[Samba] 4.17.3 on debian: vfs_full_audit issues
Jeremy Allison
jra at samba.org
Fri Dec 9 23:21:44 UTC 2022
On Sat, Dec 10, 2022 at 12:02:05AM +0300, Michael Tokarev wrote:
>of code in the patch :).
>
>The thing is that _some_ syscalls now have both ways, - eg open *and* openat.
>
>(Sure it's okay to modify the manpage too).
>
>The PoC patch is attached (I haven't tried to even compile it yet).
>Is something like that okay? :)
Looks good, but doing a search on "AT," finds:
SMB_VFS_OP_CREATE_DFS_PATHAT -> map to "create_dfs_path"
SMB_VFS_OP_READ_DFS_PATHAT -> map to "read_dfs_path"
SMB_VFS_OP_FSTATAT -> map to "fstat" ?
SMB_VFS_OP_GET_REAL_FILENAME_AT -> map to "get_real_filename" ?
>From 799069263597d12cf1fcc2356039d3bcccd297e1 Mon Sep 17 00:00:00 2001
>From: Michael Tokarev <mjt at tls.msk.ru>
>Date: Fri, 9 Dec 2022 23:47:46 +0300
>Subject: [PATCH] vfs_full_audit: allow aliases for vfs operations for
> compatibility
>
>This extends vfs_op_names[] array in vfs_full_audit to allow more
>entries after SMB_VFS_OP_LAST, to make room for aliases.
>In the only place where this array is searched for the entered name,
>use ARRAY_SIZE(vfs_op_names) instead of SMB_VFS_OP_LAST, and check
>for correctness of the entries only before SMB_VFS_OP_LAST.
>The other place where this array is used, to *get* the name of the
>operation, continue to cap it by SMB_VFS_OP_LAST.
>
>And include some aliases for the modern *at operations
>(mkdir for mkdirat, mknod for mknodat, etc).
>
>Signed-off-by: Michael Tokarev <mjt at tls.msk.ru>
>---
> source3/modules/vfs_full_audit.c | 16 +++++++++++-----
> 1 file changed, 11 insertions(+), 5 deletions(-)
>
>diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
>index 25fd0cad326..1587a12972e 100644
>--- a/source3/modules/vfs_full_audit.c
>+++ b/source3/modules/vfs_full_audit.c
>@@ -347,7 +347,14 @@ static struct {
> { SMB_VFS_OP_DURABLE_DISCONNECT, "durable_disconnect" },
> { SMB_VFS_OP_DURABLE_RECONNECT, "durable_reconnect" },
> { SMB_VFS_OP_FREADDIR_ATTR, "freaddir_attr" },
>- { SMB_VFS_OP_LAST, NULL }
>+ /* compatibility aliases, starting at SMB_VFS_OP_LAST, unsorted: */
>+ { SMB_VFS_OP_MKDIRAT, "mkdir" },
>+ { SMB_VFS_OP_RENAMEAT, "rename" },
>+ { SMB_VFS_OP_UNLINKAT, "unlink" },
>+ { SMB_VFS_OP_SYMLINKAT, "symlink" },
>+ { SMB_VFS_OP_READLINKAT,"readlink" },
>+ { SMB_VFS_OP_LINKAT, "link" },
>+ { SMB_VFS_OP_MKNODAT, "mknod" },
> };
>
> static int audit_syslog_facility(vfs_handle_struct *handle)
>@@ -547,9 +554,8 @@ static struct bitmap *init_bitmap(TALLOC_CTX *mem_ctx, const char **ops)
> op += 1;
> }
>
>- for (i=0; i<SMB_VFS_OP_LAST; i++) {
>- if ((vfs_op_names[i].name == NULL)
>- || (vfs_op_names[i].type != i)) {
>+ for (i=0; i<ARRAY_SIZE(vfs_op_names); i++) {
>+ if (i < SMB_VFS_OP_LAST && vfs_op_names[i].type != i) {
> smb_panic("vfs_full_audit.c: name table not "
> "in sync with vfs_op_type enums\n");
> }
>@@ -562,7 +568,7 @@ static struct bitmap *init_bitmap(TALLOC_CTX *mem_ctx, const char **ops)
> break;
> }
> }
>- if (i == SMB_VFS_OP_LAST) {
>+ if (i == ARRAY_SIZE(vfs_op_names)) {
> DBG_ERR("Could not find opname %s\n", *ops);
> TALLOC_FREE(bm);
> return NULL;
>--
>2.30.2
>
More information about the samba
mailing list