[PATCHES] Check for missing VFS functions in time_audit and full_audit
Jeremy Allison
jra at samba.org
Tue Apr 5 00:12:15 UTC 2016
On Fri, Apr 01, 2016 at 09:53:34AM -0700, Christof Schmitt wrote:
> On Fri, Apr 01, 2016 at 11:08:27AM +0200, Volker Lendecke wrote:
> > On Thu, Mar 31, 2016 at 10:50:47PM -0700, Christof Schmitt wrote:
> > > The goal of time_audit and full_audit is to intercept all VFS functions.
> > > Everytime a new VFS functions is added, this is easily forgotten. The
> > > attached patches add a hack to check for missing functions in developer
> > > mode. It is ugly, but i could not find a better way to achieve this.
> > >
> > > On current master it already spots missing functions:
> >
> > Oh, very cool!
> >
> > Can we make this abort please?
>
> Like the attached patches? After thinking about this, moving the code in
> a vfs helper function would make sense to duplication.
>
> The downside with aborting is that we now have to add the missing
> functions before pushing this. ;-)
OK, as promised - here is a patchset that adds
the missing VFS functions to full_audit and time_audit.
With this patchset in place I can successfully
run make test TESTS=rw1 with your patches applied on top
(which previously failed).
Please review and push if happy. Once these
have gone in I can push your patchset to make
sure we never regress !
Cheers,
Jeremy.
-------------- next part --------------
From 3e98d8d20a9c31134e9cd5be83b636b2511d7afa Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Mon, 4 Apr 2016 16:22:06 -0700
Subject: [PATCH 01/10] s3: vfs: full_audit. Sort vfs fn list and add comments
on missing entries.
Signed-off-by: Jeremy Allison <jra at samba.org>
---
source3/modules/vfs_full_audit.c | 69 ++++++++++++++++++++++++++++++----------
1 file changed, 53 insertions(+), 16 deletions(-)
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index 654c627..3c60668 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -97,9 +97,8 @@ typedef enum _vfs_op_type {
SMB_VFS_OP_GET_SHADOW_COPY_DATA,
SMB_VFS_OP_STATVFS,
SMB_VFS_OP_FS_CAPABILITIES,
- SMB_VFS_OP_SNAP_CHECK_PATH,
- SMB_VFS_OP_SNAP_CREATE,
- SMB_VFS_OP_SNAP_DELETE,
+
+ /* Missing get_dfs_referrals */
/* Directory operations */
@@ -169,11 +168,14 @@ typedef enum _vfs_op_type {
SMB_VFS_OP_STRICT_LOCK,
SMB_VFS_OP_STRICT_UNLOCK,
SMB_VFS_OP_TRANSLATE_NAME,
+ /* Missing fsctl */
SMB_VFS_OP_COPY_CHUNK_SEND,
SMB_VFS_OP_COPY_CHUNK_RECV,
SMB_VFS_OP_GET_COMPRESSION,
SMB_VFS_OP_SET_COMPRESSION,
- SMB_VFS_OP_READDIR_ATTR,
+ SMB_VFS_OP_SNAP_CHECK_PATH,
+ SMB_VFS_OP_SNAP_CREATE,
+ SMB_VFS_OP_SNAP_DELETE,
/* DOS attribute operations. */
SMB_VFS_OP_GET_DOS_ATTRIBUTES,
@@ -186,6 +188,7 @@ typedef enum _vfs_op_type {
SMB_VFS_OP_FGET_NT_ACL,
SMB_VFS_OP_GET_NT_ACL,
SMB_VFS_OP_FSET_NT_ACL,
+ /* Missing audit_file */
/* POSIX ACL operations. */
@@ -217,6 +220,15 @@ typedef enum _vfs_op_type {
SMB_VFS_OP_IS_OFFLINE,
SMB_VFS_OP_SET_OFFLINE,
+ /* Durable handle operations */
+ /* Missing:
+ durable_cookie
+ durable_disconnect
+ durable_reconnect
+ */
+
+ SMB_VFS_OP_READDIR_ATTR,
+
/* This should always be last enum value */
SMB_VFS_OP_LAST
@@ -236,9 +248,7 @@ static struct {
{ SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
{ SMB_VFS_OP_STATVFS, "statvfs" },
{ SMB_VFS_OP_FS_CAPABILITIES, "fs_capabilities" },
- { SMB_VFS_OP_SNAP_CHECK_PATH, "snap_check_path" },
- { SMB_VFS_OP_SNAP_CREATE, "snap_create" },
- { SMB_VFS_OP_SNAP_DELETE, "snap_delete" },
+ /* Missing get_dfs_referrals */
{ SMB_VFS_OP_OPENDIR, "opendir" },
{ SMB_VFS_OP_FDOPENDIR, "fdopendir" },
{ SMB_VFS_OP_READDIR, "readdir" },
@@ -302,11 +312,14 @@ static struct {
{ SMB_VFS_OP_STRICT_LOCK, "strict_lock" },
{ SMB_VFS_OP_STRICT_UNLOCK, "strict_unlock" },
{ SMB_VFS_OP_TRANSLATE_NAME, "translate_name" },
+ /* Missing fsctl */
{ SMB_VFS_OP_COPY_CHUNK_SEND, "copy_chunk_send" },
{ SMB_VFS_OP_COPY_CHUNK_RECV, "copy_chunk_recv" },
{ SMB_VFS_OP_GET_COMPRESSION, "get_compression" },
{ SMB_VFS_OP_SET_COMPRESSION, "set_compression" },
- { SMB_VFS_OP_READDIR_ATTR, "readdir_attr" },
+ { SMB_VFS_OP_SNAP_CHECK_PATH, "snap_check_path" },
+ { SMB_VFS_OP_SNAP_CREATE, "snap_create" },
+ { SMB_VFS_OP_SNAP_DELETE, "snap_delete" },
{ SMB_VFS_OP_GET_DOS_ATTRIBUTES, "get_dos_attributes" },
{ SMB_VFS_OP_FGET_DOS_ATTRIBUTES, "fget_dos_attributes" },
{ SMB_VFS_OP_SET_DOS_ATTRIBUTES, "set_dos_attributes" },
@@ -314,6 +327,7 @@ static struct {
{ SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
{ SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
{ SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
+ /* Missing audit_file */
{ SMB_VFS_OP_CHMOD_ACL, "chmod_acl" },
{ SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" },
{ SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
@@ -334,6 +348,12 @@ static struct {
{ SMB_VFS_OP_AIO_FORCE, "aio_force" },
{ SMB_VFS_OP_IS_OFFLINE, "is_offline" },
{ SMB_VFS_OP_SET_OFFLINE, "set_offline" },
+ /* Missing:
+ durable_cookie
+ durable_disconnect
+ durable_reconnect
+ */
+ { SMB_VFS_OP_READDIR_ATTR, "readdir_attr" },
{ SMB_VFS_OP_LAST, NULL }
};
@@ -2333,9 +2353,9 @@ static struct vfs_fn_pointers vfs_full_audit_fns = {
.get_shadow_copy_data_fn = smb_full_audit_get_shadow_copy_data,
.statvfs_fn = smb_full_audit_statvfs,
.fs_capabilities_fn = smb_full_audit_fs_capabilities,
- .snap_check_path_fn = smb_full_audit_snap_check_path,
- .snap_create_fn = smb_full_audit_snap_create,
- .snap_delete_fn = smb_full_audit_snap_delete,
+
+ /* Missing get_dfs_referrals_fn */
+
.opendir_fn = smb_full_audit_opendir,
.fdopendir_fn = smb_full_audit_fdopendir,
.readdir_fn = smb_full_audit_readdir,
@@ -2390,6 +2410,13 @@ static struct vfs_fn_pointers vfs_full_audit_fns = {
.realpath_fn = smb_full_audit_realpath,
.chflags_fn = smb_full_audit_chflags,
.file_id_create_fn = smb_full_audit_file_id_create,
+ .copy_chunk_send_fn = smb_full_audit_copy_chunk_send,
+ .copy_chunk_recv_fn = smb_full_audit_copy_chunk_recv,
+ .get_compression_fn = smb_full_audit_get_compression,
+ .set_compression_fn = smb_full_audit_set_compression,
+ .snap_check_path_fn = smb_full_audit_snap_check_path,
+ .snap_create_fn = smb_full_audit_snap_create,
+ .snap_delete_fn = smb_full_audit_snap_delete,
.streaminfo_fn = smb_full_audit_streaminfo,
.get_real_filename_fn = smb_full_audit_get_real_filename,
.connectpath_fn = smb_full_audit_connectpath,
@@ -2399,11 +2426,9 @@ static struct vfs_fn_pointers vfs_full_audit_fns = {
.strict_lock_fn = smb_full_audit_strict_lock,
.strict_unlock_fn = smb_full_audit_strict_unlock,
.translate_name_fn = smb_full_audit_translate_name,
- .copy_chunk_send_fn = smb_full_audit_copy_chunk_send,
- .copy_chunk_recv_fn = smb_full_audit_copy_chunk_recv,
- .get_compression_fn = smb_full_audit_get_compression,
- .set_compression_fn = smb_full_audit_set_compression,
- .readdir_attr_fn = smb_full_audit_readdir_attr,
+
+ /* Missing fsctl_fn */
+
.get_dos_attributes_fn = smb_full_audit_get_dos_attributes,
.fget_dos_attributes_fn = smb_full_audit_fget_dos_attributes,
.set_dos_attributes_fn = smb_full_audit_set_dos_attributes,
@@ -2411,6 +2436,9 @@ static struct vfs_fn_pointers vfs_full_audit_fns = {
.fget_nt_acl_fn = smb_full_audit_fget_nt_acl,
.get_nt_acl_fn = smb_full_audit_get_nt_acl,
.fset_nt_acl_fn = smb_full_audit_fset_nt_acl,
+
+ /* Missing audit_file_fn */
+
.chmod_acl_fn = smb_full_audit_chmod_acl,
.fchmod_acl_fn = smb_full_audit_fchmod_acl,
.sys_acl_get_file_fn = smb_full_audit_sys_acl_get_file,
@@ -2431,6 +2459,15 @@ static struct vfs_fn_pointers vfs_full_audit_fns = {
.aio_force_fn = smb_full_audit_aio_force,
.is_offline_fn = smb_full_audit_is_offline,
.set_offline_fn = smb_full_audit_set_offline,
+
+ /* Missing:
+
+ durable_cookie_fn
+ durable_disconnect_fn
+ durable_reconnect_fn
+ */
+ .readdir_attr_fn = smb_full_audit_readdir_attr
+
};
static_decl_vfs;
--
2.8.0.rc3.226.g39d4020
From 16f25dcd0c3cc10ebe448d681bd4924bfde5e002 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Mon, 4 Apr 2016 16:24:10 -0700
Subject: [PATCH 02/10] s3: vfs: full_audit. Add missing
get_dfs_referrals_fn().
Signed-off-by: Jeremy Allison <jra at samba.org>
---
source3/modules/vfs_full_audit.c | 23 +++++++++++++++++------
1 file changed, 17 insertions(+), 6 deletions(-)
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index 3c60668..6a907e5 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -97,8 +97,7 @@ typedef enum _vfs_op_type {
SMB_VFS_OP_GET_SHADOW_COPY_DATA,
SMB_VFS_OP_STATVFS,
SMB_VFS_OP_FS_CAPABILITIES,
-
- /* Missing get_dfs_referrals */
+ SMB_VFS_OP_GET_DFS_REFERRALS,
/* Directory operations */
@@ -248,7 +247,7 @@ static struct {
{ SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
{ SMB_VFS_OP_STATVFS, "statvfs" },
{ SMB_VFS_OP_FS_CAPABILITIES, "fs_capabilities" },
- /* Missing get_dfs_referrals */
+ { SMB_VFS_OP_GET_DFS_REFERRALS, "get_dfs_referrals" },
{ SMB_VFS_OP_OPENDIR, "opendir" },
{ SMB_VFS_OP_FDOPENDIR, "fdopendir" },
{ SMB_VFS_OP_READDIR, "readdir" },
@@ -759,6 +758,20 @@ static uint32_t smb_full_audit_fs_capabilities(struct vfs_handle_struct *handle,
return result;
}
+static NTSTATUS smb_full_audit_get_dfs_referrals(
+ struct vfs_handle_struct *handle,
+ struct dfs_GetDFSReferral *r)
+{
+ NTSTATUS status;
+
+ status = SMB_VFS_NEXT_GET_DFS_REFERRALS(handle, r);
+
+ do_log(SMB_VFS_OP_GET_DFS_REFERRALS, NT_STATUS_IS_OK(status),
+ handle, "");
+
+ return status;
+}
+
static NTSTATUS smb_full_audit_snap_check_path(struct vfs_handle_struct *handle,
TALLOC_CTX *mem_ctx,
const char *service_path,
@@ -2353,9 +2366,7 @@ static struct vfs_fn_pointers vfs_full_audit_fns = {
.get_shadow_copy_data_fn = smb_full_audit_get_shadow_copy_data,
.statvfs_fn = smb_full_audit_statvfs,
.fs_capabilities_fn = smb_full_audit_fs_capabilities,
-
- /* Missing get_dfs_referrals_fn */
-
+ .get_dfs_referrals_fn = smb_full_audit_get_dfs_referrals,
.opendir_fn = smb_full_audit_opendir,
.fdopendir_fn = smb_full_audit_fdopendir,
.readdir_fn = smb_full_audit_readdir,
--
2.8.0.rc3.226.g39d4020
From 518589ff47e1f439f0b457b33d144272df78546e Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Mon, 4 Apr 2016 16:25:47 -0700
Subject: [PATCH 03/10] s3: vfs: full_audit. Add missing fsctl_fn().
Signed-off-by: Jeremy Allison <jra at samba.org>
---
source3/modules/vfs_full_audit.c | 37 ++++++++++++++++++++++++++++++++-----
1 file changed, 32 insertions(+), 5 deletions(-)
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index 6a907e5..aa10f3f 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -167,7 +167,7 @@ typedef enum _vfs_op_type {
SMB_VFS_OP_STRICT_LOCK,
SMB_VFS_OP_STRICT_UNLOCK,
SMB_VFS_OP_TRANSLATE_NAME,
- /* Missing fsctl */
+ SMB_VFS_OP_FSCTL,
SMB_VFS_OP_COPY_CHUNK_SEND,
SMB_VFS_OP_COPY_CHUNK_RECV,
SMB_VFS_OP_GET_COMPRESSION,
@@ -311,7 +311,7 @@ static struct {
{ SMB_VFS_OP_STRICT_LOCK, "strict_lock" },
{ SMB_VFS_OP_STRICT_UNLOCK, "strict_unlock" },
{ SMB_VFS_OP_TRANSLATE_NAME, "translate_name" },
- /* Missing fsctl */
+ { SMB_VFS_OP_FSCTL, "fsctl" },
{ SMB_VFS_OP_COPY_CHUNK_SEND, "copy_chunk_send" },
{ SMB_VFS_OP_COPY_CHUNK_RECV, "copy_chunk_recv" },
{ SMB_VFS_OP_GET_COMPRESSION, "get_compression" },
@@ -1857,6 +1857,35 @@ static NTSTATUS smb_full_audit_translate_name(struct vfs_handle_struct *handle,
return result;
}
+static NTSTATUS smb_full_audit_fsctl(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ TALLOC_CTX *ctx,
+ uint32_t function,
+ uint16_t req_flags,
+ const uint8_t *_in_data,
+ uint32_t in_len,
+ uint8_t **_out_data,
+ uint32_t max_out_len,
+ uint32_t *out_len)
+{
+ NTSTATUS result;
+
+ result = SMB_VFS_NEXT_FSCTL(handle,
+ fsp,
+ ctx,
+ function,
+ req_flags,
+ _in_data,
+ in_len,
+ _out_data,
+ max_out_len,
+ out_len);
+
+ do_log(SMB_VFS_OP_FSCTL, NT_STATUS_IS_OK(result), handle, "");
+
+ return result;
+}
+
static struct tevent_req *smb_full_audit_copy_chunk_send(struct vfs_handle_struct *handle,
TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
@@ -2437,9 +2466,7 @@ static struct vfs_fn_pointers vfs_full_audit_fns = {
.strict_lock_fn = smb_full_audit_strict_lock,
.strict_unlock_fn = smb_full_audit_strict_unlock,
.translate_name_fn = smb_full_audit_translate_name,
-
- /* Missing fsctl_fn */
-
+ .fsctl_fn = smb_full_audit_fsctl,
.get_dos_attributes_fn = smb_full_audit_get_dos_attributes,
.fget_dos_attributes_fn = smb_full_audit_fget_dos_attributes,
.set_dos_attributes_fn = smb_full_audit_set_dos_attributes,
--
2.8.0.rc3.226.g39d4020
From 16853f2b7f71caeb490560735e90a783ec9a1c1f Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Mon, 4 Apr 2016 16:27:05 -0700
Subject: [PATCH 04/10] s3: vfs: full_audit. Add audit_file_fn().
Signed-off-by: Jeremy Allison <jra at samba.org>
---
source3/modules/vfs_full_audit.c | 28 +++++++++++++++++++++++-----
1 file changed, 23 insertions(+), 5 deletions(-)
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index aa10f3f..159b2ae 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -187,7 +187,7 @@ typedef enum _vfs_op_type {
SMB_VFS_OP_FGET_NT_ACL,
SMB_VFS_OP_GET_NT_ACL,
SMB_VFS_OP_FSET_NT_ACL,
- /* Missing audit_file */
+ SMB_VFS_OP_AUDIT_FILE,
/* POSIX ACL operations. */
@@ -326,7 +326,7 @@ static struct {
{ SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
{ SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
{ SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
- /* Missing audit_file */
+ { SMB_VFS_OP_AUDIT_FILE, "audit_file" },
{ SMB_VFS_OP_CHMOD_ACL, "chmod_acl" },
{ SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" },
{ SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
@@ -2106,6 +2106,26 @@ static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_stru
return result;
}
+static NTSTATUS smb_full_audit_audit_file(struct vfs_handle_struct *handle,
+ struct smb_filename *file,
+ struct security_acl *sacl,
+ uint32_t access_requested,
+ uint32_t access_denied)
+{
+ NTSTATUS result;
+
+ result = SMB_VFS_NEXT_AUDIT_FILE(handle,
+ file,
+ sacl,
+ access_requested,
+ access_denied);
+
+ do_log(SMB_VFS_OP_AUDIT_FILE, NT_STATUS_IS_OK(result), handle,
+ "%s", smb_fname_str_do_log(file));
+
+ return result;
+}
+
static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
const struct smb_filename *smb_fname,
mode_t mode)
@@ -2474,9 +2494,7 @@ static struct vfs_fn_pointers vfs_full_audit_fns = {
.fget_nt_acl_fn = smb_full_audit_fget_nt_acl,
.get_nt_acl_fn = smb_full_audit_get_nt_acl,
.fset_nt_acl_fn = smb_full_audit_fset_nt_acl,
-
- /* Missing audit_file_fn */
-
+ .audit_file_fn = smb_full_audit_audit_file,
.chmod_acl_fn = smb_full_audit_chmod_acl,
.fchmod_acl_fn = smb_full_audit_fchmod_acl,
.sys_acl_get_file_fn = smb_full_audit_sys_acl_get_file,
--
2.8.0.rc3.226.g39d4020
From f7acfb9cd9172fd7a25ca8421913a9d7c488f3fe Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Mon, 4 Apr 2016 16:29:32 -0700
Subject: [PATCH 05/10] s3: vfs: full_audit. Implement missing durable_XXX
functions.
Signed-off-by: Jeremy Allison <jra at samba.org>
---
source3/modules/vfs_full_audit.c | 94 ++++++++++++++++++++++++++++++++--------
1 file changed, 76 insertions(+), 18 deletions(-)
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index 159b2ae..edff395 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -219,12 +219,10 @@ typedef enum _vfs_op_type {
SMB_VFS_OP_IS_OFFLINE,
SMB_VFS_OP_SET_OFFLINE,
- /* Durable handle operations */
- /* Missing:
- durable_cookie
- durable_disconnect
- durable_reconnect
- */
+ /* Durable handle operations. */
+ SMB_VFS_OP_DURABLE_COOKIE,
+ SMB_VFS_OP_DURABLE_DISCONNECT,
+ SMB_VFS_OP_DURABLE_RECONNECT,
SMB_VFS_OP_READDIR_ATTR,
@@ -347,11 +345,9 @@ static struct {
{ SMB_VFS_OP_AIO_FORCE, "aio_force" },
{ SMB_VFS_OP_IS_OFFLINE, "is_offline" },
{ SMB_VFS_OP_SET_OFFLINE, "set_offline" },
- /* Missing:
- durable_cookie
- durable_disconnect
- durable_reconnect
- */
+ { SMB_VFS_OP_DURABLE_COOKIE, "durable_cookie" },
+ { SMB_VFS_OP_DURABLE_DISCONNECT, "durable_disconnect" },
+ { SMB_VFS_OP_DURABLE_RECONNECT, "durable_reconnect" },
{ SMB_VFS_OP_READDIR_ATTR, "readdir_attr" },
{ SMB_VFS_OP_LAST, NULL }
};
@@ -2403,6 +2399,72 @@ static int smb_full_audit_set_offline(struct vfs_handle_struct *handle,
return result;
}
+static NTSTATUS smb_full_audit_durable_cookie(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *cookie)
+{
+ NTSTATUS result;
+
+ result = SMB_VFS_NEXT_DURABLE_COOKIE(handle,
+ fsp,
+ mem_ctx,
+ cookie);
+
+ do_log(SMB_VFS_OP_DURABLE_COOKIE, NT_STATUS_IS_OK(result), handle,
+ "%s", fsp_str_do_log(fsp));
+
+ return result;
+}
+
+static NTSTATUS smb_full_audit_durable_disconnect(
+ struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ const DATA_BLOB old_cookie,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *new_cookie)
+{
+ NTSTATUS result;
+
+ result = SMB_VFS_NEXT_DURABLE_DISCONNECT(handle,
+ fsp,
+ old_cookie,
+ mem_ctx,
+ new_cookie);
+
+ do_log(SMB_VFS_OP_DURABLE_DISCONNECT, NT_STATUS_IS_OK(result), handle,
+ "%s", fsp_str_do_log(fsp));
+
+ return result;
+}
+
+static NTSTATUS smb_full_audit_durable_reconnect(
+ struct vfs_handle_struct *handle,
+ struct smb_request *smb1req,
+ struct smbXsrv_open *op,
+ const DATA_BLOB old_cookie,
+ TALLOC_CTX *mem_ctx,
+ struct files_struct **fsp,
+ DATA_BLOB *new_cookie)
+{
+ NTSTATUS result;
+
+ result = SMB_VFS_NEXT_DURABLE_RECONNECT(handle,
+ smb1req,
+ op,
+ old_cookie,
+ mem_ctx,
+ fsp,
+ new_cookie);
+
+ do_log(SMB_VFS_OP_DURABLE_RECONNECT,
+ NT_STATUS_IS_OK(result),
+ handle,
+ "");
+
+ return result;
+}
+
static struct vfs_fn_pointers vfs_full_audit_fns = {
/* Disk operations */
@@ -2515,13 +2577,9 @@ static struct vfs_fn_pointers vfs_full_audit_fns = {
.aio_force_fn = smb_full_audit_aio_force,
.is_offline_fn = smb_full_audit_is_offline,
.set_offline_fn = smb_full_audit_set_offline,
-
- /* Missing:
-
- durable_cookie_fn
- durable_disconnect_fn
- durable_reconnect_fn
- */
+ .durable_cookie_fn = smb_full_audit_durable_cookie,
+ .durable_disconnect_fn = smb_full_audit_durable_disconnect,
+ .durable_reconnect_fn = smb_full_audit_durable_reconnect,
.readdir_attr_fn = smb_full_audit_readdir_attr
};
--
2.8.0.rc3.226.g39d4020
From 821c9d8063f1a875a78cd9a2eb9bbff3a1c7ca51 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Mon, 4 Apr 2016 16:39:22 -0700
Subject: [PATCH 06/10] s3: vfs: Sort vfs function entries in vfs_time_audit.
Signed-off-by: Jeremy Allison <jra at samba.org>
---
source3/modules/vfs_time_audit.c | 25 +++++++++++++++++--------
1 file changed, 17 insertions(+), 8 deletions(-)
diff --git a/source3/modules/vfs_time_audit.c b/source3/modules/vfs_time_audit.c
index fce76df..7275dce 100644
--- a/source3/modules/vfs_time_audit.c
+++ b/source3/modules/vfs_time_audit.c
@@ -2436,9 +2436,7 @@ static struct vfs_fn_pointers vfs_time_audit_fns = {
.get_shadow_copy_data_fn = smb_time_audit_get_shadow_copy_data,
.statvfs_fn = smb_time_audit_statvfs,
.fs_capabilities_fn = smb_time_audit_fs_capabilities,
- .snap_check_path_fn = smb_time_audit_snap_check_path,
- .snap_create_fn = smb_time_audit_snap_create,
- .snap_delete_fn = smb_time_audit_snap_delete,
+ /* Missing get_dfs_referrals_fn */
.opendir_fn = smb_time_audit_opendir,
.fdopendir_fn = smb_time_audit_fdopendir,
.readdir_fn = smb_time_audit_readdir,
@@ -2493,6 +2491,13 @@ static struct vfs_fn_pointers vfs_time_audit_fns = {
.realpath_fn = smb_time_audit_realpath,
.chflags_fn = smb_time_audit_chflags,
.file_id_create_fn = smb_time_audit_file_id_create,
+ .copy_chunk_send_fn = smb_time_audit_copy_chunk_send,
+ .copy_chunk_recv_fn = smb_time_audit_copy_chunk_recv,
+ .get_compression_fn = smb_time_audit_get_compression,
+ .set_compression_fn = smb_time_audit_set_compression,
+ .snap_check_path_fn = smb_time_audit_snap_check_path,
+ .snap_create_fn = smb_time_audit_snap_create,
+ .snap_delete_fn = smb_time_audit_snap_delete,
.streaminfo_fn = smb_time_audit_streaminfo,
.get_real_filename_fn = smb_time_audit_get_real_filename,
.connectpath_fn = smb_time_audit_connectpath,
@@ -2502,14 +2507,17 @@ static struct vfs_fn_pointers vfs_time_audit_fns = {
.strict_lock_fn = smb_time_audit_strict_lock,
.strict_unlock_fn = smb_time_audit_strict_unlock,
.translate_name_fn = smb_time_audit_translate_name,
- .copy_chunk_send_fn = smb_time_audit_copy_chunk_send,
- .copy_chunk_recv_fn = smb_time_audit_copy_chunk_recv,
- .get_compression_fn = smb_time_audit_get_compression,
- .set_compression_fn = smb_time_audit_set_compression,
- .readdir_attr_fn = smb_time_audit_readdir_attr,
+ /* Missing fsctl */
+ /* Missing
+ get_dos_attributes
+ fget_dos_attributes
+ set_dos_attributes
+ fset_dos_attributes
+ */
.fget_nt_acl_fn = smb_time_audit_fget_nt_acl,
.get_nt_acl_fn = smb_time_audit_get_nt_acl,
.fset_nt_acl_fn = smb_time_audit_fset_nt_acl,
+ /* Missing audit_file */
.chmod_acl_fn = smb_time_audit_chmod_acl,
.fchmod_acl_fn = smb_time_audit_fchmod_acl,
.sys_acl_get_file_fn = smb_time_audit_sys_acl_get_file,
@@ -2533,6 +2541,7 @@ static struct vfs_fn_pointers vfs_time_audit_fns = {
.durable_cookie_fn = smb_time_audit_durable_cookie,
.durable_disconnect_fn = smb_time_audit_durable_disconnect,
.durable_reconnect_fn = smb_time_audit_durable_reconnect,
+ .readdir_attr_fn = smb_time_audit_readdir_attr,
};
--
2.8.0.rc3.226.g39d4020
From 52c1799d3e0734edefb16924624dd0d29cbafcad Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Mon, 4 Apr 2016 16:42:49 -0700
Subject: [PATCH 07/10] s3: vfs: time_audit. Add missing get_dfs_referrals().
Signed-off-by: Jeremy Allison <jra at samba.org>
---
source3/modules/vfs_time_audit.c | 22 +++++++++++++++++++++-
1 file changed, 21 insertions(+), 1 deletion(-)
diff --git a/source3/modules/vfs_time_audit.c b/source3/modules/vfs_time_audit.c
index 7275dce..cde3312 100644
--- a/source3/modules/vfs_time_audit.c
+++ b/source3/modules/vfs_time_audit.c
@@ -277,6 +277,26 @@ static uint32_t smb_time_audit_fs_capabilities(struct vfs_handle_struct *handle,
return result;
}
+static NTSTATUS smb_time_audit_get_dfs_referrals(
+ struct vfs_handle_struct *handle,
+ struct dfs_GetDFSReferral *r)
+{
+ NTSTATUS result;
+ struct timespec ts1,ts2;
+ double timediff;
+
+ clock_gettime_mono(&ts1);
+ result = SMB_VFS_NEXT_GET_DFS_REFERRALS(handle, r);
+ clock_gettime_mono(&ts2);
+ timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
+
+ if (timediff > audit_timeout) {
+ smb_time_audit_log("get_dfs_referrals(", timediff);
+ }
+
+ return result;
+}
+
static NTSTATUS smb_time_audit_snap_check_path(struct vfs_handle_struct *handle,
TALLOC_CTX *mem_ctx,
const char *service_path,
@@ -2436,7 +2456,7 @@ static struct vfs_fn_pointers vfs_time_audit_fns = {
.get_shadow_copy_data_fn = smb_time_audit_get_shadow_copy_data,
.statvfs_fn = smb_time_audit_statvfs,
.fs_capabilities_fn = smb_time_audit_fs_capabilities,
- /* Missing get_dfs_referrals_fn */
+ .get_dfs_referrals_fn = smb_time_audit_get_dfs_referrals,
.opendir_fn = smb_time_audit_opendir,
.fdopendir_fn = smb_time_audit_fdopendir,
.readdir_fn = smb_time_audit_readdir,
--
2.8.0.rc3.226.g39d4020
From f616e6c2ac9e5a5631e207a5db1a08201fa8a16b Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Mon, 4 Apr 2016 16:46:56 -0700
Subject: [PATCH 08/10] s3: vfs: time_audit. Add missing fsctl().
Signed-off-by: Jeremy Allison <jra at samba.org>
---
source3/modules/vfs_time_audit.c | 39 ++++++++++++++++++++++++++++++++++++++-
1 file changed, 38 insertions(+), 1 deletion(-)
diff --git a/source3/modules/vfs_time_audit.c b/source3/modules/vfs_time_audit.c
index cde3312..5744c27 100644
--- a/source3/modules/vfs_time_audit.c
+++ b/source3/modules/vfs_time_audit.c
@@ -1744,6 +1744,43 @@ static NTSTATUS smb_time_audit_translate_name(struct vfs_handle_struct *handle,
return result;
}
+static NTSTATUS smb_time_audit_fsctl(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ TALLOC_CTX *ctx,
+ uint32_t function,
+ uint16_t req_flags,
+ const uint8_t *_in_data,
+ uint32_t in_len,
+ uint8_t **_out_data,
+ uint32_t max_out_len,
+ uint32_t *out_len)
+{
+ NTSTATUS result;
+ struct timespec ts1,ts2;
+ double timediff;
+
+ clock_gettime_mono(&ts1);
+ result = SMB_VFS_NEXT_FSCTL(handle,
+ fsp,
+ ctx,
+ function,
+ req_flags,
+ _in_data,
+ in_len,
+ _out_data,
+ max_out_len,
+ out_len);
+ clock_gettime_mono(&ts2);
+ timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
+
+ if (timediff > audit_timeout) {
+ smb_time_audit_log_fsp("fsctl", timediff, fsp);
+ }
+
+ return result;
+}
+
+
struct time_audit_cc_state {
struct timespec ts_send;
struct vfs_handle_struct *handle;
@@ -2527,7 +2564,7 @@ static struct vfs_fn_pointers vfs_time_audit_fns = {
.strict_lock_fn = smb_time_audit_strict_lock,
.strict_unlock_fn = smb_time_audit_strict_unlock,
.translate_name_fn = smb_time_audit_translate_name,
- /* Missing fsctl */
+ .fsctl_fn = smb_time_audit_fsctl,
/* Missing
get_dos_attributes
fget_dos_attributes
--
2.8.0.rc3.226.g39d4020
From 166ef83bce152b55479675f493eeb366f746de92 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Mon, 4 Apr 2016 16:57:12 -0700
Subject: [PATCH 09/10] s3: vfs: time_audit: Add get/fget/set/fset
dos_attributes functions.
Signed-off-by: Jeremy Allison <jra at samba.org>
---
source3/modules/vfs_time_audit.c | 101 ++++++++++++++++++++++++++++++++++++---
1 file changed, 95 insertions(+), 6 deletions(-)
diff --git a/source3/modules/vfs_time_audit.c b/source3/modules/vfs_time_audit.c
index 5744c27..a8bfbc2 100644
--- a/source3/modules/vfs_time_audit.c
+++ b/source3/modules/vfs_time_audit.c
@@ -1780,6 +1780,97 @@ static NTSTATUS smb_time_audit_fsctl(struct vfs_handle_struct *handle,
return result;
}
+static NTSTATUS smb_time_get_dos_attributes(struct vfs_handle_struct *handle,
+ struct smb_filename *smb_fname,
+ uint32_t *dosmode)
+{
+ NTSTATUS result;
+ struct timespec ts1,ts2;
+ double timediff;
+
+ clock_gettime_mono(&ts1);
+ result = SMB_VFS_NEXT_GET_DOS_ATTRIBUTES(handle,
+ smb_fname,
+ dosmode);
+ clock_gettime_mono(&ts2);
+ timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
+
+ if (timediff > audit_timeout) {
+ smb_time_audit_log_fname("get_dos_attributes",
+ timediff,
+ smb_fname->base_name);
+ }
+
+ return result;
+}
+
+static NTSTATUS smb_time_fget_dos_attributes(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ uint32_t *dosmode)
+{
+ NTSTATUS result;
+ struct timespec ts1,ts2;
+ double timediff;
+
+ clock_gettime_mono(&ts1);
+ result = SMB_VFS_NEXT_FGET_DOS_ATTRIBUTES(handle,
+ fsp,
+ dosmode);
+ clock_gettime_mono(&ts2);
+ timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
+
+ if (timediff > audit_timeout) {
+ smb_time_audit_log_fsp("fget_dos_attributes", timediff, fsp);
+ }
+
+ return result;
+}
+
+static NTSTATUS smb_time_set_dos_attributes(struct vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uint32_t dosmode)
+{
+ NTSTATUS result;
+ struct timespec ts1,ts2;
+ double timediff;
+
+ clock_gettime_mono(&ts1);
+ result = SMB_VFS_NEXT_SET_DOS_ATTRIBUTES(handle,
+ smb_fname,
+ dosmode);
+ clock_gettime_mono(&ts2);
+ timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
+
+ if (timediff > audit_timeout) {
+ smb_time_audit_log_fname("set_dos_attributes",
+ timediff,
+ smb_fname->base_name);
+ }
+
+ return result;
+}
+
+static NTSTATUS smb_time_fset_dos_attributes(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ uint32_t dosmode)
+{
+ NTSTATUS result;
+ struct timespec ts1,ts2;
+ double timediff;
+
+ clock_gettime_mono(&ts1);
+ result = SMB_VFS_NEXT_FSET_DOS_ATTRIBUTES(handle,
+ fsp,
+ dosmode);
+ clock_gettime_mono(&ts2);
+ timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
+
+ if (timediff > audit_timeout) {
+ smb_time_audit_log_fsp("fset_dos_attributes", timediff, fsp);
+ }
+
+ return result;
+}
struct time_audit_cc_state {
struct timespec ts_send;
@@ -2565,12 +2656,10 @@ static struct vfs_fn_pointers vfs_time_audit_fns = {
.strict_unlock_fn = smb_time_audit_strict_unlock,
.translate_name_fn = smb_time_audit_translate_name,
.fsctl_fn = smb_time_audit_fsctl,
- /* Missing
- get_dos_attributes
- fget_dos_attributes
- set_dos_attributes
- fset_dos_attributes
- */
+ .get_dos_attributes_fn = smb_time_get_dos_attributes,
+ .fget_dos_attributes_fn = smb_time_fget_dos_attributes,
+ .set_dos_attributes_fn = smb_time_set_dos_attributes,
+ .fset_dos_attributes_fn = smb_time_fset_dos_attributes,
.fget_nt_acl_fn = smb_time_audit_fget_nt_acl,
.get_nt_acl_fn = smb_time_audit_get_nt_acl,
.fset_nt_acl_fn = smb_time_audit_fset_nt_acl,
--
2.8.0.rc3.226.g39d4020
From 49d35c20864ba6971590725dc6468aa35a4b66ac Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Mon, 4 Apr 2016 17:01:53 -0700
Subject: [PATCH 10/10] s3: vfs: time_audit. Add missing audit_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
---
source3/modules/vfs_time_audit.c | 32 +++++++++++++++++++++++++++++++-
1 file changed, 31 insertions(+), 1 deletion(-)
diff --git a/source3/modules/vfs_time_audit.c b/source3/modules/vfs_time_audit.c
index a8bfbc2..b3610ee 100644
--- a/source3/modules/vfs_time_audit.c
+++ b/source3/modules/vfs_time_audit.c
@@ -2096,6 +2096,36 @@ static NTSTATUS smb_time_audit_fset_nt_acl(vfs_handle_struct *handle,
return result;
}
+static NTSTATUS smb_time_audit_audit_file(struct vfs_handle_struct *handle,
+ struct smb_filename *smb_fname,
+ struct security_acl *sacl,
+ uint32_t access_requested,
+ uint32_t access_denied)
+{
+ NTSTATUS result;
+ struct timespec ts1,ts2;
+ double timediff;
+
+ clock_gettime_mono(&ts1);
+ result = SMB_VFS_NEXT_AUDIT_FILE(handle,
+ smb_fname,
+ sacl,
+ access_requested,
+ access_denied);
+ clock_gettime_mono(&ts2);
+ timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
+
+ if (timediff > audit_timeout) {
+ smb_time_audit_log_fname("audit_file",
+ timediff,
+ smb_fname->base_name);
+ }
+
+ return result;
+}
+
+
+
static int smb_time_audit_chmod_acl(vfs_handle_struct *handle,
const struct smb_filename *smb_fname,
mode_t mode)
@@ -2663,7 +2693,7 @@ static struct vfs_fn_pointers vfs_time_audit_fns = {
.fget_nt_acl_fn = smb_time_audit_fget_nt_acl,
.get_nt_acl_fn = smb_time_audit_get_nt_acl,
.fset_nt_acl_fn = smb_time_audit_fset_nt_acl,
- /* Missing audit_file */
+ .audit_file_fn = smb_time_audit_audit_file,
.chmod_acl_fn = smb_time_audit_chmod_acl,
.fchmod_acl_fn = smb_time_audit_fchmod_acl,
.sys_acl_get_file_fn = smb_time_audit_sys_acl_get_file,
--
2.8.0.rc3.226.g39d4020
More information about the samba-technical
mailing list