 +0100
> > Subject: [PATCH 1/2] vfs: remove illegal use of lp_syslog from
> vfs_extd_audit.
> >
> > Signed-off-by: Michael Adam <obnox at samba.org>
> > ---
> > source3/modules/vfs_extd_audit.c | 126
> ++++++++++++++++-----------------------
> > 1 file changed, 50 insertions(+), 76 deletions(-)
> >
> > diff --git a/source3/modules/vfs_extd_audit.c
> b/source3/modules/vfs_extd_audit.c
> > index fc23ea9..90da962 100644
> > --- a/source3/modules/vfs_extd_audit.c
> > +++ b/source3/modules/vfs_extd_audit.c
> > @@ -94,11 +94,9 @@ static int audit_connect(vfs_handle_struct *handle,
> const char *svc, const char
> >
> > openlog("smbd_audit", LOG_PID, audit_syslog_facility(handle));
> >
> > - if (lp_syslog() > 0) {
> > - syslog(audit_syslog_priority(handle),
> > - "connect to service %s by user %s\n",
> > - svc, user);
> > - }
> > + syslog(audit_syslog_priority(handle),
> > + "connect to service %s by user %s\n",
> > + svc, user);
> > DEBUG(10, ("Connected to service %s as user %s\n",
> > svc, user));
> >
> > @@ -107,9 +105,7 @@ static int audit_connect(vfs_handle_struct *handle,
> const char *svc, const char
> >
> > static void audit_disconnect(vfs_handle_struct *handle)
> > {
> > - if (lp_syslog() > 0) {
> > - syslog(audit_syslog_priority(handle), "disconnected\n");
> > - }
> > + syslog(audit_syslog_priority(handle), "disconnected\n");
> > DEBUG(10, ("Disconnected from VFS module extd_audit\n"));
> > SMB_VFS_NEXT_DISCONNECT(handle);
> >
> > @@ -122,12 +118,10 @@ static DIR *audit_opendir(vfs_handle_struct
> *handle, const char *fname, const ch
> >
> > result = SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
> >
> > - if (lp_syslog() > 0) {
> > - syslog(audit_syslog_priority(handle), "opendir %s %s%s\n",
> > - fname,
> > - (result == NULL) ? "failed: " : "",
> > - (result == NULL) ? strerror(errno) : "");
> > - }
> > + syslog(audit_syslog_priority(handle), "opendir %s %s%s\n",
> > + fname,
> > + (result == NULL) ? "failed: " : "",
> > + (result == NULL) ? strerror(errno) : "");
> > DEBUG(1, ("vfs_extd_audit: opendir %s %s %s\n",
> > fname,
> > (result == NULL) ? "failed: " : "",
> > @@ -142,12 +136,10 @@ static int audit_mkdir(vfs_handle_struct *handle,
> const char *path, mode_t mode)
> >
> > result = SMB_VFS_NEXT_MKDIR(handle, path, mode);
> >
> > - if (lp_syslog() > 0) {
> > - syslog(audit_syslog_priority(handle), "mkdir %s %s%s\n",
> > - path,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : "");
> > - }
> > + syslog(audit_syslog_priority(handle), "mkdir %s %s%s\n",
> > + path,
> > + (result < 0) ? "failed: " : "",
> > + (result < 0) ? strerror(errno) : "");
> > DEBUG(0, ("vfs_extd_audit: mkdir %s %s %s\n",
> > path,
> > (result < 0) ? "failed: " : "",
> > @@ -162,12 +154,10 @@ static int audit_rmdir(vfs_handle_struct *handle,
> const char *path)
> >
> > result = SMB_VFS_NEXT_RMDIR(handle, path);
> >
> > - if (lp_syslog() > 0) {
> > - syslog(audit_syslog_priority(handle), "rmdir %s %s%s\n",
> > - path,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : "");
> > - }
> > + syslog(audit_syslog_priority(handle), "rmdir %s %s%s\n",
> > + path,
> > + (result < 0) ? "failed: " : "",
> > + (result < 0) ? strerror(errno) : "");
> > DEBUG(0, ("vfs_extd_audit: rmdir %s %s %s\n",
> > path,
> > (result < 0) ? "failed: " : "",
> > @@ -184,13 +174,11 @@ static int audit_open(vfs_handle_struct *handle,
> >
> > result = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
> >
> > - if (lp_syslog() > 0) {
> > - syslog(audit_syslog_priority(handle), "open %s (fd %d)
> %s%s%s\n",
> > - smb_fname->base_name, result,
> > - ((flags & O_WRONLY) || (flags & O_RDWR)) ? "for
> writing " : "",
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : "");
> > - }
> > + syslog(audit_syslog_priority(handle), "open %s (fd %d) %s%s%s\n",
> > + smb_fname->base_name, result,
> > + ((flags & O_WRONLY) || (flags & O_RDWR)) ? "for writing " :
> "",
> > + (result < 0) ? "failed: " : "",
> > + (result < 0) ? strerror(errno) : "");
> > DEBUG(2, ("vfs_extd_audit: open %s %s %s\n",
> > smb_fname_str_dbg(smb_fname),
> > (result < 0) ? "failed: " : "",
> > @@ -205,12 +193,10 @@ static int audit_close(vfs_handle_struct *handle,
> files_struct *fsp)
> >
> > result = SMB_VFS_NEXT_CLOSE(handle, fsp);
> >
> > - if (lp_syslog() > 0) {
> > - syslog(audit_syslog_priority(handle), "close fd %d %s%s\n",
> > - fsp->fh->fd,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : "");
> > - }
> > + syslog(audit_syslog_priority(handle), "close fd %d %s%s\n",
> > + fsp->fh->fd,
> > + (result < 0) ? "failed: " : "",
> > + (result < 0) ? strerror(errno) : "");
> > DEBUG(2, ("vfs_extd_audit: close fd %d %s %s\n",
> > fsp->fh->fd,
> > (result < 0) ? "failed: " : "",
> > @@ -227,13 +213,11 @@ static int audit_rename(vfs_handle_struct *handle,
> >
> > result = SMB_VFS_NEXT_RENAME(handle, smb_fname_src, smb_fname_dst);
> >
> > - if (lp_syslog() > 0) {
> > - syslog(audit_syslog_priority(handle), "rename %s -> %s
> %s%s\n",
> > - smb_fname_src->base_name,
> > - smb_fname_dst->base_name,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : "");
> > - }
> > + syslog(audit_syslog_priority(handle), "rename %s -> %s %s%s\n",
> > + smb_fname_src->base_name,
> > + smb_fname_dst->base_name,
> > + (result < 0) ? "failed: " : "",
> > + (result < 0) ? strerror(errno) : "");
> > DEBUG(1, ("vfs_extd_audit: rename old: %s newname: %s %s %s\n",
> > smb_fname_str_dbg(smb_fname_src),
> > smb_fname_str_dbg(smb_fname_dst),
> > @@ -250,12 +234,10 @@ static int audit_unlink(vfs_handle_struct *handle,
> >
> > result = SMB_VFS_NEXT_UNLINK(handle, smb_fname);
> >
> > - if (lp_syslog() > 0) {
> > - syslog(audit_syslog_priority(handle), "unlink %s %s%s\n",
> > - smb_fname->base_name,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : "");
> > - }
> > + syslog(audit_syslog_priority(handle), "unlink %s %s%s\n",
> > + smb_fname->base_name,
> > + (result < 0) ? "failed: " : "",
> > + (result < 0) ? strerror(errno) : "");
> > DEBUG(0, ("vfs_extd_audit: unlink %s %s %s\n",
> > smb_fname_str_dbg(smb_fname),
> > (result < 0) ? "failed: " : "",
> > @@ -270,12 +252,10 @@ static int audit_chmod(vfs_handle_struct *handle,
> const char *path, mode_t mode)
> >
> > result = SMB_VFS_NEXT_CHMOD(handle, path, mode);
> >
> > - if (lp_syslog() > 0) {
> > - syslog(audit_syslog_priority(handle), "chmod %s mode 0x%x
> %s%s\n",
> > - path, mode,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : "");
> > - }
> > + syslog(audit_syslog_priority(handle), "chmod %s mode 0x%x %s%s\n",
> > + path, mode,
> > + (result < 0) ? "failed: " : "",
> > + (result < 0) ? strerror(errno) : "");
> > DEBUG(1, ("vfs_extd_audit: chmod %s mode 0x%x %s %s\n",
> > path, (unsigned int)mode,
> > (result < 0) ? "failed: " : "",
> > @@ -290,12 +270,10 @@ static int audit_chmod_acl(vfs_handle_struct
> *handle, const char *path, mode_t m
> >
> > result = SMB_VFS_NEXT_CHMOD_ACL(handle, path, mode);
> >
> > - if (lp_syslog() > 0) {
> > - syslog(audit_syslog_priority(handle), "chmod_acl %s mode
> 0x%x %s%s\n",
> > - path, mode,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : "");
> > - }
> > + syslog(audit_syslog_priority(handle), "chmod_acl %s mode 0x%x
> %s%s\n",
> > + path, mode,
> > + (result < 0) ? "failed: " : "",
> > + (result < 0) ? strerror(errno) : "");
> > DEBUG(1, ("vfs_extd_audit: chmod_acl %s mode 0x%x %s %s\n",
> > path, (unsigned int)mode,
> > (result < 0) ? "failed: " : "",
> > @@ -310,12 +288,10 @@ static int audit_fchmod(vfs_handle_struct *handle,
> files_struct *fsp, mode_t mod
> >
> > result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
> >
> > - if (lp_syslog() > 0) {
> > - syslog(audit_syslog_priority(handle), "fchmod %s mode 0x%x
> %s%s\n",
> > - fsp->fsp_name->base_name, mode,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : "");
> > - }
> > + syslog(audit_syslog_priority(handle), "fchmod %s mode 0x%x %s%s\n",
> > + fsp->fsp_name->base_name, mode,
> > + (result < 0) ? "failed: " : "",
> > + (result < 0) ? strerror(errno) : "");
> > DEBUG(1, ("vfs_extd_audit: fchmod %s mode 0x%x %s %s",
> > fsp_str_dbg(fsp), (unsigned int)mode,
> > (result < 0) ? "failed: " : "",
> > @@ -330,12 +306,10 @@ static int audit_fchmod_acl(vfs_handle_struct
> *handle, files_struct *fsp, mode_t
> >
> > result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
> >
> > - if (lp_syslog() > 0) {
> > - syslog(audit_syslog_priority(handle), "fchmod_acl %s mode
> 0x%x %s%s\n",
> > - fsp->fsp_name->base_name, mode,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : "");
> > - }
> > + syslog(audit_syslog_priority(handle), "fchmod_acl %s mode 0x%x
> %s%s\n",
> > + fsp->fsp_name->base_name, mode,
> > + (result < 0) ? "failed: " : "",
> > + (result < 0) ? strerror(errno) : "");
> > DEBUG(1, ("vfs_extd_audit: fchmod_acl %s mode 0x%x %s %s",
> > fsp_str_dbg(fsp), (unsigned int)mode,
> > (result < 0) ? "failed: " : "",
> > --
> > 2.1.0
> >
> >
> > From c31fccc080bacc84bc4fe5f3c9a74350df436d92 Mon Sep 17 00:00:00 2001
> > From: Michael Adam <obnox at samba.org>
> > Date: Fri, 27 Mar 2015 00:23:33 +0100
> > Subject: [PATCH 2/2] vfs: remove the deprecated extd_audit vfs module.
> >
> > Signed-off-by: Michael Adam <obnox at samba.org>
> > ---
> > docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml | 67 -------
> > docs-xml/Samba3-HOWTO/manpages.xml | 1 -
> > docs-xml/manpages/vfs_extd_audit.8.xml | 68 -------
> > docs-xml/smbdotconf/vfs/vfsobjects.xml | 2 +-
> > docs-xml/wscript_build | 1 -
> > packaging/RHEL-CTDB/samba.spec.tmpl | 1 -
> > packaging/Solaris/makepkg.sh | 2 +-
> > source3/include/vfs.h | 2 +-
> > source3/modules/vfs_extd_audit.c | 354
> ---------------------------------
> > source3/modules/wscript_build | 8 -
> > source3/wscript | 2 +-
> > 11 files changed, 4 insertions(+), 504 deletions(-)
> > delete mode 100644 docs-xml/manpages/vfs_extd_audit.8.xml
> > delete mode 100644 source3/modules/vfs_extd_audit.c
> >
> > diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml
> b/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml
> > index 8b3b835..aca26a2 100644
> > --- a/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml
> > +++ b/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml
> > @@ -239,73 +239,6 @@ quotasettings: gid nolimit = no
> >
> > </sect2>
> >
> > - <sect2>
> > - <title>extd_audit</title>
> > -
> > - <para>
> > -<indexterm><primary>audit module</primary></indexterm>
> > -<indexterm><primary>extd_audit module</primary></indexterm>
> > -<indexterm><primary>smbd</primary></indexterm>
> > - This module is identical with the <command>audit</command>
> module above except
> > - that it sends audit logs to both syslog as well as the
> <command>smbd</command> log files. The
> > - <smbconfoption name="log level"/> for this module is set
> in the &smb.conf; file.
> > - </para>
> > -
> > - <para>
> > - Valid settings and the information that will be recorded
> are shown in <link linkend="xtdaudit">the next table</link>.
> > - </para>
> > -
> > - <table frame="all" id="xtdaudit">
> > - <title>Extended Auditing Log Information</title>
> > - <tgroup cols="2" align="center">
> > - <thead>
> > - <row><entry align="center">Log
> Level</entry><entry>Log Details - File and Directory
> Operations</entry></row>
> > - </thead>
> > - <tbody>
> > - <row><entry align="center">0</entry><entry
> align="left">Make Directory, Remove Directory, Unlink</entry></row>
> > - <row><entry align="center">1</entry><entry
> align="left">Open Directory, Rename File, Change
> Permissions/ACLs</entry></row>
> > - <row><entry align="center">2</entry><entry
> align="left">Open & Close File</entry></row>
> > - <row><entry align="center">10</entry><entry
> align="left">Maximum Debug Level</entry></row>
> > - </tbody>
> > - </tgroup>
> > - </table>
> > -
> > - <sect3>
> > - <title>Configuration of Auditing</title>
> > -
> > - <para>
> > -<indexterm><primary>logging</primary></indexterm>
> > - This auditing tool is more flexible than most people will
> readily recognize. There are a number of ways
> > - by which useful logging information can be recorded.
> > - </para>
> > -
> > - <itemizedlist>
> > - <listitem><para>Syslog can be used to record all
> transaction. This can be disabled by setting
> > - in the &smb.conf; file
> <parameter>syslog = 0</parameter>.</para></listitem>
> > - <listitem><para>Logging can take place to the
> default log file (<filename>log.smbd</filename>)
> > - for all loaded VFS modules just by
> setting in the &smb.conf; file
> > - <parameter>log level = 0
> vfs:x</parameter>, where x is the log level.
> > - This will disable general logging
> while activating all logging of VFS
> > - module activity at the log level
> specified.</para></listitem>
> > - <listitem><para>Detailed logging can be obtained
> per user, per client machine, etc.
> > - This requires the above together
> with the creative use of the
> > - <parameter>log file</parameter>
> settings.</para>
> > - <para>An example of detailed
> per-user and per-machine logging can
> > - be obtained by setting
> > - <smbconfoption name="log
> file">/var/log/samba/%U.%m.log</smbconfoption>.
> > - </para></listitem>
> > - </itemizedlist>
> > -
> > - <para>
> > - Auditing information often must be preserved for a long
> time. So that the log files do not get rotated
> > - it is essential that the <smbconfoption name="max log
> size">0</smbconfoption> be set
> > - in the &smb.conf; file.
> > - </para>
> > -
> > - </sect3>
> > -
> > - </sect2>
> > -
> > <sect2 id="fakeperms">
> > <title>fake_perms</title>
> >
> > diff --git a/docs-xml/Samba3-HOWTO/manpages.xml
> b/docs-xml/Samba3-HOWTO/manpages.xml
> > index 577ac8b..498ea30 100644
> > --- a/docs-xml/Samba3-HOWTO/manpages.xml
> > +++ b/docs-xml/Samba3-HOWTO/manpages.xml
> > @@ -53,7 +53,6 @@
> > <xi:include href="../manpages/vfs_catia.8.xml"/>
> > <xi:include href="../manpages/vfs_commit.8.xml"/>
> > <xi:include href="../manpages/vfs_default_quota.8.xml"/>
> > - <xi:include href="../manpages/vfs_extd_audit.8.xml"/>
> > <xi:include href="../manpages/vfs_fake_perms.8.xml"/>
> > <xi:include href="../manpages/vfs_full_audit.8.xml"/>
> > <xi:include href="../manpages/vfs_gpfs.8.xml"/>
> > diff --git a/docs-xml/manpages/vfs_extd_audit.8.xml
> b/docs-xml/manpages/vfs_extd_audit.8.xml
> > deleted file mode 100644
> > index e3153ee..0000000
> > --- a/docs-xml/manpages/vfs_extd_audit.8.xml
> > +++ /dev/null
> > @@ -1,68 +0,0 @@
> > -<?xml version="1.0" encoding="iso-8859-1"?>
> > -<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based
> Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
> > -<refentry id="vfs_extd_audit.8">
> > -
> > -<refmeta>
> > - <refentrytitle>vfs_extd_audit</refentrytitle>
> > - <manvolnum>8</manvolnum>
> > - <refmiscinfo class="source">Samba</refmiscinfo>
> > - <refmiscinfo class="manual">System Administration
> tools</refmiscinfo>
> > - <refmiscinfo class="version">4.2</refmiscinfo>
> > -</refmeta>
> > -
> > -
> > -<refnamediv>
> > - <refname>vfs_extd_audit</refname>
> > - <refpurpose>record selected Samba VFS operations</refpurpose>
> > -</refnamediv>
> > -
> > -<refsynopsisdiv>
> > - <cmdsynopsis>
> > - <command>vfs objects = extd_audit</command>
> > - </cmdsynopsis>
> > -</refsynopsisdiv>
> > -
> > -<refsect1>
> > - <title>DESCRIPTION</title>
> > -
> > - <para>This VFS module is part of the
> > - <citerefentry><refentrytitle>samba</refentrytitle>
> > - <manvolnum>7</manvolnum></citerefentry> suite.</para>
> > -
> > - <para>The <command>extd_audit</command> VFS module records selected
> > - client operations to both the
> > - <citerefentry><refentrytitle>smbd</refentrytitle>
> > - <manvolnum>8</manvolnum></citerefentry> log and
> > - system log (using
> > - <citerefentry><refentrytitle>syslog</refentrytitle>
> > - <manvolnum>3</manvolnum></citerefentry>).</para>
> > -
> > - <para>Other than logging to the
> > - <citerefentry><refentrytitle>smbd</refentrytitle>
> > - <manvolnum>8</manvolnum></citerefentry> log,
> > - <command>vfs_extd_audit</command> is identical to
> > - <citerefentry><refentrytitle>vfs_audit</refentrytitle>
> > - <manvolnum>8</manvolnum></citerefentry>.
> > - </para>
> > -
> > - <para>This module is stackable.</para>
> > -
> > -</refsect1>
> > -
> > -<refsect1>
> > - <title>VERSION</title>
> > - <para>This man page is correct for version 3.0.25 of the Samba
> suite.
> > - </para>
> > -</refsect1>
> > -
> > -<refsect1>
> > - <title>AUTHOR</title>
> > -
> > - <para>The original Samba software and related utilities
> > - were created by Andrew Tridgell. Samba is now developed
> > - by the Samba Team as an Open Source project similar
> > - to the way the Linux kernel is developed.</para>
> > -
> > -</refsect1>
> > -
> > -</refentry>
> > diff --git a/docs-xml/smbdotconf/vfs/vfsobjects.xml
> b/docs-xml/smbdotconf/vfs/vfsobjects.xml
> > index 09d41c7..677df22 100644
> > --- a/docs-xml/smbdotconf/vfs/vfsobjects.xml
> > +++ b/docs-xml/smbdotconf/vfs/vfsobjects.xml
> > @@ -11,5 +11,5 @@
> > </description>
> >
> > <value type="default"/>
> > -<value type="example">extd_audit recycle</value>
> > +<value type="example">full_audit recycle</value>
> > </samba:parameter>
> > diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
> > index 66da399..b3ea02b 100644
> > --- a/docs-xml/wscript_build
> > +++ b/docs-xml/wscript_build
> > @@ -58,7 +58,6 @@ manpages='''
> > manpages/vfs_crossrename.8
> > manpages/vfs_default_quota.8
> > manpages/vfs_dirsort.8
> > - manpages/vfs_extd_audit.8
> > manpages/vfs_fake_perms.8
> > manpages/vfs_fileid.8
> > manpages/vfs_fruit.8
> > diff --git a/packaging/RHEL-CTDB/samba.spec.tmpl
> b/packaging/RHEL-CTDB/samba.spec.tmpl
> > index ad18826..9b7b4e5 100644
> > --- a/packaging/RHEL-CTDB/samba.spec.tmpl
> > +++ b/packaging/RHEL-CTDB/samba.spec.tmpl
> > @@ -405,7 +405,6 @@ exit 0
> > %{_libarchdir}/samba/vfs/default_quota.so
> > %{_libarchdir}/samba/vfs/dirsort.so
> > %{_libarchdir}/samba/vfs/expand_msdfs.so
> > -%{_libarchdir}/samba/vfs/extd_audit.so
> > %{_libarchdir}/samba/vfs/fake_acls.so
> > %{_libarchdir}/samba/vfs/fake_perms.so
> > %{_libarchdir}/samba/vfs/fileid.so
> > diff --git a/packaging/Solaris/makepkg.sh b/packaging/Solaris/makepkg.sh
> > index 8348413..bb80d81 100644
> > --- a/packaging/Solaris/makepkg.sh
> > +++ b/packaging/Solaris/makepkg.sh
> > @@ -11,7 +11,7 @@ INSTALL_BASE=/opt/samba
> > SBINPROGS="smbd nmbd winbindd swat"
> > BINPROGS="findsmb nmblookup eventlogadm pdbedit rpcclient smbclient
> smbcquotas smbspool smbtar tdbbackup testparm wbinfo net ntlm_auth profiles
> smbcacls smbcontrol smbpasswd smbstatus smbtree tdbdump"
> > MSGFILES="de.msg en.msg fi.msg fr.msg it.msg ja.msg nl.msg pl.msg
> tr.msg"
> > -VFSLIBS="audit.so default_quota.so extd_audit.so full_audit.so
> readonly.so shadow_copy.so cap.so expand_msdfs.so fake_perms.so netatalk.so
> recycle.so"
> > +VFSLIBS="audit.so default_quota.so full_audit.so readonly.so
> shadow_copy.so cap.so expand_msdfs.so fake_perms.so netatalk.so recycle.so"
> > CHARSETLIBS="CP437.so CP850.so"
> > AUTHLIBS="script.so"
> >
> > diff --git a/source3/include/vfs.h b/source3/include/vfs.h
> > index b2880b7..b7d5cbe 100644
> > --- a/source3/include/vfs.h
> > +++ b/source3/include/vfs.h
> > @@ -169,7 +169,7 @@
> >
> > /*
> > All intercepted VFS operations must be declared as static functions
> inside module source
> > - in order to keep smbd namespace unpolluted. See source of audit,
> extd_audit, fake_perms and recycle
> > + in order to keep smbd namespace unpolluted. See source of audit,
> full_audit, fake_perms and recycle
> > example VFS modules for more details.
> > */
> >
> > diff --git a/source3/modules/vfs_extd_audit.c
> b/source3/modules/vfs_extd_audit.c
> > deleted file mode 100644
> > index 90da962..0000000
> > --- a/source3/modules/vfs_extd_audit.c
> > +++ /dev/null
> > @@ -1,354 +0,0 @@
> > -/*
> > - * Auditing VFS module for samba. Log selected file operations to
> syslog
> > - * facility.
> > - *
> > - * Copyright (C) Tim Potter, 1999-2000
> > - * Copyright (C) Alexander Bokovoy, 2002
> > - * Copyright (C) John H Terpstra, 2003
> > - * Copyright (C) Stefan (metze) Metzmacher, 2003
> > - *
> > - * This program is free software; you can redistribute it and/or modify
> > - * it under the terms of the GNU General Public License as published by
> > - * the Free Software Foundation; either version 3 of the License, or
> > - * (at your option) any later version.
> > - *
> > - * This program is distributed in the hope that it will be useful,
> > - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> > - * GNU General Public License for more details.
> > - *
> > - * You should have received a copy of the GNU General Public License
> > - * along with this program; if not, see <http://www.gnu.org/licenses/>.
> > - */
> > -
> > -
> > -#include "includes.h"
> > -#include "system/filesys.h"
> > -#include "system/syslog.h"
> > -#include "smbd/smbd.h"
> > -#include "lib/param/loadparm.h"
> > -
> > -static int vfs_extd_audit_debug_level = DBGC_VFS;
> > -
> > -#undef DBGC_CLASS
> > -#define DBGC_CLASS vfs_extd_audit_debug_level
> > -
> > -static int audit_syslog_facility(vfs_handle_struct *handle)
> > -{
> > - static const struct enum_list enum_log_facilities[] = {
> > - { LOG_USER, "USER" },
> > - { LOG_LOCAL0, "LOCAL0" },
> > - { LOG_LOCAL1, "LOCAL1" },
> > - { LOG_LOCAL2, "LOCAL2" },
> > - { LOG_LOCAL3, "LOCAL3" },
> > - { LOG_LOCAL4, "LOCAL4" },
> > - { LOG_LOCAL5, "LOCAL5" },
> > - { LOG_LOCAL6, "LOCAL6" },
> > - { LOG_LOCAL7, "LOCAL7" },
> > - { -1, NULL}
> > - };
> > -
> > - int facility;
> > -
> > - facility = lp_parm_enum(SNUM(handle->conn), "extd_audit",
> "facility", enum_log_facilities, LOG_USER);
> > -
> > - return facility;
> > -}
> > -
> > -
> > -static int audit_syslog_priority(vfs_handle_struct *handle)
> > -{
> > - static const struct enum_list enum_log_priorities[] = {
> > - { LOG_EMERG, "EMERG" },
> > - { LOG_ALERT, "ALERT" },
> > - { LOG_CRIT, "CRIT" },
> > - { LOG_ERR, "ERR" },
> > - { LOG_WARNING, "WARNING" },
> > - { LOG_NOTICE, "NOTICE" },
> > - { LOG_INFO, "INFO" },
> > - { LOG_DEBUG, "DEBUG" },
> > - { -1, NULL}
> > - };
> > -
> > - int priority;
> > -
> > - priority = lp_parm_enum(SNUM(handle->conn), "extd_audit",
> "priority",
> > - enum_log_priorities, LOG_NOTICE);
> > - if (priority == -1) {
> > - priority = LOG_WARNING;
> > - }
> > -
> > - return priority;
> > -}
> > -
> > -/* Implementation of vfs_ops. Pass everything on to the default
> > - operation but log event first. */
> > -
> > -static int audit_connect(vfs_handle_struct *handle, const char *svc,
> const char *user)
> > -{
> > - int result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
> > -
> > - if (result < 0) {
> > - return result;
> > - }
> > -
> > - openlog("smbd_audit", LOG_PID, audit_syslog_facility(handle));
> > -
> > - syslog(audit_syslog_priority(handle),
> > - "connect to service %s by user %s\n",
> > - svc, user);
> > - DEBUG(10, ("Connected to service %s as user %s\n",
> > - svc, user));
> > -
> > - return 0;
> > -}
> > -
> > -static void audit_disconnect(vfs_handle_struct *handle)
> > -{
> > - syslog(audit_syslog_priority(handle), "disconnected\n");
> > - DEBUG(10, ("Disconnected from VFS module extd_audit\n"));
> > - SMB_VFS_NEXT_DISCONNECT(handle);
> > -
> > - return;
> > -}
> > -
> > -static DIR *audit_opendir(vfs_handle_struct *handle, const char *fname,
> const char *mask, uint32 attr)
> > -{
> > - DIR *result;
> > -
> > - result = SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
> > -
> > - syslog(audit_syslog_priority(handle), "opendir %s %s%s\n",
> > - fname,
> > - (result == NULL) ? "failed: " : "",
> > - (result == NULL) ? strerror(errno) : "");
> > - DEBUG(1, ("vfs_extd_audit: opendir %s %s %s\n",
> > - fname,
> > - (result == NULL) ? "failed: " : "",
> > - (result == NULL) ? strerror(errno) : ""));
> > -
> > - return result;
> > -}
> > -
> > -static int audit_mkdir(vfs_handle_struct *handle, const char *path,
> mode_t mode)
> > -{
> > - int result;
> > -
> > - result = SMB_VFS_NEXT_MKDIR(handle, path, mode);
> > -
> > - syslog(audit_syslog_priority(handle), "mkdir %s %s%s\n",
> > - path,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : "");
> > - DEBUG(0, ("vfs_extd_audit: mkdir %s %s %s\n",
> > - path,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : ""));
> > -
> > - return result;
> > -}
> > -
> > -static int audit_rmdir(vfs_handle_struct *handle, const char *path)
> > -{
> > - int result;
> > -
> > - result = SMB_VFS_NEXT_RMDIR(handle, path);
> > -
> > - syslog(audit_syslog_priority(handle), "rmdir %s %s%s\n",
> > - path,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : "");
> > - DEBUG(0, ("vfs_extd_audit: rmdir %s %s %s\n",
> > - path,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : ""));
> > -
> > - return result;
> > -}
> > -
> > -static int audit_open(vfs_handle_struct *handle,
> > - struct smb_filename *smb_fname, files_struct *fsp,
> > - int flags, mode_t mode)
> > -{
> > - int result;
> > -
> > - result = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
> > -
> > - syslog(audit_syslog_priority(handle), "open %s (fd %d) %s%s%s\n",
> > - smb_fname->base_name, result,
> > - ((flags & O_WRONLY) || (flags & O_RDWR)) ? "for writing " :
> "",
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : "");
> > - DEBUG(2, ("vfs_extd_audit: open %s %s %s\n",
> > - smb_fname_str_dbg(smb_fname),
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : ""));
> > -
> > - return result;
> > -}
> > -
> > -static int audit_close(vfs_handle_struct *handle, files_struct *fsp)
> > -{
> > - int result;
> > -
> > - result = SMB_VFS_NEXT_CLOSE(handle, fsp);
> > -
> > - syslog(audit_syslog_priority(handle), "close fd %d %s%s\n",
> > - fsp->fh->fd,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : "");
> > - DEBUG(2, ("vfs_extd_audit: close fd %d %s %s\n",
> > - fsp->fh->fd,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : ""));
> > -
> > - return result;
> > -}
> > -
> > -static int audit_rename(vfs_handle_struct *handle,
> > - const struct smb_filename *smb_fname_src,
> > - const struct smb_filename *smb_fname_dst)
> > -{
> > - int result;
> > -
> > - result = SMB_VFS_NEXT_RENAME(handle, smb_fname_src, smb_fname_dst);
> > -
> > - syslog(audit_syslog_priority(handle), "rename %s -> %s %s%s\n",
> > - smb_fname_src->base_name,
> > - smb_fname_dst->base_name,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : "");
> > - DEBUG(1, ("vfs_extd_audit: rename old: %s newname: %s %s %s\n",
> > - smb_fname_str_dbg(smb_fname_src),
> > - smb_fname_str_dbg(smb_fname_dst),
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : ""));
> > -
> > - return result;
> > -}
> > -
> > -static int audit_unlink(vfs_handle_struct *handle,
> > - const struct smb_filename *smb_fname)
> > -{
> > - int result;
> > -
> > - result = SMB_VFS_NEXT_UNLINK(handle, smb_fname);
> > -
> > - syslog(audit_syslog_priority(handle), "unlink %s %s%s\n",
> > - smb_fname->base_name,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : "");
> > - DEBUG(0, ("vfs_extd_audit: unlink %s %s %s\n",
> > - smb_fname_str_dbg(smb_fname),
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : ""));
> > -
> > - return result;
> > -}
> > -
> > -static int audit_chmod(vfs_handle_struct *handle, const char *path,
> mode_t mode)
> > -{
> > - int result;
> > -
> > - result = SMB_VFS_NEXT_CHMOD(handle, path, mode);
> > -
> > - syslog(audit_syslog_priority(handle), "chmod %s mode 0x%x %s%s\n",
> > - path, mode,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : "");
> > - DEBUG(1, ("vfs_extd_audit: chmod %s mode 0x%x %s %s\n",
> > - path, (unsigned int)mode,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : ""));
> > -
> > - return result;
> > -}
> > -
> > -static int audit_chmod_acl(vfs_handle_struct *handle, const char *path,
> mode_t mode)
> > -{
> > - int result;
> > -
> > - result = SMB_VFS_NEXT_CHMOD_ACL(handle, path, mode);
> > -
> > - syslog(audit_syslog_priority(handle), "chmod_acl %s mode 0x%x
> %s%s\n",
> > - path, mode,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : "");
> > - DEBUG(1, ("vfs_extd_audit: chmod_acl %s mode 0x%x %s %s\n",
> > - path, (unsigned int)mode,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : ""));
> > -
> > - return result;
> > -}
> > -
> > -static int audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
> mode_t mode)
> > -{
> > - int result;
> > -
> > - result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
> > -
> > - syslog(audit_syslog_priority(handle), "fchmod %s mode 0x%x %s%s\n",
> > - fsp->fsp_name->base_name, mode,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : "");
> > - DEBUG(1, ("vfs_extd_audit: fchmod %s mode 0x%x %s %s",
> > - fsp_str_dbg(fsp), (unsigned int)mode,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : ""));
> > -
> > - return result;
> > -}
> > -
> > -static int audit_fchmod_acl(vfs_handle_struct *handle, files_struct
> *fsp, mode_t mode)
> > -{
> > - int result;
> > -
> > - result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
> > -
> > - syslog(audit_syslog_priority(handle), "fchmod_acl %s mode 0x%x
> %s%s\n",
> > - fsp->fsp_name->base_name, mode,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : "");
> > - DEBUG(1, ("vfs_extd_audit: fchmod_acl %s mode 0x%x %s %s",
> > - fsp_str_dbg(fsp), (unsigned int)mode,
> > - (result < 0) ? "failed: " : "",
> > - (result < 0) ? strerror(errno) : ""));
> > -
> > - return result;
> > -}
> > -
> > -static struct vfs_fn_pointers vfs_extd_audit_fns = {
> > - .connect_fn = audit_connect,
> > - .disconnect_fn = audit_disconnect,
> > - .opendir_fn = audit_opendir,
> > - .mkdir_fn = audit_mkdir,
> > - .rmdir_fn = audit_rmdir,
> > - .open_fn = audit_open,
> > - .close_fn = audit_close,
> > - .rename_fn = audit_rename,
> > - .unlink_fn = audit_unlink,
> > - .chmod_fn = audit_chmod,
> > - .fchmod_fn = audit_fchmod,
> > - .chmod_acl_fn = audit_chmod_acl,
> > - .fchmod_acl_fn = audit_fchmod_acl,
> > -};
> > -
> > -NTSTATUS vfs_extd_audit_init(void)
> > -{
> > - NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
> > - "extd_audit", &vfs_extd_audit_fns);
> > -
> > - if (!NT_STATUS_IS_OK(ret))
> > - return ret;
> > -
> > - vfs_extd_audit_debug_level = debug_add_class("extd_audit");
> > - if (vfs_extd_audit_debug_level == -1) {
> > - vfs_extd_audit_debug_level = DBGC_VFS;
> > - DEBUG(0, ("vfs_extd_audit: Couldn't register custom
> debugging class!\n"));
> > - } else {
> > - DEBUG(10, ("vfs_extd_audit: Debug class number of
> 'extd_audit': %d\n", vfs_extd_audit_debug_level));
> > - }
> > -
> > - return ret;
> > -}
> > diff --git a/source3/modules/wscript_build
> b/source3/modules/wscript_build
> > index 018cbe9..520a3b2 100644
> > --- a/source3/modules/wscript_build
> > +++ b/source3/modules/wscript_build
> > @@ -33,14 +33,6 @@ bld.SAMBA3_MODULE('vfs_audit',
> >
> internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_audit'),
> > enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_audit'))
> >
> > -bld.SAMBA3_MODULE('vfs_extd_audit',
> > - subsystem='vfs',
> > - source='vfs_extd_audit.c',
> > - deps='samba-util',
> > - init_function='',
> > -
> internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_extd_audit'),
> > - enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_extd_audit'))
> > -
> > bld.SAMBA3_MODULE('vfs_full_audit',
> > subsystem='vfs',
> > source='vfs_full_audit.c',
> > diff --git a/source3/wscript b/source3/wscript
> > index 818cdad..000a2a2 100644
> > --- a/source3/wscript
> > +++ b/source3/wscript
> > @@ -1576,7 +1576,7 @@ main() {
> > nss_info_template idmap_tdb
> idmap_passdb
> > idmap_nss'''))
> >
> > - default_shared_modules.extend(TO_LIST('''vfs_recycle vfs_audit
> vfs_extd_audit vfs_full_audit vfs_netatalk
> > + default_shared_modules.extend(TO_LIST('''vfs_recycle vfs_audit
> vfs_full_audit vfs_netatalk
> > vfs_fake_perms vfs_default_quota
> vfs_readonly vfs_cap
> > vfs_expand_msdfs vfs_shadow_copy
> vfs_shadow_copy2
> > auth_script vfs_readahead
> vfs_xattr_tdb vfs_posix_eadb
> > --
> > 2.1.0
> >
>
>
>
>
More information about the samba-technical
mailing list